* [PATCH 5.4 000/367] 5.4.257-rc1 review
@ 2023-09-20 11:26 Greg Kroah-Hartman
2023-09-20 11:26 ` [PATCH 5.4 001/367] erofs: ensure that the post-EOF tails are all zeroed Greg Kroah-Hartman
` (372 more replies)
0 siblings, 373 replies; 396+ messages in thread
From: Greg Kroah-Hartman @ 2023-09-20 11:26 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, linux-kernel, torvalds, akpm, linux,
shuah, patches, lkft-triage, pavel, jonathanh, f.fainelli,
sudipm.mukherjee, srw, rwarsow, conor
This is the start of the stable review cycle for the 5.4.257 release.
There are 367 patches in this series, all will be posted as a response
to this one. If anyone has any issues with these being applied, please
let me know.
Responses should be made by Fri, 22 Sep 2023 11:28:09 +0000.
Anything received after that time might be too late.
The whole patch series can be found in one patch at:
https://www.kernel.org/pub/linux/kernel/v5.x/stable-review/patch-5.4.257-rc1.gz
or in the git tree and branch at:
git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-5.4.y
and the diffstat can be found below.
thanks,
greg k-h
-------------
Pseudo-Shortlog of commits:
Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Linux 5.4.257-rc1
Jamal Hadi Salim <jhs@mojatatu.com>
net/sched: Retire rsvp classifier
Christian König <christian.koenig@amd.com>
drm/amdgpu: fix amdgpu_cs_p1_user_fence
William Zhang <william.zhang@broadcom.com>
mtd: rawnand: brcmnand: Fix ECC level field setting for v7.2 controller
Shida Zhang <zhangshida@kylinos.cn>
ext4: fix rec_len verify error
Junxiao Bi <junxiao.bi@oracle.com>
scsi: megaraid_sas: Fix deadlock on firmware crashdump
Tommy Huang <tommy_huang@aspeedtech.com>
i2c: aspeed: Reset the i2c controller when timeout occurs
Steven Rostedt (Google) <rostedt@goodmis.org>
tracefs: Add missing lockdown check to tracefs_create_dir()
Jeff Layton <jlayton@kernel.org>
nfsd: fix change_info in NFSv4 RENAME replies
Steven Rostedt (Google) <rostedt@goodmis.org>
tracing: Have option files inc the trace array ref count
Steven Rostedt (Google) <rostedt@goodmis.org>
tracing: Have current_trace inc the trace array ref count
Filipe Manana <fdmanana@suse.com>
btrfs: fix lockdep splat and potential deadlock after failure running delayed items
Christian Brauner <brauner@kernel.org>
attr: block mode changes of symlinks
Nigel Croxon <ncroxon@redhat.com>
md/raid1: fix error: ISO C90 forbids mixed declarations
Masami Hiramatsu (Google) <mhiramat@kernel.org>
selftests: tracing: Fix to unmount tracefs for recovering environment
Anand Jain <anand.jain@oracle.com>
btrfs: compare the correct fsid/metadata_uuid in btrfs_validate_super
Anand Jain <anand.jain@oracle.com>
btrfs: add a helper to read the superblock metadata_uuid
Josef Bacik <josef@toxicpanda.com>
btrfs: move btrfs_pinned_by_swapfile prototype into volumes.h
Namhyung Kim <namhyung@kernel.org>
perf build: Update build rule for generated files
Ian Rogers <rogers.email@gmail.com>
perf jevents: Switch build to use jevents.py
Ian Rogers <irogers@google.com>
perf tools: Add an option to build without libbfd
John Garry <john.garry@huawei.com>
perf jevents: Make build dependency on test JSONs
Arnaldo Carvalho de Melo <acme@redhat.com>
tools features: Add feature test to check if libbfd has buildid support
Zhen Lei <thunder.leizhen@huawei.com>
kobject: Add sanity check for kset->kobj.ktype in kset_register()
Sakari Ailus <sakari.ailus@linux.intel.com>
media: pci: ipu3-cio2: Initialise timing struct to avoid a compiler warning
Christophe Leroy <christophe.leroy@csgroup.eu>
serial: cpm_uart: Avoid suspicious locking
Konstantin Shelekhin <k.shelekhin@yadro.com>
scsi: target: iscsi: Fix buffer overflow in lio_target_nacl_info_show()
Ma Ke <make_ruc2021@163.com>
usb: gadget: fsl_qe_udc: validate endpoint index for ch9 udc
Hans Verkuil <hverkuil-cisco@xs4all.nl>
media: pci: cx23885: replace BUG with error return
Hans Verkuil <hverkuil-cisco@xs4all.nl>
media: tuners: qt1010: replace BUG_ON with a regular error
Zhang Shurong <zhang_shurong@foxmail.com>
media: az6007: Fix null-ptr-deref in az6007_i2c_xfer()
Zhang Shurong <zhang_shurong@foxmail.com>
media: anysee: fix null-ptr-deref in anysee_master_xfer
Zhang Shurong <zhang_shurong@foxmail.com>
media: af9005: Fix null-ptr-deref in af9005_i2c_xfer
Zhang Shurong <zhang_shurong@foxmail.com>
media: dw2102: Fix null-ptr-deref in dw2102_i2c_transfer()
Zhang Shurong <zhang_shurong@foxmail.com>
media: dvb-usb-v2: af9035: Fix null-ptr-deref in af9035_i2c_master_xfer
ruanjinjie <ruanjinjie@huawei.com>
powerpc/pseries: fix possible memory leak in ibmebus_bus_init()
Liu Shixin via Jfs-discussion <jfs-discussion@lists.sourceforge.net>
jfs: fix invalid free of JFS_IP(ipimap)->i_imap in diUnmount
Andrew Kanner <andrew.kanner@gmail.com>
fs/jfs: prevent double-free in dbUnmount() after failed jfs_remount()
Georg Ottinger <g.ottinger@gmx.at>
ext2: fix datatype of block number in ext2_xattr_set2()
Zhang Shurong <zhang_shurong@foxmail.com>
md: raid1: fix potential OOB in raid1_remove_disk()
Tony Lindgren <tony@atomide.com>
bus: ti-sysc: Configure uart quirks for k3 SoC
Tuo Li <islituo@gmail.com>
drm/exynos: fix a possible null-pointer dereference due to data race in exynos_drm_crtc_atomic_disable()
Hao Luo <haoluo@google.com>
libbpf: Free btf_vmlinux when closing bpf_object
Johannes Berg <johannes.berg@intel.com>
wifi: mac80211_hwsim: drop short frames
GONG, Ruiqi <gongruiqi1@huawei.com>
alx: fix OOB-read compiler warning
Giulio Benetti <giulio.benetti@benettiengineering.com>
mmc: sdhci-esdhc-imx: improve ESDHC_FLAG_ERR010450
Alexander Steffen <Alexander.Steffen@infineon.com>
tpm_tis: Resend command to recover from data transfer errors
Mark O'Donovan <shiftee@posteo.net>
crypto: lib/mpi - avoid null pointer deref in mpi_cmp_ui()
Dmitry Antipov <dmantipov@yandex.ru>
wifi: mwifiex: fix fortify warning
Dongliang Mu <dzm91@hust.edu.cn>
wifi: ath9k: fix printk specifier
Jiri Pirko <jiri@nvidia.com>
devlink: remove reload failed checks in params get/set callbacks
Tomislav Novak <tnovak@meta.com>
hw_breakpoint: fix single-stepping when using bpf_overflow_handler
Yicong Yang <yangyicong@hisilicon.com>
perf/smmuv3: Enable HiSilicon Erratum 162001900 quirk for HIP08/09
Jiri Slaby (SUSE) <jirislaby@kernel.org>
ACPI: video: Add backlight=native DMI quirk for Lenovo Ideapad Z470
Wander Lairson Costa <wander@redhat.com>
kernel/fork: beware of __put_task_struct() calling context
Abhishek Mainkar <abmainkar@nvidia.com>
ACPICA: Add AML_NO_OPERAND_RESOLVE flag to Timer
Will Shiu <Will.Shiu@mediatek.com>
locks: fix KASAN: use-after-free in trace_event_raw_event_filelock_lock
Qu Wenruo <wqu@suse.com>
btrfs: output extra debug info if we failed to find an inline backref
Fedor Pchelkin <pchelkin@ispras.ru>
autofs: fix memory leak of waitqueues in autofs_catatonic_mode
Helge Deller <deller@gmx.de>
parisc: Drop loops_per_jiffy from per_cpu struct
Wesley Chalmers <wesley.chalmers@amd.com>
drm/amd/display: Fix a bug when searching for insert_above_mpcc
Kuniyuki Iwashima <kuniyu@amazon.com>
kcm: Fix error handling for SOCK_DGRAM in kcm_sendmsg().
Vadim Fedorenko <vadim.fedorenko@linux.dev>
ixgbe: fix timestamp configuration code
Liu Jian <liujian56@huawei.com>
net/tls: do not free tls_rec on async operation in bpf_exec_tx_verdict()
Liming Sun <limings@nvidia.com>
platform/mellanox: mlxbf-tmfifo: Drop jumbo frames
Michael S. Tsirkin <mst@redhat.com>
mlxbf-tmfifo: sparse tags for config access
Liming Sun <limings@nvidia.com>
platform/mellanox: mlxbf-tmfifo: Drop the Rx packet if no more descriptors
Shigeru Yoshida <syoshida@redhat.com>
kcm: Fix memory leak in error path of kcm_sendmsg()
Hayes Wang <hayeswang@realtek.com>
r8152: check budget for r8152_poll()
Hangyu Hua <hbh25y@gmail.com>
net: ethernet: mtk_eth_soc: fix possible NULL pointer dereference in mtk_hwlro_get_fdir_all()
Hangyu Hua <hbh25y@gmail.com>
net: ethernet: mvpp2_main: fix possible OOB write in mvpp2_ethtool_get_rxnfc()
Liu Jian <liujian56@huawei.com>
net: ipv4: fix one memleak in __inet_del_ifa()
Ahmad Fatoum <a.fatoum@pengutronix.de>
clk: imx: pll14xx: dynamically configure PLL for 393216000/361267200Hz
Anson Huang <Anson.Huang@nxp.com>
clk: imx: pll14xx: Add new frequency entries for pll1443x table
YueHaibing <yuehaibing@huawei.com>
clk: imx: clk-pll14xx: Make two variables static
Anson Huang <Anson.Huang@nxp.com>
clk: imx8mm: Move 1443X/1416X PLL clock structure to common place
Aleksey Nasibulin <alealexpro100@ya.ru>
ARM: dts: BCM5301X: Extend RAM to full 256MB for Linksys EA6500 V2
RD Babiera <rdbabiera@google.com>
usb: typec: bus: verify partner exists in typec_altmode_attention
Hans de Goede <hdegoede@redhat.com>
usb: typec: tcpm: Refactor tcpm_handle_vdm_request
Hans de Goede <hdegoede@redhat.com>
usb: typec: tcpm: Refactor tcpm_handle_vdm_request payload handling
Namhyung Kim <namhyung@kernel.org>
perf tools: Handle old data in PERF_RECORD_ATTR
Namhyung Kim <namhyung@kernel.org>
perf hists browser: Fix hierarchy mode header
William Zhang <william.zhang@broadcom.com>
mtd: rawnand: brcmnand: Fix potential false time out warning
William Zhang <william.zhang@broadcom.com>
mtd: rawnand: brcmnand: Fix potential out-of-bounds access in oob write
William Zhang <william.zhang@broadcom.com>
mtd: rawnand: brcmnand: Fix crash during the panic_write
Anand Jain <anand.jain@oracle.com>
btrfs: use the correct superblock to compare fsid in btrfs_validate_super
Filipe Manana <fdmanana@suse.com>
btrfs: don't start transaction when joining with TRANS_JOIN_NOSTART
ruanmeisi <ruan.meisi@zte.com.cn>
fuse: nlookup missing decrement in fuse_direntplus_link
Damien Le Moal <dlemoal@kernel.org>
ata: pata_ftide010: Add missing MODULE_DESCRIPTION
Damien Le Moal <dlemoal@kernel.org>
ata: sata_gemini: Add missing MODULE_DESCRIPTION
Petr Tesarik <petr.tesarik.ext@huawei.com>
sh: boards: Fix CEU buffer size passed to dma_declare_coherent_memory()
Yisen Zhuang <yisen.zhuang@huawei.com>
net: hns3: fix the port information display when sfp is absent
Wander Lairson Costa <wander@redhat.com>
netfilter: nfnetlink_osf: avoid OOB read
Eric Dumazet <edumazet@google.com>
ip_tunnels: use DEV_STATS_INC()
Ariel Marcovitch <arielmarcovitch@gmail.com>
idr: fix param name in idr_alloc_cyclic() doc
Andy Shevchenko <andriy.shevchenko@linux.intel.com>
s390/zcrypt: don't leak memory if dev_set_name() fails
Olga Zaborska <olga.zaborska@intel.com>
igb: Change IGB_MIN to allow set rx/tx value between 64 and 80
Olga Zaborska <olga.zaborska@intel.com>
igbvf: Change IGBVF_MIN to allow set rx/tx value between 64 and 80
Olga Zaborska <olga.zaborska@intel.com>
igc: Change IGC_MIN to allow set rx/tx value between 64 and 80
Shigeru Yoshida <syoshida@redhat.com>
kcm: Destroy mutex in kcm_exit_net()
valis <sec@valis.email>
net: sched: sch_qfq: Fix UAF in qfq_dequeue()
Kuniyuki Iwashima <kuniyu@amazon.com>
af_unix: Fix data race around sk->sk_err.
Kuniyuki Iwashima <kuniyu@amazon.com>
af_unix: Fix data-races around sk->sk_shutdown.
Kuniyuki Iwashima <kuniyu@amazon.com>
af_unix: Fix data-race around unix_tot_inflight.
Kuniyuki Iwashima <kuniyu@amazon.com>
af_unix: Fix data-races around user->unix_inflight.
Alex Henrie <alexhenrie24@gmail.com>
net: ipv6/addrconf: avoid integer underflow in ipv6_create_tempaddr
Liang Chen <liangchen.linux@gmail.com>
veth: Fixing transmit return status for dropped packets
Corinna Vinschen <vinschen@redhat.com>
igb: disable virtualization features on 82580
Eric Dumazet <edumazet@google.com>
net: read sk->sk_family once in sk_mc_loop()
Eric Dumazet <edumazet@google.com>
ipv4: annotate data-races around fi->fib_dead
Eric Dumazet <edumazet@google.com>
sctp: annotate data-races around sk->sk_wmem_queued
Vladimir Zapolskiy <vz@mleia.com>
pwm: lpc32xx: Remove handling of PWM channels
Raag Jadav <raag.jadav@intel.com>
watchdog: intel-mid_wdt: add MODULE_ALIAS() to allow auto-load
Arnaldo Carvalho de Melo <acme@redhat.com>
perf top: Don't pass an ERR_PTR() directly to perf_session__delete()
Sean Christopherson <seanjc@google.com>
x86/virt: Drop unnecessary check on extended CPUID level in cpu_has_svm()
Arnaldo Carvalho de Melo <acme@redhat.com>
perf annotate bpf: Don't enclose non-debug code with an assert()
Konstantin Meskhidze <konstantin.meskhidze@huawei.com>
kconfig: fix possible buffer overflow
Fedor Pchelkin <pchelkin@ispras.ru>
NFSv4/pnfs: minor fix for cleanup path in nfs4_get_device_info
Chris Lew <quic_clew@quicinc.com>
soc: qcom: qmi_encdec: Restrict string length in decode
Dmitry Baryshkov <dmitry.baryshkov@linaro.org>
clk: qcom: gcc-mdm9615: use proper parent for pll0_vote clock
Helge Deller <deller@gmx.de>
parisc: led: Reduce CPU overhead for disk & lan LED computation
Helge Deller <deller@gmx.de>
parisc: led: Fix LAN receive and transmit LEDs
Andrew Donnellan <ajd@linux.ibm.com>
lib/test_meminit: allocate pages up to order MAX_ORDER
Thomas Zimmermann <tzimmermann@suse.de>
drm/ast: Fix DRAM init on AST2200
Thomas Zimmermann <tzimmermann@suse.de>
fbdev/ep93xx-fb: Do not assign to struct fb_info.dev
Manish Rangankar <mrangankar@marvell.com>
scsi: qla2xxx: Remove unsupported ql2xenabledif option
Quinn Tran <qutran@marvell.com>
scsi: qla2xxx: Turn off noisy message log
Quinn Tran <qutran@marvell.com>
scsi: qla2xxx: Fix erroneous link up failure
Quinn Tran <qutran@marvell.com>
scsi: qla2xxx: fix inconsistent TMF timeout
Quan Tian <qtian@vmware.com>
net/ipv6: SKB symmetric hash should incorporate transport ports
Jia Yang <jiayang5@huawei.com>
drm: fix double free for gbo in drm_gem_vram_init and drm_gem_vram_create
Tom Rix <trix@redhat.com>
udf: initialize newblock to 0
Marco Felsch <m.felsch@pengutronix.de>
usb: typec: tcpci: clear the fault status bit
Hugo Villeneuve <hvilleneuve@dimonoff.com>
serial: sc16is7xx: fix broken port 0 uart init
Daniel Mack <daniel@zonque.org>
sc16is7xx: Set iobase to device index
Gustavo A. R. Silva <gustavoars@kernel.org>
cpufreq: brcmstb-avs-cpufreq: Fix -Warray-bounds bug
Thomas Bourgoin <thomas.bourgoin@foss.st.com>
crypto: stm32 - fix loop iterating through scatterlist for DMA
Sven Schnelle <svens@linux.ibm.com>
s390/ipl: add missing secure/has_secure file to ipl type 'unknown'
Enlin Mu <enlin.mu@unisoc.com>
pstore/ram: Check start of empty przs during init
Eric Biggers <ebiggers@google.com>
fsverity: skip PKCS#7 parser when keyring is empty
Nicolas Dichtel <nicolas.dichtel@6wind.com>
net: handle ARPHRD_PPP in dev_is_mac_header_xmit()
Thore Sommer <public@thson.de>
X.509: if signature is unsupported skip validation
Jann Horn <jannh@google.com>
dccp: Fix out of bounds access in DCCP error handler
Alexander Aring <aahringo@redhat.com>
dlm: fix plock lookup when using multiple lockspaces
Helge Deller <deller@gmx.de>
parisc: Fix /proc/cpuinfo output for lscpu
Aleksa Sarai <cyphar@cyphar.com>
procfs: block chmod on /proc/thread-self/comm
Bjorn Helgaas <bhelgaas@google.com>
Revert "PCI: Mark NVIDIA T4 GPUs to avoid bus reset"
Dave Jiang <dave.jiang@intel.com>
ntb: Fix calculation ntb_transport_tx_free_entry()
Dave Jiang <dave.jiang@intel.com>
ntb: Clean up tx tail index on link down
Dave Jiang <dave.jiang@intel.com>
ntb: Drop packets when qp link is down
Greg Kroah-Hartman <gregkh@linuxfoundation.org>
media: dvb: symbol fixup for dvb_attach()
Max Filippov <jcmvbkbc@gmail.com>
xtensa: PMU: fix base address for the newer hardware
Thomas Zimmermann <tzimmermann@suse.de>
backlight/lv5207lp: Compare against struct fb_info.device
Thomas Zimmermann <tzimmermann@suse.de>
backlight/bd6107: Compare against struct fb_info.device
Thomas Zimmermann <tzimmermann@suse.de>
backlight/gpio_backlight: Compare against struct fb_info.device
Gustavo A. R. Silva <gustavoars@kernel.org>
ARM: OMAP2+: Fix -Warray-bounds warning in _pwrdm_state_switch()
Yi Yang <yiyang13@huawei.com>
ipmi_si: fix a memleak in try_smi_init()
Takashi Iwai <tiwai@suse.de>
ALSA: pcm: Fix missing fixup call in compat hw_refine ioctl
Boris Brezillon <boris.brezillon@collabora.com>
PM / devfreq: Fix leak in devfreq_dev_release()
Radoslaw Tyl <radoslawx.tyl@intel.com>
igb: set max size RX buffer when store bad packet is enabled
Mohamed Khalfella <mkhalfella@purestorage.com>
skbuff: skb_segment, Call zero copy functions before using skbuff frags
Wander Lairson Costa <wander@redhat.com>
netfilter: xt_sctp: validate the flag_info count
Wander Lairson Costa <wander@redhat.com>
netfilter: xt_u32: validate user space input
Kyle Zeng <zengyhkyle@gmail.com>
netfilter: ipset: add the missing IP_SET_HASH_WITH_NET0 macro for ip_set_hash_netportnet.c
Eric Dumazet <edumazet@google.com>
igmp: limit igmpv3_newpack() packet size to IP_MAX_MTU
Yuan Yao <yuanyaogoog@chromium.org>
virtio_ring: fix avail_wrap_counter in virtqueue_add_packed
Liao Chang <liaochang1@huawei.com>
cpufreq: Fix the race condition while updating the transition_task of policy
ruanjinjie <ruanjinjie@huawei.com>
dmaengine: ste_dma40: Add missing IRQ check in d40_probe
Randy Dunlap <rdunlap@infradead.org>
um: Fix hostaudio build errors
Yi Yang <yiyang13@huawei.com>
mtd: rawnand: fsmc: handle clk prepare error in fsmc_nand_resume()
Jiasheng Jiang <jiasheng@iscas.ac.cn>
rpmsg: glink: Add check for kstrdup
Jonas Karlman <jonas@kwiboo.se>
phy/rockchip: inno-hdmi: do not power on rk3328 post pll on reg write
Zheng Yang <zhengyang@rock-chips.com>
phy/rockchip: inno-hdmi: round fractal pixclock in rk3328 recalc_rate
Jonas Karlman <jonas@kwiboo.se>
phy/rockchip: inno-hdmi: use correct vco_div_5 macro on rk3328
Zheng Yejian <zhengyejian1@huawei.com>
tracing: Fix race issue between cpu buffer write and swap
Dave Hansen <dave.hansen@linux.intel.com>
x86/speculation: Mark all Skylake CPUs as vulnerable to GDS
Rahul Rameshbabu <sergeantsagara@protonmail.com>
HID: multitouch: Correct devm device reference for hidinput input_dev name
Nikita Zhandarovich <n.zhandarovich@fintech.ru>
HID: logitech-dj: Fix error handling in logi_dj_recv_switch_to_dj_mode()
Guoqing Jiang <guoqing.jiang@linux.dev>
RDMA/siw: Correct wrong debug message
Guoqing Jiang <guoqing.jiang@linux.dev>
RDMA/siw: Balance the reference of cep->kref in the error path
Leon Romanovsky <leonro@nvidia.com>
Revert "IB/isert: Fix incorrect release of isert connection"
Peng Fan <peng.fan@nxp.com>
amba: bus: fix refcount leak
Yi Yang <yiyang13@huawei.com>
serial: tegra: handle clk prepare error in tegra_uart_hw_init()
Chengfeng Ye <dg573847474@gmail.com>
scsi: fcoe: Fix potential deadlock on &fip->ctlr_lock
Tony Battersby <tonyb@cybernetics.com>
scsi: core: Use 32-bit hostnum in scsi_host_lookup()
Hans de Goede <hdegoede@redhat.com>
media: ov2680: Fix regulators being left enabled on ov2680_power_on() errors
Hans de Goede <hdegoede@redhat.com>
media: ov2680: Fix vflip / hflip set functions
Hans de Goede <hdegoede@redhat.com>
media: ov2680: Fix ov2680_bayer_order()
Hans de Goede <hdegoede@redhat.com>
media: ov2680: Remove auto-gain and auto-exposure controls
Dave Stevenson <dave.stevenson@raspberrypi.com>
media: i2c: ov2680: Set V4L2_CTRL_FLAG_MODIFY_LAYOUT on flips
Marek Vasut <marex@denx.de>
media: ov5640: Enable MIPI interface in ov5640_set_power_mipi()
Lad Prabhakar <prabhakar.mahadev-lad.rj@bp.renesas.com>
media: i2c: ov5640: Configure HVP lines in s_power callback
Alan Stern <stern@rowland.harvard.edu>
USB: gadget: f_mass_storage: Fix unused variable warning
Colin Ian King <colin.i.king@gmail.com>
media: go7007: Remove redundant if statement
Yanfei Xu <yanfei.xu@intel.com>
iommu/vt-d: Fix to flush cache of PASID directory table
Xiang Yang <xiangyang3@huawei.com>
IB/uverbs: Fix an potential error pointer dereference
Dan Carpenter <dan.carpenter@linaro.org>
driver core: test_async: fix an error code
Rob Clark <robdclark@chromium.org>
dma-buf/sync_file: Fix docs syntax
Ruidong Tian <tianruidong@linux.alibaba.com>
coresight: tmc: Explicit type conversions to prevent integer overflow
Oleksandr Natalenko <oleksandr@redhat.com>
scsi: qedf: Do not touch __user pointer in qedf_dbg_fp_int_cmd_read() directly
Oleksandr Natalenko <oleksandr@redhat.com>
scsi: qedf: Do not touch __user pointer in qedf_dbg_debug_cmd_read() directly
Oleksandr Natalenko <oleksandr@redhat.com>
scsi: qedf: Do not touch __user pointer in qedf_dbg_stop_io_on_error_cmd_read() directly
Randy Dunlap <rdunlap@infradead.org>
x86/APM: drop the duplicate APM_MINOR_DEV macro
Chunyan Zhang <chunyan.zhang@unisoc.com>
serial: sprd: Fix DMA buffer leak issue
Chunyan Zhang <chunyan.zhang@unisoc.com>
serial: sprd: Assign sprd_port after initialized to avoid wrong access
Chunyan Zhang <chunyan.zhang@unisoc.com>
serial: sprd: remove redundant sprd_port cleanup
Chunyan Zhang <chunyan.zhang@unisoc.com>
serial: sprd: getting port index via serial aliases only
Lin Ma <linma@zju.edu.cn>
scsi: qla4xxx: Add length check when parsing nlattrs
Lin Ma <linma@zju.edu.cn>
scsi: be2iscsi: Add length check when parsing nlattrs
Lin Ma <linma@zju.edu.cn>
scsi: iscsi: Add strlen() check in iscsi_if_set{_host}_param()
Xu Yang <xu.yang_2@nxp.com>
usb: phy: mxs: fix getting wrong state with mxs_phy_is_otg_host()
Irui Wang <irui.wang@mediatek.com>
media: mediatek: vcodec: Return NULL if no vdec_fb is found
Daniil Dulov <d.dulov@aladdin.ru>
media: cx24120: Add retval check for cx24120_message_send()
Christophe JAILLET <christophe.jaillet@wanadoo.fr>
media: dvb-usb: m920x: Fix a potential memory leak in m920x_i2c_xfer()
Daniil Dulov <d.dulov@aladdin.ru>
media: dib7000p: Fix potential division by zero
Dongliang Mu <dzm91@hust.edu.cn>
drivers: usb: smsusb: fix error handling code in smsusb_init_device
Christophe JAILLET <christophe.jaillet@wanadoo.fr>
media: v4l2-core: Fix a potential resource leak in v4l2_fwnode_parse_link()
Marco Felsch <m.felsch@pengutronix.de>
media: v4l2-fwnode: simplify v4l2_fwnode_parse_link
Marco Felsch <m.felsch@pengutronix.de>
media: v4l2-fwnode: fix v4l2_fwnode_parse_link handling
Benjamin Coddington <bcodding@redhat.com>
NFS: Guard against READDIR loop when entry names exceed MAXNAMELEN
Chuck Lever <chuck.lever@oracle.com>
NFSD: da_addr_body field missing in some GETDEVICEINFO replies
Su Hui <suhui@nfschina.com>
fs: lockd: avoid possible wrong NULL parameter
Alexei Filippov <halip0503@gmail.com>
jfs: validate max amount of blocks before allocation.
Russell Currey <ruscur@russell.cc>
powerpc/iommu: Fix notifiers being shared by PCI and VIO buses
Dan Carpenter <dan.carpenter@linaro.org>
nfs/blocklayout: Use the passed in gfp flags
Ilpo Järvinen <ilpo.jarvinen@linux.intel.com>
wifi: ath10k: Use RMW accessors for changing LNKCTL
Ilpo Järvinen <ilpo.jarvinen@linux.intel.com>
drm/radeon: Use RMW accessors for changing LNKCTL
Frederick Lawler <fred@fredlawl.com>
drm/radeon: Prefer pcie_capability_read_word()
Bjorn Helgaas <bhelgaas@google.com>
drm/radeon: Replace numbers with PCI_EXP_LNKCTL2 definitions
Bjorn Helgaas <bhelgaas@google.com>
drm/radeon: Correct Transmit Margin masks
Ilpo Järvinen <ilpo.jarvinen@linux.intel.com>
drm/amdgpu: Use RMW accessors for changing LNKCTL
Frederick Lawler <fred@fredlawl.com>
drm/amdgpu: Prefer pcie_capability_read_word()
Bjorn Helgaas <bhelgaas@google.com>
drm/amdgpu: Replace numbers with PCI_EXP_LNKCTL2 definitions
Bjorn Helgaas <bhelgaas@google.com>
drm/amdgpu: Correct Transmit Margin masks
Bjorn Helgaas <bhelgaas@google.com>
PCI: Add #defines for Enter Compliance, Transmit Margin
Sourabh Jain <sourabhjain@linux.ibm.com>
powerpc/fadump: reset dump area size if fadump memory reserve fails
Ahmad Fatoum <a.fatoum@pengutronix.de>
clk: imx: composite-8m: fix clock pauses when set_rate would be a no-op
Ilpo Järvinen <ilpo.jarvinen@linux.intel.com>
PCI/ASPM: Use RMW accessors for changing LNKCTL
Ilpo Järvinen <ilpo.jarvinen@linux.intel.com>
PCI: pciehp: Use RMW accessors for changing LNKCTL
Wu Zongyong <wuzongyong@linux.alibaba.com>
PCI: Mark NVIDIA T4 GPUs to avoid bus reset
Zhang Jianhua <chris.zjh@huawei.com>
clk: sunxi-ng: Modify mismatched function name
Minjie Du <duminjie@vivo.com>
drivers: clk: keystone: Fix parameter judgment in _of_pll_clk_init()
Corey Minyard <minyard@acm.org>
ipmi:ssif: Fix a memory leak when scanning for an adapter
Jiasheng Jiang <jiasheng@iscas.ac.cn>
ipmi:ssif: Add check for kstrdup
Su Hui <suhui@nfschina.com>
ALSA: ac97: Fix possible error value of *rac97
Geert Uytterhoeven <geert+renesas@glider.be>
of: unittest: Fix overlay type in apply/revert check
Sui Jingfeng <suijingfeng@loongson.cn>
drm/mediatek: Fix potential memory leak if vmap() fail
Gaosheng Cui <cuigaosheng1@huawei.com>
audit: fix possible soft lockup in __audit_inode_child()
Dan Carpenter <dan.carpenter@linaro.org>
smackfs: Prevent underflow in smk_set_cipso()
Daniel Vetter <daniel.vetter@ffwll.ch>
drm/msm/mdp5: Don't leak some plane state
Nayna Jain <nayna@linux.ibm.com>
ima: Remove deprecated IMA_TRUSTED_KEYRING Kconfig
Marek Vasut <marex@denx.de>
drm/panel: simple: Add missing connector type and pixel format for AUO T215HVN01
Geert Uytterhoeven <geert+renesas@glider.be>
drm/armada: Fix off-by-one error in armada_overlay_get_property()
Ruan Jinjie <ruanjinjie@huawei.com>
of: unittest: fix null pointer dereferencing in of_unittest_find_node_by_name()
Yangtao Li <frank.li@vivo.com>
drm/tegra: dpaux: Fix incorrect return value of platform_get_irq
Tan Zhongjun <tanzhongjun@yulong.com>
drm/tegra: Remove superfluous error messages around platform_get_irq()
Yu Kuai <yukuai3@huawei.com>
md/md-bitmap: hold 'reconfig_mutex' in backlog_store()
Guoqing Jiang <guoqing.jiang@linux.dev>
md/bitmap: don't set max_write_behind if there is no write mostly device
Srinivasan Shanmugam <srinivasan.shanmugam@amd.com>
drm/amdgpu: Update min() to min_t() in 'amdgpu_info_ioctl'
Manivannan Sadhasivam <manivannan.sadhasivam@linaro.org>
arm64: dts: qcom: sdm845: Add missing RPMh power domain to GCC
Rafał Miłecki <rafal@milecki.pl>
ARM: dts: BCM53573: Fix Ethernet info for Luxul devices
Bogdan Togorean <bogdan.togorean@analog.com>
drm: adv7511: Fix low refresh rate register for ADV7533/5
Krzysztof Kozlowski <krzysztof.kozlowski@linaro.org>
ARM: dts: samsung: s5pv210-smdkv210: correct ethernet reg addresses (split)
Krzysztof Kozlowski <krzysztof.kozlowski@linaro.org>
ARM: dts: s5pv210: add dummy 5V regulator for backlight on SMDKv210
Krzysztof Kozlowski <krzk@kernel.org>
ARM: dts: s5pv210: correct ethernet unit address in SMDKV210
Krzysztof Kozlowski <krzk@kernel.org>
ARM: dts: s5pv210: use defines for IRQ flags in SMDKV210
Krzysztof Kozlowski <krzk@kernel.org>
ARM: dts: s5pv210: add RTC 32 KHz clock in SMDKV210
Krzysztof Kozlowski <krzysztof.kozlowski@linaro.org>
ARM: dts: samsung: s3c6410-mini6410: correct ethernet reg addresses (split)
Krzysztof Kozlowski <krzysztof.kozlowski@canonical.com>
ARM: dts: s3c64xx: align pinctrl with dtschema
Krzysztof Kozlowski <krzk@kernel.org>
ARM: dts: s3c6410: align node SROM bus node name with dtschema in Mini6410
Krzysztof Kozlowski <krzk@kernel.org>
ARM: dts: s3c6410: move fixed clocks under root node in Mini6410
Lucas Stach <l.stach@pengutronix.de>
drm/etnaviv: fix dumping of active MMU context
Rafał Miłecki <rafal@milecki.pl>
ARM: dts: BCM53573: Use updated "spi-gpio" binding properties
Rafał Miłecki <rafal@milecki.pl>
ARM: dts: BCM53573: Add cells sizes to PCIe node
Rafał Miłecki <rafal@milecki.pl>
ARM: dts: BCM53573: Drop nonexistent "default-off" LED trigger
Arnd Bergmann <arnd@arndb.de>
drm/amdgpu: avoid integer overflow warning in amdgpu_device_resize_fb_bar()
Baokun Li <libaokun1@huawei.com>
quota: fix dqput() to follow the guarantees dquot_srcu should provide
Baokun Li <libaokun1@huawei.com>
quota: add new helper dquot_active()
Baokun Li <libaokun1@huawei.com>
quota: rename dquot_active() to inode_quota_active()
Baokun Li <libaokun1@huawei.com>
quota: factor out dquot_write_dquot()
Chengguang Xu <cgxu519@zoho.com.cn>
quota: avoid increasing DQST_LOOKUPS when iterating over dirty/inuse list
Marek Vasut <marex@denx.de>
drm/bridge: tc358764: Fix debug print parameter order
Kuniyuki Iwashima <kuniyu@amazon.com>
netrom: Deny concurrent connect().
Budimir Markovic <markovicbudimir@gmail.com>
net/sched: sch_hfsc: Ensure inner classes have fsc curve
Vadim Pasternak <vadimp@nvidia.com>
mlxsw: i2c: Limit single transaction buffer size
Vadim Pasternak <vadimp@nvidia.com>
mlxsw: i2c: Fix chunk size setting in output mailbox buffer
Jinjie Ruan <ruanjinjie@huawei.com>
net: arcnet: Do not call kfree_skb() under local_irq_disable()
Wang Ming <machel@vivo.com>
wifi: ath9k: use IS_ERR() with debugfs_create_dir()
Dmitry Antipov <dmantipov@yandex.ru>
wifi: mwifiex: avoid possible NULL skb pointer dereference
Fedor Pchelkin <pchelkin@ispras.ru>
wifi: ath9k: protect WMI command response buffer replacement with a lock
Fedor Pchelkin <pchelkin@ispras.ru>
wifi: ath9k: fix races between ath9k_wmi_cmd and ath9k_wmi_ctrl_rx
Polaris Pi <pinkperfect2021@gmail.com>
wifi: mwifiex: Fix missed return in oob checks failed path
Dmitry Antipov <dmantipov@yandex.ru>
wifi: mwifiex: fix memory leak in mwifiex_histogram_read()
Artem Chernyshev <artem.chernyshev@red-soft.ru>
fs: ocfs2: namei: check return value of ocfs2_add_entry()
Yan Zhai <yan@cloudflare.com>
lwt: Check LWTUNNEL_XMIT_CONTINUE strictly
Yan Zhai <yan@cloudflare.com>
lwt: Fix return values of BPF xmit ops
Florian Fainelli <florian.fainelli@broadcom.com>
hwrng: iproc-rng200 - Implement suspend and resume calls
Julia Lawall <Julia.Lawall@inria.fr>
hwrng: iproc-rng200 - use semicolons rather than commas to separate statements
Gaurav Jain <gaurav.jain@nxp.com>
crypto: caam - fix unchecked return value error
Yuanjun Gong <ruc_gongyuanjun@163.com>
Bluetooth: nokia: fix value check in nokia_bluetooth_serdev_probe()
Uwe Kleine-König <u.kleine-koenig@pengutronix.de>
crypto: stm32 - Properly handle pm_runtime_get failing
Dmitry Antipov <dmantipov@yandex.ru>
wifi: mwifiex: fix error recovery in PCIE buffer descriptor management
Christophe JAILLET <christophe.jaillet@wanadoo.fr>
mwifiex: switch from 'pci_' to 'dma_' API
Polaris Pi <pinkperfect2021@gmail.com>
wifi: mwifiex: Fix OOB and integer underflow when rx packets
Marc Kleine-Budde <mkl@pengutronix.de>
can: gs_usb: gs_usb_receive_bulk_callback(): count RX overflow errors also in case of OOM
Zhang Shurong <zhang_shurong@foxmail.com>
spi: tegra20-sflash: fix to check return value of platform_get_irq() in tegra_sflash_probe()
Dan Carpenter <dan.carpenter@linaro.org>
regmap: rbtree: Use alloc_flags for memory allocations
Eric Dumazet <edumazet@google.com>
tcp: tcp_enter_quickack_mode() should be static
Yafang Shao <laoar.shao@gmail.com>
bpf: Clear the probe_addr for uprobe
Liao Chang <liaochang1@huawei.com>
cpufreq: powernow-k8: Use related_cpus instead of cpus in driver.exit()
Xu Yang <xu.yang_2@nxp.com>
perf/imx_ddr: don't enable counter0 if none of 4 counters are used
Ard Biesheuvel <ardb@kernel.org>
x86/decompressor: Don't rely on upper 32 bits of GPRs being preserved
Jiri Slaby <jslaby@suse.cz>
x86/boot: Annotate local functions
Jiri Slaby <jslaby@suse.cz>
x86/asm: Make more symbols local
Manivannan Sadhasivam <manivannan.sadhasivam@linaro.org>
OPP: Fix passing 0 to PTR_ERR in _opp_attach_genpd()
Christian Brauner <brauner@kernel.org>
tmpfs: verify {g,u}id mount options correctly
Wang Ming <machel@vivo.com>
fs: Fix error checking for d_hash_and_lookup()
Al Viro <viro@zeniv.linux.org.uk>
new helper: lookup_positive_unlocked()
Wen Yang <wenyang.linux@foxmail.com>
eventfd: prevent underflow for eventfd semaphores
David Woodhouse <dwmw@amazon.co.uk>
eventfd: Export eventfd_ctx_do_read()
Matthew Wilcox <willy@infradead.org>
reiserfs: Check the return value from __getblk()
Sabrina Dubroca <sd@queasysnail.net>
Revert "net: macsec: preserve ingress frame ordering"
Jan Kara <jack@suse.cz>
udf: Handle error when adding extent to a file
Vladislav Efanov <VEfanov@ispras.ru>
udf: Check consistency of Space Bitmap Descriptor
Christophe Leroy <christophe.leroy@csgroup.eu>
powerpc/32s: Fix assembler warning about r0
Jordan Rife <jrife@google.com>
net: Avoid address overwrite in kernel_connect
Shih-Yi Chen <shihyic@nvidia.com>
platform/mellanox: Fix mlxbf-tmfifo not handling all virtio CONSOLE notifications
Takashi Iwai <tiwai@suse.de>
ALSA: seq: oss: Fix racy open/close of MIDI devices
Michael Kelley <mikelley@microsoft.com>
scsi: storvsc: Always set no_report_opcodes
Shyam Prasad N <sprasad@microsoft.com>
cifs: add a warning when the in-flight count goes negative
Dan Carpenter <dan.carpenter@linaro.org>
sctp: handle invalid error codes without calling BUG()
David Christensen <drc@linux.vnet.ibm.com>
bnx2x: fix page fault following EEH recovery
Dmitry Mastykin <dmastykin@astralinux.ru>
netlabel: fix shift wrapping bug in netlbl_catmap_setlong()
Chengfeng Ye <dg573847474@gmail.com>
scsi: qedi: Fix potential deadlock on &qedi_percpu->p_work_lock
Baoquan He <bhe@redhat.com>
idmaengine: make FSL_EDMA and INTEL_IDMA64 depends on HAS_IOMEM
Martin Kohn <m.kohn@welotec.com>
net: usb: qmi_wwan: add Quectel EM05GV2
Baoquan He <bhe@redhat.com>
clk: fixed-mmio: make COMMON_CLK_FIXED_MMIO depend on HAS_IOMEM
Christian Göttsche <cgzones@googlemail.com>
security: keys: perform capable check only on privileged operations
Konstantin Shelekhin <k.shelekhin@ftml.net>
platform/x86: huawei-wmi: Silence ambient light sensor
Hans de Goede <hdegoede@redhat.com>
platform/x86: intel: hid: Always call BTNL ACPI method
Guiting Shen <aarongt.shen@gmail.com>
ASoC: atmel: Fix the 8K sample parameter in I2SC master
Edgar <ljijcj@163.com>
ASoc: codecs: ES8316: Fix DMIC config
Winston Wen <wentao@uniontech.com>
fs/nls: make load_nls() take a const parameter
Stefan Haberland <sth@linux.ibm.com>
s390/dasd: fix hanging device after request requeue
Stefan Haberland <sth@linux.ibm.com>
s390/dasd: use correct number of retries for ERP requests
Ben Hutchings <benh@debian.org>
m68k: Fix invalid .section syntax
Jiri Benc <jbenc@redhat.com>
vxlan: generalize vxlan_parse_gpe_hdr and remove unused args
Yuanjun Gong <ruc_gongyuanjun@163.com>
ethernet: atheros: fix return value check in atl1c_tso_csum()
Dmytro Maluka <dmy@semihalf.com>
ASoC: da7219: Check for failure reading AAD IRQ events
Dmytro Maluka <dmy@semihalf.com>
ASoC: da7219: Flush pending AAD IRQ when suspending
Dominique Martinet <asmadeus@codewreck.org>
9p: virtio: make sure 'offs' is initialized in zc_request
Mario Limonciello <mario.limonciello@amd.com>
pinctrl: amd: Don't show `Invalid config param` errors
Ryusuke Konishi <konishi.ryusuke@gmail.com>
nilfs2: fix WARNING in mark_buffer_dirty due to discarded buffer reuse
Ryusuke Konishi <konishi.ryusuke@gmail.com>
nilfs2: fix general protection fault in nilfs_lookup_dirty_data_buffers()
Juerg Haefliger <juerg.haefliger@canonical.com>
fsi: master-ast-cf: Add MODULE_FIRMWARE macro
Wang Ming <machel@vivo.com>
firmware: stratix10-svc: Fix an NULL vs IS_ERR() bug in probe
Hugo Villeneuve <hvilleneuve@dimonoff.com>
serial: sc16is7xx: fix bug when first setting GPIO direction
Zheng Wang <zyytlz.wz@163.com>
Bluetooth: btsdio: fix use after free bug in btsdio_remove due to race condition
Nam Cao <namcaov@gmail.com>
staging: rtl8712: fix race condition
Aaron Armstrong Skomra <aaron.skomra@wacom.com>
HID: wacom: remove the battery when the EKR is off
Slark Xiao <slark_xiao@163.com>
USB: serial: option: add FOXCONN T99W368/T99W373 product
Martin Kohn <m.kohn@welotec.com>
USB: serial: option: add Quectel EM05G variant (0x030e)
Christoph Hellwig <hch@lst.de>
modules: only allow symbol_get of EXPORT_SYMBOL_GPL modules
Christoph Hellwig <hch@lst.de>
rtc: ds1685: use EXPORT_SYMBOL_GPL for ds1685_rtc_poweroff
Christoph Hellwig <hch@lst.de>
net: enetc: use EXPORT_SYMBOL_GPL for enetc_phc_index
Christoph Hellwig <hch@lst.de>
mmc: au1xmmc: force non-modular build and remove symbol_get usage
Arnd Bergmann <arnd@arndb.de>
ARM: pxa: remove use of symbol_get()
Gao Xiang <hsiangkao@linux.alibaba.com>
erofs: ensure that the post-EOF tails are all zeroed
-------------
Diffstat:
Documentation/arm64/silicon-errata.rst | 3 +
Makefile | 4 +-
arch/arm/boot/dts/bcm4708-linksys-ea6500-v2.dts | 3 +-
arch/arm/boot/dts/bcm47189-luxul-xap-1440.dts | 14 +-
arch/arm/boot/dts/bcm47189-luxul-xap-810.dts | 15 +-
arch/arm/boot/dts/bcm53573.dtsi | 3 +
arch/arm/boot/dts/bcm947189acdbmr.dts | 6 +-
arch/arm/boot/dts/s3c6410-mini6410.dts | 38 +-
arch/arm/boot/dts/s3c64xx-pinctrl.dtsi | 210 +++---
arch/arm/boot/dts/s5pv210-smdkv210.dts | 24 +-
arch/arm/kernel/hw_breakpoint.c | 8 +-
arch/arm/mach-omap2/powerdomain.c | 2 +-
arch/arm/mach-pxa/sharpsl_pm.c | 2 -
arch/arm/mach-pxa/spitz.c | 14 +-
arch/arm64/boot/dts/qcom/sdm845.dtsi | 1 +
arch/arm64/kernel/hw_breakpoint.c | 4 +-
arch/m68k/fpsp040/skeleton.S | 4 +-
arch/m68k/ifpsp060/os.S | 4 +-
arch/m68k/kernel/relocate_kernel.S | 4 +-
arch/mips/alchemy/devboards/db1000.c | 8 +-
arch/mips/alchemy/devboards/db1200.c | 19 +-
arch/mips/alchemy/devboards/db1300.c | 10 +-
arch/parisc/include/asm/led.h | 4 +-
arch/parisc/include/asm/processor.h | 1 -
arch/parisc/kernel/processor.c | 18 +-
arch/powerpc/kernel/fadump.c | 1 +
arch/powerpc/kernel/head_32.S | 2 +-
arch/powerpc/kernel/iommu.c | 17 +-
arch/powerpc/platforms/pseries/ibmebus.c | 1 +
arch/s390/kernel/ipl.c | 2 +
arch/sh/boards/mach-ap325rxa/setup.c | 2 +-
arch/sh/boards/mach-ecovec24/setup.c | 6 +-
arch/sh/boards/mach-kfr2r09/setup.c | 2 +-
arch/sh/boards/mach-migor/setup.c | 2 +-
arch/sh/boards/mach-se/7724/setup.c | 6 +-
arch/um/configs/i386_defconfig | 1 +
arch/um/configs/x86_64_defconfig | 1 +
arch/um/drivers/Kconfig | 16 +-
arch/um/drivers/Makefile | 2 +-
arch/x86/boot/compressed/head_32.S | 3 +-
arch/x86/boot/compressed/head_64.S | 39 +-
arch/x86/boot/pmjump.S | 6 +-
arch/x86/entry/entry_64.S | 4 +-
arch/x86/include/asm/virtext.h | 6 -
arch/x86/kernel/apm_32.c | 6 -
arch/x86/kernel/cpu/common.c | 8 +-
arch/x86/realmode/rm/wakeup_asm.S | 6 +-
arch/xtensa/include/asm/core.h | 9 +
arch/xtensa/kernel/perf_event.c | 17 +-
crypto/asymmetric_keys/x509_public_key.c | 5 +
drivers/acpi/acpica/psopcode.c | 2 +-
drivers/acpi/arm64/iort.c | 5 +-
drivers/acpi/video_detect.c | 9 +
drivers/amba/bus.c | 1 +
drivers/ata/pata_ftide010.c | 1 +
drivers/ata/sata_gemini.c | 1 +
drivers/base/regmap/regcache-rbtree.c | 10 +-
drivers/base/test/test_async_driver_probe.c | 2 +-
drivers/bluetooth/btsdio.c | 1 +
drivers/bluetooth/hci_nokia.c | 6 +-
drivers/bus/ti-sysc.c | 2 +
drivers/char/hw_random/iproc-rng200.c | 33 +-
drivers/char/ipmi/ipmi_si_intf.c | 5 +
drivers/char/ipmi/ipmi_ssif.c | 7 +-
drivers/char/tpm/tpm_tis_core.c | 15 +-
drivers/clk/Kconfig | 1 +
drivers/clk/imx/clk-composite-8m.c | 12 +-
drivers/clk/imx/clk-imx8mm.c | 87 +--
drivers/clk/imx/clk-pll14xx.c | 30 +
drivers/clk/imx/clk.h | 3 +
drivers/clk/keystone/pll.c | 2 +-
drivers/clk/qcom/gcc-mdm9615.c | 2 +-
drivers/clk/sunxi-ng/ccu_mmc_timing.c | 2 +-
drivers/cpufreq/brcmstb-avs-cpufreq.c | 6 +-
drivers/cpufreq/cpufreq.c | 2 +
drivers/cpufreq/powernow-k8.c | 3 +-
drivers/crypto/caam/caampkc.c | 4 +-
drivers/crypto/stm32/stm32-hash.c | 9 +-
drivers/devfreq/devfreq.c | 1 +
drivers/dma/Kconfig | 2 +
drivers/dma/ste_dma40.c | 4 +
drivers/firmware/stratix10-svc.c | 2 +-
drivers/fsi/fsi-master-ast-cf.c | 1 +
drivers/gpu/drm/amd/amdgpu/amdgpu_cs.c | 18 +-
drivers/gpu/drm/amd/amdgpu/amdgpu_device.c | 3 +
drivers/gpu/drm/amd/amdgpu/amdgpu_kms.c | 14 +-
drivers/gpu/drm/amd/amdgpu/cik.c | 97 +--
drivers/gpu/drm/amd/amdgpu/si.c | 99 +--
drivers/gpu/drm/amd/display/dc/dcn10/dcn10_mpc.c | 5 +-
drivers/gpu/drm/armada/armada_overlay.c | 6 +-
drivers/gpu/drm/ast/ast_post.c | 2 +-
drivers/gpu/drm/bridge/adv7511/adv7511_drv.c | 9 +-
drivers/gpu/drm/bridge/tc358764.c | 2 +-
drivers/gpu/drm/drm_gem_vram_helper.c | 24 +-
drivers/gpu/drm/etnaviv/etnaviv_dump.c | 14 +-
drivers/gpu/drm/exynos/exynos_drm_crtc.c | 5 +-
drivers/gpu/drm/mediatek/mtk_drm_gem.c | 6 +-
drivers/gpu/drm/msm/disp/mdp5/mdp5_plane.c | 3 +-
drivers/gpu/drm/panel/panel-simple.c | 4 +-
drivers/gpu/drm/radeon/cik.c | 96 +--
drivers/gpu/drm/radeon/si.c | 98 +--
drivers/gpu/drm/tegra/dpaux.c | 6 +-
drivers/hid/hid-logitech-dj.c | 5 +-
drivers/hid/hid-multitouch.c | 13 +-
drivers/hid/wacom.h | 1 +
drivers/hid/wacom_sys.c | 25 +-
drivers/hid/wacom_wac.c | 1 +
drivers/hid/wacom_wac.h | 1 +
drivers/hwtracing/coresight/coresight-tmc-etf.c | 2 +-
drivers/hwtracing/coresight/coresight-tmc-etr.c | 5 +-
drivers/hwtracing/coresight/coresight-tmc.h | 2 +-
drivers/i2c/busses/i2c-aspeed.c | 7 +-
.../infiniband/core/uverbs_std_types_counters.c | 2 +
drivers/infiniband/sw/siw/siw_cm.c | 1 -
drivers/infiniband/sw/siw/siw_verbs.c | 2 +-
drivers/infiniband/ulp/isert/ib_isert.c | 2 +
drivers/iommu/intel-pasid.c | 2 +-
drivers/md/md-bitmap.c | 26 +
drivers/md/raid1.c | 3 +
drivers/media/dvb-frontends/ascot2e.c | 2 +-
drivers/media/dvb-frontends/atbm8830.c | 2 +-
drivers/media/dvb-frontends/au8522_dig.c | 2 +-
drivers/media/dvb-frontends/bcm3510.c | 2 +-
drivers/media/dvb-frontends/cx22700.c | 2 +-
drivers/media/dvb-frontends/cx22702.c | 2 +-
drivers/media/dvb-frontends/cx24110.c | 2 +-
drivers/media/dvb-frontends/cx24113.c | 2 +-
drivers/media/dvb-frontends/cx24116.c | 2 +-
drivers/media/dvb-frontends/cx24120.c | 6 +-
drivers/media/dvb-frontends/cx24123.c | 2 +-
drivers/media/dvb-frontends/cxd2820r_core.c | 2 +-
drivers/media/dvb-frontends/cxd2841er.c | 4 +-
drivers/media/dvb-frontends/cxd2880/cxd2880_top.c | 2 +-
drivers/media/dvb-frontends/dib0070.c | 2 +-
drivers/media/dvb-frontends/dib0090.c | 4 +-
drivers/media/dvb-frontends/dib3000mb.c | 2 +-
drivers/media/dvb-frontends/dib3000mc.c | 2 +-
drivers/media/dvb-frontends/dib7000m.c | 2 +-
drivers/media/dvb-frontends/dib7000p.c | 4 +-
drivers/media/dvb-frontends/dib8000.c | 2 +-
drivers/media/dvb-frontends/dib9000.c | 2 +-
drivers/media/dvb-frontends/drx39xyj/drxj.c | 2 +-
drivers/media/dvb-frontends/drxd_hard.c | 2 +-
drivers/media/dvb-frontends/drxk_hard.c | 2 +-
drivers/media/dvb-frontends/ds3000.c | 2 +-
drivers/media/dvb-frontends/dvb-pll.c | 2 +-
drivers/media/dvb-frontends/ec100.c | 2 +-
drivers/media/dvb-frontends/helene.c | 4 +-
drivers/media/dvb-frontends/horus3a.c | 2 +-
drivers/media/dvb-frontends/isl6405.c | 2 +-
drivers/media/dvb-frontends/isl6421.c | 2 +-
drivers/media/dvb-frontends/isl6423.c | 2 +-
drivers/media/dvb-frontends/itd1000.c | 2 +-
drivers/media/dvb-frontends/ix2505v.c | 2 +-
drivers/media/dvb-frontends/l64781.c | 2 +-
drivers/media/dvb-frontends/lg2160.c | 2 +-
drivers/media/dvb-frontends/lgdt3305.c | 2 +-
drivers/media/dvb-frontends/lgdt3306a.c | 2 +-
drivers/media/dvb-frontends/lgdt330x.c | 2 +-
drivers/media/dvb-frontends/lgs8gxx.c | 2 +-
drivers/media/dvb-frontends/lnbh25.c | 2 +-
drivers/media/dvb-frontends/lnbp21.c | 4 +-
drivers/media/dvb-frontends/lnbp22.c | 2 +-
drivers/media/dvb-frontends/m88ds3103.c | 2 +-
drivers/media/dvb-frontends/m88rs2000.c | 2 +-
drivers/media/dvb-frontends/mb86a16.c | 2 +-
drivers/media/dvb-frontends/mb86a20s.c | 2 +-
drivers/media/dvb-frontends/mt312.c | 2 +-
drivers/media/dvb-frontends/mt352.c | 2 +-
drivers/media/dvb-frontends/nxt200x.c | 2 +-
drivers/media/dvb-frontends/nxt6000.c | 2 +-
drivers/media/dvb-frontends/or51132.c | 2 +-
drivers/media/dvb-frontends/or51211.c | 2 +-
drivers/media/dvb-frontends/s5h1409.c | 2 +-
drivers/media/dvb-frontends/s5h1411.c | 2 +-
drivers/media/dvb-frontends/s5h1420.c | 2 +-
drivers/media/dvb-frontends/s5h1432.c | 2 +-
drivers/media/dvb-frontends/s921.c | 2 +-
drivers/media/dvb-frontends/si21xx.c | 2 +-
drivers/media/dvb-frontends/sp887x.c | 2 +-
drivers/media/dvb-frontends/stb0899_drv.c | 2 +-
drivers/media/dvb-frontends/stb6000.c | 2 +-
drivers/media/dvb-frontends/stb6100.c | 2 +-
drivers/media/dvb-frontends/stv0288.c | 2 +-
drivers/media/dvb-frontends/stv0297.c | 2 +-
drivers/media/dvb-frontends/stv0299.c | 2 +-
drivers/media/dvb-frontends/stv0367.c | 6 +-
drivers/media/dvb-frontends/stv0900_core.c | 2 +-
drivers/media/dvb-frontends/stv090x.c | 2 +-
drivers/media/dvb-frontends/stv6110.c | 2 +-
drivers/media/dvb-frontends/stv6110x.c | 2 +-
drivers/media/dvb-frontends/tda10021.c | 2 +-
drivers/media/dvb-frontends/tda10023.c | 2 +-
drivers/media/dvb-frontends/tda10048.c | 2 +-
drivers/media/dvb-frontends/tda1004x.c | 4 +-
drivers/media/dvb-frontends/tda10086.c | 2 +-
drivers/media/dvb-frontends/tda665x.c | 2 +-
drivers/media/dvb-frontends/tda8083.c | 2 +-
drivers/media/dvb-frontends/tda8261.c | 2 +-
drivers/media/dvb-frontends/tda826x.c | 2 +-
drivers/media/dvb-frontends/ts2020.c | 2 +-
drivers/media/dvb-frontends/tua6100.c | 2 +-
drivers/media/dvb-frontends/ves1820.c | 2 +-
drivers/media/dvb-frontends/ves1x93.c | 2 +-
drivers/media/dvb-frontends/zl10036.c | 2 +-
drivers/media/dvb-frontends/zl10039.c | 2 +-
drivers/media/dvb-frontends/zl10353.c | 2 +-
drivers/media/i2c/ov2680.c | 246 ++-----
drivers/media/i2c/ov5640.c | 127 ++--
drivers/media/pci/bt8xx/dst.c | 2 +-
drivers/media/pci/bt8xx/dst_ca.c | 2 +-
drivers/media/pci/cx23885/cx23885-video.c | 2 +-
drivers/media/pci/intel/ipu3/ipu3-cio2.c | 2 +-
.../media/platform/mtk-vcodec/vdec/vdec_vp9_if.c | 5 +-
drivers/media/tuners/fc0011.c | 2 +-
drivers/media/tuners/fc0012.c | 2 +-
drivers/media/tuners/fc0013.c | 2 +-
drivers/media/tuners/max2165.c | 2 +-
drivers/media/tuners/mc44s803.c | 2 +-
drivers/media/tuners/mt2060.c | 2 +-
drivers/media/tuners/mt2131.c | 2 +-
drivers/media/tuners/mt2266.c | 2 +-
drivers/media/tuners/mxl5005s.c | 2 +-
drivers/media/tuners/qt1010.c | 13 +-
drivers/media/tuners/tda18218.c | 2 +-
drivers/media/tuners/xc4000.c | 2 +-
drivers/media/tuners/xc5000.c | 2 +-
drivers/media/usb/dvb-usb-v2/af9035.c | 14 +-
drivers/media/usb/dvb-usb-v2/anysee.c | 2 +-
drivers/media/usb/dvb-usb-v2/az6007.c | 8 +
drivers/media/usb/dvb-usb/af9005.c | 5 +
drivers/media/usb/dvb-usb/dw2102.c | 24 +
drivers/media/usb/dvb-usb/m920x.c | 5 +-
drivers/media/usb/go7007/go7007-i2c.c | 2 -
drivers/media/usb/siano/smsusb.c | 21 +-
drivers/media/v4l2-core/v4l2-fwnode.c | 43 +-
drivers/mmc/host/Kconfig | 5 +-
drivers/mmc/host/sdhci-esdhc-imx.c | 7 +-
drivers/mtd/nand/raw/brcmnand/brcmnand.c | 112 ++-
drivers/mtd/nand/raw/fsmc_nand.c | 7 +-
drivers/net/arcnet/arcnet.c | 2 +-
drivers/net/can/usb/gs_usb.c | 5 +-
drivers/net/ethernet/atheros/alx/ethtool.c | 5 +-
drivers/net/ethernet/atheros/atl1c/atl1c_main.c | 7 +-
drivers/net/ethernet/broadcom/bnx2x/bnx2x_main.c | 9 +-
drivers/net/ethernet/freescale/enetc/enetc_ptp.c | 2 +-
drivers/net/ethernet/hisilicon/hns3/hns3_ethtool.c | 4 +-
drivers/net/ethernet/intel/igb/igb.h | 4 +-
drivers/net/ethernet/intel/igb/igb_main.c | 16 +-
drivers/net/ethernet/intel/igbvf/igbvf.h | 4 +-
drivers/net/ethernet/intel/igc/igc.h | 4 +-
drivers/net/ethernet/intel/ixgbe/ixgbe_ptp.c | 28 +-
drivers/net/ethernet/marvell/mvpp2/mvpp2_main.c | 5 +
drivers/net/ethernet/mediatek/mtk_eth_soc.c | 3 +
drivers/net/ethernet/mellanox/mlxsw/i2c.c | 5 +-
drivers/net/macsec.c | 3 +-
drivers/net/usb/qmi_wwan.c | 1 +
drivers/net/usb/r8152.c | 3 +
drivers/net/veth.c | 4 +-
drivers/net/vxlan.c | 58 +-
drivers/net/wireless/ath/ath10k/pci.c | 9 +-
drivers/net/wireless/ath/ath9k/ahb.c | 4 +-
drivers/net/wireless/ath/ath9k/htc_drv_debug.c | 2 +-
drivers/net/wireless/ath/ath9k/pci.c | 4 +-
drivers/net/wireless/ath/ath9k/wmi.c | 20 +-
drivers/net/wireless/mac80211_hwsim.c | 7 +-
drivers/net/wireless/marvell/mwifiex/debugfs.c | 9 +-
drivers/net/wireless/marvell/mwifiex/pcie.c | 176 ++---
drivers/net/wireless/marvell/mwifiex/sta_rx.c | 12 +-
drivers/net/wireless/marvell/mwifiex/tdls.c | 9 +-
drivers/net/wireless/marvell/mwifiex/uap_txrx.c | 30 +-
drivers/net/wireless/marvell/mwifiex/util.c | 10 +-
drivers/ntb/ntb_transport.c | 19 +-
drivers/of/unittest.c | 12 +-
drivers/opp/core.c | 2 +-
drivers/parisc/led.c | 4 +-
drivers/pci/hotplug/pciehp_hpc.c | 12 +-
drivers/pci/pcie/aspm.c | 30 +-
drivers/perf/arm_smmuv3_pmu.c | 46 +-
drivers/perf/fsl_imx8_ddr_perf.c | 24 +-
drivers/phy/rockchip/phy-rockchip-inno-hdmi.c | 18 +-
drivers/pinctrl/pinctrl-amd.c | 4 +-
drivers/platform/mellanox/mlxbf-tmfifo.c | 104 ++-
drivers/platform/x86/huawei-wmi.c | 2 +
drivers/platform/x86/intel-hid.c | 21 +-
drivers/pwm/pwm-lpc32xx.c | 16 +-
drivers/rpmsg/qcom_glink_native.c | 4 +
drivers/rtc/rtc-ds1685.c | 2 +-
drivers/s390/block/dasd.c | 125 ++--
drivers/s390/block/dasd_3990_erp.c | 2 +-
drivers/s390/crypto/zcrypt_api.c | 1 +
drivers/scsi/be2iscsi/be_iscsi.c | 4 +
drivers/scsi/fcoe/fcoe_ctlr.c | 20 +-
drivers/scsi/hosts.c | 4 +-
drivers/scsi/megaraid/megaraid_sas.h | 2 +-
drivers/scsi/megaraid/megaraid_sas_base.c | 21 +-
drivers/scsi/qedf/qedf_dbg.h | 2 +
drivers/scsi/qedf/qedf_debugfs.c | 35 +-
drivers/scsi/qedi/qedi_main.c | 5 +-
drivers/scsi/qla2xxx/qla_attr.c | 2 -
drivers/scsi/qla2xxx/qla_dbg.c | 2 +-
drivers/scsi/qla2xxx/qla_init.c | 3 +-
drivers/scsi/qla2xxx/qla_isr.c | 7 +-
drivers/scsi/qla2xxx/qla_nvme.c | 2 +-
drivers/scsi/qla2xxx/qla_os.c | 9 +-
drivers/scsi/qla4xxx/ql4_os.c | 15 +
drivers/scsi/scsi_transport_iscsi.c | 8 +
drivers/scsi/storvsc_drv.c | 2 +
drivers/soc/qcom/qmi_encdec.c | 4 +-
drivers/spi/spi-tegra20-sflash.c | 6 +-
drivers/staging/rtl8712/os_intfs.c | 1 +
drivers/staging/rtl8712/usb_intf.c | 1 -
drivers/target/iscsi/iscsi_target_configfs.c | 54 +-
drivers/tty/serial/cpm_uart/cpm_uart_core.c | 13 +-
drivers/tty/serial/sc16is7xx.c | 18 +-
drivers/tty/serial/serial-tegra.c | 6 +-
drivers/tty/serial/sprd_serial.c | 68 +-
drivers/usb/gadget/function/f_mass_storage.c | 2 +-
drivers/usb/gadget/udc/fsl_qe_udc.c | 2 +
drivers/usb/phy/phy-mxs-usb.c | 10 +-
drivers/usb/serial/option.c | 7 +
drivers/usb/typec/bus.c | 12 +-
drivers/usb/typec/tcpm/tcpci.c | 4 +
drivers/usb/typec/tcpm/tcpci.h | 1 +
drivers/usb/typec/tcpm/tcpm.c | 122 ++--
drivers/video/backlight/bd6107.c | 2 +-
drivers/video/backlight/gpio_backlight.c | 2 +-
drivers/video/backlight/lv5207lp.c | 2 +-
drivers/video/fbdev/ep93xx-fb.c | 1 -
drivers/virtio/virtio_ring.c | 2 +-
drivers/watchdog/intel-mid_wdt.c | 1 +
fs/attr.c | 20 +-
fs/autofs/waitq.c | 3 +-
fs/btrfs/ctree.h | 2 -
fs/btrfs/delayed-inode.c | 19 +-
fs/btrfs/disk-io.c | 13 +-
fs/btrfs/extent-tree.c | 5 +
fs/btrfs/transaction.c | 7 +-
fs/btrfs/volumes.c | 8 +
fs/btrfs/volumes.h | 3 +
fs/cifs/cifsfs.c | 7 +-
fs/cifs/smb2ops.c | 1 +
fs/debugfs/inode.c | 6 +-
fs/dlm/plock.c | 6 +-
fs/erofs/zdata.c | 2 +
fs/eventfd.c | 7 +-
fs/ext2/xattr.c | 4 +-
fs/ext4/namei.c | 26 +-
fs/fuse/readdir.c | 10 +-
fs/jfs/jfs_dmap.c | 1 +
fs/jfs/jfs_extent.c | 5 +
fs/jfs/jfs_imap.c | 1 +
fs/kernfs/mount.c | 2 +-
fs/lockd/mon.c | 3 +
fs/locks.c | 2 +-
fs/namei.c | 22 +-
fs/nfs/blocklayout/dev.c | 4 +-
fs/nfs/nfs2xdr.c | 2 +-
fs/nfs/nfs3xdr.c | 2 +-
fs/nfs/pnfs_dev.c | 2 +-
fs/nfsd/blocklayoutxdr.c | 9 +
fs/nfsd/flexfilelayoutxdr.c | 9 +
fs/nfsd/nfs3xdr.c | 4 +-
fs/nfsd/nfs4proc.c | 4 +-
fs/nfsd/nfs4xdr.c | 36 +-
fs/nilfs2/alloc.c | 3 +-
fs/nilfs2/inode.c | 7 +-
fs/nilfs2/segment.c | 5 +
fs/nls/nls_base.c | 4 +-
fs/ocfs2/namei.c | 4 +
fs/overlayfs/namei.c | 24 +-
fs/proc/base.c | 3 +-
fs/pstore/ram_core.c | 2 +-
fs/quota/dquot.c | 184 +++--
fs/reiserfs/journal.c | 4 +-
fs/tracefs/inode.c | 3 +
fs/udf/balloc.c | 31 +-
fs/udf/inode.c | 45 +-
fs/verity/signature.c | 16 +
include/linux/acpi_iort.h | 1 +
include/linux/eventfd.h | 6 +
include/linux/if_arp.h | 4 +
include/linux/namei.h | 1 +
include/linux/nls.h | 2 +-
include/linux/perf_event.h | 22 +-
include/linux/sched/task.h | 28 +-
include/linux/trace_events.h | 3 +-
include/linux/usb/typec_altmode.h | 2 +-
include/net/ip_tunnels.h | 15 +-
include/net/lwtunnel.h | 5 +-
include/net/tcp.h | 1 -
include/scsi/scsi_host.h | 2 +-
include/uapi/linux/pci_regs.h | 2 +
include/uapi/linux/sync_file.h | 2 +-
kernel/auditsc.c | 2 +
kernel/fork.c | 8 +
kernel/module.c | 15 +-
kernel/trace/bpf_trace.c | 2 +-
kernel/trace/trace.c | 43 +-
kernel/trace/trace_uprobe.c | 3 +-
lib/idr.c | 2 +-
lib/kobject.c | 5 +
lib/mpi/mpi-cmp.c | 8 +-
lib/test_meminit.c | 2 +-
mm/shmem.c | 28 +-
net/9p/trans_virtio.c | 2 +-
net/core/devlink.c | 4 +-
net/core/flow_dissector.c | 3 +-
net/core/lwt_bpf.c | 7 +-
net/core/skbuff.c | 34 +-
net/core/sock.c | 9 +-
net/dccp/ipv4.c | 13 +-
net/dccp/ipv6.c | 15 +-
net/ipv4/devinet.c | 10 +-
net/ipv4/fib_semantics.c | 5 +-
net/ipv4/fib_trie.c | 3 +-
net/ipv4/igmp.c | 3 +-
net/ipv4/ip_output.c | 2 +-
net/ipv4/tcp_input.c | 3 +-
net/ipv6/addrconf.c | 2 +-
net/ipv6/ip6_output.c | 2 +-
net/kcm/kcmsock.c | 15 +-
net/netfilter/ipset/ip_set_hash_netportnet.c | 1 +
net/netfilter/nfnetlink_osf.c | 8 +
net/netfilter/xt_sctp.c | 2 +
net/netfilter/xt_u32.c | 21 +
net/netlabel/netlabel_kapi.c | 3 +-
net/netrom/af_netrom.c | 5 +
net/sched/Kconfig | 28 -
net/sched/Makefile | 2 -
net/sched/cls_rsvp.c | 24 -
net/sched/cls_rsvp.h | 777 ---------------------
net/sched/cls_rsvp6.c | 24 -
net/sched/sch_hfsc.c | 4 +
net/sched/sch_plug.c | 2 +-
net/sched/sch_qfq.c | 22 +-
net/sctp/proc.c | 2 +-
net/sctp/sm_sideeffect.c | 5 +-
net/sctp/socket.c | 10 +-
net/socket.c | 6 +-
net/tls/tls_sw.c | 4 +-
net/unix/af_unix.c | 2 +-
net/unix/scm.c | 6 +-
scripts/kconfig/preprocess.c | 3 +
security/integrity/ima/Kconfig | 12 -
security/keys/keyctl.c | 11 +-
security/smack/smackfs.c | 2 +-
sound/Kconfig | 2 +-
sound/core/pcm_compat.c | 8 +-
sound/core/seq/oss/seq_oss_midi.c | 35 +-
sound/pci/ac97/ac97_codec.c | 5 +-
sound/soc/atmel/atmel-i2s.c | 5 +-
sound/soc/codecs/da7219-aad.c | 12 +-
sound/soc/codecs/es8316.c | 2 +-
tools/build/Makefile.build | 10 +
tools/build/Makefile.feature | 2 +
tools/build/feature/Makefile | 4 +
tools/build/feature/test-all.c | 5 +
tools/build/feature/test-libbfd-buildid.c | 8 +
tools/lib/bpf/libbpf.c | 1 +
tools/perf/Makefile.config | 62 +-
tools/perf/Makefile.perf | 1 +
tools/perf/builtin-top.c | 1 +
tools/perf/pmu-events/Build | 22 +-
tools/perf/pmu-events/empty-pmu-events.c | 158 +++++
tools/perf/ui/browsers/hists.c | 2 +-
tools/perf/util/annotate.c | 10 +-
tools/perf/util/header.c | 11 +-
tools/testing/selftests/ftrace/ftracetest | 8 +
469 files changed, 3117 insertions(+), 2928 deletions(-)
^ permalink raw reply [flat|nested] 396+ messages in thread
* [PATCH 5.4 001/367] erofs: ensure that the post-EOF tails are all zeroed
2023-09-20 11:26 [PATCH 5.4 000/367] 5.4.257-rc1 review Greg Kroah-Hartman
@ 2023-09-20 11:26 ` Greg Kroah-Hartman
2023-09-20 11:26 ` [PATCH 5.4 002/367] ARM: pxa: remove use of symbol_get() Greg Kroah-Hartman
` (371 subsequent siblings)
372 siblings, 0 replies; 396+ messages in thread
From: Greg Kroah-Hartman @ 2023-09-20 11:26 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, keltargw, Gao Xiang
5.4-stable review patch. If anyone has any objections, please let me know.
------------------
From: Gao Xiang <hsiangkao@linux.alibaba.com>
commit e4c1cf523d820730a86cae2c6d55924833b6f7ac upstream.
This was accidentally fixed up in commit e4c1cf523d82 but we can't
take the full change due to other dependancy issues, so here is just
the actual bugfix that is needed.
[Background]
keltargw reported an issue [1] that with mmaped I/Os, sometimes the
tail of the last page (after file ends) is not filled with zeroes.
The root cause is that such tail page could be wrongly selected for
inplace I/Os so the zeroed part will then be filled with compressed
data instead of zeroes.
A simple fix is to avoid doing inplace I/Os for such tail parts,
actually that was already fixed upstream in commit e4c1cf523d82
("erofs: tidy up z_erofs_do_read_page()") by accident.
[1] https://lore.kernel.org/r/3ad8b469-25db-a297-21f9-75db2d6ad224@linux.alibaba.com
Reported-by: keltargw <keltar.gw@gmail.com>
Fixes: 3883a79abd02 ("staging: erofs: introduce VLE decompression support")
Signed-off-by: Gao Xiang <hsiangkao@linux.alibaba.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/erofs/zdata.c | 2 ++
1 file changed, 2 insertions(+)
--- a/fs/erofs/zdata.c
+++ b/fs/erofs/zdata.c
@@ -639,6 +639,8 @@ hitted:
cur = end - min_t(erofs_off_t, offset + end - map->m_la, end);
if (!(map->m_flags & EROFS_MAP_MAPPED)) {
zero_user_segment(page, cur, end);
+ ++spiltted;
+ tight = false;
goto next_part;
}
^ permalink raw reply [flat|nested] 396+ messages in thread
* [PATCH 5.4 002/367] ARM: pxa: remove use of symbol_get()
2023-09-20 11:26 [PATCH 5.4 000/367] 5.4.257-rc1 review Greg Kroah-Hartman
2023-09-20 11:26 ` [PATCH 5.4 001/367] erofs: ensure that the post-EOF tails are all zeroed Greg Kroah-Hartman
@ 2023-09-20 11:26 ` Greg Kroah-Hartman
2023-09-20 11:26 ` [PATCH 5.4 003/367] mmc: au1xmmc: force non-modular build and remove symbol_get usage Greg Kroah-Hartman
` (370 subsequent siblings)
372 siblings, 0 replies; 396+ messages in thread
From: Greg Kroah-Hartman @ 2023-09-20 11:26 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Arnd Bergmann, Christoph Hellwig,
Luis Chamberlain
5.4-stable review patch. If anyone has any objections, please let me know.
------------------
From: Arnd Bergmann <arnd@arndb.de>
commit 0faa29c4207e6e29cfc81b427df60e326c37083a upstream.
The spitz board file uses the obscure symbol_get() function
to optionally call a function from sharpsl_pm.c if that is
built. However, the two files are always built together
these days, and have been for a long time, so this can
be changed to a normal function call.
Link: https://lore.kernel.org/lkml/20230731162639.GA9441@lst.de/
Signed-off-by: Arnd Bergmann <arnd@arndb.de>
Signed-off-by: Christoph Hellwig <hch@lst.de>
Signed-off-by: Luis Chamberlain <mcgrof@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
arch/arm/mach-pxa/sharpsl_pm.c | 2 --
arch/arm/mach-pxa/spitz.c | 14 +-------------
2 files changed, 1 insertion(+), 15 deletions(-)
--- a/arch/arm/mach-pxa/sharpsl_pm.c
+++ b/arch/arm/mach-pxa/sharpsl_pm.c
@@ -220,8 +220,6 @@ void sharpsl_battery_kick(void)
{
schedule_delayed_work(&sharpsl_bat, msecs_to_jiffies(125));
}
-EXPORT_SYMBOL(sharpsl_battery_kick);
-
static void sharpsl_battery_thread(struct work_struct *private_)
{
--- a/arch/arm/mach-pxa/spitz.c
+++ b/arch/arm/mach-pxa/spitz.c
@@ -9,7 +9,6 @@
*/
#include <linux/kernel.h>
-#include <linux/module.h> /* symbol_get ; symbol_put */
#include <linux/platform_device.h>
#include <linux/delay.h>
#include <linux/gpio_keys.h>
@@ -514,17 +513,6 @@ static struct pxa2xx_spi_chip spitz_ads7
.gpio_cs = SPITZ_GPIO_ADS7846_CS,
};
-static void spitz_bl_kick_battery(void)
-{
- void (*kick_batt)(void);
-
- kick_batt = symbol_get(sharpsl_battery_kick);
- if (kick_batt) {
- kick_batt();
- symbol_put(sharpsl_battery_kick);
- }
-}
-
static struct corgi_lcd_platform_data spitz_lcdcon_info = {
.init_mode = CORGI_LCD_MODE_VGA,
.max_intensity = 0x2f,
@@ -532,7 +520,7 @@ static struct corgi_lcd_platform_data sp
.limit_mask = 0x0b,
.gpio_backlight_cont = SPITZ_GPIO_BACKLIGHT_CONT,
.gpio_backlight_on = SPITZ_GPIO_BACKLIGHT_ON,
- .kick_battery = spitz_bl_kick_battery,
+ .kick_battery = sharpsl_battery_kick,
};
static struct pxa2xx_spi_chip spitz_lcdcon_chip = {
^ permalink raw reply [flat|nested] 396+ messages in thread
* [PATCH 5.4 003/367] mmc: au1xmmc: force non-modular build and remove symbol_get usage
2023-09-20 11:26 [PATCH 5.4 000/367] 5.4.257-rc1 review Greg Kroah-Hartman
2023-09-20 11:26 ` [PATCH 5.4 001/367] erofs: ensure that the post-EOF tails are all zeroed Greg Kroah-Hartman
2023-09-20 11:26 ` [PATCH 5.4 002/367] ARM: pxa: remove use of symbol_get() Greg Kroah-Hartman
@ 2023-09-20 11:26 ` Greg Kroah-Hartman
2023-09-20 11:26 ` [PATCH 5.4 004/367] net: enetc: use EXPORT_SYMBOL_GPL for enetc_phc_index Greg Kroah-Hartman
` (369 subsequent siblings)
372 siblings, 0 replies; 396+ messages in thread
From: Greg Kroah-Hartman @ 2023-09-20 11:26 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Christoph Hellwig, Manuel Lauss,
Arnd Bergmann, Luis Chamberlain
5.4-stable review patch. If anyone has any objections, please let me know.
------------------
From: Christoph Hellwig <hch@lst.de>
commit d4a5c59a955bba96b273ec1a5885bada24c56979 upstream.
au1xmmc is split somewhat awkwardly into the main mmc subsystem driver,
and callbacks in platform_data that sit under arch/mips/ and are
always built in. The latter than call mmc_detect_change through
symbol_get. Remove the use of symbol_get by requiring the driver
to be built in. In the future the interrupt handlers for card
insert/eject detection should probably be moved into the main driver,
and which point it can be built modular again.
Signed-off-by: Christoph Hellwig <hch@lst.de>
Acked-by: Manuel Lauss <manuel.lauss@gmail.com>
Reviewed-by: Arnd Bergmann <arnd@arndb.de>
[mcgrof: squashed in depends on MMC=y suggested by Arnd]
Signed-off-by: Luis Chamberlain <mcgrof@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
arch/mips/alchemy/devboards/db1000.c | 8 +-------
arch/mips/alchemy/devboards/db1200.c | 19 ++-----------------
arch/mips/alchemy/devboards/db1300.c | 10 +---------
drivers/mmc/host/Kconfig | 5 +++--
4 files changed, 7 insertions(+), 35 deletions(-)
--- a/arch/mips/alchemy/devboards/db1000.c
+++ b/arch/mips/alchemy/devboards/db1000.c
@@ -14,7 +14,6 @@
#include <linux/interrupt.h>
#include <linux/leds.h>
#include <linux/mmc/host.h>
-#include <linux/module.h>
#include <linux/platform_device.h>
#include <linux/pm.h>
#include <linux/spi/spi.h>
@@ -167,12 +166,7 @@ static struct platform_device db1x00_aud
static irqreturn_t db1100_mmc_cd(int irq, void *ptr)
{
- void (*mmc_cd)(struct mmc_host *, unsigned long);
- /* link against CONFIG_MMC=m */
- mmc_cd = symbol_get(mmc_detect_change);
- mmc_cd(ptr, msecs_to_jiffies(500));
- symbol_put(mmc_detect_change);
-
+ mmc_detect_change(ptr, msecs_to_jiffies(500));
return IRQ_HANDLED;
}
--- a/arch/mips/alchemy/devboards/db1200.c
+++ b/arch/mips/alchemy/devboards/db1200.c
@@ -10,7 +10,6 @@
#include <linux/gpio.h>
#include <linux/i2c.h>
#include <linux/init.h>
-#include <linux/module.h>
#include <linux/interrupt.h>
#include <linux/io.h>
#include <linux/leds.h>
@@ -340,14 +339,7 @@ static irqreturn_t db1200_mmc_cd(int irq
static irqreturn_t db1200_mmc_cdfn(int irq, void *ptr)
{
- void (*mmc_cd)(struct mmc_host *, unsigned long);
-
- /* link against CONFIG_MMC=m */
- mmc_cd = symbol_get(mmc_detect_change);
- if (mmc_cd) {
- mmc_cd(ptr, msecs_to_jiffies(200));
- symbol_put(mmc_detect_change);
- }
+ mmc_detect_change(ptr, msecs_to_jiffies(200));
msleep(100); /* debounce */
if (irq == DB1200_SD0_INSERT_INT)
@@ -431,14 +423,7 @@ static irqreturn_t pb1200_mmc1_cd(int ir
static irqreturn_t pb1200_mmc1_cdfn(int irq, void *ptr)
{
- void (*mmc_cd)(struct mmc_host *, unsigned long);
-
- /* link against CONFIG_MMC=m */
- mmc_cd = symbol_get(mmc_detect_change);
- if (mmc_cd) {
- mmc_cd(ptr, msecs_to_jiffies(200));
- symbol_put(mmc_detect_change);
- }
+ mmc_detect_change(ptr, msecs_to_jiffies(200));
msleep(100); /* debounce */
if (irq == PB1200_SD1_INSERT_INT)
--- a/arch/mips/alchemy/devboards/db1300.c
+++ b/arch/mips/alchemy/devboards/db1300.c
@@ -17,7 +17,6 @@
#include <linux/interrupt.h>
#include <linux/ata_platform.h>
#include <linux/mmc/host.h>
-#include <linux/module.h>
#include <linux/mtd/mtd.h>
#include <linux/mtd/platnand.h>
#include <linux/platform_device.h>
@@ -459,14 +458,7 @@ static irqreturn_t db1300_mmc_cd(int irq
static irqreturn_t db1300_mmc_cdfn(int irq, void *ptr)
{
- void (*mmc_cd)(struct mmc_host *, unsigned long);
-
- /* link against CONFIG_MMC=m. We can only be called once MMC core has
- * initialized the controller, so symbol_get() should always succeed.
- */
- mmc_cd = symbol_get(mmc_detect_change);
- mmc_cd(ptr, msecs_to_jiffies(200));
- symbol_put(mmc_detect_change);
+ mmc_detect_change(ptr, msecs_to_jiffies(200));
msleep(100); /* debounce */
if (irq == DB1300_SD1_INSERT_INT)
--- a/drivers/mmc/host/Kconfig
+++ b/drivers/mmc/host/Kconfig
@@ -466,11 +466,12 @@ config MMC_ALCOR
of Alcor Micro PCI-E card reader
config MMC_AU1X
- tristate "Alchemy AU1XX0 MMC Card Interface support"
+ bool "Alchemy AU1XX0 MMC Card Interface support"
depends on MIPS_ALCHEMY
+ depends on MMC=y
help
This selects the AMD Alchemy(R) Multimedia card interface.
- If you have a Alchemy platform with a MMC slot, say Y or M here.
+ If you have a Alchemy platform with a MMC slot, say Y here.
If unsure, say N.
^ permalink raw reply [flat|nested] 396+ messages in thread
* [PATCH 5.4 004/367] net: enetc: use EXPORT_SYMBOL_GPL for enetc_phc_index
2023-09-20 11:26 [PATCH 5.4 000/367] 5.4.257-rc1 review Greg Kroah-Hartman
` (2 preceding siblings ...)
2023-09-20 11:26 ` [PATCH 5.4 003/367] mmc: au1xmmc: force non-modular build and remove symbol_get usage Greg Kroah-Hartman
@ 2023-09-20 11:26 ` Greg Kroah-Hartman
2023-09-20 11:26 ` [PATCH 5.4 005/367] rtc: ds1685: use EXPORT_SYMBOL_GPL for ds1685_rtc_poweroff Greg Kroah-Hartman
` (368 subsequent siblings)
372 siblings, 0 replies; 396+ messages in thread
From: Greg Kroah-Hartman @ 2023-09-20 11:26 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Christoph Hellwig, Jakub Kicinski,
Luis Chamberlain
5.4-stable review patch. If anyone has any objections, please let me know.
------------------
From: Christoph Hellwig <hch@lst.de>
commit 569820befb16ffc755ab7af71f4f08cc5f68f0fe upstream.
enetc_phc_index is only used via symbol_get, which was only ever
intended for very internal symbols like this one. Use EXPORT_SYMBOL_GPL
for it so that symbol_get can enforce only being used on
EXPORT_SYMBOL_GPL symbols.
Signed-off-by: Christoph Hellwig <hch@lst.de>
Reviewed-by: Jakub Kicinski <kuba@kernel.org>
Reviewed-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Luis Chamberlain <mcgrof@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/net/ethernet/freescale/enetc/enetc_ptp.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/drivers/net/ethernet/freescale/enetc/enetc_ptp.c
+++ b/drivers/net/ethernet/freescale/enetc/enetc_ptp.c
@@ -8,7 +8,7 @@
#include "enetc.h"
int enetc_phc_index = -1;
-EXPORT_SYMBOL(enetc_phc_index);
+EXPORT_SYMBOL_GPL(enetc_phc_index);
static struct ptp_clock_info enetc_ptp_caps = {
.owner = THIS_MODULE,
^ permalink raw reply [flat|nested] 396+ messages in thread
* [PATCH 5.4 005/367] rtc: ds1685: use EXPORT_SYMBOL_GPL for ds1685_rtc_poweroff
2023-09-20 11:26 [PATCH 5.4 000/367] 5.4.257-rc1 review Greg Kroah-Hartman
` (3 preceding siblings ...)
2023-09-20 11:26 ` [PATCH 5.4 004/367] net: enetc: use EXPORT_SYMBOL_GPL for enetc_phc_index Greg Kroah-Hartman
@ 2023-09-20 11:26 ` Greg Kroah-Hartman
2023-09-20 11:26 ` [PATCH 5.4 006/367] modules: only allow symbol_get of EXPORT_SYMBOL_GPL modules Greg Kroah-Hartman
` (367 subsequent siblings)
372 siblings, 0 replies; 396+ messages in thread
From: Greg Kroah-Hartman @ 2023-09-20 11:26 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Christoph Hellwig, Joshua Kinard,
Luis Chamberlain
5.4-stable review patch. If anyone has any objections, please let me know.
------------------
From: Christoph Hellwig <hch@lst.de>
commit 95e7ebc6823170256a8ce19fad87912805bfa001 upstream.
ds1685_rtc_poweroff is only used externally via symbol_get, which was
only ever intended for very internal symbols like this one. Use
EXPORT_SYMBOL_GPL for it so that symbol_get can enforce only being used
on EXPORT_SYMBOL_GPL symbols.
Signed-off-by: Christoph Hellwig <hch@lst.de>
Acked-by: Joshua Kinard <kumba@gentoo.org>
Reviewed-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Luis Chamberlain <mcgrof@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/rtc/rtc-ds1685.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/drivers/rtc/rtc-ds1685.c
+++ b/drivers/rtc/rtc-ds1685.c
@@ -1437,7 +1437,7 @@ ds1685_rtc_poweroff(struct platform_devi
unreachable();
}
}
-EXPORT_SYMBOL(ds1685_rtc_poweroff);
+EXPORT_SYMBOL_GPL(ds1685_rtc_poweroff);
/* ----------------------------------------------------------------------- */
^ permalink raw reply [flat|nested] 396+ messages in thread
* [PATCH 5.4 006/367] modules: only allow symbol_get of EXPORT_SYMBOL_GPL modules
2023-09-20 11:26 [PATCH 5.4 000/367] 5.4.257-rc1 review Greg Kroah-Hartman
` (4 preceding siblings ...)
2023-09-20 11:26 ` [PATCH 5.4 005/367] rtc: ds1685: use EXPORT_SYMBOL_GPL for ds1685_rtc_poweroff Greg Kroah-Hartman
@ 2023-09-20 11:26 ` Greg Kroah-Hartman
2023-09-20 11:26 ` [PATCH 5.4 007/367] USB: serial: option: add Quectel EM05G variant (0x030e) Greg Kroah-Hartman
` (366 subsequent siblings)
372 siblings, 0 replies; 396+ messages in thread
From: Greg Kroah-Hartman @ 2023-09-20 11:26 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Christoph Hellwig, Luis Chamberlain
5.4-stable review patch. If anyone has any objections, please let me know.
------------------
From: Christoph Hellwig <hch@lst.de>
commit 9011e49d54dcc7653ebb8a1e05b5badb5ecfa9f9 upstream.
It has recently come to my attention that nvidia is circumventing the
protection added in 262e6ae7081d ("modules: inherit
TAINT_PROPRIETARY_MODULE") by importing exports from their proprietary
modules into an allegedly GPL licensed module and then rexporting them.
Given that symbol_get was only ever intended for tightly cooperating
modules using very internal symbols it is logical to restrict it to
being used on EXPORT_SYMBOL_GPL and prevent nvidia from costly DMCA
Circumvention of Access Controls law suites.
All symbols except for four used through symbol_get were already exported
as EXPORT_SYMBOL_GPL, and the remaining four ones were switched over in
the preparation patches.
Fixes: 262e6ae7081d ("modules: inherit TAINT_PROPRIETARY_MODULE")
Signed-off-by: Christoph Hellwig <hch@lst.de>
Reviewed-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Luis Chamberlain <mcgrof@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
kernel/module.c | 15 +++++++++++++--
1 file changed, 13 insertions(+), 2 deletions(-)
--- a/kernel/module.c
+++ b/kernel/module.c
@@ -2291,15 +2291,26 @@ static void free_module(struct module *m
void *__symbol_get(const char *symbol)
{
struct module *owner;
+ enum mod_license license;
const struct kernel_symbol *sym;
preempt_disable();
- sym = find_symbol(symbol, &owner, NULL, NULL, true, true);
- if (sym && strong_try_module_get(owner))
+ sym = find_symbol(symbol, &owner, NULL, &license, true, true);
+ if (!sym)
+ goto fail;
+ if (license != GPL_ONLY) {
+ pr_warn("failing symbol_get of non-GPLONLY symbol %s.\n",
+ symbol);
+ goto fail;
+ }
+ if (strong_try_module_get(owner))
sym = NULL;
preempt_enable();
return sym ? (void *)kernel_symbol_value(sym) : NULL;
+fail:
+ preempt_enable();
+ return NULL;
}
EXPORT_SYMBOL_GPL(__symbol_get);
^ permalink raw reply [flat|nested] 396+ messages in thread
* [PATCH 5.4 007/367] USB: serial: option: add Quectel EM05G variant (0x030e)
2023-09-20 11:26 [PATCH 5.4 000/367] 5.4.257-rc1 review Greg Kroah-Hartman
` (5 preceding siblings ...)
2023-09-20 11:26 ` [PATCH 5.4 006/367] modules: only allow symbol_get of EXPORT_SYMBOL_GPL modules Greg Kroah-Hartman
@ 2023-09-20 11:26 ` Greg Kroah-Hartman
2023-09-20 11:26 ` [PATCH 5.4 008/367] USB: serial: option: add FOXCONN T99W368/T99W373 product Greg Kroah-Hartman
` (365 subsequent siblings)
372 siblings, 0 replies; 396+ messages in thread
From: Greg Kroah-Hartman @ 2023-09-20 11:26 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Martin Kohn, Johan Hovold
5.4-stable review patch. If anyone has any objections, please let me know.
------------------
From: Martin Kohn <m.kohn@welotec.com>
commit 873854c02364ebb991fc06f7148c14dfb5419e1b upstream.
Add Quectel EM05G with product ID 0x030e.
Interface 4 is used for qmi.
T: Bus=01 Lev=01 Prnt=01 Port=00 Cnt=01 Dev#= 2 Spd=480 MxCh= 0
D: Ver= 2.00 Cls=ef(misc ) Sub=02 Prot=01 MxPS=64 #Cfgs= 1
P: Vendor=2c7c ProdID=030e Rev= 3.18
S: Manufacturer=Quectel
S: Product=Quectel EM05-G
C:* #Ifs= 5 Cfg#= 1 Atr=a0 MxPwr=500mA
I:* If#= 0 Alt= 0 #EPs= 2 Cls=ff(vend.) Sub=ff Prot=ff Driver=option
E: Ad=81(I) Atr=02(Bulk) MxPS= 512 Ivl=0ms
E: Ad=01(O) Atr=02(Bulk) MxPS= 512 Ivl=0ms
I:* If#= 1 Alt= 0 #EPs= 3 Cls=ff(vend.) Sub=00 Prot=00 Driver=option
E: Ad=83(I) Atr=03(Int.) MxPS= 10 Ivl=32ms
E: Ad=82(I) Atr=02(Bulk) MxPS= 512 Ivl=0ms
E: Ad=02(O) Atr=02(Bulk) MxPS= 512 Ivl=0ms
I:* If#= 2 Alt= 0 #EPs= 3 Cls=ff(vend.) Sub=00 Prot=00 Driver=option
E: Ad=85(I) Atr=03(Int.) MxPS= 10 Ivl=32ms
E: Ad=84(I) Atr=02(Bulk) MxPS= 512 Ivl=0ms
E: Ad=03(O) Atr=02(Bulk) MxPS= 512 Ivl=0ms
I:* If#= 3 Alt= 0 #EPs= 3 Cls=ff(vend.) Sub=00 Prot=00 Driver=option
E: Ad=87(I) Atr=03(Int.) MxPS= 10 Ivl=32ms
E: Ad=86(I) Atr=02(Bulk) MxPS= 512 Ivl=0ms
E: Ad=04(O) Atr=02(Bulk) MxPS= 512 Ivl=0ms
I:* If#= 4 Alt= 0 #EPs= 3 Cls=ff(vend.) Sub=ff Prot=ff Driver=qmi_wwan
E: Ad=89(I) Atr=03(Int.) MxPS= 8 Ivl=32ms
E: Ad=88(I) Atr=02(Bulk) MxPS= 512 Ivl=0ms
E: Ad=05(O) Atr=02(Bulk) MxPS= 512 Ivl=0ms
Signed-off-by: Martin Kohn <m.kohn@welotec.com>
Cc: stable@vger.kernel.org
Signed-off-by: Johan Hovold <johan@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/usb/serial/option.c | 3 +++
1 file changed, 3 insertions(+)
--- a/drivers/usb/serial/option.c
+++ b/drivers/usb/serial/option.c
@@ -259,6 +259,7 @@ static void option_instat_callback(struc
#define QUECTEL_PRODUCT_EM05G 0x030a
#define QUECTEL_PRODUCT_EM060K 0x030b
#define QUECTEL_PRODUCT_EM05G_CS 0x030c
+#define QUECTEL_PRODUCT_EM05GV2 0x030e
#define QUECTEL_PRODUCT_EM05CN_SG 0x0310
#define QUECTEL_PRODUCT_EM05G_SG 0x0311
#define QUECTEL_PRODUCT_EM05CN 0x0312
@@ -1190,6 +1191,8 @@ static const struct usb_device_id option
.driver_info = RSVD(6) | ZLP },
{ USB_DEVICE_INTERFACE_CLASS(QUECTEL_VENDOR_ID, QUECTEL_PRODUCT_EM05G_GR, 0xff),
.driver_info = RSVD(6) | ZLP },
+ { USB_DEVICE_INTERFACE_CLASS(QUECTEL_VENDOR_ID, QUECTEL_PRODUCT_EM05GV2, 0xff),
+ .driver_info = RSVD(4) | ZLP },
{ USB_DEVICE_INTERFACE_CLASS(QUECTEL_VENDOR_ID, QUECTEL_PRODUCT_EM05G_CS, 0xff),
.driver_info = RSVD(6) | ZLP },
{ USB_DEVICE_INTERFACE_CLASS(QUECTEL_VENDOR_ID, QUECTEL_PRODUCT_EM05G_RS, 0xff),
^ permalink raw reply [flat|nested] 396+ messages in thread
* [PATCH 5.4 008/367] USB: serial: option: add FOXCONN T99W368/T99W373 product
2023-09-20 11:26 [PATCH 5.4 000/367] 5.4.257-rc1 review Greg Kroah-Hartman
` (6 preceding siblings ...)
2023-09-20 11:26 ` [PATCH 5.4 007/367] USB: serial: option: add Quectel EM05G variant (0x030e) Greg Kroah-Hartman
@ 2023-09-20 11:26 ` Greg Kroah-Hartman
2023-09-20 11:26 ` [PATCH 5.4 009/367] HID: wacom: remove the battery when the EKR is off Greg Kroah-Hartman
` (364 subsequent siblings)
372 siblings, 0 replies; 396+ messages in thread
From: Greg Kroah-Hartman @ 2023-09-20 11:26 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Slark Xiao, Johan Hovold
5.4-stable review patch. If anyone has any objections, please let me know.
------------------
From: Slark Xiao <slark_xiao@163.com>
commit 4d9488b294e1f8353bbcadc4c7172a7f7490199b upstream.
The difference of T99W368 and T99W373 is the chip solution.
T99W368 is designed based on Qualcomm SDX65 and T99W373 is SDX62.
Test evidence as below:
T: Bus=01 Lev=02 Prnt=05 Port=00 Cnt=01 Dev#= 7 Spd=480 MxCh= 0
D: Ver= 2.10 Cls=ef(misc ) Sub=02 Prot=01 MxPS=64 #Cfgs= 1
P: Vendor=0489 ProdID=e0f0 Rev=05.04
S: Manufacturer=FII
S: Product=OLYMPIC USB WWAN Adapter
S: SerialNumber=78ada8c4
C: #Ifs= 6 Cfg#= 1 Atr=a0 MxPwr=500mA
I: If#=0x0 Alt= 0 #EPs= 1 Cls=02(commc) Sub=0e Prot=00 Driver=cdc_mbim
I: If#=0x1 Alt= 1 #EPs= 2 Cls=0a(data ) Sub=00 Prot=02 Driver=cdc_mbim
I: If#=0x2 Alt= 0 #EPs= 3 Cls=ff(vend.) Sub=ff Prot=40 Driver=option
I: If#=0x3 Alt= 0 #EPs= 1 Cls=ff(vend.) Sub=ff Prot=ff Driver=(none)
I: If#=0x4 Alt= 0 #EPs= 3 Cls=ff(vend.) Sub=ff Prot=40 Driver=option
I: If#=0x5 Alt= 0 #EPs= 2 Cls=ff(vend.) Sub=ff Prot=30 Driver=option
T: Bus=01 Lev=02 Prnt=05 Port=00 Cnt=01 Dev#= 8 Spd=480 MxCh= 0
D: Ver= 2.10 Cls=ef(misc ) Sub=02 Prot=01 MxPS=64 #Cfgs= 1
P: Vendor=0489 ProdID=e0ee Rev=05.04
S: Manufacturer=FII
S: Product=OLYMPIC USB WWAN Adapter
S: SerialNumber=78ada8d5
C: #Ifs= 6 Cfg#= 1 Atr=a0 MxPwr=500mA
I: If#=0x0 Alt= 0 #EPs= 1 Cls=02(commc) Sub=0e Prot=00 Driver=cdc_mbim
I: If#=0x1 Alt= 1 #EPs= 2 Cls=0a(data ) Sub=00 Prot=02 Driver=cdc_mbim
I: If#=0x2 Alt= 0 #EPs= 3 Cls=ff(vend.) Sub=ff Prot=40 Driver=option
I: If#=0x3 Alt= 0 #EPs= 1 Cls=ff(vend.) Sub=ff Prot=ff Driver=(none)
I: If#=0x4 Alt= 0 #EPs= 3 Cls=ff(vend.) Sub=ff Prot=40 Driver=option
I: If#=0x5 Alt= 0 #EPs= 2 Cls=ff(vend.) Sub=ff Prot=30 Driver=option
Both of them share the same port configuration:
0&1: MBIM, 2: Modem, 3:GNSS, 4:NMEA, 5:Diag
GNSS port don't use serial driver.
Signed-off-by: Slark Xiao <slark_xiao@163.com>
Cc: stable@vger.kernel.org
Signed-off-by: Johan Hovold <johan@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/usb/serial/option.c | 4 ++++
1 file changed, 4 insertions(+)
--- a/drivers/usb/serial/option.c
+++ b/drivers/usb/serial/option.c
@@ -2235,6 +2235,10 @@ static const struct usb_device_id option
.driver_info = RSVD(0) | RSVD(1) | RSVD(6) },
{ USB_DEVICE_INTERFACE_CLASS(0x0489, 0xe0db, 0xff), /* Foxconn T99W265 MBIM */
.driver_info = RSVD(3) },
+ { USB_DEVICE_INTERFACE_CLASS(0x0489, 0xe0ee, 0xff), /* Foxconn T99W368 MBIM */
+ .driver_info = RSVD(3) },
+ { USB_DEVICE_INTERFACE_CLASS(0x0489, 0xe0f0, 0xff), /* Foxconn T99W373 MBIM */
+ .driver_info = RSVD(3) },
{ USB_DEVICE(0x1508, 0x1001), /* Fibocom NL668 (IOT version) */
.driver_info = RSVD(4) | RSVD(5) | RSVD(6) },
{ USB_DEVICE(0x1782, 0x4d10) }, /* Fibocom L610 (AT mode) */
^ permalink raw reply [flat|nested] 396+ messages in thread
* [PATCH 5.4 009/367] HID: wacom: remove the battery when the EKR is off
2023-09-20 11:26 [PATCH 5.4 000/367] 5.4.257-rc1 review Greg Kroah-Hartman
` (7 preceding siblings ...)
2023-09-20 11:26 ` [PATCH 5.4 008/367] USB: serial: option: add FOXCONN T99W368/T99W373 product Greg Kroah-Hartman
@ 2023-09-20 11:26 ` Greg Kroah-Hartman
2023-09-20 11:26 ` [PATCH 5.4 010/367] staging: rtl8712: fix race condition Greg Kroah-Hartman
` (363 subsequent siblings)
372 siblings, 0 replies; 396+ messages in thread
From: Greg Kroah-Hartman @ 2023-09-20 11:26 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Aaron Skomra,
Aaron Armstrong Skomra, Jason Gerecke, Jiri Kosina
5.4-stable review patch. If anyone has any objections, please let me know.
------------------
From: Aaron Armstrong Skomra <aaron.skomra@wacom.com>
commit 9ac6678b95b0dd9458a7a6869f46e51cd55a1d84 upstream.
Currently the EKR battery remains even after we stop getting information
from the device. This can lead to a stale battery persisting indefinitely
in userspace.
The remote sends a heartbeat every 10 seconds. Delete the battery if we
miss two heartbeats (after 21 seconds). Restore the battery once we see
a heartbeat again.
Signed-off-by: Aaron Skomra <skomra@gmail.com>
Signed-off-by: Aaron Armstrong Skomra <aaron.skomra@wacom.com>
Reviewed-by: Jason Gerecke <jason.gerecke@wacom.com>
Fixes: 9f1015d45f62 ("HID: wacom: EKR: attach the power_supply on first connection")
CC: stable@vger.kernel.org
Signed-off-by: Jiri Kosina <jkosina@suse.cz>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/hid/wacom.h | 1 +
drivers/hid/wacom_sys.c | 25 +++++++++++++++++++++----
drivers/hid/wacom_wac.c | 1 +
drivers/hid/wacom_wac.h | 1 +
4 files changed, 24 insertions(+), 4 deletions(-)
--- a/drivers/hid/wacom.h
+++ b/drivers/hid/wacom.h
@@ -153,6 +153,7 @@ struct wacom_remote {
struct input_dev *input;
bool registered;
struct wacom_battery battery;
+ ktime_t active_time;
} remotes[WACOM_MAX_REMOTES];
};
--- a/drivers/hid/wacom_sys.c
+++ b/drivers/hid/wacom_sys.c
@@ -2529,6 +2529,18 @@ fail:
return;
}
+static void wacom_remote_destroy_battery(struct wacom *wacom, int index)
+{
+ struct wacom_remote *remote = wacom->remote;
+
+ if (remote->remotes[index].battery.battery) {
+ devres_release_group(&wacom->hdev->dev,
+ &remote->remotes[index].battery.bat_desc);
+ remote->remotes[index].battery.battery = NULL;
+ remote->remotes[index].active_time = 0;
+ }
+}
+
static void wacom_remote_destroy_one(struct wacom *wacom, unsigned int index)
{
struct wacom_remote *remote = wacom->remote;
@@ -2543,9 +2555,7 @@ static void wacom_remote_destroy_one(str
remote->remotes[i].registered = false;
spin_unlock_irqrestore(&remote->remote_lock, flags);
- if (remote->remotes[i].battery.battery)
- devres_release_group(&wacom->hdev->dev,
- &remote->remotes[i].battery.bat_desc);
+ wacom_remote_destroy_battery(wacom, i);
if (remote->remotes[i].group.name)
devres_release_group(&wacom->hdev->dev,
@@ -2553,7 +2563,6 @@ static void wacom_remote_destroy_one(str
remote->remotes[i].serial = 0;
remote->remotes[i].group.name = NULL;
- remote->remotes[i].battery.battery = NULL;
wacom->led.groups[i].select = WACOM_STATUS_UNKNOWN;
}
}
@@ -2638,6 +2647,9 @@ static int wacom_remote_attach_battery(s
if (remote->remotes[index].battery.battery)
return 0;
+ if (!remote->remotes[index].active_time)
+ return 0;
+
if (wacom->led.groups[index].select == WACOM_STATUS_UNKNOWN)
return 0;
@@ -2653,6 +2665,7 @@ static void wacom_remote_work(struct wor
{
struct wacom *wacom = container_of(work, struct wacom, remote_work);
struct wacom_remote *remote = wacom->remote;
+ ktime_t kt = ktime_get();
struct wacom_remote_data data;
unsigned long flags;
unsigned int count;
@@ -2679,6 +2692,10 @@ static void wacom_remote_work(struct wor
serial = data.remote[i].serial;
if (data.remote[i].connected) {
+ if (kt - remote->remotes[i].active_time > WACOM_REMOTE_BATTERY_TIMEOUT
+ && remote->remotes[i].active_time != 0)
+ wacom_remote_destroy_battery(wacom, i);
+
if (remote->remotes[i].serial == serial) {
wacom_remote_attach_battery(wacom, i);
continue;
--- a/drivers/hid/wacom_wac.c
+++ b/drivers/hid/wacom_wac.c
@@ -1127,6 +1127,7 @@ static int wacom_remote_irq(struct wacom
if (index < 0 || !remote->remotes[index].registered)
goto out;
+ remote->remotes[i].active_time = ktime_get();
input = remote->remotes[index].input;
input_report_key(input, BTN_0, (data[9] & 0x01));
--- a/drivers/hid/wacom_wac.h
+++ b/drivers/hid/wacom_wac.h
@@ -15,6 +15,7 @@
#define WACOM_NAME_MAX 64
#define WACOM_MAX_REMOTES 5
#define WACOM_STATUS_UNKNOWN 255
+#define WACOM_REMOTE_BATTERY_TIMEOUT 21000000000ll
/* packet length for individual models */
#define WACOM_PKGLEN_BBFUN 9
^ permalink raw reply [flat|nested] 396+ messages in thread
* [PATCH 5.4 010/367] staging: rtl8712: fix race condition
2023-09-20 11:26 [PATCH 5.4 000/367] 5.4.257-rc1 review Greg Kroah-Hartman
` (8 preceding siblings ...)
2023-09-20 11:26 ` [PATCH 5.4 009/367] HID: wacom: remove the battery when the EKR is off Greg Kroah-Hartman
@ 2023-09-20 11:26 ` Greg Kroah-Hartman
2023-09-20 11:26 ` [PATCH 5.4 011/367] Bluetooth: btsdio: fix use after free bug in btsdio_remove due to " Greg Kroah-Hartman
` (362 subsequent siblings)
372 siblings, 0 replies; 396+ messages in thread
From: Greg Kroah-Hartman @ 2023-09-20 11:26 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, syzbot+b08315e8cf5a78eed03c, stable,
Nam Cao
5.4-stable review patch. If anyone has any objections, please let me know.
------------------
From: Nam Cao <namcaov@gmail.com>
commit 1422b526fba994cf05fd288a152106563b875fce upstream.
In probe function, request_firmware_nowait() is called to load firmware
asynchronously. At completion of firmware loading, register_netdev() is
called. However, a mutex needed by netdev is initialized after the call
to request_firmware_nowait(). Consequently, it can happen that
register_netdev() is called before the driver is ready.
Move the mutex initialization into r8712_init_drv_sw(), which is called
before request_firmware_nowait().
Reported-by: syzbot+b08315e8cf5a78eed03c@syzkaller.appspotmail.com
Closes: https://lore.kernel.org/linux-staging/000000000000d9d4560601b8e0d7@google.com/T/#u
Fixes: 8c213fa59199 ("staging: r8712u: Use asynchronous firmware loading")
Cc: stable <stable@kernel.org>
Signed-off-by: Nam Cao <namcaov@gmail.com>
Link: https://lore.kernel.org/r/20230731110620.116562-1-namcaov@gmail.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/staging/rtl8712/os_intfs.c | 1 +
drivers/staging/rtl8712/usb_intf.c | 1 -
2 files changed, 1 insertion(+), 1 deletion(-)
--- a/drivers/staging/rtl8712/os_intfs.c
+++ b/drivers/staging/rtl8712/os_intfs.c
@@ -323,6 +323,7 @@ int r8712_init_drv_sw(struct _adapter *p
mp871xinit(padapter);
init_default_value(padapter);
r8712_InitSwLeds(padapter);
+ mutex_init(&padapter->mutex_start);
return ret;
}
--- a/drivers/staging/rtl8712/usb_intf.c
+++ b/drivers/staging/rtl8712/usb_intf.c
@@ -570,7 +570,6 @@ static int r871xu_drv_init(struct usb_in
if (rtl871x_load_fw(padapter))
goto error;
spin_lock_init(&padapter->lock_rx_ff0_filter);
- mutex_init(&padapter->mutex_start);
return 0;
error:
usb_put_dev(udev);
^ permalink raw reply [flat|nested] 396+ messages in thread
* [PATCH 5.4 011/367] Bluetooth: btsdio: fix use after free bug in btsdio_remove due to race condition
2023-09-20 11:26 [PATCH 5.4 000/367] 5.4.257-rc1 review Greg Kroah-Hartman
` (9 preceding siblings ...)
2023-09-20 11:26 ` [PATCH 5.4 010/367] staging: rtl8712: fix race condition Greg Kroah-Hartman
@ 2023-09-20 11:26 ` Greg Kroah-Hartman
2023-09-20 11:26 ` [PATCH 5.4 012/367] serial: sc16is7xx: fix bug when first setting GPIO direction Greg Kroah-Hartman
` (361 subsequent siblings)
372 siblings, 0 replies; 396+ messages in thread
From: Greg Kroah-Hartman @ 2023-09-20 11:26 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Zheng Wang, Luiz Augusto von Dentz,
Denis Efremov (Oracle)
5.4-stable review patch. If anyone has any objections, please let me know.
------------------
From: Zheng Wang <zyytlz.wz@163.com>
commit 73f7b171b7c09139eb3c6a5677c200dc1be5f318 upstream.
In btsdio_probe, the data->work is bound with btsdio_work. It will be
started in btsdio_send_frame.
If the btsdio_remove runs with a unfinished work, there may be a race
condition that hdev is freed but used in btsdio_work. Fix it by
canceling the work before do cleanup in btsdio_remove.
Fixes: CVE-2023-1989
Fixes: ddbaf13e3609 ("[Bluetooth] Add generic driver for Bluetooth SDIO devices")
Cc: stable@vger.kernel.org
Signed-off-by: Zheng Wang <zyytlz.wz@163.com>
Signed-off-by: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>
[ Denis: Added CVE-2023-1989 and fixes tags. ]
Signed-off-by: Denis Efremov (Oracle) <efremov@linux.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/bluetooth/btsdio.c | 1 +
1 file changed, 1 insertion(+)
--- a/drivers/bluetooth/btsdio.c
+++ b/drivers/bluetooth/btsdio.c
@@ -346,6 +346,7 @@ static void btsdio_remove(struct sdio_fu
if (!data)
return;
+ cancel_work_sync(&data->work);
hdev = data->hdev;
sdio_set_drvdata(func, NULL);
^ permalink raw reply [flat|nested] 396+ messages in thread
* [PATCH 5.4 012/367] serial: sc16is7xx: fix bug when first setting GPIO direction
2023-09-20 11:26 [PATCH 5.4 000/367] 5.4.257-rc1 review Greg Kroah-Hartman
` (10 preceding siblings ...)
2023-09-20 11:26 ` [PATCH 5.4 011/367] Bluetooth: btsdio: fix use after free bug in btsdio_remove due to " Greg Kroah-Hartman
@ 2023-09-20 11:26 ` Greg Kroah-Hartman
2023-09-20 11:26 ` [PATCH 5.4 013/367] firmware: stratix10-svc: Fix an NULL vs IS_ERR() bug in probe Greg Kroah-Hartman
` (360 subsequent siblings)
372 siblings, 0 replies; 396+ messages in thread
From: Greg Kroah-Hartman @ 2023-09-20 11:26 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Hugo Villeneuve, Lech Perczak
5.4-stable review patch. If anyone has any objections, please let me know.
------------------
From: Hugo Villeneuve <hvilleneuve@dimonoff.com>
commit 9baeea723c0fb9c3ba9a336369f758ed9bc6831d upstream.
When configuring a pin as an output pin with a value of logic 0, we
end up as having a value of logic 1 on the output pin. Setting a
logic 0 a second time (or more) after that will correctly output a
logic 0 on the output pin.
By default, all GPIO pins are configured as inputs. When we enter
sc16is7xx_gpio_direction_output() for the first time, we first set the
desired value in IOSTATE, and then we configure the pin as an output.
The datasheet states that writing to IOSTATE register will trigger a
transfer of the value to the I/O pin configured as output, so if the
pin is configured as an input, nothing will be transferred.
Therefore, set the direction first in IODIR, and then set the desired
value in IOSTATE.
This is what is done in NXP application note AN10587.
Fixes: dfeae619d781 ("serial: sc16is7xx")
Cc: stable@vger.kernel.org
Signed-off-by: Hugo Villeneuve <hvilleneuve@dimonoff.com>
Reviewed-by: Lech Perczak <lech.perczak@camlingroup.com>
Tested-by: Lech Perczak <lech.perczak@camlingroup.com>
Link: https://lore.kernel.org/r/20230807214556.540627-6-hugo@hugovil.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/tty/serial/sc16is7xx.c | 11 ++++++++++-
1 file changed, 10 insertions(+), 1 deletion(-)
--- a/drivers/tty/serial/sc16is7xx.c
+++ b/drivers/tty/serial/sc16is7xx.c
@@ -1166,9 +1166,18 @@ static int sc16is7xx_gpio_direction_outp
state |= BIT(offset);
else
state &= ~BIT(offset);
- sc16is7xx_port_write(port, SC16IS7XX_IOSTATE_REG, state);
+
+ /*
+ * If we write IOSTATE first, and then IODIR, the output value is not
+ * transferred to the corresponding I/O pin.
+ * The datasheet states that each register bit will be transferred to
+ * the corresponding I/O pin programmed as output when writing to
+ * IOSTATE. Therefore, configure direction first with IODIR, and then
+ * set value after with IOSTATE.
+ */
sc16is7xx_port_update(port, SC16IS7XX_IODIR_REG, BIT(offset),
BIT(offset));
+ sc16is7xx_port_write(port, SC16IS7XX_IOSTATE_REG, state);
return 0;
}
^ permalink raw reply [flat|nested] 396+ messages in thread
* [PATCH 5.4 013/367] firmware: stratix10-svc: Fix an NULL vs IS_ERR() bug in probe
2023-09-20 11:26 [PATCH 5.4 000/367] 5.4.257-rc1 review Greg Kroah-Hartman
` (11 preceding siblings ...)
2023-09-20 11:26 ` [PATCH 5.4 012/367] serial: sc16is7xx: fix bug when first setting GPIO direction Greg Kroah-Hartman
@ 2023-09-20 11:26 ` Greg Kroah-Hartman
2023-09-20 11:26 ` [PATCH 5.4 014/367] fsi: master-ast-cf: Add MODULE_FIRMWARE macro Greg Kroah-Hartman
` (359 subsequent siblings)
372 siblings, 0 replies; 396+ messages in thread
From: Greg Kroah-Hartman @ 2023-09-20 11:26 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Wang Ming, Dinh Nguyen
5.4-stable review patch. If anyone has any objections, please let me know.
------------------
From: Wang Ming <machel@vivo.com>
commit dd218433f2b635d97e8fda3eed047151fd528ce4 upstream.
The devm_memremap() function returns error pointers.
It never returns NULL. Fix the check.
Fixes: 7ca5ce896524 ("firmware: add Intel Stratix10 service layer driver")
Cc: stable@vger.kernel.org
Signed-off-by: Wang Ming <machel@vivo.com>
Signed-off-by: Dinh Nguyen <dinguyen@kernel.org>
Link: https://lore.kernel.org/r/20230727193750.983795-1-dinguyen@kernel.org
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/firmware/stratix10-svc.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/drivers/firmware/stratix10-svc.c
+++ b/drivers/firmware/stratix10-svc.c
@@ -616,7 +616,7 @@ svc_create_memory_pool(struct platform_d
paddr = begin;
size = end - begin;
va = devm_memremap(dev, paddr, size, MEMREMAP_WC);
- if (!va) {
+ if (IS_ERR(va)) {
dev_err(dev, "fail to remap shared memory\n");
return ERR_PTR(-EINVAL);
}
^ permalink raw reply [flat|nested] 396+ messages in thread
* [PATCH 5.4 014/367] fsi: master-ast-cf: Add MODULE_FIRMWARE macro
2023-09-20 11:26 [PATCH 5.4 000/367] 5.4.257-rc1 review Greg Kroah-Hartman
` (12 preceding siblings ...)
2023-09-20 11:26 ` [PATCH 5.4 013/367] firmware: stratix10-svc: Fix an NULL vs IS_ERR() bug in probe Greg Kroah-Hartman
@ 2023-09-20 11:26 ` Greg Kroah-Hartman
2023-09-20 11:26 ` [PATCH 5.4 015/367] nilfs2: fix general protection fault in nilfs_lookup_dirty_data_buffers() Greg Kroah-Hartman
` (358 subsequent siblings)
372 siblings, 0 replies; 396+ messages in thread
From: Greg Kroah-Hartman @ 2023-09-20 11:26 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Juerg Haefliger, Joel Stanley
5.4-stable review patch. If anyone has any objections, please let me know.
------------------
From: Juerg Haefliger <juerg.haefliger@canonical.com>
commit 3a1d7aff6e65ad6e285e28abe55abbfd484997ee upstream.
The module loads firmware so add a MODULE_FIRMWARE macro to provide that
information via modinfo.
Fixes: 6a794a27daca ("fsi: master-ast-cf: Add new FSI master using Aspeed ColdFire")
Cc: stable@vger.kernel.org # 4.19+
Signed-off-by: Juerg Haefliger <juerg.haefliger@canonical.com>
Link: https://lore.kernel.org/r/20230628095039.26218-1-juerg.haefliger@canonical.com
Signed-off-by: Joel Stanley <joel@jms.id.au>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/fsi/fsi-master-ast-cf.c | 1 +
1 file changed, 1 insertion(+)
--- a/drivers/fsi/fsi-master-ast-cf.c
+++ b/drivers/fsi/fsi-master-ast-cf.c
@@ -1438,3 +1438,4 @@ static struct platform_driver fsi_master
module_platform_driver(fsi_master_acf);
MODULE_LICENSE("GPL");
+MODULE_FIRMWARE(FW_FILE_NAME);
^ permalink raw reply [flat|nested] 396+ messages in thread
* [PATCH 5.4 015/367] nilfs2: fix general protection fault in nilfs_lookup_dirty_data_buffers()
2023-09-20 11:26 [PATCH 5.4 000/367] 5.4.257-rc1 review Greg Kroah-Hartman
` (13 preceding siblings ...)
2023-09-20 11:26 ` [PATCH 5.4 014/367] fsi: master-ast-cf: Add MODULE_FIRMWARE macro Greg Kroah-Hartman
@ 2023-09-20 11:26 ` Greg Kroah-Hartman
2023-09-20 11:26 ` [PATCH 5.4 016/367] nilfs2: fix WARNING in mark_buffer_dirty due to discarded buffer reuse Greg Kroah-Hartman
` (357 subsequent siblings)
372 siblings, 0 replies; 396+ messages in thread
From: Greg Kroah-Hartman @ 2023-09-20 11:26 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Ryusuke Konishi,
syzbot+0ad741797f4565e7e2d2, Andrew Morton
5.4-stable review patch. If anyone has any objections, please let me know.
------------------
From: Ryusuke Konishi <konishi.ryusuke@gmail.com>
commit f83913f8c5b882a312e72b7669762f8a5c9385e4 upstream.
A syzbot stress test reported that create_empty_buffers() called from
nilfs_lookup_dirty_data_buffers() can cause a general protection fault.
Analysis using its reproducer revealed that the back reference "mapping"
from a page/folio has been changed to NULL after dirty page/folio gang
lookup in nilfs_lookup_dirty_data_buffers().
Fix this issue by excluding pages/folios from being collected if, after
acquiring a lock on each page/folio, its back reference "mapping" differs
from the pointer to the address space struct that held the page/folio.
Link: https://lkml.kernel.org/r/20230805132038.6435-1-konishi.ryusuke@gmail.com
Signed-off-by: Ryusuke Konishi <konishi.ryusuke@gmail.com>
Reported-by: syzbot+0ad741797f4565e7e2d2@syzkaller.appspotmail.com
Closes: https://lkml.kernel.org/r/0000000000002930a705fc32b231@google.com
Tested-by: Ryusuke Konishi <konishi.ryusuke@gmail.com>
Cc: <stable@vger.kernel.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Ryusuke Konishi <konishi.ryusuke@gmail.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/nilfs2/segment.c | 5 +++++
fs/nilfs2/segment.c | 5 +++++
1 file changed, 5 insertions(+)
--- a/fs/nilfs2/segment.c
+++ b/fs/nilfs2/segment.c
@@ -730,6 +730,11 @@ static size_t nilfs_lookup_dirty_data_bu
struct page *page = pvec.pages[i];
lock_page(page);
+ if (unlikely(page->mapping != mapping)) {
+ /* Exclude pages removed from the address space */
+ unlock_page(page);
+ continue;
+ }
if (!page_has_buffers(page))
create_empty_buffers(page, i_blocksize(inode), 0);
unlock_page(page);
^ permalink raw reply [flat|nested] 396+ messages in thread
* [PATCH 5.4 016/367] nilfs2: fix WARNING in mark_buffer_dirty due to discarded buffer reuse
2023-09-20 11:26 [PATCH 5.4 000/367] 5.4.257-rc1 review Greg Kroah-Hartman
` (14 preceding siblings ...)
2023-09-20 11:26 ` [PATCH 5.4 015/367] nilfs2: fix general protection fault in nilfs_lookup_dirty_data_buffers() Greg Kroah-Hartman
@ 2023-09-20 11:26 ` Greg Kroah-Hartman
2023-09-20 11:26 ` [PATCH 5.4 017/367] pinctrl: amd: Dont show `Invalid config param` errors Greg Kroah-Hartman
` (356 subsequent siblings)
372 siblings, 0 replies; 396+ messages in thread
From: Greg Kroah-Hartman @ 2023-09-20 11:26 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Ryusuke Konishi,
syzbot+cdfcae656bac88ba0e2d, Andrew Morton
5.4-stable review patch. If anyone has any objections, please let me know.
------------------
From: Ryusuke Konishi <konishi.ryusuke@gmail.com>
commit cdaac8e7e5a059f9b5e816cda257f08d0abffacd upstream.
A syzbot stress test using a corrupted disk image reported that
mark_buffer_dirty() called from __nilfs_mark_inode_dirty() or
nilfs_palloc_commit_alloc_entry() may output a kernel warning, and can
panic if the kernel is booted with panic_on_warn.
This is because nilfs2 keeps buffer pointers in local structures for some
metadata and reuses them, but such buffers may be forcibly discarded by
nilfs_clear_dirty_page() in some critical situations.
This issue is reported to appear after commit 28a65b49eb53 ("nilfs2: do
not write dirty data after degenerating to read-only"), but the issue has
potentially existed before.
Fix this issue by checking the uptodate flag when attempting to reuse an
internally held buffer, and reloading the metadata instead of reusing the
buffer if the flag was lost.
Link: https://lkml.kernel.org/r/20230818131804.7758-1-konishi.ryusuke@gmail.com
Signed-off-by: Ryusuke Konishi <konishi.ryusuke@gmail.com>
Reported-by: syzbot+cdfcae656bac88ba0e2d@syzkaller.appspotmail.com
Closes: https://lkml.kernel.org/r/0000000000003da75f05fdeffd12@google.com
Fixes: 8c26c4e2694a ("nilfs2: fix issue with flush kernel thread after remount in RO mode because of driver's internal error or metadata corruption")
Tested-by: Ryusuke Konishi <konishi.ryusuke@gmail.com>
Cc: <stable@vger.kernel.org> # 3.10+
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/nilfs2/alloc.c | 3 ++-
fs/nilfs2/inode.c | 7 +++++--
2 files changed, 7 insertions(+), 3 deletions(-)
--- a/fs/nilfs2/alloc.c
+++ b/fs/nilfs2/alloc.c
@@ -205,7 +205,8 @@ static int nilfs_palloc_get_block(struct
int ret;
spin_lock(lock);
- if (prev->bh && blkoff == prev->blkoff) {
+ if (prev->bh && blkoff == prev->blkoff &&
+ likely(buffer_uptodate(prev->bh))) {
get_bh(prev->bh);
*bhp = prev->bh;
spin_unlock(lock);
--- a/fs/nilfs2/inode.c
+++ b/fs/nilfs2/inode.c
@@ -1036,7 +1036,7 @@ int nilfs_load_inode_block(struct inode
int err;
spin_lock(&nilfs->ns_inode_lock);
- if (ii->i_bh == NULL) {
+ if (ii->i_bh == NULL || unlikely(!buffer_uptodate(ii->i_bh))) {
spin_unlock(&nilfs->ns_inode_lock);
err = nilfs_ifile_get_inode_block(ii->i_root->ifile,
inode->i_ino, pbh);
@@ -1045,7 +1045,10 @@ int nilfs_load_inode_block(struct inode
spin_lock(&nilfs->ns_inode_lock);
if (ii->i_bh == NULL)
ii->i_bh = *pbh;
- else {
+ else if (unlikely(!buffer_uptodate(ii->i_bh))) {
+ __brelse(ii->i_bh);
+ ii->i_bh = *pbh;
+ } else {
brelse(*pbh);
*pbh = ii->i_bh;
}
^ permalink raw reply [flat|nested] 396+ messages in thread
* [PATCH 5.4 017/367] pinctrl: amd: Dont show `Invalid config param` errors
2023-09-20 11:26 [PATCH 5.4 000/367] 5.4.257-rc1 review Greg Kroah-Hartman
` (15 preceding siblings ...)
2023-09-20 11:26 ` [PATCH 5.4 016/367] nilfs2: fix WARNING in mark_buffer_dirty due to discarded buffer reuse Greg Kroah-Hartman
@ 2023-09-20 11:26 ` Greg Kroah-Hartman
2023-09-20 11:26 ` [PATCH 5.4 018/367] 9p: virtio: make sure offs is initialized in zc_request Greg Kroah-Hartman
` (355 subsequent siblings)
372 siblings, 0 replies; 396+ messages in thread
From: Greg Kroah-Hartman @ 2023-09-20 11:26 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Mario Limonciello, Linus Walleij
5.4-stable review patch. If anyone has any objections, please let me know.
------------------
From: Mario Limonciello <mario.limonciello@amd.com>
commit 87b549efcb0f7934b0916d2a00607a878b6f1e0f upstream.
On some systems amd_pinconf_set() is called with parameters
0x8 (PIN_CONFIG_DRIVE_PUSH_PULL) or 0x14 (PIN_CONFIG_PERSIST_STATE)
which are not supported by pinctrl-amd.
Don't show an err message when called with an invalid parameter,
downgrade this to debug instead.
Cc: stable@vger.kernel.org # 6.1
Fixes: 635a750d958e1 ("pinctrl: amd: Use amd_pinconf_set() for all config options")
Signed-off-by: Mario Limonciello <mario.limonciello@amd.com>
Link: https://lore.kernel.org/r/20230717201652.17168-1-mario.limonciello@amd.com
Signed-off-by: Linus Walleij <linus.walleij@linaro.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/pinctrl/pinctrl-amd.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
--- a/drivers/pinctrl/pinctrl-amd.c
+++ b/drivers/pinctrl/pinctrl-amd.c
@@ -659,7 +659,7 @@ static int amd_pinconf_get(struct pinctr
break;
default:
- dev_err(&gpio_dev->pdev->dev, "Invalid config param %04x\n",
+ dev_dbg(&gpio_dev->pdev->dev, "Invalid config param %04x\n",
param);
return -ENOTSUPP;
}
@@ -712,7 +712,7 @@ static int amd_pinconf_set(struct pinctr
break;
default:
- dev_err(&gpio_dev->pdev->dev,
+ dev_dbg(&gpio_dev->pdev->dev,
"Invalid config param %04x\n", param);
ret = -ENOTSUPP;
}
^ permalink raw reply [flat|nested] 396+ messages in thread
* [PATCH 5.4 018/367] 9p: virtio: make sure offs is initialized in zc_request
2023-09-20 11:26 [PATCH 5.4 000/367] 5.4.257-rc1 review Greg Kroah-Hartman
` (16 preceding siblings ...)
2023-09-20 11:26 ` [PATCH 5.4 017/367] pinctrl: amd: Dont show `Invalid config param` errors Greg Kroah-Hartman
@ 2023-09-20 11:26 ` Greg Kroah-Hartman
2023-09-20 11:26 ` [PATCH 5.4 019/367] ASoC: da7219: Flush pending AAD IRQ when suspending Greg Kroah-Hartman
` (354 subsequent siblings)
372 siblings, 0 replies; 396+ messages in thread
From: Greg Kroah-Hartman @ 2023-09-20 11:26 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Simon Horman, Dominique Martinet,
Eric Van Hensbergen, Sasha Levin
5.4-stable review patch. If anyone has any objections, please let me know.
------------------
From: Dominique Martinet <asmadeus@codewreck.org>
[ Upstream commit 4a73edab69d3a6623f03817fe950a2d9585f80e4 ]
Similarly to the previous patch: offs can be used in handle_rerrors
without initializing on small payloads; in this case handle_rerrors will
not use it because of the size check, but it doesn't hurt to make sure
it is zero to please scan-build.
This fixes the following warning:
net/9p/trans_virtio.c:539:3: warning: 3rd function call argument is an uninitialized value [core.CallAndMessage]
handle_rerror(req, in_hdr_len, offs, in_pages);
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Reviewed-by: Simon Horman <simon.horman@corigine.com>
Signed-off-by: Dominique Martinet <asmadeus@codewreck.org>
Signed-off-by: Eric Van Hensbergen <ericvh@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
net/9p/trans_virtio.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/net/9p/trans_virtio.c b/net/9p/trans_virtio.c
index f582351d84ecb..36b5f72e2165c 100644
--- a/net/9p/trans_virtio.c
+++ b/net/9p/trans_virtio.c
@@ -394,7 +394,7 @@ p9_virtio_zc_request(struct p9_client *client, struct p9_req_t *req,
struct page **in_pages = NULL, **out_pages = NULL;
struct virtio_chan *chan = client->trans;
struct scatterlist *sgs[4];
- size_t offs;
+ size_t offs = 0;
int need_drop = 0;
int kicked = 0;
--
2.40.1
^ permalink raw reply related [flat|nested] 396+ messages in thread
* [PATCH 5.4 019/367] ASoC: da7219: Flush pending AAD IRQ when suspending
2023-09-20 11:26 [PATCH 5.4 000/367] 5.4.257-rc1 review Greg Kroah-Hartman
` (17 preceding siblings ...)
2023-09-20 11:26 ` [PATCH 5.4 018/367] 9p: virtio: make sure offs is initialized in zc_request Greg Kroah-Hartman
@ 2023-09-20 11:26 ` Greg Kroah-Hartman
2023-09-20 11:26 ` [PATCH 5.4 020/367] ASoC: da7219: Check for failure reading AAD IRQ events Greg Kroah-Hartman
` (353 subsequent siblings)
372 siblings, 0 replies; 396+ messages in thread
From: Greg Kroah-Hartman @ 2023-09-20 11:26 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Dmytro Maluka, Mark Brown, Sasha Levin
5.4-stable review patch. If anyone has any objections, please let me know.
------------------
From: Dmytro Maluka <dmy@semihalf.com>
[ Upstream commit 91e292917dad64ab8d1d5ca2ab3069ad9dac6f72 ]
da7219_aad_suspend() disables jack detection, which should prevent
generating new interrupts by DA7219 while suspended. However, there is a
theoretical possibility that there is a pending interrupt generated just
before suspending DA7219 and not handled yet, so the IRQ handler may
still run after DA7219 is suspended. To prevent that, wait until the
pending IRQ handling is done.
This patch arose as an attempt to fix the following I2C failure
occurring sometimes during system suspend or resume:
[ 355.876211] i2c_designware i2c_designware.3: Transfer while suspended
[ 355.876245] WARNING: CPU: 2 PID: 3576 at drivers/i2c/busses/i2c-designware-master.c:570 i2c_dw_xfer+0x411/0x440
...
[ 355.876462] Call Trace:
[ 355.876468] <TASK>
[ 355.876475] ? update_load_avg+0x1b3/0x615
[ 355.876484] __i2c_transfer+0x101/0x1d8
[ 355.876494] i2c_transfer+0x74/0x10d
[ 355.876504] regmap_i2c_read+0x6a/0x9c
[ 355.876513] _regmap_raw_read+0x179/0x223
[ 355.876521] regmap_raw_read+0x1e1/0x28e
[ 355.876527] regmap_bulk_read+0x17d/0x1ba
[ 355.876532] ? __wake_up+0xed/0x1bb
[ 355.876542] da7219_aad_irq_thread+0x54/0x2c9 [snd_soc_da7219 5fb8ebb2179cf2fea29af090f3145d68ed8e2184]
[ 355.876556] irq_thread+0x13c/0x231
[ 355.876563] ? irq_forced_thread_fn+0x5f/0x5f
[ 355.876570] ? irq_thread_fn+0x4d/0x4d
[ 355.876576] kthread+0x13a/0x152
[ 355.876581] ? synchronize_irq+0xc3/0xc3
[ 355.876587] ? kthread_blkcg+0x31/0x31
[ 355.876592] ret_from_fork+0x1f/0x30
[ 355.876601] </TASK>
which indicates that the AAD IRQ handler is unexpectedly running when
DA7219 is suspended, and as a result, is trying to read data from DA7219
over I2C and is hitting the I2C driver "Transfer while suspended"
failure.
However, with this patch the above failure is still reproducible. So
this patch does not fix any real observed issue so far, but at least is
useful for confirming that the above issue is not caused by a pending
IRQ but rather looks like a DA7219 hardware issue with an IRQ
unexpectedly generated after jack detection is already disabled.
Signed-off-by: Dmytro Maluka <dmy@semihalf.com>
Link: https://lore.kernel.org/r/20230717193737.161784-2-dmy@semihalf.com
Signed-off-by: Mark Brown <broonie@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
sound/soc/codecs/da7219-aad.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/sound/soc/codecs/da7219-aad.c b/sound/soc/codecs/da7219-aad.c
index 4f2a96e9fd45b..a652f154d8e52 100644
--- a/sound/soc/codecs/da7219-aad.c
+++ b/sound/soc/codecs/da7219-aad.c
@@ -855,6 +855,8 @@ void da7219_aad_suspend(struct snd_soc_component *component)
}
}
}
+
+ synchronize_irq(da7219_aad->irq);
}
void da7219_aad_resume(struct snd_soc_component *component)
--
2.40.1
^ permalink raw reply related [flat|nested] 396+ messages in thread
* [PATCH 5.4 020/367] ASoC: da7219: Check for failure reading AAD IRQ events
2023-09-20 11:26 [PATCH 5.4 000/367] 5.4.257-rc1 review Greg Kroah-Hartman
` (18 preceding siblings ...)
2023-09-20 11:26 ` [PATCH 5.4 019/367] ASoC: da7219: Flush pending AAD IRQ when suspending Greg Kroah-Hartman
@ 2023-09-20 11:26 ` Greg Kroah-Hartman
2023-09-20 11:26 ` [PATCH 5.4 021/367] ethernet: atheros: fix return value check in atl1c_tso_csum() Greg Kroah-Hartman
` (352 subsequent siblings)
372 siblings, 0 replies; 396+ messages in thread
From: Greg Kroah-Hartman @ 2023-09-20 11:26 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Dmytro Maluka, Mark Brown, Sasha Levin
5.4-stable review patch. If anyone has any objections, please let me know.
------------------
From: Dmytro Maluka <dmy@semihalf.com>
[ Upstream commit f0691dc16206f21b13c464434366e2cd632b8ed7 ]
When handling an AAD interrupt, if IRQ events read failed (for example,
due to i2c "Transfer while suspended" failure, i.e. when attempting to
read it while DA7219 is suspended, which may happen due to a spurious
AAD interrupt), the events array contains garbage uninitialized values.
So instead of trying to interprete those values and doing any actions
based on them (potentially resulting in misbehavior, e.g. reporting
bogus events), refuse to handle the interrupt.
Signed-off-by: Dmytro Maluka <dmy@semihalf.com>
Link: https://lore.kernel.org/r/20230717193737.161784-3-dmy@semihalf.com
Signed-off-by: Mark Brown <broonie@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
sound/soc/codecs/da7219-aad.c | 10 +++++++---
1 file changed, 7 insertions(+), 3 deletions(-)
diff --git a/sound/soc/codecs/da7219-aad.c b/sound/soc/codecs/da7219-aad.c
index a652f154d8e52..befe26749bc2b 100644
--- a/sound/soc/codecs/da7219-aad.c
+++ b/sound/soc/codecs/da7219-aad.c
@@ -347,11 +347,15 @@ static irqreturn_t da7219_aad_irq_thread(int irq, void *data)
struct da7219_priv *da7219 = snd_soc_component_get_drvdata(component);
u8 events[DA7219_AAD_IRQ_REG_MAX];
u8 statusa;
- int i, report = 0, mask = 0;
+ int i, ret, report = 0, mask = 0;
/* Read current IRQ events */
- regmap_bulk_read(da7219->regmap, DA7219_ACCDET_IRQ_EVENT_A,
- events, DA7219_AAD_IRQ_REG_MAX);
+ ret = regmap_bulk_read(da7219->regmap, DA7219_ACCDET_IRQ_EVENT_A,
+ events, DA7219_AAD_IRQ_REG_MAX);
+ if (ret) {
+ dev_warn_ratelimited(component->dev, "Failed to read IRQ events: %d\n", ret);
+ return IRQ_NONE;
+ }
if (!events[DA7219_AAD_IRQ_REG_A] && !events[DA7219_AAD_IRQ_REG_B])
return IRQ_NONE;
--
2.40.1
^ permalink raw reply related [flat|nested] 396+ messages in thread
* [PATCH 5.4 021/367] ethernet: atheros: fix return value check in atl1c_tso_csum()
2023-09-20 11:26 [PATCH 5.4 000/367] 5.4.257-rc1 review Greg Kroah-Hartman
` (19 preceding siblings ...)
2023-09-20 11:26 ` [PATCH 5.4 020/367] ASoC: da7219: Check for failure reading AAD IRQ events Greg Kroah-Hartman
@ 2023-09-20 11:26 ` Greg Kroah-Hartman
2023-09-20 11:26 ` [PATCH 5.4 022/367] vxlan: generalize vxlan_parse_gpe_hdr and remove unused args Greg Kroah-Hartman
` (351 subsequent siblings)
372 siblings, 0 replies; 396+ messages in thread
From: Greg Kroah-Hartman @ 2023-09-20 11:26 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Yuanjun Gong, Simon Horman,
David S. Miller, Sasha Levin
5.4-stable review patch. If anyone has any objections, please let me know.
------------------
From: Yuanjun Gong <ruc_gongyuanjun@163.com>
[ Upstream commit 8d01da0a1db237c44c92859ce3612df7af8d3a53 ]
in atl1c_tso_csum, it should check the return value of pskb_trim(),
and return an error code if an unexpected value is returned
by pskb_trim().
Signed-off-by: Yuanjun Gong <ruc_gongyuanjun@163.com>
Reviewed-by: Simon Horman <simon.horman@corigine.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/ethernet/atheros/atl1c/atl1c_main.c | 7 +++++--
1 file changed, 5 insertions(+), 2 deletions(-)
diff --git a/drivers/net/ethernet/atheros/atl1c/atl1c_main.c b/drivers/net/ethernet/atheros/atl1c/atl1c_main.c
index 2b239ecea05f2..ff28dbf515747 100644
--- a/drivers/net/ethernet/atheros/atl1c/atl1c_main.c
+++ b/drivers/net/ethernet/atheros/atl1c/atl1c_main.c
@@ -1989,8 +1989,11 @@ static int atl1c_tso_csum(struct atl1c_adapter *adapter,
real_len = (((unsigned char *)ip_hdr(skb) - skb->data)
+ ntohs(ip_hdr(skb)->tot_len));
- if (real_len < skb->len)
- pskb_trim(skb, real_len);
+ if (real_len < skb->len) {
+ err = pskb_trim(skb, real_len);
+ if (err)
+ return err;
+ }
hdr_len = (skb_transport_offset(skb) + tcp_hdrlen(skb));
if (unlikely(skb->len == hdr_len)) {
--
2.40.1
^ permalink raw reply related [flat|nested] 396+ messages in thread
* [PATCH 5.4 022/367] vxlan: generalize vxlan_parse_gpe_hdr and remove unused args
2023-09-20 11:26 [PATCH 5.4 000/367] 5.4.257-rc1 review Greg Kroah-Hartman
` (20 preceding siblings ...)
2023-09-20 11:26 ` [PATCH 5.4 021/367] ethernet: atheros: fix return value check in atl1c_tso_csum() Greg Kroah-Hartman
@ 2023-09-20 11:26 ` Greg Kroah-Hartman
2023-09-20 11:26 ` [PATCH 5.4 023/367] m68k: Fix invalid .section syntax Greg Kroah-Hartman
` (350 subsequent siblings)
372 siblings, 0 replies; 396+ messages in thread
From: Greg Kroah-Hartman @ 2023-09-20 11:26 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Jiri Benc, David S. Miller, Sasha Levin
5.4-stable review patch. If anyone has any objections, please let me know.
------------------
From: Jiri Benc <jbenc@redhat.com>
[ Upstream commit 17a0a64448b568442a101de09575f81ffdc45d15 ]
The vxlan_parse_gpe_hdr function extracts the next protocol value from
the GPE header and marks GPE bits as parsed.
In order to be used in the next patch, split the function into protocol
extraction and bit marking. The bit marking is meaningful only in
vxlan_rcv; move it directly there.
Rename the function to vxlan_parse_gpe_proto to reflect what it now
does. Remove unused arguments skb and vxflags. Move the function earlier
in the file to allow it to be called from more places in the next patch.
Signed-off-by: Jiri Benc <jbenc@redhat.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/vxlan.c | 58 ++++++++++++++++++++++-----------------------
1 file changed, 28 insertions(+), 30 deletions(-)
diff --git a/drivers/net/vxlan.c b/drivers/net/vxlan.c
index 1e3e075454f33..8808a6540b190 100644
--- a/drivers/net/vxlan.c
+++ b/drivers/net/vxlan.c
@@ -698,6 +698,32 @@ static int vxlan_fdb_append(struct vxlan_fdb *f,
return 1;
}
+static bool vxlan_parse_gpe_proto(struct vxlanhdr *hdr, __be16 *protocol)
+{
+ struct vxlanhdr_gpe *gpe = (struct vxlanhdr_gpe *)hdr;
+
+ /* Need to have Next Protocol set for interfaces in GPE mode. */
+ if (!gpe->np_applied)
+ return false;
+ /* "The initial version is 0. If a receiver does not support the
+ * version indicated it MUST drop the packet.
+ */
+ if (gpe->version != 0)
+ return false;
+ /* "When the O bit is set to 1, the packet is an OAM packet and OAM
+ * processing MUST occur." However, we don't implement OAM
+ * processing, thus drop the packet.
+ */
+ if (gpe->oam_flag)
+ return false;
+
+ *protocol = tun_p_to_eth_p(gpe->next_protocol);
+ if (!*protocol)
+ return false;
+
+ return true;
+}
+
static struct vxlanhdr *vxlan_gro_remcsum(struct sk_buff *skb,
unsigned int off,
struct vxlanhdr *vh, size_t hdrlen,
@@ -1564,35 +1590,6 @@ static void vxlan_parse_gbp_hdr(struct vxlanhdr *unparsed,
unparsed->vx_flags &= ~VXLAN_GBP_USED_BITS;
}
-static bool vxlan_parse_gpe_hdr(struct vxlanhdr *unparsed,
- __be16 *protocol,
- struct sk_buff *skb, u32 vxflags)
-{
- struct vxlanhdr_gpe *gpe = (struct vxlanhdr_gpe *)unparsed;
-
- /* Need to have Next Protocol set for interfaces in GPE mode. */
- if (!gpe->np_applied)
- return false;
- /* "The initial version is 0. If a receiver does not support the
- * version indicated it MUST drop the packet.
- */
- if (gpe->version != 0)
- return false;
- /* "When the O bit is set to 1, the packet is an OAM packet and OAM
- * processing MUST occur." However, we don't implement OAM
- * processing, thus drop the packet.
- */
- if (gpe->oam_flag)
- return false;
-
- *protocol = tun_p_to_eth_p(gpe->next_protocol);
- if (!*protocol)
- return false;
-
- unparsed->vx_flags &= ~VXLAN_GPE_USED_BITS;
- return true;
-}
-
static bool vxlan_set_mac(struct vxlan_dev *vxlan,
struct vxlan_sock *vs,
struct sk_buff *skb, __be32 vni)
@@ -1694,8 +1691,9 @@ static int vxlan_rcv(struct sock *sk, struct sk_buff *skb)
* used by VXLAN extensions if explicitly requested.
*/
if (vs->flags & VXLAN_F_GPE) {
- if (!vxlan_parse_gpe_hdr(&unparsed, &protocol, skb, vs->flags))
+ if (!vxlan_parse_gpe_proto(&unparsed, &protocol))
goto drop;
+ unparsed.vx_flags &= ~VXLAN_GPE_USED_BITS;
raw_proto = true;
}
--
2.40.1
^ permalink raw reply related [flat|nested] 396+ messages in thread
* [PATCH 5.4 023/367] m68k: Fix invalid .section syntax
2023-09-20 11:26 [PATCH 5.4 000/367] 5.4.257-rc1 review Greg Kroah-Hartman
` (21 preceding siblings ...)
2023-09-20 11:26 ` [PATCH 5.4 022/367] vxlan: generalize vxlan_parse_gpe_hdr and remove unused args Greg Kroah-Hartman
@ 2023-09-20 11:26 ` Greg Kroah-Hartman
2023-09-20 11:26 ` [PATCH 5.4 024/367] s390/dasd: use correct number of retries for ERP requests Greg Kroah-Hartman
` (349 subsequent siblings)
372 siblings, 0 replies; 396+ messages in thread
From: Greg Kroah-Hartman @ 2023-09-20 11:26 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Ben Hutchings, Jan-Benedict Glaw,
Geert Uytterhoeven, Sasha Levin
5.4-stable review patch. If anyone has any objections, please let me know.
------------------
From: Ben Hutchings <benh@debian.org>
[ Upstream commit 922a9bd138101e3e5718f0f4d40dba68ef89bb43 ]
gas supports several different forms for .section for ELF targets,
including:
.section NAME [, "FLAGS"[, @TYPE[,FLAG_SPECIFIC_ARGUMENTS]]]
and:
.section "NAME"[, #FLAGS...]
In several places we use a mix of these two forms:
.section NAME, #FLAGS...
A current development snapshot of binutils (2.40.50.20230611) treats
this mixed syntax as an error.
Change to consistently use:
.section NAME, "FLAGS"
as is used elsewhere in the kernel.
Link: https://buildd.debian.org/status/fetch.php?pkg=linux&arch=m68k&ver=6.4%7Erc6-1%7Eexp1&stamp=1686907300&raw=1
Signed-off-by: Ben Hutchings <benh@debian.org>
Tested-by: Jan-Benedict Glaw <jbglaw@lug-owl.de>
Link: https://lore.kernel.org/r/ZIyBaueWT9jnTwRC@decadent.org.uk
Signed-off-by: Geert Uytterhoeven <geert@linux-m68k.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/m68k/fpsp040/skeleton.S | 4 ++--
arch/m68k/ifpsp060/os.S | 4 ++--
arch/m68k/kernel/relocate_kernel.S | 4 ++--
3 files changed, 6 insertions(+), 6 deletions(-)
diff --git a/arch/m68k/fpsp040/skeleton.S b/arch/m68k/fpsp040/skeleton.S
index a8f41615d94a7..31a9c634c81ed 100644
--- a/arch/m68k/fpsp040/skeleton.S
+++ b/arch/m68k/fpsp040/skeleton.S
@@ -499,12 +499,12 @@ in_ea:
dbf %d0,morein
rts
- .section .fixup,#alloc,#execinstr
+ .section .fixup,"ax"
.even
1:
jbra fpsp040_die
- .section __ex_table,#alloc
+ .section __ex_table,"a"
.align 4
.long in_ea,1b
diff --git a/arch/m68k/ifpsp060/os.S b/arch/m68k/ifpsp060/os.S
index 7a0d6e4280665..89e2ec224ab6c 100644
--- a/arch/m68k/ifpsp060/os.S
+++ b/arch/m68k/ifpsp060/os.S
@@ -379,11 +379,11 @@ _060_real_access:
| Execption handling for movs access to illegal memory
- .section .fixup,#alloc,#execinstr
+ .section .fixup,"ax"
.even
1: moveq #-1,%d1
rts
-.section __ex_table,#alloc
+.section __ex_table,"a"
.align 4
.long dmrbuae,1b
.long dmrwuae,1b
diff --git a/arch/m68k/kernel/relocate_kernel.S b/arch/m68k/kernel/relocate_kernel.S
index ab0f1e7d46535..f7667079e08e9 100644
--- a/arch/m68k/kernel/relocate_kernel.S
+++ b/arch/m68k/kernel/relocate_kernel.S
@@ -26,7 +26,7 @@ ENTRY(relocate_new_kernel)
lea %pc@(.Lcopy),%a4
2: addl #0x00000000,%a4 /* virt_to_phys() */
- .section ".m68k_fixup","aw"
+ .section .m68k_fixup,"aw"
.long M68K_FIXUP_MEMOFFSET, 2b+2
.previous
@@ -49,7 +49,7 @@ ENTRY(relocate_new_kernel)
lea %pc@(.Lcont040),%a4
5: addl #0x00000000,%a4 /* virt_to_phys() */
- .section ".m68k_fixup","aw"
+ .section .m68k_fixup,"aw"
.long M68K_FIXUP_MEMOFFSET, 5b+2
.previous
--
2.40.1
^ permalink raw reply related [flat|nested] 396+ messages in thread
* [PATCH 5.4 024/367] s390/dasd: use correct number of retries for ERP requests
2023-09-20 11:26 [PATCH 5.4 000/367] 5.4.257-rc1 review Greg Kroah-Hartman
` (22 preceding siblings ...)
2023-09-20 11:26 ` [PATCH 5.4 023/367] m68k: Fix invalid .section syntax Greg Kroah-Hartman
@ 2023-09-20 11:26 ` Greg Kroah-Hartman
2023-09-20 11:26 ` [PATCH 5.4 025/367] s390/dasd: fix hanging device after request requeue Greg Kroah-Hartman
` (348 subsequent siblings)
372 siblings, 0 replies; 396+ messages in thread
From: Greg Kroah-Hartman @ 2023-09-20 11:26 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Stefan Haberland, Jan Hoeppner,
Jens Axboe, Sasha Levin
5.4-stable review patch. If anyone has any objections, please let me know.
------------------
From: Stefan Haberland <sth@linux.ibm.com>
[ Upstream commit acea28a6b74f458defda7417d2217b051ba7d444 ]
If a DASD request fails an error recovery procedure (ERP) request might
be built as a copy of the original request to do error recovery.
The ERP request gets a number of retries assigned.
This number is always 256 no matter what other value might have been set
for the original request. This is not what is expected when a user
specifies a certain amount of retries for the device via sysfs.
Correctly use the number of retries of the original request for ERP
requests.
Signed-off-by: Stefan Haberland <sth@linux.ibm.com>
Reviewed-by: Jan Hoeppner <hoeppner@linux.ibm.com>
Link: https://lore.kernel.org/r/20230721193647.3889634-3-sth@linux.ibm.com
Signed-off-by: Jens Axboe <axboe@kernel.dk>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/s390/block/dasd_3990_erp.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/s390/block/dasd_3990_erp.c b/drivers/s390/block/dasd_3990_erp.c
index ee73b0607e47c..8598c792ded30 100644
--- a/drivers/s390/block/dasd_3990_erp.c
+++ b/drivers/s390/block/dasd_3990_erp.c
@@ -2436,7 +2436,7 @@ static struct dasd_ccw_req *dasd_3990_erp_add_erp(struct dasd_ccw_req *cqr)
erp->block = cqr->block;
erp->magic = cqr->magic;
erp->expires = cqr->expires;
- erp->retries = 256;
+ erp->retries = device->default_retries;
erp->buildclk = get_tod_clock();
erp->status = DASD_CQR_FILLED;
--
2.40.1
^ permalink raw reply related [flat|nested] 396+ messages in thread
* [PATCH 5.4 025/367] s390/dasd: fix hanging device after request requeue
2023-09-20 11:26 [PATCH 5.4 000/367] 5.4.257-rc1 review Greg Kroah-Hartman
` (23 preceding siblings ...)
2023-09-20 11:26 ` [PATCH 5.4 024/367] s390/dasd: use correct number of retries for ERP requests Greg Kroah-Hartman
@ 2023-09-20 11:26 ` Greg Kroah-Hartman
2023-09-20 11:26 ` [PATCH 5.4 026/367] fs/nls: make load_nls() take a const parameter Greg Kroah-Hartman
` (347 subsequent siblings)
372 siblings, 0 replies; 396+ messages in thread
From: Greg Kroah-Hartman @ 2023-09-20 11:26 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Stefan Haberland, Jan Hoeppner,
Jens Axboe, Sasha Levin
5.4-stable review patch. If anyone has any objections, please let me know.
------------------
From: Stefan Haberland <sth@linux.ibm.com>
[ Upstream commit 8a2278ce9c25048d999fe1a3561def75d963f471 ]
The DASD device driver has a function to requeue requests to the
blocklayer.
This function is used in various cases when basic settings for the device
have to be changed like High Performance Ficon related parameters or copy
pair settings.
The functions iterates over the device->ccw_queue and also removes the
requests from the block->ccw_queue.
In case the device is started on an alias device instead of the base
device it might be removed from the block->ccw_queue without having it
canceled properly before. This might lead to a hanging device since the
request is no longer on a queue and can not be handled properly.
Fix by iterating over the block->ccw_queue instead of the
device->ccw_queue. This will take care of all blocklayer related requests
and handle them on all associated DASD devices.
Signed-off-by: Stefan Haberland <sth@linux.ibm.com>
Reviewed-by: Jan Hoeppner <hoeppner@linux.ibm.com>
Link: https://lore.kernel.org/r/20230721193647.3889634-4-sth@linux.ibm.com
Signed-off-by: Jens Axboe <axboe@kernel.dk>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/s390/block/dasd.c | 125 +++++++++++++++-----------------------
1 file changed, 48 insertions(+), 77 deletions(-)
diff --git a/drivers/s390/block/dasd.c b/drivers/s390/block/dasd.c
index 187565830b5b4..58027cdc58e3e 100644
--- a/drivers/s390/block/dasd.c
+++ b/drivers/s390/block/dasd.c
@@ -2985,41 +2985,32 @@ static void _dasd_wake_block_flush_cb(struct dasd_ccw_req *cqr, void *data)
* Requeue a request back to the block request queue
* only works for block requests
*/
-static int _dasd_requeue_request(struct dasd_ccw_req *cqr)
+static void _dasd_requeue_request(struct dasd_ccw_req *cqr)
{
- struct dasd_block *block = cqr->block;
struct request *req;
- if (!block)
- return -EINVAL;
/*
* If the request is an ERP request there is nothing to requeue.
* This will be done with the remaining original request.
*/
if (cqr->refers)
- return 0;
+ return;
spin_lock_irq(&cqr->dq->lock);
req = (struct request *) cqr->callback_data;
blk_mq_requeue_request(req, true);
spin_unlock_irq(&cqr->dq->lock);
- return 0;
+ return;
}
-/*
- * Go through all request on the dasd_block request queue, cancel them
- * on the respective dasd_device, and return them to the generic
- * block layer.
- */
-static int dasd_flush_block_queue(struct dasd_block *block)
+static int _dasd_requests_to_flushqueue(struct dasd_block *block,
+ struct list_head *flush_queue)
{
struct dasd_ccw_req *cqr, *n;
- int rc, i;
- struct list_head flush_queue;
unsigned long flags;
+ int rc, i;
- INIT_LIST_HEAD(&flush_queue);
- spin_lock_bh(&block->queue_lock);
+ spin_lock_irqsave(&block->queue_lock, flags);
rc = 0;
restart:
list_for_each_entry_safe(cqr, n, &block->ccw_queue, blocklist) {
@@ -3034,13 +3025,32 @@ static int dasd_flush_block_queue(struct dasd_block *block)
* is returned from the dasd_device layer.
*/
cqr->callback = _dasd_wake_block_flush_cb;
- for (i = 0; cqr != NULL; cqr = cqr->refers, i++)
- list_move_tail(&cqr->blocklist, &flush_queue);
+ for (i = 0; cqr; cqr = cqr->refers, i++)
+ list_move_tail(&cqr->blocklist, flush_queue);
if (i > 1)
/* moved more than one request - need to restart */
goto restart;
}
- spin_unlock_bh(&block->queue_lock);
+ spin_unlock_irqrestore(&block->queue_lock, flags);
+
+ return rc;
+}
+
+/*
+ * Go through all request on the dasd_block request queue, cancel them
+ * on the respective dasd_device, and return them to the generic
+ * block layer.
+ */
+static int dasd_flush_block_queue(struct dasd_block *block)
+{
+ struct dasd_ccw_req *cqr, *n;
+ struct list_head flush_queue;
+ unsigned long flags;
+ int rc;
+
+ INIT_LIST_HEAD(&flush_queue);
+ rc = _dasd_requests_to_flushqueue(block, &flush_queue);
+
/* Now call the callback function of flushed requests */
restart_cb:
list_for_each_entry_safe(cqr, n, &flush_queue, blocklist) {
@@ -3977,75 +3987,36 @@ EXPORT_SYMBOL_GPL(dasd_generic_space_avail);
*/
static int dasd_generic_requeue_all_requests(struct dasd_device *device)
{
+ struct dasd_block *block = device->block;
struct list_head requeue_queue;
struct dasd_ccw_req *cqr, *n;
- struct dasd_ccw_req *refers;
int rc;
- INIT_LIST_HEAD(&requeue_queue);
- spin_lock_irq(get_ccwdev_lock(device->cdev));
- rc = 0;
- list_for_each_entry_safe(cqr, n, &device->ccw_queue, devlist) {
- /* Check status and move request to flush_queue */
- if (cqr->status == DASD_CQR_IN_IO) {
- rc = device->discipline->term_IO(cqr);
- if (rc) {
- /* unable to terminate requeust */
- dev_err(&device->cdev->dev,
- "Unable to terminate request %p "
- "on suspend\n", cqr);
- spin_unlock_irq(get_ccwdev_lock(device->cdev));
- dasd_put_device(device);
- return rc;
- }
- }
- list_move_tail(&cqr->devlist, &requeue_queue);
- }
- spin_unlock_irq(get_ccwdev_lock(device->cdev));
-
- list_for_each_entry_safe(cqr, n, &requeue_queue, devlist) {
- wait_event(dasd_flush_wq,
- (cqr->status != DASD_CQR_CLEAR_PENDING));
+ if (!block)
+ return 0;
- /*
- * requeue requests to blocklayer will only work
- * for block device requests
- */
- if (_dasd_requeue_request(cqr))
- continue;
+ INIT_LIST_HEAD(&requeue_queue);
+ rc = _dasd_requests_to_flushqueue(block, &requeue_queue);
- /* remove requests from device and block queue */
- list_del_init(&cqr->devlist);
- while (cqr->refers != NULL) {
- refers = cqr->refers;
- /* remove the request from the block queue */
- list_del(&cqr->blocklist);
- /* free the finished erp request */
- dasd_free_erp_request(cqr, cqr->memdev);
- cqr = refers;
+ /* Now call the callback function of flushed requests */
+restart_cb:
+ list_for_each_entry_safe(cqr, n, &requeue_queue, blocklist) {
+ wait_event(dasd_flush_wq, (cqr->status < DASD_CQR_QUEUED));
+ /* Process finished ERP request. */
+ if (cqr->refers) {
+ spin_lock_bh(&block->queue_lock);
+ __dasd_process_erp(block->base, cqr);
+ spin_unlock_bh(&block->queue_lock);
+ /* restart list_for_xx loop since dasd_process_erp
+ * might remove multiple elements
+ */
+ goto restart_cb;
}
-
- /*
- * _dasd_requeue_request already checked for a valid
- * blockdevice, no need to check again
- * all erp requests (cqr->refers) have a cqr->block
- * pointer copy from the original cqr
- */
+ _dasd_requeue_request(cqr);
list_del_init(&cqr->blocklist);
cqr->block->base->discipline->free_cp(
cqr, (struct request *) cqr->callback_data);
}
-
- /*
- * if requests remain then they are internal request
- * and go back to the device queue
- */
- if (!list_empty(&requeue_queue)) {
- /* move freeze_queue to start of the ccw_queue */
- spin_lock_irq(get_ccwdev_lock(device->cdev));
- list_splice_tail(&requeue_queue, &device->ccw_queue);
- spin_unlock_irq(get_ccwdev_lock(device->cdev));
- }
dasd_schedule_device_bh(device);
return rc;
}
--
2.40.1
^ permalink raw reply related [flat|nested] 396+ messages in thread
* [PATCH 5.4 026/367] fs/nls: make load_nls() take a const parameter
2023-09-20 11:26 [PATCH 5.4 000/367] 5.4.257-rc1 review Greg Kroah-Hartman
` (24 preceding siblings ...)
2023-09-20 11:26 ` [PATCH 5.4 025/367] s390/dasd: fix hanging device after request requeue Greg Kroah-Hartman
@ 2023-09-20 11:26 ` Greg Kroah-Hartman
2023-09-20 11:26 ` [PATCH 5.4 027/367] ASoc: codecs: ES8316: Fix DMIC config Greg Kroah-Hartman
` (346 subsequent siblings)
372 siblings, 0 replies; 396+ messages in thread
From: Greg Kroah-Hartman @ 2023-09-20 11:26 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Stephen Rothwell, Winston Wen,
Paulo Alcantara, Christian Brauner, Steve French, Sasha Levin
5.4-stable review patch. If anyone has any objections, please let me know.
------------------
From: Winston Wen <wentao@uniontech.com>
[ Upstream commit c1ed39ec116272935528ca9b348b8ee79b0791da ]
load_nls() take a char * parameter, use it to find nls module in list or
construct the module name to load it.
This change make load_nls() take a const parameter, so we don't need do
some cast like this:
ses->local_nls = load_nls((char *)ctx->local_nls->charset);
Suggested-by: Stephen Rothwell <sfr@canb.auug.org.au>
Signed-off-by: Winston Wen <wentao@uniontech.com>
Reviewed-by: Paulo Alcantara <pc@manguebit.com>
Reviewed-by: Christian Brauner <brauner@kernel.org>
Signed-off-by: Steve French <stfrench@microsoft.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
fs/nls/nls_base.c | 4 ++--
include/linux/nls.h | 2 +-
2 files changed, 3 insertions(+), 3 deletions(-)
diff --git a/fs/nls/nls_base.c b/fs/nls/nls_base.c
index 52ccd34b1e792..a026dbd3593f6 100644
--- a/fs/nls/nls_base.c
+++ b/fs/nls/nls_base.c
@@ -272,7 +272,7 @@ int unregister_nls(struct nls_table * nls)
return -EINVAL;
}
-static struct nls_table *find_nls(char *charset)
+static struct nls_table *find_nls(const char *charset)
{
struct nls_table *nls;
spin_lock(&nls_lock);
@@ -288,7 +288,7 @@ static struct nls_table *find_nls(char *charset)
return nls;
}
-struct nls_table *load_nls(char *charset)
+struct nls_table *load_nls(const char *charset)
{
return try_then_request_module(find_nls(charset), "nls_%s", charset);
}
diff --git a/include/linux/nls.h b/include/linux/nls.h
index 499e486b3722d..e0bf8367b274a 100644
--- a/include/linux/nls.h
+++ b/include/linux/nls.h
@@ -47,7 +47,7 @@ enum utf16_endian {
/* nls_base.c */
extern int __register_nls(struct nls_table *, struct module *);
extern int unregister_nls(struct nls_table *);
-extern struct nls_table *load_nls(char *);
+extern struct nls_table *load_nls(const char *charset);
extern void unload_nls(struct nls_table *);
extern struct nls_table *load_nls_default(void);
#define register_nls(nls) __register_nls((nls), THIS_MODULE)
--
2.40.1
^ permalink raw reply related [flat|nested] 396+ messages in thread
* [PATCH 5.4 027/367] ASoc: codecs: ES8316: Fix DMIC config
2023-09-20 11:26 [PATCH 5.4 000/367] 5.4.257-rc1 review Greg Kroah-Hartman
` (25 preceding siblings ...)
2023-09-20 11:26 ` [PATCH 5.4 026/367] fs/nls: make load_nls() take a const parameter Greg Kroah-Hartman
@ 2023-09-20 11:26 ` Greg Kroah-Hartman
2023-09-20 11:26 ` [PATCH 5.4 028/367] ASoC: atmel: Fix the 8K sample parameter in I2SC master Greg Kroah-Hartman
` (345 subsequent siblings)
372 siblings, 0 replies; 396+ messages in thread
From: Greg Kroah-Hartman @ 2023-09-20 11:26 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Edgar, Mark Brown, Sasha Levin
5.4-stable review patch. If anyone has any objections, please let me know.
------------------
From: Edgar <ljijcj@163.com>
[ Upstream commit d20d35d1ad62c6cca36368c1e8f29335a068659e ]
According to the datasheet, the DMIC config should
be changed to { 0, 2 ,3 }
Signed-off-by: Edgar <ljijcj@163.com>
Link: https://lore.kernel.org/r/20230719054722.401954-1-ljijcj@163.com
Signed-off-by: Mark Brown <broonie@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
sound/soc/codecs/es8316.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/sound/soc/codecs/es8316.c b/sound/soc/codecs/es8316.c
index 131f41cccbe65..dd2df9a903e05 100644
--- a/sound/soc/codecs/es8316.c
+++ b/sound/soc/codecs/es8316.c
@@ -153,7 +153,7 @@ static const char * const es8316_dmic_txt[] = {
"dmic data at high level",
"dmic data at low level",
};
-static const unsigned int es8316_dmic_values[] = { 0, 1, 2 };
+static const unsigned int es8316_dmic_values[] = { 0, 2, 3 };
static const struct soc_enum es8316_dmic_src_enum =
SOC_VALUE_ENUM_SINGLE(ES8316_ADC_DMIC, 0, 3,
ARRAY_SIZE(es8316_dmic_txt),
--
2.40.1
^ permalink raw reply related [flat|nested] 396+ messages in thread
* [PATCH 5.4 028/367] ASoC: atmel: Fix the 8K sample parameter in I2SC master
2023-09-20 11:26 [PATCH 5.4 000/367] 5.4.257-rc1 review Greg Kroah-Hartman
` (26 preceding siblings ...)
2023-09-20 11:26 ` [PATCH 5.4 027/367] ASoc: codecs: ES8316: Fix DMIC config Greg Kroah-Hartman
@ 2023-09-20 11:26 ` Greg Kroah-Hartman
2023-09-20 11:26 ` [PATCH 5.4 029/367] platform/x86: intel: hid: Always call BTNL ACPI method Greg Kroah-Hartman
` (344 subsequent siblings)
372 siblings, 0 replies; 396+ messages in thread
From: Greg Kroah-Hartman @ 2023-09-20 11:26 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Guiting Shen, Mark Brown, Sasha Levin
5.4-stable review patch. If anyone has any objections, please let me know.
------------------
From: Guiting Shen <aarongt.shen@gmail.com>
[ Upstream commit f85739c0b2b0d98a32f5ca4fcc5501d2b76df4f6 ]
The 8K sample parameter of 12.288Mhz main system bus clock doesn't work
because the I2SC_MR.IMCKDIV must not be 0 according to the sama5d2
series datasheet(I2SC Mode Register of Register Summary).
So use the 6.144Mhz instead of 12.288Mhz to support 8K sample.
Signed-off-by: Guiting Shen <aarongt.shen@gmail.com>
Link: https://lore.kernel.org/r/20230715030620.62328-1-aarongt.shen@gmail.com
Signed-off-by: Mark Brown <broonie@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
sound/soc/atmel/atmel-i2s.c | 5 ++++-
1 file changed, 4 insertions(+), 1 deletion(-)
diff --git a/sound/soc/atmel/atmel-i2s.c b/sound/soc/atmel/atmel-i2s.c
index d870f56c44cfc..0341b31197670 100644
--- a/sound/soc/atmel/atmel-i2s.c
+++ b/sound/soc/atmel/atmel-i2s.c
@@ -163,11 +163,14 @@ struct atmel_i2s_gck_param {
#define I2S_MCK_12M288 12288000UL
#define I2S_MCK_11M2896 11289600UL
+#define I2S_MCK_6M144 6144000UL
/* mck = (32 * (imckfs+1) / (imckdiv+1)) * fs */
static const struct atmel_i2s_gck_param gck_params[] = {
+ /* mck = 6.144Mhz */
+ { 8000, I2S_MCK_6M144, 1, 47}, /* mck = 768 fs */
+
/* mck = 12.288MHz */
- { 8000, I2S_MCK_12M288, 0, 47}, /* mck = 1536 fs */
{ 16000, I2S_MCK_12M288, 1, 47}, /* mck = 768 fs */
{ 24000, I2S_MCK_12M288, 3, 63}, /* mck = 512 fs */
{ 32000, I2S_MCK_12M288, 3, 47}, /* mck = 384 fs */
--
2.40.1
^ permalink raw reply related [flat|nested] 396+ messages in thread
* [PATCH 5.4 029/367] platform/x86: intel: hid: Always call BTNL ACPI method
2023-09-20 11:26 [PATCH 5.4 000/367] 5.4.257-rc1 review Greg Kroah-Hartman
` (27 preceding siblings ...)
2023-09-20 11:26 ` [PATCH 5.4 028/367] ASoC: atmel: Fix the 8K sample parameter in I2SC master Greg Kroah-Hartman
@ 2023-09-20 11:26 ` Greg Kroah-Hartman
2023-09-20 11:26 ` [PATCH 5.4 030/367] platform/x86: huawei-wmi: Silence ambient light sensor Greg Kroah-Hartman
` (343 subsequent siblings)
372 siblings, 0 replies; 396+ messages in thread
From: Greg Kroah-Hartman @ 2023-09-20 11:26 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Maxim Mikityanskiy, Hans de Goede,
Sasha Levin
5.4-stable review patch. If anyone has any objections, please let me know.
------------------
From: Hans de Goede <hdegoede@redhat.com>
[ Upstream commit e3ab18de2b09361d6f0e4aafb9cfd6d002ce43a1 ]
On a HP Elite Dragonfly G2 the 0xcc and 0xcd events for SW_TABLET_MODE
are only send after the BTNL ACPI method has been called.
Likely more devices need this, so make the BTNL ACPI method unconditional
instead of only doing it on devices with a 5 button array.
Note this also makes the intel_button_array_enable() call in probe()
unconditional, that function does its own priv->array check. This makes
the intel_button_array_enable() call in probe() consistent with the calls
done on suspend/resume which also rely on the priv->array check inside
the function.
Reported-by: Maxim Mikityanskiy <maxtram95@gmail.com>
Closes: https://lore.kernel.org/platform-driver-x86/20230712175023.31651-1-maxtram95@gmail.com/
Signed-off-by: Hans de Goede <hdegoede@redhat.com>
Link: https://lore.kernel.org/r/20230715181516.5173-1-hdegoede@redhat.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/platform/x86/intel-hid.c | 21 +++++++++------------
1 file changed, 9 insertions(+), 12 deletions(-)
diff --git a/drivers/platform/x86/intel-hid.c b/drivers/platform/x86/intel-hid.c
index 164bebbfea214..050f8f7970374 100644
--- a/drivers/platform/x86/intel-hid.c
+++ b/drivers/platform/x86/intel-hid.c
@@ -449,7 +449,7 @@ static bool button_array_present(struct platform_device *device)
static int intel_hid_probe(struct platform_device *device)
{
acpi_handle handle = ACPI_HANDLE(&device->dev);
- unsigned long long mode;
+ unsigned long long mode, dummy;
struct intel_hid_priv *priv;
acpi_status status;
int err;
@@ -501,18 +501,15 @@ static int intel_hid_probe(struct platform_device *device)
if (err)
goto err_remove_notify;
- if (priv->array) {
- unsigned long long dummy;
+ intel_button_array_enable(&device->dev, true);
- intel_button_array_enable(&device->dev, true);
-
- /* Call button load method to enable HID power button */
- if (!intel_hid_evaluate_method(handle, INTEL_HID_DSM_BTNL_FN,
- &dummy)) {
- dev_warn(&device->dev,
- "failed to enable HID power button\n");
- }
- }
+ /*
+ * Call button load method to enable HID power button
+ * Always do this since it activates events on some devices without
+ * a button array too.
+ */
+ if (!intel_hid_evaluate_method(handle, INTEL_HID_DSM_BTNL_FN, &dummy))
+ dev_warn(&device->dev, "failed to enable HID power button\n");
device_init_wakeup(&device->dev, true);
/*
--
2.40.1
^ permalink raw reply related [flat|nested] 396+ messages in thread
* [PATCH 5.4 030/367] platform/x86: huawei-wmi: Silence ambient light sensor
2023-09-20 11:26 [PATCH 5.4 000/367] 5.4.257-rc1 review Greg Kroah-Hartman
` (28 preceding siblings ...)
2023-09-20 11:26 ` [PATCH 5.4 029/367] platform/x86: intel: hid: Always call BTNL ACPI method Greg Kroah-Hartman
@ 2023-09-20 11:26 ` Greg Kroah-Hartman
2023-09-20 11:26 ` [PATCH 5.4 031/367] security: keys: perform capable check only on privileged operations Greg Kroah-Hartman
` (342 subsequent siblings)
372 siblings, 0 replies; 396+ messages in thread
From: Greg Kroah-Hartman @ 2023-09-20 11:26 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Konstantin Shelekhin, Hans de Goede,
Sasha Levin
5.4-stable review patch. If anyone has any objections, please let me know.
------------------
From: Konstantin Shelekhin <k.shelekhin@ftml.net>
[ Upstream commit c21733754cd6ecbca346f2adf9b17d4cfa50504f ]
Currently huawei-wmi causes a lot of spam in dmesg on my
Huawei MateBook X Pro 2022:
...
[36409.328463] input input9: Unknown key pressed, code: 0x02c1
[36411.335104] input input9: Unknown key pressed, code: 0x02c1
[36412.338674] input input9: Unknown key pressed, code: 0x02c1
[36414.848564] input input9: Unknown key pressed, code: 0x02c1
[36416.858706] input input9: Unknown key pressed, code: 0x02c1
...
Fix that by ignoring events generated by ambient light sensor.
This issue was reported on GitHub and resolved with the following merge
request:
https://github.com/aymanbagabas/Huawei-WMI/pull/70
I've contacted the mainter of this repo and he gave me the "go ahead" to
send this patch to the maling list.
Signed-off-by: Konstantin Shelekhin <k.shelekhin@ftml.net>
Link: https://lore.kernel.org/r/20230722155922.173856-1-k.shelekhin@ftml.net
Reviewed-by: Hans de Goede <hdegoede@redhat.com>
Signed-off-by: Hans de Goede <hdegoede@redhat.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/platform/x86/huawei-wmi.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/drivers/platform/x86/huawei-wmi.c b/drivers/platform/x86/huawei-wmi.c
index 195a7f3638cb1..e27f551a9afa4 100644
--- a/drivers/platform/x86/huawei-wmi.c
+++ b/drivers/platform/x86/huawei-wmi.c
@@ -41,6 +41,8 @@ static const struct key_entry huawei_wmi_keymap[] = {
{ KE_IGNORE, 0x293, { KEY_KBDILLUMTOGGLE } },
{ KE_IGNORE, 0x294, { KEY_KBDILLUMUP } },
{ KE_IGNORE, 0x295, { KEY_KBDILLUMUP } },
+ // Ignore Ambient Light Sensoring
+ { KE_KEY, 0x2c1, { KEY_RESERVED } },
{ KE_END, 0 }
};
--
2.40.1
^ permalink raw reply related [flat|nested] 396+ messages in thread
* [PATCH 5.4 031/367] security: keys: perform capable check only on privileged operations
2023-09-20 11:26 [PATCH 5.4 000/367] 5.4.257-rc1 review Greg Kroah-Hartman
` (29 preceding siblings ...)
2023-09-20 11:26 ` [PATCH 5.4 030/367] platform/x86: huawei-wmi: Silence ambient light sensor Greg Kroah-Hartman
@ 2023-09-20 11:26 ` Greg Kroah-Hartman
2023-09-20 11:26 ` [PATCH 5.4 032/367] clk: fixed-mmio: make COMMON_CLK_FIXED_MMIO depend on HAS_IOMEM Greg Kroah-Hartman
` (341 subsequent siblings)
372 siblings, 0 replies; 396+ messages in thread
From: Greg Kroah-Hartman @ 2023-09-20 11:26 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Christian Göttsche,
Jarkko Sakkinen, Sasha Levin
5.4-stable review patch. If anyone has any objections, please let me know.
------------------
From: Christian Göttsche <cgzones@googlemail.com>
[ Upstream commit 2d7f105edbb3b2be5ffa4d833abbf9b6965e9ce7 ]
If the current task fails the check for the queried capability via
`capable(CAP_SYS_ADMIN)` LSMs like SELinux generate a denial message.
Issuing such denial messages unnecessarily can lead to a policy author
granting more privileges to a subject than needed to silence them.
Reorder CAP_SYS_ADMIN checks after the check whether the operation is
actually privileged.
Signed-off-by: Christian Göttsche <cgzones@googlemail.com>
Reviewed-by: Jarkko Sakkinen <jarkko@kernel.org>
Signed-off-by: Jarkko Sakkinen <jarkko@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
security/keys/keyctl.c | 11 ++++++++---
1 file changed, 8 insertions(+), 3 deletions(-)
diff --git a/security/keys/keyctl.c b/security/keys/keyctl.c
index edde63a63007f..f42968f349584 100644
--- a/security/keys/keyctl.c
+++ b/security/keys/keyctl.c
@@ -977,14 +977,19 @@ long keyctl_chown_key(key_serial_t id, uid_t user, gid_t group)
ret = -EACCES;
down_write(&key->sem);
- if (!capable(CAP_SYS_ADMIN)) {
+ {
+ bool is_privileged_op = false;
+
/* only the sysadmin can chown a key to some other UID */
if (user != (uid_t) -1 && !uid_eq(key->uid, uid))
- goto error_put;
+ is_privileged_op = true;
/* only the sysadmin can set the key's GID to a group other
* than one of those that the current process subscribes to */
if (group != (gid_t) -1 && !gid_eq(gid, key->gid) && !in_group_p(gid))
+ is_privileged_op = true;
+
+ if (is_privileged_op && !capable(CAP_SYS_ADMIN))
goto error_put;
}
@@ -1084,7 +1089,7 @@ long keyctl_setperm_key(key_serial_t id, key_perm_t perm)
down_write(&key->sem);
/* if we're not the sysadmin, we can only change a key that we own */
- if (capable(CAP_SYS_ADMIN) || uid_eq(key->uid, current_fsuid())) {
+ if (uid_eq(key->uid, current_fsuid()) || capable(CAP_SYS_ADMIN)) {
key->perm = perm;
ret = 0;
}
--
2.40.1
^ permalink raw reply related [flat|nested] 396+ messages in thread
* [PATCH 5.4 032/367] clk: fixed-mmio: make COMMON_CLK_FIXED_MMIO depend on HAS_IOMEM
2023-09-20 11:26 [PATCH 5.4 000/367] 5.4.257-rc1 review Greg Kroah-Hartman
` (30 preceding siblings ...)
2023-09-20 11:26 ` [PATCH 5.4 031/367] security: keys: perform capable check only on privileged operations Greg Kroah-Hartman
@ 2023-09-20 11:26 ` Greg Kroah-Hartman
2023-09-20 11:26 ` [PATCH 5.4 033/367] net: usb: qmi_wwan: add Quectel EM05GV2 Greg Kroah-Hartman
` (340 subsequent siblings)
372 siblings, 0 replies; 396+ messages in thread
From: Greg Kroah-Hartman @ 2023-09-20 11:26 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, kernel test robot, Baoquan He,
Michael Turquette, Stephen Boyd, linux-clk, Sasha Levin
5.4-stable review patch. If anyone has any objections, please let me know.
------------------
From: Baoquan He <bhe@redhat.com>
[ Upstream commit e7dd44f4f3166db45248414f5df8f615392de47a ]
On s390 systems (aka mainframes), it has classic channel devices for
networking and permanent storage that are currently even more common
than PCI devices. Hence it could have a fully functional s390 kernel
with CONFIG_PCI=n, then the relevant iomem mapping functions
[including ioremap(), devm_ioremap(), etc.] are not available.
Here let COMMON_CLK_FIXED_MMIO depend on HAS_IOMEM so that it won't
be built to cause below compiling error if PCI is unset:
------
ld: drivers/clk/clk-fixed-mmio.o: in function `fixed_mmio_clk_setup':
clk-fixed-mmio.c:(.text+0x5e): undefined reference to `of_iomap'
ld: clk-fixed-mmio.c:(.text+0xba): undefined reference to `iounmap'
------
Reported-by: kernel test robot <lkp@intel.com>
Closes: https://lore.kernel.org/oe-kbuild-all/202306211329.ticOJCSv-lkp@intel.com/
Signed-off-by: Baoquan He <bhe@redhat.com>
Cc: Michael Turquette <mturquette@baylibre.com>
Cc: Stephen Boyd <sboyd@kernel.org>
Cc: linux-clk@vger.kernel.org
Link: https://lore.kernel.org/r/20230707135852.24292-8-bhe@redhat.com
Signed-off-by: Stephen Boyd <sboyd@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/clk/Kconfig | 1 +
1 file changed, 1 insertion(+)
diff --git a/drivers/clk/Kconfig b/drivers/clk/Kconfig
index cc871ae3a1792..5b34dbc830ee4 100644
--- a/drivers/clk/Kconfig
+++ b/drivers/clk/Kconfig
@@ -302,6 +302,7 @@ config COMMON_CLK_BD718XX
config COMMON_CLK_FIXED_MMIO
bool "Clock driver for Memory Mapped Fixed values"
depends on COMMON_CLK && OF
+ depends on HAS_IOMEM
help
Support for Memory Mapped IO Fixed clocks
--
2.40.1
^ permalink raw reply related [flat|nested] 396+ messages in thread
* [PATCH 5.4 033/367] net: usb: qmi_wwan: add Quectel EM05GV2
2023-09-20 11:26 [PATCH 5.4 000/367] 5.4.257-rc1 review Greg Kroah-Hartman
` (31 preceding siblings ...)
2023-09-20 11:26 ` [PATCH 5.4 032/367] clk: fixed-mmio: make COMMON_CLK_FIXED_MMIO depend on HAS_IOMEM Greg Kroah-Hartman
@ 2023-09-20 11:26 ` Greg Kroah-Hartman
2023-09-20 11:26 ` [PATCH 5.4 034/367] idmaengine: make FSL_EDMA and INTEL_IDMA64 depends on HAS_IOMEM Greg Kroah-Hartman
` (339 subsequent siblings)
372 siblings, 0 replies; 396+ messages in thread
From: Greg Kroah-Hartman @ 2023-09-20 11:26 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Martin Kohn, Jakub Kicinski, Sasha Levin
5.4-stable review patch. If anyone has any objections, please let me know.
------------------
From: Martin Kohn <m.kohn@welotec.com>
[ Upstream commit d4480c9bb9258db9ddf2e632f6ef81e96b41089c ]
Add support for Quectel EM05GV2 (G=global) with vendor ID
0x2c7c and product ID 0x030e
Enabling DTR on this modem was necessary to ensure stable operation.
Patch for usb: serial: option: is also in progress.
T: Bus=01 Lev=01 Prnt=01 Port=00 Cnt=01 Dev#= 2 Spd=480 MxCh= 0
D: Ver= 2.00 Cls=ef(misc ) Sub=02 Prot=01 MxPS=64 #Cfgs= 1
P: Vendor=2c7c ProdID=030e Rev= 3.18
S: Manufacturer=Quectel
S: Product=Quectel EM05-G
C:* #Ifs= 5 Cfg#= 1 Atr=a0 MxPwr=500mA
I:* If#= 0 Alt= 0 #EPs= 2 Cls=ff(vend.) Sub=ff Prot=ff Driver=option
E: Ad=81(I) Atr=02(Bulk) MxPS= 512 Ivl=0ms
E: Ad=01(O) Atr=02(Bulk) MxPS= 512 Ivl=0ms
I:* If#= 1 Alt= 0 #EPs= 3 Cls=ff(vend.) Sub=00 Prot=00 Driver=option
E: Ad=83(I) Atr=03(Int.) MxPS= 10 Ivl=32ms
E: Ad=82(I) Atr=02(Bulk) MxPS= 512 Ivl=0ms
E: Ad=02(O) Atr=02(Bulk) MxPS= 512 Ivl=0ms
I:* If#= 2 Alt= 0 #EPs= 3 Cls=ff(vend.) Sub=00 Prot=00 Driver=option
E: Ad=85(I) Atr=03(Int.) MxPS= 10 Ivl=32ms
E: Ad=84(I) Atr=02(Bulk) MxPS= 512 Ivl=0ms
E: Ad=03(O) Atr=02(Bulk) MxPS= 512 Ivl=0ms
I:* If#= 3 Alt= 0 #EPs= 3 Cls=ff(vend.) Sub=00 Prot=00 Driver=option
E: Ad=87(I) Atr=03(Int.) MxPS= 10 Ivl=32ms
E: Ad=86(I) Atr=02(Bulk) MxPS= 512 Ivl=0ms
E: Ad=04(O) Atr=02(Bulk) MxPS= 512 Ivl=0ms
I:* If#= 4 Alt= 0 #EPs= 3 Cls=ff(vend.) Sub=ff Prot=ff Driver=qmi_wwan
E: Ad=89(I) Atr=03(Int.) MxPS= 8 Ivl=32ms
E: Ad=88(I) Atr=02(Bulk) MxPS= 512 Ivl=0ms
E: Ad=05(O) Atr=02(Bulk) MxPS= 512 Ivl=0ms
Signed-off-by: Martin Kohn <m.kohn@welotec.com>
Link: https://lore.kernel.org/r/AM0PR04MB57648219DE893EE04FA6CC759701A@AM0PR04MB5764.eurprd04.prod.outlook.com
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/usb/qmi_wwan.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/drivers/net/usb/qmi_wwan.c b/drivers/net/usb/qmi_wwan.c
index a4be176fdd249..ebc1f01d5ea27 100644
--- a/drivers/net/usb/qmi_wwan.c
+++ b/drivers/net/usb/qmi_wwan.c
@@ -1373,6 +1373,7 @@ static const struct usb_device_id products[] = {
{QMI_QUIRK_SET_DTR(0x2c7c, 0x0191, 4)}, /* Quectel EG91 */
{QMI_QUIRK_SET_DTR(0x2c7c, 0x0195, 4)}, /* Quectel EG95 */
{QMI_FIXED_INTF(0x2c7c, 0x0296, 4)}, /* Quectel BG96 */
+ {QMI_QUIRK_SET_DTR(0x2c7c, 0x030e, 4)}, /* Quectel EM05GV2 */
{QMI_QUIRK_SET_DTR(0x2cb7, 0x0104, 4)}, /* Fibocom NL678 series */
{QMI_FIXED_INTF(0x0489, 0xe0b4, 0)}, /* Foxconn T77W968 LTE */
{QMI_FIXED_INTF(0x0489, 0xe0b5, 0)}, /* Foxconn T77W968 LTE with eSIM support*/
--
2.40.1
^ permalink raw reply related [flat|nested] 396+ messages in thread
* [PATCH 5.4 034/367] idmaengine: make FSL_EDMA and INTEL_IDMA64 depends on HAS_IOMEM
2023-09-20 11:26 [PATCH 5.4 000/367] 5.4.257-rc1 review Greg Kroah-Hartman
` (32 preceding siblings ...)
2023-09-20 11:26 ` [PATCH 5.4 033/367] net: usb: qmi_wwan: add Quectel EM05GV2 Greg Kroah-Hartman
@ 2023-09-20 11:26 ` Greg Kroah-Hartman
2023-09-20 11:26 ` [PATCH 5.4 035/367] scsi: qedi: Fix potential deadlock on &qedi_percpu->p_work_lock Greg Kroah-Hartman
` (338 subsequent siblings)
372 siblings, 0 replies; 396+ messages in thread
From: Greg Kroah-Hartman @ 2023-09-20 11:26 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, kernel test robot, Baoquan He,
Vinod Koul, dmaengine, Sasha Levin
5.4-stable review patch. If anyone has any objections, please let me know.
------------------
From: Baoquan He <bhe@redhat.com>
[ Upstream commit b1e213a9e31c20206f111ec664afcf31cbfe0dbb ]
On s390 systems (aka mainframes), it has classic channel devices for
networking and permanent storage that are currently even more common
than PCI devices. Hence it could have a fully functional s390 kernel
with CONFIG_PCI=n, then the relevant iomem mapping functions
[including ioremap(), devm_ioremap(), etc.] are not available.
Here let FSL_EDMA and INTEL_IDMA64 depend on HAS_IOMEM so that it
won't be built to cause below compiling error if PCI is unset.
--------
ERROR: modpost: "devm_platform_ioremap_resource" [drivers/dma/fsl-edma.ko] undefined!
ERROR: modpost: "devm_platform_ioremap_resource" [drivers/dma/idma64.ko] undefined!
--------
Reported-by: kernel test robot <lkp@intel.com>
Closes: https://lore.kernel.org/oe-kbuild-all/202306211329.ticOJCSv-lkp@intel.com/
Signed-off-by: Baoquan He <bhe@redhat.com>
Cc: Vinod Koul <vkoul@kernel.org>
Cc: dmaengine@vger.kernel.org
Link: https://lore.kernel.org/r/20230707135852.24292-2-bhe@redhat.com
Signed-off-by: Vinod Koul <vkoul@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/dma/Kconfig | 2 ++
1 file changed, 2 insertions(+)
diff --git a/drivers/dma/Kconfig b/drivers/dma/Kconfig
index 1322461f1f3c5..66aad9dbd58c5 100644
--- a/drivers/dma/Kconfig
+++ b/drivers/dma/Kconfig
@@ -208,6 +208,7 @@ config FSL_DMA
config FSL_EDMA
tristate "Freescale eDMA engine support"
depends on OF
+ depends on HAS_IOMEM
select DMA_ENGINE
select DMA_VIRTUAL_CHANNELS
help
@@ -268,6 +269,7 @@ config IMX_SDMA
config INTEL_IDMA64
tristate "Intel integrated DMA 64-bit support"
+ depends on HAS_IOMEM
select DMA_ENGINE
select DMA_VIRTUAL_CHANNELS
help
--
2.40.1
^ permalink raw reply related [flat|nested] 396+ messages in thread
* [PATCH 5.4 035/367] scsi: qedi: Fix potential deadlock on &qedi_percpu->p_work_lock
2023-09-20 11:26 [PATCH 5.4 000/367] 5.4.257-rc1 review Greg Kroah-Hartman
` (33 preceding siblings ...)
2023-09-20 11:26 ` [PATCH 5.4 034/367] idmaengine: make FSL_EDMA and INTEL_IDMA64 depends on HAS_IOMEM Greg Kroah-Hartman
@ 2023-09-20 11:26 ` Greg Kroah-Hartman
2023-09-20 11:26 ` [PATCH 5.4 036/367] netlabel: fix shift wrapping bug in netlbl_catmap_setlong() Greg Kroah-Hartman
` (337 subsequent siblings)
372 siblings, 0 replies; 396+ messages in thread
From: Greg Kroah-Hartman @ 2023-09-20 11:26 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Chengfeng Ye, Manish Rangankar,
Martin K. Petersen, Sasha Levin
5.4-stable review patch. If anyone has any objections, please let me know.
------------------
From: Chengfeng Ye <dg573847474@gmail.com>
[ Upstream commit dd64f80587190265ca8a0f4be6c64c2fda6d3ac2 ]
As &qedi_percpu->p_work_lock is acquired by hard IRQ qedi_msix_handler(),
other acquisitions of the same lock under process context should disable
IRQ, otherwise deadlock could happen if the IRQ preempts the execution
while the lock is held in process context on the same CPU.
qedi_cpu_offline() is one such function which acquires the lock in process
context.
[Deadlock Scenario]
qedi_cpu_offline()
->spin_lock(&p->p_work_lock)
<irq>
->qedi_msix_handler()
->edi_process_completions()
->spin_lock_irqsave(&p->p_work_lock, flags); (deadlock here)
This flaw was found by an experimental static analysis tool I am developing
for IRQ-related deadlocks.
The tentative patch fix the potential deadlock by spin_lock_irqsave()
under process context.
Signed-off-by: Chengfeng Ye <dg573847474@gmail.com>
Link: https://lore.kernel.org/r/20230726125655.4197-1-dg573847474@gmail.com
Acked-by: Manish Rangankar <mrangankar@marvell.com>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/scsi/qedi/qedi_main.c | 5 +++--
1 file changed, 3 insertions(+), 2 deletions(-)
diff --git a/drivers/scsi/qedi/qedi_main.c b/drivers/scsi/qedi/qedi_main.c
index 92c4a367b7bd7..6b47921202eba 100644
--- a/drivers/scsi/qedi/qedi_main.c
+++ b/drivers/scsi/qedi/qedi_main.c
@@ -1910,8 +1910,9 @@ static int qedi_cpu_offline(unsigned int cpu)
struct qedi_percpu_s *p = this_cpu_ptr(&qedi_percpu);
struct qedi_work *work, *tmp;
struct task_struct *thread;
+ unsigned long flags;
- spin_lock_bh(&p->p_work_lock);
+ spin_lock_irqsave(&p->p_work_lock, flags);
thread = p->iothread;
p->iothread = NULL;
@@ -1922,7 +1923,7 @@ static int qedi_cpu_offline(unsigned int cpu)
kfree(work);
}
- spin_unlock_bh(&p->p_work_lock);
+ spin_unlock_irqrestore(&p->p_work_lock, flags);
if (thread)
kthread_stop(thread);
return 0;
--
2.40.1
^ permalink raw reply related [flat|nested] 396+ messages in thread
* [PATCH 5.4 036/367] netlabel: fix shift wrapping bug in netlbl_catmap_setlong()
2023-09-20 11:26 [PATCH 5.4 000/367] 5.4.257-rc1 review Greg Kroah-Hartman
` (34 preceding siblings ...)
2023-09-20 11:26 ` [PATCH 5.4 035/367] scsi: qedi: Fix potential deadlock on &qedi_percpu->p_work_lock Greg Kroah-Hartman
@ 2023-09-20 11:26 ` Greg Kroah-Hartman
2023-09-20 11:26 ` [PATCH 5.4 037/367] bnx2x: fix page fault following EEH recovery Greg Kroah-Hartman
` (336 subsequent siblings)
372 siblings, 0 replies; 396+ messages in thread
From: Greg Kroah-Hartman @ 2023-09-20 11:26 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Dmitry Mastykin, Paul Moore,
David S. Miller, Sasha Levin
5.4-stable review patch. If anyone has any objections, please let me know.
------------------
From: Dmitry Mastykin <dmastykin@astralinux.ru>
[ Upstream commit b403643d154d15176b060b82f7fc605210033edd ]
There is a shift wrapping bug in this code on 32-bit architectures.
NETLBL_CATMAP_MAPTYPE is u64, bitmap is unsigned long.
Every second 32-bit word of catmap becomes corrupted.
Signed-off-by: Dmitry Mastykin <dmastykin@astralinux.ru>
Acked-by: Paul Moore <paul@paul-moore.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
net/netlabel/netlabel_kapi.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/net/netlabel/netlabel_kapi.c b/net/netlabel/netlabel_kapi.c
index 91b35b7c80d82..96059c99b915e 100644
--- a/net/netlabel/netlabel_kapi.c
+++ b/net/netlabel/netlabel_kapi.c
@@ -857,7 +857,8 @@ int netlbl_catmap_setlong(struct netlbl_lsm_catmap **catmap,
offset -= iter->startbit;
idx = offset / NETLBL_CATMAP_MAPSIZE;
- iter->bitmap[idx] |= bitmap << (offset % NETLBL_CATMAP_MAPSIZE);
+ iter->bitmap[idx] |= (NETLBL_CATMAP_MAPTYPE)bitmap
+ << (offset % NETLBL_CATMAP_MAPSIZE);
return 0;
}
--
2.40.1
^ permalink raw reply related [flat|nested] 396+ messages in thread
* [PATCH 5.4 037/367] bnx2x: fix page fault following EEH recovery
2023-09-20 11:26 [PATCH 5.4 000/367] 5.4.257-rc1 review Greg Kroah-Hartman
` (35 preceding siblings ...)
2023-09-20 11:26 ` [PATCH 5.4 036/367] netlabel: fix shift wrapping bug in netlbl_catmap_setlong() Greg Kroah-Hartman
@ 2023-09-20 11:26 ` Greg Kroah-Hartman
2023-09-20 11:26 ` [PATCH 5.4 038/367] sctp: handle invalid error codes without calling BUG() Greg Kroah-Hartman
` (335 subsequent siblings)
372 siblings, 0 replies; 396+ messages in thread
From: Greg Kroah-Hartman @ 2023-09-20 11:26 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, David Christensen,
Sridhar Samudrala, David S. Miller, Sasha Levin
5.4-stable review patch. If anyone has any objections, please let me know.
------------------
From: David Christensen <drc@linux.vnet.ibm.com>
[ Upstream commit 7ebe4eda4265642859507d1b3ca330d8c196cfe5 ]
In the last step of the EEH recovery process, the EEH driver calls into
bnx2x_io_resume() to re-initialize the NIC hardware via the function
bnx2x_nic_load(). If an error occurs during bnx2x_nic_load(), OS and
hardware resources are released and an error code is returned to the
caller. When called from bnx2x_io_resume(), the return code is ignored
and the network interface is brought up unconditionally. Later attempts
to send a packet via this interface result in a page fault due to a null
pointer reference.
This patch checks the return code of bnx2x_nic_load(), prints an error
message if necessary, and does not enable the interface.
Signed-off-by: David Christensen <drc@linux.vnet.ibm.com>
Reviewed-by: Sridhar Samudrala <sridhar.samudrala@intel.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/ethernet/broadcom/bnx2x/bnx2x_main.c | 9 +++++++--
1 file changed, 7 insertions(+), 2 deletions(-)
diff --git a/drivers/net/ethernet/broadcom/bnx2x/bnx2x_main.c b/drivers/net/ethernet/broadcom/bnx2x/bnx2x_main.c
index b5f58c62e7d20..211fbc8f75712 100644
--- a/drivers/net/ethernet/broadcom/bnx2x/bnx2x_main.c
+++ b/drivers/net/ethernet/broadcom/bnx2x/bnx2x_main.c
@@ -14426,11 +14426,16 @@ static void bnx2x_io_resume(struct pci_dev *pdev)
bp->fw_seq = SHMEM_RD(bp, func_mb[BP_FW_MB_IDX(bp)].drv_mb_header) &
DRV_MSG_SEQ_NUMBER_MASK;
- if (netif_running(dev))
- bnx2x_nic_load(bp, LOAD_NORMAL);
+ if (netif_running(dev)) {
+ if (bnx2x_nic_load(bp, LOAD_NORMAL)) {
+ netdev_err(bp->dev, "Error during driver initialization, try unloading/reloading the driver\n");
+ goto done;
+ }
+ }
netif_device_attach(dev);
+done:
rtnl_unlock();
}
--
2.40.1
^ permalink raw reply related [flat|nested] 396+ messages in thread
* [PATCH 5.4 038/367] sctp: handle invalid error codes without calling BUG()
2023-09-20 11:26 [PATCH 5.4 000/367] 5.4.257-rc1 review Greg Kroah-Hartman
` (36 preceding siblings ...)
2023-09-20 11:26 ` [PATCH 5.4 037/367] bnx2x: fix page fault following EEH recovery Greg Kroah-Hartman
@ 2023-09-20 11:26 ` Greg Kroah-Hartman
2023-09-20 11:26 ` [PATCH 5.4 039/367] cifs: add a warning when the in-flight count goes negative Greg Kroah-Hartman
` (334 subsequent siblings)
372 siblings, 0 replies; 396+ messages in thread
From: Greg Kroah-Hartman @ 2023-09-20 11:26 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Dan Carpenter, David S. Miller, Sasha Levin
5.4-stable review patch. If anyone has any objections, please let me know.
------------------
From: Dan Carpenter <dan.carpenter@linaro.org>
[ Upstream commit a0067dfcd9418fd3b0632bc59210d120d038a9c6 ]
The sctp_sf_eat_auth() function is supposed to return enum sctp_disposition
values but if the call to sctp_ulpevent_make_authkey() fails, it returns
-ENOMEM.
This results in calling BUG() inside the sctp_side_effects() function.
Calling BUG() is an over reaction and not helpful. Call WARN_ON_ONCE()
instead.
This code predates git.
Signed-off-by: Dan Carpenter <dan.carpenter@linaro.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
net/sctp/sm_sideeffect.c | 5 ++++-
1 file changed, 4 insertions(+), 1 deletion(-)
diff --git a/net/sctp/sm_sideeffect.c b/net/sctp/sm_sideeffect.c
index 8d32229199b96..c964e7ca6f7e5 100644
--- a/net/sctp/sm_sideeffect.c
+++ b/net/sctp/sm_sideeffect.c
@@ -1240,7 +1240,10 @@ static int sctp_side_effects(enum sctp_event_type event_type,
default:
pr_err("impossible disposition %d in state %d, event_type %d, event_id %d\n",
status, state, event_type, subtype.chunk);
- BUG();
+ error = status;
+ if (error >= 0)
+ error = -EINVAL;
+ WARN_ON_ONCE(1);
break;
}
--
2.40.1
^ permalink raw reply related [flat|nested] 396+ messages in thread
* [PATCH 5.4 039/367] cifs: add a warning when the in-flight count goes negative
2023-09-20 11:26 [PATCH 5.4 000/367] 5.4.257-rc1 review Greg Kroah-Hartman
` (37 preceding siblings ...)
2023-09-20 11:26 ` [PATCH 5.4 038/367] sctp: handle invalid error codes without calling BUG() Greg Kroah-Hartman
@ 2023-09-20 11:26 ` Greg Kroah-Hartman
2023-09-20 11:26 ` [PATCH 5.4 040/367] scsi: storvsc: Always set no_report_opcodes Greg Kroah-Hartman
` (333 subsequent siblings)
372 siblings, 0 replies; 396+ messages in thread
From: Greg Kroah-Hartman @ 2023-09-20 11:26 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Shyam Prasad N, Bharath SM,
Steve French, Sasha Levin
5.4-stable review patch. If anyone has any objections, please let me know.
------------------
From: Shyam Prasad N <sprasad@microsoft.com>
[ Upstream commit e4645cc2f1e2d6f268bb8dcfac40997c52432aed ]
We've seen the in-flight count go into negative with some
internal stress testing in Microsoft.
Adding a WARN when this happens, in hope of understanding
why this happens when it happens.
Signed-off-by: Shyam Prasad N <sprasad@microsoft.com>
Reviewed-by: Bharath SM <bharathsm@microsoft.com>
Signed-off-by: Steve French <stfrench@microsoft.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
fs/cifs/smb2ops.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/fs/cifs/smb2ops.c b/fs/cifs/smb2ops.c
index cd0030533bf7a..ad9b207432e10 100644
--- a/fs/cifs/smb2ops.c
+++ b/fs/cifs/smb2ops.c
@@ -79,6 +79,7 @@ smb2_add_credits(struct TCP_Server_Info *server,
*val = 65000; /* Don't get near 64K credits, avoid srv bugs */
printk_once(KERN_WARNING "server overflowed SMB3 credits\n");
}
+ WARN_ON_ONCE(server->in_flight == 0);
server->in_flight--;
if (server->in_flight == 0 && (optype & CIFS_OP_MASK) != CIFS_NEG_OP)
rc = change_conf(server);
--
2.40.1
^ permalink raw reply related [flat|nested] 396+ messages in thread
* [PATCH 5.4 040/367] scsi: storvsc: Always set no_report_opcodes
2023-09-20 11:26 [PATCH 5.4 000/367] 5.4.257-rc1 review Greg Kroah-Hartman
` (38 preceding siblings ...)
2023-09-20 11:26 ` [PATCH 5.4 039/367] cifs: add a warning when the in-flight count goes negative Greg Kroah-Hartman
@ 2023-09-20 11:26 ` Greg Kroah-Hartman
2023-09-20 11:26 ` [PATCH 5.4 041/367] ALSA: seq: oss: Fix racy open/close of MIDI devices Greg Kroah-Hartman
` (332 subsequent siblings)
372 siblings, 0 replies; 396+ messages in thread
From: Greg Kroah-Hartman @ 2023-09-20 11:26 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Michael Kelley, Martin K. Petersen,
Sasha Levin
5.4-stable review patch. If anyone has any objections, please let me know.
------------------
From: Michael Kelley <mikelley@microsoft.com>
[ Upstream commit 31d16e712bdcaee769de4780f72ff8d6cd3f0589 ]
Hyper-V synthetic SCSI devices do not support the MAINTENANCE_IN SCSI
command, so scsi_report_opcode() always fails, resulting in messages like
this:
hv_storvsc <guid>: tag#205 cmd 0xa3 status: scsi 0x2 srb 0x86 hv 0xc0000001
The recently added support for command duration limits calls
scsi_report_opcode() four times as each device comes online, which
significantly increases the number of messages logged in a system with many
disks.
Fix the problem by always marking Hyper-V synthetic SCSI devices as not
supporting scsi_report_opcode(). With this setting, the MAINTENANCE_IN SCSI
command is not issued and no messages are logged.
Signed-off-by: Michael Kelley <mikelley@microsoft.com>
Link: https://lore.kernel.org/r/1686343101-18930-1-git-send-email-mikelley@microsoft.com
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/scsi/storvsc_drv.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/drivers/scsi/storvsc_drv.c b/drivers/scsi/storvsc_drv.c
index 823088c7b199e..44f4e10f9bf9a 100644
--- a/drivers/scsi/storvsc_drv.c
+++ b/drivers/scsi/storvsc_drv.c
@@ -1423,6 +1423,8 @@ static int storvsc_device_configure(struct scsi_device *sdevice)
{
blk_queue_rq_timeout(sdevice->request_queue, (storvsc_timeout * HZ));
+ /* storvsc devices don't support MAINTENANCE_IN SCSI cmd */
+ sdevice->no_report_opcodes = 1;
sdevice->no_write_same = 1;
/*
--
2.40.1
^ permalink raw reply related [flat|nested] 396+ messages in thread
* [PATCH 5.4 041/367] ALSA: seq: oss: Fix racy open/close of MIDI devices
2023-09-20 11:26 [PATCH 5.4 000/367] 5.4.257-rc1 review Greg Kroah-Hartman
` (39 preceding siblings ...)
2023-09-20 11:26 ` [PATCH 5.4 040/367] scsi: storvsc: Always set no_report_opcodes Greg Kroah-Hartman
@ 2023-09-20 11:26 ` Greg Kroah-Hartman
2023-09-20 11:26 ` [PATCH 5.4 042/367] platform/mellanox: Fix mlxbf-tmfifo not handling all virtio CONSOLE notifications Greg Kroah-Hartman
` (331 subsequent siblings)
372 siblings, 0 replies; 396+ messages in thread
From: Greg Kroah-Hartman @ 2023-09-20 11:26 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Gong, Sishuai, Takashi Iwai, Sasha Levin
5.4-stable review patch. If anyone has any objections, please let me know.
------------------
From: Takashi Iwai <tiwai@suse.de>
[ Upstream commit 297224fc0922e7385573a30c29ffdabb67f27b7d ]
Although snd_seq_oss_midi_open() and snd_seq_oss_midi_close() can be
called concurrently from different code paths, we have no proper data
protection against races. Introduce open_mutex to each seq_oss_midi
object for avoiding the races.
Reported-by: "Gong, Sishuai" <sishuai@purdue.edu>
Closes: https://lore.kernel.org/r/7DC9AF71-F481-4ABA-955F-76C535661E33@purdue.edu
Link: https://lore.kernel.org/r/20230612125533.27461-1-tiwai@suse.de
Signed-off-by: Takashi Iwai <tiwai@suse.de>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
sound/core/seq/oss/seq_oss_midi.c | 35 +++++++++++++++++++------------
1 file changed, 22 insertions(+), 13 deletions(-)
diff --git a/sound/core/seq/oss/seq_oss_midi.c b/sound/core/seq/oss/seq_oss_midi.c
index f73ee0798aeab..be80ce72e0c72 100644
--- a/sound/core/seq/oss/seq_oss_midi.c
+++ b/sound/core/seq/oss/seq_oss_midi.c
@@ -37,6 +37,7 @@ struct seq_oss_midi {
struct snd_midi_event *coder; /* MIDI event coder */
struct seq_oss_devinfo *devinfo; /* assigned OSSseq device */
snd_use_lock_t use_lock;
+ struct mutex open_mutex;
};
@@ -171,6 +172,7 @@ snd_seq_oss_midi_check_new_port(struct snd_seq_port_info *pinfo)
mdev->flags = pinfo->capability;
mdev->opened = 0;
snd_use_lock_init(&mdev->use_lock);
+ mutex_init(&mdev->open_mutex);
/* copy and truncate the name of synth device */
strlcpy(mdev->name, pinfo->name, sizeof(mdev->name));
@@ -319,14 +321,16 @@ snd_seq_oss_midi_open(struct seq_oss_devinfo *dp, int dev, int fmode)
int perm;
struct seq_oss_midi *mdev;
struct snd_seq_port_subscribe subs;
+ int err;
if ((mdev = get_mididev(dp, dev)) == NULL)
return -ENODEV;
+ mutex_lock(&mdev->open_mutex);
/* already used? */
if (mdev->opened && mdev->devinfo != dp) {
- snd_use_lock_free(&mdev->use_lock);
- return -EBUSY;
+ err = -EBUSY;
+ goto unlock;
}
perm = 0;
@@ -336,14 +340,14 @@ snd_seq_oss_midi_open(struct seq_oss_devinfo *dp, int dev, int fmode)
perm |= PERM_READ;
perm &= mdev->flags;
if (perm == 0) {
- snd_use_lock_free(&mdev->use_lock);
- return -ENXIO;
+ err = -ENXIO;
+ goto unlock;
}
/* already opened? */
if ((mdev->opened & perm) == perm) {
- snd_use_lock_free(&mdev->use_lock);
- return 0;
+ err = 0;
+ goto unlock;
}
perm &= ~mdev->opened;
@@ -368,13 +372,17 @@ snd_seq_oss_midi_open(struct seq_oss_devinfo *dp, int dev, int fmode)
}
if (! mdev->opened) {
- snd_use_lock_free(&mdev->use_lock);
- return -ENXIO;
+ err = -ENXIO;
+ goto unlock;
}
mdev->devinfo = dp;
+ err = 0;
+
+ unlock:
+ mutex_unlock(&mdev->open_mutex);
snd_use_lock_free(&mdev->use_lock);
- return 0;
+ return err;
}
/*
@@ -388,10 +396,9 @@ snd_seq_oss_midi_close(struct seq_oss_devinfo *dp, int dev)
if ((mdev = get_mididev(dp, dev)) == NULL)
return -ENODEV;
- if (! mdev->opened || mdev->devinfo != dp) {
- snd_use_lock_free(&mdev->use_lock);
- return 0;
- }
+ mutex_lock(&mdev->open_mutex);
+ if (!mdev->opened || mdev->devinfo != dp)
+ goto unlock;
memset(&subs, 0, sizeof(subs));
if (mdev->opened & PERM_WRITE) {
@@ -410,6 +417,8 @@ snd_seq_oss_midi_close(struct seq_oss_devinfo *dp, int dev)
mdev->opened = 0;
mdev->devinfo = NULL;
+ unlock:
+ mutex_unlock(&mdev->open_mutex);
snd_use_lock_free(&mdev->use_lock);
return 0;
}
--
2.40.1
^ permalink raw reply related [flat|nested] 396+ messages in thread
* [PATCH 5.4 042/367] platform/mellanox: Fix mlxbf-tmfifo not handling all virtio CONSOLE notifications
2023-09-20 11:26 [PATCH 5.4 000/367] 5.4.257-rc1 review Greg Kroah-Hartman
` (40 preceding siblings ...)
2023-09-20 11:26 ` [PATCH 5.4 041/367] ALSA: seq: oss: Fix racy open/close of MIDI devices Greg Kroah-Hartman
@ 2023-09-20 11:26 ` Greg Kroah-Hartman
2023-09-20 11:27 ` [PATCH 5.4 043/367] net: Avoid address overwrite in kernel_connect Greg Kroah-Hartman
` (330 subsequent siblings)
372 siblings, 0 replies; 396+ messages in thread
From: Greg Kroah-Hartman @ 2023-09-20 11:26 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Shih-Yi Chen, Liming Sung,
David Thompson, Hans de Goede, Sasha Levin
5.4-stable review patch. If anyone has any objections, please let me know.
------------------
From: Shih-Yi Chen <shihyic@nvidia.com>
[ Upstream commit 0848cab765c634597636810bf76d0934003cce28 ]
rshim console does not show all entries of dmesg.
Fixed by setting MLXBF_TM_TX_LWM_IRQ for every CONSOLE notification.
Signed-off-by: Shih-Yi Chen <shihyic@nvidia.com>
Reviewed-by: Liming Sung <limings@nvidia.com>
Reviewed-by: David Thompson <davthompson@nvidia.com>
Link: https://lore.kernel.org/r/20230821150627.26075-1-shihyic@nvidia.com
Reviewed-by: Hans de Goede <hdegoede@redhat.com>
Signed-off-by: Hans de Goede <hdegoede@redhat.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/platform/mellanox/mlxbf-tmfifo.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/drivers/platform/mellanox/mlxbf-tmfifo.c b/drivers/platform/mellanox/mlxbf-tmfifo.c
index 92bda873d44a4..4b18ebd7e850c 100644
--- a/drivers/platform/mellanox/mlxbf-tmfifo.c
+++ b/drivers/platform/mellanox/mlxbf-tmfifo.c
@@ -865,6 +865,7 @@ static bool mlxbf_tmfifo_virtio_notify(struct virtqueue *vq)
tm_vdev = fifo->vdev[VIRTIO_ID_CONSOLE];
mlxbf_tmfifo_console_output(tm_vdev, vring);
spin_unlock_irqrestore(&fifo->spin_lock[0], flags);
+ set_bit(MLXBF_TM_TX_LWM_IRQ, &fifo->pend_events);
} else if (test_and_set_bit(MLXBF_TM_TX_LWM_IRQ,
&fifo->pend_events)) {
return true;
--
2.40.1
^ permalink raw reply related [flat|nested] 396+ messages in thread
* [PATCH 5.4 043/367] net: Avoid address overwrite in kernel_connect
2023-09-20 11:26 [PATCH 5.4 000/367] 5.4.257-rc1 review Greg Kroah-Hartman
` (41 preceding siblings ...)
2023-09-20 11:26 ` [PATCH 5.4 042/367] platform/mellanox: Fix mlxbf-tmfifo not handling all virtio CONSOLE notifications Greg Kroah-Hartman
@ 2023-09-20 11:27 ` Greg Kroah-Hartman
2023-09-20 11:27 ` [PATCH 5.4 044/367] powerpc/32s: Fix assembler warning about r0 Greg Kroah-Hartman
` (329 subsequent siblings)
372 siblings, 0 replies; 396+ messages in thread
From: Greg Kroah-Hartman @ 2023-09-20 11:27 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Jordan Rife, David S. Miller
5.4-stable review patch. If anyone has any objections, please let me know.
------------------
From: Jordan Rife <jrife@google.com>
commit 0bdf399342c5acbd817c9098b6c7ed21f1974312 upstream.
BPF programs that run on connect can rewrite the connect address. For
the connect system call this isn't a problem, because a copy of the address
is made when it is moved into kernel space. However, kernel_connect
simply passes through the address it is given, so the caller may observe
its address value unexpectedly change.
A practical example where this is problematic is where NFS is combined
with a system such as Cilium which implements BPF-based load balancing.
A common pattern in software-defined storage systems is to have an NFS
mount that connects to a persistent virtual IP which in turn maps to an
ephemeral server IP. This is usually done to achieve high availability:
if your server goes down you can quickly spin up a replacement and remap
the virtual IP to that endpoint. With BPF-based load balancing, mounts
will forget the virtual IP address when the address rewrite occurs
because a pointer to the only copy of that address is passed down the
stack. Server failover then breaks, because clients have forgotten the
virtual IP address. Reconnects fail and mounts remain broken. This patch
was tested by setting up a scenario like this and ensuring that NFS
reconnects worked after applying the patch.
Signed-off-by: Jordan Rife <jrife@google.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
net/socket.c | 6 +++++-
1 file changed, 5 insertions(+), 1 deletion(-)
--- a/net/socket.c
+++ b/net/socket.c
@@ -3637,7 +3637,11 @@ EXPORT_SYMBOL(kernel_accept);
int kernel_connect(struct socket *sock, struct sockaddr *addr, int addrlen,
int flags)
{
- return sock->ops->connect(sock, addr, addrlen, flags);
+ struct sockaddr_storage address;
+
+ memcpy(&address, addr, addrlen);
+
+ return sock->ops->connect(sock, (struct sockaddr *)&address, addrlen, flags);
}
EXPORT_SYMBOL(kernel_connect);
^ permalink raw reply [flat|nested] 396+ messages in thread
* [PATCH 5.4 044/367] powerpc/32s: Fix assembler warning about r0
2023-09-20 11:26 [PATCH 5.4 000/367] 5.4.257-rc1 review Greg Kroah-Hartman
` (42 preceding siblings ...)
2023-09-20 11:27 ` [PATCH 5.4 043/367] net: Avoid address overwrite in kernel_connect Greg Kroah-Hartman
@ 2023-09-20 11:27 ` Greg Kroah-Hartman
2023-09-20 11:27 ` [PATCH 5.4 045/367] udf: Check consistency of Space Bitmap Descriptor Greg Kroah-Hartman
` (328 subsequent siblings)
372 siblings, 0 replies; 396+ messages in thread
From: Greg Kroah-Hartman @ 2023-09-20 11:27 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Christophe Leroy, Michael Ellerman
5.4-stable review patch. If anyone has any objections, please let me know.
------------------
From: Christophe Leroy <christophe.leroy@csgroup.eu>
commit b51ba4fe2e134b631f9c8f45423707aab71449b5 upstream.
The assembler says:
arch/powerpc/kernel/head_32.S:1095: Warning: invalid register expression
It's objecting to the use of r0 as the RA argument. That's because
when RA = 0 the literal value 0 is used, rather than the content of
r0, making the use of r0 in the source potentially confusing.
Fix it to use a literal 0, the generated code is identical.
Signed-off-by: Christophe Leroy <christophe.leroy@csgroup.eu>
Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>
Link: https://lore.kernel.org/r/2b69ac8e1cddff6f808fc7415907179eab4aae9e.1596693679.git.christophe.leroy@csgroup.eu
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
arch/powerpc/kernel/head_32.S | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/arch/powerpc/kernel/head_32.S
+++ b/arch/powerpc/kernel/head_32.S
@@ -922,7 +922,7 @@ END_MMU_FTR_SECTION_IFSET(MMU_FTR_HPTE_T
*/
lis r5, abatron_pteptrs@h
ori r5, r5, abatron_pteptrs@l
- stw r5, 0xf0(r0) /* This much match your Abatron config */
+ stw r5, 0xf0(0) /* This much match your Abatron config */
lis r6, swapper_pg_dir@h
ori r6, r6, swapper_pg_dir@l
tophys(r5, r5)
^ permalink raw reply [flat|nested] 396+ messages in thread
* [PATCH 5.4 045/367] udf: Check consistency of Space Bitmap Descriptor
2023-09-20 11:26 [PATCH 5.4 000/367] 5.4.257-rc1 review Greg Kroah-Hartman
` (43 preceding siblings ...)
2023-09-20 11:27 ` [PATCH 5.4 044/367] powerpc/32s: Fix assembler warning about r0 Greg Kroah-Hartman
@ 2023-09-20 11:27 ` Greg Kroah-Hartman
2023-09-20 11:27 ` [PATCH 5.4 046/367] udf: Handle error when adding extent to a file Greg Kroah-Hartman
` (327 subsequent siblings)
372 siblings, 0 replies; 396+ messages in thread
From: Greg Kroah-Hartman @ 2023-09-20 11:27 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Vladislav Efanov, Jan Kara
5.4-stable review patch. If anyone has any objections, please let me know.
------------------
From: Vladislav Efanov <VEfanov@ispras.ru>
commit 1e0d4adf17e7ef03281d7b16555e7c1508c8ed2d upstream.
Bits, which are related to Bitmap Descriptor logical blocks,
are not reset when buffer headers are allocated for them. As the
result, these logical blocks can be treated as free and
be used for other blocks.This can cause usage of one buffer header
for several types of data. UDF issues WARNING in this situation:
WARNING: CPU: 0 PID: 2703 at fs/udf/inode.c:2014
__udf_add_aext+0x685/0x7d0 fs/udf/inode.c:2014
RIP: 0010:__udf_add_aext+0x685/0x7d0 fs/udf/inode.c:2014
Call Trace:
udf_setup_indirect_aext+0x573/0x880 fs/udf/inode.c:1980
udf_add_aext+0x208/0x2e0 fs/udf/inode.c:2067
udf_insert_aext fs/udf/inode.c:2233 [inline]
udf_update_extents fs/udf/inode.c:1181 [inline]
inode_getblk+0x1981/0x3b70 fs/udf/inode.c:885
Found by Linux Verification Center (linuxtesting.org) with syzkaller.
[JK: Somewhat cleaned up the boundary checks]
Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2")
Signed-off-by: Vladislav Efanov <VEfanov@ispras.ru>
Signed-off-by: Jan Kara <jack@suse.cz>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/udf/balloc.c | 31 +++++++++++++++++++++++++++----
1 file changed, 27 insertions(+), 4 deletions(-)
--- a/fs/udf/balloc.c
+++ b/fs/udf/balloc.c
@@ -36,18 +36,41 @@ static int read_block_bitmap(struct supe
unsigned long bitmap_nr)
{
struct buffer_head *bh = NULL;
- int retval = 0;
+ int i;
+ int max_bits, off, count;
struct kernel_lb_addr loc;
loc.logicalBlockNum = bitmap->s_extPosition;
loc.partitionReferenceNum = UDF_SB(sb)->s_partition;
bh = udf_tread(sb, udf_get_lb_pblock(sb, &loc, block));
+ bitmap->s_block_bitmap[bitmap_nr] = bh;
if (!bh)
- retval = -EIO;
+ return -EIO;
- bitmap->s_block_bitmap[bitmap_nr] = bh;
- return retval;
+ /* Check consistency of Space Bitmap buffer. */
+ max_bits = sb->s_blocksize * 8;
+ if (!bitmap_nr) {
+ off = sizeof(struct spaceBitmapDesc) << 3;
+ count = min(max_bits - off, bitmap->s_nr_groups);
+ } else {
+ /*
+ * Rough check if bitmap number is too big to have any bitmap
+ * blocks reserved.
+ */
+ if (bitmap_nr >
+ (bitmap->s_nr_groups >> (sb->s_blocksize_bits + 3)) + 2)
+ return 0;
+ off = 0;
+ count = bitmap->s_nr_groups - bitmap_nr * max_bits +
+ (sizeof(struct spaceBitmapDesc) << 3);
+ count = min(count, max_bits);
+ }
+
+ for (i = 0; i < count; i++)
+ if (udf_test_bit(i + off, bh->b_data))
+ return -EFSCORRUPTED;
+ return 0;
}
static int __load_block_bitmap(struct super_block *sb,
^ permalink raw reply [flat|nested] 396+ messages in thread
* [PATCH 5.4 046/367] udf: Handle error when adding extent to a file
2023-09-20 11:26 [PATCH 5.4 000/367] 5.4.257-rc1 review Greg Kroah-Hartman
` (44 preceding siblings ...)
2023-09-20 11:27 ` [PATCH 5.4 045/367] udf: Check consistency of Space Bitmap Descriptor Greg Kroah-Hartman
@ 2023-09-20 11:27 ` Greg Kroah-Hartman
2023-09-20 11:27 ` [PATCH 5.4 047/367] Revert "net: macsec: preserve ingress frame ordering" Greg Kroah-Hartman
` (326 subsequent siblings)
372 siblings, 0 replies; 396+ messages in thread
From: Greg Kroah-Hartman @ 2023-09-20 11:27 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Jan Kara
5.4-stable review patch. If anyone has any objections, please let me know.
------------------
From: Jan Kara <jack@suse.cz>
commit 19fd80de0a8b5170ef34704c8984cca920dffa59 upstream.
When adding extent to a file fails, so far we've silently squelshed the
error. Make sure to propagate it up properly.
Signed-off-by: Jan Kara <jack@suse.cz>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/udf/inode.c | 41 +++++++++++++++++++++++++++--------------
1 file changed, 27 insertions(+), 14 deletions(-)
--- a/fs/udf/inode.c
+++ b/fs/udf/inode.c
@@ -57,15 +57,15 @@ static int udf_update_inode(struct inode
static int udf_sync_inode(struct inode *inode);
static int udf_alloc_i_data(struct inode *inode, size_t size);
static sector_t inode_getblk(struct inode *, sector_t, int *, int *);
-static int8_t udf_insert_aext(struct inode *, struct extent_position,
- struct kernel_lb_addr, uint32_t);
+static int udf_insert_aext(struct inode *, struct extent_position,
+ struct kernel_lb_addr, uint32_t);
static void udf_split_extents(struct inode *, int *, int, udf_pblk_t,
struct kernel_long_ad *, int *);
static void udf_prealloc_extents(struct inode *, int, int,
struct kernel_long_ad *, int *);
static void udf_merge_extents(struct inode *, struct kernel_long_ad *, int *);
-static void udf_update_extents(struct inode *, struct kernel_long_ad *, int,
- int, struct extent_position *);
+static int udf_update_extents(struct inode *, struct kernel_long_ad *, int,
+ int, struct extent_position *);
static int udf_get_block(struct inode *, sector_t, struct buffer_head *, int);
static void __udf_clear_extent_cache(struct inode *inode)
@@ -890,7 +890,9 @@ static sector_t inode_getblk(struct inod
/* write back the new extents, inserting new extents if the new number
* of extents is greater than the old number, and deleting extents if
* the new number of extents is less than the old number */
- udf_update_extents(inode, laarr, startnum, endnum, &prev_epos);
+ *err = udf_update_extents(inode, laarr, startnum, endnum, &prev_epos);
+ if (*err < 0)
+ goto out_free;
newblock = udf_get_pblock(inode->i_sb, newblocknum,
iinfo->i_location.partitionReferenceNum, 0);
@@ -1158,21 +1160,30 @@ static void udf_merge_extents(struct ino
}
}
-static void udf_update_extents(struct inode *inode, struct kernel_long_ad *laarr,
- int startnum, int endnum,
- struct extent_position *epos)
+static int udf_update_extents(struct inode *inode, struct kernel_long_ad *laarr,
+ int startnum, int endnum,
+ struct extent_position *epos)
{
int start = 0, i;
struct kernel_lb_addr tmploc;
uint32_t tmplen;
+ int err;
if (startnum > endnum) {
for (i = 0; i < (startnum - endnum); i++)
udf_delete_aext(inode, *epos);
} else if (startnum < endnum) {
for (i = 0; i < (endnum - startnum); i++) {
- udf_insert_aext(inode, *epos, laarr[i].extLocation,
- laarr[i].extLength);
+ err = udf_insert_aext(inode, *epos,
+ laarr[i].extLocation,
+ laarr[i].extLength);
+ /*
+ * If we fail here, we are likely corrupting the extent
+ * list and leaking blocks. At least stop early to
+ * limit the damage.
+ */
+ if (err < 0)
+ return err;
udf_next_aext(inode, epos, &laarr[i].extLocation,
&laarr[i].extLength, 1);
start++;
@@ -1184,6 +1195,7 @@ static void udf_update_extents(struct in
udf_write_aext(inode, epos, &laarr[i].extLocation,
laarr[i].extLength, 1);
}
+ return 0;
}
struct buffer_head *udf_bread(struct inode *inode, udf_pblk_t block,
@@ -2218,12 +2230,13 @@ int8_t udf_current_aext(struct inode *in
return etype;
}
-static int8_t udf_insert_aext(struct inode *inode, struct extent_position epos,
- struct kernel_lb_addr neloc, uint32_t nelen)
+static int udf_insert_aext(struct inode *inode, struct extent_position epos,
+ struct kernel_lb_addr neloc, uint32_t nelen)
{
struct kernel_lb_addr oeloc;
uint32_t oelen;
int8_t etype;
+ int err;
if (epos.bh)
get_bh(epos.bh);
@@ -2233,10 +2246,10 @@ static int8_t udf_insert_aext(struct ino
neloc = oeloc;
nelen = (etype << 30) | oelen;
}
- udf_add_aext(inode, &epos, &neloc, nelen, 1);
+ err = udf_add_aext(inode, &epos, &neloc, nelen, 1);
brelse(epos.bh);
- return (nelen >> 30);
+ return err;
}
int8_t udf_delete_aext(struct inode *inode, struct extent_position epos)
^ permalink raw reply [flat|nested] 396+ messages in thread
* [PATCH 5.4 047/367] Revert "net: macsec: preserve ingress frame ordering"
2023-09-20 11:26 [PATCH 5.4 000/367] 5.4.257-rc1 review Greg Kroah-Hartman
` (45 preceding siblings ...)
2023-09-20 11:27 ` [PATCH 5.4 046/367] udf: Handle error when adding extent to a file Greg Kroah-Hartman
@ 2023-09-20 11:27 ` Greg Kroah-Hartman
2023-09-20 11:27 ` [PATCH 5.4 048/367] reiserfs: Check the return value from __getblk() Greg Kroah-Hartman
` (325 subsequent siblings)
372 siblings, 0 replies; 396+ messages in thread
From: Greg Kroah-Hartman @ 2023-09-20 11:27 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Sabrina Dubroca, Paolo Abeni
5.4-stable review patch. If anyone has any objections, please let me know.
------------------
From: Sabrina Dubroca <sd@queasysnail.net>
commit d3287e4038ca4f81e02067ab72d087af7224c68b upstream.
This reverts commit ab046a5d4be4c90a3952a0eae75617b49c0cb01b.
It was trying to work around an issue at the crypto layer by excluding
ASYNC implementations of gcm(aes), because a bug in the AESNI version
caused reordering when some requests bypassed the cryptd queue while
older requests were still pending on the queue.
This was fixed by commit 38b2f68b4264 ("crypto: aesni - Fix cryptd
reordering problem on gcm"), which pre-dates ab046a5d4be4.
Herbert Xu confirmed that all ASYNC implementations are expected to
maintain the ordering of completions wrt requests, so we can use them
in MACsec.
On my test machine, this restores the performance of a single netperf
instance, from 1.4Gbps to 4.4Gbps.
Link: https://lore.kernel.org/netdev/9328d206c5d9f9239cae27e62e74de40b258471d.1692279161.git.sd@queasysnail.net/T/
Link: https://lore.kernel.org/netdev/1b0cec71-d084-8153-2ba4-72ce71abeb65@byu.edu/
Link: https://lore.kernel.org/netdev/d335ddaa-18dc-f9f0-17ee-9783d3b2ca29@mailbox.tu-dresden.de/
Fixes: ab046a5d4be4 ("net: macsec: preserve ingress frame ordering")
Signed-off-by: Sabrina Dubroca <sd@queasysnail.net>
Link: https://lore.kernel.org/r/11c952469d114db6fb29242e1d9545e61f52f512.1693757159.git.sd@queasysnail.net
Signed-off-by: Paolo Abeni <pabeni@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/net/macsec.c | 3 +--
1 file changed, 1 insertion(+), 2 deletions(-)
--- a/drivers/net/macsec.c
+++ b/drivers/net/macsec.c
@@ -1350,8 +1350,7 @@ static struct crypto_aead *macsec_alloc_
struct crypto_aead *tfm;
int ret;
- /* Pick a sync gcm(aes) cipher to ensure order is preserved. */
- tfm = crypto_alloc_aead("gcm(aes)", 0, CRYPTO_ALG_ASYNC);
+ tfm = crypto_alloc_aead("gcm(aes)", 0, 0);
if (IS_ERR(tfm))
return tfm;
^ permalink raw reply [flat|nested] 396+ messages in thread
* [PATCH 5.4 048/367] reiserfs: Check the return value from __getblk()
2023-09-20 11:26 [PATCH 5.4 000/367] 5.4.257-rc1 review Greg Kroah-Hartman
` (46 preceding siblings ...)
2023-09-20 11:27 ` [PATCH 5.4 047/367] Revert "net: macsec: preserve ingress frame ordering" Greg Kroah-Hartman
@ 2023-09-20 11:27 ` Greg Kroah-Hartman
2023-09-20 11:27 ` [PATCH 5.4 049/367] eventfd: Export eventfd_ctx_do_read() Greg Kroah-Hartman
` (324 subsequent siblings)
372 siblings, 0 replies; 396+ messages in thread
From: Greg Kroah-Hartman @ 2023-09-20 11:27 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Matthew Wilcox (Oracle),
butt3rflyh4ck, Edward Shishkin, Christian Brauner, Sasha Levin
5.4-stable review patch. If anyone has any objections, please let me know.
------------------
From: Matthew Wilcox <willy@infradead.org>
[ Upstream commit ba38980add7ffc9e674ada5b4ded4e7d14e76581 ]
__getblk() can return a NULL pointer if we run out of memory or if we
try to access beyond the end of the device; check it and handle it
appropriately.
Signed-off-by: Matthew Wilcox (Oracle) <willy@infradead.org>
Link: https://lore.kernel.org/lkml/CAFcO6XOacq3hscbXevPQP7sXRoYFz34ZdKPYjmd6k5sZuhGFDw@mail.gmail.com/
Tested-by: butt3rflyh4ck <butterflyhuangxx@gmail.com>
Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2") # probably introduced in 2002
Acked-by: Edward Shishkin <edward.shishkin@gmail.com>
Signed-off-by: Christian Brauner <brauner@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
fs/reiserfs/journal.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/fs/reiserfs/journal.c b/fs/reiserfs/journal.c
index 09ad022a78a55..b8277a5dfe40e 100644
--- a/fs/reiserfs/journal.c
+++ b/fs/reiserfs/journal.c
@@ -2327,7 +2327,7 @@ static struct buffer_head *reiserfs_breada(struct block_device *dev,
int i, j;
bh = __getblk(dev, block, bufsize);
- if (buffer_uptodate(bh))
+ if (!bh || buffer_uptodate(bh))
return (bh);
if (block + BUFNR > max_block) {
@@ -2337,6 +2337,8 @@ static struct buffer_head *reiserfs_breada(struct block_device *dev,
j = 1;
for (i = 1; i < blocks; i++) {
bh = __getblk(dev, block + i, bufsize);
+ if (!bh)
+ break;
if (buffer_uptodate(bh)) {
brelse(bh);
break;
--
2.40.1
^ permalink raw reply related [flat|nested] 396+ messages in thread
* [PATCH 5.4 049/367] eventfd: Export eventfd_ctx_do_read()
2023-09-20 11:26 [PATCH 5.4 000/367] 5.4.257-rc1 review Greg Kroah-Hartman
` (47 preceding siblings ...)
2023-09-20 11:27 ` [PATCH 5.4 048/367] reiserfs: Check the return value from __getblk() Greg Kroah-Hartman
@ 2023-09-20 11:27 ` Greg Kroah-Hartman
2023-09-20 11:27 ` [PATCH 5.4 050/367] eventfd: prevent underflow for eventfd semaphores Greg Kroah-Hartman
` (323 subsequent siblings)
372 siblings, 0 replies; 396+ messages in thread
From: Greg Kroah-Hartman @ 2023-09-20 11:27 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, David Woodhouse, Paolo Bonzini, Sasha Levin
5.4-stable review patch. If anyone has any objections, please let me know.
------------------
From: David Woodhouse <dwmw@amazon.co.uk>
[ Upstream commit 28f1326710555bbe666f64452d08f2d7dd657cae ]
Where events are consumed in the kernel, for example by KVM's
irqfd_wakeup() and VFIO's virqfd_wakeup(), they currently lack a
mechanism to drain the eventfd's counter.
Since the wait queue is already locked while the wakeup functions are
invoked, all they really need to do is call eventfd_ctx_do_read().
Add a check for the lock, and export it for them.
Signed-off-by: David Woodhouse <dwmw@amazon.co.uk>
Message-Id: <20201027135523.646811-2-dwmw2@infradead.org>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Stable-dep-of: 758b49204781 ("eventfd: prevent underflow for eventfd semaphores")
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
fs/eventfd.c | 5 ++++-
include/linux/eventfd.h | 6 ++++++
2 files changed, 10 insertions(+), 1 deletion(-)
diff --git a/fs/eventfd.c b/fs/eventfd.c
index 78e41c7c3d05b..26b3d821e9168 100644
--- a/fs/eventfd.c
+++ b/fs/eventfd.c
@@ -181,11 +181,14 @@ static __poll_t eventfd_poll(struct file *file, poll_table *wait)
return events;
}
-static void eventfd_ctx_do_read(struct eventfd_ctx *ctx, __u64 *cnt)
+void eventfd_ctx_do_read(struct eventfd_ctx *ctx, __u64 *cnt)
{
+ lockdep_assert_held(&ctx->wqh.lock);
+
*cnt = (ctx->flags & EFD_SEMAPHORE) ? 1 : ctx->count;
ctx->count -= *cnt;
}
+EXPORT_SYMBOL_GPL(eventfd_ctx_do_read);
/**
* eventfd_ctx_remove_wait_queue - Read the current counter and removes wait queue.
diff --git a/include/linux/eventfd.h b/include/linux/eventfd.h
index 3482f9365a4db..de0ad39d4281f 100644
--- a/include/linux/eventfd.h
+++ b/include/linux/eventfd.h
@@ -41,6 +41,7 @@ struct eventfd_ctx *eventfd_ctx_fileget(struct file *file);
__u64 eventfd_signal(struct eventfd_ctx *ctx, __u64 n);
int eventfd_ctx_remove_wait_queue(struct eventfd_ctx *ctx, wait_queue_entry_t *wait,
__u64 *cnt);
+void eventfd_ctx_do_read(struct eventfd_ctx *ctx, __u64 *cnt);
DECLARE_PER_CPU(int, eventfd_wake_count);
@@ -82,6 +83,11 @@ static inline bool eventfd_signal_count(void)
return false;
}
+static inline void eventfd_ctx_do_read(struct eventfd_ctx *ctx, __u64 *cnt)
+{
+
+}
+
#endif
#endif /* _LINUX_EVENTFD_H */
--
2.40.1
^ permalink raw reply related [flat|nested] 396+ messages in thread
* [PATCH 5.4 050/367] eventfd: prevent underflow for eventfd semaphores
2023-09-20 11:26 [PATCH 5.4 000/367] 5.4.257-rc1 review Greg Kroah-Hartman
` (48 preceding siblings ...)
2023-09-20 11:27 ` [PATCH 5.4 049/367] eventfd: Export eventfd_ctx_do_read() Greg Kroah-Hartman
@ 2023-09-20 11:27 ` Greg Kroah-Hartman
2023-09-20 11:27 ` [PATCH 5.4 051/367] new helper: lookup_positive_unlocked() Greg Kroah-Hartman
` (322 subsequent siblings)
372 siblings, 0 replies; 396+ messages in thread
From: Greg Kroah-Hartman @ 2023-09-20 11:27 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Wen Yang, Alexander Viro,
Jens Axboe, Christian Brauner, Christoph Hellwig, Dylan Yudaken,
David Woodhouse, Matthew Wilcox, linux-fsdevel, linux-kernel,
Sasha Levin
5.4-stable review patch. If anyone has any objections, please let me know.
------------------
From: Wen Yang <wenyang.linux@foxmail.com>
[ Upstream commit 758b492047816a3158d027e9fca660bc5bcf20bf ]
For eventfd with flag EFD_SEMAPHORE, when its ctx->count is 0, calling
eventfd_ctx_do_read will cause ctx->count to overflow to ULLONG_MAX.
An underflow can happen with EFD_SEMAPHORE eventfds in at least the
following three subsystems:
(1) virt/kvm/eventfd.c
(2) drivers/vfio/virqfd.c
(3) drivers/virt/acrn/irqfd.c
where (2) and (3) are just modeled after (1). An eventfd must be
specified for use with the KVM_IRQFD ioctl(). This can also be an
EFD_SEMAPHORE eventfd. When the eventfd count is zero or has been
decremented to zero an underflow can be triggered when the irqfd is shut
down by raising the KVM_IRQFD_FLAG_DEASSIGN flag in the KVM_IRQFD
ioctl():
// ctx->count == 0
kvm_vm_ioctl()
-> kvm_irqfd()
-> kvm_irqfd_deassign()
-> irqfd_deactivate()
-> irqfd_shutdown()
-> eventfd_ctx_remove_wait_queue(&cnt)
-> eventfd_ctx_do_read(&cnt)
Userspace polling on the eventfd wouldn't notice the underflow because 1
is always returned as the value from eventfd_read() while ctx->count
would've underflowed. It's not a huge deal because this should only be
happening when the irqfd is shutdown but we should still fix it and
avoid the spurious wakeup.
Fixes: cb289d6244a3 ("eventfd - allow atomic read and waitqueue remove")
Signed-off-by: Wen Yang <wenyang.linux@foxmail.com>
Cc: Alexander Viro <viro@zeniv.linux.org.uk>
Cc: Jens Axboe <axboe@kernel.dk>
Cc: Christian Brauner <brauner@kernel.org>
Cc: Christoph Hellwig <hch@lst.de>
Cc: Dylan Yudaken <dylany@fb.com>
Cc: David Woodhouse <dwmw@amazon.co.uk>
Cc: Matthew Wilcox <willy@infradead.org>
Cc: linux-fsdevel@vger.kernel.org
Cc: linux-kernel@vger.kernel.org
Message-Id: <tencent_7588DFD1F365950A757310D764517A14B306@qq.com>
[brauner: rewrite commit message and add explanation how this underflow can happen]
Signed-off-by: Christian Brauner <brauner@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
fs/eventfd.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/fs/eventfd.c b/fs/eventfd.c
index 26b3d821e9168..e144094c831df 100644
--- a/fs/eventfd.c
+++ b/fs/eventfd.c
@@ -185,7 +185,7 @@ void eventfd_ctx_do_read(struct eventfd_ctx *ctx, __u64 *cnt)
{
lockdep_assert_held(&ctx->wqh.lock);
- *cnt = (ctx->flags & EFD_SEMAPHORE) ? 1 : ctx->count;
+ *cnt = ((ctx->flags & EFD_SEMAPHORE) && ctx->count) ? 1 : ctx->count;
ctx->count -= *cnt;
}
EXPORT_SYMBOL_GPL(eventfd_ctx_do_read);
--
2.40.1
^ permalink raw reply related [flat|nested] 396+ messages in thread
* [PATCH 5.4 051/367] new helper: lookup_positive_unlocked()
2023-09-20 11:26 [PATCH 5.4 000/367] 5.4.257-rc1 review Greg Kroah-Hartman
` (49 preceding siblings ...)
2023-09-20 11:27 ` [PATCH 5.4 050/367] eventfd: prevent underflow for eventfd semaphores Greg Kroah-Hartman
@ 2023-09-20 11:27 ` Greg Kroah-Hartman
2023-09-20 11:27 ` [PATCH 5.4 052/367] fs: Fix error checking for d_hash_and_lookup() Greg Kroah-Hartman
` (321 subsequent siblings)
372 siblings, 0 replies; 396+ messages in thread
From: Greg Kroah-Hartman @ 2023-09-20 11:27 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Al Viro, Sasha Levin
5.4-stable review patch. If anyone has any objections, please let me know.
------------------
From: Al Viro <viro@zeniv.linux.org.uk>
[ Upstream commit 6c2d4798a8d16cf4f3a28c3cd4af4f1dcbbb4d04 ]
Most of the callers of lookup_one_len_unlocked() treat negatives are
ERR_PTR(-ENOENT). Provide a helper that would do just that. Note
that a pinned positive dentry remains positive - it's ->d_inode is
stable, etc.; a pinned _negative_ dentry can become positive at any
point as long as you are not holding its parent at least shared.
So using lookup_one_len_unlocked() needs to be careful;
lookup_positive_unlocked() is safer and that's what the callers
end up open-coding anyway.
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
Stable-dep-of: 0d5a4f8f775f ("fs: Fix error checking for d_hash_and_lookup()")
Signed-off-by: Sasha Levin <sashal@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/cifs/cifsfs.c | 7 +------
fs/debugfs/inode.c | 6 +-----
fs/kernfs/mount.c | 2 +-
fs/namei.c | 20 ++++++++++++++++++++
fs/nfsd/nfs3xdr.c | 4 +---
fs/nfsd/nfs4xdr.c | 11 +----------
fs/overlayfs/namei.c | 24 ++++++++----------------
fs/quota/dquot.c | 8 +-------
include/linux/namei.h | 1 +
9 files changed, 35 insertions(+), 48 deletions(-)
--- a/fs/cifs/cifsfs.c
+++ b/fs/cifs/cifsfs.c
@@ -738,11 +738,6 @@ cifs_get_root(struct smb_vol *vol, struc
struct inode *dir = d_inode(dentry);
struct dentry *child;
- if (!dir) {
- dput(dentry);
- dentry = ERR_PTR(-ENOENT);
- break;
- }
if (!S_ISDIR(dir->i_mode)) {
dput(dentry);
dentry = ERR_PTR(-ENOTDIR);
@@ -759,7 +754,7 @@ cifs_get_root(struct smb_vol *vol, struc
while (*s && *s != sep)
s++;
- child = lookup_one_len_unlocked(p, dentry, s - p);
+ child = lookup_positive_unlocked(p, dentry, s - p);
dput(dentry);
dentry = child;
} while (!IS_ERR(dentry));
--- a/fs/debugfs/inode.c
+++ b/fs/debugfs/inode.c
@@ -299,13 +299,9 @@ struct dentry *debugfs_lookup(const char
if (!parent)
parent = debugfs_mount->mnt_root;
- dentry = lookup_one_len_unlocked(name, parent, strlen(name));
+ dentry = lookup_positive_unlocked(name, parent, strlen(name));
if (IS_ERR(dentry))
return NULL;
- if (!d_really_is_positive(dentry)) {
- dput(dentry);
- return NULL;
- }
return dentry;
}
EXPORT_SYMBOL_GPL(debugfs_lookup);
--- a/fs/kernfs/mount.c
+++ b/fs/kernfs/mount.c
@@ -200,7 +200,7 @@ struct dentry *kernfs_node_dentry(struct
dput(dentry);
return ERR_PTR(-EINVAL);
}
- dtmp = lookup_one_len_unlocked(kntmp->name, dentry,
+ dtmp = lookup_positive_unlocked(kntmp->name, dentry,
strlen(kntmp->name));
dput(dentry);
if (IS_ERR(dtmp))
--- a/fs/namei.c
+++ b/fs/namei.c
@@ -2565,6 +2565,26 @@ struct dentry *lookup_one_len_unlocked(c
}
EXPORT_SYMBOL(lookup_one_len_unlocked);
+/*
+ * Like lookup_one_len_unlocked(), except that it yields ERR_PTR(-ENOENT)
+ * on negatives. Returns known positive or ERR_PTR(); that's what
+ * most of the users want. Note that pinned negative with unlocked parent
+ * _can_ become positive at any time, so callers of lookup_one_len_unlocked()
+ * need to be very careful; pinned positives have ->d_inode stable, so
+ * this one avoids such problems.
+ */
+struct dentry *lookup_positive_unlocked(const char *name,
+ struct dentry *base, int len)
+{
+ struct dentry *ret = lookup_one_len_unlocked(name, base, len);
+ if (!IS_ERR(ret) && d_is_negative(ret)) {
+ dput(ret);
+ ret = ERR_PTR(-ENOENT);
+ }
+ return ret;
+}
+EXPORT_SYMBOL(lookup_positive_unlocked);
+
#ifdef CONFIG_UNIX98_PTYS
int path_pts(struct path *path)
{
--- a/fs/nfsd/nfs3xdr.c
+++ b/fs/nfsd/nfs3xdr.c
@@ -868,13 +868,11 @@ compose_entry_fh(struct nfsd3_readdirres
} else
dchild = dget(dparent);
} else
- dchild = lookup_one_len_unlocked(name, dparent, namlen);
+ dchild = lookup_positive_unlocked(name, dparent, namlen);
if (IS_ERR(dchild))
return rv;
if (d_mountpoint(dchild))
goto out;
- if (d_really_is_negative(dchild))
- goto out;
if (dchild->d_inode->i_ino != ino)
goto out;
rv = fh_compose(fhp, exp, dchild, &cd->fh);
--- a/fs/nfsd/nfs4xdr.c
+++ b/fs/nfsd/nfs4xdr.c
@@ -2991,18 +2991,9 @@ nfsd4_encode_dirent_fattr(struct xdr_str
__be32 nfserr;
int ignore_crossmnt = 0;
- dentry = lookup_one_len_unlocked(name, cd->rd_fhp->fh_dentry, namlen);
+ dentry = lookup_positive_unlocked(name, cd->rd_fhp->fh_dentry, namlen);
if (IS_ERR(dentry))
return nfserrno(PTR_ERR(dentry));
- if (d_really_is_negative(dentry)) {
- /*
- * we're not holding the i_mutex here, so there's
- * a window where this directory entry could have gone
- * away.
- */
- dput(dentry);
- return nfserr_noent;
- }
exp_get(exp);
/*
--- a/fs/overlayfs/namei.c
+++ b/fs/overlayfs/namei.c
@@ -200,7 +200,7 @@ static int ovl_lookup_single(struct dent
int err;
bool last_element = !post[0];
- this = lookup_one_len_unlocked(name, base, namelen);
+ this = lookup_positive_unlocked(name, base, namelen);
if (IS_ERR(this)) {
err = PTR_ERR(this);
this = NULL;
@@ -208,8 +208,6 @@ static int ovl_lookup_single(struct dent
goto out;
goto out_err;
}
- if (!this->d_inode)
- goto put_and_out;
if (ovl_dentry_weird(this)) {
/* Don't support traversing automounts and other weirdness */
@@ -659,7 +657,7 @@ struct dentry *ovl_get_index_fh(struct o
if (err)
return ERR_PTR(err);
- index = lookup_one_len_unlocked(name.name, ofs->indexdir, name.len);
+ index = lookup_positive_unlocked(name.name, ofs->indexdir, name.len);
kfree(name.name);
if (IS_ERR(index)) {
if (PTR_ERR(index) == -ENOENT)
@@ -667,9 +665,7 @@ struct dentry *ovl_get_index_fh(struct o
return index;
}
- if (d_is_negative(index))
- err = 0;
- else if (ovl_is_whiteout(index))
+ if (ovl_is_whiteout(index))
err = -ESTALE;
else if (ovl_dentry_weird(index))
err = -EIO;
@@ -693,7 +689,7 @@ struct dentry *ovl_lookup_index(struct o
if (err)
return ERR_PTR(err);
- index = lookup_one_len_unlocked(name.name, ofs->indexdir, name.len);
+ index = lookup_positive_unlocked(name.name, ofs->indexdir, name.len);
if (IS_ERR(index)) {
err = PTR_ERR(index);
if (err == -ENOENT) {
@@ -708,9 +704,7 @@ struct dentry *ovl_lookup_index(struct o
}
inode = d_inode(index);
- if (d_is_negative(index)) {
- goto out_dput;
- } else if (ovl_is_whiteout(index) && !verify) {
+ if (ovl_is_whiteout(index) && !verify) {
/*
* When index lookup is called with !verify for decoding an
* overlay file handle, a whiteout index implies that decode
@@ -1139,7 +1133,7 @@ bool ovl_lower_positive(struct dentry *d
struct dentry *this;
struct dentry *lowerdir = poe->lowerstack[i].dentry;
- this = lookup_one_len_unlocked(name->name, lowerdir,
+ this = lookup_positive_unlocked(name->name, lowerdir,
name->len);
if (IS_ERR(this)) {
switch (PTR_ERR(this)) {
@@ -1156,10 +1150,8 @@ bool ovl_lower_positive(struct dentry *d
break;
}
} else {
- if (this->d_inode) {
- positive = !ovl_is_whiteout(this);
- done = true;
- }
+ positive = !ovl_is_whiteout(this);
+ done = true;
dput(this);
}
}
--- a/fs/quota/dquot.c
+++ b/fs/quota/dquot.c
@@ -2543,21 +2543,15 @@ int dquot_quota_on_mount(struct super_bl
struct dentry *dentry;
int error;
- dentry = lookup_one_len_unlocked(qf_name, sb->s_root, strlen(qf_name));
+ dentry = lookup_positive_unlocked(qf_name, sb->s_root, strlen(qf_name));
if (IS_ERR(dentry))
return PTR_ERR(dentry);
- if (d_really_is_negative(dentry)) {
- error = -ENOENT;
- goto out;
- }
-
error = security_quota_on(dentry);
if (!error)
error = vfs_load_quota_inode(d_inode(dentry), type, format_id,
DQUOT_USAGE_ENABLED | DQUOT_LIMITS_ENABLED);
-out:
dput(dentry);
return error;
}
--- a/include/linux/namei.h
+++ b/include/linux/namei.h
@@ -60,6 +60,7 @@ extern int kern_path_mountpoint(int, con
extern struct dentry *try_lookup_one_len(const char *, struct dentry *, int);
extern struct dentry *lookup_one_len(const char *, struct dentry *, int);
extern struct dentry *lookup_one_len_unlocked(const char *, struct dentry *, int);
+extern struct dentry *lookup_positive_unlocked(const char *, struct dentry *, int);
extern int follow_down_one(struct path *);
extern int follow_down(struct path *);
^ permalink raw reply [flat|nested] 396+ messages in thread
* [PATCH 5.4 052/367] fs: Fix error checking for d_hash_and_lookup()
2023-09-20 11:26 [PATCH 5.4 000/367] 5.4.257-rc1 review Greg Kroah-Hartman
` (50 preceding siblings ...)
2023-09-20 11:27 ` [PATCH 5.4 051/367] new helper: lookup_positive_unlocked() Greg Kroah-Hartman
@ 2023-09-20 11:27 ` Greg Kroah-Hartman
2023-09-20 11:27 ` [PATCH 5.4 053/367] tmpfs: verify {g,u}id mount options correctly Greg Kroah-Hartman
` (320 subsequent siblings)
372 siblings, 0 replies; 396+ messages in thread
From: Greg Kroah-Hartman @ 2023-09-20 11:27 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Wang Ming, Christian Brauner, Sasha Levin
5.4-stable review patch. If anyone has any objections, please let me know.
------------------
From: Wang Ming <machel@vivo.com>
[ Upstream commit 0d5a4f8f775ff990142cdc810a84eae078589d27 ]
The d_hash_and_lookup() function returns error pointers or NULL.
Most incorrect error checks were fixed, but the one in int path_pts()
was forgotten.
Fixes: eedf265aa003 ("devpts: Make each mount of devpts an independent filesystem.")
Signed-off-by: Wang Ming <machel@vivo.com>
Message-Id: <20230713120555.7025-1-machel@vivo.com>
Signed-off-by: Christian Brauner <brauner@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
fs/namei.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/fs/namei.c b/fs/namei.c
index 21988d22399f9..f6708ab8ec7ed 100644
--- a/fs/namei.c
+++ b/fs/namei.c
@@ -2603,7 +2603,7 @@ int path_pts(struct path *path)
this.name = "pts";
this.len = 3;
child = d_hash_and_lookup(parent, &this);
- if (!child)
+ if (IS_ERR_OR_NULL(child))
return -ENOENT;
path->dentry = child;
--
2.40.1
^ permalink raw reply related [flat|nested] 396+ messages in thread
* [PATCH 5.4 053/367] tmpfs: verify {g,u}id mount options correctly
2023-09-20 11:26 [PATCH 5.4 000/367] 5.4.257-rc1 review Greg Kroah-Hartman
` (51 preceding siblings ...)
2023-09-20 11:27 ` [PATCH 5.4 052/367] fs: Fix error checking for d_hash_and_lookup() Greg Kroah-Hartman
@ 2023-09-20 11:27 ` Greg Kroah-Hartman
2023-09-20 11:27 ` [PATCH 5.4 054/367] OPP: Fix passing 0 to PTR_ERR in _opp_attach_genpd() Greg Kroah-Hartman
` (319 subsequent siblings)
372 siblings, 0 replies; 396+ messages in thread
From: Greg Kroah-Hartman @ 2023-09-20 11:27 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Seth Forshee (DigitalOcean),
Seth Jenkins, Christian Brauner, Sasha Levin
5.4-stable review patch. If anyone has any objections, please let me know.
------------------
From: Christian Brauner <brauner@kernel.org>
[ Upstream commit 0200679fc7953177941e41c2a4241d0b6c2c5de8 ]
A while ago we received the following report:
"The other outstanding issue I noticed comes from the fact that
fsconfig syscalls may occur in a different userns than that which
called fsopen. That means that resolving the uid/gid via
current_user_ns() can save a kuid that isn't mapped in the associated
namespace when the filesystem is finally mounted. This means that it
is possible for an unprivileged user to create files owned by any
group in a tmpfs mount (since we can set the SUID bit on the tmpfs
directory), or a tmpfs that is owned by any user, including the root
group/user."
The contract for {g,u}id mount options and {g,u}id values in general set
from userspace has always been that they are translated according to the
caller's idmapping. In so far, tmpfs has been doing the correct thing.
But since tmpfs is mountable in unprivileged contexts it is also
necessary to verify that the resulting {k,g}uid is representable in the
namespace of the superblock to avoid such bugs as above.
The new mount api's cross-namespace delegation abilities are already
widely used. After having talked to a bunch of userspace this is the
most faithful solution with minimal regression risks. I know of one
users - systemd - that makes use of the new mount api in this way and
they don't set unresolable {g,u}ids. So the regression risk is minimal.
Link: https://lore.kernel.org/lkml/CALxfFW4BXhEwxR0Q5LSkg-8Vb4r2MONKCcUCVioehXQKr35eHg@mail.gmail.com
Fixes: f32356261d44 ("vfs: Convert ramfs, shmem, tmpfs, devtmpfs, rootfs to use the new mount API")
Reviewed-by: "Seth Forshee (DigitalOcean)" <sforshee@kernel.org>
Reported-by: Seth Jenkins <sethjenkins@google.com>
Message-Id: <20230801-vfs-fs_context-uidgid-v1-1-daf46a050bbf@kernel.org>
Signed-off-by: Christian Brauner <brauner@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
mm/shmem.c | 28 ++++++++++++++++++++++++----
1 file changed, 24 insertions(+), 4 deletions(-)
diff --git a/mm/shmem.c b/mm/shmem.c
index aae2f408f9053..264229680ad75 100644
--- a/mm/shmem.c
+++ b/mm/shmem.c
@@ -3417,6 +3417,8 @@ static int shmem_parse_one(struct fs_context *fc, struct fs_parameter *param)
unsigned long long size;
char *rest;
int opt;
+ kuid_t kuid;
+ kgid_t kgid;
opt = fs_parse(fc, &shmem_fs_parameters, param, &result);
if (opt < 0)
@@ -3452,14 +3454,32 @@ static int shmem_parse_one(struct fs_context *fc, struct fs_parameter *param)
ctx->mode = result.uint_32 & 07777;
break;
case Opt_uid:
- ctx->uid = make_kuid(current_user_ns(), result.uint_32);
- if (!uid_valid(ctx->uid))
+ kuid = make_kuid(current_user_ns(), result.uint_32);
+ if (!uid_valid(kuid))
goto bad_value;
+
+ /*
+ * The requested uid must be representable in the
+ * filesystem's idmapping.
+ */
+ if (!kuid_has_mapping(fc->user_ns, kuid))
+ goto bad_value;
+
+ ctx->uid = kuid;
break;
case Opt_gid:
- ctx->gid = make_kgid(current_user_ns(), result.uint_32);
- if (!gid_valid(ctx->gid))
+ kgid = make_kgid(current_user_ns(), result.uint_32);
+ if (!gid_valid(kgid))
goto bad_value;
+
+ /*
+ * The requested gid must be representable in the
+ * filesystem's idmapping.
+ */
+ if (!kgid_has_mapping(fc->user_ns, kgid))
+ goto bad_value;
+
+ ctx->gid = kgid;
break;
case Opt_huge:
ctx->huge = result.uint_32;
--
2.40.1
^ permalink raw reply related [flat|nested] 396+ messages in thread
* [PATCH 5.4 054/367] OPP: Fix passing 0 to PTR_ERR in _opp_attach_genpd()
2023-09-20 11:26 [PATCH 5.4 000/367] 5.4.257-rc1 review Greg Kroah-Hartman
` (52 preceding siblings ...)
2023-09-20 11:27 ` [PATCH 5.4 053/367] tmpfs: verify {g,u}id mount options correctly Greg Kroah-Hartman
@ 2023-09-20 11:27 ` Greg Kroah-Hartman
2023-09-20 11:27 ` [PATCH 5.4 055/367] x86/asm: Make more symbols local Greg Kroah-Hartman
` (318 subsequent siblings)
372 siblings, 0 replies; 396+ messages in thread
From: Greg Kroah-Hartman @ 2023-09-20 11:27 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Manivannan Sadhasivam, Viresh Kumar,
Sasha Levin
5.4-stable review patch. If anyone has any objections, please let me know.
------------------
From: Manivannan Sadhasivam <manivannan.sadhasivam@linaro.org>
[ Upstream commit d920920f85a82c1c806a4143871a0e8f534732f2 ]
If dev_pm_domain_attach_by_name() returns NULL, then 0 will be passed to
PTR_ERR() as reported by the smatch warning below:
drivers/opp/core.c:2456 _opp_attach_genpd() warn: passing zero to 'PTR_ERR'
Fix it by checking for the non-NULL virt_dev pointer before passing it to
PTR_ERR. Otherwise return -ENODEV.
Fixes: 4ea9496cbc95 ("opp: Fix error check in dev_pm_opp_attach_genpd()")
Signed-off-by: Manivannan Sadhasivam <manivannan.sadhasivam@linaro.org>
Signed-off-by: Viresh Kumar <viresh.kumar@linaro.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/opp/core.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/opp/core.c b/drivers/opp/core.c
index 08f5d1c3d6651..e1810c4011b23 100644
--- a/drivers/opp/core.c
+++ b/drivers/opp/core.c
@@ -1882,7 +1882,7 @@ struct opp_table *dev_pm_opp_attach_genpd(struct device *dev,
virt_dev = dev_pm_domain_attach_by_name(dev, *name);
if (IS_ERR_OR_NULL(virt_dev)) {
- ret = PTR_ERR(virt_dev) ? : -ENODEV;
+ ret = virt_dev ? PTR_ERR(virt_dev) : -ENODEV;
dev_err(dev, "Couldn't attach to pm_domain: %d\n", ret);
goto err;
}
--
2.40.1
^ permalink raw reply related [flat|nested] 396+ messages in thread
* [PATCH 5.4 055/367] x86/asm: Make more symbols local
2023-09-20 11:26 [PATCH 5.4 000/367] 5.4.257-rc1 review Greg Kroah-Hartman
` (53 preceding siblings ...)
2023-09-20 11:27 ` [PATCH 5.4 054/367] OPP: Fix passing 0 to PTR_ERR in _opp_attach_genpd() Greg Kroah-Hartman
@ 2023-09-20 11:27 ` Greg Kroah-Hartman
2023-09-20 11:27 ` [PATCH 5.4 056/367] x86/boot: Annotate local functions Greg Kroah-Hartman
` (317 subsequent siblings)
372 siblings, 0 replies; 396+ messages in thread
From: Greg Kroah-Hartman @ 2023-09-20 11:27 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Jiri Slaby, Borislav Petkov,
Linus Torvalds, Peter Zijlstra, Thomas Gleixner, bp, hpa,
Ingo Molnar, Sasha Levin
5.4-stable review patch. If anyone has any objections, please let me know.
------------------
From: Jiri Slaby <jslaby@suse.cz>
[ Upstream commit 30a2441cae7b149ff484a697bf9eb8de53240a4f ]
During the assembly cleanup patchset review, I found more symbols which
are used only locally. So make them really local by prepending ".L" to
them. Namely:
- wakeup_idt is used only in realmode/rm/wakeup_asm.S.
- in_pm32 is used only in boot/pmjump.S.
- retint_user is used only in entry/entry_64.S, perhaps since commit
2ec67971facc ("x86/entry/64/compat: Remove most of the fast system
call machinery"), where entry_64_compat's caller was removed.
Drop GLOBAL from all of them too. I do not see more candidates in the
series.
Signed-off-by: Jiri Slaby <jslaby@suse.cz>
Acked-by: Borislav Petkov <bp@suse.de>
Cc: Linus Torvalds <torvalds@linux-foundation.org>
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: Thomas Gleixner <tglx@linutronix.de>
Cc: bp@alien8.de
Cc: hpa@zytor.com
Link: https://lkml.kernel.org/r/20191011092213.31470-1-jslaby@suse.cz
Signed-off-by: Ingo Molnar <mingo@kernel.org>
Stable-dep-of: 264b82fdb498 ("x86/decompressor: Don't rely on upper 32 bits of GPRs being preserved")
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/x86/boot/pmjump.S | 6 +++---
arch/x86/entry/entry_64.S | 4 ++--
arch/x86/realmode/rm/wakeup_asm.S | 6 +++---
3 files changed, 8 insertions(+), 8 deletions(-)
diff --git a/arch/x86/boot/pmjump.S b/arch/x86/boot/pmjump.S
index c22f9a7d1aeb9..ea88d52eeac70 100644
--- a/arch/x86/boot/pmjump.S
+++ b/arch/x86/boot/pmjump.S
@@ -40,13 +40,13 @@ GLOBAL(protected_mode_jump)
# Transition to 32-bit mode
.byte 0x66, 0xea # ljmpl opcode
-2: .long in_pm32 # offset
+2: .long .Lin_pm32 # offset
.word __BOOT_CS # segment
ENDPROC(protected_mode_jump)
.code32
.section ".text32","ax"
-GLOBAL(in_pm32)
+.Lin_pm32:
# Set up data segments for flat 32-bit mode
movl %ecx, %ds
movl %ecx, %es
@@ -72,4 +72,4 @@ GLOBAL(in_pm32)
lldt %cx
jmpl *%eax # Jump to the 32-bit entrypoint
-ENDPROC(in_pm32)
+ENDPROC(.Lin_pm32)
diff --git a/arch/x86/entry/entry_64.S b/arch/x86/entry/entry_64.S
index bd7a4ad0937c4..640c7d36c26c7 100644
--- a/arch/x86/entry/entry_64.S
+++ b/arch/x86/entry/entry_64.S
@@ -618,7 +618,7 @@ ret_from_intr:
jz retint_kernel
/* Interrupt came from user space */
-GLOBAL(retint_user)
+.Lretint_user:
mov %rsp,%rdi
call prepare_exit_to_usermode
TRACE_IRQS_IRETQ
@@ -1392,7 +1392,7 @@ ENTRY(error_exit)
TRACE_IRQS_OFF
testb $3, CS(%rsp)
jz retint_kernel
- jmp retint_user
+ jmp .Lretint_user
END(error_exit)
/*
diff --git a/arch/x86/realmode/rm/wakeup_asm.S b/arch/x86/realmode/rm/wakeup_asm.S
index 05ac9c17c8111..dad6198f1a266 100644
--- a/arch/x86/realmode/rm/wakeup_asm.S
+++ b/arch/x86/realmode/rm/wakeup_asm.S
@@ -73,7 +73,7 @@ ENTRY(wakeup_start)
movw %ax, %fs
movw %ax, %gs
- lidtl wakeup_idt
+ lidtl .Lwakeup_idt
/* Clear the EFLAGS */
pushl $0
@@ -171,8 +171,8 @@ END(wakeup_gdt)
/* This is the standard real-mode IDT */
.balign 16
-GLOBAL(wakeup_idt)
+.Lwakeup_idt:
.word 0xffff /* limit */
.long 0 /* address */
.word 0
-END(wakeup_idt)
+END(.Lwakeup_idt)
--
2.40.1
^ permalink raw reply related [flat|nested] 396+ messages in thread
* [PATCH 5.4 056/367] x86/boot: Annotate local functions
2023-09-20 11:26 [PATCH 5.4 000/367] 5.4.257-rc1 review Greg Kroah-Hartman
` (54 preceding siblings ...)
2023-09-20 11:27 ` [PATCH 5.4 055/367] x86/asm: Make more symbols local Greg Kroah-Hartman
@ 2023-09-20 11:27 ` Greg Kroah-Hartman
2023-09-20 11:27 ` [PATCH 5.4 057/367] x86/decompressor: Dont rely on upper 32 bits of GPRs being preserved Greg Kroah-Hartman
` (316 subsequent siblings)
372 siblings, 0 replies; 396+ messages in thread
From: Greg Kroah-Hartman @ 2023-09-20 11:27 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Jiri Slaby, Borislav Petkov,
Cao jin, H. Peter Anvin, Ingo Molnar, Kate Stewart,
Kirill A. Shutemov, linux-arch, Thomas Gleixner, Wei Huang,
x86-ml, Xiaoyao Li, Sasha Levin
5.4-stable review patch. If anyone has any objections, please let me know.
------------------
From: Jiri Slaby <jslaby@suse.cz>
[ Upstream commit deff8a24e1021fb39dddf5f6bc5832e0e3a632ea ]
.Lrelocated, .Lpaging_enabled, .Lno_longmode, and .Lin_pm32 are
self-standing local functions, annotate them as such and preserve "no
alignment".
The annotations do not generate anything yet.
Signed-off-by: Jiri Slaby <jslaby@suse.cz>
Signed-off-by: Borislav Petkov <bp@suse.de>
Cc: Cao jin <caoj.fnst@cn.fujitsu.com>
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Cc: "H. Peter Anvin" <hpa@zytor.com>
Cc: Ingo Molnar <mingo@redhat.com>
Cc: Kate Stewart <kstewart@linuxfoundation.org>
Cc: "Kirill A. Shutemov" <kirill.shutemov@linux.intel.com>
Cc: linux-arch@vger.kernel.org
Cc: Thomas Gleixner <tglx@linutronix.de>
Cc: Wei Huang <wei@redhat.com>
Cc: x86-ml <x86@kernel.org>
Cc: Xiaoyao Li <xiaoyao.li@linux.intel.com>
Link: https://lkml.kernel.org/r/20191011115108.12392-8-jslaby@suse.cz
Stable-dep-of: 264b82fdb498 ("x86/decompressor: Don't rely on upper 32 bits of GPRs being preserved")
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/x86/boot/compressed/head_32.S | 3 ++-
arch/x86/boot/compressed/head_64.S | 9 ++++++---
arch/x86/boot/pmjump.S | 4 ++--
3 files changed, 10 insertions(+), 6 deletions(-)
diff --git a/arch/x86/boot/compressed/head_32.S b/arch/x86/boot/compressed/head_32.S
index d7c0fcc1dbf9e..b788b986f3351 100644
--- a/arch/x86/boot/compressed/head_32.S
+++ b/arch/x86/boot/compressed/head_32.S
@@ -210,7 +210,7 @@ ENDPROC(efi32_stub_entry)
#endif
.text
-.Lrelocated:
+SYM_FUNC_START_LOCAL_NOALIGN(.Lrelocated)
/*
* Clear BSS (stack is currently empty)
@@ -261,6 +261,7 @@ ENDPROC(efi32_stub_entry)
*/
xorl %ebx, %ebx
jmp *%eax
+SYM_FUNC_END(.Lrelocated)
#ifdef CONFIG_EFI_STUB
.data
diff --git a/arch/x86/boot/compressed/head_64.S b/arch/x86/boot/compressed/head_64.S
index 50c9eeb36f0d8..95ee795d97964 100644
--- a/arch/x86/boot/compressed/head_64.S
+++ b/arch/x86/boot/compressed/head_64.S
@@ -517,7 +517,7 @@ ENDPROC(efi64_stub_entry)
#endif
.text
-.Lrelocated:
+SYM_FUNC_START_LOCAL_NOALIGN(.Lrelocated)
/*
* Clear BSS (stack is currently empty)
@@ -546,6 +546,7 @@ ENDPROC(efi64_stub_entry)
* Jump to the decompressed kernel.
*/
jmp *%rax
+SYM_FUNC_END(.Lrelocated)
/*
* Adjust the global offset table
@@ -641,9 +642,10 @@ ENTRY(trampoline_32bit_src)
lret
.code64
-.Lpaging_enabled:
+SYM_FUNC_START_LOCAL_NOALIGN(.Lpaging_enabled)
/* Return from the trampoline */
jmp *%rdi
+SYM_FUNC_END(.Lpaging_enabled)
/*
* The trampoline code has a size limit.
@@ -653,11 +655,12 @@ ENTRY(trampoline_32bit_src)
.org trampoline_32bit_src + TRAMPOLINE_32BIT_CODE_SIZE
.code32
-.Lno_longmode:
+SYM_FUNC_START_LOCAL_NOALIGN(.Lno_longmode)
/* This isn't an x86-64 CPU, so hang intentionally, we cannot continue */
1:
hlt
jmp 1b
+SYM_FUNC_END(.Lno_longmode)
#include "../../kernel/verify_cpu.S"
diff --git a/arch/x86/boot/pmjump.S b/arch/x86/boot/pmjump.S
index ea88d52eeac70..81658fe353808 100644
--- a/arch/x86/boot/pmjump.S
+++ b/arch/x86/boot/pmjump.S
@@ -46,7 +46,7 @@ ENDPROC(protected_mode_jump)
.code32
.section ".text32","ax"
-.Lin_pm32:
+SYM_FUNC_START_LOCAL_NOALIGN(.Lin_pm32)
# Set up data segments for flat 32-bit mode
movl %ecx, %ds
movl %ecx, %es
@@ -72,4 +72,4 @@ ENDPROC(protected_mode_jump)
lldt %cx
jmpl *%eax # Jump to the 32-bit entrypoint
-ENDPROC(.Lin_pm32)
+SYM_FUNC_END(.Lin_pm32)
--
2.40.1
^ permalink raw reply related [flat|nested] 396+ messages in thread
* [PATCH 5.4 057/367] x86/decompressor: Dont rely on upper 32 bits of GPRs being preserved
2023-09-20 11:26 [PATCH 5.4 000/367] 5.4.257-rc1 review Greg Kroah-Hartman
` (55 preceding siblings ...)
2023-09-20 11:27 ` [PATCH 5.4 056/367] x86/boot: Annotate local functions Greg Kroah-Hartman
@ 2023-09-20 11:27 ` Greg Kroah-Hartman
2023-09-20 11:27 ` [PATCH 5.4 058/367] perf/imx_ddr: dont enable counter0 if none of 4 counters are used Greg Kroah-Hartman
` (315 subsequent siblings)
372 siblings, 0 replies; 396+ messages in thread
From: Greg Kroah-Hartman @ 2023-09-20 11:27 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Ard Biesheuvel,
Borislav Petkov (AMD),
Sasha Levin
5.4-stable review patch. If anyone has any objections, please let me know.
------------------
From: Ard Biesheuvel <ardb@kernel.org>
[ Upstream commit 264b82fdb4989cf6a44a2bcd0c6ea05e8026b2ac ]
The 4-to-5 level mode switch trampoline disables long mode and paging in
order to be able to flick the LA57 bit. According to section 3.4.1.1 of
the x86 architecture manual [0], 64-bit GPRs might not retain the upper
32 bits of their contents across such a mode switch.
Given that RBP, RBX and RSI are live at this point, preserve them on the
stack, along with the return address that might be above 4G as well.
[0] Intel® 64 and IA-32 Architectures Software Developer’s Manual, Volume 1: Basic Architecture
"Because the upper 32 bits of 64-bit general-purpose registers are
undefined in 32-bit modes, the upper 32 bits of any general-purpose
register are not preserved when switching from 64-bit mode to a 32-bit
mode (to protected mode or compatibility mode). Software must not
depend on these bits to maintain a value after a 64-bit to 32-bit
mode switch."
Fixes: 194a9749c73d650c ("x86/boot/compressed/64: Handle 5-level paging boot if kernel is above 4G")
Signed-off-by: Ard Biesheuvel <ardb@kernel.org>
Signed-off-by: Borislav Petkov (AMD) <bp@alien8.de>
Link: https://lore.kernel.org/r/20230807162720.545787-2-ardb@kernel.org
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/x86/boot/compressed/head_64.S | 30 +++++++++++++++++++++++-------
1 file changed, 23 insertions(+), 7 deletions(-)
diff --git a/arch/x86/boot/compressed/head_64.S b/arch/x86/boot/compressed/head_64.S
index 95ee795d97964..d8164e6abaaff 100644
--- a/arch/x86/boot/compressed/head_64.S
+++ b/arch/x86/boot/compressed/head_64.S
@@ -381,11 +381,25 @@ ENTRY(startup_64)
/* Save the trampoline address in RCX */
movq %rax, %rcx
+ /* Set up 32-bit addressable stack */
+ leaq TRAMPOLINE_32BIT_STACK_END(%rcx), %rsp
+
+ /*
+ * Preserve live 64-bit registers on the stack: this is necessary
+ * because the architecture does not guarantee that GPRs will retain
+ * their full 64-bit values across a 32-bit mode switch.
+ */
+ pushq %rbp
+ pushq %rbx
+ pushq %rsi
+
/*
- * Load the address of trampoline_return() into RDI.
- * It will be used by the trampoline to return to the main code.
+ * Push the 64-bit address of trampoline_return() onto the new stack.
+ * It will be used by the trampoline to return to the main code. Due to
+ * the 32-bit mode switch, it cannot be kept it in a register either.
*/
leaq trampoline_return(%rip), %rdi
+ pushq %rdi
/* Switch to compatibility mode (CS.L = 0 CS.D = 1) via far return */
pushq $__KERNEL32_CS
@@ -393,6 +407,11 @@ ENTRY(startup_64)
pushq %rax
lretq
trampoline_return:
+ /* Restore live 64-bit registers */
+ popq %rsi
+ popq %rbx
+ popq %rbp
+
/* Restore the stack, the 32-bit trampoline uses its own stack */
leaq boot_stack_end(%rbx), %rsp
@@ -573,7 +592,7 @@ SYM_FUNC_END(.Lrelocated)
/*
* This is the 32-bit trampoline that will be copied over to low memory.
*
- * RDI contains the return address (might be above 4G).
+ * Return address is at the top of the stack (might be above 4G).
* ECX contains the base address of the trampoline memory.
* Non zero RDX means trampoline needs to enable 5-level paging.
*/
@@ -583,9 +602,6 @@ ENTRY(trampoline_32bit_src)
movl %eax, %ds
movl %eax, %ss
- /* Set up new stack */
- leal TRAMPOLINE_32BIT_STACK_END(%ecx), %esp
-
/* Disable paging */
movl %cr0, %eax
btrl $X86_CR0_PG_BIT, %eax
@@ -644,7 +660,7 @@ ENTRY(trampoline_32bit_src)
.code64
SYM_FUNC_START_LOCAL_NOALIGN(.Lpaging_enabled)
/* Return from the trampoline */
- jmp *%rdi
+ retq
SYM_FUNC_END(.Lpaging_enabled)
/*
--
2.40.1
^ permalink raw reply related [flat|nested] 396+ messages in thread
* [PATCH 5.4 058/367] perf/imx_ddr: dont enable counter0 if none of 4 counters are used
2023-09-20 11:26 [PATCH 5.4 000/367] 5.4.257-rc1 review Greg Kroah-Hartman
` (56 preceding siblings ...)
2023-09-20 11:27 ` [PATCH 5.4 057/367] x86/decompressor: Dont rely on upper 32 bits of GPRs being preserved Greg Kroah-Hartman
@ 2023-09-20 11:27 ` Greg Kroah-Hartman
2023-09-20 11:27 ` [PATCH 5.4 059/367] cpufreq: powernow-k8: Use related_cpus instead of cpus in driver.exit() Greg Kroah-Hartman
` (314 subsequent siblings)
372 siblings, 0 replies; 396+ messages in thread
From: Greg Kroah-Hartman @ 2023-09-20 11:27 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Xu Yang, Frank Li, Will Deacon, Sasha Levin
5.4-stable review patch. If anyone has any objections, please let me know.
------------------
From: Xu Yang <xu.yang_2@nxp.com>
[ Upstream commit f4e2bd91ddf5e8543cbe7ad80b3fba3d2dc63fa3 ]
In current driver, counter0 will be enabled after ddr_perf_pmu_enable()
is called even though none of the 4 counters are used. This will cause
counter0 continue to count until ddr_perf_pmu_disabled() is called. If
pmu is not disabled all the time, the pmu interrupt will be asserted
from time to time due to counter0 will overflow and irq handler will
clear it. It's not an expected behavior. This patch will not enable
counter0 if none of 4 counters are used.
Fixes: 9a66d36cc7ac ("drivers/perf: imx_ddr: Add DDR performance counter support to perf")
Signed-off-by: Xu Yang <xu.yang_2@nxp.com>
Reviewed-by: Frank Li <Frank.Li@nxp.com>
Link: https://lore.kernel.org/r/20230811015438.1999307-2-xu.yang_2@nxp.com
Signed-off-by: Will Deacon <will@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/perf/fsl_imx8_ddr_perf.c | 24 +++++++++---------------
1 file changed, 9 insertions(+), 15 deletions(-)
diff --git a/drivers/perf/fsl_imx8_ddr_perf.c b/drivers/perf/fsl_imx8_ddr_perf.c
index 912a220a9db92..a0e45c726bbf0 100644
--- a/drivers/perf/fsl_imx8_ddr_perf.c
+++ b/drivers/perf/fsl_imx8_ddr_perf.c
@@ -77,6 +77,7 @@ struct ddr_pmu {
const struct fsl_ddr_devtype_data *devtype_data;
int irq;
int id;
+ int active_counter;
};
static ssize_t ddr_perf_cpumask_show(struct device *dev,
@@ -353,6 +354,10 @@ static void ddr_perf_event_start(struct perf_event *event, int flags)
ddr_perf_counter_enable(pmu, event->attr.config, counter, true);
+ if (!pmu->active_counter++)
+ ddr_perf_counter_enable(pmu, EVENT_CYCLES_ID,
+ EVENT_CYCLES_COUNTER, true);
+
hwc->state = 0;
}
@@ -407,6 +412,10 @@ static void ddr_perf_event_stop(struct perf_event *event, int flags)
ddr_perf_counter_enable(pmu, event->attr.config, counter, false);
ddr_perf_event_update(event);
+ if (!--pmu->active_counter)
+ ddr_perf_counter_enable(pmu, EVENT_CYCLES_ID,
+ EVENT_CYCLES_COUNTER, false);
+
hwc->state |= PERF_HES_STOPPED;
}
@@ -425,25 +434,10 @@ static void ddr_perf_event_del(struct perf_event *event, int flags)
static void ddr_perf_pmu_enable(struct pmu *pmu)
{
- struct ddr_pmu *ddr_pmu = to_ddr_pmu(pmu);
-
- /* enable cycle counter if cycle is not active event list */
- if (ddr_pmu->events[EVENT_CYCLES_COUNTER] == NULL)
- ddr_perf_counter_enable(ddr_pmu,
- EVENT_CYCLES_ID,
- EVENT_CYCLES_COUNTER,
- true);
}
static void ddr_perf_pmu_disable(struct pmu *pmu)
{
- struct ddr_pmu *ddr_pmu = to_ddr_pmu(pmu);
-
- if (ddr_pmu->events[EVENT_CYCLES_COUNTER] == NULL)
- ddr_perf_counter_enable(ddr_pmu,
- EVENT_CYCLES_ID,
- EVENT_CYCLES_COUNTER,
- false);
}
static int ddr_perf_init(struct ddr_pmu *pmu, void __iomem *base,
--
2.40.1
^ permalink raw reply related [flat|nested] 396+ messages in thread
* [PATCH 5.4 059/367] cpufreq: powernow-k8: Use related_cpus instead of cpus in driver.exit()
2023-09-20 11:26 [PATCH 5.4 000/367] 5.4.257-rc1 review Greg Kroah-Hartman
` (57 preceding siblings ...)
2023-09-20 11:27 ` [PATCH 5.4 058/367] perf/imx_ddr: dont enable counter0 if none of 4 counters are used Greg Kroah-Hartman
@ 2023-09-20 11:27 ` Greg Kroah-Hartman
2023-09-20 11:27 ` [PATCH 5.4 060/367] bpf: Clear the probe_addr for uprobe Greg Kroah-Hartman
` (313 subsequent siblings)
372 siblings, 0 replies; 396+ messages in thread
From: Greg Kroah-Hartman @ 2023-09-20 11:27 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Liao Chang, Viresh Kumar, Sasha Levin
5.4-stable review patch. If anyone has any objections, please let me know.
------------------
From: Liao Chang <liaochang1@huawei.com>
[ Upstream commit 03997da042dac73c69e60d91942c727c76828b65 ]
Since the 'cpus' field of policy structure will become empty in the
cpufreq core API, it is better to use 'related_cpus' in the exit()
callback of driver.
Fixes: c3274763bfc3 ("cpufreq: powernow-k8: Initialize per-cpu data-structures properly")
Signed-off-by: Liao Chang <liaochang1@huawei.com>
Signed-off-by: Viresh Kumar <viresh.kumar@linaro.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/cpufreq/powernow-k8.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/drivers/cpufreq/powernow-k8.c b/drivers/cpufreq/powernow-k8.c
index 1b2ec3be59eb7..c658e8e49f902 100644
--- a/drivers/cpufreq/powernow-k8.c
+++ b/drivers/cpufreq/powernow-k8.c
@@ -1101,7 +1101,8 @@ static int powernowk8_cpu_exit(struct cpufreq_policy *pol)
kfree(data->powernow_table);
kfree(data);
- for_each_cpu(cpu, pol->cpus)
+ /* pol->cpus will be empty here, use related_cpus instead. */
+ for_each_cpu(cpu, pol->related_cpus)
per_cpu(powernow_data, cpu) = NULL;
return 0;
--
2.40.1
^ permalink raw reply related [flat|nested] 396+ messages in thread
* [PATCH 5.4 060/367] bpf: Clear the probe_addr for uprobe
2023-09-20 11:26 [PATCH 5.4 000/367] 5.4.257-rc1 review Greg Kroah-Hartman
` (58 preceding siblings ...)
2023-09-20 11:27 ` [PATCH 5.4 059/367] cpufreq: powernow-k8: Use related_cpus instead of cpus in driver.exit() Greg Kroah-Hartman
@ 2023-09-20 11:27 ` Greg Kroah-Hartman
2023-09-20 11:27 ` [PATCH 5.4 061/367] tcp: tcp_enter_quickack_mode() should be static Greg Kroah-Hartman
` (312 subsequent siblings)
372 siblings, 0 replies; 396+ messages in thread
From: Greg Kroah-Hartman @ 2023-09-20 11:27 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Yafang Shao, Yonghong Song,
Jiri Olsa, Alexei Starovoitov, Sasha Levin
5.4-stable review patch. If anyone has any objections, please let me know.
------------------
From: Yafang Shao <laoar.shao@gmail.com>
[ Upstream commit 5125e757e62f6c1d5478db4c2b61a744060ddf3f ]
To avoid returning uninitialized or random values when querying the file
descriptor (fd) and accessing probe_addr, it is necessary to clear the
variable prior to its use.
Fixes: 41bdc4b40ed6 ("bpf: introduce bpf subcommand BPF_TASK_FD_QUERY")
Signed-off-by: Yafang Shao <laoar.shao@gmail.com>
Acked-by: Yonghong Song <yhs@fb.com>
Acked-by: Jiri Olsa <jolsa@kernel.org>
Link: https://lore.kernel.org/r/20230709025630.3735-6-laoar.shao@gmail.com
Signed-off-by: Alexei Starovoitov <ast@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
include/linux/trace_events.h | 3 ++-
kernel/trace/bpf_trace.c | 2 +-
kernel/trace/trace_uprobe.c | 3 ++-
3 files changed, 5 insertions(+), 3 deletions(-)
diff --git a/include/linux/trace_events.h b/include/linux/trace_events.h
index 30a8cdcfd4a4f..a8e9d1a04f82c 100644
--- a/include/linux/trace_events.h
+++ b/include/linux/trace_events.h
@@ -594,7 +594,8 @@ extern int perf_uprobe_init(struct perf_event *event,
extern void perf_uprobe_destroy(struct perf_event *event);
extern int bpf_get_uprobe_info(const struct perf_event *event,
u32 *fd_type, const char **filename,
- u64 *probe_offset, bool perf_type_tracepoint);
+ u64 *probe_offset, u64 *probe_addr,
+ bool perf_type_tracepoint);
#endif
extern int ftrace_profile_set_filter(struct perf_event *event, int event_id,
char *filter_str);
diff --git a/kernel/trace/bpf_trace.c b/kernel/trace/bpf_trace.c
index 1e1345cd21b4f..4a31763a8c5d7 100644
--- a/kernel/trace/bpf_trace.c
+++ b/kernel/trace/bpf_trace.c
@@ -1453,7 +1453,7 @@ int bpf_get_perf_event_info(const struct perf_event *event, u32 *prog_id,
#ifdef CONFIG_UPROBE_EVENTS
if (flags & TRACE_EVENT_FL_UPROBE)
err = bpf_get_uprobe_info(event, fd_type, buf,
- probe_offset,
+ probe_offset, probe_addr,
event->attr.type == PERF_TYPE_TRACEPOINT);
#endif
}
diff --git a/kernel/trace/trace_uprobe.c b/kernel/trace/trace_uprobe.c
index 1a566bc675485..e924c04af627e 100644
--- a/kernel/trace/trace_uprobe.c
+++ b/kernel/trace/trace_uprobe.c
@@ -1402,7 +1402,7 @@ static void uretprobe_perf_func(struct trace_uprobe *tu, unsigned long func,
int bpf_get_uprobe_info(const struct perf_event *event, u32 *fd_type,
const char **filename, u64 *probe_offset,
- bool perf_type_tracepoint)
+ u64 *probe_addr, bool perf_type_tracepoint)
{
const char *pevent = trace_event_name(event->tp_event);
const char *group = event->tp_event->class->system;
@@ -1419,6 +1419,7 @@ int bpf_get_uprobe_info(const struct perf_event *event, u32 *fd_type,
: BPF_FD_TYPE_UPROBE;
*filename = tu->filename;
*probe_offset = tu->offset;
+ *probe_addr = 0;
return 0;
}
#endif /* CONFIG_PERF_EVENTS */
--
2.40.1
^ permalink raw reply related [flat|nested] 396+ messages in thread
* [PATCH 5.4 061/367] tcp: tcp_enter_quickack_mode() should be static
2023-09-20 11:26 [PATCH 5.4 000/367] 5.4.257-rc1 review Greg Kroah-Hartman
` (59 preceding siblings ...)
2023-09-20 11:27 ` [PATCH 5.4 060/367] bpf: Clear the probe_addr for uprobe Greg Kroah-Hartman
@ 2023-09-20 11:27 ` Greg Kroah-Hartman
2023-09-20 11:27 ` [PATCH 5.4 062/367] regmap: rbtree: Use alloc_flags for memory allocations Greg Kroah-Hartman
` (311 subsequent siblings)
372 siblings, 0 replies; 396+ messages in thread
From: Greg Kroah-Hartman @ 2023-09-20 11:27 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Eric Dumazet, Yuchung Cheng,
Neal Cardwell, Jakub Kicinski, Sasha Levin
5.4-stable review patch. If anyone has any objections, please let me know.
------------------
From: Eric Dumazet <edumazet@google.com>
[ Upstream commit 03b123debcbc8db987bda17ed8412cc011064c22 ]
After commit d2ccd7bc8acd ("tcp: avoid resetting ACK timer in DCTCP"),
tcp_enter_quickack_mode() is only used from net/ipv4/tcp_input.c.
Fixes: d2ccd7bc8acd ("tcp: avoid resetting ACK timer in DCTCP")
Signed-off-by: Eric Dumazet <edumazet@google.com>
Cc: Yuchung Cheng <ycheng@google.com>
Cc: Neal Cardwell <ncardwell@google.com>
Link: https://lore.kernel.org/r/20230718162049.1444938-1-edumazet@google.com
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
include/net/tcp.h | 1 -
net/ipv4/tcp_input.c | 3 +--
2 files changed, 1 insertion(+), 3 deletions(-)
diff --git a/include/net/tcp.h b/include/net/tcp.h
index 4e909148fce39..3192ade55ad18 100644
--- a/include/net/tcp.h
+++ b/include/net/tcp.h
@@ -343,7 +343,6 @@ ssize_t tcp_splice_read(struct socket *sk, loff_t *ppos,
struct pipe_inode_info *pipe, size_t len,
unsigned int flags);
-void tcp_enter_quickack_mode(struct sock *sk, unsigned int max_quickacks);
static inline void tcp_dec_quickack_mode(struct sock *sk,
const unsigned int pkts)
{
diff --git a/net/ipv4/tcp_input.c b/net/ipv4/tcp_input.c
index 8308c3c3a6e46..1dfc1a5c21cd3 100644
--- a/net/ipv4/tcp_input.c
+++ b/net/ipv4/tcp_input.c
@@ -222,7 +222,7 @@ static void tcp_incr_quickack(struct sock *sk, unsigned int max_quickacks)
icsk->icsk_ack.quick = quickacks;
}
-void tcp_enter_quickack_mode(struct sock *sk, unsigned int max_quickacks)
+static void tcp_enter_quickack_mode(struct sock *sk, unsigned int max_quickacks)
{
struct inet_connection_sock *icsk = inet_csk(sk);
@@ -230,7 +230,6 @@ void tcp_enter_quickack_mode(struct sock *sk, unsigned int max_quickacks)
inet_csk_exit_pingpong_mode(sk);
icsk->icsk_ack.ato = TCP_ATO_MIN;
}
-EXPORT_SYMBOL(tcp_enter_quickack_mode);
/* Send ACKs quickly, if "quick" count is not exhausted
* and the session is not interactive.
--
2.40.1
^ permalink raw reply related [flat|nested] 396+ messages in thread
* [PATCH 5.4 062/367] regmap: rbtree: Use alloc_flags for memory allocations
2023-09-20 11:26 [PATCH 5.4 000/367] 5.4.257-rc1 review Greg Kroah-Hartman
` (60 preceding siblings ...)
2023-09-20 11:27 ` [PATCH 5.4 061/367] tcp: tcp_enter_quickack_mode() should be static Greg Kroah-Hartman
@ 2023-09-20 11:27 ` Greg Kroah-Hartman
2023-09-20 11:27 ` [PATCH 5.4 063/367] spi: tegra20-sflash: fix to check return value of platform_get_irq() in tegra_sflash_probe() Greg Kroah-Hartman
` (310 subsequent siblings)
372 siblings, 0 replies; 396+ messages in thread
From: Greg Kroah-Hartman @ 2023-09-20 11:27 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Guenter Roeck, Dan Carpenter,
Mark Brown, Sasha Levin
5.4-stable review patch. If anyone has any objections, please let me know.
------------------
From: Dan Carpenter <dan.carpenter@linaro.org>
[ Upstream commit 0c8b0bf42c8cef56f7cd9cd876fbb7ece9217064 ]
The kunit tests discovered a sleeping in atomic bug. The allocations
in the regcache-rbtree code should use the map->alloc_flags instead of
GFP_KERNEL.
[ 5.005510] BUG: sleeping function called from invalid context at include/linux/sched/mm.h:306
[ 5.005960] in_atomic(): 1, irqs_disabled(): 128, non_block: 0, pid: 117, name: kunit_try_catch
[ 5.006219] preempt_count: 1, expected: 0
[ 5.006414] 1 lock held by kunit_try_catch/117:
[ 5.006590] #0: 833b9010 (regmap_kunit:86:(config)->lock){....}-{2:2}, at: regmap_lock_spinlock+0x14/0x1c
[ 5.007493] irq event stamp: 162
[ 5.007627] hardirqs last enabled at (161): [<80786738>] crng_make_state+0x1a0/0x294
[ 5.007871] hardirqs last disabled at (162): [<80c531ec>] _raw_spin_lock_irqsave+0x7c/0x80
[ 5.008119] softirqs last enabled at (0): [<801110ac>] copy_process+0x810/0x2138
[ 5.008356] softirqs last disabled at (0): [<00000000>] 0x0
[ 5.008688] CPU: 0 PID: 117 Comm: kunit_try_catch Tainted: G N 6.4.4-rc3-g0e8d2fdfb188 #1
[ 5.009011] Hardware name: Generic DT based system
[ 5.009277] unwind_backtrace from show_stack+0x18/0x1c
[ 5.009497] show_stack from dump_stack_lvl+0x38/0x5c
[ 5.009676] dump_stack_lvl from __might_resched+0x188/0x2d0
[ 5.009860] __might_resched from __kmem_cache_alloc_node+0x1dc/0x25c
[ 5.010061] __kmem_cache_alloc_node from kmalloc_trace+0x30/0xc8
[ 5.010254] kmalloc_trace from regcache_rbtree_write+0x26c/0x468
[ 5.010446] regcache_rbtree_write from _regmap_write+0x88/0x140
[ 5.010634] _regmap_write from regmap_write+0x44/0x68
[ 5.010803] regmap_write from basic_read_write+0x8c/0x270
[ 5.010980] basic_read_write from kunit_try_run_case+0x48/0xa0
Fixes: 28644c809f44 ("regmap: Add the rbtree cache support")
Reported-by: Guenter Roeck <linux@roeck-us.net>
Closes: https://lore.kernel.org/all/ee59d128-413c-48ad-a3aa-d9d350c80042@roeck-us.net/
Signed-off-by: Dan Carpenter <dan.carpenter@linaro.org>
Tested-by: Guenter Roeck <linux@roeck-us.net>
Link: https://lore.kernel.org/r/58f12a07-5f4b-4a8f-ab84-0a42d1908cb9@moroto.mountain
Signed-off-by: Mark Brown <broonie@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/base/regmap/regcache-rbtree.c | 10 +++++-----
1 file changed, 5 insertions(+), 5 deletions(-)
diff --git a/drivers/base/regmap/regcache-rbtree.c b/drivers/base/regmap/regcache-rbtree.c
index fabf87058d80b..ae6b8788d5f3f 100644
--- a/drivers/base/regmap/regcache-rbtree.c
+++ b/drivers/base/regmap/regcache-rbtree.c
@@ -277,7 +277,7 @@ static int regcache_rbtree_insert_to_block(struct regmap *map,
blk = krealloc(rbnode->block,
blklen * map->cache_word_size,
- GFP_KERNEL);
+ map->alloc_flags);
if (!blk)
return -ENOMEM;
@@ -286,7 +286,7 @@ static int regcache_rbtree_insert_to_block(struct regmap *map,
if (BITS_TO_LONGS(blklen) > BITS_TO_LONGS(rbnode->blklen)) {
present = krealloc(rbnode->cache_present,
BITS_TO_LONGS(blklen) * sizeof(*present),
- GFP_KERNEL);
+ map->alloc_flags);
if (!present)
return -ENOMEM;
@@ -320,7 +320,7 @@ regcache_rbtree_node_alloc(struct regmap *map, unsigned int reg)
const struct regmap_range *range;
int i;
- rbnode = kzalloc(sizeof(*rbnode), GFP_KERNEL);
+ rbnode = kzalloc(sizeof(*rbnode), map->alloc_flags);
if (!rbnode)
return NULL;
@@ -346,13 +346,13 @@ regcache_rbtree_node_alloc(struct regmap *map, unsigned int reg)
}
rbnode->block = kmalloc_array(rbnode->blklen, map->cache_word_size,
- GFP_KERNEL);
+ map->alloc_flags);
if (!rbnode->block)
goto err_free;
rbnode->cache_present = kcalloc(BITS_TO_LONGS(rbnode->blklen),
sizeof(*rbnode->cache_present),
- GFP_KERNEL);
+ map->alloc_flags);
if (!rbnode->cache_present)
goto err_free_block;
--
2.40.1
^ permalink raw reply related [flat|nested] 396+ messages in thread
* [PATCH 5.4 063/367] spi: tegra20-sflash: fix to check return value of platform_get_irq() in tegra_sflash_probe()
2023-09-20 11:26 [PATCH 5.4 000/367] 5.4.257-rc1 review Greg Kroah-Hartman
` (61 preceding siblings ...)
2023-09-20 11:27 ` [PATCH 5.4 062/367] regmap: rbtree: Use alloc_flags for memory allocations Greg Kroah-Hartman
@ 2023-09-20 11:27 ` Greg Kroah-Hartman
2023-09-20 11:27 ` [PATCH 5.4 064/367] can: gs_usb: gs_usb_receive_bulk_callback(): count RX overflow errors also in case of OOM Greg Kroah-Hartman
` (309 subsequent siblings)
372 siblings, 0 replies; 396+ messages in thread
From: Greg Kroah-Hartman @ 2023-09-20 11:27 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Zhang Shurong, Mark Brown, Sasha Levin
5.4-stable review patch. If anyone has any objections, please let me know.
------------------
From: Zhang Shurong <zhang_shurong@foxmail.com>
[ Upstream commit 29a449e765ff70a5bd533be94babb6d36985d096 ]
The platform_get_irq might be failed and return a negative result. So
there should have an error handling code.
Fixed this by adding an error handling code.
Fixes: 8528547bcc33 ("spi: tegra: add spi driver for sflash controller")
Signed-off-by: Zhang Shurong <zhang_shurong@foxmail.com>
Link: https://lore.kernel.org/r/tencent_71FC162D589E4788C2152AAC84CD8D5C6D06@qq.com
Signed-off-by: Mark Brown <broonie@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/spi/spi-tegra20-sflash.c | 6 +++++-
1 file changed, 5 insertions(+), 1 deletion(-)
diff --git a/drivers/spi/spi-tegra20-sflash.c b/drivers/spi/spi-tegra20-sflash.c
index ecb620169753a..bfef41c717f35 100644
--- a/drivers/spi/spi-tegra20-sflash.c
+++ b/drivers/spi/spi-tegra20-sflash.c
@@ -456,7 +456,11 @@ static int tegra_sflash_probe(struct platform_device *pdev)
goto exit_free_master;
}
- tsd->irq = platform_get_irq(pdev, 0);
+ ret = platform_get_irq(pdev, 0);
+ if (ret < 0)
+ goto exit_free_master;
+ tsd->irq = ret;
+
ret = request_irq(tsd->irq, tegra_sflash_isr, 0,
dev_name(&pdev->dev), tsd);
if (ret < 0) {
--
2.40.1
^ permalink raw reply related [flat|nested] 396+ messages in thread
* [PATCH 5.4 064/367] can: gs_usb: gs_usb_receive_bulk_callback(): count RX overflow errors also in case of OOM
2023-09-20 11:26 [PATCH 5.4 000/367] 5.4.257-rc1 review Greg Kroah-Hartman
` (62 preceding siblings ...)
2023-09-20 11:27 ` [PATCH 5.4 063/367] spi: tegra20-sflash: fix to check return value of platform_get_irq() in tegra_sflash_probe() Greg Kroah-Hartman
@ 2023-09-20 11:27 ` Greg Kroah-Hartman
2023-09-20 11:27 ` [PATCH 5.4 065/367] wifi: mwifiex: Fix OOB and integer underflow when rx packets Greg Kroah-Hartman
` (308 subsequent siblings)
372 siblings, 0 replies; 396+ messages in thread
From: Greg Kroah-Hartman @ 2023-09-20 11:27 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Marc Kleine-Budde, Sasha Levin
5.4-stable review patch. If anyone has any objections, please let me know.
------------------
From: Marc Kleine-Budde <mkl@pengutronix.de>
[ Upstream commit 6c8bc15f02b85bc8f47074110d8fd8caf7a1e42d ]
In case of an RX overflow error from the CAN controller and an OOM
where no skb can be allocated, the error counters are not incremented.
Fix this by first incrementing the error counters and then allocate
the skb.
Fixes: d08e973a77d1 ("can: gs_usb: Added support for the GS_USB CAN devices")
Link: https://lore.kernel.org/all/20230718-gs_usb-cleanups-v1-7-c3b9154ec605@pengutronix.de
Signed-off-by: Marc Kleine-Budde <mkl@pengutronix.de>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/can/usb/gs_usb.c | 5 +++--
1 file changed, 3 insertions(+), 2 deletions(-)
diff --git a/drivers/net/can/usb/gs_usb.c b/drivers/net/can/usb/gs_usb.c
index de5e5385fc110..1a24c1d9dd8f7 100644
--- a/drivers/net/can/usb/gs_usb.c
+++ b/drivers/net/can/usb/gs_usb.c
@@ -381,6 +381,9 @@ static void gs_usb_receive_bulk_callback(struct urb *urb)
}
if (hf->flags & GS_CAN_FLAG_OVERFLOW) {
+ stats->rx_over_errors++;
+ stats->rx_errors++;
+
skb = alloc_can_err_skb(netdev, &cf);
if (!skb)
goto resubmit_urb;
@@ -388,8 +391,6 @@ static void gs_usb_receive_bulk_callback(struct urb *urb)
cf->can_id |= CAN_ERR_CRTL;
cf->can_dlc = CAN_ERR_DLC;
cf->data[1] = CAN_ERR_CRTL_RX_OVERFLOW;
- stats->rx_over_errors++;
- stats->rx_errors++;
netif_rx(skb);
}
--
2.40.1
^ permalink raw reply related [flat|nested] 396+ messages in thread
* [PATCH 5.4 065/367] wifi: mwifiex: Fix OOB and integer underflow when rx packets
2023-09-20 11:26 [PATCH 5.4 000/367] 5.4.257-rc1 review Greg Kroah-Hartman
` (63 preceding siblings ...)
2023-09-20 11:27 ` [PATCH 5.4 064/367] can: gs_usb: gs_usb_receive_bulk_callback(): count RX overflow errors also in case of OOM Greg Kroah-Hartman
@ 2023-09-20 11:27 ` Greg Kroah-Hartman
2023-09-20 11:27 ` [PATCH 5.4 066/367] mwifiex: switch from pci_ to dma_ API Greg Kroah-Hartman
` (307 subsequent siblings)
372 siblings, 0 replies; 396+ messages in thread
From: Greg Kroah-Hartman @ 2023-09-20 11:27 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Polaris Pi, Matthew Wang,
Brian Norris, Kalle Valo, Sasha Levin
5.4-stable review patch. If anyone has any objections, please let me know.
------------------
From: Polaris Pi <pinkperfect2021@gmail.com>
[ Upstream commit 11958528161731c58e105b501ed60b83a91ea941 ]
Make sure mwifiex_process_mgmt_packet,
mwifiex_process_sta_rx_packet and mwifiex_process_uap_rx_packet,
mwifiex_uap_queue_bridged_pkt and mwifiex_process_rx_packet
not out-of-bounds access the skb->data buffer.
Fixes: 2dbaf751b1de ("mwifiex: report received management frames to cfg80211")
Signed-off-by: Polaris Pi <pinkperfect2021@gmail.com>
Reviewed-by: Matthew Wang <matthewmwang@chromium.org>
Reviewed-by: Brian Norris <briannorris@chromium.org>
Signed-off-by: Kalle Valo <kvalo@kernel.org>
Link: https://lore.kernel.org/r/20230723070741.1544662-1-pinkperfect2021@gmail.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/wireless/marvell/mwifiex/sta_rx.c | 11 ++++++++++-
.../net/wireless/marvell/mwifiex/uap_txrx.c | 19 +++++++++++++++++++
drivers/net/wireless/marvell/mwifiex/util.c | 10 +++++++---
3 files changed, 36 insertions(+), 4 deletions(-)
diff --git a/drivers/net/wireless/marvell/mwifiex/sta_rx.c b/drivers/net/wireless/marvell/mwifiex/sta_rx.c
index 52a2ce2e78b08..53eef44739571 100644
--- a/drivers/net/wireless/marvell/mwifiex/sta_rx.c
+++ b/drivers/net/wireless/marvell/mwifiex/sta_rx.c
@@ -98,6 +98,14 @@ int mwifiex_process_rx_packet(struct mwifiex_private *priv,
rx_pkt_len = le16_to_cpu(local_rx_pd->rx_pkt_length);
rx_pkt_hdr = (void *)local_rx_pd + rx_pkt_off;
+ if (sizeof(*rx_pkt_hdr) + rx_pkt_off > skb->len) {
+ mwifiex_dbg(priv->adapter, ERROR,
+ "wrong rx packet offset: len=%d, rx_pkt_off=%d\n",
+ skb->len, rx_pkt_off);
+ priv->stats.rx_dropped++;
+ dev_kfree_skb_any(skb);
+ }
+
if ((!memcmp(&rx_pkt_hdr->rfc1042_hdr, bridge_tunnel_header,
sizeof(bridge_tunnel_header))) ||
(!memcmp(&rx_pkt_hdr->rfc1042_hdr, rfc1042_header,
@@ -206,7 +214,8 @@ int mwifiex_process_sta_rx_packet(struct mwifiex_private *priv,
rx_pkt_hdr = (void *)local_rx_pd + rx_pkt_offset;
- if ((rx_pkt_offset + rx_pkt_length) > (u16) skb->len) {
+ if ((rx_pkt_offset + rx_pkt_length) > skb->len ||
+ sizeof(rx_pkt_hdr->eth803_hdr) + rx_pkt_offset > skb->len) {
mwifiex_dbg(adapter, ERROR,
"wrong rx packet: len=%d, rx_pkt_offset=%d, rx_pkt_length=%d\n",
skb->len, rx_pkt_offset, rx_pkt_length);
diff --git a/drivers/net/wireless/marvell/mwifiex/uap_txrx.c b/drivers/net/wireless/marvell/mwifiex/uap_txrx.c
index 354b09c5e8dc0..8e263bcc8f432 100644
--- a/drivers/net/wireless/marvell/mwifiex/uap_txrx.c
+++ b/drivers/net/wireless/marvell/mwifiex/uap_txrx.c
@@ -115,6 +115,15 @@ static void mwifiex_uap_queue_bridged_pkt(struct mwifiex_private *priv,
return;
}
+ if (sizeof(*rx_pkt_hdr) +
+ le16_to_cpu(uap_rx_pd->rx_pkt_offset) > skb->len) {
+ mwifiex_dbg(adapter, ERROR,
+ "wrong rx packet offset: len=%d,rx_pkt_offset=%d\n",
+ skb->len, le16_to_cpu(uap_rx_pd->rx_pkt_offset));
+ priv->stats.rx_dropped++;
+ dev_kfree_skb_any(skb);
+ }
+
if ((!memcmp(&rx_pkt_hdr->rfc1042_hdr, bridge_tunnel_header,
sizeof(bridge_tunnel_header))) ||
(!memcmp(&rx_pkt_hdr->rfc1042_hdr, rfc1042_header,
@@ -383,6 +392,16 @@ int mwifiex_process_uap_rx_packet(struct mwifiex_private *priv,
rx_pkt_type = le16_to_cpu(uap_rx_pd->rx_pkt_type);
rx_pkt_hdr = (void *)uap_rx_pd + le16_to_cpu(uap_rx_pd->rx_pkt_offset);
+ if (le16_to_cpu(uap_rx_pd->rx_pkt_offset) +
+ sizeof(rx_pkt_hdr->eth803_hdr) > skb->len) {
+ mwifiex_dbg(adapter, ERROR,
+ "wrong rx packet for struct ethhdr: len=%d, offset=%d\n",
+ skb->len, le16_to_cpu(uap_rx_pd->rx_pkt_offset));
+ priv->stats.rx_dropped++;
+ dev_kfree_skb_any(skb);
+ return 0;
+ }
+
ether_addr_copy(ta, rx_pkt_hdr->eth803_hdr.h_source);
if ((le16_to_cpu(uap_rx_pd->rx_pkt_offset) +
diff --git a/drivers/net/wireless/marvell/mwifiex/util.c b/drivers/net/wireless/marvell/mwifiex/util.c
index 3b0d318276811..135b197fb4a36 100644
--- a/drivers/net/wireless/marvell/mwifiex/util.c
+++ b/drivers/net/wireless/marvell/mwifiex/util.c
@@ -405,11 +405,15 @@ mwifiex_process_mgmt_packet(struct mwifiex_private *priv,
}
rx_pd = (struct rxpd *)skb->data;
+ pkt_len = le16_to_cpu(rx_pd->rx_pkt_length);
+ if (pkt_len < sizeof(struct ieee80211_hdr) + sizeof(pkt_len)) {
+ mwifiex_dbg(priv->adapter, ERROR, "invalid rx_pkt_length");
+ return -1;
+ }
skb_pull(skb, le16_to_cpu(rx_pd->rx_pkt_offset));
skb_pull(skb, sizeof(pkt_len));
-
- pkt_len = le16_to_cpu(rx_pd->rx_pkt_length);
+ pkt_len -= sizeof(pkt_len);
ieee_hdr = (void *)skb->data;
if (ieee80211_is_mgmt(ieee_hdr->frame_control)) {
@@ -422,7 +426,7 @@ mwifiex_process_mgmt_packet(struct mwifiex_private *priv,
skb->data + sizeof(struct ieee80211_hdr),
pkt_len - sizeof(struct ieee80211_hdr));
- pkt_len -= ETH_ALEN + sizeof(pkt_len);
+ pkt_len -= ETH_ALEN;
rx_pd->rx_pkt_length = cpu_to_le16(pkt_len);
cfg80211_rx_mgmt(&priv->wdev, priv->roc_cfg.chan.center_freq,
--
2.40.1
^ permalink raw reply related [flat|nested] 396+ messages in thread
* [PATCH 5.4 066/367] mwifiex: switch from pci_ to dma_ API
2023-09-20 11:26 [PATCH 5.4 000/367] 5.4.257-rc1 review Greg Kroah-Hartman
` (64 preceding siblings ...)
2023-09-20 11:27 ` [PATCH 5.4 065/367] wifi: mwifiex: Fix OOB and integer underflow when rx packets Greg Kroah-Hartman
@ 2023-09-20 11:27 ` Greg Kroah-Hartman
2023-09-20 11:27 ` [PATCH 5.4 067/367] wifi: mwifiex: fix error recovery in PCIE buffer descriptor management Greg Kroah-Hartman
` (306 subsequent siblings)
372 siblings, 0 replies; 396+ messages in thread
From: Greg Kroah-Hartman @ 2023-09-20 11:27 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Christophe JAILLET, Kalle Valo, Sasha Levin
5.4-stable review patch. If anyone has any objections, please let me know.
------------------
From: Christophe JAILLET <christophe.jaillet@wanadoo.fr>
[ Upstream commit 4cf975f640fefdfdf6168a79e882558478ce057a ]
The wrappers in include/linux/pci-dma-compat.h should go away.
The patch has been generated with the coccinelle script below and has been
hand modified to replace GFP_ with a correct flag.
It has been compile tested.
When memory is allocated in 'mwifiex_pcie_alloc_buffers()' (see details in
the call chain below) GFP_KERNEL can be used because both
'mwifiex_register()' and 'mwifiex_reinit_sw()' already use GFP_KERNEL.
(for 'mwifiex_reinit_sw()', it is hidden in a call to 'alloc_workqueue()')
The call chain is:
mwifiex_register
--> mwifiex_init_pcie (.init_if function, see mwifiex_if_ops)
[ or ]
mwifiex_reinit_sw
-->mwifiex_pcie_up_dev (.up_dev function, see mwifiex_if_ops)
[ then in both case ]
-->mwifiex_pcie_alloc_buffers
--> mwifiex_pcie_create_txbd_ring
--> mwifiex_pcie_create_rxbd_ring
--> mwifiex_pcie_create_evtbd_ring
--> mwifiex_pcie_alloc_sleep_cookie_buf
@@
@@
- PCI_DMA_BIDIRECTIONAL
+ DMA_BIDIRECTIONAL
@@
@@
- PCI_DMA_TODEVICE
+ DMA_TO_DEVICE
@@
@@
- PCI_DMA_FROMDEVICE
+ DMA_FROM_DEVICE
@@
@@
- PCI_DMA_NONE
+ DMA_NONE
@@
expression e1, e2, e3;
@@
- pci_alloc_consistent(e1, e2, e3)
+ dma_alloc_coherent(&e1->dev, e2, e3, GFP_)
@@
expression e1, e2, e3;
@@
- pci_zalloc_consistent(e1, e2, e3)
+ dma_alloc_coherent(&e1->dev, e2, e3, GFP_)
@@
expression e1, e2, e3, e4;
@@
- pci_free_consistent(e1, e2, e3, e4)
+ dma_free_coherent(&e1->dev, e2, e3, e4)
@@
expression e1, e2, e3, e4;
@@
- pci_map_single(e1, e2, e3, e4)
+ dma_map_single(&e1->dev, e2, e3, e4)
@@
expression e1, e2, e3, e4;
@@
- pci_unmap_single(e1, e2, e3, e4)
+ dma_unmap_single(&e1->dev, e2, e3, e4)
@@
expression e1, e2, e3, e4, e5;
@@
- pci_map_page(e1, e2, e3, e4, e5)
+ dma_map_page(&e1->dev, e2, e3, e4, e5)
@@
expression e1, e2, e3, e4;
@@
- pci_unmap_page(e1, e2, e3, e4)
+ dma_unmap_page(&e1->dev, e2, e3, e4)
@@
expression e1, e2, e3, e4;
@@
- pci_map_sg(e1, e2, e3, e4)
+ dma_map_sg(&e1->dev, e2, e3, e4)
@@
expression e1, e2, e3, e4;
@@
- pci_unmap_sg(e1, e2, e3, e4)
+ dma_unmap_sg(&e1->dev, e2, e3, e4)
@@
expression e1, e2, e3, e4;
@@
- pci_dma_sync_single_for_cpu(e1, e2, e3, e4)
+ dma_sync_single_for_cpu(&e1->dev, e2, e3, e4)
@@
expression e1, e2, e3, e4;
@@
- pci_dma_sync_single_for_device(e1, e2, e3, e4)
+ dma_sync_single_for_device(&e1->dev, e2, e3, e4)
@@
expression e1, e2, e3, e4;
@@
- pci_dma_sync_sg_for_cpu(e1, e2, e3, e4)
+ dma_sync_sg_for_cpu(&e1->dev, e2, e3, e4)
@@
expression e1, e2, e3, e4;
@@
- pci_dma_sync_sg_for_device(e1, e2, e3, e4)
+ dma_sync_sg_for_device(&e1->dev, e2, e3, e4)
@@
expression e1, e2;
@@
- pci_dma_mapping_error(e1, e2)
+ dma_mapping_error(&e1->dev, e2)
@@
expression e1, e2;
@@
- pci_set_dma_mask(e1, e2)
+ dma_set_mask(&e1->dev, e2)
@@
expression e1, e2;
@@
- pci_set_consistent_dma_mask(e1, e2)
+ dma_set_coherent_mask(&e1->dev, e2)
Signed-off-by: Christophe JAILLET <christophe.jaillet@wanadoo.fr>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
Link: https://lore.kernel.org/r/20200819070152.111522-1-christophe.jaillet@wanadoo.fr
Stable-dep-of: 288c63d5cb46 ("wifi: mwifiex: fix error recovery in PCIE buffer descriptor management")
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/wireless/marvell/mwifiex/pcie.c | 153 ++++++++++----------
1 file changed, 78 insertions(+), 75 deletions(-)
diff --git a/drivers/net/wireless/marvell/mwifiex/pcie.c b/drivers/net/wireless/marvell/mwifiex/pcie.c
index b316e34917958..80dde94b65c87 100644
--- a/drivers/net/wireless/marvell/mwifiex/pcie.c
+++ b/drivers/net/wireless/marvell/mwifiex/pcie.c
@@ -58,8 +58,8 @@ mwifiex_map_pci_memory(struct mwifiex_adapter *adapter, struct sk_buff *skb,
struct pcie_service_card *card = adapter->card;
struct mwifiex_dma_mapping mapping;
- mapping.addr = pci_map_single(card->dev, skb->data, size, flags);
- if (pci_dma_mapping_error(card->dev, mapping.addr)) {
+ mapping.addr = dma_map_single(&card->dev->dev, skb->data, size, flags);
+ if (dma_mapping_error(&card->dev->dev, mapping.addr)) {
mwifiex_dbg(adapter, ERROR, "failed to map pci memory!\n");
return -1;
}
@@ -75,7 +75,7 @@ static void mwifiex_unmap_pci_memory(struct mwifiex_adapter *adapter,
struct mwifiex_dma_mapping mapping;
mwifiex_get_mapping(skb, &mapping);
- pci_unmap_single(card->dev, mapping.addr, mapping.len, flags);
+ dma_unmap_single(&card->dev->dev, mapping.addr, mapping.len, flags);
}
/*
@@ -465,10 +465,9 @@ static void mwifiex_delay_for_sleep_cookie(struct mwifiex_adapter *adapter,
struct sk_buff *cmdrsp = card->cmdrsp_buf;
for (count = 0; count < max_delay_loop_cnt; count++) {
- pci_dma_sync_single_for_cpu(card->dev,
- MWIFIEX_SKB_DMA_ADDR(cmdrsp),
- sizeof(sleep_cookie),
- PCI_DMA_FROMDEVICE);
+ dma_sync_single_for_cpu(&card->dev->dev,
+ MWIFIEX_SKB_DMA_ADDR(cmdrsp),
+ sizeof(sleep_cookie), DMA_FROM_DEVICE);
buffer = cmdrsp->data;
sleep_cookie = get_unaligned_le32(buffer);
@@ -477,10 +476,10 @@ static void mwifiex_delay_for_sleep_cookie(struct mwifiex_adapter *adapter,
"sleep cookie found at count %d\n", count);
break;
}
- pci_dma_sync_single_for_device(card->dev,
- MWIFIEX_SKB_DMA_ADDR(cmdrsp),
- sizeof(sleep_cookie),
- PCI_DMA_FROMDEVICE);
+ dma_sync_single_for_device(&card->dev->dev,
+ MWIFIEX_SKB_DMA_ADDR(cmdrsp),
+ sizeof(sleep_cookie),
+ DMA_FROM_DEVICE);
usleep_range(20, 30);
}
@@ -634,7 +633,7 @@ static int mwifiex_init_rxq_ring(struct mwifiex_adapter *adapter)
if (mwifiex_map_pci_memory(adapter, skb,
MWIFIEX_RX_DATA_BUF_SIZE,
- PCI_DMA_FROMDEVICE))
+ DMA_FROM_DEVICE))
return -1;
buf_pa = MWIFIEX_SKB_DMA_ADDR(skb);
@@ -691,7 +690,7 @@ static int mwifiex_pcie_init_evt_ring(struct mwifiex_adapter *adapter)
skb_put(skb, MAX_EVENT_SIZE);
if (mwifiex_map_pci_memory(adapter, skb, MAX_EVENT_SIZE,
- PCI_DMA_FROMDEVICE)) {
+ DMA_FROM_DEVICE)) {
kfree_skb(skb);
kfree(card->evtbd_ring_vbase);
return -1;
@@ -734,7 +733,7 @@ static void mwifiex_cleanup_txq_ring(struct mwifiex_adapter *adapter)
if (card->tx_buf_list[i]) {
skb = card->tx_buf_list[i];
mwifiex_unmap_pci_memory(adapter, skb,
- PCI_DMA_TODEVICE);
+ DMA_TO_DEVICE);
dev_kfree_skb_any(skb);
}
memset(desc2, 0, sizeof(*desc2));
@@ -743,7 +742,7 @@ static void mwifiex_cleanup_txq_ring(struct mwifiex_adapter *adapter)
if (card->tx_buf_list[i]) {
skb = card->tx_buf_list[i];
mwifiex_unmap_pci_memory(adapter, skb,
- PCI_DMA_TODEVICE);
+ DMA_TO_DEVICE);
dev_kfree_skb_any(skb);
}
memset(desc, 0, sizeof(*desc));
@@ -773,7 +772,7 @@ static void mwifiex_cleanup_rxq_ring(struct mwifiex_adapter *adapter)
if (card->rx_buf_list[i]) {
skb = card->rx_buf_list[i];
mwifiex_unmap_pci_memory(adapter, skb,
- PCI_DMA_FROMDEVICE);
+ DMA_FROM_DEVICE);
dev_kfree_skb_any(skb);
}
memset(desc2, 0, sizeof(*desc2));
@@ -782,7 +781,7 @@ static void mwifiex_cleanup_rxq_ring(struct mwifiex_adapter *adapter)
if (card->rx_buf_list[i]) {
skb = card->rx_buf_list[i];
mwifiex_unmap_pci_memory(adapter, skb,
- PCI_DMA_FROMDEVICE);
+ DMA_FROM_DEVICE);
dev_kfree_skb_any(skb);
}
memset(desc, 0, sizeof(*desc));
@@ -808,7 +807,7 @@ static void mwifiex_cleanup_evt_ring(struct mwifiex_adapter *adapter)
if (card->evt_buf_list[i]) {
skb = card->evt_buf_list[i];
mwifiex_unmap_pci_memory(adapter, skb,
- PCI_DMA_FROMDEVICE);
+ DMA_FROM_DEVICE);
dev_kfree_skb_any(skb);
}
card->evt_buf_list[i] = NULL;
@@ -849,9 +848,10 @@ static int mwifiex_pcie_create_txbd_ring(struct mwifiex_adapter *adapter)
mwifiex_dbg(adapter, INFO,
"info: txbd_ring: Allocating %d bytes\n",
card->txbd_ring_size);
- card->txbd_ring_vbase = pci_alloc_consistent(card->dev,
- card->txbd_ring_size,
- &card->txbd_ring_pbase);
+ card->txbd_ring_vbase = dma_alloc_coherent(&card->dev->dev,
+ card->txbd_ring_size,
+ &card->txbd_ring_pbase,
+ GFP_KERNEL);
if (!card->txbd_ring_vbase) {
mwifiex_dbg(adapter, ERROR,
"allocate consistent memory (%d bytes) failed!\n",
@@ -875,9 +875,9 @@ static int mwifiex_pcie_delete_txbd_ring(struct mwifiex_adapter *adapter)
mwifiex_cleanup_txq_ring(adapter);
if (card->txbd_ring_vbase)
- pci_free_consistent(card->dev, card->txbd_ring_size,
- card->txbd_ring_vbase,
- card->txbd_ring_pbase);
+ dma_free_coherent(&card->dev->dev, card->txbd_ring_size,
+ card->txbd_ring_vbase,
+ card->txbd_ring_pbase);
card->txbd_ring_size = 0;
card->txbd_wrptr = 0;
card->txbd_rdptr = 0 | reg->tx_rollover_ind;
@@ -913,9 +913,10 @@ static int mwifiex_pcie_create_rxbd_ring(struct mwifiex_adapter *adapter)
mwifiex_dbg(adapter, INFO,
"info: rxbd_ring: Allocating %d bytes\n",
card->rxbd_ring_size);
- card->rxbd_ring_vbase = pci_alloc_consistent(card->dev,
- card->rxbd_ring_size,
- &card->rxbd_ring_pbase);
+ card->rxbd_ring_vbase = dma_alloc_coherent(&card->dev->dev,
+ card->rxbd_ring_size,
+ &card->rxbd_ring_pbase,
+ GFP_KERNEL);
if (!card->rxbd_ring_vbase) {
mwifiex_dbg(adapter, ERROR,
"allocate consistent memory (%d bytes) failed!\n",
@@ -943,9 +944,9 @@ static int mwifiex_pcie_delete_rxbd_ring(struct mwifiex_adapter *adapter)
mwifiex_cleanup_rxq_ring(adapter);
if (card->rxbd_ring_vbase)
- pci_free_consistent(card->dev, card->rxbd_ring_size,
- card->rxbd_ring_vbase,
- card->rxbd_ring_pbase);
+ dma_free_coherent(&card->dev->dev, card->rxbd_ring_size,
+ card->rxbd_ring_vbase,
+ card->rxbd_ring_pbase);
card->rxbd_ring_size = 0;
card->rxbd_wrptr = 0;
card->rxbd_rdptr = 0 | reg->rx_rollover_ind;
@@ -977,9 +978,10 @@ static int mwifiex_pcie_create_evtbd_ring(struct mwifiex_adapter *adapter)
mwifiex_dbg(adapter, INFO,
"info: evtbd_ring: Allocating %d bytes\n",
card->evtbd_ring_size);
- card->evtbd_ring_vbase = pci_alloc_consistent(card->dev,
- card->evtbd_ring_size,
- &card->evtbd_ring_pbase);
+ card->evtbd_ring_vbase = dma_alloc_coherent(&card->dev->dev,
+ card->evtbd_ring_size,
+ &card->evtbd_ring_pbase,
+ GFP_KERNEL);
if (!card->evtbd_ring_vbase) {
mwifiex_dbg(adapter, ERROR,
"allocate consistent memory (%d bytes) failed!\n",
@@ -1007,9 +1009,9 @@ static int mwifiex_pcie_delete_evtbd_ring(struct mwifiex_adapter *adapter)
mwifiex_cleanup_evt_ring(adapter);
if (card->evtbd_ring_vbase)
- pci_free_consistent(card->dev, card->evtbd_ring_size,
- card->evtbd_ring_vbase,
- card->evtbd_ring_pbase);
+ dma_free_coherent(&card->dev->dev, card->evtbd_ring_size,
+ card->evtbd_ring_vbase,
+ card->evtbd_ring_pbase);
card->evtbd_wrptr = 0;
card->evtbd_rdptr = 0 | reg->evt_rollover_ind;
card->evtbd_ring_size = 0;
@@ -1036,7 +1038,7 @@ static int mwifiex_pcie_alloc_cmdrsp_buf(struct mwifiex_adapter *adapter)
}
skb_put(skb, MWIFIEX_UPLD_SIZE);
if (mwifiex_map_pci_memory(adapter, skb, MWIFIEX_UPLD_SIZE,
- PCI_DMA_FROMDEVICE)) {
+ DMA_FROM_DEVICE)) {
kfree_skb(skb);
return -1;
}
@@ -1060,14 +1062,14 @@ static int mwifiex_pcie_delete_cmdrsp_buf(struct mwifiex_adapter *adapter)
if (card && card->cmdrsp_buf) {
mwifiex_unmap_pci_memory(adapter, card->cmdrsp_buf,
- PCI_DMA_FROMDEVICE);
+ DMA_FROM_DEVICE);
dev_kfree_skb_any(card->cmdrsp_buf);
card->cmdrsp_buf = NULL;
}
if (card && card->cmd_buf) {
mwifiex_unmap_pci_memory(adapter, card->cmd_buf,
- PCI_DMA_TODEVICE);
+ DMA_TO_DEVICE);
dev_kfree_skb_any(card->cmd_buf);
card->cmd_buf = NULL;
}
@@ -1082,8 +1084,10 @@ static int mwifiex_pcie_alloc_sleep_cookie_buf(struct mwifiex_adapter *adapter)
struct pcie_service_card *card = adapter->card;
u32 *cookie;
- card->sleep_cookie_vbase = pci_alloc_consistent(card->dev, sizeof(u32),
- &card->sleep_cookie_pbase);
+ card->sleep_cookie_vbase = dma_alloc_coherent(&card->dev->dev,
+ sizeof(u32),
+ &card->sleep_cookie_pbase,
+ GFP_KERNEL);
if (!card->sleep_cookie_vbase) {
mwifiex_dbg(adapter, ERROR,
"pci_alloc_consistent failed!\n");
@@ -1111,9 +1115,9 @@ static int mwifiex_pcie_delete_sleep_cookie_buf(struct mwifiex_adapter *adapter)
card = adapter->card;
if (card && card->sleep_cookie_vbase) {
- pci_free_consistent(card->dev, sizeof(u32),
- card->sleep_cookie_vbase,
- card->sleep_cookie_pbase);
+ dma_free_coherent(&card->dev->dev, sizeof(u32),
+ card->sleep_cookie_vbase,
+ card->sleep_cookie_pbase);
card->sleep_cookie_vbase = NULL;
}
@@ -1185,7 +1189,7 @@ static int mwifiex_pcie_send_data_complete(struct mwifiex_adapter *adapter)
"SEND COMP: Detach skb %p at txbd_rdidx=%d\n",
skb, wrdoneidx);
mwifiex_unmap_pci_memory(adapter, skb,
- PCI_DMA_TODEVICE);
+ DMA_TO_DEVICE);
unmap_count++;
@@ -1278,7 +1282,7 @@ mwifiex_pcie_send_data(struct mwifiex_adapter *adapter, struct sk_buff *skb,
put_unaligned_le16(MWIFIEX_TYPE_DATA, payload + 2);
if (mwifiex_map_pci_memory(adapter, skb, skb->len,
- PCI_DMA_TODEVICE))
+ DMA_TO_DEVICE))
return -1;
wrindx = (card->txbd_wrptr & reg->tx_mask) >> reg->tx_start_ptr;
@@ -1368,7 +1372,7 @@ mwifiex_pcie_send_data(struct mwifiex_adapter *adapter, struct sk_buff *skb,
return -EINPROGRESS;
done_unmap:
- mwifiex_unmap_pci_memory(adapter, skb, PCI_DMA_TODEVICE);
+ mwifiex_unmap_pci_memory(adapter, skb, DMA_TO_DEVICE);
card->tx_buf_list[wrindx] = NULL;
atomic_dec(&adapter->tx_hw_pending);
if (reg->pfu_enabled)
@@ -1422,7 +1426,7 @@ static int mwifiex_pcie_process_recv_data(struct mwifiex_adapter *adapter)
if (!skb_data)
return -ENOMEM;
- mwifiex_unmap_pci_memory(adapter, skb_data, PCI_DMA_FROMDEVICE);
+ mwifiex_unmap_pci_memory(adapter, skb_data, DMA_FROM_DEVICE);
card->rx_buf_list[rd_index] = NULL;
/* Get data length from interface header -
@@ -1460,7 +1464,7 @@ static int mwifiex_pcie_process_recv_data(struct mwifiex_adapter *adapter)
if (mwifiex_map_pci_memory(adapter, skb_tmp,
MWIFIEX_RX_DATA_BUF_SIZE,
- PCI_DMA_FROMDEVICE))
+ DMA_FROM_DEVICE))
return -1;
buf_pa = MWIFIEX_SKB_DMA_ADDR(skb_tmp);
@@ -1537,7 +1541,7 @@ mwifiex_pcie_send_boot_cmd(struct mwifiex_adapter *adapter, struct sk_buff *skb)
return -1;
}
- if (mwifiex_map_pci_memory(adapter, skb, skb->len, PCI_DMA_TODEVICE))
+ if (mwifiex_map_pci_memory(adapter, skb, skb->len, DMA_TO_DEVICE))
return -1;
buf_pa = MWIFIEX_SKB_DMA_ADDR(skb);
@@ -1549,7 +1553,7 @@ mwifiex_pcie_send_boot_cmd(struct mwifiex_adapter *adapter, struct sk_buff *skb)
mwifiex_dbg(adapter, ERROR,
"%s: failed to write download command to boot code.\n",
__func__);
- mwifiex_unmap_pci_memory(adapter, skb, PCI_DMA_TODEVICE);
+ mwifiex_unmap_pci_memory(adapter, skb, DMA_TO_DEVICE);
return -1;
}
@@ -1561,7 +1565,7 @@ mwifiex_pcie_send_boot_cmd(struct mwifiex_adapter *adapter, struct sk_buff *skb)
mwifiex_dbg(adapter, ERROR,
"%s: failed to write download command to boot code.\n",
__func__);
- mwifiex_unmap_pci_memory(adapter, skb, PCI_DMA_TODEVICE);
+ mwifiex_unmap_pci_memory(adapter, skb, DMA_TO_DEVICE);
return -1;
}
@@ -1570,7 +1574,7 @@ mwifiex_pcie_send_boot_cmd(struct mwifiex_adapter *adapter, struct sk_buff *skb)
mwifiex_dbg(adapter, ERROR,
"%s: failed to write command len to cmd_size scratch reg\n",
__func__);
- mwifiex_unmap_pci_memory(adapter, skb, PCI_DMA_TODEVICE);
+ mwifiex_unmap_pci_memory(adapter, skb, DMA_TO_DEVICE);
return -1;
}
@@ -1579,7 +1583,7 @@ mwifiex_pcie_send_boot_cmd(struct mwifiex_adapter *adapter, struct sk_buff *skb)
CPU_INTR_DOOR_BELL)) {
mwifiex_dbg(adapter, ERROR,
"%s: failed to assert door-bell intr\n", __func__);
- mwifiex_unmap_pci_memory(adapter, skb, PCI_DMA_TODEVICE);
+ mwifiex_unmap_pci_memory(adapter, skb, DMA_TO_DEVICE);
return -1;
}
@@ -1638,7 +1642,7 @@ mwifiex_pcie_send_cmd(struct mwifiex_adapter *adapter, struct sk_buff *skb)
put_unaligned_le16((u16)skb->len, &payload[0]);
put_unaligned_le16(MWIFIEX_TYPE_CMD, &payload[2]);
- if (mwifiex_map_pci_memory(adapter, skb, skb->len, PCI_DMA_TODEVICE))
+ if (mwifiex_map_pci_memory(adapter, skb, skb->len, DMA_TO_DEVICE))
return -1;
card->cmd_buf = skb;
@@ -1738,17 +1742,16 @@ static int mwifiex_pcie_process_cmd_complete(struct mwifiex_adapter *adapter)
"info: Rx CMD Response\n");
if (adapter->curr_cmd)
- mwifiex_unmap_pci_memory(adapter, skb, PCI_DMA_FROMDEVICE);
+ mwifiex_unmap_pci_memory(adapter, skb, DMA_FROM_DEVICE);
else
- pci_dma_sync_single_for_cpu(card->dev,
- MWIFIEX_SKB_DMA_ADDR(skb),
- MWIFIEX_UPLD_SIZE,
- PCI_DMA_FROMDEVICE);
+ dma_sync_single_for_cpu(&card->dev->dev,
+ MWIFIEX_SKB_DMA_ADDR(skb),
+ MWIFIEX_UPLD_SIZE, DMA_FROM_DEVICE);
/* Unmap the command as a response has been received. */
if (card->cmd_buf) {
mwifiex_unmap_pci_memory(adapter, card->cmd_buf,
- PCI_DMA_TODEVICE);
+ DMA_TO_DEVICE);
dev_kfree_skb_any(card->cmd_buf);
card->cmd_buf = NULL;
}
@@ -1759,10 +1762,10 @@ static int mwifiex_pcie_process_cmd_complete(struct mwifiex_adapter *adapter)
if (!adapter->curr_cmd) {
if (adapter->ps_state == PS_STATE_SLEEP_CFM) {
- pci_dma_sync_single_for_device(card->dev,
- MWIFIEX_SKB_DMA_ADDR(skb),
- MWIFIEX_SLEEP_COOKIE_SIZE,
- PCI_DMA_FROMDEVICE);
+ dma_sync_single_for_device(&card->dev->dev,
+ MWIFIEX_SKB_DMA_ADDR(skb),
+ MWIFIEX_SLEEP_COOKIE_SIZE,
+ DMA_FROM_DEVICE);
if (mwifiex_write_reg(adapter,
PCIE_CPU_INT_EVENT,
CPU_INTR_SLEEP_CFM_DONE)) {
@@ -1773,7 +1776,7 @@ static int mwifiex_pcie_process_cmd_complete(struct mwifiex_adapter *adapter)
mwifiex_delay_for_sleep_cookie(adapter,
MWIFIEX_MAX_DELAY_COUNT);
mwifiex_unmap_pci_memory(adapter, skb,
- PCI_DMA_FROMDEVICE);
+ DMA_FROM_DEVICE);
skb_pull(skb, adapter->intf_hdr_len);
while (reg->sleep_cookie && (count++ < 10) &&
mwifiex_pcie_ok_to_access_hw(adapter))
@@ -1789,7 +1792,7 @@ static int mwifiex_pcie_process_cmd_complete(struct mwifiex_adapter *adapter)
min_t(u32, MWIFIEX_SIZE_OF_CMD_BUFFER, skb->len));
skb_push(skb, adapter->intf_hdr_len);
if (mwifiex_map_pci_memory(adapter, skb, MWIFIEX_UPLD_SIZE,
- PCI_DMA_FROMDEVICE))
+ DMA_FROM_DEVICE))
return -1;
} else if (mwifiex_pcie_ok_to_access_hw(adapter)) {
skb_pull(skb, adapter->intf_hdr_len);
@@ -1831,7 +1834,7 @@ static int mwifiex_pcie_cmdrsp_complete(struct mwifiex_adapter *adapter,
card->cmdrsp_buf = skb;
skb_push(card->cmdrsp_buf, adapter->intf_hdr_len);
if (mwifiex_map_pci_memory(adapter, skb, MWIFIEX_UPLD_SIZE,
- PCI_DMA_FROMDEVICE))
+ DMA_FROM_DEVICE))
return -1;
}
@@ -1886,7 +1889,7 @@ static int mwifiex_pcie_process_event_ready(struct mwifiex_adapter *adapter)
mwifiex_dbg(adapter, INFO,
"info: Read Index: %d\n", rdptr);
skb_cmd = card->evt_buf_list[rdptr];
- mwifiex_unmap_pci_memory(adapter, skb_cmd, PCI_DMA_FROMDEVICE);
+ mwifiex_unmap_pci_memory(adapter, skb_cmd, DMA_FROM_DEVICE);
/* Take the pointer and set it to event pointer in adapter
and will return back after event handling callback */
@@ -1966,7 +1969,7 @@ static int mwifiex_pcie_event_complete(struct mwifiex_adapter *adapter,
skb_put(skb, MAX_EVENT_SIZE - skb->len);
if (mwifiex_map_pci_memory(adapter, skb,
MAX_EVENT_SIZE,
- PCI_DMA_FROMDEVICE))
+ DMA_FROM_DEVICE))
return -1;
card->evt_buf_list[rdptr] = skb;
desc = card->evtbd_ring[rdptr];
@@ -2248,7 +2251,7 @@ static int mwifiex_prog_fw_w_helper(struct mwifiex_adapter *adapter,
"interrupt status during fw dnld.\n",
__func__);
mwifiex_unmap_pci_memory(adapter, skb,
- PCI_DMA_TODEVICE);
+ DMA_TO_DEVICE);
ret = -1;
goto done;
}
@@ -2260,12 +2263,12 @@ static int mwifiex_prog_fw_w_helper(struct mwifiex_adapter *adapter,
mwifiex_dbg(adapter, ERROR, "%s: Card failed to ACK download\n",
__func__);
mwifiex_unmap_pci_memory(adapter, skb,
- PCI_DMA_TODEVICE);
+ DMA_TO_DEVICE);
ret = -1;
goto done;
}
- mwifiex_unmap_pci_memory(adapter, skb, PCI_DMA_TODEVICE);
+ mwifiex_unmap_pci_memory(adapter, skb, DMA_TO_DEVICE);
offset += txlen;
} while (true);
@@ -2935,13 +2938,13 @@ static int mwifiex_init_pcie(struct mwifiex_adapter *adapter)
pci_set_master(pdev);
- ret = pci_set_dma_mask(pdev, DMA_BIT_MASK(32));
+ ret = dma_set_mask(&pdev->dev, DMA_BIT_MASK(32));
if (ret) {
pr_err("set_dma_mask(32) failed: %d\n", ret);
goto err_set_dma_mask;
}
- ret = pci_set_consistent_dma_mask(pdev, DMA_BIT_MASK(32));
+ ret = dma_set_coherent_mask(&pdev->dev, DMA_BIT_MASK(32));
if (ret) {
pr_err("set_consistent_dma_mask(64) failed\n");
goto err_set_dma_mask;
--
2.40.1
^ permalink raw reply related [flat|nested] 396+ messages in thread
* [PATCH 5.4 067/367] wifi: mwifiex: fix error recovery in PCIE buffer descriptor management
2023-09-20 11:26 [PATCH 5.4 000/367] 5.4.257-rc1 review Greg Kroah-Hartman
` (65 preceding siblings ...)
2023-09-20 11:27 ` [PATCH 5.4 066/367] mwifiex: switch from pci_ to dma_ API Greg Kroah-Hartman
@ 2023-09-20 11:27 ` Greg Kroah-Hartman
2023-09-20 11:27 ` [PATCH 5.4 068/367] crypto: stm32 - Properly handle pm_runtime_get failing Greg Kroah-Hartman
` (305 subsequent siblings)
372 siblings, 0 replies; 396+ messages in thread
From: Greg Kroah-Hartman @ 2023-09-20 11:27 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Dmitry Antipov, Brian Norris,
Kalle Valo, Sasha Levin
5.4-stable review patch. If anyone has any objections, please let me know.
------------------
From: Dmitry Antipov <dmantipov@yandex.ru>
[ Upstream commit 288c63d5cb4667a51a04668b3e2bb0ea499bc5f4 ]
Add missing 'kfree_skb()' in 'mwifiex_init_rxq_ring()' and never do
'kfree(card->rxbd_ring_vbase)' because this area is DMAed and should
be released with 'dma_free_coherent()'. The latter is performed in
'mwifiex_pcie_delete_rxbd_ring()', which is now called to recover
from possible errors in 'mwifiex_pcie_create_rxbd_ring()'. Likewise
for 'mwifiex_pcie_init_evt_ring()', 'kfree(card->evtbd_ring_vbase)'
'mwifiex_pcie_delete_evtbd_ring()' and 'mwifiex_pcie_create_rxbd_ring()'.
Fixes: d930faee141b ("mwifiex: add support for Marvell pcie8766 chipset")
Signed-off-by: Dmitry Antipov <dmantipov@yandex.ru>
Acked-by: Brian Norris <briannorris@chromium.org>
Signed-off-by: Kalle Valo <kvalo@kernel.org>
Link: https://lore.kernel.org/r/20230731074334.56463-1-dmantipov@yandex.ru
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/wireless/marvell/mwifiex/pcie.c | 25 ++++++++++++++-------
1 file changed, 17 insertions(+), 8 deletions(-)
diff --git a/drivers/net/wireless/marvell/mwifiex/pcie.c b/drivers/net/wireless/marvell/mwifiex/pcie.c
index 80dde94b65c87..78d7674e71f9f 100644
--- a/drivers/net/wireless/marvell/mwifiex/pcie.c
+++ b/drivers/net/wireless/marvell/mwifiex/pcie.c
@@ -50,6 +50,8 @@ static int mwifiex_pcie_probe_of(struct device *dev)
}
static void mwifiex_pcie_work(struct work_struct *work);
+static int mwifiex_pcie_delete_rxbd_ring(struct mwifiex_adapter *adapter);
+static int mwifiex_pcie_delete_evtbd_ring(struct mwifiex_adapter *adapter);
static int
mwifiex_map_pci_memory(struct mwifiex_adapter *adapter, struct sk_buff *skb,
@@ -627,14 +629,15 @@ static int mwifiex_init_rxq_ring(struct mwifiex_adapter *adapter)
if (!skb) {
mwifiex_dbg(adapter, ERROR,
"Unable to allocate skb for RX ring.\n");
- kfree(card->rxbd_ring_vbase);
return -ENOMEM;
}
if (mwifiex_map_pci_memory(adapter, skb,
MWIFIEX_RX_DATA_BUF_SIZE,
- DMA_FROM_DEVICE))
- return -1;
+ DMA_FROM_DEVICE)) {
+ kfree_skb(skb);
+ return -ENOMEM;
+ }
buf_pa = MWIFIEX_SKB_DMA_ADDR(skb);
@@ -684,7 +687,6 @@ static int mwifiex_pcie_init_evt_ring(struct mwifiex_adapter *adapter)
if (!skb) {
mwifiex_dbg(adapter, ERROR,
"Unable to allocate skb for EVENT buf.\n");
- kfree(card->evtbd_ring_vbase);
return -ENOMEM;
}
skb_put(skb, MAX_EVENT_SIZE);
@@ -692,8 +694,7 @@ static int mwifiex_pcie_init_evt_ring(struct mwifiex_adapter *adapter)
if (mwifiex_map_pci_memory(adapter, skb, MAX_EVENT_SIZE,
DMA_FROM_DEVICE)) {
kfree_skb(skb);
- kfree(card->evtbd_ring_vbase);
- return -1;
+ return -ENOMEM;
}
buf_pa = MWIFIEX_SKB_DMA_ADDR(skb);
@@ -892,6 +893,7 @@ static int mwifiex_pcie_delete_txbd_ring(struct mwifiex_adapter *adapter)
*/
static int mwifiex_pcie_create_rxbd_ring(struct mwifiex_adapter *adapter)
{
+ int ret;
struct pcie_service_card *card = adapter->card;
const struct mwifiex_pcie_card_reg *reg = card->pcie.reg;
@@ -930,7 +932,10 @@ static int mwifiex_pcie_create_rxbd_ring(struct mwifiex_adapter *adapter)
(u32)((u64)card->rxbd_ring_pbase >> 32),
card->rxbd_ring_size);
- return mwifiex_init_rxq_ring(adapter);
+ ret = mwifiex_init_rxq_ring(adapter);
+ if (ret)
+ mwifiex_pcie_delete_rxbd_ring(adapter);
+ return ret;
}
/*
@@ -961,6 +966,7 @@ static int mwifiex_pcie_delete_rxbd_ring(struct mwifiex_adapter *adapter)
*/
static int mwifiex_pcie_create_evtbd_ring(struct mwifiex_adapter *adapter)
{
+ int ret;
struct pcie_service_card *card = adapter->card;
const struct mwifiex_pcie_card_reg *reg = card->pcie.reg;
@@ -995,7 +1001,10 @@ static int mwifiex_pcie_create_evtbd_ring(struct mwifiex_adapter *adapter)
(u32)((u64)card->evtbd_ring_pbase >> 32),
card->evtbd_ring_size);
- return mwifiex_pcie_init_evt_ring(adapter);
+ ret = mwifiex_pcie_init_evt_ring(adapter);
+ if (ret)
+ mwifiex_pcie_delete_evtbd_ring(adapter);
+ return ret;
}
/*
--
2.40.1
^ permalink raw reply related [flat|nested] 396+ messages in thread
* [PATCH 5.4 068/367] crypto: stm32 - Properly handle pm_runtime_get failing
2023-09-20 11:26 [PATCH 5.4 000/367] 5.4.257-rc1 review Greg Kroah-Hartman
` (66 preceding siblings ...)
2023-09-20 11:27 ` [PATCH 5.4 067/367] wifi: mwifiex: fix error recovery in PCIE buffer descriptor management Greg Kroah-Hartman
@ 2023-09-20 11:27 ` Greg Kroah-Hartman
2023-09-20 11:27 ` [PATCH 5.4 069/367] Bluetooth: nokia: fix value check in nokia_bluetooth_serdev_probe() Greg Kroah-Hartman
` (304 subsequent siblings)
372 siblings, 0 replies; 396+ messages in thread
From: Greg Kroah-Hartman @ 2023-09-20 11:27 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Uwe Kleine-König, Herbert Xu,
Sasha Levin
5.4-stable review patch. If anyone has any objections, please let me know.
------------------
From: Uwe Kleine-König <u.kleine-koenig@pengutronix.de>
[ Upstream commit aec48805163338f8413118796c1dd035661b9140 ]
If pm_runtime_get() (disguised as pm_runtime_resume_and_get()) fails, this
means the clk wasn't prepared and enabled. Returning early in this case
however is wrong as then the following resource frees are skipped and this
is never catched up. So do all the cleanups but clk_disable_unprepare().
Also don't emit a warning, as stm32_hash_runtime_resume() already emitted
one.
Note that the return value of stm32_hash_remove() is mostly ignored by
the device core. The only effect of returning zero instead of an error
value is to suppress another warning in platform_remove(). So return 0
even if pm_runtime_resume_and_get() failed.
Fixes: 8b4d566de6a5 ("crypto: stm32/hash - Add power management support")
Signed-off-by: Uwe Kleine-König <u.kleine-koenig@pengutronix.de>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/crypto/stm32/stm32-hash.c | 7 +++----
1 file changed, 3 insertions(+), 4 deletions(-)
diff --git a/drivers/crypto/stm32/stm32-hash.c b/drivers/crypto/stm32/stm32-hash.c
index dcce15b558091..7beb07def3d3a 100644
--- a/drivers/crypto/stm32/stm32-hash.c
+++ b/drivers/crypto/stm32/stm32-hash.c
@@ -1553,9 +1553,7 @@ static int stm32_hash_remove(struct platform_device *pdev)
if (!hdev)
return -ENODEV;
- ret = pm_runtime_resume_and_get(hdev->dev);
- if (ret < 0)
- return ret;
+ ret = pm_runtime_get_sync(hdev->dev);
stm32_hash_unregister_algs(hdev);
@@ -1571,7 +1569,8 @@ static int stm32_hash_remove(struct platform_device *pdev)
pm_runtime_disable(hdev->dev);
pm_runtime_put_noidle(hdev->dev);
- clk_disable_unprepare(hdev->clk);
+ if (ret >= 0)
+ clk_disable_unprepare(hdev->clk);
return 0;
}
--
2.40.1
^ permalink raw reply related [flat|nested] 396+ messages in thread
* [PATCH 5.4 069/367] Bluetooth: nokia: fix value check in nokia_bluetooth_serdev_probe()
2023-09-20 11:26 [PATCH 5.4 000/367] 5.4.257-rc1 review Greg Kroah-Hartman
` (67 preceding siblings ...)
2023-09-20 11:27 ` [PATCH 5.4 068/367] crypto: stm32 - Properly handle pm_runtime_get failing Greg Kroah-Hartman
@ 2023-09-20 11:27 ` Greg Kroah-Hartman
2023-09-20 11:27 ` [PATCH 5.4 070/367] crypto: caam - fix unchecked return value error Greg Kroah-Hartman
` (303 subsequent siblings)
372 siblings, 0 replies; 396+ messages in thread
From: Greg Kroah-Hartman @ 2023-09-20 11:27 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Yuanjun Gong,
Luiz Augusto von Dentz, Sasha Levin
5.4-stable review patch. If anyone has any objections, please let me know.
------------------
From: Yuanjun Gong <ruc_gongyuanjun@163.com>
[ Upstream commit e8b5aed31355072faac8092ead4938ddec3111fd ]
in nokia_bluetooth_serdev_probe(), check the return value of
clk_prepare_enable() and return the error code if
clk_prepare_enable() returns an unexpected value.
Fixes: 7bb318680e86 ("Bluetooth: add nokia driver")
Signed-off-by: Yuanjun Gong <ruc_gongyuanjun@163.com>
Signed-off-by: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/bluetooth/hci_nokia.c | 6 +++++-
1 file changed, 5 insertions(+), 1 deletion(-)
diff --git a/drivers/bluetooth/hci_nokia.c b/drivers/bluetooth/hci_nokia.c
index 6463350b79779..82db15585196a 100644
--- a/drivers/bluetooth/hci_nokia.c
+++ b/drivers/bluetooth/hci_nokia.c
@@ -734,7 +734,11 @@ static int nokia_bluetooth_serdev_probe(struct serdev_device *serdev)
return err;
}
- clk_prepare_enable(sysclk);
+ err = clk_prepare_enable(sysclk);
+ if (err) {
+ dev_err(dev, "could not enable sysclk: %d", err);
+ return err;
+ }
btdev->sysclk_speed = clk_get_rate(sysclk);
clk_disable_unprepare(sysclk);
--
2.40.1
^ permalink raw reply related [flat|nested] 396+ messages in thread
* [PATCH 5.4 070/367] crypto: caam - fix unchecked return value error
2023-09-20 11:26 [PATCH 5.4 000/367] 5.4.257-rc1 review Greg Kroah-Hartman
` (68 preceding siblings ...)
2023-09-20 11:27 ` [PATCH 5.4 069/367] Bluetooth: nokia: fix value check in nokia_bluetooth_serdev_probe() Greg Kroah-Hartman
@ 2023-09-20 11:27 ` Greg Kroah-Hartman
2023-09-20 11:27 ` [PATCH 5.4 071/367] hwrng: iproc-rng200 - use semicolons rather than commas to separate statements Greg Kroah-Hartman
` (302 subsequent siblings)
372 siblings, 0 replies; 396+ messages in thread
From: Greg Kroah-Hartman @ 2023-09-20 11:27 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Gaurav Jain, Meenakshi Aggarwal,
Herbert Xu, Sasha Levin
5.4-stable review patch. If anyone has any objections, please let me know.
------------------
From: Gaurav Jain <gaurav.jain@nxp.com>
[ Upstream commit e30685204711a6be40dec2622606950ccd37dafe ]
error:
Unchecked return value (CHECKED_RETURN)
check_return: Calling sg_miter_next without checking return value
fix:
added check if(!sg_miter_next)
Fixes: 8a2a0dd35f2e ("crypto: caam - strip input zeros from RSA input buffer")
Signed-off-by: Gaurav Jain <gaurav.jain@nxp.com>
Signed-off-by: Meenakshi Aggarwal <meenakshi.aggarwal@nxp.com>
Reviewed-by: Gaurav Jain <gaurav.jain@nxp.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/crypto/caam/caampkc.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/drivers/crypto/caam/caampkc.c b/drivers/crypto/caam/caampkc.c
index 30e3f41ed8721..e0bba20c13cb5 100644
--- a/drivers/crypto/caam/caampkc.c
+++ b/drivers/crypto/caam/caampkc.c
@@ -225,7 +225,9 @@ static int caam_rsa_count_leading_zeros(struct scatterlist *sgl,
if (len && *buff)
break;
- sg_miter_next(&miter);
+ if (!sg_miter_next(&miter))
+ break;
+
buff = miter.addr;
len = miter.length;
--
2.40.1
^ permalink raw reply related [flat|nested] 396+ messages in thread
* [PATCH 5.4 071/367] hwrng: iproc-rng200 - use semicolons rather than commas to separate statements
2023-09-20 11:26 [PATCH 5.4 000/367] 5.4.257-rc1 review Greg Kroah-Hartman
` (69 preceding siblings ...)
2023-09-20 11:27 ` [PATCH 5.4 070/367] crypto: caam - fix unchecked return value error Greg Kroah-Hartman
@ 2023-09-20 11:27 ` Greg Kroah-Hartman
2023-09-20 11:27 ` [PATCH 5.4 072/367] hwrng: iproc-rng200 - Implement suspend and resume calls Greg Kroah-Hartman
` (301 subsequent siblings)
372 siblings, 0 replies; 396+ messages in thread
From: Greg Kroah-Hartman @ 2023-09-20 11:27 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Julia Lawall, Florian Fainelli,
Herbert Xu, Sasha Levin
5.4-stable review patch. If anyone has any objections, please let me know.
------------------
From: Julia Lawall <Julia.Lawall@inria.fr>
[ Upstream commit f9dc446cb959d1efdb971fb3cde18c354a4a04c9 ]
Replace commas with semicolons. What is done is essentially described by
the following Coccinelle semantic patch (http://coccinelle.lip6.fr/):
// <smpl>
@@ expression e1,e2; @@
e1
-,
+;
e2
... when any
// </smpl>
Signed-off-by: Julia Lawall <Julia.Lawall@inria.fr>
Acked-by: Florian Fainelli <f.fainelli@gmail.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Stable-dep-of: 8e03dd62e5be ("hwrng: iproc-rng200 - Implement suspend and resume calls")
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/char/hw_random/iproc-rng200.c | 8 ++++----
1 file changed, 4 insertions(+), 4 deletions(-)
diff --git a/drivers/char/hw_random/iproc-rng200.c b/drivers/char/hw_random/iproc-rng200.c
index 92be1c0ab99f3..472f37f41317e 100644
--- a/drivers/char/hw_random/iproc-rng200.c
+++ b/drivers/char/hw_random/iproc-rng200.c
@@ -202,10 +202,10 @@ static int iproc_rng200_probe(struct platform_device *pdev)
return PTR_ERR(priv->base);
}
- priv->rng.name = "iproc-rng200",
- priv->rng.read = iproc_rng200_read,
- priv->rng.init = iproc_rng200_init,
- priv->rng.cleanup = iproc_rng200_cleanup,
+ priv->rng.name = "iproc-rng200";
+ priv->rng.read = iproc_rng200_read;
+ priv->rng.init = iproc_rng200_init;
+ priv->rng.cleanup = iproc_rng200_cleanup;
/* Register driver */
ret = devm_hwrng_register(dev, &priv->rng);
--
2.40.1
^ permalink raw reply related [flat|nested] 396+ messages in thread
* [PATCH 5.4 072/367] hwrng: iproc-rng200 - Implement suspend and resume calls
2023-09-20 11:26 [PATCH 5.4 000/367] 5.4.257-rc1 review Greg Kroah-Hartman
` (70 preceding siblings ...)
2023-09-20 11:27 ` [PATCH 5.4 071/367] hwrng: iproc-rng200 - use semicolons rather than commas to separate statements Greg Kroah-Hartman
@ 2023-09-20 11:27 ` Greg Kroah-Hartman
2023-09-20 11:27 ` [PATCH 5.4 073/367] lwt: Fix return values of BPF xmit ops Greg Kroah-Hartman
` (300 subsequent siblings)
372 siblings, 0 replies; 396+ messages in thread
From: Greg Kroah-Hartman @ 2023-09-20 11:27 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Florian Fainelli, Herbert Xu, Sasha Levin
5.4-stable review patch. If anyone has any objections, please let me know.
------------------
From: Florian Fainelli <florian.fainelli@broadcom.com>
[ Upstream commit 8e03dd62e5be811efbf0cbeba47e79e793519105 ]
Chips such as BCM7278 support system wide suspend/resume which will
cause the HWRNG block to lose its state and reset to its power on reset
register values. We need to cleanup and re-initialize the HWRNG for it
to be functional coming out of a system suspend cycle.
Fixes: c3577f6100ca ("hwrng: iproc-rng200 - Add support for BCM7278")
Signed-off-by: Florian Fainelli <florian.fainelli@broadcom.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/char/hw_random/iproc-rng200.c | 25 +++++++++++++++++++++++++
1 file changed, 25 insertions(+)
diff --git a/drivers/char/hw_random/iproc-rng200.c b/drivers/char/hw_random/iproc-rng200.c
index 472f37f41317e..b2d3da17daa8e 100644
--- a/drivers/char/hw_random/iproc-rng200.c
+++ b/drivers/char/hw_random/iproc-rng200.c
@@ -202,6 +202,8 @@ static int iproc_rng200_probe(struct platform_device *pdev)
return PTR_ERR(priv->base);
}
+ dev_set_drvdata(dev, priv);
+
priv->rng.name = "iproc-rng200";
priv->rng.read = iproc_rng200_read;
priv->rng.init = iproc_rng200_init;
@@ -219,6 +221,28 @@ static int iproc_rng200_probe(struct platform_device *pdev)
return 0;
}
+static int __maybe_unused iproc_rng200_suspend(struct device *dev)
+{
+ struct iproc_rng200_dev *priv = dev_get_drvdata(dev);
+
+ iproc_rng200_cleanup(&priv->rng);
+
+ return 0;
+}
+
+static int __maybe_unused iproc_rng200_resume(struct device *dev)
+{
+ struct iproc_rng200_dev *priv = dev_get_drvdata(dev);
+
+ iproc_rng200_init(&priv->rng);
+
+ return 0;
+}
+
+static const struct dev_pm_ops iproc_rng200_pm_ops = {
+ SET_SYSTEM_SLEEP_PM_OPS(iproc_rng200_suspend, iproc_rng200_resume)
+};
+
static const struct of_device_id iproc_rng200_of_match[] = {
{ .compatible = "brcm,bcm7211-rng200", },
{ .compatible = "brcm,bcm7278-rng200", },
@@ -231,6 +255,7 @@ static struct platform_driver iproc_rng200_driver = {
.driver = {
.name = "iproc-rng200",
.of_match_table = iproc_rng200_of_match,
+ .pm = &iproc_rng200_pm_ops,
},
.probe = iproc_rng200_probe,
};
--
2.40.1
^ permalink raw reply related [flat|nested] 396+ messages in thread
* [PATCH 5.4 073/367] lwt: Fix return values of BPF xmit ops
2023-09-20 11:26 [PATCH 5.4 000/367] 5.4.257-rc1 review Greg Kroah-Hartman
` (71 preceding siblings ...)
2023-09-20 11:27 ` [PATCH 5.4 072/367] hwrng: iproc-rng200 - Implement suspend and resume calls Greg Kroah-Hartman
@ 2023-09-20 11:27 ` Greg Kroah-Hartman
2023-09-20 11:27 ` [PATCH 5.4 074/367] lwt: Check LWTUNNEL_XMIT_CONTINUE strictly Greg Kroah-Hartman
` (299 subsequent siblings)
372 siblings, 0 replies; 396+ messages in thread
From: Greg Kroah-Hartman @ 2023-09-20 11:27 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Jordan Griege, Martin KaFai Lau,
Stanislav Fomichev, Yan Zhai, Daniel Borkmann, Sasha Levin
5.4-stable review patch. If anyone has any objections, please let me know.
------------------
From: Yan Zhai <yan@cloudflare.com>
[ Upstream commit 29b22badb7a84b783e3a4fffca16f7768fb31205 ]
BPF encap ops can return different types of positive values, such like
NET_RX_DROP, NET_XMIT_CN, NETDEV_TX_BUSY, and so on, from function
skb_do_redirect and bpf_lwt_xmit_reroute. At the xmit hook, such return
values would be treated implicitly as LWTUNNEL_XMIT_CONTINUE in
ip(6)_finish_output2. When this happens, skbs that have been freed would
continue to the neighbor subsystem, causing use-after-free bug and
kernel crashes.
To fix the incorrect behavior, skb_do_redirect return values can be
simply discarded, the same as tc-egress behavior. On the other hand,
bpf_lwt_xmit_reroute returns useful errors to local senders, e.g. PMTU
information. Thus convert its return values to avoid the conflict with
LWTUNNEL_XMIT_CONTINUE.
Fixes: 3a0af8fd61f9 ("bpf: BPF for lightweight tunnel infrastructure")
Reported-by: Jordan Griege <jgriege@cloudflare.com>
Suggested-by: Martin KaFai Lau <martin.lau@linux.dev>
Suggested-by: Stanislav Fomichev <sdf@google.com>
Signed-off-by: Yan Zhai <yan@cloudflare.com>
Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
Link: https://lore.kernel.org/bpf/0d2b878186cfe215fec6b45769c1cd0591d3628d.1692326837.git.yan@cloudflare.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
net/core/lwt_bpf.c | 7 +++----
1 file changed, 3 insertions(+), 4 deletions(-)
diff --git a/net/core/lwt_bpf.c b/net/core/lwt_bpf.c
index bf270b6a99b4f..017ed82611a8d 100644
--- a/net/core/lwt_bpf.c
+++ b/net/core/lwt_bpf.c
@@ -59,9 +59,8 @@ static int run_lwt_bpf(struct sk_buff *skb, struct bpf_lwt_prog *lwt,
ret = BPF_OK;
} else {
skb_reset_mac_header(skb);
- ret = skb_do_redirect(skb);
- if (ret == 0)
- ret = BPF_REDIRECT;
+ skb_do_redirect(skb);
+ ret = BPF_REDIRECT;
}
break;
@@ -254,7 +253,7 @@ static int bpf_lwt_xmit_reroute(struct sk_buff *skb)
err = dst_output(dev_net(skb_dst(skb)->dev), skb->sk, skb);
if (unlikely(err))
- return err;
+ return net_xmit_errno(err);
/* ip[6]_finish_output2 understand LWTUNNEL_XMIT_DONE */
return LWTUNNEL_XMIT_DONE;
--
2.40.1
^ permalink raw reply related [flat|nested] 396+ messages in thread
* [PATCH 5.4 074/367] lwt: Check LWTUNNEL_XMIT_CONTINUE strictly
2023-09-20 11:26 [PATCH 5.4 000/367] 5.4.257-rc1 review Greg Kroah-Hartman
` (72 preceding siblings ...)
2023-09-20 11:27 ` [PATCH 5.4 073/367] lwt: Fix return values of BPF xmit ops Greg Kroah-Hartman
@ 2023-09-20 11:27 ` Greg Kroah-Hartman
2023-09-20 11:27 ` [PATCH 5.4 075/367] fs: ocfs2: namei: check return value of ocfs2_add_entry() Greg Kroah-Hartman
` (298 subsequent siblings)
372 siblings, 0 replies; 396+ messages in thread
From: Greg Kroah-Hartman @ 2023-09-20 11:27 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Dan Carpenter, Yan Zhai,
Daniel Borkmann, Sasha Levin
5.4-stable review patch. If anyone has any objections, please let me know.
------------------
From: Yan Zhai <yan@cloudflare.com>
[ Upstream commit a171fbec88a2c730b108c7147ac5e7b2f5a02b47 ]
LWTUNNEL_XMIT_CONTINUE is implicitly assumed in ip(6)_finish_output2,
such that any positive return value from a xmit hook could cause
unexpected continue behavior, despite that related skb may have been
freed. This could be error-prone for future xmit hook ops. One of the
possible errors is to return statuses of dst_output directly.
To make the code safer, redefine LWTUNNEL_XMIT_CONTINUE value to
distinguish from dst_output statuses and check the continue
condition explicitly.
Fixes: 3a0af8fd61f9 ("bpf: BPF for lightweight tunnel infrastructure")
Suggested-by: Dan Carpenter <dan.carpenter@linaro.org>
Signed-off-by: Yan Zhai <yan@cloudflare.com>
Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
Link: https://lore.kernel.org/bpf/96b939b85eda00e8df4f7c080f770970a4c5f698.1692326837.git.yan@cloudflare.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
include/net/lwtunnel.h | 5 ++++-
net/ipv4/ip_output.c | 2 +-
net/ipv6/ip6_output.c | 2 +-
3 files changed, 6 insertions(+), 3 deletions(-)
diff --git a/include/net/lwtunnel.h b/include/net/lwtunnel.h
index 5d6c5b1fc6955..ed1cd431e2b3b 100644
--- a/include/net/lwtunnel.h
+++ b/include/net/lwtunnel.h
@@ -16,9 +16,12 @@
#define LWTUNNEL_STATE_INPUT_REDIRECT BIT(1)
#define LWTUNNEL_STATE_XMIT_REDIRECT BIT(2)
+/* LWTUNNEL_XMIT_CONTINUE should be distinguishable from dst_output return
+ * values (NET_XMIT_xxx and NETDEV_TX_xxx in linux/netdevice.h) for safety.
+ */
enum {
LWTUNNEL_XMIT_DONE,
- LWTUNNEL_XMIT_CONTINUE,
+ LWTUNNEL_XMIT_CONTINUE = 0x100,
};
diff --git a/net/ipv4/ip_output.c b/net/ipv4/ip_output.c
index 08ccb501ff0cc..bf7c2333bc236 100644
--- a/net/ipv4/ip_output.c
+++ b/net/ipv4/ip_output.c
@@ -222,7 +222,7 @@ static int ip_finish_output2(struct net *net, struct sock *sk, struct sk_buff *s
if (lwtunnel_xmit_redirect(dst->lwtstate)) {
int res = lwtunnel_xmit(skb);
- if (res < 0 || res == LWTUNNEL_XMIT_DONE)
+ if (res != LWTUNNEL_XMIT_CONTINUE)
return res;
}
diff --git a/net/ipv6/ip6_output.c b/net/ipv6/ip6_output.c
index 8231a7a3dd035..816275b2135fe 100644
--- a/net/ipv6/ip6_output.c
+++ b/net/ipv6/ip6_output.c
@@ -130,7 +130,7 @@ static int ip6_finish_output2(struct net *net, struct sock *sk, struct sk_buff *
if (lwtunnel_xmit_redirect(dst->lwtstate)) {
int res = lwtunnel_xmit(skb);
- if (res < 0 || res == LWTUNNEL_XMIT_DONE)
+ if (res != LWTUNNEL_XMIT_CONTINUE)
return res;
}
--
2.40.1
^ permalink raw reply related [flat|nested] 396+ messages in thread
* [PATCH 5.4 075/367] fs: ocfs2: namei: check return value of ocfs2_add_entry()
2023-09-20 11:26 [PATCH 5.4 000/367] 5.4.257-rc1 review Greg Kroah-Hartman
` (73 preceding siblings ...)
2023-09-20 11:27 ` [PATCH 5.4 074/367] lwt: Check LWTUNNEL_XMIT_CONTINUE strictly Greg Kroah-Hartman
@ 2023-09-20 11:27 ` Greg Kroah-Hartman
2023-09-20 11:27 ` [PATCH 5.4 076/367] wifi: mwifiex: fix memory leak in mwifiex_histogram_read() Greg Kroah-Hartman
` (297 subsequent siblings)
372 siblings, 0 replies; 396+ messages in thread
From: Greg Kroah-Hartman @ 2023-09-20 11:27 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Artem Chernyshev, Joseph Qi,
Joel Becker, Kurt Hackel, Mark Fasheh, Junxiao Bi, Changwei Ge,
Gang He, Jun Piao, Andrew Morton, Sasha Levin
5.4-stable review patch. If anyone has any objections, please let me know.
------------------
From: Artem Chernyshev <artem.chernyshev@red-soft.ru>
[ Upstream commit 6b72e5f9e79360fce4f2be7fe81159fbdf4256a5 ]
Process result of ocfs2_add_entry() in case we have an error
value.
Found by Linux Verification Center (linuxtesting.org) with SVACE.
Link: https://lkml.kernel.org/r/20230803145417.177649-1-artem.chernyshev@red-soft.ru
Fixes: ccd979bdbce9 ("[PATCH] OCFS2: The Second Oracle Cluster Filesystem")
Signed-off-by: Artem Chernyshev <artem.chernyshev@red-soft.ru>
Reviewed-by: Joseph Qi <joseph.qi@linux.alibaba.com>
Cc: Artem Chernyshev <artem.chernyshev@red-soft.ru>
Cc: Joel Becker <jlbec@evilplan.org>
Cc: Kurt Hackel <kurt.hackel@oracle.com>
Cc: Mark Fasheh <mark@fasheh.com>
Cc: Junxiao Bi <junxiao.bi@oracle.com>
Cc: Changwei Ge <gechangwei@live.cn>
Cc: Gang He <ghe@suse.com>
Cc: Jun Piao <piaojun@huawei.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
fs/ocfs2/namei.c | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/fs/ocfs2/namei.c b/fs/ocfs2/namei.c
index fb284bf3aed15..cd6a214398266 100644
--- a/fs/ocfs2/namei.c
+++ b/fs/ocfs2/namei.c
@@ -1524,6 +1524,10 @@ static int ocfs2_rename(struct inode *old_dir,
status = ocfs2_add_entry(handle, new_dentry, old_inode,
OCFS2_I(old_inode)->ip_blkno,
new_dir_bh, &target_insert);
+ if (status < 0) {
+ mlog_errno(status);
+ goto bail;
+ }
}
old_inode->i_ctime = current_time(old_inode);
--
2.40.1
^ permalink raw reply related [flat|nested] 396+ messages in thread
* [PATCH 5.4 076/367] wifi: mwifiex: fix memory leak in mwifiex_histogram_read()
2023-09-20 11:26 [PATCH 5.4 000/367] 5.4.257-rc1 review Greg Kroah-Hartman
` (74 preceding siblings ...)
2023-09-20 11:27 ` [PATCH 5.4 075/367] fs: ocfs2: namei: check return value of ocfs2_add_entry() Greg Kroah-Hartman
@ 2023-09-20 11:27 ` Greg Kroah-Hartman
2023-09-20 11:27 ` [PATCH 5.4 077/367] wifi: mwifiex: Fix missed return in oob checks failed path Greg Kroah-Hartman
` (296 subsequent siblings)
372 siblings, 0 replies; 396+ messages in thread
From: Greg Kroah-Hartman @ 2023-09-20 11:27 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Brian Norris, Dmitry Antipov,
Kalle Valo, Sasha Levin
5.4-stable review patch. If anyone has any objections, please let me know.
------------------
From: Dmitry Antipov <dmantipov@yandex.ru>
[ Upstream commit 9c8fd72a5c2a031cbc680a2990107ecd958ffcdb ]
Always free the zeroed page on return from 'mwifiex_histogram_read()'.
Fixes: cbf6e05527a7 ("mwifiex: add rx histogram statistics support")
Acked-by: Brian Norris <briannorris@chromium.org>
Signed-off-by: Dmitry Antipov <dmantipov@yandex.ru>
Signed-off-by: Kalle Valo <kvalo@kernel.org>
Link: https://lore.kernel.org/r/20230802160726.85545-1-dmantipov@yandex.ru
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/wireless/marvell/mwifiex/debugfs.c | 9 +++++++--
1 file changed, 7 insertions(+), 2 deletions(-)
diff --git a/drivers/net/wireless/marvell/mwifiex/debugfs.c b/drivers/net/wireless/marvell/mwifiex/debugfs.c
index 8ab114cf3467f..e4cb7ce1c8b85 100644
--- a/drivers/net/wireless/marvell/mwifiex/debugfs.c
+++ b/drivers/net/wireless/marvell/mwifiex/debugfs.c
@@ -265,8 +265,11 @@ mwifiex_histogram_read(struct file *file, char __user *ubuf,
if (!p)
return -ENOMEM;
- if (!priv || !priv->hist_data)
- return -EFAULT;
+ if (!priv || !priv->hist_data) {
+ ret = -EFAULT;
+ goto free_and_exit;
+ }
+
phist_data = priv->hist_data;
p += sprintf(p, "\n"
@@ -321,6 +324,8 @@ mwifiex_histogram_read(struct file *file, char __user *ubuf,
ret = simple_read_from_buffer(ubuf, count, ppos, (char *)page,
(unsigned long)p - page);
+free_and_exit:
+ free_page(page);
return ret;
}
--
2.40.1
^ permalink raw reply related [flat|nested] 396+ messages in thread
* [PATCH 5.4 077/367] wifi: mwifiex: Fix missed return in oob checks failed path
2023-09-20 11:26 [PATCH 5.4 000/367] 5.4.257-rc1 review Greg Kroah-Hartman
` (75 preceding siblings ...)
2023-09-20 11:27 ` [PATCH 5.4 076/367] wifi: mwifiex: fix memory leak in mwifiex_histogram_read() Greg Kroah-Hartman
@ 2023-09-20 11:27 ` Greg Kroah-Hartman
2023-09-20 11:27 ` [PATCH 5.4 078/367] wifi: ath9k: fix races between ath9k_wmi_cmd and ath9k_wmi_ctrl_rx Greg Kroah-Hartman
` (295 subsequent siblings)
372 siblings, 0 replies; 396+ messages in thread
From: Greg Kroah-Hartman @ 2023-09-20 11:27 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Polaris Pi, Dmitry Antipov,
Brian Norris, Kalle Valo, Sasha Levin
5.4-stable review patch. If anyone has any objections, please let me know.
------------------
From: Polaris Pi <pinkperfect2021@gmail.com>
[ Upstream commit 2785851c627f2db05f9271f7f63661b5dbd95c4c ]
Add missed return in mwifiex_uap_queue_bridged_pkt() and
mwifiex_process_rx_packet().
Fixes: 119585281617 ("wifi: mwifiex: Fix OOB and integer underflow when rx packets")
Signed-off-by: Polaris Pi <pinkperfect2021@gmail.com>
Reported-by: Dmitry Antipov <dmantipov@yandex.ru>
Acked-by: Brian Norris <briannorris@chromium.org>
Signed-off-by: Kalle Valo <kvalo@kernel.org>
Link: https://lore.kernel.org/r/20230810083911.3725248-1-pinkperfect2021@gmail.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/wireless/marvell/mwifiex/sta_rx.c | 1 +
drivers/net/wireless/marvell/mwifiex/uap_txrx.c | 1 +
2 files changed, 2 insertions(+)
diff --git a/drivers/net/wireless/marvell/mwifiex/sta_rx.c b/drivers/net/wireless/marvell/mwifiex/sta_rx.c
index 53eef44739571..a42b8ff33b23f 100644
--- a/drivers/net/wireless/marvell/mwifiex/sta_rx.c
+++ b/drivers/net/wireless/marvell/mwifiex/sta_rx.c
@@ -104,6 +104,7 @@ int mwifiex_process_rx_packet(struct mwifiex_private *priv,
skb->len, rx_pkt_off);
priv->stats.rx_dropped++;
dev_kfree_skb_any(skb);
+ return -1;
}
if ((!memcmp(&rx_pkt_hdr->rfc1042_hdr, bridge_tunnel_header,
diff --git a/drivers/net/wireless/marvell/mwifiex/uap_txrx.c b/drivers/net/wireless/marvell/mwifiex/uap_txrx.c
index 8e263bcc8f432..4d2d309289426 100644
--- a/drivers/net/wireless/marvell/mwifiex/uap_txrx.c
+++ b/drivers/net/wireless/marvell/mwifiex/uap_txrx.c
@@ -122,6 +122,7 @@ static void mwifiex_uap_queue_bridged_pkt(struct mwifiex_private *priv,
skb->len, le16_to_cpu(uap_rx_pd->rx_pkt_offset));
priv->stats.rx_dropped++;
dev_kfree_skb_any(skb);
+ return;
}
if ((!memcmp(&rx_pkt_hdr->rfc1042_hdr, bridge_tunnel_header,
--
2.40.1
^ permalink raw reply related [flat|nested] 396+ messages in thread
* [PATCH 5.4 078/367] wifi: ath9k: fix races between ath9k_wmi_cmd and ath9k_wmi_ctrl_rx
2023-09-20 11:26 [PATCH 5.4 000/367] 5.4.257-rc1 review Greg Kroah-Hartman
` (76 preceding siblings ...)
2023-09-20 11:27 ` [PATCH 5.4 077/367] wifi: mwifiex: Fix missed return in oob checks failed path Greg Kroah-Hartman
@ 2023-09-20 11:27 ` Greg Kroah-Hartman
2023-09-20 11:27 ` [PATCH 5.4 079/367] wifi: ath9k: protect WMI command response buffer replacement with a lock Greg Kroah-Hartman
` (294 subsequent siblings)
372 siblings, 0 replies; 396+ messages in thread
From: Greg Kroah-Hartman @ 2023-09-20 11:27 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Fedor Pchelkin,
Toke Høiland-Jørgensen, Kalle Valo, Sasha Levin
5.4-stable review patch. If anyone has any objections, please let me know.
------------------
From: Fedor Pchelkin <pchelkin@ispras.ru>
[ Upstream commit b674fb513e2e7a514fcde287c0f73915d393fdb6 ]
Currently, the synchronization between ath9k_wmi_cmd() and
ath9k_wmi_ctrl_rx() is exposed to a race condition which, although being
rather unlikely, can lead to invalid behaviour of ath9k_wmi_cmd().
Consider the following scenario:
CPU0 CPU1
ath9k_wmi_cmd(...)
mutex_lock(&wmi->op_mutex)
ath9k_wmi_cmd_issue(...)
wait_for_completion_timeout(...)
---
timeout
---
/* the callback is being processed
* before last_seq_id became zero
*/
ath9k_wmi_ctrl_rx(...)
spin_lock_irqsave(...)
/* wmi->last_seq_id check here
* doesn't detect timeout yet
*/
spin_unlock_irqrestore(...)
/* last_seq_id is zeroed to
* indicate there was a timeout
*/
wmi->last_seq_id = 0
mutex_unlock(&wmi->op_mutex)
return -ETIMEDOUT
ath9k_wmi_cmd(...)
mutex_lock(&wmi->op_mutex)
/* the buffer is replaced with
* another one
*/
wmi->cmd_rsp_buf = rsp_buf
wmi->cmd_rsp_len = rsp_len
ath9k_wmi_cmd_issue(...)
spin_lock_irqsave(...)
spin_unlock_irqrestore(...)
wait_for_completion_timeout(...)
/* the continuation of the
* callback left after the first
* ath9k_wmi_cmd call
*/
ath9k_wmi_rsp_callback(...)
/* copying data designated
* to already timeouted
* WMI command into an
* inappropriate wmi_cmd_buf
*/
memcpy(...)
complete(&wmi->cmd_wait)
/* awakened by the bogus callback
* => invalid return result
*/
mutex_unlock(&wmi->op_mutex)
return 0
To fix this, update last_seq_id on timeout path inside ath9k_wmi_cmd()
under the wmi_lock. Move ath9k_wmi_rsp_callback() under wmi_lock inside
ath9k_wmi_ctrl_rx() so that the wmi->cmd_wait can be completed only for
initially designated wmi_cmd call, otherwise the path would be rejected
with last_seq_id check.
Found by Linux Verification Center (linuxtesting.org) with Syzkaller.
Fixes: fb9987d0f748 ("ath9k_htc: Support for AR9271 chipset.")
Signed-off-by: Fedor Pchelkin <pchelkin@ispras.ru>
Acked-by: Toke Høiland-Jørgensen <toke@toke.dk>
Signed-off-by: Kalle Valo <quic_kvalo@quicinc.com>
Link: https://lore.kernel.org/r/20230425192607.18015-1-pchelkin@ispras.ru
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/wireless/ath/ath9k/wmi.c | 6 ++++--
1 file changed, 4 insertions(+), 2 deletions(-)
diff --git a/drivers/net/wireless/ath/ath9k/wmi.c b/drivers/net/wireless/ath/ath9k/wmi.c
index ef861b19fd477..96482ad23145c 100644
--- a/drivers/net/wireless/ath/ath9k/wmi.c
+++ b/drivers/net/wireless/ath/ath9k/wmi.c
@@ -239,10 +239,10 @@ static void ath9k_wmi_ctrl_rx(void *priv, struct sk_buff *skb,
spin_unlock_irqrestore(&wmi->wmi_lock, flags);
goto free_skb;
}
- spin_unlock_irqrestore(&wmi->wmi_lock, flags);
/* WMI command response */
ath9k_wmi_rsp_callback(wmi, skb);
+ spin_unlock_irqrestore(&wmi->wmi_lock, flags);
free_skb:
kfree_skb(skb);
@@ -305,8 +305,8 @@ int ath9k_wmi_cmd(struct wmi *wmi, enum wmi_cmd_id cmd_id,
struct ath_common *common = ath9k_hw_common(ah);
u16 headroom = sizeof(struct htc_frame_hdr) +
sizeof(struct wmi_cmd_hdr);
+ unsigned long time_left, flags;
struct sk_buff *skb;
- unsigned long time_left;
int ret = 0;
if (ah->ah_flags & AH_UNPLUGGED)
@@ -342,7 +342,9 @@ int ath9k_wmi_cmd(struct wmi *wmi, enum wmi_cmd_id cmd_id,
if (!time_left) {
ath_dbg(common, WMI, "Timeout waiting for WMI command: %s\n",
wmi_cmd_to_name(cmd_id));
+ spin_lock_irqsave(&wmi->wmi_lock, flags);
wmi->last_seq_id = 0;
+ spin_unlock_irqrestore(&wmi->wmi_lock, flags);
mutex_unlock(&wmi->op_mutex);
return -ETIMEDOUT;
}
--
2.40.1
^ permalink raw reply related [flat|nested] 396+ messages in thread
* [PATCH 5.4 079/367] wifi: ath9k: protect WMI command response buffer replacement with a lock
2023-09-20 11:26 [PATCH 5.4 000/367] 5.4.257-rc1 review Greg Kroah-Hartman
` (77 preceding siblings ...)
2023-09-20 11:27 ` [PATCH 5.4 078/367] wifi: ath9k: fix races between ath9k_wmi_cmd and ath9k_wmi_ctrl_rx Greg Kroah-Hartman
@ 2023-09-20 11:27 ` Greg Kroah-Hartman
2023-09-20 11:27 ` [PATCH 5.4 080/367] wifi: mwifiex: avoid possible NULL skb pointer dereference Greg Kroah-Hartman
` (293 subsequent siblings)
372 siblings, 0 replies; 396+ messages in thread
From: Greg Kroah-Hartman @ 2023-09-20 11:27 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Fedor Pchelkin,
Toke Høiland-Jørgensen, Kalle Valo, Sasha Levin
5.4-stable review patch. If anyone has any objections, please let me know.
------------------
From: Fedor Pchelkin <pchelkin@ispras.ru>
[ Upstream commit 454994cfa9e4c18b6df9f78b60db8eadc20a6c25 ]
If ath9k_wmi_cmd() has exited with a timeout, it is possible that during
next ath9k_wmi_cmd() call the wmi_rsp callback for previous wmi command
writes to new wmi->cmd_rsp_buf and makes a completion. This results in an
invalid ath9k_wmi_cmd() return value.
Move the replacement of WMI command response buffer and length under
wmi_lock. Note that last_seq_id value is updated there, too.
Thus, the buffer cannot be written to by a belated wmi_rsp callback
because that path is properly rejected by the last_seq_id check.
Found by Linux Verification Center (linuxtesting.org) with Syzkaller.
Fixes: fb9987d0f748 ("ath9k_htc: Support for AR9271 chipset.")
Signed-off-by: Fedor Pchelkin <pchelkin@ispras.ru>
Acked-by: Toke Høiland-Jørgensen <toke@toke.dk>
Signed-off-by: Kalle Valo <quic_kvalo@quicinc.com>
Link: https://lore.kernel.org/r/20230425192607.18015-2-pchelkin@ispras.ru
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/wireless/ath/ath9k/wmi.c | 14 ++++++++------
1 file changed, 8 insertions(+), 6 deletions(-)
diff --git a/drivers/net/wireless/ath/ath9k/wmi.c b/drivers/net/wireless/ath/ath9k/wmi.c
index 96482ad23145c..dd8027b8af63e 100644
--- a/drivers/net/wireless/ath/ath9k/wmi.c
+++ b/drivers/net/wireless/ath/ath9k/wmi.c
@@ -280,7 +280,8 @@ int ath9k_wmi_connect(struct htc_target *htc, struct wmi *wmi,
static int ath9k_wmi_cmd_issue(struct wmi *wmi,
struct sk_buff *skb,
- enum wmi_cmd_id cmd, u16 len)
+ enum wmi_cmd_id cmd, u16 len,
+ u8 *rsp_buf, u32 rsp_len)
{
struct wmi_cmd_hdr *hdr;
unsigned long flags;
@@ -290,6 +291,11 @@ static int ath9k_wmi_cmd_issue(struct wmi *wmi,
hdr->seq_no = cpu_to_be16(++wmi->tx_seq_id);
spin_lock_irqsave(&wmi->wmi_lock, flags);
+
+ /* record the rsp buffer and length */
+ wmi->cmd_rsp_buf = rsp_buf;
+ wmi->cmd_rsp_len = rsp_len;
+
wmi->last_seq_id = wmi->tx_seq_id;
spin_unlock_irqrestore(&wmi->wmi_lock, flags);
@@ -330,11 +336,7 @@ int ath9k_wmi_cmd(struct wmi *wmi, enum wmi_cmd_id cmd_id,
goto out;
}
- /* record the rsp buffer and length */
- wmi->cmd_rsp_buf = rsp_buf;
- wmi->cmd_rsp_len = rsp_len;
-
- ret = ath9k_wmi_cmd_issue(wmi, skb, cmd_id, cmd_len);
+ ret = ath9k_wmi_cmd_issue(wmi, skb, cmd_id, cmd_len, rsp_buf, rsp_len);
if (ret)
goto out;
--
2.40.1
^ permalink raw reply related [flat|nested] 396+ messages in thread
* [PATCH 5.4 080/367] wifi: mwifiex: avoid possible NULL skb pointer dereference
2023-09-20 11:26 [PATCH 5.4 000/367] 5.4.257-rc1 review Greg Kroah-Hartman
` (78 preceding siblings ...)
2023-09-20 11:27 ` [PATCH 5.4 079/367] wifi: ath9k: protect WMI command response buffer replacement with a lock Greg Kroah-Hartman
@ 2023-09-20 11:27 ` Greg Kroah-Hartman
2023-09-20 11:27 ` [PATCH 5.4 081/367] wifi: ath9k: use IS_ERR() with debugfs_create_dir() Greg Kroah-Hartman
` (292 subsequent siblings)
372 siblings, 0 replies; 396+ messages in thread
From: Greg Kroah-Hartman @ 2023-09-20 11:27 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Brian Norris, Dmitry Antipov,
Kalle Valo, Sasha Levin
5.4-stable review patch. If anyone has any objections, please let me know.
------------------
From: Dmitry Antipov <dmantipov@yandex.ru>
[ Upstream commit 35a7a1ce7c7d61664ee54f5239a1f120ab95a87e ]
In 'mwifiex_handle_uap_rx_forward()', always check the value
returned by 'skb_copy()' to avoid potential NULL pointer
dereference in 'mwifiex_uap_queue_bridged_pkt()', and drop
original skb in case of copying failure.
Found by Linux Verification Center (linuxtesting.org) with SVACE.
Fixes: 838e4f449297 ("mwifiex: improve uAP RX handling")
Acked-by: Brian Norris <briannorris@chromium.org>
Signed-off-by: Dmitry Antipov <dmantipov@yandex.ru>
Signed-off-by: Kalle Valo <kvalo@kernel.org>
Link: https://lore.kernel.org/r/20230814095041.16416-1-dmantipov@yandex.ru
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/wireless/marvell/mwifiex/uap_txrx.c | 10 +++++++++-
1 file changed, 9 insertions(+), 1 deletion(-)
diff --git a/drivers/net/wireless/marvell/mwifiex/uap_txrx.c b/drivers/net/wireless/marvell/mwifiex/uap_txrx.c
index 4d2d309289426..cb3f72eee230a 100644
--- a/drivers/net/wireless/marvell/mwifiex/uap_txrx.c
+++ b/drivers/net/wireless/marvell/mwifiex/uap_txrx.c
@@ -265,7 +265,15 @@ int mwifiex_handle_uap_rx_forward(struct mwifiex_private *priv,
if (is_multicast_ether_addr(ra)) {
skb_uap = skb_copy(skb, GFP_ATOMIC);
- mwifiex_uap_queue_bridged_pkt(priv, skb_uap);
+ if (likely(skb_uap)) {
+ mwifiex_uap_queue_bridged_pkt(priv, skb_uap);
+ } else {
+ mwifiex_dbg(adapter, ERROR,
+ "failed to copy skb for uAP\n");
+ priv->stats.rx_dropped++;
+ dev_kfree_skb_any(skb);
+ return -1;
+ }
} else {
if (mwifiex_get_sta_entry(priv, ra)) {
/* Requeue Intra-BSS packet */
--
2.40.1
^ permalink raw reply related [flat|nested] 396+ messages in thread
* [PATCH 5.4 081/367] wifi: ath9k: use IS_ERR() with debugfs_create_dir()
2023-09-20 11:26 [PATCH 5.4 000/367] 5.4.257-rc1 review Greg Kroah-Hartman
` (79 preceding siblings ...)
2023-09-20 11:27 ` [PATCH 5.4 080/367] wifi: mwifiex: avoid possible NULL skb pointer dereference Greg Kroah-Hartman
@ 2023-09-20 11:27 ` Greg Kroah-Hartman
2023-09-20 11:27 ` [PATCH 5.4 082/367] net: arcnet: Do not call kfree_skb() under local_irq_disable() Greg Kroah-Hartman
` (291 subsequent siblings)
372 siblings, 0 replies; 396+ messages in thread
From: Greg Kroah-Hartman @ 2023-09-20 11:27 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Wang Ming,
Toke Høiland-Jørgensen, Kalle Valo, Sasha Levin
5.4-stable review patch. If anyone has any objections, please let me know.
------------------
From: Wang Ming <machel@vivo.com>
[ Upstream commit 1e4134610d93271535ecf900a676e1f094e9944c ]
The debugfs_create_dir() function returns error pointers,
it never returns NULL. Most incorrect error checks were fixed,
but the one in ath9k_htc_init_debug() was forgotten.
Fix the remaining error check.
Fixes: e5facc75fa91 ("ath9k_htc: Cleanup HTC debugfs")
Signed-off-by: Wang Ming <machel@vivo.com>
Acked-by: Toke Høiland-Jørgensen <toke@toke.dk>
Signed-off-by: Kalle Valo <quic_kvalo@quicinc.com>
Link: https://lore.kernel.org/r/20230713030358.12379-1-machel@vivo.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/wireless/ath/ath9k/htc_drv_debug.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/net/wireless/ath/ath9k/htc_drv_debug.c b/drivers/net/wireless/ath/ath9k/htc_drv_debug.c
index b3ed65e5c4da8..c55aab01fff5d 100644
--- a/drivers/net/wireless/ath/ath9k/htc_drv_debug.c
+++ b/drivers/net/wireless/ath/ath9k/htc_drv_debug.c
@@ -491,7 +491,7 @@ int ath9k_htc_init_debug(struct ath_hw *ah)
priv->debug.debugfs_phy = debugfs_create_dir(KBUILD_MODNAME,
priv->hw->wiphy->debugfsdir);
- if (!priv->debug.debugfs_phy)
+ if (IS_ERR(priv->debug.debugfs_phy))
return -ENOMEM;
ath9k_cmn_spectral_init_debug(&priv->spec_priv, priv->debug.debugfs_phy);
--
2.40.1
^ permalink raw reply related [flat|nested] 396+ messages in thread
* [PATCH 5.4 082/367] net: arcnet: Do not call kfree_skb() under local_irq_disable()
2023-09-20 11:26 [PATCH 5.4 000/367] 5.4.257-rc1 review Greg Kroah-Hartman
` (80 preceding siblings ...)
2023-09-20 11:27 ` [PATCH 5.4 081/367] wifi: ath9k: use IS_ERR() with debugfs_create_dir() Greg Kroah-Hartman
@ 2023-09-20 11:27 ` Greg Kroah-Hartman
2023-09-20 11:27 ` [PATCH 5.4 083/367] mlxsw: i2c: Fix chunk size setting in output mailbox buffer Greg Kroah-Hartman
` (290 subsequent siblings)
372 siblings, 0 replies; 396+ messages in thread
From: Greg Kroah-Hartman @ 2023-09-20 11:27 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Jinjie Ruan, David S. Miller, Sasha Levin
5.4-stable review patch. If anyone has any objections, please let me know.
------------------
From: Jinjie Ruan <ruanjinjie@huawei.com>
[ Upstream commit 786c96e92fb9e854cb8b0cb7399bb2fb28e15c4b ]
It is not allowed to call kfree_skb() from hardware interrupt
context or with hardware interrupts being disabled.
So replace kfree_skb() with dev_kfree_skb_irq() under
local_irq_disable(). Compile tested only.
Fixes: 05fcd31cc472 ("arcnet: add err_skb package for package status feedback")
Signed-off-by: Jinjie Ruan <ruanjinjie@huawei.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/arcnet/arcnet.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/net/arcnet/arcnet.c b/drivers/net/arcnet/arcnet.c
index 553776cc1d29d..2b112d3d85409 100644
--- a/drivers/net/arcnet/arcnet.c
+++ b/drivers/net/arcnet/arcnet.c
@@ -434,7 +434,7 @@ static void arcnet_reply_tasklet(unsigned long data)
ret = sock_queue_err_skb(sk, ackskb);
if (ret)
- kfree_skb(ackskb);
+ dev_kfree_skb_irq(ackskb);
local_irq_enable();
};
--
2.40.1
^ permalink raw reply related [flat|nested] 396+ messages in thread
* [PATCH 5.4 083/367] mlxsw: i2c: Fix chunk size setting in output mailbox buffer
2023-09-20 11:26 [PATCH 5.4 000/367] 5.4.257-rc1 review Greg Kroah-Hartman
` (81 preceding siblings ...)
2023-09-20 11:27 ` [PATCH 5.4 082/367] net: arcnet: Do not call kfree_skb() under local_irq_disable() Greg Kroah-Hartman
@ 2023-09-20 11:27 ` Greg Kroah-Hartman
2023-09-20 11:27 ` [PATCH 5.4 084/367] mlxsw: i2c: Limit single transaction buffer size Greg Kroah-Hartman
` (289 subsequent siblings)
372 siblings, 0 replies; 396+ messages in thread
From: Greg Kroah-Hartman @ 2023-09-20 11:27 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Vadim Pasternak, Ido Schimmel,
Petr Machata, David S. Miller, Sasha Levin
5.4-stable review patch. If anyone has any objections, please let me know.
------------------
From: Vadim Pasternak <vadimp@nvidia.com>
[ Upstream commit 146c7c330507c0384bf29d567186632bfe975927 ]
The driver reads commands output from the output mailbox. If the size
of the output mailbox is not a multiple of the transaction /
block size, then the driver will not issue enough read transactions
to read the entire output, which can result in driver initialization
errors.
Fix by determining the number of transactions using DIV_ROUND_UP().
Fixes: 3029a693beda ("mlxsw: i2c: Allow flexible setting of I2C transactions size")
Signed-off-by: Vadim Pasternak <vadimp@nvidia.com>
Reviewed-by: Ido Schimmel <idosch@nvidia.com>
Signed-off-by: Petr Machata <petrm@nvidia.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/ethernet/mellanox/mlxsw/i2c.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/net/ethernet/mellanox/mlxsw/i2c.c b/drivers/net/ethernet/mellanox/mlxsw/i2c.c
index 7cc4c30af1a71..65976a3ab591e 100644
--- a/drivers/net/ethernet/mellanox/mlxsw/i2c.c
+++ b/drivers/net/ethernet/mellanox/mlxsw/i2c.c
@@ -427,7 +427,7 @@ mlxsw_i2c_cmd(struct device *dev, u16 opcode, u32 in_mod, size_t in_mbox_size,
} else {
/* No input mailbox is case of initialization query command. */
reg_size = MLXSW_I2C_MAX_DATA_SIZE;
- num = reg_size / mlxsw_i2c->block_size;
+ num = DIV_ROUND_UP(reg_size, mlxsw_i2c->block_size);
if (mutex_lock_interruptible(&mlxsw_i2c->cmd.lock) < 0) {
dev_err(&client->dev, "Could not acquire lock");
--
2.40.1
^ permalink raw reply related [flat|nested] 396+ messages in thread
* [PATCH 5.4 084/367] mlxsw: i2c: Limit single transaction buffer size
2023-09-20 11:26 [PATCH 5.4 000/367] 5.4.257-rc1 review Greg Kroah-Hartman
` (82 preceding siblings ...)
2023-09-20 11:27 ` [PATCH 5.4 083/367] mlxsw: i2c: Fix chunk size setting in output mailbox buffer Greg Kroah-Hartman
@ 2023-09-20 11:27 ` Greg Kroah-Hartman
2023-09-20 11:27 ` [PATCH 5.4 085/367] net/sched: sch_hfsc: Ensure inner classes have fsc curve Greg Kroah-Hartman
` (288 subsequent siblings)
372 siblings, 0 replies; 396+ messages in thread
From: Greg Kroah-Hartman @ 2023-09-20 11:27 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Vadim Pasternak, Petr Machata,
David S. Miller, Sasha Levin
5.4-stable review patch. If anyone has any objections, please let me know.
------------------
From: Vadim Pasternak <vadimp@nvidia.com>
[ Upstream commit d7248f1cc835bd80e936dc5b2d94b149bdd0077d ]
Maximum size of buffer is obtained from underlying I2C adapter and in
case adapter allows I2C transaction buffer size greater than 100 bytes,
transaction will fail due to firmware limitation.
As a result driver will fail initialization.
Limit the maximum size of transaction buffer by 100 bytes to fit to
firmware.
Remove unnecessary calculation:
max_t(u16, MLXSW_I2C_BLK_DEF, quirk_size).
This condition can not happened.
Fixes: 3029a693beda ("mlxsw: i2c: Allow flexible setting of I2C transactions size")
Signed-off-by: Vadim Pasternak <vadimp@nvidia.com>
Reviewed-by: Petr Machata <petrm@nvidia.com>
Signed-off-by: Petr Machata <petrm@nvidia.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/ethernet/mellanox/mlxsw/i2c.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/drivers/net/ethernet/mellanox/mlxsw/i2c.c b/drivers/net/ethernet/mellanox/mlxsw/i2c.c
index 65976a3ab591e..b0d44b1361161 100644
--- a/drivers/net/ethernet/mellanox/mlxsw/i2c.c
+++ b/drivers/net/ethernet/mellanox/mlxsw/i2c.c
@@ -47,6 +47,7 @@
#define MLXSW_I2C_MBOX_SIZE_BITS 12
#define MLXSW_I2C_ADDR_BUF_SIZE 4
#define MLXSW_I2C_BLK_DEF 32
+#define MLXSW_I2C_BLK_MAX 100
#define MLXSW_I2C_RETRY 5
#define MLXSW_I2C_TIMEOUT_MSECS 5000
#define MLXSW_I2C_MAX_DATA_SIZE 256
@@ -575,7 +576,7 @@ static int mlxsw_i2c_probe(struct i2c_client *client,
return -EOPNOTSUPP;
}
- mlxsw_i2c->block_size = max_t(u16, MLXSW_I2C_BLK_DEF,
+ mlxsw_i2c->block_size = min_t(u16, MLXSW_I2C_BLK_MAX,
min_t(u16, quirks->max_read_len,
quirks->max_write_len));
} else {
--
2.40.1
^ permalink raw reply related [flat|nested] 396+ messages in thread
* [PATCH 5.4 085/367] net/sched: sch_hfsc: Ensure inner classes have fsc curve
2023-09-20 11:26 [PATCH 5.4 000/367] 5.4.257-rc1 review Greg Kroah-Hartman
` (83 preceding siblings ...)
2023-09-20 11:27 ` [PATCH 5.4 084/367] mlxsw: i2c: Limit single transaction buffer size Greg Kroah-Hartman
@ 2023-09-20 11:27 ` Greg Kroah-Hartman
2023-09-20 11:27 ` [PATCH 5.4 086/367] netrom: Deny concurrent connect() Greg Kroah-Hartman
` (287 subsequent siblings)
372 siblings, 0 replies; 396+ messages in thread
From: Greg Kroah-Hartman @ 2023-09-20 11:27 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Budimir Markovic, Jamal Hadi Salim,
Jakub Kicinski, Sasha Levin
5.4-stable review patch. If anyone has any objections, please let me know.
------------------
From: Budimir Markovic <markovicbudimir@gmail.com>
[ Upstream commit b3d26c5702c7d6c45456326e56d2ccf3f103e60f ]
HFSC assumes that inner classes have an fsc curve, but it is currently
possible for classes without an fsc curve to become parents. This leads
to bugs including a use-after-free.
Don't allow non-root classes without HFSC_FSC to become parents.
Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2")
Reported-by: Budimir Markovic <markovicbudimir@gmail.com>
Signed-off-by: Budimir Markovic <markovicbudimir@gmail.com>
Acked-by: Jamal Hadi Salim <jhs@mojatatu.com>
Link: https://lore.kernel.org/r/20230824084905.422-1-markovicbudimir@gmail.com
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
net/sched/sch_hfsc.c | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/net/sched/sch_hfsc.c b/net/sched/sch_hfsc.c
index 92ad4115e473c..2af4adb7e84e4 100644
--- a/net/sched/sch_hfsc.c
+++ b/net/sched/sch_hfsc.c
@@ -1012,6 +1012,10 @@ hfsc_change_class(struct Qdisc *sch, u32 classid, u32 parentid,
if (parent == NULL)
return -ENOENT;
}
+ if (!(parent->cl_flags & HFSC_FSC) && parent != &q->root) {
+ NL_SET_ERR_MSG(extack, "Invalid parent - parent class must have FSC");
+ return -EINVAL;
+ }
if (classid == 0 || TC_H_MAJ(classid ^ sch->handle) != 0)
return -EINVAL;
--
2.40.1
^ permalink raw reply related [flat|nested] 396+ messages in thread
* [PATCH 5.4 086/367] netrom: Deny concurrent connect().
2023-09-20 11:26 [PATCH 5.4 000/367] 5.4.257-rc1 review Greg Kroah-Hartman
` (84 preceding siblings ...)
2023-09-20 11:27 ` [PATCH 5.4 085/367] net/sched: sch_hfsc: Ensure inner classes have fsc curve Greg Kroah-Hartman
@ 2023-09-20 11:27 ` Greg Kroah-Hartman
2023-09-20 11:27 ` [PATCH 5.4 087/367] drm/bridge: tc358764: Fix debug print parameter order Greg Kroah-Hartman
` (286 subsequent siblings)
372 siblings, 0 replies; 396+ messages in thread
From: Greg Kroah-Hartman @ 2023-09-20 11:27 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, syzbot+666c97e4686410e79649,
Kuniyuki Iwashima, David S. Miller, Sasha Levin
5.4-stable review patch. If anyone has any objections, please let me know.
------------------
From: Kuniyuki Iwashima <kuniyu@amazon.com>
[ Upstream commit c2f8fd7949603efb03908e05abbf7726748c8de3 ]
syzkaller reported null-ptr-deref [0] related to AF_NETROM.
This is another self-accept issue from the strace log. [1]
syz-executor creates an AF_NETROM socket and calls connect(), which
is blocked at that time. Then, sk->sk_state is TCP_SYN_SENT and
sock->state is SS_CONNECTING.
[pid 5059] socket(AF_NETROM, SOCK_SEQPACKET, 0) = 4
[pid 5059] connect(4, {sa_family=AF_NETROM, sa_data="..." <unfinished ...>
Another thread calls connect() concurrently, which finally fails
with -EINVAL. However, the problem here is the socket state is
reset even while the first connect() is blocked.
[pid 5060] connect(4, NULL, 0 <unfinished ...>
[pid 5060] <... connect resumed>) = -1 EINVAL (Invalid argument)
As sk->state is TCP_CLOSE and sock->state is SS_UNCONNECTED, the
following listen() succeeds. Then, the first connect() looks up
itself as a listener and puts skb into the queue with skb->sk itself.
As a result, the next accept() gets another FD of itself as 3, and
the first connect() finishes.
[pid 5060] listen(4, 0 <unfinished ...>
[pid 5060] <... listen resumed>) = 0
[pid 5060] accept(4, NULL, NULL <unfinished ...>
[pid 5060] <... accept resumed>) = 3
[pid 5059] <... connect resumed>) = 0
Then, accept4() is called but blocked, which causes the general protection
fault later.
[pid 5059] accept4(4, NULL, 0x20000400, SOCK_NONBLOCK <unfinished ...>
After that, another self-accept occurs by accept() and writev().
[pid 5060] accept(4, NULL, NULL <unfinished ...>
[pid 5061] writev(3, [{iov_base=...}] <unfinished ...>
[pid 5061] <... writev resumed>) = 99
[pid 5060] <... accept resumed>) = 6
Finally, the leader thread close()s all FDs. Since the three FDs
reference the same socket, nr_release() does the cleanup for it
three times, and the remaining accept4() causes the following fault.
[pid 5058] close(3) = 0
[pid 5058] close(4) = 0
[pid 5058] close(5) = -1 EBADF (Bad file descriptor)
[pid 5058] close(6) = 0
[pid 5058] <... exit_group resumed>) = ?
[ 83.456055][ T5059] general protection fault, probably for non-canonical address 0xdffffc0000000003: 0000 [#1] PREEMPT SMP KASAN
To avoid the issue, we need to return an error for connect() if
another connect() is in progress, as done in __inet_stream_connect().
[0]:
general protection fault, probably for non-canonical address 0xdffffc0000000003: 0000 [#1] PREEMPT SMP KASAN
KASAN: null-ptr-deref in range [0x0000000000000018-0x000000000000001f]
CPU: 0 PID: 5059 Comm: syz-executor.0 Not tainted 6.5.0-rc5-syzkaller-00194-gace0ab3a4b54 #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/26/2023
RIP: 0010:__lock_acquire+0x109/0x5de0 kernel/locking/lockdep.c:5012
Code: 45 85 c9 0f 84 cc 0e 00 00 44 8b 05 11 6e 23 0b 45 85 c0 0f 84 be 0d 00 00 48 ba 00 00 00 00 00 fc ff df 4c 89 d1 48 c1 e9 03 <80> 3c 11 00 0f 85 e8 40 00 00 49 81 3a a0 69 48 90 0f 84 96 0d 00
RSP: 0018:ffffc90003d6f9e0 EFLAGS: 00010006
RAX: ffff8880244c8000 RBX: 1ffff920007adf6c RCX: 0000000000000003
RDX: dffffc0000000000 RSI: 0000000000000000 RDI: 0000000000000018
RBP: 0000000000000001 R08: 0000000000000001 R09: 0000000000000001
R10: 0000000000000018 R11: 0000000000000000 R12: 0000000000000000
R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
FS: 00007f51d519a6c0(0000) GS:ffff8880b9800000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007f51d5158d58 CR3: 000000002943f000 CR4: 00000000003506f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
<TASK>
lock_acquire kernel/locking/lockdep.c:5761 [inline]
lock_acquire+0x1ae/0x510 kernel/locking/lockdep.c:5726
__raw_spin_lock_irqsave include/linux/spinlock_api_smp.h:110 [inline]
_raw_spin_lock_irqsave+0x3a/0x50 kernel/locking/spinlock.c:162
prepare_to_wait+0x47/0x380 kernel/sched/wait.c:269
nr_accept+0x20d/0x650 net/netrom/af_netrom.c:798
do_accept+0x3a6/0x570 net/socket.c:1872
__sys_accept4_file net/socket.c:1913 [inline]
__sys_accept4+0x99/0x120 net/socket.c:1943
__do_sys_accept4 net/socket.c:1954 [inline]
__se_sys_accept4 net/socket.c:1951 [inline]
__x64_sys_accept4+0x96/0x100 net/socket.c:1951
do_syscall_x64 arch/x86/entry/common.c:50 [inline]
do_syscall_64+0x38/0xb0 arch/x86/entry/common.c:80
entry_SYSCALL_64_after_hwframe+0x63/0xcd
RIP: 0033:0x7f51d447cae9
Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007f51d519a0c8 EFLAGS: 00000246 ORIG_RAX: 0000000000000120
RAX: ffffffffffffffda RBX: 00007f51d459bf80 RCX: 00007f51d447cae9
RDX: 0000000020000400 RSI: 0000000000000000 RDI: 0000000000000004
RBP: 00007f51d44c847a R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000800 R11: 0000000000000246 R12: 0000000000000000
R13: 000000000000000b R14: 00007f51d459bf80 R15: 00007ffc25c34e48
</TASK>
Link: https://syzkaller.appspot.com/text?tag=CrashLog&x=152cdb63a80000 [1]
Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2")
Reported-by: syzbot+666c97e4686410e79649@syzkaller.appspotmail.com
Closes: https://syzkaller.appspot.com/bug?extid=666c97e4686410e79649
Signed-off-by: Kuniyuki Iwashima <kuniyu@amazon.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
net/netrom/af_netrom.c | 5 +++++
1 file changed, 5 insertions(+)
diff --git a/net/netrom/af_netrom.c b/net/netrom/af_netrom.c
index 7da77ddba5f4d..e18a73264c103 100644
--- a/net/netrom/af_netrom.c
+++ b/net/netrom/af_netrom.c
@@ -638,6 +638,11 @@ static int nr_connect(struct socket *sock, struct sockaddr *uaddr,
goto out_release;
}
+ if (sock->state == SS_CONNECTING) {
+ err = -EALREADY;
+ goto out_release;
+ }
+
sk->sk_state = TCP_CLOSE;
sock->state = SS_UNCONNECTED;
--
2.40.1
^ permalink raw reply related [flat|nested] 396+ messages in thread
* [PATCH 5.4 087/367] drm/bridge: tc358764: Fix debug print parameter order
2023-09-20 11:26 [PATCH 5.4 000/367] 5.4.257-rc1 review Greg Kroah-Hartman
` (85 preceding siblings ...)
2023-09-20 11:27 ` [PATCH 5.4 086/367] netrom: Deny concurrent connect() Greg Kroah-Hartman
@ 2023-09-20 11:27 ` Greg Kroah-Hartman
2023-09-20 11:27 ` [PATCH 5.4 088/367] quota: avoid increasing DQST_LOOKUPS when iterating over dirty/inuse list Greg Kroah-Hartman
` (285 subsequent siblings)
372 siblings, 0 replies; 396+ messages in thread
From: Greg Kroah-Hartman @ 2023-09-20 11:27 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Marek Vasut, Robert Foss, Sasha Levin
5.4-stable review patch. If anyone has any objections, please let me know.
------------------
From: Marek Vasut <marex@denx.de>
[ Upstream commit 7f947be02aab5b154427cb5b0fffe858fc387b02 ]
The debug print parameters were swapped in the output and they were
printed as decimal values, both the hardware address and the value.
Update the debug print to print the parameters in correct order, and
use hexadecimal print for both address and value.
Fixes: f38b7cca6d0e ("drm/bridge: tc358764: Add DSI to LVDS bridge driver")
Signed-off-by: Marek Vasut <marex@denx.de>
Reviewed-by: Robert Foss <rfoss@kernel.org>
Signed-off-by: Robert Foss <rfoss@kernel.org>
Link: https://patchwork.freedesktop.org/patch/msgid/20230615152817.359420-1-marex@denx.de
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/gpu/drm/bridge/tc358764.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/gpu/drm/bridge/tc358764.c b/drivers/gpu/drm/bridge/tc358764.c
index 170f162ffa558..121250473761e 100644
--- a/drivers/gpu/drm/bridge/tc358764.c
+++ b/drivers/gpu/drm/bridge/tc358764.c
@@ -180,7 +180,7 @@ static void tc358764_read(struct tc358764 *ctx, u16 addr, u32 *val)
if (ret >= 0)
le32_to_cpus(val);
- dev_dbg(ctx->dev, "read: %d, addr: %d\n", addr, *val);
+ dev_dbg(ctx->dev, "read: addr=0x%04x data=0x%08x\n", addr, *val);
}
static void tc358764_write(struct tc358764 *ctx, u16 addr, u32 val)
--
2.40.1
^ permalink raw reply related [flat|nested] 396+ messages in thread
* [PATCH 5.4 088/367] quota: avoid increasing DQST_LOOKUPS when iterating over dirty/inuse list
2023-09-20 11:26 [PATCH 5.4 000/367] 5.4.257-rc1 review Greg Kroah-Hartman
` (86 preceding siblings ...)
2023-09-20 11:27 ` [PATCH 5.4 087/367] drm/bridge: tc358764: Fix debug print parameter order Greg Kroah-Hartman
@ 2023-09-20 11:27 ` Greg Kroah-Hartman
2023-09-20 11:27 ` [PATCH 5.4 089/367] quota: factor out dquot_write_dquot() Greg Kroah-Hartman
` (284 subsequent siblings)
372 siblings, 0 replies; 396+ messages in thread
From: Greg Kroah-Hartman @ 2023-09-20 11:27 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Chengguang Xu, Jan Kara, Sasha Levin
5.4-stable review patch. If anyone has any objections, please let me know.
------------------
From: Chengguang Xu <cgxu519@zoho.com.cn>
[ Upstream commit 05848db2083d4f232e84e385845dcd98d5c511b2 ]
It is meaningless to increase DQST_LOOKUPS number while iterating
over dirty/inuse list, so just avoid it.
Link: https://lore.kernel.org/r/20190926083408.4269-1-cgxu519@zoho.com.cn
Signed-off-by: Chengguang Xu <cgxu519@zoho.com.cn>
Signed-off-by: Jan Kara <jack@suse.cz>
Stable-dep-of: dabc8b207566 ("quota: fix dqput() to follow the guarantees dquot_srcu should provide")
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
fs/quota/dquot.c | 2 --
1 file changed, 2 deletions(-)
diff --git a/fs/quota/dquot.c b/fs/quota/dquot.c
index 5361e6bc397d0..5b887fb1aa71a 100644
--- a/fs/quota/dquot.c
+++ b/fs/quota/dquot.c
@@ -595,7 +595,6 @@ int dquot_scan_active(struct super_block *sb,
/* Now we have active dquot so we can just increase use count */
atomic_inc(&dquot->dq_count);
spin_unlock(&dq_list_lock);
- dqstats_inc(DQST_LOOKUPS);
dqput(old_dquot);
old_dquot = dquot;
/*
@@ -650,7 +649,6 @@ int dquot_writeback_dquots(struct super_block *sb, int type)
* use count */
dqgrab(dquot);
spin_unlock(&dq_list_lock);
- dqstats_inc(DQST_LOOKUPS);
err = sb->dq_op->write_dquot(dquot);
if (err) {
/*
--
2.40.1
^ permalink raw reply related [flat|nested] 396+ messages in thread
* [PATCH 5.4 089/367] quota: factor out dquot_write_dquot()
2023-09-20 11:26 [PATCH 5.4 000/367] 5.4.257-rc1 review Greg Kroah-Hartman
` (87 preceding siblings ...)
2023-09-20 11:27 ` [PATCH 5.4 088/367] quota: avoid increasing DQST_LOOKUPS when iterating over dirty/inuse list Greg Kroah-Hartman
@ 2023-09-20 11:27 ` Greg Kroah-Hartman
2023-09-20 11:27 ` [PATCH 5.4 090/367] quota: rename dquot_active() to inode_quota_active() Greg Kroah-Hartman
` (283 subsequent siblings)
372 siblings, 0 replies; 396+ messages in thread
From: Greg Kroah-Hartman @ 2023-09-20 11:27 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Baokun Li, Jan Kara, Sasha Levin
5.4-stable review patch. If anyone has any objections, please let me know.
------------------
From: Baokun Li <libaokun1@huawei.com>
[ Upstream commit 024128477809f8073d870307c8157b8826ebfd08 ]
Refactor out dquot_write_dquot() to reduce duplicate code.
Signed-off-by: Baokun Li <libaokun1@huawei.com>
Signed-off-by: Jan Kara <jack@suse.cz>
Message-Id: <20230630110822.3881712-2-libaokun1@huawei.com>
Stable-dep-of: dabc8b207566 ("quota: fix dqput() to follow the guarantees dquot_srcu should provide")
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
fs/quota/dquot.c | 39 ++++++++++++++++-----------------------
1 file changed, 16 insertions(+), 23 deletions(-)
diff --git a/fs/quota/dquot.c b/fs/quota/dquot.c
index 5b887fb1aa71a..806a404e7156e 100644
--- a/fs/quota/dquot.c
+++ b/fs/quota/dquot.c
@@ -619,6 +619,18 @@ int dquot_scan_active(struct super_block *sb,
}
EXPORT_SYMBOL(dquot_scan_active);
+static inline int dquot_write_dquot(struct dquot *dquot)
+{
+ int ret = dquot->dq_sb->dq_op->write_dquot(dquot);
+ if (ret < 0) {
+ quota_error(dquot->dq_sb, "Can't write quota structure "
+ "(error %d). Quota may get out of sync!", ret);
+ /* Clear dirty bit anyway to avoid infinite loop. */
+ clear_dquot_dirty(dquot);
+ }
+ return ret;
+}
+
/* Write all dquot structures to quota files */
int dquot_writeback_dquots(struct super_block *sb, int type)
{
@@ -649,16 +661,9 @@ int dquot_writeback_dquots(struct super_block *sb, int type)
* use count */
dqgrab(dquot);
spin_unlock(&dq_list_lock);
- err = sb->dq_op->write_dquot(dquot);
- if (err) {
- /*
- * Clear dirty bit anyway to avoid infinite
- * loop here.
- */
- clear_dquot_dirty(dquot);
- if (!ret)
- ret = err;
- }
+ err = dquot_write_dquot(dquot);
+ if (err && !ret)
+ ret = err;
dqput(dquot);
spin_lock(&dq_list_lock);
}
@@ -756,8 +761,6 @@ static struct shrinker dqcache_shrinker = {
*/
void dqput(struct dquot *dquot)
{
- int ret;
-
if (!dquot)
return;
#ifdef CONFIG_QUOTA_DEBUG
@@ -785,17 +788,7 @@ void dqput(struct dquot *dquot)
if (dquot_dirty(dquot)) {
spin_unlock(&dq_list_lock);
/* Commit dquot before releasing */
- ret = dquot->dq_sb->dq_op->write_dquot(dquot);
- if (ret < 0) {
- quota_error(dquot->dq_sb, "Can't write quota structure"
- " (error %d). Quota may get out of sync!",
- ret);
- /*
- * We clear dirty bit anyway, so that we avoid
- * infinite loop here
- */
- clear_dquot_dirty(dquot);
- }
+ dquot_write_dquot(dquot);
goto we_slept;
}
if (test_bit(DQ_ACTIVE_B, &dquot->dq_flags)) {
--
2.40.1
^ permalink raw reply related [flat|nested] 396+ messages in thread
* [PATCH 5.4 090/367] quota: rename dquot_active() to inode_quota_active()
2023-09-20 11:26 [PATCH 5.4 000/367] 5.4.257-rc1 review Greg Kroah-Hartman
` (88 preceding siblings ...)
2023-09-20 11:27 ` [PATCH 5.4 089/367] quota: factor out dquot_write_dquot() Greg Kroah-Hartman
@ 2023-09-20 11:27 ` Greg Kroah-Hartman
2023-09-20 11:27 ` [PATCH 5.4 091/367] quota: add new helper dquot_active() Greg Kroah-Hartman
` (282 subsequent siblings)
372 siblings, 0 replies; 396+ messages in thread
From: Greg Kroah-Hartman @ 2023-09-20 11:27 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Baokun Li, Jan Kara, Sasha Levin
5.4-stable review patch. If anyone has any objections, please let me know.
------------------
From: Baokun Li <libaokun1@huawei.com>
[ Upstream commit 4b9bdfa16535de8f49bf954aeed0f525ee2fc322 ]
Now we have a helper function dquot_dirty() to determine if dquot has
DQ_MOD_B bit. dquot_active() can easily be misunderstood as a helper
function to determine if dquot has DQ_ACTIVE_B bit. So we avoid this by
renaming it to inode_quota_active() and later on we will add the helper
function dquot_active() to determine if dquot has DQ_ACTIVE_B bit.
Signed-off-by: Baokun Li <libaokun1@huawei.com>
Signed-off-by: Jan Kara <jack@suse.cz>
Message-Id: <20230630110822.3881712-3-libaokun1@huawei.com>
Stable-dep-of: dabc8b207566 ("quota: fix dqput() to follow the guarantees dquot_srcu should provide")
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
fs/quota/dquot.c | 20 ++++++++++----------
1 file changed, 10 insertions(+), 10 deletions(-)
diff --git a/fs/quota/dquot.c b/fs/quota/dquot.c
index 806a404e7156e..7abf1ae05f939 100644
--- a/fs/quota/dquot.c
+++ b/fs/quota/dquot.c
@@ -1409,7 +1409,7 @@ static int info_bdq_free(struct dquot *dquot, qsize_t space)
return QUOTA_NL_NOWARN;
}
-static int dquot_active(const struct inode *inode)
+static int inode_quota_active(const struct inode *inode)
{
struct super_block *sb = inode->i_sb;
@@ -1432,7 +1432,7 @@ static int __dquot_initialize(struct inode *inode, int type)
qsize_t rsv;
int ret = 0;
- if (!dquot_active(inode))
+ if (!inode_quota_active(inode))
return 0;
dquots = i_dquot(inode);
@@ -1540,7 +1540,7 @@ bool dquot_initialize_needed(struct inode *inode)
struct dquot **dquots;
int i;
- if (!dquot_active(inode))
+ if (!inode_quota_active(inode))
return false;
dquots = i_dquot(inode);
@@ -1651,7 +1651,7 @@ int __dquot_alloc_space(struct inode *inode, qsize_t number, int flags)
int reserve = flags & DQUOT_SPACE_RESERVE;
struct dquot **dquots;
- if (!dquot_active(inode)) {
+ if (!inode_quota_active(inode)) {
if (reserve) {
spin_lock(&inode->i_lock);
*inode_reserved_space(inode) += number;
@@ -1721,7 +1721,7 @@ int dquot_alloc_inode(struct inode *inode)
struct dquot_warn warn[MAXQUOTAS];
struct dquot * const *dquots;
- if (!dquot_active(inode))
+ if (!inode_quota_active(inode))
return 0;
for (cnt = 0; cnt < MAXQUOTAS; cnt++)
warn[cnt].w_type = QUOTA_NL_NOWARN;
@@ -1764,7 +1764,7 @@ int dquot_claim_space_nodirty(struct inode *inode, qsize_t number)
struct dquot **dquots;
int cnt, index;
- if (!dquot_active(inode)) {
+ if (!inode_quota_active(inode)) {
spin_lock(&inode->i_lock);
*inode_reserved_space(inode) -= number;
__inode_add_bytes(inode, number);
@@ -1806,7 +1806,7 @@ void dquot_reclaim_space_nodirty(struct inode *inode, qsize_t number)
struct dquot **dquots;
int cnt, index;
- if (!dquot_active(inode)) {
+ if (!inode_quota_active(inode)) {
spin_lock(&inode->i_lock);
*inode_reserved_space(inode) += number;
__inode_sub_bytes(inode, number);
@@ -1850,7 +1850,7 @@ void __dquot_free_space(struct inode *inode, qsize_t number, int flags)
struct dquot **dquots;
int reserve = flags & DQUOT_SPACE_RESERVE, index;
- if (!dquot_active(inode)) {
+ if (!inode_quota_active(inode)) {
if (reserve) {
spin_lock(&inode->i_lock);
*inode_reserved_space(inode) -= number;
@@ -1905,7 +1905,7 @@ void dquot_free_inode(struct inode *inode)
struct dquot * const *dquots;
int index;
- if (!dquot_active(inode))
+ if (!inode_quota_active(inode))
return;
dquots = i_dquot(inode);
@@ -2076,7 +2076,7 @@ int dquot_transfer(struct inode *inode, struct iattr *iattr)
struct super_block *sb = inode->i_sb;
int ret;
- if (!dquot_active(inode))
+ if (!inode_quota_active(inode))
return 0;
if (iattr->ia_valid & ATTR_UID && !uid_eq(iattr->ia_uid, inode->i_uid)){
--
2.40.1
^ permalink raw reply related [flat|nested] 396+ messages in thread
* [PATCH 5.4 091/367] quota: add new helper dquot_active()
2023-09-20 11:26 [PATCH 5.4 000/367] 5.4.257-rc1 review Greg Kroah-Hartman
` (89 preceding siblings ...)
2023-09-20 11:27 ` [PATCH 5.4 090/367] quota: rename dquot_active() to inode_quota_active() Greg Kroah-Hartman
@ 2023-09-20 11:27 ` Greg Kroah-Hartman
2023-09-20 11:27 ` [PATCH 5.4 092/367] quota: fix dqput() to follow the guarantees dquot_srcu should provide Greg Kroah-Hartman
` (281 subsequent siblings)
372 siblings, 0 replies; 396+ messages in thread
From: Greg Kroah-Hartman @ 2023-09-20 11:27 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Baokun Li, Jan Kara, Sasha Levin
5.4-stable review patch. If anyone has any objections, please let me know.
------------------
From: Baokun Li <libaokun1@huawei.com>
[ Upstream commit 33bcfafc48cb186bc4bbcea247feaa396594229e ]
Add new helper function dquot_active() to make the code more concise.
Signed-off-by: Baokun Li <libaokun1@huawei.com>
Signed-off-by: Jan Kara <jack@suse.cz>
Message-Id: <20230630110822.3881712-4-libaokun1@huawei.com>
Stable-dep-of: dabc8b207566 ("quota: fix dqput() to follow the guarantees dquot_srcu should provide")
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
fs/quota/dquot.c | 23 ++++++++++++++---------
1 file changed, 14 insertions(+), 9 deletions(-)
diff --git a/fs/quota/dquot.c b/fs/quota/dquot.c
index 7abf1ae05f939..5495c82e55ad4 100644
--- a/fs/quota/dquot.c
+++ b/fs/quota/dquot.c
@@ -336,6 +336,11 @@ static void wait_on_dquot(struct dquot *dquot)
mutex_unlock(&dquot->dq_lock);
}
+static inline int dquot_active(struct dquot *dquot)
+{
+ return test_bit(DQ_ACTIVE_B, &dquot->dq_flags);
+}
+
static inline int dquot_dirty(struct dquot *dquot)
{
return test_bit(DQ_MOD_B, &dquot->dq_flags);
@@ -351,14 +356,14 @@ int dquot_mark_dquot_dirty(struct dquot *dquot)
{
int ret = 1;
- if (!test_bit(DQ_ACTIVE_B, &dquot->dq_flags))
+ if (!dquot_active(dquot))
return 0;
if (sb_dqopt(dquot->dq_sb)->flags & DQUOT_NOLIST_DIRTY)
return test_and_set_bit(DQ_MOD_B, &dquot->dq_flags);
/* If quota is dirty already, we don't have to acquire dq_list_lock */
- if (test_bit(DQ_MOD_B, &dquot->dq_flags))
+ if (dquot_dirty(dquot))
return 1;
spin_lock(&dq_list_lock);
@@ -438,7 +443,7 @@ int dquot_acquire(struct dquot *dquot)
smp_mb__before_atomic();
set_bit(DQ_READ_B, &dquot->dq_flags);
/* Instantiate dquot if needed */
- if (!test_bit(DQ_ACTIVE_B, &dquot->dq_flags) && !dquot->dq_off) {
+ if (!dquot_active(dquot) && !dquot->dq_off) {
ret = dqopt->ops[dquot->dq_id.type]->commit_dqblk(dquot);
/* Write the info if needed */
if (info_dirty(&dqopt->info[dquot->dq_id.type])) {
@@ -477,7 +482,7 @@ int dquot_commit(struct dquot *dquot)
goto out_lock;
/* Inactive dquot can be only if there was error during read/init
* => we have better not writing it */
- if (test_bit(DQ_ACTIVE_B, &dquot->dq_flags))
+ if (dquot_active(dquot))
ret = dqopt->ops[dquot->dq_id.type]->commit_dqblk(dquot);
else
ret = -EIO;
@@ -588,7 +593,7 @@ int dquot_scan_active(struct super_block *sb,
spin_lock(&dq_list_lock);
list_for_each_entry(dquot, &inuse_list, dq_inuse) {
- if (!test_bit(DQ_ACTIVE_B, &dquot->dq_flags))
+ if (!dquot_active(dquot))
continue;
if (dquot->dq_sb != sb)
continue;
@@ -603,7 +608,7 @@ int dquot_scan_active(struct super_block *sb,
* outstanding call and recheck the DQ_ACTIVE_B after that.
*/
wait_on_dquot(dquot);
- if (test_bit(DQ_ACTIVE_B, &dquot->dq_flags)) {
+ if (dquot_active(dquot)) {
ret = fn(dquot, priv);
if (ret < 0)
goto out;
@@ -654,7 +659,7 @@ int dquot_writeback_dquots(struct super_block *sb, int type)
dquot = list_first_entry(&dirty, struct dquot,
dq_dirty);
- WARN_ON(!test_bit(DQ_ACTIVE_B, &dquot->dq_flags));
+ WARN_ON(!dquot_active(dquot));
/* Now we have active dquot from which someone is
* holding reference so we can safely just increase
@@ -791,7 +796,7 @@ void dqput(struct dquot *dquot)
dquot_write_dquot(dquot);
goto we_slept;
}
- if (test_bit(DQ_ACTIVE_B, &dquot->dq_flags)) {
+ if (dquot_active(dquot)) {
spin_unlock(&dq_list_lock);
dquot->dq_sb->dq_op->release_dquot(dquot);
goto we_slept;
@@ -892,7 +897,7 @@ struct dquot *dqget(struct super_block *sb, struct kqid qid)
* already finished or it will be canceled due to dq_count > 1 test */
wait_on_dquot(dquot);
/* Read the dquot / allocate space in quota file */
- if (!test_bit(DQ_ACTIVE_B, &dquot->dq_flags)) {
+ if (!dquot_active(dquot)) {
int err;
err = sb->dq_op->acquire_dquot(dquot);
--
2.40.1
^ permalink raw reply related [flat|nested] 396+ messages in thread
* [PATCH 5.4 092/367] quota: fix dqput() to follow the guarantees dquot_srcu should provide
2023-09-20 11:26 [PATCH 5.4 000/367] 5.4.257-rc1 review Greg Kroah-Hartman
` (90 preceding siblings ...)
2023-09-20 11:27 ` [PATCH 5.4 091/367] quota: add new helper dquot_active() Greg Kroah-Hartman
@ 2023-09-20 11:27 ` Greg Kroah-Hartman
2023-09-20 11:27 ` [PATCH 5.4 093/367] drm/amdgpu: avoid integer overflow warning in amdgpu_device_resize_fb_bar() Greg Kroah-Hartman
` (280 subsequent siblings)
372 siblings, 0 replies; 396+ messages in thread
From: Greg Kroah-Hartman @ 2023-09-20 11:27 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Jan Kara, Baokun Li, Sasha Levin
5.4-stable review patch. If anyone has any objections, please let me know.
------------------
From: Baokun Li <libaokun1@huawei.com>
[ Upstream commit dabc8b20756601b9e1cc85a81d47d3f98ed4d13a ]
The dquot_mark_dquot_dirty() using dquot references from the inode
should be protected by dquot_srcu. quota_off code takes care to call
synchronize_srcu(&dquot_srcu) to not drop dquot references while they
are used by other users. But dquot_transfer() breaks this assumption.
We call dquot_transfer() to drop the last reference of dquot and add
it to free_dquots, but there may still be other users using the dquot
at this time, as shown in the function graph below:
cpu1 cpu2
_________________|_________________
wb_do_writeback CHOWN(1)
...
ext4_da_update_reserve_space
dquot_claim_block
...
dquot_mark_dquot_dirty // try to dirty old quota
test_bit(DQ_ACTIVE_B, &dquot->dq_flags) // still ACTIVE
if (test_bit(DQ_MOD_B, &dquot->dq_flags))
// test no dirty, wait dq_list_lock
...
dquot_transfer
__dquot_transfer
dqput_all(transfer_from) // rls old dquot
dqput // last dqput
dquot_release
clear_bit(DQ_ACTIVE_B, &dquot->dq_flags)
atomic_dec(&dquot->dq_count)
put_dquot_last(dquot)
list_add_tail(&dquot->dq_free, &free_dquots)
// add the dquot to free_dquots
if (!test_and_set_bit(DQ_MOD_B, &dquot->dq_flags))
add dqi_dirty_list // add released dquot to dirty_list
This can cause various issues, such as dquot being destroyed by
dqcache_shrink_scan() after being added to free_dquots, which can trigger
a UAF in dquot_mark_dquot_dirty(); or after dquot is added to free_dquots
and then to dirty_list, it is added to free_dquots again after
dquot_writeback_dquots() is executed, which causes the free_dquots list to
be corrupted and triggers a UAF when dqcache_shrink_scan() is called for
freeing dquot twice.
As Honza said, we need to fix dquot_transfer() to follow the guarantees
dquot_srcu should provide. But calling synchronize_srcu() directly from
dquot_transfer() is too expensive (and mostly unnecessary). So we add
dquot whose last reference should be dropped to the new global dquot
list releasing_dquots, and then queue work item which would call
synchronize_srcu() and after that perform the final cleanup of all the
dquots on releasing_dquots.
Fixes: 4580b30ea887 ("quota: Do not dirty bad dquots")
Suggested-by: Jan Kara <jack@suse.cz>
Signed-off-by: Baokun Li <libaokun1@huawei.com>
Signed-off-by: Jan Kara <jack@suse.cz>
Message-Id: <20230630110822.3881712-5-libaokun1@huawei.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
fs/quota/dquot.c | 96 +++++++++++++++++++++++++++++++++++++++---------
1 file changed, 78 insertions(+), 18 deletions(-)
diff --git a/fs/quota/dquot.c b/fs/quota/dquot.c
index 5495c82e55ad4..30475cbe82cc8 100644
--- a/fs/quota/dquot.c
+++ b/fs/quota/dquot.c
@@ -223,13 +223,22 @@ static void put_quota_format(struct quota_format_type *fmt)
/*
* Dquot List Management:
- * The quota code uses four lists for dquot management: the inuse_list,
- * free_dquots, dqi_dirty_list, and dquot_hash[] array. A single dquot
- * structure may be on some of those lists, depending on its current state.
+ * The quota code uses five lists for dquot management: the inuse_list,
+ * releasing_dquots, free_dquots, dqi_dirty_list, and dquot_hash[] array.
+ * A single dquot structure may be on some of those lists, depending on
+ * its current state.
*
* All dquots are placed to the end of inuse_list when first created, and this
* list is used for invalidate operation, which must look at every dquot.
*
+ * When the last reference of a dquot will be dropped, the dquot will be
+ * added to releasing_dquots. We'd then queue work item which would call
+ * synchronize_srcu() and after that perform the final cleanup of all the
+ * dquots on the list. Both releasing_dquots and free_dquots use the
+ * dq_free list_head in the dquot struct. When a dquot is removed from
+ * releasing_dquots, a reference count is always subtracted, and if
+ * dq_count == 0 at that point, the dquot will be added to the free_dquots.
+ *
* Unused dquots (dq_count == 0) are added to the free_dquots list when freed,
* and this list is searched whenever we need an available dquot. Dquots are
* removed from the list as soon as they are used again, and
@@ -248,6 +257,7 @@ static void put_quota_format(struct quota_format_type *fmt)
static LIST_HEAD(inuse_list);
static LIST_HEAD(free_dquots);
+static LIST_HEAD(releasing_dquots);
static unsigned int dq_hash_bits, dq_hash_mask;
static struct hlist_head *dquot_hash;
@@ -258,6 +268,9 @@ static qsize_t inode_get_rsv_space(struct inode *inode);
static qsize_t __inode_get_rsv_space(struct inode *inode);
static int __dquot_initialize(struct inode *inode, int type);
+static void quota_release_workfn(struct work_struct *work);
+static DECLARE_DELAYED_WORK(quota_release_work, quota_release_workfn);
+
static inline unsigned int
hashfn(const struct super_block *sb, struct kqid qid)
{
@@ -305,12 +318,18 @@ static inline void put_dquot_last(struct dquot *dquot)
dqstats_inc(DQST_FREE_DQUOTS);
}
+static inline void put_releasing_dquots(struct dquot *dquot)
+{
+ list_add_tail(&dquot->dq_free, &releasing_dquots);
+}
+
static inline void remove_free_dquot(struct dquot *dquot)
{
if (list_empty(&dquot->dq_free))
return;
list_del_init(&dquot->dq_free);
- dqstats_dec(DQST_FREE_DQUOTS);
+ if (!atomic_read(&dquot->dq_count))
+ dqstats_dec(DQST_FREE_DQUOTS);
}
static inline void put_inuse(struct dquot *dquot)
@@ -543,6 +562,8 @@ static void invalidate_dquots(struct super_block *sb, int type)
struct dquot *dquot, *tmp;
restart:
+ flush_delayed_work("a_release_work);
+
spin_lock(&dq_list_lock);
list_for_each_entry_safe(dquot, tmp, &inuse_list, dq_inuse) {
if (dquot->dq_sb != sb)
@@ -551,6 +572,12 @@ static void invalidate_dquots(struct super_block *sb, int type)
continue;
/* Wait for dquot users */
if (atomic_read(&dquot->dq_count)) {
+ /* dquot in releasing_dquots, flush and retry */
+ if (!list_empty(&dquot->dq_free)) {
+ spin_unlock(&dq_list_lock);
+ goto restart;
+ }
+
atomic_inc(&dquot->dq_count);
spin_unlock(&dq_list_lock);
/*
@@ -761,6 +788,49 @@ static struct shrinker dqcache_shrinker = {
.seeks = DEFAULT_SEEKS,
};
+/*
+ * Safely release dquot and put reference to dquot.
+ */
+static void quota_release_workfn(struct work_struct *work)
+{
+ struct dquot *dquot;
+ struct list_head rls_head;
+
+ spin_lock(&dq_list_lock);
+ /* Exchange the list head to avoid livelock. */
+ list_replace_init(&releasing_dquots, &rls_head);
+ spin_unlock(&dq_list_lock);
+
+restart:
+ synchronize_srcu(&dquot_srcu);
+ spin_lock(&dq_list_lock);
+ while (!list_empty(&rls_head)) {
+ dquot = list_first_entry(&rls_head, struct dquot, dq_free);
+ /* Dquot got used again? */
+ if (atomic_read(&dquot->dq_count) > 1) {
+ remove_free_dquot(dquot);
+ atomic_dec(&dquot->dq_count);
+ continue;
+ }
+ if (dquot_dirty(dquot)) {
+ spin_unlock(&dq_list_lock);
+ /* Commit dquot before releasing */
+ dquot_write_dquot(dquot);
+ goto restart;
+ }
+ if (dquot_active(dquot)) {
+ spin_unlock(&dq_list_lock);
+ dquot->dq_sb->dq_op->release_dquot(dquot);
+ goto restart;
+ }
+ /* Dquot is inactive and clean, now move it to free list */
+ remove_free_dquot(dquot);
+ atomic_dec(&dquot->dq_count);
+ put_dquot_last(dquot);
+ }
+ spin_unlock(&dq_list_lock);
+}
+
/*
* Put reference to dquot
*/
@@ -777,7 +847,7 @@ void dqput(struct dquot *dquot)
}
#endif
dqstats_inc(DQST_DROPS);
-we_slept:
+
spin_lock(&dq_list_lock);
if (atomic_read(&dquot->dq_count) > 1) {
/* We have more than one user... nothing to do */
@@ -789,25 +859,15 @@ void dqput(struct dquot *dquot)
spin_unlock(&dq_list_lock);
return;
}
+
/* Need to release dquot? */
- if (dquot_dirty(dquot)) {
- spin_unlock(&dq_list_lock);
- /* Commit dquot before releasing */
- dquot_write_dquot(dquot);
- goto we_slept;
- }
- if (dquot_active(dquot)) {
- spin_unlock(&dq_list_lock);
- dquot->dq_sb->dq_op->release_dquot(dquot);
- goto we_slept;
- }
- atomic_dec(&dquot->dq_count);
#ifdef CONFIG_QUOTA_DEBUG
/* sanity check */
BUG_ON(!list_empty(&dquot->dq_free));
#endif
- put_dquot_last(dquot);
+ put_releasing_dquots(dquot);
spin_unlock(&dq_list_lock);
+ queue_delayed_work(system_unbound_wq, "a_release_work, 1);
}
EXPORT_SYMBOL(dqput);
--
2.40.1
^ permalink raw reply related [flat|nested] 396+ messages in thread
* [PATCH 5.4 093/367] drm/amdgpu: avoid integer overflow warning in amdgpu_device_resize_fb_bar()
2023-09-20 11:26 [PATCH 5.4 000/367] 5.4.257-rc1 review Greg Kroah-Hartman
` (91 preceding siblings ...)
2023-09-20 11:27 ` [PATCH 5.4 092/367] quota: fix dqput() to follow the guarantees dquot_srcu should provide Greg Kroah-Hartman
@ 2023-09-20 11:27 ` Greg Kroah-Hartman
2023-09-20 11:27 ` [PATCH 5.4 094/367] ARM: dts: BCM53573: Drop nonexistent "default-off" LED trigger Greg Kroah-Hartman
` (279 subsequent siblings)
372 siblings, 0 replies; 396+ messages in thread
From: Greg Kroah-Hartman @ 2023-09-20 11:27 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Christian König, Arnd Bergmann,
Alex Deucher, Sasha Levin
5.4-stable review patch. If anyone has any objections, please let me know.
------------------
From: Arnd Bergmann <arnd@arndb.de>
[ Upstream commit 822130b5e8834ab30ad410cf19a582e5014b9a85 ]
On 32-bit architectures comparing a resource against a value larger than
U32_MAX can cause a warning:
drivers/gpu/drm/amd/amdgpu/amdgpu_device.c:1344:18: error: result of comparison of constant 4294967296 with expression of type 'resource_size_t' (aka 'unsigned int') is always false [-Werror,-Wtautological-constant-out-of-range-compare]
res->start > 0x100000000ull)
~~~~~~~~~~ ^ ~~~~~~~~~~~~~~
As gcc does not warn about this in dead code, add an IS_ENABLED() check at
the start of the function. This will always return success but not actually resize
the BAR on 32-bit architectures without high memory, which is exactly what
we want here, as the driver can fall back to bank switching the VRAM
access.
Fixes: 31b8adab3247 ("drm/amdgpu: require a root bus window above 4GB for BAR resize")
Reviewed-by: Christian König <christian.koenig@amd.com>
Signed-off-by: Arnd Bergmann <arnd@arndb.de>
Signed-off-by: Alex Deucher <alexander.deucher@amd.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/gpu/drm/amd/amdgpu/amdgpu_device.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/drivers/gpu/drm/amd/amdgpu/amdgpu_device.c b/drivers/gpu/drm/amd/amdgpu/amdgpu_device.c
index d0e1fd011de54..e5032eb9ae291 100644
--- a/drivers/gpu/drm/amd/amdgpu/amdgpu_device.c
+++ b/drivers/gpu/drm/amd/amdgpu/amdgpu_device.c
@@ -759,6 +759,9 @@ int amdgpu_device_resize_fb_bar(struct amdgpu_device *adev)
u16 cmd;
int r;
+ if (!IS_ENABLED(CONFIG_PHYS_ADDR_T_64BIT))
+ return 0;
+
/* Bypass for VF */
if (amdgpu_sriov_vf(adev))
return 0;
--
2.40.1
^ permalink raw reply related [flat|nested] 396+ messages in thread
* [PATCH 5.4 094/367] ARM: dts: BCM53573: Drop nonexistent "default-off" LED trigger
2023-09-20 11:26 [PATCH 5.4 000/367] 5.4.257-rc1 review Greg Kroah-Hartman
` (92 preceding siblings ...)
2023-09-20 11:27 ` [PATCH 5.4 093/367] drm/amdgpu: avoid integer overflow warning in amdgpu_device_resize_fb_bar() Greg Kroah-Hartman
@ 2023-09-20 11:27 ` Greg Kroah-Hartman
2023-09-20 11:27 ` [PATCH 5.4 095/367] ARM: dts: BCM53573: Add cells sizes to PCIe node Greg Kroah-Hartman
` (278 subsequent siblings)
372 siblings, 0 replies; 396+ messages in thread
From: Greg Kroah-Hartman @ 2023-09-20 11:27 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Rafał Miłecki,
Florian Fainelli, Sasha Levin
5.4-stable review patch. If anyone has any objections, please let me know.
------------------
From: Rafał Miłecki <rafal@milecki.pl>
[ Upstream commit be7e1e5b0f67c58ec4be0a54db23b6a4fa6e2116 ]
There is no such trigger documented or implemented in Linux. It was a
copy & paste mistake.
This fixes:
arch/arm/boot/dts/broadcom/bcm47189-luxul-xap-1440.dtb: leds: led-wlan:linux,default-trigger: 'oneOf' conditional failed, one must be fixed:
'default-off' is not one of ['backlight', 'default-on', 'heartbeat', 'disk-activity', 'disk-read', 'disk-write', 'timer', 'pattern', 'audio-micmute', 'audio-mute', 'bluetooth-power', 'flash', 'kbd-capslock', 'mtd', 'nand-disk', 'none', 'torch', 'usb-gadget', 'usb-host', 'usbport']
'default-off' does not match '^cpu[0-9]*$'
'default-off' does not match '^hci[0-9]+-power$'
'default-off' does not match '^mmc[0-9]+$'
'default-off' does not match '^phy[0-9]+tx$'
From schema: Documentation/devicetree/bindings/leds/leds-gpio.yaml
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
Link: https://lore.kernel.org/r/20230707114004.2740-1-zajec5@gmail.com
Signed-off-by: Florian Fainelli <florian.fainelli@broadcom.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/arm/boot/dts/bcm47189-luxul-xap-1440.dts | 1 -
arch/arm/boot/dts/bcm47189-luxul-xap-810.dts | 2 --
2 files changed, 3 deletions(-)
diff --git a/arch/arm/boot/dts/bcm47189-luxul-xap-1440.dts b/arch/arm/boot/dts/bcm47189-luxul-xap-1440.dts
index 57ca1cfaecd8e..02957850c88a8 100644
--- a/arch/arm/boot/dts/bcm47189-luxul-xap-1440.dts
+++ b/arch/arm/boot/dts/bcm47189-luxul-xap-1440.dts
@@ -26,7 +26,6 @@ leds {
wlan {
label = "bcm53xx:blue:wlan";
gpios = <&chipcommon 10 GPIO_ACTIVE_LOW>;
- linux,default-trigger = "default-off";
};
system {
diff --git a/arch/arm/boot/dts/bcm47189-luxul-xap-810.dts b/arch/arm/boot/dts/bcm47189-luxul-xap-810.dts
index 2e1a7e382cb7a..d68e9dbebf26b 100644
--- a/arch/arm/boot/dts/bcm47189-luxul-xap-810.dts
+++ b/arch/arm/boot/dts/bcm47189-luxul-xap-810.dts
@@ -26,7 +26,6 @@ leds {
5ghz {
label = "bcm53xx:blue:5ghz";
gpios = <&chipcommon 11 GPIO_ACTIVE_HIGH>;
- linux,default-trigger = "default-off";
};
system {
@@ -42,7 +41,6 @@ pcie0_leds {
2ghz {
label = "bcm53xx:blue:2ghz";
gpios = <&pcie0_chipcommon 3 GPIO_ACTIVE_HIGH>;
- linux,default-trigger = "default-off";
};
};
--
2.40.1
^ permalink raw reply related [flat|nested] 396+ messages in thread
* [PATCH 5.4 095/367] ARM: dts: BCM53573: Add cells sizes to PCIe node
2023-09-20 11:26 [PATCH 5.4 000/367] 5.4.257-rc1 review Greg Kroah-Hartman
` (93 preceding siblings ...)
2023-09-20 11:27 ` [PATCH 5.4 094/367] ARM: dts: BCM53573: Drop nonexistent "default-off" LED trigger Greg Kroah-Hartman
@ 2023-09-20 11:27 ` Greg Kroah-Hartman
2023-09-20 11:27 ` [PATCH 5.4 096/367] ARM: dts: BCM53573: Use updated "spi-gpio" binding properties Greg Kroah-Hartman
` (277 subsequent siblings)
372 siblings, 0 replies; 396+ messages in thread
From: Greg Kroah-Hartman @ 2023-09-20 11:27 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Rafał Miłecki,
Florian Fainelli, Sasha Levin
5.4-stable review patch. If anyone has any objections, please let me know.
------------------
From: Rafał Miłecki <rafal@milecki.pl>
[ Upstream commit 3392ef368d9b04622fe758b1079b512664b6110a ]
This fixes:
arch/arm/boot/dts/broadcom/bcm47189-luxul-xap-1440.dtb: pcie@2000: '#address-cells' is a required property
From schema: /lib/python3.10/site-packages/dtschema/schemas/pci/pci-bus.yaml
arch/arm/boot/dts/broadcom/bcm47189-luxul-xap-1440.dtb: pcie@2000: '#size-cells' is a required property
From schema: /lib/python3.10/site-packages/dtschema/schemas/pci/pci-bus.yaml
Two properties that need to be added later are "device_type" and
"ranges". Adding "device_type" on its own causes a new warning and the
value of "ranges" needs to be determined yet.
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
Link: https://lore.kernel.org/r/20230707114004.2740-3-zajec5@gmail.com
Signed-off-by: Florian Fainelli <florian.fainelli@broadcom.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/arm/boot/dts/bcm53573.dtsi | 3 +++
1 file changed, 3 insertions(+)
diff --git a/arch/arm/boot/dts/bcm53573.dtsi b/arch/arm/boot/dts/bcm53573.dtsi
index 4af8e3293cff4..34bd72b5c9cda 100644
--- a/arch/arm/boot/dts/bcm53573.dtsi
+++ b/arch/arm/boot/dts/bcm53573.dtsi
@@ -127,6 +127,9 @@ uart0: serial@300 {
pcie0: pcie@2000 {
reg = <0x00002000 0x1000>;
+
+ #address-cells = <3>;
+ #size-cells = <2>;
};
usb2: usb2@4000 {
--
2.40.1
^ permalink raw reply related [flat|nested] 396+ messages in thread
* [PATCH 5.4 096/367] ARM: dts: BCM53573: Use updated "spi-gpio" binding properties
2023-09-20 11:26 [PATCH 5.4 000/367] 5.4.257-rc1 review Greg Kroah-Hartman
` (94 preceding siblings ...)
2023-09-20 11:27 ` [PATCH 5.4 095/367] ARM: dts: BCM53573: Add cells sizes to PCIe node Greg Kroah-Hartman
@ 2023-09-20 11:27 ` Greg Kroah-Hartman
2023-09-20 11:27 ` [PATCH 5.4 097/367] drm/etnaviv: fix dumping of active MMU context Greg Kroah-Hartman
` (276 subsequent siblings)
372 siblings, 0 replies; 396+ messages in thread
From: Greg Kroah-Hartman @ 2023-09-20 11:27 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Rafał Miłecki,
Florian Fainelli, Sasha Levin
5.4-stable review patch. If anyone has any objections, please let me know.
------------------
From: Rafał Miłecki <rafal@milecki.pl>
[ Upstream commit 2c0fd6b3d0778ceab40205315ccef74568490f17 ]
Switch away from deprecated properties.
This fixes:
arch/arm/boot/dts/broadcom/bcm947189acdbmr.dtb: spi: gpio-sck: False schema does not allow [[3, 21, 0]]
From schema: Documentation/devicetree/bindings/spi/spi-gpio.yaml
arch/arm/boot/dts/broadcom/bcm947189acdbmr.dtb: spi: gpio-miso: False schema does not allow [[3, 22, 0]]
From schema: Documentation/devicetree/bindings/spi/spi-gpio.yaml
arch/arm/boot/dts/broadcom/bcm947189acdbmr.dtb: spi: gpio-mosi: False schema does not allow [[3, 23, 0]]
From schema: Documentation/devicetree/bindings/spi/spi-gpio.yaml
arch/arm/boot/dts/broadcom/bcm947189acdbmr.dtb: spi: 'sck-gpios' is a required property
From schema: Documentation/devicetree/bindings/spi/spi-gpio.yaml
arch/arm/boot/dts/broadcom/bcm947189acdbmr.dtb: spi: Unevaluated properties are not allowed ('gpio-miso', 'gpio-mosi', 'gpio-sck' were unexpected)
From schema: Documentation/devicetree/bindings/spi/spi-gpio.yaml
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
Link: https://lore.kernel.org/r/20230707114004.2740-4-zajec5@gmail.com
Signed-off-by: Florian Fainelli <florian.fainelli@broadcom.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/arm/boot/dts/bcm947189acdbmr.dts | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/arch/arm/boot/dts/bcm947189acdbmr.dts b/arch/arm/boot/dts/bcm947189acdbmr.dts
index b0b8c774a37f9..1f0be30e54435 100644
--- a/arch/arm/boot/dts/bcm947189acdbmr.dts
+++ b/arch/arm/boot/dts/bcm947189acdbmr.dts
@@ -60,9 +60,9 @@ wps {
spi {
compatible = "spi-gpio";
num-chipselects = <1>;
- gpio-sck = <&chipcommon 21 0>;
- gpio-miso = <&chipcommon 22 0>;
- gpio-mosi = <&chipcommon 23 0>;
+ sck-gpios = <&chipcommon 21 0>;
+ miso-gpios = <&chipcommon 22 0>;
+ mosi-gpios = <&chipcommon 23 0>;
cs-gpios = <&chipcommon 24 0>;
#address-cells = <1>;
#size-cells = <0>;
--
2.40.1
^ permalink raw reply related [flat|nested] 396+ messages in thread
* [PATCH 5.4 097/367] drm/etnaviv: fix dumping of active MMU context
2023-09-20 11:26 [PATCH 5.4 000/367] 5.4.257-rc1 review Greg Kroah-Hartman
` (95 preceding siblings ...)
2023-09-20 11:27 ` [PATCH 5.4 096/367] ARM: dts: BCM53573: Use updated "spi-gpio" binding properties Greg Kroah-Hartman
@ 2023-09-20 11:27 ` Greg Kroah-Hartman
2023-09-20 11:27 ` [PATCH 5.4 098/367] ARM: dts: s3c6410: move fixed clocks under root node in Mini6410 Greg Kroah-Hartman
` (275 subsequent siblings)
372 siblings, 0 replies; 396+ messages in thread
From: Greg Kroah-Hartman @ 2023-09-20 11:27 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Lucas Stach, Christian Gmeiner, Sasha Levin
5.4-stable review patch. If anyone has any objections, please let me know.
------------------
From: Lucas Stach <l.stach@pengutronix.de>
[ Upstream commit 20faf2005ec85fa1a6acc9a74ff27de667f90576 ]
gpu->mmu_context is the MMU context of the last job in the HW queue, which
isn't necessarily the same as the context from the bad job. Dump the MMU
context from the scheduler determined bad submit to make it work as intended.
Fixes: 17e4660ae3d7 ("drm/etnaviv: implement per-process address spaces on MMUv2")
Signed-off-by: Lucas Stach <l.stach@pengutronix.de>
Reviewed-by: Christian Gmeiner <christian.gmeiner@gmail.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/gpu/drm/etnaviv/etnaviv_dump.c | 14 +++++++-------
1 file changed, 7 insertions(+), 7 deletions(-)
diff --git a/drivers/gpu/drm/etnaviv/etnaviv_dump.c b/drivers/gpu/drm/etnaviv/etnaviv_dump.c
index 648cf02073092..67901f4586a3f 100644
--- a/drivers/gpu/drm/etnaviv/etnaviv_dump.c
+++ b/drivers/gpu/drm/etnaviv/etnaviv_dump.c
@@ -125,9 +125,9 @@ void etnaviv_core_dump(struct etnaviv_gem_submit *submit)
return;
etnaviv_dump_core = false;
- mutex_lock(&gpu->mmu_context->lock);
+ mutex_lock(&submit->mmu_context->lock);
- mmu_size = etnaviv_iommu_dump_size(gpu->mmu_context);
+ mmu_size = etnaviv_iommu_dump_size(submit->mmu_context);
/* We always dump registers, mmu, ring, hanging cmdbuf and end marker */
n_obj = 5;
@@ -157,7 +157,7 @@ void etnaviv_core_dump(struct etnaviv_gem_submit *submit)
iter.start = __vmalloc(file_size, GFP_KERNEL | __GFP_NOWARN | __GFP_NORETRY,
PAGE_KERNEL);
if (!iter.start) {
- mutex_unlock(&gpu->mmu_context->lock);
+ mutex_unlock(&submit->mmu_context->lock);
dev_warn(gpu->dev, "failed to allocate devcoredump file\n");
return;
}
@@ -169,18 +169,18 @@ void etnaviv_core_dump(struct etnaviv_gem_submit *submit)
memset(iter.hdr, 0, iter.data - iter.start);
etnaviv_core_dump_registers(&iter, gpu);
- etnaviv_core_dump_mmu(&iter, gpu->mmu_context, mmu_size);
+ etnaviv_core_dump_mmu(&iter, submit->mmu_context, mmu_size);
etnaviv_core_dump_mem(&iter, ETDUMP_BUF_RING, gpu->buffer.vaddr,
gpu->buffer.size,
etnaviv_cmdbuf_get_va(&gpu->buffer,
- &gpu->mmu_context->cmdbuf_mapping));
+ &submit->mmu_context->cmdbuf_mapping));
etnaviv_core_dump_mem(&iter, ETDUMP_BUF_CMD,
submit->cmdbuf.vaddr, submit->cmdbuf.size,
etnaviv_cmdbuf_get_va(&submit->cmdbuf,
- &gpu->mmu_context->cmdbuf_mapping));
+ &submit->mmu_context->cmdbuf_mapping));
- mutex_unlock(&gpu->mmu_context->lock);
+ mutex_unlock(&submit->mmu_context->lock);
/* Reserve space for the bomap */
if (n_bomap_pages) {
--
2.40.1
^ permalink raw reply related [flat|nested] 396+ messages in thread
* [PATCH 5.4 098/367] ARM: dts: s3c6410: move fixed clocks under root node in Mini6410
2023-09-20 11:26 [PATCH 5.4 000/367] 5.4.257-rc1 review Greg Kroah-Hartman
` (96 preceding siblings ...)
2023-09-20 11:27 ` [PATCH 5.4 097/367] drm/etnaviv: fix dumping of active MMU context Greg Kroah-Hartman
@ 2023-09-20 11:27 ` Greg Kroah-Hartman
2023-09-20 11:27 ` [PATCH 5.4 099/367] ARM: dts: s3c6410: align node SROM bus node name with dtschema " Greg Kroah-Hartman
` (274 subsequent siblings)
372 siblings, 0 replies; 396+ messages in thread
From: Greg Kroah-Hartman @ 2023-09-20 11:27 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Krzysztof Kozlowski, Sasha Levin
5.4-stable review patch. If anyone has any objections, please let me know.
------------------
From: Krzysztof Kozlowski <krzk@kernel.org>
[ Upstream commit 8b81a8decea77bf2ca3c718732184d4aaf949096 ]
The fixed clocks are kept under dedicated 'clocks' node but this causes
multiple dtschema warnings:
clocks: $nodename:0: 'clocks' does not match '^([a-z][a-z0-9\\-]+-bus|bus|soc|axi|ahb|apb)(@[0-9a-f]+)?$'
clocks: #size-cells:0:0: 0 is not one of [1, 2]
clocks: oscillator@0:reg:0: [0] is too short
clocks: oscillator@1:reg:0: [1] is too short
clocks: 'ranges' is a required property
oscillator@0: 'reg' does not match any of the regexes: 'pinctrl-[0-9]+'
Signed-off-by: Krzysztof Kozlowski <krzk@kernel.org>
Link: https://lore.kernel.org/r/20200907183313.29234-3-krzk@kernel.org
Stable-dep-of: cf0cb2af6a18 ("ARM: dts: samsung: s3c6410-mini6410: correct ethernet reg addresses (split)")
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/arm/boot/dts/s3c6410-mini6410.dts | 30 ++++++++++----------------
1 file changed, 11 insertions(+), 19 deletions(-)
diff --git a/arch/arm/boot/dts/s3c6410-mini6410.dts b/arch/arm/boot/dts/s3c6410-mini6410.dts
index 1aeac33b0d341..75067dbcf7e83 100644
--- a/arch/arm/boot/dts/s3c6410-mini6410.dts
+++ b/arch/arm/boot/dts/s3c6410-mini6410.dts
@@ -28,26 +28,18 @@ chosen {
bootargs = "console=ttySAC0,115200n8 earlyprintk rootwait root=/dev/mmcblk0p1";
};
- clocks {
- compatible = "simple-bus";
- #address-cells = <1>;
- #size-cells = <0>;
-
- fin_pll: oscillator@0 {
- compatible = "fixed-clock";
- reg = <0>;
- clock-frequency = <12000000>;
- clock-output-names = "fin_pll";
- #clock-cells = <0>;
- };
+ fin_pll: oscillator-0 {
+ compatible = "fixed-clock";
+ clock-frequency = <12000000>;
+ clock-output-names = "fin_pll";
+ #clock-cells = <0>;
+ };
- xusbxti: oscillator@1 {
- compatible = "fixed-clock";
- reg = <1>;
- clock-output-names = "xusbxti";
- clock-frequency = <48000000>;
- #clock-cells = <0>;
- };
+ xusbxti: oscillator-1 {
+ compatible = "fixed-clock";
+ clock-output-names = "xusbxti";
+ clock-frequency = <48000000>;
+ #clock-cells = <0>;
};
srom-cs1@18000000 {
--
2.40.1
^ permalink raw reply related [flat|nested] 396+ messages in thread
* [PATCH 5.4 099/367] ARM: dts: s3c6410: align node SROM bus node name with dtschema in Mini6410
2023-09-20 11:26 [PATCH 5.4 000/367] 5.4.257-rc1 review Greg Kroah-Hartman
` (97 preceding siblings ...)
2023-09-20 11:27 ` [PATCH 5.4 098/367] ARM: dts: s3c6410: move fixed clocks under root node in Mini6410 Greg Kroah-Hartman
@ 2023-09-20 11:27 ` Greg Kroah-Hartman
2023-09-20 11:27 ` [PATCH 5.4 100/367] ARM: dts: s3c64xx: align pinctrl with dtschema Greg Kroah-Hartman
` (273 subsequent siblings)
372 siblings, 0 replies; 396+ messages in thread
From: Greg Kroah-Hartman @ 2023-09-20 11:27 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Krzysztof Kozlowski, Sasha Levin
5.4-stable review patch. If anyone has any objections, please let me know.
------------------
From: Krzysztof Kozlowski <krzk@kernel.org>
[ Upstream commit 5911622eff5134c4bf1e16e4e1e2fd18c4f24889 ]
The SROM controller is modeled with a bus so align the device node name
with dtschema to fix warning:
srom-cs1@18000000: $nodename:0: 'srom-cs1@18000000'
does not match '^([a-z][a-z0-9\\-]+-bus|bus|soc|axi|ahb|apb)(@[0-9a-f]+)?$'
Signed-off-by: Krzysztof Kozlowski <krzk@kernel.org>
Link: https://lore.kernel.org/r/20200907183313.29234-5-krzk@kernel.org
Stable-dep-of: cf0cb2af6a18 ("ARM: dts: samsung: s3c6410-mini6410: correct ethernet reg addresses (split)")
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/arm/boot/dts/s3c6410-mini6410.dts | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/arch/arm/boot/dts/s3c6410-mini6410.dts b/arch/arm/boot/dts/s3c6410-mini6410.dts
index 75067dbcf7e83..285555b9ed943 100644
--- a/arch/arm/boot/dts/s3c6410-mini6410.dts
+++ b/arch/arm/boot/dts/s3c6410-mini6410.dts
@@ -42,7 +42,7 @@ xusbxti: oscillator-1 {
#clock-cells = <0>;
};
- srom-cs1@18000000 {
+ srom-cs1-bus@18000000 {
compatible = "simple-bus";
#address-cells = <1>;
#size-cells = <1>;
--
2.40.1
^ permalink raw reply related [flat|nested] 396+ messages in thread
* [PATCH 5.4 100/367] ARM: dts: s3c64xx: align pinctrl with dtschema
2023-09-20 11:26 [PATCH 5.4 000/367] 5.4.257-rc1 review Greg Kroah-Hartman
` (98 preceding siblings ...)
2023-09-20 11:27 ` [PATCH 5.4 099/367] ARM: dts: s3c6410: align node SROM bus node name with dtschema " Greg Kroah-Hartman
@ 2023-09-20 11:27 ` Greg Kroah-Hartman
2023-09-20 11:27 ` [PATCH 5.4 101/367] ARM: dts: samsung: s3c6410-mini6410: correct ethernet reg addresses (split) Greg Kroah-Hartman
` (272 subsequent siblings)
372 siblings, 0 replies; 396+ messages in thread
From: Greg Kroah-Hartman @ 2023-09-20 11:27 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Krzysztof Kozlowski, Sasha Levin
5.4-stable review patch. If anyone has any objections, please let me know.
------------------
From: Krzysztof Kozlowski <krzysztof.kozlowski@canonical.com>
[ Upstream commit 9e47ccc01284aba7fe5fbf6ee2a7abc29bf2a740 ]
Align the pin controller related nodes with dtschema. No functional
change expected.
Signed-off-by: Krzysztof Kozlowski <krzysztof.kozlowski@canonical.com>
Link: https://lore.kernel.org/r/20220111201722.327219-16-krzysztof.kozlowski@canonical.com
Stable-dep-of: cf0cb2af6a18 ("ARM: dts: samsung: s3c6410-mini6410: correct ethernet reg addresses (split)")
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/arm/boot/dts/s3c6410-mini6410.dts | 4 +-
arch/arm/boot/dts/s3c64xx-pinctrl.dtsi | 210 ++++++++++++-------------
2 files changed, 107 insertions(+), 107 deletions(-)
diff --git a/arch/arm/boot/dts/s3c6410-mini6410.dts b/arch/arm/boot/dts/s3c6410-mini6410.dts
index 285555b9ed943..17097da36f5ed 100644
--- a/arch/arm/boot/dts/s3c6410-mini6410.dts
+++ b/arch/arm/boot/dts/s3c6410-mini6410.dts
@@ -193,12 +193,12 @@ &uart3 {
};
&pinctrl0 {
- gpio_leds: gpio-leds {
+ gpio_leds: gpio-leds-pins {
samsung,pins = "gpk-4", "gpk-5", "gpk-6", "gpk-7";
samsung,pin-pud = <S3C64XX_PIN_PULL_NONE>;
};
- gpio_keys: gpio-keys {
+ gpio_keys: gpio-keys-pins {
samsung,pins = "gpn-0", "gpn-1", "gpn-2", "gpn-3",
"gpn-4", "gpn-5", "gpl-11", "gpl-12";
samsung,pin-pud = <S3C64XX_PIN_PULL_NONE>;
diff --git a/arch/arm/boot/dts/s3c64xx-pinctrl.dtsi b/arch/arm/boot/dts/s3c64xx-pinctrl.dtsi
index 8e9594d64b579..0a3186d57cb56 100644
--- a/arch/arm/boot/dts/s3c64xx-pinctrl.dtsi
+++ b/arch/arm/boot/dts/s3c64xx-pinctrl.dtsi
@@ -16,111 +16,111 @@ &pinctrl0 {
* Pin banks
*/
- gpa: gpa {
+ gpa: gpa-gpio-bank {
gpio-controller;
#gpio-cells = <2>;
interrupt-controller;
#interrupt-cells = <2>;
};
- gpb: gpb {
+ gpb: gpb-gpio-bank {
gpio-controller;
#gpio-cells = <2>;
interrupt-controller;
#interrupt-cells = <2>;
};
- gpc: gpc {
+ gpc: gpc-gpio-bank {
gpio-controller;
#gpio-cells = <2>;
interrupt-controller;
#interrupt-cells = <2>;
};
- gpd: gpd {
+ gpd: gpd-gpio-bank {
gpio-controller;
#gpio-cells = <2>;
interrupt-controller;
#interrupt-cells = <2>;
};
- gpe: gpe {
+ gpe: gpe-gpio-bank {
gpio-controller;
#gpio-cells = <2>;
};
- gpf: gpf {
+ gpf: gpf-gpio-bank {
gpio-controller;
#gpio-cells = <2>;
interrupt-controller;
#interrupt-cells = <2>;
};
- gpg: gpg {
+ gpg: gpg-gpio-bank {
gpio-controller;
#gpio-cells = <2>;
interrupt-controller;
#interrupt-cells = <2>;
};
- gph: gph {
+ gph: gph-gpio-bank {
gpio-controller;
#gpio-cells = <2>;
interrupt-controller;
#interrupt-cells = <2>;
};
- gpi: gpi {
+ gpi: gpi-gpio-bank {
gpio-controller;
#gpio-cells = <2>;
};
- gpj: gpj {
+ gpj: gpj-gpio-bank {
gpio-controller;
#gpio-cells = <2>;
};
- gpk: gpk {
+ gpk: gpk-gpio-bank {
gpio-controller;
#gpio-cells = <2>;
};
- gpl: gpl {
+ gpl: gpl-gpio-bank {
gpio-controller;
#gpio-cells = <2>;
interrupt-controller;
#interrupt-cells = <2>;
};
- gpm: gpm {
+ gpm: gpm-gpio-bank {
gpio-controller;
#gpio-cells = <2>;
interrupt-controller;
#interrupt-cells = <2>;
};
- gpn: gpn {
+ gpn: gpn-gpio-bank {
gpio-controller;
#gpio-cells = <2>;
interrupt-controller;
#interrupt-cells = <2>;
};
- gpo: gpo {
+ gpo: gpo-gpio-bank {
gpio-controller;
#gpio-cells = <2>;
interrupt-controller;
#interrupt-cells = <2>;
};
- gpp: gpp {
+ gpp: gpp-gpio-bank {
gpio-controller;
#gpio-cells = <2>;
interrupt-controller;
#interrupt-cells = <2>;
};
- gpq: gpq {
+ gpq: gpq-gpio-bank {
gpio-controller;
#gpio-cells = <2>;
interrupt-controller;
@@ -131,225 +131,225 @@ gpq: gpq {
* Pin groups
*/
- uart0_data: uart0-data {
+ uart0_data: uart0-data-pins {
samsung,pins = "gpa-0", "gpa-1";
samsung,pin-function = <EXYNOS_PIN_FUNC_2>;
samsung,pin-pud = <S3C64XX_PIN_PULL_NONE>;
};
- uart0_fctl: uart0-fctl {
+ uart0_fctl: uart0-fctl-pins {
samsung,pins = "gpa-2", "gpa-3";
samsung,pin-function = <EXYNOS_PIN_FUNC_2>;
samsung,pin-pud = <S3C64XX_PIN_PULL_NONE>;
};
- uart1_data: uart1-data {
+ uart1_data: uart1-data-pins {
samsung,pins = "gpa-4", "gpa-5";
samsung,pin-function = <EXYNOS_PIN_FUNC_2>;
samsung,pin-pud = <S3C64XX_PIN_PULL_NONE>;
};
- uart1_fctl: uart1-fctl {
+ uart1_fctl: uart1-fctl-pins {
samsung,pins = "gpa-6", "gpa-7";
samsung,pin-function = <EXYNOS_PIN_FUNC_2>;
samsung,pin-pud = <S3C64XX_PIN_PULL_NONE>;
};
- uart2_data: uart2-data {
+ uart2_data: uart2-data-pins {
samsung,pins = "gpb-0", "gpb-1";
samsung,pin-function = <EXYNOS_PIN_FUNC_2>;
samsung,pin-pud = <S3C64XX_PIN_PULL_NONE>;
};
- uart3_data: uart3-data {
+ uart3_data: uart3-data-pins {
samsung,pins = "gpb-2", "gpb-3";
samsung,pin-function = <EXYNOS_PIN_FUNC_2>;
samsung,pin-pud = <S3C64XX_PIN_PULL_NONE>;
};
- ext_dma_0: ext-dma-0 {
+ ext_dma_0: ext-dma-0-pins {
samsung,pins = "gpb-0", "gpb-1";
samsung,pin-function = <EXYNOS_PIN_FUNC_3>;
samsung,pin-pud = <S3C64XX_PIN_PULL_NONE>;
};
- ext_dma_1: ext-dma-1 {
+ ext_dma_1: ext-dma-1-pins {
samsung,pins = "gpb-2", "gpb-3";
samsung,pin-function = <EXYNOS_PIN_FUNC_4>;
samsung,pin-pud = <S3C64XX_PIN_PULL_NONE>;
};
- irda_data_0: irda-data-0 {
+ irda_data_0: irda-data-0-pins {
samsung,pins = "gpb-0", "gpb-1";
samsung,pin-function = <EXYNOS_PIN_FUNC_4>;
samsung,pin-pud = <S3C64XX_PIN_PULL_NONE>;
};
- irda_data_1: irda-data-1 {
+ irda_data_1: irda-data-1-pins {
samsung,pins = "gpb-2", "gpb-3";
samsung,pin-function = <EXYNOS_PIN_FUNC_3>;
samsung,pin-pud = <S3C64XX_PIN_PULL_NONE>;
};
- irda_sdbw: irda-sdbw {
+ irda_sdbw: irda-sdbw-pins {
samsung,pins = "gpb-4";
samsung,pin-function = <EXYNOS_PIN_FUNC_2>;
samsung,pin-pud = <S3C64XX_PIN_PULL_NONE>;
};
- i2c0_bus: i2c0-bus {
+ i2c0_bus: i2c0-bus-pins {
samsung,pins = "gpb-5", "gpb-6";
samsung,pin-function = <EXYNOS_PIN_FUNC_2>;
samsung,pin-pud = <S3C64XX_PIN_PULL_UP>;
};
- i2c1_bus: i2c1-bus {
+ i2c1_bus: i2c1-bus-pins {
/* S3C6410-only */
samsung,pins = "gpb-2", "gpb-3";
samsung,pin-function = <EXYNOS_PIN_FUNC_6>;
samsung,pin-pud = <S3C64XX_PIN_PULL_UP>;
};
- spi0_bus: spi0-bus {
+ spi0_bus: spi0-bus-pins {
samsung,pins = "gpc-0", "gpc-1", "gpc-2";
samsung,pin-function = <EXYNOS_PIN_FUNC_2>;
samsung,pin-pud = <S3C64XX_PIN_PULL_UP>;
};
- spi0_cs: spi0-cs {
+ spi0_cs: spi0-cs-pins {
samsung,pins = "gpc-3";
samsung,pin-function = <EXYNOS_PIN_FUNC_2>;
samsung,pin-pud = <S3C64XX_PIN_PULL_NONE>;
};
- spi1_bus: spi1-bus {
+ spi1_bus: spi1-bus-pins {
samsung,pins = "gpc-4", "gpc-5", "gpc-6";
samsung,pin-function = <EXYNOS_PIN_FUNC_2>;
samsung,pin-pud = <S3C64XX_PIN_PULL_UP>;
};
- spi1_cs: spi1-cs {
+ spi1_cs: spi1-cs-pins {
samsung,pins = "gpc-7";
samsung,pin-function = <EXYNOS_PIN_FUNC_2>;
samsung,pin-pud = <S3C64XX_PIN_PULL_NONE>;
};
- sd0_cmd: sd0-cmd {
+ sd0_cmd: sd0-cmd-pins {
samsung,pins = "gpg-1";
samsung,pin-function = <EXYNOS_PIN_FUNC_2>;
samsung,pin-pud = <S3C64XX_PIN_PULL_NONE>;
};
- sd0_clk: sd0-clk {
+ sd0_clk: sd0-clk-pins {
samsung,pins = "gpg-0";
samsung,pin-function = <EXYNOS_PIN_FUNC_2>;
samsung,pin-pud = <S3C64XX_PIN_PULL_NONE>;
};
- sd0_bus1: sd0-bus1 {
+ sd0_bus1: sd0-bus1-pins {
samsung,pins = "gpg-2";
samsung,pin-function = <EXYNOS_PIN_FUNC_2>;
samsung,pin-pud = <S3C64XX_PIN_PULL_NONE>;
};
- sd0_bus4: sd0-bus4 {
+ sd0_bus4: sd0-bus4-pins {
samsung,pins = "gpg-2", "gpg-3", "gpg-4", "gpg-5";
samsung,pin-function = <EXYNOS_PIN_FUNC_2>;
samsung,pin-pud = <S3C64XX_PIN_PULL_NONE>;
};
- sd0_cd: sd0-cd {
+ sd0_cd: sd0-cd-pins {
samsung,pins = "gpg-6";
samsung,pin-function = <EXYNOS_PIN_FUNC_2>;
samsung,pin-pud = <S3C64XX_PIN_PULL_UP>;
};
- sd1_cmd: sd1-cmd {
+ sd1_cmd: sd1-cmd-pins {
samsung,pins = "gph-1";
samsung,pin-function = <EXYNOS_PIN_FUNC_2>;
samsung,pin-pud = <S3C64XX_PIN_PULL_NONE>;
};
- sd1_clk: sd1-clk {
+ sd1_clk: sd1-clk-pins {
samsung,pins = "gph-0";
samsung,pin-function = <EXYNOS_PIN_FUNC_2>;
samsung,pin-pud = <S3C64XX_PIN_PULL_NONE>;
};
- sd1_bus1: sd1-bus1 {
+ sd1_bus1: sd1-bus1-pins {
samsung,pins = "gph-2";
samsung,pin-function = <EXYNOS_PIN_FUNC_2>;
samsung,pin-pud = <S3C64XX_PIN_PULL_NONE>;
};
- sd1_bus4: sd1-bus4 {
+ sd1_bus4: sd1-bus4-pins {
samsung,pins = "gph-2", "gph-3", "gph-4", "gph-5";
samsung,pin-function = <EXYNOS_PIN_FUNC_2>;
samsung,pin-pud = <S3C64XX_PIN_PULL_NONE>;
};
- sd1_bus8: sd1-bus8 {
+ sd1_bus8: sd1-bus8-pins {
samsung,pins = "gph-2", "gph-3", "gph-4", "gph-5",
"gph-6", "gph-7", "gph-8", "gph-9";
samsung,pin-function = <EXYNOS_PIN_FUNC_2>;
samsung,pin-pud = <S3C64XX_PIN_PULL_NONE>;
};
- sd1_cd: sd1-cd {
+ sd1_cd: sd1-cd-pins {
samsung,pins = "gpg-6";
samsung,pin-function = <EXYNOS_PIN_FUNC_3>;
samsung,pin-pud = <S3C64XX_PIN_PULL_UP>;
};
- sd2_cmd: sd2-cmd {
+ sd2_cmd: sd2-cmd-pins {
samsung,pins = "gpc-4";
samsung,pin-function = <EXYNOS_PIN_FUNC_3>;
samsung,pin-pud = <S3C64XX_PIN_PULL_NONE>;
};
- sd2_clk: sd2-clk {
+ sd2_clk: sd2-clk-pins {
samsung,pins = "gpc-5";
samsung,pin-function = <EXYNOS_PIN_FUNC_3>;
samsung,pin-pud = <S3C64XX_PIN_PULL_NONE>;
};
- sd2_bus1: sd2-bus1 {
+ sd2_bus1: sd2-bus1-pins {
samsung,pins = "gph-6";
samsung,pin-function = <EXYNOS_PIN_FUNC_3>;
samsung,pin-pud = <S3C64XX_PIN_PULL_NONE>;
};
- sd2_bus4: sd2-bus4 {
+ sd2_bus4: sd2-bus4-pins {
samsung,pins = "gph-6", "gph-7", "gph-8", "gph-9";
samsung,pin-function = <EXYNOS_PIN_FUNC_3>;
samsung,pin-pud = <S3C64XX_PIN_PULL_NONE>;
};
- i2s0_bus: i2s0-bus {
+ i2s0_bus: i2s0-bus-pins {
samsung,pins = "gpd-0", "gpd-2", "gpd-3", "gpd-4";
samsung,pin-function = <EXYNOS_PIN_FUNC_3>;
samsung,pin-pud = <S3C64XX_PIN_PULL_NONE>;
};
- i2s0_cdclk: i2s0-cdclk {
+ i2s0_cdclk: i2s0-cdclk-pins {
samsung,pins = "gpd-1";
samsung,pin-function = <EXYNOS_PIN_FUNC_3>;
samsung,pin-pud = <S3C64XX_PIN_PULL_NONE>;
};
- i2s1_bus: i2s1-bus {
+ i2s1_bus: i2s1-bus-pins {
samsung,pins = "gpe-0", "gpe-2", "gpe-3", "gpe-4";
samsung,pin-function = <EXYNOS_PIN_FUNC_3>;
samsung,pin-pud = <S3C64XX_PIN_PULL_NONE>;
};
- i2s1_cdclk: i2s1-cdclk {
+ i2s1_cdclk: i2s1-cdclk-pins {
samsung,pins = "gpe-1";
samsung,pin-function = <EXYNOS_PIN_FUNC_3>;
samsung,pin-pud = <S3C64XX_PIN_PULL_NONE>;
};
- i2s2_bus: i2s2-bus {
+ i2s2_bus: i2s2-bus-pins {
/* S3C6410-only */
samsung,pins = "gpc-4", "gpc-5", "gpc-6", "gph-6",
"gph-8", "gph-9";
@@ -357,50 +357,50 @@ i2s2_bus: i2s2-bus {
samsung,pin-pud = <S3C64XX_PIN_PULL_NONE>;
};
- i2s2_cdclk: i2s2-cdclk {
+ i2s2_cdclk: i2s2-cdclk-pins {
/* S3C6410-only */
samsung,pins = "gph-7";
samsung,pin-function = <EXYNOS_PIN_FUNC_5>;
samsung,pin-pud = <S3C64XX_PIN_PULL_NONE>;
};
- pcm0_bus: pcm0-bus {
+ pcm0_bus: pcm0-bus-pins {
samsung,pins = "gpd-0", "gpd-2", "gpd-3", "gpd-4";
samsung,pin-function = <EXYNOS_PIN_FUNC_2>;
samsung,pin-pud = <S3C64XX_PIN_PULL_NONE>;
};
- pcm0_extclk: pcm0-extclk {
+ pcm0_extclk: pcm0-extclk-pins {
samsung,pins = "gpd-1";
samsung,pin-function = <EXYNOS_PIN_FUNC_2>;
samsung,pin-pud = <S3C64XX_PIN_PULL_NONE>;
};
- pcm1_bus: pcm1-bus {
+ pcm1_bus: pcm1-bus-pins {
samsung,pins = "gpe-0", "gpe-2", "gpe-3", "gpe-4";
samsung,pin-function = <EXYNOS_PIN_FUNC_2>;
samsung,pin-pud = <S3C64XX_PIN_PULL_NONE>;
};
- pcm1_extclk: pcm1-extclk {
+ pcm1_extclk: pcm1-extclk-pins {
samsung,pins = "gpe-1";
samsung,pin-function = <EXYNOS_PIN_FUNC_2>;
samsung,pin-pud = <S3C64XX_PIN_PULL_NONE>;
};
- ac97_bus_0: ac97-bus-0 {
+ ac97_bus_0: ac97-bus-0-pins {
samsung,pins = "gpd-0", "gpd-1", "gpd-2", "gpd-3", "gpd-4";
samsung,pin-function = <EXYNOS_PIN_FUNC_4>;
samsung,pin-pud = <S3C64XX_PIN_PULL_NONE>;
};
- ac97_bus_1: ac97-bus-1 {
+ ac97_bus_1: ac97-bus-1-pins {
samsung,pins = "gpe-0", "gpe-1", "gpe-2", "gpe-3", "gpe-4";
samsung,pin-function = <EXYNOS_PIN_FUNC_4>;
samsung,pin-pud = <S3C64XX_PIN_PULL_NONE>;
};
- cam_port: cam-port {
+ cam_port: cam-port-pins {
samsung,pins = "gpf-0", "gpf-1", "gpf-2", "gpf-4",
"gpf-5", "gpf-6", "gpf-7", "gpf-8",
"gpf-9", "gpf-10", "gpf-11", "gpf-12";
@@ -408,242 +408,242 @@ cam_port: cam-port {
samsung,pin-pud = <S3C64XX_PIN_PULL_NONE>;
};
- cam_rst: cam-rst {
+ cam_rst: cam-rst-pins {
samsung,pins = "gpf-3";
samsung,pin-function = <EXYNOS_PIN_FUNC_2>;
samsung,pin-pud = <S3C64XX_PIN_PULL_NONE>;
};
- cam_field: cam-field {
+ cam_field: cam-field-pins {
/* S3C6410-only */
samsung,pins = "gpb-4";
samsung,pin-function = <EXYNOS_PIN_FUNC_3>;
samsung,pin-pud = <S3C64XX_PIN_PULL_NONE>;
};
- pwm_extclk: pwm-extclk {
+ pwm_extclk: pwm-extclk-pins {
samsung,pins = "gpf-13";
samsung,pin-function = <EXYNOS_PIN_FUNC_2>;
samsung,pin-pud = <S3C64XX_PIN_PULL_NONE>;
};
- pwm0_out: pwm0-out {
+ pwm0_out: pwm0-out-pins {
samsung,pins = "gpf-14";
samsung,pin-function = <EXYNOS_PIN_FUNC_2>;
samsung,pin-pud = <S3C64XX_PIN_PULL_NONE>;
};
- pwm1_out: pwm1-out {
+ pwm1_out: pwm1-out-pins {
samsung,pins = "gpf-15";
samsung,pin-function = <EXYNOS_PIN_FUNC_2>;
samsung,pin-pud = <S3C64XX_PIN_PULL_NONE>;
};
- clkout0: clkout-0 {
+ clkout0: clkout-0-pins {
samsung,pins = "gpf-14";
samsung,pin-function = <EXYNOS_PIN_FUNC_3>;
samsung,pin-pud = <S3C64XX_PIN_PULL_NONE>;
};
- keypad_col0_0: keypad-col0-0 {
+ keypad_col0_0: keypad-col0-0-pins {
samsung,pins = "gph-0";
samsung,pin-function = <EXYNOS_PIN_FUNC_4>;
samsung,pin-pud = <S3C64XX_PIN_PULL_NONE>;
};
- keypad_col1_0: keypad-col1-0 {
+ keypad_col1_0: keypad-col1-0-pins {
samsung,pins = "gph-1";
samsung,pin-function = <EXYNOS_PIN_FUNC_4>;
samsung,pin-pud = <S3C64XX_PIN_PULL_NONE>;
};
- keypad_col2_0: keypad-col2-0 {
+ keypad_col2_0: keypad-col2-0-pins {
samsung,pins = "gph-2";
samsung,pin-function = <EXYNOS_PIN_FUNC_4>;
samsung,pin-pud = <S3C64XX_PIN_PULL_NONE>;
};
- keypad_col3_0: keypad-col3-0 {
+ keypad_col3_0: keypad-col3-0-pins {
samsung,pins = "gph-3";
samsung,pin-function = <EXYNOS_PIN_FUNC_4>;
samsung,pin-pud = <S3C64XX_PIN_PULL_NONE>;
};
- keypad_col4_0: keypad-col4-0 {
+ keypad_col4_0: keypad-col4-0-pins {
samsung,pins = "gph-4";
samsung,pin-function = <EXYNOS_PIN_FUNC_4>;
samsung,pin-pud = <S3C64XX_PIN_PULL_NONE>;
};
- keypad_col5_0: keypad-col5-0 {
+ keypad_col5_0: keypad-col5-0-pins {
samsung,pins = "gph-5";
samsung,pin-function = <EXYNOS_PIN_FUNC_4>;
samsung,pin-pud = <S3C64XX_PIN_PULL_NONE>;
};
- keypad_col6_0: keypad-col6-0 {
+ keypad_col6_0: keypad-col6-0-pins {
samsung,pins = "gph-6";
samsung,pin-function = <EXYNOS_PIN_FUNC_4>;
samsung,pin-pud = <S3C64XX_PIN_PULL_NONE>;
};
- keypad_col7_0: keypad-col7-0 {
+ keypad_col7_0: keypad-col7-0-pins {
samsung,pins = "gph-7";
samsung,pin-function = <EXYNOS_PIN_FUNC_4>;
samsung,pin-pud = <S3C64XX_PIN_PULL_NONE>;
};
- keypad_col0_1: keypad-col0-1 {
+ keypad_col0_1: keypad-col0-1-pins {
samsung,pins = "gpl-0";
samsung,pin-function = <EXYNOS_PIN_FUNC_3>;
samsung,pin-pud = <S3C64XX_PIN_PULL_NONE>;
};
- keypad_col1_1: keypad-col1-1 {
+ keypad_col1_1: keypad-col1-1-pins {
samsung,pins = "gpl-1";
samsung,pin-function = <EXYNOS_PIN_FUNC_3>;
samsung,pin-pud = <S3C64XX_PIN_PULL_NONE>;
};
- keypad_col2_1: keypad-col2-1 {
+ keypad_col2_1: keypad-col2-1-pins {
samsung,pins = "gpl-2";
samsung,pin-function = <EXYNOS_PIN_FUNC_3>;
samsung,pin-pud = <S3C64XX_PIN_PULL_NONE>;
};
- keypad_col3_1: keypad-col3-1 {
+ keypad_col3_1: keypad-col3-1-pins {
samsung,pins = "gpl-3";
samsung,pin-function = <EXYNOS_PIN_FUNC_3>;
samsung,pin-pud = <S3C64XX_PIN_PULL_NONE>;
};
- keypad_col4_1: keypad-col4-1 {
+ keypad_col4_1: keypad-col4-1-pins {
samsung,pins = "gpl-4";
samsung,pin-function = <EXYNOS_PIN_FUNC_3>;
samsung,pin-pud = <S3C64XX_PIN_PULL_NONE>;
};
- keypad_col5_1: keypad-col5-1 {
+ keypad_col5_1: keypad-col5-1-pins {
samsung,pins = "gpl-5";
samsung,pin-function = <EXYNOS_PIN_FUNC_3>;
samsung,pin-pud = <S3C64XX_PIN_PULL_NONE>;
};
- keypad_col6_1: keypad-col6-1 {
+ keypad_col6_1: keypad-col6-1-pins {
samsung,pins = "gpl-6";
samsung,pin-function = <EXYNOS_PIN_FUNC_3>;
samsung,pin-pud = <S3C64XX_PIN_PULL_NONE>;
};
- keypad_col7_1: keypad-col7-1 {
+ keypad_col7_1: keypad-col7-1-pins {
samsung,pins = "gpl-7";
samsung,pin-function = <EXYNOS_PIN_FUNC_3>;
samsung,pin-pud = <S3C64XX_PIN_PULL_NONE>;
};
- keypad_row0_0: keypad-row0-0 {
+ keypad_row0_0: keypad-row0-0-pins {
samsung,pins = "gpk-8";
samsung,pin-function = <EXYNOS_PIN_FUNC_3>;
samsung,pin-pud = <S3C64XX_PIN_PULL_NONE>;
};
- keypad_row1_0: keypad-row1-0 {
+ keypad_row1_0: keypad-row1-0-pins {
samsung,pins = "gpk-9";
samsung,pin-function = <EXYNOS_PIN_FUNC_3>;
samsung,pin-pud = <S3C64XX_PIN_PULL_NONE>;
};
- keypad_row2_0: keypad-row2-0 {
+ keypad_row2_0: keypad-row2-0-pins {
samsung,pins = "gpk-10";
samsung,pin-function = <EXYNOS_PIN_FUNC_3>;
samsung,pin-pud = <S3C64XX_PIN_PULL_NONE>;
};
- keypad_row3_0: keypad-row3-0 {
+ keypad_row3_0: keypad-row3-0-pins {
samsung,pins = "gpk-11";
samsung,pin-function = <EXYNOS_PIN_FUNC_3>;
samsung,pin-pud = <S3C64XX_PIN_PULL_NONE>;
};
- keypad_row4_0: keypad-row4-0 {
+ keypad_row4_0: keypad-row4-0-pins {
samsung,pins = "gpk-12";
samsung,pin-function = <EXYNOS_PIN_FUNC_3>;
samsung,pin-pud = <S3C64XX_PIN_PULL_NONE>;
};
- keypad_row5_0: keypad-row5-0 {
+ keypad_row5_0: keypad-row5-0-pins {
samsung,pins = "gpk-13";
samsung,pin-function = <EXYNOS_PIN_FUNC_3>;
samsung,pin-pud = <S3C64XX_PIN_PULL_NONE>;
};
- keypad_row6_0: keypad-row6-0 {
+ keypad_row6_0: keypad-row6-0-pins {
samsung,pins = "gpk-14";
samsung,pin-function = <EXYNOS_PIN_FUNC_3>;
samsung,pin-pud = <S3C64XX_PIN_PULL_NONE>;
};
- keypad_row7_0: keypad-row7-0 {
+ keypad_row7_0: keypad-row7-0-pins {
samsung,pins = "gpk-15";
samsung,pin-function = <EXYNOS_PIN_FUNC_3>;
samsung,pin-pud = <S3C64XX_PIN_PULL_NONE>;
};
- keypad_row0_1: keypad-row0-1 {
+ keypad_row0_1: keypad-row0-1-pins {
samsung,pins = "gpn-0";
samsung,pin-function = <EXYNOS_PIN_FUNC_3>;
samsung,pin-pud = <S3C64XX_PIN_PULL_NONE>;
};
- keypad_row1_1: keypad-row1-1 {
+ keypad_row1_1: keypad-row1-1-pins {
samsung,pins = "gpn-1";
samsung,pin-function = <EXYNOS_PIN_FUNC_3>;
samsung,pin-pud = <S3C64XX_PIN_PULL_NONE>;
};
- keypad_row2_1: keypad-row2-1 {
+ keypad_row2_1: keypad-row2-1-pins {
samsung,pins = "gpn-2";
samsung,pin-function = <EXYNOS_PIN_FUNC_3>;
samsung,pin-pud = <S3C64XX_PIN_PULL_NONE>;
};
- keypad_row3_1: keypad-row3-1 {
+ keypad_row3_1: keypad-row3-1-pins {
samsung,pins = "gpn-3";
samsung,pin-function = <EXYNOS_PIN_FUNC_3>;
samsung,pin-pud = <S3C64XX_PIN_PULL_NONE>;
};
- keypad_row4_1: keypad-row4-1 {
+ keypad_row4_1: keypad-row4-1-pins {
samsung,pins = "gpn-4";
samsung,pin-function = <EXYNOS_PIN_FUNC_3>;
samsung,pin-pud = <S3C64XX_PIN_PULL_NONE>;
};
- keypad_row5_1: keypad-row5-1 {
+ keypad_row5_1: keypad-row5-1-pins {
samsung,pins = "gpn-5";
samsung,pin-function = <EXYNOS_PIN_FUNC_3>;
samsung,pin-pud = <S3C64XX_PIN_PULL_NONE>;
};
- keypad_row6_1: keypad-row6-1 {
+ keypad_row6_1: keypad-row6-1-pins {
samsung,pins = "gpn-6";
samsung,pin-function = <EXYNOS_PIN_FUNC_3>;
samsung,pin-pud = <S3C64XX_PIN_PULL_NONE>;
};
- keypad_row7_1: keypad-row7-1 {
+ keypad_row7_1: keypad-row7-1-pins {
samsung,pins = "gpn-7";
samsung,pin-function = <EXYNOS_PIN_FUNC_3>;
samsung,pin-pud = <S3C64XX_PIN_PULL_NONE>;
};
- lcd_ctrl: lcd-ctrl {
+ lcd_ctrl: lcd-ctrl-pins {
samsung,pins = "gpj-8", "gpj-9", "gpj-10", "gpj-11";
samsung,pin-function = <EXYNOS_PIN_FUNC_2>;
samsung,pin-pud = <S3C64XX_PIN_PULL_NONE>;
};
- lcd_data16: lcd-data-width16 {
+ lcd_data16: lcd-data-width16-pins {
samsung,pins = "gpi-3", "gpi-4", "gpi-5", "gpi-6",
"gpi-7", "gpi-10", "gpi-11", "gpi-12",
"gpi-13", "gpi-14", "gpi-15", "gpj-3",
@@ -652,7 +652,7 @@ lcd_data16: lcd-data-width16 {
samsung,pin-pud = <S3C64XX_PIN_PULL_NONE>;
};
- lcd_data18: lcd-data-width18 {
+ lcd_data18: lcd-data-width18-pins {
samsung,pins = "gpi-2", "gpi-3", "gpi-4", "gpi-5",
"gpi-6", "gpi-7", "gpi-10", "gpi-11",
"gpi-12", "gpi-13", "gpi-14", "gpi-15",
@@ -662,7 +662,7 @@ lcd_data18: lcd-data-width18 {
samsung,pin-pud = <S3C64XX_PIN_PULL_NONE>;
};
- lcd_data24: lcd-data-width24 {
+ lcd_data24: lcd-data-width24-pins {
samsung,pins = "gpi-0", "gpi-1", "gpi-2", "gpi-3",
"gpi-4", "gpi-5", "gpi-6", "gpi-7",
"gpi-8", "gpi-9", "gpi-10", "gpi-11",
@@ -673,7 +673,7 @@ lcd_data24: lcd-data-width24 {
samsung,pin-pud = <S3C64XX_PIN_PULL_NONE>;
};
- hsi_bus: hsi-bus {
+ hsi_bus: hsi-bus-pins {
samsung,pins = "gpk-0", "gpk-1", "gpk-2", "gpk-3",
"gpk-4", "gpk-5", "gpk-6", "gpk-7";
samsung,pin-function = <EXYNOS_PIN_FUNC_3>;
--
2.40.1
^ permalink raw reply related [flat|nested] 396+ messages in thread
* [PATCH 5.4 101/367] ARM: dts: samsung: s3c6410-mini6410: correct ethernet reg addresses (split)
2023-09-20 11:26 [PATCH 5.4 000/367] 5.4.257-rc1 review Greg Kroah-Hartman
` (99 preceding siblings ...)
2023-09-20 11:27 ` [PATCH 5.4 100/367] ARM: dts: s3c64xx: align pinctrl with dtschema Greg Kroah-Hartman
@ 2023-09-20 11:27 ` Greg Kroah-Hartman
2023-09-20 11:27 ` [PATCH 5.4 102/367] ARM: dts: s5pv210: add RTC 32 KHz clock in SMDKV210 Greg Kroah-Hartman
` (271 subsequent siblings)
372 siblings, 0 replies; 396+ messages in thread
From: Greg Kroah-Hartman @ 2023-09-20 11:27 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Alim Akhtar, Krzysztof Kozlowski,
Sasha Levin
5.4-stable review patch. If anyone has any objections, please let me know.
------------------
From: Krzysztof Kozlowski <krzysztof.kozlowski@linaro.org>
[ Upstream commit cf0cb2af6a18f28b84f9f1416bff50ca60d6e98a ]
The davicom,dm9000 Ethernet Controller accepts two reg addresses.
Fixes: a43736deb47d ("ARM: dts: Add dts file for S3C6410-based Mini6410 board")
Reviewed-by: Alim Akhtar <alim.akhtar@samsung.com>
Link: https://lore.kernel.org/r/20230713152926.82884-1-krzysztof.kozlowski@linaro.org
Signed-off-by: Krzysztof Kozlowski <krzysztof.kozlowski@linaro.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/arm/boot/dts/s3c6410-mini6410.dts | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/arch/arm/boot/dts/s3c6410-mini6410.dts b/arch/arm/boot/dts/s3c6410-mini6410.dts
index 17097da36f5ed..0b07b3c319604 100644
--- a/arch/arm/boot/dts/s3c6410-mini6410.dts
+++ b/arch/arm/boot/dts/s3c6410-mini6410.dts
@@ -51,7 +51,7 @@ srom-cs1-bus@18000000 {
ethernet@18000000 {
compatible = "davicom,dm9000";
- reg = <0x18000000 0x2 0x18000004 0x2>;
+ reg = <0x18000000 0x2>, <0x18000004 0x2>;
interrupt-parent = <&gpn>;
interrupts = <7 IRQ_TYPE_LEVEL_HIGH>;
davicom,no-eeprom;
--
2.40.1
^ permalink raw reply related [flat|nested] 396+ messages in thread
* [PATCH 5.4 102/367] ARM: dts: s5pv210: add RTC 32 KHz clock in SMDKV210
2023-09-20 11:26 [PATCH 5.4 000/367] 5.4.257-rc1 review Greg Kroah-Hartman
` (100 preceding siblings ...)
2023-09-20 11:27 ` [PATCH 5.4 101/367] ARM: dts: samsung: s3c6410-mini6410: correct ethernet reg addresses (split) Greg Kroah-Hartman
@ 2023-09-20 11:27 ` Greg Kroah-Hartman
2023-09-20 11:28 ` [PATCH 5.4 103/367] ARM: dts: s5pv210: use defines for IRQ flags " Greg Kroah-Hartman
` (270 subsequent siblings)
372 siblings, 0 replies; 396+ messages in thread
From: Greg Kroah-Hartman @ 2023-09-20 11:27 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Krzysztof Kozlowski, Sasha Levin
5.4-stable review patch. If anyone has any objections, please let me know.
------------------
From: Krzysztof Kozlowski <krzk@kernel.org>
[ Upstream commit 7260b363457a22b8723d5cbc43fee67397896d07 ]
The S3C RTC requires 32768 Hz clock as input which is provided by PMIC.
However the PMIC is not described in DTS at all so at least add
a workaround to model its clock with a fixed-clock.
This fixes dtbs_check warnings:
rtc@e2800000: clocks: [[2, 145]] is too short
rtc@e2800000: clock-names: ['rtc'] is too short
Signed-off-by: Krzysztof Kozlowski <krzk@kernel.org>
Link: https://lore.kernel.org/r/20200907161141.31034-15-krzk@kernel.org
Stable-dep-of: 982655cb0e7f ("ARM: dts: samsung: s5pv210-smdkv210: correct ethernet reg addresses (split)")
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/arm/boot/dts/s5pv210-smdkv210.dts | 9 +++++++++
1 file changed, 9 insertions(+)
diff --git a/arch/arm/boot/dts/s5pv210-smdkv210.dts b/arch/arm/boot/dts/s5pv210-smdkv210.dts
index 84b38f1851991..1f20622da7194 100644
--- a/arch/arm/boot/dts/s5pv210-smdkv210.dts
+++ b/arch/arm/boot/dts/s5pv210-smdkv210.dts
@@ -31,6 +31,13 @@ memory@20000000 {
reg = <0x20000000 0x40000000>;
};
+ pmic_ap_clk: clock-0 {
+ /* Workaround for missing PMIC and its clock */
+ compatible = "fixed-clock";
+ #clock-cells = <0>;
+ clock-frequency = <32768>;
+ };
+
ethernet@18000000 {
compatible = "davicom,dm9000";
reg = <0xA8000000 0x2 0xA8000002 0x2>;
@@ -147,6 +154,8 @@ &uart3 {
&rtc {
status = "okay";
+ clocks = <&clocks CLK_RTC>, <&pmic_ap_clk>;
+ clock-names = "rtc", "rtc_src";
};
&sdhci0 {
--
2.40.1
^ permalink raw reply related [flat|nested] 396+ messages in thread
* [PATCH 5.4 103/367] ARM: dts: s5pv210: use defines for IRQ flags in SMDKV210
2023-09-20 11:26 [PATCH 5.4 000/367] 5.4.257-rc1 review Greg Kroah-Hartman
` (101 preceding siblings ...)
2023-09-20 11:27 ` [PATCH 5.4 102/367] ARM: dts: s5pv210: add RTC 32 KHz clock in SMDKV210 Greg Kroah-Hartman
@ 2023-09-20 11:28 ` Greg Kroah-Hartman
2023-09-20 11:28 ` [PATCH 5.4 104/367] ARM: dts: s5pv210: correct ethernet unit address " Greg Kroah-Hartman
` (269 subsequent siblings)
372 siblings, 0 replies; 396+ messages in thread
From: Greg Kroah-Hartman @ 2023-09-20 11:28 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Krzysztof Kozlowski, Sasha Levin
5.4-stable review patch. If anyone has any objections, please let me know.
------------------
From: Krzysztof Kozlowski <krzk@kernel.org>
[ Upstream commit c272f1cc9492d61dac362d2064ec41ca97fcb1e2 ]
Replace hard-coded flags with defines for readability. No functional
change.
Signed-off-by: Krzysztof Kozlowski <krzk@kernel.org>
Link: https://lore.kernel.org/r/20200907161141.31034-19-krzk@kernel.org
Stable-dep-of: 982655cb0e7f ("ARM: dts: samsung: s5pv210-smdkv210: correct ethernet reg addresses (split)")
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/arm/boot/dts/s5pv210-smdkv210.dts | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/arch/arm/boot/dts/s5pv210-smdkv210.dts b/arch/arm/boot/dts/s5pv210-smdkv210.dts
index 1f20622da7194..1e1570d66d890 100644
--- a/arch/arm/boot/dts/s5pv210-smdkv210.dts
+++ b/arch/arm/boot/dts/s5pv210-smdkv210.dts
@@ -15,6 +15,7 @@
*/
/dts-v1/;
+#include <dt-bindings/interrupt-controller/irq.h>
#include <dt-bindings/input/input.h>
#include "s5pv210.dtsi"
@@ -42,7 +43,7 @@ ethernet@18000000 {
compatible = "davicom,dm9000";
reg = <0xA8000000 0x2 0xA8000002 0x2>;
interrupt-parent = <&gph1>;
- interrupts = <1 4>;
+ interrupts = <1 IRQ_TYPE_LEVEL_HIGH>;
local-mac-address = [00 00 de ad be ef];
davicom,no-eeprom;
};
--
2.40.1
^ permalink raw reply related [flat|nested] 396+ messages in thread
* [PATCH 5.4 104/367] ARM: dts: s5pv210: correct ethernet unit address in SMDKV210
2023-09-20 11:26 [PATCH 5.4 000/367] 5.4.257-rc1 review Greg Kroah-Hartman
` (102 preceding siblings ...)
2023-09-20 11:28 ` [PATCH 5.4 103/367] ARM: dts: s5pv210: use defines for IRQ flags " Greg Kroah-Hartman
@ 2023-09-20 11:28 ` Greg Kroah-Hartman
2023-09-20 11:28 ` [PATCH 5.4 105/367] ARM: dts: s5pv210: add dummy 5V regulator for backlight on SMDKv210 Greg Kroah-Hartman
` (268 subsequent siblings)
372 siblings, 0 replies; 396+ messages in thread
From: Greg Kroah-Hartman @ 2023-09-20 11:28 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Krzysztof Kozlowski, Sasha Levin
5.4-stable review patch. If anyone has any objections, please let me know.
------------------
From: Krzysztof Kozlowski <krzk@kernel.org>
[ Upstream commit 28ab4caccd17d7b84fd8aa36b13af5e735870bad ]
The SROM bank 5 is at address 0xa8000000, just like the one put in "reg"
property of ethernet node. Fix the unit address of ethernet node.
Signed-off-by: Krzysztof Kozlowski <krzk@kernel.org>
Link: https://lore.kernel.org/r/20200907183313.29234-2-krzk@kernel.org
Stable-dep-of: 982655cb0e7f ("ARM: dts: samsung: s5pv210-smdkv210: correct ethernet reg addresses (split)")
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/arm/boot/dts/s5pv210-smdkv210.dts | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/arch/arm/boot/dts/s5pv210-smdkv210.dts b/arch/arm/boot/dts/s5pv210-smdkv210.dts
index 1e1570d66d890..7459e41e8ef13 100644
--- a/arch/arm/boot/dts/s5pv210-smdkv210.dts
+++ b/arch/arm/boot/dts/s5pv210-smdkv210.dts
@@ -39,7 +39,7 @@ pmic_ap_clk: clock-0 {
clock-frequency = <32768>;
};
- ethernet@18000000 {
+ ethernet@a8000000 {
compatible = "davicom,dm9000";
reg = <0xA8000000 0x2 0xA8000002 0x2>;
interrupt-parent = <&gph1>;
--
2.40.1
^ permalink raw reply related [flat|nested] 396+ messages in thread
* [PATCH 5.4 105/367] ARM: dts: s5pv210: add dummy 5V regulator for backlight on SMDKv210
2023-09-20 11:26 [PATCH 5.4 000/367] 5.4.257-rc1 review Greg Kroah-Hartman
` (103 preceding siblings ...)
2023-09-20 11:28 ` [PATCH 5.4 104/367] ARM: dts: s5pv210: correct ethernet unit address " Greg Kroah-Hartman
@ 2023-09-20 11:28 ` Greg Kroah-Hartman
2023-09-20 11:28 ` [PATCH 5.4 106/367] ARM: dts: samsung: s5pv210-smdkv210: correct ethernet reg addresses (split) Greg Kroah-Hartman
` (267 subsequent siblings)
372 siblings, 0 replies; 396+ messages in thread
From: Greg Kroah-Hartman @ 2023-09-20 11:28 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Krzysztof Kozlowski, Sasha Levin
5.4-stable review patch. If anyone has any objections, please let me know.
------------------
From: Krzysztof Kozlowski <krzysztof.kozlowski@linaro.org>
[ Upstream commit b77904ba177a9c67b6dbc3637fdf1faa22df6e5c ]
Backlight is supplied by DC5V regulator. The DTS has no PMIC node, so
just add a regulator-fixed to solve it and fix dtbs_check warning:
s5pv210-smdkv210.dtb: backlight: 'power-supply' is a required property
Link: https://lore.kernel.org/r/20230421095721.31857-4-krzysztof.kozlowski@linaro.org
Signed-off-by: Krzysztof Kozlowski <krzysztof.kozlowski@linaro.org>
Stable-dep-of: 982655cb0e7f ("ARM: dts: samsung: s5pv210-smdkv210: correct ethernet reg addresses (split)")
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/arm/boot/dts/s5pv210-smdkv210.dts | 8 ++++++++
1 file changed, 8 insertions(+)
diff --git a/arch/arm/boot/dts/s5pv210-smdkv210.dts b/arch/arm/boot/dts/s5pv210-smdkv210.dts
index 7459e41e8ef13..ec5e18c59d3cf 100644
--- a/arch/arm/boot/dts/s5pv210-smdkv210.dts
+++ b/arch/arm/boot/dts/s5pv210-smdkv210.dts
@@ -55,6 +55,14 @@ backlight {
default-brightness-level = <6>;
pinctrl-names = "default";
pinctrl-0 = <&pwm3_out>;
+ power-supply = <&dc5v_reg>;
+ };
+
+ dc5v_reg: regulator-0 {
+ compatible = "regulator-fixed";
+ regulator-name = "DC5V";
+ regulator-min-microvolt = <5000000>;
+ regulator-max-microvolt = <5000000>;
};
};
--
2.40.1
^ permalink raw reply related [flat|nested] 396+ messages in thread
* [PATCH 5.4 106/367] ARM: dts: samsung: s5pv210-smdkv210: correct ethernet reg addresses (split)
2023-09-20 11:26 [PATCH 5.4 000/367] 5.4.257-rc1 review Greg Kroah-Hartman
` (104 preceding siblings ...)
2023-09-20 11:28 ` [PATCH 5.4 105/367] ARM: dts: s5pv210: add dummy 5V regulator for backlight on SMDKv210 Greg Kroah-Hartman
@ 2023-09-20 11:28 ` Greg Kroah-Hartman
2023-09-20 11:28 ` [PATCH 5.4 107/367] drm: adv7511: Fix low refresh rate register for ADV7533/5 Greg Kroah-Hartman
` (266 subsequent siblings)
372 siblings, 0 replies; 396+ messages in thread
From: Greg Kroah-Hartman @ 2023-09-20 11:28 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Alim Akhtar, Krzysztof Kozlowski,
Sasha Levin
5.4-stable review patch. If anyone has any objections, please let me know.
------------------
From: Krzysztof Kozlowski <krzysztof.kozlowski@linaro.org>
[ Upstream commit 982655cb0e7f18934d7532c32366e574ad61dbd7 ]
The davicom,dm9000 Ethernet Controller accepts two reg addresses.
Fixes: b672b27d232e ("ARM: dts: Add Device tree for s5pc110/s5pv210 boards")
Reviewed-by: Alim Akhtar <alim.akhtar@samsung.com>
Link: https://lore.kernel.org/r/20230713152926.82884-2-krzysztof.kozlowski@linaro.org
Signed-off-by: Krzysztof Kozlowski <krzysztof.kozlowski@linaro.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/arm/boot/dts/s5pv210-smdkv210.dts | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/arch/arm/boot/dts/s5pv210-smdkv210.dts b/arch/arm/boot/dts/s5pv210-smdkv210.dts
index ec5e18c59d3cf..53a841ecf7a44 100644
--- a/arch/arm/boot/dts/s5pv210-smdkv210.dts
+++ b/arch/arm/boot/dts/s5pv210-smdkv210.dts
@@ -41,7 +41,7 @@ pmic_ap_clk: clock-0 {
ethernet@a8000000 {
compatible = "davicom,dm9000";
- reg = <0xA8000000 0x2 0xA8000002 0x2>;
+ reg = <0xa8000000 0x2>, <0xa8000002 0x2>;
interrupt-parent = <&gph1>;
interrupts = <1 IRQ_TYPE_LEVEL_HIGH>;
local-mac-address = [00 00 de ad be ef];
--
2.40.1
^ permalink raw reply related [flat|nested] 396+ messages in thread
* [PATCH 5.4 107/367] drm: adv7511: Fix low refresh rate register for ADV7533/5
2023-09-20 11:26 [PATCH 5.4 000/367] 5.4.257-rc1 review Greg Kroah-Hartman
` (105 preceding siblings ...)
2023-09-20 11:28 ` [PATCH 5.4 106/367] ARM: dts: samsung: s5pv210-smdkv210: correct ethernet reg addresses (split) Greg Kroah-Hartman
@ 2023-09-20 11:28 ` Greg Kroah-Hartman
2023-09-20 11:28 ` [PATCH 5.4 108/367] ARM: dts: BCM53573: Fix Ethernet info for Luxul devices Greg Kroah-Hartman
` (265 subsequent siblings)
372 siblings, 0 replies; 396+ messages in thread
From: Greg Kroah-Hartman @ 2023-09-20 11:28 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Robert Foss, Nuno Sa,
Bogdan Togorean, Alexandru Ardelean, Frieder Schrempf,
Sasha Levin
5.4-stable review patch. If anyone has any objections, please let me know.
------------------
From: Bogdan Togorean <bogdan.togorean@analog.com>
[ Upstream commit d281eeaa4de2636ff0c8e6ae387bb07b50e5fcbb ]
For ADV7533 and ADV7535 low refresh rate is selected using
bits [3:2] of 0x4a main register.
So depending on ADV model write 0xfb or 0x4a register.
Fixes: 2437e7cd88e8 ("drm/bridge: adv7533: Initial support for ADV7533")
Reviewed-by: Robert Foss <rfoss@kernel.org>
Reviewed-by: Nuno Sa <nuno.sa@analog.com>
Signed-off-by: Bogdan Togorean <bogdan.togorean@analog.com>
Signed-off-by: Alexandru Ardelean <alex@shruggie.ro>
Reviewed-by: Frieder Schrempf <frieder.schrempf@kontron.de>
Signed-off-by: Robert Foss <rfoss@kernel.org>
Link: https://patchwork.freedesktop.org/patch/msgid/20230719060143.63649-1-alex@shruggie.ro
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/gpu/drm/bridge/adv7511/adv7511_drv.c | 9 +++++++--
1 file changed, 7 insertions(+), 2 deletions(-)
diff --git a/drivers/gpu/drm/bridge/adv7511/adv7511_drv.c b/drivers/gpu/drm/bridge/adv7511/adv7511_drv.c
index 62ef603627b77..2cdfbdcbf02d6 100644
--- a/drivers/gpu/drm/bridge/adv7511/adv7511_drv.c
+++ b/drivers/gpu/drm/bridge/adv7511/adv7511_drv.c
@@ -756,8 +756,13 @@ static void adv7511_mode_set(struct adv7511 *adv7511,
else
low_refresh_rate = ADV7511_LOW_REFRESH_RATE_NONE;
- regmap_update_bits(adv7511->regmap, 0xfb,
- 0x6, low_refresh_rate << 1);
+ if (adv7511->type == ADV7511)
+ regmap_update_bits(adv7511->regmap, 0xfb,
+ 0x6, low_refresh_rate << 1);
+ else
+ regmap_update_bits(adv7511->regmap, 0x4a,
+ 0xc, low_refresh_rate << 2);
+
regmap_update_bits(adv7511->regmap, 0x17,
0x60, (vsync_polarity << 6) | (hsync_polarity << 5));
--
2.40.1
^ permalink raw reply related [flat|nested] 396+ messages in thread
* [PATCH 5.4 108/367] ARM: dts: BCM53573: Fix Ethernet info for Luxul devices
2023-09-20 11:26 [PATCH 5.4 000/367] 5.4.257-rc1 review Greg Kroah-Hartman
` (106 preceding siblings ...)
2023-09-20 11:28 ` [PATCH 5.4 107/367] drm: adv7511: Fix low refresh rate register for ADV7533/5 Greg Kroah-Hartman
@ 2023-09-20 11:28 ` Greg Kroah-Hartman
2023-09-20 11:28 ` [PATCH 5.4 109/367] arm64: dts: qcom: sdm845: Add missing RPMh power domain to GCC Greg Kroah-Hartman
` (264 subsequent siblings)
372 siblings, 0 replies; 396+ messages in thread
From: Greg Kroah-Hartman @ 2023-09-20 11:28 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Rafał Miłecki,
Florian Fainelli, Sasha Levin
5.4-stable review patch. If anyone has any objections, please let me know.
------------------
From: Rafał Miłecki <rafal@milecki.pl>
[ Upstream commit 44ad8207806973f4e4f7d870fff36cc01f494250 ]
Both Luxul's XAP devices (XAP-810 and XAP-1440) are access points that
use a non-default design. They don't include switch but have a single
Ethernet port and BCM54210E PHY connected to the Ethernet controller's
MDIO bus.
Support for those devices regressed due to two changes:
1. Describing MDIO bus with switch
After commit 9fb90ae6cae7 ("ARM: dts: BCM53573: Describe on-SoC BCM53125
rev 4 switch") Linux stopped probing for MDIO devices.
2. Dropping hardcoded BCM54210E delays
In commit fea7fda7f50a ("net: phy: broadcom: Fix RGMII delays
configuration for BCM54210E") support for other PHY modes was added but
that requires a proper "phy-mode" value in DT.
Both above changes are correct (they don't need to be reverted or
anything) but they need this fix for DT data to be correct and for Linux
to work properly.
Fixes: 9fb90ae6cae7 ("ARM: dts: BCM53573: Describe on-SoC BCM53125 rev 4 switch")
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
Link: https://lore.kernel.org/r/20230713111145.14864-1-zajec5@gmail.com
Signed-off-by: Florian Fainelli <florian.fainelli@broadcom.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/arm/boot/dts/bcm47189-luxul-xap-1440.dts | 13 +++++++++++++
arch/arm/boot/dts/bcm47189-luxul-xap-810.dts | 13 +++++++++++++
2 files changed, 26 insertions(+)
diff --git a/arch/arm/boot/dts/bcm47189-luxul-xap-1440.dts b/arch/arm/boot/dts/bcm47189-luxul-xap-1440.dts
index 02957850c88a8..5901160919dcd 100644
--- a/arch/arm/boot/dts/bcm47189-luxul-xap-1440.dts
+++ b/arch/arm/boot/dts/bcm47189-luxul-xap-1440.dts
@@ -45,3 +45,16 @@ restart {
};
};
};
+
+&gmac0 {
+ phy-mode = "rgmii";
+ phy-handle = <&bcm54210e>;
+
+ mdio {
+ /delete-node/ switch@1e;
+
+ bcm54210e: ethernet-phy@0 {
+ reg = <0>;
+ };
+ };
+};
diff --git a/arch/arm/boot/dts/bcm47189-luxul-xap-810.dts b/arch/arm/boot/dts/bcm47189-luxul-xap-810.dts
index d68e9dbebf26b..8e7483272d47d 100644
--- a/arch/arm/boot/dts/bcm47189-luxul-xap-810.dts
+++ b/arch/arm/boot/dts/bcm47189-luxul-xap-810.dts
@@ -81,3 +81,16 @@ pcie0_chipcommon: chipcommon@0 {
};
};
};
+
+&gmac0 {
+ phy-mode = "rgmii";
+ phy-handle = <&bcm54210e>;
+
+ mdio {
+ /delete-node/ switch@1e;
+
+ bcm54210e: ethernet-phy@0 {
+ reg = <0>;
+ };
+ };
+};
--
2.40.1
^ permalink raw reply related [flat|nested] 396+ messages in thread
* [PATCH 5.4 109/367] arm64: dts: qcom: sdm845: Add missing RPMh power domain to GCC
2023-09-20 11:26 [PATCH 5.4 000/367] 5.4.257-rc1 review Greg Kroah-Hartman
` (107 preceding siblings ...)
2023-09-20 11:28 ` [PATCH 5.4 108/367] ARM: dts: BCM53573: Fix Ethernet info for Luxul devices Greg Kroah-Hartman
@ 2023-09-20 11:28 ` Greg Kroah-Hartman
2023-09-20 11:28 ` [PATCH 5.4 110/367] drm/amdgpu: Update min() to min_t() in amdgpu_info_ioctl Greg Kroah-Hartman
` (263 subsequent siblings)
372 siblings, 0 replies; 396+ messages in thread
From: Greg Kroah-Hartman @ 2023-09-20 11:28 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Konrad Dybcio, Krzysztof Kozlowski,
Manivannan Sadhasivam, Bjorn Andersson, Sasha Levin
5.4-stable review patch. If anyone has any objections, please let me know.
------------------
From: Manivannan Sadhasivam <manivannan.sadhasivam@linaro.org>
[ Upstream commit 4b6ea15c0a1122422b44bf6c47a3c22fc8d46777 ]
GCC and it's GDSCs are under the RPMh CX power domain. So let's add the
missing RPMh power domain to the GCC node.
Fixes: 6d4cf750d03a ("arm64: dts: sdm845: Add minimal dts/dtsi files for sdm845 SoC and MTP")
Reviewed-by: Konrad Dybcio <konrad.dybcio@linaro.org>
Co-developed-by: Krzysztof Kozlowski <krzysztof.kozlowski@linaro.org>
Signed-off-by: Krzysztof Kozlowski <krzysztof.kozlowski@linaro.org>
Signed-off-by: Manivannan Sadhasivam <manivannan.sadhasivam@linaro.org>
Link: https://lore.kernel.org/r/20230720054100.9940-4-manivannan.sadhasivam@linaro.org
Signed-off-by: Bjorn Andersson <andersson@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/arm64/boot/dts/qcom/sdm845.dtsi | 1 +
1 file changed, 1 insertion(+)
diff --git a/arch/arm64/boot/dts/qcom/sdm845.dtsi b/arch/arm64/boot/dts/qcom/sdm845.dtsi
index 2287354fef863..ca77fc8aa75bb 100644
--- a/arch/arm64/boot/dts/qcom/sdm845.dtsi
+++ b/arch/arm64/boot/dts/qcom/sdm845.dtsi
@@ -715,6 +715,7 @@ gcc: clock-controller@100000 {
#clock-cells = <1>;
#reset-cells = <1>;
#power-domain-cells = <1>;
+ power-domains = <&rpmhpd SDM845_CX>;
};
qfprom@784000 {
--
2.40.1
^ permalink raw reply related [flat|nested] 396+ messages in thread
* [PATCH 5.4 110/367] drm/amdgpu: Update min() to min_t() in amdgpu_info_ioctl
2023-09-20 11:26 [PATCH 5.4 000/367] 5.4.257-rc1 review Greg Kroah-Hartman
` (108 preceding siblings ...)
2023-09-20 11:28 ` [PATCH 5.4 109/367] arm64: dts: qcom: sdm845: Add missing RPMh power domain to GCC Greg Kroah-Hartman
@ 2023-09-20 11:28 ` Greg Kroah-Hartman
2023-09-20 11:28 ` [PATCH 5.4 111/367] md/bitmap: dont set max_write_behind if there is no write mostly device Greg Kroah-Hartman
` (262 subsequent siblings)
372 siblings, 0 replies; 396+ messages in thread
From: Greg Kroah-Hartman @ 2023-09-20 11:28 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Christian König, Alex Deucher,
Srinivasan Shanmugam, Sasha Levin
5.4-stable review patch. If anyone has any objections, please let me know.
------------------
From: Srinivasan Shanmugam <srinivasan.shanmugam@amd.com>
[ Upstream commit a0cc8e1512ad72c9f97cdcb76d42715730adaf62 ]
Fixes the following:
WARNING: min() should probably be min_t(size_t, size, sizeof(ip))
+ ret = copy_to_user(out, &ip, min((size_t)size, sizeof(ip)));
And other style fixes:
WARNING: Prefer 'unsigned int' to bare use of 'unsigned'
WARNING: Missing a blank line after declarations
Cc: Christian König <christian.koenig@amd.com>
Cc: Alex Deucher <alexander.deucher@amd.com>
Signed-off-by: Srinivasan Shanmugam <srinivasan.shanmugam@amd.com>
Reviewed-by: Alex Deucher <alexander.deucher@amd.com>
Signed-off-by: Alex Deucher <alexander.deucher@amd.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/gpu/drm/amd/amdgpu/amdgpu_kms.c | 14 ++++++++------
1 file changed, 8 insertions(+), 6 deletions(-)
diff --git a/drivers/gpu/drm/amd/amdgpu/amdgpu_kms.c b/drivers/gpu/drm/amd/amdgpu/amdgpu_kms.c
index 59fd9ebf3a58b..26a1173df9586 100644
--- a/drivers/gpu/drm/amd/amdgpu/amdgpu_kms.c
+++ b/drivers/gpu/drm/amd/amdgpu/amdgpu_kms.c
@@ -471,6 +471,7 @@ static int amdgpu_info_ioctl(struct drm_device *dev, void *data, struct drm_file
crtc = (struct drm_crtc *)minfo->crtcs[i];
if (crtc && crtc->base.id == info->mode_crtc.id) {
struct amdgpu_crtc *amdgpu_crtc = to_amdgpu_crtc(crtc);
+
ui32 = amdgpu_crtc->crtc_id;
found = 1;
break;
@@ -489,7 +490,7 @@ static int amdgpu_info_ioctl(struct drm_device *dev, void *data, struct drm_file
if (ret)
return ret;
- ret = copy_to_user(out, &ip, min((size_t)size, sizeof(ip)));
+ ret = copy_to_user(out, &ip, min_t(size_t, size, sizeof(ip)));
return ret ? -EFAULT : 0;
}
case AMDGPU_INFO_HW_IP_COUNT: {
@@ -625,17 +626,18 @@ static int amdgpu_info_ioctl(struct drm_device *dev, void *data, struct drm_file
? -EFAULT : 0;
}
case AMDGPU_INFO_READ_MMR_REG: {
- unsigned n, alloc_size;
+ unsigned int n, alloc_size;
uint32_t *regs;
- unsigned se_num = (info->read_mmr_reg.instance >>
+ unsigned int se_num = (info->read_mmr_reg.instance >>
AMDGPU_INFO_MMR_SE_INDEX_SHIFT) &
AMDGPU_INFO_MMR_SE_INDEX_MASK;
- unsigned sh_num = (info->read_mmr_reg.instance >>
+ unsigned int sh_num = (info->read_mmr_reg.instance >>
AMDGPU_INFO_MMR_SH_INDEX_SHIFT) &
AMDGPU_INFO_MMR_SH_INDEX_MASK;
/* set full masks if the userspace set all bits
- * in the bitfields */
+ * in the bitfields
+ */
if (se_num == AMDGPU_INFO_MMR_SE_INDEX_MASK)
se_num = 0xffffffff;
else if (se_num >= AMDGPU_GFX_MAX_SE)
@@ -766,7 +768,7 @@ static int amdgpu_info_ioctl(struct drm_device *dev, void *data, struct drm_file
min((size_t)size, sizeof(dev_info))) ? -EFAULT : 0;
}
case AMDGPU_INFO_VCE_CLOCK_TABLE: {
- unsigned i;
+ unsigned int i;
struct drm_amdgpu_info_vce_clock_table vce_clk_table = {};
struct amd_vce_state *vce_state;
--
2.40.1
^ permalink raw reply related [flat|nested] 396+ messages in thread
* [PATCH 5.4 111/367] md/bitmap: dont set max_write_behind if there is no write mostly device
2023-09-20 11:26 [PATCH 5.4 000/367] 5.4.257-rc1 review Greg Kroah-Hartman
` (109 preceding siblings ...)
2023-09-20 11:28 ` [PATCH 5.4 110/367] drm/amdgpu: Update min() to min_t() in amdgpu_info_ioctl Greg Kroah-Hartman
@ 2023-09-20 11:28 ` Greg Kroah-Hartman
2023-09-20 11:28 ` [PATCH 5.4 112/367] md/md-bitmap: hold reconfig_mutex in backlog_store() Greg Kroah-Hartman
` (261 subsequent siblings)
372 siblings, 0 replies; 396+ messages in thread
From: Greg Kroah-Hartman @ 2023-09-20 11:28 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Guoqing Jiang, Song Liu, Sasha Levin
5.4-stable review patch. If anyone has any objections, please let me know.
------------------
From: Guoqing Jiang <guoqing.jiang@linux.dev>
[ Upstream commit 8c13ab115b577bd09097b9d77916732e97e31b7b ]
We shouldn't set it since write behind IO should only happen to write
mostly device.
Signed-off-by: Guoqing Jiang <guoqing.jiang@linux.dev>
Signed-off-by: Song Liu <songliubraving@fb.com>
Stable-dep-of: 44abfa6a95df ("md/md-bitmap: hold 'reconfig_mutex' in backlog_store()")
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/md/md-bitmap.c | 19 +++++++++++++++++++
1 file changed, 19 insertions(+)
diff --git a/drivers/md/md-bitmap.c b/drivers/md/md-bitmap.c
index bea8265ce9b8e..a549662ff4e51 100644
--- a/drivers/md/md-bitmap.c
+++ b/drivers/md/md-bitmap.c
@@ -2480,11 +2480,30 @@ backlog_store(struct mddev *mddev, const char *buf, size_t len)
{
unsigned long backlog;
unsigned long old_mwb = mddev->bitmap_info.max_write_behind;
+ struct md_rdev *rdev;
+ bool has_write_mostly = false;
int rv = kstrtoul(buf, 10, &backlog);
if (rv)
return rv;
if (backlog > COUNTER_MAX)
return -EINVAL;
+
+ /*
+ * Without write mostly device, it doesn't make sense to set
+ * backlog for max_write_behind.
+ */
+ rdev_for_each(rdev, mddev) {
+ if (test_bit(WriteMostly, &rdev->flags)) {
+ has_write_mostly = true;
+ break;
+ }
+ }
+ if (!has_write_mostly) {
+ pr_warn_ratelimited("%s: can't set backlog, no write mostly device available\n",
+ mdname(mddev));
+ return -EINVAL;
+ }
+
mddev->bitmap_info.max_write_behind = backlog;
if (!backlog && mddev->wb_info_pool) {
/* wb_info_pool is not needed if backlog is zero */
--
2.40.1
^ permalink raw reply related [flat|nested] 396+ messages in thread
* [PATCH 5.4 112/367] md/md-bitmap: hold reconfig_mutex in backlog_store()
2023-09-20 11:26 [PATCH 5.4 000/367] 5.4.257-rc1 review Greg Kroah-Hartman
` (110 preceding siblings ...)
2023-09-20 11:28 ` [PATCH 5.4 111/367] md/bitmap: dont set max_write_behind if there is no write mostly device Greg Kroah-Hartman
@ 2023-09-20 11:28 ` Greg Kroah-Hartman
2023-09-20 11:28 ` [PATCH 5.4 113/367] drm/tegra: Remove superfluous error messages around platform_get_irq() Greg Kroah-Hartman
` (260 subsequent siblings)
372 siblings, 0 replies; 396+ messages in thread
From: Greg Kroah-Hartman @ 2023-09-20 11:28 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Yu Kuai, Song Liu, Sasha Levin
5.4-stable review patch. If anyone has any objections, please let me know.
------------------
From: Yu Kuai <yukuai3@huawei.com>
[ Upstream commit 44abfa6a95df425c0660d56043020b67e6d93ab8 ]
Several reasons why 'reconfig_mutex' should be held:
1) rdev_for_each() is not safe to be called without the lock, because
rdev can be removed concurrently.
2) mddev_destroy_serial_pool() and mddev_create_serial_pool() should not
be called concurrently.
3) mddev_suspend() from mddev_destroy/create_serial_pool() should be
protected by the lock.
Fixes: 10c92fca636e ("md-bitmap: create and destroy wb_info_pool with the change of backlog")
Signed-off-by: Yu Kuai <yukuai3@huawei.com>
Link: https://lore.kernel.org/r/20230706083727.608914-3-yukuai1@huaweicloud.com
Signed-off-by: Song Liu <song@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/md/md-bitmap.c | 7 +++++++
1 file changed, 7 insertions(+)
diff --git a/drivers/md/md-bitmap.c b/drivers/md/md-bitmap.c
index a549662ff4e51..843139447a964 100644
--- a/drivers/md/md-bitmap.c
+++ b/drivers/md/md-bitmap.c
@@ -2488,6 +2488,10 @@ backlog_store(struct mddev *mddev, const char *buf, size_t len)
if (backlog > COUNTER_MAX)
return -EINVAL;
+ rv = mddev_lock(mddev);
+ if (rv)
+ return rv;
+
/*
* Without write mostly device, it doesn't make sense to set
* backlog for max_write_behind.
@@ -2501,6 +2505,7 @@ backlog_store(struct mddev *mddev, const char *buf, size_t len)
if (!has_write_mostly) {
pr_warn_ratelimited("%s: can't set backlog, no write mostly device available\n",
mdname(mddev));
+ mddev_unlock(mddev);
return -EINVAL;
}
@@ -2518,6 +2523,8 @@ backlog_store(struct mddev *mddev, const char *buf, size_t len)
}
if (old_mwb != backlog)
md_bitmap_update_sb(mddev->bitmap);
+
+ mddev_unlock(mddev);
return len;
}
--
2.40.1
^ permalink raw reply related [flat|nested] 396+ messages in thread
* [PATCH 5.4 113/367] drm/tegra: Remove superfluous error messages around platform_get_irq()
2023-09-20 11:26 [PATCH 5.4 000/367] 5.4.257-rc1 review Greg Kroah-Hartman
` (111 preceding siblings ...)
2023-09-20 11:28 ` [PATCH 5.4 112/367] md/md-bitmap: hold reconfig_mutex in backlog_store() Greg Kroah-Hartman
@ 2023-09-20 11:28 ` Greg Kroah-Hartman
2023-09-20 11:28 ` [PATCH 5.4 114/367] drm/tegra: dpaux: Fix incorrect return value of platform_get_irq Greg Kroah-Hartman
` (259 subsequent siblings)
372 siblings, 0 replies; 396+ messages in thread
From: Greg Kroah-Hartman @ 2023-09-20 11:28 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Tan Zhongjun, Thierry Reding, Sasha Levin
5.4-stable review patch. If anyone has any objections, please let me know.
------------------
From: Tan Zhongjun <tanzhongjun@yulong.com>
[ Upstream commit d12919bb5da571ec50588ef97683d37e36dc2de5 ]
The platform_get_irq() prints error message telling that interrupt is
missing,hence there is no need to duplicated that message in the
drivers.
Signed-off-by: Tan Zhongjun <tanzhongjun@yulong.com>
Signed-off-by: Thierry Reding <treding@nvidia.com>
Stable-dep-of: 2a1ca44b6543 ("drm/tegra: dpaux: Fix incorrect return value of platform_get_irq")
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/gpu/drm/tegra/dpaux.c | 4 +---
1 file changed, 1 insertion(+), 3 deletions(-)
diff --git a/drivers/gpu/drm/tegra/dpaux.c b/drivers/gpu/drm/tegra/dpaux.c
index a0f6f9b0d2585..304434bf10814 100644
--- a/drivers/gpu/drm/tegra/dpaux.c
+++ b/drivers/gpu/drm/tegra/dpaux.c
@@ -447,10 +447,8 @@ static int tegra_dpaux_probe(struct platform_device *pdev)
return PTR_ERR(dpaux->regs);
dpaux->irq = platform_get_irq(pdev, 0);
- if (dpaux->irq < 0) {
- dev_err(&pdev->dev, "failed to get IRQ\n");
+ if (dpaux->irq < 0)
return -ENXIO;
- }
if (!pdev->dev.pm_domain) {
dpaux->rst = devm_reset_control_get(&pdev->dev, "dpaux");
--
2.40.1
^ permalink raw reply related [flat|nested] 396+ messages in thread
* [PATCH 5.4 114/367] drm/tegra: dpaux: Fix incorrect return value of platform_get_irq
2023-09-20 11:26 [PATCH 5.4 000/367] 5.4.257-rc1 review Greg Kroah-Hartman
` (112 preceding siblings ...)
2023-09-20 11:28 ` [PATCH 5.4 113/367] drm/tegra: Remove superfluous error messages around platform_get_irq() Greg Kroah-Hartman
@ 2023-09-20 11:28 ` Greg Kroah-Hartman
2023-09-20 11:28 ` [PATCH 5.4 115/367] of: unittest: fix null pointer dereferencing in of_unittest_find_node_by_name() Greg Kroah-Hartman
` (258 subsequent siblings)
372 siblings, 0 replies; 396+ messages in thread
From: Greg Kroah-Hartman @ 2023-09-20 11:28 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Yangtao Li, Thierry Reding, Sasha Levin
5.4-stable review patch. If anyone has any objections, please let me know.
------------------
From: Yangtao Li <frank.li@vivo.com>
[ Upstream commit 2a1ca44b654346cadfc538c4fb32eecd8daf3140 ]
When platform_get_irq fails, we should return dpaux->irq
instead of -ENXIO.
Fixes: 6b6b604215c6 ("drm/tegra: Add eDP support")
Signed-off-by: Yangtao Li <frank.li@vivo.com>
Signed-off-by: Thierry Reding <treding@nvidia.com>
Link: https://patchwork.freedesktop.org/patch/msgid/20230710032355.72914-13-frank.li@vivo.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/gpu/drm/tegra/dpaux.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/gpu/drm/tegra/dpaux.c b/drivers/gpu/drm/tegra/dpaux.c
index 304434bf10814..a84d19087d094 100644
--- a/drivers/gpu/drm/tegra/dpaux.c
+++ b/drivers/gpu/drm/tegra/dpaux.c
@@ -448,7 +448,7 @@ static int tegra_dpaux_probe(struct platform_device *pdev)
dpaux->irq = platform_get_irq(pdev, 0);
if (dpaux->irq < 0)
- return -ENXIO;
+ return dpaux->irq;
if (!pdev->dev.pm_domain) {
dpaux->rst = devm_reset_control_get(&pdev->dev, "dpaux");
--
2.40.1
^ permalink raw reply related [flat|nested] 396+ messages in thread
* [PATCH 5.4 115/367] of: unittest: fix null pointer dereferencing in of_unittest_find_node_by_name()
2023-09-20 11:26 [PATCH 5.4 000/367] 5.4.257-rc1 review Greg Kroah-Hartman
` (113 preceding siblings ...)
2023-09-20 11:28 ` [PATCH 5.4 114/367] drm/tegra: dpaux: Fix incorrect return value of platform_get_irq Greg Kroah-Hartman
@ 2023-09-20 11:28 ` Greg Kroah-Hartman
2023-09-20 11:28 ` [PATCH 5.4 116/367] drm/armada: Fix off-by-one error in armada_overlay_get_property() Greg Kroah-Hartman
` (257 subsequent siblings)
372 siblings, 0 replies; 396+ messages in thread
From: Greg Kroah-Hartman @ 2023-09-20 11:28 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Ruan Jinjie, Rob Herring, Sasha Levin
5.4-stable review patch. If anyone has any objections, please let me know.
------------------
From: Ruan Jinjie <ruanjinjie@huawei.com>
[ Upstream commit d6ce4f0ea19c32f10867ed93d8386924326ab474 ]
when kmalloc() fail to allocate memory in kasprintf(), name
or full_name will be NULL, strcmp() will cause
null pointer dereference.
Fixes: 0d638a07d3a1 ("of: Convert to using %pOF instead of full_name")
Signed-off-by: Ruan Jinjie <ruanjinjie@huawei.com>
Link: https://lore.kernel.org/r/20230727080246.519539-1-ruanjinjie@huawei.com
Signed-off-by: Rob Herring <robh@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/of/unittest.c | 10 ++++++----
1 file changed, 6 insertions(+), 4 deletions(-)
diff --git a/drivers/of/unittest.c b/drivers/of/unittest.c
index 5707c309a7545..ef3c2112046fc 100644
--- a/drivers/of/unittest.c
+++ b/drivers/of/unittest.c
@@ -52,7 +52,7 @@ static void __init of_unittest_find_node_by_name(void)
np = of_find_node_by_path("/testcase-data");
name = kasprintf(GFP_KERNEL, "%pOF", np);
- unittest(np && !strcmp("/testcase-data", name),
+ unittest(np && name && !strcmp("/testcase-data", name),
"find /testcase-data failed\n");
of_node_put(np);
kfree(name);
@@ -63,14 +63,14 @@ static void __init of_unittest_find_node_by_name(void)
np = of_find_node_by_path("/testcase-data/phandle-tests/consumer-a");
name = kasprintf(GFP_KERNEL, "%pOF", np);
- unittest(np && !strcmp("/testcase-data/phandle-tests/consumer-a", name),
+ unittest(np && name && !strcmp("/testcase-data/phandle-tests/consumer-a", name),
"find /testcase-data/phandle-tests/consumer-a failed\n");
of_node_put(np);
kfree(name);
np = of_find_node_by_path("testcase-alias");
name = kasprintf(GFP_KERNEL, "%pOF", np);
- unittest(np && !strcmp("/testcase-data", name),
+ unittest(np && name && !strcmp("/testcase-data", name),
"find testcase-alias failed\n");
of_node_put(np);
kfree(name);
@@ -81,7 +81,7 @@ static void __init of_unittest_find_node_by_name(void)
np = of_find_node_by_path("testcase-alias/phandle-tests/consumer-a");
name = kasprintf(GFP_KERNEL, "%pOF", np);
- unittest(np && !strcmp("/testcase-data/phandle-tests/consumer-a", name),
+ unittest(np && name && !strcmp("/testcase-data/phandle-tests/consumer-a", name),
"find testcase-alias/phandle-tests/consumer-a failed\n");
of_node_put(np);
kfree(name);
@@ -1151,6 +1151,8 @@ static void attach_node_and_children(struct device_node *np)
const char *full_name;
full_name = kasprintf(GFP_KERNEL, "%pOF", np);
+ if (!full_name)
+ return;
if (!strcmp(full_name, "/__local_fixups__") ||
!strcmp(full_name, "/__fixups__")) {
--
2.40.1
^ permalink raw reply related [flat|nested] 396+ messages in thread
* [PATCH 5.4 116/367] drm/armada: Fix off-by-one error in armada_overlay_get_property()
2023-09-20 11:26 [PATCH 5.4 000/367] 5.4.257-rc1 review Greg Kroah-Hartman
` (114 preceding siblings ...)
2023-09-20 11:28 ` [PATCH 5.4 115/367] of: unittest: fix null pointer dereferencing in of_unittest_find_node_by_name() Greg Kroah-Hartman
@ 2023-09-20 11:28 ` Greg Kroah-Hartman
2023-09-20 11:28 ` [PATCH 5.4 117/367] drm/panel: simple: Add missing connector type and pixel format for AUO T215HVN01 Greg Kroah-Hartman
` (256 subsequent siblings)
372 siblings, 0 replies; 396+ messages in thread
From: Greg Kroah-Hartman @ 2023-09-20 11:28 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Geert Uytterhoeven,
Russell King (Oracle),
Javier Martinez Canillas, Sasha Levin
5.4-stable review patch. If anyone has any objections, please let me know.
------------------
From: Geert Uytterhoeven <geert+renesas@glider.be>
[ Upstream commit 5f0d984053f74983a287100a9519b2fabb785fb5 ]
As ffs() returns one more than the index of the first bit set (zero
means no bits set), the color key mode value is shifted one position too
much.
Fix this by using FIELD_GET() instead.
Fixes: c96103b6c49ff9a8 ("drm/armada: move colorkey properties into overlay plane state")
Signed-off-by: Geert Uytterhoeven <geert+renesas@glider.be>
Reviewed-by: Russell King (Oracle) <rmk+kernel@armlinux.org.uk>
Signed-off-by: Javier Martinez Canillas <javierm@redhat.com>
Link: https://patchwork.freedesktop.org/patch/msgid/a4d779d954a7515ddbbf31cb0f0d8184c0e7c879.1689600265.git.geert+renesas@glider.be
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/gpu/drm/armada/armada_overlay.c | 6 ++++--
1 file changed, 4 insertions(+), 2 deletions(-)
diff --git a/drivers/gpu/drm/armada/armada_overlay.c b/drivers/gpu/drm/armada/armada_overlay.c
index 07f0da4d9ba19..8e7c5ce71608f 100644
--- a/drivers/gpu/drm/armada/armada_overlay.c
+++ b/drivers/gpu/drm/armada/armada_overlay.c
@@ -4,6 +4,8 @@
* Rewritten from the dovefb driver, and Armada510 manuals.
*/
+#include <linux/bitfield.h>
+
#include <drm/armada_drm.h>
#include <drm/drm_atomic.h>
#include <drm/drm_atomic_helper.h>
@@ -446,8 +448,8 @@ static int armada_overlay_get_property(struct drm_plane *plane,
drm_to_overlay_state(state)->colorkey_ug,
drm_to_overlay_state(state)->colorkey_vb, 0);
} else if (property == priv->colorkey_mode_prop) {
- *val = (drm_to_overlay_state(state)->colorkey_mode &
- CFG_CKMODE_MASK) >> ffs(CFG_CKMODE_MASK);
+ *val = FIELD_GET(CFG_CKMODE_MASK,
+ drm_to_overlay_state(state)->colorkey_mode);
} else if (property == priv->brightness_prop) {
*val = drm_to_overlay_state(state)->brightness + 256;
} else if (property == priv->contrast_prop) {
--
2.40.1
^ permalink raw reply related [flat|nested] 396+ messages in thread
* [PATCH 5.4 117/367] drm/panel: simple: Add missing connector type and pixel format for AUO T215HVN01
2023-09-20 11:26 [PATCH 5.4 000/367] 5.4.257-rc1 review Greg Kroah-Hartman
` (115 preceding siblings ...)
2023-09-20 11:28 ` [PATCH 5.4 116/367] drm/armada: Fix off-by-one error in armada_overlay_get_property() Greg Kroah-Hartman
@ 2023-09-20 11:28 ` Greg Kroah-Hartman
2023-09-20 11:28 ` [PATCH 5.4 118/367] ima: Remove deprecated IMA_TRUSTED_KEYRING Kconfig Greg Kroah-Hartman
` (255 subsequent siblings)
372 siblings, 0 replies; 396+ messages in thread
From: Greg Kroah-Hartman @ 2023-09-20 11:28 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Marek Vasut, Sam Ravnborg, Sasha Levin
5.4-stable review patch. If anyone has any objections, please let me know.
------------------
From: Marek Vasut <marex@denx.de>
[ Upstream commit 7a675a8fa598edb29a664a91adb80f0340649f6f ]
The connector type and pixel format are missing for this panel,
add them to prevent various drivers from failing to determine
either of those parameters.
Fixes: 7ee933a1d5c4 ("drm/panel: simple: Add support for AUO T215HVN01")
Signed-off-by: Marek Vasut <marex@denx.de>
Reviewed-by: Sam Ravnborg <sam@ravnborg.org>
Link: https://patchwork.freedesktop.org/patch/msgid/20230709134914.449328-1-marex@denx.de
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/gpu/drm/panel/panel-simple.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/drivers/gpu/drm/panel/panel-simple.c b/drivers/gpu/drm/panel/panel-simple.c
index a87b79c8d76f7..63d17607ef89c 100644
--- a/drivers/gpu/drm/panel/panel-simple.c
+++ b/drivers/gpu/drm/panel/panel-simple.c
@@ -919,7 +919,9 @@ static const struct panel_desc auo_t215hvn01 = {
.delay = {
.disable = 5,
.unprepare = 1000,
- }
+ },
+ .bus_format = MEDIA_BUS_FMT_RGB888_1X7X4_SPWG,
+ .connector_type = DRM_MODE_CONNECTOR_LVDS,
};
static const struct drm_display_mode avic_tm070ddh03_mode = {
--
2.40.1
^ permalink raw reply related [flat|nested] 396+ messages in thread
* [PATCH 5.4 118/367] ima: Remove deprecated IMA_TRUSTED_KEYRING Kconfig
2023-09-20 11:26 [PATCH 5.4 000/367] 5.4.257-rc1 review Greg Kroah-Hartman
` (116 preceding siblings ...)
2023-09-20 11:28 ` [PATCH 5.4 117/367] drm/panel: simple: Add missing connector type and pixel format for AUO T215HVN01 Greg Kroah-Hartman
@ 2023-09-20 11:28 ` Greg Kroah-Hartman
2023-09-26 20:10 ` Mimi Zohar
2023-09-20 11:28 ` [PATCH 5.4 119/367] drm/msm/mdp5: Dont leak some plane state Greg Kroah-Hartman
` (254 subsequent siblings)
372 siblings, 1 reply; 396+ messages in thread
From: Greg Kroah-Hartman @ 2023-09-20 11:28 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Nayna Jain, Mimi Zohar, Sasha Levin
5.4-stable review patch. If anyone has any objections, please let me know.
------------------
From: Nayna Jain <nayna@linux.ibm.com>
[ Upstream commit 5087fd9e80e539d2163accd045b73da64de7de95 ]
Time to remove "IMA_TRUSTED_KEYRING".
Fixes: f4dc37785e9b ("integrity: define '.evm' as a builtin 'trusted' keyring") # v4.5+
Signed-off-by: Nayna Jain <nayna@linux.ibm.com>
Signed-off-by: Mimi Zohar <zohar@linux.ibm.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
security/integrity/ima/Kconfig | 12 ------------
1 file changed, 12 deletions(-)
diff --git a/security/integrity/ima/Kconfig b/security/integrity/ima/Kconfig
index d90ead61f0def..c97ce6265fc6b 100644
--- a/security/integrity/ima/Kconfig
+++ b/security/integrity/ima/Kconfig
@@ -243,18 +243,6 @@ config IMA_APPRAISE_MODSIG
The modsig keyword can be used in the IMA policy to allow a hook
to accept such signatures.
-config IMA_TRUSTED_KEYRING
- bool "Require all keys on the .ima keyring be signed (deprecated)"
- depends on IMA_APPRAISE && SYSTEM_TRUSTED_KEYRING
- depends on INTEGRITY_ASYMMETRIC_KEYS
- select INTEGRITY_TRUSTED_KEYRING
- default y
- help
- This option requires that all keys added to the .ima
- keyring be signed by a key on the system trusted keyring.
-
- This option is deprecated in favor of INTEGRITY_TRUSTED_KEYRING
-
config IMA_KEYRINGS_PERMIT_SIGNED_BY_BUILTIN_OR_SECONDARY
bool "Permit keys validly signed by a built-in or secondary CA cert (EXPERIMENTAL)"
depends on SYSTEM_TRUSTED_KEYRING
--
2.40.1
^ permalink raw reply related [flat|nested] 396+ messages in thread
* [PATCH 5.4 119/367] drm/msm/mdp5: Dont leak some plane state
2023-09-20 11:26 [PATCH 5.4 000/367] 5.4.257-rc1 review Greg Kroah-Hartman
` (117 preceding siblings ...)
2023-09-20 11:28 ` [PATCH 5.4 118/367] ima: Remove deprecated IMA_TRUSTED_KEYRING Kconfig Greg Kroah-Hartman
@ 2023-09-20 11:28 ` Greg Kroah-Hartman
2023-09-20 11:28 ` [PATCH 5.4 120/367] smackfs: Prevent underflow in smk_set_cipso() Greg Kroah-Hartman
` (253 subsequent siblings)
372 siblings, 0 replies; 396+ messages in thread
From: Greg Kroah-Hartman @ 2023-09-20 11:28 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Maarten Lankhorst, Daniel Vetter,
Rob Clark, Abhinav Kumar, Dmitry Baryshkov, linux-arm-msm,
freedreno, dorum, Daniel Vetter, Sasha Levin
5.4-stable review patch. If anyone has any objections, please let me know.
------------------
From: Daniel Vetter <daniel.vetter@ffwll.ch>
[ Upstream commit fd0ad3b2365c1c58aa5a761c18efc4817193beb6 ]
Apparently no one noticed that mdp5 plane states leak like a sieve
ever since we introduced plane_state->commit refcount a few years ago
in 21a01abbe32a ("drm/atomic: Fix freeing connector/plane state too
early by tracking commits, v3.")
Fix it by using the right helpers.
Fixes: 21a01abbe32a ("drm/atomic: Fix freeing connector/plane state too early by tracking commits, v3.")
Cc: Maarten Lankhorst <maarten.lankhorst@linux.intel.com>
Cc: Daniel Vetter <daniel.vetter@ffwll.ch>
Cc: Rob Clark <robdclark@gmail.com>
Cc: Abhinav Kumar <quic_abhinavk@quicinc.com>
Cc: Dmitry Baryshkov <dmitry.baryshkov@linaro.org>
Cc: linux-arm-msm@vger.kernel.org
Cc: freedreno@lists.freedesktop.org
Reported-and-tested-by: dorum@noisolation.com
Cc: dorum@noisolation.com
Signed-off-by: Daniel Vetter <daniel.vetter@intel.com>
Reviewed-by: Rob Clark <robdclark@gmail.com>
Reviewed-by: Dmitry Baryshkov <dmitry.baryshkov@linaro.org>
Reviewed-by: Abhinav Kumar <quic_abhinavk@quicinc.com>
Patchwork: https://patchwork.freedesktop.org/patch/551236/
Link: https://lore.kernel.org/r/20230803204521.928582-1-daniel.vetter@ffwll.ch
Signed-off-by: Dmitry Baryshkov <dmitry.baryshkov@linaro.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/gpu/drm/msm/disp/mdp5/mdp5_plane.c | 3 +--
1 file changed, 1 insertion(+), 2 deletions(-)
diff --git a/drivers/gpu/drm/msm/disp/mdp5/mdp5_plane.c b/drivers/gpu/drm/msm/disp/mdp5/mdp5_plane.c
index 0dc23c86747e8..e1c1b4ad5ed04 100644
--- a/drivers/gpu/drm/msm/disp/mdp5/mdp5_plane.c
+++ b/drivers/gpu/drm/msm/disp/mdp5/mdp5_plane.c
@@ -221,8 +221,7 @@ static void mdp5_plane_destroy_state(struct drm_plane *plane,
{
struct mdp5_plane_state *pstate = to_mdp5_plane_state(state);
- if (state->fb)
- drm_framebuffer_put(state->fb);
+ __drm_atomic_helper_plane_destroy_state(state);
kfree(pstate);
}
--
2.40.1
^ permalink raw reply related [flat|nested] 396+ messages in thread
* [PATCH 5.4 120/367] smackfs: Prevent underflow in smk_set_cipso()
2023-09-20 11:26 [PATCH 5.4 000/367] 5.4.257-rc1 review Greg Kroah-Hartman
` (118 preceding siblings ...)
2023-09-20 11:28 ` [PATCH 5.4 119/367] drm/msm/mdp5: Dont leak some plane state Greg Kroah-Hartman
@ 2023-09-20 11:28 ` Greg Kroah-Hartman
2023-09-20 11:28 ` [PATCH 5.4 121/367] audit: fix possible soft lockup in __audit_inode_child() Greg Kroah-Hartman
` (252 subsequent siblings)
372 siblings, 0 replies; 396+ messages in thread
From: Greg Kroah-Hartman @ 2023-09-20 11:28 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Dan Carpenter, Casey Schaufler, Sasha Levin
5.4-stable review patch. If anyone has any objections, please let me know.
------------------
From: Dan Carpenter <dan.carpenter@linaro.org>
[ Upstream commit 3ad49d37cf5759c3b8b68d02e3563f633d9c1aee ]
There is a upper bound to "catlen" but no lower bound to prevent
negatives. I don't see that this necessarily causes a problem but we
may as well be safe.
Fixes: e114e473771c ("Smack: Simplified Mandatory Access Control Kernel")
Signed-off-by: Dan Carpenter <dan.carpenter@linaro.org>
Signed-off-by: Casey Schaufler <casey@schaufler-ca.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
security/smack/smackfs.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/security/smack/smackfs.c b/security/smack/smackfs.c
index 6b6fec04c412b..a71975ea88a94 100644
--- a/security/smack/smackfs.c
+++ b/security/smack/smackfs.c
@@ -895,7 +895,7 @@ static ssize_t smk_set_cipso(struct file *file, const char __user *buf,
}
ret = sscanf(rule, "%d", &catlen);
- if (ret != 1 || catlen > SMACK_CIPSO_MAXCATNUM)
+ if (ret != 1 || catlen < 0 || catlen > SMACK_CIPSO_MAXCATNUM)
goto out;
if (format == SMK_FIXED24_FMT &&
--
2.40.1
^ permalink raw reply related [flat|nested] 396+ messages in thread
* [PATCH 5.4 121/367] audit: fix possible soft lockup in __audit_inode_child()
2023-09-20 11:26 [PATCH 5.4 000/367] 5.4.257-rc1 review Greg Kroah-Hartman
` (119 preceding siblings ...)
2023-09-20 11:28 ` [PATCH 5.4 120/367] smackfs: Prevent underflow in smk_set_cipso() Greg Kroah-Hartman
@ 2023-09-20 11:28 ` Greg Kroah-Hartman
2023-09-20 11:28 ` [PATCH 5.4 122/367] drm/mediatek: Fix potential memory leak if vmap() fail Greg Kroah-Hartman
` (251 subsequent siblings)
372 siblings, 0 replies; 396+ messages in thread
From: Greg Kroah-Hartman @ 2023-09-20 11:28 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Gaosheng Cui, Paul Moore, Sasha Levin
5.4-stable review patch. If anyone has any objections, please let me know.
------------------
From: Gaosheng Cui <cuigaosheng1@huawei.com>
[ Upstream commit b59bc6e37237e37eadf50cd5de369e913f524463 ]
Tracefs or debugfs maybe cause hundreds to thousands of PATH records,
too many PATH records maybe cause soft lockup.
For example:
1. CONFIG_KASAN=y && CONFIG_PREEMPTION=n
2. auditctl -a exit,always -S open -k key
3. sysctl -w kernel.watchdog_thresh=5
4. mkdir /sys/kernel/debug/tracing/instances/test
There may be a soft lockup as follows:
watchdog: BUG: soft lockup - CPU#45 stuck for 7s! [mkdir:15498]
Kernel panic - not syncing: softlockup: hung tasks
Call trace:
dump_backtrace+0x0/0x30c
show_stack+0x20/0x30
dump_stack+0x11c/0x174
panic+0x27c/0x494
watchdog_timer_fn+0x2bc/0x390
__run_hrtimer+0x148/0x4fc
__hrtimer_run_queues+0x154/0x210
hrtimer_interrupt+0x2c4/0x760
arch_timer_handler_phys+0x48/0x60
handle_percpu_devid_irq+0xe0/0x340
__handle_domain_irq+0xbc/0x130
gic_handle_irq+0x78/0x460
el1_irq+0xb8/0x140
__audit_inode_child+0x240/0x7bc
tracefs_create_file+0x1b8/0x2a0
trace_create_file+0x18/0x50
event_create_dir+0x204/0x30c
__trace_add_new_event+0xac/0x100
event_trace_add_tracer+0xa0/0x130
trace_array_create_dir+0x60/0x140
trace_array_create+0x1e0/0x370
instance_mkdir+0x90/0xd0
tracefs_syscall_mkdir+0x68/0xa0
vfs_mkdir+0x21c/0x34c
do_mkdirat+0x1b4/0x1d4
__arm64_sys_mkdirat+0x4c/0x60
el0_svc_common.constprop.0+0xa8/0x240
do_el0_svc+0x8c/0xc0
el0_svc+0x20/0x30
el0_sync_handler+0xb0/0xb4
el0_sync+0x160/0x180
Therefore, we add cond_resched() to __audit_inode_child() to fix it.
Fixes: 5195d8e217a7 ("audit: dynamically allocate audit_names when not enough space is in the names array")
Signed-off-by: Gaosheng Cui <cuigaosheng1@huawei.com>
Signed-off-by: Paul Moore <paul@paul-moore.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
kernel/auditsc.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/kernel/auditsc.c b/kernel/auditsc.c
index e8e90c0c49367..fc4223f30e847 100644
--- a/kernel/auditsc.c
+++ b/kernel/auditsc.c
@@ -2161,6 +2161,8 @@ void __audit_inode_child(struct inode *parent,
}
}
+ cond_resched();
+
/* is there a matching child entry? */
list_for_each_entry(n, &context->names_list, list) {
/* can only match entries that have a name */
--
2.40.1
^ permalink raw reply related [flat|nested] 396+ messages in thread
* [PATCH 5.4 122/367] drm/mediatek: Fix potential memory leak if vmap() fail
2023-09-20 11:26 [PATCH 5.4 000/367] 5.4.257-rc1 review Greg Kroah-Hartman
` (120 preceding siblings ...)
2023-09-20 11:28 ` [PATCH 5.4 121/367] audit: fix possible soft lockup in __audit_inode_child() Greg Kroah-Hartman
@ 2023-09-20 11:28 ` Greg Kroah-Hartman
2023-09-20 11:28 ` [PATCH 5.4 123/367] of: unittest: Fix overlay type in apply/revert check Greg Kroah-Hartman
` (250 subsequent siblings)
372 siblings, 0 replies; 396+ messages in thread
From: Greg Kroah-Hartman @ 2023-09-20 11:28 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Matthias Brugger, Alexandre Mergnat,
Sui Jingfeng, CK Hu, AngeloGioacchino Del Regno, Chun-Kuang Hu,
Sasha Levin
5.4-stable review patch. If anyone has any objections, please let me know.
------------------
From: Sui Jingfeng <suijingfeng@loongson.cn>
[ Upstream commit 379091e0f6d179d1a084c65de90fa44583b14a70 ]
Also return -ENOMEM if such a failure happens, the implement should take
responsibility for the error handling.
Fixes: 3df64d7b0a4f ("drm/mediatek: Implement gem prime vmap/vunmap function")
Reviewed-by: Matthias Brugger <matthias.bgg@gmail.com>
Reviewed-by: Alexandre Mergnat <amergnat@baylibre.com>
Signed-off-by: Sui Jingfeng <suijingfeng@loongson.cn>
Reviewed-by: CK Hu <ck.hu@mediatek.com>
Reviewed-by: AngeloGioacchino Del Regno <angelogioacchino.delregno@collabora.com>
Link: https://patchwork.kernel.org/project/dri-devel/patch/20230706134000.130098-1-suijingfeng@loongson.cn/
Signed-off-by: Chun-Kuang Hu <chunkuang.hu@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/gpu/drm/mediatek/mtk_drm_gem.c | 6 +++++-
1 file changed, 5 insertions(+), 1 deletion(-)
diff --git a/drivers/gpu/drm/mediatek/mtk_drm_gem.c b/drivers/gpu/drm/mediatek/mtk_drm_gem.c
index 2fa432287d690..e51394982efb6 100644
--- a/drivers/gpu/drm/mediatek/mtk_drm_gem.c
+++ b/drivers/gpu/drm/mediatek/mtk_drm_gem.c
@@ -267,7 +267,11 @@ void *mtk_drm_gem_prime_vmap(struct drm_gem_object *obj)
}
mtk_gem->kvaddr = vmap(mtk_gem->pages, npages, VM_MAP,
pgprot_writecombine(PAGE_KERNEL));
-
+ if (!mtk_gem->kvaddr) {
+ kfree(sgt);
+ kfree(mtk_gem->pages);
+ return -ENOMEM;
+ }
out:
kfree(sgt);
--
2.40.1
^ permalink raw reply related [flat|nested] 396+ messages in thread
* [PATCH 5.4 123/367] of: unittest: Fix overlay type in apply/revert check
2023-09-20 11:26 [PATCH 5.4 000/367] 5.4.257-rc1 review Greg Kroah-Hartman
` (121 preceding siblings ...)
2023-09-20 11:28 ` [PATCH 5.4 122/367] drm/mediatek: Fix potential memory leak if vmap() fail Greg Kroah-Hartman
@ 2023-09-20 11:28 ` Greg Kroah-Hartman
2023-09-20 11:28 ` [PATCH 5.4 124/367] ALSA: ac97: Fix possible error value of *rac97 Greg Kroah-Hartman
` (249 subsequent siblings)
372 siblings, 0 replies; 396+ messages in thread
From: Greg Kroah-Hartman @ 2023-09-20 11:28 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Geert Uytterhoeven, Rob Herring,
Sasha Levin
5.4-stable review patch. If anyone has any objections, please let me know.
------------------
From: Geert Uytterhoeven <geert+renesas@glider.be>
[ Upstream commit 6becf8f845ae1f0b1cfed395bbeccbd23654162d ]
The removal check in of_unittest_apply_revert_overlay_check()
always uses the platform device overlay type, while it should use the
actual overlay type, as passed as a parameter to the function.
This has no impact on any current test, as all tests calling
of_unittest_apply_revert_overlay_check() use the platform device overlay
type.
Fixes: d5e75500ca401d31 ("of: unitest: Add I2C overlay unit tests.")
Signed-off-by: Geert Uytterhoeven <geert+renesas@glider.be>
Link: https://lore.kernel.org/r/ba0234c41ba808f10112094f88792beeb6dbaedf.1690533838.git.geert+renesas@glider.be
Signed-off-by: Rob Herring <robh@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/of/unittest.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/of/unittest.c b/drivers/of/unittest.c
index ef3c2112046fc..42acbb3668b2c 100644
--- a/drivers/of/unittest.c
+++ b/drivers/of/unittest.c
@@ -1582,7 +1582,7 @@ static int __init of_unittest_apply_revert_overlay_check(int overlay_nr,
}
/* unittest device must be again in before state */
- if (of_unittest_device_exists(unittest_nr, PDEV_OVERLAY) != before) {
+ if (of_unittest_device_exists(unittest_nr, ovtype) != before) {
unittest(0, "%s with device @\"%s\" %s\n",
overlay_name_from_nr(overlay_nr),
unittest_path(unittest_nr, ovtype),
--
2.40.1
^ permalink raw reply related [flat|nested] 396+ messages in thread
* [PATCH 5.4 124/367] ALSA: ac97: Fix possible error value of *rac97
2023-09-20 11:26 [PATCH 5.4 000/367] 5.4.257-rc1 review Greg Kroah-Hartman
` (122 preceding siblings ...)
2023-09-20 11:28 ` [PATCH 5.4 123/367] of: unittest: Fix overlay type in apply/revert check Greg Kroah-Hartman
@ 2023-09-20 11:28 ` Greg Kroah-Hartman
2023-09-20 11:28 ` [PATCH 5.4 125/367] ipmi:ssif: Add check for kstrdup Greg Kroah-Hartman
` (248 subsequent siblings)
372 siblings, 0 replies; 396+ messages in thread
From: Greg Kroah-Hartman @ 2023-09-20 11:28 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Christophe JAILLET, Su Hui,
Takashi Iwai, Sasha Levin
5.4-stable review patch. If anyone has any objections, please let me know.
------------------
From: Su Hui <suhui@nfschina.com>
[ Upstream commit 67de40c9df94037769967ba28c7d951afb45b7fb ]
Before committing 79597c8bf64c, *rac97 always be NULL if there is
an error. When error happens, make sure *rac97 is NULL is safer.
For examble, in snd_vortex_mixer():
err = snd_ac97_mixer(pbus, &ac97, &vortex->codec);
vortex->isquad = ((vortex->codec == NULL) ?
0 : (vortex->codec->ext_id&0x80));
If error happened but vortex->codec isn't NULL, this may cause some
problems.
Move the judgement order to be clearer and better.
Fixes: 79597c8bf64c ("ALSA: ac97: Fix possible NULL dereference in snd_ac97_mixer")
Suggested-by: Christophe JAILLET <christophe.jaillet@wanadoo.fr>
Acked-by: Christophe JAILLET <christophe.jaillet@wanadoo.fr>
Signed-off-by: Su Hui <suhui@nfschina.com>
Link: https://lore.kernel.org/r/20230823025212.1000961-1-suhui@nfschina.com
Signed-off-by: Takashi Iwai <tiwai@suse.de>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
sound/pci/ac97/ac97_codec.c | 5 ++---
1 file changed, 2 insertions(+), 3 deletions(-)
diff --git a/sound/pci/ac97/ac97_codec.c b/sound/pci/ac97/ac97_codec.c
index b920c739d6863..418a7a666cf4e 100644
--- a/sound/pci/ac97/ac97_codec.c
+++ b/sound/pci/ac97/ac97_codec.c
@@ -2006,10 +2006,9 @@ int snd_ac97_mixer(struct snd_ac97_bus *bus, struct snd_ac97_template *template,
.dev_disconnect = snd_ac97_dev_disconnect,
};
- if (!rac97)
- return -EINVAL;
- if (snd_BUG_ON(!bus || !template))
+ if (snd_BUG_ON(!bus || !template || !rac97))
return -EINVAL;
+ *rac97 = NULL;
if (snd_BUG_ON(template->num >= 4))
return -EINVAL;
if (bus->codec[template->num])
--
2.40.1
^ permalink raw reply related [flat|nested] 396+ messages in thread
* [PATCH 5.4 125/367] ipmi:ssif: Add check for kstrdup
2023-09-20 11:26 [PATCH 5.4 000/367] 5.4.257-rc1 review Greg Kroah-Hartman
` (123 preceding siblings ...)
2023-09-20 11:28 ` [PATCH 5.4 124/367] ALSA: ac97: Fix possible error value of *rac97 Greg Kroah-Hartman
@ 2023-09-20 11:28 ` Greg Kroah-Hartman
2023-09-20 11:28 ` [PATCH 5.4 126/367] ipmi:ssif: Fix a memory leak when scanning for an adapter Greg Kroah-Hartman
` (247 subsequent siblings)
372 siblings, 0 replies; 396+ messages in thread
From: Greg Kroah-Hartman @ 2023-09-20 11:28 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Jiasheng Jiang, Corey Minyard, Sasha Levin
5.4-stable review patch. If anyone has any objections, please let me know.
------------------
From: Jiasheng Jiang <jiasheng@iscas.ac.cn>
[ Upstream commit c5586d0f711e9744d0cade39b0c4a2d116a333ca ]
Add check for the return value of kstrdup() and return the error
if it fails in order to avoid NULL pointer dereference.
Fixes: c4436c9149c5 ("ipmi_ssif: avoid registering duplicate ssif interface")
Signed-off-by: Jiasheng Jiang <jiasheng@iscas.ac.cn>
Message-Id: <20230619092802.35384-1-jiasheng@iscas.ac.cn>
Signed-off-by: Corey Minyard <minyard@acm.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/char/ipmi/ipmi_ssif.c | 5 +++++
1 file changed, 5 insertions(+)
diff --git a/drivers/char/ipmi/ipmi_ssif.c b/drivers/char/ipmi/ipmi_ssif.c
index 2907b0bca1af0..0061f2207f318 100644
--- a/drivers/char/ipmi/ipmi_ssif.c
+++ b/drivers/char/ipmi/ipmi_ssif.c
@@ -1609,6 +1609,11 @@ static int ssif_add_infos(struct i2c_client *client)
info->addr_src = SI_ACPI;
info->client = client;
info->adapter_name = kstrdup(client->adapter->name, GFP_KERNEL);
+ if (!info->adapter_name) {
+ kfree(info);
+ return -ENOMEM;
+ }
+
info->binfo.addr = client->addr;
list_add_tail(&info->link, &ssif_infos);
return 0;
--
2.40.1
^ permalink raw reply related [flat|nested] 396+ messages in thread
* [PATCH 5.4 126/367] ipmi:ssif: Fix a memory leak when scanning for an adapter
2023-09-20 11:26 [PATCH 5.4 000/367] 5.4.257-rc1 review Greg Kroah-Hartman
` (124 preceding siblings ...)
2023-09-20 11:28 ` [PATCH 5.4 125/367] ipmi:ssif: Add check for kstrdup Greg Kroah-Hartman
@ 2023-09-20 11:28 ` Greg Kroah-Hartman
2023-09-20 11:28 ` [PATCH 5.4 127/367] drivers: clk: keystone: Fix parameter judgment in _of_pll_clk_init() Greg Kroah-Hartman
` (246 subsequent siblings)
372 siblings, 0 replies; 396+ messages in thread
From: Greg Kroah-Hartman @ 2023-09-20 11:28 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Corey Minyard, Sasha Levin
5.4-stable review patch. If anyone has any objections, please let me know.
------------------
From: Corey Minyard <minyard@acm.org>
[ Upstream commit b8d72e32e1453d37ee5c8a219f24e7eeadc471ef ]
The adapter scan ssif_info_find() sets info->adapter_name if the adapter
info came from SMBIOS, as it's not set in that case. However, this
function can be called more than once, and it will leak the adapter name
if it had already been set. So check for NULL before setting it.
Fixes: c4436c9149c5 ("ipmi_ssif: avoid registering duplicate ssif interface")
Signed-off-by: Corey Minyard <minyard@acm.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/char/ipmi/ipmi_ssif.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/char/ipmi/ipmi_ssif.c b/drivers/char/ipmi/ipmi_ssif.c
index 0061f2207f318..a1b080dfa9604 100644
--- a/drivers/char/ipmi/ipmi_ssif.c
+++ b/drivers/char/ipmi/ipmi_ssif.c
@@ -1410,7 +1410,7 @@ static struct ssif_addr_info *ssif_info_find(unsigned short addr,
restart:
list_for_each_entry(info, &ssif_infos, link) {
if (info->binfo.addr == addr) {
- if (info->addr_src == SI_SMBIOS)
+ if (info->addr_src == SI_SMBIOS && !info->adapter_name)
info->adapter_name = kstrdup(adapter_name,
GFP_KERNEL);
--
2.40.1
^ permalink raw reply related [flat|nested] 396+ messages in thread
* [PATCH 5.4 127/367] drivers: clk: keystone: Fix parameter judgment in _of_pll_clk_init()
2023-09-20 11:26 [PATCH 5.4 000/367] 5.4.257-rc1 review Greg Kroah-Hartman
` (125 preceding siblings ...)
2023-09-20 11:28 ` [PATCH 5.4 126/367] ipmi:ssif: Fix a memory leak when scanning for an adapter Greg Kroah-Hartman
@ 2023-09-20 11:28 ` Greg Kroah-Hartman
2023-09-20 11:28 ` [PATCH 5.4 128/367] clk: sunxi-ng: Modify mismatched function name Greg Kroah-Hartman
` (245 subsequent siblings)
372 siblings, 0 replies; 396+ messages in thread
From: Greg Kroah-Hartman @ 2023-09-20 11:28 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Minjie Du, Stephen Boyd, Sasha Levin
5.4-stable review patch. If anyone has any objections, please let me know.
------------------
From: Minjie Du <duminjie@vivo.com>
[ Upstream commit a995c50db887ef97f3160775aef7d772635a6f6e ]
The function clk_register_pll() may return NULL or an ERR_PTR. Don't
treat an ERR_PTR as valid.
Signed-off-by: Minjie Du <duminjie@vivo.com>
Link: https://lore.kernel.org/r/20230712102246.10348-1-duminjie@vivo.com
Fixes: b9e0d40c0d83 ("clk: keystone: add Keystone PLL clock driver")
[sboyd@kernel.org: Reword commit text]
Signed-off-by: Stephen Boyd <sboyd@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/clk/keystone/pll.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/clk/keystone/pll.c b/drivers/clk/keystone/pll.c
index d59a7621bb204..ee5c72369334f 100644
--- a/drivers/clk/keystone/pll.c
+++ b/drivers/clk/keystone/pll.c
@@ -209,7 +209,7 @@ static void __init _of_pll_clk_init(struct device_node *node, bool pllctrl)
}
clk = clk_register_pll(NULL, node->name, parent_name, pll_data);
- if (clk) {
+ if (!IS_ERR_OR_NULL(clk)) {
of_clk_add_provider(node, of_clk_src_simple_get, clk);
return;
}
--
2.40.1
^ permalink raw reply related [flat|nested] 396+ messages in thread
* [PATCH 5.4 128/367] clk: sunxi-ng: Modify mismatched function name
2023-09-20 11:26 [PATCH 5.4 000/367] 5.4.257-rc1 review Greg Kroah-Hartman
` (126 preceding siblings ...)
2023-09-20 11:28 ` [PATCH 5.4 127/367] drivers: clk: keystone: Fix parameter judgment in _of_pll_clk_init() Greg Kroah-Hartman
@ 2023-09-20 11:28 ` Greg Kroah-Hartman
2023-09-20 11:28 ` [PATCH 5.4 129/367] PCI: Mark NVIDIA T4 GPUs to avoid bus reset Greg Kroah-Hartman
` (244 subsequent siblings)
372 siblings, 0 replies; 396+ messages in thread
From: Greg Kroah-Hartman @ 2023-09-20 11:28 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Zhang Jianhua, Randy Dunlap,
Jernej Skrabec, Sasha Levin
5.4-stable review patch. If anyone has any objections, please let me know.
------------------
From: Zhang Jianhua <chris.zjh@huawei.com>
[ Upstream commit 075d9ca5b4e17f84fd1c744a405e69ec743be7f0 ]
No functional modification involved.
drivers/clk/sunxi-ng/ccu_mmc_timing.c:54: warning: expecting prototype for sunxi_ccu_set_mmc_timing_mode(). Prototype was for sunxi_ccu_get_mmc_timing_mode() instead
Fixes: f6f64ed868d3 ("clk: sunxi-ng: Add interface to query or configure MMC timing modes.")
Signed-off-by: Zhang Jianhua <chris.zjh@huawei.com>
Reviewed-by: Randy Dunlap <rdunlap@infradead.org>
Link: https://lore.kernel.org/r/20230722153107.2078179-1-chris.zjh@huawei.com
Signed-off-by: Jernej Skrabec <jernej.skrabec@gmail.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/clk/sunxi-ng/ccu_mmc_timing.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/clk/sunxi-ng/ccu_mmc_timing.c b/drivers/clk/sunxi-ng/ccu_mmc_timing.c
index de33414fc5c28..c6a6ce98ca03a 100644
--- a/drivers/clk/sunxi-ng/ccu_mmc_timing.c
+++ b/drivers/clk/sunxi-ng/ccu_mmc_timing.c
@@ -43,7 +43,7 @@ int sunxi_ccu_set_mmc_timing_mode(struct clk *clk, bool new_mode)
EXPORT_SYMBOL_GPL(sunxi_ccu_set_mmc_timing_mode);
/**
- * sunxi_ccu_set_mmc_timing_mode: Get the current MMC clock timing mode
+ * sunxi_ccu_get_mmc_timing_mode: Get the current MMC clock timing mode
* @clk: clock to query
*
* Returns 0 if the clock is in old timing mode, > 0 if it is in
--
2.40.1
^ permalink raw reply related [flat|nested] 396+ messages in thread
* [PATCH 5.4 129/367] PCI: Mark NVIDIA T4 GPUs to avoid bus reset
2023-09-20 11:26 [PATCH 5.4 000/367] 5.4.257-rc1 review Greg Kroah-Hartman
` (127 preceding siblings ...)
2023-09-20 11:28 ` [PATCH 5.4 128/367] clk: sunxi-ng: Modify mismatched function name Greg Kroah-Hartman
@ 2023-09-20 11:28 ` Greg Kroah-Hartman
2023-09-20 11:28 ` [PATCH 5.4 130/367] PCI: pciehp: Use RMW accessors for changing LNKCTL Greg Kroah-Hartman
` (243 subsequent siblings)
372 siblings, 0 replies; 396+ messages in thread
From: Greg Kroah-Hartman @ 2023-09-20 11:28 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Wu Zongyong, Bjorn Helgaas, Sasha Levin
5.4-stable review patch. If anyone has any objections, please let me know.
------------------
From: Wu Zongyong <wuzongyong@linux.alibaba.com>
[ Upstream commit d5af729dc2071273f14cbb94abbc60608142fd83 ]
NVIDIA T4 GPUs do not work with SBR. This problem is found when the T4 card
is direct attached to a Root Port only. Avoid bus reset by marking T4 GPUs
PCI_DEV_FLAGS_NO_BUS_RESET.
Fixes: 4c207e7121fa ("PCI: Mark some NVIDIA GPUs to avoid bus reset")
Link: https://lore.kernel.org/r/2dcebea53a6eb9bd212ec6d8974af2e5e0333ef6.1681129861.git.wuzongyong@linux.alibaba.com
Signed-off-by: Wu Zongyong <wuzongyong@linux.alibaba.com>
Signed-off-by: Bjorn Helgaas <bhelgaas@google.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/pci/quirks.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/pci/quirks.c b/drivers/pci/quirks.c
index 73260bd217278..6d258f146aa90 100644
--- a/drivers/pci/quirks.c
+++ b/drivers/pci/quirks.c
@@ -3566,7 +3566,7 @@ static void quirk_no_bus_reset(struct pci_dev *dev)
*/
static void quirk_nvidia_no_bus_reset(struct pci_dev *dev)
{
- if ((dev->device & 0xffc0) == 0x2340)
+ if ((dev->device & 0xffc0) == 0x2340 || dev->device == 0x1eb8)
quirk_no_bus_reset(dev);
}
DECLARE_PCI_FIXUP_HEADER(PCI_VENDOR_ID_NVIDIA, PCI_ANY_ID,
--
2.40.1
^ permalink raw reply related [flat|nested] 396+ messages in thread
* [PATCH 5.4 130/367] PCI: pciehp: Use RMW accessors for changing LNKCTL
2023-09-20 11:26 [PATCH 5.4 000/367] 5.4.257-rc1 review Greg Kroah-Hartman
` (128 preceding siblings ...)
2023-09-20 11:28 ` [PATCH 5.4 129/367] PCI: Mark NVIDIA T4 GPUs to avoid bus reset Greg Kroah-Hartman
@ 2023-09-20 11:28 ` Greg Kroah-Hartman
2023-09-20 11:28 ` [PATCH 5.4 131/367] PCI/ASPM: " Greg Kroah-Hartman
` (242 subsequent siblings)
372 siblings, 0 replies; 396+ messages in thread
From: Greg Kroah-Hartman @ 2023-09-20 11:28 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Lukas Wunner, Ilpo Järvinen,
Bjorn Helgaas, Rafael J. Wysocki, Sasha Levin
5.4-stable review patch. If anyone has any objections, please let me know.
------------------
From: Ilpo Järvinen <ilpo.jarvinen@linux.intel.com>
[ Upstream commit 5f75f96c61039151c193775d776fde42477eace1 ]
As hotplug is not the only driver touching LNKCTL, use the RMW capability
accessor which handles concurrent changes correctly.
Suggested-by: Lukas Wunner <lukas@wunner.de>
Fixes: 7f822999e12a ("PCI: pciehp: Add Disable/enable link functions")
Link: https://lore.kernel.org/r/20230717120503.15276-4-ilpo.jarvinen@linux.intel.com
Signed-off-by: Ilpo Järvinen <ilpo.jarvinen@linux.intel.com>
Signed-off-by: Bjorn Helgaas <bhelgaas@google.com>
Acked-by: "Rafael J. Wysocki" <rafael@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/pci/hotplug/pciehp_hpc.c | 12 +++---------
1 file changed, 3 insertions(+), 9 deletions(-)
diff --git a/drivers/pci/hotplug/pciehp_hpc.c b/drivers/pci/hotplug/pciehp_hpc.c
index 651664fe4058d..bdbe01d4d9e90 100644
--- a/drivers/pci/hotplug/pciehp_hpc.c
+++ b/drivers/pci/hotplug/pciehp_hpc.c
@@ -293,17 +293,11 @@ int pciehp_check_link_status(struct controller *ctrl)
static int __pciehp_link_set(struct controller *ctrl, bool enable)
{
struct pci_dev *pdev = ctrl_dev(ctrl);
- u16 lnk_ctrl;
- pcie_capability_read_word(pdev, PCI_EXP_LNKCTL, &lnk_ctrl);
+ pcie_capability_clear_and_set_word(pdev, PCI_EXP_LNKCTL,
+ PCI_EXP_LNKCTL_LD,
+ enable ? 0 : PCI_EXP_LNKCTL_LD);
- if (enable)
- lnk_ctrl &= ~PCI_EXP_LNKCTL_LD;
- else
- lnk_ctrl |= PCI_EXP_LNKCTL_LD;
-
- pcie_capability_write_word(pdev, PCI_EXP_LNKCTL, lnk_ctrl);
- ctrl_dbg(ctrl, "%s: lnk_ctrl = %x\n", __func__, lnk_ctrl);
return 0;
}
--
2.40.1
^ permalink raw reply related [flat|nested] 396+ messages in thread
* [PATCH 5.4 131/367] PCI/ASPM: Use RMW accessors for changing LNKCTL
2023-09-20 11:26 [PATCH 5.4 000/367] 5.4.257-rc1 review Greg Kroah-Hartman
` (129 preceding siblings ...)
2023-09-20 11:28 ` [PATCH 5.4 130/367] PCI: pciehp: Use RMW accessors for changing LNKCTL Greg Kroah-Hartman
@ 2023-09-20 11:28 ` Greg Kroah-Hartman
2023-09-20 11:28 ` [PATCH 5.4 132/367] clk: imx: composite-8m: fix clock pauses when set_rate would be a no-op Greg Kroah-Hartman
` (241 subsequent siblings)
372 siblings, 0 replies; 396+ messages in thread
From: Greg Kroah-Hartman @ 2023-09-20 11:28 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Lukas Wunner, Ilpo Järvinen,
Bjorn Helgaas, Rafael J. Wysocki, Sasha Levin
5.4-stable review patch. If anyone has any objections, please let me know.
------------------
From: Ilpo Järvinen <ilpo.jarvinen@linux.intel.com>
[ Upstream commit e09060b3b6b4661278ff8e1b7b81a37d5ea86eae ]
Don't assume that the device is fully under the control of ASPM and use RMW
capability accessors which do proper locking to avoid losing concurrent
updates to the register values.
If configuration fails in pcie_aspm_configure_common_clock(), the
function attempts to restore the old PCI_EXP_LNKCTL_CCC settings. Store
only the old PCI_EXP_LNKCTL_CCC bit for the relevant devices rather
than the content of the whole LNKCTL registers. It aligns better with
how pcie_lnkctl_clear_and_set() expects its parameter and makes the
code more obvious to understand.
Suggested-by: Lukas Wunner <lukas@wunner.de>
Fixes: 2a42d9dba784 ("PCIe: ASPM: Break out of endless loop waiting for PCI config bits to switch")
Fixes: 7d715a6c1ae5 ("PCI: add PCI Express ASPM support")
Link: https://lore.kernel.org/r/20230717120503.15276-5-ilpo.jarvinen@linux.intel.com
Signed-off-by: Ilpo Järvinen <ilpo.jarvinen@linux.intel.com>
Signed-off-by: Bjorn Helgaas <bhelgaas@google.com>
Acked-by: "Rafael J. Wysocki" <rafael@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/pci/pcie/aspm.c | 30 +++++++++++++-----------------
1 file changed, 13 insertions(+), 17 deletions(-)
diff --git a/drivers/pci/pcie/aspm.c b/drivers/pci/pcie/aspm.c
index 55270180ae081..ee51e433fdedb 100644
--- a/drivers/pci/pcie/aspm.c
+++ b/drivers/pci/pcie/aspm.c
@@ -257,7 +257,7 @@ static int pcie_retrain_link(struct pcie_link_state *link)
static void pcie_aspm_configure_common_clock(struct pcie_link_state *link)
{
int same_clock = 1;
- u16 reg16, parent_reg, child_reg[8];
+ u16 reg16, ccc, parent_old_ccc, child_old_ccc[8];
struct pci_dev *child, *parent = link->pdev;
struct pci_bus *linkbus = parent->subordinate;
/*
@@ -279,6 +279,7 @@ static void pcie_aspm_configure_common_clock(struct pcie_link_state *link)
/* Port might be already in common clock mode */
pcie_capability_read_word(parent, PCI_EXP_LNKCTL, ®16);
+ parent_old_ccc = reg16 & PCI_EXP_LNKCTL_CCC;
if (same_clock && (reg16 & PCI_EXP_LNKCTL_CCC)) {
bool consistent = true;
@@ -295,34 +296,29 @@ static void pcie_aspm_configure_common_clock(struct pcie_link_state *link)
pci_warn(parent, "ASPM: current common clock configuration is broken, reconfiguring\n");
}
+ ccc = same_clock ? PCI_EXP_LNKCTL_CCC : 0;
/* Configure downstream component, all functions */
list_for_each_entry(child, &linkbus->devices, bus_list) {
pcie_capability_read_word(child, PCI_EXP_LNKCTL, ®16);
- child_reg[PCI_FUNC(child->devfn)] = reg16;
- if (same_clock)
- reg16 |= PCI_EXP_LNKCTL_CCC;
- else
- reg16 &= ~PCI_EXP_LNKCTL_CCC;
- pcie_capability_write_word(child, PCI_EXP_LNKCTL, reg16);
+ child_old_ccc[PCI_FUNC(child->devfn)] = reg16 & PCI_EXP_LNKCTL_CCC;
+ pcie_capability_clear_and_set_word(child, PCI_EXP_LNKCTL,
+ PCI_EXP_LNKCTL_CCC, ccc);
}
/* Configure upstream component */
- pcie_capability_read_word(parent, PCI_EXP_LNKCTL, ®16);
- parent_reg = reg16;
- if (same_clock)
- reg16 |= PCI_EXP_LNKCTL_CCC;
- else
- reg16 &= ~PCI_EXP_LNKCTL_CCC;
- pcie_capability_write_word(parent, PCI_EXP_LNKCTL, reg16);
+ pcie_capability_clear_and_set_word(parent, PCI_EXP_LNKCTL,
+ PCI_EXP_LNKCTL_CCC, ccc);
if (pcie_retrain_link(link)) {
/* Training failed. Restore common clock configurations */
pci_err(parent, "ASPM: Could not configure common clock\n");
list_for_each_entry(child, &linkbus->devices, bus_list)
- pcie_capability_write_word(child, PCI_EXP_LNKCTL,
- child_reg[PCI_FUNC(child->devfn)]);
- pcie_capability_write_word(parent, PCI_EXP_LNKCTL, parent_reg);
+ pcie_capability_clear_and_set_word(child, PCI_EXP_LNKCTL,
+ PCI_EXP_LNKCTL_CCC,
+ child_old_ccc[PCI_FUNC(child->devfn)]);
+ pcie_capability_clear_and_set_word(parent, PCI_EXP_LNKCTL,
+ PCI_EXP_LNKCTL_CCC, parent_old_ccc);
}
}
--
2.40.1
^ permalink raw reply related [flat|nested] 396+ messages in thread
* [PATCH 5.4 132/367] clk: imx: composite-8m: fix clock pauses when set_rate would be a no-op
2023-09-20 11:26 [PATCH 5.4 000/367] 5.4.257-rc1 review Greg Kroah-Hartman
` (130 preceding siblings ...)
2023-09-20 11:28 ` [PATCH 5.4 131/367] PCI/ASPM: " Greg Kroah-Hartman
@ 2023-09-20 11:28 ` Greg Kroah-Hartman
2023-09-20 11:28 ` [PATCH 5.4 133/367] powerpc/fadump: reset dump area size if fadump memory reserve fails Greg Kroah-Hartman
` (240 subsequent siblings)
372 siblings, 0 replies; 396+ messages in thread
From: Greg Kroah-Hartman @ 2023-09-20 11:28 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Ahmad Fatoum, Peng Fan, Abel Vesa,
Sasha Levin
5.4-stable review patch. If anyone has any objections, please let me know.
------------------
From: Ahmad Fatoum <a.fatoum@pengutronix.de>
[ Upstream commit 4dd432d985ef258e3bc436e568fba4b987b59171 ]
Reconfiguring the clock divider to the exact same value is observed
on an i.MX8MN to often cause a longer than usual clock pause, probably
because the divider restarts counting whenever the register is rewritten.
This issue doesn't show up normally, because the clock framework will
take care to not call set_rate when the clock rate is the same.
However, when we reconfigure an upstream clock, the common code will
call set_rate with the newly calculated rate on all children, e.g.:
- sai5 is running normally and divides Audio PLL out by 16.
- Audio PLL rate is increased by 32Hz (glitch-free kdiv change)
- rates for children are recalculated and rates are set recursively
- imx8m_clk_composite_divider_set_rate(sai5) is called with
32/16 = 2Hz more
- imx8m_clk_composite_divider_set_rate computes same divider as before
- divider register is written, so it restarts counting from zero and
MCLK is briefly paused, so instead of e.g. 40ns, MCLK is low for 120ns.
Some external clock consumers can be upset by such unexpected clock pauses,
so let's make sure we only rewrite the divider value when the value to be
written is actually different.
Fixes: d3ff9728134e ("clk: imx: Add imx composite clock")
Signed-off-by: Ahmad Fatoum <a.fatoum@pengutronix.de>
Reviewed-by: Peng Fan <peng.fan@nxp.com>
Link: https://lore.kernel.org/r/20230807082201.2332746-1-a.fatoum@pengutronix.de
Signed-off-by: Abel Vesa <abel.vesa@linaro.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/clk/imx/clk-composite-8m.c | 12 +++++++-----
1 file changed, 7 insertions(+), 5 deletions(-)
diff --git a/drivers/clk/imx/clk-composite-8m.c b/drivers/clk/imx/clk-composite-8m.c
index d3486ee79ab54..78122188ac39e 100644
--- a/drivers/clk/imx/clk-composite-8m.c
+++ b/drivers/clk/imx/clk-composite-8m.c
@@ -95,7 +95,7 @@ static int imx8m_clk_composite_divider_set_rate(struct clk_hw *hw,
int prediv_value;
int div_value;
int ret;
- u32 val;
+ u32 orig, val;
ret = imx8m_clk_composite_compute_dividers(rate, parent_rate,
&prediv_value, &div_value);
@@ -104,13 +104,15 @@ static int imx8m_clk_composite_divider_set_rate(struct clk_hw *hw,
spin_lock_irqsave(divider->lock, flags);
- val = readl(divider->reg);
- val &= ~((clk_div_mask(divider->width) << divider->shift) |
- (clk_div_mask(PCG_DIV_WIDTH) << PCG_DIV_SHIFT));
+ orig = readl(divider->reg);
+ val = orig & ~((clk_div_mask(divider->width) << divider->shift) |
+ (clk_div_mask(PCG_DIV_WIDTH) << PCG_DIV_SHIFT));
val |= (u32)(prediv_value - 1) << divider->shift;
val |= (u32)(div_value - 1) << PCG_DIV_SHIFT;
- writel(val, divider->reg);
+
+ if (val != orig)
+ writel(val, divider->reg);
spin_unlock_irqrestore(divider->lock, flags);
--
2.40.1
^ permalink raw reply related [flat|nested] 396+ messages in thread
* [PATCH 5.4 133/367] powerpc/fadump: reset dump area size if fadump memory reserve fails
2023-09-20 11:26 [PATCH 5.4 000/367] 5.4.257-rc1 review Greg Kroah-Hartman
` (131 preceding siblings ...)
2023-09-20 11:28 ` [PATCH 5.4 132/367] clk: imx: composite-8m: fix clock pauses when set_rate would be a no-op Greg Kroah-Hartman
@ 2023-09-20 11:28 ` Greg Kroah-Hartman
2023-09-20 11:28 ` [PATCH 5.4 134/367] PCI: Add #defines for Enter Compliance, Transmit Margin Greg Kroah-Hartman
` (239 subsequent siblings)
372 siblings, 0 replies; 396+ messages in thread
From: Greg Kroah-Hartman @ 2023-09-20 11:28 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Sourabh Jain, Mahesh Salgaonkar,
Michael Ellerman, Sasha Levin
5.4-stable review patch. If anyone has any objections, please let me know.
------------------
From: Sourabh Jain <sourabhjain@linux.ibm.com>
[ Upstream commit d1eb75e0dfed80d2d85b664e28a39f65b290ab55 ]
In case fadump_reserve_mem() fails to reserve memory, the
reserve_dump_area_size variable will retain the reserve area size. This
will lead to /sys/kernel/fadump/mem_reserved node displaying an incorrect
memory reserved by fadump.
To fix this problem, reserve dump area size variable is set to 0 if fadump
failed to reserve memory.
Fixes: 8255da95e545 ("powerpc/fadump: release all the memory above boot memory size")
Signed-off-by: Sourabh Jain <sourabhjain@linux.ibm.com>
Acked-by: Mahesh Salgaonkar <mahesh@linux.ibm.com>
Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>
Link: https://msgid.link/20230704050715.203581-1-sourabhjain@linux.ibm.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/powerpc/kernel/fadump.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/arch/powerpc/kernel/fadump.c b/arch/powerpc/kernel/fadump.c
index 69d64f406204f..15405db43141c 100644
--- a/arch/powerpc/kernel/fadump.c
+++ b/arch/powerpc/kernel/fadump.c
@@ -629,6 +629,7 @@ int __init fadump_reserve_mem(void)
return ret;
error_out:
fw_dump.fadump_enabled = 0;
+ fw_dump.reserve_dump_area_size = 0;
return 0;
}
--
2.40.1
^ permalink raw reply related [flat|nested] 396+ messages in thread
* [PATCH 5.4 134/367] PCI: Add #defines for Enter Compliance, Transmit Margin
2023-09-20 11:26 [PATCH 5.4 000/367] 5.4.257-rc1 review Greg Kroah-Hartman
` (132 preceding siblings ...)
2023-09-20 11:28 ` [PATCH 5.4 133/367] powerpc/fadump: reset dump area size if fadump memory reserve fails Greg Kroah-Hartman
@ 2023-09-20 11:28 ` Greg Kroah-Hartman
2023-09-20 11:28 ` [PATCH 5.4 135/367] drm/amdgpu: Correct Transmit Margin masks Greg Kroah-Hartman
` (238 subsequent siblings)
372 siblings, 0 replies; 396+ messages in thread
From: Greg Kroah-Hartman @ 2023-09-20 11:28 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Bjorn Helgaas, Alex Deucher, Sasha Levin
5.4-stable review patch. If anyone has any objections, please let me know.
------------------
From: Bjorn Helgaas <bhelgaas@google.com>
[ Upstream commit bbdb2f5ecdf1e66b2f09710134db3c2e5c43a958 ]
Add definitions for the Enter Compliance and Transmit Margin fields of the
PCIe Link Control 2 register.
Link: https://lore.kernel.org/r/20191112173503.176611-2-helgaas@kernel.org
Signed-off-by: Bjorn Helgaas <bhelgaas@google.com>
Reviewed-by: Alex Deucher <alexander.deucher@amd.com>
Stable-dep-of: ce7d88110b9e ("drm/amdgpu: Use RMW accessors for changing LNKCTL")
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
include/uapi/linux/pci_regs.h | 2 ++
1 file changed, 2 insertions(+)
diff --git a/include/uapi/linux/pci_regs.h b/include/uapi/linux/pci_regs.h
index b485d8b0d5a79..5d830a95daf20 100644
--- a/include/uapi/linux/pci_regs.h
+++ b/include/uapi/linux/pci_regs.h
@@ -679,6 +679,8 @@
#define PCI_EXP_LNKCTL2_TLS_8_0GT 0x0003 /* Supported Speed 8GT/s */
#define PCI_EXP_LNKCTL2_TLS_16_0GT 0x0004 /* Supported Speed 16GT/s */
#define PCI_EXP_LNKCTL2_TLS_32_0GT 0x0005 /* Supported Speed 32GT/s */
+#define PCI_EXP_LNKCTL2_ENTER_COMP 0x0010 /* Enter Compliance */
+#define PCI_EXP_LNKCTL2_TX_MARGIN 0x0380 /* Transmit Margin */
#define PCI_EXP_LNKSTA2 50 /* Link Status 2 */
#define PCI_CAP_EXP_ENDPOINT_SIZEOF_V2 52 /* v2 endpoints with link end here */
#define PCI_EXP_SLTCAP2 52 /* Slot Capabilities 2 */
--
2.40.1
^ permalink raw reply related [flat|nested] 396+ messages in thread
* [PATCH 5.4 135/367] drm/amdgpu: Correct Transmit Margin masks
2023-09-20 11:26 [PATCH 5.4 000/367] 5.4.257-rc1 review Greg Kroah-Hartman
` (133 preceding siblings ...)
2023-09-20 11:28 ` [PATCH 5.4 134/367] PCI: Add #defines for Enter Compliance, Transmit Margin Greg Kroah-Hartman
@ 2023-09-20 11:28 ` Greg Kroah-Hartman
2023-09-20 11:28 ` [PATCH 5.4 136/367] drm/amdgpu: Replace numbers with PCI_EXP_LNKCTL2 definitions Greg Kroah-Hartman
` (237 subsequent siblings)
372 siblings, 0 replies; 396+ messages in thread
From: Greg Kroah-Hartman @ 2023-09-20 11:28 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Bjorn Helgaas, Alex Deucher, Sasha Levin
5.4-stable review patch. If anyone has any objections, please let me know.
------------------
From: Bjorn Helgaas <bhelgaas@google.com>
[ Upstream commit 19d7a95a8ba66b198f759cf610cc935ce9840d5b ]
Previously we masked PCIe Link Control 2 register values with "7 << 9",
which was apparently intended to be the Transmit Margin field, but instead
was the high order bit of Transmit Margin, the Enter Modified Compliance
bit, and the Compliance SOS bit.
Correct the mask to "7 << 7", which is the Transmit Margin field.
Link: https://lore.kernel.org/r/20191112173503.176611-3-helgaas@kernel.org
Signed-off-by: Bjorn Helgaas <bhelgaas@google.com>
Reviewed-by: Alex Deucher <alexander.deucher@amd.com>
Stable-dep-of: ce7d88110b9e ("drm/amdgpu: Use RMW accessors for changing LNKCTL")
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/gpu/drm/amd/amdgpu/cik.c | 8 ++++----
drivers/gpu/drm/amd/amdgpu/si.c | 8 ++++----
2 files changed, 8 insertions(+), 8 deletions(-)
diff --git a/drivers/gpu/drm/amd/amdgpu/cik.c b/drivers/gpu/drm/amd/amdgpu/cik.c
index b81bb414fcb30..13a5696d2a6a2 100644
--- a/drivers/gpu/drm/amd/amdgpu/cik.c
+++ b/drivers/gpu/drm/amd/amdgpu/cik.c
@@ -1498,13 +1498,13 @@ static void cik_pcie_gen3_enable(struct amdgpu_device *adev)
/* linkctl2 */
pci_read_config_word(root, bridge_pos + PCI_EXP_LNKCTL2, &tmp16);
- tmp16 &= ~((1 << 4) | (7 << 9));
- tmp16 |= (bridge_cfg2 & ((1 << 4) | (7 << 9)));
+ tmp16 &= ~((1 << 4) | (7 << 7));
+ tmp16 |= (bridge_cfg2 & ((1 << 4) | (7 << 7)));
pci_write_config_word(root, bridge_pos + PCI_EXP_LNKCTL2, tmp16);
pci_read_config_word(adev->pdev, gpu_pos + PCI_EXP_LNKCTL2, &tmp16);
- tmp16 &= ~((1 << 4) | (7 << 9));
- tmp16 |= (gpu_cfg2 & ((1 << 4) | (7 << 9)));
+ tmp16 &= ~((1 << 4) | (7 << 7));
+ tmp16 |= (gpu_cfg2 & ((1 << 4) | (7 << 7)));
pci_write_config_word(adev->pdev, gpu_pos + PCI_EXP_LNKCTL2, tmp16);
tmp = RREG32_PCIE(ixPCIE_LC_CNTL4);
diff --git a/drivers/gpu/drm/amd/amdgpu/si.c b/drivers/gpu/drm/amd/amdgpu/si.c
index 493af42152f26..1e350172dc7bb 100644
--- a/drivers/gpu/drm/amd/amdgpu/si.c
+++ b/drivers/gpu/drm/amd/amdgpu/si.c
@@ -1737,13 +1737,13 @@ static void si_pcie_gen3_enable(struct amdgpu_device *adev)
pci_write_config_word(adev->pdev, gpu_pos + PCI_EXP_LNKCTL, tmp16);
pci_read_config_word(root, bridge_pos + PCI_EXP_LNKCTL2, &tmp16);
- tmp16 &= ~((1 << 4) | (7 << 9));
- tmp16 |= (bridge_cfg2 & ((1 << 4) | (7 << 9)));
+ tmp16 &= ~((1 << 4) | (7 << 7));
+ tmp16 |= (bridge_cfg2 & ((1 << 4) | (7 << 7)));
pci_write_config_word(root, bridge_pos + PCI_EXP_LNKCTL2, tmp16);
pci_read_config_word(adev->pdev, gpu_pos + PCI_EXP_LNKCTL2, &tmp16);
- tmp16 &= ~((1 << 4) | (7 << 9));
- tmp16 |= (gpu_cfg2 & ((1 << 4) | (7 << 9)));
+ tmp16 &= ~((1 << 4) | (7 << 7));
+ tmp16 |= (gpu_cfg2 & ((1 << 4) | (7 << 7)));
pci_write_config_word(adev->pdev, gpu_pos + PCI_EXP_LNKCTL2, tmp16);
tmp = RREG32_PCIE_PORT(PCIE_LC_CNTL4);
--
2.40.1
^ permalink raw reply related [flat|nested] 396+ messages in thread
* [PATCH 5.4 136/367] drm/amdgpu: Replace numbers with PCI_EXP_LNKCTL2 definitions
2023-09-20 11:26 [PATCH 5.4 000/367] 5.4.257-rc1 review Greg Kroah-Hartman
` (134 preceding siblings ...)
2023-09-20 11:28 ` [PATCH 5.4 135/367] drm/amdgpu: Correct Transmit Margin masks Greg Kroah-Hartman
@ 2023-09-20 11:28 ` Greg Kroah-Hartman
2023-09-20 11:28 ` [PATCH 5.4 137/367] drm/amdgpu: Prefer pcie_capability_read_word() Greg Kroah-Hartman
` (236 subsequent siblings)
372 siblings, 0 replies; 396+ messages in thread
From: Greg Kroah-Hartman @ 2023-09-20 11:28 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Bjorn Helgaas, Alex Deucher, Sasha Levin
5.4-stable review patch. If anyone has any objections, please let me know.
------------------
From: Bjorn Helgaas <bhelgaas@google.com>
[ Upstream commit 35e768e296729ac96a8c33b7810b6cb1673ae961 ]
Replace hard-coded magic numbers with the descriptive PCI_EXP_LNKCTL2
definitions. No functional change intended.
Link: https://lore.kernel.org/r/20191112173503.176611-4-helgaas@kernel.org
Signed-off-by: Bjorn Helgaas <bhelgaas@google.com>
Reviewed-by: Alex Deucher <alexander.deucher@amd.com>
Stable-dep-of: ce7d88110b9e ("drm/amdgpu: Use RMW accessors for changing LNKCTL")
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/gpu/drm/amd/amdgpu/cik.c | 22 ++++++++++++++--------
drivers/gpu/drm/amd/amdgpu/si.c | 22 ++++++++++++++--------
2 files changed, 28 insertions(+), 16 deletions(-)
diff --git a/drivers/gpu/drm/amd/amdgpu/cik.c b/drivers/gpu/drm/amd/amdgpu/cik.c
index 13a5696d2a6a2..3067bb874032f 100644
--- a/drivers/gpu/drm/amd/amdgpu/cik.c
+++ b/drivers/gpu/drm/amd/amdgpu/cik.c
@@ -1498,13 +1498,19 @@ static void cik_pcie_gen3_enable(struct amdgpu_device *adev)
/* linkctl2 */
pci_read_config_word(root, bridge_pos + PCI_EXP_LNKCTL2, &tmp16);
- tmp16 &= ~((1 << 4) | (7 << 7));
- tmp16 |= (bridge_cfg2 & ((1 << 4) | (7 << 7)));
+ tmp16 &= ~(PCI_EXP_LNKCTL2_ENTER_COMP |
+ PCI_EXP_LNKCTL2_TX_MARGIN);
+ tmp16 |= (bridge_cfg2 &
+ (PCI_EXP_LNKCTL2_ENTER_COMP |
+ PCI_EXP_LNKCTL2_TX_MARGIN));
pci_write_config_word(root, bridge_pos + PCI_EXP_LNKCTL2, tmp16);
pci_read_config_word(adev->pdev, gpu_pos + PCI_EXP_LNKCTL2, &tmp16);
- tmp16 &= ~((1 << 4) | (7 << 7));
- tmp16 |= (gpu_cfg2 & ((1 << 4) | (7 << 7)));
+ tmp16 &= ~(PCI_EXP_LNKCTL2_ENTER_COMP |
+ PCI_EXP_LNKCTL2_TX_MARGIN);
+ tmp16 |= (gpu_cfg2 &
+ (PCI_EXP_LNKCTL2_ENTER_COMP |
+ PCI_EXP_LNKCTL2_TX_MARGIN));
pci_write_config_word(adev->pdev, gpu_pos + PCI_EXP_LNKCTL2, tmp16);
tmp = RREG32_PCIE(ixPCIE_LC_CNTL4);
@@ -1521,13 +1527,13 @@ static void cik_pcie_gen3_enable(struct amdgpu_device *adev)
WREG32_PCIE(ixPCIE_LC_SPEED_CNTL, speed_cntl);
pci_read_config_word(adev->pdev, gpu_pos + PCI_EXP_LNKCTL2, &tmp16);
- tmp16 &= ~0xf;
+ tmp16 &= ~PCI_EXP_LNKCTL2_TLS;
if (adev->pm.pcie_gen_mask & CAIL_PCIE_LINK_SPEED_SUPPORT_GEN3)
- tmp16 |= 3; /* gen3 */
+ tmp16 |= PCI_EXP_LNKCTL2_TLS_8_0GT; /* gen3 */
else if (adev->pm.pcie_gen_mask & CAIL_PCIE_LINK_SPEED_SUPPORT_GEN2)
- tmp16 |= 2; /* gen2 */
+ tmp16 |= PCI_EXP_LNKCTL2_TLS_5_0GT; /* gen2 */
else
- tmp16 |= 1; /* gen1 */
+ tmp16 |= PCI_EXP_LNKCTL2_TLS_2_5GT; /* gen1 */
pci_write_config_word(adev->pdev, gpu_pos + PCI_EXP_LNKCTL2, tmp16);
speed_cntl = RREG32_PCIE(ixPCIE_LC_SPEED_CNTL);
diff --git a/drivers/gpu/drm/amd/amdgpu/si.c b/drivers/gpu/drm/amd/amdgpu/si.c
index 1e350172dc7bb..a7dcb0d0f039c 100644
--- a/drivers/gpu/drm/amd/amdgpu/si.c
+++ b/drivers/gpu/drm/amd/amdgpu/si.c
@@ -1737,13 +1737,19 @@ static void si_pcie_gen3_enable(struct amdgpu_device *adev)
pci_write_config_word(adev->pdev, gpu_pos + PCI_EXP_LNKCTL, tmp16);
pci_read_config_word(root, bridge_pos + PCI_EXP_LNKCTL2, &tmp16);
- tmp16 &= ~((1 << 4) | (7 << 7));
- tmp16 |= (bridge_cfg2 & ((1 << 4) | (7 << 7)));
+ tmp16 &= ~(PCI_EXP_LNKCTL2_ENTER_COMP |
+ PCI_EXP_LNKCTL2_TX_MARGIN);
+ tmp16 |= (bridge_cfg2 &
+ (PCI_EXP_LNKCTL2_ENTER_COMP |
+ PCI_EXP_LNKCTL2_TX_MARGIN));
pci_write_config_word(root, bridge_pos + PCI_EXP_LNKCTL2, tmp16);
pci_read_config_word(adev->pdev, gpu_pos + PCI_EXP_LNKCTL2, &tmp16);
- tmp16 &= ~((1 << 4) | (7 << 7));
- tmp16 |= (gpu_cfg2 & ((1 << 4) | (7 << 7)));
+ tmp16 &= ~(PCI_EXP_LNKCTL2_ENTER_COMP |
+ PCI_EXP_LNKCTL2_TX_MARGIN);
+ tmp16 |= (gpu_cfg2 &
+ (PCI_EXP_LNKCTL2_ENTER_COMP |
+ PCI_EXP_LNKCTL2_TX_MARGIN));
pci_write_config_word(adev->pdev, gpu_pos + PCI_EXP_LNKCTL2, tmp16);
tmp = RREG32_PCIE_PORT(PCIE_LC_CNTL4);
@@ -1758,13 +1764,13 @@ static void si_pcie_gen3_enable(struct amdgpu_device *adev)
WREG32_PCIE_PORT(PCIE_LC_SPEED_CNTL, speed_cntl);
pci_read_config_word(adev->pdev, gpu_pos + PCI_EXP_LNKCTL2, &tmp16);
- tmp16 &= ~0xf;
+ tmp16 &= ~PCI_EXP_LNKCTL2_TLS;
if (adev->pm.pcie_gen_mask & CAIL_PCIE_LINK_SPEED_SUPPORT_GEN3)
- tmp16 |= 3;
+ tmp16 |= PCI_EXP_LNKCTL2_TLS_8_0GT; /* gen3 */
else if (adev->pm.pcie_gen_mask & CAIL_PCIE_LINK_SPEED_SUPPORT_GEN2)
- tmp16 |= 2;
+ tmp16 |= PCI_EXP_LNKCTL2_TLS_5_0GT; /* gen2 */
else
- tmp16 |= 1;
+ tmp16 |= PCI_EXP_LNKCTL2_TLS_2_5GT; /* gen1 */
pci_write_config_word(adev->pdev, gpu_pos + PCI_EXP_LNKCTL2, tmp16);
speed_cntl = RREG32_PCIE_PORT(PCIE_LC_SPEED_CNTL);
--
2.40.1
^ permalink raw reply related [flat|nested] 396+ messages in thread
* [PATCH 5.4 137/367] drm/amdgpu: Prefer pcie_capability_read_word()
2023-09-20 11:26 [PATCH 5.4 000/367] 5.4.257-rc1 review Greg Kroah-Hartman
` (135 preceding siblings ...)
2023-09-20 11:28 ` [PATCH 5.4 136/367] drm/amdgpu: Replace numbers with PCI_EXP_LNKCTL2 definitions Greg Kroah-Hartman
@ 2023-09-20 11:28 ` Greg Kroah-Hartman
2023-09-20 11:28 ` [PATCH 5.4 138/367] drm/amdgpu: Use RMW accessors for changing LNKCTL Greg Kroah-Hartman
` (235 subsequent siblings)
372 siblings, 0 replies; 396+ messages in thread
From: Greg Kroah-Hartman @ 2023-09-20 11:28 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Frederick Lawler, Bjorn Helgaas,
Alex Deucher, Sasha Levin
5.4-stable review patch. If anyone has any objections, please let me know.
------------------
From: Frederick Lawler <fred@fredlawl.com>
[ Upstream commit 88027c89ea146e32485251f1c2dddcde43c8d04e ]
Commit 8c0d3a02c130 ("PCI: Add accessors for PCI Express Capability")
added accessors for the PCI Express Capability so that drivers didn't
need to be aware of differences between v1 and v2 of the PCI
Express Capability.
Replace pci_read_config_word() and pci_write_config_word() calls with
pcie_capability_read_word() and pcie_capability_write_word().
[bhelgaas: fix a couple remaining instances in cik.c]
Link: https://lore.kernel.org/r/20191118003513.10852-1-fred@fredlawl.com
Signed-off-by: Frederick Lawler <fred@fredlawl.com>
Signed-off-by: Bjorn Helgaas <bhelgaas@google.com>
Reviewed-by: Alex Deucher <alexander.deucher@amd.com>
Stable-dep-of: ce7d88110b9e ("drm/amdgpu: Use RMW accessors for changing LNKCTL")
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/gpu/drm/amd/amdgpu/cik.c | 71 ++++++++++++++++++++------------
drivers/gpu/drm/amd/amdgpu/si.c | 71 ++++++++++++++++++++------------
2 files changed, 90 insertions(+), 52 deletions(-)
diff --git a/drivers/gpu/drm/amd/amdgpu/cik.c b/drivers/gpu/drm/amd/amdgpu/cik.c
index 3067bb874032f..38b06ae6357a7 100644
--- a/drivers/gpu/drm/amd/amdgpu/cik.c
+++ b/drivers/gpu/drm/amd/amdgpu/cik.c
@@ -1384,7 +1384,6 @@ static int cik_set_vce_clocks(struct amdgpu_device *adev, u32 evclk, u32 ecclk)
static void cik_pcie_gen3_enable(struct amdgpu_device *adev)
{
struct pci_dev *root = adev->pdev->bus->self;
- int bridge_pos, gpu_pos;
u32 speed_cntl, current_data_rate;
int i;
u16 tmp16;
@@ -1419,12 +1418,7 @@ static void cik_pcie_gen3_enable(struct amdgpu_device *adev)
DRM_INFO("enabling PCIE gen 2 link speeds, disable with amdgpu.pcie_gen2=0\n");
}
- bridge_pos = pci_pcie_cap(root);
- if (!bridge_pos)
- return;
-
- gpu_pos = pci_pcie_cap(adev->pdev);
- if (!gpu_pos)
+ if (!pci_is_pcie(root) || !pci_is_pcie(adev->pdev))
return;
if (adev->pm.pcie_gen_mask & CAIL_PCIE_LINK_SPEED_SUPPORT_GEN3) {
@@ -1434,14 +1428,17 @@ static void cik_pcie_gen3_enable(struct amdgpu_device *adev)
u16 bridge_cfg2, gpu_cfg2;
u32 max_lw, current_lw, tmp;
- pci_read_config_word(root, bridge_pos + PCI_EXP_LNKCTL, &bridge_cfg);
- pci_read_config_word(adev->pdev, gpu_pos + PCI_EXP_LNKCTL, &gpu_cfg);
+ pcie_capability_read_word(root, PCI_EXP_LNKCTL,
+ &bridge_cfg);
+ pcie_capability_read_word(adev->pdev, PCI_EXP_LNKCTL,
+ &gpu_cfg);
tmp16 = bridge_cfg | PCI_EXP_LNKCTL_HAWD;
- pci_write_config_word(root, bridge_pos + PCI_EXP_LNKCTL, tmp16);
+ pcie_capability_write_word(root, PCI_EXP_LNKCTL, tmp16);
tmp16 = gpu_cfg | PCI_EXP_LNKCTL_HAWD;
- pci_write_config_word(adev->pdev, gpu_pos + PCI_EXP_LNKCTL, tmp16);
+ pcie_capability_write_word(adev->pdev, PCI_EXP_LNKCTL,
+ tmp16);
tmp = RREG32_PCIE(ixPCIE_LC_STATUS1);
max_lw = (tmp & PCIE_LC_STATUS1__LC_DETECTED_LINK_WIDTH_MASK) >>
@@ -1465,15 +1462,23 @@ static void cik_pcie_gen3_enable(struct amdgpu_device *adev)
for (i = 0; i < 10; i++) {
/* check status */
- pci_read_config_word(adev->pdev, gpu_pos + PCI_EXP_DEVSTA, &tmp16);
+ pcie_capability_read_word(adev->pdev,
+ PCI_EXP_DEVSTA,
+ &tmp16);
if (tmp16 & PCI_EXP_DEVSTA_TRPND)
break;
- pci_read_config_word(root, bridge_pos + PCI_EXP_LNKCTL, &bridge_cfg);
- pci_read_config_word(adev->pdev, gpu_pos + PCI_EXP_LNKCTL, &gpu_cfg);
+ pcie_capability_read_word(root, PCI_EXP_LNKCTL,
+ &bridge_cfg);
+ pcie_capability_read_word(adev->pdev,
+ PCI_EXP_LNKCTL,
+ &gpu_cfg);
- pci_read_config_word(root, bridge_pos + PCI_EXP_LNKCTL2, &bridge_cfg2);
- pci_read_config_word(adev->pdev, gpu_pos + PCI_EXP_LNKCTL2, &gpu_cfg2);
+ pcie_capability_read_word(root, PCI_EXP_LNKCTL2,
+ &bridge_cfg2);
+ pcie_capability_read_word(adev->pdev,
+ PCI_EXP_LNKCTL2,
+ &gpu_cfg2);
tmp = RREG32_PCIE(ixPCIE_LC_CNTL4);
tmp |= PCIE_LC_CNTL4__LC_SET_QUIESCE_MASK;
@@ -1486,32 +1491,45 @@ static void cik_pcie_gen3_enable(struct amdgpu_device *adev)
msleep(100);
/* linkctl */
- pci_read_config_word(root, bridge_pos + PCI_EXP_LNKCTL, &tmp16);
+ pcie_capability_read_word(root, PCI_EXP_LNKCTL,
+ &tmp16);
tmp16 &= ~PCI_EXP_LNKCTL_HAWD;
tmp16 |= (bridge_cfg & PCI_EXP_LNKCTL_HAWD);
- pci_write_config_word(root, bridge_pos + PCI_EXP_LNKCTL, tmp16);
+ pcie_capability_write_word(root, PCI_EXP_LNKCTL,
+ tmp16);
- pci_read_config_word(adev->pdev, gpu_pos + PCI_EXP_LNKCTL, &tmp16);
+ pcie_capability_read_word(adev->pdev,
+ PCI_EXP_LNKCTL,
+ &tmp16);
tmp16 &= ~PCI_EXP_LNKCTL_HAWD;
tmp16 |= (gpu_cfg & PCI_EXP_LNKCTL_HAWD);
- pci_write_config_word(adev->pdev, gpu_pos + PCI_EXP_LNKCTL, tmp16);
+ pcie_capability_write_word(adev->pdev,
+ PCI_EXP_LNKCTL,
+ tmp16);
/* linkctl2 */
- pci_read_config_word(root, bridge_pos + PCI_EXP_LNKCTL2, &tmp16);
+ pcie_capability_read_word(root, PCI_EXP_LNKCTL2,
+ &tmp16);
tmp16 &= ~(PCI_EXP_LNKCTL2_ENTER_COMP |
PCI_EXP_LNKCTL2_TX_MARGIN);
tmp16 |= (bridge_cfg2 &
(PCI_EXP_LNKCTL2_ENTER_COMP |
PCI_EXP_LNKCTL2_TX_MARGIN));
- pci_write_config_word(root, bridge_pos + PCI_EXP_LNKCTL2, tmp16);
+ pcie_capability_write_word(root,
+ PCI_EXP_LNKCTL2,
+ tmp16);
- pci_read_config_word(adev->pdev, gpu_pos + PCI_EXP_LNKCTL2, &tmp16);
+ pcie_capability_read_word(adev->pdev,
+ PCI_EXP_LNKCTL2,
+ &tmp16);
tmp16 &= ~(PCI_EXP_LNKCTL2_ENTER_COMP |
PCI_EXP_LNKCTL2_TX_MARGIN);
tmp16 |= (gpu_cfg2 &
(PCI_EXP_LNKCTL2_ENTER_COMP |
PCI_EXP_LNKCTL2_TX_MARGIN));
- pci_write_config_word(adev->pdev, gpu_pos + PCI_EXP_LNKCTL2, tmp16);
+ pcie_capability_write_word(adev->pdev,
+ PCI_EXP_LNKCTL2,
+ tmp16);
tmp = RREG32_PCIE(ixPCIE_LC_CNTL4);
tmp &= ~PCIE_LC_CNTL4__LC_SET_QUIESCE_MASK;
@@ -1526,15 +1544,16 @@ static void cik_pcie_gen3_enable(struct amdgpu_device *adev)
speed_cntl &= ~PCIE_LC_SPEED_CNTL__LC_FORCE_DIS_SW_SPEED_CHANGE_MASK;
WREG32_PCIE(ixPCIE_LC_SPEED_CNTL, speed_cntl);
- pci_read_config_word(adev->pdev, gpu_pos + PCI_EXP_LNKCTL2, &tmp16);
+ pcie_capability_read_word(adev->pdev, PCI_EXP_LNKCTL2, &tmp16);
tmp16 &= ~PCI_EXP_LNKCTL2_TLS;
+
if (adev->pm.pcie_gen_mask & CAIL_PCIE_LINK_SPEED_SUPPORT_GEN3)
tmp16 |= PCI_EXP_LNKCTL2_TLS_8_0GT; /* gen3 */
else if (adev->pm.pcie_gen_mask & CAIL_PCIE_LINK_SPEED_SUPPORT_GEN2)
tmp16 |= PCI_EXP_LNKCTL2_TLS_5_0GT; /* gen2 */
else
tmp16 |= PCI_EXP_LNKCTL2_TLS_2_5GT; /* gen1 */
- pci_write_config_word(adev->pdev, gpu_pos + PCI_EXP_LNKCTL2, tmp16);
+ pcie_capability_write_word(adev->pdev, PCI_EXP_LNKCTL2, tmp16);
speed_cntl = RREG32_PCIE(ixPCIE_LC_SPEED_CNTL);
speed_cntl |= PCIE_LC_SPEED_CNTL__LC_INITIATE_LINK_SPEED_CHANGE_MASK;
diff --git a/drivers/gpu/drm/amd/amdgpu/si.c b/drivers/gpu/drm/amd/amdgpu/si.c
index a7dcb0d0f039c..9f82be879224a 100644
--- a/drivers/gpu/drm/amd/amdgpu/si.c
+++ b/drivers/gpu/drm/amd/amdgpu/si.c
@@ -1633,7 +1633,6 @@ static void si_init_golden_registers(struct amdgpu_device *adev)
static void si_pcie_gen3_enable(struct amdgpu_device *adev)
{
struct pci_dev *root = adev->pdev->bus->self;
- int bridge_pos, gpu_pos;
u32 speed_cntl, current_data_rate;
int i;
u16 tmp16;
@@ -1668,12 +1667,7 @@ static void si_pcie_gen3_enable(struct amdgpu_device *adev)
DRM_INFO("enabling PCIE gen 2 link speeds, disable with amdgpu.pcie_gen2=0\n");
}
- bridge_pos = pci_pcie_cap(root);
- if (!bridge_pos)
- return;
-
- gpu_pos = pci_pcie_cap(adev->pdev);
- if (!gpu_pos)
+ if (!pci_is_pcie(root) || !pci_is_pcie(adev->pdev))
return;
if (adev->pm.pcie_gen_mask & CAIL_PCIE_LINK_SPEED_SUPPORT_GEN3) {
@@ -1682,14 +1676,17 @@ static void si_pcie_gen3_enable(struct amdgpu_device *adev)
u16 bridge_cfg2, gpu_cfg2;
u32 max_lw, current_lw, tmp;
- pci_read_config_word(root, bridge_pos + PCI_EXP_LNKCTL, &bridge_cfg);
- pci_read_config_word(adev->pdev, gpu_pos + PCI_EXP_LNKCTL, &gpu_cfg);
+ pcie_capability_read_word(root, PCI_EXP_LNKCTL,
+ &bridge_cfg);
+ pcie_capability_read_word(adev->pdev, PCI_EXP_LNKCTL,
+ &gpu_cfg);
tmp16 = bridge_cfg | PCI_EXP_LNKCTL_HAWD;
- pci_write_config_word(root, bridge_pos + PCI_EXP_LNKCTL, tmp16);
+ pcie_capability_write_word(root, PCI_EXP_LNKCTL, tmp16);
tmp16 = gpu_cfg | PCI_EXP_LNKCTL_HAWD;
- pci_write_config_word(adev->pdev, gpu_pos + PCI_EXP_LNKCTL, tmp16);
+ pcie_capability_write_word(adev->pdev, PCI_EXP_LNKCTL,
+ tmp16);
tmp = RREG32_PCIE(PCIE_LC_STATUS1);
max_lw = (tmp & LC_DETECTED_LINK_WIDTH_MASK) >> LC_DETECTED_LINK_WIDTH_SHIFT;
@@ -1706,15 +1703,23 @@ static void si_pcie_gen3_enable(struct amdgpu_device *adev)
}
for (i = 0; i < 10; i++) {
- pci_read_config_word(adev->pdev, gpu_pos + PCI_EXP_DEVSTA, &tmp16);
+ pcie_capability_read_word(adev->pdev,
+ PCI_EXP_DEVSTA,
+ &tmp16);
if (tmp16 & PCI_EXP_DEVSTA_TRPND)
break;
- pci_read_config_word(root, bridge_pos + PCI_EXP_LNKCTL, &bridge_cfg);
- pci_read_config_word(adev->pdev, gpu_pos + PCI_EXP_LNKCTL, &gpu_cfg);
+ pcie_capability_read_word(root, PCI_EXP_LNKCTL,
+ &bridge_cfg);
+ pcie_capability_read_word(adev->pdev,
+ PCI_EXP_LNKCTL,
+ &gpu_cfg);
- pci_read_config_word(root, bridge_pos + PCI_EXP_LNKCTL2, &bridge_cfg2);
- pci_read_config_word(adev->pdev, gpu_pos + PCI_EXP_LNKCTL2, &gpu_cfg2);
+ pcie_capability_read_word(root, PCI_EXP_LNKCTL2,
+ &bridge_cfg2);
+ pcie_capability_read_word(adev->pdev,
+ PCI_EXP_LNKCTL2,
+ &gpu_cfg2);
tmp = RREG32_PCIE_PORT(PCIE_LC_CNTL4);
tmp |= LC_SET_QUIESCE;
@@ -1726,31 +1731,44 @@ static void si_pcie_gen3_enable(struct amdgpu_device *adev)
mdelay(100);
- pci_read_config_word(root, bridge_pos + PCI_EXP_LNKCTL, &tmp16);
+ pcie_capability_read_word(root, PCI_EXP_LNKCTL,
+ &tmp16);
tmp16 &= ~PCI_EXP_LNKCTL_HAWD;
tmp16 |= (bridge_cfg & PCI_EXP_LNKCTL_HAWD);
- pci_write_config_word(root, bridge_pos + PCI_EXP_LNKCTL, tmp16);
+ pcie_capability_write_word(root, PCI_EXP_LNKCTL,
+ tmp16);
- pci_read_config_word(adev->pdev, gpu_pos + PCI_EXP_LNKCTL, &tmp16);
+ pcie_capability_read_word(adev->pdev,
+ PCI_EXP_LNKCTL,
+ &tmp16);
tmp16 &= ~PCI_EXP_LNKCTL_HAWD;
tmp16 |= (gpu_cfg & PCI_EXP_LNKCTL_HAWD);
- pci_write_config_word(adev->pdev, gpu_pos + PCI_EXP_LNKCTL, tmp16);
+ pcie_capability_write_word(adev->pdev,
+ PCI_EXP_LNKCTL,
+ tmp16);
- pci_read_config_word(root, bridge_pos + PCI_EXP_LNKCTL2, &tmp16);
+ pcie_capability_read_word(root, PCI_EXP_LNKCTL2,
+ &tmp16);
tmp16 &= ~(PCI_EXP_LNKCTL2_ENTER_COMP |
PCI_EXP_LNKCTL2_TX_MARGIN);
tmp16 |= (bridge_cfg2 &
(PCI_EXP_LNKCTL2_ENTER_COMP |
PCI_EXP_LNKCTL2_TX_MARGIN));
- pci_write_config_word(root, bridge_pos + PCI_EXP_LNKCTL2, tmp16);
+ pcie_capability_write_word(root,
+ PCI_EXP_LNKCTL2,
+ tmp16);
- pci_read_config_word(adev->pdev, gpu_pos + PCI_EXP_LNKCTL2, &tmp16);
+ pcie_capability_read_word(adev->pdev,
+ PCI_EXP_LNKCTL2,
+ &tmp16);
tmp16 &= ~(PCI_EXP_LNKCTL2_ENTER_COMP |
PCI_EXP_LNKCTL2_TX_MARGIN);
tmp16 |= (gpu_cfg2 &
(PCI_EXP_LNKCTL2_ENTER_COMP |
PCI_EXP_LNKCTL2_TX_MARGIN));
- pci_write_config_word(adev->pdev, gpu_pos + PCI_EXP_LNKCTL2, tmp16);
+ pcie_capability_write_word(adev->pdev,
+ PCI_EXP_LNKCTL2,
+ tmp16);
tmp = RREG32_PCIE_PORT(PCIE_LC_CNTL4);
tmp &= ~LC_SET_QUIESCE;
@@ -1763,15 +1781,16 @@ static void si_pcie_gen3_enable(struct amdgpu_device *adev)
speed_cntl &= ~LC_FORCE_DIS_SW_SPEED_CHANGE;
WREG32_PCIE_PORT(PCIE_LC_SPEED_CNTL, speed_cntl);
- pci_read_config_word(adev->pdev, gpu_pos + PCI_EXP_LNKCTL2, &tmp16);
+ pcie_capability_read_word(adev->pdev, PCI_EXP_LNKCTL2, &tmp16);
tmp16 &= ~PCI_EXP_LNKCTL2_TLS;
+
if (adev->pm.pcie_gen_mask & CAIL_PCIE_LINK_SPEED_SUPPORT_GEN3)
tmp16 |= PCI_EXP_LNKCTL2_TLS_8_0GT; /* gen3 */
else if (adev->pm.pcie_gen_mask & CAIL_PCIE_LINK_SPEED_SUPPORT_GEN2)
tmp16 |= PCI_EXP_LNKCTL2_TLS_5_0GT; /* gen2 */
else
tmp16 |= PCI_EXP_LNKCTL2_TLS_2_5GT; /* gen1 */
- pci_write_config_word(adev->pdev, gpu_pos + PCI_EXP_LNKCTL2, tmp16);
+ pcie_capability_write_word(adev->pdev, PCI_EXP_LNKCTL2, tmp16);
speed_cntl = RREG32_PCIE_PORT(PCIE_LC_SPEED_CNTL);
speed_cntl |= LC_INITIATE_LINK_SPEED_CHANGE;
--
2.40.1
^ permalink raw reply related [flat|nested] 396+ messages in thread
* [PATCH 5.4 138/367] drm/amdgpu: Use RMW accessors for changing LNKCTL
2023-09-20 11:26 [PATCH 5.4 000/367] 5.4.257-rc1 review Greg Kroah-Hartman
` (136 preceding siblings ...)
2023-09-20 11:28 ` [PATCH 5.4 137/367] drm/amdgpu: Prefer pcie_capability_read_word() Greg Kroah-Hartman
@ 2023-09-20 11:28 ` Greg Kroah-Hartman
2023-09-20 11:28 ` [PATCH 5.4 139/367] drm/radeon: Correct Transmit Margin masks Greg Kroah-Hartman
` (234 subsequent siblings)
372 siblings, 0 replies; 396+ messages in thread
From: Greg Kroah-Hartman @ 2023-09-20 11:28 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Lukas Wunner, Ilpo Järvinen,
Bjorn Helgaas, Alex Deucher, Sasha Levin
5.4-stable review patch. If anyone has any objections, please let me know.
------------------
From: Ilpo Järvinen <ilpo.jarvinen@linux.intel.com>
[ Upstream commit ce7d88110b9ed5f33fe79ea6d4ed049fb0e57bce ]
Don't assume that only the driver would be accessing LNKCTL. ASPM policy
changes can trigger write to LNKCTL outside of driver's control. And in
the case of upstream bridge, the driver does not even own the device it's
changing the registers for.
Use RMW capability accessors which do proper locking to avoid losing
concurrent updates to the register value.
Suggested-by: Lukas Wunner <lukas@wunner.de>
Fixes: a2e73f56fa62 ("drm/amdgpu: Add support for CIK parts")
Fixes: 62a37553414a ("drm/amdgpu: add si implementation v10")
Link: https://lore.kernel.org/r/20230717120503.15276-6-ilpo.jarvinen@linux.intel.com
Signed-off-by: Ilpo Järvinen <ilpo.jarvinen@linux.intel.com>
Signed-off-by: Bjorn Helgaas <bhelgaas@google.com>
Acked-by: Alex Deucher <alexander.deucher@amd.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/gpu/drm/amd/amdgpu/cik.c | 36 +++++++++-----------------------
drivers/gpu/drm/amd/amdgpu/si.c | 36 +++++++++-----------------------
2 files changed, 20 insertions(+), 52 deletions(-)
diff --git a/drivers/gpu/drm/amd/amdgpu/cik.c b/drivers/gpu/drm/amd/amdgpu/cik.c
index 38b06ae6357a7..ee7e218c7daef 100644
--- a/drivers/gpu/drm/amd/amdgpu/cik.c
+++ b/drivers/gpu/drm/amd/amdgpu/cik.c
@@ -1428,17 +1428,8 @@ static void cik_pcie_gen3_enable(struct amdgpu_device *adev)
u16 bridge_cfg2, gpu_cfg2;
u32 max_lw, current_lw, tmp;
- pcie_capability_read_word(root, PCI_EXP_LNKCTL,
- &bridge_cfg);
- pcie_capability_read_word(adev->pdev, PCI_EXP_LNKCTL,
- &gpu_cfg);
-
- tmp16 = bridge_cfg | PCI_EXP_LNKCTL_HAWD;
- pcie_capability_write_word(root, PCI_EXP_LNKCTL, tmp16);
-
- tmp16 = gpu_cfg | PCI_EXP_LNKCTL_HAWD;
- pcie_capability_write_word(adev->pdev, PCI_EXP_LNKCTL,
- tmp16);
+ pcie_capability_set_word(root, PCI_EXP_LNKCTL, PCI_EXP_LNKCTL_HAWD);
+ pcie_capability_set_word(adev->pdev, PCI_EXP_LNKCTL, PCI_EXP_LNKCTL_HAWD);
tmp = RREG32_PCIE(ixPCIE_LC_STATUS1);
max_lw = (tmp & PCIE_LC_STATUS1__LC_DETECTED_LINK_WIDTH_MASK) >>
@@ -1491,21 +1482,14 @@ static void cik_pcie_gen3_enable(struct amdgpu_device *adev)
msleep(100);
/* linkctl */
- pcie_capability_read_word(root, PCI_EXP_LNKCTL,
- &tmp16);
- tmp16 &= ~PCI_EXP_LNKCTL_HAWD;
- tmp16 |= (bridge_cfg & PCI_EXP_LNKCTL_HAWD);
- pcie_capability_write_word(root, PCI_EXP_LNKCTL,
- tmp16);
-
- pcie_capability_read_word(adev->pdev,
- PCI_EXP_LNKCTL,
- &tmp16);
- tmp16 &= ~PCI_EXP_LNKCTL_HAWD;
- tmp16 |= (gpu_cfg & PCI_EXP_LNKCTL_HAWD);
- pcie_capability_write_word(adev->pdev,
- PCI_EXP_LNKCTL,
- tmp16);
+ pcie_capability_clear_and_set_word(root, PCI_EXP_LNKCTL,
+ PCI_EXP_LNKCTL_HAWD,
+ bridge_cfg &
+ PCI_EXP_LNKCTL_HAWD);
+ pcie_capability_clear_and_set_word(adev->pdev, PCI_EXP_LNKCTL,
+ PCI_EXP_LNKCTL_HAWD,
+ gpu_cfg &
+ PCI_EXP_LNKCTL_HAWD);
/* linkctl2 */
pcie_capability_read_word(root, PCI_EXP_LNKCTL2,
diff --git a/drivers/gpu/drm/amd/amdgpu/si.c b/drivers/gpu/drm/amd/amdgpu/si.c
index 9f82be879224a..53f7719d688eb 100644
--- a/drivers/gpu/drm/amd/amdgpu/si.c
+++ b/drivers/gpu/drm/amd/amdgpu/si.c
@@ -1676,17 +1676,8 @@ static void si_pcie_gen3_enable(struct amdgpu_device *adev)
u16 bridge_cfg2, gpu_cfg2;
u32 max_lw, current_lw, tmp;
- pcie_capability_read_word(root, PCI_EXP_LNKCTL,
- &bridge_cfg);
- pcie_capability_read_word(adev->pdev, PCI_EXP_LNKCTL,
- &gpu_cfg);
-
- tmp16 = bridge_cfg | PCI_EXP_LNKCTL_HAWD;
- pcie_capability_write_word(root, PCI_EXP_LNKCTL, tmp16);
-
- tmp16 = gpu_cfg | PCI_EXP_LNKCTL_HAWD;
- pcie_capability_write_word(adev->pdev, PCI_EXP_LNKCTL,
- tmp16);
+ pcie_capability_set_word(root, PCI_EXP_LNKCTL, PCI_EXP_LNKCTL_HAWD);
+ pcie_capability_set_word(adev->pdev, PCI_EXP_LNKCTL, PCI_EXP_LNKCTL_HAWD);
tmp = RREG32_PCIE(PCIE_LC_STATUS1);
max_lw = (tmp & LC_DETECTED_LINK_WIDTH_MASK) >> LC_DETECTED_LINK_WIDTH_SHIFT;
@@ -1731,21 +1722,14 @@ static void si_pcie_gen3_enable(struct amdgpu_device *adev)
mdelay(100);
- pcie_capability_read_word(root, PCI_EXP_LNKCTL,
- &tmp16);
- tmp16 &= ~PCI_EXP_LNKCTL_HAWD;
- tmp16 |= (bridge_cfg & PCI_EXP_LNKCTL_HAWD);
- pcie_capability_write_word(root, PCI_EXP_LNKCTL,
- tmp16);
-
- pcie_capability_read_word(adev->pdev,
- PCI_EXP_LNKCTL,
- &tmp16);
- tmp16 &= ~PCI_EXP_LNKCTL_HAWD;
- tmp16 |= (gpu_cfg & PCI_EXP_LNKCTL_HAWD);
- pcie_capability_write_word(adev->pdev,
- PCI_EXP_LNKCTL,
- tmp16);
+ pcie_capability_clear_and_set_word(root, PCI_EXP_LNKCTL,
+ PCI_EXP_LNKCTL_HAWD,
+ bridge_cfg &
+ PCI_EXP_LNKCTL_HAWD);
+ pcie_capability_clear_and_set_word(adev->pdev, PCI_EXP_LNKCTL,
+ PCI_EXP_LNKCTL_HAWD,
+ gpu_cfg &
+ PCI_EXP_LNKCTL_HAWD);
pcie_capability_read_word(root, PCI_EXP_LNKCTL2,
&tmp16);
--
2.40.1
^ permalink raw reply related [flat|nested] 396+ messages in thread
* [PATCH 5.4 139/367] drm/radeon: Correct Transmit Margin masks
2023-09-20 11:26 [PATCH 5.4 000/367] 5.4.257-rc1 review Greg Kroah-Hartman
` (137 preceding siblings ...)
2023-09-20 11:28 ` [PATCH 5.4 138/367] drm/amdgpu: Use RMW accessors for changing LNKCTL Greg Kroah-Hartman
@ 2023-09-20 11:28 ` Greg Kroah-Hartman
2023-09-20 11:28 ` [PATCH 5.4 140/367] drm/radeon: Replace numbers with PCI_EXP_LNKCTL2 definitions Greg Kroah-Hartman
` (233 subsequent siblings)
372 siblings, 0 replies; 396+ messages in thread
From: Greg Kroah-Hartman @ 2023-09-20 11:28 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Bjorn Helgaas, Alex Deucher, Sasha Levin
5.4-stable review patch. If anyone has any objections, please let me know.
------------------
From: Bjorn Helgaas <bhelgaas@google.com>
[ Upstream commit 40bd4be5a652ce56068a8273b68caa38cb0d8f4b ]
Previously we masked PCIe Link Control 2 register values with "7 << 9",
which was apparently intended to be the Transmit Margin field, but instead
was the high order bit of Transmit Margin, the Enter Modified Compliance
bit, and the Compliance SOS bit.
Correct the mask to "7 << 7", which is the Transmit Margin field.
Link: https://lore.kernel.org/r/20191112173503.176611-3-helgaas@kernel.org
Signed-off-by: Bjorn Helgaas <bhelgaas@google.com>
Reviewed-by: Alex Deucher <alexander.deucher@amd.com>
Stable-dep-of: 7189576e8a82 ("drm/radeon: Use RMW accessors for changing LNKCTL")
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/gpu/drm/radeon/cik.c | 8 ++++----
drivers/gpu/drm/radeon/si.c | 8 ++++----
2 files changed, 8 insertions(+), 8 deletions(-)
diff --git a/drivers/gpu/drm/radeon/cik.c b/drivers/gpu/drm/radeon/cik.c
index 897442754fd03..3ab8dae8aa3c3 100644
--- a/drivers/gpu/drm/radeon/cik.c
+++ b/drivers/gpu/drm/radeon/cik.c
@@ -9619,13 +9619,13 @@ static void cik_pcie_gen3_enable(struct radeon_device *rdev)
/* linkctl2 */
pci_read_config_word(root, bridge_pos + PCI_EXP_LNKCTL2, &tmp16);
- tmp16 &= ~((1 << 4) | (7 << 9));
- tmp16 |= (bridge_cfg2 & ((1 << 4) | (7 << 9)));
+ tmp16 &= ~((1 << 4) | (7 << 7));
+ tmp16 |= (bridge_cfg2 & ((1 << 4) | (7 << 7)));
pci_write_config_word(root, bridge_pos + PCI_EXP_LNKCTL2, tmp16);
pci_read_config_word(rdev->pdev, gpu_pos + PCI_EXP_LNKCTL2, &tmp16);
- tmp16 &= ~((1 << 4) | (7 << 9));
- tmp16 |= (gpu_cfg2 & ((1 << 4) | (7 << 9)));
+ tmp16 &= ~((1 << 4) | (7 << 7));
+ tmp16 |= (gpu_cfg2 & ((1 << 4) | (7 << 7)));
pci_write_config_word(rdev->pdev, gpu_pos + PCI_EXP_LNKCTL2, tmp16);
tmp = RREG32_PCIE_PORT(PCIE_LC_CNTL4);
diff --git a/drivers/gpu/drm/radeon/si.c b/drivers/gpu/drm/radeon/si.c
index 1d8efb0eefdb4..e28e1486e070c 100644
--- a/drivers/gpu/drm/radeon/si.c
+++ b/drivers/gpu/drm/radeon/si.c
@@ -7202,13 +7202,13 @@ static void si_pcie_gen3_enable(struct radeon_device *rdev)
/* linkctl2 */
pci_read_config_word(root, bridge_pos + PCI_EXP_LNKCTL2, &tmp16);
- tmp16 &= ~((1 << 4) | (7 << 9));
- tmp16 |= (bridge_cfg2 & ((1 << 4) | (7 << 9)));
+ tmp16 &= ~((1 << 4) | (7 << 7));
+ tmp16 |= (bridge_cfg2 & ((1 << 4) | (7 << 7)));
pci_write_config_word(root, bridge_pos + PCI_EXP_LNKCTL2, tmp16);
pci_read_config_word(rdev->pdev, gpu_pos + PCI_EXP_LNKCTL2, &tmp16);
- tmp16 &= ~((1 << 4) | (7 << 9));
- tmp16 |= (gpu_cfg2 & ((1 << 4) | (7 << 9)));
+ tmp16 &= ~((1 << 4) | (7 << 7));
+ tmp16 |= (gpu_cfg2 & ((1 << 4) | (7 << 7)));
pci_write_config_word(rdev->pdev, gpu_pos + PCI_EXP_LNKCTL2, tmp16);
tmp = RREG32_PCIE_PORT(PCIE_LC_CNTL4);
--
2.40.1
^ permalink raw reply related [flat|nested] 396+ messages in thread
* [PATCH 5.4 140/367] drm/radeon: Replace numbers with PCI_EXP_LNKCTL2 definitions
2023-09-20 11:26 [PATCH 5.4 000/367] 5.4.257-rc1 review Greg Kroah-Hartman
` (138 preceding siblings ...)
2023-09-20 11:28 ` [PATCH 5.4 139/367] drm/radeon: Correct Transmit Margin masks Greg Kroah-Hartman
@ 2023-09-20 11:28 ` Greg Kroah-Hartman
2023-09-20 11:28 ` [PATCH 5.4 141/367] drm/radeon: Prefer pcie_capability_read_word() Greg Kroah-Hartman
` (232 subsequent siblings)
372 siblings, 0 replies; 396+ messages in thread
From: Greg Kroah-Hartman @ 2023-09-20 11:28 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Bjorn Helgaas, Alex Deucher, Sasha Levin
5.4-stable review patch. If anyone has any objections, please let me know.
------------------
From: Bjorn Helgaas <bhelgaas@google.com>
[ Upstream commit ca56f99c18cafdeae6961ce9d87fc978506152ca ]
Replace hard-coded magic numbers with the descriptive PCI_EXP_LNKCTL2
definitions. No functional change intended.
Link: https://lore.kernel.org/r/20191112173503.176611-4-helgaas@kernel.org
Signed-off-by: Bjorn Helgaas <bhelgaas@google.com>
Reviewed-by: Alex Deucher <alexander.deucher@amd.com>
Stable-dep-of: 7189576e8a82 ("drm/radeon: Use RMW accessors for changing LNKCTL")
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/gpu/drm/radeon/cik.c | 22 ++++++++++++++--------
drivers/gpu/drm/radeon/si.c | 22 ++++++++++++++--------
2 files changed, 28 insertions(+), 16 deletions(-)
diff --git a/drivers/gpu/drm/radeon/cik.c b/drivers/gpu/drm/radeon/cik.c
index 3ab8dae8aa3c3..816976f44fffb 100644
--- a/drivers/gpu/drm/radeon/cik.c
+++ b/drivers/gpu/drm/radeon/cik.c
@@ -9619,13 +9619,19 @@ static void cik_pcie_gen3_enable(struct radeon_device *rdev)
/* linkctl2 */
pci_read_config_word(root, bridge_pos + PCI_EXP_LNKCTL2, &tmp16);
- tmp16 &= ~((1 << 4) | (7 << 7));
- tmp16 |= (bridge_cfg2 & ((1 << 4) | (7 << 7)));
+ tmp16 &= ~(PCI_EXP_LNKCTL2_ENTER_COMP |
+ PCI_EXP_LNKCTL2_TX_MARGIN);
+ tmp16 |= (bridge_cfg2 &
+ (PCI_EXP_LNKCTL2_ENTER_COMP |
+ PCI_EXP_LNKCTL2_TX_MARGIN));
pci_write_config_word(root, bridge_pos + PCI_EXP_LNKCTL2, tmp16);
pci_read_config_word(rdev->pdev, gpu_pos + PCI_EXP_LNKCTL2, &tmp16);
- tmp16 &= ~((1 << 4) | (7 << 7));
- tmp16 |= (gpu_cfg2 & ((1 << 4) | (7 << 7)));
+ tmp16 &= ~(PCI_EXP_LNKCTL2_ENTER_COMP |
+ PCI_EXP_LNKCTL2_TX_MARGIN);
+ tmp16 |= (gpu_cfg2 &
+ (PCI_EXP_LNKCTL2_ENTER_COMP |
+ PCI_EXP_LNKCTL2_TX_MARGIN));
pci_write_config_word(rdev->pdev, gpu_pos + PCI_EXP_LNKCTL2, tmp16);
tmp = RREG32_PCIE_PORT(PCIE_LC_CNTL4);
@@ -9641,13 +9647,13 @@ static void cik_pcie_gen3_enable(struct radeon_device *rdev)
WREG32_PCIE_PORT(PCIE_LC_SPEED_CNTL, speed_cntl);
pci_read_config_word(rdev->pdev, gpu_pos + PCI_EXP_LNKCTL2, &tmp16);
- tmp16 &= ~0xf;
+ tmp16 &= ~PCI_EXP_LNKCTL2_TLS;
if (speed_cap == PCIE_SPEED_8_0GT)
- tmp16 |= 3; /* gen3 */
+ tmp16 |= PCI_EXP_LNKCTL2_TLS_8_0GT; /* gen3 */
else if (speed_cap == PCIE_SPEED_5_0GT)
- tmp16 |= 2; /* gen2 */
+ tmp16 |= PCI_EXP_LNKCTL2_TLS_5_0GT; /* gen2 */
else
- tmp16 |= 1; /* gen1 */
+ tmp16 |= PCI_EXP_LNKCTL2_TLS_2_5GT; /* gen1 */
pci_write_config_word(rdev->pdev, gpu_pos + PCI_EXP_LNKCTL2, tmp16);
speed_cntl = RREG32_PCIE_PORT(PCIE_LC_SPEED_CNTL);
diff --git a/drivers/gpu/drm/radeon/si.c b/drivers/gpu/drm/radeon/si.c
index e28e1486e070c..21ac174e21f50 100644
--- a/drivers/gpu/drm/radeon/si.c
+++ b/drivers/gpu/drm/radeon/si.c
@@ -7202,13 +7202,19 @@ static void si_pcie_gen3_enable(struct radeon_device *rdev)
/* linkctl2 */
pci_read_config_word(root, bridge_pos + PCI_EXP_LNKCTL2, &tmp16);
- tmp16 &= ~((1 << 4) | (7 << 7));
- tmp16 |= (bridge_cfg2 & ((1 << 4) | (7 << 7)));
+ tmp16 &= ~(PCI_EXP_LNKCTL2_ENTER_COMP |
+ PCI_EXP_LNKCTL2_TX_MARGIN);
+ tmp16 |= (bridge_cfg2 &
+ (PCI_EXP_LNKCTL2_ENTER_COMP |
+ PCI_EXP_LNKCTL2_TX_MARGIN));
pci_write_config_word(root, bridge_pos + PCI_EXP_LNKCTL2, tmp16);
pci_read_config_word(rdev->pdev, gpu_pos + PCI_EXP_LNKCTL2, &tmp16);
- tmp16 &= ~((1 << 4) | (7 << 7));
- tmp16 |= (gpu_cfg2 & ((1 << 4) | (7 << 7)));
+ tmp16 &= ~(PCI_EXP_LNKCTL2_ENTER_COMP |
+ PCI_EXP_LNKCTL2_TX_MARGIN);
+ tmp16 |= (gpu_cfg2 &
+ (PCI_EXP_LNKCTL2_ENTER_COMP |
+ PCI_EXP_LNKCTL2_TX_MARGIN));
pci_write_config_word(rdev->pdev, gpu_pos + PCI_EXP_LNKCTL2, tmp16);
tmp = RREG32_PCIE_PORT(PCIE_LC_CNTL4);
@@ -7224,13 +7230,13 @@ static void si_pcie_gen3_enable(struct radeon_device *rdev)
WREG32_PCIE_PORT(PCIE_LC_SPEED_CNTL, speed_cntl);
pci_read_config_word(rdev->pdev, gpu_pos + PCI_EXP_LNKCTL2, &tmp16);
- tmp16 &= ~0xf;
+ tmp16 &= ~PCI_EXP_LNKCTL2_TLS;
if (speed_cap == PCIE_SPEED_8_0GT)
- tmp16 |= 3; /* gen3 */
+ tmp16 |= PCI_EXP_LNKCTL2_TLS_8_0GT; /* gen3 */
else if (speed_cap == PCIE_SPEED_5_0GT)
- tmp16 |= 2; /* gen2 */
+ tmp16 |= PCI_EXP_LNKCTL2_TLS_5_0GT; /* gen2 */
else
- tmp16 |= 1; /* gen1 */
+ tmp16 |= PCI_EXP_LNKCTL2_TLS_2_5GT; /* gen1 */
pci_write_config_word(rdev->pdev, gpu_pos + PCI_EXP_LNKCTL2, tmp16);
speed_cntl = RREG32_PCIE_PORT(PCIE_LC_SPEED_CNTL);
--
2.40.1
^ permalink raw reply related [flat|nested] 396+ messages in thread
* [PATCH 5.4 141/367] drm/radeon: Prefer pcie_capability_read_word()
2023-09-20 11:26 [PATCH 5.4 000/367] 5.4.257-rc1 review Greg Kroah-Hartman
` (139 preceding siblings ...)
2023-09-20 11:28 ` [PATCH 5.4 140/367] drm/radeon: Replace numbers with PCI_EXP_LNKCTL2 definitions Greg Kroah-Hartman
@ 2023-09-20 11:28 ` Greg Kroah-Hartman
2023-09-20 11:28 ` [PATCH 5.4 142/367] drm/radeon: Use RMW accessors for changing LNKCTL Greg Kroah-Hartman
` (231 subsequent siblings)
372 siblings, 0 replies; 396+ messages in thread
From: Greg Kroah-Hartman @ 2023-09-20 11:28 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Frederick Lawler, Bjorn Helgaas,
Alex Deucher, Sasha Levin
5.4-stable review patch. If anyone has any objections, please let me know.
------------------
From: Frederick Lawler <fred@fredlawl.com>
[ Upstream commit 3d581b11e34a92350983e5d3ecf469b5c677e295 ]
Commit 8c0d3a02c130 ("PCI: Add accessors for PCI Express Capability")
added accessors for the PCI Express Capability so that drivers didn't
need to be aware of differences between v1 and v2 of the PCI
Express Capability.
Replace pci_read_config_word() and pci_write_config_word() calls with
pcie_capability_read_word() and pcie_capability_write_word().
Link: https://lore.kernel.org/r/20191118003513.10852-1-fred@fredlawl.com
Signed-off-by: Frederick Lawler <fred@fredlawl.com>
Signed-off-by: Bjorn Helgaas <bhelgaas@google.com>
Reviewed-by: Alex Deucher <alexander.deucher@amd.com>
Stable-dep-of: 7189576e8a82 ("drm/radeon: Use RMW accessors for changing LNKCTL")
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/gpu/drm/radeon/cik.c | 70 +++++++++++++++++++++-------------
drivers/gpu/drm/radeon/si.c | 73 +++++++++++++++++++++++-------------
2 files changed, 90 insertions(+), 53 deletions(-)
diff --git a/drivers/gpu/drm/radeon/cik.c b/drivers/gpu/drm/radeon/cik.c
index 816976f44fffb..6476f901b63e6 100644
--- a/drivers/gpu/drm/radeon/cik.c
+++ b/drivers/gpu/drm/radeon/cik.c
@@ -9504,7 +9504,6 @@ static void cik_pcie_gen3_enable(struct radeon_device *rdev)
{
struct pci_dev *root = rdev->pdev->bus->self;
enum pci_bus_speed speed_cap;
- int bridge_pos, gpu_pos;
u32 speed_cntl, current_data_rate;
int i;
u16 tmp16;
@@ -9546,12 +9545,7 @@ static void cik_pcie_gen3_enable(struct radeon_device *rdev)
DRM_INFO("enabling PCIE gen 2 link speeds, disable with radeon.pcie_gen2=0\n");
}
- bridge_pos = pci_pcie_cap(root);
- if (!bridge_pos)
- return;
-
- gpu_pos = pci_pcie_cap(rdev->pdev);
- if (!gpu_pos)
+ if (!pci_is_pcie(root) || !pci_is_pcie(rdev->pdev))
return;
if (speed_cap == PCIE_SPEED_8_0GT) {
@@ -9561,14 +9555,17 @@ static void cik_pcie_gen3_enable(struct radeon_device *rdev)
u16 bridge_cfg2, gpu_cfg2;
u32 max_lw, current_lw, tmp;
- pci_read_config_word(root, bridge_pos + PCI_EXP_LNKCTL, &bridge_cfg);
- pci_read_config_word(rdev->pdev, gpu_pos + PCI_EXP_LNKCTL, &gpu_cfg);
+ pcie_capability_read_word(root, PCI_EXP_LNKCTL,
+ &bridge_cfg);
+ pcie_capability_read_word(rdev->pdev, PCI_EXP_LNKCTL,
+ &gpu_cfg);
tmp16 = bridge_cfg | PCI_EXP_LNKCTL_HAWD;
- pci_write_config_word(root, bridge_pos + PCI_EXP_LNKCTL, tmp16);
+ pcie_capability_write_word(root, PCI_EXP_LNKCTL, tmp16);
tmp16 = gpu_cfg | PCI_EXP_LNKCTL_HAWD;
- pci_write_config_word(rdev->pdev, gpu_pos + PCI_EXP_LNKCTL, tmp16);
+ pcie_capability_write_word(rdev->pdev, PCI_EXP_LNKCTL,
+ tmp16);
tmp = RREG32_PCIE_PORT(PCIE_LC_STATUS1);
max_lw = (tmp & LC_DETECTED_LINK_WIDTH_MASK) >> LC_DETECTED_LINK_WIDTH_SHIFT;
@@ -9586,15 +9583,23 @@ static void cik_pcie_gen3_enable(struct radeon_device *rdev)
for (i = 0; i < 10; i++) {
/* check status */
- pci_read_config_word(rdev->pdev, gpu_pos + PCI_EXP_DEVSTA, &tmp16);
+ pcie_capability_read_word(rdev->pdev,
+ PCI_EXP_DEVSTA,
+ &tmp16);
if (tmp16 & PCI_EXP_DEVSTA_TRPND)
break;
- pci_read_config_word(root, bridge_pos + PCI_EXP_LNKCTL, &bridge_cfg);
- pci_read_config_word(rdev->pdev, gpu_pos + PCI_EXP_LNKCTL, &gpu_cfg);
+ pcie_capability_read_word(root, PCI_EXP_LNKCTL,
+ &bridge_cfg);
+ pcie_capability_read_word(rdev->pdev,
+ PCI_EXP_LNKCTL,
+ &gpu_cfg);
- pci_read_config_word(root, bridge_pos + PCI_EXP_LNKCTL2, &bridge_cfg2);
- pci_read_config_word(rdev->pdev, gpu_pos + PCI_EXP_LNKCTL2, &gpu_cfg2);
+ pcie_capability_read_word(root, PCI_EXP_LNKCTL2,
+ &bridge_cfg2);
+ pcie_capability_read_word(rdev->pdev,
+ PCI_EXP_LNKCTL2,
+ &gpu_cfg2);
tmp = RREG32_PCIE_PORT(PCIE_LC_CNTL4);
tmp |= LC_SET_QUIESCE;
@@ -9607,32 +9612,45 @@ static void cik_pcie_gen3_enable(struct radeon_device *rdev)
msleep(100);
/* linkctl */
- pci_read_config_word(root, bridge_pos + PCI_EXP_LNKCTL, &tmp16);
+ pcie_capability_read_word(root, PCI_EXP_LNKCTL,
+ &tmp16);
tmp16 &= ~PCI_EXP_LNKCTL_HAWD;
tmp16 |= (bridge_cfg & PCI_EXP_LNKCTL_HAWD);
- pci_write_config_word(root, bridge_pos + PCI_EXP_LNKCTL, tmp16);
+ pcie_capability_write_word(root, PCI_EXP_LNKCTL,
+ tmp16);
- pci_read_config_word(rdev->pdev, gpu_pos + PCI_EXP_LNKCTL, &tmp16);
+ pcie_capability_read_word(rdev->pdev,
+ PCI_EXP_LNKCTL,
+ &tmp16);
tmp16 &= ~PCI_EXP_LNKCTL_HAWD;
tmp16 |= (gpu_cfg & PCI_EXP_LNKCTL_HAWD);
- pci_write_config_word(rdev->pdev, gpu_pos + PCI_EXP_LNKCTL, tmp16);
+ pcie_capability_write_word(rdev->pdev,
+ PCI_EXP_LNKCTL,
+ tmp16);
/* linkctl2 */
- pci_read_config_word(root, bridge_pos + PCI_EXP_LNKCTL2, &tmp16);
+ pcie_capability_read_word(root, PCI_EXP_LNKCTL2,
+ &tmp16);
tmp16 &= ~(PCI_EXP_LNKCTL2_ENTER_COMP |
PCI_EXP_LNKCTL2_TX_MARGIN);
tmp16 |= (bridge_cfg2 &
(PCI_EXP_LNKCTL2_ENTER_COMP |
PCI_EXP_LNKCTL2_TX_MARGIN));
- pci_write_config_word(root, bridge_pos + PCI_EXP_LNKCTL2, tmp16);
+ pcie_capability_write_word(root,
+ PCI_EXP_LNKCTL2,
+ tmp16);
- pci_read_config_word(rdev->pdev, gpu_pos + PCI_EXP_LNKCTL2, &tmp16);
+ pcie_capability_read_word(rdev->pdev,
+ PCI_EXP_LNKCTL2,
+ &tmp16);
tmp16 &= ~(PCI_EXP_LNKCTL2_ENTER_COMP |
PCI_EXP_LNKCTL2_TX_MARGIN);
tmp16 |= (gpu_cfg2 &
(PCI_EXP_LNKCTL2_ENTER_COMP |
PCI_EXP_LNKCTL2_TX_MARGIN));
- pci_write_config_word(rdev->pdev, gpu_pos + PCI_EXP_LNKCTL2, tmp16);
+ pcie_capability_write_word(rdev->pdev,
+ PCI_EXP_LNKCTL2,
+ tmp16);
tmp = RREG32_PCIE_PORT(PCIE_LC_CNTL4);
tmp &= ~LC_SET_QUIESCE;
@@ -9646,7 +9664,7 @@ static void cik_pcie_gen3_enable(struct radeon_device *rdev)
speed_cntl &= ~LC_FORCE_DIS_SW_SPEED_CHANGE;
WREG32_PCIE_PORT(PCIE_LC_SPEED_CNTL, speed_cntl);
- pci_read_config_word(rdev->pdev, gpu_pos + PCI_EXP_LNKCTL2, &tmp16);
+ pcie_capability_read_word(rdev->pdev, PCI_EXP_LNKCTL2, &tmp16);
tmp16 &= ~PCI_EXP_LNKCTL2_TLS;
if (speed_cap == PCIE_SPEED_8_0GT)
tmp16 |= PCI_EXP_LNKCTL2_TLS_8_0GT; /* gen3 */
@@ -9654,7 +9672,7 @@ static void cik_pcie_gen3_enable(struct radeon_device *rdev)
tmp16 |= PCI_EXP_LNKCTL2_TLS_5_0GT; /* gen2 */
else
tmp16 |= PCI_EXP_LNKCTL2_TLS_2_5GT; /* gen1 */
- pci_write_config_word(rdev->pdev, gpu_pos + PCI_EXP_LNKCTL2, tmp16);
+ pcie_capability_write_word(rdev->pdev, PCI_EXP_LNKCTL2, tmp16);
speed_cntl = RREG32_PCIE_PORT(PCIE_LC_SPEED_CNTL);
speed_cntl |= LC_INITIATE_LINK_SPEED_CHANGE;
diff --git a/drivers/gpu/drm/radeon/si.c b/drivers/gpu/drm/radeon/si.c
index 21ac174e21f50..d7eea75b2c277 100644
--- a/drivers/gpu/drm/radeon/si.c
+++ b/drivers/gpu/drm/radeon/si.c
@@ -3257,7 +3257,7 @@ static void si_gpu_init(struct radeon_device *rdev)
/* XXX what about 12? */
rdev->config.si.tile_config |= (3 << 0);
break;
- }
+ }
switch ((mc_arb_ramcfg & NOOFBANK_MASK) >> NOOFBANK_SHIFT) {
case 0: /* four banks */
rdev->config.si.tile_config |= 0 << 4;
@@ -7087,7 +7087,6 @@ static void si_pcie_gen3_enable(struct radeon_device *rdev)
{
struct pci_dev *root = rdev->pdev->bus->self;
enum pci_bus_speed speed_cap;
- int bridge_pos, gpu_pos;
u32 speed_cntl, current_data_rate;
int i;
u16 tmp16;
@@ -7129,12 +7128,7 @@ static void si_pcie_gen3_enable(struct radeon_device *rdev)
DRM_INFO("enabling PCIE gen 2 link speeds, disable with radeon.pcie_gen2=0\n");
}
- bridge_pos = pci_pcie_cap(root);
- if (!bridge_pos)
- return;
-
- gpu_pos = pci_pcie_cap(rdev->pdev);
- if (!gpu_pos)
+ if (!pci_is_pcie(root) || !pci_is_pcie(rdev->pdev))
return;
if (speed_cap == PCIE_SPEED_8_0GT) {
@@ -7144,14 +7138,17 @@ static void si_pcie_gen3_enable(struct radeon_device *rdev)
u16 bridge_cfg2, gpu_cfg2;
u32 max_lw, current_lw, tmp;
- pci_read_config_word(root, bridge_pos + PCI_EXP_LNKCTL, &bridge_cfg);
- pci_read_config_word(rdev->pdev, gpu_pos + PCI_EXP_LNKCTL, &gpu_cfg);
+ pcie_capability_read_word(root, PCI_EXP_LNKCTL,
+ &bridge_cfg);
+ pcie_capability_read_word(rdev->pdev, PCI_EXP_LNKCTL,
+ &gpu_cfg);
tmp16 = bridge_cfg | PCI_EXP_LNKCTL_HAWD;
- pci_write_config_word(root, bridge_pos + PCI_EXP_LNKCTL, tmp16);
+ pcie_capability_write_word(root, PCI_EXP_LNKCTL, tmp16);
tmp16 = gpu_cfg | PCI_EXP_LNKCTL_HAWD;
- pci_write_config_word(rdev->pdev, gpu_pos + PCI_EXP_LNKCTL, tmp16);
+ pcie_capability_write_word(rdev->pdev, PCI_EXP_LNKCTL,
+ tmp16);
tmp = RREG32_PCIE(PCIE_LC_STATUS1);
max_lw = (tmp & LC_DETECTED_LINK_WIDTH_MASK) >> LC_DETECTED_LINK_WIDTH_SHIFT;
@@ -7169,15 +7166,23 @@ static void si_pcie_gen3_enable(struct radeon_device *rdev)
for (i = 0; i < 10; i++) {
/* check status */
- pci_read_config_word(rdev->pdev, gpu_pos + PCI_EXP_DEVSTA, &tmp16);
+ pcie_capability_read_word(rdev->pdev,
+ PCI_EXP_DEVSTA,
+ &tmp16);
if (tmp16 & PCI_EXP_DEVSTA_TRPND)
break;
- pci_read_config_word(root, bridge_pos + PCI_EXP_LNKCTL, &bridge_cfg);
- pci_read_config_word(rdev->pdev, gpu_pos + PCI_EXP_LNKCTL, &gpu_cfg);
+ pcie_capability_read_word(root, PCI_EXP_LNKCTL,
+ &bridge_cfg);
+ pcie_capability_read_word(rdev->pdev,
+ PCI_EXP_LNKCTL,
+ &gpu_cfg);
- pci_read_config_word(root, bridge_pos + PCI_EXP_LNKCTL2, &bridge_cfg2);
- pci_read_config_word(rdev->pdev, gpu_pos + PCI_EXP_LNKCTL2, &gpu_cfg2);
+ pcie_capability_read_word(root, PCI_EXP_LNKCTL2,
+ &bridge_cfg2);
+ pcie_capability_read_word(rdev->pdev,
+ PCI_EXP_LNKCTL2,
+ &gpu_cfg2);
tmp = RREG32_PCIE_PORT(PCIE_LC_CNTL4);
tmp |= LC_SET_QUIESCE;
@@ -7190,32 +7195,46 @@ static void si_pcie_gen3_enable(struct radeon_device *rdev)
msleep(100);
/* linkctl */
- pci_read_config_word(root, bridge_pos + PCI_EXP_LNKCTL, &tmp16);
+ pcie_capability_read_word(root, PCI_EXP_LNKCTL,
+ &tmp16);
tmp16 &= ~PCI_EXP_LNKCTL_HAWD;
tmp16 |= (bridge_cfg & PCI_EXP_LNKCTL_HAWD);
- pci_write_config_word(root, bridge_pos + PCI_EXP_LNKCTL, tmp16);
+ pcie_capability_write_word(root,
+ PCI_EXP_LNKCTL,
+ tmp16);
- pci_read_config_word(rdev->pdev, gpu_pos + PCI_EXP_LNKCTL, &tmp16);
+ pcie_capability_read_word(rdev->pdev,
+ PCI_EXP_LNKCTL,
+ &tmp16);
tmp16 &= ~PCI_EXP_LNKCTL_HAWD;
tmp16 |= (gpu_cfg & PCI_EXP_LNKCTL_HAWD);
- pci_write_config_word(rdev->pdev, gpu_pos + PCI_EXP_LNKCTL, tmp16);
+ pcie_capability_write_word(rdev->pdev,
+ PCI_EXP_LNKCTL,
+ tmp16);
/* linkctl2 */
- pci_read_config_word(root, bridge_pos + PCI_EXP_LNKCTL2, &tmp16);
+ pcie_capability_read_word(root, PCI_EXP_LNKCTL2,
+ &tmp16);
tmp16 &= ~(PCI_EXP_LNKCTL2_ENTER_COMP |
PCI_EXP_LNKCTL2_TX_MARGIN);
tmp16 |= (bridge_cfg2 &
(PCI_EXP_LNKCTL2_ENTER_COMP |
PCI_EXP_LNKCTL2_TX_MARGIN));
- pci_write_config_word(root, bridge_pos + PCI_EXP_LNKCTL2, tmp16);
+ pcie_capability_write_word(root,
+ PCI_EXP_LNKCTL2,
+ tmp16);
- pci_read_config_word(rdev->pdev, gpu_pos + PCI_EXP_LNKCTL2, &tmp16);
+ pcie_capability_read_word(rdev->pdev,
+ PCI_EXP_LNKCTL2,
+ &tmp16);
tmp16 &= ~(PCI_EXP_LNKCTL2_ENTER_COMP |
PCI_EXP_LNKCTL2_TX_MARGIN);
tmp16 |= (gpu_cfg2 &
(PCI_EXP_LNKCTL2_ENTER_COMP |
PCI_EXP_LNKCTL2_TX_MARGIN));
- pci_write_config_word(rdev->pdev, gpu_pos + PCI_EXP_LNKCTL2, tmp16);
+ pcie_capability_write_word(rdev->pdev,
+ PCI_EXP_LNKCTL2,
+ tmp16);
tmp = RREG32_PCIE_PORT(PCIE_LC_CNTL4);
tmp &= ~LC_SET_QUIESCE;
@@ -7229,7 +7248,7 @@ static void si_pcie_gen3_enable(struct radeon_device *rdev)
speed_cntl &= ~LC_FORCE_DIS_SW_SPEED_CHANGE;
WREG32_PCIE_PORT(PCIE_LC_SPEED_CNTL, speed_cntl);
- pci_read_config_word(rdev->pdev, gpu_pos + PCI_EXP_LNKCTL2, &tmp16);
+ pcie_capability_read_word(rdev->pdev, PCI_EXP_LNKCTL2, &tmp16);
tmp16 &= ~PCI_EXP_LNKCTL2_TLS;
if (speed_cap == PCIE_SPEED_8_0GT)
tmp16 |= PCI_EXP_LNKCTL2_TLS_8_0GT; /* gen3 */
@@ -7237,7 +7256,7 @@ static void si_pcie_gen3_enable(struct radeon_device *rdev)
tmp16 |= PCI_EXP_LNKCTL2_TLS_5_0GT; /* gen2 */
else
tmp16 |= PCI_EXP_LNKCTL2_TLS_2_5GT; /* gen1 */
- pci_write_config_word(rdev->pdev, gpu_pos + PCI_EXP_LNKCTL2, tmp16);
+ pcie_capability_write_word(rdev->pdev, PCI_EXP_LNKCTL2, tmp16);
speed_cntl = RREG32_PCIE_PORT(PCIE_LC_SPEED_CNTL);
speed_cntl |= LC_INITIATE_LINK_SPEED_CHANGE;
--
2.40.1
^ permalink raw reply related [flat|nested] 396+ messages in thread
* [PATCH 5.4 142/367] drm/radeon: Use RMW accessors for changing LNKCTL
2023-09-20 11:26 [PATCH 5.4 000/367] 5.4.257-rc1 review Greg Kroah-Hartman
` (140 preceding siblings ...)
2023-09-20 11:28 ` [PATCH 5.4 141/367] drm/radeon: Prefer pcie_capability_read_word() Greg Kroah-Hartman
@ 2023-09-20 11:28 ` Greg Kroah-Hartman
2023-09-20 11:28 ` [PATCH 5.4 143/367] wifi: ath10k: " Greg Kroah-Hartman
` (230 subsequent siblings)
372 siblings, 0 replies; 396+ messages in thread
From: Greg Kroah-Hartman @ 2023-09-20 11:28 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Lukas Wunner, Ilpo Järvinen,
Bjorn Helgaas, Alex Deucher, Sasha Levin
5.4-stable review patch. If anyone has any objections, please let me know.
------------------
From: Ilpo Järvinen <ilpo.jarvinen@linux.intel.com>
[ Upstream commit 7189576e8a829130192b33c5b64e8a475369c776 ]
Don't assume that only the driver would be accessing LNKCTL. ASPM policy
changes can trigger write to LNKCTL outside of driver's control. And in
the case of upstream bridge, the driver does not even own the device it's
changing the registers for.
Use RMW capability accessors which do proper locking to avoid losing
concurrent updates to the register value.
Suggested-by: Lukas Wunner <lukas@wunner.de>
Fixes: 8a7cd27679d0 ("drm/radeon/cik: add support for pcie gen1/2/3 switching")
Fixes: b9d305dfb66c ("drm/radeon: implement pcie gen2/3 support for SI")
Link: https://lore.kernel.org/r/20230717120503.15276-7-ilpo.jarvinen@linux.intel.com
Signed-off-by: Ilpo Järvinen <ilpo.jarvinen@linux.intel.com>
Signed-off-by: Bjorn Helgaas <bhelgaas@google.com>
Acked-by: Alex Deucher <alexander.deucher@amd.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/gpu/drm/radeon/cik.c | 36 ++++++++++-------------------------
drivers/gpu/drm/radeon/si.c | 37 ++++++++++--------------------------
2 files changed, 20 insertions(+), 53 deletions(-)
diff --git a/drivers/gpu/drm/radeon/cik.c b/drivers/gpu/drm/radeon/cik.c
index 6476f901b63e6..c338bb82a1226 100644
--- a/drivers/gpu/drm/radeon/cik.c
+++ b/drivers/gpu/drm/radeon/cik.c
@@ -9555,17 +9555,8 @@ static void cik_pcie_gen3_enable(struct radeon_device *rdev)
u16 bridge_cfg2, gpu_cfg2;
u32 max_lw, current_lw, tmp;
- pcie_capability_read_word(root, PCI_EXP_LNKCTL,
- &bridge_cfg);
- pcie_capability_read_word(rdev->pdev, PCI_EXP_LNKCTL,
- &gpu_cfg);
-
- tmp16 = bridge_cfg | PCI_EXP_LNKCTL_HAWD;
- pcie_capability_write_word(root, PCI_EXP_LNKCTL, tmp16);
-
- tmp16 = gpu_cfg | PCI_EXP_LNKCTL_HAWD;
- pcie_capability_write_word(rdev->pdev, PCI_EXP_LNKCTL,
- tmp16);
+ pcie_capability_set_word(root, PCI_EXP_LNKCTL, PCI_EXP_LNKCTL_HAWD);
+ pcie_capability_set_word(rdev->pdev, PCI_EXP_LNKCTL, PCI_EXP_LNKCTL_HAWD);
tmp = RREG32_PCIE_PORT(PCIE_LC_STATUS1);
max_lw = (tmp & LC_DETECTED_LINK_WIDTH_MASK) >> LC_DETECTED_LINK_WIDTH_SHIFT;
@@ -9612,21 +9603,14 @@ static void cik_pcie_gen3_enable(struct radeon_device *rdev)
msleep(100);
/* linkctl */
- pcie_capability_read_word(root, PCI_EXP_LNKCTL,
- &tmp16);
- tmp16 &= ~PCI_EXP_LNKCTL_HAWD;
- tmp16 |= (bridge_cfg & PCI_EXP_LNKCTL_HAWD);
- pcie_capability_write_word(root, PCI_EXP_LNKCTL,
- tmp16);
-
- pcie_capability_read_word(rdev->pdev,
- PCI_EXP_LNKCTL,
- &tmp16);
- tmp16 &= ~PCI_EXP_LNKCTL_HAWD;
- tmp16 |= (gpu_cfg & PCI_EXP_LNKCTL_HAWD);
- pcie_capability_write_word(rdev->pdev,
- PCI_EXP_LNKCTL,
- tmp16);
+ pcie_capability_clear_and_set_word(root, PCI_EXP_LNKCTL,
+ PCI_EXP_LNKCTL_HAWD,
+ bridge_cfg &
+ PCI_EXP_LNKCTL_HAWD);
+ pcie_capability_clear_and_set_word(rdev->pdev, PCI_EXP_LNKCTL,
+ PCI_EXP_LNKCTL_HAWD,
+ gpu_cfg &
+ PCI_EXP_LNKCTL_HAWD);
/* linkctl2 */
pcie_capability_read_word(root, PCI_EXP_LNKCTL2,
diff --git a/drivers/gpu/drm/radeon/si.c b/drivers/gpu/drm/radeon/si.c
index d7eea75b2c277..74cbed9377f09 100644
--- a/drivers/gpu/drm/radeon/si.c
+++ b/drivers/gpu/drm/radeon/si.c
@@ -7138,17 +7138,8 @@ static void si_pcie_gen3_enable(struct radeon_device *rdev)
u16 bridge_cfg2, gpu_cfg2;
u32 max_lw, current_lw, tmp;
- pcie_capability_read_word(root, PCI_EXP_LNKCTL,
- &bridge_cfg);
- pcie_capability_read_word(rdev->pdev, PCI_EXP_LNKCTL,
- &gpu_cfg);
-
- tmp16 = bridge_cfg | PCI_EXP_LNKCTL_HAWD;
- pcie_capability_write_word(root, PCI_EXP_LNKCTL, tmp16);
-
- tmp16 = gpu_cfg | PCI_EXP_LNKCTL_HAWD;
- pcie_capability_write_word(rdev->pdev, PCI_EXP_LNKCTL,
- tmp16);
+ pcie_capability_set_word(root, PCI_EXP_LNKCTL, PCI_EXP_LNKCTL_HAWD);
+ pcie_capability_set_word(rdev->pdev, PCI_EXP_LNKCTL, PCI_EXP_LNKCTL_HAWD);
tmp = RREG32_PCIE(PCIE_LC_STATUS1);
max_lw = (tmp & LC_DETECTED_LINK_WIDTH_MASK) >> LC_DETECTED_LINK_WIDTH_SHIFT;
@@ -7195,22 +7186,14 @@ static void si_pcie_gen3_enable(struct radeon_device *rdev)
msleep(100);
/* linkctl */
- pcie_capability_read_word(root, PCI_EXP_LNKCTL,
- &tmp16);
- tmp16 &= ~PCI_EXP_LNKCTL_HAWD;
- tmp16 |= (bridge_cfg & PCI_EXP_LNKCTL_HAWD);
- pcie_capability_write_word(root,
- PCI_EXP_LNKCTL,
- tmp16);
-
- pcie_capability_read_word(rdev->pdev,
- PCI_EXP_LNKCTL,
- &tmp16);
- tmp16 &= ~PCI_EXP_LNKCTL_HAWD;
- tmp16 |= (gpu_cfg & PCI_EXP_LNKCTL_HAWD);
- pcie_capability_write_word(rdev->pdev,
- PCI_EXP_LNKCTL,
- tmp16);
+ pcie_capability_clear_and_set_word(root, PCI_EXP_LNKCTL,
+ PCI_EXP_LNKCTL_HAWD,
+ bridge_cfg &
+ PCI_EXP_LNKCTL_HAWD);
+ pcie_capability_clear_and_set_word(rdev->pdev, PCI_EXP_LNKCTL,
+ PCI_EXP_LNKCTL_HAWD,
+ gpu_cfg &
+ PCI_EXP_LNKCTL_HAWD);
/* linkctl2 */
pcie_capability_read_word(root, PCI_EXP_LNKCTL2,
--
2.40.1
^ permalink raw reply related [flat|nested] 396+ messages in thread
* [PATCH 5.4 143/367] wifi: ath10k: Use RMW accessors for changing LNKCTL
2023-09-20 11:26 [PATCH 5.4 000/367] 5.4.257-rc1 review Greg Kroah-Hartman
` (141 preceding siblings ...)
2023-09-20 11:28 ` [PATCH 5.4 142/367] drm/radeon: Use RMW accessors for changing LNKCTL Greg Kroah-Hartman
@ 2023-09-20 11:28 ` Greg Kroah-Hartman
2023-09-20 11:28 ` [PATCH 5.4 144/367] nfs/blocklayout: Use the passed in gfp flags Greg Kroah-Hartman
` (229 subsequent siblings)
372 siblings, 0 replies; 396+ messages in thread
From: Greg Kroah-Hartman @ 2023-09-20 11:28 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Lukas Wunner, Ilpo Järvinen,
Bjorn Helgaas, Simon Horman, Kalle Valo, Sasha Levin
5.4-stable review patch. If anyone has any objections, please let me know.
------------------
From: Ilpo Järvinen <ilpo.jarvinen@linux.intel.com>
[ Upstream commit f139492a09f15254fa261245cdbd65555cdf39e3 ]
Don't assume that only the driver would be accessing LNKCTL. ASPM policy
changes can trigger write to LNKCTL outside of driver's control.
Use RMW capability accessors which does proper locking to avoid losing
concurrent updates to the register value. On restore, clear the ASPMC field
properly.
Suggested-by: Lukas Wunner <lukas@wunner.de>
Fixes: 76d870ed09ab ("ath10k: enable ASPM")
Link: https://lore.kernel.org/r/20230717120503.15276-11-ilpo.jarvinen@linux.intel.com
Signed-off-by: Ilpo Järvinen <ilpo.jarvinen@linux.intel.com>
Signed-off-by: Bjorn Helgaas <bhelgaas@google.com>
Reviewed-by: Simon Horman <simon.horman@corigine.com>
Acked-by: Kalle Valo <kvalo@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/wireless/ath/ath10k/pci.c | 9 +++++----
1 file changed, 5 insertions(+), 4 deletions(-)
diff --git a/drivers/net/wireless/ath/ath10k/pci.c b/drivers/net/wireless/ath/ath10k/pci.c
index c28328c96307b..464dd0246a97d 100644
--- a/drivers/net/wireless/ath/ath10k/pci.c
+++ b/drivers/net/wireless/ath/ath10k/pci.c
@@ -1960,8 +1960,9 @@ static int ath10k_pci_hif_start(struct ath10k *ar)
ath10k_pci_irq_enable(ar);
ath10k_pci_rx_post(ar);
- pcie_capability_write_word(ar_pci->pdev, PCI_EXP_LNKCTL,
- ar_pci->link_ctl);
+ pcie_capability_clear_and_set_word(ar_pci->pdev, PCI_EXP_LNKCTL,
+ PCI_EXP_LNKCTL_ASPMC,
+ ar_pci->link_ctl & PCI_EXP_LNKCTL_ASPMC);
return 0;
}
@@ -2818,8 +2819,8 @@ static int ath10k_pci_hif_power_up(struct ath10k *ar,
pcie_capability_read_word(ar_pci->pdev, PCI_EXP_LNKCTL,
&ar_pci->link_ctl);
- pcie_capability_write_word(ar_pci->pdev, PCI_EXP_LNKCTL,
- ar_pci->link_ctl & ~PCI_EXP_LNKCTL_ASPMC);
+ pcie_capability_clear_word(ar_pci->pdev, PCI_EXP_LNKCTL,
+ PCI_EXP_LNKCTL_ASPMC);
/*
* Bring the target up cleanly.
--
2.40.1
^ permalink raw reply related [flat|nested] 396+ messages in thread
* [PATCH 5.4 144/367] nfs/blocklayout: Use the passed in gfp flags
2023-09-20 11:26 [PATCH 5.4 000/367] 5.4.257-rc1 review Greg Kroah-Hartman
` (142 preceding siblings ...)
2023-09-20 11:28 ` [PATCH 5.4 143/367] wifi: ath10k: " Greg Kroah-Hartman
@ 2023-09-20 11:28 ` Greg Kroah-Hartman
2023-09-20 11:28 ` [PATCH 5.4 145/367] powerpc/iommu: Fix notifiers being shared by PCI and VIO buses Greg Kroah-Hartman
` (228 subsequent siblings)
372 siblings, 0 replies; 396+ messages in thread
From: Greg Kroah-Hartman @ 2023-09-20 11:28 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Dan Carpenter, Christoph Hellwig,
Anna Schumaker, Sasha Levin
5.4-stable review patch. If anyone has any objections, please let me know.
------------------
From: Dan Carpenter <dan.carpenter@linaro.org>
[ Upstream commit 08b45fcb2d4675f6182fe0edc0d8b1fe604051fa ]
This allocation should use the passed in GFP_ flags instead of
GFP_KERNEL. One places where this matters is in filelayout_pg_init_write()
which uses GFP_NOFS as the allocation flags.
Fixes: 5c83746a0cf2 ("pnfs/blocklayout: in-kernel GETDEVICEINFO XDR parsing")
Signed-off-by: Dan Carpenter <dan.carpenter@linaro.org>
Reviewed-by: Christoph Hellwig <hch@lst.de>
Signed-off-by: Anna Schumaker <Anna.Schumaker@Netapp.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
fs/nfs/blocklayout/dev.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/fs/nfs/blocklayout/dev.c b/fs/nfs/blocklayout/dev.c
index dec5880ac6de2..6e3a14fdff9c8 100644
--- a/fs/nfs/blocklayout/dev.c
+++ b/fs/nfs/blocklayout/dev.c
@@ -422,7 +422,7 @@ bl_parse_concat(struct nfs_server *server, struct pnfs_block_dev *d,
int ret, i;
d->children = kcalloc(v->concat.volumes_count,
- sizeof(struct pnfs_block_dev), GFP_KERNEL);
+ sizeof(struct pnfs_block_dev), gfp_mask);
if (!d->children)
return -ENOMEM;
@@ -451,7 +451,7 @@ bl_parse_stripe(struct nfs_server *server, struct pnfs_block_dev *d,
int ret, i;
d->children = kcalloc(v->stripe.volumes_count,
- sizeof(struct pnfs_block_dev), GFP_KERNEL);
+ sizeof(struct pnfs_block_dev), gfp_mask);
if (!d->children)
return -ENOMEM;
--
2.40.1
^ permalink raw reply related [flat|nested] 396+ messages in thread
* [PATCH 5.4 145/367] powerpc/iommu: Fix notifiers being shared by PCI and VIO buses
2023-09-20 11:26 [PATCH 5.4 000/367] 5.4.257-rc1 review Greg Kroah-Hartman
` (143 preceding siblings ...)
2023-09-20 11:28 ` [PATCH 5.4 144/367] nfs/blocklayout: Use the passed in gfp flags Greg Kroah-Hartman
@ 2023-09-20 11:28 ` Greg Kroah-Hartman
2023-09-20 11:28 ` [PATCH 5.4 146/367] jfs: validate max amount of blocks before allocation Greg Kroah-Hartman
` (227 subsequent siblings)
372 siblings, 0 replies; 396+ messages in thread
From: Greg Kroah-Hartman @ 2023-09-20 11:28 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Nageswara R Sastry, Russell Currey,
Andrew Donnellan, Michael Ellerman, Sasha Levin
5.4-stable review patch. If anyone has any objections, please let me know.
------------------
From: Russell Currey <ruscur@russell.cc>
[ Upstream commit c37b6908f7b2bd24dcaaf14a180e28c9132b9c58 ]
fail_iommu_setup() registers the fail_iommu_bus_notifier struct to both
PCI and VIO buses. struct notifier_block is a linked list node, so this
causes any notifiers later registered to either bus type to also be
registered to the other since they share the same node.
This causes issues in (at least) the vgaarb code, which registers a
notifier for PCI buses. pci_notify() ends up being called on a vio
device, converted with to_pci_dev() even though it's not a PCI device,
and finally makes a bad access in vga_arbiter_add_pci_device() as
discovered with KASAN:
BUG: KASAN: slab-out-of-bounds in vga_arbiter_add_pci_device+0x60/0xe00
Read of size 4 at addr c000000264c26fdc by task swapper/0/1
Call Trace:
dump_stack_lvl+0x1bc/0x2b8 (unreliable)
print_report+0x3f4/0xc60
kasan_report+0x244/0x698
__asan_load4+0xe8/0x250
vga_arbiter_add_pci_device+0x60/0xe00
pci_notify+0x88/0x444
notifier_call_chain+0x104/0x320
blocking_notifier_call_chain+0xa0/0x140
device_add+0xac8/0x1d30
device_register+0x58/0x80
vio_register_device_node+0x9ac/0xce0
vio_bus_scan_register_devices+0xc4/0x13c
__machine_initcall_pseries_vio_device_init+0x94/0xf0
do_one_initcall+0x12c/0xaa8
kernel_init_freeable+0xa48/0xba8
kernel_init+0x64/0x400
ret_from_kernel_thread+0x5c/0x64
Fix this by creating separate notifier_block structs for each bus type.
Fixes: d6b9a81b2a45 ("powerpc: IOMMU fault injection")
Reported-by: Nageswara R Sastry <rnsastry@linux.ibm.com>
Signed-off-by: Russell Currey <ruscur@russell.cc>
Tested-by: Nageswara R Sastry <rnsastry@linux.ibm.com>
Reviewed-by: Andrew Donnellan <ajd@linux.ibm.com>
[mpe: Add #ifdef to fix CONFIG_IBMVIO=n build]
Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>
Link: https://msgid.link/20230322035322.328709-1-ruscur@russell.cc
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/powerpc/kernel/iommu.c | 17 ++++++++++++++---
1 file changed, 14 insertions(+), 3 deletions(-)
diff --git a/arch/powerpc/kernel/iommu.c b/arch/powerpc/kernel/iommu.c
index d7d42bd448c4a..dd062eef533b1 100644
--- a/arch/powerpc/kernel/iommu.c
+++ b/arch/powerpc/kernel/iommu.c
@@ -133,17 +133,28 @@ static int fail_iommu_bus_notify(struct notifier_block *nb,
return 0;
}
-static struct notifier_block fail_iommu_bus_notifier = {
+/*
+ * PCI and VIO buses need separate notifier_block structs, since they're linked
+ * list nodes. Sharing a notifier_block would mean that any notifiers later
+ * registered for PCI buses would also get called by VIO buses and vice versa.
+ */
+static struct notifier_block fail_iommu_pci_bus_notifier = {
.notifier_call = fail_iommu_bus_notify
};
+#ifdef CONFIG_IBMVIO
+static struct notifier_block fail_iommu_vio_bus_notifier = {
+ .notifier_call = fail_iommu_bus_notify
+};
+#endif
+
static int __init fail_iommu_setup(void)
{
#ifdef CONFIG_PCI
- bus_register_notifier(&pci_bus_type, &fail_iommu_bus_notifier);
+ bus_register_notifier(&pci_bus_type, &fail_iommu_pci_bus_notifier);
#endif
#ifdef CONFIG_IBMVIO
- bus_register_notifier(&vio_bus_type, &fail_iommu_bus_notifier);
+ bus_register_notifier(&vio_bus_type, &fail_iommu_vio_bus_notifier);
#endif
return 0;
--
2.40.1
^ permalink raw reply related [flat|nested] 396+ messages in thread
* [PATCH 5.4 146/367] jfs: validate max amount of blocks before allocation.
2023-09-20 11:26 [PATCH 5.4 000/367] 5.4.257-rc1 review Greg Kroah-Hartman
` (144 preceding siblings ...)
2023-09-20 11:28 ` [PATCH 5.4 145/367] powerpc/iommu: Fix notifiers being shared by PCI and VIO buses Greg Kroah-Hartman
@ 2023-09-20 11:28 ` Greg Kroah-Hartman
2023-09-20 11:28 ` [PATCH 5.4 147/367] fs: lockd: avoid possible wrong NULL parameter Greg Kroah-Hartman
` (226 subsequent siblings)
372 siblings, 0 replies; 396+ messages in thread
From: Greg Kroah-Hartman @ 2023-09-20 11:28 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Aleksei Filippov, Dave Kleikamp,
Sasha Levin, syzbot+5f088f29593e6b4c8db8
5.4-stable review patch. If anyone has any objections, please let me know.
------------------
From: Alexei Filippov <halip0503@gmail.com>
[ Upstream commit 0225e10972fa809728b8d4c1bd2772b3ec3fdb57 ]
The lack of checking bmp->db_max_freebud in extBalloc() can lead to
shift out of bounds, so this patch prevents undefined behavior, because
bmp->db_max_freebud == -1 only if there is no free space.
Signed-off-by: Aleksei Filippov <halip0503@gmail.com>
Signed-off-by: Dave Kleikamp <dave.kleikamp@oracle.com>
Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2")
Reported-and-tested-by: syzbot+5f088f29593e6b4c8db8@syzkaller.appspotmail.com
Closes: https://syzkaller.appspot.com/bug?id=01abadbd6ae6a08b1f1987aa61554c6b3ac19ff2
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
fs/jfs/jfs_extent.c | 5 +++++
1 file changed, 5 insertions(+)
diff --git a/fs/jfs/jfs_extent.c b/fs/jfs/jfs_extent.c
index f65bd6b35412b..d4e063dbb9a0b 100644
--- a/fs/jfs/jfs_extent.c
+++ b/fs/jfs/jfs_extent.c
@@ -508,6 +508,11 @@ extBalloc(struct inode *ip, s64 hint, s64 * nblocks, s64 * blkno)
* blocks in the map. in that case, we'll start off with the
* maximum free.
*/
+
+ /* give up if no space left */
+ if (bmp->db_maxfreebud == -1)
+ return -ENOSPC;
+
max = (s64) 1 << bmp->db_maxfreebud;
if (*nblocks >= max && *nblocks > nbperpage)
nb = nblks = (max > nbperpage) ? max : nbperpage;
--
2.40.1
^ permalink raw reply related [flat|nested] 396+ messages in thread
* [PATCH 5.4 147/367] fs: lockd: avoid possible wrong NULL parameter
2023-09-20 11:26 [PATCH 5.4 000/367] 5.4.257-rc1 review Greg Kroah-Hartman
` (145 preceding siblings ...)
2023-09-20 11:28 ` [PATCH 5.4 146/367] jfs: validate max amount of blocks before allocation Greg Kroah-Hartman
@ 2023-09-20 11:28 ` Greg Kroah-Hartman
2023-09-20 11:28 ` [PATCH 5.4 148/367] NFSD: da_addr_body field missing in some GETDEVICEINFO replies Greg Kroah-Hartman
` (225 subsequent siblings)
372 siblings, 0 replies; 396+ messages in thread
From: Greg Kroah-Hartman @ 2023-09-20 11:28 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Su Hui, Nick Desaulniers,
Jeff Layton, Chuck Lever, Sasha Levin
5.4-stable review patch. If anyone has any objections, please let me know.
------------------
From: Su Hui <suhui@nfschina.com>
[ Upstream commit de8d38cf44bac43e83bad28357ba84784c412752 ]
clang's static analysis warning: fs/lockd/mon.c: line 293, column 2:
Null pointer passed as 2nd argument to memory copy function.
Assuming 'hostname' is NULL and calling 'nsm_create_handle()', this will
pass NULL as 2nd argument to memory copy function 'memcpy()'. So return
NULL if 'hostname' is invalid.
Fixes: 77a3ef33e2de ("NSM: More clean up of nsm_get_handle()")
Signed-off-by: Su Hui <suhui@nfschina.com>
Reviewed-by: Nick Desaulniers <ndesaulniers@google.com>
Reviewed-by: Jeff Layton <jlayton@kernel.org>
Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
fs/lockd/mon.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/fs/lockd/mon.c b/fs/lockd/mon.c
index 1eabd91870e6f..d770a41f85695 100644
--- a/fs/lockd/mon.c
+++ b/fs/lockd/mon.c
@@ -276,6 +276,9 @@ static struct nsm_handle *nsm_create_handle(const struct sockaddr *sap,
{
struct nsm_handle *new;
+ if (!hostname)
+ return NULL;
+
new = kzalloc(sizeof(*new) + hostname_len + 1, GFP_KERNEL);
if (unlikely(new == NULL))
return NULL;
--
2.40.1
^ permalink raw reply related [flat|nested] 396+ messages in thread
* [PATCH 5.4 148/367] NFSD: da_addr_body field missing in some GETDEVICEINFO replies
2023-09-20 11:26 [PATCH 5.4 000/367] 5.4.257-rc1 review Greg Kroah-Hartman
` (146 preceding siblings ...)
2023-09-20 11:28 ` [PATCH 5.4 147/367] fs: lockd: avoid possible wrong NULL parameter Greg Kroah-Hartman
@ 2023-09-20 11:28 ` Greg Kroah-Hartman
2023-09-20 11:28 ` [PATCH 5.4 149/367] NFS: Guard against READDIR loop when entry names exceed MAXNAMELEN Greg Kroah-Hartman
` (224 subsequent siblings)
372 siblings, 0 replies; 396+ messages in thread
From: Greg Kroah-Hartman @ 2023-09-20 11:28 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Christoph Hellwig, Tom Haynes,
Chuck Lever, Sasha Levin
5.4-stable review patch. If anyone has any objections, please let me know.
------------------
From: Chuck Lever <chuck.lever@oracle.com>
[ Upstream commit 6372e2ee629894433fe6107d7048536a3280a284 ]
The XDR specification in RFC 8881 looks like this:
struct device_addr4 {
layouttype4 da_layout_type;
opaque da_addr_body<>;
};
struct GETDEVICEINFO4resok {
device_addr4 gdir_device_addr;
bitmap4 gdir_notification;
};
union GETDEVICEINFO4res switch (nfsstat4 gdir_status) {
case NFS4_OK:
GETDEVICEINFO4resok gdir_resok4;
case NFS4ERR_TOOSMALL:
count4 gdir_mincount;
default:
void;
};
Looking at nfsd4_encode_getdeviceinfo() ....
When the client provides a zero gd_maxcount, then the Linux NFS
server implementation encodes the da_layout_type field and then
skips the da_addr_body field completely, proceeding directly to
encode gdir_notification field.
There does not appear to be an option in the specification to skip
encoding da_addr_body. Moreover, Section 18.40.3 says:
> If the client wants to just update or turn off notifications, it
> MAY send a GETDEVICEINFO operation with gdia_maxcount set to zero.
> In that event, if the device ID is valid, the reply's da_addr_body
> field of the gdir_device_addr field will be of zero length.
Since the layout drivers are responsible for encoding the
da_addr_body field, put this fix inside the ->encode_getdeviceinfo
methods.
Fixes: 9cf514ccfacb ("nfsd: implement pNFS operations")
Reviewed-by: Christoph Hellwig <hch@lst.de>
Cc: Tom Haynes <loghyr@gmail.com>
Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
fs/nfsd/blocklayoutxdr.c | 9 +++++++++
fs/nfsd/flexfilelayoutxdr.c | 9 +++++++++
fs/nfsd/nfs4xdr.c | 25 +++++++++++--------------
3 files changed, 29 insertions(+), 14 deletions(-)
diff --git a/fs/nfsd/blocklayoutxdr.c b/fs/nfsd/blocklayoutxdr.c
index 442543304930b..2455dc8be18a8 100644
--- a/fs/nfsd/blocklayoutxdr.c
+++ b/fs/nfsd/blocklayoutxdr.c
@@ -82,6 +82,15 @@ nfsd4_block_encode_getdeviceinfo(struct xdr_stream *xdr,
int len = sizeof(__be32), ret, i;
__be32 *p;
+ /*
+ * See paragraph 5 of RFC 8881 S18.40.3.
+ */
+ if (!gdp->gd_maxcount) {
+ if (xdr_stream_encode_u32(xdr, 0) != XDR_UNIT)
+ return nfserr_resource;
+ return nfs_ok;
+ }
+
p = xdr_reserve_space(xdr, len + sizeof(__be32));
if (!p)
return nfserr_resource;
diff --git a/fs/nfsd/flexfilelayoutxdr.c b/fs/nfsd/flexfilelayoutxdr.c
index e81d2a5cf381e..bb205328e043d 100644
--- a/fs/nfsd/flexfilelayoutxdr.c
+++ b/fs/nfsd/flexfilelayoutxdr.c
@@ -85,6 +85,15 @@ nfsd4_ff_encode_getdeviceinfo(struct xdr_stream *xdr,
int addr_len;
__be32 *p;
+ /*
+ * See paragraph 5 of RFC 8881 S18.40.3.
+ */
+ if (!gdp->gd_maxcount) {
+ if (xdr_stream_encode_u32(xdr, 0) != XDR_UNIT)
+ return nfserr_resource;
+ return nfs_ok;
+ }
+
/* len + padding for two strings */
addr_len = 16 + da->netaddr.netid_len + da->netaddr.addr_len;
ver_len = 20;
diff --git a/fs/nfsd/nfs4xdr.c b/fs/nfsd/nfs4xdr.c
index 3d7b0ad4157df..1d24fff2709c5 100644
--- a/fs/nfsd/nfs4xdr.c
+++ b/fs/nfsd/nfs4xdr.c
@@ -4126,20 +4126,17 @@ nfsd4_encode_getdeviceinfo(struct nfsd4_compoundres *resp, __be32 nfserr,
*p++ = cpu_to_be32(gdev->gd_layout_type);
- /* If maxcount is 0 then just update notifications */
- if (gdev->gd_maxcount != 0) {
- ops = nfsd4_layout_ops[gdev->gd_layout_type];
- nfserr = ops->encode_getdeviceinfo(xdr, gdev);
- if (nfserr) {
- /*
- * We don't bother to burden the layout drivers with
- * enforcing gd_maxcount, just tell the client to
- * come back with a bigger buffer if it's not enough.
- */
- if (xdr->buf->len + 4 > gdev->gd_maxcount)
- goto toosmall;
- return nfserr;
- }
+ ops = nfsd4_layout_ops[gdev->gd_layout_type];
+ nfserr = ops->encode_getdeviceinfo(xdr, gdev);
+ if (nfserr) {
+ /*
+ * We don't bother to burden the layout drivers with
+ * enforcing gd_maxcount, just tell the client to
+ * come back with a bigger buffer if it's not enough.
+ */
+ if (xdr->buf->len + 4 > gdev->gd_maxcount)
+ goto toosmall;
+ return nfserr;
}
if (gdev->gd_notify_types) {
--
2.40.1
^ permalink raw reply related [flat|nested] 396+ messages in thread
* [PATCH 5.4 149/367] NFS: Guard against READDIR loop when entry names exceed MAXNAMELEN
2023-09-20 11:26 [PATCH 5.4 000/367] 5.4.257-rc1 review Greg Kroah-Hartman
` (147 preceding siblings ...)
2023-09-20 11:28 ` [PATCH 5.4 148/367] NFSD: da_addr_body field missing in some GETDEVICEINFO replies Greg Kroah-Hartman
@ 2023-09-20 11:28 ` Greg Kroah-Hartman
2023-09-20 11:28 ` [PATCH 5.4 150/367] media: v4l2-fwnode: fix v4l2_fwnode_parse_link handling Greg Kroah-Hartman
` (223 subsequent siblings)
372 siblings, 0 replies; 396+ messages in thread
From: Greg Kroah-Hartman @ 2023-09-20 11:28 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Benjamin Coddington, Anna Schumaker,
Sasha Levin
5.4-stable review patch. If anyone has any objections, please let me know.
------------------
From: Benjamin Coddington <bcodding@redhat.com>
[ Upstream commit f67b55b6588bcf9316a1e6e8d529100a5aa3ebe6 ]
Commit 64cfca85bacd asserts the only valid return values for
nfs2/3_decode_dirent should not include -ENAMETOOLONG, but for a server
that sends a filename3 which exceeds MAXNAMELEN in a READDIR response the
client's behavior will be to endlessly retry the operation.
We could map -ENAMETOOLONG into -EBADCOOKIE, but that would produce
truncated listings without any error. The client should return an error
for this case to clearly assert that the server implementation must be
corrected.
Fixes: 64cfca85bacd ("NFS: Return valid errors from nfs2/3_decode_dirent()")
Signed-off-by: Benjamin Coddington <bcodding@redhat.com>
Signed-off-by: Anna Schumaker <Anna.Schumaker@Netapp.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
fs/nfs/nfs2xdr.c | 2 +-
fs/nfs/nfs3xdr.c | 2 +-
2 files changed, 2 insertions(+), 2 deletions(-)
diff --git a/fs/nfs/nfs2xdr.c b/fs/nfs/nfs2xdr.c
index af557dc2cfe1d..6b783e2d28554 100644
--- a/fs/nfs/nfs2xdr.c
+++ b/fs/nfs/nfs2xdr.c
@@ -953,7 +953,7 @@ int nfs2_decode_dirent(struct xdr_stream *xdr, struct nfs_entry *entry,
error = decode_filename_inline(xdr, &entry->name, &entry->len);
if (unlikely(error))
- return -EAGAIN;
+ return error == -ENAMETOOLONG ? -ENAMETOOLONG : -EAGAIN;
/*
* The type (size and byte order) of nfscookie isn't defined in
diff --git a/fs/nfs/nfs3xdr.c b/fs/nfs/nfs3xdr.c
index 84369d51353a5..6d8768ce370d2 100644
--- a/fs/nfs/nfs3xdr.c
+++ b/fs/nfs/nfs3xdr.c
@@ -1991,7 +1991,7 @@ int nfs3_decode_dirent(struct xdr_stream *xdr, struct nfs_entry *entry,
error = decode_inline_filename3(xdr, &entry->name, &entry->len);
if (unlikely(error))
- return -EAGAIN;
+ return error == -ENAMETOOLONG ? -ENAMETOOLONG : -EAGAIN;
error = decode_cookie3(xdr, &new_cookie);
if (unlikely(error))
--
2.40.1
^ permalink raw reply related [flat|nested] 396+ messages in thread
* [PATCH 5.4 150/367] media: v4l2-fwnode: fix v4l2_fwnode_parse_link handling
2023-09-20 11:26 [PATCH 5.4 000/367] 5.4.257-rc1 review Greg Kroah-Hartman
` (148 preceding siblings ...)
2023-09-20 11:28 ` [PATCH 5.4 149/367] NFS: Guard against READDIR loop when entry names exceed MAXNAMELEN Greg Kroah-Hartman
@ 2023-09-20 11:28 ` Greg Kroah-Hartman
2023-09-20 11:28 ` [PATCH 5.4 151/367] media: v4l2-fwnode: simplify v4l2_fwnode_parse_link Greg Kroah-Hartman
` (222 subsequent siblings)
372 siblings, 0 replies; 396+ messages in thread
From: Greg Kroah-Hartman @ 2023-09-20 11:28 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Marco Felsch, Sakari Ailus,
Hans Verkuil, Mauro Carvalho Chehab, Sasha Levin
5.4-stable review patch. If anyone has any objections, please let me know.
------------------
From: Marco Felsch <m.felsch@pengutronix.de>
[ Upstream commit 453b0c8304dcbc6eed2836de8fee90bf5bcc7006 ]
Currently the driver differentiate the port number property handling for
ACPI and DT. This is wrong as because ACPI should use the "reg" val too
[1].
[1] https://patchwork.kernel.org/patch/11421985/
Fixes: ca50c197bd96 ("[media] v4l: fwnode: Support generic fwnode for parsing standardised properties")
Signed-off-by: Marco Felsch <m.felsch@pengutronix.de>
Acked-by: Sakari Ailus <sakari.ailus@linux.intel.com>
Signed-off-by: Hans Verkuil <hverkuil-cisco@xs4all.nl>
Signed-off-by: Mauro Carvalho Chehab <mchehab+huawei@kernel.org>
Stable-dep-of: d7b13edd4cb4 ("media: v4l2-core: Fix a potential resource leak in v4l2_fwnode_parse_link()")
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/media/v4l2-core/v4l2-fwnode.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/media/v4l2-core/v4l2-fwnode.c b/drivers/media/v4l2-core/v4l2-fwnode.c
index 48c3b9f72722a..217d67cb31af2 100644
--- a/drivers/media/v4l2-core/v4l2-fwnode.c
+++ b/drivers/media/v4l2-core/v4l2-fwnode.c
@@ -563,7 +563,7 @@ EXPORT_SYMBOL_GPL(v4l2_fwnode_endpoint_alloc_parse);
int v4l2_fwnode_parse_link(struct fwnode_handle *__fwnode,
struct v4l2_fwnode_link *link)
{
- const char *port_prop = is_of_node(__fwnode) ? "reg" : "port";
+ const char *port_prop = "reg";
struct fwnode_handle *fwnode;
memset(link, 0, sizeof(*link));
--
2.40.1
^ permalink raw reply related [flat|nested] 396+ messages in thread
* [PATCH 5.4 151/367] media: v4l2-fwnode: simplify v4l2_fwnode_parse_link
2023-09-20 11:26 [PATCH 5.4 000/367] 5.4.257-rc1 review Greg Kroah-Hartman
` (149 preceding siblings ...)
2023-09-20 11:28 ` [PATCH 5.4 150/367] media: v4l2-fwnode: fix v4l2_fwnode_parse_link handling Greg Kroah-Hartman
@ 2023-09-20 11:28 ` Greg Kroah-Hartman
2023-09-20 11:28 ` [PATCH 5.4 152/367] media: v4l2-core: Fix a potential resource leak in v4l2_fwnode_parse_link() Greg Kroah-Hartman
` (221 subsequent siblings)
372 siblings, 0 replies; 396+ messages in thread
From: Greg Kroah-Hartman @ 2023-09-20 11:28 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Marco Felsch, Hans Verkuil,
Mauro Carvalho Chehab, Sasha Levin
5.4-stable review patch. If anyone has any objections, please let me know.
------------------
From: Marco Felsch <m.felsch@pengutronix.de>
[ Upstream commit 507a0ba93aa1cf2837d2abc4ab0cbad3c29409d3 ]
This helper was introduced before those helpers where awailable. Convert
it to cleanup the code and improbe readability.
Signed-off-by: Marco Felsch <m.felsch@pengutronix.de>
Signed-off-by: Hans Verkuil <hverkuil-cisco@xs4all.nl>
Signed-off-by: Mauro Carvalho Chehab <mchehab+huawei@kernel.org>
Stable-dep-of: d7b13edd4cb4 ("media: v4l2-core: Fix a potential resource leak in v4l2_fwnode_parse_link()")
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/media/v4l2-core/v4l2-fwnode.c | 25 +++++++++----------------
1 file changed, 9 insertions(+), 16 deletions(-)
diff --git a/drivers/media/v4l2-core/v4l2-fwnode.c b/drivers/media/v4l2-core/v4l2-fwnode.c
index 217d67cb31af2..56aad92b80fc9 100644
--- a/drivers/media/v4l2-core/v4l2-fwnode.c
+++ b/drivers/media/v4l2-core/v4l2-fwnode.c
@@ -560,33 +560,26 @@ int v4l2_fwnode_endpoint_alloc_parse(struct fwnode_handle *fwnode,
}
EXPORT_SYMBOL_GPL(v4l2_fwnode_endpoint_alloc_parse);
-int v4l2_fwnode_parse_link(struct fwnode_handle *__fwnode,
+int v4l2_fwnode_parse_link(struct fwnode_handle *fwnode,
struct v4l2_fwnode_link *link)
{
- const char *port_prop = "reg";
- struct fwnode_handle *fwnode;
+ struct fwnode_endpoint fwep;
memset(link, 0, sizeof(*link));
- fwnode = fwnode_get_parent(__fwnode);
- fwnode_property_read_u32(fwnode, port_prop, &link->local_port);
- fwnode = fwnode_get_next_parent(fwnode);
- if (is_of_node(fwnode) && of_node_name_eq(to_of_node(fwnode), "ports"))
- fwnode = fwnode_get_next_parent(fwnode);
- link->local_node = fwnode;
+ fwnode_graph_parse_endpoint(fwnode, &fwep);
+ link->local_port = fwep.port;
+ link->local_node = fwnode_graph_get_port_parent(fwnode);
- fwnode = fwnode_graph_get_remote_endpoint(__fwnode);
+ fwnode = fwnode_graph_get_remote_endpoint(fwnode);
if (!fwnode) {
fwnode_handle_put(fwnode);
return -ENOLINK;
}
- fwnode = fwnode_get_parent(fwnode);
- fwnode_property_read_u32(fwnode, port_prop, &link->remote_port);
- fwnode = fwnode_get_next_parent(fwnode);
- if (is_of_node(fwnode) && of_node_name_eq(to_of_node(fwnode), "ports"))
- fwnode = fwnode_get_next_parent(fwnode);
- link->remote_node = fwnode;
+ fwnode_graph_parse_endpoint(fwnode, &fwep);
+ link->remote_port = fwep.port;
+ link->remote_node = fwnode_graph_get_port_parent(fwnode);
return 0;
}
--
2.40.1
^ permalink raw reply related [flat|nested] 396+ messages in thread
* [PATCH 5.4 152/367] media: v4l2-core: Fix a potential resource leak in v4l2_fwnode_parse_link()
2023-09-20 11:26 [PATCH 5.4 000/367] 5.4.257-rc1 review Greg Kroah-Hartman
` (150 preceding siblings ...)
2023-09-20 11:28 ` [PATCH 5.4 151/367] media: v4l2-fwnode: simplify v4l2_fwnode_parse_link Greg Kroah-Hartman
@ 2023-09-20 11:28 ` Greg Kroah-Hartman
2023-09-20 11:28 ` [PATCH 5.4 153/367] drivers: usb: smsusb: fix error handling code in smsusb_init_device Greg Kroah-Hartman
` (220 subsequent siblings)
372 siblings, 0 replies; 396+ messages in thread
From: Greg Kroah-Hartman @ 2023-09-20 11:28 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Christophe JAILLET, Sakari Ailus,
Mauro Carvalho Chehab, Sasha Levin
5.4-stable review patch. If anyone has any objections, please let me know.
------------------
From: Christophe JAILLET <christophe.jaillet@wanadoo.fr>
[ Upstream commit d7b13edd4cb4bfa335b6008ab867ac28582d3e5c ]
If fwnode_graph_get_remote_endpoint() fails, 'fwnode' is known to be NULL,
so fwnode_handle_put() is a no-op.
Release the reference taken from a previous fwnode_graph_get_port_parent()
call instead.
Also handle fwnode_graph_get_port_parent() failures.
In order to fix these issues, add an error handling path to the function
and the needed gotos.
Fixes: ca50c197bd96 ("[media] v4l: fwnode: Support generic fwnode for parsing standardised properties")
Signed-off-by: Christophe JAILLET <christophe.jaillet@wanadoo.fr>
Signed-off-by: Sakari Ailus <sakari.ailus@linux.intel.com>
Signed-off-by: Mauro Carvalho Chehab <mchehab@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/media/v4l2-core/v4l2-fwnode.c | 18 ++++++++++++++----
1 file changed, 14 insertions(+), 4 deletions(-)
diff --git a/drivers/media/v4l2-core/v4l2-fwnode.c b/drivers/media/v4l2-core/v4l2-fwnode.c
index 56aad92b80fc9..00d66495b47d7 100644
--- a/drivers/media/v4l2-core/v4l2-fwnode.c
+++ b/drivers/media/v4l2-core/v4l2-fwnode.c
@@ -570,18 +570,28 @@ int v4l2_fwnode_parse_link(struct fwnode_handle *fwnode,
fwnode_graph_parse_endpoint(fwnode, &fwep);
link->local_port = fwep.port;
link->local_node = fwnode_graph_get_port_parent(fwnode);
+ if (!link->local_node)
+ return -ENOLINK;
fwnode = fwnode_graph_get_remote_endpoint(fwnode);
- if (!fwnode) {
- fwnode_handle_put(fwnode);
- return -ENOLINK;
- }
+ if (!fwnode)
+ goto err_put_local_node;
fwnode_graph_parse_endpoint(fwnode, &fwep);
link->remote_port = fwep.port;
link->remote_node = fwnode_graph_get_port_parent(fwnode);
+ if (!link->remote_node)
+ goto err_put_remote_endpoint;
return 0;
+
+err_put_remote_endpoint:
+ fwnode_handle_put(fwnode);
+
+err_put_local_node:
+ fwnode_handle_put(link->local_node);
+
+ return -ENOLINK;
}
EXPORT_SYMBOL_GPL(v4l2_fwnode_parse_link);
--
2.40.1
^ permalink raw reply related [flat|nested] 396+ messages in thread
* [PATCH 5.4 153/367] drivers: usb: smsusb: fix error handling code in smsusb_init_device
2023-09-20 11:26 [PATCH 5.4 000/367] 5.4.257-rc1 review Greg Kroah-Hartman
` (151 preceding siblings ...)
2023-09-20 11:28 ` [PATCH 5.4 152/367] media: v4l2-core: Fix a potential resource leak in v4l2_fwnode_parse_link() Greg Kroah-Hartman
@ 2023-09-20 11:28 ` Greg Kroah-Hartman
2023-09-20 11:28 ` [PATCH 5.4 154/367] media: dib7000p: Fix potential division by zero Greg Kroah-Hartman
` (219 subsequent siblings)
372 siblings, 0 replies; 396+ messages in thread
From: Greg Kroah-Hartman @ 2023-09-20 11:28 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Dongliang Mu, Hans Verkuil, Sasha Levin
5.4-stable review patch. If anyone has any objections, please let me know.
------------------
From: Dongliang Mu <dzm91@hust.edu.cn>
[ Upstream commit b9c7141f384097fa4fa67d2f72e5731d628aef7c ]
The previous commit 4b208f8b561f ("[media] siano: register media controller
earlier")moves siano_media_device_register before smscore_register_device,
and adds corresponding error handling code if smscore_register_device
fails. However, it misses the following error handling code of
smsusb_init_device.
Fix this by moving error handling code at the end of smsusb_init_device
and adding a goto statement in the following error handling parts.
Fixes: 4b208f8b561f ("[media] siano: register media controller earlier")
Signed-off-by: Dongliang Mu <dzm91@hust.edu.cn>
Signed-off-by: Hans Verkuil <hverkuil-cisco@xs4all.nl>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/media/usb/siano/smsusb.c | 21 +++++++++++----------
1 file changed, 11 insertions(+), 10 deletions(-)
diff --git a/drivers/media/usb/siano/smsusb.c b/drivers/media/usb/siano/smsusb.c
index 0358cd1043877..598ad05f5beac 100644
--- a/drivers/media/usb/siano/smsusb.c
+++ b/drivers/media/usb/siano/smsusb.c
@@ -455,12 +455,7 @@ static int smsusb_init_device(struct usb_interface *intf, int board_id)
rc = smscore_register_device(¶ms, &dev->coredev, 0, mdev);
if (rc < 0) {
pr_err("smscore_register_device(...) failed, rc %d\n", rc);
- smsusb_term_device(intf);
-#ifdef CONFIG_MEDIA_CONTROLLER_DVB
- media_device_unregister(mdev);
-#endif
- kfree(mdev);
- return rc;
+ goto err_unregister_device;
}
smscore_set_board_id(dev->coredev, board_id);
@@ -477,8 +472,7 @@ static int smsusb_init_device(struct usb_interface *intf, int board_id)
rc = smsusb_start_streaming(dev);
if (rc < 0) {
pr_err("smsusb_start_streaming(...) failed\n");
- smsusb_term_device(intf);
- return rc;
+ goto err_unregister_device;
}
dev->state = SMSUSB_ACTIVE;
@@ -486,13 +480,20 @@ static int smsusb_init_device(struct usb_interface *intf, int board_id)
rc = smscore_start_device(dev->coredev);
if (rc < 0) {
pr_err("smscore_start_device(...) failed\n");
- smsusb_term_device(intf);
- return rc;
+ goto err_unregister_device;
}
pr_debug("device 0x%p created\n", dev);
return rc;
+
+err_unregister_device:
+ smsusb_term_device(intf);
+#ifdef CONFIG_MEDIA_CONTROLLER_DVB
+ media_device_unregister(mdev);
+#endif
+ kfree(mdev);
+ return rc;
}
static int smsusb_probe(struct usb_interface *intf,
--
2.40.1
^ permalink raw reply related [flat|nested] 396+ messages in thread
* [PATCH 5.4 154/367] media: dib7000p: Fix potential division by zero
2023-09-20 11:26 [PATCH 5.4 000/367] 5.4.257-rc1 review Greg Kroah-Hartman
` (152 preceding siblings ...)
2023-09-20 11:28 ` [PATCH 5.4 153/367] drivers: usb: smsusb: fix error handling code in smsusb_init_device Greg Kroah-Hartman
@ 2023-09-20 11:28 ` Greg Kroah-Hartman
2023-09-20 11:28 ` [PATCH 5.4 155/367] media: dvb-usb: m920x: Fix a potential memory leak in m920x_i2c_xfer() Greg Kroah-Hartman
` (218 subsequent siblings)
372 siblings, 0 replies; 396+ messages in thread
From: Greg Kroah-Hartman @ 2023-09-20 11:28 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Daniil Dulov, Hans Verkuil, Sasha Levin
5.4-stable review patch. If anyone has any objections, please let me know.
------------------
From: Daniil Dulov <d.dulov@aladdin.ru>
[ Upstream commit a1db7b2c5533fc67e2681eb5efc921a67bc7d5b8 ]
Variable loopdiv can be assigned 0, then it is used as a denominator,
without checking it for 0.
Found by Linux Verification Center (linuxtesting.org) with SVACE.
Fixes: 713d54a8bd81 ("[media] DiB7090: add support for the dib7090 based")
Signed-off-by: Daniil Dulov <d.dulov@aladdin.ru>
Signed-off-by: Hans Verkuil <hverkuil-cisco@xs4all.nl>
[hverkuil: (bw != NULL) -> bw]
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/media/dvb-frontends/dib7000p.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/media/dvb-frontends/dib7000p.c b/drivers/media/dvb-frontends/dib7000p.c
index 0d22c700016d4..ac34fd8659b52 100644
--- a/drivers/media/dvb-frontends/dib7000p.c
+++ b/drivers/media/dvb-frontends/dib7000p.c
@@ -497,7 +497,7 @@ static int dib7000p_update_pll(struct dvb_frontend *fe, struct dibx000_bandwidth
prediv = reg_1856 & 0x3f;
loopdiv = (reg_1856 >> 6) & 0x3f;
- if ((bw != NULL) && (bw->pll_prediv != prediv || bw->pll_ratio != loopdiv)) {
+ if (loopdiv && bw && (bw->pll_prediv != prediv || bw->pll_ratio != loopdiv)) {
dprintk("Updating pll (prediv: old = %d new = %d ; loopdiv : old = %d new = %d)\n", prediv, bw->pll_prediv, loopdiv, bw->pll_ratio);
reg_1856 &= 0xf000;
reg_1857 = dib7000p_read_word(state, 1857);
--
2.40.1
^ permalink raw reply related [flat|nested] 396+ messages in thread
* [PATCH 5.4 155/367] media: dvb-usb: m920x: Fix a potential memory leak in m920x_i2c_xfer()
2023-09-20 11:26 [PATCH 5.4 000/367] 5.4.257-rc1 review Greg Kroah-Hartman
` (153 preceding siblings ...)
2023-09-20 11:28 ` [PATCH 5.4 154/367] media: dib7000p: Fix potential division by zero Greg Kroah-Hartman
@ 2023-09-20 11:28 ` Greg Kroah-Hartman
2023-09-20 11:28 ` [PATCH 5.4 156/367] media: cx24120: Add retval check for cx24120_message_send() Greg Kroah-Hartman
` (217 subsequent siblings)
372 siblings, 0 replies; 396+ messages in thread
From: Greg Kroah-Hartman @ 2023-09-20 11:28 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Christophe JAILLET, Hans Verkuil,
Sasha Levin
5.4-stable review patch. If anyone has any objections, please let me know.
------------------
From: Christophe JAILLET <christophe.jaillet@wanadoo.fr>
[ Upstream commit ea9ef6c2e001c5dc94bee35ebd1c8a98621cf7b8 ]
'read' is freed when it is known to be NULL, but not when a read error
occurs.
Revert the logic to avoid a small leak, should a m920x_read() call fail.
Fixes: a2ab06d7c4d6 ("media: m920x: don't use stack on USB reads")
Signed-off-by: Christophe JAILLET <christophe.jaillet@wanadoo.fr>
Signed-off-by: Hans Verkuil <hverkuil-cisco@xs4all.nl>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/media/usb/dvb-usb/m920x.c | 5 +++--
1 file changed, 3 insertions(+), 2 deletions(-)
diff --git a/drivers/media/usb/dvb-usb/m920x.c b/drivers/media/usb/dvb-usb/m920x.c
index 7282f60226558..8b19ae67f1879 100644
--- a/drivers/media/usb/dvb-usb/m920x.c
+++ b/drivers/media/usb/dvb-usb/m920x.c
@@ -277,7 +277,6 @@ static int m920x_i2c_xfer(struct i2c_adapter *adap, struct i2c_msg msg[], int nu
char *read = kmalloc(1, GFP_KERNEL);
if (!read) {
ret = -ENOMEM;
- kfree(read);
goto unlock;
}
@@ -288,8 +287,10 @@ static int m920x_i2c_xfer(struct i2c_adapter *adap, struct i2c_msg msg[], int nu
if ((ret = m920x_read(d->udev, M9206_I2C, 0x0,
0x20 | stop,
- read, 1)) != 0)
+ read, 1)) != 0) {
+ kfree(read);
goto unlock;
+ }
msg[i].buf[j] = read[0];
}
--
2.40.1
^ permalink raw reply related [flat|nested] 396+ messages in thread
* [PATCH 5.4 156/367] media: cx24120: Add retval check for cx24120_message_send()
2023-09-20 11:26 [PATCH 5.4 000/367] 5.4.257-rc1 review Greg Kroah-Hartman
` (154 preceding siblings ...)
2023-09-20 11:28 ` [PATCH 5.4 155/367] media: dvb-usb: m920x: Fix a potential memory leak in m920x_i2c_xfer() Greg Kroah-Hartman
@ 2023-09-20 11:28 ` Greg Kroah-Hartman
2023-09-20 11:28 ` [PATCH 5.4 157/367] media: mediatek: vcodec: Return NULL if no vdec_fb is found Greg Kroah-Hartman
` (216 subsequent siblings)
372 siblings, 0 replies; 396+ messages in thread
From: Greg Kroah-Hartman @ 2023-09-20 11:28 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Daniil Dulov, Hans Verkuil, Sasha Levin
5.4-stable review patch. If anyone has any objections, please let me know.
------------------
From: Daniil Dulov <d.dulov@aladdin.ru>
[ Upstream commit 96002c0ac824e1773d3f706b1f92e2a9f2988047 ]
If cx24120_message_send() returns error, we should keep local struct
unchanged.
Found by Linux Verification Center (linuxtesting.org) with SVACE.
Fixes: 5afc9a25be8d ("[media] Add support for TechniSat Skystar S2")
Signed-off-by: Daniil Dulov <d.dulov@aladdin.ru>
Signed-off-by: Hans Verkuil <hverkuil-cisco@xs4all.nl>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/media/dvb-frontends/cx24120.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/drivers/media/dvb-frontends/cx24120.c b/drivers/media/dvb-frontends/cx24120.c
index 2464b63fe0cf4..307efef263f27 100644
--- a/drivers/media/dvb-frontends/cx24120.c
+++ b/drivers/media/dvb-frontends/cx24120.c
@@ -972,7 +972,9 @@ static void cx24120_set_clock_ratios(struct dvb_frontend *fe)
cmd.arg[8] = (clock_ratios_table[idx].rate >> 8) & 0xff;
cmd.arg[9] = (clock_ratios_table[idx].rate >> 0) & 0xff;
- cx24120_message_send(state, &cmd);
+ ret = cx24120_message_send(state, &cmd);
+ if (ret != 0)
+ return;
/* Calculate ber window rates for stat work */
cx24120_calculate_ber_window(state, clock_ratios_table[idx].rate);
--
2.40.1
^ permalink raw reply related [flat|nested] 396+ messages in thread
* [PATCH 5.4 157/367] media: mediatek: vcodec: Return NULL if no vdec_fb is found
2023-09-20 11:26 [PATCH 5.4 000/367] 5.4.257-rc1 review Greg Kroah-Hartman
` (155 preceding siblings ...)
2023-09-20 11:28 ` [PATCH 5.4 156/367] media: cx24120: Add retval check for cx24120_message_send() Greg Kroah-Hartman
@ 2023-09-20 11:28 ` Greg Kroah-Hartman
2023-09-20 11:28 ` [PATCH 5.4 158/367] usb: phy: mxs: fix getting wrong state with mxs_phy_is_otg_host() Greg Kroah-Hartman
` (215 subsequent siblings)
372 siblings, 0 replies; 396+ messages in thread
From: Greg Kroah-Hartman @ 2023-09-20 11:28 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Irui Wang,
AngeloGioacchino Del Regno, Hans Verkuil, Sasha Levin
5.4-stable review patch. If anyone has any objections, please let me know.
------------------
From: Irui Wang <irui.wang@mediatek.com>
[ Upstream commit dfa2d6e07432270330ae191f50a0e70636a4cd2b ]
"fb_use_list" is used to store used or referenced frame buffers for
vp9 stateful decoder. "NULL" should be returned when getting target
frame buffer failed from "fb_use_list", not a random unexpected one.
Fixes: f77e89854b3e ("[media] vcodec: mediatek: Add Mediatek VP9 Video Decoder Driver")
Signed-off-by: Irui Wang <irui.wang@mediatek.com>
Reviewed-by: AngeloGioacchino Del Regno <angelogioacchino.delregno@collabora.com>
Signed-off-by: Hans Verkuil <hverkuil-cisco@xs4all.nl>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/media/platform/mtk-vcodec/vdec/vdec_vp9_if.c | 5 +++--
1 file changed, 3 insertions(+), 2 deletions(-)
diff --git a/drivers/media/platform/mtk-vcodec/vdec/vdec_vp9_if.c b/drivers/media/platform/mtk-vcodec/vdec/vdec_vp9_if.c
index 5066c283d86d1..2fd7d913fd640 100644
--- a/drivers/media/platform/mtk-vcodec/vdec/vdec_vp9_if.c
+++ b/drivers/media/platform/mtk-vcodec/vdec/vdec_vp9_if.c
@@ -222,10 +222,11 @@ static struct vdec_fb *vp9_rm_from_fb_use_list(struct vdec_vp9_inst
if (fb->base_y.va == addr) {
list_move_tail(&node->list,
&inst->available_fb_node_list);
- break;
+ return fb;
}
}
- return fb;
+
+ return NULL;
}
static void vp9_add_to_fb_free_list(struct vdec_vp9_inst *inst,
--
2.40.1
^ permalink raw reply related [flat|nested] 396+ messages in thread
* [PATCH 5.4 158/367] usb: phy: mxs: fix getting wrong state with mxs_phy_is_otg_host()
2023-09-20 11:26 [PATCH 5.4 000/367] 5.4.257-rc1 review Greg Kroah-Hartman
` (156 preceding siblings ...)
2023-09-20 11:28 ` [PATCH 5.4 157/367] media: mediatek: vcodec: Return NULL if no vdec_fb is found Greg Kroah-Hartman
@ 2023-09-20 11:28 ` Greg Kroah-Hartman
2023-09-20 11:28 ` [PATCH 5.4 159/367] scsi: iscsi: Add strlen() check in iscsi_if_set{_host}_param() Greg Kroah-Hartman
` (214 subsequent siblings)
372 siblings, 0 replies; 396+ messages in thread
From: Greg Kroah-Hartman @ 2023-09-20 11:28 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Xu Yang, Peter Chen, Sasha Levin
5.4-stable review patch. If anyone has any objections, please let me know.
------------------
From: Xu Yang <xu.yang_2@nxp.com>
[ Upstream commit 5eda42aebb7668b4dcff025cd3ccb0d3d7c53da6 ]
The function mxs_phy_is_otg_host() will return true if OTG_ID_VALUE is
0 at USBPHY_CTRL register. However, OTG_ID_VALUE will not reflect the real
state if the ID pin is float, such as Host-only or Type-C cases. The value
of OTG_ID_VALUE is always 1 which means device mode.
This patch will fix the issue by judging the current mode based on
last_event. The controller will update last_event in time.
Fixes: 7b09e67639d6 ("usb: phy: mxs: refine mxs_phy_disconnect_line")
Signed-off-by: Xu Yang <xu.yang_2@nxp.com>
Acked-by: Peter Chen <peter.chen@kernel.org>
Link: https://lore.kernel.org/r/20230627110353.1879477-2-xu.yang_2@nxp.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/usb/phy/phy-mxs-usb.c | 10 ++--------
1 file changed, 2 insertions(+), 8 deletions(-)
diff --git a/drivers/usb/phy/phy-mxs-usb.c b/drivers/usb/phy/phy-mxs-usb.c
index 70b8c8248caf7..5bcad9041284e 100644
--- a/drivers/usb/phy/phy-mxs-usb.c
+++ b/drivers/usb/phy/phy-mxs-usb.c
@@ -388,14 +388,8 @@ static void __mxs_phy_disconnect_line(struct mxs_phy *mxs_phy, bool disconnect)
static bool mxs_phy_is_otg_host(struct mxs_phy *mxs_phy)
{
- void __iomem *base = mxs_phy->phy.io_priv;
- u32 phyctrl = readl(base + HW_USBPHY_CTRL);
-
- if (IS_ENABLED(CONFIG_USB_OTG) &&
- !(phyctrl & BM_USBPHY_CTRL_OTG_ID_VALUE))
- return true;
-
- return false;
+ return IS_ENABLED(CONFIG_USB_OTG) &&
+ mxs_phy->phy.last_event == USB_EVENT_ID;
}
static void mxs_phy_disconnect_line(struct mxs_phy *mxs_phy, bool on)
--
2.40.1
^ permalink raw reply related [flat|nested] 396+ messages in thread
* [PATCH 5.4 159/367] scsi: iscsi: Add strlen() check in iscsi_if_set{_host}_param()
2023-09-20 11:26 [PATCH 5.4 000/367] 5.4.257-rc1 review Greg Kroah-Hartman
` (157 preceding siblings ...)
2023-09-20 11:28 ` [PATCH 5.4 158/367] usb: phy: mxs: fix getting wrong state with mxs_phy_is_otg_host() Greg Kroah-Hartman
@ 2023-09-20 11:28 ` Greg Kroah-Hartman
2023-09-20 11:28 ` [PATCH 5.4 160/367] scsi: be2iscsi: Add length check when parsing nlattrs Greg Kroah-Hartman
` (213 subsequent siblings)
372 siblings, 0 replies; 396+ messages in thread
From: Greg Kroah-Hartman @ 2023-09-20 11:28 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Lin Ma, Chris Leech,
Martin K. Petersen, Sasha Levin
5.4-stable review patch. If anyone has any objections, please let me know.
------------------
From: Lin Ma <linma@zju.edu.cn>
[ Upstream commit ce51c817008450ef4188471db31639d42d37a5e1 ]
The functions iscsi_if_set_param() and iscsi_if_set_host_param() convert an
nlattr payload to type char* and then call C string handling functions like
sscanf and kstrdup:
char *data = (char*)ev + sizeof(*ev);
...
sscanf(data, "%d", &value);
However, since the nlattr is provided by the user-space program and the
nlmsg skb is allocated with GFP_KERNEL instead of GFP_ZERO flag (see
netlink_alloc_large_skb() in netlink_sendmsg()), dirty data on the heap can
lead to an OOB access for those string handling functions.
By investigating how the bug is introduced, we find it is really
interesting as the old version parsing code starting from commit
fd7255f51a13 ("[SCSI] iscsi: add sysfs attrs for uspace sync up") treated
the nlattr as integer bytes instead of string and had length check in
iscsi_copy_param():
if (ev->u.set_param.len != sizeof(uint32_t))
BUG();
But, since the commit a54a52caad4b ("[SCSI] iscsi: fixup set/get param
functions"), the code treated the nlattr as C string while forgetting to
add any strlen checks(), opening the possibility of an OOB access.
Fix the potential OOB by adding the strlen() check before accessing the
buf. If the data passes this check, all low-level set_param handlers can
safely treat this buf as legal C string.
Fixes: fd7255f51a13 ("[SCSI] iscsi: add sysfs attrs for uspace sync up")
Fixes: 1d9bf13a9cf9 ("[SCSI] iscsi class: add iscsi host set param event")
Signed-off-by: Lin Ma <linma@zju.edu.cn>
Link: https://lore.kernel.org/r/20230723075820.3713119-1-linma@zju.edu.cn
Reviewed-by: Chris Leech <cleech@redhat.com>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/scsi/scsi_transport_iscsi.c | 8 ++++++++
1 file changed, 8 insertions(+)
diff --git a/drivers/scsi/scsi_transport_iscsi.c b/drivers/scsi/scsi_transport_iscsi.c
index f6cce0befa7de..51f53638629cb 100644
--- a/drivers/scsi/scsi_transport_iscsi.c
+++ b/drivers/scsi/scsi_transport_iscsi.c
@@ -2767,6 +2767,10 @@ iscsi_set_param(struct iscsi_transport *transport, struct iscsi_uevent *ev)
if (!conn || !session)
return -EINVAL;
+ /* data will be regarded as NULL-ended string, do length check */
+ if (strlen(data) > ev->u.set_param.len)
+ return -EINVAL;
+
switch (ev->u.set_param.param) {
case ISCSI_PARAM_SESS_RECOVERY_TMO:
sscanf(data, "%d", &value);
@@ -2919,6 +2923,10 @@ iscsi_set_host_param(struct iscsi_transport *transport,
return -ENODEV;
}
+ /* see similar check in iscsi_if_set_param() */
+ if (strlen(data) > ev->u.set_host_param.len)
+ return -EINVAL;
+
err = transport->set_host_param(shost, ev->u.set_host_param.param,
data, ev->u.set_host_param.len);
scsi_host_put(shost);
--
2.40.1
^ permalink raw reply related [flat|nested] 396+ messages in thread
* [PATCH 5.4 160/367] scsi: be2iscsi: Add length check when parsing nlattrs
2023-09-20 11:26 [PATCH 5.4 000/367] 5.4.257-rc1 review Greg Kroah-Hartman
` (158 preceding siblings ...)
2023-09-20 11:28 ` [PATCH 5.4 159/367] scsi: iscsi: Add strlen() check in iscsi_if_set{_host}_param() Greg Kroah-Hartman
@ 2023-09-20 11:28 ` Greg Kroah-Hartman
2023-09-20 11:28 ` [PATCH 5.4 161/367] scsi: qla4xxx: " Greg Kroah-Hartman
` (212 subsequent siblings)
372 siblings, 0 replies; 396+ messages in thread
From: Greg Kroah-Hartman @ 2023-09-20 11:28 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Lin Ma, Chris Leech,
Martin K. Petersen, Sasha Levin
5.4-stable review patch. If anyone has any objections, please let me know.
------------------
From: Lin Ma <linma@zju.edu.cn>
[ Upstream commit ee0268f230f66cb472df3424f380ea668da2749a ]
beiscsi_iface_set_param() parses nlattr with nla_for_each_attr and assumes
every attributes can be viewed as struct iscsi_iface_param_info.
This is not true because there is no any nla_policy to validate the
attributes passed from the upper function iscsi_set_iface_params().
Add the nla_len check before accessing the nlattr data and return EINVAL if
the length check fails.
Fixes: 0e43895ec1f4 ("[SCSI] be2iscsi: adding functionality to change network settings using iscsiadm")
Signed-off-by: Lin Ma <linma@zju.edu.cn>
Link: https://lore.kernel.org/r/20230723075938.3713864-1-linma@zju.edu.cn
Reviewed-by: Chris Leech <cleech@redhat.com>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/scsi/be2iscsi/be_iscsi.c | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/drivers/scsi/be2iscsi/be_iscsi.c b/drivers/scsi/be2iscsi/be_iscsi.c
index 2058d50d62e12..737d7087723af 100644
--- a/drivers/scsi/be2iscsi/be_iscsi.c
+++ b/drivers/scsi/be2iscsi/be_iscsi.c
@@ -441,6 +441,10 @@ int beiscsi_iface_set_param(struct Scsi_Host *shost,
}
nla_for_each_attr(attrib, data, dt_len, rm_len) {
+ /* ignore nla_type as it is never used */
+ if (nla_len(attrib) < sizeof(*iface_param))
+ return -EINVAL;
+
iface_param = nla_data(attrib);
if (iface_param->param_type != ISCSI_NET_PARAM)
--
2.40.1
^ permalink raw reply related [flat|nested] 396+ messages in thread
* [PATCH 5.4 161/367] scsi: qla4xxx: Add length check when parsing nlattrs
2023-09-20 11:26 [PATCH 5.4 000/367] 5.4.257-rc1 review Greg Kroah-Hartman
` (159 preceding siblings ...)
2023-09-20 11:28 ` [PATCH 5.4 160/367] scsi: be2iscsi: Add length check when parsing nlattrs Greg Kroah-Hartman
@ 2023-09-20 11:28 ` Greg Kroah-Hartman
2023-09-20 11:28 ` [PATCH 5.4 162/367] serial: sprd: getting port index via serial aliases only Greg Kroah-Hartman
` (211 subsequent siblings)
372 siblings, 0 replies; 396+ messages in thread
From: Greg Kroah-Hartman @ 2023-09-20 11:28 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Lin Ma, Chris Leech,
Martin K. Petersen, Sasha Levin
5.4-stable review patch. If anyone has any objections, please let me know.
------------------
From: Lin Ma <linma@zju.edu.cn>
[ Upstream commit 47cd3770e31df942e2bb925a9a855c79ed0662eb ]
There are three places that qla4xxx parses nlattrs:
- qla4xxx_set_chap_entry()
- qla4xxx_iface_set_param()
- qla4xxx_sysfs_ddb_set_param()
and each of them directly converts the nlattr to specific pointer of
structure without length checking. This could be dangerous as those
attributes are not validated and a malformed nlattr (e.g., length 0) could
result in an OOB read that leaks heap dirty data.
Add the nla_len check before accessing the nlattr data and return EINVAL if
the length check fails.
Fixes: 26ffd7b45fe9 ("[SCSI] qla4xxx: Add support to set CHAP entries")
Fixes: 1e9e2be3ee03 ("[SCSI] qla4xxx: Add flash node mgmt support")
Fixes: 00c31889f751 ("[SCSI] qla4xxx: fix data alignment and use nl helpers")
Signed-off-by: Lin Ma <linma@zju.edu.cn>
Link: https://lore.kernel.org/r/20230723080053.3714534-1-linma@zju.edu.cn
Reviewed-by: Chris Leech <cleech@redhat.com>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/scsi/qla4xxx/ql4_os.c | 15 +++++++++++++++
1 file changed, 15 insertions(+)
diff --git a/drivers/scsi/qla4xxx/ql4_os.c b/drivers/scsi/qla4xxx/ql4_os.c
index df43cf6405a8e..ea15bbe0397fc 100644
--- a/drivers/scsi/qla4xxx/ql4_os.c
+++ b/drivers/scsi/qla4xxx/ql4_os.c
@@ -939,6 +939,11 @@ static int qla4xxx_set_chap_entry(struct Scsi_Host *shost, void *data, int len)
memset(&chap_rec, 0, sizeof(chap_rec));
nla_for_each_attr(attr, data, len, rem) {
+ if (nla_len(attr) < sizeof(*param_info)) {
+ rc = -EINVAL;
+ goto exit_set_chap;
+ }
+
param_info = nla_data(attr);
switch (param_info->param) {
@@ -2723,6 +2728,11 @@ qla4xxx_iface_set_param(struct Scsi_Host *shost, void *data, uint32_t len)
}
nla_for_each_attr(attr, data, len, rem) {
+ if (nla_len(attr) < sizeof(*iface_param)) {
+ rval = -EINVAL;
+ goto exit_init_fw_cb;
+ }
+
iface_param = nla_data(attr);
if (iface_param->param_type == ISCSI_NET_PARAM) {
@@ -8093,6 +8103,11 @@ qla4xxx_sysfs_ddb_set_param(struct iscsi_bus_flash_session *fnode_sess,
memset((void *)&chap_tbl, 0, sizeof(chap_tbl));
nla_for_each_attr(attr, data, len, rem) {
+ if (nla_len(attr) < sizeof(*fnode_param)) {
+ rc = -EINVAL;
+ goto exit_set_param;
+ }
+
fnode_param = nla_data(attr);
switch (fnode_param->param) {
--
2.40.1
^ permalink raw reply related [flat|nested] 396+ messages in thread
* [PATCH 5.4 162/367] serial: sprd: getting port index via serial aliases only
2023-09-20 11:26 [PATCH 5.4 000/367] 5.4.257-rc1 review Greg Kroah-Hartman
` (160 preceding siblings ...)
2023-09-20 11:28 ` [PATCH 5.4 161/367] scsi: qla4xxx: " Greg Kroah-Hartman
@ 2023-09-20 11:28 ` Greg Kroah-Hartman
2023-09-20 11:29 ` [PATCH 5.4 163/367] serial: sprd: remove redundant sprd_port cleanup Greg Kroah-Hartman
` (210 subsequent siblings)
372 siblings, 0 replies; 396+ messages in thread
From: Greg Kroah-Hartman @ 2023-09-20 11:28 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Baolin Wang, Chunyan Zhang, Sasha Levin
5.4-stable review patch. If anyone has any objections, please let me know.
------------------
From: Chunyan Zhang <chunyan.zhang@unisoc.com>
[ Upstream commit 4b7349cb4e26e79429ecd619eb588bf384f69fdb ]
This patch simplifies the process of getting serial port number, with
this patch, serial devices must have aliases configured in devicetree.
The serial port searched out via sprd_port array maybe wrong if we don't
have serial alias defined in devicetree, and specify console with command
line, we would get the wrong port number if other serial ports probe
failed before console's. So using aliases is mandatory.
Reviewed-by: Baolin Wang <baolin.wang7@gmail.com>
Signed-off-by: Chunyan Zhang <chunyan.zhang@unisoc.com>
Link: https://lore.kernel.org/r/20200318105049.19623-2-zhang.lyra@gmail.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Stable-dep-of: f9608f188756 ("serial: sprd: Assign sprd_port after initialized to avoid wrong access")
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/tty/serial/sprd_serial.c | 36 +++++---------------------------
1 file changed, 5 insertions(+), 31 deletions(-)
diff --git a/drivers/tty/serial/sprd_serial.c b/drivers/tty/serial/sprd_serial.c
index 07573de70445c..e6acf2c848f39 100644
--- a/drivers/tty/serial/sprd_serial.c
+++ b/drivers/tty/serial/sprd_serial.c
@@ -1073,29 +1073,6 @@ static struct uart_driver sprd_uart_driver = {
.cons = SPRD_CONSOLE,
};
-static int sprd_probe_dt_alias(int index, struct device *dev)
-{
- struct device_node *np;
- int ret = index;
-
- if (!IS_ENABLED(CONFIG_OF))
- return ret;
-
- np = dev->of_node;
- if (!np)
- return ret;
-
- ret = of_alias_get_id(np, "serial");
- if (ret < 0)
- ret = index;
- else if (ret >= ARRAY_SIZE(sprd_port) || sprd_port[ret] != NULL) {
- dev_warn(dev, "requested serial port %d not available.\n", ret);
- ret = index;
- }
-
- return ret;
-}
-
static int sprd_remove(struct platform_device *dev)
{
struct sprd_uart_port *sup = platform_get_drvdata(dev);
@@ -1173,14 +1150,11 @@ static int sprd_probe(struct platform_device *pdev)
int index;
int ret;
- for (index = 0; index < ARRAY_SIZE(sprd_port); index++)
- if (sprd_port[index] == NULL)
- break;
-
- if (index == ARRAY_SIZE(sprd_port))
- return -EBUSY;
-
- index = sprd_probe_dt_alias(index, &pdev->dev);
+ index = of_alias_get_id(pdev->dev.of_node, "serial");
+ if (index < 0 || index >= ARRAY_SIZE(sprd_port)) {
+ dev_err(&pdev->dev, "got a wrong serial alias id %d\n", index);
+ return -EINVAL;
+ }
sprd_port[index] = devm_kzalloc(&pdev->dev, sizeof(*sprd_port[index]),
GFP_KERNEL);
--
2.40.1
^ permalink raw reply related [flat|nested] 396+ messages in thread
* [PATCH 5.4 163/367] serial: sprd: remove redundant sprd_port cleanup
2023-09-20 11:26 [PATCH 5.4 000/367] 5.4.257-rc1 review Greg Kroah-Hartman
` (161 preceding siblings ...)
2023-09-20 11:28 ` [PATCH 5.4 162/367] serial: sprd: getting port index via serial aliases only Greg Kroah-Hartman
@ 2023-09-20 11:29 ` Greg Kroah-Hartman
2023-09-20 11:29 ` [PATCH 5.4 164/367] serial: sprd: Assign sprd_port after initialized to avoid wrong access Greg Kroah-Hartman
` (209 subsequent siblings)
372 siblings, 0 replies; 396+ messages in thread
From: Greg Kroah-Hartman @ 2023-09-20 11:29 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Baolin Wang, Chunyan Zhang, Sasha Levin
5.4-stable review patch. If anyone has any objections, please let me know.
------------------
From: Chunyan Zhang <chunyan.zhang@unisoc.com>
[ Upstream commit 72534077475fc489f8358c0e214cc1a4d658c8c2 ]
We don't need to cleanup sprd_port anymore, since we've dropped the way
of using the sprd_port[] array to get port index.
Reviewed-by: Baolin Wang <baolin.wang7@gmail.com>
Signed-off-by: Chunyan Zhang <chunyan.zhang@unisoc.com>
Link: https://lore.kernel.org/r/20200318105049.19623-3-zhang.lyra@gmail.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Stable-dep-of: f9608f188756 ("serial: sprd: Assign sprd_port after initialized to avoid wrong access")
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/tty/serial/sprd_serial.c | 4 +---
1 file changed, 1 insertion(+), 3 deletions(-)
diff --git a/drivers/tty/serial/sprd_serial.c b/drivers/tty/serial/sprd_serial.c
index e6acf2c848f39..9cf771a9cff62 100644
--- a/drivers/tty/serial/sprd_serial.c
+++ b/drivers/tty/serial/sprd_serial.c
@@ -1205,10 +1205,8 @@ static int sprd_probe(struct platform_device *pdev)
sprd_ports_num++;
ret = uart_add_one_port(&sprd_uart_driver, up);
- if (ret) {
- sprd_port[index] = NULL;
+ if (ret)
sprd_remove(pdev);
- }
platform_set_drvdata(pdev, up);
--
2.40.1
^ permalink raw reply related [flat|nested] 396+ messages in thread
* [PATCH 5.4 164/367] serial: sprd: Assign sprd_port after initialized to avoid wrong access
2023-09-20 11:26 [PATCH 5.4 000/367] 5.4.257-rc1 review Greg Kroah-Hartman
` (162 preceding siblings ...)
2023-09-20 11:29 ` [PATCH 5.4 163/367] serial: sprd: remove redundant sprd_port cleanup Greg Kroah-Hartman
@ 2023-09-20 11:29 ` Greg Kroah-Hartman
2023-09-20 11:29 ` [PATCH 5.4 165/367] serial: sprd: Fix DMA buffer leak issue Greg Kroah-Hartman
` (208 subsequent siblings)
372 siblings, 0 replies; 396+ messages in thread
From: Greg Kroah-Hartman @ 2023-09-20 11:29 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Chunyan Zhang, Sasha Levin
5.4-stable review patch. If anyone has any objections, please let me know.
------------------
From: Chunyan Zhang <chunyan.zhang@unisoc.com>
[ Upstream commit f9608f1887568b728839d006024585ab02ef29e5 ]
The global pointer 'sprd_port' may not zero when sprd_probe returns
failure, that is a risk for sprd_port to be accessed afterward, and
may lead to unexpected errors.
For example:
There are two UART ports, UART1 is used for console and configured in
kernel command line, i.e. "console=";
The UART1 probe failed and the memory allocated to sprd_port[1] was
released, but sprd_port[1] was not set to NULL;
In UART2 probe, the same virtual address was allocated to sprd_port[2],
and UART2 probe process finally will go into sprd_console_setup() to
register UART1 as console since it is configured as preferred console
(filled to console_cmdline[]), but the console parameters (sprd_port[1])
belong to UART2.
So move the sprd_port[] assignment to where the port already initialized
can avoid the above issue.
Fixes: b7396a38fb28 ("tty/serial: Add Spreadtrum sc9836-uart driver support")
Signed-off-by: Chunyan Zhang <chunyan.zhang@unisoc.com>
Link: https://lore.kernel.org/r/20230725064053.235448-1-chunyan.zhang@unisoc.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/tty/serial/sprd_serial.c | 25 +++++++++++++++++--------
1 file changed, 17 insertions(+), 8 deletions(-)
diff --git a/drivers/tty/serial/sprd_serial.c b/drivers/tty/serial/sprd_serial.c
index 9cf771a9cff62..18f5a7f438329 100644
--- a/drivers/tty/serial/sprd_serial.c
+++ b/drivers/tty/serial/sprd_serial.c
@@ -1103,7 +1103,7 @@ static bool sprd_uart_is_console(struct uart_port *uport)
static int sprd_clk_init(struct uart_port *uport)
{
struct clk *clk_uart, *clk_parent;
- struct sprd_uart_port *u = sprd_port[uport->line];
+ struct sprd_uart_port *u = container_of(uport, struct sprd_uart_port, port);
clk_uart = devm_clk_get(uport->dev, "uart");
if (IS_ERR(clk_uart)) {
@@ -1146,22 +1146,22 @@ static int sprd_probe(struct platform_device *pdev)
{
struct resource *res;
struct uart_port *up;
+ struct sprd_uart_port *sport;
int irq;
int index;
int ret;
index = of_alias_get_id(pdev->dev.of_node, "serial");
- if (index < 0 || index >= ARRAY_SIZE(sprd_port)) {
+ if (index < 0 || index >= UART_NR_MAX) {
dev_err(&pdev->dev, "got a wrong serial alias id %d\n", index);
return -EINVAL;
}
- sprd_port[index] = devm_kzalloc(&pdev->dev, sizeof(*sprd_port[index]),
- GFP_KERNEL);
- if (!sprd_port[index])
+ sport = devm_kzalloc(&pdev->dev, sizeof(*sport), GFP_KERNEL);
+ if (!sport)
return -ENOMEM;
- up = &sprd_port[index]->port;
+ up = &sport->port;
up->dev = &pdev->dev;
up->line = index;
up->type = PORT_SPRD;
@@ -1191,7 +1191,7 @@ static int sprd_probe(struct platform_device *pdev)
* Allocate one dma buffer to prepare for receive transfer, in case
* memory allocation failure at runtime.
*/
- ret = sprd_rx_alloc_buf(sprd_port[index]);
+ ret = sprd_rx_alloc_buf(sport);
if (ret)
return ret;
@@ -1202,14 +1202,23 @@ static int sprd_probe(struct platform_device *pdev)
return ret;
}
}
+
sprd_ports_num++;
+ sprd_port[index] = sport;
ret = uart_add_one_port(&sprd_uart_driver, up);
if (ret)
- sprd_remove(pdev);
+ goto clean_port;
platform_set_drvdata(pdev, up);
+ return 0;
+
+clean_port:
+ sprd_port[index] = NULL;
+ if (--sprd_ports_num == 0)
+ uart_unregister_driver(&sprd_uart_driver);
+ sprd_rx_free_buf(sport);
return ret;
}
--
2.40.1
^ permalink raw reply related [flat|nested] 396+ messages in thread
* [PATCH 5.4 165/367] serial: sprd: Fix DMA buffer leak issue
2023-09-20 11:26 [PATCH 5.4 000/367] 5.4.257-rc1 review Greg Kroah-Hartman
` (163 preceding siblings ...)
2023-09-20 11:29 ` [PATCH 5.4 164/367] serial: sprd: Assign sprd_port after initialized to avoid wrong access Greg Kroah-Hartman
@ 2023-09-20 11:29 ` Greg Kroah-Hartman
2023-09-20 11:29 ` [PATCH 5.4 166/367] x86/APM: drop the duplicate APM_MINOR_DEV macro Greg Kroah-Hartman
` (207 subsequent siblings)
372 siblings, 0 replies; 396+ messages in thread
From: Greg Kroah-Hartman @ 2023-09-20 11:29 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Chunyan Zhang, Baolin Wang, Sasha Levin
5.4-stable review patch. If anyone has any objections, please let me know.
------------------
From: Chunyan Zhang <chunyan.zhang@unisoc.com>
[ Upstream commit cd119fdc3ee1450fbf7f78862b5de44c42b6e47f ]
Release DMA buffer when _probe() returns failure to avoid memory leak.
Fixes: f4487db58eb7 ("serial: sprd: Add DMA mode support")
Signed-off-by: Chunyan Zhang <chunyan.zhang@unisoc.com>
Reviewed-by: Baolin Wang <baolin.wang@linux.alibaba.com>
Link: https://lore.kernel.org/r/20230725064053.235448-2-chunyan.zhang@unisoc.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/tty/serial/sprd_serial.c | 5 +++--
1 file changed, 3 insertions(+), 2 deletions(-)
diff --git a/drivers/tty/serial/sprd_serial.c b/drivers/tty/serial/sprd_serial.c
index 18f5a7f438329..8b45b3ab63416 100644
--- a/drivers/tty/serial/sprd_serial.c
+++ b/drivers/tty/serial/sprd_serial.c
@@ -371,7 +371,7 @@ static void sprd_rx_free_buf(struct sprd_uart_port *sp)
if (sp->rx_dma.virt)
dma_free_coherent(sp->port.dev, SPRD_UART_RX_SIZE,
sp->rx_dma.virt, sp->rx_dma.phys_addr);
-
+ sp->rx_dma.virt = NULL;
}
static int sprd_rx_dma_config(struct uart_port *port, u32 burst)
@@ -1199,7 +1199,7 @@ static int sprd_probe(struct platform_device *pdev)
ret = uart_register_driver(&sprd_uart_driver);
if (ret < 0) {
pr_err("Failed to register SPRD-UART driver\n");
- return ret;
+ goto free_rx_buf;
}
}
@@ -1218,6 +1218,7 @@ static int sprd_probe(struct platform_device *pdev)
sprd_port[index] = NULL;
if (--sprd_ports_num == 0)
uart_unregister_driver(&sprd_uart_driver);
+free_rx_buf:
sprd_rx_free_buf(sport);
return ret;
}
--
2.40.1
^ permalink raw reply related [flat|nested] 396+ messages in thread
* [PATCH 5.4 166/367] x86/APM: drop the duplicate APM_MINOR_DEV macro
2023-09-20 11:26 [PATCH 5.4 000/367] 5.4.257-rc1 review Greg Kroah-Hartman
` (164 preceding siblings ...)
2023-09-20 11:29 ` [PATCH 5.4 165/367] serial: sprd: Fix DMA buffer leak issue Greg Kroah-Hartman
@ 2023-09-20 11:29 ` Greg Kroah-Hartman
2023-09-20 11:29 ` [PATCH 5.4 167/367] scsi: qedf: Do not touch __user pointer in qedf_dbg_stop_io_on_error_cmd_read() directly Greg Kroah-Hartman
` (206 subsequent siblings)
372 siblings, 0 replies; 396+ messages in thread
From: Greg Kroah-Hartman @ 2023-09-20 11:29 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Randy Dunlap, Jiri Kosina, x86,
Sohil Mehta, Corentin Labbe, Sasha Levin
5.4-stable review patch. If anyone has any objections, please let me know.
------------------
From: Randy Dunlap <rdunlap@infradead.org>
[ Upstream commit 4ba2909638a29630a346d6c4907a3105409bee7d ]
This source file already includes <linux/miscdevice.h>, which contains
the same macro. It doesn't need to be defined here again.
Fixes: 874bcd00f520 ("apm-emulation: move APM_MINOR_DEV to include/linux/miscdevice.h")
Signed-off-by: Randy Dunlap <rdunlap@infradead.org>
Cc: Jiri Kosina <jikos@kernel.org>
Cc: x86@kernel.org
Cc: Sohil Mehta <sohil.mehta@intel.com>
Cc: Corentin Labbe <clabbe.montjoie@gmail.com>
Reviewed-by: Sohil Mehta <sohil.mehta@intel.com>
Link: https://lore.kernel.org/r/20230728011120.759-1-rdunlap@infradead.org
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/x86/kernel/apm_32.c | 6 ------
1 file changed, 6 deletions(-)
diff --git a/arch/x86/kernel/apm_32.c b/arch/x86/kernel/apm_32.c
index 660270359d393..166d9991e7111 100644
--- a/arch/x86/kernel/apm_32.c
+++ b/arch/x86/kernel/apm_32.c
@@ -237,12 +237,6 @@
extern int (*console_blank_hook)(int);
#endif
-/*
- * The apm_bios device is one of the misc char devices.
- * This is its minor number.
- */
-#define APM_MINOR_DEV 134
-
/*
* Various options can be changed at boot time as follows:
* (We allow underscores for compatibility with the modules code)
--
2.40.1
^ permalink raw reply related [flat|nested] 396+ messages in thread
* [PATCH 5.4 167/367] scsi: qedf: Do not touch __user pointer in qedf_dbg_stop_io_on_error_cmd_read() directly
2023-09-20 11:26 [PATCH 5.4 000/367] 5.4.257-rc1 review Greg Kroah-Hartman
` (165 preceding siblings ...)
2023-09-20 11:29 ` [PATCH 5.4 166/367] x86/APM: drop the duplicate APM_MINOR_DEV macro Greg Kroah-Hartman
@ 2023-09-20 11:29 ` Greg Kroah-Hartman
2023-09-20 11:29 ` [PATCH 5.4 168/367] scsi: qedf: Do not touch __user pointer in qedf_dbg_debug_cmd_read() directly Greg Kroah-Hartman
` (205 subsequent siblings)
372 siblings, 0 replies; 396+ messages in thread
From: Greg Kroah-Hartman @ 2023-09-20 11:29 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Saurav Kashyap, Rob Evers,
Johannes Thumshirn, David Laight, Jozef Bacik, Laurence Oberman,
James E.J. Bottomley, Martin K. Petersen,
GR-QLogic-Storage-Upstream, linux-scsi, Johannes Thumshirn,
Oleksandr Natalenko, Sasha Levin
5.4-stable review patch. If anyone has any objections, please let me know.
------------------
From: Oleksandr Natalenko <oleksandr@redhat.com>
[ Upstream commit 7d3d20dee4f648ec44e9717d5f647d594d184433 ]
The qedf_dbg_stop_io_on_error_cmd_read() function invokes sprintf()
directly on a __user pointer, which may crash the kernel.
Avoid doing that by using a small on-stack buffer for scnprintf() and then
calling simple_read_from_buffer() which does a proper copy_to_user() call.
Fixes: 61d8658b4a43 ("scsi: qedf: Add QLogic FastLinQ offload FCoE driver framework.")
Link: https://lore.kernel.org/lkml/20230724120241.40495-1-oleksandr@redhat.com/
Link: https://lore.kernel.org/linux-scsi/20230726101236.11922-1-skashyap@marvell.com/
Cc: Saurav Kashyap <skashyap@marvell.com>
Cc: Rob Evers <revers@redhat.com>
Cc: Johannes Thumshirn <Johannes.Thumshirn@wdc.com>
Cc: David Laight <David.Laight@ACULAB.COM>
Cc: Jozef Bacik <jobacik@redhat.com>
Cc: Laurence Oberman <loberman@redhat.com>
Cc: "James E.J. Bottomley" <jejb@linux.ibm.com>
Cc: "Martin K. Petersen" <martin.petersen@oracle.com>
Cc: GR-QLogic-Storage-Upstream@marvell.com
Cc: linux-scsi@vger.kernel.org
Reviewed-by: Laurence Oberman <loberman@redhat.com>
Reviewed-by: Johannes Thumshirn <johannes.thumshirn@wdc.com>
Tested-by: Laurence Oberman <loberman@redhat.com>
Acked-by: Saurav Kashyap <skashyap@marvell.com>
Signed-off-by: Oleksandr Natalenko <oleksandr@redhat.com>
Link: https://lore.kernel.org/r/20230731084034.37021-2-oleksandr@redhat.com
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/scsi/qedf/qedf_debugfs.c | 7 +++----
1 file changed, 3 insertions(+), 4 deletions(-)
diff --git a/drivers/scsi/qedf/qedf_debugfs.c b/drivers/scsi/qedf/qedf_debugfs.c
index b88bed9bb1338..88378a277a015 100644
--- a/drivers/scsi/qedf/qedf_debugfs.c
+++ b/drivers/scsi/qedf/qedf_debugfs.c
@@ -187,18 +187,17 @@ qedf_dbg_stop_io_on_error_cmd_read(struct file *filp, char __user *buffer,
size_t count, loff_t *ppos)
{
int cnt;
+ char cbuf[7];
struct qedf_dbg_ctx *qedf_dbg =
(struct qedf_dbg_ctx *)filp->private_data;
struct qedf_ctx *qedf = container_of(qedf_dbg,
struct qedf_ctx, dbg_ctx);
QEDF_INFO(qedf_dbg, QEDF_LOG_DEBUGFS, "entered\n");
- cnt = sprintf(buffer, "%s\n",
+ cnt = scnprintf(cbuf, sizeof(cbuf), "%s\n",
qedf->stop_io_on_error ? "true" : "false");
- cnt = min_t(int, count, cnt - *ppos);
- *ppos += cnt;
- return cnt;
+ return simple_read_from_buffer(buffer, count, ppos, cbuf, cnt);
}
static ssize_t
--
2.40.1
^ permalink raw reply related [flat|nested] 396+ messages in thread
* [PATCH 5.4 168/367] scsi: qedf: Do not touch __user pointer in qedf_dbg_debug_cmd_read() directly
2023-09-20 11:26 [PATCH 5.4 000/367] 5.4.257-rc1 review Greg Kroah-Hartman
` (166 preceding siblings ...)
2023-09-20 11:29 ` [PATCH 5.4 167/367] scsi: qedf: Do not touch __user pointer in qedf_dbg_stop_io_on_error_cmd_read() directly Greg Kroah-Hartman
@ 2023-09-20 11:29 ` Greg Kroah-Hartman
2023-09-20 11:29 ` [PATCH 5.4 169/367] scsi: qedf: Do not touch __user pointer in qedf_dbg_fp_int_cmd_read() directly Greg Kroah-Hartman
` (204 subsequent siblings)
372 siblings, 0 replies; 396+ messages in thread
From: Greg Kroah-Hartman @ 2023-09-20 11:29 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Saurav Kashyap, Rob Evers,
Johannes Thumshirn, David Laight, Jozef Bacik, Laurence Oberman,
James E.J. Bottomley, Martin K. Petersen,
GR-QLogic-Storage-Upstream, linux-scsi, Johannes Thumshirn,
Oleksandr Natalenko, Sasha Levin
5.4-stable review patch. If anyone has any objections, please let me know.
------------------
From: Oleksandr Natalenko <oleksandr@redhat.com>
[ Upstream commit 31b5991a9a91ba97237ac9da509d78eec453ff72 ]
The qedf_dbg_debug_cmd_read() function invokes sprintf() directly on a
__user pointer, which may crash the kernel.
Avoid doing that by using a small on-stack buffer for scnprintf() and then
calling simple_read_from_buffer() which does a proper copy_to_user() call.
Fixes: 61d8658b4a43 ("scsi: qedf: Add QLogic FastLinQ offload FCoE driver framework.")
Link: https://lore.kernel.org/lkml/20230724120241.40495-1-oleksandr@redhat.com/
Link: https://lore.kernel.org/linux-scsi/20230726101236.11922-1-skashyap@marvell.com/
Cc: Saurav Kashyap <skashyap@marvell.com>
Cc: Rob Evers <revers@redhat.com>
Cc: Johannes Thumshirn <Johannes.Thumshirn@wdc.com>
Cc: David Laight <David.Laight@ACULAB.COM>
Cc: Jozef Bacik <jobacik@redhat.com>
Cc: Laurence Oberman <loberman@redhat.com>
Cc: "James E.J. Bottomley" <jejb@linux.ibm.com>
Cc: "Martin K. Petersen" <martin.petersen@oracle.com>
Cc: GR-QLogic-Storage-Upstream@marvell.com
Cc: linux-scsi@vger.kernel.org
Reviewed-by: Laurence Oberman <loberman@redhat.com>
Reviewed-by: Johannes Thumshirn <johannes.thumshirn@wdc.com>
Tested-by: Laurence Oberman <loberman@redhat.com>
Acked-by: Saurav Kashyap <skashyap@marvell.com>
Signed-off-by: Oleksandr Natalenko <oleksandr@redhat.com>
Link: https://lore.kernel.org/r/20230731084034.37021-3-oleksandr@redhat.com
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/scsi/qedf/qedf_debugfs.c | 7 +++----
1 file changed, 3 insertions(+), 4 deletions(-)
diff --git a/drivers/scsi/qedf/qedf_debugfs.c b/drivers/scsi/qedf/qedf_debugfs.c
index 88378a277a015..5e638732d6852 100644
--- a/drivers/scsi/qedf/qedf_debugfs.c
+++ b/drivers/scsi/qedf/qedf_debugfs.c
@@ -140,15 +140,14 @@ qedf_dbg_debug_cmd_read(struct file *filp, char __user *buffer, size_t count,
loff_t *ppos)
{
int cnt;
+ char cbuf[32];
struct qedf_dbg_ctx *qedf_dbg =
(struct qedf_dbg_ctx *)filp->private_data;
QEDF_INFO(qedf_dbg, QEDF_LOG_DEBUGFS, "debug mask=0x%x\n", qedf_debug);
- cnt = sprintf(buffer, "debug mask = 0x%x\n", qedf_debug);
+ cnt = scnprintf(cbuf, sizeof(cbuf), "debug mask = 0x%x\n", qedf_debug);
- cnt = min_t(int, count, cnt - *ppos);
- *ppos += cnt;
- return cnt;
+ return simple_read_from_buffer(buffer, count, ppos, cbuf, cnt);
}
static ssize_t
--
2.40.1
^ permalink raw reply related [flat|nested] 396+ messages in thread
* [PATCH 5.4 169/367] scsi: qedf: Do not touch __user pointer in qedf_dbg_fp_int_cmd_read() directly
2023-09-20 11:26 [PATCH 5.4 000/367] 5.4.257-rc1 review Greg Kroah-Hartman
` (167 preceding siblings ...)
2023-09-20 11:29 ` [PATCH 5.4 168/367] scsi: qedf: Do not touch __user pointer in qedf_dbg_debug_cmd_read() directly Greg Kroah-Hartman
@ 2023-09-20 11:29 ` Greg Kroah-Hartman
2023-09-20 11:29 ` [PATCH 5.4 170/367] coresight: tmc: Explicit type conversions to prevent integer overflow Greg Kroah-Hartman
` (203 subsequent siblings)
372 siblings, 0 replies; 396+ messages in thread
From: Greg Kroah-Hartman @ 2023-09-20 11:29 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Saurav Kashyap, Rob Evers,
Johannes Thumshirn, David Laight, Jozef Bacik, Laurence Oberman,
James E.J. Bottomley, Martin K. Petersen,
GR-QLogic-Storage-Upstream, linux-scsi, Johannes Thumshirn,
Oleksandr Natalenko, Sasha Levin
5.4-stable review patch. If anyone has any objections, please let me know.
------------------
From: Oleksandr Natalenko <oleksandr@redhat.com>
[ Upstream commit 25dbc20deab5165f847b4eb42f376f725a986ee8 ]
The qedf_dbg_fp_int_cmd_read() function invokes sprintf() directly on a
__user pointer, which may crash the kernel.
Avoid doing that by vmalloc()'ating a buffer for scnprintf() and then
calling simple_read_from_buffer() which does a proper copy_to_user() call.
Fixes: 61d8658b4a43 ("scsi: qedf: Add QLogic FastLinQ offload FCoE driver framework.")
Link: https://lore.kernel.org/lkml/20230724120241.40495-1-oleksandr@redhat.com/
Link: https://lore.kernel.org/linux-scsi/20230726101236.11922-1-skashyap@marvell.com/
Cc: Saurav Kashyap <skashyap@marvell.com>
Cc: Rob Evers <revers@redhat.com>
Cc: Johannes Thumshirn <Johannes.Thumshirn@wdc.com>
Cc: David Laight <David.Laight@ACULAB.COM>
Cc: Jozef Bacik <jobacik@redhat.com>
Cc: Laurence Oberman <loberman@redhat.com>
Cc: "James E.J. Bottomley" <jejb@linux.ibm.com>
Cc: "Martin K. Petersen" <martin.petersen@oracle.com>
Cc: GR-QLogic-Storage-Upstream@marvell.com
Cc: linux-scsi@vger.kernel.org
Reviewed-by: Laurence Oberman <loberman@redhat.com>
Reviewed-by: Johannes Thumshirn <johannes.thumshirn@wdc.com>
Tested-by: Laurence Oberman <loberman@redhat.com>
Acked-by: Saurav Kashyap <skashyap@marvell.com>
Signed-off-by: Oleksandr Natalenko <oleksandr@redhat.com>
Link: https://lore.kernel.org/r/20230731084034.37021-4-oleksandr@redhat.com
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/scsi/qedf/qedf_dbg.h | 2 ++
drivers/scsi/qedf/qedf_debugfs.c | 21 +++++++++++++++------
2 files changed, 17 insertions(+), 6 deletions(-)
diff --git a/drivers/scsi/qedf/qedf_dbg.h b/drivers/scsi/qedf/qedf_dbg.h
index d979f095aeda0..73e5756cade62 100644
--- a/drivers/scsi/qedf/qedf_dbg.h
+++ b/drivers/scsi/qedf/qedf_dbg.h
@@ -60,6 +60,8 @@ extern uint qedf_debug;
#define QEDF_LOG_NOTICE 0x40000000 /* Notice logs */
#define QEDF_LOG_WARN 0x80000000 /* Warning logs */
+#define QEDF_DEBUGFS_LOG_LEN (2 * PAGE_SIZE)
+
/* Debug context structure */
struct qedf_dbg_ctx {
unsigned int host_no;
diff --git a/drivers/scsi/qedf/qedf_debugfs.c b/drivers/scsi/qedf/qedf_debugfs.c
index 5e638732d6852..b0a28a6a9c64a 100644
--- a/drivers/scsi/qedf/qedf_debugfs.c
+++ b/drivers/scsi/qedf/qedf_debugfs.c
@@ -8,6 +8,7 @@
#include <linux/uaccess.h>
#include <linux/debugfs.h>
#include <linux/module.h>
+#include <linux/vmalloc.h>
#include "qedf.h"
#include "qedf_dbg.h"
@@ -100,7 +101,9 @@ static ssize_t
qedf_dbg_fp_int_cmd_read(struct file *filp, char __user *buffer, size_t count,
loff_t *ppos)
{
+ ssize_t ret;
size_t cnt = 0;
+ char *cbuf;
int id;
struct qedf_fastpath *fp = NULL;
struct qedf_dbg_ctx *qedf_dbg =
@@ -110,19 +113,25 @@ qedf_dbg_fp_int_cmd_read(struct file *filp, char __user *buffer, size_t count,
QEDF_INFO(qedf_dbg, QEDF_LOG_DEBUGFS, "entered\n");
- cnt = sprintf(buffer, "\nFastpath I/O completions\n\n");
+ cbuf = vmalloc(QEDF_DEBUGFS_LOG_LEN);
+ if (!cbuf)
+ return 0;
+
+ cnt += scnprintf(cbuf + cnt, QEDF_DEBUGFS_LOG_LEN - cnt, "\nFastpath I/O completions\n\n");
for (id = 0; id < qedf->num_queues; id++) {
fp = &(qedf->fp_array[id]);
if (fp->sb_id == QEDF_SB_ID_NULL)
continue;
- cnt += sprintf((buffer + cnt), "#%d: %lu\n", id,
- fp->completions);
+ cnt += scnprintf(cbuf + cnt, QEDF_DEBUGFS_LOG_LEN - cnt,
+ "#%d: %lu\n", id, fp->completions);
}
- cnt = min_t(int, count, cnt - *ppos);
- *ppos += cnt;
- return cnt;
+ ret = simple_read_from_buffer(buffer, count, ppos, cbuf, cnt);
+
+ vfree(cbuf);
+
+ return ret;
}
static ssize_t
--
2.40.1
^ permalink raw reply related [flat|nested] 396+ messages in thread
* [PATCH 5.4 170/367] coresight: tmc: Explicit type conversions to prevent integer overflow
2023-09-20 11:26 [PATCH 5.4 000/367] 5.4.257-rc1 review Greg Kroah-Hartman
` (168 preceding siblings ...)
2023-09-20 11:29 ` [PATCH 5.4 169/367] scsi: qedf: Do not touch __user pointer in qedf_dbg_fp_int_cmd_read() directly Greg Kroah-Hartman
@ 2023-09-20 11:29 ` Greg Kroah-Hartman
2023-09-20 11:29 ` [PATCH 5.4 171/367] dma-buf/sync_file: Fix docs syntax Greg Kroah-Hartman
` (202 subsequent siblings)
372 siblings, 0 replies; 396+ messages in thread
From: Greg Kroah-Hartman @ 2023-09-20 11:29 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Ruidong Tian, James Clark,
Suzuki K Poulose, Sasha Levin
5.4-stable review patch. If anyone has any objections, please let me know.
------------------
From: Ruidong Tian <tianruidong@linux.alibaba.com>
[ Upstream commit fd380097cdb305582b7a1f9476391330299d2c59 ]
Perf cs_etm session executed unexpectedly when AUX buffer > 1G.
perf record -C 0 -m ,2G -e cs_etm// -- <workload>
[ perf record: Captured and wrote 2.615 MB perf.data ]
Perf only collect about 2M perf data rather than 2G. This is becasuse
the operation, "nr_pages << PAGE_SHIFT", in coresight tmc driver, will
overflow when nr_pages >= 0x80000(correspond to 1G AUX buffer). The
overflow cause buffer allocation to fail, and TMC driver will alloc
minimal buffer size(1M). You can just get about 2M perf data(1M AUX
buffer + perf data header) at least.
Explicit convert nr_pages to 64 bit to avoid overflow.
Fixes: 22f429f19c41 ("coresight: etm-perf: Add support for ETR backend")
Fixes: 99443ea19e8b ("coresight: Add generic TMC sg table framework")
Fixes: 2e499bbc1a92 ("coresight: tmc: implementing TMC-ETF AUX space API")
Signed-off-by: Ruidong Tian <tianruidong@linux.alibaba.com>
Reviewed-by: James Clark <james.clark@arm.com>
Signed-off-by: Suzuki K Poulose <suzuki.poulose@arm.com>
Link: https://lore.kernel.org/r/20230804081514.120171-2-tianruidong@linux.alibaba.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/hwtracing/coresight/coresight-tmc-etf.c | 2 +-
drivers/hwtracing/coresight/coresight-tmc-etr.c | 5 +++--
drivers/hwtracing/coresight/coresight-tmc.h | 2 +-
3 files changed, 5 insertions(+), 4 deletions(-)
diff --git a/drivers/hwtracing/coresight/coresight-tmc-etf.c b/drivers/hwtracing/coresight/coresight-tmc-etf.c
index 75dfa1e2f3f2c..e15726611c649 100644
--- a/drivers/hwtracing/coresight/coresight-tmc-etf.c
+++ b/drivers/hwtracing/coresight/coresight-tmc-etf.c
@@ -426,7 +426,7 @@ static int tmc_set_etf_buffer(struct coresight_device *csdev,
return -EINVAL;
/* wrap head around to the amount of space we have */
- head = handle->head & ((buf->nr_pages << PAGE_SHIFT) - 1);
+ head = handle->head & (((unsigned long)buf->nr_pages << PAGE_SHIFT) - 1);
/* find the page to write to */
buf->cur = head / PAGE_SIZE;
diff --git a/drivers/hwtracing/coresight/coresight-tmc-etr.c b/drivers/hwtracing/coresight/coresight-tmc-etr.c
index 763463776a0e1..2a0a12c194c05 100644
--- a/drivers/hwtracing/coresight/coresight-tmc-etr.c
+++ b/drivers/hwtracing/coresight/coresight-tmc-etr.c
@@ -47,7 +47,8 @@ struct etr_perf_buffer {
};
/* Convert the perf index to an offset within the ETR buffer */
-#define PERF_IDX2OFF(idx, buf) ((idx) % ((buf)->nr_pages << PAGE_SHIFT))
+#define PERF_IDX2OFF(idx, buf) \
+ ((idx) % ((unsigned long)(buf)->nr_pages << PAGE_SHIFT))
/* Lower limit for ETR hardware buffer */
#define TMC_ETR_PERF_MIN_BUF_SIZE SZ_1M
@@ -1215,7 +1216,7 @@ alloc_etr_buf(struct tmc_drvdata *drvdata, struct perf_event *event,
* than the size requested via sysfs.
*/
if ((nr_pages << PAGE_SHIFT) > drvdata->size) {
- etr_buf = tmc_alloc_etr_buf(drvdata, (nr_pages << PAGE_SHIFT),
+ etr_buf = tmc_alloc_etr_buf(drvdata, ((ssize_t)nr_pages << PAGE_SHIFT),
0, node, NULL);
if (!IS_ERR(etr_buf))
goto done;
diff --git a/drivers/hwtracing/coresight/coresight-tmc.h b/drivers/hwtracing/coresight/coresight-tmc.h
index 71de978575f36..1fcf6e29e8d3a 100644
--- a/drivers/hwtracing/coresight/coresight-tmc.h
+++ b/drivers/hwtracing/coresight/coresight-tmc.h
@@ -320,7 +320,7 @@ ssize_t tmc_sg_table_get_data(struct tmc_sg_table *sg_table,
static inline unsigned long
tmc_sg_table_buf_size(struct tmc_sg_table *sg_table)
{
- return sg_table->data_pages.nr_pages << PAGE_SHIFT;
+ return (unsigned long)sg_table->data_pages.nr_pages << PAGE_SHIFT;
}
struct coresight_device *tmc_etr_get_catu_device(struct tmc_drvdata *drvdata);
--
2.40.1
^ permalink raw reply related [flat|nested] 396+ messages in thread
* [PATCH 5.4 171/367] dma-buf/sync_file: Fix docs syntax
2023-09-20 11:26 [PATCH 5.4 000/367] 5.4.257-rc1 review Greg Kroah-Hartman
` (169 preceding siblings ...)
2023-09-20 11:29 ` [PATCH 5.4 170/367] coresight: tmc: Explicit type conversions to prevent integer overflow Greg Kroah-Hartman
@ 2023-09-20 11:29 ` Greg Kroah-Hartman
2023-09-20 11:29 ` [PATCH 5.4 172/367] driver core: test_async: fix an error code Greg Kroah-Hartman
` (201 subsequent siblings)
372 siblings, 0 replies; 396+ messages in thread
From: Greg Kroah-Hartman @ 2023-09-20 11:29 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Rob Clark, Randy Dunlap, Sasha Levin
5.4-stable review patch. If anyone has any objections, please let me know.
------------------
From: Rob Clark <robdclark@chromium.org>
[ Upstream commit 05d56d8079d510a2994039470f65bea85f0075ee ]
Fixes the warning:
include/uapi/linux/sync_file.h:77: warning: Function parameter or member 'num_fences' not described in 'sync_file_info'
Fixes: 2d75c88fefb2 ("staging/android: refactor SYNC IOCTLs")
Signed-off-by: Rob Clark <robdclark@chromium.org>
Reviewed-by: Randy Dunlap <rdunlap@infradead.org>
Link: https://lore.kernel.org/r/20230724145000.125880-1-robdclark@gmail.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
include/uapi/linux/sync_file.h | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/include/uapi/linux/sync_file.h b/include/uapi/linux/sync_file.h
index ee2dcfb3d6602..d7f7c04a6e0c1 100644
--- a/include/uapi/linux/sync_file.h
+++ b/include/uapi/linux/sync_file.h
@@ -52,7 +52,7 @@ struct sync_fence_info {
* @name: name of fence
* @status: status of fence. 1: signaled 0:active <0:error
* @flags: sync_file_info flags
- * @num_fences number of fences in the sync_file
+ * @num_fences: number of fences in the sync_file
* @pad: padding for 64-bit alignment, should always be zero
* @sync_fence_info: pointer to array of structs sync_fence_info with all
* fences in the sync_file
--
2.40.1
^ permalink raw reply related [flat|nested] 396+ messages in thread
* [PATCH 5.4 172/367] driver core: test_async: fix an error code
2023-09-20 11:26 [PATCH 5.4 000/367] 5.4.257-rc1 review Greg Kroah-Hartman
` (170 preceding siblings ...)
2023-09-20 11:29 ` [PATCH 5.4 171/367] dma-buf/sync_file: Fix docs syntax Greg Kroah-Hartman
@ 2023-09-20 11:29 ` Greg Kroah-Hartman
2023-09-20 11:29 ` [PATCH 5.4 173/367] IB/uverbs: Fix an potential error pointer dereference Greg Kroah-Hartman
` (200 subsequent siblings)
372 siblings, 0 replies; 396+ messages in thread
From: Greg Kroah-Hartman @ 2023-09-20 11:29 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Dan Carpenter, Sasha Levin
5.4-stable review patch. If anyone has any objections, please let me know.
------------------
From: Dan Carpenter <dan.carpenter@linaro.org>
[ Upstream commit 22d2381bbd70a5853c2ee77522f4965139672db9 ]
The test_platform_device_register_node() function should return error
pointers instead of NULL. That is what the callers are expecting.
Fixes: 57ea974fb871 ("driver core: Rewrite test_async_driver_probe to cover serialization and NUMA affinity")
Signed-off-by: Dan Carpenter <dan.carpenter@linaro.org>
Link: https://lore.kernel.org/r/1e11ed19-e1f6-43d8-b352-474134b7c008@moroto.mountain
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/base/test/test_async_driver_probe.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/base/test/test_async_driver_probe.c b/drivers/base/test/test_async_driver_probe.c
index c157a912d6739..88336f093decd 100644
--- a/drivers/base/test/test_async_driver_probe.c
+++ b/drivers/base/test/test_async_driver_probe.c
@@ -84,7 +84,7 @@ test_platform_device_register_node(char *name, int id, int nid)
pdev = platform_device_alloc(name, id);
if (!pdev)
- return NULL;
+ return ERR_PTR(-ENOMEM);
if (nid != NUMA_NO_NODE)
set_dev_node(&pdev->dev, nid);
--
2.40.1
^ permalink raw reply related [flat|nested] 396+ messages in thread
* [PATCH 5.4 173/367] IB/uverbs: Fix an potential error pointer dereference
2023-09-20 11:26 [PATCH 5.4 000/367] 5.4.257-rc1 review Greg Kroah-Hartman
` (171 preceding siblings ...)
2023-09-20 11:29 ` [PATCH 5.4 172/367] driver core: test_async: fix an error code Greg Kroah-Hartman
@ 2023-09-20 11:29 ` Greg Kroah-Hartman
2023-09-20 11:29 ` [PATCH 5.4 174/367] iommu/vt-d: Fix to flush cache of PASID directory table Greg Kroah-Hartman
` (199 subsequent siblings)
372 siblings, 0 replies; 396+ messages in thread
From: Greg Kroah-Hartman @ 2023-09-20 11:29 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Xiang Yang, Leon Romanovsky, Sasha Levin
5.4-stable review patch. If anyone has any objections, please let me know.
------------------
From: Xiang Yang <xiangyang3@huawei.com>
[ Upstream commit 26b7d1a27167e7adf75b150755e05d2bc123ce55 ]
smatch reports the warning below:
drivers/infiniband/core/uverbs_std_types_counters.c:110
ib_uverbs_handler_UVERBS_METHOD_COUNTERS_READ() error: 'uattr'
dereferencing possible ERR_PTR()
The return value of uattr maybe ERR_PTR(-ENOENT), fix this by checking
the value of uattr before using it.
Fixes: ebb6796bd397 ("IB/uverbs: Add read counters support")
Signed-off-by: Xiang Yang <xiangyang3@huawei.com>
Link: https://lore.kernel.org/r/20230804022525.1916766-1-xiangyang3@huawei.com
Signed-off-by: Leon Romanovsky <leon@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/infiniband/core/uverbs_std_types_counters.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/drivers/infiniband/core/uverbs_std_types_counters.c b/drivers/infiniband/core/uverbs_std_types_counters.c
index 9f013304e6778..35e41c5ca1bb1 100644
--- a/drivers/infiniband/core/uverbs_std_types_counters.c
+++ b/drivers/infiniband/core/uverbs_std_types_counters.c
@@ -105,6 +105,8 @@ static int UVERBS_HANDLER(UVERBS_METHOD_COUNTERS_READ)(
return ret;
uattr = uverbs_attr_get(attrs, UVERBS_ATTR_READ_COUNTERS_BUFF);
+ if (IS_ERR(uattr))
+ return PTR_ERR(uattr);
read_attr.ncounters = uattr->ptr_attr.len / sizeof(u64);
read_attr.counters_buff = uverbs_zalloc(
attrs, array_size(read_attr.ncounters, sizeof(u64)));
--
2.40.1
^ permalink raw reply related [flat|nested] 396+ messages in thread
* [PATCH 5.4 174/367] iommu/vt-d: Fix to flush cache of PASID directory table
2023-09-20 11:26 [PATCH 5.4 000/367] 5.4.257-rc1 review Greg Kroah-Hartman
` (172 preceding siblings ...)
2023-09-20 11:29 ` [PATCH 5.4 173/367] IB/uverbs: Fix an potential error pointer dereference Greg Kroah-Hartman
@ 2023-09-20 11:29 ` Greg Kroah-Hartman
2023-09-20 11:29 ` [PATCH 5.4 175/367] media: go7007: Remove redundant if statement Greg Kroah-Hartman
` (198 subsequent siblings)
372 siblings, 0 replies; 396+ messages in thread
From: Greg Kroah-Hartman @ 2023-09-20 11:29 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Lu Baolu, Yanfei Xu, Joerg Roedel,
Sasha Levin
5.4-stable review patch. If anyone has any objections, please let me know.
------------------
From: Yanfei Xu <yanfei.xu@intel.com>
[ Upstream commit 8a3b8e63f8371c1247b7aa24ff9c5312f1a6948b ]
Even the PCI devices don't support pasid capability, PASID table is
mandatory for a PCI device in scalable mode. However flushing cache
of pasid directory table for these devices are not taken after pasid
table is allocated as the "size" of table is zero. Fix it by
calculating the size by page order.
Found this when reading the code, no real problem encountered for now.
Fixes: 194b3348bdbb ("iommu/vt-d: Fix PASID directory pointer coherency")
Suggested-by: Lu Baolu <baolu.lu@linux.intel.com>
Signed-off-by: Yanfei Xu <yanfei.xu@intel.com>
Link: https://lore.kernel.org/r/20230616081045.721873-1-yanfei.xu@intel.com
Signed-off-by: Lu Baolu <baolu.lu@linux.intel.com>
Signed-off-by: Joerg Roedel <jroedel@suse.de>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/iommu/intel-pasid.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/iommu/intel-pasid.c b/drivers/iommu/intel-pasid.c
index 58f060006ba31..9641eaa19e08e 100644
--- a/drivers/iommu/intel-pasid.c
+++ b/drivers/iommu/intel-pasid.c
@@ -167,7 +167,7 @@ int intel_pasid_alloc_table(struct device *dev)
device_attach_pasid_table(info, pasid_table);
if (!ecap_coherent(info->iommu->ecap))
- clflush_cache_range(pasid_table->table, size);
+ clflush_cache_range(pasid_table->table, (1 << order) * PAGE_SIZE);
return 0;
}
--
2.40.1
^ permalink raw reply related [flat|nested] 396+ messages in thread
* [PATCH 5.4 175/367] media: go7007: Remove redundant if statement
2023-09-20 11:26 [PATCH 5.4 000/367] 5.4.257-rc1 review Greg Kroah-Hartman
` (173 preceding siblings ...)
2023-09-20 11:29 ` [PATCH 5.4 174/367] iommu/vt-d: Fix to flush cache of PASID directory table Greg Kroah-Hartman
@ 2023-09-20 11:29 ` Greg Kroah-Hartman
2023-09-20 11:29 ` [PATCH 5.4 176/367] USB: gadget: f_mass_storage: Fix unused variable warning Greg Kroah-Hartman
` (197 subsequent siblings)
372 siblings, 0 replies; 396+ messages in thread
From: Greg Kroah-Hartman @ 2023-09-20 11:29 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Colin Ian King,
Mauro Carvalho Chehab, Sasha Levin
5.4-stable review patch. If anyone has any objections, please let me know.
------------------
From: Colin Ian King <colin.i.king@gmail.com>
[ Upstream commit f33cb49081da0ec5af0888f8ecbd566bd326eed1 ]
The if statement that compares msgs[i].len != 3 is always false because
it is in a code block where msg[i].len is equal to 3. The check is
redundant and can be removed.
As detected by cppcheck static analysis:
drivers/media/usb/go7007/go7007-i2c.c:168:20: warning: Opposite inner
'if' condition leads to a dead code block. [oppositeInnerCondition]
Link: https://lore.kernel.org/linux-media/20230727174007.635572-1-colin.i.king@gmail.com
Fixes: 866b8695d67e ("Staging: add the go7007 video driver")
Signed-off-by: Colin Ian King <colin.i.king@gmail.com>
Signed-off-by: Mauro Carvalho Chehab <mchehab@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/media/usb/go7007/go7007-i2c.c | 2 --
1 file changed, 2 deletions(-)
diff --git a/drivers/media/usb/go7007/go7007-i2c.c b/drivers/media/usb/go7007/go7007-i2c.c
index 38339dd2f83f7..2880370e45c8b 100644
--- a/drivers/media/usb/go7007/go7007-i2c.c
+++ b/drivers/media/usb/go7007/go7007-i2c.c
@@ -165,8 +165,6 @@ static int go7007_i2c_master_xfer(struct i2c_adapter *adapter,
} else if (msgs[i].len == 3) {
if (msgs[i].flags & I2C_M_RD)
return -EIO;
- if (msgs[i].len != 3)
- return -EIO;
if (go7007_i2c_xfer(go, msgs[i].addr, 0,
(msgs[i].buf[0] << 8) | msgs[i].buf[1],
0x01, &msgs[i].buf[2]) < 0)
--
2.40.1
^ permalink raw reply related [flat|nested] 396+ messages in thread
* [PATCH 5.4 176/367] USB: gadget: f_mass_storage: Fix unused variable warning
2023-09-20 11:26 [PATCH 5.4 000/367] 5.4.257-rc1 review Greg Kroah-Hartman
` (174 preceding siblings ...)
2023-09-20 11:29 ` [PATCH 5.4 175/367] media: go7007: Remove redundant if statement Greg Kroah-Hartman
@ 2023-09-20 11:29 ` Greg Kroah-Hartman
2023-09-20 11:29 ` [PATCH 5.4 177/367] media: i2c: ov5640: Configure HVP lines in s_power callback Greg Kroah-Hartman
` (196 subsequent siblings)
372 siblings, 0 replies; 396+ messages in thread
From: Greg Kroah-Hartman @ 2023-09-20 11:29 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Alan Stern, Sasha Levin
5.4-stable review patch. If anyone has any objections, please let me know.
------------------
From: Alan Stern <stern@rowland.harvard.edu>
[ Upstream commit 55c3e571d2a0aabef4f1354604443f1c415d2e85 ]
Fix a "variable set but not used" warning in f_mass_storage.c. rc is
used if verbose debugging is enabled but not otherwise.
Signed-off-by: Alan Stern <stern@rowland.harvard.edu>
Fixes: d5e2b67aae79 ("USB: g_mass_storage: template f_mass_storage.c file created")
Link: https://lore.kernel.org/r/cfed16c7-aa46-494b-ba84-b0e0dc99be3a@rowland.harvard.edu
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/usb/gadget/function/f_mass_storage.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/usb/gadget/function/f_mass_storage.c b/drivers/usb/gadget/function/f_mass_storage.c
index 7c96c4665178e..6c8aba574e6e9 100644
--- a/drivers/usb/gadget/function/f_mass_storage.c
+++ b/drivers/usb/gadget/function/f_mass_storage.c
@@ -950,7 +950,7 @@ static void invalidate_sub(struct fsg_lun *curlun)
{
struct file *filp = curlun->filp;
struct inode *inode = file_inode(filp);
- unsigned long rc;
+ unsigned long __maybe_unused rc;
rc = invalidate_mapping_pages(inode->i_mapping, 0, -1);
VLDBG(curlun, "invalidate_mapping_pages -> %ld\n", rc);
--
2.40.1
^ permalink raw reply related [flat|nested] 396+ messages in thread
* [PATCH 5.4 177/367] media: i2c: ov5640: Configure HVP lines in s_power callback
2023-09-20 11:26 [PATCH 5.4 000/367] 5.4.257-rc1 review Greg Kroah-Hartman
` (175 preceding siblings ...)
2023-09-20 11:29 ` [PATCH 5.4 176/367] USB: gadget: f_mass_storage: Fix unused variable warning Greg Kroah-Hartman
@ 2023-09-20 11:29 ` Greg Kroah-Hartman
2023-09-20 11:29 ` [PATCH 5.4 178/367] media: ov5640: Enable MIPI interface in ov5640_set_power_mipi() Greg Kroah-Hartman
` (195 subsequent siblings)
372 siblings, 0 replies; 396+ messages in thread
From: Greg Kroah-Hartman @ 2023-09-20 11:29 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Lad Prabhakar, Biju Das,
Jacopo Mondi, Sakari Ailus, Mauro Carvalho Chehab, Sasha Levin
5.4-stable review patch. If anyone has any objections, please let me know.
------------------
From: Lad Prabhakar <prabhakar.mahadev-lad.rj@bp.renesas.com>
[ Upstream commit 311a6408f8d46d47e35d3bf598dced39af4ce087 ]
Configure HVP lines in s_power callback instead of configuring everytime
in ov5640_set_stream_dvp().
Alongside also disable MIPI in DVP mode.
Signed-off-by: Lad Prabhakar <prabhakar.mahadev-lad.rj@bp.renesas.com>
Reviewed-by: Biju Das <biju.das.jz@bp.renesas.com>
Tested-by: Jacopo Mondi <jacopo@jmondi.org>
Signed-off-by: Sakari Ailus <sakari.ailus@linux.intel.com>
Signed-off-by: Mauro Carvalho Chehab <mchehab+huawei@kernel.org>
Stable-dep-of: 98cb72d3b9c5 ("media: ov5640: Enable MIPI interface in ov5640_set_power_mipi()")
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/media/i2c/ov5640.c | 123 +++++++++++++++++--------------------
1 file changed, 58 insertions(+), 65 deletions(-)
diff --git a/drivers/media/i2c/ov5640.c b/drivers/media/i2c/ov5640.c
index 087fb464ffc12..76a9fa6d6d5c0 100644
--- a/drivers/media/i2c/ov5640.c
+++ b/drivers/media/i2c/ov5640.c
@@ -1206,71 +1206,6 @@ static int ov5640_set_autogain(struct ov5640_dev *sensor, bool on)
static int ov5640_set_stream_dvp(struct ov5640_dev *sensor, bool on)
{
- int ret;
- unsigned int flags = sensor->ep.bus.parallel.flags;
- u8 pclk_pol = 0;
- u8 hsync_pol = 0;
- u8 vsync_pol = 0;
-
- /*
- * Note about parallel port configuration.
- *
- * When configured in parallel mode, the OV5640 will
- * output 10 bits data on DVP data lines [9:0].
- * If only 8 bits data are wanted, the 8 bits data lines
- * of the camera interface must be physically connected
- * on the DVP data lines [9:2].
- *
- * Control lines polarity can be configured through
- * devicetree endpoint control lines properties.
- * If no endpoint control lines properties are set,
- * polarity will be as below:
- * - VSYNC: active high
- * - HREF: active low
- * - PCLK: active low
- */
-
- if (on) {
- /*
- * configure parallel port control lines polarity
- *
- * POLARITY CTRL0
- * - [5]: PCLK polarity (0: active low, 1: active high)
- * - [1]: HREF polarity (0: active low, 1: active high)
- * - [0]: VSYNC polarity (mismatch here between
- * datasheet and hardware, 0 is active high
- * and 1 is active low...)
- */
- if (flags & V4L2_MBUS_PCLK_SAMPLE_RISING)
- pclk_pol = 1;
- if (flags & V4L2_MBUS_HSYNC_ACTIVE_HIGH)
- hsync_pol = 1;
- if (flags & V4L2_MBUS_VSYNC_ACTIVE_LOW)
- vsync_pol = 1;
-
- ret = ov5640_write_reg(sensor,
- OV5640_REG_POLARITY_CTRL00,
- (pclk_pol << 5) |
- (hsync_pol << 1) |
- vsync_pol);
-
- if (ret)
- return ret;
- }
-
- /*
- * powerdown MIPI TX/RX PHY & disable MIPI
- *
- * MIPI CONTROL 00
- * 4: PWDN PHY TX
- * 3: PWDN PHY RX
- * 2: MIPI enable
- */
- ret = ov5640_write_reg(sensor,
- OV5640_REG_IO_MIPI_CTRL00, on ? 0x18 : 0);
- if (ret)
- return ret;
-
return ov5640_write_reg(sensor, OV5640_REG_SYS_CTRL0, on ?
OV5640_REG_SYS_CTRL0_SW_PWUP :
OV5640_REG_SYS_CTRL0_SW_PWDN);
@@ -2029,15 +1964,73 @@ static int ov5640_set_power_mipi(struct ov5640_dev *sensor, bool on)
static int ov5640_set_power_dvp(struct ov5640_dev *sensor, bool on)
{
+ unsigned int flags = sensor->ep.bus.parallel.flags;
+ u8 pclk_pol = 0;
+ u8 hsync_pol = 0;
+ u8 vsync_pol = 0;
int ret;
if (!on) {
/* Reset settings to their default values. */
+ ov5640_write_reg(sensor, OV5640_REG_IO_MIPI_CTRL00, 0x58);
+ ov5640_write_reg(sensor, OV5640_REG_POLARITY_CTRL00, 0x20);
ov5640_write_reg(sensor, OV5640_REG_PAD_OUTPUT_ENABLE01, 0x00);
ov5640_write_reg(sensor, OV5640_REG_PAD_OUTPUT_ENABLE02, 0x00);
return 0;
}
+ /*
+ * Note about parallel port configuration.
+ *
+ * When configured in parallel mode, the OV5640 will
+ * output 10 bits data on DVP data lines [9:0].
+ * If only 8 bits data are wanted, the 8 bits data lines
+ * of the camera interface must be physically connected
+ * on the DVP data lines [9:2].
+ *
+ * Control lines polarity can be configured through
+ * devicetree endpoint control lines properties.
+ * If no endpoint control lines properties are set,
+ * polarity will be as below:
+ * - VSYNC: active high
+ * - HREF: active low
+ * - PCLK: active low
+ */
+ /*
+ * configure parallel port control lines polarity
+ *
+ * POLARITY CTRL0
+ * - [5]: PCLK polarity (0: active low, 1: active high)
+ * - [1]: HREF polarity (0: active low, 1: active high)
+ * - [0]: VSYNC polarity (mismatch here between
+ * datasheet and hardware, 0 is active high
+ * and 1 is active low...)
+ */
+ if (flags & V4L2_MBUS_PCLK_SAMPLE_RISING)
+ pclk_pol = 1;
+ if (flags & V4L2_MBUS_HSYNC_ACTIVE_HIGH)
+ hsync_pol = 1;
+ if (flags & V4L2_MBUS_VSYNC_ACTIVE_LOW)
+ vsync_pol = 1;
+
+ ret = ov5640_write_reg(sensor, OV5640_REG_POLARITY_CTRL00,
+ (pclk_pol << 5) | (hsync_pol << 1) | vsync_pol);
+
+ if (ret)
+ return ret;
+
+ /*
+ * powerdown MIPI TX/RX PHY & disable MIPI
+ *
+ * MIPI CONTROL 00
+ * 4: PWDN PHY TX
+ * 3: PWDN PHY RX
+ * 2: MIPI enable
+ */
+ ret = ov5640_write_reg(sensor, OV5640_REG_IO_MIPI_CTRL00, 0x18);
+ if (ret)
+ return ret;
+
/*
* enable VSYNC/HREF/PCLK DVP control lines
* & D[9:6] DVP data lines
--
2.40.1
^ permalink raw reply related [flat|nested] 396+ messages in thread
* [PATCH 5.4 178/367] media: ov5640: Enable MIPI interface in ov5640_set_power_mipi()
2023-09-20 11:26 [PATCH 5.4 000/367] 5.4.257-rc1 review Greg Kroah-Hartman
` (176 preceding siblings ...)
2023-09-20 11:29 ` [PATCH 5.4 177/367] media: i2c: ov5640: Configure HVP lines in s_power callback Greg Kroah-Hartman
@ 2023-09-20 11:29 ` Greg Kroah-Hartman
2023-09-20 11:29 ` [PATCH 5.4 179/367] media: i2c: ov2680: Set V4L2_CTRL_FLAG_MODIFY_LAYOUT on flips Greg Kroah-Hartman
` (194 subsequent siblings)
372 siblings, 0 replies; 396+ messages in thread
From: Greg Kroah-Hartman @ 2023-09-20 11:29 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Jacopo Mondi, Marek Vasut,
Sakari Ailus, Mauro Carvalho Chehab, Sasha Levin, Jai Luthra
5.4-stable review patch. If anyone has any objections, please let me know.
------------------
From: Marek Vasut <marex@denx.de>
[ Upstream commit 98cb72d3b9c5e03b10fa993752ecfcbd9c572d8c ]
Set OV5640_REG_IO_MIPI_CTRL00 bit 2 to 1 instead of 0, since 1 means
MIPI CSI2 interface, while 0 means CPI parallel interface.
In the ov5640_set_power_mipi() the interface should obviously be set
to MIPI CSI2 since this functions is used to power up the sensor when
operated in MIPI CSI2 mode. The sensor should not be in CPI mode in
that case.
This fixes a corner case where capturing the first frame on i.MX8MN
with CSI/ISI resulted in corrupted frame.
Fixes: aa4bb8b8838f ("media: ov5640: Re-work MIPI startup sequence")
Reviewed-by: Jacopo Mondi <jacopo.mondi@ideasonboard.com>
Tested-by: Jacopo Mondi <jacopo.mondi@ideasonboard.com> # [Test on imx6q]
Signed-off-by: Marek Vasut <marex@denx.de>
Tested-by: Jai Luthra <j-luthra@ti.com> # [Test on bplay, sk-am62]
Signed-off-by: Sakari Ailus <sakari.ailus@linux.intel.com>
Signed-off-by: Mauro Carvalho Chehab <mchehab@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/media/i2c/ov5640.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/drivers/media/i2c/ov5640.c b/drivers/media/i2c/ov5640.c
index 76a9fa6d6d5c0..2e5a49e87a74c 100644
--- a/drivers/media/i2c/ov5640.c
+++ b/drivers/media/i2c/ov5640.c
@@ -1927,9 +1927,9 @@ static int ov5640_set_power_mipi(struct ov5640_dev *sensor, bool on)
* "ov5640_set_stream_mipi()")
* [4] = 0 : Power up MIPI HS Tx
* [3] = 0 : Power up MIPI LS Rx
- * [2] = 0 : MIPI interface disabled
+ * [2] = 1 : MIPI interface enabled
*/
- ret = ov5640_write_reg(sensor, OV5640_REG_IO_MIPI_CTRL00, 0x40);
+ ret = ov5640_write_reg(sensor, OV5640_REG_IO_MIPI_CTRL00, 0x44);
if (ret)
return ret;
--
2.40.1
^ permalink raw reply related [flat|nested] 396+ messages in thread
* [PATCH 5.4 179/367] media: i2c: ov2680: Set V4L2_CTRL_FLAG_MODIFY_LAYOUT on flips
2023-09-20 11:26 [PATCH 5.4 000/367] 5.4.257-rc1 review Greg Kroah-Hartman
` (177 preceding siblings ...)
2023-09-20 11:29 ` [PATCH 5.4 178/367] media: ov5640: Enable MIPI interface in ov5640_set_power_mipi() Greg Kroah-Hartman
@ 2023-09-20 11:29 ` Greg Kroah-Hartman
2023-09-20 11:29 ` [PATCH 5.4 180/367] media: ov2680: Remove auto-gain and auto-exposure controls Greg Kroah-Hartman
` (193 subsequent siblings)
372 siblings, 0 replies; 396+ messages in thread
From: Greg Kroah-Hartman @ 2023-09-20 11:29 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Dave Stevenson, Rui Miguel Silva,
Sakari Ailus, Mauro Carvalho Chehab, Sasha Levin
5.4-stable review patch. If anyone has any objections, please let me know.
------------------
From: Dave Stevenson <dave.stevenson@raspberrypi.com>
[ Upstream commit 66274280b2c745d380508dc27b9a4dfd736e5eda ]
The driver changes the Bayer order based on the flips, but
does not define the control correctly with the
V4L2_CTRL_FLAG_MODIFY_LAYOUT flag.
Add the V4L2_CTRL_FLAG_MODIFY_LAYOUT flag.
Signed-off-by: Dave Stevenson <dave.stevenson@raspberrypi.com>
Acked-by: Rui Miguel Silva <rmfrfs@gmail.com>
Signed-off-by: Sakari Ailus <sakari.ailus@linux.intel.com>
Signed-off-by: Mauro Carvalho Chehab <mchehab@kernel.org>
Stable-dep-of: 7b5a42e6ae71 ("media: ov2680: Remove auto-gain and auto-exposure controls")
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/media/i2c/ov2680.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/drivers/media/i2c/ov2680.c b/drivers/media/i2c/ov2680.c
index 59cdbc33658ce..cd0c083a4768a 100644
--- a/drivers/media/i2c/ov2680.c
+++ b/drivers/media/i2c/ov2680.c
@@ -966,6 +966,8 @@ static int ov2680_v4l2_register(struct ov2680_dev *sensor)
ctrls->gain->flags |= V4L2_CTRL_FLAG_VOLATILE;
ctrls->exposure->flags |= V4L2_CTRL_FLAG_VOLATILE;
+ ctrls->vflip->flags |= V4L2_CTRL_FLAG_MODIFY_LAYOUT;
+ ctrls->hflip->flags |= V4L2_CTRL_FLAG_MODIFY_LAYOUT;
v4l2_ctrl_auto_cluster(2, &ctrls->auto_gain, 0, true);
v4l2_ctrl_auto_cluster(2, &ctrls->auto_exp, 1, true);
--
2.40.1
^ permalink raw reply related [flat|nested] 396+ messages in thread
* [PATCH 5.4 180/367] media: ov2680: Remove auto-gain and auto-exposure controls
2023-09-20 11:26 [PATCH 5.4 000/367] 5.4.257-rc1 review Greg Kroah-Hartman
` (178 preceding siblings ...)
2023-09-20 11:29 ` [PATCH 5.4 179/367] media: i2c: ov2680: Set V4L2_CTRL_FLAG_MODIFY_LAYOUT on flips Greg Kroah-Hartman
@ 2023-09-20 11:29 ` Greg Kroah-Hartman
2023-09-20 11:29 ` [PATCH 5.4 181/367] media: ov2680: Fix ov2680_bayer_order() Greg Kroah-Hartman
` (192 subsequent siblings)
372 siblings, 0 replies; 396+ messages in thread
From: Greg Kroah-Hartman @ 2023-09-20 11:29 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Daniel Scally, Rui Miguel Silva,
Hans de Goede, Sakari Ailus, Mauro Carvalho Chehab, Sasha Levin
5.4-stable review patch. If anyone has any objections, please let me know.
------------------
From: Hans de Goede <hdegoede@redhat.com>
[ Upstream commit 7b5a42e6ae71927359ea67a2c22570ba97fa4059 ]
Quoting the OV2680 datasheet:
"3.2 exposure and gain control
In the OV2680, the exposure time and gain are set manually from an external
controller. The OV2680 supports manual gain and exposure control only for
normal applications, no auto mode."
And indeed testing with the atomisp_ov2680 fork of ov2680.c has shown that
auto-exposure and auto-gain do not work.
Note that the code setting the auto-exposure flag was broken, callers
of ov2680_exposure_set() were directly passing !!ctrls->auto_exp->val as
"bool auto_exp" value, but ctrls->auto_exp is a menu control with:
enum v4l2_exposure_auto_type {
V4L2_EXPOSURE_AUTO = 0,
V4L2_EXPOSURE_MANUAL = 1,
...
So instead of passing !!ctrls->auto_exp->val they should have been passing
ctrls->auto_exp->val == V4L2_EXPOSURE_AUTO, iow the passed value was
inverted of what it should have been.
Also remove ov2680_g_volatile_ctrl() since without auto support the gain
and exposure controls are not volatile.
This also fixes the control values not being properly applied in
ov2680_mode_set(). The 800x600 mode register-list also sets gain,
exposure and vflip overriding the last set ctrl values.
ov2680_mode_set() does call ov2680_gain_set() and ov2680_exposure_set()
but did this before writing the mode register-list, so these values
would still be overridden by the mode register-list.
Add a v4l2_ctrl_handler_setup() call after writing the mode register-list
to restore all ctrl values. Also remove the ctrls->gain->is_new check from
ov2680_gain_set() so that the gain always gets restored properly.
Last since ov2680_mode_set() now calls v4l2_ctrl_handler_setup(), remove
the v4l2_ctrl_handler_setup() call after ov2680_mode_restore() since
ov2680_mode_restore() calls ov2680_mode_set().
Fixes: 3ee47cad3e69 ("media: ov2680: Add Omnivision OV2680 sensor driver")
Reviewed-by: Daniel Scally <dan.scally@ideasonboard.com>
Acked-by: Rui Miguel Silva <rmfrfs@gmail.com>
Signed-off-by: Hans de Goede <hdegoede@redhat.com>
Signed-off-by: Sakari Ailus <sakari.ailus@linux.intel.com>
Signed-off-by: Mauro Carvalho Chehab <mchehab@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/media/i2c/ov2680.c | 161 ++++---------------------------------
1 file changed, 17 insertions(+), 144 deletions(-)
diff --git a/drivers/media/i2c/ov2680.c b/drivers/media/i2c/ov2680.c
index cd0c083a4768a..f143e2af0b5fc 100644
--- a/drivers/media/i2c/ov2680.c
+++ b/drivers/media/i2c/ov2680.c
@@ -85,15 +85,8 @@ struct ov2680_mode_info {
struct ov2680_ctrls {
struct v4l2_ctrl_handler handler;
- struct {
- struct v4l2_ctrl *auto_exp;
- struct v4l2_ctrl *exposure;
- };
- struct {
- struct v4l2_ctrl *auto_gain;
- struct v4l2_ctrl *gain;
- };
-
+ struct v4l2_ctrl *exposure;
+ struct v4l2_ctrl *gain;
struct v4l2_ctrl *hflip;
struct v4l2_ctrl *vflip;
struct v4l2_ctrl *test_pattern;
@@ -143,6 +136,7 @@ static const struct reg_value ov2680_setting_30fps_QUXGA_800_600[] = {
{0x380e, 0x02}, {0x380f, 0x84}, {0x3811, 0x04}, {0x3813, 0x04},
{0x3814, 0x31}, {0x3815, 0x31}, {0x3820, 0xc0}, {0x4008, 0x00},
{0x4009, 0x03}, {0x4837, 0x1e}, {0x3501, 0x4e}, {0x3502, 0xe0},
+ {0x3503, 0x03},
};
static const struct reg_value ov2680_setting_30fps_720P_1280_720[] = {
@@ -405,69 +399,15 @@ static int ov2680_test_pattern_set(struct ov2680_dev *sensor, int value)
return 0;
}
-static int ov2680_gain_set(struct ov2680_dev *sensor, bool auto_gain)
-{
- struct ov2680_ctrls *ctrls = &sensor->ctrls;
- u32 gain;
- int ret;
-
- ret = ov2680_mod_reg(sensor, OV2680_REG_R_MANUAL, BIT(1),
- auto_gain ? 0 : BIT(1));
- if (ret < 0)
- return ret;
-
- if (auto_gain || !ctrls->gain->is_new)
- return 0;
-
- gain = ctrls->gain->val;
-
- ret = ov2680_write_reg16(sensor, OV2680_REG_GAIN_PK, gain);
-
- return 0;
-}
-
-static int ov2680_gain_get(struct ov2680_dev *sensor)
-{
- u32 gain;
- int ret;
-
- ret = ov2680_read_reg16(sensor, OV2680_REG_GAIN_PK, &gain);
- if (ret)
- return ret;
-
- return gain;
-}
-
-static int ov2680_exposure_set(struct ov2680_dev *sensor, bool auto_exp)
+static int ov2680_gain_set(struct ov2680_dev *sensor, u32 gain)
{
- struct ov2680_ctrls *ctrls = &sensor->ctrls;
- u32 exp;
- int ret;
-
- ret = ov2680_mod_reg(sensor, OV2680_REG_R_MANUAL, BIT(0),
- auto_exp ? 0 : BIT(0));
- if (ret < 0)
- return ret;
-
- if (auto_exp || !ctrls->exposure->is_new)
- return 0;
-
- exp = (u32)ctrls->exposure->val;
- exp <<= 4;
-
- return ov2680_write_reg24(sensor, OV2680_REG_EXPOSURE_PK_HIGH, exp);
+ return ov2680_write_reg16(sensor, OV2680_REG_GAIN_PK, gain);
}
-static int ov2680_exposure_get(struct ov2680_dev *sensor)
+static int ov2680_exposure_set(struct ov2680_dev *sensor, u32 exp)
{
- int ret;
- u32 exp;
-
- ret = ov2680_read_reg24(sensor, OV2680_REG_EXPOSURE_PK_HIGH, &exp);
- if (ret)
- return ret;
-
- return exp >> 4;
+ return ov2680_write_reg24(sensor, OV2680_REG_EXPOSURE_PK_HIGH,
+ exp << 4);
}
static int ov2680_stream_enable(struct ov2680_dev *sensor)
@@ -482,33 +422,17 @@ static int ov2680_stream_disable(struct ov2680_dev *sensor)
static int ov2680_mode_set(struct ov2680_dev *sensor)
{
- struct ov2680_ctrls *ctrls = &sensor->ctrls;
int ret;
- ret = ov2680_gain_set(sensor, false);
- if (ret < 0)
- return ret;
-
- ret = ov2680_exposure_set(sensor, false);
+ ret = ov2680_load_regs(sensor, sensor->current_mode);
if (ret < 0)
return ret;
- ret = ov2680_load_regs(sensor, sensor->current_mode);
+ /* Restore value of all ctrls */
+ ret = __v4l2_ctrl_handler_setup(&sensor->ctrls.handler);
if (ret < 0)
return ret;
- if (ctrls->auto_gain->val) {
- ret = ov2680_gain_set(sensor, true);
- if (ret < 0)
- return ret;
- }
-
- if (ctrls->auto_exp->val == V4L2_EXPOSURE_AUTO) {
- ret = ov2680_exposure_set(sensor, true);
- if (ret < 0)
- return ret;
- }
-
sensor->mode_pending_changes = false;
return 0;
@@ -590,15 +514,10 @@ static int ov2680_s_power(struct v4l2_subdev *sd, int on)
else
ret = ov2680_power_off(sensor);
- mutex_unlock(&sensor->lock);
-
- if (on && ret == 0) {
- ret = v4l2_ctrl_handler_setup(&sensor->ctrls.handler);
- if (ret < 0)
- return ret;
-
+ if (on && ret == 0)
ret = ov2680_mode_restore(sensor);
- }
+
+ mutex_unlock(&sensor->lock);
return ret;
}
@@ -793,52 +712,19 @@ static int ov2680_enum_frame_interval(struct v4l2_subdev *sd,
return 0;
}
-static int ov2680_g_volatile_ctrl(struct v4l2_ctrl *ctrl)
-{
- struct v4l2_subdev *sd = ctrl_to_sd(ctrl);
- struct ov2680_dev *sensor = to_ov2680_dev(sd);
- struct ov2680_ctrls *ctrls = &sensor->ctrls;
- int val;
-
- if (!sensor->is_enabled)
- return 0;
-
- switch (ctrl->id) {
- case V4L2_CID_GAIN:
- val = ov2680_gain_get(sensor);
- if (val < 0)
- return val;
- ctrls->gain->val = val;
- break;
- case V4L2_CID_EXPOSURE:
- val = ov2680_exposure_get(sensor);
- if (val < 0)
- return val;
- ctrls->exposure->val = val;
- break;
- }
-
- return 0;
-}
-
static int ov2680_s_ctrl(struct v4l2_ctrl *ctrl)
{
struct v4l2_subdev *sd = ctrl_to_sd(ctrl);
struct ov2680_dev *sensor = to_ov2680_dev(sd);
- struct ov2680_ctrls *ctrls = &sensor->ctrls;
if (!sensor->is_enabled)
return 0;
switch (ctrl->id) {
- case V4L2_CID_AUTOGAIN:
- return ov2680_gain_set(sensor, !!ctrl->val);
case V4L2_CID_GAIN:
- return ov2680_gain_set(sensor, !!ctrls->auto_gain->val);
- case V4L2_CID_EXPOSURE_AUTO:
- return ov2680_exposure_set(sensor, !!ctrl->val);
+ return ov2680_gain_set(sensor, ctrl->val);
case V4L2_CID_EXPOSURE:
- return ov2680_exposure_set(sensor, !!ctrls->auto_exp->val);
+ return ov2680_exposure_set(sensor, ctrl->val);
case V4L2_CID_VFLIP:
if (sensor->is_streaming)
return -EBUSY;
@@ -863,7 +749,6 @@ static int ov2680_s_ctrl(struct v4l2_ctrl *ctrl)
}
static const struct v4l2_ctrl_ops ov2680_ctrl_ops = {
- .g_volatile_ctrl = ov2680_g_volatile_ctrl,
.s_ctrl = ov2680_s_ctrl,
};
@@ -935,7 +820,7 @@ static int ov2680_v4l2_register(struct ov2680_dev *sensor)
if (ret < 0)
return ret;
- v4l2_ctrl_handler_init(hdl, 7);
+ v4l2_ctrl_handler_init(hdl, 5);
hdl->lock = &sensor->lock;
@@ -947,16 +832,9 @@ static int ov2680_v4l2_register(struct ov2680_dev *sensor)
ARRAY_SIZE(test_pattern_menu) - 1,
0, 0, test_pattern_menu);
- ctrls->auto_exp = v4l2_ctrl_new_std_menu(hdl, ops,
- V4L2_CID_EXPOSURE_AUTO,
- V4L2_EXPOSURE_MANUAL, 0,
- V4L2_EXPOSURE_AUTO);
-
ctrls->exposure = v4l2_ctrl_new_std(hdl, ops, V4L2_CID_EXPOSURE,
0, 32767, 1, 0);
- ctrls->auto_gain = v4l2_ctrl_new_std(hdl, ops, V4L2_CID_AUTOGAIN,
- 0, 1, 1, 1);
ctrls->gain = v4l2_ctrl_new_std(hdl, ops, V4L2_CID_GAIN, 0, 2047, 1, 0);
if (hdl->error) {
@@ -964,14 +842,9 @@ static int ov2680_v4l2_register(struct ov2680_dev *sensor)
goto cleanup_entity;
}
- ctrls->gain->flags |= V4L2_CTRL_FLAG_VOLATILE;
- ctrls->exposure->flags |= V4L2_CTRL_FLAG_VOLATILE;
ctrls->vflip->flags |= V4L2_CTRL_FLAG_MODIFY_LAYOUT;
ctrls->hflip->flags |= V4L2_CTRL_FLAG_MODIFY_LAYOUT;
- v4l2_ctrl_auto_cluster(2, &ctrls->auto_gain, 0, true);
- v4l2_ctrl_auto_cluster(2, &ctrls->auto_exp, 1, true);
-
sensor->sd.ctrl_handler = hdl;
ret = v4l2_async_register_subdev(&sensor->sd);
--
2.40.1
^ permalink raw reply related [flat|nested] 396+ messages in thread
* [PATCH 5.4 181/367] media: ov2680: Fix ov2680_bayer_order()
2023-09-20 11:26 [PATCH 5.4 000/367] 5.4.257-rc1 review Greg Kroah-Hartman
` (179 preceding siblings ...)
2023-09-20 11:29 ` [PATCH 5.4 180/367] media: ov2680: Remove auto-gain and auto-exposure controls Greg Kroah-Hartman
@ 2023-09-20 11:29 ` Greg Kroah-Hartman
2023-09-20 11:29 ` [PATCH 5.4 182/367] media: ov2680: Fix vflip / hflip set functions Greg Kroah-Hartman
` (191 subsequent siblings)
372 siblings, 0 replies; 396+ messages in thread
From: Greg Kroah-Hartman @ 2023-09-20 11:29 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Daniel Scally, Rui Miguel Silva,
Hans de Goede, Sakari Ailus, Mauro Carvalho Chehab, Sasha Levin
5.4-stable review patch. If anyone has any objections, please let me know.
------------------
From: Hans de Goede <hdegoede@redhat.com>
[ Upstream commit 50a7bad4e0a37d7018ab6fe843dd84bc6b2ecf72 ]
The index into ov2680_hv_flip_bayer_order[] should be 0-3, but
ov2680_bayer_order() was using 0 + BIT(2) + (BIT(2) << 1) as
max index, while the intention was to use: 0 + 1 + 2 as max index.
Fix the index calculation in ov2680_bayer_order(), while at it
also just use the ctrl values rather then reading them back using
a slow i2c-read transaction.
This also allows making the function void, since there now are
no more i2c-reads to error check.
Note the check for the ctrls being NULL is there to allow
adding an ov2680_fill_format() helper later, which will call
ov2680_set_bayer_order() during probe() before the ctrls are created.
[Sakari Ailus: Change all users of ov2680_set_bayer_order() here]
Fixes: 3ee47cad3e69 ("media: ov2680: Add Omnivision OV2680 sensor driver")
Reviewed-by: Daniel Scally <dan.scally@ideasonboard.com>
Acked-by: Rui Miguel Silva <rmfrfs@gmail.com>
Signed-off-by: Hans de Goede <hdegoede@redhat.com>
Signed-off-by: Sakari Ailus <sakari.ailus@linux.intel.com>
Signed-off-by: Mauro Carvalho Chehab <mchehab@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/media/i2c/ov2680.c | 33 ++++++++++++++-------------------
1 file changed, 14 insertions(+), 19 deletions(-)
diff --git a/drivers/media/i2c/ov2680.c b/drivers/media/i2c/ov2680.c
index f143e2af0b5fc..a4baf440b9505 100644
--- a/drivers/media/i2c/ov2680.c
+++ b/drivers/media/i2c/ov2680.c
@@ -315,26 +315,17 @@ static void ov2680_power_down(struct ov2680_dev *sensor)
usleep_range(5000, 10000);
}
-static int ov2680_bayer_order(struct ov2680_dev *sensor)
+static void ov2680_set_bayer_order(struct ov2680_dev *sensor)
{
- u32 format1;
- u32 format2;
- u32 hv_flip;
- int ret;
-
- ret = ov2680_read_reg(sensor, OV2680_REG_FORMAT1, &format1);
- if (ret < 0)
- return ret;
+ int hv_flip = 0;
- ret = ov2680_read_reg(sensor, OV2680_REG_FORMAT2, &format2);
- if (ret < 0)
- return ret;
+ if (sensor->ctrls.vflip && sensor->ctrls.vflip->val)
+ hv_flip += 1;
- hv_flip = (format2 & BIT(2) << 1) | (format1 & BIT(2));
+ if (sensor->ctrls.hflip && sensor->ctrls.hflip->val)
+ hv_flip += 2;
sensor->fmt.code = ov2680_hv_flip_bayer_order[hv_flip];
-
- return 0;
}
static int ov2680_vflip_enable(struct ov2680_dev *sensor)
@@ -345,7 +336,8 @@ static int ov2680_vflip_enable(struct ov2680_dev *sensor)
if (ret < 0)
return ret;
- return ov2680_bayer_order(sensor);
+ ov2680_set_bayer_order(sensor);
+ return 0;
}
static int ov2680_vflip_disable(struct ov2680_dev *sensor)
@@ -356,7 +348,8 @@ static int ov2680_vflip_disable(struct ov2680_dev *sensor)
if (ret < 0)
return ret;
- return ov2680_bayer_order(sensor);
+ ov2680_set_bayer_order(sensor);
+ return 0;
}
static int ov2680_hflip_enable(struct ov2680_dev *sensor)
@@ -367,7 +360,8 @@ static int ov2680_hflip_enable(struct ov2680_dev *sensor)
if (ret < 0)
return ret;
- return ov2680_bayer_order(sensor);
+ ov2680_set_bayer_order(sensor);
+ return 0;
}
static int ov2680_hflip_disable(struct ov2680_dev *sensor)
@@ -378,7 +372,8 @@ static int ov2680_hflip_disable(struct ov2680_dev *sensor)
if (ret < 0)
return ret;
- return ov2680_bayer_order(sensor);
+ ov2680_set_bayer_order(sensor);
+ return 0;
}
static int ov2680_test_pattern_set(struct ov2680_dev *sensor, int value)
--
2.40.1
^ permalink raw reply related [flat|nested] 396+ messages in thread
* [PATCH 5.4 182/367] media: ov2680: Fix vflip / hflip set functions
2023-09-20 11:26 [PATCH 5.4 000/367] 5.4.257-rc1 review Greg Kroah-Hartman
` (180 preceding siblings ...)
2023-09-20 11:29 ` [PATCH 5.4 181/367] media: ov2680: Fix ov2680_bayer_order() Greg Kroah-Hartman
@ 2023-09-20 11:29 ` Greg Kroah-Hartman
2023-09-20 11:29 ` [PATCH 5.4 183/367] media: ov2680: Fix regulators being left enabled on ov2680_power_on() errors Greg Kroah-Hartman
` (190 subsequent siblings)
372 siblings, 0 replies; 396+ messages in thread
From: Greg Kroah-Hartman @ 2023-09-20 11:29 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Daniel Scally, Rui Miguel Silva,
Hans de Goede, Sakari Ailus, Mauro Carvalho Chehab, Sasha Levin
5.4-stable review patch. If anyone has any objections, please let me know.
------------------
From: Hans de Goede <hdegoede@redhat.com>
[ Upstream commit d5d08ad330c9ccebc5e066fda815423a290f48b0 ]
ov2680_vflip_disable() / ov2680_hflip_disable() pass BIT(0) instead of
0 as value to ov2680_mod_reg().
While fixing this also:
1. Stop having separate enable/disable functions for hflip / vflip
2. Move the is_streaming check, which is unique to hflip / vflip
into the ov2680_set_?flip() functions.
for a nice code cleanup.
Fixes: 3ee47cad3e69 ("media: ov2680: Add Omnivision OV2680 sensor driver")
Reviewed-by: Daniel Scally <dan.scally@ideasonboard.com>
Acked-by: Rui Miguel Silva <rmfrfs@gmail.com>
Signed-off-by: Hans de Goede <hdegoede@redhat.com>
Signed-off-by: Sakari Ailus <sakari.ailus@linux.intel.com>
Signed-off-by: Mauro Carvalho Chehab <mchehab@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/media/i2c/ov2680.c | 50 +++++++++-----------------------------
1 file changed, 12 insertions(+), 38 deletions(-)
diff --git a/drivers/media/i2c/ov2680.c b/drivers/media/i2c/ov2680.c
index a4baf440b9505..5249a9eb7c81a 100644
--- a/drivers/media/i2c/ov2680.c
+++ b/drivers/media/i2c/ov2680.c
@@ -328,23 +328,15 @@ static void ov2680_set_bayer_order(struct ov2680_dev *sensor)
sensor->fmt.code = ov2680_hv_flip_bayer_order[hv_flip];
}
-static int ov2680_vflip_enable(struct ov2680_dev *sensor)
+static int ov2680_set_vflip(struct ov2680_dev *sensor, s32 val)
{
int ret;
- ret = ov2680_mod_reg(sensor, OV2680_REG_FORMAT1, BIT(2), BIT(2));
- if (ret < 0)
- return ret;
-
- ov2680_set_bayer_order(sensor);
- return 0;
-}
-
-static int ov2680_vflip_disable(struct ov2680_dev *sensor)
-{
- int ret;
+ if (sensor->is_streaming)
+ return -EBUSY;
- ret = ov2680_mod_reg(sensor, OV2680_REG_FORMAT1, BIT(2), BIT(0));
+ ret = ov2680_mod_reg(sensor, OV2680_REG_FORMAT1,
+ BIT(2), val ? BIT(2) : 0);
if (ret < 0)
return ret;
@@ -352,23 +344,15 @@ static int ov2680_vflip_disable(struct ov2680_dev *sensor)
return 0;
}
-static int ov2680_hflip_enable(struct ov2680_dev *sensor)
+static int ov2680_set_hflip(struct ov2680_dev *sensor, s32 val)
{
int ret;
- ret = ov2680_mod_reg(sensor, OV2680_REG_FORMAT2, BIT(2), BIT(2));
- if (ret < 0)
- return ret;
-
- ov2680_set_bayer_order(sensor);
- return 0;
-}
-
-static int ov2680_hflip_disable(struct ov2680_dev *sensor)
-{
- int ret;
+ if (sensor->is_streaming)
+ return -EBUSY;
- ret = ov2680_mod_reg(sensor, OV2680_REG_FORMAT2, BIT(2), BIT(0));
+ ret = ov2680_mod_reg(sensor, OV2680_REG_FORMAT2,
+ BIT(2), val ? BIT(2) : 0);
if (ret < 0)
return ret;
@@ -721,19 +705,9 @@ static int ov2680_s_ctrl(struct v4l2_ctrl *ctrl)
case V4L2_CID_EXPOSURE:
return ov2680_exposure_set(sensor, ctrl->val);
case V4L2_CID_VFLIP:
- if (sensor->is_streaming)
- return -EBUSY;
- if (ctrl->val)
- return ov2680_vflip_enable(sensor);
- else
- return ov2680_vflip_disable(sensor);
+ return ov2680_set_vflip(sensor, ctrl->val);
case V4L2_CID_HFLIP:
- if (sensor->is_streaming)
- return -EBUSY;
- if (ctrl->val)
- return ov2680_hflip_enable(sensor);
- else
- return ov2680_hflip_disable(sensor);
+ return ov2680_set_hflip(sensor, ctrl->val);
case V4L2_CID_TEST_PATTERN:
return ov2680_test_pattern_set(sensor, ctrl->val);
default:
--
2.40.1
^ permalink raw reply related [flat|nested] 396+ messages in thread
* [PATCH 5.4 183/367] media: ov2680: Fix regulators being left enabled on ov2680_power_on() errors
2023-09-20 11:26 [PATCH 5.4 000/367] 5.4.257-rc1 review Greg Kroah-Hartman
` (181 preceding siblings ...)
2023-09-20 11:29 ` [PATCH 5.4 182/367] media: ov2680: Fix vflip / hflip set functions Greg Kroah-Hartman
@ 2023-09-20 11:29 ` Greg Kroah-Hartman
2023-09-20 11:29 ` [PATCH 5.4 184/367] scsi: core: Use 32-bit hostnum in scsi_host_lookup() Greg Kroah-Hartman
` (189 subsequent siblings)
372 siblings, 0 replies; 396+ messages in thread
From: Greg Kroah-Hartman @ 2023-09-20 11:29 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Daniel Scally, Rui Miguel Silva,
Hans de Goede, Sakari Ailus, Mauro Carvalho Chehab, Sasha Levin
5.4-stable review patch. If anyone has any objections, please let me know.
------------------
From: Hans de Goede <hdegoede@redhat.com>
[ Upstream commit 84b4bd7e0d98166aa32fd470e672721190492eae ]
When the ov2680_power_on() "sensor soft reset failed" path is hit during
probe() the WARN() about putting an enabled regulator at
drivers/regulator/core.c:2398 triggers 3 times (once for each regulator),
filling dmesg with backtraces.
Fix this by properly disabling the regulators on ov2680_power_on() errors.
Fixes: 3ee47cad3e69 ("media: ov2680: Add Omnivision OV2680 sensor driver")
Reviewed-by: Daniel Scally <dan.scally@ideasonboard.com>
Acked-by: Rui Miguel Silva <rmfrfs@gmail.com>
Signed-off-by: Hans de Goede <hdegoede@redhat.com>
Signed-off-by: Sakari Ailus <sakari.ailus@linux.intel.com>
Signed-off-by: Mauro Carvalho Chehab <mchehab@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/media/i2c/ov2680.c | 8 ++++++--
1 file changed, 6 insertions(+), 2 deletions(-)
diff --git a/drivers/media/i2c/ov2680.c b/drivers/media/i2c/ov2680.c
index 5249a9eb7c81a..731a60f6a59af 100644
--- a/drivers/media/i2c/ov2680.c
+++ b/drivers/media/i2c/ov2680.c
@@ -459,7 +459,7 @@ static int ov2680_power_on(struct ov2680_dev *sensor)
ret = ov2680_write_reg(sensor, OV2680_REG_SOFT_RESET, 0x01);
if (ret != 0) {
dev_err(dev, "sensor soft reset failed\n");
- return ret;
+ goto err_disable_regulators;
}
usleep_range(1000, 2000);
} else {
@@ -469,7 +469,7 @@ static int ov2680_power_on(struct ov2680_dev *sensor)
ret = clk_prepare_enable(sensor->xvclk);
if (ret < 0)
- return ret;
+ goto err_disable_regulators;
sensor->is_enabled = true;
@@ -479,6 +479,10 @@ static int ov2680_power_on(struct ov2680_dev *sensor)
ov2680_stream_disable(sensor);
return 0;
+
+err_disable_regulators:
+ regulator_bulk_disable(OV2680_NUM_SUPPLIES, sensor->supplies);
+ return ret;
}
static int ov2680_s_power(struct v4l2_subdev *sd, int on)
--
2.40.1
^ permalink raw reply related [flat|nested] 396+ messages in thread
* [PATCH 5.4 184/367] scsi: core: Use 32-bit hostnum in scsi_host_lookup()
2023-09-20 11:26 [PATCH 5.4 000/367] 5.4.257-rc1 review Greg Kroah-Hartman
` (182 preceding siblings ...)
2023-09-20 11:29 ` [PATCH 5.4 183/367] media: ov2680: Fix regulators being left enabled on ov2680_power_on() errors Greg Kroah-Hartman
@ 2023-09-20 11:29 ` Greg Kroah-Hartman
2023-09-20 11:29 ` [PATCH 5.4 185/367] scsi: fcoe: Fix potential deadlock on &fip->ctlr_lock Greg Kroah-Hartman
` (188 subsequent siblings)
372 siblings, 0 replies; 396+ messages in thread
From: Greg Kroah-Hartman @ 2023-09-20 11:29 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Tony Battersby, Bart Van Assche,
Martin K. Petersen, Sasha Levin
5.4-stable review patch. If anyone has any objections, please let me know.
------------------
From: Tony Battersby <tonyb@cybernetics.com>
[ Upstream commit 62ec2092095b678ff89ce4ba51c2938cd1e8e630 ]
Change scsi_host_lookup() hostnum argument type from unsigned short to
unsigned int to match the type used everywhere else.
Fixes: 6d49f63b415c ("[SCSI] Make host_no an unsigned int")
Signed-off-by: Tony Battersby <tonyb@cybernetics.com>
Link: https://lore.kernel.org/r/a02497e7-c12b-ef15-47fc-3f0a0b00ffce@cybernetics.com
Reviewed-by: Bart Van Assche <bvanassche@acm.org>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/scsi/hosts.c | 4 ++--
include/scsi/scsi_host.h | 2 +-
2 files changed, 3 insertions(+), 3 deletions(-)
diff --git a/drivers/scsi/hosts.c b/drivers/scsi/hosts.c
index b97e046c6a6e1..a8ae573294e57 100644
--- a/drivers/scsi/hosts.c
+++ b/drivers/scsi/hosts.c
@@ -518,7 +518,7 @@ EXPORT_SYMBOL(scsi_host_alloc);
static int __scsi_host_match(struct device *dev, const void *data)
{
struct Scsi_Host *p;
- const unsigned short *hostnum = data;
+ const unsigned int *hostnum = data;
p = class_to_shost(dev);
return p->host_no == *hostnum;
@@ -535,7 +535,7 @@ static int __scsi_host_match(struct device *dev, const void *data)
* that scsi_host_get() took. The put_device() below dropped
* the reference from class_find_device().
**/
-struct Scsi_Host *scsi_host_lookup(unsigned short hostnum)
+struct Scsi_Host *scsi_host_lookup(unsigned int hostnum)
{
struct device *cdev;
struct Scsi_Host *shost = NULL;
diff --git a/include/scsi/scsi_host.h b/include/scsi/scsi_host.h
index 31e0d6ca1ebaa..4488c3468c6de 100644
--- a/include/scsi/scsi_host.h
+++ b/include/scsi/scsi_host.h
@@ -744,7 +744,7 @@ extern void scsi_remove_host(struct Scsi_Host *);
extern struct Scsi_Host *scsi_host_get(struct Scsi_Host *);
extern int scsi_host_busy(struct Scsi_Host *shost);
extern void scsi_host_put(struct Scsi_Host *t);
-extern struct Scsi_Host *scsi_host_lookup(unsigned short);
+extern struct Scsi_Host *scsi_host_lookup(unsigned int hostnum);
extern const char *scsi_host_state_name(enum scsi_host_state);
static inline int __must_check scsi_add_host(struct Scsi_Host *host,
--
2.40.1
^ permalink raw reply related [flat|nested] 396+ messages in thread
* [PATCH 5.4 185/367] scsi: fcoe: Fix potential deadlock on &fip->ctlr_lock
2023-09-20 11:26 [PATCH 5.4 000/367] 5.4.257-rc1 review Greg Kroah-Hartman
` (183 preceding siblings ...)
2023-09-20 11:29 ` [PATCH 5.4 184/367] scsi: core: Use 32-bit hostnum in scsi_host_lookup() Greg Kroah-Hartman
@ 2023-09-20 11:29 ` Greg Kroah-Hartman
2023-09-20 11:29 ` [PATCH 5.4 186/367] serial: tegra: handle clk prepare error in tegra_uart_hw_init() Greg Kroah-Hartman
` (187 subsequent siblings)
372 siblings, 0 replies; 396+ messages in thread
From: Greg Kroah-Hartman @ 2023-09-20 11:29 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Chengfeng Ye, Davidlohr Bueso,
Martin K. Petersen, Sasha Levin
5.4-stable review patch. If anyone has any objections, please let me know.
------------------
From: Chengfeng Ye <dg573847474@gmail.com>
[ Upstream commit 1a1975551943f681772720f639ff42fbaa746212 ]
There is a long call chain that &fip->ctlr_lock is acquired by isr
fnic_isr_msix_wq_copy() under hard IRQ context. Thus other process context
code acquiring the lock should disable IRQ, otherwise deadlock could happen
if the IRQ preempts the execution while the lock is held in process context
on the same CPU.
[ISR]
fnic_isr_msix_wq_copy()
-> fnic_wq_copy_cmpl_handler()
-> fnic_fcpio_cmpl_handler()
-> fnic_fcpio_flogi_reg_cmpl_handler()
-> fnic_flush_tx()
-> fnic_send_frame()
-> fcoe_ctlr_els_send()
-> spin_lock_bh(&fip->ctlr_lock)
[Process Context]
1. fcoe_ctlr_timer_work()
-> fcoe_ctlr_flogi_send()
-> spin_lock_bh(&fip->ctlr_lock)
2. fcoe_ctlr_recv_work()
-> fcoe_ctlr_recv_handler()
-> fcoe_ctlr_recv_els()
-> fcoe_ctlr_announce()
-> spin_lock_bh(&fip->ctlr_lock)
3. fcoe_ctlr_recv_work()
-> fcoe_ctlr_recv_handler()
-> fcoe_ctlr_recv_els()
-> fcoe_ctlr_flogi_retry()
-> spin_lock_bh(&fip->ctlr_lock)
4. -> fcoe_xmit()
-> fcoe_ctlr_els_send()
-> spin_lock_bh(&fip->ctlr_lock)
spin_lock_bh() is not enough since fnic_isr_msix_wq_copy() is a
hardirq.
These flaws were found by an experimental static analysis tool I am
developing for irq-related deadlock.
The patch fix the potential deadlocks by spin_lock_irqsave() to disable
hard irq.
Fixes: 794d98e77f59 ("[SCSI] libfcoe: retry rejected FLOGI to another FCF if possible")
Signed-off-by: Chengfeng Ye <dg573847474@gmail.com>
Link: https://lore.kernel.org/r/20230817074708.7509-1-dg573847474@gmail.com
Reviewed-by: Davidlohr Bueso <dave@stgolabs.net>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/scsi/fcoe/fcoe_ctlr.c | 20 ++++++++++++--------
1 file changed, 12 insertions(+), 8 deletions(-)
diff --git a/drivers/scsi/fcoe/fcoe_ctlr.c b/drivers/scsi/fcoe/fcoe_ctlr.c
index 7ce2a0434e1e5..d45e8c57051bf 100644
--- a/drivers/scsi/fcoe/fcoe_ctlr.c
+++ b/drivers/scsi/fcoe/fcoe_ctlr.c
@@ -318,16 +318,17 @@ static void fcoe_ctlr_announce(struct fcoe_ctlr *fip)
{
struct fcoe_fcf *sel;
struct fcoe_fcf *fcf;
+ unsigned long flags;
mutex_lock(&fip->ctlr_mutex);
- spin_lock_bh(&fip->ctlr_lock);
+ spin_lock_irqsave(&fip->ctlr_lock, flags);
kfree_skb(fip->flogi_req);
fip->flogi_req = NULL;
list_for_each_entry(fcf, &fip->fcfs, list)
fcf->flogi_sent = 0;
- spin_unlock_bh(&fip->ctlr_lock);
+ spin_unlock_irqrestore(&fip->ctlr_lock, flags);
sel = fip->sel_fcf;
if (sel && ether_addr_equal(sel->fcf_mac, fip->dest_addr))
@@ -697,6 +698,7 @@ int fcoe_ctlr_els_send(struct fcoe_ctlr *fip, struct fc_lport *lport,
{
struct fc_frame *fp;
struct fc_frame_header *fh;
+ unsigned long flags;
u16 old_xid;
u8 op;
u8 mac[ETH_ALEN];
@@ -730,11 +732,11 @@ int fcoe_ctlr_els_send(struct fcoe_ctlr *fip, struct fc_lport *lport,
op = FIP_DT_FLOGI;
if (fip->mode == FIP_MODE_VN2VN)
break;
- spin_lock_bh(&fip->ctlr_lock);
+ spin_lock_irqsave(&fip->ctlr_lock, flags);
kfree_skb(fip->flogi_req);
fip->flogi_req = skb;
fip->flogi_req_send = 1;
- spin_unlock_bh(&fip->ctlr_lock);
+ spin_unlock_irqrestore(&fip->ctlr_lock, flags);
schedule_work(&fip->timer_work);
return -EINPROGRESS;
case ELS_FDISC:
@@ -1711,10 +1713,11 @@ static int fcoe_ctlr_flogi_send_locked(struct fcoe_ctlr *fip)
static int fcoe_ctlr_flogi_retry(struct fcoe_ctlr *fip)
{
struct fcoe_fcf *fcf;
+ unsigned long flags;
int error;
mutex_lock(&fip->ctlr_mutex);
- spin_lock_bh(&fip->ctlr_lock);
+ spin_lock_irqsave(&fip->ctlr_lock, flags);
LIBFCOE_FIP_DBG(fip, "re-sending FLOGI - reselect\n");
fcf = fcoe_ctlr_select(fip);
if (!fcf || fcf->flogi_sent) {
@@ -1725,7 +1728,7 @@ static int fcoe_ctlr_flogi_retry(struct fcoe_ctlr *fip)
fcoe_ctlr_solicit(fip, NULL);
error = fcoe_ctlr_flogi_send_locked(fip);
}
- spin_unlock_bh(&fip->ctlr_lock);
+ spin_unlock_irqrestore(&fip->ctlr_lock, flags);
mutex_unlock(&fip->ctlr_mutex);
return error;
}
@@ -1742,8 +1745,9 @@ static int fcoe_ctlr_flogi_retry(struct fcoe_ctlr *fip)
static void fcoe_ctlr_flogi_send(struct fcoe_ctlr *fip)
{
struct fcoe_fcf *fcf;
+ unsigned long flags;
- spin_lock_bh(&fip->ctlr_lock);
+ spin_lock_irqsave(&fip->ctlr_lock, flags);
fcf = fip->sel_fcf;
if (!fcf || !fip->flogi_req_send)
goto unlock;
@@ -1770,7 +1774,7 @@ static void fcoe_ctlr_flogi_send(struct fcoe_ctlr *fip)
} else /* XXX */
LIBFCOE_FIP_DBG(fip, "No FCF selected - defer send\n");
unlock:
- spin_unlock_bh(&fip->ctlr_lock);
+ spin_unlock_irqrestore(&fip->ctlr_lock, flags);
}
/**
--
2.40.1
^ permalink raw reply related [flat|nested] 396+ messages in thread
* [PATCH 5.4 186/367] serial: tegra: handle clk prepare error in tegra_uart_hw_init()
2023-09-20 11:26 [PATCH 5.4 000/367] 5.4.257-rc1 review Greg Kroah-Hartman
` (184 preceding siblings ...)
2023-09-20 11:29 ` [PATCH 5.4 185/367] scsi: fcoe: Fix potential deadlock on &fip->ctlr_lock Greg Kroah-Hartman
@ 2023-09-20 11:29 ` Greg Kroah-Hartman
2023-09-20 11:29 ` [PATCH 5.4 187/367] amba: bus: fix refcount leak Greg Kroah-Hartman
` (186 subsequent siblings)
372 siblings, 0 replies; 396+ messages in thread
From: Greg Kroah-Hartman @ 2023-09-20 11:29 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Yi Yang, Sasha Levin
5.4-stable review patch. If anyone has any objections, please let me know.
------------------
From: Yi Yang <yiyang13@huawei.com>
[ Upstream commit 5abd01145d0cc6cd1b7c2fe6ee0b9ea0fa13671e ]
In tegra_uart_hw_init(), the return value of clk_prepare_enable() should
be checked since it might fail.
Fixes: e9ea096dd225 ("serial: tegra: add serial driver")
Signed-off-by: Yi Yang <yiyang13@huawei.com>
Link: https://lore.kernel.org/r/20230817105406.228674-1-yiyang13@huawei.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/tty/serial/serial-tegra.c | 6 +++++-
1 file changed, 5 insertions(+), 1 deletion(-)
diff --git a/drivers/tty/serial/serial-tegra.c b/drivers/tty/serial/serial-tegra.c
index 7930f2a81b4c1..2b5d26df5fcfc 100644
--- a/drivers/tty/serial/serial-tegra.c
+++ b/drivers/tty/serial/serial-tegra.c
@@ -1000,7 +1000,11 @@ static int tegra_uart_hw_init(struct tegra_uart_port *tup)
tup->ier_shadow = 0;
tup->current_baud = 0;
- clk_prepare_enable(tup->uart_clk);
+ ret = clk_prepare_enable(tup->uart_clk);
+ if (ret) {
+ dev_err(tup->uport.dev, "could not enable clk\n");
+ return ret;
+ }
/* Reset the UART controller to clear all previous status.*/
reset_control_assert(tup->rst);
--
2.40.1
^ permalink raw reply related [flat|nested] 396+ messages in thread
* [PATCH 5.4 187/367] amba: bus: fix refcount leak
2023-09-20 11:26 [PATCH 5.4 000/367] 5.4.257-rc1 review Greg Kroah-Hartman
` (185 preceding siblings ...)
2023-09-20 11:29 ` [PATCH 5.4 186/367] serial: tegra: handle clk prepare error in tegra_uart_hw_init() Greg Kroah-Hartman
@ 2023-09-20 11:29 ` Greg Kroah-Hartman
2023-09-20 11:29 ` [PATCH 5.4 188/367] Revert "IB/isert: Fix incorrect release of isert connection" Greg Kroah-Hartman
` (185 subsequent siblings)
372 siblings, 0 replies; 396+ messages in thread
From: Greg Kroah-Hartman @ 2023-09-20 11:29 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Peng Fan, Andy Shevchenko, Sasha Levin
5.4-stable review patch. If anyone has any objections, please let me know.
------------------
From: Peng Fan <peng.fan@nxp.com>
[ Upstream commit e312cbdc11305568554a9e18a2ea5c2492c183f3 ]
commit 5de1540b7bc4 ("drivers/amba: create devices from device tree")
increases the refcount of of_node, but not releases it in
amba_device_release, so there is refcount leak. By using of_node_put
to avoid refcount leak.
Fixes: 5de1540b7bc4 ("drivers/amba: create devices from device tree")
Signed-off-by: Peng Fan <peng.fan@nxp.com>
Reviewed-by: Andy Shevchenko <andriy.shevchenko@linux.intel.com>
Link: https://lore.kernel.org/r/20230821023928.3324283-1-peng.fan@oss.nxp.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/amba/bus.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/drivers/amba/bus.c b/drivers/amba/bus.c
index 702284bcd467c..252b0b43d50ee 100644
--- a/drivers/amba/bus.c
+++ b/drivers/amba/bus.c
@@ -364,6 +364,7 @@ static void amba_device_release(struct device *dev)
{
struct amba_device *d = to_amba_device(dev);
+ of_node_put(d->dev.of_node);
if (d->res.parent)
release_resource(&d->res);
kfree(d);
--
2.40.1
^ permalink raw reply related [flat|nested] 396+ messages in thread
* [PATCH 5.4 188/367] Revert "IB/isert: Fix incorrect release of isert connection"
2023-09-20 11:26 [PATCH 5.4 000/367] 5.4.257-rc1 review Greg Kroah-Hartman
` (186 preceding siblings ...)
2023-09-20 11:29 ` [PATCH 5.4 187/367] amba: bus: fix refcount leak Greg Kroah-Hartman
@ 2023-09-20 11:29 ` Greg Kroah-Hartman
2023-09-20 11:29 ` [PATCH 5.4 189/367] RDMA/siw: Balance the reference of cep->kref in the error path Greg Kroah-Hartman
` (184 subsequent siblings)
372 siblings, 0 replies; 396+ messages in thread
From: Greg Kroah-Hartman @ 2023-09-20 11:29 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Dennis Dalessandro, Leon Romanovsky,
Sasha Levin
5.4-stable review patch. If anyone has any objections, please let me know.
------------------
From: Leon Romanovsky <leonro@nvidia.com>
[ Upstream commit dfe261107c080709459c32695847eec96238852b ]
Commit: 699826f4e30a ("IB/isert: Fix incorrect release of isert connection") is
causing problems on OPA when DEVICE_REMOVAL is happening.
------------[ cut here ]------------
WARNING: CPU: 52 PID: 2117247 at drivers/infiniband/core/cq.c:359
ib_cq_pool_cleanup+0xac/0xb0 [ib_core]
Modules linked in: nfsd nfs_acl target_core_user uio tcm_fc libfc
scsi_transport_fc tcm_loop target_core_pscsi target_core_iblock target_core_file
rpcsec_gss_krb5 auth_rpcgss nfsv4 dns_resolver nfs lockd grace fscache netfs
rfkill rpcrdma rdma_ucm ib_srpt sunrpc ib_isert iscsi_target_mod target_core_mod
opa_vnic ib_iser libiscsi ib_umad scsi_transport_iscsi rdma_cm ib_ipoib iw_cm
ib_cm hfi1(-) rdmavt ib_uverbs intel_rapl_msr intel_rapl_common sb_edac ib_core
x86_pkg_temp_thermal intel_powerclamp coretemp i2c_i801 mxm_wmi rapl iTCO_wdt
ipmi_si iTCO_vendor_support mei_me ipmi_devintf mei intel_cstate ioatdma
intel_uncore i2c_smbus joydev pcspkr lpc_ich ipmi_msghandler acpi_power_meter
acpi_pad xfs libcrc32c sr_mod sd_mod cdrom t10_pi sg crct10dif_pclmul
crc32_pclmul crc32c_intel drm_kms_helper drm_shmem_helper ahci libahci
ghash_clmulni_intel igb drm libata dca i2c_algo_bit wmi fuse
CPU: 52 PID: 2117247 Comm: modprobe Not tainted 6.5.0-rc1+ #1
Hardware name: Intel Corporation S2600CWR/S2600CW, BIOS
SE5C610.86B.01.01.0014.121820151719 12/18/2015
RIP: 0010:ib_cq_pool_cleanup+0xac/0xb0 [ib_core]
Code: ff 48 8b 43 40 48 8d 7b 40 48 83 e8 40 4c 39 e7 75 b3 49 83
c4 10 4d 39 fc 75 94 5b 5d 41 5c 41 5d 41 5e 41 5f c3 cc cc cc cc <0f> 0b eb a1
90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 0f 1f
RSP: 0018:ffffc10bea13fc80 EFLAGS: 00010206
RAX: 000000000000010c RBX: ffff9bf5c7e66c00 RCX: 000000008020001d
RDX: 000000008020001e RSI: fffff175221f9900 RDI: ffff9bf5c7e67640
RBP: ffff9bf5c7e67600 R08: ffff9bf5c7e64400 R09: 000000008020001d
R10: 0000000040000000 R11: 0000000000000000 R12: ffff9bee4b1e8a18
R13: dead000000000122 R14: dead000000000100 R15: ffff9bee4b1e8a38
FS: 00007ff1e6d38740(0000) GS:ffff9bfd9fb00000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00005652044ecc68 CR3: 0000000889b5c005 CR4: 00000000001706e0
Call Trace:
<TASK>
? __warn+0x80/0x130
? ib_cq_pool_cleanup+0xac/0xb0 [ib_core]
? report_bug+0x195/0x1a0
? handle_bug+0x3c/0x70
? exc_invalid_op+0x14/0x70
? asm_exc_invalid_op+0x16/0x20
? ib_cq_pool_cleanup+0xac/0xb0 [ib_core]
disable_device+0x9d/0x160 [ib_core]
__ib_unregister_device+0x42/0xb0 [ib_core]
ib_unregister_device+0x22/0x30 [ib_core]
rvt_unregister_device+0x20/0x90 [rdmavt]
hfi1_unregister_ib_device+0x16/0xf0 [hfi1]
remove_one+0x55/0x1a0 [hfi1]
pci_device_remove+0x36/0xa0
device_release_driver_internal+0x193/0x200
driver_detach+0x44/0x90
bus_remove_driver+0x69/0xf0
pci_unregister_driver+0x2a/0xb0
hfi1_mod_cleanup+0xc/0x3c [hfi1]
__do_sys_delete_module.constprop.0+0x17a/0x2f0
? exit_to_user_mode_prepare+0xc4/0xd0
? syscall_trace_enter.constprop.0+0x126/0x1a0
do_syscall_64+0x5c/0x90
? syscall_exit_to_user_mode+0x12/0x30
? do_syscall_64+0x69/0x90
? syscall_exit_work+0x103/0x130
? syscall_exit_to_user_mode+0x12/0x30
? do_syscall_64+0x69/0x90
? exc_page_fault+0x65/0x150
entry_SYSCALL_64_after_hwframe+0x6e/0xd8
RIP: 0033:0x7ff1e643f5ab
Code: 73 01 c3 48 8b 0d 75 a8 1b 00 f7 d8 64 89 01 48 83 c8 ff c3
66 2e 0f 1f 84 00 00 00 00 00 90 f3 0f 1e fa b8 b0 00 00 00 0f 05 <48> 3d 01 f0
ff ff 73 01 c3 48 8b 0d 45 a8 1b 00 f7 d8 64 89 01 48
RSP: 002b:00007ffec9103cc8 EFLAGS: 00000206 ORIG_RAX: 00000000000000b0
RAX: ffffffffffffffda RBX: 00005615267fdc50 RCX: 00007ff1e643f5ab
RDX: 0000000000000000 RSI: 0000000000000800 RDI: 00005615267fdcb8
RBP: 00005615267fdc50 R08: 0000000000000000 R09: 0000000000000000
R10: 00007ff1e659eac0 R11: 0000000000000206 R12: 00005615267fdcb8
R13: 0000000000000000 R14: 00005615267fdcb8 R15: 00007ffec9105ff8
</TASK>
---[ end trace 0000000000000000 ]---
And...
restrack: ------------[ cut here ]------------
infiniband hfi1_0: BUG: RESTRACK detected leak of resources
restrack: Kernel PD object allocated by ib_isert is not freed
restrack: Kernel CQ object allocated by ib_core is not freed
restrack: Kernel QP object allocated by rdma_cm is not freed
restrack: ------------[ cut here ]------------
Fixes: 699826f4e30a ("IB/isert: Fix incorrect release of isert connection")
Reported-by: Dennis Dalessandro <dennis.dalessandro@cornelisnetworks.com>
Closes: https://lore.kernel.org/all/921cd1d9-2879-f455-1f50-0053fe6a6655@cornelisnetworks.com
Link: https://lore.kernel.org/r/a27982d3235005c58f6d321f3fad5eb6e1beaf9e.1692604607.git.leonro@nvidia.com
Tested-by: Dennis Dalessandro <dennis.dalessandro@cornelisnetworks.com>
Signed-off-by: Leon Romanovsky <leonro@nvidia.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/infiniband/ulp/isert/ib_isert.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/drivers/infiniband/ulp/isert/ib_isert.c b/drivers/infiniband/ulp/isert/ib_isert.c
index 5bb1fc7fd79c9..6ff92dca2898c 100644
--- a/drivers/infiniband/ulp/isert/ib_isert.c
+++ b/drivers/infiniband/ulp/isert/ib_isert.c
@@ -2646,6 +2646,8 @@ static void isert_wait_conn(struct iscsi_conn *conn)
isert_put_unsol_pending_cmds(conn);
isert_wait4cmds(conn);
isert_wait4logout(isert_conn);
+
+ queue_work(isert_release_wq, &isert_conn->release_work);
}
static void isert_free_conn(struct iscsi_conn *conn)
--
2.40.1
^ permalink raw reply related [flat|nested] 396+ messages in thread
* [PATCH 5.4 189/367] RDMA/siw: Balance the reference of cep->kref in the error path
2023-09-20 11:26 [PATCH 5.4 000/367] 5.4.257-rc1 review Greg Kroah-Hartman
` (187 preceding siblings ...)
2023-09-20 11:29 ` [PATCH 5.4 188/367] Revert "IB/isert: Fix incorrect release of isert connection" Greg Kroah-Hartman
@ 2023-09-20 11:29 ` Greg Kroah-Hartman
2023-09-20 11:29 ` [PATCH 5.4 190/367] RDMA/siw: Correct wrong debug message Greg Kroah-Hartman
` (183 subsequent siblings)
372 siblings, 0 replies; 396+ messages in thread
From: Greg Kroah-Hartman @ 2023-09-20 11:29 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Guoqing Jiang, Bernard Metzler,
Leon Romanovsky, Sasha Levin
5.4-stable review patch. If anyone has any objections, please let me know.
------------------
From: Guoqing Jiang <guoqing.jiang@linux.dev>
[ Upstream commit b056327bee09e6b86683d3f709a438ccd6031d72 ]
The siw_connect can go to err in below after cep is allocated successfully:
1. If siw_cm_alloc_work returns failure. In this case socket is not
assoicated with cep so siw_cep_put can't be called by siw_socket_disassoc.
We need to call siw_cep_put twice since cep->kref is increased once after
it was initialized.
2. If siw_cm_queue_work can't find a work, which means siw_cep_get is not
called in siw_cm_queue_work, so cep->kref is increased twice by siw_cep_get
and when associate socket with cep after it was initialized. So we need to
call siw_cep_put three times (one in siw_socket_disassoc).
3. siw_send_mpareqrep returns error, this scenario is similar as 2.
So we need to remove one siw_cep_put in the error path.
Fixes: 6c52fdc244b5 ("rdma/siw: connection management")
Signed-off-by: Guoqing Jiang <guoqing.jiang@linux.dev>
Link: https://lore.kernel.org/r/20230821133255.31111-2-guoqing.jiang@linux.dev
Acked-by: Bernard Metzler <bmt@zurich.ibm.com>
Signed-off-by: Leon Romanovsky <leon@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/infiniband/sw/siw/siw_cm.c | 1 -
1 file changed, 1 deletion(-)
diff --git a/drivers/infiniband/sw/siw/siw_cm.c b/drivers/infiniband/sw/siw/siw_cm.c
index 69fcf21eaf528..3d96b649889ca 100644
--- a/drivers/infiniband/sw/siw/siw_cm.c
+++ b/drivers/infiniband/sw/siw/siw_cm.c
@@ -1525,7 +1525,6 @@ int siw_connect(struct iw_cm_id *id, struct iw_cm_conn_param *params)
cep->cm_id = NULL;
id->rem_ref(id);
- siw_cep_put(cep);
qp->cep = NULL;
siw_cep_put(cep);
--
2.40.1
^ permalink raw reply related [flat|nested] 396+ messages in thread
* [PATCH 5.4 190/367] RDMA/siw: Correct wrong debug message
2023-09-20 11:26 [PATCH 5.4 000/367] 5.4.257-rc1 review Greg Kroah-Hartman
` (188 preceding siblings ...)
2023-09-20 11:29 ` [PATCH 5.4 189/367] RDMA/siw: Balance the reference of cep->kref in the error path Greg Kroah-Hartman
@ 2023-09-20 11:29 ` Greg Kroah-Hartman
2023-09-20 11:29 ` [PATCH 5.4 191/367] HID: logitech-dj: Fix error handling in logi_dj_recv_switch_to_dj_mode() Greg Kroah-Hartman
` (182 subsequent siblings)
372 siblings, 0 replies; 396+ messages in thread
From: Greg Kroah-Hartman @ 2023-09-20 11:29 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Guoqing Jiang, Bernard Metzler,
Leon Romanovsky, Sasha Levin
5.4-stable review patch. If anyone has any objections, please let me know.
------------------
From: Guoqing Jiang <guoqing.jiang@linux.dev>
[ Upstream commit bee024d20451e4ce04ea30099cad09f7f75d288b ]
We need to print num_sle first then pbl->max_buf per the condition.
Also replace mem->pbl with pbl while at it.
Fixes: 303ae1cdfdf7 ("rdma/siw: application interface")
Signed-off-by: Guoqing Jiang <guoqing.jiang@linux.dev>
Link: https://lore.kernel.org/r/20230821133255.31111-3-guoqing.jiang@linux.dev
Acked-by: Bernard Metzler <bmt@zurich.ibm.com>
Signed-off-by: Leon Romanovsky <leon@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/infiniband/sw/siw/siw_verbs.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/infiniband/sw/siw/siw_verbs.c b/drivers/infiniband/sw/siw/siw_verbs.c
index c8c2014b79d22..236f9efaa75ce 100644
--- a/drivers/infiniband/sw/siw/siw_verbs.c
+++ b/drivers/infiniband/sw/siw/siw_verbs.c
@@ -1509,7 +1509,7 @@ int siw_map_mr_sg(struct ib_mr *base_mr, struct scatterlist *sl, int num_sle,
if (pbl->max_buf < num_sle) {
siw_dbg_mem(mem, "too many SGE's: %d > %d\n",
- mem->pbl->max_buf, num_sle);
+ num_sle, pbl->max_buf);
return -ENOMEM;
}
for_each_sg(sl, slp, num_sle, i) {
--
2.40.1
^ permalink raw reply related [flat|nested] 396+ messages in thread
* [PATCH 5.4 191/367] HID: logitech-dj: Fix error handling in logi_dj_recv_switch_to_dj_mode()
2023-09-20 11:26 [PATCH 5.4 000/367] 5.4.257-rc1 review Greg Kroah-Hartman
` (189 preceding siblings ...)
2023-09-20 11:29 ` [PATCH 5.4 190/367] RDMA/siw: Correct wrong debug message Greg Kroah-Hartman
@ 2023-09-20 11:29 ` Greg Kroah-Hartman
2023-09-20 11:29 ` [PATCH 5.4 192/367] HID: multitouch: Correct devm device reference for hidinput input_dev name Greg Kroah-Hartman
` (181 subsequent siblings)
372 siblings, 0 replies; 396+ messages in thread
From: Greg Kroah-Hartman @ 2023-09-20 11:29 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Nikita Zhandarovich,
Benjamin Tissoires, Sasha Levin
5.4-stable review patch. If anyone has any objections, please let me know.
------------------
From: Nikita Zhandarovich <n.zhandarovich@fintech.ru>
[ Upstream commit 6f20d3261265885f6a6be4cda49d7019728760e0 ]
Presently, if a call to logi_dj_recv_send_report() fails, we do
not learn about the error until after sending short
HID_OUTPUT_REPORT with hid_hw_raw_request().
To handle this somewhat unlikely issue, return on error in
logi_dj_recv_send_report() (minding ugly sleep workaround) and
take into account the result of hid_hw_raw_request().
Found by Linux Verification Center (linuxtesting.org) with static
analysis tool SVACE.
Fixes: 6a9ddc897883 ("HID: logitech-dj: enable notifications on connect/disconnect")
Signed-off-by: Nikita Zhandarovich <n.zhandarovich@fintech.ru>
Link: https://lore.kernel.org/r/20230613101635.77820-1-n.zhandarovich@fintech.ru
Signed-off-by: Benjamin Tissoires <bentiss@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/hid/hid-logitech-dj.c | 5 ++++-
1 file changed, 4 insertions(+), 1 deletion(-)
diff --git a/drivers/hid/hid-logitech-dj.c b/drivers/hid/hid-logitech-dj.c
index a663cbb7b6832..0c2aa9024b878 100644
--- a/drivers/hid/hid-logitech-dj.c
+++ b/drivers/hid/hid-logitech-dj.c
@@ -1212,6 +1212,9 @@ static int logi_dj_recv_switch_to_dj_mode(struct dj_receiver_dev *djrcv_dev,
* 50 msec should gives enough time to the receiver to be ready.
*/
msleep(50);
+
+ if (retval)
+ return retval;
}
/*
@@ -1233,7 +1236,7 @@ static int logi_dj_recv_switch_to_dj_mode(struct dj_receiver_dev *djrcv_dev,
buf[5] = 0x09;
buf[6] = 0x00;
- hid_hw_raw_request(hdev, REPORT_ID_HIDPP_SHORT, buf,
+ retval = hid_hw_raw_request(hdev, REPORT_ID_HIDPP_SHORT, buf,
HIDPP_REPORT_SHORT_LENGTH, HID_OUTPUT_REPORT,
HID_REQ_SET_REPORT);
--
2.40.1
^ permalink raw reply related [flat|nested] 396+ messages in thread
* [PATCH 5.4 192/367] HID: multitouch: Correct devm device reference for hidinput input_dev name
2023-09-20 11:26 [PATCH 5.4 000/367] 5.4.257-rc1 review Greg Kroah-Hartman
` (190 preceding siblings ...)
2023-09-20 11:29 ` [PATCH 5.4 191/367] HID: logitech-dj: Fix error handling in logi_dj_recv_switch_to_dj_mode() Greg Kroah-Hartman
@ 2023-09-20 11:29 ` Greg Kroah-Hartman
2023-09-20 11:29 ` [PATCH 5.4 193/367] x86/speculation: Mark all Skylake CPUs as vulnerable to GDS Greg Kroah-Hartman
` (180 subsequent siblings)
372 siblings, 0 replies; 396+ messages in thread
From: Greg Kroah-Hartman @ 2023-09-20 11:29 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Maxime Ripard, Dmitry Torokhov,
Rahul Rameshbabu, Benjamin Tissoires, Sasha Levin
5.4-stable review patch. If anyone has any objections, please let me know.
------------------
From: Rahul Rameshbabu <sergeantsagara@protonmail.com>
[ Upstream commit 4794394635293a3e74591351fff469cea7ad15a2 ]
Reference the HID device rather than the input device for the devm
allocation of the input_dev name. Referencing the input_dev would lead to a
use-after-free when the input_dev was unregistered and subsequently fires a
uevent that depends on the name. At the point of firing the uevent, the
name would be freed by devres management.
Use devm_kasprintf to simplify the logic for allocating memory and
formatting the input_dev name string.
Reported-by: Maxime Ripard <mripard@kernel.org>
Closes: https://lore.kernel.org/linux-input/ZOZIZCND+L0P1wJc@penguin/T/#m443f3dce92520f74b6cf6ffa8653f9c92643d4ae
Fixes: c08d46aa805b ("HID: multitouch: devm conversion")
Suggested-by: Maxime Ripard <mripard@kernel.org>
Suggested-by: Dmitry Torokhov <dmitry.torokhov@gmail.com>
Signed-off-by: Rahul Rameshbabu <sergeantsagara@protonmail.com>
Reviewed-by: Maxime Ripard <mripard@kernel.org>
Link: https://lore.kernel.org/r/20230824061308.222021-3-sergeantsagara@protonmail.com
Signed-off-by: Benjamin Tissoires <bentiss@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/hid/hid-multitouch.c | 13 +++----------
1 file changed, 3 insertions(+), 10 deletions(-)
diff --git a/drivers/hid/hid-multitouch.c b/drivers/hid/hid-multitouch.c
index 9db327654580c..0893b31e6f102 100644
--- a/drivers/hid/hid-multitouch.c
+++ b/drivers/hid/hid-multitouch.c
@@ -1548,7 +1548,6 @@ static void mt_post_parse(struct mt_device *td, struct mt_application *app)
static int mt_input_configured(struct hid_device *hdev, struct hid_input *hi)
{
struct mt_device *td = hid_get_drvdata(hdev);
- char *name;
const char *suffix = NULL;
struct mt_report_data *rdata;
struct mt_application *mt_application = NULL;
@@ -1602,15 +1601,9 @@ static int mt_input_configured(struct hid_device *hdev, struct hid_input *hi)
break;
}
- if (suffix) {
- name = devm_kzalloc(&hi->input->dev,
- strlen(hdev->name) + strlen(suffix) + 2,
- GFP_KERNEL);
- if (name) {
- sprintf(name, "%s %s", hdev->name, suffix);
- hi->input->name = name;
- }
- }
+ if (suffix)
+ hi->input->name = devm_kasprintf(&hdev->dev, GFP_KERNEL,
+ "%s %s", hdev->name, suffix);
return 0;
}
--
2.40.1
^ permalink raw reply related [flat|nested] 396+ messages in thread
* [PATCH 5.4 193/367] x86/speculation: Mark all Skylake CPUs as vulnerable to GDS
2023-09-20 11:26 [PATCH 5.4 000/367] 5.4.257-rc1 review Greg Kroah-Hartman
` (191 preceding siblings ...)
2023-09-20 11:29 ` [PATCH 5.4 192/367] HID: multitouch: Correct devm device reference for hidinput input_dev name Greg Kroah-Hartman
@ 2023-09-20 11:29 ` Greg Kroah-Hartman
2023-09-20 11:29 ` [PATCH 5.4 194/367] tracing: Fix race issue between cpu buffer write and swap Greg Kroah-Hartman
` (179 subsequent siblings)
372 siblings, 0 replies; 396+ messages in thread
From: Greg Kroah-Hartman @ 2023-09-20 11:29 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Michael Zhivich, Dave Hansen,
Ingo Molnar, Daniel Sneddon, Linus Torvalds, Sasha Levin
5.4-stable review patch. If anyone has any objections, please let me know.
------------------
From: Dave Hansen <dave.hansen@linux.intel.com>
[ Upstream commit c9f4c45c8ec3f07f4f083f9750032a1ec3eab6b2 ]
The Gather Data Sampling (GDS) vulnerability is common to all Skylake
processors. However, the "client" Skylakes* are now in this list:
https://www.intel.com/content/www/us/en/support/articles/000022396/processors.html
which means they are no longer included for new vulnerabilities here:
https://www.intel.com/content/www/us/en/developer/topic-technology/software-security-guidance/processors-affected-consolidated-product-cpu-model.html
or in other GDS documentation. Thus, they were not included in the
original GDS mitigation patches.
Mark SKYLAKE and SKYLAKE_L as vulnerable to GDS to match all the
other Skylake CPUs (which include Kaby Lake). Also group the CPUs
so that the ones that share the exact same vulnerabilities are next
to each other.
Last, move SRBDS to the end of each line. This makes it clear at a
glance that SKYLAKE_X is unique. Of the five Skylakes, it is the
only "server" CPU and has a different implementation from the
clients of the "special register" hardware, making it immune to SRBDS.
This makes the diff much harder to read, but the resulting table is
worth it.
I very much appreciate the report from Michael Zhivich about this
issue. Despite what level of support a hardware vendor is providing,
the kernel very much needs an accurate and up-to-date list of
vulnerable CPUs. More reports like this are very welcome.
* Client Skylakes are CPUID 406E3/506E3 which is family 6, models
0x4E and 0x5E, aka INTEL_FAM6_SKYLAKE and INTEL_FAM6_SKYLAKE_L.
Reported-by: Michael Zhivich <mzhivich@akamai.com>
Fixes: 8974eb588283 ("x86/speculation: Add Gather Data Sampling mitigation")
Signed-off-by: Dave Hansen <dave.hansen@linux.intel.com>
Signed-off-by: Ingo Molnar <mingo@kernel.org>
Reviewed-by: Daniel Sneddon <daniel.sneddon@linux.intel.com>
Cc: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/x86/kernel/cpu/common.c | 8 ++++----
1 file changed, 4 insertions(+), 4 deletions(-)
diff --git a/arch/x86/kernel/cpu/common.c b/arch/x86/kernel/cpu/common.c
index 0c0c2cb038ad2..1592f309c3c1f 100644
--- a/arch/x86/kernel/cpu/common.c
+++ b/arch/x86/kernel/cpu/common.c
@@ -1147,11 +1147,11 @@ static const struct x86_cpu_id cpu_vuln_blacklist[] __initconst = {
VULNBL_INTEL_STEPPINGS(BROADWELL_G, X86_STEPPING_ANY, SRBDS),
VULNBL_INTEL_STEPPINGS(BROADWELL_X, X86_STEPPING_ANY, MMIO),
VULNBL_INTEL_STEPPINGS(BROADWELL, X86_STEPPING_ANY, SRBDS),
- VULNBL_INTEL_STEPPINGS(SKYLAKE_L, X86_STEPPING_ANY, SRBDS | MMIO | RETBLEED),
VULNBL_INTEL_STEPPINGS(SKYLAKE_X, X86_STEPPING_ANY, MMIO | RETBLEED | GDS),
- VULNBL_INTEL_STEPPINGS(SKYLAKE, X86_STEPPING_ANY, SRBDS | MMIO | RETBLEED),
- VULNBL_INTEL_STEPPINGS(KABYLAKE_L, X86_STEPPING_ANY, SRBDS | MMIO | RETBLEED | GDS),
- VULNBL_INTEL_STEPPINGS(KABYLAKE, X86_STEPPING_ANY, SRBDS | MMIO | RETBLEED | GDS),
+ VULNBL_INTEL_STEPPINGS(SKYLAKE_L, X86_STEPPING_ANY, MMIO | RETBLEED | GDS | SRBDS),
+ VULNBL_INTEL_STEPPINGS(SKYLAKE, X86_STEPPING_ANY, MMIO | RETBLEED | GDS | SRBDS),
+ VULNBL_INTEL_STEPPINGS(KABYLAKE_L, X86_STEPPING_ANY, MMIO | RETBLEED | GDS | SRBDS),
+ VULNBL_INTEL_STEPPINGS(KABYLAKE, X86_STEPPING_ANY, MMIO | RETBLEED | GDS | SRBDS),
VULNBL_INTEL_STEPPINGS(CANNONLAKE_L, X86_STEPPING_ANY, RETBLEED),
VULNBL_INTEL_STEPPINGS(ICELAKE_L, X86_STEPPING_ANY, MMIO | MMIO_SBDS | RETBLEED | GDS),
VULNBL_INTEL_STEPPINGS(ICELAKE_D, X86_STEPPING_ANY, MMIO | GDS),
--
2.40.1
^ permalink raw reply related [flat|nested] 396+ messages in thread
* [PATCH 5.4 194/367] tracing: Fix race issue between cpu buffer write and swap
2023-09-20 11:26 [PATCH 5.4 000/367] 5.4.257-rc1 review Greg Kroah-Hartman
` (192 preceding siblings ...)
2023-09-20 11:29 ` [PATCH 5.4 193/367] x86/speculation: Mark all Skylake CPUs as vulnerable to GDS Greg Kroah-Hartman
@ 2023-09-20 11:29 ` Greg Kroah-Hartman
2023-09-20 11:29 ` [PATCH 5.4 195/367] phy/rockchip: inno-hdmi: use correct vco_div_5 macro on rk3328 Greg Kroah-Hartman
` (178 subsequent siblings)
372 siblings, 0 replies; 396+ messages in thread
From: Greg Kroah-Hartman @ 2023-09-20 11:29 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, mhiramat, Zheng Yejian,
Steven Rostedt (Google),
Sasha Levin
5.4-stable review patch. If anyone has any objections, please let me know.
------------------
From: Zheng Yejian <zhengyejian1@huawei.com>
[ Upstream commit 3163f635b20e9e1fb4659e74f47918c9dddfe64e ]
Warning happened in rb_end_commit() at code:
if (RB_WARN_ON(cpu_buffer, !local_read(&cpu_buffer->committing)))
WARNING: CPU: 0 PID: 139 at kernel/trace/ring_buffer.c:3142
rb_commit+0x402/0x4a0
Call Trace:
ring_buffer_unlock_commit+0x42/0x250
trace_buffer_unlock_commit_regs+0x3b/0x250
trace_event_buffer_commit+0xe5/0x440
trace_event_buffer_reserve+0x11c/0x150
trace_event_raw_event_sched_switch+0x23c/0x2c0
__traceiter_sched_switch+0x59/0x80
__schedule+0x72b/0x1580
schedule+0x92/0x120
worker_thread+0xa0/0x6f0
It is because the race between writing event into cpu buffer and swapping
cpu buffer through file per_cpu/cpu0/snapshot:
Write on CPU 0 Swap buffer by per_cpu/cpu0/snapshot on CPU 1
-------- --------
tracing_snapshot_write()
[...]
ring_buffer_lock_reserve()
cpu_buffer = buffer->buffers[cpu]; // 1. Suppose find 'cpu_buffer_a';
[...]
rb_reserve_next_event()
[...]
ring_buffer_swap_cpu()
if (local_read(&cpu_buffer_a->committing))
goto out_dec;
if (local_read(&cpu_buffer_b->committing))
goto out_dec;
buffer_a->buffers[cpu] = cpu_buffer_b;
buffer_b->buffers[cpu] = cpu_buffer_a;
// 2. cpu_buffer has swapped here.
rb_start_commit(cpu_buffer);
if (unlikely(READ_ONCE(cpu_buffer->buffer)
!= buffer)) { // 3. This check passed due to 'cpu_buffer->buffer'
[...] // has not changed here.
return NULL;
}
cpu_buffer_b->buffer = buffer_a;
cpu_buffer_a->buffer = buffer_b;
[...]
// 4. Reserve event from 'cpu_buffer_a'.
ring_buffer_unlock_commit()
[...]
cpu_buffer = buffer->buffers[cpu]; // 5. Now find 'cpu_buffer_b' !!!
rb_commit(cpu_buffer)
rb_end_commit() // 6. WARN for the wrong 'committing' state !!!
Based on above analysis, we can easily reproduce by following testcase:
``` bash
#!/bin/bash
dmesg -n 7
sysctl -w kernel.panic_on_warn=1
TR=/sys/kernel/tracing
echo 7 > ${TR}/buffer_size_kb
echo "sched:sched_switch" > ${TR}/set_event
while [ true ]; do
echo 1 > ${TR}/per_cpu/cpu0/snapshot
done &
while [ true ]; do
echo 1 > ${TR}/per_cpu/cpu0/snapshot
done &
while [ true ]; do
echo 1 > ${TR}/per_cpu/cpu0/snapshot
done &
```
To fix it, IIUC, we can use smp_call_function_single() to do the swap on
the target cpu where the buffer is located, so that above race would be
avoided.
Link: https://lore.kernel.org/linux-trace-kernel/20230831132739.4070878-1-zhengyejian1@huawei.com
Cc: <mhiramat@kernel.org>
Fixes: f1affcaaa861 ("tracing: Add snapshot in the per_cpu trace directories")
Signed-off-by: Zheng Yejian <zhengyejian1@huawei.com>
Signed-off-by: Steven Rostedt (Google) <rostedt@goodmis.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
kernel/trace/trace.c | 17 ++++++++++++-----
1 file changed, 12 insertions(+), 5 deletions(-)
diff --git a/kernel/trace/trace.c b/kernel/trace/trace.c
index ad0ee4de92485..dd64ce26d48dd 100644
--- a/kernel/trace/trace.c
+++ b/kernel/trace/trace.c
@@ -6791,6 +6791,11 @@ static int tracing_snapshot_open(struct inode *inode, struct file *file)
return ret;
}
+static void tracing_swap_cpu_buffer(void *tr)
+{
+ update_max_tr_single((struct trace_array *)tr, current, smp_processor_id());
+}
+
static ssize_t
tracing_snapshot_write(struct file *filp, const char __user *ubuf, size_t cnt,
loff_t *ppos)
@@ -6849,13 +6854,15 @@ tracing_snapshot_write(struct file *filp, const char __user *ubuf, size_t cnt,
ret = tracing_alloc_snapshot_instance(tr);
if (ret < 0)
break;
- local_irq_disable();
/* Now, we're going to swap */
- if (iter->cpu_file == RING_BUFFER_ALL_CPUS)
+ if (iter->cpu_file == RING_BUFFER_ALL_CPUS) {
+ local_irq_disable();
update_max_tr(tr, current, smp_processor_id(), NULL);
- else
- update_max_tr_single(tr, current, iter->cpu_file);
- local_irq_enable();
+ local_irq_enable();
+ } else {
+ smp_call_function_single(iter->cpu_file, tracing_swap_cpu_buffer,
+ (void *)tr, 1);
+ }
break;
default:
if (tr->allocated_snapshot) {
--
2.40.1
^ permalink raw reply related [flat|nested] 396+ messages in thread
* [PATCH 5.4 195/367] phy/rockchip: inno-hdmi: use correct vco_div_5 macro on rk3328
2023-09-20 11:26 [PATCH 5.4 000/367] 5.4.257-rc1 review Greg Kroah-Hartman
` (193 preceding siblings ...)
2023-09-20 11:29 ` [PATCH 5.4 194/367] tracing: Fix race issue between cpu buffer write and swap Greg Kroah-Hartman
@ 2023-09-20 11:29 ` Greg Kroah-Hartman
2023-09-20 11:29 ` [PATCH 5.4 196/367] phy/rockchip: inno-hdmi: round fractal pixclock in rk3328 recalc_rate Greg Kroah-Hartman
` (177 subsequent siblings)
372 siblings, 0 replies; 396+ messages in thread
From: Greg Kroah-Hartman @ 2023-09-20 11:29 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Jonas Karlman, Vinod Koul, Sasha Levin
5.4-stable review patch. If anyone has any objections, please let me know.
------------------
From: Jonas Karlman <jonas@kwiboo.se>
[ Upstream commit 644c06dfbd0da713f772abf0a8f8581ac78e6264 ]
inno_hdmi_phy_rk3328_clk_set_rate() is using the RK3228 macro
when configuring vco_div_5 on RK3328.
Fix this by using correct vco_div_5 macro for RK3328.
Fixes: 53706a116863 ("phy: add Rockchip Innosilicon hdmi phy")
Signed-off-by: Jonas Karlman <jonas@kwiboo.se>
Link: https://lore.kernel.org/r/20230615171005.2251032-2-jonas@kwiboo.se
Signed-off-by: Vinod Koul <vkoul@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/phy/rockchip/phy-rockchip-inno-hdmi.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/drivers/phy/rockchip/phy-rockchip-inno-hdmi.c b/drivers/phy/rockchip/phy-rockchip-inno-hdmi.c
index 9ca20c947283d..b0ac1d3ee3905 100644
--- a/drivers/phy/rockchip/phy-rockchip-inno-hdmi.c
+++ b/drivers/phy/rockchip/phy-rockchip-inno-hdmi.c
@@ -790,8 +790,8 @@ static int inno_hdmi_phy_rk3328_clk_set_rate(struct clk_hw *hw,
RK3328_PRE_PLL_POWER_DOWN);
/* Configure pre-pll */
- inno_update_bits(inno, 0xa0, RK3228_PCLK_VCO_DIV_5_MASK,
- RK3228_PCLK_VCO_DIV_5(cfg->vco_div_5_en));
+ inno_update_bits(inno, 0xa0, RK3328_PCLK_VCO_DIV_5_MASK,
+ RK3328_PCLK_VCO_DIV_5(cfg->vco_div_5_en));
inno_write(inno, 0xa1, RK3328_PRE_PLL_PRE_DIV(cfg->prediv));
val = RK3328_SPREAD_SPECTRUM_MOD_DISABLE;
--
2.40.1
^ permalink raw reply related [flat|nested] 396+ messages in thread
* [PATCH 5.4 196/367] phy/rockchip: inno-hdmi: round fractal pixclock in rk3328 recalc_rate
2023-09-20 11:26 [PATCH 5.4 000/367] 5.4.257-rc1 review Greg Kroah-Hartman
` (194 preceding siblings ...)
2023-09-20 11:29 ` [PATCH 5.4 195/367] phy/rockchip: inno-hdmi: use correct vco_div_5 macro on rk3328 Greg Kroah-Hartman
@ 2023-09-20 11:29 ` Greg Kroah-Hartman
2023-09-20 11:29 ` [PATCH 5.4 197/367] phy/rockchip: inno-hdmi: do not power on rk3328 post pll on reg write Greg Kroah-Hartman
` (176 subsequent siblings)
372 siblings, 0 replies; 396+ messages in thread
From: Greg Kroah-Hartman @ 2023-09-20 11:29 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Zheng Yang, Jonas Karlman,
Vinod Koul, Sasha Levin
5.4-stable review patch. If anyone has any objections, please let me know.
------------------
From: Zheng Yang <zhengyang@rock-chips.com>
[ Upstream commit d5ef343c1d62bc4c4c2c393af654a41cb34b449f ]
inno_hdmi_phy_rk3328_clk_recalc_rate() is returning a rate not found
in the pre pll config table when the fractal divider is used.
This can prevent proper power_on because a tmdsclock for the new rate
is not found in the pre pll config table.
Fix this by saving and returning a rounded pixel rate that exist
in the pre pll config table.
Fixes: 53706a116863 ("phy: add Rockchip Innosilicon hdmi phy")
Signed-off-by: Zheng Yang <zhengyang@rock-chips.com>
Signed-off-by: Jonas Karlman <jonas@kwiboo.se>
Link: https://lore.kernel.org/r/20230615171005.2251032-3-jonas@kwiboo.se
Signed-off-by: Vinod Koul <vkoul@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/phy/rockchip/phy-rockchip-inno-hdmi.c | 8 +++++---
1 file changed, 5 insertions(+), 3 deletions(-)
diff --git a/drivers/phy/rockchip/phy-rockchip-inno-hdmi.c b/drivers/phy/rockchip/phy-rockchip-inno-hdmi.c
index b0ac1d3ee3905..093d2334e8cdc 100644
--- a/drivers/phy/rockchip/phy-rockchip-inno-hdmi.c
+++ b/drivers/phy/rockchip/phy-rockchip-inno-hdmi.c
@@ -745,10 +745,12 @@ unsigned long inno_hdmi_phy_rk3328_clk_recalc_rate(struct clk_hw *hw,
do_div(vco, (nd * (no_a == 1 ? no_b : no_a) * no_d * 2));
}
- inno->pixclock = vco;
- dev_dbg(inno->dev, "%s rate %lu\n", __func__, inno->pixclock);
+ inno->pixclock = DIV_ROUND_CLOSEST((unsigned long)vco, 1000) * 1000;
- return vco;
+ dev_dbg(inno->dev, "%s rate %lu vco %llu\n",
+ __func__, inno->pixclock, vco);
+
+ return inno->pixclock;
}
static long inno_hdmi_phy_rk3328_clk_round_rate(struct clk_hw *hw,
--
2.40.1
^ permalink raw reply related [flat|nested] 396+ messages in thread
* [PATCH 5.4 197/367] phy/rockchip: inno-hdmi: do not power on rk3328 post pll on reg write
2023-09-20 11:26 [PATCH 5.4 000/367] 5.4.257-rc1 review Greg Kroah-Hartman
` (195 preceding siblings ...)
2023-09-20 11:29 ` [PATCH 5.4 196/367] phy/rockchip: inno-hdmi: round fractal pixclock in rk3328 recalc_rate Greg Kroah-Hartman
@ 2023-09-20 11:29 ` Greg Kroah-Hartman
2023-09-20 11:29 ` [PATCH 5.4 198/367] rpmsg: glink: Add check for kstrdup Greg Kroah-Hartman
` (175 subsequent siblings)
372 siblings, 0 replies; 396+ messages in thread
From: Greg Kroah-Hartman @ 2023-09-20 11:29 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Jonas Karlman, Vinod Koul, Sasha Levin
5.4-stable review patch. If anyone has any objections, please let me know.
------------------
From: Jonas Karlman <jonas@kwiboo.se>
[ Upstream commit 19a1d46bd699940a496d3b0d4e142ef99834988c ]
inno_write is used to configure 0xaa reg, that also hold the
POST_PLL_POWER_DOWN bit.
When POST_PLL_REFCLK_SEL_TMDS is configured the power down bit is not
taken into consideration.
Fix this by keeping the power down bit until configuration is complete.
Also reorder the reg write order for consistency.
Fixes: 53706a116863 ("phy: add Rockchip Innosilicon hdmi phy")
Signed-off-by: Jonas Karlman <jonas@kwiboo.se>
Link: https://lore.kernel.org/r/20230615171005.2251032-5-jonas@kwiboo.se
Signed-off-by: Vinod Koul <vkoul@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/phy/rockchip/phy-rockchip-inno-hdmi.c | 6 ++++--
1 file changed, 4 insertions(+), 2 deletions(-)
diff --git a/drivers/phy/rockchip/phy-rockchip-inno-hdmi.c b/drivers/phy/rockchip/phy-rockchip-inno-hdmi.c
index 093d2334e8cdc..2b0f5f2b4f339 100644
--- a/drivers/phy/rockchip/phy-rockchip-inno-hdmi.c
+++ b/drivers/phy/rockchip/phy-rockchip-inno-hdmi.c
@@ -1023,9 +1023,10 @@ inno_hdmi_phy_rk3328_power_on(struct inno_hdmi_phy *inno,
inno_write(inno, 0xac, RK3328_POST_PLL_FB_DIV_7_0(cfg->fbdiv));
if (cfg->postdiv == 1) {
- inno_write(inno, 0xaa, RK3328_POST_PLL_REFCLK_SEL_TMDS);
inno_write(inno, 0xab, RK3328_POST_PLL_FB_DIV_8(cfg->fbdiv) |
RK3328_POST_PLL_PRE_DIV(cfg->prediv));
+ inno_write(inno, 0xaa, RK3328_POST_PLL_REFCLK_SEL_TMDS |
+ RK3328_POST_PLL_POWER_DOWN);
} else {
v = (cfg->postdiv / 2) - 1;
v &= RK3328_POST_PLL_POST_DIV_MASK;
@@ -1033,7 +1034,8 @@ inno_hdmi_phy_rk3328_power_on(struct inno_hdmi_phy *inno,
inno_write(inno, 0xab, RK3328_POST_PLL_FB_DIV_8(cfg->fbdiv) |
RK3328_POST_PLL_PRE_DIV(cfg->prediv));
inno_write(inno, 0xaa, RK3328_POST_PLL_POST_DIV_ENABLE |
- RK3328_POST_PLL_REFCLK_SEL_TMDS);
+ RK3328_POST_PLL_REFCLK_SEL_TMDS |
+ RK3328_POST_PLL_POWER_DOWN);
}
for (v = 0; v < 14; v++)
--
2.40.1
^ permalink raw reply related [flat|nested] 396+ messages in thread
* [PATCH 5.4 198/367] rpmsg: glink: Add check for kstrdup
2023-09-20 11:26 [PATCH 5.4 000/367] 5.4.257-rc1 review Greg Kroah-Hartman
` (196 preceding siblings ...)
2023-09-20 11:29 ` [PATCH 5.4 197/367] phy/rockchip: inno-hdmi: do not power on rk3328 post pll on reg write Greg Kroah-Hartman
@ 2023-09-20 11:29 ` Greg Kroah-Hartman
2023-09-20 11:29 ` [PATCH 5.4 199/367] mtd: rawnand: fsmc: handle clk prepare error in fsmc_nand_resume() Greg Kroah-Hartman
` (174 subsequent siblings)
372 siblings, 0 replies; 396+ messages in thread
From: Greg Kroah-Hartman @ 2023-09-20 11:29 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Jiasheng Jiang, Bjorn Andersson,
Sasha Levin
5.4-stable review patch. If anyone has any objections, please let me know.
------------------
From: Jiasheng Jiang <jiasheng@iscas.ac.cn>
[ Upstream commit b5c9ee8296a3760760c7b5d2e305f91412adc795 ]
Add check for the return value of kstrdup() and return the error
if it fails in order to avoid NULL pointer dereference.
Fixes: b4f8e52b89f6 ("rpmsg: Introduce Qualcomm RPM glink driver")
Signed-off-by: Jiasheng Jiang <jiasheng@iscas.ac.cn>
Link: https://lore.kernel.org/r/20230619030631.12361-1-jiasheng@iscas.ac.cn
Signed-off-by: Bjorn Andersson <andersson@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/rpmsg/qcom_glink_native.c | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/drivers/rpmsg/qcom_glink_native.c b/drivers/rpmsg/qcom_glink_native.c
index 11ba44dc551e4..f65db95e78aa4 100644
--- a/drivers/rpmsg/qcom_glink_native.c
+++ b/drivers/rpmsg/qcom_glink_native.c
@@ -222,6 +222,10 @@ static struct glink_channel *qcom_glink_alloc_channel(struct qcom_glink *glink,
channel->glink = glink;
channel->name = kstrdup(name, GFP_KERNEL);
+ if (!channel->name) {
+ kfree(channel);
+ return ERR_PTR(-ENOMEM);
+ }
init_completion(&channel->open_req);
init_completion(&channel->open_ack);
--
2.40.1
^ permalink raw reply related [flat|nested] 396+ messages in thread
* [PATCH 5.4 199/367] mtd: rawnand: fsmc: handle clk prepare error in fsmc_nand_resume()
2023-09-20 11:26 [PATCH 5.4 000/367] 5.4.257-rc1 review Greg Kroah-Hartman
` (197 preceding siblings ...)
2023-09-20 11:29 ` [PATCH 5.4 198/367] rpmsg: glink: Add check for kstrdup Greg Kroah-Hartman
@ 2023-09-20 11:29 ` Greg Kroah-Hartman
2023-09-20 11:29 ` Greg Kroah-Hartman
` (173 subsequent siblings)
372 siblings, 0 replies; 396+ messages in thread
From: Greg Kroah-Hartman @ 2023-09-20 11:29 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Yi Yang, Miquel Raynal, Sasha Levin
5.4-stable review patch. If anyone has any objections, please let me know.
------------------
From: Yi Yang <yiyang13@huawei.com>
[ Upstream commit a5a88125d00612586e941ae13e7fcf36ba8f18a7 ]
In fsmc_nand_resume(), the return value of clk_prepare_enable() should be
checked since it might fail.
Fixes: e25da1c07dfb ("mtd: fsmc_nand: Add clk_{un}prepare() support")
Signed-off-by: Yi Yang <yiyang13@huawei.com>
Signed-off-by: Miquel Raynal <miquel.raynal@bootlin.com>
Link: https://lore.kernel.org/linux-mtd/20230817115839.10192-1-yiyang13@huawei.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/mtd/nand/raw/fsmc_nand.c | 7 ++++++-
1 file changed, 6 insertions(+), 1 deletion(-)
diff --git a/drivers/mtd/nand/raw/fsmc_nand.c b/drivers/mtd/nand/raw/fsmc_nand.c
index cc8369a595de3..bccadf8f27fa4 100644
--- a/drivers/mtd/nand/raw/fsmc_nand.c
+++ b/drivers/mtd/nand/raw/fsmc_nand.c
@@ -1181,9 +1181,14 @@ static int fsmc_nand_suspend(struct device *dev)
static int fsmc_nand_resume(struct device *dev)
{
struct fsmc_nand_data *host = dev_get_drvdata(dev);
+ int ret;
if (host) {
- clk_prepare_enable(host->clk);
+ ret = clk_prepare_enable(host->clk);
+ if (ret) {
+ dev_err(dev, "failed to enable clk\n");
+ return ret;
+ }
if (host->dev_timings)
fsmc_nand_setup(host, host->dev_timings);
nand_reset(&host->nand, 0);
--
2.40.1
^ permalink raw reply related [flat|nested] 396+ messages in thread
* [PATCH 5.4 200/367] um: Fix hostaudio build errors
2023-09-20 11:26 [PATCH 5.4 000/367] 5.4.257-rc1 review Greg Kroah-Hartman
@ 2023-09-20 11:29 ` Greg Kroah-Hartman
2023-09-20 11:26 ` [PATCH 5.4 002/367] ARM: pxa: remove use of symbol_get() Greg Kroah-Hartman
` (371 subsequent siblings)
372 siblings, 0 replies; 396+ messages in thread
From: Greg Kroah-Hartman @ 2023-09-20 11:29 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Randy Dunlap, kernel test robot,
Richard Weinberger, Anton Ivanov, Johannes Berg, linux-um,
Tejun Heo, Takashi Iwai, Jaroslav Kysela, Masahiro Yamada,
Nathan Chancellor, Nick Desaulniers, Nicolas Schier,
linux-kbuild, alsa-devel, Sasha Levin
5.4-stable review patch. If anyone has any objections, please let me know.
------------------
From: Randy Dunlap <rdunlap@infradead.org>
[ Upstream commit db4bfcba7bb8d10f00bba2a3da6b9a9c2a1d7b71 ]
Use "select" to ensure that the required kconfig symbols are set
as expected.
Drop HOSTAUDIO since it is now equivalent to UML_SOUND.
Set CONFIG_SOUND=m in ARCH=um defconfig files to maintain the
status quo of the default configs.
Allow SOUND with UML regardless of HAS_IOMEM. Otherwise there is a
kconfig warning for unmet dependencies. (This was not an issue when
SOUND was defined in arch/um/drivers/Kconfig. I have done 50 randconfig
builds and didn't find any issues.)
This fixes build errors when CONFIG_SOUND is not set:
ld: arch/um/drivers/hostaudio_kern.o: in function `hostaudio_cleanup_module':
hostaudio_kern.c:(.exit.text+0xa): undefined reference to `unregister_sound_mixer'
ld: hostaudio_kern.c:(.exit.text+0x15): undefined reference to `unregister_sound_dsp'
ld: arch/um/drivers/hostaudio_kern.o: in function `hostaudio_init_module':
hostaudio_kern.c:(.init.text+0x19): undefined reference to `register_sound_dsp'
ld: hostaudio_kern.c:(.init.text+0x31): undefined reference to `register_sound_mixer'
ld: hostaudio_kern.c:(.init.text+0x49): undefined reference to `unregister_sound_dsp'
and this kconfig warning:
WARNING: unmet direct dependencies detected for SOUND
Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2")
Fixes: d886e87cb82b ("sound: make OSS sound core optional")
Signed-off-by: Randy Dunlap <rdunlap@infradead.org>
Reported-by: kernel test robot <lkp@intel.com>
Closes: lore.kernel.org/r/202307141416.vxuRVpFv-lkp@intel.com
Cc: Richard Weinberger <richard@nod.at>
Cc: Anton Ivanov <anton.ivanov@cambridgegreys.com>
Cc: Johannes Berg <johannes@sipsolutions.net>
Cc: linux-um@lists.infradead.org
Cc: Tejun Heo <tj@kernel.org>
Cc: Takashi Iwai <tiwai@suse.de>
Cc: Jaroslav Kysela <perex@perex.cz>
Cc: Masahiro Yamada <masahiroy@kernel.org>
Cc: Nathan Chancellor <nathan@kernel.org>
Cc: Nick Desaulniers <ndesaulniers@google.com>
Cc: Nicolas Schier <nicolas@fjasle.eu>
Cc: linux-kbuild@vger.kernel.org
Cc: alsa-devel@alsa-project.org
Reviewed-by: Masahiro Yamada <masahiroy@kernel.org>
Signed-off-by: Richard Weinberger <richard@nod.at>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/um/configs/i386_defconfig | 1 +
arch/um/configs/x86_64_defconfig | 1 +
arch/um/drivers/Kconfig | 16 +++-------------
arch/um/drivers/Makefile | 2 +-
sound/Kconfig | 2 +-
5 files changed, 7 insertions(+), 15 deletions(-)
diff --git a/arch/um/configs/i386_defconfig b/arch/um/configs/i386_defconfig
index 73e98bb57bf51..4229ac9165e83 100644
--- a/arch/um/configs/i386_defconfig
+++ b/arch/um/configs/i386_defconfig
@@ -35,6 +35,7 @@ CONFIG_TTY_CHAN=y
CONFIG_XTERM_CHAN=y
CONFIG_CON_CHAN="pts"
CONFIG_SSL_CHAN="pts"
+CONFIG_SOUND=m
CONFIG_UML_SOUND=m
CONFIG_DEVTMPFS=y
CONFIG_DEVTMPFS_MOUNT=y
diff --git a/arch/um/configs/x86_64_defconfig b/arch/um/configs/x86_64_defconfig
index 3281d7600225b..f6993a0067272 100644
--- a/arch/um/configs/x86_64_defconfig
+++ b/arch/um/configs/x86_64_defconfig
@@ -33,6 +33,7 @@ CONFIG_TTY_CHAN=y
CONFIG_XTERM_CHAN=y
CONFIG_CON_CHAN="pts"
CONFIG_SSL_CHAN="pts"
+CONFIG_SOUND=m
CONFIG_UML_SOUND=m
CONFIG_DEVTMPFS=y
CONFIG_DEVTMPFS_MOUNT=y
diff --git a/arch/um/drivers/Kconfig b/arch/um/drivers/Kconfig
index 388096fb45a25..12f54a4a3747d 100644
--- a/arch/um/drivers/Kconfig
+++ b/arch/um/drivers/Kconfig
@@ -104,24 +104,14 @@ config SSL_CHAN
config UML_SOUND
tristate "Sound support"
+ depends on SOUND
+ select SOUND_OSS_CORE
help
This option enables UML sound support. If enabled, it will pull in
- soundcore and the UML hostaudio relay, which acts as a intermediary
+ the UML hostaudio relay, which acts as a intermediary
between the host's dsp and mixer devices and the UML sound system.
It is safe to say 'Y' here.
-config SOUND
- tristate
- default UML_SOUND
-
-config SOUND_OSS_CORE
- bool
- default UML_SOUND
-
-config HOSTAUDIO
- tristate
- default UML_SOUND
-
endmenu
menu "UML Network Devices"
diff --git a/arch/um/drivers/Makefile b/arch/um/drivers/Makefile
index a290821e355c2..4d7fb606a5f04 100644
--- a/arch/um/drivers/Makefile
+++ b/arch/um/drivers/Makefile
@@ -52,7 +52,7 @@ obj-$(CONFIG_UML_NET) += net.o
obj-$(CONFIG_MCONSOLE) += mconsole.o
obj-$(CONFIG_MMAPPER) += mmapper_kern.o
obj-$(CONFIG_BLK_DEV_UBD) += ubd.o
-obj-$(CONFIG_HOSTAUDIO) += hostaudio.o
+obj-$(CONFIG_UML_SOUND) += hostaudio.o
obj-$(CONFIG_NULL_CHAN) += null.o
obj-$(CONFIG_PORT_CHAN) += port.o
obj-$(CONFIG_PTY_CHAN) += pty.o
diff --git a/sound/Kconfig b/sound/Kconfig
index 36785410fbe15..aaf2022ffc57d 100644
--- a/sound/Kconfig
+++ b/sound/Kconfig
@@ -1,7 +1,7 @@
# SPDX-License-Identifier: GPL-2.0-only
menuconfig SOUND
tristate "Sound card support"
- depends on HAS_IOMEM
+ depends on HAS_IOMEM || UML
help
If you have a sound card in your computer, i.e. if it can say more
than an occasional beep, say Y.
--
2.40.1
^ permalink raw reply related [flat|nested] 396+ messages in thread
* [PATCH 5.4 200/367] um: Fix hostaudio build errors
@ 2023-09-20 11:29 ` Greg Kroah-Hartman
0 siblings, 0 replies; 396+ messages in thread
From: Greg Kroah-Hartman @ 2023-09-20 11:29 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Randy Dunlap, kernel test robot,
Richard Weinberger, Anton Ivanov, Johannes Berg, linux-um,
Tejun Heo, Takashi Iwai, Jaroslav Kysela, Masahiro Yamada,
Nathan Chancellor, Nick Desaulniers, Nicolas Schier,
linux-kbuild, alsa-devel, Sasha Levin
5.4-stable review patch. If anyone has any objections, please let me know.
------------------
From: Randy Dunlap <rdunlap@infradead.org>
[ Upstream commit db4bfcba7bb8d10f00bba2a3da6b9a9c2a1d7b71 ]
Use "select" to ensure that the required kconfig symbols are set
as expected.
Drop HOSTAUDIO since it is now equivalent to UML_SOUND.
Set CONFIG_SOUND=m in ARCH=um defconfig files to maintain the
status quo of the default configs.
Allow SOUND with UML regardless of HAS_IOMEM. Otherwise there is a
kconfig warning for unmet dependencies. (This was not an issue when
SOUND was defined in arch/um/drivers/Kconfig. I have done 50 randconfig
builds and didn't find any issues.)
This fixes build errors when CONFIG_SOUND is not set:
ld: arch/um/drivers/hostaudio_kern.o: in function `hostaudio_cleanup_module':
hostaudio_kern.c:(.exit.text+0xa): undefined reference to `unregister_sound_mixer'
ld: hostaudio_kern.c:(.exit.text+0x15): undefined reference to `unregister_sound_dsp'
ld: arch/um/drivers/hostaudio_kern.o: in function `hostaudio_init_module':
hostaudio_kern.c:(.init.text+0x19): undefined reference to `register_sound_dsp'
ld: hostaudio_kern.c:(.init.text+0x31): undefined reference to `register_sound_mixer'
ld: hostaudio_kern.c:(.init.text+0x49): undefined reference to `unregister_sound_dsp'
and this kconfig warning:
WARNING: unmet direct dependencies detected for SOUND
Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2")
Fixes: d886e87cb82b ("sound: make OSS sound core optional")
Signed-off-by: Randy Dunlap <rdunlap@infradead.org>
Reported-by: kernel test robot <lkp@intel.com>
Closes: lore.kernel.org/r/202307141416.vxuRVpFv-lkp@intel.com
Cc: Richard Weinberger <richard@nod.at>
Cc: Anton Ivanov <anton.ivanov@cambridgegreys.com>
Cc: Johannes Berg <johannes@sipsolutions.net>
Cc: linux-um@lists.infradead.org
Cc: Tejun Heo <tj@kernel.org>
Cc: Takashi Iwai <tiwai@suse.de>
Cc: Jaroslav Kysela <perex@perex.cz>
Cc: Masahiro Yamada <masahiroy@kernel.org>
Cc: Nathan Chancellor <nathan@kernel.org>
Cc: Nick Desaulniers <ndesaulniers@google.com>
Cc: Nicolas Schier <nicolas@fjasle.eu>
Cc: linux-kbuild@vger.kernel.org
Cc: alsa-devel@alsa-project.org
Reviewed-by: Masahiro Yamada <masahiroy@kernel.org>
Signed-off-by: Richard Weinberger <richard@nod.at>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/um/configs/i386_defconfig | 1 +
arch/um/configs/x86_64_defconfig | 1 +
arch/um/drivers/Kconfig | 16 +++-------------
arch/um/drivers/Makefile | 2 +-
sound/Kconfig | 2 +-
5 files changed, 7 insertions(+), 15 deletions(-)
diff --git a/arch/um/configs/i386_defconfig b/arch/um/configs/i386_defconfig
index 73e98bb57bf51..4229ac9165e83 100644
--- a/arch/um/configs/i386_defconfig
+++ b/arch/um/configs/i386_defconfig
@@ -35,6 +35,7 @@ CONFIG_TTY_CHAN=y
CONFIG_XTERM_CHAN=y
CONFIG_CON_CHAN="pts"
CONFIG_SSL_CHAN="pts"
+CONFIG_SOUND=m
CONFIG_UML_SOUND=m
CONFIG_DEVTMPFS=y
CONFIG_DEVTMPFS_MOUNT=y
diff --git a/arch/um/configs/x86_64_defconfig b/arch/um/configs/x86_64_defconfig
index 3281d7600225b..f6993a0067272 100644
--- a/arch/um/configs/x86_64_defconfig
+++ b/arch/um/configs/x86_64_defconfig
@@ -33,6 +33,7 @@ CONFIG_TTY_CHAN=y
CONFIG_XTERM_CHAN=y
CONFIG_CON_CHAN="pts"
CONFIG_SSL_CHAN="pts"
+CONFIG_SOUND=m
CONFIG_UML_SOUND=m
CONFIG_DEVTMPFS=y
CONFIG_DEVTMPFS_MOUNT=y
diff --git a/arch/um/drivers/Kconfig b/arch/um/drivers/Kconfig
index 388096fb45a25..12f54a4a3747d 100644
--- a/arch/um/drivers/Kconfig
+++ b/arch/um/drivers/Kconfig
@@ -104,24 +104,14 @@ config SSL_CHAN
config UML_SOUND
tristate "Sound support"
+ depends on SOUND
+ select SOUND_OSS_CORE
help
This option enables UML sound support. If enabled, it will pull in
- soundcore and the UML hostaudio relay, which acts as a intermediary
+ the UML hostaudio relay, which acts as a intermediary
between the host's dsp and mixer devices and the UML sound system.
It is safe to say 'Y' here.
-config SOUND
- tristate
- default UML_SOUND
-
-config SOUND_OSS_CORE
- bool
- default UML_SOUND
-
-config HOSTAUDIO
- tristate
- default UML_SOUND
-
endmenu
menu "UML Network Devices"
diff --git a/arch/um/drivers/Makefile b/arch/um/drivers/Makefile
index a290821e355c2..4d7fb606a5f04 100644
--- a/arch/um/drivers/Makefile
+++ b/arch/um/drivers/Makefile
@@ -52,7 +52,7 @@ obj-$(CONFIG_UML_NET) += net.o
obj-$(CONFIG_MCONSOLE) += mconsole.o
obj-$(CONFIG_MMAPPER) += mmapper_kern.o
obj-$(CONFIG_BLK_DEV_UBD) += ubd.o
-obj-$(CONFIG_HOSTAUDIO) += hostaudio.o
+obj-$(CONFIG_UML_SOUND) += hostaudio.o
obj-$(CONFIG_NULL_CHAN) += null.o
obj-$(CONFIG_PORT_CHAN) += port.o
obj-$(CONFIG_PTY_CHAN) += pty.o
diff --git a/sound/Kconfig b/sound/Kconfig
index 36785410fbe15..aaf2022ffc57d 100644
--- a/sound/Kconfig
+++ b/sound/Kconfig
@@ -1,7 +1,7 @@
# SPDX-License-Identifier: GPL-2.0-only
menuconfig SOUND
tristate "Sound card support"
- depends on HAS_IOMEM
+ depends on HAS_IOMEM || UML
help
If you have a sound card in your computer, i.e. if it can say more
than an occasional beep, say Y.
--
2.40.1
_______________________________________________
linux-um mailing list
linux-um@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/linux-um
^ permalink raw reply related [flat|nested] 396+ messages in thread
* [PATCH 5.4 201/367] dmaengine: ste_dma40: Add missing IRQ check in d40_probe
2023-09-20 11:26 [PATCH 5.4 000/367] 5.4.257-rc1 review Greg Kroah-Hartman
` (199 preceding siblings ...)
2023-09-20 11:29 ` Greg Kroah-Hartman
@ 2023-09-20 11:29 ` Greg Kroah-Hartman
2023-09-20 11:29 ` [PATCH 5.4 202/367] cpufreq: Fix the race condition while updating the transition_task of policy Greg Kroah-Hartman
` (171 subsequent siblings)
372 siblings, 0 replies; 396+ messages in thread
From: Greg Kroah-Hartman @ 2023-09-20 11:29 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Ruan Jinjie, Linus Walleij,
Vinod Koul, Sasha Levin
5.4-stable review patch. If anyone has any objections, please let me know.
------------------
From: ruanjinjie <ruanjinjie@huawei.com>
[ Upstream commit c05ce6907b3d6e148b70f0bb5eafd61dcef1ddc1 ]
Check for the return value of platform_get_irq(): if no interrupt
is specified, it wouldn't make sense to call request_irq().
Fixes: 8d318a50b3d7 ("DMAENGINE: Support for ST-Ericssons DMA40 block v3")
Signed-off-by: Ruan Jinjie <ruanjinjie@huawei.com>
Reviewed-by: Linus Walleij <linus.walleij@linaro.org>
Link: https://lore.kernel.org/r/20230724144108.2582917-1-ruanjinjie@huawei.com
Signed-off-by: Vinod Koul <vkoul@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/dma/ste_dma40.c | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/drivers/dma/ste_dma40.c b/drivers/dma/ste_dma40.c
index 6671bfe084895..96a808b487cbe 100644
--- a/drivers/dma/ste_dma40.c
+++ b/drivers/dma/ste_dma40.c
@@ -3599,6 +3599,10 @@ static int __init d40_probe(struct platform_device *pdev)
spin_lock_init(&base->lcla_pool.lock);
base->irq = platform_get_irq(pdev, 0);
+ if (base->irq < 0) {
+ ret = base->irq;
+ goto destroy_cache;
+ }
ret = request_irq(base->irq, d40_handle_interrupt, 0, D40_NAME, base);
if (ret) {
--
2.40.1
^ permalink raw reply related [flat|nested] 396+ messages in thread
* [PATCH 5.4 202/367] cpufreq: Fix the race condition while updating the transition_task of policy
2023-09-20 11:26 [PATCH 5.4 000/367] 5.4.257-rc1 review Greg Kroah-Hartman
` (200 preceding siblings ...)
2023-09-20 11:29 ` [PATCH 5.4 201/367] dmaengine: ste_dma40: Add missing IRQ check in d40_probe Greg Kroah-Hartman
@ 2023-09-20 11:29 ` Greg Kroah-Hartman
2023-09-20 11:29 ` [PATCH 5.4 203/367] virtio_ring: fix avail_wrap_counter in virtqueue_add_packed Greg Kroah-Hartman
` (170 subsequent siblings)
372 siblings, 0 replies; 396+ messages in thread
From: Greg Kroah-Hartman @ 2023-09-20 11:29 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Liao Chang, Viresh Kumar,
Rafael J. Wysocki, Sasha Levin
5.4-stable review patch. If anyone has any objections, please let me know.
------------------
From: Liao Chang <liaochang1@huawei.com>
[ Upstream commit 61bfbf7951ba561dcbdd5357702d3cbc2d447812 ]
The field 'transition_task' of policy structure is used to track the
task which is performing the frequency transition. Using this field to
print a warning once detect a case where the same task is calling
_begin() again before completing the preivous frequency transition via
the _end().
However, there is a potential race condition in _end() and _begin() APIs
while updating the field 'transition_task' of policy, the scenario is
depicted below:
Task A Task B
/* 1st freq transition */
Invoke _begin() {
...
...
}
/* 2nd freq transition */
Invoke _begin() {
... //waiting for A to
... //clear
... //transition_ongoing
... //in _end() for
... //the 1st transition
|
Change the frequency |
|
Invoke _end() { |
... |
... |
transition_ongoing = false; V
transition_ongoing = true;
transition_task = current;
transition_task = NULL;
... //A overwrites the task
... //performing the transition
... //result in error warning.
}
To fix this race condition, the transition_lock of policy structure is
now acquired before updating policy structure in _end() API. Which ensure
that only one task can update the 'transition_task' field at a time.
Link: https://lore.kernel.org/all/b3c61d8a-d52d-3136-fbf0-d1de9f1ba411@huawei.com/
Fixes: ca654dc3a93d ("cpufreq: Catch double invocations of cpufreq_freq_transition_begin/end")
Signed-off-by: Liao Chang <liaochang1@huawei.com>
Acked-by: Viresh Kumar <viresh.kumar@linaro.org>
Signed-off-by: Rafael J. Wysocki <rafael.j.wysocki@intel.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/cpufreq/cpufreq.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/drivers/cpufreq/cpufreq.c b/drivers/cpufreq/cpufreq.c
index 01f0a8bdd534b..11b9edc713baa 100644
--- a/drivers/cpufreq/cpufreq.c
+++ b/drivers/cpufreq/cpufreq.c
@@ -441,8 +441,10 @@ void cpufreq_freq_transition_end(struct cpufreq_policy *policy,
cpufreq_notify_post_transition(policy, freqs, transition_failed);
+ spin_lock(&policy->transition_lock);
policy->transition_ongoing = false;
policy->transition_task = NULL;
+ spin_unlock(&policy->transition_lock);
wake_up(&policy->transition_wait);
}
--
2.40.1
^ permalink raw reply related [flat|nested] 396+ messages in thread
* [PATCH 5.4 203/367] virtio_ring: fix avail_wrap_counter in virtqueue_add_packed
2023-09-20 11:26 [PATCH 5.4 000/367] 5.4.257-rc1 review Greg Kroah-Hartman
` (201 preceding siblings ...)
2023-09-20 11:29 ` [PATCH 5.4 202/367] cpufreq: Fix the race condition while updating the transition_task of policy Greg Kroah-Hartman
@ 2023-09-20 11:29 ` Greg Kroah-Hartman
2023-09-20 11:29 ` [PATCH 5.4 204/367] igmp: limit igmpv3_newpack() packet size to IP_MAX_MTU Greg Kroah-Hartman
` (169 subsequent siblings)
372 siblings, 0 replies; 396+ messages in thread
From: Greg Kroah-Hartman @ 2023-09-20 11:29 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Yuan Yao, Jason Wang,
Michael S. Tsirkin, Sasha Levin
5.4-stable review patch. If anyone has any objections, please let me know.
------------------
From: Yuan Yao <yuanyaogoog@chromium.org>
[ Upstream commit 1acfe2c1225899eab5ab724c91b7e1eb2881b9ab ]
In current packed virtqueue implementation, the avail_wrap_counter won't
flip, in the case when the driver supplies a descriptor chain with a
length equals to the queue size; total_sg == vq->packed.vring.num.
Let’s assume the following situation:
vq->packed.vring.num=4
vq->packed.next_avail_idx: 1
vq->packed.avail_wrap_counter: 0
Then the driver adds a descriptor chain containing 4 descriptors.
We expect the following result with avail_wrap_counter flipped:
vq->packed.next_avail_idx: 1
vq->packed.avail_wrap_counter: 1
But, the current implementation gives the following result:
vq->packed.next_avail_idx: 1
vq->packed.avail_wrap_counter: 0
To reproduce the bug, you can set a packed queue size as small as
possible, so that the driver is more likely to provide a descriptor
chain with a length equal to the packed queue size. For example, in
qemu run following commands:
sudo qemu-system-x86_64 \
-enable-kvm \
-nographic \
-kernel "path/to/kernel_image" \
-m 1G \
-drive file="path/to/rootfs",if=none,id=disk \
-device virtio-blk,drive=disk \
-drive file="path/to/disk_image",if=none,id=rwdisk \
-device virtio-blk,drive=rwdisk,packed=on,queue-size=4,\
indirect_desc=off \
-append "console=ttyS0 root=/dev/vda rw init=/bin/bash"
Inside the VM, create a directory and mount the rwdisk device on it. The
rwdisk will hang and mount operation will not complete.
This commit fixes the wrap counter error by flipping the
packed.avail_wrap_counter, when start of descriptor chain equals to the
end of descriptor chain (head == i).
Fixes: 1ce9e6055fa0 ("virtio_ring: introduce packed ring support")
Signed-off-by: Yuan Yao <yuanyaogoog@chromium.org>
Message-Id: <20230808051110.3492693-1-yuanyaogoog@chromium.org>
Acked-by: Jason Wang <jasowang@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/virtio/virtio_ring.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/virtio/virtio_ring.c b/drivers/virtio/virtio_ring.c
index b5c0509112769..e3c78c9f84584 100644
--- a/drivers/virtio/virtio_ring.c
+++ b/drivers/virtio/virtio_ring.c
@@ -1180,7 +1180,7 @@ static inline int virtqueue_add_packed(struct virtqueue *_vq,
}
}
- if (i < head)
+ if (i <= head)
vq->packed.avail_wrap_counter ^= 1;
/* We're using some buffers from the free list. */
--
2.40.1
^ permalink raw reply related [flat|nested] 396+ messages in thread
* [PATCH 5.4 204/367] igmp: limit igmpv3_newpack() packet size to IP_MAX_MTU
2023-09-20 11:26 [PATCH 5.4 000/367] 5.4.257-rc1 review Greg Kroah-Hartman
` (202 preceding siblings ...)
2023-09-20 11:29 ` [PATCH 5.4 203/367] virtio_ring: fix avail_wrap_counter in virtqueue_add_packed Greg Kroah-Hartman
@ 2023-09-20 11:29 ` Greg Kroah-Hartman
2023-09-20 11:29 ` [PATCH 5.4 205/367] netfilter: ipset: add the missing IP_SET_HASH_WITH_NET0 macro for ip_set_hash_netportnet.c Greg Kroah-Hartman
` (168 subsequent siblings)
372 siblings, 0 replies; 396+ messages in thread
From: Greg Kroah-Hartman @ 2023-09-20 11:29 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Eric Dumazet, David Laight,
Kyle Zeng, Simon Horman, David S. Miller
5.4-stable review patch. If anyone has any objections, please let me know.
------------------
From: Eric Dumazet <edumazet@google.com>
commit c3b704d4a4a265660e665df51b129e8425216ed1 upstream.
This is a follow up of commit 915d975b2ffa ("net: deal with integer
overflows in kmalloc_reserve()") based on David Laight feedback.
Back in 2010, I failed to realize malicious users could set dev->mtu
to arbitrary values. This mtu has been since limited to 0x7fffffff but
regardless of how big dev->mtu is, it makes no sense for igmpv3_newpack()
to allocate more than IP_MAX_MTU and risk various skb fields overflows.
Fixes: 57e1ab6eaddc ("igmp: refine skb allocations")
Link: https://lore.kernel.org/netdev/d273628df80f45428e739274ab9ecb72@AcuMS.aculab.com/
Signed-off-by: Eric Dumazet <edumazet@google.com>
Reported-by: David Laight <David.Laight@ACULAB.COM>
Cc: Kyle Zeng <zengyhkyle@gmail.com>
Reviewed-by: Simon Horman <horms@kernel.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
net/ipv4/igmp.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
--- a/net/ipv4/igmp.c
+++ b/net/ipv4/igmp.c
@@ -355,8 +355,9 @@ static struct sk_buff *igmpv3_newpack(st
struct flowi4 fl4;
int hlen = LL_RESERVED_SPACE(dev);
int tlen = dev->needed_tailroom;
- unsigned int size = mtu;
+ unsigned int size;
+ size = min(mtu, IP_MAX_MTU);
while (1) {
skb = alloc_skb(size + hlen + tlen,
GFP_ATOMIC | __GFP_NOWARN);
^ permalink raw reply [flat|nested] 396+ messages in thread
* [PATCH 5.4 205/367] netfilter: ipset: add the missing IP_SET_HASH_WITH_NET0 macro for ip_set_hash_netportnet.c
2023-09-20 11:26 [PATCH 5.4 000/367] 5.4.257-rc1 review Greg Kroah-Hartman
` (203 preceding siblings ...)
2023-09-20 11:29 ` [PATCH 5.4 204/367] igmp: limit igmpv3_newpack() packet size to IP_MAX_MTU Greg Kroah-Hartman
@ 2023-09-20 11:29 ` Greg Kroah-Hartman
2023-09-20 11:29 ` [PATCH 5.4 206/367] netfilter: xt_u32: validate user space input Greg Kroah-Hartman
` (167 subsequent siblings)
372 siblings, 0 replies; 396+ messages in thread
From: Greg Kroah-Hartman @ 2023-09-20 11:29 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Jozsef Kadlecsik, Kyle Zeng,
Florian Westphal
5.4-stable review patch. If anyone has any objections, please let me know.
------------------
From: Kyle Zeng <zengyhkyle@gmail.com>
commit 050d91c03b28ca479df13dfb02bcd2c60dd6a878 upstream.
The missing IP_SET_HASH_WITH_NET0 macro in ip_set_hash_netportnet can
lead to the use of wrong `CIDR_POS(c)` for calculating array offsets,
which can lead to integer underflow. As a result, it leads to slab
out-of-bound access.
This patch adds back the IP_SET_HASH_WITH_NET0 macro to
ip_set_hash_netportnet to address the issue.
Fixes: 886503f34d63 ("netfilter: ipset: actually allow allowable CIDR 0 in hash:net,port,net")
Suggested-by: Jozsef Kadlecsik <kadlec@netfilter.org>
Signed-off-by: Kyle Zeng <zengyhkyle@gmail.com>
Acked-by: Jozsef Kadlecsik <kadlec@netfilter.org>
Signed-off-by: Florian Westphal <fw@strlen.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
net/netfilter/ipset/ip_set_hash_netportnet.c | 1 +
1 file changed, 1 insertion(+)
--- a/net/netfilter/ipset/ip_set_hash_netportnet.c
+++ b/net/netfilter/ipset/ip_set_hash_netportnet.c
@@ -35,6 +35,7 @@ MODULE_ALIAS("ip_set_hash:net,port,net")
#define IP_SET_HASH_WITH_PROTO
#define IP_SET_HASH_WITH_NETS
#define IPSET_NET_COUNT 2
+#define IP_SET_HASH_WITH_NET0
/* IPv4 variant */
^ permalink raw reply [flat|nested] 396+ messages in thread
* [PATCH 5.4 206/367] netfilter: xt_u32: validate user space input
2023-09-20 11:26 [PATCH 5.4 000/367] 5.4.257-rc1 review Greg Kroah-Hartman
` (204 preceding siblings ...)
2023-09-20 11:29 ` [PATCH 5.4 205/367] netfilter: ipset: add the missing IP_SET_HASH_WITH_NET0 macro for ip_set_hash_netportnet.c Greg Kroah-Hartman
@ 2023-09-20 11:29 ` Greg Kroah-Hartman
2023-09-20 11:29 ` [PATCH 5.4 207/367] netfilter: xt_sctp: validate the flag_info count Greg Kroah-Hartman
` (166 subsequent siblings)
372 siblings, 0 replies; 396+ messages in thread
From: Greg Kroah-Hartman @ 2023-09-20 11:29 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Wander Lairson Costa, Pablo Neira Ayuso
5.4-stable review patch. If anyone has any objections, please let me know.
------------------
From: Wander Lairson Costa <wander@redhat.com>
commit 69c5d284f67089b4750d28ff6ac6f52ec224b330 upstream.
The xt_u32 module doesn't validate the fields in the xt_u32 structure.
An attacker may take advantage of this to trigger an OOB read by setting
the size fields with a value beyond the arrays boundaries.
Add a checkentry function to validate the structure.
This was originally reported by the ZDI project (ZDI-CAN-18408).
Fixes: 1b50b8a371e9 ("[NETFILTER]: Add u32 match")
Cc: stable@vger.kernel.org
Signed-off-by: Wander Lairson Costa <wander@redhat.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
net/netfilter/xt_u32.c | 21 +++++++++++++++++++++
1 file changed, 21 insertions(+)
--- a/net/netfilter/xt_u32.c
+++ b/net/netfilter/xt_u32.c
@@ -96,11 +96,32 @@ static bool u32_mt(const struct sk_buff
return ret ^ data->invert;
}
+static int u32_mt_checkentry(const struct xt_mtchk_param *par)
+{
+ const struct xt_u32 *data = par->matchinfo;
+ const struct xt_u32_test *ct;
+ unsigned int i;
+
+ if (data->ntests > ARRAY_SIZE(data->tests))
+ return -EINVAL;
+
+ for (i = 0; i < data->ntests; ++i) {
+ ct = &data->tests[i];
+
+ if (ct->nnums > ARRAY_SIZE(ct->location) ||
+ ct->nvalues > ARRAY_SIZE(ct->value))
+ return -EINVAL;
+ }
+
+ return 0;
+}
+
static struct xt_match xt_u32_mt_reg __read_mostly = {
.name = "u32",
.revision = 0,
.family = NFPROTO_UNSPEC,
.match = u32_mt,
+ .checkentry = u32_mt_checkentry,
.matchsize = sizeof(struct xt_u32),
.me = THIS_MODULE,
};
^ permalink raw reply [flat|nested] 396+ messages in thread
* [PATCH 5.4 207/367] netfilter: xt_sctp: validate the flag_info count
2023-09-20 11:26 [PATCH 5.4 000/367] 5.4.257-rc1 review Greg Kroah-Hartman
` (205 preceding siblings ...)
2023-09-20 11:29 ` [PATCH 5.4 206/367] netfilter: xt_u32: validate user space input Greg Kroah-Hartman
@ 2023-09-20 11:29 ` Greg Kroah-Hartman
2023-09-20 11:29 ` [PATCH 5.4 208/367] skbuff: skb_segment, Call zero copy functions before using skbuff frags Greg Kroah-Hartman
` (165 subsequent siblings)
372 siblings, 0 replies; 396+ messages in thread
From: Greg Kroah-Hartman @ 2023-09-20 11:29 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Lucas Leong, Wander Lairson Costa,
Pablo Neira Ayuso
5.4-stable review patch. If anyone has any objections, please let me know.
------------------
From: Wander Lairson Costa <wander@redhat.com>
commit e99476497687ef9e850748fe6d232264f30bc8f9 upstream.
sctp_mt_check doesn't validate the flag_count field. An attacker can
take advantage of that to trigger a OOB read and leak memory
information.
Add the field validation in the checkentry function.
Fixes: 2e4e6a17af35 ("[NETFILTER] x_tables: Abstraction layer for {ip,ip6,arp}_tables")
Cc: stable@vger.kernel.org
Reported-by: Lucas Leong <wmliang@infosec.exchange>
Signed-off-by: Wander Lairson Costa <wander@redhat.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
net/netfilter/xt_sctp.c | 2 ++
1 file changed, 2 insertions(+)
--- a/net/netfilter/xt_sctp.c
+++ b/net/netfilter/xt_sctp.c
@@ -150,6 +150,8 @@ static int sctp_mt_check(const struct xt
{
const struct xt_sctp_info *info = par->matchinfo;
+ if (info->flag_count > ARRAY_SIZE(info->flag_info))
+ return -EINVAL;
if (info->flags & ~XT_SCTP_VALID_FLAGS)
return -EINVAL;
if (info->invflags & ~XT_SCTP_VALID_FLAGS)
^ permalink raw reply [flat|nested] 396+ messages in thread
* [PATCH 5.4 208/367] skbuff: skb_segment, Call zero copy functions before using skbuff frags
2023-09-20 11:26 [PATCH 5.4 000/367] 5.4.257-rc1 review Greg Kroah-Hartman
` (206 preceding siblings ...)
2023-09-20 11:29 ` [PATCH 5.4 207/367] netfilter: xt_sctp: validate the flag_info count Greg Kroah-Hartman
@ 2023-09-20 11:29 ` Greg Kroah-Hartman
2023-09-20 11:29 ` [PATCH 5.4 209/367] igb: set max size RX buffer when store bad packet is enabled Greg Kroah-Hartman
` (164 subsequent siblings)
372 siblings, 0 replies; 396+ messages in thread
From: Greg Kroah-Hartman @ 2023-09-20 11:29 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Mohamed Khalfella, Amit Goyal,
Eric Dumazet, David S. Miller
5.4-stable review patch. If anyone has any objections, please let me know.
------------------
From: Mohamed Khalfella <mkhalfella@purestorage.com>
commit 2ea35288c83b3d501a88bc17f2df8f176b5cc96f upstream.
Commit bf5c25d60861 ("skbuff: in skb_segment, call zerocopy functions
once per nskb") added the call to zero copy functions in skb_segment().
The change introduced a bug in skb_segment() because skb_orphan_frags()
may possibly change the number of fragments or allocate new fragments
altogether leaving nrfrags and frag to point to the old values. This can
cause a panic with stacktrace like the one below.
[ 193.894380] BUG: kernel NULL pointer dereference, address: 00000000000000bc
[ 193.895273] CPU: 13 PID: 18164 Comm: vh-net-17428 Kdump: loaded Tainted: G O 5.15.123+ #26
[ 193.903919] RIP: 0010:skb_segment+0xb0e/0x12f0
[ 194.021892] Call Trace:
[ 194.027422] <TASK>
[ 194.072861] tcp_gso_segment+0x107/0x540
[ 194.082031] inet_gso_segment+0x15c/0x3d0
[ 194.090783] skb_mac_gso_segment+0x9f/0x110
[ 194.095016] __skb_gso_segment+0xc1/0x190
[ 194.103131] netem_enqueue+0x290/0xb10 [sch_netem]
[ 194.107071] dev_qdisc_enqueue+0x16/0x70
[ 194.110884] __dev_queue_xmit+0x63b/0xb30
[ 194.121670] bond_start_xmit+0x159/0x380 [bonding]
[ 194.128506] dev_hard_start_xmit+0xc3/0x1e0
[ 194.131787] __dev_queue_xmit+0x8a0/0xb30
[ 194.138225] macvlan_start_xmit+0x4f/0x100 [macvlan]
[ 194.141477] dev_hard_start_xmit+0xc3/0x1e0
[ 194.144622] sch_direct_xmit+0xe3/0x280
[ 194.147748] __dev_queue_xmit+0x54a/0xb30
[ 194.154131] tap_get_user+0x2a8/0x9c0 [tap]
[ 194.157358] tap_sendmsg+0x52/0x8e0 [tap]
[ 194.167049] handle_tx_zerocopy+0x14e/0x4c0 [vhost_net]
[ 194.173631] handle_tx+0xcd/0xe0 [vhost_net]
[ 194.176959] vhost_worker+0x76/0xb0 [vhost]
[ 194.183667] kthread+0x118/0x140
[ 194.190358] ret_from_fork+0x1f/0x30
[ 194.193670] </TASK>
In this case calling skb_orphan_frags() updated nr_frags leaving nrfrags
local variable in skb_segment() stale. This resulted in the code hitting
i >= nrfrags prematurely and trying to move to next frag_skb using
list_skb pointer, which was NULL, and caused kernel panic. Move the call
to zero copy functions before using frags and nr_frags.
Fixes: bf5c25d60861 ("skbuff: in skb_segment, call zerocopy functions once per nskb")
Signed-off-by: Mohamed Khalfella <mkhalfella@purestorage.com>
Reported-by: Amit Goyal <agoyal@purestorage.com>
Cc: stable@vger.kernel.org
Reviewed-by: Eric Dumazet <edumazet@google.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
net/core/skbuff.c | 34 ++++++++++++++++++++--------------
1 file changed, 20 insertions(+), 14 deletions(-)
--- a/net/core/skbuff.c
+++ b/net/core/skbuff.c
@@ -3686,21 +3686,20 @@ struct sk_buff *skb_segment(struct sk_bu
struct sk_buff *segs = NULL;
struct sk_buff *tail = NULL;
struct sk_buff *list_skb = skb_shinfo(head_skb)->frag_list;
- skb_frag_t *frag = skb_shinfo(head_skb)->frags;
unsigned int mss = skb_shinfo(head_skb)->gso_size;
unsigned int doffset = head_skb->data - skb_mac_header(head_skb);
- struct sk_buff *frag_skb = head_skb;
unsigned int offset = doffset;
unsigned int tnl_hlen = skb_tnl_header_len(head_skb);
unsigned int partial_segs = 0;
unsigned int headroom;
unsigned int len = head_skb->len;
+ struct sk_buff *frag_skb;
+ skb_frag_t *frag;
__be16 proto;
bool csum, sg;
- int nfrags = skb_shinfo(head_skb)->nr_frags;
int err = -ENOMEM;
int i = 0;
- int pos;
+ int nfrags, pos;
int dummy;
if ((skb_shinfo(head_skb)->gso_type & SKB_GSO_DODGY) &&
@@ -3778,6 +3777,13 @@ normal:
headroom = skb_headroom(head_skb);
pos = skb_headlen(head_skb);
+ if (skb_orphan_frags(head_skb, GFP_ATOMIC))
+ return ERR_PTR(-ENOMEM);
+
+ nfrags = skb_shinfo(head_skb)->nr_frags;
+ frag = skb_shinfo(head_skb)->frags;
+ frag_skb = head_skb;
+
do {
struct sk_buff *nskb;
skb_frag_t *nskb_frag;
@@ -3802,6 +3808,10 @@ normal:
(skb_headlen(list_skb) == len || sg)) {
BUG_ON(skb_headlen(list_skb) > len);
+ nskb = skb_clone(list_skb, GFP_ATOMIC);
+ if (unlikely(!nskb))
+ goto err;
+
i = 0;
nfrags = skb_shinfo(list_skb)->nr_frags;
frag = skb_shinfo(list_skb)->frags;
@@ -3820,12 +3830,8 @@ normal:
frag++;
}
- nskb = skb_clone(list_skb, GFP_ATOMIC);
list_skb = list_skb->next;
- if (unlikely(!nskb))
- goto err;
-
if (unlikely(pskb_trim(nskb, len))) {
kfree_skb(nskb);
goto err;
@@ -3890,12 +3896,16 @@ normal:
skb_shinfo(nskb)->tx_flags |= skb_shinfo(head_skb)->tx_flags &
SKBTX_SHARED_FRAG;
- if (skb_orphan_frags(frag_skb, GFP_ATOMIC) ||
- skb_zerocopy_clone(nskb, frag_skb, GFP_ATOMIC))
+ if (skb_zerocopy_clone(nskb, frag_skb, GFP_ATOMIC))
goto err;
while (pos < offset + len) {
if (i >= nfrags) {
+ if (skb_orphan_frags(list_skb, GFP_ATOMIC) ||
+ skb_zerocopy_clone(nskb, list_skb,
+ GFP_ATOMIC))
+ goto err;
+
i = 0;
nfrags = skb_shinfo(list_skb)->nr_frags;
frag = skb_shinfo(list_skb)->frags;
@@ -3909,10 +3919,6 @@ normal:
i--;
frag--;
}
- if (skb_orphan_frags(frag_skb, GFP_ATOMIC) ||
- skb_zerocopy_clone(nskb, frag_skb,
- GFP_ATOMIC))
- goto err;
list_skb = list_skb->next;
}
^ permalink raw reply [flat|nested] 396+ messages in thread
* [PATCH 5.4 209/367] igb: set max size RX buffer when store bad packet is enabled
2023-09-20 11:26 [PATCH 5.4 000/367] 5.4.257-rc1 review Greg Kroah-Hartman
` (207 preceding siblings ...)
2023-09-20 11:29 ` [PATCH 5.4 208/367] skbuff: skb_segment, Call zero copy functions before using skbuff frags Greg Kroah-Hartman
@ 2023-09-20 11:29 ` Greg Kroah-Hartman
2023-09-20 11:29 ` [PATCH 5.4 210/367] PM / devfreq: Fix leak in devfreq_dev_release() Greg Kroah-Hartman
` (163 subsequent siblings)
372 siblings, 0 replies; 396+ messages in thread
From: Greg Kroah-Hartman @ 2023-09-20 11:29 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Manfred Rudigier, Radoslaw Tyl,
Tony Nguyen, David S. Miller, Arpana Arland
5.4-stable review patch. If anyone has any objections, please let me know.
------------------
From: Radoslaw Tyl <radoslawx.tyl@intel.com>
commit bb5ed01cd2428cd25b1c88a3a9cba87055eb289f upstream.
Increase the RX buffer size to 3K when the SBP bit is on. The size of
the RX buffer determines the number of pages allocated which may not
be sufficient for receive frames larger than the set MTU size.
Cc: stable@vger.kernel.org
Fixes: 89eaefb61dc9 ("igb: Support RX-ALL feature flag.")
Reported-by: Manfred Rudigier <manfred.rudigier@omicronenergy.com>
Signed-off-by: Radoslaw Tyl <radoslawx.tyl@intel.com>
Tested-by: Arpana Arland <arpanax.arland@intel.com> (A Contingent worker at Intel)
Signed-off-by: Tony Nguyen <anthony.l.nguyen@intel.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/net/ethernet/intel/igb/igb_main.c | 11 +++++++----
1 file changed, 7 insertions(+), 4 deletions(-)
--- a/drivers/net/ethernet/intel/igb/igb_main.c
+++ b/drivers/net/ethernet/intel/igb/igb_main.c
@@ -4552,6 +4552,10 @@ void igb_configure_rx_ring(struct igb_ad
static void igb_set_rx_buffer_len(struct igb_adapter *adapter,
struct igb_ring *rx_ring)
{
+#if (PAGE_SIZE < 8192)
+ struct e1000_hw *hw = &adapter->hw;
+#endif
+
/* set build_skb and buffer size flags */
clear_ring_build_skb_enabled(rx_ring);
clear_ring_uses_large_buffer(rx_ring);
@@ -4562,10 +4566,9 @@ static void igb_set_rx_buffer_len(struct
set_ring_build_skb_enabled(rx_ring);
#if (PAGE_SIZE < 8192)
- if (adapter->max_frame_size <= IGB_MAX_FRAME_BUILD_SKB)
- return;
-
- set_ring_uses_large_buffer(rx_ring);
+ if (adapter->max_frame_size > IGB_MAX_FRAME_BUILD_SKB ||
+ rd32(E1000_RCTL) & E1000_RCTL_SBP)
+ set_ring_uses_large_buffer(rx_ring);
#endif
}
^ permalink raw reply [flat|nested] 396+ messages in thread
* [PATCH 5.4 210/367] PM / devfreq: Fix leak in devfreq_dev_release()
2023-09-20 11:26 [PATCH 5.4 000/367] 5.4.257-rc1 review Greg Kroah-Hartman
` (208 preceding siblings ...)
2023-09-20 11:29 ` [PATCH 5.4 209/367] igb: set max size RX buffer when store bad packet is enabled Greg Kroah-Hartman
@ 2023-09-20 11:29 ` Greg Kroah-Hartman
2023-09-20 11:29 ` [PATCH 5.4 211/367] ALSA: pcm: Fix missing fixup call in compat hw_refine ioctl Greg Kroah-Hartman
` (162 subsequent siblings)
372 siblings, 0 replies; 396+ messages in thread
From: Greg Kroah-Hartman @ 2023-09-20 11:29 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Boris Brezillon, Dhruva Gole, Chanwoo Choi
5.4-stable review patch. If anyone has any objections, please let me know.
------------------
From: Boris Brezillon <boris.brezillon@collabora.com>
commit 5693d077595de721f9ddbf9d37f40e5409707dfe upstream.
srcu_init_notifier_head() allocates resources that need to be released
with a srcu_cleanup_notifier_head() call.
Reported by kmemleak.
Fixes: 0fe3a66410a3 ("PM / devfreq: Add new DEVFREQ_TRANSITION_NOTIFIER notifier")
Cc: <stable@vger.kernel.org>
Signed-off-by: Boris Brezillon <boris.brezillon@collabora.com>
Reviewed-by: Dhruva Gole <d-gole@ti.com>
Signed-off-by: Chanwoo Choi <cw00.choi@samsung.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/devfreq/devfreq.c | 1 +
1 file changed, 1 insertion(+)
--- a/drivers/devfreq/devfreq.c
+++ b/drivers/devfreq/devfreq.c
@@ -595,6 +595,7 @@ static void devfreq_dev_release(struct d
devfreq->profile->exit(devfreq->dev.parent);
mutex_destroy(&devfreq->lock);
+ srcu_cleanup_notifier_head(&devfreq->transition_notifier_list);
kfree(devfreq);
}
^ permalink raw reply [flat|nested] 396+ messages in thread
* [PATCH 5.4 211/367] ALSA: pcm: Fix missing fixup call in compat hw_refine ioctl
2023-09-20 11:26 [PATCH 5.4 000/367] 5.4.257-rc1 review Greg Kroah-Hartman
` (209 preceding siblings ...)
2023-09-20 11:29 ` [PATCH 5.4 210/367] PM / devfreq: Fix leak in devfreq_dev_release() Greg Kroah-Hartman
@ 2023-09-20 11:29 ` Greg Kroah-Hartman
2023-09-20 11:29 ` Greg Kroah-Hartman
` (161 subsequent siblings)
372 siblings, 0 replies; 396+ messages in thread
From: Greg Kroah-Hartman @ 2023-09-20 11:29 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Meng_Cai, Takashi Sakamoto,
Jaroslav Kysela, Takashi Iwai
5.4-stable review patch. If anyone has any objections, please let me know.
------------------
From: Takashi Iwai <tiwai@suse.de>
commit 358040e3807754944dbddf948a23c6d914297ed7 upstream.
The update of rate_num/den and msbits were factored out to
fixup_unreferenced_params() function to be called explicitly after the
hw_refine or hw_params procedure. It's called from
snd_pcm_hw_refine_user(), but it's forgotten in the PCM compat ioctl.
This ended up with the incomplete rate_num/den and msbits parameters
when 32bit compat ioctl is used.
This patch adds the missing call in snd_pcm_ioctl_hw_params_compat().
Reported-by: Meng_Cai@novatek.com.cn
Fixes: f9a076bff053 ("ALSA: pcm: calculate non-mask/non-interval parameters always when possible")
Reviewed-by: Takashi Sakamoto <o-takashi@sakamocchi.jp>
Reviewed-by: Jaroslav Kysela <perex@perex.cz>
Cc: <stable@vger.kernel.org>
Link: https://lore.kernel.org/r/20230829134344.31588-1-tiwai@suse.de
Signed-off-by: Takashi Iwai <tiwai@suse.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
sound/core/pcm_compat.c | 8 ++++++--
1 file changed, 6 insertions(+), 2 deletions(-)
--- a/sound/core/pcm_compat.c
+++ b/sound/core/pcm_compat.c
@@ -315,10 +315,14 @@ static int snd_pcm_ioctl_hw_params_compa
goto error;
}
- if (refine)
+ if (refine) {
err = snd_pcm_hw_refine(substream, data);
- else
+ if (err < 0)
+ goto error;
+ err = fixup_unreferenced_params(substream, data);
+ } else {
err = snd_pcm_hw_params(substream, data);
+ }
if (err < 0)
goto error;
if (copy_to_user(data32, data, sizeof(*data32)) ||
^ permalink raw reply [flat|nested] 396+ messages in thread
* [PATCH 5.4 212/367] ipmi_si: fix a memleak in try_smi_init()
2023-09-20 11:26 [PATCH 5.4 000/367] 5.4.257-rc1 review Greg Kroah-Hartman
@ 2023-09-20 11:29 ` Greg Kroah-Hartman
2023-09-20 11:26 ` [PATCH 5.4 002/367] ARM: pxa: remove use of symbol_get() Greg Kroah-Hartman
` (371 subsequent siblings)
372 siblings, 0 replies; 396+ messages in thread
From: Greg Kroah-Hartman @ 2023-09-20 11:29 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Yi Yang, GONG, Ruiqi, Corey Minyard, GONG
5.4-stable review patch. If anyone has any objections, please let me know.
------------------
From: Yi Yang <yiyang13@huawei.com>
commit 6cf1a126de2992b4efe1c3c4d398f8de4aed6e3f upstream.
Kmemleak reported the following leak info in try_smi_init():
unreferenced object 0xffff00018ecf9400 (size 1024):
comm "modprobe", pid 2707763, jiffies 4300851415 (age 773.308s)
backtrace:
[<000000004ca5b312>] __kmalloc+0x4b8/0x7b0
[<00000000953b1072>] try_smi_init+0x148/0x5dc [ipmi_si]
[<000000006460d325>] 0xffff800081b10148
[<0000000039206ea5>] do_one_initcall+0x64/0x2a4
[<00000000601399ce>] do_init_module+0x50/0x300
[<000000003c12ba3c>] load_module+0x7a8/0x9e0
[<00000000c246fffe>] __se_sys_init_module+0x104/0x180
[<00000000eea99093>] __arm64_sys_init_module+0x24/0x30
[<0000000021b1ef87>] el0_svc_common.constprop.0+0x94/0x250
[<0000000070f4f8b7>] do_el0_svc+0x48/0xe0
[<000000005a05337f>] el0_svc+0x24/0x3c
[<000000005eb248d6>] el0_sync_handler+0x160/0x164
[<0000000030a59039>] el0_sync+0x160/0x180
The problem was that when an error occurred before handlers registration
and after allocating `new_smi->si_sm`, the variable wouldn't be freed in
the error handling afterwards since `shutdown_smi()` hadn't been
registered yet. Fix it by adding a `kfree()` in the error handling path
in `try_smi_init()`.
Cc: stable@vger.kernel.org # 4.19+
Fixes: 7960f18a5647 ("ipmi_si: Convert over to a shutdown handler")
Signed-off-by: Yi Yang <yiyang13@huawei.com>
Co-developed-by: GONG, Ruiqi <gongruiqi@huaweicloud.com>
Signed-off-by: GONG, Ruiqi <gongruiqi@huaweicloud.com>
Message-Id: <20230629123328.2402075-1-gongruiqi@huaweicloud.com>
Signed-off-by: Corey Minyard <minyard@acm.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/char/ipmi/ipmi_si_intf.c | 5 +++++
1 file changed, 5 insertions(+)
--- a/drivers/char/ipmi/ipmi_si_intf.c
+++ b/drivers/char/ipmi/ipmi_si_intf.c
@@ -2086,6 +2086,11 @@ static int try_smi_init(struct smi_info
new_smi->io.io_cleanup = NULL;
}
+ if (rv && new_smi->si_sm) {
+ kfree(new_smi->si_sm);
+ new_smi->si_sm = NULL;
+ }
+
return rv;
}
^ permalink raw reply [flat|nested] 396+ messages in thread
* [PATCH 5.4 212/367] ipmi_si: fix a memleak in try_smi_init()
@ 2023-09-20 11:29 ` Greg Kroah-Hartman
0 siblings, 0 replies; 396+ messages in thread
From: Greg Kroah-Hartman @ 2023-09-20 11:29 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Yi Yang, GONG, Ruiqi, Corey Minyard, GONG
5.4-stable review patch. If anyone has any objections, please let me know.
------------------
From: Yi Yang <yiyang13@huawei.com>
commit 6cf1a126de2992b4efe1c3c4d398f8de4aed6e3f upstream.
Kmemleak reported the following leak info in try_smi_init():
unreferenced object 0xffff00018ecf9400 (size 1024):
comm "modprobe", pid 2707763, jiffies 4300851415 (age 773.308s)
backtrace:
[<000000004ca5b312>] __kmalloc+0x4b8/0x7b0
[<00000000953b1072>] try_smi_init+0x148/0x5dc [ipmi_si]
[<000000006460d325>] 0xffff800081b10148
[<0000000039206ea5>] do_one_initcall+0x64/0x2a4
[<00000000601399ce>] do_init_module+0x50/0x300
[<000000003c12ba3c>] load_module+0x7a8/0x9e0
[<00000000c246fffe>] __se_sys_init_module+0x104/0x180
[<00000000eea99093>] __arm64_sys_init_module+0x24/0x30
[<0000000021b1ef87>] el0_svc_common.constprop.0+0x94/0x250
[<0000000070f4f8b7>] do_el0_svc+0x48/0xe0
[<000000005a05337f>] el0_svc+0x24/0x3c
[<000000005eb248d6>] el0_sync_handler+0x160/0x164
[<0000000030a59039>] el0_sync+0x160/0x180
The problem was that when an error occurred before handlers registration
and after allocating `new_smi->si_sm`, the variable wouldn't be freed in
the error handling afterwards since `shutdown_smi()` hadn't been
registered yet. Fix it by adding a `kfree()` in the error handling path
in `try_smi_init()`.
Cc: stable@vger.kernel.org # 4.19+
Fixes: 7960f18a5647 ("ipmi_si: Convert over to a shutdown handler")
Signed-off-by: Yi Yang <yiyang13@huawei.com>
Co-developed-by: GONG, Ruiqi <gongruiqi@huaweicloud.com>
Signed-off-by: GONG, Ruiqi <gongruiqi@huaweicloud.com>
Message-Id: <20230629123328.2402075-1-gongruiqi@huaweicloud.com>
Signed-off-by: Corey Minyard <minyard@acm.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/char/ipmi/ipmi_si_intf.c | 5 +++++
1 file changed, 5 insertions(+)
--- a/drivers/char/ipmi/ipmi_si_intf.c
+++ b/drivers/char/ipmi/ipmi_si_intf.c
@@ -2086,6 +2086,11 @@ static int try_smi_init(struct smi_info
new_smi->io.io_cleanup = NULL;
}
+ if (rv && new_smi->si_sm) {
+ kfree(new_smi->si_sm);
+ new_smi->si_sm = NULL;
+ }
+
return rv;
}
^ permalink raw reply [flat|nested] 396+ messages in thread
* [PATCH 5.4 213/367] ARM: OMAP2+: Fix -Warray-bounds warning in _pwrdm_state_switch()
2023-09-20 11:26 [PATCH 5.4 000/367] 5.4.257-rc1 review Greg Kroah-Hartman
` (211 preceding siblings ...)
2023-09-20 11:29 ` Greg Kroah-Hartman
@ 2023-09-20 11:29 ` Greg Kroah-Hartman
2023-09-20 11:29 ` Greg Kroah-Hartman
` (159 subsequent siblings)
372 siblings, 0 replies; 396+ messages in thread
From: Greg Kroah-Hartman @ 2023-09-20 11:29 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, kernel test robot,
Gustavo A. R. Silva, Ard Biesheuvel, Tony Lindgren
5.4-stable review patch. If anyone has any objections, please let me know.
------------------
From: Gustavo A. R. Silva <gustavoars@kernel.org>
commit 847fb80cc01a54bc827b02547bb8743bdb59ddab upstream.
If function pwrdm_read_prev_pwrst() returns -EINVAL, we will end
up accessing array pwrdm->state_counter through negative index
-22. This is wrong and the compiler is legitimately warning us
about this potential problem.
Fix this by sanity checking the value stored in variable _prev_
before accessing array pwrdm->state_counter.
Address the following -Warray-bounds warning:
arch/arm/mach-omap2/powerdomain.c:178:45: warning: array subscript -22 is below array bounds of 'unsigned int[4]' [-Warray-bounds]
Link: https://github.com/KSPP/linux/issues/307
Fixes: ba20bb126940 ("OMAP: PM counter infrastructure.")
Cc: stable@vger.kernel.org
Reported-by: kernel test robot <lkp@intel.com>
Link: https://lore.kernel.org/lkml/20230607050639.LzbPn%25lkp@intel.com/
Signed-off-by: Gustavo A. R. Silva <gustavoars@kernel.org>
Message-ID: <ZIFVGwImU3kpaGeH@work>
Acked-by: Ard Biesheuvel <ardb@kernel.org>
Signed-off-by: Tony Lindgren <tony@atomide.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
arch/arm/mach-omap2/powerdomain.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/arch/arm/mach-omap2/powerdomain.c
+++ b/arch/arm/mach-omap2/powerdomain.c
@@ -174,7 +174,7 @@ static int _pwrdm_state_switch(struct po
break;
case PWRDM_STATE_PREV:
prev = pwrdm_read_prev_pwrst(pwrdm);
- if (pwrdm->state != prev)
+ if (prev >= 0 && pwrdm->state != prev)
pwrdm->state_counter[prev]++;
if (prev == PWRDM_POWER_RET)
_update_logic_membank_counters(pwrdm);
^ permalink raw reply [flat|nested] 396+ messages in thread
* [PATCH 5.4 214/367] backlight/gpio_backlight: Compare against struct fb_info.device
2023-09-20 11:26 [PATCH 5.4 000/367] 5.4.257-rc1 review Greg Kroah-Hartman
@ 2023-09-20 11:29 ` Greg Kroah-Hartman
2023-09-20 11:26 ` [PATCH 5.4 002/367] ARM: pxa: remove use of symbol_get() Greg Kroah-Hartman
` (371 subsequent siblings)
372 siblings, 0 replies; 396+ messages in thread
From: Greg Kroah-Hartman @ 2023-09-20 11:29 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Thomas Zimmermann, Laurent Pinchart,
Rich Felker, John Paul Adrian Glaubitz, Lee Jones,
Daniel Thompson, Jingoo Han, linux-sh, dri-devel, Sam Ravnborg
5.4-stable review patch. If anyone has any objections, please let me know.
------------------
From: Thomas Zimmermann <tzimmermann@suse.de>
commit 7b91d017f77c1bda56f27c2f4bbb70de7c6eca08 upstream.
Struct gpio_backlight_platform_data refers to a platform device within
the Linux device hierarchy. The test in gpio_backlight_check_fb()
compares it against the fbdev device in struct fb_info.dev, which
is different. Fix the test by comparing to struct fb_info.device.
Fixes a bug in the backlight driver and prepares fbdev for making
struct fb_info.dev optional.
v2:
* move renames into separate patch (Javier, Sam, Michael)
Signed-off-by: Thomas Zimmermann <tzimmermann@suse.de>
Fixes: 8b770e3c9824 ("backlight: Add GPIO-based backlight driver")
Cc: Laurent Pinchart <laurent.pinchart+renesas@ideasonboard.com>
Cc: Rich Felker <dalias@libc.org>
Cc: John Paul Adrian Glaubitz <glaubitz@physik.fu-berlin.de>
Cc: Lee Jones <lee@kernel.org>
Cc: Daniel Thompson <daniel.thompson@linaro.org>
Cc: Jingoo Han <jingoohan1@gmail.com>
Cc: linux-sh@vger.kernel.org
Cc: dri-devel@lists.freedesktop.org
Cc: <stable@vger.kernel.org> # v3.12+
Reviewed-by: Sam Ravnborg <sam@ravnborg.org>
Reviewed-by: Daniel Thompson <daniel.thompson@linaro.org>
Link: https://patchwork.freedesktop.org/patch/msgid/20230613110953.24176-4-tzimmermann@suse.de
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/video/backlight/gpio_backlight.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/drivers/video/backlight/gpio_backlight.c
+++ b/drivers/video/backlight/gpio_backlight.c
@@ -46,7 +46,7 @@ static int gpio_backlight_check_fb(struc
{
struct gpio_backlight *gbl = bl_get_data(bl);
- return gbl->fbdev == NULL || gbl->fbdev == info->dev;
+ return gbl->fbdev == NULL || gbl->fbdev == info->device;
}
static const struct backlight_ops gpio_backlight_ops = {
^ permalink raw reply [flat|nested] 396+ messages in thread
* [PATCH 5.4 214/367] backlight/gpio_backlight: Compare against struct fb_info.device
@ 2023-09-20 11:29 ` Greg Kroah-Hartman
0 siblings, 0 replies; 396+ messages in thread
From: Greg Kroah-Hartman @ 2023-09-20 11:29 UTC (permalink / raw)
To: stable
Cc: Daniel Thompson, Laurent Pinchart, Jingoo Han, linux-sh,
Greg Kroah-Hartman, Lee Jones, patches, dri-devel, Rich Felker,
Thomas Zimmermann, John Paul Adrian Glaubitz, Sam Ravnborg
5.4-stable review patch. If anyone has any objections, please let me know.
------------------
From: Thomas Zimmermann <tzimmermann@suse.de>
commit 7b91d017f77c1bda56f27c2f4bbb70de7c6eca08 upstream.
Struct gpio_backlight_platform_data refers to a platform device within
the Linux device hierarchy. The test in gpio_backlight_check_fb()
compares it against the fbdev device in struct fb_info.dev, which
is different. Fix the test by comparing to struct fb_info.device.
Fixes a bug in the backlight driver and prepares fbdev for making
struct fb_info.dev optional.
v2:
* move renames into separate patch (Javier, Sam, Michael)
Signed-off-by: Thomas Zimmermann <tzimmermann@suse.de>
Fixes: 8b770e3c9824 ("backlight: Add GPIO-based backlight driver")
Cc: Laurent Pinchart <laurent.pinchart+renesas@ideasonboard.com>
Cc: Rich Felker <dalias@libc.org>
Cc: John Paul Adrian Glaubitz <glaubitz@physik.fu-berlin.de>
Cc: Lee Jones <lee@kernel.org>
Cc: Daniel Thompson <daniel.thompson@linaro.org>
Cc: Jingoo Han <jingoohan1@gmail.com>
Cc: linux-sh@vger.kernel.org
Cc: dri-devel@lists.freedesktop.org
Cc: <stable@vger.kernel.org> # v3.12+
Reviewed-by: Sam Ravnborg <sam@ravnborg.org>
Reviewed-by: Daniel Thompson <daniel.thompson@linaro.org>
Link: https://patchwork.freedesktop.org/patch/msgid/20230613110953.24176-4-tzimmermann@suse.de
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/video/backlight/gpio_backlight.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/drivers/video/backlight/gpio_backlight.c
+++ b/drivers/video/backlight/gpio_backlight.c
@@ -46,7 +46,7 @@ static int gpio_backlight_check_fb(struc
{
struct gpio_backlight *gbl = bl_get_data(bl);
- return gbl->fbdev == NULL || gbl->fbdev == info->dev;
+ return gbl->fbdev == NULL || gbl->fbdev == info->device;
}
static const struct backlight_ops gpio_backlight_ops = {
^ permalink raw reply [flat|nested] 396+ messages in thread
* [PATCH 5.4 215/367] backlight/bd6107: Compare against struct fb_info.device
2023-09-20 11:26 [PATCH 5.4 000/367] 5.4.257-rc1 review Greg Kroah-Hartman
@ 2023-09-20 11:29 ` Greg Kroah-Hartman
2023-09-20 11:26 ` [PATCH 5.4 002/367] ARM: pxa: remove use of symbol_get() Greg Kroah-Hartman
` (371 subsequent siblings)
372 siblings, 0 replies; 396+ messages in thread
From: Greg Kroah-Hartman @ 2023-09-20 11:29 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Thomas Zimmermann, Laurent Pinchart,
Lee Jones, Daniel Thompson, Jingoo Han, dri-devel,
Javier Martinez Canillas, Sam Ravnborg
5.4-stable review patch. If anyone has any objections, please let me know.
------------------
From: Thomas Zimmermann <tzimmermann@suse.de>
commit 992bdddaabfba19bdc77c1c7a4977b2aa41ec891 upstream.
Struct bd6107_platform_data refers to a platform device within
the Linux device hierarchy. The test in bd6107_backlight_check_fb()
compares it against the fbdev device in struct fb_info.dev, which
is different. Fix the test by comparing to struct fb_info.device.
Fixes a bug in the backlight driver and prepares fbdev for making
struct fb_info.dev optional.
v2:
* move renames into separate patch (Javier, Sam, Michael)
Fixes: 67b43e590415 ("backlight: Add ROHM BD6107 backlight driver")
Signed-off-by: Thomas Zimmermann <tzimmermann@suse.de>
Cc: Laurent Pinchart <laurent.pinchart+renesas@ideasonboard.com>
Cc: Lee Jones <lee@kernel.org>
Cc: Daniel Thompson <daniel.thompson@linaro.org>
Cc: Jingoo Han <jingoohan1@gmail.com>
Cc: dri-devel@lists.freedesktop.org
Cc: <stable@vger.kernel.org> # v3.12+
Reviewed-by: Javier Martinez Canillas <javierm@redhat.com>
Reviewed-by: Sam Ravnborg <sam@ravnborg.org>
Reviewed-by: Daniel Thompson <daniel.thompson@linaro.org>
Link: https://patchwork.freedesktop.org/patch/msgid/20230613110953.24176-2-tzimmermann@suse.de
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/video/backlight/bd6107.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/drivers/video/backlight/bd6107.c
+++ b/drivers/video/backlight/bd6107.c
@@ -107,7 +107,7 @@ static int bd6107_backlight_check_fb(str
{
struct bd6107 *bd = bl_get_data(backlight);
- return bd->pdata->fbdev == NULL || bd->pdata->fbdev == info->dev;
+ return bd->pdata->fbdev == NULL || bd->pdata->fbdev == info->device;
}
static const struct backlight_ops bd6107_backlight_ops = {
^ permalink raw reply [flat|nested] 396+ messages in thread
* [PATCH 5.4 215/367] backlight/bd6107: Compare against struct fb_info.device
@ 2023-09-20 11:29 ` Greg Kroah-Hartman
0 siblings, 0 replies; 396+ messages in thread
From: Greg Kroah-Hartman @ 2023-09-20 11:29 UTC (permalink / raw)
To: stable
Cc: Daniel Thompson, Laurent Pinchart, Greg Kroah-Hartman, Lee Jones,
patches, dri-devel, Javier Martinez Canillas, Thomas Zimmermann,
Jingoo Han, Sam Ravnborg
5.4-stable review patch. If anyone has any objections, please let me know.
------------------
From: Thomas Zimmermann <tzimmermann@suse.de>
commit 992bdddaabfba19bdc77c1c7a4977b2aa41ec891 upstream.
Struct bd6107_platform_data refers to a platform device within
the Linux device hierarchy. The test in bd6107_backlight_check_fb()
compares it against the fbdev device in struct fb_info.dev, which
is different. Fix the test by comparing to struct fb_info.device.
Fixes a bug in the backlight driver and prepares fbdev for making
struct fb_info.dev optional.
v2:
* move renames into separate patch (Javier, Sam, Michael)
Fixes: 67b43e590415 ("backlight: Add ROHM BD6107 backlight driver")
Signed-off-by: Thomas Zimmermann <tzimmermann@suse.de>
Cc: Laurent Pinchart <laurent.pinchart+renesas@ideasonboard.com>
Cc: Lee Jones <lee@kernel.org>
Cc: Daniel Thompson <daniel.thompson@linaro.org>
Cc: Jingoo Han <jingoohan1@gmail.com>
Cc: dri-devel@lists.freedesktop.org
Cc: <stable@vger.kernel.org> # v3.12+
Reviewed-by: Javier Martinez Canillas <javierm@redhat.com>
Reviewed-by: Sam Ravnborg <sam@ravnborg.org>
Reviewed-by: Daniel Thompson <daniel.thompson@linaro.org>
Link: https://patchwork.freedesktop.org/patch/msgid/20230613110953.24176-2-tzimmermann@suse.de
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/video/backlight/bd6107.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/drivers/video/backlight/bd6107.c
+++ b/drivers/video/backlight/bd6107.c
@@ -107,7 +107,7 @@ static int bd6107_backlight_check_fb(str
{
struct bd6107 *bd = bl_get_data(backlight);
- return bd->pdata->fbdev == NULL || bd->pdata->fbdev == info->dev;
+ return bd->pdata->fbdev == NULL || bd->pdata->fbdev == info->device;
}
static const struct backlight_ops bd6107_backlight_ops = {
^ permalink raw reply [flat|nested] 396+ messages in thread
* [PATCH 5.4 216/367] backlight/lv5207lp: Compare against struct fb_info.device
2023-09-20 11:26 [PATCH 5.4 000/367] 5.4.257-rc1 review Greg Kroah-Hartman
@ 2023-09-20 11:29 ` Greg Kroah-Hartman
2023-09-20 11:26 ` [PATCH 5.4 002/367] ARM: pxa: remove use of symbol_get() Greg Kroah-Hartman
` (371 subsequent siblings)
372 siblings, 0 replies; 396+ messages in thread
From: Greg Kroah-Hartman @ 2023-09-20 11:29 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Thomas Zimmermann, Laurent Pinchart,
Yoshinori Sato, Rich Felker, John Paul Adrian Glaubitz,
Lee Jones, Daniel Thompson, Jingoo Han, linux-sh, dri-devel,
Javier Martinez Canillas, Sam Ravnborg
5.4-stable review patch. If anyone has any objections, please let me know.
------------------
From: Thomas Zimmermann <tzimmermann@suse.de>
commit 1ca8819320fd84e7d95b04e7668efc5f9fe9fa5c upstream.
Struct lv5207lp_platform_data refers to a platform device within
the Linux device hierarchy. The test in lv5207lp_backlight_check_fb()
compares it against the fbdev device in struct fb_info.dev, which
is different. Fix the test by comparing to struct fb_info.device.
Fixes a bug in the backlight driver and prepares fbdev for making
struct fb_info.dev optional.
v2:
* move renames into separate patch (Javier, Sam, Michael)
Fixes: 82e5c40d88f9 ("backlight: Add Sanyo LV5207LP backlight driver")
Signed-off-by: Thomas Zimmermann <tzimmermann@suse.de>
Cc: Laurent Pinchart <laurent.pinchart+renesas@ideasonboard.com>
Cc: Yoshinori Sato <ysato@users.sourceforge.jp>
Cc: Rich Felker <dalias@libc.org>
Cc: John Paul Adrian Glaubitz <glaubitz@physik.fu-berlin.de>
Cc: Lee Jones <lee@kernel.org>
Cc: Daniel Thompson <daniel.thompson@linaro.org>
Cc: Jingoo Han <jingoohan1@gmail.com>
Cc: linux-sh@vger.kernel.org
Cc: dri-devel@lists.freedesktop.org
Cc: <stable@vger.kernel.org> # v3.12+
Reviewed-by: Javier Martinez Canillas <javierm@redhat.com>
Reviewed-by: Sam Ravnborg <sam@ravnborg.org>
Reviewed-by: Daniel Thompson <daniel.thompson@linaro.org>
Link: https://patchwork.freedesktop.org/patch/msgid/20230613110953.24176-6-tzimmermann@suse.de
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/video/backlight/lv5207lp.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/drivers/video/backlight/lv5207lp.c
+++ b/drivers/video/backlight/lv5207lp.c
@@ -72,7 +72,7 @@ static int lv5207lp_backlight_check_fb(s
{
struct lv5207lp *lv = bl_get_data(backlight);
- return lv->pdata->fbdev == NULL || lv->pdata->fbdev == info->dev;
+ return lv->pdata->fbdev == NULL || lv->pdata->fbdev == info->device;
}
static const struct backlight_ops lv5207lp_backlight_ops = {
^ permalink raw reply [flat|nested] 396+ messages in thread
* [PATCH 5.4 216/367] backlight/lv5207lp: Compare against struct fb_info.device
@ 2023-09-20 11:29 ` Greg Kroah-Hartman
0 siblings, 0 replies; 396+ messages in thread
From: Greg Kroah-Hartman @ 2023-09-20 11:29 UTC (permalink / raw)
To: stable
Cc: Daniel Thompson, Laurent Pinchart, Yoshinori Sato, Jingoo Han,
linux-sh, Greg Kroah-Hartman, Lee Jones, patches, dri-devel,
Javier Martinez Canillas, Rich Felker, Thomas Zimmermann,
John Paul Adrian Glaubitz, Sam Ravnborg
5.4-stable review patch. If anyone has any objections, please let me know.
------------------
From: Thomas Zimmermann <tzimmermann@suse.de>
commit 1ca8819320fd84e7d95b04e7668efc5f9fe9fa5c upstream.
Struct lv5207lp_platform_data refers to a platform device within
the Linux device hierarchy. The test in lv5207lp_backlight_check_fb()
compares it against the fbdev device in struct fb_info.dev, which
is different. Fix the test by comparing to struct fb_info.device.
Fixes a bug in the backlight driver and prepares fbdev for making
struct fb_info.dev optional.
v2:
* move renames into separate patch (Javier, Sam, Michael)
Fixes: 82e5c40d88f9 ("backlight: Add Sanyo LV5207LP backlight driver")
Signed-off-by: Thomas Zimmermann <tzimmermann@suse.de>
Cc: Laurent Pinchart <laurent.pinchart+renesas@ideasonboard.com>
Cc: Yoshinori Sato <ysato@users.sourceforge.jp>
Cc: Rich Felker <dalias@libc.org>
Cc: John Paul Adrian Glaubitz <glaubitz@physik.fu-berlin.de>
Cc: Lee Jones <lee@kernel.org>
Cc: Daniel Thompson <daniel.thompson@linaro.org>
Cc: Jingoo Han <jingoohan1@gmail.com>
Cc: linux-sh@vger.kernel.org
Cc: dri-devel@lists.freedesktop.org
Cc: <stable@vger.kernel.org> # v3.12+
Reviewed-by: Javier Martinez Canillas <javierm@redhat.com>
Reviewed-by: Sam Ravnborg <sam@ravnborg.org>
Reviewed-by: Daniel Thompson <daniel.thompson@linaro.org>
Link: https://patchwork.freedesktop.org/patch/msgid/20230613110953.24176-6-tzimmermann@suse.de
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/video/backlight/lv5207lp.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/drivers/video/backlight/lv5207lp.c
+++ b/drivers/video/backlight/lv5207lp.c
@@ -72,7 +72,7 @@ static int lv5207lp_backlight_check_fb(s
{
struct lv5207lp *lv = bl_get_data(backlight);
- return lv->pdata->fbdev == NULL || lv->pdata->fbdev == info->dev;
+ return lv->pdata->fbdev == NULL || lv->pdata->fbdev == info->device;
}
static const struct backlight_ops lv5207lp_backlight_ops = {
^ permalink raw reply [flat|nested] 396+ messages in thread
* [PATCH 5.4 217/367] xtensa: PMU: fix base address for the newer hardware
2023-09-20 11:26 [PATCH 5.4 000/367] 5.4.257-rc1 review Greg Kroah-Hartman
` (215 preceding siblings ...)
2023-09-20 11:29 ` Greg Kroah-Hartman
@ 2023-09-20 11:29 ` Greg Kroah-Hartman
2023-09-20 11:29 ` [PATCH 5.4 218/367] media: dvb: symbol fixup for dvb_attach() Greg Kroah-Hartman
` (155 subsequent siblings)
372 siblings, 0 replies; 396+ messages in thread
From: Greg Kroah-Hartman @ 2023-09-20 11:29 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Max Filippov
5.4-stable review patch. If anyone has any objections, please let me know.
------------------
From: Max Filippov <jcmvbkbc@gmail.com>
commit 687eb3c42f4ad81e7c947c50e2d865f692064291 upstream.
With introduction of ERI access control in RG.0 base address of the PMU
unit registers has changed. Add support for the new PMU configuration.
Cc: stable@vger.kernel.org
Signed-off-by: Max Filippov <jcmvbkbc@gmail.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
arch/xtensa/include/asm/core.h | 9 +++++++++
arch/xtensa/kernel/perf_event.c | 17 +++++++++++++----
2 files changed, 22 insertions(+), 4 deletions(-)
--- a/arch/xtensa/include/asm/core.h
+++ b/arch/xtensa/include/asm/core.h
@@ -18,4 +18,13 @@
#define XCHAL_SPANNING_WAY 0
#endif
+#ifndef XCHAL_HW_MIN_VERSION
+#if defined(XCHAL_HW_MIN_VERSION_MAJOR) && defined(XCHAL_HW_MIN_VERSION_MINOR)
+#define XCHAL_HW_MIN_VERSION (XCHAL_HW_MIN_VERSION_MAJOR * 100 + \
+ XCHAL_HW_MIN_VERSION_MINOR)
+#else
+#define XCHAL_HW_MIN_VERSION 0
+#endif
+#endif
+
#endif
--- a/arch/xtensa/kernel/perf_event.c
+++ b/arch/xtensa/kernel/perf_event.c
@@ -13,17 +13,26 @@
#include <linux/perf_event.h>
#include <linux/platform_device.h>
+#include <asm/core.h>
#include <asm/processor.h>
#include <asm/stacktrace.h>
+#define XTENSA_HWVERSION_RG_2015_0 260000
+
+#if XCHAL_HW_MIN_VERSION >= XTENSA_HWVERSION_RG_2015_0
+#define XTENSA_PMU_ERI_BASE 0x00101000
+#else
+#define XTENSA_PMU_ERI_BASE 0x00001000
+#endif
+
/* Global control/status for all perf counters */
-#define XTENSA_PMU_PMG 0x1000
+#define XTENSA_PMU_PMG XTENSA_PMU_ERI_BASE
/* Perf counter values */
-#define XTENSA_PMU_PM(i) (0x1080 + (i) * 4)
+#define XTENSA_PMU_PM(i) (XTENSA_PMU_ERI_BASE + 0x80 + (i) * 4)
/* Perf counter control registers */
-#define XTENSA_PMU_PMCTRL(i) (0x1100 + (i) * 4)
+#define XTENSA_PMU_PMCTRL(i) (XTENSA_PMU_ERI_BASE + 0x100 + (i) * 4)
/* Perf counter status registers */
-#define XTENSA_PMU_PMSTAT(i) (0x1180 + (i) * 4)
+#define XTENSA_PMU_PMSTAT(i) (XTENSA_PMU_ERI_BASE + 0x180 + (i) * 4)
#define XTENSA_PMU_PMG_PMEN 0x1
^ permalink raw reply [flat|nested] 396+ messages in thread
* [PATCH 5.4 218/367] media: dvb: symbol fixup for dvb_attach()
2023-09-20 11:26 [PATCH 5.4 000/367] 5.4.257-rc1 review Greg Kroah-Hartman
` (216 preceding siblings ...)
2023-09-20 11:29 ` [PATCH 5.4 217/367] xtensa: PMU: fix base address for the newer hardware Greg Kroah-Hartman
@ 2023-09-20 11:29 ` Greg Kroah-Hartman
2023-09-20 11:29 ` [PATCH 5.4 219/367] ntb: Drop packets when qp link is down Greg Kroah-Hartman
` (154 subsequent siblings)
372 siblings, 0 replies; 396+ messages in thread
From: Greg Kroah-Hartman @ 2023-09-20 11:29 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, stable, Stefan Lippers-Hollmann,
Mauro Carvalho Chehab, Christoph Hellwig, linux-media,
linux-modules, Luis Chamberlain, Hans Verkuil
5.4-stable review patch. If anyone has any objections, please let me know.
------------------
From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
commit 86495af1171e1feec79faa9b64c05c89f46e41d1 upstream.
In commit 9011e49d54dc ("modules: only allow symbol_get of
EXPORT_SYMBOL_GPL modules") the use of symbol_get is properly restricted
to GPL-only marked symbols. This interacts oddly with the DVB logic
which only uses dvb_attach() to load the dvb driver which then uses
symbol_get().
Fix this up by properly marking all of the dvb_attach attach symbols as
EXPORT_SYMBOL_GPL().
Fixes: 9011e49d54dc ("modules: only allow symbol_get of EXPORT_SYMBOL_GPL modules")
Cc: stable <stable@kernel.org>
Reported-by: Stefan Lippers-Hollmann <s.l-h@gmx.de>
Cc: Mauro Carvalho Chehab <mchehab@kernel.org>
Cc: Christoph Hellwig <hch@lst.de>
Cc: linux-media@vger.kernel.org
Cc: linux-modules@vger.kernel.org
Acked-by: Luis Chamberlain <mcgrof@kernel.org>
Acked-by: Hans Verkuil <hverkuil-cisco@xs4all.nl>
Link: https://lore.kernel.org/r/20230908092035.3815268-2-gregkh@linuxfoundation.org
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/media/dvb-frontends/ascot2e.c | 2 +-
drivers/media/dvb-frontends/atbm8830.c | 2 +-
drivers/media/dvb-frontends/au8522_dig.c | 2 +-
drivers/media/dvb-frontends/bcm3510.c | 2 +-
drivers/media/dvb-frontends/cx22700.c | 2 +-
drivers/media/dvb-frontends/cx22702.c | 2 +-
drivers/media/dvb-frontends/cx24110.c | 2 +-
drivers/media/dvb-frontends/cx24113.c | 2 +-
drivers/media/dvb-frontends/cx24116.c | 2 +-
drivers/media/dvb-frontends/cx24120.c | 2 +-
drivers/media/dvb-frontends/cx24123.c | 2 +-
drivers/media/dvb-frontends/cxd2820r_core.c | 2 +-
drivers/media/dvb-frontends/cxd2841er.c | 4 ++--
drivers/media/dvb-frontends/cxd2880/cxd2880_top.c | 2 +-
drivers/media/dvb-frontends/dib0070.c | 2 +-
drivers/media/dvb-frontends/dib0090.c | 4 ++--
drivers/media/dvb-frontends/dib3000mb.c | 2 +-
drivers/media/dvb-frontends/dib3000mc.c | 2 +-
drivers/media/dvb-frontends/dib7000m.c | 2 +-
drivers/media/dvb-frontends/dib7000p.c | 2 +-
drivers/media/dvb-frontends/dib8000.c | 2 +-
drivers/media/dvb-frontends/dib9000.c | 2 +-
drivers/media/dvb-frontends/drx39xyj/drxj.c | 2 +-
drivers/media/dvb-frontends/drxd_hard.c | 2 +-
drivers/media/dvb-frontends/drxk_hard.c | 2 +-
drivers/media/dvb-frontends/ds3000.c | 2 +-
drivers/media/dvb-frontends/dvb-pll.c | 2 +-
drivers/media/dvb-frontends/ec100.c | 2 +-
drivers/media/dvb-frontends/helene.c | 4 ++--
drivers/media/dvb-frontends/horus3a.c | 2 +-
drivers/media/dvb-frontends/isl6405.c | 2 +-
drivers/media/dvb-frontends/isl6421.c | 2 +-
drivers/media/dvb-frontends/isl6423.c | 2 +-
drivers/media/dvb-frontends/itd1000.c | 2 +-
drivers/media/dvb-frontends/ix2505v.c | 2 +-
drivers/media/dvb-frontends/l64781.c | 2 +-
drivers/media/dvb-frontends/lg2160.c | 2 +-
drivers/media/dvb-frontends/lgdt3305.c | 2 +-
drivers/media/dvb-frontends/lgdt3306a.c | 2 +-
drivers/media/dvb-frontends/lgdt330x.c | 2 +-
drivers/media/dvb-frontends/lgs8gxx.c | 2 +-
drivers/media/dvb-frontends/lnbh25.c | 2 +-
drivers/media/dvb-frontends/lnbp21.c | 4 ++--
drivers/media/dvb-frontends/lnbp22.c | 2 +-
drivers/media/dvb-frontends/m88ds3103.c | 2 +-
drivers/media/dvb-frontends/m88rs2000.c | 2 +-
drivers/media/dvb-frontends/mb86a16.c | 2 +-
drivers/media/dvb-frontends/mb86a20s.c | 2 +-
drivers/media/dvb-frontends/mt312.c | 2 +-
drivers/media/dvb-frontends/mt352.c | 2 +-
drivers/media/dvb-frontends/nxt200x.c | 2 +-
drivers/media/dvb-frontends/nxt6000.c | 2 +-
drivers/media/dvb-frontends/or51132.c | 2 +-
drivers/media/dvb-frontends/or51211.c | 2 +-
drivers/media/dvb-frontends/s5h1409.c | 2 +-
drivers/media/dvb-frontends/s5h1411.c | 2 +-
drivers/media/dvb-frontends/s5h1420.c | 2 +-
drivers/media/dvb-frontends/s5h1432.c | 2 +-
drivers/media/dvb-frontends/s921.c | 2 +-
drivers/media/dvb-frontends/si21xx.c | 2 +-
drivers/media/dvb-frontends/sp887x.c | 2 +-
drivers/media/dvb-frontends/stb0899_drv.c | 2 +-
drivers/media/dvb-frontends/stb6000.c | 2 +-
drivers/media/dvb-frontends/stb6100.c | 2 +-
drivers/media/dvb-frontends/stv0288.c | 2 +-
drivers/media/dvb-frontends/stv0297.c | 2 +-
drivers/media/dvb-frontends/stv0299.c | 2 +-
drivers/media/dvb-frontends/stv0367.c | 6 +++---
drivers/media/dvb-frontends/stv0900_core.c | 2 +-
drivers/media/dvb-frontends/stv090x.c | 2 +-
drivers/media/dvb-frontends/stv6110.c | 2 +-
drivers/media/dvb-frontends/stv6110x.c | 2 +-
drivers/media/dvb-frontends/tda10021.c | 2 +-
drivers/media/dvb-frontends/tda10023.c | 2 +-
drivers/media/dvb-frontends/tda10048.c | 2 +-
drivers/media/dvb-frontends/tda1004x.c | 4 ++--
drivers/media/dvb-frontends/tda10086.c | 2 +-
drivers/media/dvb-frontends/tda665x.c | 2 +-
drivers/media/dvb-frontends/tda8083.c | 2 +-
drivers/media/dvb-frontends/tda8261.c | 2 +-
drivers/media/dvb-frontends/tda826x.c | 2 +-
drivers/media/dvb-frontends/ts2020.c | 2 +-
drivers/media/dvb-frontends/tua6100.c | 2 +-
drivers/media/dvb-frontends/ves1820.c | 2 +-
drivers/media/dvb-frontends/ves1x93.c | 2 +-
drivers/media/dvb-frontends/zl10036.c | 2 +-
drivers/media/dvb-frontends/zl10039.c | 2 +-
drivers/media/dvb-frontends/zl10353.c | 2 +-
drivers/media/pci/bt8xx/dst.c | 2 +-
drivers/media/pci/bt8xx/dst_ca.c | 2 +-
drivers/media/tuners/fc0011.c | 2 +-
drivers/media/tuners/fc0012.c | 2 +-
drivers/media/tuners/fc0013.c | 2 +-
drivers/media/tuners/max2165.c | 2 +-
drivers/media/tuners/mc44s803.c | 2 +-
drivers/media/tuners/mt2060.c | 2 +-
drivers/media/tuners/mt2131.c | 2 +-
drivers/media/tuners/mt2266.c | 2 +-
drivers/media/tuners/mxl5005s.c | 2 +-
drivers/media/tuners/qt1010.c | 2 +-
drivers/media/tuners/tda18218.c | 2 +-
drivers/media/tuners/xc4000.c | 2 +-
drivers/media/tuners/xc5000.c | 2 +-
103 files changed, 110 insertions(+), 110 deletions(-)
--- a/drivers/media/dvb-frontends/ascot2e.c
+++ b/drivers/media/dvb-frontends/ascot2e.c
@@ -533,7 +533,7 @@ struct dvb_frontend *ascot2e_attach(stru
priv->i2c_address, priv->i2c);
return fe;
}
-EXPORT_SYMBOL(ascot2e_attach);
+EXPORT_SYMBOL_GPL(ascot2e_attach);
MODULE_DESCRIPTION("Sony ASCOT2E terr/cab tuner driver");
MODULE_AUTHOR("info@netup.ru");
--- a/drivers/media/dvb-frontends/atbm8830.c
+++ b/drivers/media/dvb-frontends/atbm8830.c
@@ -489,7 +489,7 @@ error_out:
return NULL;
}
-EXPORT_SYMBOL(atbm8830_attach);
+EXPORT_SYMBOL_GPL(atbm8830_attach);
MODULE_DESCRIPTION("AltoBeam ATBM8830/8831 GB20600 demodulator driver");
MODULE_AUTHOR("David T. L. Wong <davidtlwong@gmail.com>");
--- a/drivers/media/dvb-frontends/au8522_dig.c
+++ b/drivers/media/dvb-frontends/au8522_dig.c
@@ -879,7 +879,7 @@ error:
au8522_release_state(state);
return NULL;
}
-EXPORT_SYMBOL(au8522_attach);
+EXPORT_SYMBOL_GPL(au8522_attach);
static const struct dvb_frontend_ops au8522_ops = {
.delsys = { SYS_ATSC, SYS_DVBC_ANNEX_B },
--- a/drivers/media/dvb-frontends/bcm3510.c
+++ b/drivers/media/dvb-frontends/bcm3510.c
@@ -835,7 +835,7 @@ error:
kfree(state);
return NULL;
}
-EXPORT_SYMBOL(bcm3510_attach);
+EXPORT_SYMBOL_GPL(bcm3510_attach);
static const struct dvb_frontend_ops bcm3510_ops = {
.delsys = { SYS_ATSC, SYS_DVBC_ANNEX_B },
--- a/drivers/media/dvb-frontends/cx22700.c
+++ b/drivers/media/dvb-frontends/cx22700.c
@@ -432,4 +432,4 @@ MODULE_DESCRIPTION("Conexant CX22700 DVB
MODULE_AUTHOR("Holger Waechtler");
MODULE_LICENSE("GPL");
-EXPORT_SYMBOL(cx22700_attach);
+EXPORT_SYMBOL_GPL(cx22700_attach);
--- a/drivers/media/dvb-frontends/cx22702.c
+++ b/drivers/media/dvb-frontends/cx22702.c
@@ -604,7 +604,7 @@ error:
kfree(state);
return NULL;
}
-EXPORT_SYMBOL(cx22702_attach);
+EXPORT_SYMBOL_GPL(cx22702_attach);
static const struct dvb_frontend_ops cx22702_ops = {
.delsys = { SYS_DVBT },
--- a/drivers/media/dvb-frontends/cx24110.c
+++ b/drivers/media/dvb-frontends/cx24110.c
@@ -653,4 +653,4 @@ MODULE_DESCRIPTION("Conexant CX24110 DVB
MODULE_AUTHOR("Peter Hettkamp");
MODULE_LICENSE("GPL");
-EXPORT_SYMBOL(cx24110_attach);
+EXPORT_SYMBOL_GPL(cx24110_attach);
--- a/drivers/media/dvb-frontends/cx24113.c
+++ b/drivers/media/dvb-frontends/cx24113.c
@@ -590,7 +590,7 @@ error:
return NULL;
}
-EXPORT_SYMBOL(cx24113_attach);
+EXPORT_SYMBOL_GPL(cx24113_attach);
module_param(debug, int, 0644);
MODULE_PARM_DESC(debug, "Activates frontend debugging (default:0)");
--- a/drivers/media/dvb-frontends/cx24116.c
+++ b/drivers/media/dvb-frontends/cx24116.c
@@ -1133,7 +1133,7 @@ struct dvb_frontend *cx24116_attach(cons
state->frontend.demodulator_priv = state;
return &state->frontend;
}
-EXPORT_SYMBOL(cx24116_attach);
+EXPORT_SYMBOL_GPL(cx24116_attach);
/*
* Initialise or wake up device
--- a/drivers/media/dvb-frontends/cx24120.c
+++ b/drivers/media/dvb-frontends/cx24120.c
@@ -305,7 +305,7 @@ error:
kfree(state);
return NULL;
}
-EXPORT_SYMBOL(cx24120_attach);
+EXPORT_SYMBOL_GPL(cx24120_attach);
static int cx24120_test_rom(struct cx24120_state *state)
{
--- a/drivers/media/dvb-frontends/cx24123.c
+++ b/drivers/media/dvb-frontends/cx24123.c
@@ -1096,7 +1096,7 @@ error:
return NULL;
}
-EXPORT_SYMBOL(cx24123_attach);
+EXPORT_SYMBOL_GPL(cx24123_attach);
static const struct dvb_frontend_ops cx24123_ops = {
.delsys = { SYS_DVBS },
--- a/drivers/media/dvb-frontends/cxd2820r_core.c
+++ b/drivers/media/dvb-frontends/cxd2820r_core.c
@@ -536,7 +536,7 @@ struct dvb_frontend *cxd2820r_attach(con
return pdata.get_dvb_frontend(client);
}
-EXPORT_SYMBOL(cxd2820r_attach);
+EXPORT_SYMBOL_GPL(cxd2820r_attach);
static struct dvb_frontend *cxd2820r_get_dvb_frontend(struct i2c_client *client)
{
--- a/drivers/media/dvb-frontends/cxd2841er.c
+++ b/drivers/media/dvb-frontends/cxd2841er.c
@@ -3920,14 +3920,14 @@ struct dvb_frontend *cxd2841er_attach_s(
{
return cxd2841er_attach(cfg, i2c, SYS_DVBS);
}
-EXPORT_SYMBOL(cxd2841er_attach_s);
+EXPORT_SYMBOL_GPL(cxd2841er_attach_s);
struct dvb_frontend *cxd2841er_attach_t_c(struct cxd2841er_config *cfg,
struct i2c_adapter *i2c)
{
return cxd2841er_attach(cfg, i2c, 0);
}
-EXPORT_SYMBOL(cxd2841er_attach_t_c);
+EXPORT_SYMBOL_GPL(cxd2841er_attach_t_c);
static const struct dvb_frontend_ops cxd2841er_dvbs_s2_ops = {
.delsys = { SYS_DVBS, SYS_DVBS2 },
--- a/drivers/media/dvb-frontends/cxd2880/cxd2880_top.c
+++ b/drivers/media/dvb-frontends/cxd2880/cxd2880_top.c
@@ -1950,7 +1950,7 @@ struct dvb_frontend *cxd2880_attach(stru
return fe;
}
-EXPORT_SYMBOL(cxd2880_attach);
+EXPORT_SYMBOL_GPL(cxd2880_attach);
MODULE_DESCRIPTION("Sony CXD2880 DVB-T2/T tuner + demod driver");
MODULE_AUTHOR("Sony Semiconductor Solutions Corporation");
--- a/drivers/media/dvb-frontends/dib0070.c
+++ b/drivers/media/dvb-frontends/dib0070.c
@@ -755,7 +755,7 @@ free_mem:
fe->tuner_priv = NULL;
return NULL;
}
-EXPORT_SYMBOL(dib0070_attach);
+EXPORT_SYMBOL_GPL(dib0070_attach);
MODULE_AUTHOR("Patrick Boettcher <patrick.boettcher@posteo.de>");
MODULE_DESCRIPTION("Driver for the DiBcom 0070 base-band RF Tuner");
--- a/drivers/media/dvb-frontends/dib0090.c
+++ b/drivers/media/dvb-frontends/dib0090.c
@@ -2631,7 +2631,7 @@ struct dvb_frontend *dib0090_register(st
return NULL;
}
-EXPORT_SYMBOL(dib0090_register);
+EXPORT_SYMBOL_GPL(dib0090_register);
struct dvb_frontend *dib0090_fw_register(struct dvb_frontend *fe, struct i2c_adapter *i2c, const struct dib0090_config *config)
{
@@ -2657,7 +2657,7 @@ free_mem:
fe->tuner_priv = NULL;
return NULL;
}
-EXPORT_SYMBOL(dib0090_fw_register);
+EXPORT_SYMBOL_GPL(dib0090_fw_register);
MODULE_AUTHOR("Patrick Boettcher <patrick.boettcher@posteo.de>");
MODULE_AUTHOR("Olivier Grenie <olivier.grenie@parrot.com>");
--- a/drivers/media/dvb-frontends/dib3000mb.c
+++ b/drivers/media/dvb-frontends/dib3000mb.c
@@ -815,4 +815,4 @@ MODULE_AUTHOR(DRIVER_AUTHOR);
MODULE_DESCRIPTION(DRIVER_DESC);
MODULE_LICENSE("GPL");
-EXPORT_SYMBOL(dib3000mb_attach);
+EXPORT_SYMBOL_GPL(dib3000mb_attach);
--- a/drivers/media/dvb-frontends/dib3000mc.c
+++ b/drivers/media/dvb-frontends/dib3000mc.c
@@ -935,7 +935,7 @@ error:
kfree(st);
return NULL;
}
-EXPORT_SYMBOL(dib3000mc_attach);
+EXPORT_SYMBOL_GPL(dib3000mc_attach);
static const struct dvb_frontend_ops dib3000mc_ops = {
.delsys = { SYS_DVBT },
--- a/drivers/media/dvb-frontends/dib7000m.c
+++ b/drivers/media/dvb-frontends/dib7000m.c
@@ -1434,7 +1434,7 @@ error:
kfree(st);
return NULL;
}
-EXPORT_SYMBOL(dib7000m_attach);
+EXPORT_SYMBOL_GPL(dib7000m_attach);
static const struct dvb_frontend_ops dib7000m_ops = {
.delsys = { SYS_DVBT },
--- a/drivers/media/dvb-frontends/dib7000p.c
+++ b/drivers/media/dvb-frontends/dib7000p.c
@@ -2822,7 +2822,7 @@ void *dib7000p_attach(struct dib7000p_op
return ops;
}
-EXPORT_SYMBOL(dib7000p_attach);
+EXPORT_SYMBOL_GPL(dib7000p_attach);
static const struct dvb_frontend_ops dib7000p_ops = {
.delsys = { SYS_DVBT },
--- a/drivers/media/dvb-frontends/dib8000.c
+++ b/drivers/media/dvb-frontends/dib8000.c
@@ -4527,7 +4527,7 @@ void *dib8000_attach(struct dib8000_ops
return ops;
}
-EXPORT_SYMBOL(dib8000_attach);
+EXPORT_SYMBOL_GPL(dib8000_attach);
MODULE_AUTHOR("Olivier Grenie <Olivier.Grenie@parrot.com, Patrick Boettcher <patrick.boettcher@posteo.de>");
MODULE_DESCRIPTION("Driver for the DiBcom 8000 ISDB-T demodulator");
--- a/drivers/media/dvb-frontends/dib9000.c
+++ b/drivers/media/dvb-frontends/dib9000.c
@@ -2546,7 +2546,7 @@ error:
kfree(st);
return NULL;
}
-EXPORT_SYMBOL(dib9000_attach);
+EXPORT_SYMBOL_GPL(dib9000_attach);
static const struct dvb_frontend_ops dib9000_ops = {
.delsys = { SYS_DVBT },
--- a/drivers/media/dvb-frontends/drx39xyj/drxj.c
+++ b/drivers/media/dvb-frontends/drx39xyj/drxj.c
@@ -12366,7 +12366,7 @@ error:
return NULL;
}
-EXPORT_SYMBOL(drx39xxj_attach);
+EXPORT_SYMBOL_GPL(drx39xxj_attach);
static const struct dvb_frontend_ops drx39xxj_ops = {
.delsys = { SYS_ATSC, SYS_DVBC_ANNEX_B },
--- a/drivers/media/dvb-frontends/drxd_hard.c
+++ b/drivers/media/dvb-frontends/drxd_hard.c
@@ -2948,7 +2948,7 @@ error:
kfree(state);
return NULL;
}
-EXPORT_SYMBOL(drxd_attach);
+EXPORT_SYMBOL_GPL(drxd_attach);
MODULE_DESCRIPTION("DRXD driver");
MODULE_AUTHOR("Micronas");
--- a/drivers/media/dvb-frontends/drxk_hard.c
+++ b/drivers/media/dvb-frontends/drxk_hard.c
@@ -6857,7 +6857,7 @@ error:
kfree(state);
return NULL;
}
-EXPORT_SYMBOL(drxk_attach);
+EXPORT_SYMBOL_GPL(drxk_attach);
MODULE_DESCRIPTION("DRX-K driver");
MODULE_AUTHOR("Ralph Metzler");
--- a/drivers/media/dvb-frontends/ds3000.c
+++ b/drivers/media/dvb-frontends/ds3000.c
@@ -859,7 +859,7 @@ struct dvb_frontend *ds3000_attach(const
ds3000_set_voltage(&state->frontend, SEC_VOLTAGE_OFF);
return &state->frontend;
}
-EXPORT_SYMBOL(ds3000_attach);
+EXPORT_SYMBOL_GPL(ds3000_attach);
static int ds3000_set_carrier_offset(struct dvb_frontend *fe,
s32 carrier_offset_khz)
--- a/drivers/media/dvb-frontends/dvb-pll.c
+++ b/drivers/media/dvb-frontends/dvb-pll.c
@@ -866,7 +866,7 @@ out:
return NULL;
}
-EXPORT_SYMBOL(dvb_pll_attach);
+EXPORT_SYMBOL_GPL(dvb_pll_attach);
static int
--- a/drivers/media/dvb-frontends/ec100.c
+++ b/drivers/media/dvb-frontends/ec100.c
@@ -299,7 +299,7 @@ error:
kfree(state);
return NULL;
}
-EXPORT_SYMBOL(ec100_attach);
+EXPORT_SYMBOL_GPL(ec100_attach);
static const struct dvb_frontend_ops ec100_ops = {
.delsys = { SYS_DVBT },
--- a/drivers/media/dvb-frontends/helene.c
+++ b/drivers/media/dvb-frontends/helene.c
@@ -1025,7 +1025,7 @@ struct dvb_frontend *helene_attach_s(str
priv->i2c_address, priv->i2c);
return fe;
}
-EXPORT_SYMBOL(helene_attach_s);
+EXPORT_SYMBOL_GPL(helene_attach_s);
struct dvb_frontend *helene_attach(struct dvb_frontend *fe,
const struct helene_config *config,
@@ -1061,7 +1061,7 @@ struct dvb_frontend *helene_attach(struc
priv->i2c_address, priv->i2c);
return fe;
}
-EXPORT_SYMBOL(helene_attach);
+EXPORT_SYMBOL_GPL(helene_attach);
static int helene_probe(struct i2c_client *client,
const struct i2c_device_id *id)
--- a/drivers/media/dvb-frontends/horus3a.c
+++ b/drivers/media/dvb-frontends/horus3a.c
@@ -395,7 +395,7 @@ struct dvb_frontend *horus3a_attach(stru
priv->i2c_address, priv->i2c);
return fe;
}
-EXPORT_SYMBOL(horus3a_attach);
+EXPORT_SYMBOL_GPL(horus3a_attach);
MODULE_DESCRIPTION("Sony HORUS3A satellite tuner driver");
MODULE_AUTHOR("Sergey Kozlov <serjk@netup.ru>");
--- a/drivers/media/dvb-frontends/isl6405.c
+++ b/drivers/media/dvb-frontends/isl6405.c
@@ -141,7 +141,7 @@ struct dvb_frontend *isl6405_attach(stru
return fe;
}
-EXPORT_SYMBOL(isl6405_attach);
+EXPORT_SYMBOL_GPL(isl6405_attach);
MODULE_DESCRIPTION("Driver for lnb supply and control ic isl6405");
MODULE_AUTHOR("Hartmut Hackmann & Oliver Endriss");
--- a/drivers/media/dvb-frontends/isl6421.c
+++ b/drivers/media/dvb-frontends/isl6421.c
@@ -213,7 +213,7 @@ struct dvb_frontend *isl6421_attach(stru
return fe;
}
-EXPORT_SYMBOL(isl6421_attach);
+EXPORT_SYMBOL_GPL(isl6421_attach);
MODULE_DESCRIPTION("Driver for lnb supply and control ic isl6421");
MODULE_AUTHOR("Andrew de Quincey & Oliver Endriss");
--- a/drivers/media/dvb-frontends/isl6423.c
+++ b/drivers/media/dvb-frontends/isl6423.c
@@ -289,7 +289,7 @@ exit:
fe->sec_priv = NULL;
return NULL;
}
-EXPORT_SYMBOL(isl6423_attach);
+EXPORT_SYMBOL_GPL(isl6423_attach);
MODULE_DESCRIPTION("ISL6423 SEC");
MODULE_AUTHOR("Manu Abraham");
--- a/drivers/media/dvb-frontends/itd1000.c
+++ b/drivers/media/dvb-frontends/itd1000.c
@@ -389,7 +389,7 @@ struct dvb_frontend *itd1000_attach(stru
return fe;
}
-EXPORT_SYMBOL(itd1000_attach);
+EXPORT_SYMBOL_GPL(itd1000_attach);
MODULE_AUTHOR("Patrick Boettcher <pb@linuxtv.org>");
MODULE_DESCRIPTION("Integrant ITD1000 driver");
--- a/drivers/media/dvb-frontends/ix2505v.c
+++ b/drivers/media/dvb-frontends/ix2505v.c
@@ -302,7 +302,7 @@ error:
kfree(state);
return NULL;
}
-EXPORT_SYMBOL(ix2505v_attach);
+EXPORT_SYMBOL_GPL(ix2505v_attach);
module_param_named(debug, ix2505v_debug, int, 0644);
MODULE_PARM_DESC(debug, "Turn on/off frontend debugging (default:off).");
--- a/drivers/media/dvb-frontends/l64781.c
+++ b/drivers/media/dvb-frontends/l64781.c
@@ -593,4 +593,4 @@ MODULE_DESCRIPTION("LSI L64781 DVB-T Dem
MODULE_AUTHOR("Holger Waechtler, Marko Kohtala");
MODULE_LICENSE("GPL");
-EXPORT_SYMBOL(l64781_attach);
+EXPORT_SYMBOL_GPL(l64781_attach);
--- a/drivers/media/dvb-frontends/lg2160.c
+++ b/drivers/media/dvb-frontends/lg2160.c
@@ -1426,7 +1426,7 @@ struct dvb_frontend *lg2160_attach(const
return &state->frontend;
}
-EXPORT_SYMBOL(lg2160_attach);
+EXPORT_SYMBOL_GPL(lg2160_attach);
MODULE_DESCRIPTION("LG Electronics LG216x ATSC/MH Demodulator Driver");
MODULE_AUTHOR("Michael Krufky <mkrufky@linuxtv.org>");
--- a/drivers/media/dvb-frontends/lgdt3305.c
+++ b/drivers/media/dvb-frontends/lgdt3305.c
@@ -1148,7 +1148,7 @@ fail:
kfree(state);
return NULL;
}
-EXPORT_SYMBOL(lgdt3305_attach);
+EXPORT_SYMBOL_GPL(lgdt3305_attach);
static const struct dvb_frontend_ops lgdt3304_ops = {
.delsys = { SYS_ATSC, SYS_DVBC_ANNEX_B },
--- a/drivers/media/dvb-frontends/lgdt3306a.c
+++ b/drivers/media/dvb-frontends/lgdt3306a.c
@@ -1881,7 +1881,7 @@ fail:
kfree(state);
return NULL;
}
-EXPORT_SYMBOL(lgdt3306a_attach);
+EXPORT_SYMBOL_GPL(lgdt3306a_attach);
#ifdef DBG_DUMP
--- a/drivers/media/dvb-frontends/lgdt330x.c
+++ b/drivers/media/dvb-frontends/lgdt330x.c
@@ -928,7 +928,7 @@ struct dvb_frontend *lgdt330x_attach(con
return lgdt330x_get_dvb_frontend(client);
}
-EXPORT_SYMBOL(lgdt330x_attach);
+EXPORT_SYMBOL_GPL(lgdt330x_attach);
static const struct dvb_frontend_ops lgdt3302_ops = {
.delsys = { SYS_ATSC, SYS_DVBC_ANNEX_B },
--- a/drivers/media/dvb-frontends/lgs8gxx.c
+++ b/drivers/media/dvb-frontends/lgs8gxx.c
@@ -1043,7 +1043,7 @@ error_out:
return NULL;
}
-EXPORT_SYMBOL(lgs8gxx_attach);
+EXPORT_SYMBOL_GPL(lgs8gxx_attach);
MODULE_DESCRIPTION("Legend Silicon LGS8913/LGS8GXX DMB-TH demodulator driver");
MODULE_AUTHOR("David T. L. Wong <davidtlwong@gmail.com>");
--- a/drivers/media/dvb-frontends/lnbh25.c
+++ b/drivers/media/dvb-frontends/lnbh25.c
@@ -173,7 +173,7 @@ struct dvb_frontend *lnbh25_attach(struc
__func__, priv->i2c_address);
return fe;
}
-EXPORT_SYMBOL(lnbh25_attach);
+EXPORT_SYMBOL_GPL(lnbh25_attach);
MODULE_DESCRIPTION("ST LNBH25 driver");
MODULE_AUTHOR("info@netup.ru");
--- a/drivers/media/dvb-frontends/lnbp21.c
+++ b/drivers/media/dvb-frontends/lnbp21.c
@@ -155,7 +155,7 @@ struct dvb_frontend *lnbh24_attach(struc
return lnbx2x_attach(fe, i2c, override_set, override_clear,
i2c_addr, LNBH24_TTX);
}
-EXPORT_SYMBOL(lnbh24_attach);
+EXPORT_SYMBOL_GPL(lnbh24_attach);
struct dvb_frontend *lnbp21_attach(struct dvb_frontend *fe,
struct i2c_adapter *i2c, u8 override_set,
@@ -164,7 +164,7 @@ struct dvb_frontend *lnbp21_attach(struc
return lnbx2x_attach(fe, i2c, override_set, override_clear,
0x08, LNBP21_ISEL);
}
-EXPORT_SYMBOL(lnbp21_attach);
+EXPORT_SYMBOL_GPL(lnbp21_attach);
MODULE_DESCRIPTION("Driver for lnb supply and control ic lnbp21, lnbh24");
MODULE_AUTHOR("Oliver Endriss, Igor M. Liplianin");
--- a/drivers/media/dvb-frontends/lnbp22.c
+++ b/drivers/media/dvb-frontends/lnbp22.c
@@ -125,7 +125,7 @@ struct dvb_frontend *lnbp22_attach(struc
return fe;
}
-EXPORT_SYMBOL(lnbp22_attach);
+EXPORT_SYMBOL_GPL(lnbp22_attach);
MODULE_DESCRIPTION("Driver for lnb supply and control ic lnbp22");
MODULE_AUTHOR("Dominik Kuhlen");
--- a/drivers/media/dvb-frontends/m88ds3103.c
+++ b/drivers/media/dvb-frontends/m88ds3103.c
@@ -1284,7 +1284,7 @@ struct dvb_frontend *m88ds3103_attach(co
*tuner_i2c_adapter = pdata.get_i2c_adapter(client);
return pdata.get_dvb_frontend(client);
}
-EXPORT_SYMBOL(m88ds3103_attach);
+EXPORT_SYMBOL_GPL(m88ds3103_attach);
static const struct dvb_frontend_ops m88ds3103_ops = {
.delsys = {SYS_DVBS, SYS_DVBS2},
--- a/drivers/media/dvb-frontends/m88rs2000.c
+++ b/drivers/media/dvb-frontends/m88rs2000.c
@@ -807,7 +807,7 @@ error:
return NULL;
}
-EXPORT_SYMBOL(m88rs2000_attach);
+EXPORT_SYMBOL_GPL(m88rs2000_attach);
MODULE_DESCRIPTION("M88RS2000 DVB-S Demodulator driver");
MODULE_AUTHOR("Malcolm Priestley tvboxspy@gmail.com");
--- a/drivers/media/dvb-frontends/mb86a16.c
+++ b/drivers/media/dvb-frontends/mb86a16.c
@@ -1851,6 +1851,6 @@ error:
kfree(state);
return NULL;
}
-EXPORT_SYMBOL(mb86a16_attach);
+EXPORT_SYMBOL_GPL(mb86a16_attach);
MODULE_LICENSE("GPL");
MODULE_AUTHOR("Manu Abraham");
--- a/drivers/media/dvb-frontends/mb86a20s.c
+++ b/drivers/media/dvb-frontends/mb86a20s.c
@@ -2089,7 +2089,7 @@ struct dvb_frontend *mb86a20s_attach(con
dev_info(&i2c->dev, "Detected a Fujitsu mb86a20s frontend\n");
return &state->frontend;
}
-EXPORT_SYMBOL(mb86a20s_attach);
+EXPORT_SYMBOL_GPL(mb86a20s_attach);
static const struct dvb_frontend_ops mb86a20s_ops = {
.delsys = { SYS_ISDBT },
--- a/drivers/media/dvb-frontends/mt312.c
+++ b/drivers/media/dvb-frontends/mt312.c
@@ -832,7 +832,7 @@ error:
kfree(state);
return NULL;
}
-EXPORT_SYMBOL(mt312_attach);
+EXPORT_SYMBOL_GPL(mt312_attach);
module_param(debug, int, 0644);
MODULE_PARM_DESC(debug, "Turn on/off frontend debugging (default:off).");
--- a/drivers/media/dvb-frontends/mt352.c
+++ b/drivers/media/dvb-frontends/mt352.c
@@ -593,4 +593,4 @@ MODULE_DESCRIPTION("Zarlink MT352 DVB-T
MODULE_AUTHOR("Holger Waechtler, Daniel Mack, Antonio Mancuso");
MODULE_LICENSE("GPL");
-EXPORT_SYMBOL(mt352_attach);
+EXPORT_SYMBOL_GPL(mt352_attach);
--- a/drivers/media/dvb-frontends/nxt200x.c
+++ b/drivers/media/dvb-frontends/nxt200x.c
@@ -1232,5 +1232,5 @@ MODULE_DESCRIPTION("NXT200X (ATSC 8VSB &
MODULE_AUTHOR("Kirk Lapray, Michael Krufky, Jean-Francois Thibert, and Taylor Jacob");
MODULE_LICENSE("GPL");
-EXPORT_SYMBOL(nxt200x_attach);
+EXPORT_SYMBOL_GPL(nxt200x_attach);
--- a/drivers/media/dvb-frontends/nxt6000.c
+++ b/drivers/media/dvb-frontends/nxt6000.c
@@ -621,4 +621,4 @@ MODULE_DESCRIPTION("NxtWave NXT6000 DVB-
MODULE_AUTHOR("Florian Schirmer");
MODULE_LICENSE("GPL");
-EXPORT_SYMBOL(nxt6000_attach);
+EXPORT_SYMBOL_GPL(nxt6000_attach);
--- a/drivers/media/dvb-frontends/or51132.c
+++ b/drivers/media/dvb-frontends/or51132.c
@@ -605,4 +605,4 @@ MODULE_AUTHOR("Kirk Lapray");
MODULE_AUTHOR("Trent Piepho");
MODULE_LICENSE("GPL");
-EXPORT_SYMBOL(or51132_attach);
+EXPORT_SYMBOL_GPL(or51132_attach);
--- a/drivers/media/dvb-frontends/or51211.c
+++ b/drivers/media/dvb-frontends/or51211.c
@@ -551,5 +551,5 @@ MODULE_DESCRIPTION("Oren OR51211 VSB [pc
MODULE_AUTHOR("Kirk Lapray");
MODULE_LICENSE("GPL");
-EXPORT_SYMBOL(or51211_attach);
+EXPORT_SYMBOL_GPL(or51211_attach);
--- a/drivers/media/dvb-frontends/s5h1409.c
+++ b/drivers/media/dvb-frontends/s5h1409.c
@@ -981,7 +981,7 @@ error:
kfree(state);
return NULL;
}
-EXPORT_SYMBOL(s5h1409_attach);
+EXPORT_SYMBOL_GPL(s5h1409_attach);
static const struct dvb_frontend_ops s5h1409_ops = {
.delsys = { SYS_ATSC, SYS_DVBC_ANNEX_B },
--- a/drivers/media/dvb-frontends/s5h1411.c
+++ b/drivers/media/dvb-frontends/s5h1411.c
@@ -900,7 +900,7 @@ error:
kfree(state);
return NULL;
}
-EXPORT_SYMBOL(s5h1411_attach);
+EXPORT_SYMBOL_GPL(s5h1411_attach);
static const struct dvb_frontend_ops s5h1411_ops = {
.delsys = { SYS_ATSC, SYS_DVBC_ANNEX_B },
--- a/drivers/media/dvb-frontends/s5h1420.c
+++ b/drivers/media/dvb-frontends/s5h1420.c
@@ -918,7 +918,7 @@ error:
kfree(state);
return NULL;
}
-EXPORT_SYMBOL(s5h1420_attach);
+EXPORT_SYMBOL_GPL(s5h1420_attach);
static const struct dvb_frontend_ops s5h1420_ops = {
.delsys = { SYS_DVBS },
--- a/drivers/media/dvb-frontends/s5h1432.c
+++ b/drivers/media/dvb-frontends/s5h1432.c
@@ -355,7 +355,7 @@ struct dvb_frontend *s5h1432_attach(cons
return &state->frontend;
}
-EXPORT_SYMBOL(s5h1432_attach);
+EXPORT_SYMBOL_GPL(s5h1432_attach);
static const struct dvb_frontend_ops s5h1432_ops = {
.delsys = { SYS_DVBT },
--- a/drivers/media/dvb-frontends/s921.c
+++ b/drivers/media/dvb-frontends/s921.c
@@ -495,7 +495,7 @@ struct dvb_frontend *s921_attach(const s
return &state->frontend;
}
-EXPORT_SYMBOL(s921_attach);
+EXPORT_SYMBOL_GPL(s921_attach);
static const struct dvb_frontend_ops s921_ops = {
.delsys = { SYS_ISDBT },
--- a/drivers/media/dvb-frontends/si21xx.c
+++ b/drivers/media/dvb-frontends/si21xx.c
@@ -938,7 +938,7 @@ error:
kfree(state);
return NULL;
}
-EXPORT_SYMBOL(si21xx_attach);
+EXPORT_SYMBOL_GPL(si21xx_attach);
module_param(debug, int, 0644);
MODULE_PARM_DESC(debug, "Turn on/off frontend debugging (default:off).");
--- a/drivers/media/dvb-frontends/sp887x.c
+++ b/drivers/media/dvb-frontends/sp887x.c
@@ -626,4 +626,4 @@ MODULE_PARM_DESC(debug, "Turn on/off fro
MODULE_DESCRIPTION("Spase sp887x DVB-T demodulator driver");
MODULE_LICENSE("GPL");
-EXPORT_SYMBOL(sp887x_attach);
+EXPORT_SYMBOL_GPL(sp887x_attach);
--- a/drivers/media/dvb-frontends/stb0899_drv.c
+++ b/drivers/media/dvb-frontends/stb0899_drv.c
@@ -1638,7 +1638,7 @@ error:
kfree(state);
return NULL;
}
-EXPORT_SYMBOL(stb0899_attach);
+EXPORT_SYMBOL_GPL(stb0899_attach);
MODULE_PARM_DESC(verbose, "Set Verbosity level");
MODULE_AUTHOR("Manu Abraham");
MODULE_DESCRIPTION("STB0899 Multi-Std frontend");
--- a/drivers/media/dvb-frontends/stb6000.c
+++ b/drivers/media/dvb-frontends/stb6000.c
@@ -232,7 +232,7 @@ struct dvb_frontend *stb6000_attach(stru
return fe;
}
-EXPORT_SYMBOL(stb6000_attach);
+EXPORT_SYMBOL_GPL(stb6000_attach);
module_param(debug, int, 0644);
MODULE_PARM_DESC(debug, "Turn on/off frontend debugging (default:off).");
--- a/drivers/media/dvb-frontends/stb6100.c
+++ b/drivers/media/dvb-frontends/stb6100.c
@@ -557,7 +557,7 @@ static void stb6100_release(struct dvb_f
kfree(state);
}
-EXPORT_SYMBOL(stb6100_attach);
+EXPORT_SYMBOL_GPL(stb6100_attach);
MODULE_PARM_DESC(verbose, "Set Verbosity level");
MODULE_AUTHOR("Manu Abraham");
--- a/drivers/media/dvb-frontends/stv0288.c
+++ b/drivers/media/dvb-frontends/stv0288.c
@@ -590,7 +590,7 @@ error:
return NULL;
}
-EXPORT_SYMBOL(stv0288_attach);
+EXPORT_SYMBOL_GPL(stv0288_attach);
module_param(debug_legacy_dish_switch, int, 0444);
MODULE_PARM_DESC(debug_legacy_dish_switch,
--- a/drivers/media/dvb-frontends/stv0297.c
+++ b/drivers/media/dvb-frontends/stv0297.c
@@ -710,4 +710,4 @@ MODULE_DESCRIPTION("ST STV0297 DVB-C Dem
MODULE_AUTHOR("Dennis Noermann and Andrew de Quincey");
MODULE_LICENSE("GPL");
-EXPORT_SYMBOL(stv0297_attach);
+EXPORT_SYMBOL_GPL(stv0297_attach);
--- a/drivers/media/dvb-frontends/stv0299.c
+++ b/drivers/media/dvb-frontends/stv0299.c
@@ -751,4 +751,4 @@ MODULE_DESCRIPTION("ST STV0299 DVB Demod
MODULE_AUTHOR("Ralph Metzler, Holger Waechtler, Peter Schildmann, Felix Domke, Andreas Oberritter, Andrew de Quincey, Kenneth Aafly");
MODULE_LICENSE("GPL");
-EXPORT_SYMBOL(stv0299_attach);
+EXPORT_SYMBOL_GPL(stv0299_attach);
--- a/drivers/media/dvb-frontends/stv0367.c
+++ b/drivers/media/dvb-frontends/stv0367.c
@@ -1750,7 +1750,7 @@ error:
kfree(state);
return NULL;
}
-EXPORT_SYMBOL(stv0367ter_attach);
+EXPORT_SYMBOL_GPL(stv0367ter_attach);
static int stv0367cab_gate_ctrl(struct dvb_frontend *fe, int enable)
{
@@ -2923,7 +2923,7 @@ error:
kfree(state);
return NULL;
}
-EXPORT_SYMBOL(stv0367cab_attach);
+EXPORT_SYMBOL_GPL(stv0367cab_attach);
/*
* Functions for operation on Digital Devices hardware
@@ -3344,7 +3344,7 @@ error:
kfree(state);
return NULL;
}
-EXPORT_SYMBOL(stv0367ddb_attach);
+EXPORT_SYMBOL_GPL(stv0367ddb_attach);
MODULE_PARM_DESC(debug, "Set debug");
MODULE_PARM_DESC(i2c_debug, "Set i2c debug");
--- a/drivers/media/dvb-frontends/stv0900_core.c
+++ b/drivers/media/dvb-frontends/stv0900_core.c
@@ -1957,7 +1957,7 @@ error:
kfree(state);
return NULL;
}
-EXPORT_SYMBOL(stv0900_attach);
+EXPORT_SYMBOL_GPL(stv0900_attach);
MODULE_PARM_DESC(debug, "Set debug");
--- a/drivers/media/dvb-frontends/stv090x.c
+++ b/drivers/media/dvb-frontends/stv090x.c
@@ -5073,7 +5073,7 @@ error:
kfree(state);
return NULL;
}
-EXPORT_SYMBOL(stv090x_attach);
+EXPORT_SYMBOL_GPL(stv090x_attach);
static const struct i2c_device_id stv090x_id_table[] = {
{"stv090x", 0},
--- a/drivers/media/dvb-frontends/stv6110.c
+++ b/drivers/media/dvb-frontends/stv6110.c
@@ -427,7 +427,7 @@ struct dvb_frontend *stv6110_attach(stru
return fe;
}
-EXPORT_SYMBOL(stv6110_attach);
+EXPORT_SYMBOL_GPL(stv6110_attach);
module_param(debug, int, 0644);
MODULE_PARM_DESC(debug, "Turn on/off frontend debugging (default:off).");
--- a/drivers/media/dvb-frontends/stv6110x.c
+++ b/drivers/media/dvb-frontends/stv6110x.c
@@ -469,7 +469,7 @@ const struct stv6110x_devctl *stv6110x_a
dev_info(&stv6110x->i2c->dev, "Attaching STV6110x\n");
return stv6110x->devctl;
}
-EXPORT_SYMBOL(stv6110x_attach);
+EXPORT_SYMBOL_GPL(stv6110x_attach);
static const struct i2c_device_id stv6110x_id_table[] = {
{"stv6110x", 0},
--- a/drivers/media/dvb-frontends/tda10021.c
+++ b/drivers/media/dvb-frontends/tda10021.c
@@ -513,4 +513,4 @@ MODULE_DESCRIPTION("Philips TDA10021 DVB
MODULE_AUTHOR("Ralph Metzler, Holger Waechtler, Markus Schulz");
MODULE_LICENSE("GPL");
-EXPORT_SYMBOL(tda10021_attach);
+EXPORT_SYMBOL_GPL(tda10021_attach);
--- a/drivers/media/dvb-frontends/tda10023.c
+++ b/drivers/media/dvb-frontends/tda10023.c
@@ -594,4 +594,4 @@ MODULE_DESCRIPTION("Philips TDA10023 DVB
MODULE_AUTHOR("Georg Acher, Hartmut Birr");
MODULE_LICENSE("GPL");
-EXPORT_SYMBOL(tda10023_attach);
+EXPORT_SYMBOL_GPL(tda10023_attach);
--- a/drivers/media/dvb-frontends/tda10048.c
+++ b/drivers/media/dvb-frontends/tda10048.c
@@ -1138,7 +1138,7 @@ error:
kfree(state);
return NULL;
}
-EXPORT_SYMBOL(tda10048_attach);
+EXPORT_SYMBOL_GPL(tda10048_attach);
static const struct dvb_frontend_ops tda10048_ops = {
.delsys = { SYS_DVBT },
--- a/drivers/media/dvb-frontends/tda1004x.c
+++ b/drivers/media/dvb-frontends/tda1004x.c
@@ -1378,5 +1378,5 @@ MODULE_DESCRIPTION("Philips TDA10045H &
MODULE_AUTHOR("Andrew de Quincey & Robert Schlabbach");
MODULE_LICENSE("GPL");
-EXPORT_SYMBOL(tda10045_attach);
-EXPORT_SYMBOL(tda10046_attach);
+EXPORT_SYMBOL_GPL(tda10045_attach);
+EXPORT_SYMBOL_GPL(tda10046_attach);
--- a/drivers/media/dvb-frontends/tda10086.c
+++ b/drivers/media/dvb-frontends/tda10086.c
@@ -764,4 +764,4 @@ MODULE_DESCRIPTION("Philips TDA10086 DVB
MODULE_AUTHOR("Andrew de Quincey");
MODULE_LICENSE("GPL");
-EXPORT_SYMBOL(tda10086_attach);
+EXPORT_SYMBOL_GPL(tda10086_attach);
--- a/drivers/media/dvb-frontends/tda665x.c
+++ b/drivers/media/dvb-frontends/tda665x.c
@@ -227,7 +227,7 @@ struct dvb_frontend *tda665x_attach(stru
return fe;
}
-EXPORT_SYMBOL(tda665x_attach);
+EXPORT_SYMBOL_GPL(tda665x_attach);
MODULE_DESCRIPTION("TDA665x driver");
MODULE_AUTHOR("Manu Abraham");
--- a/drivers/media/dvb-frontends/tda8083.c
+++ b/drivers/media/dvb-frontends/tda8083.c
@@ -481,4 +481,4 @@ MODULE_DESCRIPTION("Philips TDA8083 DVB-
MODULE_AUTHOR("Ralph Metzler, Holger Waechtler");
MODULE_LICENSE("GPL");
-EXPORT_SYMBOL(tda8083_attach);
+EXPORT_SYMBOL_GPL(tda8083_attach);
--- a/drivers/media/dvb-frontends/tda8261.c
+++ b/drivers/media/dvb-frontends/tda8261.c
@@ -188,7 +188,7 @@ exit:
return NULL;
}
-EXPORT_SYMBOL(tda8261_attach);
+EXPORT_SYMBOL_GPL(tda8261_attach);
MODULE_AUTHOR("Manu Abraham");
MODULE_DESCRIPTION("TDA8261 8PSK/QPSK Tuner");
--- a/drivers/media/dvb-frontends/tda826x.c
+++ b/drivers/media/dvb-frontends/tda826x.c
@@ -164,7 +164,7 @@ struct dvb_frontend *tda826x_attach(stru
return fe;
}
-EXPORT_SYMBOL(tda826x_attach);
+EXPORT_SYMBOL_GPL(tda826x_attach);
module_param(debug, int, 0644);
MODULE_PARM_DESC(debug, "Turn on/off frontend debugging (default:off).");
--- a/drivers/media/dvb-frontends/ts2020.c
+++ b/drivers/media/dvb-frontends/ts2020.c
@@ -525,7 +525,7 @@ struct dvb_frontend *ts2020_attach(struc
return fe;
}
-EXPORT_SYMBOL(ts2020_attach);
+EXPORT_SYMBOL_GPL(ts2020_attach);
/*
* We implement own regmap locking due to legacy DVB attach which uses frontend
--- a/drivers/media/dvb-frontends/tua6100.c
+++ b/drivers/media/dvb-frontends/tua6100.c
@@ -186,7 +186,7 @@ struct dvb_frontend *tua6100_attach(stru
fe->tuner_priv = priv;
return fe;
}
-EXPORT_SYMBOL(tua6100_attach);
+EXPORT_SYMBOL_GPL(tua6100_attach);
MODULE_DESCRIPTION("DVB tua6100 driver");
MODULE_AUTHOR("Andrew de Quincey");
--- a/drivers/media/dvb-frontends/ves1820.c
+++ b/drivers/media/dvb-frontends/ves1820.c
@@ -434,4 +434,4 @@ MODULE_DESCRIPTION("VLSI VES1820 DVB-C D
MODULE_AUTHOR("Ralph Metzler, Holger Waechtler");
MODULE_LICENSE("GPL");
-EXPORT_SYMBOL(ves1820_attach);
+EXPORT_SYMBOL_GPL(ves1820_attach);
--- a/drivers/media/dvb-frontends/ves1x93.c
+++ b/drivers/media/dvb-frontends/ves1x93.c
@@ -540,4 +540,4 @@ MODULE_DESCRIPTION("VLSI VES1x93 DVB-S D
MODULE_AUTHOR("Ralph Metzler");
MODULE_LICENSE("GPL");
-EXPORT_SYMBOL(ves1x93_attach);
+EXPORT_SYMBOL_GPL(ves1x93_attach);
--- a/drivers/media/dvb-frontends/zl10036.c
+++ b/drivers/media/dvb-frontends/zl10036.c
@@ -496,7 +496,7 @@ error:
kfree(state);
return NULL;
}
-EXPORT_SYMBOL(zl10036_attach);
+EXPORT_SYMBOL_GPL(zl10036_attach);
module_param_named(debug, zl10036_debug, int, 0644);
MODULE_PARM_DESC(debug, "Turn on/off frontend debugging (default:off).");
--- a/drivers/media/dvb-frontends/zl10039.c
+++ b/drivers/media/dvb-frontends/zl10039.c
@@ -295,7 +295,7 @@ error:
kfree(state);
return NULL;
}
-EXPORT_SYMBOL(zl10039_attach);
+EXPORT_SYMBOL_GPL(zl10039_attach);
module_param(debug, int, 0644);
MODULE_PARM_DESC(debug, "Turn on/off frontend debugging (default:off).");
--- a/drivers/media/dvb-frontends/zl10353.c
+++ b/drivers/media/dvb-frontends/zl10353.c
@@ -665,4 +665,4 @@ MODULE_DESCRIPTION("Zarlink ZL10353 DVB-
MODULE_AUTHOR("Chris Pascoe");
MODULE_LICENSE("GPL");
-EXPORT_SYMBOL(zl10353_attach);
+EXPORT_SYMBOL_GPL(zl10353_attach);
--- a/drivers/media/pci/bt8xx/dst.c
+++ b/drivers/media/pci/bt8xx/dst.c
@@ -1722,7 +1722,7 @@ struct dst_state *dst_attach(struct dst_
return state; /* Manu (DST is a card not a frontend) */
}
-EXPORT_SYMBOL(dst_attach);
+EXPORT_SYMBOL_GPL(dst_attach);
static const struct dvb_frontend_ops dst_dvbt_ops = {
.delsys = { SYS_DVBT },
--- a/drivers/media/pci/bt8xx/dst_ca.c
+++ b/drivers/media/pci/bt8xx/dst_ca.c
@@ -668,7 +668,7 @@ struct dvb_device *dst_ca_attach(struct
return NULL;
}
-EXPORT_SYMBOL(dst_ca_attach);
+EXPORT_SYMBOL_GPL(dst_ca_attach);
MODULE_DESCRIPTION("DST DVB-S/T/C Combo CA driver");
MODULE_AUTHOR("Manu Abraham");
--- a/drivers/media/tuners/fc0011.c
+++ b/drivers/media/tuners/fc0011.c
@@ -499,7 +499,7 @@ struct dvb_frontend *fc0011_attach(struc
return fe;
}
-EXPORT_SYMBOL(fc0011_attach);
+EXPORT_SYMBOL_GPL(fc0011_attach);
MODULE_DESCRIPTION("Fitipower FC0011 silicon tuner driver");
MODULE_AUTHOR("Michael Buesch <m@bues.ch>");
--- a/drivers/media/tuners/fc0012.c
+++ b/drivers/media/tuners/fc0012.c
@@ -495,7 +495,7 @@ err:
return fe;
}
-EXPORT_SYMBOL(fc0012_attach);
+EXPORT_SYMBOL_GPL(fc0012_attach);
MODULE_DESCRIPTION("Fitipower FC0012 silicon tuner driver");
MODULE_AUTHOR("Hans-Frieder Vogt <hfvogt@gmx.net>");
--- a/drivers/media/tuners/fc0013.c
+++ b/drivers/media/tuners/fc0013.c
@@ -608,7 +608,7 @@ struct dvb_frontend *fc0013_attach(struc
return fe;
}
-EXPORT_SYMBOL(fc0013_attach);
+EXPORT_SYMBOL_GPL(fc0013_attach);
MODULE_DESCRIPTION("Fitipower FC0013 silicon tuner driver");
MODULE_AUTHOR("Hans-Frieder Vogt <hfvogt@gmx.net>");
--- a/drivers/media/tuners/max2165.c
+++ b/drivers/media/tuners/max2165.c
@@ -410,7 +410,7 @@ struct dvb_frontend *max2165_attach(stru
return fe;
}
-EXPORT_SYMBOL(max2165_attach);
+EXPORT_SYMBOL_GPL(max2165_attach);
MODULE_AUTHOR("David T. L. Wong <davidtlwong@gmail.com>");
MODULE_DESCRIPTION("Maxim MAX2165 silicon tuner driver");
--- a/drivers/media/tuners/mc44s803.c
+++ b/drivers/media/tuners/mc44s803.c
@@ -356,7 +356,7 @@ error:
kfree(priv);
return NULL;
}
-EXPORT_SYMBOL(mc44s803_attach);
+EXPORT_SYMBOL_GPL(mc44s803_attach);
MODULE_AUTHOR("Jochen Friedrich");
MODULE_DESCRIPTION("Freescale MC44S803 silicon tuner driver");
--- a/drivers/media/tuners/mt2060.c
+++ b/drivers/media/tuners/mt2060.c
@@ -440,7 +440,7 @@ struct dvb_frontend * mt2060_attach(stru
return fe;
}
-EXPORT_SYMBOL(mt2060_attach);
+EXPORT_SYMBOL_GPL(mt2060_attach);
static int mt2060_probe(struct i2c_client *client,
const struct i2c_device_id *id)
--- a/drivers/media/tuners/mt2131.c
+++ b/drivers/media/tuners/mt2131.c
@@ -274,7 +274,7 @@ struct dvb_frontend * mt2131_attach(stru
fe->tuner_priv = priv;
return fe;
}
-EXPORT_SYMBOL(mt2131_attach);
+EXPORT_SYMBOL_GPL(mt2131_attach);
MODULE_AUTHOR("Steven Toth");
MODULE_DESCRIPTION("Microtune MT2131 silicon tuner driver");
--- a/drivers/media/tuners/mt2266.c
+++ b/drivers/media/tuners/mt2266.c
@@ -336,7 +336,7 @@ struct dvb_frontend * mt2266_attach(stru
mt2266_calibrate(priv);
return fe;
}
-EXPORT_SYMBOL(mt2266_attach);
+EXPORT_SYMBOL_GPL(mt2266_attach);
MODULE_AUTHOR("Olivier DANET");
MODULE_DESCRIPTION("Microtune MT2266 silicon tuner driver");
--- a/drivers/media/tuners/mxl5005s.c
+++ b/drivers/media/tuners/mxl5005s.c
@@ -4114,7 +4114,7 @@ struct dvb_frontend *mxl5005s_attach(str
fe->tuner_priv = state;
return fe;
}
-EXPORT_SYMBOL(mxl5005s_attach);
+EXPORT_SYMBOL_GPL(mxl5005s_attach);
MODULE_DESCRIPTION("MaxLinear MXL5005S silicon tuner driver");
MODULE_AUTHOR("Steven Toth");
--- a/drivers/media/tuners/qt1010.c
+++ b/drivers/media/tuners/qt1010.c
@@ -437,7 +437,7 @@ struct dvb_frontend * qt1010_attach(stru
fe->tuner_priv = priv;
return fe;
}
-EXPORT_SYMBOL(qt1010_attach);
+EXPORT_SYMBOL_GPL(qt1010_attach);
MODULE_DESCRIPTION("Quantek QT1010 silicon tuner driver");
MODULE_AUTHOR("Antti Palosaari <crope@iki.fi>");
--- a/drivers/media/tuners/tda18218.c
+++ b/drivers/media/tuners/tda18218.c
@@ -336,7 +336,7 @@ struct dvb_frontend *tda18218_attach(str
return fe;
}
-EXPORT_SYMBOL(tda18218_attach);
+EXPORT_SYMBOL_GPL(tda18218_attach);
MODULE_DESCRIPTION("NXP TDA18218HN silicon tuner driver");
MODULE_AUTHOR("Antti Palosaari <crope@iki.fi>");
--- a/drivers/media/tuners/xc4000.c
+++ b/drivers/media/tuners/xc4000.c
@@ -1744,7 +1744,7 @@ fail2:
xc4000_release(fe);
return NULL;
}
-EXPORT_SYMBOL(xc4000_attach);
+EXPORT_SYMBOL_GPL(xc4000_attach);
MODULE_AUTHOR("Steven Toth, Davide Ferri");
MODULE_DESCRIPTION("Xceive xc4000 silicon tuner driver");
--- a/drivers/media/tuners/xc5000.c
+++ b/drivers/media/tuners/xc5000.c
@@ -1460,7 +1460,7 @@ fail:
xc5000_release(fe);
return NULL;
}
-EXPORT_SYMBOL(xc5000_attach);
+EXPORT_SYMBOL_GPL(xc5000_attach);
MODULE_AUTHOR("Steven Toth");
MODULE_DESCRIPTION("Xceive xc5000 silicon tuner driver");
^ permalink raw reply [flat|nested] 396+ messages in thread
* [PATCH 5.4 219/367] ntb: Drop packets when qp link is down
2023-09-20 11:26 [PATCH 5.4 000/367] 5.4.257-rc1 review Greg Kroah-Hartman
` (217 preceding siblings ...)
2023-09-20 11:29 ` [PATCH 5.4 218/367] media: dvb: symbol fixup for dvb_attach() Greg Kroah-Hartman
@ 2023-09-20 11:29 ` Greg Kroah-Hartman
2023-09-20 11:29 ` [PATCH 5.4 220/367] ntb: Clean up tx tail index on link down Greg Kroah-Hartman
` (153 subsequent siblings)
372 siblings, 0 replies; 396+ messages in thread
From: Greg Kroah-Hartman @ 2023-09-20 11:29 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Yuan Y Lu, Logan Gunthorpe,
Dave Jiang, Jon Mason
5.4-stable review patch. If anyone has any objections, please let me know.
------------------
From: Dave Jiang <dave.jiang@intel.com>
commit f195a1a6fe416882984f8bd6c61afc1383171860 upstream.
Currently when the transport receive packets after netdev has closed the
transport returns error and triggers tx errors to be incremented and
carrier to be stopped. There is no reason to return error if the device is
already closed. Drop the packet and return 0.
Fixes: e26a5843f7f5 ("NTB: Split ntb_hw_intel and ntb_transport drivers")
Reported-by: Yuan Y Lu <yuan.y.lu@intel.com>
Tested-by: Yuan Y Lu <yuan.y.lu@intel.com>
Reviewed-by: Logan Gunthorpe <logang@deltatee.com>
Signed-off-by: Dave Jiang <dave.jiang@intel.com>
Signed-off-by: Jon Mason <jdmason@kudzu.us>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/ntb/ntb_transport.c | 6 +++++-
1 file changed, 5 insertions(+), 1 deletion(-)
--- a/drivers/ntb/ntb_transport.c
+++ b/drivers/ntb/ntb_transport.c
@@ -2278,9 +2278,13 @@ int ntb_transport_tx_enqueue(struct ntb_
struct ntb_queue_entry *entry;
int rc;
- if (!qp || !qp->link_is_up || !len)
+ if (!qp || !len)
return -EINVAL;
+ /* If the qp link is down already, just ignore. */
+ if (!qp->link_is_up)
+ return 0;
+
entry = ntb_list_rm(&qp->ntb_tx_free_q_lock, &qp->tx_free_q);
if (!entry) {
qp->tx_err_no_buf++;
^ permalink raw reply [flat|nested] 396+ messages in thread
* [PATCH 5.4 220/367] ntb: Clean up tx tail index on link down
2023-09-20 11:26 [PATCH 5.4 000/367] 5.4.257-rc1 review Greg Kroah-Hartman
` (218 preceding siblings ...)
2023-09-20 11:29 ` [PATCH 5.4 219/367] ntb: Drop packets when qp link is down Greg Kroah-Hartman
@ 2023-09-20 11:29 ` Greg Kroah-Hartman
2023-09-20 11:29 ` [PATCH 5.4 221/367] ntb: Fix calculation ntb_transport_tx_free_entry() Greg Kroah-Hartman
` (152 subsequent siblings)
372 siblings, 0 replies; 396+ messages in thread
From: Greg Kroah-Hartman @ 2023-09-20 11:29 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Yuan Y Lu, Logan Gunthorpe,
Dave Jiang, Jon Mason
5.4-stable review patch. If anyone has any objections, please let me know.
------------------
From: Dave Jiang <dave.jiang@intel.com>
commit cc79bd2738c2d40aba58b2be6ce47dc0e471df0e upstream.
The tx tail index is not reset when the link goes down. This causes the
tail index to go out of sync when the link goes down and comes back up.
Refactor the ntb_qp_link_down_reset() and reset the tail index as well.
Fixes: 2849b5d70641 ("NTB: Reset transport QP link stats on down")
Reported-by: Yuan Y Lu <yuan.y.lu@intel.com>
Tested-by: Yuan Y Lu <yuan.y.lu@intel.com>
Reviewed-by: Logan Gunthorpe <logang@deltatee.com>
Signed-off-by: Dave Jiang <dave.jiang@intel.com>
Signed-off-by: Jon Mason <jdmason@kudzu.us>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/ntb/ntb_transport.c | 11 +++++++++--
1 file changed, 9 insertions(+), 2 deletions(-)
--- a/drivers/ntb/ntb_transport.c
+++ b/drivers/ntb/ntb_transport.c
@@ -911,7 +911,7 @@ static int ntb_set_mw(struct ntb_transpo
return 0;
}
-static void ntb_qp_link_down_reset(struct ntb_transport_qp *qp)
+static void ntb_qp_link_context_reset(struct ntb_transport_qp *qp)
{
qp->link_is_up = false;
qp->active = false;
@@ -934,6 +934,13 @@ static void ntb_qp_link_down_reset(struc
qp->tx_async = 0;
}
+static void ntb_qp_link_down_reset(struct ntb_transport_qp *qp)
+{
+ ntb_qp_link_context_reset(qp);
+ if (qp->remote_rx_info)
+ qp->remote_rx_info->entry = qp->rx_max_entry - 1;
+}
+
static void ntb_qp_link_cleanup(struct ntb_transport_qp *qp)
{
struct ntb_transport_ctx *nt = qp->transport;
@@ -1176,7 +1183,7 @@ static int ntb_transport_init_queue(stru
qp->ndev = nt->ndev;
qp->client_ready = false;
qp->event_handler = NULL;
- ntb_qp_link_down_reset(qp);
+ ntb_qp_link_context_reset(qp);
if (mw_num < qp_count % mw_count)
num_qps_mw = qp_count / mw_count + 1;
^ permalink raw reply [flat|nested] 396+ messages in thread
* [PATCH 5.4 221/367] ntb: Fix calculation ntb_transport_tx_free_entry()
2023-09-20 11:26 [PATCH 5.4 000/367] 5.4.257-rc1 review Greg Kroah-Hartman
` (219 preceding siblings ...)
2023-09-20 11:29 ` [PATCH 5.4 220/367] ntb: Clean up tx tail index on link down Greg Kroah-Hartman
@ 2023-09-20 11:29 ` Greg Kroah-Hartman
2023-09-20 11:29 ` [PATCH 5.4 222/367] Revert "PCI: Mark NVIDIA T4 GPUs to avoid bus reset" Greg Kroah-Hartman
` (151 subsequent siblings)
372 siblings, 0 replies; 396+ messages in thread
From: Greg Kroah-Hartman @ 2023-09-20 11:29 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Logan Gunthorpe, renlonglong,
Dave Jiang, Jon Mason
5.4-stable review patch. If anyone has any objections, please let me know.
------------------
From: Dave Jiang <dave.jiang@intel.com>
commit 5a7693e6bbf19b22fd6c1d2c4b7beb0a03969e2c upstream.
ntb_transport_tx_free_entry() never returns 0 with the current
calculation. If head == tail, then it would return qp->tx_max_entry.
Change compare to tail >= head and when they are equal, a 0 would be
returned.
Fixes: e74bfeedad08 ("NTB: Add flow control to the ntb_netdev")
Reviewed-by: Logan Gunthorpe <logang@deltatee.com>
Signed-off-by: renlonglong <ren.longlong@h3c.com>
Signed-off-by: Dave Jiang <dave.jiang@intel.com>
Signed-off-by: Jon Mason <jdmason@kudzu.us>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/ntb/ntb_transport.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/drivers/ntb/ntb_transport.c
+++ b/drivers/ntb/ntb_transport.c
@@ -2431,7 +2431,7 @@ unsigned int ntb_transport_tx_free_entry
unsigned int head = qp->tx_index;
unsigned int tail = qp->remote_rx_info->entry;
- return tail > head ? tail - head : qp->tx_max_entry + tail - head;
+ return tail >= head ? tail - head : qp->tx_max_entry + tail - head;
}
EXPORT_SYMBOL_GPL(ntb_transport_tx_free_entry);
^ permalink raw reply [flat|nested] 396+ messages in thread
* [PATCH 5.4 222/367] Revert "PCI: Mark NVIDIA T4 GPUs to avoid bus reset"
2023-09-20 11:26 [PATCH 5.4 000/367] 5.4.257-rc1 review Greg Kroah-Hartman
` (220 preceding siblings ...)
2023-09-20 11:29 ` [PATCH 5.4 221/367] ntb: Fix calculation ntb_transport_tx_free_entry() Greg Kroah-Hartman
@ 2023-09-20 11:29 ` Greg Kroah-Hartman
2023-09-20 11:30 ` [PATCH 5.4 223/367] procfs: block chmod on /proc/thread-self/comm Greg Kroah-Hartman
` (150 subsequent siblings)
372 siblings, 0 replies; 396+ messages in thread
From: Greg Kroah-Hartman @ 2023-09-20 11:29 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Bjorn Helgaas
5.4-stable review patch. If anyone has any objections, please let me know.
------------------
From: Bjorn Helgaas <bhelgaas@google.com>
commit 5260bd6d36c83c5b269c33baaaf8c78e520908b0 upstream.
This reverts commit d5af729dc2071273f14cbb94abbc60608142fd83.
d5af729dc207 ("PCI: Mark NVIDIA T4 GPUs to avoid bus reset") avoided
Secondary Bus Reset on the T4 because the reset seemed to not work when the
T4 was directly attached to a Root Port.
But NVIDIA thinks the issue is probably related to some issue with the Root
Port, not with the T4. The T4 provides neither PM nor FLR reset, so
masking bus reset compromises this device for assignment scenarios.
Revert d5af729dc207 as requested by Wu Zongyong. This will leave SBR
broken in the specific configuration Wu tested, as it was in v6.5, so Wu
will debug that further.
Link: https://lore.kernel.org/r/ZPqMCDWvITlOLHgJ@wuzongyong-alibaba
Link: https://lore.kernel.org/r/20230908201104.GA305023@bhelgaas
Signed-off-by: Bjorn Helgaas <bhelgaas@google.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/pci/quirks.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/drivers/pci/quirks.c
+++ b/drivers/pci/quirks.c
@@ -3566,7 +3566,7 @@ static void quirk_no_bus_reset(struct pc
*/
static void quirk_nvidia_no_bus_reset(struct pci_dev *dev)
{
- if ((dev->device & 0xffc0) == 0x2340 || dev->device == 0x1eb8)
+ if ((dev->device & 0xffc0) == 0x2340)
quirk_no_bus_reset(dev);
}
DECLARE_PCI_FIXUP_HEADER(PCI_VENDOR_ID_NVIDIA, PCI_ANY_ID,
^ permalink raw reply [flat|nested] 396+ messages in thread
* [PATCH 5.4 223/367] procfs: block chmod on /proc/thread-self/comm
2023-09-20 11:26 [PATCH 5.4 000/367] 5.4.257-rc1 review Greg Kroah-Hartman
` (221 preceding siblings ...)
2023-09-20 11:29 ` [PATCH 5.4 222/367] Revert "PCI: Mark NVIDIA T4 GPUs to avoid bus reset" Greg Kroah-Hartman
@ 2023-09-20 11:30 ` Greg Kroah-Hartman
2023-09-20 11:30 ` [PATCH 5.4 224/367] parisc: Fix /proc/cpuinfo output for lscpu Greg Kroah-Hartman
` (149 subsequent siblings)
372 siblings, 0 replies; 396+ messages in thread
From: Greg Kroah-Hartman @ 2023-09-20 11:30 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Aleksa Sarai, Christian Brauner
5.4-stable review patch. If anyone has any objections, please let me know.
------------------
From: Aleksa Sarai <cyphar@cyphar.com>
commit ccf61486fe1e1a48e18c638d1813cda77b3c0737 upstream.
Due to an oversight in commit 1b3044e39a89 ("procfs: fix pthread
cross-thread naming if !PR_DUMPABLE") in switching from REG to NOD,
chmod operations on /proc/thread-self/comm were no longer blocked as
they are on almost all other procfs files.
A very similar situation with /proc/self/environ was used to as a root
exploit a long time ago, but procfs has SB_I_NOEXEC so this is simply a
correctness issue.
Ref: https://lwn.net/Articles/191954/
Ref: 6d76fa58b050 ("Don't allow chmod() on the /proc/<pid>/ files")
Fixes: 1b3044e39a89 ("procfs: fix pthread cross-thread naming if !PR_DUMPABLE")
Cc: stable@vger.kernel.org # v4.7+
Signed-off-by: Aleksa Sarai <cyphar@cyphar.com>
Message-Id: <20230713141001.27046-1-cyphar@cyphar.com>
Signed-off-by: Christian Brauner <brauner@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/proc/base.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
--- a/fs/proc/base.c
+++ b/fs/proc/base.c
@@ -3412,7 +3412,8 @@ static int proc_tid_comm_permission(stru
}
static const struct inode_operations proc_tid_comm_inode_operations = {
- .permission = proc_tid_comm_permission,
+ .setattr = proc_setattr,
+ .permission = proc_tid_comm_permission,
};
/*
^ permalink raw reply [flat|nested] 396+ messages in thread
* [PATCH 5.4 224/367] parisc: Fix /proc/cpuinfo output for lscpu
2023-09-20 11:26 [PATCH 5.4 000/367] 5.4.257-rc1 review Greg Kroah-Hartman
` (222 preceding siblings ...)
2023-09-20 11:30 ` [PATCH 5.4 223/367] procfs: block chmod on /proc/thread-self/comm Greg Kroah-Hartman
@ 2023-09-20 11:30 ` Greg Kroah-Hartman
2023-09-20 11:30 ` [PATCH 5.4 225/367] dlm: fix plock lookup when using multiple lockspaces Greg Kroah-Hartman
` (148 subsequent siblings)
372 siblings, 0 replies; 396+ messages in thread
From: Greg Kroah-Hartman @ 2023-09-20 11:30 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Helge Deller
5.4-stable review patch. If anyone has any objections, please let me know.
------------------
From: Helge Deller <deller@gmx.de>
commit 9f5ba4b3e1b3c123eeca5d2d09161e8720048b5c upstream.
The lscpu command is broken since commit cab56b51ec0e ("parisc: Fix
device names in /proc/iomem") added the PA pathname to all PA
devices, includig the CPUs.
lscpu parses /proc/cpuinfo and now believes it found different CPU
types since every CPU is listed with an unique identifier (PA
pathname).
Fix this problem by simply dropping the PA pathname when listing the
CPUs in /proc/cpuinfo. There is no need to show the pathname in this
procfs file.
Fixes: cab56b51ec0e ("parisc: Fix device names in /proc/iomem")
Signed-off-by: Helge Deller <deller@gmx.de>
Cc: <stable@vger.kernel.org> # v4.9+
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
arch/parisc/kernel/processor.c | 13 ++++++++++---
1 file changed, 10 insertions(+), 3 deletions(-)
--- a/arch/parisc/kernel/processor.c
+++ b/arch/parisc/kernel/processor.c
@@ -373,10 +373,18 @@ int
show_cpuinfo (struct seq_file *m, void *v)
{
unsigned long cpu;
+ char cpu_name[60], *p;
+
+ /* strip PA path from CPU name to not confuse lscpu */
+ strlcpy(cpu_name, per_cpu(cpu_data, 0).dev->name, sizeof(cpu_name));
+ p = strrchr(cpu_name, '[');
+ if (p)
+ *(--p) = 0;
for_each_online_cpu(cpu) {
- const struct cpuinfo_parisc *cpuinfo = &per_cpu(cpu_data, cpu);
#ifdef CONFIG_SMP
+ const struct cpuinfo_parisc *cpuinfo = &per_cpu(cpu_data, cpu);
+
if (0 == cpuinfo->hpa)
continue;
#endif
@@ -421,8 +429,7 @@ show_cpuinfo (struct seq_file *m, void *
seq_printf(m, "model\t\t: %s - %s\n",
boot_cpu_data.pdc.sys_model_name,
- cpuinfo->dev ?
- cpuinfo->dev->name : "Unknown");
+ cpu_name);
seq_printf(m, "hversion\t: 0x%08x\n"
"sversion\t: 0x%08x\n",
^ permalink raw reply [flat|nested] 396+ messages in thread
* [PATCH 5.4 225/367] dlm: fix plock lookup when using multiple lockspaces
2023-09-20 11:26 [PATCH 5.4 000/367] 5.4.257-rc1 review Greg Kroah-Hartman
` (223 preceding siblings ...)
2023-09-20 11:30 ` [PATCH 5.4 224/367] parisc: Fix /proc/cpuinfo output for lscpu Greg Kroah-Hartman
@ 2023-09-20 11:30 ` Greg Kroah-Hartman
2023-09-20 11:30 ` [PATCH 5.4 226/367] dccp: Fix out of bounds access in DCCP error handler Greg Kroah-Hartman
` (147 subsequent siblings)
372 siblings, 0 replies; 396+ messages in thread
From: Greg Kroah-Hartman @ 2023-09-20 11:30 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Barry Marson, Alexander Aring,
David Teigland
5.4-stable review patch. If anyone has any objections, please let me know.
------------------
From: Alexander Aring <aahringo@redhat.com>
commit 7c53e847ff5e97f033fdd31f71949807633d506b upstream.
All posix lock ops, for all lockspaces (gfs2 file systems) are
sent to userspace (dlm_controld) through a single misc device.
The dlm_controld daemon reads the ops from the misc device
and sends them to other cluster nodes using separate, per-lockspace
cluster api communication channels. The ops for a single lockspace
are ordered at this level, so that the results are received in
the same sequence that the requests were sent. When the results
are sent back to the kernel via the misc device, they are again
funneled through the single misc device for all lockspaces. When
the dlm code in the kernel processes the results from the misc
device, these results will be returned in the same sequence that
the requests were sent, on a per-lockspace basis. A recent change
in this request/reply matching code missed the "per-lockspace"
check (fsid comparison) when matching request and reply, so replies
could be incorrectly matched to requests from other lockspaces.
Cc: stable@vger.kernel.org
Reported-by: Barry Marson <bmarson@redhat.com>
Fixes: 57e2c2f2d94c ("fs: dlm: fix mismatch of plock results from userspace")
Signed-off-by: Alexander Aring <aahringo@redhat.com>
Signed-off-by: David Teigland <teigland@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/dlm/plock.c | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
--- a/fs/dlm/plock.c
+++ b/fs/dlm/plock.c
@@ -466,7 +466,8 @@ static ssize_t dev_write(struct file *fi
}
} else {
list_for_each_entry(iter, &recv_list, list) {
- if (!iter->info.wait) {
+ if (!iter->info.wait &&
+ iter->info.fsid == info.fsid) {
op = iter;
break;
}
@@ -478,8 +479,7 @@ static ssize_t dev_write(struct file *fi
if (info.wait)
WARN_ON(op->info.optype != DLM_PLOCK_OP_LOCK);
else
- WARN_ON(op->info.fsid != info.fsid ||
- op->info.number != info.number ||
+ WARN_ON(op->info.number != info.number ||
op->info.owner != info.owner ||
op->info.optype != info.optype);
^ permalink raw reply [flat|nested] 396+ messages in thread
* [PATCH 5.4 226/367] dccp: Fix out of bounds access in DCCP error handler
2023-09-20 11:26 [PATCH 5.4 000/367] 5.4.257-rc1 review Greg Kroah-Hartman
` (224 preceding siblings ...)
2023-09-20 11:30 ` [PATCH 5.4 225/367] dlm: fix plock lookup when using multiple lockspaces Greg Kroah-Hartman
@ 2023-09-20 11:30 ` Greg Kroah-Hartman
2023-09-20 11:30 ` [PATCH 5.4 227/367] X.509: if signature is unsupported skip validation Greg Kroah-Hartman
` (146 subsequent siblings)
372 siblings, 0 replies; 396+ messages in thread
From: Greg Kroah-Hartman @ 2023-09-20 11:30 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Jann Horn, Kuniyuki Iwashima,
David S. Miller
5.4-stable review patch. If anyone has any objections, please let me know.
------------------
From: Jann Horn <jannh@google.com>
commit 977ad86c2a1bcaf58f01ab98df5cc145083c489c upstream.
There was a previous attempt to fix an out-of-bounds access in the DCCP
error handlers, but that fix assumed that the error handlers only want
to access the first 8 bytes of the DCCP header. Actually, they also look
at the DCCP sequence number, which is stored beyond 8 bytes, so an
explicit pskb_may_pull() is required.
Fixes: 6706a97fec96 ("dccp: fix out of bound access in dccp_v4_err()")
Fixes: 1aa9d1a0e7ee ("ipv6: dccp: fix out of bound access in dccp_v6_err()")
Cc: stable@vger.kernel.org
Signed-off-by: Jann Horn <jannh@google.com>
Reviewed-by: Kuniyuki Iwashima <kuniyu@amazon.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
net/dccp/ipv4.c | 13 +++++++++----
net/dccp/ipv6.c | 15 ++++++++++-----
2 files changed, 19 insertions(+), 9 deletions(-)
--- a/net/dccp/ipv4.c
+++ b/net/dccp/ipv4.c
@@ -243,12 +243,17 @@ static int dccp_v4_err(struct sk_buff *s
int err;
struct net *net = dev_net(skb->dev);
- /* Only need dccph_dport & dccph_sport which are the first
- * 4 bytes in dccp header.
+ /* For the first __dccp_basic_hdr_len() check, we only need dh->dccph_x,
+ * which is in byte 7 of the dccp header.
* Our caller (icmp_socket_deliver()) already pulled 8 bytes for us.
+ *
+ * Later on, we want to access the sequence number fields, which are
+ * beyond 8 bytes, so we have to pskb_may_pull() ourselves.
*/
- BUILD_BUG_ON(offsetofend(struct dccp_hdr, dccph_sport) > 8);
- BUILD_BUG_ON(offsetofend(struct dccp_hdr, dccph_dport) > 8);
+ dh = (struct dccp_hdr *)(skb->data + offset);
+ if (!pskb_may_pull(skb, offset + __dccp_basic_hdr_len(dh)))
+ return -EINVAL;
+ iph = (struct iphdr *)skb->data;
dh = (struct dccp_hdr *)(skb->data + offset);
sk = __inet_lookup_established(net, &dccp_hashinfo,
--- a/net/dccp/ipv6.c
+++ b/net/dccp/ipv6.c
@@ -67,7 +67,7 @@ static inline __u64 dccp_v6_init_sequenc
static int dccp_v6_err(struct sk_buff *skb, struct inet6_skb_parm *opt,
u8 type, u8 code, int offset, __be32 info)
{
- const struct ipv6hdr *hdr = (const struct ipv6hdr *)skb->data;
+ const struct ipv6hdr *hdr;
const struct dccp_hdr *dh;
struct dccp_sock *dp;
struct ipv6_pinfo *np;
@@ -76,12 +76,17 @@ static int dccp_v6_err(struct sk_buff *s
__u64 seq;
struct net *net = dev_net(skb->dev);
- /* Only need dccph_dport & dccph_sport which are the first
- * 4 bytes in dccp header.
+ /* For the first __dccp_basic_hdr_len() check, we only need dh->dccph_x,
+ * which is in byte 7 of the dccp header.
* Our caller (icmpv6_notify()) already pulled 8 bytes for us.
+ *
+ * Later on, we want to access the sequence number fields, which are
+ * beyond 8 bytes, so we have to pskb_may_pull() ourselves.
*/
- BUILD_BUG_ON(offsetofend(struct dccp_hdr, dccph_sport) > 8);
- BUILD_BUG_ON(offsetofend(struct dccp_hdr, dccph_dport) > 8);
+ dh = (struct dccp_hdr *)(skb->data + offset);
+ if (!pskb_may_pull(skb, offset + __dccp_basic_hdr_len(dh)))
+ return -EINVAL;
+ hdr = (const struct ipv6hdr *)skb->data;
dh = (struct dccp_hdr *)(skb->data + offset);
sk = __inet6_lookup_established(net, &dccp_hashinfo,
^ permalink raw reply [flat|nested] 396+ messages in thread
* [PATCH 5.4 227/367] X.509: if signature is unsupported skip validation
2023-09-20 11:26 [PATCH 5.4 000/367] 5.4.257-rc1 review Greg Kroah-Hartman
` (225 preceding siblings ...)
2023-09-20 11:30 ` [PATCH 5.4 226/367] dccp: Fix out of bounds access in DCCP error handler Greg Kroah-Hartman
@ 2023-09-20 11:30 ` Greg Kroah-Hartman
2023-09-20 11:30 ` [PATCH 5.4 228/367] net: handle ARPHRD_PPP in dev_is_mac_header_xmit() Greg Kroah-Hartman
` (145 subsequent siblings)
372 siblings, 0 replies; 396+ messages in thread
From: Greg Kroah-Hartman @ 2023-09-20 11:30 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Thore Sommer, Herbert Xu
5.4-stable review patch. If anyone has any objections, please let me know.
------------------
From: Thore Sommer <public@thson.de>
commit ef5b52a631f8c18353e80ccab8408b963305510c upstream.
When the hash algorithm for the signature is not available the digest size
is 0 and the signature in the certificate is marked as unsupported.
When validating a self-signed certificate, this needs to be checked,
because otherwise trying to validate the signature will fail with an
warning:
Loading compiled-in X.509 certificates
WARNING: CPU: 0 PID: 1 at crypto/rsa-pkcs1pad.c:537 \
pkcs1pad_verify+0x46/0x12c
...
Problem loading in-kernel X.509 certificate (-22)
Signed-off-by: Thore Sommer <public@thson.de>
Cc: stable@vger.kernel.org # v4.7+
Fixes: 6c2dc5ae4ab7 ("X.509: Extract signature digest and make self-signed cert checks earlier")
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
crypto/asymmetric_keys/x509_public_key.c | 5 +++++
1 file changed, 5 insertions(+)
--- a/crypto/asymmetric_keys/x509_public_key.c
+++ b/crypto/asymmetric_keys/x509_public_key.c
@@ -129,6 +129,11 @@ int x509_check_for_self_signed(struct x5
if (strcmp(cert->pub->pkey_algo, cert->sig->pkey_algo) != 0)
goto out;
+ if (cert->unsupported_sig) {
+ ret = 0;
+ goto out;
+ }
+
ret = public_key_verify_signature(cert->pub, cert->sig);
if (ret < 0) {
if (ret == -ENOPKG) {
^ permalink raw reply [flat|nested] 396+ messages in thread
* [PATCH 5.4 228/367] net: handle ARPHRD_PPP in dev_is_mac_header_xmit()
2023-09-20 11:26 [PATCH 5.4 000/367] 5.4.257-rc1 review Greg Kroah-Hartman
` (226 preceding siblings ...)
2023-09-20 11:30 ` [PATCH 5.4 227/367] X.509: if signature is unsupported skip validation Greg Kroah-Hartman
@ 2023-09-20 11:30 ` Greg Kroah-Hartman
2023-09-20 11:30 ` [PATCH 5.4 229/367] fsverity: skip PKCS#7 parser when keyring is empty Greg Kroah-Hartman
` (144 subsequent siblings)
372 siblings, 0 replies; 396+ messages in thread
From: Greg Kroah-Hartman @ 2023-09-20 11:30 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Nicolas Dichtel, Siwar Zitouni,
Guillaume Nault, David S. Miller
5.4-stable review patch. If anyone has any objections, please let me know.
------------------
From: Nicolas Dichtel <nicolas.dichtel@6wind.com>
commit a4f39c9f14a634e4cd35fcd338c239d11fcc73fc upstream.
The goal is to support a bpf_redirect() from an ethernet device (ingress)
to a ppp device (egress).
The l2 header is added automatically by the ppp driver, thus the ethernet
header should be removed.
CC: stable@vger.kernel.org
Fixes: 27b29f63058d ("bpf: add bpf_redirect() helper")
Signed-off-by: Nicolas Dichtel <nicolas.dichtel@6wind.com>
Tested-by: Siwar Zitouni <siwar.zitouni@6wind.com>
Reviewed-by: Guillaume Nault <gnault@redhat.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
include/linux/if_arp.h | 4 ++++
1 file changed, 4 insertions(+)
--- a/include/linux/if_arp.h
+++ b/include/linux/if_arp.h
@@ -52,6 +52,10 @@ static inline bool dev_is_mac_header_xmi
case ARPHRD_NONE:
case ARPHRD_RAWIP:
case ARPHRD_PIMREG:
+ /* PPP adds its l2 header automatically in ppp_start_xmit().
+ * This makes it look like an l3 device to __bpf_redirect() and tcf_mirred_init().
+ */
+ case ARPHRD_PPP:
return false;
default:
return true;
^ permalink raw reply [flat|nested] 396+ messages in thread
* [PATCH 5.4 229/367] fsverity: skip PKCS#7 parser when keyring is empty
2023-09-20 11:26 [PATCH 5.4 000/367] 5.4.257-rc1 review Greg Kroah-Hartman
` (227 preceding siblings ...)
2023-09-20 11:30 ` [PATCH 5.4 228/367] net: handle ARPHRD_PPP in dev_is_mac_header_xmit() Greg Kroah-Hartman
@ 2023-09-20 11:30 ` Greg Kroah-Hartman
2023-09-20 11:30 ` [PATCH 5.4 230/367] pstore/ram: Check start of empty przs during init Greg Kroah-Hartman
` (143 subsequent siblings)
372 siblings, 0 replies; 396+ messages in thread
From: Greg Kroah-Hartman @ 2023-09-20 11:30 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Jarkko Sakkinen, Eric Biggers
5.4-stable review patch. If anyone has any objections, please let me know.
------------------
From: Eric Biggers <ebiggers@google.com>
commit 919dc320956ea353a7fb2d84265195ad5ef525ac upstream.
If an fsverity builtin signature is given for a file but the
".fs-verity" keyring is empty, there's no real reason to run the PKCS#7
parser. Skip this to avoid the PKCS#7 attack surface when builtin
signature support is configured into the kernel but is not being used.
This is a hardening improvement, not a fix per se, but I've added
Fixes and Cc stable to get it out to more users.
Fixes: 432434c9f8e1 ("fs-verity: support builtin file signatures")
Cc: stable@vger.kernel.org
Reviewed-by: Jarkko Sakkinen <jarkko@kernel.org>
Link: https://lore.kernel.org/r/20230820173237.2579-1-ebiggers@kernel.org
Signed-off-by: Eric Biggers <ebiggers@google.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/verity/signature.c | 16 ++++++++++++++++
1 file changed, 16 insertions(+)
--- a/fs/verity/signature.c
+++ b/fs/verity/signature.c
@@ -58,6 +58,22 @@ int fsverity_verify_signature(const stru
return -EBADMSG;
}
+ if (fsverity_keyring->keys.nr_leaves_on_tree == 0) {
+ /*
+ * The ".fs-verity" keyring is empty, due to builtin signatures
+ * being supported by the kernel but not actually being used.
+ * In this case, verify_pkcs7_signature() would always return an
+ * error, usually ENOKEY. It could also be EBADMSG if the
+ * PKCS#7 is malformed, but that isn't very important to
+ * distinguish. So, just skip to ENOKEY to avoid the attack
+ * surface of the PKCS#7 parser, which would otherwise be
+ * reachable by any task able to execute FS_IOC_ENABLE_VERITY.
+ */
+ fsverity_err(inode,
+ "fs-verity keyring is empty, rejecting signed file!");
+ return -ENOKEY;
+ }
+
d = kzalloc(sizeof(*d) + hash_alg->digest_size, GFP_KERNEL);
if (!d)
return -ENOMEM;
^ permalink raw reply [flat|nested] 396+ messages in thread
* [PATCH 5.4 230/367] pstore/ram: Check start of empty przs during init
2023-09-20 11:26 [PATCH 5.4 000/367] 5.4.257-rc1 review Greg Kroah-Hartman
` (228 preceding siblings ...)
2023-09-20 11:30 ` [PATCH 5.4 229/367] fsverity: skip PKCS#7 parser when keyring is empty Greg Kroah-Hartman
@ 2023-09-20 11:30 ` Greg Kroah-Hartman
2023-09-20 11:30 ` [PATCH 5.4 231/367] s390/ipl: add missing secure/has_secure file to ipl type unknown Greg Kroah-Hartman
` (142 subsequent siblings)
372 siblings, 0 replies; 396+ messages in thread
From: Greg Kroah-Hartman @ 2023-09-20 11:30 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Yunlong Xing, Enlin Mu, Kees Cook
5.4-stable review patch. If anyone has any objections, please let me know.
------------------
From: Enlin Mu <enlin.mu@unisoc.com>
commit fe8c3623ab06603eb760444a032d426542212021 upstream.
After commit 30696378f68a ("pstore/ram: Do not treat empty buffers as
valid"), initialization would assume a prz was valid after seeing that
the buffer_size is zero (regardless of the buffer start position). This
unchecked start value means it could be outside the bounds of the buffer,
leading to future access panics when written to:
sysdump_panic_event+0x3b4/0x5b8
atomic_notifier_call_chain+0x54/0x90
panic+0x1c8/0x42c
die+0x29c/0x2a8
die_kernel_fault+0x68/0x78
__do_kernel_fault+0x1c4/0x1e0
do_bad_area+0x40/0x100
do_translation_fault+0x68/0x80
do_mem_abort+0x68/0xf8
el1_da+0x1c/0xc0
__raw_writeb+0x38/0x174
__memcpy_toio+0x40/0xac
persistent_ram_update+0x44/0x12c
persistent_ram_write+0x1a8/0x1b8
ramoops_pstore_write+0x198/0x1e8
pstore_console_write+0x94/0xe0
...
To avoid this, also check if the prz start is 0 during the initialization
phase. If not, the next prz sanity check case will discover it (start >
size) and zap the buffer back to a sane state.
Fixes: 30696378f68a ("pstore/ram: Do not treat empty buffers as valid")
Cc: Yunlong Xing <yunlong.xing@unisoc.com>
Cc: stable@vger.kernel.org
Signed-off-by: Enlin Mu <enlin.mu@unisoc.com>
Link: https://lore.kernel.org/r/20230801060432.1307717-1-yunlong.xing@unisoc.com
[kees: update commit log with backtrace and clarifications]
Signed-off-by: Kees Cook <keescook@chromium.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/pstore/ram_core.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/fs/pstore/ram_core.c
+++ b/fs/pstore/ram_core.c
@@ -506,7 +506,7 @@ static int persistent_ram_post_init(stru
sig ^= PERSISTENT_RAM_SIG;
if (prz->buffer->sig == sig) {
- if (buffer_size(prz) == 0) {
+ if (buffer_size(prz) == 0 && buffer_start(prz) == 0) {
pr_debug("found existing empty buffer\n");
return 0;
}
^ permalink raw reply [flat|nested] 396+ messages in thread
* [PATCH 5.4 231/367] s390/ipl: add missing secure/has_secure file to ipl type unknown
2023-09-20 11:26 [PATCH 5.4 000/367] 5.4.257-rc1 review Greg Kroah-Hartman
` (229 preceding siblings ...)
2023-09-20 11:30 ` [PATCH 5.4 230/367] pstore/ram: Check start of empty przs during init Greg Kroah-Hartman
@ 2023-09-20 11:30 ` Greg Kroah-Hartman
2023-09-20 11:30 ` [PATCH 5.4 232/367] crypto: stm32 - fix loop iterating through scatterlist for DMA Greg Kroah-Hartman
` (141 subsequent siblings)
372 siblings, 0 replies; 396+ messages in thread
From: Greg Kroah-Hartman @ 2023-09-20 11:30 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Sven Schnelle, Heiko Carstens
5.4-stable review patch. If anyone has any objections, please let me know.
------------------
From: Sven Schnelle <svens@linux.ibm.com>
commit ea5717cb13468323a7c3dd394748301802991f39 upstream.
OS installers are relying on /sys/firmware/ipl/has_secure to be
present on machines supporting secure boot. This file is present
for all IPL types, but not the unknown type, which prevents a secure
installation when an LPAR is booted in HMC via FTP(s), because
this is an unknown IPL type in linux. While at it, also add the secure
file.
Fixes: c9896acc7851 ("s390/ipl: Provide has_secure sysfs attribute")
Cc: stable@vger.kernel.org
Signed-off-by: Sven Schnelle <svens@linux.ibm.com>
Reviewed-by: Heiko Carstens <hca@linux.ibm.com>
Signed-off-by: Heiko Carstens <hca@linux.ibm.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
arch/s390/kernel/ipl.c | 2 ++
1 file changed, 2 insertions(+)
--- a/arch/s390/kernel/ipl.c
+++ b/arch/s390/kernel/ipl.c
@@ -429,6 +429,8 @@ static struct attribute_group ipl_ccw_at
static struct attribute *ipl_unknown_attrs[] = {
&sys_ipl_type_attr.attr,
+ &sys_ipl_secure_attr.attr,
+ &sys_ipl_has_secure_attr.attr,
NULL,
};
^ permalink raw reply [flat|nested] 396+ messages in thread
* [PATCH 5.4 232/367] crypto: stm32 - fix loop iterating through scatterlist for DMA
2023-09-20 11:26 [PATCH 5.4 000/367] 5.4.257-rc1 review Greg Kroah-Hartman
` (230 preceding siblings ...)
2023-09-20 11:30 ` [PATCH 5.4 231/367] s390/ipl: add missing secure/has_secure file to ipl type unknown Greg Kroah-Hartman
@ 2023-09-20 11:30 ` Greg Kroah-Hartman
2023-09-20 11:30 ` [PATCH 5.4 233/367] cpufreq: brcmstb-avs-cpufreq: Fix -Warray-bounds bug Greg Kroah-Hartman
` (140 subsequent siblings)
372 siblings, 0 replies; 396+ messages in thread
From: Greg Kroah-Hartman @ 2023-09-20 11:30 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Thomas Bourgoin, Herbert Xu
5.4-stable review patch. If anyone has any objections, please let me know.
------------------
From: Thomas Bourgoin <thomas.bourgoin@foss.st.com>
commit d9c83f71eeceed2cb54bb78be84f2d4055fd9a1f upstream.
We were reading the length of the scatterlist sg after copying value of
tsg inside.
So we are using the size of the previous scatterlist and for the first
one we are using an unitialised value.
Fix this by copying tsg in sg[0] before reading the size.
Fixes : 8a1012d3f2ab ("crypto: stm32 - Support for STM32 HASH module")
Cc: stable@vger.kernel.org
Signed-off-by: Thomas Bourgoin <thomas.bourgoin@foss.st.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/crypto/stm32/stm32-hash.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/drivers/crypto/stm32/stm32-hash.c
+++ b/drivers/crypto/stm32/stm32-hash.c
@@ -562,9 +562,9 @@ static int stm32_hash_dma_send(struct st
}
for_each_sg(rctx->sg, tsg, rctx->nents, i) {
+ sg[0] = *tsg;
len = sg->length;
- sg[0] = *tsg;
if (sg_is_last(sg)) {
if (hdev->dma_mode == 1) {
len = (ALIGN(sg->length, 16) - 16);
^ permalink raw reply [flat|nested] 396+ messages in thread
* [PATCH 5.4 233/367] cpufreq: brcmstb-avs-cpufreq: Fix -Warray-bounds bug
2023-09-20 11:26 [PATCH 5.4 000/367] 5.4.257-rc1 review Greg Kroah-Hartman
` (231 preceding siblings ...)
2023-09-20 11:30 ` [PATCH 5.4 232/367] crypto: stm32 - fix loop iterating through scatterlist for DMA Greg Kroah-Hartman
@ 2023-09-20 11:30 ` Greg Kroah-Hartman
2023-09-20 11:30 ` [PATCH 5.4 234/367] sc16is7xx: Set iobase to device index Greg Kroah-Hartman
` (139 subsequent siblings)
372 siblings, 0 replies; 396+ messages in thread
From: Greg Kroah-Hartman @ 2023-09-20 11:30 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Gustavo A. R. Silva,
Florian Fainelli, Viresh Kumar
5.4-stable review patch. If anyone has any objections, please let me know.
------------------
From: Gustavo A. R. Silva <gustavoars@kernel.org>
commit e520d0b6be950ce3738cf4b9bd3b392be818f1dc upstream.
Allocate extra space for terminating element at:
drivers/cpufreq/brcmstb-avs-cpufreq.c:
449 table[i].frequency = CPUFREQ_TABLE_END;
and add code comment to make this clear.
This fixes the following -Warray-bounds warning seen after building
ARM with multi_v7_defconfig (GCC 13):
In function 'brcm_avs_get_freq_table',
inlined from 'brcm_avs_cpufreq_init' at drivers/cpufreq/brcmstb-avs-cpufreq.c:623:15:
drivers/cpufreq/brcmstb-avs-cpufreq.c:449:28: warning: array subscript 5 is outside array bounds of 'void[60]' [-Warray-bounds=]
449 | table[i].frequency = CPUFREQ_TABLE_END;
In file included from include/linux/node.h:18,
from include/linux/cpu.h:17,
from include/linux/cpufreq.h:12,
from drivers/cpufreq/brcmstb-avs-cpufreq.c:44:
In function 'devm_kmalloc_array',
inlined from 'devm_kcalloc' at include/linux/device.h:328:9,
inlined from 'brcm_avs_get_freq_table' at drivers/cpufreq/brcmstb-avs-cpufreq.c:437:10,
inlined from 'brcm_avs_cpufreq_init' at drivers/cpufreq/brcmstb-avs-cpufreq.c:623:15:
include/linux/device.h:323:16: note: at offset 60 into object of size 60 allocated by 'devm_kmalloc'
323 | return devm_kmalloc(dev, bytes, flags);
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
This helps with the ongoing efforts to tighten the FORTIFY_SOURCE
routines on memcpy() and help us make progress towards globally
enabling -Warray-bounds.
Link: https://github.com/KSPP/linux/issues/324
Fixes: de322e085995 ("cpufreq: brcmstb-avs-cpufreq: AVS CPUfreq driver for Broadcom STB SoCs")
Cc: stable@vger.kernel.org
Signed-off-by: Gustavo A. R. Silva <gustavoars@kernel.org>
Reviewed-by: Florian Fainelli <florian.fainelli@broadcom.com>
Signed-off-by: Viresh Kumar <viresh.kumar@linaro.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/cpufreq/brcmstb-avs-cpufreq.c | 6 +++++-
1 file changed, 5 insertions(+), 1 deletion(-)
--- a/drivers/cpufreq/brcmstb-avs-cpufreq.c
+++ b/drivers/cpufreq/brcmstb-avs-cpufreq.c
@@ -410,7 +410,11 @@ brcm_avs_get_freq_table(struct device *d
if (ret)
return ERR_PTR(ret);
- table = devm_kcalloc(dev, AVS_PSTATE_MAX + 1, sizeof(*table),
+ /*
+ * We allocate space for the 5 different P-STATES AVS,
+ * plus extra space for a terminating element.
+ */
+ table = devm_kcalloc(dev, AVS_PSTATE_MAX + 1 + 1, sizeof(*table),
GFP_KERNEL);
if (!table)
return ERR_PTR(-ENOMEM);
^ permalink raw reply [flat|nested] 396+ messages in thread
* [PATCH 5.4 234/367] sc16is7xx: Set iobase to device index
2023-09-20 11:26 [PATCH 5.4 000/367] 5.4.257-rc1 review Greg Kroah-Hartman
` (232 preceding siblings ...)
2023-09-20 11:30 ` [PATCH 5.4 233/367] cpufreq: brcmstb-avs-cpufreq: Fix -Warray-bounds bug Greg Kroah-Hartman
@ 2023-09-20 11:30 ` Greg Kroah-Hartman
2023-09-20 11:30 ` [PATCH 5.4 235/367] serial: sc16is7xx: fix broken port 0 uart init Greg Kroah-Hartman
` (138 subsequent siblings)
372 siblings, 0 replies; 396+ messages in thread
From: Greg Kroah-Hartman @ 2023-09-20 11:30 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Daniel Mack, Sasha Levin
5.4-stable review patch. If anyone has any objections, please let me know.
------------------
From: Daniel Mack <daniel@zonque.org>
[ Upstream commit 5da6b1c079e6804a81e63ab8337224cbd2148c91 ]
Some derivates of sc16is7xx devices expose more than one tty device to
userspace. If multiple such devices exist in a system, userspace
currently has no clean way to infer which tty maps to which physical
line.
Set the .iobase value to the relative index within the device to allow
infering the order through sysfs.
Signed-off-by: Daniel Mack <daniel@zonque.org>
Link: https://lore.kernel.org/r/20200901120329.4176302-1-daniel@zonque.org
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Stable-dep-of: 2861ed4d6e6d ("serial: sc16is7xx: fix broken port 0 uart init")
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/tty/serial/sc16is7xx.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/drivers/tty/serial/sc16is7xx.c b/drivers/tty/serial/sc16is7xx.c
index d8b015335009b..9b68725d4e9ba 100644
--- a/drivers/tty/serial/sc16is7xx.c
+++ b/drivers/tty/serial/sc16is7xx.c
@@ -1270,6 +1270,7 @@ static int sc16is7xx_probe(struct device *dev,
s->p[i].port.type = PORT_SC16IS7XX;
s->p[i].port.fifosize = SC16IS7XX_FIFO_SIZE;
s->p[i].port.flags = UPF_FIXED_TYPE | UPF_LOW_LATENCY;
+ s->p[i].port.iobase = i;
s->p[i].port.iotype = UPIO_PORT;
s->p[i].port.uartclk = freq;
s->p[i].port.rs485_config = sc16is7xx_config_rs485;
--
2.40.1
^ permalink raw reply related [flat|nested] 396+ messages in thread
* [PATCH 5.4 235/367] serial: sc16is7xx: fix broken port 0 uart init
2023-09-20 11:26 [PATCH 5.4 000/367] 5.4.257-rc1 review Greg Kroah-Hartman
` (233 preceding siblings ...)
2023-09-20 11:30 ` [PATCH 5.4 234/367] sc16is7xx: Set iobase to device index Greg Kroah-Hartman
@ 2023-09-20 11:30 ` Greg Kroah-Hartman
2023-09-20 11:30 ` [PATCH 5.4 236/367] usb: typec: tcpci: clear the fault status bit Greg Kroah-Hartman
` (137 subsequent siblings)
372 siblings, 0 replies; 396+ messages in thread
From: Greg Kroah-Hartman @ 2023-09-20 11:30 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Hugo Villeneuve, Ilpo Järvinen,
Lech Perczak, Sasha Levin
5.4-stable review patch. If anyone has any objections, please let me know.
------------------
From: Hugo Villeneuve <hvilleneuve@dimonoff.com>
[ Upstream commit 2861ed4d6e6d1a2c9de9bf5b0abd996c2dc673d0 ]
The sc16is7xx_config_rs485() function is called only for the second
port (index 1, channel B), causing initialization problems for the
first port.
For the sc16is7xx driver, port->membase and port->mapbase are not set,
and their default values are 0. And we set port->iobase to the device
index. This means that when the first device is registered using the
uart_add_one_port() function, the following values will be in the port
structure:
port->membase = 0
port->mapbase = 0
port->iobase = 0
Therefore, the function uart_configure_port() in serial_core.c will
exit early because of the following check:
/*
* If there isn't a port here, don't do anything further.
*/
if (!port->iobase && !port->mapbase && !port->membase)
return;
Typically, I2C and SPI drivers do not set port->membase and
port->mapbase.
The max310x driver sets port->membase to ~0 (all ones). By
implementing the same change in this driver, uart_configure_port() is
now correctly executed for all ports.
Fixes: dfeae619d781 ("serial: sc16is7xx")
Cc: stable@vger.kernel.org
Signed-off-by: Hugo Villeneuve <hvilleneuve@dimonoff.com>
Reviewed-by: Ilpo Järvinen <ilpo.jarvinen@linux.intel.com>
Reviewed-by: Lech Perczak <lech.perczak@camlingroup.com>
Tested-by: Lech Perczak <lech.perczak@camlingroup.com>
Link: https://lore.kernel.org/r/20230807214556.540627-2-hugo@hugovil.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/tty/serial/sc16is7xx.c | 6 ++++++
1 file changed, 6 insertions(+)
diff --git a/drivers/tty/serial/sc16is7xx.c b/drivers/tty/serial/sc16is7xx.c
index 9b68725d4e9ba..091cf5fe90304 100644
--- a/drivers/tty/serial/sc16is7xx.c
+++ b/drivers/tty/serial/sc16is7xx.c
@@ -1271,6 +1271,12 @@ static int sc16is7xx_probe(struct device *dev,
s->p[i].port.fifosize = SC16IS7XX_FIFO_SIZE;
s->p[i].port.flags = UPF_FIXED_TYPE | UPF_LOW_LATENCY;
s->p[i].port.iobase = i;
+ /*
+ * Use all ones as membase to make sure uart_configure_port() in
+ * serial_core.c does not abort for SPI/I2C devices where the
+ * membase address is not applicable.
+ */
+ s->p[i].port.membase = (void __iomem *)~0;
s->p[i].port.iotype = UPIO_PORT;
s->p[i].port.uartclk = freq;
s->p[i].port.rs485_config = sc16is7xx_config_rs485;
--
2.40.1
^ permalink raw reply related [flat|nested] 396+ messages in thread
* [PATCH 5.4 236/367] usb: typec: tcpci: clear the fault status bit
2023-09-20 11:26 [PATCH 5.4 000/367] 5.4.257-rc1 review Greg Kroah-Hartman
` (234 preceding siblings ...)
2023-09-20 11:30 ` [PATCH 5.4 235/367] serial: sc16is7xx: fix broken port 0 uart init Greg Kroah-Hartman
@ 2023-09-20 11:30 ` Greg Kroah-Hartman
2023-09-20 11:30 ` [PATCH 5.4 237/367] udf: initialize newblock to 0 Greg Kroah-Hartman
` (136 subsequent siblings)
372 siblings, 0 replies; 396+ messages in thread
From: Greg Kroah-Hartman @ 2023-09-20 11:30 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Angus Ainslie (Purism),
Christian Bach, Marco Felsch, Fabio Estevam, Guenter Roeck,
Sasha Levin
5.4-stable review patch. If anyone has any objections, please let me know.
------------------
From: Marco Felsch <m.felsch@pengutronix.de>
[ Upstream commit 23e60c8daf5ec2ab1b731310761b668745fcf6ed ]
According the "USB Type-C Port Controller Interface Specification v2.0"
the TCPC sets the fault status register bit-7
(AllRegistersResetToDefault) once the registers have been reset to
their default values.
This triggers an alert(-irq) on PTN5110 devices albeit we do mask the
fault-irq, which may cause a kernel hang. Fix this generically by writing
a one to the corresponding bit-7.
Cc: stable@vger.kernel.org
Fixes: 74e656d6b055 ("staging: typec: Type-C Port Controller Interface driver (tcpci)")
Reported-by: "Angus Ainslie (Purism)" <angus@akkea.ca>
Closes: https://lore.kernel.org/all/20190508002749.14816-2-angus@akkea.ca/
Reported-by: Christian Bach <christian.bach@scs.ch>
Closes: https://lore.kernel.org/regressions/ZR0P278MB07737E5F1D48632897D51AC3EB329@ZR0P278MB0773.CHEP278.PROD.OUTLOOK.COM/t/
Signed-off-by: Marco Felsch <m.felsch@pengutronix.de>
Signed-off-by: Fabio Estevam <festevam@denx.de>
Reviewed-by: Guenter Roeck <linux@roeck-us.net>
Link: https://lore.kernel.org/r/20230816172502.1155079-1-festevam@gmail.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/usb/typec/tcpm/tcpci.c | 4 ++++
drivers/usb/typec/tcpm/tcpci.h | 1 +
2 files changed, 5 insertions(+)
diff --git a/drivers/usb/typec/tcpm/tcpci.c b/drivers/usb/typec/tcpm/tcpci.c
index 84b23ae48aeec..ccb72875c8ee5 100644
--- a/drivers/usb/typec/tcpm/tcpci.c
+++ b/drivers/usb/typec/tcpm/tcpci.c
@@ -379,6 +379,10 @@ static int tcpci_init(struct tcpc_dev *tcpc)
if (time_after(jiffies, timeout))
return -ETIMEDOUT;
+ ret = tcpci_write16(tcpci, TCPC_FAULT_STATUS, TCPC_FAULT_STATUS_ALL_REG_RST_TO_DEFAULT);
+ if (ret < 0)
+ return ret;
+
/* Handle vendor init */
if (tcpci->data->init) {
ret = tcpci->data->init(tcpci, tcpci->data);
diff --git a/drivers/usb/typec/tcpm/tcpci.h b/drivers/usb/typec/tcpm/tcpci.h
index 303ebde265465..dcf60399f161f 100644
--- a/drivers/usb/typec/tcpm/tcpci.h
+++ b/drivers/usb/typec/tcpm/tcpci.h
@@ -72,6 +72,7 @@
#define TCPC_POWER_STATUS_VBUS_PRES BIT(2)
#define TCPC_FAULT_STATUS 0x1f
+#define TCPC_FAULT_STATUS_ALL_REG_RST_TO_DEFAULT BIT(7)
#define TCPC_COMMAND 0x23
#define TCPC_CMD_WAKE_I2C 0x11
--
2.40.1
^ permalink raw reply related [flat|nested] 396+ messages in thread
* [PATCH 5.4 237/367] udf: initialize newblock to 0
2023-09-20 11:26 [PATCH 5.4 000/367] 5.4.257-rc1 review Greg Kroah-Hartman
` (235 preceding siblings ...)
2023-09-20 11:30 ` [PATCH 5.4 236/367] usb: typec: tcpci: clear the fault status bit Greg Kroah-Hartman
@ 2023-09-20 11:30 ` Greg Kroah-Hartman
2023-09-20 11:30 ` [PATCH 5.4 238/367] drm: fix double free for gbo in drm_gem_vram_init and drm_gem_vram_create Greg Kroah-Hartman
` (135 subsequent siblings)
372 siblings, 0 replies; 396+ messages in thread
From: Greg Kroah-Hartman @ 2023-09-20 11:30 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Nathan Chancellor, Tom Rix, Jan Kara
5.4-stable review patch. If anyone has any objections, please let me know.
------------------
From: Tom Rix <trix@redhat.com>
commit 23970a1c9475b305770fd37bebfec7a10f263787 upstream.
The clang build reports this error
fs/udf/inode.c:805:6: error: variable 'newblock' is used uninitialized whenever 'if' condition is true [-Werror,-Wsometimes-uninitialized]
if (*err < 0)
^~~~~~~~
newblock is never set before error handling jump.
Initialize newblock to 0 and remove redundant settings.
Fixes: d8b39db5fab8 ("udf: Handle error when adding extent to a file")
Reported-by: Nathan Chancellor <nathan@kernel.org>
Signed-off-by: Tom Rix <trix@redhat.com>
Signed-off-by: Jan Kara <jack@suse.cz>
Message-Id: <20221230175341.1629734-1-trix@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/udf/inode.c | 4 +---
1 file changed, 1 insertion(+), 3 deletions(-)
--- a/fs/udf/inode.c
+++ b/fs/udf/inode.c
@@ -698,7 +698,7 @@ static sector_t inode_getblk(struct inod
struct kernel_lb_addr eloc, tmpeloc;
int c = 1;
loff_t lbcount = 0, b_off = 0;
- udf_pblk_t newblocknum, newblock;
+ udf_pblk_t newblocknum, newblock = 0;
sector_t offset = 0;
int8_t etype;
struct udf_inode_info *iinfo = UDF_I(inode);
@@ -801,7 +801,6 @@ static sector_t inode_getblk(struct inod
ret = udf_do_extend_file(inode, &prev_epos, laarr, hole_len);
if (ret < 0) {
*err = ret;
- newblock = 0;
goto out_free;
}
c = 0;
@@ -864,7 +863,6 @@ static sector_t inode_getblk(struct inod
goal, err);
if (!newblocknum) {
*err = -ENOSPC;
- newblock = 0;
goto out_free;
}
if (isBeyondEOF)
^ permalink raw reply [flat|nested] 396+ messages in thread
* [PATCH 5.4 238/367] drm: fix double free for gbo in drm_gem_vram_init and drm_gem_vram_create
2023-09-20 11:26 [PATCH 5.4 000/367] 5.4.257-rc1 review Greg Kroah-Hartman
` (236 preceding siblings ...)
2023-09-20 11:30 ` [PATCH 5.4 237/367] udf: initialize newblock to 0 Greg Kroah-Hartman
@ 2023-09-20 11:30 ` Greg Kroah-Hartman
2023-09-20 11:30 ` [PATCH 5.4 239/367] net/ipv6: SKB symmetric hash should incorporate transport ports Greg Kroah-Hartman
` (134 subsequent siblings)
372 siblings, 0 replies; 396+ messages in thread
From: Greg Kroah-Hartman @ 2023-09-20 11:30 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Hulk Robot, butt3rflyh4ck,
x kaneiki, Jia Yang, Thomas Zimmermann
5.4-stable review patch. If anyone has any objections, please let me know.
------------------
From: Jia Yang <jiayang5@huawei.com>
commit da62cb7230f0871c30dc9789071f63229158d261 upstream.
I got a use-after-free report when doing some fuzz test:
If ttm_bo_init() fails, the "gbo" and "gbo->bo.base" will be
freed by ttm_buffer_object_destroy() in ttm_bo_init(). But
then drm_gem_vram_create() and drm_gem_vram_init() will free
"gbo" and "gbo->bo.base" again.
BUG: KMSAN: use-after-free in drm_vma_offset_remove+0xb3/0x150
CPU: 0 PID: 24282 Comm: syz-executor.1 Tainted: G B W 5.7.0-rc4-msan #2
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS Ubuntu-1.8.2-1ubuntu1 04/01/2014
Call Trace:
__dump_stack
dump_stack+0x1c9/0x220
kmsan_report+0xf7/0x1e0
__msan_warning+0x58/0xa0
drm_vma_offset_remove+0xb3/0x150
drm_gem_free_mmap_offset
drm_gem_object_release+0x159/0x180
drm_gem_vram_init
drm_gem_vram_create+0x7c5/0x990
drm_gem_vram_fill_create_dumb
drm_gem_vram_driver_dumb_create+0x238/0x590
drm_mode_create_dumb
drm_mode_create_dumb_ioctl+0x41d/0x450
drm_ioctl_kernel+0x5a4/0x710
drm_ioctl+0xc6f/0x1240
vfs_ioctl
ksys_ioctl
__do_sys_ioctl
__se_sys_ioctl+0x2e9/0x410
__x64_sys_ioctl+0x4a/0x70
do_syscall_64+0xb8/0x160
entry_SYSCALL_64_after_hwframe+0x44/0xa9
RIP: 0033:0x4689b9
Code: fd e0 fa ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb e0 fa ff c3 66 2e 0f 1f 84 00 00 00 00
RSP: 002b:00007f368fa4dc98 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
RAX: ffffffffffffffda RBX: 000000000076bf00 RCX: 00000000004689b9
RDX: 0000000020000240 RSI: 00000000c02064b2 RDI: 0000000000000003
RBP: 0000000000000004 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 00000000004d17e0 R14: 00007f368fa4e6d4 R15: 000000000076bf0c
Uninit was created at:
kmsan_save_stack_with_flags
kmsan_internal_poison_shadow+0x66/0xd0
kmsan_slab_free+0x6e/0xb0
slab_free_freelist_hook
slab_free
kfree+0x571/0x30a0
drm_gem_vram_destroy
ttm_buffer_object_destroy+0xc8/0x130
ttm_bo_release
kref_put
ttm_bo_put+0x117d/0x23e0
ttm_bo_init_reserved+0x11c0/0x11d0
ttm_bo_init+0x289/0x3f0
drm_gem_vram_init
drm_gem_vram_create+0x775/0x990
drm_gem_vram_fill_create_dumb
drm_gem_vram_driver_dumb_create+0x238/0x590
drm_mode_create_dumb
drm_mode_create_dumb_ioctl+0x41d/0x450
drm_ioctl_kernel+0x5a4/0x710
drm_ioctl+0xc6f/0x1240
vfs_ioctl
ksys_ioctl
__do_sys_ioctl
__se_sys_ioctl+0x2e9/0x410
__x64_sys_ioctl+0x4a/0x70
do_syscall_64+0xb8/0x160
entry_SYSCALL_64_after_hwframe+0x44/0xa9
If ttm_bo_init() fails, the "gbo" will be freed by
ttm_buffer_object_destroy() in ttm_bo_init(). But then
drm_gem_vram_create() and drm_gem_vram_init() will free
"gbo" again.
Reported-by: Hulk Robot <hulkci@huawei.com>
Reported-by: butt3rflyh4ck <butterflyhuangxx@gmail.com>
Cc: x kaneiki <xkaneiki@gmail.com>
Signed-off-by: Jia Yang <jiayang5@huawei.com>
Signed-off-by: Thomas Zimmermann <tzimmermann@suse.de>
Reviewed-by: Thomas Zimmermann <tzimmermann@suse.de>
Link: https://patchwork.freedesktop.org/patch/msgid/20200714083238.28479-2-tzimmermann@suse.de
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/gpu/drm/drm_gem_vram_helper.c | 24 +++++++++++++-----------
1 file changed, 13 insertions(+), 11 deletions(-)
--- a/drivers/gpu/drm/drm_gem_vram_helper.c
+++ b/drivers/gpu/drm/drm_gem_vram_helper.c
@@ -73,6 +73,10 @@ static void drm_gem_vram_placement(struc
}
}
+/*
+ * Note that on error, drm_gem_vram_init will free the buffer object.
+ */
+
static int drm_gem_vram_init(struct drm_device *dev,
struct ttm_bo_device *bdev,
struct drm_gem_vram_object *gbo,
@@ -86,8 +90,10 @@ static int drm_gem_vram_init(struct drm_
gbo->bo.base.funcs = &drm_gem_vram_object_funcs;
ret = drm_gem_object_init(dev, &gbo->bo.base, size);
- if (ret)
+ if (ret) {
+ kfree(gbo);
return ret;
+ }
acc_size = ttm_bo_dma_acc_size(bdev, size, sizeof(*gbo));
@@ -98,13 +104,13 @@ static int drm_gem_vram_init(struct drm_
&gbo->placement, pg_align, interruptible, acc_size,
NULL, NULL, ttm_buffer_object_destroy);
if (ret)
- goto err_drm_gem_object_release;
+ /*
+ * A failing ttm_bo_init will call ttm_buffer_object_destroy
+ * to release gbo->bo.base and kfree gbo.
+ */
+ return ret;
return 0;
-
-err_drm_gem_object_release:
- drm_gem_object_release(&gbo->bo.base);
- return ret;
}
/**
@@ -134,13 +140,9 @@ struct drm_gem_vram_object *drm_gem_vram
ret = drm_gem_vram_init(dev, bdev, gbo, size, pg_align, interruptible);
if (ret < 0)
- goto err_kfree;
+ return ERR_PTR(ret);
return gbo;
-
-err_kfree:
- kfree(gbo);
- return ERR_PTR(ret);
}
EXPORT_SYMBOL(drm_gem_vram_create);
^ permalink raw reply [flat|nested] 396+ messages in thread
* [PATCH 5.4 239/367] net/ipv6: SKB symmetric hash should incorporate transport ports
2023-09-20 11:26 [PATCH 5.4 000/367] 5.4.257-rc1 review Greg Kroah-Hartman
` (237 preceding siblings ...)
2023-09-20 11:30 ` [PATCH 5.4 238/367] drm: fix double free for gbo in drm_gem_vram_init and drm_gem_vram_create Greg Kroah-Hartman
@ 2023-09-20 11:30 ` Greg Kroah-Hartman
2023-09-20 11:30 ` [PATCH 5.4 240/367] scsi: qla2xxx: fix inconsistent TMF timeout Greg Kroah-Hartman
` (133 subsequent siblings)
372 siblings, 0 replies; 396+ messages in thread
From: Greg Kroah-Hartman @ 2023-09-20 11:30 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Lars Ekman, Quan Tian, Eric Dumazet,
David S. Miller
5.4-stable review patch. If anyone has any objections, please let me know.
------------------
From: Quan Tian <qtian@vmware.com>
commit a5e2151ff9d5852d0ababbbcaeebd9646af9c8d9 upstream.
__skb_get_hash_symmetric() was added to compute a symmetric hash over
the protocol, addresses and transport ports, by commit eb70db875671
("packet: Use symmetric hash for PACKET_FANOUT_HASH."). It uses
flow_keys_dissector_symmetric_keys as the flow_dissector to incorporate
IPv4 addresses, IPv6 addresses and ports. However, it should not specify
the flag as FLOW_DISSECTOR_F_STOP_AT_FLOW_LABEL, which stops further
dissection when an IPv6 flow label is encountered, making transport
ports not being incorporated in such case.
As a consequence, the symmetric hash is based on 5-tuple for IPv4 but
3-tuple for IPv6 when flow label is present. It caused a few problems,
e.g. when nft symhash and openvswitch l4_sym rely on the symmetric hash
to perform load balancing as different L4 flows between two given IPv6
addresses would always get the same symmetric hash, leading to uneven
traffic distribution.
Removing the use of FLOW_DISSECTOR_F_STOP_AT_FLOW_LABEL makes sure the
symmetric hash is based on 5-tuple for both IPv4 and IPv6 consistently.
Fixes: eb70db875671 ("packet: Use symmetric hash for PACKET_FANOUT_HASH.")
Reported-by: Lars Ekman <uablrek@gmail.com>
Closes: https://github.com/antrea-io/antrea/issues/5457
Signed-off-by: Quan Tian <qtian@vmware.com>
Reviewed-by: Eric Dumazet <edumazet@google.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
net/core/flow_dissector.c | 3 +--
1 file changed, 1 insertion(+), 2 deletions(-)
--- a/net/core/flow_dissector.c
+++ b/net/core/flow_dissector.c
@@ -1564,8 +1564,7 @@ u32 __skb_get_hash_symmetric(const struc
memset(&keys, 0, sizeof(keys));
__skb_flow_dissect(NULL, skb, &flow_keys_dissector_symmetric,
- &keys, NULL, 0, 0, 0,
- FLOW_DISSECTOR_F_STOP_AT_FLOW_LABEL);
+ &keys, NULL, 0, 0, 0, 0);
return __flow_hash_from_keys(&keys, &hashrnd);
}
^ permalink raw reply [flat|nested] 396+ messages in thread
* [PATCH 5.4 240/367] scsi: qla2xxx: fix inconsistent TMF timeout
2023-09-20 11:26 [PATCH 5.4 000/367] 5.4.257-rc1 review Greg Kroah-Hartman
` (238 preceding siblings ...)
2023-09-20 11:30 ` [PATCH 5.4 239/367] net/ipv6: SKB symmetric hash should incorporate transport ports Greg Kroah-Hartman
@ 2023-09-20 11:30 ` Greg Kroah-Hartman
2023-09-20 11:30 ` [PATCH 5.4 241/367] scsi: qla2xxx: Fix erroneous link up failure Greg Kroah-Hartman
` (132 subsequent siblings)
372 siblings, 0 replies; 396+ messages in thread
From: Greg Kroah-Hartman @ 2023-09-20 11:30 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Quinn Tran, Nilesh Javali,
Himanshu Madhani, Martin K. Petersen
5.4-stable review patch. If anyone has any objections, please let me know.
------------------
From: Quinn Tran <qutran@marvell.com>
commit 009e7fe4a1ed52276b332842a6b6e23b07200f2d upstream.
Different behavior were experienced of session being torn down vs not when
TMF is timed out. When FW detects the time out, the session is torn down.
When driver detects the time out, the session is not torn down.
Allow TMF error to return to upper layer without session tear down.
Cc: stable@vger.kernel.org
Signed-off-by: Quinn Tran <qutran@marvell.com>
Signed-off-by: Nilesh Javali <njavali@marvell.com>
Link: https://lore.kernel.org/r/20230714070104.40052-10-njavali@marvell.com
Reviewed-by: Himanshu Madhani <himanshu.madhani@oracle.com>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/scsi/qla2xxx/qla_isr.c | 1 -
1 file changed, 1 deletion(-)
--- a/drivers/scsi/qla2xxx/qla_isr.c
+++ b/drivers/scsi/qla2xxx/qla_isr.c
@@ -2711,7 +2711,6 @@ check_scsi_status:
case CS_PORT_BUSY:
case CS_INCOMPLETE:
case CS_PORT_UNAVAILABLE:
- case CS_TIMEOUT:
case CS_RESET:
/*
^ permalink raw reply [flat|nested] 396+ messages in thread
* [PATCH 5.4 241/367] scsi: qla2xxx: Fix erroneous link up failure
2023-09-20 11:26 [PATCH 5.4 000/367] 5.4.257-rc1 review Greg Kroah-Hartman
` (239 preceding siblings ...)
2023-09-20 11:30 ` [PATCH 5.4 240/367] scsi: qla2xxx: fix inconsistent TMF timeout Greg Kroah-Hartman
@ 2023-09-20 11:30 ` Greg Kroah-Hartman
2023-09-20 11:30 ` [PATCH 5.4 242/367] scsi: qla2xxx: Turn off noisy message log Greg Kroah-Hartman
` (131 subsequent siblings)
372 siblings, 0 replies; 396+ messages in thread
From: Greg Kroah-Hartman @ 2023-09-20 11:30 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Quinn Tran, Nilesh Javali,
Himanshu Madhani, Martin K. Petersen
5.4-stable review patch. If anyone has any objections, please let me know.
------------------
From: Quinn Tran <qutran@marvell.com>
commit 5b51f35d127e7bef55fa869d2465e2bca4636454 upstream.
Link up failure occurred where driver failed to see certain events from FW
indicating link up (AEN 8011) and fabric login completion (AEN 8014).
Without these 2 events, driver would not proceed forward to scan the
fabric. The cause of this is due to delay in the receive of interrupt for
Mailbox 60 that causes qla to set the fw_started flag late. The late
setting of this flag causes other interrupts to be dropped. These dropped
interrupts happen to be the link up (AEN 8011) and fabric login completion
(AEN 8014).
Set fw_started flag early to prevent interrupts being dropped.
Cc: stable@vger.kernel.org
Signed-off-by: Quinn Tran <qutran@marvell.com>
Signed-off-by: Nilesh Javali <njavali@marvell.com>
Link: https://lore.kernel.org/r/20230714070104.40052-6-njavali@marvell.com
Reviewed-by: Himanshu Madhani <himanshu.madhani@oracle.com>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/scsi/qla2xxx/qla_init.c | 3 ++-
drivers/scsi/qla2xxx/qla_isr.c | 6 +++++-
2 files changed, 7 insertions(+), 2 deletions(-)
--- a/drivers/scsi/qla2xxx/qla_init.c
+++ b/drivers/scsi/qla2xxx/qla_init.c
@@ -4176,15 +4176,16 @@ qla2x00_init_rings(scsi_qla_host_t *vha)
(ha->flags.fawwpn_enabled) ? "enabled" : "disabled");
}
+ QLA_FW_STARTED(ha);
rval = qla2x00_init_firmware(vha, ha->init_cb_size);
next_check:
if (rval) {
+ QLA_FW_STOPPED(ha);
ql_log(ql_log_fatal, vha, 0x00d2,
"Init Firmware **** FAILED ****.\n");
} else {
ql_dbg(ql_dbg_init, vha, 0x00d3,
"Init Firmware -- success.\n");
- QLA_FW_STARTED(ha);
vha->u_ql2xexchoffld = vha->u_ql2xiniexchg = 0;
}
--- a/drivers/scsi/qla2xxx/qla_isr.c
+++ b/drivers/scsi/qla2xxx/qla_isr.c
@@ -639,8 +639,12 @@ qla2x00_async_event(scsi_qla_host_t *vha
unsigned long flags;
fc_port_t *fcport = NULL;
- if (!vha->hw->flags.fw_started)
+ if (!vha->hw->flags.fw_started) {
+ ql_log(ql_log_warn, vha, 0x50ff,
+ "Dropping AEN - %04x %04x %04x %04x.\n",
+ mb[0], mb[1], mb[2], mb[3]);
return;
+ }
/* Setup to process RIO completion. */
handle_cnt = 0;
^ permalink raw reply [flat|nested] 396+ messages in thread
* [PATCH 5.4 242/367] scsi: qla2xxx: Turn off noisy message log
2023-09-20 11:26 [PATCH 5.4 000/367] 5.4.257-rc1 review Greg Kroah-Hartman
` (240 preceding siblings ...)
2023-09-20 11:30 ` [PATCH 5.4 241/367] scsi: qla2xxx: Fix erroneous link up failure Greg Kroah-Hartman
@ 2023-09-20 11:30 ` Greg Kroah-Hartman
2023-09-20 11:30 ` [PATCH 5.4 243/367] scsi: qla2xxx: Remove unsupported ql2xenabledif option Greg Kroah-Hartman
` (130 subsequent siblings)
372 siblings, 0 replies; 396+ messages in thread
From: Greg Kroah-Hartman @ 2023-09-20 11:30 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Quinn Tran, Nilesh Javali,
Himanshu Madhani, Martin K. Petersen
5.4-stable review patch. If anyone has any objections, please let me know.
------------------
From: Quinn Tran <qutran@marvell.com>
commit 8ebaa45163a3fedc885c1dc7d43ea987a2f00a06 upstream.
Some consider noisy log as test failure. Turn off noisy message log.
Cc: stable@vger.kernel.org
Signed-off-by: Quinn Tran <qutran@marvell.com>
Signed-off-by: Nilesh Javali <njavali@marvell.com>
Link: https://lore.kernel.org/r/20230714070104.40052-8-njavali@marvell.com
Reviewed-by: Himanshu Madhani <himanshu.madhani@oracle.com>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/scsi/qla2xxx/qla_nvme.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/drivers/scsi/qla2xxx/qla_nvme.c
+++ b/drivers/scsi/qla2xxx/qla_nvme.c
@@ -577,7 +577,7 @@ static int qla_nvme_post_cmd(struct nvme
rval = qla2x00_start_nvme_mq(sp);
if (rval != QLA_SUCCESS) {
- ql_log(ql_log_warn, vha, 0x212d,
+ ql_dbg(ql_dbg_io + ql_dbg_verbose, vha, 0x212d,
"qla2x00_start_nvme_mq failed = %d\n", rval);
sp->priv = NULL;
priv->sp = NULL;
^ permalink raw reply [flat|nested] 396+ messages in thread
* [PATCH 5.4 243/367] scsi: qla2xxx: Remove unsupported ql2xenabledif option
2023-09-20 11:26 [PATCH 5.4 000/367] 5.4.257-rc1 review Greg Kroah-Hartman
` (241 preceding siblings ...)
2023-09-20 11:30 ` [PATCH 5.4 242/367] scsi: qla2xxx: Turn off noisy message log Greg Kroah-Hartman
@ 2023-09-20 11:30 ` Greg Kroah-Hartman
2023-09-20 11:30 ` [PATCH 5.4 244/367] fbdev/ep93xx-fb: Do not assign to struct fb_info.dev Greg Kroah-Hartman
` (129 subsequent siblings)
372 siblings, 0 replies; 396+ messages in thread
From: Greg Kroah-Hartman @ 2023-09-20 11:30 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Manish Rangankar, Nilesh Javali,
Himanshu Madhani, Martin K. Petersen
5.4-stable review patch. If anyone has any objections, please let me know.
------------------
From: Manish Rangankar <mrangankar@marvell.com>
commit e9105c4b7a9208a21a9bda133707624f12ddabc2 upstream.
User accidently passed module parameter ql2xenabledif=1 which is
unsupported. However, driver still initialized which lead to guard tag
errors during device discovery.
Remove unsupported ql2xenabledif=1 option and validate the user input.
Cc: stable@vger.kernel.org
Signed-off-by: Manish Rangankar <mrangankar@marvell.com>
Signed-off-by: Nilesh Javali <njavali@marvell.com>
Link: https://lore.kernel.org/r/20230821130045.34850-7-njavali@marvell.com
Reviewed-by: Himanshu Madhani <himanshu.madhani@oracle.com>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/scsi/qla2xxx/qla_attr.c | 2 --
drivers/scsi/qla2xxx/qla_dbg.c | 2 +-
drivers/scsi/qla2xxx/qla_os.c | 9 +++++++--
3 files changed, 8 insertions(+), 5 deletions(-)
--- a/drivers/scsi/qla2xxx/qla_attr.c
+++ b/drivers/scsi/qla2xxx/qla_attr.c
@@ -2864,8 +2864,6 @@ qla24xx_vport_create(struct fc_vport *fc
vha->flags.difdix_supported = 1;
ql_dbg(ql_dbg_user, vha, 0x7082,
"Registered for DIF/DIX type 1 and 3 protection.\n");
- if (ql2xenabledif == 1)
- prot = SHOST_DIX_TYPE0_PROTECTION;
scsi_host_set_prot(vha->host,
prot | SHOST_DIF_TYPE1_PROTECTION
| SHOST_DIF_TYPE2_PROTECTION
--- a/drivers/scsi/qla2xxx/qla_dbg.c
+++ b/drivers/scsi/qla2xxx/qla_dbg.c
@@ -22,7 +22,7 @@
* | Queue Command and IO tracing | 0x3074 | 0x300b |
* | | | 0x3027-0x3028 |
* | | | 0x303d-0x3041 |
- * | | | 0x302d,0x3033 |
+ * | | | 0x302e,0x3033 |
* | | | 0x3036,0x3038 |
* | | | 0x303a |
* | DPC Thread | 0x4023 | 0x4002,0x4013 |
--- a/drivers/scsi/qla2xxx/qla_os.c
+++ b/drivers/scsi/qla2xxx/qla_os.c
@@ -3112,6 +3112,13 @@ qla2x00_probe_one(struct pci_dev *pdev,
host->max_id = ha->max_fibre_devices;
host->cmd_per_lun = 3;
host->unique_id = host->host_no;
+
+ if (ql2xenabledif && ql2xenabledif != 2) {
+ ql_log(ql_log_warn, base_vha, 0x302d,
+ "Invalid value for ql2xenabledif, resetting it to default (2)\n");
+ ql2xenabledif = 2;
+ }
+
if (IS_T10_PI_CAPABLE(ha) && ql2xenabledif)
host->max_cmd_len = 32;
else
@@ -3343,8 +3350,6 @@ skip_dpc:
base_vha->flags.difdix_supported = 1;
ql_dbg(ql_dbg_init, base_vha, 0x00f1,
"Registering for DIF/DIX type 1 and 3 protection.\n");
- if (ql2xenabledif == 1)
- prot = SHOST_DIX_TYPE0_PROTECTION;
if (ql2xprotmask)
scsi_host_set_prot(host, ql2xprotmask);
else
^ permalink raw reply [flat|nested] 396+ messages in thread
* [PATCH 5.4 244/367] fbdev/ep93xx-fb: Do not assign to struct fb_info.dev
2023-09-20 11:26 [PATCH 5.4 000/367] 5.4.257-rc1 review Greg Kroah-Hartman
` (242 preceding siblings ...)
2023-09-20 11:30 ` [PATCH 5.4 243/367] scsi: qla2xxx: Remove unsupported ql2xenabledif option Greg Kroah-Hartman
@ 2023-09-20 11:30 ` Greg Kroah-Hartman
2023-09-20 11:30 ` Greg Kroah-Hartman
` (128 subsequent siblings)
372 siblings, 0 replies; 396+ messages in thread
From: Greg Kroah-Hartman @ 2023-09-20 11:30 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Thomas Zimmermann,
Javier Martinez Canillas, Sam Ravnborg
5.4-stable review patch. If anyone has any objections, please let me know.
------------------
From: Thomas Zimmermann <tzimmermann@suse.de>
commit f90a0e5265b60cdd3c77990e8105f79aa2fac994 upstream.
Do not assing the Linux device to struct fb_info.dev. The call to
register_framebuffer() initializes the field to the fbdev device.
Drivers should not override its value.
Fixes a bug where the driver incorrectly decreases the hardware
device's reference counter and leaks the fbdev device.
v2:
* add Fixes tag (Dan)
Signed-off-by: Thomas Zimmermann <tzimmermann@suse.de>
Fixes: 88017bda96a5 ("ep93xx video driver")
Cc: <stable@vger.kernel.org> # v2.6.32+
Reviewed-by: Javier Martinez Canillas <javierm@redhat.com>
Reviewed-by: Sam Ravnborg <sam@ravnborg.org>
Link: https://patchwork.freedesktop.org/patch/msgid/20230613110953.24176-15-tzimmermann@suse.de
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/video/fbdev/ep93xx-fb.c | 1 -
1 file changed, 1 deletion(-)
--- a/drivers/video/fbdev/ep93xx-fb.c
+++ b/drivers/video/fbdev/ep93xx-fb.c
@@ -474,7 +474,6 @@ static int ep93xxfb_probe(struct platfor
if (!info)
return -ENOMEM;
- info->dev = &pdev->dev;
platform_set_drvdata(pdev, info);
fbi = info->par;
fbi->mach_info = mach_info;
^ permalink raw reply [flat|nested] 396+ messages in thread
* [PATCH 5.4 245/367] drm/ast: Fix DRAM init on AST2200
2023-09-20 11:26 [PATCH 5.4 000/367] 5.4.257-rc1 review Greg Kroah-Hartman
@ 2023-09-20 11:30 ` Greg Kroah-Hartman
2023-09-20 11:26 ` [PATCH 5.4 002/367] ARM: pxa: remove use of symbol_get() Greg Kroah-Hartman
` (371 subsequent siblings)
372 siblings, 0 replies; 396+ messages in thread
From: Greg Kroah-Hartman @ 2023-09-20 11:30 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Thomas Zimmermann, Dave Airlie,
dri-devel, Sui Jingfeng, Jocelyn Falempe
5.4-stable review patch. If anyone has any objections, please let me know.
------------------
From: Thomas Zimmermann <tzimmermann@suse.de>
commit 4cfe75f0f14f044dae66ad0e6eea812d038465d9 upstream.
Fix the test for the AST2200 in the DRAM initialization. The value
in ast->chip has to be compared against an enum constant instead of
a numerical value.
This bug got introduced when the driver was first imported into the
kernel.
Signed-off-by: Thomas Zimmermann <tzimmermann@suse.de>
Fixes: 312fec1405dd ("drm: Initial KMS driver for AST (ASpeed Technologies) 2000 series (v2)")
Cc: Dave Airlie <airlied@redhat.com>
Cc: dri-devel@lists.freedesktop.org
Cc: <stable@vger.kernel.org> # v3.5+
Reviewed-by: Sui Jingfeng <suijingfeng@loongson.cn>
Reviewed-by: Jocelyn Falempe <jfalempe@redhat.com>
Tested-by: Jocelyn Falempe <jfalempe@redhat.com> # AST2600
Link: https://patchwork.freedesktop.org/patch/msgid/20230621130032.3568-2-tzimmermann@suse.de
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/gpu/drm/ast/ast_post.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/drivers/gpu/drm/ast/ast_post.c
+++ b/drivers/gpu/drm/ast/ast_post.c
@@ -294,7 +294,7 @@ static void ast_init_dram_reg(struct drm
;
} while (ast_read32(ast, 0x10100) != 0xa8);
} else {/* AST2100/1100 */
- if (ast->chip == AST2100 || ast->chip == 2200)
+ if (ast->chip == AST2100 || ast->chip == AST2200)
dram_reg_info = ast2100_dram_table_data;
else
dram_reg_info = ast1100_dram_table_data;
^ permalink raw reply [flat|nested] 396+ messages in thread
* [PATCH 5.4 245/367] drm/ast: Fix DRAM init on AST2200
@ 2023-09-20 11:30 ` Greg Kroah-Hartman
0 siblings, 0 replies; 396+ messages in thread
From: Greg Kroah-Hartman @ 2023-09-20 11:30 UTC (permalink / raw)
To: stable
Cc: Jocelyn Falempe, Sui Jingfeng, Greg Kroah-Hartman, patches,
dri-devel, Thomas Zimmermann, Dave Airlie
5.4-stable review patch. If anyone has any objections, please let me know.
------------------
From: Thomas Zimmermann <tzimmermann@suse.de>
commit 4cfe75f0f14f044dae66ad0e6eea812d038465d9 upstream.
Fix the test for the AST2200 in the DRAM initialization. The value
in ast->chip has to be compared against an enum constant instead of
a numerical value.
This bug got introduced when the driver was first imported into the
kernel.
Signed-off-by: Thomas Zimmermann <tzimmermann@suse.de>
Fixes: 312fec1405dd ("drm: Initial KMS driver for AST (ASpeed Technologies) 2000 series (v2)")
Cc: Dave Airlie <airlied@redhat.com>
Cc: dri-devel@lists.freedesktop.org
Cc: <stable@vger.kernel.org> # v3.5+
Reviewed-by: Sui Jingfeng <suijingfeng@loongson.cn>
Reviewed-by: Jocelyn Falempe <jfalempe@redhat.com>
Tested-by: Jocelyn Falempe <jfalempe@redhat.com> # AST2600
Link: https://patchwork.freedesktop.org/patch/msgid/20230621130032.3568-2-tzimmermann@suse.de
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/gpu/drm/ast/ast_post.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/drivers/gpu/drm/ast/ast_post.c
+++ b/drivers/gpu/drm/ast/ast_post.c
@@ -294,7 +294,7 @@ static void ast_init_dram_reg(struct drm
;
} while (ast_read32(ast, 0x10100) != 0xa8);
} else {/* AST2100/1100 */
- if (ast->chip == AST2100 || ast->chip == 2200)
+ if (ast->chip == AST2100 || ast->chip == AST2200)
dram_reg_info = ast2100_dram_table_data;
else
dram_reg_info = ast1100_dram_table_data;
^ permalink raw reply [flat|nested] 396+ messages in thread
* [PATCH 5.4 246/367] lib/test_meminit: allocate pages up to order MAX_ORDER
2023-09-20 11:26 [PATCH 5.4 000/367] 5.4.257-rc1 review Greg Kroah-Hartman
` (244 preceding siblings ...)
2023-09-20 11:30 ` Greg Kroah-Hartman
@ 2023-09-20 11:30 ` Greg Kroah-Hartman
2023-09-20 11:30 ` [PATCH 5.4 247/367] parisc: led: Fix LAN receive and transmit LEDs Greg Kroah-Hartman
` (126 subsequent siblings)
372 siblings, 0 replies; 396+ messages in thread
From: Greg Kroah-Hartman @ 2023-09-20 11:30 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Andrew Donnellan,
Alexander Potapenko, Xiaoke Wang, Andrew Morton
5.4-stable review patch. If anyone has any objections, please let me know.
------------------
From: Andrew Donnellan <ajd@linux.ibm.com>
commit efb78fa86e95832b78ca0ba60f3706788a818938 upstream.
test_pages() tests the page allocator by calling alloc_pages() with
different orders up to order 10.
However, different architectures and platforms support different maximum
contiguous allocation sizes. The default maximum allocation order
(MAX_ORDER) is 10, but architectures can use CONFIG_ARCH_FORCE_MAX_ORDER
to override this. On platforms where this is less than 10, test_meminit()
will blow up with a WARN(). This is expected, so let's not do that.
Replace the hardcoded "10" with the MAX_ORDER macro so that we test
allocations up to the expected platform limit.
Link: https://lkml.kernel.org/r/20230714015238.47931-1-ajd@linux.ibm.com
Fixes: 5015a300a522 ("lib: introduce test_meminit module")
Signed-off-by: Andrew Donnellan <ajd@linux.ibm.com>
Reviewed-by: Alexander Potapenko <glider@google.com>
Cc: Xiaoke Wang <xkernel.wang@foxmail.com>
Cc: <stable@vger.kernel.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
lib/test_meminit.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/lib/test_meminit.c
+++ b/lib/test_meminit.c
@@ -86,7 +86,7 @@ static int __init test_pages(int *total_
int failures = 0, num_tests = 0;
int i;
- for (i = 0; i < 10; i++)
+ for (i = 0; i <= MAX_ORDER; i++)
num_tests += do_alloc_pages_order(i, &failures);
REPORT_FAILURES_IN_FN();
^ permalink raw reply [flat|nested] 396+ messages in thread
* [PATCH 5.4 247/367] parisc: led: Fix LAN receive and transmit LEDs
2023-09-20 11:26 [PATCH 5.4 000/367] 5.4.257-rc1 review Greg Kroah-Hartman
` (245 preceding siblings ...)
2023-09-20 11:30 ` [PATCH 5.4 246/367] lib/test_meminit: allocate pages up to order MAX_ORDER Greg Kroah-Hartman
@ 2023-09-20 11:30 ` Greg Kroah-Hartman
2023-09-20 11:30 ` [PATCH 5.4 248/367] parisc: led: Reduce CPU overhead for disk & lan LED computation Greg Kroah-Hartman
` (125 subsequent siblings)
372 siblings, 0 replies; 396+ messages in thread
From: Greg Kroah-Hartman @ 2023-09-20 11:30 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Helge Deller
5.4-stable review patch. If anyone has any objections, please let me know.
------------------
From: Helge Deller <deller@gmx.de>
commit 4db89524b084f712a887256391fc19d9f66c8e55 upstream.
Fix the LAN receive and LAN transmit LEDs, which where swapped
up to now.
Signed-off-by: Helge Deller <deller@gmx.de>
Cc: <stable@vger.kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
arch/parisc/include/asm/led.h | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
--- a/arch/parisc/include/asm/led.h
+++ b/arch/parisc/include/asm/led.h
@@ -11,8 +11,8 @@
#define LED1 0x02
#define LED0 0x01 /* bottom (or furthest left) LED */
-#define LED_LAN_TX LED0 /* for LAN transmit activity */
-#define LED_LAN_RCV LED1 /* for LAN receive activity */
+#define LED_LAN_RCV LED0 /* for LAN receive activity */
+#define LED_LAN_TX LED1 /* for LAN transmit activity */
#define LED_DISK_IO LED2 /* for disk activity */
#define LED_HEARTBEAT LED3 /* heartbeat */
^ permalink raw reply [flat|nested] 396+ messages in thread
* [PATCH 5.4 248/367] parisc: led: Reduce CPU overhead for disk & lan LED computation
2023-09-20 11:26 [PATCH 5.4 000/367] 5.4.257-rc1 review Greg Kroah-Hartman
` (246 preceding siblings ...)
2023-09-20 11:30 ` [PATCH 5.4 247/367] parisc: led: Fix LAN receive and transmit LEDs Greg Kroah-Hartman
@ 2023-09-20 11:30 ` Greg Kroah-Hartman
2023-09-20 11:30 ` [PATCH 5.4 249/367] clk: qcom: gcc-mdm9615: use proper parent for pll0_vote clock Greg Kroah-Hartman
` (124 subsequent siblings)
372 siblings, 0 replies; 396+ messages in thread
From: Greg Kroah-Hartman @ 2023-09-20 11:30 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Helge Deller
5.4-stable review patch. If anyone has any objections, please let me know.
------------------
From: Helge Deller <deller@gmx.de>
commit 358ad816e52d4253b38c2f312e6b1cbd89e0dbf7 upstream.
Older PA-RISC machines have LEDs which show the disk- and LAN-activity.
The computation is done in software and takes quite some time, e.g. on a
J6500 this may take up to 60% time of one CPU if the machine is loaded
via network traffic.
Since most people don't care about the LEDs, start with LEDs disabled and
just show a CPU heartbeat LED. The disk and LAN LEDs can be turned on
manually via /proc/pdc/led.
Signed-off-by: Helge Deller <deller@gmx.de>
Cc: <stable@vger.kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/parisc/led.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
--- a/drivers/parisc/led.c
+++ b/drivers/parisc/led.c
@@ -56,8 +56,8 @@
static int led_type __read_mostly = -1;
static unsigned char lastleds; /* LED state from most recent update */
static unsigned int led_heartbeat __read_mostly = 1;
-static unsigned int led_diskio __read_mostly = 1;
-static unsigned int led_lanrxtx __read_mostly = 1;
+static unsigned int led_diskio __read_mostly;
+static unsigned int led_lanrxtx __read_mostly;
static char lcd_text[32] __read_mostly;
static char lcd_text_default[32] __read_mostly;
static int lcd_no_led_support __read_mostly = 0; /* KittyHawk doesn't support LED on its LCD */
^ permalink raw reply [flat|nested] 396+ messages in thread
* [PATCH 5.4 249/367] clk: qcom: gcc-mdm9615: use proper parent for pll0_vote clock
2023-09-20 11:26 [PATCH 5.4 000/367] 5.4.257-rc1 review Greg Kroah-Hartman
` (247 preceding siblings ...)
2023-09-20 11:30 ` [PATCH 5.4 248/367] parisc: led: Reduce CPU overhead for disk & lan LED computation Greg Kroah-Hartman
@ 2023-09-20 11:30 ` Greg Kroah-Hartman
2023-09-20 11:30 ` [PATCH 5.4 250/367] soc: qcom: qmi_encdec: Restrict string length in decode Greg Kroah-Hartman
` (123 subsequent siblings)
372 siblings, 0 replies; 396+ messages in thread
From: Greg Kroah-Hartman @ 2023-09-20 11:30 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, stable, Neil Armstrong,
Dmitry Baryshkov, Konrad Dybcio, Bjorn Andersson
5.4-stable review patch. If anyone has any objections, please let me know.
------------------
From: Dmitry Baryshkov <dmitry.baryshkov@linaro.org>
commit 1583694bb4eaf186f17131dbc1b83d6057d2749b upstream.
The pll0_vote clock definitely should have pll0 as a parent (instead of
pll8).
Fixes: 7792a8d6713c ("clk: mdm9615: Add support for MDM9615 Clock Controllers")
Cc: stable@kernel.org
Reviewed-by: Neil Armstrong <neil.armstrong@linaro.org>
Signed-off-by: Dmitry Baryshkov <dmitry.baryshkov@linaro.org>
Reviewed-by: Konrad Dybcio <konrad.dybcio@linaro.org>
Link: https://lore.kernel.org/r/20230512211727.3445575-7-dmitry.baryshkov@linaro.org
Signed-off-by: Bjorn Andersson <andersson@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/clk/qcom/gcc-mdm9615.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/drivers/clk/qcom/gcc-mdm9615.c
+++ b/drivers/clk/qcom/gcc-mdm9615.c
@@ -58,7 +58,7 @@ static struct clk_regmap pll0_vote = {
.enable_mask = BIT(0),
.hw.init = &(struct clk_init_data){
.name = "pll0_vote",
- .parent_names = (const char *[]){ "pll8" },
+ .parent_names = (const char *[]){ "pll0" },
.num_parents = 1,
.ops = &clk_pll_vote_ops,
},
^ permalink raw reply [flat|nested] 396+ messages in thread
* [PATCH 5.4 250/367] soc: qcom: qmi_encdec: Restrict string length in decode
2023-09-20 11:26 [PATCH 5.4 000/367] 5.4.257-rc1 review Greg Kroah-Hartman
` (248 preceding siblings ...)
2023-09-20 11:30 ` [PATCH 5.4 249/367] clk: qcom: gcc-mdm9615: use proper parent for pll0_vote clock Greg Kroah-Hartman
@ 2023-09-20 11:30 ` Greg Kroah-Hartman
2023-09-20 11:30 ` [PATCH 5.4 251/367] NFSv4/pnfs: minor fix for cleanup path in nfs4_get_device_info Greg Kroah-Hartman
` (122 subsequent siblings)
372 siblings, 0 replies; 396+ messages in thread
From: Greg Kroah-Hartman @ 2023-09-20 11:30 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Chris Lew, Praveenkumar I, Bjorn Andersson
5.4-stable review patch. If anyone has any objections, please let me know.
------------------
From: Chris Lew <quic_clew@quicinc.com>
commit 8d207400fd6b79c92aeb2f33bb79f62dff904ea2 upstream.
The QMI TLV value for strings in a lot of qmi element info structures
account for null terminated strings with MAX_LEN + 1. If a string is
actually MAX_LEN + 1 length, this will cause an out of bounds access
when the NULL character is appended in decoding.
Fixes: 9b8a11e82615 ("soc: qcom: Introduce QMI encoder/decoder")
Cc: stable@vger.kernel.org
Signed-off-by: Chris Lew <quic_clew@quicinc.com>
Signed-off-by: Praveenkumar I <quic_ipkumar@quicinc.com>
Link: https://lore.kernel.org/r/20230801064712.3590128-1-quic_ipkumar@quicinc.com
Signed-off-by: Bjorn Andersson <andersson@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/soc/qcom/qmi_encdec.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
--- a/drivers/soc/qcom/qmi_encdec.c
+++ b/drivers/soc/qcom/qmi_encdec.c
@@ -534,8 +534,8 @@ static int qmi_decode_string_elem(struct
decoded_bytes += rc;
}
- if (string_len > temp_ei->elem_len) {
- pr_err("%s: String len %d > Max Len %d\n",
+ if (string_len >= temp_ei->elem_len) {
+ pr_err("%s: String len %d >= Max Len %d\n",
__func__, string_len, temp_ei->elem_len);
return -ETOOSMALL;
} else if (string_len > tlv_len) {
^ permalink raw reply [flat|nested] 396+ messages in thread
* [PATCH 5.4 251/367] NFSv4/pnfs: minor fix for cleanup path in nfs4_get_device_info
2023-09-20 11:26 [PATCH 5.4 000/367] 5.4.257-rc1 review Greg Kroah-Hartman
` (249 preceding siblings ...)
2023-09-20 11:30 ` [PATCH 5.4 250/367] soc: qcom: qmi_encdec: Restrict string length in decode Greg Kroah-Hartman
@ 2023-09-20 11:30 ` Greg Kroah-Hartman
2023-09-20 11:30 ` [PATCH 5.4 252/367] kconfig: fix possible buffer overflow Greg Kroah-Hartman
` (121 subsequent siblings)
372 siblings, 0 replies; 396+ messages in thread
From: Greg Kroah-Hartman @ 2023-09-20 11:30 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Fedor Pchelkin, Benjamin Coddington,
Anna Schumaker
5.4-stable review patch. If anyone has any objections, please let me know.
------------------
From: Fedor Pchelkin <pchelkin@ispras.ru>
commit 96562c45af5c31b89a197af28f79bfa838fb8391 upstream.
It is an almost improbable error case but when page allocating loop in
nfs4_get_device_info() fails then we should only free the already
allocated pages, as __free_page() can't deal with NULL arguments.
Found by Linux Verification Center (linuxtesting.org).
Cc: stable@vger.kernel.org
Signed-off-by: Fedor Pchelkin <pchelkin@ispras.ru>
Reviewed-by: Benjamin Coddington <bcodding@redhat.com>
Signed-off-by: Anna Schumaker <Anna.Schumaker@Netapp.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/nfs/pnfs_dev.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/fs/nfs/pnfs_dev.c
+++ b/fs/nfs/pnfs_dev.c
@@ -152,7 +152,7 @@ nfs4_get_device_info(struct nfs_server *
set_bit(NFS_DEVICEID_NOCACHE, &d->flags);
out_free_pages:
- for (i = 0; i < max_pages; i++)
+ while (--i >= 0)
__free_page(pages[i]);
kfree(pages);
out_free_pdev:
^ permalink raw reply [flat|nested] 396+ messages in thread
* [PATCH 5.4 252/367] kconfig: fix possible buffer overflow
2023-09-20 11:26 [PATCH 5.4 000/367] 5.4.257-rc1 review Greg Kroah-Hartman
` (250 preceding siblings ...)
2023-09-20 11:30 ` [PATCH 5.4 251/367] NFSv4/pnfs: minor fix for cleanup path in nfs4_get_device_info Greg Kroah-Hartman
@ 2023-09-20 11:30 ` Greg Kroah-Hartman
2023-09-20 11:30 ` [PATCH 5.4 253/367] perf annotate bpf: Dont enclose non-debug code with an assert() Greg Kroah-Hartman
` (120 subsequent siblings)
372 siblings, 0 replies; 396+ messages in thread
From: Greg Kroah-Hartman @ 2023-09-20 11:30 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Konstantin Meskhidze,
Masahiro Yamada, Sasha Levin, Ivanov Mikhail
5.4-stable review patch. If anyone has any objections, please let me know.
------------------
From: Konstantin Meskhidze <konstantin.meskhidze@huawei.com>
[ Upstream commit a3b7039bb2b22fcd2ad20d59c00ed4e606ce3754 ]
Buffer 'new_argv' is accessed without bound check after accessing with
bound check via 'new_argc' index.
Fixes: e298f3b49def ("kconfig: add built-in function support")
Co-developed-by: Ivanov Mikhail <ivanov.mikhail1@huawei-partners.com>
Signed-off-by: Konstantin Meskhidze <konstantin.meskhidze@huawei.com>
Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
scripts/kconfig/preprocess.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/scripts/kconfig/preprocess.c b/scripts/kconfig/preprocess.c
index 748da578b418c..d1f5bcff4b62d 100644
--- a/scripts/kconfig/preprocess.c
+++ b/scripts/kconfig/preprocess.c
@@ -396,6 +396,9 @@ static char *eval_clause(const char *str, size_t len, int argc, char *argv[])
p++;
}
+
+ if (new_argc >= FUNCTION_MAX_ARGS)
+ pperror("too many function arguments");
new_argv[new_argc++] = prev;
/*
--
2.40.1
^ permalink raw reply related [flat|nested] 396+ messages in thread
* [PATCH 5.4 253/367] perf annotate bpf: Dont enclose non-debug code with an assert()
2023-09-20 11:26 [PATCH 5.4 000/367] 5.4.257-rc1 review Greg Kroah-Hartman
` (251 preceding siblings ...)
2023-09-20 11:30 ` [PATCH 5.4 252/367] kconfig: fix possible buffer overflow Greg Kroah-Hartman
@ 2023-09-20 11:30 ` Greg Kroah-Hartman
2023-09-20 11:30 ` [PATCH 5.4 254/367] x86/virt: Drop unnecessary check on extended CPUID level in cpu_has_svm() Greg Kroah-Hartman
` (119 subsequent siblings)
372 siblings, 0 replies; 396+ messages in thread
From: Greg Kroah-Hartman @ 2023-09-20 11:30 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Adrian Hunter, Ian Rogers,
Jiri Olsa, Mohamed Mahmoud, Namhyung Kim, Dave Tucker,
Derek Barbosa, Song Liu, Arnaldo Carvalho de Melo, Sasha Levin
5.4-stable review patch. If anyone has any objections, please let me know.
------------------
From: Arnaldo Carvalho de Melo <acme@redhat.com>
[ Upstream commit 979e9c9fc9c2a761303585e07fe2699bdd88182f ]
In 616b14b47a86d880 ("perf build: Conditionally define NDEBUG") we
started using NDEBUG=1 when DEBUG=1 isn't present, so code that is
enclosed with assert() is not called.
In dd317df072071903 ("perf build: Make binutil libraries opt in") we
stopped linking against binutils-devel, for licensing reasons.
Recently people asked me why annotation of BPF programs wasn't working,
i.e. this:
$ perf annotate bpf_prog_5280546344e3f45c_kfree_skb
was returning:
case SYMBOL_ANNOTATE_ERRNO__NO_LIBOPCODES_FOR_BPF:
scnprintf(buf, buflen, "Please link with binutils's libopcode to enable BPF annotation");
This was on a fedora rpm, so its new enough that I had to try to test by
rebuilding using BUILD_NONDISTRO=1, only to get it segfaulting on me.
This combination made this libopcode function not to be called:
assert(bfd_check_format(bfdf, bfd_object));
Changing it to:
if (!bfd_check_format(bfdf, bfd_object))
abort();
Made it work, looking at this "check" function made me realize it
changes the 'bfdf' internal state, i.e. we better call it.
So stop using assert() on it, just call it and abort if it fails.
Probably it is better to propagate the error, etc, but it seems it is
unlikely to fail from the usage done so far and we really need to stop
using libopcodes, so do the quick fix above and move on.
With it we have BPF annotation back working when built with
BUILD_NONDISTRO=1:
⬢[acme@toolbox perf-tools-next]$ perf annotate --stdio2 bpf_prog_5280546344e3f45c_kfree_skb | head
No kallsyms or vmlinux with build-id 939bc71a1a51cdc434e60af93c7e734f7d5c0e7e was found
Samples: 12 of event 'cpu-clock:ppp', 4000 Hz, Event count (approx.): 3000000, [percent: local period]
bpf_prog_5280546344e3f45c_kfree_skb() bpf_prog_5280546344e3f45c_kfree_skb
Percent int kfree_skb(struct trace_event_raw_kfree_skb *args) {
nop
33.33 xchg %ax,%ax
push %rbp
mov %rsp,%rbp
sub $0x180,%rsp
push %rbx
push %r13
⬢[acme@toolbox perf-tools-next]$
Fixes: 6987561c9e86eace ("perf annotate: Enable annotation of BPF programs")
Cc: Adrian Hunter <adrian.hunter@intel.com>
Cc: Ian Rogers <irogers@google.com>
Cc: Jiri Olsa <jolsa@kernel.org>
Cc: Mohamed Mahmoud <mmahmoud@redhat.com>
Cc: Namhyung Kim <namhyung@kernel.org>
Cc: Dave Tucker <datucker@redhat.com>
Cc: Derek Barbosa <debarbos@redhat.com>
Cc: Song Liu <songliubraving@fb.com>
Link: https://lore.kernel.org/lkml/ZMrMzoQBe0yqMek1@kernel.org
Signed-off-by: Arnaldo Carvalho de Melo <acme@redhat.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
tools/perf/util/annotate.c | 10 +++++++---
1 file changed, 7 insertions(+), 3 deletions(-)
diff --git a/tools/perf/util/annotate.c b/tools/perf/util/annotate.c
index e42bf572358c7..bd71cb0b52cf6 100644
--- a/tools/perf/util/annotate.c
+++ b/tools/perf/util/annotate.c
@@ -1741,8 +1741,11 @@ static int symbol__disassemble_bpf(struct symbol *sym,
perf_exe(tpath, sizeof(tpath));
bfdf = bfd_openr(tpath, NULL);
- assert(bfdf);
- assert(bfd_check_format(bfdf, bfd_object));
+ if (bfdf == NULL)
+ abort();
+
+ if (!bfd_check_format(bfdf, bfd_object))
+ abort();
s = open_memstream(&buf, &buf_size);
if (!s) {
@@ -1790,7 +1793,8 @@ static int symbol__disassemble_bpf(struct symbol *sym,
#else
disassemble = disassembler(bfdf);
#endif
- assert(disassemble);
+ if (disassemble == NULL)
+ abort();
fflush(s);
do {
--
2.40.1
^ permalink raw reply related [flat|nested] 396+ messages in thread
* [PATCH 5.4 254/367] x86/virt: Drop unnecessary check on extended CPUID level in cpu_has_svm()
2023-09-20 11:26 [PATCH 5.4 000/367] 5.4.257-rc1 review Greg Kroah-Hartman
` (252 preceding siblings ...)
2023-09-20 11:30 ` [PATCH 5.4 253/367] perf annotate bpf: Dont enclose non-debug code with an assert() Greg Kroah-Hartman
@ 2023-09-20 11:30 ` Greg Kroah-Hartman
2023-09-20 11:30 ` [PATCH 5.4 255/367] perf top: Dont pass an ERR_PTR() directly to perf_session__delete() Greg Kroah-Hartman
` (118 subsequent siblings)
372 siblings, 0 replies; 396+ messages in thread
From: Greg Kroah-Hartman @ 2023-09-20 11:30 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Sean Christopherson, Sasha Levin
5.4-stable review patch. If anyone has any objections, please let me know.
------------------
From: Sean Christopherson <seanjc@google.com>
[ Upstream commit 5df8ecfe3632d5879d1f154f7aa8de441b5d1c89 ]
Drop the explicit check on the extended CPUID level in cpu_has_svm(), the
kernel's cached CPUID info will leave the entire SVM leaf unset if said
leaf is not supported by hardware. Prior to using cached information,
the check was needed to avoid false positives due to Intel's rather crazy
CPUID behavior of returning the values of the maximum supported leaf if
the specified leaf is unsupported.
Fixes: 682a8108872f ("x86/kvm/svm: Simplify cpu_has_svm()")
Link: https://lore.kernel.org/r/20230721201859.2307736-13-seanjc@google.com
Signed-off-by: Sean Christopherson <seanjc@google.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/x86/include/asm/virtext.h | 6 ------
1 file changed, 6 deletions(-)
diff --git a/arch/x86/include/asm/virtext.h b/arch/x86/include/asm/virtext.h
index 8eefa3386d8ce..331474296e6f1 100644
--- a/arch/x86/include/asm/virtext.h
+++ b/arch/x86/include/asm/virtext.h
@@ -95,12 +95,6 @@ static inline int cpu_has_svm(const char **msg)
return 0;
}
- if (boot_cpu_data.extended_cpuid_level < SVM_CPUID_FUNC) {
- if (msg)
- *msg = "can't execute cpuid_8000000a";
- return 0;
- }
-
if (!boot_cpu_has(X86_FEATURE_SVM)) {
if (msg)
*msg = "svm not available";
--
2.40.1
^ permalink raw reply related [flat|nested] 396+ messages in thread
* [PATCH 5.4 255/367] perf top: Dont pass an ERR_PTR() directly to perf_session__delete()
2023-09-20 11:26 [PATCH 5.4 000/367] 5.4.257-rc1 review Greg Kroah-Hartman
` (253 preceding siblings ...)
2023-09-20 11:30 ` [PATCH 5.4 254/367] x86/virt: Drop unnecessary check on extended CPUID level in cpu_has_svm() Greg Kroah-Hartman
@ 2023-09-20 11:30 ` Greg Kroah-Hartman
2023-09-20 11:30 ` [PATCH 5.4 256/367] watchdog: intel-mid_wdt: add MODULE_ALIAS() to allow auto-load Greg Kroah-Hartman
` (117 subsequent siblings)
372 siblings, 0 replies; 396+ messages in thread
From: Greg Kroah-Hartman @ 2023-09-20 11:30 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Adrian Hunter, Alexander Shishkin,
Alexey Budankov, Jeremie Galarneau, Jiri Olsa, Kate Stewart,
Mamatha Inamdar, Mukesh Ojha, Nageswara R Sastry, Namhyung Kim,
Peter Zijlstra, Ravi Bangoria, Shawn Landden, Song Liu,
Thomas Gleixner, Tzvetomir Stoyanov, Arnaldo Carvalho de Melo,
Sasha Levin
5.4-stable review patch. If anyone has any objections, please let me know.
------------------
From: Arnaldo Carvalho de Melo <acme@redhat.com>
[ Upstream commit ef23cb593304bde0cc046fd4cc83ae7ea2e24f16 ]
While debugging a segfault on 'perf lock contention' without an
available perf.data file I noticed that it was basically calling:
perf_session__delete(ERR_PTR(-1))
Resulting in:
(gdb) run lock contention
Starting program: /root/bin/perf lock contention
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib64/libthread_db.so.1".
failed to open perf.data: No such file or directory (try 'perf record' first)
Initializing perf session failed
Program received signal SIGSEGV, Segmentation fault.
0x00000000005e7515 in auxtrace__free (session=0xffffffffffffffff) at util/auxtrace.c:2858
2858 if (!session->auxtrace)
(gdb) p session
$1 = (struct perf_session *) 0xffffffffffffffff
(gdb) bt
#0 0x00000000005e7515 in auxtrace__free (session=0xffffffffffffffff) at util/auxtrace.c:2858
#1 0x000000000057bb4d in perf_session__delete (session=0xffffffffffffffff) at util/session.c:300
#2 0x000000000047c421 in __cmd_contention (argc=0, argv=0x7fffffffe200) at builtin-lock.c:2161
#3 0x000000000047dc95 in cmd_lock (argc=0, argv=0x7fffffffe200) at builtin-lock.c:2604
#4 0x0000000000501466 in run_builtin (p=0xe597a8 <commands+552>, argc=2, argv=0x7fffffffe200) at perf.c:322
#5 0x00000000005016d5 in handle_internal_command (argc=2, argv=0x7fffffffe200) at perf.c:375
#6 0x0000000000501824 in run_argv (argcp=0x7fffffffe02c, argv=0x7fffffffe020) at perf.c:419
#7 0x0000000000501b11 in main (argc=2, argv=0x7fffffffe200) at perf.c:535
(gdb)
So just set it to NULL after using PTR_ERR(session) to decode the error
as perf_session__delete(NULL) is supported.
The same problem was found in 'perf top' after an audit of all
perf_session__new() failure handling.
Fixes: 6ef81c55a2b6584c ("perf session: Return error code for perf_session__new() function on failure")
Cc: Adrian Hunter <adrian.hunter@intel.com>
Cc: Alexander Shishkin <alexander.shishkin@linux.intel.com>
Cc: Alexey Budankov <alexey.budankov@linux.intel.com>
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Cc: Jeremie Galarneau <jeremie.galarneau@efficios.com>
Cc: Jiri Olsa <jolsa@kernel.org>
Cc: Kate Stewart <kstewart@linuxfoundation.org>
Cc: Mamatha Inamdar <mamatha4@linux.vnet.ibm.com>
Cc: Mukesh Ojha <mojha@codeaurora.org>
Cc: Nageswara R Sastry <rnsastry@linux.vnet.ibm.com>
Cc: Namhyung Kim <namhyung@kernel.org>
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: Ravi Bangoria <ravi.bangoria@linux.ibm.com>
Cc: Shawn Landden <shawn@git.icu>
Cc: Song Liu <songliubraving@fb.com>
Cc: Thomas Gleixner <tglx@linutronix.de>
Cc: Tzvetomir Stoyanov <tstoyanov@vmware.com>
Link: https://lore.kernel.org/lkml/ZN4Q2rxxsL08A8rd@kernel.org
Signed-off-by: Arnaldo Carvalho de Melo <acme@redhat.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
tools/perf/builtin-top.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/tools/perf/builtin-top.c b/tools/perf/builtin-top.c
index a30d62186f5e9..b83a861fab2ed 100644
--- a/tools/perf/builtin-top.c
+++ b/tools/perf/builtin-top.c
@@ -1679,6 +1679,7 @@ int cmd_top(int argc, const char **argv)
top.session = perf_session__new(NULL, false, NULL);
if (IS_ERR(top.session)) {
status = PTR_ERR(top.session);
+ top.session = NULL;
goto out_delete_evlist;
}
--
2.40.1
^ permalink raw reply related [flat|nested] 396+ messages in thread
* [PATCH 5.4 256/367] watchdog: intel-mid_wdt: add MODULE_ALIAS() to allow auto-load
2023-09-20 11:26 [PATCH 5.4 000/367] 5.4.257-rc1 review Greg Kroah-Hartman
` (254 preceding siblings ...)
2023-09-20 11:30 ` [PATCH 5.4 255/367] perf top: Dont pass an ERR_PTR() directly to perf_session__delete() Greg Kroah-Hartman
@ 2023-09-20 11:30 ` Greg Kroah-Hartman
2023-09-20 11:30 ` [PATCH 5.4 257/367] pwm: lpc32xx: Remove handling of PWM channels Greg Kroah-Hartman
` (116 subsequent siblings)
372 siblings, 0 replies; 396+ messages in thread
From: Greg Kroah-Hartman @ 2023-09-20 11:30 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Raag Jadav, Andy Shevchenko,
Guenter Roeck, Wim Van Sebroeck, Sasha Levin
5.4-stable review patch. If anyone has any objections, please let me know.
------------------
From: Raag Jadav <raag.jadav@intel.com>
[ Upstream commit cf38e7691c85f1b09973b22a0b89bf1e1228d2f9 ]
When built with CONFIG_INTEL_MID_WATCHDOG=m, currently the driver
needs to be loaded manually, for the lack of module alias.
This causes unintended resets in cases where watchdog timer is
set-up by bootloader and the driver is not explicitly loaded.
Add MODULE_ALIAS() to load the driver automatically at boot and
avoid this issue.
Fixes: 87a1ef8058d9 ("watchdog: add Intel MID watchdog driver support")
Signed-off-by: Raag Jadav <raag.jadav@intel.com>
Reviewed-by: Andy Shevchenko <andriy.shevchenko@linux.intel.com>
Reviewed-by: Guenter Roeck <linux@roeck-us.net>
Link: https://lore.kernel.org/r/20230811120220.31578-1-raag.jadav@intel.com
Signed-off-by: Guenter Roeck <linux@roeck-us.net>
Signed-off-by: Wim Van Sebroeck <wim@linux-watchdog.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/watchdog/intel-mid_wdt.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/drivers/watchdog/intel-mid_wdt.c b/drivers/watchdog/intel-mid_wdt.c
index 2cdbd37c700cf..7ee355c286284 100644
--- a/drivers/watchdog/intel-mid_wdt.c
+++ b/drivers/watchdog/intel-mid_wdt.c
@@ -181,3 +181,4 @@ module_platform_driver(mid_wdt_driver);
MODULE_AUTHOR("David Cohen <david.a.cohen@linux.intel.com>");
MODULE_DESCRIPTION("Watchdog Driver for Intel MID platform");
MODULE_LICENSE("GPL");
+MODULE_ALIAS("platform:intel_mid_wdt");
--
2.40.1
^ permalink raw reply related [flat|nested] 396+ messages in thread
* [PATCH 5.4 257/367] pwm: lpc32xx: Remove handling of PWM channels
2023-09-20 11:26 [PATCH 5.4 000/367] 5.4.257-rc1 review Greg Kroah-Hartman
` (255 preceding siblings ...)
2023-09-20 11:30 ` [PATCH 5.4 256/367] watchdog: intel-mid_wdt: add MODULE_ALIAS() to allow auto-load Greg Kroah-Hartman
@ 2023-09-20 11:30 ` Greg Kroah-Hartman
2023-09-20 11:30 ` [PATCH 5.4 258/367] sctp: annotate data-races around sk->sk_wmem_queued Greg Kroah-Hartman
` (115 subsequent siblings)
372 siblings, 0 replies; 396+ messages in thread
From: Greg Kroah-Hartman @ 2023-09-20 11:30 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Dan Carpenter, Vladimir Zapolskiy,
Uwe Kleine-König, Thierry Reding, Sasha Levin
5.4-stable review patch. If anyone has any objections, please let me know.
------------------
From: Vladimir Zapolskiy <vz@mleia.com>
[ Upstream commit 4aae44f65827f0213a7361cf9c32cfe06114473f ]
Because LPC32xx PWM controllers have only a single output which is
registered as the only PWM device/channel per controller, it is known in
advance that pwm->hwpwm value is always 0. On basis of this fact
simplify the code by removing operations with pwm->hwpwm, there is no
controls which require channel number as input.
Even though I wasn't aware at the time when I forward ported that patch,
this fixes a null pointer dereference as lpc32xx->chip.pwms is NULL
before devm_pwmchip_add() is called.
Reported-by: Dan Carpenter <dan.carpenter@linaro.org>
Signed-off-by: Vladimir Zapolskiy <vz@mleia.com>
Signed-off-by: Uwe Kleine-König <u.kleine-koenig@pengutronix.de>
Fixes: 3d2813fb17e5 ("pwm: lpc32xx: Don't modify HW state in .probe() after the PWM chip was registered")
Signed-off-by: Thierry Reding <thierry.reding@gmail.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/pwm/pwm-lpc32xx.c | 16 ++++++++--------
1 file changed, 8 insertions(+), 8 deletions(-)
diff --git a/drivers/pwm/pwm-lpc32xx.c b/drivers/pwm/pwm-lpc32xx.c
index 522f862eca526..504a8f506195a 100644
--- a/drivers/pwm/pwm-lpc32xx.c
+++ b/drivers/pwm/pwm-lpc32xx.c
@@ -51,10 +51,10 @@ static int lpc32xx_pwm_config(struct pwm_chip *chip, struct pwm_device *pwm,
if (duty_cycles > 255)
duty_cycles = 255;
- val = readl(lpc32xx->base + (pwm->hwpwm << 2));
+ val = readl(lpc32xx->base);
val &= ~0xFFFF;
val |= (period_cycles << 8) | duty_cycles;
- writel(val, lpc32xx->base + (pwm->hwpwm << 2));
+ writel(val, lpc32xx->base);
return 0;
}
@@ -69,9 +69,9 @@ static int lpc32xx_pwm_enable(struct pwm_chip *chip, struct pwm_device *pwm)
if (ret)
return ret;
- val = readl(lpc32xx->base + (pwm->hwpwm << 2));
+ val = readl(lpc32xx->base);
val |= PWM_ENABLE;
- writel(val, lpc32xx->base + (pwm->hwpwm << 2));
+ writel(val, lpc32xx->base);
return 0;
}
@@ -81,9 +81,9 @@ static void lpc32xx_pwm_disable(struct pwm_chip *chip, struct pwm_device *pwm)
struct lpc32xx_pwm_chip *lpc32xx = to_lpc32xx_pwm_chip(chip);
u32 val;
- val = readl(lpc32xx->base + (pwm->hwpwm << 2));
+ val = readl(lpc32xx->base);
val &= ~PWM_ENABLE;
- writel(val, lpc32xx->base + (pwm->hwpwm << 2));
+ writel(val, lpc32xx->base);
clk_disable_unprepare(lpc32xx->clk);
}
@@ -121,9 +121,9 @@ static int lpc32xx_pwm_probe(struct platform_device *pdev)
lpc32xx->chip.base = -1;
/* If PWM is disabled, configure the output to the default value */
- val = readl(lpc32xx->base + (lpc32xx->chip.pwms[0].hwpwm << 2));
+ val = readl(lpc32xx->base);
val &= ~PWM_PIN_LEVEL;
- writel(val, lpc32xx->base + (lpc32xx->chip.pwms[0].hwpwm << 2));
+ writel(val, lpc32xx->base);
ret = pwmchip_add(&lpc32xx->chip);
if (ret < 0) {
--
2.40.1
^ permalink raw reply related [flat|nested] 396+ messages in thread
* [PATCH 5.4 258/367] sctp: annotate data-races around sk->sk_wmem_queued
2023-09-20 11:26 [PATCH 5.4 000/367] 5.4.257-rc1 review Greg Kroah-Hartman
` (256 preceding siblings ...)
2023-09-20 11:30 ` [PATCH 5.4 257/367] pwm: lpc32xx: Remove handling of PWM channels Greg Kroah-Hartman
@ 2023-09-20 11:30 ` Greg Kroah-Hartman
2023-09-20 11:30 ` [PATCH 5.4 259/367] ipv4: annotate data-races around fi->fib_dead Greg Kroah-Hartman
` (114 subsequent siblings)
372 siblings, 0 replies; 396+ messages in thread
From: Greg Kroah-Hartman @ 2023-09-20 11:30 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, syzbot, Eric Dumazet,
Marcelo Ricardo Leitner, Xin Long, Paolo Abeni, Sasha Levin
5.4-stable review patch. If anyone has any objections, please let me know.
------------------
From: Eric Dumazet <edumazet@google.com>
[ Upstream commit dc9511dd6f37fe803f6b15b61b030728d7057417 ]
sk->sk_wmem_queued can be read locklessly from sctp_poll()
Use sk_wmem_queued_add() when the field is changed,
and add READ_ONCE() annotations in sctp_writeable()
and sctp_assocs_seq_show()
syzbot reported:
BUG: KCSAN: data-race in sctp_poll / sctp_wfree
read-write to 0xffff888149d77810 of 4 bytes by interrupt on cpu 0:
sctp_wfree+0x170/0x4a0 net/sctp/socket.c:9147
skb_release_head_state+0xb7/0x1a0 net/core/skbuff.c:988
skb_release_all net/core/skbuff.c:1000 [inline]
__kfree_skb+0x16/0x140 net/core/skbuff.c:1016
consume_skb+0x57/0x180 net/core/skbuff.c:1232
sctp_chunk_destroy net/sctp/sm_make_chunk.c:1503 [inline]
sctp_chunk_put+0xcd/0x130 net/sctp/sm_make_chunk.c:1530
sctp_datamsg_put+0x29a/0x300 net/sctp/chunk.c:128
sctp_chunk_free+0x34/0x50 net/sctp/sm_make_chunk.c:1515
sctp_outq_sack+0xafa/0xd70 net/sctp/outqueue.c:1381
sctp_cmd_process_sack net/sctp/sm_sideeffect.c:834 [inline]
sctp_cmd_interpreter net/sctp/sm_sideeffect.c:1366 [inline]
sctp_side_effects net/sctp/sm_sideeffect.c:1198 [inline]
sctp_do_sm+0x12c7/0x31b0 net/sctp/sm_sideeffect.c:1169
sctp_assoc_bh_rcv+0x2b2/0x430 net/sctp/associola.c:1051
sctp_inq_push+0x108/0x120 net/sctp/inqueue.c:80
sctp_rcv+0x116e/0x1340 net/sctp/input.c:243
sctp6_rcv+0x25/0x40 net/sctp/ipv6.c:1120
ip6_protocol_deliver_rcu+0x92f/0xf30 net/ipv6/ip6_input.c:437
ip6_input_finish net/ipv6/ip6_input.c:482 [inline]
NF_HOOK include/linux/netfilter.h:303 [inline]
ip6_input+0xbd/0x1b0 net/ipv6/ip6_input.c:491
dst_input include/net/dst.h:468 [inline]
ip6_rcv_finish+0x1e2/0x2e0 net/ipv6/ip6_input.c:79
NF_HOOK include/linux/netfilter.h:303 [inline]
ipv6_rcv+0x74/0x150 net/ipv6/ip6_input.c:309
__netif_receive_skb_one_core net/core/dev.c:5452 [inline]
__netif_receive_skb+0x90/0x1b0 net/core/dev.c:5566
process_backlog+0x21f/0x380 net/core/dev.c:5894
__napi_poll+0x60/0x3b0 net/core/dev.c:6460
napi_poll net/core/dev.c:6527 [inline]
net_rx_action+0x32b/0x750 net/core/dev.c:6660
__do_softirq+0xc1/0x265 kernel/softirq.c:553
run_ksoftirqd+0x17/0x20 kernel/softirq.c:921
smpboot_thread_fn+0x30a/0x4a0 kernel/smpboot.c:164
kthread+0x1d7/0x210 kernel/kthread.c:389
ret_from_fork+0x2e/0x40 arch/x86/kernel/process.c:145
ret_from_fork_asm+0x11/0x20 arch/x86/entry/entry_64.S:304
read to 0xffff888149d77810 of 4 bytes by task 17828 on cpu 1:
sctp_writeable net/sctp/socket.c:9304 [inline]
sctp_poll+0x265/0x410 net/sctp/socket.c:8671
sock_poll+0x253/0x270 net/socket.c:1374
vfs_poll include/linux/poll.h:88 [inline]
do_pollfd fs/select.c:873 [inline]
do_poll fs/select.c:921 [inline]
do_sys_poll+0x636/0xc00 fs/select.c:1015
__do_sys_ppoll fs/select.c:1121 [inline]
__se_sys_ppoll+0x1af/0x1f0 fs/select.c:1101
__x64_sys_ppoll+0x67/0x80 fs/select.c:1101
do_syscall_x64 arch/x86/entry/common.c:50 [inline]
do_syscall_64+0x41/0xc0 arch/x86/entry/common.c:80
entry_SYSCALL_64_after_hwframe+0x63/0xcd
value changed: 0x00019e80 -> 0x0000cc80
Reported by Kernel Concurrency Sanitizer on:
CPU: 1 PID: 17828 Comm: syz-executor.1 Not tainted 6.5.0-rc7-syzkaller-00185-g28f20a19294d #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/26/2023
Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2")
Reported-by: syzbot <syzkaller@googlegroups.com>
Signed-off-by: Eric Dumazet <edumazet@google.com>
Cc: Marcelo Ricardo Leitner <marcelo.leitner@gmail.com>
Acked-by: Xin Long <lucien.xin@gmail.com>
Link: https://lore.kernel.org/r/20230830094519.950007-1-edumazet@google.com
Signed-off-by: Paolo Abeni <pabeni@redhat.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
net/sctp/proc.c | 2 +-
net/sctp/socket.c | 10 +++++-----
2 files changed, 6 insertions(+), 6 deletions(-)
diff --git a/net/sctp/proc.c b/net/sctp/proc.c
index 982a87b3e11f8..963b94517ec20 100644
--- a/net/sctp/proc.c
+++ b/net/sctp/proc.c
@@ -284,7 +284,7 @@ static int sctp_assocs_seq_show(struct seq_file *seq, void *v)
assoc->init_retries, assoc->shutdown_retries,
assoc->rtx_data_chunks,
refcount_read(&sk->sk_wmem_alloc),
- sk->sk_wmem_queued,
+ READ_ONCE(sk->sk_wmem_queued),
sk->sk_sndbuf,
sk->sk_rcvbuf);
seq_printf(seq, "\n");
diff --git a/net/sctp/socket.c b/net/sctp/socket.c
index 431b9399a781f..d1dd261e8b010 100644
--- a/net/sctp/socket.c
+++ b/net/sctp/socket.c
@@ -68,7 +68,7 @@
#include <net/sctp/stream_sched.h>
/* Forward declarations for internal helper functions. */
-static bool sctp_writeable(struct sock *sk);
+static bool sctp_writeable(const struct sock *sk);
static void sctp_wfree(struct sk_buff *skb);
static int sctp_wait_for_sndbuf(struct sctp_association *asoc, long *timeo_p,
size_t msg_len);
@@ -138,7 +138,7 @@ static inline void sctp_set_owner_w(struct sctp_chunk *chunk)
refcount_add(sizeof(struct sctp_chunk), &sk->sk_wmem_alloc);
asoc->sndbuf_used += chunk->skb->truesize + sizeof(struct sctp_chunk);
- sk->sk_wmem_queued += chunk->skb->truesize + sizeof(struct sctp_chunk);
+ sk_wmem_queued_add(sk, chunk->skb->truesize + sizeof(struct sctp_chunk));
sk_mem_charge(sk, chunk->skb->truesize);
}
@@ -8997,7 +8997,7 @@ static void sctp_wfree(struct sk_buff *skb)
struct sock *sk = asoc->base.sk;
sk_mem_uncharge(sk, skb->truesize);
- sk->sk_wmem_queued -= skb->truesize + sizeof(struct sctp_chunk);
+ sk_wmem_queued_add(sk, -(skb->truesize + sizeof(struct sctp_chunk)));
asoc->sndbuf_used -= skb->truesize + sizeof(struct sctp_chunk);
WARN_ON(refcount_sub_and_test(sizeof(struct sctp_chunk),
&sk->sk_wmem_alloc));
@@ -9152,9 +9152,9 @@ void sctp_write_space(struct sock *sk)
* UDP-style sockets or TCP-style sockets, this code should work.
* - Daisy
*/
-static bool sctp_writeable(struct sock *sk)
+static bool sctp_writeable(const struct sock *sk)
{
- return sk->sk_sndbuf > sk->sk_wmem_queued;
+ return READ_ONCE(sk->sk_sndbuf) > READ_ONCE(sk->sk_wmem_queued);
}
/* Wait for an association to go into ESTABLISHED state. If timeout is 0,
--
2.40.1
^ permalink raw reply related [flat|nested] 396+ messages in thread
* [PATCH 5.4 259/367] ipv4: annotate data-races around fi->fib_dead
2023-09-20 11:26 [PATCH 5.4 000/367] 5.4.257-rc1 review Greg Kroah-Hartman
` (257 preceding siblings ...)
2023-09-20 11:30 ` [PATCH 5.4 258/367] sctp: annotate data-races around sk->sk_wmem_queued Greg Kroah-Hartman
@ 2023-09-20 11:30 ` Greg Kroah-Hartman
2023-09-20 11:30 ` [PATCH 5.4 260/367] net: read sk->sk_family once in sk_mc_loop() Greg Kroah-Hartman
` (113 subsequent siblings)
372 siblings, 0 replies; 396+ messages in thread
From: Greg Kroah-Hartman @ 2023-09-20 11:30 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, syzbot, Eric Dumazet, David Ahern,
Paolo Abeni, Sasha Levin
5.4-stable review patch. If anyone has any objections, please let me know.
------------------
From: Eric Dumazet <edumazet@google.com>
[ Upstream commit fce92af1c29d90184dfec638b5738831097d66e9 ]
syzbot complained about a data-race in fib_table_lookup() [1]
Add appropriate annotations to document it.
[1]
BUG: KCSAN: data-race in fib_release_info / fib_table_lookup
write to 0xffff888150f31744 of 1 bytes by task 1189 on cpu 0:
fib_release_info+0x3a0/0x460 net/ipv4/fib_semantics.c:281
fib_table_delete+0x8d2/0x900 net/ipv4/fib_trie.c:1777
fib_magic+0x1c1/0x1f0 net/ipv4/fib_frontend.c:1106
fib_del_ifaddr+0x8cf/0xa60 net/ipv4/fib_frontend.c:1317
fib_inetaddr_event+0x77/0x200 net/ipv4/fib_frontend.c:1448
notifier_call_chain kernel/notifier.c:93 [inline]
blocking_notifier_call_chain+0x90/0x200 kernel/notifier.c:388
__inet_del_ifa+0x4df/0x800 net/ipv4/devinet.c:432
inet_del_ifa net/ipv4/devinet.c:469 [inline]
inetdev_destroy net/ipv4/devinet.c:322 [inline]
inetdev_event+0x553/0xaf0 net/ipv4/devinet.c:1606
notifier_call_chain kernel/notifier.c:93 [inline]
raw_notifier_call_chain+0x6b/0x1c0 kernel/notifier.c:461
call_netdevice_notifiers_info net/core/dev.c:1962 [inline]
call_netdevice_notifiers_mtu+0xd2/0x130 net/core/dev.c:2037
dev_set_mtu_ext+0x30b/0x3e0 net/core/dev.c:8673
do_setlink+0x5be/0x2430 net/core/rtnetlink.c:2837
rtnl_setlink+0x255/0x300 net/core/rtnetlink.c:3177
rtnetlink_rcv_msg+0x807/0x8c0 net/core/rtnetlink.c:6445
netlink_rcv_skb+0x126/0x220 net/netlink/af_netlink.c:2549
rtnetlink_rcv+0x1c/0x20 net/core/rtnetlink.c:6463
netlink_unicast_kernel net/netlink/af_netlink.c:1339 [inline]
netlink_unicast+0x56f/0x640 net/netlink/af_netlink.c:1365
netlink_sendmsg+0x665/0x770 net/netlink/af_netlink.c:1914
sock_sendmsg_nosec net/socket.c:725 [inline]
sock_sendmsg net/socket.c:748 [inline]
sock_write_iter+0x1aa/0x230 net/socket.c:1129
do_iter_write+0x4b4/0x7b0 fs/read_write.c:860
vfs_writev+0x1a8/0x320 fs/read_write.c:933
do_writev+0xf8/0x220 fs/read_write.c:976
__do_sys_writev fs/read_write.c:1049 [inline]
__se_sys_writev fs/read_write.c:1046 [inline]
__x64_sys_writev+0x45/0x50 fs/read_write.c:1046
do_syscall_x64 arch/x86/entry/common.c:50 [inline]
do_syscall_64+0x41/0xc0 arch/x86/entry/common.c:80
entry_SYSCALL_64_after_hwframe+0x63/0xcd
read to 0xffff888150f31744 of 1 bytes by task 21839 on cpu 1:
fib_table_lookup+0x2bf/0xd50 net/ipv4/fib_trie.c:1585
fib_lookup include/net/ip_fib.h:383 [inline]
ip_route_output_key_hash_rcu+0x38c/0x12c0 net/ipv4/route.c:2751
ip_route_output_key_hash net/ipv4/route.c:2641 [inline]
__ip_route_output_key include/net/route.h:134 [inline]
ip_route_output_flow+0xa6/0x150 net/ipv4/route.c:2869
send4+0x1e7/0x500 drivers/net/wireguard/socket.c:61
wg_socket_send_skb_to_peer+0x94/0x130 drivers/net/wireguard/socket.c:175
wg_socket_send_buffer_to_peer+0xd6/0x100 drivers/net/wireguard/socket.c:200
wg_packet_send_handshake_initiation drivers/net/wireguard/send.c:40 [inline]
wg_packet_handshake_send_worker+0x10c/0x150 drivers/net/wireguard/send.c:51
process_one_work+0x434/0x860 kernel/workqueue.c:2600
worker_thread+0x5f2/0xa10 kernel/workqueue.c:2751
kthread+0x1d7/0x210 kernel/kthread.c:389
ret_from_fork+0x2e/0x40 arch/x86/kernel/process.c:145
ret_from_fork_asm+0x11/0x20 arch/x86/entry/entry_64.S:304
value changed: 0x00 -> 0x01
Reported by Kernel Concurrency Sanitizer on:
CPU: 1 PID: 21839 Comm: kworker/u4:18 Tainted: G W 6.5.0-syzkaller #0
Fixes: dccd9ecc3744 ("ipv4: Do not use dead fib_info entries.")
Reported-by: syzbot <syzkaller@googlegroups.com>
Signed-off-by: Eric Dumazet <edumazet@google.com>
Reviewed-by: David Ahern <dsahern@kernel.org>
Link: https://lore.kernel.org/r/20230830095520.1046984-1-edumazet@google.com
Signed-off-by: Paolo Abeni <pabeni@redhat.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
net/ipv4/fib_semantics.c | 5 ++++-
net/ipv4/fib_trie.c | 3 ++-
2 files changed, 6 insertions(+), 2 deletions(-)
diff --git a/net/ipv4/fib_semantics.c b/net/ipv4/fib_semantics.c
index 42a4ee192f8dc..51cfb650060ba 100644
--- a/net/ipv4/fib_semantics.c
+++ b/net/ipv4/fib_semantics.c
@@ -275,7 +275,8 @@ void fib_release_info(struct fib_info *fi)
hlist_del(&nexthop_nh->nh_hash);
} endfor_nexthops(fi)
}
- fi->fib_dead = 1;
+ /* Paired with READ_ONCE() from fib_table_lookup() */
+ WRITE_ONCE(fi->fib_dead, 1);
fib_info_put(fi);
}
spin_unlock_bh(&fib_info_lock);
@@ -1586,6 +1587,7 @@ struct fib_info *fib_create_info(struct fib_config *cfg,
link_it:
ofi = fib_find_info(fi);
if (ofi) {
+ /* fib_table_lookup() should not see @fi yet. */
fi->fib_dead = 1;
free_fib_info(fi);
ofi->fib_treeref++;
@@ -1623,6 +1625,7 @@ struct fib_info *fib_create_info(struct fib_config *cfg,
failure:
if (fi) {
+ /* fib_table_lookup() should not see @fi yet. */
fi->fib_dead = 1;
free_fib_info(fi);
}
diff --git a/net/ipv4/fib_trie.c b/net/ipv4/fib_trie.c
index a1f830da4ad30..7f933ead3bf4c 100644
--- a/net/ipv4/fib_trie.c
+++ b/net/ipv4/fib_trie.c
@@ -1448,7 +1448,8 @@ int fib_table_lookup(struct fib_table *tb, const struct flowi4 *flp,
}
if (fa->fa_tos && fa->fa_tos != flp->flowi4_tos)
continue;
- if (fi->fib_dead)
+ /* Paired with WRITE_ONCE() in fib_release_info() */
+ if (READ_ONCE(fi->fib_dead))
continue;
if (fa->fa_info->fib_scope < flp->flowi4_scope)
continue;
--
2.40.1
^ permalink raw reply related [flat|nested] 396+ messages in thread
* [PATCH 5.4 260/367] net: read sk->sk_family once in sk_mc_loop()
2023-09-20 11:26 [PATCH 5.4 000/367] 5.4.257-rc1 review Greg Kroah-Hartman
` (258 preceding siblings ...)
2023-09-20 11:30 ` [PATCH 5.4 259/367] ipv4: annotate data-races around fi->fib_dead Greg Kroah-Hartman
@ 2023-09-20 11:30 ` Greg Kroah-Hartman
2023-09-20 11:30 ` [PATCH 5.4 261/367] igb: disable virtualization features on 82580 Greg Kroah-Hartman
` (112 subsequent siblings)
372 siblings, 0 replies; 396+ messages in thread
From: Greg Kroah-Hartman @ 2023-09-20 11:30 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, syzbot, Eric Dumazet,
Kuniyuki Iwashima, Paolo Abeni, Sasha Levin
5.4-stable review patch. If anyone has any objections, please let me know.
------------------
From: Eric Dumazet <edumazet@google.com>
[ Upstream commit a3e0fdf71bbe031de845e8e08ed7fba49f9c702c ]
syzbot is playing with IPV6_ADDRFORM quite a lot these days,
and managed to hit the WARN_ON_ONCE(1) in sk_mc_loop()
We have many more similar issues to fix.
WARNING: CPU: 1 PID: 1593 at net/core/sock.c:782 sk_mc_loop+0x165/0x260
Modules linked in:
CPU: 1 PID: 1593 Comm: kworker/1:3 Not tainted 6.1.40-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/26/2023
Workqueue: events_power_efficient gc_worker
RIP: 0010:sk_mc_loop+0x165/0x260 net/core/sock.c:782
Code: 34 1b fd 49 81 c7 18 05 00 00 4c 89 f8 48 c1 e8 03 42 80 3c 20 00 74 08 4c 89 ff e8 25 36 6d fd 4d 8b 37 eb 13 e8 db 33 1b fd <0f> 0b b3 01 eb 34 e8 d0 33 1b fd 45 31 f6 49 83 c6 38 4c 89 f0 48
RSP: 0018:ffffc90000388530 EFLAGS: 00010246
RAX: ffffffff846d9b55 RBX: 0000000000000011 RCX: ffff88814f884980
RDX: 0000000000000102 RSI: ffffffff87ae5160 RDI: 0000000000000011
RBP: ffffc90000388550 R08: 0000000000000003 R09: ffffffff846d9a65
R10: 0000000000000002 R11: ffff88814f884980 R12: dffffc0000000000
R13: ffff88810dbee000 R14: 0000000000000010 R15: ffff888150084000
FS: 0000000000000000(0000) GS:ffff8881f6b00000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000000020000180 CR3: 000000014ee5b000 CR4: 00000000003506e0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
<IRQ>
[<ffffffff8507734f>] ip6_finish_output2+0x33f/0x1ae0 net/ipv6/ip6_output.c:83
[<ffffffff85062766>] __ip6_finish_output net/ipv6/ip6_output.c:200 [inline]
[<ffffffff85062766>] ip6_finish_output+0x6c6/0xb10 net/ipv6/ip6_output.c:211
[<ffffffff85061f8c>] NF_HOOK_COND include/linux/netfilter.h:298 [inline]
[<ffffffff85061f8c>] ip6_output+0x2bc/0x3d0 net/ipv6/ip6_output.c:232
[<ffffffff852071cf>] dst_output include/net/dst.h:444 [inline]
[<ffffffff852071cf>] ip6_local_out+0x10f/0x140 net/ipv6/output_core.c:161
[<ffffffff83618fb4>] ipvlan_process_v6_outbound drivers/net/ipvlan/ipvlan_core.c:483 [inline]
[<ffffffff83618fb4>] ipvlan_process_outbound drivers/net/ipvlan/ipvlan_core.c:529 [inline]
[<ffffffff83618fb4>] ipvlan_xmit_mode_l3 drivers/net/ipvlan/ipvlan_core.c:602 [inline]
[<ffffffff83618fb4>] ipvlan_queue_xmit+0x1174/0x1be0 drivers/net/ipvlan/ipvlan_core.c:677
[<ffffffff8361ddd9>] ipvlan_start_xmit+0x49/0x100 drivers/net/ipvlan/ipvlan_main.c:229
[<ffffffff84763fc0>] netdev_start_xmit include/linux/netdevice.h:4925 [inline]
[<ffffffff84763fc0>] xmit_one net/core/dev.c:3644 [inline]
[<ffffffff84763fc0>] dev_hard_start_xmit+0x320/0x980 net/core/dev.c:3660
[<ffffffff8494c650>] sch_direct_xmit+0x2a0/0x9c0 net/sched/sch_generic.c:342
[<ffffffff8494d883>] qdisc_restart net/sched/sch_generic.c:407 [inline]
[<ffffffff8494d883>] __qdisc_run+0xb13/0x1e70 net/sched/sch_generic.c:415
[<ffffffff8478c426>] qdisc_run+0xd6/0x260 include/net/pkt_sched.h:125
[<ffffffff84796eac>] net_tx_action+0x7ac/0x940 net/core/dev.c:5247
[<ffffffff858002bd>] __do_softirq+0x2bd/0x9bd kernel/softirq.c:599
[<ffffffff814c3fe8>] invoke_softirq kernel/softirq.c:430 [inline]
[<ffffffff814c3fe8>] __irq_exit_rcu+0xc8/0x170 kernel/softirq.c:683
[<ffffffff814c3f09>] irq_exit_rcu+0x9/0x20 kernel/softirq.c:695
Fixes: 7ad6848c7e81 ("ip: fix mc_loop checks for tunnels with multicast outer addresses")
Reported-by: syzbot <syzkaller@googlegroups.com>
Signed-off-by: Eric Dumazet <edumazet@google.com>
Reviewed-by: Kuniyuki Iwashima <kuniyu@amazon.com>
Link: https://lore.kernel.org/r/20230830101244.1146934-1-edumazet@google.com
Signed-off-by: Paolo Abeni <pabeni@redhat.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
net/core/sock.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/net/core/sock.c b/net/core/sock.c
index 69b4158a29f74..1fed45f29e0ec 100644
--- a/net/core/sock.c
+++ b/net/core/sock.c
@@ -701,7 +701,8 @@ bool sk_mc_loop(struct sock *sk)
return false;
if (!sk)
return true;
- switch (sk->sk_family) {
+ /* IPV6_ADDRFORM can change sk->sk_family under us. */
+ switch (READ_ONCE(sk->sk_family)) {
case AF_INET:
return inet_sk(sk)->mc_loop;
#if IS_ENABLED(CONFIG_IPV6)
--
2.40.1
^ permalink raw reply related [flat|nested] 396+ messages in thread
* [PATCH 5.4 261/367] igb: disable virtualization features on 82580
2023-09-20 11:26 [PATCH 5.4 000/367] 5.4.257-rc1 review Greg Kroah-Hartman
` (259 preceding siblings ...)
2023-09-20 11:30 ` [PATCH 5.4 260/367] net: read sk->sk_family once in sk_mc_loop() Greg Kroah-Hartman
@ 2023-09-20 11:30 ` Greg Kroah-Hartman
2023-09-20 11:30 ` [PATCH 5.4 262/367] veth: Fixing transmit return status for dropped packets Greg Kroah-Hartman
` (111 subsequent siblings)
372 siblings, 0 replies; 396+ messages in thread
From: Greg Kroah-Hartman @ 2023-09-20 11:30 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Corinna Vinschen, Simon Horman,
David S. Miller, Sasha Levin
5.4-stable review patch. If anyone has any objections, please let me know.
------------------
From: Corinna Vinschen <vinschen@redhat.com>
[ Upstream commit fa09bc40b21a33937872c4c4cf0f266ec9fa4869 ]
Disable virtualization features on 82580 just as on i210/i211.
This avoids that virt functions are acidentally called on 82850.
Fixes: 55cac248caa4 ("igb: Add full support for 82580 devices")
Signed-off-by: Corinna Vinschen <vinschen@redhat.com>
Reviewed-by: Simon Horman <horms@kernel.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/ethernet/intel/igb/igb_main.c | 5 +++--
1 file changed, 3 insertions(+), 2 deletions(-)
diff --git a/drivers/net/ethernet/intel/igb/igb_main.c b/drivers/net/ethernet/intel/igb/igb_main.c
index b8113235f281f..6638d314c811c 100644
--- a/drivers/net/ethernet/intel/igb/igb_main.c
+++ b/drivers/net/ethernet/intel/igb/igb_main.c
@@ -3710,8 +3710,9 @@ static void igb_probe_vfs(struct igb_adapter *adapter)
struct pci_dev *pdev = adapter->pdev;
struct e1000_hw *hw = &adapter->hw;
- /* Virtualization features not supported on i210 family. */
- if ((hw->mac.type == e1000_i210) || (hw->mac.type == e1000_i211))
+ /* Virtualization features not supported on i210 and 82580 family. */
+ if ((hw->mac.type == e1000_i210) || (hw->mac.type == e1000_i211) ||
+ (hw->mac.type == e1000_82580))
return;
/* Of the below we really only want the effect of getting
--
2.40.1
^ permalink raw reply related [flat|nested] 396+ messages in thread
* [PATCH 5.4 262/367] veth: Fixing transmit return status for dropped packets
2023-09-20 11:26 [PATCH 5.4 000/367] 5.4.257-rc1 review Greg Kroah-Hartman
` (260 preceding siblings ...)
2023-09-20 11:30 ` [PATCH 5.4 261/367] igb: disable virtualization features on 82580 Greg Kroah-Hartman
@ 2023-09-20 11:30 ` Greg Kroah-Hartman
2023-09-20 11:30 ` [PATCH 5.4 263/367] net: ipv6/addrconf: avoid integer underflow in ipv6_create_tempaddr Greg Kroah-Hartman
` (110 subsequent siblings)
372 siblings, 0 replies; 396+ messages in thread
From: Greg Kroah-Hartman @ 2023-09-20 11:30 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Liang Chen, Eric Dumazet,
David S. Miller, Sasha Levin
5.4-stable review patch. If anyone has any objections, please let me know.
------------------
From: Liang Chen <liangchen.linux@gmail.com>
[ Upstream commit 151e887d8ff97e2e42110ffa1fb1e6a2128fb364 ]
The veth_xmit function returns NETDEV_TX_OK even when packets are dropped.
This behavior leads to incorrect calculations of statistics counts, as
well as things like txq->trans_start updates.
Fixes: e314dbdc1c0d ("[NET]: Virtual ethernet device driver.")
Signed-off-by: Liang Chen <liangchen.linux@gmail.com>
Reviewed-by: Eric Dumazet <edumazet@google.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/veth.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/drivers/net/veth.c b/drivers/net/veth.c
index a6445bba4f942..cae7247a397aa 100644
--- a/drivers/net/veth.c
+++ b/drivers/net/veth.c
@@ -238,6 +238,7 @@ static netdev_tx_t veth_xmit(struct sk_buff *skb, struct net_device *dev)
{
struct veth_priv *rcv_priv, *priv = netdev_priv(dev);
struct veth_rq *rq = NULL;
+ int ret = NETDEV_TX_OK;
struct net_device *rcv;
int length = skb->len;
bool rcv_xdp = false;
@@ -270,6 +271,7 @@ static netdev_tx_t veth_xmit(struct sk_buff *skb, struct net_device *dev)
} else {
drop:
atomic64_inc(&priv->dropped);
+ ret = NET_XMIT_DROP;
}
if (rcv_xdp)
@@ -277,7 +279,7 @@ static netdev_tx_t veth_xmit(struct sk_buff *skb, struct net_device *dev)
rcu_read_unlock();
- return NETDEV_TX_OK;
+ return ret;
}
static u64 veth_stats_tx(struct pcpu_lstats *result, struct net_device *dev)
--
2.40.1
^ permalink raw reply related [flat|nested] 396+ messages in thread
* [PATCH 5.4 263/367] net: ipv6/addrconf: avoid integer underflow in ipv6_create_tempaddr
2023-09-20 11:26 [PATCH 5.4 000/367] 5.4.257-rc1 review Greg Kroah-Hartman
` (261 preceding siblings ...)
2023-09-20 11:30 ` [PATCH 5.4 262/367] veth: Fixing transmit return status for dropped packets Greg Kroah-Hartman
@ 2023-09-20 11:30 ` Greg Kroah-Hartman
2023-09-20 11:30 ` [PATCH 5.4 264/367] af_unix: Fix data-races around user->unix_inflight Greg Kroah-Hartman
` (109 subsequent siblings)
372 siblings, 0 replies; 396+ messages in thread
From: Greg Kroah-Hartman @ 2023-09-20 11:30 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Alex Henrie, David Ahern,
David S. Miller, Sasha Levin
5.4-stable review patch. If anyone has any objections, please let me know.
------------------
From: Alex Henrie <alexhenrie24@gmail.com>
[ Upstream commit f31867d0d9d82af757c1e0178b659438f4c1ea3c ]
The existing code incorrectly casted a negative value (the result of a
subtraction) to an unsigned value without checking. For example, if
/proc/sys/net/ipv6/conf/*/temp_prefered_lft was set to 1, the preferred
lifetime would jump to 4 billion seconds. On my machine and network the
shortest lifetime that avoided underflow was 3 seconds.
Fixes: 76506a986dc3 ("IPv6: fix DESYNC_FACTOR")
Signed-off-by: Alex Henrie <alexhenrie24@gmail.com>
Reviewed-by: David Ahern <dsahern@kernel.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
net/ipv6/addrconf.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/net/ipv6/addrconf.c b/net/ipv6/addrconf.c
index a4c3cb72bdc6a..c523236d934eb 100644
--- a/net/ipv6/addrconf.c
+++ b/net/ipv6/addrconf.c
@@ -1367,7 +1367,7 @@ static int ipv6_create_tempaddr(struct inet6_ifaddr *ifp,
* idev->desync_factor if it's larger
*/
cnf_temp_preferred_lft = READ_ONCE(idev->cnf.temp_prefered_lft);
- max_desync_factor = min_t(__u32,
+ max_desync_factor = min_t(long,
idev->cnf.max_desync_factor,
cnf_temp_preferred_lft - regen_advance);
--
2.40.1
^ permalink raw reply related [flat|nested] 396+ messages in thread
* [PATCH 5.4 264/367] af_unix: Fix data-races around user->unix_inflight.
2023-09-20 11:26 [PATCH 5.4 000/367] 5.4.257-rc1 review Greg Kroah-Hartman
` (262 preceding siblings ...)
2023-09-20 11:30 ` [PATCH 5.4 263/367] net: ipv6/addrconf: avoid integer underflow in ipv6_create_tempaddr Greg Kroah-Hartman
@ 2023-09-20 11:30 ` Greg Kroah-Hartman
2023-09-20 11:30 ` [PATCH 5.4 265/367] af_unix: Fix data-race around unix_tot_inflight Greg Kroah-Hartman
` (108 subsequent siblings)
372 siblings, 0 replies; 396+ messages in thread
From: Greg Kroah-Hartman @ 2023-09-20 11:30 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, syzkaller, Kuniyuki Iwashima,
Willy Tarreau, Eric Dumazet, David S. Miller, Sasha Levin
5.4-stable review patch. If anyone has any objections, please let me know.
------------------
From: Kuniyuki Iwashima <kuniyu@amazon.com>
[ Upstream commit 0bc36c0650b21df36fbec8136add83936eaf0607 ]
user->unix_inflight is changed under spin_lock(unix_gc_lock),
but too_many_unix_fds() reads it locklessly.
Let's annotate the write/read accesses to user->unix_inflight.
BUG: KCSAN: data-race in unix_attach_fds / unix_inflight
write to 0xffffffff8546f2d0 of 8 bytes by task 44798 on cpu 1:
unix_inflight+0x157/0x180 net/unix/scm.c:66
unix_attach_fds+0x147/0x1e0 net/unix/scm.c:123
unix_scm_to_skb net/unix/af_unix.c:1827 [inline]
unix_dgram_sendmsg+0x46a/0x14f0 net/unix/af_unix.c:1950
unix_seqpacket_sendmsg net/unix/af_unix.c:2308 [inline]
unix_seqpacket_sendmsg+0xba/0x130 net/unix/af_unix.c:2292
sock_sendmsg_nosec net/socket.c:725 [inline]
sock_sendmsg+0x148/0x160 net/socket.c:748
____sys_sendmsg+0x4e4/0x610 net/socket.c:2494
___sys_sendmsg+0xc6/0x140 net/socket.c:2548
__sys_sendmsg+0x94/0x140 net/socket.c:2577
__do_sys_sendmsg net/socket.c:2586 [inline]
__se_sys_sendmsg net/socket.c:2584 [inline]
__x64_sys_sendmsg+0x45/0x50 net/socket.c:2584
do_syscall_x64 arch/x86/entry/common.c:50 [inline]
do_syscall_64+0x3b/0x90 arch/x86/entry/common.c:80
entry_SYSCALL_64_after_hwframe+0x6e/0xd8
read to 0xffffffff8546f2d0 of 8 bytes by task 44814 on cpu 0:
too_many_unix_fds net/unix/scm.c:101 [inline]
unix_attach_fds+0x54/0x1e0 net/unix/scm.c:110
unix_scm_to_skb net/unix/af_unix.c:1827 [inline]
unix_dgram_sendmsg+0x46a/0x14f0 net/unix/af_unix.c:1950
unix_seqpacket_sendmsg net/unix/af_unix.c:2308 [inline]
unix_seqpacket_sendmsg+0xba/0x130 net/unix/af_unix.c:2292
sock_sendmsg_nosec net/socket.c:725 [inline]
sock_sendmsg+0x148/0x160 net/socket.c:748
____sys_sendmsg+0x4e4/0x610 net/socket.c:2494
___sys_sendmsg+0xc6/0x140 net/socket.c:2548
__sys_sendmsg+0x94/0x140 net/socket.c:2577
__do_sys_sendmsg net/socket.c:2586 [inline]
__se_sys_sendmsg net/socket.c:2584 [inline]
__x64_sys_sendmsg+0x45/0x50 net/socket.c:2584
do_syscall_x64 arch/x86/entry/common.c:50 [inline]
do_syscall_64+0x3b/0x90 arch/x86/entry/common.c:80
entry_SYSCALL_64_after_hwframe+0x6e/0xd8
value changed: 0x000000000000000c -> 0x000000000000000d
Reported by Kernel Concurrency Sanitizer on:
CPU: 0 PID: 44814 Comm: systemd-coredum Not tainted 6.4.0-11989-g6843306689af #6
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.16.0-0-gd239552ce722-prebuilt.qemu.org 04/01/2014
Fixes: 712f4aad406b ("unix: properly account for FDs passed over unix sockets")
Reported-by: syzkaller <syzkaller@googlegroups.com>
Signed-off-by: Kuniyuki Iwashima <kuniyu@amazon.com>
Acked-by: Willy Tarreau <w@1wt.eu>
Reviewed-by: Eric Dumazet <edumazet@google.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
net/unix/scm.c | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/net/unix/scm.c b/net/unix/scm.c
index ce700b22eccee..e881a6e78af53 100644
--- a/net/unix/scm.c
+++ b/net/unix/scm.c
@@ -62,7 +62,7 @@ void unix_inflight(struct user_struct *user, struct file *fp)
/* Paired with READ_ONCE() in wait_for_unix_gc() */
WRITE_ONCE(unix_tot_inflight, unix_tot_inflight + 1);
}
- user->unix_inflight++;
+ WRITE_ONCE(user->unix_inflight, user->unix_inflight + 1);
spin_unlock(&unix_gc_lock);
}
@@ -83,7 +83,7 @@ void unix_notinflight(struct user_struct *user, struct file *fp)
/* Paired with READ_ONCE() in wait_for_unix_gc() */
WRITE_ONCE(unix_tot_inflight, unix_tot_inflight - 1);
}
- user->unix_inflight--;
+ WRITE_ONCE(user->unix_inflight, user->unix_inflight - 1);
spin_unlock(&unix_gc_lock);
}
@@ -97,7 +97,7 @@ static inline bool too_many_unix_fds(struct task_struct *p)
{
struct user_struct *user = current_user();
- if (unlikely(user->unix_inflight > task_rlimit(p, RLIMIT_NOFILE)))
+ if (unlikely(READ_ONCE(user->unix_inflight) > task_rlimit(p, RLIMIT_NOFILE)))
return !capable(CAP_SYS_RESOURCE) && !capable(CAP_SYS_ADMIN);
return false;
}
--
2.40.1
^ permalink raw reply related [flat|nested] 396+ messages in thread
* [PATCH 5.4 265/367] af_unix: Fix data-race around unix_tot_inflight.
2023-09-20 11:26 [PATCH 5.4 000/367] 5.4.257-rc1 review Greg Kroah-Hartman
` (263 preceding siblings ...)
2023-09-20 11:30 ` [PATCH 5.4 264/367] af_unix: Fix data-races around user->unix_inflight Greg Kroah-Hartman
@ 2023-09-20 11:30 ` Greg Kroah-Hartman
2023-09-20 11:30 ` [PATCH 5.4 266/367] af_unix: Fix data-races around sk->sk_shutdown Greg Kroah-Hartman
` (107 subsequent siblings)
372 siblings, 0 replies; 396+ messages in thread
From: Greg Kroah-Hartman @ 2023-09-20 11:30 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, syzkaller, Kuniyuki Iwashima,
Eric Dumazet, David S. Miller, Sasha Levin
5.4-stable review patch. If anyone has any objections, please let me know.
------------------
From: Kuniyuki Iwashima <kuniyu@amazon.com>
[ Upstream commit ade32bd8a738d7497ffe9743c46728db26740f78 ]
unix_tot_inflight is changed under spin_lock(unix_gc_lock), but
unix_release_sock() reads it locklessly.
Let's use READ_ONCE() for unix_tot_inflight.
Note that the writer side was marked by commit 9d6d7f1cb67c ("af_unix:
annote lockless accesses to unix_tot_inflight & gc_in_progress")
BUG: KCSAN: data-race in unix_inflight / unix_release_sock
write (marked) to 0xffffffff871852b8 of 4 bytes by task 123 on cpu 1:
unix_inflight+0x130/0x180 net/unix/scm.c:64
unix_attach_fds+0x137/0x1b0 net/unix/scm.c:123
unix_scm_to_skb net/unix/af_unix.c:1832 [inline]
unix_dgram_sendmsg+0x46a/0x14f0 net/unix/af_unix.c:1955
sock_sendmsg_nosec net/socket.c:724 [inline]
sock_sendmsg+0x148/0x160 net/socket.c:747
____sys_sendmsg+0x4e4/0x610 net/socket.c:2493
___sys_sendmsg+0xc6/0x140 net/socket.c:2547
__sys_sendmsg+0x94/0x140 net/socket.c:2576
__do_sys_sendmsg net/socket.c:2585 [inline]
__se_sys_sendmsg net/socket.c:2583 [inline]
__x64_sys_sendmsg+0x45/0x50 net/socket.c:2583
do_syscall_x64 arch/x86/entry/common.c:50 [inline]
do_syscall_64+0x3b/0x90 arch/x86/entry/common.c:80
entry_SYSCALL_64_after_hwframe+0x72/0xdc
read to 0xffffffff871852b8 of 4 bytes by task 4891 on cpu 0:
unix_release_sock+0x608/0x910 net/unix/af_unix.c:671
unix_release+0x59/0x80 net/unix/af_unix.c:1058
__sock_release+0x7d/0x170 net/socket.c:653
sock_close+0x19/0x30 net/socket.c:1385
__fput+0x179/0x5e0 fs/file_table.c:321
____fput+0x15/0x20 fs/file_table.c:349
task_work_run+0x116/0x1a0 kernel/task_work.c:179
resume_user_mode_work include/linux/resume_user_mode.h:49 [inline]
exit_to_user_mode_loop kernel/entry/common.c:171 [inline]
exit_to_user_mode_prepare+0x174/0x180 kernel/entry/common.c:204
__syscall_exit_to_user_mode_work kernel/entry/common.c:286 [inline]
syscall_exit_to_user_mode+0x1a/0x30 kernel/entry/common.c:297
do_syscall_64+0x4b/0x90 arch/x86/entry/common.c:86
entry_SYSCALL_64_after_hwframe+0x72/0xdc
value changed: 0x00000000 -> 0x00000001
Reported by Kernel Concurrency Sanitizer on:
CPU: 0 PID: 4891 Comm: systemd-coredum Not tainted 6.4.0-rc5-01219-gfa0e21fa4443 #5
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.16.0-0-gd239552ce722-prebuilt.qemu.org 04/01/2014
Fixes: 9305cfa4443d ("[AF_UNIX]: Make unix_tot_inflight counter non-atomic")
Reported-by: syzkaller <syzkaller@googlegroups.com>
Signed-off-by: Kuniyuki Iwashima <kuniyu@amazon.com>
Reviewed-by: Eric Dumazet <edumazet@google.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
net/unix/af_unix.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/net/unix/af_unix.c b/net/unix/af_unix.c
index baf0af49c5bd4..304eb26b34dca 100644
--- a/net/unix/af_unix.c
+++ b/net/unix/af_unix.c
@@ -589,7 +589,7 @@ static void unix_release_sock(struct sock *sk, int embrion)
* What the above comment does talk about? --ANK(980817)
*/
- if (unix_tot_inflight)
+ if (READ_ONCE(unix_tot_inflight))
unix_gc(); /* Garbage collect fds */
}
--
2.40.1
^ permalink raw reply related [flat|nested] 396+ messages in thread
* [PATCH 5.4 266/367] af_unix: Fix data-races around sk->sk_shutdown.
2023-09-20 11:26 [PATCH 5.4 000/367] 5.4.257-rc1 review Greg Kroah-Hartman
` (264 preceding siblings ...)
2023-09-20 11:30 ` [PATCH 5.4 265/367] af_unix: Fix data-race around unix_tot_inflight Greg Kroah-Hartman
@ 2023-09-20 11:30 ` Greg Kroah-Hartman
2023-09-20 11:30 ` [PATCH 5.4 267/367] af_unix: Fix data race around sk->sk_err Greg Kroah-Hartman
` (106 subsequent siblings)
372 siblings, 0 replies; 396+ messages in thread
From: Greg Kroah-Hartman @ 2023-09-20 11:30 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, syzkaller, Kuniyuki Iwashima,
Eric Dumazet, David S. Miller, Sasha Levin
5.4-stable review patch. If anyone has any objections, please let me know.
------------------
From: Kuniyuki Iwashima <kuniyu@amazon.com>
[ Upstream commit afe8764f76346ba838d4f162883e23d2fcfaa90e ]
sk->sk_shutdown is changed under unix_state_lock(sk), but
unix_dgram_sendmsg() calls two functions to read sk_shutdown locklessly.
sock_alloc_send_pskb
`- sock_wait_for_wmem
Let's use READ_ONCE() there.
Note that the writer side was marked by commit e1d09c2c2f57 ("af_unix:
Fix data races around sk->sk_shutdown.").
BUG: KCSAN: data-race in sock_alloc_send_pskb / unix_release_sock
write (marked) to 0xffff8880069af12c of 1 bytes by task 1 on cpu 1:
unix_release_sock+0x75c/0x910 net/unix/af_unix.c:631
unix_release+0x59/0x80 net/unix/af_unix.c:1053
__sock_release+0x7d/0x170 net/socket.c:654
sock_close+0x19/0x30 net/socket.c:1386
__fput+0x2a3/0x680 fs/file_table.c:384
____fput+0x15/0x20 fs/file_table.c:412
task_work_run+0x116/0x1a0 kernel/task_work.c:179
resume_user_mode_work include/linux/resume_user_mode.h:49 [inline]
exit_to_user_mode_loop kernel/entry/common.c:171 [inline]
exit_to_user_mode_prepare+0x174/0x180 kernel/entry/common.c:204
__syscall_exit_to_user_mode_work kernel/entry/common.c:286 [inline]
syscall_exit_to_user_mode+0x1a/0x30 kernel/entry/common.c:297
do_syscall_64+0x4b/0x90 arch/x86/entry/common.c:86
entry_SYSCALL_64_after_hwframe+0x6e/0xd8
read to 0xffff8880069af12c of 1 bytes by task 28650 on cpu 0:
sock_alloc_send_pskb+0xd2/0x620 net/core/sock.c:2767
unix_dgram_sendmsg+0x2f8/0x14f0 net/unix/af_unix.c:1944
unix_seqpacket_sendmsg net/unix/af_unix.c:2308 [inline]
unix_seqpacket_sendmsg+0xba/0x130 net/unix/af_unix.c:2292
sock_sendmsg_nosec net/socket.c:725 [inline]
sock_sendmsg+0x148/0x160 net/socket.c:748
____sys_sendmsg+0x4e4/0x610 net/socket.c:2494
___sys_sendmsg+0xc6/0x140 net/socket.c:2548
__sys_sendmsg+0x94/0x140 net/socket.c:2577
__do_sys_sendmsg net/socket.c:2586 [inline]
__se_sys_sendmsg net/socket.c:2584 [inline]
__x64_sys_sendmsg+0x45/0x50 net/socket.c:2584
do_syscall_x64 arch/x86/entry/common.c:50 [inline]
do_syscall_64+0x3b/0x90 arch/x86/entry/common.c:80
entry_SYSCALL_64_after_hwframe+0x6e/0xd8
value changed: 0x00 -> 0x03
Reported by Kernel Concurrency Sanitizer on:
CPU: 0 PID: 28650 Comm: systemd-coredum Not tainted 6.4.0-11989-g6843306689af #6
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.16.0-0-gd239552ce722-prebuilt.qemu.org 04/01/2014
Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2")
Reported-by: syzkaller <syzkaller@googlegroups.com>
Signed-off-by: Kuniyuki Iwashima <kuniyu@amazon.com>
Reviewed-by: Eric Dumazet <edumazet@google.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
net/core/sock.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/net/core/sock.c b/net/core/sock.c
index 1fed45f29e0ec..79d61be285186 100644
--- a/net/core/sock.c
+++ b/net/core/sock.c
@@ -2223,7 +2223,7 @@ static long sock_wait_for_wmem(struct sock *sk, long timeo)
prepare_to_wait(sk_sleep(sk), &wait, TASK_INTERRUPTIBLE);
if (refcount_read(&sk->sk_wmem_alloc) < READ_ONCE(sk->sk_sndbuf))
break;
- if (sk->sk_shutdown & SEND_SHUTDOWN)
+ if (READ_ONCE(sk->sk_shutdown) & SEND_SHUTDOWN)
break;
if (sk->sk_err)
break;
@@ -2253,7 +2253,7 @@ struct sk_buff *sock_alloc_send_pskb(struct sock *sk, unsigned long header_len,
goto failure;
err = -EPIPE;
- if (sk->sk_shutdown & SEND_SHUTDOWN)
+ if (READ_ONCE(sk->sk_shutdown) & SEND_SHUTDOWN)
goto failure;
if (sk_wmem_alloc_get(sk) < READ_ONCE(sk->sk_sndbuf))
--
2.40.1
^ permalink raw reply related [flat|nested] 396+ messages in thread
* [PATCH 5.4 267/367] af_unix: Fix data race around sk->sk_err.
2023-09-20 11:26 [PATCH 5.4 000/367] 5.4.257-rc1 review Greg Kroah-Hartman
` (265 preceding siblings ...)
2023-09-20 11:30 ` [PATCH 5.4 266/367] af_unix: Fix data-races around sk->sk_shutdown Greg Kroah-Hartman
@ 2023-09-20 11:30 ` Greg Kroah-Hartman
2023-09-20 11:30 ` [PATCH 5.4 268/367] net: sched: sch_qfq: Fix UAF in qfq_dequeue() Greg Kroah-Hartman
` (105 subsequent siblings)
372 siblings, 0 replies; 396+ messages in thread
From: Greg Kroah-Hartman @ 2023-09-20 11:30 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Kuniyuki Iwashima, Eric Dumazet,
David S. Miller, Sasha Levin
5.4-stable review patch. If anyone has any objections, please let me know.
------------------
From: Kuniyuki Iwashima <kuniyu@amazon.com>
[ Upstream commit b192812905e4b134f7b7994b079eb647e9d2d37e ]
As with sk->sk_shutdown shown in the previous patch, sk->sk_err can be
read locklessly by unix_dgram_sendmsg().
Let's use READ_ONCE() for sk_err as well.
Note that the writer side is marked by commit cc04410af7de ("af_unix:
annotate lockless accesses to sk->sk_err").
Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2")
Signed-off-by: Kuniyuki Iwashima <kuniyu@amazon.com>
Reviewed-by: Eric Dumazet <edumazet@google.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
net/core/sock.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/net/core/sock.c b/net/core/sock.c
index 79d61be285186..9979cd602dfac 100644
--- a/net/core/sock.c
+++ b/net/core/sock.c
@@ -2225,7 +2225,7 @@ static long sock_wait_for_wmem(struct sock *sk, long timeo)
break;
if (READ_ONCE(sk->sk_shutdown) & SEND_SHUTDOWN)
break;
- if (sk->sk_err)
+ if (READ_ONCE(sk->sk_err))
break;
timeo = schedule_timeout(timeo);
}
--
2.40.1
^ permalink raw reply related [flat|nested] 396+ messages in thread
* [PATCH 5.4 268/367] net: sched: sch_qfq: Fix UAF in qfq_dequeue()
2023-09-20 11:26 [PATCH 5.4 000/367] 5.4.257-rc1 review Greg Kroah-Hartman
` (266 preceding siblings ...)
2023-09-20 11:30 ` [PATCH 5.4 267/367] af_unix: Fix data race around sk->sk_err Greg Kroah-Hartman
@ 2023-09-20 11:30 ` Greg Kroah-Hartman
2023-09-20 11:30 ` [PATCH 5.4 269/367] kcm: Destroy mutex in kcm_exit_net() Greg Kroah-Hartman
` (104 subsequent siblings)
372 siblings, 0 replies; 396+ messages in thread
From: Greg Kroah-Hartman @ 2023-09-20 11:30 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, valis, Jamal Hadi Salim,
Paolo Abeni, Sasha Levin
5.4-stable review patch. If anyone has any objections, please let me know.
------------------
From: valis <sec@valis.email>
[ Upstream commit 8fc134fee27f2263988ae38920bc03da416b03d8 ]
When the plug qdisc is used as a class of the qfq qdisc it could trigger a
UAF. This issue can be reproduced with following commands:
tc qdisc add dev lo root handle 1: qfq
tc class add dev lo parent 1: classid 1:1 qfq weight 1 maxpkt 512
tc qdisc add dev lo parent 1:1 handle 2: plug
tc filter add dev lo parent 1: basic classid 1:1
ping -c1 127.0.0.1
and boom:
[ 285.353793] BUG: KASAN: slab-use-after-free in qfq_dequeue+0xa7/0x7f0
[ 285.354910] Read of size 4 at addr ffff8880bad312a8 by task ping/144
[ 285.355903]
[ 285.356165] CPU: 1 PID: 144 Comm: ping Not tainted 6.5.0-rc3+ #4
[ 285.357112] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.14.0-2 04/01/2014
[ 285.358376] Call Trace:
[ 285.358773] <IRQ>
[ 285.359109] dump_stack_lvl+0x44/0x60
[ 285.359708] print_address_description.constprop.0+0x2c/0x3c0
[ 285.360611] kasan_report+0x10c/0x120
[ 285.361195] ? qfq_dequeue+0xa7/0x7f0
[ 285.361780] qfq_dequeue+0xa7/0x7f0
[ 285.362342] __qdisc_run+0xf1/0x970
[ 285.362903] net_tx_action+0x28e/0x460
[ 285.363502] __do_softirq+0x11b/0x3de
[ 285.364097] do_softirq.part.0+0x72/0x90
[ 285.364721] </IRQ>
[ 285.365072] <TASK>
[ 285.365422] __local_bh_enable_ip+0x77/0x90
[ 285.366079] __dev_queue_xmit+0x95f/0x1550
[ 285.366732] ? __pfx_csum_and_copy_from_iter+0x10/0x10
[ 285.367526] ? __pfx___dev_queue_xmit+0x10/0x10
[ 285.368259] ? __build_skb_around+0x129/0x190
[ 285.368960] ? ip_generic_getfrag+0x12c/0x170
[ 285.369653] ? __pfx_ip_generic_getfrag+0x10/0x10
[ 285.370390] ? csum_partial+0x8/0x20
[ 285.370961] ? raw_getfrag+0xe5/0x140
[ 285.371559] ip_finish_output2+0x539/0xa40
[ 285.372222] ? __pfx_ip_finish_output2+0x10/0x10
[ 285.372954] ip_output+0x113/0x1e0
[ 285.373512] ? __pfx_ip_output+0x10/0x10
[ 285.374130] ? icmp_out_count+0x49/0x60
[ 285.374739] ? __pfx_ip_finish_output+0x10/0x10
[ 285.375457] ip_push_pending_frames+0xf3/0x100
[ 285.376173] raw_sendmsg+0xef5/0x12d0
[ 285.376760] ? do_syscall_64+0x40/0x90
[ 285.377359] ? __static_call_text_end+0x136578/0x136578
[ 285.378173] ? do_syscall_64+0x40/0x90
[ 285.378772] ? kasan_enable_current+0x11/0x20
[ 285.379469] ? __pfx_raw_sendmsg+0x10/0x10
[ 285.380137] ? __sock_create+0x13e/0x270
[ 285.380673] ? __sys_socket+0xf3/0x180
[ 285.381174] ? __x64_sys_socket+0x3d/0x50
[ 285.381725] ? entry_SYSCALL_64_after_hwframe+0x6e/0xd8
[ 285.382425] ? __rcu_read_unlock+0x48/0x70
[ 285.382975] ? ip4_datagram_release_cb+0xd8/0x380
[ 285.383608] ? __pfx_ip4_datagram_release_cb+0x10/0x10
[ 285.384295] ? preempt_count_sub+0x14/0xc0
[ 285.384844] ? __list_del_entry_valid+0x76/0x140
[ 285.385467] ? _raw_spin_lock_bh+0x87/0xe0
[ 285.386014] ? __pfx__raw_spin_lock_bh+0x10/0x10
[ 285.386645] ? release_sock+0xa0/0xd0
[ 285.387148] ? preempt_count_sub+0x14/0xc0
[ 285.387712] ? freeze_secondary_cpus+0x348/0x3c0
[ 285.388341] ? aa_sk_perm+0x177/0x390
[ 285.388856] ? __pfx_aa_sk_perm+0x10/0x10
[ 285.389441] ? check_stack_object+0x22/0x70
[ 285.390032] ? inet_send_prepare+0x2f/0x120
[ 285.390603] ? __pfx_inet_sendmsg+0x10/0x10
[ 285.391172] sock_sendmsg+0xcc/0xe0
[ 285.391667] __sys_sendto+0x190/0x230
[ 285.392168] ? __pfx___sys_sendto+0x10/0x10
[ 285.392727] ? kvm_clock_get_cycles+0x14/0x30
[ 285.393328] ? set_normalized_timespec64+0x57/0x70
[ 285.393980] ? _raw_spin_unlock_irq+0x1b/0x40
[ 285.394578] ? __x64_sys_clock_gettime+0x11c/0x160
[ 285.395225] ? __pfx___x64_sys_clock_gettime+0x10/0x10
[ 285.395908] ? _copy_to_user+0x3e/0x60
[ 285.396432] ? exit_to_user_mode_prepare+0x1a/0x120
[ 285.397086] ? syscall_exit_to_user_mode+0x22/0x50
[ 285.397734] ? do_syscall_64+0x71/0x90
[ 285.398258] __x64_sys_sendto+0x74/0x90
[ 285.398786] do_syscall_64+0x64/0x90
[ 285.399273] ? exit_to_user_mode_prepare+0x1a/0x120
[ 285.399949] ? syscall_exit_to_user_mode+0x22/0x50
[ 285.400605] ? do_syscall_64+0x71/0x90
[ 285.401124] entry_SYSCALL_64_after_hwframe+0x6e/0xd8
[ 285.401807] RIP: 0033:0x495726
[ 285.402233] Code: ff ff ff f7 d8 64 89 02 48 c7 c0 ff ff ff ff eb b8 0f 1f 00 41 89 ca 64 8b 04 25 18 00 00 00 85 c0 75 11 b8 2c 00 00 00 0f 09
[ 285.404683] RSP: 002b:00007ffcc25fb618 EFLAGS: 00000246 ORIG_RAX: 000000000000002c
[ 285.405677] RAX: ffffffffffffffda RBX: 0000000000000040 RCX: 0000000000495726
[ 285.406628] RDX: 0000000000000040 RSI: 0000000002518750 RDI: 0000000000000000
[ 285.407565] RBP: 00000000005205ef R08: 00000000005f8838 R09: 000000000000001c
[ 285.408523] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000002517634
[ 285.409460] R13: 00007ffcc25fb6f0 R14: 0000000000000003 R15: 0000000000000000
[ 285.410403] </TASK>
[ 285.410704]
[ 285.410929] Allocated by task 144:
[ 285.411402] kasan_save_stack+0x1e/0x40
[ 285.411926] kasan_set_track+0x21/0x30
[ 285.412442] __kasan_slab_alloc+0x55/0x70
[ 285.412973] kmem_cache_alloc_node+0x187/0x3d0
[ 285.413567] __alloc_skb+0x1b4/0x230
[ 285.414060] __ip_append_data+0x17f7/0x1b60
[ 285.414633] ip_append_data+0x97/0xf0
[ 285.415144] raw_sendmsg+0x5a8/0x12d0
[ 285.415640] sock_sendmsg+0xcc/0xe0
[ 285.416117] __sys_sendto+0x190/0x230
[ 285.416626] __x64_sys_sendto+0x74/0x90
[ 285.417145] do_syscall_64+0x64/0x90
[ 285.417624] entry_SYSCALL_64_after_hwframe+0x6e/0xd8
[ 285.418306]
[ 285.418531] Freed by task 144:
[ 285.418960] kasan_save_stack+0x1e/0x40
[ 285.419469] kasan_set_track+0x21/0x30
[ 285.419988] kasan_save_free_info+0x27/0x40
[ 285.420556] ____kasan_slab_free+0x109/0x1a0
[ 285.421146] kmem_cache_free+0x1c2/0x450
[ 285.421680] __netif_receive_skb_core+0x2ce/0x1870
[ 285.422333] __netif_receive_skb_one_core+0x97/0x140
[ 285.423003] process_backlog+0x100/0x2f0
[ 285.423537] __napi_poll+0x5c/0x2d0
[ 285.424023] net_rx_action+0x2be/0x560
[ 285.424510] __do_softirq+0x11b/0x3de
[ 285.425034]
[ 285.425254] The buggy address belongs to the object at ffff8880bad31280
[ 285.425254] which belongs to the cache skbuff_head_cache of size 224
[ 285.426993] The buggy address is located 40 bytes inside of
[ 285.426993] freed 224-byte region [ffff8880bad31280, ffff8880bad31360)
[ 285.428572]
[ 285.428798] The buggy address belongs to the physical page:
[ 285.429540] page:00000000f4b77674 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0xbad31
[ 285.430758] flags: 0x100000000000200(slab|node=0|zone=1)
[ 285.431447] page_type: 0xffffffff()
[ 285.431934] raw: 0100000000000200 ffff88810094a8c0 dead000000000122 0000000000000000
[ 285.432757] raw: 0000000000000000 00000000800c000c 00000001ffffffff 0000000000000000
[ 285.433562] page dumped because: kasan: bad access detected
[ 285.434144]
[ 285.434320] Memory state around the buggy address:
[ 285.434828] ffff8880bad31180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 285.435580] ffff8880bad31200: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 285.436264] >ffff8880bad31280: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 285.436777] ^
[ 285.437106] ffff8880bad31300: fb fb fb fb fb fb fb fb fb fb fb fb fc fc fc fc
[ 285.437616] ffff8880bad31380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 285.438126] ==================================================================
[ 285.438662] Disabling lock debugging due to kernel taint
Fix this by:
1. Changing sch_plug's .peek handler to qdisc_peek_dequeued(), a
function compatible with non-work-conserving qdiscs
2. Checking the return value of qdisc_dequeue_peeked() in sch_qfq.
Fixes: 462dbc9101ac ("pkt_sched: QFQ Plus: fair-queueing service at DRR cost")
Reported-by: valis <sec@valis.email>
Signed-off-by: valis <sec@valis.email>
Signed-off-by: Jamal Hadi Salim <jhs@mojatatu.com>
Link: https://lore.kernel.org/r/20230901162237.11525-1-jhs@mojatatu.com
Signed-off-by: Paolo Abeni <pabeni@redhat.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
net/sched/sch_plug.c | 2 +-
net/sched/sch_qfq.c | 22 +++++++++++++++++-----
2 files changed, 18 insertions(+), 6 deletions(-)
diff --git a/net/sched/sch_plug.c b/net/sched/sch_plug.c
index cbc2ebca4548c..339990bb59817 100644
--- a/net/sched/sch_plug.c
+++ b/net/sched/sch_plug.c
@@ -210,7 +210,7 @@ static struct Qdisc_ops plug_qdisc_ops __read_mostly = {
.priv_size = sizeof(struct plug_sched_data),
.enqueue = plug_enqueue,
.dequeue = plug_dequeue,
- .peek = qdisc_peek_head,
+ .peek = qdisc_peek_dequeued,
.init = plug_init,
.change = plug_change,
.reset = qdisc_reset_queue,
diff --git a/net/sched/sch_qfq.c b/net/sched/sch_qfq.c
index 34a54dcd95f23..6e9e3405f26b9 100644
--- a/net/sched/sch_qfq.c
+++ b/net/sched/sch_qfq.c
@@ -975,10 +975,13 @@ static void qfq_update_eligible(struct qfq_sched *q)
}
/* Dequeue head packet of the head class in the DRR queue of the aggregate. */
-static void agg_dequeue(struct qfq_aggregate *agg,
- struct qfq_class *cl, unsigned int len)
+static struct sk_buff *agg_dequeue(struct qfq_aggregate *agg,
+ struct qfq_class *cl, unsigned int len)
{
- qdisc_dequeue_peeked(cl->qdisc);
+ struct sk_buff *skb = qdisc_dequeue_peeked(cl->qdisc);
+
+ if (!skb)
+ return NULL;
cl->deficit -= (int) len;
@@ -988,6 +991,8 @@ static void agg_dequeue(struct qfq_aggregate *agg,
cl->deficit += agg->lmax;
list_move_tail(&cl->alist, &agg->active);
}
+
+ return skb;
}
static inline struct sk_buff *qfq_peek_skb(struct qfq_aggregate *agg,
@@ -1133,11 +1138,18 @@ static struct sk_buff *qfq_dequeue(struct Qdisc *sch)
if (!skb)
return NULL;
- qdisc_qstats_backlog_dec(sch, skb);
sch->q.qlen--;
+
+ skb = agg_dequeue(in_serv_agg, cl, len);
+
+ if (!skb) {
+ sch->q.qlen++;
+ return NULL;
+ }
+
+ qdisc_qstats_backlog_dec(sch, skb);
qdisc_bstats_update(sch, skb);
- agg_dequeue(in_serv_agg, cl, len);
/* If lmax is lowered, through qfq_change_class, for a class
* owning pending packets with larger size than the new value
* of lmax, then the following condition may hold.
--
2.40.1
^ permalink raw reply related [flat|nested] 396+ messages in thread
* [PATCH 5.4 269/367] kcm: Destroy mutex in kcm_exit_net()
2023-09-20 11:26 [PATCH 5.4 000/367] 5.4.257-rc1 review Greg Kroah-Hartman
` (267 preceding siblings ...)
2023-09-20 11:30 ` [PATCH 5.4 268/367] net: sched: sch_qfq: Fix UAF in qfq_dequeue() Greg Kroah-Hartman
@ 2023-09-20 11:30 ` Greg Kroah-Hartman
2023-09-20 11:30 ` [PATCH 5.4 270/367] igc: Change IGC_MIN to allow set rx/tx value between 64 and 80 Greg Kroah-Hartman
` (103 subsequent siblings)
372 siblings, 0 replies; 396+ messages in thread
From: Greg Kroah-Hartman @ 2023-09-20 11:30 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Shigeru Yoshida, Paolo Abeni, Sasha Levin
5.4-stable review patch. If anyone has any objections, please let me know.
------------------
From: Shigeru Yoshida <syoshida@redhat.com>
[ Upstream commit 6ad40b36cd3b04209e2d6c89d252c873d8082a59 ]
kcm_exit_net() should call mutex_destroy() on knet->mutex. This is especially
needed if CONFIG_DEBUG_MUTEXES is enabled.
Fixes: ab7ac4eb9832 ("kcm: Kernel Connection Multiplexor module")
Signed-off-by: Shigeru Yoshida <syoshida@redhat.com>
Link: https://lore.kernel.org/r/20230902170708.1727999-1-syoshida@redhat.com
Signed-off-by: Paolo Abeni <pabeni@redhat.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
net/kcm/kcmsock.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/net/kcm/kcmsock.c b/net/kcm/kcmsock.c
index 1975403ce8bee..50bcfc71389ab 100644
--- a/net/kcm/kcmsock.c
+++ b/net/kcm/kcmsock.c
@@ -1984,6 +1984,8 @@ static __net_exit void kcm_exit_net(struct net *net)
* that all multiplexors and psocks have been destroyed.
*/
WARN_ON(!list_empty(&knet->mux_list));
+
+ mutex_destroy(&knet->mutex);
}
static struct pernet_operations kcm_net_ops = {
--
2.40.1
^ permalink raw reply related [flat|nested] 396+ messages in thread
* [PATCH 5.4 270/367] igc: Change IGC_MIN to allow set rx/tx value between 64 and 80
2023-09-20 11:26 [PATCH 5.4 000/367] 5.4.257-rc1 review Greg Kroah-Hartman
` (268 preceding siblings ...)
2023-09-20 11:30 ` [PATCH 5.4 269/367] kcm: Destroy mutex in kcm_exit_net() Greg Kroah-Hartman
@ 2023-09-20 11:30 ` Greg Kroah-Hartman
2023-09-20 11:30 ` [PATCH 5.4 271/367] igbvf: Change IGBVF_MIN " Greg Kroah-Hartman
` (102 subsequent siblings)
372 siblings, 0 replies; 396+ messages in thread
From: Greg Kroah-Hartman @ 2023-09-20 11:30 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Olga Zaborska, Naama Meir,
Tony Nguyen, Sasha Levin
5.4-stable review patch. If anyone has any objections, please let me know.
------------------
From: Olga Zaborska <olga.zaborska@intel.com>
[ Upstream commit 5aa48279712e1f134aac908acde4df798955a955 ]
Change the minimum value of RX/TX descriptors to 64 to enable setting the rx/tx
value between 64 and 80. All igc devices can use as low as 64 descriptors.
This change will unify igc with other drivers.
Based on commit 7b1be1987c1e ("e1000e: lower ring minimum size to 64")
Fixes: 0507ef8a0372 ("igc: Add transmit and receive fastpath and interrupt handlers")
Signed-off-by: Olga Zaborska <olga.zaborska@intel.com>
Tested-by: Naama Meir <naamax.meir@linux.intel.com>
Signed-off-by: Tony Nguyen <anthony.l.nguyen@intel.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/ethernet/intel/igc/igc.h | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/drivers/net/ethernet/intel/igc/igc.h b/drivers/net/ethernet/intel/igc/igc.h
index aec998c82b694..a46eca3ffbcc5 100644
--- a/drivers/net/ethernet/intel/igc/igc.h
+++ b/drivers/net/ethernet/intel/igc/igc.h
@@ -78,11 +78,11 @@ extern char igc_driver_version[];
/* TX/RX descriptor defines */
#define IGC_DEFAULT_TXD 256
#define IGC_DEFAULT_TX_WORK 128
-#define IGC_MIN_TXD 80
+#define IGC_MIN_TXD 64
#define IGC_MAX_TXD 4096
#define IGC_DEFAULT_RXD 256
-#define IGC_MIN_RXD 80
+#define IGC_MIN_RXD 64
#define IGC_MAX_RXD 4096
/* Transmit and receive queues */
--
2.40.1
^ permalink raw reply related [flat|nested] 396+ messages in thread
* [PATCH 5.4 271/367] igbvf: Change IGBVF_MIN to allow set rx/tx value between 64 and 80
2023-09-20 11:26 [PATCH 5.4 000/367] 5.4.257-rc1 review Greg Kroah-Hartman
` (269 preceding siblings ...)
2023-09-20 11:30 ` [PATCH 5.4 270/367] igc: Change IGC_MIN to allow set rx/tx value between 64 and 80 Greg Kroah-Hartman
@ 2023-09-20 11:30 ` Greg Kroah-Hartman
2023-09-20 11:30 ` [PATCH 5.4 272/367] igb: Change IGB_MIN " Greg Kroah-Hartman
` (101 subsequent siblings)
372 siblings, 0 replies; 396+ messages in thread
From: Greg Kroah-Hartman @ 2023-09-20 11:30 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Olga Zaborska, Rafal Romanowski,
Tony Nguyen, Sasha Levin
5.4-stable review patch. If anyone has any objections, please let me know.
------------------
From: Olga Zaborska <olga.zaborska@intel.com>
[ Upstream commit 8360717524a24a421c36ef8eb512406dbd42160a ]
Change the minimum value of RX/TX descriptors to 64 to enable setting the rx/tx
value between 64 and 80. All igbvf devices can use as low as 64 descriptors.
This change will unify igbvf with other drivers.
Based on commit 7b1be1987c1e ("e1000e: lower ring minimum size to 64")
Fixes: d4e0fe01a38a ("igbvf: add new driver to support 82576 virtual functions")
Signed-off-by: Olga Zaborska <olga.zaborska@intel.com>
Tested-by: Rafal Romanowski <rafal.romanowski@intel.com>
Signed-off-by: Tony Nguyen <anthony.l.nguyen@intel.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/ethernet/intel/igbvf/igbvf.h | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/drivers/net/ethernet/intel/igbvf/igbvf.h b/drivers/net/ethernet/intel/igbvf/igbvf.h
index eee26a3be90ba..52545cb25d058 100644
--- a/drivers/net/ethernet/intel/igbvf/igbvf.h
+++ b/drivers/net/ethernet/intel/igbvf/igbvf.h
@@ -39,11 +39,11 @@ enum latency_range {
/* Tx/Rx descriptor defines */
#define IGBVF_DEFAULT_TXD 256
#define IGBVF_MAX_TXD 4096
-#define IGBVF_MIN_TXD 80
+#define IGBVF_MIN_TXD 64
#define IGBVF_DEFAULT_RXD 256
#define IGBVF_MAX_RXD 4096
-#define IGBVF_MIN_RXD 80
+#define IGBVF_MIN_RXD 64
#define IGBVF_MIN_ITR_USECS 10 /* 100000 irq/sec */
#define IGBVF_MAX_ITR_USECS 10000 /* 100 irq/sec */
--
2.40.1
^ permalink raw reply related [flat|nested] 396+ messages in thread
* [PATCH 5.4 272/367] igb: Change IGB_MIN to allow set rx/tx value between 64 and 80
2023-09-20 11:26 [PATCH 5.4 000/367] 5.4.257-rc1 review Greg Kroah-Hartman
` (270 preceding siblings ...)
2023-09-20 11:30 ` [PATCH 5.4 271/367] igbvf: Change IGBVF_MIN " Greg Kroah-Hartman
@ 2023-09-20 11:30 ` Greg Kroah-Hartman
2023-09-20 11:30 ` [PATCH 5.4 273/367] s390/zcrypt: dont leak memory if dev_set_name() fails Greg Kroah-Hartman
` (100 subsequent siblings)
372 siblings, 0 replies; 396+ messages in thread
From: Greg Kroah-Hartman @ 2023-09-20 11:30 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Olga Zaborska, Tony Nguyen,
Sasha Levin, Pucha Himasekhar Reddy
5.4-stable review patch. If anyone has any objections, please let me know.
------------------
From: Olga Zaborska <olga.zaborska@intel.com>
[ Upstream commit 6319685bdc8ad5310890add907b7c42f89302886 ]
Change the minimum value of RX/TX descriptors to 64 to enable setting the rx/tx
value between 64 and 80. All igb devices can use as low as 64 descriptors.
This change will unify igb with other drivers.
Based on commit 7b1be1987c1e ("e1000e: lower ring minimum size to 64")
Fixes: 9d5c824399de ("igb: PCI-Express 82575 Gigabit Ethernet driver")
Signed-off-by: Olga Zaborska <olga.zaborska@intel.com>
Tested-by: Pucha Himasekhar Reddy <himasekharx.reddy.pucha@intel.com> (A Contingent worker at Intel)
Signed-off-by: Tony Nguyen <anthony.l.nguyen@intel.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/ethernet/intel/igb/igb.h | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/drivers/net/ethernet/intel/igb/igb.h b/drivers/net/ethernet/intel/igb/igb.h
index 33cbe4f70d590..e6d99759d95a1 100644
--- a/drivers/net/ethernet/intel/igb/igb.h
+++ b/drivers/net/ethernet/intel/igb/igb.h
@@ -32,11 +32,11 @@ struct igb_adapter;
/* TX/RX descriptor defines */
#define IGB_DEFAULT_TXD 256
#define IGB_DEFAULT_TX_WORK 128
-#define IGB_MIN_TXD 80
+#define IGB_MIN_TXD 64
#define IGB_MAX_TXD 4096
#define IGB_DEFAULT_RXD 256
-#define IGB_MIN_RXD 80
+#define IGB_MIN_RXD 64
#define IGB_MAX_RXD 4096
#define IGB_DEFAULT_ITR 3 /* dynamic */
--
2.40.1
^ permalink raw reply related [flat|nested] 396+ messages in thread
* [PATCH 5.4 273/367] s390/zcrypt: dont leak memory if dev_set_name() fails
2023-09-20 11:26 [PATCH 5.4 000/367] 5.4.257-rc1 review Greg Kroah-Hartman
` (271 preceding siblings ...)
2023-09-20 11:30 ` [PATCH 5.4 272/367] igb: Change IGB_MIN " Greg Kroah-Hartman
@ 2023-09-20 11:30 ` Greg Kroah-Hartman
2023-09-20 11:30 ` [PATCH 5.4 274/367] idr: fix param name in idr_alloc_cyclic() doc Greg Kroah-Hartman
` (99 subsequent siblings)
372 siblings, 0 replies; 396+ messages in thread
From: Greg Kroah-Hartman @ 2023-09-20 11:30 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Andy Shevchenko,
Harald Freudenberger, Heiko Carstens, Sasha Levin
5.4-stable review patch. If anyone has any objections, please let me know.
------------------
From: Andy Shevchenko <andriy.shevchenko@linux.intel.com>
[ Upstream commit 6252f47b78031979ad919f971dc8468b893488bd ]
When dev_set_name() fails, zcdn_create() doesn't free the newly
allocated resources. Do it.
Fixes: 00fab2350e6b ("s390/zcrypt: multiple zcrypt device nodes support")
Signed-off-by: Andy Shevchenko <andriy.shevchenko@linux.intel.com>
Link: https://lore.kernel.org/r/20230831110000.24279-1-andriy.shevchenko@linux.intel.com
Signed-off-by: Harald Freudenberger <freude@linux.ibm.com>
Signed-off-by: Heiko Carstens <hca@linux.ibm.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/s390/crypto/zcrypt_api.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/drivers/s390/crypto/zcrypt_api.c b/drivers/s390/crypto/zcrypt_api.c
index ec41a8a76398c..f376dfcd7dbeb 100644
--- a/drivers/s390/crypto/zcrypt_api.c
+++ b/drivers/s390/crypto/zcrypt_api.c
@@ -397,6 +397,7 @@ static int zcdn_create(const char *name)
ZCRYPT_NAME "_%d", (int) MINOR(devt));
nodename[sizeof(nodename)-1] = '\0';
if (dev_set_name(&zcdndev->device, nodename)) {
+ kfree(zcdndev);
rc = -EINVAL;
goto unlockout;
}
--
2.40.1
^ permalink raw reply related [flat|nested] 396+ messages in thread
* [PATCH 5.4 274/367] idr: fix param name in idr_alloc_cyclic() doc
2023-09-20 11:26 [PATCH 5.4 000/367] 5.4.257-rc1 review Greg Kroah-Hartman
` (272 preceding siblings ...)
2023-09-20 11:30 ` [PATCH 5.4 273/367] s390/zcrypt: dont leak memory if dev_set_name() fails Greg Kroah-Hartman
@ 2023-09-20 11:30 ` Greg Kroah-Hartman
2023-09-20 11:30 ` [PATCH 5.4 275/367] ip_tunnels: use DEV_STATS_INC() Greg Kroah-Hartman
` (98 subsequent siblings)
372 siblings, 0 replies; 396+ messages in thread
From: Greg Kroah-Hartman @ 2023-09-20 11:30 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Ariel Marcovitch,
Matthew Wilcox (Oracle),
Sasha Levin
5.4-stable review patch. If anyone has any objections, please let me know.
------------------
From: Ariel Marcovitch <arielmarcovitch@gmail.com>
[ Upstream commit 2a15de80dd0f7e04a823291aa9eb49c5294f56af ]
The relevant parameter is 'start' and not 'nextid'
Fixes: 460488c58ca8 ("idr: Remove idr_alloc_ext")
Signed-off-by: Ariel Marcovitch <arielmarcovitch@gmail.com>
Signed-off-by: Matthew Wilcox (Oracle) <willy@infradead.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
lib/idr.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/lib/idr.c b/lib/idr.c
index b2bc190431ddf..a91ca1dfe1431 100644
--- a/lib/idr.c
+++ b/lib/idr.c
@@ -100,7 +100,7 @@ EXPORT_SYMBOL_GPL(idr_alloc);
* @end: The maximum ID (exclusive).
* @gfp: Memory allocation flags.
*
- * Allocates an unused ID in the range specified by @nextid and @end. If
+ * Allocates an unused ID in the range specified by @start and @end. If
* @end is <= 0, it is treated as one larger than %INT_MAX. This allows
* callers to use @start + N as @end as long as N is within integer range.
* The search for an unused ID will start at the last ID allocated and will
--
2.40.1
^ permalink raw reply related [flat|nested] 396+ messages in thread
* [PATCH 5.4 275/367] ip_tunnels: use DEV_STATS_INC()
2023-09-20 11:26 [PATCH 5.4 000/367] 5.4.257-rc1 review Greg Kroah-Hartman
` (273 preceding siblings ...)
2023-09-20 11:30 ` [PATCH 5.4 274/367] idr: fix param name in idr_alloc_cyclic() doc Greg Kroah-Hartman
@ 2023-09-20 11:30 ` Greg Kroah-Hartman
2023-09-20 11:30 ` [PATCH 5.4 276/367] netfilter: nfnetlink_osf: avoid OOB read Greg Kroah-Hartman
` (97 subsequent siblings)
372 siblings, 0 replies; 396+ messages in thread
From: Greg Kroah-Hartman @ 2023-09-20 11:30 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, syzbot, Eric Dumazet,
David S. Miller, Sasha Levin
5.4-stable review patch. If anyone has any objections, please let me know.
------------------
From: Eric Dumazet <edumazet@google.com>
[ Upstream commit 9b271ebaf9a2c5c566a54bc6cd915962e8241130 ]
syzbot/KCSAN reported data-races in iptunnel_xmit_stats() [1]
This can run from multiple cpus without mutual exclusion.
Adopt SMP safe DEV_STATS_INC() to update dev->stats fields.
[1]
BUG: KCSAN: data-race in iptunnel_xmit / iptunnel_xmit
read-write to 0xffff8881353df170 of 8 bytes by task 30263 on cpu 1:
iptunnel_xmit_stats include/net/ip_tunnels.h:493 [inline]
iptunnel_xmit+0x432/0x4a0 net/ipv4/ip_tunnel_core.c:87
ip_tunnel_xmit+0x1477/0x1750 net/ipv4/ip_tunnel.c:831
__gre_xmit net/ipv4/ip_gre.c:469 [inline]
ipgre_xmit+0x516/0x570 net/ipv4/ip_gre.c:662
__netdev_start_xmit include/linux/netdevice.h:4889 [inline]
netdev_start_xmit include/linux/netdevice.h:4903 [inline]
xmit_one net/core/dev.c:3544 [inline]
dev_hard_start_xmit+0x11b/0x3f0 net/core/dev.c:3560
__dev_queue_xmit+0xeee/0x1de0 net/core/dev.c:4340
dev_queue_xmit include/linux/netdevice.h:3082 [inline]
__bpf_tx_skb net/core/filter.c:2129 [inline]
__bpf_redirect_no_mac net/core/filter.c:2159 [inline]
__bpf_redirect+0x723/0x9c0 net/core/filter.c:2182
____bpf_clone_redirect net/core/filter.c:2453 [inline]
bpf_clone_redirect+0x16c/0x1d0 net/core/filter.c:2425
___bpf_prog_run+0xd7d/0x41e0 kernel/bpf/core.c:1954
__bpf_prog_run512+0x74/0xa0 kernel/bpf/core.c:2195
bpf_dispatcher_nop_func include/linux/bpf.h:1181 [inline]
__bpf_prog_run include/linux/filter.h:609 [inline]
bpf_prog_run include/linux/filter.h:616 [inline]
bpf_test_run+0x15d/0x3d0 net/bpf/test_run.c:423
bpf_prog_test_run_skb+0x77b/0xa00 net/bpf/test_run.c:1045
bpf_prog_test_run+0x265/0x3d0 kernel/bpf/syscall.c:3996
__sys_bpf+0x3af/0x780 kernel/bpf/syscall.c:5353
__do_sys_bpf kernel/bpf/syscall.c:5439 [inline]
__se_sys_bpf kernel/bpf/syscall.c:5437 [inline]
__x64_sys_bpf+0x43/0x50 kernel/bpf/syscall.c:5437
do_syscall_x64 arch/x86/entry/common.c:50 [inline]
do_syscall_64+0x41/0xc0 arch/x86/entry/common.c:80
entry_SYSCALL_64_after_hwframe+0x63/0xcd
read-write to 0xffff8881353df170 of 8 bytes by task 30249 on cpu 0:
iptunnel_xmit_stats include/net/ip_tunnels.h:493 [inline]
iptunnel_xmit+0x432/0x4a0 net/ipv4/ip_tunnel_core.c:87
ip_tunnel_xmit+0x1477/0x1750 net/ipv4/ip_tunnel.c:831
__gre_xmit net/ipv4/ip_gre.c:469 [inline]
ipgre_xmit+0x516/0x570 net/ipv4/ip_gre.c:662
__netdev_start_xmit include/linux/netdevice.h:4889 [inline]
netdev_start_xmit include/linux/netdevice.h:4903 [inline]
xmit_one net/core/dev.c:3544 [inline]
dev_hard_start_xmit+0x11b/0x3f0 net/core/dev.c:3560
__dev_queue_xmit+0xeee/0x1de0 net/core/dev.c:4340
dev_queue_xmit include/linux/netdevice.h:3082 [inline]
__bpf_tx_skb net/core/filter.c:2129 [inline]
__bpf_redirect_no_mac net/core/filter.c:2159 [inline]
__bpf_redirect+0x723/0x9c0 net/core/filter.c:2182
____bpf_clone_redirect net/core/filter.c:2453 [inline]
bpf_clone_redirect+0x16c/0x1d0 net/core/filter.c:2425
___bpf_prog_run+0xd7d/0x41e0 kernel/bpf/core.c:1954
__bpf_prog_run512+0x74/0xa0 kernel/bpf/core.c:2195
bpf_dispatcher_nop_func include/linux/bpf.h:1181 [inline]
__bpf_prog_run include/linux/filter.h:609 [inline]
bpf_prog_run include/linux/filter.h:616 [inline]
bpf_test_run+0x15d/0x3d0 net/bpf/test_run.c:423
bpf_prog_test_run_skb+0x77b/0xa00 net/bpf/test_run.c:1045
bpf_prog_test_run+0x265/0x3d0 kernel/bpf/syscall.c:3996
__sys_bpf+0x3af/0x780 kernel/bpf/syscall.c:5353
__do_sys_bpf kernel/bpf/syscall.c:5439 [inline]
__se_sys_bpf kernel/bpf/syscall.c:5437 [inline]
__x64_sys_bpf+0x43/0x50 kernel/bpf/syscall.c:5437
do_syscall_x64 arch/x86/entry/common.c:50 [inline]
do_syscall_64+0x41/0xc0 arch/x86/entry/common.c:80
entry_SYSCALL_64_after_hwframe+0x63/0xcd
value changed: 0x0000000000018830 -> 0x0000000000018831
Reported by Kernel Concurrency Sanitizer on:
CPU: 0 PID: 30249 Comm: syz-executor.4 Not tainted 6.5.0-syzkaller-11704-g3f86ed6ec0b3 #0
Fixes: 039f50629b7f ("ip_tunnel: Move stats update to iptunnel_xmit()")
Reported-by: syzbot <syzkaller@googlegroups.com>
Signed-off-by: Eric Dumazet <edumazet@google.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
include/net/ip_tunnels.h | 15 +++++++--------
1 file changed, 7 insertions(+), 8 deletions(-)
diff --git a/include/net/ip_tunnels.h b/include/net/ip_tunnels.h
index 8d063e23aa408..36376f8b84dac 100644
--- a/include/net/ip_tunnels.h
+++ b/include/net/ip_tunnels.h
@@ -449,15 +449,14 @@ static inline void iptunnel_xmit_stats(struct net_device *dev, int pkt_len)
tstats->tx_packets++;
u64_stats_update_end(&tstats->syncp);
put_cpu_ptr(tstats);
+ return;
+ }
+
+ if (pkt_len < 0) {
+ DEV_STATS_INC(dev, tx_errors);
+ DEV_STATS_INC(dev, tx_aborted_errors);
} else {
- struct net_device_stats *err_stats = &dev->stats;
-
- if (pkt_len < 0) {
- err_stats->tx_errors++;
- err_stats->tx_aborted_errors++;
- } else {
- err_stats->tx_dropped++;
- }
+ DEV_STATS_INC(dev, tx_dropped);
}
}
--
2.40.1
^ permalink raw reply related [flat|nested] 396+ messages in thread
* [PATCH 5.4 276/367] netfilter: nfnetlink_osf: avoid OOB read
2023-09-20 11:26 [PATCH 5.4 000/367] 5.4.257-rc1 review Greg Kroah-Hartman
` (274 preceding siblings ...)
2023-09-20 11:30 ` [PATCH 5.4 275/367] ip_tunnels: use DEV_STATS_INC() Greg Kroah-Hartman
@ 2023-09-20 11:30 ` Greg Kroah-Hartman
2023-09-20 11:30 ` [PATCH 5.4 277/367] net: hns3: fix the port information display when sfp is absent Greg Kroah-Hartman
` (96 subsequent siblings)
372 siblings, 0 replies; 396+ messages in thread
From: Greg Kroah-Hartman @ 2023-09-20 11:30 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Lucas Leong, Wander Lairson Costa,
Florian Westphal, Sasha Levin
5.4-stable review patch. If anyone has any objections, please let me know.
------------------
From: Wander Lairson Costa <wander@redhat.com>
[ Upstream commit f4f8a7803119005e87b716874bec07c751efafec ]
The opt_num field is controlled by user mode and is not currently
validated inside the kernel. An attacker can take advantage of this to
trigger an OOB read and potentially leak information.
BUG: KASAN: slab-out-of-bounds in nf_osf_match_one+0xbed/0xd10 net/netfilter/nfnetlink_osf.c:88
Read of size 2 at addr ffff88804bc64272 by task poc/6431
CPU: 1 PID: 6431 Comm: poc Not tainted 6.0.0-rc4 #1
Call Trace:
nf_osf_match_one+0xbed/0xd10 net/netfilter/nfnetlink_osf.c:88
nf_osf_find+0x186/0x2f0 net/netfilter/nfnetlink_osf.c:281
nft_osf_eval+0x37f/0x590 net/netfilter/nft_osf.c:47
expr_call_ops_eval net/netfilter/nf_tables_core.c:214
nft_do_chain+0x2b0/0x1490 net/netfilter/nf_tables_core.c:264
nft_do_chain_ipv4+0x17c/0x1f0 net/netfilter/nft_chain_filter.c:23
[..]
Also add validation to genre, subtype and version fields.
Fixes: 11eeef41d5f6 ("netfilter: passive OS fingerprint xtables match")
Reported-by: Lucas Leong <wmliang@infosec.exchange>
Signed-off-by: Wander Lairson Costa <wander@redhat.com>
Signed-off-by: Florian Westphal <fw@strlen.de>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
net/netfilter/nfnetlink_osf.c | 8 ++++++++
1 file changed, 8 insertions(+)
diff --git a/net/netfilter/nfnetlink_osf.c b/net/netfilter/nfnetlink_osf.c
index 9dbaa5ce24e51..573a372e760f4 100644
--- a/net/netfilter/nfnetlink_osf.c
+++ b/net/netfilter/nfnetlink_osf.c
@@ -316,6 +316,14 @@ static int nfnl_osf_add_callback(struct net *net, struct sock *ctnl,
f = nla_data(osf_attrs[OSF_ATTR_FINGER]);
+ if (f->opt_num > ARRAY_SIZE(f->opt))
+ return -EINVAL;
+
+ if (!memchr(f->genre, 0, MAXGENRELEN) ||
+ !memchr(f->subtype, 0, MAXGENRELEN) ||
+ !memchr(f->version, 0, MAXGENRELEN))
+ return -EINVAL;
+
kf = kmalloc(sizeof(struct nf_osf_finger), GFP_KERNEL);
if (!kf)
return -ENOMEM;
--
2.40.1
^ permalink raw reply related [flat|nested] 396+ messages in thread
* [PATCH 5.4 277/367] net: hns3: fix the port information display when sfp is absent
2023-09-20 11:26 [PATCH 5.4 000/367] 5.4.257-rc1 review Greg Kroah-Hartman
` (275 preceding siblings ...)
2023-09-20 11:30 ` [PATCH 5.4 276/367] netfilter: nfnetlink_osf: avoid OOB read Greg Kroah-Hartman
@ 2023-09-20 11:30 ` Greg Kroah-Hartman
2023-09-20 11:30 ` [PATCH 5.4 278/367] sh: boards: Fix CEU buffer size passed to dma_declare_coherent_memory() Greg Kroah-Hartman
` (95 subsequent siblings)
372 siblings, 0 replies; 396+ messages in thread
From: Greg Kroah-Hartman @ 2023-09-20 11:30 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Yisen Zhuang, Jijie Shao,
Paolo Abeni, Sasha Levin
5.4-stable review patch. If anyone has any objections, please let me know.
------------------
From: Yisen Zhuang <yisen.zhuang@huawei.com>
[ Upstream commit 674d9591a32d01df75d6b5fffed4ef942a294376 ]
When sfp is absent or unidentified, the port type should be
displayed as PORT_OTHERS, rather than PORT_FIBRE.
Fixes: 88d10bd6f730 ("net: hns3: add support for multiple media type")
Signed-off-by: Yisen Zhuang <yisen.zhuang@huawei.com>
Signed-off-by: Jijie Shao <shaojijie@huawei.com>
Signed-off-by: Paolo Abeni <pabeni@redhat.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/ethernet/hisilicon/hns3/hns3_ethtool.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/drivers/net/ethernet/hisilicon/hns3/hns3_ethtool.c b/drivers/net/ethernet/hisilicon/hns3/hns3_ethtool.c
index 34e5448d59f6f..4ea19f546df08 100644
--- a/drivers/net/ethernet/hisilicon/hns3/hns3_ethtool.c
+++ b/drivers/net/ethernet/hisilicon/hns3/hns3_ethtool.c
@@ -676,7 +676,9 @@ static int hns3_get_link_ksettings(struct net_device *netdev,
hns3_get_ksettings(h, cmd);
break;
case HNAE3_MEDIA_TYPE_FIBER:
- if (module_type == HNAE3_MODULE_TYPE_CR)
+ if (module_type == HNAE3_MODULE_TYPE_UNKNOWN)
+ cmd->base.port = PORT_OTHER;
+ else if (module_type == HNAE3_MODULE_TYPE_CR)
cmd->base.port = PORT_DA;
else
cmd->base.port = PORT_FIBRE;
--
2.40.1
^ permalink raw reply related [flat|nested] 396+ messages in thread
* [PATCH 5.4 278/367] sh: boards: Fix CEU buffer size passed to dma_declare_coherent_memory()
2023-09-20 11:26 [PATCH 5.4 000/367] 5.4.257-rc1 review Greg Kroah-Hartman
` (276 preceding siblings ...)
2023-09-20 11:30 ` [PATCH 5.4 277/367] net: hns3: fix the port information display when sfp is absent Greg Kroah-Hartman
@ 2023-09-20 11:30 ` Greg Kroah-Hartman
2023-09-20 11:30 ` [PATCH 5.4 279/367] ata: sata_gemini: Add missing MODULE_DESCRIPTION Greg Kroah-Hartman
` (94 subsequent siblings)
372 siblings, 0 replies; 396+ messages in thread
From: Greg Kroah-Hartman @ 2023-09-20 11:30 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Petr Tesarik, Geert Uytterhoeven,
Jacopo Mondi, John Paul Adrian Glaubitz, Laurent Pinchart,
Sasha Levin
5.4-stable review patch. If anyone has any objections, please let me know.
------------------
From: Petr Tesarik <petr.tesarik.ext@huawei.com>
[ Upstream commit fb60211f377b69acffead3147578f86d0092a7a5 ]
In all these cases, the last argument to dma_declare_coherent_memory() is
the buffer end address, but the expected value should be the size of the
reserved region.
Fixes: 39fb993038e1 ("media: arch: sh: ap325rxa: Use new renesas-ceu camera driver")
Fixes: c2f9b05fd5c1 ("media: arch: sh: ecovec: Use new renesas-ceu camera driver")
Fixes: f3590dc32974 ("media: arch: sh: kfr2r09: Use new renesas-ceu camera driver")
Fixes: 186c446f4b84 ("media: arch: sh: migor: Use new renesas-ceu camera driver")
Fixes: 1a3c230b4151 ("media: arch: sh: ms7724se: Use new renesas-ceu camera driver")
Signed-off-by: Petr Tesarik <petr.tesarik.ext@huawei.com>
Reviewed-by: Geert Uytterhoeven <geert+renesas@glider.be>
Reviewed-by: Jacopo Mondi <jacopo.mondi@ideasonboard.com>
Reviewed-by: John Paul Adrian Glaubitz <glaubitz@physik.fu-berlin.de>
Reviewed-by: Laurent Pinchart <laurent.pinchart+renesas@ideasonboard.com>
Link: https://lore.kernel.org/r/20230724120742.2187-1-petrtesarik@huaweicloud.com
Signed-off-by: John Paul Adrian Glaubitz <glaubitz@physik.fu-berlin.de>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/sh/boards/mach-ap325rxa/setup.c | 2 +-
arch/sh/boards/mach-ecovec24/setup.c | 6 ++----
arch/sh/boards/mach-kfr2r09/setup.c | 2 +-
arch/sh/boards/mach-migor/setup.c | 2 +-
arch/sh/boards/mach-se/7724/setup.c | 6 ++----
5 files changed, 7 insertions(+), 11 deletions(-)
diff --git a/arch/sh/boards/mach-ap325rxa/setup.c b/arch/sh/boards/mach-ap325rxa/setup.c
index 665cad452798b..a80e2369f42b2 100644
--- a/arch/sh/boards/mach-ap325rxa/setup.c
+++ b/arch/sh/boards/mach-ap325rxa/setup.c
@@ -529,7 +529,7 @@ static int __init ap325rxa_devices_setup(void)
device_initialize(&ap325rxa_ceu_device.dev);
dma_declare_coherent_memory(&ap325rxa_ceu_device.dev,
ceu_dma_membase, ceu_dma_membase,
- ceu_dma_membase + CEU_BUFFER_MEMORY_SIZE - 1);
+ CEU_BUFFER_MEMORY_SIZE);
platform_device_add(&ap325rxa_ceu_device);
diff --git a/arch/sh/boards/mach-ecovec24/setup.c b/arch/sh/boards/mach-ecovec24/setup.c
index acaa97459531c..3286afe2ea3dc 100644
--- a/arch/sh/boards/mach-ecovec24/setup.c
+++ b/arch/sh/boards/mach-ecovec24/setup.c
@@ -1442,15 +1442,13 @@ static int __init arch_setup(void)
device_initialize(&ecovec_ceu_devices[0]->dev);
dma_declare_coherent_memory(&ecovec_ceu_devices[0]->dev,
ceu0_dma_membase, ceu0_dma_membase,
- ceu0_dma_membase +
- CEU_BUFFER_MEMORY_SIZE - 1);
+ CEU_BUFFER_MEMORY_SIZE);
platform_device_add(ecovec_ceu_devices[0]);
device_initialize(&ecovec_ceu_devices[1]->dev);
dma_declare_coherent_memory(&ecovec_ceu_devices[1]->dev,
ceu1_dma_membase, ceu1_dma_membase,
- ceu1_dma_membase +
- CEU_BUFFER_MEMORY_SIZE - 1);
+ CEU_BUFFER_MEMORY_SIZE);
platform_device_add(ecovec_ceu_devices[1]);
gpiod_add_lookup_table(&cn12_power_gpiod_table);
diff --git a/arch/sh/boards/mach-kfr2r09/setup.c b/arch/sh/boards/mach-kfr2r09/setup.c
index 96538ba3aa323..90b876194124f 100644
--- a/arch/sh/boards/mach-kfr2r09/setup.c
+++ b/arch/sh/boards/mach-kfr2r09/setup.c
@@ -603,7 +603,7 @@ static int __init kfr2r09_devices_setup(void)
device_initialize(&kfr2r09_ceu_device.dev);
dma_declare_coherent_memory(&kfr2r09_ceu_device.dev,
ceu_dma_membase, ceu_dma_membase,
- ceu_dma_membase + CEU_BUFFER_MEMORY_SIZE - 1);
+ CEU_BUFFER_MEMORY_SIZE);
platform_device_add(&kfr2r09_ceu_device);
diff --git a/arch/sh/boards/mach-migor/setup.c b/arch/sh/boards/mach-migor/setup.c
index 9ed369dad62df..8598290932eab 100644
--- a/arch/sh/boards/mach-migor/setup.c
+++ b/arch/sh/boards/mach-migor/setup.c
@@ -604,7 +604,7 @@ static int __init migor_devices_setup(void)
device_initialize(&migor_ceu_device.dev);
dma_declare_coherent_memory(&migor_ceu_device.dev,
ceu_dma_membase, ceu_dma_membase,
- ceu_dma_membase + CEU_BUFFER_MEMORY_SIZE - 1);
+ CEU_BUFFER_MEMORY_SIZE);
platform_device_add(&migor_ceu_device);
diff --git a/arch/sh/boards/mach-se/7724/setup.c b/arch/sh/boards/mach-se/7724/setup.c
index 32f5dd9448894..9e7b7cac36dc8 100644
--- a/arch/sh/boards/mach-se/7724/setup.c
+++ b/arch/sh/boards/mach-se/7724/setup.c
@@ -939,15 +939,13 @@ static int __init devices_setup(void)
device_initialize(&ms7724se_ceu_devices[0]->dev);
dma_declare_coherent_memory(&ms7724se_ceu_devices[0]->dev,
ceu0_dma_membase, ceu0_dma_membase,
- ceu0_dma_membase +
- CEU_BUFFER_MEMORY_SIZE - 1);
+ CEU_BUFFER_MEMORY_SIZE);
platform_device_add(ms7724se_ceu_devices[0]);
device_initialize(&ms7724se_ceu_devices[1]->dev);
dma_declare_coherent_memory(&ms7724se_ceu_devices[1]->dev,
ceu1_dma_membase, ceu1_dma_membase,
- ceu1_dma_membase +
- CEU_BUFFER_MEMORY_SIZE - 1);
+ CEU_BUFFER_MEMORY_SIZE);
platform_device_add(ms7724se_ceu_devices[1]);
return platform_add_devices(ms7724se_devices,
--
2.40.1
^ permalink raw reply related [flat|nested] 396+ messages in thread
* [PATCH 5.4 279/367] ata: sata_gemini: Add missing MODULE_DESCRIPTION
2023-09-20 11:26 [PATCH 5.4 000/367] 5.4.257-rc1 review Greg Kroah-Hartman
` (277 preceding siblings ...)
2023-09-20 11:30 ` [PATCH 5.4 278/367] sh: boards: Fix CEU buffer size passed to dma_declare_coherent_memory() Greg Kroah-Hartman
@ 2023-09-20 11:30 ` Greg Kroah-Hartman
2023-09-20 11:30 ` [PATCH 5.4 280/367] ata: pata_ftide010: " Greg Kroah-Hartman
` (93 subsequent siblings)
372 siblings, 0 replies; 396+ messages in thread
From: Greg Kroah-Hartman @ 2023-09-20 11:30 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Damien Le Moal, Linus Walleij
5.4-stable review patch. If anyone has any objections, please let me know.
------------------
From: Damien Le Moal <dlemoal@kernel.org>
commit 8566572bf3b4d6e416a4bf2110dbb4817d11ba59 upstream.
Add the missing MODULE_DESCRIPTION() to avoid warnings such as:
WARNING: modpost: missing MODULE_DESCRIPTION() in drivers/ata/sata_gemini.o
when compiling with W=1.
Fixes: be4e456ed3a5 ("ata: Add driver for Faraday Technology FTIDE010")
Cc: stable@vger.kernel.org
Signed-off-by: Damien Le Moal <dlemoal@kernel.org>
Reviewed-by: Linus Walleij <linus.walleij@linaro.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/ata/sata_gemini.c | 1 +
1 file changed, 1 insertion(+)
--- a/drivers/ata/sata_gemini.c
+++ b/drivers/ata/sata_gemini.c
@@ -435,6 +435,7 @@ static struct platform_driver gemini_sat
};
module_platform_driver(gemini_sata_driver);
+MODULE_DESCRIPTION("low level driver for Cortina Systems Gemini SATA bridge");
MODULE_AUTHOR("Linus Walleij <linus.walleij@linaro.org>");
MODULE_LICENSE("GPL");
MODULE_ALIAS("platform:" DRV_NAME);
^ permalink raw reply [flat|nested] 396+ messages in thread
* [PATCH 5.4 280/367] ata: pata_ftide010: Add missing MODULE_DESCRIPTION
2023-09-20 11:26 [PATCH 5.4 000/367] 5.4.257-rc1 review Greg Kroah-Hartman
` (278 preceding siblings ...)
2023-09-20 11:30 ` [PATCH 5.4 279/367] ata: sata_gemini: Add missing MODULE_DESCRIPTION Greg Kroah-Hartman
@ 2023-09-20 11:30 ` Greg Kroah-Hartman
2023-09-20 11:30 ` [PATCH 5.4 281/367] fuse: nlookup missing decrement in fuse_direntplus_link Greg Kroah-Hartman
` (92 subsequent siblings)
372 siblings, 0 replies; 396+ messages in thread
From: Greg Kroah-Hartman @ 2023-09-20 11:30 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Damien Le Moal, Linus Walleij
5.4-stable review patch. If anyone has any objections, please let me know.
------------------
From: Damien Le Moal <dlemoal@kernel.org>
commit 7274eef5729037300f29d14edeb334a47a098f65 upstream.
Add the missing MODULE_DESCRIPTION() to avoid warnings such as:
WARNING: modpost: missing MODULE_DESCRIPTION() in drivers/ata/pata_ftide010.o
when compiling with W=1.
Fixes: be4e456ed3a5 ("ata: Add driver for Faraday Technology FTIDE010")
Cc: stable@vger.kernel.org
Signed-off-by: Damien Le Moal <dlemoal@kernel.org>
Reviewed-by: Linus Walleij <linus.walleij@linaro.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/ata/pata_ftide010.c | 1 +
1 file changed, 1 insertion(+)
--- a/drivers/ata/pata_ftide010.c
+++ b/drivers/ata/pata_ftide010.c
@@ -570,6 +570,7 @@ static struct platform_driver pata_ftide
};
module_platform_driver(pata_ftide010_driver);
+MODULE_DESCRIPTION("low level driver for Faraday Technology FTIDE010");
MODULE_AUTHOR("Linus Walleij <linus.walleij@linaro.org>");
MODULE_LICENSE("GPL");
MODULE_ALIAS("platform:" DRV_NAME);
^ permalink raw reply [flat|nested] 396+ messages in thread
* [PATCH 5.4 281/367] fuse: nlookup missing decrement in fuse_direntplus_link
2023-09-20 11:26 [PATCH 5.4 000/367] 5.4.257-rc1 review Greg Kroah-Hartman
` (279 preceding siblings ...)
2023-09-20 11:30 ` [PATCH 5.4 280/367] ata: pata_ftide010: " Greg Kroah-Hartman
@ 2023-09-20 11:30 ` Greg Kroah-Hartman
2023-09-20 11:30 ` [PATCH 5.4 282/367] btrfs: dont start transaction when joining with TRANS_JOIN_NOSTART Greg Kroah-Hartman
` (91 subsequent siblings)
372 siblings, 0 replies; 396+ messages in thread
From: Greg Kroah-Hartman @ 2023-09-20 11:30 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, ruanmeisi, Miklos Szeredi
5.4-stable review patch. If anyone has any objections, please let me know.
------------------
From: ruanmeisi <ruan.meisi@zte.com.cn>
commit b8bd342d50cbf606666488488f9fea374aceb2d5 upstream.
During our debugging of glusterfs, we found an Assertion failed error:
inode_lookup >= nlookup, which was caused by the nlookup value in the
kernel being greater than that in the FUSE file system.
The issue was introduced by fuse_direntplus_link, where in the function,
fuse_iget increments nlookup, and if d_splice_alias returns failure,
fuse_direntplus_link returns failure without decrementing nlookup
https://github.com/gluster/glusterfs/pull/4081
Signed-off-by: ruanmeisi <ruan.meisi@zte.com.cn>
Fixes: 0b05b18381ee ("fuse: implement NFS-like readdirplus support")
Cc: <stable@vger.kernel.org> # v3.9
Signed-off-by: Miklos Szeredi <mszeredi@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/fuse/readdir.c | 10 +++++++++-
1 file changed, 9 insertions(+), 1 deletion(-)
--- a/fs/fuse/readdir.c
+++ b/fs/fuse/readdir.c
@@ -238,8 +238,16 @@ retry:
dput(dentry);
dentry = alias;
}
- if (IS_ERR(dentry))
+ if (IS_ERR(dentry)) {
+ if (!IS_ERR(inode)) {
+ struct fuse_inode *fi = get_fuse_inode(inode);
+
+ spin_lock(&fi->lock);
+ fi->nlookup--;
+ spin_unlock(&fi->lock);
+ }
return PTR_ERR(dentry);
+ }
}
if (fc->readdirplus_auto)
set_bit(FUSE_I_INIT_RDPLUS, &get_fuse_inode(inode)->state);
^ permalink raw reply [flat|nested] 396+ messages in thread
* [PATCH 5.4 282/367] btrfs: dont start transaction when joining with TRANS_JOIN_NOSTART
2023-09-20 11:26 [PATCH 5.4 000/367] 5.4.257-rc1 review Greg Kroah-Hartman
` (280 preceding siblings ...)
2023-09-20 11:30 ` [PATCH 5.4 281/367] fuse: nlookup missing decrement in fuse_direntplus_link Greg Kroah-Hartman
@ 2023-09-20 11:30 ` Greg Kroah-Hartman
2023-09-20 11:31 ` [PATCH 5.4 283/367] btrfs: use the correct superblock to compare fsid in btrfs_validate_super Greg Kroah-Hartman
` (90 subsequent siblings)
372 siblings, 0 replies; 396+ messages in thread
From: Greg Kroah-Hartman @ 2023-09-20 11:30 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Filipe Manana, David Sterba
5.4-stable review patch. If anyone has any objections, please let me know.
------------------
From: Filipe Manana <fdmanana@suse.com>
commit 4490e803e1fe9fab8db5025e44e23b55df54078b upstream.
When joining a transaction with TRANS_JOIN_NOSTART, if we don't find a
running transaction we end up creating one. This goes against the purpose
of TRANS_JOIN_NOSTART which is to join a running transaction if its state
is at or below the state TRANS_STATE_COMMIT_START, otherwise return an
-ENOENT error and don't start a new transaction. So fix this to not create
a new transaction if there's no running transaction at or below that
state.
CC: stable@vger.kernel.org # 4.14+
Fixes: a6d155d2e363 ("Btrfs: fix deadlock between fiemap and transaction commits")
Signed-off-by: Filipe Manana <fdmanana@suse.com>
Signed-off-by: David Sterba <dsterba@suse.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/btrfs/transaction.c | 7 ++++---
1 file changed, 4 insertions(+), 3 deletions(-)
--- a/fs/btrfs/transaction.c
+++ b/fs/btrfs/transaction.c
@@ -190,10 +190,11 @@ loop:
spin_unlock(&fs_info->trans_lock);
/*
- * If we are ATTACH, we just want to catch the current transaction,
- * and commit it. If there is no transaction, just return ENOENT.
+ * If we are ATTACH or TRANS_JOIN_NOSTART, we just want to catch the
+ * current transaction, and commit it. If there is no transaction, just
+ * return ENOENT.
*/
- if (type == TRANS_ATTACH)
+ if (type == TRANS_ATTACH || type == TRANS_JOIN_NOSTART)
return -ENOENT;
/*
^ permalink raw reply [flat|nested] 396+ messages in thread
* [PATCH 5.4 283/367] btrfs: use the correct superblock to compare fsid in btrfs_validate_super
2023-09-20 11:26 [PATCH 5.4 000/367] 5.4.257-rc1 review Greg Kroah-Hartman
` (281 preceding siblings ...)
2023-09-20 11:30 ` [PATCH 5.4 282/367] btrfs: dont start transaction when joining with TRANS_JOIN_NOSTART Greg Kroah-Hartman
@ 2023-09-20 11:31 ` Greg Kroah-Hartman
2023-09-20 11:31 ` [PATCH 5.4 284/367] mtd: rawnand: brcmnand: Fix crash during the panic_write Greg Kroah-Hartman
` (89 subsequent siblings)
372 siblings, 0 replies; 396+ messages in thread
From: Greg Kroah-Hartman @ 2023-09-20 11:31 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Johannes Thumshirn,
Guilherme G. Piccoli, Anand Jain, David Sterba
5.4-stable review patch. If anyone has any objections, please let me know.
------------------
From: Anand Jain <anand.jain@oracle.com>
commit d167aa76dc0683828588c25767da07fb549e4f48 upstream.
The function btrfs_validate_super() should verify the fsid in the provided
superblock argument. Because, all its callers expect it to do that.
Such as in the following stack:
write_all_supers()
sb = fs_info->super_for_commit;
btrfs_validate_write_super(.., sb)
btrfs_validate_super(.., sb, ..)
scrub_one_super()
btrfs_validate_super(.., sb, ..)
And
check_dev_super()
btrfs_validate_super(.., sb, ..)
However, it currently verifies the fs_info::super_copy::fsid instead,
which is not correct. Fix this using the correct fsid in the superblock
argument.
CC: stable@vger.kernel.org # 5.4+
Reviewed-by: Johannes Thumshirn <johannes.thumshirn@wdc.com>
Tested-by: Guilherme G. Piccoli <gpiccoli@igalia.com>
Signed-off-by: Anand Jain <anand.jain@oracle.com>
Reviewed-by: David Sterba <dsterba@suse.com>
Signed-off-by: David Sterba <dsterba@suse.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/btrfs/disk-io.c | 5 ++---
1 file changed, 2 insertions(+), 3 deletions(-)
--- a/fs/btrfs/disk-io.c
+++ b/fs/btrfs/disk-io.c
@@ -2480,11 +2480,10 @@ static int validate_super(struct btrfs_f
ret = -EINVAL;
}
- if (memcmp(fs_info->fs_devices->fsid, fs_info->super_copy->fsid,
- BTRFS_FSID_SIZE)) {
+ if (memcmp(fs_info->fs_devices->fsid, sb->fsid, BTRFS_FSID_SIZE) != 0) {
btrfs_err(fs_info,
"superblock fsid doesn't match fsid of fs_devices: %pU != %pU",
- fs_info->super_copy->fsid, fs_info->fs_devices->fsid);
+ sb->fsid, fs_info->fs_devices->fsid);
ret = -EINVAL;
}
^ permalink raw reply [flat|nested] 396+ messages in thread
* [PATCH 5.4 284/367] mtd: rawnand: brcmnand: Fix crash during the panic_write
2023-09-20 11:26 [PATCH 5.4 000/367] 5.4.257-rc1 review Greg Kroah-Hartman
` (282 preceding siblings ...)
2023-09-20 11:31 ` [PATCH 5.4 283/367] btrfs: use the correct superblock to compare fsid in btrfs_validate_super Greg Kroah-Hartman
@ 2023-09-20 11:31 ` Greg Kroah-Hartman
2023-09-20 11:31 ` [PATCH 5.4 285/367] mtd: rawnand: brcmnand: Fix potential out-of-bounds access in oob write Greg Kroah-Hartman
` (88 subsequent siblings)
372 siblings, 0 replies; 396+ messages in thread
From: Greg Kroah-Hartman @ 2023-09-20 11:31 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, William Zhang, Florian Fainelli,
Kursad Oney, Kamal Dasu, Miquel Raynal
5.4-stable review patch. If anyone has any objections, please let me know.
------------------
From: William Zhang <william.zhang@broadcom.com>
commit e66dd317194daae0475fe9e5577c80aa97f16cb9 upstream.
When executing a NAND command within the panic write path, wait for any
pending command instead of calling BUG_ON to avoid crashing while
already crashing.
Fixes: 27c5b17cd1b1 ("mtd: nand: add NAND driver "library" for Broadcom STB NAND controller")
Signed-off-by: William Zhang <william.zhang@broadcom.com>
Reviewed-by: Florian Fainelli <florian.fainelli@broadcom.com>
Reviewed-by: Kursad Oney <kursad.oney@broadcom.com>
Reviewed-by: Kamal Dasu <kamal.dasu@broadcom.com>
Cc: stable@vger.kernel.org
Signed-off-by: Miquel Raynal <miquel.raynal@bootlin.com>
Link: https://lore.kernel.org/linux-mtd/20230706182909.79151-4-william.zhang@broadcom.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/mtd/nand/raw/brcmnand/brcmnand.c | 12 +++++++++++-
1 file changed, 11 insertions(+), 1 deletion(-)
--- a/drivers/mtd/nand/raw/brcmnand/brcmnand.c
+++ b/drivers/mtd/nand/raw/brcmnand/brcmnand.c
@@ -1331,7 +1331,17 @@ static void brcmnand_send_cmd(struct brc
dev_dbg(ctrl->dev, "send native cmd %d addr 0x%llx\n", cmd, cmd_addr);
- BUG_ON(ctrl->cmd_pending != 0);
+ /*
+ * If we came here through _panic_write and there is a pending
+ * command, try to wait for it. If it times out, rather than
+ * hitting BUG_ON, just return so we don't crash while crashing.
+ */
+ if (oops_in_progress) {
+ if (ctrl->cmd_pending &&
+ bcmnand_ctrl_poll_status(ctrl, NAND_CTRL_RDY, NAND_CTRL_RDY, 0))
+ return;
+ } else
+ BUG_ON(ctrl->cmd_pending != 0);
ctrl->cmd_pending = cmd;
ret = bcmnand_ctrl_poll_status(ctrl, NAND_CTRL_RDY, NAND_CTRL_RDY, 0);
^ permalink raw reply [flat|nested] 396+ messages in thread
* [PATCH 5.4 285/367] mtd: rawnand: brcmnand: Fix potential out-of-bounds access in oob write
2023-09-20 11:26 [PATCH 5.4 000/367] 5.4.257-rc1 review Greg Kroah-Hartman
` (283 preceding siblings ...)
2023-09-20 11:31 ` [PATCH 5.4 284/367] mtd: rawnand: brcmnand: Fix crash during the panic_write Greg Kroah-Hartman
@ 2023-09-20 11:31 ` Greg Kroah-Hartman
2023-09-20 11:31 ` [PATCH 5.4 286/367] mtd: rawnand: brcmnand: Fix potential false time out warning Greg Kroah-Hartman
` (87 subsequent siblings)
372 siblings, 0 replies; 396+ messages in thread
From: Greg Kroah-Hartman @ 2023-09-20 11:31 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, William Zhang, Florian Fainelli,
Miquel Raynal
5.4-stable review patch. If anyone has any objections, please let me know.
------------------
From: William Zhang <william.zhang@broadcom.com>
commit 5d53244186c9ac58cb88d76a0958ca55b83a15cd upstream.
When the oob buffer length is not in multiple of words, the oob write
function does out-of-bounds read on the oob source buffer at the last
iteration. Fix that by always checking length limit on the oob buffer
read and fill with 0xff when reaching the end of the buffer to the oob
registers.
Fixes: 27c5b17cd1b1 ("mtd: nand: add NAND driver "library" for Broadcom STB NAND controller")
Signed-off-by: William Zhang <william.zhang@broadcom.com>
Reviewed-by: Florian Fainelli <florian.fainelli@broadcom.com>
Cc: stable@vger.kernel.org
Signed-off-by: Miquel Raynal <miquel.raynal@bootlin.com>
Link: https://lore.kernel.org/linux-mtd/20230706182909.79151-5-william.zhang@broadcom.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/mtd/nand/raw/brcmnand/brcmnand.c | 18 ++++++++++++++++--
1 file changed, 16 insertions(+), 2 deletions(-)
--- a/drivers/mtd/nand/raw/brcmnand/brcmnand.c
+++ b/drivers/mtd/nand/raw/brcmnand/brcmnand.c
@@ -1273,19 +1273,33 @@ static int write_oob_to_regs(struct brcm
const u8 *oob, int sas, int sector_1k)
{
int tbytes = sas << sector_1k;
- int j;
+ int j, k = 0;
+ u32 last = 0xffffffff;
+ u8 *plast = (u8 *)&last;
/* Adjust OOB values for 1K sector size */
if (sector_1k && (i & 0x01))
tbytes = max(0, tbytes - (int)ctrl->max_oob);
tbytes = min_t(int, tbytes, ctrl->max_oob);
- for (j = 0; j < tbytes; j += 4)
+ /*
+ * tbytes may not be multiple of words. Make sure we don't read out of
+ * the boundary and stop at last word.
+ */
+ for (j = 0; (j + 3) < tbytes; j += 4)
oob_reg_write(ctrl, j,
(oob[j + 0] << 24) |
(oob[j + 1] << 16) |
(oob[j + 2] << 8) |
(oob[j + 3] << 0));
+
+ /* handle the remaing bytes */
+ while (j < tbytes)
+ plast[k++] = oob[j++];
+
+ if (tbytes & 0x3)
+ oob_reg_write(ctrl, (tbytes & ~0x3), (__force u32)cpu_to_be32(last));
+
return tbytes;
}
^ permalink raw reply [flat|nested] 396+ messages in thread
* [PATCH 5.4 286/367] mtd: rawnand: brcmnand: Fix potential false time out warning
2023-09-20 11:26 [PATCH 5.4 000/367] 5.4.257-rc1 review Greg Kroah-Hartman
` (284 preceding siblings ...)
2023-09-20 11:31 ` [PATCH 5.4 285/367] mtd: rawnand: brcmnand: Fix potential out-of-bounds access in oob write Greg Kroah-Hartman
@ 2023-09-20 11:31 ` Greg Kroah-Hartman
2023-09-20 11:31 ` [PATCH 5.4 287/367] perf hists browser: Fix hierarchy mode header Greg Kroah-Hartman
` (86 subsequent siblings)
372 siblings, 0 replies; 396+ messages in thread
From: Greg Kroah-Hartman @ 2023-09-20 11:31 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, William Zhang, Florian Fainelli,
Miquel Raynal
5.4-stable review patch. If anyone has any objections, please let me know.
------------------
From: William Zhang <william.zhang@broadcom.com>
commit 9cc0a598b944816f2968baf2631757f22721b996 upstream.
If system is busy during the command status polling function, the driver
may not get the chance to poll the status register till the end of time
out and return the premature status. Do a final check after time out
happens to ensure reading the correct status.
Fixes: 9d2ee0a60b8b ("mtd: nand: brcmnand: Check flash #WP pin status before nand erase/program")
Signed-off-by: William Zhang <william.zhang@broadcom.com>
Reviewed-by: Florian Fainelli <florian.fainelli@broadcom.com>
Cc: stable@vger.kernel.org
Signed-off-by: Miquel Raynal <miquel.raynal@bootlin.com>
Link: https://lore.kernel.org/linux-mtd/20230706182909.79151-3-william.zhang@broadcom.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/mtd/nand/raw/brcmnand/brcmnand.c | 8 ++++++++
1 file changed, 8 insertions(+)
--- a/drivers/mtd/nand/raw/brcmnand/brcmnand.c
+++ b/drivers/mtd/nand/raw/brcmnand/brcmnand.c
@@ -891,6 +891,14 @@ static int bcmnand_ctrl_poll_status(stru
cpu_relax();
} while (time_after(limit, jiffies));
+ /*
+ * do a final check after time out in case the CPU was busy and the driver
+ * did not get enough time to perform the polling to avoid false alarms
+ */
+ val = brcmnand_read_reg(ctrl, BRCMNAND_INTFC_STATUS);
+ if ((val & mask) == expected_val)
+ return 0;
+
dev_warn(ctrl->dev, "timeout on status poll (expected %x got %x)\n",
expected_val, val & mask);
^ permalink raw reply [flat|nested] 396+ messages in thread
* [PATCH 5.4 287/367] perf hists browser: Fix hierarchy mode header
2023-09-20 11:26 [PATCH 5.4 000/367] 5.4.257-rc1 review Greg Kroah-Hartman
` (285 preceding siblings ...)
2023-09-20 11:31 ` [PATCH 5.4 286/367] mtd: rawnand: brcmnand: Fix potential false time out warning Greg Kroah-Hartman
@ 2023-09-20 11:31 ` Greg Kroah-Hartman
2023-09-20 11:31 ` [PATCH 5.4 288/367] perf tools: Handle old data in PERF_RECORD_ATTR Greg Kroah-Hartman
` (85 subsequent siblings)
372 siblings, 0 replies; 396+ messages in thread
From: Greg Kroah-Hartman @ 2023-09-20 11:31 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Namhyung Kim,
Arnaldo Carvalho de Melo, Adrian Hunter, Ian Rogers, Ingo Molnar,
Jiri Olsa, Peter Zijlstra
5.4-stable review patch. If anyone has any objections, please let me know.
------------------
From: Namhyung Kim <namhyung@kernel.org>
commit e2cabf2a44791f01c21f8d5189b946926e34142e upstream.
The commit ef9ff6017e3c4593 ("perf ui browser: Move the extra title
lines from the hists browser") introduced ui_browser__gotorc_title() to
help moving non-title lines easily. But it missed to update the title
for the hierarchy mode so it won't print the header line on TUI at all.
$ perf report --hierarchy
Fixes: ef9ff6017e3c4593 ("perf ui browser: Move the extra title lines from the hists browser")
Signed-off-by: Namhyung Kim <namhyung@kernel.org>
Tested-by: Arnaldo Carvalho de Melo <acme@redhat.com>
Cc: Adrian Hunter <adrian.hunter@intel.com>
Cc: Ian Rogers <irogers@google.com>
Cc: Ingo Molnar <mingo@kernel.org>
Cc: Jiri Olsa <jolsa@kernel.org>
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: stable@vger.kernel.org
Link: https://lore.kernel.org/r/20230731094934.1616495-1-namhyung@kernel.org
Signed-off-by: Arnaldo Carvalho de Melo <acme@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
tools/perf/ui/browsers/hists.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/tools/perf/ui/browsers/hists.c
+++ b/tools/perf/ui/browsers/hists.c
@@ -1718,7 +1718,7 @@ static void hists_browser__hierarchy_hea
hists_browser__scnprintf_hierarchy_headers(browser, headers,
sizeof(headers));
- ui_browser__gotorc(&browser->b, 0, 0);
+ ui_browser__gotorc_title(&browser->b, 0, 0);
ui_browser__set_color(&browser->b, HE_COLORSET_ROOT);
ui_browser__write_nstring(&browser->b, headers, browser->b.width + 1);
}
^ permalink raw reply [flat|nested] 396+ messages in thread
* [PATCH 5.4 288/367] perf tools: Handle old data in PERF_RECORD_ATTR
2023-09-20 11:26 [PATCH 5.4 000/367] 5.4.257-rc1 review Greg Kroah-Hartman
` (286 preceding siblings ...)
2023-09-20 11:31 ` [PATCH 5.4 287/367] perf hists browser: Fix hierarchy mode header Greg Kroah-Hartman
@ 2023-09-20 11:31 ` Greg Kroah-Hartman
2023-09-20 11:31 ` [PATCH 5.4 289/367] usb: typec: tcpm: Refactor tcpm_handle_vdm_request payload handling Greg Kroah-Hartman
` (84 subsequent siblings)
372 siblings, 0 replies; 396+ messages in thread
From: Greg Kroah-Hartman @ 2023-09-20 11:31 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Namhyung Kim, Adrian Hunter,
Ian Rogers, Ingo Molnar, Jiri Olsa, Peter Zijlstra, Tom Zanussi,
Arnaldo Carvalho de Melo
5.4-stable review patch. If anyone has any objections, please let me know.
------------------
From: Namhyung Kim <namhyung@kernel.org>
commit 9bf63282ea77a531ea58acb42fb3f40d2d1e4497 upstream.
The PERF_RECORD_ATTR is used for a pipe mode to describe an event with
attribute and IDs. The ID table comes after the attr and it calculate
size of the table using the total record size and the attr size.
n_ids = (total_record_size - end_of_the_attr_field) / sizeof(u64)
This is fine for most use cases, but sometimes it saves the pipe output
in a file and then process it later. And it becomes a problem if there
is a change in attr size between the record and report.
$ perf record -o- > perf-pipe.data # old version
$ perf report -i- < perf-pipe.data # new version
For example, if the attr size is 128 and it has 4 IDs, then it would
save them in 168 byte like below:
8 byte: perf event header { .type = PERF_RECORD_ATTR, .size = 168 },
128 byte: perf event attr { .size = 128, ... },
32 byte: event IDs [] = { 1234, 1235, 1236, 1237 },
But when report later, it thinks the attr size is 136 then it only read
the last 3 entries as ID.
8 byte: perf event header { .type = PERF_RECORD_ATTR, .size = 168 },
136 byte: perf event attr { .size = 136, ... },
24 byte: event IDs [] = { 1235, 1236, 1237 }, // 1234 is missing
So it should use the recorded version of the attr. The attr has the
size field already then it should honor the size when reading data.
Fixes: 2c46dbb517a10b18 ("perf: Convert perf header attrs into attr events")
Signed-off-by: Namhyung Kim <namhyung@kernel.org>
Cc: Adrian Hunter <adrian.hunter@intel.com>
Cc: Ian Rogers <irogers@google.com>
Cc: Ingo Molnar <mingo@kernel.org>
Cc: Jiri Olsa <jolsa@kernel.org>
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: Tom Zanussi <zanussi@kernel.org>
Cc: stable@vger.kernel.org
Link: https://lore.kernel.org/r/20230825152552.112913-1-namhyung@kernel.org
Signed-off-by: Arnaldo Carvalho de Melo <acme@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
| 11 ++++++-----
1 file changed, 6 insertions(+), 5 deletions(-)
--- a/tools/perf/util/header.c
+++ b/tools/perf/util/header.c
@@ -3720,7 +3720,8 @@ int perf_event__process_attr(struct perf
union perf_event *event,
struct evlist **pevlist)
{
- u32 i, ids, n_ids;
+ u32 i, n_ids;
+ u64 *ids;
struct evsel *evsel;
struct evlist *evlist = *pevlist;
@@ -3736,9 +3737,8 @@ int perf_event__process_attr(struct perf
evlist__add(evlist, evsel);
- ids = event->header.size;
- ids -= (void *)&event->attr.id - (void *)event;
- n_ids = ids / sizeof(u64);
+ n_ids = event->header.size - sizeof(event->header) - event->attr.attr.size;
+ n_ids = n_ids / sizeof(u64);
/*
* We don't have the cpu and thread maps on the header, so
* for allocating the perf_sample_id table we fake 1 cpu and
@@ -3747,8 +3747,9 @@ int perf_event__process_attr(struct perf
if (perf_evsel__alloc_id(&evsel->core, 1, n_ids))
return -ENOMEM;
+ ids = (void *)&event->attr.attr + event->attr.attr.size;
for (i = 0; i < n_ids; i++) {
- perf_evlist__id_add(&evlist->core, &evsel->core, 0, i, event->attr.id[i]);
+ perf_evlist__id_add(&evlist->core, &evsel->core, 0, i, ids[i]);
}
return 0;
^ permalink raw reply [flat|nested] 396+ messages in thread
* [PATCH 5.4 289/367] usb: typec: tcpm: Refactor tcpm_handle_vdm_request payload handling
2023-09-20 11:26 [PATCH 5.4 000/367] 5.4.257-rc1 review Greg Kroah-Hartman
` (287 preceding siblings ...)
2023-09-20 11:31 ` [PATCH 5.4 288/367] perf tools: Handle old data in PERF_RECORD_ATTR Greg Kroah-Hartman
@ 2023-09-20 11:31 ` Greg Kroah-Hartman
2023-09-20 11:31 ` [PATCH 5.4 290/367] usb: typec: tcpm: Refactor tcpm_handle_vdm_request Greg Kroah-Hartman
` (83 subsequent siblings)
372 siblings, 0 replies; 396+ messages in thread
From: Greg Kroah-Hartman @ 2023-09-20 11:31 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Guenter Roeck, Heikki Krogerus,
Hans de Goede, Sasha Levin
5.4-stable review patch. If anyone has any objections, please let me know.
------------------
From: Hans de Goede <hdegoede@redhat.com>
[ Upstream commit 8afe9a3548f9d1805dcea6d97978f2179c8403a3 ]
Refactor the tcpm_handle_vdm_request payload handling by doing the
endianness conversion only once directly inside tcpm_handle_vdm_request
itself instead of doing it multiple times inside various helper functions
called by tcpm_handle_vdm_request.
This is a preparation patch for some further refactoring to fix an AB BA
lock inversion between the tcpm code and some altmode drivers.
Reviewed-by: Guenter Roeck <linux@roeck-us.net>
Reviewed-by: Heikki Krogerus <heikki.krogerus@linux.intel.com>
Signed-off-by: Hans de Goede <hdegoede@redhat.com>
Link: https://lore.kernel.org/r/20200724174702.61754-3-hdegoede@redhat.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Stable-dep-of: f23643306430 ("usb: typec: bus: verify partner exists in typec_altmode_attention")
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/usb/typec/tcpm/tcpm.c | 49 ++++++++++++++++-------------------
1 file changed, 22 insertions(+), 27 deletions(-)
diff --git a/drivers/usb/typec/tcpm/tcpm.c b/drivers/usb/typec/tcpm/tcpm.c
index b259a4a28f81a..949325692e664 100644
--- a/drivers/usb/typec/tcpm/tcpm.c
+++ b/drivers/usb/typec/tcpm/tcpm.c
@@ -969,16 +969,15 @@ static void tcpm_queue_vdm(struct tcpm_port *port, const u32 header,
port->vdm_state = VDM_STATE_READY;
}
-static void svdm_consume_identity(struct tcpm_port *port, const __le32 *payload,
- int cnt)
+static void svdm_consume_identity(struct tcpm_port *port, const u32 *p, int cnt)
{
- u32 vdo = le32_to_cpu(payload[VDO_INDEX_IDH]);
- u32 product = le32_to_cpu(payload[VDO_INDEX_PRODUCT]);
+ u32 vdo = p[VDO_INDEX_IDH];
+ u32 product = p[VDO_INDEX_PRODUCT];
memset(&port->mode_data, 0, sizeof(port->mode_data));
port->partner_ident.id_header = vdo;
- port->partner_ident.cert_stat = le32_to_cpu(payload[VDO_INDEX_CSTAT]);
+ port->partner_ident.cert_stat = p[VDO_INDEX_CSTAT];
port->partner_ident.product = product;
typec_partner_set_identity(port->partner);
@@ -988,17 +987,15 @@ static void svdm_consume_identity(struct tcpm_port *port, const __le32 *payload,
PD_PRODUCT_PID(product), product & 0xffff);
}
-static bool svdm_consume_svids(struct tcpm_port *port, const __le32 *payload,
- int cnt)
+static bool svdm_consume_svids(struct tcpm_port *port, const u32 *p, int cnt)
{
struct pd_mode_data *pmdata = &port->mode_data;
int i;
for (i = 1; i < cnt; i++) {
- u32 p = le32_to_cpu(payload[i]);
u16 svid;
- svid = (p >> 16) & 0xffff;
+ svid = (p[i] >> 16) & 0xffff;
if (!svid)
return false;
@@ -1008,7 +1005,7 @@ static bool svdm_consume_svids(struct tcpm_port *port, const __le32 *payload,
pmdata->svids[pmdata->nsvids++] = svid;
tcpm_log(port, "SVID %d: 0x%x", pmdata->nsvids, svid);
- svid = p & 0xffff;
+ svid = p[i] & 0xffff;
if (!svid)
return false;
@@ -1038,8 +1035,7 @@ static bool svdm_consume_svids(struct tcpm_port *port, const __le32 *payload,
return false;
}
-static void svdm_consume_modes(struct tcpm_port *port, const __le32 *payload,
- int cnt)
+static void svdm_consume_modes(struct tcpm_port *port, const u32 *p, int cnt)
{
struct pd_mode_data *pmdata = &port->mode_data;
struct typec_altmode_desc *paltmode;
@@ -1056,7 +1052,7 @@ static void svdm_consume_modes(struct tcpm_port *port, const __le32 *payload,
paltmode->svid = pmdata->svids[pmdata->svid_index];
paltmode->mode = i;
- paltmode->vdo = le32_to_cpu(payload[i]);
+ paltmode->vdo = p[i];
tcpm_log(port, " Alternate mode %d: SVID 0x%04x, VDO %d: 0x%08x",
pmdata->altmodes, paltmode->svid,
@@ -1084,21 +1080,17 @@ static void tcpm_register_partner_altmodes(struct tcpm_port *port)
#define supports_modal(port) PD_IDH_MODAL_SUPP((port)->partner_ident.id_header)
-static int tcpm_pd_svdm(struct tcpm_port *port, const __le32 *payload, int cnt,
+static int tcpm_pd_svdm(struct tcpm_port *port, const u32 *p, int cnt,
u32 *response)
{
struct typec_altmode *adev;
struct typec_altmode *pdev;
struct pd_mode_data *modep;
- u32 p[PD_MAX_PAYLOAD];
int rlen = 0;
int cmd_type;
int cmd;
int i;
- for (i = 0; i < cnt; i++)
- p[i] = le32_to_cpu(payload[i]);
-
cmd_type = PD_VDO_CMDT(p[0]);
cmd = PD_VDO_CMD(p[0]);
@@ -1159,13 +1151,13 @@ static int tcpm_pd_svdm(struct tcpm_port *port, const __le32 *payload, int cnt,
switch (cmd) {
case CMD_DISCOVER_IDENT:
/* 6.4.4.3.1 */
- svdm_consume_identity(port, payload, cnt);
+ svdm_consume_identity(port, p, cnt);
response[0] = VDO(USB_SID_PD, 1, CMD_DISCOVER_SVID);
rlen = 1;
break;
case CMD_DISCOVER_SVID:
/* 6.4.4.3.2 */
- if (svdm_consume_svids(port, payload, cnt)) {
+ if (svdm_consume_svids(port, p, cnt)) {
response[0] = VDO(USB_SID_PD, 1,
CMD_DISCOVER_SVID);
rlen = 1;
@@ -1177,7 +1169,7 @@ static int tcpm_pd_svdm(struct tcpm_port *port, const __le32 *payload, int cnt,
break;
case CMD_DISCOVER_MODES:
/* 6.4.4.3.3 */
- svdm_consume_modes(port, payload, cnt);
+ svdm_consume_modes(port, p, cnt);
modep->svid_index++;
if (modep->svid_index < modep->nsvids) {
u16 svid = modep->svids[modep->svid_index];
@@ -1240,15 +1232,18 @@ static int tcpm_pd_svdm(struct tcpm_port *port, const __le32 *payload, int cnt,
static void tcpm_handle_vdm_request(struct tcpm_port *port,
const __le32 *payload, int cnt)
{
- int rlen = 0;
+ u32 p[PD_MAX_PAYLOAD];
u32 response[8] = { };
- u32 p0 = le32_to_cpu(payload[0]);
+ int i, rlen = 0;
+
+ for (i = 0; i < cnt; i++)
+ p[i] = le32_to_cpu(payload[i]);
if (port->vdm_state == VDM_STATE_BUSY) {
/* If UFP responded busy retry after timeout */
- if (PD_VDO_CMDT(p0) == CMDT_RSP_BUSY) {
+ if (PD_VDO_CMDT(p[0]) == CMDT_RSP_BUSY) {
port->vdm_state = VDM_STATE_WAIT_RSP_BUSY;
- port->vdo_retry = (p0 & ~VDO_CMDT_MASK) |
+ port->vdo_retry = (p[0] & ~VDO_CMDT_MASK) |
CMDT_INIT;
mod_delayed_work(port->wq, &port->vdm_state_machine,
msecs_to_jiffies(PD_T_VDM_BUSY));
@@ -1257,8 +1252,8 @@ static void tcpm_handle_vdm_request(struct tcpm_port *port,
port->vdm_state = VDM_STATE_DONE;
}
- if (PD_VDO_SVDM(p0))
- rlen = tcpm_pd_svdm(port, payload, cnt, response);
+ if (PD_VDO_SVDM(p[0]))
+ rlen = tcpm_pd_svdm(port, p, cnt, response);
if (rlen > 0) {
tcpm_queue_vdm(port, response[0], &response[1], rlen - 1);
--
2.40.1
^ permalink raw reply related [flat|nested] 396+ messages in thread
* [PATCH 5.4 290/367] usb: typec: tcpm: Refactor tcpm_handle_vdm_request
2023-09-20 11:26 [PATCH 5.4 000/367] 5.4.257-rc1 review Greg Kroah-Hartman
` (288 preceding siblings ...)
2023-09-20 11:31 ` [PATCH 5.4 289/367] usb: typec: tcpm: Refactor tcpm_handle_vdm_request payload handling Greg Kroah-Hartman
@ 2023-09-20 11:31 ` Greg Kroah-Hartman
2023-09-20 11:31 ` [PATCH 5.4 291/367] usb: typec: bus: verify partner exists in typec_altmode_attention Greg Kroah-Hartman
` (82 subsequent siblings)
372 siblings, 0 replies; 396+ messages in thread
From: Greg Kroah-Hartman @ 2023-09-20 11:31 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Heikki Krogerus, Guenter Roeck,
Hans de Goede, Sasha Levin
5.4-stable review patch. If anyone has any objections, please let me know.
------------------
From: Hans de Goede <hdegoede@redhat.com>
[ Upstream commit 95b4d51c96a87cd760c2a4f27fb28a59a27b6368 ]
Refactor tcpm_handle_vdm_request and its tcpm_pd_svdm helper function so
that reporting the results of the vdm to the altmode-driver is separated
out into a clear separate step inside tcpm_handle_vdm_request, instead
of being scattered over various places inside the tcpm_pd_svdm helper.
This is a preparation patch for fixing an AB BA lock inversion between the
tcpm code and some altmode drivers.
Reviewed-by: Heikki Krogerus <heikki.krogerus@linux.intel.com>
Reviewed-by: Guenter Roeck <linux@roeck-us.net>
Signed-off-by: Hans de Goede <hdegoede@redhat.com>
Link: https://lore.kernel.org/r/20200724174702.61754-4-hdegoede@redhat.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Stable-dep-of: f23643306430 ("usb: typec: bus: verify partner exists in typec_altmode_attention")
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/usb/typec/tcpm/tcpm.c | 76 ++++++++++++++++++++++-------------
1 file changed, 48 insertions(+), 28 deletions(-)
diff --git a/drivers/usb/typec/tcpm/tcpm.c b/drivers/usb/typec/tcpm/tcpm.c
index 949325692e664..9e71e0d9a09cd 100644
--- a/drivers/usb/typec/tcpm/tcpm.c
+++ b/drivers/usb/typec/tcpm/tcpm.c
@@ -159,6 +159,14 @@ enum pd_msg_request {
PD_MSG_DATA_SOURCE_CAP,
};
+enum adev_actions {
+ ADEV_NONE = 0,
+ ADEV_NOTIFY_USB_AND_QUEUE_VDM,
+ ADEV_QUEUE_VDM,
+ ADEV_QUEUE_VDM_SEND_EXIT_MODE_ON_FAIL,
+ ADEV_ATTENTION,
+};
+
/* Events from low level driver */
#define TCPM_CC_EVENT BIT(0)
@@ -1080,10 +1088,10 @@ static void tcpm_register_partner_altmodes(struct tcpm_port *port)
#define supports_modal(port) PD_IDH_MODAL_SUPP((port)->partner_ident.id_header)
-static int tcpm_pd_svdm(struct tcpm_port *port, const u32 *p, int cnt,
- u32 *response)
+static int tcpm_pd_svdm(struct tcpm_port *port, struct typec_altmode *adev,
+ const u32 *p, int cnt, u32 *response,
+ enum adev_actions *adev_action)
{
- struct typec_altmode *adev;
struct typec_altmode *pdev;
struct pd_mode_data *modep;
int rlen = 0;
@@ -1099,9 +1107,6 @@ static int tcpm_pd_svdm(struct tcpm_port *port, const u32 *p, int cnt,
modep = &port->mode_data;
- adev = typec_match_altmode(port->port_altmode, ALTMODE_DISCOVERY_MAX,
- PD_VDO_VID(p[0]), PD_VDO_OPOS(p[0]));
-
pdev = typec_match_altmode(port->partner_altmode, ALTMODE_DISCOVERY_MAX,
PD_VDO_VID(p[0]), PD_VDO_OPOS(p[0]));
@@ -1127,8 +1132,7 @@ static int tcpm_pd_svdm(struct tcpm_port *port, const u32 *p, int cnt,
break;
case CMD_ATTENTION:
/* Attention command does not have response */
- if (adev)
- typec_altmode_attention(adev, p[1]);
+ *adev_action = ADEV_ATTENTION;
return 0;
default:
break;
@@ -1182,23 +1186,15 @@ static int tcpm_pd_svdm(struct tcpm_port *port, const u32 *p, int cnt,
case CMD_ENTER_MODE:
if (adev && pdev) {
typec_altmode_update_active(pdev, true);
-
- if (typec_altmode_vdm(adev, p[0], &p[1], cnt)) {
- response[0] = VDO(adev->svid, 1,
- CMD_EXIT_MODE);
- response[0] |= VDO_OPOS(adev->mode);
- return 1;
- }
+ *adev_action = ADEV_QUEUE_VDM_SEND_EXIT_MODE_ON_FAIL;
}
return 0;
case CMD_EXIT_MODE:
if (adev && pdev) {
typec_altmode_update_active(pdev, false);
-
/* Back to USB Operation */
- WARN_ON(typec_altmode_notify(adev,
- TYPEC_STATE_USB,
- NULL));
+ *adev_action = ADEV_NOTIFY_USB_AND_QUEUE_VDM;
+ return 0;
}
break;
default:
@@ -1209,11 +1205,8 @@ static int tcpm_pd_svdm(struct tcpm_port *port, const u32 *p, int cnt,
switch (cmd) {
case CMD_ENTER_MODE:
/* Back to USB Operation */
- if (adev)
- WARN_ON(typec_altmode_notify(adev,
- TYPEC_STATE_USB,
- NULL));
- break;
+ *adev_action = ADEV_NOTIFY_USB_AND_QUEUE_VDM;
+ return 0;
default:
break;
}
@@ -1223,15 +1216,15 @@ static int tcpm_pd_svdm(struct tcpm_port *port, const u32 *p, int cnt,
}
/* Informing the alternate mode drivers about everything */
- if (adev)
- typec_altmode_vdm(adev, p[0], &p[1], cnt);
-
+ *adev_action = ADEV_QUEUE_VDM;
return rlen;
}
static void tcpm_handle_vdm_request(struct tcpm_port *port,
const __le32 *payload, int cnt)
{
+ enum adev_actions adev_action = ADEV_NONE;
+ struct typec_altmode *adev;
u32 p[PD_MAX_PAYLOAD];
u32 response[8] = { };
int i, rlen = 0;
@@ -1239,6 +1232,9 @@ static void tcpm_handle_vdm_request(struct tcpm_port *port,
for (i = 0; i < cnt; i++)
p[i] = le32_to_cpu(payload[i]);
+ adev = typec_match_altmode(port->port_altmode, ALTMODE_DISCOVERY_MAX,
+ PD_VDO_VID(p[0]), PD_VDO_OPOS(p[0]));
+
if (port->vdm_state == VDM_STATE_BUSY) {
/* If UFP responded busy retry after timeout */
if (PD_VDO_CMDT(p[0]) == CMDT_RSP_BUSY) {
@@ -1253,7 +1249,31 @@ static void tcpm_handle_vdm_request(struct tcpm_port *port,
}
if (PD_VDO_SVDM(p[0]))
- rlen = tcpm_pd_svdm(port, p, cnt, response);
+ rlen = tcpm_pd_svdm(port, adev, p, cnt, response, &adev_action);
+
+ if (adev) {
+ switch (adev_action) {
+ case ADEV_NONE:
+ break;
+ case ADEV_NOTIFY_USB_AND_QUEUE_VDM:
+ WARN_ON(typec_altmode_notify(adev, TYPEC_STATE_USB, NULL));
+ typec_altmode_vdm(adev, p[0], &p[1], cnt);
+ break;
+ case ADEV_QUEUE_VDM:
+ typec_altmode_vdm(adev, p[0], &p[1], cnt);
+ break;
+ case ADEV_QUEUE_VDM_SEND_EXIT_MODE_ON_FAIL:
+ if (typec_altmode_vdm(adev, p[0], &p[1], cnt)) {
+ response[0] = VDO(adev->svid, 1, CMD_EXIT_MODE);
+ response[0] |= VDO_OPOS(adev->mode);
+ rlen = 1;
+ }
+ break;
+ case ADEV_ATTENTION:
+ typec_altmode_attention(adev, p[1]);
+ break;
+ }
+ }
if (rlen > 0) {
tcpm_queue_vdm(port, response[0], &response[1], rlen - 1);
--
2.40.1
^ permalink raw reply related [flat|nested] 396+ messages in thread
* [PATCH 5.4 291/367] usb: typec: bus: verify partner exists in typec_altmode_attention
2023-09-20 11:26 [PATCH 5.4 000/367] 5.4.257-rc1 review Greg Kroah-Hartman
` (289 preceding siblings ...)
2023-09-20 11:31 ` [PATCH 5.4 290/367] usb: typec: tcpm: Refactor tcpm_handle_vdm_request Greg Kroah-Hartman
@ 2023-09-20 11:31 ` Greg Kroah-Hartman
2023-09-20 11:31 ` [PATCH 5.4 292/367] ARM: dts: BCM5301X: Extend RAM to full 256MB for Linksys EA6500 V2 Greg Kroah-Hartman
` (81 subsequent siblings)
372 siblings, 0 replies; 396+ messages in thread
From: Greg Kroah-Hartman @ 2023-09-20 11:31 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, RD Babiera, Heikki Krogerus,
Guenter Roeck, Sasha Levin
5.4-stable review patch. If anyone has any objections, please let me know.
------------------
From: RD Babiera <rdbabiera@google.com>
[ Upstream commit f23643306430f86e2f413ee2b986e0773e79da31 ]
Some usb hubs will negotiate DisplayPort Alt mode with the device
but will then negotiate a data role swap after entering the alt
mode. The data role swap causes the device to unregister all alt
modes, however the usb hub will still send Attention messages
even after failing to reregister the Alt Mode. type_altmode_attention
currently does not verify whether or not a device's altmode partner
exists, which results in a NULL pointer error when dereferencing
the typec_altmode and typec_altmode_ops belonging to the altmode
partner.
Verify the presence of a device's altmode partner before sending
the Attention message to the Alt Mode driver.
Fixes: 8a37d87d72f0 ("usb: typec: Bus type for alternate modes")
Cc: stable@vger.kernel.org
Signed-off-by: RD Babiera <rdbabiera@google.com>
Reviewed-by: Heikki Krogerus <heikki.krogerus@linux.intel.com>
Reviewed-by: Guenter Roeck <linux@roeck-us.net>
Link: https://lore.kernel.org/r/20230814180559.923475-1-rdbabiera@google.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/usb/typec/bus.c | 12 ++++++++++--
drivers/usb/typec/tcpm/tcpm.c | 3 ++-
include/linux/usb/typec_altmode.h | 2 +-
3 files changed, 13 insertions(+), 4 deletions(-)
diff --git a/drivers/usb/typec/bus.c b/drivers/usb/typec/bus.c
index 0369ad92a1c8e..052b8fb21344c 100644
--- a/drivers/usb/typec/bus.c
+++ b/drivers/usb/typec/bus.c
@@ -146,12 +146,20 @@ EXPORT_SYMBOL_GPL(typec_altmode_exit);
*
* Notifies the partner of @adev about Attention command.
*/
-void typec_altmode_attention(struct typec_altmode *adev, u32 vdo)
+int typec_altmode_attention(struct typec_altmode *adev, u32 vdo)
{
- struct typec_altmode *pdev = &to_altmode(adev)->partner->adev;
+ struct altmode *partner = to_altmode(adev)->partner;
+ struct typec_altmode *pdev;
+
+ if (!partner)
+ return -ENODEV;
+
+ pdev = &partner->adev;
if (pdev->ops && pdev->ops->attention)
pdev->ops->attention(pdev, vdo);
+
+ return 0;
}
EXPORT_SYMBOL_GPL(typec_altmode_attention);
diff --git a/drivers/usb/typec/tcpm/tcpm.c b/drivers/usb/typec/tcpm/tcpm.c
index 9e71e0d9a09cd..07db1f1a1f72a 100644
--- a/drivers/usb/typec/tcpm/tcpm.c
+++ b/drivers/usb/typec/tcpm/tcpm.c
@@ -1270,7 +1270,8 @@ static void tcpm_handle_vdm_request(struct tcpm_port *port,
}
break;
case ADEV_ATTENTION:
- typec_altmode_attention(adev, p[1]);
+ if (typec_altmode_attention(adev, p[1]))
+ tcpm_log(port, "typec_altmode_attention no port partner altmode");
break;
}
}
diff --git a/include/linux/usb/typec_altmode.h b/include/linux/usb/typec_altmode.h
index 9a88c74a1d0d0..969b7c5040875 100644
--- a/include/linux/usb/typec_altmode.h
+++ b/include/linux/usb/typec_altmode.h
@@ -67,7 +67,7 @@ struct typec_altmode_ops {
int typec_altmode_enter(struct typec_altmode *altmode);
int typec_altmode_exit(struct typec_altmode *altmode);
-void typec_altmode_attention(struct typec_altmode *altmode, u32 vdo);
+int typec_altmode_attention(struct typec_altmode *altmode, u32 vdo);
int typec_altmode_vdm(struct typec_altmode *altmode,
const u32 header, const u32 *vdo, int count);
int typec_altmode_notify(struct typec_altmode *altmode, unsigned long conf,
--
2.40.1
^ permalink raw reply related [flat|nested] 396+ messages in thread
* [PATCH 5.4 292/367] ARM: dts: BCM5301X: Extend RAM to full 256MB for Linksys EA6500 V2
2023-09-20 11:26 [PATCH 5.4 000/367] 5.4.257-rc1 review Greg Kroah-Hartman
` (290 preceding siblings ...)
2023-09-20 11:31 ` [PATCH 5.4 291/367] usb: typec: bus: verify partner exists in typec_altmode_attention Greg Kroah-Hartman
@ 2023-09-20 11:31 ` Greg Kroah-Hartman
2023-09-20 11:31 ` [PATCH 5.4 293/367] clk: imx8mm: Move 1443X/1416X PLL clock structure to common place Greg Kroah-Hartman
` (80 subsequent siblings)
372 siblings, 0 replies; 396+ messages in thread
From: Greg Kroah-Hartman @ 2023-09-20 11:31 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Aleksey Nasibulin,
Christian Marangi, Rafał Miłecki, Florian Fainelli,
Sasha Levin
5.4-stable review patch. If anyone has any objections, please let me know.
------------------
From: Aleksey Nasibulin <alealexpro100@ya.ru>
[ Upstream commit 91994e59079dcb455783d3f9ea338eea6f671af3 ]
Linksys ea6500-v2 have 256MB of ram. Currently we only use 128MB.
Expand the definition to use all the available RAM.
Fixes: 03e96644d7a8 ("ARM: dts: BCM5301X: Add basic DT for Linksys EA6500 V2")
Signed-off-by: Aleksey Nasibulin <alealexpro100@ya.ru>
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
Cc: stable@vger.kernel.org
Acked-by: Rafał Miłecki <rafal@milecki.pl>
Link: https://lore.kernel.org/r/20230712014017.28123-1-ansuelsmth@gmail.com
Signed-off-by: Florian Fainelli <florian.fainelli@broadcom.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/arm/boot/dts/bcm4708-linksys-ea6500-v2.dts | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/arch/arm/boot/dts/bcm4708-linksys-ea6500-v2.dts b/arch/arm/boot/dts/bcm4708-linksys-ea6500-v2.dts
index cd797b4202ad8..01c48faabfade 100644
--- a/arch/arm/boot/dts/bcm4708-linksys-ea6500-v2.dts
+++ b/arch/arm/boot/dts/bcm4708-linksys-ea6500-v2.dts
@@ -19,7 +19,8 @@
memory@0 {
device_type = "memory";
- reg = <0x00000000 0x08000000>;
+ reg = <0x00000000 0x08000000>,
+ <0x88000000 0x08000000>;
};
gpio-keys {
--
2.40.1
^ permalink raw reply related [flat|nested] 396+ messages in thread
* [PATCH 5.4 293/367] clk: imx8mm: Move 1443X/1416X PLL clock structure to common place
2023-09-20 11:26 [PATCH 5.4 000/367] 5.4.257-rc1 review Greg Kroah-Hartman
` (291 preceding siblings ...)
2023-09-20 11:31 ` [PATCH 5.4 292/367] ARM: dts: BCM5301X: Extend RAM to full 256MB for Linksys EA6500 V2 Greg Kroah-Hartman
@ 2023-09-20 11:31 ` Greg Kroah-Hartman
2023-09-20 11:31 ` [PATCH 5.4 294/367] clk: imx: clk-pll14xx: Make two variables static Greg Kroah-Hartman
` (79 subsequent siblings)
372 siblings, 0 replies; 396+ messages in thread
From: Greg Kroah-Hartman @ 2023-09-20 11:31 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Anson Huang, Leonard Crestez,
Shawn Guo, Sasha Levin
5.4-stable review patch. If anyone has any objections, please let me know.
------------------
From: Anson Huang <Anson.Huang@nxp.com>
[ Upstream commit 43cdaa1567ad3931fbde438853947d45238cc040 ]
Many i.MX8M SoCs use same 1443X/1416X PLL, such as i.MX8MM,
i.MX8MN and later i.MX8M SoCs, moving these PLL definitions
to pll14xx driver can save a lot of duplicated code on each
platform.
Meanwhile, no need to define PLL clock structure for every
module which uses same type of PLL, e.g., audio/video/dram use
1443X PLL, arm/gpu/vpu/sys use 1416X PLL, define 2 PLL clock
structure for each group is enough.
Signed-off-by: Anson Huang <Anson.Huang@nxp.com>
Reviewed-by: Leonard Crestez <leonard.crestez@nxp.com>
Signed-off-by: Shawn Guo <shawnguo@kernel.org>
Stable-dep-of: 72d00e560d10 ("clk: imx: pll14xx: dynamically configure PLL for 393216000/361267200Hz")
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/clk/imx/clk-imx8mm.c | 87 ++++-------------------------------
drivers/clk/imx/clk-pll14xx.c | 30 ++++++++++++
drivers/clk/imx/clk.h | 3 ++
3 files changed, 43 insertions(+), 77 deletions(-)
diff --git a/drivers/clk/imx/clk-imx8mm.c b/drivers/clk/imx/clk-imx8mm.c
index 172589e94f60e..ec34c52416369 100644
--- a/drivers/clk/imx/clk-imx8mm.c
+++ b/drivers/clk/imx/clk-imx8mm.c
@@ -26,73 +26,6 @@ static u32 share_count_disp;
static u32 share_count_pdm;
static u32 share_count_nand;
-static const struct imx_pll14xx_rate_table imx8mm_pll1416x_tbl[] = {
- PLL_1416X_RATE(1800000000U, 225, 3, 0),
- PLL_1416X_RATE(1600000000U, 200, 3, 0),
- PLL_1416X_RATE(1200000000U, 300, 3, 1),
- PLL_1416X_RATE(1000000000U, 250, 3, 1),
- PLL_1416X_RATE(800000000U, 200, 3, 1),
- PLL_1416X_RATE(750000000U, 250, 2, 2),
- PLL_1416X_RATE(700000000U, 350, 3, 2),
- PLL_1416X_RATE(600000000U, 300, 3, 2),
-};
-
-static const struct imx_pll14xx_rate_table imx8mm_audiopll_tbl[] = {
- PLL_1443X_RATE(393216000U, 262, 2, 3, 9437),
- PLL_1443X_RATE(361267200U, 361, 3, 3, 17511),
-};
-
-static const struct imx_pll14xx_rate_table imx8mm_videopll_tbl[] = {
- PLL_1443X_RATE(650000000U, 325, 3, 2, 0),
- PLL_1443X_RATE(594000000U, 198, 2, 2, 0),
-};
-
-static const struct imx_pll14xx_rate_table imx8mm_drampll_tbl[] = {
- PLL_1443X_RATE(650000000U, 325, 3, 2, 0),
-};
-
-static struct imx_pll14xx_clk imx8mm_audio_pll = {
- .type = PLL_1443X,
- .rate_table = imx8mm_audiopll_tbl,
- .rate_count = ARRAY_SIZE(imx8mm_audiopll_tbl),
-};
-
-static struct imx_pll14xx_clk imx8mm_video_pll = {
- .type = PLL_1443X,
- .rate_table = imx8mm_videopll_tbl,
- .rate_count = ARRAY_SIZE(imx8mm_videopll_tbl),
-};
-
-static struct imx_pll14xx_clk imx8mm_dram_pll = {
- .type = PLL_1443X,
- .rate_table = imx8mm_drampll_tbl,
- .rate_count = ARRAY_SIZE(imx8mm_drampll_tbl),
-};
-
-static struct imx_pll14xx_clk imx8mm_arm_pll = {
- .type = PLL_1416X,
- .rate_table = imx8mm_pll1416x_tbl,
- .rate_count = ARRAY_SIZE(imx8mm_pll1416x_tbl),
-};
-
-static struct imx_pll14xx_clk imx8mm_gpu_pll = {
- .type = PLL_1416X,
- .rate_table = imx8mm_pll1416x_tbl,
- .rate_count = ARRAY_SIZE(imx8mm_pll1416x_tbl),
-};
-
-static struct imx_pll14xx_clk imx8mm_vpu_pll = {
- .type = PLL_1416X,
- .rate_table = imx8mm_pll1416x_tbl,
- .rate_count = ARRAY_SIZE(imx8mm_pll1416x_tbl),
-};
-
-static struct imx_pll14xx_clk imx8mm_sys_pll = {
- .type = PLL_1416X,
- .rate_table = imx8mm_pll1416x_tbl,
- .rate_count = ARRAY_SIZE(imx8mm_pll1416x_tbl),
-};
-
static const char *pll_ref_sels[] = { "osc_24m", "dummy", "dummy", "dummy", };
static const char *audio_pll1_bypass_sels[] = {"audio_pll1", "audio_pll1_ref_sel", };
static const char *audio_pll2_bypass_sels[] = {"audio_pll2", "audio_pll2_ref_sel", };
@@ -396,16 +329,16 @@ static int imx8mm_clocks_probe(struct platform_device *pdev)
clks[IMX8MM_SYS_PLL2_REF_SEL] = imx_clk_mux("sys_pll2_ref_sel", base + 0x104, 0, 2, pll_ref_sels, ARRAY_SIZE(pll_ref_sels));
clks[IMX8MM_SYS_PLL3_REF_SEL] = imx_clk_mux("sys_pll3_ref_sel", base + 0x114, 0, 2, pll_ref_sels, ARRAY_SIZE(pll_ref_sels));
- clks[IMX8MM_AUDIO_PLL1] = imx_clk_pll14xx("audio_pll1", "audio_pll1_ref_sel", base, &imx8mm_audio_pll);
- clks[IMX8MM_AUDIO_PLL2] = imx_clk_pll14xx("audio_pll2", "audio_pll2_ref_sel", base + 0x14, &imx8mm_audio_pll);
- clks[IMX8MM_VIDEO_PLL1] = imx_clk_pll14xx("video_pll1", "video_pll1_ref_sel", base + 0x28, &imx8mm_video_pll);
- clks[IMX8MM_DRAM_PLL] = imx_clk_pll14xx("dram_pll", "dram_pll_ref_sel", base + 0x50, &imx8mm_dram_pll);
- clks[IMX8MM_GPU_PLL] = imx_clk_pll14xx("gpu_pll", "gpu_pll_ref_sel", base + 0x64, &imx8mm_gpu_pll);
- clks[IMX8MM_VPU_PLL] = imx_clk_pll14xx("vpu_pll", "vpu_pll_ref_sel", base + 0x74, &imx8mm_vpu_pll);
- clks[IMX8MM_ARM_PLL] = imx_clk_pll14xx("arm_pll", "arm_pll_ref_sel", base + 0x84, &imx8mm_arm_pll);
- clks[IMX8MM_SYS_PLL1] = imx_clk_pll14xx("sys_pll1", "sys_pll1_ref_sel", base + 0x94, &imx8mm_sys_pll);
- clks[IMX8MM_SYS_PLL2] = imx_clk_pll14xx("sys_pll2", "sys_pll2_ref_sel", base + 0x104, &imx8mm_sys_pll);
- clks[IMX8MM_SYS_PLL3] = imx_clk_pll14xx("sys_pll3", "sys_pll3_ref_sel", base + 0x114, &imx8mm_sys_pll);
+ clks[IMX8MM_AUDIO_PLL1] = imx_clk_pll14xx("audio_pll1", "audio_pll1_ref_sel", base, &imx_1443x_pll);
+ clks[IMX8MM_AUDIO_PLL2] = imx_clk_pll14xx("audio_pll2", "audio_pll2_ref_sel", base + 0x14, &imx_1443x_pll);
+ clks[IMX8MM_VIDEO_PLL1] = imx_clk_pll14xx("video_pll1", "video_pll1_ref_sel", base + 0x28, &imx_1443x_pll);
+ clks[IMX8MM_DRAM_PLL] = imx_clk_pll14xx("dram_pll", "dram_pll_ref_sel", base + 0x50, &imx_1443x_pll);
+ clks[IMX8MM_GPU_PLL] = imx_clk_pll14xx("gpu_pll", "gpu_pll_ref_sel", base + 0x64, &imx_1416x_pll);
+ clks[IMX8MM_VPU_PLL] = imx_clk_pll14xx("vpu_pll", "vpu_pll_ref_sel", base + 0x74, &imx_1416x_pll);
+ clks[IMX8MM_ARM_PLL] = imx_clk_pll14xx("arm_pll", "arm_pll_ref_sel", base + 0x84, &imx_1416x_pll);
+ clks[IMX8MM_SYS_PLL1] = imx_clk_pll14xx("sys_pll1", "sys_pll1_ref_sel", base + 0x94, &imx_1416x_pll);
+ clks[IMX8MM_SYS_PLL2] = imx_clk_pll14xx("sys_pll2", "sys_pll2_ref_sel", base + 0x104, &imx_1416x_pll);
+ clks[IMX8MM_SYS_PLL3] = imx_clk_pll14xx("sys_pll3", "sys_pll3_ref_sel", base + 0x114, &imx_1416x_pll);
/* PLL bypass out */
clks[IMX8MM_AUDIO_PLL1_BYPASS] = imx_clk_mux_flags("audio_pll1_bypass", base, 16, 1, audio_pll1_bypass_sels, ARRAY_SIZE(audio_pll1_bypass_sels), CLK_SET_RATE_PARENT);
diff --git a/drivers/clk/imx/clk-pll14xx.c b/drivers/clk/imx/clk-pll14xx.c
index 047f1d8fe323f..c43e9653b4156 100644
--- a/drivers/clk/imx/clk-pll14xx.c
+++ b/drivers/clk/imx/clk-pll14xx.c
@@ -41,6 +41,36 @@ struct clk_pll14xx {
#define to_clk_pll14xx(_hw) container_of(_hw, struct clk_pll14xx, hw)
+const struct imx_pll14xx_rate_table imx_pll1416x_tbl[] = {
+ PLL_1416X_RATE(1800000000U, 225, 3, 0),
+ PLL_1416X_RATE(1600000000U, 200, 3, 0),
+ PLL_1416X_RATE(1200000000U, 300, 3, 1),
+ PLL_1416X_RATE(1000000000U, 250, 3, 1),
+ PLL_1416X_RATE(800000000U, 200, 3, 1),
+ PLL_1416X_RATE(750000000U, 250, 2, 2),
+ PLL_1416X_RATE(700000000U, 350, 3, 2),
+ PLL_1416X_RATE(600000000U, 300, 3, 2),
+};
+
+const struct imx_pll14xx_rate_table imx_pll1443x_tbl[] = {
+ PLL_1443X_RATE(650000000U, 325, 3, 2, 0),
+ PLL_1443X_RATE(594000000U, 198, 2, 2, 0),
+ PLL_1443X_RATE(393216000U, 262, 2, 3, 9437),
+ PLL_1443X_RATE(361267200U, 361, 3, 3, 17511),
+};
+
+struct imx_pll14xx_clk imx_1443x_pll = {
+ .type = PLL_1443X,
+ .rate_table = imx_pll1443x_tbl,
+ .rate_count = ARRAY_SIZE(imx_pll1443x_tbl),
+};
+
+struct imx_pll14xx_clk imx_1416x_pll = {
+ .type = PLL_1416X,
+ .rate_table = imx_pll1416x_tbl,
+ .rate_count = ARRAY_SIZE(imx_pll1416x_tbl),
+};
+
static const struct imx_pll14xx_rate_table *imx_get_pll_settings(
struct clk_pll14xx *pll, unsigned long rate)
{
diff --git a/drivers/clk/imx/clk.h b/drivers/clk/imx/clk.h
index 6fe64ff8ffa12..30ddbc1ced2ee 100644
--- a/drivers/clk/imx/clk.h
+++ b/drivers/clk/imx/clk.h
@@ -50,6 +50,9 @@ struct imx_pll14xx_clk {
int flags;
};
+extern struct imx_pll14xx_clk imx_1416x_pll;
+extern struct imx_pll14xx_clk imx_1443x_pll;
+
#define imx_clk_cpu(name, parent_name, div, mux, pll, step) \
to_clk(imx_clk_hw_cpu(name, parent_name, div, mux, pll, step))
--
2.40.1
^ permalink raw reply related [flat|nested] 396+ messages in thread
* [PATCH 5.4 294/367] clk: imx: clk-pll14xx: Make two variables static
2023-09-20 11:26 [PATCH 5.4 000/367] 5.4.257-rc1 review Greg Kroah-Hartman
` (292 preceding siblings ...)
2023-09-20 11:31 ` [PATCH 5.4 293/367] clk: imx8mm: Move 1443X/1416X PLL clock structure to common place Greg Kroah-Hartman
@ 2023-09-20 11:31 ` Greg Kroah-Hartman
2023-09-20 11:31 ` [PATCH 5.4 295/367] clk: imx: pll14xx: Add new frequency entries for pll1443x table Greg Kroah-Hartman
` (78 subsequent siblings)
372 siblings, 0 replies; 396+ messages in thread
From: Greg Kroah-Hartman @ 2023-09-20 11:31 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Hulk Robot, YueHaibing, Anson Huang,
Shawn Guo, Sasha Levin
5.4-stable review patch. If anyone has any objections, please let me know.
------------------
From: YueHaibing <yuehaibing@huawei.com>
[ Upstream commit 8f2d3c1759d19232edf1e9ef43d40a44e31493d6 ]
Fix sparse warnings:
drivers/clk/imx/clk-pll14xx.c:44:37:
warning: symbol 'imx_pll1416x_tbl' was not declared. Should it be static?
drivers/clk/imx/clk-pll14xx.c:57:37:
warning: symbol 'imx_pll1443x_tbl' was not declared. Should it be static?
Reported-by: Hulk Robot <hulkci@huawei.com>
Signed-off-by: YueHaibing <yuehaibing@huawei.com>
Reviewed-by: Anson Huang <Anson.Huang@nxp.com>
Signed-off-by: Shawn Guo <shawnguo@kernel.org>
Stable-dep-of: 72d00e560d10 ("clk: imx: pll14xx: dynamically configure PLL for 393216000/361267200Hz")
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/clk/imx/clk-pll14xx.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/drivers/clk/imx/clk-pll14xx.c b/drivers/clk/imx/clk-pll14xx.c
index c43e9653b4156..129a28c3366eb 100644
--- a/drivers/clk/imx/clk-pll14xx.c
+++ b/drivers/clk/imx/clk-pll14xx.c
@@ -41,7 +41,7 @@ struct clk_pll14xx {
#define to_clk_pll14xx(_hw) container_of(_hw, struct clk_pll14xx, hw)
-const struct imx_pll14xx_rate_table imx_pll1416x_tbl[] = {
+static const struct imx_pll14xx_rate_table imx_pll1416x_tbl[] = {
PLL_1416X_RATE(1800000000U, 225, 3, 0),
PLL_1416X_RATE(1600000000U, 200, 3, 0),
PLL_1416X_RATE(1200000000U, 300, 3, 1),
@@ -52,7 +52,7 @@ const struct imx_pll14xx_rate_table imx_pll1416x_tbl[] = {
PLL_1416X_RATE(600000000U, 300, 3, 2),
};
-const struct imx_pll14xx_rate_table imx_pll1443x_tbl[] = {
+static const struct imx_pll14xx_rate_table imx_pll1443x_tbl[] = {
PLL_1443X_RATE(650000000U, 325, 3, 2, 0),
PLL_1443X_RATE(594000000U, 198, 2, 2, 0),
PLL_1443X_RATE(393216000U, 262, 2, 3, 9437),
--
2.40.1
^ permalink raw reply related [flat|nested] 396+ messages in thread
* [PATCH 5.4 295/367] clk: imx: pll14xx: Add new frequency entries for pll1443x table
2023-09-20 11:26 [PATCH 5.4 000/367] 5.4.257-rc1 review Greg Kroah-Hartman
` (293 preceding siblings ...)
2023-09-20 11:31 ` [PATCH 5.4 294/367] clk: imx: clk-pll14xx: Make two variables static Greg Kroah-Hartman
@ 2023-09-20 11:31 ` Greg Kroah-Hartman
2023-09-20 11:31 ` [PATCH 5.4 296/367] clk: imx: pll14xx: dynamically configure PLL for 393216000/361267200Hz Greg Kroah-Hartman
` (77 subsequent siblings)
372 siblings, 0 replies; 396+ messages in thread
From: Greg Kroah-Hartman @ 2023-09-20 11:31 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Anson Huang, Peng Fan, Shawn Guo,
Sasha Levin
5.4-stable review patch. If anyone has any objections, please let me know.
------------------
From: Anson Huang <Anson.Huang@nxp.com>
[ Upstream commit 57795654fb553a78f07a9f92d87fb2582379cd93 ]
Add new frequency entries to pll1443x table to meet different
display settings requirement.
Signed-off-by: Anson Huang <Anson.Huang@nxp.com>
Reviewed-by: Peng Fan <peng.fan@nxp.com>
Signed-off-by: Shawn Guo <shawnguo@kernel.org>
Stable-dep-of: 72d00e560d10 ("clk: imx: pll14xx: dynamically configure PLL for 393216000/361267200Hz")
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/clk/imx/clk-pll14xx.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/drivers/clk/imx/clk-pll14xx.c b/drivers/clk/imx/clk-pll14xx.c
index 129a28c3366eb..e7bf6babc28b4 100644
--- a/drivers/clk/imx/clk-pll14xx.c
+++ b/drivers/clk/imx/clk-pll14xx.c
@@ -53,8 +53,10 @@ static const struct imx_pll14xx_rate_table imx_pll1416x_tbl[] = {
};
static const struct imx_pll14xx_rate_table imx_pll1443x_tbl[] = {
+ PLL_1443X_RATE(1039500000U, 173, 2, 1, 16384),
PLL_1443X_RATE(650000000U, 325, 3, 2, 0),
PLL_1443X_RATE(594000000U, 198, 2, 2, 0),
+ PLL_1443X_RATE(519750000U, 173, 2, 2, 16384),
PLL_1443X_RATE(393216000U, 262, 2, 3, 9437),
PLL_1443X_RATE(361267200U, 361, 3, 3, 17511),
};
--
2.40.1
^ permalink raw reply related [flat|nested] 396+ messages in thread
* [PATCH 5.4 296/367] clk: imx: pll14xx: dynamically configure PLL for 393216000/361267200Hz
2023-09-20 11:26 [PATCH 5.4 000/367] 5.4.257-rc1 review Greg Kroah-Hartman
` (294 preceding siblings ...)
2023-09-20 11:31 ` [PATCH 5.4 295/367] clk: imx: pll14xx: Add new frequency entries for pll1443x table Greg Kroah-Hartman
@ 2023-09-20 11:31 ` Greg Kroah-Hartman
2023-09-21 7:03 ` Ahmad Fatoum
2023-09-20 11:31 ` [PATCH 5.4 297/367] net: ipv4: fix one memleak in __inet_del_ifa() Greg Kroah-Hartman
` (76 subsequent siblings)
372 siblings, 1 reply; 396+ messages in thread
From: Greg Kroah-Hartman @ 2023-09-20 11:31 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Ahmad Fatoum, Marco Felsch,
Abel Vesa, Sasha Levin
5.4-stable review patch. If anyone has any objections, please let me know.
------------------
From: Ahmad Fatoum <a.fatoum@pengutronix.de>
[ Upstream commit 72d00e560d10665e6139c9431956a87ded6e9880 ]
Since commit b09c68dc57c9 ("clk: imx: pll14xx: Support dynamic rates"),
the driver has the ability to dynamically compute PLL parameters to
approximate the requested rates. This is not always used, because the
logic is as follows:
- Check if the target rate is hardcoded in the frequency table
- Check if varying only kdiv is possible, so switch over is glitch free
- Compute rate dynamically by iterating over pdiv range
If we skip the frequency table for the 1443x PLL, we find that the
computed values differ to the hardcoded ones. This can be valid if the
hardcoded values guarantee for example an earlier lock-in or if the
divisors are chosen, so that other important rates are more likely to
be reached glitch-free.
For rates (393216000 and 361267200, this doesn't seem to be the case:
They are only approximated by existing parameters (393215995 and
361267196 Hz, respectively) and they aren't reachable glitch-free from
other hardcoded frequencies. Dropping them from the table allows us
to lock-in to these frequencies exactly.
This is immediately noticeable because they are the assigned-clock-rates
for IMX8MN_AUDIO_PLL1 and IMX8MN_AUDIO_PLL2, respectively and a look
into clk_summary so far showed that they were a few Hz short of the target:
imx8mn-board:~# grep audio_pll[12]_out /sys/kernel/debug/clk/clk_summary
audio_pll2_out 0 0 0 361267196 0 0 50000 N
audio_pll1_out 1 1 0 393215995 0 0 50000 Y
and afterwards:
imx8mn-board:~# grep audio_pll[12]_out /sys/kernel/debug/clk/clk_summary
audio_pll2_out 0 0 0 361267200 0 0 50000 N
audio_pll1_out 1 1 0 393216000 0 0 50000 Y
This change is equivalent to adding following hardcoded values:
/* rate mdiv pdiv sdiv kdiv */
PLL_1443X_RATE(393216000, 655, 5, 3, 23593),
PLL_1443X_RATE(361267200, 497, 33, 0, -16882),
Fixes: 053a4ffe2988 ("clk: imx: imx8mm: fix audio pll setting")
Cc: stable@vger.kernel.org # v5.18+
Signed-off-by: Ahmad Fatoum <a.fatoum@pengutronix.de>
Signed-off-by: Marco Felsch <m.felsch@pengutronix.de>
Link: https://lore.kernel.org/r/20230807084744.1184791-2-m.felsch@pengutronix.de
Signed-off-by: Abel Vesa <abel.vesa@linaro.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/clk/imx/clk-pll14xx.c | 2 --
1 file changed, 2 deletions(-)
diff --git a/drivers/clk/imx/clk-pll14xx.c b/drivers/clk/imx/clk-pll14xx.c
index e7bf6babc28b4..0dbe8c05af478 100644
--- a/drivers/clk/imx/clk-pll14xx.c
+++ b/drivers/clk/imx/clk-pll14xx.c
@@ -57,8 +57,6 @@ static const struct imx_pll14xx_rate_table imx_pll1443x_tbl[] = {
PLL_1443X_RATE(650000000U, 325, 3, 2, 0),
PLL_1443X_RATE(594000000U, 198, 2, 2, 0),
PLL_1443X_RATE(519750000U, 173, 2, 2, 16384),
- PLL_1443X_RATE(393216000U, 262, 2, 3, 9437),
- PLL_1443X_RATE(361267200U, 361, 3, 3, 17511),
};
struct imx_pll14xx_clk imx_1443x_pll = {
--
2.40.1
^ permalink raw reply related [flat|nested] 396+ messages in thread
* [PATCH 5.4 297/367] net: ipv4: fix one memleak in __inet_del_ifa()
2023-09-20 11:26 [PATCH 5.4 000/367] 5.4.257-rc1 review Greg Kroah-Hartman
` (295 preceding siblings ...)
2023-09-20 11:31 ` [PATCH 5.4 296/367] clk: imx: pll14xx: dynamically configure PLL for 393216000/361267200Hz Greg Kroah-Hartman
@ 2023-09-20 11:31 ` Greg Kroah-Hartman
2023-09-20 11:31 ` [PATCH 5.4 298/367] net: ethernet: mvpp2_main: fix possible OOB write in mvpp2_ethtool_get_rxnfc() Greg Kroah-Hartman
` (75 subsequent siblings)
372 siblings, 0 replies; 396+ messages in thread
From: Greg Kroah-Hartman @ 2023-09-20 11:31 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Liu Jian, Julian Anastasov,
David S. Miller, Sasha Levin
5.4-stable review patch. If anyone has any objections, please let me know.
------------------
From: Liu Jian <liujian56@huawei.com>
[ Upstream commit ac28b1ec6135649b5d78b028e47264cb3ebca5ea ]
I got the below warning when do fuzzing test:
unregister_netdevice: waiting for bond0 to become free. Usage count = 2
It can be repoduced via:
ip link add bond0 type bond
sysctl -w net.ipv4.conf.bond0.promote_secondaries=1
ip addr add 4.117.174.103/0 scope 0x40 dev bond0
ip addr add 192.168.100.111/255.255.255.254 scope 0 dev bond0
ip addr add 0.0.0.4/0 scope 0x40 secondary dev bond0
ip addr del 4.117.174.103/0 scope 0x40 dev bond0
ip link delete bond0 type bond
In this reproduction test case, an incorrect 'last_prim' is found in
__inet_del_ifa(), as a result, the secondary address(0.0.0.4/0 scope 0x40)
is lost. The memory of the secondary address is leaked and the reference of
in_device and net_device is leaked.
Fix this problem:
Look for 'last_prim' starting at location of the deleted IP and inserting
the promoted IP into the location of 'last_prim'.
Fixes: 0ff60a45678e ("[IPV4]: Fix secondary IP addresses after promotion")
Signed-off-by: Liu Jian <liujian56@huawei.com>
Signed-off-by: Julian Anastasov <ja@ssi.bg>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
net/ipv4/devinet.c | 10 +++++-----
1 file changed, 5 insertions(+), 5 deletions(-)
diff --git a/net/ipv4/devinet.c b/net/ipv4/devinet.c
index 4a8ad46397c0e..4c013f8800f0c 100644
--- a/net/ipv4/devinet.c
+++ b/net/ipv4/devinet.c
@@ -351,14 +351,14 @@ static void __inet_del_ifa(struct in_device *in_dev,
{
struct in_ifaddr *promote = NULL;
struct in_ifaddr *ifa, *ifa1;
- struct in_ifaddr *last_prim;
+ struct in_ifaddr __rcu **last_prim;
struct in_ifaddr *prev_prom = NULL;
int do_promote = IN_DEV_PROMOTE_SECONDARIES(in_dev);
ASSERT_RTNL();
ifa1 = rtnl_dereference(*ifap);
- last_prim = rtnl_dereference(in_dev->ifa_list);
+ last_prim = ifap;
if (in_dev->dead)
goto no_promotions;
@@ -372,7 +372,7 @@ static void __inet_del_ifa(struct in_device *in_dev,
while ((ifa = rtnl_dereference(*ifap1)) != NULL) {
if (!(ifa->ifa_flags & IFA_F_SECONDARY) &&
ifa1->ifa_scope <= ifa->ifa_scope)
- last_prim = ifa;
+ last_prim = &ifa->ifa_next;
if (!(ifa->ifa_flags & IFA_F_SECONDARY) ||
ifa1->ifa_mask != ifa->ifa_mask ||
@@ -436,9 +436,9 @@ static void __inet_del_ifa(struct in_device *in_dev,
rcu_assign_pointer(prev_prom->ifa_next, next_sec);
- last_sec = rtnl_dereference(last_prim->ifa_next);
+ last_sec = rtnl_dereference(*last_prim);
rcu_assign_pointer(promote->ifa_next, last_sec);
- rcu_assign_pointer(last_prim->ifa_next, promote);
+ rcu_assign_pointer(*last_prim, promote);
}
promote->ifa_flags &= ~IFA_F_SECONDARY;
--
2.40.1
^ permalink raw reply related [flat|nested] 396+ messages in thread
* [PATCH 5.4 298/367] net: ethernet: mvpp2_main: fix possible OOB write in mvpp2_ethtool_get_rxnfc()
2023-09-20 11:26 [PATCH 5.4 000/367] 5.4.257-rc1 review Greg Kroah-Hartman
` (296 preceding siblings ...)
2023-09-20 11:31 ` [PATCH 5.4 297/367] net: ipv4: fix one memleak in __inet_del_ifa() Greg Kroah-Hartman
@ 2023-09-20 11:31 ` Greg Kroah-Hartman
2023-09-20 11:31 ` [PATCH 5.4 299/367] net: ethernet: mtk_eth_soc: fix possible NULL pointer dereference in mtk_hwlro_get_fdir_all() Greg Kroah-Hartman
` (74 subsequent siblings)
372 siblings, 0 replies; 396+ messages in thread
From: Greg Kroah-Hartman @ 2023-09-20 11:31 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Hangyu Hua, Marcin Wojtas,
Russell King (Oracle),
David S. Miller, Sasha Levin
5.4-stable review patch. If anyone has any objections, please let me know.
------------------
From: Hangyu Hua <hbh25y@gmail.com>
[ Upstream commit 51fe0a470543f345e3c62b6798929de3ddcedc1d ]
rules is allocated in ethtool_get_rxnfc and the size is determined by
rule_cnt from user space. So rule_cnt needs to be check before using
rules to avoid OOB writing or NULL pointer dereference.
Fixes: 90b509b39ac9 ("net: mvpp2: cls: Add Classification offload support")
Signed-off-by: Hangyu Hua <hbh25y@gmail.com>
Reviewed-by: Marcin Wojtas <mw@semihalf.com>
Reviewed-by: Russell King (Oracle) <rmk+kernel@armlinux.org.uk>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/ethernet/marvell/mvpp2/mvpp2_main.c | 5 +++++
1 file changed, 5 insertions(+)
diff --git a/drivers/net/ethernet/marvell/mvpp2/mvpp2_main.c b/drivers/net/ethernet/marvell/mvpp2/mvpp2_main.c
index 31dde6fbdbdca..7a2293a5bcc9f 100644
--- a/drivers/net/ethernet/marvell/mvpp2/mvpp2_main.c
+++ b/drivers/net/ethernet/marvell/mvpp2/mvpp2_main.c
@@ -4233,6 +4233,11 @@ static int mvpp2_ethtool_get_rxnfc(struct net_device *dev,
break;
case ETHTOOL_GRXCLSRLALL:
for (i = 0; i < MVPP2_N_RFS_ENTRIES_PER_FLOW; i++) {
+ if (loc == info->rule_cnt) {
+ ret = -EMSGSIZE;
+ break;
+ }
+
if (port->rfs_rules[i])
rules[loc++] = i;
}
--
2.40.1
^ permalink raw reply related [flat|nested] 396+ messages in thread
* [PATCH 5.4 299/367] net: ethernet: mtk_eth_soc: fix possible NULL pointer dereference in mtk_hwlro_get_fdir_all()
2023-09-20 11:26 [PATCH 5.4 000/367] 5.4.257-rc1 review Greg Kroah-Hartman
` (297 preceding siblings ...)
2023-09-20 11:31 ` [PATCH 5.4 298/367] net: ethernet: mvpp2_main: fix possible OOB write in mvpp2_ethtool_get_rxnfc() Greg Kroah-Hartman
@ 2023-09-20 11:31 ` Greg Kroah-Hartman
2023-09-20 11:31 ` [PATCH 5.4 300/367] r8152: check budget for r8152_poll() Greg Kroah-Hartman
` (73 subsequent siblings)
372 siblings, 0 replies; 396+ messages in thread
From: Greg Kroah-Hartman @ 2023-09-20 11:31 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Hangyu Hua, Simon Horman,
David S. Miller, Sasha Levin
5.4-stable review patch. If anyone has any objections, please let me know.
------------------
From: Hangyu Hua <hbh25y@gmail.com>
[ Upstream commit e4c79810755f66c9a933ca810da2724133b1165a ]
rule_locs is allocated in ethtool_get_rxnfc and the size is determined by
rule_cnt from user space. So rule_cnt needs to be check before using
rule_locs to avoid NULL pointer dereference.
Fixes: 7aab747e5563 ("net: ethernet: mediatek: add ethtool functions to configure RX flows of HW LRO")
Signed-off-by: Hangyu Hua <hbh25y@gmail.com>
Reviewed-by: Simon Horman <horms@kernel.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/ethernet/mediatek/mtk_eth_soc.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/drivers/net/ethernet/mediatek/mtk_eth_soc.c b/drivers/net/ethernet/mediatek/mtk_eth_soc.c
index f9139150a8a26..7b9f5eba78dcc 100644
--- a/drivers/net/ethernet/mediatek/mtk_eth_soc.c
+++ b/drivers/net/ethernet/mediatek/mtk_eth_soc.c
@@ -2008,6 +2008,9 @@ static int mtk_hwlro_get_fdir_all(struct net_device *dev,
int i;
for (i = 0; i < MTK_MAX_LRO_IP_CNT; i++) {
+ if (cnt == cmd->rule_cnt)
+ return -EMSGSIZE;
+
if (mac->hwlro_ip[i]) {
rule_locs[cnt] = i;
cnt++;
--
2.40.1
^ permalink raw reply related [flat|nested] 396+ messages in thread
* [PATCH 5.4 300/367] r8152: check budget for r8152_poll()
2023-09-20 11:26 [PATCH 5.4 000/367] 5.4.257-rc1 review Greg Kroah-Hartman
` (298 preceding siblings ...)
2023-09-20 11:31 ` [PATCH 5.4 299/367] net: ethernet: mtk_eth_soc: fix possible NULL pointer dereference in mtk_hwlro_get_fdir_all() Greg Kroah-Hartman
@ 2023-09-20 11:31 ` Greg Kroah-Hartman
2023-09-20 11:31 ` [PATCH 5.4 301/367] kcm: Fix memory leak in error path of kcm_sendmsg() Greg Kroah-Hartman
` (72 subsequent siblings)
372 siblings, 0 replies; 396+ messages in thread
From: Greg Kroah-Hartman @ 2023-09-20 11:31 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Hayes Wang, David S. Miller, Sasha Levin
5.4-stable review patch. If anyone has any objections, please let me know.
------------------
From: Hayes Wang <hayeswang@realtek.com>
[ Upstream commit a7b8d60b37237680009dd0b025fe8c067aba0ee3 ]
According to the document of napi, there is no rx process when the
budget is 0. Therefore, r8152_poll() has to return 0 directly when the
budget is equal to 0.
Fixes: d2187f8e4454 ("r8152: divide the tx and rx bottom functions")
Signed-off-by: Hayes Wang <hayeswang@realtek.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/usb/r8152.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/drivers/net/usb/r8152.c b/drivers/net/usb/r8152.c
index b0412d14e8f6c..a19f0431e6f99 100644
--- a/drivers/net/usb/r8152.c
+++ b/drivers/net/usb/r8152.c
@@ -2253,6 +2253,9 @@ static int r8152_poll(struct napi_struct *napi, int budget)
struct r8152 *tp = container_of(napi, struct r8152, napi);
int work_done;
+ if (!budget)
+ return 0;
+
work_done = rx_bottom(tp, budget);
if (work_done < budget) {
--
2.40.1
^ permalink raw reply related [flat|nested] 396+ messages in thread
* [PATCH 5.4 301/367] kcm: Fix memory leak in error path of kcm_sendmsg()
2023-09-20 11:26 [PATCH 5.4 000/367] 5.4.257-rc1 review Greg Kroah-Hartman
` (299 preceding siblings ...)
2023-09-20 11:31 ` [PATCH 5.4 300/367] r8152: check budget for r8152_poll() Greg Kroah-Hartman
@ 2023-09-20 11:31 ` Greg Kroah-Hartman
2023-09-20 11:31 ` [PATCH 5.4 302/367] platform/mellanox: mlxbf-tmfifo: Drop the Rx packet if no more descriptors Greg Kroah-Hartman
` (71 subsequent siblings)
372 siblings, 0 replies; 396+ messages in thread
From: Greg Kroah-Hartman @ 2023-09-20 11:31 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Shigeru Yoshida, David S. Miller,
Sasha Levin, syzbot+6f98de741f7dbbfc4ccb
5.4-stable review patch. If anyone has any objections, please let me know.
------------------
From: Shigeru Yoshida <syoshida@redhat.com>
[ Upstream commit c821a88bd720b0046433173185fd841a100d44ad ]
syzbot reported a memory leak like below:
BUG: memory leak
unreferenced object 0xffff88810b088c00 (size 240):
comm "syz-executor186", pid 5012, jiffies 4294943306 (age 13.680s)
hex dump (first 32 bytes):
00 89 08 0b 81 88 ff ff 00 00 00 00 00 00 00 00 ................
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
backtrace:
[<ffffffff83e5d5ff>] __alloc_skb+0x1ef/0x230 net/core/skbuff.c:634
[<ffffffff84606e59>] alloc_skb include/linux/skbuff.h:1289 [inline]
[<ffffffff84606e59>] kcm_sendmsg+0x269/0x1050 net/kcm/kcmsock.c:815
[<ffffffff83e479c6>] sock_sendmsg_nosec net/socket.c:725 [inline]
[<ffffffff83e479c6>] sock_sendmsg+0x56/0xb0 net/socket.c:748
[<ffffffff83e47f55>] ____sys_sendmsg+0x365/0x470 net/socket.c:2494
[<ffffffff83e4c389>] ___sys_sendmsg+0xc9/0x130 net/socket.c:2548
[<ffffffff83e4c536>] __sys_sendmsg+0xa6/0x120 net/socket.c:2577
[<ffffffff84ad7bb8>] do_syscall_x64 arch/x86/entry/common.c:50 [inline]
[<ffffffff84ad7bb8>] do_syscall_64+0x38/0xb0 arch/x86/entry/common.c:80
[<ffffffff84c0008b>] entry_SYSCALL_64_after_hwframe+0x63/0xcd
In kcm_sendmsg(), kcm_tx_msg(head)->last_skb is used as a cursor to append
newly allocated skbs to 'head'. If some bytes are copied, an error occurred,
and jumped to out_error label, 'last_skb' is left unmodified. A later
kcm_sendmsg() will use an obsoleted 'last_skb' reference, corrupting the
'head' frag_list and causing the leak.
This patch fixes this issue by properly updating the last allocated skb in
'last_skb'.
Fixes: ab7ac4eb9832 ("kcm: Kernel Connection Multiplexor module")
Reported-and-tested-by: syzbot+6f98de741f7dbbfc4ccb@syzkaller.appspotmail.com
Closes: https://syzkaller.appspot.com/bug?extid=6f98de741f7dbbfc4ccb
Signed-off-by: Shigeru Yoshida <syoshida@redhat.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
net/kcm/kcmsock.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/net/kcm/kcmsock.c b/net/kcm/kcmsock.c
index 50bcfc71389ab..8668348aa3f2b 100644
--- a/net/kcm/kcmsock.c
+++ b/net/kcm/kcmsock.c
@@ -1075,6 +1075,8 @@ static int kcm_sendmsg(struct socket *sock, struct msghdr *msg, size_t len)
if (head != kcm->seq_skb)
kfree_skb(head);
+ else if (copied)
+ kcm_tx_msg(head)->last_skb = skb;
err = sk_stream_error(sk, msg->msg_flags, err);
--
2.40.1
^ permalink raw reply related [flat|nested] 396+ messages in thread
* [PATCH 5.4 302/367] platform/mellanox: mlxbf-tmfifo: Drop the Rx packet if no more descriptors
2023-09-20 11:26 [PATCH 5.4 000/367] 5.4.257-rc1 review Greg Kroah-Hartman
` (300 preceding siblings ...)
2023-09-20 11:31 ` [PATCH 5.4 301/367] kcm: Fix memory leak in error path of kcm_sendmsg() Greg Kroah-Hartman
@ 2023-09-20 11:31 ` Greg Kroah-Hartman
2023-09-20 11:31 ` [PATCH 5.4 303/367] mlxbf-tmfifo: sparse tags for config access Greg Kroah-Hartman
` (70 subsequent siblings)
372 siblings, 0 replies; 396+ messages in thread
From: Greg Kroah-Hartman @ 2023-09-20 11:31 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Liming Sun, Vadim Pasternak,
David Thompson, Hans de Goede, Sasha Levin
5.4-stable review patch. If anyone has any objections, please let me know.
------------------
From: Liming Sun <limings@nvidia.com>
[ Upstream commit 78034cbece79c2d730ad0770b3b7f23eedbbecf5 ]
This commit fixes tmfifo console stuck issue when the virtual
networking interface is in down state. In such case, the network
Rx descriptors runs out and causes the Rx network packet staying
in the head of the tmfifo thus blocking the console packets. The
fix is to drop the Rx network packet when no more Rx descriptors.
Function name mlxbf_tmfifo_release_pending_pkt() is also renamed
to mlxbf_tmfifo_release_pkt() to be more approperiate.
Fixes: 1357dfd7261f ("platform/mellanox: Add TmFifo driver for Mellanox BlueField Soc")
Signed-off-by: Liming Sun <limings@nvidia.com>
Reviewed-by: Vadim Pasternak <vadimp@nvidia.com>
Reviewed-by: David Thompson <davthompson@nvidia.com>
Link: https://lore.kernel.org/r/8c0177dc938ae03f52ff7e0b62dbeee74b7bec09.1693322547.git.limings@nvidia.com
Signed-off-by: Hans de Goede <hdegoede@redhat.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/platform/mellanox/mlxbf-tmfifo.c | 66 ++++++++++++++++++------
1 file changed, 49 insertions(+), 17 deletions(-)
diff --git a/drivers/platform/mellanox/mlxbf-tmfifo.c b/drivers/platform/mellanox/mlxbf-tmfifo.c
index 4b18ebd7e850c..0d77cc94c3f0e 100644
--- a/drivers/platform/mellanox/mlxbf-tmfifo.c
+++ b/drivers/platform/mellanox/mlxbf-tmfifo.c
@@ -56,6 +56,7 @@ struct mlxbf_tmfifo;
* @vq: pointer to the virtio virtqueue
* @desc: current descriptor of the pending packet
* @desc_head: head descriptor of the pending packet
+ * @drop_desc: dummy desc for packet dropping
* @cur_len: processed length of the current descriptor
* @rem_len: remaining length of the pending packet
* @pkt_len: total length of the pending packet
@@ -72,6 +73,7 @@ struct mlxbf_tmfifo_vring {
struct virtqueue *vq;
struct vring_desc *desc;
struct vring_desc *desc_head;
+ struct vring_desc drop_desc;
int cur_len;
int rem_len;
u32 pkt_len;
@@ -83,6 +85,14 @@ struct mlxbf_tmfifo_vring {
struct mlxbf_tmfifo *fifo;
};
+/* Check whether vring is in drop mode. */
+#define IS_VRING_DROP(_r) ({ \
+ typeof(_r) (r) = (_r); \
+ (r->desc_head == &r->drop_desc ? true : false); })
+
+/* A stub length to drop maximum length packet. */
+#define VRING_DROP_DESC_MAX_LEN GENMASK(15, 0)
+
/* Interrupt types. */
enum {
MLXBF_TM_RX_LWM_IRQ,
@@ -243,6 +253,7 @@ static int mlxbf_tmfifo_alloc_vrings(struct mlxbf_tmfifo *fifo,
vring->align = SMP_CACHE_BYTES;
vring->index = i;
vring->vdev_id = tm_vdev->vdev.id.device;
+ vring->drop_desc.len = VRING_DROP_DESC_MAX_LEN;
dev = &tm_vdev->vdev.dev;
size = vring_size(vring->num, vring->align);
@@ -348,7 +359,7 @@ static u32 mlxbf_tmfifo_get_pkt_len(struct mlxbf_tmfifo_vring *vring,
return len;
}
-static void mlxbf_tmfifo_release_pending_pkt(struct mlxbf_tmfifo_vring *vring)
+static void mlxbf_tmfifo_release_pkt(struct mlxbf_tmfifo_vring *vring)
{
struct vring_desc *desc_head;
u32 len = 0;
@@ -577,19 +588,25 @@ static void mlxbf_tmfifo_rxtx_word(struct mlxbf_tmfifo_vring *vring,
if (vring->cur_len + sizeof(u64) <= len) {
/* The whole word. */
- if (is_rx)
- memcpy(addr + vring->cur_len, &data, sizeof(u64));
- else
- memcpy(&data, addr + vring->cur_len, sizeof(u64));
+ if (!IS_VRING_DROP(vring)) {
+ if (is_rx)
+ memcpy(addr + vring->cur_len, &data,
+ sizeof(u64));
+ else
+ memcpy(&data, addr + vring->cur_len,
+ sizeof(u64));
+ }
vring->cur_len += sizeof(u64);
} else {
/* Leftover bytes. */
- if (is_rx)
- memcpy(addr + vring->cur_len, &data,
- len - vring->cur_len);
- else
- memcpy(&data, addr + vring->cur_len,
- len - vring->cur_len);
+ if (!IS_VRING_DROP(vring)) {
+ if (is_rx)
+ memcpy(addr + vring->cur_len, &data,
+ len - vring->cur_len);
+ else
+ memcpy(&data, addr + vring->cur_len,
+ len - vring->cur_len);
+ }
vring->cur_len = len;
}
@@ -687,8 +704,16 @@ static bool mlxbf_tmfifo_rxtx_one_desc(struct mlxbf_tmfifo_vring *vring,
/* Get the descriptor of the next packet. */
if (!vring->desc) {
desc = mlxbf_tmfifo_get_next_pkt(vring, is_rx);
- if (!desc)
- return false;
+ if (!desc) {
+ /* Drop next Rx packet to avoid stuck. */
+ if (is_rx) {
+ desc = &vring->drop_desc;
+ vring->desc_head = desc;
+ vring->desc = desc;
+ } else {
+ return false;
+ }
+ }
} else {
desc = vring->desc;
}
@@ -721,17 +746,24 @@ static bool mlxbf_tmfifo_rxtx_one_desc(struct mlxbf_tmfifo_vring *vring,
vring->rem_len -= len;
/* Get the next desc on the chain. */
- if (vring->rem_len > 0 &&
+ if (!IS_VRING_DROP(vring) && vring->rem_len > 0 &&
(virtio16_to_cpu(vdev, desc->flags) & VRING_DESC_F_NEXT)) {
idx = virtio16_to_cpu(vdev, desc->next);
desc = &vr->desc[idx];
goto mlxbf_tmfifo_desc_done;
}
- /* Done and release the pending packet. */
- mlxbf_tmfifo_release_pending_pkt(vring);
+ /* Done and release the packet. */
desc = NULL;
fifo->vring[is_rx] = NULL;
+ if (!IS_VRING_DROP(vring)) {
+ mlxbf_tmfifo_release_pkt(vring);
+ } else {
+ vring->pkt_len = 0;
+ vring->desc_head = NULL;
+ vring->desc = NULL;
+ return false;
+ }
/*
* Make sure the load/store are in order before
@@ -911,7 +943,7 @@ static void mlxbf_tmfifo_virtio_del_vqs(struct virtio_device *vdev)
/* Release the pending packet. */
if (vring->desc)
- mlxbf_tmfifo_release_pending_pkt(vring);
+ mlxbf_tmfifo_release_pkt(vring);
vq = vring->vq;
if (vq) {
vring->vq = NULL;
--
2.40.1
^ permalink raw reply related [flat|nested] 396+ messages in thread
* [PATCH 5.4 303/367] mlxbf-tmfifo: sparse tags for config access
2023-09-20 11:26 [PATCH 5.4 000/367] 5.4.257-rc1 review Greg Kroah-Hartman
` (301 preceding siblings ...)
2023-09-20 11:31 ` [PATCH 5.4 302/367] platform/mellanox: mlxbf-tmfifo: Drop the Rx packet if no more descriptors Greg Kroah-Hartman
@ 2023-09-20 11:31 ` Greg Kroah-Hartman
2023-09-20 11:31 ` [PATCH 5.4 304/367] platform/mellanox: mlxbf-tmfifo: Drop jumbo frames Greg Kroah-Hartman
` (69 subsequent siblings)
372 siblings, 0 replies; 396+ messages in thread
From: Greg Kroah-Hartman @ 2023-09-20 11:31 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Michael S. Tsirkin, Cornelia Huck,
Andy Shevchenko, Sasha Levin
5.4-stable review patch. If anyone has any objections, please let me know.
------------------
From: Michael S. Tsirkin <mst@redhat.com>
[ Upstream commit 03bea764bf61c9f9918324bda7362616024386e8 ]
mlxbf-tmfifo accesses config space using native types -
which works for it since the legacy virtio native types.
This will break if it ever needs to support modern virtio,
so with new tags previously introduced for virtio net config,
sparse now warns for this in drivers.
Since this is a legacy only device, fix it up using
virtio_legacy_is_little_endian for now.
No functional changes.
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Acked-by: Cornelia Huck <cohuck@redhat.com>
Acked-by: Andy Shevchenko <andy.shevchenko@gmail.com>
Acked-by: Andy Shevchenko <andy.shevchenko@gmail.com>
Stable-dep-of: fc4c65582154 ("platform/mellanox: mlxbf-tmfifo: Drop jumbo frames")
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/platform/mellanox/mlxbf-tmfifo.c | 13 ++++++++++---
1 file changed, 10 insertions(+), 3 deletions(-)
diff --git a/drivers/platform/mellanox/mlxbf-tmfifo.c b/drivers/platform/mellanox/mlxbf-tmfifo.c
index 0d77cc94c3f0e..42fcccf06157f 100644
--- a/drivers/platform/mellanox/mlxbf-tmfifo.c
+++ b/drivers/platform/mellanox/mlxbf-tmfifo.c
@@ -645,7 +645,10 @@ static void mlxbf_tmfifo_rxtx_header(struct mlxbf_tmfifo_vring *vring,
vdev_id = VIRTIO_ID_NET;
hdr_len = sizeof(struct virtio_net_hdr);
config = &fifo->vdev[vdev_id]->config.net;
- if (ntohs(hdr.len) > config->mtu +
+ /* A legacy-only interface for now. */
+ if (ntohs(hdr.len) >
+ __virtio16_to_cpu(virtio_legacy_is_little_endian(),
+ config->mtu) +
MLXBF_TMFIFO_NET_L2_OVERHEAD)
return;
} else {
@@ -1273,8 +1276,12 @@ static int mlxbf_tmfifo_probe(struct platform_device *pdev)
/* Create the network vdev. */
memset(&net_config, 0, sizeof(net_config));
- net_config.mtu = ETH_DATA_LEN;
- net_config.status = VIRTIO_NET_S_LINK_UP;
+
+ /* A legacy-only interface for now. */
+ net_config.mtu = __cpu_to_virtio16(virtio_legacy_is_little_endian(),
+ ETH_DATA_LEN);
+ net_config.status = __cpu_to_virtio16(virtio_legacy_is_little_endian(),
+ VIRTIO_NET_S_LINK_UP);
mlxbf_tmfifo_get_cfg_mac(net_config.mac);
rc = mlxbf_tmfifo_create_vdev(dev, fifo, VIRTIO_ID_NET,
MLXBF_TMFIFO_NET_FEATURES, &net_config,
--
2.40.1
^ permalink raw reply related [flat|nested] 396+ messages in thread
* [PATCH 5.4 304/367] platform/mellanox: mlxbf-tmfifo: Drop jumbo frames
2023-09-20 11:26 [PATCH 5.4 000/367] 5.4.257-rc1 review Greg Kroah-Hartman
` (302 preceding siblings ...)
2023-09-20 11:31 ` [PATCH 5.4 303/367] mlxbf-tmfifo: sparse tags for config access Greg Kroah-Hartman
@ 2023-09-20 11:31 ` Greg Kroah-Hartman
2023-09-20 11:31 ` [PATCH 5.4 305/367] net/tls: do not free tls_rec on async operation in bpf_exec_tx_verdict() Greg Kroah-Hartman
` (68 subsequent siblings)
372 siblings, 0 replies; 396+ messages in thread
From: Greg Kroah-Hartman @ 2023-09-20 11:31 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Liming Sun, Vadim Pasternak,
David Thompson, Hans de Goede, Sasha Levin
5.4-stable review patch. If anyone has any objections, please let me know.
------------------
From: Liming Sun <limings@nvidia.com>
[ Upstream commit fc4c655821546239abb3cf4274d66b9747aa87dd ]
This commit drops over-sized network packets to avoid tmfifo
queue stuck.
Fixes: 1357dfd7261f ("platform/mellanox: Add TmFifo driver for Mellanox BlueField Soc")
Signed-off-by: Liming Sun <limings@nvidia.com>
Reviewed-by: Vadim Pasternak <vadimp@nvidia.com>
Reviewed-by: David Thompson <davthompson@nvidia.com>
Link: https://lore.kernel.org/r/9318936c2447f76db475c985ca6d91f057efcd41.1693322547.git.limings@nvidia.com
Signed-off-by: Hans de Goede <hdegoede@redhat.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/platform/mellanox/mlxbf-tmfifo.c | 24 +++++++++++++++++-------
1 file changed, 17 insertions(+), 7 deletions(-)
diff --git a/drivers/platform/mellanox/mlxbf-tmfifo.c b/drivers/platform/mellanox/mlxbf-tmfifo.c
index 42fcccf06157f..194f3205e5597 100644
--- a/drivers/platform/mellanox/mlxbf-tmfifo.c
+++ b/drivers/platform/mellanox/mlxbf-tmfifo.c
@@ -205,7 +205,7 @@ static u8 mlxbf_tmfifo_net_default_mac[ETH_ALEN] = {
static efi_char16_t mlxbf_tmfifo_efi_name[] = L"RshimMacAddr";
/* Maximum L2 header length. */
-#define MLXBF_TMFIFO_NET_L2_OVERHEAD 36
+#define MLXBF_TMFIFO_NET_L2_OVERHEAD (ETH_HLEN + VLAN_HLEN)
/* Supported virtio-net features. */
#define MLXBF_TMFIFO_NET_FEATURES \
@@ -623,13 +623,14 @@ static void mlxbf_tmfifo_rxtx_word(struct mlxbf_tmfifo_vring *vring,
* flag is set.
*/
static void mlxbf_tmfifo_rxtx_header(struct mlxbf_tmfifo_vring *vring,
- struct vring_desc *desc,
+ struct vring_desc **desc,
bool is_rx, bool *vring_change)
{
struct mlxbf_tmfifo *fifo = vring->fifo;
struct virtio_net_config *config;
struct mlxbf_tmfifo_msg_hdr hdr;
int vdev_id, hdr_len;
+ bool drop_rx = false;
/* Read/Write packet header. */
if (is_rx) {
@@ -649,8 +650,8 @@ static void mlxbf_tmfifo_rxtx_header(struct mlxbf_tmfifo_vring *vring,
if (ntohs(hdr.len) >
__virtio16_to_cpu(virtio_legacy_is_little_endian(),
config->mtu) +
- MLXBF_TMFIFO_NET_L2_OVERHEAD)
- return;
+ MLXBF_TMFIFO_NET_L2_OVERHEAD)
+ drop_rx = true;
} else {
vdev_id = VIRTIO_ID_CONSOLE;
hdr_len = 0;
@@ -665,16 +666,25 @@ static void mlxbf_tmfifo_rxtx_header(struct mlxbf_tmfifo_vring *vring,
if (!tm_dev2)
return;
- vring->desc = desc;
+ vring->desc = *desc;
vring = &tm_dev2->vrings[MLXBF_TMFIFO_VRING_RX];
*vring_change = true;
}
+
+ if (drop_rx && !IS_VRING_DROP(vring)) {
+ if (vring->desc_head)
+ mlxbf_tmfifo_release_pkt(vring);
+ *desc = &vring->drop_desc;
+ vring->desc_head = *desc;
+ vring->desc = *desc;
+ }
+
vring->pkt_len = ntohs(hdr.len) + hdr_len;
} else {
/* Network virtio has an extra header. */
hdr_len = (vring->vdev_id == VIRTIO_ID_NET) ?
sizeof(struct virtio_net_hdr) : 0;
- vring->pkt_len = mlxbf_tmfifo_get_pkt_len(vring, desc);
+ vring->pkt_len = mlxbf_tmfifo_get_pkt_len(vring, *desc);
hdr.type = (vring->vdev_id == VIRTIO_ID_NET) ?
VIRTIO_ID_NET : VIRTIO_ID_CONSOLE;
hdr.len = htons(vring->pkt_len - hdr_len);
@@ -723,7 +733,7 @@ static bool mlxbf_tmfifo_rxtx_one_desc(struct mlxbf_tmfifo_vring *vring,
/* Beginning of a packet. Start to Rx/Tx packet header. */
if (vring->pkt_len == 0) {
- mlxbf_tmfifo_rxtx_header(vring, desc, is_rx, &vring_change);
+ mlxbf_tmfifo_rxtx_header(vring, &desc, is_rx, &vring_change);
(*avail)--;
/* Return if new packet is for another ring. */
--
2.40.1
^ permalink raw reply related [flat|nested] 396+ messages in thread
* [PATCH 5.4 305/367] net/tls: do not free tls_rec on async operation in bpf_exec_tx_verdict()
2023-09-20 11:26 [PATCH 5.4 000/367] 5.4.257-rc1 review Greg Kroah-Hartman
` (303 preceding siblings ...)
2023-09-20 11:31 ` [PATCH 5.4 304/367] platform/mellanox: mlxbf-tmfifo: Drop jumbo frames Greg Kroah-Hartman
@ 2023-09-20 11:31 ` Greg Kroah-Hartman
2023-09-20 11:31 ` [PATCH 5.4 306/367] ixgbe: fix timestamp configuration code Greg Kroah-Hartman
` (67 subsequent siblings)
372 siblings, 0 replies; 396+ messages in thread
From: Greg Kroah-Hartman @ 2023-09-20 11:31 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Liu Jian, Sabrina Dubroca,
Paolo Abeni, Sasha Levin
5.4-stable review patch. If anyone has any objections, please let me know.
------------------
From: Liu Jian <liujian56@huawei.com>
[ Upstream commit cfaa80c91f6f99b9342b6557f0f0e1143e434066 ]
I got the below warning when do fuzzing test:
BUG: KASAN: null-ptr-deref in scatterwalk_copychunks+0x320/0x470
Read of size 4 at addr 0000000000000008 by task kworker/u8:1/9
CPU: 0 PID: 9 Comm: kworker/u8:1 Tainted: G OE
Hardware name: linux,dummy-virt (DT)
Workqueue: pencrypt_parallel padata_parallel_worker
Call trace:
dump_backtrace+0x0/0x420
show_stack+0x34/0x44
dump_stack+0x1d0/0x248
__kasan_report+0x138/0x140
kasan_report+0x44/0x6c
__asan_load4+0x94/0xd0
scatterwalk_copychunks+0x320/0x470
skcipher_next_slow+0x14c/0x290
skcipher_walk_next+0x2fc/0x480
skcipher_walk_first+0x9c/0x110
skcipher_walk_aead_common+0x380/0x440
skcipher_walk_aead_encrypt+0x54/0x70
ccm_encrypt+0x13c/0x4d0
crypto_aead_encrypt+0x7c/0xfc
pcrypt_aead_enc+0x28/0x84
padata_parallel_worker+0xd0/0x2dc
process_one_work+0x49c/0xbdc
worker_thread+0x124/0x880
kthread+0x210/0x260
ret_from_fork+0x10/0x18
This is because the value of rec_seq of tls_crypto_info configured by the
user program is too large, for example, 0xffffffffffffff. In addition, TLS
is asynchronously accelerated. When tls_do_encryption() returns
-EINPROGRESS and sk->sk_err is set to EBADMSG due to rec_seq overflow,
skmsg is released before the asynchronous encryption process ends. As a
result, the UAF problem occurs during the asynchronous processing of the
encryption module.
If the operation is asynchronous and the encryption module returns
EINPROGRESS, do not free the record information.
Fixes: 635d93981786 ("net/tls: free record only on encryption error")
Signed-off-by: Liu Jian <liujian56@huawei.com>
Reviewed-by: Sabrina Dubroca <sd@queasysnail.net>
Link: https://lore.kernel.org/r/20230909081434.2324940-1-liujian56@huawei.com
Signed-off-by: Paolo Abeni <pabeni@redhat.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
net/tls/tls_sw.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/net/tls/tls_sw.c b/net/tls/tls_sw.c
index f4091fba4c722..62bc7e5c58e53 100644
--- a/net/tls/tls_sw.c
+++ b/net/tls/tls_sw.c
@@ -807,7 +807,7 @@ static int bpf_exec_tx_verdict(struct sk_msg *msg, struct sock *sk,
psock = sk_psock_get(sk);
if (!psock || !policy) {
err = tls_push_record(sk, flags, record_type);
- if (err && sk->sk_err == EBADMSG) {
+ if (err && err != -EINPROGRESS && sk->sk_err == EBADMSG) {
*copied -= sk_msg_free(sk, msg);
tls_free_open_rec(sk);
err = -sk->sk_err;
@@ -836,7 +836,7 @@ static int bpf_exec_tx_verdict(struct sk_msg *msg, struct sock *sk,
switch (psock->eval) {
case __SK_PASS:
err = tls_push_record(sk, flags, record_type);
- if (err && sk->sk_err == EBADMSG) {
+ if (err && err != -EINPROGRESS && sk->sk_err == EBADMSG) {
*copied -= sk_msg_free(sk, msg);
tls_free_open_rec(sk);
err = -sk->sk_err;
--
2.40.1
^ permalink raw reply related [flat|nested] 396+ messages in thread
* [PATCH 5.4 306/367] ixgbe: fix timestamp configuration code
2023-09-20 11:26 [PATCH 5.4 000/367] 5.4.257-rc1 review Greg Kroah-Hartman
` (304 preceding siblings ...)
2023-09-20 11:31 ` [PATCH 5.4 305/367] net/tls: do not free tls_rec on async operation in bpf_exec_tx_verdict() Greg Kroah-Hartman
@ 2023-09-20 11:31 ` Greg Kroah-Hartman
2023-09-20 11:31 ` [PATCH 5.4 307/367] kcm: Fix error handling for SOCK_DGRAM in kcm_sendmsg() Greg Kroah-Hartman
` (66 subsequent siblings)
372 siblings, 0 replies; 396+ messages in thread
From: Greg Kroah-Hartman @ 2023-09-20 11:31 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Vadim Fedorenko, Simon Horman,
Tony Nguyen, David S. Miller, Sasha Levin,
Pucha Himasekhar Reddy
5.4-stable review patch. If anyone has any objections, please let me know.
------------------
From: Vadim Fedorenko <vadim.fedorenko@linux.dev>
[ Upstream commit 3c44191dd76cf9c0cc49adaf34384cbd42ef8ad2 ]
The commit in fixes introduced flags to control the status of hardware
configuration while processing packets. At the same time another structure
is used to provide configuration of timestamper to user-space applications.
The way it was coded makes this structures go out of sync easily. The
repro is easy for 82599 chips:
[root@hostname ~]# hwstamp_ctl -i eth0 -r 12 -t 1
current settings:
tx_type 0
rx_filter 0
new settings:
tx_type 1
rx_filter 12
The eth0 device is properly configured to timestamp any PTPv2 events.
[root@hostname ~]# hwstamp_ctl -i eth0 -r 1 -t 1
current settings:
tx_type 1
rx_filter 12
SIOCSHWTSTAMP failed: Numerical result out of range
The requested time stamping mode is not supported by the hardware.
The error is properly returned because HW doesn't support all packets
timestamping. But the adapter->flags is cleared of timestamp flags
even though no HW configuration was done. From that point no RX timestamps
are received by user-space application. But configuration shows good
values:
[root@hostname ~]# hwstamp_ctl -i eth0
current settings:
tx_type 1
rx_filter 12
Fix the issue by applying new flags only when the HW was actually
configured.
Fixes: a9763f3cb54c ("ixgbe: Update PTP to support X550EM_x devices")
Signed-off-by: Vadim Fedorenko <vadim.fedorenko@linux.dev>
Reviewed-by: Simon Horman <horms@kernel.org>
Tested-by: Pucha Himasekhar Reddy <himasekharx.reddy.pucha@intel.com> (A Contingent worker at Intel)
Signed-off-by: Tony Nguyen <anthony.l.nguyen@intel.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/ethernet/intel/ixgbe/ixgbe_ptp.c | 28 +++++++++++---------
1 file changed, 15 insertions(+), 13 deletions(-)
diff --git a/drivers/net/ethernet/intel/ixgbe/ixgbe_ptp.c b/drivers/net/ethernet/intel/ixgbe/ixgbe_ptp.c
index d155181b939e4..f5e36417c33e2 100644
--- a/drivers/net/ethernet/intel/ixgbe/ixgbe_ptp.c
+++ b/drivers/net/ethernet/intel/ixgbe/ixgbe_ptp.c
@@ -989,6 +989,7 @@ static int ixgbe_ptp_set_timestamp_mode(struct ixgbe_adapter *adapter,
u32 tsync_tx_ctl = IXGBE_TSYNCTXCTL_ENABLED;
u32 tsync_rx_ctl = IXGBE_TSYNCRXCTL_ENABLED;
u32 tsync_rx_mtrl = PTP_EV_PORT << 16;
+ u32 aflags = adapter->flags;
bool is_l2 = false;
u32 regval;
@@ -1009,20 +1010,20 @@ static int ixgbe_ptp_set_timestamp_mode(struct ixgbe_adapter *adapter,
case HWTSTAMP_FILTER_NONE:
tsync_rx_ctl = 0;
tsync_rx_mtrl = 0;
- adapter->flags &= ~(IXGBE_FLAG_RX_HWTSTAMP_ENABLED |
- IXGBE_FLAG_RX_HWTSTAMP_IN_REGISTER);
+ aflags &= ~(IXGBE_FLAG_RX_HWTSTAMP_ENABLED |
+ IXGBE_FLAG_RX_HWTSTAMP_IN_REGISTER);
break;
case HWTSTAMP_FILTER_PTP_V1_L4_SYNC:
tsync_rx_ctl |= IXGBE_TSYNCRXCTL_TYPE_L4_V1;
tsync_rx_mtrl |= IXGBE_RXMTRL_V1_SYNC_MSG;
- adapter->flags |= (IXGBE_FLAG_RX_HWTSTAMP_ENABLED |
- IXGBE_FLAG_RX_HWTSTAMP_IN_REGISTER);
+ aflags |= (IXGBE_FLAG_RX_HWTSTAMP_ENABLED |
+ IXGBE_FLAG_RX_HWTSTAMP_IN_REGISTER);
break;
case HWTSTAMP_FILTER_PTP_V1_L4_DELAY_REQ:
tsync_rx_ctl |= IXGBE_TSYNCRXCTL_TYPE_L4_V1;
tsync_rx_mtrl |= IXGBE_RXMTRL_V1_DELAY_REQ_MSG;
- adapter->flags |= (IXGBE_FLAG_RX_HWTSTAMP_ENABLED |
- IXGBE_FLAG_RX_HWTSTAMP_IN_REGISTER);
+ aflags |= (IXGBE_FLAG_RX_HWTSTAMP_ENABLED |
+ IXGBE_FLAG_RX_HWTSTAMP_IN_REGISTER);
break;
case HWTSTAMP_FILTER_PTP_V2_EVENT:
case HWTSTAMP_FILTER_PTP_V2_L2_EVENT:
@@ -1036,8 +1037,8 @@ static int ixgbe_ptp_set_timestamp_mode(struct ixgbe_adapter *adapter,
tsync_rx_ctl |= IXGBE_TSYNCRXCTL_TYPE_EVENT_V2;
is_l2 = true;
config->rx_filter = HWTSTAMP_FILTER_PTP_V2_EVENT;
- adapter->flags |= (IXGBE_FLAG_RX_HWTSTAMP_ENABLED |
- IXGBE_FLAG_RX_HWTSTAMP_IN_REGISTER);
+ aflags |= (IXGBE_FLAG_RX_HWTSTAMP_ENABLED |
+ IXGBE_FLAG_RX_HWTSTAMP_IN_REGISTER);
break;
case HWTSTAMP_FILTER_PTP_V1_L4_EVENT:
case HWTSTAMP_FILTER_NTP_ALL:
@@ -1048,7 +1049,7 @@ static int ixgbe_ptp_set_timestamp_mode(struct ixgbe_adapter *adapter,
if (hw->mac.type >= ixgbe_mac_X550) {
tsync_rx_ctl |= IXGBE_TSYNCRXCTL_TYPE_ALL;
config->rx_filter = HWTSTAMP_FILTER_ALL;
- adapter->flags |= IXGBE_FLAG_RX_HWTSTAMP_ENABLED;
+ aflags |= IXGBE_FLAG_RX_HWTSTAMP_ENABLED;
break;
}
/* fall through */
@@ -1059,8 +1060,6 @@ static int ixgbe_ptp_set_timestamp_mode(struct ixgbe_adapter *adapter,
* Delay_Req messages and hardware does not support
* timestamping all packets => return error
*/
- adapter->flags &= ~(IXGBE_FLAG_RX_HWTSTAMP_ENABLED |
- IXGBE_FLAG_RX_HWTSTAMP_IN_REGISTER);
config->rx_filter = HWTSTAMP_FILTER_NONE;
return -ERANGE;
}
@@ -1092,8 +1091,8 @@ static int ixgbe_ptp_set_timestamp_mode(struct ixgbe_adapter *adapter,
IXGBE_TSYNCRXCTL_TYPE_ALL |
IXGBE_TSYNCRXCTL_TSIP_UT_EN;
config->rx_filter = HWTSTAMP_FILTER_ALL;
- adapter->flags |= IXGBE_FLAG_RX_HWTSTAMP_ENABLED;
- adapter->flags &= ~IXGBE_FLAG_RX_HWTSTAMP_IN_REGISTER;
+ aflags |= IXGBE_FLAG_RX_HWTSTAMP_ENABLED;
+ aflags &= ~IXGBE_FLAG_RX_HWTSTAMP_IN_REGISTER;
is_l2 = true;
break;
default:
@@ -1126,6 +1125,9 @@ static int ixgbe_ptp_set_timestamp_mode(struct ixgbe_adapter *adapter,
IXGBE_WRITE_FLUSH(hw);
+ /* configure adapter flags only when HW is actually configured */
+ adapter->flags = aflags;
+
/* clear TX/RX time stamp registers, just to be sure */
ixgbe_ptp_clear_tx_timestamp(adapter);
IXGBE_READ_REG(hw, IXGBE_RXSTMPH);
--
2.40.1
^ permalink raw reply related [flat|nested] 396+ messages in thread
* [PATCH 5.4 307/367] kcm: Fix error handling for SOCK_DGRAM in kcm_sendmsg().
2023-09-20 11:26 [PATCH 5.4 000/367] 5.4.257-rc1 review Greg Kroah-Hartman
` (305 preceding siblings ...)
2023-09-20 11:31 ` [PATCH 5.4 306/367] ixgbe: fix timestamp configuration code Greg Kroah-Hartman
@ 2023-09-20 11:31 ` Greg Kroah-Hartman
2023-09-20 11:31 ` [PATCH 5.4 308/367] drm/amd/display: Fix a bug when searching for insert_above_mpcc Greg Kroah-Hartman
` (65 subsequent siblings)
372 siblings, 0 replies; 396+ messages in thread
From: Greg Kroah-Hartman @ 2023-09-20 11:31 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Kuniyuki Iwashima, Paolo Abeni, Sasha Levin
5.4-stable review patch. If anyone has any objections, please let me know.
------------------
From: Kuniyuki Iwashima <kuniyu@amazon.com>
[ Upstream commit a22730b1b4bf437c6bbfdeff5feddf54be4aeada ]
syzkaller found a memory leak in kcm_sendmsg(), and commit c821a88bd720
("kcm: Fix memory leak in error path of kcm_sendmsg()") suppressed it by
updating kcm_tx_msg(head)->last_skb if partial data is copied so that the
following sendmsg() will resume from the skb.
However, we cannot know how many bytes were copied when we get the error.
Thus, we could mess up the MSG_MORE queue.
When kcm_sendmsg() fails for SOCK_DGRAM, we should purge the queue as we
do so for UDP by udp_flush_pending_frames().
Even without this change, when the error occurred, the following sendmsg()
resumed from a wrong skb and the queue was messed up. However, we have
yet to get such a report, and only syzkaller stumbled on it. So, this
can be changed safely.
Note this does not change SOCK_SEQPACKET behaviour.
Fixes: c821a88bd720 ("kcm: Fix memory leak in error path of kcm_sendmsg()")
Fixes: ab7ac4eb9832 ("kcm: Kernel Connection Multiplexor module")
Signed-off-by: Kuniyuki Iwashima <kuniyu@amazon.com>
Link: https://lore.kernel.org/r/20230912022753.33327-1-kuniyu@amazon.com
Signed-off-by: Paolo Abeni <pabeni@redhat.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
net/kcm/kcmsock.c | 15 ++++++++-------
1 file changed, 8 insertions(+), 7 deletions(-)
diff --git a/net/kcm/kcmsock.c b/net/kcm/kcmsock.c
index 8668348aa3f2b..8a8ea7e6774d5 100644
--- a/net/kcm/kcmsock.c
+++ b/net/kcm/kcmsock.c
@@ -1066,17 +1066,18 @@ static int kcm_sendmsg(struct socket *sock, struct msghdr *msg, size_t len)
out_error:
kcm_push(kcm);
- if (copied && sock->type == SOCK_SEQPACKET) {
+ if (sock->type == SOCK_SEQPACKET) {
/* Wrote some bytes before encountering an
* error, return partial success.
*/
- goto partial_message;
- }
-
- if (head != kcm->seq_skb)
+ if (copied)
+ goto partial_message;
+ if (head != kcm->seq_skb)
+ kfree_skb(head);
+ } else {
kfree_skb(head);
- else if (copied)
- kcm_tx_msg(head)->last_skb = skb;
+ kcm->seq_skb = NULL;
+ }
err = sk_stream_error(sk, msg->msg_flags, err);
--
2.40.1
^ permalink raw reply related [flat|nested] 396+ messages in thread
* [PATCH 5.4 308/367] drm/amd/display: Fix a bug when searching for insert_above_mpcc
2023-09-20 11:26 [PATCH 5.4 000/367] 5.4.257-rc1 review Greg Kroah-Hartman
` (306 preceding siblings ...)
2023-09-20 11:31 ` [PATCH 5.4 307/367] kcm: Fix error handling for SOCK_DGRAM in kcm_sendmsg() Greg Kroah-Hartman
@ 2023-09-20 11:31 ` Greg Kroah-Hartman
2023-09-20 11:31 ` [PATCH 5.4 309/367] parisc: Drop loops_per_jiffy from per_cpu struct Greg Kroah-Hartman
` (64 subsequent siblings)
372 siblings, 0 replies; 396+ messages in thread
From: Greg Kroah-Hartman @ 2023-09-20 11:31 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Mario Limonciello, Alex Deucher,
Jun Lei, Tom Chung, Wesley Chalmers, Daniel Wheeler
5.4-stable review patch. If anyone has any objections, please let me know.
------------------
From: Wesley Chalmers <wesley.chalmers@amd.com>
commit 3d028d5d60d516c536de1ddd3ebf3d55f3f8983b upstream.
[WHY]
Currently, when insert_plane is called with insert_above_mpcc
parameter that is equal to tree->opp_list, the function returns NULL.
[HOW]
Instead, the function should insert the plane at the top of the tree.
Cc: Mario Limonciello <mario.limonciello@amd.com>
Cc: Alex Deucher <alexander.deucher@amd.com>
Cc: stable@vger.kernel.org
Reviewed-by: Jun Lei <jun.lei@amd.com>
Acked-by: Tom Chung <chiahsuan.chung@amd.com>
Signed-off-by: Wesley Chalmers <wesley.chalmers@amd.com>
Tested-by: Daniel Wheeler <daniel.wheeler@amd.com>
Signed-off-by: Alex Deucher <alexander.deucher@amd.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/gpu/drm/amd/display/dc/dcn10/dcn10_mpc.c | 5 +++--
1 file changed, 3 insertions(+), 2 deletions(-)
--- a/drivers/gpu/drm/amd/display/dc/dcn10/dcn10_mpc.c
+++ b/drivers/gpu/drm/amd/display/dc/dcn10/dcn10_mpc.c
@@ -199,8 +199,9 @@ struct mpcc *mpc1_insert_plane(
/* check insert_above_mpcc exist in tree->opp_list */
struct mpcc *temp_mpcc = tree->opp_list;
- while (temp_mpcc && temp_mpcc->mpcc_bot != insert_above_mpcc)
- temp_mpcc = temp_mpcc->mpcc_bot;
+ if (temp_mpcc != insert_above_mpcc)
+ while (temp_mpcc && temp_mpcc->mpcc_bot != insert_above_mpcc)
+ temp_mpcc = temp_mpcc->mpcc_bot;
if (temp_mpcc == NULL)
return NULL;
}
^ permalink raw reply [flat|nested] 396+ messages in thread
* [PATCH 5.4 309/367] parisc: Drop loops_per_jiffy from per_cpu struct
2023-09-20 11:26 [PATCH 5.4 000/367] 5.4.257-rc1 review Greg Kroah-Hartman
` (307 preceding siblings ...)
2023-09-20 11:31 ` [PATCH 5.4 308/367] drm/amd/display: Fix a bug when searching for insert_above_mpcc Greg Kroah-Hartman
@ 2023-09-20 11:31 ` Greg Kroah-Hartman
2023-09-20 11:31 ` [PATCH 5.4 310/367] autofs: fix memory leak of waitqueues in autofs_catatonic_mode Greg Kroah-Hartman
` (63 subsequent siblings)
372 siblings, 0 replies; 396+ messages in thread
From: Greg Kroah-Hartman @ 2023-09-20 11:31 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Helge Deller, Guenter Roeck
5.4-stable review patch. If anyone has any objections, please let me know.
------------------
From: Helge Deller <deller@gmx.de>
commit 93346da8ff47cc00f953c7f38a2d6ba11977fc42 upstream.
There is no need to keep a loops_per_jiffy value per cpu. Drop it.
Signed-off-by: Helge Deller <deller@gmx.de>
Cc: Guenter Roeck <linux@roeck-us.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
arch/parisc/include/asm/processor.h | 1 -
arch/parisc/kernel/processor.c | 5 ++---
2 files changed, 2 insertions(+), 4 deletions(-)
--- a/arch/parisc/include/asm/processor.h
+++ b/arch/parisc/include/asm/processor.h
@@ -97,7 +97,6 @@ struct cpuinfo_parisc {
unsigned long cpu_loc; /* CPU location from PAT firmware */
unsigned int state;
struct parisc_device *dev;
- unsigned long loops_per_jiffy;
};
extern struct system_cpuinfo_parisc boot_cpu_data;
--- a/arch/parisc/kernel/processor.c
+++ b/arch/parisc/kernel/processor.c
@@ -163,7 +163,6 @@ static int __init processor_probe(struct
if (cpuid)
memset(p, 0, sizeof(struct cpuinfo_parisc));
- p->loops_per_jiffy = loops_per_jiffy;
p->dev = dev; /* Save IODC data in case we need it */
p->hpa = dev->hpa.start; /* save CPU hpa */
p->cpuid = cpuid; /* save CPU id */
@@ -440,8 +439,8 @@ show_cpuinfo (struct seq_file *m, void *
show_cache_info(m);
seq_printf(m, "bogomips\t: %lu.%02lu\n",
- cpuinfo->loops_per_jiffy / (500000 / HZ),
- (cpuinfo->loops_per_jiffy / (5000 / HZ)) % 100);
+ loops_per_jiffy / (500000 / HZ),
+ loops_per_jiffy / (5000 / HZ) % 100);
seq_printf(m, "software id\t: %ld\n\n",
boot_cpu_data.pdc.model.sw_id);
^ permalink raw reply [flat|nested] 396+ messages in thread
* [PATCH 5.4 310/367] autofs: fix memory leak of waitqueues in autofs_catatonic_mode
2023-09-20 11:26 [PATCH 5.4 000/367] 5.4.257-rc1 review Greg Kroah-Hartman
` (308 preceding siblings ...)
2023-09-20 11:31 ` [PATCH 5.4 309/367] parisc: Drop loops_per_jiffy from per_cpu struct Greg Kroah-Hartman
@ 2023-09-20 11:31 ` Greg Kroah-Hartman
2023-09-20 11:31 ` [PATCH 5.4 311/367] btrfs: output extra debug info if we failed to find an inline backref Greg Kroah-Hartman
` (62 subsequent siblings)
372 siblings, 0 replies; 396+ messages in thread
From: Greg Kroah-Hartman @ 2023-09-20 11:31 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, syzbot+5e53f70e69ff0c0a1c0c,
Takeshi Misawa, Fedor Pchelkin, Alexey Khoroshilov, Ian Kent,
Matthew Wilcox, Andrei Vagin, autofs, linux-kernel,
Christian Brauner, Sasha Levin
5.4-stable review patch. If anyone has any objections, please let me know.
------------------
From: Fedor Pchelkin <pchelkin@ispras.ru>
[ Upstream commit ccbe77f7e45dfb4420f7f531b650c00c6e9c7507 ]
Syzkaller reports a memory leak:
BUG: memory leak
unreferenced object 0xffff88810b279e00 (size 96):
comm "syz-executor399", pid 3631, jiffies 4294964921 (age 23.870s)
hex dump (first 32 bytes):
00 00 00 00 00 00 00 00 08 9e 27 0b 81 88 ff ff ..........'.....
08 9e 27 0b 81 88 ff ff 00 00 00 00 00 00 00 00 ..'.............
backtrace:
[<ffffffff814cfc90>] kmalloc_trace+0x20/0x90 mm/slab_common.c:1046
[<ffffffff81bb75ca>] kmalloc include/linux/slab.h:576 [inline]
[<ffffffff81bb75ca>] autofs_wait+0x3fa/0x9a0 fs/autofs/waitq.c:378
[<ffffffff81bb88a7>] autofs_do_expire_multi+0xa7/0x3e0 fs/autofs/expire.c:593
[<ffffffff81bb8c33>] autofs_expire_multi+0x53/0x80 fs/autofs/expire.c:619
[<ffffffff81bb6972>] autofs_root_ioctl_unlocked+0x322/0x3b0 fs/autofs/root.c:897
[<ffffffff81bb6a95>] autofs_root_ioctl+0x25/0x30 fs/autofs/root.c:910
[<ffffffff81602a9c>] vfs_ioctl fs/ioctl.c:51 [inline]
[<ffffffff81602a9c>] __do_sys_ioctl fs/ioctl.c:870 [inline]
[<ffffffff81602a9c>] __se_sys_ioctl fs/ioctl.c:856 [inline]
[<ffffffff81602a9c>] __x64_sys_ioctl+0xfc/0x140 fs/ioctl.c:856
[<ffffffff84608225>] do_syscall_x64 arch/x86/entry/common.c:50 [inline]
[<ffffffff84608225>] do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80
[<ffffffff84800087>] entry_SYSCALL_64_after_hwframe+0x63/0xcd
autofs_wait_queue structs should be freed if their wait_ctr becomes zero.
Otherwise they will be lost.
In this case an AUTOFS_IOC_EXPIRE_MULTI ioctl is done, then a new
waitqueue struct is allocated in autofs_wait(), its initial wait_ctr
equals 2. After that wait_event_killable() is interrupted (it returns
-ERESTARTSYS), so that 'wq->name.name == NULL' condition may be not
satisfied. Actually, this condition can be satisfied when
autofs_wait_release() or autofs_catatonic_mode() is called and, what is
also important, wait_ctr is decremented in those places. Upon the exit of
autofs_wait(), wait_ctr is decremented to 1. Then the unmounting process
begins: kill_sb calls autofs_catatonic_mode(), which should have freed the
waitqueues, but it only decrements its usage counter to zero which is not
a correct behaviour.
edit:imk
This description is of course not correct. The umount performed as a result
of an expire is a umount of a mount that has been automounted, it's not the
autofs mount itself. They happen independently, usually after everything
mounted within the autofs file system has been expired away. If everything
hasn't been expired away the automount daemon can still exit leaving mounts
in place. But expires done in both cases will result in a notification that
calls autofs_wait_release() with a result status. The problem case is the
summary execution of of the automount daemon. In this case any waiting
processes won't be woken up until either they are terminated or the mount
is umounted.
end edit: imk
So in catatonic mode we should free waitqueues which counter becomes zero.
edit: imk
Initially I was concerned that the calling of autofs_wait_release() and
autofs_catatonic_mode() was not mutually exclusive but that can't be the
case (obviously) because the queue entry (or entries) is removed from the
list when either of these two functions are called. Consequently the wait
entry will be freed by only one of these functions or by the woken process
in autofs_wait() depending on the order of the calls.
end edit: imk
Reported-by: syzbot+5e53f70e69ff0c0a1c0c@syzkaller.appspotmail.com
Suggested-by: Takeshi Misawa <jeliantsurux@gmail.com>
Signed-off-by: Fedor Pchelkin <pchelkin@ispras.ru>
Signed-off-by: Alexey Khoroshilov <khoroshilov@ispras.ru>
Signed-off-by: Ian Kent <raven@themaw.net>
Cc: Matthew Wilcox <willy@infradead.org>
Cc: Andrei Vagin <avagin@gmail.com>
Cc: autofs@vger.kernel.org
Cc: linux-kernel@vger.kernel.org
Message-Id: <169112719161.7590.6700123246297365841.stgit@donald.themaw.net>
Signed-off-by: Christian Brauner <brauner@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
fs/autofs/waitq.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/fs/autofs/waitq.c b/fs/autofs/waitq.c
index b04c528b19d34..1230bdf329898 100644
--- a/fs/autofs/waitq.c
+++ b/fs/autofs/waitq.c
@@ -32,8 +32,9 @@ void autofs_catatonic_mode(struct autofs_sb_info *sbi)
wq->status = -ENOENT; /* Magic is gone - report failure */
kfree(wq->name.name);
wq->name.name = NULL;
- wq->wait_ctr--;
wake_up_interruptible(&wq->queue);
+ if (!--wq->wait_ctr)
+ kfree(wq);
wq = nwq;
}
fput(sbi->pipe); /* Close the pipe */
--
2.40.1
^ permalink raw reply related [flat|nested] 396+ messages in thread
* [PATCH 5.4 311/367] btrfs: output extra debug info if we failed to find an inline backref
2023-09-20 11:26 [PATCH 5.4 000/367] 5.4.257-rc1 review Greg Kroah-Hartman
` (309 preceding siblings ...)
2023-09-20 11:31 ` [PATCH 5.4 310/367] autofs: fix memory leak of waitqueues in autofs_catatonic_mode Greg Kroah-Hartman
@ 2023-09-20 11:31 ` Greg Kroah-Hartman
2023-09-20 11:31 ` [PATCH 5.4 312/367] locks: fix KASAN: use-after-free in trace_event_raw_event_filelock_lock Greg Kroah-Hartman
` (61 subsequent siblings)
372 siblings, 0 replies; 396+ messages in thread
From: Greg Kroah-Hartman @ 2023-09-20 11:31 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Qu Wenruo, David Sterba, Sasha Levin
5.4-stable review patch. If anyone has any objections, please let me know.
------------------
From: Qu Wenruo <wqu@suse.com>
[ Upstream commit 7f72f50547b7af4ddf985b07fc56600a4deba281 ]
[BUG]
Syzbot reported several warning triggered inside
lookup_inline_extent_backref().
[CAUSE]
As usual, the reproducer doesn't reliably trigger locally here, but at
least we know the WARN_ON() is triggered when an inline backref can not
be found, and it can only be triggered when @insert is true. (I.e.
inserting a new inline backref, which means the backref should already
exist)
[ENHANCEMENT]
After the WARN_ON(), dump all the parameters and the extent tree
leaf to help debug.
Link: https://syzkaller.appspot.com/bug?extid=d6f9ff86c1d804ba2bc6
Signed-off-by: Qu Wenruo <wqu@suse.com>
Reviewed-by: David Sterba <dsterba@suse.com>
Signed-off-by: David Sterba <dsterba@suse.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
fs/btrfs/extent-tree.c | 5 +++++
1 file changed, 5 insertions(+)
diff --git a/fs/btrfs/extent-tree.c b/fs/btrfs/extent-tree.c
index e47f53e780890..a9191a0d2f4c9 100644
--- a/fs/btrfs/extent-tree.c
+++ b/fs/btrfs/extent-tree.c
@@ -895,6 +895,11 @@ int lookup_inline_extent_backref(struct btrfs_trans_handle *trans,
err = -ENOENT;
goto out;
} else if (WARN_ON(ret)) {
+ btrfs_print_leaf(path->nodes[0]);
+ btrfs_err(fs_info,
+"extent item not found for insert, bytenr %llu num_bytes %llu parent %llu root_objectid %llu owner %llu offset %llu",
+ bytenr, num_bytes, parent, root_objectid, owner,
+ offset);
err = -EIO;
goto out;
}
--
2.40.1
^ permalink raw reply related [flat|nested] 396+ messages in thread
* [PATCH 5.4 312/367] locks: fix KASAN: use-after-free in trace_event_raw_event_filelock_lock
2023-09-20 11:26 [PATCH 5.4 000/367] 5.4.257-rc1 review Greg Kroah-Hartman
` (310 preceding siblings ...)
2023-09-20 11:31 ` [PATCH 5.4 311/367] btrfs: output extra debug info if we failed to find an inline backref Greg Kroah-Hartman
@ 2023-09-20 11:31 ` Greg Kroah-Hartman
2023-09-20 11:31 ` [PATCH 5.4 313/367] ACPICA: Add AML_NO_OPERAND_RESOLVE flag to Timer Greg Kroah-Hartman
` (60 subsequent siblings)
372 siblings, 0 replies; 396+ messages in thread
From: Greg Kroah-Hartman @ 2023-09-20 11:31 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Will Shiu, Jeff Layton, Sasha Levin
5.4-stable review patch. If anyone has any objections, please let me know.
------------------
From: Will Shiu <Will.Shiu@mediatek.com>
[ Upstream commit 74f6f5912693ce454384eaeec48705646a21c74f ]
As following backtrace, the struct file_lock request , in posix_lock_inode
is free before ftrace function using.
Replace the ftrace function ahead free flow could fix the use-after-free
issue.
[name:report&]===============================================
BUG:KASAN: use-after-free in trace_event_raw_event_filelock_lock+0x80/0x12c
[name:report&]Read at addr f6ffff8025622620 by task NativeThread/16753
[name:report_hw_tags&]Pointer tag: [f6], memory tag: [fe]
[name:report&]
BT:
Hardware name: MT6897 (DT)
Call trace:
dump_backtrace+0xf8/0x148
show_stack+0x18/0x24
dump_stack_lvl+0x60/0x7c
print_report+0x2c8/0xa08
kasan_report+0xb0/0x120
__do_kernel_fault+0xc8/0x248
do_bad_area+0x30/0xdc
do_tag_check_fault+0x1c/0x30
do_mem_abort+0x58/0xbc
el1_abort+0x3c/0x5c
el1h_64_sync_handler+0x54/0x90
el1h_64_sync+0x68/0x6c
trace_event_raw_event_filelock_lock+0x80/0x12c
posix_lock_inode+0xd0c/0xd60
do_lock_file_wait+0xb8/0x190
fcntl_setlk+0x2d8/0x440
...
[name:report&]
[name:report&]Allocated by task 16752:
...
slab_post_alloc_hook+0x74/0x340
kmem_cache_alloc+0x1b0/0x2f0
posix_lock_inode+0xb0/0xd60
...
[name:report&]
[name:report&]Freed by task 16752:
...
kmem_cache_free+0x274/0x5b0
locks_dispose_list+0x3c/0x148
posix_lock_inode+0xc40/0xd60
do_lock_file_wait+0xb8/0x190
fcntl_setlk+0x2d8/0x440
do_fcntl+0x150/0xc18
...
Signed-off-by: Will Shiu <Will.Shiu@mediatek.com>
Signed-off-by: Jeff Layton <jlayton@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
fs/locks.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/fs/locks.c b/fs/locks.c
index b8a31c1c4fff3..90f92784aa554 100644
--- a/fs/locks.c
+++ b/fs/locks.c
@@ -1338,6 +1338,7 @@ static int posix_lock_inode(struct inode *inode, struct file_lock *request,
out:
spin_unlock(&ctx->flc_lock);
percpu_up_read(&file_rwsem);
+ trace_posix_lock_inode(inode, request, error);
/*
* Free any unused locks.
*/
@@ -1346,7 +1347,6 @@ static int posix_lock_inode(struct inode *inode, struct file_lock *request,
if (new_fl2)
locks_free_lock(new_fl2);
locks_dispose_list(&dispose);
- trace_posix_lock_inode(inode, request, error);
return error;
}
--
2.40.1
^ permalink raw reply related [flat|nested] 396+ messages in thread
* [PATCH 5.4 313/367] ACPICA: Add AML_NO_OPERAND_RESOLVE flag to Timer
2023-09-20 11:26 [PATCH 5.4 000/367] 5.4.257-rc1 review Greg Kroah-Hartman
` (311 preceding siblings ...)
2023-09-20 11:31 ` [PATCH 5.4 312/367] locks: fix KASAN: use-after-free in trace_event_raw_event_filelock_lock Greg Kroah-Hartman
@ 2023-09-20 11:31 ` Greg Kroah-Hartman
2023-09-20 11:31 ` [PATCH 5.4 314/367] kernel/fork: beware of __put_task_struct() calling context Greg Kroah-Hartman
` (59 subsequent siblings)
372 siblings, 0 replies; 396+ messages in thread
From: Greg Kroah-Hartman @ 2023-09-20 11:31 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Abhishek Mainkar, Bob Moore,
Rafael J. Wysocki, Sasha Levin
5.4-stable review patch. If anyone has any objections, please let me know.
------------------
From: Abhishek Mainkar <abmainkar@nvidia.com>
[ Upstream commit 3a21ffdbc825e0919db9da0e27ee5ff2cc8a863e ]
ACPICA commit 90310989a0790032f5a0140741ff09b545af4bc5
According to the ACPI specification 19.6.134, no argument is required to be passed for ASL Timer instruction. For taking care of no argument, AML_NO_OPERAND_RESOLVE flag is added to ASL Timer instruction opcode.
When ASL timer instruction interpreted by ACPI interpreter, getting error. After adding AML_NO_OPERAND_RESOLVE flag to ASL Timer instruction opcode, issue is not observed.
=============================================================
UBSAN: array-index-out-of-bounds in acpica/dswexec.c:401:12 index -1 is out of range for type 'union acpi_operand_object *[9]'
CPU: 37 PID: 1678 Comm: cat Not tainted
6.0.0-dev-th500-6.0.y-1+bcf8c46459e407-generic-64k
HW name: NVIDIA BIOS v1.1.1-d7acbfc-dirty 12/19/2022 Call trace:
dump_backtrace+0xe0/0x130
show_stack+0x20/0x60
dump_stack_lvl+0x68/0x84
dump_stack+0x18/0x34
ubsan_epilogue+0x10/0x50
__ubsan_handle_out_of_bounds+0x80/0x90
acpi_ds_exec_end_op+0x1bc/0x6d8
acpi_ps_parse_loop+0x57c/0x618
acpi_ps_parse_aml+0x1e0/0x4b4
acpi_ps_execute_method+0x24c/0x2b8
acpi_ns_evaluate+0x3a8/0x4bc
acpi_evaluate_object+0x15c/0x37c
acpi_evaluate_integer+0x54/0x15c
show_power+0x8c/0x12c [acpi_power_meter]
Link: https://github.com/acpica/acpica/commit/90310989
Signed-off-by: Abhishek Mainkar <abmainkar@nvidia.com>
Signed-off-by: Bob Moore <robert.moore@intel.com>
Signed-off-by: Rafael J. Wysocki <rafael.j.wysocki@intel.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/acpi/acpica/psopcode.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/acpi/acpica/psopcode.c b/drivers/acpi/acpica/psopcode.c
index 43775c5ce17c5..2f9b226ec4f63 100644
--- a/drivers/acpi/acpica/psopcode.c
+++ b/drivers/acpi/acpica/psopcode.c
@@ -603,7 +603,7 @@ const struct acpi_opcode_info acpi_gbl_aml_op_info[AML_NUM_OPCODES] = {
/* 7E */ ACPI_OP("Timer", ARGP_TIMER_OP, ARGI_TIMER_OP, ACPI_TYPE_ANY,
AML_CLASS_EXECUTE, AML_TYPE_EXEC_0A_0T_1R,
- AML_FLAGS_EXEC_0A_0T_1R),
+ AML_FLAGS_EXEC_0A_0T_1R | AML_NO_OPERAND_RESOLVE),
/* ACPI 5.0 opcodes */
--
2.40.1
^ permalink raw reply related [flat|nested] 396+ messages in thread
* [PATCH 5.4 314/367] kernel/fork: beware of __put_task_struct() calling context
2023-09-20 11:26 [PATCH 5.4 000/367] 5.4.257-rc1 review Greg Kroah-Hartman
` (312 preceding siblings ...)
2023-09-20 11:31 ` [PATCH 5.4 313/367] ACPICA: Add AML_NO_OPERAND_RESOLVE flag to Timer Greg Kroah-Hartman
@ 2023-09-20 11:31 ` Greg Kroah-Hartman
2023-09-20 11:31 ` [PATCH 5.4 315/367] ACPI: video: Add backlight=native DMI quirk for Lenovo Ideapad Z470 Greg Kroah-Hartman
` (58 subsequent siblings)
372 siblings, 0 replies; 396+ messages in thread
From: Greg Kroah-Hartman @ 2023-09-20 11:31 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Hu Chunyu, Oleg Nesterov,
Valentin Schneider, Peter Zijlstra, Wander Lairson Costa,
Sasha Levin
5.4-stable review patch. If anyone has any objections, please let me know.
------------------
From: Wander Lairson Costa <wander@redhat.com>
[ Upstream commit d243b34459cea30cfe5f3a9b2feb44e7daff9938 ]
Under PREEMPT_RT, __put_task_struct() indirectly acquires sleeping
locks. Therefore, it can't be called from an non-preemptible context.
One practical example is splat inside inactive_task_timer(), which is
called in a interrupt context:
CPU: 1 PID: 2848 Comm: life Kdump: loaded Tainted: G W ---------
Hardware name: HP ProLiant DL388p Gen8, BIOS P70 07/15/2012
Call Trace:
dump_stack_lvl+0x57/0x7d
mark_lock_irq.cold+0x33/0xba
mark_lock+0x1e7/0x400
mark_usage+0x11d/0x140
__lock_acquire+0x30d/0x930
lock_acquire.part.0+0x9c/0x210
rt_spin_lock+0x27/0xe0
refill_obj_stock+0x3d/0x3a0
kmem_cache_free+0x357/0x560
inactive_task_timer+0x1ad/0x340
__run_hrtimer+0x8a/0x1a0
__hrtimer_run_queues+0x91/0x130
hrtimer_interrupt+0x10f/0x220
__sysvec_apic_timer_interrupt+0x7b/0xd0
sysvec_apic_timer_interrupt+0x4f/0xd0
asm_sysvec_apic_timer_interrupt+0x12/0x20
RIP: 0033:0x7fff196bf6f5
Instead of calling __put_task_struct() directly, we defer it using
call_rcu(). A more natural approach would use a workqueue, but since
in PREEMPT_RT, we can't allocate dynamic memory from atomic context,
the code would become more complex because we would need to put the
work_struct instance in the task_struct and initialize it when we
allocate a new task_struct.
The issue is reproducible with stress-ng:
while true; do
stress-ng --sched deadline --sched-period 1000000000 \
--sched-runtime 800000000 --sched-deadline \
1000000000 --mmapfork 23 -t 20
done
Reported-by: Hu Chunyu <chuhu@redhat.com>
Suggested-by: Oleg Nesterov <oleg@redhat.com>
Suggested-by: Valentin Schneider <vschneid@redhat.com>
Suggested-by: Peter Zijlstra <peterz@infradead.org>
Signed-off-by: Wander Lairson Costa <wander@redhat.com>
Signed-off-by: Peter Zijlstra (Intel) <peterz@infradead.org>
Link: https://lore.kernel.org/r/20230614122323.37957-2-wander@redhat.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
include/linux/sched/task.h | 28 +++++++++++++++++++++++++++-
kernel/fork.c | 8 ++++++++
2 files changed, 35 insertions(+), 1 deletion(-)
diff --git a/include/linux/sched/task.h b/include/linux/sched/task.h
index 853ab403e77b8..e3c20a4f81f5e 100644
--- a/include/linux/sched/task.h
+++ b/include/linux/sched/task.h
@@ -113,10 +113,36 @@ static inline struct task_struct *get_task_struct(struct task_struct *t)
}
extern void __put_task_struct(struct task_struct *t);
+extern void __put_task_struct_rcu_cb(struct rcu_head *rhp);
static inline void put_task_struct(struct task_struct *t)
{
- if (refcount_dec_and_test(&t->usage))
+ if (!refcount_dec_and_test(&t->usage))
+ return;
+
+ /*
+ * under PREEMPT_RT, we can't call put_task_struct
+ * in atomic context because it will indirectly
+ * acquire sleeping locks.
+ *
+ * call_rcu() will schedule delayed_put_task_struct_rcu()
+ * to be called in process context.
+ *
+ * __put_task_struct() is called when
+ * refcount_dec_and_test(&t->usage) succeeds.
+ *
+ * This means that it can't "conflict" with
+ * put_task_struct_rcu_user() which abuses ->rcu the same
+ * way; rcu_users has a reference so task->usage can't be
+ * zero after rcu_users 1 -> 0 transition.
+ *
+ * delayed_free_task() also uses ->rcu, but it is only called
+ * when it fails to fork a process. Therefore, there is no
+ * way it can conflict with put_task_struct().
+ */
+ if (IS_ENABLED(CONFIG_PREEMPT_RT) && !preemptible())
+ call_rcu(&t->rcu, __put_task_struct_rcu_cb);
+ else
__put_task_struct(t);
}
diff --git a/kernel/fork.c b/kernel/fork.c
index 39134effb2bff..1728aa77861cb 100644
--- a/kernel/fork.c
+++ b/kernel/fork.c
@@ -749,6 +749,14 @@ void __put_task_struct(struct task_struct *tsk)
}
EXPORT_SYMBOL_GPL(__put_task_struct);
+void __put_task_struct_rcu_cb(struct rcu_head *rhp)
+{
+ struct task_struct *task = container_of(rhp, struct task_struct, rcu);
+
+ __put_task_struct(task);
+}
+EXPORT_SYMBOL_GPL(__put_task_struct_rcu_cb);
+
void __init __weak arch_task_cache_init(void) { }
/*
--
2.40.1
^ permalink raw reply related [flat|nested] 396+ messages in thread
* [PATCH 5.4 315/367] ACPI: video: Add backlight=native DMI quirk for Lenovo Ideapad Z470
2023-09-20 11:26 [PATCH 5.4 000/367] 5.4.257-rc1 review Greg Kroah-Hartman
` (313 preceding siblings ...)
2023-09-20 11:31 ` [PATCH 5.4 314/367] kernel/fork: beware of __put_task_struct() calling context Greg Kroah-Hartman
@ 2023-09-20 11:31 ` Greg Kroah-Hartman
2023-09-20 11:31 ` [PATCH 5.4 316/367] perf/smmuv3: Enable HiSilicon Erratum 162001900 quirk for HIP08/09 Greg Kroah-Hartman
` (57 subsequent siblings)
372 siblings, 0 replies; 396+ messages in thread
From: Greg Kroah-Hartman @ 2023-09-20 11:31 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Jiri Slaby (SUSE),
Hans de Goede, Rafael J. Wysocki, Sasha Levin
5.4-stable review patch. If anyone has any objections, please let me know.
------------------
From: Jiri Slaby (SUSE) <jirislaby@kernel.org>
[ Upstream commit 96b709be183c56293933ef45b8b75f8af268c6de ]
The Lenovo Ideapad Z470 predates Windows 8, so it defaults to using
acpi_video for backlight control. But this is not functional on this
model.
Add a DMI quirk to use the native backlight interface which works.
Link: https://bugzilla.suse.com/show_bug.cgi?id=1208724
Signed-off-by: Jiri Slaby (SUSE) <jirislaby@kernel.org>
Reviewed-by: Hans de Goede <hdegoede@redhat.com>
Signed-off-by: Rafael J. Wysocki <rafael.j.wysocki@intel.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/acpi/video_detect.c | 9 +++++++++
1 file changed, 9 insertions(+)
diff --git a/drivers/acpi/video_detect.c b/drivers/acpi/video_detect.c
index ef40cd7f36eba..be9c70806b620 100644
--- a/drivers/acpi/video_detect.c
+++ b/drivers/acpi/video_detect.c
@@ -310,6 +310,15 @@ static const struct dmi_system_id video_detect_dmi_table[] = {
DMI_MATCH(DMI_BOARD_NAME, "Lenovo IdeaPad S405"),
},
},
+ {
+ /* https://bugzilla.suse.com/show_bug.cgi?id=1208724 */
+ .callback = video_detect_force_native,
+ /* Lenovo Ideapad Z470 */
+ .matches = {
+ DMI_MATCH(DMI_SYS_VENDOR, "LENOVO"),
+ DMI_MATCH(DMI_PRODUCT_VERSION, "IdeaPad Z470"),
+ },
+ },
{
/* https://bugzilla.redhat.com/show_bug.cgi?id=1187004 */
.callback = video_detect_force_native,
--
2.40.1
^ permalink raw reply related [flat|nested] 396+ messages in thread
* [PATCH 5.4 316/367] perf/smmuv3: Enable HiSilicon Erratum 162001900 quirk for HIP08/09
2023-09-20 11:26 [PATCH 5.4 000/367] 5.4.257-rc1 review Greg Kroah-Hartman
` (314 preceding siblings ...)
2023-09-20 11:31 ` [PATCH 5.4 315/367] ACPI: video: Add backlight=native DMI quirk for Lenovo Ideapad Z470 Greg Kroah-Hartman
@ 2023-09-20 11:31 ` Greg Kroah-Hartman
2023-09-20 11:31 ` [PATCH 5.4 317/367] hw_breakpoint: fix single-stepping when using bpf_overflow_handler Greg Kroah-Hartman
` (56 subsequent siblings)
372 siblings, 0 replies; 396+ messages in thread
From: Greg Kroah-Hartman @ 2023-09-20 11:31 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Yicong Yang, Will Deacon, Sasha Levin
5.4-stable review patch. If anyone has any objections, please let me know.
------------------
From: Yicong Yang <yangyicong@hisilicon.com>
[ Upstream commit 0242737dc4eb9f6e9a5ea594b3f93efa0b12f28d ]
Some HiSilicon SMMU PMCG suffers the erratum 162001900 that the PMU
disable control sometimes fail to disable the counters. This will lead
to error or inaccurate data since before we enable the counters the
counter's still counting for the event used in last perf session.
This patch tries to fix this by hardening the global disable process.
Before disable the PMU, writing an invalid event type (0xffff) to
focibly stop the counters. Correspondingly restore each events on
pmu::pmu_enable().
Signed-off-by: Yicong Yang <yangyicong@hisilicon.com>
Link: https://lore.kernel.org/r/20230814124012.58013-1-yangyicong@huawei.com
Signed-off-by: Will Deacon <will@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
Documentation/arm64/silicon-errata.rst | 3 ++
drivers/acpi/arm64/iort.c | 5 ++-
drivers/perf/arm_smmuv3_pmu.c | 46 +++++++++++++++++++++++++-
include/linux/acpi_iort.h | 1 +
4 files changed, 53 insertions(+), 2 deletions(-)
diff --git a/Documentation/arm64/silicon-errata.rst b/Documentation/arm64/silicon-errata.rst
index 36a8c01191a07..6b70b6aabcffe 100644
--- a/Documentation/arm64/silicon-errata.rst
+++ b/Documentation/arm64/silicon-errata.rst
@@ -134,6 +134,9 @@ stable kernels.
+----------------+-----------------+-----------------+-----------------------------+
| Hisilicon | Hip08 SMMU PMCG | #162001800 | N/A |
+----------------+-----------------+-----------------+-----------------------------+
+| Hisilicon | Hip08 SMMU PMCG | #162001900 | N/A |
+| | Hip09 SMMU PMCG | | |
++----------------+-----------------+-----------------+-----------------------------+
+----------------+-----------------+-----------------+-----------------------------+
| Qualcomm Tech. | Kryo/Falkor v1 | E1003 | QCOM_FALKOR_ERRATUM_1003 |
+----------------+-----------------+-----------------+-----------------------------+
diff --git a/drivers/acpi/arm64/iort.c b/drivers/acpi/arm64/iort.c
index 553c89b0bdcbb..09eb170f26d27 100644
--- a/drivers/acpi/arm64/iort.c
+++ b/drivers/acpi/arm64/iort.c
@@ -1393,7 +1393,10 @@ static void __init arm_smmu_v3_pmcg_init_resources(struct resource *res,
static struct acpi_platform_list pmcg_plat_info[] __initdata = {
/* HiSilicon Hip08 Platform */
{"HISI ", "HIP08 ", 0, ACPI_SIG_IORT, greater_than_or_equal,
- "Erratum #162001800", IORT_SMMU_V3_PMCG_HISI_HIP08},
+ "Erratum #162001800, Erratum #162001900", IORT_SMMU_V3_PMCG_HISI_HIP08},
+ /* HiSilicon Hip09 Platform */
+ {"HISI ", "HIP09 ", 0, ACPI_SIG_IORT, greater_than_or_equal,
+ "Erratum #162001900", IORT_SMMU_V3_PMCG_HISI_HIP09},
{ }
};
diff --git a/drivers/perf/arm_smmuv3_pmu.c b/drivers/perf/arm_smmuv3_pmu.c
index 0b6af77196418..de85e9191947a 100644
--- a/drivers/perf/arm_smmuv3_pmu.c
+++ b/drivers/perf/arm_smmuv3_pmu.c
@@ -95,6 +95,7 @@
#define SMMU_PMCG_PA_SHIFT 12
#define SMMU_PMCG_EVCNTR_RDONLY BIT(0)
+#define SMMU_PMCG_HARDEN_DISABLE BIT(1)
static int cpuhp_state_num;
@@ -138,6 +139,20 @@ static inline void smmu_pmu_enable(struct pmu *pmu)
writel(SMMU_PMCG_CR_ENABLE, smmu_pmu->reg_base + SMMU_PMCG_CR);
}
+static int smmu_pmu_apply_event_filter(struct smmu_pmu *smmu_pmu,
+ struct perf_event *event, int idx);
+
+static inline void smmu_pmu_enable_quirk_hip08_09(struct pmu *pmu)
+{
+ struct smmu_pmu *smmu_pmu = to_smmu_pmu(pmu);
+ unsigned int idx;
+
+ for_each_set_bit(idx, smmu_pmu->used_counters, smmu_pmu->num_counters)
+ smmu_pmu_apply_event_filter(smmu_pmu, smmu_pmu->events[idx], idx);
+
+ smmu_pmu_enable(pmu);
+}
+
static inline void smmu_pmu_disable(struct pmu *pmu)
{
struct smmu_pmu *smmu_pmu = to_smmu_pmu(pmu);
@@ -146,6 +161,22 @@ static inline void smmu_pmu_disable(struct pmu *pmu)
writel(0, smmu_pmu->reg_base + SMMU_PMCG_IRQ_CTRL);
}
+static inline void smmu_pmu_disable_quirk_hip08_09(struct pmu *pmu)
+{
+ struct smmu_pmu *smmu_pmu = to_smmu_pmu(pmu);
+ unsigned int idx;
+
+ /*
+ * The global disable of PMU sometimes fail to stop the counting.
+ * Harden this by writing an invalid event type to each used counter
+ * to forcibly stop counting.
+ */
+ for_each_set_bit(idx, smmu_pmu->used_counters, smmu_pmu->num_counters)
+ writel(0xffff, smmu_pmu->reg_base + SMMU_PMCG_EVTYPER(idx));
+
+ smmu_pmu_disable(pmu);
+}
+
static inline void smmu_pmu_counter_set_value(struct smmu_pmu *smmu_pmu,
u32 idx, u64 value)
{
@@ -719,7 +750,10 @@ static void smmu_pmu_get_acpi_options(struct smmu_pmu *smmu_pmu)
switch (model) {
case IORT_SMMU_V3_PMCG_HISI_HIP08:
/* HiSilicon Erratum 162001800 */
- smmu_pmu->options |= SMMU_PMCG_EVCNTR_RDONLY;
+ smmu_pmu->options |= SMMU_PMCG_EVCNTR_RDONLY | SMMU_PMCG_HARDEN_DISABLE;
+ break;
+ case IORT_SMMU_V3_PMCG_HISI_HIP09:
+ smmu_pmu->options |= SMMU_PMCG_HARDEN_DISABLE;
break;
}
@@ -808,6 +842,16 @@ static int smmu_pmu_probe(struct platform_device *pdev)
smmu_pmu_get_acpi_options(smmu_pmu);
+ /*
+ * For platforms suffer this quirk, the PMU disable sometimes fails to
+ * stop the counters. This will leads to inaccurate or error counting.
+ * Forcibly disable the counters with these quirk handler.
+ */
+ if (smmu_pmu->options & SMMU_PMCG_HARDEN_DISABLE) {
+ smmu_pmu->pmu.pmu_enable = smmu_pmu_enable_quirk_hip08_09;
+ smmu_pmu->pmu.pmu_disable = smmu_pmu_disable_quirk_hip08_09;
+ }
+
/* Pick one CPU to be the preferred one to use */
smmu_pmu->on_cpu = raw_smp_processor_id();
WARN_ON(irq_set_affinity_hint(smmu_pmu->irq,
diff --git a/include/linux/acpi_iort.h b/include/linux/acpi_iort.h
index 8e7e2ec37f1b2..64f700254ca0f 100644
--- a/include/linux/acpi_iort.h
+++ b/include/linux/acpi_iort.h
@@ -21,6 +21,7 @@
*/
#define IORT_SMMU_V3_PMCG_GENERIC 0x00000000 /* Generic SMMUv3 PMCG */
#define IORT_SMMU_V3_PMCG_HISI_HIP08 0x00000001 /* HiSilicon HIP08 PMCG */
+#define IORT_SMMU_V3_PMCG_HISI_HIP09 0x00000002 /* HiSilicon HIP09 PMCG */
int iort_register_domain_token(int trans_id, phys_addr_t base,
struct fwnode_handle *fw_node);
--
2.40.1
^ permalink raw reply related [flat|nested] 396+ messages in thread
* [PATCH 5.4 317/367] hw_breakpoint: fix single-stepping when using bpf_overflow_handler
2023-09-20 11:26 [PATCH 5.4 000/367] 5.4.257-rc1 review Greg Kroah-Hartman
` (315 preceding siblings ...)
2023-09-20 11:31 ` [PATCH 5.4 316/367] perf/smmuv3: Enable HiSilicon Erratum 162001900 quirk for HIP08/09 Greg Kroah-Hartman
@ 2023-09-20 11:31 ` Greg Kroah-Hartman
2023-09-20 11:31 ` [PATCH 5.4 318/367] devlink: remove reload failed checks in params get/set callbacks Greg Kroah-Hartman
` (55 subsequent siblings)
372 siblings, 0 replies; 396+ messages in thread
From: Greg Kroah-Hartman @ 2023-09-20 11:31 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Tomislav Novak, Catalin Marinas,
Alexei Starovoitov, Will Deacon, Sasha Levin, Samuel Gosselin
5.4-stable review patch. If anyone has any objections, please let me know.
------------------
From: Tomislav Novak <tnovak@meta.com>
[ Upstream commit d11a69873d9a7435fe6a48531e165ab80a8b1221 ]
Arm platforms use is_default_overflow_handler() to determine if the
hw_breakpoint code should single-step over the breakpoint trigger or
let the custom handler deal with it.
Since bpf_overflow_handler() currently isn't recognized as a default
handler, attaching a BPF program to a PERF_TYPE_BREAKPOINT event causes
it to keep firing (the instruction triggering the data abort exception
is never skipped). For example:
# bpftrace -e 'watchpoint:0x10000:4:w { print("hit") }' -c ./test
Attaching 1 probe...
hit
hit
[...]
^C
(./test performs a single 4-byte store to 0x10000)
This patch replaces the check with uses_default_overflow_handler(),
which accounts for the bpf_overflow_handler() case by also testing
if one of the perf_event_output functions gets invoked indirectly,
via orig_default_handler.
Signed-off-by: Tomislav Novak <tnovak@meta.com>
Tested-by: Samuel Gosselin <sgosselin@google.com> # arm64
Reviewed-by: Catalin Marinas <catalin.marinas@arm.com>
Acked-by: Alexei Starovoitov <ast@kernel.org>
Link: https://lore.kernel.org/linux-arm-kernel/20220923203644.2731604-1-tnovak@fb.com/
Link: https://lore.kernel.org/r/20230605191923.1219974-1-tnovak@meta.com
Signed-off-by: Will Deacon <will@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/arm/kernel/hw_breakpoint.c | 8 ++++----
arch/arm64/kernel/hw_breakpoint.c | 4 ++--
include/linux/perf_event.h | 22 +++++++++++++++++++---
3 files changed, 25 insertions(+), 9 deletions(-)
diff --git a/arch/arm/kernel/hw_breakpoint.c b/arch/arm/kernel/hw_breakpoint.c
index b06d9ea07c846..a69dd64a84017 100644
--- a/arch/arm/kernel/hw_breakpoint.c
+++ b/arch/arm/kernel/hw_breakpoint.c
@@ -623,7 +623,7 @@ int hw_breakpoint_arch_parse(struct perf_event *bp,
hw->address &= ~alignment_mask;
hw->ctrl.len <<= offset;
- if (is_default_overflow_handler(bp)) {
+ if (uses_default_overflow_handler(bp)) {
/*
* Mismatch breakpoints are required for single-stepping
* breakpoints.
@@ -795,7 +795,7 @@ static void watchpoint_handler(unsigned long addr, unsigned int fsr,
* Otherwise, insert a temporary mismatch breakpoint so that
* we can single-step over the watchpoint trigger.
*/
- if (!is_default_overflow_handler(wp))
+ if (!uses_default_overflow_handler(wp))
continue;
step:
enable_single_step(wp, instruction_pointer(regs));
@@ -808,7 +808,7 @@ static void watchpoint_handler(unsigned long addr, unsigned int fsr,
info->trigger = addr;
pr_debug("watchpoint fired: address = 0x%x\n", info->trigger);
perf_bp_event(wp, regs);
- if (is_default_overflow_handler(wp))
+ if (uses_default_overflow_handler(wp))
enable_single_step(wp, instruction_pointer(regs));
}
@@ -883,7 +883,7 @@ static void breakpoint_handler(unsigned long unknown, struct pt_regs *regs)
info->trigger = addr;
pr_debug("breakpoint fired: address = 0x%x\n", addr);
perf_bp_event(bp, regs);
- if (is_default_overflow_handler(bp))
+ if (uses_default_overflow_handler(bp))
enable_single_step(bp, addr);
goto unlock;
}
diff --git a/arch/arm64/kernel/hw_breakpoint.c b/arch/arm64/kernel/hw_breakpoint.c
index b4a1607958246..534578eba556e 100644
--- a/arch/arm64/kernel/hw_breakpoint.c
+++ b/arch/arm64/kernel/hw_breakpoint.c
@@ -654,7 +654,7 @@ static int breakpoint_handler(unsigned long unused, unsigned int esr,
perf_bp_event(bp, regs);
/* Do we need to handle the stepping? */
- if (is_default_overflow_handler(bp))
+ if (uses_default_overflow_handler(bp))
step = 1;
unlock:
rcu_read_unlock();
@@ -733,7 +733,7 @@ static u64 get_distance_from_watchpoint(unsigned long addr, u64 val,
static int watchpoint_report(struct perf_event *wp, unsigned long addr,
struct pt_regs *regs)
{
- int step = is_default_overflow_handler(wp);
+ int step = uses_default_overflow_handler(wp);
struct arch_hw_breakpoint *info = counter_arch_bp(wp);
info->trigger = addr;
diff --git a/include/linux/perf_event.h b/include/linux/perf_event.h
index b7ac395513c0f..c99e2f851d312 100644
--- a/include/linux/perf_event.h
+++ b/include/linux/perf_event.h
@@ -1018,15 +1018,31 @@ extern int perf_event_output(struct perf_event *event,
struct pt_regs *regs);
static inline bool
-is_default_overflow_handler(struct perf_event *event)
+__is_default_overflow_handler(perf_overflow_handler_t overflow_handler)
{
- if (likely(event->overflow_handler == perf_event_output_forward))
+ if (likely(overflow_handler == perf_event_output_forward))
return true;
- if (unlikely(event->overflow_handler == perf_event_output_backward))
+ if (unlikely(overflow_handler == perf_event_output_backward))
return true;
return false;
}
+#define is_default_overflow_handler(event) \
+ __is_default_overflow_handler((event)->overflow_handler)
+
+#ifdef CONFIG_BPF_SYSCALL
+static inline bool uses_default_overflow_handler(struct perf_event *event)
+{
+ if (likely(is_default_overflow_handler(event)))
+ return true;
+
+ return __is_default_overflow_handler(event->orig_overflow_handler);
+}
+#else
+#define uses_default_overflow_handler(event) \
+ is_default_overflow_handler(event)
+#endif
+
extern void
perf_event_header__init_id(struct perf_event_header *header,
struct perf_sample_data *data,
--
2.40.1
^ permalink raw reply related [flat|nested] 396+ messages in thread
* [PATCH 5.4 318/367] devlink: remove reload failed checks in params get/set callbacks
2023-09-20 11:26 [PATCH 5.4 000/367] 5.4.257-rc1 review Greg Kroah-Hartman
` (316 preceding siblings ...)
2023-09-20 11:31 ` [PATCH 5.4 317/367] hw_breakpoint: fix single-stepping when using bpf_overflow_handler Greg Kroah-Hartman
@ 2023-09-20 11:31 ` Greg Kroah-Hartman
2023-09-20 11:31 ` [PATCH 5.4 319/367] wifi: ath9k: fix printk specifier Greg Kroah-Hartman
` (54 subsequent siblings)
372 siblings, 0 replies; 396+ messages in thread
From: Greg Kroah-Hartman @ 2023-09-20 11:31 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Jiri Pirko, Ido Schimmel,
Jakub Kicinski, David S. Miller, Sasha Levin
5.4-stable review patch. If anyone has any objections, please let me know.
------------------
From: Jiri Pirko <jiri@nvidia.com>
[ Upstream commit 633d76ad01ad0321a1ace3e5cc4fed06753d7ac4 ]
The checks in question were introduced by:
commit 6b4db2e528f6 ("devlink: Fix use-after-free after a failed reload").
That fixed an issue of reload with mlxsw driver.
Back then, that was a valid fix, because there was a limitation
in place that prevented drivers from registering/unregistering params
when devlink instance was registered.
It was possible to do the fix differently by changing drivers to
register/unregister params in appropriate places making sure the ops
operate only on memory which is allocated and initialized. But that,
as a dependency, would require to remove the limitation mentioned above.
Eventually, this limitation was lifted by:
commit 1d18bb1a4ddd ("devlink: allow registering parameters after the instance")
Also, the alternative fix (which also fixed another issue) was done by:
commit 74cbc3c03c82 ("mlxsw: spectrum_acl_tcam: Move devlink param to TCAM code").
Therefore, the checks are no longer relevant. Each driver should make
sure to have the params registered only when the memory the ops
are working with is allocated and initialized.
So remove the checks.
Signed-off-by: Jiri Pirko <jiri@nvidia.com>
Reviewed-by: Ido Schimmel <idosch@nvidia.com>
Reviewed-by: Jakub Kicinski <kuba@kernel.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
net/core/devlink.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/net/core/devlink.c b/net/core/devlink.c
index b4dabe5d89f72..5bd6330ab4275 100644
--- a/net/core/devlink.c
+++ b/net/core/devlink.c
@@ -2953,7 +2953,7 @@ static int devlink_param_get(struct devlink *devlink,
const struct devlink_param *param,
struct devlink_param_gset_ctx *ctx)
{
- if (!param->get || devlink->reload_failed)
+ if (!param->get)
return -EOPNOTSUPP;
return param->get(devlink, param->id, ctx);
}
@@ -2962,7 +2962,7 @@ static int devlink_param_set(struct devlink *devlink,
const struct devlink_param *param,
struct devlink_param_gset_ctx *ctx)
{
- if (!param->set || devlink->reload_failed)
+ if (!param->set)
return -EOPNOTSUPP;
return param->set(devlink, param->id, ctx);
}
--
2.40.1
^ permalink raw reply related [flat|nested] 396+ messages in thread
* [PATCH 5.4 319/367] wifi: ath9k: fix printk specifier
2023-09-20 11:26 [PATCH 5.4 000/367] 5.4.257-rc1 review Greg Kroah-Hartman
` (317 preceding siblings ...)
2023-09-20 11:31 ` [PATCH 5.4 318/367] devlink: remove reload failed checks in params get/set callbacks Greg Kroah-Hartman
@ 2023-09-20 11:31 ` Greg Kroah-Hartman
2023-09-20 11:31 ` [PATCH 5.4 320/367] wifi: mwifiex: fix fortify warning Greg Kroah-Hartman
` (53 subsequent siblings)
372 siblings, 0 replies; 396+ messages in thread
From: Greg Kroah-Hartman @ 2023-09-20 11:31 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Dongliang Mu,
Toke Høiland-Jørgensen, Kalle Valo, Sasha Levin
5.4-stable review patch. If anyone has any objections, please let me know.
------------------
From: Dongliang Mu <dzm91@hust.edu.cn>
[ Upstream commit 061115fbfb2ce5870c9a004d68dc63138c07c782 ]
Smatch reports:
ath_pci_probe() warn: argument 4 to %lx specifier is cast from pointer
ath_ahb_probe() warn: argument 4 to %lx specifier is cast from pointer
Fix it by modifying %lx to %p in the printk format string.
Note that with this change, the pointer address will be printed as a
hashed value by default. This is appropriate because the kernel
should not leak kernel pointers to user space in an informational
message. If someone wants to see the real address for debugging
purposes, this can be achieved with the no_hash_pointers kernel option.
Signed-off-by: Dongliang Mu <dzm91@hust.edu.cn>
Acked-by: Toke Høiland-Jørgensen <toke@toke.dk>
Signed-off-by: Kalle Valo <quic_kvalo@quicinc.com>
Link: https://lore.kernel.org/r/20230723040403.296723-1-dzm91@hust.edu.cn
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/wireless/ath/ath9k/ahb.c | 4 ++--
drivers/net/wireless/ath/ath9k/pci.c | 4 ++--
2 files changed, 4 insertions(+), 4 deletions(-)
diff --git a/drivers/net/wireless/ath/ath9k/ahb.c b/drivers/net/wireless/ath/ath9k/ahb.c
index 63019c3de034d..26023e3b4b9df 100644
--- a/drivers/net/wireless/ath/ath9k/ahb.c
+++ b/drivers/net/wireless/ath/ath9k/ahb.c
@@ -136,8 +136,8 @@ static int ath_ahb_probe(struct platform_device *pdev)
ah = sc->sc_ah;
ath9k_hw_name(ah, hw_name, sizeof(hw_name));
- wiphy_info(hw->wiphy, "%s mem=0x%lx, irq=%d\n",
- hw_name, (unsigned long)mem, irq);
+ wiphy_info(hw->wiphy, "%s mem=0x%p, irq=%d\n",
+ hw_name, mem, irq);
return 0;
diff --git a/drivers/net/wireless/ath/ath9k/pci.c b/drivers/net/wireless/ath/ath9k/pci.c
index 92b2dd396436a..cb3318bd3cad2 100644
--- a/drivers/net/wireless/ath/ath9k/pci.c
+++ b/drivers/net/wireless/ath/ath9k/pci.c
@@ -993,8 +993,8 @@ static int ath_pci_probe(struct pci_dev *pdev, const struct pci_device_id *id)
sc->sc_ah->msi_reg = 0;
ath9k_hw_name(sc->sc_ah, hw_name, sizeof(hw_name));
- wiphy_info(hw->wiphy, "%s mem=0x%lx, irq=%d\n",
- hw_name, (unsigned long)sc->mem, pdev->irq);
+ wiphy_info(hw->wiphy, "%s mem=0x%p, irq=%d\n",
+ hw_name, sc->mem, pdev->irq);
return 0;
--
2.40.1
^ permalink raw reply related [flat|nested] 396+ messages in thread
* [PATCH 5.4 320/367] wifi: mwifiex: fix fortify warning
2023-09-20 11:26 [PATCH 5.4 000/367] 5.4.257-rc1 review Greg Kroah-Hartman
` (318 preceding siblings ...)
2023-09-20 11:31 ` [PATCH 5.4 319/367] wifi: ath9k: fix printk specifier Greg Kroah-Hartman
@ 2023-09-20 11:31 ` Greg Kroah-Hartman
2023-09-20 11:31 ` [PATCH 5.4 321/367] crypto: lib/mpi - avoid null pointer deref in mpi_cmp_ui() Greg Kroah-Hartman
` (52 subsequent siblings)
372 siblings, 0 replies; 396+ messages in thread
From: Greg Kroah-Hartman @ 2023-09-20 11:31 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Brian Norris, Dmitry Antipov,
Kalle Valo, Sasha Levin
5.4-stable review patch. If anyone has any objections, please let me know.
------------------
From: Dmitry Antipov <dmantipov@yandex.ru>
[ Upstream commit dcce94b80a954a8968ff29fafcfb066d6197fa9a ]
When compiling with gcc 13.1 and CONFIG_FORTIFY_SOURCE=y,
I've noticed the following:
In function ‘fortify_memcpy_chk’,
inlined from ‘mwifiex_construct_tdls_action_frame’ at drivers/net/wireless/marvell/mwifiex/tdls.c:765:3,
inlined from ‘mwifiex_send_tdls_action_frame’ at drivers/net/wireless/marvell/mwifiex/tdls.c:856:6:
./include/linux/fortify-string.h:529:25: warning: call to ‘__read_overflow2_field’
declared with attribute warning: detected read beyond size of field (2nd parameter);
maybe use struct_group()? [-Wattribute-warning]
529 | __read_overflow2_field(q_size_field, size);
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
The compiler actually complains on:
memmove(pos + ETH_ALEN, &mgmt->u.action.category,
sizeof(mgmt->u.action.u.tdls_discover_resp));
and it happens because the fortification logic interprets this
as an attempt to overread 1-byte 'u.action.category' member of
'struct ieee80211_mgmt'. To silence this warning, it's enough
to pass an address of 'u.action' itself instead of an address
of its first member.
This also fixes an improper usage of 'sizeof()'. Since 'skb' is
extended with 'sizeof(mgmt->u.action.u.tdls_discover_resp) + 1'
bytes (where 1 is actually 'sizeof(mgmt->u.action.category)'),
I assume that the same number of bytes should be copied.
Suggested-by: Brian Norris <briannorris@chromium.org>
Signed-off-by: Dmitry Antipov <dmantipov@yandex.ru>
Reviewed-by: Brian Norris <briannorris@chromium.org>
Signed-off-by: Kalle Valo <kvalo@kernel.org>
Link: https://lore.kernel.org/r/20230629085115.180499-2-dmantipov@yandex.ru
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/wireless/marvell/mwifiex/tdls.c | 9 ++++++---
1 file changed, 6 insertions(+), 3 deletions(-)
diff --git a/drivers/net/wireless/marvell/mwifiex/tdls.c b/drivers/net/wireless/marvell/mwifiex/tdls.c
index f8f282ce39bd4..17f8379351923 100644
--- a/drivers/net/wireless/marvell/mwifiex/tdls.c
+++ b/drivers/net/wireless/marvell/mwifiex/tdls.c
@@ -734,6 +734,7 @@ mwifiex_construct_tdls_action_frame(struct mwifiex_private *priv,
int ret;
u16 capab;
struct ieee80211_ht_cap *ht_cap;
+ unsigned int extra;
u8 radio, *pos;
capab = priv->curr_bss_params.bss_descriptor.cap_info_bitmap;
@@ -752,7 +753,10 @@ mwifiex_construct_tdls_action_frame(struct mwifiex_private *priv,
switch (action_code) {
case WLAN_PUB_ACTION_TDLS_DISCOVER_RES:
- skb_put(skb, sizeof(mgmt->u.action.u.tdls_discover_resp) + 1);
+ /* See the layout of 'struct ieee80211_mgmt'. */
+ extra = sizeof(mgmt->u.action.u.tdls_discover_resp) +
+ sizeof(mgmt->u.action.category);
+ skb_put(skb, extra);
mgmt->u.action.category = WLAN_CATEGORY_PUBLIC;
mgmt->u.action.u.tdls_discover_resp.action_code =
WLAN_PUB_ACTION_TDLS_DISCOVER_RES;
@@ -761,8 +765,7 @@ mwifiex_construct_tdls_action_frame(struct mwifiex_private *priv,
mgmt->u.action.u.tdls_discover_resp.capability =
cpu_to_le16(capab);
/* move back for addr4 */
- memmove(pos + ETH_ALEN, &mgmt->u.action.category,
- sizeof(mgmt->u.action.u.tdls_discover_resp));
+ memmove(pos + ETH_ALEN, &mgmt->u.action, extra);
/* init address 4 */
eth_broadcast_addr(pos);
--
2.40.1
^ permalink raw reply related [flat|nested] 396+ messages in thread
* [PATCH 5.4 321/367] crypto: lib/mpi - avoid null pointer deref in mpi_cmp_ui()
2023-09-20 11:26 [PATCH 5.4 000/367] 5.4.257-rc1 review Greg Kroah-Hartman
` (319 preceding siblings ...)
2023-09-20 11:31 ` [PATCH 5.4 320/367] wifi: mwifiex: fix fortify warning Greg Kroah-Hartman
@ 2023-09-20 11:31 ` Greg Kroah-Hartman
2023-09-20 11:31 ` [PATCH 5.4 322/367] tpm_tis: Resend command to recover from data transfer errors Greg Kroah-Hartman
` (51 subsequent siblings)
372 siblings, 0 replies; 396+ messages in thread
From: Greg Kroah-Hartman @ 2023-09-20 11:31 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Mark ODonovan, Herbert Xu, Sasha Levin
5.4-stable review patch. If anyone has any objections, please let me know.
------------------
From: Mark O'Donovan <shiftee@posteo.net>
[ Upstream commit 9e47a758b70167c9301d2b44d2569f86c7796f2d ]
During NVMeTCP Authentication a controller can trigger a kernel
oops by specifying the 8192 bit Diffie Hellman group and passing
a correctly sized, but zeroed Diffie Hellamn value.
mpi_cmp_ui() was detecting this if the second parameter was 0,
but 1 is passed from dh_is_pubkey_valid(). This causes the null
pointer u->d to be dereferenced towards the end of mpi_cmp_ui()
Signed-off-by: Mark O'Donovan <shiftee@posteo.net>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
lib/mpi/mpi-cmp.c | 8 ++++++--
1 file changed, 6 insertions(+), 2 deletions(-)
diff --git a/lib/mpi/mpi-cmp.c b/lib/mpi/mpi-cmp.c
index d25e9e96c310f..ceaebe181cd70 100644
--- a/lib/mpi/mpi-cmp.c
+++ b/lib/mpi/mpi-cmp.c
@@ -25,8 +25,12 @@ int mpi_cmp_ui(MPI u, unsigned long v)
mpi_limb_t limb = v;
mpi_normalize(u);
- if (!u->nlimbs && !limb)
- return 0;
+ if (u->nlimbs == 0) {
+ if (v == 0)
+ return 0;
+ else
+ return -1;
+ }
if (u->sign)
return -1;
if (u->nlimbs > 1)
--
2.40.1
^ permalink raw reply related [flat|nested] 396+ messages in thread
* [PATCH 5.4 322/367] tpm_tis: Resend command to recover from data transfer errors
2023-09-20 11:26 [PATCH 5.4 000/367] 5.4.257-rc1 review Greg Kroah-Hartman
` (320 preceding siblings ...)
2023-09-20 11:31 ` [PATCH 5.4 321/367] crypto: lib/mpi - avoid null pointer deref in mpi_cmp_ui() Greg Kroah-Hartman
@ 2023-09-20 11:31 ` Greg Kroah-Hartman
2023-09-20 11:31 ` [PATCH 5.4 323/367] mmc: sdhci-esdhc-imx: improve ESDHC_FLAG_ERR010450 Greg Kroah-Hartman
` (50 subsequent siblings)
372 siblings, 0 replies; 396+ messages in thread
From: Greg Kroah-Hartman @ 2023-09-20 11:31 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Alexander Steffen, Jarkko Sakkinen,
Sasha Levin
5.4-stable review patch. If anyone has any objections, please let me know.
------------------
From: Alexander Steffen <Alexander.Steffen@infineon.com>
[ Upstream commit 280db21e153d8810ce3b93640c63ae922bcb9e8e ]
Similar to the transmission of TPM responses, also the transmission of TPM
commands may become corrupted. Instead of aborting when detecting such
issues, try resending the command again.
Signed-off-by: Alexander Steffen <Alexander.Steffen@infineon.com>
Reviewed-by: Jarkko Sakkinen <jarkko@kernel.org>
Signed-off-by: Jarkko Sakkinen <jarkko@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/char/tpm/tpm_tis_core.c | 15 +++++++++++----
1 file changed, 11 insertions(+), 4 deletions(-)
diff --git a/drivers/char/tpm/tpm_tis_core.c b/drivers/char/tpm/tpm_tis_core.c
index ef47d1d58ac3a..a084f732c1804 100644
--- a/drivers/char/tpm/tpm_tis_core.c
+++ b/drivers/char/tpm/tpm_tis_core.c
@@ -421,10 +421,17 @@ static int tpm_tis_send_main(struct tpm_chip *chip, const u8 *buf, size_t len)
int rc;
u32 ordinal;
unsigned long dur;
-
- rc = tpm_tis_send_data(chip, buf, len);
- if (rc < 0)
- return rc;
+ unsigned int try;
+
+ for (try = 0; try < TPM_RETRY; try++) {
+ rc = tpm_tis_send_data(chip, buf, len);
+ if (rc >= 0)
+ /* Data transfer done successfully */
+ break;
+ else if (rc != -EIO)
+ /* Data transfer failed, not recoverable */
+ return rc;
+ }
/* go and do it */
rc = tpm_tis_write8(priv, TPM_STS(priv->locality), TPM_STS_GO);
--
2.40.1
^ permalink raw reply related [flat|nested] 396+ messages in thread
* [PATCH 5.4 323/367] mmc: sdhci-esdhc-imx: improve ESDHC_FLAG_ERR010450
2023-09-20 11:26 [PATCH 5.4 000/367] 5.4.257-rc1 review Greg Kroah-Hartman
` (321 preceding siblings ...)
2023-09-20 11:31 ` [PATCH 5.4 322/367] tpm_tis: Resend command to recover from data transfer errors Greg Kroah-Hartman
@ 2023-09-20 11:31 ` Greg Kroah-Hartman
2023-09-20 11:31 ` Greg Kroah-Hartman
` (49 subsequent siblings)
372 siblings, 0 replies; 396+ messages in thread
From: Greg Kroah-Hartman @ 2023-09-20 11:31 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Jim Reinhart, James Autry,
Matthew Maron, Giulio Benetti, Haibo Chen, Adrian Hunter,
Ulf Hansson, Sasha Levin
5.4-stable review patch. If anyone has any objections, please let me know.
------------------
From: Giulio Benetti <giulio.benetti@benettiengineering.com>
[ Upstream commit 5ae4b0d8875caa44946e579420c7fd5740d58653 ]
Errata ERR010450 only shows up if voltage is 1.8V, but if the device is
supplied by 3v3 the errata can be ignored. So let's check for if quirk
SDHCI_QUIRK2_NO_1_8_V is defined or not before limiting the frequency.
Cc: Jim Reinhart <jimr@tekvox.com>
Cc: James Autry <jautry@tekvox.com>
Cc: Matthew Maron <matthewm@tekvox.com>
Signed-off-by: Giulio Benetti <giulio.benetti@benettiengineering.com>
Acked-by: Haibo Chen <haibo.chen@nxp.com>
Acked-by: Adrian Hunter <adrian.hunter@intel.com>
Link: https://lore.kernel.org/r/20230811214853.8623-1-giulio.benetti@benettiengineering.com
Signed-off-by: Ulf Hansson <ulf.hansson@linaro.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/mmc/host/sdhci-esdhc-imx.c | 7 ++++---
1 file changed, 4 insertions(+), 3 deletions(-)
diff --git a/drivers/mmc/host/sdhci-esdhc-imx.c b/drivers/mmc/host/sdhci-esdhc-imx.c
index b3f761eca8299..762288c6d30ce 100644
--- a/drivers/mmc/host/sdhci-esdhc-imx.c
+++ b/drivers/mmc/host/sdhci-esdhc-imx.c
@@ -153,8 +153,8 @@
#define ESDHC_FLAG_HS400 BIT(9)
/*
* The IP has errata ERR010450
- * uSDHC: Due to the I/O timing limit, for SDR mode, SD card clock can't
- * exceed 150MHz, for DDR mode, SD card clock can't exceed 45MHz.
+ * uSDHC: At 1.8V due to the I/O timing limit, for SDR mode, SD card
+ * clock can't exceed 150MHz, for DDR mode, SD card clock can't exceed 45MHz.
*/
#define ESDHC_FLAG_ERR010450 BIT(10)
/* The IP supports HS400ES mode */
@@ -777,7 +777,8 @@ static inline void esdhc_pltfm_set_clock(struct sdhci_host *host,
| ESDHC_CLOCK_MASK);
sdhci_writel(host, temp, ESDHC_SYSTEM_CONTROL);
- if (imx_data->socdata->flags & ESDHC_FLAG_ERR010450) {
+ if ((imx_data->socdata->flags & ESDHC_FLAG_ERR010450) &&
+ (!(host->quirks2 & SDHCI_QUIRK2_NO_1_8_V))) {
unsigned int max_clock;
max_clock = imx_data->is_ddr ? 45000000 : 150000000;
--
2.40.1
^ permalink raw reply related [flat|nested] 396+ messages in thread
* [PATCH 5.4 324/367] alx: fix OOB-read compiler warning
2023-09-20 11:26 [PATCH 5.4 000/367] 5.4.257-rc1 review Greg Kroah-Hartman
@ 2023-09-20 11:31 ` Greg Kroah-Hartman
2023-09-20 11:26 ` [PATCH 5.4 002/367] ARM: pxa: remove use of symbol_get() Greg Kroah-Hartman
` (371 subsequent siblings)
372 siblings, 0 replies; 396+ messages in thread
From: Greg Kroah-Hartman @ 2023-09-20 11:31 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, GONG, Ruiqi, Simon Horman,
Paolo Abeni, Sasha Levin, GONG
5.4-stable review patch. If anyone has any objections, please let me know.
------------------
From: GONG, Ruiqi <gongruiqi1@huawei.com>
[ Upstream commit 3a198c95c95da10ad844cbeade2fe40bdf14c411 ]
The following message shows up when compiling with W=1:
In function ‘fortify_memcpy_chk’,
inlined from ‘alx_get_ethtool_stats’ at drivers/net/ethernet/atheros/alx/ethtool.c:297:2:
./include/linux/fortify-string.h:592:4: error: call to ‘__read_overflow2_field’
declared with attribute warning: detected read beyond size of field (2nd parameter);
maybe use struct_group()? [-Werror=attribute-warning]
592 | __read_overflow2_field(q_size_field, size);
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
In order to get alx stats altogether, alx_get_ethtool_stats() reads
beyond hw->stats.rx_ok. Fix this warning by directly copying hw->stats,
and refactor the unnecessarily complicated BUILD_BUG_ON btw.
Signed-off-by: GONG, Ruiqi <gongruiqi1@huawei.com>
Reviewed-by: Simon Horman <horms@kernel.org>
Link: https://lore.kernel.org/r/20230821013218.1614265-1-gongruiqi@huaweicloud.com
Signed-off-by: Paolo Abeni <pabeni@redhat.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/ethernet/atheros/alx/ethtool.c | 5 ++---
1 file changed, 2 insertions(+), 3 deletions(-)
diff --git a/drivers/net/ethernet/atheros/alx/ethtool.c b/drivers/net/ethernet/atheros/alx/ethtool.c
index 2f4eabf652e80..51e5aa2c74b34 100644
--- a/drivers/net/ethernet/atheros/alx/ethtool.c
+++ b/drivers/net/ethernet/atheros/alx/ethtool.c
@@ -281,9 +281,8 @@ static void alx_get_ethtool_stats(struct net_device *netdev,
spin_lock(&alx->stats_lock);
alx_update_hw_stats(hw);
- BUILD_BUG_ON(sizeof(hw->stats) - offsetof(struct alx_hw_stats, rx_ok) <
- ALX_NUM_STATS * sizeof(u64));
- memcpy(data, &hw->stats.rx_ok, ALX_NUM_STATS * sizeof(u64));
+ BUILD_BUG_ON(sizeof(hw->stats) != ALX_NUM_STATS * sizeof(u64));
+ memcpy(data, &hw->stats, sizeof(hw->stats));
spin_unlock(&alx->stats_lock);
}
--
2.40.1
^ permalink raw reply related [flat|nested] 396+ messages in thread
* [PATCH 5.4 324/367] alx: fix OOB-read compiler warning
@ 2023-09-20 11:31 ` Greg Kroah-Hartman
0 siblings, 0 replies; 396+ messages in thread
From: Greg Kroah-Hartman @ 2023-09-20 11:31 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, GONG, Ruiqi, Simon Horman,
Paolo Abeni, Sasha Levin, GONG
5.4-stable review patch. If anyone has any objections, please let me know.
------------------
From: GONG, Ruiqi <gongruiqi1@huawei.com>
[ Upstream commit 3a198c95c95da10ad844cbeade2fe40bdf14c411 ]
The following message shows up when compiling with W=1:
In function ‘fortify_memcpy_chk’,
inlined from ‘alx_get_ethtool_stats’ at drivers/net/ethernet/atheros/alx/ethtool.c:297:2:
./include/linux/fortify-string.h:592:4: error: call to ‘__read_overflow2_field’
declared with attribute warning: detected read beyond size of field (2nd parameter);
maybe use struct_group()? [-Werror=attribute-warning]
592 | __read_overflow2_field(q_size_field, size);
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
In order to get alx stats altogether, alx_get_ethtool_stats() reads
beyond hw->stats.rx_ok. Fix this warning by directly copying hw->stats,
and refactor the unnecessarily complicated BUILD_BUG_ON btw.
Signed-off-by: GONG, Ruiqi <gongruiqi1@huawei.com>
Reviewed-by: Simon Horman <horms@kernel.org>
Link: https://lore.kernel.org/r/20230821013218.1614265-1-gongruiqi@huaweicloud.com
Signed-off-by: Paolo Abeni <pabeni@redhat.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/ethernet/atheros/alx/ethtool.c | 5 ++---
1 file changed, 2 insertions(+), 3 deletions(-)
diff --git a/drivers/net/ethernet/atheros/alx/ethtool.c b/drivers/net/ethernet/atheros/alx/ethtool.c
index 2f4eabf652e80..51e5aa2c74b34 100644
--- a/drivers/net/ethernet/atheros/alx/ethtool.c
+++ b/drivers/net/ethernet/atheros/alx/ethtool.c
@@ -281,9 +281,8 @@ static void alx_get_ethtool_stats(struct net_device *netdev,
spin_lock(&alx->stats_lock);
alx_update_hw_stats(hw);
- BUILD_BUG_ON(sizeof(hw->stats) - offsetof(struct alx_hw_stats, rx_ok) <
- ALX_NUM_STATS * sizeof(u64));
- memcpy(data, &hw->stats.rx_ok, ALX_NUM_STATS * sizeof(u64));
+ BUILD_BUG_ON(sizeof(hw->stats) != ALX_NUM_STATS * sizeof(u64));
+ memcpy(data, &hw->stats, sizeof(hw->stats));
spin_unlock(&alx->stats_lock);
}
--
2.40.1
^ permalink raw reply related [flat|nested] 396+ messages in thread
* [PATCH 5.4 325/367] wifi: mac80211_hwsim: drop short frames
2023-09-20 11:26 [PATCH 5.4 000/367] 5.4.257-rc1 review Greg Kroah-Hartman
` (323 preceding siblings ...)
2023-09-20 11:31 ` Greg Kroah-Hartman
@ 2023-09-20 11:31 ` Greg Kroah-Hartman
2023-09-20 11:31 ` [PATCH 5.4 326/367] libbpf: Free btf_vmlinux when closing bpf_object Greg Kroah-Hartman
` (47 subsequent siblings)
372 siblings, 0 replies; 396+ messages in thread
From: Greg Kroah-Hartman @ 2023-09-20 11:31 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, syzbot+b2645b5bf1512b81fa22,
Jeff Johnson, Johannes Berg, Sasha Levin
5.4-stable review patch. If anyone has any objections, please let me know.
------------------
From: Johannes Berg <johannes.berg@intel.com>
[ Upstream commit fba360a047d5eeeb9d4b7c3a9b1c8308980ce9a6 ]
While technically some control frames like ACK are shorter and
end after Address 1, such frames shouldn't be forwarded through
wmediumd or similar userspace, so require the full 3-address
header to avoid accessing invalid memory if shorter frames are
passed in.
Reported-by: syzbot+b2645b5bf1512b81fa22@syzkaller.appspotmail.com
Reviewed-by: Jeff Johnson <quic_jjohnson@quicinc.com>
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/wireless/mac80211_hwsim.c | 7 ++++---
1 file changed, 4 insertions(+), 3 deletions(-)
diff --git a/drivers/net/wireless/mac80211_hwsim.c b/drivers/net/wireless/mac80211_hwsim.c
index f80b1d57d6c38..a21739b2f44e6 100644
--- a/drivers/net/wireless/mac80211_hwsim.c
+++ b/drivers/net/wireless/mac80211_hwsim.c
@@ -3367,14 +3367,15 @@ static int hwsim_cloned_frame_received_nl(struct sk_buff *skb_2,
frame_data_len = nla_len(info->attrs[HWSIM_ATTR_FRAME]);
frame_data = (void *)nla_data(info->attrs[HWSIM_ATTR_FRAME]);
+ if (frame_data_len < sizeof(struct ieee80211_hdr_3addr) ||
+ frame_data_len > IEEE80211_MAX_DATA_LEN)
+ goto err;
+
/* Allocate new skb here */
skb = alloc_skb(frame_data_len, GFP_KERNEL);
if (skb == NULL)
goto err;
- if (frame_data_len > IEEE80211_MAX_DATA_LEN)
- goto err;
-
/* Copy the data */
skb_put_data(skb, frame_data, frame_data_len);
--
2.40.1
^ permalink raw reply related [flat|nested] 396+ messages in thread
* [PATCH 5.4 326/367] libbpf: Free btf_vmlinux when closing bpf_object
2023-09-20 11:26 [PATCH 5.4 000/367] 5.4.257-rc1 review Greg Kroah-Hartman
` (324 preceding siblings ...)
2023-09-20 11:31 ` [PATCH 5.4 325/367] wifi: mac80211_hwsim: drop short frames Greg Kroah-Hartman
@ 2023-09-20 11:31 ` Greg Kroah-Hartman
2023-09-20 13:28 ` Harshit Mogalapalli
2023-09-20 11:31 ` [PATCH 5.4 327/367] drm/exynos: fix a possible null-pointer dereference due to data race in exynos_drm_crtc_atomic_disable() Greg Kroah-Hartman
` (46 subsequent siblings)
372 siblings, 1 reply; 396+ messages in thread
From: Greg Kroah-Hartman @ 2023-09-20 11:31 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Hao Luo, Andrii Nakryiko, Sasha Levin
5.4-stable review patch. If anyone has any objections, please let me know.
------------------
From: Hao Luo <haoluo@google.com>
[ Upstream commit 29d67fdebc42af6466d1909c60fdd1ef4f3e5240 ]
I hit a memory leak when testing bpf_program__set_attach_target().
Basically, set_attach_target() may allocate btf_vmlinux, for example,
when setting attach target for bpf_iter programs. But btf_vmlinux
is freed only in bpf_object_load(), which means if we only open
bpf object but not load it, setting attach target may leak
btf_vmlinux.
So let's free btf_vmlinux in bpf_object__close() anyway.
Signed-off-by: Hao Luo <haoluo@google.com>
Signed-off-by: Andrii Nakryiko <andrii@kernel.org>
Link: https://lore.kernel.org/bpf/20230822193840.1509809-1-haoluo@google.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
tools/lib/bpf/libbpf.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/tools/lib/bpf/libbpf.c b/tools/lib/bpf/libbpf.c
index b8849812449c3..343018632d2d1 100644
--- a/tools/lib/bpf/libbpf.c
+++ b/tools/lib/bpf/libbpf.c
@@ -4202,6 +4202,7 @@ void bpf_object__close(struct bpf_object *obj)
bpf_object__elf_finish(obj);
bpf_object__unload(obj);
btf__free(obj->btf);
+ btf__free(obj->btf_vmlinux);
btf_ext__free(obj->btf_ext);
for (i = 0; i < obj->nr_maps; i++) {
--
2.40.1
^ permalink raw reply related [flat|nested] 396+ messages in thread
* [PATCH 5.4 327/367] drm/exynos: fix a possible null-pointer dereference due to data race in exynos_drm_crtc_atomic_disable()
2023-09-20 11:26 [PATCH 5.4 000/367] 5.4.257-rc1 review Greg Kroah-Hartman
` (325 preceding siblings ...)
2023-09-20 11:31 ` [PATCH 5.4 326/367] libbpf: Free btf_vmlinux when closing bpf_object Greg Kroah-Hartman
@ 2023-09-20 11:31 ` Greg Kroah-Hartman
2023-09-20 11:31 ` [PATCH 5.4 328/367] bus: ti-sysc: Configure uart quirks for k3 SoC Greg Kroah-Hartman
` (45 subsequent siblings)
372 siblings, 0 replies; 396+ messages in thread
From: Greg Kroah-Hartman @ 2023-09-20 11:31 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, BassCheck, Tuo Li,
Krzysztof Kozlowski, Inki Dae, Sasha Levin
5.4-stable review patch. If anyone has any objections, please let me know.
------------------
From: Tuo Li <islituo@gmail.com>
[ Upstream commit 2e63972a2de14482d0eae1a03a73e379f1c3f44c ]
The variable crtc->state->event is often protected by the lock
crtc->dev->event_lock when is accessed. However, it is accessed as a
condition of an if statement in exynos_drm_crtc_atomic_disable() without
holding the lock:
if (crtc->state->event && !crtc->state->active)
However, if crtc->state->event is changed to NULL by another thread right
after the conditions of the if statement is checked to be true, a
null-pointer dereference can occur in drm_crtc_send_vblank_event():
e->pipe = pipe;
To fix this possible null-pointer dereference caused by data race, the
spin lock coverage is extended to protect the if statement as well as the
function call to drm_crtc_send_vblank_event().
Reported-by: BassCheck <bass@buaa.edu.cn>
Link: https://sites.google.com/view/basscheck/home
Signed-off-by: Tuo Li <islituo@gmail.com>
Reviewed-by: Krzysztof Kozlowski <krzysztof.kozlowski@linaro.org>
Added relevant link.
Signed-off-by: Inki Dae <inki.dae@samsung.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/gpu/drm/exynos/exynos_drm_crtc.c | 5 ++---
1 file changed, 2 insertions(+), 3 deletions(-)
diff --git a/drivers/gpu/drm/exynos/exynos_drm_crtc.c b/drivers/gpu/drm/exynos/exynos_drm_crtc.c
index 77ce78986408b..c10eea6db9a80 100644
--- a/drivers/gpu/drm/exynos/exynos_drm_crtc.c
+++ b/drivers/gpu/drm/exynos/exynos_drm_crtc.c
@@ -39,13 +39,12 @@ static void exynos_drm_crtc_atomic_disable(struct drm_crtc *crtc,
if (exynos_crtc->ops->disable)
exynos_crtc->ops->disable(exynos_crtc);
+ spin_lock_irq(&crtc->dev->event_lock);
if (crtc->state->event && !crtc->state->active) {
- spin_lock_irq(&crtc->dev->event_lock);
drm_crtc_send_vblank_event(crtc, crtc->state->event);
- spin_unlock_irq(&crtc->dev->event_lock);
-
crtc->state->event = NULL;
}
+ spin_unlock_irq(&crtc->dev->event_lock);
}
static int exynos_crtc_atomic_check(struct drm_crtc *crtc,
--
2.40.1
^ permalink raw reply related [flat|nested] 396+ messages in thread
* [PATCH 5.4 328/367] bus: ti-sysc: Configure uart quirks for k3 SoC
2023-09-20 11:26 [PATCH 5.4 000/367] 5.4.257-rc1 review Greg Kroah-Hartman
` (326 preceding siblings ...)
2023-09-20 11:31 ` [PATCH 5.4 327/367] drm/exynos: fix a possible null-pointer dereference due to data race in exynos_drm_crtc_atomic_disable() Greg Kroah-Hartman
@ 2023-09-20 11:31 ` Greg Kroah-Hartman
2023-09-20 11:31 ` [PATCH 5.4 329/367] md: raid1: fix potential OOB in raid1_remove_disk() Greg Kroah-Hartman
` (44 subsequent siblings)
372 siblings, 0 replies; 396+ messages in thread
From: Greg Kroah-Hartman @ 2023-09-20 11:31 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Nishanth Menon, Tony Lindgren, Sasha Levin
5.4-stable review patch. If anyone has any objections, please let me know.
------------------
From: Tony Lindgren <tony@atomide.com>
[ Upstream commit 03a711d3cb83692733f865312f49e665c49de6de ]
Enable the uart quirks similar to the earlier SoCs. Let's assume we are
likely going to need a k3 specific quirk mask separate from the earlier
SoCs, so let's not start changing the revision register mask at this point.
Note that SYSC_QUIRK_LEGACY_IDLE will be needed until we can remove the
need for pm_runtime_irq_safe() from 8250_omap driver.
Reviewed-by: Nishanth Menon <nm@ti.com>
Signed-off-by: Tony Lindgren <tony@atomide.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/bus/ti-sysc.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/drivers/bus/ti-sysc.c b/drivers/bus/ti-sysc.c
index e1a9838c96655..b542c2b2aef49 100644
--- a/drivers/bus/ti-sysc.c
+++ b/drivers/bus/ti-sysc.c
@@ -1379,6 +1379,8 @@ static const struct sysc_revision_quirk sysc_revision_quirks[] = {
SYSC_QUIRK_SWSUP_SIDLE | SYSC_QUIRK_LEGACY_IDLE),
SYSC_QUIRK("uart", 0, 0x50, 0x54, 0x58, 0x47422e03, 0xffffffff,
SYSC_QUIRK_SWSUP_SIDLE | SYSC_QUIRK_LEGACY_IDLE),
+ SYSC_QUIRK("uart", 0, 0x50, 0x54, 0x58, 0x47424e03, 0xffffffff,
+ SYSC_QUIRK_SWSUP_SIDLE | SYSC_QUIRK_LEGACY_IDLE),
/* Quirks that need to be set based on the module address */
SYSC_QUIRK("mcpdm", 0x40132000, 0, 0x10, -ENODEV, 0x50000800, 0xffffffff,
--
2.40.1
^ permalink raw reply related [flat|nested] 396+ messages in thread
* [PATCH 5.4 329/367] md: raid1: fix potential OOB in raid1_remove_disk()
2023-09-20 11:26 [PATCH 5.4 000/367] 5.4.257-rc1 review Greg Kroah-Hartman
` (327 preceding siblings ...)
2023-09-20 11:31 ` [PATCH 5.4 328/367] bus: ti-sysc: Configure uart quirks for k3 SoC Greg Kroah-Hartman
@ 2023-09-20 11:31 ` Greg Kroah-Hartman
2023-09-20 11:31 ` [PATCH 5.4 330/367] ext2: fix datatype of block number in ext2_xattr_set2() Greg Kroah-Hartman
` (43 subsequent siblings)
372 siblings, 0 replies; 396+ messages in thread
From: Greg Kroah-Hartman @ 2023-09-20 11:31 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Zhang Shurong, Yu Kuai, Song Liu,
Sasha Levin
5.4-stable review patch. If anyone has any objections, please let me know.
------------------
From: Zhang Shurong <zhang_shurong@foxmail.com>
[ Upstream commit 8b0472b50bcf0f19a5119b00a53b63579c8e1e4d ]
If rddev->raid_disk is greater than mddev->raid_disks, there will be
an out-of-bounds in raid1_remove_disk(). We have already found
similar reports as follows:
1) commit d17f744e883b ("md-raid10: fix KASAN warning")
2) commit 1ebc2cec0b7d ("dm raid: fix KASAN warning in raid5_remove_disk")
Fix this bug by checking whether the "number" variable is
valid.
Signed-off-by: Zhang Shurong <zhang_shurong@foxmail.com>
Reviewed-by: Yu Kuai <yukuai3@huawei.com>
Link: https://lore.kernel.org/r/tencent_0D24426FAC6A21B69AC0C03CE4143A508F09@qq.com
Signed-off-by: Song Liu <song@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/md/raid1.c | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/drivers/md/raid1.c b/drivers/md/raid1.c
index 1919de4c8c12d..f96e079454700 100644
--- a/drivers/md/raid1.c
+++ b/drivers/md/raid1.c
@@ -1808,6 +1808,10 @@ static int raid1_remove_disk(struct mddev *mddev, struct md_rdev *rdev)
struct r1conf *conf = mddev->private;
int err = 0;
int number = rdev->raid_disk;
+
+ if (unlikely(number >= conf->raid_disks))
+ goto abort;
+
struct raid1_info *p = conf->mirrors + number;
if (rdev != p->rdev)
--
2.40.1
^ permalink raw reply related [flat|nested] 396+ messages in thread
* [PATCH 5.4 330/367] ext2: fix datatype of block number in ext2_xattr_set2()
2023-09-20 11:26 [PATCH 5.4 000/367] 5.4.257-rc1 review Greg Kroah-Hartman
` (328 preceding siblings ...)
2023-09-20 11:31 ` [PATCH 5.4 329/367] md: raid1: fix potential OOB in raid1_remove_disk() Greg Kroah-Hartman
@ 2023-09-20 11:31 ` Greg Kroah-Hartman
2023-09-20 11:31 ` [PATCH 5.4 331/367] fs/jfs: prevent double-free in dbUnmount() after failed jfs_remount() Greg Kroah-Hartman
` (42 subsequent siblings)
372 siblings, 0 replies; 396+ messages in thread
From: Greg Kroah-Hartman @ 2023-09-20 11:31 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Georg Ottinger, Jan Kara, Sasha Levin
5.4-stable review patch. If anyone has any objections, please let me know.
------------------
From: Georg Ottinger <g.ottinger@gmx.at>
[ Upstream commit e88076348425b7d0491c8c98d8732a7df8de7aa3 ]
I run a small server that uses external hard drives for backups. The
backup software I use uses ext2 filesystems with 4KiB block size and
the server is running SELinux and therefore relies on xattr. I recently
upgraded the hard drives from 4TB to 12TB models. I noticed that after
transferring some TBs I got a filesystem error "Freeing blocks not in
datazone - block = 18446744071529317386, count = 1" and the backup
process stopped. Trying to fix the fs with e2fsck resulted in a
completely corrupted fs. The error probably came from ext2_free_blocks(),
and because of the large number 18e19 this problem immediately looked
like some kind of integer overflow. Whereas the 4TB fs was about 1e9
blocks, the new 12TB is about 3e9 blocks. So, searching the ext2 code,
I came across the line in fs/ext2/xattr.c:745 where ext2_new_block()
is called and the resulting block number is stored in the variable block
as an int datatype. If a block with a block number greater than
INT32_MAX is returned, this variable overflows and the call to
sb_getblk() at line fs/ext2/xattr.c:750 fails, then the call to
ext2_free_blocks() produces the error.
Signed-off-by: Georg Ottinger <g.ottinger@gmx.at>
Signed-off-by: Jan Kara <jack@suse.cz>
Message-Id: <20230815100340.22121-1-g.ottinger@gmx.at>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
fs/ext2/xattr.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/fs/ext2/xattr.c b/fs/ext2/xattr.c
index 62acbe27d8bf4..ca7ff31a1f194 100644
--- a/fs/ext2/xattr.c
+++ b/fs/ext2/xattr.c
@@ -690,10 +690,10 @@ ext2_xattr_set2(struct inode *inode, struct buffer_head *old_bh,
/* We need to allocate a new block */
ext2_fsblk_t goal = ext2_group_first_block_no(sb,
EXT2_I(inode)->i_block_group);
- int block = ext2_new_block(inode, goal, &error);
+ ext2_fsblk_t block = ext2_new_block(inode, goal, &error);
if (error)
goto cleanup;
- ea_idebug(inode, "creating block %d", block);
+ ea_idebug(inode, "creating block %lu", block);
new_bh = sb_getblk(sb, block);
if (unlikely(!new_bh)) {
--
2.40.1
^ permalink raw reply related [flat|nested] 396+ messages in thread
* [PATCH 5.4 331/367] fs/jfs: prevent double-free in dbUnmount() after failed jfs_remount()
2023-09-20 11:26 [PATCH 5.4 000/367] 5.4.257-rc1 review Greg Kroah-Hartman
` (329 preceding siblings ...)
2023-09-20 11:31 ` [PATCH 5.4 330/367] ext2: fix datatype of block number in ext2_xattr_set2() Greg Kroah-Hartman
@ 2023-09-20 11:31 ` Greg Kroah-Hartman
2023-09-20 11:31 ` [PATCH 5.4 332/367] jfs: fix invalid free of JFS_IP(ipimap)->i_imap in diUnmount Greg Kroah-Hartman
` (41 subsequent siblings)
372 siblings, 0 replies; 396+ messages in thread
From: Greg Kroah-Hartman @ 2023-09-20 11:31 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Andrew Kanner, Dave Kleikamp,
Sasha Levin, syzbot+6a93efb725385bc4b2e9
5.4-stable review patch. If anyone has any objections, please let me know.
------------------
From: Andrew Kanner <andrew.kanner@gmail.com>
[ Upstream commit cade5397e5461295f3cb87880534b6a07cafa427 ]
Syzkaller reported the following issue:
==================================================================
BUG: KASAN: double-free in slab_free mm/slub.c:3787 [inline]
BUG: KASAN: double-free in __kmem_cache_free+0x71/0x110 mm/slub.c:3800
Free of addr ffff888086408000 by task syz-executor.4/12750
[...]
Call Trace:
<TASK>
[...]
kasan_report_invalid_free+0xac/0xd0 mm/kasan/report.c:482
____kasan_slab_free+0xfb/0x120
kasan_slab_free include/linux/kasan.h:177 [inline]
slab_free_hook mm/slub.c:1781 [inline]
slab_free_freelist_hook+0x12e/0x1a0 mm/slub.c:1807
slab_free mm/slub.c:3787 [inline]
__kmem_cache_free+0x71/0x110 mm/slub.c:3800
dbUnmount+0xf4/0x110 fs/jfs/jfs_dmap.c:264
jfs_umount+0x248/0x3b0 fs/jfs/jfs_umount.c:87
jfs_put_super+0x86/0x190 fs/jfs/super.c:194
generic_shutdown_super+0x130/0x310 fs/super.c:492
kill_block_super+0x79/0xd0 fs/super.c:1386
deactivate_locked_super+0xa7/0xf0 fs/super.c:332
cleanup_mnt+0x494/0x520 fs/namespace.c:1291
task_work_run+0x243/0x300 kernel/task_work.c:179
resume_user_mode_work include/linux/resume_user_mode.h:49 [inline]
exit_to_user_mode_loop+0x124/0x150 kernel/entry/common.c:171
exit_to_user_mode_prepare+0xb2/0x140 kernel/entry/common.c:203
__syscall_exit_to_user_mode_work kernel/entry/common.c:285 [inline]
syscall_exit_to_user_mode+0x26/0x60 kernel/entry/common.c:296
do_syscall_64+0x49/0xb0 arch/x86/entry/common.c:86
entry_SYSCALL_64_after_hwframe+0x63/0xcd
[...]
</TASK>
Allocated by task 13352:
kasan_save_stack mm/kasan/common.c:45 [inline]
kasan_set_track+0x3d/0x60 mm/kasan/common.c:52
____kasan_kmalloc mm/kasan/common.c:371 [inline]
__kasan_kmalloc+0x97/0xb0 mm/kasan/common.c:380
kmalloc include/linux/slab.h:580 [inline]
dbMount+0x54/0x980 fs/jfs/jfs_dmap.c:164
jfs_mount+0x1dd/0x830 fs/jfs/jfs_mount.c:121
jfs_fill_super+0x590/0xc50 fs/jfs/super.c:556
mount_bdev+0x26c/0x3a0 fs/super.c:1359
legacy_get_tree+0xea/0x180 fs/fs_context.c:610
vfs_get_tree+0x88/0x270 fs/super.c:1489
do_new_mount+0x289/0xad0 fs/namespace.c:3145
do_mount fs/namespace.c:3488 [inline]
__do_sys_mount fs/namespace.c:3697 [inline]
__se_sys_mount+0x2d3/0x3c0 fs/namespace.c:3674
do_syscall_x64 arch/x86/entry/common.c:50 [inline]
do_syscall_64+0x3d/0xb0 arch/x86/entry/common.c:80
entry_SYSCALL_64_after_hwframe+0x63/0xcd
Freed by task 13352:
kasan_save_stack mm/kasan/common.c:45 [inline]
kasan_set_track+0x3d/0x60 mm/kasan/common.c:52
kasan_save_free_info+0x27/0x40 mm/kasan/generic.c:518
____kasan_slab_free+0xd6/0x120 mm/kasan/common.c:236
kasan_slab_free include/linux/kasan.h:177 [inline]
slab_free_hook mm/slub.c:1781 [inline]
slab_free_freelist_hook+0x12e/0x1a0 mm/slub.c:1807
slab_free mm/slub.c:3787 [inline]
__kmem_cache_free+0x71/0x110 mm/slub.c:3800
dbUnmount+0xf4/0x110 fs/jfs/jfs_dmap.c:264
jfs_mount_rw+0x545/0x740 fs/jfs/jfs_mount.c:247
jfs_remount+0x3db/0x710 fs/jfs/super.c:454
reconfigure_super+0x3bc/0x7b0 fs/super.c:935
vfs_fsconfig_locked fs/fsopen.c:254 [inline]
__do_sys_fsconfig fs/fsopen.c:439 [inline]
__se_sys_fsconfig+0xad5/0x1060 fs/fsopen.c:314
do_syscall_x64 arch/x86/entry/common.c:50 [inline]
do_syscall_64+0x3d/0xb0 arch/x86/entry/common.c:80
entry_SYSCALL_64_after_hwframe+0x63/0xcd
[...]
JFS_SBI(ipbmap->i_sb)->bmap wasn't set to NULL after kfree() in
dbUnmount().
Syzkaller uses faultinject to reproduce this KASAN double-free
warning. The issue is triggered if either diMount() or dbMount() fail
in jfs_remount(), since diUnmount() or dbUnmount() already happened in
such a case - they will do double-free on next execution: jfs_umount
or jfs_remount.
Tested on both upstream and jfs-next by syzkaller.
Reported-and-tested-by: syzbot+6a93efb725385bc4b2e9@syzkaller.appspotmail.com
Closes: https://lore.kernel.org/all/000000000000471f2d05f1ce8bad@google.com/T/
Link: https://syzkaller.appspot.com/bug?extid=6a93efb725385bc4b2e9
Signed-off-by: Andrew Kanner <andrew.kanner@gmail.com>
Signed-off-by: Dave Kleikamp <dave.kleikamp@oracle.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
fs/jfs/jfs_dmap.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/fs/jfs/jfs_dmap.c b/fs/jfs/jfs_dmap.c
index 8e8d53241386f..a785c747a8cbb 100644
--- a/fs/jfs/jfs_dmap.c
+++ b/fs/jfs/jfs_dmap.c
@@ -269,6 +269,7 @@ int dbUnmount(struct inode *ipbmap, int mounterror)
/* free the memory for the in-memory bmap. */
kfree(bmp);
+ JFS_SBI(ipbmap->i_sb)->bmap = NULL;
return (0);
}
--
2.40.1
^ permalink raw reply related [flat|nested] 396+ messages in thread
* [PATCH 5.4 332/367] jfs: fix invalid free of JFS_IP(ipimap)->i_imap in diUnmount
2023-09-20 11:26 [PATCH 5.4 000/367] 5.4.257-rc1 review Greg Kroah-Hartman
` (330 preceding siblings ...)
2023-09-20 11:31 ` [PATCH 5.4 331/367] fs/jfs: prevent double-free in dbUnmount() after failed jfs_remount() Greg Kroah-Hartman
@ 2023-09-20 11:31 ` Greg Kroah-Hartman
2023-09-20 11:31 ` [PATCH 5.4 333/367] powerpc/pseries: fix possible memory leak in ibmebus_bus_init() Greg Kroah-Hartman
` (40 subsequent siblings)
372 siblings, 0 replies; 396+ messages in thread
From: Greg Kroah-Hartman @ 2023-09-20 11:31 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, syzbot+90a11e6b1e810785c6ff,
Liu Shixin, Dave Kleikamp, Sasha Levin
5.4-stable review patch. If anyone has any objections, please let me know.
------------------
From: Liu Shixin via Jfs-discussion <jfs-discussion@lists.sourceforge.net>
[ Upstream commit 6e2bda2c192d0244b5a78b787ef20aa10cb319b7 ]
syzbot found an invalid-free in diUnmount:
BUG: KASAN: double-free in slab_free mm/slub.c:3661 [inline]
BUG: KASAN: double-free in __kmem_cache_free+0x71/0x110 mm/slub.c:3674
Free of addr ffff88806f410000 by task syz-executor131/3632
CPU: 0 PID: 3632 Comm: syz-executor131 Not tainted 6.1.0-rc7-syzkaller-00012-gca57f02295f1 #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
Call Trace:
<TASK>
__dump_stack lib/dump_stack.c:88 [inline]
dump_stack_lvl+0x1b1/0x28e lib/dump_stack.c:106
print_address_description+0x74/0x340 mm/kasan/report.c:284
print_report+0x107/0x1f0 mm/kasan/report.c:395
kasan_report_invalid_free+0xac/0xd0 mm/kasan/report.c:460
____kasan_slab_free+0xfb/0x120
kasan_slab_free include/linux/kasan.h:177 [inline]
slab_free_hook mm/slub.c:1724 [inline]
slab_free_freelist_hook+0x12e/0x1a0 mm/slub.c:1750
slab_free mm/slub.c:3661 [inline]
__kmem_cache_free+0x71/0x110 mm/slub.c:3674
diUnmount+0xef/0x100 fs/jfs/jfs_imap.c:195
jfs_umount+0x108/0x370 fs/jfs/jfs_umount.c:63
jfs_put_super+0x86/0x190 fs/jfs/super.c:194
generic_shutdown_super+0x130/0x310 fs/super.c:492
kill_block_super+0x79/0xd0 fs/super.c:1428
deactivate_locked_super+0xa7/0xf0 fs/super.c:332
cleanup_mnt+0x494/0x520 fs/namespace.c:1186
task_work_run+0x243/0x300 kernel/task_work.c:179
exit_task_work include/linux/task_work.h:38 [inline]
do_exit+0x664/0x2070 kernel/exit.c:820
do_group_exit+0x1fd/0x2b0 kernel/exit.c:950
__do_sys_exit_group kernel/exit.c:961 [inline]
__se_sys_exit_group kernel/exit.c:959 [inline]
__x64_sys_exit_group+0x3b/0x40 kernel/exit.c:959
do_syscall_x64 arch/x86/entry/common.c:50 [inline]
do_syscall_64+0x3d/0xb0 arch/x86/entry/common.c:80
entry_SYSCALL_64_after_hwframe+0x63/0xcd
[...]
JFS_IP(ipimap)->i_imap is not setting to NULL after free in diUnmount.
If jfs_remount() free JFS_IP(ipimap)->i_imap but then failed at diMount().
JFS_IP(ipimap)->i_imap will be freed once again.
Fix this problem by setting JFS_IP(ipimap)->i_imap to NULL after free.
Reported-by: syzbot+90a11e6b1e810785c6ff@syzkaller.appspotmail.com
Signed-off-by: Liu Shixin <liushixin2@huawei.com>
Signed-off-by: Dave Kleikamp <dave.kleikamp@oracle.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
fs/jfs/jfs_imap.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/fs/jfs/jfs_imap.c b/fs/jfs/jfs_imap.c
index 937ca07b58b1d..67c67604b8c85 100644
--- a/fs/jfs/jfs_imap.c
+++ b/fs/jfs/jfs_imap.c
@@ -195,6 +195,7 @@ int diUnmount(struct inode *ipimap, int mounterror)
* free in-memory control structure
*/
kfree(imap);
+ JFS_IP(ipimap)->i_imap = NULL;
return (0);
}
--
2.40.1
^ permalink raw reply related [flat|nested] 396+ messages in thread
* [PATCH 5.4 333/367] powerpc/pseries: fix possible memory leak in ibmebus_bus_init()
2023-09-20 11:26 [PATCH 5.4 000/367] 5.4.257-rc1 review Greg Kroah-Hartman
` (331 preceding siblings ...)
2023-09-20 11:31 ` [PATCH 5.4 332/367] jfs: fix invalid free of JFS_IP(ipimap)->i_imap in diUnmount Greg Kroah-Hartman
@ 2023-09-20 11:31 ` Greg Kroah-Hartman
2023-09-20 11:31 ` [PATCH 5.4 334/367] media: dvb-usb-v2: af9035: Fix null-ptr-deref in af9035_i2c_master_xfer Greg Kroah-Hartman
` (39 subsequent siblings)
372 siblings, 0 replies; 396+ messages in thread
From: Greg Kroah-Hartman @ 2023-09-20 11:31 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, ruanjinjie, Michael Ellerman, Sasha Levin
5.4-stable review patch. If anyone has any objections, please let me know.
------------------
From: ruanjinjie <ruanjinjie@huawei.com>
[ Upstream commit afda85b963c12947e298ad85d757e333aa40fd74 ]
If device_register() returns error in ibmebus_bus_init(), name of kobject
which is allocated in dev_set_name() called in device_add() is leaked.
As comment of device_add() says, it should call put_device() to drop
the reference count that was set in device_initialize() when it fails,
so the name can be freed in kobject_cleanup().
Signed-off-by: ruanjinjie <ruanjinjie@huawei.com>
Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>
Link: https://msgid.link/20221110011929.3709774-1-ruanjinjie@huawei.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/powerpc/platforms/pseries/ibmebus.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/arch/powerpc/platforms/pseries/ibmebus.c b/arch/powerpc/platforms/pseries/ibmebus.c
index b91eb0929ed14..55569e3c9db72 100644
--- a/arch/powerpc/platforms/pseries/ibmebus.c
+++ b/arch/powerpc/platforms/pseries/ibmebus.c
@@ -450,6 +450,7 @@ static int __init ibmebus_bus_init(void)
if (err) {
printk(KERN_WARNING "%s: device_register returned %i\n",
__func__, err);
+ put_device(&ibmebus_bus_device);
bus_unregister(&ibmebus_bus_type);
return err;
--
2.40.1
^ permalink raw reply related [flat|nested] 396+ messages in thread
* [PATCH 5.4 334/367] media: dvb-usb-v2: af9035: Fix null-ptr-deref in af9035_i2c_master_xfer
2023-09-20 11:26 [PATCH 5.4 000/367] 5.4.257-rc1 review Greg Kroah-Hartman
` (332 preceding siblings ...)
2023-09-20 11:31 ` [PATCH 5.4 333/367] powerpc/pseries: fix possible memory leak in ibmebus_bus_init() Greg Kroah-Hartman
@ 2023-09-20 11:31 ` Greg Kroah-Hartman
2023-09-20 11:31 ` [PATCH 5.4 335/367] media: dw2102: Fix null-ptr-deref in dw2102_i2c_transfer() Greg Kroah-Hartman
` (38 subsequent siblings)
372 siblings, 0 replies; 396+ messages in thread
From: Greg Kroah-Hartman @ 2023-09-20 11:31 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Zhang Shurong, Hans Verkuil, Sasha Levin
5.4-stable review patch. If anyone has any objections, please let me know.
------------------
From: Zhang Shurong <zhang_shurong@foxmail.com>
[ Upstream commit 7bf744f2de0a848fb1d717f5831b03db96feae89 ]
In af9035_i2c_master_xfer, msg is controlled by user. When msg[i].buf
is null and msg[i].len is zero, former checks on msg[i].buf would be
passed. Malicious data finally reach af9035_i2c_master_xfer. If accessing
msg[i].buf[0] without sanity check, null ptr deref would happen.
We add check on msg[i].len to prevent crash.
Similar commit:
commit 0ed554fd769a
("media: dvb-usb: az6027: fix null-ptr-deref in az6027_i2c_xfer()")
Signed-off-by: Zhang Shurong <zhang_shurong@foxmail.com>
Signed-off-by: Hans Verkuil <hverkuil-cisco@xs4all.nl>
Signed-off-by: Sasha Levin <sashal@kernel.org>
[ moved variable declaration to fix build issues in older kernels - gregkh ]
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/media/usb/dvb-usb-v2/af9035.c | 14 ++++++++------
1 file changed, 8 insertions(+), 6 deletions(-)
--- a/drivers/media/usb/dvb-usb-v2/af9035.c
+++ b/drivers/media/usb/dvb-usb-v2/af9035.c
@@ -269,6 +269,7 @@ static int af9035_i2c_master_xfer(struct
struct dvb_usb_device *d = i2c_get_adapdata(adap);
struct state *state = d_to_priv(d);
int ret;
+ u32 reg;
if (mutex_lock_interruptible(&d->i2c_mutex) < 0)
return -EAGAIN;
@@ -321,8 +322,10 @@ static int af9035_i2c_master_xfer(struct
ret = -EOPNOTSUPP;
} else if ((msg[0].addr == state->af9033_i2c_addr[0]) ||
(msg[0].addr == state->af9033_i2c_addr[1])) {
+ if (msg[0].len < 3 || msg[1].len < 1)
+ return -EOPNOTSUPP;
/* demod access via firmware interface */
- u32 reg = msg[0].buf[0] << 16 | msg[0].buf[1] << 8 |
+ reg = msg[0].buf[0] << 16 | msg[0].buf[1] << 8 |
msg[0].buf[2];
if (msg[0].addr == state->af9033_i2c_addr[1])
@@ -380,17 +383,16 @@ static int af9035_i2c_master_xfer(struct
ret = -EOPNOTSUPP;
} else if ((msg[0].addr == state->af9033_i2c_addr[0]) ||
(msg[0].addr == state->af9033_i2c_addr[1])) {
+ if (msg[0].len < 3)
+ return -EOPNOTSUPP;
/* demod access via firmware interface */
- u32 reg = msg[0].buf[0] << 16 | msg[0].buf[1] << 8 |
+ reg = msg[0].buf[0] << 16 | msg[0].buf[1] << 8 |
msg[0].buf[2];
if (msg[0].addr == state->af9033_i2c_addr[1])
reg |= 0x100000;
- ret = (msg[0].len >= 3) ? af9035_wr_regs(d, reg,
- &msg[0].buf[3],
- msg[0].len - 3)
- : -EOPNOTSUPP;
+ ret = af9035_wr_regs(d, reg, &msg[0].buf[3], msg[0].len - 3);
} else {
/* I2C write */
u8 buf[MAX_XFER_SIZE];
^ permalink raw reply [flat|nested] 396+ messages in thread
* [PATCH 5.4 335/367] media: dw2102: Fix null-ptr-deref in dw2102_i2c_transfer()
2023-09-20 11:26 [PATCH 5.4 000/367] 5.4.257-rc1 review Greg Kroah-Hartman
` (333 preceding siblings ...)
2023-09-20 11:31 ` [PATCH 5.4 334/367] media: dvb-usb-v2: af9035: Fix null-ptr-deref in af9035_i2c_master_xfer Greg Kroah-Hartman
@ 2023-09-20 11:31 ` Greg Kroah-Hartman
2023-09-20 11:31 ` [PATCH 5.4 336/367] media: af9005: Fix null-ptr-deref in af9005_i2c_xfer Greg Kroah-Hartman
` (37 subsequent siblings)
372 siblings, 0 replies; 396+ messages in thread
From: Greg Kroah-Hartman @ 2023-09-20 11:31 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Zhang Shurong, Hans Verkuil, Sasha Levin
5.4-stable review patch. If anyone has any objections, please let me know.
------------------
From: Zhang Shurong <zhang_shurong@foxmail.com>
[ Upstream commit 5ae544d94abc8ff77b1b9bf8774def3fa5689b5b ]
In dw2102_i2c_transfer, msg is controlled by user. When msg[i].buf
is null and msg[i].len is zero, former checks on msg[i].buf would be
passed. Malicious data finally reach dw2102_i2c_transfer. If accessing
msg[i].buf[0] without sanity check, null ptr deref would happen.
We add check on msg[i].len to prevent crash.
Similar commit:
commit 950e252cb469
("[media] dw2102: limit messages to buffer size")
Signed-off-by: Zhang Shurong <zhang_shurong@foxmail.com>
Signed-off-by: Hans Verkuil <hverkuil-cisco@xs4all.nl>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/media/usb/dvb-usb/dw2102.c | 24 ++++++++++++++++++++++++
1 file changed, 24 insertions(+)
diff --git a/drivers/media/usb/dvb-usb/dw2102.c b/drivers/media/usb/dvb-usb/dw2102.c
index f8f589ebab74b..924a6478007a8 100644
--- a/drivers/media/usb/dvb-usb/dw2102.c
+++ b/drivers/media/usb/dvb-usb/dw2102.c
@@ -128,6 +128,10 @@ static int dw2102_i2c_transfer(struct i2c_adapter *adap, struct i2c_msg msg[],
switch (num) {
case 2:
+ if (msg[0].len < 1) {
+ num = -EOPNOTSUPP;
+ break;
+ }
/* read stv0299 register */
value = msg[0].buf[0];/* register */
for (i = 0; i < msg[1].len; i++) {
@@ -139,6 +143,10 @@ static int dw2102_i2c_transfer(struct i2c_adapter *adap, struct i2c_msg msg[],
case 1:
switch (msg[0].addr) {
case 0x68:
+ if (msg[0].len < 2) {
+ num = -EOPNOTSUPP;
+ break;
+ }
/* write to stv0299 register */
buf6[0] = 0x2a;
buf6[1] = msg[0].buf[0];
@@ -148,6 +156,10 @@ static int dw2102_i2c_transfer(struct i2c_adapter *adap, struct i2c_msg msg[],
break;
case 0x60:
if (msg[0].flags == 0) {
+ if (msg[0].len < 4) {
+ num = -EOPNOTSUPP;
+ break;
+ }
/* write to tuner pll */
buf6[0] = 0x2c;
buf6[1] = 5;
@@ -159,6 +171,10 @@ static int dw2102_i2c_transfer(struct i2c_adapter *adap, struct i2c_msg msg[],
dw210x_op_rw(d->udev, 0xb2, 0, 0,
buf6, 7, DW210X_WRITE_MSG);
} else {
+ if (msg[0].len < 1) {
+ num = -EOPNOTSUPP;
+ break;
+ }
/* read from tuner */
dw210x_op_rw(d->udev, 0xb5, 0, 0,
buf6, 1, DW210X_READ_MSG);
@@ -166,12 +182,20 @@ static int dw2102_i2c_transfer(struct i2c_adapter *adap, struct i2c_msg msg[],
}
break;
case (DW2102_RC_QUERY):
+ if (msg[0].len < 2) {
+ num = -EOPNOTSUPP;
+ break;
+ }
dw210x_op_rw(d->udev, 0xb8, 0, 0,
buf6, 2, DW210X_READ_MSG);
msg[0].buf[0] = buf6[0];
msg[0].buf[1] = buf6[1];
break;
case (DW2102_VOLTAGE_CTRL):
+ if (msg[0].len < 1) {
+ num = -EOPNOTSUPP;
+ break;
+ }
buf6[0] = 0x30;
buf6[1] = msg[0].buf[0];
dw210x_op_rw(d->udev, 0xb2, 0, 0,
--
2.40.1
^ permalink raw reply related [flat|nested] 396+ messages in thread
* [PATCH 5.4 336/367] media: af9005: Fix null-ptr-deref in af9005_i2c_xfer
2023-09-20 11:26 [PATCH 5.4 000/367] 5.4.257-rc1 review Greg Kroah-Hartman
` (334 preceding siblings ...)
2023-09-20 11:31 ` [PATCH 5.4 335/367] media: dw2102: Fix null-ptr-deref in dw2102_i2c_transfer() Greg Kroah-Hartman
@ 2023-09-20 11:31 ` Greg Kroah-Hartman
2023-09-20 11:31 ` [PATCH 5.4 337/367] media: anysee: fix null-ptr-deref in anysee_master_xfer Greg Kroah-Hartman
` (36 subsequent siblings)
372 siblings, 0 replies; 396+ messages in thread
From: Greg Kroah-Hartman @ 2023-09-20 11:31 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Zhang Shurong, Hans Verkuil, Sasha Levin
5.4-stable review patch. If anyone has any objections, please let me know.
------------------
From: Zhang Shurong <zhang_shurong@foxmail.com>
[ Upstream commit f4ee84f27625ce1fdf41e8483fa0561a1b837d10 ]
In af9005_i2c_xfer, msg is controlled by user. When msg[i].buf
is null and msg[i].len is zero, former checks on msg[i].buf would be
passed. Malicious data finally reach af9005_i2c_xfer. If accessing
msg[i].buf[0] without sanity check, null ptr deref would happen.
We add check on msg[i].len to prevent crash.
Similar commit:
commit 0ed554fd769a
("media: dvb-usb: az6027: fix null-ptr-deref in az6027_i2c_xfer()")
Signed-off-by: Zhang Shurong <zhang_shurong@foxmail.com>
Signed-off-by: Hans Verkuil <hverkuil-cisco@xs4all.nl>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/media/usb/dvb-usb/af9005.c | 5 +++++
1 file changed, 5 insertions(+)
diff --git a/drivers/media/usb/dvb-usb/af9005.c b/drivers/media/usb/dvb-usb/af9005.c
index 89b4b5d84cdff..827f9db16aa10 100644
--- a/drivers/media/usb/dvb-usb/af9005.c
+++ b/drivers/media/usb/dvb-usb/af9005.c
@@ -422,6 +422,10 @@ static int af9005_i2c_xfer(struct i2c_adapter *adap, struct i2c_msg msg[],
if (ret == 0)
ret = 2;
} else {
+ if (msg[0].len < 2) {
+ ret = -EOPNOTSUPP;
+ goto unlock;
+ }
/* write one or more registers */
reg = msg[0].buf[0];
addr = msg[0].addr;
@@ -431,6 +435,7 @@ static int af9005_i2c_xfer(struct i2c_adapter *adap, struct i2c_msg msg[],
ret = 1;
}
+unlock:
mutex_unlock(&d->i2c_mutex);
return ret;
}
--
2.40.1
^ permalink raw reply related [flat|nested] 396+ messages in thread
* [PATCH 5.4 337/367] media: anysee: fix null-ptr-deref in anysee_master_xfer
2023-09-20 11:26 [PATCH 5.4 000/367] 5.4.257-rc1 review Greg Kroah-Hartman
` (335 preceding siblings ...)
2023-09-20 11:31 ` [PATCH 5.4 336/367] media: af9005: Fix null-ptr-deref in af9005_i2c_xfer Greg Kroah-Hartman
@ 2023-09-20 11:31 ` Greg Kroah-Hartman
2023-09-20 11:31 ` [PATCH 5.4 338/367] media: az6007: Fix null-ptr-deref in az6007_i2c_xfer() Greg Kroah-Hartman
` (35 subsequent siblings)
372 siblings, 0 replies; 396+ messages in thread
From: Greg Kroah-Hartman @ 2023-09-20 11:31 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Zhang Shurong, Hans Verkuil, Sasha Levin
5.4-stable review patch. If anyone has any objections, please let me know.
------------------
From: Zhang Shurong <zhang_shurong@foxmail.com>
[ Upstream commit c30411266fd67ea3c02a05c157231654d5a3bdc9 ]
In anysee_master_xfer, msg is controlled by user. When msg[i].buf
is null and msg[i].len is zero, former checks on msg[i].buf would be
passed. Malicious data finally reach anysee_master_xfer. If accessing
msg[i].buf[0] without sanity check, null ptr deref would happen.
We add check on msg[i].len to prevent crash.
Similar commit:
commit 0ed554fd769a
("media: dvb-usb: az6027: fix null-ptr-deref in az6027_i2c_xfer()")
Signed-off-by: Zhang Shurong <zhang_shurong@foxmail.com>
Signed-off-by: Hans Verkuil <hverkuil-cisco@xs4all.nl>
[hverkuil: add spaces around +]
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/media/usb/dvb-usb-v2/anysee.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/media/usb/dvb-usb-v2/anysee.c b/drivers/media/usb/dvb-usb-v2/anysee.c
index fb6d99dea31aa..08fdb9e5e3a22 100644
--- a/drivers/media/usb/dvb-usb-v2/anysee.c
+++ b/drivers/media/usb/dvb-usb-v2/anysee.c
@@ -202,7 +202,7 @@ static int anysee_master_xfer(struct i2c_adapter *adap, struct i2c_msg *msg,
while (i < num) {
if (num > i + 1 && (msg[i+1].flags & I2C_M_RD)) {
- if (msg[i].len > 2 || msg[i+1].len > 60) {
+ if (msg[i].len != 2 || msg[i + 1].len > 60) {
ret = -EOPNOTSUPP;
break;
}
--
2.40.1
^ permalink raw reply related [flat|nested] 396+ messages in thread
* [PATCH 5.4 338/367] media: az6007: Fix null-ptr-deref in az6007_i2c_xfer()
2023-09-20 11:26 [PATCH 5.4 000/367] 5.4.257-rc1 review Greg Kroah-Hartman
` (336 preceding siblings ...)
2023-09-20 11:31 ` [PATCH 5.4 337/367] media: anysee: fix null-ptr-deref in anysee_master_xfer Greg Kroah-Hartman
@ 2023-09-20 11:31 ` Greg Kroah-Hartman
2023-09-20 11:31 ` [PATCH 5.4 339/367] media: tuners: qt1010: replace BUG_ON with a regular error Greg Kroah-Hartman
` (34 subsequent siblings)
372 siblings, 0 replies; 396+ messages in thread
From: Greg Kroah-Hartman @ 2023-09-20 11:31 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Zhang Shurong, Hans Verkuil, Sasha Levin
5.4-stable review patch. If anyone has any objections, please let me know.
------------------
From: Zhang Shurong <zhang_shurong@foxmail.com>
[ Upstream commit 1047f9343011f2cedc73c64829686206a7e9fc3f ]
In az6007_i2c_xfer, msg is controlled by user. When msg[i].buf
is null and msg[i].len is zero, former checks on msg[i].buf would be
passed. Malicious data finally reach az6007_i2c_xfer. If accessing
msg[i].buf[0] without sanity check, null ptr deref would happen.
We add check on msg[i].len to prevent crash.
Similar commit:
commit 0ed554fd769a
("media: dvb-usb: az6027: fix null-ptr-deref in az6027_i2c_xfer()")
Signed-off-by: Zhang Shurong <zhang_shurong@foxmail.com>
Signed-off-by: Hans Verkuil <hverkuil-cisco@xs4all.nl>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/media/usb/dvb-usb-v2/az6007.c | 8 ++++++++
1 file changed, 8 insertions(+)
diff --git a/drivers/media/usb/dvb-usb-v2/az6007.c b/drivers/media/usb/dvb-usb-v2/az6007.c
index 7524c90f5da61..6cbfe75791c21 100644
--- a/drivers/media/usb/dvb-usb-v2/az6007.c
+++ b/drivers/media/usb/dvb-usb-v2/az6007.c
@@ -788,6 +788,10 @@ static int az6007_i2c_xfer(struct i2c_adapter *adap, struct i2c_msg msgs[],
if (az6007_xfer_debug)
printk(KERN_DEBUG "az6007: I2C W addr=0x%x len=%d\n",
addr, msgs[i].len);
+ if (msgs[i].len < 1) {
+ ret = -EIO;
+ goto err;
+ }
req = AZ6007_I2C_WR;
index = msgs[i].buf[0];
value = addr | (1 << 8);
@@ -802,6 +806,10 @@ static int az6007_i2c_xfer(struct i2c_adapter *adap, struct i2c_msg msgs[],
if (az6007_xfer_debug)
printk(KERN_DEBUG "az6007: I2C R addr=0x%x len=%d\n",
addr, msgs[i].len);
+ if (msgs[i].len < 1) {
+ ret = -EIO;
+ goto err;
+ }
req = AZ6007_I2C_RD;
index = msgs[i].buf[0];
value = addr;
--
2.40.1
^ permalink raw reply related [flat|nested] 396+ messages in thread
* [PATCH 5.4 339/367] media: tuners: qt1010: replace BUG_ON with a regular error
2023-09-20 11:26 [PATCH 5.4 000/367] 5.4.257-rc1 review Greg Kroah-Hartman
` (337 preceding siblings ...)
2023-09-20 11:31 ` [PATCH 5.4 338/367] media: az6007: Fix null-ptr-deref in az6007_i2c_xfer() Greg Kroah-Hartman
@ 2023-09-20 11:31 ` Greg Kroah-Hartman
2023-09-20 11:31 ` [PATCH 5.4 340/367] media: pci: cx23885: replace BUG with error return Greg Kroah-Hartman
` (33 subsequent siblings)
372 siblings, 0 replies; 396+ messages in thread
From: Greg Kroah-Hartman @ 2023-09-20 11:31 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Hans Verkuil, Sasha Levin
5.4-stable review patch. If anyone has any objections, please let me know.
------------------
From: Hans Verkuil <hverkuil-cisco@xs4all.nl>
[ Upstream commit ee630b29ea44d1851bb6c903f400956604834463 ]
BUG_ON is unnecessary here, and in addition it confuses smatch.
Replacing this with an error return help resolve this smatch
warning:
drivers/media/tuners/qt1010.c:350 qt1010_init() error: buffer overflow 'i2c_data' 34 <= 34
Signed-off-by: Hans Verkuil <hverkuil-cisco@xs4all.nl>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/media/tuners/qt1010.c | 11 ++++++-----
1 file changed, 6 insertions(+), 5 deletions(-)
diff --git a/drivers/media/tuners/qt1010.c b/drivers/media/tuners/qt1010.c
index fa5d2692131f9..f7516cb52436e 100644
--- a/drivers/media/tuners/qt1010.c
+++ b/drivers/media/tuners/qt1010.c
@@ -342,11 +342,12 @@ static int qt1010_init(struct dvb_frontend *fe)
else
valptr = &tmpval;
- BUG_ON(i >= ARRAY_SIZE(i2c_data) - 1);
-
- err = qt1010_init_meas1(priv, i2c_data[i+1].reg,
- i2c_data[i].reg,
- i2c_data[i].val, valptr);
+ if (i >= ARRAY_SIZE(i2c_data) - 1)
+ err = -EIO;
+ else
+ err = qt1010_init_meas1(priv, i2c_data[i + 1].reg,
+ i2c_data[i].reg,
+ i2c_data[i].val, valptr);
i++;
break;
}
--
2.40.1
^ permalink raw reply related [flat|nested] 396+ messages in thread
* [PATCH 5.4 340/367] media: pci: cx23885: replace BUG with error return
2023-09-20 11:26 [PATCH 5.4 000/367] 5.4.257-rc1 review Greg Kroah-Hartman
` (338 preceding siblings ...)
2023-09-20 11:31 ` [PATCH 5.4 339/367] media: tuners: qt1010: replace BUG_ON with a regular error Greg Kroah-Hartman
@ 2023-09-20 11:31 ` Greg Kroah-Hartman
2023-09-20 11:31 ` [PATCH 5.4 341/367] usb: gadget: fsl_qe_udc: validate endpoint index for ch9 udc Greg Kroah-Hartman
` (32 subsequent siblings)
372 siblings, 0 replies; 396+ messages in thread
From: Greg Kroah-Hartman @ 2023-09-20 11:31 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Hans Verkuil, Sasha Levin
5.4-stable review patch. If anyone has any objections, please let me know.
------------------
From: Hans Verkuil <hverkuil-cisco@xs4all.nl>
[ Upstream commit 2e1796fd4904fdd6062a8e4589778ea899ea0c8d ]
It was completely unnecessary to use BUG in buffer_prepare().
Just replace it with an error return. This also fixes a smatch warning:
drivers/media/pci/cx23885/cx23885-video.c:422 buffer_prepare() error: uninitialized symbol 'ret'.
Signed-off-by: Hans Verkuil <hverkuil-cisco@xs4all.nl>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/media/pci/cx23885/cx23885-video.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/media/pci/cx23885/cx23885-video.c b/drivers/media/pci/cx23885/cx23885-video.c
index 7fc408ee4934f..f56b271db8bea 100644
--- a/drivers/media/pci/cx23885/cx23885-video.c
+++ b/drivers/media/pci/cx23885/cx23885-video.c
@@ -409,7 +409,7 @@ static int buffer_prepare(struct vb2_buffer *vb)
dev->height >> 1);
break;
default:
- BUG();
+ return -EINVAL; /* should not happen */
}
dprintk(2, "[%p/%d] buffer_init - %dx%d %dbpp 0x%08x - dma=0x%08lx\n",
buf, buf->vb.vb2_buf.index,
--
2.40.1
^ permalink raw reply related [flat|nested] 396+ messages in thread
* [PATCH 5.4 341/367] usb: gadget: fsl_qe_udc: validate endpoint index for ch9 udc
2023-09-20 11:26 [PATCH 5.4 000/367] 5.4.257-rc1 review Greg Kroah-Hartman
` (339 preceding siblings ...)
2023-09-20 11:31 ` [PATCH 5.4 340/367] media: pci: cx23885: replace BUG with error return Greg Kroah-Hartman
@ 2023-09-20 11:31 ` Greg Kroah-Hartman
2023-09-20 11:31 ` [PATCH 5.4 342/367] scsi: target: iscsi: Fix buffer overflow in lio_target_nacl_info_show() Greg Kroah-Hartman
` (31 subsequent siblings)
372 siblings, 0 replies; 396+ messages in thread
From: Greg Kroah-Hartman @ 2023-09-20 11:31 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Ma Ke, Li Yang, Sasha Levin
5.4-stable review patch. If anyone has any objections, please let me know.
------------------
From: Ma Ke <make_ruc2021@163.com>
[ Upstream commit ce9daa2efc0872a9a68ea51dc8000df05893ef2e ]
We should verify the bound of the array to assure that host
may not manipulate the index to point past endpoint array.
Signed-off-by: Ma Ke <make_ruc2021@163.com>
Acked-by: Li Yang <leoyang.li@nxp.com>
Link: https://lore.kernel.org/r/20230628081511.186850-1-make_ruc2021@163.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/usb/gadget/udc/fsl_qe_udc.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/drivers/usb/gadget/udc/fsl_qe_udc.c b/drivers/usb/gadget/udc/fsl_qe_udc.c
index 2707be6282988..63109c6e55068 100644
--- a/drivers/usb/gadget/udc/fsl_qe_udc.c
+++ b/drivers/usb/gadget/udc/fsl_qe_udc.c
@@ -1950,6 +1950,8 @@ static void ch9getstatus(struct qe_udc *udc, u8 request_type, u16 value,
} else if ((request_type & USB_RECIP_MASK) == USB_RECIP_ENDPOINT) {
/* Get endpoint status */
int pipe = index & USB_ENDPOINT_NUMBER_MASK;
+ if (pipe >= USB_MAX_ENDPOINTS)
+ goto stall;
struct qe_ep *target_ep = &udc->eps[pipe];
u16 usep;
--
2.40.1
^ permalink raw reply related [flat|nested] 396+ messages in thread
* [PATCH 5.4 342/367] scsi: target: iscsi: Fix buffer overflow in lio_target_nacl_info_show()
2023-09-20 11:26 [PATCH 5.4 000/367] 5.4.257-rc1 review Greg Kroah-Hartman
` (340 preceding siblings ...)
2023-09-20 11:31 ` [PATCH 5.4 341/367] usb: gadget: fsl_qe_udc: validate endpoint index for ch9 udc Greg Kroah-Hartman
@ 2023-09-20 11:31 ` Greg Kroah-Hartman
2023-09-20 11:32 ` [PATCH 5.4 343/367] serial: cpm_uart: Avoid suspicious locking Greg Kroah-Hartman
` (30 subsequent siblings)
372 siblings, 0 replies; 396+ messages in thread
From: Greg Kroah-Hartman @ 2023-09-20 11:31 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Konstantin Shelekhin,
Martin K. Petersen, Sasha Levin
5.4-stable review patch. If anyone has any objections, please let me know.
------------------
From: Konstantin Shelekhin <k.shelekhin@yadro.com>
[ Upstream commit 801f287c93ff95582b0a2d2163f12870a2f076d4 ]
The function lio_target_nacl_info_show() uses sprintf() in a loop to print
details for every iSCSI connection in a session without checking for the
buffer length. With enough iSCSI connections it's possible to overflow the
buffer provided by configfs and corrupt the memory.
This patch replaces sprintf() with sysfs_emit_at() that checks for buffer
boundries.
Signed-off-by: Konstantin Shelekhin <k.shelekhin@yadro.com>
Link: https://lore.kernel.org/r/20230722152657.168859-2-k.shelekhin@yadro.com
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/target/iscsi/iscsi_target_configfs.c | 54 ++++++++++----------
1 file changed, 27 insertions(+), 27 deletions(-)
diff --git a/drivers/target/iscsi/iscsi_target_configfs.c b/drivers/target/iscsi/iscsi_target_configfs.c
index 0fa1d57b26fa8..3cd671bbb9a41 100644
--- a/drivers/target/iscsi/iscsi_target_configfs.c
+++ b/drivers/target/iscsi/iscsi_target_configfs.c
@@ -508,102 +508,102 @@ static ssize_t lio_target_nacl_info_show(struct config_item *item, char *page)
spin_lock_bh(&se_nacl->nacl_sess_lock);
se_sess = se_nacl->nacl_sess;
if (!se_sess) {
- rb += sprintf(page+rb, "No active iSCSI Session for Initiator"
+ rb += sysfs_emit_at(page, rb, "No active iSCSI Session for Initiator"
" Endpoint: %s\n", se_nacl->initiatorname);
} else {
sess = se_sess->fabric_sess_ptr;
- rb += sprintf(page+rb, "InitiatorName: %s\n",
+ rb += sysfs_emit_at(page, rb, "InitiatorName: %s\n",
sess->sess_ops->InitiatorName);
- rb += sprintf(page+rb, "InitiatorAlias: %s\n",
+ rb += sysfs_emit_at(page, rb, "InitiatorAlias: %s\n",
sess->sess_ops->InitiatorAlias);
- rb += sprintf(page+rb,
+ rb += sysfs_emit_at(page, rb,
"LIO Session ID: %u ISID: 0x%6ph TSIH: %hu ",
sess->sid, sess->isid, sess->tsih);
- rb += sprintf(page+rb, "SessionType: %s\n",
+ rb += sysfs_emit_at(page, rb, "SessionType: %s\n",
(sess->sess_ops->SessionType) ?
"Discovery" : "Normal");
- rb += sprintf(page+rb, "Session State: ");
+ rb += sysfs_emit_at(page, rb, "Session State: ");
switch (sess->session_state) {
case TARG_SESS_STATE_FREE:
- rb += sprintf(page+rb, "TARG_SESS_FREE\n");
+ rb += sysfs_emit_at(page, rb, "TARG_SESS_FREE\n");
break;
case TARG_SESS_STATE_ACTIVE:
- rb += sprintf(page+rb, "TARG_SESS_STATE_ACTIVE\n");
+ rb += sysfs_emit_at(page, rb, "TARG_SESS_STATE_ACTIVE\n");
break;
case TARG_SESS_STATE_LOGGED_IN:
- rb += sprintf(page+rb, "TARG_SESS_STATE_LOGGED_IN\n");
+ rb += sysfs_emit_at(page, rb, "TARG_SESS_STATE_LOGGED_IN\n");
break;
case TARG_SESS_STATE_FAILED:
- rb += sprintf(page+rb, "TARG_SESS_STATE_FAILED\n");
+ rb += sysfs_emit_at(page, rb, "TARG_SESS_STATE_FAILED\n");
break;
case TARG_SESS_STATE_IN_CONTINUE:
- rb += sprintf(page+rb, "TARG_SESS_STATE_IN_CONTINUE\n");
+ rb += sysfs_emit_at(page, rb, "TARG_SESS_STATE_IN_CONTINUE\n");
break;
default:
- rb += sprintf(page+rb, "ERROR: Unknown Session"
+ rb += sysfs_emit_at(page, rb, "ERROR: Unknown Session"
" State!\n");
break;
}
- rb += sprintf(page+rb, "---------------------[iSCSI Session"
+ rb += sysfs_emit_at(page, rb, "---------------------[iSCSI Session"
" Values]-----------------------\n");
- rb += sprintf(page+rb, " CmdSN/WR : CmdSN/WC : ExpCmdSN"
+ rb += sysfs_emit_at(page, rb, " CmdSN/WR : CmdSN/WC : ExpCmdSN"
" : MaxCmdSN : ITT : TTT\n");
max_cmd_sn = (u32) atomic_read(&sess->max_cmd_sn);
- rb += sprintf(page+rb, " 0x%08x 0x%08x 0x%08x 0x%08x"
+ rb += sysfs_emit_at(page, rb, " 0x%08x 0x%08x 0x%08x 0x%08x"
" 0x%08x 0x%08x\n",
sess->cmdsn_window,
(max_cmd_sn - sess->exp_cmd_sn) + 1,
sess->exp_cmd_sn, max_cmd_sn,
sess->init_task_tag, sess->targ_xfer_tag);
- rb += sprintf(page+rb, "----------------------[iSCSI"
+ rb += sysfs_emit_at(page, rb, "----------------------[iSCSI"
" Connections]-------------------------\n");
spin_lock(&sess->conn_lock);
list_for_each_entry(conn, &sess->sess_conn_list, conn_list) {
- rb += sprintf(page+rb, "CID: %hu Connection"
+ rb += sysfs_emit_at(page, rb, "CID: %hu Connection"
" State: ", conn->cid);
switch (conn->conn_state) {
case TARG_CONN_STATE_FREE:
- rb += sprintf(page+rb,
+ rb += sysfs_emit_at(page, rb,
"TARG_CONN_STATE_FREE\n");
break;
case TARG_CONN_STATE_XPT_UP:
- rb += sprintf(page+rb,
+ rb += sysfs_emit_at(page, rb,
"TARG_CONN_STATE_XPT_UP\n");
break;
case TARG_CONN_STATE_IN_LOGIN:
- rb += sprintf(page+rb,
+ rb += sysfs_emit_at(page, rb,
"TARG_CONN_STATE_IN_LOGIN\n");
break;
case TARG_CONN_STATE_LOGGED_IN:
- rb += sprintf(page+rb,
+ rb += sysfs_emit_at(page, rb,
"TARG_CONN_STATE_LOGGED_IN\n");
break;
case TARG_CONN_STATE_IN_LOGOUT:
- rb += sprintf(page+rb,
+ rb += sysfs_emit_at(page, rb,
"TARG_CONN_STATE_IN_LOGOUT\n");
break;
case TARG_CONN_STATE_LOGOUT_REQUESTED:
- rb += sprintf(page+rb,
+ rb += sysfs_emit_at(page, rb,
"TARG_CONN_STATE_LOGOUT_REQUESTED\n");
break;
case TARG_CONN_STATE_CLEANUP_WAIT:
- rb += sprintf(page+rb,
+ rb += sysfs_emit_at(page, rb,
"TARG_CONN_STATE_CLEANUP_WAIT\n");
break;
default:
- rb += sprintf(page+rb,
+ rb += sysfs_emit_at(page, rb,
"ERROR: Unknown Connection State!\n");
break;
}
- rb += sprintf(page+rb, " Address %pISc %s", &conn->login_sockaddr,
+ rb += sysfs_emit_at(page, rb, " Address %pISc %s", &conn->login_sockaddr,
(conn->network_transport == ISCSI_TCP) ?
"TCP" : "SCTP");
- rb += sprintf(page+rb, " StatSN: 0x%08x\n",
+ rb += sysfs_emit_at(page, rb, " StatSN: 0x%08x\n",
conn->stat_sn);
}
spin_unlock(&sess->conn_lock);
--
2.40.1
^ permalink raw reply related [flat|nested] 396+ messages in thread
* [PATCH 5.4 343/367] serial: cpm_uart: Avoid suspicious locking
2023-09-20 11:26 [PATCH 5.4 000/367] 5.4.257-rc1 review Greg Kroah-Hartman
` (341 preceding siblings ...)
2023-09-20 11:31 ` [PATCH 5.4 342/367] scsi: target: iscsi: Fix buffer overflow in lio_target_nacl_info_show() Greg Kroah-Hartman
@ 2023-09-20 11:32 ` Greg Kroah-Hartman
2023-09-20 11:32 ` [PATCH 5.4 344/367] media: pci: ipu3-cio2: Initialise timing struct to avoid a compiler warning Greg Kroah-Hartman
` (29 subsequent siblings)
372 siblings, 0 replies; 396+ messages in thread
From: Greg Kroah-Hartman @ 2023-09-20 11:32 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Christophe Leroy, Sasha Levin
5.4-stable review patch. If anyone has any objections, please let me know.
------------------
From: Christophe Leroy <christophe.leroy@csgroup.eu>
[ Upstream commit 36ef11d311f405e55ad8e848c19b212ff71ef536 ]
CHECK drivers/tty/serial/cpm_uart/cpm_uart_core.c
drivers/tty/serial/cpm_uart/cpm_uart_core.c:1271:39: warning: context imbalance in 'cpm_uart_console_write' - unexpected unlock
Allthough 'nolock' is not expected to change, sparse find the following
form suspicious:
if (unlikely(nolock)) {
local_irq_save(flags);
} else {
spin_lock_irqsave(&pinfo->port.lock, flags);
}
cpm_uart_early_write(pinfo, s, count, true);
if (unlikely(nolock)) {
local_irq_restore(flags);
} else {
spin_unlock_irqrestore(&pinfo->port.lock, flags);
}
Rewrite it a more obvious form:
if (unlikely(oops_in_progress)) {
local_irq_save(flags);
cpm_uart_early_write(pinfo, s, count, true);
local_irq_restore(flags);
} else {
spin_lock_irqsave(&pinfo->port.lock, flags);
cpm_uart_early_write(pinfo, s, count, true);
spin_unlock_irqrestore(&pinfo->port.lock, flags);
}
Signed-off-by: Christophe Leroy <christophe.leroy@csgroup.eu>
Link: https://lore.kernel.org/r/f7da5cdc9287960185829cfef681a7d8614efa1f.1691068700.git.christophe.leroy@csgroup.eu
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/tty/serial/cpm_uart/cpm_uart_core.c | 13 ++++---------
1 file changed, 4 insertions(+), 9 deletions(-)
diff --git a/drivers/tty/serial/cpm_uart/cpm_uart_core.c b/drivers/tty/serial/cpm_uart/cpm_uart_core.c
index de6d02f7abe2b..c37036fee231d 100644
--- a/drivers/tty/serial/cpm_uart/cpm_uart_core.c
+++ b/drivers/tty/serial/cpm_uart/cpm_uart_core.c
@@ -1267,19 +1267,14 @@ static void cpm_uart_console_write(struct console *co, const char *s,
{
struct uart_cpm_port *pinfo = &cpm_uart_ports[co->index];
unsigned long flags;
- int nolock = oops_in_progress;
- if (unlikely(nolock)) {
+ if (unlikely(oops_in_progress)) {
local_irq_save(flags);
- } else {
- spin_lock_irqsave(&pinfo->port.lock, flags);
- }
-
- cpm_uart_early_write(pinfo, s, count, true);
-
- if (unlikely(nolock)) {
+ cpm_uart_early_write(pinfo, s, count, true);
local_irq_restore(flags);
} else {
+ spin_lock_irqsave(&pinfo->port.lock, flags);
+ cpm_uart_early_write(pinfo, s, count, true);
spin_unlock_irqrestore(&pinfo->port.lock, flags);
}
}
--
2.40.1
^ permalink raw reply related [flat|nested] 396+ messages in thread
* [PATCH 5.4 344/367] media: pci: ipu3-cio2: Initialise timing struct to avoid a compiler warning
2023-09-20 11:26 [PATCH 5.4 000/367] 5.4.257-rc1 review Greg Kroah-Hartman
` (342 preceding siblings ...)
2023-09-20 11:32 ` [PATCH 5.4 343/367] serial: cpm_uart: Avoid suspicious locking Greg Kroah-Hartman
@ 2023-09-20 11:32 ` Greg Kroah-Hartman
2023-09-20 11:32 ` [PATCH 5.4 345/367] kobject: Add sanity check for kset->kobj.ktype in kset_register() Greg Kroah-Hartman
` (28 subsequent siblings)
372 siblings, 0 replies; 396+ messages in thread
From: Greg Kroah-Hartman @ 2023-09-20 11:32 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Hans Verkuil, Sakari Ailus, Sasha Levin
5.4-stable review patch. If anyone has any objections, please let me know.
------------------
From: Sakari Ailus <sakari.ailus@linux.intel.com>
[ Upstream commit 9d7531be3085a8f013cf173ccc4e72e3cf493538 ]
Initialise timing struct in cio2_hw_init() to zero in order to avoid a
compiler warning. The warning was a false positive.
Reported-by: Hans Verkuil <hverkuil-cisco@xs4all.nl>
Signed-off-by: Sakari Ailus <sakari.ailus@linux.intel.com>
Signed-off-by: Hans Verkuil <hverkuil-cisco@xs4all.nl>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/media/pci/intel/ipu3/ipu3-cio2.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/media/pci/intel/ipu3/ipu3-cio2.c b/drivers/media/pci/intel/ipu3/ipu3-cio2.c
index 3457f0f545c48..9c0d117e093b1 100644
--- a/drivers/media/pci/intel/ipu3/ipu3-cio2.c
+++ b/drivers/media/pci/intel/ipu3/ipu3-cio2.c
@@ -359,7 +359,7 @@ static int cio2_hw_init(struct cio2_device *cio2, struct cio2_queue *q)
void __iomem *const base = cio2->base;
u8 lanes, csi2bus = q->csi2.port;
u8 sensor_vc = SENSOR_VIR_CH_DFLT;
- struct cio2_csi2_timing timing;
+ struct cio2_csi2_timing timing = { 0 };
int i, r;
fmt = cio2_find_format(NULL, &q->subdev_fmt.code);
--
2.40.1
^ permalink raw reply related [flat|nested] 396+ messages in thread
* [PATCH 5.4 345/367] kobject: Add sanity check for kset->kobj.ktype in kset_register()
2023-09-20 11:26 [PATCH 5.4 000/367] 5.4.257-rc1 review Greg Kroah-Hartman
` (343 preceding siblings ...)
2023-09-20 11:32 ` [PATCH 5.4 344/367] media: pci: ipu3-cio2: Initialise timing struct to avoid a compiler warning Greg Kroah-Hartman
@ 2023-09-20 11:32 ` Greg Kroah-Hartman
2023-09-20 11:32 ` [PATCH 5.4 346/367] tools features: Add feature test to check if libbfd has buildid support Greg Kroah-Hartman
` (27 subsequent siblings)
372 siblings, 0 replies; 396+ messages in thread
From: Greg Kroah-Hartman @ 2023-09-20 11:32 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Zhen Lei, Sasha Levin
5.4-stable review patch. If anyone has any objections, please let me know.
------------------
From: Zhen Lei <thunder.leizhen@huawei.com>
[ Upstream commit 4d0fe8c52bb3029d83e323c961221156ab98680b ]
When I register a kset in the following way:
static struct kset my_kset;
kobject_set_name(&my_kset.kobj, "my_kset");
ret = kset_register(&my_kset);
A null pointer dereference exception is occurred:
[ 4453.568337] Unable to handle kernel NULL pointer dereference at \
virtual address 0000000000000028
... ...
[ 4453.810361] Call trace:
[ 4453.813062] kobject_get_ownership+0xc/0x34
[ 4453.817493] kobject_add_internal+0x98/0x274
[ 4453.822005] kset_register+0x5c/0xb4
[ 4453.825820] my_kobj_init+0x44/0x1000 [my_kset]
... ...
Because I didn't initialize my_kset.kobj.ktype.
According to the description in Documentation/core-api/kobject.rst:
- A ktype is the type of object that embeds a kobject. Every structure
that embeds a kobject needs a corresponding ktype.
So add sanity check to make sure kset->kobj.ktype is not NULL.
Signed-off-by: Zhen Lei <thunder.leizhen@huawei.com>
Link: https://lore.kernel.org/r/20230805084114.1298-2-thunder.leizhen@huaweicloud.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
lib/kobject.c | 5 +++++
1 file changed, 5 insertions(+)
diff --git a/lib/kobject.c b/lib/kobject.c
index 0c6d17503a113..c4025a880d753 100644
--- a/lib/kobject.c
+++ b/lib/kobject.c
@@ -877,6 +877,11 @@ int kset_register(struct kset *k)
if (!k)
return -EINVAL;
+ if (!k->kobj.ktype) {
+ pr_err("must have a ktype to be initialized properly!\n");
+ return -EINVAL;
+ }
+
kset_init(k);
err = kobject_add_internal(&k->kobj);
if (err)
--
2.40.1
^ permalink raw reply related [flat|nested] 396+ messages in thread
* [PATCH 5.4 346/367] tools features: Add feature test to check if libbfd has buildid support
2023-09-20 11:26 [PATCH 5.4 000/367] 5.4.257-rc1 review Greg Kroah-Hartman
` (344 preceding siblings ...)
2023-09-20 11:32 ` [PATCH 5.4 345/367] kobject: Add sanity check for kset->kobj.ktype in kset_register() Greg Kroah-Hartman
@ 2023-09-20 11:32 ` Greg Kroah-Hartman
2023-09-20 11:32 ` [PATCH 5.4 347/367] perf jevents: Make build dependency on test JSONs Greg Kroah-Hartman
` (26 subsequent siblings)
372 siblings, 0 replies; 396+ messages in thread
From: Greg Kroah-Hartman @ 2023-09-20 11:32 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Adrian Hunter, Alexander Shishkin,
Ian Rogers, Jacek Caban, Jiri Olsa, Mark Rutland, Namhyung Kim,
Peter Zijlstra, Remi Bernon, Arnaldo Carvalho de Melo,
Sasha Levin
5.4-stable review patch. If anyone has any objections, please let me know.
------------------
From: Arnaldo Carvalho de Melo <acme@redhat.com>
[ Upstream commit e71e19a9ea70952a53d58a99971820ce6c1794a8 ]
Which is needed by the PE executable support, for instance.
Cc: Adrian Hunter <adrian.hunter@intel.com>
Cc: Alexander Shishkin <alexander.shishkin@linux.intel.com>
Cc: Ian Rogers <irogers@google.com>
Cc: Jacek Caban <jacek@codeweavers.com>
Cc: Jiri Olsa <jolsa@redhat.com>
Cc: Mark Rutland <mark.rutland@arm.com>
Cc: Namhyung Kim <namhyung@kernel.org>
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: Remi Bernon <rbernon@codeweavers.com>
Signed-off-by: Arnaldo Carvalho de Melo <acme@redhat.com>
Stable-dep-of: 7822a8913f4c ("perf build: Update build rule for generated files")
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
tools/build/Makefile.feature | 2 ++
tools/build/feature/Makefile | 4 ++++
tools/build/feature/test-all.c | 5 +++++
tools/build/feature/test-libbfd-buildid.c | 8 ++++++++
tools/perf/Makefile.config | 6 ++++++
5 files changed, 25 insertions(+)
create mode 100644 tools/build/feature/test-libbfd-buildid.c
diff --git a/tools/build/Makefile.feature b/tools/build/Makefile.feature
index 1ea26bb8c5791..6714c886940f8 100644
--- a/tools/build/Makefile.feature
+++ b/tools/build/Makefile.feature
@@ -42,6 +42,7 @@ FEATURE_TESTS_BASIC := \
gtk2-infobar \
libaudit \
libbfd \
+ libbfd-buildid \
libcap \
libelf \
libelf-getphdrnum \
@@ -110,6 +111,7 @@ FEATURE_DISPLAY ?= \
gtk2 \
libaudit \
libbfd \
+ libbfd-buildid \
libcap \
libelf \
libnuma \
diff --git a/tools/build/feature/Makefile b/tools/build/feature/Makefile
index 88392219d425e..8104e505efde6 100644
--- a/tools/build/feature/Makefile
+++ b/tools/build/feature/Makefile
@@ -15,6 +15,7 @@ FILES= \
test-hello.bin \
test-libaudit.bin \
test-libbfd.bin \
+ test-libbfd-buildid.bin \
test-disassembler-four-args.bin \
test-reallocarray.bin \
test-libbfd-liberty.bin \
@@ -223,6 +224,9 @@ $(OUTPUT)test-libpython.bin:
$(OUTPUT)test-libbfd.bin:
$(BUILD) -DPACKAGE='"perf"' -lbfd -ldl
+$(OUTPUT)test-libbfd-buildid.bin:
+ $(BUILD) -DPACKAGE='"perf"' -lbfd -ldl
+
$(OUTPUT)test-disassembler-four-args.bin:
$(BUILD) -DPACKAGE='"perf"' -lbfd -lopcodes
diff --git a/tools/build/feature/test-all.c b/tools/build/feature/test-all.c
index 6eaeaf2da36ea..039bd2fbe7d9e 100644
--- a/tools/build/feature/test-all.c
+++ b/tools/build/feature/test-all.c
@@ -90,6 +90,10 @@
# include "test-libbfd.c"
#undef main
+#define main main_test_libbfd_buildid
+# include "test-libbfd-buildid.c"
+#undef main
+
#define main main_test_backtrace
# include "test-backtrace.c"
#undef main
@@ -208,6 +212,7 @@ int main(int argc, char *argv[])
main_test_gtk2(argc, argv);
main_test_gtk2_infobar(argc, argv);
main_test_libbfd();
+ main_test_libbfd_buildid();
main_test_backtrace();
main_test_libnuma();
main_test_numa_num_possible_cpus();
diff --git a/tools/build/feature/test-libbfd-buildid.c b/tools/build/feature/test-libbfd-buildid.c
new file mode 100644
index 0000000000000..157644b04c052
--- /dev/null
+++ b/tools/build/feature/test-libbfd-buildid.c
@@ -0,0 +1,8 @@
+// SPDX-License-Identifier: GPL-2.0
+#include <bfd.h>
+
+int main(void)
+{
+ bfd *abfd = bfd_openr("Pedro", 0);
+ return abfd && (!abfd->build_id || abfd->build_id->size > 0x506564726f);
+}
diff --git a/tools/perf/Makefile.config b/tools/perf/Makefile.config
index b94d9afad3f79..cc11050420496 100644
--- a/tools/perf/Makefile.config
+++ b/tools/perf/Makefile.config
@@ -775,6 +775,12 @@ else
$(call feature_check,disassembler-four-args)
endif
+ifeq ($(feature-libbfd-buildid), 1)
+ CFLAGS += -DHAVE_LIBBFD_BUILDID_SUPPORT
+else
+ msg := $(warning Old version of libbfd/binutils things like PE executable profiling will not be available);
+endif
+
ifdef NO_DEMANGLE
CFLAGS += -DNO_DEMANGLE
else
--
2.40.1
^ permalink raw reply related [flat|nested] 396+ messages in thread
* [PATCH 5.4 347/367] perf jevents: Make build dependency on test JSONs
2023-09-20 11:26 [PATCH 5.4 000/367] 5.4.257-rc1 review Greg Kroah-Hartman
` (345 preceding siblings ...)
2023-09-20 11:32 ` [PATCH 5.4 346/367] tools features: Add feature test to check if libbfd has buildid support Greg Kroah-Hartman
@ 2023-09-20 11:32 ` Greg Kroah-Hartman
2023-09-20 11:32 ` [PATCH 5.4 348/367] perf tools: Add an option to build without libbfd Greg Kroah-Hartman
` (25 subsequent siblings)
372 siblings, 0 replies; 396+ messages in thread
From: Greg Kroah-Hartman @ 2023-09-20 11:32 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, John Garry,
Arnaldo Carvalho de Melo, Alexander Shishkin, Ian Rogers,
Jin Yao, Jiri Olsa, Mark Rutland, Namhyung Kim, Peter Zijlstra,
linuxarm, Arnaldo Carvalho de Melo, Sasha Levin
5.4-stable review patch. If anyone has any objections, please let me know.
------------------
From: John Garry <john.garry@huawei.com>
[ Upstream commit 517db3b59537a59f6cc251b1926df93e93bb9c87 ]
Currently all JSONs and the mapfile for an arch are dependencies for
building pmu-events.c
The test JSONs are missing as a dependency, so add them.
Signed-off-by: John Garry <john.garry@huawei.com>
Reported-by: Arnaldo Carvalho de Melo <acme@kernel.org>
Cc: Alexander Shishkin <alexander.shishkin@linux.intel.com>
Cc: Ian Rogers <irogers@google.com>
Cc: Jin Yao <yao.jin@linux.intel.com>
Cc: Jiri Olsa <jolsa@redhat.com>
Cc: Mark Rutland <mark.rutland@arm.com>
Cc: Namhyung Kim <namhyung@kernel.org>
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: linuxarm@huawei.com
Link: http://lore.kernel.org/lkml/90094733-741c-50e5-ac7d-f5640b5f0bdd@huawei.com
Signed-off-by: Arnaldo Carvalho de Melo <acme@redhat.com>
Stable-dep-of: 7822a8913f4c ("perf build: Update build rule for generated files")
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
tools/perf/pmu-events/Build | 5 ++++-
1 file changed, 4 insertions(+), 1 deletion(-)
diff --git a/tools/perf/pmu-events/Build b/tools/perf/pmu-events/Build
index 215ba30b85343..a055dee6a46af 100644
--- a/tools/perf/pmu-events/Build
+++ b/tools/perf/pmu-events/Build
@@ -6,10 +6,13 @@ pmu-events-y += pmu-events.o
JDIR = pmu-events/arch/$(SRCARCH)
JSON = $(shell [ -d $(JDIR) ] && \
find $(JDIR) -name '*.json' -o -name 'mapfile.csv')
+JDIR_TEST = pmu-events/arch/test
+JSON_TEST = $(shell [ -d $(JDIR_TEST) ] && \
+ find $(JDIR_TEST) -name '*.json')
#
# Locate/process JSON files in pmu-events/arch/
# directory and create tables in pmu-events.c.
#
-$(OUTPUT)pmu-events/pmu-events.c: $(JSON) $(JEVENTS)
+$(OUTPUT)pmu-events/pmu-events.c: $(JSON) $(JSON_TEST) $(JEVENTS)
$(Q)$(call echo-cmd,gen)$(JEVENTS) $(SRCARCH) pmu-events/arch $(OUTPUT)pmu-events/pmu-events.c $(V)
--
2.40.1
^ permalink raw reply related [flat|nested] 396+ messages in thread
* [PATCH 5.4 348/367] perf tools: Add an option to build without libbfd
2023-09-20 11:26 [PATCH 5.4 000/367] 5.4.257-rc1 review Greg Kroah-Hartman
` (346 preceding siblings ...)
2023-09-20 11:32 ` [PATCH 5.4 347/367] perf jevents: Make build dependency on test JSONs Greg Kroah-Hartman
@ 2023-09-20 11:32 ` Greg Kroah-Hartman
2023-09-20 11:32 ` [PATCH 5.4 349/367] perf jevents: Switch build to use jevents.py Greg Kroah-Hartman
` (24 subsequent siblings)
372 siblings, 0 replies; 396+ messages in thread
From: Greg Kroah-Hartman @ 2023-09-20 11:32 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Ian Rogers, Alexander Shishkin,
Jiri Olsa, Mark Rutland, Namhyung Kim, Peter Zijlstra,
tony garnock-jones, Arnaldo Carvalho de Melo, Sasha Levin
5.4-stable review patch. If anyone has any objections, please let me know.
------------------
From: Ian Rogers <irogers@google.com>
[ Upstream commit 0d1c50ac488ebdaeeaea8ed5069f8d435fd485ed ]
Some distributions, like debian, don't link perf with libbfd. Add a
build flag to make this configuration buildable and testable.
This was inspired by:
https://lore.kernel.org/linux-perf-users/20210910102307.2055484-1-tonyg@leastfixedpoint.com/T/#u
Signed-off-by: Ian Rogers <irogers@google.com>
Cc: Alexander Shishkin <alexander.shishkin@linux.intel.com>
Cc: Jiri Olsa <jolsa@redhat.com>
Cc: Mark Rutland <mark.rutland@arm.com>
Cc: Namhyung Kim <namhyung@kernel.org>
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: tony garnock-jones <tonyg@leastfixedpoint.com>
Link: http://lore.kernel.org/lkml/20210910225756.729087-1-irogers@google.com
Signed-off-by: Arnaldo Carvalho de Melo <acme@redhat.com>
Stable-dep-of: 7822a8913f4c ("perf build: Update build rule for generated files")
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
tools/perf/Makefile.config | 47 ++++++++++++++++++++------------------
1 file changed, 25 insertions(+), 22 deletions(-)
diff --git a/tools/perf/Makefile.config b/tools/perf/Makefile.config
index cc11050420496..e95281586f65e 100644
--- a/tools/perf/Makefile.config
+++ b/tools/perf/Makefile.config
@@ -752,33 +752,36 @@ else
endif
endif
-ifeq ($(feature-libbfd), 1)
- EXTLIBS += -lbfd -lopcodes
-else
- # we are on a system that requires -liberty and (maybe) -lz
- # to link against -lbfd; test each case individually here
-
- # call all detections now so we get correct
- # status in VF output
- $(call feature_check,libbfd-liberty)
- $(call feature_check,libbfd-liberty-z)
- ifeq ($(feature-libbfd-liberty), 1)
- EXTLIBS += -lbfd -lopcodes -liberty
- FEATURE_CHECK_LDFLAGS-disassembler-four-args += -liberty -ldl
+ifndef NO_LIBBFD
+ ifeq ($(feature-libbfd), 1)
+ EXTLIBS += -lbfd -lopcodes
else
- ifeq ($(feature-libbfd-liberty-z), 1)
- EXTLIBS += -lbfd -lopcodes -liberty -lz
- FEATURE_CHECK_LDFLAGS-disassembler-four-args += -liberty -lz -ldl
+ # we are on a system that requires -liberty and (maybe) -lz
+ # to link against -lbfd; test each case individually here
+
+ # call all detections now so we get correct
+ # status in VF output
+ $(call feature_check,libbfd-liberty)
+ $(call feature_check,libbfd-liberty-z)
+
+ ifeq ($(feature-libbfd-liberty), 1)
+ EXTLIBS += -lbfd -lopcodes -liberty
+ FEATURE_CHECK_LDFLAGS-disassembler-four-args += -liberty -ldl
+ else
+ ifeq ($(feature-libbfd-liberty-z), 1)
+ EXTLIBS += -lbfd -lopcodes -liberty -lz
+ FEATURE_CHECK_LDFLAGS-disassembler-four-args += -liberty -lz -ldl
+ endif
endif
+ $(call feature_check,disassembler-four-args)
endif
- $(call feature_check,disassembler-four-args)
-endif
-ifeq ($(feature-libbfd-buildid), 1)
- CFLAGS += -DHAVE_LIBBFD_BUILDID_SUPPORT
-else
- msg := $(warning Old version of libbfd/binutils things like PE executable profiling will not be available);
+ ifeq ($(feature-libbfd-buildid), 1)
+ CFLAGS += -DHAVE_LIBBFD_BUILDID_SUPPORT
+ else
+ msg := $(warning Old version of libbfd/binutils things like PE executable profiling will not be available);
+ endif
endif
ifdef NO_DEMANGLE
--
2.40.1
^ permalink raw reply related [flat|nested] 396+ messages in thread
* [PATCH 5.4 349/367] perf jevents: Switch build to use jevents.py
2023-09-20 11:26 [PATCH 5.4 000/367] 5.4.257-rc1 review Greg Kroah-Hartman
` (347 preceding siblings ...)
2023-09-20 11:32 ` [PATCH 5.4 348/367] perf tools: Add an option to build without libbfd Greg Kroah-Hartman
@ 2023-09-20 11:32 ` Greg Kroah-Hartman
2023-09-20 11:32 ` [PATCH 5.4 350/367] perf build: Update build rule for generated files Greg Kroah-Hartman
` (23 subsequent siblings)
372 siblings, 0 replies; 396+ messages in thread
From: Greg Kroah-Hartman @ 2023-09-20 11:32 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Ian Rogers, John Garry,
Alexander Shishkin, Ananth Narayan, Andi Kleen, Andrew Kilroy,
Caleb Biggers, Felix Fietkau, Ian Rogers, Ingo Molnar,
James Clark, Jiri Olsa, Kajol Jain, Kan Liang,
Kshipra Bopardikar, Like Xu, Mark Rutland, Mathieu Poirier,
Namhyung Kim, Nick Forrington, Paul Clarke, Perry Taylor,
Peter Zijlstra, Qi Liu, Ravi Bangoria, Sandipan Das,
Santosh Shukla, Stephane Eranian, Will Deacon, Xing Zhengjun,
Arnaldo Carvalho de Melo, Sasha Levin
5.4-stable review patch. If anyone has any objections, please let me know.
------------------
From: Ian Rogers <rogers.email@gmail.com>
[ Upstream commit 00facc760903be6675870c2749e2cd72140e396e ]
Generate pmu-events.c using jevents.py rather than the binary built from
jevents.c.
Add a new config variable NO_JEVENTS that is set when there is no
architecture json or an appropriate python interpreter isn't present.
When NO_JEVENTS is defined the file pmu-events/empty-pmu-events.c is
copied and used as the pmu-events.c file.
Signed-off-by: Ian Rogers <irogers@google.com>
Tested-by: John Garry <john.garry@huawei.com>
Cc: Alexander Shishkin <alexander.shishkin@linux.intel.com>
Cc: Ananth Narayan <ananth.narayan@amd.com>
Cc: Andi Kleen <ak@linux.intel.com>
Cc: Andrew Kilroy <andrew.kilroy@arm.com>
Cc: Caleb Biggers <caleb.biggers@intel.com>
Cc: Felix Fietkau <nbd@nbd.name>
Cc: Ian Rogers <rogers.email@gmail.com>
Cc: Ingo Molnar <mingo@redhat.com>
Cc: James Clark <james.clark@arm.com>
Cc: Jiri Olsa <jolsa@kernel.org>
Cc: Kajol Jain <kjain@linux.ibm.com>
Cc: Kan Liang <kan.liang@linux.intel.com>
Cc: Kshipra Bopardikar <kshipra.bopardikar@intel.com>
Cc: Like Xu <likexu@tencent.com>
Cc: Mark Rutland <mark.rutland@arm.com>
Cc: Mathieu Poirier <mathieu.poirier@linaro.org>
Cc: Namhyung Kim <namhyung@kernel.org>
Cc: Nick Forrington <nick.forrington@arm.com>
Cc: Paul Clarke <pc@us.ibm.com>
Cc: Perry Taylor <perry.taylor@intel.com>
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: Qi Liu <liuqi115@huawei.com>
Cc: Ravi Bangoria <ravi.bangoria@amd.com>
Cc: Sandipan Das <sandipan.das@amd.com>
Cc: Santosh Shukla <santosh.shukla@amd.com>
Cc: Stephane Eranian <eranian@google.com>
Cc: Will Deacon <will@kernel.org>
Cc: Xing Zhengjun <zhengjun.xing@linux.intel.com>
Link: https://lore.kernel.org/r/20220629182505.406269-4-irogers@google.com
Signed-off-by: Arnaldo Carvalho de Melo <acme@redhat.com>
Stable-dep-of: 7822a8913f4c ("perf build: Update build rule for generated files")
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
tools/perf/Makefile.config | 19 +++
tools/perf/Makefile.perf | 1 +
tools/perf/pmu-events/Build | 13 +-
tools/perf/pmu-events/empty-pmu-events.c | 158 +++++++++++++++++++++++
4 files changed, 189 insertions(+), 2 deletions(-)
create mode 100644 tools/perf/pmu-events/empty-pmu-events.c
diff --git a/tools/perf/Makefile.config b/tools/perf/Makefile.config
index e95281586f65e..b76800bbc632a 100644
--- a/tools/perf/Makefile.config
+++ b/tools/perf/Makefile.config
@@ -752,6 +752,25 @@ else
endif
endif
+ifneq ($(NO_JEVENTS),1)
+ ifeq ($(wildcard pmu-events/arch/$(SRCARCH)/mapfile.csv),)
+ NO_JEVENTS := 1
+ endif
+endif
+ifneq ($(NO_JEVENTS),1)
+ NO_JEVENTS := 0
+ ifndef PYTHON
+ $(warning No python interpreter disabling jevent generation)
+ NO_JEVENTS := 1
+ else
+ # jevents.py uses f-strings present in Python 3.6 released in Dec. 2016.
+ JEVENTS_PYTHON_GOOD := $(shell $(PYTHON) -c 'import sys;print("1" if(sys.version_info.major >= 3 and sys.version_info.minor >= 6) else "0")' 2> /dev/null)
+ ifneq ($(JEVENTS_PYTHON_GOOD), 1)
+ $(warning Python interpreter too old (older than 3.6) disabling jevent generation)
+ NO_JEVENTS := 1
+ endif
+ endif
+endif
ifndef NO_LIBBFD
ifeq ($(feature-libbfd), 1)
diff --git a/tools/perf/Makefile.perf b/tools/perf/Makefile.perf
index 961f5e4fd6566..b0314f31e5a37 100644
--- a/tools/perf/Makefile.perf
+++ b/tools/perf/Makefile.perf
@@ -584,6 +584,7 @@ JEVENTS := $(OUTPUT)pmu-events/jevents
JEVENTS_IN := $(OUTPUT)pmu-events/jevents-in.o
PMU_EVENTS_IN := $(OUTPUT)pmu-events/pmu-events-in.o
+export NO_JEVENTS
export JEVENTS
diff --git a/tools/perf/pmu-events/Build b/tools/perf/pmu-events/Build
index a055dee6a46af..5ec5ce8c31bab 100644
--- a/tools/perf/pmu-events/Build
+++ b/tools/perf/pmu-events/Build
@@ -9,10 +9,19 @@ JSON = $(shell [ -d $(JDIR) ] && \
JDIR_TEST = pmu-events/arch/test
JSON_TEST = $(shell [ -d $(JDIR_TEST) ] && \
find $(JDIR_TEST) -name '*.json')
+JEVENTS_PY = pmu-events/jevents.py
#
# Locate/process JSON files in pmu-events/arch/
# directory and create tables in pmu-events.c.
#
-$(OUTPUT)pmu-events/pmu-events.c: $(JSON) $(JSON_TEST) $(JEVENTS)
- $(Q)$(call echo-cmd,gen)$(JEVENTS) $(SRCARCH) pmu-events/arch $(OUTPUT)pmu-events/pmu-events.c $(V)
+
+ifeq ($(NO_JEVENTS),1)
+$(OUTPUT)pmu-events/pmu-events.c: pmu-events/empty-pmu-events.c
+ $(call rule_mkdir)
+ $(Q)$(call echo-cmd,gen)cp $< $@
+else
+$(OUTPUT)pmu-events/pmu-events.c: $(JSON) $(JSON_TEST) $(JEVENTS_PY)
+ $(call rule_mkdir)
+ $(Q)$(call echo-cmd,gen)$(PYTHON) $(JEVENTS_PY) $(SRCARCH) pmu-events/arch $@
+endif
diff --git a/tools/perf/pmu-events/empty-pmu-events.c b/tools/perf/pmu-events/empty-pmu-events.c
new file mode 100644
index 0000000000000..77e655c6f1162
--- /dev/null
+++ b/tools/perf/pmu-events/empty-pmu-events.c
@@ -0,0 +1,158 @@
+// SPDX-License-Identifier: GPL-2.0
+/*
+ * An empty pmu-events.c file used when there is no architecture json files in
+ * arch or when the jevents.py script cannot be run.
+ *
+ * The test cpu/soc is provided for testing.
+ */
+#include "pmu-events/pmu-events.h"
+
+static const struct pmu_event pme_test_soc_cpu[] = {
+ {
+ .name = "l3_cache_rd",
+ .event = "event=0x40",
+ .desc = "L3 cache access, read",
+ .topic = "cache",
+ .long_desc = "Attributable Level 3 cache access, read",
+ },
+ {
+ .name = "segment_reg_loads.any",
+ .event = "event=0x6,period=200000,umask=0x80",
+ .desc = "Number of segment register loads",
+ .topic = "other",
+ },
+ {
+ .name = "dispatch_blocked.any",
+ .event = "event=0x9,period=200000,umask=0x20",
+ .desc = "Memory cluster signals to block micro-op dispatch for any reason",
+ .topic = "other",
+ },
+ {
+ .name = "eist_trans",
+ .event = "event=0x3a,period=200000,umask=0x0",
+ .desc = "Number of Enhanced Intel SpeedStep(R) Technology (EIST) transitions",
+ .topic = "other",
+ },
+ {
+ .name = "uncore_hisi_ddrc.flux_wcmd",
+ .event = "event=0x2",
+ .desc = "DDRC write commands. Unit: hisi_sccl,ddrc ",
+ .topic = "uncore",
+ .long_desc = "DDRC write commands",
+ .pmu = "hisi_sccl,ddrc",
+ },
+ {
+ .name = "unc_cbo_xsnp_response.miss_eviction",
+ .event = "event=0x22,umask=0x81",
+ .desc = "A cross-core snoop resulted from L3 Eviction which misses in some processor core. Unit: uncore_cbox ",
+ .topic = "uncore",
+ .long_desc = "A cross-core snoop resulted from L3 Eviction which misses in some processor core",
+ .pmu = "uncore_cbox",
+ },
+ {
+ .name = "event-hyphen",
+ .event = "event=0xe0,umask=0x00",
+ .desc = "UNC_CBO_HYPHEN. Unit: uncore_cbox ",
+ .topic = "uncore",
+ .long_desc = "UNC_CBO_HYPHEN",
+ .pmu = "uncore_cbox",
+ },
+ {
+ .name = "event-two-hyph",
+ .event = "event=0xc0,umask=0x00",
+ .desc = "UNC_CBO_TWO_HYPH. Unit: uncore_cbox ",
+ .topic = "uncore",
+ .long_desc = "UNC_CBO_TWO_HYPH",
+ .pmu = "uncore_cbox",
+ },
+ {
+ .name = "uncore_hisi_l3c.rd_hit_cpipe",
+ .event = "event=0x7",
+ .desc = "Total read hits. Unit: hisi_sccl,l3c ",
+ .topic = "uncore",
+ .long_desc = "Total read hits",
+ .pmu = "hisi_sccl,l3c",
+ },
+ {
+ .name = "uncore_imc_free_running.cache_miss",
+ .event = "event=0x12",
+ .desc = "Total cache misses. Unit: uncore_imc_free_running ",
+ .topic = "uncore",
+ .long_desc = "Total cache misses",
+ .pmu = "uncore_imc_free_running",
+ },
+ {
+ .name = "uncore_imc.cache_hits",
+ .event = "event=0x34",
+ .desc = "Total cache hits. Unit: uncore_imc ",
+ .topic = "uncore",
+ .long_desc = "Total cache hits",
+ .pmu = "uncore_imc",
+ },
+ {
+ .name = "bp_l1_btb_correct",
+ .event = "event=0x8a",
+ .desc = "L1 BTB Correction",
+ .topic = "branch",
+ },
+ {
+ .name = "bp_l2_btb_correct",
+ .event = "event=0x8b",
+ .desc = "L2 BTB Correction",
+ .topic = "branch",
+ },
+ {
+ .name = 0,
+ .event = 0,
+ .desc = 0,
+ },
+};
+
+const struct pmu_events_map pmu_events_map[] = {
+ {
+ .cpuid = "testcpu",
+ .version = "v1",
+ .type = "core",
+ .table = pme_test_soc_cpu,
+ },
+ {
+ .cpuid = 0,
+ .version = 0,
+ .type = 0,
+ .table = 0,
+ },
+};
+
+static const struct pmu_event pme_test_soc_sys[] = {
+ {
+ .name = "sys_ddr_pmu.write_cycles",
+ .event = "event=0x2b",
+ .desc = "ddr write-cycles event. Unit: uncore_sys_ddr_pmu ",
+ .compat = "v8",
+ .topic = "uncore",
+ .pmu = "uncore_sys_ddr_pmu",
+ },
+ {
+ .name = "sys_ccn_pmu.read_cycles",
+ .event = "config=0x2c",
+ .desc = "ccn read-cycles event. Unit: uncore_sys_ccn_pmu ",
+ .compat = "0x01",
+ .topic = "uncore",
+ .pmu = "uncore_sys_ccn_pmu",
+ },
+ {
+ .name = 0,
+ .event = 0,
+ .desc = 0,
+ },
+};
+
+const struct pmu_sys_events pmu_sys_event_tables[] = {
+ {
+ .table = pme_test_soc_sys,
+ .name = "pme_test_soc_sys",
+ },
+ {
+ .table = 0
+ },
+};
--
2.40.1
^ permalink raw reply related [flat|nested] 396+ messages in thread
* [PATCH 5.4 350/367] perf build: Update build rule for generated files
2023-09-20 11:26 [PATCH 5.4 000/367] 5.4.257-rc1 review Greg Kroah-Hartman
` (348 preceding siblings ...)
2023-09-20 11:32 ` [PATCH 5.4 349/367] perf jevents: Switch build to use jevents.py Greg Kroah-Hartman
@ 2023-09-20 11:32 ` Greg Kroah-Hartman
2023-09-20 11:32 ` [PATCH 5.4 351/367] btrfs: move btrfs_pinned_by_swapfile prototype into volumes.h Greg Kroah-Hartman
` (22 subsequent siblings)
372 siblings, 0 replies; 396+ messages in thread
From: Greg Kroah-Hartman @ 2023-09-20 11:32 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Namhyung Kim, Adrian Hunter,
Andi Kleen, Anup Sharma, Ian Rogers, Ingo Molnar, Jiri Olsa,
Peter Zijlstra, Arnaldo Carvalho de Melo, Sasha Levin
5.4-stable review patch. If anyone has any objections, please let me know.
------------------
From: Namhyung Kim <namhyung@kernel.org>
[ Upstream commit 7822a8913f4c51c7d1aff793b525d60c3384fb5b ]
The bison and flex generate C files from the source (.y and .l)
files. When O= option is used, they are saved in a separate directory
but the default build rule assumes the .C files are in the source
directory. So it might read invalid file if there are generated files
from an old version. The same is true for the pmu-events files.
For example, the following command would cause a build failure:
$ git checkout v6.3
$ make -C tools/perf # build in the same directory
$ git checkout v6.5-rc2
$ mkdir build # create a build directory
$ make -C tools/perf O=build # build in a different directory but it
# refers files in the source directory
Let's update the build rule to specify those cases explicitly to depend
on the files in the output directory.
Note that it's not a complete fix and it needs the next patch for the
include path too.
Fixes: 80eeb67fe577aa76 ("perf jevents: Program to convert JSON file")
Signed-off-by: Namhyung Kim <namhyung@kernel.org>
Cc: Adrian Hunter <adrian.hunter@intel.com>
Cc: Andi Kleen <ak@linux.intel.com>
Cc: Anup Sharma <anupnewsmail@gmail.com>
Cc: Ian Rogers <irogers@google.com>
Cc: Ingo Molnar <mingo@kernel.org>
Cc: Jiri Olsa <jolsa@kernel.org>
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: stable@vger.kernel.org
Link: https://lore.kernel.org/r/20230728022447.1323563-1-namhyung@kernel.org
Signed-off-by: Arnaldo Carvalho de Melo <acme@redhat.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
tools/build/Makefile.build | 10 ++++++++++
tools/perf/pmu-events/Build | 6 ++++++
2 files changed, 16 insertions(+)
diff --git a/tools/build/Makefile.build b/tools/build/Makefile.build
index cd72016c3cfa7..5a727094ae832 100644
--- a/tools/build/Makefile.build
+++ b/tools/build/Makefile.build
@@ -116,6 +116,16 @@ $(OUTPUT)%.s: %.c FORCE
$(call rule_mkdir)
$(call if_changed_dep,cc_s_c)
+# bison and flex files are generated in the OUTPUT directory
+# so it needs a separate rule to depend on them properly
+$(OUTPUT)%-bison.o: $(OUTPUT)%-bison.c FORCE
+ $(call rule_mkdir)
+ $(call if_changed_dep,$(host)cc_o_c)
+
+$(OUTPUT)%-flex.o: $(OUTPUT)%-flex.c FORCE
+ $(call rule_mkdir)
+ $(call if_changed_dep,$(host)cc_o_c)
+
# Gather build data:
# obj-y - list of build objects
# subdir-y - list of directories to nest
diff --git a/tools/perf/pmu-events/Build b/tools/perf/pmu-events/Build
index 5ec5ce8c31bab..ea8c41f9c7398 100644
--- a/tools/perf/pmu-events/Build
+++ b/tools/perf/pmu-events/Build
@@ -25,3 +25,9 @@ $(OUTPUT)pmu-events/pmu-events.c: $(JSON) $(JSON_TEST) $(JEVENTS_PY)
$(call rule_mkdir)
$(Q)$(call echo-cmd,gen)$(PYTHON) $(JEVENTS_PY) $(SRCARCH) pmu-events/arch $@
endif
+
+# pmu-events.c file is generated in the OUTPUT directory so it needs a
+# separate rule to depend on it properly
+$(OUTPUT)pmu-events/pmu-events.o: $(PMU_EVENTS_C)
+ $(call rule_mkdir)
+ $(call if_changed_dep,cc_o_c)
--
2.40.1
^ permalink raw reply related [flat|nested] 396+ messages in thread
* [PATCH 5.4 351/367] btrfs: move btrfs_pinned_by_swapfile prototype into volumes.h
2023-09-20 11:26 [PATCH 5.4 000/367] 5.4.257-rc1 review Greg Kroah-Hartman
` (349 preceding siblings ...)
2023-09-20 11:32 ` [PATCH 5.4 350/367] perf build: Update build rule for generated files Greg Kroah-Hartman
@ 2023-09-20 11:32 ` Greg Kroah-Hartman
2023-09-20 11:32 ` [PATCH 5.4 352/367] btrfs: add a helper to read the superblock metadata_uuid Greg Kroah-Hartman
` (21 subsequent siblings)
372 siblings, 0 replies; 396+ messages in thread
From: Greg Kroah-Hartman @ 2023-09-20 11:32 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Johannes Thumshirn, Anand Jain,
Josef Bacik, David Sterba, Sasha Levin
5.4-stable review patch. If anyone has any objections, please let me know.
------------------
From: Josef Bacik <josef@toxicpanda.com>
[ Upstream commit c2e79e865b87c2920a3cd39de69c35f2bc758a51 ]
This is defined in volumes.c, move the prototype into volumes.h.
Reviewed-by: Johannes Thumshirn <johannes.thumshirn@wdc.com>
Reviewed-by: Anand Jain <anand.jain@oracle.com>
Signed-off-by: Josef Bacik <josef@toxicpanda.com>
Reviewed-by: David Sterba <dsterba@suse.com>
Signed-off-by: David Sterba <dsterba@suse.com>
Stable-dep-of: 6bfe3959b0e7 ("btrfs: compare the correct fsid/metadata_uuid in btrfs_validate_super")
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
fs/btrfs/ctree.h | 2 --
fs/btrfs/volumes.h | 2 ++
2 files changed, 2 insertions(+), 2 deletions(-)
diff --git a/fs/btrfs/ctree.h b/fs/btrfs/ctree.h
index c2e5fe972f566..b141a7ba4507b 100644
--- a/fs/btrfs/ctree.h
+++ b/fs/btrfs/ctree.h
@@ -482,8 +482,6 @@ struct btrfs_swapfile_pin {
bool is_block_group;
};
-bool btrfs_pinned_by_swapfile(struct btrfs_fs_info *fs_info, void *ptr);
-
enum {
BTRFS_FS_BARRIER,
BTRFS_FS_CLOSING_START,
diff --git a/fs/btrfs/volumes.h b/fs/btrfs/volumes.h
index aa6a6d7b2978e..fd8fdaa4b0cdf 100644
--- a/fs/btrfs/volumes.h
+++ b/fs/btrfs/volumes.h
@@ -581,4 +581,6 @@ int btrfs_bg_type_to_factor(u64 flags);
const char *btrfs_bg_type_to_raid_name(u64 flags);
int btrfs_verify_dev_extents(struct btrfs_fs_info *fs_info);
+bool btrfs_pinned_by_swapfile(struct btrfs_fs_info *fs_info, void *ptr);
+
#endif
--
2.40.1
^ permalink raw reply related [flat|nested] 396+ messages in thread
* [PATCH 5.4 352/367] btrfs: add a helper to read the superblock metadata_uuid
2023-09-20 11:26 [PATCH 5.4 000/367] 5.4.257-rc1 review Greg Kroah-Hartman
` (350 preceding siblings ...)
2023-09-20 11:32 ` [PATCH 5.4 351/367] btrfs: move btrfs_pinned_by_swapfile prototype into volumes.h Greg Kroah-Hartman
@ 2023-09-20 11:32 ` Greg Kroah-Hartman
2023-09-20 11:32 ` [PATCH 5.4 353/367] btrfs: compare the correct fsid/metadata_uuid in btrfs_validate_super Greg Kroah-Hartman
` (20 subsequent siblings)
372 siblings, 0 replies; 396+ messages in thread
From: Greg Kroah-Hartman @ 2023-09-20 11:32 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Johannes Thumshirn,
Guilherme G. Piccoli, Anand Jain, David Sterba, Sasha Levin
5.4-stable review patch. If anyone has any objections, please let me know.
------------------
From: Anand Jain <anand.jain@oracle.com>
[ Upstream commit 4844c3664a72d36cc79752cb651c78860b14c240 ]
In some cases, we need to read the FSID from the superblock when the
metadata_uuid is not set, and otherwise, read the metadata_uuid. So,
add a helper.
Reviewed-by: Johannes Thumshirn <johannes.thumshirn@wdc.com>
Tested-by: Guilherme G. Piccoli <gpiccoli@igalia.com>
Signed-off-by: Anand Jain <anand.jain@oracle.com>
Reviewed-by: David Sterba <dsterba@suse.com>
Signed-off-by: David Sterba <dsterba@suse.com>
Stable-dep-of: 6bfe3959b0e7 ("btrfs: compare the correct fsid/metadata_uuid in btrfs_validate_super")
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
fs/btrfs/volumes.c | 8 ++++++++
fs/btrfs/volumes.h | 1 +
2 files changed, 9 insertions(+)
diff --git a/fs/btrfs/volumes.c b/fs/btrfs/volumes.c
index 0d4afeacb237b..f9192dcb9208b 100644
--- a/fs/btrfs/volumes.c
+++ b/fs/btrfs/volumes.c
@@ -895,6 +895,14 @@ static int btrfs_open_one_device(struct btrfs_fs_devices *fs_devices,
return -EINVAL;
}
+u8 *btrfs_sb_fsid_ptr(struct btrfs_super_block *sb)
+{
+ bool has_metadata_uuid = (btrfs_super_incompat_flags(sb) &
+ BTRFS_FEATURE_INCOMPAT_METADATA_UUID);
+
+ return has_metadata_uuid ? sb->metadata_uuid : sb->fsid;
+}
+
/*
* Handle scanned device having its CHANGING_FSID_V2 flag set and the fs_devices
* being created with a disk that has already completed its fsid change.
diff --git a/fs/btrfs/volumes.h b/fs/btrfs/volumes.h
index fd8fdaa4b0cdf..762c0a3754982 100644
--- a/fs/btrfs/volumes.h
+++ b/fs/btrfs/volumes.h
@@ -582,5 +582,6 @@ const char *btrfs_bg_type_to_raid_name(u64 flags);
int btrfs_verify_dev_extents(struct btrfs_fs_info *fs_info);
bool btrfs_pinned_by_swapfile(struct btrfs_fs_info *fs_info, void *ptr);
+u8 *btrfs_sb_fsid_ptr(struct btrfs_super_block *sb);
#endif
--
2.40.1
^ permalink raw reply related [flat|nested] 396+ messages in thread
* [PATCH 5.4 353/367] btrfs: compare the correct fsid/metadata_uuid in btrfs_validate_super
2023-09-20 11:26 [PATCH 5.4 000/367] 5.4.257-rc1 review Greg Kroah-Hartman
` (351 preceding siblings ...)
2023-09-20 11:32 ` [PATCH 5.4 352/367] btrfs: add a helper to read the superblock metadata_uuid Greg Kroah-Hartman
@ 2023-09-20 11:32 ` Greg Kroah-Hartman
2023-09-20 11:32 ` [PATCH 5.4 354/367] selftests: tracing: Fix to unmount tracefs for recovering environment Greg Kroah-Hartman
` (19 subsequent siblings)
372 siblings, 0 replies; 396+ messages in thread
From: Greg Kroah-Hartman @ 2023-09-20 11:32 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Johannes Thumshirn,
Guilherme G. Piccoli, Anand Jain, David Sterba, Sasha Levin
5.4-stable review patch. If anyone has any objections, please let me know.
------------------
From: Anand Jain <anand.jain@oracle.com>
[ Upstream commit 6bfe3959b0e7a526f5c64747801a8613f002f05a ]
The function btrfs_validate_super() should verify the metadata_uuid in
the provided superblock argument. Because, all its callers expect it to
do that.
Such as in the following stacks:
write_all_supers()
sb = fs_info->super_for_commit;
btrfs_validate_write_super(.., sb)
btrfs_validate_super(.., sb, ..)
scrub_one_super()
btrfs_validate_super(.., sb, ..)
And
check_dev_super()
btrfs_validate_super(.., sb, ..)
However, it currently verifies the fs_info::super_copy::metadata_uuid
instead. Fix this using the correct metadata_uuid in the superblock
argument.
CC: stable@vger.kernel.org # 5.4+
Reviewed-by: Johannes Thumshirn <johannes.thumshirn@wdc.com>
Tested-by: Guilherme G. Piccoli <gpiccoli@igalia.com>
Signed-off-by: Anand Jain <anand.jain@oracle.com>
Reviewed-by: David Sterba <dsterba@suse.com>
Signed-off-by: David Sterba <dsterba@suse.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
fs/btrfs/disk-io.c | 8 +++-----
1 file changed, 3 insertions(+), 5 deletions(-)
diff --git a/fs/btrfs/disk-io.c b/fs/btrfs/disk-io.c
index a02fa6c07087c..b4ed11b5f1480 100644
--- a/fs/btrfs/disk-io.c
+++ b/fs/btrfs/disk-io.c
@@ -2487,13 +2487,11 @@ static int validate_super(struct btrfs_fs_info *fs_info,
ret = -EINVAL;
}
- if (btrfs_fs_incompat(fs_info, METADATA_UUID) &&
- memcmp(fs_info->fs_devices->metadata_uuid,
- fs_info->super_copy->metadata_uuid, BTRFS_FSID_SIZE)) {
+ if (memcmp(fs_info->fs_devices->metadata_uuid, btrfs_sb_fsid_ptr(sb),
+ BTRFS_FSID_SIZE) != 0) {
btrfs_err(fs_info,
"superblock metadata_uuid doesn't match metadata uuid of fs_devices: %pU != %pU",
- fs_info->super_copy->metadata_uuid,
- fs_info->fs_devices->metadata_uuid);
+ btrfs_sb_fsid_ptr(sb), fs_info->fs_devices->metadata_uuid);
ret = -EINVAL;
}
--
2.40.1
^ permalink raw reply related [flat|nested] 396+ messages in thread
* [PATCH 5.4 354/367] selftests: tracing: Fix to unmount tracefs for recovering environment
2023-09-20 11:26 [PATCH 5.4 000/367] 5.4.257-rc1 review Greg Kroah-Hartman
` (352 preceding siblings ...)
2023-09-20 11:32 ` [PATCH 5.4 353/367] btrfs: compare the correct fsid/metadata_uuid in btrfs_validate_super Greg Kroah-Hartman
@ 2023-09-20 11:32 ` Greg Kroah-Hartman
2023-09-20 11:32 ` [PATCH 5.4 355/367] md/raid1: fix error: ISO C90 forbids mixed declarations Greg Kroah-Hartman
` (18 subsequent siblings)
372 siblings, 0 replies; 396+ messages in thread
From: Greg Kroah-Hartman @ 2023-09-20 11:32 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Mark Brown,
Masami Hiramatsu (Google), Steven Rostedt (Google),
Shuah Khan, Sasha Levin
5.4-stable review patch. If anyone has any objections, please let me know.
------------------
From: Masami Hiramatsu (Google) <mhiramat@kernel.org>
[ Upstream commit 7e021da80f48582171029714f8a487347f29dddb ]
Fix to unmount the tracefs if the ftracetest mounted it for recovering
system environment. If the tracefs is already mounted, this does nothing.
Suggested-by: Mark Brown <broonie@kernel.org>
Link: https://lore.kernel.org/all/29fce076-746c-4650-8358-b4e0fa215cf7@sirena.org.uk/
Fixes: cbd965bde74c ("ftrace/selftests: Return the skip code when tracing directory not configured in kernel")
Signed-off-by: Masami Hiramatsu (Google) <mhiramat@kernel.org>
Reviewed-by: Steven Rostedt (Google) <rostedt@goodmis.org>
Reviewed-by: Mark Brown <broonie@kernel.org>
Signed-off-by: Shuah Khan <skhan@linuxfoundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
tools/testing/selftests/ftrace/ftracetest | 8 ++++++++
1 file changed, 8 insertions(+)
diff --git a/tools/testing/selftests/ftrace/ftracetest b/tools/testing/selftests/ftrace/ftracetest
index 19e9236dec5e2..f2e1b2bfcf0b0 100755
--- a/tools/testing/selftests/ftrace/ftracetest
+++ b/tools/testing/selftests/ftrace/ftracetest
@@ -30,6 +30,9 @@ err_ret=1
# kselftest skip code is 4
err_skip=4
+# umount required
+UMOUNT_DIR=""
+
# cgroup RT scheduling prevents chrt commands from succeeding, which
# induces failures in test wakeup tests. Disable for the duration of
# the tests.
@@ -44,6 +47,9 @@ setup() {
cleanup() {
echo $sched_rt_runtime_orig > $sched_rt_runtime
+ if [ -n "${UMOUNT_DIR}" ]; then
+ umount ${UMOUNT_DIR} ||:
+ fi
}
errexit() { # message
@@ -155,11 +161,13 @@ if [ -z "$TRACING_DIR" ]; then
mount -t tracefs nodev /sys/kernel/tracing ||
errexit "Failed to mount /sys/kernel/tracing"
TRACING_DIR="/sys/kernel/tracing"
+ UMOUNT_DIR=${TRACING_DIR}
# If debugfs exists, then so does /sys/kernel/debug
elif [ -d "/sys/kernel/debug" ]; then
mount -t debugfs nodev /sys/kernel/debug ||
errexit "Failed to mount /sys/kernel/debug"
TRACING_DIR="/sys/kernel/debug/tracing"
+ UMOUNT_DIR=${TRACING_DIR}
else
err_ret=$err_skip
errexit "debugfs and tracefs are not configured in this kernel"
--
2.40.1
^ permalink raw reply related [flat|nested] 396+ messages in thread
* [PATCH 5.4 355/367] md/raid1: fix error: ISO C90 forbids mixed declarations
2023-09-20 11:26 [PATCH 5.4 000/367] 5.4.257-rc1 review Greg Kroah-Hartman
` (353 preceding siblings ...)
2023-09-20 11:32 ` [PATCH 5.4 354/367] selftests: tracing: Fix to unmount tracefs for recovering environment Greg Kroah-Hartman
@ 2023-09-20 11:32 ` Greg Kroah-Hartman
2023-09-20 11:32 ` [PATCH 5.4 356/367] attr: block mode changes of symlinks Greg Kroah-Hartman
` (17 subsequent siblings)
372 siblings, 0 replies; 396+ messages in thread
From: Greg Kroah-Hartman @ 2023-09-20 11:32 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Nigel Croxon, Song Liu, Sasha Levin
5.4-stable review patch. If anyone has any objections, please let me know.
------------------
From: Nigel Croxon <ncroxon@redhat.com>
[ Upstream commit df203da47f4428bc286fc99318936416253a321c ]
There is a compile error when this commit is added:
md: raid1: fix potential OOB in raid1_remove_disk()
drivers/md/raid1.c: In function 'raid1_remove_disk':
drivers/md/raid1.c:1844:9: error: ISO C90 forbids mixed declarations
and code [-Werror=declaration-after-statement]
1844 | struct raid1_info *p = conf->mirrors + number;
| ^~~~~~
That's because the new code was inserted before the struct.
The change is move the struct command above this commit.
Fixes: 8b0472b50bcf ("md: raid1: fix potential OOB in raid1_remove_disk()")
Signed-off-by: Nigel Croxon <ncroxon@redhat.com>
Signed-off-by: Song Liu <song@kernel.org>
Link: https://lore.kernel.org/r/46d929d0-2aab-4cf2-b2bf-338963e8ba5a@redhat.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/md/raid1.c | 3 +--
1 file changed, 1 insertion(+), 2 deletions(-)
diff --git a/drivers/md/raid1.c b/drivers/md/raid1.c
index f96e079454700..c40237cfdcb0f 100644
--- a/drivers/md/raid1.c
+++ b/drivers/md/raid1.c
@@ -1808,12 +1808,11 @@ static int raid1_remove_disk(struct mddev *mddev, struct md_rdev *rdev)
struct r1conf *conf = mddev->private;
int err = 0;
int number = rdev->raid_disk;
+ struct raid1_info *p = conf->mirrors + number;
if (unlikely(number >= conf->raid_disks))
goto abort;
- struct raid1_info *p = conf->mirrors + number;
-
if (rdev != p->rdev)
p = conf->mirrors + conf->raid_disks + number;
--
2.40.1
^ permalink raw reply related [flat|nested] 396+ messages in thread
* [PATCH 5.4 356/367] attr: block mode changes of symlinks
2023-09-20 11:26 [PATCH 5.4 000/367] 5.4.257-rc1 review Greg Kroah-Hartman
` (354 preceding siblings ...)
2023-09-20 11:32 ` [PATCH 5.4 355/367] md/raid1: fix error: ISO C90 forbids mixed declarations Greg Kroah-Hartman
@ 2023-09-20 11:32 ` Greg Kroah-Hartman
2023-09-20 11:32 ` [PATCH 5.4 357/367] btrfs: fix lockdep splat and potential deadlock after failure running delayed items Greg Kroah-Hartman
` (16 subsequent siblings)
372 siblings, 0 replies; 396+ messages in thread
From: Greg Kroah-Hartman @ 2023-09-20 11:32 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Aleksa Sarai, Christoph Hellwig,
Florian Weimer, Christian Brauner
5.4-stable review patch. If anyone has any objections, please let me know.
------------------
From: Christian Brauner <brauner@kernel.org>
commit 5d1f903f75a80daa4dfb3d84e114ec8ecbf29956 upstream.
Changing the mode of symlinks is meaningless as the vfs doesn't take the
mode of a symlink into account during path lookup permission checking.
However, the vfs doesn't block mode changes on symlinks. This however,
has lead to an untenable mess roughly classifiable into the following
two categories:
(1) Filesystems that don't implement a i_op->setattr() for symlinks.
Such filesystems may or may not know that without i_op->setattr()
defined, notify_change() falls back to simple_setattr() causing the
inode's mode in the inode cache to be changed.
That's a generic issue as this will affect all non-size changing
inode attributes including ownership changes.
Example: afs
(2) Filesystems that fail with EOPNOTSUPP but change the mode of the
symlink nonetheless.
Some filesystems will happily update the mode of a symlink but still
return EOPNOTSUPP. This is the biggest source of confusion for
userspace.
The EOPNOTSUPP in this case comes from POSIX ACLs. Specifically it
comes from filesystems that call posix_acl_chmod(), e.g., btrfs via
if (!err && attr->ia_valid & ATTR_MODE)
err = posix_acl_chmod(idmap, dentry, inode->i_mode);
Filesystems including btrfs don't implement i_op->set_acl() so
posix_acl_chmod() will report EOPNOTSUPP.
When posix_acl_chmod() is called, most filesystems will have
finished updating the inode.
Perversely, this has the consequences that this behavior may depend
on two kconfig options and mount options:
* CONFIG_POSIX_ACL={y,n}
* CONFIG_${FSTYPE}_POSIX_ACL={y,n}
* Opt_acl, Opt_noacl
Example: btrfs, ext4, xfs
The only way to change the mode on a symlink currently involves abusing
an O_PATH file descriptor in the following manner:
fd = openat(-1, "/path/to/link", O_CLOEXEC | O_PATH | O_NOFOLLOW);
char path[PATH_MAX];
snprintf(path, sizeof(path), "/proc/self/fd/%d", fd);
chmod(path, 0000);
But for most major filesystems with POSIX ACL support such as btrfs,
ext4, ceph, tmpfs, xfs and others this will fail with EOPNOTSUPP with
the mode still updated due to the aforementioned posix_acl_chmod()
nonsense.
So, given that for all major filesystems this would fail with EOPNOTSUPP
and that both glibc (cf. [1]) and musl (cf. [2]) outright block mode
changes on symlinks we should just try and block mode changes on
symlinks directly in the vfs and have a clean break with this nonsense.
If this causes any regressions, we do the next best thing and fix up all
filesystems that do return EOPNOTSUPP with the mode updated to not call
posix_acl_chmod() on symlinks.
But as usual, let's try the clean cut solution first. It's a simple
patch that can be easily reverted. Not marking this for backport as I'll
do that manually if we're reasonably sure that this works and there are
no strong objections.
We could block this in chmod_common() but it's more appropriate to do it
notify_change() as it will also mean that we catch filesystems that
change symlink permissions explicitly or accidently.
Similar proposals were floated in the past as in [3] and [4] and again
recently in [5]. There's also a couple of bugs about this inconsistency
as in [6] and [7].
Link: https://sourceware.org/git/?p=glibc.git;a=blob;f=sysdeps/unix/sysv/linux/fchmodat.c;h=99527a3727e44cb8661ee1f743068f108ec93979;hb=HEAD [1]
Link: https://git.musl-libc.org/cgit/musl/tree/src/stat/fchmodat.c [2]
Link: https://lore.kernel.org/all/20200911065733.GA31579@infradead.org [3]
Link: https://sourceware.org/legacy-ml/libc-alpha/2020-02/msg00518.html [4]
Link: https://lore.kernel.org/lkml/87lefmbppo.fsf@oldenburg.str.redhat.com [5]
Link: https://sourceware.org/legacy-ml/libc-alpha/2020-02/msg00467.html [6]
Link: https://sourceware.org/bugzilla/show_bug.cgi?id=14578#c17 [7]
Reviewed-by: Aleksa Sarai <cyphar@cyphar.com>
Reviewed-by: Christoph Hellwig <hch@lst.de>
Cc: stable@vger.kernel.org # please backport to all LTSes but not before v6.6-rc2 is tagged
Suggested-by: Christoph Hellwig <hch@lst.de>
Suggested-by: Florian Weimer <fweimer@redhat.com>
Message-Id: <20230712-vfs-chmod-symlinks-v2-1-08cfb92b61dd@kernel.org>
Signed-off-by: Christian Brauner <brauner@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/attr.c | 20 ++++++++++++++++++--
1 file changed, 18 insertions(+), 2 deletions(-)
--- a/fs/attr.c
+++ b/fs/attr.c
@@ -253,9 +253,25 @@ int notify_change(struct dentry * dentry
}
if ((ia_valid & ATTR_MODE)) {
- umode_t amode = attr->ia_mode;
+ /*
+ * Don't allow changing the mode of symlinks:
+ *
+ * (1) The vfs doesn't take the mode of symlinks into account
+ * during permission checking.
+ * (2) This has never worked correctly. Most major filesystems
+ * did return EOPNOTSUPP due to interactions with POSIX ACLs
+ * but did still updated the mode of the symlink.
+ * This inconsistency led system call wrapper providers such
+ * as libc to block changing the mode of symlinks with
+ * EOPNOTSUPP already.
+ * (3) To even do this in the first place one would have to use
+ * specific file descriptors and quite some effort.
+ */
+ if (S_ISLNK(inode->i_mode))
+ return -EOPNOTSUPP;
+
/* Flag setting protected by i_mutex */
- if (is_sxid(amode))
+ if (is_sxid(attr->ia_mode))
inode->i_flags &= ~S_NOSEC;
}
^ permalink raw reply [flat|nested] 396+ messages in thread
* [PATCH 5.4 357/367] btrfs: fix lockdep splat and potential deadlock after failure running delayed items
2023-09-20 11:26 [PATCH 5.4 000/367] 5.4.257-rc1 review Greg Kroah-Hartman
` (355 preceding siblings ...)
2023-09-20 11:32 ` [PATCH 5.4 356/367] attr: block mode changes of symlinks Greg Kroah-Hartman
@ 2023-09-20 11:32 ` Greg Kroah-Hartman
2023-09-20 11:32 ` [PATCH 5.4 358/367] tracing: Have current_trace inc the trace array ref count Greg Kroah-Hartman
` (15 subsequent siblings)
372 siblings, 0 replies; 396+ messages in thread
From: Greg Kroah-Hartman @ 2023-09-20 11:32 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, syzbot+a379155f07c134ea9879,
Filipe Manana, David Sterba
5.4-stable review patch. If anyone has any objections, please let me know.
------------------
From: Filipe Manana <fdmanana@suse.com>
commit e110f8911ddb93e6f55da14ccbbe705397b30d0b upstream.
When running delayed items we are holding a delayed node's mutex and then
we will attempt to modify a subvolume btree to insert/update/delete the
delayed items. However if have an error during the insertions for example,
btrfs_insert_delayed_items() may return with a path that has locked extent
buffers (a leaf at the very least), and then we attempt to release the
delayed node at __btrfs_run_delayed_items(), which requires taking the
delayed node's mutex, causing an ABBA type of deadlock. This was reported
by syzbot and the lockdep splat is the following:
WARNING: possible circular locking dependency detected
6.5.0-rc7-syzkaller-00024-g93f5de5f648d #0 Not tainted
------------------------------------------------------
syz-executor.2/13257 is trying to acquire lock:
ffff88801835c0c0 (&delayed_node->mutex){+.+.}-{3:3}, at: __btrfs_release_delayed_node+0x9a/0xaa0 fs/btrfs/delayed-inode.c:256
but task is already holding lock:
ffff88802a5ab8e8 (btrfs-tree-00){++++}-{3:3}, at: __btrfs_tree_lock+0x3c/0x2a0 fs/btrfs/locking.c:198
which lock already depends on the new lock.
the existing dependency chain (in reverse order) is:
-> #1 (btrfs-tree-00){++++}-{3:3}:
__lock_release kernel/locking/lockdep.c:5475 [inline]
lock_release+0x36f/0x9d0 kernel/locking/lockdep.c:5781
up_write+0x79/0x580 kernel/locking/rwsem.c:1625
btrfs_tree_unlock_rw fs/btrfs/locking.h:189 [inline]
btrfs_unlock_up_safe+0x179/0x3b0 fs/btrfs/locking.c:239
search_leaf fs/btrfs/ctree.c:1986 [inline]
btrfs_search_slot+0x2511/0x2f80 fs/btrfs/ctree.c:2230
btrfs_insert_empty_items+0x9c/0x180 fs/btrfs/ctree.c:4376
btrfs_insert_delayed_item fs/btrfs/delayed-inode.c:746 [inline]
btrfs_insert_delayed_items fs/btrfs/delayed-inode.c:824 [inline]
__btrfs_commit_inode_delayed_items+0xd24/0x2410 fs/btrfs/delayed-inode.c:1111
__btrfs_run_delayed_items+0x1db/0x430 fs/btrfs/delayed-inode.c:1153
flush_space+0x269/0xe70 fs/btrfs/space-info.c:723
btrfs_async_reclaim_metadata_space+0x106/0x350 fs/btrfs/space-info.c:1078
process_one_work+0x92c/0x12c0 kernel/workqueue.c:2600
worker_thread+0xa63/0x1210 kernel/workqueue.c:2751
kthread+0x2b8/0x350 kernel/kthread.c:389
ret_from_fork+0x2e/0x60 arch/x86/kernel/process.c:145
ret_from_fork_asm+0x11/0x20 arch/x86/entry/entry_64.S:304
-> #0 (&delayed_node->mutex){+.+.}-{3:3}:
check_prev_add kernel/locking/lockdep.c:3142 [inline]
check_prevs_add kernel/locking/lockdep.c:3261 [inline]
validate_chain kernel/locking/lockdep.c:3876 [inline]
__lock_acquire+0x39ff/0x7f70 kernel/locking/lockdep.c:5144
lock_acquire+0x1e3/0x520 kernel/locking/lockdep.c:5761
__mutex_lock_common+0x1d8/0x2530 kernel/locking/mutex.c:603
__mutex_lock kernel/locking/mutex.c:747 [inline]
mutex_lock_nested+0x1b/0x20 kernel/locking/mutex.c:799
__btrfs_release_delayed_node+0x9a/0xaa0 fs/btrfs/delayed-inode.c:256
btrfs_release_delayed_node fs/btrfs/delayed-inode.c:281 [inline]
__btrfs_run_delayed_items+0x2b5/0x430 fs/btrfs/delayed-inode.c:1156
btrfs_commit_transaction+0x859/0x2ff0 fs/btrfs/transaction.c:2276
btrfs_sync_file+0xf56/0x1330 fs/btrfs/file.c:1988
vfs_fsync_range fs/sync.c:188 [inline]
vfs_fsync fs/sync.c:202 [inline]
do_fsync fs/sync.c:212 [inline]
__do_sys_fsync fs/sync.c:220 [inline]
__se_sys_fsync fs/sync.c:218 [inline]
__x64_sys_fsync+0x196/0x1e0 fs/sync.c:218
do_syscall_x64 arch/x86/entry/common.c:50 [inline]
do_syscall_64+0x41/0xc0 arch/x86/entry/common.c:80
entry_SYSCALL_64_after_hwframe+0x63/0xcd
other info that might help us debug this:
Possible unsafe locking scenario:
CPU0 CPU1
---- ----
lock(btrfs-tree-00);
lock(&delayed_node->mutex);
lock(btrfs-tree-00);
lock(&delayed_node->mutex);
*** DEADLOCK ***
3 locks held by syz-executor.2/13257:
#0: ffff88802c1ee370 (btrfs_trans_num_writers){++++}-{0:0}, at: spin_unlock include/linux/spinlock.h:391 [inline]
#0: ffff88802c1ee370 (btrfs_trans_num_writers){++++}-{0:0}, at: join_transaction+0xb87/0xe00 fs/btrfs/transaction.c:287
#1: ffff88802c1ee398 (btrfs_trans_num_extwriters){++++}-{0:0}, at: join_transaction+0xbb2/0xe00 fs/btrfs/transaction.c:288
#2: ffff88802a5ab8e8 (btrfs-tree-00){++++}-{3:3}, at: __btrfs_tree_lock+0x3c/0x2a0 fs/btrfs/locking.c:198
stack backtrace:
CPU: 0 PID: 13257 Comm: syz-executor.2 Not tainted 6.5.0-rc7-syzkaller-00024-g93f5de5f648d #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/26/2023
Call Trace:
<TASK>
__dump_stack lib/dump_stack.c:88 [inline]
dump_stack_lvl+0x1e7/0x2d0 lib/dump_stack.c:106
check_noncircular+0x375/0x4a0 kernel/locking/lockdep.c:2195
check_prev_add kernel/locking/lockdep.c:3142 [inline]
check_prevs_add kernel/locking/lockdep.c:3261 [inline]
validate_chain kernel/locking/lockdep.c:3876 [inline]
__lock_acquire+0x39ff/0x7f70 kernel/locking/lockdep.c:5144
lock_acquire+0x1e3/0x520 kernel/locking/lockdep.c:5761
__mutex_lock_common+0x1d8/0x2530 kernel/locking/mutex.c:603
__mutex_lock kernel/locking/mutex.c:747 [inline]
mutex_lock_nested+0x1b/0x20 kernel/locking/mutex.c:799
__btrfs_release_delayed_node+0x9a/0xaa0 fs/btrfs/delayed-inode.c:256
btrfs_release_delayed_node fs/btrfs/delayed-inode.c:281 [inline]
__btrfs_run_delayed_items+0x2b5/0x430 fs/btrfs/delayed-inode.c:1156
btrfs_commit_transaction+0x859/0x2ff0 fs/btrfs/transaction.c:2276
btrfs_sync_file+0xf56/0x1330 fs/btrfs/file.c:1988
vfs_fsync_range fs/sync.c:188 [inline]
vfs_fsync fs/sync.c:202 [inline]
do_fsync fs/sync.c:212 [inline]
__do_sys_fsync fs/sync.c:220 [inline]
__se_sys_fsync fs/sync.c:218 [inline]
__x64_sys_fsync+0x196/0x1e0 fs/sync.c:218
do_syscall_x64 arch/x86/entry/common.c:50 [inline]
do_syscall_64+0x41/0xc0 arch/x86/entry/common.c:80
entry_SYSCALL_64_after_hwframe+0x63/0xcd
RIP: 0033:0x7f3ad047cae9
Code: 28 00 00 00 75 (...)
RSP: 002b:00007f3ad12510c8 EFLAGS: 00000246 ORIG_RAX: 000000000000004a
RAX: ffffffffffffffda RBX: 00007f3ad059bf80 RCX: 00007f3ad047cae9
RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000005
RBP: 00007f3ad04c847a R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 000000000000000b R14: 00007f3ad059bf80 R15: 00007ffe56af92f8
</TASK>
------------[ cut here ]------------
Fix this by releasing the path before releasing the delayed node in the
error path at __btrfs_run_delayed_items().
Reported-by: syzbot+a379155f07c134ea9879@syzkaller.appspotmail.com
Link: https://lore.kernel.org/linux-btrfs/000000000000abba27060403b5bd@google.com/
CC: stable@vger.kernel.org # 4.14+
Signed-off-by: Filipe Manana <fdmanana@suse.com>
Signed-off-by: David Sterba <dsterba@suse.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/btrfs/delayed-inode.c | 19 ++++++++++++++++---
1 file changed, 16 insertions(+), 3 deletions(-)
--- a/fs/btrfs/delayed-inode.c
+++ b/fs/btrfs/delayed-inode.c
@@ -1175,20 +1175,33 @@ static int __btrfs_run_delayed_items(str
ret = __btrfs_commit_inode_delayed_items(trans, path,
curr_node);
if (ret) {
- btrfs_release_delayed_node(curr_node);
- curr_node = NULL;
btrfs_abort_transaction(trans, ret);
break;
}
prev_node = curr_node;
curr_node = btrfs_next_delayed_node(curr_node);
+ /*
+ * See the comment below about releasing path before releasing
+ * node. If the commit of delayed items was successful the path
+ * should always be released, but in case of an error, it may
+ * point to locked extent buffers (a leaf at the very least).
+ */
+ ASSERT(path->nodes[0] == NULL);
btrfs_release_delayed_node(prev_node);
}
+ /*
+ * Release the path to avoid a potential deadlock and lockdep splat when
+ * releasing the delayed node, as that requires taking the delayed node's
+ * mutex. If another task starts running delayed items before we take
+ * the mutex, it will first lock the mutex and then it may try to lock
+ * the same btree path (leaf).
+ */
+ btrfs_free_path(path);
+
if (curr_node)
btrfs_release_delayed_node(curr_node);
- btrfs_free_path(path);
trans->block_rsv = block_rsv;
return ret;
^ permalink raw reply [flat|nested] 396+ messages in thread
* [PATCH 5.4 358/367] tracing: Have current_trace inc the trace array ref count
2023-09-20 11:26 [PATCH 5.4 000/367] 5.4.257-rc1 review Greg Kroah-Hartman
` (356 preceding siblings ...)
2023-09-20 11:32 ` [PATCH 5.4 357/367] btrfs: fix lockdep splat and potential deadlock after failure running delayed items Greg Kroah-Hartman
@ 2023-09-20 11:32 ` Greg Kroah-Hartman
2023-09-20 11:32 ` [PATCH 5.4 359/367] tracing: Have option files " Greg Kroah-Hartman
` (14 subsequent siblings)
372 siblings, 0 replies; 396+ messages in thread
From: Greg Kroah-Hartman @ 2023-09-20 11:32 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Masami Hiramatsu, Mark Rutland,
Andrew Morton, Zheng Yejian, Linux Kernel Functional Testing,
Naresh Kamboju, Steven Rostedt (Google)
5.4-stable review patch. If anyone has any objections, please let me know.
------------------
From: Steven Rostedt (Google) <rostedt@goodmis.org>
commit 9b37febc578b2e1ad76a105aab11d00af5ec3d27 upstream.
The current_trace updates the trace array tracer. For an instance, if the
file is opened and the instance is deleted, reading or writing to the file
will cause a use after free.
Up the ref count of the trace array when current_trace is opened.
Link: https://lkml.kernel.org/r/20230907024803.877687227@goodmis.org
Link: https://lore.kernel.org/all/1cb3aee2-19af-c472-e265-05176fe9bd84@huawei.com/
Cc: stable@vger.kernel.org
Cc: Masami Hiramatsu <mhiramat@kernel.org>
Cc: Mark Rutland <mark.rutland@arm.com>
Cc: Andrew Morton <akpm@linux-foundation.org>
Cc: Zheng Yejian <zhengyejian1@huawei.com>
Fixes: 8530dec63e7b4 ("tracing: Add tracing_check_open_get_tr()")
Tested-by: Linux Kernel Functional Testing <lkft@linaro.org>
Tested-by: Naresh Kamboju <naresh.kamboju@linaro.org>
Signed-off-by: Steven Rostedt (Google) <rostedt@goodmis.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
kernel/trace/trace.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
--- a/kernel/trace/trace.c
+++ b/kernel/trace/trace.c
@@ -6951,10 +6951,11 @@ static const struct file_operations trac
#endif
static const struct file_operations set_tracer_fops = {
- .open = tracing_open_generic,
+ .open = tracing_open_generic_tr,
.read = tracing_set_trace_read,
.write = tracing_set_trace_write,
.llseek = generic_file_llseek,
+ .release = tracing_release_generic_tr,
};
static const struct file_operations tracing_pipe_fops = {
^ permalink raw reply [flat|nested] 396+ messages in thread
* [PATCH 5.4 359/367] tracing: Have option files inc the trace array ref count
2023-09-20 11:26 [PATCH 5.4 000/367] 5.4.257-rc1 review Greg Kroah-Hartman
` (357 preceding siblings ...)
2023-09-20 11:32 ` [PATCH 5.4 358/367] tracing: Have current_trace inc the trace array ref count Greg Kroah-Hartman
@ 2023-09-20 11:32 ` Greg Kroah-Hartman
2023-09-20 11:32 ` [PATCH 5.4 360/367] nfsd: fix change_info in NFSv4 RENAME replies Greg Kroah-Hartman
` (13 subsequent siblings)
372 siblings, 0 replies; 396+ messages in thread
From: Greg Kroah-Hartman @ 2023-09-20 11:32 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Masami Hiramatsu, Mark Rutland,
Andrew Morton, Zheng Yejian, Linux Kernel Functional Testing,
Naresh Kamboju, Steven Rostedt (Google)
5.4-stable review patch. If anyone has any objections, please let me know.
------------------
From: Steven Rostedt (Google) <rostedt@goodmis.org>
commit 7e2cfbd2d3c86afcd5c26b5c4b1dd251f63c5838 upstream.
The option files update the options for a given trace array. For an
instance, if the file is opened and the instance is deleted, reading or
writing to the file will cause a use after free.
Up the ref count of the trace_array when an option file is opened.
Link: https://lkml.kernel.org/r/20230907024804.086679464@goodmis.org
Link: https://lore.kernel.org/all/1cb3aee2-19af-c472-e265-05176fe9bd84@huawei.com/
Cc: stable@vger.kernel.org
Cc: Masami Hiramatsu <mhiramat@kernel.org>
Cc: Mark Rutland <mark.rutland@arm.com>
Cc: Andrew Morton <akpm@linux-foundation.org>
Cc: Zheng Yejian <zhengyejian1@huawei.com>
Fixes: 8530dec63e7b4 ("tracing: Add tracing_check_open_get_tr()")
Tested-by: Linux Kernel Functional Testing <lkft@linaro.org>
Tested-by: Naresh Kamboju <naresh.kamboju@linaro.org>
Signed-off-by: Steven Rostedt (Google) <rostedt@goodmis.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
kernel/trace/trace.c | 23 ++++++++++++++++++++++-
1 file changed, 22 insertions(+), 1 deletion(-)
--- a/kernel/trace/trace.c
+++ b/kernel/trace/trace.c
@@ -7996,12 +7996,33 @@ trace_options_write(struct file *filp, c
return cnt;
}
+static int tracing_open_options(struct inode *inode, struct file *filp)
+{
+ struct trace_option_dentry *topt = inode->i_private;
+ int ret;
+
+ ret = tracing_check_open_get_tr(topt->tr);
+ if (ret)
+ return ret;
+
+ filp->private_data = inode->i_private;
+ return 0;
+}
+
+static int tracing_release_options(struct inode *inode, struct file *file)
+{
+ struct trace_option_dentry *topt = file->private_data;
+
+ trace_array_put(topt->tr);
+ return 0;
+}
static const struct file_operations trace_options_fops = {
- .open = tracing_open_generic,
+ .open = tracing_open_options,
.read = trace_options_read,
.write = trace_options_write,
.llseek = generic_file_llseek,
+ .release = tracing_release_options,
};
/*
^ permalink raw reply [flat|nested] 396+ messages in thread
* [PATCH 5.4 360/367] nfsd: fix change_info in NFSv4 RENAME replies
2023-09-20 11:26 [PATCH 5.4 000/367] 5.4.257-rc1 review Greg Kroah-Hartman
` (358 preceding siblings ...)
2023-09-20 11:32 ` [PATCH 5.4 359/367] tracing: Have option files " Greg Kroah-Hartman
@ 2023-09-20 11:32 ` Greg Kroah-Hartman
2023-09-20 11:32 ` [PATCH 5.4 361/367] tracefs: Add missing lockdown check to tracefs_create_dir() Greg Kroah-Hartman
` (12 subsequent siblings)
372 siblings, 0 replies; 396+ messages in thread
From: Greg Kroah-Hartman @ 2023-09-20 11:32 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Zhi Li, Benjamin Coddington,
Jeff Layton, Chuck Lever
5.4-stable review patch. If anyone has any objections, please let me know.
------------------
From: Jeff Layton <jlayton@kernel.org>
commit fdd2630a7398191e84822612e589062063bd4f3d upstream.
nfsd sends the transposed directory change info in the RENAME reply. The
source directory is in save_fh and the target is in current_fh.
Reported-by: Zhi Li <yieli@redhat.com>
Reported-by: Benjamin Coddington <bcodding@redhat.com>
Closes: https://bugzilla.redhat.com/show_bug.cgi?id=2218844
Signed-off-by: Jeff Layton <jlayton@kernel.org>
Cc: <stable@vger.kernel.org>
Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/nfsd/nfs4proc.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
--- a/fs/nfsd/nfs4proc.c
+++ b/fs/nfsd/nfs4proc.c
@@ -865,8 +865,8 @@ nfsd4_rename(struct svc_rqst *rqstp, str
rename->rn_tname, rename->rn_tnamelen);
if (status)
return status;
- set_change_info(&rename->rn_sinfo, &cstate->current_fh);
- set_change_info(&rename->rn_tinfo, &cstate->save_fh);
+ set_change_info(&rename->rn_sinfo, &cstate->save_fh);
+ set_change_info(&rename->rn_tinfo, &cstate->current_fh);
return nfs_ok;
}
^ permalink raw reply [flat|nested] 396+ messages in thread
* [PATCH 5.4 361/367] tracefs: Add missing lockdown check to tracefs_create_dir()
2023-09-20 11:26 [PATCH 5.4 000/367] 5.4.257-rc1 review Greg Kroah-Hartman
` (359 preceding siblings ...)
2023-09-20 11:32 ` [PATCH 5.4 360/367] nfsd: fix change_info in NFSv4 RENAME replies Greg Kroah-Hartman
@ 2023-09-20 11:32 ` Greg Kroah-Hartman
2023-09-20 11:32 ` [PATCH 5.4 362/367] i2c: aspeed: Reset the i2c controller when timeout occurs Greg Kroah-Hartman
` (11 subsequent siblings)
372 siblings, 0 replies; 396+ messages in thread
From: Greg Kroah-Hartman @ 2023-09-20 11:32 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Masami Hiramatsu, Mark Rutland,
Andrew Morton, Ajay Kaher, Ching-lin Yu, kernel test robot,
Steven Rostedt (Google)
5.4-stable review patch. If anyone has any objections, please let me know.
------------------
From: Steven Rostedt (Google) <rostedt@goodmis.org>
commit 51aab5ffceb43e05119eb059048fd75765d2bc21 upstream.
The function tracefs_create_dir() was missing a lockdown check and was
called by the RV code. This gave an inconsistent behavior of this function
returning success while other tracefs functions failed. This caused the
inode being freed by the wrong kmem_cache.
Link: https://lkml.kernel.org/r/20230905182711.692687042@goodmis.org
Link: https://lore.kernel.org/all/202309050916.58201dc6-oliver.sang@intel.com/
Cc: stable@vger.kernel.org
Cc: Masami Hiramatsu <mhiramat@kernel.org>
Cc: Mark Rutland <mark.rutland@arm.com>
Cc: Andrew Morton <akpm@linux-foundation.org>
Cc: Ajay Kaher <akaher@vmware.com>
Cc: Ching-lin Yu <chinglinyu@google.com>
Fixes: bf8e602186ec4 ("tracing: Do not create tracefs files if tracefs lockdown is in effect")
Reported-by: kernel test robot <oliver.sang@intel.com>
Signed-off-by: Steven Rostedt (Google) <rostedt@goodmis.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/tracefs/inode.c | 3 +++
1 file changed, 3 insertions(+)
--- a/fs/tracefs/inode.c
+++ b/fs/tracefs/inode.c
@@ -551,6 +551,9 @@ static struct dentry *__create_dir(const
*/
struct dentry *tracefs_create_dir(const char *name, struct dentry *parent)
{
+ if (security_locked_down(LOCKDOWN_TRACEFS))
+ return NULL;
+
return __create_dir(name, parent, &simple_dir_inode_operations);
}
^ permalink raw reply [flat|nested] 396+ messages in thread
* [PATCH 5.4 362/367] i2c: aspeed: Reset the i2c controller when timeout occurs
2023-09-20 11:26 [PATCH 5.4 000/367] 5.4.257-rc1 review Greg Kroah-Hartman
` (360 preceding siblings ...)
2023-09-20 11:32 ` [PATCH 5.4 361/367] tracefs: Add missing lockdown check to tracefs_create_dir() Greg Kroah-Hartman
@ 2023-09-20 11:32 ` Greg Kroah-Hartman
2023-09-20 11:32 ` [PATCH 5.4 363/367] scsi: megaraid_sas: Fix deadlock on firmware crashdump Greg Kroah-Hartman
` (10 subsequent siblings)
372 siblings, 0 replies; 396+ messages in thread
From: Greg Kroah-Hartman @ 2023-09-20 11:32 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Tommy Huang, Andi Shyti, Wolfram Sang
5.4-stable review patch. If anyone has any objections, please let me know.
------------------
From: Tommy Huang <tommy_huang@aspeedtech.com>
commit fee465150b458351b6d9b9f66084f3cc3022b88b upstream.
Reset the i2c controller when an i2c transfer timeout occurs.
The remaining interrupts and device should be reset to avoid
unpredictable controller behavior.
Fixes: 2e57b7cebb98 ("i2c: aspeed: Add multi-master use case support")
Cc: <stable@vger.kernel.org> # v5.1+
Signed-off-by: Tommy Huang <tommy_huang@aspeedtech.com>
Reviewed-by: Andi Shyti <andi.shyti@kernel.org>
Signed-off-by: Wolfram Sang <wsa@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/i2c/busses/i2c-aspeed.c | 7 +++++--
1 file changed, 5 insertions(+), 2 deletions(-)
--- a/drivers/i2c/busses/i2c-aspeed.c
+++ b/drivers/i2c/busses/i2c-aspeed.c
@@ -693,13 +693,16 @@ static int aspeed_i2c_master_xfer(struct
if (time_left == 0) {
/*
- * If timed out and bus is still busy in a multi master
- * environment, attempt recovery at here.
+ * In a multi-master setup, if a timeout occurs, attempt
+ * recovery. But if the bus is idle, we still need to reset the
+ * i2c controller to clear the remaining interrupts.
*/
if (bus->multi_master &&
(readl(bus->base + ASPEED_I2C_CMD_REG) &
ASPEED_I2CD_BUS_BUSY_STS))
aspeed_i2c_recover_bus(bus);
+ else
+ aspeed_i2c_reset(bus);
/*
* If timed out and the state is still pending, drop the pending
^ permalink raw reply [flat|nested] 396+ messages in thread
* [PATCH 5.4 363/367] scsi: megaraid_sas: Fix deadlock on firmware crashdump
2023-09-20 11:26 [PATCH 5.4 000/367] 5.4.257-rc1 review Greg Kroah-Hartman
` (361 preceding siblings ...)
2023-09-20 11:32 ` [PATCH 5.4 362/367] i2c: aspeed: Reset the i2c controller when timeout occurs Greg Kroah-Hartman
@ 2023-09-20 11:32 ` Greg Kroah-Hartman
2023-09-20 11:32 ` [PATCH 5.4 364/367] ext4: fix rec_len verify error Greg Kroah-Hartman
` (9 subsequent siblings)
372 siblings, 0 replies; 396+ messages in thread
From: Greg Kroah-Hartman @ 2023-09-20 11:32 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Junxiao Bi, Mike Christie,
Martin K. Petersen
5.4-stable review patch. If anyone has any objections, please let me know.
------------------
From: Junxiao Bi <junxiao.bi@oracle.com>
commit 0b0747d507bffb827e40fc0f9fb5883fffc23477 upstream.
The following processes run into a deadlock. CPU 41 was waiting for CPU 29
to handle a CSD request while holding spinlock "crashdump_lock", but CPU 29
was hung by that spinlock with IRQs disabled.
PID: 17360 TASK: ffff95c1090c5c40 CPU: 41 COMMAND: "mrdiagd"
!# 0 [ffffb80edbf37b58] __read_once_size at ffffffff9b871a40 include/linux/compiler.h:185:0
!# 1 [ffffb80edbf37b58] atomic_read at ffffffff9b871a40 arch/x86/include/asm/atomic.h:27:0
!# 2 [ffffb80edbf37b58] dump_stack at ffffffff9b871a40 lib/dump_stack.c:54:0
# 3 [ffffb80edbf37b78] csd_lock_wait_toolong at ffffffff9b131ad5 kernel/smp.c:364:0
# 4 [ffffb80edbf37b78] __csd_lock_wait at ffffffff9b131ad5 kernel/smp.c:384:0
# 5 [ffffb80edbf37bf8] csd_lock_wait at ffffffff9b13267a kernel/smp.c:394:0
# 6 [ffffb80edbf37bf8] smp_call_function_many at ffffffff9b13267a kernel/smp.c:843:0
# 7 [ffffb80edbf37c50] smp_call_function at ffffffff9b13279d kernel/smp.c:867:0
# 8 [ffffb80edbf37c50] on_each_cpu at ffffffff9b13279d kernel/smp.c:976:0
# 9 [ffffb80edbf37c78] flush_tlb_kernel_range at ffffffff9b085c4b arch/x86/mm/tlb.c:742:0
#10 [ffffb80edbf37cb8] __purge_vmap_area_lazy at ffffffff9b23a1e0 mm/vmalloc.c:701:0
#11 [ffffb80edbf37ce0] try_purge_vmap_area_lazy at ffffffff9b23a2cc mm/vmalloc.c:722:0
#12 [ffffb80edbf37ce0] free_vmap_area_noflush at ffffffff9b23a2cc mm/vmalloc.c:754:0
#13 [ffffb80edbf37cf8] free_unmap_vmap_area at ffffffff9b23bb3b mm/vmalloc.c:764:0
#14 [ffffb80edbf37cf8] remove_vm_area at ffffffff9b23bb3b mm/vmalloc.c:1509:0
#15 [ffffb80edbf37d18] __vunmap at ffffffff9b23bb8a mm/vmalloc.c:1537:0
#16 [ffffb80edbf37d40] vfree at ffffffff9b23bc85 mm/vmalloc.c:1612:0
#17 [ffffb80edbf37d58] megasas_free_host_crash_buffer [megaraid_sas] at ffffffffc020b7f2 drivers/scsi/megaraid/megaraid_sas_fusion.c:3932:0
#18 [ffffb80edbf37d80] fw_crash_state_store [megaraid_sas] at ffffffffc01f804d drivers/scsi/megaraid/megaraid_sas_base.c:3291:0
#19 [ffffb80edbf37dc0] dev_attr_store at ffffffff9b56dd7b drivers/base/core.c:758:0
#20 [ffffb80edbf37dd0] sysfs_kf_write at ffffffff9b326acf fs/sysfs/file.c:144:0
#21 [ffffb80edbf37de0] kernfs_fop_write at ffffffff9b325fd4 fs/kernfs/file.c:316:0
#22 [ffffb80edbf37e20] __vfs_write at ffffffff9b29418a fs/read_write.c:480:0
#23 [ffffb80edbf37ea8] vfs_write at ffffffff9b294462 fs/read_write.c:544:0
#24 [ffffb80edbf37ee8] SYSC_write at ffffffff9b2946ec fs/read_write.c:590:0
#25 [ffffb80edbf37ee8] SyS_write at ffffffff9b2946ec fs/read_write.c:582:0
#26 [ffffb80edbf37f30] do_syscall_64 at ffffffff9b003ca9 arch/x86/entry/common.c:298:0
#27 [ffffb80edbf37f58] entry_SYSCALL_64 at ffffffff9ba001b1 arch/x86/entry/entry_64.S:238:0
PID: 17355 TASK: ffff95c1090c3d80 CPU: 29 COMMAND: "mrdiagd"
!# 0 [ffffb80f2d3c7d30] __read_once_size at ffffffff9b0f2ab0 include/linux/compiler.h:185:0
!# 1 [ffffb80f2d3c7d30] native_queued_spin_lock_slowpath at ffffffff9b0f2ab0 kernel/locking/qspinlock.c:368:0
# 2 [ffffb80f2d3c7d58] pv_queued_spin_lock_slowpath at ffffffff9b0f244b arch/x86/include/asm/paravirt.h:674:0
# 3 [ffffb80f2d3c7d58] queued_spin_lock_slowpath at ffffffff9b0f244b arch/x86/include/asm/qspinlock.h:53:0
# 4 [ffffb80f2d3c7d68] queued_spin_lock at ffffffff9b8961a6 include/asm-generic/qspinlock.h:90:0
# 5 [ffffb80f2d3c7d68] do_raw_spin_lock_flags at ffffffff9b8961a6 include/linux/spinlock.h:173:0
# 6 [ffffb80f2d3c7d68] __raw_spin_lock_irqsave at ffffffff9b8961a6 include/linux/spinlock_api_smp.h:122:0
# 7 [ffffb80f2d3c7d68] _raw_spin_lock_irqsave at ffffffff9b8961a6 kernel/locking/spinlock.c:160:0
# 8 [ffffb80f2d3c7d88] fw_crash_buffer_store [megaraid_sas] at ffffffffc01f8129 drivers/scsi/megaraid/megaraid_sas_base.c:3205:0
# 9 [ffffb80f2d3c7dc0] dev_attr_store at ffffffff9b56dd7b drivers/base/core.c:758:0
#10 [ffffb80f2d3c7dd0] sysfs_kf_write at ffffffff9b326acf fs/sysfs/file.c:144:0
#11 [ffffb80f2d3c7de0] kernfs_fop_write at ffffffff9b325fd4 fs/kernfs/file.c:316:0
#12 [ffffb80f2d3c7e20] __vfs_write at ffffffff9b29418a fs/read_write.c:480:0
#13 [ffffb80f2d3c7ea8] vfs_write at ffffffff9b294462 fs/read_write.c:544:0
#14 [ffffb80f2d3c7ee8] SYSC_write at ffffffff9b2946ec fs/read_write.c:590:0
#15 [ffffb80f2d3c7ee8] SyS_write at ffffffff9b2946ec fs/read_write.c:582:0
#16 [ffffb80f2d3c7f30] do_syscall_64 at ffffffff9b003ca9 arch/x86/entry/common.c:298:0
#17 [ffffb80f2d3c7f58] entry_SYSCALL_64 at ffffffff9ba001b1 arch/x86/entry/entry_64.S:238:0
The lock is used to synchronize different sysfs operations, it doesn't
protect any resource that will be touched by an interrupt. Consequently
it's not required to disable IRQs. Replace the spinlock with a mutex to fix
the deadlock.
Signed-off-by: Junxiao Bi <junxiao.bi@oracle.com>
Link: https://lore.kernel.org/r/20230828221018.19471-1-junxiao.bi@oracle.com
Reviewed-by: Mike Christie <michael.christie@oracle.com>
Cc: stable@vger.kernel.org
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/scsi/megaraid/megaraid_sas.h | 2 +-
drivers/scsi/megaraid/megaraid_sas_base.c | 21 +++++++++------------
2 files changed, 10 insertions(+), 13 deletions(-)
--- a/drivers/scsi/megaraid/megaraid_sas.h
+++ b/drivers/scsi/megaraid/megaraid_sas.h
@@ -2324,7 +2324,7 @@ struct megasas_instance {
u32 support_morethan256jbod; /* FW support for more than 256 PD/JBOD */
bool use_seqnum_jbod_fp; /* Added for PD sequence */
bool smp_affinity_enable;
- spinlock_t crashdump_lock;
+ struct mutex crashdump_lock;
struct megasas_register_set __iomem *reg_set;
u32 __iomem *reply_post_host_index_addr[MR_MAX_MSIX_REG_ARRAY];
--- a/drivers/scsi/megaraid/megaraid_sas_base.c
+++ b/drivers/scsi/megaraid/megaraid_sas_base.c
@@ -3208,14 +3208,13 @@ fw_crash_buffer_store(struct device *cde
struct megasas_instance *instance =
(struct megasas_instance *) shost->hostdata;
int val = 0;
- unsigned long flags;
if (kstrtoint(buf, 0, &val) != 0)
return -EINVAL;
- spin_lock_irqsave(&instance->crashdump_lock, flags);
+ mutex_lock(&instance->crashdump_lock);
instance->fw_crash_buffer_offset = val;
- spin_unlock_irqrestore(&instance->crashdump_lock, flags);
+ mutex_unlock(&instance->crashdump_lock);
return strlen(buf);
}
@@ -3230,24 +3229,23 @@ fw_crash_buffer_show(struct device *cdev
unsigned long dmachunk = CRASH_DMA_BUF_SIZE;
unsigned long chunk_left_bytes;
unsigned long src_addr;
- unsigned long flags;
u32 buff_offset;
- spin_lock_irqsave(&instance->crashdump_lock, flags);
+ mutex_lock(&instance->crashdump_lock);
buff_offset = instance->fw_crash_buffer_offset;
if (!instance->crash_dump_buf ||
!((instance->fw_crash_state == AVAILABLE) ||
(instance->fw_crash_state == COPYING))) {
dev_err(&instance->pdev->dev,
"Firmware crash dump is not available\n");
- spin_unlock_irqrestore(&instance->crashdump_lock, flags);
+ mutex_unlock(&instance->crashdump_lock);
return -EINVAL;
}
if (buff_offset > (instance->fw_crash_buffer_size * dmachunk)) {
dev_err(&instance->pdev->dev,
"Firmware crash dump offset is out of range\n");
- spin_unlock_irqrestore(&instance->crashdump_lock, flags);
+ mutex_unlock(&instance->crashdump_lock);
return 0;
}
@@ -3259,7 +3257,7 @@ fw_crash_buffer_show(struct device *cdev
src_addr = (unsigned long)instance->crash_buf[buff_offset / dmachunk] +
(buff_offset % dmachunk);
memcpy(buf, (void *)src_addr, size);
- spin_unlock_irqrestore(&instance->crashdump_lock, flags);
+ mutex_unlock(&instance->crashdump_lock);
return size;
}
@@ -3284,7 +3282,6 @@ fw_crash_state_store(struct device *cdev
struct megasas_instance *instance =
(struct megasas_instance *) shost->hostdata;
int val = 0;
- unsigned long flags;
if (kstrtoint(buf, 0, &val) != 0)
return -EINVAL;
@@ -3298,9 +3295,9 @@ fw_crash_state_store(struct device *cdev
instance->fw_crash_state = val;
if ((val == COPIED) || (val == COPY_ERROR)) {
- spin_lock_irqsave(&instance->crashdump_lock, flags);
+ mutex_lock(&instance->crashdump_lock);
megasas_free_host_crash_buffer(instance);
- spin_unlock_irqrestore(&instance->crashdump_lock, flags);
+ mutex_unlock(&instance->crashdump_lock);
if (val == COPY_ERROR)
dev_info(&instance->pdev->dev, "application failed to "
"copy Firmware crash dump\n");
@@ -7301,7 +7298,7 @@ static inline void megasas_init_ctrl_par
init_waitqueue_head(&instance->int_cmd_wait_q);
init_waitqueue_head(&instance->abort_cmd_wait_q);
- spin_lock_init(&instance->crashdump_lock);
+ mutex_init(&instance->crashdump_lock);
spin_lock_init(&instance->mfi_pool_lock);
spin_lock_init(&instance->hba_lock);
spin_lock_init(&instance->stream_lock);
^ permalink raw reply [flat|nested] 396+ messages in thread
* [PATCH 5.4 364/367] ext4: fix rec_len verify error
2023-09-20 11:26 [PATCH 5.4 000/367] 5.4.257-rc1 review Greg Kroah-Hartman
` (362 preceding siblings ...)
2023-09-20 11:32 ` [PATCH 5.4 363/367] scsi: megaraid_sas: Fix deadlock on firmware crashdump Greg Kroah-Hartman
@ 2023-09-20 11:32 ` Greg Kroah-Hartman
2023-09-20 11:32 ` [PATCH 5.4 365/367] mtd: rawnand: brcmnand: Fix ECC level field setting for v7.2 controller Greg Kroah-Hartman
` (8 subsequent siblings)
372 siblings, 0 replies; 396+ messages in thread
From: Greg Kroah-Hartman @ 2023-09-20 11:32 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, stable, Andreas Dilger,
Darrick J. Wong, Shida Zhang, Theodore Tso
5.4-stable review patch. If anyone has any objections, please let me know.
------------------
From: Shida Zhang <zhangshida@kylinos.cn>
commit 7fda67e8c3ab6069f75888f67958a6d30454a9f6 upstream.
With the configuration PAGE_SIZE 64k and filesystem blocksize 64k,
a problem occurred when more than 13 million files were directly created
under a directory:
EXT4-fs error (device xx): ext4_dx_csum_set:492: inode #xxxx: comm xxxxx: dir seems corrupt? Run e2fsck -D.
EXT4-fs error (device xx): ext4_dx_csum_verify:463: inode #xxxx: comm xxxxx: dir seems corrupt? Run e2fsck -D.
EXT4-fs error (device xx): dx_probe:856: inode #xxxx: block 8188: comm xxxxx: Directory index failed checksum
When enough files are created, the fake_dirent->reclen will be 0xffff.
it doesn't equal to the blocksize 65536, i.e. 0x10000.
But it is not the same condition when blocksize equals to 4k.
when enough files are created, the fake_dirent->reclen will be 0x1000.
it equals to the blocksize 4k, i.e. 0x1000.
The problem seems to be related to the limitation of the 16-bit field
when the blocksize is set to 64k.
To address this, helpers like ext4_rec_len_{from,to}_disk has already
been introduced to complete the conversion between the encoded and the
plain form of rec_len.
So fix this one by using the helper, and all the other in this file too.
Cc: stable@kernel.org
Fixes: dbe89444042a ("ext4: Calculate and verify checksums for htree nodes")
Suggested-by: Andreas Dilger <adilger@dilger.ca>
Suggested-by: Darrick J. Wong <djwong@kernel.org>
Signed-off-by: Shida Zhang <zhangshida@kylinos.cn>
Reviewed-by: Andreas Dilger <adilger@dilger.ca>
Reviewed-by: Darrick J. Wong <djwong@kernel.org>
Link: https://lore.kernel.org/r/20230803060938.1929759-1-zhangshida@kylinos.cn
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/ext4/namei.c | 26 +++++++++++++++-----------
1 file changed, 15 insertions(+), 11 deletions(-)
--- a/fs/ext4/namei.c
+++ b/fs/ext4/namei.c
@@ -325,17 +325,17 @@ static struct ext4_dir_entry_tail *get_d
struct buffer_head *bh)
{
struct ext4_dir_entry_tail *t;
+ int blocksize = EXT4_BLOCK_SIZE(inode->i_sb);
#ifdef PARANOID
struct ext4_dir_entry *d, *top;
d = (struct ext4_dir_entry *)bh->b_data;
top = (struct ext4_dir_entry *)(bh->b_data +
- (EXT4_BLOCK_SIZE(inode->i_sb) -
- sizeof(struct ext4_dir_entry_tail)));
- while (d < top && d->rec_len)
+ (blocksize - sizeof(struct ext4_dir_entry_tail)));
+ while (d < top && ext4_rec_len_from_disk(d->rec_len, blocksize))
d = (struct ext4_dir_entry *)(((void *)d) +
- le16_to_cpu(d->rec_len));
+ ext4_rec_len_from_disk(d->rec_len, blocksize));
if (d != top)
return NULL;
@@ -346,7 +346,8 @@ static struct ext4_dir_entry_tail *get_d
#endif
if (t->det_reserved_zero1 ||
- le16_to_cpu(t->det_rec_len) != sizeof(struct ext4_dir_entry_tail) ||
+ (ext4_rec_len_from_disk(t->det_rec_len, blocksize) !=
+ sizeof(struct ext4_dir_entry_tail)) ||
t->det_reserved_zero2 ||
t->det_reserved_ft != EXT4_FT_DIR_CSUM)
return NULL;
@@ -427,13 +428,14 @@ static struct dx_countlimit *get_dx_coun
struct ext4_dir_entry *dp;
struct dx_root_info *root;
int count_offset;
+ int blocksize = EXT4_BLOCK_SIZE(inode->i_sb);
+ unsigned int rlen = ext4_rec_len_from_disk(dirent->rec_len, blocksize);
- if (le16_to_cpu(dirent->rec_len) == EXT4_BLOCK_SIZE(inode->i_sb))
+ if (rlen == blocksize)
count_offset = 8;
- else if (le16_to_cpu(dirent->rec_len) == 12) {
+ else if (rlen == 12) {
dp = (struct ext4_dir_entry *)(((void *)dirent) + 12);
- if (le16_to_cpu(dp->rec_len) !=
- EXT4_BLOCK_SIZE(inode->i_sb) - 12)
+ if (ext4_rec_len_from_disk(dp->rec_len, blocksize) != blocksize - 12)
return NULL;
root = (struct dx_root_info *)(((void *)dp + 12));
if (root->reserved_zero ||
@@ -1246,6 +1248,7 @@ static int dx_make_map(struct inode *dir
unsigned int buflen = bh->b_size;
char *base = bh->b_data;
struct dx_hash_info h = *hinfo;
+ int blocksize = EXT4_BLOCK_SIZE(dir->i_sb);
if (ext4_has_metadata_csum(dir->i_sb))
buflen -= sizeof(struct ext4_dir_entry_tail);
@@ -1259,11 +1262,12 @@ static int dx_make_map(struct inode *dir
map_tail--;
map_tail->hash = h.hash;
map_tail->offs = ((char *) de - base)>>2;
- map_tail->size = le16_to_cpu(de->rec_len);
+ map_tail->size = ext4_rec_len_from_disk(de->rec_len,
+ blocksize);
count++;
cond_resched();
}
- de = ext4_next_entry(de, dir->i_sb->s_blocksize);
+ de = ext4_next_entry(de, blocksize);
}
return count;
}
^ permalink raw reply [flat|nested] 396+ messages in thread
* [PATCH 5.4 365/367] mtd: rawnand: brcmnand: Fix ECC level field setting for v7.2 controller
2023-09-20 11:26 [PATCH 5.4 000/367] 5.4.257-rc1 review Greg Kroah-Hartman
` (363 preceding siblings ...)
2023-09-20 11:32 ` [PATCH 5.4 364/367] ext4: fix rec_len verify error Greg Kroah-Hartman
@ 2023-09-20 11:32 ` Greg Kroah-Hartman
2023-09-20 11:32 ` [PATCH 5.4 366/367] drm/amdgpu: fix amdgpu_cs_p1_user_fence Greg Kroah-Hartman
` (7 subsequent siblings)
372 siblings, 0 replies; 396+ messages in thread
From: Greg Kroah-Hartman @ 2023-09-20 11:32 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, William Zhang, Florian Fainelli,
Miquel Raynal
5.4-stable review patch. If anyone has any objections, please let me know.
------------------
From: William Zhang <william.zhang@broadcom.com>
commit 2ec2839a9062db8a592525a3fdabd42dcd9a3a9b upstream.
v7.2 controller has different ECC level field size and shift in the acc
control register than its predecessor and successor controller. It needs
to be set specifically.
Fixes: decba6d47869 ("mtd: brcmnand: Add v7.2 controller support")
Signed-off-by: William Zhang <william.zhang@broadcom.com>
Reviewed-by: Florian Fainelli <florian.fainelli@broadcom.com>
Cc: stable@vger.kernel.org
Signed-off-by: Miquel Raynal <miquel.raynal@bootlin.com>
Link: https://lore.kernel.org/linux-mtd/20230706182909.79151-2-william.zhang@broadcom.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/mtd/nand/raw/brcmnand/brcmnand.c | 74 +++++++++++++++++--------------
1 file changed, 41 insertions(+), 33 deletions(-)
--- a/drivers/mtd/nand/raw/brcmnand/brcmnand.c
+++ b/drivers/mtd/nand/raw/brcmnand/brcmnand.c
@@ -197,6 +197,7 @@ struct brcmnand_controller {
unsigned int max_page_size;
const unsigned int *page_sizes;
unsigned int max_oob;
+ u32 ecc_level_shift;
u32 features;
/* for low-power standby/resume only */
@@ -487,6 +488,34 @@ enum {
INTFC_CTLR_READY = BIT(31),
};
+/***********************************************************************
+ * NAND ACC CONTROL bitfield
+ *
+ * Some bits have remained constant throughout hardware revision, while
+ * others have shifted around.
+ ***********************************************************************/
+
+/* Constant for all versions (where supported) */
+enum {
+ /* See BRCMNAND_HAS_CACHE_MODE */
+ ACC_CONTROL_CACHE_MODE = BIT(22),
+
+ /* See BRCMNAND_HAS_PREFETCH */
+ ACC_CONTROL_PREFETCH = BIT(23),
+
+ ACC_CONTROL_PAGE_HIT = BIT(24),
+ ACC_CONTROL_WR_PREEMPT = BIT(25),
+ ACC_CONTROL_PARTIAL_PAGE = BIT(26),
+ ACC_CONTROL_RD_ERASED = BIT(27),
+ ACC_CONTROL_FAST_PGM_RDIN = BIT(28),
+ ACC_CONTROL_WR_ECC = BIT(30),
+ ACC_CONTROL_RD_ECC = BIT(31),
+};
+
+#define ACC_CONTROL_ECC_SHIFT 16
+/* Only for v7.2 */
+#define ACC_CONTROL_ECC_EXT_SHIFT 13
+
static inline u32 nand_readreg(struct brcmnand_controller *ctrl, u32 offs)
{
return brcmnand_readl(ctrl->nand_base + offs);
@@ -590,6 +619,12 @@ static int brcmnand_revision_init(struct
else if (of_property_read_bool(ctrl->dev->of_node, "brcm,nand-has-wp"))
ctrl->features |= BRCMNAND_HAS_WP;
+ /* v7.2 has different ecc level shift in the acc register */
+ if (ctrl->nand_version == 0x0702)
+ ctrl->ecc_level_shift = ACC_CONTROL_ECC_EXT_SHIFT;
+ else
+ ctrl->ecc_level_shift = ACC_CONTROL_ECC_SHIFT;
+
return 0;
}
@@ -752,30 +787,6 @@ static inline int brcmnand_cmd_shift(str
return 0;
}
-/***********************************************************************
- * NAND ACC CONTROL bitfield
- *
- * Some bits have remained constant throughout hardware revision, while
- * others have shifted around.
- ***********************************************************************/
-
-/* Constant for all versions (where supported) */
-enum {
- /* See BRCMNAND_HAS_CACHE_MODE */
- ACC_CONTROL_CACHE_MODE = BIT(22),
-
- /* See BRCMNAND_HAS_PREFETCH */
- ACC_CONTROL_PREFETCH = BIT(23),
-
- ACC_CONTROL_PAGE_HIT = BIT(24),
- ACC_CONTROL_WR_PREEMPT = BIT(25),
- ACC_CONTROL_PARTIAL_PAGE = BIT(26),
- ACC_CONTROL_RD_ERASED = BIT(27),
- ACC_CONTROL_FAST_PGM_RDIN = BIT(28),
- ACC_CONTROL_WR_ECC = BIT(30),
- ACC_CONTROL_RD_ECC = BIT(31),
-};
-
static inline u32 brcmnand_spare_area_mask(struct brcmnand_controller *ctrl)
{
if (ctrl->nand_version == 0x0702)
@@ -786,18 +797,15 @@ static inline u32 brcmnand_spare_area_ma
return GENMASK(5, 0);
}
-#define NAND_ACC_CONTROL_ECC_SHIFT 16
-#define NAND_ACC_CONTROL_ECC_EXT_SHIFT 13
-
static inline u32 brcmnand_ecc_level_mask(struct brcmnand_controller *ctrl)
{
u32 mask = (ctrl->nand_version >= 0x0600) ? 0x1f : 0x0f;
- mask <<= NAND_ACC_CONTROL_ECC_SHIFT;
+ mask <<= ACC_CONTROL_ECC_SHIFT;
/* v7.2 includes additional ECC levels */
- if (ctrl->nand_version >= 0x0702)
- mask |= 0x7 << NAND_ACC_CONTROL_ECC_EXT_SHIFT;
+ if (ctrl->nand_version == 0x0702)
+ mask |= 0x7 << ACC_CONTROL_ECC_EXT_SHIFT;
return mask;
}
@@ -811,8 +819,8 @@ static void brcmnand_set_ecc_enabled(str
if (en) {
acc_control |= ecc_flags; /* enable RD/WR ECC */
- acc_control |= host->hwcfg.ecc_level
- << NAND_ACC_CONTROL_ECC_SHIFT;
+ acc_control &= ~brcmnand_ecc_level_mask(ctrl);
+ acc_control |= host->hwcfg.ecc_level << ctrl->ecc_level_shift;
} else {
acc_control &= ~ecc_flags; /* disable RD/WR ECC */
acc_control &= ~brcmnand_ecc_level_mask(ctrl);
@@ -2193,7 +2201,7 @@ static int brcmnand_set_cfg(struct brcmn
tmp = nand_readreg(ctrl, acc_control_offs);
tmp &= ~brcmnand_ecc_level_mask(ctrl);
- tmp |= cfg->ecc_level << NAND_ACC_CONTROL_ECC_SHIFT;
+ tmp |= cfg->ecc_level << ctrl->ecc_level_shift;
tmp &= ~brcmnand_spare_area_mask(ctrl);
tmp |= cfg->spare_area_size;
nand_writereg(ctrl, acc_control_offs, tmp);
^ permalink raw reply [flat|nested] 396+ messages in thread
* [PATCH 5.4 366/367] drm/amdgpu: fix amdgpu_cs_p1_user_fence
2023-09-20 11:26 [PATCH 5.4 000/367] 5.4.257-rc1 review Greg Kroah-Hartman
` (364 preceding siblings ...)
2023-09-20 11:32 ` [PATCH 5.4 365/367] mtd: rawnand: brcmnand: Fix ECC level field setting for v7.2 controller Greg Kroah-Hartman
@ 2023-09-20 11:32 ` Greg Kroah-Hartman
2023-09-20 11:32 ` [PATCH 5.4 367/367] net/sched: Retire rsvp classifier Greg Kroah-Hartman
` (6 subsequent siblings)
372 siblings, 0 replies; 396+ messages in thread
From: Greg Kroah-Hartman @ 2023-09-20 11:32 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Christian König, Alex Deucher
5.4-stable review patch. If anyone has any objections, please let me know.
------------------
From: Christian König <christian.koenig@amd.com>
commit 35588314e963938dfdcdb792c9170108399377d6 upstream.
The offset is just 32bits here so this can potentially overflow if
somebody specifies a large value. Instead reduce the size to calculate
the last possible offset.
The error handling path incorrectly drops the reference to the user
fence BO resulting in potential reference count underflow.
Signed-off-by: Christian König <christian.koenig@amd.com>
Reviewed-by: Alex Deucher <alexander.deucher@amd.com>
Signed-off-by: Alex Deucher <alexander.deucher@amd.com>
Cc: stable@vger.kernel.org
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/gpu/drm/amd/amdgpu/amdgpu_cs.c | 20 +++++---------------
1 file changed, 5 insertions(+), 15 deletions(-)
--- a/drivers/gpu/drm/amd/amdgpu/amdgpu_cs.c
+++ b/drivers/gpu/drm/amd/amdgpu/amdgpu_cs.c
@@ -43,7 +43,6 @@ static int amdgpu_cs_user_fence_chunk(st
struct drm_gem_object *gobj;
struct amdgpu_bo *bo;
unsigned long size;
- int r;
gobj = drm_gem_object_lookup(p->filp, data->handle);
if (gobj == NULL)
@@ -58,23 +57,14 @@ static int amdgpu_cs_user_fence_chunk(st
drm_gem_object_put_unlocked(gobj);
size = amdgpu_bo_size(bo);
- if (size != PAGE_SIZE || (data->offset + 8) > size) {
- r = -EINVAL;
- goto error_unref;
- }
-
- if (amdgpu_ttm_tt_get_usermm(bo->tbo.ttm)) {
- r = -EINVAL;
- goto error_unref;
- }
+ if (size != PAGE_SIZE || data->offset > (size - 8))
+ return -EINVAL;
- *offset = data->offset;
+ if (amdgpu_ttm_tt_get_usermm(bo->tbo.ttm))
+ return -EINVAL;
+ *offset = data->offset;
return 0;
-
-error_unref:
- amdgpu_bo_unref(&bo);
- return r;
}
static int amdgpu_cs_bo_handles_chunk(struct amdgpu_cs_parser *p,
^ permalink raw reply [flat|nested] 396+ messages in thread
* [PATCH 5.4 367/367] net/sched: Retire rsvp classifier
2023-09-20 11:26 [PATCH 5.4 000/367] 5.4.257-rc1 review Greg Kroah-Hartman
` (365 preceding siblings ...)
2023-09-20 11:32 ` [PATCH 5.4 366/367] drm/amdgpu: fix amdgpu_cs_p1_user_fence Greg Kroah-Hartman
@ 2023-09-20 11:32 ` Greg Kroah-Hartman
2023-09-20 17:21 ` [PATCH 5.4 000/367] 5.4.257-rc1 review Florian Fainelli
` (5 subsequent siblings)
372 siblings, 0 replies; 396+ messages in thread
From: Greg Kroah-Hartman @ 2023-09-20 11:32 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Jamal Hadi Salim, Jiri Pirko,
Paolo Abeni, Kyle Zeng
5.4-stable review patch. If anyone has any objections, please let me know.
------------------
From: Jamal Hadi Salim <jhs@mojatatu.com>
commit 265b4da82dbf5df04bee5a5d46b7474b1aaf326a upstream.
The rsvp classifier has served us well for about a quarter of a century but has
has not been getting much maintenance attention due to lack of known users.
Signed-off-by: Jamal Hadi Salim <jhs@mojatatu.com>
Acked-by: Jiri Pirko <jiri@nvidia.com>
Signed-off-by: Paolo Abeni <pabeni@redhat.com>
Signed-off-by: Kyle Zeng <zengyhkyle@gmail.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
net/sched/Kconfig | 28 -
net/sched/Makefile | 2
net/sched/cls_rsvp.c | 24 -
net/sched/cls_rsvp.h | 777 --------------------------------------------------
net/sched/cls_rsvp6.c | 24 -
5 files changed, 855 deletions(-)
--- a/net/sched/Kconfig
+++ b/net/sched/Kconfig
@@ -514,34 +514,6 @@ config CLS_U32_MARK
---help---
Say Y here to be able to use netfilter marks as u32 key.
-config NET_CLS_RSVP
- tristate "IPv4 Resource Reservation Protocol (RSVP)"
- select NET_CLS
- ---help---
- The Resource Reservation Protocol (RSVP) permits end systems to
- request a minimum and maximum data flow rate for a connection; this
- is important for real time data such as streaming sound or video.
-
- Say Y here if you want to be able to classify outgoing packets based
- on their RSVP requests.
-
- To compile this code as a module, choose M here: the
- module will be called cls_rsvp.
-
-config NET_CLS_RSVP6
- tristate "IPv6 Resource Reservation Protocol (RSVP6)"
- select NET_CLS
- ---help---
- The Resource Reservation Protocol (RSVP) permits end systems to
- request a minimum and maximum data flow rate for a connection; this
- is important for real time data such as streaming sound or video.
-
- Say Y here if you want to be able to classify outgoing packets based
- on their RSVP requests and you are using the IPv6 protocol.
-
- To compile this code as a module, choose M here: the
- module will be called cls_rsvp6.
-
config NET_CLS_FLOW
tristate "Flow classifier"
select NET_CLS
--- a/net/sched/Makefile
+++ b/net/sched/Makefile
@@ -65,8 +65,6 @@ obj-$(CONFIG_NET_SCH_TAPRIO) += sch_tapr
obj-$(CONFIG_NET_CLS_U32) += cls_u32.o
obj-$(CONFIG_NET_CLS_ROUTE4) += cls_route.o
obj-$(CONFIG_NET_CLS_FW) += cls_fw.o
-obj-$(CONFIG_NET_CLS_RSVP) += cls_rsvp.o
-obj-$(CONFIG_NET_CLS_RSVP6) += cls_rsvp6.o
obj-$(CONFIG_NET_CLS_BASIC) += cls_basic.o
obj-$(CONFIG_NET_CLS_FLOW) += cls_flow.o
obj-$(CONFIG_NET_CLS_CGROUP) += cls_cgroup.o
--- a/net/sched/cls_rsvp.c
+++ /dev/null
@@ -1,24 +0,0 @@
-// SPDX-License-Identifier: GPL-2.0-or-later
-/*
- * net/sched/cls_rsvp.c Special RSVP packet classifier for IPv4.
- *
- * Authors: Alexey Kuznetsov, <kuznet@ms2.inr.ac.ru>
- */
-
-#include <linux/module.h>
-#include <linux/types.h>
-#include <linux/kernel.h>
-#include <linux/string.h>
-#include <linux/errno.h>
-#include <linux/skbuff.h>
-#include <net/ip.h>
-#include <net/netlink.h>
-#include <net/act_api.h>
-#include <net/pkt_cls.h>
-
-#define RSVP_DST_LEN 1
-#define RSVP_ID "rsvp"
-#define RSVP_OPS cls_rsvp_ops
-
-#include "cls_rsvp.h"
-MODULE_LICENSE("GPL");
--- a/net/sched/cls_rsvp.h
+++ /dev/null
@@ -1,777 +0,0 @@
-/* SPDX-License-Identifier: GPL-2.0-or-later */
-/*
- * net/sched/cls_rsvp.h Template file for RSVPv[46] classifiers.
- *
- * Authors: Alexey Kuznetsov, <kuznet@ms2.inr.ac.ru>
- */
-
-/*
- Comparing to general packet classification problem,
- RSVP needs only sevaral relatively simple rules:
-
- * (dst, protocol) are always specified,
- so that we are able to hash them.
- * src may be exact, or may be wildcard, so that
- we can keep a hash table plus one wildcard entry.
- * source port (or flow label) is important only if src is given.
-
- IMPLEMENTATION.
-
- We use a two level hash table: The top level is keyed by
- destination address and protocol ID, every bucket contains a list
- of "rsvp sessions", identified by destination address, protocol and
- DPI(="Destination Port ID"): triple (key, mask, offset).
-
- Every bucket has a smaller hash table keyed by source address
- (cf. RSVP flowspec) and one wildcard entry for wildcard reservations.
- Every bucket is again a list of "RSVP flows", selected by
- source address and SPI(="Source Port ID" here rather than
- "security parameter index"): triple (key, mask, offset).
-
-
- NOTE 1. All the packets with IPv6 extension headers (but AH and ESP)
- and all fragmented packets go to the best-effort traffic class.
-
-
- NOTE 2. Two "port id"'s seems to be redundant, rfc2207 requires
- only one "Generalized Port Identifier". So that for classic
- ah, esp (and udp,tcp) both *pi should coincide or one of them
- should be wildcard.
-
- At first sight, this redundancy is just a waste of CPU
- resources. But DPI and SPI add the possibility to assign different
- priorities to GPIs. Look also at note 4 about tunnels below.
-
-
- NOTE 3. One complication is the case of tunneled packets.
- We implement it as following: if the first lookup
- matches a special session with "tunnelhdr" value not zero,
- flowid doesn't contain the true flow ID, but the tunnel ID (1...255).
- In this case, we pull tunnelhdr bytes and restart lookup
- with tunnel ID added to the list of keys. Simple and stupid 8)8)
- It's enough for PIMREG and IPIP.
-
-
- NOTE 4. Two GPIs make it possible to parse even GRE packets.
- F.e. DPI can select ETH_P_IP (and necessary flags to make
- tunnelhdr correct) in GRE protocol field and SPI matches
- GRE key. Is it not nice? 8)8)
-
-
- Well, as result, despite its simplicity, we get a pretty
- powerful classification engine. */
-
-
-struct rsvp_head {
- u32 tmap[256/32];
- u32 hgenerator;
- u8 tgenerator;
- struct rsvp_session __rcu *ht[256];
- struct rcu_head rcu;
-};
-
-struct rsvp_session {
- struct rsvp_session __rcu *next;
- __be32 dst[RSVP_DST_LEN];
- struct tc_rsvp_gpi dpi;
- u8 protocol;
- u8 tunnelid;
- /* 16 (src,sport) hash slots, and one wildcard source slot */
- struct rsvp_filter __rcu *ht[16 + 1];
- struct rcu_head rcu;
-};
-
-
-struct rsvp_filter {
- struct rsvp_filter __rcu *next;
- __be32 src[RSVP_DST_LEN];
- struct tc_rsvp_gpi spi;
- u8 tunnelhdr;
-
- struct tcf_result res;
- struct tcf_exts exts;
-
- u32 handle;
- struct rsvp_session *sess;
- struct rcu_work rwork;
-};
-
-static inline unsigned int hash_dst(__be32 *dst, u8 protocol, u8 tunnelid)
-{
- unsigned int h = (__force __u32)dst[RSVP_DST_LEN - 1];
-
- h ^= h>>16;
- h ^= h>>8;
- return (h ^ protocol ^ tunnelid) & 0xFF;
-}
-
-static inline unsigned int hash_src(__be32 *src)
-{
- unsigned int h = (__force __u32)src[RSVP_DST_LEN-1];
-
- h ^= h>>16;
- h ^= h>>8;
- h ^= h>>4;
- return h & 0xF;
-}
-
-#define RSVP_APPLY_RESULT() \
-{ \
- int r = tcf_exts_exec(skb, &f->exts, res); \
- if (r < 0) \
- continue; \
- else if (r > 0) \
- return r; \
-}
-
-static int rsvp_classify(struct sk_buff *skb, const struct tcf_proto *tp,
- struct tcf_result *res)
-{
- struct rsvp_head *head = rcu_dereference_bh(tp->root);
- struct rsvp_session *s;
- struct rsvp_filter *f;
- unsigned int h1, h2;
- __be32 *dst, *src;
- u8 protocol;
- u8 tunnelid = 0;
- u8 *xprt;
-#if RSVP_DST_LEN == 4
- struct ipv6hdr *nhptr;
-
- if (!pskb_network_may_pull(skb, sizeof(*nhptr)))
- return -1;
- nhptr = ipv6_hdr(skb);
-#else
- struct iphdr *nhptr;
-
- if (!pskb_network_may_pull(skb, sizeof(*nhptr)))
- return -1;
- nhptr = ip_hdr(skb);
-#endif
-restart:
-
-#if RSVP_DST_LEN == 4
- src = &nhptr->saddr.s6_addr32[0];
- dst = &nhptr->daddr.s6_addr32[0];
- protocol = nhptr->nexthdr;
- xprt = ((u8 *)nhptr) + sizeof(struct ipv6hdr);
-#else
- src = &nhptr->saddr;
- dst = &nhptr->daddr;
- protocol = nhptr->protocol;
- xprt = ((u8 *)nhptr) + (nhptr->ihl<<2);
- if (ip_is_fragment(nhptr))
- return -1;
-#endif
-
- h1 = hash_dst(dst, protocol, tunnelid);
- h2 = hash_src(src);
-
- for (s = rcu_dereference_bh(head->ht[h1]); s;
- s = rcu_dereference_bh(s->next)) {
- if (dst[RSVP_DST_LEN-1] == s->dst[RSVP_DST_LEN - 1] &&
- protocol == s->protocol &&
- !(s->dpi.mask &
- (*(u32 *)(xprt + s->dpi.offset) ^ s->dpi.key)) &&
-#if RSVP_DST_LEN == 4
- dst[0] == s->dst[0] &&
- dst[1] == s->dst[1] &&
- dst[2] == s->dst[2] &&
-#endif
- tunnelid == s->tunnelid) {
-
- for (f = rcu_dereference_bh(s->ht[h2]); f;
- f = rcu_dereference_bh(f->next)) {
- if (src[RSVP_DST_LEN-1] == f->src[RSVP_DST_LEN - 1] &&
- !(f->spi.mask & (*(u32 *)(xprt + f->spi.offset) ^ f->spi.key))
-#if RSVP_DST_LEN == 4
- &&
- src[0] == f->src[0] &&
- src[1] == f->src[1] &&
- src[2] == f->src[2]
-#endif
- ) {
- *res = f->res;
- RSVP_APPLY_RESULT();
-
-matched:
- if (f->tunnelhdr == 0)
- return 0;
-
- tunnelid = f->res.classid;
- nhptr = (void *)(xprt + f->tunnelhdr - sizeof(*nhptr));
- goto restart;
- }
- }
-
- /* And wildcard bucket... */
- for (f = rcu_dereference_bh(s->ht[16]); f;
- f = rcu_dereference_bh(f->next)) {
- *res = f->res;
- RSVP_APPLY_RESULT();
- goto matched;
- }
- return -1;
- }
- }
- return -1;
-}
-
-static void rsvp_replace(struct tcf_proto *tp, struct rsvp_filter *n, u32 h)
-{
- struct rsvp_head *head = rtnl_dereference(tp->root);
- struct rsvp_session *s;
- struct rsvp_filter __rcu **ins;
- struct rsvp_filter *pins;
- unsigned int h1 = h & 0xFF;
- unsigned int h2 = (h >> 8) & 0xFF;
-
- for (s = rtnl_dereference(head->ht[h1]); s;
- s = rtnl_dereference(s->next)) {
- for (ins = &s->ht[h2], pins = rtnl_dereference(*ins); ;
- ins = &pins->next, pins = rtnl_dereference(*ins)) {
- if (pins->handle == h) {
- RCU_INIT_POINTER(n->next, pins->next);
- rcu_assign_pointer(*ins, n);
- return;
- }
- }
- }
-
- /* Something went wrong if we are trying to replace a non-existant
- * node. Mind as well halt instead of silently failing.
- */
- BUG_ON(1);
-}
-
-static void *rsvp_get(struct tcf_proto *tp, u32 handle)
-{
- struct rsvp_head *head = rtnl_dereference(tp->root);
- struct rsvp_session *s;
- struct rsvp_filter *f;
- unsigned int h1 = handle & 0xFF;
- unsigned int h2 = (handle >> 8) & 0xFF;
-
- if (h2 > 16)
- return NULL;
-
- for (s = rtnl_dereference(head->ht[h1]); s;
- s = rtnl_dereference(s->next)) {
- for (f = rtnl_dereference(s->ht[h2]); f;
- f = rtnl_dereference(f->next)) {
- if (f->handle == handle)
- return f;
- }
- }
- return NULL;
-}
-
-static int rsvp_init(struct tcf_proto *tp)
-{
- struct rsvp_head *data;
-
- data = kzalloc(sizeof(struct rsvp_head), GFP_KERNEL);
- if (data) {
- rcu_assign_pointer(tp->root, data);
- return 0;
- }
- return -ENOBUFS;
-}
-
-static void __rsvp_delete_filter(struct rsvp_filter *f)
-{
- tcf_exts_destroy(&f->exts);
- tcf_exts_put_net(&f->exts);
- kfree(f);
-}
-
-static void rsvp_delete_filter_work(struct work_struct *work)
-{
- struct rsvp_filter *f = container_of(to_rcu_work(work),
- struct rsvp_filter,
- rwork);
- rtnl_lock();
- __rsvp_delete_filter(f);
- rtnl_unlock();
-}
-
-static void rsvp_delete_filter(struct tcf_proto *tp, struct rsvp_filter *f)
-{
- tcf_unbind_filter(tp, &f->res);
- /* all classifiers are required to call tcf_exts_destroy() after rcu
- * grace period, since converted-to-rcu actions are relying on that
- * in cleanup() callback
- */
- if (tcf_exts_get_net(&f->exts))
- tcf_queue_work(&f->rwork, rsvp_delete_filter_work);
- else
- __rsvp_delete_filter(f);
-}
-
-static void rsvp_destroy(struct tcf_proto *tp, bool rtnl_held,
- struct netlink_ext_ack *extack)
-{
- struct rsvp_head *data = rtnl_dereference(tp->root);
- int h1, h2;
-
- if (data == NULL)
- return;
-
- for (h1 = 0; h1 < 256; h1++) {
- struct rsvp_session *s;
-
- while ((s = rtnl_dereference(data->ht[h1])) != NULL) {
- RCU_INIT_POINTER(data->ht[h1], s->next);
-
- for (h2 = 0; h2 <= 16; h2++) {
- struct rsvp_filter *f;
-
- while ((f = rtnl_dereference(s->ht[h2])) != NULL) {
- rcu_assign_pointer(s->ht[h2], f->next);
- rsvp_delete_filter(tp, f);
- }
- }
- kfree_rcu(s, rcu);
- }
- }
- kfree_rcu(data, rcu);
-}
-
-static int rsvp_delete(struct tcf_proto *tp, void *arg, bool *last,
- bool rtnl_held, struct netlink_ext_ack *extack)
-{
- struct rsvp_head *head = rtnl_dereference(tp->root);
- struct rsvp_filter *nfp, *f = arg;
- struct rsvp_filter __rcu **fp;
- unsigned int h = f->handle;
- struct rsvp_session __rcu **sp;
- struct rsvp_session *nsp, *s = f->sess;
- int i, h1;
-
- fp = &s->ht[(h >> 8) & 0xFF];
- for (nfp = rtnl_dereference(*fp); nfp;
- fp = &nfp->next, nfp = rtnl_dereference(*fp)) {
- if (nfp == f) {
- RCU_INIT_POINTER(*fp, f->next);
- rsvp_delete_filter(tp, f);
-
- /* Strip tree */
-
- for (i = 0; i <= 16; i++)
- if (s->ht[i])
- goto out;
-
- /* OK, session has no flows */
- sp = &head->ht[h & 0xFF];
- for (nsp = rtnl_dereference(*sp); nsp;
- sp = &nsp->next, nsp = rtnl_dereference(*sp)) {
- if (nsp == s) {
- RCU_INIT_POINTER(*sp, s->next);
- kfree_rcu(s, rcu);
- goto out;
- }
- }
-
- break;
- }
- }
-
-out:
- *last = true;
- for (h1 = 0; h1 < 256; h1++) {
- if (rcu_access_pointer(head->ht[h1])) {
- *last = false;
- break;
- }
- }
-
- return 0;
-}
-
-static unsigned int gen_handle(struct tcf_proto *tp, unsigned salt)
-{
- struct rsvp_head *data = rtnl_dereference(tp->root);
- int i = 0xFFFF;
-
- while (i-- > 0) {
- u32 h;
-
- if ((data->hgenerator += 0x10000) == 0)
- data->hgenerator = 0x10000;
- h = data->hgenerator|salt;
- if (!rsvp_get(tp, h))
- return h;
- }
- return 0;
-}
-
-static int tunnel_bts(struct rsvp_head *data)
-{
- int n = data->tgenerator >> 5;
- u32 b = 1 << (data->tgenerator & 0x1F);
-
- if (data->tmap[n] & b)
- return 0;
- data->tmap[n] |= b;
- return 1;
-}
-
-static void tunnel_recycle(struct rsvp_head *data)
-{
- struct rsvp_session __rcu **sht = data->ht;
- u32 tmap[256/32];
- int h1, h2;
-
- memset(tmap, 0, sizeof(tmap));
-
- for (h1 = 0; h1 < 256; h1++) {
- struct rsvp_session *s;
- for (s = rtnl_dereference(sht[h1]); s;
- s = rtnl_dereference(s->next)) {
- for (h2 = 0; h2 <= 16; h2++) {
- struct rsvp_filter *f;
-
- for (f = rtnl_dereference(s->ht[h2]); f;
- f = rtnl_dereference(f->next)) {
- if (f->tunnelhdr == 0)
- continue;
- data->tgenerator = f->res.classid;
- tunnel_bts(data);
- }
- }
- }
- }
-
- memcpy(data->tmap, tmap, sizeof(tmap));
-}
-
-static u32 gen_tunnel(struct rsvp_head *data)
-{
- int i, k;
-
- for (k = 0; k < 2; k++) {
- for (i = 255; i > 0; i--) {
- if (++data->tgenerator == 0)
- data->tgenerator = 1;
- if (tunnel_bts(data))
- return data->tgenerator;
- }
- tunnel_recycle(data);
- }
- return 0;
-}
-
-static const struct nla_policy rsvp_policy[TCA_RSVP_MAX + 1] = {
- [TCA_RSVP_CLASSID] = { .type = NLA_U32 },
- [TCA_RSVP_DST] = { .len = RSVP_DST_LEN * sizeof(u32) },
- [TCA_RSVP_SRC] = { .len = RSVP_DST_LEN * sizeof(u32) },
- [TCA_RSVP_PINFO] = { .len = sizeof(struct tc_rsvp_pinfo) },
-};
-
-static int rsvp_change(struct net *net, struct sk_buff *in_skb,
- struct tcf_proto *tp, unsigned long base,
- u32 handle,
- struct nlattr **tca,
- void **arg, bool ovr, bool rtnl_held,
- struct netlink_ext_ack *extack)
-{
- struct rsvp_head *data = rtnl_dereference(tp->root);
- struct rsvp_filter *f, *nfp;
- struct rsvp_filter __rcu **fp;
- struct rsvp_session *nsp, *s;
- struct rsvp_session __rcu **sp;
- struct tc_rsvp_pinfo *pinfo = NULL;
- struct nlattr *opt = tca[TCA_OPTIONS];
- struct nlattr *tb[TCA_RSVP_MAX + 1];
- struct tcf_exts e;
- unsigned int h1, h2;
- __be32 *dst;
- int err;
-
- if (opt == NULL)
- return handle ? -EINVAL : 0;
-
- err = nla_parse_nested_deprecated(tb, TCA_RSVP_MAX, opt, rsvp_policy,
- NULL);
- if (err < 0)
- return err;
-
- err = tcf_exts_init(&e, net, TCA_RSVP_ACT, TCA_RSVP_POLICE);
- if (err < 0)
- return err;
- err = tcf_exts_validate(net, tp, tb, tca[TCA_RATE], &e, ovr, true,
- extack);
- if (err < 0)
- goto errout2;
-
- f = *arg;
- if (f) {
- /* Node exists: adjust only classid */
- struct rsvp_filter *n;
-
- if (f->handle != handle && handle)
- goto errout2;
-
- n = kmemdup(f, sizeof(*f), GFP_KERNEL);
- if (!n) {
- err = -ENOMEM;
- goto errout2;
- }
-
- err = tcf_exts_init(&n->exts, net, TCA_RSVP_ACT,
- TCA_RSVP_POLICE);
- if (err < 0) {
- kfree(n);
- goto errout2;
- }
-
- if (tb[TCA_RSVP_CLASSID]) {
- n->res.classid = nla_get_u32(tb[TCA_RSVP_CLASSID]);
- tcf_bind_filter(tp, &n->res, base);
- }
-
- tcf_exts_change(&n->exts, &e);
- rsvp_replace(tp, n, handle);
- return 0;
- }
-
- /* Now more serious part... */
- err = -EINVAL;
- if (handle)
- goto errout2;
- if (tb[TCA_RSVP_DST] == NULL)
- goto errout2;
-
- err = -ENOBUFS;
- f = kzalloc(sizeof(struct rsvp_filter), GFP_KERNEL);
- if (f == NULL)
- goto errout2;
-
- err = tcf_exts_init(&f->exts, net, TCA_RSVP_ACT, TCA_RSVP_POLICE);
- if (err < 0)
- goto errout;
- h2 = 16;
- if (tb[TCA_RSVP_SRC]) {
- memcpy(f->src, nla_data(tb[TCA_RSVP_SRC]), sizeof(f->src));
- h2 = hash_src(f->src);
- }
- if (tb[TCA_RSVP_PINFO]) {
- pinfo = nla_data(tb[TCA_RSVP_PINFO]);
- f->spi = pinfo->spi;
- f->tunnelhdr = pinfo->tunnelhdr;
- }
- if (tb[TCA_RSVP_CLASSID])
- f->res.classid = nla_get_u32(tb[TCA_RSVP_CLASSID]);
-
- dst = nla_data(tb[TCA_RSVP_DST]);
- h1 = hash_dst(dst, pinfo ? pinfo->protocol : 0, pinfo ? pinfo->tunnelid : 0);
-
- err = -ENOMEM;
- if ((f->handle = gen_handle(tp, h1 | (h2<<8))) == 0)
- goto errout;
-
- if (f->tunnelhdr) {
- err = -EINVAL;
- if (f->res.classid > 255)
- goto errout;
-
- err = -ENOMEM;
- if (f->res.classid == 0 &&
- (f->res.classid = gen_tunnel(data)) == 0)
- goto errout;
- }
-
- for (sp = &data->ht[h1];
- (s = rtnl_dereference(*sp)) != NULL;
- sp = &s->next) {
- if (dst[RSVP_DST_LEN-1] == s->dst[RSVP_DST_LEN-1] &&
- pinfo && pinfo->protocol == s->protocol &&
- memcmp(&pinfo->dpi, &s->dpi, sizeof(s->dpi)) == 0 &&
-#if RSVP_DST_LEN == 4
- dst[0] == s->dst[0] &&
- dst[1] == s->dst[1] &&
- dst[2] == s->dst[2] &&
-#endif
- pinfo->tunnelid == s->tunnelid) {
-
-insert:
- /* OK, we found appropriate session */
-
- fp = &s->ht[h2];
-
- f->sess = s;
- if (f->tunnelhdr == 0)
- tcf_bind_filter(tp, &f->res, base);
-
- tcf_exts_change(&f->exts, &e);
-
- fp = &s->ht[h2];
- for (nfp = rtnl_dereference(*fp); nfp;
- fp = &nfp->next, nfp = rtnl_dereference(*fp)) {
- __u32 mask = nfp->spi.mask & f->spi.mask;
-
- if (mask != f->spi.mask)
- break;
- }
- RCU_INIT_POINTER(f->next, nfp);
- rcu_assign_pointer(*fp, f);
-
- *arg = f;
- return 0;
- }
- }
-
- /* No session found. Create new one. */
-
- err = -ENOBUFS;
- s = kzalloc(sizeof(struct rsvp_session), GFP_KERNEL);
- if (s == NULL)
- goto errout;
- memcpy(s->dst, dst, sizeof(s->dst));
-
- if (pinfo) {
- s->dpi = pinfo->dpi;
- s->protocol = pinfo->protocol;
- s->tunnelid = pinfo->tunnelid;
- }
- sp = &data->ht[h1];
- for (nsp = rtnl_dereference(*sp); nsp;
- sp = &nsp->next, nsp = rtnl_dereference(*sp)) {
- if ((nsp->dpi.mask & s->dpi.mask) != s->dpi.mask)
- break;
- }
- RCU_INIT_POINTER(s->next, nsp);
- rcu_assign_pointer(*sp, s);
-
- goto insert;
-
-errout:
- tcf_exts_destroy(&f->exts);
- kfree(f);
-errout2:
- tcf_exts_destroy(&e);
- return err;
-}
-
-static void rsvp_walk(struct tcf_proto *tp, struct tcf_walker *arg,
- bool rtnl_held)
-{
- struct rsvp_head *head = rtnl_dereference(tp->root);
- unsigned int h, h1;
-
- if (arg->stop)
- return;
-
- for (h = 0; h < 256; h++) {
- struct rsvp_session *s;
-
- for (s = rtnl_dereference(head->ht[h]); s;
- s = rtnl_dereference(s->next)) {
- for (h1 = 0; h1 <= 16; h1++) {
- struct rsvp_filter *f;
-
- for (f = rtnl_dereference(s->ht[h1]); f;
- f = rtnl_dereference(f->next)) {
- if (arg->count < arg->skip) {
- arg->count++;
- continue;
- }
- if (arg->fn(tp, f, arg) < 0) {
- arg->stop = 1;
- return;
- }
- arg->count++;
- }
- }
- }
- }
-}
-
-static int rsvp_dump(struct net *net, struct tcf_proto *tp, void *fh,
- struct sk_buff *skb, struct tcmsg *t, bool rtnl_held)
-{
- struct rsvp_filter *f = fh;
- struct rsvp_session *s;
- struct nlattr *nest;
- struct tc_rsvp_pinfo pinfo;
-
- if (f == NULL)
- return skb->len;
- s = f->sess;
-
- t->tcm_handle = f->handle;
-
- nest = nla_nest_start_noflag(skb, TCA_OPTIONS);
- if (nest == NULL)
- goto nla_put_failure;
-
- if (nla_put(skb, TCA_RSVP_DST, sizeof(s->dst), &s->dst))
- goto nla_put_failure;
- pinfo.dpi = s->dpi;
- pinfo.spi = f->spi;
- pinfo.protocol = s->protocol;
- pinfo.tunnelid = s->tunnelid;
- pinfo.tunnelhdr = f->tunnelhdr;
- pinfo.pad = 0;
- if (nla_put(skb, TCA_RSVP_PINFO, sizeof(pinfo), &pinfo))
- goto nla_put_failure;
- if (f->res.classid &&
- nla_put_u32(skb, TCA_RSVP_CLASSID, f->res.classid))
- goto nla_put_failure;
- if (((f->handle >> 8) & 0xFF) != 16 &&
- nla_put(skb, TCA_RSVP_SRC, sizeof(f->src), f->src))
- goto nla_put_failure;
-
- if (tcf_exts_dump(skb, &f->exts) < 0)
- goto nla_put_failure;
-
- nla_nest_end(skb, nest);
-
- if (tcf_exts_dump_stats(skb, &f->exts) < 0)
- goto nla_put_failure;
- return skb->len;
-
-nla_put_failure:
- nla_nest_cancel(skb, nest);
- return -1;
-}
-
-static void rsvp_bind_class(void *fh, u32 classid, unsigned long cl, void *q,
- unsigned long base)
-{
- struct rsvp_filter *f = fh;
-
- if (f && f->res.classid == classid) {
- if (cl)
- __tcf_bind_filter(q, &f->res, base);
- else
- __tcf_unbind_filter(q, &f->res);
- }
-}
-
-static struct tcf_proto_ops RSVP_OPS __read_mostly = {
- .kind = RSVP_ID,
- .classify = rsvp_classify,
- .init = rsvp_init,
- .destroy = rsvp_destroy,
- .get = rsvp_get,
- .change = rsvp_change,
- .delete = rsvp_delete,
- .walk = rsvp_walk,
- .dump = rsvp_dump,
- .bind_class = rsvp_bind_class,
- .owner = THIS_MODULE,
-};
-
-static int __init init_rsvp(void)
-{
- return register_tcf_proto_ops(&RSVP_OPS);
-}
-
-static void __exit exit_rsvp(void)
-{
- unregister_tcf_proto_ops(&RSVP_OPS);
-}
-
-module_init(init_rsvp)
-module_exit(exit_rsvp)
--- a/net/sched/cls_rsvp6.c
+++ /dev/null
@@ -1,24 +0,0 @@
-// SPDX-License-Identifier: GPL-2.0-or-later
-/*
- * net/sched/cls_rsvp6.c Special RSVP packet classifier for IPv6.
- *
- * Authors: Alexey Kuznetsov, <kuznet@ms2.inr.ac.ru>
- */
-
-#include <linux/module.h>
-#include <linux/types.h>
-#include <linux/kernel.h>
-#include <linux/string.h>
-#include <linux/errno.h>
-#include <linux/ipv6.h>
-#include <linux/skbuff.h>
-#include <net/act_api.h>
-#include <net/pkt_cls.h>
-#include <net/netlink.h>
-
-#define RSVP_DST_LEN 4
-#define RSVP_ID "rsvp6"
-#define RSVP_OPS cls_rsvp6_ops
-
-#include "cls_rsvp.h"
-MODULE_LICENSE("GPL");
^ permalink raw reply [flat|nested] 396+ messages in thread
* Re: [PATCH 5.4 326/367] libbpf: Free btf_vmlinux when closing bpf_object
2023-09-20 11:31 ` [PATCH 5.4 326/367] libbpf: Free btf_vmlinux when closing bpf_object Greg Kroah-Hartman
@ 2023-09-20 13:28 ` Harshit Mogalapalli
2023-09-23 8:25 ` Greg Kroah-Hartman
0 siblings, 1 reply; 396+ messages in thread
From: Harshit Mogalapalli @ 2023-09-20 13:28 UTC (permalink / raw)
To: Greg Kroah-Hartman, stable, Sasha Levin
Cc: patches, Hao Luo, Andrii Nakryiko, Vegard Nossum, Darren Kenny
Hi Greg,
On 20/09/23 5:01 pm, Greg Kroah-Hartman wrote:
> 5.4-stable review patch. If anyone has any objections, please let me know.
>
> ------------------
>
> From: Hao Luo <haoluo@google.com>
>
> [ Upstream commit 29d67fdebc42af6466d1909c60fdd1ef4f3e5240 ]
>
> I hit a memory leak when testing bpf_program__set_attach_target().
> Basically, set_attach_target() may allocate btf_vmlinux, for example,
> when setting attach target for bpf_iter programs. But btf_vmlinux
> is freed only in bpf_object_load(), which means if we only open
> bpf object but not load it, setting attach target may leak
> btf_vmlinux.
>
> So let's free btf_vmlinux in bpf_object__close() anyway.
>
> Signed-off-by: Hao Luo <haoluo@google.com>
> Signed-off-by: Andrii Nakryiko <andrii@kernel.org>
> Link: https://lore.kernel.org/bpf/20230822193840.1509809-1-haoluo@google.com
> Signed-off-by: Sasha Levin <sashal@kernel.org>
> ---
> tools/lib/bpf/libbpf.c | 1 +
> 1 file changed, 1 insertion(+)
>
> diff --git a/tools/lib/bpf/libbpf.c b/tools/lib/bpf/libbpf.c
> index b8849812449c3..343018632d2d1 100644
> --- a/tools/lib/bpf/libbpf.c
> +++ b/tools/lib/bpf/libbpf.c
> @@ -4202,6 +4202,7 @@ void bpf_object__close(struct bpf_object *obj)
> bpf_object__elf_finish(obj);
> bpf_object__unload(obj);
> btf__free(obj->btf);
> + btf__free(obj->btf_vmlinux);
This patch introduces a build failure.
libbpf.c: In function 'bpf_object__close':
libbpf.c:4205:22: error: 'struct bpf_object' has no member named
'btf_vmlinux'
4205 | btf__free(obj->btf_vmlinux);
| ^~
This struct member "btf_vmlinux" is added in commit a6ed02cac690
("libbpf: Load btf_vmlinux only once per object.") which is not in 5.4.y
So I think we should drop this patch.
Thanks,
Harshit
> btf_ext__free(obj->btf_ext);
>
> for (i = 0; i < obj->nr_maps; i++) {
^ permalink raw reply [flat|nested] 396+ messages in thread
* Re: [PATCH 5.4 000/367] 5.4.257-rc1 review
2023-09-20 11:26 [PATCH 5.4 000/367] 5.4.257-rc1 review Greg Kroah-Hartman
` (366 preceding siblings ...)
2023-09-20 11:32 ` [PATCH 5.4 367/367] net/sched: Retire rsvp classifier Greg Kroah-Hartman
@ 2023-09-20 17:21 ` Florian Fainelli
2023-09-21 12:20 ` Guenter Roeck
2023-09-20 21:37 ` Shuah Khan
` (4 subsequent siblings)
372 siblings, 1 reply; 396+ messages in thread
From: Florian Fainelli @ 2023-09-20 17:21 UTC (permalink / raw)
To: Greg Kroah-Hartman, stable
Cc: patches, linux-kernel, torvalds, akpm, linux, shuah, patches,
lkft-triage, pavel, jonathanh, sudipm.mukherjee, srw, rwarsow,
conor
On 9/20/23 04:26, Greg Kroah-Hartman wrote:
> This is the start of the stable review cycle for the 5.4.257 release.
> There are 367 patches in this series, all will be posted as a response
> to this one. If anyone has any issues with these being applied, please
> let me know.
>
> Responses should be made by Fri, 22 Sep 2023 11:28:09 +0000.
> Anything received after that time might be too late.
>
> The whole patch series can be found in one patch at:
> https://www.kernel.org/pub/linux/kernel/v5.x/stable-review/patch-5.4.257-rc1.gz
> or in the git tree and branch at:
> git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-5.4.y
> and the diffstat can be found below.
>
> thanks,
>
> greg k-h
perf does not build with:
libbpf.c: In function 'bpf_object__close':
libbpf.c:4205:15: error: 'struct bpf_object' has no member named
'btf_vmlinux'
btf__free(obj->btf_vmlinux);
^~
due to 34d66b750e83d49c7d3d33d59e6a1b49e0d5db15 ("libbpf: Free
btf_vmlinux when closing bpf_object")
the btf_vmlinux member was introduced with
a6ed02cac690b635dbb938690e795812ce1e14ca ("libbpf: Load btf_vmlinux only
once per object.") which is only in >= 5.6.
Suggset we drop that commit.
--
Florian
^ permalink raw reply [flat|nested] 396+ messages in thread
* Re: [PATCH 5.4 000/367] 5.4.257-rc1 review
2023-09-20 11:26 [PATCH 5.4 000/367] 5.4.257-rc1 review Greg Kroah-Hartman
` (367 preceding siblings ...)
2023-09-20 17:21 ` [PATCH 5.4 000/367] 5.4.257-rc1 review Florian Fainelli
@ 2023-09-20 21:37 ` Shuah Khan
2023-09-21 12:08 ` Naresh Kamboju
` (3 subsequent siblings)
372 siblings, 0 replies; 396+ messages in thread
From: Shuah Khan @ 2023-09-20 21:37 UTC (permalink / raw)
To: Greg Kroah-Hartman, stable
Cc: patches, linux-kernel, torvalds, akpm, linux, shuah, patches,
lkft-triage, pavel, jonathanh, f.fainelli, sudipm.mukherjee, srw,
rwarsow, conor, Shuah Khan
On 9/20/23 05:26, Greg Kroah-Hartman wrote:
> This is the start of the stable review cycle for the 5.4.257 release.
> There are 367 patches in this series, all will be posted as a response
> to this one. If anyone has any issues with these being applied, please
> let me know.
>
> Responses should be made by Fri, 22 Sep 2023 11:28:09 +0000.
> Anything received after that time might be too late.
>
> The whole patch series can be found in one patch at:
> https://www.kernel.org/pub/linux/kernel/v5.x/stable-review/patch-5.4.257-rc1.gz
> or in the git tree and branch at:
> git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-5.4.y
> and the diffstat can be found below.
>
> thanks,
>
> greg k-h
>
Compiled and booted on my test system. No dmesg regressions.
Tested-by: Shuah Khan <skhan@linuxfoundation.org>
thanks,
-- Shuah
^ permalink raw reply [flat|nested] 396+ messages in thread
* Re: [PATCH 5.4 296/367] clk: imx: pll14xx: dynamically configure PLL for 393216000/361267200Hz
2023-09-20 11:31 ` [PATCH 5.4 296/367] clk: imx: pll14xx: dynamically configure PLL for 393216000/361267200Hz Greg Kroah-Hartman
@ 2023-09-21 7:03 ` Ahmad Fatoum
2023-09-23 8:28 ` Greg Kroah-Hartman
0 siblings, 1 reply; 396+ messages in thread
From: Ahmad Fatoum @ 2023-09-21 7:03 UTC (permalink / raw)
To: Greg Kroah-Hartman, stable
Cc: patches, Marco Felsch, Abel Vesa, Sasha Levin, Pengutronix Kernel Team
On 20.09.23 13:31, Greg Kroah-Hartman wrote:
> 5.4-stable review patch. If anyone has any objections, please let me know.
[snip]
> Cc: stable@vger.kernel.org # v5.18+
Objection: This fix is only applicable starting with v5.18, as before
commit b09c68dc57c9 ("clk: imx: pll14xx: Support dynamic rates"), there
was no dynamic rate calculation that would substitute the hardcoded
parameters removed by my patch.
Cheers,
Ahmad
> Signed-off-by: Ahmad Fatoum <a.fatoum@pengutronix.de>
> Signed-off-by: Marco Felsch <m.felsch@pengutronix.de>
> Link: https://lore.kernel.org/r/20230807084744.1184791-2-m.felsch@pengutronix.de
> Signed-off-by: Abel Vesa <abel.vesa@linaro.org>
> Signed-off-by: Sasha Levin <sashal@kernel.org>
> ---
> drivers/clk/imx/clk-pll14xx.c | 2 --
> 1 file changed, 2 deletions(-)
>
> diff --git a/drivers/clk/imx/clk-pll14xx.c b/drivers/clk/imx/clk-pll14xx.c
> index e7bf6babc28b4..0dbe8c05af478 100644
> --- a/drivers/clk/imx/clk-pll14xx.c
> +++ b/drivers/clk/imx/clk-pll14xx.c
> @@ -57,8 +57,6 @@ static const struct imx_pll14xx_rate_table imx_pll1443x_tbl[] = {
> PLL_1443X_RATE(650000000U, 325, 3, 2, 0),
> PLL_1443X_RATE(594000000U, 198, 2, 2, 0),
> PLL_1443X_RATE(519750000U, 173, 2, 2, 16384),
> - PLL_1443X_RATE(393216000U, 262, 2, 3, 9437),
> - PLL_1443X_RATE(361267200U, 361, 3, 3, 17511),
> };
>
> struct imx_pll14xx_clk imx_1443x_pll = {
--
Pengutronix e.K. | |
Steuerwalder Str. 21 | http://www.pengutronix.de/ |
31137 Hildesheim, Germany | Phone: +49-5121-206917-0 |
Amtsgericht Hildesheim, HRA 2686 | Fax: +49-5121-206917-5555 |
^ permalink raw reply [flat|nested] 396+ messages in thread
* Re: [PATCH 5.4 000/367] 5.4.257-rc1 review
2023-09-20 11:26 [PATCH 5.4 000/367] 5.4.257-rc1 review Greg Kroah-Hartman
@ 2023-09-21 12:08 ` Naresh Kamboju
2023-09-20 11:26 ` [PATCH 5.4 002/367] ARM: pxa: remove use of symbol_get() Greg Kroah-Hartman
` (371 subsequent siblings)
372 siblings, 0 replies; 396+ messages in thread
From: Naresh Kamboju @ 2023-09-21 12:08 UTC (permalink / raw)
To: Greg Kroah-Hartman
Cc: stable, patches, linux-kernel, torvalds, akpm, linux, shuah,
patches, lkft-triage, pavel, jonathanh, f.fainelli,
sudipm.mukherjee, srw, rwarsow, conor, Sui Jingfeng,
Chun-Kuang Hu, dri-devel
On Wed, 20 Sept 2023 at 14:25, Greg Kroah-Hartman
<gregkh@linuxfoundation.org> wrote:
>
> This is the start of the stable review cycle for the 5.4.257 release.
> There are 367 patches in this series, all will be posted as a response
> to this one. If anyone has any issues with these being applied, please
> let me know.
>
> Responses should be made by Fri, 22 Sep 2023 11:28:09 +0000.
> Anything received after that time might be too late.
>
> The whole patch series can be found in one patch at:
> https://www.kernel.org/pub/linux/kernel/v5.x/stable-review/patch-5.4.257-rc1.gz
> or in the git tree and branch at:
> git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-5.4.y
> and the diffstat can be found below.
>
> thanks,
>
> greg k-h
Following build warnings noticed while building arm64 with allmodconfig
on stable-rc 5.4 with gcc-8 and gcc-12 toolchains.
Reported-by: Linux Kernel Functional Testing <lkft@linaro.org>
drivers/gpu/drm/mediatek/mtk_drm_gem.c: In function 'mtk_drm_gem_prime_vmap':
drivers/gpu/drm/mediatek/mtk_drm_gem.c:273:10: warning: returning
'int' from a function with return type 'void *' makes pointer from
integer without a cast [-Wint-conversion]
return -ENOMEM;
^
Links:
- https://storage.tuxsuite.com/public/linaro/lkft/builds/2VfG47LmPH9MUEuIcMVftu6NsFy/
Following commit is causing this build warning.
drm/mediatek: Fix potential memory leak if vmap() fail
[ Upstream commit 379091e0f6d179d1a084c65de90fa44583b14a70 ]
--
Linaro LKFT
https://lkft.linaro.org
^ permalink raw reply [flat|nested] 396+ messages in thread
* Re: [PATCH 5.4 000/367] 5.4.257-rc1 review
@ 2023-09-21 12:08 ` Naresh Kamboju
0 siblings, 0 replies; 396+ messages in thread
From: Naresh Kamboju @ 2023-09-21 12:08 UTC (permalink / raw)
To: Greg Kroah-Hartman
Cc: Chun-Kuang Hu, f.fainelli, Sui Jingfeng, rwarsow, pavel, conor,
shuah, dri-devel, patches, stable, linux-kernel, lkft-triage,
srw, patches, akpm, jonathanh, torvalds, sudipm.mukherjee, linux
On Wed, 20 Sept 2023 at 14:25, Greg Kroah-Hartman
<gregkh@linuxfoundation.org> wrote:
>
> This is the start of the stable review cycle for the 5.4.257 release.
> There are 367 patches in this series, all will be posted as a response
> to this one. If anyone has any issues with these being applied, please
> let me know.
>
> Responses should be made by Fri, 22 Sep 2023 11:28:09 +0000.
> Anything received after that time might be too late.
>
> The whole patch series can be found in one patch at:
> https://www.kernel.org/pub/linux/kernel/v5.x/stable-review/patch-5.4.257-rc1.gz
> or in the git tree and branch at:
> git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-5.4.y
> and the diffstat can be found below.
>
> thanks,
>
> greg k-h
Following build warnings noticed while building arm64 with allmodconfig
on stable-rc 5.4 with gcc-8 and gcc-12 toolchains.
Reported-by: Linux Kernel Functional Testing <lkft@linaro.org>
drivers/gpu/drm/mediatek/mtk_drm_gem.c: In function 'mtk_drm_gem_prime_vmap':
drivers/gpu/drm/mediatek/mtk_drm_gem.c:273:10: warning: returning
'int' from a function with return type 'void *' makes pointer from
integer without a cast [-Wint-conversion]
return -ENOMEM;
^
Links:
- https://storage.tuxsuite.com/public/linaro/lkft/builds/2VfG47LmPH9MUEuIcMVftu6NsFy/
Following commit is causing this build warning.
drm/mediatek: Fix potential memory leak if vmap() fail
[ Upstream commit 379091e0f6d179d1a084c65de90fa44583b14a70 ]
--
Linaro LKFT
https://lkft.linaro.org
^ permalink raw reply [flat|nested] 396+ messages in thread
* Re: [PATCH 5.4 000/367] 5.4.257-rc1 review
2023-09-20 17:21 ` [PATCH 5.4 000/367] 5.4.257-rc1 review Florian Fainelli
@ 2023-09-21 12:20 ` Guenter Roeck
2023-09-23 8:26 ` Greg Kroah-Hartman
0 siblings, 1 reply; 396+ messages in thread
From: Guenter Roeck @ 2023-09-21 12:20 UTC (permalink / raw)
To: Florian Fainelli, Greg Kroah-Hartman, stable
Cc: patches, linux-kernel, torvalds, akpm, shuah, patches,
lkft-triage, pavel, jonathanh, sudipm.mukherjee, srw, rwarsow,
conor
On 9/20/23 10:21, Florian Fainelli wrote:
> On 9/20/23 04:26, Greg Kroah-Hartman wrote:
>> This is the start of the stable review cycle for the 5.4.257 release.
>> There are 367 patches in this series, all will be posted as a response
>> to this one. If anyone has any issues with these being applied, please
>> let me know.
>>
>> Responses should be made by Fri, 22 Sep 2023 11:28:09 +0000.
>> Anything received after that time might be too late.
>>
>> The whole patch series can be found in one patch at:
>> https://www.kernel.org/pub/linux/kernel/v5.x/stable-review/patch-5.4.257-rc1.gz
>> or in the git tree and branch at:
>> git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-5.4.y
>> and the diffstat can be found below.
>>
>> thanks,
>>
>> greg k-h
>
> perf does not build with:
>
> libbpf.c: In function 'bpf_object__close':
> libbpf.c:4205:15: error: 'struct bpf_object' has no member named 'btf_vmlinux'
> btf__free(obj->btf_vmlinux);
> ^~
>
> due to 34d66b750e83d49c7d3d33d59e6a1b49e0d5db15 ("libbpf: Free btf_vmlinux when closing bpf_object")
>
> the btf_vmlinux member was introduced with a6ed02cac690b635dbb938690e795812ce1e14ca ("libbpf: Load btf_vmlinux only once per object.") which is only in >= 5.6.
>
> Suggset we drop that commit.
This problem affects 5.4, 5.10, and 5.15.
Guenter
^ permalink raw reply [flat|nested] 396+ messages in thread
* Re: [PATCH 5.4 000/367] 5.4.257-rc1 review
2023-09-21 12:08 ` Naresh Kamboju
@ 2023-09-21 13:10 ` Sui Jingfeng
-1 siblings, 0 replies; 396+ messages in thread
From: Sui Jingfeng @ 2023-09-21 13:10 UTC (permalink / raw)
To: Naresh Kamboju, Greg Kroah-Hartman
Cc: stable, patches, linux-kernel, torvalds, akpm, linux, shuah,
patches, lkft-triage, pavel, jonathanh, f.fainelli,
sudipm.mukherjee, srw, rwarsow, conor, Chun-Kuang Hu, dri-devel
Hi,
On 2023/9/21 20:08, Naresh Kamboju wrote:
> On Wed, 20 Sept 2023 at 14:25, Greg Kroah-Hartman
> <gregkh@linuxfoundation.org> wrote:
>> This is the start of the stable review cycle for the 5.4.257 release.
>> There are 367 patches in this series, all will be posted as a response
>> to this one. If anyone has any issues with these being applied, please
>> let me know.
>>
>> Responses should be made by Fri, 22 Sep 2023 11:28:09 +0000.
>> Anything received after that time might be too late.
>>
>> The whole patch series can be found in one patch at:
>> https://www.kernel.org/pub/linux/kernel/v5.x/stable-review/patch-5.4.257-rc1.gz
>> or in the git tree and branch at:
>> git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-5.4.y
>> and the diffstat can be found below.
>>
>> thanks,
>>
>> greg k-h
> Following build warnings noticed while building arm64 with allmodconfig
> on stable-rc 5.4 with gcc-8 and gcc-12 toolchains.
>
> Reported-by: Linux Kernel Functional Testing <lkft@linaro.org>
>
> drivers/gpu/drm/mediatek/mtk_drm_gem.c: In function 'mtk_drm_gem_prime_vmap':
> drivers/gpu/drm/mediatek/mtk_drm_gem.c:273:10: warning: returning
> 'int' from a function with return type 'void *' makes pointer from
> integer without a cast [-Wint-conversion]
> return -ENOMEM;
> ^
Well, this is easy to solve.
For the Linux-5.4 kernel, we should use "return -ERR_PTR(-ENOMEM)" instead of "return -ENOMEM".
Since, newer version kernel prefer to return error code instead of error pointer.
See below commit for more information.
commit <7e542ff8b463> ("drm/mediatek: Use struct dma_buf_map in GEM
vmap ops")
commit <49a3f51dfeee> ("drm/gem: Use struct dma_buf_map in GEM vmap ops
and convert GEM backends")
> Links:
> - https://storage.tuxsuite.com/public/linaro/lkft/builds/2VfG47LmPH9MUEuIcMVftu6NsFy/
>
>
> Following commit is causing this build warning.
>
> drm/mediatek: Fix potential memory leak if vmap() fail
> [ Upstream commit 379091e0f6d179d1a084c65de90fa44583b14a70 ]
>
> --
> Linaro LKFT
> https://lkft.linaro.org
^ permalink raw reply [flat|nested] 396+ messages in thread
* Re: [PATCH 5.4 000/367] 5.4.257-rc1 review
@ 2023-09-21 13:10 ` Sui Jingfeng
0 siblings, 0 replies; 396+ messages in thread
From: Sui Jingfeng @ 2023-09-21 13:10 UTC (permalink / raw)
To: Naresh Kamboju, Greg Kroah-Hartman
Cc: Chun-Kuang Hu, f.fainelli, rwarsow, pavel, conor, shuah,
dri-devel, patches, stable, linux-kernel, lkft-triage, srw,
patches, akpm, jonathanh, torvalds, sudipm.mukherjee, linux
Hi,
On 2023/9/21 20:08, Naresh Kamboju wrote:
> On Wed, 20 Sept 2023 at 14:25, Greg Kroah-Hartman
> <gregkh@linuxfoundation.org> wrote:
>> This is the start of the stable review cycle for the 5.4.257 release.
>> There are 367 patches in this series, all will be posted as a response
>> to this one. If anyone has any issues with these being applied, please
>> let me know.
>>
>> Responses should be made by Fri, 22 Sep 2023 11:28:09 +0000.
>> Anything received after that time might be too late.
>>
>> The whole patch series can be found in one patch at:
>> https://www.kernel.org/pub/linux/kernel/v5.x/stable-review/patch-5.4.257-rc1.gz
>> or in the git tree and branch at:
>> git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-5.4.y
>> and the diffstat can be found below.
>>
>> thanks,
>>
>> greg k-h
> Following build warnings noticed while building arm64 with allmodconfig
> on stable-rc 5.4 with gcc-8 and gcc-12 toolchains.
>
> Reported-by: Linux Kernel Functional Testing <lkft@linaro.org>
>
> drivers/gpu/drm/mediatek/mtk_drm_gem.c: In function 'mtk_drm_gem_prime_vmap':
> drivers/gpu/drm/mediatek/mtk_drm_gem.c:273:10: warning: returning
> 'int' from a function with return type 'void *' makes pointer from
> integer without a cast [-Wint-conversion]
> return -ENOMEM;
> ^
Well, this is easy to solve.
For the Linux-5.4 kernel, we should use "return -ERR_PTR(-ENOMEM)" instead of "return -ENOMEM".
Since, newer version kernel prefer to return error code instead of error pointer.
See below commit for more information.
commit <7e542ff8b463> ("drm/mediatek: Use struct dma_buf_map in GEM
vmap ops")
commit <49a3f51dfeee> ("drm/gem: Use struct dma_buf_map in GEM vmap ops
and convert GEM backends")
> Links:
> - https://storage.tuxsuite.com/public/linaro/lkft/builds/2VfG47LmPH9MUEuIcMVftu6NsFy/
>
>
> Following commit is causing this build warning.
>
> drm/mediatek: Fix potential memory leak if vmap() fail
> [ Upstream commit 379091e0f6d179d1a084c65de90fa44583b14a70 ]
>
> --
> Linaro LKFT
> https://lkft.linaro.org
^ permalink raw reply [flat|nested] 396+ messages in thread
* Re: [PATCH 5.4 000/367] 5.4.257-rc1 review
2023-09-21 13:10 ` Sui Jingfeng
@ 2023-09-21 13:16 ` Sui Jingfeng
-1 siblings, 0 replies; 396+ messages in thread
From: Sui Jingfeng @ 2023-09-21 13:16 UTC (permalink / raw)
To: Naresh Kamboju, Greg Kroah-Hartman
Cc: Chun-Kuang Hu, f.fainelli, rwarsow, pavel, conor, shuah,
dri-devel, patches, stable, linux-kernel, lkft-triage, srw,
patches, akpm, jonathanh, torvalds, sudipm.mukherjee, linux
Hi,
On 2023/9/21 21:10, Sui Jingfeng wrote:
> return -ERR_PTR(-ENOMEM)
return ERR_PTR(-ENOMEM);
^ permalink raw reply [flat|nested] 396+ messages in thread
* Re: [PATCH 5.4 000/367] 5.4.257-rc1 review
@ 2023-09-21 13:16 ` Sui Jingfeng
0 siblings, 0 replies; 396+ messages in thread
From: Sui Jingfeng @ 2023-09-21 13:16 UTC (permalink / raw)
To: Naresh Kamboju, Greg Kroah-Hartman
Cc: stable, patches, linux-kernel, torvalds, akpm, linux, shuah,
patches, lkft-triage, pavel, jonathanh, f.fainelli,
sudipm.mukherjee, srw, rwarsow, conor, Chun-Kuang Hu, dri-devel
Hi,
On 2023/9/21 21:10, Sui Jingfeng wrote:
> return -ERR_PTR(-ENOMEM)
return ERR_PTR(-ENOMEM);
^ permalink raw reply [flat|nested] 396+ messages in thread
* Re: [PATCH 5.4 000/367] 5.4.257-rc1 review
2023-09-20 11:26 [PATCH 5.4 000/367] 5.4.257-rc1 review Greg Kroah-Hartman
` (369 preceding siblings ...)
2023-09-21 12:08 ` Naresh Kamboju
@ 2023-09-21 14:33 ` Naresh Kamboju
2023-09-21 15:55 ` Guenter Roeck
2023-09-22 9:46 ` Jon Hunter
372 siblings, 0 replies; 396+ messages in thread
From: Naresh Kamboju @ 2023-09-21 14:33 UTC (permalink / raw)
To: Greg Kroah-Hartman
Cc: stable, patches, linux-kernel, torvalds, akpm, linux, shuah,
patches, lkft-triage, pavel, jonathanh, f.fainelli,
sudipm.mukherjee, srw, rwarsow, conor
On Wed, 20 Sept 2023 at 14:25, Greg Kroah-Hartman
<gregkh@linuxfoundation.org> wrote:
>
> This is the start of the stable review cycle for the 5.4.257 release.
> There are 367 patches in this series, all will be posted as a response
> to this one. If anyone has any issues with these being applied, please
> let me know.
>
> Responses should be made by Fri, 22 Sep 2023 11:28:09 +0000.
> Anything received after that time might be too late.
>
> The whole patch series can be found in one patch at:
> https://www.kernel.org/pub/linux/kernel/v5.x/stable-review/patch-5.4.257-rc1.gz
> or in the git tree and branch at:
> git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-5.4.y
> and the diffstat can be found below.
>
> thanks,
>
> greg k-h
Results from Linaro’s test farm.
No regressions on arm64, arm, x86_64, and i386.
Tested-by: Linux Kernel Functional Testing <lkft@linaro.org>
NOTE:
Build warnings noticed on arm64 with allmodconfig as reported.
## Build
* kernel: 5.4.257-rc1
* git: https://gitlab.com/Linaro/lkft/mirrors/stable/linux-stable-rc
* git branch: linux-5.4.y
* git commit: 831ef442fc4c4000caab32d35d6a4c5fe9d41706
* git describe: v5.4.256-368-g831ef442fc4c
* test details:
https://qa-reports.linaro.org/lkft/linux-stable-rc-linux-5.4.y/build/v5.4.256-368-g831ef442fc4c
## Test Regressions (compared to v5.4.256)
## Metric Regressions (compared to v5.4.256)
## Test Fixes (compared to v5.4.256)
## Metric Fixes (compared to v5.4.256)
## Test result summary
total: 87749, pass: 69286, fail: 2073, skip: 16347, xfail: 43
## Build Summary
* arc: 5 total, 5 passed, 0 failed
* arm: 148 total, 147 passed, 1 failed
* arm64: 46 total, 43 passed, 3 failed
* i386: 30 total, 24 passed, 6 failed
* mips: 30 total, 29 passed, 1 failed
* parisc: 4 total, 0 passed, 4 failed
* powerpc: 33 total, 32 passed, 1 failed
* riscv: 15 total, 15 passed, 0 failed
* s390: 8 total, 8 passed, 0 failed
* sh: 14 total, 12 passed, 2 failed
* sparc: 8 total, 8 passed, 0 failed
* x86_64: 41 total, 41 passed, 0 failed
## Test suites summary
* boot
* kselftest-android
* kselftest-arm64
* kselftest-breakpoints
* kselftest-capabilities
* kselftest-cgroup
* kselftest-clone3
* kselftest-core
* kselftest-cpu-hotplug
* kselftest-cpufreq
* kselftest-drivers-dma-buf
* kselftest-efivarfs
* kselftest-exec
* kselftest-filesystems
* kselftest-filesystems-binderfs
* kselftest-filesystems-epoll
* kselftest-firmware
* kselftest-fpu
* kselftest-ftrace
* kselftest-futex
* kselftest-gpio
* kselftest-intel_pstate
* kselftest-ipc
* kselftest-ir
* kselftest-kcmp
* kselftest-kexec
* kselftest-lib
* kselftest-membarrier
* kselftest-memfd
* kselftest-memory-hotplug
* kselftest-mincore
* kselftest-mount
* kselftest-mqueue
* kselftest-net
* kselftest-net-forwarding
* kselftest-net-mptcp
* kselftest-netfilter
* kselftest-nsfs
* kselftest-openat2
* kselftest-pid_namespace
* kselftest-pidfd
* kselftest-proc
* kselftest-pstore
* kselftest-ptrace
* kselftest-rseq
* kselftest-rtc
* kselftest-sigaltstack
* kselftest-size
* kselftest-tc-testing
* kselftest-timens
* kselftest-tmpfs
* kselftest-tpm2
* kselftest-user
* kselftest-user_events
* kselftest-vDSO
* kselftest-vm
* kselftest-watchdog
* kselftest-x86
* kselftest-zram
* kunit
* log-parser-boot
* log-parser-test
* ltp-cap_bounds
* ltp-commands
* ltp-containers
* ltp-controllers
* ltp-cpuhotplug
* ltp-crypto
* ltp-cve
* ltp-dio
* ltp-fcntl-locktests
* ltp-filecaps
* ltp-fs
* ltp-fs_bind
* ltp-fs_perms_simple
* ltp-fsx
* ltp-hugetlb
* ltp-io
* ltp-ipc
* ltp-math
* ltp-mm
* ltp-nptl
* ltp-pty
* ltp-sched
* ltp-securebits
* ltp-smoke
* ltp-syscalls
* ltp-tracing
* perf
* rcutorture
--
Linaro LKFT
https://lkft.linaro.org
^ permalink raw reply [flat|nested] 396+ messages in thread
* Re: [PATCH 5.4 000/367] 5.4.257-rc1 review
2023-09-20 11:26 [PATCH 5.4 000/367] 5.4.257-rc1 review Greg Kroah-Hartman
` (370 preceding siblings ...)
2023-09-21 14:33 ` Naresh Kamboju
@ 2023-09-21 15:55 ` Guenter Roeck
2023-09-22 9:46 ` Jon Hunter
372 siblings, 0 replies; 396+ messages in thread
From: Guenter Roeck @ 2023-09-21 15:55 UTC (permalink / raw)
To: Greg Kroah-Hartman
Cc: stable, patches, linux-kernel, torvalds, akpm, shuah, patches,
lkft-triage, pavel, jonathanh, f.fainelli, sudipm.mukherjee, srw,
rwarsow, conor
On Wed, Sep 20, 2023 at 01:26:17PM +0200, Greg Kroah-Hartman wrote:
> This is the start of the stable review cycle for the 5.4.257 release.
> There are 367 patches in this series, all will be posted as a response
> to this one. If anyone has any issues with these being applied, please
> let me know.
>
> Responses should be made by Fri, 22 Sep 2023 11:28:09 +0000.
> Anything received after that time might be too late.
>
Build results:
total: 154 pass: 152 fail: 2
Failed builds:
i386:tools/perf
x86_64:tools/perf
Qemu test results:
total: 464 pass: 464 fail: 0
libbpf.c: In function ‘bpf_object__close’:
libbpf.c:4205:15: error: ‘struct bpf_object’ has no member named ‘btf_vmlinux’
Old question: Should we stop build testing perf on older kernels ?
If so, why are perf patches backported ?
Guenter
^ permalink raw reply [flat|nested] 396+ messages in thread
* Re: [PATCH 5.4 000/367] 5.4.257-rc1 review
2023-09-20 11:26 [PATCH 5.4 000/367] 5.4.257-rc1 review Greg Kroah-Hartman
` (371 preceding siblings ...)
2023-09-21 15:55 ` Guenter Roeck
@ 2023-09-22 9:46 ` Jon Hunter
372 siblings, 0 replies; 396+ messages in thread
From: Jon Hunter @ 2023-09-22 9:46 UTC (permalink / raw)
To: Greg Kroah-Hartman
Cc: Greg Kroah-Hartman, patches, linux-kernel, torvalds, akpm, linux,
shuah, patches, lkft-triage, pavel, jonathanh, f.fainelli,
sudipm.mukherjee, srw, rwarsow, conor, linux-tegra, stable
On Wed, 20 Sep 2023 13:26:17 +0200, Greg Kroah-Hartman wrote:
> This is the start of the stable review cycle for the 5.4.257 release.
> There are 367 patches in this series, all will be posted as a response
> to this one. If anyone has any issues with these being applied, please
> let me know.
>
> Responses should be made by Fri, 22 Sep 2023 11:28:09 +0000.
> Anything received after that time might be too late.
>
> The whole patch series can be found in one patch at:
> https://www.kernel.org/pub/linux/kernel/v5.x/stable-review/patch-5.4.257-rc1.gz
> or in the git tree and branch at:
> git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-5.4.y
> and the diffstat can be found below.
>
> thanks,
>
> greg k-h
All tests passing for Tegra ...
Test results for stable-v5.4:
11 builds: 11 pass, 0 fail
26 boots: 26 pass, 0 fail
59 tests: 59 pass, 0 fail
Linux version: 5.4.257-rc1-g831ef442fc4c
Boards tested: tegra124-jetson-tk1, tegra186-p2771-0000,
tegra194-p2972-0000, tegra20-ventana,
tegra210-p2371-2180, tegra210-p3450-0000,
tegra30-cardhu-a04
Tested-by: Jon Hunter <jonathanh@nvidia.com>
Jon
^ permalink raw reply [flat|nested] 396+ messages in thread
* Re: [PATCH 5.4 326/367] libbpf: Free btf_vmlinux when closing bpf_object
2023-09-20 13:28 ` Harshit Mogalapalli
@ 2023-09-23 8:25 ` Greg Kroah-Hartman
2023-09-25 10:42 ` Harshit Mogalapalli
0 siblings, 1 reply; 396+ messages in thread
From: Greg Kroah-Hartman @ 2023-09-23 8:25 UTC (permalink / raw)
To: Harshit Mogalapalli
Cc: stable, Sasha Levin, patches, Hao Luo, Andrii Nakryiko,
Vegard Nossum, Darren Kenny
On Wed, Sep 20, 2023 at 06:58:45PM +0530, Harshit Mogalapalli wrote:
> Hi Greg,
>
> On 20/09/23 5:01 pm, Greg Kroah-Hartman wrote:
> > 5.4-stable review patch. If anyone has any objections, please let me know.
> >
> > ------------------
> >
> > From: Hao Luo <haoluo@google.com>
> >
> > [ Upstream commit 29d67fdebc42af6466d1909c60fdd1ef4f3e5240 ]
> >
> > I hit a memory leak when testing bpf_program__set_attach_target().
> > Basically, set_attach_target() may allocate btf_vmlinux, for example,
> > when setting attach target for bpf_iter programs. But btf_vmlinux
> > is freed only in bpf_object_load(), which means if we only open
> > bpf object but not load it, setting attach target may leak
> > btf_vmlinux.
> >
> > So let's free btf_vmlinux in bpf_object__close() anyway.
> >
> > Signed-off-by: Hao Luo <haoluo@google.com>
> > Signed-off-by: Andrii Nakryiko <andrii@kernel.org>
> > Link: https://lore.kernel.org/bpf/20230822193840.1509809-1-haoluo@google.com
> > Signed-off-by: Sasha Levin <sashal@kernel.org>
> > ---
> > tools/lib/bpf/libbpf.c | 1 +
> > 1 file changed, 1 insertion(+)
> >
> > diff --git a/tools/lib/bpf/libbpf.c b/tools/lib/bpf/libbpf.c
> > index b8849812449c3..343018632d2d1 100644
> > --- a/tools/lib/bpf/libbpf.c
> > +++ b/tools/lib/bpf/libbpf.c
> > @@ -4202,6 +4202,7 @@ void bpf_object__close(struct bpf_object *obj)
> > bpf_object__elf_finish(obj);
> > bpf_object__unload(obj);
> > btf__free(obj->btf);
> > + btf__free(obj->btf_vmlinux);
>
>
> This patch introduces a build failure.
>
> libbpf.c: In function 'bpf_object__close':
> libbpf.c:4205:22: error: 'struct bpf_object' has no member named
> 'btf_vmlinux'
> 4205 | btf__free(obj->btf_vmlinux);
> | ^~
>
> This struct member "btf_vmlinux" is added in commit a6ed02cac690 ("libbpf:
> Load btf_vmlinux only once per object.") which is not in 5.4.y
>
> So I think we should drop this patch.
Now dropped, thanks.
greg k-h
^ permalink raw reply [flat|nested] 396+ messages in thread
* Re: [PATCH 5.4 000/367] 5.4.257-rc1 review
2023-09-21 12:20 ` Guenter Roeck
@ 2023-09-23 8:26 ` Greg Kroah-Hartman
0 siblings, 0 replies; 396+ messages in thread
From: Greg Kroah-Hartman @ 2023-09-23 8:26 UTC (permalink / raw)
To: Guenter Roeck
Cc: Florian Fainelli, stable, patches, linux-kernel, torvalds, akpm,
shuah, patches, lkft-triage, pavel, jonathanh, sudipm.mukherjee,
srw, rwarsow, conor
On Thu, Sep 21, 2023 at 05:20:17AM -0700, Guenter Roeck wrote:
> On 9/20/23 10:21, Florian Fainelli wrote:
> > On 9/20/23 04:26, Greg Kroah-Hartman wrote:
> > > This is the start of the stable review cycle for the 5.4.257 release.
> > > There are 367 patches in this series, all will be posted as a response
> > > to this one. If anyone has any issues with these being applied, please
> > > let me know.
> > >
> > > Responses should be made by Fri, 22 Sep 2023 11:28:09 +0000.
> > > Anything received after that time might be too late.
> > >
> > > The whole patch series can be found in one patch at:
> > > https://www.kernel.org/pub/linux/kernel/v5.x/stable-review/patch-5.4.257-rc1.gz
> > > or in the git tree and branch at:
> > > git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-5.4.y
> > > and the diffstat can be found below.
> > >
> > > thanks,
> > >
> > > greg k-h
> >
> > perf does not build with:
> >
> > libbpf.c: In function 'bpf_object__close':
> > libbpf.c:4205:15: error: 'struct bpf_object' has no member named 'btf_vmlinux'
> > btf__free(obj->btf_vmlinux);
> > ^~
> >
> > due to 34d66b750e83d49c7d3d33d59e6a1b49e0d5db15 ("libbpf: Free btf_vmlinux when closing bpf_object")
> >
> > the btf_vmlinux member was introduced with a6ed02cac690b635dbb938690e795812ce1e14ca ("libbpf: Load btf_vmlinux only once per object.") which is only in >= 5.6.
> >
> > Suggset we drop that commit.
>
>
> This problem affects 5.4, 5.10, and 5.15.
Now dropped from all of those queues, thanks.
greg k-h
^ permalink raw reply [flat|nested] 396+ messages in thread
* Re: [PATCH 5.4 296/367] clk: imx: pll14xx: dynamically configure PLL for 393216000/361267200Hz
2023-09-21 7:03 ` Ahmad Fatoum
@ 2023-09-23 8:28 ` Greg Kroah-Hartman
0 siblings, 0 replies; 396+ messages in thread
From: Greg Kroah-Hartman @ 2023-09-23 8:28 UTC (permalink / raw)
To: Ahmad Fatoum
Cc: stable, patches, Marco Felsch, Abel Vesa, Sasha Levin,
Pengutronix Kernel Team
On Thu, Sep 21, 2023 at 09:03:09AM +0200, Ahmad Fatoum wrote:
> On 20.09.23 13:31, Greg Kroah-Hartman wrote:
> > 5.4-stable review patch. If anyone has any objections, please let me know.
>
> [snip]
>
> > Cc: stable@vger.kernel.org # v5.18+
>
> Objection: This fix is only applicable starting with v5.18, as before
> commit b09c68dc57c9 ("clk: imx: pll14xx: Support dynamic rates"), there
> was no dynamic rate calculation that would substitute the hardcoded
> parameters removed by my patch.
Ok, thanks, now dropped.
greg k-h
^ permalink raw reply [flat|nested] 396+ messages in thread
* Re: [PATCH 5.4 000/367] 5.4.257-rc1 review
2023-09-21 13:16 ` Sui Jingfeng
@ 2023-09-23 8:30 ` Greg Kroah-Hartman
-1 siblings, 0 replies; 396+ messages in thread
From: Greg Kroah-Hartman @ 2023-09-23 8:30 UTC (permalink / raw)
To: Sui Jingfeng
Cc: Naresh Kamboju, stable, patches, linux-kernel, torvalds, akpm,
linux, shuah, patches, lkft-triage, pavel, jonathanh, f.fainelli,
sudipm.mukherjee, srw, rwarsow, conor, Chun-Kuang Hu, dri-devel
On Thu, Sep 21, 2023 at 09:16:57PM +0800, Sui Jingfeng wrote:
> Hi,
>
>
> On 2023/9/21 21:10, Sui Jingfeng wrote:
> > return -ERR_PTR(-ENOMEM)
>
>
> return ERR_PTR(-ENOMEM);
Thanks, now fixed up.
greg k-h
^ permalink raw reply [flat|nested] 396+ messages in thread
* Re: [PATCH 5.4 000/367] 5.4.257-rc1 review
@ 2023-09-23 8:30 ` Greg Kroah-Hartman
0 siblings, 0 replies; 396+ messages in thread
From: Greg Kroah-Hartman @ 2023-09-23 8:30 UTC (permalink / raw)
To: Sui Jingfeng
Cc: Chun-Kuang Hu, f.fainelli, dri-devel, rwarsow, pavel, conor,
shuah, Naresh Kamboju, patches, stable, linux-kernel,
lkft-triage, srw, patches, akpm, jonathanh, torvalds,
sudipm.mukherjee, linux
On Thu, Sep 21, 2023 at 09:16:57PM +0800, Sui Jingfeng wrote:
> Hi,
>
>
> On 2023/9/21 21:10, Sui Jingfeng wrote:
> > return -ERR_PTR(-ENOMEM)
>
>
> return ERR_PTR(-ENOMEM);
Thanks, now fixed up.
greg k-h
^ permalink raw reply [flat|nested] 396+ messages in thread
* Re: [PATCH 5.4 326/367] libbpf: Free btf_vmlinux when closing bpf_object
2023-09-23 8:25 ` Greg Kroah-Hartman
@ 2023-09-25 10:42 ` Harshit Mogalapalli
0 siblings, 0 replies; 396+ messages in thread
From: Harshit Mogalapalli @ 2023-09-25 10:42 UTC (permalink / raw)
To: Greg Kroah-Hartman
Cc: stable, Sasha Levin, patches, Hao Luo, Andrii Nakryiko,
Vegard Nossum, Darren Kenny
Hi Greg,
On 23/09/23 1:55 pm, Greg Kroah-Hartman wrote:
> On Wed, Sep 20, 2023 at 06:58:45PM +0530, Harshit Mogalapalli wrote:
>> Hi Greg,
>>
>> On 20/09/23 5:01 pm, Greg Kroah-Hartman wrote:
>>> 5.4-stable review patch. If anyone has any objections, please let me know.
>>>
>>> ------------------
>>>
>>> From: Hao Luo <haoluo@google.com>
>>>
>>> [ Upstream commit 29d67fdebc42af6466d1909c60fdd1ef4f3e5240 ]
>>>
>>> I hit a memory leak when testing bpf_program__set_attach_target().
>>> Basically, set_attach_target() may allocate btf_vmlinux, for example,
>>> when setting attach target for bpf_iter programs. But btf_vmlinux
>>> is freed only in bpf_object_load(), which means if we only open
>>> bpf object but not load it, setting attach target may leak
>>> btf_vmlinux.
>>>
>>> So let's free btf_vmlinux in bpf_object__close() anyway.
>>>
>>> Signed-off-by: Hao Luo <haoluo@google.com>
>>> Signed-off-by: Andrii Nakryiko <andrii@kernel.org>
>>> Link: https://lore.kernel.org/bpf/20230822193840.1509809-1-haoluo@google.com
>>> Signed-off-by: Sasha Levin <sashal@kernel.org>
>>> ---
>>> tools/lib/bpf/libbpf.c | 1 +
>>> 1 file changed, 1 insertion(+)
>>>
>>> diff --git a/tools/lib/bpf/libbpf.c b/tools/lib/bpf/libbpf.c
>>> index b8849812449c3..343018632d2d1 100644
>>> --- a/tools/lib/bpf/libbpf.c
>>> +++ b/tools/lib/bpf/libbpf.c
>>> @@ -4202,6 +4202,7 @@ void bpf_object__close(struct bpf_object *obj)
>>> bpf_object__elf_finish(obj);
>>> bpf_object__unload(obj);
>>> btf__free(obj->btf);
>>> + btf__free(obj->btf_vmlinux);
>>
>>
>> This patch introduces a build failure.
>>
>> libbpf.c: In function 'bpf_object__close':
>> libbpf.c:4205:22: error: 'struct bpf_object' has no member named
>> 'btf_vmlinux'
>> 4205 | btf__free(obj->btf_vmlinux);
>> | ^~
>>
>> This struct member "btf_vmlinux" is added in commit a6ed02cac690 ("libbpf:
>> Load btf_vmlinux only once per object.") which is not in 5.4.y
>>
>> So I think we should drop this patch.
>
> Now dropped, thanks.
>
I have tested kernel(5.4.257 final release) where the offending patches
are dropped. No regressions seen there.
Thanks,
Harshit
> greg k-h
^ permalink raw reply [flat|nested] 396+ messages in thread
* Re: [PATCH 5.4 118/367] ima: Remove deprecated IMA_TRUSTED_KEYRING Kconfig
2023-09-20 11:28 ` [PATCH 5.4 118/367] ima: Remove deprecated IMA_TRUSTED_KEYRING Kconfig Greg Kroah-Hartman
@ 2023-09-26 20:10 ` Mimi Zohar
0 siblings, 0 replies; 396+ messages in thread
From: Mimi Zohar @ 2023-09-26 20:10 UTC (permalink / raw)
To: Greg Kroah-Hartman, stable
Cc: patches, Nayna Jain, Sasha Levin, Oleksandr Tymoshenko
Hi Greg,
On Wed, 2023-09-20 at 13:28 +0200, Greg Kroah-Hartman wrote:
> 5.4-stable review patch. If anyone has any objections, please let me know.
Thanks for holding off on back porting this. Oleksandr Tymoshenko's
"ima: Finish deprecation of IMA_TRUSTED_KEYRING Kconfig" is needed as
well.
--
thanks,
Mimi
^ permalink raw reply [flat|nested] 396+ messages in thread
end of thread, other threads:[~2023-09-26 20:43 UTC | newest]
Thread overview: 396+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2023-09-20 11:26 [PATCH 5.4 000/367] 5.4.257-rc1 review Greg Kroah-Hartman
2023-09-20 11:26 ` [PATCH 5.4 001/367] erofs: ensure that the post-EOF tails are all zeroed Greg Kroah-Hartman
2023-09-20 11:26 ` [PATCH 5.4 002/367] ARM: pxa: remove use of symbol_get() Greg Kroah-Hartman
2023-09-20 11:26 ` [PATCH 5.4 003/367] mmc: au1xmmc: force non-modular build and remove symbol_get usage Greg Kroah-Hartman
2023-09-20 11:26 ` [PATCH 5.4 004/367] net: enetc: use EXPORT_SYMBOL_GPL for enetc_phc_index Greg Kroah-Hartman
2023-09-20 11:26 ` [PATCH 5.4 005/367] rtc: ds1685: use EXPORT_SYMBOL_GPL for ds1685_rtc_poweroff Greg Kroah-Hartman
2023-09-20 11:26 ` [PATCH 5.4 006/367] modules: only allow symbol_get of EXPORT_SYMBOL_GPL modules Greg Kroah-Hartman
2023-09-20 11:26 ` [PATCH 5.4 007/367] USB: serial: option: add Quectel EM05G variant (0x030e) Greg Kroah-Hartman
2023-09-20 11:26 ` [PATCH 5.4 008/367] USB: serial: option: add FOXCONN T99W368/T99W373 product Greg Kroah-Hartman
2023-09-20 11:26 ` [PATCH 5.4 009/367] HID: wacom: remove the battery when the EKR is off Greg Kroah-Hartman
2023-09-20 11:26 ` [PATCH 5.4 010/367] staging: rtl8712: fix race condition Greg Kroah-Hartman
2023-09-20 11:26 ` [PATCH 5.4 011/367] Bluetooth: btsdio: fix use after free bug in btsdio_remove due to " Greg Kroah-Hartman
2023-09-20 11:26 ` [PATCH 5.4 012/367] serial: sc16is7xx: fix bug when first setting GPIO direction Greg Kroah-Hartman
2023-09-20 11:26 ` [PATCH 5.4 013/367] firmware: stratix10-svc: Fix an NULL vs IS_ERR() bug in probe Greg Kroah-Hartman
2023-09-20 11:26 ` [PATCH 5.4 014/367] fsi: master-ast-cf: Add MODULE_FIRMWARE macro Greg Kroah-Hartman
2023-09-20 11:26 ` [PATCH 5.4 015/367] nilfs2: fix general protection fault in nilfs_lookup_dirty_data_buffers() Greg Kroah-Hartman
2023-09-20 11:26 ` [PATCH 5.4 016/367] nilfs2: fix WARNING in mark_buffer_dirty due to discarded buffer reuse Greg Kroah-Hartman
2023-09-20 11:26 ` [PATCH 5.4 017/367] pinctrl: amd: Dont show `Invalid config param` errors Greg Kroah-Hartman
2023-09-20 11:26 ` [PATCH 5.4 018/367] 9p: virtio: make sure offs is initialized in zc_request Greg Kroah-Hartman
2023-09-20 11:26 ` [PATCH 5.4 019/367] ASoC: da7219: Flush pending AAD IRQ when suspending Greg Kroah-Hartman
2023-09-20 11:26 ` [PATCH 5.4 020/367] ASoC: da7219: Check for failure reading AAD IRQ events Greg Kroah-Hartman
2023-09-20 11:26 ` [PATCH 5.4 021/367] ethernet: atheros: fix return value check in atl1c_tso_csum() Greg Kroah-Hartman
2023-09-20 11:26 ` [PATCH 5.4 022/367] vxlan: generalize vxlan_parse_gpe_hdr and remove unused args Greg Kroah-Hartman
2023-09-20 11:26 ` [PATCH 5.4 023/367] m68k: Fix invalid .section syntax Greg Kroah-Hartman
2023-09-20 11:26 ` [PATCH 5.4 024/367] s390/dasd: use correct number of retries for ERP requests Greg Kroah-Hartman
2023-09-20 11:26 ` [PATCH 5.4 025/367] s390/dasd: fix hanging device after request requeue Greg Kroah-Hartman
2023-09-20 11:26 ` [PATCH 5.4 026/367] fs/nls: make load_nls() take a const parameter Greg Kroah-Hartman
2023-09-20 11:26 ` [PATCH 5.4 027/367] ASoc: codecs: ES8316: Fix DMIC config Greg Kroah-Hartman
2023-09-20 11:26 ` [PATCH 5.4 028/367] ASoC: atmel: Fix the 8K sample parameter in I2SC master Greg Kroah-Hartman
2023-09-20 11:26 ` [PATCH 5.4 029/367] platform/x86: intel: hid: Always call BTNL ACPI method Greg Kroah-Hartman
2023-09-20 11:26 ` [PATCH 5.4 030/367] platform/x86: huawei-wmi: Silence ambient light sensor Greg Kroah-Hartman
2023-09-20 11:26 ` [PATCH 5.4 031/367] security: keys: perform capable check only on privileged operations Greg Kroah-Hartman
2023-09-20 11:26 ` [PATCH 5.4 032/367] clk: fixed-mmio: make COMMON_CLK_FIXED_MMIO depend on HAS_IOMEM Greg Kroah-Hartman
2023-09-20 11:26 ` [PATCH 5.4 033/367] net: usb: qmi_wwan: add Quectel EM05GV2 Greg Kroah-Hartman
2023-09-20 11:26 ` [PATCH 5.4 034/367] idmaengine: make FSL_EDMA and INTEL_IDMA64 depends on HAS_IOMEM Greg Kroah-Hartman
2023-09-20 11:26 ` [PATCH 5.4 035/367] scsi: qedi: Fix potential deadlock on &qedi_percpu->p_work_lock Greg Kroah-Hartman
2023-09-20 11:26 ` [PATCH 5.4 036/367] netlabel: fix shift wrapping bug in netlbl_catmap_setlong() Greg Kroah-Hartman
2023-09-20 11:26 ` [PATCH 5.4 037/367] bnx2x: fix page fault following EEH recovery Greg Kroah-Hartman
2023-09-20 11:26 ` [PATCH 5.4 038/367] sctp: handle invalid error codes without calling BUG() Greg Kroah-Hartman
2023-09-20 11:26 ` [PATCH 5.4 039/367] cifs: add a warning when the in-flight count goes negative Greg Kroah-Hartman
2023-09-20 11:26 ` [PATCH 5.4 040/367] scsi: storvsc: Always set no_report_opcodes Greg Kroah-Hartman
2023-09-20 11:26 ` [PATCH 5.4 041/367] ALSA: seq: oss: Fix racy open/close of MIDI devices Greg Kroah-Hartman
2023-09-20 11:26 ` [PATCH 5.4 042/367] platform/mellanox: Fix mlxbf-tmfifo not handling all virtio CONSOLE notifications Greg Kroah-Hartman
2023-09-20 11:27 ` [PATCH 5.4 043/367] net: Avoid address overwrite in kernel_connect Greg Kroah-Hartman
2023-09-20 11:27 ` [PATCH 5.4 044/367] powerpc/32s: Fix assembler warning about r0 Greg Kroah-Hartman
2023-09-20 11:27 ` [PATCH 5.4 045/367] udf: Check consistency of Space Bitmap Descriptor Greg Kroah-Hartman
2023-09-20 11:27 ` [PATCH 5.4 046/367] udf: Handle error when adding extent to a file Greg Kroah-Hartman
2023-09-20 11:27 ` [PATCH 5.4 047/367] Revert "net: macsec: preserve ingress frame ordering" Greg Kroah-Hartman
2023-09-20 11:27 ` [PATCH 5.4 048/367] reiserfs: Check the return value from __getblk() Greg Kroah-Hartman
2023-09-20 11:27 ` [PATCH 5.4 049/367] eventfd: Export eventfd_ctx_do_read() Greg Kroah-Hartman
2023-09-20 11:27 ` [PATCH 5.4 050/367] eventfd: prevent underflow for eventfd semaphores Greg Kroah-Hartman
2023-09-20 11:27 ` [PATCH 5.4 051/367] new helper: lookup_positive_unlocked() Greg Kroah-Hartman
2023-09-20 11:27 ` [PATCH 5.4 052/367] fs: Fix error checking for d_hash_and_lookup() Greg Kroah-Hartman
2023-09-20 11:27 ` [PATCH 5.4 053/367] tmpfs: verify {g,u}id mount options correctly Greg Kroah-Hartman
2023-09-20 11:27 ` [PATCH 5.4 054/367] OPP: Fix passing 0 to PTR_ERR in _opp_attach_genpd() Greg Kroah-Hartman
2023-09-20 11:27 ` [PATCH 5.4 055/367] x86/asm: Make more symbols local Greg Kroah-Hartman
2023-09-20 11:27 ` [PATCH 5.4 056/367] x86/boot: Annotate local functions Greg Kroah-Hartman
2023-09-20 11:27 ` [PATCH 5.4 057/367] x86/decompressor: Dont rely on upper 32 bits of GPRs being preserved Greg Kroah-Hartman
2023-09-20 11:27 ` [PATCH 5.4 058/367] perf/imx_ddr: dont enable counter0 if none of 4 counters are used Greg Kroah-Hartman
2023-09-20 11:27 ` [PATCH 5.4 059/367] cpufreq: powernow-k8: Use related_cpus instead of cpus in driver.exit() Greg Kroah-Hartman
2023-09-20 11:27 ` [PATCH 5.4 060/367] bpf: Clear the probe_addr for uprobe Greg Kroah-Hartman
2023-09-20 11:27 ` [PATCH 5.4 061/367] tcp: tcp_enter_quickack_mode() should be static Greg Kroah-Hartman
2023-09-20 11:27 ` [PATCH 5.4 062/367] regmap: rbtree: Use alloc_flags for memory allocations Greg Kroah-Hartman
2023-09-20 11:27 ` [PATCH 5.4 063/367] spi: tegra20-sflash: fix to check return value of platform_get_irq() in tegra_sflash_probe() Greg Kroah-Hartman
2023-09-20 11:27 ` [PATCH 5.4 064/367] can: gs_usb: gs_usb_receive_bulk_callback(): count RX overflow errors also in case of OOM Greg Kroah-Hartman
2023-09-20 11:27 ` [PATCH 5.4 065/367] wifi: mwifiex: Fix OOB and integer underflow when rx packets Greg Kroah-Hartman
2023-09-20 11:27 ` [PATCH 5.4 066/367] mwifiex: switch from pci_ to dma_ API Greg Kroah-Hartman
2023-09-20 11:27 ` [PATCH 5.4 067/367] wifi: mwifiex: fix error recovery in PCIE buffer descriptor management Greg Kroah-Hartman
2023-09-20 11:27 ` [PATCH 5.4 068/367] crypto: stm32 - Properly handle pm_runtime_get failing Greg Kroah-Hartman
2023-09-20 11:27 ` [PATCH 5.4 069/367] Bluetooth: nokia: fix value check in nokia_bluetooth_serdev_probe() Greg Kroah-Hartman
2023-09-20 11:27 ` [PATCH 5.4 070/367] crypto: caam - fix unchecked return value error Greg Kroah-Hartman
2023-09-20 11:27 ` [PATCH 5.4 071/367] hwrng: iproc-rng200 - use semicolons rather than commas to separate statements Greg Kroah-Hartman
2023-09-20 11:27 ` [PATCH 5.4 072/367] hwrng: iproc-rng200 - Implement suspend and resume calls Greg Kroah-Hartman
2023-09-20 11:27 ` [PATCH 5.4 073/367] lwt: Fix return values of BPF xmit ops Greg Kroah-Hartman
2023-09-20 11:27 ` [PATCH 5.4 074/367] lwt: Check LWTUNNEL_XMIT_CONTINUE strictly Greg Kroah-Hartman
2023-09-20 11:27 ` [PATCH 5.4 075/367] fs: ocfs2: namei: check return value of ocfs2_add_entry() Greg Kroah-Hartman
2023-09-20 11:27 ` [PATCH 5.4 076/367] wifi: mwifiex: fix memory leak in mwifiex_histogram_read() Greg Kroah-Hartman
2023-09-20 11:27 ` [PATCH 5.4 077/367] wifi: mwifiex: Fix missed return in oob checks failed path Greg Kroah-Hartman
2023-09-20 11:27 ` [PATCH 5.4 078/367] wifi: ath9k: fix races between ath9k_wmi_cmd and ath9k_wmi_ctrl_rx Greg Kroah-Hartman
2023-09-20 11:27 ` [PATCH 5.4 079/367] wifi: ath9k: protect WMI command response buffer replacement with a lock Greg Kroah-Hartman
2023-09-20 11:27 ` [PATCH 5.4 080/367] wifi: mwifiex: avoid possible NULL skb pointer dereference Greg Kroah-Hartman
2023-09-20 11:27 ` [PATCH 5.4 081/367] wifi: ath9k: use IS_ERR() with debugfs_create_dir() Greg Kroah-Hartman
2023-09-20 11:27 ` [PATCH 5.4 082/367] net: arcnet: Do not call kfree_skb() under local_irq_disable() Greg Kroah-Hartman
2023-09-20 11:27 ` [PATCH 5.4 083/367] mlxsw: i2c: Fix chunk size setting in output mailbox buffer Greg Kroah-Hartman
2023-09-20 11:27 ` [PATCH 5.4 084/367] mlxsw: i2c: Limit single transaction buffer size Greg Kroah-Hartman
2023-09-20 11:27 ` [PATCH 5.4 085/367] net/sched: sch_hfsc: Ensure inner classes have fsc curve Greg Kroah-Hartman
2023-09-20 11:27 ` [PATCH 5.4 086/367] netrom: Deny concurrent connect() Greg Kroah-Hartman
2023-09-20 11:27 ` [PATCH 5.4 087/367] drm/bridge: tc358764: Fix debug print parameter order Greg Kroah-Hartman
2023-09-20 11:27 ` [PATCH 5.4 088/367] quota: avoid increasing DQST_LOOKUPS when iterating over dirty/inuse list Greg Kroah-Hartman
2023-09-20 11:27 ` [PATCH 5.4 089/367] quota: factor out dquot_write_dquot() Greg Kroah-Hartman
2023-09-20 11:27 ` [PATCH 5.4 090/367] quota: rename dquot_active() to inode_quota_active() Greg Kroah-Hartman
2023-09-20 11:27 ` [PATCH 5.4 091/367] quota: add new helper dquot_active() Greg Kroah-Hartman
2023-09-20 11:27 ` [PATCH 5.4 092/367] quota: fix dqput() to follow the guarantees dquot_srcu should provide Greg Kroah-Hartman
2023-09-20 11:27 ` [PATCH 5.4 093/367] drm/amdgpu: avoid integer overflow warning in amdgpu_device_resize_fb_bar() Greg Kroah-Hartman
2023-09-20 11:27 ` [PATCH 5.4 094/367] ARM: dts: BCM53573: Drop nonexistent "default-off" LED trigger Greg Kroah-Hartman
2023-09-20 11:27 ` [PATCH 5.4 095/367] ARM: dts: BCM53573: Add cells sizes to PCIe node Greg Kroah-Hartman
2023-09-20 11:27 ` [PATCH 5.4 096/367] ARM: dts: BCM53573: Use updated "spi-gpio" binding properties Greg Kroah-Hartman
2023-09-20 11:27 ` [PATCH 5.4 097/367] drm/etnaviv: fix dumping of active MMU context Greg Kroah-Hartman
2023-09-20 11:27 ` [PATCH 5.4 098/367] ARM: dts: s3c6410: move fixed clocks under root node in Mini6410 Greg Kroah-Hartman
2023-09-20 11:27 ` [PATCH 5.4 099/367] ARM: dts: s3c6410: align node SROM bus node name with dtschema " Greg Kroah-Hartman
2023-09-20 11:27 ` [PATCH 5.4 100/367] ARM: dts: s3c64xx: align pinctrl with dtschema Greg Kroah-Hartman
2023-09-20 11:27 ` [PATCH 5.4 101/367] ARM: dts: samsung: s3c6410-mini6410: correct ethernet reg addresses (split) Greg Kroah-Hartman
2023-09-20 11:27 ` [PATCH 5.4 102/367] ARM: dts: s5pv210: add RTC 32 KHz clock in SMDKV210 Greg Kroah-Hartman
2023-09-20 11:28 ` [PATCH 5.4 103/367] ARM: dts: s5pv210: use defines for IRQ flags " Greg Kroah-Hartman
2023-09-20 11:28 ` [PATCH 5.4 104/367] ARM: dts: s5pv210: correct ethernet unit address " Greg Kroah-Hartman
2023-09-20 11:28 ` [PATCH 5.4 105/367] ARM: dts: s5pv210: add dummy 5V regulator for backlight on SMDKv210 Greg Kroah-Hartman
2023-09-20 11:28 ` [PATCH 5.4 106/367] ARM: dts: samsung: s5pv210-smdkv210: correct ethernet reg addresses (split) Greg Kroah-Hartman
2023-09-20 11:28 ` [PATCH 5.4 107/367] drm: adv7511: Fix low refresh rate register for ADV7533/5 Greg Kroah-Hartman
2023-09-20 11:28 ` [PATCH 5.4 108/367] ARM: dts: BCM53573: Fix Ethernet info for Luxul devices Greg Kroah-Hartman
2023-09-20 11:28 ` [PATCH 5.4 109/367] arm64: dts: qcom: sdm845: Add missing RPMh power domain to GCC Greg Kroah-Hartman
2023-09-20 11:28 ` [PATCH 5.4 110/367] drm/amdgpu: Update min() to min_t() in amdgpu_info_ioctl Greg Kroah-Hartman
2023-09-20 11:28 ` [PATCH 5.4 111/367] md/bitmap: dont set max_write_behind if there is no write mostly device Greg Kroah-Hartman
2023-09-20 11:28 ` [PATCH 5.4 112/367] md/md-bitmap: hold reconfig_mutex in backlog_store() Greg Kroah-Hartman
2023-09-20 11:28 ` [PATCH 5.4 113/367] drm/tegra: Remove superfluous error messages around platform_get_irq() Greg Kroah-Hartman
2023-09-20 11:28 ` [PATCH 5.4 114/367] drm/tegra: dpaux: Fix incorrect return value of platform_get_irq Greg Kroah-Hartman
2023-09-20 11:28 ` [PATCH 5.4 115/367] of: unittest: fix null pointer dereferencing in of_unittest_find_node_by_name() Greg Kroah-Hartman
2023-09-20 11:28 ` [PATCH 5.4 116/367] drm/armada: Fix off-by-one error in armada_overlay_get_property() Greg Kroah-Hartman
2023-09-20 11:28 ` [PATCH 5.4 117/367] drm/panel: simple: Add missing connector type and pixel format for AUO T215HVN01 Greg Kroah-Hartman
2023-09-20 11:28 ` [PATCH 5.4 118/367] ima: Remove deprecated IMA_TRUSTED_KEYRING Kconfig Greg Kroah-Hartman
2023-09-26 20:10 ` Mimi Zohar
2023-09-20 11:28 ` [PATCH 5.4 119/367] drm/msm/mdp5: Dont leak some plane state Greg Kroah-Hartman
2023-09-20 11:28 ` [PATCH 5.4 120/367] smackfs: Prevent underflow in smk_set_cipso() Greg Kroah-Hartman
2023-09-20 11:28 ` [PATCH 5.4 121/367] audit: fix possible soft lockup in __audit_inode_child() Greg Kroah-Hartman
2023-09-20 11:28 ` [PATCH 5.4 122/367] drm/mediatek: Fix potential memory leak if vmap() fail Greg Kroah-Hartman
2023-09-20 11:28 ` [PATCH 5.4 123/367] of: unittest: Fix overlay type in apply/revert check Greg Kroah-Hartman
2023-09-20 11:28 ` [PATCH 5.4 124/367] ALSA: ac97: Fix possible error value of *rac97 Greg Kroah-Hartman
2023-09-20 11:28 ` [PATCH 5.4 125/367] ipmi:ssif: Add check for kstrdup Greg Kroah-Hartman
2023-09-20 11:28 ` [PATCH 5.4 126/367] ipmi:ssif: Fix a memory leak when scanning for an adapter Greg Kroah-Hartman
2023-09-20 11:28 ` [PATCH 5.4 127/367] drivers: clk: keystone: Fix parameter judgment in _of_pll_clk_init() Greg Kroah-Hartman
2023-09-20 11:28 ` [PATCH 5.4 128/367] clk: sunxi-ng: Modify mismatched function name Greg Kroah-Hartman
2023-09-20 11:28 ` [PATCH 5.4 129/367] PCI: Mark NVIDIA T4 GPUs to avoid bus reset Greg Kroah-Hartman
2023-09-20 11:28 ` [PATCH 5.4 130/367] PCI: pciehp: Use RMW accessors for changing LNKCTL Greg Kroah-Hartman
2023-09-20 11:28 ` [PATCH 5.4 131/367] PCI/ASPM: " Greg Kroah-Hartman
2023-09-20 11:28 ` [PATCH 5.4 132/367] clk: imx: composite-8m: fix clock pauses when set_rate would be a no-op Greg Kroah-Hartman
2023-09-20 11:28 ` [PATCH 5.4 133/367] powerpc/fadump: reset dump area size if fadump memory reserve fails Greg Kroah-Hartman
2023-09-20 11:28 ` [PATCH 5.4 134/367] PCI: Add #defines for Enter Compliance, Transmit Margin Greg Kroah-Hartman
2023-09-20 11:28 ` [PATCH 5.4 135/367] drm/amdgpu: Correct Transmit Margin masks Greg Kroah-Hartman
2023-09-20 11:28 ` [PATCH 5.4 136/367] drm/amdgpu: Replace numbers with PCI_EXP_LNKCTL2 definitions Greg Kroah-Hartman
2023-09-20 11:28 ` [PATCH 5.4 137/367] drm/amdgpu: Prefer pcie_capability_read_word() Greg Kroah-Hartman
2023-09-20 11:28 ` [PATCH 5.4 138/367] drm/amdgpu: Use RMW accessors for changing LNKCTL Greg Kroah-Hartman
2023-09-20 11:28 ` [PATCH 5.4 139/367] drm/radeon: Correct Transmit Margin masks Greg Kroah-Hartman
2023-09-20 11:28 ` [PATCH 5.4 140/367] drm/radeon: Replace numbers with PCI_EXP_LNKCTL2 definitions Greg Kroah-Hartman
2023-09-20 11:28 ` [PATCH 5.4 141/367] drm/radeon: Prefer pcie_capability_read_word() Greg Kroah-Hartman
2023-09-20 11:28 ` [PATCH 5.4 142/367] drm/radeon: Use RMW accessors for changing LNKCTL Greg Kroah-Hartman
2023-09-20 11:28 ` [PATCH 5.4 143/367] wifi: ath10k: " Greg Kroah-Hartman
2023-09-20 11:28 ` [PATCH 5.4 144/367] nfs/blocklayout: Use the passed in gfp flags Greg Kroah-Hartman
2023-09-20 11:28 ` [PATCH 5.4 145/367] powerpc/iommu: Fix notifiers being shared by PCI and VIO buses Greg Kroah-Hartman
2023-09-20 11:28 ` [PATCH 5.4 146/367] jfs: validate max amount of blocks before allocation Greg Kroah-Hartman
2023-09-20 11:28 ` [PATCH 5.4 147/367] fs: lockd: avoid possible wrong NULL parameter Greg Kroah-Hartman
2023-09-20 11:28 ` [PATCH 5.4 148/367] NFSD: da_addr_body field missing in some GETDEVICEINFO replies Greg Kroah-Hartman
2023-09-20 11:28 ` [PATCH 5.4 149/367] NFS: Guard against READDIR loop when entry names exceed MAXNAMELEN Greg Kroah-Hartman
2023-09-20 11:28 ` [PATCH 5.4 150/367] media: v4l2-fwnode: fix v4l2_fwnode_parse_link handling Greg Kroah-Hartman
2023-09-20 11:28 ` [PATCH 5.4 151/367] media: v4l2-fwnode: simplify v4l2_fwnode_parse_link Greg Kroah-Hartman
2023-09-20 11:28 ` [PATCH 5.4 152/367] media: v4l2-core: Fix a potential resource leak in v4l2_fwnode_parse_link() Greg Kroah-Hartman
2023-09-20 11:28 ` [PATCH 5.4 153/367] drivers: usb: smsusb: fix error handling code in smsusb_init_device Greg Kroah-Hartman
2023-09-20 11:28 ` [PATCH 5.4 154/367] media: dib7000p: Fix potential division by zero Greg Kroah-Hartman
2023-09-20 11:28 ` [PATCH 5.4 155/367] media: dvb-usb: m920x: Fix a potential memory leak in m920x_i2c_xfer() Greg Kroah-Hartman
2023-09-20 11:28 ` [PATCH 5.4 156/367] media: cx24120: Add retval check for cx24120_message_send() Greg Kroah-Hartman
2023-09-20 11:28 ` [PATCH 5.4 157/367] media: mediatek: vcodec: Return NULL if no vdec_fb is found Greg Kroah-Hartman
2023-09-20 11:28 ` [PATCH 5.4 158/367] usb: phy: mxs: fix getting wrong state with mxs_phy_is_otg_host() Greg Kroah-Hartman
2023-09-20 11:28 ` [PATCH 5.4 159/367] scsi: iscsi: Add strlen() check in iscsi_if_set{_host}_param() Greg Kroah-Hartman
2023-09-20 11:28 ` [PATCH 5.4 160/367] scsi: be2iscsi: Add length check when parsing nlattrs Greg Kroah-Hartman
2023-09-20 11:28 ` [PATCH 5.4 161/367] scsi: qla4xxx: " Greg Kroah-Hartman
2023-09-20 11:28 ` [PATCH 5.4 162/367] serial: sprd: getting port index via serial aliases only Greg Kroah-Hartman
2023-09-20 11:29 ` [PATCH 5.4 163/367] serial: sprd: remove redundant sprd_port cleanup Greg Kroah-Hartman
2023-09-20 11:29 ` [PATCH 5.4 164/367] serial: sprd: Assign sprd_port after initialized to avoid wrong access Greg Kroah-Hartman
2023-09-20 11:29 ` [PATCH 5.4 165/367] serial: sprd: Fix DMA buffer leak issue Greg Kroah-Hartman
2023-09-20 11:29 ` [PATCH 5.4 166/367] x86/APM: drop the duplicate APM_MINOR_DEV macro Greg Kroah-Hartman
2023-09-20 11:29 ` [PATCH 5.4 167/367] scsi: qedf: Do not touch __user pointer in qedf_dbg_stop_io_on_error_cmd_read() directly Greg Kroah-Hartman
2023-09-20 11:29 ` [PATCH 5.4 168/367] scsi: qedf: Do not touch __user pointer in qedf_dbg_debug_cmd_read() directly Greg Kroah-Hartman
2023-09-20 11:29 ` [PATCH 5.4 169/367] scsi: qedf: Do not touch __user pointer in qedf_dbg_fp_int_cmd_read() directly Greg Kroah-Hartman
2023-09-20 11:29 ` [PATCH 5.4 170/367] coresight: tmc: Explicit type conversions to prevent integer overflow Greg Kroah-Hartman
2023-09-20 11:29 ` [PATCH 5.4 171/367] dma-buf/sync_file: Fix docs syntax Greg Kroah-Hartman
2023-09-20 11:29 ` [PATCH 5.4 172/367] driver core: test_async: fix an error code Greg Kroah-Hartman
2023-09-20 11:29 ` [PATCH 5.4 173/367] IB/uverbs: Fix an potential error pointer dereference Greg Kroah-Hartman
2023-09-20 11:29 ` [PATCH 5.4 174/367] iommu/vt-d: Fix to flush cache of PASID directory table Greg Kroah-Hartman
2023-09-20 11:29 ` [PATCH 5.4 175/367] media: go7007: Remove redundant if statement Greg Kroah-Hartman
2023-09-20 11:29 ` [PATCH 5.4 176/367] USB: gadget: f_mass_storage: Fix unused variable warning Greg Kroah-Hartman
2023-09-20 11:29 ` [PATCH 5.4 177/367] media: i2c: ov5640: Configure HVP lines in s_power callback Greg Kroah-Hartman
2023-09-20 11:29 ` [PATCH 5.4 178/367] media: ov5640: Enable MIPI interface in ov5640_set_power_mipi() Greg Kroah-Hartman
2023-09-20 11:29 ` [PATCH 5.4 179/367] media: i2c: ov2680: Set V4L2_CTRL_FLAG_MODIFY_LAYOUT on flips Greg Kroah-Hartman
2023-09-20 11:29 ` [PATCH 5.4 180/367] media: ov2680: Remove auto-gain and auto-exposure controls Greg Kroah-Hartman
2023-09-20 11:29 ` [PATCH 5.4 181/367] media: ov2680: Fix ov2680_bayer_order() Greg Kroah-Hartman
2023-09-20 11:29 ` [PATCH 5.4 182/367] media: ov2680: Fix vflip / hflip set functions Greg Kroah-Hartman
2023-09-20 11:29 ` [PATCH 5.4 183/367] media: ov2680: Fix regulators being left enabled on ov2680_power_on() errors Greg Kroah-Hartman
2023-09-20 11:29 ` [PATCH 5.4 184/367] scsi: core: Use 32-bit hostnum in scsi_host_lookup() Greg Kroah-Hartman
2023-09-20 11:29 ` [PATCH 5.4 185/367] scsi: fcoe: Fix potential deadlock on &fip->ctlr_lock Greg Kroah-Hartman
2023-09-20 11:29 ` [PATCH 5.4 186/367] serial: tegra: handle clk prepare error in tegra_uart_hw_init() Greg Kroah-Hartman
2023-09-20 11:29 ` [PATCH 5.4 187/367] amba: bus: fix refcount leak Greg Kroah-Hartman
2023-09-20 11:29 ` [PATCH 5.4 188/367] Revert "IB/isert: Fix incorrect release of isert connection" Greg Kroah-Hartman
2023-09-20 11:29 ` [PATCH 5.4 189/367] RDMA/siw: Balance the reference of cep->kref in the error path Greg Kroah-Hartman
2023-09-20 11:29 ` [PATCH 5.4 190/367] RDMA/siw: Correct wrong debug message Greg Kroah-Hartman
2023-09-20 11:29 ` [PATCH 5.4 191/367] HID: logitech-dj: Fix error handling in logi_dj_recv_switch_to_dj_mode() Greg Kroah-Hartman
2023-09-20 11:29 ` [PATCH 5.4 192/367] HID: multitouch: Correct devm device reference for hidinput input_dev name Greg Kroah-Hartman
2023-09-20 11:29 ` [PATCH 5.4 193/367] x86/speculation: Mark all Skylake CPUs as vulnerable to GDS Greg Kroah-Hartman
2023-09-20 11:29 ` [PATCH 5.4 194/367] tracing: Fix race issue between cpu buffer write and swap Greg Kroah-Hartman
2023-09-20 11:29 ` [PATCH 5.4 195/367] phy/rockchip: inno-hdmi: use correct vco_div_5 macro on rk3328 Greg Kroah-Hartman
2023-09-20 11:29 ` [PATCH 5.4 196/367] phy/rockchip: inno-hdmi: round fractal pixclock in rk3328 recalc_rate Greg Kroah-Hartman
2023-09-20 11:29 ` [PATCH 5.4 197/367] phy/rockchip: inno-hdmi: do not power on rk3328 post pll on reg write Greg Kroah-Hartman
2023-09-20 11:29 ` [PATCH 5.4 198/367] rpmsg: glink: Add check for kstrdup Greg Kroah-Hartman
2023-09-20 11:29 ` [PATCH 5.4 199/367] mtd: rawnand: fsmc: handle clk prepare error in fsmc_nand_resume() Greg Kroah-Hartman
2023-09-20 11:29 ` [PATCH 5.4 200/367] um: Fix hostaudio build errors Greg Kroah-Hartman
2023-09-20 11:29 ` Greg Kroah-Hartman
2023-09-20 11:29 ` [PATCH 5.4 201/367] dmaengine: ste_dma40: Add missing IRQ check in d40_probe Greg Kroah-Hartman
2023-09-20 11:29 ` [PATCH 5.4 202/367] cpufreq: Fix the race condition while updating the transition_task of policy Greg Kroah-Hartman
2023-09-20 11:29 ` [PATCH 5.4 203/367] virtio_ring: fix avail_wrap_counter in virtqueue_add_packed Greg Kroah-Hartman
2023-09-20 11:29 ` [PATCH 5.4 204/367] igmp: limit igmpv3_newpack() packet size to IP_MAX_MTU Greg Kroah-Hartman
2023-09-20 11:29 ` [PATCH 5.4 205/367] netfilter: ipset: add the missing IP_SET_HASH_WITH_NET0 macro for ip_set_hash_netportnet.c Greg Kroah-Hartman
2023-09-20 11:29 ` [PATCH 5.4 206/367] netfilter: xt_u32: validate user space input Greg Kroah-Hartman
2023-09-20 11:29 ` [PATCH 5.4 207/367] netfilter: xt_sctp: validate the flag_info count Greg Kroah-Hartman
2023-09-20 11:29 ` [PATCH 5.4 208/367] skbuff: skb_segment, Call zero copy functions before using skbuff frags Greg Kroah-Hartman
2023-09-20 11:29 ` [PATCH 5.4 209/367] igb: set max size RX buffer when store bad packet is enabled Greg Kroah-Hartman
2023-09-20 11:29 ` [PATCH 5.4 210/367] PM / devfreq: Fix leak in devfreq_dev_release() Greg Kroah-Hartman
2023-09-20 11:29 ` [PATCH 5.4 211/367] ALSA: pcm: Fix missing fixup call in compat hw_refine ioctl Greg Kroah-Hartman
2023-09-20 11:29 ` [PATCH 5.4 212/367] ipmi_si: fix a memleak in try_smi_init() Greg Kroah-Hartman
2023-09-20 11:29 ` Greg Kroah-Hartman
2023-09-20 11:29 ` [PATCH 5.4 213/367] ARM: OMAP2+: Fix -Warray-bounds warning in _pwrdm_state_switch() Greg Kroah-Hartman
2023-09-20 11:29 ` [PATCH 5.4 214/367] backlight/gpio_backlight: Compare against struct fb_info.device Greg Kroah-Hartman
2023-09-20 11:29 ` Greg Kroah-Hartman
2023-09-20 11:29 ` [PATCH 5.4 215/367] backlight/bd6107: " Greg Kroah-Hartman
2023-09-20 11:29 ` Greg Kroah-Hartman
2023-09-20 11:29 ` [PATCH 5.4 216/367] backlight/lv5207lp: " Greg Kroah-Hartman
2023-09-20 11:29 ` Greg Kroah-Hartman
2023-09-20 11:29 ` [PATCH 5.4 217/367] xtensa: PMU: fix base address for the newer hardware Greg Kroah-Hartman
2023-09-20 11:29 ` [PATCH 5.4 218/367] media: dvb: symbol fixup for dvb_attach() Greg Kroah-Hartman
2023-09-20 11:29 ` [PATCH 5.4 219/367] ntb: Drop packets when qp link is down Greg Kroah-Hartman
2023-09-20 11:29 ` [PATCH 5.4 220/367] ntb: Clean up tx tail index on link down Greg Kroah-Hartman
2023-09-20 11:29 ` [PATCH 5.4 221/367] ntb: Fix calculation ntb_transport_tx_free_entry() Greg Kroah-Hartman
2023-09-20 11:29 ` [PATCH 5.4 222/367] Revert "PCI: Mark NVIDIA T4 GPUs to avoid bus reset" Greg Kroah-Hartman
2023-09-20 11:30 ` [PATCH 5.4 223/367] procfs: block chmod on /proc/thread-self/comm Greg Kroah-Hartman
2023-09-20 11:30 ` [PATCH 5.4 224/367] parisc: Fix /proc/cpuinfo output for lscpu Greg Kroah-Hartman
2023-09-20 11:30 ` [PATCH 5.4 225/367] dlm: fix plock lookup when using multiple lockspaces Greg Kroah-Hartman
2023-09-20 11:30 ` [PATCH 5.4 226/367] dccp: Fix out of bounds access in DCCP error handler Greg Kroah-Hartman
2023-09-20 11:30 ` [PATCH 5.4 227/367] X.509: if signature is unsupported skip validation Greg Kroah-Hartman
2023-09-20 11:30 ` [PATCH 5.4 228/367] net: handle ARPHRD_PPP in dev_is_mac_header_xmit() Greg Kroah-Hartman
2023-09-20 11:30 ` [PATCH 5.4 229/367] fsverity: skip PKCS#7 parser when keyring is empty Greg Kroah-Hartman
2023-09-20 11:30 ` [PATCH 5.4 230/367] pstore/ram: Check start of empty przs during init Greg Kroah-Hartman
2023-09-20 11:30 ` [PATCH 5.4 231/367] s390/ipl: add missing secure/has_secure file to ipl type unknown Greg Kroah-Hartman
2023-09-20 11:30 ` [PATCH 5.4 232/367] crypto: stm32 - fix loop iterating through scatterlist for DMA Greg Kroah-Hartman
2023-09-20 11:30 ` [PATCH 5.4 233/367] cpufreq: brcmstb-avs-cpufreq: Fix -Warray-bounds bug Greg Kroah-Hartman
2023-09-20 11:30 ` [PATCH 5.4 234/367] sc16is7xx: Set iobase to device index Greg Kroah-Hartman
2023-09-20 11:30 ` [PATCH 5.4 235/367] serial: sc16is7xx: fix broken port 0 uart init Greg Kroah-Hartman
2023-09-20 11:30 ` [PATCH 5.4 236/367] usb: typec: tcpci: clear the fault status bit Greg Kroah-Hartman
2023-09-20 11:30 ` [PATCH 5.4 237/367] udf: initialize newblock to 0 Greg Kroah-Hartman
2023-09-20 11:30 ` [PATCH 5.4 238/367] drm: fix double free for gbo in drm_gem_vram_init and drm_gem_vram_create Greg Kroah-Hartman
2023-09-20 11:30 ` [PATCH 5.4 239/367] net/ipv6: SKB symmetric hash should incorporate transport ports Greg Kroah-Hartman
2023-09-20 11:30 ` [PATCH 5.4 240/367] scsi: qla2xxx: fix inconsistent TMF timeout Greg Kroah-Hartman
2023-09-20 11:30 ` [PATCH 5.4 241/367] scsi: qla2xxx: Fix erroneous link up failure Greg Kroah-Hartman
2023-09-20 11:30 ` [PATCH 5.4 242/367] scsi: qla2xxx: Turn off noisy message log Greg Kroah-Hartman
2023-09-20 11:30 ` [PATCH 5.4 243/367] scsi: qla2xxx: Remove unsupported ql2xenabledif option Greg Kroah-Hartman
2023-09-20 11:30 ` [PATCH 5.4 244/367] fbdev/ep93xx-fb: Do not assign to struct fb_info.dev Greg Kroah-Hartman
2023-09-20 11:30 ` [PATCH 5.4 245/367] drm/ast: Fix DRAM init on AST2200 Greg Kroah-Hartman
2023-09-20 11:30 ` Greg Kroah-Hartman
2023-09-20 11:30 ` [PATCH 5.4 246/367] lib/test_meminit: allocate pages up to order MAX_ORDER Greg Kroah-Hartman
2023-09-20 11:30 ` [PATCH 5.4 247/367] parisc: led: Fix LAN receive and transmit LEDs Greg Kroah-Hartman
2023-09-20 11:30 ` [PATCH 5.4 248/367] parisc: led: Reduce CPU overhead for disk & lan LED computation Greg Kroah-Hartman
2023-09-20 11:30 ` [PATCH 5.4 249/367] clk: qcom: gcc-mdm9615: use proper parent for pll0_vote clock Greg Kroah-Hartman
2023-09-20 11:30 ` [PATCH 5.4 250/367] soc: qcom: qmi_encdec: Restrict string length in decode Greg Kroah-Hartman
2023-09-20 11:30 ` [PATCH 5.4 251/367] NFSv4/pnfs: minor fix for cleanup path in nfs4_get_device_info Greg Kroah-Hartman
2023-09-20 11:30 ` [PATCH 5.4 252/367] kconfig: fix possible buffer overflow Greg Kroah-Hartman
2023-09-20 11:30 ` [PATCH 5.4 253/367] perf annotate bpf: Dont enclose non-debug code with an assert() Greg Kroah-Hartman
2023-09-20 11:30 ` [PATCH 5.4 254/367] x86/virt: Drop unnecessary check on extended CPUID level in cpu_has_svm() Greg Kroah-Hartman
2023-09-20 11:30 ` [PATCH 5.4 255/367] perf top: Dont pass an ERR_PTR() directly to perf_session__delete() Greg Kroah-Hartman
2023-09-20 11:30 ` [PATCH 5.4 256/367] watchdog: intel-mid_wdt: add MODULE_ALIAS() to allow auto-load Greg Kroah-Hartman
2023-09-20 11:30 ` [PATCH 5.4 257/367] pwm: lpc32xx: Remove handling of PWM channels Greg Kroah-Hartman
2023-09-20 11:30 ` [PATCH 5.4 258/367] sctp: annotate data-races around sk->sk_wmem_queued Greg Kroah-Hartman
2023-09-20 11:30 ` [PATCH 5.4 259/367] ipv4: annotate data-races around fi->fib_dead Greg Kroah-Hartman
2023-09-20 11:30 ` [PATCH 5.4 260/367] net: read sk->sk_family once in sk_mc_loop() Greg Kroah-Hartman
2023-09-20 11:30 ` [PATCH 5.4 261/367] igb: disable virtualization features on 82580 Greg Kroah-Hartman
2023-09-20 11:30 ` [PATCH 5.4 262/367] veth: Fixing transmit return status for dropped packets Greg Kroah-Hartman
2023-09-20 11:30 ` [PATCH 5.4 263/367] net: ipv6/addrconf: avoid integer underflow in ipv6_create_tempaddr Greg Kroah-Hartman
2023-09-20 11:30 ` [PATCH 5.4 264/367] af_unix: Fix data-races around user->unix_inflight Greg Kroah-Hartman
2023-09-20 11:30 ` [PATCH 5.4 265/367] af_unix: Fix data-race around unix_tot_inflight Greg Kroah-Hartman
2023-09-20 11:30 ` [PATCH 5.4 266/367] af_unix: Fix data-races around sk->sk_shutdown Greg Kroah-Hartman
2023-09-20 11:30 ` [PATCH 5.4 267/367] af_unix: Fix data race around sk->sk_err Greg Kroah-Hartman
2023-09-20 11:30 ` [PATCH 5.4 268/367] net: sched: sch_qfq: Fix UAF in qfq_dequeue() Greg Kroah-Hartman
2023-09-20 11:30 ` [PATCH 5.4 269/367] kcm: Destroy mutex in kcm_exit_net() Greg Kroah-Hartman
2023-09-20 11:30 ` [PATCH 5.4 270/367] igc: Change IGC_MIN to allow set rx/tx value between 64 and 80 Greg Kroah-Hartman
2023-09-20 11:30 ` [PATCH 5.4 271/367] igbvf: Change IGBVF_MIN " Greg Kroah-Hartman
2023-09-20 11:30 ` [PATCH 5.4 272/367] igb: Change IGB_MIN " Greg Kroah-Hartman
2023-09-20 11:30 ` [PATCH 5.4 273/367] s390/zcrypt: dont leak memory if dev_set_name() fails Greg Kroah-Hartman
2023-09-20 11:30 ` [PATCH 5.4 274/367] idr: fix param name in idr_alloc_cyclic() doc Greg Kroah-Hartman
2023-09-20 11:30 ` [PATCH 5.4 275/367] ip_tunnels: use DEV_STATS_INC() Greg Kroah-Hartman
2023-09-20 11:30 ` [PATCH 5.4 276/367] netfilter: nfnetlink_osf: avoid OOB read Greg Kroah-Hartman
2023-09-20 11:30 ` [PATCH 5.4 277/367] net: hns3: fix the port information display when sfp is absent Greg Kroah-Hartman
2023-09-20 11:30 ` [PATCH 5.4 278/367] sh: boards: Fix CEU buffer size passed to dma_declare_coherent_memory() Greg Kroah-Hartman
2023-09-20 11:30 ` [PATCH 5.4 279/367] ata: sata_gemini: Add missing MODULE_DESCRIPTION Greg Kroah-Hartman
2023-09-20 11:30 ` [PATCH 5.4 280/367] ata: pata_ftide010: " Greg Kroah-Hartman
2023-09-20 11:30 ` [PATCH 5.4 281/367] fuse: nlookup missing decrement in fuse_direntplus_link Greg Kroah-Hartman
2023-09-20 11:30 ` [PATCH 5.4 282/367] btrfs: dont start transaction when joining with TRANS_JOIN_NOSTART Greg Kroah-Hartman
2023-09-20 11:31 ` [PATCH 5.4 283/367] btrfs: use the correct superblock to compare fsid in btrfs_validate_super Greg Kroah-Hartman
2023-09-20 11:31 ` [PATCH 5.4 284/367] mtd: rawnand: brcmnand: Fix crash during the panic_write Greg Kroah-Hartman
2023-09-20 11:31 ` [PATCH 5.4 285/367] mtd: rawnand: brcmnand: Fix potential out-of-bounds access in oob write Greg Kroah-Hartman
2023-09-20 11:31 ` [PATCH 5.4 286/367] mtd: rawnand: brcmnand: Fix potential false time out warning Greg Kroah-Hartman
2023-09-20 11:31 ` [PATCH 5.4 287/367] perf hists browser: Fix hierarchy mode header Greg Kroah-Hartman
2023-09-20 11:31 ` [PATCH 5.4 288/367] perf tools: Handle old data in PERF_RECORD_ATTR Greg Kroah-Hartman
2023-09-20 11:31 ` [PATCH 5.4 289/367] usb: typec: tcpm: Refactor tcpm_handle_vdm_request payload handling Greg Kroah-Hartman
2023-09-20 11:31 ` [PATCH 5.4 290/367] usb: typec: tcpm: Refactor tcpm_handle_vdm_request Greg Kroah-Hartman
2023-09-20 11:31 ` [PATCH 5.4 291/367] usb: typec: bus: verify partner exists in typec_altmode_attention Greg Kroah-Hartman
2023-09-20 11:31 ` [PATCH 5.4 292/367] ARM: dts: BCM5301X: Extend RAM to full 256MB for Linksys EA6500 V2 Greg Kroah-Hartman
2023-09-20 11:31 ` [PATCH 5.4 293/367] clk: imx8mm: Move 1443X/1416X PLL clock structure to common place Greg Kroah-Hartman
2023-09-20 11:31 ` [PATCH 5.4 294/367] clk: imx: clk-pll14xx: Make two variables static Greg Kroah-Hartman
2023-09-20 11:31 ` [PATCH 5.4 295/367] clk: imx: pll14xx: Add new frequency entries for pll1443x table Greg Kroah-Hartman
2023-09-20 11:31 ` [PATCH 5.4 296/367] clk: imx: pll14xx: dynamically configure PLL for 393216000/361267200Hz Greg Kroah-Hartman
2023-09-21 7:03 ` Ahmad Fatoum
2023-09-23 8:28 ` Greg Kroah-Hartman
2023-09-20 11:31 ` [PATCH 5.4 297/367] net: ipv4: fix one memleak in __inet_del_ifa() Greg Kroah-Hartman
2023-09-20 11:31 ` [PATCH 5.4 298/367] net: ethernet: mvpp2_main: fix possible OOB write in mvpp2_ethtool_get_rxnfc() Greg Kroah-Hartman
2023-09-20 11:31 ` [PATCH 5.4 299/367] net: ethernet: mtk_eth_soc: fix possible NULL pointer dereference in mtk_hwlro_get_fdir_all() Greg Kroah-Hartman
2023-09-20 11:31 ` [PATCH 5.4 300/367] r8152: check budget for r8152_poll() Greg Kroah-Hartman
2023-09-20 11:31 ` [PATCH 5.4 301/367] kcm: Fix memory leak in error path of kcm_sendmsg() Greg Kroah-Hartman
2023-09-20 11:31 ` [PATCH 5.4 302/367] platform/mellanox: mlxbf-tmfifo: Drop the Rx packet if no more descriptors Greg Kroah-Hartman
2023-09-20 11:31 ` [PATCH 5.4 303/367] mlxbf-tmfifo: sparse tags for config access Greg Kroah-Hartman
2023-09-20 11:31 ` [PATCH 5.4 304/367] platform/mellanox: mlxbf-tmfifo: Drop jumbo frames Greg Kroah-Hartman
2023-09-20 11:31 ` [PATCH 5.4 305/367] net/tls: do not free tls_rec on async operation in bpf_exec_tx_verdict() Greg Kroah-Hartman
2023-09-20 11:31 ` [PATCH 5.4 306/367] ixgbe: fix timestamp configuration code Greg Kroah-Hartman
2023-09-20 11:31 ` [PATCH 5.4 307/367] kcm: Fix error handling for SOCK_DGRAM in kcm_sendmsg() Greg Kroah-Hartman
2023-09-20 11:31 ` [PATCH 5.4 308/367] drm/amd/display: Fix a bug when searching for insert_above_mpcc Greg Kroah-Hartman
2023-09-20 11:31 ` [PATCH 5.4 309/367] parisc: Drop loops_per_jiffy from per_cpu struct Greg Kroah-Hartman
2023-09-20 11:31 ` [PATCH 5.4 310/367] autofs: fix memory leak of waitqueues in autofs_catatonic_mode Greg Kroah-Hartman
2023-09-20 11:31 ` [PATCH 5.4 311/367] btrfs: output extra debug info if we failed to find an inline backref Greg Kroah-Hartman
2023-09-20 11:31 ` [PATCH 5.4 312/367] locks: fix KASAN: use-after-free in trace_event_raw_event_filelock_lock Greg Kroah-Hartman
2023-09-20 11:31 ` [PATCH 5.4 313/367] ACPICA: Add AML_NO_OPERAND_RESOLVE flag to Timer Greg Kroah-Hartman
2023-09-20 11:31 ` [PATCH 5.4 314/367] kernel/fork: beware of __put_task_struct() calling context Greg Kroah-Hartman
2023-09-20 11:31 ` [PATCH 5.4 315/367] ACPI: video: Add backlight=native DMI quirk for Lenovo Ideapad Z470 Greg Kroah-Hartman
2023-09-20 11:31 ` [PATCH 5.4 316/367] perf/smmuv3: Enable HiSilicon Erratum 162001900 quirk for HIP08/09 Greg Kroah-Hartman
2023-09-20 11:31 ` [PATCH 5.4 317/367] hw_breakpoint: fix single-stepping when using bpf_overflow_handler Greg Kroah-Hartman
2023-09-20 11:31 ` [PATCH 5.4 318/367] devlink: remove reload failed checks in params get/set callbacks Greg Kroah-Hartman
2023-09-20 11:31 ` [PATCH 5.4 319/367] wifi: ath9k: fix printk specifier Greg Kroah-Hartman
2023-09-20 11:31 ` [PATCH 5.4 320/367] wifi: mwifiex: fix fortify warning Greg Kroah-Hartman
2023-09-20 11:31 ` [PATCH 5.4 321/367] crypto: lib/mpi - avoid null pointer deref in mpi_cmp_ui() Greg Kroah-Hartman
2023-09-20 11:31 ` [PATCH 5.4 322/367] tpm_tis: Resend command to recover from data transfer errors Greg Kroah-Hartman
2023-09-20 11:31 ` [PATCH 5.4 323/367] mmc: sdhci-esdhc-imx: improve ESDHC_FLAG_ERR010450 Greg Kroah-Hartman
2023-09-20 11:31 ` [PATCH 5.4 324/367] alx: fix OOB-read compiler warning Greg Kroah-Hartman
2023-09-20 11:31 ` Greg Kroah-Hartman
2023-09-20 11:31 ` [PATCH 5.4 325/367] wifi: mac80211_hwsim: drop short frames Greg Kroah-Hartman
2023-09-20 11:31 ` [PATCH 5.4 326/367] libbpf: Free btf_vmlinux when closing bpf_object Greg Kroah-Hartman
2023-09-20 13:28 ` Harshit Mogalapalli
2023-09-23 8:25 ` Greg Kroah-Hartman
2023-09-25 10:42 ` Harshit Mogalapalli
2023-09-20 11:31 ` [PATCH 5.4 327/367] drm/exynos: fix a possible null-pointer dereference due to data race in exynos_drm_crtc_atomic_disable() Greg Kroah-Hartman
2023-09-20 11:31 ` [PATCH 5.4 328/367] bus: ti-sysc: Configure uart quirks for k3 SoC Greg Kroah-Hartman
2023-09-20 11:31 ` [PATCH 5.4 329/367] md: raid1: fix potential OOB in raid1_remove_disk() Greg Kroah-Hartman
2023-09-20 11:31 ` [PATCH 5.4 330/367] ext2: fix datatype of block number in ext2_xattr_set2() Greg Kroah-Hartman
2023-09-20 11:31 ` [PATCH 5.4 331/367] fs/jfs: prevent double-free in dbUnmount() after failed jfs_remount() Greg Kroah-Hartman
2023-09-20 11:31 ` [PATCH 5.4 332/367] jfs: fix invalid free of JFS_IP(ipimap)->i_imap in diUnmount Greg Kroah-Hartman
2023-09-20 11:31 ` [PATCH 5.4 333/367] powerpc/pseries: fix possible memory leak in ibmebus_bus_init() Greg Kroah-Hartman
2023-09-20 11:31 ` [PATCH 5.4 334/367] media: dvb-usb-v2: af9035: Fix null-ptr-deref in af9035_i2c_master_xfer Greg Kroah-Hartman
2023-09-20 11:31 ` [PATCH 5.4 335/367] media: dw2102: Fix null-ptr-deref in dw2102_i2c_transfer() Greg Kroah-Hartman
2023-09-20 11:31 ` [PATCH 5.4 336/367] media: af9005: Fix null-ptr-deref in af9005_i2c_xfer Greg Kroah-Hartman
2023-09-20 11:31 ` [PATCH 5.4 337/367] media: anysee: fix null-ptr-deref in anysee_master_xfer Greg Kroah-Hartman
2023-09-20 11:31 ` [PATCH 5.4 338/367] media: az6007: Fix null-ptr-deref in az6007_i2c_xfer() Greg Kroah-Hartman
2023-09-20 11:31 ` [PATCH 5.4 339/367] media: tuners: qt1010: replace BUG_ON with a regular error Greg Kroah-Hartman
2023-09-20 11:31 ` [PATCH 5.4 340/367] media: pci: cx23885: replace BUG with error return Greg Kroah-Hartman
2023-09-20 11:31 ` [PATCH 5.4 341/367] usb: gadget: fsl_qe_udc: validate endpoint index for ch9 udc Greg Kroah-Hartman
2023-09-20 11:31 ` [PATCH 5.4 342/367] scsi: target: iscsi: Fix buffer overflow in lio_target_nacl_info_show() Greg Kroah-Hartman
2023-09-20 11:32 ` [PATCH 5.4 343/367] serial: cpm_uart: Avoid suspicious locking Greg Kroah-Hartman
2023-09-20 11:32 ` [PATCH 5.4 344/367] media: pci: ipu3-cio2: Initialise timing struct to avoid a compiler warning Greg Kroah-Hartman
2023-09-20 11:32 ` [PATCH 5.4 345/367] kobject: Add sanity check for kset->kobj.ktype in kset_register() Greg Kroah-Hartman
2023-09-20 11:32 ` [PATCH 5.4 346/367] tools features: Add feature test to check if libbfd has buildid support Greg Kroah-Hartman
2023-09-20 11:32 ` [PATCH 5.4 347/367] perf jevents: Make build dependency on test JSONs Greg Kroah-Hartman
2023-09-20 11:32 ` [PATCH 5.4 348/367] perf tools: Add an option to build without libbfd Greg Kroah-Hartman
2023-09-20 11:32 ` [PATCH 5.4 349/367] perf jevents: Switch build to use jevents.py Greg Kroah-Hartman
2023-09-20 11:32 ` [PATCH 5.4 350/367] perf build: Update build rule for generated files Greg Kroah-Hartman
2023-09-20 11:32 ` [PATCH 5.4 351/367] btrfs: move btrfs_pinned_by_swapfile prototype into volumes.h Greg Kroah-Hartman
2023-09-20 11:32 ` [PATCH 5.4 352/367] btrfs: add a helper to read the superblock metadata_uuid Greg Kroah-Hartman
2023-09-20 11:32 ` [PATCH 5.4 353/367] btrfs: compare the correct fsid/metadata_uuid in btrfs_validate_super Greg Kroah-Hartman
2023-09-20 11:32 ` [PATCH 5.4 354/367] selftests: tracing: Fix to unmount tracefs for recovering environment Greg Kroah-Hartman
2023-09-20 11:32 ` [PATCH 5.4 355/367] md/raid1: fix error: ISO C90 forbids mixed declarations Greg Kroah-Hartman
2023-09-20 11:32 ` [PATCH 5.4 356/367] attr: block mode changes of symlinks Greg Kroah-Hartman
2023-09-20 11:32 ` [PATCH 5.4 357/367] btrfs: fix lockdep splat and potential deadlock after failure running delayed items Greg Kroah-Hartman
2023-09-20 11:32 ` [PATCH 5.4 358/367] tracing: Have current_trace inc the trace array ref count Greg Kroah-Hartman
2023-09-20 11:32 ` [PATCH 5.4 359/367] tracing: Have option files " Greg Kroah-Hartman
2023-09-20 11:32 ` [PATCH 5.4 360/367] nfsd: fix change_info in NFSv4 RENAME replies Greg Kroah-Hartman
2023-09-20 11:32 ` [PATCH 5.4 361/367] tracefs: Add missing lockdown check to tracefs_create_dir() Greg Kroah-Hartman
2023-09-20 11:32 ` [PATCH 5.4 362/367] i2c: aspeed: Reset the i2c controller when timeout occurs Greg Kroah-Hartman
2023-09-20 11:32 ` [PATCH 5.4 363/367] scsi: megaraid_sas: Fix deadlock on firmware crashdump Greg Kroah-Hartman
2023-09-20 11:32 ` [PATCH 5.4 364/367] ext4: fix rec_len verify error Greg Kroah-Hartman
2023-09-20 11:32 ` [PATCH 5.4 365/367] mtd: rawnand: brcmnand: Fix ECC level field setting for v7.2 controller Greg Kroah-Hartman
2023-09-20 11:32 ` [PATCH 5.4 366/367] drm/amdgpu: fix amdgpu_cs_p1_user_fence Greg Kroah-Hartman
2023-09-20 11:32 ` [PATCH 5.4 367/367] net/sched: Retire rsvp classifier Greg Kroah-Hartman
2023-09-20 17:21 ` [PATCH 5.4 000/367] 5.4.257-rc1 review Florian Fainelli
2023-09-21 12:20 ` Guenter Roeck
2023-09-23 8:26 ` Greg Kroah-Hartman
2023-09-20 21:37 ` Shuah Khan
2023-09-21 12:08 ` Naresh Kamboju
2023-09-21 12:08 ` Naresh Kamboju
2023-09-21 13:10 ` Sui Jingfeng
2023-09-21 13:10 ` Sui Jingfeng
2023-09-21 13:16 ` Sui Jingfeng
2023-09-21 13:16 ` Sui Jingfeng
2023-09-23 8:30 ` Greg Kroah-Hartman
2023-09-23 8:30 ` Greg Kroah-Hartman
2023-09-21 14:33 ` Naresh Kamboju
2023-09-21 15:55 ` Guenter Roeck
2023-09-22 9:46 ` Jon Hunter
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.