* [PATCH 5.1 000/405] 5.1.6-stable review
@ 2019-05-30 2:59 Greg Kroah-Hartman
2019-05-30 2:59 ` [PATCH 5.1 001/405] x86: Hide the int3_emulate_call/jmp functions from UML Greg Kroah-Hartman
` (409 more replies)
0 siblings, 410 replies; 429+ messages in thread
From: Greg Kroah-Hartman @ 2019-05-30 2:59 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, torvalds, akpm, linux, shuah, patches,
ben.hutchings, lkft-triage, stable
This is the start of the stable review cycle for the 5.1.6 release.
There are 405 patches in this series, all will be posted as a response
to this one. If anyone has any issues with these being applied, please
let me know.
Responses should be made by Sat 01 Jun 2019 03:01:59 AM UTC.
Anything received after that time might be too late.
The whole patch series can be found in one patch at:
https://www.kernel.org/pub/linux/kernel/v5.x/stable-review/patch-5.1.6-rc1.gz
or in the git tree and branch at:
git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-5.1.y
and the diffstat can be found below.
thanks,
greg k-h
-------------
Pseudo-Shortlog of commits:
Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Linux 5.1.6-rc1
Benjamin Coddington <bcodding@redhat.com>
NFS: Fix a double unlock from nfs_match,get_client
Maxime Ripard <maxime.ripard@bootlin.com>
drm/sun4i: dsi: Enforce boundaries on the start delay
Brett Creeley <brett.creeley@intel.com>
ice: Put __ICE_PREPARED_FOR_RESET check in ice_prepare_for_reset
YueHaibing <yuehaibing@huawei.com>
extcon: axp288: Add a depends on ACPI to the Kconfig entry
Farhan Ali <alifm@linux.ibm.com>
vfio-ccw: Prevent quiesce function going into an infinite loop
Maxime Ripard <maxime.ripard@bootlin.com>
drm/sun4i: dsi: Restrict DSI tcon clock divider
Maxime Ripard <maxime.ripard@bootlin.com>
drm/sun4i: dsi: Change the start delay calculation
Chris Wilson <chris@chris-wilson.co.uk>
drm: Wake up next in drm_read() chain if we are forced to putback the event
Noralf Trønnes <noralf@tronnes.org>
drm/drv: Hold ref on parent device during drm_device lifetime
Nicholas Kazlauskas <nicholas.kazlauskas@amd.com>
drm/amd/display: Reset planes that were disabled in init_pipes
Anthony Koo <Anthony.Koo@amd.com>
drm/amd/display: Fix exception from AUX acquire failure
Eric Anholt <eric@anholt.net>
drm/v3d: Handle errors from IRQ setup.
Arnd Bergmann <arnd@arndb.de>
ASoC: ti: fix davinci_mcasp_probe dependencies
Arnd Bergmann <arnd@arndb.de>
ASoC: davinci-mcasp: Fix clang warning without CONFIG_PM
Chris Lesiak <chris.lesiak@licor.com>
spi: Fix zero length xfer bug
Steve Twiss <stwiss.opensource@diasemi.com>
regulator: da9055: Fix notifier mutex lock warning
Steve Twiss <stwiss.opensource@diasemi.com>
regulator: da9062: Fix notifier mutex lock warning
Steve Twiss <stwiss.opensource@diasemi.com>
regulator: pv88090: Fix notifier mutex lock warning
Steve Twiss <stwiss.opensource@diasemi.com>
regulator: wm831x: Fix notifier mutex lock warning
Steve Twiss <stwiss.opensource@diasemi.com>
regulator: pv88080: Fix notifier mutex lock warning
Steve Twiss <stwiss.opensource@diasemi.com>
regulator: da9063: Fix notifier mutex lock warning
Steve Twiss <stwiss.opensource@diasemi.com>
regulator: da9211: Fix notifier mutex lock warning
Steve Twiss <stwiss.opensource@diasemi.com>
regulator: lp8755: Fix notifier mutex lock warning
Trent Piepho <tpiepho@impinj.com>
spi: imx: stop buffer overflow in RX FIFO flush
Steve Twiss <stwiss.opensource@diasemi.com>
regulator: pv88060: Fix notifier mutex lock warning
Steve Twiss <stwiss.opensource@diasemi.com>
regulator: ltc3589: Fix notifier mutex lock warning
Steve Twiss <stwiss.opensource@diasemi.com>
regulator: ltc3676: Fix notifier mutex lock warning
Steve Twiss <stwiss.opensource@diasemi.com>
regulator: wm831x isink: Fix notifier mutex lock warning
Steve Twiss <stwiss.opensource@diasemi.com>
regulator: wm831x ldo: Fix notifier mutex lock warning
Geert Uytterhoeven <geert+renesas@glider.be>
spi: rspi: Fix sequencer reset during initialization
Laurent Pinchart <laurent.pinchart@ideasonboard.com>
drm/omap: Notify all devices in the pipeline of output disconnection
Tony Lindgren <tony@atomide.com>
drm/omap: dsi: Fix PM for display blank with paired dss_pll calls
Laurent Pinchart <laurent.pinchart+renesas@ideasonboard.com>
drm: writeback: Fix leak of writeback job
Aditya Pakki <pakki001@umn.edu>
spi : spi-topcliff-pch: Fix to handle empty DMA buffers
Li RongQing <lirongqing@baidu.com>
audit: fix a memleak caused by auditing load module
James Smart <jsmart2021@gmail.com>
scsi: lpfc: Fix use-after-free mailbox cmd completion
James Smart <jsmart2021@gmail.com>
scsi: lpfc: Resolve irq-unsafe lockdep heirarchy warning in lpfc_io_free
James Smart <jsmart2021@gmail.com>
scsi: lpfc: Resolve inconsistent check of hdwq in lpfc_scsi_cmd_iocb_cmpl
James Smart <jsmart2021@gmail.com>
scsi: lpfc: Fix mailbox hang on adapter init
James Smart <jsmart2021@gmail.com>
scsi: lpfc: Fix SLI3 commands being issued on SLI4 devices
Arnd Bergmann <arnd@arndb.de>
media: saa7146: avoid high stack usage with clang
James Smart <jsmart2021@gmail.com>
scsi: lpfc: Fix io lost on host resets
James Smart <jsmart2021@gmail.com>
scsi: lpfc: Fix fc4type information for FDMI
James Smart <jsmart2021@gmail.com>
scsi: lpfc: Fix FDMI manufacturer attribute value
Jernej Skrabec <jernej.skrabec@siol.net>
media: cedrus: Add a quirk for not setting DMA offset
Hans Verkuil <hverkuil-cisco@xs4all.nl>
media: vim2m: replace devm_kzalloc by kzalloc
Hans Verkuil <hverkuil-cisco@xs4all.nl>
media: vimc: zero the media_device on probe
Steve Longerbeam <slongerbeam@gmail.com>
media: imx: vdic: Restore default case to prepare_vdi_in_buffers()
Alexandre Courbot <acourbot@chromium.org>
media: mtk-vcodec: fix access to vb2_v4l2_buffer struct
Arnd Bergmann <arnd@arndb.de>
media: go7007: avoid clang frame overflow warning with KASAN
Arnd Bergmann <arnd@arndb.de>
media: vicodec: avoid clang frame size warning
Hans Verkuil <hverkuil-cisco@xs4all.nl>
media: gspca: do not resubmit URBs when streaming has stopped
Helen Fornazier <helen.koike@collabora.com>
media: vimc: stream: fix thread state before sleep
Kangjie Lu <kjlu@umn.edu>
scsi: ufs: fix a missing check of devm_reset_control_get
Nicholas Kazlauskas <nicholas.kazlauskas@amd.com>
drm/amd/display: Set stream->mode_changed when connectors change
Martin Leung <martin.leung@amd.com>
drm/amd/display: half bandwidth for YCbCr420 during validation
David Francis <David.Francis@amd.com>
drm/amd/display: Re-add custom degamma support
Murton Liu <murton.liu@amd.com>
drm/amd/display: Fix Divide by 0 in memory calculations
Arnd Bergmann <arnd@arndb.de>
media: staging: davinci_vpfe: disallow building with COMPILE_TEST
Wenjing Liu <Wenjing.Liu@amd.com>
drm/amd/display: add pipe lock during stream update
James Hutchinson <jahutchinson99@googlemail.com>
media: m88ds3103: serialize reset messages in m88ds3103_set_frontend
Stefan Brüns <stefan.bruens@rwth-aachen.de>
media: dvbsky: Avoid leaking dvb frontend
Kangjie Lu <kjlu@umn.edu>
media: si2165: fix a missing check of return value
Kai-Heng Feng <kai.heng.feng@canonical.com>
igb: Exclude device from suspend direct complete optimization
Noralf Trønnes <noralf@tronnes.org>
tinydrm/mipi-dbi: Use dma-safe buffers for all SPI transfers
Kai-Heng Feng <kai.heng.feng@canonical.com>
e1000e: Disable runtime PM on CNP+
Akeem G Abodunrin <akeem.g.abodunrin@intel.com>
ice: Fix issue with VF reset and multiple VFs support on PFs
Hans Verkuil <hverkuil@xs4all.nl>
media: vicodec: reset last_src/dst_buf based on the IS_OUTPUT
Arnd Bergmann <arnd@arndb.de>
media: staging/intel-ipu3: mark PM function as __maybe_unused
Akinobu Mita <akinobu.mita@gmail.com>
media: ov7670: restore default settings after power-up
Sakari Ailus <sakari.ailus@linux.intel.com>
media: v4l2-fwnode: The first default data lane is 0 on C-PHY
Kangjie Lu <kjlu@umn.edu>
thunderbolt: property: Fix a NULL pointer dereference
Nicholas Kazlauskas <nicholas.kazlauskas@amd.com>
drm/amd/display: Reset alpha state for planes to the correct values
David Francis <David.Francis@amd.com>
drm/amd/display: Update ABM crtc state on non-modeset
Samson Tam <Samson.Tam@amd.com>
drm/amd/display: Link train only when link is DP and backend is enabled
Dmytro Laktyushkin <Dmytro.Laktyushkin@amd.com>
drm/amd/display: fix releasing planes when exiting odm
Arnd Bergmann <arnd@arndb.de>
regulator: add regulator_get_linear_step() stub helper
Arnd Bergmann <arnd@arndb.de>
spi: export tracepoint symbols to modules
Aditya Pakki <pakki001@umn.edu>
thunderbolt: Fix to check for kmemdup failure
Aditya Pakki <pakki001@umn.edu>
thunderbolt: Fix to check return value of ida_simple_get
Rouven Czerwinski <r.czerwinski@pengutronix.de>
hwrng: omap - Set default quality
George Hilliard <thirtythreeforty@gmail.com>
staging: mt7621-mmc: Check for nonzero number of scatterlist entries
Saeed Mahameed <saeedm@mellanox.com>
net/mlx5e: Fix compilation warning in en_tc.c
Pu Wen <puwen@hygon.cn>
x86/CPU/hygon: Fix phys_proc_id calculation logic for multi-die processors
Sameer Pujar <spujar@nvidia.com>
dmaengine: tegra210-adma: use devm_clk_*() helpers
Linus Lüssing <linus.luessing@c0d3.blue>
batman-adv: allow updating DAT entry timeouts on incoming ARP Replies
Arnd Bergmann <arnd@arndb.de>
selinux: avoid uninitialized variable warning
Dave Ertman <david.m.ertman@intel.com>
ice: Prevent unintended multiple chain resets
Dafna Hirschfeld <dafna3@gmail.com>
media: vicodec: bugfix - call v4l2_m2m_buf_copy_metadata also if decoding fails
Arnd Bergmann <arnd@arndb.de>
scsi: lpfc: avoid uninitialized variable warning
Arnd Bergmann <arnd@arndb.de>
scsi: qla4xxx: avoid freeing unallocated dma memory
Anirudh Venkataramanan <anirudh.venkataramanan@intel.com>
ice: Fix for adaptive interrupt moderation
Tony Lindgren <tony@atomide.com>
usb: core: Add PM runtime calls to usb_hcd_platform_shutdown
Ludovic Barre <ludovic.barre@st.com>
spi: stm32-qspi: add spi_master_put in release function
Leon Romanovsky <leon@kernel.org>
RDMA/rxe: Fix slab-out-bounds access which lead to kernel crash later
Kangjie Lu <kjlu@umn.edu>
x86/platform/uv: Fix missing checks of kcalloc() return values
Neeraj Upadhyay <neeraju@codeaurora.org>
rcu: Do a single rhp->func read in rcu_head_after_call_rcu()
Paul E. McKenney <paulmck@linux.ibm.com>
rcuperf: Fix cleanup path for invalid perf_type strings
Yazen Ghannam <yazen.ghannam@amd.com>
x86/mce: Handle varying MCA bank counts
Paul E. McKenney <paulmck@linux.ibm.com>
rcutorture: Fix cleanup path for invalid torture_type strings
Tony Luck <tony.luck@intel.com>
x86/mce: Fix machine_check_poll() tests for error types
Leon Romanovsky <leon@kernel.org>
overflow: Fix -Wtype-limits compilation warnings
George Hilliard <thirtythreeforty@gmail.com>
staging: mt7621-mmc: Initialize completions a single time during probe
Kangjie Lu <kjlu@umn.edu>
tty: ipwireless: fix missing checks for ioremap
Pankaj Gupta <pagupta@redhat.com>
virtio_console: initialize vtermno value for ports
Thierry Escande <thierry.escande@linaro.org>
misc: fastrpc: Fix a possible double free
Srinivas Kandagatla <srinivas.kandagatla@linaro.org>
misc: fastrpc: make sure memory read and writes are visible
Srinivas Kandagatla <srinivas.kandagatla@linaro.org>
misc: fastrpc: consider address offset before sending to DSP
Chad Dupuis <cdupuis@marvell.com>
scsi: qedf: Add missing return in qedf_post_io_req() in the fcport offload check
Artemy Kovalyov <artemyko@mellanox.com>
IB/mlx5: Compare only index part of a memory window rkey
Thomas Gleixner <tglx@linutronix.de>
timekeeping: Force upper bound for setting CLOCK_REALTIME
Laurent Pinchart <laurent.pinchart+renesas@ideasonboard.com>
drm: rcar-du: lvds: Fix post-DLL divider calculation
Laurent Pinchart <laurent.pinchart+renesas@ideasonboard.com>
drm: rcar-du: lvds: Set LVEN and LVRES bits together on D3
Aditya Pakki <pakki001@umn.edu>
thunderbolt: Fix to check the return value of kmemdup
Kangjie Lu <kjlu@umn.edu>
thunderbolt: property: Fix a missing check of kzalloc
Alexandre Courbot <acourbot@chromium.org>
media: mtk-vcodec: fix access to incorrect planes member
Ard Biesheuvel <ard.biesheuvel@linaro.org>
efifb: Omit memory map check on legacy boot
Ezequiel Garcia <ezequiel@collabora.com>
media: gspca: Kill URBs on USB device disconnect
Dan Carpenter <dan.carpenter@oracle.com>
media: wl128x: prevent two potential buffer overflows
Kangjie Lu <kjlu@umn.edu>
media: video-mux: fix null pointer dereferences
Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
kobject: Don't trigger kobject_uevent(KOBJ_REMOVE) twice.
Oded Gabbay <oded.gabbay@gmail.com>
habanalabs: prevent CPU soft lockup on Palladium
Sowjanya Komatineni <skomatineni@nvidia.com>
spi: tegra114: reset controller on probe
Hans de Goede <hdegoede@redhat.com>
HID: logitech-hidpp: change low battery level threshold from 31 to 30 percent
Takeshi Kihara <takeshi.kihara.df@renesas.com>
clk: renesas: rcar-gen3: Correct parent clock of Audio-DMAC
Ming Lei <ming.lei@redhat.com>
block: pass page to xen_biovec_phys_mergeable
Ming Lei <ming.lei@redhat.com>
block: avoid to break XEN by multi-page bvec
Takeshi Kihara <takeshi.kihara.df@renesas.com>
clk: renesas: rcar-gen3: Correct parent clock of SYS-DMAC
Gustavo A. R. Silva <gustavo@embeddedor.com>
cxgb3/l2t: Fix undefined behaviour
Wen Yang <wen.yang99@zte.com.cn>
ASoC: wcd9335: fix a leaked reference by adding missing of_node_put
Wen Yang <wen.yang99@zte.com.cn>
ASoC: fsl_utils: fix a leaked reference by adding missing of_node_put
Wen Yang <wen.yang99@zte.com.cn>
ASoC: eukrea-tlv320: fix a leaked reference by adding missing of_node_put
Nicolas Saenz Julienne <nsaenzjulienne@suse.de>
HID: core: move Usage Page concatenation to Main item
Geert Uytterhoeven <geert+renesas@glider.be>
sh: sh7786: Add explicit I/O cast to sh7786_mm_sel()
Leon Romanovsky <leon@kernel.org>
RDMA/hns: Fix bad endianess of port_pd variable
Chengguang Xu <cgxu519@gmx.com>
chardev: add additional check for minor range overlap
Peter Zijlstra <peterz@infradead.org>
x86/uaccess: Fix up the fixup
Peter Zijlstra <peterz@infradead.org>
x86/ia32: Fix ia32_restore_sigcontext() AC leak
Peter Zijlstra <peterz@infradead.org>
x86/uaccess, signal: Fix AC=1 bloat
Johannes Berg <johannes.berg@intel.com>
iwlwifi: mvm: IBSS: use BE FIFO for multicast
Peter Zijlstra <peterz@infradead.org>
x86/uaccess, ftrace: Fix ftrace_likely_update() vs. SMAP
Lior David <liord@codeaurora.org>
wil6210: fix return code of wmi_mgmt_tx and wmi_mgmt_tx_ext
Peter Zijlstra <peterz@infradead.org>
locking/static_key: Fix false positive warnings on concurrent dec/inc
Wen Yang <wen.yang99@zte.com.cn>
arm64: cpu_ops: fix a leaked reference by adding missing of_node_put
Nicholas Kazlauskas <nicholas.kazlauskas@amd.com>
drm/amd/display: Prevent cursor hotspot overflow for RV overlay planes
Yannick Fertré <yannick.fertre@st.com>
drm/panel: otm8009a: Add delay at the end of initialization
Stanley Chu <stanley.chu@mediatek.com>
scsi: ufs: Avoid configuring regulator with undefined voltage range
Stanley Chu <stanley.chu@mediatek.com>
scsi: ufs: Fix regulator load and icc-level configuration
Ping-Ke Shih <pkshih@realtek.com>
rtlwifi: fix potential NULL pointer dereference
Geert Uytterhoeven <geert+renesas@glider.be>
spi: Add missing error handling for CS GPIOs
Alexandre Belloni <alexandre.belloni@bootlin.com>
rtc: xgene: fix possible race condition
Piotr Figiel <p.figiel@camlintechnologies.com>
brcmfmac: fix Oops when bringing up interface during USB disconnect
Piotr Figiel <p.figiel@camlintechnologies.com>
brcmfmac: fix race during disconnect when USB completion is in progress
Piotr Figiel <p.figiel@camlintechnologies.com>
brcmfmac: fix WARNING during USB disconnect in case of unempty psq
Piotr Figiel <p.figiel@camlintechnologies.com>
brcmfmac: convert dev_init_lock mutex to completion
Arnd Bergmann <arnd@arndb.de>
b43: shut up clang -Wuninitialized variable warning
Kangjie Lu <kjlu@umn.edu>
brcmfmac: fix missing checks for kmemdup
YueHaibing <yuehaibing@huawei.com>
mwifiex: Fix mem leak in mwifiex_tm_cmd
Kangjie Lu <kjlu@umn.edu>
rtlwifi: fix a potential NULL pointer dereference
Daniel T. Lee <danieltimlee@gmail.com>
selftests/bpf: ksym_search won't check symbols exists
Jian Shen <shenjian15@huawei.com>
net: hns3: add protect when handling mac addr list
Huazhong Tan <tanhuazhong@huawei.com>
net: hns3: check resetting status in hns3_get_stats()
Justin Chen <justinpopo6@gmail.com>
iio: adc: ti-ads7950: Fix improper use of mlock
Nathan Chancellor <natechancellor@gmail.com>
iio: common: ssp_sensors: Initialize calculated_time in ssp_common_process_data
Kangjie Lu <kjlu@umn.edu>
iio: hmc5843: fix potential NULL pointer dereferences
Lars-Peter Clausen <lars@metafoo.de>
iio: ad_sigma_delta: Properly handle SPI bus locking vs CS assertion
Wen Yang <wen.yang99@zte.com.cn>
drm/pl111: fix possible object reference leak
Ranjani Sridharan <ranjani.sridharan@linux.intel.com>
ASoC: core: remove link components before cleaning up card resources
Charles Keepax <ckeepax@opensource.cirrus.com>
regulator: core: Avoid potential deadlock on regulator_unregister
Andrey Smirnov <andrew.smirnov@gmail.com>
spi: Don't call spi_get_gpio_descs() before device name is set
Kees Cook <keescook@chromium.org>
x86/build: Keep local relocations with ld.lld
Alexei Starovoitov <ast@kernel.org>
samples/bpf: fix build with new clang
Oded Gabbay <oded.gabbay@gmail.com>
habanalabs: all FD must be closed before removing device
Oded Gabbay <oded.gabbay@gmail.com>
habanalabs: prevent device PTE read/write during hard-reset
David Kozub <zub@linux.fjfi.cvut.cz>
block: sed-opal: fix IOC_OPAL_ENABLE_DISABLE_MBR
Wen Yang <wen.yang99@zte.com.cn>
cpufreq: ap806: fix possible object reference leak
Wen Yang <wen.yang99@zte.com.cn>
cpufreq: imx6q: fix possible object reference leak
Wen Yang <wen.yang99@zte.com.cn>
cpufreq: kirkwood: fix possible object reference leak
Wen Yang <wen.yang99@zte.com.cn>
cpufreq: pmac32: fix possible object reference leak
Wen Yang <wen.yang99@zte.com.cn>
cpufreq/pasemi: fix possible object reference leak
Wen Yang <wen.yang99@zte.com.cn>
cpufreq: ppc_cbe: fix possible object reference leak
Huazhong Tan <tanhuazhong@huawei.com>
net: hns3: add error handler for initializing command queue
Kristian Evensen <kristian.evensen@gmail.com>
qmi_wwan: Add quirk for Quectel dynamic config
Huazhong Tan <tanhuazhong@huawei.com>
net: hns3: fix keep_alive_timer not stop problem
Roman Gushchin <guro@fb.com>
selftests: cgroup: fix cleanup path in test_memcg_subtree_control()
Wenjing Liu <Wenjing.Liu@amd.com>
drm/amd/display: use proper formula to calculate bandwidth from timing
Arnd Bergmann <arnd@arndb.de>
s390: cio: fix cio_irb declaration
Thomas Huth <thuth@redhat.com>
s390/mm: silence compiler warning when compiling without CONFIG_PGSTE
Nicholas Kazlauskas <nicholas.kazlauskas@amd.com>
drm/amd/display: Initialize stream_update with memset
Borislav Petkov <bp@suse.de>
x86/microcode: Fix the ancient deprecated microcode loading method
Arnd Bergmann <arnd@arndb.de>
s390: zcrypt: initialize variables before_use
Michael Tretter <m.tretter@pengutronix.de>
clk: zynqmp: fix check for fractional clock
Douglas Anderson <dianders@chromium.org>
clk: rockchip: Make rkpwm a critical clock on rk3288
Charles Keepax <ckeepax@opensource.cirrus.com>
extcon: arizona: Disable mic detect if running when driver is removed
Douglas Anderson <dianders@chromium.org>
clk: rockchip: Fix video codec clocks on rk3288
Ulf Hansson <ulf.hansson@linaro.org>
PM / core: Propagate dev->power.wakeup_path when no callbacks
Christian König <christian.koenig@amd.com>
drm/amdgpu: fix old fence check in amdgpu_fence_emit
Peng Li <lipeng321@huawei.com>
net: hns3: free the pending skb when clean RX ring
Yinbo Zhu <yinbo.zhu@nxp.com>
mmc: sdhci-of-esdhc: add erratum eSDHC-A001 and A-008358 support
Yinbo Zhu <yinbo.zhu@nxp.com>
mmc: sdhci-of-esdhc: add erratum A-009204 support
Yinbo Zhu <yinbo.zhu@nxp.com>
mmc: sdhci-of-esdhc: add erratum eSDHC5 support
Kangjie Lu <kjlu@umn.edu>
mmc_spi: add a status check for spi_sync_locked
Andrea Merello <andrea.merello@gmail.com>
mmc: core: make pwrseq_emmc (partially) support sleepy GPIO controllers
John Garry <john.garry@huawei.com>
scsi: libsas: Do discovery on empty PHY to update PHY info
Guenter Roeck <linux@roeck-us.net>
hwmon: (f71805f) Use request_muxed_region for Super-IO accesses
Guenter Roeck <linux@roeck-us.net>
hwmon: (pc87427) Use request_muxed_region for Super-IO accesses
Guenter Roeck <linux@roeck-us.net>
hwmon: (smsc47b397) Use request_muxed_region for Super-IO accesses
Guenter Roeck <linux@roeck-us.net>
hwmon: (smsc47m1) Use request_muxed_region for Super-IO accesses
Guenter Roeck <linux@roeck-us.net>
hwmon: (vt1211) Use request_muxed_region for Super-IO accesses
Enric Balletbo i Serra <enric.balletbo@collabora.com>
PM / devfreq: Fix static checker warning in try_then_request_governor
Kan Liang <kan.liang@linux.intel.com>
perf/x86/intel/cstate: Add Icelake support
Kan Liang <kan.liang@linux.intel.com>
perf/x86/intel/rapl: Add Icelake support
Kan Liang <kan.liang@linux.intel.com>
perf/x86/msr: Add Icelake support
Eric Biggers <ebiggers@google.com>
fscrypt: use READ_ONCE() to access ->i_crypt_info
Colin Ian King <colin.king@canonical.com>
RDMA/cxgb4: Fix null pointer dereference on alloc_skb failure
Vincenzo Frascino <vincenzo.frascino@arm.com>
arm64: vdso: Fix clock_getres() for CLOCK_REALTIME
Kefeng Wang <wangkefeng.wang@huawei.com>
ACPI/IORT: Reject platform device creation on NUMA node mapping failure
Nicholas Nunley <nicholas.d.nunley@intel.com>
i40e: don't allow changes to HW VLAN stripping on active port VLANs
Adam Ludkiewicz <adam.ludkiewicz@intel.com>
i40e: Able to add up to 16 MAC filters on an untrusted VF
Ioana Ciocoi Radulescu <ruxandra.radulescu@nxp.com>
dpaa2-eth: Fix Rx classification status
Arnd Bergmann <arnd@arndb.de>
phy: ti: usb2: fix OMAP_CONTROL_PHY dependency
Arnd Bergmann <arnd@arndb.de>
phy: mapphone-mdm6600: add gpiolib dependency
Paul Kocialkowski <paul.kocialkowski@bootlin.com>
phy: sun4i-usb: Make sure to disable PHY0 passby for peripheral mode
Evan Green <evgreen@chromium.org>
dt-bindings: phy-qcom-qmp: Add UFS PHY reset
Russell King <rmk+kernel@armlinux.org.uk>
drm: etnaviv: avoid DMA API warning when importing buffers
Thomas Gleixner <tglx@linutronix.de>
x86/irq/64: Limit IST stack overflow check to #DB stack
Alan Stern <stern@rowland.harvard.edu>
USB: core: Don't unbind interfaces following device reset failure
Julian Wiedmann <jwi@linux.ibm.com>
s390/qeth: handle error from qeth_update_from_chp_desc()
Mika Westerberg <mika.westerberg@linux.intel.com>
thunderbolt: Take domain lock in switch sysfs attribute callbacks
Nicholas Piggin <npiggin@gmail.com>
irq_work: Do not raise an IPI when queueing work on the local CPU
Luca Weiss <luca@z3ntu.xyz>
drm/msm: Fix NULL pointer dereference
Sean Paul <seanpaul@chromium.org>
drm/msm: dpu: Don't set frame_busy_mask for async updates
Wen Yang <wen.yang99@zte.com.cn>
drm/msm: a5xx: fix possible object reference leak
Jeykumar Sankaran <jsanka@codeaurora.org>
drm/msm/dpu: release resources on modeset failure
Nicholas Mc Guire <hofrat@osadl.org>
staging: vc04_services: handle kzalloc failure
Konstantin Khlebnikov <khlebnikov@yandex-team.ru>
sched/core: Handle overflow in cpu_shares_write_u64
Konstantin Khlebnikov <khlebnikov@yandex-team.ru>
sched/rt: Check integer overflow at usec to nsec conversion
Konstantin Khlebnikov <khlebnikov@yandex-team.ru>
sched/core: Check quota and period overflow at usec to nsec conversion
Roman Gushchin <guro@fb.com>
cgroup: protect cgroup->nr_(dying_)descendants by css_set_lock
Sebastian Andrzej Siewior <bigeasy@linutronix.de>
random: add a spinlock_t to struct batched_entropy
Jon DeVree <nuxi@vault24.org>
random: fix CRNG initialization when random.trust_cpu=1
Russell Currey <ruscur@russell.cc>
powerpc/64: Fix booting large kernels with STRICT_KERNEL_RWX
Nathan Lynch <nathanl@linux.ibm.com>
powerpc/numa: improve control of topology updates
Yufen Yu <yuyufen@huawei.com>
block: fix use-after-free on gendisk
Fabrice Gasnier <fabrice.gasnier@st.com>
iio: adc: stm32-dfsdm: fix unmet direct dependencies detected
Dan Carpenter <dan.carpenter@oracle.com>
media: pvrusb2: Prevent a buffer overflow
Shuah Khan <shuah@kernel.org>
media: au0828: Fix NULL pointer dereference in au0828_analog_stream_enable()
Hugues Fruchet <hugues.fruchet@st.com>
media: stm32-dcmi: fix crash when subdev do not expose any formats
Wenwen Wang <wang6495@umn.edu>
audit: fix a memory leak bug
Akinobu Mita <akinobu.mita@gmail.com>
media: ov2659: make S_FMT succeed even if requested format doesn't match
Hans Verkuil <hverkuil@xs4all.nl>
media: au0828: stop video streaming only when last user stops
Janusz Krzysztofik <jmkrzyszt@gmail.com>
media: ov6650: Move v4l2_clk_get() to ov6650_video_probe() helper
Philipp Zabel <p.zabel@pengutronix.de>
media: coda: clear error return value before picture run
Nicolas Ferre <nicolas.ferre@microchip.com>
dmaengine: at_xdmac: remove BUG_ON macro in tasklet
Robin Murphy <robin.murphy@arm.com>
perf/arm-cci: Remove broken race mitigation
Douglas Anderson <dianders@chromium.org>
clk: rockchip: undo several noc and special clocks as critical on rk3288
Wen Yang <wen.yang99@zte.com.cn>
pinctrl: samsung: fix leaked of_node references
Wen Yang <wen.yang99@zte.com.cn>
pinctrl: st: fix leaked of_node references
Wen Yang <wen.yang99@zte.com.cn>
pinctrl: pistachio: fix leaked of_node references
Hans de Goede <hdegoede@redhat.com>
HID: logitech-hidpp: use RAP instead of FAP to get the protocol version
Sean Wang <sean.wang@mediatek.com>
Bluetooth: mediatek: Fixed incorrect type in assignment
Ferry Toth <ftoth@exalondelft.nl>
Bluetooth: btbcm: Add default address for BCM43341B
Balakrishna Godavarthi <bgodavar@codeaurora.org>
Bluetooth: hci_qca: Give enough time to ROME controller to bootup.
Matthias Kaehlcke <mka@chromium.org>
Bluetooth: hci_qca: Fix crash with non-serdev devices
Peter Zijlstra <peterz@infradead.org>
mm/uaccess: Use 'unsigned long' to placate UBSAN warnings on older GCC versions
Jiri Kosina <jkosina@suse.cz>
x86/mm: Remove in_nmi() warning from 64-bit implementation of vmalloc_fault()
Peter Zijlstra <peterz@infradead.org>
x86/uaccess: Dont leak the AC flag into __put_user() argument evaluation
Sebastian Andrzej Siewior <bigeasy@linutronix.de>
smpboot: Place the __percpu annotation correctly
Kees Cook <keescook@chromium.org>
x86/build: Move _etext to actual end of .text
Farhan Ali <alifm@linux.ibm.com>
vfio-ccw: Release any channel program when releasing/removing vfio-ccw mdev
Farhan Ali <alifm@linux.ibm.com>
vfio-ccw: Do not call flush_workqueue while holding the spinlock
Parav Pandit <parav@mellanox.com>
RDMA/cma: Consider scope_id while binding to ipv6 ll address
Arnd Bergmann <arnd@arndb.de>
bcache: avoid clang -Wunintialized warning
Coly Li <colyli@suse.de>
bcache: add failure check to run_cache_set() for journal replay
Tang Junhui <tang.junhui.linux@gmail.com>
bcache: fix failure in journal relplay
Coly Li <colyli@suse.de>
bcache: return error immediately in bch_journal_replay()
Shenghui Wang <shhuiw@foxmail.com>
bcache: avoid potential memleak of list of journal_replay(s) in the CACHE_SYNC branch of run_cache_set
Corentin Labbe <clabbe.montjoie@gmail.com>
crypto: sun4i-ss - Fix invalid calculation of hash end
Sagi Grimberg <sagi@grimberg.me>
nvme-tcp: fix a NULL deref when an admin connect times out
Sagi Grimberg <sagi@grimberg.me>
nvme-rdma: fix a NULL deref when an admin connect times out
Sagi Grimberg <sagi@grimberg.me>
nvme: set 0 capacity if namespace block size exceeds PAGE_SIZE
Kangjie Lu <kjlu@umn.edu>
net: cw1200: fix a NULL pointer dereference
Aditya Pakki <pakki001@umn.edu>
rsi: Fix NULL pointer dereference in kmalloc
Dan Carpenter <dan.carpenter@oracle.com>
mwifiex: prevent an array overflow
Xiaoli Feng <fengxiaoli0714@gmail.com>
Fix nfs4.2 return -EINVAL when do dedupe operation
Daniel Baluta <daniel.baluta@nxp.com>
ASoC: fsl_sai: Update is_slave_mode with correct value
Linus Walleij <linus.walleij@linaro.org>
regulator: core: Actually put the gpiod after use
Kangjie Lu <kjlu@umn.edu>
slimbus: fix a potential NULL pointer dereference in of_qcom_slim_ngd_register
Daniel T. Lee <danieltimlee@gmail.com>
libbpf: fix samples/bpf build failure due to undefined UINT32_MAX
Masahiro Yamada <yamada.masahiro@socionext.com>
drm: prefix header search paths with $(srctree)/
Sergey Matyukevich <sergey.matyukevich.os@quantenna.com>
mac80211/cfg80211: update bss channel on channel switch
Sugar Zhang <sugar.zhang@rock-chips.com>
dmaengine: pl330: _stop: clear interrupt status
Huazhong Tan <tanhuazhong@huawei.com>
net: hns3: use atomic_t replace u32 for arq's count
Will Deacon <will.deacon@arm.com>
arm64: futex: Fix FUTEX_WAKE_OP atomic ops with non-zero result value
Arnd Bergmann <arnd@arndb.de>
s390: qeth: address type mismatch warning
Heiner Kallweit <hkallweit1@gmail.com>
net: phy: improve genphy_soft_reset
Yunsheng Lin <linyunsheng@huawei.com>
net: hns3: fix for TX clean num when cleaning TX BD
Huazhong Tan <tanhuazhong@huawei.com>
net: hns3: fix pause configure fail problem
Mariusz Bialonczyk <manio@skyboo.net>
w1: fix the resume command API
Grygorii Strashko <grygorii.strashko@ti.com>
net: ethernet: ti: cpsw: fix allmulti cfg in dual_mac mode
Nicholas Piggin <npiggin@gmail.com>
sched/nohz: Run NOHZ idle load balancer on HK_FLAG_MISC CPUs
Bard liao <yung-chuan.liao@linux.intel.com>
ALSA: hda: fix unregister device twice on ASoC driver
Philipp Rudo <prudo@linux.ibm.com>
s390/kexec_file: Fix detection of text segment in ELF loader
Manish Rangankar <mrangankar@marvell.com>
scsi: qedi: Abort ep termination if offload not scheduled
Fabien Dessenne <fabien.dessenne@st.com>
rtc: stm32: manage the get_irq probe defer case
Sven Van Asbroeck <thesven73@gmail.com>
rtc: 88pm860x: prevent use-after-free on device remove
Johannes Berg <johannes.berg@intel.com>
iwlwifi: pcie: don't crash on invalid RX interrupt
Qu Wenruo <wqu@suse.com>
btrfs: Don't panic when we can't find a root key
Josef Bacik <josef@toxicpanda.com>
btrfs: fix panic during relocation after ENOSPC before writeback happens
Robbie Ko <robbieko@synology.com>
Btrfs: fix data bytes_may_use underflow with fallocate due to failed quota reserve
Nadav Amit <namit@vmware.com>
x86/modules: Avoid breaking W^X while loading modules
Bart Van Assche <bvanassche@acm.org>
scsi: qla2xxx: Fix hardirq-unsafe locking
Bart Van Assche <bvanassche@acm.org>
scsi: qla2xxx: Avoid that lockdep complains about unsafe locking in tcm_qla2xxx_close_session()
Bart Van Assche <bvanassche@acm.org>
scsi: qla2xxx: Fix abort handling in tcm_qla2xxx_write_pending()
Bart Van Assche <bvanassche@acm.org>
scsi: qla2xxx: Fix a qla24xx_enable_msix() error path
Viresh Kumar <viresh.kumar@linaro.org>
cpufreq: Fix kobject memleak
Nicholas Piggin <npiggin@gmail.com>
powerpc/watchdog: Use hrtimers for per-CPU heartbeat
Nadav Amit <namit@vmware.com>
x86/ftrace: Set trampoline pages as executable
Lorenzo Bianconi <lorenzo@kernel.org>
mt76: remove mt76_queue dependency from tx_queue_skb function pointer
Qian Cai <cai@lca.pw>
arm64: Fix compiler warning from pte_unmap() with -Wunused-but-set-variable
Marc Zyngier <marc.zyngier@arm.com>
ARM: vdso: Remove dependency with the arch_timer driver internals
Fabien Dessenne <fabien.dessenne@st.com>
media: stm32-dcmi: return appropriate error codes during probe
Jon Derrick <jonathan.derrick@intel.com>
drm/nouveau/bar/nv50: ensure BAR is mapped
Pierre-Louis Bossart <pierre-louis.bossart@linux.intel.com>
ACPI / property: fix handling of data_nodes in acpi_get_next_subnode()
Dan Carpenter <dan.carpenter@oracle.com>
brcm80211: potential NULL dereference in brcmf_cfg80211_vndr_cmds_dcmd_handler()
Bodong Wang <bodong@mellanox.com>
net/mlx5: E-Switch, Use atomic rep state to serialize state change
Flavio Suligoi <f.suligoi@asem.it>
spi: pxa2xx: fix SCR (divisor) calculation
Arnd Bergmann <arnd@arndb.de>
ASoC: imx: fix fiq dependencies
Claudiu Beznea <claudiu.beznea@microchip.com>
spi: atmel-quadspi: fix crash while suspending
Anju T Sudhakar <anju@linux.vnet.ibm.com>
powerpc/perf: Fix loop exit condition in nest_imc_event_init
Bo YU <tsu.yubo@gmail.com>
powerpc/boot: Fix missing check of lseek() return value
Anju T Sudhakar <anju@linux.vnet.ibm.com>
powerpc/perf: Return accordingly on invalid chip-id in
Jerome Brunet <jbrunet@baylibre.com>
ASoC: hdmi-codec: unlock the device on startup errors
Fei Yang <fei.yang@intel.com>
usb: gadget: f_fs: don't free buffer prematurely
Marek Szyprowski <m.szyprowski@samsung.com>
usb: dwc3: move synchronize_irq() out of the spinlock protected block
Minas Harutyunyan <minas.harutyunyan@synopsys.com>
usb: dwc2: gadget: Increase descriptors count for ISOC's
Mac Chiang <mac.chiang@intel.com>
ASoC: Intel: kbl_da7219_max98357a: Map BTN_0 to KEY_PLAYPAUSE
Wen Yang <wen.yang99@zte.com.cn>
pinctrl: zte: fix leaked of_node references
João Paulo Rechi Vita <jprvita@gmail.com>
Bluetooth: Ignore CC events not matching the last HCI command
Haiyang Zhang <haiyangz@microsoft.com>
hv_netvsc: fix race that may miss tx queue wakeup
Sameeh Jubran <sameehj@amazon.com>
net: ena: fix: set freed objects to NULL to avoid failing future allocations
Sameeh Jubran <sameehj@amazon.com>
net: ena: gcc 8: fix compilation warning
Sameer Pujar <spujar@nvidia.com>
dmaengine: tegra210-dma: free dma controller in remove()
Ming Lei <ming.lei@redhat.com>
blk-mq: grab .q_usage_counter when queuing request from plug code path
Ming Lei <ming.lei@redhat.com>
blk-mq: split blk_mq_alloc_and_init_hctx into two parts
Tony Nguyen <anthony.l.nguyen@intel.com>
ice: Preserve VLAN Rx stripping settings
Tony Nguyen <anthony.l.nguyen@intel.com>
ice: Separate if conditions for ice_set_features()
Masahiro Yamada <yamada.masahiro@socionext.com>
bpftool: exclude bash-completion/bpftool from .gitignore pattern
Yonghong Song <yhs@fb.com>
selftests/bpf: set RLIMIT_MEMLOCK properly for test_libbpf_open.c
Björn Töpel <bjorn.topel@intel.com>
libbpf: fix invalid munmap call
Martyna Szapar <martyna.szapar@intel.com>
i40e: Fix of memory leak and integer truncation in i40e_virtchnl.c
Vineet Gupta <Vineet.Gupta1@synopsys.com>
tools/bpf: fix perf build error with uClibc (seen on ARC)
Raul E Rangel <rrangel@chromium.org>
mmc: core: Verify SD bus width
Andreas Gruenbacher <agruenba@redhat.com>
gfs2: Fix occasional glock use-after-free
Mike Marciniszyn <mike.marciniszyn@intel.com>
IB/hfi1: Fix WQ_MEM_RECLAIM warning
Shenghui Wang <shhuiw@foxmail.com>
io_uring: use cpu_online() to check p->sq_thread_cpu instead of cpu_possible()
Abhi Das <adas@redhat.com>
gfs2: fix race between gfs2_freeze_func and unmount
Roberto Bergantinos Corpas <rbergant@redhat.com>
NFS: make nfs_match_client killable
David Howells <dhowells@redhat.com>
afs: Fix getting the afs.fid xattr
YueHaibing <yuehaibing@huawei.com>
cxgb4: Fix error path in cxgb4_init_module
Ross Lagerwall <ross.lagerwall@citrix.com>
gfs2: Fix lru_count going negative
David Sterba <dsterba@suse.com>
Revert "btrfs: Honour FITRIM range constraints during free space trim"
Kristian Evensen <kristian.evensen@gmail.com>
netfilter: ctnetlink: Resolve conntrack L3-protocol flush regression
Al Viro <viro@zeniv.linux.org.uk>
acct_on(): don't mess with freeze protection
YueHaibing <yuehaibing@huawei.com>
at76c50x-usb: Don't register led_trigger if usb_register_driver failed
Linus Lüssing <linus.luessing@c0d3.blue>
batman-adv: mcast: fix multicast tt/tvlv worker locking
Eric Dumazet <edumazet@google.com>
bpf: devmap: fix use-after-free Read in __dev_map_entry_free
YueHaibing <yuehaibing@huawei.com>
ssb: Fix possible NULL pointer dereference in ssb_host_pcmcia_exit
Alexander Potapenko <glider@google.com>
media: vivid: use vfree() instead of kfree() for dev->bitmap_cap
Hans Verkuil <hverkuil@xs4all.nl>
media: vb2: add waiting_in_dqbuf flag
YueHaibing <yuehaibing@huawei.com>
media: serial_ir: Fix use-after-free in serial_ir_init_module
YueHaibing <yuehaibing@huawei.com>
media: cpia2: Fix use-after-free in cpia2_exit
Jiufei Xue <jiufei.xue@linux.alibaba.com>
fbdev: fix WARNING in __alloc_pages_nodemask bug
Amir Goldstein <amir73il@gmail.com>
ovl: relax WARN_ON() for overlapping layers use case
Will Deacon <will.deacon@arm.com>
arm64: errata: Add workaround for Cortex-A76 erratum #1463225
Shile Zhang <shile.zhang@linux.alibaba.com>
fbdev: fix divide error in fb_var_to_videomode
Tobin C. Harding <tobin@kernel.org>
btrfs: sysfs: don't leak memory when failing add fsid
Tobin C. Harding <tobin@kernel.org>
btrfs: sysfs: Fix error path kobject memory leak
Filipe Manana <fdmanana@suse.com>
Btrfs: fix race between ranged fsync and writeback of adjacent ranges
Filipe Manana <fdmanana@suse.com>
Btrfs: avoid fallback to transaction commit during fsync of files with holes
Filipe Manana <fdmanana@suse.com>
Btrfs: do not abort transaction at btrfs_update_root() after failure to COW path
Johnny Chang <johnnyc@synology.com>
btrfs: Check the compression level before getting a workspace
Josef Bacik <josef@toxicpanda.com>
btrfs: don't double unlock on error in btrfs_punch_hole
Andreas Gruenbacher <agruenba@redhat.com>
gfs2: Fix sign extension bug in gfs2_update_stats
Christoph Hellwig <hch@lst.de>
arm64/iommu: handle non-remapped addresses in ->mmap and ->get_sgtable
Will Deacon <will.deacon@arm.com>
arm64: Kconfig: Make ARM64_PSEUDO_NMI depend on BROKEN for now
Ard Biesheuvel <ard.biesheuvel@arm.com>
arm64/kernel: kaslr: reduce module randomization range to 2 GB
Dan Williams <dan.j.williams@intel.com>
libnvdimm/pmem: Bypass CONFIG_HARDENED_USERCOPY overhead
Wanpeng Li <wanpengli@tencent.com>
KVM: nVMX: Fix using __this_cpu_read() in preemptible context
Suthikulpanit, Suravee <Suravee.Suthikulpanit@amd.com>
kvm: svm/avic: fix off-by-one in checking host APIC ID
Peter Xu <peterx@redhat.com>
kvm: Check irqchip mode before assign irqfd
Dan Williams <dan.j.williams@intel.com>
dax: Arrange for dax_supported check to span multiple devices
Tom Zanussi <tom.zanussi@linux.intel.com>
tracing: Add a check_val() check before updating cond_snapshot() track_val
Trac Hoang <trac.hoang@broadcom.com>
mmc: sdhci-iproc: Set NO_HISPD bit to fix HS50 data hold time problem
Trac Hoang <trac.hoang@broadcom.com>
mmc: sdhci-iproc: cygnus: Set NO_HISPD bit to fix HS50 data hold time problem
Daniel Axtens <dja@axtens.net>
crypto: vmx - CTR: always increment IV as quadword
Eric Biggers <ebiggers@google.com>
crypto: hash - fix incorrect HASH_MAX_DESCSIZE
Martin K. Petersen <martin.petersen@oracle.com>
Revert "scsi: sd: Keep disk read-only when re-reading partition"
Andrea Parri <andrea.parri@amarulasolutions.com>
sbitmap: fix improper use of smp_mb__before_atomic()
Andrea Parri <andrea.parri@amarulasolutions.com>
bio: fix improper use of smp_mb__before_atomic()
Borislav Petkov <bp@suse.de>
x86/kvm/pmu: Set AMD's virt PMU version to 1
Paolo Bonzini <pbonzini@redhat.com>
KVM: x86: fix return value for reserved EFER
Jan Kara <jack@suse.cz>
ext4: wait for outstanding dio during truncate in nojournal mode
Jan Kara <jack@suse.cz>
ext4: do not delete unlinked inode from orphan list on failed truncate
Steven Rostedt (VMware) <rostedt@goodmis.org>
x86: Hide the int3_emulate_call/jmp functions from UML
-------------
Diffstat:
Documentation/arm64/silicon-errata.txt | 1 +
.../devicetree/bindings/phy/qcom-qmp-phy.txt | 6 +-
Makefile | 4 +-
arch/arm/include/asm/cp15.h | 2 +
arch/arm/vdso/vgettimeofday.c | 5 +-
arch/arm64/Kconfig | 19 ++
arch/arm64/include/asm/cpucaps.h | 3 +-
arch/arm64/include/asm/futex.h | 2 +-
arch/arm64/include/asm/pgtable.h | 3 +-
arch/arm64/include/asm/vdso_datapage.h | 1 +
arch/arm64/kernel/asm-offsets.c | 2 +-
arch/arm64/kernel/cpu_errata.c | 24 ++
arch/arm64/kernel/cpu_ops.c | 1 +
arch/arm64/kernel/kaslr.c | 6 +-
arch/arm64/kernel/module.c | 2 +-
arch/arm64/kernel/syscall.c | 31 +++
arch/arm64/kernel/vdso.c | 3 +
arch/arm64/kernel/vdso/gettimeofday.S | 7 +-
arch/arm64/mm/dma-mapping.c | 10 +
arch/arm64/mm/fault.c | 37 ++-
arch/powerpc/boot/addnote.c | 6 +-
arch/powerpc/kernel/head_64.S | 4 +-
arch/powerpc/kernel/watchdog.c | 81 +++---
arch/powerpc/mm/numa.c | 18 +-
arch/powerpc/perf/imc-pmu.c | 7 +-
arch/powerpc/platforms/powernv/opal-imc.c | 2 +-
arch/s390/kernel/kexec_elf.c | 7 +-
arch/s390/mm/pgtable.c | 2 +
arch/sh/include/cpu-sh4/cpu/sh7786.h | 2 +-
arch/x86/Makefile | 2 +-
arch/x86/events/intel/cstate.c | 2 +
arch/x86/events/intel/rapl.c | 2 +
arch/x86/events/msr.c | 1 +
arch/x86/ia32/ia32_signal.c | 29 +-
arch/x86/include/asm/text-patching.h | 4 +-
arch/x86/include/asm/uaccess.h | 7 +-
arch/x86/kernel/alternative.c | 28 +-
arch/x86/kernel/cpu/hygon.c | 5 +
arch/x86/kernel/cpu/mce/core.c | 66 +++--
arch/x86/kernel/cpu/mce/inject.c | 14 +-
arch/x86/kernel/cpu/microcode/core.c | 3 +-
arch/x86/kernel/ftrace.c | 8 +
arch/x86/kernel/irq_64.c | 19 +-
arch/x86/kernel/module.c | 2 +-
arch/x86/kernel/signal.c | 29 +-
arch/x86/kernel/vmlinux.lds.S | 6 +-
arch/x86/kvm/irq.c | 7 +
arch/x86/kvm/irq.h | 1 +
arch/x86/kvm/pmu_amd.c | 2 +-
arch/x86/kvm/svm.c | 6 +-
arch/x86/kvm/vmx/nested.c | 4 +-
arch/x86/kvm/x86.c | 2 +-
arch/x86/lib/memcpy_64.S | 3 +-
arch/x86/mm/fault.c | 2 -
arch/x86/platform/uv/tlb_uv.c | 7 +-
block/bio.c | 2 +
block/blk-mq-sched.c | 12 +-
block/blk-mq.c | 139 +++++-----
block/blk.h | 2 +-
block/genhd.c | 19 ++
block/partition-generic.c | 7 +
block/sed-opal.c | 9 +-
crypto/hmac.c | 2 +
drivers/acpi/arm64/iort.c | 19 +-
drivers/acpi/property.c | 8 +
drivers/base/power/main.c | 4 +
drivers/bluetooth/btbcm.c | 4 +-
drivers/bluetooth/btmtkuart.c | 2 +-
drivers/bluetooth/hci_qca.c | 5 +-
drivers/char/hw_random/omap-rng.c | 1 +
drivers/char/random.c | 57 ++--
drivers/char/virtio_console.c | 3 +-
drivers/clk/renesas/r8a774a1-cpg-mssr.c | 8 +-
drivers/clk/renesas/r8a774c0-cpg-mssr.c | 2 +-
drivers/clk/renesas/r8a7795-cpg-mssr.c | 8 +-
drivers/clk/renesas/r8a7796-cpg-mssr.c | 8 +-
drivers/clk/renesas/r8a77965-cpg-mssr.c | 8 +-
drivers/clk/renesas/r8a77990-cpg-mssr.c | 2 +-
drivers/clk/renesas/r8a77995-cpg-mssr.c | 2 +-
drivers/clk/rockchip/clk-rk3288.c | 21 +-
drivers/clk/zynqmp/divider.c | 9 +-
drivers/cpufreq/armada-8k-cpufreq.c | 1 +
drivers/cpufreq/cpufreq.c | 1 +
drivers/cpufreq/cpufreq_governor.c | 2 +
drivers/cpufreq/imx6q-cpufreq.c | 4 +-
drivers/cpufreq/kirkwood-cpufreq.c | 19 +-
drivers/cpufreq/pasemi-cpufreq.c | 1 +
drivers/cpufreq/pmac32-cpufreq.c | 2 +
drivers/cpufreq/ppc_cbe_cpufreq.c | 1 +
drivers/crypto/sunxi-ss/sun4i-ss-hash.c | 5 +-
drivers/crypto/vmx/aesp8-ppc.pl | 2 +-
drivers/dax/super.c | 88 ++++---
drivers/devfreq/devfreq.c | 4 +-
drivers/dma/at_xdmac.c | 6 +-
drivers/dma/pl330.c | 10 +-
drivers/dma/tegra210-adma.c | 28 +-
drivers/extcon/Kconfig | 2 +-
drivers/extcon/extcon-arizona.c | 10 +
drivers/gpu/drm/amd/amdgpu/Makefile | 2 +-
drivers/gpu/drm/amd/amdgpu/amdgpu_fence.c | 24 +-
drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c | 12 +-
drivers/gpu/drm/amd/display/dc/core/dc.c | 15 +-
drivers/gpu/drm/amd/display/dc/core/dc_link.c | 81 +++++-
drivers/gpu/drm/amd/display/dc/core/dc_link_dp.c | 51 +---
drivers/gpu/drm/amd/display/dc/core/dc_resource.c | 6 +-
drivers/gpu/drm/amd/display/dc/dc_link.h | 2 +
drivers/gpu/drm/amd/display/dc/dce/dce_aux.c | 4 +-
.../gpu/drm/amd/display/dc/dcn10/dcn10_dpp_dscl.c | 20 +-
.../drm/amd/display/dc/dcn10/dcn10_hw_sequencer.c | 19 +-
.../drm/amd/display/modules/color/color_gamma.c | 2 +
drivers/gpu/drm/arm/display/komeda/Makefile | 4 +-
drivers/gpu/drm/drm_atomic_state_helper.c | 4 +
drivers/gpu/drm/drm_drv.c | 5 +-
drivers/gpu/drm/drm_file.c | 1 +
drivers/gpu/drm/drm_writeback.c | 14 +-
drivers/gpu/drm/etnaviv/etnaviv_drv.c | 5 +
drivers/gpu/drm/etnaviv/etnaviv_drv.h | 1 +
drivers/gpu/drm/i915/gvt/Makefile | 2 +-
drivers/gpu/drm/msm/Makefile | 6 +-
drivers/gpu/drm/msm/adreno/a5xx_gpu.c | 10 +-
drivers/gpu/drm/msm/disp/dpu1/dpu_encoder.c | 15 +-
drivers/gpu/drm/msm/msm_gem_vma.c | 2 +-
drivers/gpu/drm/nouveau/Kbuild | 8 +-
drivers/gpu/drm/nouveau/nvkm/subdev/bar/nv50.c | 12 +-
drivers/gpu/drm/omapdrm/dss/dsi.c | 60 +++--
drivers/gpu/drm/omapdrm/omap_connector.c | 28 +-
drivers/gpu/drm/panel/panel-orisetech-otm8009a.c | 3 +
drivers/gpu/drm/pl111/pl111_versatile.c | 4 +
drivers/gpu/drm/rcar-du/rcar_lvds.c | 10 +-
drivers/gpu/drm/sun4i/sun4i_tcon.c | 4 +-
drivers/gpu/drm/sun4i/sun6i_mipi_dsi.c | 8 +-
drivers/gpu/drm/sun4i/sun6i_mipi_dsi.h | 2 +
drivers/gpu/drm/tinydrm/ili9225.c | 6 +-
drivers/gpu/drm/tinydrm/mipi-dbi.c | 58 ++--
drivers/gpu/drm/v3d/v3d_drv.c | 8 +-
drivers/gpu/drm/v3d/v3d_drv.h | 2 +-
drivers/gpu/drm/v3d/v3d_irq.c | 13 +-
drivers/hid/hid-core.c | 36 ++-
drivers/hid/hid-logitech-hidpp.c | 23 +-
drivers/hwmon/f71805f.c | 15 +-
drivers/hwmon/pc87427.c | 14 +-
drivers/hwmon/smsc47b397.c | 13 +-
drivers/hwmon/smsc47m1.c | 28 +-
drivers/hwmon/vt1211.c | 15 +-
drivers/iio/adc/Kconfig | 1 +
drivers/iio/adc/ad_sigma_delta.c | 16 +-
drivers/iio/adc/ti-ads7950.c | 19 +-
drivers/iio/common/ssp_sensors/ssp_iio.c | 2 +-
drivers/iio/magnetometer/hmc5843_i2c.c | 7 +-
drivers/iio/magnetometer/hmc5843_spi.c | 7 +-
drivers/infiniband/core/cma.c | 25 +-
drivers/infiniband/hw/cxgb4/cm.c | 2 +
drivers/infiniband/hw/hfi1/init.c | 3 +-
drivers/infiniband/hw/hns/hns_roce_ah.c | 2 +-
drivers/infiniband/hw/mlx5/odp.c | 11 +-
drivers/infiniband/sw/rxe/rxe_mr.c | 11 +-
drivers/md/bcache/alloc.c | 5 +-
drivers/md/bcache/journal.c | 26 +-
drivers/md/bcache/super.c | 25 +-
drivers/md/dm-table.c | 17 +-
drivers/md/dm.c | 20 ++
drivers/md/dm.h | 1 +
drivers/media/common/videobuf2/videobuf2-core.c | 22 ++
drivers/media/dvb-frontends/m88ds3103.c | 9 +-
drivers/media/dvb-frontends/si2165.c | 8 +-
drivers/media/i2c/ov2659.c | 6 +-
drivers/media/i2c/ov6650.c | 25 +-
drivers/media/i2c/ov7670.c | 1 +
drivers/media/pci/saa7146/hexium_gemini.c | 5 +-
drivers/media/pci/saa7146/hexium_orion.c | 5 +-
drivers/media/platform/coda/coda-bit.c | 3 +
drivers/media/platform/mtk-vcodec/mtk_vcodec_dec.c | 8 +-
drivers/media/platform/mtk-vcodec/mtk_vcodec_enc.c | 10 +-
drivers/media/platform/stm32/stm32-dcmi.c | 20 +-
drivers/media/platform/vicodec/codec-fwht.c | 29 +-
drivers/media/platform/vicodec/vicodec-core.c | 24 +-
drivers/media/platform/video-mux.c | 5 +
drivers/media/platform/vim2m.c | 35 ++-
drivers/media/platform/vimc/vimc-core.c | 2 +
drivers/media/platform/vimc/vimc-streamer.c | 2 +-
drivers/media/platform/vivid/vivid-vid-cap.c | 2 +-
drivers/media/radio/wl128x/fmdrv_common.c | 7 +-
drivers/media/rc/serial_ir.c | 9 +-
drivers/media/usb/au0828/au0828-video.c | 16 +-
drivers/media/usb/cpia2/cpia2_v4l.c | 3 +-
drivers/media/usb/dvb-usb-v2/dvbsky.c | 18 +-
drivers/media/usb/go7007/go7007-fw.c | 4 +-
drivers/media/usb/gspca/gspca.c | 12 +-
drivers/media/usb/pvrusb2/pvrusb2-hdw.c | 2 +
drivers/media/usb/pvrusb2/pvrusb2-hdw.h | 1 +
drivers/media/v4l2-core/v4l2-fwnode.c | 6 +-
drivers/misc/fastrpc.c | 44 +++-
drivers/misc/habanalabs/device.c | 32 ++-
drivers/misc/habanalabs/goya/goya.c | 6 +
drivers/misc/habanalabs/memory.c | 11 +-
drivers/mmc/core/pwrseq_emmc.c | 38 +--
drivers/mmc/core/sd.c | 8 +
drivers/mmc/host/mmc_spi.c | 4 +
drivers/mmc/host/sdhci-iproc.c | 6 +-
drivers/mmc/host/sdhci-of-esdhc.c | 8 +
drivers/net/ethernet/amazon/ena/ena_netdev.c | 27 +-
drivers/net/ethernet/chelsio/cxgb3/l2t.h | 2 +-
drivers/net/ethernet/chelsio/cxgb4/cxgb4_main.c | 15 +-
drivers/net/ethernet/freescale/dpaa2/dpaa2-eth.c | 7 +-
drivers/net/ethernet/hisilicon/hns3/hclge_mbx.h | 2 +-
drivers/net/ethernet/hisilicon/hns3/hns3_enet.c | 20 +-
drivers/net/ethernet/hisilicon/hns3/hns3_ethtool.c | 5 +
.../net/ethernet/hisilicon/hns3/hns3pf/hclge_cmd.c | 11 +-
.../net/ethernet/hisilicon/hns3/hns3pf/hclge_tm.c | 5 +-
.../ethernet/hisilicon/hns3/hns3vf/hclgevf_cmd.c | 13 +-
.../ethernet/hisilicon/hns3/hns3vf/hclgevf_main.c | 12 +-
.../ethernet/hisilicon/hns3/hns3vf/hclgevf_mbx.c | 7 +-
drivers/net/ethernet/intel/e1000e/netdev.c | 2 +-
drivers/net/ethernet/intel/i40e/i40e_main.c | 8 +
drivers/net/ethernet/intel/i40e/i40e_virtchnl_pf.c | 22 +-
drivers/net/ethernet/intel/ice/ice.h | 1 +
drivers/net/ethernet/intel/ice/ice_lib.c | 4 +
drivers/net/ethernet/intel/ice/ice_main.c | 25 +-
drivers/net/ethernet/intel/ice/ice_txrx.c | 292 +++++++++++++++++++--
drivers/net/ethernet/intel/ice/ice_txrx.h | 6 +
drivers/net/ethernet/intel/ice/ice_virtchnl_pf.c | 20 +-
drivers/net/ethernet/intel/igb/igb_main.c | 3 +
drivers/net/ethernet/mellanox/mlx5/core/eswitch.h | 3 +
.../ethernet/mellanox/mlx5/core/eswitch_offloads.c | 38 ++-
drivers/net/ethernet/ti/cpsw.c | 12 +-
drivers/net/ethernet/ti/cpsw_ale.c | 19 +-
drivers/net/ethernet/ti/cpsw_ale.h | 3 +-
drivers/net/hyperv/netvsc.c | 15 +-
drivers/net/phy/phy_device.c | 16 +-
drivers/net/usb/qmi_wwan.c | 65 +++--
drivers/net/wireless/ath/wil6210/cfg80211.c | 5 +
drivers/net/wireless/ath/wil6210/wmi.c | 11 +-
drivers/net/wireless/atmel/at76c50x-usb.c | 4 +-
drivers/net/wireless/broadcom/b43/phy_lp.c | 6 +-
.../broadcom/brcm80211/brcmfmac/cfg80211.c | 4 +
.../wireless/broadcom/brcm80211/brcmfmac/core.c | 10 +-
.../broadcom/brcm80211/brcmfmac/fwsignal.c | 42 +--
.../net/wireless/broadcom/brcm80211/brcmfmac/usb.c | 27 +-
.../wireless/broadcom/brcm80211/brcmfmac/vendor.c | 5 +-
drivers/net/wireless/intel/iwlwifi/mvm/sta.c | 3 +-
drivers/net/wireless/intel/iwlwifi/pcie/rx.c | 7 +-
drivers/net/wireless/marvell/mwifiex/cfg80211.c | 6 +-
drivers/net/wireless/marvell/mwifiex/cfp.c | 3 +
drivers/net/wireless/mediatek/mt76/dma.c | 3 +-
drivers/net/wireless/mediatek/mt76/mt76.h | 4 +-
drivers/net/wireless/mediatek/mt76/mt7603/beacon.c | 6 +-
drivers/net/wireless/mediatek/mt76/mt76x02_mmio.c | 4 +-
drivers/net/wireless/mediatek/mt76/tx.c | 10 +-
drivers/net/wireless/mediatek/mt76/usb.c | 3 +-
drivers/net/wireless/realtek/rtlwifi/base.c | 5 +
.../net/wireless/realtek/rtlwifi/rtl8188ee/fw.c | 2 +
.../wireless/realtek/rtlwifi/rtl8192c/fw_common.c | 2 +
.../net/wireless/realtek/rtlwifi/rtl8192ee/fw.c | 2 +
.../net/wireless/realtek/rtlwifi/rtl8723ae/fw.c | 2 +
.../net/wireless/realtek/rtlwifi/rtl8723be/fw.c | 2 +
.../net/wireless/realtek/rtlwifi/rtl8821ae/fw.c | 4 +
drivers/net/wireless/rsi/rsi_91x_mac80211.c | 30 ++-
drivers/net/wireless/st/cw1200/main.c | 5 +
drivers/nvdimm/pmem.c | 11 +-
drivers/nvme/host/core.c | 7 +-
drivers/nvme/host/rdma.c | 10 +-
drivers/nvme/host/tcp.c | 8 +-
drivers/perf/arm-cci.c | 21 +-
drivers/phy/allwinner/phy-sun4i-usb.c | 4 +
drivers/phy/motorola/Kconfig | 2 +-
drivers/phy/ti/Kconfig | 2 +-
drivers/pinctrl/pinctrl-pistachio.c | 2 +
drivers/pinctrl/pinctrl-st.c | 15 +-
drivers/pinctrl/samsung/pinctrl-exynos-arm.c | 1 +
drivers/pinctrl/zte/pinctrl-zx.c | 1 +
drivers/regulator/core.c | 4 +-
drivers/regulator/da9055-regulator.c | 2 +
drivers/regulator/da9062-regulator.c | 2 +
drivers/regulator/da9063-regulator.c | 5 +-
drivers/regulator/da9211-regulator.c | 4 +
drivers/regulator/lp8755.c | 15 +-
drivers/regulator/ltc3589.c | 10 +-
drivers/regulator/ltc3676.c | 10 +-
drivers/regulator/pv88060-regulator.c | 4 +
drivers/regulator/pv88080-regulator.c | 4 +
drivers/regulator/pv88090-regulator.c | 4 +
drivers/regulator/wm831x-dcdc.c | 4 +
drivers/regulator/wm831x-isink.c | 2 +
drivers/regulator/wm831x-ldo.c | 2 +
drivers/rtc/rtc-88pm860x.c | 2 +-
drivers/rtc/rtc-stm32.c | 9 +-
drivers/rtc/rtc-xgene.c | 18 +-
drivers/s390/block/dcssblk.c | 1 +
drivers/s390/cio/cio.h | 2 +-
drivers/s390/cio/vfio_ccw_drv.c | 32 ++-
drivers/s390/cio/vfio_ccw_ops.c | 11 +-
drivers/s390/crypto/zcrypt_api.c | 4 +
drivers/s390/net/qeth_core.h | 10 +-
drivers/s390/net/qeth_core_main.c | 14 +-
drivers/scsi/libsas/sas_expander.c | 5 +
drivers/scsi/lpfc/lpfc_ct.c | 22 +-
drivers/scsi/lpfc/lpfc_hbadisc.c | 15 +-
drivers/scsi/lpfc/lpfc_init.c | 11 +-
drivers/scsi/lpfc/lpfc_nvme.c | 8 +-
drivers/scsi/lpfc/lpfc_scsi.c | 2 +-
drivers/scsi/lpfc/lpfc_sli.c | 14 +-
drivers/scsi/qedf/qedf_io.c | 1 +
drivers/scsi/qedi/qedi_iscsi.c | 3 +
drivers/scsi/qla2xxx/qla_isr.c | 6 +-
drivers/scsi/qla2xxx/qla_target.c | 25 +-
drivers/scsi/qla2xxx/tcm_qla2xxx.c | 7 +-
drivers/scsi/qla4xxx/ql4_os.c | 2 +-
drivers/scsi/sd.c | 3 +-
drivers/scsi/ufs/ufs-hisi.c | 4 +
drivers/scsi/ufs/ufshcd.c | 28 +-
drivers/slimbus/qcom-ngd-ctrl.c | 4 +
drivers/spi/atmel-quadspi.c | 6 +-
drivers/spi/spi-imx.c | 2 +-
drivers/spi/spi-pxa2xx.c | 8 +-
drivers/spi/spi-rspi.c | 9 +-
drivers/spi/spi-stm32-qspi.c | 46 ++--
drivers/spi/spi-tegra114.c | 32 ++-
drivers/spi/spi-topcliff-pch.c | 15 +-
drivers/spi/spi.c | 43 +--
drivers/ssb/bridge_pcmcia_80211.c | 9 +-
drivers/staging/media/davinci_vpfe/Kconfig | 2 +-
drivers/staging/media/imx/imx-media-vdic.c | 6 +
drivers/staging/media/ipu3/ipu3.c | 2 +-
drivers/staging/media/sunxi/cedrus/cedrus.h | 3 +
drivers/staging/media/sunxi/cedrus/cedrus_hw.c | 3 +-
drivers/staging/mt7621-mmc/sd.c | 27 +-
.../interface/vchiq_arm/vchiq_2835_arm.c | 3 +
.../vc04_services/interface/vchiq_arm/vchiq_core.c | 2 +
drivers/thunderbolt/icm.c | 5 +
drivers/thunderbolt/property.c | 12 +-
drivers/thunderbolt/switch.c | 67 ++---
drivers/thunderbolt/tb.h | 3 +-
drivers/thunderbolt/xdomain.c | 8 +-
drivers/tty/ipwireless/main.c | 8 +
drivers/usb/core/hcd.c | 3 +
drivers/usb/core/hub.c | 5 +-
drivers/usb/dwc2/gadget.c | 27 +-
drivers/usb/dwc3/core.c | 2 +
drivers/usb/dwc3/gadget.c | 2 -
drivers/usb/gadget/function/f_fs.c | 3 +-
drivers/video/fbdev/core/fbcmap.c | 2 +
drivers/video/fbdev/core/modedb.c | 3 +
drivers/video/fbdev/efifb.c | 3 +-
drivers/w1/w1_io.c | 3 +-
drivers/xen/biomerge.c | 5 +-
fs/afs/xattr.c | 15 +-
fs/btrfs/compression.c | 1 +
fs/btrfs/extent-tree.c | 28 +-
fs/btrfs/file.c | 19 +-
fs/btrfs/relocation.c | 31 ++-
fs/btrfs/root-tree.c | 17 +-
fs/btrfs/sysfs.c | 7 +-
fs/btrfs/tree-log.c | 1 +
fs/char_dev.c | 6 +
fs/crypto/crypto.c | 2 +-
fs/crypto/fname.c | 4 +-
fs/crypto/keyinfo.c | 4 +-
fs/crypto/policy.c | 6 +-
fs/ext4/inode.c | 23 +-
fs/gfs2/glock.c | 23 +-
fs/gfs2/incore.h | 1 +
fs/gfs2/lock_dlm.c | 9 +-
fs/gfs2/log.c | 3 +-
fs/gfs2/lops.c | 6 +-
fs/gfs2/super.c | 8 +-
fs/internal.h | 2 -
fs/io_uring.c | 2 +-
fs/nfs/client.c | 7 +-
fs/nfs/nfs4file.c | 2 +-
fs/overlayfs/dir.c | 2 +-
fs/overlayfs/inode.c | 3 +-
include/crypto/hash.h | 8 +-
include/drm/tinydrm/mipi-dbi.h | 5 +-
include/linux/bio.h | 2 +-
include/linux/cgroup-defs.h | 5 +
include/linux/dax.h | 26 ++
include/linux/filter.h | 1 +
include/linux/fscrypt.h | 3 +-
include/linux/genhd.h | 1 +
include/linux/hid.h | 1 +
include/linux/iio/adc/ad_sigma_delta.h | 1 +
include/linux/mlx5/eswitch.h | 2 +-
include/linux/mount.h | 2 +
include/linux/overflow.h | 12 +-
include/linux/rcupdate.h | 6 +-
include/linux/regulator/consumer.h | 5 +
include/linux/smpboot.h | 2 +-
include/linux/time64.h | 21 ++
include/media/videobuf2-core.h | 1 +
include/net/bluetooth/hci.h | 1 +
include/xen/xen.h | 4 +-
kernel/acct.c | 4 +-
kernel/auditfilter.c | 12 +-
kernel/auditsc.c | 10 +-
kernel/bpf/devmap.c | 3 +
kernel/cgroup/cgroup.c | 6 +
kernel/irq_work.c | 75 +++---
kernel/jump_label.c | 21 +-
kernel/module.c | 5 +
kernel/rcu/rcuperf.c | 5 +
kernel/rcu/rcutorture.c | 5 +
kernel/sched/core.c | 9 +-
kernel/sched/fair.c | 16 +-
kernel/sched/rt.c | 5 +
kernel/time/time.c | 2 +-
kernel/time/timekeeping.c | 6 +-
kernel/trace/trace_branch.c | 4 +
kernel/trace/trace_events_hist.c | 6 +
lib/kobject_uevent.c | 11 +-
lib/sbitmap.c | 2 +-
lib/strncpy_from_user.c | 5 +-
lib/strnlen_user.c | 4 +-
net/batman-adv/distributed-arp-table.c | 4 +-
net/batman-adv/main.c | 1 +
net/batman-adv/multicast.c | 11 +-
net/batman-adv/types.h | 5 +
net/bluetooth/hci_core.c | 5 +
net/bluetooth/hci_event.c | 12 +
net/bluetooth/hci_request.c | 5 +
net/bluetooth/hci_request.h | 1 +
net/mac80211/mlme.c | 3 -
net/netfilter/nf_conntrack_netlink.c | 2 +-
net/wireless/nl80211.c | 5 +
samples/bpf/asm_goto_workaround.h | 1 +
security/selinux/netlabel.c | 14 +-
sound/pci/hda/hda_codec.c | 8 +-
sound/soc/codecs/hdmi-codec.c | 6 +-
sound/soc/codecs/wcd9335.c | 1 +
sound/soc/fsl/Kconfig | 9 +-
sound/soc/fsl/eukrea-tlv320.c | 4 +-
sound/soc/fsl/fsl_sai.c | 2 +
sound/soc/fsl/fsl_utils.c | 1 +
sound/soc/intel/boards/kbl_da7219_max98357a.c | 2 +-
sound/soc/soc-core.c | 11 +
sound/soc/ti/Kconfig | 4 +-
sound/soc/ti/davinci-mcasp.c | 2 +
tools/bpf/bpftool/.gitignore | 2 +-
tools/lib/bpf/bpf.c | 2 +
tools/lib/bpf/bpf.h | 1 +
tools/lib/bpf/xsk.c | 77 +++---
tools/testing/selftests/bpf/test_libbpf_open.c | 2 +
tools/testing/selftests/bpf/trace_helpers.c | 4 +
tools/testing/selftests/cgroup/test_memcontrol.c | 38 +--
virt/kvm/eventfd.c | 9 +
444 files changed, 3433 insertions(+), 1514 deletions(-)
^ permalink raw reply [flat|nested] 429+ messages in thread
* [PATCH 5.1 001/405] x86: Hide the int3_emulate_call/jmp functions from UML
2019-05-30 2:59 [PATCH 5.1 000/405] 5.1.6-stable review Greg Kroah-Hartman
@ 2019-05-30 2:59 ` Greg Kroah-Hartman
2019-05-30 3:00 ` [PATCH 5.1 002/405] ext4: do not delete unlinked inode from orphan list on failed truncate Greg Kroah-Hartman
` (408 subsequent siblings)
409 siblings, 0 replies; 429+ messages in thread
From: Greg Kroah-Hartman @ 2019-05-30 2:59 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, kbuild test robot, Steven Rostedt (VMware)
From: Steven Rostedt (VMware) <rostedt@goodmis.org>
commit 693713cbdb3a4bda5a8a678c31f06560bbb14657 upstream.
User Mode Linux does not have access to the ip or sp fields of the pt_regs,
and accessing them causes UML to fail to build. Hide the int3_emulate_jmp()
and int3_emulate_call() instructions from UML, as it doesn't need them
anyway.
Reported-by: kbuild test robot <lkp@intel.com>
Signed-off-by: Steven Rostedt (VMware) <rostedt@goodmis.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
arch/x86/include/asm/text-patching.h | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
--- a/arch/x86/include/asm/text-patching.h
+++ b/arch/x86/include/asm/text-patching.h
@@ -39,6 +39,7 @@ extern int poke_int3_handler(struct pt_r
extern void *text_poke_bp(void *addr, const void *opcode, size_t len, void *handler);
extern int after_bootmem;
+#ifndef CONFIG_UML_X86
static inline void int3_emulate_jmp(struct pt_regs *regs, unsigned long ip)
{
regs->ip = ip;
@@ -65,6 +66,7 @@ static inline void int3_emulate_call(str
int3_emulate_push(regs, regs->ip - INT3_INSN_SIZE + CALL_INSN_SIZE);
int3_emulate_jmp(regs, func);
}
-#endif
+#endif /* CONFIG_X86_64 */
+#endif /* !CONFIG_UML_X86 */
#endif /* _ASM_X86_TEXT_PATCHING_H */
^ permalink raw reply [flat|nested] 429+ messages in thread
* [PATCH 5.1 002/405] ext4: do not delete unlinked inode from orphan list on failed truncate
2019-05-30 2:59 [PATCH 5.1 000/405] 5.1.6-stable review Greg Kroah-Hartman
2019-05-30 2:59 ` [PATCH 5.1 001/405] x86: Hide the int3_emulate_call/jmp functions from UML Greg Kroah-Hartman
@ 2019-05-30 3:00 ` Greg Kroah-Hartman
2019-05-30 3:00 ` [PATCH 5.1 003/405] ext4: wait for outstanding dio during truncate in nojournal mode Greg Kroah-Hartman
` (407 subsequent siblings)
409 siblings, 0 replies; 429+ messages in thread
From: Greg Kroah-Hartman @ 2019-05-30 3:00 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Ira Weiny, Jan Kara, Theodore Tso, stable
From: Jan Kara <jack@suse.cz>
commit ee0ed02ca93ef1ecf8963ad96638795d55af2c14 upstream.
It is possible that unlinked inode enters ext4_setattr() (e.g. if
somebody calls ftruncate(2) on unlinked but still open file). In such
case we should not delete the inode from the orphan list if truncate
fails. Note that this is mostly a theoretical concern as filesystem is
corrupted if we reach this path anyway but let's be consistent in our
orphan handling.
Reviewed-by: Ira Weiny <ira.weiny@intel.com>
Signed-off-by: Jan Kara <jack@suse.cz>
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
Cc: stable@kernel.org
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/ext4/inode.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/fs/ext4/inode.c
+++ b/fs/ext4/inode.c
@@ -5619,7 +5619,7 @@ int ext4_setattr(struct dentry *dentry,
up_write(&EXT4_I(inode)->i_data_sem);
ext4_journal_stop(handle);
if (error) {
- if (orphan)
+ if (orphan && inode->i_nlink)
ext4_orphan_del(NULL, inode);
goto err_out;
}
^ permalink raw reply [flat|nested] 429+ messages in thread
* [PATCH 5.1 003/405] ext4: wait for outstanding dio during truncate in nojournal mode
2019-05-30 2:59 [PATCH 5.1 000/405] 5.1.6-stable review Greg Kroah-Hartman
2019-05-30 2:59 ` [PATCH 5.1 001/405] x86: Hide the int3_emulate_call/jmp functions from UML Greg Kroah-Hartman
2019-05-30 3:00 ` [PATCH 5.1 002/405] ext4: do not delete unlinked inode from orphan list on failed truncate Greg Kroah-Hartman
@ 2019-05-30 3:00 ` Greg Kroah-Hartman
2019-05-30 3:00 ` [PATCH 5.1 004/405] KVM: x86: fix return value for reserved EFER Greg Kroah-Hartman
` (406 subsequent siblings)
409 siblings, 0 replies; 429+ messages in thread
From: Greg Kroah-Hartman @ 2019-05-30 3:00 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Ira Weiny, Jan Kara, Theodore Tso
From: Jan Kara <jack@suse.cz>
commit 82a25b027ca48d7ef197295846b352345853dfa8 upstream.
We didn't wait for outstanding direct IO during truncate in nojournal
mode (as we skip orphan handling in that case). This can lead to fs
corruption or stale data exposure if truncate ends up freeing blocks
and these get reallocated before direct IO finishes. Fix the condition
determining whether the wait is necessary.
CC: stable@vger.kernel.org
Fixes: 1c9114f9c0f1 ("ext4: serialize unlocked dio reads with truncate")
Reviewed-by: Ira Weiny <ira.weiny@intel.com>
Signed-off-by: Jan Kara <jack@suse.cz>
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/ext4/inode.c | 21 +++++++++------------
1 file changed, 9 insertions(+), 12 deletions(-)
--- a/fs/ext4/inode.c
+++ b/fs/ext4/inode.c
@@ -5624,20 +5624,17 @@ int ext4_setattr(struct dentry *dentry,
goto err_out;
}
}
- if (!shrink)
+ if (!shrink) {
pagecache_isize_extended(inode, oldsize, inode->i_size);
-
- /*
- * Blocks are going to be removed from the inode. Wait
- * for dio in flight. Temporarily disable
- * dioread_nolock to prevent livelock.
- */
- if (orphan) {
- if (!ext4_should_journal_data(inode)) {
- inode_dio_wait(inode);
- } else
- ext4_wait_for_tail_page_commit(inode);
+ } else {
+ /*
+ * Blocks are going to be removed from the inode. Wait
+ * for dio in flight.
+ */
+ inode_dio_wait(inode);
}
+ if (orphan && ext4_should_journal_data(inode))
+ ext4_wait_for_tail_page_commit(inode);
down_write(&EXT4_I(inode)->i_mmap_sem);
rc = ext4_break_layouts(inode);
^ permalink raw reply [flat|nested] 429+ messages in thread
* [PATCH 5.1 004/405] KVM: x86: fix return value for reserved EFER
2019-05-30 2:59 [PATCH 5.1 000/405] 5.1.6-stable review Greg Kroah-Hartman
` (2 preceding siblings ...)
2019-05-30 3:00 ` [PATCH 5.1 003/405] ext4: wait for outstanding dio during truncate in nojournal mode Greg Kroah-Hartman
@ 2019-05-30 3:00 ` Greg Kroah-Hartman
2019-05-30 3:00 ` [PATCH 5.1 005/405] x86/kvm/pmu: Set AMDs virt PMU version to 1 Greg Kroah-Hartman
` (405 subsequent siblings)
409 siblings, 0 replies; 429+ messages in thread
From: Greg Kroah-Hartman @ 2019-05-30 3:00 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Pavel Machek, Sean Christopherson,
Paolo Bonzini
From: Paolo Bonzini <pbonzini@redhat.com>
commit 66f61c92889ff3ca365161fb29dd36d6354682ba upstream.
Commit 11988499e62b ("KVM: x86: Skip EFER vs. guest CPUID checks for
host-initiated writes", 2019-04-02) introduced a "return false" in a
function returning int, and anyway set_efer has a "nonzero on error"
conventon so it should be returning 1.
Reported-by: Pavel Machek <pavel@denx.de>
Fixes: 11988499e62b ("KVM: x86: Skip EFER vs. guest CPUID checks for host-initiated writes")
Cc: Sean Christopherson <sean.j.christopherson@intel.com>
Cc: stable@vger.kernel.org
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
arch/x86/kvm/x86.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/arch/x86/kvm/x86.c
+++ b/arch/x86/kvm/x86.c
@@ -1288,7 +1288,7 @@ static int set_efer(struct kvm_vcpu *vcp
u64 efer = msr_info->data;
if (efer & efer_reserved_bits)
- return false;
+ return 1;
if (!msr_info->host_initiated) {
if (!__kvm_valid_efer(vcpu, efer))
^ permalink raw reply [flat|nested] 429+ messages in thread
* [PATCH 5.1 005/405] x86/kvm/pmu: Set AMDs virt PMU version to 1
2019-05-30 2:59 [PATCH 5.1 000/405] 5.1.6-stable review Greg Kroah-Hartman
` (3 preceding siblings ...)
2019-05-30 3:00 ` [PATCH 5.1 004/405] KVM: x86: fix return value for reserved EFER Greg Kroah-Hartman
@ 2019-05-30 3:00 ` Greg Kroah-Hartman
2019-05-30 3:00 ` [PATCH 5.1 006/405] bio: fix improper use of smp_mb__before_atomic() Greg Kroah-Hartman
` (404 subsequent siblings)
409 siblings, 0 replies; 429+ messages in thread
From: Greg Kroah-Hartman @ 2019-05-30 3:00 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Borislav Petkov, H. Peter Anvin,
Ingo Molnar, Janakarajan Natarajan, kvm, Liran Alon,
Mihai Carabas, Paolo Bonzini, Peter Zijlstra,
Radim Krčmář,
Thomas Gleixner, Tom Lendacky, x86
From: Borislav Petkov <bp@suse.de>
commit a80c4ec10ed9632c44c829452dc40a0443ff4e85 upstream.
After commit:
672ff6cff80c ("KVM: x86: Raise #GP when guest vCPU do not support PMU")
my AMD guests started #GPing like this:
general protection fault: 0000 [#1] PREEMPT SMP
CPU: 1 PID: 4355 Comm: bash Not tainted 5.1.0-rc6+ #3
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
RIP: 0010:x86_perf_event_update+0x3b/0xa0
with Code: pointing to RDPMC. It is RDPMC because the guest has the
hardware watchdog CONFIG_HARDLOCKUP_DETECTOR_PERF enabled which uses
perf. Instrumenting kvm_pmu_rdpmc() some, showed that it fails due to:
if (!pmu->version)
return 1;
which the above commit added. Since AMD's PMU leaves the version at 0,
that causes the #GP injection into the guest.
Set pmu->version arbitrarily to 1 and move it above the non-applicable
struct kvm_pmu members.
Signed-off-by: Borislav Petkov <bp@suse.de>
Cc: "H. Peter Anvin" <hpa@zytor.com>
Cc: Ingo Molnar <mingo@redhat.com>
Cc: Janakarajan Natarajan <Janakarajan.Natarajan@amd.com>
Cc: kvm@vger.kernel.org
Cc: Liran Alon <liran.alon@oracle.com>
Cc: Mihai Carabas <mihai.carabas@oracle.com>
Cc: Paolo Bonzini <pbonzini@redhat.com>
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: "Radim Krčmář" <rkrcmar@redhat.com>
Cc: Thomas Gleixner <tglx@linutronix.de>
Cc: Tom Lendacky <thomas.lendacky@amd.com>
Cc: x86@kernel.org
Cc: stable@vger.kernel.org
Fixes: 672ff6cff80c ("KVM: x86: Raise #GP when guest vCPU do not support PMU")
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
arch/x86/kvm/pmu_amd.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/arch/x86/kvm/pmu_amd.c
+++ b/arch/x86/kvm/pmu_amd.c
@@ -269,10 +269,10 @@ static void amd_pmu_refresh(struct kvm_v
pmu->counter_bitmask[KVM_PMC_GP] = ((u64)1 << 48) - 1;
pmu->reserved_bits = 0xffffffff00200000ull;
+ pmu->version = 1;
/* not applicable to AMD; but clean them to prevent any fall out */
pmu->counter_bitmask[KVM_PMC_FIXED] = 0;
pmu->nr_arch_fixed_counters = 0;
- pmu->version = 0;
pmu->global_status = 0;
}
^ permalink raw reply [flat|nested] 429+ messages in thread
* [PATCH 5.1 006/405] bio: fix improper use of smp_mb__before_atomic()
2019-05-30 2:59 [PATCH 5.1 000/405] 5.1.6-stable review Greg Kroah-Hartman
` (4 preceding siblings ...)
2019-05-30 3:00 ` [PATCH 5.1 005/405] x86/kvm/pmu: Set AMDs virt PMU version to 1 Greg Kroah-Hartman
@ 2019-05-30 3:00 ` Greg Kroah-Hartman
2019-05-30 3:00 ` [PATCH 5.1 007/405] sbitmap: " Greg Kroah-Hartman
` (403 subsequent siblings)
409 siblings, 0 replies; 429+ messages in thread
From: Greg Kroah-Hartman @ 2019-05-30 3:00 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Paul E. McKenney, Peter Zijlstra,
Andrea Parri, Ming Lei, Jens Axboe, linux-block
From: Andrea Parri <andrea.parri@amarulasolutions.com>
commit f381c6a4bd0ae0fde2d6340f1b9bb0f58d915de6 upstream.
This barrier only applies to the read-modify-write operations; in
particular, it does not apply to the atomic_set() primitive.
Replace the barrier with an smp_mb().
Fixes: dac56212e8127 ("bio: skip atomic inc/dec of ->bi_cnt for most use cases")
Cc: stable@vger.kernel.org
Reported-by: "Paul E. McKenney" <paulmck@linux.ibm.com>
Reported-by: Peter Zijlstra <peterz@infradead.org>
Signed-off-by: Andrea Parri <andrea.parri@amarulasolutions.com>
Reviewed-by: Ming Lei <ming.lei@redhat.com>
Cc: Jens Axboe <axboe@kernel.dk>
Cc: Ming Lei <ming.lei@redhat.com>
Cc: linux-block@vger.kernel.org
Cc: "Paul E. McKenney" <paulmck@linux.ibm.com>
Cc: Peter Zijlstra <peterz@infradead.org>
Signed-off-by: Jens Axboe <axboe@kernel.dk>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
include/linux/bio.h | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/include/linux/bio.h
+++ b/include/linux/bio.h
@@ -224,7 +224,7 @@ static inline void bio_cnt_set(struct bi
{
if (count != 1) {
bio->bi_flags |= (1 << BIO_REFFED);
- smp_mb__before_atomic();
+ smp_mb();
}
atomic_set(&bio->__bi_cnt, count);
}
^ permalink raw reply [flat|nested] 429+ messages in thread
* [PATCH 5.1 007/405] sbitmap: fix improper use of smp_mb__before_atomic()
2019-05-30 2:59 [PATCH 5.1 000/405] 5.1.6-stable review Greg Kroah-Hartman
` (5 preceding siblings ...)
2019-05-30 3:00 ` [PATCH 5.1 006/405] bio: fix improper use of smp_mb__before_atomic() Greg Kroah-Hartman
@ 2019-05-30 3:00 ` Greg Kroah-Hartman
2019-05-30 3:00 ` [PATCH 5.1 008/405] Revert "scsi: sd: Keep disk read-only when re-reading partition" Greg Kroah-Hartman
` (402 subsequent siblings)
409 siblings, 0 replies; 429+ messages in thread
From: Greg Kroah-Hartman @ 2019-05-30 3:00 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Paul E. McKenney, Peter Zijlstra,
Andrea Parri, Ming Lei, Jens Axboe, Omar Sandoval, linux-block
From: Andrea Parri <andrea.parri@amarulasolutions.com>
commit a0934fd2b1208458e55fc4b48f55889809fce666 upstream.
This barrier only applies to the read-modify-write operations; in
particular, it does not apply to the atomic_set() primitive.
Replace the barrier with an smp_mb().
Fixes: 6c0ca7ae292ad ("sbitmap: fix wakeup hang after sbq resize")
Cc: stable@vger.kernel.org
Reported-by: "Paul E. McKenney" <paulmck@linux.ibm.com>
Reported-by: Peter Zijlstra <peterz@infradead.org>
Signed-off-by: Andrea Parri <andrea.parri@amarulasolutions.com>
Reviewed-by: Ming Lei <ming.lei@redhat.com>
Cc: Jens Axboe <axboe@kernel.dk>
Cc: Omar Sandoval <osandov@fb.com>
Cc: Ming Lei <ming.lei@redhat.com>
Cc: linux-block@vger.kernel.org
Cc: "Paul E. McKenney" <paulmck@linux.ibm.com>
Cc: Peter Zijlstra <peterz@infradead.org>
Signed-off-by: Jens Axboe <axboe@kernel.dk>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
lib/sbitmap.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/lib/sbitmap.c
+++ b/lib/sbitmap.c
@@ -435,7 +435,7 @@ static void sbitmap_queue_update_wake_ba
* to ensure that the batch size is updated before the wait
* counts.
*/
- smp_mb__before_atomic();
+ smp_mb();
for (i = 0; i < SBQ_WAIT_QUEUES; i++)
atomic_set(&sbq->ws[i].wait_cnt, 1);
}
^ permalink raw reply [flat|nested] 429+ messages in thread
* [PATCH 5.1 008/405] Revert "scsi: sd: Keep disk read-only when re-reading partition"
2019-05-30 2:59 [PATCH 5.1 000/405] 5.1.6-stable review Greg Kroah-Hartman
` (6 preceding siblings ...)
2019-05-30 3:00 ` [PATCH 5.1 007/405] sbitmap: " Greg Kroah-Hartman
@ 2019-05-30 3:00 ` Greg Kroah-Hartman
2019-05-30 3:00 ` [PATCH 5.1 009/405] crypto: hash - fix incorrect HASH_MAX_DESCSIZE Greg Kroah-Hartman
` (401 subsequent siblings)
409 siblings, 0 replies; 429+ messages in thread
From: Greg Kroah-Hartman @ 2019-05-30 3:00 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Martin K. Petersen
From: Martin K. Petersen <martin.petersen@oracle.com>
commit 8acf608e602f6ec38b7cc37b04c80f1ce9a1a6cc upstream.
This reverts commit 20bd1d026aacc5399464f8328f305985c493cde3.
This patch introduced regressions for devices that come online in
read-only state and subsequently switch to read-write.
Given how the partition code is currently implemented it is not
possible to persist the read-only flag across a device revalidate
call. This may need to get addressed in the future since it is common
for user applications to proactively call BLKRRPART.
Reverting this commit will re-introduce a regression where a
device-initiated revalidate event will cause the admin state to be
forgotten. A separate patch will address this issue.
Fixes: 20bd1d026aac ("scsi: sd: Keep disk read-only when re-reading partition")
Cc: <stable@vger.kernel.org>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/scsi/sd.c | 3 +--
1 file changed, 1 insertion(+), 2 deletions(-)
--- a/drivers/scsi/sd.c
+++ b/drivers/scsi/sd.c
@@ -2603,7 +2603,6 @@ sd_read_write_protect_flag(struct scsi_d
int res;
struct scsi_device *sdp = sdkp->device;
struct scsi_mode_data data;
- int disk_ro = get_disk_ro(sdkp->disk);
int old_wp = sdkp->write_prot;
set_disk_ro(sdkp->disk, 0);
@@ -2644,7 +2643,7 @@ sd_read_write_protect_flag(struct scsi_d
"Test WP failed, assume Write Enabled\n");
} else {
sdkp->write_prot = ((data.device_specific & 0x80) != 0);
- set_disk_ro(sdkp->disk, sdkp->write_prot || disk_ro);
+ set_disk_ro(sdkp->disk, sdkp->write_prot);
if (sdkp->first_scan || old_wp != sdkp->write_prot) {
sd_printk(KERN_NOTICE, sdkp, "Write Protect is %s\n",
sdkp->write_prot ? "on" : "off");
^ permalink raw reply [flat|nested] 429+ messages in thread
* [PATCH 5.1 009/405] crypto: hash - fix incorrect HASH_MAX_DESCSIZE
2019-05-30 2:59 [PATCH 5.1 000/405] 5.1.6-stable review Greg Kroah-Hartman
` (7 preceding siblings ...)
2019-05-30 3:00 ` [PATCH 5.1 008/405] Revert "scsi: sd: Keep disk read-only when re-reading partition" Greg Kroah-Hartman
@ 2019-05-30 3:00 ` Greg Kroah-Hartman
2019-05-30 3:00 ` [PATCH 5.1 010/405] crypto: vmx - CTR: always increment IV as quadword Greg Kroah-Hartman
` (400 subsequent siblings)
409 siblings, 0 replies; 429+ messages in thread
From: Greg Kroah-Hartman @ 2019-05-30 3:00 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Corentin Labbe, Kees Cook,
Eric Biggers, Herbert Xu
From: Eric Biggers <ebiggers@google.com>
commit e1354400b25da645c4764ed6844d12f1582c3b66 upstream.
The "hmac(sha3-224-generic)" algorithm has a descsize of 368 bytes,
which is greater than HASH_MAX_DESCSIZE (360) which is only enough for
sha3-224-generic. The check in shash_prepare_alg() doesn't catch this
because the HMAC template doesn't set descsize on the algorithms, but
rather sets it on each individual HMAC transform.
This causes a stack buffer overflow when SHASH_DESC_ON_STACK() is used
with hmac(sha3-224-generic).
Fix it by increasing HASH_MAX_DESCSIZE to the real maximum. Also add a
sanity check to hmac_init().
This was detected by the improved crypto self-tests in v5.2, by loading
the tcrypt module with CONFIG_CRYPTO_MANAGER_EXTRA_TESTS=y enabled. I
didn't notice this bug when I ran the self-tests by requesting the
algorithms via AF_ALG (i.e., not using tcrypt), probably because the
stack layout differs in the two cases and that made a difference here.
KASAN report:
BUG: KASAN: stack-out-of-bounds in memcpy include/linux/string.h:359 [inline]
BUG: KASAN: stack-out-of-bounds in shash_default_import+0x52/0x80 crypto/shash.c:223
Write of size 360 at addr ffff8880651defc8 by task insmod/3689
CPU: 2 PID: 3689 Comm: insmod Tainted: G E 5.1.0-10741-g35c99ffa20edd #11
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.10.2-1 04/01/2014
Call Trace:
__dump_stack lib/dump_stack.c:77 [inline]
dump_stack+0x86/0xc5 lib/dump_stack.c:113
print_address_description+0x7f/0x260 mm/kasan/report.c:188
__kasan_report+0x144/0x187 mm/kasan/report.c:317
kasan_report+0x12/0x20 mm/kasan/common.c:614
check_memory_region_inline mm/kasan/generic.c:185 [inline]
check_memory_region+0x137/0x190 mm/kasan/generic.c:191
memcpy+0x37/0x50 mm/kasan/common.c:125
memcpy include/linux/string.h:359 [inline]
shash_default_import+0x52/0x80 crypto/shash.c:223
crypto_shash_import include/crypto/hash.h:880 [inline]
hmac_import+0x184/0x240 crypto/hmac.c:102
hmac_init+0x96/0xc0 crypto/hmac.c:107
crypto_shash_init include/crypto/hash.h:902 [inline]
shash_digest_unaligned+0x9f/0xf0 crypto/shash.c:194
crypto_shash_digest+0xe9/0x1b0 crypto/shash.c:211
generate_random_hash_testvec.constprop.11+0x1ec/0x5b0 crypto/testmgr.c:1331
test_hash_vs_generic_impl+0x3f7/0x5c0 crypto/testmgr.c:1420
__alg_test_hash+0x26d/0x340 crypto/testmgr.c:1502
alg_test_hash+0x22e/0x330 crypto/testmgr.c:1552
alg_test.part.7+0x132/0x610 crypto/testmgr.c:4931
alg_test+0x1f/0x40 crypto/testmgr.c:4952
Fixes: b68a7ec1e9a3 ("crypto: hash - Remove VLA usage")
Reported-by: Corentin Labbe <clabbe.montjoie@gmail.com>
Cc: <stable@vger.kernel.org> # v4.20+
Cc: Kees Cook <keescook@chromium.org>
Signed-off-by: Eric Biggers <ebiggers@google.com>
Reviewed-by: Kees Cook <keescook@chromium.org>
Tested-by: Corentin Labbe <clabbe.montjoie@gmail.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
crypto/hmac.c | 2 ++
include/crypto/hash.h | 8 +++++++-
2 files changed, 9 insertions(+), 1 deletion(-)
--- a/crypto/hmac.c
+++ b/crypto/hmac.c
@@ -168,6 +168,8 @@ static int hmac_init_tfm(struct crypto_t
parent->descsize = sizeof(struct shash_desc) +
crypto_shash_descsize(hash);
+ if (WARN_ON(parent->descsize > HASH_MAX_DESCSIZE))
+ return -EINVAL;
ctx->hash = hash;
return 0;
--- a/include/crypto/hash.h
+++ b/include/crypto/hash.h
@@ -152,7 +152,13 @@ struct shash_desc {
};
#define HASH_MAX_DIGESTSIZE 64
-#define HASH_MAX_DESCSIZE 360
+
+/*
+ * Worst case is hmac(sha3-224-generic). Its context is a nested 'shash_desc'
+ * containing a 'struct sha3_state'.
+ */
+#define HASH_MAX_DESCSIZE (sizeof(struct shash_desc) + 360)
+
#define HASH_MAX_STATESIZE 512
#define SHASH_DESC_ON_STACK(shash, ctx) \
^ permalink raw reply [flat|nested] 429+ messages in thread
* [PATCH 5.1 010/405] crypto: vmx - CTR: always increment IV as quadword
2019-05-30 2:59 [PATCH 5.1 000/405] 5.1.6-stable review Greg Kroah-Hartman
` (8 preceding siblings ...)
2019-05-30 3:00 ` [PATCH 5.1 009/405] crypto: hash - fix incorrect HASH_MAX_DESCSIZE Greg Kroah-Hartman
@ 2019-05-30 3:00 ` Greg Kroah-Hartman
2019-05-30 3:00 ` [PATCH 5.1 011/405] mmc: sdhci-iproc: cygnus: Set NO_HISPD bit to fix HS50 data hold time problem Greg Kroah-Hartman
` (399 subsequent siblings)
409 siblings, 0 replies; 429+ messages in thread
From: Greg Kroah-Hartman @ 2019-05-30 3:00 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Daniel Axtens, Nayna Jain, Herbert Xu
From: Daniel Axtens <dja@axtens.net>
commit 009b30ac7444c17fae34c4f435ebce8e8e2b3250 upstream.
The kernel self-tests picked up an issue with CTR mode:
alg: skcipher: p8_aes_ctr encryption test failed (wrong result) on test vector 3, cfg="uneven misaligned splits, may sleep"
Test vector 3 has an IV of FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFD, so
after 3 increments it should wrap around to 0.
In the aesp8-ppc code from OpenSSL, there are two paths that
increment IVs: the bulk (8 at a time) path, and the individual
path which is used when there are fewer than 8 AES blocks to
process.
In the bulk path, the IV is incremented with vadduqm: "Vector
Add Unsigned Quadword Modulo", which does 128-bit addition.
In the individual path, however, the IV is incremented with
vadduwm: "Vector Add Unsigned Word Modulo", which instead
does 4 32-bit additions. Thus the IV would instead become
FFFFFFFFFFFFFFFFFFFFFFFF00000000, throwing off the result.
Use vadduqm.
This was probably a typo originally, what with q and w being
adjacent. It is a pretty narrow edge case: I am really
impressed by the quality of the kernel self-tests!
Fixes: 5c380d623ed3 ("crypto: vmx - Add support for VMS instructions by ASM")
Cc: stable@vger.kernel.org
Signed-off-by: Daniel Axtens <dja@axtens.net>
Acked-by: Nayna Jain <nayna@linux.ibm.com>
Tested-by: Nayna Jain <nayna@linux.ibm.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/crypto/vmx/aesp8-ppc.pl | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/drivers/crypto/vmx/aesp8-ppc.pl
+++ b/drivers/crypto/vmx/aesp8-ppc.pl
@@ -1357,7 +1357,7 @@ Loop_ctr32_enc:
addi $idx,$idx,16
bdnz Loop_ctr32_enc
- vadduwm $ivec,$ivec,$one
+ vadduqm $ivec,$ivec,$one
vmr $dat,$inptail
lvx $inptail,0,$inp
addi $inp,$inp,16
^ permalink raw reply [flat|nested] 429+ messages in thread
* [PATCH 5.1 011/405] mmc: sdhci-iproc: cygnus: Set NO_HISPD bit to fix HS50 data hold time problem
2019-05-30 2:59 [PATCH 5.1 000/405] 5.1.6-stable review Greg Kroah-Hartman
` (9 preceding siblings ...)
2019-05-30 3:00 ` [PATCH 5.1 010/405] crypto: vmx - CTR: always increment IV as quadword Greg Kroah-Hartman
@ 2019-05-30 3:00 ` Greg Kroah-Hartman
2019-05-30 3:00 ` [PATCH 5.1 012/405] mmc: sdhci-iproc: " Greg Kroah-Hartman
` (398 subsequent siblings)
409 siblings, 0 replies; 429+ messages in thread
From: Greg Kroah-Hartman @ 2019-05-30 3:00 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Trac Hoang, Scott Branden,
Adrian Hunter, Ulf Hansson
From: Trac Hoang <trac.hoang@broadcom.com>
commit b7dfa695afc40d5396ed84b9f25aa3754de23e39 upstream.
The iproc host eMMC/SD controller hold time does not meet the
specification in the HS50 mode. This problem can be mitigated
by disabling the HISPD bit; thus forcing the controller output
data to be driven on the falling clock edges rather than the
rising clock edges.
This change applies only to the Cygnus platform.
Stable tag (v4.12+) chosen to assist stable kernel maintainers so that
the change does not produce merge conflicts backporting to older kernel
versions. In reality, the timing bug existed since the driver was first
introduced but there is no need for this driver to be supported in kernel
versions that old.
Cc: stable@vger.kernel.org # v4.12+
Signed-off-by: Trac Hoang <trac.hoang@broadcom.com>
Signed-off-by: Scott Branden <scott.branden@broadcom.com>
Acked-by: Adrian Hunter <adrian.hunter@intel.com>
Signed-off-by: Ulf Hansson <ulf.hansson@linaro.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/mmc/host/sdhci-iproc.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
--- a/drivers/mmc/host/sdhci-iproc.c
+++ b/drivers/mmc/host/sdhci-iproc.c
@@ -196,7 +196,8 @@ static const struct sdhci_ops sdhci_ipro
};
static const struct sdhci_pltfm_data sdhci_iproc_cygnus_pltfm_data = {
- .quirks = SDHCI_QUIRK_DATA_TIMEOUT_USES_SDCLK,
+ .quirks = SDHCI_QUIRK_DATA_TIMEOUT_USES_SDCLK |
+ SDHCI_QUIRK_NO_HISPD_BIT,
.quirks2 = SDHCI_QUIRK2_ACMD23_BROKEN | SDHCI_QUIRK2_HOST_OFF_CARD_ON,
.ops = &sdhci_iproc_32only_ops,
};
^ permalink raw reply [flat|nested] 429+ messages in thread
* [PATCH 5.1 012/405] mmc: sdhci-iproc: Set NO_HISPD bit to fix HS50 data hold time problem
2019-05-30 2:59 [PATCH 5.1 000/405] 5.1.6-stable review Greg Kroah-Hartman
` (10 preceding siblings ...)
2019-05-30 3:00 ` [PATCH 5.1 011/405] mmc: sdhci-iproc: cygnus: Set NO_HISPD bit to fix HS50 data hold time problem Greg Kroah-Hartman
@ 2019-05-30 3:00 ` Greg Kroah-Hartman
2019-05-30 3:00 ` [PATCH 5.1 013/405] tracing: Add a check_val() check before updating cond_snapshot() track_val Greg Kroah-Hartman
` (397 subsequent siblings)
409 siblings, 0 replies; 429+ messages in thread
From: Greg Kroah-Hartman @ 2019-05-30 3:00 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Trac Hoang, Scott Branden,
Adrian Hunter, Ulf Hansson
From: Trac Hoang <trac.hoang@broadcom.com>
commit ec0970e0a1b2c807c908d459641a9f9a1be3e130 upstream.
The iproc host eMMC/SD controller hold time does not meet the
specification in the HS50 mode. This problem can be mitigated
by disabling the HISPD bit; thus forcing the controller output
data to be driven on the falling clock edges rather than the
rising clock edges.
Stable tag (v4.12+) chosen to assist stable kernel maintainers so that
the change does not produce merge conflicts backporting to older kernel
versions. In reality, the timing bug existed since the driver was first
introduced but there is no need for this driver to be supported in kernel
versions that old.
Cc: stable@vger.kernel.org # v4.12+
Signed-off-by: Trac Hoang <trac.hoang@broadcom.com>
Signed-off-by: Scott Branden <scott.branden@broadcom.com>
Acked-by: Adrian Hunter <adrian.hunter@intel.com>
Signed-off-by: Ulf Hansson <ulf.hansson@linaro.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/mmc/host/sdhci-iproc.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
--- a/drivers/mmc/host/sdhci-iproc.c
+++ b/drivers/mmc/host/sdhci-iproc.c
@@ -220,7 +220,8 @@ static const struct sdhci_iproc_data ipr
static const struct sdhci_pltfm_data sdhci_iproc_pltfm_data = {
.quirks = SDHCI_QUIRK_DATA_TIMEOUT_USES_SDCLK |
- SDHCI_QUIRK_MULTIBLOCK_READ_ACMD12,
+ SDHCI_QUIRK_MULTIBLOCK_READ_ACMD12 |
+ SDHCI_QUIRK_NO_HISPD_BIT,
.quirks2 = SDHCI_QUIRK2_ACMD23_BROKEN,
.ops = &sdhci_iproc_ops,
};
^ permalink raw reply [flat|nested] 429+ messages in thread
* [PATCH 5.1 013/405] tracing: Add a check_val() check before updating cond_snapshot() track_val
2019-05-30 2:59 [PATCH 5.1 000/405] 5.1.6-stable review Greg Kroah-Hartman
` (11 preceding siblings ...)
2019-05-30 3:00 ` [PATCH 5.1 012/405] mmc: sdhci-iproc: " Greg Kroah-Hartman
@ 2019-05-30 3:00 ` Greg Kroah-Hartman
2019-05-30 3:00 ` [PATCH 5.1 014/405] dax: Arrange for dax_supported check to span multiple devices Greg Kroah-Hartman
` (396 subsequent siblings)
409 siblings, 0 replies; 429+ messages in thread
From: Greg Kroah-Hartman @ 2019-05-30 3:00 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Tom Zanussi, Steven Rostedt (VMware)
From: Tom Zanussi <tom.zanussi@linux.intel.com>
commit 9b2ca371b1505a547217b244f903ad3fb86fa5b4 upstream.
Without this check a snapshot is taken whenever a bucket's max is hit,
rather than only when the global max is hit, as it should be.
Before:
In this example, we do a first run of the workload (cyclictest),
examine the output, note the max ('triggering value') (347), then do
a second run and note the max again.
In this case, the max in the second run (39) is below the max in the
first run, but since we haven't cleared the histogram, the first max
is still in the histogram and is higher than any other max, so it
should still be the max for the snapshot. It isn't however - the
value should still be 347 after the second run.
# echo 'hist:keys=pid:ts0=common_timestamp.usecs if comm=="cyclictest"' >> /sys/kernel/debug/tracing/events/sched/sched_waking/trigger
# echo 'hist:keys=next_pid:wakeup_lat=common_timestamp.usecs-$ts0:onmax($wakeup_lat).save(next_prio,next_comm,prev_pid,prev_prio,prev_comm):onmax($wakeup_lat).snapshot() if next_comm=="cyclictest"' >> /sys/kernel/debug/tracing/events/sched/sched_switch/trigger
# cyclictest -p 80 -n -s -t 2 -D 2
# cat /sys/kernel/debug/tracing/events/sched/sched_switch/hist
{ next_pid: 2143 } hitcount: 199
max: 44 next_prio: 120 next_comm: cyclictest
prev_pid: 0 prev_prio: 120 prev_comm: swapper/4
{ next_pid: 2145 } hitcount: 1325
max: 38 next_prio: 19 next_comm: cyclictest
prev_pid: 0 prev_prio: 120 prev_comm: swapper/2
{ next_pid: 2144 } hitcount: 1982
max: 347 next_prio: 19 next_comm: cyclictest
prev_pid: 0 prev_prio: 120 prev_comm: swapper/6
Snapshot taken (see tracing/snapshot). Details:
triggering value { onmax($wakeup_lat) }: 347
triggered by event with key: { next_pid: 2144 }
# cyclictest -p 80 -n -s -t 2 -D 2
# cat /sys/kernel/debug/tracing/events/sched/sched_switch/hist
{ next_pid: 2143 } hitcount: 199
max: 44 next_prio: 120 next_comm: cyclictest
prev_pid: 0 prev_prio: 120 prev_comm: swapper/4
{ next_pid: 2148 } hitcount: 199
max: 16 next_prio: 120 next_comm: cyclictest
prev_pid: 0 prev_prio: 120 prev_comm: swapper/1
{ next_pid: 2145 } hitcount: 1325
max: 38 next_prio: 19 next_comm: cyclictest
prev_pid: 0 prev_prio: 120 prev_comm: swapper/2
{ next_pid: 2150 } hitcount: 1326
max: 39 next_prio: 19 next_comm: cyclictest
prev_pid: 0 prev_prio: 120 prev_comm: swapper/4
{ next_pid: 2144 } hitcount: 1982
max: 347 next_prio: 19 next_comm: cyclictest
prev_pid: 0 prev_prio: 120 prev_comm: swapper/6
{ next_pid: 2149 } hitcount: 1983
max: 130 next_prio: 19 next_comm: cyclictest
prev_pid: 0 prev_prio: 120 prev_comm: swapper/0
Snapshot taken (see tracing/snapshot). Details:
triggering value { onmax($wakeup_lat) }: 39
triggered by event with key: { next_pid: 2150 }
After:
In this example, we do a first run of the workload (cyclictest),
examine the output, note the max ('triggering value') (375), then do
a second run and note the max again.
In this case, the max in the second run is still 375, the highest in
any bucket, as it should be.
# cyclictest -p 80 -n -s -t 2 -D 2
# cat /sys/kernel/debug/tracing/events/sched/sched_switch/hist
{ next_pid: 2072 } hitcount: 200
max: 28 next_prio: 120 next_comm: cyclictest
prev_pid: 0 prev_prio: 120 prev_comm: swapper/5
{ next_pid: 2074 } hitcount: 1323
max: 375 next_prio: 19 next_comm: cyclictest
prev_pid: 0 prev_prio: 120 prev_comm: swapper/2
{ next_pid: 2073 } hitcount: 1980
max: 153 next_prio: 19 next_comm: cyclictest
prev_pid: 0 prev_prio: 120 prev_comm: swapper/6
Snapshot taken (see tracing/snapshot). Details:
triggering value { onmax($wakeup_lat) }: 375
triggered by event with key: { next_pid: 2074 }
# cyclictest -p 80 -n -s -t 2 -D 2
# cat /sys/kernel/debug/tracing/events/sched/sched_switch/hist
{ next_pid: 2101 } hitcount: 199
max: 49 next_prio: 120 next_comm: cyclictest
prev_pid: 0 prev_prio: 120 prev_comm: swapper/6
{ next_pid: 2072 } hitcount: 200
max: 28 next_prio: 120 next_comm: cyclictest
prev_pid: 0 prev_prio: 120 prev_comm: swapper/5
{ next_pid: 2074 } hitcount: 1323
max: 375 next_prio: 19 next_comm: cyclictest
prev_pid: 0 prev_prio: 120 prev_comm: swapper/2
{ next_pid: 2103 } hitcount: 1325
max: 74 next_prio: 19 next_comm: cyclictest
prev_pid: 0 prev_prio: 120 prev_comm: swapper/4
{ next_pid: 2073 } hitcount: 1980
max: 153 next_prio: 19 next_comm: cyclictest
prev_pid: 0 prev_prio: 120 prev_comm: swapper/6
{ next_pid: 2102 } hitcount: 1981
max: 84 next_prio: 19 next_comm: cyclictest
prev_pid: 12 prev_prio: 120 prev_comm: kworker/0:1
Snapshot taken (see tracing/snapshot). Details:
triggering value { onmax($wakeup_lat) }: 375
triggered by event with key: { next_pid: 2074 }
Link: http://lkml.kernel.org/r/95958351329f129c07504b4d1769c47a97b70d65.1555597045.git.tom.zanussi@linux.intel.com
Cc: stable@vger.kernel.org
Fixes: a3785b7eca8fd ("tracing: Add hist trigger snapshot() action")
Signed-off-by: Tom Zanussi <tom.zanussi@linux.intel.com>
Signed-off-by: Steven Rostedt (VMware) <rostedt@goodmis.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
kernel/trace/trace_events_hist.c | 6 ++++++
1 file changed, 6 insertions(+)
--- a/kernel/trace/trace_events_hist.c
+++ b/kernel/trace/trace_events_hist.c
@@ -3543,14 +3543,20 @@ static bool cond_snapshot_update(struct
struct track_data *track_data = tr->cond_snapshot->cond_data;
struct hist_elt_data *elt_data, *track_elt_data;
struct snapshot_context *context = cond_data;
+ struct action_data *action;
u64 track_val;
if (!track_data)
return false;
+ action = track_data->action_data;
+
track_val = get_track_val(track_data->hist_data, context->elt,
track_data->action_data);
+ if (!action->track_data.check_val(track_data->track_val, track_val))
+ return false;
+
track_data->track_val = track_val;
memcpy(track_data->key, context->key, track_data->key_len);
^ permalink raw reply [flat|nested] 429+ messages in thread
* [PATCH 5.1 014/405] dax: Arrange for dax_supported check to span multiple devices
2019-05-30 2:59 [PATCH 5.1 000/405] 5.1.6-stable review Greg Kroah-Hartman
` (12 preceding siblings ...)
2019-05-30 3:00 ` [PATCH 5.1 013/405] tracing: Add a check_val() check before updating cond_snapshot() track_val Greg Kroah-Hartman
@ 2019-05-30 3:00 ` Greg Kroah-Hartman
2019-05-30 3:00 ` [PATCH 5.1 015/405] kvm: Check irqchip mode before assign irqfd Greg Kroah-Hartman
` (395 subsequent siblings)
409 siblings, 0 replies; 429+ messages in thread
From: Greg Kroah-Hartman @ 2019-05-30 3:00 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Ira Weiny, Dave Jiang, Keith Busch,
Matthew Wilcox, Vishal Verma, Heiko Carstens, Martin Schwidefsky,
Jan Kara, Pankaj Gupta, Vaibhav Jain, Mike Snitzer, Dan Williams
From: Dan Williams <dan.j.williams@intel.com>
commit 7bf7eac8d648057519adb6fce1e31458c902212c upstream.
Pankaj reports that starting with commit ad428cdb525a "dax: Check the
end of the block-device capacity with dax_direct_access()" device-mapper
no longer allows dax operation. This results from the stricter checks in
__bdev_dax_supported() that validate that the start and end of a
block-device map to the same 'pagemap' instance.
Teach the dax-core and device-mapper to validate the 'pagemap' on a
per-target basis. This is accomplished by refactoring the
bdev_dax_supported() internals into generic_fsdax_supported() which
takes a sector range to validate. Consequently generic_fsdax_supported()
is suitable to be used in a device-mapper ->iterate_devices() callback.
A new ->dax_supported() operation is added to allow composite devices to
split and route upper-level bdev_dax_supported() requests.
Fixes: ad428cdb525a ("dax: Check the end of the block-device...")
Cc: <stable@vger.kernel.org>
Cc: Ira Weiny <ira.weiny@intel.com>
Cc: Dave Jiang <dave.jiang@intel.com>
Cc: Keith Busch <keith.busch@intel.com>
Cc: Matthew Wilcox <willy@infradead.org>
Cc: Vishal Verma <vishal.l.verma@intel.com>
Cc: Heiko Carstens <heiko.carstens@de.ibm.com>
Cc: Martin Schwidefsky <schwidefsky@de.ibm.com>
Reviewed-by: Jan Kara <jack@suse.cz>
Reported-by: Pankaj Gupta <pagupta@redhat.com>
Reviewed-by: Pankaj Gupta <pagupta@redhat.com>
Tested-by: Pankaj Gupta <pagupta@redhat.com>
Tested-by: Vaibhav Jain <vaibhav@linux.ibm.com>
Reviewed-by: Mike Snitzer <snitzer@redhat.com>
Signed-off-by: Dan Williams <dan.j.williams@intel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/dax/super.c | 88 +++++++++++++++++++++++++++----------------
drivers/md/dm-table.c | 17 +++++---
drivers/md/dm.c | 20 +++++++++
drivers/md/dm.h | 1
drivers/nvdimm/pmem.c | 1
drivers/s390/block/dcssblk.c | 1
include/linux/dax.h | 26 ++++++++++++
7 files changed, 117 insertions(+), 37 deletions(-)
--- a/drivers/dax/super.c
+++ b/drivers/dax/super.c
@@ -73,22 +73,12 @@ struct dax_device *fs_dax_get_by_bdev(st
EXPORT_SYMBOL_GPL(fs_dax_get_by_bdev);
#endif
-/**
- * __bdev_dax_supported() - Check if the device supports dax for filesystem
- * @bdev: block device to check
- * @blocksize: The block size of the device
- *
- * This is a library function for filesystems to check if the block device
- * can be mounted with dax option.
- *
- * Return: true if supported, false if unsupported
- */
-bool __bdev_dax_supported(struct block_device *bdev, int blocksize)
+bool __generic_fsdax_supported(struct dax_device *dax_dev,
+ struct block_device *bdev, int blocksize, sector_t start,
+ sector_t sectors)
{
- struct dax_device *dax_dev;
bool dax_enabled = false;
pgoff_t pgoff, pgoff_end;
- struct request_queue *q;
char buf[BDEVNAME_SIZE];
void *kaddr, *end_kaddr;
pfn_t pfn, end_pfn;
@@ -102,21 +92,14 @@ bool __bdev_dax_supported(struct block_d
return false;
}
- q = bdev_get_queue(bdev);
- if (!q || !blk_queue_dax(q)) {
- pr_debug("%s: error: request queue doesn't support dax\n",
- bdevname(bdev, buf));
- return false;
- }
-
- err = bdev_dax_pgoff(bdev, 0, PAGE_SIZE, &pgoff);
+ err = bdev_dax_pgoff(bdev, start, PAGE_SIZE, &pgoff);
if (err) {
pr_debug("%s: error: unaligned partition for dax\n",
bdevname(bdev, buf));
return false;
}
- last_page = PFN_DOWN(i_size_read(bdev->bd_inode) - 1) * 8;
+ last_page = PFN_DOWN((start + sectors - 1) * 512) * PAGE_SIZE / 512;
err = bdev_dax_pgoff(bdev, last_page, PAGE_SIZE, &pgoff_end);
if (err) {
pr_debug("%s: error: unaligned partition for dax\n",
@@ -124,20 +107,11 @@ bool __bdev_dax_supported(struct block_d
return false;
}
- dax_dev = dax_get_by_host(bdev->bd_disk->disk_name);
- if (!dax_dev) {
- pr_debug("%s: error: device does not support dax\n",
- bdevname(bdev, buf));
- return false;
- }
-
id = dax_read_lock();
len = dax_direct_access(dax_dev, pgoff, 1, &kaddr, &pfn);
len2 = dax_direct_access(dax_dev, pgoff_end, 1, &end_kaddr, &end_pfn);
dax_read_unlock(id);
- put_dax(dax_dev);
-
if (len < 1 || len2 < 1) {
pr_debug("%s: error: dax access failed (%ld)\n",
bdevname(bdev, buf), len < 1 ? len : len2);
@@ -178,6 +152,49 @@ bool __bdev_dax_supported(struct block_d
}
return true;
}
+EXPORT_SYMBOL_GPL(__generic_fsdax_supported);
+
+/**
+ * __bdev_dax_supported() - Check if the device supports dax for filesystem
+ * @bdev: block device to check
+ * @blocksize: The block size of the device
+ *
+ * This is a library function for filesystems to check if the block device
+ * can be mounted with dax option.
+ *
+ * Return: true if supported, false if unsupported
+ */
+bool __bdev_dax_supported(struct block_device *bdev, int blocksize)
+{
+ struct dax_device *dax_dev;
+ struct request_queue *q;
+ char buf[BDEVNAME_SIZE];
+ bool ret;
+ int id;
+
+ q = bdev_get_queue(bdev);
+ if (!q || !blk_queue_dax(q)) {
+ pr_debug("%s: error: request queue doesn't support dax\n",
+ bdevname(bdev, buf));
+ return false;
+ }
+
+ dax_dev = dax_get_by_host(bdev->bd_disk->disk_name);
+ if (!dax_dev) {
+ pr_debug("%s: error: device does not support dax\n",
+ bdevname(bdev, buf));
+ return false;
+ }
+
+ id = dax_read_lock();
+ ret = dax_supported(dax_dev, bdev, blocksize, 0,
+ i_size_read(bdev->bd_inode) / 512);
+ dax_read_unlock(id);
+
+ put_dax(dax_dev);
+
+ return ret;
+}
EXPORT_SYMBOL_GPL(__bdev_dax_supported);
#endif
@@ -303,6 +320,15 @@ long dax_direct_access(struct dax_device
}
EXPORT_SYMBOL_GPL(dax_direct_access);
+bool dax_supported(struct dax_device *dax_dev, struct block_device *bdev,
+ int blocksize, sector_t start, sector_t len)
+{
+ if (!dax_alive(dax_dev))
+ return false;
+
+ return dax_dev->ops->dax_supported(dax_dev, bdev, blocksize, start, len);
+}
+
size_t dax_copy_from_iter(struct dax_device *dax_dev, pgoff_t pgoff, void *addr,
size_t bytes, struct iov_iter *i)
{
--- a/drivers/md/dm-table.c
+++ b/drivers/md/dm-table.c
@@ -880,13 +880,17 @@ void dm_table_set_type(struct dm_table *
}
EXPORT_SYMBOL_GPL(dm_table_set_type);
+/* validate the dax capability of the target device span */
static int device_supports_dax(struct dm_target *ti, struct dm_dev *dev,
- sector_t start, sector_t len, void *data)
+ sector_t start, sector_t len, void *data)
{
- return bdev_dax_supported(dev->bdev, PAGE_SIZE);
+ int blocksize = *(int *) data;
+
+ return generic_fsdax_supported(dev->dax_dev, dev->bdev, blocksize,
+ start, len);
}
-static bool dm_table_supports_dax(struct dm_table *t)
+bool dm_table_supports_dax(struct dm_table *t, int blocksize)
{
struct dm_target *ti;
unsigned i;
@@ -899,7 +903,8 @@ static bool dm_table_supports_dax(struct
return false;
if (!ti->type->iterate_devices ||
- !ti->type->iterate_devices(ti, device_supports_dax, NULL))
+ !ti->type->iterate_devices(ti, device_supports_dax,
+ &blocksize))
return false;
}
@@ -979,7 +984,7 @@ static int dm_table_determine_type(struc
verify_bio_based:
/* We must use this table as bio-based */
t->type = DM_TYPE_BIO_BASED;
- if (dm_table_supports_dax(t) ||
+ if (dm_table_supports_dax(t, PAGE_SIZE) ||
(list_empty(devices) && live_md_type == DM_TYPE_DAX_BIO_BASED)) {
t->type = DM_TYPE_DAX_BIO_BASED;
} else {
@@ -1905,7 +1910,7 @@ void dm_table_set_restrictions(struct dm
}
blk_queue_write_cache(q, wc, fua);
- if (dm_table_supports_dax(t))
+ if (dm_table_supports_dax(t, PAGE_SIZE))
blk_queue_flag_set(QUEUE_FLAG_DAX, q);
else
blk_queue_flag_clear(QUEUE_FLAG_DAX, q);
--- a/drivers/md/dm.c
+++ b/drivers/md/dm.c
@@ -1105,6 +1105,25 @@ static long dm_dax_direct_access(struct
return ret;
}
+static bool dm_dax_supported(struct dax_device *dax_dev, struct block_device *bdev,
+ int blocksize, sector_t start, sector_t len)
+{
+ struct mapped_device *md = dax_get_private(dax_dev);
+ struct dm_table *map;
+ int srcu_idx;
+ bool ret;
+
+ map = dm_get_live_table(md, &srcu_idx);
+ if (!map)
+ return false;
+
+ ret = dm_table_supports_dax(map, blocksize);
+
+ dm_put_live_table(md, srcu_idx);
+
+ return ret;
+}
+
static size_t dm_dax_copy_from_iter(struct dax_device *dax_dev, pgoff_t pgoff,
void *addr, size_t bytes, struct iov_iter *i)
{
@@ -3194,6 +3213,7 @@ static const struct block_device_operati
static const struct dax_operations dm_dax_ops = {
.direct_access = dm_dax_direct_access,
+ .dax_supported = dm_dax_supported,
.copy_from_iter = dm_dax_copy_from_iter,
.copy_to_iter = dm_dax_copy_to_iter,
};
--- a/drivers/md/dm.h
+++ b/drivers/md/dm.h
@@ -72,6 +72,7 @@ bool dm_table_bio_based(struct dm_table
bool dm_table_request_based(struct dm_table *t);
void dm_table_free_md_mempools(struct dm_table *t);
struct dm_md_mempools *dm_table_get_md_mempools(struct dm_table *t);
+bool dm_table_supports_dax(struct dm_table *t, int blocksize);
void dm_lock_md_type(struct mapped_device *md);
void dm_unlock_md_type(struct mapped_device *md);
--- a/drivers/nvdimm/pmem.c
+++ b/drivers/nvdimm/pmem.c
@@ -295,6 +295,7 @@ static size_t pmem_copy_to_iter(struct d
static const struct dax_operations pmem_dax_ops = {
.direct_access = pmem_dax_direct_access,
+ .dax_supported = generic_fsdax_supported,
.copy_from_iter = pmem_copy_from_iter,
.copy_to_iter = pmem_copy_to_iter,
};
--- a/drivers/s390/block/dcssblk.c
+++ b/drivers/s390/block/dcssblk.c
@@ -59,6 +59,7 @@ static size_t dcssblk_dax_copy_to_iter(s
static const struct dax_operations dcssblk_dax_ops = {
.direct_access = dcssblk_dax_direct_access,
+ .dax_supported = generic_fsdax_supported,
.copy_from_iter = dcssblk_dax_copy_from_iter,
.copy_to_iter = dcssblk_dax_copy_to_iter,
};
--- a/include/linux/dax.h
+++ b/include/linux/dax.h
@@ -19,6 +19,12 @@ struct dax_operations {
*/
long (*direct_access)(struct dax_device *, pgoff_t, long,
void **, pfn_t *);
+ /*
+ * Validate whether this device is usable as an fsdax backing
+ * device.
+ */
+ bool (*dax_supported)(struct dax_device *, struct block_device *, int,
+ sector_t, sector_t);
/* copy_from_iter: required operation for fs-dax direct-i/o */
size_t (*copy_from_iter)(struct dax_device *, pgoff_t, void *, size_t,
struct iov_iter *);
@@ -75,6 +81,17 @@ static inline bool bdev_dax_supported(st
return __bdev_dax_supported(bdev, blocksize);
}
+bool __generic_fsdax_supported(struct dax_device *dax_dev,
+ struct block_device *bdev, int blocksize, sector_t start,
+ sector_t sectors);
+static inline bool generic_fsdax_supported(struct dax_device *dax_dev,
+ struct block_device *bdev, int blocksize, sector_t start,
+ sector_t sectors)
+{
+ return __generic_fsdax_supported(dax_dev, bdev, blocksize, start,
+ sectors);
+}
+
static inline struct dax_device *fs_dax_get_by_host(const char *host)
{
return dax_get_by_host(host);
@@ -99,6 +116,13 @@ static inline bool bdev_dax_supported(st
return false;
}
+static inline bool generic_fsdax_supported(struct dax_device *dax_dev,
+ struct block_device *bdev, int blocksize, sector_t start,
+ sector_t sectors)
+{
+ return false;
+}
+
static inline struct dax_device *fs_dax_get_by_host(const char *host)
{
return NULL;
@@ -142,6 +166,8 @@ bool dax_alive(struct dax_device *dax_de
void *dax_get_private(struct dax_device *dax_dev);
long dax_direct_access(struct dax_device *dax_dev, pgoff_t pgoff, long nr_pages,
void **kaddr, pfn_t *pfn);
+bool dax_supported(struct dax_device *dax_dev, struct block_device *bdev,
+ int blocksize, sector_t start, sector_t len);
size_t dax_copy_from_iter(struct dax_device *dax_dev, pgoff_t pgoff, void *addr,
size_t bytes, struct iov_iter *i);
size_t dax_copy_to_iter(struct dax_device *dax_dev, pgoff_t pgoff, void *addr,
^ permalink raw reply [flat|nested] 429+ messages in thread
* [PATCH 5.1 015/405] kvm: Check irqchip mode before assign irqfd
2019-05-30 2:59 [PATCH 5.1 000/405] 5.1.6-stable review Greg Kroah-Hartman
` (13 preceding siblings ...)
2019-05-30 3:00 ` [PATCH 5.1 014/405] dax: Arrange for dax_supported check to span multiple devices Greg Kroah-Hartman
@ 2019-05-30 3:00 ` Greg Kroah-Hartman
2019-05-30 3:00 ` [PATCH 5.1 016/405] kvm: svm/avic: fix off-by-one in checking host APIC ID Greg Kroah-Hartman
` (394 subsequent siblings)
409 siblings, 0 replies; 429+ messages in thread
From: Greg Kroah-Hartman @ 2019-05-30 3:00 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Paolo Bonzini,
Radim Krčmář,
Alex Williamson, Eduardo Habkost, Peter Xu
From: Peter Xu <peterx@redhat.com>
commit 654f1f13ea56b92bacade8ce2725aea0457f91c0 upstream.
When assigning kvm irqfd we didn't check the irqchip mode but we allow
KVM_IRQFD to succeed with all the irqchip modes. However it does not
make much sense to create irqfd even without the kernel chips. Let's
provide a arch-dependent helper to check whether a specific irqfd is
allowed by the arch. At least for x86, it should make sense to check:
- when irqchip mode is NONE, all irqfds should be disallowed, and,
- when irqchip mode is SPLIT, irqfds that are with resamplefd should
be disallowed.
For either of the case, previously we'll silently ignore the irq or
the irq ack event if the irqchip mode is incorrect. However that can
cause misterious guest behaviors and it can be hard to triage. Let's
fail KVM_IRQFD even earlier to detect these incorrect configurations.
CC: Paolo Bonzini <pbonzini@redhat.com>
CC: Radim Krčmář <rkrcmar@redhat.com>
CC: Alex Williamson <alex.williamson@redhat.com>
CC: Eduardo Habkost <ehabkost@redhat.com>
Signed-off-by: Peter Xu <peterx@redhat.com>
Cc: stable@vger.kernel.org
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
arch/x86/kvm/irq.c | 7 +++++++
arch/x86/kvm/irq.h | 1 +
virt/kvm/eventfd.c | 9 +++++++++
3 files changed, 17 insertions(+)
--- a/arch/x86/kvm/irq.c
+++ b/arch/x86/kvm/irq.c
@@ -172,3 +172,10 @@ void __kvm_migrate_timers(struct kvm_vcp
__kvm_migrate_apic_timer(vcpu);
__kvm_migrate_pit_timer(vcpu);
}
+
+bool kvm_arch_irqfd_allowed(struct kvm *kvm, struct kvm_irqfd *args)
+{
+ bool resample = args->flags & KVM_IRQFD_FLAG_RESAMPLE;
+
+ return resample ? irqchip_kernel(kvm) : irqchip_in_kernel(kvm);
+}
--- a/arch/x86/kvm/irq.h
+++ b/arch/x86/kvm/irq.h
@@ -114,6 +114,7 @@ static inline int irqchip_in_kernel(stru
return mode != KVM_IRQCHIP_NONE;
}
+bool kvm_arch_irqfd_allowed(struct kvm *kvm, struct kvm_irqfd *args);
void kvm_inject_pending_timer_irqs(struct kvm_vcpu *vcpu);
void kvm_inject_apic_timer_irqs(struct kvm_vcpu *vcpu);
void kvm_apic_nmi_wd_deliver(struct kvm_vcpu *vcpu);
--- a/virt/kvm/eventfd.c
+++ b/virt/kvm/eventfd.c
@@ -44,6 +44,12 @@
static struct workqueue_struct *irqfd_cleanup_wq;
+bool __attribute__((weak))
+kvm_arch_irqfd_allowed(struct kvm *kvm, struct kvm_irqfd *args)
+{
+ return true;
+}
+
static void
irqfd_inject(struct work_struct *work)
{
@@ -297,6 +303,9 @@ kvm_irqfd_assign(struct kvm *kvm, struct
if (!kvm_arch_intc_initialized(kvm))
return -EAGAIN;
+ if (!kvm_arch_irqfd_allowed(kvm, args))
+ return -EINVAL;
+
irqfd = kzalloc(sizeof(*irqfd), GFP_KERNEL_ACCOUNT);
if (!irqfd)
return -ENOMEM;
^ permalink raw reply [flat|nested] 429+ messages in thread
* [PATCH 5.1 016/405] kvm: svm/avic: fix off-by-one in checking host APIC ID
2019-05-30 2:59 [PATCH 5.1 000/405] 5.1.6-stable review Greg Kroah-Hartman
` (14 preceding siblings ...)
2019-05-30 3:00 ` [PATCH 5.1 015/405] kvm: Check irqchip mode before assign irqfd Greg Kroah-Hartman
@ 2019-05-30 3:00 ` Greg Kroah-Hartman
2019-05-30 3:00 ` [PATCH 5.1 017/405] KVM: nVMX: Fix using __this_cpu_read() in preemptible context Greg Kroah-Hartman
` (393 subsequent siblings)
409 siblings, 0 replies; 429+ messages in thread
From: Greg Kroah-Hartman @ 2019-05-30 3:00 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Suravee Suthikulpanit, Paolo Bonzini
From: Suthikulpanit, Suravee <Suravee.Suthikulpanit@amd.com>
commit c9bcd3e3335d0a29d89fabd2c385e1b989e6f1b0 upstream.
Current logic does not allow VCPU to be loaded onto CPU with
APIC ID 255. This should be allowed since the host physical APIC ID
field in the AVIC Physical APIC table entry is an 8-bit value,
and APIC ID 255 is valid in system with x2APIC enabled.
Instead, do not allow VCPU load if the host APIC ID cannot be
represented by an 8-bit value.
Also, use the more appropriate AVIC_PHYSICAL_ID_ENTRY_HOST_PHYSICAL_ID_MASK
instead of AVIC_MAX_PHYSICAL_ID_COUNT.
Signed-off-by: Suravee Suthikulpanit <suravee.suthikulpanit@amd.com>
Cc: stable@vger.kernel.org
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
arch/x86/kvm/svm.c | 6 +++++-
1 file changed, 5 insertions(+), 1 deletion(-)
--- a/arch/x86/kvm/svm.c
+++ b/arch/x86/kvm/svm.c
@@ -2024,7 +2024,11 @@ static void avic_vcpu_load(struct kvm_vc
if (!kvm_vcpu_apicv_active(vcpu))
return;
- if (WARN_ON(h_physical_id >= AVIC_MAX_PHYSICAL_ID_COUNT))
+ /*
+ * Since the host physical APIC id is 8 bits,
+ * we can support host APIC ID upto 255.
+ */
+ if (WARN_ON(h_physical_id > AVIC_PHYSICAL_ID_ENTRY_HOST_PHYSICAL_ID_MASK))
return;
entry = READ_ONCE(*(svm->avic_physical_id_cache));
^ permalink raw reply [flat|nested] 429+ messages in thread
* [PATCH 5.1 017/405] KVM: nVMX: Fix using __this_cpu_read() in preemptible context
2019-05-30 2:59 [PATCH 5.1 000/405] 5.1.6-stable review Greg Kroah-Hartman
` (15 preceding siblings ...)
2019-05-30 3:00 ` [PATCH 5.1 016/405] kvm: svm/avic: fix off-by-one in checking host APIC ID Greg Kroah-Hartman
@ 2019-05-30 3:00 ` Greg Kroah-Hartman
2019-05-30 3:00 ` [PATCH 5.1 018/405] libnvdimm/pmem: Bypass CONFIG_HARDENED_USERCOPY overhead Greg Kroah-Hartman
` (392 subsequent siblings)
409 siblings, 0 replies; 429+ messages in thread
From: Greg Kroah-Hartman @ 2019-05-30 3:00 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Paolo Bonzini,
Radim Krčmář,
Wanpeng Li, Sean Christopherson
From: Wanpeng Li <wanpengli@tencent.com>
commit 541e886f7972cc647804dbb4909189e67987a945 upstream.
BUG: using __this_cpu_read() in preemptible [00000000] code: qemu-system-x86/4590
caller is nested_vmx_enter_non_root_mode+0xebd/0x1790 [kvm_intel]
CPU: 4 PID: 4590 Comm: qemu-system-x86 Tainted: G OE 5.1.0-rc4+ #1
Call Trace:
dump_stack+0x67/0x95
__this_cpu_preempt_check+0xd2/0xe0
nested_vmx_enter_non_root_mode+0xebd/0x1790 [kvm_intel]
nested_vmx_run+0xda/0x2b0 [kvm_intel]
handle_vmlaunch+0x13/0x20 [kvm_intel]
vmx_handle_exit+0xbd/0x660 [kvm_intel]
kvm_arch_vcpu_ioctl_run+0xa2c/0x1e50 [kvm]
kvm_vcpu_ioctl+0x3ad/0x6d0 [kvm]
do_vfs_ioctl+0xa5/0x6e0
ksys_ioctl+0x6d/0x80
__x64_sys_ioctl+0x1a/0x20
do_syscall_64+0x6f/0x6c0
entry_SYSCALL_64_after_hwframe+0x49/0xbe
Accessing per-cpu variable should disable preemption, this patch extends the
preemption disable region for __this_cpu_read().
Cc: Paolo Bonzini <pbonzini@redhat.com>
Cc: Radim Krčmář <rkrcmar@redhat.com>
Signed-off-by: Wanpeng Li <wanpengli@tencent.com>
Fixes: 52017608da33 ("KVM: nVMX: add option to perform early consistency checks via H/W")
Cc: stable@vger.kernel.org
Reviewed-by: Sean Christopherson <sean.j.christopherson@intel.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
arch/x86/kvm/vmx/nested.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
--- a/arch/x86/kvm/vmx/nested.c
+++ b/arch/x86/kvm/vmx/nested.c
@@ -2792,14 +2792,13 @@ static int nested_vmx_check_vmentry_hw(s
: "cc", "memory"
);
- preempt_enable();
-
if (vmx->msr_autoload.host.nr)
vmcs_write32(VM_EXIT_MSR_LOAD_COUNT, vmx->msr_autoload.host.nr);
if (vmx->msr_autoload.guest.nr)
vmcs_write32(VM_ENTRY_MSR_LOAD_COUNT, vmx->msr_autoload.guest.nr);
if (vm_fail) {
+ preempt_enable();
WARN_ON_ONCE(vmcs_read32(VM_INSTRUCTION_ERROR) !=
VMXERR_ENTRY_INVALID_CONTROL_FIELD);
return 1;
@@ -2811,6 +2810,7 @@ static int nested_vmx_check_vmentry_hw(s
local_irq_enable();
if (hw_breakpoint_active())
set_debugreg(__this_cpu_read(cpu_dr7), 7);
+ preempt_enable();
/*
* A non-failing VMEntry means we somehow entered guest mode with
^ permalink raw reply [flat|nested] 429+ messages in thread
* [PATCH 5.1 018/405] libnvdimm/pmem: Bypass CONFIG_HARDENED_USERCOPY overhead
2019-05-30 2:59 [PATCH 5.1 000/405] 5.1.6-stable review Greg Kroah-Hartman
` (16 preceding siblings ...)
2019-05-30 3:00 ` [PATCH 5.1 017/405] KVM: nVMX: Fix using __this_cpu_read() in preemptible context Greg Kroah-Hartman
@ 2019-05-30 3:00 ` Greg Kroah-Hartman
2019-05-30 3:00 ` [PATCH 5.1 019/405] arm64/kernel: kaslr: reduce module randomization range to 2 GB Greg Kroah-Hartman
` (391 subsequent siblings)
409 siblings, 0 replies; 429+ messages in thread
From: Greg Kroah-Hartman @ 2019-05-30 3:00 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Jeff Moyer, Ingo Molnar,
Christoph Hellwig, Al Viro, Thomas Gleixner, Matthew Wilcox,
Kees Cook, Jan Kara, Dan Williams, Jeff Smits
From: Dan Williams <dan.j.williams@intel.com>
commit 52f476a323f9efc959be1c890d0cdcf12e1582e0 upstream.
Jeff discovered that performance improves from ~375K iops to ~519K iops
on a simple psync-write fio workload when moving the location of 'struct
page' from the default PMEM location to DRAM. This result is surprising
because the expectation is that 'struct page' for dax is only needed for
third party references to dax mappings. For example, a dax-mapped buffer
passed to another system call for direct-I/O requires 'struct page' for
sending the request down the driver stack and pinning the page. There is
no usage of 'struct page' for first party access to a file via
read(2)/write(2) and friends.
However, this "no page needed" expectation is violated by
CONFIG_HARDENED_USERCOPY and the check_copy_size() performed in
copy_from_iter_full_nocache() and copy_to_iter_mcsafe(). The
check_heap_object() helper routine assumes the buffer is backed by a
slab allocator (DRAM) page and applies some checks. Those checks are
invalid, dax pages do not originate from the slab, and redundant,
dax_iomap_actor() has already validated that the I/O is within bounds.
Specifically that routine validates that the logical file offset is
within bounds of the file, then it does a sector-to-pfn translation
which validates that the physical mapping is within bounds of the block
device.
Bypass additional hardened usercopy overhead and call the 'no check'
versions of the copy_{to,from}_iter operations directly.
Fixes: 0aed55af8834 ("x86, uaccess: introduce copy_from_iter_flushcache...")
Cc: <stable@vger.kernel.org>
Cc: Jeff Moyer <jmoyer@redhat.com>
Cc: Ingo Molnar <mingo@redhat.com>
Cc: Christoph Hellwig <hch@lst.de>
Cc: Al Viro <viro@zeniv.linux.org.uk>
Cc: Thomas Gleixner <tglx@linutronix.de>
Cc: Matthew Wilcox <willy@infradead.org>
Reported-and-tested-by: Jeff Smits <jeff.smits@intel.com>
Acked-by: Kees Cook <keescook@chromium.org>
Acked-by: Jan Kara <jack@suse.cz>
Signed-off-by: Dan Williams <dan.j.williams@intel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/nvdimm/pmem.c | 10 ++++++++--
1 file changed, 8 insertions(+), 2 deletions(-)
--- a/drivers/nvdimm/pmem.c
+++ b/drivers/nvdimm/pmem.c
@@ -281,16 +281,22 @@ static long pmem_dax_direct_access(struc
return __pmem_direct_access(pmem, pgoff, nr_pages, kaddr, pfn);
}
+/*
+ * Use the 'no check' versions of copy_from_iter_flushcache() and
+ * copy_to_iter_mcsafe() to bypass HARDENED_USERCOPY overhead. Bounds
+ * checking, both file offset and device offset, is handled by
+ * dax_iomap_actor()
+ */
static size_t pmem_copy_from_iter(struct dax_device *dax_dev, pgoff_t pgoff,
void *addr, size_t bytes, struct iov_iter *i)
{
- return copy_from_iter_flushcache(addr, bytes, i);
+ return _copy_from_iter_flushcache(addr, bytes, i);
}
static size_t pmem_copy_to_iter(struct dax_device *dax_dev, pgoff_t pgoff,
void *addr, size_t bytes, struct iov_iter *i)
{
- return copy_to_iter_mcsafe(addr, bytes, i);
+ return _copy_to_iter_mcsafe(addr, bytes, i);
}
static const struct dax_operations pmem_dax_ops = {
^ permalink raw reply [flat|nested] 429+ messages in thread
* [PATCH 5.1 019/405] arm64/kernel: kaslr: reduce module randomization range to 2 GB
2019-05-30 2:59 [PATCH 5.1 000/405] 5.1.6-stable review Greg Kroah-Hartman
` (17 preceding siblings ...)
2019-05-30 3:00 ` [PATCH 5.1 018/405] libnvdimm/pmem: Bypass CONFIG_HARDENED_USERCOPY overhead Greg Kroah-Hartman
@ 2019-05-30 3:00 ` Greg Kroah-Hartman
2019-05-30 3:00 ` [PATCH 5.1 020/405] arm64: Kconfig: Make ARM64_PSEUDO_NMI depend on BROKEN for now Greg Kroah-Hartman
` (390 subsequent siblings)
409 siblings, 0 replies; 429+ messages in thread
From: Greg Kroah-Hartman @ 2019-05-30 3:00 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Ard Biesheuvel, Will Deacon
From: Ard Biesheuvel <ard.biesheuvel@arm.com>
commit b2eed9b58811283d00fa861944cb75797d4e52a7 upstream.
The following commit
7290d5809571 ("module: use relative references for __ksymtab entries")
updated the ksymtab handling of some KASLR capable architectures
so that ksymtab entries are emitted as pairs of 32-bit relative
references. This reduces the size of the entries, but more
importantly, it gets rid of statically assigned absolute
addresses, which require fixing up at boot time if the kernel
is self relocating (which takes a 24 byte RELA entry for each
member of the ksymtab struct).
Since ksymtab entries are always part of the same module as the
symbol they export, it was assumed at the time that a 32-bit
relative reference is always sufficient to capture the offset
between a ksymtab entry and its target symbol.
Unfortunately, this is not always true: in the case of per-CPU
variables, a per-CPU variable's base address (which usually differs
from the actual address of any of its per-CPU copies) is allocated
in the vicinity of the ..data.percpu section in the core kernel
(i.e., in the per-CPU reserved region which follows the section
containing the core kernel's statically allocated per-CPU variables).
Since we randomize the module space over a 4 GB window covering
the core kernel (based on the -/+ 4 GB range of an ADRP/ADD pair),
we may end up putting the core kernel out of the -/+ 2 GB range of
32-bit relative references of module ksymtab entries that refer to
per-CPU variables.
So reduce the module randomization range a bit further. We lose
1 bit of randomization this way, but this is something we can
tolerate.
Cc: <stable@vger.kernel.org> # v4.19+
Signed-off-by: Ard Biesheuvel <ard.biesheuvel@arm.com>
Signed-off-by: Will Deacon <will.deacon@arm.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
arch/arm64/kernel/kaslr.c | 6 +++---
arch/arm64/kernel/module.c | 2 +-
2 files changed, 4 insertions(+), 4 deletions(-)
--- a/arch/arm64/kernel/kaslr.c
+++ b/arch/arm64/kernel/kaslr.c
@@ -145,15 +145,15 @@ u64 __init kaslr_early_init(u64 dt_phys)
if (IS_ENABLED(CONFIG_RANDOMIZE_MODULE_REGION_FULL)) {
/*
- * Randomize the module region over a 4 GB window covering the
+ * Randomize the module region over a 2 GB window covering the
* kernel. This reduces the risk of modules leaking information
* about the address of the kernel itself, but results in
* branches between modules and the core kernel that are
* resolved via PLTs. (Branches between modules will be
* resolved normally.)
*/
- module_range = SZ_4G - (u64)(_end - _stext);
- module_alloc_base = max((u64)_end + offset - SZ_4G,
+ module_range = SZ_2G - (u64)(_end - _stext);
+ module_alloc_base = max((u64)_end + offset - SZ_2G,
(u64)MODULES_VADDR);
} else {
/*
--- a/arch/arm64/kernel/module.c
+++ b/arch/arm64/kernel/module.c
@@ -56,7 +56,7 @@ void *module_alloc(unsigned long size)
* can simply omit this fallback in that case.
*/
p = __vmalloc_node_range(size, MODULE_ALIGN, module_alloc_base,
- module_alloc_base + SZ_4G, GFP_KERNEL,
+ module_alloc_base + SZ_2G, GFP_KERNEL,
PAGE_KERNEL_EXEC, 0, NUMA_NO_NODE,
__builtin_return_address(0));
^ permalink raw reply [flat|nested] 429+ messages in thread
* [PATCH 5.1 020/405] arm64: Kconfig: Make ARM64_PSEUDO_NMI depend on BROKEN for now
2019-05-30 2:59 [PATCH 5.1 000/405] 5.1.6-stable review Greg Kroah-Hartman
` (18 preceding siblings ...)
2019-05-30 3:00 ` [PATCH 5.1 019/405] arm64/kernel: kaslr: reduce module randomization range to 2 GB Greg Kroah-Hartman
@ 2019-05-30 3:00 ` Greg Kroah-Hartman
2019-05-30 3:00 ` [PATCH 5.1 021/405] arm64/iommu: handle non-remapped addresses in ->mmap and ->get_sgtable Greg Kroah-Hartman
` (389 subsequent siblings)
409 siblings, 0 replies; 429+ messages in thread
From: Greg Kroah-Hartman @ 2019-05-30 3:00 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Julien Thierry, Marc Zyngier, Will Deacon
From: Will Deacon <will.deacon@arm.com>
commit 96a13f57b946be7a6c10405e4bd780c0b6b6fe63 upstream.
Although we merged support for pseudo-nmi using interrupt priority
masking in 5.1, we've since uncovered a number of non-trivial issues
with the implementation. Although there are patches pending to address
these problems, we're facing issues that prevent us from merging them at
this current time:
https://lkml.kernel.org/r/1556553607-46531-1-git-send-email-julien.thierry@arm.com
For now, simply mark this optional feature as BROKEN in the hope that we
can fix things properly in the near future.
Cc: <stable@vger.kernel.org> # 5.1
Cc: Julien Thierry <julien.thierry@arm.com>
Acked-by: Marc Zyngier <marc.zyngier@arm.com>
Signed-off-by: Will Deacon <will.deacon@arm.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
arch/arm64/Kconfig | 1 +
1 file changed, 1 insertion(+)
--- a/arch/arm64/Kconfig
+++ b/arch/arm64/Kconfig
@@ -1347,6 +1347,7 @@ config ARM64_MODULE_PLTS
config ARM64_PSEUDO_NMI
bool "Support for NMI-like interrupts"
+ depends on BROKEN # 1556553607-46531-1-git-send-email-julien.thierry@arm.com
select CONFIG_ARM_GIC_V3
help
Adds support for mimicking Non-Maskable Interrupts through the use of
^ permalink raw reply [flat|nested] 429+ messages in thread
* [PATCH 5.1 021/405] arm64/iommu: handle non-remapped addresses in ->mmap and ->get_sgtable
2019-05-30 2:59 [PATCH 5.1 000/405] 5.1.6-stable review Greg Kroah-Hartman
` (19 preceding siblings ...)
2019-05-30 3:00 ` [PATCH 5.1 020/405] arm64: Kconfig: Make ARM64_PSEUDO_NMI depend on BROKEN for now Greg Kroah-Hartman
@ 2019-05-30 3:00 ` Greg Kroah-Hartman
2019-05-30 3:00 ` [PATCH 5.1 022/405] gfs2: Fix sign extension bug in gfs2_update_stats Greg Kroah-Hartman
` (388 subsequent siblings)
409 siblings, 0 replies; 429+ messages in thread
From: Greg Kroah-Hartman @ 2019-05-30 3:00 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Catalin Marinas, Robin Murphy,
Christoph Hellwig, Will Deacon
From: Christoph Hellwig <hch@lst.de>
commit a98d9ae937d256ed679a935fc82d9deaa710d98e upstream.
DMA allocations that can't sleep may return non-remapped addresses, but
we do not properly handle them in the mmap and get_sgtable methods.
Resolve non-vmalloc addresses using virt_to_page to handle this corner
case.
Cc: <stable@vger.kernel.org>
Acked-by: Catalin Marinas <catalin.marinas@arm.com>
Reviewed-by: Robin Murphy <robin.murphy@arm.com>
Signed-off-by: Christoph Hellwig <hch@lst.de>
Signed-off-by: Will Deacon <will.deacon@arm.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
arch/arm64/mm/dma-mapping.c | 10 ++++++++++
1 file changed, 10 insertions(+)
--- a/arch/arm64/mm/dma-mapping.c
+++ b/arch/arm64/mm/dma-mapping.c
@@ -249,6 +249,11 @@ static int __iommu_mmap_attrs(struct dev
if (dma_mmap_from_dev_coherent(dev, vma, cpu_addr, size, &ret))
return ret;
+ if (!is_vmalloc_addr(cpu_addr)) {
+ unsigned long pfn = page_to_pfn(virt_to_page(cpu_addr));
+ return __swiotlb_mmap_pfn(vma, pfn, size);
+ }
+
if (attrs & DMA_ATTR_FORCE_CONTIGUOUS) {
/*
* DMA_ATTR_FORCE_CONTIGUOUS allocations are always remapped,
@@ -272,6 +277,11 @@ static int __iommu_get_sgtable(struct de
unsigned int count = PAGE_ALIGN(size) >> PAGE_SHIFT;
struct vm_struct *area = find_vm_area(cpu_addr);
+ if (!is_vmalloc_addr(cpu_addr)) {
+ struct page *page = virt_to_page(cpu_addr);
+ return __swiotlb_get_sgtable_page(sgt, page, size);
+ }
+
if (attrs & DMA_ATTR_FORCE_CONTIGUOUS) {
/*
* DMA_ATTR_FORCE_CONTIGUOUS allocations are always remapped,
^ permalink raw reply [flat|nested] 429+ messages in thread
* [PATCH 5.1 022/405] gfs2: Fix sign extension bug in gfs2_update_stats
2019-05-30 2:59 [PATCH 5.1 000/405] 5.1.6-stable review Greg Kroah-Hartman
` (20 preceding siblings ...)
2019-05-30 3:00 ` [PATCH 5.1 021/405] arm64/iommu: handle non-remapped addresses in ->mmap and ->get_sgtable Greg Kroah-Hartman
@ 2019-05-30 3:00 ` Greg Kroah-Hartman
2019-05-30 3:00 ` [PATCH 5.1 023/405] btrfs: dont double unlock on error in btrfs_punch_hole Greg Kroah-Hartman
` (387 subsequent siblings)
409 siblings, 0 replies; 429+ messages in thread
From: Greg Kroah-Hartman @ 2019-05-30 3:00 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Andreas Gruenbacher
From: Andreas Gruenbacher <agruenba@redhat.com>
commit 5a5ec83d6ac974b12085cd99b196795f14079037 upstream.
Commit 4d207133e9c3 changed the types of the statistic values in struct
gfs2_lkstats from s64 to u64. Because of that, what should be a signed
value in gfs2_update_stats turned into an unsigned value. When shifted
right, we end up with a large positive value instead of a small negative
value, which results in an incorrect variance estimate.
Fixes: 4d207133e9c3 ("gfs2: Make statistics unsigned, suitable for use with do_div()")
Signed-off-by: Andreas Gruenbacher <agruenba@redhat.com>
Cc: stable@vger.kernel.org # v4.4+
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/gfs2/lock_dlm.c | 9 +++++----
1 file changed, 5 insertions(+), 4 deletions(-)
--- a/fs/gfs2/lock_dlm.c
+++ b/fs/gfs2/lock_dlm.c
@@ -31,9 +31,10 @@
* @delta is the difference between the current rtt sample and the
* running average srtt. We add 1/8 of that to the srtt in order to
* update the current srtt estimate. The variance estimate is a bit
- * more complicated. We subtract the abs value of the @delta from
- * the current variance estimate and add 1/4 of that to the running
- * total.
+ * more complicated. We subtract the current variance estimate from
+ * the abs value of the @delta and add 1/4 of that to the running
+ * total. That's equivalent to 3/4 of the current variance
+ * estimate plus 1/4 of the abs of @delta.
*
* Note that the index points at the array entry containing the smoothed
* mean value, and the variance is always in the following entry
@@ -49,7 +50,7 @@ static inline void gfs2_update_stats(str
s64 delta = sample - s->stats[index];
s->stats[index] += (delta >> 3);
index++;
- s->stats[index] += ((abs(delta) - s->stats[index]) >> 2);
+ s->stats[index] += (s64)(abs(delta) - s->stats[index]) >> 2;
}
/**
^ permalink raw reply [flat|nested] 429+ messages in thread
* [PATCH 5.1 023/405] btrfs: dont double unlock on error in btrfs_punch_hole
2019-05-30 2:59 [PATCH 5.1 000/405] 5.1.6-stable review Greg Kroah-Hartman
` (21 preceding siblings ...)
2019-05-30 3:00 ` [PATCH 5.1 022/405] gfs2: Fix sign extension bug in gfs2_update_stats Greg Kroah-Hartman
@ 2019-05-30 3:00 ` Greg Kroah-Hartman
2019-05-30 3:00 ` [PATCH 5.1 024/405] btrfs: Check the compression level before getting a workspace Greg Kroah-Hartman
` (386 subsequent siblings)
409 siblings, 0 replies; 429+ messages in thread
From: Greg Kroah-Hartman @ 2019-05-30 3:00 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Filipe Manana, Josef Bacik, David Sterba
From: Josef Bacik <josef@toxicpanda.com>
commit 8fca955057b9c58467d1b231e43f19c4cf26ae8c upstream.
If we have an error writing out a delalloc range in
btrfs_punch_hole_lock_range we'll unlock the inode and then goto
out_only_mutex, where we will again unlock the inode. This is bad,
don't do this.
Fixes: f27451f22996 ("Btrfs: add support for fallocate's zero range operation")
CC: stable@vger.kernel.org # 4.19+
Reviewed-by: Filipe Manana <fdmanana@suse.com>
Signed-off-by: Josef Bacik <josef@toxicpanda.com>
Reviewed-by: David Sterba <dsterba@suse.com>
Signed-off-by: David Sterba <dsterba@suse.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/btrfs/file.c | 4 +---
1 file changed, 1 insertion(+), 3 deletions(-)
--- a/fs/btrfs/file.c
+++ b/fs/btrfs/file.c
@@ -2546,10 +2546,8 @@ static int btrfs_punch_hole(struct inode
ret = btrfs_punch_hole_lock_range(inode, lockstart, lockend,
&cached_state);
- if (ret) {
- inode_unlock(inode);
+ if (ret)
goto out_only_mutex;
- }
path = btrfs_alloc_path();
if (!path) {
^ permalink raw reply [flat|nested] 429+ messages in thread
* [PATCH 5.1 024/405] btrfs: Check the compression level before getting a workspace
2019-05-30 2:59 [PATCH 5.1 000/405] 5.1.6-stable review Greg Kroah-Hartman
` (22 preceding siblings ...)
2019-05-30 3:00 ` [PATCH 5.1 023/405] btrfs: dont double unlock on error in btrfs_punch_hole Greg Kroah-Hartman
@ 2019-05-30 3:00 ` Greg Kroah-Hartman
2019-05-30 3:00 ` [PATCH 5.1 025/405] Btrfs: do not abort transaction at btrfs_update_root() after failure to COW path Greg Kroah-Hartman
` (385 subsequent siblings)
409 siblings, 0 replies; 429+ messages in thread
From: Greg Kroah-Hartman @ 2019-05-30 3:00 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Johnny Chang, David Sterba
From: Johnny Chang <johnnyc@synology.com>
commit 2b90883c561ddcc641741c2e4df1f702a4f2acb8 upstream.
When a file's compression property is set as zlib or zstd but leave
the compression mount option not be set, that means btrfs will try
to compress the file with default compression level. But in
btrfs_compress_pages(), it calls get_workspace() with level = 0.
This will return a workspace with a wrong compression level.
For zlib, the compression level in the workspace will be 0
(that means "store only"). And for zstd, the compression in the
workspace will be 1, not the default level 3.
How to reproduce:
mkfs -t btrfs /dev/sdb
mount /dev/sdb /mnt/
mkdir /mnt/zlib
btrfs property set /mnt/zlib/ compression zlib
dd if=/dev/zero of=/mnt/zlib/compression-friendly-file-10M bs=1M count=10
sync
btrfs-debugfs -f /mnt/zlib/compression-friendly-file-10M
btrfs-debugfs output:
* before:
...
(258 9961472): ram 524288 disk 1106247680 disk_size 524288
file: ... extents 20 disk size 10485760 logical size 10485760 ratio 1.00
* after:
...
(258 10354688): ram 131072 disk 14217216 disk_size 4096
file: ... extents 80 disk size 327680 logical size 10485760 ratio 32.00
The steps for zstd are similar, but need to put a debugging message to
show the level of the return workspace in zstd_get_workspace().
This commit adds a check of the compression level before getting a
workspace by set_level().
CC: stable@vger.kernel.org # 5.1+
Signed-off-by: Johnny Chang <johnnyc@synology.com>
Reviewed-by: David Sterba <dsterba@suse.com>
Signed-off-by: David Sterba <dsterba@suse.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/btrfs/compression.c | 1 +
1 file changed, 1 insertion(+)
--- a/fs/btrfs/compression.c
+++ b/fs/btrfs/compression.c
@@ -1009,6 +1009,7 @@ int btrfs_compress_pages(unsigned int ty
struct list_head *workspace;
int ret;
+ level = btrfs_compress_op[type]->set_level(level);
workspace = get_workspace(type, level);
ret = btrfs_compress_op[type]->compress_pages(workspace, mapping,
start, pages,
^ permalink raw reply [flat|nested] 429+ messages in thread
* [PATCH 5.1 025/405] Btrfs: do not abort transaction at btrfs_update_root() after failure to COW path
2019-05-30 2:59 [PATCH 5.1 000/405] 5.1.6-stable review Greg Kroah-Hartman
` (23 preceding siblings ...)
2019-05-30 3:00 ` [PATCH 5.1 024/405] btrfs: Check the compression level before getting a workspace Greg Kroah-Hartman
@ 2019-05-30 3:00 ` Greg Kroah-Hartman
2019-05-30 3:00 ` [PATCH 5.1 026/405] Btrfs: avoid fallback to transaction commit during fsync of files with holes Greg Kroah-Hartman
` (384 subsequent siblings)
409 siblings, 0 replies; 429+ messages in thread
From: Greg Kroah-Hartman @ 2019-05-30 3:00 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Filipe Manana, Anand Jain, David Sterba
From: Filipe Manana <fdmanana@suse.com>
commit 72bd2323ec87722c115a5906bc6a1b31d11e8f54 upstream.
Currently when we fail to COW a path at btrfs_update_root() we end up
always aborting the transaction. However all the current callers of
btrfs_update_root() are able to deal with errors returned from it, many do
end up aborting the transaction themselves (directly or not, such as the
transaction commit path), other BUG_ON() or just gracefully cancel whatever
they were doing.
When syncing the fsync log, we call btrfs_update_root() through
tree-log.c:update_log_root(), and if it returns an -ENOSPC error, the log
sync code does not abort the transaction, instead it gracefully handles
the error and returns -EAGAIN to the fsync handler, so that it falls back
to a transaction commit. Any other error different from -ENOSPC, makes the
log sync code abort the transaction.
So remove the transaction abort from btrfs_update_log() when we fail to
COW a path to update the root item, so that if an -ENOSPC failure happens
we avoid aborting the current transaction and have a chance of the fsync
succeeding after falling back to a transaction commit.
Bugzilla: https://bugzilla.kernel.org/show_bug.cgi?id=203413
Fixes: 79787eaab46121 ("btrfs: replace many BUG_ONs with proper error handling")
Cc: stable@vger.kernel.org # 4.4+
Signed-off-by: Filipe Manana <fdmanana@suse.com>
Reviewed-by: Anand Jain <anand.jain@oracle.com>
Signed-off-by: David Sterba <dsterba@suse.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/btrfs/root-tree.c | 4 +---
1 file changed, 1 insertion(+), 3 deletions(-)
--- a/fs/btrfs/root-tree.c
+++ b/fs/btrfs/root-tree.c
@@ -132,10 +132,8 @@ int btrfs_update_root(struct btrfs_trans
return -ENOMEM;
ret = btrfs_search_slot(trans, root, key, path, 0, 1);
- if (ret < 0) {
- btrfs_abort_transaction(trans, ret);
+ if (ret < 0)
goto out;
- }
if (ret != 0) {
btrfs_print_leaf(path->nodes[0]);
^ permalink raw reply [flat|nested] 429+ messages in thread
* [PATCH 5.1 026/405] Btrfs: avoid fallback to transaction commit during fsync of files with holes
2019-05-30 2:59 [PATCH 5.1 000/405] 5.1.6-stable review Greg Kroah-Hartman
` (24 preceding siblings ...)
2019-05-30 3:00 ` [PATCH 5.1 025/405] Btrfs: do not abort transaction at btrfs_update_root() after failure to COW path Greg Kroah-Hartman
@ 2019-05-30 3:00 ` Greg Kroah-Hartman
2019-05-30 3:00 ` [PATCH 5.1 027/405] Btrfs: fix race between ranged fsync and writeback of adjacent ranges Greg Kroah-Hartman
` (383 subsequent siblings)
409 siblings, 0 replies; 429+ messages in thread
From: Greg Kroah-Hartman @ 2019-05-30 3:00 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Josef Bacik, Filipe Manana, David Sterba
From: Filipe Manana <fdmanana@suse.com>
commit ebb929060aeb162417b4c1307e63daee47b208d9 upstream.
When we are doing a full fsync (bit BTRFS_INODE_NEEDS_FULL_SYNC set) of a
file that has holes and has file extent items spanning two or more leafs,
we can end up falling to back to a full transaction commit due to a logic
bug that leads to failure to insert a duplicate file extent item that is
meant to represent a hole between the last file extent item of a leaf and
the first file extent item in the next leaf. The failure (EEXIST error)
leads to a transaction commit (as most errors when logging an inode do).
For example, we have the two following leafs:
Leaf N:
-----------------------------------------------
| ..., ..., ..., (257, FILE_EXTENT_ITEM, 64K) |
-----------------------------------------------
The file extent item at the end of leaf N has a length of 4Kb,
representing the file range from 64K to 68K - 1.
Leaf N + 1:
-----------------------------------------------
| (257, FILE_EXTENT_ITEM, 72K), ..., ..., ... |
-----------------------------------------------
The file extent item at the first slot of leaf N + 1 has a length of
4Kb too, representing the file range from 72K to 76K - 1.
During the full fsync path, when we are at tree-log.c:copy_items() with
leaf N as a parameter, after processing the last file extent item, that
represents the extent at offset 64K, we take a look at the first file
extent item at the next leaf (leaf N + 1), and notice there's a 4K hole
between the two extents, and therefore we insert a file extent item
representing that hole, starting at file offset 68K and ending at offset
72K - 1. However we don't update the value of *last_extent, which is used
to represent the end offset (plus 1, non-inclusive end) of the last file
extent item inserted in the log, so it stays with a value of 68K and not
with a value of 72K.
Then, when copy_items() is called for leaf N + 1, because the value of
*last_extent is smaller then the offset of the first extent item in the
leaf (68K < 72K), we look at the last file extent item in the previous
leaf (leaf N) and see it there's a 4K gap between it and our first file
extent item (again, 68K < 72K), so we decide to insert a file extent item
representing the hole, starting at file offset 68K and ending at offset
72K - 1, this insertion will fail with -EEXIST being returned from
btrfs_insert_file_extent() because we already inserted a file extent item
representing a hole for this offset (68K) in the previous call to
copy_items(), when processing leaf N.
The -EEXIST error gets propagated to the fsync callback, btrfs_sync_file(),
which falls back to a full transaction commit.
Fix this by adjusting *last_extent after inserting a hole when we had to
look at the next leaf.
Fixes: 4ee3fad34a9c ("Btrfs: fix fsync after hole punching when using no-holes feature")
Cc: stable@vger.kernel.org # 4.14+
Reviewed-by: Josef Bacik <josef@toxicpanda.com>
Signed-off-by: Filipe Manana <fdmanana@suse.com>
Signed-off-by: David Sterba <dsterba@suse.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/btrfs/tree-log.c | 1 +
1 file changed, 1 insertion(+)
--- a/fs/btrfs/tree-log.c
+++ b/fs/btrfs/tree-log.c
@@ -4169,6 +4169,7 @@ fill_holes:
*last_extent, 0,
0, len, 0, len,
0, 0, 0);
+ *last_extent += len;
}
}
}
^ permalink raw reply [flat|nested] 429+ messages in thread
* [PATCH 5.1 027/405] Btrfs: fix race between ranged fsync and writeback of adjacent ranges
2019-05-30 2:59 [PATCH 5.1 000/405] 5.1.6-stable review Greg Kroah-Hartman
` (25 preceding siblings ...)
2019-05-30 3:00 ` [PATCH 5.1 026/405] Btrfs: avoid fallback to transaction commit during fsync of files with holes Greg Kroah-Hartman
@ 2019-05-30 3:00 ` Greg Kroah-Hartman
2019-05-30 3:00 ` [PATCH 5.1 028/405] btrfs: sysfs: Fix error path kobject memory leak Greg Kroah-Hartman
` (382 subsequent siblings)
409 siblings, 0 replies; 429+ messages in thread
From: Greg Kroah-Hartman @ 2019-05-30 3:00 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Josef Bacik, Filipe Manana, David Sterba
From: Filipe Manana <fdmanana@suse.com>
commit 0c713cbab6200b0ab6473b50435e450a6e1de85d upstream.
When we do a full fsync (the bit BTRFS_INODE_NEEDS_FULL_SYNC is set in the
inode) that happens to be ranged, which happens during a msync() or writes
for files opened with O_SYNC for example, we can end up with a corrupt log,
due to different file extent items representing ranges that overlap with
each other, or hit some assertion failures.
When doing a ranged fsync we only flush delalloc and wait for ordered
exents within that range. If while we are logging items from our inode
ordered extents for adjacent ranges complete, we end up in a race that can
make us insert the file extent items that overlap with others we logged
previously and the assertion failures.
For example, if tree-log.c:copy_items() receives a leaf that has the
following file extents items, all with a length of 4K and therefore there
is an implicit hole in the range 68K to 72K - 1:
(257 EXTENT_ITEM 64K), (257 EXTENT_ITEM 72K), (257 EXTENT_ITEM 76K), ...
It copies them to the log tree. However due to the need to detect implicit
holes, it may release the path, in order to look at the previous leaf to
detect an implicit hole, and then later it will search again in the tree
for the first file extent item key, with the goal of locking again the
leaf (which might have changed due to concurrent changes to other inodes).
However when it locks again the leaf containing the first key, the key
corresponding to the extent at offset 72K may not be there anymore since
there is an ordered extent for that range that is finishing (that is,
somewhere in the middle of btrfs_finish_ordered_io()), and it just
removed the file extent item but has not yet replaced it with a new file
extent item, so the part of copy_items() that does hole detection will
decide that there is a hole in the range starting from 68K to 76K - 1,
and therefore insert a file extent item to represent that hole, having
a key offset of 68K. After that we now have a log tree with 2 different
extent items that have overlapping ranges:
1) The file extent item copied before copy_items() released the path,
which has a key offset of 72K and a length of 4K, representing the
file range 72K to 76K - 1.
2) And a file extent item representing a hole that has a key offset of
68K and a length of 8K, representing the range 68K to 76K - 1. This
item was inserted after releasing the path, and overlaps with the
extent item inserted before.
The overlapping extent items can cause all sorts of unpredictable and
incorrect behaviour, either when replayed or if a fast (non full) fsync
happens later, which can trigger a BUG_ON() when calling
btrfs_set_item_key_safe() through __btrfs_drop_extents(), producing a
trace like the following:
[61666.783269] ------------[ cut here ]------------
[61666.783943] kernel BUG at fs/btrfs/ctree.c:3182!
[61666.784644] invalid opcode: 0000 [#1] PREEMPT SMP
(...)
[61666.786253] task: ffff880117b88c40 task.stack: ffffc90008168000
[61666.786253] RIP: 0010:btrfs_set_item_key_safe+0x7c/0xd2 [btrfs]
[61666.786253] RSP: 0018:ffffc9000816b958 EFLAGS: 00010246
[61666.786253] RAX: 0000000000000000 RBX: 000000000000000f RCX: 0000000000030000
[61666.786253] RDX: 0000000000000000 RSI: ffffc9000816ba4f RDI: ffffc9000816b937
[61666.786253] RBP: ffffc9000816b998 R08: ffff88011dae2428 R09: 0000000000001000
[61666.786253] R10: 0000160000000000 R11: 6db6db6db6db6db7 R12: ffff88011dae2418
[61666.786253] R13: ffffc9000816ba4f R14: ffff8801e10c4118 R15: ffff8801e715c000
[61666.786253] FS: 00007f6060a18700(0000) GS:ffff88023f5c0000(0000) knlGS:0000000000000000
[61666.786253] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[61666.786253] CR2: 00007f6060a28000 CR3: 0000000213e69000 CR4: 00000000000006e0
[61666.786253] Call Trace:
[61666.786253] __btrfs_drop_extents+0x5e3/0xaad [btrfs]
[61666.786253] ? time_hardirqs_on+0x9/0x14
[61666.786253] btrfs_log_changed_extents+0x294/0x4e0 [btrfs]
[61666.786253] ? release_extent_buffer+0x38/0xb4 [btrfs]
[61666.786253] btrfs_log_inode+0xb6e/0xcdc [btrfs]
[61666.786253] ? lock_acquire+0x131/0x1c5
[61666.786253] ? btrfs_log_inode_parent+0xee/0x659 [btrfs]
[61666.786253] ? arch_local_irq_save+0x9/0xc
[61666.786253] ? btrfs_log_inode_parent+0x1f5/0x659 [btrfs]
[61666.786253] btrfs_log_inode_parent+0x223/0x659 [btrfs]
[61666.786253] ? arch_local_irq_save+0x9/0xc
[61666.786253] ? lockref_get_not_zero+0x2c/0x34
[61666.786253] ? rcu_read_unlock+0x3e/0x5d
[61666.786253] btrfs_log_dentry_safe+0x60/0x7b [btrfs]
[61666.786253] btrfs_sync_file+0x317/0x42c [btrfs]
[61666.786253] vfs_fsync_range+0x8c/0x9e
[61666.786253] SyS_msync+0x13c/0x1c9
[61666.786253] entry_SYSCALL_64_fastpath+0x18/0xad
A sample of a corrupt log tree leaf with overlapping extents I got from
running btrfs/072:
item 14 key (295 108 200704) itemoff 2599 itemsize 53
extent data disk bytenr 0 nr 0
extent data offset 0 nr 458752 ram 458752
item 15 key (295 108 659456) itemoff 2546 itemsize 53
extent data disk bytenr 4343541760 nr 770048
extent data offset 606208 nr 163840 ram 770048
item 16 key (295 108 663552) itemoff 2493 itemsize 53
extent data disk bytenr 4343541760 nr 770048
extent data offset 610304 nr 155648 ram 770048
item 17 key (295 108 819200) itemoff 2440 itemsize 53
extent data disk bytenr 4334788608 nr 4096
extent data offset 0 nr 4096 ram 4096
The file extent item at offset 659456 (item 15) ends at offset 823296
(659456 + 163840) while the next file extent item (item 16) starts at
offset 663552.
Another different problem that the race can trigger is a failure in the
assertions at tree-log.c:copy_items(), which expect that the first file
extent item key we found before releasing the path exists after we have
released path and that the last key we found before releasing the path
also exists after releasing the path:
$ cat -n fs/btrfs/tree-log.c
4080 if (need_find_last_extent) {
4081 /* btrfs_prev_leaf could return 1 without releasing the path */
4082 btrfs_release_path(src_path);
4083 ret = btrfs_search_slot(NULL, inode->root, &first_key,
4084 src_path, 0, 0);
4085 if (ret < 0)
4086 return ret;
4087 ASSERT(ret == 0);
(...)
4103 if (i >= btrfs_header_nritems(src_path->nodes[0])) {
4104 ret = btrfs_next_leaf(inode->root, src_path);
4105 if (ret < 0)
4106 return ret;
4107 ASSERT(ret == 0);
4108 src = src_path->nodes[0];
4109 i = 0;
4110 need_find_last_extent = true;
4111 }
(...)
The second assertion implicitly expects that the last key before the path
release still exists, because the surrounding while loop only stops after
we have found that key. When this assertion fails it produces a stack like
this:
[139590.037075] assertion failed: ret == 0, file: fs/btrfs/tree-log.c, line: 4107
[139590.037406] ------------[ cut here ]------------
[139590.037707] kernel BUG at fs/btrfs/ctree.h:3546!
[139590.038034] invalid opcode: 0000 [#1] SMP DEBUG_PAGEALLOC PTI
[139590.038340] CPU: 1 PID: 31841 Comm: fsstress Tainted: G W 5.0.0-btrfs-next-46 #1
(...)
[139590.039354] RIP: 0010:assfail.constprop.24+0x18/0x1a [btrfs]
(...)
[139590.040397] RSP: 0018:ffffa27f48f2b9b0 EFLAGS: 00010282
[139590.040730] RAX: 0000000000000041 RBX: ffff897c635d92c8 RCX: 0000000000000000
[139590.041105] RDX: 0000000000000000 RSI: ffff897d36a96868 RDI: ffff897d36a96868
[139590.041470] RBP: ffff897d1b9a0708 R08: 0000000000000000 R09: 0000000000000000
[139590.041815] R10: 0000000000000008 R11: 0000000000000000 R12: 0000000000000013
[139590.042159] R13: 0000000000000227 R14: ffff897cffcbba88 R15: 0000000000000001
[139590.042501] FS: 00007f2efc8dee80(0000) GS:ffff897d36a80000(0000) knlGS:0000000000000000
[139590.042847] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[139590.043199] CR2: 00007f8c064935e0 CR3: 0000000232252002 CR4: 00000000003606e0
[139590.043547] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[139590.043899] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[139590.044250] Call Trace:
[139590.044631] copy_items+0xa3f/0x1000 [btrfs]
[139590.045009] ? generic_bin_search.constprop.32+0x61/0x200 [btrfs]
[139590.045396] btrfs_log_inode+0x7b3/0xd70 [btrfs]
[139590.045773] btrfs_log_inode_parent+0x2b3/0xce0 [btrfs]
[139590.046143] ? do_raw_spin_unlock+0x49/0xc0
[139590.046510] btrfs_log_dentry_safe+0x4a/0x70 [btrfs]
[139590.046872] btrfs_sync_file+0x3b6/0x440 [btrfs]
[139590.047243] btrfs_file_write_iter+0x45b/0x5c0 [btrfs]
[139590.047592] __vfs_write+0x129/0x1c0
[139590.047932] vfs_write+0xc2/0x1b0
[139590.048270] ksys_write+0x55/0xc0
[139590.048608] do_syscall_64+0x60/0x1b0
[139590.048946] entry_SYSCALL_64_after_hwframe+0x49/0xbe
[139590.049287] RIP: 0033:0x7f2efc4be190
(...)
[139590.050342] RSP: 002b:00007ffe743243a8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[139590.050701] RAX: ffffffffffffffda RBX: 0000000000008d58 RCX: 00007f2efc4be190
[139590.051067] RDX: 0000000000008d58 RSI: 00005567eca0f370 RDI: 0000000000000003
[139590.051459] RBP: 0000000000000024 R08: 0000000000000003 R09: 0000000000008d60
[139590.051863] R10: 0000000000000078 R11: 0000000000000246 R12: 0000000000000003
[139590.052252] R13: 00000000003d3507 R14: 00005567eca0f370 R15: 0000000000000000
(...)
[139590.055128] ---[ end trace 193f35d0215cdeeb ]---
So fix this race between a full ranged fsync and writeback of adjacent
ranges by flushing all delalloc and waiting for all ordered extents to
complete before logging the inode. This is the simplest way to solve the
problem because currently the full fsync path does not deal with ranges
at all (it assumes a full range from 0 to LLONG_MAX) and it always needs
to look at adjacent ranges for hole detection. For use cases of ranged
fsyncs this can make a few fsyncs slower but on the other hand it can
make some following fsyncs to other ranges do less work or no need to do
anything at all. A full fsync is rare anyway and happens only once after
loading/creating an inode and once after less common operations such as a
shrinking truncate.
This is an issue that exists for a long time, and was often triggered by
generic/127, because it does mmap'ed writes and msync (which triggers a
ranged fsync). Adding support for the tree checker to detect overlapping
extents (next patch in the series) and trigger a WARN() when such cases
are found, and then calling btrfs_check_leaf_full() at the end of
btrfs_insert_file_extent() made the issue much easier to detect. Running
btrfs/072 with that change to the tree checker and making fsstress open
files always with O_SYNC made it much easier to trigger the issue (as
triggering it with generic/127 is very rare).
CC: stable@vger.kernel.org # 3.16+
Reviewed-by: Josef Bacik <josef@toxicpanda.com>
Signed-off-by: Filipe Manana <fdmanana@suse.com>
Signed-off-by: David Sterba <dsterba@suse.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/btrfs/file.c | 12 ++++++++++++
1 file changed, 12 insertions(+)
--- a/fs/btrfs/file.c
+++ b/fs/btrfs/file.c
@@ -2059,6 +2059,18 @@ int btrfs_sync_file(struct file *file, l
u64 len;
/*
+ * If the inode needs a full sync, make sure we use a full range to
+ * avoid log tree corruption, due to hole detection racing with ordered
+ * extent completion for adjacent ranges, and assertion failures during
+ * hole detection.
+ */
+ if (test_bit(BTRFS_INODE_NEEDS_FULL_SYNC,
+ &BTRFS_I(inode)->runtime_flags)) {
+ start = 0;
+ end = LLONG_MAX;
+ }
+
+ /*
* The range length can be represented by u64, we have to do the typecasts
* to avoid signed overflow if it's [0, LLONG_MAX] eg. from fsync()
*/
^ permalink raw reply [flat|nested] 429+ messages in thread
* [PATCH 5.1 028/405] btrfs: sysfs: Fix error path kobject memory leak
2019-05-30 2:59 [PATCH 5.1 000/405] 5.1.6-stable review Greg Kroah-Hartman
` (26 preceding siblings ...)
2019-05-30 3:00 ` [PATCH 5.1 027/405] Btrfs: fix race between ranged fsync and writeback of adjacent ranges Greg Kroah-Hartman
@ 2019-05-30 3:00 ` Greg Kroah-Hartman
2019-05-30 3:00 ` [PATCH 5.1 029/405] btrfs: sysfs: dont leak memory when failing add fsid Greg Kroah-Hartman
` (381 subsequent siblings)
409 siblings, 0 replies; 429+ messages in thread
From: Greg Kroah-Hartman @ 2019-05-30 3:00 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Tobin C. Harding, David Sterba
From: Tobin C. Harding <tobin@kernel.org>
commit 450ff8348808a89cc27436771aa05c2b90c0eef1 upstream.
If a call to kobject_init_and_add() fails we must call kobject_put()
otherwise we leak memory.
Calling kobject_put() when kobject_init_and_add() fails drops the
refcount back to 0 and calls the ktype release method (which in turn
calls the percpu destroy and kfree).
Add call to kobject_put() in the error path of call to
kobject_init_and_add().
Cc: stable@vger.kernel.org # v4.4+
Reviewed-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Tobin C. Harding <tobin@kernel.org>
Reviewed-by: David Sterba <dsterba@suse.com>
Signed-off-by: David Sterba <dsterba@suse.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/btrfs/extent-tree.c | 3 +--
1 file changed, 1 insertion(+), 2 deletions(-)
--- a/fs/btrfs/extent-tree.c
+++ b/fs/btrfs/extent-tree.c
@@ -3981,8 +3981,7 @@ static int create_space_info(struct btrf
info->space_info_kobj, "%s",
alloc_name(space_info->flags));
if (ret) {
- percpu_counter_destroy(&space_info->total_bytes_pinned);
- kfree(space_info);
+ kobject_put(&space_info->kobj);
return ret;
}
^ permalink raw reply [flat|nested] 429+ messages in thread
* [PATCH 5.1 029/405] btrfs: sysfs: dont leak memory when failing add fsid
2019-05-30 2:59 [PATCH 5.1 000/405] 5.1.6-stable review Greg Kroah-Hartman
` (27 preceding siblings ...)
2019-05-30 3:00 ` [PATCH 5.1 028/405] btrfs: sysfs: Fix error path kobject memory leak Greg Kroah-Hartman
@ 2019-05-30 3:00 ` Greg Kroah-Hartman
2019-05-30 3:00 ` [PATCH 5.1 030/405] fbdev: fix divide error in fb_var_to_videomode Greg Kroah-Hartman
` (380 subsequent siblings)
409 siblings, 0 replies; 429+ messages in thread
From: Greg Kroah-Hartman @ 2019-05-30 3:00 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Tobin C. Harding, David Sterba
From: Tobin C. Harding <tobin@kernel.org>
commit e32773357d5cc271b1d23550b3ed026eb5c2a468 upstream.
A failed call to kobject_init_and_add() must be followed by a call to
kobject_put(). Currently in the error path when adding fs_devices we
are missing this call. This could be fixed by calling
btrfs_sysfs_remove_fsid() if btrfs_sysfs_add_fsid() returns an error or
by adding a call to kobject_put() directly in btrfs_sysfs_add_fsid().
Here we choose the second option because it prevents the slightly
unusual error path handling requirements of kobject from leaking out
into btrfs functions.
Add a call to kobject_put() in the error path of kobject_add_and_init().
This causes the release method to be called if kobject_init_and_add()
fails. open_tree() is the function that calls btrfs_sysfs_add_fsid()
and the error code in this function is already written with the
assumption that the release method is called during the error path of
open_tree() (as seen by the call to btrfs_sysfs_remove_fsid() under the
fail_fsdev_sysfs label).
Cc: stable@vger.kernel.org # v4.4+
Reviewed-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Tobin C. Harding <tobin@kernel.org>
Reviewed-by: David Sterba <dsterba@suse.com>
Signed-off-by: David Sterba <dsterba@suse.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/btrfs/sysfs.c | 7 ++++++-
1 file changed, 6 insertions(+), 1 deletion(-)
--- a/fs/btrfs/sysfs.c
+++ b/fs/btrfs/sysfs.c
@@ -825,7 +825,12 @@ int btrfs_sysfs_add_fsid(struct btrfs_fs
fs_devs->fsid_kobj.kset = btrfs_kset;
error = kobject_init_and_add(&fs_devs->fsid_kobj,
&btrfs_ktype, parent, "%pU", fs_devs->fsid);
- return error;
+ if (error) {
+ kobject_put(&fs_devs->fsid_kobj);
+ return error;
+ }
+
+ return 0;
}
int btrfs_sysfs_add_mounted(struct btrfs_fs_info *fs_info)
^ permalink raw reply [flat|nested] 429+ messages in thread
* [PATCH 5.1 030/405] fbdev: fix divide error in fb_var_to_videomode
2019-05-30 2:59 [PATCH 5.1 000/405] 5.1.6-stable review Greg Kroah-Hartman
` (28 preceding siblings ...)
2019-05-30 3:00 ` [PATCH 5.1 029/405] btrfs: sysfs: dont leak memory when failing add fsid Greg Kroah-Hartman
@ 2019-05-30 3:00 ` Greg Kroah-Hartman
2019-05-30 3:00 ` [PATCH 5.1 031/405] arm64: errata: Add workaround for Cortex-A76 erratum #1463225 Greg Kroah-Hartman
` (379 subsequent siblings)
409 siblings, 0 replies; 429+ messages in thread
From: Greg Kroah-Hartman @ 2019-05-30 3:00 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Shile Zhang, Fredrik Noring,
Daniel Vetter, Mukesh Ojha, Bartlomiej Zolnierkiewicz
From: Shile Zhang <shile.zhang@linux.alibaba.com>
commit cf84807f6dd0be5214378e66460cfc9187f532f9 upstream.
To fix following divide-by-zero error found by Syzkaller:
divide error: 0000 [#1] SMP PTI
CPU: 7 PID: 8447 Comm: test Kdump: loaded Not tainted 4.19.24-8.al7.x86_64 #1
Hardware name: Alibaba Cloud Alibaba Cloud ECS, BIOS rel-1.12.0-0-ga698c8995f-prebuilt.qemu.org 04/01/2014
RIP: 0010:fb_var_to_videomode+0xae/0xc0
Code: 04 44 03 46 78 03 4e 7c 44 03 46 68 03 4e 70 89 ce d1 ee 69 c0 e8 03 00 00 f6 c2 01 0f 45 ce 83 e2 02 8d 34 09 0f 45 ce 31 d2 <41> f7 f0 31 d2 f7 f1 89 47 08 f3 c3 66 0f 1f 44 00 00 0f 1f 44 00
RSP: 0018:ffffb7e189347bf0 EFLAGS: 00010246
RAX: 00000000e1692410 RBX: ffffb7e189347d60 RCX: 0000000000000000
RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffffb7e189347c10
RBP: ffff99972a091c00 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000100
R13: 0000000000010000 R14: 00007ffd66baf6d0 R15: 0000000000000000
FS: 00007f2054d11740(0000) GS:ffff99972fbc0000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007f205481fd20 CR3: 00000004288a0001 CR4: 00000000001606a0
Call Trace:
fb_set_var+0x257/0x390
? lookup_fast+0xbb/0x2b0
? fb_open+0xc0/0x140
? chrdev_open+0xa6/0x1a0
do_fb_ioctl+0x445/0x5a0
do_vfs_ioctl+0x92/0x5f0
? __alloc_fd+0x3d/0x160
ksys_ioctl+0x60/0x90
__x64_sys_ioctl+0x16/0x20
do_syscall_64+0x5b/0x190
entry_SYSCALL_64_after_hwframe+0x44/0xa9
RIP: 0033:0x7f20548258d7
Code: 44 00 00 48 8b 05 b9 15 2d 00 64 c7 00 26 00 00 00 48 c7 c0 ff ff ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 b8 10 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 8b 0d 89 15 2d 00 f7 d8 64 89 01 48
It can be triggered easily with following test code:
#include <linux/fb.h>
#include <fcntl.h>
#include <sys/ioctl.h>
int main(void)
{
struct fb_var_screeninfo var = {.activate = 0x100, .pixclock = 60};
int fd = open("/dev/fb0", O_RDWR);
if (fd < 0)
return 1;
if (ioctl(fd, FBIOPUT_VSCREENINFO, &var))
return 1;
return 0;
}
Signed-off-by: Shile Zhang <shile.zhang@linux.alibaba.com>
Cc: Fredrik Noring <noring@nocrew.org>
Cc: Daniel Vetter <daniel.vetter@ffwll.ch>
Reviewed-by: Mukesh Ojha <mojha@codeaurora.org>
Signed-off-by: Bartlomiej Zolnierkiewicz <b.zolnierkie@samsung.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/video/fbdev/core/modedb.c | 3 +++
1 file changed, 3 insertions(+)
--- a/drivers/video/fbdev/core/modedb.c
+++ b/drivers/video/fbdev/core/modedb.c
@@ -935,6 +935,9 @@ void fb_var_to_videomode(struct fb_video
if (var->vmode & FB_VMODE_DOUBLE)
vtotal *= 2;
+ if (!htotal || !vtotal)
+ return;
+
hfreq = pixclock/htotal;
mode->refresh = hfreq/vtotal;
}
^ permalink raw reply [flat|nested] 429+ messages in thread
* [PATCH 5.1 031/405] arm64: errata: Add workaround for Cortex-A76 erratum #1463225
2019-05-30 2:59 [PATCH 5.1 000/405] 5.1.6-stable review Greg Kroah-Hartman
` (29 preceding siblings ...)
2019-05-30 3:00 ` [PATCH 5.1 030/405] fbdev: fix divide error in fb_var_to_videomode Greg Kroah-Hartman
@ 2019-05-30 3:00 ` Greg Kroah-Hartman
2019-05-30 3:00 ` [PATCH 5.1 032/405] ovl: relax WARN_ON() for overlapping layers use case Greg Kroah-Hartman
` (378 subsequent siblings)
409 siblings, 0 replies; 429+ messages in thread
From: Greg Kroah-Hartman @ 2019-05-30 3:00 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Marc Zyngier, Catalin Marinas, Will Deacon
From: Will Deacon <will.deacon@arm.com>
commit 969f5ea627570e91c9d54403287ee3ed657f58fe upstream.
Revisions of the Cortex-A76 CPU prior to r4p0 are affected by an erratum
that can prevent interrupts from being taken when single-stepping.
This patch implements a software workaround to prevent userspace from
effectively being able to disable interrupts.
Cc: <stable@vger.kernel.org>
Cc: Marc Zyngier <marc.zyngier@arm.com>
Cc: Catalin Marinas <catalin.marinas@arm.com>
Signed-off-by: Will Deacon <will.deacon@arm.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
Documentation/arm64/silicon-errata.txt | 1
arch/arm64/Kconfig | 18 ++++++++++++++++
arch/arm64/include/asm/cpucaps.h | 3 +-
arch/arm64/kernel/cpu_errata.c | 24 +++++++++++++++++++++
arch/arm64/kernel/syscall.c | 31 +++++++++++++++++++++++++++
arch/arm64/mm/fault.c | 37 +++++++++++++++++++++++++++++++--
6 files changed, 111 insertions(+), 3 deletions(-)
--- a/Documentation/arm64/silicon-errata.txt
+++ b/Documentation/arm64/silicon-errata.txt
@@ -61,6 +61,7 @@ stable kernels.
| ARM | Cortex-A76 | #1188873 | ARM64_ERRATUM_1188873 |
| ARM | Cortex-A76 | #1165522 | ARM64_ERRATUM_1165522 |
| ARM | Cortex-A76 | #1286807 | ARM64_ERRATUM_1286807 |
+| ARM | Cortex-A76 | #1463225 | ARM64_ERRATUM_1463225 |
| ARM | MMU-500 | #841119,#826419 | N/A |
| | | | |
| Cavium | ThunderX ITS | #22375, #24313 | CAVIUM_ERRATUM_22375 |
--- a/arch/arm64/Kconfig
+++ b/arch/arm64/Kconfig
@@ -517,6 +517,24 @@ config ARM64_ERRATUM_1286807
If unsure, say Y.
+config ARM64_ERRATUM_1463225
+ bool "Cortex-A76: Software Step might prevent interrupt recognition"
+ default y
+ help
+ This option adds a workaround for Arm Cortex-A76 erratum 1463225.
+
+ On the affected Cortex-A76 cores (r0p0 to r3p1), software stepping
+ of a system call instruction (SVC) can prevent recognition of
+ subsequent interrupts when software stepping is disabled in the
+ exception handler of the system call and either kernel debugging
+ is enabled or VHE is in use.
+
+ Work around the erratum by triggering a dummy step exception
+ when handling a system call from a task that is being stepped
+ in a VHE configuration of the kernel.
+
+ If unsure, say Y.
+
config CAVIUM_ERRATUM_22375
bool "Cavium erratum 22375, 24313"
default y
--- a/arch/arm64/include/asm/cpucaps.h
+++ b/arch/arm64/include/asm/cpucaps.h
@@ -61,7 +61,8 @@
#define ARM64_HAS_GENERIC_AUTH_ARCH 40
#define ARM64_HAS_GENERIC_AUTH_IMP_DEF 41
#define ARM64_HAS_IRQ_PRIO_MASKING 42
+#define ARM64_WORKAROUND_1463225 43
-#define ARM64_NCAPS 43
+#define ARM64_NCAPS 44
#endif /* __ASM_CPUCAPS_H */
--- a/arch/arm64/kernel/cpu_errata.c
+++ b/arch/arm64/kernel/cpu_errata.c
@@ -464,6 +464,22 @@ out_printmsg:
}
#endif /* CONFIG_ARM64_SSBD */
+#ifdef CONFIG_ARM64_ERRATUM_1463225
+DEFINE_PER_CPU(int, __in_cortex_a76_erratum_1463225_wa);
+
+static bool
+has_cortex_a76_erratum_1463225(const struct arm64_cpu_capabilities *entry,
+ int scope)
+{
+ u32 midr = read_cpuid_id();
+ /* Cortex-A76 r0p0 - r3p1 */
+ struct midr_range range = MIDR_RANGE(MIDR_CORTEX_A76, 0, 0, 3, 1);
+
+ WARN_ON(scope != SCOPE_LOCAL_CPU || preemptible());
+ return is_midr_in_range(midr, &range) && is_kernel_in_hyp_mode();
+}
+#endif
+
static void __maybe_unused
cpu_enable_cache_maint_trap(const struct arm64_cpu_capabilities *__unused)
{
@@ -739,6 +755,14 @@ const struct arm64_cpu_capabilities arm6
ERRATA_MIDR_RANGE(MIDR_CORTEX_A76, 0, 0, 2, 0),
},
#endif
+#ifdef CONFIG_ARM64_ERRATUM_1463225
+ {
+ .desc = "ARM erratum 1463225",
+ .capability = ARM64_WORKAROUND_1463225,
+ .type = ARM64_CPUCAP_LOCAL_CPU_ERRATUM,
+ .matches = has_cortex_a76_erratum_1463225,
+ },
+#endif
{
}
};
--- a/arch/arm64/kernel/syscall.c
+++ b/arch/arm64/kernel/syscall.c
@@ -8,6 +8,7 @@
#include <linux/syscalls.h>
#include <asm/daifflags.h>
+#include <asm/debug-monitors.h>
#include <asm/fpsimd.h>
#include <asm/syscall.h>
#include <asm/thread_info.h>
@@ -60,6 +61,35 @@ static inline bool has_syscall_work(unsi
int syscall_trace_enter(struct pt_regs *regs);
void syscall_trace_exit(struct pt_regs *regs);
+#ifdef CONFIG_ARM64_ERRATUM_1463225
+DECLARE_PER_CPU(int, __in_cortex_a76_erratum_1463225_wa);
+
+static void cortex_a76_erratum_1463225_svc_handler(void)
+{
+ u32 reg, val;
+
+ if (!unlikely(test_thread_flag(TIF_SINGLESTEP)))
+ return;
+
+ if (!unlikely(this_cpu_has_cap(ARM64_WORKAROUND_1463225)))
+ return;
+
+ __this_cpu_write(__in_cortex_a76_erratum_1463225_wa, 1);
+ reg = read_sysreg(mdscr_el1);
+ val = reg | DBG_MDSCR_SS | DBG_MDSCR_KDE;
+ write_sysreg(val, mdscr_el1);
+ asm volatile("msr daifclr, #8");
+ isb();
+
+ /* We will have taken a single-step exception by this point */
+
+ write_sysreg(reg, mdscr_el1);
+ __this_cpu_write(__in_cortex_a76_erratum_1463225_wa, 0);
+}
+#else
+static void cortex_a76_erratum_1463225_svc_handler(void) { }
+#endif /* CONFIG_ARM64_ERRATUM_1463225 */
+
static void el0_svc_common(struct pt_regs *regs, int scno, int sc_nr,
const syscall_fn_t syscall_table[])
{
@@ -68,6 +98,7 @@ static void el0_svc_common(struct pt_reg
regs->orig_x0 = regs->regs[0];
regs->syscallno = scno;
+ cortex_a76_erratum_1463225_svc_handler();
local_daif_restore(DAIF_PROCCTX);
user_exit();
--- a/arch/arm64/mm/fault.c
+++ b/arch/arm64/mm/fault.c
@@ -810,14 +810,47 @@ void __init hook_debug_fault_code(int nr
debug_fault_info[nr].name = name;
}
+#ifdef CONFIG_ARM64_ERRATUM_1463225
+DECLARE_PER_CPU(int, __in_cortex_a76_erratum_1463225_wa);
+
+static int __exception
+cortex_a76_erratum_1463225_debug_handler(struct pt_regs *regs)
+{
+ if (user_mode(regs))
+ return 0;
+
+ if (!__this_cpu_read(__in_cortex_a76_erratum_1463225_wa))
+ return 0;
+
+ /*
+ * We've taken a dummy step exception from the kernel to ensure
+ * that interrupts are re-enabled on the syscall path. Return back
+ * to cortex_a76_erratum_1463225_svc_handler() with debug exceptions
+ * masked so that we can safely restore the mdscr and get on with
+ * handling the syscall.
+ */
+ regs->pstate |= PSR_D_BIT;
+ return 1;
+}
+#else
+static int __exception
+cortex_a76_erratum_1463225_debug_handler(struct pt_regs *regs)
+{
+ return 0;
+}
+#endif /* CONFIG_ARM64_ERRATUM_1463225 */
+
asmlinkage int __exception do_debug_exception(unsigned long addr_if_watchpoint,
- unsigned int esr,
- struct pt_regs *regs)
+ unsigned int esr,
+ struct pt_regs *regs)
{
const struct fault_info *inf = esr_to_debug_fault_info(esr);
unsigned long pc = instruction_pointer(regs);
int rv;
+ if (cortex_a76_erratum_1463225_debug_handler(regs))
+ return 0;
+
/*
* Tell lockdep we disabled irqs in entry.S. Do nothing if they were
* already disabled to preserve the last enabled/disabled addresses.
^ permalink raw reply [flat|nested] 429+ messages in thread
* [PATCH 5.1 032/405] ovl: relax WARN_ON() for overlapping layers use case
2019-05-30 2:59 [PATCH 5.1 000/405] 5.1.6-stable review Greg Kroah-Hartman
` (30 preceding siblings ...)
2019-05-30 3:00 ` [PATCH 5.1 031/405] arm64: errata: Add workaround for Cortex-A76 erratum #1463225 Greg Kroah-Hartman
@ 2019-05-30 3:00 ` Greg Kroah-Hartman
2019-05-30 3:00 ` [PATCH 5.1 033/405] fbdev: fix WARNING in __alloc_pages_nodemask bug Greg Kroah-Hartman
` (377 subsequent siblings)
409 siblings, 0 replies; 429+ messages in thread
From: Greg Kroah-Hartman @ 2019-05-30 3:00 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, syzbot+9c69c282adc4edd2b540,
Amir Goldstein, Miklos Szeredi
From: Amir Goldstein <amir73il@gmail.com>
commit acf3062a7e1ccf67c6f7e7c28671a6708fde63b0 upstream.
This nasty little syzbot repro:
https://syzkaller.appspot.com/x/repro.syz?x=12c7a94f400000
Creates overlay mounts where the same directory is both in upper and lower
layers. Simplified example:
mkdir foo work
mount -t overlay none foo -o"lowerdir=.,upperdir=foo,workdir=work"
The repro runs several threads in parallel that attempt to chdir into foo
and attempt to symlink/rename/exec/mkdir the file bar.
The repro hits a WARN_ON() I placed in ovl_instantiate(), which suggests
that an overlay inode already exists in cache and is hashed by the pointer
of the real upper dentry that ovl_create_real() has just created. At the
point of the WARN_ON(), for overlay dir inode lock is held and upper dir
inode lock, so at first, I did not see how this was possible.
On a closer look, I see that after ovl_create_real(), because of the
overlapping upper and lower layers, a lookup by another thread can find the
file foo/bar that was just created in upper layer, at overlay path
foo/foo/bar and hash the an overlay inode with the new real dentry as lower
dentry. This is possible because the overlay directory foo/foo is not
locked and the upper dentry foo/bar is in dcache, so ovl_lookup() can find
it without taking upper dir inode shared lock.
Overlapping layers is considered a wrong setup which would result in
unexpected behavior, but it shouldn't crash the kernel and it shouldn't
trigger WARN_ON() either, so relax this WARN_ON() and leave a pr_warn()
instead to cover all cases of failure to get an overlay inode.
The error returned from failure to insert new inode to cache with
inode_insert5() was changed to -EEXIST, to distinguish from the error
-ENOMEM returned on failure to get/allocate inode with iget5_locked().
Reported-by: syzbot+9c69c282adc4edd2b540@syzkaller.appspotmail.com
Fixes: 01b39dcc9568 ("ovl: use inode_insert5() to hash a newly...")
Signed-off-by: Amir Goldstein <amir73il@gmail.com>
Signed-off-by: Miklos Szeredi <mszeredi@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/overlayfs/dir.c | 2 +-
fs/overlayfs/inode.c | 3 ++-
2 files changed, 3 insertions(+), 2 deletions(-)
--- a/fs/overlayfs/dir.c
+++ b/fs/overlayfs/dir.c
@@ -260,7 +260,7 @@ static int ovl_instantiate(struct dentry
* hashed directory inode aliases.
*/
inode = ovl_get_inode(dentry->d_sb, &oip);
- if (WARN_ON(IS_ERR(inode)))
+ if (IS_ERR(inode))
return PTR_ERR(inode);
} else {
WARN_ON(ovl_inode_real(inode) != d_inode(newdentry));
--- a/fs/overlayfs/inode.c
+++ b/fs/overlayfs/inode.c
@@ -832,7 +832,7 @@ struct inode *ovl_get_inode(struct super
int fsid = bylower ? oip->lowerpath->layer->fsid : 0;
bool is_dir, metacopy = false;
unsigned long ino = 0;
- int err = -ENOMEM;
+ int err = oip->newinode ? -EEXIST : -ENOMEM;
if (!realinode)
realinode = d_inode(lowerdentry);
@@ -917,6 +917,7 @@ out:
return inode;
out_err:
+ pr_warn_ratelimited("overlayfs: failed to get inode (%i)\n", err);
inode = ERR_PTR(err);
goto out;
}
^ permalink raw reply [flat|nested] 429+ messages in thread
* [PATCH 5.1 033/405] fbdev: fix WARNING in __alloc_pages_nodemask bug
2019-05-30 2:59 [PATCH 5.1 000/405] 5.1.6-stable review Greg Kroah-Hartman
` (31 preceding siblings ...)
2019-05-30 3:00 ` [PATCH 5.1 032/405] ovl: relax WARN_ON() for overlapping layers use case Greg Kroah-Hartman
@ 2019-05-30 3:00 ` Greg Kroah-Hartman
2019-05-30 3:00 ` [PATCH 5.1 034/405] media: cpia2: Fix use-after-free in cpia2_exit Greg Kroah-Hartman
` (376 subsequent siblings)
409 siblings, 0 replies; 429+ messages in thread
From: Greg Kroah-Hartman @ 2019-05-30 3:00 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Jiufei Xue, Bartlomiej Zolnierkiewicz
From: Jiufei Xue <jiufei.xue@linux.alibaba.com>
commit 8c40292be9169a9cbe19aadd1a6fc60cbd1af82f upstream.
Syzkaller hit 'WARNING in __alloc_pages_nodemask' bug.
WARNING: CPU: 1 PID: 1473 at mm/page_alloc.c:4377
__alloc_pages_nodemask+0x4da/0x2130
Kernel panic - not syncing: panic_on_warn set ...
Call Trace:
alloc_pages_current+0xb1/0x1e0
kmalloc_order+0x1f/0x60
kmalloc_order_trace+0x1d/0x120
fb_alloc_cmap_gfp+0x85/0x2b0
fb_set_user_cmap+0xff/0x370
do_fb_ioctl+0x949/0xa20
fb_ioctl+0xdd/0x120
do_vfs_ioctl+0x186/0x1070
ksys_ioctl+0x89/0xa0
__x64_sys_ioctl+0x74/0xb0
do_syscall_64+0xc8/0x550
entry_SYSCALL_64_after_hwframe+0x49/0xbe
This is a warning about order >= MAX_ORDER and the order is from
userspace ioctl. Add flag __NOWARN to silence this warning.
Signed-off-by: Jiufei Xue <jiufei.xue@linux.alibaba.com>
Signed-off-by: Bartlomiej Zolnierkiewicz <b.zolnierkie@samsung.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/video/fbdev/core/fbcmap.c | 2 ++
1 file changed, 2 insertions(+)
--- a/drivers/video/fbdev/core/fbcmap.c
+++ b/drivers/video/fbdev/core/fbcmap.c
@@ -94,6 +94,8 @@ int fb_alloc_cmap_gfp(struct fb_cmap *cm
int size = len * sizeof(u16);
int ret = -ENOMEM;
+ flags |= __GFP_NOWARN;
+
if (cmap->len != len) {
fb_dealloc_cmap(cmap);
if (!len)
^ permalink raw reply [flat|nested] 429+ messages in thread
* [PATCH 5.1 034/405] media: cpia2: Fix use-after-free in cpia2_exit
2019-05-30 2:59 [PATCH 5.1 000/405] 5.1.6-stable review Greg Kroah-Hartman
` (32 preceding siblings ...)
2019-05-30 3:00 ` [PATCH 5.1 033/405] fbdev: fix WARNING in __alloc_pages_nodemask bug Greg Kroah-Hartman
@ 2019-05-30 3:00 ` Greg Kroah-Hartman
2019-05-30 3:00 ` [PATCH 5.1 035/405] media: serial_ir: Fix use-after-free in serial_ir_init_module Greg Kroah-Hartman
` (375 subsequent siblings)
409 siblings, 0 replies; 429+ messages in thread
From: Greg Kroah-Hartman @ 2019-05-30 3:00 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Hulk Robot, YueHaibing, Hans Verkuil,
Mauro Carvalho Chehab
From: YueHaibing <yuehaibing@huawei.com>
commit dea37a97265588da604c6ba80160a287b72c7bfd upstream.
Syzkaller report this:
BUG: KASAN: use-after-free in sysfs_remove_file_ns+0x5f/0x70 fs/sysfs/file.c:468
Read of size 8 at addr ffff8881f59a6b70 by task syz-executor.0/8363
CPU: 0 PID: 8363 Comm: syz-executor.0 Not tainted 5.0.0-rc8+ #3
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.10.2-1ubuntu1 04/01/2014
Call Trace:
__dump_stack lib/dump_stack.c:77 [inline]
dump_stack+0xfa/0x1ce lib/dump_stack.c:113
print_address_description+0x65/0x270 mm/kasan/report.c:187
kasan_report+0x149/0x18d mm/kasan/report.c:317
sysfs_remove_file_ns+0x5f/0x70 fs/sysfs/file.c:468
sysfs_remove_file include/linux/sysfs.h:519 [inline]
driver_remove_file+0x40/0x50 drivers/base/driver.c:122
usb_remove_newid_files drivers/usb/core/driver.c:212 [inline]
usb_deregister+0x12a/0x3b0 drivers/usb/core/driver.c:1005
cpia2_exit+0xa/0x16 [cpia2]
__do_sys_delete_module kernel/module.c:1018 [inline]
__se_sys_delete_module kernel/module.c:961 [inline]
__x64_sys_delete_module+0x3dc/0x5e0 kernel/module.c:961
do_syscall_64+0x147/0x600 arch/x86/entry/common.c:290
entry_SYSCALL_64_after_hwframe+0x49/0xbe
RIP: 0033:0x462e99
Code: f7 d8 64 89 02 b8 ff ff ff ff c3 66 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007f86f3754c58 EFLAGS: 00000246 ORIG_RAX: 00000000000000b0
RAX: ffffffffffffffda RBX: 000000000073bf00 RCX: 0000000000462e99
RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000020000300
RBP: 0000000000000002 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 00007f86f37556bc
R13: 00000000004bcca9 R14: 00000000006f6b48 R15: 00000000ffffffff
Allocated by task 8363:
set_track mm/kasan/common.c:85 [inline]
__kasan_kmalloc.constprop.3+0xa0/0xd0 mm/kasan/common.c:495
kmalloc include/linux/slab.h:545 [inline]
kzalloc include/linux/slab.h:740 [inline]
bus_add_driver+0xc0/0x610 drivers/base/bus.c:651
driver_register+0x1bb/0x3f0 drivers/base/driver.c:170
usb_register_driver+0x267/0x520 drivers/usb/core/driver.c:965
0xffffffffc1b4817c
do_one_initcall+0xfa/0x5ca init/main.c:887
do_init_module+0x204/0x5f6 kernel/module.c:3460
load_module+0x66b2/0x8570 kernel/module.c:3808
__do_sys_finit_module+0x238/0x2a0 kernel/module.c:3902
do_syscall_64+0x147/0x600 arch/x86/entry/common.c:290
entry_SYSCALL_64_after_hwframe+0x49/0xbe
Freed by task 8363:
set_track mm/kasan/common.c:85 [inline]
__kasan_slab_free+0x130/0x180 mm/kasan/common.c:457
slab_free_hook mm/slub.c:1430 [inline]
slab_free_freelist_hook mm/slub.c:1457 [inline]
slab_free mm/slub.c:3005 [inline]
kfree+0xe1/0x270 mm/slub.c:3957
kobject_cleanup lib/kobject.c:662 [inline]
kobject_release lib/kobject.c:691 [inline]
kref_put include/linux/kref.h:67 [inline]
kobject_put+0x146/0x240 lib/kobject.c:708
bus_remove_driver+0x10e/0x220 drivers/base/bus.c:732
driver_unregister+0x6c/0xa0 drivers/base/driver.c:197
usb_register_driver+0x341/0x520 drivers/usb/core/driver.c:980
0xffffffffc1b4817c
do_one_initcall+0xfa/0x5ca init/main.c:887
do_init_module+0x204/0x5f6 kernel/module.c:3460
load_module+0x66b2/0x8570 kernel/module.c:3808
__do_sys_finit_module+0x238/0x2a0 kernel/module.c:3902
do_syscall_64+0x147/0x600 arch/x86/entry/common.c:290
entry_SYSCALL_64_after_hwframe+0x49/0xbe
The buggy address belongs to the object at ffff8881f59a6b40
which belongs to the cache kmalloc-256 of size 256
The buggy address is located 48 bytes inside of
256-byte region [ffff8881f59a6b40, ffff8881f59a6c40)
The buggy address belongs to the page:
page:ffffea0007d66980 count:1 mapcount:0 mapping:ffff8881f6c02e00 index:0x0
flags: 0x2fffc0000000200(slab)
raw: 02fffc0000000200 dead000000000100 dead000000000200 ffff8881f6c02e00
raw: 0000000000000000 00000000800c000c 00000001ffffffff 0000000000000000
page dumped because: kasan: bad access detected
Memory state around the buggy address:
ffff8881f59a6a00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
ffff8881f59a6a80: 00 00 00 00 00 00 00 00 00 00 fc fc fc fc fc fc
>ffff8881f59a6b00: fc fc fc fc fc fc fc fc fb fb fb fb fb fb fb fb
^
ffff8881f59a6b80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
ffff8881f59a6c00: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc
cpia2_init does not check return value of cpia2_init, if it failed
in usb_register_driver, there is already cleanup using driver_unregister.
No need call cpia2_usb_cleanup on module exit.
Reported-by: Hulk Robot <hulkci@huawei.com>
Signed-off-by: YueHaibing <yuehaibing@huawei.com>
Signed-off-by: Hans Verkuil <hverkuil-cisco@xs4all.nl>
Signed-off-by: Mauro Carvalho Chehab <mchehab+samsung@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/media/usb/cpia2/cpia2_v4l.c | 3 +--
1 file changed, 1 insertion(+), 2 deletions(-)
--- a/drivers/media/usb/cpia2/cpia2_v4l.c
+++ b/drivers/media/usb/cpia2/cpia2_v4l.c
@@ -1240,8 +1240,7 @@ static int __init cpia2_init(void)
LOG("%s v%s\n",
ABOUT, CPIA_VERSION);
check_parameters();
- cpia2_usb_init();
- return 0;
+ return cpia2_usb_init();
}
^ permalink raw reply [flat|nested] 429+ messages in thread
* [PATCH 5.1 035/405] media: serial_ir: Fix use-after-free in serial_ir_init_module
2019-05-30 2:59 [PATCH 5.1 000/405] 5.1.6-stable review Greg Kroah-Hartman
` (33 preceding siblings ...)
2019-05-30 3:00 ` [PATCH 5.1 034/405] media: cpia2: Fix use-after-free in cpia2_exit Greg Kroah-Hartman
@ 2019-05-30 3:00 ` Greg Kroah-Hartman
2019-05-30 3:00 ` [PATCH 5.1 036/405] media: vb2: add waiting_in_dqbuf flag Greg Kroah-Hartman
` (374 subsequent siblings)
409 siblings, 0 replies; 429+ messages in thread
From: Greg Kroah-Hartman @ 2019-05-30 3:00 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Hulk Robot, YueHaibing, Sean Young,
Mauro Carvalho Chehab
From: YueHaibing <yuehaibing@huawei.com>
commit 56cd26b618855c9af48c8301aa6754ced8dd0beb upstream.
Syzkaller report this:
BUG: KASAN: use-after-free in sysfs_remove_file_ns+0x5f/0x70 fs/sysfs/file.c:468
Read of size 8 at addr ffff8881dc7ae030 by task syz-executor.0/6249
CPU: 1 PID: 6249 Comm: syz-executor.0 Not tainted 5.0.0-rc8+ #3
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.10.2-1ubuntu1 04/01/2014
Call Trace:
__dump_stack lib/dump_stack.c:77 [inline]
dump_stack+0xfa/0x1ce lib/dump_stack.c:113
print_address_description+0x65/0x270 mm/kasan/report.c:187
kasan_report+0x149/0x18d mm/kasan/report.c:317
? 0xffffffffc1728000
sysfs_remove_file_ns+0x5f/0x70 fs/sysfs/file.c:468
sysfs_remove_file include/linux/sysfs.h:519 [inline]
driver_remove_file+0x40/0x50 drivers/base/driver.c:122
remove_bind_files drivers/base/bus.c:585 [inline]
bus_remove_driver+0x186/0x220 drivers/base/bus.c:725
driver_unregister+0x6c/0xa0 drivers/base/driver.c:197
serial_ir_init_module+0x169/0x1000 [serial_ir]
do_one_initcall+0xfa/0x5ca init/main.c:887
do_init_module+0x204/0x5f6 kernel/module.c:3460
load_module+0x66b2/0x8570 kernel/module.c:3808
__do_sys_finit_module+0x238/0x2a0 kernel/module.c:3902
do_syscall_64+0x147/0x600 arch/x86/entry/common.c:290
entry_SYSCALL_64_after_hwframe+0x49/0xbe
RIP: 0033:0x462e99
Code: f7 d8 64 89 02 b8 ff ff ff ff c3 66 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007f9450132c58 EFLAGS: 00000246 ORIG_RAX: 0000000000000139
RAX: ffffffffffffffda RBX: 000000000073bf00 RCX: 0000000000462e99
RDX: 0000000000000000 RSI: 0000000020000100 RDI: 0000000000000003
RBP: 00007f9450132c70 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 00007f94501336bc
R13: 00000000004bcefa R14: 00000000006f6fb0 R15: 0000000000000004
Allocated by task 6249:
set_track mm/kasan/common.c:85 [inline]
__kasan_kmalloc.constprop.3+0xa0/0xd0 mm/kasan/common.c:495
kmalloc include/linux/slab.h:545 [inline]
kzalloc include/linux/slab.h:740 [inline]
bus_add_driver+0xc0/0x610 drivers/base/bus.c:651
driver_register+0x1bb/0x3f0 drivers/base/driver.c:170
serial_ir_init_module+0xe8/0x1000 [serial_ir]
do_one_initcall+0xfa/0x5ca init/main.c:887
do_init_module+0x204/0x5f6 kernel/module.c:3460
load_module+0x66b2/0x8570 kernel/module.c:3808
__do_sys_finit_module+0x238/0x2a0 kernel/module.c:3902
do_syscall_64+0x147/0x600 arch/x86/entry/common.c:290
entry_SYSCALL_64_after_hwframe+0x49/0xbe
Freed by task 6249:
set_track mm/kasan/common.c:85 [inline]
__kasan_slab_free+0x130/0x180 mm/kasan/common.c:457
slab_free_hook mm/slub.c:1430 [inline]
slab_free_freelist_hook mm/slub.c:1457 [inline]
slab_free mm/slub.c:3005 [inline]
kfree+0xe1/0x270 mm/slub.c:3957
kobject_cleanup lib/kobject.c:662 [inline]
kobject_release lib/kobject.c:691 [inline]
kref_put include/linux/kref.h:67 [inline]
kobject_put+0x146/0x240 lib/kobject.c:708
bus_remove_driver+0x10e/0x220 drivers/base/bus.c:732
driver_unregister+0x6c/0xa0 drivers/base/driver.c:197
serial_ir_init_module+0x14c/0x1000 [serial_ir]
do_one_initcall+0xfa/0x5ca init/main.c:887
do_init_module+0x204/0x5f6 kernel/module.c:3460
load_module+0x66b2/0x8570 kernel/module.c:3808
__do_sys_finit_module+0x238/0x2a0 kernel/module.c:3902
do_syscall_64+0x147/0x600 arch/x86/entry/common.c:290
entry_SYSCALL_64_after_hwframe+0x49/0xbe
The buggy address belongs to the object at ffff8881dc7ae000
which belongs to the cache kmalloc-256 of size 256
The buggy address is located 48 bytes inside of
256-byte region [ffff8881dc7ae000, ffff8881dc7ae100)
The buggy address belongs to the page:
page:ffffea000771eb80 count:1 mapcount:0 mapping:ffff8881f6c02e00 index:0x0
flags: 0x2fffc0000000200(slab)
raw: 02fffc0000000200 ffffea0007d14800 0000000400000002 ffff8881f6c02e00
raw: 0000000000000000 00000000800c000c 00000001ffffffff 0000000000000000
page dumped because: kasan: bad access detected
Memory state around the buggy address:
ffff8881dc7adf00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
ffff8881dc7adf80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
>ffff8881dc7ae000: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
^
ffff8881dc7ae080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
ffff8881dc7ae100: fc fc fc fc fc fc fc fc 00 00 00 00 00 00 00 00
There are already cleanup handlings in serial_ir_init error path,
no need to call serial_ir_exit do it again in serial_ir_init_module,
otherwise will trigger a use-after-free issue.
Fixes: fa5dc29c1fcc ("[media] lirc_serial: move out of staging and rename to serial_ir")
Reported-by: Hulk Robot <hulkci@huawei.com>
Signed-off-by: YueHaibing <yuehaibing@huawei.com>
Signed-off-by: Sean Young <sean@mess.org>
Signed-off-by: Mauro Carvalho Chehab <mchehab+samsung@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/media/rc/serial_ir.c | 9 +--------
1 file changed, 1 insertion(+), 8 deletions(-)
--- a/drivers/media/rc/serial_ir.c
+++ b/drivers/media/rc/serial_ir.c
@@ -773,8 +773,6 @@ static void serial_ir_exit(void)
static int __init serial_ir_init_module(void)
{
- int result;
-
switch (type) {
case IR_HOMEBREW:
case IR_IRDEO:
@@ -802,12 +800,7 @@ static int __init serial_ir_init_module(
if (sense != -1)
sense = !!sense;
- result = serial_ir_init();
- if (!result)
- return 0;
-
- serial_ir_exit();
- return result;
+ return serial_ir_init();
}
static void __exit serial_ir_exit_module(void)
^ permalink raw reply [flat|nested] 429+ messages in thread
* [PATCH 5.1 036/405] media: vb2: add waiting_in_dqbuf flag
2019-05-30 2:59 [PATCH 5.1 000/405] 5.1.6-stable review Greg Kroah-Hartman
` (34 preceding siblings ...)
2019-05-30 3:00 ` [PATCH 5.1 035/405] media: serial_ir: Fix use-after-free in serial_ir_init_module Greg Kroah-Hartman
@ 2019-05-30 3:00 ` Greg Kroah-Hartman
2019-05-30 3:00 ` [PATCH 5.1 037/405] media: vivid: use vfree() instead of kfree() for dev->bitmap_cap Greg Kroah-Hartman
` (373 subsequent siblings)
409 siblings, 0 replies; 429+ messages in thread
From: Greg Kroah-Hartman @ 2019-05-30 3:00 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Hans Verkuil, Syzbot, Tomasz Figa,
Hans Verkuil, Mauro Carvalho Chehab
From: Hans Verkuil <hverkuil@xs4all.nl>
commit d65842f7126aa1a87fb44b7c9980c12630ed4f33 upstream.
Calling VIDIOC_DQBUF can release the core serialization lock pointed to
by vb2_queue->lock if it has to wait for a new buffer to arrive.
However, if userspace dup()ped the video device filehandle, then it is
possible to read or call DQBUF from two filehandles at the same time.
It is also possible to call REQBUFS from one filehandle while the other
is waiting for a buffer. This will remove all the buffers and reallocate
new ones. Removing all the buffers isn't the problem here (that's already
handled correctly by DQBUF), but the reallocating part is: DQBUF isn't
aware that the buffers have changed.
This is fixed by setting a flag whenever the lock is released while waiting
for a buffer to arrive. And checking the flag where needed so we can return
-EBUSY.
Signed-off-by: Hans Verkuil <hverkuil@xs4all.nl>
Reported-by: Syzbot <syzbot+4180ff9ca6810b06c1e9@syzkaller.appspotmail.com>
Reviewed-by: Tomasz Figa <tfiga@chromium.org>
Signed-off-by: Hans Verkuil <hverkuil-cisco@xs4all.nl>
Signed-off-by: Mauro Carvalho Chehab <mchehab+samsung@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/media/common/videobuf2/videobuf2-core.c | 22 ++++++++++++++++++++++
include/media/videobuf2-core.h | 1 +
2 files changed, 23 insertions(+)
--- a/drivers/media/common/videobuf2/videobuf2-core.c
+++ b/drivers/media/common/videobuf2/videobuf2-core.c
@@ -672,6 +672,11 @@ int vb2_core_reqbufs(struct vb2_queue *q
return -EBUSY;
}
+ if (q->waiting_in_dqbuf && *count) {
+ dprintk(1, "another dup()ped fd is waiting for a buffer\n");
+ return -EBUSY;
+ }
+
if (*count == 0 || q->num_buffers != 0 ||
(q->memory != VB2_MEMORY_UNKNOWN && q->memory != memory)) {
/*
@@ -807,6 +812,10 @@ int vb2_core_create_bufs(struct vb2_queu
}
if (!q->num_buffers) {
+ if (q->waiting_in_dqbuf && *count) {
+ dprintk(1, "another dup()ped fd is waiting for a buffer\n");
+ return -EBUSY;
+ }
memset(q->alloc_devs, 0, sizeof(q->alloc_devs));
q->memory = memory;
q->waiting_for_buffers = !q->is_output;
@@ -1659,6 +1668,11 @@ static int __vb2_wait_for_done_vb(struct
for (;;) {
int ret;
+ if (q->waiting_in_dqbuf) {
+ dprintk(1, "another dup()ped fd is waiting for a buffer\n");
+ return -EBUSY;
+ }
+
if (!q->streaming) {
dprintk(1, "streaming off, will not wait for buffers\n");
return -EINVAL;
@@ -1686,6 +1700,7 @@ static int __vb2_wait_for_done_vb(struct
return -EAGAIN;
}
+ q->waiting_in_dqbuf = 1;
/*
* We are streaming and blocking, wait for another buffer to
* become ready or for streamoff. Driver's lock is released to
@@ -1706,6 +1721,7 @@ static int __vb2_wait_for_done_vb(struct
* the locks or return an error if one occurred.
*/
call_void_qop(q, wait_finish, q);
+ q->waiting_in_dqbuf = 0;
if (ret) {
dprintk(1, "sleep was interrupted\n");
return ret;
@@ -2585,6 +2601,12 @@ static size_t __vb2_perform_fileio(struc
if (!data)
return -EINVAL;
+ if (q->waiting_in_dqbuf) {
+ dprintk(3, "another dup()ped fd is %s\n",
+ read ? "reading" : "writing");
+ return -EBUSY;
+ }
+
/*
* Initialize emulator on first call.
*/
--- a/include/media/videobuf2-core.h
+++ b/include/media/videobuf2-core.h
@@ -595,6 +595,7 @@ struct vb2_queue {
unsigned int start_streaming_called:1;
unsigned int error:1;
unsigned int waiting_for_buffers:1;
+ unsigned int waiting_in_dqbuf:1;
unsigned int is_multiplanar:1;
unsigned int is_output:1;
unsigned int copy_timestamp:1;
^ permalink raw reply [flat|nested] 429+ messages in thread
* [PATCH 5.1 037/405] media: vivid: use vfree() instead of kfree() for dev->bitmap_cap
2019-05-30 2:59 [PATCH 5.1 000/405] 5.1.6-stable review Greg Kroah-Hartman
` (35 preceding siblings ...)
2019-05-30 3:00 ` [PATCH 5.1 036/405] media: vb2: add waiting_in_dqbuf flag Greg Kroah-Hartman
@ 2019-05-30 3:00 ` Greg Kroah-Hartman
2019-05-30 3:00 ` [PATCH 5.1 038/405] ssb: Fix possible NULL pointer dereference in ssb_host_pcmcia_exit Greg Kroah-Hartman
` (372 subsequent siblings)
409 siblings, 0 replies; 429+ messages in thread
From: Greg Kroah-Hartman @ 2019-05-30 3:00 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Alexander Potapenko, Syzbot,
Hans Verkuil, Mauro Carvalho Chehab
From: Alexander Potapenko <glider@google.com>
commit dad7e270ba712ba1c99cd2d91018af6044447a06 upstream.
syzkaller reported crashes on kfree() called from
vivid_vid_cap_s_selection(). This looks like a simple typo, as
dev->bitmap_cap is allocated with vzalloc() throughout the file.
Fixes: ef834f7836ec0 ("[media] vivid: add the video capture and output
parts")
Signed-off-by: Alexander Potapenko <glider@google.com>
Reported-by: Syzbot <syzbot+6c0effb5877f6b0344e2@syzkaller.appspotmail.com>
Signed-off-by: Hans Verkuil <hverkuil-cisco@xs4all.nl>
Signed-off-by: Mauro Carvalho Chehab <mchehab+samsung@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/media/platform/vivid/vivid-vid-cap.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/drivers/media/platform/vivid/vivid-vid-cap.c
+++ b/drivers/media/platform/vivid/vivid-vid-cap.c
@@ -1007,7 +1007,7 @@ int vivid_vid_cap_s_selection(struct fil
v4l2_rect_map_inside(&s->r, &dev->fmt_cap_rect);
if (dev->bitmap_cap && (compose->width != s->r.width ||
compose->height != s->r.height)) {
- kfree(dev->bitmap_cap);
+ vfree(dev->bitmap_cap);
dev->bitmap_cap = NULL;
}
*compose = s->r;
^ permalink raw reply [flat|nested] 429+ messages in thread
* [PATCH 5.1 038/405] ssb: Fix possible NULL pointer dereference in ssb_host_pcmcia_exit
2019-05-30 2:59 [PATCH 5.1 000/405] 5.1.6-stable review Greg Kroah-Hartman
` (36 preceding siblings ...)
2019-05-30 3:00 ` [PATCH 5.1 037/405] media: vivid: use vfree() instead of kfree() for dev->bitmap_cap Greg Kroah-Hartman
@ 2019-05-30 3:00 ` Greg Kroah-Hartman
2019-05-30 3:00 ` [PATCH 5.1 039/405] bpf: devmap: fix use-after-free Read in __dev_map_entry_free Greg Kroah-Hartman
` (371 subsequent siblings)
409 siblings, 0 replies; 429+ messages in thread
From: Greg Kroah-Hartman @ 2019-05-30 3:00 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Hulk Robot, YueHaibing, Kalle Valo
From: YueHaibing <yuehaibing@huawei.com>
commit b2c01aab9646ed8ffb7c549afe55d5349c482425 upstream.
Syzkaller report this:
kasan: GPF could be caused by NULL-ptr deref or user memory access
general protection fault: 0000 [#1] SMP KASAN PTI
CPU: 0 PID: 4492 Comm: syz-executor.0 Not tainted 5.0.0-rc7+ #45
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.10.2-1ubuntu1 04/01/2014
RIP: 0010:sysfs_remove_file_ns+0x27/0x70 fs/sysfs/file.c:468
Code: 00 00 00 41 54 55 48 89 fd 53 49 89 d4 48 89 f3 e8 ee 76 9c ff 48 8d 7d 30 48 b8 00 00 00 00 00 fc ff df 48 89 fa 48 c1 ea 03 <80> 3c 02 00 75 2d 48 89 da 48 b8 00 00 00 00 00 fc ff df 48 8b 6d
RSP: 0018:ffff8881e9d9fc00 EFLAGS: 00010206
RAX: dffffc0000000000 RBX: ffffffff900367e0 RCX: ffffffff81a95952
RDX: 0000000000000006 RSI: ffffc90001405000 RDI: 0000000000000030
RBP: 0000000000000000 R08: fffffbfff1fa22ed R09: fffffbfff1fa22ed
R10: 0000000000000001 R11: fffffbfff1fa22ec R12: 0000000000000000
R13: ffffffffc1abdac0 R14: 1ffff1103d3b3f8b R15: 0000000000000000
FS: 00007fe409dc1700(0000) GS:ffff8881f1200000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000001b2d721000 CR3: 00000001e98b6005 CR4: 00000000007606f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
PKRU: 55555554
Call Trace:
sysfs_remove_file include/linux/sysfs.h:519 [inline]
driver_remove_file+0x40/0x50 drivers/base/driver.c:122
pcmcia_remove_newid_file drivers/pcmcia/ds.c:163 [inline]
pcmcia_unregister_driver+0x7d/0x2b0 drivers/pcmcia/ds.c:209
ssb_modexit+0xa/0x1b [ssb]
__do_sys_delete_module kernel/module.c:1018 [inline]
__se_sys_delete_module kernel/module.c:961 [inline]
__x64_sys_delete_module+0x3dc/0x5e0 kernel/module.c:961
do_syscall_64+0x147/0x600 arch/x86/entry/common.c:290
entry_SYSCALL_64_after_hwframe+0x49/0xbe
RIP: 0033:0x462e99
Code: f7 d8 64 89 02 b8 ff ff ff ff c3 66 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007fe409dc0c58 EFLAGS: 00000246 ORIG_RAX: 00000000000000b0
RAX: ffffffffffffffda RBX: 000000000073bf00 RCX: 0000000000462e99
RDX: 0000000000000000 RSI: 0000000000000000 RDI: 00000000200000c0
RBP: 0000000000000002 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 00007fe409dc16bc
R13: 00000000004bccaa R14: 00000000006f6bc8 R15: 00000000ffffffff
Modules linked in: ssb(-) 3c59x nvme_core macvlan tap pata_hpt3x3 rt2x00pci null_blk tsc40 pm_notifier_error_inject notifier_error_inject mdio cdc_wdm nf_reject_ipv4 ath9k_common ath9k_hw ath pppox ppp_generic slhc ehci_platform wl12xx wlcore tps6507x_ts ioc4 nf_synproxy_core ide_gd_mod ax25 can_dev iwlwifi can_raw atm tm2_touchkey can_gw can sundance adp5588_keys rt2800mmio rt2800lib rt2x00mmio rt2x00lib eeprom_93cx6 pn533 lru_cache elants_i2c ip_set nfnetlink gameport tipc hampshire nhc_ipv6 nhc_hop nhc_udp nhc_fragment nhc_routing nhc_mobility nhc_dest 6lowpan silead brcmutil nfc mt76_usb mt76 mac80211 iptable_security iptable_raw iptable_mangle iptable_nat nf_nat_ipv4 nf_nat nf_conntrack nf_defrag_ipv6 nf_defrag_ipv4 iptable_filter bpfilter ip6_vti ip_gre sit hsr veth vxcan batman_adv cfg80211 rfkill chnl_net caif nlmon vcan bridge stp llc ip6_gre ip6_tunnel tunnel6 tun joydev mousedev serio_raw ide_pci_generic piix floppy ide_core sch_fq_codel ip_tables x_tables ipv6
[last unloaded: 3c59x]
Dumping ftrace buffer:
(ftrace buffer empty)
---[ end trace 3913cbf8011e1c05 ]---
In ssb_modinit, it does not fail SSB init when ssb_host_pcmcia_init failed,
however in ssb_modexit, ssb_host_pcmcia_exit calls pcmcia_unregister_driver
unconditionally, which may tigger a NULL pointer dereference issue as above.
Reported-by: Hulk Robot <hulkci@huawei.com>
Fixes: 399500da18f7 ("ssb: pick PCMCIA host code support from b43 driver")
Signed-off-by: YueHaibing <yuehaibing@huawei.com>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/ssb/bridge_pcmcia_80211.c | 9 +++++++--
1 file changed, 7 insertions(+), 2 deletions(-)
--- a/drivers/ssb/bridge_pcmcia_80211.c
+++ b/drivers/ssb/bridge_pcmcia_80211.c
@@ -113,16 +113,21 @@ static struct pcmcia_driver ssb_host_pcm
.resume = ssb_host_pcmcia_resume,
};
+static int pcmcia_init_failed;
+
/*
* These are not module init/exit functions!
* The module_pcmcia_driver() helper cannot be used here.
*/
int ssb_host_pcmcia_init(void)
{
- return pcmcia_register_driver(&ssb_host_pcmcia_driver);
+ pcmcia_init_failed = pcmcia_register_driver(&ssb_host_pcmcia_driver);
+
+ return pcmcia_init_failed;
}
void ssb_host_pcmcia_exit(void)
{
- pcmcia_unregister_driver(&ssb_host_pcmcia_driver);
+ if (!pcmcia_init_failed)
+ pcmcia_unregister_driver(&ssb_host_pcmcia_driver);
}
^ permalink raw reply [flat|nested] 429+ messages in thread
* [PATCH 5.1 039/405] bpf: devmap: fix use-after-free Read in __dev_map_entry_free
2019-05-30 2:59 [PATCH 5.1 000/405] 5.1.6-stable review Greg Kroah-Hartman
` (37 preceding siblings ...)
2019-05-30 3:00 ` [PATCH 5.1 038/405] ssb: Fix possible NULL pointer dereference in ssb_host_pcmcia_exit Greg Kroah-Hartman
@ 2019-05-30 3:00 ` Greg Kroah-Hartman
2019-05-30 3:00 ` [PATCH 5.1 040/405] batman-adv: mcast: fix multicast tt/tvlv worker locking Greg Kroah-Hartman
` (370 subsequent siblings)
409 siblings, 0 replies; 429+ messages in thread
From: Greg Kroah-Hartman @ 2019-05-30 3:00 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Eric Dumazet,
syzbot+457d3e2ffbcf31aee5c0, Toke Høiland-Jørgensen,
Jesper Dangaard Brouer, Daniel Borkmann
From: Eric Dumazet <edumazet@google.com>
commit 2baae3545327632167c0180e9ca1d467416f1919 upstream.
synchronize_rcu() is fine when the rcu callbacks only need
to free memory (kfree_rcu() or direct kfree() call rcu call backs)
__dev_map_entry_free() is a bit more complex, so we need to make
sure that call queued __dev_map_entry_free() callbacks have completed.
sysbot report:
BUG: KASAN: use-after-free in dev_map_flush_old kernel/bpf/devmap.c:365
[inline]
BUG: KASAN: use-after-free in __dev_map_entry_free+0x2a8/0x300
kernel/bpf/devmap.c:379
Read of size 8 at addr ffff8801b8da38c8 by task ksoftirqd/1/18
CPU: 1 PID: 18 Comm: ksoftirqd/1 Not tainted 4.17.0+ #39
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS
Google 01/01/2011
Call Trace:
__dump_stack lib/dump_stack.c:77 [inline]
dump_stack+0x1b9/0x294 lib/dump_stack.c:113
print_address_description+0x6c/0x20b mm/kasan/report.c:256
kasan_report_error mm/kasan/report.c:354 [inline]
kasan_report.cold.7+0x242/0x2fe mm/kasan/report.c:412
__asan_report_load8_noabort+0x14/0x20 mm/kasan/report.c:433
dev_map_flush_old kernel/bpf/devmap.c:365 [inline]
__dev_map_entry_free+0x2a8/0x300 kernel/bpf/devmap.c:379
__rcu_reclaim kernel/rcu/rcu.h:178 [inline]
rcu_do_batch kernel/rcu/tree.c:2558 [inline]
invoke_rcu_callbacks kernel/rcu/tree.c:2818 [inline]
__rcu_process_callbacks kernel/rcu/tree.c:2785 [inline]
rcu_process_callbacks+0xe9d/0x1760 kernel/rcu/tree.c:2802
__do_softirq+0x2e0/0xaf5 kernel/softirq.c:284
run_ksoftirqd+0x86/0x100 kernel/softirq.c:645
smpboot_thread_fn+0x417/0x870 kernel/smpboot.c:164
kthread+0x345/0x410 kernel/kthread.c:240
ret_from_fork+0x3a/0x50 arch/x86/entry/entry_64.S:412
Allocated by task 6675:
save_stack+0x43/0xd0 mm/kasan/kasan.c:448
set_track mm/kasan/kasan.c:460 [inline]
kasan_kmalloc+0xc4/0xe0 mm/kasan/kasan.c:553
kmem_cache_alloc_trace+0x152/0x780 mm/slab.c:3620
kmalloc include/linux/slab.h:513 [inline]
kzalloc include/linux/slab.h:706 [inline]
dev_map_alloc+0x208/0x7f0 kernel/bpf/devmap.c:102
find_and_alloc_map kernel/bpf/syscall.c:129 [inline]
map_create+0x393/0x1010 kernel/bpf/syscall.c:453
__do_sys_bpf kernel/bpf/syscall.c:2351 [inline]
__se_sys_bpf kernel/bpf/syscall.c:2328 [inline]
__x64_sys_bpf+0x303/0x510 kernel/bpf/syscall.c:2328
do_syscall_64+0x1b1/0x800 arch/x86/entry/common.c:290
entry_SYSCALL_64_after_hwframe+0x49/0xbe
Freed by task 26:
save_stack+0x43/0xd0 mm/kasan/kasan.c:448
set_track mm/kasan/kasan.c:460 [inline]
__kasan_slab_free+0x11a/0x170 mm/kasan/kasan.c:521
kasan_slab_free+0xe/0x10 mm/kasan/kasan.c:528
__cache_free mm/slab.c:3498 [inline]
kfree+0xd9/0x260 mm/slab.c:3813
dev_map_free+0x4fa/0x670 kernel/bpf/devmap.c:191
bpf_map_free_deferred+0xba/0xf0 kernel/bpf/syscall.c:262
process_one_work+0xc64/0x1b70 kernel/workqueue.c:2153
worker_thread+0x181/0x13a0 kernel/workqueue.c:2296
kthread+0x345/0x410 kernel/kthread.c:240
ret_from_fork+0x3a/0x50 arch/x86/entry/entry_64.S:412
The buggy address belongs to the object at ffff8801b8da37c0
which belongs to the cache kmalloc-512 of size 512
The buggy address is located 264 bytes inside of
512-byte region [ffff8801b8da37c0, ffff8801b8da39c0)
The buggy address belongs to the page:
page:ffffea0006e368c0 count:1 mapcount:0 mapping:ffff8801da800940
index:0xffff8801b8da3540
flags: 0x2fffc0000000100(slab)
raw: 02fffc0000000100 ffffea0007217b88 ffffea0006e30cc8 ffff8801da800940
raw: ffff8801b8da3540 ffff8801b8da3040 0000000100000004 0000000000000000
page dumped because: kasan: bad access detected
Memory state around the buggy address:
ffff8801b8da3780: fc fc fc fc fc fc fc fc fb fb fb fb fb fb fb fb
ffff8801b8da3800: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
> ffff8801b8da3880: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
^
ffff8801b8da3900: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
ffff8801b8da3980: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc
Fixes: 546ac1ffb70d ("bpf: add devmap, a map for storing net device references")
Signed-off-by: Eric Dumazet <edumazet@google.com>
Reported-by: syzbot+457d3e2ffbcf31aee5c0@syzkaller.appspotmail.com
Acked-by: Toke Høiland-Jørgensen <toke@redhat.com>
Acked-by: Jesper Dangaard Brouer <brouer@redhat.com>
Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
kernel/bpf/devmap.c | 3 +++
1 file changed, 3 insertions(+)
--- a/kernel/bpf/devmap.c
+++ b/kernel/bpf/devmap.c
@@ -164,6 +164,9 @@ static void dev_map_free(struct bpf_map
bpf_clear_redirect_map(map);
synchronize_rcu();
+ /* Make sure prior __dev_map_entry_free() have completed. */
+ rcu_barrier();
+
/* To ensure all pending flush operations have completed wait for flush
* bitmap to indicate all flush_needed bits to be zero on _all_ cpus.
* Because the above synchronize_rcu() ensures the map is disconnected
^ permalink raw reply [flat|nested] 429+ messages in thread
* [PATCH 5.1 040/405] batman-adv: mcast: fix multicast tt/tvlv worker locking
2019-05-30 2:59 [PATCH 5.1 000/405] 5.1.6-stable review Greg Kroah-Hartman
` (38 preceding siblings ...)
2019-05-30 3:00 ` [PATCH 5.1 039/405] bpf: devmap: fix use-after-free Read in __dev_map_entry_free Greg Kroah-Hartman
@ 2019-05-30 3:00 ` Greg Kroah-Hartman
2019-05-30 3:00 ` [PATCH 5.1 041/405] at76c50x-usb: Dont register led_trigger if usb_register_driver failed Greg Kroah-Hartman
` (369 subsequent siblings)
409 siblings, 0 replies; 429+ messages in thread
From: Greg Kroah-Hartman @ 2019-05-30 3:00 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, syzbot+83f2d54ec6b7e417e13f,
syzbot+050927a651272b145a5d, syzbot+979ffc89b87309b1b94b,
syzbot+f9f3f388440283da2965, Linus Lüssing, Sven Eckelmann,
Simon Wunderlich
From: Linus Lüssing <linus.luessing@c0d3.blue>
commit a3c7cd0cdf1107f891aff847ad481e34df727055 upstream.
Syzbot has reported some issues with the locking assumptions made for
the multicast tt/tvlv worker: It was able to trigger the WARN_ON() in
batadv_mcast_mla_tt_retract() and batadv_mcast_mla_tt_add().
While hard/not reproduceable for us so far it seems that the
delayed_work_pending() we use might not be quite safe from reordering.
Therefore this patch adds an explicit, new spinlock to protect the
update of the mla_list and flags in bat_priv and then removes the
WARN_ON(delayed_work_pending()).
Reported-by: syzbot+83f2d54ec6b7e417e13f@syzkaller.appspotmail.com
Reported-by: syzbot+050927a651272b145a5d@syzkaller.appspotmail.com
Reported-by: syzbot+979ffc89b87309b1b94b@syzkaller.appspotmail.com
Reported-by: syzbot+f9f3f388440283da2965@syzkaller.appspotmail.com
Fixes: cbebd363b2e9 ("batman-adv: Use own timer for multicast TT and TVLV updates")
Signed-off-by: Linus Lüssing <linus.luessing@c0d3.blue>
Signed-off-by: Sven Eckelmann <sven@narfation.org>
Signed-off-by: Simon Wunderlich <sw@simonwunderlich.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
net/batman-adv/main.c | 1 +
net/batman-adv/multicast.c | 11 +++--------
net/batman-adv/types.h | 5 +++++
3 files changed, 9 insertions(+), 8 deletions(-)
--- a/net/batman-adv/main.c
+++ b/net/batman-adv/main.c
@@ -161,6 +161,7 @@ int batadv_mesh_init(struct net_device *
spin_lock_init(&bat_priv->tt.commit_lock);
spin_lock_init(&bat_priv->gw.list_lock);
#ifdef CONFIG_BATMAN_ADV_MCAST
+ spin_lock_init(&bat_priv->mcast.mla_lock);
spin_lock_init(&bat_priv->mcast.want_lists_lock);
#endif
spin_lock_init(&bat_priv->tvlv.container_list_lock);
--- a/net/batman-adv/multicast.c
+++ b/net/batman-adv/multicast.c
@@ -325,8 +325,6 @@ static void batadv_mcast_mla_list_free(s
* translation table except the ones listed in the given mcast_list.
*
* If mcast_list is NULL then all are retracted.
- *
- * Do not call outside of the mcast worker! (or cancel mcast worker first)
*/
static void batadv_mcast_mla_tt_retract(struct batadv_priv *bat_priv,
struct hlist_head *mcast_list)
@@ -334,8 +332,6 @@ static void batadv_mcast_mla_tt_retract(
struct batadv_hw_addr *mcast_entry;
struct hlist_node *tmp;
- WARN_ON(delayed_work_pending(&bat_priv->mcast.work));
-
hlist_for_each_entry_safe(mcast_entry, tmp, &bat_priv->mcast.mla_list,
list) {
if (mcast_list &&
@@ -359,8 +355,6 @@ static void batadv_mcast_mla_tt_retract(
*
* Adds multicast listener announcements from the given mcast_list to the
* translation table if they have not been added yet.
- *
- * Do not call outside of the mcast worker! (or cancel mcast worker first)
*/
static void batadv_mcast_mla_tt_add(struct batadv_priv *bat_priv,
struct hlist_head *mcast_list)
@@ -368,8 +362,6 @@ static void batadv_mcast_mla_tt_add(stru
struct batadv_hw_addr *mcast_entry;
struct hlist_node *tmp;
- WARN_ON(delayed_work_pending(&bat_priv->mcast.work));
-
if (!mcast_list)
return;
@@ -658,7 +650,10 @@ static void batadv_mcast_mla_update(stru
priv_mcast = container_of(delayed_work, struct batadv_priv_mcast, work);
bat_priv = container_of(priv_mcast, struct batadv_priv, mcast);
+ spin_lock(&bat_priv->mcast.mla_lock);
__batadv_mcast_mla_update(bat_priv);
+ spin_unlock(&bat_priv->mcast.mla_lock);
+
batadv_mcast_start_timer(bat_priv);
}
--- a/net/batman-adv/types.h
+++ b/net/batman-adv/types.h
@@ -1224,6 +1224,11 @@ struct batadv_priv_mcast {
unsigned char bridged:1;
/**
+ * @mla_lock: a lock protecting mla_list and mla_flags
+ */
+ spinlock_t mla_lock;
+
+ /**
* @num_want_all_unsnoopables: number of nodes wanting unsnoopable IP
* traffic
*/
^ permalink raw reply [flat|nested] 429+ messages in thread
* [PATCH 5.1 041/405] at76c50x-usb: Dont register led_trigger if usb_register_driver failed
2019-05-30 2:59 [PATCH 5.1 000/405] 5.1.6-stable review Greg Kroah-Hartman
` (39 preceding siblings ...)
2019-05-30 3:00 ` [PATCH 5.1 040/405] batman-adv: mcast: fix multicast tt/tvlv worker locking Greg Kroah-Hartman
@ 2019-05-30 3:00 ` Greg Kroah-Hartman
2019-05-30 3:00 ` [PATCH 5.1 042/405] acct_on(): dont mess with freeze protection Greg Kroah-Hartman
` (368 subsequent siblings)
409 siblings, 0 replies; 429+ messages in thread
From: Greg Kroah-Hartman @ 2019-05-30 3:00 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Hulk Robot, YueHaibing, Kalle Valo
From: YueHaibing <yuehaibing@huawei.com>
commit 09ac2694b0475f96be895848687ebcbba97eeecf upstream.
Syzkaller report this:
[ 1213.468581] BUG: unable to handle kernel paging request at fffffbfff83bf338
[ 1213.469530] #PF error: [normal kernel read fault]
[ 1213.469530] PGD 237fe4067 P4D 237fe4067 PUD 237e60067 PMD 1c868b067 PTE 0
[ 1213.473514] Oops: 0000 [#1] SMP KASAN PTI
[ 1213.473514] CPU: 0 PID: 6321 Comm: syz-executor.0 Tainted: G C 5.1.0-rc3+ #8
[ 1213.473514] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.10.2-1ubuntu1 04/01/2014
[ 1213.473514] RIP: 0010:strcmp+0x31/0xa0
[ 1213.473514] Code: 00 00 00 00 fc ff df 55 53 48 83 ec 08 eb 0a 84 db 48 89 ef 74 5a 4c 89 e6 48 89 f8 48 89 fa 48 8d 6f 01 48 c1 e8 03 83 e2 07 <42> 0f b6 04 28 38 d0 7f 04 84 c0 75 50 48 89 f0 48 89 f2 0f b6 5d
[ 1213.473514] RSP: 0018:ffff8881f2b7f950 EFLAGS: 00010246
[ 1213.473514] RAX: 1ffffffff83bf338 RBX: ffff8881ea6f7240 RCX: ffffffff825350c6
[ 1213.473514] RDX: 0000000000000000 RSI: ffffffffc1ee19c0 RDI: ffffffffc1df99c0
[ 1213.473514] RBP: ffffffffc1df99c1 R08: 0000000000000001 R09: 0000000000000004
[ 1213.473514] R10: 0000000000000000 R11: ffff8881de353f00 R12: ffff8881ee727900
[ 1213.473514] R13: dffffc0000000000 R14: 0000000000000001 R15: ffffffffc1eeaaf0
[ 1213.473514] FS: 00007fa66fa01700(0000) GS:ffff8881f7200000(0000) knlGS:0000000000000000
[ 1213.473514] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 1213.473514] CR2: fffffbfff83bf338 CR3: 00000001ebb9e005 CR4: 00000000007606f0
[ 1213.473514] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 1213.473514] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 1213.473514] PKRU: 55555554
[ 1213.473514] Call Trace:
[ 1213.473514] led_trigger_register+0x112/0x3f0
[ 1213.473514] led_trigger_register_simple+0x7a/0x110
[ 1213.473514] ? 0xffffffffc1c10000
[ 1213.473514] at76_mod_init+0x77/0x1000 [at76c50x_usb]
[ 1213.473514] do_one_initcall+0xbc/0x47d
[ 1213.473514] ? perf_trace_initcall_level+0x3a0/0x3a0
[ 1213.473514] ? kasan_unpoison_shadow+0x30/0x40
[ 1213.473514] ? kasan_unpoison_shadow+0x30/0x40
[ 1213.473514] do_init_module+0x1b5/0x547
[ 1213.473514] load_module+0x6405/0x8c10
[ 1213.473514] ? module_frob_arch_sections+0x20/0x20
[ 1213.473514] ? kernel_read_file+0x1e6/0x5d0
[ 1213.473514] ? find_held_lock+0x32/0x1c0
[ 1213.473514] ? cap_capable+0x1ae/0x210
[ 1213.473514] ? __do_sys_finit_module+0x162/0x190
[ 1213.473514] __do_sys_finit_module+0x162/0x190
[ 1213.473514] ? __ia32_sys_init_module+0xa0/0xa0
[ 1213.473514] ? __mutex_unlock_slowpath+0xdc/0x690
[ 1213.473514] ? wait_for_completion+0x370/0x370
[ 1213.473514] ? vfs_write+0x204/0x4a0
[ 1213.473514] ? do_syscall_64+0x18/0x450
[ 1213.473514] do_syscall_64+0x9f/0x450
[ 1213.473514] entry_SYSCALL_64_after_hwframe+0x49/0xbe
[ 1213.473514] RIP: 0033:0x462e99
[ 1213.473514] Code: f7 d8 64 89 02 b8 ff ff ff ff c3 66 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 1213.473514] RSP: 002b:00007fa66fa00c58 EFLAGS: 00000246 ORIG_RAX: 0000000000000139
[ 1213.473514] RAX: ffffffffffffffda RBX: 000000000073bf00 RCX: 0000000000462e99
[ 1213.473514] RDX: 0000000000000000 RSI: 0000000020000300 RDI: 0000000000000003
[ 1213.473514] RBP: 00007fa66fa00c70 R08: 0000000000000000 R09: 0000000000000000
[ 1213.473514] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fa66fa016bc
[ 1213.473514] R13: 00000000004bcefa R14: 00000000006f6fb0 R15: 0000000000000004
If usb_register failed, no need to call led_trigger_register_simple.
Reported-by: Hulk Robot <hulkci@huawei.com>
Fixes: 1264b951463a ("at76c50x-usb: add driver")
Signed-off-by: YueHaibing <yuehaibing@huawei.com>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/net/wireless/atmel/at76c50x-usb.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
--- a/drivers/net/wireless/atmel/at76c50x-usb.c
+++ b/drivers/net/wireless/atmel/at76c50x-usb.c
@@ -2585,8 +2585,8 @@ static int __init at76_mod_init(void)
if (result < 0)
printk(KERN_ERR DRIVER_NAME
": usb_register failed (status %d)\n", result);
-
- led_trigger_register_simple("at76_usb-tx", &ledtrig_tx);
+ else
+ led_trigger_register_simple("at76_usb-tx", &ledtrig_tx);
return result;
}
^ permalink raw reply [flat|nested] 429+ messages in thread
* [PATCH 5.1 042/405] acct_on(): dont mess with freeze protection
2019-05-30 2:59 [PATCH 5.1 000/405] 5.1.6-stable review Greg Kroah-Hartman
` (40 preceding siblings ...)
2019-05-30 3:00 ` [PATCH 5.1 041/405] at76c50x-usb: Dont register led_trigger if usb_register_driver failed Greg Kroah-Hartman
@ 2019-05-30 3:00 ` Greg Kroah-Hartman
2019-05-30 3:00 ` [PATCH 5.1 043/405] netfilter: ctnetlink: Resolve conntrack L3-protocol flush regression Greg Kroah-Hartman
` (367 subsequent siblings)
409 siblings, 0 replies; 429+ messages in thread
From: Greg Kroah-Hartman @ 2019-05-30 3:00 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Amir Goldstein,
syzbot+2a73a6ea9507b7112141, Al Viro
From: Al Viro <viro@zeniv.linux.org.uk>
commit 9419a3191dcb27f24478d288abaab697228d28e6 upstream.
What happens there is that we are replacing file->path.mnt of
a file we'd just opened with a clone and we need the write
count contribution to be transferred from original mount to
new one. That's it. We do *NOT* want any kind of freeze
protection for the duration of switchover.
IOW, we should just use __mnt_{want,drop}_write() for that
switchover; no need to bother with mnt_{want,drop}_write()
there.
Tested-by: Amir Goldstein <amir73il@gmail.com>
Reported-by: syzbot+2a73a6ea9507b7112141@syzkaller.appspotmail.com
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/internal.h | 2 --
include/linux/mount.h | 2 ++
kernel/acct.c | 4 ++--
3 files changed, 4 insertions(+), 4 deletions(-)
--- a/fs/internal.h
+++ b/fs/internal.h
@@ -89,9 +89,7 @@ extern int sb_prepare_remount_readonly(s
extern void __init mnt_init(void);
-extern int __mnt_want_write(struct vfsmount *);
extern int __mnt_want_write_file(struct file *);
-extern void __mnt_drop_write(struct vfsmount *);
extern void __mnt_drop_write_file(struct file *);
/*
--- a/include/linux/mount.h
+++ b/include/linux/mount.h
@@ -87,6 +87,8 @@ extern bool mnt_may_suid(struct vfsmount
struct path;
extern struct vfsmount *clone_private_mount(const struct path *path);
+extern int __mnt_want_write(struct vfsmount *);
+extern void __mnt_drop_write(struct vfsmount *);
struct file_system_type;
extern struct vfsmount *fc_mount(struct fs_context *fc);
--- a/kernel/acct.c
+++ b/kernel/acct.c
@@ -227,7 +227,7 @@ static int acct_on(struct filename *path
filp_close(file, NULL);
return PTR_ERR(internal);
}
- err = mnt_want_write(internal);
+ err = __mnt_want_write(internal);
if (err) {
mntput(internal);
kfree(acct);
@@ -252,7 +252,7 @@ static int acct_on(struct filename *path
old = xchg(&ns->bacct, &acct->pin);
mutex_unlock(&acct->lock);
pin_kill(old);
- mnt_drop_write(mnt);
+ __mnt_drop_write(mnt);
mntput(mnt);
return 0;
}
^ permalink raw reply [flat|nested] 429+ messages in thread
* [PATCH 5.1 043/405] netfilter: ctnetlink: Resolve conntrack L3-protocol flush regression
2019-05-30 2:59 [PATCH 5.1 000/405] 5.1.6-stable review Greg Kroah-Hartman
` (41 preceding siblings ...)
2019-05-30 3:00 ` [PATCH 5.1 042/405] acct_on(): dont mess with freeze protection Greg Kroah-Hartman
@ 2019-05-30 3:00 ` Greg Kroah-Hartman
2019-05-30 3:00 ` [PATCH 5.1 044/405] Revert "btrfs: Honour FITRIM range constraints during free space trim" Greg Kroah-Hartman
` (366 subsequent siblings)
409 siblings, 0 replies; 429+ messages in thread
From: Greg Kroah-Hartman @ 2019-05-30 3:00 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Nicolas Dichtel, Pablo Neira Ayuso,
Kristian Evensen
From: Kristian Evensen <kristian.evensen@gmail.com>
commit f8e608982022fad035160870f5b06086d3cba54d upstream.
Commit 59c08c69c278 ("netfilter: ctnetlink: Support L3 protocol-filter
on flush") introduced a user-space regression when flushing connection
track entries. Before this commit, the nfgen_family field was not used
by the kernel and all entries were removed. Since this commit,
nfgen_family is used to filter out entries that should not be removed.
One example a broken tool is conntrack. conntrack always sets
nfgen_family to AF_INET, so after 59c08c69c278 only IPv4 entries were
removed with the -F parameter.
Pablo Neira Ayuso suggested using nfgenmsg->version to resolve the
regression, and this commit implements his suggestion. nfgenmsg->version
is so far set to zero, so it is well-suited to be used as a flag for
selecting old or new flush behavior. If version is 0, nfgen_family is
ignored and all entries are used. If user-space sets the version to one
(or any other value than 0), then the new behavior is used. As version
only can have two valid values, I chose not to add a new
NFNETLINK_VERSION-constant.
Fixes: 59c08c69c278 ("netfilter: ctnetlink: Support L3 protocol-filter on flush")
Reported-by: Nicolas Dichtel <nicolas.dichtel@6wind.com>
Suggested-by: Pablo Neira Ayuso <pablo@netfilter.org>
Signed-off-by: Kristian Evensen <kristian.evensen@gmail.com>
Tested-by: Nicolas Dichtel <nicolas.dichtel@6wind.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
net/netfilter/nf_conntrack_netlink.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/net/netfilter/nf_conntrack_netlink.c
+++ b/net/netfilter/nf_conntrack_netlink.c
@@ -1254,7 +1254,7 @@ static int ctnetlink_del_conntrack(struc
struct nf_conntrack_tuple tuple;
struct nf_conn *ct;
struct nfgenmsg *nfmsg = nlmsg_data(nlh);
- u_int8_t u3 = nfmsg->nfgen_family;
+ u_int8_t u3 = nfmsg->version ? nfmsg->nfgen_family : AF_UNSPEC;
struct nf_conntrack_zone zone;
int err;
^ permalink raw reply [flat|nested] 429+ messages in thread
* [PATCH 5.1 044/405] Revert "btrfs: Honour FITRIM range constraints during free space trim"
2019-05-30 2:59 [PATCH 5.1 000/405] 5.1.6-stable review Greg Kroah-Hartman
` (42 preceding siblings ...)
2019-05-30 3:00 ` [PATCH 5.1 043/405] netfilter: ctnetlink: Resolve conntrack L3-protocol flush regression Greg Kroah-Hartman
@ 2019-05-30 3:00 ` Greg Kroah-Hartman
2019-05-30 3:00 ` [PATCH 5.1 045/405] gfs2: Fix lru_count going negative Greg Kroah-Hartman
` (365 subsequent siblings)
409 siblings, 0 replies; 429+ messages in thread
From: Greg Kroah-Hartman @ 2019-05-30 3:00 UTC (permalink / raw)
To: linux-kernel, stable; +Cc: Greg Kroah-Hartman, David Sterba
From: David Sterba <dsterba@suse.com>
This reverts commit eb432217d775a90c061681c0dfa3c7abfba75123.
There is currently no corresponding patch in master due to additional
changes that would be significantly different from plain revert in the
respective stable branch.
The range argument was not handled correctly and could cause trim to
overlap allocated areas or reach beyond the end of the device. The
address space that fitrim normally operates on is in logical
coordinates, while the discards are done on the physical device extents.
This distinction cannot be made with the current ioctl interface and
caused the confusion.
The bug depends on the layout of block groups and does not always
happen. The whole-fs trim (run by default by the fstrim tool) is not
affected.
Signed-off-by: David Sterba <dsterba@suse.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/btrfs/extent-tree.c | 25 ++++++-------------------
1 file changed, 6 insertions(+), 19 deletions(-)
--- a/fs/btrfs/extent-tree.c
+++ b/fs/btrfs/extent-tree.c
@@ -11314,9 +11314,9 @@ int btrfs_error_unpin_extent_range(struc
* held back allocations.
*/
static int btrfs_trim_free_extents(struct btrfs_device *device,
- struct fstrim_range *range, u64 *trimmed)
+ u64 minlen, u64 *trimmed)
{
- u64 start = range->start, len = 0;
+ u64 start = 0, len = 0;
int ret;
*trimmed = 0;
@@ -11359,8 +11359,8 @@ static int btrfs_trim_free_extents(struc
if (!trans)
up_read(&fs_info->commit_root_sem);
- ret = find_free_dev_extent_start(trans, device, range->minlen,
- start, &start, &len);
+ ret = find_free_dev_extent_start(trans, device, minlen, start,
+ &start, &len);
if (trans) {
up_read(&fs_info->commit_root_sem);
btrfs_put_transaction(trans);
@@ -11373,16 +11373,6 @@ static int btrfs_trim_free_extents(struc
break;
}
- /* If we are out of the passed range break */
- if (start > range->start + range->len - 1) {
- mutex_unlock(&fs_info->chunk_mutex);
- ret = 0;
- break;
- }
-
- start = max(range->start, start);
- len = min(range->len, len);
-
ret = btrfs_issue_discard(device->bdev, start, len, &bytes);
mutex_unlock(&fs_info->chunk_mutex);
@@ -11392,10 +11382,6 @@ static int btrfs_trim_free_extents(struc
start += len;
*trimmed += bytes;
- /* We've trimmed enough */
- if (*trimmed >= range->len)
- break;
-
if (fatal_signal_pending(current)) {
ret = -ERESTARTSYS;
break;
@@ -11479,7 +11465,8 @@ int btrfs_trim_fs(struct btrfs_fs_info *
mutex_lock(&fs_info->fs_devices->device_list_mutex);
devices = &fs_info->fs_devices->devices;
list_for_each_entry(device, devices, dev_list) {
- ret = btrfs_trim_free_extents(device, range, &group_trimmed);
+ ret = btrfs_trim_free_extents(device, range->minlen,
+ &group_trimmed);
if (ret) {
dev_failed++;
dev_ret = ret;
^ permalink raw reply [flat|nested] 429+ messages in thread
* [PATCH 5.1 045/405] gfs2: Fix lru_count going negative
2019-05-30 2:59 [PATCH 5.1 000/405] 5.1.6-stable review Greg Kroah-Hartman
` (43 preceding siblings ...)
2019-05-30 3:00 ` [PATCH 5.1 044/405] Revert "btrfs: Honour FITRIM range constraints during free space trim" Greg Kroah-Hartman
@ 2019-05-30 3:00 ` Greg Kroah-Hartman
2019-05-30 3:00 ` [PATCH 5.1 046/405] cxgb4: Fix error path in cxgb4_init_module Greg Kroah-Hartman
` (364 subsequent siblings)
409 siblings, 0 replies; 429+ messages in thread
From: Greg Kroah-Hartman @ 2019-05-30 3:00 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Ross Lagerwall, Andreas Gruenbacher,
Sasha Levin
[ Upstream commit 7881ef3f33bb80f459ea6020d1e021fc524a6348 ]
Under certain conditions, lru_count may drop below zero resulting in
a large amount of log spam like this:
vmscan: shrink_slab: gfs2_dump_glock+0x3b0/0x630 [gfs2] \
negative objects to delete nr=-1
This happens as follows:
1) A glock is moved from lru_list to the dispose list and lru_count is
decremented.
2) The dispose function calls cond_resched() and drops the lru lock.
3) Another thread takes the lru lock and tries to add the same glock to
lru_list, checking if the glock is on an lru list.
4) It is on a list (actually the dispose list) and so it avoids
incrementing lru_count.
5) The glock is moved to lru_list.
5) The original thread doesn't dispose it because it has been re-added
to the lru list but the lru_count has still decreased by one.
Fix by checking if the LRU flag is set on the glock rather than checking
if the glock is on some list and rearrange the code so that the LRU flag
is added/removed precisely when the glock is added/removed from lru_list.
Signed-off-by: Ross Lagerwall <ross.lagerwall@citrix.com>
Signed-off-by: Andreas Gruenbacher <agruenba@redhat.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
fs/gfs2/glock.c | 22 +++++++++++++---------
1 file changed, 13 insertions(+), 9 deletions(-)
diff --git a/fs/gfs2/glock.c b/fs/gfs2/glock.c
index d32964cd11176..e4f6d39500bcc 100644
--- a/fs/gfs2/glock.c
+++ b/fs/gfs2/glock.c
@@ -183,15 +183,19 @@ static int demote_ok(const struct gfs2_glock *gl)
void gfs2_glock_add_to_lru(struct gfs2_glock *gl)
{
+ if (!(gl->gl_ops->go_flags & GLOF_LRU))
+ return;
+
spin_lock(&lru_lock);
- if (!list_empty(&gl->gl_lru))
- list_del_init(&gl->gl_lru);
- else
+ list_del(&gl->gl_lru);
+ list_add_tail(&gl->gl_lru, &lru_list);
+
+ if (!test_bit(GLF_LRU, &gl->gl_flags)) {
+ set_bit(GLF_LRU, &gl->gl_flags);
atomic_inc(&lru_count);
+ }
- list_add_tail(&gl->gl_lru, &lru_list);
- set_bit(GLF_LRU, &gl->gl_flags);
spin_unlock(&lru_lock);
}
@@ -201,7 +205,7 @@ static void gfs2_glock_remove_from_lru(struct gfs2_glock *gl)
return;
spin_lock(&lru_lock);
- if (!list_empty(&gl->gl_lru)) {
+ if (test_bit(GLF_LRU, &gl->gl_flags)) {
list_del_init(&gl->gl_lru);
atomic_dec(&lru_count);
clear_bit(GLF_LRU, &gl->gl_flags);
@@ -1159,8 +1163,7 @@ void gfs2_glock_dq(struct gfs2_holder *gh)
!test_bit(GLF_DEMOTE, &gl->gl_flags))
fast_path = 1;
}
- if (!test_bit(GLF_LFLUSH, &gl->gl_flags) && demote_ok(gl) &&
- (glops->go_flags & GLOF_LRU))
+ if (!test_bit(GLF_LFLUSH, &gl->gl_flags) && demote_ok(gl))
gfs2_glock_add_to_lru(gl);
trace_gfs2_glock_queue(gh, 0);
@@ -1456,6 +1459,7 @@ __acquires(&lru_lock)
if (!spin_trylock(&gl->gl_lockref.lock)) {
add_back_to_lru:
list_add(&gl->gl_lru, &lru_list);
+ set_bit(GLF_LRU, &gl->gl_flags);
atomic_inc(&lru_count);
continue;
}
@@ -1463,7 +1467,6 @@ __acquires(&lru_lock)
spin_unlock(&gl->gl_lockref.lock);
goto add_back_to_lru;
}
- clear_bit(GLF_LRU, &gl->gl_flags);
gl->gl_lockref.count++;
if (demote_ok(gl))
handle_callback(gl, LM_ST_UNLOCKED, 0, false);
@@ -1498,6 +1501,7 @@ static long gfs2_scan_glock_lru(int nr)
if (!test_bit(GLF_LOCK, &gl->gl_flags)) {
list_move(&gl->gl_lru, &dispose);
atomic_dec(&lru_count);
+ clear_bit(GLF_LRU, &gl->gl_flags);
freed++;
continue;
}
--
2.20.1
^ permalink raw reply related [flat|nested] 429+ messages in thread
* [PATCH 5.1 046/405] cxgb4: Fix error path in cxgb4_init_module
2019-05-30 2:59 [PATCH 5.1 000/405] 5.1.6-stable review Greg Kroah-Hartman
` (44 preceding siblings ...)
2019-05-30 3:00 ` [PATCH 5.1 045/405] gfs2: Fix lru_count going negative Greg Kroah-Hartman
@ 2019-05-30 3:00 ` Greg Kroah-Hartman
2019-05-30 3:00 ` [PATCH 5.1 047/405] afs: Fix getting the afs.fid xattr Greg Kroah-Hartman
` (363 subsequent siblings)
409 siblings, 0 replies; 429+ messages in thread
From: Greg Kroah-Hartman @ 2019-05-30 3:00 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, YueHaibing, David S. Miller, Sasha Levin
[ Upstream commit a3147770bea76c8dbad73eca3a24c2118da5e719 ]
BUG: unable to handle kernel paging request at ffffffffa016a270
PGD 3270067 P4D 3270067 PUD 3271063 PMD 230bbd067 PTE 0
Oops: 0000 [#1
CPU: 0 PID: 6134 Comm: modprobe Not tainted 5.1.0+ #33
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.9.3-0-ge2fc41e-prebuilt.qemu-project.org 04/01/2014
RIP: 0010:atomic_notifier_chain_register+0x24/0x60
Code: 1f 80 00 00 00 00 55 48 89 e5 41 54 49 89 f4 53 48 89 fb e8 ae b4 38 01 48 8b 53 38 48 8d 4b 38 48 85 d2 74 20 45 8b 44 24 10 <44> 3b 42 10 7e 08 eb 13 44 39 42 10 7c 0d 48 8d 4a 08 48 8b 52 08
RSP: 0018:ffffc90000e2bc60 EFLAGS: 00010086
RAX: 0000000000000292 RBX: ffffffff83467240 RCX: ffffffff83467278
RDX: ffffffffa016a260 RSI: ffffffff83752140 RDI: ffffffff83467240
RBP: ffffc90000e2bc70 R08: 0000000000000000 R09: 0000000000000001
R10: 0000000000000000 R11: 00000000014fa61f R12: ffffffffa01c8260
R13: ffff888231091e00 R14: 0000000000000000 R15: ffffc90000e2be78
FS: 00007fbd8d7cd540(0000) GS:ffff888237a00000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: ffffffffa016a270 CR3: 000000022c7e3000 CR4: 00000000000006f0
Call Trace:
register_inet6addr_notifier+0x13/0x20
cxgb4_init_module+0x6c/0x1000 [cxgb4
? 0xffffffffa01d7000
do_one_initcall+0x6c/0x3cc
? do_init_module+0x22/0x1f1
? rcu_read_lock_sched_held+0x97/0xb0
? kmem_cache_alloc_trace+0x325/0x3b0
do_init_module+0x5b/0x1f1
load_module+0x1db1/0x2690
? m_show+0x1d0/0x1d0
__do_sys_finit_module+0xc5/0xd0
__x64_sys_finit_module+0x15/0x20
do_syscall_64+0x6b/0x1d0
entry_SYSCALL_64_after_hwframe+0x49/0xbe
If pci_register_driver fails, register inet6addr_notifier is
pointless. This patch fix the error path in cxgb4_init_module.
Fixes: b5a02f503caa ("cxgb4 : Update ipv6 address handling api")
Signed-off-by: YueHaibing <yuehaibing@huawei.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/ethernet/chelsio/cxgb4/cxgb4_main.c | 15 ++++++++++++---
1 file changed, 12 insertions(+), 3 deletions(-)
diff --git a/drivers/net/ethernet/chelsio/cxgb4/cxgb4_main.c b/drivers/net/ethernet/chelsio/cxgb4/cxgb4_main.c
index 89179e3166878..4bc0c357cb8ea 100644
--- a/drivers/net/ethernet/chelsio/cxgb4/cxgb4_main.c
+++ b/drivers/net/ethernet/chelsio/cxgb4/cxgb4_main.c
@@ -6161,15 +6161,24 @@ static int __init cxgb4_init_module(void)
ret = pci_register_driver(&cxgb4_driver);
if (ret < 0)
- debugfs_remove(cxgb4_debugfs_root);
+ goto err_pci;
#if IS_ENABLED(CONFIG_IPV6)
if (!inet6addr_registered) {
- register_inet6addr_notifier(&cxgb4_inet6addr_notifier);
- inet6addr_registered = true;
+ ret = register_inet6addr_notifier(&cxgb4_inet6addr_notifier);
+ if (ret)
+ pci_unregister_driver(&cxgb4_driver);
+ else
+ inet6addr_registered = true;
}
#endif
+ if (ret == 0)
+ return ret;
+
+err_pci:
+ debugfs_remove(cxgb4_debugfs_root);
+
return ret;
}
--
2.20.1
^ permalink raw reply related [flat|nested] 429+ messages in thread
* [PATCH 5.1 047/405] afs: Fix getting the afs.fid xattr
2019-05-30 2:59 [PATCH 5.1 000/405] 5.1.6-stable review Greg Kroah-Hartman
` (45 preceding siblings ...)
2019-05-30 3:00 ` [PATCH 5.1 046/405] cxgb4: Fix error path in cxgb4_init_module Greg Kroah-Hartman
@ 2019-05-30 3:00 ` Greg Kroah-Hartman
2019-05-30 3:00 ` [PATCH 5.1 048/405] NFS: make nfs_match_client killable Greg Kroah-Hartman
` (362 subsequent siblings)
409 siblings, 0 replies; 429+ messages in thread
From: Greg Kroah-Hartman @ 2019-05-30 3:00 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, David Howells, Sasha Levin
[ Upstream commit a2f611a3dc317d8ea1c98ad6c54b911cf7f93193 ]
The AFS3 FID is three 32-bit unsigned numbers and is represented as three
up-to-8-hex-digit numbers separated by colons to the afs.fid xattr.
However, with the advent of support for YFS, the FID is now a 64-bit volume
number, a 96-bit vnode/inode number and a 32-bit uniquifier (as before).
Whilst the sprintf in afs_xattr_get_fid() has been partially updated (it
currently ignores the upper 32 bits of the 96-bit vnode number), the size
of the stack-based buffer has not been increased to match, thereby allowing
stack corruption to occur.
Fix this by increasing the buffer size appropriately and conditionally
including the upper part of the vnode number if it is non-zero. The latter
requires the lower part to be zero-padded if the upper part is non-zero.
Fixes: 3b6492df4153 ("afs: Increase to 64-bit volume ID and 96-bit vnode ID for YFS")
Signed-off-by: David Howells <dhowells@redhat.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
fs/afs/xattr.c | 15 ++++++++++++---
1 file changed, 12 insertions(+), 3 deletions(-)
diff --git a/fs/afs/xattr.c b/fs/afs/xattr.c
index a2cdf25573e24..706801c6c4c4c 100644
--- a/fs/afs/xattr.c
+++ b/fs/afs/xattr.c
@@ -69,11 +69,20 @@ static int afs_xattr_get_fid(const struct xattr_handler *handler,
void *buffer, size_t size)
{
struct afs_vnode *vnode = AFS_FS_I(inode);
- char text[8 + 1 + 8 + 1 + 8 + 1];
+ char text[16 + 1 + 24 + 1 + 8 + 1];
size_t len;
- len = sprintf(text, "%llx:%llx:%x",
- vnode->fid.vid, vnode->fid.vnode, vnode->fid.unique);
+ /* The volume ID is 64-bit, the vnode ID is 96-bit and the
+ * uniquifier is 32-bit.
+ */
+ len = sprintf(text, "%llx:", vnode->fid.vid);
+ if (vnode->fid.vnode_hi)
+ len += sprintf(text + len, "%x%016llx",
+ vnode->fid.vnode_hi, vnode->fid.vnode);
+ else
+ len += sprintf(text + len, "%llx", vnode->fid.vnode);
+ len += sprintf(text + len, ":%x", vnode->fid.unique);
+
if (size == 0)
return len;
if (len > size)
--
2.20.1
^ permalink raw reply related [flat|nested] 429+ messages in thread
* [PATCH 5.1 048/405] NFS: make nfs_match_client killable
2019-05-30 2:59 [PATCH 5.1 000/405] 5.1.6-stable review Greg Kroah-Hartman
` (46 preceding siblings ...)
2019-05-30 3:00 ` [PATCH 5.1 047/405] afs: Fix getting the afs.fid xattr Greg Kroah-Hartman
@ 2019-05-30 3:00 ` Greg Kroah-Hartman
2019-05-30 3:00 ` [PATCH 5.1 049/405] gfs2: fix race between gfs2_freeze_func and unmount Greg Kroah-Hartman
` (361 subsequent siblings)
409 siblings, 0 replies; 429+ messages in thread
From: Greg Kroah-Hartman @ 2019-05-30 3:00 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Roberto Bergantinos Corpas,
Benjamin Coddington, Anna Schumaker, Sasha Levin
[ Upstream commit 950a578c6128c2886e295b9c7ecb0b6b22fcc92b ]
Actually we don't do anything with return value from
nfs_wait_client_init_complete in nfs_match_client, as a
consequence if we get a fatal signal and client is not
fully initialised, we'll loop to "again" label
This has been proven to cause soft lockups on some scenarios
(no-carrier but configured network interfaces)
Signed-off-by: Roberto Bergantinos Corpas <rbergant@redhat.com>
Reviewed-by: Benjamin Coddington <bcodding@redhat.com>
Signed-off-by: Anna Schumaker <Anna.Schumaker@Netapp.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
fs/nfs/client.c | 7 ++++++-
1 file changed, 6 insertions(+), 1 deletion(-)
diff --git a/fs/nfs/client.c b/fs/nfs/client.c
index 90d71fda65cec..350cfa561e0e8 100644
--- a/fs/nfs/client.c
+++ b/fs/nfs/client.c
@@ -284,6 +284,7 @@ static struct nfs_client *nfs_match_client(const struct nfs_client_initdata *dat
struct nfs_client *clp;
const struct sockaddr *sap = data->addr;
struct nfs_net *nn = net_generic(data->net, nfs_net_id);
+ int error;
again:
list_for_each_entry(clp, &nn->nfs_client_list, cl_share_link) {
@@ -296,8 +297,10 @@ static struct nfs_client *nfs_match_client(const struct nfs_client_initdata *dat
if (clp->cl_cons_state > NFS_CS_READY) {
refcount_inc(&clp->cl_count);
spin_unlock(&nn->nfs_client_lock);
- nfs_wait_client_init_complete(clp);
+ error = nfs_wait_client_init_complete(clp);
nfs_put_client(clp);
+ if (error < 0)
+ return ERR_PTR(error);
spin_lock(&nn->nfs_client_lock);
goto again;
}
@@ -407,6 +410,8 @@ struct nfs_client *nfs_get_client(const struct nfs_client_initdata *cl_init)
clp = nfs_match_client(cl_init);
if (clp) {
spin_unlock(&nn->nfs_client_lock);
+ if (IS_ERR(clp))
+ return clp;
if (new)
new->rpc_ops->free_client(new);
return nfs_found_client(cl_init, clp);
--
2.20.1
^ permalink raw reply related [flat|nested] 429+ messages in thread
* [PATCH 5.1 049/405] gfs2: fix race between gfs2_freeze_func and unmount
2019-05-30 2:59 [PATCH 5.1 000/405] 5.1.6-stable review Greg Kroah-Hartman
` (47 preceding siblings ...)
2019-05-30 3:00 ` [PATCH 5.1 048/405] NFS: make nfs_match_client killable Greg Kroah-Hartman
@ 2019-05-30 3:00 ` Greg Kroah-Hartman
2019-05-30 3:00 ` [PATCH 5.1 050/405] io_uring: use cpu_online() to check p->sq_thread_cpu instead of cpu_possible() Greg Kroah-Hartman
` (360 subsequent siblings)
409 siblings, 0 replies; 429+ messages in thread
From: Greg Kroah-Hartman @ 2019-05-30 3:00 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Abhi Das, Andreas Gruenbacher, Sasha Levin
[ Upstream commit 8f91821990fd6f170a5dca79697a441181a41b16 ]
As part of the freeze operation, gfs2_freeze_func() is left blocking
on a request to hold the sd_freeze_gl in SH. This glock is held in EX
by the gfs2_freeze() code.
A subsequent call to gfs2_unfreeze() releases the EXclusively held
sd_freeze_gl, which allows gfs2_freeze_func() to acquire it in SH and
resume its operation.
gfs2_unfreeze(), however, doesn't wait for gfs2_freeze_func() to complete.
If a umount is issued right after unfreeze, it could result in an
inconsistent filesystem because some journal data (statfs update) isn't
written out.
Refer to commit 24972557b12c for a more detailed explanation of how
freeze/unfreeze work.
This patch causes gfs2_unfreeze() to wait for gfs2_freeze_func() to
complete before returning to the user.
Signed-off-by: Abhi Das <adas@redhat.com>
Signed-off-by: Andreas Gruenbacher <agruenba@redhat.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
fs/gfs2/incore.h | 1 +
fs/gfs2/super.c | 8 +++++---
2 files changed, 6 insertions(+), 3 deletions(-)
diff --git a/fs/gfs2/incore.h b/fs/gfs2/incore.h
index cdf07b408f54c..539e8dc5a3f6c 100644
--- a/fs/gfs2/incore.h
+++ b/fs/gfs2/incore.h
@@ -621,6 +621,7 @@ enum {
SDF_SKIP_DLM_UNLOCK = 8,
SDF_FORCE_AIL_FLUSH = 9,
SDF_AIL1_IO_ERROR = 10,
+ SDF_FS_FROZEN = 11,
};
enum gfs2_freeze_state {
diff --git a/fs/gfs2/super.c b/fs/gfs2/super.c
index ca71163ff7cfd..360206704a14c 100644
--- a/fs/gfs2/super.c
+++ b/fs/gfs2/super.c
@@ -973,8 +973,7 @@ void gfs2_freeze_func(struct work_struct *work)
if (error) {
printk(KERN_INFO "GFS2: couldn't get freeze lock : %d\n", error);
gfs2_assert_withdraw(sdp, 0);
- }
- else {
+ } else {
atomic_set(&sdp->sd_freeze_state, SFS_UNFROZEN);
error = thaw_super(sb);
if (error) {
@@ -987,6 +986,8 @@ void gfs2_freeze_func(struct work_struct *work)
gfs2_glock_dq_uninit(&freeze_gh);
}
deactivate_super(sb);
+ clear_bit_unlock(SDF_FS_FROZEN, &sdp->sd_flags);
+ wake_up_bit(&sdp->sd_flags, SDF_FS_FROZEN);
return;
}
@@ -1029,6 +1030,7 @@ static int gfs2_freeze(struct super_block *sb)
msleep(1000);
}
error = 0;
+ set_bit(SDF_FS_FROZEN, &sdp->sd_flags);
out:
mutex_unlock(&sdp->sd_freeze_mutex);
return error;
@@ -1053,7 +1055,7 @@ static int gfs2_unfreeze(struct super_block *sb)
gfs2_glock_dq_uninit(&sdp->sd_freeze_gh);
mutex_unlock(&sdp->sd_freeze_mutex);
- return 0;
+ return wait_on_bit(&sdp->sd_flags, SDF_FS_FROZEN, TASK_INTERRUPTIBLE);
}
/**
--
2.20.1
^ permalink raw reply related [flat|nested] 429+ messages in thread
* [PATCH 5.1 050/405] io_uring: use cpu_online() to check p->sq_thread_cpu instead of cpu_possible()
2019-05-30 2:59 [PATCH 5.1 000/405] 5.1.6-stable review Greg Kroah-Hartman
` (48 preceding siblings ...)
2019-05-30 3:00 ` [PATCH 5.1 049/405] gfs2: fix race between gfs2_freeze_func and unmount Greg Kroah-Hartman
@ 2019-05-30 3:00 ` Greg Kroah-Hartman
2019-05-30 3:00 ` [PATCH 5.1 051/405] IB/hfi1: Fix WQ_MEM_RECLAIM warning Greg Kroah-Hartman
` (359 subsequent siblings)
409 siblings, 0 replies; 429+ messages in thread
From: Greg Kroah-Hartman @ 2019-05-30 3:00 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Jeff Moyer, Shenghui Wang,
Jens Axboe, Sasha Levin
[ Upstream commit 7889f44dd9cee15aff1c3f7daf81ca4dfed48fc7 ]
This issue is found by running liburing/test/io_uring_setup test.
When test run, the testcase "attempt to bind to invalid cpu" would not
pass with messages like:
io_uring_setup(1, 0xbfc2f7c8), \
flags: IORING_SETUP_SQPOLL|IORING_SETUP_SQ_AFF, \
resv: 0x00000000 0x00000000 0x00000000 0x00000000 0x00000000, \
sq_thread_cpu: 2
expected -1, got 3
FAIL
On my system, there is:
CPU(s) possible : 0-3
CPU(s) online : 0-1
CPU(s) offline : 2-3
CPU(s) present : 0-1
The sq_thread_cpu 2 is offline on my system, so the bind should fail.
But cpu_possible() will pass the check. We shouldn't be able to bind
to an offline cpu. Use cpu_online() to do the check.
After the change, the testcase run as expected: EINVAL will be returned
for cpu offlined.
Reviewed-by: Jeff Moyer <jmoyer@redhat.com>
Signed-off-by: Shenghui Wang <shhuiw@foxmail.com>
Signed-off-by: Jens Axboe <axboe@kernel.dk>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
fs/io_uring.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/fs/io_uring.c b/fs/io_uring.c
index 84efb8956734f..30a5687a17b65 100644
--- a/fs/io_uring.c
+++ b/fs/io_uring.c
@@ -2334,7 +2334,7 @@ static int io_sq_offload_start(struct io_ring_ctx *ctx,
nr_cpu_ids);
ret = -EINVAL;
- if (!cpu_possible(cpu))
+ if (!cpu_online(cpu))
goto err;
ctx->sqo_thread = kthread_create_on_cpu(io_sq_thread,
--
2.20.1
^ permalink raw reply related [flat|nested] 429+ messages in thread
* [PATCH 5.1 051/405] IB/hfi1: Fix WQ_MEM_RECLAIM warning
2019-05-30 2:59 [PATCH 5.1 000/405] 5.1.6-stable review Greg Kroah-Hartman
` (49 preceding siblings ...)
2019-05-30 3:00 ` [PATCH 5.1 050/405] io_uring: use cpu_online() to check p->sq_thread_cpu instead of cpu_possible() Greg Kroah-Hartman
@ 2019-05-30 3:00 ` Greg Kroah-Hartman
2019-05-30 3:00 ` [PATCH 5.1 052/405] gfs2: Fix occasional glock use-after-free Greg Kroah-Hartman
` (358 subsequent siblings)
409 siblings, 0 replies; 429+ messages in thread
From: Greg Kroah-Hartman @ 2019-05-30 3:00 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Michael J. Ruhl, Mike Marciniszyn,
Dennis Dalessandro, Jason Gunthorpe, Sasha Levin
[ Upstream commit 4c4b1996b5db688e2dcb8242b0a3bf7b1e845e42 ]
The work_item cancels that occur when a QP is destroyed can elicit the
following trace:
workqueue: WQ_MEM_RECLAIM ipoib_wq:ipoib_cm_tx_reap [ib_ipoib] is flushing !WQ_MEM_RECLAIM hfi0_0:_hfi1_do_send [hfi1]
WARNING: CPU: 7 PID: 1403 at kernel/workqueue.c:2486 check_flush_dependency+0xb1/0x100
Call Trace:
__flush_work.isra.29+0x8c/0x1a0
? __switch_to_asm+0x40/0x70
__cancel_work_timer+0x103/0x190
? schedule+0x32/0x80
iowait_cancel_work+0x15/0x30 [hfi1]
rvt_reset_qp+0x1f8/0x3e0 [rdmavt]
rvt_destroy_qp+0x65/0x1f0 [rdmavt]
? _cond_resched+0x15/0x30
ib_destroy_qp+0xe9/0x230 [ib_core]
ipoib_cm_tx_reap+0x21c/0x560 [ib_ipoib]
process_one_work+0x171/0x370
worker_thread+0x49/0x3f0
kthread+0xf8/0x130
? max_active_store+0x80/0x80
? kthread_bind+0x10/0x10
ret_from_fork+0x35/0x40
Since QP destruction frees memory, hfi1_wq should have the WQ_MEM_RECLAIM.
The hfi1_wq does not allocate memory with GFP_KERNEL or otherwise become
entangled with memory reclaim, so this flag is appropriate.
Fixes: 0a226edd203f ("staging/rdma/hfi1: Use parallel workqueue for SDMA engines")
Reviewed-by: Michael J. Ruhl <michael.j.ruhl@intel.com>
Signed-off-by: Mike Marciniszyn <mike.marciniszyn@intel.com>
Signed-off-by: Dennis Dalessandro <dennis.dalessandro@intel.com>
Signed-off-by: Jason Gunthorpe <jgg@mellanox.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/infiniband/hw/hfi1/init.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/drivers/infiniband/hw/hfi1/init.c b/drivers/infiniband/hw/hfi1/init.c
index faaaac8fbc553..3af5eb10a5ffb 100644
--- a/drivers/infiniband/hw/hfi1/init.c
+++ b/drivers/infiniband/hw/hfi1/init.c
@@ -805,7 +805,8 @@ static int create_workqueues(struct hfi1_devdata *dd)
ppd->hfi1_wq =
alloc_workqueue(
"hfi%d_%d",
- WQ_SYSFS | WQ_HIGHPRI | WQ_CPU_INTENSIVE,
+ WQ_SYSFS | WQ_HIGHPRI | WQ_CPU_INTENSIVE |
+ WQ_MEM_RECLAIM,
HFI1_MAX_ACTIVE_WORKQUEUE_ENTRIES,
dd->unit, pidx);
if (!ppd->hfi1_wq)
--
2.20.1
^ permalink raw reply related [flat|nested] 429+ messages in thread
* [PATCH 5.1 052/405] gfs2: Fix occasional glock use-after-free
2019-05-30 2:59 [PATCH 5.1 000/405] 5.1.6-stable review Greg Kroah-Hartman
` (50 preceding siblings ...)
2019-05-30 3:00 ` [PATCH 5.1 051/405] IB/hfi1: Fix WQ_MEM_RECLAIM warning Greg Kroah-Hartman
@ 2019-05-30 3:00 ` Greg Kroah-Hartman
2019-05-30 3:00 ` [PATCH 5.1 053/405] mmc: core: Verify SD bus width Greg Kroah-Hartman
` (357 subsequent siblings)
409 siblings, 0 replies; 429+ messages in thread
From: Greg Kroah-Hartman @ 2019-05-30 3:00 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Ross Lagerwall, Andreas Gruenbacher,
Bob Peterson, Sasha Levin
[ Upstream commit 9287c6452d2b1f24ea8e84bd3cf6f3c6f267f712 ]
This patch has to do with the life cycle of glocks and buffers. When
gfs2 metadata or journaled data is queued to be written, a gfs2_bufdata
object is assigned to track the buffer, and that is queued to various
lists, including the glock's gl_ail_list to indicate it's on the active
items list. Once the page associated with the buffer has been written,
it is removed from the ail list, but its life isn't over until a revoke
has been successfully written.
So after the block is written, its bufdata object is moved from the
glock's gl_ail_list to a file-system-wide list of pending revokes,
sd_log_le_revoke. At that point the glock still needs to track how many
revokes it contributed to that list (in gl_revokes) so that things like
glock go_sync can ensure all the metadata has been not only written, but
also revoked before the glock is granted to a different node. This is
to guarantee journal replay doesn't replay the block once the glock has
been granted to another node.
Ross Lagerwall recently discovered a race in which an inode could be
evicted, and its glock freed after its ail list had been synced, but
while it still had unwritten revokes on the sd_log_le_revoke list. The
evict decremented the glock reference count to zero, which allowed the
glock to be freed. After the revoke was written, function
revoke_lo_after_commit tried to adjust the glock's gl_revokes counter
and clear its GLF_LFLUSH flag, at which time it referenced the freed
glock.
This patch fixes the problem by incrementing the glock reference count
in gfs2_add_revoke when the glock's first bufdata object is moved from
the glock to the global revokes list. Later, when the glock's last such
bufdata object is freed, the reference count is decremented. This
guarantees that whichever process finishes last (the revoke writing or
the evict) will properly free the glock, and neither will reference the
glock after it has been freed.
Reported-by: Ross Lagerwall <ross.lagerwall@citrix.com>
Signed-off-by: Andreas Gruenbacher <agruenba@redhat.com>
Signed-off-by: Bob Peterson <rpeterso@redhat.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
fs/gfs2/glock.c | 1 +
fs/gfs2/log.c | 3 ++-
fs/gfs2/lops.c | 6 ++++--
3 files changed, 7 insertions(+), 3 deletions(-)
diff --git a/fs/gfs2/glock.c b/fs/gfs2/glock.c
index e4f6d39500bcc..71c28ff98b564 100644
--- a/fs/gfs2/glock.c
+++ b/fs/gfs2/glock.c
@@ -140,6 +140,7 @@ void gfs2_glock_free(struct gfs2_glock *gl)
{
struct gfs2_sbd *sdp = gl->gl_name.ln_sbd;
+ BUG_ON(atomic_read(&gl->gl_revokes));
rhashtable_remove_fast(&gl_hash_table, &gl->gl_node, ht_parms);
smp_mb();
wake_up_glock(gl);
diff --git a/fs/gfs2/log.c b/fs/gfs2/log.c
index b8830fda51e8f..0e04f87a7dddb 100644
--- a/fs/gfs2/log.c
+++ b/fs/gfs2/log.c
@@ -606,7 +606,8 @@ void gfs2_add_revoke(struct gfs2_sbd *sdp, struct gfs2_bufdata *bd)
gfs2_remove_from_ail(bd); /* drops ref on bh */
bd->bd_bh = NULL;
sdp->sd_log_num_revoke++;
- atomic_inc(&gl->gl_revokes);
+ if (atomic_inc_return(&gl->gl_revokes) == 1)
+ gfs2_glock_hold(gl);
set_bit(GLF_LFLUSH, &gl->gl_flags);
list_add(&bd->bd_list, &sdp->sd_log_le_revoke);
}
diff --git a/fs/gfs2/lops.c b/fs/gfs2/lops.c
index 8722c60b11feb..4b280611246df 100644
--- a/fs/gfs2/lops.c
+++ b/fs/gfs2/lops.c
@@ -669,8 +669,10 @@ static void revoke_lo_after_commit(struct gfs2_sbd *sdp, struct gfs2_trans *tr)
bd = list_entry(head->next, struct gfs2_bufdata, bd_list);
list_del_init(&bd->bd_list);
gl = bd->bd_gl;
- atomic_dec(&gl->gl_revokes);
- clear_bit(GLF_LFLUSH, &gl->gl_flags);
+ if (atomic_dec_return(&gl->gl_revokes) == 0) {
+ clear_bit(GLF_LFLUSH, &gl->gl_flags);
+ gfs2_glock_queue_put(gl);
+ }
kmem_cache_free(gfs2_bufdata_cachep, bd);
}
}
--
2.20.1
^ permalink raw reply related [flat|nested] 429+ messages in thread
* [PATCH 5.1 053/405] mmc: core: Verify SD bus width
2019-05-30 2:59 [PATCH 5.1 000/405] 5.1.6-stable review Greg Kroah-Hartman
` (51 preceding siblings ...)
2019-05-30 3:00 ` [PATCH 5.1 052/405] gfs2: Fix occasional glock use-after-free Greg Kroah-Hartman
@ 2019-05-30 3:00 ` Greg Kroah-Hartman
2019-05-30 3:00 ` [PATCH 5.1 054/405] tools/bpf: fix perf build error with uClibc (seen on ARC) Greg Kroah-Hartman
` (356 subsequent siblings)
409 siblings, 0 replies; 429+ messages in thread
From: Greg Kroah-Hartman @ 2019-05-30 3:00 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Avri Altman, Raul E Rangel,
Ulf Hansson, Sasha Levin
[ Upstream commit 9e4be8d03f50d1b25c38e2b59e73b194c130df7d ]
The SD Physical Layer Spec says the following: Since the SD Memory Card
shall support at least the two bus modes 1-bit or 4-bit width, then any SD
Card shall set at least bits 0 and 2 (SD_BUS_WIDTH="0101").
This change verifies the card has specified a bus width.
AMD SDHC Device 7806 can get into a bad state after a card disconnect
where anything transferred via the DATA lines will always result in a
zero filled buffer. Currently the driver will continue without error if
the HC is in this condition. A block device will be created, but reading
from it will result in a zero buffer. This makes it seem like the SD
device has been erased, when in actuality the data is never getting
copied from the DATA lines to the data buffer.
SCR is the first command in the SD initialization sequence that uses the
DATA lines. By checking that the response was invalid, we can abort
mounting the card.
Reviewed-by: Avri Altman <avri.altman@wdc.com>
Signed-off-by: Raul E Rangel <rrangel@chromium.org>
Signed-off-by: Ulf Hansson <ulf.hansson@linaro.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/mmc/core/sd.c | 8 ++++++++
1 file changed, 8 insertions(+)
diff --git a/drivers/mmc/core/sd.c b/drivers/mmc/core/sd.c
index 265e1aeeb9d88..d3d32f9a2cb18 100644
--- a/drivers/mmc/core/sd.c
+++ b/drivers/mmc/core/sd.c
@@ -221,6 +221,14 @@ static int mmc_decode_scr(struct mmc_card *card)
if (scr->sda_spec3)
scr->cmds = UNSTUFF_BITS(resp, 32, 2);
+
+ /* SD Spec says: any SD Card shall set at least bits 0 and 2 */
+ if (!(scr->bus_widths & SD_SCR_BUS_WIDTH_1) ||
+ !(scr->bus_widths & SD_SCR_BUS_WIDTH_4)) {
+ pr_err("%s: invalid bus width\n", mmc_hostname(card->host));
+ return -EINVAL;
+ }
+
return 0;
}
--
2.20.1
^ permalink raw reply related [flat|nested] 429+ messages in thread
* [PATCH 5.1 054/405] tools/bpf: fix perf build error with uClibc (seen on ARC)
2019-05-30 2:59 [PATCH 5.1 000/405] 5.1.6-stable review Greg Kroah-Hartman
` (52 preceding siblings ...)
2019-05-30 3:00 ` [PATCH 5.1 053/405] mmc: core: Verify SD bus width Greg Kroah-Hartman
@ 2019-05-30 3:00 ` Greg Kroah-Hartman
2019-05-30 3:00 ` [PATCH 5.1 055/405] i40e: Fix of memory leak and integer truncation in i40e_virtchnl.c Greg Kroah-Hartman
` (355 subsequent siblings)
409 siblings, 0 replies; 429+ messages in thread
From: Greg Kroah-Hartman @ 2019-05-30 3:00 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Vineet Gupta, Yonghong Song,
Alexei Starovoitov, Sasha Levin
[ Upstream commit ca31ca8247e2d3807ff5fa1d1760616a2292001c ]
When build perf for ARC recently, there was a build failure due to lack
of __NR_bpf.
| Auto-detecting system features:
|
| ... get_cpuid: [ OFF ]
| ... bpf: [ on ]
|
| # error __NR_bpf not defined. libbpf does not support your arch.
^~~~~
| bpf.c: In function 'sys_bpf':
| bpf.c:66:17: error: '__NR_bpf' undeclared (first use in this function)
| return syscall(__NR_bpf, cmd, attr, size);
| ^~~~~~~~
| sys_bpf
Signed-off-by: Vineet Gupta <vgupta@synopsys.com>
Acked-by: Yonghong Song <yhs@fb.com>
Signed-off-by: Alexei Starovoitov <ast@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
tools/lib/bpf/bpf.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/tools/lib/bpf/bpf.c b/tools/lib/bpf/bpf.c
index 9cd015574e838..d82edadf75893 100644
--- a/tools/lib/bpf/bpf.c
+++ b/tools/lib/bpf/bpf.c
@@ -46,6 +46,8 @@
# define __NR_bpf 349
# elif defined(__s390__)
# define __NR_bpf 351
+# elif defined(__arc__)
+# define __NR_bpf 280
# else
# error __NR_bpf not defined. libbpf does not support your arch.
# endif
--
2.20.1
^ permalink raw reply related [flat|nested] 429+ messages in thread
* [PATCH 5.1 055/405] i40e: Fix of memory leak and integer truncation in i40e_virtchnl.c
2019-05-30 2:59 [PATCH 5.1 000/405] 5.1.6-stable review Greg Kroah-Hartman
` (53 preceding siblings ...)
2019-05-30 3:00 ` [PATCH 5.1 054/405] tools/bpf: fix perf build error with uClibc (seen on ARC) Greg Kroah-Hartman
@ 2019-05-30 3:00 ` Greg Kroah-Hartman
2019-05-30 3:00 ` [PATCH 5.1 056/405] libbpf: fix invalid munmap call Greg Kroah-Hartman
` (354 subsequent siblings)
409 siblings, 0 replies; 429+ messages in thread
From: Greg Kroah-Hartman @ 2019-05-30 3:00 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Martyna Szapar, Jeff Kirsher, Sasha Levin
[ Upstream commit 24474f2709af6729b9b1da1c5e160ab62e25e3a4 ]
Fixed possible memory leak in i40e_vc_add_cloud_filter function:
cfilter is being allocated and in some error conditions
the function returns without freeing the memory.
Fix of integer truncation from u16 (type of queue_id value) to u8
when calling i40e_vc_isvalid_queue_id function.
Signed-off-by: Martyna Szapar <martyna.szapar@intel.com>
Signed-off-by: Jeff Kirsher <jeffrey.t.kirsher@intel.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
.../net/ethernet/intel/i40e/i40e_virtchnl_pf.c | 16 ++++++++++------
1 file changed, 10 insertions(+), 6 deletions(-)
diff --git a/drivers/net/ethernet/intel/i40e/i40e_virtchnl_pf.c b/drivers/net/ethernet/intel/i40e/i40e_virtchnl_pf.c
index 831d52bc3c9ae..0b5b867c9fbcb 100644
--- a/drivers/net/ethernet/intel/i40e/i40e_virtchnl_pf.c
+++ b/drivers/net/ethernet/intel/i40e/i40e_virtchnl_pf.c
@@ -181,7 +181,7 @@ static inline bool i40e_vc_isvalid_vsi_id(struct i40e_vf *vf, u16 vsi_id)
* check for the valid queue id
**/
static inline bool i40e_vc_isvalid_queue_id(struct i40e_vf *vf, u16 vsi_id,
- u8 qid)
+ u16 qid)
{
struct i40e_pf *pf = vf->pf;
struct i40e_vsi *vsi = i40e_find_vsi_from_id(pf, vsi_id);
@@ -3374,7 +3374,7 @@ static int i40e_vc_add_cloud_filter(struct i40e_vf *vf, u8 *msg)
if (!test_bit(I40E_VF_STATE_ACTIVE, &vf->vf_states)) {
aq_ret = I40E_ERR_PARAM;
- goto err;
+ goto err_out;
}
if (!vf->adq_enabled) {
@@ -3382,7 +3382,7 @@ static int i40e_vc_add_cloud_filter(struct i40e_vf *vf, u8 *msg)
"VF %d: ADq is not enabled, can't apply cloud filter\n",
vf->vf_id);
aq_ret = I40E_ERR_PARAM;
- goto err;
+ goto err_out;
}
if (i40e_validate_cloud_filter(vf, vcf)) {
@@ -3390,7 +3390,7 @@ static int i40e_vc_add_cloud_filter(struct i40e_vf *vf, u8 *msg)
"VF %d: Invalid input/s, can't apply cloud filter\n",
vf->vf_id);
aq_ret = I40E_ERR_PARAM;
- goto err;
+ goto err_out;
}
cfilter = kzalloc(sizeof(*cfilter), GFP_KERNEL);
@@ -3451,13 +3451,17 @@ static int i40e_vc_add_cloud_filter(struct i40e_vf *vf, u8 *msg)
"VF %d: Failed to add cloud filter, err %s aq_err %s\n",
vf->vf_id, i40e_stat_str(&pf->hw, ret),
i40e_aq_str(&pf->hw, pf->hw.aq.asq_last_status));
- goto err;
+ goto err_free;
}
INIT_HLIST_NODE(&cfilter->cloud_node);
hlist_add_head(&cfilter->cloud_node, &vf->cloud_filter_list);
+ /* release the pointer passing it to the collection */
+ cfilter = NULL;
vf->num_cloud_filters++;
-err:
+err_free:
+ kfree(cfilter);
+err_out:
return i40e_vc_send_resp_to_vf(vf, VIRTCHNL_OP_ADD_CLOUD_FILTER,
aq_ret);
}
--
2.20.1
^ permalink raw reply related [flat|nested] 429+ messages in thread
* [PATCH 5.1 056/405] libbpf: fix invalid munmap call
2019-05-30 2:59 [PATCH 5.1 000/405] 5.1.6-stable review Greg Kroah-Hartman
` (54 preceding siblings ...)
2019-05-30 3:00 ` [PATCH 5.1 055/405] i40e: Fix of memory leak and integer truncation in i40e_virtchnl.c Greg Kroah-Hartman
@ 2019-05-30 3:00 ` Greg Kroah-Hartman
2019-05-30 3:00 ` [PATCH 5.1 057/405] selftests/bpf: set RLIMIT_MEMLOCK properly for test_libbpf_open.c Greg Kroah-Hartman
` (353 subsequent siblings)
409 siblings, 0 replies; 429+ messages in thread
From: Greg Kroah-Hartman @ 2019-05-30 3:00 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, William Tu, Björn Töpel,
Alexei Starovoitov, Sasha Levin
[ Upstream commit 0e6741f092979535d159d5a851f12c88bfb7cb9a ]
When unmapping the AF_XDP memory regions used for the rings, an
invalid address was passed to the munmap() calls. Instead of passing
the beginning of the memory region, the descriptor region was passed
to munmap.
When the userspace application tried to tear down an AF_XDP socket,
the operation failed and the application would still have a reference
to socket it wished to get rid of.
Reported-by: William Tu <u9012063@gmail.com>
Fixes: 1cad07884239 ("libbpf: add support for using AF_XDP sockets")
Signed-off-by: Björn Töpel <bjorn.topel@intel.com>
Tested-by: William Tu <u9012063@gmail.com>
Signed-off-by: Alexei Starovoitov <ast@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
tools/lib/bpf/xsk.c | 77 +++++++++++++++++++++++----------------------
1 file changed, 40 insertions(+), 37 deletions(-)
diff --git a/tools/lib/bpf/xsk.c b/tools/lib/bpf/xsk.c
index 8d0078b65486f..af5f310ecca1c 100644
--- a/tools/lib/bpf/xsk.c
+++ b/tools/lib/bpf/xsk.c
@@ -248,8 +248,7 @@ int xsk_umem__create(struct xsk_umem **umem_ptr, void *umem_area, __u64 size,
return 0;
out_mmap:
- munmap(umem->fill,
- off.fr.desc + umem->config.fill_size * sizeof(__u64));
+ munmap(map, off.fr.desc + umem->config.fill_size * sizeof(__u64));
out_socket:
close(umem->fd);
out_umem_alloc:
@@ -523,11 +522,11 @@ int xsk_socket__create(struct xsk_socket **xsk_ptr, const char *ifname,
struct xsk_ring_cons *rx, struct xsk_ring_prod *tx,
const struct xsk_socket_config *usr_config)
{
+ void *rx_map = NULL, *tx_map = NULL;
struct sockaddr_xdp sxdp = {};
struct xdp_mmap_offsets off;
struct xsk_socket *xsk;
socklen_t optlen;
- void *map;
int err;
if (!umem || !xsk_ptr || !rx || !tx)
@@ -593,40 +592,40 @@ int xsk_socket__create(struct xsk_socket **xsk_ptr, const char *ifname,
}
if (rx) {
- map = xsk_mmap(NULL, off.rx.desc +
- xsk->config.rx_size * sizeof(struct xdp_desc),
- PROT_READ | PROT_WRITE,
- MAP_SHARED | MAP_POPULATE,
- xsk->fd, XDP_PGOFF_RX_RING);
- if (map == MAP_FAILED) {
+ rx_map = xsk_mmap(NULL, off.rx.desc +
+ xsk->config.rx_size * sizeof(struct xdp_desc),
+ PROT_READ | PROT_WRITE,
+ MAP_SHARED | MAP_POPULATE,
+ xsk->fd, XDP_PGOFF_RX_RING);
+ if (rx_map == MAP_FAILED) {
err = -errno;
goto out_socket;
}
rx->mask = xsk->config.rx_size - 1;
rx->size = xsk->config.rx_size;
- rx->producer = map + off.rx.producer;
- rx->consumer = map + off.rx.consumer;
- rx->ring = map + off.rx.desc;
+ rx->producer = rx_map + off.rx.producer;
+ rx->consumer = rx_map + off.rx.consumer;
+ rx->ring = rx_map + off.rx.desc;
}
xsk->rx = rx;
if (tx) {
- map = xsk_mmap(NULL, off.tx.desc +
- xsk->config.tx_size * sizeof(struct xdp_desc),
- PROT_READ | PROT_WRITE,
- MAP_SHARED | MAP_POPULATE,
- xsk->fd, XDP_PGOFF_TX_RING);
- if (map == MAP_FAILED) {
+ tx_map = xsk_mmap(NULL, off.tx.desc +
+ xsk->config.tx_size * sizeof(struct xdp_desc),
+ PROT_READ | PROT_WRITE,
+ MAP_SHARED | MAP_POPULATE,
+ xsk->fd, XDP_PGOFF_TX_RING);
+ if (tx_map == MAP_FAILED) {
err = -errno;
goto out_mmap_rx;
}
tx->mask = xsk->config.tx_size - 1;
tx->size = xsk->config.tx_size;
- tx->producer = map + off.tx.producer;
- tx->consumer = map + off.tx.consumer;
- tx->ring = map + off.tx.desc;
+ tx->producer = tx_map + off.tx.producer;
+ tx->consumer = tx_map + off.tx.consumer;
+ tx->ring = tx_map + off.tx.desc;
tx->cached_cons = xsk->config.tx_size;
}
xsk->tx = tx;
@@ -653,13 +652,11 @@ int xsk_socket__create(struct xsk_socket **xsk_ptr, const char *ifname,
out_mmap_tx:
if (tx)
- munmap(xsk->tx,
- off.tx.desc +
+ munmap(tx_map, off.tx.desc +
xsk->config.tx_size * sizeof(struct xdp_desc));
out_mmap_rx:
if (rx)
- munmap(xsk->rx,
- off.rx.desc +
+ munmap(rx_map, off.rx.desc +
xsk->config.rx_size * sizeof(struct xdp_desc));
out_socket:
if (--umem->refcount)
@@ -684,10 +681,12 @@ int xsk_umem__delete(struct xsk_umem *umem)
optlen = sizeof(off);
err = getsockopt(umem->fd, SOL_XDP, XDP_MMAP_OFFSETS, &off, &optlen);
if (!err) {
- munmap(umem->fill->ring,
- off.fr.desc + umem->config.fill_size * sizeof(__u64));
- munmap(umem->comp->ring,
- off.cr.desc + umem->config.comp_size * sizeof(__u64));
+ (void)munmap(umem->fill->ring - off.fr.desc,
+ off.fr.desc +
+ umem->config.fill_size * sizeof(__u64));
+ (void)munmap(umem->comp->ring - off.cr.desc,
+ off.cr.desc +
+ umem->config.comp_size * sizeof(__u64));
}
close(umem->fd);
@@ -698,6 +697,7 @@ int xsk_umem__delete(struct xsk_umem *umem)
void xsk_socket__delete(struct xsk_socket *xsk)
{
+ size_t desc_sz = sizeof(struct xdp_desc);
struct xdp_mmap_offsets off;
socklen_t optlen;
int err;
@@ -710,14 +710,17 @@ void xsk_socket__delete(struct xsk_socket *xsk)
optlen = sizeof(off);
err = getsockopt(xsk->fd, SOL_XDP, XDP_MMAP_OFFSETS, &off, &optlen);
if (!err) {
- if (xsk->rx)
- munmap(xsk->rx->ring,
- off.rx.desc +
- xsk->config.rx_size * sizeof(struct xdp_desc));
- if (xsk->tx)
- munmap(xsk->tx->ring,
- off.tx.desc +
- xsk->config.tx_size * sizeof(struct xdp_desc));
+ if (xsk->rx) {
+ (void)munmap(xsk->rx->ring - off.rx.desc,
+ off.rx.desc +
+ xsk->config.rx_size * desc_sz);
+ }
+ if (xsk->tx) {
+ (void)munmap(xsk->tx->ring - off.tx.desc,
+ off.tx.desc +
+ xsk->config.tx_size * desc_sz);
+ }
+
}
xsk->umem->refcount--;
--
2.20.1
^ permalink raw reply related [flat|nested] 429+ messages in thread
* [PATCH 5.1 057/405] selftests/bpf: set RLIMIT_MEMLOCK properly for test_libbpf_open.c
2019-05-30 2:59 [PATCH 5.1 000/405] 5.1.6-stable review Greg Kroah-Hartman
` (55 preceding siblings ...)
2019-05-30 3:00 ` [PATCH 5.1 056/405] libbpf: fix invalid munmap call Greg Kroah-Hartman
@ 2019-05-30 3:00 ` Greg Kroah-Hartman
2019-05-30 3:00 ` [PATCH 5.1 058/405] bpftool: exclude bash-completion/bpftool from .gitignore pattern Greg Kroah-Hartman
` (352 subsequent siblings)
409 siblings, 0 replies; 429+ messages in thread
From: Greg Kroah-Hartman @ 2019-05-30 3:00 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Yonghong Song, Alexei Starovoitov,
Sasha Levin
[ Upstream commit 6cea33701eb024bc6c920ab83940ee22afd29139 ]
Test test_libbpf.sh failed on my development server with failure
-bash-4.4$ sudo ./test_libbpf.sh
[0] libbpf: Error in bpf_object__probe_name():Operation not permitted(1).
Couldn't load basic 'r0 = 0' BPF program.
test_libbpf: failed at file test_l4lb.o
selftests: test_libbpf [FAILED]
-bash-4.4$
The reason is because my machine has 64KB locked memory by default which
is not enough for this program to get locked memory.
Similar to other bpf selftests, let us increase RLIMIT_MEMLOCK
to infinity, which fixed the issue.
Signed-off-by: Yonghong Song <yhs@fb.com>
Signed-off-by: Alexei Starovoitov <ast@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
tools/testing/selftests/bpf/test_libbpf_open.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/tools/testing/selftests/bpf/test_libbpf_open.c b/tools/testing/selftests/bpf/test_libbpf_open.c
index 65cbd30704b5a..9e9db202d218a 100644
--- a/tools/testing/selftests/bpf/test_libbpf_open.c
+++ b/tools/testing/selftests/bpf/test_libbpf_open.c
@@ -11,6 +11,8 @@ static const char *__doc__ =
#include <bpf/libbpf.h>
#include <getopt.h>
+#include "bpf_rlimit.h"
+
static const struct option long_options[] = {
{"help", no_argument, NULL, 'h' },
{"debug", no_argument, NULL, 'D' },
--
2.20.1
^ permalink raw reply related [flat|nested] 429+ messages in thread
* [PATCH 5.1 058/405] bpftool: exclude bash-completion/bpftool from .gitignore pattern
2019-05-30 2:59 [PATCH 5.1 000/405] 5.1.6-stable review Greg Kroah-Hartman
` (56 preceding siblings ...)
2019-05-30 3:00 ` [PATCH 5.1 057/405] selftests/bpf: set RLIMIT_MEMLOCK properly for test_libbpf_open.c Greg Kroah-Hartman
@ 2019-05-30 3:00 ` Greg Kroah-Hartman
2019-05-30 3:00 ` [PATCH 5.1 059/405] ice: Separate if conditions for ice_set_features() Greg Kroah-Hartman
` (351 subsequent siblings)
409 siblings, 0 replies; 429+ messages in thread
From: Greg Kroah-Hartman @ 2019-05-30 3:00 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Masahiro Yamada, Quentin Monnet,
Alexei Starovoitov, Sasha Levin
[ Upstream commit a7d006714724de4334c5e3548701b33f7b12ca96 ]
tools/bpf/bpftool/.gitignore has the "bpftool" pattern, which is
intended to ignore the following build artifact:
tools/bpf/bpftool/bpftool
However, the .gitignore entry is effective not only for the current
directory, but also for any sub-directories.
So, from the point of .gitignore grammar, the following check-in file
is also considered to be ignored:
tools/bpf/bpftool/bash-completion/bpftool
As the manual gitignore(5) says "Files already tracked by Git are not
affected", this is not a problem as far as Git is concerned.
However, Git is not the only program that parses .gitignore because
.gitignore is useful to distinguish build artifacts from source files.
For example, tar(1) supports the --exclude-vcs-ignore option. As of
writing, this option does not work perfectly, but it intends to create
a tarball excluding files specified by .gitignore.
So, I believe it is better to fix this issue.
You can fix it by prefixing the pattern with a slash; the leading slash
means the specified pattern is relative to the current directory.
Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com>
Reviewed-by: Quentin Monnet <quentin.monnet@netronome.com>
Signed-off-by: Alexei Starovoitov <ast@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
tools/bpf/bpftool/.gitignore | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/tools/bpf/bpftool/.gitignore b/tools/bpf/bpftool/.gitignore
index 67167e44b7266..8248b8dd89d4b 100644
--- a/tools/bpf/bpftool/.gitignore
+++ b/tools/bpf/bpftool/.gitignore
@@ -1,5 +1,5 @@
*.d
-bpftool
+/bpftool
bpftool*.8
bpf-helpers.*
FEATURE-DUMP.bpftool
--
2.20.1
^ permalink raw reply related [flat|nested] 429+ messages in thread
* [PATCH 5.1 059/405] ice: Separate if conditions for ice_set_features()
2019-05-30 2:59 [PATCH 5.1 000/405] 5.1.6-stable review Greg Kroah-Hartman
` (57 preceding siblings ...)
2019-05-30 3:00 ` [PATCH 5.1 058/405] bpftool: exclude bash-completion/bpftool from .gitignore pattern Greg Kroah-Hartman
@ 2019-05-30 3:00 ` Greg Kroah-Hartman
2019-05-30 3:00 ` [PATCH 5.1 060/405] ice: Preserve VLAN Rx stripping settings Greg Kroah-Hartman
` (350 subsequent siblings)
409 siblings, 0 replies; 429+ messages in thread
From: Greg Kroah-Hartman @ 2019-05-30 3:00 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Tony Nguyen, Anirudh Venkataramanan,
Andrew Bowers, Jeff Kirsher, Sasha Levin
[ Upstream commit 8f529ff912073f778e3cd74e87fb69a36499fc2f ]
Set features can have multiple features turned on|off in a single
call. Grouping these all in an if/else means after one condition
is met, other conditions/features will not be evaluated. Break
the if/else statements by feature to ensure all features will be
handled properly.
Signed-off-by: Tony Nguyen <anthony.l.nguyen@intel.com>
Signed-off-by: Anirudh Venkataramanan <anirudh.venkataramanan@intel.com>
Tested-by: Andrew Bowers <andrewx.bowers@intel.com>
Signed-off-by: Jeff Kirsher <jeffrey.t.kirsher@intel.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/ethernet/intel/ice/ice_main.c | 8 ++++++--
1 file changed, 6 insertions(+), 2 deletions(-)
diff --git a/drivers/net/ethernet/intel/ice/ice_main.c b/drivers/net/ethernet/intel/ice/ice_main.c
index 47cc3f905b7ff..ac30288720f71 100644
--- a/drivers/net/ethernet/intel/ice/ice_main.c
+++ b/drivers/net/ethernet/intel/ice/ice_main.c
@@ -2545,6 +2545,9 @@ static int ice_set_features(struct net_device *netdev,
struct ice_vsi *vsi = np->vsi;
int ret = 0;
+ /* Multiple features can be changed in one call so keep features in
+ * separate if/else statements to guarantee each feature is checked
+ */
if (features & NETIF_F_RXHASH && !(netdev->features & NETIF_F_RXHASH))
ret = ice_vsi_manage_rss_lut(vsi, true);
else if (!(features & NETIF_F_RXHASH) &&
@@ -2557,8 +2560,9 @@ static int ice_set_features(struct net_device *netdev,
else if (!(features & NETIF_F_HW_VLAN_CTAG_RX) &&
(netdev->features & NETIF_F_HW_VLAN_CTAG_RX))
ret = ice_vsi_manage_vlan_stripping(vsi, false);
- else if ((features & NETIF_F_HW_VLAN_CTAG_TX) &&
- !(netdev->features & NETIF_F_HW_VLAN_CTAG_TX))
+
+ if ((features & NETIF_F_HW_VLAN_CTAG_TX) &&
+ !(netdev->features & NETIF_F_HW_VLAN_CTAG_TX))
ret = ice_vsi_manage_vlan_insertion(vsi);
else if (!(features & NETIF_F_HW_VLAN_CTAG_TX) &&
(netdev->features & NETIF_F_HW_VLAN_CTAG_TX))
--
2.20.1
^ permalink raw reply related [flat|nested] 429+ messages in thread
* [PATCH 5.1 060/405] ice: Preserve VLAN Rx stripping settings
2019-05-30 2:59 [PATCH 5.1 000/405] 5.1.6-stable review Greg Kroah-Hartman
` (58 preceding siblings ...)
2019-05-30 3:00 ` [PATCH 5.1 059/405] ice: Separate if conditions for ice_set_features() Greg Kroah-Hartman
@ 2019-05-30 3:00 ` Greg Kroah-Hartman
2019-05-30 3:00 ` [PATCH 5.1 061/405] blk-mq: split blk_mq_alloc_and_init_hctx into two parts Greg Kroah-Hartman
` (349 subsequent siblings)
409 siblings, 0 replies; 429+ messages in thread
From: Greg Kroah-Hartman @ 2019-05-30 3:00 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Tony Nguyen, Anirudh Venkataramanan,
Andrew Bowers, Jeff Kirsher, Sasha Levin
[ Upstream commit e80e76db6c5bbc7a8f8512f3dc630a2170745b0b ]
When Tx insertion is set, we are not accounting for the state of Rx
stripping. This causes Rx stripping to be enabled any time Tx
insertion is changed, even when it's supposed to be disabled.
Signed-off-by: Tony Nguyen <anthony.l.nguyen@intel.com>
Signed-off-by: Anirudh Venkataramanan <anirudh.venkataramanan@intel.com>
Tested-by: Andrew Bowers <andrewx.bowers@intel.com>
Signed-off-by: Jeff Kirsher <jeffrey.t.kirsher@intel.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/ethernet/intel/ice/ice_lib.c | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/drivers/net/ethernet/intel/ice/ice_lib.c b/drivers/net/ethernet/intel/ice/ice_lib.c
index fa61203bee269..b710545cf7d1a 100644
--- a/drivers/net/ethernet/intel/ice/ice_lib.c
+++ b/drivers/net/ethernet/intel/ice/ice_lib.c
@@ -1848,6 +1848,10 @@ int ice_vsi_manage_vlan_insertion(struct ice_vsi *vsi)
*/
ctxt->info.vlan_flags = ICE_AQ_VSI_VLAN_MODE_ALL;
+ /* Preserve existing VLAN strip setting */
+ ctxt->info.vlan_flags |= (vsi->info.vlan_flags &
+ ICE_AQ_VSI_VLAN_EMOD_M);
+
ctxt->info.valid_sections = cpu_to_le16(ICE_AQ_VSI_PROP_VLAN_VALID);
status = ice_update_vsi(hw, vsi->idx, ctxt, NULL);
--
2.20.1
^ permalink raw reply related [flat|nested] 429+ messages in thread
* [PATCH 5.1 061/405] blk-mq: split blk_mq_alloc_and_init_hctx into two parts
2019-05-30 2:59 [PATCH 5.1 000/405] 5.1.6-stable review Greg Kroah-Hartman
` (59 preceding siblings ...)
2019-05-30 3:00 ` [PATCH 5.1 060/405] ice: Preserve VLAN Rx stripping settings Greg Kroah-Hartman
@ 2019-05-30 3:00 ` Greg Kroah-Hartman
2019-05-30 3:01 ` [PATCH 5.1 062/405] blk-mq: grab .q_usage_counter when queuing request from plug code path Greg Kroah-Hartman
` (348 subsequent siblings)
409 siblings, 0 replies; 429+ messages in thread
From: Greg Kroah-Hartman @ 2019-05-30 3:00 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Dongli Zhang, James Smart,
Bart Van Assche, linux-scsi, Martin K . Petersen,
Christoph Hellwig, James E . J . Bottomley, Hannes Reinecke,
Ming Lei, Jens Axboe, Sasha Levin
[ Upstream commit 7c6c5b7c9186e3fb5b10afb8e5f710ae661144c6 ]
Split blk_mq_alloc_and_init_hctx into two parts, and one is
blk_mq_alloc_hctx() for allocating all hctx resources, another
is blk_mq_init_hctx() for initializing hctx, which serves as
counter-part of blk_mq_exit_hctx().
Cc: Dongli Zhang <dongli.zhang@oracle.com>
Cc: James Smart <james.smart@broadcom.com>
Cc: Bart Van Assche <bart.vanassche@wdc.com>
Cc: linux-scsi@vger.kernel.org
Cc: Martin K . Petersen <martin.petersen@oracle.com>
Cc: Christoph Hellwig <hch@lst.de>
Cc: James E . J . Bottomley <jejb@linux.vnet.ibm.com>
Reviewed-by: Hannes Reinecke <hare@suse.com>
Reviewed-by: Christoph Hellwig <hch@lst.de>
Tested-by: James Smart <james.smart@broadcom.com>
Signed-off-by: Ming Lei <ming.lei@redhat.com>
Signed-off-by: Jens Axboe <axboe@kernel.dk>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
block/blk-mq.c | 139 ++++++++++++++++++++++++++-----------------------
1 file changed, 75 insertions(+), 64 deletions(-)
diff --git a/block/blk-mq.c b/block/blk-mq.c
index b0e5e67e20a28..8a41cc5974fe1 100644
--- a/block/blk-mq.c
+++ b/block/blk-mq.c
@@ -2284,15 +2284,65 @@ static void blk_mq_exit_hw_queues(struct request_queue *q,
}
}
+static int blk_mq_hw_ctx_size(struct blk_mq_tag_set *tag_set)
+{
+ int hw_ctx_size = sizeof(struct blk_mq_hw_ctx);
+
+ BUILD_BUG_ON(ALIGN(offsetof(struct blk_mq_hw_ctx, srcu),
+ __alignof__(struct blk_mq_hw_ctx)) !=
+ sizeof(struct blk_mq_hw_ctx));
+
+ if (tag_set->flags & BLK_MQ_F_BLOCKING)
+ hw_ctx_size += sizeof(struct srcu_struct);
+
+ return hw_ctx_size;
+}
+
static int blk_mq_init_hctx(struct request_queue *q,
struct blk_mq_tag_set *set,
struct blk_mq_hw_ctx *hctx, unsigned hctx_idx)
{
- int node;
+ hctx->queue_num = hctx_idx;
+
+ cpuhp_state_add_instance_nocalls(CPUHP_BLK_MQ_DEAD, &hctx->cpuhp_dead);
+
+ hctx->tags = set->tags[hctx_idx];
+
+ if (set->ops->init_hctx &&
+ set->ops->init_hctx(hctx, set->driver_data, hctx_idx))
+ goto unregister_cpu_notifier;
- node = hctx->numa_node;
+ if (blk_mq_init_request(set, hctx->fq->flush_rq, hctx_idx,
+ hctx->numa_node))
+ goto exit_hctx;
+ return 0;
+
+ exit_hctx:
+ if (set->ops->exit_hctx)
+ set->ops->exit_hctx(hctx, hctx_idx);
+ unregister_cpu_notifier:
+ blk_mq_remove_cpuhp(hctx);
+ return -1;
+}
+
+static struct blk_mq_hw_ctx *
+blk_mq_alloc_hctx(struct request_queue *q, struct blk_mq_tag_set *set,
+ int node)
+{
+ struct blk_mq_hw_ctx *hctx;
+ gfp_t gfp = GFP_NOIO | __GFP_NOWARN | __GFP_NORETRY;
+
+ hctx = kzalloc_node(blk_mq_hw_ctx_size(set), gfp, node);
+ if (!hctx)
+ goto fail_alloc_hctx;
+
+ if (!zalloc_cpumask_var_node(&hctx->cpumask, gfp, node))
+ goto free_hctx;
+
+ atomic_set(&hctx->nr_active, 0);
if (node == NUMA_NO_NODE)
- node = hctx->numa_node = set->numa_node;
+ node = set->numa_node;
+ hctx->numa_node = node;
INIT_DELAYED_WORK(&hctx->run_work, blk_mq_run_work_fn);
spin_lock_init(&hctx->lock);
@@ -2300,58 +2350,45 @@ static int blk_mq_init_hctx(struct request_queue *q,
hctx->queue = q;
hctx->flags = set->flags & ~BLK_MQ_F_TAG_SHARED;
- cpuhp_state_add_instance_nocalls(CPUHP_BLK_MQ_DEAD, &hctx->cpuhp_dead);
-
- hctx->tags = set->tags[hctx_idx];
-
/*
* Allocate space for all possible cpus to avoid allocation at
* runtime
*/
hctx->ctxs = kmalloc_array_node(nr_cpu_ids, sizeof(void *),
- GFP_NOIO | __GFP_NOWARN | __GFP_NORETRY, node);
+ gfp, node);
if (!hctx->ctxs)
- goto unregister_cpu_notifier;
+ goto free_cpumask;
if (sbitmap_init_node(&hctx->ctx_map, nr_cpu_ids, ilog2(8),
- GFP_NOIO | __GFP_NOWARN | __GFP_NORETRY, node))
+ gfp, node))
goto free_ctxs;
-
hctx->nr_ctx = 0;
spin_lock_init(&hctx->dispatch_wait_lock);
init_waitqueue_func_entry(&hctx->dispatch_wait, blk_mq_dispatch_wake);
INIT_LIST_HEAD(&hctx->dispatch_wait.entry);
- if (set->ops->init_hctx &&
- set->ops->init_hctx(hctx, set->driver_data, hctx_idx))
- goto free_bitmap;
-
hctx->fq = blk_alloc_flush_queue(q, hctx->numa_node, set->cmd_size,
- GFP_NOIO | __GFP_NOWARN | __GFP_NORETRY);
+ gfp);
if (!hctx->fq)
- goto exit_hctx;
-
- if (blk_mq_init_request(set, hctx->fq->flush_rq, hctx_idx, node))
- goto free_fq;
+ goto free_bitmap;
if (hctx->flags & BLK_MQ_F_BLOCKING)
init_srcu_struct(hctx->srcu);
+ blk_mq_hctx_kobj_init(hctx);
- return 0;
+ return hctx;
- free_fq:
- blk_free_flush_queue(hctx->fq);
- exit_hctx:
- if (set->ops->exit_hctx)
- set->ops->exit_hctx(hctx, hctx_idx);
free_bitmap:
sbitmap_free(&hctx->ctx_map);
free_ctxs:
kfree(hctx->ctxs);
- unregister_cpu_notifier:
- blk_mq_remove_cpuhp(hctx);
- return -1;
+ free_cpumask:
+ free_cpumask_var(hctx->cpumask);
+ free_hctx:
+ kfree(hctx);
+ fail_alloc_hctx:
+ return NULL;
}
static void blk_mq_init_cpu_queues(struct request_queue *q,
@@ -2695,51 +2732,25 @@ struct request_queue *blk_mq_init_sq_queue(struct blk_mq_tag_set *set,
}
EXPORT_SYMBOL(blk_mq_init_sq_queue);
-static int blk_mq_hw_ctx_size(struct blk_mq_tag_set *tag_set)
-{
- int hw_ctx_size = sizeof(struct blk_mq_hw_ctx);
-
- BUILD_BUG_ON(ALIGN(offsetof(struct blk_mq_hw_ctx, srcu),
- __alignof__(struct blk_mq_hw_ctx)) !=
- sizeof(struct blk_mq_hw_ctx));
-
- if (tag_set->flags & BLK_MQ_F_BLOCKING)
- hw_ctx_size += sizeof(struct srcu_struct);
-
- return hw_ctx_size;
-}
-
static struct blk_mq_hw_ctx *blk_mq_alloc_and_init_hctx(
struct blk_mq_tag_set *set, struct request_queue *q,
int hctx_idx, int node)
{
struct blk_mq_hw_ctx *hctx;
- hctx = kzalloc_node(blk_mq_hw_ctx_size(set),
- GFP_NOIO | __GFP_NOWARN | __GFP_NORETRY,
- node);
+ hctx = blk_mq_alloc_hctx(q, set, node);
if (!hctx)
- return NULL;
-
- if (!zalloc_cpumask_var_node(&hctx->cpumask,
- GFP_NOIO | __GFP_NOWARN | __GFP_NORETRY,
- node)) {
- kfree(hctx);
- return NULL;
- }
-
- atomic_set(&hctx->nr_active, 0);
- hctx->numa_node = node;
- hctx->queue_num = hctx_idx;
+ goto fail;
- if (blk_mq_init_hctx(q, set, hctx, hctx_idx)) {
- free_cpumask_var(hctx->cpumask);
- kfree(hctx);
- return NULL;
- }
- blk_mq_hctx_kobj_init(hctx);
+ if (blk_mq_init_hctx(q, set, hctx, hctx_idx))
+ goto free_hctx;
return hctx;
+
+ free_hctx:
+ kobject_put(&hctx->kobj);
+ fail:
+ return NULL;
}
static void blk_mq_realloc_hw_ctxs(struct blk_mq_tag_set *set,
--
2.20.1
^ permalink raw reply related [flat|nested] 429+ messages in thread
* [PATCH 5.1 062/405] blk-mq: grab .q_usage_counter when queuing request from plug code path
2019-05-30 2:59 [PATCH 5.1 000/405] 5.1.6-stable review Greg Kroah-Hartman
` (60 preceding siblings ...)
2019-05-30 3:00 ` [PATCH 5.1 061/405] blk-mq: split blk_mq_alloc_and_init_hctx into two parts Greg Kroah-Hartman
@ 2019-05-30 3:01 ` Greg Kroah-Hartman
2019-05-30 3:01 ` [PATCH 5.1 063/405] dmaengine: tegra210-dma: free dma controller in remove() Greg Kroah-Hartman
` (347 subsequent siblings)
409 siblings, 0 replies; 429+ messages in thread
From: Greg Kroah-Hartman @ 2019-05-30 3:01 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Dongli Zhang, James Smart,
Bart Van Assche, Ming Lei, Jens Axboe, Sasha Levin, linux-scsi,
Martin K . Petersen, Christoph Hellwig, James E . J . Bottomley
[ Upstream commit e87eb301bee183d82bb3d04bd71b6660889a2588 ]
Just like aio/io_uring, we need to grab 2 refcount for queuing one
request, one is for submission, another is for completion.
If the request isn't queued from plug code path, the refcount grabbed
in generic_make_request() serves for submission. In theroy, this
refcount should have been released after the sumission(async run queue)
is done. blk_freeze_queue() works with blk_sync_queue() together
for avoiding race between cleanup queue and IO submission, given async
run queue activities are canceled because hctx->run_work is scheduled with
the refcount held, so it is fine to not hold the refcount when
running the run queue work function for dispatch IO.
However, if request is staggered into plug list, and finally queued
from plug code path, the refcount in submission side is actually missed.
And we may start to run queue after queue is removed because the queue's
kobject refcount isn't guaranteed to be grabbed in flushing plug list
context, then kernel oops is triggered, see the following race:
blk_mq_flush_plug_list():
blk_mq_sched_insert_requests()
insert requests to sw queue or scheduler queue
blk_mq_run_hw_queue
Because of concurrent run queue, all requests inserted above may be
completed before calling the above blk_mq_run_hw_queue. Then queue can
be freed during the above blk_mq_run_hw_queue().
Fixes the issue by grab .q_usage_counter before calling
blk_mq_sched_insert_requests() in blk_mq_flush_plug_list(). This way is
safe because the queue is absolutely alive before inserting request.
Cc: Dongli Zhang <dongli.zhang@oracle.com>
Cc: James Smart <james.smart@broadcom.com>
Cc: linux-scsi@vger.kernel.org,
Cc: Martin K . Petersen <martin.petersen@oracle.com>,
Cc: Christoph Hellwig <hch@lst.de>,
Cc: James E . J . Bottomley <jejb@linux.vnet.ibm.com>,
Reviewed-by: Bart Van Assche <bvanassche@acm.org>
Tested-by: James Smart <james.smart@broadcom.com>
Signed-off-by: Ming Lei <ming.lei@redhat.com>
Signed-off-by: Jens Axboe <axboe@kernel.dk>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
block/blk-mq-sched.c | 12 +++++++++++-
1 file changed, 11 insertions(+), 1 deletion(-)
diff --git a/block/blk-mq-sched.c b/block/blk-mq-sched.c
index aa6bc5c026438..c59babca6857a 100644
--- a/block/blk-mq-sched.c
+++ b/block/blk-mq-sched.c
@@ -413,6 +413,14 @@ void blk_mq_sched_insert_requests(struct blk_mq_hw_ctx *hctx,
struct list_head *list, bool run_queue_async)
{
struct elevator_queue *e;
+ struct request_queue *q = hctx->queue;
+
+ /*
+ * blk_mq_sched_insert_requests() is called from flush plug
+ * context only, and hold one usage counter to prevent queue
+ * from being released.
+ */
+ percpu_ref_get(&q->q_usage_counter);
e = hctx->queue->elevator;
if (e && e->type->ops.insert_requests)
@@ -426,12 +434,14 @@ void blk_mq_sched_insert_requests(struct blk_mq_hw_ctx *hctx,
if (!hctx->dispatch_busy && !e && !run_queue_async) {
blk_mq_try_issue_list_directly(hctx, list);
if (list_empty(list))
- return;
+ goto out;
}
blk_mq_insert_requests(hctx, ctx, list);
}
blk_mq_run_hw_queue(hctx, run_queue_async);
+ out:
+ percpu_ref_put(&q->q_usage_counter);
}
static void blk_mq_sched_free_tags(struct blk_mq_tag_set *set,
--
2.20.1
^ permalink raw reply related [flat|nested] 429+ messages in thread
* [PATCH 5.1 063/405] dmaengine: tegra210-dma: free dma controller in remove()
2019-05-30 2:59 [PATCH 5.1 000/405] 5.1.6-stable review Greg Kroah-Hartman
` (61 preceding siblings ...)
2019-05-30 3:01 ` [PATCH 5.1 062/405] blk-mq: grab .q_usage_counter when queuing request from plug code path Greg Kroah-Hartman
@ 2019-05-30 3:01 ` Greg Kroah-Hartman
2019-05-30 3:01 ` [PATCH 5.1 064/405] net: ena: gcc 8: fix compilation warning Greg Kroah-Hartman
` (346 subsequent siblings)
409 siblings, 0 replies; 429+ messages in thread
From: Greg Kroah-Hartman @ 2019-05-30 3:01 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Sameer Pujar, Jon Hunter, Vinod Koul,
Sasha Levin
[ Upstream commit f030e419501cb95e961e9ed35c493b5d46a04eca ]
Following kernel panic is seen during DMA driver unload->load sequence
==========================================================================
Unable to handle kernel paging request at virtual address ffffff8001198880
Internal error: Oops: 86000007 [#1] PREEMPT SMP
CPU: 0 PID: 5907 Comm: HwBinder:4123_1 Tainted: G C 4.9.128-tegra-g065839f
Hardware name: galen (DT)
task: ffffffc3590d1a80 task.stack: ffffffc3d0678000
PC is at 0xffffff8001198880
LR is at of_dma_request_slave_channel+0xd8/0x1f8
pc : [<ffffff8001198880>] lr : [<ffffff8008746f30>] pstate: 60400045
sp : ffffffc3d067b710
x29: ffffffc3d067b710 x28: 000000000000002f
x27: ffffff800949e000 x26: ffffff800949e750
x25: ffffff800949e000 x24: ffffffbefe817d84
x23: ffffff8009f77cb0 x22: 0000000000000028
x21: ffffffc3ffda49c8 x20: 0000000000000029
x19: 0000000000000001 x18: ffffffffffffffff
x17: 0000000000000000 x16: ffffff80082b66a0
x15: ffffff8009e78250 x14: 000000000000000a
x13: 0000000000000038 x12: 0101010101010101
x11: 0000000000000030 x10: 0101010101010101
x9 : fffffffffffffffc x8 : 7f7f7f7f7f7f7f7f
x7 : 62ff726b6b64622c x6 : 0000000000008064
x5 : 6400000000000000 x4 : ffffffbefe817c44
x3 : ffffffc3ffda3e08 x2 : ffffff8001198880
x1 : ffffffc3d48323c0 x0 : ffffffc3d067b788
Process HwBinder:4123_1 (pid: 5907, stack limit = 0xffffffc3d0678028)
Call trace:
[<ffffff8001198880>] 0xffffff8001198880
[<ffffff80087459f8>] dma_request_chan+0x50/0x1f0
[<ffffff8008745bc0>] dma_request_slave_channel+0x28/0x40
[<ffffff8001552c44>] tegra_alt_pcm_open+0x114/0x170
[<ffffff8008d65fa4>] soc_pcm_open+0x10c/0x878
[<ffffff8008d18618>] snd_pcm_open_substream+0xc0/0x170
[<ffffff8008d1878c>] snd_pcm_open+0xc4/0x240
[<ffffff8008d189e0>] snd_pcm_playback_open+0x58/0x80
[<ffffff8008cfc6d4>] snd_open+0xb4/0x178
[<ffffff8008250628>] chrdev_open+0xb8/0x1d0
[<ffffff8008246fdc>] do_dentry_open+0x214/0x318
[<ffffff80082485d0>] vfs_open+0x58/0x88
[<ffffff800825bce0>] do_last+0x450/0xde0
[<ffffff800825c718>] path_openat+0xa8/0x368
[<ffffff800825dd84>] do_filp_open+0x8c/0x110
[<ffffff8008248a74>] do_sys_open+0x164/0x220
[<ffffff80082b66dc>] compat_SyS_openat+0x3c/0x50
[<ffffff8008083040>] el0_svc_naked+0x34/0x38
---[ end trace 67e6d544e65b5145 ]---
Kernel panic - not syncing: Fatal exception
==========================================================================
In device probe(), of_dma_controller_register() registers DMA controller.
But when driver is removed, this is not freed. During driver reload this
results in data abort and kernel panic. Add of_dma_controller_free() in
driver remove path to fix the issue.
Fixes: f46b195799b5 ("dmaengine: tegra-adma: Add support for Tegra210 ADMA")
Signed-off-by: Sameer Pujar <spujar@nvidia.com>
Reviewed-by: Jon Hunter <jonathanh@nvidia.com>
Signed-off-by: Vinod Koul <vkoul@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/dma/tegra210-adma.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/drivers/dma/tegra210-adma.c b/drivers/dma/tegra210-adma.c
index 5ec0dd97b3971..9aa35a7f13692 100644
--- a/drivers/dma/tegra210-adma.c
+++ b/drivers/dma/tegra210-adma.c
@@ -787,6 +787,7 @@ static int tegra_adma_remove(struct platform_device *pdev)
struct tegra_adma *tdma = platform_get_drvdata(pdev);
int i;
+ of_dma_controller_free(pdev->dev.of_node);
dma_async_device_unregister(&tdma->dma_dev);
for (i = 0; i < tdma->nr_channels; ++i)
--
2.20.1
^ permalink raw reply related [flat|nested] 429+ messages in thread
* [PATCH 5.1 064/405] net: ena: gcc 8: fix compilation warning
2019-05-30 2:59 [PATCH 5.1 000/405] 5.1.6-stable review Greg Kroah-Hartman
` (62 preceding siblings ...)
2019-05-30 3:01 ` [PATCH 5.1 063/405] dmaengine: tegra210-dma: free dma controller in remove() Greg Kroah-Hartman
@ 2019-05-30 3:01 ` Greg Kroah-Hartman
2019-05-30 3:01 ` [PATCH 5.1 065/405] net: ena: fix: set freed objects to NULL to avoid failing future allocations Greg Kroah-Hartman
` (345 subsequent siblings)
409 siblings, 0 replies; 429+ messages in thread
From: Greg Kroah-Hartman @ 2019-05-30 3:01 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Sameeh Jubran, David S. Miller, Sasha Levin
[ Upstream commit f913308879bc6ae437ce64d878c7b05643ddea44 ]
GCC 8 contains a number of new warnings as well as enhancements to existing
checkers. The warning - Wstringop-truncation - warns for calls to bounded
string manipulation functions such as strncat, strncpy, and stpncpy that
may either truncate the copied string or leave the destination unchanged.
In our case the destination string length (32 bytes) is much shorter than
the source string (64 bytes) which causes this warning to show up. In
general the destination has to be at least a byte larger than the length
of the source string with strncpy for this warning not to showup.
This can be easily fixed by using strlcpy instead which already does the
truncation to the string. Documentation for this function can be
found here:
https://elixir.bootlin.com/linux/latest/source/lib/string.c#L141
Fixes: 1738cd3ed342 ("net: ena: Add a driver for Amazon Elastic Network Adapters (ENA)")
Signed-off-by: Sameeh Jubran <sameehj@amazon.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/ethernet/amazon/ena/ena_netdev.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/net/ethernet/amazon/ena/ena_netdev.c b/drivers/net/ethernet/amazon/ena/ena_netdev.c
index a6eacf2099c30..41c1c9acb3246 100644
--- a/drivers/net/ethernet/amazon/ena/ena_netdev.c
+++ b/drivers/net/ethernet/amazon/ena/ena_netdev.c
@@ -2292,7 +2292,7 @@ static void ena_config_host_info(struct ena_com_dev *ena_dev,
host_info->bdf = (pdev->bus->number << 8) | pdev->devfn;
host_info->os_type = ENA_ADMIN_OS_LINUX;
host_info->kernel_ver = LINUX_VERSION_CODE;
- strncpy(host_info->kernel_ver_str, utsname()->version,
+ strlcpy(host_info->kernel_ver_str, utsname()->version,
sizeof(host_info->kernel_ver_str) - 1);
host_info->os_dist = 0;
strncpy(host_info->os_dist_str, utsname()->release,
--
2.20.1
^ permalink raw reply related [flat|nested] 429+ messages in thread
* [PATCH 5.1 065/405] net: ena: fix: set freed objects to NULL to avoid failing future allocations
2019-05-30 2:59 [PATCH 5.1 000/405] 5.1.6-stable review Greg Kroah-Hartman
` (63 preceding siblings ...)
2019-05-30 3:01 ` [PATCH 5.1 064/405] net: ena: gcc 8: fix compilation warning Greg Kroah-Hartman
@ 2019-05-30 3:01 ` Greg Kroah-Hartman
2019-05-30 3:01 ` [PATCH 5.1 066/405] hv_netvsc: fix race that may miss tx queue wakeup Greg Kroah-Hartman
` (344 subsequent siblings)
409 siblings, 0 replies; 429+ messages in thread
From: Greg Kroah-Hartman @ 2019-05-30 3:01 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Arthur Kiyanovski, Sameeh Jubran,
David S. Miller, Sasha Levin
[ Upstream commit 8ee8ee7fe87bf64738ab4e31be036a7165608b27 ]
In some cases when a queue related allocation fails, successful past
allocations are freed but the pointer that pointed to them is not
set to NULL. This is a problem for 2 reasons:
1. This is generally a bad practice since this pointer might be
accidentally accessed in the future.
2. Future allocations using the same pointer check if the pointer
is NULL and fail if it is not.
Fixed this by setting such pointers to NULL in the allocation of
queue related objects.
Also refactored the code of ena_setup_tx_resources() to goto-style
error handling to avoid code duplication of resource freeing.
Fixes: 1738cd3ed342 ("net: ena: Add a driver for Amazon Elastic Network Adapters (ENA)")
Signed-off-by: Arthur Kiyanovski <akiyano@amazon.com>
Signed-off-by: Sameeh Jubran <sameehj@amazon.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/ethernet/amazon/ena/ena_netdev.c | 25 ++++++++++++--------
1 file changed, 15 insertions(+), 10 deletions(-)
diff --git a/drivers/net/ethernet/amazon/ena/ena_netdev.c b/drivers/net/ethernet/amazon/ena/ena_netdev.c
index 41c1c9acb3246..9b03d7e404f83 100644
--- a/drivers/net/ethernet/amazon/ena/ena_netdev.c
+++ b/drivers/net/ethernet/amazon/ena/ena_netdev.c
@@ -224,28 +224,23 @@ static int ena_setup_tx_resources(struct ena_adapter *adapter, int qid)
if (!tx_ring->tx_buffer_info) {
tx_ring->tx_buffer_info = vzalloc(size);
if (!tx_ring->tx_buffer_info)
- return -ENOMEM;
+ goto err_tx_buffer_info;
}
size = sizeof(u16) * tx_ring->ring_size;
tx_ring->free_tx_ids = vzalloc_node(size, node);
if (!tx_ring->free_tx_ids) {
tx_ring->free_tx_ids = vzalloc(size);
- if (!tx_ring->free_tx_ids) {
- vfree(tx_ring->tx_buffer_info);
- return -ENOMEM;
- }
+ if (!tx_ring->free_tx_ids)
+ goto err_free_tx_ids;
}
size = tx_ring->tx_max_header_size;
tx_ring->push_buf_intermediate_buf = vzalloc_node(size, node);
if (!tx_ring->push_buf_intermediate_buf) {
tx_ring->push_buf_intermediate_buf = vzalloc(size);
- if (!tx_ring->push_buf_intermediate_buf) {
- vfree(tx_ring->tx_buffer_info);
- vfree(tx_ring->free_tx_ids);
- return -ENOMEM;
- }
+ if (!tx_ring->push_buf_intermediate_buf)
+ goto err_push_buf_intermediate_buf;
}
/* Req id ring for TX out of order completions */
@@ -259,6 +254,15 @@ static int ena_setup_tx_resources(struct ena_adapter *adapter, int qid)
tx_ring->next_to_clean = 0;
tx_ring->cpu = ena_irq->cpu;
return 0;
+
+err_push_buf_intermediate_buf:
+ vfree(tx_ring->free_tx_ids);
+ tx_ring->free_tx_ids = NULL;
+err_free_tx_ids:
+ vfree(tx_ring->tx_buffer_info);
+ tx_ring->tx_buffer_info = NULL;
+err_tx_buffer_info:
+ return -ENOMEM;
}
/* ena_free_tx_resources - Free I/O Tx Resources per Queue
@@ -378,6 +382,7 @@ static int ena_setup_rx_resources(struct ena_adapter *adapter,
rx_ring->free_rx_ids = vzalloc(size);
if (!rx_ring->free_rx_ids) {
vfree(rx_ring->rx_buffer_info);
+ rx_ring->rx_buffer_info = NULL;
return -ENOMEM;
}
}
--
2.20.1
^ permalink raw reply related [flat|nested] 429+ messages in thread
* [PATCH 5.1 066/405] hv_netvsc: fix race that may miss tx queue wakeup
2019-05-30 2:59 [PATCH 5.1 000/405] 5.1.6-stable review Greg Kroah-Hartman
` (64 preceding siblings ...)
2019-05-30 3:01 ` [PATCH 5.1 065/405] net: ena: fix: set freed objects to NULL to avoid failing future allocations Greg Kroah-Hartman
@ 2019-05-30 3:01 ` Greg Kroah-Hartman
2019-05-30 3:01 ` [PATCH 5.1 067/405] Bluetooth: Ignore CC events not matching the last HCI command Greg Kroah-Hartman
` (343 subsequent siblings)
409 siblings, 0 replies; 429+ messages in thread
From: Greg Kroah-Hartman @ 2019-05-30 3:01 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Haiyang Zhang, David S. Miller,
Sasha Levin, Stephan Klein
[ Upstream commit 93aa4792c3908eac87ddd368ee0fe0564148232b ]
When the ring buffer is almost full due to RX completion messages, a
TX packet may reach the "low watermark" and cause the queue stopped.
If the TX completion arrives earlier than queue stopping, the wakeup
may be missed.
This patch moves the check for the last pending packet to cover both
EAGAIN and success cases, so the queue will be reliably waked up when
necessary.
Reported-and-tested-by: Stephan Klein <stephan.klein@wegfinder.at>
Signed-off-by: Haiyang Zhang <haiyangz@microsoft.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/hyperv/netvsc.c | 15 +++++++++------
1 file changed, 9 insertions(+), 6 deletions(-)
diff --git a/drivers/net/hyperv/netvsc.c b/drivers/net/hyperv/netvsc.c
index e0dce373cdd9d..3d4a166a49d58 100644
--- a/drivers/net/hyperv/netvsc.c
+++ b/drivers/net/hyperv/netvsc.c
@@ -875,12 +875,6 @@ static inline int netvsc_send_pkt(
} else if (ret == -EAGAIN) {
netif_tx_stop_queue(txq);
ndev_ctx->eth_stats.stop_queue++;
- if (atomic_read(&nvchan->queue_sends) < 1 &&
- !net_device->tx_disable) {
- netif_tx_wake_queue(txq);
- ndev_ctx->eth_stats.wake_queue++;
- ret = -ENOSPC;
- }
} else {
netdev_err(ndev,
"Unable to send packet pages %u len %u, ret %d\n",
@@ -888,6 +882,15 @@ static inline int netvsc_send_pkt(
ret);
}
+ if (netif_tx_queue_stopped(txq) &&
+ atomic_read(&nvchan->queue_sends) < 1 &&
+ !net_device->tx_disable) {
+ netif_tx_wake_queue(txq);
+ ndev_ctx->eth_stats.wake_queue++;
+ if (ret == -EAGAIN)
+ ret = -ENOSPC;
+ }
+
return ret;
}
--
2.20.1
^ permalink raw reply related [flat|nested] 429+ messages in thread
* [PATCH 5.1 067/405] Bluetooth: Ignore CC events not matching the last HCI command
2019-05-30 2:59 [PATCH 5.1 000/405] 5.1.6-stable review Greg Kroah-Hartman
` (65 preceding siblings ...)
2019-05-30 3:01 ` [PATCH 5.1 066/405] hv_netvsc: fix race that may miss tx queue wakeup Greg Kroah-Hartman
@ 2019-05-30 3:01 ` Greg Kroah-Hartman
2019-05-30 3:01 ` [PATCH 5.1 068/405] pinctrl: zte: fix leaked of_node references Greg Kroah-Hartman
` (342 subsequent siblings)
409 siblings, 0 replies; 429+ messages in thread
From: Greg Kroah-Hartman @ 2019-05-30 3:01 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, João Paulo Rechi Vita,
Marcel Holtmann, Sasha Levin
[ Upstream commit f80c5dad7b6467b884c445ffea45985793b4b2d0 ]
This commit makes the kernel not send the next queued HCI command until
a command complete arrives for the last HCI command sent to the
controller. This change avoids a problem with some buggy controllers
(seen on two SKUs of QCA9377) that send an extra command complete event
for the previous command after the kernel had already sent a new HCI
command to the controller.
The problem was reproduced when starting an active scanning procedure,
where an extra command complete event arrives for the LE_SET_RANDOM_ADDR
command. When this happends the kernel ends up not processing the
command complete for the following commmand, LE_SET_SCAN_PARAM, and
ultimately behaving as if a passive scanning procedure was being
performed, when in fact controller is performing an active scanning
procedure. This makes it impossible to discover BLE devices as no device
found events are sent to userspace.
This problem is reproducible on 100% of the attempts on the affected
controllers. The extra command complete event can be seen at timestamp
27.420131 on the btmon logs bellow.
Bluetooth monitor ver 5.50
= Note: Linux version 5.0.0+ (x86_64) 0.352340
= Note: Bluetooth subsystem version 2.22 0.352343
= New Index: 80:C5:F2:8F:87:84 (Primary,USB,hci0) [hci0] 0.352344
= Open Index: 80:C5:F2:8F:87:84 [hci0] 0.352345
= Index Info: 80:C5:F2:8F:87:84 (Qualcomm) [hci0] 0.352346
@ MGMT Open: bluetoothd (privileged) version 1.14 {0x0001} 0.352347
@ MGMT Open: btmon (privileged) version 1.14 {0x0002} 0.352366
@ MGMT Open: btmgmt (privileged) version 1.14 {0x0003} 27.302164
@ MGMT Command: Start Discovery (0x0023) plen 1 {0x0003} [hci0] 27.302310
Address type: 0x06
LE Public
LE Random
< HCI Command: LE Set Random Address (0x08|0x0005) plen 6 #1 [hci0] 27.302496
Address: 15:60:F2:91:B2:24 (Non-Resolvable)
> HCI Event: Command Complete (0x0e) plen 4 #2 [hci0] 27.419117
LE Set Random Address (0x08|0x0005) ncmd 1
Status: Success (0x00)
< HCI Command: LE Set Scan Parameters (0x08|0x000b) plen 7 #3 [hci0] 27.419244
Type: Active (0x01)
Interval: 11.250 msec (0x0012)
Window: 11.250 msec (0x0012)
Own address type: Random (0x01)
Filter policy: Accept all advertisement (0x00)
> HCI Event: Command Complete (0x0e) plen 4 #4 [hci0] 27.420131
LE Set Random Address (0x08|0x0005) ncmd 1
Status: Success (0x00)
< HCI Command: LE Set Scan Enable (0x08|0x000c) plen 2 #5 [hci0] 27.420259
Scanning: Enabled (0x01)
Filter duplicates: Enabled (0x01)
> HCI Event: Command Complete (0x0e) plen 4 #6 [hci0] 27.420969
LE Set Scan Parameters (0x08|0x000b) ncmd 1
Status: Success (0x00)
> HCI Event: Command Complete (0x0e) plen 4 #7 [hci0] 27.421983
LE Set Scan Enable (0x08|0x000c) ncmd 1
Status: Success (0x00)
@ MGMT Event: Command Complete (0x0001) plen 4 {0x0003} [hci0] 27.422059
Start Discovery (0x0023) plen 1
Status: Success (0x00)
Address type: 0x06
LE Public
LE Random
@ MGMT Event: Discovering (0x0013) plen 2 {0x0003} [hci0] 27.422067
Address type: 0x06
LE Public
LE Random
Discovery: Enabled (0x01)
@ MGMT Event: Discovering (0x0013) plen 2 {0x0002} [hci0] 27.422067
Address type: 0x06
LE Public
LE Random
Discovery: Enabled (0x01)
@ MGMT Event: Discovering (0x0013) plen 2 {0x0001} [hci0] 27.422067
Address type: 0x06
LE Public
LE Random
Discovery: Enabled (0x01)
Signed-off-by: João Paulo Rechi Vita <jprvita@endlessm.com>
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
include/net/bluetooth/hci.h | 1 +
net/bluetooth/hci_core.c | 5 +++++
net/bluetooth/hci_event.c | 12 ++++++++++++
net/bluetooth/hci_request.c | 5 +++++
net/bluetooth/hci_request.h | 1 +
5 files changed, 24 insertions(+)
diff --git a/include/net/bluetooth/hci.h b/include/net/bluetooth/hci.h
index fbba43e9bef5b..9a5330eed7944 100644
--- a/include/net/bluetooth/hci.h
+++ b/include/net/bluetooth/hci.h
@@ -282,6 +282,7 @@ enum {
HCI_FORCE_BREDR_SMP,
HCI_FORCE_STATIC_ADDR,
HCI_LL_RPA_RESOLUTION,
+ HCI_CMD_PENDING,
__HCI_NUM_FLAGS,
};
diff --git a/net/bluetooth/hci_core.c b/net/bluetooth/hci_core.c
index d6b2540ba7f8b..f275c99056507 100644
--- a/net/bluetooth/hci_core.c
+++ b/net/bluetooth/hci_core.c
@@ -4383,6 +4383,9 @@ void hci_req_cmd_complete(struct hci_dev *hdev, u16 opcode, u8 status,
return;
}
+ /* If we reach this point this event matches the last command sent */
+ hci_dev_clear_flag(hdev, HCI_CMD_PENDING);
+
/* If the command succeeded and there's still more commands in
* this request the request is not yet complete.
*/
@@ -4493,6 +4496,8 @@ static void hci_cmd_work(struct work_struct *work)
hdev->sent_cmd = skb_clone(skb, GFP_KERNEL);
if (hdev->sent_cmd) {
+ if (hci_req_status_pend(hdev))
+ hci_dev_set_flag(hdev, HCI_CMD_PENDING);
atomic_dec(&hdev->cmd_cnt);
hci_send_frame(hdev, skb);
if (test_bit(HCI_RESET, &hdev->flags))
diff --git a/net/bluetooth/hci_event.c b/net/bluetooth/hci_event.c
index 609fd6871c5ad..8b893baf9bbe2 100644
--- a/net/bluetooth/hci_event.c
+++ b/net/bluetooth/hci_event.c
@@ -3404,6 +3404,12 @@ static void hci_cmd_complete_evt(struct hci_dev *hdev, struct sk_buff *skb,
hci_req_cmd_complete(hdev, *opcode, *status, req_complete,
req_complete_skb);
+ if (hci_dev_test_flag(hdev, HCI_CMD_PENDING)) {
+ bt_dev_err(hdev,
+ "unexpected event for opcode 0x%4.4x", *opcode);
+ return;
+ }
+
if (atomic_read(&hdev->cmd_cnt) && !skb_queue_empty(&hdev->cmd_q))
queue_work(hdev->workqueue, &hdev->cmd_work);
}
@@ -3511,6 +3517,12 @@ static void hci_cmd_status_evt(struct hci_dev *hdev, struct sk_buff *skb,
hci_req_cmd_complete(hdev, *opcode, ev->status, req_complete,
req_complete_skb);
+ if (hci_dev_test_flag(hdev, HCI_CMD_PENDING)) {
+ bt_dev_err(hdev,
+ "unexpected event for opcode 0x%4.4x", *opcode);
+ return;
+ }
+
if (atomic_read(&hdev->cmd_cnt) && !skb_queue_empty(&hdev->cmd_q))
queue_work(hdev->workqueue, &hdev->cmd_work);
}
diff --git a/net/bluetooth/hci_request.c b/net/bluetooth/hci_request.c
index ca73d36cc1494..e9a95ed654915 100644
--- a/net/bluetooth/hci_request.c
+++ b/net/bluetooth/hci_request.c
@@ -46,6 +46,11 @@ void hci_req_purge(struct hci_request *req)
skb_queue_purge(&req->cmd_q);
}
+bool hci_req_status_pend(struct hci_dev *hdev)
+{
+ return hdev->req_status == HCI_REQ_PEND;
+}
+
static int req_run(struct hci_request *req, hci_req_complete_t complete,
hci_req_complete_skb_t complete_skb)
{
diff --git a/net/bluetooth/hci_request.h b/net/bluetooth/hci_request.h
index 692cc8b133682..55b2050cc9ff0 100644
--- a/net/bluetooth/hci_request.h
+++ b/net/bluetooth/hci_request.h
@@ -37,6 +37,7 @@ struct hci_request {
void hci_req_init(struct hci_request *req, struct hci_dev *hdev);
void hci_req_purge(struct hci_request *req);
+bool hci_req_status_pend(struct hci_dev *hdev);
int hci_req_run(struct hci_request *req, hci_req_complete_t complete);
int hci_req_run_skb(struct hci_request *req, hci_req_complete_skb_t complete);
void hci_req_add(struct hci_request *req, u16 opcode, u32 plen,
--
2.20.1
^ permalink raw reply related [flat|nested] 429+ messages in thread
* [PATCH 5.1 068/405] pinctrl: zte: fix leaked of_node references
2019-05-30 2:59 [PATCH 5.1 000/405] 5.1.6-stable review Greg Kroah-Hartman
` (66 preceding siblings ...)
2019-05-30 3:01 ` [PATCH 5.1 067/405] Bluetooth: Ignore CC events not matching the last HCI command Greg Kroah-Hartman
@ 2019-05-30 3:01 ` Greg Kroah-Hartman
2019-05-30 3:01 ` [PATCH 5.1 069/405] ASoC: Intel: kbl_da7219_max98357a: Map BTN_0 to KEY_PLAYPAUSE Greg Kroah-Hartman
` (341 subsequent siblings)
409 siblings, 0 replies; 429+ messages in thread
From: Greg Kroah-Hartman @ 2019-05-30 3:01 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Wen Yang, Linus Walleij, Jun Nie,
linux-gpio, Shawn Guo, Sasha Levin
[ Upstream commit 02d15f0d80720545f1f4922a1550ea4aaad4e152 ]
The call to of_parse_phandle returns a node pointer with refcount
incremented thus it must be explicitly decremented after the last
usage.
Detected by coccinelle with the following warnings:
./drivers/pinctrl/zte/pinctrl-zx.c:415:2-8: ERROR: missing of_node_put; acquired a node pointer with refcount incremented on line 407, but without a corresponding object release within this function.
./drivers/pinctrl/zte/pinctrl-zx.c:422:2-8: ERROR: missing of_node_put; acquired a node pointer with refcount incremented on line 407, but without a corresponding object release within this function.
./drivers/pinctrl/zte/pinctrl-zx.c:436:2-8: ERROR: missing of_node_put; acquired a node pointer with refcount incremented on line 407, but without a corresponding object release within this function.
./drivers/pinctrl/zte/pinctrl-zx.c:444:2-8: ERROR: missing of_node_put; acquired a node pointer with refcount incremented on line 407, but without a corresponding object release within this function.
./drivers/pinctrl/zte/pinctrl-zx.c:448:1-7: ERROR: missing of_node_put; acquired a node pointer with refcount incremented on line 407, but without a corresponding object release within this function.
Signed-off-by: Wen Yang <wen.yang99@zte.com.cn>
Cc: Linus Walleij <linus.walleij@linaro.org>
Cc: Jun Nie <jun.nie@linaro.org>
Cc: Linus Walleij <linus.walleij@linaro.org>
Cc: linux-gpio@vger.kernel.org
Cc: linux-kernel@vger.kernel.org
Acked-by: Shawn Guo <shawnguo@kernel.org>
Signed-off-by: Linus Walleij <linus.walleij@linaro.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/pinctrl/zte/pinctrl-zx.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/drivers/pinctrl/zte/pinctrl-zx.c b/drivers/pinctrl/zte/pinctrl-zx.c
index caa44dd2880a8..3cb69309912ba 100644
--- a/drivers/pinctrl/zte/pinctrl-zx.c
+++ b/drivers/pinctrl/zte/pinctrl-zx.c
@@ -411,6 +411,7 @@ int zx_pinctrl_init(struct platform_device *pdev,
}
zpctl->aux_base = of_iomap(np, 0);
+ of_node_put(np);
if (!zpctl->aux_base)
return -ENOMEM;
--
2.20.1
^ permalink raw reply related [flat|nested] 429+ messages in thread
* [PATCH 5.1 069/405] ASoC: Intel: kbl_da7219_max98357a: Map BTN_0 to KEY_PLAYPAUSE
2019-05-30 2:59 [PATCH 5.1 000/405] 5.1.6-stable review Greg Kroah-Hartman
` (67 preceding siblings ...)
2019-05-30 3:01 ` [PATCH 5.1 068/405] pinctrl: zte: fix leaked of_node references Greg Kroah-Hartman
@ 2019-05-30 3:01 ` Greg Kroah-Hartman
2019-05-30 3:01 ` [PATCH 5.1 070/405] usb: dwc2: gadget: Increase descriptors count for ISOCs Greg Kroah-Hartman
` (340 subsequent siblings)
409 siblings, 0 replies; 429+ messages in thread
From: Greg Kroah-Hartman @ 2019-05-30 3:01 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Mac Chiang, Benson Leung,
Pierre-Louis Bossart, Mark Brown, Sasha Levin
[ Upstream commit 16ec5dfe0327ddcf279957bffe4c8fe527088c63 ]
On kbl_rt5663_max98927, commit 38a5882e4292
("ASoC: Intel: kbl_rt5663_max98927: Map BTN_0 to KEY_PLAYPAUSE")
This key pair mapping to play/pause when playing Youtube
The Android 3.5mm Headset jack specification mentions that BTN_0 should
be mapped to KEY_MEDIA, but this is less logical than KEY_PLAYPAUSE,
which has much broader userspace support.
For example, the Chrome OS userspace now supports KEY_PLAYPAUSE to toggle
play/pause of videos and audio, but does not handle KEY_MEDIA.
Furthermore, Android itself now supports KEY_PLAYPAUSE equivalently, as the
new USB headset spec requires KEY_PLAYPAUSE for BTN_0.
https://source.android.com/devices/accessories/headset/usb-headset-spec
The same fix is required on Chrome kbl_da7219_max98357a.
Signed-off-by: Mac Chiang <mac.chiang@intel.com>
Reviewed-by: Benson Leung <bleung@chromium.org>
Acked-by: Pierre-Louis Bossart <pierre-louis.bossart@linux.intel.com>
Signed-off-by: Mark Brown <broonie@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
sound/soc/intel/boards/kbl_da7219_max98357a.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/sound/soc/intel/boards/kbl_da7219_max98357a.c b/sound/soc/intel/boards/kbl_da7219_max98357a.c
index 38f6ab74709d0..07491a0f8fb8b 100644
--- a/sound/soc/intel/boards/kbl_da7219_max98357a.c
+++ b/sound/soc/intel/boards/kbl_da7219_max98357a.c
@@ -188,7 +188,7 @@ static int kabylake_da7219_codec_init(struct snd_soc_pcm_runtime *rtd)
jack = &ctx->kabylake_headset;
- snd_jack_set_key(jack->jack, SND_JACK_BTN_0, KEY_MEDIA);
+ snd_jack_set_key(jack->jack, SND_JACK_BTN_0, KEY_PLAYPAUSE);
snd_jack_set_key(jack->jack, SND_JACK_BTN_1, KEY_VOLUMEUP);
snd_jack_set_key(jack->jack, SND_JACK_BTN_2, KEY_VOLUMEDOWN);
snd_jack_set_key(jack->jack, SND_JACK_BTN_3, KEY_VOICECOMMAND);
--
2.20.1
^ permalink raw reply related [flat|nested] 429+ messages in thread
* [PATCH 5.1 070/405] usb: dwc2: gadget: Increase descriptors count for ISOCs
2019-05-30 2:59 [PATCH 5.1 000/405] 5.1.6-stable review Greg Kroah-Hartman
` (68 preceding siblings ...)
2019-05-30 3:01 ` [PATCH 5.1 069/405] ASoC: Intel: kbl_da7219_max98357a: Map BTN_0 to KEY_PLAYPAUSE Greg Kroah-Hartman
@ 2019-05-30 3:01 ` Greg Kroah-Hartman
2019-05-30 3:01 ` [PATCH 5.1 071/405] usb: dwc3: move synchronize_irq() out of the spinlock protected block Greg Kroah-Hartman
` (339 subsequent siblings)
409 siblings, 0 replies; 429+ messages in thread
From: Greg Kroah-Hartman @ 2019-05-30 3:01 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Minas Harutyunyan, Felipe Balbi, Sasha Levin
[ Upstream commit 54f37f56631747075f1f9a2f0edf6ba405e3e66c ]
Some function drivers queueing more than 128 ISOC requests at a time.
To avoid "descriptor chain full" cases, increasing descriptors count
from MAX_DMA_DESC_NUM_GENERIC to MAX_DMA_DESC_NUM_HS_ISOC for ISOC's
only.
Signed-off-by: Minas Harutyunyan <hminas@synopsys.com>
Signed-off-by: Felipe Balbi <felipe.balbi@linux.intel.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/usb/dwc2/gadget.c | 27 +++++++++++++++------------
1 file changed, 15 insertions(+), 12 deletions(-)
diff --git a/drivers/usb/dwc2/gadget.c b/drivers/usb/dwc2/gadget.c
index 6812a8a3a98ba..a749de7604c62 100644
--- a/drivers/usb/dwc2/gadget.c
+++ b/drivers/usb/dwc2/gadget.c
@@ -714,13 +714,11 @@ static unsigned int dwc2_gadget_get_chain_limit(struct dwc2_hsotg_ep *hs_ep)
unsigned int maxsize;
if (is_isoc)
- maxsize = hs_ep->dir_in ? DEV_DMA_ISOC_TX_NBYTES_LIMIT :
- DEV_DMA_ISOC_RX_NBYTES_LIMIT;
+ maxsize = (hs_ep->dir_in ? DEV_DMA_ISOC_TX_NBYTES_LIMIT :
+ DEV_DMA_ISOC_RX_NBYTES_LIMIT) *
+ MAX_DMA_DESC_NUM_HS_ISOC;
else
- maxsize = DEV_DMA_NBYTES_LIMIT;
-
- /* Above size of one descriptor was chosen, multiple it */
- maxsize *= MAX_DMA_DESC_NUM_GENERIC;
+ maxsize = DEV_DMA_NBYTES_LIMIT * MAX_DMA_DESC_NUM_GENERIC;
return maxsize;
}
@@ -932,7 +930,7 @@ static int dwc2_gadget_fill_isoc_desc(struct dwc2_hsotg_ep *hs_ep,
/* Update index of last configured entry in the chain */
hs_ep->next_desc++;
- if (hs_ep->next_desc >= MAX_DMA_DESC_NUM_GENERIC)
+ if (hs_ep->next_desc >= MAX_DMA_DESC_NUM_HS_ISOC)
hs_ep->next_desc = 0;
return 0;
@@ -964,7 +962,7 @@ static void dwc2_gadget_start_isoc_ddma(struct dwc2_hsotg_ep *hs_ep)
}
/* Initialize descriptor chain by Host Busy status */
- for (i = 0; i < MAX_DMA_DESC_NUM_GENERIC; i++) {
+ for (i = 0; i < MAX_DMA_DESC_NUM_HS_ISOC; i++) {
desc = &hs_ep->desc_list[i];
desc->status = 0;
desc->status |= (DEV_DMA_BUFF_STS_HBUSY
@@ -2162,7 +2160,7 @@ static void dwc2_gadget_complete_isoc_request_ddma(struct dwc2_hsotg_ep *hs_ep)
dwc2_hsotg_complete_request(hsotg, hs_ep, hs_req, 0);
hs_ep->compl_desc++;
- if (hs_ep->compl_desc > (MAX_DMA_DESC_NUM_GENERIC - 1))
+ if (hs_ep->compl_desc > (MAX_DMA_DESC_NUM_HS_ISOC - 1))
hs_ep->compl_desc = 0;
desc_sts = hs_ep->desc_list[hs_ep->compl_desc].status;
}
@@ -3899,6 +3897,7 @@ static int dwc2_hsotg_ep_enable(struct usb_ep *ep,
unsigned int i, val, size;
int ret = 0;
unsigned char ep_type;
+ int desc_num;
dev_dbg(hsotg->dev,
"%s: ep %s: a 0x%02x, attr 0x%02x, mps 0x%04x, intr %d\n",
@@ -3945,11 +3944,15 @@ static int dwc2_hsotg_ep_enable(struct usb_ep *ep,
dev_dbg(hsotg->dev, "%s: read DxEPCTL=0x%08x from 0x%08x\n",
__func__, epctrl, epctrl_reg);
+ if (using_desc_dma(hsotg) && ep_type == USB_ENDPOINT_XFER_ISOC)
+ desc_num = MAX_DMA_DESC_NUM_HS_ISOC;
+ else
+ desc_num = MAX_DMA_DESC_NUM_GENERIC;
+
/* Allocate DMA descriptor chain for non-ctrl endpoints */
if (using_desc_dma(hsotg) && !hs_ep->desc_list) {
hs_ep->desc_list = dmam_alloc_coherent(hsotg->dev,
- MAX_DMA_DESC_NUM_GENERIC *
- sizeof(struct dwc2_dma_desc),
+ desc_num * sizeof(struct dwc2_dma_desc),
&hs_ep->desc_list_dma, GFP_ATOMIC);
if (!hs_ep->desc_list) {
ret = -ENOMEM;
@@ -4092,7 +4095,7 @@ static int dwc2_hsotg_ep_enable(struct usb_ep *ep,
error2:
if (ret && using_desc_dma(hsotg) && hs_ep->desc_list) {
- dmam_free_coherent(hsotg->dev, MAX_DMA_DESC_NUM_GENERIC *
+ dmam_free_coherent(hsotg->dev, desc_num *
sizeof(struct dwc2_dma_desc),
hs_ep->desc_list, hs_ep->desc_list_dma);
hs_ep->desc_list = NULL;
--
2.20.1
^ permalink raw reply related [flat|nested] 429+ messages in thread
* [PATCH 5.1 071/405] usb: dwc3: move synchronize_irq() out of the spinlock protected block
2019-05-30 2:59 [PATCH 5.1 000/405] 5.1.6-stable review Greg Kroah-Hartman
` (69 preceding siblings ...)
2019-05-30 3:01 ` [PATCH 5.1 070/405] usb: dwc2: gadget: Increase descriptors count for ISOCs Greg Kroah-Hartman
@ 2019-05-30 3:01 ` Greg Kroah-Hartman
2019-05-30 3:01 ` [PATCH 5.1 072/405] usb: gadget: f_fs: dont free buffer prematurely Greg Kroah-Hartman
` (338 subsequent siblings)
409 siblings, 0 replies; 429+ messages in thread
From: Greg Kroah-Hartman @ 2019-05-30 3:01 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Marek Szyprowski, Felipe Balbi, Sasha Levin
[ Upstream commit 41a91c606e7d2b74358a944525267cc451c271e8 ]
dwc3_gadget_suspend() is called under dwc->lock spinlock. In such context
calling synchronize_irq() is not allowed. Move the problematic call out
of the protected block to fix the following kernel BUG during system
suspend:
BUG: sleeping function called from invalid context at kernel/irq/manage.c:112
in_atomic(): 1, irqs_disabled(): 128, pid: 1601, name: rtcwake
6 locks held by rtcwake/1601:
#0: f70ac2a2 (sb_writers#7){.+.+}, at: vfs_write+0x130/0x16c
#1: b5fe1270 (&of->mutex){+.+.}, at: kernfs_fop_write+0xc0/0x1e4
#2: 7e597705 (kn->count#60){.+.+}, at: kernfs_fop_write+0xc8/0x1e4
#3: 8b3527d0 (system_transition_mutex){+.+.}, at: pm_suspend+0xc4/0xc04
#4: fc7f1c42 (&dev->mutex){....}, at: __device_suspend+0xd8/0x74c
#5: 4b36507e (&(&dwc->lock)->rlock){....}, at: dwc3_gadget_suspend+0x24/0x3c
irq event stamp: 11252
hardirqs last enabled at (11251): [<c09c54a4>] _raw_spin_unlock_irqrestore+0x6c/0x74
hardirqs last disabled at (11252): [<c09c4d44>] _raw_spin_lock_irqsave+0x1c/0x5c
softirqs last enabled at (9744): [<c0102564>] __do_softirq+0x3a4/0x66c
softirqs last disabled at (9737): [<c0128528>] irq_exit+0x140/0x168
Preemption disabled at:
[<00000000>] (null)
CPU: 7 PID: 1601 Comm: rtcwake Not tainted
5.0.0-rc3-next-20190122-00039-ga3f4ee4f8a52 #5252
Hardware name: SAMSUNG EXYNOS (Flattened Device Tree)
[<c01110f0>] (unwind_backtrace) from [<c010d120>] (show_stack+0x10/0x14)
[<c010d120>] (show_stack) from [<c09a4d04>] (dump_stack+0x90/0xc8)
[<c09a4d04>] (dump_stack) from [<c014c700>] (___might_sleep+0x22c/0x2c8)
[<c014c700>] (___might_sleep) from [<c0189d68>] (synchronize_irq+0x28/0x84)
[<c0189d68>] (synchronize_irq) from [<c05cbbf8>] (dwc3_gadget_suspend+0x34/0x3c)
[<c05cbbf8>] (dwc3_gadget_suspend) from [<c05bd020>] (dwc3_suspend_common+0x154/0x410)
[<c05bd020>] (dwc3_suspend_common) from [<c05bd34c>] (dwc3_suspend+0x14/0x2c)
[<c05bd34c>] (dwc3_suspend) from [<c051c730>] (platform_pm_suspend+0x2c/0x54)
[<c051c730>] (platform_pm_suspend) from [<c05285d4>] (dpm_run_callback+0xa4/0x3dc)
[<c05285d4>] (dpm_run_callback) from [<c0528a40>] (__device_suspend+0x134/0x74c)
[<c0528a40>] (__device_suspend) from [<c052c508>] (dpm_suspend+0x174/0x588)
[<c052c508>] (dpm_suspend) from [<c0182134>] (suspend_devices_and_enter+0xc0/0xe74)
[<c0182134>] (suspend_devices_and_enter) from [<c0183658>] (pm_suspend+0x770/0xc04)
[<c0183658>] (pm_suspend) from [<c0180ddc>] (state_store+0x6c/0xcc)
[<c0180ddc>] (state_store) from [<c09a9a70>] (kobj_attr_store+0x14/0x20)
[<c09a9a70>] (kobj_attr_store) from [<c02d6800>] (sysfs_kf_write+0x4c/0x50)
[<c02d6800>] (sysfs_kf_write) from [<c02d594c>] (kernfs_fop_write+0xfc/0x1e4)
[<c02d594c>] (kernfs_fop_write) from [<c02593d8>] (__vfs_write+0x2c/0x160)
[<c02593d8>] (__vfs_write) from [<c0259694>] (vfs_write+0xa4/0x16c)
[<c0259694>] (vfs_write) from [<c0259870>] (ksys_write+0x40/0x8c)
[<c0259870>] (ksys_write) from [<c0101000>] (ret_fast_syscall+0x0/0x28)
Exception stack(0xed55ffa8 to 0xed55fff0)
...
Fixes: 01c10880d242 ("usb: dwc3: gadget: synchronize_irq dwc irq in suspend")
Signed-off-by: Marek Szyprowski <m.szyprowski@samsung.com>
Signed-off-by: Felipe Balbi <felipe.balbi@linux.intel.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/usb/dwc3/core.c | 2 ++
drivers/usb/dwc3/gadget.c | 2 --
2 files changed, 2 insertions(+), 2 deletions(-)
diff --git a/drivers/usb/dwc3/core.c b/drivers/usb/dwc3/core.c
index f944cea4056bc..72110a8c49d68 100644
--- a/drivers/usb/dwc3/core.c
+++ b/drivers/usb/dwc3/core.c
@@ -1600,6 +1600,7 @@ static int dwc3_suspend_common(struct dwc3 *dwc, pm_message_t msg)
spin_lock_irqsave(&dwc->lock, flags);
dwc3_gadget_suspend(dwc);
spin_unlock_irqrestore(&dwc->lock, flags);
+ synchronize_irq(dwc->irq_gadget);
dwc3_core_exit(dwc);
break;
case DWC3_GCTL_PRTCAP_HOST:
@@ -1632,6 +1633,7 @@ static int dwc3_suspend_common(struct dwc3 *dwc, pm_message_t msg)
spin_lock_irqsave(&dwc->lock, flags);
dwc3_gadget_suspend(dwc);
spin_unlock_irqrestore(&dwc->lock, flags);
+ synchronize_irq(dwc->irq_gadget);
}
dwc3_otg_exit(dwc);
diff --git a/drivers/usb/dwc3/gadget.c b/drivers/usb/dwc3/gadget.c
index e293400cc6e95..2bb0ff9608d30 100644
--- a/drivers/usb/dwc3/gadget.c
+++ b/drivers/usb/dwc3/gadget.c
@@ -3384,8 +3384,6 @@ int dwc3_gadget_suspend(struct dwc3 *dwc)
dwc3_disconnect_gadget(dwc);
__dwc3_gadget_stop(dwc);
- synchronize_irq(dwc->irq_gadget);
-
return 0;
}
--
2.20.1
^ permalink raw reply related [flat|nested] 429+ messages in thread
* [PATCH 5.1 072/405] usb: gadget: f_fs: dont free buffer prematurely
2019-05-30 2:59 [PATCH 5.1 000/405] 5.1.6-stable review Greg Kroah-Hartman
` (70 preceding siblings ...)
2019-05-30 3:01 ` [PATCH 5.1 071/405] usb: dwc3: move synchronize_irq() out of the spinlock protected block Greg Kroah-Hartman
@ 2019-05-30 3:01 ` Greg Kroah-Hartman
2019-05-30 3:01 ` [PATCH 5.1 073/405] ASoC: hdmi-codec: unlock the device on startup errors Greg Kroah-Hartman
` (337 subsequent siblings)
409 siblings, 0 replies; 429+ messages in thread
From: Greg Kroah-Hartman @ 2019-05-30 3:01 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Fei Yang, Manu Gautam, John Stultz,
Felipe Balbi, Sasha Levin
[ Upstream commit 73103c7f958b99561555c3bd1bc1a0809e0b7d61 ]
The following kernel panic happens due to the io_data buffer gets deallocated
before the async io is completed. Add a check for the case where io_data buffer
should be deallocated by ffs_user_copy_worker.
[ 41.663334] BUG: unable to handle kernel NULL pointer dereference at 0000000000000048
[ 41.672099] #PF error: [normal kernel read fault]
[ 41.677356] PGD 20c974067 P4D 20c974067 PUD 20c973067 PMD 0
[ 41.683687] Oops: 0000 [#1] PREEMPT SMP
[ 41.687976] CPU: 1 PID: 7 Comm: kworker/u8:0 Tainted: G U 5.0.0-quilt-2e5dc0ac-00790-gd8c79f2-dirty #2
[ 41.705309] Workqueue: adb ffs_user_copy_worker
[ 41.705316] RIP: 0010:__vunmap+0x2a/0xc0
[ 41.705318] Code: 0f 1f 44 00 00 48 85 ff 0f 84 87 00 00 00 55 f7 c7 ff 0f 00 00 48 89 e5 41 55 41 89 f5 41 54 53 48 89 fb 75 71 e8 56 d7 ff ff <4c> 8b 60 48 4d 85 e4 74 76 48 89 df e8 25 ff ff ff 45 85 ed 74 46
[ 41.705320] RSP: 0018:ffffbc3a40053df0 EFLAGS: 00010286
[ 41.705322] RAX: 0000000000000000 RBX: ffffbc3a406f1000 RCX: 0000000000000000
[ 41.705323] RDX: 0000000000000001 RSI: 0000000000000001 RDI: 00000000ffffffff
[ 41.705324] RBP: ffffbc3a40053e08 R08: 000000000001fb79 R09: 0000000000000037
[ 41.705325] R10: ffffbc3a40053b68 R11: ffffbc3a40053cad R12: fffffffffffffff2
[ 41.705326] R13: 0000000000000001 R14: 0000000000000000 R15: ffffffffffffffff
[ 41.705328] FS: 0000000000000000(0000) GS:ffff9e2977a80000(0000) knlGS:0000000000000000
[ 41.705329] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 41.705330] CR2: 0000000000000048 CR3: 000000020c994000 CR4: 00000000003406e0
[ 41.705331] Call Trace:
[ 41.705338] vfree+0x50/0xb0
[ 41.705341] ffs_user_copy_worker+0xe9/0x1c0
[ 41.705344] process_one_work+0x19f/0x3e0
[ 41.705348] worker_thread+0x3f/0x3b0
[ 41.829766] kthread+0x12b/0x150
[ 41.833371] ? process_one_work+0x3e0/0x3e0
[ 41.838045] ? kthread_create_worker_on_cpu+0x70/0x70
[ 41.843695] ret_from_fork+0x3a/0x50
[ 41.847689] Modules linked in: hci_uart bluetooth ecdh_generic rfkill_gpio dwc3_pci dwc3 snd_usb_audio mei_me tpm_crb snd_usbmidi_lib xhci_pci xhci_hcd mei tpm snd_hwdep cfg80211 snd_soc_skl snd_soc_skl_ipc snd_soc_sst_ipc snd_soc_sst_dsp snd_hda_ext_core snd_hda_core videobuf2_dma_sg crlmodule
[ 41.876880] CR2: 0000000000000048
[ 41.880584] ---[ end trace 2bc4addff0f2e673 ]---
[ 41.891346] RIP: 0010:__vunmap+0x2a/0xc0
[ 41.895734] Code: 0f 1f 44 00 00 48 85 ff 0f 84 87 00 00 00 55 f7 c7 ff 0f 00 00 48 89 e5 41 55 41 89 f5 41 54 53 48 89 fb 75 71 e8 56 d7 ff ff <4c> 8b 60 48 4d 85 e4 74 76 48 89 df e8 25 ff ff ff 45 85 ed 74 46
[ 41.916740] RSP: 0018:ffffbc3a40053df0 EFLAGS: 00010286
[ 41.922583] RAX: 0000000000000000 RBX: ffffbc3a406f1000 RCX: 0000000000000000
[ 41.930563] RDX: 0000000000000001 RSI: 0000000000000001 RDI: 00000000ffffffff
[ 41.938540] RBP: ffffbc3a40053e08 R08: 000000000001fb79 R09: 0000000000000037
[ 41.946520] R10: ffffbc3a40053b68 R11: ffffbc3a40053cad R12: fffffffffffffff2
[ 41.954502] R13: 0000000000000001 R14: 0000000000000000 R15: ffffffffffffffff
[ 41.962482] FS: 0000000000000000(0000) GS:ffff9e2977a80000(0000) knlGS:0000000000000000
[ 41.971536] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 41.977960] CR2: 0000000000000048 CR3: 000000020c994000 CR4: 00000000003406e0
[ 41.985930] Kernel panic - not syncing: Fatal exception
[ 41.991817] Kernel Offset: 0x16000000 from 0xffffffff81000000 (relocation range: 0xffffffff80000000-0xffffffffbfffffff)
[ 42.009525] Rebooting in 10 seconds..
[ 52.014376] ACPI MEMORY or I/O RESET_REG.
Fixes: 772a7a724f69 ("usb: gadget: f_fs: Allow scatter-gather buffers")
Signed-off-by: Fei Yang <fei.yang@intel.com>
Reviewed-by: Manu Gautam <mgautam@codeaurora.org>
Tested-by: John Stultz <john.stultz@linaro.org>
Signed-off-by: Felipe Balbi <felipe.balbi@linux.intel.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/usb/gadget/function/f_fs.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/drivers/usb/gadget/function/f_fs.c b/drivers/usb/gadget/function/f_fs.c
index 20413c276c616..47be961f1bf3f 100644
--- a/drivers/usb/gadget/function/f_fs.c
+++ b/drivers/usb/gadget/function/f_fs.c
@@ -1133,7 +1133,8 @@ static ssize_t ffs_epfile_io(struct file *file, struct ffs_io_data *io_data)
error_mutex:
mutex_unlock(&epfile->mutex);
error:
- ffs_free_buffer(io_data);
+ if (ret != -EIOCBQUEUED) /* don't free if there is iocb queued */
+ ffs_free_buffer(io_data);
return ret;
}
--
2.20.1
^ permalink raw reply related [flat|nested] 429+ messages in thread
* [PATCH 5.1 073/405] ASoC: hdmi-codec: unlock the device on startup errors
2019-05-30 2:59 [PATCH 5.1 000/405] 5.1.6-stable review Greg Kroah-Hartman
` (71 preceding siblings ...)
2019-05-30 3:01 ` [PATCH 5.1 072/405] usb: gadget: f_fs: dont free buffer prematurely Greg Kroah-Hartman
@ 2019-05-30 3:01 ` Greg Kroah-Hartman
2019-05-30 3:01 ` [PATCH 5.1 074/405] powerpc/perf: Return accordingly on invalid chip-id in Greg Kroah-Hartman
` (336 subsequent siblings)
409 siblings, 0 replies; 429+ messages in thread
From: Greg Kroah-Hartman @ 2019-05-30 3:01 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Jerome Brunet, Mark Brown, Sasha Levin
[ Upstream commit 30180e8436046344b12813dc954b2e01dfdcd22d ]
If the hdmi codec startup fails, it should clear the current_substream
pointer to free the device. This is properly done for the audio_startup()
callback but for snd_pcm_hw_constraint_eld().
Make sure the pointer cleared if an error is reported.
Signed-off-by: Jerome Brunet <jbrunet@baylibre.com>
Signed-off-by: Mark Brown <broonie@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
sound/soc/codecs/hdmi-codec.c | 6 +++++-
1 file changed, 5 insertions(+), 1 deletion(-)
diff --git a/sound/soc/codecs/hdmi-codec.c b/sound/soc/codecs/hdmi-codec.c
index 35df73e42cbc5..fb2f0ac1f16f3 100644
--- a/sound/soc/codecs/hdmi-codec.c
+++ b/sound/soc/codecs/hdmi-codec.c
@@ -439,8 +439,12 @@ static int hdmi_codec_startup(struct snd_pcm_substream *substream,
if (!ret) {
ret = snd_pcm_hw_constraint_eld(substream->runtime,
hcp->eld);
- if (ret)
+ if (ret) {
+ mutex_lock(&hcp->current_stream_lock);
+ hcp->current_stream = NULL;
+ mutex_unlock(&hcp->current_stream_lock);
return ret;
+ }
}
/* Select chmap supported */
hdmi_codec_eld_chmap(hcp);
--
2.20.1
^ permalink raw reply related [flat|nested] 429+ messages in thread
* [PATCH 5.1 074/405] powerpc/perf: Return accordingly on invalid chip-id in
2019-05-30 2:59 [PATCH 5.1 000/405] 5.1.6-stable review Greg Kroah-Hartman
` (72 preceding siblings ...)
2019-05-30 3:01 ` [PATCH 5.1 073/405] ASoC: hdmi-codec: unlock the device on startup errors Greg Kroah-Hartman
@ 2019-05-30 3:01 ` Greg Kroah-Hartman
2019-05-30 3:01 ` [PATCH 5.1 075/405] powerpc/boot: Fix missing check of lseek() return value Greg Kroah-Hartman
` (335 subsequent siblings)
409 siblings, 0 replies; 429+ messages in thread
From: Greg Kroah-Hartman @ 2019-05-30 3:01 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Dan Carpenter, Madhavan Srinivasan,
Anju T Sudhakar, Michael Ellerman, Sasha Levin
[ Upstream commit a913e5e8b43be1d3897a141ce61c1ec071cad89c ]
Nest hardware counter memory resides in a per-chip reserve-memory.
During nest_imc_event_init(), chip-id of the event-cpu is considered to
calculate the base memory addresss for that cpu. Return, proper error
condition if the chip_id calculated is invalid.
Reported-by: Dan Carpenter <dan.carpenter@oracle.com>
Fixes: 885dcd709ba91 ("powerpc/perf: Add nest IMC PMU support")
Reviewed-by: Madhavan Srinivasan <maddy@linux.vnet.ibm.com>
Signed-off-by: Anju T Sudhakar <anju@linux.vnet.ibm.com>
Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/powerpc/perf/imc-pmu.c | 5 +++++
1 file changed, 5 insertions(+)
diff --git a/arch/powerpc/perf/imc-pmu.c b/arch/powerpc/perf/imc-pmu.c
index b1c37cc3fa98b..6159e9edddfd0 100644
--- a/arch/powerpc/perf/imc-pmu.c
+++ b/arch/powerpc/perf/imc-pmu.c
@@ -487,6 +487,11 @@ static int nest_imc_event_init(struct perf_event *event)
* Get the base memory addresss for this cpu.
*/
chip_id = cpu_to_chip_id(event->cpu);
+
+ /* Return, if chip_id is not valid */
+ if (chip_id < 0)
+ return -ENODEV;
+
pcni = pmu->mem_info;
do {
if (pcni->id == chip_id) {
--
2.20.1
^ permalink raw reply related [flat|nested] 429+ messages in thread
* [PATCH 5.1 075/405] powerpc/boot: Fix missing check of lseek() return value
2019-05-30 2:59 [PATCH 5.1 000/405] 5.1.6-stable review Greg Kroah-Hartman
` (73 preceding siblings ...)
2019-05-30 3:01 ` [PATCH 5.1 074/405] powerpc/perf: Return accordingly on invalid chip-id in Greg Kroah-Hartman
@ 2019-05-30 3:01 ` Greg Kroah-Hartman
2019-05-30 3:01 ` [PATCH 5.1 076/405] powerpc/perf: Fix loop exit condition in nest_imc_event_init Greg Kroah-Hartman
` (334 subsequent siblings)
409 siblings, 0 replies; 429+ messages in thread
From: Greg Kroah-Hartman @ 2019-05-30 3:01 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Bo YU, Michael Ellerman, Sasha Levin
[ Upstream commit 5d085ec04a000fefb5182d3b03ee46ca96d8389b ]
This is detected by Coverity scan: CID: 1440481
Signed-off-by: Bo YU <tsu.yubo@gmail.com>
Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/powerpc/boot/addnote.c | 6 +++++-
1 file changed, 5 insertions(+), 1 deletion(-)
diff --git a/arch/powerpc/boot/addnote.c b/arch/powerpc/boot/addnote.c
index 9d9f6f334d3cc..3da3e2b1b51bc 100644
--- a/arch/powerpc/boot/addnote.c
+++ b/arch/powerpc/boot/addnote.c
@@ -223,7 +223,11 @@ main(int ac, char **av)
PUT_16(E_PHNUM, np + 2);
/* write back */
- lseek(fd, (long) 0, SEEK_SET);
+ i = lseek(fd, (long) 0, SEEK_SET);
+ if (i < 0) {
+ perror("lseek");
+ exit(1);
+ }
i = write(fd, buf, n);
if (i < 0) {
perror("write");
--
2.20.1
^ permalink raw reply related [flat|nested] 429+ messages in thread
* [PATCH 5.1 076/405] powerpc/perf: Fix loop exit condition in nest_imc_event_init
2019-05-30 2:59 [PATCH 5.1 000/405] 5.1.6-stable review Greg Kroah-Hartman
` (74 preceding siblings ...)
2019-05-30 3:01 ` [PATCH 5.1 075/405] powerpc/boot: Fix missing check of lseek() return value Greg Kroah-Hartman
@ 2019-05-30 3:01 ` Greg Kroah-Hartman
2019-05-30 3:01 ` [PATCH 5.1 077/405] spi: atmel-quadspi: fix crash while suspending Greg Kroah-Hartman
` (333 subsequent siblings)
409 siblings, 0 replies; 429+ messages in thread
From: Greg Kroah-Hartman @ 2019-05-30 3:01 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Dan Carpenter, Anju T Sudhakar,
Madhavan Srinivasan, Michael Ellerman, Sasha Levin
[ Upstream commit 860b7d2286236170a36f94946d03ca9888d32571 ]
The data structure (i.e struct imc_mem_info) to hold the memory address
information for nest imc units is allocated based on the number of nodes
in the system.
nest_imc_event_init() traverse this struct array to calculate the memory
base address for the event-cpu. If we fail to find a match for the event
cpu's chip-id in imc_mem_info struct array, then the do-while loop will
iterate until we crash.
Fix this by changing the loop exit condition based on the number of
non zero vbase elements in the array, since the allocation is done for
nr_chips + 1.
Reported-by: Dan Carpenter <dan.carpenter@oracle.com>
Fixes: 885dcd709ba91 ("powerpc/perf: Add nest IMC PMU support")
Signed-off-by: Anju T Sudhakar <anju@linux.vnet.ibm.com>
Reviewed-by: Madhavan Srinivasan <maddy@linux.vnet.ibm.com>
Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/powerpc/perf/imc-pmu.c | 2 +-
arch/powerpc/platforms/powernv/opal-imc.c | 2 +-
2 files changed, 2 insertions(+), 2 deletions(-)
diff --git a/arch/powerpc/perf/imc-pmu.c b/arch/powerpc/perf/imc-pmu.c
index 6159e9edddfd0..2d12f0037e3a5 100644
--- a/arch/powerpc/perf/imc-pmu.c
+++ b/arch/powerpc/perf/imc-pmu.c
@@ -499,7 +499,7 @@ static int nest_imc_event_init(struct perf_event *event)
break;
}
pcni++;
- } while (pcni);
+ } while (pcni->vbase != 0);
if (!flag)
return -ENODEV;
diff --git a/arch/powerpc/platforms/powernv/opal-imc.c b/arch/powerpc/platforms/powernv/opal-imc.c
index 58a07948c76e7..3d27f02695e41 100644
--- a/arch/powerpc/platforms/powernv/opal-imc.c
+++ b/arch/powerpc/platforms/powernv/opal-imc.c
@@ -127,7 +127,7 @@ static int imc_get_mem_addr_nest(struct device_node *node,
nr_chips))
goto error;
- pmu_ptr->mem_info = kcalloc(nr_chips, sizeof(*pmu_ptr->mem_info),
+ pmu_ptr->mem_info = kcalloc(nr_chips + 1, sizeof(*pmu_ptr->mem_info),
GFP_KERNEL);
if (!pmu_ptr->mem_info)
goto error;
--
2.20.1
^ permalink raw reply related [flat|nested] 429+ messages in thread
* [PATCH 5.1 077/405] spi: atmel-quadspi: fix crash while suspending
2019-05-30 2:59 [PATCH 5.1 000/405] 5.1.6-stable review Greg Kroah-Hartman
` (75 preceding siblings ...)
2019-05-30 3:01 ` [PATCH 5.1 076/405] powerpc/perf: Fix loop exit condition in nest_imc_event_init Greg Kroah-Hartman
@ 2019-05-30 3:01 ` Greg Kroah-Hartman
2019-05-30 3:01 ` [PATCH 5.1 078/405] ASoC: imx: fix fiq dependencies Greg Kroah-Hartman
` (332 subsequent siblings)
409 siblings, 0 replies; 429+ messages in thread
From: Greg Kroah-Hartman @ 2019-05-30 3:01 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Claudiu Beznea, Tudor Ambarus,
Mark Brown, Sasha Levin
[ Upstream commit e5c27498a0403b270620b1a8a0a66e3efc222fb6 ]
atmel_qspi objects are kept in spi_controller objects, so, first get
pointer to spi_controller object and then get atmel_qspi object from
spi_controller object.
Fixes: 2d30ac5ed633 ("mtd: spi-nor: atmel-quadspi: Use spi-mem interface for atmel-quadspi driver")
Signed-off-by: Claudiu Beznea <claudiu.beznea@microchip.com>
Reviewed-by: Tudor Ambarus <tudor.ambarus@microchip.com>
Signed-off-by: Mark Brown <broonie@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/spi/atmel-quadspi.c | 6 ++++--
1 file changed, 4 insertions(+), 2 deletions(-)
diff --git a/drivers/spi/atmel-quadspi.c b/drivers/spi/atmel-quadspi.c
index fffc21cd5f793..b3173ebddaded 100644
--- a/drivers/spi/atmel-quadspi.c
+++ b/drivers/spi/atmel-quadspi.c
@@ -570,7 +570,8 @@ static int atmel_qspi_remove(struct platform_device *pdev)
static int __maybe_unused atmel_qspi_suspend(struct device *dev)
{
- struct atmel_qspi *aq = dev_get_drvdata(dev);
+ struct spi_controller *ctrl = dev_get_drvdata(dev);
+ struct atmel_qspi *aq = spi_controller_get_devdata(ctrl);
clk_disable_unprepare(aq->qspick);
clk_disable_unprepare(aq->pclk);
@@ -580,7 +581,8 @@ static int __maybe_unused atmel_qspi_suspend(struct device *dev)
static int __maybe_unused atmel_qspi_resume(struct device *dev)
{
- struct atmel_qspi *aq = dev_get_drvdata(dev);
+ struct spi_controller *ctrl = dev_get_drvdata(dev);
+ struct atmel_qspi *aq = spi_controller_get_devdata(ctrl);
clk_prepare_enable(aq->pclk);
clk_prepare_enable(aq->qspick);
--
2.20.1
^ permalink raw reply related [flat|nested] 429+ messages in thread
* [PATCH 5.1 078/405] ASoC: imx: fix fiq dependencies
2019-05-30 2:59 [PATCH 5.1 000/405] 5.1.6-stable review Greg Kroah-Hartman
` (76 preceding siblings ...)
2019-05-30 3:01 ` [PATCH 5.1 077/405] spi: atmel-quadspi: fix crash while suspending Greg Kroah-Hartman
@ 2019-05-30 3:01 ` Greg Kroah-Hartman
2019-05-30 3:01 ` [PATCH 5.1 079/405] spi: pxa2xx: fix SCR (divisor) calculation Greg Kroah-Hartman
` (331 subsequent siblings)
409 siblings, 0 replies; 429+ messages in thread
From: Greg Kroah-Hartman @ 2019-05-30 3:01 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Arnd Bergmann, Mark Brown, Sasha Levin
[ Upstream commit ea751227c813ab833609afecfeedaf0aa26f327e ]
During randconfig builds, I occasionally run into an invalid configuration
of the freescale FIQ sound support:
WARNING: unmet direct dependencies detected for SND_SOC_IMX_PCM_FIQ
Depends on [m]: SOUND [=y] && !UML && SND [=y] && SND_SOC [=y] && SND_IMX_SOC [=m]
Selected by [y]:
- SND_SOC_FSL_SPDIF [=y] && SOUND [=y] && !UML && SND [=y] && SND_SOC [=y] && SND_IMX_SOC [=m]!=n && (MXC_TZIC [=n] || MXC_AVIC [=y])
sound/soc/fsl/imx-ssi.o: In function `imx_ssi_remove':
imx-ssi.c:(.text+0x28): undefined reference to `imx_pcm_fiq_exit'
sound/soc/fsl/imx-ssi.o: In function `imx_ssi_probe':
imx-ssi.c:(.text+0xa64): undefined reference to `imx_pcm_fiq_init'
The Kconfig warning is a result of the symbol being defined inside of
the "if SND_IMX_SOC" block, and is otherwise harmless. The link error
is more tricky and happens with SND_SOC_IMX_SSI=y, which may or may not
imply FIQ support. However, if SND_SOC_FSL_SSI is set to =m at the same
time, that selects SND_SOC_IMX_PCM_FIQ as a loadable module dependency,
which then causes a link failure from imx-ssi.
The solution here is to make SND_SOC_IMX_PCM_FIQ built-in whenever
one of its potential users is built-in.
Fixes: ff40260f79dc ("ASoC: fsl: refine DMA/FIQ dependencies")
Signed-off-by: Arnd Bergmann <arnd@arndb.de>
Signed-off-by: Mark Brown <broonie@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
sound/soc/fsl/Kconfig | 9 +++++----
1 file changed, 5 insertions(+), 4 deletions(-)
diff --git a/sound/soc/fsl/Kconfig b/sound/soc/fsl/Kconfig
index 7b1d9970be8b3..1f65cf555ebe0 100644
--- a/sound/soc/fsl/Kconfig
+++ b/sound/soc/fsl/Kconfig
@@ -182,16 +182,17 @@ config SND_MPC52xx_SOC_EFIKA
endif # SND_POWERPC_SOC
+config SND_SOC_IMX_PCM_FIQ
+ tristate
+ default y if SND_SOC_IMX_SSI=y && (SND_SOC_FSL_SSI=m || SND_SOC_FSL_SPDIF=m) && (MXC_TZIC || MXC_AVIC)
+ select FIQ
+
if SND_IMX_SOC
config SND_SOC_IMX_SSI
tristate
select SND_SOC_FSL_UTILS
-config SND_SOC_IMX_PCM_FIQ
- tristate
- select FIQ
-
comment "SoC Audio support for Freescale i.MX boards:"
config SND_MXC_SOC_WM1133_EV1
--
2.20.1
^ permalink raw reply related [flat|nested] 429+ messages in thread
* [PATCH 5.1 079/405] spi: pxa2xx: fix SCR (divisor) calculation
2019-05-30 2:59 [PATCH 5.1 000/405] 5.1.6-stable review Greg Kroah-Hartman
` (77 preceding siblings ...)
2019-05-30 3:01 ` [PATCH 5.1 078/405] ASoC: imx: fix fiq dependencies Greg Kroah-Hartman
@ 2019-05-30 3:01 ` Greg Kroah-Hartman
2019-05-30 3:01 ` [PATCH 5.1 080/405] net/mlx5: E-Switch, Use atomic rep state to serialize state change Greg Kroah-Hartman
` (330 subsequent siblings)
409 siblings, 0 replies; 429+ messages in thread
From: Greg Kroah-Hartman @ 2019-05-30 3:01 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Flavio Suligoi, Jarkko Nikula,
Mark Brown, Sasha Levin
[ Upstream commit 29f2133717c527f492933b0622a4aafe0b3cbe9e ]
Calculate the divisor for the SCR (Serial Clock Rate), avoiding
that the SSP transmission rate can be greater than the device rate.
When the division between the SSP clock and the device rate generates
a reminder, we have to increment by one the divisor.
In this way the resulting SSP clock will never be greater than the
device SPI max frequency.
For example, with:
- ssp_clk = 50 MHz
- dev freq = 15 MHz
without this patch the SSP clock will be greater than 15 MHz:
- 25 MHz for PXA25x_SSP and CE4100_SSP
- 16,56 MHz for the others
Instead, with this patch, we have in both case an SSP clock of 12.5MHz,
so the max rate of the SPI device clock is respected.
Signed-off-by: Flavio Suligoi <f.suligoi@asem.it>
Reviewed-by: Jarkko Nikula <jarkko.nikula@linux.intel.com>
Reviewed-by: Jarkko Nikula <jarkko.nikula@linux.intel.com>
Signed-off-by: Mark Brown <broonie@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/spi/spi-pxa2xx.c | 8 ++++++--
1 file changed, 6 insertions(+), 2 deletions(-)
diff --git a/drivers/spi/spi-pxa2xx.c b/drivers/spi/spi-pxa2xx.c
index b6ddba833d021..d2076f2f468f0 100644
--- a/drivers/spi/spi-pxa2xx.c
+++ b/drivers/spi/spi-pxa2xx.c
@@ -884,10 +884,14 @@ static unsigned int ssp_get_clk_div(struct driver_data *drv_data, int rate)
rate = min_t(int, ssp_clk, rate);
+ /*
+ * Calculate the divisor for the SCR (Serial Clock Rate), avoiding
+ * that the SSP transmission rate can be greater than the device rate
+ */
if (ssp->type == PXA25x_SSP || ssp->type == CE4100_SSP)
- return (ssp_clk / (2 * rate) - 1) & 0xff;
+ return (DIV_ROUND_UP(ssp_clk, 2 * rate) - 1) & 0xff;
else
- return (ssp_clk / rate - 1) & 0xfff;
+ return (DIV_ROUND_UP(ssp_clk, rate) - 1) & 0xfff;
}
static unsigned int pxa2xx_ssp_get_clk_div(struct driver_data *drv_data,
--
2.20.1
^ permalink raw reply related [flat|nested] 429+ messages in thread
* [PATCH 5.1 080/405] net/mlx5: E-Switch, Use atomic rep state to serialize state change
2019-05-30 2:59 [PATCH 5.1 000/405] 5.1.6-stable review Greg Kroah-Hartman
` (78 preceding siblings ...)
2019-05-30 3:01 ` [PATCH 5.1 079/405] spi: pxa2xx: fix SCR (divisor) calculation Greg Kroah-Hartman
@ 2019-05-30 3:01 ` Greg Kroah-Hartman
2019-05-30 3:01 ` [PATCH 5.1 081/405] brcm80211: potential NULL dereference in brcmf_cfg80211_vndr_cmds_dcmd_handler() Greg Kroah-Hartman
` (329 subsequent siblings)
409 siblings, 0 replies; 429+ messages in thread
From: Greg Kroah-Hartman @ 2019-05-30 3:01 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Bodong Wang, Parav Pandit, Vu Pham,
Saeed Mahameed, Sasha Levin
[ Upstream commit 6f4e02193c9a9ea54dd3151cf97489fa787cd0e6 ]
When the state of rep was introduced, it was also designed to prevent
duplicate unloading of the same rep. Considering the following two
flows when an eswitch manager is at switchdev mode with n VF reps loaded.
+--------------------------------------+--------------------------------+
| cpu-0 | cpu-1 |
| -------- | -------- |
| mlx5_ib_remove | mlx5_eswitch_disable_sriov |
| mlx5_ib_unregister_vport_reps | esw_offloads_cleanup |
| mlx5_eswitch_unregister_vport_reps | esw_offloads_unload_all_reps |
| __unload_reps_all_vport | __unload_reps_all_vport |
+--------------------------------------+--------------------------------+
These two flows will try to unload the same rep. Per original design,
once one flow unloads the rep, the state moves to REGISTERED. The 2nd
flow will no longer needs to do the unload and bails out. However, as
read and write of the state is not atomic, when 1st flow is doing the
unload, the state is still LOADED, 2nd flow is able to do the same
unload action. Kernel crash will happen.
To solve this, driver should do atomic test-and-set for the state. So
that only one flow can change the rep state from LOADED to REGISTERED,
and proceed to do the actual unloading.
Since the state is changing to atomic type, all other read/write should
be atomic action as well.
Fixes: f121e0ea9586 (net/mlx5: E-Switch, Add state to eswitch vport representors)
Signed-off-by: Bodong Wang <bodong@mellanox.com>
Reviewed-by: Parav Pandit <parav@mellanox.com>
Reviewed-by: Vu Pham <vuhuong@mellanox.com>
Signed-off-by: Saeed Mahameed <saeedm@mellanox.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
.../mellanox/mlx5/core/eswitch_offloads.c | 36 +++++++++----------
include/linux/mlx5/eswitch.h | 2 +-
2 files changed, 18 insertions(+), 20 deletions(-)
diff --git a/drivers/net/ethernet/mellanox/mlx5/core/eswitch_offloads.c b/drivers/net/ethernet/mellanox/mlx5/core/eswitch_offloads.c
index 9b2d78ee22b88..d2d8da133082c 100644
--- a/drivers/net/ethernet/mellanox/mlx5/core/eswitch_offloads.c
+++ b/drivers/net/ethernet/mellanox/mlx5/core/eswitch_offloads.c
@@ -363,7 +363,7 @@ static int esw_set_global_vlan_pop(struct mlx5_eswitch *esw, u8 val)
esw_debug(esw->dev, "%s applying global %s policy\n", __func__, val ? "pop" : "none");
for (vf_vport = 1; vf_vport < esw->enabled_vports; vf_vport++) {
rep = &esw->offloads.vport_reps[vf_vport];
- if (rep->rep_if[REP_ETH].state != REP_LOADED)
+ if (atomic_read(&rep->rep_if[REP_ETH].state) != REP_LOADED)
continue;
err = __mlx5_eswitch_set_vport_vlan(esw, rep->vport, 0, 0, val);
@@ -1306,7 +1306,8 @@ int esw_offloads_init_reps(struct mlx5_eswitch *esw)
ether_addr_copy(rep->hw_id, hw_id);
for (rep_type = 0; rep_type < NUM_REP_TYPES; rep_type++)
- rep->rep_if[rep_type].state = REP_UNREGISTERED;
+ atomic_set(&rep->rep_if[rep_type].state,
+ REP_UNREGISTERED);
}
return 0;
@@ -1315,11 +1316,9 @@ int esw_offloads_init_reps(struct mlx5_eswitch *esw)
static void __esw_offloads_unload_rep(struct mlx5_eswitch *esw,
struct mlx5_eswitch_rep *rep, u8 rep_type)
{
- if (rep->rep_if[rep_type].state != REP_LOADED)
- return;
-
- rep->rep_if[rep_type].unload(rep);
- rep->rep_if[rep_type].state = REP_REGISTERED;
+ if (atomic_cmpxchg(&rep->rep_if[rep_type].state,
+ REP_LOADED, REP_REGISTERED) == REP_LOADED)
+ rep->rep_if[rep_type].unload(rep);
}
static void __unload_reps_special_vport(struct mlx5_eswitch *esw, u8 rep_type)
@@ -1380,16 +1379,15 @@ static int __esw_offloads_load_rep(struct mlx5_eswitch *esw,
{
int err = 0;
- if (rep->rep_if[rep_type].state != REP_REGISTERED)
- return 0;
-
- err = rep->rep_if[rep_type].load(esw->dev, rep);
- if (err)
- return err;
-
- rep->rep_if[rep_type].state = REP_LOADED;
+ if (atomic_cmpxchg(&rep->rep_if[rep_type].state,
+ REP_REGISTERED, REP_LOADED) == REP_REGISTERED) {
+ err = rep->rep_if[rep_type].load(esw->dev, rep);
+ if (err)
+ atomic_set(&rep->rep_if[rep_type].state,
+ REP_REGISTERED);
+ }
- return 0;
+ return err;
}
static int __load_reps_special_vport(struct mlx5_eswitch *esw, u8 rep_type)
@@ -2076,7 +2074,7 @@ void mlx5_eswitch_register_vport_reps(struct mlx5_eswitch *esw,
rep_if->get_proto_dev = __rep_if->get_proto_dev;
rep_if->priv = __rep_if->priv;
- rep_if->state = REP_REGISTERED;
+ atomic_set(&rep_if->state, REP_REGISTERED);
}
}
EXPORT_SYMBOL(mlx5_eswitch_register_vport_reps);
@@ -2091,7 +2089,7 @@ void mlx5_eswitch_unregister_vport_reps(struct mlx5_eswitch *esw, u8 rep_type)
__unload_reps_all_vport(esw, max_vf, rep_type);
mlx5_esw_for_all_reps(esw, i, rep)
- rep->rep_if[rep_type].state = REP_UNREGISTERED;
+ atomic_set(&rep->rep_if[rep_type].state, REP_UNREGISTERED);
}
EXPORT_SYMBOL(mlx5_eswitch_unregister_vport_reps);
@@ -2111,7 +2109,7 @@ void *mlx5_eswitch_get_proto_dev(struct mlx5_eswitch *esw,
rep = mlx5_eswitch_get_rep(esw, vport);
- if (rep->rep_if[rep_type].state == REP_LOADED &&
+ if (atomic_read(&rep->rep_if[rep_type].state) == REP_LOADED &&
rep->rep_if[rep_type].get_proto_dev)
return rep->rep_if[rep_type].get_proto_dev(rep);
return NULL;
diff --git a/include/linux/mlx5/eswitch.h b/include/linux/mlx5/eswitch.h
index 96d8435421de8..0ca77dd1429c0 100644
--- a/include/linux/mlx5/eswitch.h
+++ b/include/linux/mlx5/eswitch.h
@@ -35,7 +35,7 @@ struct mlx5_eswitch_rep_if {
void (*unload)(struct mlx5_eswitch_rep *rep);
void *(*get_proto_dev)(struct mlx5_eswitch_rep *rep);
void *priv;
- u8 state;
+ atomic_t state;
};
struct mlx5_eswitch_rep {
--
2.20.1
^ permalink raw reply related [flat|nested] 429+ messages in thread
* [PATCH 5.1 081/405] brcm80211: potential NULL dereference in brcmf_cfg80211_vndr_cmds_dcmd_handler()
2019-05-30 2:59 [PATCH 5.1 000/405] 5.1.6-stable review Greg Kroah-Hartman
` (79 preceding siblings ...)
2019-05-30 3:01 ` [PATCH 5.1 080/405] net/mlx5: E-Switch, Use atomic rep state to serialize state change Greg Kroah-Hartman
@ 2019-05-30 3:01 ` Greg Kroah-Hartman
2019-05-30 3:01 ` [PATCH 5.1 082/405] ACPI / property: fix handling of data_nodes in acpi_get_next_subnode() Greg Kroah-Hartman
` (328 subsequent siblings)
409 siblings, 0 replies; 429+ messages in thread
From: Greg Kroah-Hartman @ 2019-05-30 3:01 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Dan Carpenter, Kalle Valo, Sasha Levin
[ Upstream commit e025da3d7aa4770bb1d1b3b0aa7cc4da1744852d ]
If "ret_len" is negative then it could lead to a NULL dereference.
The "ret_len" value comes from nl80211_vendor_cmd(), if it's negative
then we don't allocate the "dcmd_buf" buffer. Then we pass "ret_len" to
brcmf_fil_cmd_data_set() where it is cast to a very high u32 value.
Most of the functions in that call tree check whether the buffer we pass
is NULL but there are at least a couple places which don't such as
brcmf_dbg_hex_dump() and brcmf_msgbuf_query_dcmd(). We memcpy() to and
from the buffer so it would result in a NULL dereference.
The fix is to change the types so that "ret_len" can't be negative. (If
we memcpy() zero bytes to NULL, that's a no-op and doesn't cause an
issue).
Fixes: 1bacb0487d0e ("brcmfmac: replace cfg80211 testmode with vendor command")
Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/wireless/broadcom/brcm80211/brcmfmac/vendor.c | 5 +++--
1 file changed, 3 insertions(+), 2 deletions(-)
diff --git a/drivers/net/wireless/broadcom/brcm80211/brcmfmac/vendor.c b/drivers/net/wireless/broadcom/brcm80211/brcmfmac/vendor.c
index 8eff2753abade..d493021f60318 100644
--- a/drivers/net/wireless/broadcom/brcm80211/brcmfmac/vendor.c
+++ b/drivers/net/wireless/broadcom/brcm80211/brcmfmac/vendor.c
@@ -35,9 +35,10 @@ static int brcmf_cfg80211_vndr_cmds_dcmd_handler(struct wiphy *wiphy,
struct brcmf_if *ifp;
const struct brcmf_vndr_dcmd_hdr *cmdhdr = data;
struct sk_buff *reply;
- int ret, payload, ret_len;
+ unsigned int payload, ret_len;
void *dcmd_buf = NULL, *wr_pointer;
u16 msglen, maxmsglen = PAGE_SIZE - 0x100;
+ int ret;
if (len < sizeof(*cmdhdr)) {
brcmf_err("vendor command too short: %d\n", len);
@@ -65,7 +66,7 @@ static int brcmf_cfg80211_vndr_cmds_dcmd_handler(struct wiphy *wiphy,
brcmf_err("oversize return buffer %d\n", ret_len);
ret_len = BRCMF_DCMD_MAXLEN;
}
- payload = max(ret_len, len) + 1;
+ payload = max_t(unsigned int, ret_len, len) + 1;
dcmd_buf = vzalloc(payload);
if (NULL == dcmd_buf)
return -ENOMEM;
--
2.20.1
^ permalink raw reply related [flat|nested] 429+ messages in thread
* [PATCH 5.1 082/405] ACPI / property: fix handling of data_nodes in acpi_get_next_subnode()
2019-05-30 2:59 [PATCH 5.1 000/405] 5.1.6-stable review Greg Kroah-Hartman
` (80 preceding siblings ...)
2019-05-30 3:01 ` [PATCH 5.1 081/405] brcm80211: potential NULL dereference in brcmf_cfg80211_vndr_cmds_dcmd_handler() Greg Kroah-Hartman
@ 2019-05-30 3:01 ` Greg Kroah-Hartman
2019-05-30 3:01 ` [PATCH 5.1 083/405] drm/nouveau/bar/nv50: ensure BAR is mapped Greg Kroah-Hartman
` (327 subsequent siblings)
409 siblings, 0 replies; 429+ messages in thread
From: Greg Kroah-Hartman @ 2019-05-30 3:01 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Pierre-Louis Bossart,
Andy Shevchenko, Rafael J. Wysocki, Sasha Levin
[ Upstream commit 23583f7795025e3c783b680d906509366b0906ad ]
When the DSDT tables expose devices with subdevices and a set of
hierarchical _DSD properties, the data returned by
acpi_get_next_subnode() is incorrect, with the results suggesting a bad
pointer assignment. The parser works fine with device_nodes or
data_nodes, but not with a combination of the two.
The problem is traced to an invalid pointer used when jumping from
handling device_nodes to data nodes. The existing code looks for data
nodes below the last subdevice found instead of the common root. Fix
by forcing the acpi_device pointer to be derived from the same fwnode
for the two types of subnodes.
This same problem of handling device and data nodes was already fixed
in a similar way by 'commit bf4703fdd166 ("ACPI / property: fix data
node parsing in acpi_get_next_subnode()")' but broken later by 'commit
34055190b19 ("ACPI / property: Add fwnode_get_next_child_node()")', so
this should probably go to linux-stable all the way to 4.12
Signed-off-by: Pierre-Louis Bossart <pierre-louis.bossart@linux.intel.com>
Reviewed-by: Andy Shevchenko <andriy.shevchenko@linux.intel.com>
Signed-off-by: Rafael J. Wysocki <rafael.j.wysocki@intel.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/acpi/property.c | 8 ++++++++
1 file changed, 8 insertions(+)
diff --git a/drivers/acpi/property.c b/drivers/acpi/property.c
index 77abe0ec40431..bd533f68b1dec 100644
--- a/drivers/acpi/property.c
+++ b/drivers/acpi/property.c
@@ -1031,6 +1031,14 @@ struct fwnode_handle *acpi_get_next_subnode(const struct fwnode_handle *fwnode,
const struct acpi_data_node *data = to_acpi_data_node(fwnode);
struct acpi_data_node *dn;
+ /*
+ * We can have a combination of device and data nodes, e.g. with
+ * hierarchical _DSD properties. Make sure the adev pointer is
+ * restored before going through data nodes, otherwise we will
+ * be looking for data_nodes below the last device found instead
+ * of the common fwnode shared by device_nodes and data_nodes.
+ */
+ adev = to_acpi_device_node(fwnode);
if (adev)
head = &adev->data.subnodes;
else if (data)
--
2.20.1
^ permalink raw reply related [flat|nested] 429+ messages in thread
* [PATCH 5.1 083/405] drm/nouveau/bar/nv50: ensure BAR is mapped
2019-05-30 2:59 [PATCH 5.1 000/405] 5.1.6-stable review Greg Kroah-Hartman
` (81 preceding siblings ...)
2019-05-30 3:01 ` [PATCH 5.1 082/405] ACPI / property: fix handling of data_nodes in acpi_get_next_subnode() Greg Kroah-Hartman
@ 2019-05-30 3:01 ` Greg Kroah-Hartman
2019-05-30 3:01 ` [PATCH 5.1 084/405] media: stm32-dcmi: return appropriate error codes during probe Greg Kroah-Hartman
` (326 subsequent siblings)
409 siblings, 0 replies; 429+ messages in thread
From: Greg Kroah-Hartman @ 2019-05-30 3:01 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Jon Derrick, Ben Skeggs, Sasha Levin
[ Upstream commit f10b83de1fd49216a4c657816f48001437e4bdd5 ]
If the BAR is zero size, it indicates it was never successfully mapped.
Ensure that the BAR is valid during initialization before attempting to
use it.
Signed-off-by: Jon Derrick <jonathan.derrick@intel.com>
Signed-off-by: Ben Skeggs <bskeggs@redhat.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/gpu/drm/nouveau/nvkm/subdev/bar/nv50.c | 12 +++++++++---
1 file changed, 9 insertions(+), 3 deletions(-)
diff --git a/drivers/gpu/drm/nouveau/nvkm/subdev/bar/nv50.c b/drivers/gpu/drm/nouveau/nvkm/subdev/bar/nv50.c
index 157b076a12723..38c9c086754b6 100644
--- a/drivers/gpu/drm/nouveau/nvkm/subdev/bar/nv50.c
+++ b/drivers/gpu/drm/nouveau/nvkm/subdev/bar/nv50.c
@@ -109,7 +109,7 @@ nv50_bar_oneinit(struct nvkm_bar *base)
struct nvkm_device *device = bar->base.subdev.device;
static struct lock_class_key bar1_lock;
static struct lock_class_key bar2_lock;
- u64 start, limit;
+ u64 start, limit, size;
int ret;
ret = nvkm_gpuobj_new(device, 0x20000, 0, false, NULL, &bar->mem);
@@ -127,7 +127,10 @@ nv50_bar_oneinit(struct nvkm_bar *base)
/* BAR2 */
start = 0x0100000000ULL;
- limit = start + device->func->resource_size(device, 3);
+ size = device->func->resource_size(device, 3);
+ if (!size)
+ return -ENOMEM;
+ limit = start + size;
ret = nvkm_vmm_new(device, start, limit-- - start, NULL, 0,
&bar2_lock, "bar2", &bar->bar2_vmm);
@@ -164,7 +167,10 @@ nv50_bar_oneinit(struct nvkm_bar *base)
/* BAR1 */
start = 0x0000000000ULL;
- limit = start + device->func->resource_size(device, 1);
+ size = device->func->resource_size(device, 1);
+ if (!size)
+ return -ENOMEM;
+ limit = start + size;
ret = nvkm_vmm_new(device, start, limit-- - start, NULL, 0,
&bar1_lock, "bar1", &bar->bar1_vmm);
--
2.20.1
^ permalink raw reply related [flat|nested] 429+ messages in thread
* [PATCH 5.1 084/405] media: stm32-dcmi: return appropriate error codes during probe
2019-05-30 2:59 [PATCH 5.1 000/405] 5.1.6-stable review Greg Kroah-Hartman
` (82 preceding siblings ...)
2019-05-30 3:01 ` [PATCH 5.1 083/405] drm/nouveau/bar/nv50: ensure BAR is mapped Greg Kroah-Hartman
@ 2019-05-30 3:01 ` Greg Kroah-Hartman
2019-05-30 3:01 ` [PATCH 5.1 085/405] ARM: vdso: Remove dependency with the arch_timer driver internals Greg Kroah-Hartman
` (325 subsequent siblings)
409 siblings, 0 replies; 429+ messages in thread
From: Greg Kroah-Hartman @ 2019-05-30 3:01 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Fabien Dessenne, Hugues Fruchet,
Hans Verkuil, Mauro Carvalho Chehab, Sasha Levin
[ Upstream commit b5b5a27bee5884860798ffd0f08e611a3942064b ]
During probe, return the provided errors value instead of -ENODEV.
This allows the driver to be deferred probed if needed.
Signed-off-by: Fabien Dessenne <fabien.dessenne@st.com>
Acked-by: Hugues Fruchet <hugues.fruchet@st.com>
Signed-off-by: Hans Verkuil <hverkuil-cisco@xs4all.nl>
Signed-off-by: Mauro Carvalho Chehab <mchehab+samsung@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/media/platform/stm32/stm32-dcmi.c | 14 ++++++++------
1 file changed, 8 insertions(+), 6 deletions(-)
diff --git a/drivers/media/platform/stm32/stm32-dcmi.c b/drivers/media/platform/stm32/stm32-dcmi.c
index 5fe5b38fa901d..a1f0801081ba9 100644
--- a/drivers/media/platform/stm32/stm32-dcmi.c
+++ b/drivers/media/platform/stm32/stm32-dcmi.c
@@ -1645,7 +1645,7 @@ static int dcmi_probe(struct platform_device *pdev)
dcmi->rstc = devm_reset_control_get_exclusive(&pdev->dev, NULL);
if (IS_ERR(dcmi->rstc)) {
dev_err(&pdev->dev, "Could not get reset control\n");
- return -ENODEV;
+ return PTR_ERR(dcmi->rstc);
}
/* Get bus characteristics from devicetree */
@@ -1660,7 +1660,7 @@ static int dcmi_probe(struct platform_device *pdev)
of_node_put(np);
if (ret) {
dev_err(&pdev->dev, "Could not parse the endpoint\n");
- return -ENODEV;
+ return ret;
}
if (ep.bus_type == V4L2_MBUS_CSI2_DPHY) {
@@ -1673,8 +1673,9 @@ static int dcmi_probe(struct platform_device *pdev)
irq = platform_get_irq(pdev, 0);
if (irq <= 0) {
- dev_err(&pdev->dev, "Could not get irq\n");
- return -ENODEV;
+ if (irq != -EPROBE_DEFER)
+ dev_err(&pdev->dev, "Could not get irq\n");
+ return irq;
}
dcmi->res = platform_get_resource(pdev, IORESOURCE_MEM, 0);
@@ -1694,12 +1695,13 @@ static int dcmi_probe(struct platform_device *pdev)
dev_name(&pdev->dev), dcmi);
if (ret) {
dev_err(&pdev->dev, "Unable to request irq %d\n", irq);
- return -ENODEV;
+ return ret;
}
mclk = devm_clk_get(&pdev->dev, "mclk");
if (IS_ERR(mclk)) {
- dev_err(&pdev->dev, "Unable to get mclk\n");
+ if (PTR_ERR(mclk) != -EPROBE_DEFER)
+ dev_err(&pdev->dev, "Unable to get mclk\n");
return PTR_ERR(mclk);
}
--
2.20.1
^ permalink raw reply related [flat|nested] 429+ messages in thread
* [PATCH 5.1 085/405] ARM: vdso: Remove dependency with the arch_timer driver internals
2019-05-30 2:59 [PATCH 5.1 000/405] 5.1.6-stable review Greg Kroah-Hartman
` (83 preceding siblings ...)
2019-05-30 3:01 ` [PATCH 5.1 084/405] media: stm32-dcmi: return appropriate error codes during probe Greg Kroah-Hartman
@ 2019-05-30 3:01 ` Greg Kroah-Hartman
2019-05-30 3:01 ` [PATCH 5.1 086/405] arm64: Fix compiler warning from pte_unmap() with -Wunused-but-set-variable Greg Kroah-Hartman
` (324 subsequent siblings)
409 siblings, 0 replies; 429+ messages in thread
From: Greg Kroah-Hartman @ 2019-05-30 3:01 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Mark Rutland, Marc Zyngier,
Will Deacon, Sasha Levin
[ Upstream commit 1f5b62f09f6b314c8d70b9de5182dae4de1f94da ]
The VDSO code uses the kernel helper that was originally designed
to abstract the access between 32 and 64bit systems. It worked so
far because this function is declared as 'inline'.
As we're about to revamp that part of the code, the VDSO would
break. Let's fix it by doing what should have been done from
the start, a proper system register access.
Reviewed-by: Mark Rutland <mark.rutland@arm.com>
Signed-off-by: Marc Zyngier <marc.zyngier@arm.com>
Signed-off-by: Will Deacon <will.deacon@arm.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/arm/include/asm/cp15.h | 2 ++
arch/arm/vdso/vgettimeofday.c | 5 +++--
2 files changed, 5 insertions(+), 2 deletions(-)
diff --git a/arch/arm/include/asm/cp15.h b/arch/arm/include/asm/cp15.h
index 07e27f212dc75..d2453e2d3f1f3 100644
--- a/arch/arm/include/asm/cp15.h
+++ b/arch/arm/include/asm/cp15.h
@@ -68,6 +68,8 @@
#define BPIALL __ACCESS_CP15(c7, 0, c5, 6)
#define ICIALLU __ACCESS_CP15(c7, 0, c5, 0)
+#define CNTVCT __ACCESS_CP15_64(1, c14)
+
extern unsigned long cr_alignment; /* defined in entry-armv.S */
static inline unsigned long get_cr(void)
diff --git a/arch/arm/vdso/vgettimeofday.c b/arch/arm/vdso/vgettimeofday.c
index a9dd619c6c290..7bdbf5d5c47d3 100644
--- a/arch/arm/vdso/vgettimeofday.c
+++ b/arch/arm/vdso/vgettimeofday.c
@@ -18,9 +18,9 @@
#include <linux/compiler.h>
#include <linux/hrtimer.h>
#include <linux/time.h>
-#include <asm/arch_timer.h>
#include <asm/barrier.h>
#include <asm/bug.h>
+#include <asm/cp15.h>
#include <asm/page.h>
#include <asm/unistd.h>
#include <asm/vdso_datapage.h>
@@ -123,7 +123,8 @@ static notrace u64 get_ns(struct vdso_data *vdata)
u64 cycle_now;
u64 nsec;
- cycle_now = arch_counter_get_cntvct();
+ isb();
+ cycle_now = read_sysreg(CNTVCT);
cycle_delta = (cycle_now - vdata->cs_cycle_last) & vdata->cs_mask;
--
2.20.1
^ permalink raw reply related [flat|nested] 429+ messages in thread
* [PATCH 5.1 086/405] arm64: Fix compiler warning from pte_unmap() with -Wunused-but-set-variable
2019-05-30 2:59 [PATCH 5.1 000/405] 5.1.6-stable review Greg Kroah-Hartman
` (84 preceding siblings ...)
2019-05-30 3:01 ` [PATCH 5.1 085/405] ARM: vdso: Remove dependency with the arch_timer driver internals Greg Kroah-Hartman
@ 2019-05-30 3:01 ` Greg Kroah-Hartman
2019-05-30 3:01 ` [PATCH 5.1 087/405] mt76: remove mt76_queue dependency from tx_queue_skb function pointer Greg Kroah-Hartman
` (323 subsequent siblings)
409 siblings, 0 replies; 429+ messages in thread
From: Greg Kroah-Hartman @ 2019-05-30 3:01 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Qian Cai, Will Deacon, Sasha Levin
[ Upstream commit 74dd022f9e6260c3b5b8d15901d27ebcc5f21eda ]
When building with -Wunused-but-set-variable, the compiler shouts about
a number of pte_unmap() users, since this expands to an empty macro on
arm64:
| mm/gup.c: In function 'gup_pte_range':
| mm/gup.c:1727:16: warning: variable 'ptem' set but not used
| [-Wunused-but-set-variable]
| mm/gup.c: At top level:
| mm/memory.c: In function 'copy_pte_range':
| mm/memory.c:821:24: warning: variable 'orig_dst_pte' set but not used
| [-Wunused-but-set-variable]
| mm/memory.c:821:9: warning: variable 'orig_src_pte' set but not used
| [-Wunused-but-set-variable]
| mm/swap_state.c: In function 'swap_ra_info':
| mm/swap_state.c:641:15: warning: variable 'orig_pte' set but not used
| [-Wunused-but-set-variable]
| mm/madvise.c: In function 'madvise_free_pte_range':
| mm/madvise.c:318:9: warning: variable 'orig_pte' set but not used
| [-Wunused-but-set-variable]
Rewrite pte_unmap() as a static inline function, which silences the
warnings.
Signed-off-by: Qian Cai <cai@lca.pw>
Signed-off-by: Will Deacon <will.deacon@arm.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/arm64/include/asm/pgtable.h | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/arch/arm64/include/asm/pgtable.h b/arch/arm64/include/asm/pgtable.h
index de70c1eabf336..74ebe96937141 100644
--- a/arch/arm64/include/asm/pgtable.h
+++ b/arch/arm64/include/asm/pgtable.h
@@ -478,6 +478,8 @@ static inline phys_addr_t pmd_page_paddr(pmd_t pmd)
return __pmd_to_phys(pmd);
}
+static inline void pte_unmap(pte_t *pte) { }
+
/* Find an entry in the third-level page table. */
#define pte_index(addr) (((addr) >> PAGE_SHIFT) & (PTRS_PER_PTE - 1))
@@ -486,7 +488,6 @@ static inline phys_addr_t pmd_page_paddr(pmd_t pmd)
#define pte_offset_map(dir,addr) pte_offset_kernel((dir), (addr))
#define pte_offset_map_nested(dir,addr) pte_offset_kernel((dir), (addr))
-#define pte_unmap(pte) do { } while (0)
#define pte_unmap_nested(pte) do { } while (0)
#define pte_set_fixmap(addr) ((pte_t *)set_fixmap_offset(FIX_PTE, addr))
--
2.20.1
^ permalink raw reply related [flat|nested] 429+ messages in thread
* [PATCH 5.1 087/405] mt76: remove mt76_queue dependency from tx_queue_skb function pointer
2019-05-30 2:59 [PATCH 5.1 000/405] 5.1.6-stable review Greg Kroah-Hartman
` (85 preceding siblings ...)
2019-05-30 3:01 ` [PATCH 5.1 086/405] arm64: Fix compiler warning from pte_unmap() with -Wunused-but-set-variable Greg Kroah-Hartman
@ 2019-05-30 3:01 ` Greg Kroah-Hartman
2019-05-30 3:01 ` [PATCH 5.1 088/405] x86/ftrace: Set trampoline pages as executable Greg Kroah-Hartman
` (322 subsequent siblings)
409 siblings, 0 replies; 429+ messages in thread
From: Greg Kroah-Hartman @ 2019-05-30 3:01 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Lorenzo Bianconi, Felix Fietkau, Sasha Levin
[ Upstream commit 89a37842b0c13c9e568bf12f4fcbe6507147e41d ]
Remove mt76_queue dependency from tx_queue_skb function pointer and
rely on mt76_tx_qid instead. This is a preliminary patch to introduce
mt76_sw_queue support
Signed-off-by: Lorenzo Bianconi <lorenzo@kernel.org>
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/wireless/mediatek/mt76/dma.c | 3 ++-
drivers/net/wireless/mediatek/mt76/mt76.h | 4 ++--
drivers/net/wireless/mediatek/mt76/mt7603/beacon.c | 6 +++---
drivers/net/wireless/mediatek/mt76/mt76x02_mmio.c | 4 ++--
drivers/net/wireless/mediatek/mt76/tx.c | 10 +++++-----
drivers/net/wireless/mediatek/mt76/usb.c | 3 ++-
6 files changed, 16 insertions(+), 14 deletions(-)
diff --git a/drivers/net/wireless/mediatek/mt76/dma.c b/drivers/net/wireless/mediatek/mt76/dma.c
index 76629b98c78d7..8c7ee8302fb87 100644
--- a/drivers/net/wireless/mediatek/mt76/dma.c
+++ b/drivers/net/wireless/mediatek/mt76/dma.c
@@ -271,10 +271,11 @@ mt76_dma_tx_queue_skb_raw(struct mt76_dev *dev, enum mt76_txq_id qid,
return 0;
}
-int mt76_dma_tx_queue_skb(struct mt76_dev *dev, struct mt76_queue *q,
+int mt76_dma_tx_queue_skb(struct mt76_dev *dev, enum mt76_txq_id qid,
struct sk_buff *skb, struct mt76_wcid *wcid,
struct ieee80211_sta *sta)
{
+ struct mt76_queue *q = &dev->q_tx[qid];
struct mt76_queue_entry e;
struct mt76_txwi_cache *t;
struct mt76_queue_buf buf[32];
diff --git a/drivers/net/wireless/mediatek/mt76/mt76.h b/drivers/net/wireless/mediatek/mt76/mt76.h
index bcbfd3c4a44b6..eb882b2cbc0ec 100644
--- a/drivers/net/wireless/mediatek/mt76/mt76.h
+++ b/drivers/net/wireless/mediatek/mt76/mt76.h
@@ -156,7 +156,7 @@ struct mt76_queue_ops {
struct mt76_queue_buf *buf, int nbufs, u32 info,
struct sk_buff *skb, void *txwi);
- int (*tx_queue_skb)(struct mt76_dev *dev, struct mt76_queue *q,
+ int (*tx_queue_skb)(struct mt76_dev *dev, enum mt76_txq_id qid,
struct sk_buff *skb, struct mt76_wcid *wcid,
struct ieee80211_sta *sta);
@@ -645,7 +645,7 @@ static inline struct mt76_tx_cb *mt76_tx_skb_cb(struct sk_buff *skb)
return ((void *) IEEE80211_SKB_CB(skb)->status.status_driver_data);
}
-int mt76_dma_tx_queue_skb(struct mt76_dev *dev, struct mt76_queue *q,
+int mt76_dma_tx_queue_skb(struct mt76_dev *dev, enum mt76_txq_id qid,
struct sk_buff *skb, struct mt76_wcid *wcid,
struct ieee80211_sta *sta);
diff --git a/drivers/net/wireless/mediatek/mt76/mt7603/beacon.c b/drivers/net/wireless/mediatek/mt76/mt7603/beacon.c
index 4dcb465095d19..99c0a3ba37cb7 100644
--- a/drivers/net/wireless/mediatek/mt76/mt7603/beacon.c
+++ b/drivers/net/wireless/mediatek/mt76/mt7603/beacon.c
@@ -23,7 +23,7 @@ mt7603_update_beacon_iter(void *priv, u8 *mac, struct ieee80211_vif *vif)
if (!skb)
return;
- mt76_dma_tx_queue_skb(&dev->mt76, &dev->mt76.q_tx[MT_TXQ_BEACON], skb,
+ mt76_dma_tx_queue_skb(&dev->mt76, MT_TXQ_BEACON, skb,
&mvif->sta.wcid, NULL);
spin_lock_bh(&dev->ps_lock);
@@ -118,8 +118,8 @@ void mt7603_pre_tbtt_tasklet(unsigned long arg)
struct ieee80211_vif *vif = info->control.vif;
struct mt7603_vif *mvif = (struct mt7603_vif *)vif->drv_priv;
- mt76_dma_tx_queue_skb(&dev->mt76, q, skb, &mvif->sta.wcid,
- NULL);
+ mt76_dma_tx_queue_skb(&dev->mt76, MT_TXQ_CAB, skb,
+ &mvif->sta.wcid, NULL);
}
mt76_queue_kick(dev, q);
spin_unlock_bh(&q->lock);
diff --git a/drivers/net/wireless/mediatek/mt76/mt76x02_mmio.c b/drivers/net/wireless/mediatek/mt76/mt76x02_mmio.c
index daaed1220147e..952fe19cba9b6 100644
--- a/drivers/net/wireless/mediatek/mt76/mt76x02_mmio.c
+++ b/drivers/net/wireless/mediatek/mt76/mt76x02_mmio.c
@@ -146,8 +146,8 @@ static void mt76x02_pre_tbtt_tasklet(unsigned long arg)
struct ieee80211_vif *vif = info->control.vif;
struct mt76x02_vif *mvif = (struct mt76x02_vif *)vif->drv_priv;
- mt76_dma_tx_queue_skb(&dev->mt76, q, skb, &mvif->group_wcid,
- NULL);
+ mt76_dma_tx_queue_skb(&dev->mt76, MT_TXQ_PSD, skb,
+ &mvif->group_wcid, NULL);
}
spin_unlock_bh(&q->lock);
}
diff --git a/drivers/net/wireless/mediatek/mt76/tx.c b/drivers/net/wireless/mediatek/mt76/tx.c
index 2585df5123350..0c1036da9a92a 100644
--- a/drivers/net/wireless/mediatek/mt76/tx.c
+++ b/drivers/net/wireless/mediatek/mt76/tx.c
@@ -286,7 +286,7 @@ mt76_tx(struct mt76_dev *dev, struct ieee80211_sta *sta,
q = &dev->q_tx[qid];
spin_lock_bh(&q->lock);
- dev->queue_ops->tx_queue_skb(dev, q, skb, wcid, sta);
+ dev->queue_ops->tx_queue_skb(dev, qid, skb, wcid, sta);
dev->queue_ops->kick(dev, q);
if (q->queued > q->ndesc - 8 && !q->stopped) {
@@ -327,7 +327,6 @@ mt76_queue_ps_skb(struct mt76_dev *dev, struct ieee80211_sta *sta,
{
struct mt76_wcid *wcid = (struct mt76_wcid *) sta->drv_priv;
struct ieee80211_tx_info *info = IEEE80211_SKB_CB(skb);
- struct mt76_queue *hwq = &dev->q_tx[MT_TXQ_PSD];
info->control.flags |= IEEE80211_TX_CTRL_PS_RESPONSE;
if (last)
@@ -335,7 +334,7 @@ mt76_queue_ps_skb(struct mt76_dev *dev, struct ieee80211_sta *sta,
IEEE80211_TX_CTL_REQ_TX_STATUS;
mt76_skb_set_moredata(skb, !last);
- dev->queue_ops->tx_queue_skb(dev, hwq, skb, wcid, sta);
+ dev->queue_ops->tx_queue_skb(dev, MT_TXQ_PSD, skb, wcid, sta);
}
void
@@ -390,6 +389,7 @@ mt76_txq_send_burst(struct mt76_dev *dev, struct mt76_queue *hwq,
struct mt76_txq *mtxq, bool *empty)
{
struct ieee80211_txq *txq = mtxq_to_txq(mtxq);
+ enum mt76_txq_id qid = mt76_txq_get_qid(txq);
struct ieee80211_tx_info *info;
struct mt76_wcid *wcid = mtxq->wcid;
struct sk_buff *skb;
@@ -423,7 +423,7 @@ mt76_txq_send_burst(struct mt76_dev *dev, struct mt76_queue *hwq,
if (ampdu)
mt76_check_agg_ssn(mtxq, skb);
- idx = dev->queue_ops->tx_queue_skb(dev, hwq, skb, wcid, txq->sta);
+ idx = dev->queue_ops->tx_queue_skb(dev, qid, skb, wcid, txq->sta);
if (idx < 0)
return idx;
@@ -458,7 +458,7 @@ mt76_txq_send_burst(struct mt76_dev *dev, struct mt76_queue *hwq,
if (cur_ampdu)
mt76_check_agg_ssn(mtxq, skb);
- idx = dev->queue_ops->tx_queue_skb(dev, hwq, skb, wcid,
+ idx = dev->queue_ops->tx_queue_skb(dev, qid, skb, wcid,
txq->sta);
if (idx < 0)
return idx;
diff --git a/drivers/net/wireless/mediatek/mt76/usb.c b/drivers/net/wireless/mediatek/mt76/usb.c
index 4c1abd4924054..b1551419338f0 100644
--- a/drivers/net/wireless/mediatek/mt76/usb.c
+++ b/drivers/net/wireless/mediatek/mt76/usb.c
@@ -726,10 +726,11 @@ mt76u_tx_build_sg(struct mt76_dev *dev, struct sk_buff *skb,
}
static int
-mt76u_tx_queue_skb(struct mt76_dev *dev, struct mt76_queue *q,
+mt76u_tx_queue_skb(struct mt76_dev *dev, enum mt76_txq_id qid,
struct sk_buff *skb, struct mt76_wcid *wcid,
struct ieee80211_sta *sta)
{
+ struct mt76_queue *q = &dev->q_tx[qid];
struct mt76u_buf *buf;
u16 idx = q->tail;
int err;
--
2.20.1
^ permalink raw reply related [flat|nested] 429+ messages in thread
* [PATCH 5.1 088/405] x86/ftrace: Set trampoline pages as executable
2019-05-30 2:59 [PATCH 5.1 000/405] 5.1.6-stable review Greg Kroah-Hartman
` (86 preceding siblings ...)
2019-05-30 3:01 ` [PATCH 5.1 087/405] mt76: remove mt76_queue dependency from tx_queue_skb function pointer Greg Kroah-Hartman
@ 2019-05-30 3:01 ` Greg Kroah-Hartman
2019-05-30 3:01 ` [PATCH 5.1 089/405] powerpc/watchdog: Use hrtimers for per-CPU heartbeat Greg Kroah-Hartman
` (321 subsequent siblings)
409 siblings, 0 replies; 429+ messages in thread
From: Greg Kroah-Hartman @ 2019-05-30 3:01 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Nadav Amit, Rick Edgecombe,
Peter Zijlstra (Intel), Steven Rostedt (VMware),
akpm, ard.biesheuvel, deneen.t.dock, kernel-hardening, kristen,
linux_dti, will.deacon, Andy Lutomirski, Borislav Petkov,
Dave Hansen, H. Peter Anvin, Linus Torvalds, Rik van Riel,
Thomas Gleixner, Ingo Molnar, Sasha Levin
[ Upstream commit 3c0dab44e22782359a0a706cbce72de99a22aa75 ]
Since alloc_module() will not set the pages as executable soon, set
ftrace trampoline pages as executable after they are allocated.
For the time being, do not change ftrace to use the text_poke()
interface. As a result, ftrace still breaks W^X.
Signed-off-by: Nadav Amit <namit@vmware.com>
Signed-off-by: Rick Edgecombe <rick.p.edgecombe@intel.com>
Signed-off-by: Peter Zijlstra (Intel) <peterz@infradead.org>
Reviewed-by: Steven Rostedt (VMware) <rostedt@goodmis.org>
Cc: <akpm@linux-foundation.org>
Cc: <ard.biesheuvel@linaro.org>
Cc: <deneen.t.dock@intel.com>
Cc: <kernel-hardening@lists.openwall.com>
Cc: <kristen@linux.intel.com>
Cc: <linux_dti@icloud.com>
Cc: <will.deacon@arm.com>
Cc: Andy Lutomirski <luto@kernel.org>
Cc: Borislav Petkov <bp@alien8.de>
Cc: Dave Hansen <dave.hansen@linux.intel.com>
Cc: H. Peter Anvin <hpa@zytor.com>
Cc: Linus Torvalds <torvalds@linux-foundation.org>
Cc: Rik van Riel <riel@surriel.com>
Cc: Thomas Gleixner <tglx@linutronix.de>
Link: https://lkml.kernel.org/r/20190426001143.4983-10-namit@vmware.com
Signed-off-by: Ingo Molnar <mingo@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/x86/kernel/ftrace.c | 8 ++++++++
1 file changed, 8 insertions(+)
diff --git a/arch/x86/kernel/ftrace.c b/arch/x86/kernel/ftrace.c
index bd553b3af22e9..6e0c0ed8e4bf4 100644
--- a/arch/x86/kernel/ftrace.c
+++ b/arch/x86/kernel/ftrace.c
@@ -749,6 +749,7 @@ create_trampoline(struct ftrace_ops *ops, unsigned int *tramp_size)
unsigned long end_offset;
unsigned long op_offset;
unsigned long offset;
+ unsigned long npages;
unsigned long size;
unsigned long retq;
unsigned long *ptr;
@@ -781,6 +782,7 @@ create_trampoline(struct ftrace_ops *ops, unsigned int *tramp_size)
return 0;
*tramp_size = size + RET_SIZE + sizeof(void *);
+ npages = DIV_ROUND_UP(*tramp_size, PAGE_SIZE);
/* Copy ftrace_caller onto the trampoline memory */
ret = probe_kernel_read(trampoline, (void *)start_offset, size);
@@ -825,6 +827,12 @@ create_trampoline(struct ftrace_ops *ops, unsigned int *tramp_size)
/* ALLOC_TRAMP flags lets us know we created it */
ops->flags |= FTRACE_OPS_FL_ALLOC_TRAMP;
+ /*
+ * Module allocation needs to be completed by making the page
+ * executable. The page is still writable, which is a security hazard,
+ * but anyhow ftrace breaks W^X completely.
+ */
+ set_memory_x((unsigned long)trampoline, npages);
return (unsigned long)trampoline;
fail:
tramp_free(trampoline, *tramp_size);
--
2.20.1
^ permalink raw reply related [flat|nested] 429+ messages in thread
* [PATCH 5.1 089/405] powerpc/watchdog: Use hrtimers for per-CPU heartbeat
2019-05-30 2:59 [PATCH 5.1 000/405] 5.1.6-stable review Greg Kroah-Hartman
` (87 preceding siblings ...)
2019-05-30 3:01 ` [PATCH 5.1 088/405] x86/ftrace: Set trampoline pages as executable Greg Kroah-Hartman
@ 2019-05-30 3:01 ` Greg Kroah-Hartman
2019-05-30 3:01 ` [PATCH 5.1 090/405] cpufreq: Fix kobject memleak Greg Kroah-Hartman
` (320 subsequent siblings)
409 siblings, 0 replies; 429+ messages in thread
From: Greg Kroah-Hartman @ 2019-05-30 3:01 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Gautham R. Shenoy,
Ravikumar Bangoria, Nicholas Piggin, Ravi Bangoria,
Michael Ellerman, Sasha Levin
[ Upstream commit 7ae3f6e130e8dc6188b59e3b4ebc2f16e9c8d053 ]
Using a jiffies timer creates a dependency on the tick_do_timer_cpu
incrementing jiffies. If that CPU has locked up and jiffies is not
incrementing, the watchdog heartbeat timer for all CPUs stops and
creates false positives and confusing warnings on local CPUs, and
also causes the SMP detector to stop, so the root cause is never
detected.
Fix this by using hrtimer based timers for the watchdog heartbeat,
like the generic kernel hardlockup detector.
Cc: Gautham R. Shenoy <ego@linux.vnet.ibm.com>
Reported-by: Ravikumar Bangoria <ravi.bangoria@in.ibm.com>
Signed-off-by: Nicholas Piggin <npiggin@gmail.com>
Tested-by: Ravi Bangoria <ravi.bangoria@linux.ibm.com>
Reported-by: Ravi Bangoria <ravi.bangoria@linux.ibm.com>
Reviewed-by: Gautham R. Shenoy <ego@linux.vnet.ibm.com>
Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/powerpc/kernel/watchdog.c | 81 +++++++++++++++++-----------------
1 file changed, 40 insertions(+), 41 deletions(-)
diff --git a/arch/powerpc/kernel/watchdog.c b/arch/powerpc/kernel/watchdog.c
index 3c6ab22a0c4e3..af3c15a1d41eb 100644
--- a/arch/powerpc/kernel/watchdog.c
+++ b/arch/powerpc/kernel/watchdog.c
@@ -77,7 +77,7 @@ static u64 wd_smp_panic_timeout_tb __read_mostly; /* panic other CPUs */
static u64 wd_timer_period_ms __read_mostly; /* interval between heartbeat */
-static DEFINE_PER_CPU(struct timer_list, wd_timer);
+static DEFINE_PER_CPU(struct hrtimer, wd_hrtimer);
static DEFINE_PER_CPU(u64, wd_timer_tb);
/* SMP checker bits */
@@ -293,21 +293,21 @@ void soft_nmi_interrupt(struct pt_regs *regs)
nmi_exit();
}
-static void wd_timer_reset(unsigned int cpu, struct timer_list *t)
-{
- t->expires = jiffies + msecs_to_jiffies(wd_timer_period_ms);
- if (wd_timer_period_ms > 1000)
- t->expires = __round_jiffies_up(t->expires, cpu);
- add_timer_on(t, cpu);
-}
-
-static void wd_timer_fn(struct timer_list *t)
+static enum hrtimer_restart watchdog_timer_fn(struct hrtimer *hrtimer)
{
int cpu = smp_processor_id();
+ if (!(watchdog_enabled & NMI_WATCHDOG_ENABLED))
+ return HRTIMER_NORESTART;
+
+ if (!cpumask_test_cpu(cpu, &watchdog_cpumask))
+ return HRTIMER_NORESTART;
+
watchdog_timer_interrupt(cpu);
- wd_timer_reset(cpu, t);
+ hrtimer_forward_now(hrtimer, ms_to_ktime(wd_timer_period_ms));
+
+ return HRTIMER_RESTART;
}
void arch_touch_nmi_watchdog(void)
@@ -323,37 +323,22 @@ void arch_touch_nmi_watchdog(void)
}
EXPORT_SYMBOL(arch_touch_nmi_watchdog);
-static void start_watchdog_timer_on(unsigned int cpu)
-{
- struct timer_list *t = per_cpu_ptr(&wd_timer, cpu);
-
- per_cpu(wd_timer_tb, cpu) = get_tb();
-
- timer_setup(t, wd_timer_fn, TIMER_PINNED);
- wd_timer_reset(cpu, t);
-}
-
-static void stop_watchdog_timer_on(unsigned int cpu)
-{
- struct timer_list *t = per_cpu_ptr(&wd_timer, cpu);
-
- del_timer_sync(t);
-}
-
-static int start_wd_on_cpu(unsigned int cpu)
+static void start_watchdog(void *arg)
{
+ struct hrtimer *hrtimer = this_cpu_ptr(&wd_hrtimer);
+ int cpu = smp_processor_id();
unsigned long flags;
if (cpumask_test_cpu(cpu, &wd_cpus_enabled)) {
WARN_ON(1);
- return 0;
+ return;
}
if (!(watchdog_enabled & NMI_WATCHDOG_ENABLED))
- return 0;
+ return;
if (!cpumask_test_cpu(cpu, &watchdog_cpumask))
- return 0;
+ return;
wd_smp_lock(&flags);
cpumask_set_cpu(cpu, &wd_cpus_enabled);
@@ -363,27 +348,40 @@ static int start_wd_on_cpu(unsigned int cpu)
}
wd_smp_unlock(&flags);
- start_watchdog_timer_on(cpu);
+ *this_cpu_ptr(&wd_timer_tb) = get_tb();
- return 0;
+ hrtimer_init(hrtimer, CLOCK_MONOTONIC, HRTIMER_MODE_REL);
+ hrtimer->function = watchdog_timer_fn;
+ hrtimer_start(hrtimer, ms_to_ktime(wd_timer_period_ms),
+ HRTIMER_MODE_REL_PINNED);
}
-static int stop_wd_on_cpu(unsigned int cpu)
+static int start_watchdog_on_cpu(unsigned int cpu)
{
+ return smp_call_function_single(cpu, start_watchdog, NULL, true);
+}
+
+static void stop_watchdog(void *arg)
+{
+ struct hrtimer *hrtimer = this_cpu_ptr(&wd_hrtimer);
+ int cpu = smp_processor_id();
unsigned long flags;
if (!cpumask_test_cpu(cpu, &wd_cpus_enabled))
- return 0; /* Can happen in CPU unplug case */
+ return; /* Can happen in CPU unplug case */
- stop_watchdog_timer_on(cpu);
+ hrtimer_cancel(hrtimer);
wd_smp_lock(&flags);
cpumask_clear_cpu(cpu, &wd_cpus_enabled);
wd_smp_unlock(&flags);
wd_smp_clear_cpu_pending(cpu, get_tb());
+}
- return 0;
+static int stop_watchdog_on_cpu(unsigned int cpu)
+{
+ return smp_call_function_single(cpu, stop_watchdog, NULL, true);
}
static void watchdog_calc_timeouts(void)
@@ -402,7 +400,7 @@ void watchdog_nmi_stop(void)
int cpu;
for_each_cpu(cpu, &wd_cpus_enabled)
- stop_wd_on_cpu(cpu);
+ stop_watchdog_on_cpu(cpu);
}
void watchdog_nmi_start(void)
@@ -411,7 +409,7 @@ void watchdog_nmi_start(void)
watchdog_calc_timeouts();
for_each_cpu_and(cpu, cpu_online_mask, &watchdog_cpumask)
- start_wd_on_cpu(cpu);
+ start_watchdog_on_cpu(cpu);
}
/*
@@ -423,7 +421,8 @@ int __init watchdog_nmi_probe(void)
err = cpuhp_setup_state_nocalls(CPUHP_AP_ONLINE_DYN,
"powerpc/watchdog:online",
- start_wd_on_cpu, stop_wd_on_cpu);
+ start_watchdog_on_cpu,
+ stop_watchdog_on_cpu);
if (err < 0) {
pr_warn("could not be initialized");
return err;
--
2.20.1
^ permalink raw reply related [flat|nested] 429+ messages in thread
* [PATCH 5.1 090/405] cpufreq: Fix kobject memleak
2019-05-30 2:59 [PATCH 5.1 000/405] 5.1.6-stable review Greg Kroah-Hartman
` (88 preceding siblings ...)
2019-05-30 3:01 ` [PATCH 5.1 089/405] powerpc/watchdog: Use hrtimers for per-CPU heartbeat Greg Kroah-Hartman
@ 2019-05-30 3:01 ` Greg Kroah-Hartman
2019-05-30 3:01 ` [PATCH 5.1 091/405] scsi: qla2xxx: Fix a qla24xx_enable_msix() error path Greg Kroah-Hartman
` (319 subsequent siblings)
409 siblings, 0 replies; 429+ messages in thread
From: Greg Kroah-Hartman @ 2019-05-30 3:01 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Viresh Kumar, Tobin C. Harding,
Rafael J. Wysocki, Sasha Levin
[ Upstream commit 4ebe36c94aed95de71a8ce6a6762226d31c938ee ]
Currently the error return path from kobject_init_and_add() is not
followed by a call to kobject_put() - which means we are leaking the
kobject.
Fix it by adding a call to kobject_put() in the error path of
kobject_init_and_add().
Signed-off-by: Viresh Kumar <viresh.kumar@linaro.org>
Reviewed-by: Tobin C. Harding <tobin@kernel.org>
Signed-off-by: Rafael J. Wysocki <rafael.j.wysocki@intel.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/cpufreq/cpufreq.c | 1 +
drivers/cpufreq/cpufreq_governor.c | 2 ++
2 files changed, 3 insertions(+)
diff --git a/drivers/cpufreq/cpufreq.c b/drivers/cpufreq/cpufreq.c
index e10922709d139..bbf79544d0ad8 100644
--- a/drivers/cpufreq/cpufreq.c
+++ b/drivers/cpufreq/cpufreq.c
@@ -1098,6 +1098,7 @@ static struct cpufreq_policy *cpufreq_policy_alloc(unsigned int cpu)
cpufreq_global_kobject, "policy%u", cpu);
if (ret) {
pr_err("%s: failed to init policy->kobj: %d\n", __func__, ret);
+ kobject_put(&policy->kobj);
goto err_free_real_cpus;
}
diff --git a/drivers/cpufreq/cpufreq_governor.c b/drivers/cpufreq/cpufreq_governor.c
index ffa9adeaba31b..9d1d9bf02710b 100644
--- a/drivers/cpufreq/cpufreq_governor.c
+++ b/drivers/cpufreq/cpufreq_governor.c
@@ -459,6 +459,8 @@ int cpufreq_dbs_governor_init(struct cpufreq_policy *policy)
/* Failure, so roll back. */
pr_err("initialization failed (dbs_data kobject init error %d)\n", ret);
+ kobject_put(&dbs_data->attr_set.kobj);
+
policy->governor_data = NULL;
if (!have_governor_per_policy())
--
2.20.1
^ permalink raw reply related [flat|nested] 429+ messages in thread
* [PATCH 5.1 091/405] scsi: qla2xxx: Fix a qla24xx_enable_msix() error path
2019-05-30 2:59 [PATCH 5.1 000/405] 5.1.6-stable review Greg Kroah-Hartman
` (89 preceding siblings ...)
2019-05-30 3:01 ` [PATCH 5.1 090/405] cpufreq: Fix kobject memleak Greg Kroah-Hartman
@ 2019-05-30 3:01 ` Greg Kroah-Hartman
2019-05-30 3:01 ` [PATCH 5.1 092/405] scsi: qla2xxx: Fix abort handling in tcm_qla2xxx_write_pending() Greg Kroah-Hartman
` (318 subsequent siblings)
409 siblings, 0 replies; 429+ messages in thread
From: Greg Kroah-Hartman @ 2019-05-30 3:01 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Himanshu Madhani, Giridhar Malavali,
Bart Van Assche, Martin K. Petersen, Sasha Levin
[ Upstream commit 24afabdbd0b3553963a2bbf465895492b14d1107 ]
Make sure that the allocated interrupts are freed if allocating memory for
the msix_entries array fails.
Cc: Himanshu Madhani <hmadhani@marvell.com>
Cc: Giridhar Malavali <gmalavali@marvell.com>
Signed-off-by: Bart Van Assche <bvanassche@acm.org>
Acked-by: Himanshu Madhani <hmadhani@marvell.com>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/scsi/qla2xxx/qla_isr.c | 6 +++++-
1 file changed, 5 insertions(+), 1 deletion(-)
diff --git a/drivers/scsi/qla2xxx/qla_isr.c b/drivers/scsi/qla2xxx/qla_isr.c
index 69bbea9239cc8..add17843148dd 100644
--- a/drivers/scsi/qla2xxx/qla_isr.c
+++ b/drivers/scsi/qla2xxx/qla_isr.c
@@ -3475,7 +3475,7 @@ qla24xx_enable_msix(struct qla_hw_data *ha, struct rsp_que *rsp)
ql_log(ql_log_fatal, vha, 0x00c8,
"Failed to allocate memory for ha->msix_entries.\n");
ret = -ENOMEM;
- goto msix_out;
+ goto free_irqs;
}
ha->flags.msix_enabled = 1;
@@ -3558,6 +3558,10 @@ qla24xx_enable_msix(struct qla_hw_data *ha, struct rsp_que *rsp)
msix_out:
return ret;
+
+free_irqs:
+ pci_free_irq_vectors(ha->pdev);
+ goto msix_out;
}
int
--
2.20.1
^ permalink raw reply related [flat|nested] 429+ messages in thread
* [PATCH 5.1 092/405] scsi: qla2xxx: Fix abort handling in tcm_qla2xxx_write_pending()
2019-05-30 2:59 [PATCH 5.1 000/405] 5.1.6-stable review Greg Kroah-Hartman
` (90 preceding siblings ...)
2019-05-30 3:01 ` [PATCH 5.1 091/405] scsi: qla2xxx: Fix a qla24xx_enable_msix() error path Greg Kroah-Hartman
@ 2019-05-30 3:01 ` Greg Kroah-Hartman
2019-05-30 3:01 ` [PATCH 5.1 093/405] scsi: qla2xxx: Avoid that lockdep complains about unsafe locking in tcm_qla2xxx_close_session() Greg Kroah-Hartman
` (317 subsequent siblings)
409 siblings, 0 replies; 429+ messages in thread
From: Greg Kroah-Hartman @ 2019-05-30 3:01 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Himanshu Madhani, Giridhar Malavali,
Bart Van Assche, Martin K. Petersen, Sasha Levin
[ Upstream commit e209783d66bca04b5fce4429e59338517ffc1a0b ]
Implementations of the .write_pending() callback functions must guarantee
that an appropriate LIO core callback function will be called immediately or
at a later time. Make sure that this guarantee is met for aborted SCSI
commands.
[mkp: typo]
Cc: Himanshu Madhani <hmadhani@marvell.com>
Cc: Giridhar Malavali <gmalavali@marvell.com>
Fixes: 694833ee00c4 ("scsi: tcm_qla2xxx: Do not allow aborted cmd to advance.") # v4.13.
Fixes: a07100e00ac4 ("qla2xxx: Fix TMR ABORT interaction issue between qla2xxx and TCM") # v4.5.
Signed-off-by: Bart Van Assche <bvanassche@acm.org>
Acked-by: Himanshu Madhani <hmadhani@marvell.com>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/scsi/qla2xxx/tcm_qla2xxx.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/drivers/scsi/qla2xxx/tcm_qla2xxx.c b/drivers/scsi/qla2xxx/tcm_qla2xxx.c
index 8a3075d17c63c..bddb573c88dd2 100644
--- a/drivers/scsi/qla2xxx/tcm_qla2xxx.c
+++ b/drivers/scsi/qla2xxx/tcm_qla2xxx.c
@@ -399,6 +399,8 @@ static int tcm_qla2xxx_write_pending(struct se_cmd *se_cmd)
cmd->se_cmd.transport_state,
cmd->se_cmd.t_state,
cmd->se_cmd.se_cmd_flags);
+ transport_generic_request_failure(&cmd->se_cmd,
+ TCM_CHECK_CONDITION_ABORT_CMD);
return 0;
}
cmd->trc_flags |= TRC_XFR_RDY;
--
2.20.1
^ permalink raw reply related [flat|nested] 429+ messages in thread
* [PATCH 5.1 093/405] scsi: qla2xxx: Avoid that lockdep complains about unsafe locking in tcm_qla2xxx_close_session()
2019-05-30 2:59 [PATCH 5.1 000/405] 5.1.6-stable review Greg Kroah-Hartman
` (91 preceding siblings ...)
2019-05-30 3:01 ` [PATCH 5.1 092/405] scsi: qla2xxx: Fix abort handling in tcm_qla2xxx_write_pending() Greg Kroah-Hartman
@ 2019-05-30 3:01 ` Greg Kroah-Hartman
2019-05-30 3:01 ` [PATCH 5.1 094/405] scsi: qla2xxx: Fix hardirq-unsafe locking Greg Kroah-Hartman
` (316 subsequent siblings)
409 siblings, 0 replies; 429+ messages in thread
From: Greg Kroah-Hartman @ 2019-05-30 3:01 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Himanshu Madhani, Giridhar Malavali,
Bart Van Assche, Martin K. Petersen, Sasha Levin
[ Upstream commit d4023db71108375e4194e92730ba0d32d7f07813 ]
This patch avoids that lockdep reports the following warning:
=====================================================
WARNING: HARDIRQ-safe -> HARDIRQ-unsafe lock order detected
5.1.0-rc1-dbg+ #11 Tainted: G W
-----------------------------------------------------
rmdir/1478 [HC0[0]:SC0[0]:HE0:SE1] is trying to acquire:
00000000e7ac4607 (&(&k->k_lock)->rlock){+.+.}, at: klist_next+0x43/0x1d0
and this task is already holding:
00000000cf0baf5e (&(&ha->tgt.sess_lock)->rlock){-...}, at: tcm_qla2xxx_close_session+0x57/0xb0 [tcm_qla2xxx]
which would create a new lock dependency:
(&(&ha->tgt.sess_lock)->rlock){-...} -> (&(&k->k_lock)->rlock){+.+.}
but this new dependency connects a HARDIRQ-irq-safe lock:
(&(&ha->tgt.sess_lock)->rlock){-...}
... which became HARDIRQ-irq-safe at:
lock_acquire+0xe3/0x200
_raw_spin_lock_irqsave+0x3d/0x60
qla2x00_fcport_event_handler+0x1f3d/0x22b0 [qla2xxx]
qla2x00_async_login_sp_done+0x1dc/0x1f0 [qla2xxx]
qla24xx_process_response_queue+0xa37/0x10e0 [qla2xxx]
qla24xx_msix_rsp_q+0x79/0xf0 [qla2xxx]
__handle_irq_event_percpu+0x79/0x3c0
handle_irq_event_percpu+0x70/0xf0
handle_irq_event+0x5a/0x8b
handle_edge_irq+0x12c/0x310
handle_irq+0x192/0x20a
do_IRQ+0x73/0x160
ret_from_intr+0x0/0x1d
default_idle+0x23/0x1f0
arch_cpu_idle+0x15/0x20
default_idle_call+0x35/0x40
do_idle+0x2bb/0x2e0
cpu_startup_entry+0x1d/0x20
start_secondary+0x24d/0x2d0
secondary_startup_64+0xa4/0xb0
to a HARDIRQ-irq-unsafe lock:
(&(&k->k_lock)->rlock){+.+.}
... which became HARDIRQ-irq-unsafe at:
...
lock_acquire+0xe3/0x200
_raw_spin_lock+0x32/0x50
klist_add_tail+0x33/0xb0
device_add+0x7f4/0xb60
device_create_groups_vargs+0x11c/0x150
device_create_with_groups+0x89/0xb0
vtconsole_class_init+0xb2/0x124
do_one_initcall+0xc5/0x3ce
kernel_init_freeable+0x295/0x32e
kernel_init+0x11/0x11b
ret_from_fork+0x3a/0x50
other info that might help us debug this:
Possible interrupt unsafe locking scenario:
CPU0 CPU1
---- ----
lock(&(&k->k_lock)->rlock);
local_irq_disable();
lock(&(&ha->tgt.sess_lock)->rlock);
lock(&(&k->k_lock)->rlock);
<Interrupt>
lock(&(&ha->tgt.sess_lock)->rlock);
*** DEADLOCK ***
4 locks held by rmdir/1478:
#0: 000000002c7f1ba4 (sb_writers#10){.+.+}, at: mnt_want_write+0x32/0x70
#1: 00000000c85eb147 (&default_group_class[depth - 1]#2/1){+.+.}, at: do_rmdir+0x217/0x2d0
#2: 000000002b164d6f (&sb->s_type->i_mutex_key#13){++++}, at: vfs_rmdir+0x7e/0x1d0
#3: 00000000cf0baf5e (&(&ha->tgt.sess_lock)->rlock){-...}, at: tcm_qla2xxx_close_session+0x57/0xb0 [tcm_qla2xxx]
the dependencies between HARDIRQ-irq-safe lock and the holding lock:
-> (&(&ha->tgt.sess_lock)->rlock){-...} ops: 127 {
IN-HARDIRQ-W at:
lock_acquire+0xe3/0x200
_raw_spin_lock_irqsave+0x3d/0x60
qla2x00_fcport_event_handler+0x1f3d/0x22b0 [qla2xxx]
qla2x00_async_login_sp_done+0x1dc/0x1f0 [qla2xxx]
qla24xx_process_response_queue+0xa37/0x10e0 [qla2xxx]
qla24xx_msix_rsp_q+0x79/0xf0 [qla2xxx]
__handle_irq_event_percpu+0x79/0x3c0
handle_irq_event_percpu+0x70/0xf0
handle_irq_event+0x5a/0x8b
handle_edge_irq+0x12c/0x310
handle_irq+0x192/0x20a
do_IRQ+0x73/0x160
ret_from_intr+0x0/0x1d
default_idle+0x23/0x1f0
arch_cpu_idle+0x15/0x20
default_idle_call+0x35/0x40
do_idle+0x2bb/0x2e0
cpu_startup_entry+0x1d/0x20
start_secondary+0x24d/0x2d0
secondary_startup_64+0xa4/0xb0
INITIAL USE at:
lock_acquire+0xe3/0x200
_raw_spin_lock_irqsave+0x3d/0x60
qla2x00_loop_resync+0xb3d/0x2690 [qla2xxx]
qla2x00_do_dpc+0xcee/0xf30 [qla2xxx]
kthread+0x1d2/0x1f0
ret_from_fork+0x3a/0x50
}
... key at: [<ffffffffa125f700>] __key.62804+0x0/0xfffffffffff7e900 [qla2xxx]
... acquired at:
__lock_acquire+0x11ed/0x1b60
lock_acquire+0xe3/0x200
_raw_spin_lock_irqsave+0x3d/0x60
klist_next+0x43/0x1d0
device_for_each_child+0x96/0x110
scsi_target_block+0x3c/0x40 [scsi_mod]
fc_remote_port_delete+0xe7/0x1c0 [scsi_transport_fc]
qla2x00_mark_device_lost+0x4d3/0x500 [qla2xxx]
qlt_unreg_sess+0x104/0x2c0 [qla2xxx]
tcm_qla2xxx_close_session+0xa2/0xb0 [tcm_qla2xxx]
target_shutdown_sessions+0x17b/0x190 [target_core_mod]
core_tpg_del_initiator_node_acl+0xf3/0x1f0 [target_core_mod]
target_fabric_nacl_base_release+0x25/0x30 [target_core_mod]
config_item_release+0x9f/0x120 [configfs]
config_item_put+0x29/0x2b [configfs]
configfs_rmdir+0x3d2/0x520 [configfs]
vfs_rmdir+0xb3/0x1d0
do_rmdir+0x25c/0x2d0
__x64_sys_rmdir+0x24/0x30
do_syscall_64+0x77/0x220
entry_SYSCALL_64_after_hwframe+0x49/0xbe
the dependencies between the lock to be acquired
and HARDIRQ-irq-unsafe lock:
-> (&(&k->k_lock)->rlock){+.+.} ops: 14568 {
HARDIRQ-ON-W at:
lock_acquire+0xe3/0x200
_raw_spin_lock+0x32/0x50
klist_add_tail+0x33/0xb0
device_add+0x7f4/0xb60
device_create_groups_vargs+0x11c/0x150
device_create_with_groups+0x89/0xb0
vtconsole_class_init+0xb2/0x124
do_one_initcall+0xc5/0x3ce
kernel_init_freeable+0x295/0x32e
kernel_init+0x11/0x11b
ret_from_fork+0x3a/0x50
SOFTIRQ-ON-W at:
lock_acquire+0xe3/0x200
_raw_spin_lock+0x32/0x50
klist_add_tail+0x33/0xb0
device_add+0x7f4/0xb60
device_create_groups_vargs+0x11c/0x150
device_create_with_groups+0x89/0xb0
vtconsole_class_init+0xb2/0x124
do_one_initcall+0xc5/0x3ce
kernel_init_freeable+0x295/0x32e
kernel_init+0x11/0x11b
ret_from_fork+0x3a/0x50
INITIAL USE at:
lock_acquire+0xe3/0x200
_raw_spin_lock+0x32/0x50
klist_add_tail+0x33/0xb0
device_add+0x7f4/0xb60
device_create_groups_vargs+0x11c/0x150
device_create_with_groups+0x89/0xb0
vtconsole_class_init+0xb2/0x124
do_one_initcall+0xc5/0x3ce
kernel_init_freeable+0x295/0x32e
kernel_init+0x11/0x11b
ret_from_fork+0x3a/0x50
}
... key at: [<ffffffff83f3d900>] __key.15805+0x0/0x40
... acquired at:
__lock_acquire+0x11ed/0x1b60
lock_acquire+0xe3/0x200
_raw_spin_lock_irqsave+0x3d/0x60
klist_next+0x43/0x1d0
device_for_each_child+0x96/0x110
scsi_target_block+0x3c/0x40 [scsi_mod]
fc_remote_port_delete+0xe7/0x1c0 [scsi_transport_fc]
qla2x00_mark_device_lost+0x4d3/0x500 [qla2xxx]
qlt_unreg_sess+0x104/0x2c0 [qla2xxx]
tcm_qla2xxx_close_session+0xa2/0xb0 [tcm_qla2xxx]
target_shutdown_sessions+0x17b/0x190 [target_core_mod]
core_tpg_del_initiator_node_acl+0xf3/0x1f0 [target_core_mod]
target_fabric_nacl_base_release+0x25/0x30 [target_core_mod]
config_item_release+0x9f/0x120 [configfs]
config_item_put+0x29/0x2b [configfs]
configfs_rmdir+0x3d2/0x520 [configfs]
vfs_rmdir+0xb3/0x1d0
do_rmdir+0x25c/0x2d0
__x64_sys_rmdir+0x24/0x30
do_syscall_64+0x77/0x220
entry_SYSCALL_64_after_hwframe+0x49/0xbe
stack backtrace:
CPU: 7 PID: 1478 Comm: rmdir Tainted: G W 5.1.0-rc1-dbg+ #11
Hardware name: Bochs Bochs, BIOS Bochs 01/01/2011
Call Trace:
dump_stack+0x86/0xca
check_usage.cold.59+0x473/0x563
check_prev_add.constprop.43+0x1f1/0x1170
__lock_acquire+0x11ed/0x1b60
lock_acquire+0xe3/0x200
_raw_spin_lock_irqsave+0x3d/0x60
klist_next+0x43/0x1d0
device_for_each_child+0x96/0x110
scsi_target_block+0x3c/0x40 [scsi_mod]
fc_remote_port_delete+0xe7/0x1c0 [scsi_transport_fc]
qla2x00_mark_device_lost+0x4d3/0x500 [qla2xxx]
qlt_unreg_sess+0x104/0x2c0 [qla2xxx]
tcm_qla2xxx_close_session+0xa2/0xb0 [tcm_qla2xxx]
target_shutdown_sessions+0x17b/0x190 [target_core_mod]
core_tpg_del_initiator_node_acl+0xf3/0x1f0 [target_core_mod]
target_fabric_nacl_base_release+0x25/0x30 [target_core_mod]
config_item_release+0x9f/0x120 [configfs]
config_item_put+0x29/0x2b [configfs]
configfs_rmdir+0x3d2/0x520 [configfs]
vfs_rmdir+0xb3/0x1d0
do_rmdir+0x25c/0x2d0
__x64_sys_rmdir+0x24/0x30
do_syscall_64+0x77/0x220
entry_SYSCALL_64_after_hwframe+0x49/0xbe
Cc: Himanshu Madhani <hmadhani@marvell.com>
Cc: Giridhar Malavali <gmalavali@marvell.com>
Signed-off-by: Bart Van Assche <bvanassche@acm.org>
Acked-by: Himanshu Madhani <hmadhani@marvell.com>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/scsi/qla2xxx/tcm_qla2xxx.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/drivers/scsi/qla2xxx/tcm_qla2xxx.c b/drivers/scsi/qla2xxx/tcm_qla2xxx.c
index bddb573c88dd2..d6104f23f697f 100644
--- a/drivers/scsi/qla2xxx/tcm_qla2xxx.c
+++ b/drivers/scsi/qla2xxx/tcm_qla2xxx.c
@@ -374,8 +374,9 @@ static void tcm_qla2xxx_close_session(struct se_session *se_sess)
spin_lock_irqsave(&vha->hw->tgt.sess_lock, flags);
target_sess_cmd_list_set_waiting(se_sess);
- tcm_qla2xxx_put_sess(sess);
spin_unlock_irqrestore(&vha->hw->tgt.sess_lock, flags);
+
+ tcm_qla2xxx_put_sess(sess);
}
static u32 tcm_qla2xxx_sess_get_index(struct se_session *se_sess)
--
2.20.1
^ permalink raw reply related [flat|nested] 429+ messages in thread
* [PATCH 5.1 094/405] scsi: qla2xxx: Fix hardirq-unsafe locking
2019-05-30 2:59 [PATCH 5.1 000/405] 5.1.6-stable review Greg Kroah-Hartman
` (92 preceding siblings ...)
2019-05-30 3:01 ` [PATCH 5.1 093/405] scsi: qla2xxx: Avoid that lockdep complains about unsafe locking in tcm_qla2xxx_close_session() Greg Kroah-Hartman
@ 2019-05-30 3:01 ` Greg Kroah-Hartman
2019-05-30 3:01 ` [PATCH 5.1 095/405] x86/modules: Avoid breaking W^X while loading modules Greg Kroah-Hartman
` (315 subsequent siblings)
409 siblings, 0 replies; 429+ messages in thread
From: Greg Kroah-Hartman @ 2019-05-30 3:01 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Himanshu Madhani, Giridhar Malavali,
Bart Van Assche, Martin K. Petersen, Sasha Levin
[ Upstream commit 300ec7415c1fed5c73660f50c8e14a67e236dc0a ]
Since fc_remote_port_delete() must be called with interrupts enabled, do
not disable interrupts when calling that function. Remove the lockin calls
from around the put_sess() call. This is safe because the function that is
called when the final reference is dropped, qlt_unreg_sess(), grabs the
proper locks. This patch avoids that lockdep reports the following:
WARNING: HARDIRQ-safe -> HARDIRQ-unsafe lock order detected
kworker/2:1/62 [HC0[0]:SC0[0]:HE0:SE1] is trying to acquire:
0000000009e679b3 (&(&k->k_lock)->rlock){+.+.}, at: klist_next+0x43/0x1d0
and this task is already holding:
00000000a033b71c (&(&ha->tgt.sess_lock)->rlock){-...}, at: qla24xx_delete_sess_fn+0x55/0xf0 [qla2xxx_scst]
which would create a new lock dependency:
(&(&ha->tgt.sess_lock)->rlock){-...} -> (&(&k->k_lock)->rlock){+.+.}
but this new dependency connects a HARDIRQ-irq-safe lock:
(&(&ha->tgt.sess_lock)->rlock){-...}
... which became HARDIRQ-irq-safe at:
lock_acquire+0xe3/0x200
_raw_spin_lock_irqsave+0x3d/0x60
qla24xx_report_id_acquisition+0xa69/0xe30 [qla2xxx_scst]
qla24xx_process_response_queue+0x69e/0x1270 [qla2xxx_scst]
qla24xx_msix_rsp_q+0x79/0xf0 [qla2xxx_scst]
__handle_irq_event_percpu+0x79/0x3c0
handle_irq_event_percpu+0x70/0xf0
handle_irq_event+0x5a/0x8b
handle_edge_irq+0x12c/0x310
handle_irq+0x192/0x20a
do_IRQ+0x73/0x160
ret_from_intr+0x0/0x1d
default_idle+0x23/0x1f0
arch_cpu_idle+0x15/0x20
default_idle_call+0x35/0x40
do_idle+0x2bb/0x2e0
cpu_startup_entry+0x1d/0x20
start_secondary+0x2a8/0x320
secondary_startup_64+0xa4/0xb0
to a HARDIRQ-irq-unsafe lock:
(&(&k->k_lock)->rlock){+.+.}
... which became HARDIRQ-irq-unsafe at:
...
lock_acquire+0xe3/0x200
_raw_spin_lock+0x32/0x50
klist_add_tail+0x33/0xb0
device_add+0x7e1/0xb50
device_create_groups_vargs+0x11c/0x150
device_create_with_groups+0x89/0xb0
vtconsole_class_init+0xb2/0x124
do_one_initcall+0xc5/0x3ce
kernel_init_freeable+0x295/0x32e
kernel_init+0x11/0x11b
ret_from_fork+0x3a/0x50
other info that might help us debug this:
Possible interrupt unsafe locking scenario:
CPU0 CPU1
---- ----
lock(&(&k->k_lock)->rlock);
local_irq_disable();
lock(&(&ha->tgt.sess_lock)->rlock);
lock(&(&k->k_lock)->rlock);
<Interrupt>
lock(&(&ha->tgt.sess_lock)->rlock);
*** DEADLOCK ***
3 locks held by kworker/2:1/62:
#0: 00000000a4319c16 ((wq_completion)"qla2xxx_wq"){+.+.}, at: process_one_work+0x437/0xa80
#1: 00000000ffa34c42 ((work_completion)(&sess->del_work)){+.+.}, at: process_one_work+0x437/0xa80
#2: 00000000a033b71c (&(&ha->tgt.sess_lock)->rlock){-...}, at: qla24xx_delete_sess_fn+0x55/0xf0 [qla2xxx_scst]
the dependencies between HARDIRQ-irq-safe lock and the holding lock:
-> (&(&ha->tgt.sess_lock)->rlock){-...} ops: 8 {
IN-HARDIRQ-W at:
lock_acquire+0xe3/0x200
_raw_spin_lock_irqsave+0x3d/0x60
qla24xx_report_id_acquisition+0xa69/0xe30 [qla2xxx_scst]
qla24xx_process_response_queue+0x69e/0x1270 [qla2xxx_scst]
qla24xx_msix_rsp_q+0x79/0xf0 [qla2xxx_scst]
__handle_irq_event_percpu+0x79/0x3c0
handle_irq_event_percpu+0x70/0xf0
handle_irq_event+0x5a/0x8b
handle_edge_irq+0x12c/0x310
handle_irq+0x192/0x20a
do_IRQ+0x73/0x160
ret_from_intr+0x0/0x1d
default_idle+0x23/0x1f0
arch_cpu_idle+0x15/0x20
default_idle_call+0x35/0x40
do_idle+0x2bb/0x2e0
cpu_startup_entry+0x1d/0x20
start_secondary+0x2a8/0x320
secondary_startup_64+0xa4/0xb0
INITIAL USE at:
lock_acquire+0xe3/0x200
_raw_spin_lock_irqsave+0x3d/0x60
qla24xx_report_id_acquisition+0xa69/0xe30 [qla2xxx_scst]
qla24xx_process_response_queue+0x69e/0x1270 [qla2xxx_scst]
qla24xx_msix_rsp_q+0x79/0xf0 [qla2xxx_scst]
__handle_irq_event_percpu+0x79/0x3c0
handle_irq_event_percpu+0x70/0xf0
handle_irq_event+0x5a/0x8b
handle_edge_irq+0x12c/0x310
handle_irq+0x192/0x20a
do_IRQ+0x73/0x160
ret_from_intr+0x0/0x1d
default_idle+0x23/0x1f0
arch_cpu_idle+0x15/0x20
default_idle_call+0x35/0x40
do_idle+0x2bb/0x2e0
cpu_startup_entry+0x1d/0x20
start_secondary+0x2a8/0x320
secondary_startup_64+0xa4/0xb0
}
... key at: [<ffffffffa0c0d080>] __key.85462+0x0/0xfffffffffff7df80 [qla2xxx_scst]
... acquired at:
lock_acquire+0xe3/0x200
_raw_spin_lock_irqsave+0x3d/0x60
klist_next+0x43/0x1d0
device_for_each_child+0x96/0x110
scsi_target_block+0x3c/0x40 [scsi_mod]
fc_remote_port_delete+0xe7/0x1c0 [scsi_transport_fc]
qla2x00_mark_device_lost+0xa0b/0xa30 [qla2xxx_scst]
qlt_unreg_sess+0x1c6/0x380 [qla2xxx_scst]
qla24xx_delete_sess_fn+0xe6/0xf0 [qla2xxx_scst]
process_one_work+0x511/0xa80
worker_thread+0x67/0x5b0
kthread+0x1d2/0x1f0
ret_from_fork+0x3a/0x50
the dependencies between the lock to be acquired
and HARDIRQ-irq-unsafe lock:
-> (&(&k->k_lock)->rlock){+.+.} ops: 13831 {
HARDIRQ-ON-W at:
lock_acquire+0xe3/0x200
_raw_spin_lock+0x32/0x50
klist_add_tail+0x33/0xb0
device_add+0x7e1/0xb50
device_create_groups_vargs+0x11c/0x150
device_create_with_groups+0x89/0xb0
vtconsole_class_init+0xb2/0x124
do_one_initcall+0xc5/0x3ce
kernel_init_freeable+0x295/0x32e
kernel_init+0x11/0x11b
ret_from_fork+0x3a/0x50
SOFTIRQ-ON-W at:
lock_acquire+0xe3/0x200
_raw_spin_lock+0x32/0x50
klist_add_tail+0x33/0xb0
device_add+0x7e1/0xb50
device_create_groups_vargs+0x11c/0x150
device_create_with_groups+0x89/0xb0
vtconsole_class_init+0xb2/0x124
do_one_initcall+0xc5/0x3ce
kernel_init_freeable+0x295/0x32e
kernel_init+0x11/0x11b
ret_from_fork+0x3a/0x50
INITIAL USE at:
lock_acquire+0xe3/0x200
_raw_spin_lock+0x32/0x50
klist_add_tail+0x33/0xb0
device_add+0x7e1/0xb50
device_create_groups_vargs+0x11c/0x150
device_create_with_groups+0x89/0xb0
vtconsole_class_init+0xb2/0x124
do_one_initcall+0xc5/0x3ce
kernel_init_freeable+0x295/0x32e
kernel_init+0x11/0x11b
ret_from_fork+0x3a/0x50
}
... key at: [<ffffffff83ed8780>] __key.15491+0x0/0x40
... acquired at:
lock_acquire+0xe3/0x200
_raw_spin_lock_irqsave+0x3d/0x60
klist_next+0x43/0x1d0
device_for_each_child+0x96/0x110
scsi_target_block+0x3c/0x40 [scsi_mod]
fc_remote_port_delete+0xe7/0x1c0 [scsi_transport_fc]
qla2x00_mark_device_lost+0xa0b/0xa30 [qla2xxx_scst]
qlt_unreg_sess+0x1c6/0x380 [qla2xxx_scst]
qla24xx_delete_sess_fn+0xe6/0xf0 [qla2xxx_scst]
process_one_work+0x511/0xa80
worker_thread+0x67/0x5b0
kthread+0x1d2/0x1f0
ret_from_fork+0x3a/0x50
stack backtrace:
CPU: 2 PID: 62 Comm: kworker/2:1 Tainted: G O 5.0.7-dbg+ #8
Hardware name: Bochs Bochs, BIOS Bochs 01/01/2011
Workqueue: qla2xxx_wq qla24xx_delete_sess_fn [qla2xxx_scst]
Call Trace:
dump_stack+0x86/0xca
check_usage.cold.52+0x473/0x563
__lock_acquire+0x11c0/0x23e0
lock_acquire+0xe3/0x200
_raw_spin_lock_irqsave+0x3d/0x60
klist_next+0x43/0x1d0
device_for_each_child+0x96/0x110
scsi_target_block+0x3c/0x40 [scsi_mod]
fc_remote_port_delete+0xe7/0x1c0 [scsi_transport_fc]
qla2x00_mark_device_lost+0xa0b/0xa30 [qla2xxx_scst]
qlt_unreg_sess+0x1c6/0x380 [qla2xxx_scst]
qla24xx_delete_sess_fn+0xe6/0xf0 [qla2xxx_scst]
process_one_work+0x511/0xa80
worker_thread+0x67/0x5b0
kthread+0x1d2/0x1f0
ret_from_fork+0x3a/0x50
Cc: Himanshu Madhani <hmadhani@marvell.com>
Cc: Giridhar Malavali <gmalavali@marvell.com>
Signed-off-by: Bart Van Assche <bvanassche@acm.org>
Acked-by: Himanshu Madhani <hmadhani@marvell.com>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/scsi/qla2xxx/qla_target.c | 25 ++++++++-----------------
drivers/scsi/qla2xxx/tcm_qla2xxx.c | 2 --
2 files changed, 8 insertions(+), 19 deletions(-)
diff --git a/drivers/scsi/qla2xxx/qla_target.c b/drivers/scsi/qla2xxx/qla_target.c
index 697eee1d88474..b210a8296c275 100644
--- a/drivers/scsi/qla2xxx/qla_target.c
+++ b/drivers/scsi/qla2xxx/qla_target.c
@@ -680,7 +680,6 @@ int qla24xx_async_notify_ack(scsi_qla_host_t *vha, fc_port_t *fcport,
void qla24xx_do_nack_work(struct scsi_qla_host *vha, struct qla_work_evt *e)
{
fc_port_t *t;
- unsigned long flags;
switch (e->u.nack.type) {
case SRB_NACK_PRLI:
@@ -693,10 +692,8 @@ void qla24xx_do_nack_work(struct scsi_qla_host *vha, struct qla_work_evt *e)
if (t) {
ql_log(ql_log_info, vha, 0xd034,
"%s create sess success %p", __func__, t);
- spin_lock_irqsave(&vha->hw->tgt.sess_lock, flags);
/* create sess has an extra kref */
vha->hw->tgt.tgt_ops->put_sess(e->u.nack.fcport);
- spin_unlock_irqrestore(&vha->hw->tgt.sess_lock, flags);
}
break;
}
@@ -708,9 +705,6 @@ void qla24xx_delete_sess_fn(struct work_struct *work)
{
fc_port_t *fcport = container_of(work, struct fc_port, del_work);
struct qla_hw_data *ha = fcport->vha->hw;
- unsigned long flags;
-
- spin_lock_irqsave(&ha->tgt.sess_lock, flags);
if (fcport->se_sess) {
ha->tgt.tgt_ops->shutdown_sess(fcport);
@@ -718,7 +712,6 @@ void qla24xx_delete_sess_fn(struct work_struct *work)
} else {
qlt_unreg_sess(fcport);
}
- spin_unlock_irqrestore(&ha->tgt.sess_lock, flags);
}
/*
@@ -787,8 +780,9 @@ void qlt_fc_port_added(struct scsi_qla_host *vha, fc_port_t *fcport)
fcport->port_name, sess->loop_id);
sess->local = 0;
}
- ha->tgt.tgt_ops->put_sess(sess);
spin_unlock_irqrestore(&ha->tgt.sess_lock, flags);
+
+ ha->tgt.tgt_ops->put_sess(sess);
}
/*
@@ -4242,9 +4236,7 @@ static void __qlt_do_work(struct qla_tgt_cmd *cmd)
/*
* Drop extra session reference from qla_tgt_handle_cmd_for_atio*(
*/
- spin_lock_irqsave(&ha->tgt.sess_lock, flags);
ha->tgt.tgt_ops->put_sess(sess);
- spin_unlock_irqrestore(&ha->tgt.sess_lock, flags);
return;
out_term:
@@ -4261,9 +4253,7 @@ static void __qlt_do_work(struct qla_tgt_cmd *cmd)
target_free_tag(sess->se_sess, &cmd->se_cmd);
spin_unlock_irqrestore(qpair->qp_lock_ptr, flags);
- spin_lock_irqsave(&ha->tgt.sess_lock, flags);
ha->tgt.tgt_ops->put_sess(sess);
- spin_unlock_irqrestore(&ha->tgt.sess_lock, flags);
}
static void qlt_do_work(struct work_struct *work)
@@ -4472,9 +4462,7 @@ static int qlt_handle_cmd_for_atio(struct scsi_qla_host *vha,
if (!cmd) {
ql_dbg(ql_dbg_io, vha, 0x3062,
"qla_target(%d): Allocation of cmd failed\n", vha->vp_idx);
- spin_lock_irqsave(&ha->tgt.sess_lock, flags);
ha->tgt.tgt_ops->put_sess(sess);
- spin_unlock_irqrestore(&ha->tgt.sess_lock, flags);
return -EBUSY;
}
@@ -6318,17 +6306,19 @@ static void qlt_abort_work(struct qla_tgt *tgt,
}
rc = __qlt_24xx_handle_abts(vha, &prm->abts, sess);
- ha->tgt.tgt_ops->put_sess(sess);
spin_unlock_irqrestore(&ha->tgt.sess_lock, flags2);
+ ha->tgt.tgt_ops->put_sess(sess);
+
if (rc != 0)
goto out_term;
return;
out_term2:
+ spin_unlock_irqrestore(&ha->tgt.sess_lock, flags2);
+
if (sess)
ha->tgt.tgt_ops->put_sess(sess);
- spin_unlock_irqrestore(&ha->tgt.sess_lock, flags2);
out_term:
spin_lock_irqsave(&ha->hardware_lock, flags);
@@ -6386,9 +6376,10 @@ static void qlt_tmr_work(struct qla_tgt *tgt,
scsilun_to_int((struct scsi_lun *)&a->u.isp24.fcp_cmnd.lun);
rc = qlt_issue_task_mgmt(sess, unpacked_lun, fn, iocb, 0);
- ha->tgt.tgt_ops->put_sess(sess);
spin_unlock_irqrestore(&ha->tgt.sess_lock, flags);
+ ha->tgt.tgt_ops->put_sess(sess);
+
if (rc != 0)
goto out_term;
return;
diff --git a/drivers/scsi/qla2xxx/tcm_qla2xxx.c b/drivers/scsi/qla2xxx/tcm_qla2xxx.c
index d6104f23f697f..e58becb790fa3 100644
--- a/drivers/scsi/qla2xxx/tcm_qla2xxx.c
+++ b/drivers/scsi/qla2xxx/tcm_qla2xxx.c
@@ -359,7 +359,6 @@ static void tcm_qla2xxx_put_sess(struct fc_port *sess)
if (!sess)
return;
- assert_spin_locked(&sess->vha->hw->tgt.sess_lock);
kref_put(&sess->sess_kref, tcm_qla2xxx_release_session);
}
@@ -832,7 +831,6 @@ static void tcm_qla2xxx_clear_nacl_from_fcport_map(struct fc_port *sess)
static void tcm_qla2xxx_shutdown_sess(struct fc_port *sess)
{
- assert_spin_locked(&sess->vha->hw->tgt.sess_lock);
target_sess_cmd_list_set_waiting(sess->se_sess);
}
--
2.20.1
^ permalink raw reply related [flat|nested] 429+ messages in thread
* [PATCH 5.1 095/405] x86/modules: Avoid breaking W^X while loading modules
2019-05-30 2:59 [PATCH 5.1 000/405] 5.1.6-stable review Greg Kroah-Hartman
` (93 preceding siblings ...)
2019-05-30 3:01 ` [PATCH 5.1 094/405] scsi: qla2xxx: Fix hardirq-unsafe locking Greg Kroah-Hartman
@ 2019-05-30 3:01 ` Greg Kroah-Hartman
2019-05-30 3:01 ` [PATCH 5.1 096/405] Btrfs: fix data bytes_may_use underflow with fallocate due to failed quota reserve Greg Kroah-Hartman
` (314 subsequent siblings)
409 siblings, 0 replies; 429+ messages in thread
From: Greg Kroah-Hartman @ 2019-05-30 3:01 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Thomas Gleixner, Andy Lutomirski,
Nadav Amit, Rick Edgecombe, Peter Zijlstra (Intel),
akpm, ard.biesheuvel, deneen.t.dock, kernel-hardening, kristen,
linux_dti, will.deacon, Andy Lutomirski, Borislav Petkov,
Dave Hansen, H. Peter Anvin, Jessica Yu, Kees Cook,
Linus Torvalds, Masami Hiramatsu, Rik van Riel, Ingo Molnar,
Sasha Levin
[ Upstream commit f2c65fb3221adc6b73b0549fc7ba892022db9797 ]
When modules and BPF filters are loaded, there is a time window in
which some memory is both writable and executable. An attacker that has
already found another vulnerability (e.g., a dangling pointer) might be
able to exploit this behavior to overwrite kernel code. Prevent having
writable executable PTEs in this stage.
In addition, avoiding having W+X mappings can also slightly simplify the
patching of modules code on initialization (e.g., by alternatives and
static-key), as would be done in the next patch. This was actually the
main motivation for this patch.
To avoid having W+X mappings, set them initially as RW (NX) and after
they are set as RO set them as X as well. Setting them as executable is
done as a separate step to avoid one core in which the old PTE is cached
(hence writable), and another which sees the updated PTE (executable),
which would break the W^X protection.
Suggested-by: Thomas Gleixner <tglx@linutronix.de>
Suggested-by: Andy Lutomirski <luto@amacapital.net>
Signed-off-by: Nadav Amit <namit@vmware.com>
Signed-off-by: Rick Edgecombe <rick.p.edgecombe@intel.com>
Signed-off-by: Peter Zijlstra (Intel) <peterz@infradead.org>
Cc: <akpm@linux-foundation.org>
Cc: <ard.biesheuvel@linaro.org>
Cc: <deneen.t.dock@intel.com>
Cc: <kernel-hardening@lists.openwall.com>
Cc: <kristen@linux.intel.com>
Cc: <linux_dti@icloud.com>
Cc: <will.deacon@arm.com>
Cc: Andy Lutomirski <luto@kernel.org>
Cc: Borislav Petkov <bp@alien8.de>
Cc: Dave Hansen <dave.hansen@intel.com>
Cc: H. Peter Anvin <hpa@zytor.com>
Cc: Jessica Yu <jeyu@kernel.org>
Cc: Kees Cook <keescook@chromium.org>
Cc: Linus Torvalds <torvalds@linux-foundation.org>
Cc: Masami Hiramatsu <mhiramat@kernel.org>
Cc: Rik van Riel <riel@surriel.com>
Link: https://lkml.kernel.org/r/20190426001143.4983-12-namit@vmware.com
Signed-off-by: Ingo Molnar <mingo@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/x86/kernel/alternative.c | 28 +++++++++++++++++++++-------
arch/x86/kernel/module.c | 2 +-
include/linux/filter.h | 1 +
kernel/module.c | 5 +++++
4 files changed, 28 insertions(+), 8 deletions(-)
diff --git a/arch/x86/kernel/alternative.c b/arch/x86/kernel/alternative.c
index 9a79c7808f9cc..d7df79fc448cd 100644
--- a/arch/x86/kernel/alternative.c
+++ b/arch/x86/kernel/alternative.c
@@ -667,15 +667,29 @@ void __init alternative_instructions(void)
* handlers seeing an inconsistent instruction while you patch.
*/
void *__init_or_module text_poke_early(void *addr, const void *opcode,
- size_t len)
+ size_t len)
{
unsigned long flags;
- local_irq_save(flags);
- memcpy(addr, opcode, len);
- local_irq_restore(flags);
- sync_core();
- /* Could also do a CLFLUSH here to speed up CPU recovery; but
- that causes hangs on some VIA CPUs. */
+
+ if (boot_cpu_has(X86_FEATURE_NX) &&
+ is_module_text_address((unsigned long)addr)) {
+ /*
+ * Modules text is marked initially as non-executable, so the
+ * code cannot be running and speculative code-fetches are
+ * prevented. Just change the code.
+ */
+ memcpy(addr, opcode, len);
+ } else {
+ local_irq_save(flags);
+ memcpy(addr, opcode, len);
+ local_irq_restore(flags);
+ sync_core();
+
+ /*
+ * Could also do a CLFLUSH here to speed up CPU recovery; but
+ * that causes hangs on some VIA CPUs.
+ */
+ }
return addr;
}
diff --git a/arch/x86/kernel/module.c b/arch/x86/kernel/module.c
index b052e883dd8cc..cfa3106faee42 100644
--- a/arch/x86/kernel/module.c
+++ b/arch/x86/kernel/module.c
@@ -87,7 +87,7 @@ void *module_alloc(unsigned long size)
p = __vmalloc_node_range(size, MODULE_ALIGN,
MODULES_VADDR + get_module_load_offset(),
MODULES_END, GFP_KERNEL,
- PAGE_KERNEL_EXEC, 0, NUMA_NO_NODE,
+ PAGE_KERNEL, 0, NUMA_NO_NODE,
__builtin_return_address(0));
if (p && (kasan_module_alloc(p, size) < 0)) {
vfree(p);
diff --git a/include/linux/filter.h b/include/linux/filter.h
index 6074aa064b540..14ec3bdad9a90 100644
--- a/include/linux/filter.h
+++ b/include/linux/filter.h
@@ -746,6 +746,7 @@ static inline void bpf_prog_unlock_ro(struct bpf_prog *fp)
static inline void bpf_jit_binary_lock_ro(struct bpf_binary_header *hdr)
{
set_memory_ro((unsigned long)hdr, hdr->pages);
+ set_memory_x((unsigned long)hdr, hdr->pages);
}
static inline void bpf_jit_binary_unlock_ro(struct bpf_binary_header *hdr)
diff --git a/kernel/module.c b/kernel/module.c
index 0b9aa8ab89f08..2b2845ae983ed 100644
--- a/kernel/module.c
+++ b/kernel/module.c
@@ -1950,8 +1950,13 @@ void module_enable_ro(const struct module *mod, bool after_init)
return;
frob_text(&mod->core_layout, set_memory_ro);
+ frob_text(&mod->core_layout, set_memory_x);
+
frob_rodata(&mod->core_layout, set_memory_ro);
+
frob_text(&mod->init_layout, set_memory_ro);
+ frob_text(&mod->init_layout, set_memory_x);
+
frob_rodata(&mod->init_layout, set_memory_ro);
if (after_init)
--
2.20.1
^ permalink raw reply related [flat|nested] 429+ messages in thread
* [PATCH 5.1 096/405] Btrfs: fix data bytes_may_use underflow with fallocate due to failed quota reserve
2019-05-30 2:59 [PATCH 5.1 000/405] 5.1.6-stable review Greg Kroah-Hartman
` (94 preceding siblings ...)
2019-05-30 3:01 ` [PATCH 5.1 095/405] x86/modules: Avoid breaking W^X while loading modules Greg Kroah-Hartman
@ 2019-05-30 3:01 ` Greg Kroah-Hartman
2019-05-30 3:01 ` [PATCH 5.1 097/405] btrfs: fix panic during relocation after ENOSPC before writeback happens Greg Kroah-Hartman
` (313 subsequent siblings)
409 siblings, 0 replies; 429+ messages in thread
From: Greg Kroah-Hartman @ 2019-05-30 3:01 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Filipe Manana, Robbie Ko,
David Sterba, Sasha Levin
[ Upstream commit 39ad317315887c2cb9a4347a93a8859326ddf136 ]
When doing fallocate, we first add the range to the reserve_list and
then reserve the quota. If quota reservation fails, we'll release all
reserved parts of reserve_list.
However, cur_offset is not updated to indicate that this range is
already been inserted into the list. Therefore, the same range is freed
twice. Once at list_for_each_entry loop, and once at the end of the
function. This will result in WARN_ON on bytes_may_use when we free the
remaining space.
At the end, under the 'out' label we have a call to:
btrfs_free_reserved_data_space(inode, data_reserved, alloc_start, alloc_end - cur_offset);
The start offset, third argument, should be cur_offset.
Everything from alloc_start to cur_offset was freed by the
list_for_each_entry_safe_loop.
Fixes: 18513091af94 ("btrfs: update btrfs_space_info's bytes_may_use timely")
Reviewed-by: Filipe Manana <fdmanana@suse.com>
Signed-off-by: Robbie Ko <robbieko@synology.com>
Signed-off-by: David Sterba <dsterba@suse.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
fs/btrfs/file.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/fs/btrfs/file.c b/fs/btrfs/file.c
index 27decfd33ad92..ef11808b592bb 100644
--- a/fs/btrfs/file.c
+++ b/fs/btrfs/file.c
@@ -3142,6 +3142,7 @@ static long btrfs_fallocate(struct file *file, int mode,
ret = btrfs_qgroup_reserve_data(inode, &data_reserved,
cur_offset, last_byte - cur_offset);
if (ret < 0) {
+ cur_offset = last_byte;
free_extent_map(em);
break;
}
@@ -3191,7 +3192,7 @@ static long btrfs_fallocate(struct file *file, int mode,
/* Let go of our reservation. */
if (ret != 0 && !(mode & FALLOC_FL_ZERO_RANGE))
btrfs_free_reserved_data_space(inode, data_reserved,
- alloc_start, alloc_end - cur_offset);
+ cur_offset, alloc_end - cur_offset);
extent_changeset_free(data_reserved);
return ret;
}
--
2.20.1
^ permalink raw reply related [flat|nested] 429+ messages in thread
* [PATCH 5.1 097/405] btrfs: fix panic during relocation after ENOSPC before writeback happens
2019-05-30 2:59 [PATCH 5.1 000/405] 5.1.6-stable review Greg Kroah-Hartman
` (95 preceding siblings ...)
2019-05-30 3:01 ` [PATCH 5.1 096/405] Btrfs: fix data bytes_may_use underflow with fallocate due to failed quota reserve Greg Kroah-Hartman
@ 2019-05-30 3:01 ` Greg Kroah-Hartman
2019-05-30 3:01 ` [PATCH 5.1 098/405] btrfs: Dont panic when we cant find a root key Greg Kroah-Hartman
` (312 subsequent siblings)
409 siblings, 0 replies; 429+ messages in thread
From: Greg Kroah-Hartman @ 2019-05-30 3:01 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Josef Bacik, Filipe Manana,
David Sterba, Sasha Levin
[ Upstream commit ff612ba7849964b1898fd3ccd1f56941129c6aab ]
We've been seeing the following sporadically throughout our fleet
panic: kernel BUG at fs/btrfs/relocation.c:4584!
netversion: 5.0-0
Backtrace:
#0 [ffffc90003adb880] machine_kexec at ffffffff81041da8
#1 [ffffc90003adb8c8] __crash_kexec at ffffffff8110396c
#2 [ffffc90003adb988] crash_kexec at ffffffff811048ad
#3 [ffffc90003adb9a0] oops_end at ffffffff8101c19a
#4 [ffffc90003adb9c0] do_trap at ffffffff81019114
#5 [ffffc90003adba00] do_error_trap at ffffffff810195d0
#6 [ffffc90003adbab0] invalid_op at ffffffff81a00a9b
[exception RIP: btrfs_reloc_cow_block+692]
RIP: ffffffff8143b614 RSP: ffffc90003adbb68 RFLAGS: 00010246
RAX: fffffffffffffff7 RBX: ffff8806b9c32000 RCX: ffff8806aad00690
RDX: ffff880850b295e0 RSI: ffff8806b9c32000 RDI: ffff88084f205bd0
RBP: ffff880849415000 R8: ffffc90003adbbe0 R9: ffff88085ac90000
R10: ffff8805f7369140 R11: 0000000000000000 R12: ffff880850b295e0
R13: ffff88084f205bd0 R14: 0000000000000000 R15: 0000000000000000
ORIG_RAX: ffffffffffffffff CS: 0010 SS: 0018
#7 [ffffc90003adbbb0] __btrfs_cow_block at ffffffff813bf1cd
#8 [ffffc90003adbc28] btrfs_cow_block at ffffffff813bf4b3
#9 [ffffc90003adbc78] btrfs_search_slot at ffffffff813c2e6c
The way relocation moves data extents is by creating a reloc inode and
preallocating extents in this inode and then copying the data into these
preallocated extents. Once we've done this for all of our extents,
we'll write out these dirty pages, which marks the extent written, and
goes into btrfs_reloc_cow_block(). From here we get our current
reloc_control, which _should_ match the reloc_control for the current
block group we're relocating.
However if we get an ENOSPC in this path at some point we'll bail out,
never initiating writeback on this inode. Not a huge deal, unless we
happen to be doing relocation on a different block group, and this block
group is now rc->stage == UPDATE_DATA_PTRS. This trips the BUG_ON() in
btrfs_reloc_cow_block(), because we expect to be done modifying the data
inode. We are in fact done modifying the metadata for the data inode
we're currently using, but not the one from the failed block group, and
thus we BUG_ON().
(This happens when writeback finishes for extents from the previous
group, when we are at btrfs_finish_ordered_io() which updates the data
reloc tree (inode item, drops/adds extent items, etc).)
Fix this by writing out the reloc data inode always, and then breaking
out of the loop after that point to keep from tripping this BUG_ON()
later.
Signed-off-by: Josef Bacik <josef@toxicpanda.com>
Reviewed-by: Filipe Manana <fdmanana@suse.com>
[ add note from Filipe ]
Signed-off-by: David Sterba <dsterba@suse.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
fs/btrfs/relocation.c | 31 ++++++++++++++++++++-----------
1 file changed, 20 insertions(+), 11 deletions(-)
diff --git a/fs/btrfs/relocation.c b/fs/btrfs/relocation.c
index 351fa506dc9bf..1d82ee4883eb3 100644
--- a/fs/btrfs/relocation.c
+++ b/fs/btrfs/relocation.c
@@ -4330,27 +4330,36 @@ int btrfs_relocate_block_group(struct btrfs_fs_info *fs_info, u64 group_start)
mutex_lock(&fs_info->cleaner_mutex);
ret = relocate_block_group(rc);
mutex_unlock(&fs_info->cleaner_mutex);
- if (ret < 0) {
+ if (ret < 0)
err = ret;
- goto out;
- }
-
- if (rc->extents_found == 0)
- break;
-
- btrfs_info(fs_info, "found %llu extents", rc->extents_found);
+ /*
+ * We may have gotten ENOSPC after we already dirtied some
+ * extents. If writeout happens while we're relocating a
+ * different block group we could end up hitting the
+ * BUG_ON(rc->stage == UPDATE_DATA_PTRS) in
+ * btrfs_reloc_cow_block. Make sure we write everything out
+ * properly so we don't trip over this problem, and then break
+ * out of the loop if we hit an error.
+ */
if (rc->stage == MOVE_DATA_EXTENTS && rc->found_file_extent) {
ret = btrfs_wait_ordered_range(rc->data_inode, 0,
(u64)-1);
- if (ret) {
+ if (ret)
err = ret;
- goto out;
- }
invalidate_mapping_pages(rc->data_inode->i_mapping,
0, -1);
rc->stage = UPDATE_DATA_PTRS;
}
+
+ if (err < 0)
+ goto out;
+
+ if (rc->extents_found == 0)
+ break;
+
+ btrfs_info(fs_info, "found %llu extents", rc->extents_found);
+
}
WARN_ON(rc->block_group->pinned > 0);
--
2.20.1
^ permalink raw reply related [flat|nested] 429+ messages in thread
* [PATCH 5.1 098/405] btrfs: Dont panic when we cant find a root key
2019-05-30 2:59 [PATCH 5.1 000/405] 5.1.6-stable review Greg Kroah-Hartman
` (96 preceding siblings ...)
2019-05-30 3:01 ` [PATCH 5.1 097/405] btrfs: fix panic during relocation after ENOSPC before writeback happens Greg Kroah-Hartman
@ 2019-05-30 3:01 ` Greg Kroah-Hartman
2019-05-30 3:01 ` [PATCH 5.1 099/405] iwlwifi: pcie: dont crash on invalid RX interrupt Greg Kroah-Hartman
` (311 subsequent siblings)
409 siblings, 0 replies; 429+ messages in thread
From: Greg Kroah-Hartman @ 2019-05-30 3:01 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Filipe Manana, Johannes Thumshirn,
Qu Wenruo, David Sterba, Sasha Levin
[ Upstream commit 7ac1e464c4d473b517bb784f30d40da1f842482e ]
When we failed to find a root key in btrfs_update_root(), we just panic.
That's definitely not cool, fix it by outputting an unique error
message, aborting current transaction and return -EUCLEAN. This should
not normally happen as the root has been used by the callers in some
way.
Reviewed-by: Filipe Manana <fdmanana@suse.com>
Reviewed-by: Johannes Thumshirn <jthumshirn@suse.de>
Signed-off-by: Qu Wenruo <wqu@suse.com>
Reviewed-by: David Sterba <dsterba@suse.com>
Signed-off-by: David Sterba <dsterba@suse.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
fs/btrfs/root-tree.c | 13 ++++++++-----
1 file changed, 8 insertions(+), 5 deletions(-)
diff --git a/fs/btrfs/root-tree.c b/fs/btrfs/root-tree.c
index 1a92ad546f912..22124122728cd 100644
--- a/fs/btrfs/root-tree.c
+++ b/fs/btrfs/root-tree.c
@@ -135,11 +135,14 @@ int btrfs_update_root(struct btrfs_trans_handle *trans, struct btrfs_root
if (ret < 0)
goto out;
- if (ret != 0) {
- btrfs_print_leaf(path->nodes[0]);
- btrfs_crit(fs_info, "unable to update root key %llu %u %llu",
- key->objectid, key->type, key->offset);
- BUG_ON(1);
+ if (ret > 0) {
+ btrfs_crit(fs_info,
+ "unable to find root key (%llu %u %llu) in tree %llu",
+ key->objectid, key->type, key->offset,
+ root->root_key.objectid);
+ ret = -EUCLEAN;
+ btrfs_abort_transaction(trans, ret);
+ goto out;
}
l = path->nodes[0];
--
2.20.1
^ permalink raw reply related [flat|nested] 429+ messages in thread
* [PATCH 5.1 099/405] iwlwifi: pcie: dont crash on invalid RX interrupt
2019-05-30 2:59 [PATCH 5.1 000/405] 5.1.6-stable review Greg Kroah-Hartman
` (97 preceding siblings ...)
2019-05-30 3:01 ` [PATCH 5.1 098/405] btrfs: Dont panic when we cant find a root key Greg Kroah-Hartman
@ 2019-05-30 3:01 ` Greg Kroah-Hartman
2019-05-30 3:01 ` [PATCH 5.1 100/405] rtc: 88pm860x: prevent use-after-free on device remove Greg Kroah-Hartman
` (310 subsequent siblings)
409 siblings, 0 replies; 429+ messages in thread
From: Greg Kroah-Hartman @ 2019-05-30 3:01 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Johannes Berg, Luca Coelho, Sasha Levin
[ Upstream commit 30f24eabab8cd801064c5c37589d803cb4341929 ]
If for some reason the device gives us an RX interrupt before we're
ready for it, perhaps during device power-on with misconfigured IRQ
causes mapping or so, we can crash trying to access the queues.
Prevent that by checking that we actually have RXQs and that they
were properly allocated.
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: Luca Coelho <luciano.coelho@intel.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/wireless/intel/iwlwifi/pcie/rx.c | 7 ++++++-
1 file changed, 6 insertions(+), 1 deletion(-)
diff --git a/drivers/net/wireless/intel/iwlwifi/pcie/rx.c b/drivers/net/wireless/intel/iwlwifi/pcie/rx.c
index 8d4f0628622bb..12f02aaf923ed 100644
--- a/drivers/net/wireless/intel/iwlwifi/pcie/rx.c
+++ b/drivers/net/wireless/intel/iwlwifi/pcie/rx.c
@@ -1434,10 +1434,15 @@ static struct iwl_rx_mem_buffer *iwl_pcie_get_rxb(struct iwl_trans *trans,
static void iwl_pcie_rx_handle(struct iwl_trans *trans, int queue)
{
struct iwl_trans_pcie *trans_pcie = IWL_TRANS_GET_PCIE_TRANS(trans);
- struct iwl_rxq *rxq = &trans_pcie->rxq[queue];
+ struct iwl_rxq *rxq;
u32 r, i, count = 0;
bool emergency = false;
+ if (WARN_ON_ONCE(!trans_pcie->rxq || !trans_pcie->rxq[queue].bd))
+ return;
+
+ rxq = &trans_pcie->rxq[queue];
+
restart:
spin_lock(&rxq->lock);
/* uCode's read index (stored in shared DRAM) indicates the last Rx
--
2.20.1
^ permalink raw reply related [flat|nested] 429+ messages in thread
* [PATCH 5.1 100/405] rtc: 88pm860x: prevent use-after-free on device remove
2019-05-30 2:59 [PATCH 5.1 000/405] 5.1.6-stable review Greg Kroah-Hartman
` (98 preceding siblings ...)
2019-05-30 3:01 ` [PATCH 5.1 099/405] iwlwifi: pcie: dont crash on invalid RX interrupt Greg Kroah-Hartman
@ 2019-05-30 3:01 ` Greg Kroah-Hartman
2019-05-30 3:01 ` [PATCH 5.1 101/405] rtc: stm32: manage the get_irq probe defer case Greg Kroah-Hartman
` (309 subsequent siblings)
409 siblings, 0 replies; 429+ messages in thread
From: Greg Kroah-Hartman @ 2019-05-30 3:01 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Sven Van Asbroeck, Alexandre Belloni,
Sasha Levin
[ Upstream commit f22b1ba15ee5785aa028384ebf77dd39e8e47b70 ]
The device's remove() attempts to shut down the delayed_work scheduled
on the kernel-global workqueue by calling flush_scheduled_work().
Unfortunately, flush_scheduled_work() does not prevent the delayed_work
from re-scheduling itself. The delayed_work might run after the device
has been removed, and touch the already de-allocated info structure.
This is a potential use-after-free.
Fix by calling cancel_delayed_work_sync() during remove(): this ensures
that the delayed work is properly cancelled, is no longer running, and
is not able to re-schedule itself.
This issue was detected with the help of Coccinelle.
Signed-off-by: Sven Van Asbroeck <TheSven73@gmail.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/rtc/rtc-88pm860x.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/rtc/rtc-88pm860x.c b/drivers/rtc/rtc-88pm860x.c
index d25282b4a7dd1..73697e4b18a9d 100644
--- a/drivers/rtc/rtc-88pm860x.c
+++ b/drivers/rtc/rtc-88pm860x.c
@@ -421,7 +421,7 @@ static int pm860x_rtc_remove(struct platform_device *pdev)
struct pm860x_rtc_info *info = platform_get_drvdata(pdev);
#ifdef VRTC_CALIBRATION
- flush_scheduled_work();
+ cancel_delayed_work_sync(&info->calib_work);
/* disable measurement */
pm860x_set_bits(info->i2c, PM8607_MEAS_EN2, MEAS2_VRTC, 0);
#endif /* VRTC_CALIBRATION */
--
2.20.1
^ permalink raw reply related [flat|nested] 429+ messages in thread
* [PATCH 5.1 101/405] rtc: stm32: manage the get_irq probe defer case
2019-05-30 2:59 [PATCH 5.1 000/405] 5.1.6-stable review Greg Kroah-Hartman
` (99 preceding siblings ...)
2019-05-30 3:01 ` [PATCH 5.1 100/405] rtc: 88pm860x: prevent use-after-free on device remove Greg Kroah-Hartman
@ 2019-05-30 3:01 ` Greg Kroah-Hartman
2019-05-30 3:01 ` [PATCH 5.1 102/405] scsi: qedi: Abort ep termination if offload not scheduled Greg Kroah-Hartman
` (308 subsequent siblings)
409 siblings, 0 replies; 429+ messages in thread
From: Greg Kroah-Hartman @ 2019-05-30 3:01 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Fabien Dessenne, Amelie Delaunay,
Alexandre Belloni, Sasha Levin
[ Upstream commit cf612c5949aca2bd81a1e28688957c8149ea2693 ]
Manage the -EPROBE_DEFER error case for the wake IRQ.
Signed-off-by: Fabien Dessenne <fabien.dessenne@st.com>
Acked-by: Amelie Delaunay <amelie.delaunay@st.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/rtc/rtc-stm32.c | 9 ++++++---
1 file changed, 6 insertions(+), 3 deletions(-)
diff --git a/drivers/rtc/rtc-stm32.c b/drivers/rtc/rtc-stm32.c
index c5908cfea2340..8e6c9b3bcc29a 100644
--- a/drivers/rtc/rtc-stm32.c
+++ b/drivers/rtc/rtc-stm32.c
@@ -788,11 +788,14 @@ static int stm32_rtc_probe(struct platform_device *pdev)
ret = device_init_wakeup(&pdev->dev, true);
if (rtc->data->has_wakeirq) {
rtc->wakeirq_alarm = platform_get_irq(pdev, 1);
- if (rtc->wakeirq_alarm <= 0)
- ret = rtc->wakeirq_alarm;
- else
+ if (rtc->wakeirq_alarm > 0) {
ret = dev_pm_set_dedicated_wake_irq(&pdev->dev,
rtc->wakeirq_alarm);
+ } else {
+ ret = rtc->wakeirq_alarm;
+ if (rtc->wakeirq_alarm == -EPROBE_DEFER)
+ goto err;
+ }
}
if (ret)
dev_warn(&pdev->dev, "alarm can't wake up the system: %d", ret);
--
2.20.1
^ permalink raw reply related [flat|nested] 429+ messages in thread
* [PATCH 5.1 102/405] scsi: qedi: Abort ep termination if offload not scheduled
2019-05-30 2:59 [PATCH 5.1 000/405] 5.1.6-stable review Greg Kroah-Hartman
` (100 preceding siblings ...)
2019-05-30 3:01 ` [PATCH 5.1 101/405] rtc: stm32: manage the get_irq probe defer case Greg Kroah-Hartman
@ 2019-05-30 3:01 ` Greg Kroah-Hartman
2019-05-30 3:01 ` [PATCH 5.1 103/405] s390/kexec_file: Fix detection of text segment in ELF loader Greg Kroah-Hartman
` (307 subsequent siblings)
409 siblings, 0 replies; 429+ messages in thread
From: Greg Kroah-Hartman @ 2019-05-30 3:01 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Manish Rangankar, Martin K. Petersen,
Sasha Levin
[ Upstream commit f848bfd8e167210a29374e8a678892bed591684f ]
Sometimes during connection recovery when there is a failure to resolve
ARP, and offload connection was not issued, driver tries to flush pending
offload connection work which was not queued up.
kernel: WARNING: CPU: 19 PID: 10110 at kernel/workqueue.c:3030 __flush_work.isra.34+0x19c/0x1b0
kernel: CPU: 19 PID: 10110 Comm: iscsid Tainted: G W 5.1.0-rc4 #11
kernel: Hardware name: Dell Inc. PowerEdge R730/0599V5, BIOS 2.9.1 12/04/2018
kernel: RIP: 0010:__flush_work.isra.34+0x19c/0x1b0
kernel: Code: 8b fb 66 0f 1f 44 00 00 31 c0 eb ab 48 89 ef c6 07 00 0f 1f 40 00 fb 66 0f 1f 44 00 00 31 c0 eb 96 e8 08 16 fe ff 0f 0b eb 8d <0f> 0b 31 c0 eb 87 0f 1f 40 00 66 2e 0f 1
f 84 00 00 00 00 00 0f 1f
kernel: RSP: 0018:ffffa6b4054dba68 EFLAGS: 00010246
kernel: RAX: 0000000000000000 RBX: ffff91df21c36fc0 RCX: 0000000000000000
kernel: RDX: 0000000000000001 RSI: 0000000000000000 RDI: ffff91df21c36fc0
kernel: RBP: ffff91df21c36ef0 R08: 0000000000000000 R09: 0000000000000000
kernel: R10: 0000000000000038 R11: ffffa6b4054dbd60 R12: ffffffffc05e72c0
kernel: R13: ffff91db10280820 R14: 0000000000000048 R15: 0000000000000000
kernel: FS: 00007f5d83cc1740(0000) GS:ffff91df2f840000(0000) knlGS:0000000000000000
kernel: CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
kernel: CR2: 0000000001cc5000 CR3: 0000000465450002 CR4: 00000000001606e0
kernel: Call Trace:
kernel: ? try_to_del_timer_sync+0x4d/0x80
kernel: qedi_ep_disconnect+0x3b/0x410 [qedi]
kernel: ? 0xffffffffc083c000
kernel: ? klist_iter_exit+0x14/0x20
kernel: ? class_find_device+0x93/0xf0
kernel: iscsi_if_ep_disconnect.isra.18+0x58/0x70 [scsi_transport_iscsi]
kernel: iscsi_if_recv_msg+0x10e2/0x1510 [scsi_transport_iscsi]
kernel: ? copyout+0x22/0x30
kernel: ? _copy_to_iter+0xa0/0x430
kernel: ? _cond_resched+0x15/0x30
kernel: ? __kmalloc_node_track_caller+0x1f9/0x270
kernel: iscsi_if_rx+0xa5/0x1e0 [scsi_transport_iscsi]
kernel: netlink_unicast+0x17f/0x230
kernel: netlink_sendmsg+0x2d2/0x3d0
kernel: sock_sendmsg+0x36/0x50
kernel: ___sys_sendmsg+0x280/0x2a0
kernel: ? timerqueue_add+0x54/0x80
kernel: ? enqueue_hrtimer+0x38/0x90
kernel: ? hrtimer_start_range_ns+0x19f/0x2c0
kernel: __sys_sendmsg+0x58/0xa0
kernel: do_syscall_64+0x5b/0x180
kernel: entry_SYSCALL_64_after_hwframe+0x44/0xa9
Signed-off-by: Manish Rangankar <mrangankar@marvell.com>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/scsi/qedi/qedi_iscsi.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/drivers/scsi/qedi/qedi_iscsi.c b/drivers/scsi/qedi/qedi_iscsi.c
index 6d6d6013e35b8..bf371e7b957d0 100644
--- a/drivers/scsi/qedi/qedi_iscsi.c
+++ b/drivers/scsi/qedi/qedi_iscsi.c
@@ -1000,6 +1000,9 @@ static void qedi_ep_disconnect(struct iscsi_endpoint *ep)
qedi_ep = ep->dd_data;
qedi = qedi_ep->qedi;
+ if (qedi_ep->state == EP_STATE_OFLDCONN_START)
+ goto ep_exit_recover;
+
flush_work(&qedi_ep->offload_work);
if (qedi_ep->conn) {
--
2.20.1
^ permalink raw reply related [flat|nested] 429+ messages in thread
* [PATCH 5.1 103/405] s390/kexec_file: Fix detection of text segment in ELF loader
2019-05-30 2:59 [PATCH 5.1 000/405] 5.1.6-stable review Greg Kroah-Hartman
` (101 preceding siblings ...)
2019-05-30 3:01 ` [PATCH 5.1 102/405] scsi: qedi: Abort ep termination if offload not scheduled Greg Kroah-Hartman
@ 2019-05-30 3:01 ` Greg Kroah-Hartman
2019-05-30 3:01 ` [PATCH 5.1 104/405] ALSA: hda: fix unregister device twice on ASoC driver Greg Kroah-Hartman
` (306 subsequent siblings)
409 siblings, 0 replies; 429+ messages in thread
From: Greg Kroah-Hartman @ 2019-05-30 3:01 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Philipp Rudo, Martin Schwidefsky,
Sasha Levin
[ Upstream commit 729829d775c9a5217abc784b2f16087d79c4eec8 ]
To register data for the next kernel (command line, oldmem_base, etc.) the
current kernel needs to find the ELF segment that contains head.S. This is
currently done by checking ifor 'phdr->p_paddr == 0'. This works fine for
the current kernel build but in theory the first few pages could be
skipped. Make the detection more robust by checking if the entry point lies
within the segment.
Signed-off-by: Philipp Rudo <prudo@linux.ibm.com>
Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/s390/kernel/kexec_elf.c | 7 ++++++-
1 file changed, 6 insertions(+), 1 deletion(-)
diff --git a/arch/s390/kernel/kexec_elf.c b/arch/s390/kernel/kexec_elf.c
index 5a286b012043b..602e7cc26d118 100644
--- a/arch/s390/kernel/kexec_elf.c
+++ b/arch/s390/kernel/kexec_elf.c
@@ -19,10 +19,15 @@ static int kexec_file_add_elf_kernel(struct kimage *image,
struct kexec_buf buf;
const Elf_Ehdr *ehdr;
const Elf_Phdr *phdr;
+ Elf_Addr entry;
int i, ret;
ehdr = (Elf_Ehdr *)kernel;
buf.image = image;
+ if (image->type == KEXEC_TYPE_CRASH)
+ entry = STARTUP_KDUMP_OFFSET;
+ else
+ entry = ehdr->e_entry;
phdr = (void *)ehdr + ehdr->e_phoff;
for (i = 0; i < ehdr->e_phnum; i++, phdr++) {
@@ -35,7 +40,7 @@ static int kexec_file_add_elf_kernel(struct kimage *image,
buf.mem = ALIGN(phdr->p_paddr, phdr->p_align);
buf.memsz = phdr->p_memsz;
- if (phdr->p_paddr == 0) {
+ if (entry - phdr->p_paddr < phdr->p_memsz) {
data->kernel_buf = buf.buffer;
data->memsz += STARTUP_NORMAL_OFFSET;
--
2.20.1
^ permalink raw reply related [flat|nested] 429+ messages in thread
* [PATCH 5.1 104/405] ALSA: hda: fix unregister device twice on ASoC driver
2019-05-30 2:59 [PATCH 5.1 000/405] 5.1.6-stable review Greg Kroah-Hartman
` (102 preceding siblings ...)
2019-05-30 3:01 ` [PATCH 5.1 103/405] s390/kexec_file: Fix detection of text segment in ELF loader Greg Kroah-Hartman
@ 2019-05-30 3:01 ` Greg Kroah-Hartman
2019-05-30 3:01 ` [PATCH 5.1 105/405] sched/nohz: Run NOHZ idle load balancer on HK_FLAG_MISC CPUs Greg Kroah-Hartman
` (305 subsequent siblings)
409 siblings, 0 replies; 429+ messages in thread
From: Greg Kroah-Hartman @ 2019-05-30 3:01 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Bard liao, Takashi Iwai, Sasha Levin
[ Upstream commit 4d95c51776b2edb4d4ebcea00b6e5a1fe538ce66 ]
snd_hda_codec_device_new() is used by both legacy HDA and ASoC
driver. However, we will call snd_hdac_device_unregister() in
snd_hdac_ext_bus_device_remove() for ASoC device. This patch uses
the type flag in hdac_device struct to determine is it a ASoC device
or legacy HDA device and call snd_hdac_device_unregister() in
snd_hda_codec_dev_free() only if it is a legacy HDA device.
Signed-off-by: Bard liao <yung-chuan.liao@linux.intel.com>
Signed-off-by: Takashi Iwai <tiwai@suse.de>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
sound/pci/hda/hda_codec.c | 8 +++++++-
1 file changed, 7 insertions(+), 1 deletion(-)
diff --git a/sound/pci/hda/hda_codec.c b/sound/pci/hda/hda_codec.c
index 701a69d856f5f..b20eb7fc83eb2 100644
--- a/sound/pci/hda/hda_codec.c
+++ b/sound/pci/hda/hda_codec.c
@@ -832,7 +832,13 @@ static int snd_hda_codec_dev_free(struct snd_device *device)
struct hda_codec *codec = device->device_data;
codec->in_freeing = 1;
- snd_hdac_device_unregister(&codec->core);
+ /*
+ * snd_hda_codec_device_new() is used by legacy HDA and ASoC driver.
+ * We can't unregister ASoC device since it will be unregistered in
+ * snd_hdac_ext_bus_device_remove().
+ */
+ if (codec->core.type == HDA_DEV_LEGACY)
+ snd_hdac_device_unregister(&codec->core);
codec_display_power(codec, false);
put_device(hda_codec_dev(codec));
return 0;
--
2.20.1
^ permalink raw reply related [flat|nested] 429+ messages in thread
* [PATCH 5.1 105/405] sched/nohz: Run NOHZ idle load balancer on HK_FLAG_MISC CPUs
2019-05-30 2:59 [PATCH 5.1 000/405] 5.1.6-stable review Greg Kroah-Hartman
` (103 preceding siblings ...)
2019-05-30 3:01 ` [PATCH 5.1 104/405] ALSA: hda: fix unregister device twice on ASoC driver Greg Kroah-Hartman
@ 2019-05-30 3:01 ` Greg Kroah-Hartman
2019-05-30 3:01 ` [PATCH 5.1 106/405] net: ethernet: ti: cpsw: fix allmulti cfg in dual_mac mode Greg Kroah-Hartman
` (304 subsequent siblings)
409 siblings, 0 replies; 429+ messages in thread
From: Greg Kroah-Hartman @ 2019-05-30 3:01 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Nicholas Piggin,
Peter Zijlstra (Intel),
Frederic Weisbecker, Linus Torvalds, Thomas Gleixner,
Ingo Molnar, Sasha Levin
[ Upstream commit 9b019acb72e4b5741d88e8936d6f200ed44b66b2 ]
The NOHZ idle balancer runs on the lowest idle CPU. This can
interfere with isolated CPUs, so confine it to HK_FLAG_MISC
housekeeping CPUs.
HK_FLAG_SCHED is not used for this because it is not set anywhere
at the moment. This could be folded into HK_FLAG_SCHED once that
option is fixed.
The problem was observed with increased jitter on an application
running on CPU0, caused by NOHZ idle load balancing being run on
CPU1 (an SMT sibling).
Signed-off-by: Nicholas Piggin <npiggin@gmail.com>
Signed-off-by: Peter Zijlstra (Intel) <peterz@infradead.org>
Cc: Frederic Weisbecker <fweisbec@gmail.com>
Cc: Linus Torvalds <torvalds@linux-foundation.org>
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: Thomas Gleixner <tglx@linutronix.de>
Link: https://lkml.kernel.org/r/20190412042613.28930-1-npiggin@gmail.com
Signed-off-by: Ingo Molnar <mingo@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
kernel/sched/fair.c | 16 ++++++++++------
1 file changed, 10 insertions(+), 6 deletions(-)
diff --git a/kernel/sched/fair.c b/kernel/sched/fair.c
index 35f3ea3750844..232491e3ed0db 100644
--- a/kernel/sched/fair.c
+++ b/kernel/sched/fair.c
@@ -9551,22 +9551,26 @@ static inline int on_null_domain(struct rq *rq)
* - When one of the busy CPUs notice that there may be an idle rebalancing
* needed, they will kick the idle load balancer, which then does idle
* load balancing for all the idle CPUs.
+ * - HK_FLAG_MISC CPUs are used for this task, because HK_FLAG_SCHED not set
+ * anywhere yet.
*/
static inline int find_new_ilb(void)
{
- int ilb = cpumask_first(nohz.idle_cpus_mask);
+ int ilb;
- if (ilb < nr_cpu_ids && idle_cpu(ilb))
- return ilb;
+ for_each_cpu_and(ilb, nohz.idle_cpus_mask,
+ housekeeping_cpumask(HK_FLAG_MISC)) {
+ if (idle_cpu(ilb))
+ return ilb;
+ }
return nr_cpu_ids;
}
/*
- * Kick a CPU to do the nohz balancing, if it is time for it. We pick the
- * nohz_load_balancer CPU (if there is one) otherwise fallback to any idle
- * CPU (if there is one).
+ * Kick a CPU to do the nohz balancing, if it is time for it. We pick any
+ * idle CPU in the HK_FLAG_MISC housekeeping set (if there is one).
*/
static void kick_ilb(unsigned int flags)
{
--
2.20.1
^ permalink raw reply related [flat|nested] 429+ messages in thread
* [PATCH 5.1 106/405] net: ethernet: ti: cpsw: fix allmulti cfg in dual_mac mode
2019-05-30 2:59 [PATCH 5.1 000/405] 5.1.6-stable review Greg Kroah-Hartman
` (104 preceding siblings ...)
2019-05-30 3:01 ` [PATCH 5.1 105/405] sched/nohz: Run NOHZ idle load balancer on HK_FLAG_MISC CPUs Greg Kroah-Hartman
@ 2019-05-30 3:01 ` Greg Kroah-Hartman
2019-05-30 3:01 ` [PATCH 5.1 107/405] w1: fix the resume command API Greg Kroah-Hartman
` (303 subsequent siblings)
409 siblings, 0 replies; 429+ messages in thread
From: Greg Kroah-Hartman @ 2019-05-30 3:01 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Grygorii Strashko, David S. Miller,
Sasha Levin
[ Upstream commit 06095f34f8a0a2c4c83a19514c272699edd5f80b ]
Now CPSW ALE will set/clean Host port bit in Unregistered Multicast Flood
Mask (UNREG_MCAST_FLOOD_MASK) for every VLAN without checking if this port
belongs to VLAN or not when ALLMULTI mode flag is set for nedev. This is
working in non dual_mac mode, but in dual_mac - it causes
enabling/disabling ALLMULTI flag for both ports.
Hence fix it by adding additional parameter to cpsw_ale_set_allmulti() to
specify ALE port number for which ALLMULTI has to be enabled and check if
port belongs to VLAN before modifying UNREG_MCAST_FLOOD_MASK.
Signed-off-by: Grygorii Strashko <grygorii.strashko@ti.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/ethernet/ti/cpsw.c | 12 +++++++++---
drivers/net/ethernet/ti/cpsw_ale.c | 19 ++++++++++---------
drivers/net/ethernet/ti/cpsw_ale.h | 3 +--
3 files changed, 20 insertions(+), 14 deletions(-)
diff --git a/drivers/net/ethernet/ti/cpsw.c b/drivers/net/ethernet/ti/cpsw.c
index a591583d120e1..dd12b73a88530 100644
--- a/drivers/net/ethernet/ti/cpsw.c
+++ b/drivers/net/ethernet/ti/cpsw.c
@@ -800,12 +800,17 @@ static int cpsw_purge_all_mc(struct net_device *ndev, const u8 *addr, int num)
static void cpsw_ndo_set_rx_mode(struct net_device *ndev)
{
- struct cpsw_common *cpsw = ndev_to_cpsw(ndev);
+ struct cpsw_priv *priv = netdev_priv(ndev);
+ struct cpsw_common *cpsw = priv->cpsw;
+ int slave_port = -1;
+
+ if (cpsw->data.dual_emac)
+ slave_port = priv->emac_port + 1;
if (ndev->flags & IFF_PROMISC) {
/* Enable promiscuous mode */
cpsw_set_promiscious(ndev, true);
- cpsw_ale_set_allmulti(cpsw->ale, IFF_ALLMULTI);
+ cpsw_ale_set_allmulti(cpsw->ale, IFF_ALLMULTI, slave_port);
return;
} else {
/* Disable promiscuous mode */
@@ -813,7 +818,8 @@ static void cpsw_ndo_set_rx_mode(struct net_device *ndev)
}
/* Restore allmulti on vlans if necessary */
- cpsw_ale_set_allmulti(cpsw->ale, ndev->flags & IFF_ALLMULTI);
+ cpsw_ale_set_allmulti(cpsw->ale,
+ ndev->flags & IFF_ALLMULTI, slave_port);
/* add/remove mcast address either for real netdev or for vlan */
__hw_addr_ref_sync_dev(&ndev->mc, ndev, cpsw_add_mc_addr,
diff --git a/drivers/net/ethernet/ti/cpsw_ale.c b/drivers/net/ethernet/ti/cpsw_ale.c
index 798c989d5d934..b3d9591b4824a 100644
--- a/drivers/net/ethernet/ti/cpsw_ale.c
+++ b/drivers/net/ethernet/ti/cpsw_ale.c
@@ -482,24 +482,25 @@ int cpsw_ale_del_vlan(struct cpsw_ale *ale, u16 vid, int port_mask)
}
EXPORT_SYMBOL_GPL(cpsw_ale_del_vlan);
-void cpsw_ale_set_allmulti(struct cpsw_ale *ale, int allmulti)
+void cpsw_ale_set_allmulti(struct cpsw_ale *ale, int allmulti, int port)
{
u32 ale_entry[ALE_ENTRY_WORDS];
- int type, idx;
int unreg_mcast = 0;
-
- /* Only bother doing the work if the setting is actually changing */
- if (ale->allmulti == allmulti)
- return;
-
- /* Remember the new setting to check against next time */
- ale->allmulti = allmulti;
+ int type, idx;
for (idx = 0; idx < ale->params.ale_entries; idx++) {
+ int vlan_members;
+
cpsw_ale_read(ale, idx, ale_entry);
type = cpsw_ale_get_entry_type(ale_entry);
if (type != ALE_TYPE_VLAN)
continue;
+ vlan_members =
+ cpsw_ale_get_vlan_member_list(ale_entry,
+ ale->vlan_field_bits);
+
+ if (port != -1 && !(vlan_members & BIT(port)))
+ continue;
unreg_mcast =
cpsw_ale_get_vlan_unreg_mcast(ale_entry,
diff --git a/drivers/net/ethernet/ti/cpsw_ale.h b/drivers/net/ethernet/ti/cpsw_ale.h
index cd07a3e96d576..1fe196d8a5e42 100644
--- a/drivers/net/ethernet/ti/cpsw_ale.h
+++ b/drivers/net/ethernet/ti/cpsw_ale.h
@@ -37,7 +37,6 @@ struct cpsw_ale {
struct cpsw_ale_params params;
struct timer_list timer;
unsigned long ageout;
- int allmulti;
u32 version;
/* These bits are different on NetCP NU Switch ALE */
u32 port_mask_bits;
@@ -116,7 +115,7 @@ int cpsw_ale_del_mcast(struct cpsw_ale *ale, const u8 *addr, int port_mask,
int cpsw_ale_add_vlan(struct cpsw_ale *ale, u16 vid, int port, int untag,
int reg_mcast, int unreg_mcast);
int cpsw_ale_del_vlan(struct cpsw_ale *ale, u16 vid, int port);
-void cpsw_ale_set_allmulti(struct cpsw_ale *ale, int allmulti);
+void cpsw_ale_set_allmulti(struct cpsw_ale *ale, int allmulti, int port);
int cpsw_ale_control_get(struct cpsw_ale *ale, int port, int control);
int cpsw_ale_control_set(struct cpsw_ale *ale, int port,
--
2.20.1
^ permalink raw reply related [flat|nested] 429+ messages in thread
* [PATCH 5.1 107/405] w1: fix the resume command API
2019-05-30 2:59 [PATCH 5.1 000/405] 5.1.6-stable review Greg Kroah-Hartman
` (105 preceding siblings ...)
2019-05-30 3:01 ` [PATCH 5.1 106/405] net: ethernet: ti: cpsw: fix allmulti cfg in dual_mac mode Greg Kroah-Hartman
@ 2019-05-30 3:01 ` Greg Kroah-Hartman
2019-05-30 3:01 ` [PATCH 5.1 108/405] net: hns3: fix pause configure fail problem Greg Kroah-Hartman
` (302 subsequent siblings)
409 siblings, 0 replies; 429+ messages in thread
From: Greg Kroah-Hartman @ 2019-05-30 3:01 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Mariusz Bialonczyk,
Jean-Francois Dagenais, Sasha Levin
[ Upstream commit 62909da8aca048ecf9fbd7e484e5100608f40a63 ]
>From the DS2408 datasheet [1]:
"Resume Command function checks the status of the RC flag and, if it is set,
directly transfers control to the control functions, similar to a Skip ROM
command. The only way to set the RC flag is through successfully executing
the Match ROM, Search ROM, Conditional Search ROM, or Overdrive-Match ROM
command"
The function currently works perfectly fine in a multidrop bus, but when we
have only a single slave connected, then only a Skip ROM is used and Match
ROM is not called at all. This is leading to problems e.g. with single one
DS2408 connected, as the Resume Command is not working properly and the
device is responding with failing results after the Resume Command.
This commit is fixing this by using a Skip ROM instead in those cases.
The bandwidth / performance advantage is exactly the same.
Refs:
[1] https://datasheets.maximintegrated.com/en/ds/DS2408.pdf
Signed-off-by: Mariusz Bialonczyk <manio@skyboo.net>
Reviewed-by: Jean-Francois Dagenais <jeff.dagenais@gmail.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/w1/w1_io.c | 3 +--
1 file changed, 1 insertion(+), 2 deletions(-)
diff --git a/drivers/w1/w1_io.c b/drivers/w1/w1_io.c
index 0364d3329c526..3516ce6718d94 100644
--- a/drivers/w1/w1_io.c
+++ b/drivers/w1/w1_io.c
@@ -432,8 +432,7 @@ int w1_reset_resume_command(struct w1_master *dev)
if (w1_reset_bus(dev))
return -1;
- /* This will make only the last matched slave perform a skip ROM. */
- w1_write_8(dev, W1_RESUME_CMD);
+ w1_write_8(dev, dev->slave_count > 1 ? W1_RESUME_CMD : W1_SKIP_ROM);
return 0;
}
EXPORT_SYMBOL_GPL(w1_reset_resume_command);
--
2.20.1
^ permalink raw reply related [flat|nested] 429+ messages in thread
* [PATCH 5.1 108/405] net: hns3: fix pause configure fail problem
2019-05-30 2:59 [PATCH 5.1 000/405] 5.1.6-stable review Greg Kroah-Hartman
` (106 preceding siblings ...)
2019-05-30 3:01 ` [PATCH 5.1 107/405] w1: fix the resume command API Greg Kroah-Hartman
@ 2019-05-30 3:01 ` Greg Kroah-Hartman
2019-05-30 3:01 ` [PATCH 5.1 109/405] net: hns3: fix for TX clean num when cleaning TX BD Greg Kroah-Hartman
` (301 subsequent siblings)
409 siblings, 0 replies; 429+ messages in thread
From: Greg Kroah-Hartman @ 2019-05-30 3:01 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Huazhong Tan, Peng Li,
David S. Miller, Sasha Levin
[ Upstream commit fba2efdae8b4f998f66a2ff4c9f0575e1c4bbc40 ]
When configure pause, current implementation returns directly
after setup PFC without setup BP, which is not sufficient.
So this patch fixes it, only return while setting PFC failed.
Fixes: 44e59e375bf7 ("net: hns3: do not return GE PFC setting err when initializing")
Signed-off-by: Huazhong Tan <tanhuazhong@huawei.com>
Signed-off-by: Peng Li <lipeng321@huawei.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/ethernet/hisilicon/hns3/hns3pf/hclge_tm.c | 5 ++++-
1 file changed, 4 insertions(+), 1 deletion(-)
diff --git a/drivers/net/ethernet/hisilicon/hns3/hns3pf/hclge_tm.c b/drivers/net/ethernet/hisilicon/hns3/hns3pf/hclge_tm.c
index aafc69f4bfdd6..a7bbb6d3091a6 100644
--- a/drivers/net/ethernet/hisilicon/hns3/hns3pf/hclge_tm.c
+++ b/drivers/net/ethernet/hisilicon/hns3/hns3pf/hclge_tm.c
@@ -1331,8 +1331,11 @@ int hclge_pause_setup_hw(struct hclge_dev *hdev, bool init)
ret = hclge_pfc_setup_hw(hdev);
if (init && ret == -EOPNOTSUPP)
dev_warn(&hdev->pdev->dev, "GE MAC does not support pfc\n");
- else
+ else if (ret) {
+ dev_err(&hdev->pdev->dev, "config pfc failed! ret = %d\n",
+ ret);
return ret;
+ }
return hclge_tm_bp_setup(hdev);
}
--
2.20.1
^ permalink raw reply related [flat|nested] 429+ messages in thread
* [PATCH 5.1 109/405] net: hns3: fix for TX clean num when cleaning TX BD
2019-05-30 2:59 [PATCH 5.1 000/405] 5.1.6-stable review Greg Kroah-Hartman
` (107 preceding siblings ...)
2019-05-30 3:01 ` [PATCH 5.1 108/405] net: hns3: fix pause configure fail problem Greg Kroah-Hartman
@ 2019-05-30 3:01 ` Greg Kroah-Hartman
2019-05-30 3:01 ` [PATCH 5.1 110/405] net: phy: improve genphy_soft_reset Greg Kroah-Hartman
` (300 subsequent siblings)
409 siblings, 0 replies; 429+ messages in thread
From: Greg Kroah-Hartman @ 2019-05-30 3:01 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Yunsheng Lin, Peng Li, Huazhong Tan,
David S. Miller, Sasha Levin
[ Upstream commit 63380a1ae4ced8aef67659ff9547c69ef8b9613a ]
hns3_desc_unused() returns how many BD have been cleaned, but new
buffer has not been attached to them. The register of
HNS3_RING_RX_RING_FBDNUM_REG returns how many BD need allocating new
buffer to or need to cleaned. So the remaining BD need to be clean
is HNS3_RING_RX_RING_FBDNUM_REG - hns3_desc_unused().
Also, new buffer can not attach to the pending BD when the last BD is
not handled, because memcpy has not been done on the first pending BD.
This patch fixes by subtracting the pending BD num from unused_count
after 'HNS3_RING_RX_RING_FBDNUM_REG - unused_count' is used to calculate
the BD bum need to be clean.
Fixes: e55970950556 ("net: hns3: Add handling of GRO Pkts not fully RX'ed in NAPI poll")
Signed-off-by: Yunsheng Lin <linyunsheng@huawei.com>
Signed-off-by: Peng Li <lipeng321@huawei.com>
Signed-off-by: Huazhong Tan <tanhuazhong@huawei.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/ethernet/hisilicon/hns3/hns3_enet.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/drivers/net/ethernet/hisilicon/hns3/hns3_enet.c b/drivers/net/ethernet/hisilicon/hns3/hns3_enet.c
index 162cb9afa0e70..0208efe282775 100644
--- a/drivers/net/ethernet/hisilicon/hns3/hns3_enet.c
+++ b/drivers/net/ethernet/hisilicon/hns3/hns3_enet.c
@@ -2705,7 +2705,7 @@ int hns3_clean_rx_ring(
#define RCB_NOF_ALLOC_RX_BUFF_ONCE 16
struct net_device *netdev = ring->tqp->handle->kinfo.netdev;
int recv_pkts, recv_bds, clean_count, err;
- int unused_count = hns3_desc_unused(ring) - ring->pending_buf;
+ int unused_count = hns3_desc_unused(ring);
struct sk_buff *skb = ring->skb;
int num;
@@ -2714,6 +2714,7 @@ int hns3_clean_rx_ring(
recv_pkts = 0, recv_bds = 0, clean_count = 0;
num -= unused_count;
+ unused_count -= ring->pending_buf;
while (recv_pkts < budget && recv_bds < num) {
/* Reuse or realloc buffers */
--
2.20.1
^ permalink raw reply related [flat|nested] 429+ messages in thread
* [PATCH 5.1 110/405] net: phy: improve genphy_soft_reset
2019-05-30 2:59 [PATCH 5.1 000/405] 5.1.6-stable review Greg Kroah-Hartman
` (108 preceding siblings ...)
2019-05-30 3:01 ` [PATCH 5.1 109/405] net: hns3: fix for TX clean num when cleaning TX BD Greg Kroah-Hartman
@ 2019-05-30 3:01 ` Greg Kroah-Hartman
2019-05-30 3:01 ` [PATCH 5.1 111/405] s390: qeth: address type mismatch warning Greg Kroah-Hartman
` (299 subsequent siblings)
409 siblings, 0 replies; 429+ messages in thread
From: Greg Kroah-Hartman @ 2019-05-30 3:01 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Heiner Kallweit, David S. Miller,
Sasha Levin
[ Upstream commit 8c90b795e90f7753d23c18e8b95dd71b4a18c5d9 ]
PHY's behave differently when being reset. Some reset registers to
defaults, some don't. Some trigger an autoneg restart, some don't.
So let's also set the autoneg restart bit when resetting. Then PHY
behavior should be more consistent. Clearing BMCR_ISOLATE serves the
same purpose and is borrowed from genphy_restart_aneg.
BMCR holds the speed / duplex settings in fixed mode. Therefore
we may have an issue if a soft reset resets BMCR to its default.
So better call genphy_setup_forced() afterwards in fixed mode.
We've seen no related complaint in the last >10 yrs, so let's
treat it as an improvement.
Signed-off-by: Heiner Kallweit <hkallweit1@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/phy/phy_device.c | 16 ++++++++++++++--
1 file changed, 14 insertions(+), 2 deletions(-)
diff --git a/drivers/net/phy/phy_device.c b/drivers/net/phy/phy_device.c
index cd5966b0db571..f6a6cc5bf118d 100644
--- a/drivers/net/phy/phy_device.c
+++ b/drivers/net/phy/phy_device.c
@@ -1829,13 +1829,25 @@ EXPORT_SYMBOL(genphy_read_status);
*/
int genphy_soft_reset(struct phy_device *phydev)
{
+ u16 res = BMCR_RESET;
int ret;
- ret = phy_set_bits(phydev, MII_BMCR, BMCR_RESET);
+ if (phydev->autoneg == AUTONEG_ENABLE)
+ res |= BMCR_ANRESTART;
+
+ ret = phy_modify(phydev, MII_BMCR, BMCR_ISOLATE, res);
if (ret < 0)
return ret;
- return phy_poll_reset(phydev);
+ ret = phy_poll_reset(phydev);
+ if (ret)
+ return ret;
+
+ /* BMCR may be reset to defaults */
+ if (phydev->autoneg == AUTONEG_DISABLE)
+ ret = genphy_setup_forced(phydev);
+
+ return ret;
}
EXPORT_SYMBOL(genphy_soft_reset);
--
2.20.1
^ permalink raw reply related [flat|nested] 429+ messages in thread
* [PATCH 5.1 111/405] s390: qeth: address type mismatch warning
2019-05-30 2:59 [PATCH 5.1 000/405] 5.1.6-stable review Greg Kroah-Hartman
` (109 preceding siblings ...)
2019-05-30 3:01 ` [PATCH 5.1 110/405] net: phy: improve genphy_soft_reset Greg Kroah-Hartman
@ 2019-05-30 3:01 ` Greg Kroah-Hartman
2019-05-30 3:01 ` [PATCH 5.1 112/405] arm64: futex: Fix FUTEX_WAKE_OP atomic ops with non-zero result value Greg Kroah-Hartman
` (298 subsequent siblings)
409 siblings, 0 replies; 429+ messages in thread
From: Greg Kroah-Hartman @ 2019-05-30 3:01 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Nathan Chancellor, Arnd Bergmann,
Julian Wiedmann, David S. Miller, Sasha Levin
[ Upstream commit 46b83629dede262315aa82179d105581f11763b6 ]
clang produces a harmless warning for each use for the qeth_adp_supported
macro:
drivers/s390/net/qeth_l2_main.c:559:31: warning: implicit conversion from enumeration type 'enum qeth_ipa_setadp_cmd' to
different enumeration type 'enum qeth_ipa_funcs' [-Wenum-conversion]
if (qeth_adp_supported(card, IPA_SETADP_SET_PROMISC_MODE))
~~~~~~~~~~~~~~~~~~~~~~~~~^~~~~~~~~~~~~~~~~~~~~~~~~~~~
drivers/s390/net/qeth_core.h:179:41: note: expanded from macro 'qeth_adp_supported'
qeth_is_ipa_supported(&c->options.adp, f)
~~~~~~~~~~~~~~~~~~~~~ ^
Add a version of this macro that uses the correct types, and
remove the unused qeth_adp_enabled() macro that has the same
problem.
Reviewed-by: Nathan Chancellor <natechancellor@gmail.com>
Signed-off-by: Arnd Bergmann <arnd@arndb.de>
Signed-off-by: Julian Wiedmann <jwi@linux.ibm.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/s390/net/qeth_core.h | 10 +++++++---
1 file changed, 7 insertions(+), 3 deletions(-)
diff --git a/drivers/s390/net/qeth_core.h b/drivers/s390/net/qeth_core.h
index c851cf6e01c43..d603dfea97ab2 100644
--- a/drivers/s390/net/qeth_core.h
+++ b/drivers/s390/net/qeth_core.h
@@ -163,6 +163,12 @@ struct qeth_vnicc_info {
bool rx_bcast_enabled;
};
+static inline int qeth_is_adp_supported(struct qeth_ipa_info *ipa,
+ enum qeth_ipa_setadp_cmd func)
+{
+ return (ipa->supported_funcs & func);
+}
+
static inline int qeth_is_ipa_supported(struct qeth_ipa_info *ipa,
enum qeth_ipa_funcs func)
{
@@ -176,9 +182,7 @@ static inline int qeth_is_ipa_enabled(struct qeth_ipa_info *ipa,
}
#define qeth_adp_supported(c, f) \
- qeth_is_ipa_supported(&c->options.adp, f)
-#define qeth_adp_enabled(c, f) \
- qeth_is_ipa_enabled(&c->options.adp, f)
+ qeth_is_adp_supported(&c->options.adp, f)
#define qeth_is_supported(c, f) \
qeth_is_ipa_supported(&c->options.ipa4, f)
#define qeth_is_enabled(c, f) \
--
2.20.1
^ permalink raw reply related [flat|nested] 429+ messages in thread
* [PATCH 5.1 112/405] arm64: futex: Fix FUTEX_WAKE_OP atomic ops with non-zero result value
2019-05-30 2:59 [PATCH 5.1 000/405] 5.1.6-stable review Greg Kroah-Hartman
` (110 preceding siblings ...)
2019-05-30 3:01 ` [PATCH 5.1 111/405] s390: qeth: address type mismatch warning Greg Kroah-Hartman
@ 2019-05-30 3:01 ` Greg Kroah-Hartman
2019-05-30 3:01 ` [PATCH 5.1 113/405] net: hns3: use atomic_t replace u32 for arqs count Greg Kroah-Hartman
` (297 subsequent siblings)
409 siblings, 0 replies; 429+ messages in thread
From: Greg Kroah-Hartman @ 2019-05-30 3:01 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, stable, Will Deacon, Sasha Levin
[ Upstream commit 84ff7a09c371bc7417eabfda19bf7f113ec917b6 ]
Rather embarrassingly, our futex() FUTEX_WAKE_OP implementation doesn't
explicitly set the return value on the non-faulting path and instead
leaves it holding the result of the underlying atomic operation. This
means that any FUTEX_WAKE_OP atomic operation which computes a non-zero
value will be reported as having failed. Regrettably, I wrote the buggy
code back in 2011 and it was upstreamed as part of the initial arm64
support in 2012.
The reasons we appear to get away with this are:
1. FUTEX_WAKE_OP is rarely used and therefore doesn't appear to get
exercised by futex() test applications
2. If the result of the atomic operation is zero, the system call
behaves correctly
3. Prior to version 2.25, the only operation used by GLIBC set the
futex to zero, and therefore worked as expected. From 2.25 onwards,
FUTEX_WAKE_OP is not used by GLIBC at all.
Fix the implementation by ensuring that the return value is either 0
to indicate that the atomic operation completed successfully, or -EFAULT
if we encountered a fault when accessing the user mapping.
Cc: <stable@kernel.org>
Fixes: 6170a97460db ("arm64: Atomic operations")
Signed-off-by: Will Deacon <will.deacon@arm.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/arm64/include/asm/futex.h | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/arch/arm64/include/asm/futex.h b/arch/arm64/include/asm/futex.h
index 6fb2214333a24..2d78ea6932b7b 100644
--- a/arch/arm64/include/asm/futex.h
+++ b/arch/arm64/include/asm/futex.h
@@ -58,7 +58,7 @@ do { \
static inline int
arch_futex_atomic_op_inuser(int op, int oparg, int *oval, u32 __user *_uaddr)
{
- int oldval = 0, ret, tmp;
+ int oldval, ret, tmp;
u32 __user *uaddr = __uaccess_mask_ptr(_uaddr);
pagefault_disable();
--
2.20.1
^ permalink raw reply related [flat|nested] 429+ messages in thread
* [PATCH 5.1 113/405] net: hns3: use atomic_t replace u32 for arqs count
2019-05-30 2:59 [PATCH 5.1 000/405] 5.1.6-stable review Greg Kroah-Hartman
` (111 preceding siblings ...)
2019-05-30 3:01 ` [PATCH 5.1 112/405] arm64: futex: Fix FUTEX_WAKE_OP atomic ops with non-zero result value Greg Kroah-Hartman
@ 2019-05-30 3:01 ` Greg Kroah-Hartman
2019-05-30 3:01 ` [PATCH 5.1 114/405] dmaengine: pl330: _stop: clear interrupt status Greg Kroah-Hartman
` (296 subsequent siblings)
409 siblings, 0 replies; 429+ messages in thread
From: Greg Kroah-Hartman @ 2019-05-30 3:01 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Huazhong Tan, Peng Li,
David S. Miller, Sasha Levin
[ Upstream commit 30780a8b1677e7409b32ae52a9a84f7d41ae6b43 ]
Since irq handler and mailbox task will both update arq's count,
so arq's count should use atomic_t instead of u32, otherwise
its value may go wrong finally.
Fixes: 07a0556a3a73 ("net: hns3: Changes to support ARQ(Asynchronous Receive Queue)")
Signed-off-by: Huazhong Tan <tanhuazhong@huawei.com>
Signed-off-by: Peng Li <lipeng321@huawei.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/ethernet/hisilicon/hns3/hclge_mbx.h | 2 +-
drivers/net/ethernet/hisilicon/hns3/hns3vf/hclgevf_cmd.c | 2 +-
drivers/net/ethernet/hisilicon/hns3/hns3vf/hclgevf_mbx.c | 7 ++++---
3 files changed, 6 insertions(+), 5 deletions(-)
diff --git a/drivers/net/ethernet/hisilicon/hns3/hclge_mbx.h b/drivers/net/ethernet/hisilicon/hns3/hclge_mbx.h
index 299b277bc7ae9..589b7ee32bff8 100644
--- a/drivers/net/ethernet/hisilicon/hns3/hclge_mbx.h
+++ b/drivers/net/ethernet/hisilicon/hns3/hclge_mbx.h
@@ -107,7 +107,7 @@ struct hclgevf_mbx_arq_ring {
struct hclgevf_dev *hdev;
u32 head;
u32 tail;
- u32 count;
+ atomic_t count;
u16 msg_q[HCLGE_MBX_MAX_ARQ_MSG_NUM][HCLGE_MBX_MAX_ARQ_MSG_SIZE];
};
diff --git a/drivers/net/ethernet/hisilicon/hns3/hns3vf/hclgevf_cmd.c b/drivers/net/ethernet/hisilicon/hns3/hns3vf/hclgevf_cmd.c
index 9441b453d38df..9a0a501908aec 100644
--- a/drivers/net/ethernet/hisilicon/hns3/hns3vf/hclgevf_cmd.c
+++ b/drivers/net/ethernet/hisilicon/hns3/hns3vf/hclgevf_cmd.c
@@ -327,7 +327,7 @@ int hclgevf_cmd_init(struct hclgevf_dev *hdev)
hdev->arq.hdev = hdev;
hdev->arq.head = 0;
hdev->arq.tail = 0;
- hdev->arq.count = 0;
+ atomic_set(&hdev->arq.count, 0);
hdev->hw.cmq.csq.next_to_clean = 0;
hdev->hw.cmq.csq.next_to_use = 0;
hdev->hw.cmq.crq.next_to_clean = 0;
diff --git a/drivers/net/ethernet/hisilicon/hns3/hns3vf/hclgevf_mbx.c b/drivers/net/ethernet/hisilicon/hns3/hns3vf/hclgevf_mbx.c
index 7dc3c9f79169f..4f2c77283cb43 100644
--- a/drivers/net/ethernet/hisilicon/hns3/hns3vf/hclgevf_mbx.c
+++ b/drivers/net/ethernet/hisilicon/hns3/hns3vf/hclgevf_mbx.c
@@ -208,7 +208,8 @@ void hclgevf_mbx_handler(struct hclgevf_dev *hdev)
/* we will drop the async msg if we find ARQ as full
* and continue with next message
*/
- if (hdev->arq.count >= HCLGE_MBX_MAX_ARQ_MSG_NUM) {
+ if (atomic_read(&hdev->arq.count) >=
+ HCLGE_MBX_MAX_ARQ_MSG_NUM) {
dev_warn(&hdev->pdev->dev,
"Async Q full, dropping msg(%d)\n",
req->msg[1]);
@@ -220,7 +221,7 @@ void hclgevf_mbx_handler(struct hclgevf_dev *hdev)
memcpy(&msg_q[0], req->msg,
HCLGE_MBX_MAX_ARQ_MSG_SIZE * sizeof(u16));
hclge_mbx_tail_ptr_move_arq(hdev->arq);
- hdev->arq.count++;
+ atomic_inc(&hdev->arq.count);
hclgevf_mbx_task_schedule(hdev);
@@ -308,7 +309,7 @@ void hclgevf_mbx_async_handler(struct hclgevf_dev *hdev)
}
hclge_mbx_head_ptr_move_arq(hdev->arq);
- hdev->arq.count--;
+ atomic_dec(&hdev->arq.count);
msg_q = hdev->arq.msg_q[hdev->arq.head];
}
}
--
2.20.1
^ permalink raw reply related [flat|nested] 429+ messages in thread
* [PATCH 5.1 114/405] dmaengine: pl330: _stop: clear interrupt status
2019-05-30 2:59 [PATCH 5.1 000/405] 5.1.6-stable review Greg Kroah-Hartman
` (112 preceding siblings ...)
2019-05-30 3:01 ` [PATCH 5.1 113/405] net: hns3: use atomic_t replace u32 for arqs count Greg Kroah-Hartman
@ 2019-05-30 3:01 ` Greg Kroah-Hartman
2019-05-30 3:01 ` [PATCH 5.1 115/405] mac80211/cfg80211: update bss channel on channel switch Greg Kroah-Hartman
` (295 subsequent siblings)
409 siblings, 0 replies; 429+ messages in thread
From: Greg Kroah-Hartman @ 2019-05-30 3:01 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Sugar Zhang, Vinod Koul, Sasha Levin
[ Upstream commit 2da254cc7908105a60a6bb219d18e8dced03dcb9 ]
This patch kill instructs the DMAC to immediately terminate
execution of a thread. and then clear the interrupt status,
at last, stop generating interrupts for DMA_SEV. to guarantee
the next dma start is clean. otherwise, one interrupt maybe leave
to next start and make some mistake.
we can reporduce the problem as follows:
DMASEV: modify the event-interrupt resource, and if the INTEN sets
function as interrupt, the DMAC will set irq<event_num> HIGH to
generate interrupt. write INTCLR to clear interrupt.
DMA EXECUTING INSTRUCTS DMA TERMINATE
| |
| |
... _stop
| |
| spin_lock_irqsave
DMASEV |
| |
| mask INTEN
| |
| DMAKILL
| |
| spin_unlock_irqrestore
in above case, a interrupt was left, and if we unmask INTEN, the DMAC
will set irq<event_num> HIGH to generate interrupt.
to fix this, do as follows:
DMA EXECUTING INSTRUCTS DMA TERMINATE
| |
| |
... _stop
| |
| spin_lock_irqsave
DMASEV |
| |
| DMAKILL
| |
| clear INTCLR
| mask INTEN
| |
| spin_unlock_irqrestore
Signed-off-by: Sugar Zhang <sugar.zhang@rock-chips.com>
Signed-off-by: Vinod Koul <vkoul@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/dma/pl330.c | 10 +++++++---
1 file changed, 7 insertions(+), 3 deletions(-)
diff --git a/drivers/dma/pl330.c b/drivers/dma/pl330.c
index eec79fdf27a5b..56695ffb5d377 100644
--- a/drivers/dma/pl330.c
+++ b/drivers/dma/pl330.c
@@ -966,6 +966,7 @@ static void _stop(struct pl330_thread *thrd)
{
void __iomem *regs = thrd->dmac->base;
u8 insn[6] = {0, 0, 0, 0, 0, 0};
+ u32 inten = readl(regs + INTEN);
if (_state(thrd) == PL330_STATE_FAULT_COMPLETING)
UNTIL(thrd, PL330_STATE_FAULTING | PL330_STATE_KILLING);
@@ -978,10 +979,13 @@ static void _stop(struct pl330_thread *thrd)
_emit_KILL(0, insn);
- /* Stop generating interrupts for SEV */
- writel(readl(regs + INTEN) & ~(1 << thrd->ev), regs + INTEN);
-
_execute_DBGINSN(thrd, insn, is_manager(thrd));
+
+ /* clear the event */
+ if (inten & (1 << thrd->ev))
+ writel(1 << thrd->ev, regs + INTCLR);
+ /* Stop generating interrupts for SEV */
+ writel(inten & ~(1 << thrd->ev), regs + INTEN);
}
/* Start doing req 'idx' of thread 'thrd' */
--
2.20.1
^ permalink raw reply related [flat|nested] 429+ messages in thread
* [PATCH 5.1 115/405] mac80211/cfg80211: update bss channel on channel switch
2019-05-30 2:59 [PATCH 5.1 000/405] 5.1.6-stable review Greg Kroah-Hartman
` (113 preceding siblings ...)
2019-05-30 3:01 ` [PATCH 5.1 114/405] dmaengine: pl330: _stop: clear interrupt status Greg Kroah-Hartman
@ 2019-05-30 3:01 ` Greg Kroah-Hartman
2019-05-30 3:01 ` [PATCH 5.1 116/405] drm: prefix header search paths with $(srctree)/ Greg Kroah-Hartman
` (294 subsequent siblings)
409 siblings, 0 replies; 429+ messages in thread
From: Greg Kroah-Hartman @ 2019-05-30 3:01 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Sergey Matyukevich, Johannes Berg,
Sasha Levin
[ Upstream commit 5dc8cdce1d722c733f8c7af14c5fb595cfedbfa8 ]
FullMAC STAs have no way to update bss channel after CSA channel switch
completion. As a result, user-space tools may provide inconsistent
channel info. For instance, consider the following two commands:
$ sudo iw dev wlan0 link
$ sudo iw dev wlan0 info
The latter command gets channel info from the hardware, so most probably
its output will be correct. However the former command gets channel info
from scan cache, so its output will contain outdated channel info.
In fact, current bss channel info will not be updated until the
next [re-]connect.
Note that mac80211 STAs have a workaround for this, but it requires
access to internal cfg80211 data, see ieee80211_chswitch_work:
/* XXX: shouldn't really modify cfg80211-owned data! */
ifmgd->associated->channel = sdata->csa_chandef.chan;
This patch suggests to convert mac80211 workaround into cfg80211 behavior
and to update current bss channel in cfg80211_ch_switch_notify.
Signed-off-by: Sergey Matyukevich <sergey.matyukevich.os@quantenna.com>
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
net/mac80211/mlme.c | 3 ---
net/wireless/nl80211.c | 5 +++++
2 files changed, 5 insertions(+), 3 deletions(-)
diff --git a/net/mac80211/mlme.c b/net/mac80211/mlme.c
index 2dbcf5d5512ef..b7a9fe3d5fcb7 100644
--- a/net/mac80211/mlme.c
+++ b/net/mac80211/mlme.c
@@ -1188,9 +1188,6 @@ static void ieee80211_chswitch_work(struct work_struct *work)
goto out;
}
- /* XXX: shouldn't really modify cfg80211-owned data! */
- ifmgd->associated->channel = sdata->csa_chandef.chan;
-
ifmgd->csa_waiting_bcn = true;
ieee80211_sta_reset_beacon_monitor(sdata);
diff --git a/net/wireless/nl80211.c b/net/wireless/nl80211.c
index 47e30a58566c2..d2a7459a5da43 100644
--- a/net/wireless/nl80211.c
+++ b/net/wireless/nl80211.c
@@ -15727,6 +15727,11 @@ void cfg80211_ch_switch_notify(struct net_device *dev,
wdev->chandef = *chandef;
wdev->preset_chandef = *chandef;
+
+ if (wdev->iftype == NL80211_IFTYPE_STATION &&
+ !WARN_ON(!wdev->current_bss))
+ wdev->current_bss->pub.channel = chandef->chan;
+
nl80211_ch_switch_notify(rdev, dev, chandef, GFP_KERNEL,
NL80211_CMD_CH_SWITCH_NOTIFY, 0);
}
--
2.20.1
^ permalink raw reply related [flat|nested] 429+ messages in thread
* [PATCH 5.1 116/405] drm: prefix header search paths with $(srctree)/
2019-05-30 2:59 [PATCH 5.1 000/405] 5.1.6-stable review Greg Kroah-Hartman
` (114 preceding siblings ...)
2019-05-30 3:01 ` [PATCH 5.1 115/405] mac80211/cfg80211: update bss channel on channel switch Greg Kroah-Hartman
@ 2019-05-30 3:01 ` Greg Kroah-Hartman
2019-05-30 3:01 ` [PATCH 5.1 117/405] libbpf: fix samples/bpf build failure due to undefined UINT32_MAX Greg Kroah-Hartman
` (293 subsequent siblings)
409 siblings, 0 replies; 429+ messages in thread
From: Greg Kroah-Hartman @ 2019-05-30 3:01 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Masahiro Yamada, Sam Ravnborg,
James Qian Wang (Arm Technology China),
Liviu Dudau, Daniel Vetter, Sasha Levin
[ Upstream commit 43068cb7ba1f6ceb1523e947c84002b2a61fd6d4 ]
Currently, the Kbuild core manipulates header search paths in a crazy
way [1].
To fix this mess, I want all Makefiles to add explicit $(srctree)/ to
the search paths in the srctree. Some Makefiles are already written in
that way, but not all. The goal of this work is to make the notation
consistent, and finally get rid of the gross hacks.
Having whitespaces after -I does not matter since commit 48f6e3cf5bc6
("kbuild: do not drop -I without parameter").
[1]: https://patchwork.kernel.org/patch/9632347/
Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com>
Reviewed-by: Sam Ravnborg <sam@ravnborg.org>
Reviewed-by: James Qian Wang (Arm Technology China) <james.qian.wang@arm.com>
Acked-by: Liviu Dudau <liviu.dudau@arm.com>
Signed-off-by: Daniel Vetter <daniel.vetter@ffwll.ch>
Link: https://patchwork.freedesktop.org/patch/msgid/1553859161-2628-1-git-send-email-yamada.masahiro@socionext.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/gpu/drm/amd/amdgpu/Makefile | 2 +-
drivers/gpu/drm/arm/display/komeda/Makefile | 4 ++--
drivers/gpu/drm/i915/gvt/Makefile | 2 +-
drivers/gpu/drm/msm/Makefile | 6 +++---
drivers/gpu/drm/nouveau/Kbuild | 8 ++++----
5 files changed, 11 insertions(+), 11 deletions(-)
diff --git a/drivers/gpu/drm/amd/amdgpu/Makefile b/drivers/gpu/drm/amd/amdgpu/Makefile
index 466da5954a682..62bf9da25e4b3 100644
--- a/drivers/gpu/drm/amd/amdgpu/Makefile
+++ b/drivers/gpu/drm/amd/amdgpu/Makefile
@@ -23,7 +23,7 @@
# Makefile for the drm device driver. This driver provides support for the
# Direct Rendering Infrastructure (DRI) in XFree86 4.1.0 and higher.
-FULL_AMD_PATH=$(src)/..
+FULL_AMD_PATH=$(srctree)/$(src)/..
DISPLAY_FOLDER_NAME=display
FULL_AMD_DISPLAY_PATH = $(FULL_AMD_PATH)/$(DISPLAY_FOLDER_NAME)
diff --git a/drivers/gpu/drm/arm/display/komeda/Makefile b/drivers/gpu/drm/arm/display/komeda/Makefile
index 1b875e5dc0f6f..a72e30c0e03d3 100644
--- a/drivers/gpu/drm/arm/display/komeda/Makefile
+++ b/drivers/gpu/drm/arm/display/komeda/Makefile
@@ -1,8 +1,8 @@
# SPDX-License-Identifier: GPL-2.0
ccflags-y := \
- -I$(src)/../include \
- -I$(src)
+ -I $(srctree)/$(src)/../include \
+ -I $(srctree)/$(src)
komeda-y := \
komeda_drv.o \
diff --git a/drivers/gpu/drm/i915/gvt/Makefile b/drivers/gpu/drm/i915/gvt/Makefile
index 271fb46d4dd0d..ea8324abc784a 100644
--- a/drivers/gpu/drm/i915/gvt/Makefile
+++ b/drivers/gpu/drm/i915/gvt/Makefile
@@ -5,5 +5,5 @@ GVT_SOURCE := gvt.o aperture_gm.o handlers.o vgpu.o trace_points.o firmware.o \
execlist.o scheduler.o sched_policy.o mmio_context.o cmd_parser.o debugfs.o \
fb_decoder.o dmabuf.o page_track.o
-ccflags-y += -I$(src) -I$(src)/$(GVT_DIR)
+ccflags-y += -I $(srctree)/$(src) -I $(srctree)/$(src)/$(GVT_DIR)/
i915-y += $(addprefix $(GVT_DIR)/, $(GVT_SOURCE))
diff --git a/drivers/gpu/drm/msm/Makefile b/drivers/gpu/drm/msm/Makefile
index 56a70c74af4ed..b7b1ebdc81902 100644
--- a/drivers/gpu/drm/msm/Makefile
+++ b/drivers/gpu/drm/msm/Makefile
@@ -1,7 +1,7 @@
# SPDX-License-Identifier: GPL-2.0
-ccflags-y := -Idrivers/gpu/drm/msm
-ccflags-y += -Idrivers/gpu/drm/msm/disp/dpu1
-ccflags-$(CONFIG_DRM_MSM_DSI) += -Idrivers/gpu/drm/msm/dsi
+ccflags-y := -I $(srctree)/$(src)
+ccflags-y += -I $(srctree)/$(src)/disp/dpu1
+ccflags-$(CONFIG_DRM_MSM_DSI) += -I $(srctree)/$(src)/dsi
msm-y := \
adreno/adreno_device.o \
diff --git a/drivers/gpu/drm/nouveau/Kbuild b/drivers/gpu/drm/nouveau/Kbuild
index 581404e6544d4..378c5dd692b0b 100644
--- a/drivers/gpu/drm/nouveau/Kbuild
+++ b/drivers/gpu/drm/nouveau/Kbuild
@@ -1,7 +1,7 @@
-ccflags-y += -I$(src)/include
-ccflags-y += -I$(src)/include/nvkm
-ccflags-y += -I$(src)/nvkm
-ccflags-y += -I$(src)
+ccflags-y += -I $(srctree)/$(src)/include
+ccflags-y += -I $(srctree)/$(src)/include/nvkm
+ccflags-y += -I $(srctree)/$(src)/nvkm
+ccflags-y += -I $(srctree)/$(src)
# NVKM - HW resource manager
#- code also used by various userspace tools/tests
--
2.20.1
^ permalink raw reply related [flat|nested] 429+ messages in thread
* [PATCH 5.1 117/405] libbpf: fix samples/bpf build failure due to undefined UINT32_MAX
2019-05-30 2:59 [PATCH 5.1 000/405] 5.1.6-stable review Greg Kroah-Hartman
` (115 preceding siblings ...)
2019-05-30 3:01 ` [PATCH 5.1 116/405] drm: prefix header search paths with $(srctree)/ Greg Kroah-Hartman
@ 2019-05-30 3:01 ` Greg Kroah-Hartman
2019-05-30 3:01 ` [PATCH 5.1 118/405] slimbus: fix a potential NULL pointer dereference in of_qcom_slim_ngd_register Greg Kroah-Hartman
` (292 subsequent siblings)
409 siblings, 0 replies; 429+ messages in thread
From: Greg Kroah-Hartman @ 2019-05-30 3:01 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Daniel T. Lee, Yonghong Song,
Daniel Borkmann, Sasha Levin
[ Upstream commit 32e621e55496a0009f44fe4914cd4a23cade4984 ]
Currently, building bpf samples will cause the following error.
./tools/lib/bpf/bpf.h:132:27: error: 'UINT32_MAX' undeclared here (not in a function) ..
#define BPF_LOG_BUF_SIZE (UINT32_MAX >> 8) /* verifier maximum in kernels <= 5.1 */
^
./samples/bpf/bpf_load.h:31:25: note: in expansion of macro 'BPF_LOG_BUF_SIZE'
extern char bpf_log_buf[BPF_LOG_BUF_SIZE];
^~~~~~~~~~~~~~~~
Due to commit 4519efa6f8ea ("libbpf: fix BPF_LOG_BUF_SIZE off-by-one error")
hard-coded size of BPF_LOG_BUF_SIZE has been replaced with UINT32_MAX which is
defined in <stdint.h> header.
Even with this change, bpf selftests are running fine since these are built
with clang and it includes header(-idirafter) from clang/6.0.0/include.
(it has <stdint.h>)
clang -I. -I./include/uapi -I../../../include/uapi -idirafter /usr/local/include -idirafter /usr/include \
-idirafter /usr/lib/llvm-6.0/lib/clang/6.0.0/include -idirafter /usr/include/x86_64-linux-gnu \
-Wno-compare-distinct-pointer-types -O2 -target bpf -emit-llvm -c progs/test_sysctl_prog.c -o - | \
llc -march=bpf -mcpu=generic -filetype=obj -o /linux/tools/testing/selftests/bpf/test_sysctl_prog.o
But bpf samples are compiled with GCC, and it only searches and includes
headers declared at the target file. As '#include <stdint.h>' hasn't been
declared in tools/lib/bpf/bpf.h, it causes build failure of bpf samples.
gcc -Wp,-MD,./samples/bpf/.sockex3_user.o.d -Wall -Wmissing-prototypes -Wstrict-prototypes \
-O2 -fomit-frame-pointer -std=gnu89 -I./usr/include -I./tools/lib/ -I./tools/testing/selftests/bpf/ \
-I./tools/ lib/ -I./tools/include -I./tools/perf -c -o ./samples/bpf/sockex3_user.o ./samples/bpf/sockex3_user.c;
This commit add declaration of '#include <stdint.h>' to tools/lib/bpf/bpf.h
to fix this problem.
Signed-off-by: Daniel T. Lee <danieltimlee@gmail.com>
Acked-by: Yonghong Song <yhs@fb.com>
Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
tools/lib/bpf/bpf.h | 1 +
1 file changed, 1 insertion(+)
diff --git a/tools/lib/bpf/bpf.h b/tools/lib/bpf/bpf.h
index 6ffdd79bea89d..6dc1f418034fb 100644
--- a/tools/lib/bpf/bpf.h
+++ b/tools/lib/bpf/bpf.h
@@ -26,6 +26,7 @@
#include <linux/bpf.h>
#include <stdbool.h>
#include <stddef.h>
+#include <stdint.h>
#ifdef __cplusplus
extern "C" {
--
2.20.1
^ permalink raw reply related [flat|nested] 429+ messages in thread
* [PATCH 5.1 118/405] slimbus: fix a potential NULL pointer dereference in of_qcom_slim_ngd_register
2019-05-30 2:59 [PATCH 5.1 000/405] 5.1.6-stable review Greg Kroah-Hartman
` (116 preceding siblings ...)
2019-05-30 3:01 ` [PATCH 5.1 117/405] libbpf: fix samples/bpf build failure due to undefined UINT32_MAX Greg Kroah-Hartman
@ 2019-05-30 3:01 ` Greg Kroah-Hartman
2019-05-30 3:01 ` [PATCH 5.1 119/405] regulator: core: Actually put the gpiod after use Greg Kroah-Hartman
` (291 subsequent siblings)
409 siblings, 0 replies; 429+ messages in thread
From: Greg Kroah-Hartman @ 2019-05-30 3:01 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Kangjie Lu, Srinivas Kandagatla, Sasha Levin
[ Upstream commit 06d5d6b7f9948a89543e1160ef852d57892c750d ]
In case platform_device_alloc fails, the fix returns an error
code to avoid the NULL pointer dereference.
Signed-off-by: Kangjie Lu <kjlu@umn.edu>
Signed-off-by: Srinivas Kandagatla <srinivas.kandagatla@linaro.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/slimbus/qcom-ngd-ctrl.c | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/drivers/slimbus/qcom-ngd-ctrl.c b/drivers/slimbus/qcom-ngd-ctrl.c
index 71f094c9ec684..f3585777324cf 100644
--- a/drivers/slimbus/qcom-ngd-ctrl.c
+++ b/drivers/slimbus/qcom-ngd-ctrl.c
@@ -1342,6 +1342,10 @@ static int of_qcom_slim_ngd_register(struct device *parent,
return -ENOMEM;
ngd->pdev = platform_device_alloc(QCOM_SLIM_NGD_DRV_NAME, id);
+ if (!ngd->pdev) {
+ kfree(ngd);
+ return -ENOMEM;
+ }
ngd->id = id;
ngd->pdev->dev.parent = parent;
ngd->pdev->driver_override = QCOM_SLIM_NGD_DRV_NAME;
--
2.20.1
^ permalink raw reply related [flat|nested] 429+ messages in thread
* [PATCH 5.1 119/405] regulator: core: Actually put the gpiod after use
2019-05-30 2:59 [PATCH 5.1 000/405] 5.1.6-stable review Greg Kroah-Hartman
` (117 preceding siblings ...)
2019-05-30 3:01 ` [PATCH 5.1 118/405] slimbus: fix a potential NULL pointer dereference in of_qcom_slim_ngd_register Greg Kroah-Hartman
@ 2019-05-30 3:01 ` Greg Kroah-Hartman
2019-05-30 3:01 ` [PATCH 5.1 120/405] ASoC: fsl_sai: Update is_slave_mode with correct value Greg Kroah-Hartman
` (290 subsequent siblings)
409 siblings, 0 replies; 429+ messages in thread
From: Greg Kroah-Hartman @ 2019-05-30 3:01 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Linus Walleij, Mark Brown, Sasha Levin
[ Upstream commit 78927aa40bc82f32de07323ddc1c9de07ac68180 ]
I went to great lengths to hand over the management of the GPIO
descriptors to the regulator core, and some stray rebased
oneliner in the old patch must have been assuming the devices
were still doing devres management of it.
We handed the management over to the regulator core, so of
course the regulator core shall issue gpiod_put() when done.
Sorry for the descriptor leak.
Fixes: 541d052d7215 ("regulator: core: Only support passing enable GPIO descriptors")
Signed-off-by: Linus Walleij <linus.walleij@linaro.org>
Signed-off-by: Mark Brown <broonie@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/regulator/core.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/drivers/regulator/core.c b/drivers/regulator/core.c
index 968dcd9d7a070..6da41207e479a 100644
--- a/drivers/regulator/core.c
+++ b/drivers/regulator/core.c
@@ -2256,6 +2256,7 @@ static void regulator_ena_gpio_free(struct regulator_dev *rdev)
if (pin->gpiod == rdev->ena_pin->gpiod) {
if (pin->request_count <= 1) {
pin->request_count = 0;
+ gpiod_put(pin->gpiod);
list_del(&pin->list);
kfree(pin);
rdev->ena_pin = NULL;
--
2.20.1
^ permalink raw reply related [flat|nested] 429+ messages in thread
* [PATCH 5.1 120/405] ASoC: fsl_sai: Update is_slave_mode with correct value
2019-05-30 2:59 [PATCH 5.1 000/405] 5.1.6-stable review Greg Kroah-Hartman
` (118 preceding siblings ...)
2019-05-30 3:01 ` [PATCH 5.1 119/405] regulator: core: Actually put the gpiod after use Greg Kroah-Hartman
@ 2019-05-30 3:01 ` Greg Kroah-Hartman
2019-05-30 3:01 ` [PATCH 5.1 121/405] Fix nfs4.2 return -EINVAL when do dedupe operation Greg Kroah-Hartman
` (289 subsequent siblings)
409 siblings, 0 replies; 429+ messages in thread
From: Greg Kroah-Hartman @ 2019-05-30 3:01 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Daniel Baluta, Nicolin Chen,
Mark Brown, Sasha Levin
[ Upstream commit ddb351145a967ee791a0fb0156852ec2fcb746ba ]
is_slave_mode defaults to false because sai structure
that contains it is kzalloc'ed.
Anyhow, if we decide to set the following configuration
SAI slave -> SAI master, is_slave_mode will remain set on true
although SAI being master it should be set to false.
Fix this by updating is_slave_mode for each call of
fsl_sai_set_dai_fmt.
Signed-off-by: Daniel Baluta <daniel.baluta@nxp.com>
Acked-by: Nicolin Chen <nicoleotsuka@gmail.com>
Signed-off-by: Mark Brown <broonie@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
sound/soc/fsl/fsl_sai.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/sound/soc/fsl/fsl_sai.c b/sound/soc/fsl/fsl_sai.c
index db9e0872f73db..7549b74e464e9 100644
--- a/sound/soc/fsl/fsl_sai.c
+++ b/sound/soc/fsl/fsl_sai.c
@@ -268,12 +268,14 @@ static int fsl_sai_set_dai_fmt_tr(struct snd_soc_dai *cpu_dai,
case SND_SOC_DAIFMT_CBS_CFS:
val_cr2 |= FSL_SAI_CR2_BCD_MSTR;
val_cr4 |= FSL_SAI_CR4_FSD_MSTR;
+ sai->is_slave_mode = false;
break;
case SND_SOC_DAIFMT_CBM_CFM:
sai->is_slave_mode = true;
break;
case SND_SOC_DAIFMT_CBS_CFM:
val_cr2 |= FSL_SAI_CR2_BCD_MSTR;
+ sai->is_slave_mode = false;
break;
case SND_SOC_DAIFMT_CBM_CFS:
val_cr4 |= FSL_SAI_CR4_FSD_MSTR;
--
2.20.1
^ permalink raw reply related [flat|nested] 429+ messages in thread
* [PATCH 5.1 121/405] Fix nfs4.2 return -EINVAL when do dedupe operation
2019-05-30 2:59 [PATCH 5.1 000/405] 5.1.6-stable review Greg Kroah-Hartman
` (119 preceding siblings ...)
2019-05-30 3:01 ` [PATCH 5.1 120/405] ASoC: fsl_sai: Update is_slave_mode with correct value Greg Kroah-Hartman
@ 2019-05-30 3:01 ` Greg Kroah-Hartman
2019-05-30 3:02 ` [PATCH 5.1 122/405] mwifiex: prevent an array overflow Greg Kroah-Hartman
` (288 subsequent siblings)
409 siblings, 0 replies; 429+ messages in thread
From: Greg Kroah-Hartman @ 2019-05-30 3:01 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Xiaoli Feng, Anna Schumaker, Sasha Levin
[ Upstream commit ce96e888fe48ecfa868c9a39adc03292c78a80ff ]
dedupe_file_range operations is combiled into remap_file_range.
But in nfs42_remap_file_range, it's skiped for dedupe operations.
Before this patch:
# dd if=/dev/zero of=nfs/file bs=1M count=1
# xfs_io -c "dedupe nfs/file 4k 64k 4k" nfs/file
XFS_IOC_FILE_EXTENT_SAME: Invalid argument
After this patch:
# dd if=/dev/zero of=nfs/file bs=1M count=1
# xfs_io -c "dedupe nfs/file 4k 64k 4k" nfs/file
deduped 4096/4096 bytes at offset 65536
4 KiB, 1 ops; 0.0046 sec (865.988 KiB/sec and 216.4971 ops/sec)
Signed-off-by: Xiaoli Feng <fengxiaoli0714@gmail.com>
Signed-off-by: Anna Schumaker <Anna.Schumaker@Netapp.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
fs/nfs/nfs4file.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/fs/nfs/nfs4file.c b/fs/nfs/nfs4file.c
index 00d17198ee12a..f10b660805fc4 100644
--- a/fs/nfs/nfs4file.c
+++ b/fs/nfs/nfs4file.c
@@ -187,7 +187,7 @@ static loff_t nfs42_remap_file_range(struct file *src_file, loff_t src_off,
bool same_inode = false;
int ret;
- if (remap_flags & ~REMAP_FILE_ADVISORY)
+ if (remap_flags & ~(REMAP_FILE_DEDUP | REMAP_FILE_ADVISORY))
return -EINVAL;
/* check alignment w.r.t. clone_blksize */
--
2.20.1
^ permalink raw reply related [flat|nested] 429+ messages in thread
* [PATCH 5.1 122/405] mwifiex: prevent an array overflow
2019-05-30 2:59 [PATCH 5.1 000/405] 5.1.6-stable review Greg Kroah-Hartman
` (120 preceding siblings ...)
2019-05-30 3:01 ` [PATCH 5.1 121/405] Fix nfs4.2 return -EINVAL when do dedupe operation Greg Kroah-Hartman
@ 2019-05-30 3:02 ` Greg Kroah-Hartman
2019-05-30 3:02 ` [PATCH 5.1 123/405] rsi: Fix NULL pointer dereference in kmalloc Greg Kroah-Hartman
` (287 subsequent siblings)
409 siblings, 0 replies; 429+ messages in thread
From: Greg Kroah-Hartman @ 2019-05-30 3:02 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Dan Carpenter, Kalle Valo, Sasha Levin
[ Upstream commit b4c35c17227fe437ded17ce683a6927845f8c4a4 ]
The "rate_index" is only used as an index into the phist_data->rx_rate[]
array in the mwifiex_hist_data_set() function. That array has
MWIFIEX_MAX_AC_RX_RATES (74) elements and it's used to generate some
debugfs information. The "rate_index" variable comes from the network
skb->data[] and it is a u8 so it's in the 0-255 range. We need to cap
it to prevent an array overflow.
Fixes: cbf6e05527a7 ("mwifiex: add rx histogram statistics support")
Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/wireless/marvell/mwifiex/cfp.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/drivers/net/wireless/marvell/mwifiex/cfp.c b/drivers/net/wireless/marvell/mwifiex/cfp.c
index bfe84e55df776..f1522fb1c1e87 100644
--- a/drivers/net/wireless/marvell/mwifiex/cfp.c
+++ b/drivers/net/wireless/marvell/mwifiex/cfp.c
@@ -531,5 +531,8 @@ u8 mwifiex_adjust_data_rate(struct mwifiex_private *priv,
rate_index = (rx_rate > MWIFIEX_RATE_INDEX_OFDM0) ?
rx_rate - 1 : rx_rate;
+ if (rate_index >= MWIFIEX_MAX_AC_RX_RATES)
+ rate_index = MWIFIEX_MAX_AC_RX_RATES - 1;
+
return rate_index;
}
--
2.20.1
^ permalink raw reply related [flat|nested] 429+ messages in thread
* [PATCH 5.1 123/405] rsi: Fix NULL pointer dereference in kmalloc
2019-05-30 2:59 [PATCH 5.1 000/405] 5.1.6-stable review Greg Kroah-Hartman
` (121 preceding siblings ...)
2019-05-30 3:02 ` [PATCH 5.1 122/405] mwifiex: prevent an array overflow Greg Kroah-Hartman
@ 2019-05-30 3:02 ` Greg Kroah-Hartman
2019-05-30 3:02 ` [PATCH 5.1 124/405] net: cw1200: fix a NULL pointer dereference Greg Kroah-Hartman
` (286 subsequent siblings)
409 siblings, 0 replies; 429+ messages in thread
From: Greg Kroah-Hartman @ 2019-05-30 3:02 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Aditya Pakki, Kalle Valo, Sasha Levin
[ Upstream commit d5414c2355b20ea8201156d2e874265f1cb0d775 ]
kmalloc can fail in rsi_register_rates_channels but memcpy still attempts
to write to channels. The patch replaces these calls with kmemdup and
passes the error upstream.
Signed-off-by: Aditya Pakki <pakki001@umn.edu>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/wireless/rsi/rsi_91x_mac80211.c | 30 ++++++++++++---------
1 file changed, 18 insertions(+), 12 deletions(-)
diff --git a/drivers/net/wireless/rsi/rsi_91x_mac80211.c b/drivers/net/wireless/rsi/rsi_91x_mac80211.c
index 831046e760f8a..49df3bb08d41f 100644
--- a/drivers/net/wireless/rsi/rsi_91x_mac80211.c
+++ b/drivers/net/wireless/rsi/rsi_91x_mac80211.c
@@ -188,27 +188,27 @@ bool rsi_is_cipher_wep(struct rsi_common *common)
* @adapter: Pointer to the adapter structure.
* @band: Operating band to be set.
*
- * Return: None.
+ * Return: int - 0 on success, negative error on failure.
*/
-static void rsi_register_rates_channels(struct rsi_hw *adapter, int band)
+static int rsi_register_rates_channels(struct rsi_hw *adapter, int band)
{
struct ieee80211_supported_band *sbands = &adapter->sbands[band];
void *channels = NULL;
if (band == NL80211_BAND_2GHZ) {
- channels = kmalloc(sizeof(rsi_2ghz_channels), GFP_KERNEL);
- memcpy(channels,
- rsi_2ghz_channels,
- sizeof(rsi_2ghz_channels));
+ channels = kmemdup(rsi_2ghz_channels, sizeof(rsi_2ghz_channels),
+ GFP_KERNEL);
+ if (!channels)
+ return -ENOMEM;
sbands->band = NL80211_BAND_2GHZ;
sbands->n_channels = ARRAY_SIZE(rsi_2ghz_channels);
sbands->bitrates = rsi_rates;
sbands->n_bitrates = ARRAY_SIZE(rsi_rates);
} else {
- channels = kmalloc(sizeof(rsi_5ghz_channels), GFP_KERNEL);
- memcpy(channels,
- rsi_5ghz_channels,
- sizeof(rsi_5ghz_channels));
+ channels = kmemdup(rsi_5ghz_channels, sizeof(rsi_5ghz_channels),
+ GFP_KERNEL);
+ if (!channels)
+ return -ENOMEM;
sbands->band = NL80211_BAND_5GHZ;
sbands->n_channels = ARRAY_SIZE(rsi_5ghz_channels);
sbands->bitrates = &rsi_rates[4];
@@ -227,6 +227,7 @@ static void rsi_register_rates_channels(struct rsi_hw *adapter, int band)
sbands->ht_cap.mcs.rx_mask[0] = 0xff;
sbands->ht_cap.mcs.tx_params = IEEE80211_HT_MCS_TX_DEFINED;
/* sbands->ht_cap.mcs.rx_highest = 0x82; */
+ return 0;
}
static int rsi_mac80211_hw_scan_start(struct ieee80211_hw *hw,
@@ -2064,11 +2065,16 @@ int rsi_mac80211_attach(struct rsi_common *common)
wiphy->available_antennas_rx = 1;
wiphy->available_antennas_tx = 1;
- rsi_register_rates_channels(adapter, NL80211_BAND_2GHZ);
+ status = rsi_register_rates_channels(adapter, NL80211_BAND_2GHZ);
+ if (status)
+ return status;
wiphy->bands[NL80211_BAND_2GHZ] =
&adapter->sbands[NL80211_BAND_2GHZ];
if (common->num_supp_bands > 1) {
- rsi_register_rates_channels(adapter, NL80211_BAND_5GHZ);
+ status = rsi_register_rates_channels(adapter,
+ NL80211_BAND_5GHZ);
+ if (status)
+ return status;
wiphy->bands[NL80211_BAND_5GHZ] =
&adapter->sbands[NL80211_BAND_5GHZ];
}
--
2.20.1
^ permalink raw reply related [flat|nested] 429+ messages in thread
* [PATCH 5.1 124/405] net: cw1200: fix a NULL pointer dereference
2019-05-30 2:59 [PATCH 5.1 000/405] 5.1.6-stable review Greg Kroah-Hartman
` (122 preceding siblings ...)
2019-05-30 3:02 ` [PATCH 5.1 123/405] rsi: Fix NULL pointer dereference in kmalloc Greg Kroah-Hartman
@ 2019-05-30 3:02 ` Greg Kroah-Hartman
2019-05-30 3:02 ` [PATCH 5.1 125/405] nvme: set 0 capacity if namespace block size exceeds PAGE_SIZE Greg Kroah-Hartman
` (285 subsequent siblings)
409 siblings, 0 replies; 429+ messages in thread
From: Greg Kroah-Hartman @ 2019-05-30 3:02 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Kangjie Lu, Kalle Valo, Sasha Levin
[ Upstream commit 0ed2a005347400500a39ea7c7318f1fea57fb3ca ]
In case create_singlethread_workqueue fails, the fix free the
hardware and returns NULL to avoid NULL pointer dereference.
Signed-off-by: Kangjie Lu <kjlu@umn.edu>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/wireless/st/cw1200/main.c | 5 +++++
1 file changed, 5 insertions(+)
diff --git a/drivers/net/wireless/st/cw1200/main.c b/drivers/net/wireless/st/cw1200/main.c
index 90dc979f260b6..c1608f0bf6d01 100644
--- a/drivers/net/wireless/st/cw1200/main.c
+++ b/drivers/net/wireless/st/cw1200/main.c
@@ -345,6 +345,11 @@ static struct ieee80211_hw *cw1200_init_common(const u8 *macaddr,
mutex_init(&priv->wsm_cmd_mux);
mutex_init(&priv->conf_mutex);
priv->workqueue = create_singlethread_workqueue("cw1200_wq");
+ if (!priv->workqueue) {
+ ieee80211_free_hw(hw);
+ return NULL;
+ }
+
sema_init(&priv->scan.lock, 1);
INIT_WORK(&priv->scan.work, cw1200_scan_work);
INIT_DELAYED_WORK(&priv->scan.probe_work, cw1200_probe_work);
--
2.20.1
^ permalink raw reply related [flat|nested] 429+ messages in thread
* [PATCH 5.1 125/405] nvme: set 0 capacity if namespace block size exceeds PAGE_SIZE
2019-05-30 2:59 [PATCH 5.1 000/405] 5.1.6-stable review Greg Kroah-Hartman
` (123 preceding siblings ...)
2019-05-30 3:02 ` [PATCH 5.1 124/405] net: cw1200: fix a NULL pointer dereference Greg Kroah-Hartman
@ 2019-05-30 3:02 ` Greg Kroah-Hartman
2019-05-30 3:02 ` [PATCH 5.1 126/405] nvme-rdma: fix a NULL deref when an admin connect times out Greg Kroah-Hartman
` (284 subsequent siblings)
409 siblings, 0 replies; 429+ messages in thread
From: Greg Kroah-Hartman @ 2019-05-30 3:02 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Sagi Grimberg, Keith Busch,
Christoph Hellwig, Sasha Levin
[ Upstream commit 01fa017484ad98fccdeaab32db0077c574b6bd6f ]
If our target exposed a namespace with a block size that is greater
than PAGE_SIZE, set 0 capacity on the namespace as we do not support it.
This issue encountered when the nvmet namespace was backed by a tempfile.
Signed-off-by: Sagi Grimberg <sagi@grimberg.me>
Reviewed-by: Keith Busch <keith.busch@intel.com>
Signed-off-by: Christoph Hellwig <hch@lst.de>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/nvme/host/core.c | 7 ++++++-
1 file changed, 6 insertions(+), 1 deletion(-)
diff --git a/drivers/nvme/host/core.c b/drivers/nvme/host/core.c
index 2c43e12b70afc..8782d86a8ca38 100644
--- a/drivers/nvme/host/core.c
+++ b/drivers/nvme/host/core.c
@@ -1591,6 +1591,10 @@ static void nvme_update_disk_info(struct gendisk *disk,
sector_t capacity = le64_to_cpup(&id->nsze) << (ns->lba_shift - 9);
unsigned short bs = 1 << ns->lba_shift;
+ if (ns->lba_shift > PAGE_SHIFT) {
+ /* unsupported block size, set capacity to 0 later */
+ bs = (1 << 9);
+ }
blk_mq_freeze_queue(disk->queue);
blk_integrity_unregister(disk);
@@ -1601,7 +1605,8 @@ static void nvme_update_disk_info(struct gendisk *disk,
if (ns->ms && !ns->ext &&
(ns->ctrl->ops->flags & NVME_F_METADATA_SUPPORTED))
nvme_init_integrity(disk, ns->ms, ns->pi_type);
- if (ns->ms && !nvme_ns_has_pi(ns) && !blk_get_integrity(disk))
+ if ((ns->ms && !nvme_ns_has_pi(ns) && !blk_get_integrity(disk)) ||
+ ns->lba_shift > PAGE_SHIFT)
capacity = 0;
set_capacity(disk, capacity);
--
2.20.1
^ permalink raw reply related [flat|nested] 429+ messages in thread
* [PATCH 5.1 126/405] nvme-rdma: fix a NULL deref when an admin connect times out
2019-05-30 2:59 [PATCH 5.1 000/405] 5.1.6-stable review Greg Kroah-Hartman
` (124 preceding siblings ...)
2019-05-30 3:02 ` [PATCH 5.1 125/405] nvme: set 0 capacity if namespace block size exceeds PAGE_SIZE Greg Kroah-Hartman
@ 2019-05-30 3:02 ` Greg Kroah-Hartman
2019-05-30 3:02 ` [PATCH 5.1 127/405] nvme-tcp: " Greg Kroah-Hartman
` (283 subsequent siblings)
409 siblings, 0 replies; 429+ messages in thread
From: Greg Kroah-Hartman @ 2019-05-30 3:02 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Sagi Grimberg, Christoph Hellwig,
Sasha Levin
[ Upstream commit 1007709d7d06fab09bf2d007657575958676282b ]
If we timeout the admin startup sequence we might not yet have
an I/O tagset allocated which causes the teardown sequence to crash.
Make nvme_tcp_teardown_io_queues safe by not iterating inflight tags
if the tagset wasn't allocated.
Fixes: 4c174e636674 ("nvme-rdma: fix timeout handler")
Signed-off-by: Sagi Grimberg <sagi@grimberg.me>
Signed-off-by: Christoph Hellwig <hch@lst.de>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/nvme/host/rdma.c | 10 ++++++----
1 file changed, 6 insertions(+), 4 deletions(-)
diff --git a/drivers/nvme/host/rdma.c b/drivers/nvme/host/rdma.c
index 11a5ecae78c8d..e1824c2e0a1c0 100644
--- a/drivers/nvme/host/rdma.c
+++ b/drivers/nvme/host/rdma.c
@@ -914,8 +914,9 @@ static void nvme_rdma_teardown_admin_queue(struct nvme_rdma_ctrl *ctrl,
{
blk_mq_quiesce_queue(ctrl->ctrl.admin_q);
nvme_rdma_stop_queue(&ctrl->queues[0]);
- blk_mq_tagset_busy_iter(&ctrl->admin_tag_set, nvme_cancel_request,
- &ctrl->ctrl);
+ if (ctrl->ctrl.admin_tagset)
+ blk_mq_tagset_busy_iter(ctrl->ctrl.admin_tagset,
+ nvme_cancel_request, &ctrl->ctrl);
blk_mq_unquiesce_queue(ctrl->ctrl.admin_q);
nvme_rdma_destroy_admin_queue(ctrl, remove);
}
@@ -926,8 +927,9 @@ static void nvme_rdma_teardown_io_queues(struct nvme_rdma_ctrl *ctrl,
if (ctrl->ctrl.queue_count > 1) {
nvme_stop_queues(&ctrl->ctrl);
nvme_rdma_stop_io_queues(ctrl);
- blk_mq_tagset_busy_iter(&ctrl->tag_set, nvme_cancel_request,
- &ctrl->ctrl);
+ if (ctrl->ctrl.tagset)
+ blk_mq_tagset_busy_iter(ctrl->ctrl.tagset,
+ nvme_cancel_request, &ctrl->ctrl);
if (remove)
nvme_start_queues(&ctrl->ctrl);
nvme_rdma_destroy_io_queues(ctrl, remove);
--
2.20.1
^ permalink raw reply related [flat|nested] 429+ messages in thread
* [PATCH 5.1 127/405] nvme-tcp: fix a NULL deref when an admin connect times out
2019-05-30 2:59 [PATCH 5.1 000/405] 5.1.6-stable review Greg Kroah-Hartman
` (125 preceding siblings ...)
2019-05-30 3:02 ` [PATCH 5.1 126/405] nvme-rdma: fix a NULL deref when an admin connect times out Greg Kroah-Hartman
@ 2019-05-30 3:02 ` Greg Kroah-Hartman
2019-05-30 3:02 ` [PATCH 5.1 128/405] crypto: sun4i-ss - Fix invalid calculation of hash end Greg Kroah-Hartman
` (282 subsequent siblings)
409 siblings, 0 replies; 429+ messages in thread
From: Greg Kroah-Hartman @ 2019-05-30 3:02 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Sagi Grimberg, Christoph Hellwig,
Sasha Levin
[ Upstream commit 7a42589654ae79e1177f0d74306a02d6cef7bddf ]
If we timeout the admin startup sequence we might not yet have
an I/O tagset allocated which causes the teardown sequence to crash.
Make nvme_tcp_teardown_io_queues safe by not iterating inflight tags
if the tagset wasn't allocated.
Fixes: 39d57757467b ("nvme-tcp: fix timeout handler")
Signed-off-by: Sagi Grimberg <sagi@grimberg.me>
Signed-off-by: Christoph Hellwig <hch@lst.de>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/nvme/host/tcp.c | 8 ++++++--
1 file changed, 6 insertions(+), 2 deletions(-)
diff --git a/drivers/nvme/host/tcp.c b/drivers/nvme/host/tcp.c
index 68c49dd672104..aae5374d2b93f 100644
--- a/drivers/nvme/host/tcp.c
+++ b/drivers/nvme/host/tcp.c
@@ -1710,7 +1710,9 @@ static void nvme_tcp_teardown_admin_queue(struct nvme_ctrl *ctrl,
{
blk_mq_quiesce_queue(ctrl->admin_q);
nvme_tcp_stop_queue(ctrl, 0);
- blk_mq_tagset_busy_iter(ctrl->admin_tagset, nvme_cancel_request, ctrl);
+ if (ctrl->admin_tagset)
+ blk_mq_tagset_busy_iter(ctrl->admin_tagset,
+ nvme_cancel_request, ctrl);
blk_mq_unquiesce_queue(ctrl->admin_q);
nvme_tcp_destroy_admin_queue(ctrl, remove);
}
@@ -1722,7 +1724,9 @@ static void nvme_tcp_teardown_io_queues(struct nvme_ctrl *ctrl,
return;
nvme_stop_queues(ctrl);
nvme_tcp_stop_io_queues(ctrl);
- blk_mq_tagset_busy_iter(ctrl->tagset, nvme_cancel_request, ctrl);
+ if (ctrl->tagset)
+ blk_mq_tagset_busy_iter(ctrl->tagset,
+ nvme_cancel_request, ctrl);
if (remove)
nvme_start_queues(ctrl);
nvme_tcp_destroy_io_queues(ctrl, remove);
--
2.20.1
^ permalink raw reply related [flat|nested] 429+ messages in thread
* [PATCH 5.1 128/405] crypto: sun4i-ss - Fix invalid calculation of hash end
2019-05-30 2:59 [PATCH 5.1 000/405] 5.1.6-stable review Greg Kroah-Hartman
` (126 preceding siblings ...)
2019-05-30 3:02 ` [PATCH 5.1 127/405] nvme-tcp: " Greg Kroah-Hartman
@ 2019-05-30 3:02 ` Greg Kroah-Hartman
2019-05-30 3:02 ` [PATCH 5.1 129/405] bcache: avoid potential memleak of list of journal_replay(s) in the CACHE_SYNC branch of run_cache_set Greg Kroah-Hartman
` (281 subsequent siblings)
409 siblings, 0 replies; 429+ messages in thread
From: Greg Kroah-Hartman @ 2019-05-30 3:02 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Corentin Labbe, Herbert Xu, Sasha Levin
[ Upstream commit f87391558acf816b48f325a493d81d45dec40da0 ]
When nbytes < 4, end is wronlgy set to a negative value which, due to
uint, is then interpreted to a large value leading to a deadlock in the
following code.
This patch fix this problem.
Fixes: 6298e948215f ("crypto: sunxi-ss - Add Allwinner Security System crypto accelerator")
Signed-off-by: Corentin Labbe <clabbe.montjoie@gmail.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/crypto/sunxi-ss/sun4i-ss-hash.c | 5 ++++-
1 file changed, 4 insertions(+), 1 deletion(-)
diff --git a/drivers/crypto/sunxi-ss/sun4i-ss-hash.c b/drivers/crypto/sunxi-ss/sun4i-ss-hash.c
index a4b5ff2b72f87..f6936bb3b7be4 100644
--- a/drivers/crypto/sunxi-ss/sun4i-ss-hash.c
+++ b/drivers/crypto/sunxi-ss/sun4i-ss-hash.c
@@ -240,7 +240,10 @@ static int sun4i_hash(struct ahash_request *areq)
}
} else {
/* Since we have the flag final, we can go up to modulo 4 */
- end = ((areq->nbytes + op->len) / 4) * 4 - op->len;
+ if (areq->nbytes < 4)
+ end = 0;
+ else
+ end = ((areq->nbytes + op->len) / 4) * 4 - op->len;
}
/* TODO if SGlen % 4 and !op->len then DMA */
--
2.20.1
^ permalink raw reply related [flat|nested] 429+ messages in thread
* [PATCH 5.1 129/405] bcache: avoid potential memleak of list of journal_replay(s) in the CACHE_SYNC branch of run_cache_set
2019-05-30 2:59 [PATCH 5.1 000/405] 5.1.6-stable review Greg Kroah-Hartman
` (127 preceding siblings ...)
2019-05-30 3:02 ` [PATCH 5.1 128/405] crypto: sun4i-ss - Fix invalid calculation of hash end Greg Kroah-Hartman
@ 2019-05-30 3:02 ` Greg Kroah-Hartman
2019-05-30 3:02 ` [PATCH 5.1 130/405] bcache: return error immediately in bch_journal_replay() Greg Kroah-Hartman
` (280 subsequent siblings)
409 siblings, 0 replies; 429+ messages in thread
From: Greg Kroah-Hartman @ 2019-05-30 3:02 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Shenghui Wang, Coly Li, Jens Axboe,
Sasha Levin
[ Upstream commit 95f18c9d1310730d075499a75aaf13bcd60405a7 ]
In the CACHE_SYNC branch of run_cache_set(), LIST_HEAD(journal) is used
to collect journal_replay(s) and filled by bch_journal_read().
If all goes well, bch_journal_replay() will release the list of
jounal_replay(s) at the end of the branch.
If something goes wrong, code flow will jump to the label "err:" and leave
the list unreleased.
This patch will release the list of journal_replay(s) in the case of
error detected.
v1 -> v2:
* Move the release code to the location after label 'err:' to
simply the change.
Signed-off-by: Shenghui Wang <shhuiw@foxmail.com>
Signed-off-by: Coly Li <colyli@suse.de>
Signed-off-by: Jens Axboe <axboe@kernel.dk>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/md/bcache/super.c | 8 ++++++++
1 file changed, 8 insertions(+)
diff --git a/drivers/md/bcache/super.c b/drivers/md/bcache/super.c
index 171d5e0f698ba..5c9751e9a76a4 100644
--- a/drivers/md/bcache/super.c
+++ b/drivers/md/bcache/super.c
@@ -1782,6 +1782,8 @@ static void run_cache_set(struct cache_set *c)
struct cache *ca;
struct closure cl;
unsigned int i;
+ LIST_HEAD(journal);
+ struct journal_replay *l;
closure_init_stack(&cl);
@@ -1939,6 +1941,12 @@ static void run_cache_set(struct cache_set *c)
set_bit(CACHE_SET_RUNNING, &c->flags);
return;
err:
+ while (!list_empty(&journal)) {
+ l = list_first_entry(&journal, struct journal_replay, list);
+ list_del(&l->list);
+ kfree(l);
+ }
+
closure_sync(&cl);
/* XXX: test this, it's broken */
bch_cache_set_error(c, "%s", err);
--
2.20.1
^ permalink raw reply related [flat|nested] 429+ messages in thread
* [PATCH 5.1 130/405] bcache: return error immediately in bch_journal_replay()
2019-05-30 2:59 [PATCH 5.1 000/405] 5.1.6-stable review Greg Kroah-Hartman
` (128 preceding siblings ...)
2019-05-30 3:02 ` [PATCH 5.1 129/405] bcache: avoid potential memleak of list of journal_replay(s) in the CACHE_SYNC branch of run_cache_set Greg Kroah-Hartman
@ 2019-05-30 3:02 ` Greg Kroah-Hartman
2019-05-30 3:02 ` [PATCH 5.1 131/405] bcache: fix failure in journal relplay Greg Kroah-Hartman
` (279 subsequent siblings)
409 siblings, 0 replies; 429+ messages in thread
From: Greg Kroah-Hartman @ 2019-05-30 3:02 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Coly Li, Hannes Reinecke, Jens Axboe,
Sasha Levin
[ Upstream commit 68d10e6979a3b59e3cd2e90bfcafed79c4cf180a ]
When failure happens inside bch_journal_replay(), calling
cache_set_err_on() and handling the failure in async way is not a good
idea. Because after bch_journal_replay() returns, registering code will
continue to execute following steps, and unregistering code triggered
by cache_set_err_on() is running in same time. First it is unnecessary
to handle failure and unregister cache set in an async way, second there
might be potential race condition to run register and unregister code
for same cache set.
So in this patch, if failure happens in bch_journal_replay(), we don't
call cache_set_err_on(), and just print out the same error message to
kernel message buffer, then return -EIO immediately caller. Then caller
can detect such failure and handle it in synchrnozied way.
Signed-off-by: Coly Li <colyli@suse.de>
Reviewed-by: Hannes Reinecke <hare@suse.com>
Signed-off-by: Jens Axboe <axboe@kernel.dk>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/md/bcache/journal.c | 9 ++++++---
1 file changed, 6 insertions(+), 3 deletions(-)
diff --git a/drivers/md/bcache/journal.c b/drivers/md/bcache/journal.c
index d3725c17ce3a6..9e557164209c1 100644
--- a/drivers/md/bcache/journal.c
+++ b/drivers/md/bcache/journal.c
@@ -330,9 +330,12 @@ int bch_journal_replay(struct cache_set *s, struct list_head *list)
list_for_each_entry(i, list, list) {
BUG_ON(i->pin && atomic_read(i->pin) != 1);
- cache_set_err_on(n != i->j.seq, s,
-"bcache: journal entries %llu-%llu missing! (replaying %llu-%llu)",
- n, i->j.seq - 1, start, end);
+ if (n != i->j.seq) {
+ pr_err("bcache: journal entries %llu-%llu missing! (replaying %llu-%llu)",
+ n, i->j.seq - 1, start, end);
+ ret = -EIO;
+ goto err;
+ }
for (k = i->j.start;
k < bset_bkey_last(&i->j);
--
2.20.1
^ permalink raw reply related [flat|nested] 429+ messages in thread
* [PATCH 5.1 131/405] bcache: fix failure in journal relplay
2019-05-30 2:59 [PATCH 5.1 000/405] 5.1.6-stable review Greg Kroah-Hartman
` (129 preceding siblings ...)
2019-05-30 3:02 ` [PATCH 5.1 130/405] bcache: return error immediately in bch_journal_replay() Greg Kroah-Hartman
@ 2019-05-30 3:02 ` Greg Kroah-Hartman
2019-05-30 3:02 ` [PATCH 5.1 132/405] bcache: add failure check to run_cache_set() for journal replay Greg Kroah-Hartman
` (278 subsequent siblings)
409 siblings, 0 replies; 429+ messages in thread
From: Greg Kroah-Hartman @ 2019-05-30 3:02 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Tang Junhui, Dennis Schridde,
Coly Li, Jens Axboe, Sasha Levin
[ Upstream commit 631207314d88e9091be02fbdd1fdadb1ae2ed79a ]
journal replay failed with messages:
Sep 10 19:10:43 ceph kernel: bcache: error on
bb379a64-e44e-4812-b91d-a5599871a3b1: bcache: journal entries
2057493-2057567 missing! (replaying 2057493-2076601), disabling
caching
The reason is in journal_reclaim(), when discard is enabled, we send
discard command and reclaim those journal buckets whose seq is old
than the last_seq_now, but before we write a journal with last_seq_now,
the machine is restarted, so the journal with the last_seq_now is not
written to the journal bucket, and the last_seq_wrote in the newest
journal is old than last_seq_now which we expect to be, so when we doing
replay, journals from last_seq_wrote to last_seq_now are missing.
It's hard to write a journal immediately after journal_reclaim(),
and it harmless if those missed journal are caused by discarding
since those journals are already wrote to btree node. So, if miss
seqs are started from the beginning journal, we treat it as normal,
and only print a message to show the miss journal, and point out
it maybe caused by discarding.
Patch v2 add a judgement condition to ignore the missed journal
only when discard enabled as Coly suggested.
(Coly Li: rebase the patch with other changes in bch_journal_replay())
Signed-off-by: Tang Junhui <tang.junhui.linux@gmail.com>
Tested-by: Dennis Schridde <devurandom@gmx.net>
Signed-off-by: Coly Li <colyli@suse.de>
Signed-off-by: Jens Axboe <axboe@kernel.dk>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/md/bcache/journal.c | 25 +++++++++++++++++++++----
1 file changed, 21 insertions(+), 4 deletions(-)
diff --git a/drivers/md/bcache/journal.c b/drivers/md/bcache/journal.c
index 9e557164209c1..6c94fa0077968 100644
--- a/drivers/md/bcache/journal.c
+++ b/drivers/md/bcache/journal.c
@@ -317,6 +317,18 @@ void bch_journal_mark(struct cache_set *c, struct list_head *list)
}
}
+bool is_discard_enabled(struct cache_set *s)
+{
+ struct cache *ca;
+ unsigned int i;
+
+ for_each_cache(ca, s, i)
+ if (ca->discard)
+ return true;
+
+ return false;
+}
+
int bch_journal_replay(struct cache_set *s, struct list_head *list)
{
int ret = 0, keys = 0, entries = 0;
@@ -331,10 +343,15 @@ int bch_journal_replay(struct cache_set *s, struct list_head *list)
BUG_ON(i->pin && atomic_read(i->pin) != 1);
if (n != i->j.seq) {
- pr_err("bcache: journal entries %llu-%llu missing! (replaying %llu-%llu)",
- n, i->j.seq - 1, start, end);
- ret = -EIO;
- goto err;
+ if (n == start && is_discard_enabled(s))
+ pr_info("bcache: journal entries %llu-%llu may be discarded! (replaying %llu-%llu)",
+ n, i->j.seq - 1, start, end);
+ else {
+ pr_err("bcache: journal entries %llu-%llu missing! (replaying %llu-%llu)",
+ n, i->j.seq - 1, start, end);
+ ret = -EIO;
+ goto err;
+ }
}
for (k = i->j.start;
--
2.20.1
^ permalink raw reply related [flat|nested] 429+ messages in thread
* [PATCH 5.1 132/405] bcache: add failure check to run_cache_set() for journal replay
2019-05-30 2:59 [PATCH 5.1 000/405] 5.1.6-stable review Greg Kroah-Hartman
` (130 preceding siblings ...)
2019-05-30 3:02 ` [PATCH 5.1 131/405] bcache: fix failure in journal relplay Greg Kroah-Hartman
@ 2019-05-30 3:02 ` Greg Kroah-Hartman
2019-05-30 3:02 ` [PATCH 5.1 133/405] bcache: avoid clang -Wunintialized warning Greg Kroah-Hartman
` (277 subsequent siblings)
409 siblings, 0 replies; 429+ messages in thread
From: Greg Kroah-Hartman @ 2019-05-30 3:02 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Coly Li, Jens Axboe, Sasha Levin
[ Upstream commit ce3e4cfb59cb382f8e5ce359238aa580d4ae7778 ]
Currently run_cache_set() has no return value, if there is failure in
bch_journal_replay(), the caller of run_cache_set() has no idea about
such failure and just continue to execute following code after
run_cache_set(). The internal failure is triggered inside
bch_journal_replay() and being handled in async way. This behavior is
inefficient, while failure handling inside bch_journal_replay(), cache
register code is still running to start the cache set. Registering and
unregistering code running as same time may introduce some rare race
condition, and make the code to be more hard to be understood.
This patch adds return value to run_cache_set(), and returns -EIO if
bch_journal_rreplay() fails. Then caller of run_cache_set() may detect
such failure and stop registering code flow immedidately inside
register_cache_set().
If journal replay fails, run_cache_set() can report error immediately
to register_cache_set(). This patch makes the failure handling for
bch_journal_replay() be in synchronized way, easier to understand and
debug, and avoid poetential race condition for register-and-unregister
in same time.
Signed-off-by: Coly Li <colyli@suse.de>
Signed-off-by: Jens Axboe <axboe@kernel.dk>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/md/bcache/super.c | 17 ++++++++++++-----
1 file changed, 12 insertions(+), 5 deletions(-)
diff --git a/drivers/md/bcache/super.c b/drivers/md/bcache/super.c
index 5c9751e9a76a4..e489d2459569f 100644
--- a/drivers/md/bcache/super.c
+++ b/drivers/md/bcache/super.c
@@ -1775,7 +1775,7 @@ struct cache_set *bch_cache_set_alloc(struct cache_sb *sb)
return NULL;
}
-static void run_cache_set(struct cache_set *c)
+static int run_cache_set(struct cache_set *c)
{
const char *err = "cannot allocate memory";
struct cached_dev *dc, *t;
@@ -1871,7 +1871,9 @@ static void run_cache_set(struct cache_set *c)
if (j->version < BCACHE_JSET_VERSION_UUID)
__uuid_write(c);
- bch_journal_replay(c, &journal);
+ err = "bcache: replay journal failed";
+ if (bch_journal_replay(c, &journal))
+ goto err;
} else {
pr_notice("invalidating existing data");
@@ -1939,7 +1941,7 @@ static void run_cache_set(struct cache_set *c)
flash_devs_run(c);
set_bit(CACHE_SET_RUNNING, &c->flags);
- return;
+ return 0;
err:
while (!list_empty(&journal)) {
l = list_first_entry(&journal, struct journal_replay, list);
@@ -1950,6 +1952,8 @@ static void run_cache_set(struct cache_set *c)
closure_sync(&cl);
/* XXX: test this, it's broken */
bch_cache_set_error(c, "%s", err);
+
+ return -EIO;
}
static bool can_attach_cache(struct cache *ca, struct cache_set *c)
@@ -2013,8 +2017,11 @@ static const char *register_cache_set(struct cache *ca)
ca->set->cache[ca->sb.nr_this_dev] = ca;
c->cache_by_alloc[c->caches_loaded++] = ca;
- if (c->caches_loaded == c->sb.nr_in_set)
- run_cache_set(c);
+ if (c->caches_loaded == c->sb.nr_in_set) {
+ err = "failed to run cache set";
+ if (run_cache_set(c) < 0)
+ goto err;
+ }
return NULL;
err:
--
2.20.1
^ permalink raw reply related [flat|nested] 429+ messages in thread
* [PATCH 5.1 133/405] bcache: avoid clang -Wunintialized warning
2019-05-30 2:59 [PATCH 5.1 000/405] 5.1.6-stable review Greg Kroah-Hartman
` (131 preceding siblings ...)
2019-05-30 3:02 ` [PATCH 5.1 132/405] bcache: add failure check to run_cache_set() for journal replay Greg Kroah-Hartman
@ 2019-05-30 3:02 ` Greg Kroah-Hartman
2019-05-30 3:02 ` [PATCH 5.1 134/405] RDMA/cma: Consider scope_id while binding to ipv6 ll address Greg Kroah-Hartman
` (276 subsequent siblings)
409 siblings, 0 replies; 429+ messages in thread
From: Greg Kroah-Hartman @ 2019-05-30 3:02 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Arnd Bergmann, Nathan Chancellor,
Coly Li, Jens Axboe, Sasha Levin
[ Upstream commit 78d4eb8ad9e1d413449d1b7a060f50b6efa81ebd ]
clang has identified a code path in which it thinks a
variable may be unused:
drivers/md/bcache/alloc.c:333:4: error: variable 'bucket' is used uninitialized whenever 'if' condition is false
[-Werror,-Wsometimes-uninitialized]
fifo_pop(&ca->free_inc, bucket);
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
drivers/md/bcache/util.h:219:27: note: expanded from macro 'fifo_pop'
#define fifo_pop(fifo, i) fifo_pop_front(fifo, (i))
^~~~~~~~~~~~~~~~~~~~~~~~~
drivers/md/bcache/util.h:189:6: note: expanded from macro 'fifo_pop_front'
if (_r) { \
^~
drivers/md/bcache/alloc.c:343:46: note: uninitialized use occurs here
allocator_wait(ca, bch_allocator_push(ca, bucket));
^~~~~~
drivers/md/bcache/alloc.c:287:7: note: expanded from macro 'allocator_wait'
if (cond) \
^~~~
drivers/md/bcache/alloc.c:333:4: note: remove the 'if' if its condition is always true
fifo_pop(&ca->free_inc, bucket);
^
drivers/md/bcache/util.h:219:27: note: expanded from macro 'fifo_pop'
#define fifo_pop(fifo, i) fifo_pop_front(fifo, (i))
^
drivers/md/bcache/util.h:189:2: note: expanded from macro 'fifo_pop_front'
if (_r) { \
^
drivers/md/bcache/alloc.c:331:15: note: initialize the variable 'bucket' to silence this warning
long bucket;
^
This cannot happen in practice because we only enter the loop
if there is at least one element in the list.
Slightly rearranging the code makes this clearer to both the
reader and the compiler, which avoids the warning.
Signed-off-by: Arnd Bergmann <arnd@arndb.de>
Reviewed-by: Nathan Chancellor <natechancellor@gmail.com>
Signed-off-by: Coly Li <colyli@suse.de>
Signed-off-by: Jens Axboe <axboe@kernel.dk>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/md/bcache/alloc.c | 5 +++--
1 file changed, 3 insertions(+), 2 deletions(-)
diff --git a/drivers/md/bcache/alloc.c b/drivers/md/bcache/alloc.c
index 5002838ea4760..f8986effcb501 100644
--- a/drivers/md/bcache/alloc.c
+++ b/drivers/md/bcache/alloc.c
@@ -327,10 +327,11 @@ static int bch_allocator_thread(void *arg)
* possibly issue discards to them, then we add the bucket to
* the free list:
*/
- while (!fifo_empty(&ca->free_inc)) {
+ while (1) {
long bucket;
- fifo_pop(&ca->free_inc, bucket);
+ if (!fifo_pop(&ca->free_inc, bucket))
+ break;
if (ca->discard) {
mutex_unlock(&ca->set->bucket_lock);
--
2.20.1
^ permalink raw reply related [flat|nested] 429+ messages in thread
* [PATCH 5.1 134/405] RDMA/cma: Consider scope_id while binding to ipv6 ll address
2019-05-30 2:59 [PATCH 5.1 000/405] 5.1.6-stable review Greg Kroah-Hartman
` (132 preceding siblings ...)
2019-05-30 3:02 ` [PATCH 5.1 133/405] bcache: avoid clang -Wunintialized warning Greg Kroah-Hartman
@ 2019-05-30 3:02 ` Greg Kroah-Hartman
2019-05-30 3:02 ` [PATCH 5.1 135/405] vfio-ccw: Do not call flush_workqueue while holding the spinlock Greg Kroah-Hartman
` (275 subsequent siblings)
409 siblings, 0 replies; 429+ messages in thread
From: Greg Kroah-Hartman @ 2019-05-30 3:02 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Parav Pandit, Daniel Jurgens,
Leon Romanovsky, Jason Gunthorpe, Sasha Levin
[ Upstream commit 5d7ed2f27bbd482fd29e6b2e204b1a1ee8a0b268 ]
When two netdev have same link local addresses (such as vlan and non
vlan), two rdma cm listen id should be able to bind to following different
addresses.
listener-1: addr=lla, scope_id=A, port=X
listener-2: addr=lla, scope_id=B, port=X
However while comparing the addresses only addr and port are considered,
due to which 2nd listener fails to listen.
In below example of two listeners, 2nd listener is failing with address in
use error.
$ rping -sv -a fe80::268a:7ff:feb3:d113%ens2f1 -p 4545&
$ rping -sv -a fe80::268a:7ff:feb3:d113%ens2f1.200 -p 4545
rdma_bind_addr: Address already in use
To overcome this, consider the scope_ids as well which forms the accurate
IPv6 link local address.
Signed-off-by: Parav Pandit <parav@mellanox.com>
Reviewed-by: Daniel Jurgens <danielj@mellanox.com>
Signed-off-by: Leon Romanovsky <leonro@mellanox.com>
Signed-off-by: Jason Gunthorpe <jgg@mellanox.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/infiniband/core/cma.c | 25 +++++++++++++++++++------
1 file changed, 19 insertions(+), 6 deletions(-)
diff --git a/drivers/infiniband/core/cma.c b/drivers/infiniband/core/cma.c
index 68c997be24293..c54da16df0beb 100644
--- a/drivers/infiniband/core/cma.c
+++ b/drivers/infiniband/core/cma.c
@@ -1173,18 +1173,31 @@ static inline bool cma_any_addr(const struct sockaddr *addr)
return cma_zero_addr(addr) || cma_loopback_addr(addr);
}
-static int cma_addr_cmp(struct sockaddr *src, struct sockaddr *dst)
+static int cma_addr_cmp(const struct sockaddr *src, const struct sockaddr *dst)
{
if (src->sa_family != dst->sa_family)
return -1;
switch (src->sa_family) {
case AF_INET:
- return ((struct sockaddr_in *) src)->sin_addr.s_addr !=
- ((struct sockaddr_in *) dst)->sin_addr.s_addr;
- case AF_INET6:
- return ipv6_addr_cmp(&((struct sockaddr_in6 *) src)->sin6_addr,
- &((struct sockaddr_in6 *) dst)->sin6_addr);
+ return ((struct sockaddr_in *)src)->sin_addr.s_addr !=
+ ((struct sockaddr_in *)dst)->sin_addr.s_addr;
+ case AF_INET6: {
+ struct sockaddr_in6 *src_addr6 = (struct sockaddr_in6 *)src;
+ struct sockaddr_in6 *dst_addr6 = (struct sockaddr_in6 *)dst;
+ bool link_local;
+
+ if (ipv6_addr_cmp(&src_addr6->sin6_addr,
+ &dst_addr6->sin6_addr))
+ return 1;
+ link_local = ipv6_addr_type(&dst_addr6->sin6_addr) &
+ IPV6_ADDR_LINKLOCAL;
+ /* Link local must match their scope_ids */
+ return link_local ? (src_addr6->sin6_scope_id !=
+ dst_addr6->sin6_scope_id) :
+ 0;
+ }
+
default:
return ib_addr_cmp(&((struct sockaddr_ib *) src)->sib_addr,
&((struct sockaddr_ib *) dst)->sib_addr);
--
2.20.1
^ permalink raw reply related [flat|nested] 429+ messages in thread
* [PATCH 5.1 135/405] vfio-ccw: Do not call flush_workqueue while holding the spinlock
2019-05-30 2:59 [PATCH 5.1 000/405] 5.1.6-stable review Greg Kroah-Hartman
` (133 preceding siblings ...)
2019-05-30 3:02 ` [PATCH 5.1 134/405] RDMA/cma: Consider scope_id while binding to ipv6 ll address Greg Kroah-Hartman
@ 2019-05-30 3:02 ` Greg Kroah-Hartman
2019-05-30 3:02 ` [PATCH 5.1 136/405] vfio-ccw: Release any channel program when releasing/removing vfio-ccw mdev Greg Kroah-Hartman
` (274 subsequent siblings)
409 siblings, 0 replies; 429+ messages in thread
From: Greg Kroah-Hartman @ 2019-05-30 3:02 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Farhan Ali, Eric Farman,
Pierre Morel, Cornelia Huck, Sasha Levin
[ Upstream commit cea5dde42a83b5f0a039da672f8686455936b8d8 ]
Currently we call flush_workqueue while holding the subchannel
spinlock. But flush_workqueue function can go to sleep, so
do not call the function while holding the spinlock.
Fixes the following bug:
[ 285.203430] BUG: scheduling while atomic: bash/14193/0x00000002
[ 285.203434] INFO: lockdep is turned off.
....
[ 285.203485] Preemption disabled at:
[ 285.203488] [<000003ff80243e5c>] vfio_ccw_sch_quiesce+0xbc/0x120 [vfio_ccw]
[ 285.203496] CPU: 7 PID: 14193 Comm: bash Tainted: G W
....
[ 285.203504] Call Trace:
[ 285.203510] ([<0000000000113772>] show_stack+0x82/0xd0)
[ 285.203514] [<0000000000b7a102>] dump_stack+0x92/0xd0
[ 285.203518] [<000000000017b8be>] __schedule_bug+0xde/0xf8
[ 285.203524] [<0000000000b95b5a>] __schedule+0x7a/0xc38
[ 285.203528] [<0000000000b9678a>] schedule+0x72/0xb0
[ 285.203533] [<0000000000b9bfbc>] schedule_timeout+0x34/0x528
[ 285.203538] [<0000000000b97608>] wait_for_common+0x118/0x1b0
[ 285.203544] [<0000000000166d6a>] flush_workqueue+0x182/0x548
[ 285.203550] [<000003ff80243e6e>] vfio_ccw_sch_quiesce+0xce/0x120 [vfio_ccw]
[ 285.203556] [<000003ff80245278>] vfio_ccw_mdev_reset+0x38/0x70 [vfio_ccw]
[ 285.203562] [<000003ff802458b0>] vfio_ccw_mdev_remove+0x40/0x78 [vfio_ccw]
[ 285.203567] [<000003ff801a499c>] mdev_device_remove_ops+0x3c/0x80 [mdev]
[ 285.203573] [<000003ff801a4d5c>] mdev_device_remove+0xc4/0x130 [mdev]
[ 285.203578] [<000003ff801a5074>] remove_store+0x6c/0xa8 [mdev]
[ 285.203582] [<000000000046f494>] kernfs_fop_write+0x14c/0x1f8
[ 285.203588] [<00000000003c1530>] __vfs_write+0x38/0x1a8
[ 285.203593] [<00000000003c187c>] vfs_write+0xb4/0x198
[ 285.203597] [<00000000003c1af2>] ksys_write+0x5a/0xb0
[ 285.203601] [<0000000000b9e270>] system_call+0xdc/0x2d8
Signed-off-by: Farhan Ali <alifm@linux.ibm.com>
Reviewed-by: Eric Farman <farman@linux.ibm.com>
Reviewed-by: Pierre Morel <pmorel@linux.ibm.com>
Message-Id: <626bab8bb2958ae132452e1ddaf1b20882ad5a9d.1554756534.git.alifm@linux.ibm.com>
Signed-off-by: Cornelia Huck <cohuck@redhat.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/s390/cio/vfio_ccw_drv.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/s390/cio/vfio_ccw_drv.c b/drivers/s390/cio/vfio_ccw_drv.c
index 0b3b9de45c602..64bb121ba5987 100644
--- a/drivers/s390/cio/vfio_ccw_drv.c
+++ b/drivers/s390/cio/vfio_ccw_drv.c
@@ -54,9 +54,9 @@ int vfio_ccw_sch_quiesce(struct subchannel *sch)
wait_for_completion_timeout(&completion, 3*HZ);
- spin_lock_irq(sch->lock);
private->completion = NULL;
flush_workqueue(vfio_ccw_work_q);
+ spin_lock_irq(sch->lock);
ret = cio_cancel_halt_clear(sch, &iretry);
};
--
2.20.1
^ permalink raw reply related [flat|nested] 429+ messages in thread
* [PATCH 5.1 136/405] vfio-ccw: Release any channel program when releasing/removing vfio-ccw mdev
2019-05-30 2:59 [PATCH 5.1 000/405] 5.1.6-stable review Greg Kroah-Hartman
` (134 preceding siblings ...)
2019-05-30 3:02 ` [PATCH 5.1 135/405] vfio-ccw: Do not call flush_workqueue while holding the spinlock Greg Kroah-Hartman
@ 2019-05-30 3:02 ` Greg Kroah-Hartman
2019-05-30 3:02 ` [PATCH 5.1 137/405] x86/build: Move _etext to actual end of .text Greg Kroah-Hartman
` (273 subsequent siblings)
409 siblings, 0 replies; 429+ messages in thread
From: Greg Kroah-Hartman @ 2019-05-30 3:02 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Farhan Ali, Eric Farman,
Cornelia Huck, Sasha Levin
[ Upstream commit b49bdc8602b7c9c7a977758bee4125683f73e59f ]
When releasing the vfio-ccw mdev, we currently do not release
any existing channel program and its pinned pages. This can
lead to the following warning:
[1038876.561565] WARNING: CPU: 2 PID: 144727 at drivers/vfio/vfio_iommu_type1.c:1494 vfio_sanity_check_pfn_list+0x40/0x70 [vfio_iommu_type1]
....
1038876.561921] Call Trace:
[1038876.561935] ([<00000009897fb870>] 0x9897fb870)
[1038876.561949] [<000003ff8013bf62>] vfio_iommu_type1_detach_group+0xda/0x2f0 [vfio_iommu_type1]
[1038876.561965] [<000003ff8007b634>] __vfio_group_unset_container+0x64/0x190 [vfio]
[1038876.561978] [<000003ff8007b87e>] vfio_group_put_external_user+0x26/0x38 [vfio]
[1038876.562024] [<000003ff806fc608>] kvm_vfio_group_put_external_user+0x40/0x60 [kvm]
[1038876.562045] [<000003ff806fcb9e>] kvm_vfio_destroy+0x5e/0xd0 [kvm]
[1038876.562065] [<000003ff806f63fc>] kvm_put_kvm+0x2a4/0x3d0 [kvm]
[1038876.562083] [<000003ff806f655e>] kvm_vm_release+0x36/0x48 [kvm]
[1038876.562098] [<00000000003c2dc4>] __fput+0x144/0x228
[1038876.562113] [<000000000016ee82>] task_work_run+0x8a/0xd8
[1038876.562125] [<000000000014c7a8>] do_exit+0x5d8/0xd90
[1038876.562140] [<000000000014d084>] do_group_exit+0xc4/0xc8
[1038876.562155] [<000000000015c046>] get_signal+0x9ae/0xa68
[1038876.562169] [<0000000000108d66>] do_signal+0x66/0x768
[1038876.562185] [<0000000000b9e37e>] system_call+0x1ea/0x2d8
[1038876.562195] 2 locks held by qemu-system-s39/144727:
[1038876.562205] #0: 00000000537abaf9 (&container->group_lock){++++}, at: __vfio_group_unset_container+0x3c/0x190 [vfio]
[1038876.562230] #1: 00000000670008b5 (&iommu->lock){+.+.}, at: vfio_iommu_type1_detach_group+0x36/0x2f0 [vfio_iommu_type1]
[1038876.562250] Last Breaking-Event-Address:
[1038876.562262] [<000003ff8013aa24>] vfio_sanity_check_pfn_list+0x3c/0x70 [vfio_iommu_type1]
[1038876.562272] irq event stamp: 4236481
[1038876.562287] hardirqs last enabled at (4236489): [<00000000001cee7a>] console_unlock+0x6d2/0x740
[1038876.562299] hardirqs last disabled at (4236496): [<00000000001ce87e>] console_unlock+0xd6/0x740
[1038876.562311] softirqs last enabled at (4234162): [<0000000000b9fa1e>] __do_softirq+0x556/0x598
[1038876.562325] softirqs last disabled at (4234153): [<000000000014e4cc>] irq_exit+0xac/0x108
[1038876.562337] ---[ end trace 6c96d467b1c3ca06 ]---
Similarly we do not free the channel program when we are removing
the vfio-ccw device. Let's fix this by resetting the device and freeing
the channel program and pinned pages in the release path. For the remove
path we can just quiesce the device, since in the remove path the mediated
device is going away for good and so we don't need to do a full reset.
Signed-off-by: Farhan Ali <alifm@linux.ibm.com>
Message-Id: <ae9f20dc8873f2027f7b3c5d2aaa0bdfe06850b8.1554756534.git.alifm@linux.ibm.com>
Acked-by: Eric Farman <farman@linux.ibm.com>
Signed-off-by: Cornelia Huck <cohuck@redhat.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/s390/cio/vfio_ccw_ops.c | 11 ++++++++++-
1 file changed, 10 insertions(+), 1 deletion(-)
diff --git a/drivers/s390/cio/vfio_ccw_ops.c b/drivers/s390/cio/vfio_ccw_ops.c
index f673e106c0415..dc5ff47de3fee 100644
--- a/drivers/s390/cio/vfio_ccw_ops.c
+++ b/drivers/s390/cio/vfio_ccw_ops.c
@@ -130,11 +130,12 @@ static int vfio_ccw_mdev_remove(struct mdev_device *mdev)
if ((private->state != VFIO_CCW_STATE_NOT_OPER) &&
(private->state != VFIO_CCW_STATE_STANDBY)) {
- if (!vfio_ccw_mdev_reset(mdev))
+ if (!vfio_ccw_sch_quiesce(private->sch))
private->state = VFIO_CCW_STATE_STANDBY;
/* The state will be NOT_OPER on error. */
}
+ cp_free(&private->cp);
private->mdev = NULL;
atomic_inc(&private->avail);
@@ -158,6 +159,14 @@ static void vfio_ccw_mdev_release(struct mdev_device *mdev)
struct vfio_ccw_private *private =
dev_get_drvdata(mdev_parent_dev(mdev));
+ if ((private->state != VFIO_CCW_STATE_NOT_OPER) &&
+ (private->state != VFIO_CCW_STATE_STANDBY)) {
+ if (!vfio_ccw_mdev_reset(mdev))
+ private->state = VFIO_CCW_STATE_STANDBY;
+ /* The state will be NOT_OPER on error. */
+ }
+
+ cp_free(&private->cp);
vfio_unregister_notifier(mdev_dev(mdev), VFIO_IOMMU_NOTIFY,
&private->nb);
}
--
2.20.1
^ permalink raw reply related [flat|nested] 429+ messages in thread
* [PATCH 5.1 137/405] x86/build: Move _etext to actual end of .text
2019-05-30 2:59 [PATCH 5.1 000/405] 5.1.6-stable review Greg Kroah-Hartman
` (135 preceding siblings ...)
2019-05-30 3:02 ` [PATCH 5.1 136/405] vfio-ccw: Release any channel program when releasing/removing vfio-ccw mdev Greg Kroah-Hartman
@ 2019-05-30 3:02 ` Greg Kroah-Hartman
2019-05-30 3:02 ` [PATCH 5.1 138/405] smpboot: Place the __percpu annotation correctly Greg Kroah-Hartman
` (272 subsequent siblings)
409 siblings, 0 replies; 429+ messages in thread
From: Greg Kroah-Hartman @ 2019-05-30 3:02 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Kees Cook, Borislav Petkov,
Linus Torvalds, Peter Zijlstra, Thomas Gleixner, Ingo Molnar,
Sasha Levin, Sami Tolvanen
[ Upstream commit 392bef709659abea614abfe53cf228e7a59876a4 ]
When building x86 with Clang LTO and CFI, CFI jump regions are
automatically added to the end of the .text section late in linking. As a
result, the _etext position was being labelled before the appended jump
regions, causing confusion about where the boundaries of the executable
region actually are in the running kernel, and broke at least the fault
injection code. This moves the _etext mark to outside (and immediately
after) the .text area, as it already the case on other architectures
(e.g. arm64, arm).
Reported-and-tested-by: Sami Tolvanen <samitolvanen@google.com>
Signed-off-by: Kees Cook <keescook@chromium.org>
Cc: Borislav Petkov <bp@suse.de>
Cc: Linus Torvalds <torvalds@linux-foundation.org>
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: Thomas Gleixner <tglx@linutronix.de>
Link: http://lkml.kernel.org/r/20190423183827.GA4012@beast
Signed-off-by: Ingo Molnar <mingo@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/x86/kernel/vmlinux.lds.S | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/arch/x86/kernel/vmlinux.lds.S b/arch/x86/kernel/vmlinux.lds.S
index a5127b2c195f9..834659288ba9b 100644
--- a/arch/x86/kernel/vmlinux.lds.S
+++ b/arch/x86/kernel/vmlinux.lds.S
@@ -141,11 +141,11 @@ SECTIONS
*(.text.__x86.indirect_thunk)
__indirect_thunk_end = .;
#endif
-
- /* End of text section */
- _etext = .;
} :text = 0x9090
+ /* End of text section */
+ _etext = .;
+
NOTES :text :note
EXCEPTION_TABLE(16) :text = 0x9090
--
2.20.1
^ permalink raw reply related [flat|nested] 429+ messages in thread
* [PATCH 5.1 138/405] smpboot: Place the __percpu annotation correctly
2019-05-30 2:59 [PATCH 5.1 000/405] 5.1.6-stable review Greg Kroah-Hartman
` (136 preceding siblings ...)
2019-05-30 3:02 ` [PATCH 5.1 137/405] x86/build: Move _etext to actual end of .text Greg Kroah-Hartman
@ 2019-05-30 3:02 ` Greg Kroah-Hartman
2019-05-30 3:02 ` [PATCH 5.1 139/405] x86/uaccess: Dont leak the AC flag into __put_user() argument evaluation Greg Kroah-Hartman
` (271 subsequent siblings)
409 siblings, 0 replies; 429+ messages in thread
From: Greg Kroah-Hartman @ 2019-05-30 3:02 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, kbuild test robot,
Sebastian Andrzej Siewior, Linus Torvalds, Paul E. McKenney,
Peter Zijlstra, Thomas Gleixner, Ingo Molnar, Sasha Levin
[ Upstream commit d4645d30b50d1691c26ff0f8fa4e718b08f8d3bb ]
The test robot reported a wrong assignment of a per-CPU variable which
it detected by using sparse and sent a report. The assignment itself is
correct. The annotation for sparse was wrong and hence the report.
The first pointer is a "normal" pointer and points to the per-CPU memory
area. That means that the __percpu annotation has to be moved.
Move the __percpu annotation to pointer which points to the per-CPU
area. This change affects only the sparse tool (and is ignored by the
compiler).
Reported-by: kbuild test robot <lkp@intel.com>
Signed-off-by: Sebastian Andrzej Siewior <bigeasy@linutronix.de>
Cc: Linus Torvalds <torvalds@linux-foundation.org>
Cc: Paul E. McKenney <paulmck@linux.ibm.com>
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: Thomas Gleixner <tglx@linutronix.de>
Fixes: f97f8f06a49fe ("smpboot: Provide infrastructure for percpu hotplug threads")
Link: http://lkml.kernel.org/r/20190424085253.12178-1-bigeasy@linutronix.de
Signed-off-by: Ingo Molnar <mingo@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
include/linux/smpboot.h | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/include/linux/smpboot.h b/include/linux/smpboot.h
index d0884b5250010..9d1bc65d226cc 100644
--- a/include/linux/smpboot.h
+++ b/include/linux/smpboot.h
@@ -29,7 +29,7 @@ struct smpboot_thread_data;
* @thread_comm: The base name of the thread
*/
struct smp_hotplug_thread {
- struct task_struct __percpu **store;
+ struct task_struct * __percpu *store;
struct list_head list;
int (*thread_should_run)(unsigned int cpu);
void (*thread_fn)(unsigned int cpu);
--
2.20.1
^ permalink raw reply related [flat|nested] 429+ messages in thread
* [PATCH 5.1 139/405] x86/uaccess: Dont leak the AC flag into __put_user() argument evaluation
2019-05-30 2:59 [PATCH 5.1 000/405] 5.1.6-stable review Greg Kroah-Hartman
` (137 preceding siblings ...)
2019-05-30 3:02 ` [PATCH 5.1 138/405] smpboot: Place the __percpu annotation correctly Greg Kroah-Hartman
@ 2019-05-30 3:02 ` Greg Kroah-Hartman
2019-05-30 3:02 ` [PATCH 5.1 140/405] x86/mm: Remove in_nmi() warning from 64-bit implementation of vmalloc_fault() Greg Kroah-Hartman
` (270 subsequent siblings)
409 siblings, 0 replies; 429+ messages in thread
From: Greg Kroah-Hartman @ 2019-05-30 3:02 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Randy Dunlap, Peter Zijlstra (Intel),
Linus Torvalds, Thomas Gleixner, luto, Ingo Molnar, Sasha Levin
[ Upstream commit 6ae865615fc43d014da2fd1f1bba7e81ee622d1b ]
The __put_user() macro evaluates it's @ptr argument inside the
__uaccess_begin() / __uaccess_end() region. While this would normally
not be expected to be an issue, an UBSAN bug (it ignored -fwrapv,
fixed in GCC 8+) would transform the @ptr evaluation for:
drivers/gpu/drm/i915/i915_gem_execbuffer.c: if (unlikely(__put_user(offset, &urelocs[r-stack].presumed_offset))) {
into a signed-overflow-UB check and trigger the objtool AC validation.
Finish this commit:
2a418cf3f5f1 ("x86/uaccess: Don't leak the AC flag into __put_user() value evaluation")
and explicitly evaluate all 3 arguments early.
Reported-by: Randy Dunlap <rdunlap@infradead.org>
Signed-off-by: Peter Zijlstra (Intel) <peterz@infradead.org>
Acked-by: Randy Dunlap <rdunlap@infradead.org> # build-tested
Acked-by: Linus Torvalds <torvalds@linux-foundation.org>
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: Thomas Gleixner <tglx@linutronix.de>
Cc: luto@kernel.org
Fixes: 2a418cf3f5f1 ("x86/uaccess: Don't leak the AC flag into __put_user() value evaluation")
Link: http://lkml.kernel.org/r/20190424072208.695962771@infradead.org
Signed-off-by: Ingo Molnar <mingo@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/x86/include/asm/uaccess.h | 7 ++++---
1 file changed, 4 insertions(+), 3 deletions(-)
diff --git a/arch/x86/include/asm/uaccess.h b/arch/x86/include/asm/uaccess.h
index 1954dd5552a2e..3822cc8ac9d6d 100644
--- a/arch/x86/include/asm/uaccess.h
+++ b/arch/x86/include/asm/uaccess.h
@@ -427,10 +427,11 @@ do { \
({ \
__label__ __pu_label; \
int __pu_err = -EFAULT; \
- __typeof__(*(ptr)) __pu_val; \
- __pu_val = x; \
+ __typeof__(*(ptr)) __pu_val = (x); \
+ __typeof__(ptr) __pu_ptr = (ptr); \
+ __typeof__(size) __pu_size = (size); \
__uaccess_begin(); \
- __put_user_size(__pu_val, (ptr), (size), __pu_label); \
+ __put_user_size(__pu_val, __pu_ptr, __pu_size, __pu_label); \
__pu_err = 0; \
__pu_label: \
__uaccess_end(); \
--
2.20.1
^ permalink raw reply related [flat|nested] 429+ messages in thread
* [PATCH 5.1 140/405] x86/mm: Remove in_nmi() warning from 64-bit implementation of vmalloc_fault()
2019-05-30 2:59 [PATCH 5.1 000/405] 5.1.6-stable review Greg Kroah-Hartman
` (138 preceding siblings ...)
2019-05-30 3:02 ` [PATCH 5.1 139/405] x86/uaccess: Dont leak the AC flag into __put_user() argument evaluation Greg Kroah-Hartman
@ 2019-05-30 3:02 ` Greg Kroah-Hartman
2019-05-30 3:02 ` [PATCH 5.1 141/405] mm/uaccess: Use unsigned long to placate UBSAN warnings on older GCC versions Greg Kroah-Hartman
` (269 subsequent siblings)
409 siblings, 0 replies; 429+ messages in thread
From: Greg Kroah-Hartman @ 2019-05-30 3:02 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Nicolai Stange, Jiri Kosina,
Peter Zijlstra (Intel),
Andy Lutomirski, Borislav Petkov, Dave Hansen,
Frederic Weisbecker, Joerg Roedel, Linus Torvalds,
Thomas Gleixner, Ingo Molnar, Sasha Levin
[ Upstream commit a65c88e16f32aa9ef2e8caa68ea5c29bd5eb0ff0 ]
In-NMI warnings have been added to vmalloc_fault() via:
ebc8827f75 ("x86: Barf when vmalloc and kmemcheck faults happen in NMI")
back in the time when our NMI entry code could not cope with nested NMIs.
These days, it's perfectly fine to take a fault in NMI context and we
don't have to care about the fact that IRET from the fault handler might
cause NMI nesting.
This warning has already been removed from 32-bit implementation of
vmalloc_fault() in:
6863ea0cda8 ("x86/mm: Remove in_nmi() warning from vmalloc_fault()")
but the 64-bit version was omitted.
Remove the bogus warning also from 64-bit implementation of vmalloc_fault().
Reported-by: Nicolai Stange <nstange@suse.de>
Signed-off-by: Jiri Kosina <jkosina@suse.cz>
Acked-by: Peter Zijlstra (Intel) <peterz@infradead.org>
Cc: Andy Lutomirski <luto@kernel.org>
Cc: Borislav Petkov <bp@alien8.de>
Cc: Dave Hansen <dave.hansen@linux.intel.com>
Cc: Frederic Weisbecker <fweisbec@gmail.com>
Cc: Joerg Roedel <jroedel@suse.de>
Cc: Linus Torvalds <torvalds@linux-foundation.org>
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: Thomas Gleixner <tglx@linutronix.de>
Fixes: 6863ea0cda8 ("x86/mm: Remove in_nmi() warning from vmalloc_fault()")
Link: http://lkml.kernel.org/r/nycvar.YFH.7.76.1904240902280.9803@cbobk.fhfr.pm
Signed-off-by: Ingo Molnar <mingo@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/x86/mm/fault.c | 2 --
1 file changed, 2 deletions(-)
diff --git a/arch/x86/mm/fault.c b/arch/x86/mm/fault.c
index 667f1da36208e..5eaf67e8314f1 100644
--- a/arch/x86/mm/fault.c
+++ b/arch/x86/mm/fault.c
@@ -359,8 +359,6 @@ static noinline int vmalloc_fault(unsigned long address)
if (!(address >= VMALLOC_START && address < VMALLOC_END))
return -1;
- WARN_ON_ONCE(in_nmi());
-
/*
* Copy kernel mappings over when needed. This can also
* happen within a race in page table update. In the later
--
2.20.1
^ permalink raw reply related [flat|nested] 429+ messages in thread
* [PATCH 5.1 141/405] mm/uaccess: Use unsigned long to placate UBSAN warnings on older GCC versions
2019-05-30 2:59 [PATCH 5.1 000/405] 5.1.6-stable review Greg Kroah-Hartman
` (139 preceding siblings ...)
2019-05-30 3:02 ` [PATCH 5.1 140/405] x86/mm: Remove in_nmi() warning from 64-bit implementation of vmalloc_fault() Greg Kroah-Hartman
@ 2019-05-30 3:02 ` Greg Kroah-Hartman
2019-05-30 3:02 ` [PATCH 5.1 142/405] Bluetooth: hci_qca: Fix crash with non-serdev devices Greg Kroah-Hartman
` (268 subsequent siblings)
409 siblings, 0 replies; 429+ messages in thread
From: Greg Kroah-Hartman @ 2019-05-30 3:02 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Randy Dunlap, Peter Zijlstra (Intel),
Linus Torvalds, Thomas Gleixner, luto, Ingo Molnar, Sasha Levin
[ Upstream commit 29da93fea3ea39ab9b12270cc6be1b70ef201c9e ]
Randy reported objtool triggered on his (GCC-7.4) build:
lib/strncpy_from_user.o: warning: objtool: strncpy_from_user()+0x315: call to __ubsan_handle_add_overflow() with UACCESS enabled
lib/strnlen_user.o: warning: objtool: strnlen_user()+0x337: call to __ubsan_handle_sub_overflow() with UACCESS enabled
This is due to UBSAN generating signed-overflow-UB warnings where it
should not. Prior to GCC-8 UBSAN ignored -fwrapv (which the kernel
uses through -fno-strict-overflow).
Make the functions use 'unsigned long' throughout.
Reported-by: Randy Dunlap <rdunlap@infradead.org>
Signed-off-by: Peter Zijlstra (Intel) <peterz@infradead.org>
Acked-by: Randy Dunlap <rdunlap@infradead.org> # build-tested
Acked-by: Linus Torvalds <torvalds@linux-foundation.org>
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: Thomas Gleixner <tglx@linutronix.de>
Cc: luto@kernel.org
Link: http://lkml.kernel.org/r/20190424072208.754094071@infradead.org
Signed-off-by: Ingo Molnar <mingo@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
lib/strncpy_from_user.c | 5 +++--
lib/strnlen_user.c | 4 ++--
2 files changed, 5 insertions(+), 4 deletions(-)
diff --git a/lib/strncpy_from_user.c b/lib/strncpy_from_user.c
index 58eacd41526c5..023ba9f3b99f0 100644
--- a/lib/strncpy_from_user.c
+++ b/lib/strncpy_from_user.c
@@ -23,10 +23,11 @@
* hit it), 'max' is the address space maximum (and we return
* -EFAULT if we hit it).
*/
-static inline long do_strncpy_from_user(char *dst, const char __user *src, long count, unsigned long max)
+static inline long do_strncpy_from_user(char *dst, const char __user *src,
+ unsigned long count, unsigned long max)
{
const struct word_at_a_time constants = WORD_AT_A_TIME_CONSTANTS;
- long res = 0;
+ unsigned long res = 0;
/*
* Truncate 'max' to the user-specified limit, so that
diff --git a/lib/strnlen_user.c b/lib/strnlen_user.c
index 1c1a1b0e38a5f..7f2db3fe311fd 100644
--- a/lib/strnlen_user.c
+++ b/lib/strnlen_user.c
@@ -28,7 +28,7 @@
static inline long do_strnlen_user(const char __user *src, unsigned long count, unsigned long max)
{
const struct word_at_a_time constants = WORD_AT_A_TIME_CONSTANTS;
- long align, res = 0;
+ unsigned long align, res = 0;
unsigned long c;
/*
@@ -42,7 +42,7 @@ static inline long do_strnlen_user(const char __user *src, unsigned long count,
* Do everything aligned. But that means that we
* need to also expand the maximum..
*/
- align = (sizeof(long) - 1) & (unsigned long)src;
+ align = (sizeof(unsigned long) - 1) & (unsigned long)src;
src -= align;
max += align;
--
2.20.1
^ permalink raw reply related [flat|nested] 429+ messages in thread
* [PATCH 5.1 142/405] Bluetooth: hci_qca: Fix crash with non-serdev devices
2019-05-30 2:59 [PATCH 5.1 000/405] 5.1.6-stable review Greg Kroah-Hartman
` (140 preceding siblings ...)
2019-05-30 3:02 ` [PATCH 5.1 141/405] mm/uaccess: Use unsigned long to placate UBSAN warnings on older GCC versions Greg Kroah-Hartman
@ 2019-05-30 3:02 ` Greg Kroah-Hartman
2019-05-30 3:02 ` [PATCH 5.1 143/405] Bluetooth: hci_qca: Give enough time to ROME controller to bootup Greg Kroah-Hartman
` (267 subsequent siblings)
409 siblings, 0 replies; 429+ messages in thread
From: Greg Kroah-Hartman @ 2019-05-30 3:02 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Balakrishna Godavarthi, Rocky Liao,
Matthias Kaehlcke, Marcel Holtmann, Sasha Levin
[ Upstream commit ecf2b768bd11e2ff09ecbe621b387d0d58e970cf ]
qca_set_baudrate() calls serdev_device_wait_until_sent() assuming that
the HCI is always associated with a serdev device. This isn't true for
ROME controllers instantiated through ldisc, where the call causes a
crash due to a NULL pointer dereferentiation. Only call the function
when we have a serdev device. The timeout for ROME devices at the end
of qca_set_baudrate() is long enough to be reasonably sure that the
command was sent.
Fixes: fa9ad876b8e0 ("Bluetooth: hci_qca: Add support for Qualcomm Bluetooth chip wcn3990")
Reported-by: Balakrishna Godavarthi <bgodavar@codeaurora.org>
Reported-by: Rocky Liao <rjliao@codeaurora.org>
Signed-off-by: Matthias Kaehlcke <mka@chromium.org>
Reviewed-by: Rocky Liao <rjliao@codeaurora.org>
Tested-by: Rocky Liao <rjliao@codeaurora.org>
Reviewed-by: Balakrishna Godavarthi <bgodavar@codeaurora.org>
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/bluetooth/hci_qca.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/drivers/bluetooth/hci_qca.c b/drivers/bluetooth/hci_qca.c
index 237aea34b69f1..340c3c750b180 100644
--- a/drivers/bluetooth/hci_qca.c
+++ b/drivers/bluetooth/hci_qca.c
@@ -992,7 +992,8 @@ static int qca_set_baudrate(struct hci_dev *hdev, uint8_t baudrate)
while (!skb_queue_empty(&qca->txq))
usleep_range(100, 200);
- serdev_device_wait_until_sent(hu->serdev,
+ if (hu->serdev)
+ serdev_device_wait_until_sent(hu->serdev,
msecs_to_jiffies(CMD_TRANS_TIMEOUT_MS));
/* Give the controller time to process the request */
--
2.20.1
^ permalink raw reply related [flat|nested] 429+ messages in thread
* [PATCH 5.1 143/405] Bluetooth: hci_qca: Give enough time to ROME controller to bootup.
2019-05-30 2:59 [PATCH 5.1 000/405] 5.1.6-stable review Greg Kroah-Hartman
` (141 preceding siblings ...)
2019-05-30 3:02 ` [PATCH 5.1 142/405] Bluetooth: hci_qca: Fix crash with non-serdev devices Greg Kroah-Hartman
@ 2019-05-30 3:02 ` Greg Kroah-Hartman
2019-05-30 3:02 ` [PATCH 5.1 144/405] Bluetooth: btbcm: Add default address for BCM43341B Greg Kroah-Hartman
` (266 subsequent siblings)
409 siblings, 0 replies; 429+ messages in thread
From: Greg Kroah-Hartman @ 2019-05-30 3:02 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Balakrishna Godavarthi, Rocky Liao,
Claire Chang, Marcel Holtmann, Sasha Levin
[ Upstream commit 7f09d5a6c33be66a5ca19bf9dd1c2d90c5dfcf0d ]
This patch enables enough time to ROME controller to bootup
after we bring the enable pin out of reset.
Fixes: 05ba533c5c11 ("Bluetooth: hci_qca: Add serdev support").
Signed-off-by: Balakrishna Godavarthi <bgodavar@codeaurora.org>
Reviewed-by: Rocky Liao <rjliao@codeaurora.org>
Tested-by: Rocky Liao <rjliao@codeaurora.org>
Tested-by: Claire Chang <tientzu@chromium.org>
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/bluetooth/hci_qca.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/drivers/bluetooth/hci_qca.c b/drivers/bluetooth/hci_qca.c
index 340c3c750b180..d3b467792eb3d 100644
--- a/drivers/bluetooth/hci_qca.c
+++ b/drivers/bluetooth/hci_qca.c
@@ -508,6 +508,8 @@ static int qca_open(struct hci_uart *hu)
qcadev = serdev_device_get_drvdata(hu->serdev);
if (qcadev->btsoc_type != QCA_WCN3990) {
gpiod_set_value_cansleep(qcadev->bt_en, 1);
+ /* Controller needs time to bootup. */
+ msleep(150);
} else {
hu->init_speed = qcadev->init_speed;
hu->oper_speed = qcadev->oper_speed;
--
2.20.1
^ permalink raw reply related [flat|nested] 429+ messages in thread
* [PATCH 5.1 144/405] Bluetooth: btbcm: Add default address for BCM43341B
2019-05-30 2:59 [PATCH 5.1 000/405] 5.1.6-stable review Greg Kroah-Hartman
` (142 preceding siblings ...)
2019-05-30 3:02 ` [PATCH 5.1 143/405] Bluetooth: hci_qca: Give enough time to ROME controller to bootup Greg Kroah-Hartman
@ 2019-05-30 3:02 ` Greg Kroah-Hartman
2019-05-30 3:02 ` [PATCH 5.1 145/405] Bluetooth: mediatek: Fixed incorrect type in assignment Greg Kroah-Hartman
` (265 subsequent siblings)
409 siblings, 0 replies; 429+ messages in thread
From: Greg Kroah-Hartman @ 2019-05-30 3:02 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Andy Shevchenko, Ferry Toth,
Marcel Holtmann, Sasha Levin
[ Upstream commit 5035726128cd2e3813ee44deedb9898509edb232 ]
The BCM43341B has the default MAC address 43:34:1B:00:1F:AC if none
is given. This address was found when enabling Bluetooth on multiple
Intel Edison modules. It also contains the sequence 43341B, the name
the chip identifies itself as. Using the same BD_ADDR is problematic
when having multiple Intel Edison modules in each others range.
The default address also has the LAA (locally administered address)
bit set which prevents a BNEP device from being created, needed for
BT tethering.
Add this to the list of black listed default MAC addresses and let
the user configure a valid one using f.i.
`btmgmt -i hci0 public-addr xx:xx:xx:xx:xx:xx`
Suggested-by: Andy Shevchenko <andriy.shevchenko@linux.intel.com>
Signed-off-by: Ferry Toth <ftoth@exalondelft.nl>
Reviewed-by: Andy Shevchenko <andriy.shevchenko@linux.intel.com>
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/bluetooth/btbcm.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/drivers/bluetooth/btbcm.c b/drivers/bluetooth/btbcm.c
index d5d6e6e5da3bf..62d3aa2b26f60 100644
--- a/drivers/bluetooth/btbcm.c
+++ b/drivers/bluetooth/btbcm.c
@@ -37,6 +37,7 @@
#define BDADDR_BCM43430A0 (&(bdaddr_t) {{0xac, 0x1f, 0x12, 0xa0, 0x43, 0x43}})
#define BDADDR_BCM4324B3 (&(bdaddr_t) {{0x00, 0x00, 0x00, 0xb3, 0x24, 0x43}})
#define BDADDR_BCM4330B1 (&(bdaddr_t) {{0x00, 0x00, 0x00, 0xb1, 0x30, 0x43}})
+#define BDADDR_BCM43341B (&(bdaddr_t) {{0xac, 0x1f, 0x00, 0x1b, 0x34, 0x43}})
int btbcm_check_bdaddr(struct hci_dev *hdev)
{
@@ -82,7 +83,8 @@ int btbcm_check_bdaddr(struct hci_dev *hdev)
!bacmp(&bda->bdaddr, BDADDR_BCM20702A1) ||
!bacmp(&bda->bdaddr, BDADDR_BCM4324B3) ||
!bacmp(&bda->bdaddr, BDADDR_BCM4330B1) ||
- !bacmp(&bda->bdaddr, BDADDR_BCM43430A0)) {
+ !bacmp(&bda->bdaddr, BDADDR_BCM43430A0) ||
+ !bacmp(&bda->bdaddr, BDADDR_BCM43341B)) {
bt_dev_info(hdev, "BCM: Using default device address (%pMR)",
&bda->bdaddr);
set_bit(HCI_QUIRK_INVALID_BDADDR, &hdev->quirks);
--
2.20.1
^ permalink raw reply related [flat|nested] 429+ messages in thread
* [PATCH 5.1 145/405] Bluetooth: mediatek: Fixed incorrect type in assignment
2019-05-30 2:59 [PATCH 5.1 000/405] 5.1.6-stable review Greg Kroah-Hartman
` (143 preceding siblings ...)
2019-05-30 3:02 ` [PATCH 5.1 144/405] Bluetooth: btbcm: Add default address for BCM43341B Greg Kroah-Hartman
@ 2019-05-30 3:02 ` Greg Kroah-Hartman
2019-05-30 3:02 ` [PATCH 5.1 146/405] HID: logitech-hidpp: use RAP instead of FAP to get the protocol version Greg Kroah-Hartman
` (264 subsequent siblings)
409 siblings, 0 replies; 429+ messages in thread
From: Greg Kroah-Hartman @ 2019-05-30 3:02 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, kernel test robot, Sean Wang,
Marcel Holtmann, Sasha Levin
[ Upstream commit cac63f9b163700fb70a609ad220697c61b797d6b ]
Fixed warning: incorrect type in assignment reported by kbuild test robot.
The detailed warning is shown as below.
make ARCH=x86_64 allmodconfig
make C=1 CF='-fdiagnostic-prefix -D__CHECK_ENDIAN__'
All warnings (new ones prefixed by >>):
btmtkuart.c:671:18: sparse: warning: incorrect type in assignment
(different base types)
btmtkuart.c:671:18: sparse: expected unsigned int [usertype] baudrate
btmtkuart.c:671:18: sparse: got restricted __le32 [usertype]
sparse warnings: (new ones prefixed by >>)
btmtkuart.c:671:18: sparse: warning: incorrect type in assignment
(different base types)
btmtkuart.c:671:18: sparse: expected unsigned int [usertype] baudrate
btmtkuart.c:671:18: sparse: got restricted __le32 [usertype]
vim +671 drivers/bluetooth/btmtkuart.c
659
660 static int btmtkuart_change_baudrate(struct hci_dev *hdev)
661 {
662 struct btmtkuart_dev *bdev = hci_get_drvdata(hdev);
663 struct btmtk_hci_wmt_params wmt_params;
664 u32 baudrate;
665 u8 param;
666 int err;
667
668 /* Indicate the device to enter the probe state the host is
669 * ready to change a new baudrate.
670 */
> 671 baudrate = cpu_to_le32(bdev->desired_speed);
672 wmt_params.op = MTK_WMT_HIF;
Fixes: 22eaf6c9946a ("Bluetooth: mediatek: add support for MediaTek MT7663U and MT7668U UART devices")
Reported-by: kernel test robot <lkp@intel.com>
Signed-off-by: Sean Wang <sean.wang@mediatek.com>
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/bluetooth/btmtkuart.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/bluetooth/btmtkuart.c b/drivers/bluetooth/btmtkuart.c
index b0b680dd69f49..f5dbeec8e2748 100644
--- a/drivers/bluetooth/btmtkuart.c
+++ b/drivers/bluetooth/btmtkuart.c
@@ -661,7 +661,7 @@ static int btmtkuart_change_baudrate(struct hci_dev *hdev)
{
struct btmtkuart_dev *bdev = hci_get_drvdata(hdev);
struct btmtk_hci_wmt_params wmt_params;
- u32 baudrate;
+ __le32 baudrate;
u8 param;
int err;
--
2.20.1
^ permalink raw reply related [flat|nested] 429+ messages in thread
* [PATCH 5.1 146/405] HID: logitech-hidpp: use RAP instead of FAP to get the protocol version
2019-05-30 2:59 [PATCH 5.1 000/405] 5.1.6-stable review Greg Kroah-Hartman
` (144 preceding siblings ...)
2019-05-30 3:02 ` [PATCH 5.1 145/405] Bluetooth: mediatek: Fixed incorrect type in assignment Greg Kroah-Hartman
@ 2019-05-30 3:02 ` Greg Kroah-Hartman
2019-05-30 3:02 ` [PATCH 5.1 147/405] pinctrl: pistachio: fix leaked of_node references Greg Kroah-Hartman
` (263 subsequent siblings)
409 siblings, 0 replies; 429+ messages in thread
From: Greg Kroah-Hartman @ 2019-05-30 3:02 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Hans de Goede, Benjamin Tissoires,
Sasha Levin
[ Upstream commit 096377525cdb8251e4656085efc988bdf733fb4c ]
According to the logitech_hidpp_2.0_specification_draft_2012-06-04.pdf doc:
https://lekensteyn.nl/files/logitech/logitech_hidpp_2.0_specification_draft_2012-06-04.pdf
We should use a register-access-protocol request using the short input /
output report ids. This is necessary because 27MHz HID++ receivers have
a max-packetsize on their HIP++ endpoint of 8, so they cannot support
long reports. Using a feature-access-protocol request (which is always
long or very-long) with these will cause a timeout error, followed by
the hidpp driver treating the device as not being HID++ capable.
This commit fixes this by switching to using a rap request to get the
protocol version.
Besides being tested with a (046d:c517) 27MHz receiver with various
27MHz keyboards and mice, this has also been tested to not cause
regressions on a non-unifying dual-HID++ nano receiver (046d:c534) with
k270 and m185 HID++-2.0 devices connected and on a unifying/dj receiver
(046d:c52b) with a HID++-2.0 Logitech Rechargeable Touchpad T650.
Signed-off-by: Hans de Goede <hdegoede@redhat.com>
Signed-off-by: Benjamin Tissoires <benjamin.tissoires@redhat.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/hid/hid-logitech-hidpp.c | 17 +++++++++++++----
1 file changed, 13 insertions(+), 4 deletions(-)
diff --git a/drivers/hid/hid-logitech-hidpp.c b/drivers/hid/hid-logitech-hidpp.c
index 199cc256e9d9d..ffd30c7492df8 100644
--- a/drivers/hid/hid-logitech-hidpp.c
+++ b/drivers/hid/hid-logitech-hidpp.c
@@ -836,13 +836,16 @@ static int hidpp_root_get_feature(struct hidpp_device *hidpp, u16 feature,
static int hidpp_root_get_protocol_version(struct hidpp_device *hidpp)
{
+ const u8 ping_byte = 0x5a;
+ u8 ping_data[3] = { 0, 0, ping_byte };
struct hidpp_report response;
int ret;
- ret = hidpp_send_fap_command_sync(hidpp,
+ ret = hidpp_send_rap_command_sync(hidpp,
+ REPORT_ID_HIDPP_SHORT,
HIDPP_PAGE_ROOT_IDX,
CMD_ROOT_GET_PROTOCOL_VERSION,
- NULL, 0, &response);
+ ping_data, sizeof(ping_data), &response);
if (ret == HIDPP_ERROR_INVALID_SUBID) {
hidpp->protocol_major = 1;
@@ -862,8 +865,14 @@ static int hidpp_root_get_protocol_version(struct hidpp_device *hidpp)
if (ret)
return ret;
- hidpp->protocol_major = response.fap.params[0];
- hidpp->protocol_minor = response.fap.params[1];
+ if (response.rap.params[2] != ping_byte) {
+ hid_err(hidpp->hid_dev, "%s: ping mismatch 0x%02x != 0x%02x\n",
+ __func__, response.rap.params[2], ping_byte);
+ return -EPROTO;
+ }
+
+ hidpp->protocol_major = response.rap.params[0];
+ hidpp->protocol_minor = response.rap.params[1];
return ret;
}
--
2.20.1
^ permalink raw reply related [flat|nested] 429+ messages in thread
* [PATCH 5.1 147/405] pinctrl: pistachio: fix leaked of_node references
2019-05-30 2:59 [PATCH 5.1 000/405] 5.1.6-stable review Greg Kroah-Hartman
` (145 preceding siblings ...)
2019-05-30 3:02 ` [PATCH 5.1 146/405] HID: logitech-hidpp: use RAP instead of FAP to get the protocol version Greg Kroah-Hartman
@ 2019-05-30 3:02 ` Greg Kroah-Hartman
2019-05-30 3:02 ` [PATCH 5.1 148/405] pinctrl: st: " Greg Kroah-Hartman
` (262 subsequent siblings)
409 siblings, 0 replies; 429+ messages in thread
From: Greg Kroah-Hartman @ 2019-05-30 3:02 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Wen Yang, Linus Walleij, linux-gpio,
Sasha Levin
[ Upstream commit 44a4455ac2c6b0981eace683a2b6eccf47689022 ]
The call to of_get_child_by_name returns a node pointer with refcount
incremented thus it must be explicitly decremented after the last
usage.
Detected by coccinelle with the following warnings:
./drivers/pinctrl/pinctrl-pistachio.c:1422:1-7: ERROR: missing of_node_put; acquired a node pointer with refcount incremented on line 1360, but without a corresponding object release within this function.
Signed-off-by: Wen Yang <wen.yang99@zte.com.cn>
Cc: Linus Walleij <linus.walleij@linaro.org>
Cc: linux-gpio@vger.kernel.org
Cc: linux-kernel@vger.kernel.org
Signed-off-by: Linus Walleij <linus.walleij@linaro.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/pinctrl/pinctrl-pistachio.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/drivers/pinctrl/pinctrl-pistachio.c b/drivers/pinctrl/pinctrl-pistachio.c
index aa5f949ef219c..5b0678f310e52 100644
--- a/drivers/pinctrl/pinctrl-pistachio.c
+++ b/drivers/pinctrl/pinctrl-pistachio.c
@@ -1367,6 +1367,7 @@ static int pistachio_gpio_register(struct pistachio_pinctrl *pctl)
if (!of_find_property(child, "gpio-controller", NULL)) {
dev_err(pctl->dev,
"No gpio-controller property for bank %u\n", i);
+ of_node_put(child);
ret = -ENODEV;
goto err;
}
@@ -1374,6 +1375,7 @@ static int pistachio_gpio_register(struct pistachio_pinctrl *pctl)
irq = irq_of_parse_and_map(child, 0);
if (irq < 0) {
dev_err(pctl->dev, "No IRQ for bank %u: %d\n", i, irq);
+ of_node_put(child);
ret = irq;
goto err;
}
--
2.20.1
^ permalink raw reply related [flat|nested] 429+ messages in thread
* [PATCH 5.1 148/405] pinctrl: st: fix leaked of_node references
2019-05-30 2:59 [PATCH 5.1 000/405] 5.1.6-stable review Greg Kroah-Hartman
` (146 preceding siblings ...)
2019-05-30 3:02 ` [PATCH 5.1 147/405] pinctrl: pistachio: fix leaked of_node references Greg Kroah-Hartman
@ 2019-05-30 3:02 ` Greg Kroah-Hartman
2019-05-30 3:02 ` [PATCH 5.1 149/405] pinctrl: samsung: " Greg Kroah-Hartman
` (261 subsequent siblings)
409 siblings, 0 replies; 429+ messages in thread
From: Greg Kroah-Hartman @ 2019-05-30 3:02 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Wen Yang, Patrice Chotard,
Linus Walleij, linux-gpio, Sasha Levin
[ Upstream commit 483d70d73beaecab55882fcd2a357af72674e24c ]
The call to of_get_child_by_name returns a node pointer with refcount
incremented thus it must be explicitly decremented after the last
usage.
Detected by coccinelle with the following warnings:
./drivers/pinctrl/pinctrl-st.c:1188:3-9: ERROR: missing of_node_put; acquired a node pointer with refcount incremented on line 1175, but without a corresponding object release within this function.
./drivers/pinctrl/pinctrl-st.c:1188:3-9: ERROR: missing of_node_put; acquired a node pointer with refcount incremented on line 1175, but without a corresponding object release within this function.
./drivers/pinctrl/pinctrl-st.c:1199:2-8: ERROR: missing of_node_put; acquired a node pointer with refcount incremented on line 1175, but without a corresponding object release within this function.
./drivers/pinctrl/pinctrl-st.c:1199:2-8: ERROR: missing of_node_put; acquired a node pointer with refcount incremented on line 1175, but without a corresponding object release within this function.
Signed-off-by: Wen Yang <wen.yang99@zte.com.cn>
Cc: Patrice Chotard <patrice.chotard@st.com>
Cc: Linus Walleij <linus.walleij@linaro.org>
Cc: linux-gpio@vger.kernel.org
Cc: linux-kernel@vger.kernel.org (open list)
Reviewed-by: Patrice Chotard <patrice.chotard@st.com>
Signed-off-by: Linus Walleij <linus.walleij@linaro.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/pinctrl/pinctrl-st.c | 15 ++++++++++-----
1 file changed, 10 insertions(+), 5 deletions(-)
diff --git a/drivers/pinctrl/pinctrl-st.c b/drivers/pinctrl/pinctrl-st.c
index e66af93f2cbf8..195b442a23434 100644
--- a/drivers/pinctrl/pinctrl-st.c
+++ b/drivers/pinctrl/pinctrl-st.c
@@ -1170,7 +1170,7 @@ static int st_pctl_dt_parse_groups(struct device_node *np,
struct property *pp;
struct st_pinconf *conf;
struct device_node *pins;
- int i = 0, npins = 0, nr_props;
+ int i = 0, npins = 0, nr_props, ret = 0;
pins = of_get_child_by_name(np, "st,pins");
if (!pins)
@@ -1185,7 +1185,8 @@ static int st_pctl_dt_parse_groups(struct device_node *np,
npins++;
} else {
pr_warn("Invalid st,pins in %pOFn node\n", np);
- return -EINVAL;
+ ret = -EINVAL;
+ goto out_put_node;
}
}
@@ -1195,8 +1196,10 @@ static int st_pctl_dt_parse_groups(struct device_node *np,
grp->pin_conf = devm_kcalloc(info->dev,
npins, sizeof(*conf), GFP_KERNEL);
- if (!grp->pins || !grp->pin_conf)
- return -ENOMEM;
+ if (!grp->pins || !grp->pin_conf) {
+ ret = -ENOMEM;
+ goto out_put_node;
+ }
/* <bank offset mux direction rt_type rt_delay rt_clk> */
for_each_property_of_node(pins, pp) {
@@ -1229,9 +1232,11 @@ static int st_pctl_dt_parse_groups(struct device_node *np,
}
i++;
}
+
+out_put_node:
of_node_put(pins);
- return 0;
+ return ret;
}
static int st_pctl_parse_functions(struct device_node *np,
--
2.20.1
^ permalink raw reply related [flat|nested] 429+ messages in thread
* [PATCH 5.1 149/405] pinctrl: samsung: fix leaked of_node references
2019-05-30 2:59 [PATCH 5.1 000/405] 5.1.6-stable review Greg Kroah-Hartman
` (147 preceding siblings ...)
2019-05-30 3:02 ` [PATCH 5.1 148/405] pinctrl: st: " Greg Kroah-Hartman
@ 2019-05-30 3:02 ` Greg Kroah-Hartman
2019-05-30 3:02 ` [PATCH 5.1 150/405] clk: rockchip: undo several noc and special clocks as critical on rk3288 Greg Kroah-Hartman
` (260 subsequent siblings)
409 siblings, 0 replies; 429+ messages in thread
From: Greg Kroah-Hartman @ 2019-05-30 3:02 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Wen Yang, Linus Walleij, Tomasz Figa,
Sylwester Nawrocki, Kukjin Kim, linux-samsung-soc, linux-gpio,
Krzysztof Kozlowski, Sasha Levin
[ Upstream commit 44b9f86cd41db6c522effa5aec251d664a52fbc0 ]
The call to of_find_compatible_node returns a node pointer with refcount
incremented thus it must be explicitly decremented after the last
usage.
Detected by coccinelle with the following warnings:
./drivers/pinctrl/samsung/pinctrl-exynos-arm.c:76:2-8: ERROR: missing of_node_put; acquired a node pointer with refcount incremented on line 66, but without a corresponding object release within this function.
./drivers/pinctrl/samsung/pinctrl-exynos-arm.c:82:1-7: ERROR: missing of_node_put; acquired a node pointer with refcount incremented on line 66, but without a corresponding object release within this function.
Signed-off-by: Wen Yang <wen.yang99@zte.com.cn>
Cc: Linus Walleij <linus.walleij@linaro.org>
Cc: Tomasz Figa <tomasz.figa@gmail.com>
Cc: Sylwester Nawrocki <s.nawrocki@samsung.com>
Cc: Kukjin Kim <kgene@kernel.org>
Cc: linux-samsung-soc@vger.kernel.org
Cc: linux-gpio@vger.kernel.org
Cc: linux-kernel@vger.kernel.org
Reviewed-by: Krzysztof Kozlowski <krzk@kernel.org>
Signed-off-by: Linus Walleij <linus.walleij@linaro.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/pinctrl/samsung/pinctrl-exynos-arm.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/drivers/pinctrl/samsung/pinctrl-exynos-arm.c b/drivers/pinctrl/samsung/pinctrl-exynos-arm.c
index 44c6b753f692a..85ddf49a51885 100644
--- a/drivers/pinctrl/samsung/pinctrl-exynos-arm.c
+++ b/drivers/pinctrl/samsung/pinctrl-exynos-arm.c
@@ -71,6 +71,7 @@ s5pv210_retention_init(struct samsung_pinctrl_drv_data *drvdata,
}
clk_base = of_iomap(np, 0);
+ of_node_put(np);
if (!clk_base) {
pr_err("%s: failed to map clock registers\n", __func__);
return ERR_PTR(-EINVAL);
--
2.20.1
^ permalink raw reply related [flat|nested] 429+ messages in thread
* [PATCH 5.1 150/405] clk: rockchip: undo several noc and special clocks as critical on rk3288
2019-05-30 2:59 [PATCH 5.1 000/405] 5.1.6-stable review Greg Kroah-Hartman
` (148 preceding siblings ...)
2019-05-30 3:02 ` [PATCH 5.1 149/405] pinctrl: samsung: " Greg Kroah-Hartman
@ 2019-05-30 3:02 ` Greg Kroah-Hartman
2019-05-30 3:02 ` [PATCH 5.1 151/405] perf/arm-cci: Remove broken race mitigation Greg Kroah-Hartman
` (259 subsequent siblings)
409 siblings, 0 replies; 429+ messages in thread
From: Greg Kroah-Hartman @ 2019-05-30 3:02 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Douglas Anderson, Elaine Zhang,
Heiko Stuebner, Sasha Levin
[ Upstream commit f4033db5b84ebe4b32c25ba2ed65ab20b628996a ]
This is mostly a revert of commit 55bb6a633c33 ("clk: rockchip: mark
noc and some special clk as critical on rk3288") except that we're
keeping "pmu_hclk_otg0" as critical still.
NOTE: turning these clocks off doesn't seem to do a whole lot in terms
of power savings (checking the power on the logic rail). It appears
to save maybe 1-2mW. ...but still it seems like we should turn the
clocks off if they aren't needed.
About "pmu_hclk_otg0" (the one clock from the original commit we're
still keeping critical) from an email thread:
> pmu ahb clock
>
> Function: Clock to pmu module when hibernation and/or ADP is
> enabled. Must be greater than or equal to 30 MHz.
>
> If the SOC design does not support hibernation/ADP function, only have
> hclk_otg, this clk can be switched according to the usage of otg.
> If the SOC design support hibernation/ADP, has two clocks, hclk_otg and
> pmu_hclk_otg0.
> Hclk_otg belongs to the closed part of otg logic, which can be switched
> according to the use of otg.
>
> pmu_hclk_otg0 belongs to the always on part.
>
> As for whether pmu_hclk_otg0 can be turned off when otg is not in use,
> we have not tested. IC suggest make pmu_hclk_otg0 always on.
For the rest of the clocks:
atclk: No documentation about this clock other than that it goes to
the CPU. CPU functions fine without it on. Maybe needed for JTAG?
jtag: Presumably this clock is only needed if you're debugging with
JTAG. It doesn't seem like it makes sense to waste power for every
rk3288 user. In any case to do JTAG you'd need private patches to
adjust the pinctrl the mux the JTAG out anyway.
pclk_dbg, pclk_core_niu: On veyron Chromebooks we turn these two
clocks on only during kernel panics in order to access some coresight
registers. Since nothing in the upstream kernel does this we should
be able to leave them off safely. Maybe also needed for JTAG?
hsicphy12m_xin12m: There is no indication of why this clock would need
to be turned on for boards that don't use HSIC.
pclk_ddrupctl[0-1], pclk_publ0[0-1]: On veyron Chromebooks we turn
these 4 clocks on only when doing DDR transitions and they are off
otherwise. I see no reason why they'd need to be on in the upstream
kernel which doesn't support DDRFreq.
Signed-off-by: Douglas Anderson <dianders@chromium.org>
Reviewed-by: Elaine Zhang <zhangqing@rock-chips.com>
Signed-off-by: Heiko Stuebner <heiko@sntech.de>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/clk/rockchip/clk-rk3288.c | 13 ++++---------
1 file changed, 4 insertions(+), 9 deletions(-)
diff --git a/drivers/clk/rockchip/clk-rk3288.c b/drivers/clk/rockchip/clk-rk3288.c
index 5a67b7869960e..f3bbcdfa88ead 100644
--- a/drivers/clk/rockchip/clk-rk3288.c
+++ b/drivers/clk/rockchip/clk-rk3288.c
@@ -313,13 +313,13 @@ static struct rockchip_clk_branch rk3288_clk_branches[] __initdata = {
COMPOSITE_NOMUX(0, "aclk_core_mp", "armclk", CLK_IGNORE_UNUSED,
RK3288_CLKSEL_CON(0), 4, 4, DFLAGS | CLK_DIVIDER_READ_ONLY,
RK3288_CLKGATE_CON(12), 6, GFLAGS),
- COMPOSITE_NOMUX(0, "atclk", "armclk", CLK_IGNORE_UNUSED,
+ COMPOSITE_NOMUX(0, "atclk", "armclk", 0,
RK3288_CLKSEL_CON(37), 4, 5, DFLAGS | CLK_DIVIDER_READ_ONLY,
RK3288_CLKGATE_CON(12), 7, GFLAGS),
COMPOSITE_NOMUX(0, "pclk_dbg_pre", "armclk", CLK_IGNORE_UNUSED,
RK3288_CLKSEL_CON(37), 9, 5, DFLAGS | CLK_DIVIDER_READ_ONLY,
RK3288_CLKGATE_CON(12), 8, GFLAGS),
- GATE(0, "pclk_dbg", "pclk_dbg_pre", CLK_IGNORE_UNUSED,
+ GATE(0, "pclk_dbg", "pclk_dbg_pre", 0,
RK3288_CLKGATE_CON(12), 9, GFLAGS),
GATE(0, "cs_dbg", "pclk_dbg_pre", CLK_IGNORE_UNUSED,
RK3288_CLKGATE_CON(12), 10, GFLAGS),
@@ -647,7 +647,7 @@ static struct rockchip_clk_branch rk3288_clk_branches[] __initdata = {
INVERTER(SCLK_HSADC, "sclk_hsadc", "sclk_hsadc_out",
RK3288_CLKSEL_CON(22), 7, IFLAGS),
- GATE(0, "jtag", "ext_jtag", CLK_IGNORE_UNUSED,
+ GATE(0, "jtag", "ext_jtag", 0,
RK3288_CLKGATE_CON(4), 14, GFLAGS),
COMPOSITE_NODIV(SCLK_USBPHY480M_SRC, "usbphy480m_src", mux_usbphy480m_p, 0,
@@ -656,7 +656,7 @@ static struct rockchip_clk_branch rk3288_clk_branches[] __initdata = {
COMPOSITE_NODIV(SCLK_HSICPHY480M, "sclk_hsicphy480m", mux_hsicphy480m_p, 0,
RK3288_CLKSEL_CON(29), 0, 2, MFLAGS,
RK3288_CLKGATE_CON(3), 6, GFLAGS),
- GATE(0, "hsicphy12m_xin12m", "xin12m", CLK_IGNORE_UNUSED,
+ GATE(0, "hsicphy12m_xin12m", "xin12m", 0,
RK3288_CLKGATE_CON(13), 9, GFLAGS),
DIV(0, "hsicphy12m_usbphy", "sclk_hsicphy480m", 0,
RK3288_CLKSEL_CON(11), 8, 6, DFLAGS),
@@ -837,11 +837,6 @@ static const char *const rk3288_critical_clocks[] __initconst = {
"pclk_alive_niu",
"pclk_pd_pmu",
"pclk_pmu_niu",
- "pclk_core_niu",
- "pclk_ddrupctl0",
- "pclk_publ0",
- "pclk_ddrupctl1",
- "pclk_publ1",
"pmu_hclk_otg0",
};
--
2.20.1
^ permalink raw reply related [flat|nested] 429+ messages in thread
* [PATCH 5.1 151/405] perf/arm-cci: Remove broken race mitigation
2019-05-30 2:59 [PATCH 5.1 000/405] 5.1.6-stable review Greg Kroah-Hartman
` (149 preceding siblings ...)
2019-05-30 3:02 ` [PATCH 5.1 150/405] clk: rockchip: undo several noc and special clocks as critical on rk3288 Greg Kroah-Hartman
@ 2019-05-30 3:02 ` Greg Kroah-Hartman
2019-05-30 3:02 ` [PATCH 5.1 152/405] dmaengine: at_xdmac: remove BUG_ON macro in tasklet Greg Kroah-Hartman
` (258 subsequent siblings)
409 siblings, 0 replies; 429+ messages in thread
From: Greg Kroah-Hartman @ 2019-05-30 3:02 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Li, Meng, Corentin Labbe,
Suzuki K Poulose, Robin Murphy, Will Deacon, Sasha Levin
[ Upstream commit 0d2e2a82d4de298d006bf8eddc86829e3c7da820 ]
Uncore PMU drivers face an awkward cyclic dependency wherein:
- They have to pick a valid online CPU to associate with before
registering the PMU device, since it will get exposed to userspace
immediately.
- The PMU registration has to be be at least partly complete before
hotplug events can be handled, since trying to migrate an
uninitialised context would be bad.
- The hotplug handler has to be ready as soon as a CPU is chosen, lest
it go offline without the user-visible cpumask value getting updated.
The arm-cci driver has tried to solve this by using get_cpu() to pick
the current CPU and prevent it from disappearing while both
registrations are performed, but that results in taking mutexes with
preemption disabled, which makes certain configurations very unhappy:
[ 1.983337] BUG: sleeping function called from invalid context at kernel/locking/rtmutex.c:2004
[ 1.983340] in_atomic(): 1, irqs_disabled(): 0, pid: 1, name: swapper/0
[ 1.983342] Preemption disabled at:
[ 1.983353] [<ffffff80089801f4>] cci_pmu_probe+0x1dc/0x488
[ 1.983360] CPU: 0 PID: 1 Comm: swapper/0 Not tainted 4.18.20-rt8-yocto-preempt-rt #1
[ 1.983362] Hardware name: ZynqMP ZCU102 Rev1.0 (DT)
[ 1.983364] Call trace:
[ 1.983369] dump_backtrace+0x0/0x158
[ 1.983372] show_stack+0x24/0x30
[ 1.983378] dump_stack+0x80/0xa4
[ 1.983383] ___might_sleep+0x138/0x160
[ 1.983386] __might_sleep+0x58/0x90
[ 1.983391] __rt_mutex_lock_state+0x30/0xc0
[ 1.983395] _mutex_lock+0x24/0x30
[ 1.983400] perf_pmu_register+0x2c/0x388
[ 1.983404] cci_pmu_probe+0x2bc/0x488
[ 1.983409] platform_drv_probe+0x58/0xa8
It is not feasible to resolve all the possible races outside of the perf
core itself, so address the immediate bug by following the example of
nearly every other PMU driver and not even trying to do so. Registering
the hotplug notifier first should minimise the window in which things
can go wrong, so that's about as much as we can reasonably do here. This
also revealed an additional race in assigning the global pointer too
late relative to the hotplug notifier, which gets fixed in the process.
Reported-by: Li, Meng <Meng.Li@windriver.com>
Tested-by: Corentin Labbe <clabbe.montjoie@gmail.com>
Reviewed-by: Suzuki K Poulose <suzuki.poulose@arm.com>
Signed-off-by: Robin Murphy <robin.murphy@arm.com>
Signed-off-by: Will Deacon <will.deacon@arm.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/perf/arm-cci.c | 21 ++++++++++++---------
1 file changed, 12 insertions(+), 9 deletions(-)
diff --git a/drivers/perf/arm-cci.c b/drivers/perf/arm-cci.c
index bfd03e0233084..8f8606b9bc9ee 100644
--- a/drivers/perf/arm-cci.c
+++ b/drivers/perf/arm-cci.c
@@ -1684,21 +1684,24 @@ static int cci_pmu_probe(struct platform_device *pdev)
raw_spin_lock_init(&cci_pmu->hw_events.pmu_lock);
mutex_init(&cci_pmu->reserve_mutex);
atomic_set(&cci_pmu->active_events, 0);
- cci_pmu->cpu = get_cpu();
-
- ret = cci_pmu_init(cci_pmu, pdev);
- if (ret) {
- put_cpu();
- return ret;
- }
+ cci_pmu->cpu = raw_smp_processor_id();
+ g_cci_pmu = cci_pmu;
cpuhp_setup_state_nocalls(CPUHP_AP_PERF_ARM_CCI_ONLINE,
"perf/arm/cci:online", NULL,
cci_pmu_offline_cpu);
- put_cpu();
- g_cci_pmu = cci_pmu;
+
+ ret = cci_pmu_init(cci_pmu, pdev);
+ if (ret)
+ goto error_pmu_init;
+
pr_info("ARM %s PMU driver probed", cci_pmu->model->name);
return 0;
+
+error_pmu_init:
+ cpuhp_remove_state(CPUHP_AP_PERF_ARM_CCI_ONLINE);
+ g_cci_pmu = NULL;
+ return ret;
}
static int cci_pmu_remove(struct platform_device *pdev)
--
2.20.1
^ permalink raw reply related [flat|nested] 429+ messages in thread
* [PATCH 5.1 152/405] dmaengine: at_xdmac: remove BUG_ON macro in tasklet
2019-05-30 2:59 [PATCH 5.1 000/405] 5.1.6-stable review Greg Kroah-Hartman
` (150 preceding siblings ...)
2019-05-30 3:02 ` [PATCH 5.1 151/405] perf/arm-cci: Remove broken race mitigation Greg Kroah-Hartman
@ 2019-05-30 3:02 ` Greg Kroah-Hartman
2019-05-30 3:02 ` [PATCH 5.1 153/405] media: coda: clear error return value before picture run Greg Kroah-Hartman
` (257 subsequent siblings)
409 siblings, 0 replies; 429+ messages in thread
From: Greg Kroah-Hartman @ 2019-05-30 3:02 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Nicolas Ferre, Ludovic Desroches,
Vinod Koul, Sasha Levin
[ Upstream commit e2c114c06da2d9ffad5b16690abf008d6696f689 ]
Even if this case shouldn't happen when controller is properly programmed,
it's still better to avoid dumping a kernel Oops for this.
As the sequence may happen only for debugging purposes, log the error and
just finish the tasklet call.
Signed-off-by: Nicolas Ferre <nicolas.ferre@microchip.com>
Acked-by: Ludovic Desroches <ludovic.desroches@microchip.com>
Signed-off-by: Vinod Koul <vkoul@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/dma/at_xdmac.c | 6 +++++-
1 file changed, 5 insertions(+), 1 deletion(-)
diff --git a/drivers/dma/at_xdmac.c b/drivers/dma/at_xdmac.c
index fe69dccfa0c05..37a2694204351 100644
--- a/drivers/dma/at_xdmac.c
+++ b/drivers/dma/at_xdmac.c
@@ -1606,7 +1606,11 @@ static void at_xdmac_tasklet(unsigned long data)
struct at_xdmac_desc,
xfer_node);
dev_vdbg(chan2dev(&atchan->chan), "%s: desc 0x%p\n", __func__, desc);
- BUG_ON(!desc->active_xfer);
+ if (!desc->active_xfer) {
+ dev_err(chan2dev(&atchan->chan), "Xfer not active: exiting");
+ spin_unlock_bh(&atchan->lock);
+ return;
+ }
txd = &desc->tx_dma_desc;
--
2.20.1
^ permalink raw reply related [flat|nested] 429+ messages in thread
* [PATCH 5.1 153/405] media: coda: clear error return value before picture run
2019-05-30 2:59 [PATCH 5.1 000/405] 5.1.6-stable review Greg Kroah-Hartman
` (151 preceding siblings ...)
2019-05-30 3:02 ` [PATCH 5.1 152/405] dmaengine: at_xdmac: remove BUG_ON macro in tasklet Greg Kroah-Hartman
@ 2019-05-30 3:02 ` Greg Kroah-Hartman
2019-05-30 3:02 ` [PATCH 5.1 154/405] media: ov6650: Move v4l2_clk_get() to ov6650_video_probe() helper Greg Kroah-Hartman
` (256 subsequent siblings)
409 siblings, 0 replies; 429+ messages in thread
From: Greg Kroah-Hartman @ 2019-05-30 3:02 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Philipp Zabel, Hans Verkuil,
Mauro Carvalho Chehab, Sasha Levin
[ Upstream commit bbeefa7357a648afe70e7183914c87c3878d528d ]
The error return value is not written by some firmware codecs, such as
MPEG-2 decode on CodaHx4. Clear the error return value before starting
the picture run to avoid misinterpreting unrelated values returned by
sequence initialization as error return value.
Signed-off-by: Philipp Zabel <p.zabel@pengutronix.de>
Signed-off-by: Hans Verkuil <hverkuil-cisco@xs4all.nl>
Signed-off-by: Mauro Carvalho Chehab <mchehab+samsung@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/media/platform/coda/coda-bit.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/drivers/media/platform/coda/coda-bit.c b/drivers/media/platform/coda/coda-bit.c
index b4f396c2e72c7..eaa86737fa04e 100644
--- a/drivers/media/platform/coda/coda-bit.c
+++ b/drivers/media/platform/coda/coda-bit.c
@@ -2010,6 +2010,9 @@ static int coda_prepare_decode(struct coda_ctx *ctx)
/* Clear decode success flag */
coda_write(dev, 0, CODA_RET_DEC_PIC_SUCCESS);
+ /* Clear error return value */
+ coda_write(dev, 0, CODA_RET_DEC_PIC_ERR_MB);
+
trace_coda_dec_pic_run(ctx, meta);
coda_command_async(ctx, CODA_COMMAND_PIC_RUN);
--
2.20.1
^ permalink raw reply related [flat|nested] 429+ messages in thread
* [PATCH 5.1 154/405] media: ov6650: Move v4l2_clk_get() to ov6650_video_probe() helper
2019-05-30 2:59 [PATCH 5.1 000/405] 5.1.6-stable review Greg Kroah-Hartman
` (152 preceding siblings ...)
2019-05-30 3:02 ` [PATCH 5.1 153/405] media: coda: clear error return value before picture run Greg Kroah-Hartman
@ 2019-05-30 3:02 ` Greg Kroah-Hartman
2019-05-30 3:02 ` [PATCH 5.1 155/405] media: au0828: stop video streaming only when last user stops Greg Kroah-Hartman
` (255 subsequent siblings)
409 siblings, 0 replies; 429+ messages in thread
From: Greg Kroah-Hartman @ 2019-05-30 3:02 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Janusz Krzysztofik, Sakari Ailus,
Mauro Carvalho Chehab, Sasha Levin
[ Upstream commit ccdd85d518d8b9320ace1d87271f0ba2175f21fa ]
In preparation for adding asynchronous subdevice support to the driver,
don't acquire v4l2_clk from the driver .probe() callback as that may
fail if the clock is provided by a bridge driver which may be not yet
initialized. Move the v4l2_clk_get() to ov6650_video_probe() helper
which is going to be converted to v4l2_subdev_internal_ops.registered()
callback, executed only when the bridge driver is ready.
Signed-off-by: Janusz Krzysztofik <jmkrzyszt@gmail.com>
Signed-off-by: Sakari Ailus <sakari.ailus@linux.intel.com>
Signed-off-by: Mauro Carvalho Chehab <mchehab+samsung@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/media/i2c/ov6650.c | 25 ++++++++++++++-----------
1 file changed, 14 insertions(+), 11 deletions(-)
diff --git a/drivers/media/i2c/ov6650.c b/drivers/media/i2c/ov6650.c
index f9359b11fa5cb..de7d9790f0542 100644
--- a/drivers/media/i2c/ov6650.c
+++ b/drivers/media/i2c/ov6650.c
@@ -810,9 +810,16 @@ static int ov6650_video_probe(struct i2c_client *client)
u8 pidh, pidl, midh, midl;
int ret;
+ priv->clk = v4l2_clk_get(&client->dev, NULL);
+ if (IS_ERR(priv->clk)) {
+ ret = PTR_ERR(priv->clk);
+ dev_err(&client->dev, "v4l2_clk request err: %d\n", ret);
+ return ret;
+ }
+
ret = ov6650_s_power(&priv->subdev, 1);
if (ret < 0)
- return ret;
+ goto eclkput;
msleep(20);
@@ -849,6 +856,11 @@ static int ov6650_video_probe(struct i2c_client *client)
done:
ov6650_s_power(&priv->subdev, 0);
+ if (!ret)
+ return 0;
+eclkput:
+ v4l2_clk_put(priv->clk);
+
return ret;
}
@@ -991,18 +1003,9 @@ static int ov6650_probe(struct i2c_client *client,
priv->code = MEDIA_BUS_FMT_YUYV8_2X8;
priv->colorspace = V4L2_COLORSPACE_JPEG;
- priv->clk = v4l2_clk_get(&client->dev, NULL);
- if (IS_ERR(priv->clk)) {
- ret = PTR_ERR(priv->clk);
- goto eclkget;
- }
-
ret = ov6650_video_probe(client);
- if (ret) {
- v4l2_clk_put(priv->clk);
-eclkget:
+ if (ret)
v4l2_ctrl_handler_free(&priv->hdl);
- }
return ret;
}
--
2.20.1
^ permalink raw reply related [flat|nested] 429+ messages in thread
* [PATCH 5.1 155/405] media: au0828: stop video streaming only when last user stops
2019-05-30 2:59 [PATCH 5.1 000/405] 5.1.6-stable review Greg Kroah-Hartman
` (153 preceding siblings ...)
2019-05-30 3:02 ` [PATCH 5.1 154/405] media: ov6650: Move v4l2_clk_get() to ov6650_video_probe() helper Greg Kroah-Hartman
@ 2019-05-30 3:02 ` Greg Kroah-Hartman
2019-05-30 3:02 ` [PATCH 5.1 156/405] media: ov2659: make S_FMT succeed even if requested format doesnt match Greg Kroah-Hartman
` (254 subsequent siblings)
409 siblings, 0 replies; 429+ messages in thread
From: Greg Kroah-Hartman @ 2019-05-30 3:02 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Hans Verkuil, Shuah Khan,
Mauro Carvalho Chehab, Sasha Levin
[ Upstream commit f604f0f5afb88045944567f604409951b5eb6af8 ]
If the application was streaming from both videoX and vbiX, and streaming
from videoX was stopped, then the vbi streaming also stopped.
The cause being that stop_streaming for video stopped the subdevs as well,
instead of only doing that if dev->streaming_users reached 0.
au0828_stop_vbi_streaming was also wrong since it didn't stop the subdevs
at all when dev->streaming_users reached 0.
Signed-off-by: Hans Verkuil <hverkuil-cisco@xs4all.nl>
Tested-by: Shuah Khan <shuah@kernel.org>
Signed-off-by: Mauro Carvalho Chehab <mchehab+samsung@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/media/usb/au0828/au0828-video.c | 13 ++++++++-----
1 file changed, 8 insertions(+), 5 deletions(-)
diff --git a/drivers/media/usb/au0828/au0828-video.c b/drivers/media/usb/au0828/au0828-video.c
index 7876c897cc1d6..ad2b1b7ecea4d 100644
--- a/drivers/media/usb/au0828/au0828-video.c
+++ b/drivers/media/usb/au0828/au0828-video.c
@@ -839,9 +839,9 @@ int au0828_start_analog_streaming(struct vb2_queue *vq, unsigned int count)
return rc;
}
+ v4l2_device_call_all(&dev->v4l2_dev, 0, video, s_stream, 1);
+
if (vq->type == V4L2_BUF_TYPE_VIDEO_CAPTURE) {
- v4l2_device_call_all(&dev->v4l2_dev, 0, video,
- s_stream, 1);
dev->vid_timeout_running = 1;
mod_timer(&dev->vid_timeout, jiffies + (HZ / 10));
} else if (vq->type == V4L2_BUF_TYPE_VBI_CAPTURE) {
@@ -861,10 +861,11 @@ static void au0828_stop_streaming(struct vb2_queue *vq)
dprintk(1, "au0828_stop_streaming called %d\n", dev->streaming_users);
- if (dev->streaming_users-- == 1)
+ if (dev->streaming_users-- == 1) {
au0828_uninit_isoc(dev);
+ v4l2_device_call_all(&dev->v4l2_dev, 0, video, s_stream, 0);
+ }
- v4l2_device_call_all(&dev->v4l2_dev, 0, video, s_stream, 0);
dev->vid_timeout_running = 0;
del_timer_sync(&dev->vid_timeout);
@@ -893,8 +894,10 @@ void au0828_stop_vbi_streaming(struct vb2_queue *vq)
dprintk(1, "au0828_stop_vbi_streaming called %d\n",
dev->streaming_users);
- if (dev->streaming_users-- == 1)
+ if (dev->streaming_users-- == 1) {
au0828_uninit_isoc(dev);
+ v4l2_device_call_all(&dev->v4l2_dev, 0, video, s_stream, 0);
+ }
spin_lock_irqsave(&dev->slock, flags);
if (dev->isoc_ctl.vbi_buf != NULL) {
--
2.20.1
^ permalink raw reply related [flat|nested] 429+ messages in thread
* [PATCH 5.1 156/405] media: ov2659: make S_FMT succeed even if requested format doesnt match
2019-05-30 2:59 [PATCH 5.1 000/405] 5.1.6-stable review Greg Kroah-Hartman
` (154 preceding siblings ...)
2019-05-30 3:02 ` [PATCH 5.1 155/405] media: au0828: stop video streaming only when last user stops Greg Kroah-Hartman
@ 2019-05-30 3:02 ` Greg Kroah-Hartman
2019-05-30 3:02 ` [PATCH 5.1 157/405] audit: fix a memory leak bug Greg Kroah-Hartman
` (253 subsequent siblings)
409 siblings, 0 replies; 429+ messages in thread
From: Greg Kroah-Hartman @ 2019-05-30 3:02 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Lad, Prabhakar, Akinobu Mita,
Sakari Ailus, Mauro Carvalho Chehab, Sasha Levin
[ Upstream commit bccb89cf9cd07a0690d519696a00c00a973b3fe4 ]
This driver returns an error if unsupported media bus pixel code is
requested by VIDIOC_SUBDEV_S_FMT.
But according to Documentation/media/uapi/v4l/vidioc-subdev-g-fmt.rst,
Drivers must not return an error solely because the requested format
doesn't match the device capabilities. They must instead modify the
format to match what the hardware can provide.
So select default format code and return success in that case.
This is detected by v4l2-compliance.
Cc: "Lad, Prabhakar" <prabhakar.csengg@gmail.com>
Signed-off-by: Akinobu Mita <akinobu.mita@gmail.com>
Acked-by: Lad, Prabhakar <prabhakar.csengg@gmail.com>
Signed-off-by: Sakari Ailus <sakari.ailus@linux.intel.com>
Signed-off-by: Mauro Carvalho Chehab <mchehab+samsung@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/media/i2c/ov2659.c | 6 ++++--
1 file changed, 4 insertions(+), 2 deletions(-)
diff --git a/drivers/media/i2c/ov2659.c b/drivers/media/i2c/ov2659.c
index 799acce803fe5..a1e9a980a4459 100644
--- a/drivers/media/i2c/ov2659.c
+++ b/drivers/media/i2c/ov2659.c
@@ -1117,8 +1117,10 @@ static int ov2659_set_fmt(struct v4l2_subdev *sd,
if (ov2659_formats[index].code == mf->code)
break;
- if (index < 0)
- return -EINVAL;
+ if (index < 0) {
+ index = 0;
+ mf->code = ov2659_formats[index].code;
+ }
mf->colorspace = V4L2_COLORSPACE_SRGB;
mf->field = V4L2_FIELD_NONE;
--
2.20.1
^ permalink raw reply related [flat|nested] 429+ messages in thread
* [PATCH 5.1 157/405] audit: fix a memory leak bug
2019-05-30 2:59 [PATCH 5.1 000/405] 5.1.6-stable review Greg Kroah-Hartman
` (155 preceding siblings ...)
2019-05-30 3:02 ` [PATCH 5.1 156/405] media: ov2659: make S_FMT succeed even if requested format doesnt match Greg Kroah-Hartman
@ 2019-05-30 3:02 ` Greg Kroah-Hartman
2019-05-30 3:02 ` [PATCH 5.1 158/405] media: stm32-dcmi: fix crash when subdev do not expose any formats Greg Kroah-Hartman
` (252 subsequent siblings)
409 siblings, 0 replies; 429+ messages in thread
From: Greg Kroah-Hartman @ 2019-05-30 3:02 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Wenwen Wang, Richard Guy Briggs,
Paul Moore, Sasha Levin
[ Upstream commit 70c4cf17e445264453bc5323db3e50aa0ac9e81f ]
In audit_rule_change(), audit_data_to_entry() is firstly invoked to
translate the payload data to the kernel's rule representation. In
audit_data_to_entry(), depending on the audit field type, an audit tree may
be created in audit_make_tree(), which eventually invokes kmalloc() to
allocate the tree. Since this tree is a temporary tree, it will be then
freed in the following execution, e.g., audit_add_rule() if the message
type is AUDIT_ADD_RULE or audit_del_rule() if the message type is
AUDIT_DEL_RULE. However, if the message type is neither AUDIT_ADD_RULE nor
AUDIT_DEL_RULE, i.e., the default case of the switch statement, this
temporary tree is not freed.
To fix this issue, only allocate the tree when the type is AUDIT_ADD_RULE
or AUDIT_DEL_RULE.
Signed-off-by: Wenwen Wang <wang6495@umn.edu>
Reviewed-by: Richard Guy Briggs <rgb@redhat.com>
Signed-off-by: Paul Moore <paul@paul-moore.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
kernel/auditfilter.c | 12 +++++++-----
1 file changed, 7 insertions(+), 5 deletions(-)
diff --git a/kernel/auditfilter.c b/kernel/auditfilter.c
index 63f8b3f26fab4..3ac71c4fda49a 100644
--- a/kernel/auditfilter.c
+++ b/kernel/auditfilter.c
@@ -1114,22 +1114,24 @@ int audit_rule_change(int type, int seq, void *data, size_t datasz)
int err = 0;
struct audit_entry *entry;
- entry = audit_data_to_entry(data, datasz);
- if (IS_ERR(entry))
- return PTR_ERR(entry);
-
switch (type) {
case AUDIT_ADD_RULE:
+ entry = audit_data_to_entry(data, datasz);
+ if (IS_ERR(entry))
+ return PTR_ERR(entry);
err = audit_add_rule(entry);
audit_log_rule_change("add_rule", &entry->rule, !err);
break;
case AUDIT_DEL_RULE:
+ entry = audit_data_to_entry(data, datasz);
+ if (IS_ERR(entry))
+ return PTR_ERR(entry);
err = audit_del_rule(entry);
audit_log_rule_change("remove_rule", &entry->rule, !err);
break;
default:
- err = -EINVAL;
WARN_ON(1);
+ return -EINVAL;
}
if (err || type == AUDIT_DEL_RULE) {
--
2.20.1
^ permalink raw reply related [flat|nested] 429+ messages in thread
* [PATCH 5.1 158/405] media: stm32-dcmi: fix crash when subdev do not expose any formats
2019-05-30 2:59 [PATCH 5.1 000/405] 5.1.6-stable review Greg Kroah-Hartman
` (156 preceding siblings ...)
2019-05-30 3:02 ` [PATCH 5.1 157/405] audit: fix a memory leak bug Greg Kroah-Hartman
@ 2019-05-30 3:02 ` Greg Kroah-Hartman
2019-05-30 3:02 ` [PATCH 5.1 159/405] media: au0828: Fix NULL pointer dereference in au0828_analog_stream_enable() Greg Kroah-Hartman
` (251 subsequent siblings)
409 siblings, 0 replies; 429+ messages in thread
From: Greg Kroah-Hartman @ 2019-05-30 3:02 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Hugues Fruchet, Hans Verkuil,
Mauro Carvalho Chehab, Sasha Levin
[ Upstream commit 33dfeb62e23c31619d2197850f7e8b50e8cc5466 ]
Do not access sd_formats[] if num_of_sd_formats is zero, ie
subdev sensor didn't expose any formats.
Signed-off-by: Hugues Fruchet <hugues.fruchet@st.com>
Signed-off-by: Hans Verkuil <hverkuil-cisco@xs4all.nl>
Signed-off-by: Mauro Carvalho Chehab <mchehab+samsung@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/media/platform/stm32/stm32-dcmi.c | 6 ++++++
1 file changed, 6 insertions(+)
diff --git a/drivers/media/platform/stm32/stm32-dcmi.c b/drivers/media/platform/stm32/stm32-dcmi.c
index a1f0801081ba9..922855b6025c7 100644
--- a/drivers/media/platform/stm32/stm32-dcmi.c
+++ b/drivers/media/platform/stm32/stm32-dcmi.c
@@ -811,6 +811,9 @@ static int dcmi_try_fmt(struct stm32_dcmi *dcmi, struct v4l2_format *f,
sd_fmt = find_format_by_fourcc(dcmi, pix->pixelformat);
if (!sd_fmt) {
+ if (!dcmi->num_of_sd_formats)
+ return -ENODATA;
+
sd_fmt = dcmi->sd_formats[dcmi->num_of_sd_formats - 1];
pix->pixelformat = sd_fmt->fourcc;
}
@@ -989,6 +992,9 @@ static int dcmi_set_sensor_format(struct stm32_dcmi *dcmi,
sd_fmt = find_format_by_fourcc(dcmi, pix->pixelformat);
if (!sd_fmt) {
+ if (!dcmi->num_of_sd_formats)
+ return -ENODATA;
+
sd_fmt = dcmi->sd_formats[dcmi->num_of_sd_formats - 1];
pix->pixelformat = sd_fmt->fourcc;
}
--
2.20.1
^ permalink raw reply related [flat|nested] 429+ messages in thread
* [PATCH 5.1 159/405] media: au0828: Fix NULL pointer dereference in au0828_analog_stream_enable()
2019-05-30 2:59 [PATCH 5.1 000/405] 5.1.6-stable review Greg Kroah-Hartman
` (157 preceding siblings ...)
2019-05-30 3:02 ` [PATCH 5.1 158/405] media: stm32-dcmi: fix crash when subdev do not expose any formats Greg Kroah-Hartman
@ 2019-05-30 3:02 ` Greg Kroah-Hartman
2019-05-30 3:02 ` [PATCH 5.1 160/405] media: pvrusb2: Prevent a buffer overflow Greg Kroah-Hartman
` (250 subsequent siblings)
409 siblings, 0 replies; 429+ messages in thread
From: Greg Kroah-Hartman @ 2019-05-30 3:02 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Shuah Khan, Hans Verkuil,
Mauro Carvalho Chehab, Sasha Levin
[ Upstream commit 898bc40bfcc26abb6e06e960d6d4754c36c58b50 ]
Fix au0828_analog_stream_enable() to check if device is in the right
state first. When unbind happens while bind is in progress, usbdev
pointer could be invalid in au0828_analog_stream_enable() and a call
to usb_ifnum_to_if() will result in the null pointer dereference.
This problem is found with the new media_dev_allocator.sh test.
kernel: [ 590.359623] BUG: unable to handle kernel NULL pointer dereference at 00000000000004e8
kernel: [ 590.359627] #PF error: [normal kernel read fault]
kernel: [ 590.359629] PGD 0 P4D 0
kernel: [ 590.359632] Oops: 0000 [#1] SMP PTI
kernel: [ 590.359634] CPU: 3 PID: 1458 Comm: v4l_id Not tainted 5.1.0-rc2+ #30
kernel: [ 590.359636] Hardware name: Dell Inc. OptiPlex 7 90/0HY9JP, BIOS A18 09/24/2013
kernel: [ 590.359641] RIP: 0010:usb_ifnum_to_if+0x6/0x60
kernel: [ 590.359643] Code: 5d 41 5e 41 5f 5d c3 48 83 c4
10 b8 fa ff ff ff 5b 41 5c 41 5d 41 5e 41 5f 5d c3 b8 fa ff ff ff c3 0f 1f 00 6
6 66 66 66 90 55 <48> 8b 97 e8 04 00 00 48 89 e5 48 85 d2 74 41 0f b6 4a 04 84 c
9 74
kernel: [ 590.359645] RSP: 0018:ffffad3cc3c1fc00 EFLAGS: 00010246
kernel: [ 590.359646] RAX: 0000000000000000 RBX: ffff8ded b1f3c000 RCX: 1f377e4500000000
kernel: [ 590.359648] RDX: ffff8dedfa3a6b50 RSI: 00000000 00000000 RDI: 0000000000000000
kernel: [ 590.359649] RBP: ffffad3cc3c1fc28 R08: 00000000 8574acc2 R09: ffff8dedfa3a6b50
kernel: [ 590.359650] R10: 0000000000000001 R11: 00000000 00000000 R12: 0000000000000000
kernel: [ 590.359652] R13: ffff8dedb1f3f0f0 R14: ffffffff adcf7ec0 R15: 0000000000000000
kernel: [ 590.359654] FS: 00007f7917198540(0000) GS:ffff 8dee258c0000(0000) knlGS:0000000000000000
kernel: [ 590.359655] CS: 0010 DS: 0000 ES: 0000 CR0: 00 00000080050033
kernel: [ 590.359657] CR2: 00000000000004e8 CR3: 00000001 a388e002 CR4: 00000000000606e0
kernel: [ 590.359658] Call Trace:
kernel: [ 590.359664] ? au0828_analog_stream_enable+0x2c/0x180
kernel: [ 590.359666] au0828_v4l2_open+0xa4/0x110
kernel: [ 590.359670] v4l2_open+0x8b/0x120
kernel: [ 590.359674] chrdev_open+0xa6/0x1c0
kernel: [ 590.359676] ? cdev_put.part.3+0x20/0x20
kernel: [ 590.359678] do_dentry_open+0x1f6/0x360
kernel: [ 590.359681] vfs_open+0x2f/0x40
kernel: [ 590.359684] path_openat+0x299/0xc20
kernel: [ 590.359688] do_filp_open+0x9b/0x110
kernel: [ 590.359695] ? _raw_spin_unlock+0x27/0x40
kernel: [ 590.359697] ? __alloc_fd+0xb2/0x160
kernel: [ 590.359700] do_sys_open+0x1ba/0x260
kernel: [ 590.359702] ? do_sys_open+0x1ba/0x260
kernel: [ 590.359712] __x64_sys_openat+0x20/0x30
kernel: [ 590.359715] do_syscall_64+0x5a/0x120
kernel: [ 590.359718] entry_SYSCALL_64_after_hwframe+0x44/0xa9
Signed-off-by: Shuah Khan <shuah@kernel.org>
Signed-off-by: Hans Verkuil <hverkuil-cisco@xs4all.nl>
Signed-off-by: Mauro Carvalho Chehab <mchehab+samsung@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/media/usb/au0828/au0828-video.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/drivers/media/usb/au0828/au0828-video.c b/drivers/media/usb/au0828/au0828-video.c
index ad2b1b7ecea4d..222723d946e4c 100644
--- a/drivers/media/usb/au0828/au0828-video.c
+++ b/drivers/media/usb/au0828/au0828-video.c
@@ -758,6 +758,9 @@ static int au0828_analog_stream_enable(struct au0828_dev *d)
dprintk(1, "au0828_analog_stream_enable called\n");
+ if (test_bit(DEV_DISCONNECTED, &d->dev_state))
+ return -ENODEV;
+
iface = usb_ifnum_to_if(d->usbdev, 0);
if (iface && iface->cur_altsetting->desc.bAlternateSetting != 5) {
dprintk(1, "Changing intf#0 to alt 5\n");
--
2.20.1
^ permalink raw reply related [flat|nested] 429+ messages in thread
* [PATCH 5.1 160/405] media: pvrusb2: Prevent a buffer overflow
2019-05-30 2:59 [PATCH 5.1 000/405] 5.1.6-stable review Greg Kroah-Hartman
` (158 preceding siblings ...)
2019-05-30 3:02 ` [PATCH 5.1 159/405] media: au0828: Fix NULL pointer dereference in au0828_analog_stream_enable() Greg Kroah-Hartman
@ 2019-05-30 3:02 ` Greg Kroah-Hartman
2019-05-30 3:02 ` [PATCH 5.1 161/405] iio: adc: stm32-dfsdm: fix unmet direct dependencies detected Greg Kroah-Hartman
` (249 subsequent siblings)
409 siblings, 0 replies; 429+ messages in thread
From: Greg Kroah-Hartman @ 2019-05-30 3:02 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Dan Carpenter, Hans Verkuil,
Mauro Carvalho Chehab, Sasha Levin
[ Upstream commit c1ced46c7b49ad7bc064e68d966e0ad303f917fb ]
The ctrl_check_input() function is called from pvr2_ctrl_range_check().
It's supposed to validate user supplied input and return true or false
depending on whether the input is valid or not. The problem is that
negative shifts or shifts greater than 31 are undefined in C. In
practice with GCC they result in shift wrapping so this function returns
true for some inputs which are not valid and this could result in a
buffer overflow:
drivers/media/usb/pvrusb2/pvrusb2-ctrl.c:205 pvr2_ctrl_get_valname()
warn: uncapped user index 'names[val]'
The cptr->hdw->input_allowed_mask mask is configured in pvr2_hdw_create()
and the highest valid bit is BIT(4).
Fixes: 7fb20fa38caa ("V4L/DVB (7299): pvrusb2: Improve logic which handles input choice availability")
Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: Hans Verkuil <hverkuil-cisco@xs4all.nl>
Signed-off-by: Mauro Carvalho Chehab <mchehab+samsung@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/media/usb/pvrusb2/pvrusb2-hdw.c | 2 ++
drivers/media/usb/pvrusb2/pvrusb2-hdw.h | 1 +
2 files changed, 3 insertions(+)
diff --git a/drivers/media/usb/pvrusb2/pvrusb2-hdw.c b/drivers/media/usb/pvrusb2/pvrusb2-hdw.c
index 446a999dd2ce1..2bab4713bc5b9 100644
--- a/drivers/media/usb/pvrusb2/pvrusb2-hdw.c
+++ b/drivers/media/usb/pvrusb2/pvrusb2-hdw.c
@@ -666,6 +666,8 @@ static int ctrl_get_input(struct pvr2_ctrl *cptr,int *vp)
static int ctrl_check_input(struct pvr2_ctrl *cptr,int v)
{
+ if (v < 0 || v > PVR2_CVAL_INPUT_MAX)
+ return 0;
return ((1 << v) & cptr->hdw->input_allowed_mask) != 0;
}
diff --git a/drivers/media/usb/pvrusb2/pvrusb2-hdw.h b/drivers/media/usb/pvrusb2/pvrusb2-hdw.h
index 25648add77e58..bd2b7a67b7322 100644
--- a/drivers/media/usb/pvrusb2/pvrusb2-hdw.h
+++ b/drivers/media/usb/pvrusb2/pvrusb2-hdw.h
@@ -50,6 +50,7 @@
#define PVR2_CVAL_INPUT_COMPOSITE 2
#define PVR2_CVAL_INPUT_SVIDEO 3
#define PVR2_CVAL_INPUT_RADIO 4
+#define PVR2_CVAL_INPUT_MAX PVR2_CVAL_INPUT_RADIO
enum pvr2_config {
pvr2_config_empty, /* No configuration */
--
2.20.1
^ permalink raw reply related [flat|nested] 429+ messages in thread
* [PATCH 5.1 161/405] iio: adc: stm32-dfsdm: fix unmet direct dependencies detected
2019-05-30 2:59 [PATCH 5.1 000/405] 5.1.6-stable review Greg Kroah-Hartman
` (159 preceding siblings ...)
2019-05-30 3:02 ` [PATCH 5.1 160/405] media: pvrusb2: Prevent a buffer overflow Greg Kroah-Hartman
@ 2019-05-30 3:02 ` Greg Kroah-Hartman
2019-05-30 3:02 ` [PATCH 5.1 162/405] block: fix use-after-free on gendisk Greg Kroah-Hartman
` (248 subsequent siblings)
409 siblings, 0 replies; 429+ messages in thread
From: Greg Kroah-Hartman @ 2019-05-30 3:02 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Fabrice Gasnier, Jonathan Cameron,
Sasha Levin
[ Upstream commit ba7ecfe43d6bf12e2aa76705c45f7d187ae3d7c0 ]
This fixes unmet direct dependencies seen when CONFIG_STM32_DFSDM_ADC
is selected:
WARNING: unmet direct dependencies detected for IIO_BUFFER_HW_CONSUMER
Depends on [n]: IIO [=y] && IIO_BUFFER [=n]
Selected by [y]:
- STM32_DFSDM_ADC [=y] && IIO [=y] && (ARCH_STM32 [=y] && OF [=y] ||
COMPILE_TEST [=n])
Fixes: e2e6771c6462 ("IIO: ADC: add STM32 DFSDM sigma delta ADC support")
Signed-off-by: Fabrice Gasnier <fabrice.gasnier@st.com>
Signed-off-by: Jonathan Cameron <Jonathan.Cameron@huawei.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/iio/adc/Kconfig | 1 +
1 file changed, 1 insertion(+)
diff --git a/drivers/iio/adc/Kconfig b/drivers/iio/adc/Kconfig
index 76db6e5cc2961..9ca21a8dfcd71 100644
--- a/drivers/iio/adc/Kconfig
+++ b/drivers/iio/adc/Kconfig
@@ -809,6 +809,7 @@ config STM32_DFSDM_ADC
depends on (ARCH_STM32 && OF) || COMPILE_TEST
select STM32_DFSDM_CORE
select REGMAP_MMIO
+ select IIO_BUFFER
select IIO_BUFFER_HW_CONSUMER
help
Select this option to support ADCSigma delta modulator for
--
2.20.1
^ permalink raw reply related [flat|nested] 429+ messages in thread
* [PATCH 5.1 162/405] block: fix use-after-free on gendisk
2019-05-30 2:59 [PATCH 5.1 000/405] 5.1.6-stable review Greg Kroah-Hartman
` (160 preceding siblings ...)
2019-05-30 3:02 ` [PATCH 5.1 161/405] iio: adc: stm32-dfsdm: fix unmet direct dependencies detected Greg Kroah-Hartman
@ 2019-05-30 3:02 ` Greg Kroah-Hartman
2019-05-30 3:02 ` [PATCH 5.1 163/405] powerpc/numa: improve control of topology updates Greg Kroah-Hartman
` (247 subsequent siblings)
409 siblings, 0 replies; 429+ messages in thread
From: Greg Kroah-Hartman @ 2019-05-30 3:02 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Al Viro, Bart Van Assche,
Keith Busch, Jan Kara, Yufen Yu, Jens Axboe, Sasha Levin
[ Upstream commit 2c88e3c7ec32d7a40cc7c9b4a487cf90e4671bdd ]
commit 2da78092dda "block: Fix dev_t minor allocation lifetime"
specifically moved blk_free_devt(dev->devt) call to part_release()
to avoid reallocating device number before the device is fully
shutdown.
However, it can cause use-after-free on gendisk in get_gendisk().
We use md device as example to show the race scenes:
Process1 Worker Process2
md_free
blkdev_open
del_gendisk
add delete_partition_work_fn() to wq
__blkdev_get
get_gendisk
put_disk
disk_release
kfree(disk)
find part from ext_devt_idr
get_disk_and_module(disk)
cause use after free
delete_partition_work_fn
put_device(part)
part_release
remove part from ext_devt_idr
Before <devt, hd_struct pointer> is removed from ext_devt_idr by
delete_partition_work_fn(), we can find the devt and then access
gendisk by hd_struct pointer. But, if we access the gendisk after
it have been freed, it can cause in use-after-freeon gendisk in
get_gendisk().
We fix this by adding a new helper blk_invalidate_devt() in
delete_partition() and del_gendisk(). It replaces hd_struct
pointer in idr with value 'NULL', and deletes the entry from
idr in part_release() as we do now.
Thanks to Jan Kara for providing the solution and more clear comments
for the code.
Fixes: 2da78092dda1 ("block: Fix dev_t minor allocation lifetime")
Cc: Al Viro <viro@zeniv.linux.org.uk>
Reviewed-by: Bart Van Assche <bvanassche@acm.org>
Reviewed-by: Keith Busch <keith.busch@intel.com>
Reviewed-by: Jan Kara <jack@suse.cz>
Suggested-by: Jan Kara <jack@suse.cz>
Signed-off-by: Yufen Yu <yuyufen@huawei.com>
Signed-off-by: Jens Axboe <axboe@kernel.dk>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
block/genhd.c | 19 +++++++++++++++++++
block/partition-generic.c | 7 +++++++
include/linux/genhd.h | 1 +
3 files changed, 27 insertions(+)
diff --git a/block/genhd.c b/block/genhd.c
index 703267865f14d..d8dff0b21f7d1 100644
--- a/block/genhd.c
+++ b/block/genhd.c
@@ -531,6 +531,18 @@ void blk_free_devt(dev_t devt)
}
}
+/**
+ * We invalidate devt by assigning NULL pointer for devt in idr.
+ */
+void blk_invalidate_devt(dev_t devt)
+{
+ if (MAJOR(devt) == BLOCK_EXT_MAJOR) {
+ spin_lock_bh(&ext_devt_lock);
+ idr_replace(&ext_devt_idr, NULL, blk_mangle_minor(MINOR(devt)));
+ spin_unlock_bh(&ext_devt_lock);
+ }
+}
+
static char *bdevt_str(dev_t devt, char *buf)
{
if (MAJOR(devt) <= 0xff && MINOR(devt) <= 0xff) {
@@ -793,6 +805,13 @@ void del_gendisk(struct gendisk *disk)
if (!(disk->flags & GENHD_FL_HIDDEN))
blk_unregister_region(disk_devt(disk), disk->minors);
+ /*
+ * Remove gendisk pointer from idr so that it cannot be looked up
+ * while RCU period before freeing gendisk is running to prevent
+ * use-after-free issues. Note that the device number stays
+ * "in-use" until we really free the gendisk.
+ */
+ blk_invalidate_devt(disk_devt(disk));
kobject_put(disk->part0.holder_dir);
kobject_put(disk->slave_dir);
diff --git a/block/partition-generic.c b/block/partition-generic.c
index 8e596a8dff321..aee643ce13d15 100644
--- a/block/partition-generic.c
+++ b/block/partition-generic.c
@@ -285,6 +285,13 @@ void delete_partition(struct gendisk *disk, int partno)
kobject_put(part->holder_dir);
device_del(part_to_dev(part));
+ /*
+ * Remove gendisk pointer from idr so that it cannot be looked up
+ * while RCU period before freeing gendisk is running to prevent
+ * use-after-free issues. Note that the device number stays
+ * "in-use" until we really free the gendisk.
+ */
+ blk_invalidate_devt(part_devt(part));
hd_struct_kill(part);
}
diff --git a/include/linux/genhd.h b/include/linux/genhd.h
index 06c0fd594097d..69db1affedb0b 100644
--- a/include/linux/genhd.h
+++ b/include/linux/genhd.h
@@ -610,6 +610,7 @@ struct unixware_disklabel {
extern int blk_alloc_devt(struct hd_struct *part, dev_t *devt);
extern void blk_free_devt(dev_t devt);
+extern void blk_invalidate_devt(dev_t devt);
extern dev_t blk_lookup_devt(const char *name, int partno);
extern char *disk_name (struct gendisk *hd, int partno, char *buf);
--
2.20.1
^ permalink raw reply related [flat|nested] 429+ messages in thread
* [PATCH 5.1 163/405] powerpc/numa: improve control of topology updates
2019-05-30 2:59 [PATCH 5.1 000/405] 5.1.6-stable review Greg Kroah-Hartman
` (161 preceding siblings ...)
2019-05-30 3:02 ` [PATCH 5.1 162/405] block: fix use-after-free on gendisk Greg Kroah-Hartman
@ 2019-05-30 3:02 ` Greg Kroah-Hartman
2019-05-30 3:02 ` [PATCH 5.1 164/405] powerpc/64: Fix booting large kernels with STRICT_KERNEL_RWX Greg Kroah-Hartman
` (246 subsequent siblings)
409 siblings, 0 replies; 429+ messages in thread
From: Greg Kroah-Hartman @ 2019-05-30 3:02 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Nathan Lynch, Michael Ellerman, Sasha Levin
[ Upstream commit 2d4d9b308f8f8dec68f6dbbff18c68ec7c6bd26f ]
When booted with "topology_updates=no", or when "off" is written to
/proc/powerpc/topology_updates, NUMA reassignments are inhibited for
PRRN and VPHN events. However, migration and suspend unconditionally
re-enable reassignments via start_topology_update(). This is
incoherent.
Check the topology_updates_enabled flag in
start/stop_topology_update() so that callers of those APIs need not be
aware of whether reassignments are enabled. This allows the
administrative decision on reassignments to remain in force across
migrations and suspensions.
Signed-off-by: Nathan Lynch <nathanl@linux.ibm.com>
Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/powerpc/mm/numa.c | 18 ++++++++++++------
1 file changed, 12 insertions(+), 6 deletions(-)
diff --git a/arch/powerpc/mm/numa.c b/arch/powerpc/mm/numa.c
index f976676004ad0..48c9a97eb2c33 100644
--- a/arch/powerpc/mm/numa.c
+++ b/arch/powerpc/mm/numa.c
@@ -1498,6 +1498,9 @@ int start_topology_update(void)
{
int rc = 0;
+ if (!topology_updates_enabled)
+ return 0;
+
if (firmware_has_feature(FW_FEATURE_PRRN)) {
if (!prrn_enabled) {
prrn_enabled = 1;
@@ -1531,6 +1534,9 @@ int stop_topology_update(void)
{
int rc = 0;
+ if (!topology_updates_enabled)
+ return 0;
+
if (prrn_enabled) {
prrn_enabled = 0;
#ifdef CONFIG_SMP
@@ -1588,11 +1594,13 @@ static ssize_t topology_write(struct file *file, const char __user *buf,
kbuf[read_len] = '\0';
- if (!strncmp(kbuf, "on", 2))
+ if (!strncmp(kbuf, "on", 2)) {
+ topology_updates_enabled = true;
start_topology_update();
- else if (!strncmp(kbuf, "off", 3))
+ } else if (!strncmp(kbuf, "off", 3)) {
stop_topology_update();
- else
+ topology_updates_enabled = false;
+ } else
return -EINVAL;
return count;
@@ -1607,9 +1615,7 @@ static const struct file_operations topology_ops = {
static int topology_update_init(void)
{
- /* Do not poll for changes if disabled at boot */
- if (topology_updates_enabled)
- start_topology_update();
+ start_topology_update();
if (vphn_enabled)
topology_schedule_update();
--
2.20.1
^ permalink raw reply related [flat|nested] 429+ messages in thread
* [PATCH 5.1 164/405] powerpc/64: Fix booting large kernels with STRICT_KERNEL_RWX
2019-05-30 2:59 [PATCH 5.1 000/405] 5.1.6-stable review Greg Kroah-Hartman
` (162 preceding siblings ...)
2019-05-30 3:02 ` [PATCH 5.1 163/405] powerpc/numa: improve control of topology updates Greg Kroah-Hartman
@ 2019-05-30 3:02 ` Greg Kroah-Hartman
2019-05-30 3:02 ` [PATCH 5.1 165/405] random: fix CRNG initialization when random.trust_cpu=1 Greg Kroah-Hartman
` (245 subsequent siblings)
409 siblings, 0 replies; 429+ messages in thread
From: Greg Kroah-Hartman @ 2019-05-30 3:02 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Russell Currey, Michael Ellerman,
Sasha Levin
[ Upstream commit 56c46bba9bbfe229b4472a5be313c44c5b714a39 ]
With STRICT_KERNEL_RWX enabled anything marked __init is placed at a 16M
boundary. This is necessary so that it can be repurposed later with
different permissions. However, in kernels with text larger than 16M,
this pushes early_setup past 32M, incapable of being reached by the
branch instruction.
Fix this by setting the CTR and branching there instead.
Fixes: 1e0fc9d1eb2b ("powerpc/Kconfig: Enable STRICT_KERNEL_RWX for some configs")
Signed-off-by: Russell Currey <ruscur@russell.cc>
[mpe: Fix it to work on BE by using DOTSYM()]
Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/powerpc/kernel/head_64.S | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/arch/powerpc/kernel/head_64.S b/arch/powerpc/kernel/head_64.S
index 3fad8d499767c..5321a11c28358 100644
--- a/arch/powerpc/kernel/head_64.S
+++ b/arch/powerpc/kernel/head_64.S
@@ -968,7 +968,9 @@ start_here_multiplatform:
/* Restore parameters passed from prom_init/kexec */
mr r3,r31
- bl early_setup /* also sets r13 and SPRG_PACA */
+ LOAD_REG_ADDR(r12, DOTSYM(early_setup))
+ mtctr r12
+ bctrl /* also sets r13 and SPRG_PACA */
LOAD_REG_ADDR(r3, start_here_common)
ld r4,PACAKMSR(r13)
--
2.20.1
^ permalink raw reply related [flat|nested] 429+ messages in thread
* [PATCH 5.1 165/405] random: fix CRNG initialization when random.trust_cpu=1
2019-05-30 2:59 [PATCH 5.1 000/405] 5.1.6-stable review Greg Kroah-Hartman
` (163 preceding siblings ...)
2019-05-30 3:02 ` [PATCH 5.1 164/405] powerpc/64: Fix booting large kernels with STRICT_KERNEL_RWX Greg Kroah-Hartman
@ 2019-05-30 3:02 ` Greg Kroah-Hartman
2019-05-30 3:02 ` [PATCH 5.1 166/405] random: add a spinlock_t to struct batched_entropy Greg Kroah-Hartman
` (244 subsequent siblings)
409 siblings, 0 replies; 429+ messages in thread
From: Greg Kroah-Hartman @ 2019-05-30 3:02 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Jon DeVree, Theodore Tso, Sasha Levin
[ Upstream commit fe6f1a6a8eedc1aa538fee0baa612b6a59639cf8 ]
When the system boots with random.trust_cpu=1 it doesn't initialize the
per-NUMA CRNGs because it skips the rest of the CRNG startup code. This
means that the code from 1e7f583af67b ("random: make /dev/urandom scalable
for silly userspace programs") is not used when random.trust_cpu=1.
crash> dmesg | grep random:
[ 0.000000] random: get_random_bytes called from start_kernel+0x94/0x530 with crng_init=0
[ 0.314029] random: crng done (trusting CPU's manufacturer)
crash> print crng_node_pool
$6 = (struct crng_state **) 0x0
After adding the missing call to numa_crng_init() the per-NUMA CRNGs are
initialized again:
crash> dmesg | grep random:
[ 0.000000] random: get_random_bytes called from start_kernel+0x94/0x530 with crng_init=0
[ 0.314031] random: crng done (trusting CPU's manufacturer)
crash> print crng_node_pool
$1 = (struct crng_state **) 0xffff9a915f4014a0
The call to invalidate_batched_entropy() was also missing. This is
important for architectures like PPC and S390 which only have the
arch_get_random_seed_* functions.
Fixes: 39a8883a2b98 ("random: add a config option to trust the CPU's hwrng")
Signed-off-by: Jon DeVree <nuxi@vault24.org>
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/char/random.c | 5 ++++-
1 file changed, 4 insertions(+), 1 deletion(-)
diff --git a/drivers/char/random.c b/drivers/char/random.c
index 38c6d1af6d1c0..d4d45ccfeefc0 100644
--- a/drivers/char/random.c
+++ b/drivers/char/random.c
@@ -777,6 +777,7 @@ static struct crng_state **crng_node_pool __read_mostly;
#endif
static void invalidate_batched_entropy(void);
+static void numa_crng_init(void);
static bool trust_cpu __ro_after_init = IS_ENABLED(CONFIG_RANDOM_TRUST_CPU);
static int __init parse_trust_cpu(char *arg)
@@ -805,7 +806,9 @@ static void crng_initialize(struct crng_state *crng)
}
crng->state[i] ^= rv;
}
- if (trust_cpu && arch_init) {
+ if (trust_cpu && arch_init && crng == &primary_crng) {
+ invalidate_batched_entropy();
+ numa_crng_init();
crng_init = 2;
pr_notice("random: crng done (trusting CPU's manufacturer)\n");
}
--
2.20.1
^ permalink raw reply related [flat|nested] 429+ messages in thread
* [PATCH 5.1 166/405] random: add a spinlock_t to struct batched_entropy
2019-05-30 2:59 [PATCH 5.1 000/405] 5.1.6-stable review Greg Kroah-Hartman
` (164 preceding siblings ...)
2019-05-30 3:02 ` [PATCH 5.1 165/405] random: fix CRNG initialization when random.trust_cpu=1 Greg Kroah-Hartman
@ 2019-05-30 3:02 ` Greg Kroah-Hartman
2019-05-30 3:02 ` [PATCH 5.1 167/405] cgroup: protect cgroup->nr_(dying_)descendants by css_set_lock Greg Kroah-Hartman
` (243 subsequent siblings)
409 siblings, 0 replies; 429+ messages in thread
From: Greg Kroah-Hartman @ 2019-05-30 3:02 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Sebastian Andrzej Siewior,
Theodore Tso, Sasha Levin
[ Upstream commit b7d5dc21072cda7124d13eae2aefb7343ef94197 ]
The per-CPU variable batched_entropy_uXX is protected by get_cpu_var().
This is just a preempt_disable() which ensures that the variable is only
from the local CPU. It does not protect against users on the same CPU
from another context. It is possible that a preemptible context reads
slot 0 and then an interrupt occurs and the same value is read again.
The above scenario is confirmed by lockdep if we add a spinlock:
| ================================
| WARNING: inconsistent lock state
| 5.1.0-rc3+ #42 Not tainted
| --------------------------------
| inconsistent {SOFTIRQ-ON-W} -> {IN-SOFTIRQ-W} usage.
| ksoftirqd/9/56 [HC0[0]:SC1[1]:HE0:SE0] takes:
| (____ptrval____) (batched_entropy_u32.lock){+.?.}, at: get_random_u32+0x3e/0xe0
| {SOFTIRQ-ON-W} state was registered at:
| _raw_spin_lock+0x2a/0x40
| get_random_u32+0x3e/0xe0
| new_slab+0x15c/0x7b0
| ___slab_alloc+0x492/0x620
| __slab_alloc.isra.73+0x53/0xa0
| kmem_cache_alloc_node+0xaf/0x2a0
| copy_process.part.41+0x1e1/0x2370
| _do_fork+0xdb/0x6d0
| kernel_thread+0x20/0x30
| kthreadd+0x1ba/0x220
| ret_from_fork+0x3a/0x50
…
| other info that might help us debug this:
| Possible unsafe locking scenario:
|
| CPU0
| ----
| lock(batched_entropy_u32.lock);
| <Interrupt>
| lock(batched_entropy_u32.lock);
|
| *** DEADLOCK ***
|
| stack backtrace:
| Call Trace:
…
| kmem_cache_alloc_trace+0x20e/0x270
| ipmi_alloc_recv_msg+0x16/0x40
…
| __do_softirq+0xec/0x48d
| run_ksoftirqd+0x37/0x60
| smpboot_thread_fn+0x191/0x290
| kthread+0xfe/0x130
| ret_from_fork+0x3a/0x50
Add a spinlock_t to the batched_entropy data structure and acquire the
lock while accessing it. Acquire the lock with disabled interrupts
because this function may be used from interrupt context.
Remove the batched_entropy_reset_lock lock. Now that we have a lock for
the data scructure, we can access it from a remote CPU.
Signed-off-by: Sebastian Andrzej Siewior <bigeasy@linutronix.de>
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/char/random.c | 52 ++++++++++++++++++++++---------------------
1 file changed, 27 insertions(+), 25 deletions(-)
diff --git a/drivers/char/random.c b/drivers/char/random.c
index d4d45ccfeefc0..af6e240f98ff4 100644
--- a/drivers/char/random.c
+++ b/drivers/char/random.c
@@ -2214,8 +2214,8 @@ struct batched_entropy {
u32 entropy_u32[CHACHA_BLOCK_SIZE / sizeof(u32)];
};
unsigned int position;
+ spinlock_t batch_lock;
};
-static rwlock_t batched_entropy_reset_lock = __RW_LOCK_UNLOCKED(batched_entropy_reset_lock);
/*
* Get a random word for internal kernel use only. The quality of the random
@@ -2225,12 +2225,14 @@ static rwlock_t batched_entropy_reset_lock = __RW_LOCK_UNLOCKED(batched_entropy_
* wait_for_random_bytes() should be called and return 0 at least once
* at any point prior.
*/
-static DEFINE_PER_CPU(struct batched_entropy, batched_entropy_u64);
+static DEFINE_PER_CPU(struct batched_entropy, batched_entropy_u64) = {
+ .batch_lock = __SPIN_LOCK_UNLOCKED(batched_entropy_u64.lock),
+};
+
u64 get_random_u64(void)
{
u64 ret;
- bool use_lock;
- unsigned long flags = 0;
+ unsigned long flags;
struct batched_entropy *batch;
static void *previous;
@@ -2245,28 +2247,25 @@ u64 get_random_u64(void)
warn_unseeded_randomness(&previous);
- use_lock = READ_ONCE(crng_init) < 2;
- batch = &get_cpu_var(batched_entropy_u64);
- if (use_lock)
- read_lock_irqsave(&batched_entropy_reset_lock, flags);
+ batch = raw_cpu_ptr(&batched_entropy_u64);
+ spin_lock_irqsave(&batch->batch_lock, flags);
if (batch->position % ARRAY_SIZE(batch->entropy_u64) == 0) {
extract_crng((u8 *)batch->entropy_u64);
batch->position = 0;
}
ret = batch->entropy_u64[batch->position++];
- if (use_lock)
- read_unlock_irqrestore(&batched_entropy_reset_lock, flags);
- put_cpu_var(batched_entropy_u64);
+ spin_unlock_irqrestore(&batch->batch_lock, flags);
return ret;
}
EXPORT_SYMBOL(get_random_u64);
-static DEFINE_PER_CPU(struct batched_entropy, batched_entropy_u32);
+static DEFINE_PER_CPU(struct batched_entropy, batched_entropy_u32) = {
+ .batch_lock = __SPIN_LOCK_UNLOCKED(batched_entropy_u32.lock),
+};
u32 get_random_u32(void)
{
u32 ret;
- bool use_lock;
- unsigned long flags = 0;
+ unsigned long flags;
struct batched_entropy *batch;
static void *previous;
@@ -2275,18 +2274,14 @@ u32 get_random_u32(void)
warn_unseeded_randomness(&previous);
- use_lock = READ_ONCE(crng_init) < 2;
- batch = &get_cpu_var(batched_entropy_u32);
- if (use_lock)
- read_lock_irqsave(&batched_entropy_reset_lock, flags);
+ batch = raw_cpu_ptr(&batched_entropy_u32);
+ spin_lock_irqsave(&batch->batch_lock, flags);
if (batch->position % ARRAY_SIZE(batch->entropy_u32) == 0) {
extract_crng((u8 *)batch->entropy_u32);
batch->position = 0;
}
ret = batch->entropy_u32[batch->position++];
- if (use_lock)
- read_unlock_irqrestore(&batched_entropy_reset_lock, flags);
- put_cpu_var(batched_entropy_u32);
+ spin_unlock_irqrestore(&batch->batch_lock, flags);
return ret;
}
EXPORT_SYMBOL(get_random_u32);
@@ -2300,12 +2295,19 @@ static void invalidate_batched_entropy(void)
int cpu;
unsigned long flags;
- write_lock_irqsave(&batched_entropy_reset_lock, flags);
for_each_possible_cpu (cpu) {
- per_cpu_ptr(&batched_entropy_u32, cpu)->position = 0;
- per_cpu_ptr(&batched_entropy_u64, cpu)->position = 0;
+ struct batched_entropy *batched_entropy;
+
+ batched_entropy = per_cpu_ptr(&batched_entropy_u32, cpu);
+ spin_lock_irqsave(&batched_entropy->batch_lock, flags);
+ batched_entropy->position = 0;
+ spin_unlock(&batched_entropy->batch_lock);
+
+ batched_entropy = per_cpu_ptr(&batched_entropy_u64, cpu);
+ spin_lock(&batched_entropy->batch_lock);
+ batched_entropy->position = 0;
+ spin_unlock_irqrestore(&batched_entropy->batch_lock, flags);
}
- write_unlock_irqrestore(&batched_entropy_reset_lock, flags);
}
/**
--
2.20.1
^ permalink raw reply related [flat|nested] 429+ messages in thread
* [PATCH 5.1 167/405] cgroup: protect cgroup->nr_(dying_)descendants by css_set_lock
2019-05-30 2:59 [PATCH 5.1 000/405] 5.1.6-stable review Greg Kroah-Hartman
` (165 preceding siblings ...)
2019-05-30 3:02 ` [PATCH 5.1 166/405] random: add a spinlock_t to struct batched_entropy Greg Kroah-Hartman
@ 2019-05-30 3:02 ` Greg Kroah-Hartman
2019-05-30 3:02 ` [PATCH 5.1 168/405] sched/core: Check quota and period overflow at usec to nsec conversion Greg Kroah-Hartman
` (242 subsequent siblings)
409 siblings, 0 replies; 429+ messages in thread
From: Greg Kroah-Hartman @ 2019-05-30 3:02 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Roman Gushchin, Tejun Heo,
kernel-team, Sasha Levin
[ Upstream commit 4dcabece4c3a9f9522127be12cc12cc120399b2f ]
The number of descendant cgroups and the number of dying
descendant cgroups are currently synchronized using the cgroup_mutex.
The number of descendant cgroups will be required by the cgroup v2
freezer, which will use it to determine if a cgroup is frozen
(depending on total number of descendants and number of frozen
descendants). It's not always acceptable to grab the cgroup_mutex,
especially from quite hot paths (e.g. exit()).
To avoid this, let's additionally synchronize these counters using
the css_set_lock.
So, it's safe to read these counters with either cgroup_mutex or
css_set_lock locked, and for changing both locks should be acquired.
Signed-off-by: Roman Gushchin <guro@fb.com>
Signed-off-by: Tejun Heo <tj@kernel.org>
Cc: kernel-team@fb.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
include/linux/cgroup-defs.h | 5 +++++
kernel/cgroup/cgroup.c | 6 ++++++
2 files changed, 11 insertions(+)
diff --git a/include/linux/cgroup-defs.h b/include/linux/cgroup-defs.h
index 1c70803e9f770..7d57890cec671 100644
--- a/include/linux/cgroup-defs.h
+++ b/include/linux/cgroup-defs.h
@@ -349,6 +349,11 @@ struct cgroup {
* Dying cgroups are cgroups which were deleted by a user,
* but are still existing because someone else is holding a reference.
* max_descendants is a maximum allowed number of descent cgroups.
+ *
+ * nr_descendants and nr_dying_descendants are protected
+ * by cgroup_mutex and css_set_lock. It's fine to read them holding
+ * any of cgroup_mutex and css_set_lock; for writing both locks
+ * should be held.
*/
int nr_descendants;
int nr_dying_descendants;
diff --git a/kernel/cgroup/cgroup.c b/kernel/cgroup/cgroup.c
index 3f2b4bde0f9c3..9fcf6338ea5f9 100644
--- a/kernel/cgroup/cgroup.c
+++ b/kernel/cgroup/cgroup.c
@@ -4781,9 +4781,11 @@ static void css_release_work_fn(struct work_struct *work)
if (cgroup_on_dfl(cgrp))
cgroup_rstat_flush(cgrp);
+ spin_lock_irq(&css_set_lock);
for (tcgrp = cgroup_parent(cgrp); tcgrp;
tcgrp = cgroup_parent(tcgrp))
tcgrp->nr_dying_descendants--;
+ spin_unlock_irq(&css_set_lock);
cgroup_idr_remove(&cgrp->root->cgroup_idr, cgrp->id);
cgrp->id = -1;
@@ -5001,12 +5003,14 @@ static struct cgroup *cgroup_create(struct cgroup *parent)
if (ret)
goto out_psi_free;
+ spin_lock_irq(&css_set_lock);
for (tcgrp = cgrp; tcgrp; tcgrp = cgroup_parent(tcgrp)) {
cgrp->ancestor_ids[tcgrp->level] = tcgrp->id;
if (tcgrp != cgrp)
tcgrp->nr_descendants++;
}
+ spin_unlock_irq(&css_set_lock);
if (notify_on_release(parent))
set_bit(CGRP_NOTIFY_ON_RELEASE, &cgrp->flags);
@@ -5291,10 +5295,12 @@ static int cgroup_destroy_locked(struct cgroup *cgrp)
if (parent && cgroup_is_threaded(cgrp))
parent->nr_threaded_children--;
+ spin_lock_irq(&css_set_lock);
for (tcgrp = cgroup_parent(cgrp); tcgrp; tcgrp = cgroup_parent(tcgrp)) {
tcgrp->nr_descendants--;
tcgrp->nr_dying_descendants++;
}
+ spin_unlock_irq(&css_set_lock);
cgroup1_check_for_release(parent);
--
2.20.1
^ permalink raw reply related [flat|nested] 429+ messages in thread
* [PATCH 5.1 168/405] sched/core: Check quota and period overflow at usec to nsec conversion
2019-05-30 2:59 [PATCH 5.1 000/405] 5.1.6-stable review Greg Kroah-Hartman
` (166 preceding siblings ...)
2019-05-30 3:02 ` [PATCH 5.1 167/405] cgroup: protect cgroup->nr_(dying_)descendants by css_set_lock Greg Kroah-Hartman
@ 2019-05-30 3:02 ` Greg Kroah-Hartman
2019-05-30 3:02 ` [PATCH 5.1 169/405] sched/rt: Check integer " Greg Kroah-Hartman
` (241 subsequent siblings)
409 siblings, 0 replies; 429+ messages in thread
From: Greg Kroah-Hartman @ 2019-05-30 3:02 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Konstantin Khlebnikov,
Peter Zijlstra, Linus Torvalds, Peter Zijlstra, Thomas Gleixner,
Ingo Molnar, Sasha Levin
[ Upstream commit 1a8b4540db732ca16c9e43ac7c08b1b8f0b252d8 ]
Large values could overflow u64 and pass following sanity checks.
# echo 18446744073750000 > cpu.cfs_period_us
# cat cpu.cfs_period_us
40448
# echo 18446744073750000 > cpu.cfs_quota_us
# cat cpu.cfs_quota_us
40448
After this patch they will fail with -EINVAL.
Signed-off-by: Konstantin Khlebnikov <khlebnikov@yandex-team.ru>
Acked-by: Peter Zijlstra <a.p.zijlstra@chello.nl>
Cc: Linus Torvalds <torvalds@linux-foundation.org>
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: Thomas Gleixner <tglx@linutronix.de>
Link: http://lkml.kernel.org/r/155125502079.293431.3947497929372138600.stgit@buzz
Signed-off-by: Ingo Molnar <mingo@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
kernel/sched/core.c | 7 ++++++-
1 file changed, 6 insertions(+), 1 deletion(-)
diff --git a/kernel/sched/core.c b/kernel/sched/core.c
index 4778c48a7fda4..89c9c1d7d22c5 100644
--- a/kernel/sched/core.c
+++ b/kernel/sched/core.c
@@ -6661,8 +6661,10 @@ int tg_set_cfs_quota(struct task_group *tg, long cfs_quota_us)
period = ktime_to_ns(tg->cfs_bandwidth.period);
if (cfs_quota_us < 0)
quota = RUNTIME_INF;
- else
+ else if ((u64)cfs_quota_us <= U64_MAX / NSEC_PER_USEC)
quota = (u64)cfs_quota_us * NSEC_PER_USEC;
+ else
+ return -EINVAL;
return tg_set_cfs_bandwidth(tg, period, quota);
}
@@ -6684,6 +6686,9 @@ int tg_set_cfs_period(struct task_group *tg, long cfs_period_us)
{
u64 quota, period;
+ if ((u64)cfs_period_us > U64_MAX / NSEC_PER_USEC)
+ return -EINVAL;
+
period = (u64)cfs_period_us * NSEC_PER_USEC;
quota = tg->cfs_bandwidth.quota;
--
2.20.1
^ permalink raw reply related [flat|nested] 429+ messages in thread
* [PATCH 5.1 169/405] sched/rt: Check integer overflow at usec to nsec conversion
2019-05-30 2:59 [PATCH 5.1 000/405] 5.1.6-stable review Greg Kroah-Hartman
` (167 preceding siblings ...)
2019-05-30 3:02 ` [PATCH 5.1 168/405] sched/core: Check quota and period overflow at usec to nsec conversion Greg Kroah-Hartman
@ 2019-05-30 3:02 ` Greg Kroah-Hartman
2019-05-30 3:02 ` [PATCH 5.1 170/405] sched/core: Handle overflow in cpu_shares_write_u64 Greg Kroah-Hartman
` (240 subsequent siblings)
409 siblings, 0 replies; 429+ messages in thread
From: Greg Kroah-Hartman @ 2019-05-30 3:02 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Konstantin Khlebnikov,
Peter Zijlstra, Linus Torvalds, Peter Zijlstra, Thomas Gleixner,
Ingo Molnar, Sasha Levin
[ Upstream commit 1a010e29cfa00fee2888fd2fd4983f848cbafb58 ]
Example of unhandled overflows:
# echo 18446744073709651 > cpu.rt_runtime_us
# cat cpu.rt_runtime_us
99
# echo 18446744073709900 > cpu.rt_period_us
# cat cpu.rt_period_us
348
After this patch they will fail with -EINVAL.
Signed-off-by: Konstantin Khlebnikov <khlebnikov@yandex-team.ru>
Acked-by: Peter Zijlstra <a.p.zijlstra@chello.nl>
Cc: Linus Torvalds <torvalds@linux-foundation.org>
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: Thomas Gleixner <tglx@linutronix.de>
Link: http://lkml.kernel.org/r/155125501739.293431.5252197504404771496.stgit@buzz
Signed-off-by: Ingo Molnar <mingo@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
kernel/sched/rt.c | 5 +++++
1 file changed, 5 insertions(+)
diff --git a/kernel/sched/rt.c b/kernel/sched/rt.c
index 90fa23d36565d..1e6b909dca367 100644
--- a/kernel/sched/rt.c
+++ b/kernel/sched/rt.c
@@ -2555,6 +2555,8 @@ int sched_group_set_rt_runtime(struct task_group *tg, long rt_runtime_us)
rt_runtime = (u64)rt_runtime_us * NSEC_PER_USEC;
if (rt_runtime_us < 0)
rt_runtime = RUNTIME_INF;
+ else if ((u64)rt_runtime_us > U64_MAX / NSEC_PER_USEC)
+ return -EINVAL;
return tg_set_rt_bandwidth(tg, rt_period, rt_runtime);
}
@@ -2575,6 +2577,9 @@ int sched_group_set_rt_period(struct task_group *tg, u64 rt_period_us)
{
u64 rt_runtime, rt_period;
+ if (rt_period_us > U64_MAX / NSEC_PER_USEC)
+ return -EINVAL;
+
rt_period = rt_period_us * NSEC_PER_USEC;
rt_runtime = tg->rt_bandwidth.rt_runtime;
--
2.20.1
^ permalink raw reply related [flat|nested] 429+ messages in thread
* [PATCH 5.1 170/405] sched/core: Handle overflow in cpu_shares_write_u64
2019-05-30 2:59 [PATCH 5.1 000/405] 5.1.6-stable review Greg Kroah-Hartman
` (168 preceding siblings ...)
2019-05-30 3:02 ` [PATCH 5.1 169/405] sched/rt: Check integer " Greg Kroah-Hartman
@ 2019-05-30 3:02 ` Greg Kroah-Hartman
2019-05-30 3:02 ` [PATCH 5.1 171/405] staging: vc04_services: handle kzalloc failure Greg Kroah-Hartman
` (239 subsequent siblings)
409 siblings, 0 replies; 429+ messages in thread
From: Greg Kroah-Hartman @ 2019-05-30 3:02 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Konstantin Khlebnikov,
Peter Zijlstra, Linus Torvalds, Peter Zijlstra, Thomas Gleixner,
Ingo Molnar, Sasha Levin
[ Upstream commit 5b61d50ab4ef590f5e1d4df15cd2cea5f5715308 ]
Bit shift in scale_load() could overflow shares. This patch saturates
it to MAX_SHARES like following sched_group_set_shares().
Example:
# echo 9223372036854776832 > cpu.shares
# cat cpu.shares
Before patch: 1024
After pattch: 262144
Signed-off-by: Konstantin Khlebnikov <khlebnikov@yandex-team.ru>
Acked-by: Peter Zijlstra <a.p.zijlstra@chello.nl>
Cc: Linus Torvalds <torvalds@linux-foundation.org>
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: Thomas Gleixner <tglx@linutronix.de>
Link: http://lkml.kernel.org/r/155125501891.293431.3345233332801109696.stgit@buzz
Signed-off-by: Ingo Molnar <mingo@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
kernel/sched/core.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/kernel/sched/core.c b/kernel/sched/core.c
index 89c9c1d7d22c5..a75ad50b5e2ff 100644
--- a/kernel/sched/core.c
+++ b/kernel/sched/core.c
@@ -6559,6 +6559,8 @@ static void cpu_cgroup_attach(struct cgroup_taskset *tset)
static int cpu_shares_write_u64(struct cgroup_subsys_state *css,
struct cftype *cftype, u64 shareval)
{
+ if (shareval > scale_load_down(ULONG_MAX))
+ shareval = MAX_SHARES;
return sched_group_set_shares(css_tg(css), scale_load(shareval));
}
--
2.20.1
^ permalink raw reply related [flat|nested] 429+ messages in thread
* [PATCH 5.1 171/405] staging: vc04_services: handle kzalloc failure
2019-05-30 2:59 [PATCH 5.1 000/405] 5.1.6-stable review Greg Kroah-Hartman
` (169 preceding siblings ...)
2019-05-30 3:02 ` [PATCH 5.1 170/405] sched/core: Handle overflow in cpu_shares_write_u64 Greg Kroah-Hartman
@ 2019-05-30 3:02 ` Greg Kroah-Hartman
2019-05-30 3:02 ` [PATCH 5.1 172/405] drm/msm/dpu: release resources on modeset failure Greg Kroah-Hartman
` (238 subsequent siblings)
409 siblings, 0 replies; 429+ messages in thread
From: Greg Kroah-Hartman @ 2019-05-30 3:02 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Nicholas Mc Guire, kbuild test robot,
Stefan Wahren, Sasha Levin
[ Upstream commit a5112277872a56017b777770e2fd4324d4a6c866 ]
The kzalloc here was being used without checking the return - if the
kzalloc fails return VCHIQ_ERROR. The call-site of
vchiq_platform_init_state() vchiq_init_state() was not responding
to an allocation failure so checks for != VCHIQ_SUCCESS
and pass VCHIQ_ERROR up to vchiq_platform_init() which then
will fail with -EINVAL.
Signed-off-by: Nicholas Mc Guire <hofrat@osadl.org>
Reported-by: kbuild test robot <lkp@intel.com>
Acked-By: Stefan Wahren <stefan.wahren@i2se.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
.../staging/vc04_services/interface/vchiq_arm/vchiq_2835_arm.c | 3 +++
drivers/staging/vc04_services/interface/vchiq_arm/vchiq_core.c | 2 ++
2 files changed, 5 insertions(+)
diff --git a/drivers/staging/vc04_services/interface/vchiq_arm/vchiq_2835_arm.c b/drivers/staging/vc04_services/interface/vchiq_arm/vchiq_2835_arm.c
index dd4898861b833..eb1e5dcb0d529 100644
--- a/drivers/staging/vc04_services/interface/vchiq_arm/vchiq_2835_arm.c
+++ b/drivers/staging/vc04_services/interface/vchiq_arm/vchiq_2835_arm.c
@@ -209,6 +209,9 @@ vchiq_platform_init_state(struct vchiq_state *state)
struct vchiq_2835_state *platform_state;
state->platform_state = kzalloc(sizeof(*platform_state), GFP_KERNEL);
+ if (!state->platform_state)
+ return VCHIQ_ERROR;
+
platform_state = (struct vchiq_2835_state *)state->platform_state;
platform_state->inited = 1;
diff --git a/drivers/staging/vc04_services/interface/vchiq_arm/vchiq_core.c b/drivers/staging/vc04_services/interface/vchiq_arm/vchiq_core.c
index 53f5a1cb4636e..819813e742d8a 100644
--- a/drivers/staging/vc04_services/interface/vchiq_arm/vchiq_core.c
+++ b/drivers/staging/vc04_services/interface/vchiq_arm/vchiq_core.c
@@ -2239,6 +2239,8 @@ vchiq_init_state(struct vchiq_state *state, struct vchiq_slot_zero *slot_zero)
local->debug[DEBUG_ENTRIES] = DEBUG_MAX;
status = vchiq_platform_init_state(state);
+ if (status != VCHIQ_SUCCESS)
+ return VCHIQ_ERROR;
/*
bring up slot handler thread
--
2.20.1
^ permalink raw reply related [flat|nested] 429+ messages in thread
* [PATCH 5.1 172/405] drm/msm/dpu: release resources on modeset failure
2019-05-30 2:59 [PATCH 5.1 000/405] 5.1.6-stable review Greg Kroah-Hartman
` (170 preceding siblings ...)
2019-05-30 3:02 ` [PATCH 5.1 171/405] staging: vc04_services: handle kzalloc failure Greg Kroah-Hartman
@ 2019-05-30 3:02 ` Greg Kroah-Hartman
2019-05-30 3:02 ` Greg Kroah-Hartman
` (237 subsequent siblings)
409 siblings, 0 replies; 429+ messages in thread
From: Greg Kroah-Hartman @ 2019-05-30 3:02 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Jeykumar Sankaran, Sean Paul,
Rob Clark, Sasha Levin
[ Upstream commit a7fcc3237f31a4e206953bb73cf41bd429442f09 ]
release resources allocated in mode_set if any of
the hw check fails. Most of these checks are not
necessary and they will be removed in the follow up
patches with state based resource allocations.
Signed-off-by: Jeykumar Sankaran <jsanka@codeaurora.org>
Signed-off-by: Sean Paul <seanpaul@chromium.org>
Link: https://patchwork.freedesktop.org/patch/msgid/1550107156-17625-4-git-send-email-jsanka@codeaurora.org
Signed-off-by: Rob Clark <robdclark@chromium.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/gpu/drm/msm/disp/dpu1/dpu_encoder.c | 7 +++++--
1 file changed, 5 insertions(+), 2 deletions(-)
diff --git a/drivers/gpu/drm/msm/disp/dpu1/dpu_encoder.c b/drivers/gpu/drm/msm/disp/dpu1/dpu_encoder.c
index 5aa3307f3f0c5..f59c00191a2a2 100644
--- a/drivers/gpu/drm/msm/disp/dpu1/dpu_encoder.c
+++ b/drivers/gpu/drm/msm/disp/dpu1/dpu_encoder.c
@@ -1023,13 +1023,13 @@ static void dpu_encoder_virt_mode_set(struct drm_encoder *drm_enc,
if (!dpu_enc->hw_pp[i]) {
DPU_ERROR_ENC(dpu_enc, "no pp block assigned"
"at idx: %d\n", i);
- return;
+ goto error;
}
if (!hw_ctl[i]) {
DPU_ERROR_ENC(dpu_enc, "no ctl block assigned"
"at idx: %d\n", i);
- return;
+ goto error;
}
phys->hw_pp = dpu_enc->hw_pp[i];
@@ -1042,6 +1042,9 @@ static void dpu_encoder_virt_mode_set(struct drm_encoder *drm_enc,
}
dpu_enc->mode_set_complete = true;
+
+error:
+ dpu_rm_release(&dpu_kms->rm, drm_enc);
}
static void _dpu_encoder_virt_enable_helper(struct drm_encoder *drm_enc)
--
2.20.1
^ permalink raw reply related [flat|nested] 429+ messages in thread
* [PATCH 5.1 173/405] drm/msm: a5xx: fix possible object reference leak
2019-05-30 2:59 [PATCH 5.1 000/405] 5.1.6-stable review Greg Kroah-Hartman
@ 2019-05-30 3:02 ` Greg Kroah-Hartman
2019-05-30 3:00 ` [PATCH 5.1 002/405] ext4: do not delete unlinked inode from orphan list on failed truncate Greg Kroah-Hartman
` (408 subsequent siblings)
409 siblings, 0 replies; 429+ messages in thread
From: Greg Kroah-Hartman @ 2019-05-30 3:02 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Wen Yang, Rob Clark, Sean Paul,
David Airlie, Daniel Vetter, Jordan Crouse, Mamta Shukla,
Thomas Zimmermann, Sharat Masetty, linux-arm-msm, dri-devel,
freedreno, Rob Clark, Sasha Levin
[ Upstream commit 6cd5235c3135ea84b32469ea51b2aae384eda8af ]
The call to of_get_child_by_name returns a node pointer with refcount
incremented thus it must be explicitly decremented after the last
usage.
Detected by coccinelle with the following warnings:
drivers/gpu/drm/msm/adreno/a5xx_gpu.c:57:2-8: ERROR: missing of_node_put; acquired a node pointer with refcount incremented on line 47, but without a corresponding object release within this function.
drivers/gpu/drm/msm/adreno/a5xx_gpu.c:66:2-8: ERROR: missing of_node_put; acquired a node pointer with refcount incremented on line 47, but without a corresponding object release within this function.
drivers/gpu/drm/msm/adreno/a5xx_gpu.c:118:1-7: ERROR: missing of_node_put; acquired a node pointer with refcount incremented on line 47, but without a corresponding object release within this function.
drivers/gpu/drm/msm/adreno/a5xx_gpu.c:57:2-8: ERROR: missing of_node_put; acquired a node pointer with refcount incremented on line 51, but without a corresponding object release within this function.
drivers/gpu/drm/msm/adreno/a5xx_gpu.c:66:2-8: ERROR: missing of_node_put; acquired a node pointer with refcount incremented on line 51, but without a corresponding object release within this function.
drivers/gpu/drm/msm/adreno/a5xx_gpu.c:118:1-7: ERROR: missing of_node_put; acquired a node pointer with refcount incremented on line 51, but without a corresponding object release within this function.
Signed-off-by: Wen Yang <wen.yang99@zte.com.cn>
Cc: Rob Clark <robdclark@gmail.com>
Cc: Sean Paul <sean@poorly.run>
Cc: David Airlie <airlied@linux.ie>
Cc: Daniel Vetter <daniel@ffwll.ch>
Cc: Jordan Crouse <jcrouse@codeaurora.org>
Cc: Mamta Shukla <mamtashukla555@gmail.com>
Cc: Thomas Zimmermann <tzimmermann@suse.de>
Cc: Sharat Masetty <smasetty@codeaurora.org>
Cc: linux-arm-msm@vger.kernel.org
Cc: dri-devel@lists.freedesktop.org
Cc: freedreno@lists.freedesktop.org
Cc: linux-kernel@vger.kernel.org (open list)
Reviewed-by: Jordan Crouse <jcrouse@codeaurora.org>
Signed-off-by: Rob Clark <robdclark@gmail.com>
Signed-off-by: Rob Clark <robdclark@chromium.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/gpu/drm/msm/adreno/a5xx_gpu.c | 10 ++++++----
1 file changed, 6 insertions(+), 4 deletions(-)
diff --git a/drivers/gpu/drm/msm/adreno/a5xx_gpu.c b/drivers/gpu/drm/msm/adreno/a5xx_gpu.c
index d5f5e56422f57..270da14cba673 100644
--- a/drivers/gpu/drm/msm/adreno/a5xx_gpu.c
+++ b/drivers/gpu/drm/msm/adreno/a5xx_gpu.c
@@ -34,7 +34,7 @@ static int zap_shader_load_mdt(struct msm_gpu *gpu, const char *fwname)
{
struct device *dev = &gpu->pdev->dev;
const struct firmware *fw;
- struct device_node *np;
+ struct device_node *np, *mem_np;
struct resource r;
phys_addr_t mem_phys;
ssize_t mem_size;
@@ -48,11 +48,13 @@ static int zap_shader_load_mdt(struct msm_gpu *gpu, const char *fwname)
if (!np)
return -ENODEV;
- np = of_parse_phandle(np, "memory-region", 0);
- if (!np)
+ mem_np = of_parse_phandle(np, "memory-region", 0);
+ of_node_put(np);
+ if (!mem_np)
return -EINVAL;
- ret = of_address_to_resource(np, 0, &r);
+ ret = of_address_to_resource(mem_np, 0, &r);
+ of_node_put(mem_np);
if (ret)
return ret;
--
2.20.1
^ permalink raw reply related [flat|nested] 429+ messages in thread
* [PATCH 5.1 173/405] drm/msm: a5xx: fix possible object reference leak
@ 2019-05-30 3:02 ` Greg Kroah-Hartman
0 siblings, 0 replies; 429+ messages in thread
From: Greg Kroah-Hartman @ 2019-05-30 3:02 UTC (permalink / raw)
To: linux-kernel
Cc: dri-devel, freedreno, Thomas Zimmermann, Sasha Levin,
David Airlie, Greg Kroah-Hartman, Sharat Masetty, stable,
Mamta Shukla, linux-arm-msm, Rob Clark, Sean Paul, Wen Yang
[ Upstream commit 6cd5235c3135ea84b32469ea51b2aae384eda8af ]
The call to of_get_child_by_name returns a node pointer with refcount
incremented thus it must be explicitly decremented after the last
usage.
Detected by coccinelle with the following warnings:
drivers/gpu/drm/msm/adreno/a5xx_gpu.c:57:2-8: ERROR: missing of_node_put; acquired a node pointer with refcount incremented on line 47, but without a corresponding object release within this function.
drivers/gpu/drm/msm/adreno/a5xx_gpu.c:66:2-8: ERROR: missing of_node_put; acquired a node pointer with refcount incremented on line 47, but without a corresponding object release within this function.
drivers/gpu/drm/msm/adreno/a5xx_gpu.c:118:1-7: ERROR: missing of_node_put; acquired a node pointer with refcount incremented on line 47, but without a corresponding object release within this function.
drivers/gpu/drm/msm/adreno/a5xx_gpu.c:57:2-8: ERROR: missing of_node_put; acquired a node pointer with refcount incremented on line 51, but without a corresponding object release within this function.
drivers/gpu/drm/msm/adreno/a5xx_gpu.c:66:2-8: ERROR: missing of_node_put; acquired a node pointer with refcount incremented on line 51, but without a corresponding object release within this function.
drivers/gpu/drm/msm/adreno/a5xx_gpu.c:118:1-7: ERROR: missing of_node_put; acquired a node pointer with refcount incremented on line 51, but without a corresponding object release within this function.
Signed-off-by: Wen Yang <wen.yang99@zte.com.cn>
Cc: Rob Clark <robdclark@gmail.com>
Cc: Sean Paul <sean@poorly.run>
Cc: David Airlie <airlied@linux.ie>
Cc: Daniel Vetter <daniel@ffwll.ch>
Cc: Jordan Crouse <jcrouse@codeaurora.org>
Cc: Mamta Shukla <mamtashukla555@gmail.com>
Cc: Thomas Zimmermann <tzimmermann@suse.de>
Cc: Sharat Masetty <smasetty@codeaurora.org>
Cc: linux-arm-msm@vger.kernel.org
Cc: dri-devel@lists.freedesktop.org
Cc: freedreno@lists.freedesktop.org
Cc: linux-kernel@vger.kernel.org (open list)
Reviewed-by: Jordan Crouse <jcrouse@codeaurora.org>
Signed-off-by: Rob Clark <robdclark@gmail.com>
Signed-off-by: Rob Clark <robdclark@chromium.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/gpu/drm/msm/adreno/a5xx_gpu.c | 10 ++++++----
1 file changed, 6 insertions(+), 4 deletions(-)
diff --git a/drivers/gpu/drm/msm/adreno/a5xx_gpu.c b/drivers/gpu/drm/msm/adreno/a5xx_gpu.c
index d5f5e56422f57..270da14cba673 100644
--- a/drivers/gpu/drm/msm/adreno/a5xx_gpu.c
+++ b/drivers/gpu/drm/msm/adreno/a5xx_gpu.c
@@ -34,7 +34,7 @@ static int zap_shader_load_mdt(struct msm_gpu *gpu, const char *fwname)
{
struct device *dev = &gpu->pdev->dev;
const struct firmware *fw;
- struct device_node *np;
+ struct device_node *np, *mem_np;
struct resource r;
phys_addr_t mem_phys;
ssize_t mem_size;
@@ -48,11 +48,13 @@ static int zap_shader_load_mdt(struct msm_gpu *gpu, const char *fwname)
if (!np)
return -ENODEV;
- np = of_parse_phandle(np, "memory-region", 0);
- if (!np)
+ mem_np = of_parse_phandle(np, "memory-region", 0);
+ of_node_put(np);
+ if (!mem_np)
return -EINVAL;
- ret = of_address_to_resource(np, 0, &r);
+ ret = of_address_to_resource(mem_np, 0, &r);
+ of_node_put(mem_np);
if (ret)
return ret;
--
2.20.1
_______________________________________________
dri-devel mailing list
dri-devel@lists.freedesktop.org
https://lists.freedesktop.org/mailman/listinfo/dri-devel
^ permalink raw reply related [flat|nested] 429+ messages in thread
* [PATCH 5.1 174/405] drm/msm: dpu: Dont set frame_busy_mask for async updates
2019-05-30 2:59 [PATCH 5.1 000/405] 5.1.6-stable review Greg Kroah-Hartman
` (172 preceding siblings ...)
2019-05-30 3:02 ` Greg Kroah-Hartman
@ 2019-05-30 3:02 ` Greg Kroah-Hartman
2019-05-30 3:02 ` [PATCH 5.1 175/405] drm/msm: Fix NULL pointer dereference Greg Kroah-Hartman
` (235 subsequent siblings)
409 siblings, 0 replies; 429+ messages in thread
From: Greg Kroah-Hartman @ 2019-05-30 3:02 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Fritz Koenig, Sean Paul, Rob Clark,
Sasha Levin
[ Upstream commit f98baa3109cea46083d2361ab14a0207d1b1bd16 ]
The frame_busy mask is used in frame_done event handling, which is not
invoked for async commits. So an async commit will leave the
frame_busy mask populated after it completes and future commits will start
with the busy mask incorrect.
This showed up on disable after cursor move. I was hitting the "this should
not happen" comment in the frame event worker since frame_busy was set,
we queued the event, but there were no frames pending (since async
also doesn't set that).
Reviewed-by: Fritz Koenig <frkoenig@google.com>
Signed-off-by: Sean Paul <seanpaul@chromium.org>
Link: https://patchwork.freedesktop.org/patch/msgid/20190130163220.138637-1-sean@poorly.run
Signed-off-by: Rob Clark <robdclark@chromium.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/gpu/drm/msm/disp/dpu1/dpu_encoder.c | 8 +++++++-
1 file changed, 7 insertions(+), 1 deletion(-)
diff --git a/drivers/gpu/drm/msm/disp/dpu1/dpu_encoder.c b/drivers/gpu/drm/msm/disp/dpu1/dpu_encoder.c
index f59c00191a2a2..dd2c4d11d0e1d 100644
--- a/drivers/gpu/drm/msm/disp/dpu1/dpu_encoder.c
+++ b/drivers/gpu/drm/msm/disp/dpu1/dpu_encoder.c
@@ -1550,8 +1550,14 @@ static void _dpu_encoder_kickoff_phys(struct dpu_encoder_virt *dpu_enc,
if (!ctl)
continue;
- if (phys->split_role != ENC_ROLE_SLAVE)
+ /*
+ * This is cleared in frame_done worker, which isn't invoked
+ * for async commits. So don't set this for async, since it'll
+ * roll over to the next commit.
+ */
+ if (!async && phys->split_role != ENC_ROLE_SLAVE)
set_bit(i, dpu_enc->frame_busy_mask);
+
if (!phys->ops.needs_single_flush ||
!phys->ops.needs_single_flush(phys))
_dpu_encoder_trigger_flush(&dpu_enc->base, phys, 0x0,
--
2.20.1
^ permalink raw reply related [flat|nested] 429+ messages in thread
* [PATCH 5.1 175/405] drm/msm: Fix NULL pointer dereference
2019-05-30 2:59 [PATCH 5.1 000/405] 5.1.6-stable review Greg Kroah-Hartman
` (173 preceding siblings ...)
2019-05-30 3:02 ` [PATCH 5.1 174/405] drm/msm: dpu: Dont set frame_busy_mask for async updates Greg Kroah-Hartman
@ 2019-05-30 3:02 ` Greg Kroah-Hartman
2019-05-30 3:02 ` [PATCH 5.1 176/405] irq_work: Do not raise an IPI when queueing work on the local CPU Greg Kroah-Hartman
` (234 subsequent siblings)
409 siblings, 0 replies; 429+ messages in thread
From: Greg Kroah-Hartman @ 2019-05-30 3:02 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Luca Weiss, Rob Clark, Rob Clark,
Sasha Levin
[ Upstream commit 7603df38cc8c1e5d540b18ec9eb9d62d823197d0 ]
[ 3.707412] Unable to handle kernel NULL pointer dereference at virtual address 0000009c
[ 3.714511] pgd = (ptrval)
[ 3.722742] [0000009c] *pgd=00000000
[ 3.725238] Internal error: Oops: 5 [#1] PREEMPT SMP ARM
[ 3.728968] Modules linked in:
[ 3.734265] CPU: 3 PID: 112 Comm: kworker/3:2 Tainted: G W 5.0.0-rc7-00183-g06a1c31df9eb #4
[ 3.737142] Hardware name: Generic DT based system
[ 3.746778] Workqueue: events deferred_probe_work_func
[ 3.751542] PC is at msm_gem_map_vma+0x3c/0xac
[ 3.756669] LR is at msm_gem_get_and_pin_iova+0xd8/0x134
[ 3.761086] pc : [<c07d3b7c>] lr : [<c07d14f8>] psr: 60000013
[ 3.766560] sp : ee297be8 ip : ed9ab1c0 fp : ed93b800
[ 3.772546] r10: ee35e180 r9 : 00000000 r8 : ee297c80
[ 3.777752] r7 : 00000000 r6 : 7c100000 r5 : 00000000 r4 : ee35e180
[ 3.782968] r3 : 00000001 r2 : 00000003 r1 : ee35e180 r0 : 00000000
[ 3.789562] Flags: nZCv IRQs on FIQs on Mode SVC_32 ISA ARM Segment none
[ 3.796079] Control: 10c5787d Table: 2e3a806a DAC: 00000051
[ 3.803282] Process kworker/3:2 (pid: 112, stack limit = 0x(ptrval))
[ 3.809006] Stack: (0xee297be8 to 0xee298000)
[ 3.815445] 7be0: 00000000 c1108c48 eda8c000 00000003 eda8c0fc c1108c48
[ 3.819715] 7c00: eda8c000 00000003 eda8c0fc c07d14f8 00000001 c07d1100 7c100000 00000000
[ 3.827873] 7c20: eda8c000 bb7ffb78 00000000 eda8c000 00000000 00000000 c0c8b1d4 ee3bfa00
[ 3.836037] 7c40: ee3b9800 c07d1684 00000000 c1108c48 ee0d7810 ee3b9800 c0c8b1d4 c07d222c
[ 3.844193] 7c60: ee3bfd84 ee297c80 00000000 c0b1d5b0 ee3bfc40 c07dcfd8 ee3bfd84 ee297c80
[ 3.852357] 7c80: 0000006d ee3bfc40 ee0d7810 bb7ffb78 c0c8b1d4 00000000 ee3bfc40 c07ddb48
[ 3.860516] 7ca0: 00002004 c0eba384 ee3bfc40 c079eba0 ee3bd040 ee3b9800 00000001 ed93b800
[ 3.868673] 7cc0: ed9aa100 c07db7e8 ee3bf240 ed9a6500 00000001 ee3b9800 ee3bf2d4 c07a0a30
[ 3.876834] 7ce0: ed93b800 7d100000 c1108c48 ee0d7610 ee3b9800 ed93b800 c1108c48 00000000
[ 3.884991] 7d00: 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000
[ 3.893151] 7d20: 00000000 00000000 00000000 00000000 00000000 00000000 00000000 bb7ffb78
[ 3.901310] 7d40: c12113c4 ed93b800 ee3b9800 c1108c48 ee9eec10 00000000 ed93b800 7d100000
[ 3.909472] 7d60: eff7b000 c07cf748 7d100000 00000000 c0e9a350 c0b1d5b0 c12113c4 c0961e40
[ 3.917633] 7d80: c12113c4 40000113 eeff4bec c0ebe004 00000019 c0b1d230 ee9eeda8 60000113
[ 3.925791] 7da0: ee35d300 ee9eeda8 c07ce260 bb7ffb78 c07ce260 ee35d2c0 00000028 00000002
[ 3.933950] 7dc0: eeb76280 c118f884 ee0be640 c11c6128 c07ce260 c07ea4ac 00000000 c0962b48
[ 3.942108] 7de0: c118f868 00000001 c0ebbc98 ee35d2c0 00000000 eeb76280 00000000 c118f87c
[ 3.950270] 7e00: ee35d2c0 00000000 c11c63e0 c118f694 00000019 c07ea5d0 ee0d7810 00000000
[ 3.958430] 7e20: c118f694 00000000 00000000 c07f2b0c c120f55c ee0d7810 c120f560 00000000
[ 3.966590] 7e40: 00000000 c07f08c4 c07f0e8c ee0d7810 c11ba3d0 ee0d7810 c118f694 c07f0e8c
[ 3.974748] 7e60: c1108c48 00000001 c0ebc3cc c11c63f8 c11ba3d0 c07f0c08 00000001 c07f2f8c
[ 3.982908] 7e80: c118f694 00000000 ee297ed4 c07f0e8c c1108c48 00000001 c0ebc3cc c11c63f8
[ 3.991068] 7ea0: c11ba3d0 c07ee8a0 c11ba3d0 ee82686c ee0baf38 bb7ffb78 ee0d7810 ee0d7810
[ 3.999227] 7ec0: c1108c48 ee0d7844 c118faac c07f05b0 ee0d7810 ee0d7810 00000001 bb7ffb78
[ 4.007389] 7ee0: ee0d7810 ee0d7810 c118fd18 c118faac c11c63e0 c07ef7d0 ee0d7810 c118fa90
[ 4.015548] 7f00: c118fa90 c07efd68 c118fac8 ee27fe00 eefd9c80 eefdcd00 00000000 c118facc
[ 4.023708] 7f20: 00000000 c033c038 eefd9c80 eefd9c80 00000008 ee27fe00 ee27fe14 eefd9c80
[ 4.031866] 7f40: 00000008 c1103d00 eefd9c98 ee296000 eefd9c80 c033ce54 ee907eac c0b1d230
[ 4.040026] 7f60: ee907eac eea24440 ee285000 00000000 ee296000 ee27fe00 c033ce24 eea2445c
[ 4.048188] 7f80: ee907eac c0341db0 00000000 ee285000 c0341c8c 00000000 00000000 00000000
[ 4.056346] 7fa0: 00000000 00000000 00000000 c03010e8 00000000 00000000 00000000 00000000
[ 4.064505] 7fc0: 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000
[ 4.072665] 7fe0: 00000000 00000000 00000000 00000000 00000013 00000000 00000000 00000000
[ 4.080828] [<c07d3b7c>] (msm_gem_map_vma) from [<c07d14f8>] (msm_gem_get_and_pin_iova+0xd8/0x134)
[ 4.088983] [<c07d14f8>] (msm_gem_get_and_pin_iova) from [<c07d1684>] (_msm_gem_kernel_new+0x38/0xac)
[ 4.097839] [<c07d1684>] (_msm_gem_kernel_new) from [<c07d222c>] (msm_gem_kernel_new+0x24/0x2c)
[ 4.107130] [<c07d222c>] (msm_gem_kernel_new) from [<c07dcfd8>] (dsi_tx_buf_alloc_6g+0x44/0x90)
[ 4.115631] [<c07dcfd8>] (dsi_tx_buf_alloc_6g) from [<c07ddb48>] (msm_dsi_host_modeset_init+0x80/0x104)
[ 4.124313] [<c07ddb48>] (msm_dsi_host_modeset_init) from [<c07db7e8>] (msm_dsi_modeset_init+0x34/0x1c0)
[ 4.133691] [<c07db7e8>] (msm_dsi_modeset_init) from [<c07a0a30>] (mdp5_kms_init+0x764/0x7e0)
[ 4.143409] [<c07a0a30>] (mdp5_kms_init) from [<c07cf748>] (msm_drm_bind+0x56c/0x740)
[ 4.151824] [<c07cf748>] (msm_drm_bind) from [<c07ea4ac>] (try_to_bring_up_master+0x238/0x2b4)
[ 4.159636] [<c07ea4ac>] (try_to_bring_up_master) from [<c07ea5d0>] (component_add+0xa8/0x170)
[ 4.168146] [<c07ea5d0>] (component_add) from [<c07f2b0c>] (platform_drv_probe+0x48/0x9c)
[ 4.176737] [<c07f2b0c>] (platform_drv_probe) from [<c07f08c4>] (really_probe+0x278/0x404)
[ 4.184981] [<c07f08c4>] (really_probe) from [<c07f0c08>] (driver_probe_device+0x78/0x1c0)
[ 4.193147] [<c07f0c08>] (driver_probe_device) from [<c07ee8a0>] (bus_for_each_drv+0x74/0xb8)
[ 4.201389] [<c07ee8a0>] (bus_for_each_drv) from [<c07f05b0>] (__device_attach+0xd0/0x164)
[ 4.209984] [<c07f05b0>] (__device_attach) from [<c07ef7d0>] (bus_probe_device+0x84/0x8c)
[ 4.218143] [<c07ef7d0>] (bus_probe_device) from [<c07efd68>] (deferred_probe_work_func+0x48/0xc4)
[ 4.226398] [<c07efd68>] (deferred_probe_work_func) from [<c033c038>] (process_one_work+0x204/0x574)
[ 4.235254] [<c033c038>] (process_one_work) from [<c033ce54>] (worker_thread+0x30/0x560)
[ 4.244534] [<c033ce54>] (worker_thread) from [<c0341db0>] (kthread+0x124/0x154)
[ 4.252606] [<c0341db0>] (kthread) from [<c03010e8>] (ret_from_fork+0x14/0x2c)
[ 4.259966] Exception stack(0xee297fb0 to 0xee297ff8)
[ 4.266998] 7fa0: 00000000 00000000 00000000 00000000
[ 4.272143] 7fc0: 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000
[ 4.280297] 7fe0: 00000000 00000000 00000000 00000000 00000013 00000000
[ 4.288451] Code: e5813080 1a000013 e3a03001 e5c4307c (e590009c)
[ 4.294933] ---[ end trace 18729cc2bca2b4b3 ]---
Signed-off-by: Luca Weiss <luca@z3ntu.xyz>
Signed-off-by: Rob Clark <robdclark@gmail.com>
Signed-off-by: Rob Clark <robdclark@chromium.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/gpu/drm/msm/msm_gem_vma.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/gpu/drm/msm/msm_gem_vma.c b/drivers/gpu/drm/msm/msm_gem_vma.c
index 49c04829cf344..fcf7a83f0e6fe 100644
--- a/drivers/gpu/drm/msm/msm_gem_vma.c
+++ b/drivers/gpu/drm/msm/msm_gem_vma.c
@@ -85,7 +85,7 @@ msm_gem_map_vma(struct msm_gem_address_space *aspace,
vma->mapped = true;
- if (aspace->mmu)
+ if (aspace && aspace->mmu)
ret = aspace->mmu->funcs->map(aspace->mmu, vma->iova, sgt,
size, prot);
--
2.20.1
^ permalink raw reply related [flat|nested] 429+ messages in thread
* [PATCH 5.1 176/405] irq_work: Do not raise an IPI when queueing work on the local CPU
2019-05-30 2:59 [PATCH 5.1 000/405] 5.1.6-stable review Greg Kroah-Hartman
` (174 preceding siblings ...)
2019-05-30 3:02 ` [PATCH 5.1 175/405] drm/msm: Fix NULL pointer dereference Greg Kroah-Hartman
@ 2019-05-30 3:02 ` Greg Kroah-Hartman
2019-05-30 3:02 ` [PATCH 5.1 177/405] thunderbolt: Take domain lock in switch sysfs attribute callbacks Greg Kroah-Hartman
` (233 subsequent siblings)
409 siblings, 0 replies; 429+ messages in thread
From: Greg Kroah-Hartman @ 2019-05-30 3:02 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Steven Rostedt,
Sebastian Andrzej Siewior, Nicholas Piggin,
Peter Zijlstra (Intel),
Frederic Weisbecker, Cédric Le Goater, Linus Torvalds,
Paul Mackerras, Suraj Jitindar Singh, Thomas Gleixner,
Ingo Molnar, Sasha Levin
[ Upstream commit 471ba0e686cb13752bc1ff3216c54b69a2d250ea ]
The QEMU PowerPC/PSeries machine model was not expecting a self-IPI,
and it may be a bit surprising thing to do, so have irq_work_queue_on
do local queueing when target is the current CPU.
Suggested-by: Steven Rostedt <rostedt@goodmis.org>
Reported-by: Sebastian Andrzej Siewior <bigeasy@linutronix.de>
Tested-by: Sebastian Andrzej Siewior <bigeasy@linutronix.de>
Signed-off-by: Nicholas Piggin <npiggin@gmail.com>
Signed-off-by: Peter Zijlstra (Intel) <peterz@infradead.org>
Reviewed-by: Frederic Weisbecker <frederic@kernel.org>
Acked-by: Peter Zijlstra (Intel) <peterz@infradead.org>
Cc: =?UTF-8?q?C=C3=A9dric=20Le=20Goater?= <clg@kaod.org>
Cc: Linus Torvalds <torvalds@linux-foundation.org>
Cc: Paul Mackerras <paulus@samba.org>
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: Suraj Jitindar Singh <sjitindarsingh@gmail.com>
Cc: Thomas Gleixner <tglx@linutronix.de>
Link: https://lkml.kernel.org/r/20190409093403.20994-1-npiggin@gmail.com
[ Simplified the preprocessor comments.
Fixed unbalanced curly brackets pointed out by Thomas. ]
Signed-off-by: Ingo Molnar <mingo@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
kernel/irq_work.c | 75 ++++++++++++++++++++++++++---------------------
1 file changed, 42 insertions(+), 33 deletions(-)
diff --git a/kernel/irq_work.c b/kernel/irq_work.c
index 6b7cdf17ccf89..73288914ed5e7 100644
--- a/kernel/irq_work.c
+++ b/kernel/irq_work.c
@@ -56,61 +56,70 @@ void __weak arch_irq_work_raise(void)
*/
}
-/*
- * Enqueue the irq_work @work on @cpu unless it's already pending
- * somewhere.
- *
- * Can be re-enqueued while the callback is still in progress.
- */
-bool irq_work_queue_on(struct irq_work *work, int cpu)
+/* Enqueue on current CPU, work must already be claimed and preempt disabled */
+static void __irq_work_queue_local(struct irq_work *work)
{
- /* All work should have been flushed before going offline */
- WARN_ON_ONCE(cpu_is_offline(cpu));
-
-#ifdef CONFIG_SMP
-
- /* Arch remote IPI send/receive backend aren't NMI safe */
- WARN_ON_ONCE(in_nmi());
+ /* If the work is "lazy", handle it from next tick if any */
+ if (work->flags & IRQ_WORK_LAZY) {
+ if (llist_add(&work->llnode, this_cpu_ptr(&lazy_list)) &&
+ tick_nohz_tick_stopped())
+ arch_irq_work_raise();
+ } else {
+ if (llist_add(&work->llnode, this_cpu_ptr(&raised_list)))
+ arch_irq_work_raise();
+ }
+}
+/* Enqueue the irq work @work on the current CPU */
+bool irq_work_queue(struct irq_work *work)
+{
/* Only queue if not already pending */
if (!irq_work_claim(work))
return false;
- if (llist_add(&work->llnode, &per_cpu(raised_list, cpu)))
- arch_send_call_function_single_ipi(cpu);
-
-#else /* #ifdef CONFIG_SMP */
- irq_work_queue(work);
-#endif /* #else #ifdef CONFIG_SMP */
+ /* Queue the entry and raise the IPI if needed. */
+ preempt_disable();
+ __irq_work_queue_local(work);
+ preempt_enable();
return true;
}
+EXPORT_SYMBOL_GPL(irq_work_queue);
-/* Enqueue the irq work @work on the current CPU */
-bool irq_work_queue(struct irq_work *work)
+/*
+ * Enqueue the irq_work @work on @cpu unless it's already pending
+ * somewhere.
+ *
+ * Can be re-enqueued while the callback is still in progress.
+ */
+bool irq_work_queue_on(struct irq_work *work, int cpu)
{
+#ifndef CONFIG_SMP
+ return irq_work_queue(work);
+
+#else /* CONFIG_SMP: */
+ /* All work should have been flushed before going offline */
+ WARN_ON_ONCE(cpu_is_offline(cpu));
+
/* Only queue if not already pending */
if (!irq_work_claim(work))
return false;
- /* Queue the entry and raise the IPI if needed. */
preempt_disable();
-
- /* If the work is "lazy", handle it from next tick if any */
- if (work->flags & IRQ_WORK_LAZY) {
- if (llist_add(&work->llnode, this_cpu_ptr(&lazy_list)) &&
- tick_nohz_tick_stopped())
- arch_irq_work_raise();
+ if (cpu != smp_processor_id()) {
+ /* Arch remote IPI send/receive backend aren't NMI safe */
+ WARN_ON_ONCE(in_nmi());
+ if (llist_add(&work->llnode, &per_cpu(raised_list, cpu)))
+ arch_send_call_function_single_ipi(cpu);
} else {
- if (llist_add(&work->llnode, this_cpu_ptr(&raised_list)))
- arch_irq_work_raise();
+ __irq_work_queue_local(work);
}
-
preempt_enable();
return true;
+#endif /* CONFIG_SMP */
}
-EXPORT_SYMBOL_GPL(irq_work_queue);
+
bool irq_work_needs_cpu(void)
{
--
2.20.1
^ permalink raw reply related [flat|nested] 429+ messages in thread
* [PATCH 5.1 177/405] thunderbolt: Take domain lock in switch sysfs attribute callbacks
2019-05-30 2:59 [PATCH 5.1 000/405] 5.1.6-stable review Greg Kroah-Hartman
` (175 preceding siblings ...)
2019-05-30 3:02 ` [PATCH 5.1 176/405] irq_work: Do not raise an IPI when queueing work on the local CPU Greg Kroah-Hartman
@ 2019-05-30 3:02 ` Greg Kroah-Hartman
2019-05-30 3:02 ` [PATCH 5.1 178/405] s390/qeth: handle error from qeth_update_from_chp_desc() Greg Kroah-Hartman
` (232 subsequent siblings)
409 siblings, 0 replies; 429+ messages in thread
From: Greg Kroah-Hartman @ 2019-05-30 3:02 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Mika Westerberg, Sasha Levin
[ Upstream commit 09f11b6c99feaf86a26444bca85dc693b3f58f8b ]
switch_lock was introduced because it allowed serialization of device
authorization requests from userspace without need to take the big
domain lock (tb->lock). This was fine because device authorization with
ICM is just one command that is sent to the firmware. Now that we start
to handle all tunneling in the driver switch_lock is not enough because
we need to walk over the topology to establish paths.
For this reason drop switch_lock from the driver completely in favour of
big domain lock.
There is one complication, though. If userspace is waiting for the lock
in tb_switch_set_authorized(), it keeps the device_del() from removing
the sysfs attribute because it waits for active users to release the
attribute first which leads into following splat:
INFO: task kworker/u8:3:73 blocked for more than 61 seconds.
Tainted: G W 5.1.0-rc1+ #244
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
kworker/u8:3 D12976 73 2 0x80000000
Workqueue: thunderbolt0 tb_handle_hotplug [thunderbolt]
Call Trace:
? __schedule+0x2e5/0x740
? _raw_spin_lock_irqsave+0x12/0x40
? prepare_to_wait_event+0xc5/0x160
schedule+0x2d/0x80
__kernfs_remove.part.17+0x183/0x1f0
? finish_wait+0x80/0x80
kernfs_remove_by_name_ns+0x4a/0x90
remove_files.isra.1+0x2b/0x60
sysfs_remove_group+0x38/0x80
sysfs_remove_groups+0x24/0x40
device_remove_attrs+0x3d/0x70
device_del+0x14c/0x360
device_unregister+0x15/0x50
tb_switch_remove+0x9e/0x1d0 [thunderbolt]
tb_handle_hotplug+0x119/0x5a0 [thunderbolt]
? process_one_work+0x1b7/0x420
process_one_work+0x1b7/0x420
worker_thread+0x37/0x380
? _raw_spin_unlock_irqrestore+0xf/0x30
? process_one_work+0x420/0x420
kthread+0x118/0x130
? kthread_create_on_node+0x60/0x60
ret_from_fork+0x35/0x40
We deal this by following what network stack did for some of their
attributes and use mutex_trylock() with restart_syscall(). This makes
userspace release the attribute allowing sysfs attribute removal to
progress before the write is restarted and eventually fail when the
attribute is removed.
Signed-off-by: Mika Westerberg <mika.westerberg@linux.intel.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/thunderbolt/switch.c | 45 +++++++++++++++---------------------
drivers/thunderbolt/tb.h | 3 +--
2 files changed, 20 insertions(+), 28 deletions(-)
diff --git a/drivers/thunderbolt/switch.c b/drivers/thunderbolt/switch.c
index cd96994dc0947..32e012713dbeb 100644
--- a/drivers/thunderbolt/switch.c
+++ b/drivers/thunderbolt/switch.c
@@ -10,15 +10,13 @@
#include <linux/idr.h>
#include <linux/nvmem-provider.h>
#include <linux/pm_runtime.h>
+#include <linux/sched/signal.h>
#include <linux/sizes.h>
#include <linux/slab.h>
#include <linux/vmalloc.h>
#include "tb.h"
-/* Switch authorization from userspace is serialized by this lock */
-static DEFINE_MUTEX(switch_lock);
-
/* Switch NVM support */
#define NVM_DEVID 0x05
@@ -254,8 +252,8 @@ static int tb_switch_nvm_write(void *priv, unsigned int offset, void *val,
struct tb_switch *sw = priv;
int ret = 0;
- if (mutex_lock_interruptible(&switch_lock))
- return -ERESTARTSYS;
+ if (!mutex_trylock(&sw->tb->lock))
+ return restart_syscall();
/*
* Since writing the NVM image might require some special steps,
@@ -275,7 +273,7 @@ static int tb_switch_nvm_write(void *priv, unsigned int offset, void *val,
memcpy(sw->nvm->buf + offset, val, bytes);
unlock:
- mutex_unlock(&switch_lock);
+ mutex_unlock(&sw->tb->lock);
return ret;
}
@@ -364,10 +362,7 @@ static int tb_switch_nvm_add(struct tb_switch *sw)
}
nvm->non_active = nvm_dev;
- mutex_lock(&switch_lock);
sw->nvm = nvm;
- mutex_unlock(&switch_lock);
-
return 0;
err_nvm_active:
@@ -384,10 +379,8 @@ static void tb_switch_nvm_remove(struct tb_switch *sw)
{
struct tb_switch_nvm *nvm;
- mutex_lock(&switch_lock);
nvm = sw->nvm;
sw->nvm = NULL;
- mutex_unlock(&switch_lock);
if (!nvm)
return;
@@ -716,8 +709,8 @@ static int tb_switch_set_authorized(struct tb_switch *sw, unsigned int val)
{
int ret = -EINVAL;
- if (mutex_lock_interruptible(&switch_lock))
- return -ERESTARTSYS;
+ if (!mutex_trylock(&sw->tb->lock))
+ return restart_syscall();
if (sw->authorized)
goto unlock;
@@ -760,7 +753,7 @@ static int tb_switch_set_authorized(struct tb_switch *sw, unsigned int val)
}
unlock:
- mutex_unlock(&switch_lock);
+ mutex_unlock(&sw->tb->lock);
return ret;
}
@@ -817,15 +810,15 @@ static ssize_t key_show(struct device *dev, struct device_attribute *attr,
struct tb_switch *sw = tb_to_switch(dev);
ssize_t ret;
- if (mutex_lock_interruptible(&switch_lock))
- return -ERESTARTSYS;
+ if (!mutex_trylock(&sw->tb->lock))
+ return restart_syscall();
if (sw->key)
ret = sprintf(buf, "%*phN\n", TB_SWITCH_KEY_SIZE, sw->key);
else
ret = sprintf(buf, "\n");
- mutex_unlock(&switch_lock);
+ mutex_unlock(&sw->tb->lock);
return ret;
}
@@ -842,8 +835,8 @@ static ssize_t key_store(struct device *dev, struct device_attribute *attr,
else if (hex2bin(key, buf, sizeof(key)))
return -EINVAL;
- if (mutex_lock_interruptible(&switch_lock))
- return -ERESTARTSYS;
+ if (!mutex_trylock(&sw->tb->lock))
+ return restart_syscall();
if (sw->authorized) {
ret = -EBUSY;
@@ -858,7 +851,7 @@ static ssize_t key_store(struct device *dev, struct device_attribute *attr,
}
}
- mutex_unlock(&switch_lock);
+ mutex_unlock(&sw->tb->lock);
return ret;
}
static DEVICE_ATTR(key, 0600, key_show, key_store);
@@ -904,8 +897,8 @@ static ssize_t nvm_authenticate_store(struct device *dev,
bool val;
int ret;
- if (mutex_lock_interruptible(&switch_lock))
- return -ERESTARTSYS;
+ if (!mutex_trylock(&sw->tb->lock))
+ return restart_syscall();
/* If NVMem devices are not yet added */
if (!sw->nvm) {
@@ -953,7 +946,7 @@ static ssize_t nvm_authenticate_store(struct device *dev,
}
exit_unlock:
- mutex_unlock(&switch_lock);
+ mutex_unlock(&sw->tb->lock);
if (ret)
return ret;
@@ -967,8 +960,8 @@ static ssize_t nvm_version_show(struct device *dev,
struct tb_switch *sw = tb_to_switch(dev);
int ret;
- if (mutex_lock_interruptible(&switch_lock))
- return -ERESTARTSYS;
+ if (!mutex_trylock(&sw->tb->lock))
+ return restart_syscall();
if (sw->safe_mode)
ret = -ENODATA;
@@ -977,7 +970,7 @@ static ssize_t nvm_version_show(struct device *dev,
else
ret = sprintf(buf, "%x.%x\n", sw->nvm->major, sw->nvm->minor);
- mutex_unlock(&switch_lock);
+ mutex_unlock(&sw->tb->lock);
return ret;
}
diff --git a/drivers/thunderbolt/tb.h b/drivers/thunderbolt/tb.h
index 52584c4003e3a..f5e0282225d1c 100644
--- a/drivers/thunderbolt/tb.h
+++ b/drivers/thunderbolt/tb.h
@@ -80,8 +80,7 @@ struct tb_switch_nvm {
* @depth: Depth in the chain this switch is connected (ICM only)
*
* When the switch is being added or removed to the domain (other
- * switches) you need to have domain lock held. For switch authorization
- * internal switch_lock is enough.
+ * switches) you need to have domain lock held.
*/
struct tb_switch {
struct device dev;
--
2.20.1
^ permalink raw reply related [flat|nested] 429+ messages in thread
* [PATCH 5.1 178/405] s390/qeth: handle error from qeth_update_from_chp_desc()
2019-05-30 2:59 [PATCH 5.1 000/405] 5.1.6-stable review Greg Kroah-Hartman
` (176 preceding siblings ...)
2019-05-30 3:02 ` [PATCH 5.1 177/405] thunderbolt: Take domain lock in switch sysfs attribute callbacks Greg Kroah-Hartman
@ 2019-05-30 3:02 ` Greg Kroah-Hartman
2019-05-30 3:02 ` [PATCH 5.1 179/405] USB: core: Dont unbind interfaces following device reset failure Greg Kroah-Hartman
` (231 subsequent siblings)
409 siblings, 0 replies; 429+ messages in thread
From: Greg Kroah-Hartman @ 2019-05-30 3:02 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Julian Wiedmann, David S. Miller,
Sasha Levin
[ Upstream commit a4cdc9baee0740748f16e50cd70c2607510df492 ]
Subsequent code relies on the values that qeth_update_from_chp_desc()
reads from the CHP descriptor. Rather than dealing with weird errors
later on, just handle it properly here.
Signed-off-by: Julian Wiedmann <jwi@linux.ibm.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/s390/net/qeth_core_main.c | 14 ++++++++++----
1 file changed, 10 insertions(+), 4 deletions(-)
diff --git a/drivers/s390/net/qeth_core_main.c b/drivers/s390/net/qeth_core_main.c
index 44bd6f04c145d..8c73a99daff3e 100644
--- a/drivers/s390/net/qeth_core_main.c
+++ b/drivers/s390/net/qeth_core_main.c
@@ -1308,7 +1308,7 @@ static void qeth_set_multiple_write_queues(struct qeth_card *card)
card->qdio.no_out_queues = 4;
}
-static void qeth_update_from_chp_desc(struct qeth_card *card)
+static int qeth_update_from_chp_desc(struct qeth_card *card)
{
struct ccw_device *ccwdev;
struct channel_path_desc_fmt0 *chp_dsc;
@@ -1318,7 +1318,7 @@ static void qeth_update_from_chp_desc(struct qeth_card *card)
ccwdev = card->data.ccwdev;
chp_dsc = ccw_device_get_chp_desc(ccwdev, 0);
if (!chp_dsc)
- goto out;
+ return -ENOMEM;
card->info.func_level = 0x4100 + chp_dsc->desc;
if (card->info.type == QETH_CARD_TYPE_IQD)
@@ -1333,6 +1333,7 @@ static void qeth_update_from_chp_desc(struct qeth_card *card)
kfree(chp_dsc);
QETH_DBF_TEXT_(SETUP, 2, "nr:%x", card->qdio.no_out_queues);
QETH_DBF_TEXT_(SETUP, 2, "lvl:%02x", card->info.func_level);
+ return 0;
}
static void qeth_init_qdio_info(struct qeth_card *card)
@@ -4986,7 +4987,9 @@ int qeth_core_hardsetup_card(struct qeth_card *card, bool *carrier_ok)
QETH_DBF_TEXT(SETUP, 2, "hrdsetup");
atomic_set(&card->force_alloc_skb, 0);
- qeth_update_from_chp_desc(card);
+ rc = qeth_update_from_chp_desc(card);
+ if (rc)
+ return rc;
retry:
if (retries < 3)
QETH_DBF_MESSAGE(2, "Retrying to do IDX activates on device %x.\n",
@@ -5641,7 +5644,9 @@ static int qeth_core_probe_device(struct ccwgroup_device *gdev)
}
qeth_setup_card(card);
- qeth_update_from_chp_desc(card);
+ rc = qeth_update_from_chp_desc(card);
+ if (rc)
+ goto err_chp_desc;
card->dev = qeth_alloc_netdev(card);
if (!card->dev) {
@@ -5676,6 +5681,7 @@ static int qeth_core_probe_device(struct ccwgroup_device *gdev)
qeth_core_free_discipline(card);
err_load:
free_netdev(card->dev);
+err_chp_desc:
err_card:
qeth_core_free_card(card);
err_dev:
--
2.20.1
^ permalink raw reply related [flat|nested] 429+ messages in thread
* [PATCH 5.1 179/405] USB: core: Dont unbind interfaces following device reset failure
2019-05-30 2:59 [PATCH 5.1 000/405] 5.1.6-stable review Greg Kroah-Hartman
` (177 preceding siblings ...)
2019-05-30 3:02 ` [PATCH 5.1 178/405] s390/qeth: handle error from qeth_update_from_chp_desc() Greg Kroah-Hartman
@ 2019-05-30 3:02 ` Greg Kroah-Hartman
2019-05-30 3:02 ` [PATCH 5.1 180/405] x86/irq/64: Limit IST stack overflow check to #DB stack Greg Kroah-Hartman
` (230 subsequent siblings)
409 siblings, 0 replies; 429+ messages in thread
From: Greg Kroah-Hartman @ 2019-05-30 3:02 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Alan Stern, Kento Kobayashi,
Bart Van Assche, Martin K. Petersen, Jacky Cao, Sasha Levin
[ Upstream commit 381419fa720060ba48b7bbc483be787d5b1dca6f ]
The SCSI core does not like to have devices or hosts unregistered
while error recovery is in progress. Trying to do so can lead to
self-deadlock: Part of the removal code tries to obtain a lock already
held by the error handler.
This can cause problems for the usb-storage and uas drivers, because
their error handler routines perform a USB reset, and if the reset
fails then the USB core automatically goes on to unbind all drivers
from the device's interfaces -- all while still in the context of the
SCSI error handler.
As it turns out, practically all the scenarios leading to a USB reset
failure end up causing a device disconnect (the main error pathway in
usb_reset_and_verify_device(), at the end of the routine, calls
hub_port_logical_disconnect() before returning). As a result, the
hub_wq thread will soon become aware of the problem and will unbind
all the device's drivers in its own context, not in the
error-handler's context.
This means that usb_reset_device() does not need to call
usb_unbind_and_rebind_marked_interfaces() in cases where
usb_reset_and_verify_device() has returned an error, because hub_wq
will take care of everything anyway.
This particular problem was observed in somewhat artificial
circumstances, by using usbfs to tell a hub to power-down a port
connected to a USB-3 mass storage device using the UAS protocol. With
the port turned off, the currently executing command timed out and the
error handler started running. The USB reset naturally failed,
because the hub port was off, and the error handler deadlocked as
described above. Not carrying out the call to
usb_unbind_and_rebind_marked_interfaces() fixes this issue.
Signed-off-by: Alan Stern <stern@rowland.harvard.edu>
Reported-by: Kento Kobayashi <Kento.A.Kobayashi@sony.com>
Tested-by: Kento Kobayashi <Kento.A.Kobayashi@sony.com>
CC: Bart Van Assche <bvanassche@acm.org>
CC: Martin K. Petersen <martin.petersen@oracle.com>
CC: Jacky Cao <Jacky.Cao@sony.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/usb/core/hub.c | 5 ++++-
1 file changed, 4 insertions(+), 1 deletion(-)
diff --git a/drivers/usb/core/hub.c b/drivers/usb/core/hub.c
index 8d4631c81b9f0..310eef451db82 100644
--- a/drivers/usb/core/hub.c
+++ b/drivers/usb/core/hub.c
@@ -5902,7 +5902,10 @@ int usb_reset_device(struct usb_device *udev)
cintf->needs_binding = 1;
}
}
- usb_unbind_and_rebind_marked_interfaces(udev);
+
+ /* If the reset failed, hub_wq will unbind drivers later */
+ if (ret == 0)
+ usb_unbind_and_rebind_marked_interfaces(udev);
}
usb_autosuspend_device(udev);
--
2.20.1
^ permalink raw reply related [flat|nested] 429+ messages in thread
* [PATCH 5.1 180/405] x86/irq/64: Limit IST stack overflow check to #DB stack
2019-05-30 2:59 [PATCH 5.1 000/405] 5.1.6-stable review Greg Kroah-Hartman
` (178 preceding siblings ...)
2019-05-30 3:02 ` [PATCH 5.1 179/405] USB: core: Dont unbind interfaces following device reset failure Greg Kroah-Hartman
@ 2019-05-30 3:02 ` Greg Kroah-Hartman
2019-05-30 3:02 ` [PATCH 5.1 181/405] drm: etnaviv: avoid DMA API warning when importing buffers Greg Kroah-Hartman
` (229 subsequent siblings)
409 siblings, 0 replies; 429+ messages in thread
From: Greg Kroah-Hartman @ 2019-05-30 3:02 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Thomas Gleixner, Borislav Petkov,
Andy Lutomirski, H. Peter Anvin, Ingo Molnar, Josh Poimboeuf,
Mitsuo Hayasaka, Nicolai Stange, Sean Christopherson, x86-ml,
Sasha Levin
[ Upstream commit 7dbcf2b0b770eeb803a416ee8dcbef78e6389d40 ]
Commit
37fe6a42b343 ("x86: Check stack overflow in detail")
added a broad check for the full exception stack area, i.e. it considers
the full exception stack area as valid.
That's wrong in two aspects:
1) It does not check the individual areas one by one
2) #DF, NMI and #MCE are not enabling interrupts which means that a
regular device interrupt cannot happen in their context. In fact if a
device interrupt hits one of those IST stacks that's a bug because some
code path enabled interrupts while handling the exception.
Limit the check to the #DB stack and consider all other IST stacks as
'overflow' or invalid.
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
Signed-off-by: Borislav Petkov <bp@suse.de>
Cc: Andy Lutomirski <luto@kernel.org>
Cc: "H. Peter Anvin" <hpa@zytor.com>
Cc: Ingo Molnar <mingo@redhat.com>
Cc: Josh Poimboeuf <jpoimboe@redhat.com>
Cc: Mitsuo Hayasaka <mitsuo.hayasaka.hu@hitachi.com>
Cc: Nicolai Stange <nstange@suse.de>
Cc: Sean Christopherson <sean.j.christopherson@intel.com>
Cc: x86-ml <x86@kernel.org>
Link: https://lkml.kernel.org/r/20190414160143.682135110@linutronix.de
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/x86/kernel/irq_64.c | 19 ++++++++++++++-----
1 file changed, 14 insertions(+), 5 deletions(-)
diff --git a/arch/x86/kernel/irq_64.c b/arch/x86/kernel/irq_64.c
index 0469cd078db15..b50ac9c7397bb 100644
--- a/arch/x86/kernel/irq_64.c
+++ b/arch/x86/kernel/irq_64.c
@@ -26,9 +26,18 @@ int sysctl_panic_on_stackoverflow;
/*
* Probabilistic stack overflow check:
*
- * Only check the stack in process context, because everything else
- * runs on the big interrupt stacks. Checking reliably is too expensive,
- * so we just check from interrupts.
+ * Regular device interrupts can enter on the following stacks:
+ *
+ * - User stack
+ *
+ * - Kernel task stack
+ *
+ * - Interrupt stack if a device driver reenables interrupts
+ * which should only happen in really old drivers.
+ *
+ * - Debug IST stack
+ *
+ * All other contexts are invalid.
*/
static inline void stack_overflow_check(struct pt_regs *regs)
{
@@ -53,8 +62,8 @@ static inline void stack_overflow_check(struct pt_regs *regs)
return;
oist = this_cpu_ptr(&orig_ist);
- estack_top = (u64)oist->ist[0] - EXCEPTION_STKSZ + STACK_TOP_MARGIN;
- estack_bottom = (u64)oist->ist[N_EXCEPTION_STACKS - 1];
+ estack_bottom = (u64)oist->ist[DEBUG_STACK];
+ estack_top = estack_bottom - DEBUG_STKSZ + STACK_TOP_MARGIN;
if (regs->sp >= estack_top && regs->sp <= estack_bottom)
return;
--
2.20.1
^ permalink raw reply related [flat|nested] 429+ messages in thread
* [PATCH 5.1 181/405] drm: etnaviv: avoid DMA API warning when importing buffers
2019-05-30 2:59 [PATCH 5.1 000/405] 5.1.6-stable review Greg Kroah-Hartman
` (179 preceding siblings ...)
2019-05-30 3:02 ` [PATCH 5.1 180/405] x86/irq/64: Limit IST stack overflow check to #DB stack Greg Kroah-Hartman
@ 2019-05-30 3:02 ` Greg Kroah-Hartman
2019-05-30 3:03 ` [PATCH 5.1 182/405] dt-bindings: phy-qcom-qmp: Add UFS PHY reset Greg Kroah-Hartman
` (228 subsequent siblings)
409 siblings, 0 replies; 429+ messages in thread
From: Greg Kroah-Hartman @ 2019-05-30 3:02 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Russell King, Lucas Stach, Sasha Levin
[ Upstream commit 1262cc8893ecb0eb2c21e042d0d268cc180edb61 ]
During boot, I get this kernel warning:
WARNING: CPU: 0 PID: 19001 at kernel/dma/debug.c:1301 debug_dma_map_sg+0x284/0x3dc
etnaviv etnaviv: DMA-API: mapping sg segment longer than device claims to support [len=3145728] [max=65536]
Modules linked in: ip6t_REJECT nf_reject_ipv6 ip6t_rpfilter xt_tcpudp ipt_REJECT nf_reject_ipv4 xt_conntrack ip_set nfnetlink ebtable_broute ebtable_nat ip6table_raw ip6table_nat nf_nat_ipv6 ip6table_mangle iptable_raw iptable_nat nf_nat_ipv4 nf_nat nf_conntrack nf_defrag_ipv4 nf_defrag_ipv6 libcrc32c iptable_mangle ebtable_filter ebtables ip6table_filter ip6_tables iptable_filter caam_jr error snd_soc_imx_spdif imx_thermal snd_soc_imx_audmux nvmem_imx_ocotp snd_soc_sgtl5000
caam imx_sdma virt_dma coda rc_cec v4l2_mem2mem snd_soc_fsl_ssi snd_soc_fsl_spdif imx_vdoa imx_pcm_dma videobuf2_dma_contig etnaviv dw_hdmi_cec gpu_sched dw_hdmi_ahb_audio imx6q_cpufreq nfsd sch_fq_codel ip_tables x_tables
CPU: 0 PID: 19001 Comm: Xorg Not tainted 4.20.0+ #307
Hardware name: Freescale i.MX6 Quad/DualLite (Device Tree)
[<c0019658>] (unwind_backtrace) from [<c001489c>] (show_stack+0x10/0x14)
[<c001489c>] (show_stack) from [<c07fb420>] (dump_stack+0x9c/0xd4)
[<c07fb420>] (dump_stack) from [<c00312dc>] (__warn+0xf8/0x124)
[<c00312dc>] (__warn) from [<c00313d0>] (warn_slowpath_fmt+0x38/0x48)
[<c00313d0>] (warn_slowpath_fmt) from [<c00b14e8>] (debug_dma_map_sg+0x284/0x3dc)
[<c00b14e8>] (debug_dma_map_sg) from [<c046eb40>] (drm_gem_map_dma_buf+0xc4/0x13c)
[<c046eb40>] (drm_gem_map_dma_buf) from [<c04c3314>] (dma_buf_map_attachment+0x38/0x5c)
[<c04c3314>] (dma_buf_map_attachment) from [<c046e728>] (drm_gem_prime_import_dev+0x74/0x104)
[<c046e728>] (drm_gem_prime_import_dev) from [<c046e5bc>] (drm_gem_prime_fd_to_handle+0x84/0x17c)
[<c046e5bc>] (drm_gem_prime_fd_to_handle) from [<c046edd0>] (drm_prime_fd_to_handle_ioctl+0x38/0x4c)
[<c046edd0>] (drm_prime_fd_to_handle_ioctl) from [<c0460efc>] (drm_ioctl_kernel+0x90/0xc8)
[<c0460efc>] (drm_ioctl_kernel) from [<c0461114>] (drm_ioctl+0x1e0/0x3b0)
[<c0461114>] (drm_ioctl) from [<c01cae20>] (do_vfs_ioctl+0x90/0xa48)
[<c01cae20>] (do_vfs_ioctl) from [<c01cb80c>] (ksys_ioctl+0x34/0x60)
[<c01cb80c>] (ksys_ioctl) from [<c0009000>] (ret_fast_syscall+0x0/0x28)
Exception stack(0xd81a9fa8 to 0xd81a9ff0)
9fa0: b6c69c88 bec613f8 00000009 c00c642e bec613f8 b86c4600
9fc0: b6c69c88 bec613f8 c00c642e 00000036 012762e0 01276348 00000300 012d91f8
9fe0: b6989f18 bec613dc b697185c b667be5c
irq event stamp: 47905
hardirqs last enabled at (47913): [<c0098824>] console_unlock+0x46c/0x680
hardirqs last disabled at (47922): [<c0098470>] console_unlock+0xb8/0x680
softirqs last enabled at (47754): [<c000a484>] __do_softirq+0x344/0x540
softirqs last disabled at (47701): [<c0038700>] irq_exit+0x124/0x144
---[ end trace af477747acbcc642 ]---
The reason is the contiguous buffer exceeds the default maximum segment
size of 64K as specified by dma_get_max_seg_size() in
linux/dma-mapping.h. Fix this by providing our own segment size, which
is set to 2GiB to cover the window found in MMUv1 GPUs.
Signed-off-by: Russell King <rmk+kernel@armlinux.org.uk>
Signed-off-by: Lucas Stach <l.stach@pengutronix.de>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/gpu/drm/etnaviv/etnaviv_drv.c | 5 +++++
drivers/gpu/drm/etnaviv/etnaviv_drv.h | 1 +
2 files changed, 6 insertions(+)
diff --git a/drivers/gpu/drm/etnaviv/etnaviv_drv.c b/drivers/gpu/drm/etnaviv/etnaviv_drv.c
index 18c27f795cf61..3156450723bad 100644
--- a/drivers/gpu/drm/etnaviv/etnaviv_drv.c
+++ b/drivers/gpu/drm/etnaviv/etnaviv_drv.c
@@ -515,6 +515,9 @@ static int etnaviv_bind(struct device *dev)
}
drm->dev_private = priv;
+ dev->dma_parms = &priv->dma_parms;
+ dma_set_max_seg_size(dev, SZ_2G);
+
mutex_init(&priv->gem_lock);
INIT_LIST_HEAD(&priv->gem_list);
priv->num_gpus = 0;
@@ -552,6 +555,8 @@ static void etnaviv_unbind(struct device *dev)
component_unbind_all(dev, drm);
+ dev->dma_parms = NULL;
+
drm->dev_private = NULL;
kfree(priv);
diff --git a/drivers/gpu/drm/etnaviv/etnaviv_drv.h b/drivers/gpu/drm/etnaviv/etnaviv_drv.h
index a6a7ded37ef1d..6a4ea127c4f1a 100644
--- a/drivers/gpu/drm/etnaviv/etnaviv_drv.h
+++ b/drivers/gpu/drm/etnaviv/etnaviv_drv.h
@@ -42,6 +42,7 @@ struct etnaviv_file_private {
struct etnaviv_drm_private {
int num_gpus;
+ struct device_dma_parameters dma_parms;
struct etnaviv_gpu *gpu[ETNA_MAX_PIPES];
/* list of GEM objects: */
--
2.20.1
^ permalink raw reply related [flat|nested] 429+ messages in thread
* [PATCH 5.1 182/405] dt-bindings: phy-qcom-qmp: Add UFS PHY reset
2019-05-30 2:59 [PATCH 5.1 000/405] 5.1.6-stable review Greg Kroah-Hartman
` (180 preceding siblings ...)
2019-05-30 3:02 ` [PATCH 5.1 181/405] drm: etnaviv: avoid DMA API warning when importing buffers Greg Kroah-Hartman
@ 2019-05-30 3:03 ` Greg Kroah-Hartman
2019-05-30 3:03 ` [PATCH 5.1 183/405] phy: sun4i-usb: Make sure to disable PHY0 passby for peripheral mode Greg Kroah-Hartman
` (227 subsequent siblings)
409 siblings, 0 replies; 429+ messages in thread
From: Greg Kroah-Hartman @ 2019-05-30 3:03 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Evan Green, Rob Herring,
Stephen Boyd, Kishon Vijay Abraham I, Sasha Levin
[ Upstream commit 95cee0b4e30a09a411a17e9a3bc6b72ed92063da ]
Add a required reset to the SDM845 UFS phy to express the PHY reset
bit inside the UFS controller register space. Before this change, this
reset was not expressed in the DT, and the driver utilized two different
callbacks (phy_init and phy_poweron) to implement a two-phase
initialization procedure that involved deasserting this reset between
init and poweron. This abused the two callbacks and diluted their
purpose.
That scheme does not work as regulators cannot be turned off in
phy_poweroff because they were turned on in init, rather than poweron.
The net result is that regulators are left on in suspend that shouldn't
be.
This new scheme gives the UFS reset to the PHY, so that it can fully
initialize itself in a single callback. We can then turn regulators on
during poweron and off during poweroff.
Signed-off-by: Evan Green <evgreen@chromium.org>
Reviewed-by: Rob Herring <robh@kernel.org>
Reviewed-by: Stephen Boyd <swboyd@chromium.org>
Signed-off-by: Kishon Vijay Abraham I <kishon@ti.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
Documentation/devicetree/bindings/phy/qcom-qmp-phy.txt | 6 ++++--
1 file changed, 4 insertions(+), 2 deletions(-)
diff --git a/Documentation/devicetree/bindings/phy/qcom-qmp-phy.txt b/Documentation/devicetree/bindings/phy/qcom-qmp-phy.txt
index 5d181fc3cc182..4a78ba8b85bc0 100644
--- a/Documentation/devicetree/bindings/phy/qcom-qmp-phy.txt
+++ b/Documentation/devicetree/bindings/phy/qcom-qmp-phy.txt
@@ -59,7 +59,8 @@ Required properties:
one for each entry in reset-names.
- reset-names: "phy" for reset of phy block,
"common" for phy common block reset,
- "cfg" for phy's ahb cfg block reset.
+ "cfg" for phy's ahb cfg block reset,
+ "ufsphy" for the PHY reset in the UFS controller.
For "qcom,ipq8074-qmp-pcie-phy" must contain:
"phy", "common".
@@ -74,7 +75,8 @@ Required properties:
"phy", "common".
For "qcom,sdm845-qmp-usb3-uni-phy" must contain:
"phy", "common".
- For "qcom,sdm845-qmp-ufs-phy": no resets are listed.
+ For "qcom,sdm845-qmp-ufs-phy": must contain:
+ "ufsphy".
- vdda-phy-supply: Phandle to a regulator supply to PHY core block.
- vdda-pll-supply: Phandle to 1.8V regulator supply to PHY refclk pll block.
--
2.20.1
^ permalink raw reply related [flat|nested] 429+ messages in thread
* [PATCH 5.1 183/405] phy: sun4i-usb: Make sure to disable PHY0 passby for peripheral mode
2019-05-30 2:59 [PATCH 5.1 000/405] 5.1.6-stable review Greg Kroah-Hartman
` (181 preceding siblings ...)
2019-05-30 3:03 ` [PATCH 5.1 182/405] dt-bindings: phy-qcom-qmp: Add UFS PHY reset Greg Kroah-Hartman
@ 2019-05-30 3:03 ` Greg Kroah-Hartman
2019-05-30 3:03 ` [PATCH 5.1 184/405] phy: mapphone-mdm6600: add gpiolib dependency Greg Kroah-Hartman
` (226 subsequent siblings)
409 siblings, 0 replies; 429+ messages in thread
From: Greg Kroah-Hartman @ 2019-05-30 3:03 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Paul Kocialkowski,
Kishon Vijay Abraham I, Sasha Levin
[ Upstream commit e6f32efb1b128344a2c7df9875bc1a1abaa1d395 ]
On platforms where the MUSB and HCI controllers share PHY0, PHY passby
is required when using the HCI controller with the PHY, but it must be
disabled when the MUSB controller is used instead.
Without this, PHY0 passby is always enabled, which results in broken
peripheral mode on such platforms (e.g. H3/H5).
Fixes: ba4bdc9e1dc0 ("PHY: sunxi: Add driver for sunxi usb phy")
Signed-off-by: Paul Kocialkowski <paul.kocialkowski@bootlin.com>
Signed-off-by: Kishon Vijay Abraham I <kishon@ti.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/phy/allwinner/phy-sun4i-usb.c | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/drivers/phy/allwinner/phy-sun4i-usb.c b/drivers/phy/allwinner/phy-sun4i-usb.c
index 4bbd9ede38c83..cc5af961778d6 100644
--- a/drivers/phy/allwinner/phy-sun4i-usb.c
+++ b/drivers/phy/allwinner/phy-sun4i-usb.c
@@ -554,6 +554,7 @@ static void sun4i_usb_phy0_id_vbus_det_scan(struct work_struct *work)
struct sun4i_usb_phy_data *data =
container_of(work, struct sun4i_usb_phy_data, detect.work);
struct phy *phy0 = data->phys[0].phy;
+ struct sun4i_usb_phy *phy = phy_get_drvdata(phy0);
bool force_session_end, id_notify = false, vbus_notify = false;
int id_det, vbus_det;
@@ -610,6 +611,9 @@ static void sun4i_usb_phy0_id_vbus_det_scan(struct work_struct *work)
mutex_unlock(&phy0->mutex);
}
+ /* Enable PHY0 passby for host mode only. */
+ sun4i_usb_phy_passby(phy, !id_det);
+
/* Re-route PHY0 if necessary */
if (data->cfg->phy0_dual_route)
sun4i_usb_phy0_reroute(data, id_det);
--
2.20.1
^ permalink raw reply related [flat|nested] 429+ messages in thread
* [PATCH 5.1 184/405] phy: mapphone-mdm6600: add gpiolib dependency
2019-05-30 2:59 [PATCH 5.1 000/405] 5.1.6-stable review Greg Kroah-Hartman
` (182 preceding siblings ...)
2019-05-30 3:03 ` [PATCH 5.1 183/405] phy: sun4i-usb: Make sure to disable PHY0 passby for peripheral mode Greg Kroah-Hartman
@ 2019-05-30 3:03 ` Greg Kroah-Hartman
2019-05-30 3:03 ` [PATCH 5.1 185/405] phy: ti: usb2: fix OMAP_CONTROL_PHY dependency Greg Kroah-Hartman
` (225 subsequent siblings)
409 siblings, 0 replies; 429+ messages in thread
From: Greg Kroah-Hartman @ 2019-05-30 3:03 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Arnd Bergmann, Tony Lindgren,
Kishon Vijay Abraham I, Sasha Levin
[ Upstream commit 208d3423ee463ab257908456f6bbca4024ab63f7 ]
gcc points out that when CONFIG_GPIOLIB is disabled,
gpiod_get_array_value_cansleep() returns 0 but fails to set its output:
drivers/phy/motorola/phy-mapphone-mdm6600.c: In function 'phy_mdm6600_status':
drivers/phy/motorola/phy-mapphone-mdm6600.c:220:24: error: 'values[0]' is used uninitialized in this function [-Werror=uninitialized]
This could be fixed more generally in gpiolib by returning a failure
code, but for this specific case, the easier workaround is to add a
gpiolib dependency.
Fixes: 5d1ebbda0318 ("phy: mapphone-mdm6600: Add USB PHY driver for MDM6600 on Droid 4")
Signed-off-by: Arnd Bergmann <arnd@arndb.de>
Acked-by: Tony Lindgren <tony@atomide.com>
Signed-off-by: Kishon Vijay Abraham I <kishon@ti.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/phy/motorola/Kconfig | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/phy/motorola/Kconfig b/drivers/phy/motorola/Kconfig
index 82651524ffb9c..718f8729701df 100644
--- a/drivers/phy/motorola/Kconfig
+++ b/drivers/phy/motorola/Kconfig
@@ -13,7 +13,7 @@ config PHY_CPCAP_USB
config PHY_MAPPHONE_MDM6600
tristate "Motorola Mapphone MDM6600 modem USB PHY driver"
- depends on OF && USB_SUPPORT
+ depends on OF && USB_SUPPORT && GPIOLIB
select GENERIC_PHY
help
Enable this for MDM6600 USB modem to work on Motorola phones
--
2.20.1
^ permalink raw reply related [flat|nested] 429+ messages in thread
* [PATCH 5.1 185/405] phy: ti: usb2: fix OMAP_CONTROL_PHY dependency
2019-05-30 2:59 [PATCH 5.1 000/405] 5.1.6-stable review Greg Kroah-Hartman
` (183 preceding siblings ...)
2019-05-30 3:03 ` [PATCH 5.1 184/405] phy: mapphone-mdm6600: add gpiolib dependency Greg Kroah-Hartman
@ 2019-05-30 3:03 ` Greg Kroah-Hartman
2019-05-30 3:03 ` [PATCH 5.1 186/405] dpaa2-eth: Fix Rx classification status Greg Kroah-Hartman
` (224 subsequent siblings)
409 siblings, 0 replies; 429+ messages in thread
From: Greg Kroah-Hartman @ 2019-05-30 3:03 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Arnd Bergmann,
Kishon Vijay Abraham I, Sasha Levin
[ Upstream commit d41ce98a122c13ea77938af04ef06fb12ae0c69e ]
With randconfig build testing on arm64, we can run into a configuration
that has CONFIG_OMAP_CONTROL_PHY=m and CONFIG_OMAP_USB2=y, which in turn
causes a link failure:
drivers/phy/ti/phy-omap-usb2.o: In function `omap_usb_phy_power':
phy-omap-usb2.c:(.text+0x17c): undefined reference to `omap_control_phy_power'
I could not come up with a good way to correctly describe the relation
of the two symbols, but if we just select CONFIG_OMAP_CONTROL_PHY
during compile testing, we can no longer run into the broken configuration.
Fixes: 6777cee3a872 ("phy: ti: usb2: Add support for AM654 USB2 PHY")
Signed-off-by: Arnd Bergmann <arnd@arndb.de>
Signed-off-by: Kishon Vijay Abraham I <kishon@ti.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/phy/ti/Kconfig | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/phy/ti/Kconfig b/drivers/phy/ti/Kconfig
index 103efc456a12e..022ac16f626cf 100644
--- a/drivers/phy/ti/Kconfig
+++ b/drivers/phy/ti/Kconfig
@@ -37,7 +37,7 @@ config OMAP_USB2
depends on USB_SUPPORT
select GENERIC_PHY
select USB_PHY
- select OMAP_CONTROL_PHY if ARCH_OMAP2PLUS
+ select OMAP_CONTROL_PHY if ARCH_OMAP2PLUS || COMPILE_TEST
help
Enable this to support the transceiver that is part of SOC. This
driver takes care of all the PHY functionality apart from comparator.
--
2.20.1
^ permalink raw reply related [flat|nested] 429+ messages in thread
* [PATCH 5.1 186/405] dpaa2-eth: Fix Rx classification status
2019-05-30 2:59 [PATCH 5.1 000/405] 5.1.6-stable review Greg Kroah-Hartman
` (184 preceding siblings ...)
2019-05-30 3:03 ` [PATCH 5.1 185/405] phy: ti: usb2: fix OMAP_CONTROL_PHY dependency Greg Kroah-Hartman
@ 2019-05-30 3:03 ` Greg Kroah-Hartman
2019-05-30 3:03 ` [PATCH 5.1 187/405] i40e: Able to add up to 16 MAC filters on an untrusted VF Greg Kroah-Hartman
` (223 subsequent siblings)
409 siblings, 0 replies; 429+ messages in thread
From: Greg Kroah-Hartman @ 2019-05-30 3:03 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Ioana Radulescu, David S. Miller,
Sasha Levin
[ Upstream commit df8e249be866e2f762be11b14a9e7a94752614d4 ]
Set the Rx flow classification enable flag only if key config
operation is successful.
Fixes 3f9b5c9 ("dpaa2-eth: Configure Rx flow classification key")
Signed-off-by: Ioana Radulescu <ruxandra.radulescu@nxp.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/ethernet/freescale/dpaa2/dpaa2-eth.c | 7 ++++++-
1 file changed, 6 insertions(+), 1 deletion(-)
diff --git a/drivers/net/ethernet/freescale/dpaa2/dpaa2-eth.c b/drivers/net/ethernet/freescale/dpaa2/dpaa2-eth.c
index dc339dc1adb21..57cbaa38d2477 100644
--- a/drivers/net/ethernet/freescale/dpaa2/dpaa2-eth.c
+++ b/drivers/net/ethernet/freescale/dpaa2/dpaa2-eth.c
@@ -2796,6 +2796,7 @@ int dpaa2_eth_set_hash(struct net_device *net_dev, u64 flags)
static int dpaa2_eth_set_cls(struct dpaa2_eth_priv *priv)
{
struct device *dev = priv->net_dev->dev.parent;
+ int err;
/* Check if we actually support Rx flow classification */
if (dpaa2_eth_has_legacy_dist(priv)) {
@@ -2814,9 +2815,13 @@ static int dpaa2_eth_set_cls(struct dpaa2_eth_priv *priv)
return -EOPNOTSUPP;
}
+ err = dpaa2_eth_set_dist_key(priv->net_dev, DPAA2_ETH_RX_DIST_CLS, 0);
+ if (err)
+ return err;
+
priv->rx_cls_enabled = 1;
- return dpaa2_eth_set_dist_key(priv->net_dev, DPAA2_ETH_RX_DIST_CLS, 0);
+ return 0;
}
/* Bind the DPNI to its needed objects and resources: buffer pool, DPIOs,
--
2.20.1
^ permalink raw reply related [flat|nested] 429+ messages in thread
* [PATCH 5.1 187/405] i40e: Able to add up to 16 MAC filters on an untrusted VF
2019-05-30 2:59 [PATCH 5.1 000/405] 5.1.6-stable review Greg Kroah-Hartman
` (185 preceding siblings ...)
2019-05-30 3:03 ` [PATCH 5.1 186/405] dpaa2-eth: Fix Rx classification status Greg Kroah-Hartman
@ 2019-05-30 3:03 ` Greg Kroah-Hartman
2019-05-30 3:03 ` [PATCH 5.1 188/405] i40e: dont allow changes to HW VLAN stripping on active port VLANs Greg Kroah-Hartman
` (222 subsequent siblings)
409 siblings, 0 replies; 429+ messages in thread
From: Greg Kroah-Hartman @ 2019-05-30 3:03 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Adam Ludkiewicz, Andrew Bowers,
Jeff Kirsher, Sasha Levin
[ Upstream commit 06b6e2a2333eb3581567a7ac43ca465ef45f4daa ]
This patch fixes the problem with the driver being able to add only 7
multicast MAC address filters instead of 16. The problem is fixed by
changing the maximum number of MAC address filters to 16+1+1 (two extra
are needed because the driver uses 1 for unicast MAC address and 1 for
broadcast).
Signed-off-by: Adam Ludkiewicz <adam.ludkiewicz@intel.com>
Tested-by: Andrew Bowers <andrewx.bowers@intel.com>
Signed-off-by: Jeff Kirsher <jeffrey.t.kirsher@intel.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/ethernet/intel/i40e/i40e_virtchnl_pf.c | 6 ++++--
1 file changed, 4 insertions(+), 2 deletions(-)
diff --git a/drivers/net/ethernet/intel/i40e/i40e_virtchnl_pf.c b/drivers/net/ethernet/intel/i40e/i40e_virtchnl_pf.c
index 0b5b867c9fbcb..2b0362c827e98 100644
--- a/drivers/net/ethernet/intel/i40e/i40e_virtchnl_pf.c
+++ b/drivers/net/ethernet/intel/i40e/i40e_virtchnl_pf.c
@@ -2454,8 +2454,10 @@ static int i40e_vc_get_stats_msg(struct i40e_vf *vf, u8 *msg)
(u8 *)&stats, sizeof(stats));
}
-/* If the VF is not trusted restrict the number of MAC/VLAN it can program */
-#define I40E_VC_MAX_MAC_ADDR_PER_VF 12
+/* If the VF is not trusted restrict the number of MAC/VLAN it can program
+ * MAC filters: 16 for multicast, 1 for MAC, 1 for broadcast
+ */
+#define I40E_VC_MAX_MAC_ADDR_PER_VF (16 + 1 + 1)
#define I40E_VC_MAX_VLAN_PER_VF 8
/**
--
2.20.1
^ permalink raw reply related [flat|nested] 429+ messages in thread
* [PATCH 5.1 188/405] i40e: dont allow changes to HW VLAN stripping on active port VLANs
2019-05-30 2:59 [PATCH 5.1 000/405] 5.1.6-stable review Greg Kroah-Hartman
` (186 preceding siblings ...)
2019-05-30 3:03 ` [PATCH 5.1 187/405] i40e: Able to add up to 16 MAC filters on an untrusted VF Greg Kroah-Hartman
@ 2019-05-30 3:03 ` Greg Kroah-Hartman
2019-05-30 3:03 ` [PATCH 5.1 189/405] ACPI/IORT: Reject platform device creation on NUMA node mapping failure Greg Kroah-Hartman
` (221 subsequent siblings)
409 siblings, 0 replies; 429+ messages in thread
From: Greg Kroah-Hartman @ 2019-05-30 3:03 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Nicholas Nunley, Jeff Kirsher, Sasha Levin
[ Upstream commit bfb0ebed53857cfc57f11c63fa3689940d71c1c8 ]
Modifying the VLAN stripping options when a port VLAN is configured
will break traffic for the VSI, and conceptually doesn't make sense,
so don't allow this.
Signed-off-by: Nicholas Nunley <nicholas.d.nunley@intel.com>
Signed-off-by: Jeff Kirsher <jeffrey.t.kirsher@intel.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/ethernet/intel/i40e/i40e_main.c | 8 ++++++++
1 file changed, 8 insertions(+)
diff --git a/drivers/net/ethernet/intel/i40e/i40e_main.c b/drivers/net/ethernet/intel/i40e/i40e_main.c
index b1c265012c8ad..ac9fcb0976890 100644
--- a/drivers/net/ethernet/intel/i40e/i40e_main.c
+++ b/drivers/net/ethernet/intel/i40e/i40e_main.c
@@ -2654,6 +2654,10 @@ void i40e_vlan_stripping_enable(struct i40e_vsi *vsi)
struct i40e_vsi_context ctxt;
i40e_status ret;
+ /* Don't modify stripping options if a port VLAN is active */
+ if (vsi->info.pvid)
+ return;
+
if ((vsi->info.valid_sections &
cpu_to_le16(I40E_AQ_VSI_PROP_VLAN_VALID)) &&
((vsi->info.port_vlan_flags & I40E_AQ_VSI_PVLAN_MODE_MASK) == 0))
@@ -2684,6 +2688,10 @@ void i40e_vlan_stripping_disable(struct i40e_vsi *vsi)
struct i40e_vsi_context ctxt;
i40e_status ret;
+ /* Don't modify stripping options if a port VLAN is active */
+ if (vsi->info.pvid)
+ return;
+
if ((vsi->info.valid_sections &
cpu_to_le16(I40E_AQ_VSI_PROP_VLAN_VALID)) &&
((vsi->info.port_vlan_flags & I40E_AQ_VSI_PVLAN_EMOD_MASK) ==
--
2.20.1
^ permalink raw reply related [flat|nested] 429+ messages in thread
* [PATCH 5.1 189/405] ACPI/IORT: Reject platform device creation on NUMA node mapping failure
2019-05-30 2:59 [PATCH 5.1 000/405] 5.1.6-stable review Greg Kroah-Hartman
` (187 preceding siblings ...)
2019-05-30 3:03 ` [PATCH 5.1 188/405] i40e: dont allow changes to HW VLAN stripping on active port VLANs Greg Kroah-Hartman
@ 2019-05-30 3:03 ` Greg Kroah-Hartman
2019-05-30 3:03 ` [PATCH 5.1 190/405] arm64: vdso: Fix clock_getres() for CLOCK_REALTIME Greg Kroah-Hartman
` (220 subsequent siblings)
409 siblings, 0 replies; 429+ messages in thread
From: Greg Kroah-Hartman @ 2019-05-30 3:03 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Lorenzo Pieralisi, Kefeng Wang,
Will Deacon, Sasha Levin
[ Upstream commit 36a2ba07757df790b4a874efb1a105b9330a9ae7 ]
In a system where, through IORT firmware mappings, the SMMU device is
mapped to a NUMA node that is not online, the kernel bootstrap results
in the following crash:
Unable to handle kernel paging request at virtual address 0000000000001388
Mem abort info:
ESR = 0x96000004
Exception class = DABT (current EL), IL = 32 bits
SET = 0, FnV = 0
EA = 0, S1PTW = 0
Data abort info:
ISV = 0, ISS = 0x00000004
CM = 0, WnR = 0
[0000000000001388] user address but active_mm is swapper
Internal error: Oops: 96000004 [#1] SMP
Modules linked in:
CPU: 5 PID: 1 Comm: swapper/0 Not tainted 5.0.0 #15
pstate: 80c00009 (Nzcv daif +PAN +UAO)
pc : __alloc_pages_nodemask+0x13c/0x1068
lr : __alloc_pages_nodemask+0xdc/0x1068
...
Process swapper/0 (pid: 1, stack limit = 0x(____ptrval____))
Call trace:
__alloc_pages_nodemask+0x13c/0x1068
new_slab+0xec/0x570
___slab_alloc+0x3e0/0x4f8
__slab_alloc+0x60/0x80
__kmalloc_node_track_caller+0x10c/0x478
devm_kmalloc+0x44/0xb0
pinctrl_bind_pins+0x4c/0x188
really_probe+0x78/0x2b8
driver_probe_device+0x64/0x110
device_driver_attach+0x74/0x98
__driver_attach+0x9c/0xe8
bus_for_each_dev+0x84/0xd8
driver_attach+0x30/0x40
bus_add_driver+0x170/0x218
driver_register+0x64/0x118
__platform_driver_register+0x54/0x60
arm_smmu_driver_init+0x24/0x2c
do_one_initcall+0xbc/0x328
kernel_init_freeable+0x304/0x3ac
kernel_init+0x18/0x110
ret_from_fork+0x10/0x1c
Code: f90013b5 b9410fa1 1a9f0694 b50014c2 (b9400804)
---[ end trace dfeaed4c373a32da ]--
Change the dev_set_proximity() hook prototype so that it returns a
value and make it return failure if the PXM->NUMA-node mapping
corresponds to an offline node, fixing the crash.
Acked-by: Lorenzo Pieralisi <lorenzo.pieralisi@arm.com>
Signed-off-by: Kefeng Wang <wangkefeng.wang@huawei.com>
Link: https://lore.kernel.org/linux-arm-kernel/20190315021940.86905-1-wangkefeng.wang@huawei.com/
Signed-off-by: Will Deacon <will.deacon@arm.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/acpi/arm64/iort.c | 19 ++++++++++++++-----
1 file changed, 14 insertions(+), 5 deletions(-)
diff --git a/drivers/acpi/arm64/iort.c b/drivers/acpi/arm64/iort.c
index e48894e002ba8..a46c2c162c03e 100644
--- a/drivers/acpi/arm64/iort.c
+++ b/drivers/acpi/arm64/iort.c
@@ -1232,18 +1232,24 @@ static bool __init arm_smmu_v3_is_coherent(struct acpi_iort_node *node)
/*
* set numa proximity domain for smmuv3 device
*/
-static void __init arm_smmu_v3_set_proximity(struct device *dev,
+static int __init arm_smmu_v3_set_proximity(struct device *dev,
struct acpi_iort_node *node)
{
struct acpi_iort_smmu_v3 *smmu;
smmu = (struct acpi_iort_smmu_v3 *)node->node_data;
if (smmu->flags & ACPI_IORT_SMMU_V3_PXM_VALID) {
- set_dev_node(dev, acpi_map_pxm_to_node(smmu->pxm));
+ int node = acpi_map_pxm_to_node(smmu->pxm);
+
+ if (node != NUMA_NO_NODE && !node_online(node))
+ return -EINVAL;
+
+ set_dev_node(dev, node);
pr_info("SMMU-v3[%llx] Mapped to Proximity domain %d\n",
smmu->base_address,
smmu->pxm);
}
+ return 0;
}
#else
#define arm_smmu_v3_set_proximity NULL
@@ -1318,7 +1324,7 @@ struct iort_dev_config {
int (*dev_count_resources)(struct acpi_iort_node *node);
void (*dev_init_resources)(struct resource *res,
struct acpi_iort_node *node);
- void (*dev_set_proximity)(struct device *dev,
+ int (*dev_set_proximity)(struct device *dev,
struct acpi_iort_node *node);
};
@@ -1369,8 +1375,11 @@ static int __init iort_add_platform_device(struct acpi_iort_node *node,
if (!pdev)
return -ENOMEM;
- if (ops->dev_set_proximity)
- ops->dev_set_proximity(&pdev->dev, node);
+ if (ops->dev_set_proximity) {
+ ret = ops->dev_set_proximity(&pdev->dev, node);
+ if (ret)
+ goto dev_put;
+ }
count = ops->dev_count_resources(node);
--
2.20.1
^ permalink raw reply related [flat|nested] 429+ messages in thread
* [PATCH 5.1 190/405] arm64: vdso: Fix clock_getres() for CLOCK_REALTIME
2019-05-30 2:59 [PATCH 5.1 000/405] 5.1.6-stable review Greg Kroah-Hartman
` (188 preceding siblings ...)
2019-05-30 3:03 ` [PATCH 5.1 189/405] ACPI/IORT: Reject platform device creation on NUMA node mapping failure Greg Kroah-Hartman
@ 2019-05-30 3:03 ` Greg Kroah-Hartman
2019-05-30 3:03 ` [PATCH 5.1 191/405] RDMA/cxgb4: Fix null pointer dereference on alloc_skb failure Greg Kroah-Hartman
` (219 subsequent siblings)
409 siblings, 0 replies; 429+ messages in thread
From: Greg Kroah-Hartman @ 2019-05-30 3:03 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Catalin Marinas, Vincenzo Frascino,
Will Deacon, Sasha Levin
[ Upstream commit 81fb8736dd81da3fe94f28968dac60f392ec6746 ]
clock_getres() in the vDSO library has to preserve the same behaviour
of posix_get_hrtimer_res().
In particular, posix_get_hrtimer_res() does:
sec = 0;
ns = hrtimer_resolution;
where 'hrtimer_resolution' depends on whether or not high resolution
timers are enabled, which is a runtime decision.
The vDSO incorrectly returns the constant CLOCK_REALTIME_RES. Fix this
by exposing 'hrtimer_resolution' in the vDSO datapage and returning that
instead.
Reviewed-by: Catalin Marinas <catalin.marinas@arm.com>
Signed-off-by: Vincenzo Frascino <vincenzo.frascino@arm.com>
[will: Use WRITE_ONCE(), move adr off COARSE path, renumber labels, use 'w' reg]
Signed-off-by: Will Deacon <will.deacon@arm.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/arm64/include/asm/vdso_datapage.h | 1 +
arch/arm64/kernel/asm-offsets.c | 2 +-
arch/arm64/kernel/vdso.c | 3 +++
arch/arm64/kernel/vdso/gettimeofday.S | 7 +++----
4 files changed, 8 insertions(+), 5 deletions(-)
diff --git a/arch/arm64/include/asm/vdso_datapage.h b/arch/arm64/include/asm/vdso_datapage.h
index 2b9a63771eda8..f89263c8e11af 100644
--- a/arch/arm64/include/asm/vdso_datapage.h
+++ b/arch/arm64/include/asm/vdso_datapage.h
@@ -38,6 +38,7 @@ struct vdso_data {
__u32 tz_minuteswest; /* Whacky timezone stuff */
__u32 tz_dsttime;
__u32 use_syscall;
+ __u32 hrtimer_res;
};
#endif /* !__ASSEMBLY__ */
diff --git a/arch/arm64/kernel/asm-offsets.c b/arch/arm64/kernel/asm-offsets.c
index 7f40dcbdd51d0..e10e2a5d9ddcf 100644
--- a/arch/arm64/kernel/asm-offsets.c
+++ b/arch/arm64/kernel/asm-offsets.c
@@ -94,7 +94,7 @@ int main(void)
DEFINE(CLOCK_REALTIME, CLOCK_REALTIME);
DEFINE(CLOCK_MONOTONIC, CLOCK_MONOTONIC);
DEFINE(CLOCK_MONOTONIC_RAW, CLOCK_MONOTONIC_RAW);
- DEFINE(CLOCK_REALTIME_RES, MONOTONIC_RES_NSEC);
+ DEFINE(CLOCK_REALTIME_RES, offsetof(struct vdso_data, hrtimer_res));
DEFINE(CLOCK_REALTIME_COARSE, CLOCK_REALTIME_COARSE);
DEFINE(CLOCK_MONOTONIC_COARSE,CLOCK_MONOTONIC_COARSE);
DEFINE(CLOCK_COARSE_RES, LOW_RES_NSEC);
diff --git a/arch/arm64/kernel/vdso.c b/arch/arm64/kernel/vdso.c
index 2d419006ad433..ec0bb588d7553 100644
--- a/arch/arm64/kernel/vdso.c
+++ b/arch/arm64/kernel/vdso.c
@@ -232,6 +232,9 @@ void update_vsyscall(struct timekeeper *tk)
vdso_data->wtm_clock_sec = tk->wall_to_monotonic.tv_sec;
vdso_data->wtm_clock_nsec = tk->wall_to_monotonic.tv_nsec;
+ /* Read without the seqlock held by clock_getres() */
+ WRITE_ONCE(vdso_data->hrtimer_res, hrtimer_resolution);
+
if (!use_syscall) {
/* tkr_mono.cycle_last == tkr_raw.cycle_last */
vdso_data->cs_cycle_last = tk->tkr_mono.cycle_last;
diff --git a/arch/arm64/kernel/vdso/gettimeofday.S b/arch/arm64/kernel/vdso/gettimeofday.S
index e8f60112818fc..856fee6d35129 100644
--- a/arch/arm64/kernel/vdso/gettimeofday.S
+++ b/arch/arm64/kernel/vdso/gettimeofday.S
@@ -308,13 +308,14 @@ ENTRY(__kernel_clock_getres)
ccmp w0, #CLOCK_MONOTONIC_RAW, #0x4, ne
b.ne 1f
- ldr x2, 5f
+ adr vdso_data, _vdso_data
+ ldr w2, [vdso_data, #CLOCK_REALTIME_RES]
b 2f
1:
cmp w0, #CLOCK_REALTIME_COARSE
ccmp w0, #CLOCK_MONOTONIC_COARSE, #0x4, ne
b.ne 4f
- ldr x2, 6f
+ ldr x2, 5f
2:
cbz x1, 3f
stp xzr, x2, [x1]
@@ -328,8 +329,6 @@ ENTRY(__kernel_clock_getres)
svc #0
ret
5:
- .quad CLOCK_REALTIME_RES
-6:
.quad CLOCK_COARSE_RES
.cfi_endproc
ENDPROC(__kernel_clock_getres)
--
2.20.1
^ permalink raw reply related [flat|nested] 429+ messages in thread
* [PATCH 5.1 191/405] RDMA/cxgb4: Fix null pointer dereference on alloc_skb failure
2019-05-30 2:59 [PATCH 5.1 000/405] 5.1.6-stable review Greg Kroah-Hartman
` (189 preceding siblings ...)
2019-05-30 3:03 ` [PATCH 5.1 190/405] arm64: vdso: Fix clock_getres() for CLOCK_REALTIME Greg Kroah-Hartman
@ 2019-05-30 3:03 ` Greg Kroah-Hartman
2019-05-30 3:03 ` [PATCH 5.1 192/405] fscrypt: use READ_ONCE() to access ->i_crypt_info Greg Kroah-Hartman
` (218 subsequent siblings)
409 siblings, 0 replies; 429+ messages in thread
From: Greg Kroah-Hartman @ 2019-05-30 3:03 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Colin Ian King, Potnuri Bharat Teja,
Jason Gunthorpe, Sasha Levin
[ Upstream commit a6d2a5a92e67d151c98886babdc86d530d27111c ]
Currently if alloc_skb fails to allocate the skb a null skb is passed to
t4_set_arp_err_handler and this ends up dereferencing the null skb. Avoid
the NULL pointer dereference by checking for a NULL skb and returning
early.
Addresses-Coverity: ("Dereference null return")
Fixes: b38a0ad8ec11 ("RDMA/cxgb4: Set arp error handler for PASS_ACCEPT_RPL messages")
Signed-off-by: Colin Ian King <colin.king@canonical.com>
Acked-by: Potnuri Bharat Teja <bharat@chelsio.com>
Signed-off-by: Jason Gunthorpe <jgg@mellanox.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/infiniband/hw/cxgb4/cm.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/drivers/infiniband/hw/cxgb4/cm.c b/drivers/infiniband/hw/cxgb4/cm.c
index 4d232bdf9e976..689ba6bc2ca9c 100644
--- a/drivers/infiniband/hw/cxgb4/cm.c
+++ b/drivers/infiniband/hw/cxgb4/cm.c
@@ -457,6 +457,8 @@ static struct sk_buff *get_skb(struct sk_buff *skb, int len, gfp_t gfp)
skb_reset_transport_header(skb);
} else {
skb = alloc_skb(len, gfp);
+ if (!skb)
+ return NULL;
}
t4_set_arp_err_handler(skb, NULL, NULL);
return skb;
--
2.20.1
^ permalink raw reply related [flat|nested] 429+ messages in thread
* [PATCH 5.1 192/405] fscrypt: use READ_ONCE() to access ->i_crypt_info
2019-05-30 2:59 [PATCH 5.1 000/405] 5.1.6-stable review Greg Kroah-Hartman
` (190 preceding siblings ...)
2019-05-30 3:03 ` [PATCH 5.1 191/405] RDMA/cxgb4: Fix null pointer dereference on alloc_skb failure Greg Kroah-Hartman
@ 2019-05-30 3:03 ` Greg Kroah-Hartman
2019-05-30 3:03 ` [PATCH 5.1 193/405] perf/x86/msr: Add Icelake support Greg Kroah-Hartman
` (217 subsequent siblings)
409 siblings, 0 replies; 429+ messages in thread
From: Greg Kroah-Hartman @ 2019-05-30 3:03 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Eric Biggers, Theodore Tso, Sasha Levin
[ Upstream commit e37a784d8b6a1e726de5ddc7b4809c086a08db09 ]
->i_crypt_info starts out NULL and may later be locklessly set to a
non-NULL value by the cmpxchg() in fscrypt_get_encryption_info().
But ->i_crypt_info is used directly, which technically is incorrect.
It's a data race, and it doesn't include the data dependency barrier
needed to safely dereference the pointer on at least one architecture.
Fix this by using READ_ONCE() instead. Note: we don't need to use
smp_load_acquire(), since dereferencing the pointer only requires a data
dependency barrier, which is already included in READ_ONCE(). We also
don't need READ_ONCE() in places where ->i_crypt_info is unconditionally
dereferenced, since it must have already been checked.
Also downgrade the cmpxchg() to cmpxchg_release(), since RELEASE
semantics are sufficient on the write side.
Signed-off-by: Eric Biggers <ebiggers@google.com>
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
fs/crypto/crypto.c | 2 +-
fs/crypto/fname.c | 4 ++--
fs/crypto/keyinfo.c | 4 ++--
fs/crypto/policy.c | 6 +++---
include/linux/fscrypt.h | 3 ++-
5 files changed, 10 insertions(+), 9 deletions(-)
diff --git a/fs/crypto/crypto.c b/fs/crypto/crypto.c
index 4dc788e3bc96b..fe38b53060454 100644
--- a/fs/crypto/crypto.c
+++ b/fs/crypto/crypto.c
@@ -334,7 +334,7 @@ static int fscrypt_d_revalidate(struct dentry *dentry, unsigned int flags)
spin_lock(&dentry->d_lock);
cached_with_key = dentry->d_flags & DCACHE_ENCRYPTED_WITH_KEY;
spin_unlock(&dentry->d_lock);
- dir_has_key = (d_inode(dir)->i_crypt_info != NULL);
+ dir_has_key = fscrypt_has_encryption_key(d_inode(dir));
dput(dir);
/*
diff --git a/fs/crypto/fname.c b/fs/crypto/fname.c
index 7ff40a73dbece..050384c79f40e 100644
--- a/fs/crypto/fname.c
+++ b/fs/crypto/fname.c
@@ -269,7 +269,7 @@ int fscrypt_fname_disk_to_usr(struct inode *inode,
if (iname->len < FS_CRYPTO_BLOCK_SIZE)
return -EUCLEAN;
- if (inode->i_crypt_info)
+ if (fscrypt_has_encryption_key(inode))
return fname_decrypt(inode, iname, oname);
if (iname->len <= FSCRYPT_FNAME_MAX_UNDIGESTED_SIZE) {
@@ -336,7 +336,7 @@ int fscrypt_setup_filename(struct inode *dir, const struct qstr *iname,
if (ret)
return ret;
- if (dir->i_crypt_info) {
+ if (fscrypt_has_encryption_key(dir)) {
if (!fscrypt_fname_encrypted_size(dir, iname->len,
dir->i_sb->s_cop->max_namelen,
&fname->crypto_buf.len))
diff --git a/fs/crypto/keyinfo.c b/fs/crypto/keyinfo.c
index 322ce9686bdba..bf291c10c682f 100644
--- a/fs/crypto/keyinfo.c
+++ b/fs/crypto/keyinfo.c
@@ -509,7 +509,7 @@ int fscrypt_get_encryption_info(struct inode *inode)
u8 *raw_key = NULL;
int res;
- if (inode->i_crypt_info)
+ if (fscrypt_has_encryption_key(inode))
return 0;
res = fscrypt_initialize(inode->i_sb->s_cop->flags);
@@ -573,7 +573,7 @@ int fscrypt_get_encryption_info(struct inode *inode)
if (res)
goto out;
- if (cmpxchg(&inode->i_crypt_info, NULL, crypt_info) == NULL)
+ if (cmpxchg_release(&inode->i_crypt_info, NULL, crypt_info) == NULL)
crypt_info = NULL;
out:
if (res == -ENOKEY)
diff --git a/fs/crypto/policy.c b/fs/crypto/policy.c
index bd7eaf9b3f003..d536889ac31bf 100644
--- a/fs/crypto/policy.c
+++ b/fs/crypto/policy.c
@@ -194,8 +194,8 @@ int fscrypt_has_permitted_context(struct inode *parent, struct inode *child)
res = fscrypt_get_encryption_info(child);
if (res)
return 0;
- parent_ci = parent->i_crypt_info;
- child_ci = child->i_crypt_info;
+ parent_ci = READ_ONCE(parent->i_crypt_info);
+ child_ci = READ_ONCE(child->i_crypt_info);
if (parent_ci && child_ci) {
return memcmp(parent_ci->ci_master_key_descriptor,
@@ -246,7 +246,7 @@ int fscrypt_inherit_context(struct inode *parent, struct inode *child,
if (res < 0)
return res;
- ci = parent->i_crypt_info;
+ ci = READ_ONCE(parent->i_crypt_info);
if (ci == NULL)
return -ENOKEY;
diff --git a/include/linux/fscrypt.h b/include/linux/fscrypt.h
index e5194fc3983e9..08246f068fd89 100644
--- a/include/linux/fscrypt.h
+++ b/include/linux/fscrypt.h
@@ -79,7 +79,8 @@ struct fscrypt_ctx {
static inline bool fscrypt_has_encryption_key(const struct inode *inode)
{
- return (inode->i_crypt_info != NULL);
+ /* pairs with cmpxchg_release() in fscrypt_get_encryption_info() */
+ return READ_ONCE(inode->i_crypt_info) != NULL;
}
static inline bool fscrypt_dummy_context_enabled(struct inode *inode)
--
2.20.1
^ permalink raw reply related [flat|nested] 429+ messages in thread
* [PATCH 5.1 193/405] perf/x86/msr: Add Icelake support
2019-05-30 2:59 [PATCH 5.1 000/405] 5.1.6-stable review Greg Kroah-Hartman
` (191 preceding siblings ...)
2019-05-30 3:03 ` [PATCH 5.1 192/405] fscrypt: use READ_ONCE() to access ->i_crypt_info Greg Kroah-Hartman
@ 2019-05-30 3:03 ` Greg Kroah-Hartman
2019-05-30 3:03 ` [PATCH 5.1 194/405] perf/x86/intel/rapl: " Greg Kroah-Hartman
` (216 subsequent siblings)
409 siblings, 0 replies; 429+ messages in thread
From: Greg Kroah-Hartman @ 2019-05-30 3:03 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Kan Liang, Peter Zijlstra (Intel),
Alexander Shishkin, Arnaldo Carvalho de Melo, Jiri Olsa,
Linus Torvalds, Stephane Eranian, Thomas Gleixner, Vince Weaver,
acme, jolsa, Ingo Molnar, Sasha Levin
[ Upstream commit cf50d79a8cfe5adae37fec026220b009559bbeed ]
Icelake is the same as the existing Skylake parts.
Signed-off-by: Kan Liang <kan.liang@linux.intel.com>
Signed-off-by: Peter Zijlstra (Intel) <peterz@infradead.org>
Cc: Alexander Shishkin <alexander.shishkin@linux.intel.com>
Cc: Arnaldo Carvalho de Melo <acme@redhat.com>
Cc: Jiri Olsa <jolsa@redhat.com>
Cc: Linus Torvalds <torvalds@linux-foundation.org>
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: Stephane Eranian <eranian@google.com>
Cc: Thomas Gleixner <tglx@linutronix.de>
Cc: Vince Weaver <vincent.weaver@maine.edu>
Cc: acme@kernel.org
Cc: jolsa@kernel.org
Link: https://lkml.kernel.org/r/20190402194509.2832-12-kan.liang@linux.intel.com
Signed-off-by: Ingo Molnar <mingo@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/x86/events/msr.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/arch/x86/events/msr.c b/arch/x86/events/msr.c
index a878e6286e4af..f3f4c2263501d 100644
--- a/arch/x86/events/msr.c
+++ b/arch/x86/events/msr.c
@@ -89,6 +89,7 @@ static bool test_intel(int idx)
case INTEL_FAM6_SKYLAKE_X:
case INTEL_FAM6_KABYLAKE_MOBILE:
case INTEL_FAM6_KABYLAKE_DESKTOP:
+ case INTEL_FAM6_ICELAKE_MOBILE:
if (idx == PERF_MSR_SMI || idx == PERF_MSR_PPERF)
return true;
break;
--
2.20.1
^ permalink raw reply related [flat|nested] 429+ messages in thread
* [PATCH 5.1 194/405] perf/x86/intel/rapl: Add Icelake support
2019-05-30 2:59 [PATCH 5.1 000/405] 5.1.6-stable review Greg Kroah-Hartman
` (192 preceding siblings ...)
2019-05-30 3:03 ` [PATCH 5.1 193/405] perf/x86/msr: Add Icelake support Greg Kroah-Hartman
@ 2019-05-30 3:03 ` Greg Kroah-Hartman
2019-05-30 3:03 ` [PATCH 5.1 195/405] perf/x86/intel/cstate: " Greg Kroah-Hartman
` (215 subsequent siblings)
409 siblings, 0 replies; 429+ messages in thread
From: Greg Kroah-Hartman @ 2019-05-30 3:03 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Kan Liang, Peter Zijlstra (Intel),
Alexander Shishkin, Arnaldo Carvalho de Melo, Jiri Olsa,
Linus Torvalds, Stephane Eranian, Thomas Gleixner, Vince Weaver,
acme, jolsa, Ingo Molnar, Sasha Levin
[ Upstream commit b3377c3acb9e54cf86efcfe25f2e792bca599ed4 ]
Icelake support the same RAPL counters as Skylake.
Signed-off-by: Kan Liang <kan.liang@linux.intel.com>
Signed-off-by: Peter Zijlstra (Intel) <peterz@infradead.org>
Cc: Alexander Shishkin <alexander.shishkin@linux.intel.com>
Cc: Arnaldo Carvalho de Melo <acme@redhat.com>
Cc: Jiri Olsa <jolsa@redhat.com>
Cc: Linus Torvalds <torvalds@linux-foundation.org>
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: Stephane Eranian <eranian@google.com>
Cc: Thomas Gleixner <tglx@linutronix.de>
Cc: Vince Weaver <vincent.weaver@maine.edu>
Cc: acme@kernel.org
Cc: jolsa@kernel.org
Link: https://lkml.kernel.org/r/20190402194509.2832-11-kan.liang@linux.intel.com
Signed-off-by: Ingo Molnar <mingo@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/x86/events/intel/rapl.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/arch/x86/events/intel/rapl.c b/arch/x86/events/intel/rapl.c
index 94dc564146ca8..37ebf6fc5415b 100644
--- a/arch/x86/events/intel/rapl.c
+++ b/arch/x86/events/intel/rapl.c
@@ -775,6 +775,8 @@ static const struct x86_cpu_id rapl_cpu_match[] __initconst = {
X86_RAPL_MODEL_MATCH(INTEL_FAM6_ATOM_GOLDMONT_X, hsw_rapl_init),
X86_RAPL_MODEL_MATCH(INTEL_FAM6_ATOM_GOLDMONT_PLUS, hsw_rapl_init),
+
+ X86_RAPL_MODEL_MATCH(INTEL_FAM6_ICELAKE_MOBILE, skl_rapl_init),
{},
};
--
2.20.1
^ permalink raw reply related [flat|nested] 429+ messages in thread
* [PATCH 5.1 195/405] perf/x86/intel/cstate: Add Icelake support
2019-05-30 2:59 [PATCH 5.1 000/405] 5.1.6-stable review Greg Kroah-Hartman
` (193 preceding siblings ...)
2019-05-30 3:03 ` [PATCH 5.1 194/405] perf/x86/intel/rapl: " Greg Kroah-Hartman
@ 2019-05-30 3:03 ` Greg Kroah-Hartman
2019-05-30 3:03 ` [PATCH 5.1 196/405] PM / devfreq: Fix static checker warning in try_then_request_governor Greg Kroah-Hartman
` (214 subsequent siblings)
409 siblings, 0 replies; 429+ messages in thread
From: Greg Kroah-Hartman @ 2019-05-30 3:03 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Kan Liang, Peter Zijlstra (Intel),
Alexander Shishkin, Arnaldo Carvalho de Melo, Jiri Olsa,
Linus Torvalds, Stephane Eranian, Thomas Gleixner, Vince Weaver,
acme, jolsa, Ingo Molnar, Sasha Levin
[ Upstream commit f08c47d1f86c6dc666c7e659d94bf6d4492aa9d7 ]
Icelake uses the same C-state residency events as Sandy Bridge.
Signed-off-by: Kan Liang <kan.liang@linux.intel.com>
Signed-off-by: Peter Zijlstra (Intel) <peterz@infradead.org>
Cc: Alexander Shishkin <alexander.shishkin@linux.intel.com>
Cc: Arnaldo Carvalho de Melo <acme@redhat.com>
Cc: Jiri Olsa <jolsa@redhat.com>
Cc: Linus Torvalds <torvalds@linux-foundation.org>
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: Stephane Eranian <eranian@google.com>
Cc: Thomas Gleixner <tglx@linutronix.de>
Cc: Vince Weaver <vincent.weaver@maine.edu>
Cc: acme@kernel.org
Cc: jolsa@kernel.org
Link: https://lkml.kernel.org/r/20190402194509.2832-10-kan.liang@linux.intel.com
Signed-off-by: Ingo Molnar <mingo@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/x86/events/intel/cstate.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/arch/x86/events/intel/cstate.c b/arch/x86/events/intel/cstate.c
index d41de9af7a39b..6072f92cb8eaf 100644
--- a/arch/x86/events/intel/cstate.c
+++ b/arch/x86/events/intel/cstate.c
@@ -578,6 +578,8 @@ static const struct x86_cpu_id intel_cstates_match[] __initconst = {
X86_CSTATES_MODEL(INTEL_FAM6_ATOM_GOLDMONT_X, glm_cstates),
X86_CSTATES_MODEL(INTEL_FAM6_ATOM_GOLDMONT_PLUS, glm_cstates),
+
+ X86_CSTATES_MODEL(INTEL_FAM6_ICELAKE_MOBILE, snb_cstates),
{ },
};
MODULE_DEVICE_TABLE(x86cpu, intel_cstates_match);
--
2.20.1
^ permalink raw reply related [flat|nested] 429+ messages in thread
* [PATCH 5.1 196/405] PM / devfreq: Fix static checker warning in try_then_request_governor
2019-05-30 2:59 [PATCH 5.1 000/405] 5.1.6-stable review Greg Kroah-Hartman
` (194 preceding siblings ...)
2019-05-30 3:03 ` [PATCH 5.1 195/405] perf/x86/intel/cstate: " Greg Kroah-Hartman
@ 2019-05-30 3:03 ` Greg Kroah-Hartman
2019-05-30 3:03 ` [PATCH 5.1 197/405] hwmon: (vt1211) Use request_muxed_region for Super-IO accesses Greg Kroah-Hartman
` (213 subsequent siblings)
409 siblings, 0 replies; 429+ messages in thread
From: Greg Kroah-Hartman @ 2019-05-30 3:03 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Dan Carpenter,
Enric Balletbo i Serra, Chanwoo Choi, MyungJoo Ham, Sasha Levin
[ Upstream commit b53b0128052ffd687797d5f4deeb76327e7b5711 ]
The patch 23c7b54ca1cd: "PM / devfreq: Fix devfreq_add_device() when
drivers are built as modules." leads to the following static checker
warning:
drivers/devfreq/devfreq.c:1043 governor_store()
warn: 'governor' can also be NULL
The reason is that the try_then_request_governor() function returns both
error pointers and NULL. It should just return error pointers, so fix
this by returning a ERR_PTR to the error intead of returning NULL.
Fixes: 23c7b54ca1cd ("PM / devfreq: Fix devfreq_add_device() when drivers are built as modules.")
Reported-by: Dan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: Enric Balletbo i Serra <enric.balletbo@collabora.com>
Reviewed-by: Chanwoo Choi <cw00.choi@samsung.com>
Signed-off-by: MyungJoo Ham <myungjoo.ham@samsung.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/devfreq/devfreq.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/drivers/devfreq/devfreq.c b/drivers/devfreq/devfreq.c
index 0ae3de76833b7..839621b044f49 100644
--- a/drivers/devfreq/devfreq.c
+++ b/drivers/devfreq/devfreq.c
@@ -228,7 +228,7 @@ static struct devfreq_governor *find_devfreq_governor(const char *name)
* if is not found. This can happen when both drivers (the governor driver
* and the driver that call devfreq_add_device) are built as modules.
* devfreq_list_lock should be held by the caller. Returns the matched
- * governor's pointer.
+ * governor's pointer or an error pointer.
*/
static struct devfreq_governor *try_then_request_governor(const char *name)
{
@@ -254,7 +254,7 @@ static struct devfreq_governor *try_then_request_governor(const char *name)
/* Restore previous state before return */
mutex_lock(&devfreq_list_lock);
if (err)
- return NULL;
+ return ERR_PTR(err);
governor = find_devfreq_governor(name);
}
--
2.20.1
^ permalink raw reply related [flat|nested] 429+ messages in thread
* [PATCH 5.1 197/405] hwmon: (vt1211) Use request_muxed_region for Super-IO accesses
2019-05-30 2:59 [PATCH 5.1 000/405] 5.1.6-stable review Greg Kroah-Hartman
` (195 preceding siblings ...)
2019-05-30 3:03 ` [PATCH 5.1 196/405] PM / devfreq: Fix static checker warning in try_then_request_governor Greg Kroah-Hartman
@ 2019-05-30 3:03 ` Greg Kroah-Hartman
2019-05-30 3:03 ` [PATCH 5.1 198/405] hwmon: (smsc47m1) " Greg Kroah-Hartman
` (212 subsequent siblings)
409 siblings, 0 replies; 429+ messages in thread
From: Greg Kroah-Hartman @ 2019-05-30 3:03 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Guenter Roeck, Sasha Levin
[ Upstream commit 14b97ba5c20056102b3dd22696bf17b057e60976 ]
Super-IO accesses may fail on a system with no or unmapped LPC bus.
Also, other drivers may attempt to access the LPC bus at the same time,
resulting in undefined behavior.
Use request_muxed_region() to ensure that IO access on the requested
address space is supported, and to ensure that access by multiple drivers
is synchronized.
Fixes: 2219cd81a6cd ("hwmon/vt1211: Add probing of alternate config index port")
Signed-off-by: Guenter Roeck <linux@roeck-us.net>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/hwmon/vt1211.c | 15 ++++++++++++---
1 file changed, 12 insertions(+), 3 deletions(-)
diff --git a/drivers/hwmon/vt1211.c b/drivers/hwmon/vt1211.c
index 3a6bfa51cb94f..95d5e8ec8b7fc 100644
--- a/drivers/hwmon/vt1211.c
+++ b/drivers/hwmon/vt1211.c
@@ -226,15 +226,21 @@ static inline void superio_select(int sio_cip, int ldn)
outb(ldn, sio_cip + 1);
}
-static inline void superio_enter(int sio_cip)
+static inline int superio_enter(int sio_cip)
{
+ if (!request_muxed_region(sio_cip, 2, DRVNAME))
+ return -EBUSY;
+
outb(0x87, sio_cip);
outb(0x87, sio_cip);
+
+ return 0;
}
static inline void superio_exit(int sio_cip)
{
outb(0xaa, sio_cip);
+ release_region(sio_cip, 2);
}
/* ---------------------------------------------------------------------
@@ -1282,11 +1288,14 @@ static int __init vt1211_device_add(unsigned short address)
static int __init vt1211_find(int sio_cip, unsigned short *address)
{
- int err = -ENODEV;
+ int err;
int devid;
- superio_enter(sio_cip);
+ err = superio_enter(sio_cip);
+ if (err)
+ return err;
+ err = -ENODEV;
devid = force_id ? force_id : superio_inb(sio_cip, SIO_VT1211_DEVID);
if (devid != SIO_VT1211_ID)
goto EXIT;
--
2.20.1
^ permalink raw reply related [flat|nested] 429+ messages in thread
* [PATCH 5.1 198/405] hwmon: (smsc47m1) Use request_muxed_region for Super-IO accesses
2019-05-30 2:59 [PATCH 5.1 000/405] 5.1.6-stable review Greg Kroah-Hartman
` (196 preceding siblings ...)
2019-05-30 3:03 ` [PATCH 5.1 197/405] hwmon: (vt1211) Use request_muxed_region for Super-IO accesses Greg Kroah-Hartman
@ 2019-05-30 3:03 ` Greg Kroah-Hartman
2019-05-30 3:03 ` [PATCH 5.1 199/405] hwmon: (smsc47b397) " Greg Kroah-Hartman
` (211 subsequent siblings)
409 siblings, 0 replies; 429+ messages in thread
From: Greg Kroah-Hartman @ 2019-05-30 3:03 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Kefeng Wang, John Garry,
Guenter Roeck, Sasha Levin
[ Upstream commit d6410408ad2a798c4cc685252c1baa713be0ad69 ]
Super-IO accesses may fail on a system with no or unmapped LPC bus.
Also, other drivers may attempt to access the LPC bus at the same time,
resulting in undefined behavior.
Use request_muxed_region() to ensure that IO access on the requested
address space is supported, and to ensure that access by multiple drivers
is synchronized.
Fixes: 8d5d45fb1468 ("I2C: Move hwmon drivers (2/3)")
Reported-by: Kefeng Wang <wangkefeng.wang@huawei.com>
Reported-by: John Garry <john.garry@huawei.com>
Cc: John Garry <john.garry@huawei.com>
Acked-by: John Garry <john.garry@huawei.com>
Signed-off-by: Guenter Roeck <linux@roeck-us.net>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/hwmon/smsc47m1.c | 28 +++++++++++++++++++---------
1 file changed, 19 insertions(+), 9 deletions(-)
diff --git a/drivers/hwmon/smsc47m1.c b/drivers/hwmon/smsc47m1.c
index c7b6a425e2c02..5eeac9853d0ae 100644
--- a/drivers/hwmon/smsc47m1.c
+++ b/drivers/hwmon/smsc47m1.c
@@ -73,16 +73,21 @@ superio_inb(int reg)
/* logical device for fans is 0x0A */
#define superio_select() superio_outb(0x07, 0x0A)
-static inline void
+static inline int
superio_enter(void)
{
+ if (!request_muxed_region(REG, 2, DRVNAME))
+ return -EBUSY;
+
outb(0x55, REG);
+ return 0;
}
static inline void
superio_exit(void)
{
outb(0xAA, REG);
+ release_region(REG, 2);
}
#define SUPERIO_REG_ACT 0x30
@@ -531,8 +536,12 @@ static int __init smsc47m1_find(struct smsc47m1_sio_data *sio_data)
{
u8 val;
unsigned short addr;
+ int err;
+
+ err = superio_enter();
+ if (err)
+ return err;
- superio_enter();
val = force_id ? force_id : superio_inb(SUPERIO_REG_DEVID);
/*
@@ -608,13 +617,14 @@ static int __init smsc47m1_find(struct smsc47m1_sio_data *sio_data)
static void smsc47m1_restore(const struct smsc47m1_sio_data *sio_data)
{
if ((sio_data->activate & 0x01) == 0) {
- superio_enter();
- superio_select();
-
- pr_info("Disabling device\n");
- superio_outb(SUPERIO_REG_ACT, sio_data->activate);
-
- superio_exit();
+ if (!superio_enter()) {
+ superio_select();
+ pr_info("Disabling device\n");
+ superio_outb(SUPERIO_REG_ACT, sio_data->activate);
+ superio_exit();
+ } else {
+ pr_warn("Failed to disable device\n");
+ }
}
}
--
2.20.1
^ permalink raw reply related [flat|nested] 429+ messages in thread
* [PATCH 5.1 199/405] hwmon: (smsc47b397) Use request_muxed_region for Super-IO accesses
2019-05-30 2:59 [PATCH 5.1 000/405] 5.1.6-stable review Greg Kroah-Hartman
` (197 preceding siblings ...)
2019-05-30 3:03 ` [PATCH 5.1 198/405] hwmon: (smsc47m1) " Greg Kroah-Hartman
@ 2019-05-30 3:03 ` Greg Kroah-Hartman
2019-05-30 3:03 ` [PATCH 5.1 200/405] hwmon: (pc87427) " Greg Kroah-Hartman
` (210 subsequent siblings)
409 siblings, 0 replies; 429+ messages in thread
From: Greg Kroah-Hartman @ 2019-05-30 3:03 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Kefeng Wang, John Garry,
Guenter Roeck, Sasha Levin
[ Upstream commit 8c0826756744c0ac1df600a5e4cca1a341b13101 ]
Super-IO accesses may fail on a system with no or unmapped LPC bus.
Also, other drivers may attempt to access the LPC bus at the same time,
resulting in undefined behavior.
Use request_muxed_region() to ensure that IO access on the requested
address space is supported, and to ensure that access by multiple drivers
is synchronized.
Fixes: 8d5d45fb1468 ("I2C: Move hwmon drivers (2/3)")
Reported-by: Kefeng Wang <wangkefeng.wang@huawei.com>
Reported-by: John Garry <john.garry@huawei.com>
Cc: John Garry <john.garry@huawei.com>
Acked-by: John Garry <john.garry@huawei.com>
Signed-off-by: Guenter Roeck <linux@roeck-us.net>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/hwmon/smsc47b397.c | 13 +++++++++++--
1 file changed, 11 insertions(+), 2 deletions(-)
diff --git a/drivers/hwmon/smsc47b397.c b/drivers/hwmon/smsc47b397.c
index c0775084dde00..60e193f2e9707 100644
--- a/drivers/hwmon/smsc47b397.c
+++ b/drivers/hwmon/smsc47b397.c
@@ -72,14 +72,19 @@ static inline void superio_select(int ld)
superio_outb(0x07, ld);
}
-static inline void superio_enter(void)
+static inline int superio_enter(void)
{
+ if (!request_muxed_region(REG, 2, DRVNAME))
+ return -EBUSY;
+
outb(0x55, REG);
+ return 0;
}
static inline void superio_exit(void)
{
outb(0xAA, REG);
+ release_region(REG, 2);
}
#define SUPERIO_REG_DEVID 0x20
@@ -300,8 +305,12 @@ static int __init smsc47b397_find(void)
u8 id, rev;
char *name;
unsigned short addr;
+ int err;
+
+ err = superio_enter();
+ if (err)
+ return err;
- superio_enter();
id = force_id ? force_id : superio_inb(SUPERIO_REG_DEVID);
switch (id) {
--
2.20.1
^ permalink raw reply related [flat|nested] 429+ messages in thread
* [PATCH 5.1 200/405] hwmon: (pc87427) Use request_muxed_region for Super-IO accesses
2019-05-30 2:59 [PATCH 5.1 000/405] 5.1.6-stable review Greg Kroah-Hartman
` (198 preceding siblings ...)
2019-05-30 3:03 ` [PATCH 5.1 199/405] hwmon: (smsc47b397) " Greg Kroah-Hartman
@ 2019-05-30 3:03 ` Greg Kroah-Hartman
2019-05-30 3:03 ` [PATCH 5.1 201/405] hwmon: (f71805f) " Greg Kroah-Hartman
` (209 subsequent siblings)
409 siblings, 0 replies; 429+ messages in thread
From: Greg Kroah-Hartman @ 2019-05-30 3:03 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Kefeng Wang, John Garry,
Guenter Roeck, Sasha Levin
[ Upstream commit 755a9b0f8aaa5639ba5671ca50080852babb89ce ]
Super-IO accesses may fail on a system with no or unmapped LPC bus.
Also, other drivers may attempt to access the LPC bus at the same time,
resulting in undefined behavior.
Use request_muxed_region() to ensure that IO access on the requested
address space is supported, and to ensure that access by multiple drivers
is synchronized.
Fixes: ba224e2c4f0a7 ("hwmon: New PC87427 hardware monitoring driver")
Reported-by: Kefeng Wang <wangkefeng.wang@huawei.com>
Reported-by: John Garry <john.garry@huawei.com>
Cc: John Garry <john.garry@huawei.com>
Acked-by: John Garry <john.garry@huawei.com>
Signed-off-by: Guenter Roeck <linux@roeck-us.net>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/hwmon/pc87427.c | 14 +++++++++++++-
1 file changed, 13 insertions(+), 1 deletion(-)
diff --git a/drivers/hwmon/pc87427.c b/drivers/hwmon/pc87427.c
index d1a3f2040c007..58eee8fa3e6d6 100644
--- a/drivers/hwmon/pc87427.c
+++ b/drivers/hwmon/pc87427.c
@@ -106,6 +106,13 @@ static const char *logdev_str[2] = { DRVNAME " FMC", DRVNAME " HMC" };
#define LD_IN 1
#define LD_TEMP 1
+static inline int superio_enter(int sioaddr)
+{
+ if (!request_muxed_region(sioaddr, 2, DRVNAME))
+ return -EBUSY;
+ return 0;
+}
+
static inline void superio_outb(int sioaddr, int reg, int val)
{
outb(reg, sioaddr);
@@ -122,6 +129,7 @@ static inline void superio_exit(int sioaddr)
{
outb(0x02, sioaddr);
outb(0x02, sioaddr + 1);
+ release_region(sioaddr, 2);
}
/*
@@ -1195,7 +1203,11 @@ static int __init pc87427_find(int sioaddr, struct pc87427_sio_data *sio_data)
{
u16 val;
u8 cfg, cfg_b;
- int i, err = 0;
+ int i, err;
+
+ err = superio_enter(sioaddr);
+ if (err)
+ return err;
/* Identify device */
val = force_id ? force_id : superio_inb(sioaddr, SIOREG_DEVID);
--
2.20.1
^ permalink raw reply related [flat|nested] 429+ messages in thread
* [PATCH 5.1 201/405] hwmon: (f71805f) Use request_muxed_region for Super-IO accesses
2019-05-30 2:59 [PATCH 5.1 000/405] 5.1.6-stable review Greg Kroah-Hartman
` (199 preceding siblings ...)
2019-05-30 3:03 ` [PATCH 5.1 200/405] hwmon: (pc87427) " Greg Kroah-Hartman
@ 2019-05-30 3:03 ` Greg Kroah-Hartman
2019-05-30 3:03 ` [PATCH 5.1 202/405] scsi: libsas: Do discovery on empty PHY to update PHY info Greg Kroah-Hartman
` (208 subsequent siblings)
409 siblings, 0 replies; 429+ messages in thread
From: Greg Kroah-Hartman @ 2019-05-30 3:03 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Kefeng Wang, John Garry,
Guenter Roeck, Sasha Levin
[ Upstream commit 73e6ff71a7ea924fb7121d576a2d41e3be3fc6b5 ]
Super-IO accesses may fail on a system with no or unmapped LPC bus.
Unable to handle kernel paging request at virtual address ffffffbffee0002e
pgd = ffffffc1d68d4000
[ffffffbffee0002e] *pgd=0000000000000000, *pud=0000000000000000
Internal error: Oops: 94000046 [#1] PREEMPT SMP
Modules linked in: f71805f(+) hwmon
CPU: 3 PID: 1659 Comm: insmod Not tainted 4.5.0+ #88
Hardware name: linux,dummy-virt (DT)
task: ffffffc1f6665400 ti: ffffffc1d6418000 task.ti: ffffffc1d6418000
PC is at f71805f_find+0x6c/0x358 [f71805f]
Also, other drivers may attempt to access the LPC bus at the same time,
resulting in undefined behavior.
Use request_muxed_region() to ensure that IO access on the requested
address space is supported, and to ensure that access by multiple
drivers is synchronized.
Fixes: e53004e20a58e ("hwmon: New f71805f driver")
Reported-by: Kefeng Wang <wangkefeng.wang@huawei.com>
Reported-by: John Garry <john.garry@huawei.com>
Cc: John Garry <john.garry@huawei.com>
Acked-by: John Garry <john.garry@huawei.com>
Signed-off-by: Guenter Roeck <linux@roeck-us.net>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/hwmon/f71805f.c | 15 ++++++++++++---
1 file changed, 12 insertions(+), 3 deletions(-)
diff --git a/drivers/hwmon/f71805f.c b/drivers/hwmon/f71805f.c
index 73c681162653b..623736d2a7c1d 100644
--- a/drivers/hwmon/f71805f.c
+++ b/drivers/hwmon/f71805f.c
@@ -96,17 +96,23 @@ superio_select(int base, int ld)
outb(ld, base + 1);
}
-static inline void
+static inline int
superio_enter(int base)
{
+ if (!request_muxed_region(base, 2, DRVNAME))
+ return -EBUSY;
+
outb(0x87, base);
outb(0x87, base);
+
+ return 0;
}
static inline void
superio_exit(int base)
{
outb(0xaa, base);
+ release_region(base, 2);
}
/*
@@ -1561,7 +1567,7 @@ static int __init f71805f_device_add(unsigned short address,
static int __init f71805f_find(int sioaddr, unsigned short *address,
struct f71805f_sio_data *sio_data)
{
- int err = -ENODEV;
+ int err;
u16 devid;
static const char * const names[] = {
@@ -1569,8 +1575,11 @@ static int __init f71805f_find(int sioaddr, unsigned short *address,
"F71872F/FG or F71806F/FG",
};
- superio_enter(sioaddr);
+ err = superio_enter(sioaddr);
+ if (err)
+ return err;
+ err = -ENODEV;
devid = superio_inw(sioaddr, SIO_REG_MANID);
if (devid != SIO_FINTEK_ID)
goto exit;
--
2.20.1
^ permalink raw reply related [flat|nested] 429+ messages in thread
* [PATCH 5.1 202/405] scsi: libsas: Do discovery on empty PHY to update PHY info
2019-05-30 2:59 [PATCH 5.1 000/405] 5.1.6-stable review Greg Kroah-Hartman
` (200 preceding siblings ...)
2019-05-30 3:03 ` [PATCH 5.1 201/405] hwmon: (f71805f) " Greg Kroah-Hartman
@ 2019-05-30 3:03 ` Greg Kroah-Hartman
2019-05-30 3:03 ` [PATCH 5.1 203/405] mmc: core: make pwrseq_emmc (partially) support sleepy GPIO controllers Greg Kroah-Hartman
` (207 subsequent siblings)
409 siblings, 0 replies; 429+ messages in thread
From: Greg Kroah-Hartman @ 2019-05-30 3:03 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, John Garry, Martin K. Petersen, Sasha Levin
[ Upstream commit d8649fc1c5e40e691d589ed825998c36a947491c ]
When we discover the PHY is empty in sas_rediscover_dev(), the PHY
information (like negotiated linkrate) is not updated.
As such, for a user examining sysfs for that PHY, they would see
incorrect values:
root@(none)$ cd /sys/class/sas_phy/phy-0:0:20
root@(none)$ more negotiated_linkrate
3.0 Gbit
root@(none)$ echo 0 > enable
root@(none)$ more negotiated_linkrate
3.0 Gbit
So fix this, simply discover the PHY again, even though we know it's empty;
in the above example, this gives us:
root@(none)$ more negotiated_linkrate
Phy disabled
We must do this after unregistering the device associated with the PHY
(in sas_unregister_devs_sas_addr()).
Signed-off-by: John Garry <john.garry@huawei.com>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/scsi/libsas/sas_expander.c | 5 +++++
1 file changed, 5 insertions(+)
diff --git a/drivers/scsi/libsas/sas_expander.c b/drivers/scsi/libsas/sas_expander.c
index 17b45a0c7bc38..3611a4ef0d150 100644
--- a/drivers/scsi/libsas/sas_expander.c
+++ b/drivers/scsi/libsas/sas_expander.c
@@ -2052,6 +2052,11 @@ static int sas_rediscover_dev(struct domain_device *dev, int phy_id, bool last)
if ((SAS_ADDR(sas_addr) == 0) || (res == -ECOMM)) {
phy->phy_state = PHY_EMPTY;
sas_unregister_devs_sas_addr(dev, phy_id, last);
+ /*
+ * Even though the PHY is empty, for convenience we discover
+ * the PHY to update the PHY info, like negotiated linkrate.
+ */
+ sas_ex_phy_discover(dev, phy_id);
return res;
} else if (SAS_ADDR(sas_addr) == SAS_ADDR(phy->attached_sas_addr) &&
dev_type_flutter(type, phy->attached_dev_type)) {
--
2.20.1
^ permalink raw reply related [flat|nested] 429+ messages in thread
* [PATCH 5.1 203/405] mmc: core: make pwrseq_emmc (partially) support sleepy GPIO controllers
2019-05-30 2:59 [PATCH 5.1 000/405] 5.1.6-stable review Greg Kroah-Hartman
` (201 preceding siblings ...)
2019-05-30 3:03 ` [PATCH 5.1 202/405] scsi: libsas: Do discovery on empty PHY to update PHY info Greg Kroah-Hartman
@ 2019-05-30 3:03 ` Greg Kroah-Hartman
2019-05-30 3:03 ` [PATCH 5.1 204/405] mmc_spi: add a status check for spi_sync_locked Greg Kroah-Hartman
` (206 subsequent siblings)
409 siblings, 0 replies; 429+ messages in thread
From: Greg Kroah-Hartman @ 2019-05-30 3:03 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Andrea Merello, Ulf Hansson, Sasha Levin
[ Upstream commit 002ee28e8b322d4d4b7b83234b5d0f4ebd428eda ]
pwrseq_emmc.c implements a HW reset procedure for eMMC chip by driving a
GPIO line.
It registers the .reset() cb on mmc_pwrseq_ops and it registers a system
restart notification handler; both of them perform reset by unconditionally
calling gpiod_set_value().
If the eMMC reset line is tied to a GPIO controller whose driver can sleep
(i.e. I2C GPIO controller), then the kernel would spit warnings when trying
to reset the eMMC chip by means of .reset() mmc_pwrseq_ops cb (that is
exactly what I'm seeing during boot).
Furthermore, on system reset we would gets to the system restart
notification handler with disabled interrupts - local_irq_disable() is
called in machine_restart() at least on ARM/ARM64 - and we would be in
trouble when the GPIO driver tries to sleep (which indeed doesn't happen
here, likely because in my case the machine specific code doesn't call
do_kernel_restart(), I guess..).
This patch fixes the .reset() cb to make use of gpiod_set_value_cansleep(),
so that the eMMC gets reset on boot without complaints, while, since there
isn't that much we can do, we avoid register the restart handler if the
GPIO controller has a sleepy driver (and we spit a dev_notice() message to
let people know)..
This had been tested on a downstream 4.9 kernel with backported
commit 83f37ee7ba33 ("mmc: pwrseq: Add reset callback to the struct
mmc_pwrseq_ops") and commit ae60fb031cf2 ("mmc: core: Don't do eMMC HW
reset when resuming the eMMC card"), because I couldn't boot my board
otherwise. Maybe worth to RFT.
Signed-off-by: Andrea Merello <andrea.merello@gmail.com>
Signed-off-by: Ulf Hansson <ulf.hansson@linaro.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/mmc/core/pwrseq_emmc.c | 38 ++++++++++++++++++----------------
1 file changed, 20 insertions(+), 18 deletions(-)
diff --git a/drivers/mmc/core/pwrseq_emmc.c b/drivers/mmc/core/pwrseq_emmc.c
index efb8a7965dd4a..154f4204d58cb 100644
--- a/drivers/mmc/core/pwrseq_emmc.c
+++ b/drivers/mmc/core/pwrseq_emmc.c
@@ -30,19 +30,14 @@ struct mmc_pwrseq_emmc {
#define to_pwrseq_emmc(p) container_of(p, struct mmc_pwrseq_emmc, pwrseq)
-static void __mmc_pwrseq_emmc_reset(struct mmc_pwrseq_emmc *pwrseq)
-{
- gpiod_set_value(pwrseq->reset_gpio, 1);
- udelay(1);
- gpiod_set_value(pwrseq->reset_gpio, 0);
- udelay(200);
-}
-
static void mmc_pwrseq_emmc_reset(struct mmc_host *host)
{
struct mmc_pwrseq_emmc *pwrseq = to_pwrseq_emmc(host->pwrseq);
- __mmc_pwrseq_emmc_reset(pwrseq);
+ gpiod_set_value_cansleep(pwrseq->reset_gpio, 1);
+ udelay(1);
+ gpiod_set_value_cansleep(pwrseq->reset_gpio, 0);
+ udelay(200);
}
static int mmc_pwrseq_emmc_reset_nb(struct notifier_block *this,
@@ -50,8 +45,11 @@ static int mmc_pwrseq_emmc_reset_nb(struct notifier_block *this,
{
struct mmc_pwrseq_emmc *pwrseq = container_of(this,
struct mmc_pwrseq_emmc, reset_nb);
+ gpiod_set_value(pwrseq->reset_gpio, 1);
+ udelay(1);
+ gpiod_set_value(pwrseq->reset_gpio, 0);
+ udelay(200);
- __mmc_pwrseq_emmc_reset(pwrseq);
return NOTIFY_DONE;
}
@@ -72,14 +70,18 @@ static int mmc_pwrseq_emmc_probe(struct platform_device *pdev)
if (IS_ERR(pwrseq->reset_gpio))
return PTR_ERR(pwrseq->reset_gpio);
- /*
- * register reset handler to ensure emmc reset also from
- * emergency_reboot(), priority 255 is the highest priority
- * so it will be executed before any system reboot handler.
- */
- pwrseq->reset_nb.notifier_call = mmc_pwrseq_emmc_reset_nb;
- pwrseq->reset_nb.priority = 255;
- register_restart_handler(&pwrseq->reset_nb);
+ if (!gpiod_cansleep(pwrseq->reset_gpio)) {
+ /*
+ * register reset handler to ensure emmc reset also from
+ * emergency_reboot(), priority 255 is the highest priority
+ * so it will be executed before any system reboot handler.
+ */
+ pwrseq->reset_nb.notifier_call = mmc_pwrseq_emmc_reset_nb;
+ pwrseq->reset_nb.priority = 255;
+ register_restart_handler(&pwrseq->reset_nb);
+ } else {
+ dev_notice(dev, "EMMC reset pin tied to a sleepy GPIO driver; reset on emergency-reboot disabled\n");
+ }
pwrseq->pwrseq.ops = &mmc_pwrseq_emmc_ops;
pwrseq->pwrseq.dev = dev;
--
2.20.1
^ permalink raw reply related [flat|nested] 429+ messages in thread
* [PATCH 5.1 204/405] mmc_spi: add a status check for spi_sync_locked
2019-05-30 2:59 [PATCH 5.1 000/405] 5.1.6-stable review Greg Kroah-Hartman
` (202 preceding siblings ...)
2019-05-30 3:03 ` [PATCH 5.1 203/405] mmc: core: make pwrseq_emmc (partially) support sleepy GPIO controllers Greg Kroah-Hartman
@ 2019-05-30 3:03 ` Greg Kroah-Hartman
2019-05-30 3:03 ` [PATCH 5.1 205/405] mmc: sdhci-of-esdhc: add erratum eSDHC5 support Greg Kroah-Hartman
` (205 subsequent siblings)
409 siblings, 0 replies; 429+ messages in thread
From: Greg Kroah-Hartman @ 2019-05-30 3:03 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Kangjie Lu, Laurent Pinchart,
Ulf Hansson, Sasha Levin
[ Upstream commit 611025983b7976df0183390a63a2166411d177f1 ]
In case spi_sync_locked fails, the fix reports the error and
returns the error code upstream.
Signed-off-by: Kangjie Lu <kjlu@umn.edu>
Reviewed-by: Laurent Pinchart <laurent.pinchart@ideasonboard.com>
Signed-off-by: Ulf Hansson <ulf.hansson@linaro.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/mmc/host/mmc_spi.c | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/drivers/mmc/host/mmc_spi.c b/drivers/mmc/host/mmc_spi.c
index 1b1498805972c..a3533935e282b 100644
--- a/drivers/mmc/host/mmc_spi.c
+++ b/drivers/mmc/host/mmc_spi.c
@@ -819,6 +819,10 @@ mmc_spi_readblock(struct mmc_spi_host *host, struct spi_transfer *t,
}
status = spi_sync_locked(spi, &host->m);
+ if (status < 0) {
+ dev_dbg(&spi->dev, "read error %d\n", status);
+ return status;
+ }
if (host->dma_dev) {
dma_sync_single_for_cpu(host->dma_dev,
--
2.20.1
^ permalink raw reply related [flat|nested] 429+ messages in thread
* [PATCH 5.1 205/405] mmc: sdhci-of-esdhc: add erratum eSDHC5 support
2019-05-30 2:59 [PATCH 5.1 000/405] 5.1.6-stable review Greg Kroah-Hartman
` (203 preceding siblings ...)
2019-05-30 3:03 ` [PATCH 5.1 204/405] mmc_spi: add a status check for spi_sync_locked Greg Kroah-Hartman
@ 2019-05-30 3:03 ` Greg Kroah-Hartman
2019-05-30 3:03 ` [PATCH 5.1 206/405] mmc: sdhci-of-esdhc: add erratum A-009204 support Greg Kroah-Hartman
` (204 subsequent siblings)
409 siblings, 0 replies; 429+ messages in thread
From: Greg Kroah-Hartman @ 2019-05-30 3:03 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Yinbo Zhu, Adrian Hunter,
Ulf Hansson, Sasha Levin
[ Upstream commit a46e42712596b51874f04c73f1cdf1017f88df52 ]
Software writing to the Transfer Type configuration register
(system clock domain) can cause a setup/hold violation in the
CRC flops (card clock domain), which can cause write accesses
to be sent with corrupt CRC values. This issue occurs only for
write preceded by read. this erratum is to fix this issue.
Signed-off-by: Yinbo Zhu <yinbo.zhu@nxp.com>
Acked-by: Adrian Hunter <adrian.hunter@intel.com>
Signed-off-by: Ulf Hansson <ulf.hansson@linaro.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/mmc/host/sdhci-of-esdhc.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/drivers/mmc/host/sdhci-of-esdhc.c b/drivers/mmc/host/sdhci-of-esdhc.c
index 4e669b4edfc11..9da53e548691b 100644
--- a/drivers/mmc/host/sdhci-of-esdhc.c
+++ b/drivers/mmc/host/sdhci-of-esdhc.c
@@ -1074,6 +1074,9 @@ static int sdhci_esdhc_probe(struct platform_device *pdev)
if (esdhc->vendor_ver > VENDOR_V_22)
host->quirks &= ~SDHCI_QUIRK_NO_BUSY_IRQ;
+ if (of_find_compatible_node(NULL, NULL, "fsl,p2020-esdhc"))
+ host->quirks2 |= SDHCI_QUIRK_RESET_AFTER_REQUEST;
+
if (of_device_is_compatible(np, "fsl,p5040-esdhc") ||
of_device_is_compatible(np, "fsl,p5020-esdhc") ||
of_device_is_compatible(np, "fsl,p4080-esdhc") ||
--
2.20.1
^ permalink raw reply related [flat|nested] 429+ messages in thread
* [PATCH 5.1 206/405] mmc: sdhci-of-esdhc: add erratum A-009204 support
2019-05-30 2:59 [PATCH 5.1 000/405] 5.1.6-stable review Greg Kroah-Hartman
` (204 preceding siblings ...)
2019-05-30 3:03 ` [PATCH 5.1 205/405] mmc: sdhci-of-esdhc: add erratum eSDHC5 support Greg Kroah-Hartman
@ 2019-05-30 3:03 ` Greg Kroah-Hartman
2019-05-30 3:03 ` [PATCH 5.1 207/405] mmc: sdhci-of-esdhc: add erratum eSDHC-A001 and A-008358 support Greg Kroah-Hartman
` (203 subsequent siblings)
409 siblings, 0 replies; 429+ messages in thread
From: Greg Kroah-Hartman @ 2019-05-30 3:03 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Yinbo Zhu, Adrian Hunter,
Ulf Hansson, Sasha Levin
[ Upstream commit 5dd195522562542bc6ebe6e7bd47890d8b7ca93c ]
In the event of that any data error (like, IRQSTAT[DCE]) occurs
during an eSDHC data transaction where DMA is used for data
transfer to/from the system memory, setting the SYSCTL[RSTD]
register may cause a system hang. If software sets the register
SYSCTL[RSTD] to 1 for error recovery while DMA transferring is
not complete, eSDHC may hang the system bus. This happens because
the software register SYSCTL[RSTD] resets the DMA engine without
waiting for the completion of pending system transactions. This
erratum is to fix this issue.
Signed-off-by: Yinbo Zhu <yinbo.zhu@nxp.com>
Acked-by: Adrian Hunter <adrian.hunter@intel.com>
Signed-off-by: Ulf Hansson <ulf.hansson@linaro.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/mmc/host/sdhci-of-esdhc.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/drivers/mmc/host/sdhci-of-esdhc.c b/drivers/mmc/host/sdhci-of-esdhc.c
index 9da53e548691b..4fc4d2c7643c5 100644
--- a/drivers/mmc/host/sdhci-of-esdhc.c
+++ b/drivers/mmc/host/sdhci-of-esdhc.c
@@ -694,6 +694,9 @@ static void esdhc_reset(struct sdhci_host *host, u8 mask)
sdhci_writel(host, host->ier, SDHCI_INT_ENABLE);
sdhci_writel(host, host->ier, SDHCI_SIGNAL_ENABLE);
+ if (of_find_compatible_node(NULL, NULL, "fsl,p2020-esdhc"))
+ mdelay(5);
+
if (mask & SDHCI_RESET_ALL) {
val = sdhci_readl(host, ESDHC_TBCTL);
val &= ~ESDHC_TB_EN;
--
2.20.1
^ permalink raw reply related [flat|nested] 429+ messages in thread
* [PATCH 5.1 207/405] mmc: sdhci-of-esdhc: add erratum eSDHC-A001 and A-008358 support
2019-05-30 2:59 [PATCH 5.1 000/405] 5.1.6-stable review Greg Kroah-Hartman
` (205 preceding siblings ...)
2019-05-30 3:03 ` [PATCH 5.1 206/405] mmc: sdhci-of-esdhc: add erratum A-009204 support Greg Kroah-Hartman
@ 2019-05-30 3:03 ` Greg Kroah-Hartman
2019-05-30 3:03 ` [PATCH 5.1 208/405] net: hns3: free the pending skb when clean RX ring Greg Kroah-Hartman
` (202 subsequent siblings)
409 siblings, 0 replies; 429+ messages in thread
From: Greg Kroah-Hartman @ 2019-05-30 3:03 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Yinbo Zhu, Adrian Hunter,
Ulf Hansson, Sasha Levin
[ Upstream commit 05cb6b2a66fa7837211a060878e91be5eb10cb07 ]
eSDHC-A001: The data timeout counter (SYSCTL[DTOCV]) is not
reliable for DTOCV values 0x4(2^17 SD clock), 0x8(2^21 SD clock),
and 0xC(2^25 SD clock). The data timeout counter can count from
2^13–2^27, but for values 2^17, 2^21, and 2^25, the timeout
counter counts for only 2^13 SD clocks.
A-008358: The data timeout counter value loaded into the timeout
counter is less than expected and can result into early timeout
error in case of eSDHC data transactions. The table below shows
the expected vs actual timeout period for different values of
SYSCTL[DTOCV]:
these two erratum has the same quirk to control it, and set
SDHCI_QUIRK_RESET_AFTER_REQUEST to fix above issue.
Signed-off-by: Yinbo Zhu <yinbo.zhu@nxp.com>
Acked-by: Adrian Hunter <adrian.hunter@intel.com>
Signed-off-by: Ulf Hansson <ulf.hansson@linaro.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/mmc/host/sdhci-of-esdhc.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/drivers/mmc/host/sdhci-of-esdhc.c b/drivers/mmc/host/sdhci-of-esdhc.c
index 4fc4d2c7643c5..7e0eae8dafae0 100644
--- a/drivers/mmc/host/sdhci-of-esdhc.c
+++ b/drivers/mmc/host/sdhci-of-esdhc.c
@@ -1077,8 +1077,10 @@ static int sdhci_esdhc_probe(struct platform_device *pdev)
if (esdhc->vendor_ver > VENDOR_V_22)
host->quirks &= ~SDHCI_QUIRK_NO_BUSY_IRQ;
- if (of_find_compatible_node(NULL, NULL, "fsl,p2020-esdhc"))
+ if (of_find_compatible_node(NULL, NULL, "fsl,p2020-esdhc")) {
host->quirks2 |= SDHCI_QUIRK_RESET_AFTER_REQUEST;
+ host->quirks2 |= SDHCI_QUIRK_BROKEN_TIMEOUT_VAL;
+ }
if (of_device_is_compatible(np, "fsl,p5040-esdhc") ||
of_device_is_compatible(np, "fsl,p5020-esdhc") ||
--
2.20.1
^ permalink raw reply related [flat|nested] 429+ messages in thread
* [PATCH 5.1 208/405] net: hns3: free the pending skb when clean RX ring
2019-05-30 2:59 [PATCH 5.1 000/405] 5.1.6-stable review Greg Kroah-Hartman
` (206 preceding siblings ...)
2019-05-30 3:03 ` [PATCH 5.1 207/405] mmc: sdhci-of-esdhc: add erratum eSDHC-A001 and A-008358 support Greg Kroah-Hartman
@ 2019-05-30 3:03 ` Greg Kroah-Hartman
2019-05-30 3:03 ` [PATCH 5.1 209/405] drm/amdgpu: fix old fence check in amdgpu_fence_emit Greg Kroah-Hartman
` (201 subsequent siblings)
409 siblings, 0 replies; 429+ messages in thread
From: Greg Kroah-Hartman @ 2019-05-30 3:03 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Peng Li, Huazhong Tan,
David S. Miller, Sasha Levin
[ Upstream commit cc5ff6e90f808f9a4c8229bf2f1de0dfe5d7931c ]
If there is pending skb in RX flow when close the port, and the
pending buffer is not cleaned, the new packet will be added to
the pending skb when the port opens again, and the first new
packet has error data.
This patch cleans the pending skb when clean RX ring.
Signed-off-by: Peng Li <lipeng321@huawei.com>
Signed-off-by: Huazhong Tan <tanhuazhong@huawei.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/ethernet/hisilicon/hns3/hns3_enet.c | 7 +++++++
1 file changed, 7 insertions(+)
diff --git a/drivers/net/ethernet/hisilicon/hns3/hns3_enet.c b/drivers/net/ethernet/hisilicon/hns3/hns3_enet.c
index 0208efe282775..d6b488c2de332 100644
--- a/drivers/net/ethernet/hisilicon/hns3/hns3_enet.c
+++ b/drivers/net/ethernet/hisilicon/hns3/hns3_enet.c
@@ -3851,6 +3851,13 @@ static int hns3_clear_rx_ring(struct hns3_enet_ring *ring)
ring_ptr_move_fw(ring, next_to_use);
}
+ /* Free the pending skb in rx ring */
+ if (ring->skb) {
+ dev_kfree_skb_any(ring->skb);
+ ring->skb = NULL;
+ ring->pending_buf = 0;
+ }
+
return 0;
}
--
2.20.1
^ permalink raw reply related [flat|nested] 429+ messages in thread
* [PATCH 5.1 209/405] drm/amdgpu: fix old fence check in amdgpu_fence_emit
2019-05-30 2:59 [PATCH 5.1 000/405] 5.1.6-stable review Greg Kroah-Hartman
` (207 preceding siblings ...)
2019-05-30 3:03 ` [PATCH 5.1 208/405] net: hns3: free the pending skb when clean RX ring Greg Kroah-Hartman
@ 2019-05-30 3:03 ` Greg Kroah-Hartman
2019-05-30 3:03 ` [PATCH 5.1 210/405] PM / core: Propagate dev->power.wakeup_path when no callbacks Greg Kroah-Hartman
` (200 subsequent siblings)
409 siblings, 0 replies; 429+ messages in thread
From: Greg Kroah-Hartman @ 2019-05-30 3:03 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Christian König, Chunming Zhou,
Alex Deucher, Sasha Levin
[ Upstream commit 3d2aca8c8620346abdba96c6300d2c0b90a1d0cc ]
We don't hold a reference to the old fence, so it can go away
any time we are waiting for it to signal.
Signed-off-by: Christian König <christian.koenig@amd.com>
Reviewed-by: Chunming Zhou <david1.zhou@amd.com>
Signed-off-by: Alex Deucher <alexander.deucher@amd.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/gpu/drm/amd/amdgpu/amdgpu_fence.c | 24 ++++++++++++++++-------
1 file changed, 17 insertions(+), 7 deletions(-)
diff --git a/drivers/gpu/drm/amd/amdgpu/amdgpu_fence.c b/drivers/gpu/drm/amd/amdgpu/amdgpu_fence.c
index ee47c11e92ce7..4dee2326b29c3 100644
--- a/drivers/gpu/drm/amd/amdgpu/amdgpu_fence.c
+++ b/drivers/gpu/drm/amd/amdgpu/amdgpu_fence.c
@@ -136,8 +136,9 @@ int amdgpu_fence_emit(struct amdgpu_ring *ring, struct dma_fence **f,
{
struct amdgpu_device *adev = ring->adev;
struct amdgpu_fence *fence;
- struct dma_fence *old, **ptr;
+ struct dma_fence __rcu **ptr;
uint32_t seq;
+ int r;
fence = kmem_cache_alloc(amdgpu_fence_slab, GFP_KERNEL);
if (fence == NULL)
@@ -153,15 +154,24 @@ int amdgpu_fence_emit(struct amdgpu_ring *ring, struct dma_fence **f,
seq, flags | AMDGPU_FENCE_FLAG_INT);
ptr = &ring->fence_drv.fences[seq & ring->fence_drv.num_fences_mask];
+ if (unlikely(rcu_dereference_protected(*ptr, 1))) {
+ struct dma_fence *old;
+
+ rcu_read_lock();
+ old = dma_fence_get_rcu_safe(ptr);
+ rcu_read_unlock();
+
+ if (old) {
+ r = dma_fence_wait(old, false);
+ dma_fence_put(old);
+ if (r)
+ return r;
+ }
+ }
+
/* This function can't be called concurrently anyway, otherwise
* emitting the fence would mess up the hardware ring buffer.
*/
- old = rcu_dereference_protected(*ptr, 1);
- if (old && !dma_fence_is_signaled(old)) {
- DRM_INFO("rcu slot is busy\n");
- dma_fence_wait(old, false);
- }
-
rcu_assign_pointer(*ptr, dma_fence_get(&fence->base));
*f = &fence->base;
--
2.20.1
^ permalink raw reply related [flat|nested] 429+ messages in thread
* [PATCH 5.1 210/405] PM / core: Propagate dev->power.wakeup_path when no callbacks
2019-05-30 2:59 [PATCH 5.1 000/405] 5.1.6-stable review Greg Kroah-Hartman
` (208 preceding siblings ...)
2019-05-30 3:03 ` [PATCH 5.1 209/405] drm/amdgpu: fix old fence check in amdgpu_fence_emit Greg Kroah-Hartman
@ 2019-05-30 3:03 ` Greg Kroah-Hartman
2019-05-30 3:03 ` [PATCH 5.1 211/405] clk: rockchip: Fix video codec clocks on rk3288 Greg Kroah-Hartman
` (199 subsequent siblings)
409 siblings, 0 replies; 429+ messages in thread
From: Greg Kroah-Hartman @ 2019-05-30 3:03 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Loic Pallardy, Ulf Hansson,
Rafael J. Wysocki, Sasha Levin
[ Upstream commit dc351d4c5f4fe4d0f274d6d660227be0c3a03317 ]
The dev->power.direct_complete flag may become set in device_prepare() in
case the device don't have any PM callbacks (dev->power.no_pm_callbacks is
set). This leads to a broken behaviour, when there is child having wakeup
enabled and relies on its parent to be used in the wakeup path.
More precisely, when the direct complete path becomes selected for the
child in __device_suspend(), the propagation of the dev->power.wakeup_path
becomes skipped as well.
Let's address this problem, by checking if the device is a part the wakeup
path or has wakeup enabled, then prevent the direct complete path from
being used.
Reported-by: Loic Pallardy <loic.pallardy@st.com>
Signed-off-by: Ulf Hansson <ulf.hansson@linaro.org>
[ rjw: Comment cleanup ]
Signed-off-by: Rafael J. Wysocki <rafael.j.wysocki@intel.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/base/power/main.c | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/drivers/base/power/main.c b/drivers/base/power/main.c
index f80d298de3fa4..8ad20ed0cb7c3 100644
--- a/drivers/base/power/main.c
+++ b/drivers/base/power/main.c
@@ -1747,6 +1747,10 @@ static int __device_suspend(struct device *dev, pm_message_t state, bool async)
if (dev->power.syscore)
goto Complete;
+ /* Avoid direct_complete to let wakeup_path propagate. */
+ if (device_may_wakeup(dev) || dev->power.wakeup_path)
+ dev->power.direct_complete = false;
+
if (dev->power.direct_complete) {
if (pm_runtime_status_suspended(dev)) {
pm_runtime_disable(dev);
--
2.20.1
^ permalink raw reply related [flat|nested] 429+ messages in thread
* [PATCH 5.1 211/405] clk: rockchip: Fix video codec clocks on rk3288
2019-05-30 2:59 [PATCH 5.1 000/405] 5.1.6-stable review Greg Kroah-Hartman
` (209 preceding siblings ...)
2019-05-30 3:03 ` [PATCH 5.1 210/405] PM / core: Propagate dev->power.wakeup_path when no callbacks Greg Kroah-Hartman
@ 2019-05-30 3:03 ` Greg Kroah-Hartman
2019-05-30 3:03 ` [PATCH 5.1 212/405] extcon: arizona: Disable mic detect if running when driver is removed Greg Kroah-Hartman
` (198 subsequent siblings)
409 siblings, 0 replies; 429+ messages in thread
From: Greg Kroah-Hartman @ 2019-05-30 3:03 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Jonas Karlman, Randy Li,
Douglas Anderson, Heiko Stuebner, Sasha Levin
[ Upstream commit 00c0cd9e59d265b393553e9afa54fee8b10e8158 ]
It appears that there is a typo in the rk3288 TRM. For
GRF_SOC_CON0[7] it says that 0 means "vepu" and 1 means "vdpu". It's
the other way around.
How do I know? Here's my evidence:
1. Prior to commit 4d3e84f99628 ("clk: rockchip: describe aclk_vcodec
using the new muxgrf type on rk3288") we always pretended that we
were using "aclk_vdpu" and the comment in the code said that this
matched the default setting in the system. In fact the default
setting is 0 according to the TRM and according to reading memory
at bootup. In addition rk3288-based Chromebooks ran like this and
the video codecs worked.
2. With the existing clock code if you boot up and try to enable the
new VIDEO_ROCKCHIP_VPU as a module (and without "clk_ignore_unused"
on the command line), you get errors like "failed to get ack on
domain 'pd_video', val=0x80208". After flipping vepu/vdpu things
init OK.
3. If I export and add both the vepu and vdpu to the list of clocks
for RK3288_PD_VIDEO I can get past the power domain errors, but now
I freeze when the vpu_mmu gets initted.
4. If I just mark the "vdpu" as IGNORE_UNUSED then everything boots up
and probes OK showing that somehow the "vdpu" was important to keep
enabled. This is because we were actually using it as a parent.
5. After this change I can hack "aclk_vcodec_pre" to parent from
"aclk_vepu" using assigned-clocks and the video codec still probes
OK.
6. Rockchip has said so on the mailing list [1].
...so let's fix it.
Let's also add CLK_SET_RATE_PARENT to "aclk_vcodec_pre" as suggested
by Jonas Karlman. Prior to the same commit you could do
clk_set_rate() on "aclk_vcodec" and it would change "aclk_vdpu".
That's because "aclk_vcodec" was a simple gate clock (always gets
CLK_SET_RATE_PARENT) and its direct parent was "aclk_vdpu". After
that commit "aclk_vcodec_pre" gets in the way so we need to add
CLK_SET_RATE_PARENT to it too.
[1] https://lkml.kernel.org/r/1d17b015-9e17-34b9-baf8-c285dc1957aa@rock-chips.com
Fixes: 4d3e84f99628 ("clk: rockchip: describe aclk_vcodec using the new muxgrf type on rk3288")
Suggested-by: Jonas Karlman <jonas@kwiboo.se>
Suggested-by: Randy Li <ayaka@soulik.info>
Signed-off-by: Douglas Anderson <dianders@chromium.org>
Signed-off-by: Heiko Stuebner <heiko@sntech.de>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/clk/rockchip/clk-rk3288.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/drivers/clk/rockchip/clk-rk3288.c b/drivers/clk/rockchip/clk-rk3288.c
index f3bbcdfa88ead..623c5f684987c 100644
--- a/drivers/clk/rockchip/clk-rk3288.c
+++ b/drivers/clk/rockchip/clk-rk3288.c
@@ -219,7 +219,7 @@ PNAME(mux_hsadcout_p) = { "hsadc_src", "ext_hsadc" };
PNAME(mux_edp_24m_p) = { "ext_edp_24m", "xin24m" };
PNAME(mux_tspout_p) = { "cpll", "gpll", "npll", "xin27m" };
-PNAME(mux_aclk_vcodec_pre_p) = { "aclk_vepu", "aclk_vdpu" };
+PNAME(mux_aclk_vcodec_pre_p) = { "aclk_vdpu", "aclk_vepu" };
PNAME(mux_usbphy480m_p) = { "sclk_otgphy1_480m", "sclk_otgphy2_480m",
"sclk_otgphy0_480m" };
PNAME(mux_hsicphy480m_p) = { "cpll", "gpll", "usbphy480m_src" };
@@ -420,7 +420,7 @@ static struct rockchip_clk_branch rk3288_clk_branches[] __initdata = {
COMPOSITE(0, "aclk_vdpu", mux_pll_src_cpll_gpll_usb480m_p, 0,
RK3288_CLKSEL_CON(32), 14, 2, MFLAGS, 8, 5, DFLAGS,
RK3288_CLKGATE_CON(3), 11, GFLAGS),
- MUXGRF(0, "aclk_vcodec_pre", mux_aclk_vcodec_pre_p, 0,
+ MUXGRF(0, "aclk_vcodec_pre", mux_aclk_vcodec_pre_p, CLK_SET_RATE_PARENT,
RK3288_GRF_SOC_CON(0), 7, 1, MFLAGS),
GATE(ACLK_VCODEC, "aclk_vcodec", "aclk_vcodec_pre", 0,
RK3288_CLKGATE_CON(9), 0, GFLAGS),
--
2.20.1
^ permalink raw reply related [flat|nested] 429+ messages in thread
* [PATCH 5.1 212/405] extcon: arizona: Disable mic detect if running when driver is removed
2019-05-30 2:59 [PATCH 5.1 000/405] 5.1.6-stable review Greg Kroah-Hartman
` (210 preceding siblings ...)
2019-05-30 3:03 ` [PATCH 5.1 211/405] clk: rockchip: Fix video codec clocks on rk3288 Greg Kroah-Hartman
@ 2019-05-30 3:03 ` Greg Kroah-Hartman
2019-05-30 3:03 ` [PATCH 5.1 213/405] clk: rockchip: Make rkpwm a critical clock on rk3288 Greg Kroah-Hartman
` (197 subsequent siblings)
409 siblings, 0 replies; 429+ messages in thread
From: Greg Kroah-Hartman @ 2019-05-30 3:03 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Charles Keepax, Chanwoo Choi, Sasha Levin
[ Upstream commit 00053de52231117ddc154042549f2256183ffb86 ]
Microphone detection provides the button detection features on the
Arizona CODECs as such it will be running if the jack is currently
inserted. If the driver is unbound whilst the jack is still inserted
this will cause warnings from the regulator framework as the MICVDD
regulator is put but was never disabled.
Correct this by disabling microphone detection on driver removal and if
the microphone detection was running disable the regulator and put the
runtime reference that was currently held.
Signed-off-by: Charles Keepax <ckeepax@opensource.cirrus.com>
Signed-off-by: Chanwoo Choi <cw00.choi@samsung.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/extcon/extcon-arizona.c | 10 ++++++++++
1 file changed, 10 insertions(+)
diff --git a/drivers/extcon/extcon-arizona.c b/drivers/extcon/extcon-arizona.c
index da0e9bc4262fa..9327479c719c2 100644
--- a/drivers/extcon/extcon-arizona.c
+++ b/drivers/extcon/extcon-arizona.c
@@ -1726,6 +1726,16 @@ static int arizona_extcon_remove(struct platform_device *pdev)
struct arizona_extcon_info *info = platform_get_drvdata(pdev);
struct arizona *arizona = info->arizona;
int jack_irq_rise, jack_irq_fall;
+ bool change;
+
+ regmap_update_bits_check(arizona->regmap, ARIZONA_MIC_DETECT_1,
+ ARIZONA_MICD_ENA, 0,
+ &change);
+
+ if (change) {
+ regulator_disable(info->micvdd);
+ pm_runtime_put(info->dev);
+ }
gpiod_put(info->micd_pol_gpio);
--
2.20.1
^ permalink raw reply related [flat|nested] 429+ messages in thread
* [PATCH 5.1 213/405] clk: rockchip: Make rkpwm a critical clock on rk3288
2019-05-30 2:59 [PATCH 5.1 000/405] 5.1.6-stable review Greg Kroah-Hartman
` (211 preceding siblings ...)
2019-05-30 3:03 ` [PATCH 5.1 212/405] extcon: arizona: Disable mic detect if running when driver is removed Greg Kroah-Hartman
@ 2019-05-30 3:03 ` Greg Kroah-Hartman
2019-05-30 3:03 ` [PATCH 5.1 214/405] clk: zynqmp: fix check for fractional clock Greg Kroah-Hartman
` (196 subsequent siblings)
409 siblings, 0 replies; 429+ messages in thread
From: Greg Kroah-Hartman @ 2019-05-30 3:03 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Douglas Anderson, Heiko Stuebner,
Sasha Levin
[ Upstream commit dfe7fb21cd9e730230d55a79bc72cf2ece67cdd5 ]
Most rk3288-based boards are derived from the EVB and thus use a PWM
regulator for the logic rail. However, most rk3288-based boards don't
specify the PWM regulator in their device tree. We'll deal with that
by making it critical.
NOTE: it's important to make it critical and not just IGNORE_UNUSED
because all PWMs in the system share the same clock. We don't want
another PWM user to turn the clock on and off and kill the logic rail.
This change is in preparation for actually having the PWMs in the
rk3288 device tree actually point to the proper PWM clock. Up until
now they've all pointed to the clock for the old IP block and they've
all worked due to the fact that rkpwm was IGNORE_UNUSED and that the
clock rates for both clocks were the same.
Signed-off-by: Douglas Anderson <dianders@chromium.org>
Signed-off-by: Heiko Stuebner <heiko@sntech.de>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/clk/rockchip/clk-rk3288.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/drivers/clk/rockchip/clk-rk3288.c b/drivers/clk/rockchip/clk-rk3288.c
index 623c5f684987c..355d6a3611dbf 100644
--- a/drivers/clk/rockchip/clk-rk3288.c
+++ b/drivers/clk/rockchip/clk-rk3288.c
@@ -697,7 +697,7 @@ static struct rockchip_clk_branch rk3288_clk_branches[] __initdata = {
GATE(PCLK_TZPC, "pclk_tzpc", "pclk_cpu", 0, RK3288_CLKGATE_CON(11), 3, GFLAGS),
GATE(PCLK_UART2, "pclk_uart2", "pclk_cpu", 0, RK3288_CLKGATE_CON(11), 9, GFLAGS),
GATE(PCLK_EFUSE256, "pclk_efuse_256", "pclk_cpu", 0, RK3288_CLKGATE_CON(11), 10, GFLAGS),
- GATE(PCLK_RKPWM, "pclk_rkpwm", "pclk_cpu", CLK_IGNORE_UNUSED, RK3288_CLKGATE_CON(11), 11, GFLAGS),
+ GATE(PCLK_RKPWM, "pclk_rkpwm", "pclk_cpu", 0, RK3288_CLKGATE_CON(11), 11, GFLAGS),
/* ddrctrl [DDR Controller PHY clock] gates */
GATE(0, "nclk_ddrupctl0", "ddrphy", CLK_IGNORE_UNUSED, RK3288_CLKGATE_CON(11), 4, GFLAGS),
@@ -838,6 +838,8 @@ static const char *const rk3288_critical_clocks[] __initconst = {
"pclk_pd_pmu",
"pclk_pmu_niu",
"pmu_hclk_otg0",
+ /* pwm-regulators on some boards, so handoff-critical later */
+ "pclk_rkpwm",
};
static void __iomem *rk3288_cru_base;
--
2.20.1
^ permalink raw reply related [flat|nested] 429+ messages in thread
* [PATCH 5.1 214/405] clk: zynqmp: fix check for fractional clock
2019-05-30 2:59 [PATCH 5.1 000/405] 5.1.6-stable review Greg Kroah-Hartman
` (212 preceding siblings ...)
2019-05-30 3:03 ` [PATCH 5.1 213/405] clk: rockchip: Make rkpwm a critical clock on rk3288 Greg Kroah-Hartman
@ 2019-05-30 3:03 ` Greg Kroah-Hartman
2019-05-30 3:03 ` [PATCH 5.1 215/405] s390: zcrypt: initialize variables before_use Greg Kroah-Hartman
` (195 subsequent siblings)
409 siblings, 0 replies; 429+ messages in thread
From: Greg Kroah-Hartman @ 2019-05-30 3:03 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Michael Tretter, Stephen Boyd, Sasha Levin
[ Upstream commit c06e64407e031e71c67f45f07981510ca4c880a1 ]
The firmware sets BIT(13) in clkflag to mark a divider as fractional
divider. The clock driver copies the clkflag straight to the flags of
the common clock framework. In the common clk framework flags, BIT(13)
is defined as CLK_DUTY_CYCLE_PARENT.
Add a new field to the zynqmp_clk_divider to specify if a divider is a
fractional devider. Set this field based on the clkflag when registering
a divider.
At the same time, unset BIT(13) from clkflag when copying the flags to
the common clk framework flags.
Signed-off-by: Michael Tretter <m.tretter@pengutronix.de>
Signed-off-by: Stephen Boyd <sboyd@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/clk/zynqmp/divider.c | 9 ++++++---
1 file changed, 6 insertions(+), 3 deletions(-)
diff --git a/drivers/clk/zynqmp/divider.c b/drivers/clk/zynqmp/divider.c
index a371c66e72ef6..bd9b5fbc443b3 100644
--- a/drivers/clk/zynqmp/divider.c
+++ b/drivers/clk/zynqmp/divider.c
@@ -31,12 +31,14 @@
* struct zynqmp_clk_divider - adjustable divider clock
* @hw: handle between common and hardware-specific interfaces
* @flags: Hardware specific flags
+ * @is_frac: The divider is a fractional divider
* @clk_id: Id of clock
* @div_type: divisor type (TYPE_DIV1 or TYPE_DIV2)
*/
struct zynqmp_clk_divider {
struct clk_hw hw;
u8 flags;
+ bool is_frac;
u32 clk_id;
u32 div_type;
};
@@ -116,8 +118,7 @@ static long zynqmp_clk_divider_round_rate(struct clk_hw *hw,
bestdiv = zynqmp_divider_get_val(*prate, rate);
- if ((clk_hw_get_flags(hw) & CLK_SET_RATE_PARENT) &&
- (divider->flags & CLK_FRAC))
+ if ((clk_hw_get_flags(hw) & CLK_SET_RATE_PARENT) && divider->is_frac)
bestdiv = rate % *prate ? 1 : bestdiv;
*prate = rate * bestdiv;
@@ -195,11 +196,13 @@ struct clk_hw *zynqmp_clk_register_divider(const char *name,
init.name = name;
init.ops = &zynqmp_clk_divider_ops;
- init.flags = nodes->flag;
+ /* CLK_FRAC is not defined in the common clk framework */
+ init.flags = nodes->flag & ~CLK_FRAC;
init.parent_names = parents;
init.num_parents = 1;
/* struct clk_divider assignments */
+ div->is_frac = !!(nodes->flag & CLK_FRAC);
div->flags = nodes->type_flag;
div->hw.init = &init;
div->clk_id = clk_id;
--
2.20.1
^ permalink raw reply related [flat|nested] 429+ messages in thread
* [PATCH 5.1 215/405] s390: zcrypt: initialize variables before_use
2019-05-30 2:59 [PATCH 5.1 000/405] 5.1.6-stable review Greg Kroah-Hartman
` (213 preceding siblings ...)
2019-05-30 3:03 ` [PATCH 5.1 214/405] clk: zynqmp: fix check for fractional clock Greg Kroah-Hartman
@ 2019-05-30 3:03 ` Greg Kroah-Hartman
2019-05-30 3:03 ` [PATCH 5.1 216/405] x86/microcode: Fix the ancient deprecated microcode loading method Greg Kroah-Hartman
` (194 subsequent siblings)
409 siblings, 0 replies; 429+ messages in thread
From: Greg Kroah-Hartman @ 2019-05-30 3:03 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Arnd Bergmann, Martin Schwidefsky,
Sasha Levin
[ Upstream commit 913140e221567b3ecd21b4242257a7e3fa279026 ]
The 'func_code' variable gets printed in debug statements without
a prior initialization in multiple functions, as reported when building
with clang:
drivers/s390/crypto/zcrypt_api.c:659:6: warning: variable 'func_code' is used uninitialized whenever 'if' condition is true
[-Wsometimes-uninitialized]
if (mex->outputdatalength < mex->inputdatalength) {
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
drivers/s390/crypto/zcrypt_api.c:725:29: note: uninitialized use occurs here
trace_s390_zcrypt_rep(mex, func_code, rc,
^~~~~~~~~
drivers/s390/crypto/zcrypt_api.c:659:2: note: remove the 'if' if its condition is always false
if (mex->outputdatalength < mex->inputdatalength) {
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
drivers/s390/crypto/zcrypt_api.c:654:24: note: initialize the variable 'func_code' to silence this warning
unsigned int func_code;
^
Add initializations to all affected code paths to shut up the warning
and make the warning output consistent.
Signed-off-by: Arnd Bergmann <arnd@arndb.de>
Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/s390/crypto/zcrypt_api.c | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/drivers/s390/crypto/zcrypt_api.c b/drivers/s390/crypto/zcrypt_api.c
index 689c2af7026a3..c31b2d31cd832 100644
--- a/drivers/s390/crypto/zcrypt_api.c
+++ b/drivers/s390/crypto/zcrypt_api.c
@@ -659,6 +659,7 @@ static long zcrypt_rsa_modexpo(struct ap_perms *perms,
trace_s390_zcrypt_req(mex, TP_ICARSAMODEXPO);
if (mex->outputdatalength < mex->inputdatalength) {
+ func_code = 0;
rc = -EINVAL;
goto out;
}
@@ -742,6 +743,7 @@ static long zcrypt_rsa_crt(struct ap_perms *perms,
trace_s390_zcrypt_req(crt, TP_ICARSACRT);
if (crt->outputdatalength < crt->inputdatalength) {
+ func_code = 0;
rc = -EINVAL;
goto out;
}
@@ -951,6 +953,7 @@ static long zcrypt_send_ep11_cprb(struct ap_perms *perms,
targets = kcalloc(target_num, sizeof(*targets), GFP_KERNEL);
if (!targets) {
+ func_code = 0;
rc = -ENOMEM;
goto out;
}
@@ -958,6 +961,7 @@ static long zcrypt_send_ep11_cprb(struct ap_perms *perms,
uptr = (struct ep11_target_dev __force __user *) xcrb->targets;
if (copy_from_user(targets, uptr,
target_num * sizeof(*targets))) {
+ func_code = 0;
rc = -EFAULT;
goto out_free;
}
--
2.20.1
^ permalink raw reply related [flat|nested] 429+ messages in thread
* [PATCH 5.1 216/405] x86/microcode: Fix the ancient deprecated microcode loading method
2019-05-30 2:59 [PATCH 5.1 000/405] 5.1.6-stable review Greg Kroah-Hartman
` (214 preceding siblings ...)
2019-05-30 3:03 ` [PATCH 5.1 215/405] s390: zcrypt: initialize variables before_use Greg Kroah-Hartman
@ 2019-05-30 3:03 ` Greg Kroah-Hartman
2019-05-30 3:03 ` [PATCH 5.1 217/405] drm/amd/display: Initialize stream_update with memset Greg Kroah-Hartman
` (193 subsequent siblings)
409 siblings, 0 replies; 429+ messages in thread
From: Greg Kroah-Hartman @ 2019-05-30 3:03 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Borislav Petkov, Thomas Gleixner,
Jann Horn, Sasha Levin
[ Upstream commit 24613a04ad1c0588c10f4b5403ca60a73d164051 ]
Commit
2613f36ed965 ("x86/microcode: Attempt late loading only when new microcode is present")
added the new define UCODE_NEW to denote that an update should happen
only when newer microcode (than installed on the system) has been found.
But it missed adjusting that for the old /dev/cpu/microcode loading
interface. Fix it.
Fixes: 2613f36ed965 ("x86/microcode: Attempt late loading only when new microcode is present")
Signed-off-by: Borislav Petkov <bp@suse.de>
Reviewed-by: Thomas Gleixner <tglx@linutronix.de>
Cc: Jann Horn <jannh@google.com>
Link: https://lkml.kernel.org/r/20190405133010.24249-3-bp@alien8.de
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/x86/kernel/cpu/microcode/core.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/arch/x86/kernel/cpu/microcode/core.c b/arch/x86/kernel/cpu/microcode/core.c
index 5260185cbf7ba..8a4a7823451ac 100644
--- a/arch/x86/kernel/cpu/microcode/core.c
+++ b/arch/x86/kernel/cpu/microcode/core.c
@@ -418,8 +418,9 @@ static int do_microcode_update(const void __user *buf, size_t size)
if (ustate == UCODE_ERROR) {
error = -1;
break;
- } else if (ustate == UCODE_OK)
+ } else if (ustate == UCODE_NEW) {
apply_microcode_on_target(cpu);
+ }
}
return error;
--
2.20.1
^ permalink raw reply related [flat|nested] 429+ messages in thread
* [PATCH 5.1 217/405] drm/amd/display: Initialize stream_update with memset
2019-05-30 2:59 [PATCH 5.1 000/405] 5.1.6-stable review Greg Kroah-Hartman
` (215 preceding siblings ...)
2019-05-30 3:03 ` [PATCH 5.1 216/405] x86/microcode: Fix the ancient deprecated microcode loading method Greg Kroah-Hartman
@ 2019-05-30 3:03 ` Greg Kroah-Hartman
2019-05-30 3:03 ` [PATCH 5.1 218/405] s390/mm: silence compiler warning when compiling without CONFIG_PGSTE Greg Kroah-Hartman
` (192 subsequent siblings)
409 siblings, 0 replies; 429+ messages in thread
From: Greg Kroah-Hartman @ 2019-05-30 3:03 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Sun peng Li, Harry Wentland,
Nicholas Kazlauskas, Leo Li, Alex Deucher, Sasha Levin
[ Upstream commit 2aa632c5ffbedb2ee0e68857683466ea788f17eb ]
The brace initialization used here generates warnings on some
compilers. For example, on GCC 4.9:
[...] In function ‘dm_determine_update_type_for_commit’:
[...] error: missing braces around initializer [-Werror=missing-braces]
struct dc_stream_update stream_update = { 0 };
^
Use memset to make this more portable.
v2: Specify the compiler / diagnostic in the commit message (Paul)
Cc: Sun peng Li <Sunpeng.Li@amd.com>
Cc: Harry Wentland <Harry.Wentland@amd.com>
Signed-off-by: Nicholas Kazlauskas <nicholas.kazlauskas@amd.com>
Reviewed-by: Leo Li <sunpeng.li@amd.com>
Signed-off-by: Alex Deucher <alexander.deucher@amd.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c b/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c
index 3082b55b1e774..66f19d1864b17 100644
--- a/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c
+++ b/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c
@@ -5858,7 +5858,9 @@ dm_determine_update_type_for_commit(struct dc *dc,
}
for_each_oldnew_crtc_in_state(state, crtc, old_crtc_state, new_crtc_state, i) {
- struct dc_stream_update stream_update = { 0 };
+ struct dc_stream_update stream_update;
+
+ memset(&stream_update, 0, sizeof(stream_update));
new_dm_crtc_state = to_dm_crtc_state(new_crtc_state);
old_dm_crtc_state = to_dm_crtc_state(old_crtc_state);
--
2.20.1
^ permalink raw reply related [flat|nested] 429+ messages in thread
* [PATCH 5.1 218/405] s390/mm: silence compiler warning when compiling without CONFIG_PGSTE
2019-05-30 2:59 [PATCH 5.1 000/405] 5.1.6-stable review Greg Kroah-Hartman
` (216 preceding siblings ...)
2019-05-30 3:03 ` [PATCH 5.1 217/405] drm/amd/display: Initialize stream_update with memset Greg Kroah-Hartman
@ 2019-05-30 3:03 ` Greg Kroah-Hartman
2019-05-30 3:03 ` [PATCH 5.1 219/405] s390: cio: fix cio_irb declaration Greg Kroah-Hartman
` (191 subsequent siblings)
409 siblings, 0 replies; 429+ messages in thread
From: Greg Kroah-Hartman @ 2019-05-30 3:03 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Thomas Huth, David Hildenbrand,
Heiko Carstens, Martin Schwidefsky, Sasha Levin
[ Upstream commit 81a8f2beb32a5951ecf04385301f50879abc092b ]
If CONFIG_PGSTE is not set (e.g. when compiling without KVM), GCC complains:
CC arch/s390/mm/pgtable.o
arch/s390/mm/pgtable.c:413:15: warning: ‘pmd_alloc_map’ defined but not
used [-Wunused-function]
static pmd_t *pmd_alloc_map(struct mm_struct *mm, unsigned long addr)
^~~~~~~~~~~~~
Wrap the function with "#ifdef CONFIG_PGSTE" to silence the warning.
Signed-off-by: Thomas Huth <thuth@redhat.com>
Reviewed-by: David Hildenbrand <david@redhat.com>
Signed-off-by: Heiko Carstens <heiko.carstens@de.ibm.com>
Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/s390/mm/pgtable.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/arch/s390/mm/pgtable.c b/arch/s390/mm/pgtable.c
index 8485d6dc27549..9ebd01219812c 100644
--- a/arch/s390/mm/pgtable.c
+++ b/arch/s390/mm/pgtable.c
@@ -410,6 +410,7 @@ static inline pmd_t pmdp_flush_lazy(struct mm_struct *mm,
return old;
}
+#ifdef CONFIG_PGSTE
static pmd_t *pmd_alloc_map(struct mm_struct *mm, unsigned long addr)
{
pgd_t *pgd;
@@ -427,6 +428,7 @@ static pmd_t *pmd_alloc_map(struct mm_struct *mm, unsigned long addr)
pmd = pmd_alloc(mm, pud, addr);
return pmd;
}
+#endif
pmd_t pmdp_xchg_direct(struct mm_struct *mm, unsigned long addr,
pmd_t *pmdp, pmd_t new)
--
2.20.1
^ permalink raw reply related [flat|nested] 429+ messages in thread
* [PATCH 5.1 219/405] s390: cio: fix cio_irb declaration
2019-05-30 2:59 [PATCH 5.1 000/405] 5.1.6-stable review Greg Kroah-Hartman
` (217 preceding siblings ...)
2019-05-30 3:03 ` [PATCH 5.1 218/405] s390/mm: silence compiler warning when compiling without CONFIG_PGSTE Greg Kroah-Hartman
@ 2019-05-30 3:03 ` Greg Kroah-Hartman
2019-05-30 3:03 ` [PATCH 5.1 220/405] drm/amd/display: use proper formula to calculate bandwidth from timing Greg Kroah-Hartman
` (190 subsequent siblings)
409 siblings, 0 replies; 429+ messages in thread
From: Greg Kroah-Hartman @ 2019-05-30 3:03 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Arnd Bergmann, Nathan Chancellor,
Sebastian Ott, Martin Schwidefsky, Sasha Levin
[ Upstream commit e91012ee855ad9f5ef2ab106a3de51db93fe4d0c ]
clang points out that the declaration of cio_irb does not match the
definition exactly, it is missing the alignment attribute:
../drivers/s390/cio/cio.c:50:1: warning: section does not match previous declaration [-Wsection]
DEFINE_PER_CPU_ALIGNED(struct irb, cio_irb);
^
../include/linux/percpu-defs.h:150:2: note: expanded from macro 'DEFINE_PER_CPU_ALIGNED'
DEFINE_PER_CPU_SECTION(type, name, PER_CPU_ALIGNED_SECTION) \
^
../include/linux/percpu-defs.h:93:9: note: expanded from macro 'DEFINE_PER_CPU_SECTION'
extern __PCPU_ATTRS(sec) __typeof__(type) name; \
^
../include/linux/percpu-defs.h:49:26: note: expanded from macro '__PCPU_ATTRS'
__percpu __attribute__((section(PER_CPU_BASE_SECTION sec))) \
^
../drivers/s390/cio/cio.h:118:1: note: previous attribute is here
DECLARE_PER_CPU(struct irb, cio_irb);
^
../include/linux/percpu-defs.h:111:2: note: expanded from macro 'DECLARE_PER_CPU'
DECLARE_PER_CPU_SECTION(type, name, "")
^
../include/linux/percpu-defs.h:87:9: note: expanded from macro 'DECLARE_PER_CPU_SECTION'
extern __PCPU_ATTRS(sec) __typeof__(type) name
^
../include/linux/percpu-defs.h:49:26: note: expanded from macro '__PCPU_ATTRS'
__percpu __attribute__((section(PER_CPU_BASE_SECTION sec))) \
^
Use DECLARE_PER_CPU_ALIGNED() here, to make the two match.
Signed-off-by: Arnd Bergmann <arnd@arndb.de>
Reviewed-by: Nathan Chancellor <natechancellor@gmail.com>
Signed-off-by: Sebastian Ott <sebott@linux.ibm.com>
Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/s390/cio/cio.h | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/s390/cio/cio.h b/drivers/s390/cio/cio.h
index 9811fd8a0c731..92eabbb5f18d4 100644
--- a/drivers/s390/cio/cio.h
+++ b/drivers/s390/cio/cio.h
@@ -115,7 +115,7 @@ struct subchannel {
struct schib_config config;
} __attribute__ ((aligned(8)));
-DECLARE_PER_CPU(struct irb, cio_irb);
+DECLARE_PER_CPU_ALIGNED(struct irb, cio_irb);
#define to_subchannel(n) container_of(n, struct subchannel, dev)
--
2.20.1
^ permalink raw reply related [flat|nested] 429+ messages in thread
* [PATCH 5.1 220/405] drm/amd/display: use proper formula to calculate bandwidth from timing
2019-05-30 2:59 [PATCH 5.1 000/405] 5.1.6-stable review Greg Kroah-Hartman
` (218 preceding siblings ...)
2019-05-30 3:03 ` [PATCH 5.1 219/405] s390: cio: fix cio_irb declaration Greg Kroah-Hartman
@ 2019-05-30 3:03 ` Greg Kroah-Hartman
2019-05-30 3:03 ` [PATCH 5.1 221/405] selftests: cgroup: fix cleanup path in test_memcg_subtree_control() Greg Kroah-Hartman
` (189 subsequent siblings)
409 siblings, 0 replies; 429+ messages in thread
From: Greg Kroah-Hartman @ 2019-05-30 3:03 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Wenjing Liu, Jun Lei, Leo Li,
Alex Deucher, Sasha Levin
[ Upstream commit e49f69363adf8920883fff7e8ffecb802d897c6b ]
[why]
The existing calculation uses a wrong formula to
calculate bandwidth from timing.
[how]
Expose the existing proper function that calculates the bandwidth,
so dc_link can use it to calculate timing bandwidth correctly.
Signed-off-by: Wenjing Liu <Wenjing.Liu@amd.com>
Reviewed-by: Jun Lei <Jun.Lei@amd.com>
Acked-by: Leo Li <sunpeng.li@amd.com>
Signed-off-by: Alex Deucher <alexander.deucher@amd.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/gpu/drm/amd/display/dc/core/dc_link.c | 48 ++++++++++++++++-
.../gpu/drm/amd/display/dc/core/dc_link_dp.c | 51 +------------------
drivers/gpu/drm/amd/display/dc/dc_link.h | 2 +
3 files changed, 51 insertions(+), 50 deletions(-)
diff --git a/drivers/gpu/drm/amd/display/dc/core/dc_link.c b/drivers/gpu/drm/amd/display/dc/core/dc_link.c
index ea18e9c2d8cea..ea2f271e234bd 100644
--- a/drivers/gpu/drm/amd/display/dc/core/dc_link.c
+++ b/drivers/gpu/drm/amd/display/dc/core/dc_link.c
@@ -2316,7 +2316,7 @@ static struct fixed31_32 get_pbn_from_timing(struct pipe_ctx *pipe_ctx)
uint32_t denominator;
bpc = get_color_depth(pipe_ctx->stream_res.pix_clk_params.color_depth);
- kbps = pipe_ctx->stream_res.pix_clk_params.requested_pix_clk_100hz / 10 * bpc * 3;
+ kbps = dc_bandwidth_in_kbps_from_timing(&pipe_ctx->stream->timing);
/*
* margin 5300ppm + 300ppm ~ 0.6% as per spec, factor is 1.006
@@ -2736,3 +2736,49 @@ void dc_link_enable_hpd_filter(struct dc_link *link, bool enable)
}
}
+uint32_t dc_bandwidth_in_kbps_from_timing(
+ const struct dc_crtc_timing *timing)
+{
+ uint32_t bits_per_channel = 0;
+ uint32_t kbps;
+
+ switch (timing->display_color_depth) {
+ case COLOR_DEPTH_666:
+ bits_per_channel = 6;
+ break;
+ case COLOR_DEPTH_888:
+ bits_per_channel = 8;
+ break;
+ case COLOR_DEPTH_101010:
+ bits_per_channel = 10;
+ break;
+ case COLOR_DEPTH_121212:
+ bits_per_channel = 12;
+ break;
+ case COLOR_DEPTH_141414:
+ bits_per_channel = 14;
+ break;
+ case COLOR_DEPTH_161616:
+ bits_per_channel = 16;
+ break;
+ default:
+ break;
+ }
+
+ ASSERT(bits_per_channel != 0);
+
+ kbps = timing->pix_clk_100hz / 10;
+ kbps *= bits_per_channel;
+
+ if (timing->flags.Y_ONLY != 1) {
+ /*Only YOnly make reduce bandwidth by 1/3 compares to RGB*/
+ kbps *= 3;
+ if (timing->pixel_encoding == PIXEL_ENCODING_YCBCR420)
+ kbps /= 2;
+ else if (timing->pixel_encoding == PIXEL_ENCODING_YCBCR422)
+ kbps = kbps * 2 / 3;
+ }
+
+ return kbps;
+
+}
diff --git a/drivers/gpu/drm/amd/display/dc/core/dc_link_dp.c b/drivers/gpu/drm/amd/display/dc/core/dc_link_dp.c
index 09d3012160763..6809932e80bec 100644
--- a/drivers/gpu/drm/amd/display/dc/core/dc_link_dp.c
+++ b/drivers/gpu/drm/amd/display/dc/core/dc_link_dp.c
@@ -1520,53 +1520,6 @@ static bool decide_fallback_link_setting(
return true;
}
-static uint32_t bandwidth_in_kbps_from_timing(
- const struct dc_crtc_timing *timing)
-{
- uint32_t bits_per_channel = 0;
- uint32_t kbps;
-
- switch (timing->display_color_depth) {
- case COLOR_DEPTH_666:
- bits_per_channel = 6;
- break;
- case COLOR_DEPTH_888:
- bits_per_channel = 8;
- break;
- case COLOR_DEPTH_101010:
- bits_per_channel = 10;
- break;
- case COLOR_DEPTH_121212:
- bits_per_channel = 12;
- break;
- case COLOR_DEPTH_141414:
- bits_per_channel = 14;
- break;
- case COLOR_DEPTH_161616:
- bits_per_channel = 16;
- break;
- default:
- break;
- }
-
- ASSERT(bits_per_channel != 0);
-
- kbps = timing->pix_clk_100hz / 10;
- kbps *= bits_per_channel;
-
- if (timing->flags.Y_ONLY != 1) {
- /*Only YOnly make reduce bandwidth by 1/3 compares to RGB*/
- kbps *= 3;
- if (timing->pixel_encoding == PIXEL_ENCODING_YCBCR420)
- kbps /= 2;
- else if (timing->pixel_encoding == PIXEL_ENCODING_YCBCR422)
- kbps = kbps * 2 / 3;
- }
-
- return kbps;
-
-}
-
static uint32_t bandwidth_in_kbps_from_link_settings(
const struct dc_link_settings *link_setting)
{
@@ -1607,7 +1560,7 @@ bool dp_validate_mode_timing(
link_setting = &link->verified_link_cap;
*/
- req_bw = bandwidth_in_kbps_from_timing(timing);
+ req_bw = dc_bandwidth_in_kbps_from_timing(timing);
max_bw = bandwidth_in_kbps_from_link_settings(link_setting);
if (req_bw <= max_bw) {
@@ -1641,7 +1594,7 @@ void decide_link_settings(struct dc_stream_state *stream,
uint32_t req_bw;
uint32_t link_bw;
- req_bw = bandwidth_in_kbps_from_timing(&stream->timing);
+ req_bw = dc_bandwidth_in_kbps_from_timing(&stream->timing);
link = stream->link;
diff --git a/drivers/gpu/drm/amd/display/dc/dc_link.h b/drivers/gpu/drm/amd/display/dc/dc_link.h
index 8fc223defed4a..a83e1c60f9db2 100644
--- a/drivers/gpu/drm/amd/display/dc/dc_link.h
+++ b/drivers/gpu/drm/amd/display/dc/dc_link.h
@@ -252,4 +252,6 @@ bool dc_submit_i2c(
uint32_t link_index,
struct i2c_command *cmd);
+uint32_t dc_bandwidth_in_kbps_from_timing(
+ const struct dc_crtc_timing *timing);
#endif /* DC_LINK_H_ */
--
2.20.1
^ permalink raw reply related [flat|nested] 429+ messages in thread
* [PATCH 5.1 221/405] selftests: cgroup: fix cleanup path in test_memcg_subtree_control()
2019-05-30 2:59 [PATCH 5.1 000/405] 5.1.6-stable review Greg Kroah-Hartman
` (219 preceding siblings ...)
2019-05-30 3:03 ` [PATCH 5.1 220/405] drm/amd/display: use proper formula to calculate bandwidth from timing Greg Kroah-Hartman
@ 2019-05-30 3:03 ` Greg Kroah-Hartman
2019-05-30 3:03 ` [PATCH 5.1 222/405] net: hns3: fix keep_alive_timer not stop problem Greg Kroah-Hartman
` (188 subsequent siblings)
409 siblings, 0 replies; 429+ messages in thread
From: Greg Kroah-Hartman @ 2019-05-30 3:03 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Roman Gushchin, Dan Carpenter,
Shuah Khan (Samsung OSG),
Mike Rapoport, Sasha Levin
[ Upstream commit e14d314c7a489f060d6d691866fef5f131281718 ]
Dan reported, that cleanup path in test_memcg_subtree_control()
triggers a static checker warning:
./tools/testing/selftests/cgroup/test_memcontrol.c:76 \
test_memcg_subtree_control()
error: uninitialized symbol 'child2'.
Fix this by initializing child2 and parent2 variables and
split the cleanup path into few stages.
Signed-off-by: Roman Gushchin <guro@fb.com>
Fixes: 84092dbcf901 ("selftests: cgroup: add memory controller self-tests")
Reported-by: Dan Carpenter <dan.carpenter@oracle.com>
Cc: Dan Carpenter <dan.carpenter@oracle.com>
Cc: Shuah Khan (Samsung OSG) <shuah@kernel.org>
Cc: Mike Rapoport <rppt@linux.vnet.ibm.com>
Signed-off-by: Shuah Khan <shuah@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
.../selftests/cgroup/test_memcontrol.c | 38 ++++++++++---------
1 file changed, 21 insertions(+), 17 deletions(-)
diff --git a/tools/testing/selftests/cgroup/test_memcontrol.c b/tools/testing/selftests/cgroup/test_memcontrol.c
index 28d321ba311b4..6f339882a6ca1 100644
--- a/tools/testing/selftests/cgroup/test_memcontrol.c
+++ b/tools/testing/selftests/cgroup/test_memcontrol.c
@@ -26,7 +26,7 @@
*/
static int test_memcg_subtree_control(const char *root)
{
- char *parent, *child, *parent2, *child2;
+ char *parent, *child, *parent2 = NULL, *child2 = NULL;
int ret = KSFT_FAIL;
char buf[PAGE_SIZE];
@@ -34,50 +34,54 @@ static int test_memcg_subtree_control(const char *root)
parent = cg_name(root, "memcg_test_0");
child = cg_name(root, "memcg_test_0/memcg_test_1");
if (!parent || !child)
- goto cleanup;
+ goto cleanup_free;
if (cg_create(parent))
- goto cleanup;
+ goto cleanup_free;
if (cg_write(parent, "cgroup.subtree_control", "+memory"))
- goto cleanup;
+ goto cleanup_parent;
if (cg_create(child))
- goto cleanup;
+ goto cleanup_parent;
if (cg_read_strstr(child, "cgroup.controllers", "memory"))
- goto cleanup;
+ goto cleanup_child;
/* Create two nested cgroups without enabling memory controller */
parent2 = cg_name(root, "memcg_test_1");
child2 = cg_name(root, "memcg_test_1/memcg_test_1");
if (!parent2 || !child2)
- goto cleanup;
+ goto cleanup_free2;
if (cg_create(parent2))
- goto cleanup;
+ goto cleanup_free2;
if (cg_create(child2))
- goto cleanup;
+ goto cleanup_parent2;
if (cg_read(child2, "cgroup.controllers", buf, sizeof(buf)))
- goto cleanup;
+ goto cleanup_all;
if (!cg_read_strstr(child2, "cgroup.controllers", "memory"))
- goto cleanup;
+ goto cleanup_all;
ret = KSFT_PASS;
-cleanup:
- cg_destroy(child);
- cg_destroy(parent);
- free(parent);
- free(child);
-
+cleanup_all:
cg_destroy(child2);
+cleanup_parent2:
cg_destroy(parent2);
+cleanup_free2:
free(parent2);
free(child2);
+cleanup_child:
+ cg_destroy(child);
+cleanup_parent:
+ cg_destroy(parent);
+cleanup_free:
+ free(parent);
+ free(child);
return ret;
}
--
2.20.1
^ permalink raw reply related [flat|nested] 429+ messages in thread
* [PATCH 5.1 222/405] net: hns3: fix keep_alive_timer not stop problem
2019-05-30 2:59 [PATCH 5.1 000/405] 5.1.6-stable review Greg Kroah-Hartman
` (220 preceding siblings ...)
2019-05-30 3:03 ` [PATCH 5.1 221/405] selftests: cgroup: fix cleanup path in test_memcg_subtree_control() Greg Kroah-Hartman
@ 2019-05-30 3:03 ` Greg Kroah-Hartman
2019-05-30 3:03 ` [PATCH 5.1 223/405] qmi_wwan: Add quirk for Quectel dynamic config Greg Kroah-Hartman
` (187 subsequent siblings)
409 siblings, 0 replies; 429+ messages in thread
From: Greg Kroah-Hartman @ 2019-05-30 3:03 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Huazhong Tan, Peng Li,
David S. Miller, Sasha Levin
[ Upstream commit e233516e6a92baeec20aa40fa5b63be6b94f1627 ]
When hclgevf_client_start() fails or VF driver unloaded, there is
nobody to disable keep_alive_timer.
So this patch fixes them.
Fixes: a6d818e31d08 ("net: hns3: Add vport alive state checking support")
Signed-off-by: Huazhong Tan <tanhuazhong@huawei.com>
Signed-off-by: Peng Li <lipeng321@huawei.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
.../ethernet/hisilicon/hns3/hns3vf/hclgevf_main.c | 12 +++++++++++-
1 file changed, 11 insertions(+), 1 deletion(-)
diff --git a/drivers/net/ethernet/hisilicon/hns3/hns3vf/hclgevf_main.c b/drivers/net/ethernet/hisilicon/hns3/hns3vf/hclgevf_main.c
index 8bc28e6f465f1..8dd7fef863f68 100644
--- a/drivers/net/ethernet/hisilicon/hns3/hns3vf/hclgevf_main.c
+++ b/drivers/net/ethernet/hisilicon/hns3/hns3vf/hclgevf_main.c
@@ -2007,9 +2007,15 @@ static int hclgevf_set_alive(struct hnae3_handle *handle, bool alive)
static int hclgevf_client_start(struct hnae3_handle *handle)
{
struct hclgevf_dev *hdev = hclgevf_ae_get_hdev(handle);
+ int ret;
+
+ ret = hclgevf_set_alive(handle, true);
+ if (ret)
+ return ret;
mod_timer(&hdev->keep_alive_timer, jiffies + 2 * HZ);
- return hclgevf_set_alive(handle, true);
+
+ return 0;
}
static void hclgevf_client_stop(struct hnae3_handle *handle)
@@ -2051,6 +2057,10 @@ static void hclgevf_state_uninit(struct hclgevf_dev *hdev)
{
set_bit(HCLGEVF_STATE_DOWN, &hdev->state);
+ if (hdev->keep_alive_timer.function)
+ del_timer_sync(&hdev->keep_alive_timer);
+ if (hdev->keep_alive_task.func)
+ cancel_work_sync(&hdev->keep_alive_task);
if (hdev->service_timer.function)
del_timer_sync(&hdev->service_timer);
if (hdev->service_task.func)
--
2.20.1
^ permalink raw reply related [flat|nested] 429+ messages in thread
* [PATCH 5.1 223/405] qmi_wwan: Add quirk for Quectel dynamic config
2019-05-30 2:59 [PATCH 5.1 000/405] 5.1.6-stable review Greg Kroah-Hartman
` (221 preceding siblings ...)
2019-05-30 3:03 ` [PATCH 5.1 222/405] net: hns3: fix keep_alive_timer not stop problem Greg Kroah-Hartman
@ 2019-05-30 3:03 ` Greg Kroah-Hartman
2019-05-30 3:03 ` [PATCH 5.1 224/405] net: hns3: add error handler for initializing command queue Greg Kroah-Hartman
` (186 subsequent siblings)
409 siblings, 0 replies; 429+ messages in thread
From: Greg Kroah-Hartman @ 2019-05-30 3:03 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Kristian Evensen, Bjørn Mork,
David S. Miller, Sasha Levin
[ Upstream commit e4bf63482c309287ca84d91770ffa7dcc18e37eb ]
Most, if not all, Quectel devices use dynamic interface numbers, and
users are able to change the USB configuration at will. Matching on for
example interface number is therefore not possible.
Instead, the QMI device can be identified by looking at the interface
class, subclass and protocol (all 0xff), as well as the number of
endpoints. The reason we need to look at the number of endpoints, is
that the diagnostic port interface has the same class, subclass and
protocol as QMI. However, the diagnostic port only has two endpoints,
while QMI has three.
Until now, we have identified the QMI device by combining a match on
class, subclass and protocol, with a call to the function
quectel_diag_detect(). In quectel_diag_detect(), we check if the number
of endpoints matches for known Quectel vendor/product ids.
Adding new vendor/product ids to quectel_diag_detect() is not a good
long-term solution. This commit replaces the function with a quirk, and
applies the quirk to affected Quectel devices that I have been able to
test the change with (EP06, EM12 and EC25). If the quirk is set and the
number of endpoints equal two, we return from qmi_wwan_probe() with
-ENODEV.
Signed-off-by: Kristian Evensen <kristian.evensen@gmail.com>
Acked-by: Bjørn Mork <bjorn@mork.no>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/usb/qmi_wwan.c | 65 ++++++++++++++++++--------------------
1 file changed, 31 insertions(+), 34 deletions(-)
diff --git a/drivers/net/usb/qmi_wwan.c b/drivers/net/usb/qmi_wwan.c
index 366217263d704..d9a6699abe592 100644
--- a/drivers/net/usb/qmi_wwan.c
+++ b/drivers/net/usb/qmi_wwan.c
@@ -63,6 +63,7 @@ enum qmi_wwan_flags {
enum qmi_wwan_quirks {
QMI_WWAN_QUIRK_DTR = 1 << 0, /* needs "set DTR" request */
+ QMI_WWAN_QUIRK_QUECTEL_DYNCFG = 1 << 1, /* check num. endpoints */
};
struct qmimux_hdr {
@@ -845,6 +846,16 @@ static const struct driver_info qmi_wwan_info_quirk_dtr = {
.data = QMI_WWAN_QUIRK_DTR,
};
+static const struct driver_info qmi_wwan_info_quirk_quectel_dyncfg = {
+ .description = "WWAN/QMI device",
+ .flags = FLAG_WWAN | FLAG_SEND_ZLP,
+ .bind = qmi_wwan_bind,
+ .unbind = qmi_wwan_unbind,
+ .manage_power = qmi_wwan_manage_power,
+ .rx_fixup = qmi_wwan_rx_fixup,
+ .data = QMI_WWAN_QUIRK_DTR | QMI_WWAN_QUIRK_QUECTEL_DYNCFG,
+};
+
#define HUAWEI_VENDOR_ID 0x12D1
/* map QMI/wwan function by a fixed interface number */
@@ -865,6 +876,15 @@ static const struct driver_info qmi_wwan_info_quirk_dtr = {
#define QMI_GOBI_DEVICE(vend, prod) \
QMI_FIXED_INTF(vend, prod, 0)
+/* Quectel does not use fixed interface numbers on at least some of their
+ * devices. We need to check the number of endpoints to ensure that we bind to
+ * the correct interface.
+ */
+#define QMI_QUIRK_QUECTEL_DYNCFG(vend, prod) \
+ USB_DEVICE_AND_INTERFACE_INFO(vend, prod, USB_CLASS_VENDOR_SPEC, \
+ USB_SUBCLASS_VENDOR_SPEC, 0xff), \
+ .driver_info = (unsigned long)&qmi_wwan_info_quirk_quectel_dyncfg
+
static const struct usb_device_id products[] = {
/* 1. CDC ECM like devices match on the control interface */
{ /* Huawei E392, E398 and possibly others sharing both device id and more... */
@@ -969,20 +989,9 @@ static const struct usb_device_id products[] = {
USB_DEVICE_AND_INTERFACE_INFO(0x03f0, 0x581d, USB_CLASS_VENDOR_SPEC, 1, 7),
.driver_info = (unsigned long)&qmi_wwan_info,
},
- { /* Quectel EP06/EG06/EM06 */
- USB_DEVICE_AND_INTERFACE_INFO(0x2c7c, 0x0306,
- USB_CLASS_VENDOR_SPEC,
- USB_SUBCLASS_VENDOR_SPEC,
- 0xff),
- .driver_info = (unsigned long)&qmi_wwan_info_quirk_dtr,
- },
- { /* Quectel EG12/EM12 */
- USB_DEVICE_AND_INTERFACE_INFO(0x2c7c, 0x0512,
- USB_CLASS_VENDOR_SPEC,
- USB_SUBCLASS_VENDOR_SPEC,
- 0xff),
- .driver_info = (unsigned long)&qmi_wwan_info_quirk_dtr,
- },
+ {QMI_QUIRK_QUECTEL_DYNCFG(0x2c7c, 0x0125)}, /* Quectel EC25, EC20 R2.0 Mini PCIe */
+ {QMI_QUIRK_QUECTEL_DYNCFG(0x2c7c, 0x0306)}, /* Quectel EP06/EG06/EM06 */
+ {QMI_QUIRK_QUECTEL_DYNCFG(0x2c7c, 0x0512)}, /* Quectel EG12/EM12 */
/* 3. Combined interface devices matching on interface number */
{QMI_FIXED_INTF(0x0408, 0xea42, 4)}, /* Yota / Megafon M100-1 */
@@ -1283,7 +1292,6 @@ static const struct usb_device_id products[] = {
{QMI_FIXED_INTF(0x03f0, 0x9d1d, 1)}, /* HP lt4120 Snapdragon X5 LTE */
{QMI_FIXED_INTF(0x22de, 0x9061, 3)}, /* WeTelecom WPD-600N */
{QMI_QUIRK_SET_DTR(0x1e0e, 0x9001, 5)}, /* SIMCom 7100E, 7230E, 7600E ++ */
- {QMI_QUIRK_SET_DTR(0x2c7c, 0x0125, 4)}, /* Quectel EC25, EC20 R2.0 Mini PCIe */
{QMI_QUIRK_SET_DTR(0x2c7c, 0x0121, 4)}, /* Quectel EC21 Mini PCIe */
{QMI_QUIRK_SET_DTR(0x2c7c, 0x0191, 4)}, /* Quectel EG91 */
{QMI_FIXED_INTF(0x2c7c, 0x0296, 4)}, /* Quectel BG96 */
@@ -1363,27 +1371,12 @@ static bool quectel_ec20_detected(struct usb_interface *intf)
return false;
}
-static bool quectel_diag_detected(struct usb_interface *intf)
-{
- struct usb_device *dev = interface_to_usbdev(intf);
- struct usb_interface_descriptor intf_desc = intf->cur_altsetting->desc;
- u16 id_vendor = le16_to_cpu(dev->descriptor.idVendor);
- u16 id_product = le16_to_cpu(dev->descriptor.idProduct);
-
- if (id_vendor != 0x2c7c || intf_desc.bNumEndpoints != 2)
- return false;
-
- if (id_product == 0x0306 || id_product == 0x0512)
- return true;
- else
- return false;
-}
-
static int qmi_wwan_probe(struct usb_interface *intf,
const struct usb_device_id *prod)
{
struct usb_device_id *id = (struct usb_device_id *)prod;
struct usb_interface_descriptor *desc = &intf->cur_altsetting->desc;
+ const struct driver_info *info;
/* Workaround to enable dynamic IDs. This disables usbnet
* blacklisting functionality. Which, if required, can be
@@ -1417,10 +1410,14 @@ static int qmi_wwan_probe(struct usb_interface *intf,
* we need to match on class/subclass/protocol. These values are
* identical for the diagnostic- and QMI-interface, but bNumEndpoints is
* different. Ignore the current interface if the number of endpoints
- * the number for the diag interface (two).
+ * equals the number for the diag interface (two).
*/
- if (quectel_diag_detected(intf))
- return -ENODEV;
+ info = (void *)&id->driver_info;
+
+ if (info->data & QMI_WWAN_QUIRK_QUECTEL_DYNCFG) {
+ if (desc->bNumEndpoints == 2)
+ return -ENODEV;
+ }
return usbnet_probe(intf, id);
}
--
2.20.1
^ permalink raw reply related [flat|nested] 429+ messages in thread
* [PATCH 5.1 224/405] net: hns3: add error handler for initializing command queue
2019-05-30 2:59 [PATCH 5.1 000/405] 5.1.6-stable review Greg Kroah-Hartman
` (222 preceding siblings ...)
2019-05-30 3:03 ` [PATCH 5.1 223/405] qmi_wwan: Add quirk for Quectel dynamic config Greg Kroah-Hartman
@ 2019-05-30 3:03 ` Greg Kroah-Hartman
2019-05-30 3:03 ` [PATCH 5.1 225/405] cpufreq: ppc_cbe: fix possible object reference leak Greg Kroah-Hartman
` (185 subsequent siblings)
409 siblings, 0 replies; 429+ messages in thread
From: Greg Kroah-Hartman @ 2019-05-30 3:03 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Huazhong Tan, Peng Li,
David S. Miller, Sasha Levin
[ Upstream commit 4339ef396ab65a61f7f22f36d7ba94b6e9e0939b ]
This patch adds error handler for the failure of command queue
initialization both PF and VF.
Signed-off-by: Huazhong Tan <tanhuazhong@huawei.com>
Signed-off-by: Peng Li <lipeng321@huawei.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
.../net/ethernet/hisilicon/hns3/hns3pf/hclge_cmd.c | 11 ++++++++---
.../net/ethernet/hisilicon/hns3/hns3vf/hclgevf_cmd.c | 11 ++++++++---
2 files changed, 16 insertions(+), 6 deletions(-)
diff --git a/drivers/net/ethernet/hisilicon/hns3/hns3pf/hclge_cmd.c b/drivers/net/ethernet/hisilicon/hns3/hns3pf/hclge_cmd.c
index 3a093a92eac51..d92e4af11b1fe 100644
--- a/drivers/net/ethernet/hisilicon/hns3/hns3pf/hclge_cmd.c
+++ b/drivers/net/ethernet/hisilicon/hns3/hns3pf/hclge_cmd.c
@@ -373,21 +373,26 @@ int hclge_cmd_init(struct hclge_dev *hdev)
* reset may happen when lower level reset is being processed.
*/
if ((hclge_is_reset_pending(hdev))) {
- set_bit(HCLGE_STATE_CMD_DISABLE, &hdev->state);
- return -EBUSY;
+ ret = -EBUSY;
+ goto err_cmd_init;
}
ret = hclge_cmd_query_firmware_version(&hdev->hw, &version);
if (ret) {
dev_err(&hdev->pdev->dev,
"firmware version query failed %d\n", ret);
- return ret;
+ goto err_cmd_init;
}
hdev->fw_version = version;
dev_info(&hdev->pdev->dev, "The firmware version is %08x\n", version);
return 0;
+
+err_cmd_init:
+ set_bit(HCLGE_STATE_CMD_DISABLE, &hdev->state);
+
+ return ret;
}
static void hclge_cmd_uninit_regs(struct hclge_hw *hw)
diff --git a/drivers/net/ethernet/hisilicon/hns3/hns3vf/hclgevf_cmd.c b/drivers/net/ethernet/hisilicon/hns3/hns3vf/hclgevf_cmd.c
index 9a0a501908aec..382ecb15e7435 100644
--- a/drivers/net/ethernet/hisilicon/hns3/hns3vf/hclgevf_cmd.c
+++ b/drivers/net/ethernet/hisilicon/hns3/hns3vf/hclgevf_cmd.c
@@ -344,8 +344,8 @@ int hclgevf_cmd_init(struct hclgevf_dev *hdev)
* reset may happen when lower level reset is being processed.
*/
if (hclgevf_is_reset_pending(hdev)) {
- set_bit(HCLGEVF_STATE_CMD_DISABLE, &hdev->state);
- return -EBUSY;
+ ret = -EBUSY;
+ goto err_cmd_init;
}
/* get firmware version */
@@ -353,13 +353,18 @@ int hclgevf_cmd_init(struct hclgevf_dev *hdev)
if (ret) {
dev_err(&hdev->pdev->dev,
"failed(%d) to query firmware version\n", ret);
- return ret;
+ goto err_cmd_init;
}
hdev->fw_version = version;
dev_info(&hdev->pdev->dev, "The firmware version is %08x\n", version);
return 0;
+
+err_cmd_init:
+ set_bit(HCLGEVF_STATE_CMD_DISABLE, &hdev->state);
+
+ return ret;
}
static void hclgevf_cmd_uninit_regs(struct hclgevf_hw *hw)
--
2.20.1
^ permalink raw reply related [flat|nested] 429+ messages in thread
* [PATCH 5.1 225/405] cpufreq: ppc_cbe: fix possible object reference leak
2019-05-30 2:59 [PATCH 5.1 000/405] 5.1.6-stable review Greg Kroah-Hartman
` (223 preceding siblings ...)
2019-05-30 3:03 ` [PATCH 5.1 224/405] net: hns3: add error handler for initializing command queue Greg Kroah-Hartman
@ 2019-05-30 3:03 ` Greg Kroah-Hartman
2019-05-30 3:03 ` Greg Kroah-Hartman
` (184 subsequent siblings)
409 siblings, 0 replies; 429+ messages in thread
From: Greg Kroah-Hartman @ 2019-05-30 3:03 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Wen Yang, Rafael J. Wysocki,
Viresh Kumar, linux-pm, Sasha Levin
[ Upstream commit 233298032803f2802fe99892d0de4ab653bfece4 ]
The call to of_get_cpu_node returns a node pointer with refcount
incremented thus it must be explicitly decremented after the last
usage.
Detected by coccinelle with the following warnings:
./drivers/cpufreq/ppc_cbe_cpufreq.c:89:2-8: ERROR: missing of_node_put; acquired a node pointer with refcount incremented on line 76, but without a corresponding object release within this function.
./drivers/cpufreq/ppc_cbe_cpufreq.c:89:2-8: ERROR: missing of_node_put; acquired a node pointer with refcount incremented on line 76, but without a corresponding object release within this function.
Signed-off-by: Wen Yang <wen.yang99@zte.com.cn>
Cc: "Rafael J. Wysocki" <rjw@rjwysocki.net>
Cc: Viresh Kumar <viresh.kumar@linaro.org>
Cc: linux-pm@vger.kernel.org
Cc: linux-kernel@vger.kernel.org
Signed-off-by: Viresh Kumar <viresh.kumar@linaro.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/cpufreq/ppc_cbe_cpufreq.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/drivers/cpufreq/ppc_cbe_cpufreq.c b/drivers/cpufreq/ppc_cbe_cpufreq.c
index 41a0f0be3f9ff..8414c3a4ea08c 100644
--- a/drivers/cpufreq/ppc_cbe_cpufreq.c
+++ b/drivers/cpufreq/ppc_cbe_cpufreq.c
@@ -86,6 +86,7 @@ static int cbe_cpufreq_cpu_init(struct cpufreq_policy *policy)
if (!cbe_get_cpu_pmd_regs(policy->cpu) ||
!cbe_get_cpu_mic_tm_regs(policy->cpu)) {
pr_info("invalid CBE regs pointers for cpufreq\n");
+ of_node_put(cpu);
return -EINVAL;
}
--
2.20.1
^ permalink raw reply related [flat|nested] 429+ messages in thread
* [PATCH 5.1 226/405] cpufreq/pasemi: fix possible object reference leak
2019-05-30 2:59 [PATCH 5.1 000/405] 5.1.6-stable review Greg Kroah-Hartman
@ 2019-05-30 3:03 ` Greg Kroah-Hartman
2019-05-30 3:00 ` [PATCH 5.1 002/405] ext4: do not delete unlinked inode from orphan list on failed truncate Greg Kroah-Hartman
` (408 subsequent siblings)
409 siblings, 0 replies; 429+ messages in thread
From: Greg Kroah-Hartman @ 2019-05-30 3:03 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Wen Yang, Rafael J. Wysocki,
Viresh Kumar, linuxppc-dev, linux-pm, Sasha Levin
[ Upstream commit a9acc26b75f652f697e02a9febe2ab0da648a571 ]
The call to of_get_cpu_node returns a node pointer with refcount
incremented thus it must be explicitly decremented after the last
usage.
Detected by coccinelle with the following warnings:
./drivers/cpufreq/pasemi-cpufreq.c:212:1-7: ERROR: missing of_node_put; acquired a node pointer with refcount incremented on line 147, but without a corresponding object release within this function.
./drivers/cpufreq/pasemi-cpufreq.c:220:1-7: ERROR: missing of_node_put; acquired a node pointer with refcount incremented on line 147, but without a corresponding object release within this function.
Signed-off-by: Wen Yang <wen.yang99@zte.com.cn>
Cc: "Rafael J. Wysocki" <rjw@rjwysocki.net>
Cc: Viresh Kumar <viresh.kumar@linaro.org>
Cc: linuxppc-dev@lists.ozlabs.org
Cc: linux-pm@vger.kernel.org
Cc: linux-kernel@vger.kernel.org
Signed-off-by: Viresh Kumar <viresh.kumar@linaro.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/cpufreq/pasemi-cpufreq.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/drivers/cpufreq/pasemi-cpufreq.c b/drivers/cpufreq/pasemi-cpufreq.c
index 75dfbd2a58ea6..c7710c149de85 100644
--- a/drivers/cpufreq/pasemi-cpufreq.c
+++ b/drivers/cpufreq/pasemi-cpufreq.c
@@ -146,6 +146,7 @@ static int pas_cpufreq_cpu_init(struct cpufreq_policy *policy)
cpu = of_get_cpu_node(policy->cpu, NULL);
+ of_node_put(cpu);
if (!cpu)
goto out;
--
2.20.1
^ permalink raw reply related [flat|nested] 429+ messages in thread
* [PATCH 5.1 226/405] cpufreq/pasemi: fix possible object reference leak
@ 2019-05-30 3:03 ` Greg Kroah-Hartman
0 siblings, 0 replies; 429+ messages in thread
From: Greg Kroah-Hartman @ 2019-05-30 3:03 UTC (permalink / raw)
To: linux-kernel
Cc: Sasha Levin, linux-pm, Greg Kroah-Hartman, Rafael J. Wysocki,
stable, Viresh Kumar, linuxppc-dev, Wen Yang
[ Upstream commit a9acc26b75f652f697e02a9febe2ab0da648a571 ]
The call to of_get_cpu_node returns a node pointer with refcount
incremented thus it must be explicitly decremented after the last
usage.
Detected by coccinelle with the following warnings:
./drivers/cpufreq/pasemi-cpufreq.c:212:1-7: ERROR: missing of_node_put; acquired a node pointer with refcount incremented on line 147, but without a corresponding object release within this function.
./drivers/cpufreq/pasemi-cpufreq.c:220:1-7: ERROR: missing of_node_put; acquired a node pointer with refcount incremented on line 147, but without a corresponding object release within this function.
Signed-off-by: Wen Yang <wen.yang99@zte.com.cn>
Cc: "Rafael J. Wysocki" <rjw@rjwysocki.net>
Cc: Viresh Kumar <viresh.kumar@linaro.org>
Cc: linuxppc-dev@lists.ozlabs.org
Cc: linux-pm@vger.kernel.org
Cc: linux-kernel@vger.kernel.org
Signed-off-by: Viresh Kumar <viresh.kumar@linaro.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/cpufreq/pasemi-cpufreq.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/drivers/cpufreq/pasemi-cpufreq.c b/drivers/cpufreq/pasemi-cpufreq.c
index 75dfbd2a58ea6..c7710c149de85 100644
--- a/drivers/cpufreq/pasemi-cpufreq.c
+++ b/drivers/cpufreq/pasemi-cpufreq.c
@@ -146,6 +146,7 @@ static int pas_cpufreq_cpu_init(struct cpufreq_policy *policy)
cpu = of_get_cpu_node(policy->cpu, NULL);
+ of_node_put(cpu);
if (!cpu)
goto out;
--
2.20.1
^ permalink raw reply related [flat|nested] 429+ messages in thread
* [PATCH 5.1 227/405] cpufreq: pmac32: fix possible object reference leak
2019-05-30 2:59 [PATCH 5.1 000/405] 5.1.6-stable review Greg Kroah-Hartman
@ 2019-05-30 3:03 ` Greg Kroah-Hartman
2019-05-30 3:00 ` [PATCH 5.1 002/405] ext4: do not delete unlinked inode from orphan list on failed truncate Greg Kroah-Hartman
` (408 subsequent siblings)
409 siblings, 0 replies; 429+ messages in thread
From: Greg Kroah-Hartman @ 2019-05-30 3:03 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Wen Yang, Rafael J. Wysocki,
Viresh Kumar, Benjamin Herrenschmidt, Paul Mackerras,
Michael Ellerman, linux-pm, linuxppc-dev, Sasha Levin
[ Upstream commit 8d10dc28a9ea6e8c02e825dab28699f3c72b02d9 ]
The call to of_find_node_by_name returns a node pointer with refcount
incremented thus it must be explicitly decremented after the last
usage.
Detected by coccinelle with the following warnings:
./drivers/cpufreq/pmac32-cpufreq.c:557:2-8: ERROR: missing of_node_put; acquired a node pointer with refcount incremented on line 552, but without a corresponding object release within this function.
./drivers/cpufreq/pmac32-cpufreq.c:569:1-7: ERROR: missing of_node_put; acquired a node pointer with refcount incremented on line 552, but without a corresponding object release within this function.
./drivers/cpufreq/pmac32-cpufreq.c:598:1-7: ERROR: missing of_node_put; acquired a node pointer with refcount incremented on line 587, but without a corresponding object release within this function.
Signed-off-by: Wen Yang <wen.yang99@zte.com.cn>
Cc: "Rafael J. Wysocki" <rjw@rjwysocki.net>
Cc: Viresh Kumar <viresh.kumar@linaro.org>
Cc: Benjamin Herrenschmidt <benh@kernel.crashing.org>
Cc: Paul Mackerras <paulus@samba.org>
Cc: Michael Ellerman <mpe@ellerman.id.au>
Cc: linux-pm@vger.kernel.org
Cc: linuxppc-dev@lists.ozlabs.org
Cc: linux-kernel@vger.kernel.org
Signed-off-by: Viresh Kumar <viresh.kumar@linaro.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/cpufreq/pmac32-cpufreq.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/drivers/cpufreq/pmac32-cpufreq.c b/drivers/cpufreq/pmac32-cpufreq.c
index 52f0d91d30c17..9b4ce2eb8222c 100644
--- a/drivers/cpufreq/pmac32-cpufreq.c
+++ b/drivers/cpufreq/pmac32-cpufreq.c
@@ -552,6 +552,7 @@ static int pmac_cpufreq_init_7447A(struct device_node *cpunode)
volt_gpio_np = of_find_node_by_name(NULL, "cpu-vcore-select");
if (volt_gpio_np)
voltage_gpio = read_gpio(volt_gpio_np);
+ of_node_put(volt_gpio_np);
if (!voltage_gpio){
pr_err("missing cpu-vcore-select gpio\n");
return 1;
@@ -588,6 +589,7 @@ static int pmac_cpufreq_init_750FX(struct device_node *cpunode)
if (volt_gpio_np)
voltage_gpio = read_gpio(volt_gpio_np);
+ of_node_put(volt_gpio_np);
pvr = mfspr(SPRN_PVR);
has_cpu_l2lve = !((pvr & 0xf00) == 0x100);
--
2.20.1
^ permalink raw reply related [flat|nested] 429+ messages in thread
* [PATCH 5.1 227/405] cpufreq: pmac32: fix possible object reference leak
@ 2019-05-30 3:03 ` Greg Kroah-Hartman
0 siblings, 0 replies; 429+ messages in thread
From: Greg Kroah-Hartman @ 2019-05-30 3:03 UTC (permalink / raw)
To: linux-kernel
Cc: Sasha Levin, linux-pm, Greg Kroah-Hartman, Rafael J. Wysocki,
stable, Viresh Kumar, Paul Mackerras, linuxppc-dev, Wen Yang
[ Upstream commit 8d10dc28a9ea6e8c02e825dab28699f3c72b02d9 ]
The call to of_find_node_by_name returns a node pointer with refcount
incremented thus it must be explicitly decremented after the last
usage.
Detected by coccinelle with the following warnings:
./drivers/cpufreq/pmac32-cpufreq.c:557:2-8: ERROR: missing of_node_put; acquired a node pointer with refcount incremented on line 552, but without a corresponding object release within this function.
./drivers/cpufreq/pmac32-cpufreq.c:569:1-7: ERROR: missing of_node_put; acquired a node pointer with refcount incremented on line 552, but without a corresponding object release within this function.
./drivers/cpufreq/pmac32-cpufreq.c:598:1-7: ERROR: missing of_node_put; acquired a node pointer with refcount incremented on line 587, but without a corresponding object release within this function.
Signed-off-by: Wen Yang <wen.yang99@zte.com.cn>
Cc: "Rafael J. Wysocki" <rjw@rjwysocki.net>
Cc: Viresh Kumar <viresh.kumar@linaro.org>
Cc: Benjamin Herrenschmidt <benh@kernel.crashing.org>
Cc: Paul Mackerras <paulus@samba.org>
Cc: Michael Ellerman <mpe@ellerman.id.au>
Cc: linux-pm@vger.kernel.org
Cc: linuxppc-dev@lists.ozlabs.org
Cc: linux-kernel@vger.kernel.org
Signed-off-by: Viresh Kumar <viresh.kumar@linaro.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/cpufreq/pmac32-cpufreq.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/drivers/cpufreq/pmac32-cpufreq.c b/drivers/cpufreq/pmac32-cpufreq.c
index 52f0d91d30c17..9b4ce2eb8222c 100644
--- a/drivers/cpufreq/pmac32-cpufreq.c
+++ b/drivers/cpufreq/pmac32-cpufreq.c
@@ -552,6 +552,7 @@ static int pmac_cpufreq_init_7447A(struct device_node *cpunode)
volt_gpio_np = of_find_node_by_name(NULL, "cpu-vcore-select");
if (volt_gpio_np)
voltage_gpio = read_gpio(volt_gpio_np);
+ of_node_put(volt_gpio_np);
if (!voltage_gpio){
pr_err("missing cpu-vcore-select gpio\n");
return 1;
@@ -588,6 +589,7 @@ static int pmac_cpufreq_init_750FX(struct device_node *cpunode)
if (volt_gpio_np)
voltage_gpio = read_gpio(volt_gpio_np);
+ of_node_put(volt_gpio_np);
pvr = mfspr(SPRN_PVR);
has_cpu_l2lve = !((pvr & 0xf00) == 0x100);
--
2.20.1
^ permalink raw reply related [flat|nested] 429+ messages in thread
* [PATCH 5.1 228/405] cpufreq: kirkwood: fix possible object reference leak
2019-05-30 2:59 [PATCH 5.1 000/405] 5.1.6-stable review Greg Kroah-Hartman
` (226 preceding siblings ...)
2019-05-30 3:03 ` Greg Kroah-Hartman
@ 2019-05-30 3:03 ` Greg Kroah-Hartman
2019-05-30 3:03 ` Greg Kroah-Hartman
` (181 subsequent siblings)
409 siblings, 0 replies; 429+ messages in thread
From: Greg Kroah-Hartman @ 2019-05-30 3:03 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Wen Yang, Rafael J. Wysocki,
Viresh Kumar, linux-pm, Sasha Levin
[ Upstream commit 7c468966f05ac9c17bb5948275283d34e6fe0660 ]
The call to of_get_child_by_name returns a node pointer with refcount
incremented thus it must be explicitly decremented after the last
usage.
Detected by coccinelle with the following warnings:
./drivers/cpufreq/kirkwood-cpufreq.c:127:2-8: ERROR: missing of_node_put; acquired a node pointer with refcount incremented on line 118, but without a corresponding object release within this function.
./drivers/cpufreq/kirkwood-cpufreq.c:133:2-8: ERROR: missing of_node_put; acquired a node pointer with refcount incremented on line 118, but without a corresponding object release within this function.
and also do some cleanup:
- of_node_put(np);
- np = NULL;
...
of_node_put(np);
Signed-off-by: Wen Yang <wen.yang99@zte.com.cn>
Cc: "Rafael J. Wysocki" <rjw@rjwysocki.net>
Cc: Viresh Kumar <viresh.kumar@linaro.org>
Cc: linux-pm@vger.kernel.org
Cc: linux-kernel@vger.kernel.org
Signed-off-by: Viresh Kumar <viresh.kumar@linaro.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/cpufreq/kirkwood-cpufreq.c | 19 +++++++++++--------
1 file changed, 11 insertions(+), 8 deletions(-)
diff --git a/drivers/cpufreq/kirkwood-cpufreq.c b/drivers/cpufreq/kirkwood-cpufreq.c
index c2dd43f3f5d8a..8d63a6dc8383c 100644
--- a/drivers/cpufreq/kirkwood-cpufreq.c
+++ b/drivers/cpufreq/kirkwood-cpufreq.c
@@ -124,13 +124,14 @@ static int kirkwood_cpufreq_probe(struct platform_device *pdev)
priv.cpu_clk = of_clk_get_by_name(np, "cpu_clk");
if (IS_ERR(priv.cpu_clk)) {
dev_err(priv.dev, "Unable to get cpuclk\n");
- return PTR_ERR(priv.cpu_clk);
+ err = PTR_ERR(priv.cpu_clk);
+ goto out_node;
}
err = clk_prepare_enable(priv.cpu_clk);
if (err) {
dev_err(priv.dev, "Unable to prepare cpuclk\n");
- return err;
+ goto out_node;
}
kirkwood_freq_table[0].frequency = clk_get_rate(priv.cpu_clk) / 1000;
@@ -161,20 +162,22 @@ static int kirkwood_cpufreq_probe(struct platform_device *pdev)
goto out_ddr;
}
- of_node_put(np);
- np = NULL;
-
err = cpufreq_register_driver(&kirkwood_cpufreq_driver);
- if (!err)
- return 0;
+ if (err) {
+ dev_err(priv.dev, "Failed to register cpufreq driver\n");
+ goto out_powersave;
+ }
- dev_err(priv.dev, "Failed to register cpufreq driver\n");
+ of_node_put(np);
+ return 0;
+out_powersave:
clk_disable_unprepare(priv.powersave_clk);
out_ddr:
clk_disable_unprepare(priv.ddr_clk);
out_cpu:
clk_disable_unprepare(priv.cpu_clk);
+out_node:
of_node_put(np);
return err;
--
2.20.1
^ permalink raw reply related [flat|nested] 429+ messages in thread
* [PATCH 5.1 229/405] cpufreq: imx6q: fix possible object reference leak
2019-05-30 2:59 [PATCH 5.1 000/405] 5.1.6-stable review Greg Kroah-Hartman
@ 2019-05-30 3:03 ` Greg Kroah-Hartman
2019-05-30 3:00 ` [PATCH 5.1 002/405] ext4: do not delete unlinked inode from orphan list on failed truncate Greg Kroah-Hartman
` (408 subsequent siblings)
409 siblings, 0 replies; 429+ messages in thread
From: Greg Kroah-Hartman @ 2019-05-30 3:03 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Wen Yang, Rafael J. Wysocki,
Viresh Kumar, Shawn Guo, Sascha Hauer, Pengutronix Kernel Team,
Fabio Estevam, NXP Linux Team, linux-pm, linux-arm-kernel,
Sasha Levin
[ Upstream commit ddb64c5db3cc8fb9c1242214d5798b2c2865681c ]
The call to of_node_get returns a node pointer with refcount
incremented thus it must be explicitly decremented after the last
usage.
Detected by coccinelle with the following warnings:
./drivers/cpufreq/imx6q-cpufreq.c:391:4-10: ERROR: missing of_node_put; acquired a node pointer with refcount incremented on line 348, but without a corresponding object release within this function.
./drivers/cpufreq/imx6q-cpufreq.c:395:3-9: ERROR: missing of_node_put; acquired a node pointer with refcount incremented on line 348, but without a corresponding object release within this function.
Signed-off-by: Wen Yang <wen.yang99@zte.com.cn>
Cc: "Rafael J. Wysocki" <rjw@rjwysocki.net>
Cc: Viresh Kumar <viresh.kumar@linaro.org>
Cc: Shawn Guo <shawnguo@kernel.org>
Cc: Sascha Hauer <s.hauer@pengutronix.de>
Cc: Pengutronix Kernel Team <kernel@pengutronix.de>
Cc: Fabio Estevam <festevam@gmail.com>
Cc: NXP Linux Team <linux-imx@nxp.com>
Cc: linux-pm@vger.kernel.org
Cc: linux-arm-kernel@lists.infradead.org
Cc: linux-kernel@vger.kernel.org
Signed-off-by: Viresh Kumar <viresh.kumar@linaro.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/cpufreq/imx6q-cpufreq.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/drivers/cpufreq/imx6q-cpufreq.c b/drivers/cpufreq/imx6q-cpufreq.c
index a4ff09f91c8f8..3e17560b1efe3 100644
--- a/drivers/cpufreq/imx6q-cpufreq.c
+++ b/drivers/cpufreq/imx6q-cpufreq.c
@@ -388,11 +388,11 @@ static int imx6q_cpufreq_probe(struct platform_device *pdev)
ret = imx6ul_opp_check_speed_grading(cpu_dev);
if (ret) {
if (ret == -EPROBE_DEFER)
- return ret;
+ goto put_node;
dev_err(cpu_dev, "failed to read ocotp: %d\n",
ret);
- return ret;
+ goto put_node;
}
} else {
imx6q_opp_check_speed_grading(cpu_dev);
--
2.20.1
^ permalink raw reply related [flat|nested] 429+ messages in thread
* [PATCH 5.1 229/405] cpufreq: imx6q: fix possible object reference leak
@ 2019-05-30 3:03 ` Greg Kroah-Hartman
0 siblings, 0 replies; 429+ messages in thread
From: Greg Kroah-Hartman @ 2019-05-30 3:03 UTC (permalink / raw)
To: linux-kernel
Cc: Sasha Levin, Fabio Estevam, linux-pm, Greg Kroah-Hartman,
Sascha Hauer, Rafael J. Wysocki, stable, NXP Linux Team,
Pengutronix Kernel Team, Viresh Kumar, Shawn Guo, Wen Yang,
linux-arm-kernel
[ Upstream commit ddb64c5db3cc8fb9c1242214d5798b2c2865681c ]
The call to of_node_get returns a node pointer with refcount
incremented thus it must be explicitly decremented after the last
usage.
Detected by coccinelle with the following warnings:
./drivers/cpufreq/imx6q-cpufreq.c:391:4-10: ERROR: missing of_node_put; acquired a node pointer with refcount incremented on line 348, but without a corresponding object release within this function.
./drivers/cpufreq/imx6q-cpufreq.c:395:3-9: ERROR: missing of_node_put; acquired a node pointer with refcount incremented on line 348, but without a corresponding object release within this function.
Signed-off-by: Wen Yang <wen.yang99@zte.com.cn>
Cc: "Rafael J. Wysocki" <rjw@rjwysocki.net>
Cc: Viresh Kumar <viresh.kumar@linaro.org>
Cc: Shawn Guo <shawnguo@kernel.org>
Cc: Sascha Hauer <s.hauer@pengutronix.de>
Cc: Pengutronix Kernel Team <kernel@pengutronix.de>
Cc: Fabio Estevam <festevam@gmail.com>
Cc: NXP Linux Team <linux-imx@nxp.com>
Cc: linux-pm@vger.kernel.org
Cc: linux-arm-kernel@lists.infradead.org
Cc: linux-kernel@vger.kernel.org
Signed-off-by: Viresh Kumar <viresh.kumar@linaro.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/cpufreq/imx6q-cpufreq.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/drivers/cpufreq/imx6q-cpufreq.c b/drivers/cpufreq/imx6q-cpufreq.c
index a4ff09f91c8f8..3e17560b1efe3 100644
--- a/drivers/cpufreq/imx6q-cpufreq.c
+++ b/drivers/cpufreq/imx6q-cpufreq.c
@@ -388,11 +388,11 @@ static int imx6q_cpufreq_probe(struct platform_device *pdev)
ret = imx6ul_opp_check_speed_grading(cpu_dev);
if (ret) {
if (ret == -EPROBE_DEFER)
- return ret;
+ goto put_node;
dev_err(cpu_dev, "failed to read ocotp: %d\n",
ret);
- return ret;
+ goto put_node;
}
} else {
imx6q_opp_check_speed_grading(cpu_dev);
--
2.20.1
_______________________________________________
linux-arm-kernel mailing list
linux-arm-kernel@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/linux-arm-kernel
^ permalink raw reply related [flat|nested] 429+ messages in thread
* [PATCH 5.1 230/405] cpufreq: ap806: fix possible object reference leak
2019-05-30 2:59 [PATCH 5.1 000/405] 5.1.6-stable review Greg Kroah-Hartman
@ 2019-05-30 3:03 ` Greg Kroah-Hartman
2019-05-30 3:00 ` [PATCH 5.1 002/405] ext4: do not delete unlinked inode from orphan list on failed truncate Greg Kroah-Hartman
` (408 subsequent siblings)
409 siblings, 0 replies; 429+ messages in thread
From: Greg Kroah-Hartman @ 2019-05-30 3:03 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Wen Yang, Jason Cooper, Andrew Lunn,
Gregory Clement, Sebastian Hesselbarth, Rafael J. Wysocki,
Viresh Kumar, linux-arm-kernel, linux-pm, Sasha Levin
[ Upstream commit b623fa320f8360f049a6f3c3ccc487cb85af4c5b ]
The call to of_find_compatible_node returns a node pointer with refcount
incremented thus it must be explicitly decremented after the last
usage.
Detected by coccinelle with the following warnings:
./drivers/cpufreq/armada-8k-cpufreq.c:187:1-7: ERROR: missing of_node_put; acquired a node pointer with refcount incremented on line 130, but without a corresponding object release within this function.
./drivers/cpufreq/armada-8k-cpufreq.c:191:1-7: ERROR: missing of_node_put; acquired a node pointer with refcount incremented on line 130, but without a corresponding object release within this function.
Signed-off-by: Wen Yang <wen.yang99@zte.com.cn>
Cc: Jason Cooper <jason@lakedaemon.net>
Cc: Andrew Lunn <andrew@lunn.ch>
Cc: Gregory Clement <gregory.clement@bootlin.com>
Cc: Sebastian Hesselbarth <sebastian.hesselbarth@gmail.com>
Cc: "Rafael J. Wysocki" <rjw@rjwysocki.net>
Cc: Viresh Kumar <viresh.kumar@linaro.org>
Cc: linux-arm-kernel@lists.infradead.org
Cc: linux-pm@vger.kernel.org
Cc: linux-kernel@vger.kernel.org
Signed-off-by: Viresh Kumar <viresh.kumar@linaro.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/cpufreq/armada-8k-cpufreq.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/drivers/cpufreq/armada-8k-cpufreq.c b/drivers/cpufreq/armada-8k-cpufreq.c
index b3f4bd647e9b3..988ebc326bdbb 100644
--- a/drivers/cpufreq/armada-8k-cpufreq.c
+++ b/drivers/cpufreq/armada-8k-cpufreq.c
@@ -132,6 +132,7 @@ static int __init armada_8k_cpufreq_init(void)
of_node_put(node);
return -ENODEV;
}
+ of_node_put(node);
nb_cpus = num_possible_cpus();
freq_tables = kcalloc(nb_cpus, sizeof(*freq_tables), GFP_KERNEL);
--
2.20.1
^ permalink raw reply related [flat|nested] 429+ messages in thread
* [PATCH 5.1 230/405] cpufreq: ap806: fix possible object reference leak
@ 2019-05-30 3:03 ` Greg Kroah-Hartman
0 siblings, 0 replies; 429+ messages in thread
From: Greg Kroah-Hartman @ 2019-05-30 3:03 UTC (permalink / raw)
To: linux-kernel
Cc: Sasha Levin, Andrew Lunn, Jason Cooper, linux-pm,
Greg Kroah-Hartman, Gregory Clement, Rafael J. Wysocki, stable,
Viresh Kumar, Wen Yang, linux-arm-kernel, Sebastian Hesselbarth
[ Upstream commit b623fa320f8360f049a6f3c3ccc487cb85af4c5b ]
The call to of_find_compatible_node returns a node pointer with refcount
incremented thus it must be explicitly decremented after the last
usage.
Detected by coccinelle with the following warnings:
./drivers/cpufreq/armada-8k-cpufreq.c:187:1-7: ERROR: missing of_node_put; acquired a node pointer with refcount incremented on line 130, but without a corresponding object release within this function.
./drivers/cpufreq/armada-8k-cpufreq.c:191:1-7: ERROR: missing of_node_put; acquired a node pointer with refcount incremented on line 130, but without a corresponding object release within this function.
Signed-off-by: Wen Yang <wen.yang99@zte.com.cn>
Cc: Jason Cooper <jason@lakedaemon.net>
Cc: Andrew Lunn <andrew@lunn.ch>
Cc: Gregory Clement <gregory.clement@bootlin.com>
Cc: Sebastian Hesselbarth <sebastian.hesselbarth@gmail.com>
Cc: "Rafael J. Wysocki" <rjw@rjwysocki.net>
Cc: Viresh Kumar <viresh.kumar@linaro.org>
Cc: linux-arm-kernel@lists.infradead.org
Cc: linux-pm@vger.kernel.org
Cc: linux-kernel@vger.kernel.org
Signed-off-by: Viresh Kumar <viresh.kumar@linaro.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/cpufreq/armada-8k-cpufreq.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/drivers/cpufreq/armada-8k-cpufreq.c b/drivers/cpufreq/armada-8k-cpufreq.c
index b3f4bd647e9b3..988ebc326bdbb 100644
--- a/drivers/cpufreq/armada-8k-cpufreq.c
+++ b/drivers/cpufreq/armada-8k-cpufreq.c
@@ -132,6 +132,7 @@ static int __init armada_8k_cpufreq_init(void)
of_node_put(node);
return -ENODEV;
}
+ of_node_put(node);
nb_cpus = num_possible_cpus();
freq_tables = kcalloc(nb_cpus, sizeof(*freq_tables), GFP_KERNEL);
--
2.20.1
_______________________________________________
linux-arm-kernel mailing list
linux-arm-kernel@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/linux-arm-kernel
^ permalink raw reply related [flat|nested] 429+ messages in thread
* [PATCH 5.1 231/405] block: sed-opal: fix IOC_OPAL_ENABLE_DISABLE_MBR
2019-05-30 2:59 [PATCH 5.1 000/405] 5.1.6-stable review Greg Kroah-Hartman
` (229 preceding siblings ...)
2019-05-30 3:03 ` Greg Kroah-Hartman
@ 2019-05-30 3:03 ` Greg Kroah-Hartman
2019-05-30 3:03 ` [PATCH 5.1 232/405] habanalabs: prevent device PTE read/write during hard-reset Greg Kroah-Hartman
` (178 subsequent siblings)
409 siblings, 0 replies; 429+ messages in thread
From: Greg Kroah-Hartman @ 2019-05-30 3:03 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Jon Derrick, Christoph Hellwig,
Scott Bauer, David Kozub, Jens Axboe, Sasha Levin
[ Upstream commit 78bf47353b0041865564deeed257a54f047c2fdc ]
The implementation of IOC_OPAL_ENABLE_DISABLE_MBR handled the value
opal_mbr_data.enable_disable incorrectly: enable_disable is expected
to be one of OPAL_MBR_ENABLE(0) or OPAL_MBR_DISABLE(1). enable_disable
was passed directly to set_mbr_done and set_mbr_enable_disable where
is was interpreted as either OPAL_TRUE(1) or OPAL_FALSE(0). The end
result was that calling IOC_OPAL_ENABLE_DISABLE_MBR with OPAL_MBR_ENABLE
actually disabled the shadow MBR and vice versa.
This patch adds correct conversion from OPAL_MBR_DISABLE/ENABLE to
OPAL_FALSE/TRUE. The change affects existing programs using
IOC_OPAL_ENABLE_DISABLE_MBR but this is typically used only once when
setting up an Opal drive.
Acked-by: Jon Derrick <jonathan.derrick@intel.com>
Reviewed-by: Christoph Hellwig <hch@lst.de>
Reviewed-by: Scott Bauer <sbauer@plzdonthack.me>
Signed-off-by: David Kozub <zub@linux.fjfi.cvut.cz>
Signed-off-by: Jens Axboe <axboe@kernel.dk>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
block/sed-opal.c | 9 ++++++---
1 file changed, 6 insertions(+), 3 deletions(-)
diff --git a/block/sed-opal.c b/block/sed-opal.c
index e0de4dd448b3c..1196408972937 100644
--- a/block/sed-opal.c
+++ b/block/sed-opal.c
@@ -2095,13 +2095,16 @@ static int opal_erase_locking_range(struct opal_dev *dev,
static int opal_enable_disable_shadow_mbr(struct opal_dev *dev,
struct opal_mbr_data *opal_mbr)
{
+ u8 enable_disable = opal_mbr->enable_disable == OPAL_MBR_ENABLE ?
+ OPAL_TRUE : OPAL_FALSE;
+
const struct opal_step mbr_steps[] = {
{ opal_discovery0, },
{ start_admin1LSP_opal_session, &opal_mbr->key },
- { set_mbr_done, &opal_mbr->enable_disable },
+ { set_mbr_done, &enable_disable },
{ end_opal_session, },
{ start_admin1LSP_opal_session, &opal_mbr->key },
- { set_mbr_enable_disable, &opal_mbr->enable_disable },
+ { set_mbr_enable_disable, &enable_disable },
{ end_opal_session, },
{ NULL, }
};
@@ -2221,7 +2224,7 @@ static int __opal_lock_unlock(struct opal_dev *dev,
static int __opal_set_mbr_done(struct opal_dev *dev, struct opal_key *key)
{
- u8 mbr_done_tf = 1;
+ u8 mbr_done_tf = OPAL_TRUE;
const struct opal_step mbrdone_step [] = {
{ opal_discovery0, },
{ start_admin1LSP_opal_session, key },
--
2.20.1
^ permalink raw reply related [flat|nested] 429+ messages in thread
* [PATCH 5.1 232/405] habanalabs: prevent device PTE read/write during hard-reset
2019-05-30 2:59 [PATCH 5.1 000/405] 5.1.6-stable review Greg Kroah-Hartman
` (230 preceding siblings ...)
2019-05-30 3:03 ` [PATCH 5.1 231/405] block: sed-opal: fix IOC_OPAL_ENABLE_DISABLE_MBR Greg Kroah-Hartman
@ 2019-05-30 3:03 ` Greg Kroah-Hartman
2019-05-30 3:03 ` [PATCH 5.1 233/405] habanalabs: all FD must be closed before removing device Greg Kroah-Hartman
` (177 subsequent siblings)
409 siblings, 0 replies; 429+ messages in thread
From: Greg Kroah-Hartman @ 2019-05-30 3:03 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Oded Gabbay, Sasha Levin
[ Upstream commit 9f201aba56b92c3daa4b76efae056ddbb80d91e6 ]
During hard-reset, contexts are closed as part of the tear-down process.
After a context is closed, the driver cleans up the page tables of that
context in the device's DRAM. This action is both dangerous and
unnecessary.
It is unnecessary, because the device is going through a hard-reset, which
means the device's DRAM contents are no longer valid and the device's MMU
is being reset.
It is dangerous, because if the hard-reset came as a result of a PCI
freeze, this action may cause the entire host machine to hang.
Therefore, prevent all device PTE updates when a hard-reset operation is
pending.
Signed-off-by: Oded Gabbay <oded.gabbay@gmail.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/misc/habanalabs/goya/goya.c | 6 ++++++
1 file changed, 6 insertions(+)
diff --git a/drivers/misc/habanalabs/goya/goya.c b/drivers/misc/habanalabs/goya/goya.c
index 3c509e19d69dc..1533cb3205400 100644
--- a/drivers/misc/habanalabs/goya/goya.c
+++ b/drivers/misc/habanalabs/goya/goya.c
@@ -4407,6 +4407,9 @@ static u64 goya_read_pte(struct hl_device *hdev, u64 addr)
{
struct goya_device *goya = hdev->asic_specific;
+ if (hdev->hard_reset_pending)
+ return U64_MAX;
+
return readq(hdev->pcie_bar[DDR_BAR_ID] +
(addr - goya->ddr_bar_cur_addr));
}
@@ -4415,6 +4418,9 @@ static void goya_write_pte(struct hl_device *hdev, u64 addr, u64 val)
{
struct goya_device *goya = hdev->asic_specific;
+ if (hdev->hard_reset_pending)
+ return;
+
writeq(val, hdev->pcie_bar[DDR_BAR_ID] +
(addr - goya->ddr_bar_cur_addr));
}
--
2.20.1
^ permalink raw reply related [flat|nested] 429+ messages in thread
* [PATCH 5.1 233/405] habanalabs: all FD must be closed before removing device
2019-05-30 2:59 [PATCH 5.1 000/405] 5.1.6-stable review Greg Kroah-Hartman
` (231 preceding siblings ...)
2019-05-30 3:03 ` [PATCH 5.1 232/405] habanalabs: prevent device PTE read/write during hard-reset Greg Kroah-Hartman
@ 2019-05-30 3:03 ` Greg Kroah-Hartman
2019-05-30 3:03 ` [PATCH 5.1 234/405] samples/bpf: fix build with new clang Greg Kroah-Hartman
` (176 subsequent siblings)
409 siblings, 0 replies; 429+ messages in thread
From: Greg Kroah-Hartman @ 2019-05-30 3:03 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Oded Gabbay, Sasha Levin
[ Upstream commit caa3c8e52582fc4d2ed82afd5e7ea164c18ef4fe ]
This patch fixes a bug in the implementation of the function that removes
the device.
The bug can happen when the device is removed but not the driver itself
(e.g. remove by the OS due to PCI freeze in Power architecture).
In that case, there maybe open users that are calling IOCTLs while the
device is removed. This is a possible race condition that the driver must
handle. Otherwise, a kernel panic may occur.
This race is prevented in the hard-reset flow, because the driver makes
sure the users are closed before continuing with the hard-reset. This
race can not occur when the driver itself is removed because the OS makes
sure all the file descriptors are closed.
The fix is to make sure the open users close their file descriptors and if
they don't (after a certain amount of time), the driver sends them a
SIGKILL, because the remove of the device can't be stopped.
The patch re-uses the same code that is called from the hard-reset flow.
Signed-off-by: Oded Gabbay <oded.gabbay@gmail.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/misc/habanalabs/device.c | 32 +++++++++++++++++++++++++++-----
1 file changed, 27 insertions(+), 5 deletions(-)
diff --git a/drivers/misc/habanalabs/device.c b/drivers/misc/habanalabs/device.c
index 77d51be66c7e8..652c8edb2164c 100644
--- a/drivers/misc/habanalabs/device.c
+++ b/drivers/misc/habanalabs/device.c
@@ -498,11 +498,8 @@ int hl_device_resume(struct hl_device *hdev)
return rc;
}
-static void hl_device_hard_reset_pending(struct work_struct *work)
+static void device_kill_open_processes(struct hl_device *hdev)
{
- struct hl_device_reset_work *device_reset_work =
- container_of(work, struct hl_device_reset_work, reset_work);
- struct hl_device *hdev = device_reset_work->hdev;
u16 pending_total, pending_cnt;
struct task_struct *task = NULL;
@@ -537,6 +534,12 @@ static void hl_device_hard_reset_pending(struct work_struct *work)
}
}
+ /* We killed the open users, but because the driver cleans up after the
+ * user contexts are closed (e.g. mmu mappings), we need to wait again
+ * to make sure the cleaning phase is finished before continuing with
+ * the reset
+ */
+
pending_cnt = pending_total;
while ((atomic_read(&hdev->fd_open_cnt)) && (pending_cnt)) {
@@ -552,6 +555,16 @@ static void hl_device_hard_reset_pending(struct work_struct *work)
mutex_unlock(&hdev->fd_open_cnt_lock);
+}
+
+static void device_hard_reset_pending(struct work_struct *work)
+{
+ struct hl_device_reset_work *device_reset_work =
+ container_of(work, struct hl_device_reset_work, reset_work);
+ struct hl_device *hdev = device_reset_work->hdev;
+
+ device_kill_open_processes(hdev);
+
hl_device_reset(hdev, true, true);
kfree(device_reset_work);
@@ -635,7 +648,7 @@ int hl_device_reset(struct hl_device *hdev, bool hard_reset,
* from a dedicated work
*/
INIT_WORK(&device_reset_work->reset_work,
- hl_device_hard_reset_pending);
+ device_hard_reset_pending);
device_reset_work->hdev = hdev;
schedule_work(&device_reset_work->reset_work);
@@ -1035,6 +1048,15 @@ void hl_device_fini(struct hl_device *hdev)
/* Mark device as disabled */
hdev->disabled = true;
+ /*
+ * Flush anyone that is inside the critical section of enqueue
+ * jobs to the H/W
+ */
+ hdev->asic_funcs->hw_queues_lock(hdev);
+ hdev->asic_funcs->hw_queues_unlock(hdev);
+
+ device_kill_open_processes(hdev);
+
hl_hwmon_fini(hdev);
device_late_fini(hdev);
--
2.20.1
^ permalink raw reply related [flat|nested] 429+ messages in thread
* [PATCH 5.1 234/405] samples/bpf: fix build with new clang
2019-05-30 2:59 [PATCH 5.1 000/405] 5.1.6-stable review Greg Kroah-Hartman
` (232 preceding siblings ...)
2019-05-30 3:03 ` [PATCH 5.1 233/405] habanalabs: all FD must be closed before removing device Greg Kroah-Hartman
@ 2019-05-30 3:03 ` Greg Kroah-Hartman
2019-05-30 3:03 ` [PATCH 5.1 235/405] x86/build: Keep local relocations with ld.lld Greg Kroah-Hartman
` (175 subsequent siblings)
409 siblings, 0 replies; 429+ messages in thread
From: Greg Kroah-Hartman @ 2019-05-30 3:03 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Alexei Starovoitov, Daniel Borkmann,
Sasha Levin
[ Upstream commit 636e78b1cdb40b77a79b143dbd9d94847b360efa ]
clang started to error on invalid asm clobber usage in x86 headers
and many bpf program samples failed to build with the message:
CLANG-bpf /data/users/ast/bpf-next/samples/bpf/xdp_redirect_kern.o
In file included from /data/users/ast/bpf-next/samples/bpf/xdp_redirect_kern.c:14:
In file included from ../include/linux/in.h:23:
In file included from ../include/uapi/linux/in.h:24:
In file included from ../include/linux/socket.h:8:
In file included from ../include/linux/uio.h:14:
In file included from ../include/crypto/hash.h:16:
In file included from ../include/linux/crypto.h:26:
In file included from ../include/linux/uaccess.h:5:
In file included from ../include/linux/sched.h:15:
In file included from ../include/linux/sem.h:5:
In file included from ../include/uapi/linux/sem.h:5:
In file included from ../include/linux/ipc.h:9:
In file included from ../include/linux/refcount.h:72:
../arch/x86/include/asm/refcount.h:72:36: error: asm-specifier for input or output variable conflicts with asm clobber list
r->refs.counter, e, "er", i, "cx");
^
../arch/x86/include/asm/refcount.h:86:27: error: asm-specifier for input or output variable conflicts with asm clobber list
r->refs.counter, e, "cx");
^
2 errors generated.
Override volatile() to workaround the problem.
Signed-off-by: Alexei Starovoitov <ast@kernel.org>
Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
samples/bpf/asm_goto_workaround.h | 1 +
1 file changed, 1 insertion(+)
diff --git a/samples/bpf/asm_goto_workaround.h b/samples/bpf/asm_goto_workaround.h
index 5cd7c1d1a5d56..7409722727ca1 100644
--- a/samples/bpf/asm_goto_workaround.h
+++ b/samples/bpf/asm_goto_workaround.h
@@ -13,4 +13,5 @@
#define asm_volatile_goto(x...) asm volatile("invalid use of asm_volatile_goto")
#endif
+#define volatile(x...) volatile("")
#endif
--
2.20.1
^ permalink raw reply related [flat|nested] 429+ messages in thread
* [PATCH 5.1 235/405] x86/build: Keep local relocations with ld.lld
2019-05-30 2:59 [PATCH 5.1 000/405] 5.1.6-stable review Greg Kroah-Hartman
` (233 preceding siblings ...)
2019-05-30 3:03 ` [PATCH 5.1 234/405] samples/bpf: fix build with new clang Greg Kroah-Hartman
@ 2019-05-30 3:03 ` Greg Kroah-Hartman
2019-05-30 3:03 ` [PATCH 5.1 236/405] spi: Dont call spi_get_gpio_descs() before device name is set Greg Kroah-Hartman
` (174 subsequent siblings)
409 siblings, 0 replies; 429+ messages in thread
From: Greg Kroah-Hartman @ 2019-05-30 3:03 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Kees Cook, Borislav Petkov,
H. Peter Anvin, Ingo Molnar, Nick Desaulniers, Thomas Gleixner,
clang-built-linux, x86-ml, Sasha Levin
[ Upstream commit 7c21383f3429dd70da39c0c7f1efa12377a47ab6 ]
The LLVM linker (ld.lld) defaults to removing local relocations, which
causes KASLR boot failures. ld.bfd and ld.gold already handle this
correctly. This adds the explicit instruction "--discard-none" during
the link phase. There is no change in output for ld.bfd and ld.gold,
but ld.lld now produces an image with all the needed relocations.
Signed-off-by: Kees Cook <keescook@chromium.org>
Signed-off-by: Borislav Petkov <bp@suse.de>
Cc: "H. Peter Anvin" <hpa@zytor.com>
Cc: Ingo Molnar <mingo@redhat.com>
Cc: Nick Desaulniers <ndesaulniers@google.com>
Cc: Thomas Gleixner <tglx@linutronix.de>
Cc: clang-built-linux@googlegroups.com
Cc: x86-ml <x86@kernel.org>
Link: https://lkml.kernel.org/r/20190404214027.GA7324@beast
Link: https://github.com/ClangBuiltLinux/linux/issues/404
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/x86/Makefile | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/arch/x86/Makefile b/arch/x86/Makefile
index a587805c6687f..56e748a7679f4 100644
--- a/arch/x86/Makefile
+++ b/arch/x86/Makefile
@@ -47,7 +47,7 @@ export REALMODE_CFLAGS
export BITS
ifdef CONFIG_X86_NEED_RELOCS
- LDFLAGS_vmlinux := --emit-relocs
+ LDFLAGS_vmlinux := --emit-relocs --discard-none
endif
#
--
2.20.1
^ permalink raw reply related [flat|nested] 429+ messages in thread
* [PATCH 5.1 236/405] spi: Dont call spi_get_gpio_descs() before device name is set
2019-05-30 2:59 [PATCH 5.1 000/405] 5.1.6-stable review Greg Kroah-Hartman
` (234 preceding siblings ...)
2019-05-30 3:03 ` [PATCH 5.1 235/405] x86/build: Keep local relocations with ld.lld Greg Kroah-Hartman
@ 2019-05-30 3:03 ` Greg Kroah-Hartman
2019-05-30 3:03 ` [PATCH 5.1 237/405] regulator: core: Avoid potential deadlock on regulator_unregister Greg Kroah-Hartman
` (173 subsequent siblings)
409 siblings, 0 replies; 429+ messages in thread
From: Greg Kroah-Hartman @ 2019-05-30 3:03 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Andrey Smirnov, Mark Brown,
Chris Healy, linux-spi, Sasha Levin
[ Upstream commit 0a919ae49223d32ac0e8be3494547fcd1e4aa0aa ]
Move code calling spi_get_gpio_descs() to happen after ctlr->dev's
name is set in order to have proper GPIO consumer names.
Before:
cat /sys/kernel/debug/gpio
gpiochip0: GPIOs 0-31, parent: platform/40049000.gpio, vf610-gpio:
gpio-6 ( |regulator-usb0-vbus ) out lo
gpiochip1: GPIOs 32-63, parent: platform/4004a000.gpio, vf610-gpio:
gpio-36 ( |scl ) in hi
gpio-37 ( |sda ) in hi
gpio-40 ( |(null) CS1 ) out lo
gpio-41 ( |(null) CS0 ) out lo ACTIVE LOW
gpio-42 ( |miso ) in hi
gpio-43 ( |mosi ) in lo
gpio-44 ( |sck ) out lo
After:
cat /sys/kernel/debug/gpio
gpiochip0: GPIOs 0-31, parent: platform/40049000.gpio, vf610-gpio:
gpio-6 ( |regulator-usb0-vbus ) out lo
gpiochip1: GPIOs 32-63, parent: platform/4004a000.gpio, vf610-gpio:
gpio-36 ( |scl ) in hi
gpio-37 ( |sda ) in hi
gpio-40 ( |spi0 CS1 ) out lo
gpio-41 ( |spi0 CS0 ) out lo ACTIVE LOW
gpio-42 ( |miso ) in hi
gpio-43 ( |mosi ) in lo
gpio-44 ( |sck ) out lo
Signed-off-by: Andrey Smirnov <andrew.smirnov@gmail.com>
Cc: Mark Brown <broonie@kernel.org>
Cc: Chris Healy <cphealy@gmail.com>
Cc: linux-spi@vger.kernel.org
Cc: linux-kernel@vger.kernel.org
Signed-off-by: Mark Brown <broonie@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/spi/spi.c | 37 +++++++++++++++++++------------------
1 file changed, 19 insertions(+), 18 deletions(-)
diff --git a/drivers/spi/spi.c b/drivers/spi/spi.c
index 93986f879b09e..d17f68775a4bb 100644
--- a/drivers/spi/spi.c
+++ b/drivers/spi/spi.c
@@ -2275,24 +2275,6 @@ int spi_register_controller(struct spi_controller *ctlr)
if (status)
return status;
- if (!spi_controller_is_slave(ctlr)) {
- if (ctlr->use_gpio_descriptors) {
- status = spi_get_gpio_descs(ctlr);
- if (status)
- return status;
- /*
- * A controller using GPIO descriptors always
- * supports SPI_CS_HIGH if need be.
- */
- ctlr->mode_bits |= SPI_CS_HIGH;
- } else {
- /* Legacy code path for GPIOs from DT */
- status = of_spi_register_master(ctlr);
- if (status)
- return status;
- }
- }
-
/* even if it's just one always-selected device, there must
* be at least one chipselect
*/
@@ -2349,6 +2331,25 @@ int spi_register_controller(struct spi_controller *ctlr)
* registration fails if the bus ID is in use.
*/
dev_set_name(&ctlr->dev, "spi%u", ctlr->bus_num);
+
+ if (!spi_controller_is_slave(ctlr)) {
+ if (ctlr->use_gpio_descriptors) {
+ status = spi_get_gpio_descs(ctlr);
+ if (status)
+ return status;
+ /*
+ * A controller using GPIO descriptors always
+ * supports SPI_CS_HIGH if need be.
+ */
+ ctlr->mode_bits |= SPI_CS_HIGH;
+ } else {
+ /* Legacy code path for GPIOs from DT */
+ status = of_spi_register_master(ctlr);
+ if (status)
+ return status;
+ }
+ }
+
status = device_add(&ctlr->dev);
if (status < 0) {
/* free bus id */
--
2.20.1
^ permalink raw reply related [flat|nested] 429+ messages in thread
* [PATCH 5.1 237/405] regulator: core: Avoid potential deadlock on regulator_unregister
2019-05-30 2:59 [PATCH 5.1 000/405] 5.1.6-stable review Greg Kroah-Hartman
` (235 preceding siblings ...)
2019-05-30 3:03 ` [PATCH 5.1 236/405] spi: Dont call spi_get_gpio_descs() before device name is set Greg Kroah-Hartman
@ 2019-05-30 3:03 ` Greg Kroah-Hartman
2019-05-30 3:03 ` [PATCH 5.1 238/405] ASoC: core: remove link components before cleaning up card resources Greg Kroah-Hartman
` (172 subsequent siblings)
409 siblings, 0 replies; 429+ messages in thread
From: Greg Kroah-Hartman @ 2019-05-30 3:03 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Charles Keepax, Dmitry Osipenko,
Mark Brown, Sasha Levin
[ Upstream commit 063773011d33bb36588a90385aa9eb75d13c6d80 ]
Lockdep reports the following issue on my setup:
Possible unsafe locking scenario:
CPU0 CPU1
---- ----
lock((work_completion)(&(&rdev->disable_work)->work));
lock(regulator_list_mutex);
lock((work_completion)(&(&rdev->disable_work)->work));
lock(regulator_list_mutex);
The problem is that regulator_unregister takes the
regulator_list_mutex and then calls flush_work on disable_work. But
regulator_disable_work calls regulator_lock_dependent which will
also take the regulator_list_mutex. Resulting in a deadlock if the
flush_work call actually needs to flush the work.
Fix this issue by moving the flush_work outside of the
regulator_list_mutex. The list mutex is not used to guard the point at
which the delayed work is queued, so its use adds no additional safety.
Fixes: f8702f9e4aa7 ("regulator: core: Use ww_mutex for regulators locking")
Signed-off-by: Charles Keepax <ckeepax@opensource.cirrus.com>
Reviewed-by: Dmitry Osipenko <digetx@gmail.com>
Signed-off-by: Mark Brown <broonie@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/regulator/core.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/drivers/regulator/core.c b/drivers/regulator/core.c
index 6da41207e479a..35a7d020afecd 100644
--- a/drivers/regulator/core.c
+++ b/drivers/regulator/core.c
@@ -5062,10 +5062,11 @@ void regulator_unregister(struct regulator_dev *rdev)
regulator_put(rdev->supply);
}
+ flush_work(&rdev->disable_work.work);
+
mutex_lock(®ulator_list_mutex);
debugfs_remove_recursive(rdev->debugfs);
- flush_work(&rdev->disable_work.work);
WARN_ON(rdev->open_count);
regulator_remove_coupling(rdev);
unset_regulator_supplies(rdev);
--
2.20.1
^ permalink raw reply related [flat|nested] 429+ messages in thread
* [PATCH 5.1 238/405] ASoC: core: remove link components before cleaning up card resources
2019-05-30 2:59 [PATCH 5.1 000/405] 5.1.6-stable review Greg Kroah-Hartman
` (236 preceding siblings ...)
2019-05-30 3:03 ` [PATCH 5.1 237/405] regulator: core: Avoid potential deadlock on regulator_unregister Greg Kroah-Hartman
@ 2019-05-30 3:03 ` Greg Kroah-Hartman
2019-05-30 3:03 ` Greg Kroah-Hartman
` (171 subsequent siblings)
409 siblings, 0 replies; 429+ messages in thread
From: Greg Kroah-Hartman @ 2019-05-30 3:03 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Ranjani Sridharan, Mark Brown, Sasha Levin
[ Upstream commit f96fb7d198ca624fe33c4145a004eb5a3d0eddec ]
When the card is registered by the machine driver,
dai link components are probed after the snd_card is
created. This is done in snd_soc_bind_card() which calls
snd_soc_instantiate_card() to first create the snd_card
and then probes the link components by calling
soc_probe_link_components(). The snd_card is used by the
component driver to add the kcontrols associated
with dapm widgets to the card.
When the machine driver is unregistered, the snd_card
is freed when the card resources are cleaned up.
But the snd_card needs to be valid while unloading the
topology dapm widgets in order to remove the kcontrols
from the card.
Since, unloading topology is done when the component
driver is removed, the link components should be removed
in snd_soc_unbind_card(). This will ensure that the kcontrols
are removed before the card resources are cleaned up and
the snd_card itself is freed.
Signed-off-by: Ranjani Sridharan <ranjani.sridharan@linux.intel.com>
Signed-off-by: Mark Brown <broonie@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
sound/soc/soc-core.c | 11 +++++++++++
1 file changed, 11 insertions(+)
diff --git a/sound/soc/soc-core.c b/sound/soc/soc-core.c
index 46e3ab0fced47..fe99b02bbf171 100644
--- a/sound/soc/soc-core.c
+++ b/sound/soc/soc-core.c
@@ -2828,10 +2828,21 @@ EXPORT_SYMBOL_GPL(snd_soc_register_card);
static void snd_soc_unbind_card(struct snd_soc_card *card, bool unregister)
{
+ struct snd_soc_pcm_runtime *rtd;
+ int order;
+
if (card->instantiated) {
card->instantiated = false;
snd_soc_dapm_shutdown(card);
snd_soc_flush_all_delayed_work(card);
+
+ /* remove all components used by DAI links on this card */
+ for_each_comp_order(order) {
+ for_each_card_rtds(card, rtd) {
+ soc_remove_link_components(card, rtd, order);
+ }
+ }
+
soc_cleanup_card_resources(card);
if (!unregister)
list_add(&card->list, &unbind_card_list);
--
2.20.1
^ permalink raw reply related [flat|nested] 429+ messages in thread
* [PATCH 5.1 239/405] drm/pl111: fix possible object reference leak
2019-05-30 2:59 [PATCH 5.1 000/405] 5.1.6-stable review Greg Kroah-Hartman
@ 2019-05-30 3:03 ` Greg Kroah-Hartman
2019-05-30 3:00 ` [PATCH 5.1 002/405] ext4: do not delete unlinked inode from orphan list on failed truncate Greg Kroah-Hartman
` (408 subsequent siblings)
409 siblings, 0 replies; 429+ messages in thread
From: Greg Kroah-Hartman @ 2019-05-30 3:03 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Wen Yang,
"open list:DRM DRIVERS",
Eric Anholt, Sasha Levin, David Airlie, Daniel Vetter
[ Upstream commit bc29d3a69d4c1bd1a103e8b3c1ed81b807c1870b ]
The call to of_find_matching_node_and_match returns a node pointer with
refcount incremented thus it must be explicitly decremented after the
last usage.
Detected by coccinelle with the following warnings:
drivers/gpu/drm/pl111/pl111_versatile.c:333:3-9: ERROR: missing of_node_put; acquired a node pointer with refcount incremented on line 317, but without a corresponding object release within this function.
drivers/gpu/drm/pl111/pl111_versatile.c:340:3-9: ERROR: missing of_node_put; acquired a node pointer with refcount incremented on line 317, but without a corresponding object release within this function.
drivers/gpu/drm/pl111/pl111_versatile.c:346:3-9: ERROR: missing of_node_put; acquired a node pointer with refcount incremented on line 317, but without a corresponding object release within this function.
drivers/gpu/drm/pl111/pl111_versatile.c:354:2-8: ERROR: missing of_node_put; acquired a node pointer with refcount incremented on line 317, but without a corresponding object release within this function.
drivers/gpu/drm/pl111/pl111_versatile.c:395:3-9: ERROR: missing of_node_put; acquired a node pointer with refcount incremented on line 317, but without a corresponding object release within this function.
drivers/gpu/drm/pl111/pl111_versatile.c:402:1-7: ERROR: missing of_node_put; acquired a node pointer with refcount incremented on line 317, but without a corresponding object release within this function.
Signed-off-by: Wen Yang <wen.yang99@zte.com.cn>
Cc: Eric Anholt <eric@anholt.net> (supporter:DRM DRIVER FOR ARM PL111 CLCD)
Cc: David Airlie <airlied@linux.ie> (maintainer:DRM DRIVERS)
Cc: Daniel Vetter <daniel@ffwll.ch> (maintainer:DRM DRIVERS)
Cc: dri-devel@lists.freedesktop.org (open list:DRM DRIVERS)
Cc: linux-kernel@vger.kernel.org (open list)
Signed-off-by: Eric Anholt <eric@anholt.net>
Link: https://patchwork.freedesktop.org/patch/msgid/1554307455-40361-6-git-send-email-wen.yang99@zte.com.cn
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/gpu/drm/pl111/pl111_versatile.c | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/drivers/gpu/drm/pl111/pl111_versatile.c b/drivers/gpu/drm/pl111/pl111_versatile.c
index b9baefdba38a1..1c318ad32a8cd 100644
--- a/drivers/gpu/drm/pl111/pl111_versatile.c
+++ b/drivers/gpu/drm/pl111/pl111_versatile.c
@@ -330,6 +330,7 @@ int pl111_versatile_init(struct device *dev, struct pl111_drm_dev_private *priv)
ret = vexpress_muxfpga_init();
if (ret) {
dev_err(dev, "unable to initialize muxfpga driver\n");
+ of_node_put(np);
return ret;
}
@@ -337,17 +338,20 @@ int pl111_versatile_init(struct device *dev, struct pl111_drm_dev_private *priv)
pdev = of_find_device_by_node(np);
if (!pdev) {
dev_err(dev, "can't find the sysreg device, deferring\n");
+ of_node_put(np);
return -EPROBE_DEFER;
}
map = dev_get_drvdata(&pdev->dev);
if (!map) {
dev_err(dev, "sysreg has not yet probed\n");
platform_device_put(pdev);
+ of_node_put(np);
return -EPROBE_DEFER;
}
} else {
map = syscon_node_to_regmap(np);
}
+ of_node_put(np);
if (IS_ERR(map)) {
dev_err(dev, "no Versatile syscon regmap\n");
--
2.20.1
^ permalink raw reply related [flat|nested] 429+ messages in thread
* [PATCH 5.1 239/405] drm/pl111: fix possible object reference leak
@ 2019-05-30 3:03 ` Greg Kroah-Hartman
0 siblings, 0 replies; 429+ messages in thread
From: Greg Kroah-Hartman @ 2019-05-30 3:03 UTC (permalink / raw)
To: linux-kernel
Cc: Sasha Levin, David Airlie, Greg Kroah-Hartman,
"open list:DRM DRIVERS",
stable, Wen Yang
[ Upstream commit bc29d3a69d4c1bd1a103e8b3c1ed81b807c1870b ]
The call to of_find_matching_node_and_match returns a node pointer with
refcount incremented thus it must be explicitly decremented after the
last usage.
Detected by coccinelle with the following warnings:
drivers/gpu/drm/pl111/pl111_versatile.c:333:3-9: ERROR: missing of_node_put; acquired a node pointer with refcount incremented on line 317, but without a corresponding object release within this function.
drivers/gpu/drm/pl111/pl111_versatile.c:340:3-9: ERROR: missing of_node_put; acquired a node pointer with refcount incremented on line 317, but without a corresponding object release within this function.
drivers/gpu/drm/pl111/pl111_versatile.c:346:3-9: ERROR: missing of_node_put; acquired a node pointer with refcount incremented on line 317, but without a corresponding object release within this function.
drivers/gpu/drm/pl111/pl111_versatile.c:354:2-8: ERROR: missing of_node_put; acquired a node pointer with refcount incremented on line 317, but without a corresponding object release within this function.
drivers/gpu/drm/pl111/pl111_versatile.c:395:3-9: ERROR: missing of_node_put; acquired a node pointer with refcount incremented on line 317, but without a corresponding object release within this function.
drivers/gpu/drm/pl111/pl111_versatile.c:402:1-7: ERROR: missing of_node_put; acquired a node pointer with refcount incremented on line 317, but without a corresponding object release within this function.
Signed-off-by: Wen Yang <wen.yang99@zte.com.cn>
Cc: Eric Anholt <eric@anholt.net> (supporter:DRM DRIVER FOR ARM PL111 CLCD)
Cc: David Airlie <airlied@linux.ie> (maintainer:DRM DRIVERS)
Cc: Daniel Vetter <daniel@ffwll.ch> (maintainer:DRM DRIVERS)
Cc: dri-devel@lists.freedesktop.org (open list:DRM DRIVERS)
Cc: linux-kernel@vger.kernel.org (open list)
Signed-off-by: Eric Anholt <eric@anholt.net>
Link: https://patchwork.freedesktop.org/patch/msgid/1554307455-40361-6-git-send-email-wen.yang99@zte.com.cn
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/gpu/drm/pl111/pl111_versatile.c | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/drivers/gpu/drm/pl111/pl111_versatile.c b/drivers/gpu/drm/pl111/pl111_versatile.c
index b9baefdba38a1..1c318ad32a8cd 100644
--- a/drivers/gpu/drm/pl111/pl111_versatile.c
+++ b/drivers/gpu/drm/pl111/pl111_versatile.c
@@ -330,6 +330,7 @@ int pl111_versatile_init(struct device *dev, struct pl111_drm_dev_private *priv)
ret = vexpress_muxfpga_init();
if (ret) {
dev_err(dev, "unable to initialize muxfpga driver\n");
+ of_node_put(np);
return ret;
}
@@ -337,17 +338,20 @@ int pl111_versatile_init(struct device *dev, struct pl111_drm_dev_private *priv)
pdev = of_find_device_by_node(np);
if (!pdev) {
dev_err(dev, "can't find the sysreg device, deferring\n");
+ of_node_put(np);
return -EPROBE_DEFER;
}
map = dev_get_drvdata(&pdev->dev);
if (!map) {
dev_err(dev, "sysreg has not yet probed\n");
platform_device_put(pdev);
+ of_node_put(np);
return -EPROBE_DEFER;
}
} else {
map = syscon_node_to_regmap(np);
}
+ of_node_put(np);
if (IS_ERR(map)) {
dev_err(dev, "no Versatile syscon regmap\n");
--
2.20.1
_______________________________________________
dri-devel mailing list
dri-devel@lists.freedesktop.org
https://lists.freedesktop.org/mailman/listinfo/dri-devel
^ permalink raw reply related [flat|nested] 429+ messages in thread
* [PATCH 5.1 240/405] iio: ad_sigma_delta: Properly handle SPI bus locking vs CS assertion
2019-05-30 2:59 [PATCH 5.1 000/405] 5.1.6-stable review Greg Kroah-Hartman
` (238 preceding siblings ...)
2019-05-30 3:03 ` Greg Kroah-Hartman
@ 2019-05-30 3:03 ` Greg Kroah-Hartman
2019-05-30 3:03 ` [PATCH 5.1 241/405] iio: hmc5843: fix potential NULL pointer dereferences Greg Kroah-Hartman
` (169 subsequent siblings)
409 siblings, 0 replies; 429+ messages in thread
From: Greg Kroah-Hartman @ 2019-05-30 3:03 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Lars-Peter Clausen,
Alexandru Ardelean, Jonathan Cameron, Sasha Levin
[ Upstream commit df1d80aee963480c5c2938c64ec0ac3e4a0df2e0 ]
For devices from the SigmaDelta family we need to keep CS low when doing a
conversion, since the device will use the MISO line as a interrupt to
indicate that the conversion is complete.
This is why the driver locks the SPI bus and when the SPI bus is locked
keeps as long as a conversion is going on. The current implementation gets
one small detail wrong though. CS is only de-asserted after the SPI bus is
unlocked. This means it is possible for a different SPI device on the same
bus to send a message which would be wrongfully be addressed to the
SigmaDelta device as well. Make sure that the last SPI transfer that is
done while holding the SPI bus lock de-asserts the CS signal.
Signed-off-by: Lars-Peter Clausen <lars@metafoo.de>
Signed-off-by: Alexandru Ardelean <Alexandru.Ardelean@analog.com>
Signed-off-by: Jonathan Cameron <Jonathan.Cameron@huawei.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/iio/adc/ad_sigma_delta.c | 16 +++++++++++-----
include/linux/iio/adc/ad_sigma_delta.h | 1 +
2 files changed, 12 insertions(+), 5 deletions(-)
diff --git a/drivers/iio/adc/ad_sigma_delta.c b/drivers/iio/adc/ad_sigma_delta.c
index 54d9978b27405..a4310600a8536 100644
--- a/drivers/iio/adc/ad_sigma_delta.c
+++ b/drivers/iio/adc/ad_sigma_delta.c
@@ -62,7 +62,7 @@ int ad_sd_write_reg(struct ad_sigma_delta *sigma_delta, unsigned int reg,
struct spi_transfer t = {
.tx_buf = data,
.len = size + 1,
- .cs_change = sigma_delta->bus_locked,
+ .cs_change = sigma_delta->keep_cs_asserted,
};
struct spi_message m;
int ret;
@@ -218,6 +218,7 @@ static int ad_sd_calibrate(struct ad_sigma_delta *sigma_delta,
spi_bus_lock(sigma_delta->spi->master);
sigma_delta->bus_locked = true;
+ sigma_delta->keep_cs_asserted = true;
reinit_completion(&sigma_delta->completion);
ret = ad_sigma_delta_set_mode(sigma_delta, mode);
@@ -235,9 +236,10 @@ static int ad_sd_calibrate(struct ad_sigma_delta *sigma_delta,
ret = 0;
}
out:
+ sigma_delta->keep_cs_asserted = false;
+ ad_sigma_delta_set_mode(sigma_delta, AD_SD_MODE_IDLE);
sigma_delta->bus_locked = false;
spi_bus_unlock(sigma_delta->spi->master);
- ad_sigma_delta_set_mode(sigma_delta, AD_SD_MODE_IDLE);
return ret;
}
@@ -290,6 +292,7 @@ int ad_sigma_delta_single_conversion(struct iio_dev *indio_dev,
spi_bus_lock(sigma_delta->spi->master);
sigma_delta->bus_locked = true;
+ sigma_delta->keep_cs_asserted = true;
reinit_completion(&sigma_delta->completion);
ad_sigma_delta_set_mode(sigma_delta, AD_SD_MODE_SINGLE);
@@ -299,9 +302,6 @@ int ad_sigma_delta_single_conversion(struct iio_dev *indio_dev,
ret = wait_for_completion_interruptible_timeout(
&sigma_delta->completion, HZ);
- sigma_delta->bus_locked = false;
- spi_bus_unlock(sigma_delta->spi->master);
-
if (ret == 0)
ret = -EIO;
if (ret < 0)
@@ -322,7 +322,10 @@ int ad_sigma_delta_single_conversion(struct iio_dev *indio_dev,
sigma_delta->irq_dis = true;
}
+ sigma_delta->keep_cs_asserted = false;
ad_sigma_delta_set_mode(sigma_delta, AD_SD_MODE_IDLE);
+ sigma_delta->bus_locked = false;
+ spi_bus_unlock(sigma_delta->spi->master);
mutex_unlock(&indio_dev->mlock);
if (ret)
@@ -359,6 +362,8 @@ static int ad_sd_buffer_postenable(struct iio_dev *indio_dev)
spi_bus_lock(sigma_delta->spi->master);
sigma_delta->bus_locked = true;
+ sigma_delta->keep_cs_asserted = true;
+
ret = ad_sigma_delta_set_mode(sigma_delta, AD_SD_MODE_CONTINUOUS);
if (ret)
goto err_unlock;
@@ -387,6 +392,7 @@ static int ad_sd_buffer_postdisable(struct iio_dev *indio_dev)
sigma_delta->irq_dis = true;
}
+ sigma_delta->keep_cs_asserted = false;
ad_sigma_delta_set_mode(sigma_delta, AD_SD_MODE_IDLE);
sigma_delta->bus_locked = false;
diff --git a/include/linux/iio/adc/ad_sigma_delta.h b/include/linux/iio/adc/ad_sigma_delta.h
index 7e84351fa2c05..6e9fb1932dde9 100644
--- a/include/linux/iio/adc/ad_sigma_delta.h
+++ b/include/linux/iio/adc/ad_sigma_delta.h
@@ -69,6 +69,7 @@ struct ad_sigma_delta {
bool irq_dis;
bool bus_locked;
+ bool keep_cs_asserted;
uint8_t comm;
--
2.20.1
^ permalink raw reply related [flat|nested] 429+ messages in thread
* [PATCH 5.1 241/405] iio: hmc5843: fix potential NULL pointer dereferences
2019-05-30 2:59 [PATCH 5.1 000/405] 5.1.6-stable review Greg Kroah-Hartman
` (239 preceding siblings ...)
2019-05-30 3:03 ` [PATCH 5.1 240/405] iio: ad_sigma_delta: Properly handle SPI bus locking vs CS assertion Greg Kroah-Hartman
@ 2019-05-30 3:03 ` Greg Kroah-Hartman
2019-05-30 3:04 ` [PATCH 5.1 242/405] iio: common: ssp_sensors: Initialize calculated_time in ssp_common_process_data Greg Kroah-Hartman
` (168 subsequent siblings)
409 siblings, 0 replies; 429+ messages in thread
From: Greg Kroah-Hartman @ 2019-05-30 3:03 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Kangjie Lu, Jonathan Cameron, Sasha Levin
[ Upstream commit 536cc27deade8f1ec3c1beefa60d5fbe0f6fcb28 ]
devm_regmap_init_i2c may fail and return NULL. The fix returns
the error when it fails.
Signed-off-by: Kangjie Lu <kjlu@umn.edu>
Signed-off-by: Jonathan Cameron <Jonathan.Cameron@huawei.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/iio/magnetometer/hmc5843_i2c.c | 7 ++++++-
drivers/iio/magnetometer/hmc5843_spi.c | 7 ++++++-
2 files changed, 12 insertions(+), 2 deletions(-)
diff --git a/drivers/iio/magnetometer/hmc5843_i2c.c b/drivers/iio/magnetometer/hmc5843_i2c.c
index 3de7f4426ac40..86abba5827a25 100644
--- a/drivers/iio/magnetometer/hmc5843_i2c.c
+++ b/drivers/iio/magnetometer/hmc5843_i2c.c
@@ -58,8 +58,13 @@ static const struct regmap_config hmc5843_i2c_regmap_config = {
static int hmc5843_i2c_probe(struct i2c_client *cli,
const struct i2c_device_id *id)
{
+ struct regmap *regmap = devm_regmap_init_i2c(cli,
+ &hmc5843_i2c_regmap_config);
+ if (IS_ERR(regmap))
+ return PTR_ERR(regmap);
+
return hmc5843_common_probe(&cli->dev,
- devm_regmap_init_i2c(cli, &hmc5843_i2c_regmap_config),
+ regmap,
id->driver_data, id->name);
}
diff --git a/drivers/iio/magnetometer/hmc5843_spi.c b/drivers/iio/magnetometer/hmc5843_spi.c
index 535f03a70d630..79b2b707f90e7 100644
--- a/drivers/iio/magnetometer/hmc5843_spi.c
+++ b/drivers/iio/magnetometer/hmc5843_spi.c
@@ -58,6 +58,7 @@ static const struct regmap_config hmc5843_spi_regmap_config = {
static int hmc5843_spi_probe(struct spi_device *spi)
{
int ret;
+ struct regmap *regmap;
const struct spi_device_id *id = spi_get_device_id(spi);
spi->mode = SPI_MODE_3;
@@ -67,8 +68,12 @@ static int hmc5843_spi_probe(struct spi_device *spi)
if (ret)
return ret;
+ regmap = devm_regmap_init_spi(spi, &hmc5843_spi_regmap_config);
+ if (IS_ERR(regmap))
+ return PTR_ERR(regmap);
+
return hmc5843_common_probe(&spi->dev,
- devm_regmap_init_spi(spi, &hmc5843_spi_regmap_config),
+ regmap,
id->driver_data, id->name);
}
--
2.20.1
^ permalink raw reply related [flat|nested] 429+ messages in thread
* [PATCH 5.1 242/405] iio: common: ssp_sensors: Initialize calculated_time in ssp_common_process_data
2019-05-30 2:59 [PATCH 5.1 000/405] 5.1.6-stable review Greg Kroah-Hartman
` (240 preceding siblings ...)
2019-05-30 3:03 ` [PATCH 5.1 241/405] iio: hmc5843: fix potential NULL pointer dereferences Greg Kroah-Hartman
@ 2019-05-30 3:04 ` Greg Kroah-Hartman
2019-05-30 3:04 ` [PATCH 5.1 243/405] iio: adc: ti-ads7950: Fix improper use of mlock Greg Kroah-Hartman
` (167 subsequent siblings)
409 siblings, 0 replies; 429+ messages in thread
From: Greg Kroah-Hartman @ 2019-05-30 3:04 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Nathan Chancellor, Nick Desaulniers,
Jonathan Cameron, Sasha Levin
[ Upstream commit 6f9ca1d3eb74b81f811a87002de2d51640d135b1 ]
When building with -Wsometimes-uninitialized, Clang warns:
drivers/iio/common/ssp_sensors/ssp_iio.c:95:6: warning: variable
'calculated_time' is used uninitialized whenever 'if' condition is false
[-Wsometimes-uninitialized]
While it isn't wrong, this will never be a problem because
iio_push_to_buffers_with_timestamp only uses calculated_time
on the same condition that it is assigned (when scan_timestamp
is not zero). While iio_push_to_buffers_with_timestamp is marked
as inline, Clang does inlining in the optimization stage, which
happens after the semantic analysis phase (plus inline is merely
a hint to the compiler).
Fix this by just zero initializing calculated_time.
Link: https://github.com/ClangBuiltLinux/linux/issues/394
Signed-off-by: Nathan Chancellor <natechancellor@gmail.com>
Reviewed-by: Nick Desaulniers <ndesaulniers@google.com>
Signed-off-by: Jonathan Cameron <Jonathan.Cameron@huawei.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/iio/common/ssp_sensors/ssp_iio.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/iio/common/ssp_sensors/ssp_iio.c b/drivers/iio/common/ssp_sensors/ssp_iio.c
index 645f2e3975db4..e38f704d88b7e 100644
--- a/drivers/iio/common/ssp_sensors/ssp_iio.c
+++ b/drivers/iio/common/ssp_sensors/ssp_iio.c
@@ -81,7 +81,7 @@ int ssp_common_process_data(struct iio_dev *indio_dev, void *buf,
unsigned int len, int64_t timestamp)
{
__le32 time;
- int64_t calculated_time;
+ int64_t calculated_time = 0;
struct ssp_sensor_data *spd = iio_priv(indio_dev);
if (indio_dev->scan_bytes == 0)
--
2.20.1
^ permalink raw reply related [flat|nested] 429+ messages in thread
* [PATCH 5.1 243/405] iio: adc: ti-ads7950: Fix improper use of mlock
2019-05-30 2:59 [PATCH 5.1 000/405] 5.1.6-stable review Greg Kroah-Hartman
` (241 preceding siblings ...)
2019-05-30 3:04 ` [PATCH 5.1 242/405] iio: common: ssp_sensors: Initialize calculated_time in ssp_common_process_data Greg Kroah-Hartman
@ 2019-05-30 3:04 ` Greg Kroah-Hartman
2019-05-30 3:04 ` [PATCH 5.1 244/405] net: hns3: check resetting status in hns3_get_stats() Greg Kroah-Hartman
` (166 subsequent siblings)
409 siblings, 0 replies; 429+ messages in thread
From: Greg Kroah-Hartman @ 2019-05-30 3:04 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Justin Chen, Jonathan Cameron, Sasha Levin
[ Upstream commit abbde2792999c9ad3514dd25d7f8d9a96034fe16 ]
Indio->mlock is used for protecting the different iio device modes.
It is currently not being used in this way. Replace the lock with
an internal lock specifically used for protecting the SPI transfer
buffer.
Signed-off-by: Justin Chen <justinpopo6@gmail.com>
Signed-off-by: Jonathan Cameron <Jonathan.Cameron@huawei.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/iio/adc/ti-ads7950.c | 19 +++++++++++++++----
1 file changed, 15 insertions(+), 4 deletions(-)
diff --git a/drivers/iio/adc/ti-ads7950.c b/drivers/iio/adc/ti-ads7950.c
index 0ad63592cc3c9..1e47bef72bb79 100644
--- a/drivers/iio/adc/ti-ads7950.c
+++ b/drivers/iio/adc/ti-ads7950.c
@@ -56,6 +56,9 @@ struct ti_ads7950_state {
struct spi_message ring_msg;
struct spi_message scan_single_msg;
+ /* Lock to protect the spi xfer buffers */
+ struct mutex slock;
+
struct regulator *reg;
unsigned int vref_mv;
@@ -268,6 +271,7 @@ static irqreturn_t ti_ads7950_trigger_handler(int irq, void *p)
struct ti_ads7950_state *st = iio_priv(indio_dev);
int ret;
+ mutex_lock(&st->slock);
ret = spi_sync(st->spi, &st->ring_msg);
if (ret < 0)
goto out;
@@ -276,6 +280,7 @@ static irqreturn_t ti_ads7950_trigger_handler(int irq, void *p)
iio_get_time_ns(indio_dev));
out:
+ mutex_unlock(&st->slock);
iio_trigger_notify_done(indio_dev->trig);
return IRQ_HANDLED;
@@ -286,7 +291,7 @@ static int ti_ads7950_scan_direct(struct iio_dev *indio_dev, unsigned int ch)
struct ti_ads7950_state *st = iio_priv(indio_dev);
int ret, cmd;
- mutex_lock(&indio_dev->mlock);
+ mutex_lock(&st->slock);
cmd = TI_ADS7950_CR_WRITE | TI_ADS7950_CR_CHAN(ch) | st->settings;
st->single_tx = cmd;
@@ -298,7 +303,7 @@ static int ti_ads7950_scan_direct(struct iio_dev *indio_dev, unsigned int ch)
ret = st->single_rx;
out:
- mutex_unlock(&indio_dev->mlock);
+ mutex_unlock(&st->slock);
return ret;
}
@@ -432,16 +437,19 @@ static int ti_ads7950_probe(struct spi_device *spi)
if (ACPI_COMPANION(&spi->dev))
st->vref_mv = TI_ADS7950_VA_MV_ACPI_DEFAULT;
+ mutex_init(&st->slock);
+
st->reg = devm_regulator_get(&spi->dev, "vref");
if (IS_ERR(st->reg)) {
dev_err(&spi->dev, "Failed get get regulator \"vref\"\n");
- return PTR_ERR(st->reg);
+ ret = PTR_ERR(st->reg);
+ goto error_destroy_mutex;
}
ret = regulator_enable(st->reg);
if (ret) {
dev_err(&spi->dev, "Failed to enable regulator \"vref\"\n");
- return ret;
+ goto error_destroy_mutex;
}
ret = iio_triggered_buffer_setup(indio_dev, NULL,
@@ -463,6 +471,8 @@ static int ti_ads7950_probe(struct spi_device *spi)
iio_triggered_buffer_cleanup(indio_dev);
error_disable_reg:
regulator_disable(st->reg);
+error_destroy_mutex:
+ mutex_destroy(&st->slock);
return ret;
}
@@ -475,6 +485,7 @@ static int ti_ads7950_remove(struct spi_device *spi)
iio_device_unregister(indio_dev);
iio_triggered_buffer_cleanup(indio_dev);
regulator_disable(st->reg);
+ mutex_destroy(&st->slock);
return 0;
}
--
2.20.1
^ permalink raw reply related [flat|nested] 429+ messages in thread
* [PATCH 5.1 244/405] net: hns3: check resetting status in hns3_get_stats()
2019-05-30 2:59 [PATCH 5.1 000/405] 5.1.6-stable review Greg Kroah-Hartman
` (242 preceding siblings ...)
2019-05-30 3:04 ` [PATCH 5.1 243/405] iio: adc: ti-ads7950: Fix improper use of mlock Greg Kroah-Hartman
@ 2019-05-30 3:04 ` Greg Kroah-Hartman
2019-05-30 3:04 ` [PATCH 5.1 245/405] net: hns3: add protect when handling mac addr list Greg Kroah-Hartman
` (165 subsequent siblings)
409 siblings, 0 replies; 429+ messages in thread
From: Greg Kroah-Hartman @ 2019-05-30 3:04 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Huazhong Tan, Peng Li,
David S. Miller, Sasha Levin
[ Upstream commit c4e401e5a934bb0798ebbba98e08dab129695eff ]
hns3_get_stats() should check the resetting status firstly,
since the device will be reinitialized when resetting. If the
reset has not completed, the hns3_get_stats() may access
invalid memory.
Signed-off-by: Huazhong Tan <tanhuazhong@huawei.com>
Signed-off-by: Peng Li <lipeng321@huawei.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/ethernet/hisilicon/hns3/hns3_ethtool.c | 5 +++++
1 file changed, 5 insertions(+)
diff --git a/drivers/net/ethernet/hisilicon/hns3/hns3_ethtool.c b/drivers/net/ethernet/hisilicon/hns3/hns3_ethtool.c
index 359d4731fb2db..ea94b5152963f 100644
--- a/drivers/net/ethernet/hisilicon/hns3/hns3_ethtool.c
+++ b/drivers/net/ethernet/hisilicon/hns3/hns3_ethtool.c
@@ -483,6 +483,11 @@ static void hns3_get_stats(struct net_device *netdev,
struct hnae3_handle *h = hns3_get_handle(netdev);
u64 *p = data;
+ if (hns3_nic_resetting(netdev)) {
+ netdev_err(netdev, "dev resetting, could not get stats\n");
+ return;
+ }
+
if (!h->ae_algo->ops->get_stats || !h->ae_algo->ops->update_stats) {
netdev_err(netdev, "could not get any statistics\n");
return;
--
2.20.1
^ permalink raw reply related [flat|nested] 429+ messages in thread
* [PATCH 5.1 245/405] net: hns3: add protect when handling mac addr list
2019-05-30 2:59 [PATCH 5.1 000/405] 5.1.6-stable review Greg Kroah-Hartman
` (243 preceding siblings ...)
2019-05-30 3:04 ` [PATCH 5.1 244/405] net: hns3: check resetting status in hns3_get_stats() Greg Kroah-Hartman
@ 2019-05-30 3:04 ` Greg Kroah-Hartman
2019-05-30 3:04 ` [PATCH 5.1 246/405] selftests/bpf: ksym_search wont check symbols exists Greg Kroah-Hartman
` (164 subsequent siblings)
409 siblings, 0 replies; 429+ messages in thread
From: Greg Kroah-Hartman @ 2019-05-30 3:04 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Jian Shen, Peng Li, Huazhong Tan,
David S. Miller, Sasha Levin
[ Upstream commit 389775a6605e040dddea21a778a88eaaa57c068d ]
It used netdev->uc and netdev->mc list in function
hns3_recover_hw_addr() and hns3_remove_hw_addr().
We should add protect for them.
Fixes: f05e21097121 ("net: hns3: Clear mac vlan table entries when unload driver or function reset")
Signed-off-by: Jian Shen <shenjian15@huawei.com>
Signed-off-by: Peng Li <lipeng321@huawei.com>
Signed-off-by: Huazhong Tan <tanhuazhong@huawei.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/ethernet/hisilicon/hns3/hns3_enet.c | 10 ++++++++--
1 file changed, 8 insertions(+), 2 deletions(-)
diff --git a/drivers/net/ethernet/hisilicon/hns3/hns3_enet.c b/drivers/net/ethernet/hisilicon/hns3/hns3_enet.c
index d6b488c2de332..c7d310903319f 100644
--- a/drivers/net/ethernet/hisilicon/hns3/hns3_enet.c
+++ b/drivers/net/ethernet/hisilicon/hns3/hns3_enet.c
@@ -3774,12 +3774,13 @@ static int hns3_recover_hw_addr(struct net_device *ndev)
struct netdev_hw_addr *ha, *tmp;
int ret = 0;
+ netif_addr_lock_bh(ndev);
/* go through and sync uc_addr entries to the device */
list = &ndev->uc;
list_for_each_entry_safe(ha, tmp, &list->list, list) {
ret = hns3_nic_uc_sync(ndev, ha->addr);
if (ret)
- return ret;
+ goto out;
}
/* go through and sync mc_addr entries to the device */
@@ -3787,9 +3788,11 @@ static int hns3_recover_hw_addr(struct net_device *ndev)
list_for_each_entry_safe(ha, tmp, &list->list, list) {
ret = hns3_nic_mc_sync(ndev, ha->addr);
if (ret)
- return ret;
+ goto out;
}
+out:
+ netif_addr_unlock_bh(ndev);
return ret;
}
@@ -3800,6 +3803,7 @@ static void hns3_remove_hw_addr(struct net_device *netdev)
hns3_nic_uc_unsync(netdev, netdev->dev_addr);
+ netif_addr_lock_bh(netdev);
/* go through and unsync uc_addr entries to the device */
list = &netdev->uc;
list_for_each_entry_safe(ha, tmp, &list->list, list)
@@ -3810,6 +3814,8 @@ static void hns3_remove_hw_addr(struct net_device *netdev)
list_for_each_entry_safe(ha, tmp, &list->list, list)
if (ha->refcount > 1)
hns3_nic_mc_unsync(netdev, ha->addr);
+
+ netif_addr_unlock_bh(netdev);
}
static void hns3_clear_tx_ring(struct hns3_enet_ring *ring)
--
2.20.1
^ permalink raw reply related [flat|nested] 429+ messages in thread
* [PATCH 5.1 246/405] selftests/bpf: ksym_search wont check symbols exists
2019-05-30 2:59 [PATCH 5.1 000/405] 5.1.6-stable review Greg Kroah-Hartman
` (244 preceding siblings ...)
2019-05-30 3:04 ` [PATCH 5.1 245/405] net: hns3: add protect when handling mac addr list Greg Kroah-Hartman
@ 2019-05-30 3:04 ` Greg Kroah-Hartman
2019-05-30 3:04 ` [PATCH 5.1 247/405] rtlwifi: fix a potential NULL pointer dereference Greg Kroah-Hartman
` (163 subsequent siblings)
409 siblings, 0 replies; 429+ messages in thread
From: Greg Kroah-Hartman @ 2019-05-30 3:04 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Daniel T. Lee, Daniel Borkmann, Sasha Levin
[ Upstream commit 0979ff7992fb6f4eb837995b12f4071dcafebd2d ]
Currently, ksym_search located at trace_helpers won't check symbols are
existing or not.
In ksym_search, when symbol is not found, it will return &syms[0](_stext).
But when the kernel symbols are not loaded, it will return NULL, which is
not a desired action.
This commit will add verification logic whether symbols are loaded prior
to the symbol search.
Signed-off-by: Daniel T. Lee <danieltimlee@gmail.com>
Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
tools/testing/selftests/bpf/trace_helpers.c | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/tools/testing/selftests/bpf/trace_helpers.c b/tools/testing/selftests/bpf/trace_helpers.c
index 4cdb63bf0521d..9a9fc6c9b70b5 100644
--- a/tools/testing/selftests/bpf/trace_helpers.c
+++ b/tools/testing/selftests/bpf/trace_helpers.c
@@ -52,6 +52,10 @@ struct ksym *ksym_search(long key)
int start = 0, end = sym_cnt;
int result;
+ /* kallsyms not loaded. return NULL */
+ if (sym_cnt <= 0)
+ return NULL;
+
while (start < end) {
size_t mid = start + (end - start) / 2;
--
2.20.1
^ permalink raw reply related [flat|nested] 429+ messages in thread
* [PATCH 5.1 247/405] rtlwifi: fix a potential NULL pointer dereference
2019-05-30 2:59 [PATCH 5.1 000/405] 5.1.6-stable review Greg Kroah-Hartman
` (245 preceding siblings ...)
2019-05-30 3:04 ` [PATCH 5.1 246/405] selftests/bpf: ksym_search wont check symbols exists Greg Kroah-Hartman
@ 2019-05-30 3:04 ` Greg Kroah-Hartman
2019-05-30 3:04 ` [PATCH 5.1 248/405] mwifiex: Fix mem leak in mwifiex_tm_cmd Greg Kroah-Hartman
` (162 subsequent siblings)
409 siblings, 0 replies; 429+ messages in thread
From: Greg Kroah-Hartman @ 2019-05-30 3:04 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Kangjie Lu, Kalle Valo, Sasha Levin
[ Upstream commit 765976285a8c8db3f0eb7f033829a899d0c2786e ]
In case alloc_workqueue fails, the fix reports the error and
returns to avoid NULL pointer dereference.
Signed-off-by: Kangjie Lu <kjlu@umn.edu>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/wireless/realtek/rtlwifi/base.c | 5 +++++
1 file changed, 5 insertions(+)
diff --git a/drivers/net/wireless/realtek/rtlwifi/base.c b/drivers/net/wireless/realtek/rtlwifi/base.c
index 217d2a7a43c74..ac746c322554b 100644
--- a/drivers/net/wireless/realtek/rtlwifi/base.c
+++ b/drivers/net/wireless/realtek/rtlwifi/base.c
@@ -448,6 +448,11 @@ static void _rtl_init_deferred_work(struct ieee80211_hw *hw)
/* <2> work queue */
rtlpriv->works.hw = hw;
rtlpriv->works.rtl_wq = alloc_workqueue("%s", 0, 0, rtlpriv->cfg->name);
+ if (unlikely(!rtlpriv->works.rtl_wq)) {
+ pr_err("Failed to allocate work queue\n");
+ return;
+ }
+
INIT_DELAYED_WORK(&rtlpriv->works.watchdog_wq,
(void *)rtl_watchdog_wq_callback);
INIT_DELAYED_WORK(&rtlpriv->works.ips_nic_off_wq,
--
2.20.1
^ permalink raw reply related [flat|nested] 429+ messages in thread
* [PATCH 5.1 248/405] mwifiex: Fix mem leak in mwifiex_tm_cmd
2019-05-30 2:59 [PATCH 5.1 000/405] 5.1.6-stable review Greg Kroah-Hartman
` (246 preceding siblings ...)
2019-05-30 3:04 ` [PATCH 5.1 247/405] rtlwifi: fix a potential NULL pointer dereference Greg Kroah-Hartman
@ 2019-05-30 3:04 ` Greg Kroah-Hartman
2019-05-30 3:04 ` [PATCH 5.1 249/405] brcmfmac: fix missing checks for kmemdup Greg Kroah-Hartman
` (161 subsequent siblings)
409 siblings, 0 replies; 429+ messages in thread
From: Greg Kroah-Hartman @ 2019-05-30 3:04 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, YueHaibing, Kalle Valo, Sasha Levin
[ Upstream commit 003b686ace820ce2d635a83f10f2d7f9c147dabc ]
'hostcmd' is alloced by kzalloc, should be freed before
leaving from the error handling cases, otherwise it will
cause mem leak.
Fixes: 3935ccc14d2c ("mwifiex: add cfg80211 testmode support")
Signed-off-by: YueHaibing <yuehaibing@huawei.com>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/wireless/marvell/mwifiex/cfg80211.c | 6 +++++-
1 file changed, 5 insertions(+), 1 deletion(-)
diff --git a/drivers/net/wireless/marvell/mwifiex/cfg80211.c b/drivers/net/wireless/marvell/mwifiex/cfg80211.c
index c46f0a54a0c76..e582d9b3e50c2 100644
--- a/drivers/net/wireless/marvell/mwifiex/cfg80211.c
+++ b/drivers/net/wireless/marvell/mwifiex/cfg80211.c
@@ -4082,16 +4082,20 @@ static int mwifiex_tm_cmd(struct wiphy *wiphy, struct wireless_dev *wdev,
if (mwifiex_send_cmd(priv, 0, 0, 0, hostcmd, true)) {
dev_err(priv->adapter->dev, "Failed to process hostcmd\n");
+ kfree(hostcmd);
return -EFAULT;
}
/* process hostcmd response*/
skb = cfg80211_testmode_alloc_reply_skb(wiphy, hostcmd->len);
- if (!skb)
+ if (!skb) {
+ kfree(hostcmd);
return -ENOMEM;
+ }
err = nla_put(skb, MWIFIEX_TM_ATTR_DATA,
hostcmd->len, hostcmd->cmd);
if (err) {
+ kfree(hostcmd);
kfree_skb(skb);
return -EMSGSIZE;
}
--
2.20.1
^ permalink raw reply related [flat|nested] 429+ messages in thread
* [PATCH 5.1 249/405] brcmfmac: fix missing checks for kmemdup
2019-05-30 2:59 [PATCH 5.1 000/405] 5.1.6-stable review Greg Kroah-Hartman
` (247 preceding siblings ...)
2019-05-30 3:04 ` [PATCH 5.1 248/405] mwifiex: Fix mem leak in mwifiex_tm_cmd Greg Kroah-Hartman
@ 2019-05-30 3:04 ` Greg Kroah-Hartman
2019-05-30 3:04 ` [PATCH 5.1 250/405] b43: shut up clang -Wuninitialized variable warning Greg Kroah-Hartman
` (160 subsequent siblings)
409 siblings, 0 replies; 429+ messages in thread
From: Greg Kroah-Hartman @ 2019-05-30 3:04 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Kangjie Lu, Arend van Spriel,
Kalle Valo, Sasha Levin
[ Upstream commit 46953f97224d56a12ccbe9c6acaa84ca0dab2780 ]
In case kmemdup fails, the fix sets conn_info->req_ie_len and
conn_info->resp_ie_len to zero to avoid buffer overflows.
Signed-off-by: Kangjie Lu <kjlu@umn.edu>
Acked-by: Arend van Spriel <arend.vanspriel@broadcom.com>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg80211.c | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg80211.c b/drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg80211.c
index e92f6351bd224..8ee8af4e7ec4f 100644
--- a/drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg80211.c
+++ b/drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg80211.c
@@ -5464,6 +5464,8 @@ static s32 brcmf_get_assoc_ies(struct brcmf_cfg80211_info *cfg,
conn_info->req_ie =
kmemdup(cfg->extra_buf, conn_info->req_ie_len,
GFP_KERNEL);
+ if (!conn_info->req_ie)
+ conn_info->req_ie_len = 0;
} else {
conn_info->req_ie_len = 0;
conn_info->req_ie = NULL;
@@ -5480,6 +5482,8 @@ static s32 brcmf_get_assoc_ies(struct brcmf_cfg80211_info *cfg,
conn_info->resp_ie =
kmemdup(cfg->extra_buf, conn_info->resp_ie_len,
GFP_KERNEL);
+ if (!conn_info->resp_ie)
+ conn_info->resp_ie_len = 0;
} else {
conn_info->resp_ie_len = 0;
conn_info->resp_ie = NULL;
--
2.20.1
^ permalink raw reply related [flat|nested] 429+ messages in thread
* [PATCH 5.1 250/405] b43: shut up clang -Wuninitialized variable warning
2019-05-30 2:59 [PATCH 5.1 000/405] 5.1.6-stable review Greg Kroah-Hartman
` (248 preceding siblings ...)
2019-05-30 3:04 ` [PATCH 5.1 249/405] brcmfmac: fix missing checks for kmemdup Greg Kroah-Hartman
@ 2019-05-30 3:04 ` Greg Kroah-Hartman
2019-05-30 3:04 ` [PATCH 5.1 251/405] brcmfmac: convert dev_init_lock mutex to completion Greg Kroah-Hartman
` (159 subsequent siblings)
409 siblings, 0 replies; 429+ messages in thread
From: Greg Kroah-Hartman @ 2019-05-30 3:04 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Arnd Bergmann, Larry Finger,
Nathan Chancellor, Kalle Valo, Sasha Levin
[ Upstream commit d825db346270dbceef83b7b750dbc29f1d7dcc0e ]
Clang warns about what is clearly a case of passing an uninitalized
variable into a static function:
drivers/net/wireless/broadcom/b43/phy_lp.c:1852:23: error: variable 'gains' is uninitialized when used here
[-Werror,-Wuninitialized]
lpphy_papd_cal(dev, gains, 0, 1, 30);
^~~~~
drivers/net/wireless/broadcom/b43/phy_lp.c:1838:2: note: variable 'gains' is declared here
struct lpphy_tx_gains gains, oldgains;
^
1 error generated.
However, this function is empty, and its arguments are never evaluated,
so gcc in contrast does not warn here. Both compilers behave in a
reasonable way as far as I can tell, so we should change the code
to avoid the warning everywhere.
We could just eliminate the lpphy_papd_cal() function entirely,
given that it has had the TODO comment in it for 10 years now
and is rather unlikely to ever get done. I'm doing a simpler
change here, and just pass the 'oldgains' variable in that has
been initialized, based on the guess that this is what was
originally meant.
Fixes: 2c0d6100da3e ("b43: LP-PHY: Begin implementing calibration & software RFKILL support")
Signed-off-by: Arnd Bergmann <arnd@arndb.de>
Acked-by: Larry Finger <Larry.Finger@lwfinger.net>
Reviewed-by: Nathan Chancellor <natechancellor@gmail.com>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/wireless/broadcom/b43/phy_lp.c | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/drivers/net/wireless/broadcom/b43/phy_lp.c b/drivers/net/wireless/broadcom/b43/phy_lp.c
index 46408a560814c..aedee026c5e24 100644
--- a/drivers/net/wireless/broadcom/b43/phy_lp.c
+++ b/drivers/net/wireless/broadcom/b43/phy_lp.c
@@ -1835,7 +1835,7 @@ static void lpphy_papd_cal(struct b43_wldev *dev, struct lpphy_tx_gains gains,
static void lpphy_papd_cal_txpwr(struct b43_wldev *dev)
{
struct b43_phy_lp *lpphy = dev->phy.lp;
- struct lpphy_tx_gains gains, oldgains;
+ struct lpphy_tx_gains oldgains;
int old_txpctl, old_afe_ovr, old_rf, old_bbmult;
lpphy_read_tx_pctl_mode_from_hardware(dev);
@@ -1849,9 +1849,9 @@ static void lpphy_papd_cal_txpwr(struct b43_wldev *dev)
lpphy_set_tx_power_control(dev, B43_LPPHY_TXPCTL_OFF);
if (dev->dev->chip_id == 0x4325 && dev->dev->chip_rev == 0)
- lpphy_papd_cal(dev, gains, 0, 1, 30);
+ lpphy_papd_cal(dev, oldgains, 0, 1, 30);
else
- lpphy_papd_cal(dev, gains, 0, 1, 65);
+ lpphy_papd_cal(dev, oldgains, 0, 1, 65);
if (old_afe_ovr)
lpphy_set_tx_gains(dev, oldgains);
--
2.20.1
^ permalink raw reply related [flat|nested] 429+ messages in thread
* [PATCH 5.1 251/405] brcmfmac: convert dev_init_lock mutex to completion
2019-05-30 2:59 [PATCH 5.1 000/405] 5.1.6-stable review Greg Kroah-Hartman
` (249 preceding siblings ...)
2019-05-30 3:04 ` [PATCH 5.1 250/405] b43: shut up clang -Wuninitialized variable warning Greg Kroah-Hartman
@ 2019-05-30 3:04 ` Greg Kroah-Hartman
2019-05-30 3:04 ` [PATCH 5.1 252/405] brcmfmac: fix WARNING during USB disconnect in case of unempty psq Greg Kroah-Hartman
` (158 subsequent siblings)
409 siblings, 0 replies; 429+ messages in thread
From: Greg Kroah-Hartman @ 2019-05-30 3:04 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Piotr Figiel, Kalle Valo, Sasha Levin
[ Upstream commit a9fd0953fa4a62887306be28641b4b0809f3b2fd ]
Leaving dev_init_lock mutex locked in probe causes BUG and a WARNING when
kernel is compiled with CONFIG_PROVE_LOCKING. Convert mutex to completion
which silences those warnings and improves code readability.
Fix below errors when connecting the USB WiFi dongle:
brcmfmac: brcmf_fw_alloc_request: using brcm/brcmfmac43143 for chip BCM43143/2
BUG: workqueue leaked lock or atomic: kworker/0:2/0x00000000/434
last function: hub_event
1 lock held by kworker/0:2/434:
#0: 18d5dcdf (&devinfo->dev_init_lock){+.+.}, at: brcmf_usb_probe+0x78/0x550 [brcmfmac]
CPU: 0 PID: 434 Comm: kworker/0:2 Not tainted 4.19.23-00084-g454a789-dirty #123
Hardware name: Freescale i.MX6 Quad/DualLite (Device Tree)
Workqueue: usb_hub_wq hub_event
[<8011237c>] (unwind_backtrace) from [<8010d74c>] (show_stack+0x10/0x14)
[<8010d74c>] (show_stack) from [<809c4324>] (dump_stack+0xa8/0xd4)
[<809c4324>] (dump_stack) from [<8014195c>] (process_one_work+0x710/0x808)
[<8014195c>] (process_one_work) from [<80141a80>] (worker_thread+0x2c/0x564)
[<80141a80>] (worker_thread) from [<80147bcc>] (kthread+0x13c/0x16c)
[<80147bcc>] (kthread) from [<801010b4>] (ret_from_fork+0x14/0x20)
Exception stack(0xed1d9fb0 to 0xed1d9ff8)
9fa0: 00000000 00000000 00000000 00000000
9fc0: 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000
9fe0: 00000000 00000000 00000000 00000000 00000013 00000000
======================================================
WARNING: possible circular locking dependency detected
4.19.23-00084-g454a789-dirty #123 Not tainted
------------------------------------------------------
kworker/0:2/434 is trying to acquire lock:
e29cf799 ((wq_completion)"events"){+.+.}, at: process_one_work+0x174/0x808
but task is already holding lock:
18d5dcdf (&devinfo->dev_init_lock){+.+.}, at: brcmf_usb_probe+0x78/0x550 [brcmfmac]
which lock already depends on the new lock.
the existing dependency chain (in reverse order) is:
-> #2 (&devinfo->dev_init_lock){+.+.}:
mutex_lock_nested+0x1c/0x24
brcmf_usb_probe+0x78/0x550 [brcmfmac]
usb_probe_interface+0xc0/0x1bc
really_probe+0x228/0x2c0
__driver_attach+0xe4/0xe8
bus_for_each_dev+0x68/0xb4
bus_add_driver+0x19c/0x214
driver_register+0x78/0x110
usb_register_driver+0x84/0x148
process_one_work+0x228/0x808
worker_thread+0x2c/0x564
kthread+0x13c/0x16c
ret_from_fork+0x14/0x20
(null)
-> #1 (brcmf_driver_work){+.+.}:
worker_thread+0x2c/0x564
kthread+0x13c/0x16c
ret_from_fork+0x14/0x20
(null)
-> #0 ((wq_completion)"events"){+.+.}:
process_one_work+0x1b8/0x808
worker_thread+0x2c/0x564
kthread+0x13c/0x16c
ret_from_fork+0x14/0x20
(null)
other info that might help us debug this:
Chain exists of:
(wq_completion)"events" --> brcmf_driver_work --> &devinfo->dev_init_lock
Possible unsafe locking scenario:
CPU0 CPU1
---- ----
lock(&devinfo->dev_init_lock);
lock(brcmf_driver_work);
lock(&devinfo->dev_init_lock);
lock((wq_completion)"events");
*** DEADLOCK ***
1 lock held by kworker/0:2/434:
#0: 18d5dcdf (&devinfo->dev_init_lock){+.+.}, at: brcmf_usb_probe+0x78/0x550 [brcmfmac]
stack backtrace:
CPU: 0 PID: 434 Comm: kworker/0:2 Not tainted 4.19.23-00084-g454a789-dirty #123
Hardware name: Freescale i.MX6 Quad/DualLite (Device Tree)
Workqueue: events request_firmware_work_func
[<8011237c>] (unwind_backtrace) from [<8010d74c>] (show_stack+0x10/0x14)
[<8010d74c>] (show_stack) from [<809c4324>] (dump_stack+0xa8/0xd4)
[<809c4324>] (dump_stack) from [<80172838>] (print_circular_bug+0x210/0x330)
[<80172838>] (print_circular_bug) from [<80175940>] (__lock_acquire+0x160c/0x1a30)
[<80175940>] (__lock_acquire) from [<8017671c>] (lock_acquire+0xe0/0x268)
[<8017671c>] (lock_acquire) from [<80141404>] (process_one_work+0x1b8/0x808)
[<80141404>] (process_one_work) from [<80141a80>] (worker_thread+0x2c/0x564)
[<80141a80>] (worker_thread) from [<80147bcc>] (kthread+0x13c/0x16c)
[<80147bcc>] (kthread) from [<801010b4>] (ret_from_fork+0x14/0x20)
Exception stack(0xed1d9fb0 to 0xed1d9ff8)
9fa0: 00000000 00000000 00000000 00000000
9fc0: 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000
9fe0: 00000000 00000000 00000000 00000000 00000013 00000000
Signed-off-by: Piotr Figiel <p.figiel@camlintechnologies.com>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
.../wireless/broadcom/brcm80211/brcmfmac/usb.c | 17 ++++++++---------
1 file changed, 8 insertions(+), 9 deletions(-)
diff --git a/drivers/net/wireless/broadcom/brcm80211/brcmfmac/usb.c b/drivers/net/wireless/broadcom/brcm80211/brcmfmac/usb.c
index e9cbfd077710a..a513990cd1d6a 100644
--- a/drivers/net/wireless/broadcom/brcm80211/brcmfmac/usb.c
+++ b/drivers/net/wireless/broadcom/brcm80211/brcmfmac/usb.c
@@ -160,7 +160,7 @@ struct brcmf_usbdev_info {
struct usb_device *usbdev;
struct device *dev;
- struct mutex dev_init_lock;
+ struct completion dev_init_done;
int ctl_in_pipe, ctl_out_pipe;
struct urb *ctl_urb; /* URB for control endpoint */
@@ -1193,11 +1193,11 @@ static void brcmf_usb_probe_phase2(struct device *dev, int ret,
if (ret)
goto error;
- mutex_unlock(&devinfo->dev_init_lock);
+ complete(&devinfo->dev_init_done);
return;
error:
brcmf_dbg(TRACE, "failed: dev=%s, err=%d\n", dev_name(dev), ret);
- mutex_unlock(&devinfo->dev_init_lock);
+ complete(&devinfo->dev_init_done);
device_release_driver(dev);
}
@@ -1265,7 +1265,7 @@ static int brcmf_usb_probe_cb(struct brcmf_usbdev_info *devinfo)
if (ret)
goto fail;
/* we are done */
- mutex_unlock(&devinfo->dev_init_lock);
+ complete(&devinfo->dev_init_done);
return 0;
}
bus->chip = bus_pub->devid;
@@ -1325,11 +1325,10 @@ brcmf_usb_probe(struct usb_interface *intf, const struct usb_device_id *id)
devinfo->usbdev = usb;
devinfo->dev = &usb->dev;
- /* Take an init lock, to protect for disconnect while still loading.
+ /* Init completion, to protect for disconnect while still loading.
* Necessary because of the asynchronous firmware load construction
*/
- mutex_init(&devinfo->dev_init_lock);
- mutex_lock(&devinfo->dev_init_lock);
+ init_completion(&devinfo->dev_init_done);
usb_set_intfdata(intf, devinfo);
@@ -1407,7 +1406,7 @@ brcmf_usb_probe(struct usb_interface *intf, const struct usb_device_id *id)
return 0;
fail:
- mutex_unlock(&devinfo->dev_init_lock);
+ complete(&devinfo->dev_init_done);
kfree(devinfo);
usb_set_intfdata(intf, NULL);
return ret;
@@ -1422,7 +1421,7 @@ brcmf_usb_disconnect(struct usb_interface *intf)
devinfo = (struct brcmf_usbdev_info *)usb_get_intfdata(intf);
if (devinfo) {
- mutex_lock(&devinfo->dev_init_lock);
+ wait_for_completion(&devinfo->dev_init_done);
/* Make sure that devinfo still exists. Firmware probe routines
* may have released the device and cleared the intfdata.
*/
--
2.20.1
^ permalink raw reply related [flat|nested] 429+ messages in thread
* [PATCH 5.1 252/405] brcmfmac: fix WARNING during USB disconnect in case of unempty psq
2019-05-30 2:59 [PATCH 5.1 000/405] 5.1.6-stable review Greg Kroah-Hartman
` (250 preceding siblings ...)
2019-05-30 3:04 ` [PATCH 5.1 251/405] brcmfmac: convert dev_init_lock mutex to completion Greg Kroah-Hartman
@ 2019-05-30 3:04 ` Greg Kroah-Hartman
2019-05-30 3:04 ` [PATCH 5.1 253/405] brcmfmac: fix race during disconnect when USB completion is in progress Greg Kroah-Hartman
` (157 subsequent siblings)
409 siblings, 0 replies; 429+ messages in thread
From: Greg Kroah-Hartman @ 2019-05-30 3:04 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Piotr Figiel, Kalle Valo, Sasha Levin
[ Upstream commit c80d26e81ef1802f30364b4ad1955c1443a592b9 ]
brcmu_pkt_buf_free_skb emits WARNING when attempting to free a sk_buff
which is part of any queue. After USB disconnect this may have happened
when brcmf_fws_hanger_cleanup() is called as per-interface psq was never
cleaned when removing the interface.
Change brcmf_fws_macdesc_cleanup() in a way that it removes the
corresponding packets from hanger table (to avoid double-free when
brcmf_fws_hanger_cleanup() is called) and add a call to clean-up the
interface specific packet queue.
Below is a WARNING during USB disconnect with Raspberry Pi WiFi dongle
running in AP mode. This was reproducible when the interface was
transmitting during the disconnect and is fixed with this commit.
------------[ cut here ]------------
WARNING: CPU: 0 PID: 1171 at drivers/net/wireless/broadcom/brcm80211/brcmutil/utils.c:49 brcmu_pkt_buf_free_skb+0x3c/0x40
Modules linked in: nf_log_ipv4 nf_log_common xt_LOG xt_limit iptable_mangle xt_connmark xt_tcpudp xt_conntrack nf_conntrack nf_defrag_ipv6 nf_defrag_ipv4 iptable_filter ip_tables x_tables usb_f_mass_storage usb_f_rndis u_ether cdc_acm smsc95xx usbnet ci_hdrc_imx ci_hdrc ulpi usbmisc_imx 8250_exar 8250_pci 8250 8250_base libcomposite configfs udc_core
CPU: 0 PID: 1171 Comm: kworker/0:0 Not tainted 4.19.23-00075-gde33ed8 #99
Hardware name: Freescale i.MX6 Quad/DualLite (Device Tree)
Workqueue: usb_hub_wq hub_event
[<8010ff84>] (unwind_backtrace) from [<8010bb64>] (show_stack+0x10/0x14)
[<8010bb64>] (show_stack) from [<80840278>] (dump_stack+0x88/0x9c)
[<80840278>] (dump_stack) from [<8011f5ec>] (__warn+0xfc/0x114)
[<8011f5ec>] (__warn) from [<8011f71c>] (warn_slowpath_null+0x40/0x48)
[<8011f71c>] (warn_slowpath_null) from [<805a476c>] (brcmu_pkt_buf_free_skb+0x3c/0x40)
[<805a476c>] (brcmu_pkt_buf_free_skb) from [<805bb6c4>] (brcmf_fws_cleanup+0x1e4/0x22c)
[<805bb6c4>] (brcmf_fws_cleanup) from [<805bc854>] (brcmf_fws_del_interface+0x58/0x68)
[<805bc854>] (brcmf_fws_del_interface) from [<805b66ac>] (brcmf_remove_interface+0x40/0x150)
[<805b66ac>] (brcmf_remove_interface) from [<805b6870>] (brcmf_detach+0x6c/0xb0)
[<805b6870>] (brcmf_detach) from [<805bdbb8>] (brcmf_usb_disconnect+0x30/0x4c)
[<805bdbb8>] (brcmf_usb_disconnect) from [<805e5d64>] (usb_unbind_interface+0x5c/0x1e0)
[<805e5d64>] (usb_unbind_interface) from [<804aab10>] (device_release_driver_internal+0x154/0x1ec)
[<804aab10>] (device_release_driver_internal) from [<804a97f4>] (bus_remove_device+0xcc/0xf8)
[<804a97f4>] (bus_remove_device) from [<804a6fc0>] (device_del+0x118/0x308)
[<804a6fc0>] (device_del) from [<805e488c>] (usb_disable_device+0xa0/0x1c8)
[<805e488c>] (usb_disable_device) from [<805dcf98>] (usb_disconnect+0x70/0x1d8)
[<805dcf98>] (usb_disconnect) from [<805ddd84>] (hub_event+0x464/0xf50)
[<805ddd84>] (hub_event) from [<80135a70>] (process_one_work+0x138/0x3f8)
[<80135a70>] (process_one_work) from [<80135d5c>] (worker_thread+0x2c/0x554)
[<80135d5c>] (worker_thread) from [<8013b1a0>] (kthread+0x124/0x154)
[<8013b1a0>] (kthread) from [<801010e8>] (ret_from_fork+0x14/0x2c)
Exception stack(0xecf8dfb0 to 0xecf8dff8)
dfa0: 00000000 00000000 00000000 00000000
dfc0: 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000
dfe0: 00000000 00000000 00000000 00000000 00000013 00000000
---[ end trace 38d234018e9e2a90 ]---
------------[ cut here ]------------
Signed-off-by: Piotr Figiel <p.figiel@camlintechnologies.com>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
.../broadcom/brcm80211/brcmfmac/fwsignal.c | 42 +++++++++++--------
1 file changed, 24 insertions(+), 18 deletions(-)
diff --git a/drivers/net/wireless/broadcom/brcm80211/brcmfmac/fwsignal.c b/drivers/net/wireless/broadcom/brcm80211/brcmfmac/fwsignal.c
index abeb305492e01..d48b8b2d946fe 100644
--- a/drivers/net/wireless/broadcom/brcm80211/brcmfmac/fwsignal.c
+++ b/drivers/net/wireless/broadcom/brcm80211/brcmfmac/fwsignal.c
@@ -580,24 +580,6 @@ static bool brcmf_fws_ifidx_match(struct sk_buff *skb, void *arg)
return ifidx == *(int *)arg;
}
-static void brcmf_fws_psq_flush(struct brcmf_fws_info *fws, struct pktq *q,
- int ifidx)
-{
- bool (*matchfn)(struct sk_buff *, void *) = NULL;
- struct sk_buff *skb;
- int prec;
-
- if (ifidx != -1)
- matchfn = brcmf_fws_ifidx_match;
- for (prec = 0; prec < q->num_prec; prec++) {
- skb = brcmu_pktq_pdeq_match(q, prec, matchfn, &ifidx);
- while (skb) {
- brcmu_pkt_buf_free_skb(skb);
- skb = brcmu_pktq_pdeq_match(q, prec, matchfn, &ifidx);
- }
- }
-}
-
static void brcmf_fws_hanger_init(struct brcmf_fws_hanger *hanger)
{
int i;
@@ -669,6 +651,28 @@ static inline int brcmf_fws_hanger_poppkt(struct brcmf_fws_hanger *h,
return 0;
}
+static void brcmf_fws_psq_flush(struct brcmf_fws_info *fws, struct pktq *q,
+ int ifidx)
+{
+ bool (*matchfn)(struct sk_buff *, void *) = NULL;
+ struct sk_buff *skb;
+ int prec;
+ u32 hslot;
+
+ if (ifidx != -1)
+ matchfn = brcmf_fws_ifidx_match;
+ for (prec = 0; prec < q->num_prec; prec++) {
+ skb = brcmu_pktq_pdeq_match(q, prec, matchfn, &ifidx);
+ while (skb) {
+ hslot = brcmf_skb_htod_tag_get_field(skb, HSLOT);
+ brcmf_fws_hanger_poppkt(&fws->hanger, hslot, &skb,
+ true);
+ brcmu_pkt_buf_free_skb(skb);
+ skb = brcmu_pktq_pdeq_match(q, prec, matchfn, &ifidx);
+ }
+ }
+}
+
static int brcmf_fws_hanger_mark_suppressed(struct brcmf_fws_hanger *h,
u32 slot_id)
{
@@ -2200,6 +2204,8 @@ void brcmf_fws_del_interface(struct brcmf_if *ifp)
brcmf_fws_lock(fws);
ifp->fws_desc = NULL;
brcmf_dbg(TRACE, "deleting %s\n", entry->name);
+ brcmf_fws_macdesc_cleanup(fws, &fws->desc.iface[ifp->ifidx],
+ ifp->ifidx);
brcmf_fws_macdesc_deinit(entry);
brcmf_fws_cleanup(fws, ifp->ifidx);
brcmf_fws_unlock(fws);
--
2.20.1
^ permalink raw reply related [flat|nested] 429+ messages in thread
* [PATCH 5.1 253/405] brcmfmac: fix race during disconnect when USB completion is in progress
2019-05-30 2:59 [PATCH 5.1 000/405] 5.1.6-stable review Greg Kroah-Hartman
` (251 preceding siblings ...)
2019-05-30 3:04 ` [PATCH 5.1 252/405] brcmfmac: fix WARNING during USB disconnect in case of unempty psq Greg Kroah-Hartman
@ 2019-05-30 3:04 ` Greg Kroah-Hartman
2019-05-30 3:04 ` [PATCH 5.1 254/405] brcmfmac: fix Oops when bringing up interface during USB disconnect Greg Kroah-Hartman
` (156 subsequent siblings)
409 siblings, 0 replies; 429+ messages in thread
From: Greg Kroah-Hartman @ 2019-05-30 3:04 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Piotr Figiel, Kalle Valo, Sasha Levin
[ Upstream commit db3b9e2e1d58080d0754bdf9293dabf8c6491b67 ]
It was observed that rarely during USB disconnect happening shortly after
connect (before full initialization completes) usb_hub_wq would wait
forever for the dev_init_lock to be unlocked. dev_init_lock would remain
locked though because of infinite wait during usb_kill_urb:
[ 2730.656472] kworker/0:2 D 0 260 2 0x00000000
[ 2730.660700] Workqueue: events request_firmware_work_func
[ 2730.664807] [<809dca20>] (__schedule) from [<809dd164>] (schedule+0x4c/0xac)
[ 2730.670587] [<809dd164>] (schedule) from [<8069af44>] (usb_kill_urb+0xdc/0x114)
[ 2730.676815] [<8069af44>] (usb_kill_urb) from [<7f258b50>] (brcmf_usb_free_q+0x34/0xa8 [brcmfmac])
[ 2730.684833] [<7f258b50>] (brcmf_usb_free_q [brcmfmac]) from [<7f2517d4>] (brcmf_detach+0xa0/0xb8 [brcmfmac])
[ 2730.693557] [<7f2517d4>] (brcmf_detach [brcmfmac]) from [<7f251a34>] (brcmf_attach+0xac/0x3d8 [brcmfmac])
[ 2730.702094] [<7f251a34>] (brcmf_attach [brcmfmac]) from [<7f2587ac>] (brcmf_usb_probe_phase2+0x468/0x4a0 [brcmfmac])
[ 2730.711601] [<7f2587ac>] (brcmf_usb_probe_phase2 [brcmfmac]) from [<7f252888>] (brcmf_fw_request_done+0x194/0x220 [brcmfmac])
[ 2730.721795] [<7f252888>] (brcmf_fw_request_done [brcmfmac]) from [<805748e4>] (request_firmware_work_func+0x4c/0x88)
[ 2730.731125] [<805748e4>] (request_firmware_work_func) from [<80141474>] (process_one_work+0x228/0x808)
[ 2730.739223] [<80141474>] (process_one_work) from [<80141a80>] (worker_thread+0x2c/0x564)
[ 2730.746105] [<80141a80>] (worker_thread) from [<80147bcc>] (kthread+0x13c/0x16c)
[ 2730.752227] [<80147bcc>] (kthread) from [<801010b4>] (ret_from_fork+0x14/0x20)
[ 2733.099695] kworker/0:3 D 0 1065 2 0x00000000
[ 2733.103926] Workqueue: usb_hub_wq hub_event
[ 2733.106914] [<809dca20>] (__schedule) from [<809dd164>] (schedule+0x4c/0xac)
[ 2733.112693] [<809dd164>] (schedule) from [<809e2a8c>] (schedule_timeout+0x214/0x3e4)
[ 2733.119621] [<809e2a8c>] (schedule_timeout) from [<809dde2c>] (wait_for_common+0xc4/0x1c0)
[ 2733.126810] [<809dde2c>] (wait_for_common) from [<7f258d00>] (brcmf_usb_disconnect+0x1c/0x4c [brcmfmac])
[ 2733.135206] [<7f258d00>] (brcmf_usb_disconnect [brcmfmac]) from [<8069e0c8>] (usb_unbind_interface+0x5c/0x1e4)
[ 2733.143943] [<8069e0c8>] (usb_unbind_interface) from [<8056d3e8>] (device_release_driver_internal+0x164/0x1fc)
[ 2733.152769] [<8056d3e8>] (device_release_driver_internal) from [<8056c078>] (bus_remove_device+0xd0/0xfc)
[ 2733.161138] [<8056c078>] (bus_remove_device) from [<8056977c>] (device_del+0x11c/0x310)
[ 2733.167939] [<8056977c>] (device_del) from [<8069cba8>] (usb_disable_device+0xa0/0x1cc)
[ 2733.174743] [<8069cba8>] (usb_disable_device) from [<8069507c>] (usb_disconnect+0x74/0x1dc)
[ 2733.181823] [<8069507c>] (usb_disconnect) from [<80695e88>] (hub_event+0x478/0xf88)
[ 2733.188278] [<80695e88>] (hub_event) from [<80141474>] (process_one_work+0x228/0x808)
[ 2733.194905] [<80141474>] (process_one_work) from [<80141a80>] (worker_thread+0x2c/0x564)
[ 2733.201724] [<80141a80>] (worker_thread) from [<80147bcc>] (kthread+0x13c/0x16c)
[ 2733.207913] [<80147bcc>] (kthread) from [<801010b4>] (ret_from_fork+0x14/0x20)
It was traced down to a case where usb_kill_urb would be called on an URB
structure containing more or less random data, including large number in
its use_count. During the debugging it appeared that in brcmf_usb_free_q()
the traversal over URBs' lists is not synchronized with operations on those
lists in brcmf_usb_rx_complete() leading to handling
brcmf_usbdev_info structure (holding lists' head) as lists' element and in
result causing above problem.
Fix it by walking through all URBs during brcmf_cancel_all_urbs using the
arrays of requests instead of linked lists.
Signed-off-by: Piotr Figiel <p.figiel@camlintechnologies.com>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/wireless/broadcom/brcm80211/brcmfmac/usb.c | 10 ++++++++--
1 file changed, 8 insertions(+), 2 deletions(-)
diff --git a/drivers/net/wireless/broadcom/brcm80211/brcmfmac/usb.c b/drivers/net/wireless/broadcom/brcm80211/brcmfmac/usb.c
index a513990cd1d6a..81e1842f1d8c1 100644
--- a/drivers/net/wireless/broadcom/brcm80211/brcmfmac/usb.c
+++ b/drivers/net/wireless/broadcom/brcm80211/brcmfmac/usb.c
@@ -682,12 +682,18 @@ static int brcmf_usb_up(struct device *dev)
static void brcmf_cancel_all_urbs(struct brcmf_usbdev_info *devinfo)
{
+ int i;
+
if (devinfo->ctl_urb)
usb_kill_urb(devinfo->ctl_urb);
if (devinfo->bulk_urb)
usb_kill_urb(devinfo->bulk_urb);
- brcmf_usb_free_q(&devinfo->tx_postq, true);
- brcmf_usb_free_q(&devinfo->rx_postq, true);
+ if (devinfo->tx_reqs)
+ for (i = 0; i < devinfo->bus_pub.ntxq; i++)
+ usb_kill_urb(devinfo->tx_reqs[i].urb);
+ if (devinfo->rx_reqs)
+ for (i = 0; i < devinfo->bus_pub.nrxq; i++)
+ usb_kill_urb(devinfo->rx_reqs[i].urb);
}
static void brcmf_usb_down(struct device *dev)
--
2.20.1
^ permalink raw reply related [flat|nested] 429+ messages in thread
* [PATCH 5.1 254/405] brcmfmac: fix Oops when bringing up interface during USB disconnect
2019-05-30 2:59 [PATCH 5.1 000/405] 5.1.6-stable review Greg Kroah-Hartman
` (252 preceding siblings ...)
2019-05-30 3:04 ` [PATCH 5.1 253/405] brcmfmac: fix race during disconnect when USB completion is in progress Greg Kroah-Hartman
@ 2019-05-30 3:04 ` Greg Kroah-Hartman
2019-05-30 3:04 ` [PATCH 5.1 255/405] rtc: xgene: fix possible race condition Greg Kroah-Hartman
` (155 subsequent siblings)
409 siblings, 0 replies; 429+ messages in thread
From: Greg Kroah-Hartman @ 2019-05-30 3:04 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Piotr Figiel, Kalle Valo, Sasha Levin
[ Upstream commit 24d413a31afaee9bbbf79226052c386b01780ce2 ]
Fix a race which leads to an Oops with NULL pointer dereference. The
dereference is in brcmf_config_dongle() when cfg_to_ndev() attempts to get
net_device structure of interface with index 0 via if2bss mapping. This
shouldn't fail because of check for bus being ready in brcmf_netdev_open(),
but it's not synchronised with USB disconnect and there is a race: after
the check the bus can be marked down and the mapping for interface 0 may be
gone.
Solve this by modifying disconnect handling so that the removal of mapping
of ifidx to brcmf_if structure happens after netdev removal (which is
synchronous with brcmf_netdev_open() thanks to rtln being locked in
devinet_ioctl()). This assures brcmf_netdev_open() returns before the
mapping is removed during disconnect.
Unable to handle kernel NULL pointer dereference at virtual address 00000008
pgd = bcae2612
[00000008] *pgd=8be73831
Internal error: Oops: 17 [#1] PREEMPT SMP ARM
Modules linked in: brcmfmac brcmutil nf_log_ipv4 nf_log_common xt_LOG xt_limit
iptable_mangle xt_connmark xt_tcpudp xt_conntrack nf_conntrack nf_defrag_ipv6
nf_defrag_ipv4 iptable_filter ip_tables x_tables usb_f_mass_storage usb_f_rndis
u_ether usb_serial_simple usbserial cdc_acm smsc95xx usbnet ci_hdrc_imx ci_hdrc
usbmisc_imx ulpi 8250_exar 8250_pci 8250 8250_base libcomposite configfs
udc_core [last unloaded: brcmutil]
CPU: 2 PID: 24478 Comm: ifconfig Not tainted 4.19.23-00078-ga62866d-dirty #115
Hardware name: Freescale i.MX6 Quad/DualLite (Device Tree)
PC is at brcmf_cfg80211_up+0x94/0x29c [brcmfmac]
LR is at brcmf_cfg80211_up+0x8c/0x29c [brcmfmac]
pc : [<7f26a91c>] lr : [<7f26a914>] psr: a0070013
sp : eca99d28 ip : 00000000 fp : ee9c6c00
r10: 00000036 r9 : 00000000 r8 : ece4002c
r7 : edb5b800 r6 : 00000000 r5 : 80f08448 r4 : edb5b968
r3 : ffffffff r2 : 00000000 r1 : 00000002 r0 : 00000000
Flags: NzCv IRQs on FIQs on Mode SVC_32 ISA ARM Segment none
Control: 10c5387d Table: 7ca0c04a DAC: 00000051
Process ifconfig (pid: 24478, stack limit = 0xd9e85a0e)
Stack: (0xeca99d28 to 0xeca9a000)
9d20: 00000000 80f873b0 0000000d 80f08448 eca99d68 50d45f32
9d40: 7f27de94 ece40000 80f08448 80f08448 7f27de94 ece4002c 00000000 00000036
9d60: ee9c6c00 7f27262c 00001002 50d45f32 ece40000 00000000 80f08448 80772008
9d80: 00000001 00001043 00001002 ece40000 00000000 50d45f32 ece40000 00000001
9da0: 80f08448 00001043 00001002 807723d0 00000000 50d45f32 80f08448 eca99e58
9dc0: 80f87113 50d45f32 80f08448 ece40000 ece40138 00001002 80f08448 00000000
9de0: 00000000 80772434 edbd5380 eca99e58 edbd5380 80f08448 ee9c6c0c 80805f70
9e00: 00000000 ede08e00 00008914 ece40000 00000014 ee9c6c0c 600c0013 00001043
9e20: 0208a8c0 ffffffff 00000000 50d45f32 eca98000 80f08448 7ee9fc38 00008914
9e40: 80f68e40 00000051 eca98000 00000036 00000003 80808b9c 6e616c77 00000030
9e60: 00000000 00000000 00001043 0208a8c0 ffffffff 00000000 80f08448 00000000
9e80: 00000000 816d8b20 600c0013 00000001 ede09320 801763d4 00000000 50d45f32
9ea0: eca98000 80f08448 7ee9fc38 50d45f32 00008914 80f08448 7ee9fc38 80f68e40
9ec0: ed531540 8074721c 00000800 00000001 00000000 6e616c77 00000030 00000000
9ee0: 00000000 00001002 0208a8c0 ffffffff 00000000 50d45f32 80f08448 7ee9fc38
9f00: ed531560 ec8fc900 80285a6c 80285138 edb910c0 00000000 ecd91008 ede08e00
9f20: 80f08448 00000000 00000000 816d8b20 600c0013 00000001 ede09320 801763d4
9f40: 00000000 50d45f32 00021000 edb91118 edb910c0 80f08448 01b29000 edb91118
9f60: eca99f7c 50d45f32 00021000 ec8fc900 00000003 ec8fc900 00008914 7ee9fc38
9f80: eca98000 00000036 00000003 80285a6c 00086364 7ee9fe1c 000000c3 00000036
9fa0: 801011c4 80101000 00086364 7ee9fe1c 00000003 00008914 7ee9fc38 00086364
9fc0: 00086364 7ee9fe1c 000000c3 00000036 0008630c 7ee9fe1c 7ee9fc38 00000003
9fe0: 000a42b8 7ee9fbd4 00019914 76e09acc 600c0010 00000003 00000000 00000000
[<7f26a91c>] (brcmf_cfg80211_up [brcmfmac]) from [<7f27262c>] (brcmf_netdev_open+0x74/0xe8 [brcmfmac])
[<7f27262c>] (brcmf_netdev_open [brcmfmac]) from [<80772008>] (__dev_open+0xcc/0x150)
[<80772008>] (__dev_open) from [<807723d0>] (__dev_change_flags+0x168/0x1b4)
[<807723d0>] (__dev_change_flags) from [<80772434>] (dev_change_flags+0x18/0x48)
[<80772434>] (dev_change_flags) from [<80805f70>] (devinet_ioctl+0x67c/0x79c)
[<80805f70>] (devinet_ioctl) from [<80808b9c>] (inet_ioctl+0x210/0x3d4)
[<80808b9c>] (inet_ioctl) from [<8074721c>] (sock_ioctl+0x350/0x524)
[<8074721c>] (sock_ioctl) from [<80285138>] (do_vfs_ioctl+0xb0/0x9b0)
[<80285138>] (do_vfs_ioctl) from [<80285a6c>] (ksys_ioctl+0x34/0x5c)
[<80285a6c>] (ksys_ioctl) from [<80101000>] (ret_fast_syscall+0x0/0x28)
Exception stack(0xeca99fa8 to 0xeca99ff0)
9fa0: 00086364 7ee9fe1c 00000003 00008914 7ee9fc38 00086364
9fc0: 00086364 7ee9fe1c 000000c3 00000036 0008630c 7ee9fe1c 7ee9fc38 00000003
9fe0: 000a42b8 7ee9fbd4 00019914 76e09acc
Code: e5970328 eb002021 e1a02006 e3a01002 (e5909008)
---[ end trace 5cbac2333f3ac5df ]---
Signed-off-by: Piotr Figiel <p.figiel@camlintechnologies.com>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
.../net/wireless/broadcom/brcm80211/brcmfmac/core.c | 10 +++++++---
1 file changed, 7 insertions(+), 3 deletions(-)
diff --git a/drivers/net/wireless/broadcom/brcm80211/brcmfmac/core.c b/drivers/net/wireless/broadcom/brcm80211/brcmfmac/core.c
index 4fbe8791f6749..24ed19ed116ea 100644
--- a/drivers/net/wireless/broadcom/brcm80211/brcmfmac/core.c
+++ b/drivers/net/wireless/broadcom/brcm80211/brcmfmac/core.c
@@ -841,17 +841,17 @@ static void brcmf_del_if(struct brcmf_pub *drvr, s32 bsscfgidx,
bool rtnl_locked)
{
struct brcmf_if *ifp;
+ int ifidx;
ifp = drvr->iflist[bsscfgidx];
- drvr->iflist[bsscfgidx] = NULL;
if (!ifp) {
bphy_err(drvr, "Null interface, bsscfgidx=%d\n", bsscfgidx);
return;
}
brcmf_dbg(TRACE, "Enter, bsscfgidx=%d, ifidx=%d\n", bsscfgidx,
ifp->ifidx);
- if (drvr->if2bss[ifp->ifidx] == bsscfgidx)
- drvr->if2bss[ifp->ifidx] = BRCMF_BSSIDX_INVALID;
+ ifidx = ifp->ifidx;
+
if (ifp->ndev) {
if (bsscfgidx == 0) {
if (ifp->ndev->netdev_ops == &brcmf_netdev_ops_pri) {
@@ -879,6 +879,10 @@ static void brcmf_del_if(struct brcmf_pub *drvr, s32 bsscfgidx,
brcmf_p2p_ifp_removed(ifp, rtnl_locked);
kfree(ifp);
}
+
+ drvr->iflist[bsscfgidx] = NULL;
+ if (drvr->if2bss[ifidx] == bsscfgidx)
+ drvr->if2bss[ifidx] = BRCMF_BSSIDX_INVALID;
}
void brcmf_remove_interface(struct brcmf_if *ifp, bool rtnl_locked)
--
2.20.1
^ permalink raw reply related [flat|nested] 429+ messages in thread
* [PATCH 5.1 255/405] rtc: xgene: fix possible race condition
2019-05-30 2:59 [PATCH 5.1 000/405] 5.1.6-stable review Greg Kroah-Hartman
` (253 preceding siblings ...)
2019-05-30 3:04 ` [PATCH 5.1 254/405] brcmfmac: fix Oops when bringing up interface during USB disconnect Greg Kroah-Hartman
@ 2019-05-30 3:04 ` Greg Kroah-Hartman
2019-05-30 3:04 ` [PATCH 5.1 256/405] spi: Add missing error handling for CS GPIOs Greg Kroah-Hartman
` (154 subsequent siblings)
409 siblings, 0 replies; 429+ messages in thread
From: Greg Kroah-Hartman @ 2019-05-30 3:04 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Alexandre Belloni, Sasha Levin
[ Upstream commit a652e00ee1233e251a337c28e18a1da59224e5ce ]
The IRQ is requested before the struct rtc is allocated and registered, but
this struct is used in the IRQ handler. This may lead to a NULL pointer
dereference.
Switch to devm_rtc_allocate_device/rtc_register_device to allocate the rtc
struct before requesting the IRQ.
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/rtc/rtc-xgene.c | 18 +++++++++++-------
1 file changed, 11 insertions(+), 7 deletions(-)
diff --git a/drivers/rtc/rtc-xgene.c b/drivers/rtc/rtc-xgene.c
index 153820876a820..2f741f455c30a 100644
--- a/drivers/rtc/rtc-xgene.c
+++ b/drivers/rtc/rtc-xgene.c
@@ -168,6 +168,10 @@ static int xgene_rtc_probe(struct platform_device *pdev)
if (IS_ERR(pdata->csr_base))
return PTR_ERR(pdata->csr_base);
+ pdata->rtc = devm_rtc_allocate_device(&pdev->dev);
+ if (IS_ERR(pdata->rtc))
+ return PTR_ERR(pdata->rtc);
+
irq = platform_get_irq(pdev, 0);
if (irq < 0) {
dev_err(&pdev->dev, "No IRQ resource\n");
@@ -198,15 +202,15 @@ static int xgene_rtc_probe(struct platform_device *pdev)
return ret;
}
- pdata->rtc = devm_rtc_device_register(&pdev->dev, pdev->name,
- &xgene_rtc_ops, THIS_MODULE);
- if (IS_ERR(pdata->rtc)) {
- clk_disable_unprepare(pdata->clk);
- return PTR_ERR(pdata->rtc);
- }
-
/* HW does not support update faster than 1 seconds */
pdata->rtc->uie_unsupported = 1;
+ pdata->rtc->ops = &xgene_rtc_ops;
+
+ ret = rtc_register_device(pdata->rtc);
+ if (ret) {
+ clk_disable_unprepare(pdata->clk);
+ return ret;
+ }
return 0;
}
--
2.20.1
^ permalink raw reply related [flat|nested] 429+ messages in thread
* [PATCH 5.1 256/405] spi: Add missing error handling for CS GPIOs
2019-05-30 2:59 [PATCH 5.1 000/405] 5.1.6-stable review Greg Kroah-Hartman
` (254 preceding siblings ...)
2019-05-30 3:04 ` [PATCH 5.1 255/405] rtc: xgene: fix possible race condition Greg Kroah-Hartman
@ 2019-05-30 3:04 ` Greg Kroah-Hartman
2019-05-30 3:04 ` [PATCH 5.1 257/405] rtlwifi: fix potential NULL pointer dereference Greg Kroah-Hartman
` (153 subsequent siblings)
409 siblings, 0 replies; 429+ messages in thread
From: Greg Kroah-Hartman @ 2019-05-30 3:04 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Geert Uytterhoeven, Mark Brown, Sasha Levin
[ Upstream commit 1723fdec5fcbc4de3d26bbb23a9e1704ee258955 ]
While devm_gpiod_get_index_optional() returns NULL if the GPIO is not
present (i.e. -ENOENT), it may still return other error codes, like
-EPROBE_DEFER. Currently these are not handled, leading to
unrecoverable failures later in case of probe deferral:
gpiod_set_consumer_name: invalid GPIO (errorpointer)
gpiod_direction_output: invalid GPIO (errorpointer)
gpiod_set_value_cansleep: invalid GPIO (errorpointer)
gpiod_set_value_cansleep: invalid GPIO (errorpointer)
gpiod_set_value_cansleep: invalid GPIO (errorpointer)
Detect and propagate errors to fix this.
Fixes: f3186dd876697e69 ("spi: Optionally use GPIO descriptors for CS GPIOs")
Signed-off-by: Geert Uytterhoeven <geert+renesas@glider.be>
Signed-off-by: Mark Brown <broonie@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/spi/spi.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/drivers/spi/spi.c b/drivers/spi/spi.c
index d17f68775a4bb..e3f2e15b75ad4 100644
--- a/drivers/spi/spi.c
+++ b/drivers/spi/spi.c
@@ -2195,6 +2195,8 @@ static int spi_get_gpio_descs(struct spi_controller *ctlr)
*/
cs[i] = devm_gpiod_get_index_optional(dev, "cs", i,
GPIOD_OUT_LOW);
+ if (IS_ERR(cs[i]))
+ return PTR_ERR(cs[i]);
if (cs[i]) {
/*
--
2.20.1
^ permalink raw reply related [flat|nested] 429+ messages in thread
* [PATCH 5.1 257/405] rtlwifi: fix potential NULL pointer dereference
2019-05-30 2:59 [PATCH 5.1 000/405] 5.1.6-stable review Greg Kroah-Hartman
` (255 preceding siblings ...)
2019-05-30 3:04 ` [PATCH 5.1 256/405] spi: Add missing error handling for CS GPIOs Greg Kroah-Hartman
@ 2019-05-30 3:04 ` Greg Kroah-Hartman
2019-05-30 3:04 ` [PATCH 5.1 258/405] scsi: ufs: Fix regulator load and icc-level configuration Greg Kroah-Hartman
` (152 subsequent siblings)
409 siblings, 0 replies; 429+ messages in thread
From: Greg Kroah-Hartman @ 2019-05-30 3:04 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Ping-Ke Shih, Kalle Valo, Sasha Levin
[ Upstream commit 60209d482b97743915883d293c8b85226d230c19 ]
In case dev_alloc_skb fails, the fix safely returns to avoid
potential NULL pointer dereference.
Signed-off-by: Ping-Ke Shih <pkshih@realtek.com>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/wireless/realtek/rtlwifi/rtl8188ee/fw.c | 2 ++
drivers/net/wireless/realtek/rtlwifi/rtl8192c/fw_common.c | 2 ++
drivers/net/wireless/realtek/rtlwifi/rtl8192ee/fw.c | 2 ++
drivers/net/wireless/realtek/rtlwifi/rtl8723ae/fw.c | 2 ++
drivers/net/wireless/realtek/rtlwifi/rtl8723be/fw.c | 2 ++
drivers/net/wireless/realtek/rtlwifi/rtl8821ae/fw.c | 4 ++++
6 files changed, 14 insertions(+)
diff --git a/drivers/net/wireless/realtek/rtlwifi/rtl8188ee/fw.c b/drivers/net/wireless/realtek/rtlwifi/rtl8188ee/fw.c
index 203e7b574e845..e2e0bfbc24fe2 100644
--- a/drivers/net/wireless/realtek/rtlwifi/rtl8188ee/fw.c
+++ b/drivers/net/wireless/realtek/rtlwifi/rtl8188ee/fw.c
@@ -600,6 +600,8 @@ void rtl88e_set_fw_rsvdpagepkt(struct ieee80211_hw *hw, bool b_dl_finished)
u1rsvdpageloc, 3);
skb = dev_alloc_skb(totalpacketlen);
+ if (!skb)
+ return;
skb_put_data(skb, &reserved_page_packet, totalpacketlen);
rtstatus = rtl_cmd_send_packet(hw, skb);
diff --git a/drivers/net/wireless/realtek/rtlwifi/rtl8192c/fw_common.c b/drivers/net/wireless/realtek/rtlwifi/rtl8192c/fw_common.c
index 18c76990a0898..86b1b88cc4ed8 100644
--- a/drivers/net/wireless/realtek/rtlwifi/rtl8192c/fw_common.c
+++ b/drivers/net/wireless/realtek/rtlwifi/rtl8192c/fw_common.c
@@ -623,6 +623,8 @@ void rtl92c_set_fw_rsvdpagepkt(struct ieee80211_hw *hw,
u1rsvdpageloc, 3);
skb = dev_alloc_skb(totalpacketlen);
+ if (!skb)
+ return;
skb_put_data(skb, &reserved_page_packet, totalpacketlen);
if (cmd_send_packet)
diff --git a/drivers/net/wireless/realtek/rtlwifi/rtl8192ee/fw.c b/drivers/net/wireless/realtek/rtlwifi/rtl8192ee/fw.c
index 7c5b54b71a92f..67305ce915ec4 100644
--- a/drivers/net/wireless/realtek/rtlwifi/rtl8192ee/fw.c
+++ b/drivers/net/wireless/realtek/rtlwifi/rtl8192ee/fw.c
@@ -744,6 +744,8 @@ void rtl92ee_set_fw_rsvdpagepkt(struct ieee80211_hw *hw, bool b_dl_finished)
u1rsvdpageloc, 3);
skb = dev_alloc_skb(totalpacketlen);
+ if (!skb)
+ return;
skb_put_data(skb, &reserved_page_packet, totalpacketlen);
rtstatus = rtl_cmd_send_packet(hw, skb);
diff --git a/drivers/net/wireless/realtek/rtlwifi/rtl8723ae/fw.c b/drivers/net/wireless/realtek/rtlwifi/rtl8723ae/fw.c
index be451a6f7dbe5..33481232fad01 100644
--- a/drivers/net/wireless/realtek/rtlwifi/rtl8723ae/fw.c
+++ b/drivers/net/wireless/realtek/rtlwifi/rtl8723ae/fw.c
@@ -448,6 +448,8 @@ void rtl8723e_set_fw_rsvdpagepkt(struct ieee80211_hw *hw, bool b_dl_finished)
u1rsvdpageloc, 3);
skb = dev_alloc_skb(totalpacketlen);
+ if (!skb)
+ return;
skb_put_data(skb, &reserved_page_packet, totalpacketlen);
rtstatus = rtl_cmd_send_packet(hw, skb);
diff --git a/drivers/net/wireless/realtek/rtlwifi/rtl8723be/fw.c b/drivers/net/wireless/realtek/rtlwifi/rtl8723be/fw.c
index 4d7fa27f55caa..aa56058af56ef 100644
--- a/drivers/net/wireless/realtek/rtlwifi/rtl8723be/fw.c
+++ b/drivers/net/wireless/realtek/rtlwifi/rtl8723be/fw.c
@@ -562,6 +562,8 @@ void rtl8723be_set_fw_rsvdpagepkt(struct ieee80211_hw *hw,
u1rsvdpageloc, sizeof(u1rsvdpageloc));
skb = dev_alloc_skb(totalpacketlen);
+ if (!skb)
+ return;
skb_put_data(skb, &reserved_page_packet, totalpacketlen);
rtstatus = rtl_cmd_send_packet(hw, skb);
diff --git a/drivers/net/wireless/realtek/rtlwifi/rtl8821ae/fw.c b/drivers/net/wireless/realtek/rtlwifi/rtl8821ae/fw.c
index dc0eb692088f6..fe32d397d2875 100644
--- a/drivers/net/wireless/realtek/rtlwifi/rtl8821ae/fw.c
+++ b/drivers/net/wireless/realtek/rtlwifi/rtl8821ae/fw.c
@@ -1623,6 +1623,8 @@ void rtl8812ae_set_fw_rsvdpagepkt(struct ieee80211_hw *hw,
&reserved_page_packet_8812[0], totalpacketlen);
skb = dev_alloc_skb(totalpacketlen);
+ if (!skb)
+ return;
skb_put_data(skb, &reserved_page_packet_8812, totalpacketlen);
rtstatus = rtl_cmd_send_packet(hw, skb);
@@ -1759,6 +1761,8 @@ void rtl8821ae_set_fw_rsvdpagepkt(struct ieee80211_hw *hw,
&reserved_page_packet_8821[0], totalpacketlen);
skb = dev_alloc_skb(totalpacketlen);
+ if (!skb)
+ return;
skb_put_data(skb, &reserved_page_packet_8821, totalpacketlen);
rtstatus = rtl_cmd_send_packet(hw, skb);
--
2.20.1
^ permalink raw reply related [flat|nested] 429+ messages in thread
* [PATCH 5.1 258/405] scsi: ufs: Fix regulator load and icc-level configuration
2019-05-30 2:59 [PATCH 5.1 000/405] 5.1.6-stable review Greg Kroah-Hartman
` (256 preceding siblings ...)
2019-05-30 3:04 ` [PATCH 5.1 257/405] rtlwifi: fix potential NULL pointer dereference Greg Kroah-Hartman
@ 2019-05-30 3:04 ` Greg Kroah-Hartman
2019-05-30 3:04 ` [PATCH 5.1 259/405] scsi: ufs: Avoid configuring regulator with undefined voltage range Greg Kroah-Hartman
` (151 subsequent siblings)
409 siblings, 0 replies; 429+ messages in thread
From: Greg Kroah-Hartman @ 2019-05-30 3:04 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Stanley Chu, Avri Altman,
Alim Akhtar, Martin K. Petersen, Sasha Levin
[ Upstream commit 0487fff76632ec023d394a05b82e87a971db8c03 ]
Currently if a regulator has "<name>-fixed-regulator" property in device
tree, it will skip current limit initialization. This lead to a zero
"max_uA" value in struct ufs_vreg.
However, "regulator_set_load" operation shall be required on regulators
which have valid current limits, otherwise a zero "max_uA" set by
"regulator_set_load" may cause unexpected behavior when this regulator is
enabled or set as high power mode.
Similarly, in device's icc_level configuration flow, the target icc_level
shall be updated if regulator also has valid current limit, otherwise a
wrong icc_level will be calculated by zero "max_uA" and thus causes
unexpected results after it is written to device.
Signed-off-by: Stanley Chu <stanley.chu@mediatek.com>
Reviewed-by: Avri Altman <avri.altman@wdc.com>
Acked-by: Alim Akhtar <alim.akhtar@samsung.com>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/scsi/ufs/ufshcd.c | 15 ++++++++++++---
1 file changed, 12 insertions(+), 3 deletions(-)
diff --git a/drivers/scsi/ufs/ufshcd.c b/drivers/scsi/ufs/ufshcd.c
index e040f9dd9ff32..58e0bd1dac9b4 100644
--- a/drivers/scsi/ufs/ufshcd.c
+++ b/drivers/scsi/ufs/ufshcd.c
@@ -6294,19 +6294,19 @@ static u32 ufshcd_find_max_sup_active_icc_level(struct ufs_hba *hba,
goto out;
}
- if (hba->vreg_info.vcc)
+ if (hba->vreg_info.vcc && hba->vreg_info.vcc->max_uA)
icc_level = ufshcd_get_max_icc_level(
hba->vreg_info.vcc->max_uA,
POWER_DESC_MAX_ACTV_ICC_LVLS - 1,
&desc_buf[PWR_DESC_ACTIVE_LVLS_VCC_0]);
- if (hba->vreg_info.vccq)
+ if (hba->vreg_info.vccq && hba->vreg_info.vccq->max_uA)
icc_level = ufshcd_get_max_icc_level(
hba->vreg_info.vccq->max_uA,
icc_level,
&desc_buf[PWR_DESC_ACTIVE_LVLS_VCCQ_0]);
- if (hba->vreg_info.vccq2)
+ if (hba->vreg_info.vccq2 && hba->vreg_info.vccq2->max_uA)
icc_level = ufshcd_get_max_icc_level(
hba->vreg_info.vccq2->max_uA,
icc_level,
@@ -7004,6 +7004,15 @@ static int ufshcd_config_vreg_load(struct device *dev, struct ufs_vreg *vreg,
if (!vreg)
return 0;
+ /*
+ * "set_load" operation shall be required on those regulators
+ * which specifically configured current limitation. Otherwise
+ * zero max_uA may cause unexpected behavior when regulator is
+ * enabled or set as high power mode.
+ */
+ if (!vreg->max_uA)
+ return 0;
+
ret = regulator_set_load(vreg->reg, ua);
if (ret < 0) {
dev_err(dev, "%s: %s set load (ua=%d) failed, err=%d\n",
--
2.20.1
^ permalink raw reply related [flat|nested] 429+ messages in thread
* [PATCH 5.1 259/405] scsi: ufs: Avoid configuring regulator with undefined voltage range
2019-05-30 2:59 [PATCH 5.1 000/405] 5.1.6-stable review Greg Kroah-Hartman
` (257 preceding siblings ...)
2019-05-30 3:04 ` [PATCH 5.1 258/405] scsi: ufs: Fix regulator load and icc-level configuration Greg Kroah-Hartman
@ 2019-05-30 3:04 ` Greg Kroah-Hartman
2019-05-30 3:04 ` [PATCH 5.1 260/405] drm/panel: otm8009a: Add delay at the end of initialization Greg Kroah-Hartman
` (150 subsequent siblings)
409 siblings, 0 replies; 429+ messages in thread
From: Greg Kroah-Hartman @ 2019-05-30 3:04 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Stanley Chu, Avri Altman,
Alim Akhtar, Martin K. Petersen, Sasha Levin
[ Upstream commit 3b141e8cfd54ba3e5c610717295b2a02aab26a05 ]
For regulators used by UFS, vcc, vccq and vccq2 will have voltage range
initialized by ufshcd_populate_vreg(), however other regulators may have
undefined voltage range if dt-bindings have no such definition.
In above undefined case, both "min_uV" and "max_uV" fields in ufs_vreg
struct will be zero values and these values will be configured on
regulators in different power modes.
Currently this may have no harm if both "min_uV" and "max_uV" always keep
"zero values" because regulator_set_voltage() will always bypass such
invalid values and return "good" results.
However improper values shall be fixed to avoid potential bugs. Simply
bypass voltage configuration if voltage range is not defined.
Signed-off-by: Stanley Chu <stanley.chu@mediatek.com>
Reviewed-by: Avri Altman <avri.altman@wdc.com>
Acked-by: Alim Akhtar <alim.akhtar@samsung.com>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/scsi/ufs/ufshcd.c | 13 ++++++++-----
1 file changed, 8 insertions(+), 5 deletions(-)
diff --git a/drivers/scsi/ufs/ufshcd.c b/drivers/scsi/ufs/ufshcd.c
index 58e0bd1dac9b4..5ba49c8cd2a36 100644
--- a/drivers/scsi/ufs/ufshcd.c
+++ b/drivers/scsi/ufs/ufshcd.c
@@ -7048,12 +7048,15 @@ static int ufshcd_config_vreg(struct device *dev,
name = vreg->name;
if (regulator_count_voltages(reg) > 0) {
- min_uV = on ? vreg->min_uV : 0;
- ret = regulator_set_voltage(reg, min_uV, vreg->max_uV);
- if (ret) {
- dev_err(dev, "%s: %s set voltage failed, err=%d\n",
+ if (vreg->min_uV && vreg->max_uV) {
+ min_uV = on ? vreg->min_uV : 0;
+ ret = regulator_set_voltage(reg, min_uV, vreg->max_uV);
+ if (ret) {
+ dev_err(dev,
+ "%s: %s set voltage failed, err=%d\n",
__func__, name, ret);
- goto out;
+ goto out;
+ }
}
uA_load = on ? vreg->max_uA : 0;
--
2.20.1
^ permalink raw reply related [flat|nested] 429+ messages in thread
* [PATCH 5.1 260/405] drm/panel: otm8009a: Add delay at the end of initialization
2019-05-30 2:59 [PATCH 5.1 000/405] 5.1.6-stable review Greg Kroah-Hartman
` (258 preceding siblings ...)
2019-05-30 3:04 ` [PATCH 5.1 259/405] scsi: ufs: Avoid configuring regulator with undefined voltage range Greg Kroah-Hartman
@ 2019-05-30 3:04 ` Greg Kroah-Hartman
2019-05-30 3:04 ` [PATCH 5.1 261/405] drm/amd/display: Prevent cursor hotspot overflow for RV overlay planes Greg Kroah-Hartman
` (149 subsequent siblings)
409 siblings, 0 replies; 429+ messages in thread
From: Greg Kroah-Hartman @ 2019-05-30 3:04 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Yannick Fertré,
Philippe Cornu, Thierry Reding, Sasha Levin
[ Upstream commit 0084c3c71126fc878c6dab8a6ab8ecc484c2be02 ]
At the end of initialization, a delay is required by the panel. Without
this delay, the panel could received a frame early & generate a crash of
panel (black screen).
Signed-off-by: Yannick Fertré <yannick.fertre@st.com>
Reviewed-by: Philippe Cornu <philippe.cornu@st.com>
Tested-by: Philippe Cornu <philippe.cornu@st.com>
Signed-off-by: Thierry Reding <treding@nvidia.com>
Link: https://patchwork.freedesktop.org/patch/msgid/1553155445-13407-1-git-send-email-yannick.fertre@st.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/gpu/drm/panel/panel-orisetech-otm8009a.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/drivers/gpu/drm/panel/panel-orisetech-otm8009a.c b/drivers/gpu/drm/panel/panel-orisetech-otm8009a.c
index 87fa316e1d7b0..58ccf648b70fb 100644
--- a/drivers/gpu/drm/panel/panel-orisetech-otm8009a.c
+++ b/drivers/gpu/drm/panel/panel-orisetech-otm8009a.c
@@ -248,6 +248,9 @@ static int otm8009a_init_sequence(struct otm8009a *ctx)
/* Send Command GRAM memory write (no parameters) */
dcs_write_seq(ctx, MIPI_DCS_WRITE_MEMORY_START);
+ /* Wait a short while to let the panel be ready before the 1st frame */
+ mdelay(10);
+
return 0;
}
--
2.20.1
^ permalink raw reply related [flat|nested] 429+ messages in thread
* [PATCH 5.1 261/405] drm/amd/display: Prevent cursor hotspot overflow for RV overlay planes
2019-05-30 2:59 [PATCH 5.1 000/405] 5.1.6-stable review Greg Kroah-Hartman
` (259 preceding siblings ...)
2019-05-30 3:04 ` [PATCH 5.1 260/405] drm/panel: otm8009a: Add delay at the end of initialization Greg Kroah-Hartman
@ 2019-05-30 3:04 ` Greg Kroah-Hartman
2019-05-30 3:04 ` Greg Kroah-Hartman
` (148 subsequent siblings)
409 siblings, 0 replies; 429+ messages in thread
From: Greg Kroah-Hartman @ 2019-05-30 3:04 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Nicholas Kazlauskas, Sun peng Li,
Bhawanpreet Lakha, Alex Deucher, Sasha Levin
[ Upstream commit 6752bea8b03e77c98be7d8d25b0a9d86a00b3cf7 ]
[Why]
The actual position for the cursor on the screen is essentially:
x_out = x - x_plane - x_hotspot
y_out = y - y_plane - y_hotspot
The register values for cursor position and cursor hotspot need to be
greater than zero when programmed, but we also need to subtract off
the plane position to display the cursor at the correct position.
Since we don't want x or y to be less than zero, we add the plane
position as a positive value to x_hotspot or y_hotspot. However, what
this doesn't take into account is that the hotspot registers are limited
by the maximum cursor size.
On DCN10 the cursor hotspot regitsers are masked to 0xFF, so they have
a maximum value of 0-255. Values greater this will wrap, causing the
cursor to display in the wrong position.
In practice this means that for sufficiently large plane positions, the
cursor will be drawn twice on the screen, and can cause screen flashes
or p-state WARNS depending on what the wrapped value is.
So we need a way to remove the value from x_plane and y_plane without
exceeding the maximum cursor size.
[How]
Subtract as much as x_plane/y_plane as possible from x and y and place
the remainder in the cursor hotspot register.
The value for x_hotspot and y_hotspot can still wrap around but it
won't happen in a case where the cursor is actually enabled.
The cursor plane needs to intersect at least one pixel of the plane's
rectangle to be enabled, so the cursor position + hotspot provided by
userspace must always be strictly less than the maximum cursor size for
the cursor to actually be enabled.
Signed-off-by: Nicholas Kazlauskas <nicholas.kazlauskas@amd.com>
Reviewed-by: Sun peng Li <Sunpeng.Li@amd.com>
Acked-by: Bhawanpreet Lakha <Bhawanpreet.Lakha@amd.com>
Signed-off-by: Alex Deucher <alexander.deucher@amd.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
.../drm/amd/display/dc/dcn10/dcn10_hw_sequencer.c | 12 +++++++++---
1 file changed, 9 insertions(+), 3 deletions(-)
diff --git a/drivers/gpu/drm/amd/display/dc/dcn10/dcn10_hw_sequencer.c b/drivers/gpu/drm/amd/display/dc/dcn10/dcn10_hw_sequencer.c
index d1a8f1c302a96..401ea9561618e 100644
--- a/drivers/gpu/drm/amd/display/dc/dcn10/dcn10_hw_sequencer.c
+++ b/drivers/gpu/drm/amd/display/dc/dcn10/dcn10_hw_sequencer.c
@@ -2692,9 +2692,15 @@ static void dcn10_set_cursor_position(struct pipe_ctx *pipe_ctx)
.rotation = pipe_ctx->plane_state->rotation,
.mirror = pipe_ctx->plane_state->horizontal_mirror
};
-
- pos_cpy.x_hotspot += pipe_ctx->plane_state->dst_rect.x;
- pos_cpy.y_hotspot += pipe_ctx->plane_state->dst_rect.y;
+ uint32_t x_plane = pipe_ctx->plane_state->dst_rect.x;
+ uint32_t y_plane = pipe_ctx->plane_state->dst_rect.y;
+ uint32_t x_offset = min(x_plane, pos_cpy.x);
+ uint32_t y_offset = min(y_plane, pos_cpy.y);
+
+ pos_cpy.x -= x_offset;
+ pos_cpy.y -= y_offset;
+ pos_cpy.x_hotspot += (x_plane - x_offset);
+ pos_cpy.y_hotspot += (y_plane - y_offset);
if (pipe_ctx->plane_state->address.type
== PLN_ADDR_TYPE_VIDEO_PROGRESSIVE)
--
2.20.1
^ permalink raw reply related [flat|nested] 429+ messages in thread
* [PATCH 5.1 262/405] arm64: cpu_ops: fix a leaked reference by adding missing of_node_put
2019-05-30 2:59 [PATCH 5.1 000/405] 5.1.6-stable review Greg Kroah-Hartman
@ 2019-05-30 3:04 ` Greg Kroah-Hartman
2019-05-30 3:00 ` [PATCH 5.1 002/405] ext4: do not delete unlinked inode from orphan list on failed truncate Greg Kroah-Hartman
` (408 subsequent siblings)
409 siblings, 0 replies; 429+ messages in thread
From: Greg Kroah-Hartman @ 2019-05-30 3:04 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Wen Yang, Florian Fainelli,
Catalin Marinas, Will Deacon, linux-arm-kernel, Sasha Levin
[ Upstream commit 92606ec9285fb84cd9b5943df23f07d741384bfc ]
The call to of_get_next_child returns a node pointer with refcount
incremented thus it must be explicitly decremented after the last
usage.
Detected by coccinelle with the following warnings:
./arch/arm64/kernel/cpu_ops.c:102:1-7: ERROR: missing of_node_put;
acquired a node pointer with refcount incremented on line 69, but
without a corresponding object release within this function.
Signed-off-by: Wen Yang <wen.yang99@zte.com.cn>
Reviewed-by: Florian Fainelli <f.fainelli@gmail.com>
Cc: Catalin Marinas <catalin.marinas@arm.com>
Cc: Will Deacon <will.deacon@arm.com>
Cc: linux-arm-kernel@lists.infradead.org
Cc: linux-kernel@vger.kernel.org
Signed-off-by: Will Deacon <will.deacon@arm.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/arm64/kernel/cpu_ops.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/arch/arm64/kernel/cpu_ops.c b/arch/arm64/kernel/cpu_ops.c
index ea001241bdd47..00f8b8612b69f 100644
--- a/arch/arm64/kernel/cpu_ops.c
+++ b/arch/arm64/kernel/cpu_ops.c
@@ -85,6 +85,7 @@ static const char *__init cpu_read_enable_method(int cpu)
pr_err("%pOF: missing enable-method property\n",
dn);
}
+ of_node_put(dn);
} else {
enable_method = acpi_get_enable_method(cpu);
if (!enable_method) {
--
2.20.1
^ permalink raw reply related [flat|nested] 429+ messages in thread
* [PATCH 5.1 262/405] arm64: cpu_ops: fix a leaked reference by adding missing of_node_put
@ 2019-05-30 3:04 ` Greg Kroah-Hartman
0 siblings, 0 replies; 429+ messages in thread
From: Greg Kroah-Hartman @ 2019-05-30 3:04 UTC (permalink / raw)
To: linux-kernel
Cc: Sasha Levin, Florian Fainelli, Greg Kroah-Hartman, Will Deacon,
stable, Catalin Marinas, Wen Yang, linux-arm-kernel
[ Upstream commit 92606ec9285fb84cd9b5943df23f07d741384bfc ]
The call to of_get_next_child returns a node pointer with refcount
incremented thus it must be explicitly decremented after the last
usage.
Detected by coccinelle with the following warnings:
./arch/arm64/kernel/cpu_ops.c:102:1-7: ERROR: missing of_node_put;
acquired a node pointer with refcount incremented on line 69, but
without a corresponding object release within this function.
Signed-off-by: Wen Yang <wen.yang99@zte.com.cn>
Reviewed-by: Florian Fainelli <f.fainelli@gmail.com>
Cc: Catalin Marinas <catalin.marinas@arm.com>
Cc: Will Deacon <will.deacon@arm.com>
Cc: linux-arm-kernel@lists.infradead.org
Cc: linux-kernel@vger.kernel.org
Signed-off-by: Will Deacon <will.deacon@arm.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/arm64/kernel/cpu_ops.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/arch/arm64/kernel/cpu_ops.c b/arch/arm64/kernel/cpu_ops.c
index ea001241bdd47..00f8b8612b69f 100644
--- a/arch/arm64/kernel/cpu_ops.c
+++ b/arch/arm64/kernel/cpu_ops.c
@@ -85,6 +85,7 @@ static const char *__init cpu_read_enable_method(int cpu)
pr_err("%pOF: missing enable-method property\n",
dn);
}
+ of_node_put(dn);
} else {
enable_method = acpi_get_enable_method(cpu);
if (!enable_method) {
--
2.20.1
_______________________________________________
linux-arm-kernel mailing list
linux-arm-kernel@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/linux-arm-kernel
^ permalink raw reply related [flat|nested] 429+ messages in thread
* [PATCH 5.1 263/405] locking/static_key: Fix false positive warnings on concurrent dec/inc
2019-05-30 2:59 [PATCH 5.1 000/405] 5.1.6-stable review Greg Kroah-Hartman
` (261 preceding siblings ...)
2019-05-30 3:04 ` Greg Kroah-Hartman
@ 2019-05-30 3:04 ` Greg Kroah-Hartman
2019-05-30 3:04 ` [PATCH 5.1 264/405] wil6210: fix return code of wmi_mgmt_tx and wmi_mgmt_tx_ext Greg Kroah-Hartman
` (146 subsequent siblings)
409 siblings, 0 replies; 429+ messages in thread
From: Greg Kroah-Hartman @ 2019-05-30 3:04 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Jakub Kicinski,
Peter Zijlstra (Intel),
Andrew Morton, Linus Torvalds, Paul E. McKenney, Thomas Gleixner,
Will Deacon, ard.biesheuvel, oss-drivers, pbonzini, Ingo Molnar,
Sasha Levin
[ Upstream commit a1247d06d01045d7ab2882a9c074fbf21137c690 ]
Even though the atomic_dec_and_mutex_lock() in
__static_key_slow_dec_cpuslocked() can never see a negative value in
key->enabled the subsequent sanity check is re-reading key->enabled, which may
have been set to -1 in the meantime by static_key_slow_inc_cpuslocked().
CPU A CPU B
__static_key_slow_dec_cpuslocked(): static_key_slow_inc_cpuslocked():
# enabled = 1
atomic_dec_and_mutex_lock()
# enabled = 0
atomic_read() == 0
atomic_set(-1)
# enabled = -1
val = atomic_read()
# Oops - val == -1!
The test case is TCP's clean_acked_data_enable() / clean_acked_data_disable()
as tickled by KTLS (net/ktls).
Suggested-by: Jakub Kicinski <jakub.kicinski@netronome.com>
Reported-by: Jakub Kicinski <jakub.kicinski@netronome.com>
Tested-by: Jakub Kicinski <jakub.kicinski@netronome.com>
Signed-off-by: Peter Zijlstra (Intel) <peterz@infradead.org>
Cc: Andrew Morton <akpm@linux-foundation.org>
Cc: Linus Torvalds <torvalds@linux-foundation.org>
Cc: Paul E. McKenney <paulmck@linux.vnet.ibm.com>
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: Thomas Gleixner <tglx@linutronix.de>
Cc: Will Deacon <will.deacon@arm.com>
Cc: ard.biesheuvel@linaro.org
Cc: oss-drivers@netronome.com
Cc: pbonzini@redhat.com
Signed-off-by: Ingo Molnar <mingo@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
kernel/jump_label.c | 21 +++++++++++++--------
1 file changed, 13 insertions(+), 8 deletions(-)
diff --git a/kernel/jump_label.c b/kernel/jump_label.c
index bad96b476eb6e..a799b1ac6b2fe 100644
--- a/kernel/jump_label.c
+++ b/kernel/jump_label.c
@@ -206,6 +206,8 @@ static void __static_key_slow_dec_cpuslocked(struct static_key *key,
unsigned long rate_limit,
struct delayed_work *work)
{
+ int val;
+
lockdep_assert_cpus_held();
/*
@@ -215,17 +217,20 @@ static void __static_key_slow_dec_cpuslocked(struct static_key *key,
* returns is unbalanced, because all other static_key_slow_inc()
* instances block while the update is in progress.
*/
- if (!atomic_dec_and_mutex_lock(&key->enabled, &jump_label_mutex)) {
- WARN(atomic_read(&key->enabled) < 0,
- "jump label: negative count!\n");
+ val = atomic_fetch_add_unless(&key->enabled, -1, 1);
+ if (val != 1) {
+ WARN(val < 0, "jump label: negative count!\n");
return;
}
- if (rate_limit) {
- atomic_inc(&key->enabled);
- schedule_delayed_work(work, rate_limit);
- } else {
- jump_label_update(key);
+ jump_label_lock();
+ if (atomic_dec_and_test(&key->enabled)) {
+ if (rate_limit) {
+ atomic_inc(&key->enabled);
+ schedule_delayed_work(work, rate_limit);
+ } else {
+ jump_label_update(key);
+ }
}
jump_label_unlock();
}
--
2.20.1
^ permalink raw reply related [flat|nested] 429+ messages in thread
* [PATCH 5.1 264/405] wil6210: fix return code of wmi_mgmt_tx and wmi_mgmt_tx_ext
2019-05-30 2:59 [PATCH 5.1 000/405] 5.1.6-stable review Greg Kroah-Hartman
` (262 preceding siblings ...)
2019-05-30 3:04 ` [PATCH 5.1 263/405] locking/static_key: Fix false positive warnings on concurrent dec/inc Greg Kroah-Hartman
@ 2019-05-30 3:04 ` Greg Kroah-Hartman
2019-05-30 3:04 ` [PATCH 5.1 265/405] x86/uaccess, ftrace: Fix ftrace_likely_update() vs. SMAP Greg Kroah-Hartman
` (145 subsequent siblings)
409 siblings, 0 replies; 429+ messages in thread
From: Greg Kroah-Hartman @ 2019-05-30 3:04 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Lior David, Maya Erez, Kalle Valo,
Sasha Levin
[ Upstream commit 49122ec42634f73babb1dc96f170023e5228d080 ]
The functions that send management TX frame have 3 possible
results: success and other side acknowledged receive (ACK=1),
success and other side did not acknowledge receive(ACK=0) and
failure to send the frame. The current implementation
incorrectly reports the ACK=0 case as failure.
Signed-off-by: Lior David <liord@codeaurora.org>
Signed-off-by: Maya Erez <merez@codeaurora.org>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/wireless/ath/wil6210/cfg80211.c | 5 +++++
drivers/net/wireless/ath/wil6210/wmi.c | 11 ++++++-----
2 files changed, 11 insertions(+), 5 deletions(-)
diff --git a/drivers/net/wireless/ath/wil6210/cfg80211.c b/drivers/net/wireless/ath/wil6210/cfg80211.c
index a1e226652b4ab..692730415d781 100644
--- a/drivers/net/wireless/ath/wil6210/cfg80211.c
+++ b/drivers/net/wireless/ath/wil6210/cfg80211.c
@@ -1274,7 +1274,12 @@ int wil_cfg80211_mgmt_tx(struct wiphy *wiphy, struct wireless_dev *wdev,
params->wait);
out:
+ /* when the sent packet was not acked by receiver(ACK=0), rc will
+ * be -EAGAIN. In this case this function needs to return success,
+ * the ACK=0 will be reflected in tx_status.
+ */
tx_status = (rc == 0);
+ rc = (rc == -EAGAIN) ? 0 : rc;
cfg80211_mgmt_tx_status(wdev, cookie ? *cookie : 0, buf, len,
tx_status, GFP_KERNEL);
diff --git a/drivers/net/wireless/ath/wil6210/wmi.c b/drivers/net/wireless/ath/wil6210/wmi.c
index bda4a9712f91f..63116f4b62c7f 100644
--- a/drivers/net/wireless/ath/wil6210/wmi.c
+++ b/drivers/net/wireless/ath/wil6210/wmi.c
@@ -3502,8 +3502,9 @@ int wmi_mgmt_tx(struct wil6210_vif *vif, const u8 *buf, size_t len)
rc = wmi_call(wil, WMI_SW_TX_REQ_CMDID, vif->mid, cmd, total,
WMI_SW_TX_COMPLETE_EVENTID, &evt, sizeof(evt), 2000);
if (!rc && evt.evt.status != WMI_FW_STATUS_SUCCESS) {
- wil_err(wil, "mgmt_tx failed with status %d\n", evt.evt.status);
- rc = -EINVAL;
+ wil_dbg_wmi(wil, "mgmt_tx failed with status %d\n",
+ evt.evt.status);
+ rc = -EAGAIN;
}
kfree(cmd);
@@ -3555,9 +3556,9 @@ int wmi_mgmt_tx_ext(struct wil6210_vif *vif, const u8 *buf, size_t len,
rc = wmi_call(wil, WMI_SW_TX_REQ_EXT_CMDID, vif->mid, cmd, total,
WMI_SW_TX_COMPLETE_EVENTID, &evt, sizeof(evt), 2000);
if (!rc && evt.evt.status != WMI_FW_STATUS_SUCCESS) {
- wil_err(wil, "mgmt_tx_ext failed with status %d\n",
- evt.evt.status);
- rc = -EINVAL;
+ wil_dbg_wmi(wil, "mgmt_tx_ext failed with status %d\n",
+ evt.evt.status);
+ rc = -EAGAIN;
}
kfree(cmd);
--
2.20.1
^ permalink raw reply related [flat|nested] 429+ messages in thread
* [PATCH 5.1 265/405] x86/uaccess, ftrace: Fix ftrace_likely_update() vs. SMAP
2019-05-30 2:59 [PATCH 5.1 000/405] 5.1.6-stable review Greg Kroah-Hartman
` (263 preceding siblings ...)
2019-05-30 3:04 ` [PATCH 5.1 264/405] wil6210: fix return code of wmi_mgmt_tx and wmi_mgmt_tx_ext Greg Kroah-Hartman
@ 2019-05-30 3:04 ` Greg Kroah-Hartman
2019-05-30 3:04 ` [PATCH 5.1 266/405] iwlwifi: mvm: IBSS: use BE FIFO for multicast Greg Kroah-Hartman
` (144 subsequent siblings)
409 siblings, 0 replies; 429+ messages in thread
From: Greg Kroah-Hartman @ 2019-05-30 3:04 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Peter Zijlstra (Intel),
Borislav Petkov, Josh Poimboeuf, Linus Torvalds, Steven Rostedt,
Thomas Gleixner, Ingo Molnar, Sasha Levin
[ Upstream commit 4a6c91fbdef846ec7250b82f2eeeb87ac5f18cf9 ]
For CONFIG_TRACE_BRANCH_PROFILING=y the likely/unlikely things get
overloaded and generate callouts to this code, and thus also when
AC=1.
Make it safe.
Signed-off-by: Peter Zijlstra (Intel) <peterz@infradead.org>
Cc: Borislav Petkov <bp@alien8.de>
Cc: Josh Poimboeuf <jpoimboe@redhat.com>
Cc: Linus Torvalds <torvalds@linux-foundation.org>
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: Steven Rostedt <rostedt@goodmis.org>
Cc: Thomas Gleixner <tglx@linutronix.de>
Signed-off-by: Ingo Molnar <mingo@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
kernel/trace/trace_branch.c | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/kernel/trace/trace_branch.c b/kernel/trace/trace_branch.c
index 4ad967453b6fb..3ea65cdff30d5 100644
--- a/kernel/trace/trace_branch.c
+++ b/kernel/trace/trace_branch.c
@@ -205,6 +205,8 @@ void trace_likely_condition(struct ftrace_likely_data *f, int val, int expect)
void ftrace_likely_update(struct ftrace_likely_data *f, int val,
int expect, int is_constant)
{
+ unsigned long flags = user_access_save();
+
/* A constant is always correct */
if (is_constant) {
f->constant++;
@@ -223,6 +225,8 @@ void ftrace_likely_update(struct ftrace_likely_data *f, int val,
f->data.correct++;
else
f->data.incorrect++;
+
+ user_access_restore(flags);
}
EXPORT_SYMBOL(ftrace_likely_update);
--
2.20.1
^ permalink raw reply related [flat|nested] 429+ messages in thread
* [PATCH 5.1 266/405] iwlwifi: mvm: IBSS: use BE FIFO for multicast
2019-05-30 2:59 [PATCH 5.1 000/405] 5.1.6-stable review Greg Kroah-Hartman
` (264 preceding siblings ...)
2019-05-30 3:04 ` [PATCH 5.1 265/405] x86/uaccess, ftrace: Fix ftrace_likely_update() vs. SMAP Greg Kroah-Hartman
@ 2019-05-30 3:04 ` Greg Kroah-Hartman
2019-05-30 3:04 ` [PATCH 5.1 267/405] x86/uaccess, signal: Fix AC=1 bloat Greg Kroah-Hartman
` (143 subsequent siblings)
409 siblings, 0 replies; 429+ messages in thread
From: Greg Kroah-Hartman @ 2019-05-30 3:04 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Johannes Berg, Luca Coelho, Sasha Levin
[ Upstream commit 192a7e1f731fd9a64216cce35287eb23360437f6 ]
Back in commit 4d339989acd7 ("iwlwifi: mvm: support ibss in dqa mode")
we changed queue selection for IBSS to be:
if (ieee80211_is_probe_resp(fc) || ieee80211_is_auth(fc) ||
ieee80211_is_deauth(fc))
return IWL_MVM_DQA_AP_PROBE_RESP_QUEUE;
if (info->hw_queue == info->control.vif->cab_queue)
return info->hw_queue;
return IWL_MVM_DQA_AP_PROBE_RESP_QUEUE;
Clearly, the thought at the time must've been that mac80211 will
select the hw_queue as the cab_queue, so that we'll return and use
that, where we store the multicast queue for IBSS. This, however,
isn't true because mac80211 doesn't implement powersave for IBSS
and thus selects the normal IBSS interface AC queue (best effort).
This therefore always used the probe response queue, which maps to
the BE FIFO.
In commit cfbc6c4c5b91 ("iwlwifi: mvm: support mac80211 TXQs model")
we rethought this code, and as a consequence now started mapping the
multicast traffic to the multicast hardware queue since we no longer
relied on mac80211 selecting the queue, doing it ourselves instead.
This queue is mapped to the MCAST FIFO. however, this isn't actually
enabled/controlled by the firmware in IBSS mode because we don't
implement powersave, and frames from this queue can never go out in
this case.
Therefore, we got queue hang reports such as
https://bugzilla.kernel.org/show_bug.cgi?id=201707
Fix this by mapping the multicast queue to the BE FIFO in IBSS so
that all the frames can go out.
Fixes: cfbc6c4c5b91 ("iwlwifi: mvm: support mac80211 TXQs model")
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: Luca Coelho <luciano.coelho@intel.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/wireless/intel/iwlwifi/mvm/sta.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/drivers/net/wireless/intel/iwlwifi/mvm/sta.c b/drivers/net/wireless/intel/iwlwifi/mvm/sta.c
index 98d123dd71778..eb452e9dce057 100644
--- a/drivers/net/wireless/intel/iwlwifi/mvm/sta.c
+++ b/drivers/net/wireless/intel/iwlwifi/mvm/sta.c
@@ -2277,7 +2277,8 @@ int iwl_mvm_add_mcast_sta(struct iwl_mvm *mvm, struct ieee80211_vif *vif)
static const u8 _maddr[] = {0x03, 0x00, 0x00, 0x00, 0x00, 0x00};
const u8 *maddr = _maddr;
struct iwl_trans_txq_scd_cfg cfg = {
- .fifo = IWL_MVM_TX_FIFO_MCAST,
+ .fifo = vif->type == NL80211_IFTYPE_AP ?
+ IWL_MVM_TX_FIFO_MCAST : IWL_MVM_TX_FIFO_BE,
.sta_id = msta->sta_id,
.tid = 0,
.aggregate = false,
--
2.20.1
^ permalink raw reply related [flat|nested] 429+ messages in thread
* [PATCH 5.1 267/405] x86/uaccess, signal: Fix AC=1 bloat
2019-05-30 2:59 [PATCH 5.1 000/405] 5.1.6-stable review Greg Kroah-Hartman
` (265 preceding siblings ...)
2019-05-30 3:04 ` [PATCH 5.1 266/405] iwlwifi: mvm: IBSS: use BE FIFO for multicast Greg Kroah-Hartman
@ 2019-05-30 3:04 ` Greg Kroah-Hartman
2019-05-30 3:04 ` [PATCH 5.1 268/405] x86/ia32: Fix ia32_restore_sigcontext() AC leak Greg Kroah-Hartman
` (142 subsequent siblings)
409 siblings, 0 replies; 429+ messages in thread
From: Greg Kroah-Hartman @ 2019-05-30 3:04 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Peter Zijlstra (Intel),
Andy Lutomirski, Borislav Petkov, Josh Poimboeuf, Linus Torvalds,
Thomas Gleixner, Ingo Molnar, Sasha Levin
[ Upstream commit 88e4718275c1bddca6f61f300688b4553dc8584b ]
Occasionally GCC is less agressive with inlining and the following is
observed:
arch/x86/kernel/signal.o: warning: objtool: restore_sigcontext()+0x3cc: call to force_valid_ss.isra.5() with UACCESS enabled
arch/x86/kernel/signal.o: warning: objtool: do_signal()+0x384: call to frame_uc_flags.isra.0() with UACCESS enabled
Cure this by moving this code out of the AC=1 region, since it really
isn't needed for the user access.
Signed-off-by: Peter Zijlstra (Intel) <peterz@infradead.org>
Reviewed-by: Andy Lutomirski <luto@kernel.org>
Cc: Borislav Petkov <bp@alien8.de>
Cc: Josh Poimboeuf <jpoimboe@redhat.com>
Cc: Linus Torvalds <torvalds@linux-foundation.org>
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: Thomas Gleixner <tglx@linutronix.de>
Signed-off-by: Ingo Molnar <mingo@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/x86/kernel/signal.c | 29 +++++++++++++++++------------
1 file changed, 17 insertions(+), 12 deletions(-)
diff --git a/arch/x86/kernel/signal.c b/arch/x86/kernel/signal.c
index 08dfd4c1a4f95..c8aa58a2bab97 100644
--- a/arch/x86/kernel/signal.c
+++ b/arch/x86/kernel/signal.c
@@ -132,16 +132,6 @@ static int restore_sigcontext(struct pt_regs *regs,
COPY_SEG_CPL3(cs);
COPY_SEG_CPL3(ss);
-#ifdef CONFIG_X86_64
- /*
- * Fix up SS if needed for the benefit of old DOSEMU and
- * CRIU.
- */
- if (unlikely(!(uc_flags & UC_STRICT_RESTORE_SS) &&
- user_64bit_mode(regs)))
- force_valid_ss(regs);
-#endif
-
get_user_ex(tmpflags, &sc->flags);
regs->flags = (regs->flags & ~FIX_EFLAGS) | (tmpflags & FIX_EFLAGS);
regs->orig_ax = -1; /* disable syscall checks */
@@ -150,6 +140,15 @@ static int restore_sigcontext(struct pt_regs *regs,
buf = (void __user *)buf_val;
} get_user_catch(err);
+#ifdef CONFIG_X86_64
+ /*
+ * Fix up SS if needed for the benefit of old DOSEMU and
+ * CRIU.
+ */
+ if (unlikely(!(uc_flags & UC_STRICT_RESTORE_SS) && user_64bit_mode(regs)))
+ force_valid_ss(regs);
+#endif
+
err |= fpu__restore_sig(buf, IS_ENABLED(CONFIG_X86_32));
force_iret();
@@ -461,6 +460,7 @@ static int __setup_rt_frame(int sig, struct ksignal *ksig,
{
struct rt_sigframe __user *frame;
void __user *fp = NULL;
+ unsigned long uc_flags;
int err = 0;
frame = get_sigframe(&ksig->ka, regs, sizeof(struct rt_sigframe), &fp);
@@ -473,9 +473,11 @@ static int __setup_rt_frame(int sig, struct ksignal *ksig,
return -EFAULT;
}
+ uc_flags = frame_uc_flags(regs);
+
put_user_try {
/* Create the ucontext. */
- put_user_ex(frame_uc_flags(regs), &frame->uc.uc_flags);
+ put_user_ex(uc_flags, &frame->uc.uc_flags);
put_user_ex(0, &frame->uc.uc_link);
save_altstack_ex(&frame->uc.uc_stack, regs->sp);
@@ -541,6 +543,7 @@ static int x32_setup_rt_frame(struct ksignal *ksig,
{
#ifdef CONFIG_X86_X32_ABI
struct rt_sigframe_x32 __user *frame;
+ unsigned long uc_flags;
void __user *restorer;
int err = 0;
void __user *fpstate = NULL;
@@ -555,9 +558,11 @@ static int x32_setup_rt_frame(struct ksignal *ksig,
return -EFAULT;
}
+ uc_flags = frame_uc_flags(regs);
+
put_user_try {
/* Create the ucontext. */
- put_user_ex(frame_uc_flags(regs), &frame->uc.uc_flags);
+ put_user_ex(uc_flags, &frame->uc.uc_flags);
put_user_ex(0, &frame->uc.uc_link);
compat_save_altstack_ex(&frame->uc.uc_stack, regs->sp);
put_user_ex(0, &frame->uc.uc__pad0);
--
2.20.1
^ permalink raw reply related [flat|nested] 429+ messages in thread
* [PATCH 5.1 268/405] x86/ia32: Fix ia32_restore_sigcontext() AC leak
2019-05-30 2:59 [PATCH 5.1 000/405] 5.1.6-stable review Greg Kroah-Hartman
` (266 preceding siblings ...)
2019-05-30 3:04 ` [PATCH 5.1 267/405] x86/uaccess, signal: Fix AC=1 bloat Greg Kroah-Hartman
@ 2019-05-30 3:04 ` Greg Kroah-Hartman
2019-05-30 3:04 ` [PATCH 5.1 269/405] x86/uaccess: Fix up the fixup Greg Kroah-Hartman
` (141 subsequent siblings)
409 siblings, 0 replies; 429+ messages in thread
From: Greg Kroah-Hartman @ 2019-05-30 3:04 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Peter Zijlstra (Intel),
Borislav Petkov, Josh Poimboeuf, Linus Torvalds, Thomas Gleixner,
Ingo Molnar, Sasha Levin
[ Upstream commit 67a0514afdbb8b2fc70b771b8c77661a9cb9d3a9 ]
Objtool spotted that we call native_load_gs_index() with AC set.
Re-arrange the code to avoid that.
Signed-off-by: Peter Zijlstra (Intel) <peterz@infradead.org>
Cc: Borislav Petkov <bp@alien8.de>
Cc: Josh Poimboeuf <jpoimboe@redhat.com>
Cc: Linus Torvalds <torvalds@linux-foundation.org>
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: Thomas Gleixner <tglx@linutronix.de>
Signed-off-by: Ingo Molnar <mingo@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/x86/ia32/ia32_signal.c | 29 +++++++++++++++++------------
1 file changed, 17 insertions(+), 12 deletions(-)
diff --git a/arch/x86/ia32/ia32_signal.c b/arch/x86/ia32/ia32_signal.c
index 321fe5f5d0e96..4d5fcd47ab75a 100644
--- a/arch/x86/ia32/ia32_signal.c
+++ b/arch/x86/ia32/ia32_signal.c
@@ -61,9 +61,8 @@
} while (0)
#define RELOAD_SEG(seg) { \
- unsigned int pre = GET_SEG(seg); \
+ unsigned int pre = (seg) | 3; \
unsigned int cur = get_user_seg(seg); \
- pre |= 3; \
if (pre != cur) \
set_user_seg(seg, pre); \
}
@@ -72,6 +71,7 @@ static int ia32_restore_sigcontext(struct pt_regs *regs,
struct sigcontext_32 __user *sc)
{
unsigned int tmpflags, err = 0;
+ u16 gs, fs, es, ds;
void __user *buf;
u32 tmp;
@@ -79,16 +79,10 @@ static int ia32_restore_sigcontext(struct pt_regs *regs,
current->restart_block.fn = do_no_restart_syscall;
get_user_try {
- /*
- * Reload fs and gs if they have changed in the signal
- * handler. This does not handle long fs/gs base changes in
- * the handler, but does not clobber them at least in the
- * normal case.
- */
- RELOAD_SEG(gs);
- RELOAD_SEG(fs);
- RELOAD_SEG(ds);
- RELOAD_SEG(es);
+ gs = GET_SEG(gs);
+ fs = GET_SEG(fs);
+ ds = GET_SEG(ds);
+ es = GET_SEG(es);
COPY(di); COPY(si); COPY(bp); COPY(sp); COPY(bx);
COPY(dx); COPY(cx); COPY(ip); COPY(ax);
@@ -106,6 +100,17 @@ static int ia32_restore_sigcontext(struct pt_regs *regs,
buf = compat_ptr(tmp);
} get_user_catch(err);
+ /*
+ * Reload fs and gs if they have changed in the signal
+ * handler. This does not handle long fs/gs base changes in
+ * the handler, but does not clobber them at least in the
+ * normal case.
+ */
+ RELOAD_SEG(gs);
+ RELOAD_SEG(fs);
+ RELOAD_SEG(ds);
+ RELOAD_SEG(es);
+
err |= fpu__restore_sig(buf, 1);
force_iret();
--
2.20.1
^ permalink raw reply related [flat|nested] 429+ messages in thread
* [PATCH 5.1 269/405] x86/uaccess: Fix up the fixup
2019-05-30 2:59 [PATCH 5.1 000/405] 5.1.6-stable review Greg Kroah-Hartman
` (267 preceding siblings ...)
2019-05-30 3:04 ` [PATCH 5.1 268/405] x86/ia32: Fix ia32_restore_sigcontext() AC leak Greg Kroah-Hartman
@ 2019-05-30 3:04 ` Greg Kroah-Hartman
2019-05-30 3:04 ` [PATCH 5.1 270/405] chardev: add additional check for minor range overlap Greg Kroah-Hartman
` (140 subsequent siblings)
409 siblings, 0 replies; 429+ messages in thread
From: Greg Kroah-Hartman @ 2019-05-30 3:04 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Peter Zijlstra (Intel),
Borislav Petkov, Josh Poimboeuf, Linus Torvalds, Thomas Gleixner,
Ingo Molnar, Sasha Levin
[ Upstream commit b69656fa7ea2f75e47d7bd5b9430359fa46488af ]
New tooling got confused about this:
arch/x86/lib/memcpy_64.o: warning: objtool: .fixup+0x7: return with UACCESS enabled
While the code isn't wrong, it is tedious (if at all possible) to
figure out what function a particular chunk of .fixup belongs to.
This then confuses the objtool uaccess validation. Instead of
returning directly from the .fixup, jump back into the right function.
Signed-off-by: Peter Zijlstra (Intel) <peterz@infradead.org>
Cc: Borislav Petkov <bp@alien8.de>
Cc: Josh Poimboeuf <jpoimboe@redhat.com>
Cc: Linus Torvalds <torvalds@linux-foundation.org>
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: Thomas Gleixner <tglx@linutronix.de>
Signed-off-by: Ingo Molnar <mingo@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/x86/lib/memcpy_64.S | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/arch/x86/lib/memcpy_64.S b/arch/x86/lib/memcpy_64.S
index 3b24dc05251c7..9d05572370edc 100644
--- a/arch/x86/lib/memcpy_64.S
+++ b/arch/x86/lib/memcpy_64.S
@@ -257,6 +257,7 @@ ENTRY(__memcpy_mcsafe)
/* Copy successful. Return zero */
.L_done_memcpy_trap:
xorl %eax, %eax
+.L_done:
ret
ENDPROC(__memcpy_mcsafe)
EXPORT_SYMBOL_GPL(__memcpy_mcsafe)
@@ -273,7 +274,7 @@ EXPORT_SYMBOL_GPL(__memcpy_mcsafe)
addl %edx, %ecx
.E_trailing_bytes:
mov %ecx, %eax
- ret
+ jmp .L_done
/*
* For write fault handling, given the destination is unaligned,
--
2.20.1
^ permalink raw reply related [flat|nested] 429+ messages in thread
* [PATCH 5.1 270/405] chardev: add additional check for minor range overlap
2019-05-30 2:59 [PATCH 5.1 000/405] 5.1.6-stable review Greg Kroah-Hartman
` (268 preceding siblings ...)
2019-05-30 3:04 ` [PATCH 5.1 269/405] x86/uaccess: Fix up the fixup Greg Kroah-Hartman
@ 2019-05-30 3:04 ` Greg Kroah-Hartman
2019-05-30 3:04 ` [PATCH 5.1 271/405] RDMA/hns: Fix bad endianess of port_pd variable Greg Kroah-Hartman
` (139 subsequent siblings)
409 siblings, 0 replies; 429+ messages in thread
From: Greg Kroah-Hartman @ 2019-05-30 3:04 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Chengguang Xu, Sasha Levin
[ Upstream commit de36e16d1557a0b6eb328bc3516359a12ba5c25c ]
Current overlap checking cannot correctly handle
a case which is baseminor < existing baseminor &&
baseminor + minorct > existing baseminor + minorct.
Signed-off-by: Chengguang Xu <cgxu519@gmx.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
fs/char_dev.c | 6 ++++++
1 file changed, 6 insertions(+)
diff --git a/fs/char_dev.c b/fs/char_dev.c
index a279c58fe3606..8a63cfa290053 100644
--- a/fs/char_dev.c
+++ b/fs/char_dev.c
@@ -159,6 +159,12 @@ __register_chrdev_region(unsigned int major, unsigned int baseminor,
ret = -EBUSY;
goto out;
}
+
+ if (new_min < old_min && new_max > old_max) {
+ ret = -EBUSY;
+ goto out;
+ }
+
}
cd->next = *cp;
--
2.20.1
^ permalink raw reply related [flat|nested] 429+ messages in thread
* [PATCH 5.1 271/405] RDMA/hns: Fix bad endianess of port_pd variable
2019-05-30 2:59 [PATCH 5.1 000/405] 5.1.6-stable review Greg Kroah-Hartman
` (269 preceding siblings ...)
2019-05-30 3:04 ` [PATCH 5.1 270/405] chardev: add additional check for minor range overlap Greg Kroah-Hartman
@ 2019-05-30 3:04 ` Greg Kroah-Hartman
2019-05-30 3:04 ` [PATCH 5.1 272/405] sh: sh7786: Add explicit I/O cast to sh7786_mm_sel() Greg Kroah-Hartman
` (138 subsequent siblings)
409 siblings, 0 replies; 429+ messages in thread
From: Greg Kroah-Hartman @ 2019-05-30 3:04 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Leon Romanovsky, Gal Pressman,
Lijun Ou, Jason Gunthorpe, Sasha Levin
[ Upstream commit 6734b2973565e36659e97e12ab0d0faf1d9f3fbe ]
port_pd is treated as le32 in declaration and read, fix assignment to be
in le32 too. This change fixes the following compilation warnings.
drivers/infiniband/hw/hns/hns_roce_ah.c:67:24: warning: incorrect type
in assignment (different base types)
drivers/infiniband/hw/hns/hns_roce_ah.c:67:24: expected restricted __le32 [usertype] port_pd
drivers/infiniband/hw/hns/hns_roce_ah.c:67:24: got restricted __be32 [usertype]
Fixes: 9a4435375cd1 ("IB/hns: Add driver files for hns RoCE driver")
Signed-off-by: Leon Romanovsky <leonro@mellanox.com>
Reviewed-by: Gal Pressman <galpress@amazon.com>
Reviewed-by: Lijun Ou <ouliun@huawei.com>
Signed-off-by: Jason Gunthorpe <jgg@mellanox.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/infiniband/hw/hns/hns_roce_ah.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/infiniband/hw/hns/hns_roce_ah.c b/drivers/infiniband/hw/hns/hns_roce_ah.c
index b3c8c45ec1e3e..64e0c69b69c53 100644
--- a/drivers/infiniband/hw/hns/hns_roce_ah.c
+++ b/drivers/infiniband/hw/hns/hns_roce_ah.c
@@ -70,7 +70,7 @@ struct ib_ah *hns_roce_create_ah(struct ib_pd *ibpd,
HNS_ROCE_VLAN_SL_BIT_MASK) <<
HNS_ROCE_VLAN_SL_SHIFT;
- ah->av.port_pd = cpu_to_be32(to_hr_pd(ibpd)->pdn |
+ ah->av.port_pd = cpu_to_le32(to_hr_pd(ibpd)->pdn |
(rdma_ah_get_port_num(ah_attr) <<
HNS_ROCE_PORT_NUM_SHIFT));
ah->av.gid_index = grh->sgid_index;
--
2.20.1
^ permalink raw reply related [flat|nested] 429+ messages in thread
* [PATCH 5.1 272/405] sh: sh7786: Add explicit I/O cast to sh7786_mm_sel()
2019-05-30 2:59 [PATCH 5.1 000/405] 5.1.6-stable review Greg Kroah-Hartman
` (270 preceding siblings ...)
2019-05-30 3:04 ` [PATCH 5.1 271/405] RDMA/hns: Fix bad endianess of port_pd variable Greg Kroah-Hartman
@ 2019-05-30 3:04 ` Greg Kroah-Hartman
2019-05-30 3:04 ` [PATCH 5.1 273/405] HID: core: move Usage Page concatenation to Main item Greg Kroah-Hartman
` (137 subsequent siblings)
409 siblings, 0 replies; 429+ messages in thread
From: Greg Kroah-Hartman @ 2019-05-30 3:04 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Geert Uytterhoeven, Simon Horman,
Sasha Levin
[ Upstream commit 8440bb9b944c02222c7a840d406141ed42e945cd ]
When compile-testing on arm:
arch/sh/include/cpu-sh4/cpu/sh7786.h: In function ‘sh7786_mm_sel’:
arch/sh/include/cpu-sh4/cpu/sh7786.h:135:21: warning: passing argument 1 of ‘__raw_readl’ makes pointer from integer without a cast [-Wint-conversion]
return __raw_readl(0xFC400020) & 0x7;
^~~~~~~~~~
In file included from include/linux/io.h:25:0,
from arch/sh/include/cpu-sh4/cpu/sh7786.h:14,
from drivers/pinctrl/sh-pfc/pfc-sh7786.c:15:
arch/arm/include/asm/io.h:113:21: note: expected ‘const volatile void *’ but argument is of type ‘unsigned int’
#define __raw_readl __raw_readl
^
arch/arm/include/asm/io.h:114:19: note: in expansion of macro ‘__raw_readl’
static inline u32 __raw_readl(const volatile void __iomem *addr)
^~~~~~~~~~~
__raw_readl() on SuperH is a macro that casts the passed I/O address to
the correct type, while the implementations on most other architectures
expect to be passed the correct pointer type.
Add an explicit cast to fix this.
Note that this also gets rid of a sparse warning on SuperH:
arch/sh/include/cpu-sh4/cpu/sh7786.h:135:16: warning: incorrect type in argument 1 (different base types)
arch/sh/include/cpu-sh4/cpu/sh7786.h:135:16: expected void const volatile [noderef] <asn:2>*<noident>
arch/sh/include/cpu-sh4/cpu/sh7786.h:135:16: got unsigned int
Signed-off-by: Geert Uytterhoeven <geert+renesas@glider.be>
Reviewed-by: Simon Horman <horms+renesas@verge.net.au>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/sh/include/cpu-sh4/cpu/sh7786.h | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/arch/sh/include/cpu-sh4/cpu/sh7786.h b/arch/sh/include/cpu-sh4/cpu/sh7786.h
index 8f9bfbf3cdb10..d6cce65b48713 100644
--- a/arch/sh/include/cpu-sh4/cpu/sh7786.h
+++ b/arch/sh/include/cpu-sh4/cpu/sh7786.h
@@ -132,7 +132,7 @@ enum {
static inline u32 sh7786_mm_sel(void)
{
- return __raw_readl(0xFC400020) & 0x7;
+ return __raw_readl((const volatile void __iomem *)0xFC400020) & 0x7;
}
#endif /* __CPU_SH7786_H__ */
--
2.20.1
^ permalink raw reply related [flat|nested] 429+ messages in thread
* [PATCH 5.1 273/405] HID: core: move Usage Page concatenation to Main item
2019-05-30 2:59 [PATCH 5.1 000/405] 5.1.6-stable review Greg Kroah-Hartman
` (271 preceding siblings ...)
2019-05-30 3:04 ` [PATCH 5.1 272/405] sh: sh7786: Add explicit I/O cast to sh7786_mm_sel() Greg Kroah-Hartman
@ 2019-05-30 3:04 ` Greg Kroah-Hartman
2019-05-30 3:04 ` Greg Kroah-Hartman
` (136 subsequent siblings)
409 siblings, 0 replies; 429+ messages in thread
From: Greg Kroah-Hartman @ 2019-05-30 3:04 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Nicolas Saenz Julienne, Terry Junge,
Benjamin Tissoires, Sasha Levin
[ Upstream commit 58e75155009cc800005629955d3482f36a1e0eec ]
As seen on some USB wireless keyboards manufactured by Primax, the HID
parser was using some assumptions that are not always true. In this case
it's s the fact that, inside the scope of a main item, an Usage Page
will always precede an Usage.
The spec is not pretty clear as 6.2.2.7 states "Any usage that follows
is interpreted as a Usage ID and concatenated with the Usage Page".
While 6.2.2.8 states "When the parser encounters a main item it
concatenates the last declared Usage Page with a Usage to form a
complete usage value." Being somewhat contradictory it was decided to
match Window's implementation, which follows 6.2.2.8.
In summary, the patch moves the Usage Page concatenation from the local
item parsing function to the main item parsing function.
Signed-off-by: Nicolas Saenz Julienne <nsaenzjulienne@suse.de>
Reviewed-by: Terry Junge <terry.junge@poly.com>
Signed-off-by: Benjamin Tissoires <benjamin.tissoires@redhat.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/hid/hid-core.c | 36 ++++++++++++++++++++++++------------
include/linux/hid.h | 1 +
2 files changed, 25 insertions(+), 12 deletions(-)
diff --git a/drivers/hid/hid-core.c b/drivers/hid/hid-core.c
index 860e21ec6a492..63a43726cce0f 100644
--- a/drivers/hid/hid-core.c
+++ b/drivers/hid/hid-core.c
@@ -218,13 +218,14 @@ static unsigned hid_lookup_collection(struct hid_parser *parser, unsigned type)
* Add a usage to the temporary parser table.
*/
-static int hid_add_usage(struct hid_parser *parser, unsigned usage)
+static int hid_add_usage(struct hid_parser *parser, unsigned usage, u8 size)
{
if (parser->local.usage_index >= HID_MAX_USAGES) {
hid_err(parser->device, "usage index exceeded\n");
return -1;
}
parser->local.usage[parser->local.usage_index] = usage;
+ parser->local.usage_size[parser->local.usage_index] = size;
parser->local.collection_index[parser->local.usage_index] =
parser->collection_stack_ptr ?
parser->collection_stack[parser->collection_stack_ptr - 1] : 0;
@@ -486,10 +487,7 @@ static int hid_parser_local(struct hid_parser *parser, struct hid_item *item)
return 0;
}
- if (item->size <= 2)
- data = (parser->global.usage_page << 16) + data;
-
- return hid_add_usage(parser, data);
+ return hid_add_usage(parser, data, item->size);
case HID_LOCAL_ITEM_TAG_USAGE_MINIMUM:
@@ -498,9 +496,6 @@ static int hid_parser_local(struct hid_parser *parser, struct hid_item *item)
return 0;
}
- if (item->size <= 2)
- data = (parser->global.usage_page << 16) + data;
-
parser->local.usage_minimum = data;
return 0;
@@ -511,9 +506,6 @@ static int hid_parser_local(struct hid_parser *parser, struct hid_item *item)
return 0;
}
- if (item->size <= 2)
- data = (parser->global.usage_page << 16) + data;
-
count = data - parser->local.usage_minimum;
if (count + parser->local.usage_index >= HID_MAX_USAGES) {
/*
@@ -533,7 +525,7 @@ static int hid_parser_local(struct hid_parser *parser, struct hid_item *item)
}
for (n = parser->local.usage_minimum; n <= data; n++)
- if (hid_add_usage(parser, n)) {
+ if (hid_add_usage(parser, n, item->size)) {
dbg_hid("hid_add_usage failed\n");
return -1;
}
@@ -547,6 +539,22 @@ static int hid_parser_local(struct hid_parser *parser, struct hid_item *item)
return 0;
}
+/*
+ * Concatenate Usage Pages into Usages where relevant:
+ * As per specification, 6.2.2.8: "When the parser encounters a main item it
+ * concatenates the last declared Usage Page with a Usage to form a complete
+ * usage value."
+ */
+
+static void hid_concatenate_usage_page(struct hid_parser *parser)
+{
+ int i;
+
+ for (i = 0; i < parser->local.usage_index; i++)
+ if (parser->local.usage_size[i] <= 2)
+ parser->local.usage[i] += parser->global.usage_page << 16;
+}
+
/*
* Process a main item.
*/
@@ -556,6 +564,8 @@ static int hid_parser_main(struct hid_parser *parser, struct hid_item *item)
__u32 data;
int ret;
+ hid_concatenate_usage_page(parser);
+
data = item_udata(item);
switch (item->tag) {
@@ -765,6 +775,8 @@ static int hid_scan_main(struct hid_parser *parser, struct hid_item *item)
__u32 data;
int i;
+ hid_concatenate_usage_page(parser);
+
data = item_udata(item);
switch (item->tag) {
diff --git a/include/linux/hid.h b/include/linux/hid.h
index f9707d1dcb584..ac0c70b4ce10a 100644
--- a/include/linux/hid.h
+++ b/include/linux/hid.h
@@ -417,6 +417,7 @@ struct hid_global {
struct hid_local {
unsigned usage[HID_MAX_USAGES]; /* usage array */
+ u8 usage_size[HID_MAX_USAGES]; /* usage size array */
unsigned collection_index[HID_MAX_USAGES]; /* collection index array */
unsigned usage_index;
unsigned usage_minimum;
--
2.20.1
^ permalink raw reply related [flat|nested] 429+ messages in thread
* [PATCH 5.1 274/405] ASoC: eukrea-tlv320: fix a leaked reference by adding missing of_node_put
2019-05-30 2:59 [PATCH 5.1 000/405] 5.1.6-stable review Greg Kroah-Hartman
@ 2019-05-30 3:04 ` Greg Kroah-Hartman
2019-05-30 3:00 ` [PATCH 5.1 002/405] ext4: do not delete unlinked inode from orphan list on failed truncate Greg Kroah-Hartman
` (408 subsequent siblings)
409 siblings, 0 replies; 429+ messages in thread
From: Greg Kroah-Hartman @ 2019-05-30 3:04 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Wen Yang, Liam Girdwood, Mark Brown,
Jaroslav Kysela, Takashi Iwai, alsa-devel, Sasha Levin
[ Upstream commit b820d52e7eed7b30b2dfef5f4213a2bc3cbea6f3 ]
The call to of_parse_phandle returns a node pointer with refcount
incremented thus it must be explicitly decremented after the last
usage.
Detected by coccinelle with the following warnings:
./sound/soc/fsl/eukrea-tlv320.c:121:3-9: ERROR: missing of_node_put; acquired a node pointer with refcount incremented on line 102, but without a correspo nding object release within this function.
./sound/soc/fsl/eukrea-tlv320.c:127:3-9: ERROR: missing of_node_put; acquired a node pointer with refcount incremented on line 102, but without a correspo nding object release within this function.
Signed-off-by: Wen Yang <wen.yang99@zte.com.cn>
Cc: Liam Girdwood <lgirdwood@gmail.com>
Cc: Mark Brown <broonie@kernel.org>
Cc: Jaroslav Kysela <perex@perex.cz>
Cc: Takashi Iwai <tiwai@suse.com>
Cc: alsa-devel@alsa-project.org
Cc: linux-kernel@vger.kernel.org
Signed-off-by: Mark Brown <broonie@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
sound/soc/fsl/eukrea-tlv320.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/sound/soc/fsl/eukrea-tlv320.c b/sound/soc/fsl/eukrea-tlv320.c
index 191426a6d9adf..30a3d68b5c033 100644
--- a/sound/soc/fsl/eukrea-tlv320.c
+++ b/sound/soc/fsl/eukrea-tlv320.c
@@ -118,13 +118,13 @@ static int eukrea_tlv320_probe(struct platform_device *pdev)
if (ret) {
dev_err(&pdev->dev,
"fsl,mux-int-port node missing or invalid.\n");
- return ret;
+ goto err;
}
ret = of_property_read_u32(np, "fsl,mux-ext-port", &ext_port);
if (ret) {
dev_err(&pdev->dev,
"fsl,mux-ext-port node missing or invalid.\n");
- return ret;
+ goto err;
}
/*
--
2.20.1
^ permalink raw reply related [flat|nested] 429+ messages in thread
* [PATCH 5.1 274/405] ASoC: eukrea-tlv320: fix a leaked reference by adding missing of_node_put
@ 2019-05-30 3:04 ` Greg Kroah-Hartman
0 siblings, 0 replies; 429+ messages in thread
From: Greg Kroah-Hartman @ 2019-05-30 3:04 UTC (permalink / raw)
To: linux-kernel
Cc: Sasha Levin, alsa-devel, Greg Kroah-Hartman, Takashi Iwai,
Liam Girdwood, stable, Mark Brown, Wen Yang
[ Upstream commit b820d52e7eed7b30b2dfef5f4213a2bc3cbea6f3 ]
The call to of_parse_phandle returns a node pointer with refcount
incremented thus it must be explicitly decremented after the last
usage.
Detected by coccinelle with the following warnings:
./sound/soc/fsl/eukrea-tlv320.c:121:3-9: ERROR: missing of_node_put; acquired a node pointer with refcount incremented on line 102, but without a correspo nding object release within this function.
./sound/soc/fsl/eukrea-tlv320.c:127:3-9: ERROR: missing of_node_put; acquired a node pointer with refcount incremented on line 102, but without a correspo nding object release within this function.
Signed-off-by: Wen Yang <wen.yang99@zte.com.cn>
Cc: Liam Girdwood <lgirdwood@gmail.com>
Cc: Mark Brown <broonie@kernel.org>
Cc: Jaroslav Kysela <perex@perex.cz>
Cc: Takashi Iwai <tiwai@suse.com>
Cc: alsa-devel@alsa-project.org
Cc: linux-kernel@vger.kernel.org
Signed-off-by: Mark Brown <broonie@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
sound/soc/fsl/eukrea-tlv320.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/sound/soc/fsl/eukrea-tlv320.c b/sound/soc/fsl/eukrea-tlv320.c
index 191426a6d9adf..30a3d68b5c033 100644
--- a/sound/soc/fsl/eukrea-tlv320.c
+++ b/sound/soc/fsl/eukrea-tlv320.c
@@ -118,13 +118,13 @@ static int eukrea_tlv320_probe(struct platform_device *pdev)
if (ret) {
dev_err(&pdev->dev,
"fsl,mux-int-port node missing or invalid.\n");
- return ret;
+ goto err;
}
ret = of_property_read_u32(np, "fsl,mux-ext-port", &ext_port);
if (ret) {
dev_err(&pdev->dev,
"fsl,mux-ext-port node missing or invalid.\n");
- return ret;
+ goto err;
}
/*
--
2.20.1
^ permalink raw reply related [flat|nested] 429+ messages in thread
* [PATCH 5.1 275/405] ASoC: fsl_utils: fix a leaked reference by adding missing of_node_put
2019-05-30 2:59 [PATCH 5.1 000/405] 5.1.6-stable review Greg Kroah-Hartman
@ 2019-05-30 3:04 ` Greg Kroah-Hartman
2019-05-30 3:00 ` [PATCH 5.1 002/405] ext4: do not delete unlinked inode from orphan list on failed truncate Greg Kroah-Hartman
` (408 subsequent siblings)
409 siblings, 0 replies; 429+ messages in thread
From: Greg Kroah-Hartman @ 2019-05-30 3:04 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Wen Yang, Timur Tabi, Nicolin Chen,
Xiubo Li, Fabio Estevam, Liam Girdwood, Mark Brown,
Jaroslav Kysela, Takashi Iwai, alsa-devel, linuxppc-dev,
Sasha Levin
[ Upstream commit c705247136a523488eac806bd357c3e5d79a7acd ]
The call to of_parse_phandle returns a node pointer with refcount
incremented thus it must be explicitly decremented after the last
usage.
Detected by coccinelle with the following warnings:
./sound/soc/fsl/fsl_utils.c:74:2-8: ERROR: missing of_node_put; acquired a node pointer with refcount incremented on line 38, but without a corresponding object release within this function.
Signed-off-by: Wen Yang <wen.yang99@zte.com.cn>
Cc: Timur Tabi <timur@kernel.org>
Cc: Nicolin Chen <nicoleotsuka@gmail.com>
Cc: Xiubo Li <Xiubo.Lee@gmail.com>
Cc: Fabio Estevam <festevam@gmail.com>
Cc: Liam Girdwood <lgirdwood@gmail.com>
Cc: Mark Brown <broonie@kernel.org>
Cc: Jaroslav Kysela <perex@perex.cz>
Cc: Takashi Iwai <tiwai@suse.com>
Cc: alsa-devel@alsa-project.org
Cc: linuxppc-dev@lists.ozlabs.org
Cc: linux-kernel@vger.kernel.org
Signed-off-by: Mark Brown <broonie@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
sound/soc/fsl/fsl_utils.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/sound/soc/fsl/fsl_utils.c b/sound/soc/fsl/fsl_utils.c
index 9981668ab5909..040d06b89f00a 100644
--- a/sound/soc/fsl/fsl_utils.c
+++ b/sound/soc/fsl/fsl_utils.c
@@ -71,6 +71,7 @@ int fsl_asoc_get_dma_channel(struct device_node *ssi_np,
iprop = of_get_property(dma_np, "cell-index", NULL);
if (!iprop) {
of_node_put(dma_np);
+ of_node_put(dma_channel_np);
return -EINVAL;
}
*dma_id = be32_to_cpup(iprop);
--
2.20.1
^ permalink raw reply related [flat|nested] 429+ messages in thread
* [PATCH 5.1 275/405] ASoC: fsl_utils: fix a leaked reference by adding missing of_node_put
@ 2019-05-30 3:04 ` Greg Kroah-Hartman
0 siblings, 0 replies; 429+ messages in thread
From: Greg Kroah-Hartman @ 2019-05-30 3:04 UTC (permalink / raw)
To: linux-kernel
Cc: Sasha Levin, alsa-devel, linuxppc-dev, Timur Tabi, Xiubo Li,
Greg Kroah-Hartman, Takashi Iwai, Liam Girdwood, stable,
Jaroslav Kysela, Nicolin Chen, Mark Brown, Fabio Estevam,
Wen Yang
[ Upstream commit c705247136a523488eac806bd357c3e5d79a7acd ]
The call to of_parse_phandle returns a node pointer with refcount
incremented thus it must be explicitly decremented after the last
usage.
Detected by coccinelle with the following warnings:
./sound/soc/fsl/fsl_utils.c:74:2-8: ERROR: missing of_node_put; acquired a node pointer with refcount incremented on line 38, but without a corresponding object release within this function.
Signed-off-by: Wen Yang <wen.yang99@zte.com.cn>
Cc: Timur Tabi <timur@kernel.org>
Cc: Nicolin Chen <nicoleotsuka@gmail.com>
Cc: Xiubo Li <Xiubo.Lee@gmail.com>
Cc: Fabio Estevam <festevam@gmail.com>
Cc: Liam Girdwood <lgirdwood@gmail.com>
Cc: Mark Brown <broonie@kernel.org>
Cc: Jaroslav Kysela <perex@perex.cz>
Cc: Takashi Iwai <tiwai@suse.com>
Cc: alsa-devel@alsa-project.org
Cc: linuxppc-dev@lists.ozlabs.org
Cc: linux-kernel@vger.kernel.org
Signed-off-by: Mark Brown <broonie@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
sound/soc/fsl/fsl_utils.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/sound/soc/fsl/fsl_utils.c b/sound/soc/fsl/fsl_utils.c
index 9981668ab5909..040d06b89f00a 100644
--- a/sound/soc/fsl/fsl_utils.c
+++ b/sound/soc/fsl/fsl_utils.c
@@ -71,6 +71,7 @@ int fsl_asoc_get_dma_channel(struct device_node *ssi_np,
iprop = of_get_property(dma_np, "cell-index", NULL);
if (!iprop) {
of_node_put(dma_np);
+ of_node_put(dma_channel_np);
return -EINVAL;
}
*dma_id = be32_to_cpup(iprop);
--
2.20.1
^ permalink raw reply related [flat|nested] 429+ messages in thread
* [PATCH 5.1 276/405] ASoC: wcd9335: fix a leaked reference by adding missing of_node_put
2019-05-30 2:59 [PATCH 5.1 000/405] 5.1.6-stable review Greg Kroah-Hartman
@ 2019-05-30 3:04 ` Greg Kroah-Hartman
2019-05-30 3:00 ` [PATCH 5.1 002/405] ext4: do not delete unlinked inode from orphan list on failed truncate Greg Kroah-Hartman
` (408 subsequent siblings)
409 siblings, 0 replies; 429+ messages in thread
From: Greg Kroah-Hartman @ 2019-05-30 3:04 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Wen Yang, Liam Girdwood, Mark Brown,
Jaroslav Kysela, Takashi Iwai, Srinivas Kandagatla, Vinod Koul,
alsa-devel, Sasha Levin, Dan Carpenter
[ Upstream commit 64b92de9603f22b5455da925ee57268ef7fb4e80 ]
The call to of_parse_phandle returns a node pointer with refcount
incremented thus it must be explicitly decremented after the last
usage.
Detected by coccinelle with the following warnings:
./sound/soc/codecs/wcd9335.c:5193:2-8: ERROR: missing of_node_put; acquired a node pointer with refcount incremented on line 5183, but without a correspon ding object release within this function.
Signed-off-by: Wen Yang <wen.yang99@zte.com.cn>
Cc: Liam Girdwood <lgirdwood@gmail.com>
Cc: Mark Brown <broonie@kernel.org>
Cc: Jaroslav Kysela <perex@perex.cz>
Cc: Takashi Iwai <tiwai@suse.com>
Cc: Srinivas Kandagatla <srinivas.kandagatla@linaro.org>
Cc: Vinod Koul <vkoul@kernel.org>
Cc: Dan Carpenter <dan.carpenter@oracle.com> (commit_signer:1/11=9%,authored:1/11=9%)
Cc: alsa-devel@alsa-project.org
Cc: linux-kernel@vger.kernel.org
Signed-off-by: Mark Brown <broonie@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
sound/soc/codecs/wcd9335.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/sound/soc/codecs/wcd9335.c b/sound/soc/codecs/wcd9335.c
index 981f88a5f6154..a04a7cedd99de 100644
--- a/sound/soc/codecs/wcd9335.c
+++ b/sound/soc/codecs/wcd9335.c
@@ -5188,6 +5188,7 @@ static int wcd9335_slim_status(struct slim_device *sdev,
wcd->slim = sdev;
wcd->slim_ifc_dev = of_slim_get_device(sdev->ctrl, ifc_dev_np);
+ of_node_put(ifc_dev_np);
if (!wcd->slim_ifc_dev) {
dev_err(dev, "Unable to get SLIM Interface device\n");
return -EINVAL;
--
2.20.1
^ permalink raw reply related [flat|nested] 429+ messages in thread
* [PATCH 5.1 276/405] ASoC: wcd9335: fix a leaked reference by adding missing of_node_put
@ 2019-05-30 3:04 ` Greg Kroah-Hartman
0 siblings, 0 replies; 429+ messages in thread
From: Greg Kroah-Hartman @ 2019-05-30 3:04 UTC (permalink / raw)
To: linux-kernel
Cc: Sasha Levin, alsa-devel, Greg Kroah-Hartman, Takashi Iwai,
Liam Girdwood, stable, Vinod Koul, Mark Brown,
Srinivas Kandagatla, Wen Yang, Dan Carpenter
[ Upstream commit 64b92de9603f22b5455da925ee57268ef7fb4e80 ]
The call to of_parse_phandle returns a node pointer with refcount
incremented thus it must be explicitly decremented after the last
usage.
Detected by coccinelle with the following warnings:
./sound/soc/codecs/wcd9335.c:5193:2-8: ERROR: missing of_node_put; acquired a node pointer with refcount incremented on line 5183, but without a correspon ding object release within this function.
Signed-off-by: Wen Yang <wen.yang99@zte.com.cn>
Cc: Liam Girdwood <lgirdwood@gmail.com>
Cc: Mark Brown <broonie@kernel.org>
Cc: Jaroslav Kysela <perex@perex.cz>
Cc: Takashi Iwai <tiwai@suse.com>
Cc: Srinivas Kandagatla <srinivas.kandagatla@linaro.org>
Cc: Vinod Koul <vkoul@kernel.org>
Cc: Dan Carpenter <dan.carpenter@oracle.com> (commit_signer:1/11=9%,authored:1/11=9%)
Cc: alsa-devel@alsa-project.org
Cc: linux-kernel@vger.kernel.org
Signed-off-by: Mark Brown <broonie@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
sound/soc/codecs/wcd9335.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/sound/soc/codecs/wcd9335.c b/sound/soc/codecs/wcd9335.c
index 981f88a5f6154..a04a7cedd99de 100644
--- a/sound/soc/codecs/wcd9335.c
+++ b/sound/soc/codecs/wcd9335.c
@@ -5188,6 +5188,7 @@ static int wcd9335_slim_status(struct slim_device *sdev,
wcd->slim = sdev;
wcd->slim_ifc_dev = of_slim_get_device(sdev->ctrl, ifc_dev_np);
+ of_node_put(ifc_dev_np);
if (!wcd->slim_ifc_dev) {
dev_err(dev, "Unable to get SLIM Interface device\n");
return -EINVAL;
--
2.20.1
^ permalink raw reply related [flat|nested] 429+ messages in thread
* [PATCH 5.1 277/405] cxgb3/l2t: Fix undefined behaviour
2019-05-30 2:59 [PATCH 5.1 000/405] 5.1.6-stable review Greg Kroah-Hartman
` (275 preceding siblings ...)
2019-05-30 3:04 ` Greg Kroah-Hartman
@ 2019-05-30 3:04 ` Greg Kroah-Hartman
2019-05-30 3:04 ` [PATCH 5.1 278/405] clk: renesas: rcar-gen3: Correct parent clock of SYS-DMAC Greg Kroah-Hartman
` (132 subsequent siblings)
409 siblings, 0 replies; 429+ messages in thread
From: Greg Kroah-Hartman @ 2019-05-30 3:04 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Gustavo A. R. Silva, David S. Miller,
Sasha Levin
[ Upstream commit 76497732932f15e7323dc805e8ea8dc11bb587cf ]
The use of zero-sized array causes undefined behaviour when it is not
the last member in a structure. As it happens to be in this case.
Also, the current code makes use of a language extension to the C90
standard, but the preferred mechanism to declare variable-length
types such as this one is a flexible array member, introduced in
C99:
struct foo {
int stuff;
struct boo array[];
};
By making use of the mechanism above, we will get a compiler warning
in case the flexible array does not occur last. Which is beneficial
to cultivate a high-quality code.
Fixes: e48f129c2f20 ("[SCSI] cxgb3i: convert cdev->l2opt to use rcu to prevent NULL dereference")
Signed-off-by: Gustavo A. R. Silva <gustavo@embeddedor.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/ethernet/chelsio/cxgb3/l2t.h | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/net/ethernet/chelsio/cxgb3/l2t.h b/drivers/net/ethernet/chelsio/cxgb3/l2t.h
index c2fd323c40782..ea75f275023ff 100644
--- a/drivers/net/ethernet/chelsio/cxgb3/l2t.h
+++ b/drivers/net/ethernet/chelsio/cxgb3/l2t.h
@@ -75,8 +75,8 @@ struct l2t_data {
struct l2t_entry *rover; /* starting point for next allocation */
atomic_t nfree; /* number of free entries */
rwlock_t lock;
- struct l2t_entry l2tab[0];
struct rcu_head rcu_head; /* to handle rcu cleanup */
+ struct l2t_entry l2tab[];
};
typedef void (*arp_failure_handler_func)(struct t3cdev * dev,
--
2.20.1
^ permalink raw reply related [flat|nested] 429+ messages in thread
* [PATCH 5.1 278/405] clk: renesas: rcar-gen3: Correct parent clock of SYS-DMAC
2019-05-30 2:59 [PATCH 5.1 000/405] 5.1.6-stable review Greg Kroah-Hartman
` (276 preceding siblings ...)
2019-05-30 3:04 ` [PATCH 5.1 277/405] cxgb3/l2t: Fix undefined behaviour Greg Kroah-Hartman
@ 2019-05-30 3:04 ` Greg Kroah-Hartman
2019-05-30 3:04 ` Greg Kroah-Hartman
` (131 subsequent siblings)
409 siblings, 0 replies; 429+ messages in thread
From: Greg Kroah-Hartman @ 2019-05-30 3:04 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Takeshi Kihara, Geert Uytterhoeven,
Simon Horman, Sasha Levin
[ Upstream commit 3c772f71a552d343a96868ed9a809f9047be94f5 ]
The clock sources of the AXI BUS clock (266.66 MHz) used for SYS-DMAC
DMA transfers are:
Channel R-Car H3 R-Car M3-W R-Car M3-N
-------------------------------------------------
SYS-DMAC0 S0D3 S0D3 S0D3
SYS-DMAC1 S3D1 S3D1 S3D1
SYS-DMAC2 S3D1 S3D1 S3D1
As a result, change the parent clocks of the SYS-DMAC{1,2} module clocks
on R-Car H3, R-Car M3-W, and R-Car M3-N to S3D1.
NOTE: This information will be reflected in a future revision of the
R-Car Gen3 Hardware Manual.
Signed-off-by: Takeshi Kihara <takeshi.kihara.df@renesas.com>
[geert: Update RZ/G2M]
Signed-off-by: Geert Uytterhoeven <geert+renesas@glider.be>
Reviewed-by: Simon Horman <horms+renesas@verge.net.au>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/clk/renesas/r8a774a1-cpg-mssr.c | 4 ++--
drivers/clk/renesas/r8a7795-cpg-mssr.c | 4 ++--
drivers/clk/renesas/r8a7796-cpg-mssr.c | 4 ++--
drivers/clk/renesas/r8a77965-cpg-mssr.c | 4 ++--
4 files changed, 8 insertions(+), 8 deletions(-)
diff --git a/drivers/clk/renesas/r8a774a1-cpg-mssr.c b/drivers/clk/renesas/r8a774a1-cpg-mssr.c
index 4d92b27a61538..047599579c651 100644
--- a/drivers/clk/renesas/r8a774a1-cpg-mssr.c
+++ b/drivers/clk/renesas/r8a774a1-cpg-mssr.c
@@ -123,8 +123,8 @@ static const struct mssr_mod_clk r8a774a1_mod_clks[] __initconst = {
DEF_MOD("msiof2", 209, R8A774A1_CLK_MSO),
DEF_MOD("msiof1", 210, R8A774A1_CLK_MSO),
DEF_MOD("msiof0", 211, R8A774A1_CLK_MSO),
- DEF_MOD("sys-dmac2", 217, R8A774A1_CLK_S0D3),
- DEF_MOD("sys-dmac1", 218, R8A774A1_CLK_S0D3),
+ DEF_MOD("sys-dmac2", 217, R8A774A1_CLK_S3D1),
+ DEF_MOD("sys-dmac1", 218, R8A774A1_CLK_S3D1),
DEF_MOD("sys-dmac0", 219, R8A774A1_CLK_S0D3),
DEF_MOD("cmt3", 300, R8A774A1_CLK_R),
DEF_MOD("cmt2", 301, R8A774A1_CLK_R),
diff --git a/drivers/clk/renesas/r8a7795-cpg-mssr.c b/drivers/clk/renesas/r8a7795-cpg-mssr.c
index 86842c9fd314e..eade38e9ed36b 100644
--- a/drivers/clk/renesas/r8a7795-cpg-mssr.c
+++ b/drivers/clk/renesas/r8a7795-cpg-mssr.c
@@ -129,8 +129,8 @@ static struct mssr_mod_clk r8a7795_mod_clks[] __initdata = {
DEF_MOD("msiof2", 209, R8A7795_CLK_MSO),
DEF_MOD("msiof1", 210, R8A7795_CLK_MSO),
DEF_MOD("msiof0", 211, R8A7795_CLK_MSO),
- DEF_MOD("sys-dmac2", 217, R8A7795_CLK_S0D3),
- DEF_MOD("sys-dmac1", 218, R8A7795_CLK_S0D3),
+ DEF_MOD("sys-dmac2", 217, R8A7795_CLK_S3D1),
+ DEF_MOD("sys-dmac1", 218, R8A7795_CLK_S3D1),
DEF_MOD("sys-dmac0", 219, R8A7795_CLK_S0D3),
DEF_MOD("sceg-pub", 229, R8A7795_CLK_CR),
DEF_MOD("cmt3", 300, R8A7795_CLK_R),
diff --git a/drivers/clk/renesas/r8a7796-cpg-mssr.c b/drivers/clk/renesas/r8a7796-cpg-mssr.c
index 12c455859f2c2..654f3ea88f335 100644
--- a/drivers/clk/renesas/r8a7796-cpg-mssr.c
+++ b/drivers/clk/renesas/r8a7796-cpg-mssr.c
@@ -126,8 +126,8 @@ static const struct mssr_mod_clk r8a7796_mod_clks[] __initconst = {
DEF_MOD("msiof2", 209, R8A7796_CLK_MSO),
DEF_MOD("msiof1", 210, R8A7796_CLK_MSO),
DEF_MOD("msiof0", 211, R8A7796_CLK_MSO),
- DEF_MOD("sys-dmac2", 217, R8A7796_CLK_S0D3),
- DEF_MOD("sys-dmac1", 218, R8A7796_CLK_S0D3),
+ DEF_MOD("sys-dmac2", 217, R8A7796_CLK_S3D1),
+ DEF_MOD("sys-dmac1", 218, R8A7796_CLK_S3D1),
DEF_MOD("sys-dmac0", 219, R8A7796_CLK_S0D3),
DEF_MOD("cmt3", 300, R8A7796_CLK_R),
DEF_MOD("cmt2", 301, R8A7796_CLK_R),
diff --git a/drivers/clk/renesas/r8a77965-cpg-mssr.c b/drivers/clk/renesas/r8a77965-cpg-mssr.c
index eb1cca58a1e1f..13d1f88be04a5 100644
--- a/drivers/clk/renesas/r8a77965-cpg-mssr.c
+++ b/drivers/clk/renesas/r8a77965-cpg-mssr.c
@@ -123,8 +123,8 @@ static const struct mssr_mod_clk r8a77965_mod_clks[] __initconst = {
DEF_MOD("msiof2", 209, R8A77965_CLK_MSO),
DEF_MOD("msiof1", 210, R8A77965_CLK_MSO),
DEF_MOD("msiof0", 211, R8A77965_CLK_MSO),
- DEF_MOD("sys-dmac2", 217, R8A77965_CLK_S0D3),
- DEF_MOD("sys-dmac1", 218, R8A77965_CLK_S0D3),
+ DEF_MOD("sys-dmac2", 217, R8A77965_CLK_S3D1),
+ DEF_MOD("sys-dmac1", 218, R8A77965_CLK_S3D1),
DEF_MOD("sys-dmac0", 219, R8A77965_CLK_S0D3),
DEF_MOD("cmt3", 300, R8A77965_CLK_R),
--
2.20.1
^ permalink raw reply related [flat|nested] 429+ messages in thread
* [PATCH 5.1 279/405] block: avoid to break XEN by multi-page bvec
2019-05-30 2:59 [PATCH 5.1 000/405] 5.1.6-stable review Greg Kroah-Hartman
2019-05-30 2:59 ` [PATCH 5.1 001/405] x86: Hide the int3_emulate_call/jmp functions from UML Greg Kroah-Hartman
@ 2019-05-30 3:04 ` Greg Kroah-Hartman
2019-05-30 3:00 ` [PATCH 5.1 003/405] ext4: wait for outstanding dio during truncate in nojournal mode Greg Kroah-Hartman
` (407 subsequent siblings)
409 siblings, 0 replies; 429+ messages in thread
From: Greg Kroah-Hartman @ 2019-05-30 3:04 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, ris Ostrovsky, xen-devel,
Omar Sandoval, Christoph Hellwig, Juergen Gross, Ming Lei,
Jens Axboe, Sasha Levin
[ Upstream commit db5ebd6edd2627d7e81a031643cf43587f63e66c ]
XEN has special page merge requirement, see xen_biovec_phys_mergeable().
We can't merge pages into one bvec simply for XEN.
So move XEN's specific check on page merge into __bio_try_merge_page(),
then abvoid to break XEN by multi-page bvec.
Cc: ris Ostrovsky <boris.ostrovsky@oracle.com>
Cc: xen-devel@lists.xenproject.org
Cc: Omar Sandoval <osandov@fb.com>
Cc: Christoph Hellwig <hch@lst.de>
Reviewed-by: Juergen Gross <jgross@suse.com>
Signed-off-by: Ming Lei <ming.lei@redhat.com>
Signed-off-by: Jens Axboe <axboe@kernel.dk>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
block/bio.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/block/bio.c b/block/bio.c
index 716510ecd7ffa..a3c80a6c1fe51 100644
--- a/block/bio.c
+++ b/block/bio.c
@@ -776,6 +776,8 @@ bool __bio_try_merge_page(struct bio *bio, struct page *page,
if (vec_end_addr + 1 != page_addr + off)
return false;
+ if (xen_domain() && !xen_biovec_phys_mergeable(bv, page))
+ return false;
if (same_page && (vec_end_addr & PAGE_MASK) != page_addr)
return false;
--
2.20.1
^ permalink raw reply related [flat|nested] 429+ messages in thread
* [PATCH 5.1 279/405] block: avoid to break XEN by multi-page bvec
@ 2019-05-30 3:04 ` Greg Kroah-Hartman
0 siblings, 0 replies; 429+ messages in thread
From: Greg Kroah-Hartman @ 2019-05-30 3:04 UTC (permalink / raw)
To: linux-kernel
Cc: Juergen Gross, Jens Axboe, Sasha Levin, Greg Kroah-Hartman,
stable, Omar Sandoval, xen-devel, ris Ostrovsky, Ming Lei,
Christoph Hellwig
[ Upstream commit db5ebd6edd2627d7e81a031643cf43587f63e66c ]
XEN has special page merge requirement, see xen_biovec_phys_mergeable().
We can't merge pages into one bvec simply for XEN.
So move XEN's specific check on page merge into __bio_try_merge_page(),
then abvoid to break XEN by multi-page bvec.
Cc: ris Ostrovsky <boris.ostrovsky@oracle.com>
Cc: xen-devel@lists.xenproject.org
Cc: Omar Sandoval <osandov@fb.com>
Cc: Christoph Hellwig <hch@lst.de>
Reviewed-by: Juergen Gross <jgross@suse.com>
Signed-off-by: Ming Lei <ming.lei@redhat.com>
Signed-off-by: Jens Axboe <axboe@kernel.dk>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
block/bio.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/block/bio.c b/block/bio.c
index 716510ecd7ffa..a3c80a6c1fe51 100644
--- a/block/bio.c
+++ b/block/bio.c
@@ -776,6 +776,8 @@ bool __bio_try_merge_page(struct bio *bio, struct page *page,
if (vec_end_addr + 1 != page_addr + off)
return false;
+ if (xen_domain() && !xen_biovec_phys_mergeable(bv, page))
+ return false;
if (same_page && (vec_end_addr & PAGE_MASK) != page_addr)
return false;
--
2.20.1
_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xenproject.org
https://lists.xenproject.org/mailman/listinfo/xen-devel
^ permalink raw reply related [flat|nested] 429+ messages in thread
* [Xen-devel] [PATCH 5.1 279/405] block: avoid to break XEN by multi-page bvec
@ 2019-05-30 3:04 ` Greg Kroah-Hartman
0 siblings, 0 replies; 429+ messages in thread
From: Greg Kroah-Hartman @ 2019-05-30 3:04 UTC (permalink / raw)
To: linux-kernel
Cc: Juergen Gross, Jens Axboe, Sasha Levin, Greg Kroah-Hartman,
stable, Omar Sandoval, xen-devel, ris Ostrovsky, Ming Lei,
Christoph Hellwig
[ Upstream commit db5ebd6edd2627d7e81a031643cf43587f63e66c ]
XEN has special page merge requirement, see xen_biovec_phys_mergeable().
We can't merge pages into one bvec simply for XEN.
So move XEN's specific check on page merge into __bio_try_merge_page(),
then abvoid to break XEN by multi-page bvec.
Cc: ris Ostrovsky <boris.ostrovsky@oracle.com>
Cc: xen-devel@lists.xenproject.org
Cc: Omar Sandoval <osandov@fb.com>
Cc: Christoph Hellwig <hch@lst.de>
Reviewed-by: Juergen Gross <jgross@suse.com>
Signed-off-by: Ming Lei <ming.lei@redhat.com>
Signed-off-by: Jens Axboe <axboe@kernel.dk>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
block/bio.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/block/bio.c b/block/bio.c
index 716510ecd7ffa..a3c80a6c1fe51 100644
--- a/block/bio.c
+++ b/block/bio.c
@@ -776,6 +776,8 @@ bool __bio_try_merge_page(struct bio *bio, struct page *page,
if (vec_end_addr + 1 != page_addr + off)
return false;
+ if (xen_domain() && !xen_biovec_phys_mergeable(bv, page))
+ return false;
if (same_page && (vec_end_addr & PAGE_MASK) != page_addr)
return false;
--
2.20.1
_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xenproject.org
https://lists.xenproject.org/mailman/listinfo/xen-devel
^ permalink raw reply related [flat|nested] 429+ messages in thread
* [PATCH 5.1 280/405] block: pass page to xen_biovec_phys_mergeable
2019-05-30 2:59 [PATCH 5.1 000/405] 5.1.6-stable review Greg Kroah-Hartman
2019-05-30 2:59 ` [PATCH 5.1 001/405] x86: Hide the int3_emulate_call/jmp functions from UML Greg Kroah-Hartman
@ 2019-05-30 3:04 ` Greg Kroah-Hartman
2019-05-30 3:00 ` [PATCH 5.1 003/405] ext4: wait for outstanding dio during truncate in nojournal mode Greg Kroah-Hartman
` (407 subsequent siblings)
409 siblings, 0 replies; 429+ messages in thread
From: Greg Kroah-Hartman @ 2019-05-30 3:04 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, ris Ostrovsky, Juergen Gross,
xen-devel, Omar Sandoval, Christoph Hellwig, Ming Lei,
Jens Axboe, Sasha Levin
[ Upstream commit 0383ad4374f7ad7edd925a2ee4753035c3f5508a ]
xen_biovec_phys_mergeable() only needs .bv_page of the 2nd bio bvec
for checking if the two bvecs can be merged, so pass page to
xen_biovec_phys_mergeable() directly.
No function change.
Cc: ris Ostrovsky <boris.ostrovsky@oracle.com>
Cc: Juergen Gross <jgross@suse.com>
Cc: xen-devel@lists.xenproject.org
Cc: Omar Sandoval <osandov@fb.com>
Cc: Christoph Hellwig <hch@lst.de>
Reviewed-by: Christoph Hellwig <hch@lst.de>
Reviewed-by: Boris Ostrovsky <boris.ostrovsky@oracle.com>
Signed-off-by: Ming Lei <ming.lei@redhat.com>
Signed-off-by: Jens Axboe <axboe@kernel.dk>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
block/blk.h | 2 +-
drivers/xen/biomerge.c | 5 +++--
include/xen/xen.h | 4 +++-
3 files changed, 7 insertions(+), 4 deletions(-)
diff --git a/block/blk.h b/block/blk.h
index 5d636ee416630..e27fd1512e4bb 100644
--- a/block/blk.h
+++ b/block/blk.h
@@ -75,7 +75,7 @@ static inline bool biovec_phys_mergeable(struct request_queue *q,
if (addr1 + vec1->bv_len != addr2)
return false;
- if (xen_domain() && !xen_biovec_phys_mergeable(vec1, vec2))
+ if (xen_domain() && !xen_biovec_phys_mergeable(vec1, vec2->bv_page))
return false;
if ((addr1 | mask) != ((addr2 + vec2->bv_len - 1) | mask))
return false;
diff --git a/drivers/xen/biomerge.c b/drivers/xen/biomerge.c
index f3fbb700f5697..05a286d24f148 100644
--- a/drivers/xen/biomerge.c
+++ b/drivers/xen/biomerge.c
@@ -4,12 +4,13 @@
#include <xen/xen.h>
#include <xen/page.h>
+/* check if @page can be merged with 'vec1' */
bool xen_biovec_phys_mergeable(const struct bio_vec *vec1,
- const struct bio_vec *vec2)
+ const struct page *page)
{
#if XEN_PAGE_SIZE == PAGE_SIZE
unsigned long bfn1 = pfn_to_bfn(page_to_pfn(vec1->bv_page));
- unsigned long bfn2 = pfn_to_bfn(page_to_pfn(vec2->bv_page));
+ unsigned long bfn2 = pfn_to_bfn(page_to_pfn(page));
return bfn1 + PFN_DOWN(vec1->bv_offset + vec1->bv_len) == bfn2;
#else
diff --git a/include/xen/xen.h b/include/xen/xen.h
index 19d032373de5a..19a72f591e2bd 100644
--- a/include/xen/xen.h
+++ b/include/xen/xen.h
@@ -43,8 +43,10 @@ extern struct hvm_start_info pvh_start_info;
#endif /* CONFIG_XEN_DOM0 */
struct bio_vec;
+struct page;
+
bool xen_biovec_phys_mergeable(const struct bio_vec *vec1,
- const struct bio_vec *vec2);
+ const struct page *page);
#if defined(CONFIG_MEMORY_HOTPLUG) && defined(CONFIG_XEN_BALLOON)
extern u64 xen_saved_max_mem_size;
--
2.20.1
^ permalink raw reply related [flat|nested] 429+ messages in thread
* [PATCH 5.1 280/405] block: pass page to xen_biovec_phys_mergeable
@ 2019-05-30 3:04 ` Greg Kroah-Hartman
0 siblings, 0 replies; 429+ messages in thread
From: Greg Kroah-Hartman @ 2019-05-30 3:04 UTC (permalink / raw)
To: linux-kernel
Cc: Juergen Gross, Jens Axboe, Sasha Levin, Greg Kroah-Hartman,
stable, Christoph Hellwig, xen-devel, ris Ostrovsky, Ming Lei,
Omar Sandoval
[ Upstream commit 0383ad4374f7ad7edd925a2ee4753035c3f5508a ]
xen_biovec_phys_mergeable() only needs .bv_page of the 2nd bio bvec
for checking if the two bvecs can be merged, so pass page to
xen_biovec_phys_mergeable() directly.
No function change.
Cc: ris Ostrovsky <boris.ostrovsky@oracle.com>
Cc: Juergen Gross <jgross@suse.com>
Cc: xen-devel@lists.xenproject.org
Cc: Omar Sandoval <osandov@fb.com>
Cc: Christoph Hellwig <hch@lst.de>
Reviewed-by: Christoph Hellwig <hch@lst.de>
Reviewed-by: Boris Ostrovsky <boris.ostrovsky@oracle.com>
Signed-off-by: Ming Lei <ming.lei@redhat.com>
Signed-off-by: Jens Axboe <axboe@kernel.dk>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
block/blk.h | 2 +-
drivers/xen/biomerge.c | 5 +++--
include/xen/xen.h | 4 +++-
3 files changed, 7 insertions(+), 4 deletions(-)
diff --git a/block/blk.h b/block/blk.h
index 5d636ee416630..e27fd1512e4bb 100644
--- a/block/blk.h
+++ b/block/blk.h
@@ -75,7 +75,7 @@ static inline bool biovec_phys_mergeable(struct request_queue *q,
if (addr1 + vec1->bv_len != addr2)
return false;
- if (xen_domain() && !xen_biovec_phys_mergeable(vec1, vec2))
+ if (xen_domain() && !xen_biovec_phys_mergeable(vec1, vec2->bv_page))
return false;
if ((addr1 | mask) != ((addr2 + vec2->bv_len - 1) | mask))
return false;
diff --git a/drivers/xen/biomerge.c b/drivers/xen/biomerge.c
index f3fbb700f5697..05a286d24f148 100644
--- a/drivers/xen/biomerge.c
+++ b/drivers/xen/biomerge.c
@@ -4,12 +4,13 @@
#include <xen/xen.h>
#include <xen/page.h>
+/* check if @page can be merged with 'vec1' */
bool xen_biovec_phys_mergeable(const struct bio_vec *vec1,
- const struct bio_vec *vec2)
+ const struct page *page)
{
#if XEN_PAGE_SIZE == PAGE_SIZE
unsigned long bfn1 = pfn_to_bfn(page_to_pfn(vec1->bv_page));
- unsigned long bfn2 = pfn_to_bfn(page_to_pfn(vec2->bv_page));
+ unsigned long bfn2 = pfn_to_bfn(page_to_pfn(page));
return bfn1 + PFN_DOWN(vec1->bv_offset + vec1->bv_len) == bfn2;
#else
diff --git a/include/xen/xen.h b/include/xen/xen.h
index 19d032373de5a..19a72f591e2bd 100644
--- a/include/xen/xen.h
+++ b/include/xen/xen.h
@@ -43,8 +43,10 @@ extern struct hvm_start_info pvh_start_info;
#endif /* CONFIG_XEN_DOM0 */
struct bio_vec;
+struct page;
+
bool xen_biovec_phys_mergeable(const struct bio_vec *vec1,
- const struct bio_vec *vec2);
+ const struct page *page);
#if defined(CONFIG_MEMORY_HOTPLUG) && defined(CONFIG_XEN_BALLOON)
extern u64 xen_saved_max_mem_size;
--
2.20.1
_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xenproject.org
https://lists.xenproject.org/mailman/listinfo/xen-devel
^ permalink raw reply related [flat|nested] 429+ messages in thread
* [Xen-devel] [PATCH 5.1 280/405] block: pass page to xen_biovec_phys_mergeable
@ 2019-05-30 3:04 ` Greg Kroah-Hartman
0 siblings, 0 replies; 429+ messages in thread
From: Greg Kroah-Hartman @ 2019-05-30 3:04 UTC (permalink / raw)
To: linux-kernel
Cc: Juergen Gross, Jens Axboe, Sasha Levin, Greg Kroah-Hartman,
stable, Christoph Hellwig, xen-devel, ris Ostrovsky, Ming Lei,
Omar Sandoval
[ Upstream commit 0383ad4374f7ad7edd925a2ee4753035c3f5508a ]
xen_biovec_phys_mergeable() only needs .bv_page of the 2nd bio bvec
for checking if the two bvecs can be merged, so pass page to
xen_biovec_phys_mergeable() directly.
No function change.
Cc: ris Ostrovsky <boris.ostrovsky@oracle.com>
Cc: Juergen Gross <jgross@suse.com>
Cc: xen-devel@lists.xenproject.org
Cc: Omar Sandoval <osandov@fb.com>
Cc: Christoph Hellwig <hch@lst.de>
Reviewed-by: Christoph Hellwig <hch@lst.de>
Reviewed-by: Boris Ostrovsky <boris.ostrovsky@oracle.com>
Signed-off-by: Ming Lei <ming.lei@redhat.com>
Signed-off-by: Jens Axboe <axboe@kernel.dk>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
block/blk.h | 2 +-
drivers/xen/biomerge.c | 5 +++--
include/xen/xen.h | 4 +++-
3 files changed, 7 insertions(+), 4 deletions(-)
diff --git a/block/blk.h b/block/blk.h
index 5d636ee416630..e27fd1512e4bb 100644
--- a/block/blk.h
+++ b/block/blk.h
@@ -75,7 +75,7 @@ static inline bool biovec_phys_mergeable(struct request_queue *q,
if (addr1 + vec1->bv_len != addr2)
return false;
- if (xen_domain() && !xen_biovec_phys_mergeable(vec1, vec2))
+ if (xen_domain() && !xen_biovec_phys_mergeable(vec1, vec2->bv_page))
return false;
if ((addr1 | mask) != ((addr2 + vec2->bv_len - 1) | mask))
return false;
diff --git a/drivers/xen/biomerge.c b/drivers/xen/biomerge.c
index f3fbb700f5697..05a286d24f148 100644
--- a/drivers/xen/biomerge.c
+++ b/drivers/xen/biomerge.c
@@ -4,12 +4,13 @@
#include <xen/xen.h>
#include <xen/page.h>
+/* check if @page can be merged with 'vec1' */
bool xen_biovec_phys_mergeable(const struct bio_vec *vec1,
- const struct bio_vec *vec2)
+ const struct page *page)
{
#if XEN_PAGE_SIZE == PAGE_SIZE
unsigned long bfn1 = pfn_to_bfn(page_to_pfn(vec1->bv_page));
- unsigned long bfn2 = pfn_to_bfn(page_to_pfn(vec2->bv_page));
+ unsigned long bfn2 = pfn_to_bfn(page_to_pfn(page));
return bfn1 + PFN_DOWN(vec1->bv_offset + vec1->bv_len) == bfn2;
#else
diff --git a/include/xen/xen.h b/include/xen/xen.h
index 19d032373de5a..19a72f591e2bd 100644
--- a/include/xen/xen.h
+++ b/include/xen/xen.h
@@ -43,8 +43,10 @@ extern struct hvm_start_info pvh_start_info;
#endif /* CONFIG_XEN_DOM0 */
struct bio_vec;
+struct page;
+
bool xen_biovec_phys_mergeable(const struct bio_vec *vec1,
- const struct bio_vec *vec2);
+ const struct page *page);
#if defined(CONFIG_MEMORY_HOTPLUG) && defined(CONFIG_XEN_BALLOON)
extern u64 xen_saved_max_mem_size;
--
2.20.1
_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xenproject.org
https://lists.xenproject.org/mailman/listinfo/xen-devel
^ permalink raw reply related [flat|nested] 429+ messages in thread
* [PATCH 5.1 281/405] clk: renesas: rcar-gen3: Correct parent clock of Audio-DMAC
2019-05-30 2:59 [PATCH 5.1 000/405] 5.1.6-stable review Greg Kroah-Hartman
` (279 preceding siblings ...)
2019-05-30 3:04 ` Greg Kroah-Hartman
@ 2019-05-30 3:04 ` Greg Kroah-Hartman
2019-05-30 3:04 ` [PATCH 5.1 282/405] HID: logitech-hidpp: change low battery level threshold from 31 to 30 percent Greg Kroah-Hartman
` (128 subsequent siblings)
409 siblings, 0 replies; 429+ messages in thread
From: Greg Kroah-Hartman @ 2019-05-30 3:04 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Takeshi Kihara, Geert Uytterhoeven,
Simon Horman, Sasha Levin
[ Upstream commit b9df2ea2b8d09ad850afe4d4a0403cb23d9e0c02 ]
The clock sources of the AXI-bus clock (266.66 MHz) used for Audio-DMAC
DMA transfers are:
Channel R-Car H3 R-Car M3-W R-Car M3-N R-Car E3
---------------------------------------------------------------
Audio-DMAC0 S1D2 S1D2 S1D2 S1D2
Audio-DMAC1 S1D2 S1D2 S1D2 -
As a result, change the parent clocks of the Audio-DMAC{0,1} module
clocks on R-Car H3, R-Car M3-W, and R-Car M3-N to S1D2, and change the
parent clock of the Audio-DMAC0 module on R-Car E3 to S1D2.
NOTE: This information will be reflected in a future revision of the
R-Car Gen3 Hardware Manual.
Signed-off-by: Takeshi Kihara <takeshi.kihara.df@renesas.com>
[geert: Update R-Car D3, RZ/G2M, and RZ/G2E]
Signed-off-by: Geert Uytterhoeven <geert+renesas@glider.be>
Reviewed-by: Simon Horman <horms+renesas@verge.net.au>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/clk/renesas/r8a774a1-cpg-mssr.c | 4 ++--
drivers/clk/renesas/r8a774c0-cpg-mssr.c | 2 +-
drivers/clk/renesas/r8a7795-cpg-mssr.c | 4 ++--
drivers/clk/renesas/r8a7796-cpg-mssr.c | 4 ++--
drivers/clk/renesas/r8a77965-cpg-mssr.c | 4 ++--
drivers/clk/renesas/r8a77990-cpg-mssr.c | 2 +-
drivers/clk/renesas/r8a77995-cpg-mssr.c | 2 +-
7 files changed, 11 insertions(+), 11 deletions(-)
diff --git a/drivers/clk/renesas/r8a774a1-cpg-mssr.c b/drivers/clk/renesas/r8a774a1-cpg-mssr.c
index 047599579c651..7a4c5957939a5 100644
--- a/drivers/clk/renesas/r8a774a1-cpg-mssr.c
+++ b/drivers/clk/renesas/r8a774a1-cpg-mssr.c
@@ -143,8 +143,8 @@ static const struct mssr_mod_clk r8a774a1_mod_clks[] __initconst = {
DEF_MOD("rwdt", 402, R8A774A1_CLK_R),
DEF_MOD("intc-ex", 407, R8A774A1_CLK_CP),
DEF_MOD("intc-ap", 408, R8A774A1_CLK_S0D3),
- DEF_MOD("audmac1", 501, R8A774A1_CLK_S0D3),
- DEF_MOD("audmac0", 502, R8A774A1_CLK_S0D3),
+ DEF_MOD("audmac1", 501, R8A774A1_CLK_S1D2),
+ DEF_MOD("audmac0", 502, R8A774A1_CLK_S1D2),
DEF_MOD("hscif4", 516, R8A774A1_CLK_S3D1),
DEF_MOD("hscif3", 517, R8A774A1_CLK_S3D1),
DEF_MOD("hscif2", 518, R8A774A1_CLK_S3D1),
diff --git a/drivers/clk/renesas/r8a774c0-cpg-mssr.c b/drivers/clk/renesas/r8a774c0-cpg-mssr.c
index 34e274f2a273a..93dacd826fd04 100644
--- a/drivers/clk/renesas/r8a774c0-cpg-mssr.c
+++ b/drivers/clk/renesas/r8a774c0-cpg-mssr.c
@@ -157,7 +157,7 @@ static const struct mssr_mod_clk r8a774c0_mod_clks[] __initconst = {
DEF_MOD("intc-ex", 407, R8A774C0_CLK_CP),
DEF_MOD("intc-ap", 408, R8A774C0_CLK_S0D3),
- DEF_MOD("audmac0", 502, R8A774C0_CLK_S3D4),
+ DEF_MOD("audmac0", 502, R8A774C0_CLK_S1D2),
DEF_MOD("hscif4", 516, R8A774C0_CLK_S3D1C),
DEF_MOD("hscif3", 517, R8A774C0_CLK_S3D1C),
DEF_MOD("hscif2", 518, R8A774C0_CLK_S3D1C),
diff --git a/drivers/clk/renesas/r8a7795-cpg-mssr.c b/drivers/clk/renesas/r8a7795-cpg-mssr.c
index eade38e9ed36b..0825cd0ff2866 100644
--- a/drivers/clk/renesas/r8a7795-cpg-mssr.c
+++ b/drivers/clk/renesas/r8a7795-cpg-mssr.c
@@ -153,8 +153,8 @@ static struct mssr_mod_clk r8a7795_mod_clks[] __initdata = {
DEF_MOD("rwdt", 402, R8A7795_CLK_R),
DEF_MOD("intc-ex", 407, R8A7795_CLK_CP),
DEF_MOD("intc-ap", 408, R8A7795_CLK_S0D3),
- DEF_MOD("audmac1", 501, R8A7795_CLK_S0D3),
- DEF_MOD("audmac0", 502, R8A7795_CLK_S0D3),
+ DEF_MOD("audmac1", 501, R8A7795_CLK_S1D2),
+ DEF_MOD("audmac0", 502, R8A7795_CLK_S1D2),
DEF_MOD("drif7", 508, R8A7795_CLK_S3D2),
DEF_MOD("drif6", 509, R8A7795_CLK_S3D2),
DEF_MOD("drif5", 510, R8A7795_CLK_S3D2),
diff --git a/drivers/clk/renesas/r8a7796-cpg-mssr.c b/drivers/clk/renesas/r8a7796-cpg-mssr.c
index 654f3ea88f335..997cd956f12bc 100644
--- a/drivers/clk/renesas/r8a7796-cpg-mssr.c
+++ b/drivers/clk/renesas/r8a7796-cpg-mssr.c
@@ -146,8 +146,8 @@ static const struct mssr_mod_clk r8a7796_mod_clks[] __initconst = {
DEF_MOD("rwdt", 402, R8A7796_CLK_R),
DEF_MOD("intc-ex", 407, R8A7796_CLK_CP),
DEF_MOD("intc-ap", 408, R8A7796_CLK_S0D3),
- DEF_MOD("audmac1", 501, R8A7796_CLK_S0D3),
- DEF_MOD("audmac0", 502, R8A7796_CLK_S0D3),
+ DEF_MOD("audmac1", 501, R8A7796_CLK_S1D2),
+ DEF_MOD("audmac0", 502, R8A7796_CLK_S1D2),
DEF_MOD("drif7", 508, R8A7796_CLK_S3D2),
DEF_MOD("drif6", 509, R8A7796_CLK_S3D2),
DEF_MOD("drif5", 510, R8A7796_CLK_S3D2),
diff --git a/drivers/clk/renesas/r8a77965-cpg-mssr.c b/drivers/clk/renesas/r8a77965-cpg-mssr.c
index 13d1f88be04a5..afc9c72fa0940 100644
--- a/drivers/clk/renesas/r8a77965-cpg-mssr.c
+++ b/drivers/clk/renesas/r8a77965-cpg-mssr.c
@@ -146,8 +146,8 @@ static const struct mssr_mod_clk r8a77965_mod_clks[] __initconst = {
DEF_MOD("intc-ex", 407, R8A77965_CLK_CP),
DEF_MOD("intc-ap", 408, R8A77965_CLK_S0D3),
- DEF_MOD("audmac1", 501, R8A77965_CLK_S0D3),
- DEF_MOD("audmac0", 502, R8A77965_CLK_S0D3),
+ DEF_MOD("audmac1", 501, R8A77965_CLK_S1D2),
+ DEF_MOD("audmac0", 502, R8A77965_CLK_S1D2),
DEF_MOD("drif7", 508, R8A77965_CLK_S3D2),
DEF_MOD("drif6", 509, R8A77965_CLK_S3D2),
DEF_MOD("drif5", 510, R8A77965_CLK_S3D2),
diff --git a/drivers/clk/renesas/r8a77990-cpg-mssr.c b/drivers/clk/renesas/r8a77990-cpg-mssr.c
index 9a278c75c918c..03f445d47ef69 100644
--- a/drivers/clk/renesas/r8a77990-cpg-mssr.c
+++ b/drivers/clk/renesas/r8a77990-cpg-mssr.c
@@ -152,7 +152,7 @@ static const struct mssr_mod_clk r8a77990_mod_clks[] __initconst = {
DEF_MOD("intc-ex", 407, R8A77990_CLK_CP),
DEF_MOD("intc-ap", 408, R8A77990_CLK_S0D3),
- DEF_MOD("audmac0", 502, R8A77990_CLK_S3D4),
+ DEF_MOD("audmac0", 502, R8A77990_CLK_S1D2),
DEF_MOD("drif7", 508, R8A77990_CLK_S3D2),
DEF_MOD("drif6", 509, R8A77990_CLK_S3D2),
DEF_MOD("drif5", 510, R8A77990_CLK_S3D2),
diff --git a/drivers/clk/renesas/r8a77995-cpg-mssr.c b/drivers/clk/renesas/r8a77995-cpg-mssr.c
index eee3874865a95..68707277b17b4 100644
--- a/drivers/clk/renesas/r8a77995-cpg-mssr.c
+++ b/drivers/clk/renesas/r8a77995-cpg-mssr.c
@@ -133,7 +133,7 @@ static const struct mssr_mod_clk r8a77995_mod_clks[] __initconst = {
DEF_MOD("rwdt", 402, R8A77995_CLK_R),
DEF_MOD("intc-ex", 407, R8A77995_CLK_CP),
DEF_MOD("intc-ap", 408, R8A77995_CLK_S1D2),
- DEF_MOD("audmac0", 502, R8A77995_CLK_S3D1),
+ DEF_MOD("audmac0", 502, R8A77995_CLK_S1D2),
DEF_MOD("hscif3", 517, R8A77995_CLK_S3D1C),
DEF_MOD("hscif0", 520, R8A77995_CLK_S3D1C),
DEF_MOD("thermal", 522, R8A77995_CLK_CP),
--
2.20.1
^ permalink raw reply related [flat|nested] 429+ messages in thread
* [PATCH 5.1 282/405] HID: logitech-hidpp: change low battery level threshold from 31 to 30 percent
2019-05-30 2:59 [PATCH 5.1 000/405] 5.1.6-stable review Greg Kroah-Hartman
` (280 preceding siblings ...)
2019-05-30 3:04 ` [PATCH 5.1 281/405] clk: renesas: rcar-gen3: Correct parent clock of Audio-DMAC Greg Kroah-Hartman
@ 2019-05-30 3:04 ` Greg Kroah-Hartman
2019-05-30 3:04 ` [PATCH 5.1 283/405] spi: tegra114: reset controller on probe Greg Kroah-Hartman
` (127 subsequent siblings)
409 siblings, 0 replies; 429+ messages in thread
From: Greg Kroah-Hartman @ 2019-05-30 3:04 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Hans de Goede, Jiri Kosina, Sasha Levin
[ Upstream commit 1f87b0cd32b3456d7efdfb017fcf74d0bfe3ec29 ]
According to hidpp20_batterylevel_get_battery_info my Logitech K270
keyboard reports only 2 battery levels. This matches with what I've seen
after testing with batteries at varying level of fullness, it always
reports either 5% or 30%.
Windows reports "battery good" for the 30% level. I've captured an USB
trace of Windows reading the battery and it is getting the same info
as the Linux hidpp code gets.
Now that Linux handles these devices as hidpp devices, it reports the
battery as being low as it treats anything under 31% as low, this leads
to the user constantly getting a "Keyboard battery is low" warning from
GNOME3, which is very annoying.
This commit fixes this by changing the low threshold to anything under
30%, which I assume is what Windows does.
Signed-off-by: Hans de Goede <hdegoede@redhat.com>
Signed-off-by: Jiri Kosina <jkosina@suse.cz>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/hid/hid-logitech-hidpp.c | 6 +++++-
1 file changed, 5 insertions(+), 1 deletion(-)
diff --git a/drivers/hid/hid-logitech-hidpp.c b/drivers/hid/hid-logitech-hidpp.c
index ffd30c7492df8..e74fa990ba133 100644
--- a/drivers/hid/hid-logitech-hidpp.c
+++ b/drivers/hid/hid-logitech-hidpp.c
@@ -1021,7 +1021,11 @@ static int hidpp_map_battery_level(int capacity)
{
if (capacity < 11)
return POWER_SUPPLY_CAPACITY_LEVEL_CRITICAL;
- else if (capacity < 31)
+ /*
+ * The spec says this should be < 31 but some devices report 30
+ * with brand new batteries and Windows reports 30 as "Good".
+ */
+ else if (capacity < 30)
return POWER_SUPPLY_CAPACITY_LEVEL_LOW;
else if (capacity < 81)
return POWER_SUPPLY_CAPACITY_LEVEL_NORMAL;
--
2.20.1
^ permalink raw reply related [flat|nested] 429+ messages in thread
* [PATCH 5.1 283/405] spi: tegra114: reset controller on probe
2019-05-30 2:59 [PATCH 5.1 000/405] 5.1.6-stable review Greg Kroah-Hartman
` (281 preceding siblings ...)
2019-05-30 3:04 ` [PATCH 5.1 282/405] HID: logitech-hidpp: change low battery level threshold from 31 to 30 percent Greg Kroah-Hartman
@ 2019-05-30 3:04 ` Greg Kroah-Hartman
2019-05-30 3:04 ` [PATCH 5.1 284/405] habanalabs: prevent CPU soft lockup on Palladium Greg Kroah-Hartman
` (126 subsequent siblings)
409 siblings, 0 replies; 429+ messages in thread
From: Greg Kroah-Hartman @ 2019-05-30 3:04 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Sowjanya Komatineni, Mark Brown, Sasha Levin
[ Upstream commit 019194933339b3e9b486639c8cb3692020844d65 ]
Fixes: SPI driver can be built as module so perform SPI controller reset
on probe to make sure it is in valid state before initiating transfer.
Signed-off-by: Sowjanya Komatineni <skomatineni@nvidia.com>
Signed-off-by: Mark Brown <broonie@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/spi/spi-tegra114.c | 32 ++++++++++++++++++--------------
1 file changed, 18 insertions(+), 14 deletions(-)
diff --git a/drivers/spi/spi-tegra114.c b/drivers/spi/spi-tegra114.c
index a76acedd7e2f4..a1888dc6a938a 100644
--- a/drivers/spi/spi-tegra114.c
+++ b/drivers/spi/spi-tegra114.c
@@ -1067,27 +1067,19 @@ static int tegra_spi_probe(struct platform_device *pdev)
spi_irq = platform_get_irq(pdev, 0);
tspi->irq = spi_irq;
- ret = request_threaded_irq(tspi->irq, tegra_spi_isr,
- tegra_spi_isr_thread, IRQF_ONESHOT,
- dev_name(&pdev->dev), tspi);
- if (ret < 0) {
- dev_err(&pdev->dev, "Failed to register ISR for IRQ %d\n",
- tspi->irq);
- goto exit_free_master;
- }
tspi->clk = devm_clk_get(&pdev->dev, "spi");
if (IS_ERR(tspi->clk)) {
dev_err(&pdev->dev, "can not get clock\n");
ret = PTR_ERR(tspi->clk);
- goto exit_free_irq;
+ goto exit_free_master;
}
tspi->rst = devm_reset_control_get_exclusive(&pdev->dev, "spi");
if (IS_ERR(tspi->rst)) {
dev_err(&pdev->dev, "can not get reset\n");
ret = PTR_ERR(tspi->rst);
- goto exit_free_irq;
+ goto exit_free_master;
}
tspi->max_buf_size = SPI_FIFO_DEPTH << 2;
@@ -1095,7 +1087,7 @@ static int tegra_spi_probe(struct platform_device *pdev)
ret = tegra_spi_init_dma_param(tspi, true);
if (ret < 0)
- goto exit_free_irq;
+ goto exit_free_master;
ret = tegra_spi_init_dma_param(tspi, false);
if (ret < 0)
goto exit_rx_dma_free;
@@ -1117,18 +1109,32 @@ static int tegra_spi_probe(struct platform_device *pdev)
dev_err(&pdev->dev, "pm runtime get failed, e = %d\n", ret);
goto exit_pm_disable;
}
+
+ reset_control_assert(tspi->rst);
+ udelay(2);
+ reset_control_deassert(tspi->rst);
tspi->def_command1_reg = SPI_M_S;
tegra_spi_writel(tspi, tspi->def_command1_reg, SPI_COMMAND1);
pm_runtime_put(&pdev->dev);
+ ret = request_threaded_irq(tspi->irq, tegra_spi_isr,
+ tegra_spi_isr_thread, IRQF_ONESHOT,
+ dev_name(&pdev->dev), tspi);
+ if (ret < 0) {
+ dev_err(&pdev->dev, "Failed to register ISR for IRQ %d\n",
+ tspi->irq);
+ goto exit_pm_disable;
+ }
master->dev.of_node = pdev->dev.of_node;
ret = devm_spi_register_master(&pdev->dev, master);
if (ret < 0) {
dev_err(&pdev->dev, "can not register to master err %d\n", ret);
- goto exit_pm_disable;
+ goto exit_free_irq;
}
return ret;
+exit_free_irq:
+ free_irq(spi_irq, tspi);
exit_pm_disable:
pm_runtime_disable(&pdev->dev);
if (!pm_runtime_status_suspended(&pdev->dev))
@@ -1136,8 +1142,6 @@ static int tegra_spi_probe(struct platform_device *pdev)
tegra_spi_deinit_dma_param(tspi, false);
exit_rx_dma_free:
tegra_spi_deinit_dma_param(tspi, true);
-exit_free_irq:
- free_irq(spi_irq, tspi);
exit_free_master:
spi_master_put(master);
return ret;
--
2.20.1
^ permalink raw reply related [flat|nested] 429+ messages in thread
* [PATCH 5.1 284/405] habanalabs: prevent CPU soft lockup on Palladium
2019-05-30 2:59 [PATCH 5.1 000/405] 5.1.6-stable review Greg Kroah-Hartman
` (282 preceding siblings ...)
2019-05-30 3:04 ` [PATCH 5.1 283/405] spi: tegra114: reset controller on probe Greg Kroah-Hartman
@ 2019-05-30 3:04 ` Greg Kroah-Hartman
2019-05-30 3:04 ` [PATCH 5.1 285/405] kobject: Dont trigger kobject_uevent(KOBJ_REMOVE) twice Greg Kroah-Hartman
` (125 subsequent siblings)
409 siblings, 0 replies; 429+ messages in thread
From: Greg Kroah-Hartman @ 2019-05-30 3:04 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Oded Gabbay, Sasha Levin
[ Upstream commit e850b89f50d2c1439f58d547b888ee6e43312dea ]
Unmapping ptes in the device MMU on Palladium can take a long time, which
can cause a kernel BUG of CPU soft lockup.
This patch minimize the chances for this bug by sleeping a little between
unmapping ptes.
Signed-off-by: Oded Gabbay <oded.gabbay@gmail.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/misc/habanalabs/memory.c | 11 +++++++++--
1 file changed, 9 insertions(+), 2 deletions(-)
diff --git a/drivers/misc/habanalabs/memory.c b/drivers/misc/habanalabs/memory.c
index ce1fda40a8b81..fadaf557603f5 100644
--- a/drivers/misc/habanalabs/memory.c
+++ b/drivers/misc/habanalabs/memory.c
@@ -1046,10 +1046,17 @@ static int unmap_device_va(struct hl_ctx *ctx, u64 vaddr)
mutex_lock(&ctx->mmu_lock);
- for (i = 0 ; i < phys_pg_pack->npages ; i++, next_vaddr += page_size)
+ for (i = 0 ; i < phys_pg_pack->npages ; i++, next_vaddr += page_size) {
if (hl_mmu_unmap(ctx, next_vaddr, page_size))
dev_warn_ratelimited(hdev->dev,
- "unmap failed for vaddr: 0x%llx\n", next_vaddr);
+ "unmap failed for vaddr: 0x%llx\n", next_vaddr);
+
+ /* unmapping on Palladium can be really long, so avoid a CPU
+ * soft lockup bug by sleeping a little between unmapping pages
+ */
+ if (hdev->pldm)
+ usleep_range(500, 1000);
+ }
hdev->asic_funcs->mmu_invalidate_cache(hdev, true);
--
2.20.1
^ permalink raw reply related [flat|nested] 429+ messages in thread
* [PATCH 5.1 285/405] kobject: Dont trigger kobject_uevent(KOBJ_REMOVE) twice.
2019-05-30 2:59 [PATCH 5.1 000/405] 5.1.6-stable review Greg Kroah-Hartman
` (283 preceding siblings ...)
2019-05-30 3:04 ` [PATCH 5.1 284/405] habanalabs: prevent CPU soft lockup on Palladium Greg Kroah-Hartman
@ 2019-05-30 3:04 ` Greg Kroah-Hartman
2019-05-30 3:04 ` [PATCH 5.1 286/405] media: video-mux: fix null pointer dereferences Greg Kroah-Hartman
` (124 subsequent siblings)
409 siblings, 0 replies; 429+ messages in thread
From: Greg Kroah-Hartman @ 2019-05-30 3:04 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, syzbot, Kay Sievers, Tetsuo Handa,
Sasha Levin, Dmitry Torokhov
[ Upstream commit c03a0fd0b609e2f5c669c2b7f27c8e1928e9196e ]
syzbot is hitting use-after-free bug in uinput module [1]. This is because
kobject_uevent(KOBJ_REMOVE) is called again due to commit 0f4dafc0563c6c49
("Kobject: auto-cleanup on final unref") after memory allocation fault
injection made kobject_uevent(KOBJ_REMOVE) from device_del() from
input_unregister_device() fail, while uinput_destroy_device() is expecting
that kobject_uevent(KOBJ_REMOVE) is not called after device_del() from
input_unregister_device() completed.
That commit intended to catch cases where nobody even attempted to send
"remove" uevents. But there is no guarantee that an event will ultimately
be sent. We are at the point of no return as far as the rest of the kernel
is concerned; there are no repeats or do-overs.
Also, it is not clear whether some subsystem depends on that commit.
If no subsystem depends on that commit, it will be better to remove
the state_{add,remove}_uevent_sent logic. But we don't want to risk
a regression (in a patch which will be backported) by trying to remove
that logic. Therefore, as a first step, let's avoid the use-after-free bug
by making sure that kobject_uevent(KOBJ_REMOVE) won't be triggered twice.
[1] https://syzkaller.appspot.com/bug?id=8b17c134fe938bbddd75a45afaa9e68af43a362d
Reported-by: syzbot <syzbot+f648cfb7e0b52bf7ae32@syzkaller.appspotmail.com>
Analyzed-by: Dmitry Torokhov <dmitry.torokhov@gmail.com>
Fixes: 0f4dafc0563c6c49 ("Kobject: auto-cleanup on final unref")
Cc: Kay Sievers <kay@vrfy.org>
Signed-off-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
lib/kobject_uevent.c | 11 +++++++----
1 file changed, 7 insertions(+), 4 deletions(-)
diff --git a/lib/kobject_uevent.c b/lib/kobject_uevent.c
index f05802687ba4d..7998affa45d49 100644
--- a/lib/kobject_uevent.c
+++ b/lib/kobject_uevent.c
@@ -466,6 +466,13 @@ int kobject_uevent_env(struct kobject *kobj, enum kobject_action action,
int i = 0;
int retval = 0;
+ /*
+ * Mark "remove" event done regardless of result, for some subsystems
+ * do not want to re-trigger "remove" event via automatic cleanup.
+ */
+ if (action == KOBJ_REMOVE)
+ kobj->state_remove_uevent_sent = 1;
+
pr_debug("kobject: '%s' (%p): %s\n",
kobject_name(kobj), kobj, __func__);
@@ -567,10 +574,6 @@ int kobject_uevent_env(struct kobject *kobj, enum kobject_action action,
kobj->state_add_uevent_sent = 1;
break;
- case KOBJ_REMOVE:
- kobj->state_remove_uevent_sent = 1;
- break;
-
case KOBJ_UNBIND:
zap_modalias_env(env);
break;
--
2.20.1
^ permalink raw reply related [flat|nested] 429+ messages in thread
* [PATCH 5.1 286/405] media: video-mux: fix null pointer dereferences
2019-05-30 2:59 [PATCH 5.1 000/405] 5.1.6-stable review Greg Kroah-Hartman
` (284 preceding siblings ...)
2019-05-30 3:04 ` [PATCH 5.1 285/405] kobject: Dont trigger kobject_uevent(KOBJ_REMOVE) twice Greg Kroah-Hartman
@ 2019-05-30 3:04 ` Greg Kroah-Hartman
2019-05-30 3:04 ` [PATCH 5.1 287/405] media: wl128x: prevent two potential buffer overflows Greg Kroah-Hartman
` (123 subsequent siblings)
409 siblings, 0 replies; 429+ messages in thread
From: Greg Kroah-Hartman @ 2019-05-30 3:04 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Kangjie Lu, Philipp Zabel,
Hans Verkuil, Mauro Carvalho Chehab, Sasha Levin
[ Upstream commit aeb0d0f581e2079868e64a2e5ee346d340376eae ]
devm_kcalloc may fail and return a null pointer. The fix returns
-ENOMEM upon failures to avoid null pointer dereferences.
Signed-off-by: Kangjie Lu <kjlu@umn.edu>
Reviewed-by: Philipp Zabel <p.zabel@pengutronix.de>
Signed-off-by: Hans Verkuil <hverkuil-cisco@xs4all.nl>
Signed-off-by: Mauro Carvalho Chehab <mchehab+samsung@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/media/platform/video-mux.c | 5 +++++
1 file changed, 5 insertions(+)
diff --git a/drivers/media/platform/video-mux.c b/drivers/media/platform/video-mux.c
index 0ba30756e1e40..d8cd5f5cb10d6 100644
--- a/drivers/media/platform/video-mux.c
+++ b/drivers/media/platform/video-mux.c
@@ -419,9 +419,14 @@ static int video_mux_probe(struct platform_device *pdev)
vmux->active = -1;
vmux->pads = devm_kcalloc(dev, num_pads, sizeof(*vmux->pads),
GFP_KERNEL);
+ if (!vmux->pads)
+ return -ENOMEM;
+
vmux->format_mbus = devm_kcalloc(dev, num_pads,
sizeof(*vmux->format_mbus),
GFP_KERNEL);
+ if (!vmux->format_mbus)
+ return -ENOMEM;
for (i = 0; i < num_pads; i++) {
vmux->pads[i].flags = (i < num_pads - 1) ? MEDIA_PAD_FL_SINK
--
2.20.1
^ permalink raw reply related [flat|nested] 429+ messages in thread
* [PATCH 5.1 287/405] media: wl128x: prevent two potential buffer overflows
2019-05-30 2:59 [PATCH 5.1 000/405] 5.1.6-stable review Greg Kroah-Hartman
` (285 preceding siblings ...)
2019-05-30 3:04 ` [PATCH 5.1 286/405] media: video-mux: fix null pointer dereferences Greg Kroah-Hartman
@ 2019-05-30 3:04 ` Greg Kroah-Hartman
2019-05-30 3:04 ` [PATCH 5.1 288/405] media: gspca: Kill URBs on USB device disconnect Greg Kroah-Hartman
` (122 subsequent siblings)
409 siblings, 0 replies; 429+ messages in thread
From: Greg Kroah-Hartman @ 2019-05-30 3:04 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Dan Carpenter, Hans Verkuil,
Mauro Carvalho Chehab, Sasha Levin
[ Upstream commit 9c2ccc324b3a6cbc865ab8b3e1a09e93d3c8ade9 ]
Smatch marks skb->data as untrusted so it warns that "evt_hdr->dlen"
can copy up to 255 bytes and we only have room for two bytes. Even
if this comes from the firmware and we trust it, the new policy
generally is just to fix it as kernel hardenning.
I can't test this code so I tried to be very conservative. I considered
not allowing "evt_hdr->dlen == 1" because it doesn't initialize the
whole variable but in the end I decided to allow it and manually
initialized "asic_id" and "asic_ver" to zero.
Fixes: e8454ff7b9a4 ("[media] drivers:media:radio: wl128x: FM Driver Common sources")
Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: Hans Verkuil <hverkuil-cisco@xs4all.nl>
Signed-off-by: Mauro Carvalho Chehab <mchehab+samsung@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/media/radio/wl128x/fmdrv_common.c | 7 +++++--
1 file changed, 5 insertions(+), 2 deletions(-)
diff --git a/drivers/media/radio/wl128x/fmdrv_common.c b/drivers/media/radio/wl128x/fmdrv_common.c
index 3c8987af37725..ac5706b4cab84 100644
--- a/drivers/media/radio/wl128x/fmdrv_common.c
+++ b/drivers/media/radio/wl128x/fmdrv_common.c
@@ -489,7 +489,8 @@ int fmc_send_cmd(struct fmdev *fmdev, u8 fm_op, u16 type, void *payload,
return -EIO;
}
/* Send response data to caller */
- if (response != NULL && response_len != NULL && evt_hdr->dlen) {
+ if (response != NULL && response_len != NULL && evt_hdr->dlen &&
+ evt_hdr->dlen <= payload_len) {
/* Skip header info and copy only response data */
skb_pull(skb, sizeof(struct fm_event_msg_hdr));
memcpy(response, skb->data, evt_hdr->dlen);
@@ -583,6 +584,8 @@ static void fm_irq_handle_flag_getcmd_resp(struct fmdev *fmdev)
return;
fm_evt_hdr = (void *)skb->data;
+ if (fm_evt_hdr->dlen > sizeof(fmdev->irq_info.flag))
+ return;
/* Skip header info and copy only response data */
skb_pull(skb, sizeof(struct fm_event_msg_hdr));
@@ -1308,7 +1311,7 @@ static int load_default_rx_configuration(struct fmdev *fmdev)
static int fm_power_up(struct fmdev *fmdev, u8 mode)
{
u16 payload;
- __be16 asic_id, asic_ver;
+ __be16 asic_id = 0, asic_ver = 0;
int resp_len, ret;
u8 fw_name[50];
--
2.20.1
^ permalink raw reply related [flat|nested] 429+ messages in thread
* [PATCH 5.1 288/405] media: gspca: Kill URBs on USB device disconnect
2019-05-30 2:59 [PATCH 5.1 000/405] 5.1.6-stable review Greg Kroah-Hartman
` (286 preceding siblings ...)
2019-05-30 3:04 ` [PATCH 5.1 287/405] media: wl128x: prevent two potential buffer overflows Greg Kroah-Hartman
@ 2019-05-30 3:04 ` Greg Kroah-Hartman
2019-05-30 3:04 ` [PATCH 5.1 289/405] efifb: Omit memory map check on legacy boot Greg Kroah-Hartman
` (121 subsequent siblings)
409 siblings, 0 replies; 429+ messages in thread
From: Greg Kroah-Hartman @ 2019-05-30 3:04 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Ezequiel Garcia, Hans Verkuil,
Mauro Carvalho Chehab, Sasha Levin
[ Upstream commit 9b9ea7c2b57a0c9c3341fc6db039d1f7971a432e ]
In order to prevent ISOC URBs from being infinitely resubmitted,
the driver's USB disconnect handler must kill all the in-flight URBs.
While here, change the URB packet status message to a debug level,
to avoid spamming the console too much.
This commit fixes a lockup caused by an interrupt storm coming
from the URB completion handler.
Signed-off-by: Ezequiel Garcia <ezequiel@collabora.com>
Signed-off-by: Hans Verkuil <hverkuil-cisco@xs4all.nl>
Signed-off-by: Mauro Carvalho Chehab <mchehab+samsung@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/media/usb/gspca/gspca.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/drivers/media/usb/gspca/gspca.c b/drivers/media/usb/gspca/gspca.c
index ac70b36d67b7b..128935f2a217e 100644
--- a/drivers/media/usb/gspca/gspca.c
+++ b/drivers/media/usb/gspca/gspca.c
@@ -294,7 +294,7 @@ static void fill_frame(struct gspca_dev *gspca_dev,
/* check the packet status and length */
st = urb->iso_frame_desc[i].status;
if (st) {
- pr_err("ISOC data error: [%d] len=%d, status=%d\n",
+ gspca_dbg(gspca_dev, D_PACK, "ISOC data error: [%d] len=%d, status=%d\n",
i, len, st);
gspca_dev->last_packet_type = DISCARD_PACKET;
continue;
@@ -1638,6 +1638,8 @@ void gspca_disconnect(struct usb_interface *intf)
mutex_lock(&gspca_dev->usb_lock);
gspca_dev->present = false;
+ destroy_urbs(gspca_dev);
+ gspca_input_destroy_urb(gspca_dev);
vb2_queue_error(&gspca_dev->queue);
--
2.20.1
^ permalink raw reply related [flat|nested] 429+ messages in thread
* [PATCH 5.1 289/405] efifb: Omit memory map check on legacy boot
2019-05-30 2:59 [PATCH 5.1 000/405] 5.1.6-stable review Greg Kroah-Hartman
` (287 preceding siblings ...)
2019-05-30 3:04 ` [PATCH 5.1 288/405] media: gspca: Kill URBs on USB device disconnect Greg Kroah-Hartman
@ 2019-05-30 3:04 ` Greg Kroah-Hartman
2019-05-30 3:04 ` [PATCH 5.1 290/405] media: mtk-vcodec: fix access to incorrect planes member Greg Kroah-Hartman
` (120 subsequent siblings)
409 siblings, 0 replies; 429+ messages in thread
From: Greg Kroah-Hartman @ 2019-05-30 3:04 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Takashi Iwai, Ard Biesheuvel,
Linus Torvalds, Matt Fleming, Peter Jones, Peter Zijlstra,
Thomas Gleixner, linux-efi, Ingo Molnar, Sasha Levin
[ Upstream commit c2999c281ea2d2ebbdfce96cecc7b52e2ae7c406 ]
Since the following commit:
38ac0287b7f4 ("fbdev/efifb: Honour UEFI memory map attributes when mapping the FB")
efifb_probe() checks its memory range via efi_mem_desc_lookup(),
and this leads to a spurious error message:
EFI_MEMMAP is not enabled
at every boot on KVM. This is quite annoying since the error message
appears even if you set "quiet" boot option.
Since this happens on legacy boot, which strangely enough exposes
a EFI framebuffer via screen_info, let's double check that we are
doing an EFI boot before attempting to access the EFI memory map.
Reported-by: Takashi Iwai <tiwai@suse.de>
Tested-by: Takashi Iwai <tiwai@suse.de>
Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Cc: Linus Torvalds <torvalds@linux-foundation.org>
Cc: Matt Fleming <matt@codeblueprint.co.uk>
Cc: Peter Jones <pjones@redhat.com>
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: Thomas Gleixner <tglx@linutronix.de>
Cc: linux-efi@vger.kernel.org
Link: http://lkml.kernel.org/r/20190328193429.21373-3-ard.biesheuvel@linaro.org
Signed-off-by: Ingo Molnar <mingo@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/video/fbdev/efifb.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/drivers/video/fbdev/efifb.c b/drivers/video/fbdev/efifb.c
index fd02e8a4841d6..9f39f0c360e0c 100644
--- a/drivers/video/fbdev/efifb.c
+++ b/drivers/video/fbdev/efifb.c
@@ -464,7 +464,8 @@ static int efifb_probe(struct platform_device *dev)
info->apertures->ranges[0].base = efifb_fix.smem_start;
info->apertures->ranges[0].size = size_remap;
- if (!efi_mem_desc_lookup(efifb_fix.smem_start, &md)) {
+ if (efi_enabled(EFI_BOOT) &&
+ !efi_mem_desc_lookup(efifb_fix.smem_start, &md)) {
if ((efifb_fix.smem_start + efifb_fix.smem_len) >
(md.phys_addr + (md.num_pages << EFI_PAGE_SHIFT))) {
pr_err("efifb: video memory @ 0x%lx spans multiple EFI memory regions\n",
--
2.20.1
^ permalink raw reply related [flat|nested] 429+ messages in thread
* [PATCH 5.1 290/405] media: mtk-vcodec: fix access to incorrect planes member
2019-05-30 2:59 [PATCH 5.1 000/405] 5.1.6-stable review Greg Kroah-Hartman
` (288 preceding siblings ...)
2019-05-30 3:04 ` [PATCH 5.1 289/405] efifb: Omit memory map check on legacy boot Greg Kroah-Hartman
@ 2019-05-30 3:04 ` Greg Kroah-Hartman
2019-05-30 3:04 ` [PATCH 5.1 291/405] thunderbolt: property: Fix a missing check of kzalloc Greg Kroah-Hartman
` (119 subsequent siblings)
409 siblings, 0 replies; 429+ messages in thread
From: Greg Kroah-Hartman @ 2019-05-30 3:04 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Alexandre Courbot, Ezequiel Garcia,
Hans Verkuil, Mauro Carvalho Chehab, Sasha Levin
[ Upstream commit 52fafc58c3535c9f4f53864686dbaee3bcbadcb4 ]
Commit 0650a91499e0 ("media: mtk-vcodec: Correct return type for mem2mem
buffer helpers") fixed the return types for mem2mem buffer helper
functions by changing a few local variables from vb2_buffer to
vb2_v4l2_buffer. However, it left a few accesses to vb2_buffer::planes
as-is, accidentally turning them into accesses to
vb2_v4l2_buffer::planes and resulting in values being read from/written
to the wrong place.
Fix this by inserting vb2_buf into these accesses so they mimic their
original behavior.
Fixes: 0650a91499e0 ("media: mtk-vcodec: Correct return type for mem2mem buffer helpers")
Signed-off-by: Alexandre Courbot <acourbot@chromium.org>
Reviewed-by: Ezequiel Garcia <ezequiel@collabora.com>
Signed-off-by: Hans Verkuil <hverkuil-cisco@xs4all.nl>
Signed-off-by: Mauro Carvalho Chehab <mchehab+samsung@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/media/platform/mtk-vcodec/mtk_vcodec_dec.c | 4 ++--
drivers/media/platform/mtk-vcodec/mtk_vcodec_enc.c | 10 +++++-----
2 files changed, 7 insertions(+), 7 deletions(-)
diff --git a/drivers/media/platform/mtk-vcodec/mtk_vcodec_dec.c b/drivers/media/platform/mtk-vcodec/mtk_vcodec_dec.c
index d022c65bb34c2..49babf994cb75 100644
--- a/drivers/media/platform/mtk-vcodec/mtk_vcodec_dec.c
+++ b/drivers/media/platform/mtk-vcodec/mtk_vcodec_dec.c
@@ -388,7 +388,7 @@ static void mtk_vdec_worker(struct work_struct *work)
}
buf.va = vb2_plane_vaddr(&src_buf->vb2_buf, 0);
buf.dma_addr = vb2_dma_contig_plane_dma_addr(&src_buf->vb2_buf, 0);
- buf.size = (size_t)src_buf->planes[0].bytesused;
+ buf.size = (size_t)src_buf->vb2_buf.planes[0].bytesused;
if (!buf.va) {
v4l2_m2m_job_finish(dev->m2m_dev_dec, ctx->m2m_ctx);
mtk_v4l2_err("[%d] id=%d src_addr is NULL!!",
@@ -1155,7 +1155,7 @@ static void vb2ops_vdec_buf_queue(struct vb2_buffer *vb)
src_mem.va = vb2_plane_vaddr(&src_buf->vb2_buf, 0);
src_mem.dma_addr = vb2_dma_contig_plane_dma_addr(&src_buf->vb2_buf, 0);
- src_mem.size = (size_t)src_buf->planes[0].bytesused;
+ src_mem.size = (size_t)src_buf->vb2_buf.planes[0].bytesused;
mtk_v4l2_debug(2,
"[%d] buf id=%d va=%p dma=%pad size=%zx",
ctx->id, src_buf->index,
diff --git a/drivers/media/platform/mtk-vcodec/mtk_vcodec_enc.c b/drivers/media/platform/mtk-vcodec/mtk_vcodec_enc.c
index c6b48b5925fbe..50351adafc470 100644
--- a/drivers/media/platform/mtk-vcodec/mtk_vcodec_enc.c
+++ b/drivers/media/platform/mtk-vcodec/mtk_vcodec_enc.c
@@ -894,7 +894,7 @@ static void vb2ops_venc_stop_streaming(struct vb2_queue *q)
if (q->type == V4L2_BUF_TYPE_VIDEO_CAPTURE_MPLANE) {
while ((dst_buf = v4l2_m2m_dst_buf_remove(ctx->m2m_ctx))) {
- dst_buf->planes[0].bytesused = 0;
+ dst_buf->vb2_buf.planes[0].bytesused = 0;
v4l2_m2m_buf_done(dst_buf, VB2_BUF_STATE_ERROR);
}
} else {
@@ -947,7 +947,7 @@ static int mtk_venc_encode_header(void *priv)
bs_buf.va = vb2_plane_vaddr(&dst_buf->vb2_buf, 0);
bs_buf.dma_addr = vb2_dma_contig_plane_dma_addr(&dst_buf->vb2_buf, 0);
- bs_buf.size = (size_t)dst_buf->planes[0].length;
+ bs_buf.size = (size_t)dst_buf->vb2_buf.planes[0].length;
mtk_v4l2_debug(1,
"[%d] buf id=%d va=0x%p dma_addr=0x%llx size=%zu",
@@ -976,7 +976,7 @@ static int mtk_venc_encode_header(void *priv)
}
ctx->state = MTK_STATE_HEADER;
- dst_buf->planes[0].bytesused = enc_result.bs_size;
+ dst_buf->vb2_buf.planes[0].bytesused = enc_result.bs_size;
v4l2_m2m_buf_done(dst_buf, VB2_BUF_STATE_DONE);
return 0;
@@ -1107,12 +1107,12 @@ static void mtk_venc_worker(struct work_struct *work)
if (ret) {
v4l2_m2m_buf_done(src_buf, VB2_BUF_STATE_ERROR);
- dst_buf->planes[0].bytesused = 0;
+ dst_buf->vb2_buf.planes[0].bytesused = 0;
v4l2_m2m_buf_done(dst_buf, VB2_BUF_STATE_ERROR);
mtk_v4l2_err("venc_if_encode failed=%d", ret);
} else {
v4l2_m2m_buf_done(src_buf, VB2_BUF_STATE_DONE);
- dst_buf->planes[0].bytesused = enc_result.bs_size;
+ dst_buf->vb2_buf.planes[0].bytesused = enc_result.bs_size;
v4l2_m2m_buf_done(dst_buf, VB2_BUF_STATE_DONE);
mtk_v4l2_debug(2, "venc_if_encode bs size=%d",
enc_result.bs_size);
--
2.20.1
^ permalink raw reply related [flat|nested] 429+ messages in thread
* [PATCH 5.1 291/405] thunderbolt: property: Fix a missing check of kzalloc
2019-05-30 2:59 [PATCH 5.1 000/405] 5.1.6-stable review Greg Kroah-Hartman
` (289 preceding siblings ...)
2019-05-30 3:04 ` [PATCH 5.1 290/405] media: mtk-vcodec: fix access to incorrect planes member Greg Kroah-Hartman
@ 2019-05-30 3:04 ` Greg Kroah-Hartman
2019-05-30 3:04 ` [PATCH 5.1 292/405] thunderbolt: Fix to check the return value of kmemdup Greg Kroah-Hartman
` (118 subsequent siblings)
409 siblings, 0 replies; 429+ messages in thread
From: Greg Kroah-Hartman @ 2019-05-30 3:04 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Kangjie Lu, Mukesh Ojha,
Mika Westerberg, Sasha Levin
[ Upstream commit 6183d5a51866f3acdeeb66b75e87d44025b01a55 ]
No check is enforced for the return value of kzalloc,
which may lead to NULL-pointer dereference.
The patch fixes this issue.
Signed-off-by: Kangjie Lu <kjlu@umn.edu>
Reviewed-by: Mukesh Ojha <mojha@codeaurora.org>
Signed-off-by: Mika Westerberg <mika.westerberg@linux.intel.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/thunderbolt/property.c | 7 ++++++-
1 file changed, 6 insertions(+), 1 deletion(-)
diff --git a/drivers/thunderbolt/property.c b/drivers/thunderbolt/property.c
index b2f0d6386ceea..ead18c532b53d 100644
--- a/drivers/thunderbolt/property.c
+++ b/drivers/thunderbolt/property.c
@@ -578,7 +578,12 @@ int tb_property_add_text(struct tb_property_dir *parent, const char *key,
return -ENOMEM;
property->length = size / 4;
- property->value.data = kzalloc(size, GFP_KERNEL);
+ property->value.text = kzalloc(size, GFP_KERNEL);
+ if (!property->value.text) {
+ kfree(property);
+ return -ENOMEM;
+ }
+
strcpy(property->value.text, text);
list_add_tail(&property->list, &parent->properties);
--
2.20.1
^ permalink raw reply related [flat|nested] 429+ messages in thread
* [PATCH 5.1 292/405] thunderbolt: Fix to check the return value of kmemdup
2019-05-30 2:59 [PATCH 5.1 000/405] 5.1.6-stable review Greg Kroah-Hartman
` (290 preceding siblings ...)
2019-05-30 3:04 ` [PATCH 5.1 291/405] thunderbolt: property: Fix a missing check of kzalloc Greg Kroah-Hartman
@ 2019-05-30 3:04 ` Greg Kroah-Hartman
2019-05-30 3:04 ` [PATCH 5.1 293/405] drm: rcar-du: lvds: Set LVEN and LVRES bits together on D3 Greg Kroah-Hartman
` (117 subsequent siblings)
409 siblings, 0 replies; 429+ messages in thread
From: Greg Kroah-Hartman @ 2019-05-30 3:04 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Aditya Pakki, Mukesh Ojha,
Mika Westerberg, Sasha Levin
[ Upstream commit fd21b79e541e4666c938a344f3ad2df74b4f5120 ]
uuid in add_switch is allocted via kmemdup which can fail. The patch
logs the error and cleans up the allocated memory for switch.
Signed-off-by: Aditya Pakki <pakki001@umn.edu>
Reviewed-by: Mukesh Ojha <mojha@codeaurora.org>
Signed-off-by: Mika Westerberg <mika.westerberg@linux.intel.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/thunderbolt/icm.c | 5 +++++
1 file changed, 5 insertions(+)
diff --git a/drivers/thunderbolt/icm.c b/drivers/thunderbolt/icm.c
index e3fc920af6825..8b7f9131e9d12 100644
--- a/drivers/thunderbolt/icm.c
+++ b/drivers/thunderbolt/icm.c
@@ -473,6 +473,11 @@ static void add_switch(struct tb_switch *parent_sw, u64 route,
goto out;
sw->uuid = kmemdup(uuid, sizeof(*uuid), GFP_KERNEL);
+ if (!sw->uuid) {
+ tb_sw_warn(sw, "cannot allocate memory for switch\n");
+ tb_switch_put(sw);
+ goto out;
+ }
sw->connection_id = connection_id;
sw->connection_key = connection_key;
sw->link = link;
--
2.20.1
^ permalink raw reply related [flat|nested] 429+ messages in thread
* [PATCH 5.1 293/405] drm: rcar-du: lvds: Set LVEN and LVRES bits together on D3
2019-05-30 2:59 [PATCH 5.1 000/405] 5.1.6-stable review Greg Kroah-Hartman
` (291 preceding siblings ...)
2019-05-30 3:04 ` [PATCH 5.1 292/405] thunderbolt: Fix to check the return value of kmemdup Greg Kroah-Hartman
@ 2019-05-30 3:04 ` Greg Kroah-Hartman
2019-05-30 3:04 ` [PATCH 5.1 294/405] drm: rcar-du: lvds: Fix post-DLL divider calculation Greg Kroah-Hartman
` (116 subsequent siblings)
409 siblings, 0 replies; 429+ messages in thread
From: Greg Kroah-Hartman @ 2019-05-30 3:04 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Laurent Pinchart, Jacopo Mondi, Sasha Levin
[ Upstream commit 00d082cc4ea6e42ec4fed832a1020231bb1ca150 ]
On the D3 SoC the LVDS PHY must be enabled in the same register write
that enables the LVDS output. Skip writing the LVEN bit independently
on that platform, it will be set by the write that sets LVRES.
Signed-off-by: Laurent Pinchart <laurent.pinchart+renesas@ideasonboard.com>
Reviewed-by: Jacopo Mondi <jacopo+renesas@jmondi.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/gpu/drm/rcar-du/rcar_lvds.c | 8 ++++++--
1 file changed, 6 insertions(+), 2 deletions(-)
diff --git a/drivers/gpu/drm/rcar-du/rcar_lvds.c b/drivers/gpu/drm/rcar-du/rcar_lvds.c
index 7ef97b2a6edaa..f0314790333ba 100644
--- a/drivers/gpu/drm/rcar-du/rcar_lvds.c
+++ b/drivers/gpu/drm/rcar-du/rcar_lvds.c
@@ -485,9 +485,13 @@ static void rcar_lvds_enable(struct drm_bridge *bridge)
}
if (lvds->info->quirks & RCAR_LVDS_QUIRK_GEN3_LVEN) {
- /* Turn on the LVDS PHY. */
+ /*
+ * Turn on the LVDS PHY. On D3, the LVEN and LVRES bit must be
+ * set at the same time, so don't write the register yet.
+ */
lvdcr0 |= LVDCR0_LVEN;
- rcar_lvds_write(lvds, LVDCR0, lvdcr0);
+ if (!(lvds->info->quirks & RCAR_LVDS_QUIRK_PWD))
+ rcar_lvds_write(lvds, LVDCR0, lvdcr0);
}
if (!(lvds->info->quirks & RCAR_LVDS_QUIRK_EXT_PLL)) {
--
2.20.1
^ permalink raw reply related [flat|nested] 429+ messages in thread
* [PATCH 5.1 294/405] drm: rcar-du: lvds: Fix post-DLL divider calculation
2019-05-30 2:59 [PATCH 5.1 000/405] 5.1.6-stable review Greg Kroah-Hartman
` (292 preceding siblings ...)
2019-05-30 3:04 ` [PATCH 5.1 293/405] drm: rcar-du: lvds: Set LVEN and LVRES bits together on D3 Greg Kroah-Hartman
@ 2019-05-30 3:04 ` Greg Kroah-Hartman
2019-05-30 3:04 ` [PATCH 5.1 295/405] timekeeping: Force upper bound for setting CLOCK_REALTIME Greg Kroah-Hartman
` (115 subsequent siblings)
409 siblings, 0 replies; 429+ messages in thread
From: Greg Kroah-Hartman @ 2019-05-30 3:04 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Laurent Pinchart, Kieran Bingham,
Sasha Levin
[ Upstream commit 167e535438ecc73d299340bb1269616432020dfb ]
The PLL parameters are computed by looping over the range of acceptable
M, N and E values, and selecting the combination that produces the
output frequency closest to the target. The internal frequency
constraints are taken into account by restricting the tested values for
the PLL parameters, reducing the search space. The target frequency,
however, is only taken into account when computing the post-PLL divider,
which can result in a 0 value for the divider when the PLL output
frequency being tested is lower than half of the target frequency.
Subsequent loops will produce a better set of PLL parameters, but for
some of the iterations this can result in a division by 0.
Fix it by clamping the divider value. We could instead restrict the E
values being tested in the inner loop, but that would require additional
calculation that would likely be less efficient as the E parameter can
only take three different values.
Fixes: c25c01361199 ("drm: rcar-du: lvds: D3/E3 support")
Signed-off-by: Laurent Pinchart <laurent.pinchart+renesas@ideasonboard.com>
Reviewed-by: Kieran Bingham <kieran.bingham+renesas@ideasonboard.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/gpu/drm/rcar-du/rcar_lvds.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/gpu/drm/rcar-du/rcar_lvds.c b/drivers/gpu/drm/rcar-du/rcar_lvds.c
index f0314790333ba..033f44e46daf4 100644
--- a/drivers/gpu/drm/rcar-du/rcar_lvds.c
+++ b/drivers/gpu/drm/rcar-du/rcar_lvds.c
@@ -283,7 +283,7 @@ static void rcar_lvds_d3_e3_pll_calc(struct rcar_lvds *lvds, struct clk *clk,
* divider.
*/
fout = fvco / (1 << e) / div7;
- div = DIV_ROUND_CLOSEST(fout, target);
+ div = max(1UL, DIV_ROUND_CLOSEST(fout, target));
diff = abs(fout / div - target);
if (diff < pll->diff) {
--
2.20.1
^ permalink raw reply related [flat|nested] 429+ messages in thread
* [PATCH 5.1 295/405] timekeeping: Force upper bound for setting CLOCK_REALTIME
2019-05-30 2:59 [PATCH 5.1 000/405] 5.1.6-stable review Greg Kroah-Hartman
` (293 preceding siblings ...)
2019-05-30 3:04 ` [PATCH 5.1 294/405] drm: rcar-du: lvds: Fix post-DLL divider calculation Greg Kroah-Hartman
@ 2019-05-30 3:04 ` Greg Kroah-Hartman
2019-05-30 3:04 ` [PATCH 5.1 296/405] IB/mlx5: Compare only index part of a memory window rkey Greg Kroah-Hartman
` (114 subsequent siblings)
409 siblings, 0 replies; 429+ messages in thread
From: Greg Kroah-Hartman @ 2019-05-30 3:04 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Xiongfeng Wang, Hongbo Yao,
Thomas Gleixner, John Stultz, Stephen Boyd, Miroslav Lichvar,
Arnd Bergmann, Richard Cochran, Peter Zijlstra, Sasha Levin
[ Upstream commit 7a8e61f8478639072d402a26789055a4a4de8f77 ]
Several people reported testing failures after setting CLOCK_REALTIME close
to the limits of the kernel internal representation in nanoseconds,
i.e. year 2262.
The failures are exposed in subsequent operations, i.e. when arming timers
or when the advancing CLOCK_MONOTONIC makes the calculation of
CLOCK_REALTIME overflow into negative space.
Now people start to paper over the underlying problem by clamping
calculations to the valid range, but that's just wrong because such
workarounds will prevent detection of real issues as well.
It is reasonable to force an upper bound for the various methods of setting
CLOCK_REALTIME. Year 2262 is the absolute upper bound. Assume a maximum
uptime of 30 years which is plenty enough even for esoteric embedded
systems. That results in an upper bound of year 2232 for setting the time.
Once that limit is reached in reality this limit is only a small part of
the problem space. But until then this stops people from trying to paper
over the problem at the wrong places.
Reported-by: Xiongfeng Wang <wangxiongfeng2@huawei.com>
Reported-by: Hongbo Yao <yaohongbo@huawei.com>
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
Cc: John Stultz <john.stultz@linaro.org>
Cc: Stephen Boyd <sboyd@kernel.org>
Cc: Miroslav Lichvar <mlichvar@redhat.com>
Cc: Arnd Bergmann <arnd@arndb.de>
Cc: Richard Cochran <richardcochran@gmail.com>
Cc: Peter Zijlstra <peterz@infradead.org>
Link: https://lkml.kernel.org/r/alpine.DEB.2.21.1903231125480.2157@nanos.tec.linutronix.de
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
include/linux/time64.h | 21 +++++++++++++++++++++
kernel/time/time.c | 2 +-
kernel/time/timekeeping.c | 6 +++---
3 files changed, 25 insertions(+), 4 deletions(-)
diff --git a/include/linux/time64.h b/include/linux/time64.h
index f38d382ffec13..a620ee610b9f3 100644
--- a/include/linux/time64.h
+++ b/include/linux/time64.h
@@ -33,6 +33,17 @@ struct itimerspec64 {
#define KTIME_MAX ((s64)~((u64)1 << 63))
#define KTIME_SEC_MAX (KTIME_MAX / NSEC_PER_SEC)
+/*
+ * Limits for settimeofday():
+ *
+ * To prevent setting the time close to the wraparound point time setting
+ * is limited so a reasonable uptime can be accomodated. Uptime of 30 years
+ * should be really sufficient, which means the cutoff is 2232. At that
+ * point the cutoff is just a small part of the larger problem.
+ */
+#define TIME_UPTIME_SEC_MAX (30LL * 365 * 24 *3600)
+#define TIME_SETTOD_SEC_MAX (KTIME_SEC_MAX - TIME_UPTIME_SEC_MAX)
+
static inline int timespec64_equal(const struct timespec64 *a,
const struct timespec64 *b)
{
@@ -100,6 +111,16 @@ static inline bool timespec64_valid_strict(const struct timespec64 *ts)
return true;
}
+static inline bool timespec64_valid_settod(const struct timespec64 *ts)
+{
+ if (!timespec64_valid(ts))
+ return false;
+ /* Disallow values which cause overflow issues vs. CLOCK_REALTIME */
+ if ((unsigned long long)ts->tv_sec >= TIME_SETTOD_SEC_MAX)
+ return false;
+ return true;
+}
+
/**
* timespec64_to_ns - Convert timespec64 to nanoseconds
* @ts: pointer to the timespec64 variable to be converted
diff --git a/kernel/time/time.c b/kernel/time/time.c
index c3f756f8534bb..86656bbac232e 100644
--- a/kernel/time/time.c
+++ b/kernel/time/time.c
@@ -171,7 +171,7 @@ int do_sys_settimeofday64(const struct timespec64 *tv, const struct timezone *tz
static int firsttime = 1;
int error = 0;
- if (tv && !timespec64_valid(tv))
+ if (tv && !timespec64_valid_settod(tv))
return -EINVAL;
error = security_settime64(tv, tz);
diff --git a/kernel/time/timekeeping.c b/kernel/time/timekeeping.c
index f986e1918d129..f136c56c28057 100644
--- a/kernel/time/timekeeping.c
+++ b/kernel/time/timekeeping.c
@@ -1221,7 +1221,7 @@ int do_settimeofday64(const struct timespec64 *ts)
unsigned long flags;
int ret = 0;
- if (!timespec64_valid_strict(ts))
+ if (!timespec64_valid_settod(ts))
return -EINVAL;
raw_spin_lock_irqsave(&timekeeper_lock, flags);
@@ -1278,7 +1278,7 @@ static int timekeeping_inject_offset(const struct timespec64 *ts)
/* Make sure the proposed value is valid */
tmp = timespec64_add(tk_xtime(tk), *ts);
if (timespec64_compare(&tk->wall_to_monotonic, ts) > 0 ||
- !timespec64_valid_strict(&tmp)) {
+ !timespec64_valid_settod(&tmp)) {
ret = -EINVAL;
goto error;
}
@@ -1527,7 +1527,7 @@ void __init timekeeping_init(void)
unsigned long flags;
read_persistent_wall_and_boot_offset(&wall_time, &boot_offset);
- if (timespec64_valid_strict(&wall_time) &&
+ if (timespec64_valid_settod(&wall_time) &&
timespec64_to_ns(&wall_time) > 0) {
persistent_clock_exists = true;
} else if (timespec64_to_ns(&wall_time) != 0) {
--
2.20.1
^ permalink raw reply related [flat|nested] 429+ messages in thread
* [PATCH 5.1 296/405] IB/mlx5: Compare only index part of a memory window rkey
2019-05-30 2:59 [PATCH 5.1 000/405] 5.1.6-stable review Greg Kroah-Hartman
` (294 preceding siblings ...)
2019-05-30 3:04 ` [PATCH 5.1 295/405] timekeeping: Force upper bound for setting CLOCK_REALTIME Greg Kroah-Hartman
@ 2019-05-30 3:04 ` Greg Kroah-Hartman
2019-05-30 3:04 ` [PATCH 5.1 297/405] scsi: qedf: Add missing return in qedf_post_io_req() in the fcport offload check Greg Kroah-Hartman
` (113 subsequent siblings)
409 siblings, 0 replies; 429+ messages in thread
From: Greg Kroah-Hartman @ 2019-05-30 3:04 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Artemy Kovalyov, Moni Shoua,
Leon Romanovsky, Jason Gunthorpe, Sasha Levin
[ Upstream commit d623dfd2836114507d647c9793a80d213d8bffe8 ]
The InfiniBand Architecture Specification section 10.6.7.2.4 TYPE 2 MEMORY
WINDOWS says that if the CI supports the Base Memory Management Extensions
defined in this specification, the R_Key format for a Type 2 Memory Window
must consist of:
* 24 bit index in the most significant bits of the R_Key, which is owned
by the CI, and
* 8 bit key in the least significant bits of the R_Key, which is owned by
the Consumer.
This means that the kernel should compare only the index part of a R_Key
to determine equality with another R_Key.
Fixes: db570d7deafb ("IB/mlx5: Add ODP support to MW")
Signed-off-by: Artemy Kovalyov <artemyko@mellanox.com>
Signed-off-by: Moni Shoua <monis@mellanox.com>
Signed-off-by: Leon Romanovsky <leonro@mellanox.com>
Signed-off-by: Jason Gunthorpe <jgg@mellanox.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/infiniband/hw/mlx5/odp.c | 11 ++++++++++-
1 file changed, 10 insertions(+), 1 deletion(-)
diff --git a/drivers/infiniband/hw/mlx5/odp.c b/drivers/infiniband/hw/mlx5/odp.c
index 0aa10ebda5d9a..91669e35c6ca8 100644
--- a/drivers/infiniband/hw/mlx5/odp.c
+++ b/drivers/infiniband/hw/mlx5/odp.c
@@ -711,6 +711,15 @@ struct pf_frame {
int depth;
};
+static bool mkey_is_eq(struct mlx5_core_mkey *mmkey, u32 key)
+{
+ if (!mmkey)
+ return false;
+ if (mmkey->type == MLX5_MKEY_MW)
+ return mlx5_base_mkey(mmkey->key) == mlx5_base_mkey(key);
+ return mmkey->key == key;
+}
+
static int get_indirect_num_descs(struct mlx5_core_mkey *mmkey)
{
struct mlx5_ib_mw *mw;
@@ -760,7 +769,7 @@ static int pagefault_single_data_segment(struct mlx5_ib_dev *dev,
next_mr:
mmkey = __mlx5_mr_lookup(dev->mdev, mlx5_base_mkey(key));
- if (!mmkey || mmkey->key != key) {
+ if (!mkey_is_eq(mmkey, key)) {
mlx5_ib_dbg(dev, "failed to find mkey %x\n", key);
ret = -EFAULT;
goto srcu_unlock;
--
2.20.1
^ permalink raw reply related [flat|nested] 429+ messages in thread
* [PATCH 5.1 297/405] scsi: qedf: Add missing return in qedf_post_io_req() in the fcport offload check
2019-05-30 2:59 [PATCH 5.1 000/405] 5.1.6-stable review Greg Kroah-Hartman
` (295 preceding siblings ...)
2019-05-30 3:04 ` [PATCH 5.1 296/405] IB/mlx5: Compare only index part of a memory window rkey Greg Kroah-Hartman
@ 2019-05-30 3:04 ` Greg Kroah-Hartman
2019-05-30 3:04 ` [PATCH 5.1 298/405] misc: fastrpc: consider address offset before sending to DSP Greg Kroah-Hartman
` (112 subsequent siblings)
409 siblings, 0 replies; 429+ messages in thread
From: Greg Kroah-Hartman @ 2019-05-30 3:04 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Chad Dupuis, Saurav Kashyap,
Martin K. Petersen, Sasha Levin
[ Upstream commit c5e06ba2f76809ad1492fdad312e81335df46bc5 ]
Fixes the following crash as the return was missing from the check if an
fcport is offloaded. If we hit this code we continue to try to post an
invalid task which can lead to the crash:
[30259.616411] [0000:61:00.3]:[qedf_post_io_req:989]:3: Session not offloaded yet.
[30259.616413] [0000:61:00.3]:[qedf_upload_connection:1340]:3: Uploading connection port_id=490020.
[30259.623769] BUG: unable to handle kernel NULL pointer dereference at 0000000000000198
[30259.631645] IP: [<ffffffffc035b1ed>] qedf_init_task.isra.16+0x3d/0x450 [qedf]
[30259.638816] PGD 0
[30259.640841] Oops: 0000 [#1] SMP
[30259.644098] Modules linked in: fuse xt_CHECKSUM iptable_mangle ipt_MASQUERADE nf_nat_masquerade_ipv4 iptable_nat nf_nat_ipv4 nf_nat nf_conntrack_ipv4 nf_defrag_ipv4 xt_conntrack nf_conntrack ipt_REJECT nf_reject_ipv4 tun bridge stp llc ebtable_filter ebtables devlink ip6table_filter ip6_tables iptable_filter vfat fat ib_isert iscsi_target_mod ib_srpt target_core_mod ib_srp scsi_transport_srp ib_ipoib ib_ucm ib_umad dm_service_time skx_edac intel_powerclamp coretemp intel_rapl iosf_mbi kvm_intel kvm irqbypass crc32_pclmul ghash_clmulni_intel aesni_intel rpcrdma sunrpc rdma_ucm ib_uverbs lrw gf128mul ib_iser rdma_cm iw_cm ib_cm libiscsi scsi_transport_iscsi qedr(OE) glue_helper ablk_helper cryptd ib_core dm_round_robin joydev pcspkr ipmi_ssif ses enclosure ipmi_si ipmi_devintf ipmi_msghandler mei_me
[30259.715529] mei sg hpilo hpwdt shpchp wmi lpc_ich acpi_power_meter dm_multipath ip_tables xfs libcrc32c sd_mod crc_t10dif crct10dif_generic uas usb_storage mgag200 qedf(OE) i2c_algo_bit libfcoe drm_kms_helper libfc syscopyarea sysfillrect scsi_transport_fc qede(OE) sysimgblt fb_sys_fops ptp ttm pps_core drm qed(OE) smartpqi crct10dif_pclmul crct10dif_common crc32c_intel i2c_core scsi_transport_sas scsi_tgt dm_mirror dm_region_hash dm_log dm_mod
[30259.754237] CPU: 9 PID: 977 Comm: kdmwork-253:7 Kdump: loaded Tainted: G W OE ------------ 3.10.0-862.el7.x86_64 #1
[30259.765664] Hardware name: HPE Synergy 480 Gen10/Synergy 480 Gen10 Compute Module, BIOS I42 04/04/2018
[30259.775000] task: ffff8c801efd0000 ti: ffff8c801efd8000 task.ti: ffff8c801efd8000
[30259.782505] RIP: 0010:[<ffffffffc035b1ed>] [<ffffffffc035b1ed>] qedf_init_task.isra.16+0x3d/0x450 [qedf]
[30259.792116] RSP: 0018:ffff8c801efdbbb0 EFLAGS: 00010046
[30259.797444] RAX: 0000000000000000 RBX: ffffa7f1450948d8 RCX: ffff8c7fe5bc40c8
[30259.804600] RDX: ffff8c800715b300 RSI: ffffa7f1450948d8 RDI: ffff8c80169c2480
[30259.811755] RBP: ffff8c801efdbc30 R08: 00000000000000ae R09: ffff8c800a314540
[30259.818911] R10: ffff8c7fe5bc40c8 R11: ffff8c801efdb8ae R12: 0000000000000000
[30259.826068] R13: ffff8c800715b300 R14: ffff8c80169c2480 R15: ffff8c8005da28e0
[30259.833223] FS: 0000000000000000(0000) GS:ffff8c803f840000(0000) knlGS:0000000000000000
[30259.841338] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[30259.847100] CR2: 0000000000000198 CR3: 000000081242e000 CR4: 00000000007607e0
[30259.854256] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[30259.861412] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[30259.868568] PKRU: 00000000
[30259.871278] Call Trace:
[30259.873737] [<ffffffffc035c948>] qedf_post_io_req+0x148/0x680 [qedf]
[30259.880201] [<ffffffffc035d070>] qedf_queuecommand+0x1f0/0x240 [qedf]
[30259.886749] [<ffffffffa329b050>] scsi_dispatch_cmd+0xb0/0x240
[30259.892600] [<ffffffffa32a45bc>] scsi_request_fn+0x4cc/0x680
[30259.898364] [<ffffffffa3118ad9>] __blk_run_queue+0x39/0x50
[30259.903954] [<ffffffffa3114393>] __elv_add_request+0xd3/0x260
[30259.909805] [<ffffffffa311baf0>] blk_insert_cloned_request+0xf0/0x1b0
[30259.916358] [<ffffffffc010b622>] map_request+0x142/0x220 [dm_mod]
[30259.922560] [<ffffffffc010b716>] map_tio_request+0x16/0x40 [dm_mod]
[30259.928932] [<ffffffffa2ebb1f5>] kthread_worker_fn+0x85/0x180
[30259.934782] [<ffffffffa2ebb170>] ? kthread_stop+0xf0/0xf0
[30259.940284] [<ffffffffa2ebae31>] kthread+0xd1/0xe0
[30259.945176] [<ffffffffa2ebad60>] ? insert_kthread_work+0x40/0x40
[30259.951290] [<ffffffffa351f61d>] ret_from_fork_nospec_begin+0x7/0x21
[30259.957750] [<ffffffffa2ebad60>] ? insert_kthread_work+0x40/0x40
[30259.963860] Code: fe 41 55 49 89 d5 41 54 53 48 89 f3 48 83 ec 58 4c 8b 67 28 4c 8b 4e 18 65 48 8b 04 25 28 00 00 00 48 89 45 d0 31 c0 4c 8b 7e 58 <49> 8b 84 24 98 01 00 00 48 8b 00 f6 80 31 01 00 00 10 0f 85 0b
[30259.983372] RIP [<ffffffffc035b1ed>] qedf_init_task.isra.16+0x3d/0x450 [qedf]
[30259.990630] RSP <ffff8c801efdbbb0>
[30259.994127] CR2: 0000000000000198
Signed-off-by: Chad Dupuis <cdupuis@marvell.com>
Signed-off-by: Saurav Kashyap <skashyap@marvell.com>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/scsi/qedf/qedf_io.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/drivers/scsi/qedf/qedf_io.c b/drivers/scsi/qedf/qedf_io.c
index 6ca583bdde23c..29b51c4667217 100644
--- a/drivers/scsi/qedf/qedf_io.c
+++ b/drivers/scsi/qedf/qedf_io.c
@@ -902,6 +902,7 @@ int qedf_post_io_req(struct qedf_rport *fcport, struct qedf_ioreq *io_req)
if (!test_bit(QEDF_RPORT_SESSION_READY, &fcport->flags)) {
QEDF_ERR(&(qedf->dbg_ctx), "Session not offloaded yet.\n");
kref_put(&io_req->refcount, qedf_release_cmd);
+ return -EINVAL;
}
/* Obtain free SQE */
--
2.20.1
^ permalink raw reply related [flat|nested] 429+ messages in thread
* [PATCH 5.1 298/405] misc: fastrpc: consider address offset before sending to DSP
2019-05-30 2:59 [PATCH 5.1 000/405] 5.1.6-stable review Greg Kroah-Hartman
` (296 preceding siblings ...)
2019-05-30 3:04 ` [PATCH 5.1 297/405] scsi: qedf: Add missing return in qedf_post_io_req() in the fcport offload check Greg Kroah-Hartman
@ 2019-05-30 3:04 ` Greg Kroah-Hartman
2019-05-30 3:04 ` [PATCH 5.1 299/405] misc: fastrpc: make sure memory read and writes are visible Greg Kroah-Hartman
` (111 subsequent siblings)
409 siblings, 0 replies; 429+ messages in thread
From: Greg Kroah-Hartman @ 2019-05-30 3:04 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Srinivas Kandagatla, Sasha Levin
[ Upstream commit 80f3afd72bd4149c57daf852905476b43bb47647 ]
While passing address phy address to DSP, take care of the offset
calculated from virtual address vma.
Fixes: c68cfb718c8f ("misc: fastrpc: Add support for context Invoke method")
Signed-off-by: Srinivas Kandagatla <srinivas.kandagatla@linaro.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/misc/fastrpc.c | 8 ++++++++
1 file changed, 8 insertions(+)
diff --git a/drivers/misc/fastrpc.c b/drivers/misc/fastrpc.c
index 36d0d5c9cfbad..9996c83ba5cb9 100644
--- a/drivers/misc/fastrpc.c
+++ b/drivers/misc/fastrpc.c
@@ -667,8 +667,16 @@ static int fastrpc_get_args(u32 kernel, struct fastrpc_invoke_ctx *ctx)
pages[i].size = roundup(len, PAGE_SIZE);
if (ctx->maps[i]) {
+ struct vm_area_struct *vma = NULL;
+
rpra[i].pv = (u64) ctx->args[i].ptr;
pages[i].addr = ctx->maps[i]->phys;
+
+ vma = find_vma(current->mm, ctx->args[i].ptr);
+ if (vma)
+ pages[i].addr += ctx->args[i].ptr -
+ vma->vm_start;
+
} else {
rlen -= ALIGN(args, FASTRPC_ALIGN) - args;
args = ALIGN(args, FASTRPC_ALIGN);
--
2.20.1
^ permalink raw reply related [flat|nested] 429+ messages in thread
* [PATCH 5.1 299/405] misc: fastrpc: make sure memory read and writes are visible
2019-05-30 2:59 [PATCH 5.1 000/405] 5.1.6-stable review Greg Kroah-Hartman
` (297 preceding siblings ...)
2019-05-30 3:04 ` [PATCH 5.1 298/405] misc: fastrpc: consider address offset before sending to DSP Greg Kroah-Hartman
@ 2019-05-30 3:04 ` Greg Kroah-Hartman
2019-05-30 3:04 ` [PATCH 5.1 300/405] misc: fastrpc: Fix a possible double free Greg Kroah-Hartman
` (110 subsequent siblings)
409 siblings, 0 replies; 429+ messages in thread
From: Greg Kroah-Hartman @ 2019-05-30 3:04 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Srinivas Kandagatla, Sasha Levin
[ Upstream commit 415a0729bd1225f0ffbc0ba82888dd65772554f7 ]
dma_alloc_coherent buffers could have writes queued in store buffers so
commit them before sending buffer to DSP using correct dma barriers.
Same with vice-versa.
Fixes: c68cfb718c8f ("misc: fastrpc: Add support for context Invoke method")
Signed-off-by: Srinivas Kandagatla <srinivas.kandagatla@linaro.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/misc/fastrpc.c | 5 +++++
1 file changed, 5 insertions(+)
diff --git a/drivers/misc/fastrpc.c b/drivers/misc/fastrpc.c
index 9996c83ba5cb9..a10937652ca73 100644
--- a/drivers/misc/fastrpc.c
+++ b/drivers/misc/fastrpc.c
@@ -790,6 +790,9 @@ static int fastrpc_internal_invoke(struct fastrpc_user *fl, u32 kernel,
if (err)
goto bail;
}
+
+ /* make sure that all CPU memory writes are seen by DSP */
+ dma_wmb();
/* Send invoke buffer to remote dsp */
err = fastrpc_invoke_send(fl->sctx, ctx, kernel, handle);
if (err)
@@ -806,6 +809,8 @@ static int fastrpc_internal_invoke(struct fastrpc_user *fl, u32 kernel,
goto bail;
if (ctx->nscalars) {
+ /* make sure that all memory writes by DSP are seen by CPU */
+ dma_rmb();
/* populate all the output buffers with results */
err = fastrpc_put_args(ctx, kernel);
if (err)
--
2.20.1
^ permalink raw reply related [flat|nested] 429+ messages in thread
* [PATCH 5.1 300/405] misc: fastrpc: Fix a possible double free
2019-05-30 2:59 [PATCH 5.1 000/405] 5.1.6-stable review Greg Kroah-Hartman
` (298 preceding siblings ...)
2019-05-30 3:04 ` [PATCH 5.1 299/405] misc: fastrpc: make sure memory read and writes are visible Greg Kroah-Hartman
@ 2019-05-30 3:04 ` Greg Kroah-Hartman
2019-05-30 3:04 ` [PATCH 5.1 301/405] virtio_console: initialize vtermno value for ports Greg Kroah-Hartman
` (109 subsequent siblings)
409 siblings, 0 replies; 429+ messages in thread
From: Greg Kroah-Hartman @ 2019-05-30 3:04 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Thierry Escande, Srinivas Kandagatla,
Sasha Levin
[ Upstream commit b49f6d83e290f17e20f4e5cf31288d3bb4955ea6 ]
This patch fixes the error exit path of fastrpc_init_create_process().
If the DMA allocation or the DSP invoke fails the fastrpc_map was freed
but not removed from the mapping list leading to a double free once the
mapping list is emptied in fastrpc_device_release().
[srinivas kandagatla]: Cleaned up error path labels and reset init mem
to NULL after free
Fixes: d73f71c7c6ee("misc: fastrpc: Add support for create remote init process")
Signed-off-by: Thierry Escande <thierry.escande@linaro.org>
Signed-off-by: Srinivas Kandagatla <srinivas.kandagatla@linaro.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/misc/fastrpc.c | 31 ++++++++++++++++++++-----------
1 file changed, 20 insertions(+), 11 deletions(-)
diff --git a/drivers/misc/fastrpc.c b/drivers/misc/fastrpc.c
index a10937652ca73..35be1cc11dd85 100644
--- a/drivers/misc/fastrpc.c
+++ b/drivers/misc/fastrpc.c
@@ -856,12 +856,12 @@ static int fastrpc_init_create_process(struct fastrpc_user *fl,
if (copy_from_user(&init, argp, sizeof(init))) {
err = -EFAULT;
- goto bail;
+ goto err;
}
if (init.filelen > INIT_FILELEN_MAX) {
err = -EINVAL;
- goto bail;
+ goto err;
}
inbuf.pgid = fl->tgid;
@@ -875,17 +875,15 @@ static int fastrpc_init_create_process(struct fastrpc_user *fl,
if (init.filelen && init.filefd) {
err = fastrpc_map_create(fl, init.filefd, init.filelen, &map);
if (err)
- goto bail;
+ goto err;
}
memlen = ALIGN(max(INIT_FILELEN_MAX, (int)init.filelen * 4),
1024 * 1024);
err = fastrpc_buf_alloc(fl, fl->sctx->dev, memlen,
&imem);
- if (err) {
- fastrpc_map_put(map);
- goto bail;
- }
+ if (err)
+ goto err_alloc;
fl->init_mem = imem;
args[0].ptr = (u64)(uintptr_t)&inbuf;
@@ -921,13 +919,24 @@ static int fastrpc_init_create_process(struct fastrpc_user *fl,
err = fastrpc_internal_invoke(fl, true, FASTRPC_INIT_HANDLE,
sc, args);
+ if (err)
+ goto err_invoke;
- if (err) {
+ kfree(args);
+
+ return 0;
+
+err_invoke:
+ fl->init_mem = NULL;
+ fastrpc_buf_free(imem);
+err_alloc:
+ if (map) {
+ spin_lock(&fl->lock);
+ list_del(&map->node);
+ spin_unlock(&fl->lock);
fastrpc_map_put(map);
- fastrpc_buf_free(imem);
}
-
-bail:
+err:
kfree(args);
return err;
--
2.20.1
^ permalink raw reply related [flat|nested] 429+ messages in thread
* [PATCH 5.1 301/405] virtio_console: initialize vtermno value for ports
2019-05-30 2:59 [PATCH 5.1 000/405] 5.1.6-stable review Greg Kroah-Hartman
` (299 preceding siblings ...)
2019-05-30 3:04 ` [PATCH 5.1 300/405] misc: fastrpc: Fix a possible double free Greg Kroah-Hartman
@ 2019-05-30 3:04 ` Greg Kroah-Hartman
2019-05-30 3:05 ` [PATCH 5.1 302/405] tty: ipwireless: fix missing checks for ioremap Greg Kroah-Hartman
` (108 subsequent siblings)
409 siblings, 0 replies; 429+ messages in thread
From: Greg Kroah-Hartman @ 2019-05-30 3:04 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, siliu, Pankaj Gupta, Sasha Levin
[ Upstream commit 4b0a2c5ff7215206ea6135a405f17c5f6fca7d00 ]
For regular serial ports we do not initialize value of vtermno
variable. A garbage value is assigned for non console ports.
The value can be observed as a random integer with [1].
[1] vim /sys/kernel/debug/virtio-ports/vport*p*
This patch initialize the value of vtermno for console serial
ports to '1' and regular serial ports are initiaized to '0'.
Reported-by: siliu@redhat.com
Signed-off-by: Pankaj Gupta <pagupta@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/char/virtio_console.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/drivers/char/virtio_console.c b/drivers/char/virtio_console.c
index fbeb71953526a..05dbfdb9f4aff 100644
--- a/drivers/char/virtio_console.c
+++ b/drivers/char/virtio_console.c
@@ -75,7 +75,7 @@ struct ports_driver_data {
/* All the console devices handled by this driver */
struct list_head consoles;
};
-static struct ports_driver_data pdrvdata;
+static struct ports_driver_data pdrvdata = { .next_vtermno = 1};
static DEFINE_SPINLOCK(pdrvdata_lock);
static DECLARE_COMPLETION(early_console_added);
@@ -1394,6 +1394,7 @@ static int add_port(struct ports_device *portdev, u32 id)
port->async_queue = NULL;
port->cons.ws.ws_row = port->cons.ws.ws_col = 0;
+ port->cons.vtermno = 0;
port->host_connected = port->guest_connected = false;
port->stats = (struct port_stats) { 0 };
--
2.20.1
^ permalink raw reply related [flat|nested] 429+ messages in thread
* [PATCH 5.1 302/405] tty: ipwireless: fix missing checks for ioremap
2019-05-30 2:59 [PATCH 5.1 000/405] 5.1.6-stable review Greg Kroah-Hartman
` (300 preceding siblings ...)
2019-05-30 3:04 ` [PATCH 5.1 301/405] virtio_console: initialize vtermno value for ports Greg Kroah-Hartman
@ 2019-05-30 3:05 ` Greg Kroah-Hartman
2019-05-30 3:05 ` [PATCH 5.1 303/405] staging: mt7621-mmc: Initialize completions a single time during probe Greg Kroah-Hartman
` (107 subsequent siblings)
409 siblings, 0 replies; 429+ messages in thread
From: Greg Kroah-Hartman @ 2019-05-30 3:05 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Kangjie Lu, David Sterba, Sasha Levin
[ Upstream commit 1bbb1c318cd8a3a39e8c3e2e83d5e90542d6c3e3 ]
ipw->attr_memory and ipw->common_memory are assigned with the
return value of ioremap. ioremap may fail, but no checks
are enforced. The fix inserts the checks to avoid potential
NULL pointer dereferences.
Signed-off-by: Kangjie Lu <kjlu@umn.edu>
Reviewed-by: David Sterba <dsterba@suse.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/tty/ipwireless/main.c | 8 ++++++++
1 file changed, 8 insertions(+)
diff --git a/drivers/tty/ipwireless/main.c b/drivers/tty/ipwireless/main.c
index 3475e841ef5c1..4c18bbfe1a92e 100644
--- a/drivers/tty/ipwireless/main.c
+++ b/drivers/tty/ipwireless/main.c
@@ -114,6 +114,10 @@ static int ipwireless_probe(struct pcmcia_device *p_dev, void *priv_data)
ipw->common_memory = ioremap(p_dev->resource[2]->start,
resource_size(p_dev->resource[2]));
+ if (!ipw->common_memory) {
+ ret = -ENOMEM;
+ goto exit1;
+ }
if (!request_mem_region(p_dev->resource[2]->start,
resource_size(p_dev->resource[2]),
IPWIRELESS_PCCARD_NAME)) {
@@ -134,6 +138,10 @@ static int ipwireless_probe(struct pcmcia_device *p_dev, void *priv_data)
ipw->attr_memory = ioremap(p_dev->resource[3]->start,
resource_size(p_dev->resource[3]));
+ if (!ipw->attr_memory) {
+ ret = -ENOMEM;
+ goto exit3;
+ }
if (!request_mem_region(p_dev->resource[3]->start,
resource_size(p_dev->resource[3]),
IPWIRELESS_PCCARD_NAME)) {
--
2.20.1
^ permalink raw reply related [flat|nested] 429+ messages in thread
* [PATCH 5.1 303/405] staging: mt7621-mmc: Initialize completions a single time during probe
2019-05-30 2:59 [PATCH 5.1 000/405] 5.1.6-stable review Greg Kroah-Hartman
` (301 preceding siblings ...)
2019-05-30 3:05 ` [PATCH 5.1 302/405] tty: ipwireless: fix missing checks for ioremap Greg Kroah-Hartman
@ 2019-05-30 3:05 ` Greg Kroah-Hartman
2019-05-30 3:05 ` [PATCH 5.1 304/405] overflow: Fix -Wtype-limits compilation warnings Greg Kroah-Hartman
` (106 subsequent siblings)
409 siblings, 0 replies; 429+ messages in thread
From: Greg Kroah-Hartman @ 2019-05-30 3:05 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, George Hilliard, Sasha Levin
[ Upstream commit 7ca8c2c8bbeda2a2a2a9898cd35066bc1dc83836 ]
The module was initializing completions whenever it was going to wait on
them, and not when the completion was allocated. This is incorrect
according to the completion docs:
Calling init_completion() on the same completion object twice is
most likely a bug [...]
Re-initialization is also unnecessary because the module never uses
complete_all(). Fix this by only ever initializing the completion a
single time, and log if the completions are not consumed as intended
(this is not a fatal problem, but should not go unnoticed).
Signed-off-by: George Hilliard <thirtythreeforty@gmail.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/staging/mt7621-mmc/sd.c | 18 ++++++++++++++----
1 file changed, 14 insertions(+), 4 deletions(-)
diff --git a/drivers/staging/mt7621-mmc/sd.c b/drivers/staging/mt7621-mmc/sd.c
index 4b26ec896a96f..74f0e57ad2f15 100644
--- a/drivers/staging/mt7621-mmc/sd.c
+++ b/drivers/staging/mt7621-mmc/sd.c
@@ -468,7 +468,11 @@ static unsigned int msdc_command_start(struct msdc_host *host,
host->cmd = cmd;
host->cmd_rsp = resp;
- init_completion(&host->cmd_done);
+ // The completion should have been consumed by the previous command
+ // response handler, because the mmc requests should be serialized
+ if (completion_done(&host->cmd_done))
+ dev_err(mmc_dev(host->mmc),
+ "previous command was not handled\n");
sdr_set_bits(host->base + MSDC_INTEN, wints);
sdc_send_cmd(rawcmd, cmd->arg);
@@ -490,7 +494,6 @@ static unsigned int msdc_command_resp(struct msdc_host *host,
MSDC_INT_ACMD19_DONE;
BUG_ON(in_interrupt());
- //init_completion(&host->cmd_done);
//sdr_set_bits(host->base + MSDC_INTEN, wints);
spin_unlock(&host->lock);
@@ -674,7 +677,13 @@ static int msdc_do_request(struct mmc_host *mmc, struct mmc_request *mrq)
//msdc_clr_fifo(host); /* no need */
msdc_dma_on(); /* enable DMA mode first!! */
- init_completion(&host->xfer_done);
+
+ // The completion should have been consumed by the previous
+ // xfer response handler, because the mmc requests should be
+ // serialized
+ if (completion_done(&host->cmd_done))
+ dev_err(mmc_dev(host->mmc),
+ "previous transfer was not handled\n");
/* start the command first*/
if (msdc_command_start(host, cmd, CMD_TIMEOUT) != 0)
@@ -693,7 +702,6 @@ static int msdc_do_request(struct mmc_host *mmc, struct mmc_request *mrq)
/* for read, the data coming too fast, then CRC error
* start DMA no business with CRC.
*/
- //init_completion(&host->xfer_done);
msdc_dma_start(host);
spin_unlock(&host->lock);
@@ -1688,6 +1696,8 @@ static int msdc_drv_probe(struct platform_device *pdev)
}
msdc_init_gpd_bd(host, &host->dma);
+ init_completion(&host->cmd_done);
+ init_completion(&host->xfer_done);
INIT_DELAYED_WORK(&host->card_delaywork, msdc_tasklet_card);
spin_lock_init(&host->lock);
msdc_init_hw(host);
--
2.20.1
^ permalink raw reply related [flat|nested] 429+ messages in thread
* [PATCH 5.1 304/405] overflow: Fix -Wtype-limits compilation warnings
2019-05-30 2:59 [PATCH 5.1 000/405] 5.1.6-stable review Greg Kroah-Hartman
` (302 preceding siblings ...)
2019-05-30 3:05 ` [PATCH 5.1 303/405] staging: mt7621-mmc: Initialize completions a single time during probe Greg Kroah-Hartman
@ 2019-05-30 3:05 ` Greg Kroah-Hartman
2019-05-30 3:05 ` [PATCH 5.1 305/405] x86/mce: Fix machine_check_poll() tests for error types Greg Kroah-Hartman
` (105 subsequent siblings)
409 siblings, 0 replies; 429+ messages in thread
From: Greg Kroah-Hartman @ 2019-05-30 3:05 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Bart Van Assche, Kees Cook,
Leon Romanovsky, Jason Gunthorpe, Sasha Levin
[ Upstream commit dc7fe518b0493faa0af0568d6d8c2a33c00f58d0 ]
Attempt to use check_shl_overflow() with inputs of unsigned type
produces the following compilation warnings.
drivers/infiniband/hw/mlx5/qp.c: In function _set_user_rq_size_:
./include/linux/overflow.h:230:6: warning: comparison of unsigned
expression >= 0 is always true [-Wtype-limits]
_s >= 0 && _s < 8 * sizeof(*d) ? _s : 0; \
^~
drivers/infiniband/hw/mlx5/qp.c:5820:6: note: in expansion of macro _check_shl_overflow_
if (check_shl_overflow(rwq->wqe_count, rwq->wqe_shift,
&rwq->buf_size))
^~~~~~~~~~~~~~~~~~
./include/linux/overflow.h:232:26: warning: comparison of unsigned expression < 0 is always false [-Wtype-limits]
(_to_shift != _s || *_d < 0 || _a < 0 || \
^
drivers/infiniband/hw/mlx5/qp.c:5820:6: note: in expansion of macro _check_shl_overflow_
if (check_shl_overflow(rwq->wqe_count, rwq->wqe_shift, &rwq->buf_size))
^~~~~~~~~~~~~~~~~~
./include/linux/overflow.h:232:36: warning: comparison of unsigned expression < 0 is always false [-Wtype-limits]
(_to_shift != _s || *_d < 0 || _a < 0 || \
^
drivers/infiniband/hw/mlx5/qp.c:5820:6: note: in expansion of macro _check_shl_overflow_
if (check_shl_overflow(rwq->wqe_count, rwq->wqe_shift,&rwq->buf_size))
^~~~~~~~~~~~~~~~~~
Fixes: 0c66847793d1 ("overflow.h: Add arithmetic shift helper")
Reviewed-by: Bart Van Assche <bvanassche@acm.org>
Acked-by: Kees Cook <keescook@chromium.org>
Signed-off-by: Leon Romanovsky <leonro@mellanox.com>
Signed-off-by: Jason Gunthorpe <jgg@mellanox.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
include/linux/overflow.h | 12 +++++++++---
1 file changed, 9 insertions(+), 3 deletions(-)
diff --git a/include/linux/overflow.h b/include/linux/overflow.h
index 40b48e2133cb8..15eb85de92269 100644
--- a/include/linux/overflow.h
+++ b/include/linux/overflow.h
@@ -36,6 +36,12 @@
#define type_max(T) ((T)((__type_half_max(T) - 1) + __type_half_max(T)))
#define type_min(T) ((T)((T)-type_max(T)-(T)1))
+/*
+ * Avoids triggering -Wtype-limits compilation warning,
+ * while using unsigned data types to check a < 0.
+ */
+#define is_non_negative(a) ((a) > 0 || (a) == 0)
+#define is_negative(a) (!(is_non_negative(a)))
#ifdef COMPILER_HAS_GENERIC_BUILTIN_OVERFLOW
/*
@@ -227,10 +233,10 @@
typeof(d) _d = d; \
u64 _a_full = _a; \
unsigned int _to_shift = \
- _s >= 0 && _s < 8 * sizeof(*d) ? _s : 0; \
+ is_non_negative(_s) && _s < 8 * sizeof(*d) ? _s : 0; \
*_d = (_a_full << _to_shift); \
- (_to_shift != _s || *_d < 0 || _a < 0 || \
- (*_d >> _to_shift) != _a); \
+ (_to_shift != _s || is_negative(*_d) || is_negative(_a) || \
+ (*_d >> _to_shift) != _a); \
})
/**
--
2.20.1
^ permalink raw reply related [flat|nested] 429+ messages in thread
* [PATCH 5.1 305/405] x86/mce: Fix machine_check_poll() tests for error types
2019-05-30 2:59 [PATCH 5.1 000/405] 5.1.6-stable review Greg Kroah-Hartman
` (303 preceding siblings ...)
2019-05-30 3:05 ` [PATCH 5.1 304/405] overflow: Fix -Wtype-limits compilation warnings Greg Kroah-Hartman
@ 2019-05-30 3:05 ` Greg Kroah-Hartman
2019-05-30 3:05 ` [PATCH 5.1 306/405] rcutorture: Fix cleanup path for invalid torture_type strings Greg Kroah-Hartman
` (104 subsequent siblings)
409 siblings, 0 replies; 429+ messages in thread
From: Greg Kroah-Hartman @ 2019-05-30 3:05 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Ashok Raj, Tony Luck,
Borislav Petkov, H. Peter Anvin, Ingo Molnar, linux-edac,
Thomas Gleixner, x86-ml, Yazen Ghannam, Sasha Levin
[ Upstream commit f19501aa07f18268ab14f458b51c1c6b7f72a134 ]
There has been a lurking "TBD" in the machine check poll routine ever
since it was first split out from the machine check handler. The
potential issue is that the poll routine may have just begun a read from
the STATUS register in a machine check bank when the hardware logs an
error in that bank and signals a machine check.
That race used to be pretty small back when machine checks were
broadcast, but the addition of local machine check means that the poll
code could continue running and clear the error from the bank before the
local machine check handler on another CPU gets around to reading it.
Fix the code to be sure to only process errors that need to be processed
in the poll code, leaving other logged errors alone for the machine
check handler to find and process.
[ bp: Massage a bit and flip the "== 0" check to the usual !(..) test. ]
Fixes: b79109c3bbcf ("x86, mce: separate correct machine check poller and fatal exception handler")
Fixes: ed7290d0ee8f ("x86, mce: implement new status bits")
Reported-by: Ashok Raj <ashok.raj@intel.com>
Signed-off-by: Tony Luck <tony.luck@intel.com>
Signed-off-by: Borislav Petkov <bp@suse.de>
Cc: Ashok Raj <ashok.raj@intel.com>
Cc: "H. Peter Anvin" <hpa@zytor.com>
Cc: Ingo Molnar <mingo@redhat.com>
Cc: linux-edac <linux-edac@vger.kernel.org>
Cc: Thomas Gleixner <tglx@linutronix.de>
Cc: x86-ml <x86@kernel.org>
Cc: Yazen Ghannam <Yazen.Ghannam@amd.com>
Link: https://lkml.kernel.org/r/20190312170938.GA23035@agluck-desk
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/x86/kernel/cpu/mce/core.c | 44 ++++++++++++++++++++++++++++------
1 file changed, 37 insertions(+), 7 deletions(-)
diff --git a/arch/x86/kernel/cpu/mce/core.c b/arch/x86/kernel/cpu/mce/core.c
index 1a7084ba9a3b6..0d47306cec7ae 100644
--- a/arch/x86/kernel/cpu/mce/core.c
+++ b/arch/x86/kernel/cpu/mce/core.c
@@ -712,19 +712,49 @@ bool machine_check_poll(enum mcp_flags flags, mce_banks_t *b)
barrier();
m.status = mce_rdmsrl(msr_ops.status(i));
+
+ /* If this entry is not valid, ignore it */
if (!(m.status & MCI_STATUS_VAL))
continue;
/*
- * Uncorrected or signalled events are handled by the exception
- * handler when it is enabled, so don't process those here.
- *
- * TBD do the same check for MCI_STATUS_EN here?
+ * If we are logging everything (at CPU online) or this
+ * is a corrected error, then we must log it.
*/
- if (!(flags & MCP_UC) &&
- (m.status & (mca_cfg.ser ? MCI_STATUS_S : MCI_STATUS_UC)))
- continue;
+ if ((flags & MCP_UC) || !(m.status & MCI_STATUS_UC))
+ goto log_it;
+
+ /*
+ * Newer Intel systems that support software error
+ * recovery need to make additional checks. Other
+ * CPUs should skip over uncorrected errors, but log
+ * everything else.
+ */
+ if (!mca_cfg.ser) {
+ if (m.status & MCI_STATUS_UC)
+ continue;
+ goto log_it;
+ }
+
+ /* Log "not enabled" (speculative) errors */
+ if (!(m.status & MCI_STATUS_EN))
+ goto log_it;
+
+ /*
+ * Log UCNA (SDM: 15.6.3 "UCR Error Classification")
+ * UC == 1 && PCC == 0 && S == 0
+ */
+ if (!(m.status & MCI_STATUS_PCC) && !(m.status & MCI_STATUS_S))
+ goto log_it;
+
+ /*
+ * Skip anything else. Presumption is that our read of this
+ * bank is racing with a machine check. Leave the log alone
+ * for do_machine_check() to deal with it.
+ */
+ continue;
+log_it:
error_seen = true;
mce_read_aux(&m, i);
--
2.20.1
^ permalink raw reply related [flat|nested] 429+ messages in thread
* [PATCH 5.1 306/405] rcutorture: Fix cleanup path for invalid torture_type strings
2019-05-30 2:59 [PATCH 5.1 000/405] 5.1.6-stable review Greg Kroah-Hartman
` (304 preceding siblings ...)
2019-05-30 3:05 ` [PATCH 5.1 305/405] x86/mce: Fix machine_check_poll() tests for error types Greg Kroah-Hartman
@ 2019-05-30 3:05 ` Greg Kroah-Hartman
2019-05-30 3:05 ` [PATCH 5.1 307/405] x86/mce: Handle varying MCA bank counts Greg Kroah-Hartman
` (103 subsequent siblings)
409 siblings, 0 replies; 429+ messages in thread
From: Greg Kroah-Hartman @ 2019-05-30 3:05 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, kernel test robot, Paul E. McKenney,
Sasha Levin
[ Upstream commit b813afae7ab6a5e91b4e16cc567331d9c2ae1f04 ]
If the specified rcutorture.torture_type is not in the rcu_torture_init()
function's torture_ops[] array, rcutorture prints some console messages
and then invokes rcu_torture_cleanup() to set state so that a future
torture test can run. However, rcu_torture_cleanup() also attempts to
end the test that didn't actually start, and in doing so relies on the
value of cur_ops, a value that is not particularly relevant in this case.
This can result in confusing output or even follow-on failures due to
attempts to use facilities that have not been properly initialized.
This commit therefore sets the value of cur_ops to NULL in this case
and inserts a check near the beginning of rcu_torture_cleanup(),
thus avoiding relying on an irrelevant cur_ops value.
Reported-by: kernel test robot <rong.a.chen@intel.com>
Signed-off-by: Paul E. McKenney <paulmck@linux.ibm.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
kernel/rcu/rcutorture.c | 5 +++++
1 file changed, 5 insertions(+)
diff --git a/kernel/rcu/rcutorture.c b/kernel/rcu/rcutorture.c
index f14d1b18a74fc..a2efe27317bef 100644
--- a/kernel/rcu/rcutorture.c
+++ b/kernel/rcu/rcutorture.c
@@ -2094,6 +2094,10 @@ rcu_torture_cleanup(void)
cur_ops->cb_barrier();
return;
}
+ if (!cur_ops) {
+ torture_cleanup_end();
+ return;
+ }
rcu_torture_barrier_cleanup();
torture_stop_kthread(rcu_torture_fwd_prog, fwd_prog_task);
@@ -2267,6 +2271,7 @@ rcu_torture_init(void)
pr_cont("\n");
WARN_ON(!IS_MODULE(CONFIG_RCU_TORTURE_TEST));
firsterr = -EINVAL;
+ cur_ops = NULL;
goto unwind;
}
if (cur_ops->fqs == NULL && fqs_duration != 0) {
--
2.20.1
^ permalink raw reply related [flat|nested] 429+ messages in thread
* [PATCH 5.1 307/405] x86/mce: Handle varying MCA bank counts
2019-05-30 2:59 [PATCH 5.1 000/405] 5.1.6-stable review Greg Kroah-Hartman
` (305 preceding siblings ...)
2019-05-30 3:05 ` [PATCH 5.1 306/405] rcutorture: Fix cleanup path for invalid torture_type strings Greg Kroah-Hartman
@ 2019-05-30 3:05 ` Greg Kroah-Hartman
2019-05-30 3:05 ` [PATCH 5.1 308/405] rcuperf: Fix cleanup path for invalid perf_type strings Greg Kroah-Hartman
` (102 subsequent siblings)
409 siblings, 0 replies; 429+ messages in thread
From: Greg Kroah-Hartman @ 2019-05-30 3:05 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Yazen Ghannam, Borislav Petkov,
H. Peter Anvin, Ingo Molnar, linux-edac, Pu Wen, Thomas Gleixner,
Tony Luck, Vishal Verma, x86-ml, Sasha Levin
[ Upstream commit 006c077041dc73b9490fffc4c6af5befe0687110 ]
Linux reads MCG_CAP[Count] to find the number of MCA banks visible to a
CPU. Currently, this number is the same for all CPUs and a warning is
shown if there is a difference. The number of banks is overwritten with
the MCG_CAP[Count] value of each following CPU that boots.
According to the Intel SDM and AMD APM, the MCG_CAP[Count] value gives
the number of banks that are available to a "processor implementation".
The AMD BKDGs/PPRs further clarify that this value is per core. This
value has historically been the same for every core in the system, but
that is not an architectural requirement.
Future AMD systems may have different MCG_CAP[Count] values per core,
so the assumption that all CPUs will have the same MCG_CAP[Count] value
will no longer be valid.
Also, the first CPU to boot will allocate the struct mce_banks[] array
using the number of banks based on its MCG_CAP[Count] value. The machine
check handler and other functions use the global number of banks to
iterate and index into the mce_banks[] array. So it's possible to use an
out-of-bounds index on an asymmetric system where a following CPU sees a
MCG_CAP[Count] value greater than its predecessors.
Thus, allocate the mce_banks[] array to the maximum number of banks.
This will avoid the potential out-of-bounds index since the value of
mca_cfg.banks is capped to MAX_NR_BANKS.
Set the value of mca_cfg.banks equal to the max of the previous value
and the value for the current CPU. This way mca_cfg.banks will always
represent the max number of banks detected on any CPU in the system.
This will ensure that all CPUs will access all the banks that are
visible to them. A CPU that can access fewer than the max number of
banks will find the registers of the extra banks to be read-as-zero.
Furthermore, print the resulting number of MCA banks in use. Do this in
mcheck_late_init() so that the final value is printed after all CPUs
have been initialized.
Finally, get bank count from target CPU when doing injection with mce-inject
module.
[ bp: Remove out-of-bounds example, passify and cleanup commit message. ]
Signed-off-by: Yazen Ghannam <yazen.ghannam@amd.com>
Signed-off-by: Borislav Petkov <bp@suse.de>
Cc: "H. Peter Anvin" <hpa@zytor.com>
Cc: Ingo Molnar <mingo@redhat.com>
Cc: linux-edac <linux-edac@vger.kernel.org>
Cc: Pu Wen <puwen@hygon.cn>
Cc: Thomas Gleixner <tglx@linutronix.de>
Cc: Tony Luck <tony.luck@intel.com>
Cc: Vishal Verma <vishal.l.verma@intel.com>
Cc: x86-ml <x86@kernel.org>
Link: https://lkml.kernel.org/r/20180727214009.78289-1-Yazen.Ghannam@amd.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/x86/kernel/cpu/mce/core.c | 22 +++++++---------------
arch/x86/kernel/cpu/mce/inject.c | 14 +++++++-------
2 files changed, 14 insertions(+), 22 deletions(-)
diff --git a/arch/x86/kernel/cpu/mce/core.c b/arch/x86/kernel/cpu/mce/core.c
index 0d47306cec7ae..9e6a94c208e01 100644
--- a/arch/x86/kernel/cpu/mce/core.c
+++ b/arch/x86/kernel/cpu/mce/core.c
@@ -1481,13 +1481,12 @@ EXPORT_SYMBOL_GPL(mce_notify_irq);
static int __mcheck_cpu_mce_banks_init(void)
{
int i;
- u8 num_banks = mca_cfg.banks;
- mce_banks = kcalloc(num_banks, sizeof(struct mce_bank), GFP_KERNEL);
+ mce_banks = kcalloc(MAX_NR_BANKS, sizeof(struct mce_bank), GFP_KERNEL);
if (!mce_banks)
return -ENOMEM;
- for (i = 0; i < num_banks; i++) {
+ for (i = 0; i < MAX_NR_BANKS; i++) {
struct mce_bank *b = &mce_banks[i];
b->ctl = -1ULL;
@@ -1501,28 +1500,19 @@ static int __mcheck_cpu_mce_banks_init(void)
*/
static int __mcheck_cpu_cap_init(void)
{
- unsigned b;
u64 cap;
+ u8 b;
rdmsrl(MSR_IA32_MCG_CAP, cap);
b = cap & MCG_BANKCNT_MASK;
- if (!mca_cfg.banks)
- pr_info("CPU supports %d MCE banks\n", b);
-
- if (b > MAX_NR_BANKS) {
- pr_warn("Using only %u machine check banks out of %u\n",
- MAX_NR_BANKS, b);
+ if (WARN_ON_ONCE(b > MAX_NR_BANKS))
b = MAX_NR_BANKS;
- }
- /* Don't support asymmetric configurations today */
- WARN_ON(mca_cfg.banks != 0 && b != mca_cfg.banks);
- mca_cfg.banks = b;
+ mca_cfg.banks = max(mca_cfg.banks, b);
if (!mce_banks) {
int err = __mcheck_cpu_mce_banks_init();
-
if (err)
return err;
}
@@ -2489,6 +2479,8 @@ EXPORT_SYMBOL_GPL(mcsafe_key);
static int __init mcheck_late_init(void)
{
+ pr_info("Using %d MCE banks\n", mca_cfg.banks);
+
if (mca_cfg.recovery)
static_branch_inc(&mcsafe_key);
diff --git a/arch/x86/kernel/cpu/mce/inject.c b/arch/x86/kernel/cpu/mce/inject.c
index 8492ef7d90150..3f82afd0f46f2 100644
--- a/arch/x86/kernel/cpu/mce/inject.c
+++ b/arch/x86/kernel/cpu/mce/inject.c
@@ -46,8 +46,6 @@
static struct mce i_mce;
static struct dentry *dfs_inj;
-static u8 n_banks;
-
#define MAX_FLAG_OPT_SIZE 4
#define NBCFG 0x44
@@ -570,9 +568,15 @@ static void do_inject(void)
static int inj_bank_set(void *data, u64 val)
{
struct mce *m = (struct mce *)data;
+ u8 n_banks;
+ u64 cap;
+
+ /* Get bank count on target CPU so we can handle non-uniform values. */
+ rdmsrl_on_cpu(m->extcpu, MSR_IA32_MCG_CAP, &cap);
+ n_banks = cap & MCG_BANKCNT_MASK;
if (val >= n_banks) {
- pr_err("Non-existent MCE bank: %llu\n", val);
+ pr_err("MCA bank %llu non-existent on CPU%d\n", val, m->extcpu);
return -EINVAL;
}
@@ -665,10 +669,6 @@ static struct dfs_node {
static int __init debugfs_init(void)
{
unsigned int i;
- u64 cap;
-
- rdmsrl(MSR_IA32_MCG_CAP, cap);
- n_banks = cap & MCG_BANKCNT_MASK;
dfs_inj = debugfs_create_dir("mce-inject", NULL);
if (!dfs_inj)
--
2.20.1
^ permalink raw reply related [flat|nested] 429+ messages in thread
* [PATCH 5.1 308/405] rcuperf: Fix cleanup path for invalid perf_type strings
2019-05-30 2:59 [PATCH 5.1 000/405] 5.1.6-stable review Greg Kroah-Hartman
` (306 preceding siblings ...)
2019-05-30 3:05 ` [PATCH 5.1 307/405] x86/mce: Handle varying MCA bank counts Greg Kroah-Hartman
@ 2019-05-30 3:05 ` Greg Kroah-Hartman
2019-05-30 3:05 ` [PATCH 5.1 309/405] rcu: Do a single rhp->func read in rcu_head_after_call_rcu() Greg Kroah-Hartman
` (101 subsequent siblings)
409 siblings, 0 replies; 429+ messages in thread
From: Greg Kroah-Hartman @ 2019-05-30 3:05 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Paul E. McKenney, Sasha Levin
[ Upstream commit ad092c027713a68a34168942a5ef422e42e039f4 ]
If the specified rcuperf.perf_type is not in the rcu_perf_init()
function's perf_ops[] array, rcuperf prints some console messages and
then invokes rcu_perf_cleanup() to set state so that a future torture
test can run. However, rcu_perf_cleanup() also attempts to end the
test that didn't actually start, and in doing so relies on the value
of cur_ops, a value that is not particularly relevant in this case.
This can result in confusing output or even follow-on failures due to
attempts to use facilities that have not been properly initialized.
This commit therefore sets the value of cur_ops to NULL in this case and
inserts a check near the beginning of rcu_perf_cleanup(), thus avoiding
relying on an irrelevant cur_ops value.
Signed-off-by: Paul E. McKenney <paulmck@linux.ibm.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
kernel/rcu/rcuperf.c | 5 +++++
1 file changed, 5 insertions(+)
diff --git a/kernel/rcu/rcuperf.c b/kernel/rcu/rcuperf.c
index c297611528744..7a6890b23c5f5 100644
--- a/kernel/rcu/rcuperf.c
+++ b/kernel/rcu/rcuperf.c
@@ -494,6 +494,10 @@ rcu_perf_cleanup(void)
if (torture_cleanup_begin())
return;
+ if (!cur_ops) {
+ torture_cleanup_end();
+ return;
+ }
if (reader_tasks) {
for (i = 0; i < nrealreaders; i++)
@@ -614,6 +618,7 @@ rcu_perf_init(void)
pr_cont("\n");
WARN_ON(!IS_MODULE(CONFIG_RCU_PERF_TEST));
firsterr = -EINVAL;
+ cur_ops = NULL;
goto unwind;
}
if (cur_ops->init)
--
2.20.1
^ permalink raw reply related [flat|nested] 429+ messages in thread
* [PATCH 5.1 309/405] rcu: Do a single rhp->func read in rcu_head_after_call_rcu()
2019-05-30 2:59 [PATCH 5.1 000/405] 5.1.6-stable review Greg Kroah-Hartman
` (307 preceding siblings ...)
2019-05-30 3:05 ` [PATCH 5.1 308/405] rcuperf: Fix cleanup path for invalid perf_type strings Greg Kroah-Hartman
@ 2019-05-30 3:05 ` Greg Kroah-Hartman
2019-05-30 3:05 ` [PATCH 5.1 310/405] x86/platform/uv: Fix missing checks of kcalloc() return values Greg Kroah-Hartman
` (100 subsequent siblings)
409 siblings, 0 replies; 429+ messages in thread
From: Greg Kroah-Hartman @ 2019-05-30 3:05 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Neeraj Upadhyay, Paul E. McKenney,
Sasha Levin
[ Upstream commit b699cce1604e828f19c39845252626eb78cdf38a ]
The rcu_head_after_call_rcu() function reads the rhp->func pointer twice,
which can result in a false-positive WARN_ON_ONCE() if the callback
were passed to call_rcu() between the two reads. Although racing
rcu_head_after_call_rcu() with call_rcu() is to be a dubious use case
(the return value is not reliable in that case), intermittent and
irreproducible warnings are also quite dubious. This commit therefore
uses a single READ_ONCE() to pick up the value of rhp->func once, then
tests that value twice, thus guaranteeing consistent processing within
rcu_head_after_call_rcu()().
Neverthless, racing rcu_head_after_call_rcu() with call_rcu() is still
a dubious use case.
Signed-off-by: Neeraj Upadhyay <neeraju@codeaurora.org>
[ paulmck: Add blank line after declaration per checkpatch.pl. ]
Signed-off-by: Paul E. McKenney <paulmck@linux.ibm.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
include/linux/rcupdate.h | 6 ++++--
1 file changed, 4 insertions(+), 2 deletions(-)
diff --git a/include/linux/rcupdate.h b/include/linux/rcupdate.h
index 6cdb1db776cf9..922bb68488133 100644
--- a/include/linux/rcupdate.h
+++ b/include/linux/rcupdate.h
@@ -878,9 +878,11 @@ static inline void rcu_head_init(struct rcu_head *rhp)
static inline bool
rcu_head_after_call_rcu(struct rcu_head *rhp, rcu_callback_t f)
{
- if (READ_ONCE(rhp->func) == f)
+ rcu_callback_t func = READ_ONCE(rhp->func);
+
+ if (func == f)
return true;
- WARN_ON_ONCE(READ_ONCE(rhp->func) != (rcu_callback_t)~0L);
+ WARN_ON_ONCE(func != (rcu_callback_t)~0L);
return false;
}
--
2.20.1
^ permalink raw reply related [flat|nested] 429+ messages in thread
* [PATCH 5.1 310/405] x86/platform/uv: Fix missing checks of kcalloc() return values
2019-05-30 2:59 [PATCH 5.1 000/405] 5.1.6-stable review Greg Kroah-Hartman
` (308 preceding siblings ...)
2019-05-30 3:05 ` [PATCH 5.1 309/405] rcu: Do a single rhp->func read in rcu_head_after_call_rcu() Greg Kroah-Hartman
@ 2019-05-30 3:05 ` Greg Kroah-Hartman
2019-05-30 3:05 ` [PATCH 5.1 311/405] RDMA/rxe: Fix slab-out-bounds access which lead to kernel crash later Greg Kroah-Hartman
` (99 subsequent siblings)
409 siblings, 0 replies; 429+ messages in thread
From: Greg Kroah-Hartman @ 2019-05-30 3:05 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Kangjie Lu, Borislav Petkov,
Andrew Banman, Andy Shevchenko, Colin Ian King, Darren Hart,
Gustavo A. R. Silva, H. Peter Anvin, Ingo Molnar, Kees Cook,
Mike Travis, Nicolai Stange, pakki001, platform-driver-x86,
Thomas Gleixner, Varsha Rao, x86-ml, Sasha Levin
[ Upstream commit 766460852cfaeca4042e5f3aeb9616b3689147bc ]
Handle potential errors returned from kcalloc().
[ bp: rewrite commit message. ]
Signed-off-by: Kangjie Lu <kjlu@umn.edu>
Signed-off-by: Borislav Petkov <bp@suse.de>
Cc: Andrew Banman <abanman@hpe.com>
Cc: Andy Shevchenko <andy@infradead.org>
Cc: Colin Ian King <colin.king@canonical.com>
Cc: Darren Hart <dvhart@infradead.org>
Cc: "Gustavo A. R. Silva" <gustavo@embeddedor.com>
Cc: "H. Peter Anvin" <hpa@zytor.com>
Cc: Ingo Molnar <mingo@redhat.com>
Cc: Kees Cook <keescook@chromium.org>
Cc: Mike Travis <mike.travis@hpe.com>
Cc: Nicolai Stange <nstange@suse.de>
Cc: pakki001@umn.edu
Cc: platform-driver-x86@vger.kernel.org
Cc: Thomas Gleixner <tglx@linutronix.de>
Cc: Varsha Rao <rvarsha016@gmail.com>
Cc: x86-ml <x86@kernel.org>
Link: https://lkml.kernel.org/r/20190325202924.4624-1-kjlu@umn.edu
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/x86/platform/uv/tlb_uv.c | 7 ++++++-
1 file changed, 6 insertions(+), 1 deletion(-)
diff --git a/arch/x86/platform/uv/tlb_uv.c b/arch/x86/platform/uv/tlb_uv.c
index 2c53b0f19329a..1297e185b8c8d 100644
--- a/arch/x86/platform/uv/tlb_uv.c
+++ b/arch/x86/platform/uv/tlb_uv.c
@@ -2133,14 +2133,19 @@ static int __init summarize_uvhub_sockets(int nuvhubs,
*/
static int __init init_per_cpu(int nuvhubs, int base_part_pnode)
{
- unsigned char *uvhub_mask;
struct uvhub_desc *uvhub_descs;
+ unsigned char *uvhub_mask = NULL;
if (is_uv3_hub() || is_uv2_hub() || is_uv1_hub())
timeout_us = calculate_destination_timeout();
uvhub_descs = kcalloc(nuvhubs, sizeof(struct uvhub_desc), GFP_KERNEL);
+ if (!uvhub_descs)
+ goto fail;
+
uvhub_mask = kzalloc((nuvhubs+7)/8, GFP_KERNEL);
+ if (!uvhub_mask)
+ goto fail;
if (get_cpu_topology(base_part_pnode, uvhub_descs, uvhub_mask))
goto fail;
--
2.20.1
^ permalink raw reply related [flat|nested] 429+ messages in thread
* [PATCH 5.1 311/405] RDMA/rxe: Fix slab-out-bounds access which lead to kernel crash later
2019-05-30 2:59 [PATCH 5.1 000/405] 5.1.6-stable review Greg Kroah-Hartman
` (309 preceding siblings ...)
2019-05-30 3:05 ` [PATCH 5.1 310/405] x86/platform/uv: Fix missing checks of kcalloc() return values Greg Kroah-Hartman
@ 2019-05-30 3:05 ` Greg Kroah-Hartman
2019-05-30 3:05 ` [PATCH 5.1 312/405] spi: stm32-qspi: add spi_master_put in release function Greg Kroah-Hartman
` (98 subsequent siblings)
409 siblings, 0 replies; 429+ messages in thread
From: Greg Kroah-Hartman @ 2019-05-30 3:05 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Parav Pandit, Zhu Yanjun,
Leon Romanovsky, Jason Gunthorpe, Sasha Levin
[ Upstream commit a4b7013db23e93824ac53083eeb3e4efdef4b5b0 ]
BUG: KASAN: slab-out-of-bounds in rxe_mem_init_user+0x6c1/0x740 [rdma_rxe]
Read of size 8 at addr ffff88805c01a608 by task ib_send_bw/573
CPU: 24 PID: 573 Comm: ib_send_bw Not tainted 5.0.0-rc5+ #189
Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.11.0-0-g63451fca13-prebuilt.qemu-project.org 04/01/2014
Call Trace:
rxe_mem_init_user+0x6c1/0x740 [rdma_rxe]
rxe_reg_user_mr+0x9b/0x110 [rdma_rxe]
ib_uverbs_reg_mr+0x428/0x9c0 [ib_uverbs]
ib_uverbs_handler_UVERBS_METHOD_INVOKE_WRITE+0x2b0/0x410 [ib_uverbs]
ib_uverbs_run_method+0x79c/0x1da0 [ib_uverbs]
rxe_mem_init_user+0x6c1/0x740 [rdma_rxe]
rxe_reg_user_mr+0x9b/0x110 [rdma_rxe]
ib_uverbs_reg_mr+0x428/0x9c0 [ib_uverbs]
ib_uverbs_handler_UVERBS_METHOD_INVOKE_WRITE+0x2b0/0x410 [ib_uverbs]
ib_uverbs_run_method+0x79c/0x1da0 [ib_uverbs]
ib_uverbs_cmd_verbs+0x5f2/0xf20 [ib_uverbs]
ib_uverbs_ioctl+0x202/0x310 [ib_uverbs]
do_vfs_ioctl+0x193/0x1440
ksys_ioctl+0x3a/0x70
__x64_sys_ioctl+0x6f/0xb0
do_syscall_64+0x13f/0x570
entry_SYSCALL_64_after_hwframe+0x49/0xbe
Allocated by task 573:
__kasan_kmalloc.constprop.5+0xc1/0xd0
__kmalloc+0x161/0x310
rxe_mem_alloc+0x52/0x470 [rdma_rxe]
rxe_mem_init_user+0x113/0x740 [rdma_rxe]
rxe_reg_user_mr+0x9b/0x110 [rdma_rxe]
ib_uverbs_reg_mr+0x428/0x9c0 [ib_uverbs]
ib_uverbs_handler_UVERBS_METHOD_INVOKE_WRITE+0x2b0/0x410 [ib_uverbs]
ib_uverbs_run_method+0x79c/0x1da0 [ib_uverbs]
ib_uverbs_cmd_verbs+0x5f2/0xf20 [ib_uverbs]
ib_uverbs_ioctl+0x202/0x310 [ib_uverbs]
do_vfs_ioctl+0x193/0x1440
ksys_ioctl+0x3a/0x70
__x64_sys_ioctl+0x6f/0xb0
do_syscall_64+0x13f/0x570
entry_SYSCALL_64_after_hwframe+0x49/0xbe
Freed by task 0:
__kasan_slab_free+0x12e/0x180
kfree+0x10a/0x2c0
rcu_process_callbacks+0xa77/0x1260
__do_softirq+0x2ad/0xacb
Test scenario:
ib_send_bw -x 1 -d rxe0 -a &
ib_send_bw -x 1 -d rxe0 -a localhost
Fixes: 8700e3e7c485 ("Soft RoCE driver")
Reported-by: Parav Pandit <parav@mellanox.com>
Reviewed-by: Zhu Yanjun <yanjun.zhu@oracle.com>
Tested-by: Zhu Yanjun <yanjun.zhu@oracle.com>
Signed-off-by: Leon Romanovsky <leonro@mellanox.com>
Signed-off-by: Jason Gunthorpe <jgg@mellanox.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/infiniband/sw/rxe/rxe_mr.c | 11 ++++++-----
1 file changed, 6 insertions(+), 5 deletions(-)
diff --git a/drivers/infiniband/sw/rxe/rxe_mr.c b/drivers/infiniband/sw/rxe/rxe_mr.c
index 42f0f25e396c3..ec89fbd06c53c 100644
--- a/drivers/infiniband/sw/rxe/rxe_mr.c
+++ b/drivers/infiniband/sw/rxe/rxe_mr.c
@@ -199,6 +199,12 @@ int rxe_mem_init_user(struct rxe_pd *pd, u64 start,
buf = map[0]->buf;
for_each_sg_page(umem->sg_head.sgl, &sg_iter, umem->nmap, 0) {
+ if (num_buf >= RXE_BUF_PER_MAP) {
+ map++;
+ buf = map[0]->buf;
+ num_buf = 0;
+ }
+
vaddr = page_address(sg_page_iter_page(&sg_iter));
if (!vaddr) {
pr_warn("null vaddr\n");
@@ -211,11 +217,6 @@ int rxe_mem_init_user(struct rxe_pd *pd, u64 start,
num_buf++;
buf++;
- if (num_buf >= RXE_BUF_PER_MAP) {
- map++;
- buf = map[0]->buf;
- num_buf = 0;
- }
}
}
--
2.20.1
^ permalink raw reply related [flat|nested] 429+ messages in thread
* [PATCH 5.1 312/405] spi: stm32-qspi: add spi_master_put in release function
2019-05-30 2:59 [PATCH 5.1 000/405] 5.1.6-stable review Greg Kroah-Hartman
` (310 preceding siblings ...)
2019-05-30 3:05 ` [PATCH 5.1 311/405] RDMA/rxe: Fix slab-out-bounds access which lead to kernel crash later Greg Kroah-Hartman
@ 2019-05-30 3:05 ` Greg Kroah-Hartman
2019-05-30 3:05 ` [PATCH 5.1 313/405] usb: core: Add PM runtime calls to usb_hcd_platform_shutdown Greg Kroah-Hartman
` (97 subsequent siblings)
409 siblings, 0 replies; 429+ messages in thread
From: Greg Kroah-Hartman @ 2019-05-30 3:05 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Ludovic Barre, Mark Brown, Sasha Levin
[ Upstream commit a88eceb17ac7e8dc4ad9995681af61c8371668f4 ]
This patch adds spi_master_put in release function
to drop the controller's refcount.
Signed-off-by: Ludovic Barre <ludovic.barre@st.com>
Signed-off-by: Mark Brown <broonie@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/spi/spi-stm32-qspi.c | 46 ++++++++++++++++++++++--------------
1 file changed, 28 insertions(+), 18 deletions(-)
diff --git a/drivers/spi/spi-stm32-qspi.c b/drivers/spi/spi-stm32-qspi.c
index 3b2a9a6b990da..0b9a8bddb939d 100644
--- a/drivers/spi/spi-stm32-qspi.c
+++ b/drivers/spi/spi-stm32-qspi.c
@@ -93,6 +93,7 @@ struct stm32_qspi_flash {
struct stm32_qspi {
struct device *dev;
+ struct spi_controller *ctrl;
void __iomem *io_base;
void __iomem *mm_base;
resource_size_t mm_size;
@@ -397,6 +398,7 @@ static void stm32_qspi_release(struct stm32_qspi *qspi)
writel_relaxed(0, qspi->io_base + QSPI_CR);
mutex_destroy(&qspi->lock);
clk_disable_unprepare(qspi->clk);
+ spi_master_put(qspi->ctrl);
}
static int stm32_qspi_probe(struct platform_device *pdev)
@@ -413,43 +415,54 @@ static int stm32_qspi_probe(struct platform_device *pdev)
return -ENOMEM;
qspi = spi_controller_get_devdata(ctrl);
+ qspi->ctrl = ctrl;
res = platform_get_resource_byname(pdev, IORESOURCE_MEM, "qspi");
qspi->io_base = devm_ioremap_resource(dev, res);
- if (IS_ERR(qspi->io_base))
- return PTR_ERR(qspi->io_base);
+ if (IS_ERR(qspi->io_base)) {
+ ret = PTR_ERR(qspi->io_base);
+ goto err;
+ }
res = platform_get_resource_byname(pdev, IORESOURCE_MEM, "qspi_mm");
qspi->mm_base = devm_ioremap_resource(dev, res);
- if (IS_ERR(qspi->mm_base))
- return PTR_ERR(qspi->mm_base);
+ if (IS_ERR(qspi->mm_base)) {
+ ret = PTR_ERR(qspi->mm_base);
+ goto err;
+ }
qspi->mm_size = resource_size(res);
- if (qspi->mm_size > STM32_QSPI_MAX_MMAP_SZ)
- return -EINVAL;
+ if (qspi->mm_size > STM32_QSPI_MAX_MMAP_SZ) {
+ ret = -EINVAL;
+ goto err;
+ }
irq = platform_get_irq(pdev, 0);
ret = devm_request_irq(dev, irq, stm32_qspi_irq, 0,
dev_name(dev), qspi);
if (ret) {
dev_err(dev, "failed to request irq\n");
- return ret;
+ goto err;
}
init_completion(&qspi->data_completion);
qspi->clk = devm_clk_get(dev, NULL);
- if (IS_ERR(qspi->clk))
- return PTR_ERR(qspi->clk);
+ if (IS_ERR(qspi->clk)) {
+ ret = PTR_ERR(qspi->clk);
+ goto err;
+ }
qspi->clk_rate = clk_get_rate(qspi->clk);
- if (!qspi->clk_rate)
- return -EINVAL;
+ if (!qspi->clk_rate) {
+ ret = -EINVAL;
+ goto err;
+ }
ret = clk_prepare_enable(qspi->clk);
if (ret) {
dev_err(dev, "can not enable the clock\n");
- return ret;
+ goto err;
}
rstc = devm_reset_control_get_exclusive(dev, NULL);
@@ -472,14 +485,11 @@ static int stm32_qspi_probe(struct platform_device *pdev)
ctrl->dev.of_node = dev->of_node;
ret = devm_spi_register_master(dev, ctrl);
- if (ret)
- goto err_spi_register;
-
- return 0;
+ if (!ret)
+ return 0;
-err_spi_register:
+err:
stm32_qspi_release(qspi);
-
return ret;
}
--
2.20.1
^ permalink raw reply related [flat|nested] 429+ messages in thread
* [PATCH 5.1 313/405] usb: core: Add PM runtime calls to usb_hcd_platform_shutdown
2019-05-30 2:59 [PATCH 5.1 000/405] 5.1.6-stable review Greg Kroah-Hartman
` (311 preceding siblings ...)
2019-05-30 3:05 ` [PATCH 5.1 312/405] spi: stm32-qspi: add spi_master_put in release function Greg Kroah-Hartman
@ 2019-05-30 3:05 ` Greg Kroah-Hartman
2019-05-30 3:05 ` [PATCH 5.1 314/405] ice: Fix for adaptive interrupt moderation Greg Kroah-Hartman
` (96 subsequent siblings)
409 siblings, 0 replies; 429+ messages in thread
From: Greg Kroah-Hartman @ 2019-05-30 3:05 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Tony Lindgren, Alan Stern, Sasha Levin
[ Upstream commit 8ead7e817224d7832fe51a19783cb8fcadc79467 ]
If ohci-platform is runtime suspended, we can currently get an "imprecise
external abort" on reboot with ohci-platform loaded when PM runtime
is implemented for the SoC.
Let's fix this by adding PM runtime support to usb_hcd_platform_shutdown.
Signed-off-by: Tony Lindgren <tony@atomide.com>
Acked-by: Alan Stern <stern@rowland.harvard.edu>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/usb/core/hcd.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/drivers/usb/core/hcd.c b/drivers/usb/core/hcd.c
index 975d7c1288e36..e9f740484001f 100644
--- a/drivers/usb/core/hcd.c
+++ b/drivers/usb/core/hcd.c
@@ -3020,6 +3020,9 @@ usb_hcd_platform_shutdown(struct platform_device *dev)
{
struct usb_hcd *hcd = platform_get_drvdata(dev);
+ /* No need for pm_runtime_put(), we're shutting down */
+ pm_runtime_get_sync(&dev->dev);
+
if (hcd->driver->shutdown)
hcd->driver->shutdown(hcd);
}
--
2.20.1
^ permalink raw reply related [flat|nested] 429+ messages in thread
* [PATCH 5.1 314/405] ice: Fix for adaptive interrupt moderation
2019-05-30 2:59 [PATCH 5.1 000/405] 5.1.6-stable review Greg Kroah-Hartman
` (312 preceding siblings ...)
2019-05-30 3:05 ` [PATCH 5.1 313/405] usb: core: Add PM runtime calls to usb_hcd_platform_shutdown Greg Kroah-Hartman
@ 2019-05-30 3:05 ` Greg Kroah-Hartman
2019-05-30 3:05 ` [PATCH 5.1 315/405] scsi: qla4xxx: avoid freeing unallocated dma memory Greg Kroah-Hartman
` (95 subsequent siblings)
409 siblings, 0 replies; 429+ messages in thread
From: Greg Kroah-Hartman @ 2019-05-30 3:05 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Anirudh Venkataramanan,
Andrew Bowers, Jeff Kirsher, Sasha Levin
[ Upstream commit 64a59d05a4b3ddb37eb5ad3a3be0f17148f449f5 ]
commit 63f545ed1285 ("ice: Add support for adaptive interrupt moderation")
was meant to add support for adaptive interrupt moderation but there was
an error on my part while formatting the patch, and thus only part of the
patch ended up being submitted.
This patch rectifies the error by adding the rest of the code.
Fixes: 63f545ed1285 ("ice: Add support for adaptive interrupt moderation")
Signed-off-by: Anirudh Venkataramanan <anirudh.venkataramanan@intel.com>
Tested-by: Andrew Bowers <andrewx.bowers@intel.com>
Signed-off-by: Jeff Kirsher <jeffrey.t.kirsher@intel.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/ethernet/intel/ice/ice.h | 1 +
drivers/net/ethernet/intel/ice/ice_txrx.c | 292 ++++++++++++++++++++--
drivers/net/ethernet/intel/ice/ice_txrx.h | 6 +
3 files changed, 275 insertions(+), 24 deletions(-)
diff --git a/drivers/net/ethernet/intel/ice/ice.h b/drivers/net/ethernet/intel/ice/ice.h
index 89440775aea12..6af5bd5883ca4 100644
--- a/drivers/net/ethernet/intel/ice/ice.h
+++ b/drivers/net/ethernet/intel/ice/ice.h
@@ -277,6 +277,7 @@ struct ice_q_vector {
* value to the device
*/
u8 intrl;
+ u8 itr_countdown; /* when 0 should adjust adaptive ITR */
} ____cacheline_internodealigned_in_smp;
enum ice_pf_flags {
diff --git a/drivers/net/ethernet/intel/ice/ice_txrx.c b/drivers/net/ethernet/intel/ice/ice_txrx.c
index c289d97f477d5..851030ad50160 100644
--- a/drivers/net/ethernet/intel/ice/ice_txrx.c
+++ b/drivers/net/ethernet/intel/ice/ice_txrx.c
@@ -1048,18 +1048,257 @@ static int ice_clean_rx_irq(struct ice_ring *rx_ring, int budget)
return failure ? budget : (int)total_rx_pkts;
}
+static unsigned int ice_itr_divisor(struct ice_port_info *pi)
+{
+ switch (pi->phy.link_info.link_speed) {
+ case ICE_AQ_LINK_SPEED_40GB:
+ return ICE_ITR_ADAPTIVE_MIN_INC * 1024;
+ case ICE_AQ_LINK_SPEED_25GB:
+ case ICE_AQ_LINK_SPEED_20GB:
+ return ICE_ITR_ADAPTIVE_MIN_INC * 512;
+ case ICE_AQ_LINK_SPEED_100MB:
+ return ICE_ITR_ADAPTIVE_MIN_INC * 32;
+ default:
+ return ICE_ITR_ADAPTIVE_MIN_INC * 256;
+ }
+}
+
+/**
+ * ice_update_itr - update the adaptive ITR value based on statistics
+ * @q_vector: structure containing interrupt and ring information
+ * @rc: structure containing ring performance data
+ *
+ * Stores a new ITR value based on packets and byte
+ * counts during the last interrupt. The advantage of per interrupt
+ * computation is faster updates and more accurate ITR for the current
+ * traffic pattern. Constants in this function were computed
+ * based on theoretical maximum wire speed and thresholds were set based
+ * on testing data as well as attempting to minimize response time
+ * while increasing bulk throughput.
+ */
+static void
+ice_update_itr(struct ice_q_vector *q_vector, struct ice_ring_container *rc)
+{
+ unsigned int avg_wire_size, packets, bytes, itr;
+ unsigned long next_update = jiffies;
+ bool container_is_rx;
+
+ if (!rc->ring || !ITR_IS_DYNAMIC(rc->itr_setting))
+ return;
+
+ /* If itr_countdown is set it means we programmed an ITR within
+ * the last 4 interrupt cycles. This has a side effect of us
+ * potentially firing an early interrupt. In order to work around
+ * this we need to throw out any data received for a few
+ * interrupts following the update.
+ */
+ if (q_vector->itr_countdown) {
+ itr = rc->target_itr;
+ goto clear_counts;
+ }
+
+ container_is_rx = (&q_vector->rx == rc);
+ /* For Rx we want to push the delay up and default to low latency.
+ * for Tx we want to pull the delay down and default to high latency.
+ */
+ itr = container_is_rx ?
+ ICE_ITR_ADAPTIVE_MIN_USECS | ICE_ITR_ADAPTIVE_LATENCY :
+ ICE_ITR_ADAPTIVE_MAX_USECS | ICE_ITR_ADAPTIVE_LATENCY;
+
+ /* If we didn't update within up to 1 - 2 jiffies we can assume
+ * that either packets are coming in so slow there hasn't been
+ * any work, or that there is so much work that NAPI is dealing
+ * with interrupt moderation and we don't need to do anything.
+ */
+ if (time_after(next_update, rc->next_update))
+ goto clear_counts;
+
+ packets = rc->total_pkts;
+ bytes = rc->total_bytes;
+
+ if (container_is_rx) {
+ /* If Rx there are 1 to 4 packets and bytes are less than
+ * 9000 assume insufficient data to use bulk rate limiting
+ * approach unless Tx is already in bulk rate limiting. We
+ * are likely latency driven.
+ */
+ if (packets && packets < 4 && bytes < 9000 &&
+ (q_vector->tx.target_itr & ICE_ITR_ADAPTIVE_LATENCY)) {
+ itr = ICE_ITR_ADAPTIVE_LATENCY;
+ goto adjust_by_size;
+ }
+ } else if (packets < 4) {
+ /* If we have Tx and Rx ITR maxed and Tx ITR is running in
+ * bulk mode and we are receiving 4 or fewer packets just
+ * reset the ITR_ADAPTIVE_LATENCY bit for latency mode so
+ * that the Rx can relax.
+ */
+ if (rc->target_itr == ICE_ITR_ADAPTIVE_MAX_USECS &&
+ (q_vector->rx.target_itr & ICE_ITR_MASK) ==
+ ICE_ITR_ADAPTIVE_MAX_USECS)
+ goto clear_counts;
+ } else if (packets > 32) {
+ /* If we have processed over 32 packets in a single interrupt
+ * for Tx assume we need to switch over to "bulk" mode.
+ */
+ rc->target_itr &= ~ICE_ITR_ADAPTIVE_LATENCY;
+ }
+
+ /* We have no packets to actually measure against. This means
+ * either one of the other queues on this vector is active or
+ * we are a Tx queue doing TSO with too high of an interrupt rate.
+ *
+ * Between 4 and 56 we can assume that our current interrupt delay
+ * is only slightly too low. As such we should increase it by a small
+ * fixed amount.
+ */
+ if (packets < 56) {
+ itr = rc->target_itr + ICE_ITR_ADAPTIVE_MIN_INC;
+ if ((itr & ICE_ITR_MASK) > ICE_ITR_ADAPTIVE_MAX_USECS) {
+ itr &= ICE_ITR_ADAPTIVE_LATENCY;
+ itr += ICE_ITR_ADAPTIVE_MAX_USECS;
+ }
+ goto clear_counts;
+ }
+
+ if (packets <= 256) {
+ itr = min(q_vector->tx.current_itr, q_vector->rx.current_itr);
+ itr &= ICE_ITR_MASK;
+
+ /* Between 56 and 112 is our "goldilocks" zone where we are
+ * working out "just right". Just report that our current
+ * ITR is good for us.
+ */
+ if (packets <= 112)
+ goto clear_counts;
+
+ /* If packet count is 128 or greater we are likely looking
+ * at a slight overrun of the delay we want. Try halving
+ * our delay to see if that will cut the number of packets
+ * in half per interrupt.
+ */
+ itr >>= 1;
+ itr &= ICE_ITR_MASK;
+ if (itr < ICE_ITR_ADAPTIVE_MIN_USECS)
+ itr = ICE_ITR_ADAPTIVE_MIN_USECS;
+
+ goto clear_counts;
+ }
+
+ /* The paths below assume we are dealing with a bulk ITR since
+ * number of packets is greater than 256. We are just going to have
+ * to compute a value and try to bring the count under control,
+ * though for smaller packet sizes there isn't much we can do as
+ * NAPI polling will likely be kicking in sooner rather than later.
+ */
+ itr = ICE_ITR_ADAPTIVE_BULK;
+
+adjust_by_size:
+ /* If packet counts are 256 or greater we can assume we have a gross
+ * overestimation of what the rate should be. Instead of trying to fine
+ * tune it just use the formula below to try and dial in an exact value
+ * gives the current packet size of the frame.
+ */
+ avg_wire_size = bytes / packets;
+
+ /* The following is a crude approximation of:
+ * wmem_default / (size + overhead) = desired_pkts_per_int
+ * rate / bits_per_byte / (size + ethernet overhead) = pkt_rate
+ * (desired_pkt_rate / pkt_rate) * usecs_per_sec = ITR value
+ *
+ * Assuming wmem_default is 212992 and overhead is 640 bytes per
+ * packet, (256 skb, 64 headroom, 320 shared info), we can reduce the
+ * formula down to
+ *
+ * (170 * (size + 24)) / (size + 640) = ITR
+ *
+ * We first do some math on the packet size and then finally bitshift
+ * by 8 after rounding up. We also have to account for PCIe link speed
+ * difference as ITR scales based on this.
+ */
+ if (avg_wire_size <= 60) {
+ /* Start at 250k ints/sec */
+ avg_wire_size = 4096;
+ } else if (avg_wire_size <= 380) {
+ /* 250K ints/sec to 60K ints/sec */
+ avg_wire_size *= 40;
+ avg_wire_size += 1696;
+ } else if (avg_wire_size <= 1084) {
+ /* 60K ints/sec to 36K ints/sec */
+ avg_wire_size *= 15;
+ avg_wire_size += 11452;
+ } else if (avg_wire_size <= 1980) {
+ /* 36K ints/sec to 30K ints/sec */
+ avg_wire_size *= 5;
+ avg_wire_size += 22420;
+ } else {
+ /* plateau at a limit of 30K ints/sec */
+ avg_wire_size = 32256;
+ }
+
+ /* If we are in low latency mode halve our delay which doubles the
+ * rate to somewhere between 100K to 16K ints/sec
+ */
+ if (itr & ICE_ITR_ADAPTIVE_LATENCY)
+ avg_wire_size >>= 1;
+
+ /* Resultant value is 256 times larger than it needs to be. This
+ * gives us room to adjust the value as needed to either increase
+ * or decrease the value based on link speeds of 10G, 2.5G, 1G, etc.
+ *
+ * Use addition as we have already recorded the new latency flag
+ * for the ITR value.
+ */
+ itr += DIV_ROUND_UP(avg_wire_size,
+ ice_itr_divisor(q_vector->vsi->port_info)) *
+ ICE_ITR_ADAPTIVE_MIN_INC;
+
+ if ((itr & ICE_ITR_MASK) > ICE_ITR_ADAPTIVE_MAX_USECS) {
+ itr &= ICE_ITR_ADAPTIVE_LATENCY;
+ itr += ICE_ITR_ADAPTIVE_MAX_USECS;
+ }
+
+clear_counts:
+ /* write back value */
+ rc->target_itr = itr;
+
+ /* next update should occur within next jiffy */
+ rc->next_update = next_update + 1;
+
+ rc->total_bytes = 0;
+ rc->total_pkts = 0;
+}
+
/**
* ice_buildreg_itr - build value for writing to the GLINT_DYN_CTL register
* @itr_idx: interrupt throttling index
- * @reg_itr: interrupt throttling value adjusted based on ITR granularity
+ * @itr: interrupt throttling value in usecs
*/
-static u32 ice_buildreg_itr(int itr_idx, u16 reg_itr)
+static u32 ice_buildreg_itr(int itr_idx, u16 itr)
{
+ /* The itr value is reported in microseconds, and the register value is
+ * recorded in 2 microsecond units. For this reason we only need to
+ * shift by the GLINT_DYN_CTL_INTERVAL_S - ICE_ITR_GRAN_S to apply this
+ * granularity as a shift instead of division. The mask makes sure the
+ * ITR value is never odd so we don't accidentally write into the field
+ * prior to the ITR field.
+ */
+ itr &= ICE_ITR_MASK;
+
return GLINT_DYN_CTL_INTENA_M | GLINT_DYN_CTL_CLEARPBA_M |
(itr_idx << GLINT_DYN_CTL_ITR_INDX_S) |
- (reg_itr << GLINT_DYN_CTL_INTERVAL_S);
+ (itr << (GLINT_DYN_CTL_INTERVAL_S - ICE_ITR_GRAN_S));
}
+/* The act of updating the ITR will cause it to immediately trigger. In order
+ * to prevent this from throwing off adaptive update statistics we defer the
+ * update so that it can only happen so often. So after either Tx or Rx are
+ * updated we make the adaptive scheme wait until either the ITR completely
+ * expires via the next_update expiration or we have been through at least
+ * 3 interrupts.
+ */
+#define ITR_COUNTDOWN_START 3
+
/**
* ice_update_ena_itr - Update ITR and re-enable MSIX interrupt
* @vsi: the VSI associated with the q_vector
@@ -1068,10 +1307,14 @@ static u32 ice_buildreg_itr(int itr_idx, u16 reg_itr)
static void
ice_update_ena_itr(struct ice_vsi *vsi, struct ice_q_vector *q_vector)
{
- struct ice_hw *hw = &vsi->back->hw;
- struct ice_ring_container *rc;
+ struct ice_ring_container *tx = &q_vector->tx;
+ struct ice_ring_container *rx = &q_vector->rx;
u32 itr_val;
+ /* This will do nothing if dynamic updates are not enabled */
+ ice_update_itr(q_vector, tx);
+ ice_update_itr(q_vector, rx);
+
/* This block of logic allows us to get away with only updating
* one ITR value with each interrupt. The idea is to perform a
* pseudo-lazy update with the following criteria.
@@ -1080,35 +1323,36 @@ ice_update_ena_itr(struct ice_vsi *vsi, struct ice_q_vector *q_vector)
* 2. If we must reduce an ITR that is given highest priority.
* 3. We then give priority to increasing ITR based on amount.
*/
- if (q_vector->rx.target_itr < q_vector->rx.current_itr) {
- rc = &q_vector->rx;
+ if (rx->target_itr < rx->current_itr) {
/* Rx ITR needs to be reduced, this is highest priority */
- itr_val = ice_buildreg_itr(rc->itr_idx, rc->target_itr);
- rc->current_itr = rc->target_itr;
- } else if ((q_vector->tx.target_itr < q_vector->tx.current_itr) ||
- ((q_vector->rx.target_itr - q_vector->rx.current_itr) <
- (q_vector->tx.target_itr - q_vector->tx.current_itr))) {
- rc = &q_vector->tx;
+ itr_val = ice_buildreg_itr(rx->itr_idx, rx->target_itr);
+ rx->current_itr = rx->target_itr;
+ q_vector->itr_countdown = ITR_COUNTDOWN_START;
+ } else if ((tx->target_itr < tx->current_itr) ||
+ ((rx->target_itr - rx->current_itr) <
+ (tx->target_itr - tx->current_itr))) {
/* Tx ITR needs to be reduced, this is second priority
* Tx ITR needs to be increased more than Rx, fourth priority
*/
- itr_val = ice_buildreg_itr(rc->itr_idx, rc->target_itr);
- rc->current_itr = rc->target_itr;
- } else if (q_vector->rx.current_itr != q_vector->rx.target_itr) {
- rc = &q_vector->rx;
+ itr_val = ice_buildreg_itr(tx->itr_idx, tx->target_itr);
+ tx->current_itr = tx->target_itr;
+ q_vector->itr_countdown = ITR_COUNTDOWN_START;
+ } else if (rx->current_itr != rx->target_itr) {
/* Rx ITR needs to be increased, third priority */
- itr_val = ice_buildreg_itr(rc->itr_idx, rc->target_itr);
- rc->current_itr = rc->target_itr;
+ itr_val = ice_buildreg_itr(rx->itr_idx, rx->target_itr);
+ rx->current_itr = rx->target_itr;
+ q_vector->itr_countdown = ITR_COUNTDOWN_START;
} else {
/* Still have to re-enable the interrupts */
itr_val = ice_buildreg_itr(ICE_ITR_NONE, 0);
+ if (q_vector->itr_countdown)
+ q_vector->itr_countdown--;
}
- if (!test_bit(__ICE_DOWN, vsi->state)) {
- int vector = vsi->hw_base_vector + q_vector->v_idx;
-
- wr32(hw, GLINT_DYN_CTL(vector), itr_val);
- }
+ if (!test_bit(__ICE_DOWN, vsi->state))
+ wr32(&vsi->back->hw,
+ GLINT_DYN_CTL(vsi->hw_base_vector + q_vector->v_idx),
+ itr_val);
}
/**
diff --git a/drivers/net/ethernet/intel/ice/ice_txrx.h b/drivers/net/ethernet/intel/ice/ice_txrx.h
index fc358ea81816f..74a031fbd7323 100644
--- a/drivers/net/ethernet/intel/ice/ice_txrx.h
+++ b/drivers/net/ethernet/intel/ice/ice_txrx.h
@@ -128,6 +128,12 @@ enum ice_rx_dtype {
#define ICE_ITR_MASK 0x1FFE /* ITR register value alignment mask */
#define ITR_REG_ALIGN(setting) __ALIGN_MASK(setting, ~ICE_ITR_MASK)
+#define ICE_ITR_ADAPTIVE_MIN_INC 0x0002
+#define ICE_ITR_ADAPTIVE_MIN_USECS 0x0002
+#define ICE_ITR_ADAPTIVE_MAX_USECS 0x00FA
+#define ICE_ITR_ADAPTIVE_LATENCY 0x8000
+#define ICE_ITR_ADAPTIVE_BULK 0x0000
+
#define ICE_DFLT_INTRL 0
/* Legacy or Advanced Mode Queue */
--
2.20.1
^ permalink raw reply related [flat|nested] 429+ messages in thread
* [PATCH 5.1 315/405] scsi: qla4xxx: avoid freeing unallocated dma memory
2019-05-30 2:59 [PATCH 5.1 000/405] 5.1.6-stable review Greg Kroah-Hartman
` (313 preceding siblings ...)
2019-05-30 3:05 ` [PATCH 5.1 314/405] ice: Fix for adaptive interrupt moderation Greg Kroah-Hartman
@ 2019-05-30 3:05 ` Greg Kroah-Hartman
2019-05-30 3:05 ` [PATCH 5.1 316/405] scsi: lpfc: avoid uninitialized variable warning Greg Kroah-Hartman
` (94 subsequent siblings)
409 siblings, 0 replies; 429+ messages in thread
From: Greg Kroah-Hartman @ 2019-05-30 3:05 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Arnd Bergmann, Nathan Chancellor,
Martin K. Petersen, Sasha Levin
[ Upstream commit 608f729c31d4caf52216ea00d20092a80959256d ]
Clang -Wuninitialized notices that on is_qla40XX we never allocate any DMA
memory in get_fw_boot_info() but attempt to free it anyway:
drivers/scsi/qla4xxx/ql4_os.c:5915:7: error: variable 'buf_dma' is used uninitialized whenever 'if' condition is false
[-Werror,-Wsometimes-uninitialized]
if (!(val & 0x07)) {
^~~~~~~~~~~~~
drivers/scsi/qla4xxx/ql4_os.c:5985:47: note: uninitialized use occurs here
dma_free_coherent(&ha->pdev->dev, size, buf, buf_dma);
^~~~~~~
drivers/scsi/qla4xxx/ql4_os.c:5915:3: note: remove the 'if' if its condition is always true
if (!(val & 0x07)) {
^~~~~~~~~~~~~~~~~~~
drivers/scsi/qla4xxx/ql4_os.c:5885:20: note: initialize the variable 'buf_dma' to silence this warning
dma_addr_t buf_dma;
^
= 0
Skip the call to dma_free_coherent() here.
Fixes: 2a991c215978 ("[SCSI] qla4xxx: Boot from SAN support for open-iscsi")
Signed-off-by: Arnd Bergmann <arnd@arndb.de>
Reviewed-by: Nathan Chancellor <natechancellor@gmail.com>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/scsi/qla4xxx/ql4_os.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/scsi/qla4xxx/ql4_os.c b/drivers/scsi/qla4xxx/ql4_os.c
index 6e4f4931ae175..8c674eca09f13 100644
--- a/drivers/scsi/qla4xxx/ql4_os.c
+++ b/drivers/scsi/qla4xxx/ql4_os.c
@@ -5930,7 +5930,7 @@ static int get_fw_boot_info(struct scsi_qla_host *ha, uint16_t ddb_index[])
val = rd_nvram_byte(ha, sec_addr);
if (val & BIT_7)
ddb_index[1] = (val & 0x7f);
-
+ goto exit_boot_info;
} else if (is_qla80XX(ha)) {
buf = dma_alloc_coherent(&ha->pdev->dev, size,
&buf_dma, GFP_KERNEL);
--
2.20.1
^ permalink raw reply related [flat|nested] 429+ messages in thread
* [PATCH 5.1 316/405] scsi: lpfc: avoid uninitialized variable warning
2019-05-30 2:59 [PATCH 5.1 000/405] 5.1.6-stable review Greg Kroah-Hartman
` (314 preceding siblings ...)
2019-05-30 3:05 ` [PATCH 5.1 315/405] scsi: qla4xxx: avoid freeing unallocated dma memory Greg Kroah-Hartman
@ 2019-05-30 3:05 ` Greg Kroah-Hartman
2019-05-30 3:05 ` [PATCH 5.1 317/405] media: vicodec: bugfix - call v4l2_m2m_buf_copy_metadata also if decoding fails Greg Kroah-Hartman
` (93 subsequent siblings)
409 siblings, 0 replies; 429+ messages in thread
From: Greg Kroah-Hartman @ 2019-05-30 3:05 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Arnd Bergmann, James Smart,
Martin K. Petersen, Sasha Levin
[ Upstream commit faf5a744f4f8d76e7c03912b5cd381ac8045f6ec ]
clang -Wuninitialized incorrectly sees a variable being used without
initialization:
drivers/scsi/lpfc/lpfc_nvme.c:2102:37: error: variable 'localport' is uninitialized when used here
[-Werror,-Wuninitialized]
lport = (struct lpfc_nvme_lport *)localport->private;
^~~~~~~~~
drivers/scsi/lpfc/lpfc_nvme.c:2059:38: note: initialize the variable 'localport' to silence this warning
struct nvme_fc_local_port *localport;
^
= NULL
1 error generated.
This is clearly in dead code, as the condition leading up to it is always
false when CONFIG_NVME_FC is disabled, and the variable is always
initialized when nvme_fc_register_localport() got called successfully.
Change the preprocessor conditional to the equivalent C construct, which
makes the code more readable and gets rid of the warning.
Signed-off-by: Arnd Bergmann <arnd@arndb.de>
Acked-by: James Smart <james.smart@broadcom.com>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/scsi/lpfc/lpfc_nvme.c | 8 ++++----
1 file changed, 4 insertions(+), 4 deletions(-)
diff --git a/drivers/scsi/lpfc/lpfc_nvme.c b/drivers/scsi/lpfc/lpfc_nvme.c
index 1aa00d2c3f74e..9defff7118846 100644
--- a/drivers/scsi/lpfc/lpfc_nvme.c
+++ b/drivers/scsi/lpfc/lpfc_nvme.c
@@ -2080,15 +2080,15 @@ lpfc_nvme_create_localport(struct lpfc_vport *vport)
lpfc_nvme_template.max_hw_queues =
phba->sli4_hba.num_present_cpu;
+ if (!IS_ENABLED(CONFIG_NVME_FC))
+ return ret;
+
/* localport is allocated from the stack, but the registration
* call allocates heap memory as well as the private area.
*/
-#if (IS_ENABLED(CONFIG_NVME_FC))
+
ret = nvme_fc_register_localport(&nfcp_info, &lpfc_nvme_template,
&vport->phba->pcidev->dev, &localport);
-#else
- ret = -ENOMEM;
-#endif
if (!ret) {
lpfc_printf_vlog(vport, KERN_INFO, LOG_NVME | LOG_NVME_DISC,
"6005 Successfully registered local "
--
2.20.1
^ permalink raw reply related [flat|nested] 429+ messages in thread
* [PATCH 5.1 317/405] media: vicodec: bugfix - call v4l2_m2m_buf_copy_metadata also if decoding fails
2019-05-30 2:59 [PATCH 5.1 000/405] 5.1.6-stable review Greg Kroah-Hartman
` (315 preceding siblings ...)
2019-05-30 3:05 ` [PATCH 5.1 316/405] scsi: lpfc: avoid uninitialized variable warning Greg Kroah-Hartman
@ 2019-05-30 3:05 ` Greg Kroah-Hartman
2019-05-30 3:05 ` [PATCH 5.1 318/405] ice: Prevent unintended multiple chain resets Greg Kroah-Hartman
` (92 subsequent siblings)
409 siblings, 0 replies; 429+ messages in thread
From: Greg Kroah-Hartman @ 2019-05-30 3:05 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Dafna Hirschfeld, Hans Verkuil,
Mauro Carvalho Chehab, Sasha Levin
[ Upstream commit 8eead25cbdf911e17cff321903bd3397bc6ea22c ]
The function 'v4l2_m2m_buf_copy_metadata' should
be called even if decoding/encoding ends with
status VB2_BUF_STATE_ERROR, so that the metadata
is copied from the source buffer to the dest buffer.
Signed-off-by: Dafna Hirschfeld <dafna3@gmail.com>
Signed-off-by: Hans Verkuil <hverkuil-cisco@xs4all.nl>
Signed-off-by: Mauro Carvalho Chehab <mchehab+samsung@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/media/platform/vicodec/vicodec-core.c | 17 +++++++++--------
1 file changed, 9 insertions(+), 8 deletions(-)
diff --git a/drivers/media/platform/vicodec/vicodec-core.c b/drivers/media/platform/vicodec/vicodec-core.c
index d7636fe9e1749..6b618452700c4 100644
--- a/drivers/media/platform/vicodec/vicodec-core.c
+++ b/drivers/media/platform/vicodec/vicodec-core.c
@@ -159,12 +159,10 @@ static int device_process(struct vicodec_ctx *ctx,
struct vb2_v4l2_buffer *dst_vb)
{
struct vicodec_dev *dev = ctx->dev;
- struct vicodec_q_data *q_dst;
struct v4l2_fwht_state *state = &ctx->state;
u8 *p_src, *p_dst;
int ret;
- q_dst = get_q_data(ctx, V4L2_BUF_TYPE_VIDEO_CAPTURE);
if (ctx->is_enc)
p_src = vb2_plane_vaddr(&src_vb->vb2_buf, 0);
else
@@ -186,8 +184,10 @@ static int device_process(struct vicodec_ctx *ctx,
return ret;
vb2_set_plane_payload(&dst_vb->vb2_buf, 0, ret);
} else {
+ struct vicodec_q_data *q_dst;
unsigned int comp_frame_size = ntohl(ctx->state.header.size);
+ q_dst = get_q_data(ctx, V4L2_BUF_TYPE_VIDEO_CAPTURE);
if (comp_frame_size > ctx->comp_max_size)
return -EINVAL;
state->info = q_dst->info;
@@ -196,11 +196,6 @@ static int device_process(struct vicodec_ctx *ctx,
return ret;
vb2_set_plane_payload(&dst_vb->vb2_buf, 0, q_dst->sizeimage);
}
-
- dst_vb->sequence = q_dst->sequence++;
- dst_vb->flags &= ~V4L2_BUF_FLAG_LAST;
- v4l2_m2m_buf_copy_metadata(src_vb, dst_vb, !ctx->is_enc);
-
return 0;
}
@@ -274,16 +269,22 @@ static void device_run(void *priv)
struct vicodec_ctx *ctx = priv;
struct vicodec_dev *dev = ctx->dev;
struct vb2_v4l2_buffer *src_buf, *dst_buf;
- struct vicodec_q_data *q_src;
+ struct vicodec_q_data *q_src, *q_dst;
u32 state;
src_buf = v4l2_m2m_next_src_buf(ctx->fh.m2m_ctx);
dst_buf = v4l2_m2m_dst_buf_remove(ctx->fh.m2m_ctx);
q_src = get_q_data(ctx, V4L2_BUF_TYPE_VIDEO_OUTPUT);
+ q_dst = get_q_data(ctx, V4L2_BUF_TYPE_VIDEO_CAPTURE);
state = VB2_BUF_STATE_DONE;
if (device_process(ctx, src_buf, dst_buf))
state = VB2_BUF_STATE_ERROR;
+ else
+ dst_buf->sequence = q_dst->sequence++;
+ dst_buf->flags &= ~V4L2_BUF_FLAG_LAST;
+ v4l2_m2m_buf_copy_metadata(src_buf, dst_buf, !ctx->is_enc);
+
ctx->last_dst_buf = dst_buf;
spin_lock(ctx->lock);
--
2.20.1
^ permalink raw reply related [flat|nested] 429+ messages in thread
* [PATCH 5.1 318/405] ice: Prevent unintended multiple chain resets
2019-05-30 2:59 [PATCH 5.1 000/405] 5.1.6-stable review Greg Kroah-Hartman
` (316 preceding siblings ...)
2019-05-30 3:05 ` [PATCH 5.1 317/405] media: vicodec: bugfix - call v4l2_m2m_buf_copy_metadata also if decoding fails Greg Kroah-Hartman
@ 2019-05-30 3:05 ` Greg Kroah-Hartman
2019-05-30 3:05 ` [PATCH 5.1 319/405] selinux: avoid uninitialized variable warning Greg Kroah-Hartman
` (91 subsequent siblings)
409 siblings, 0 replies; 429+ messages in thread
From: Greg Kroah-Hartman @ 2019-05-30 3:05 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Dave Ertman, Anirudh Venkataramanan,
Andrew Bowers, Jeff Kirsher, Sasha Levin
[ Upstream commit 2ebd4428d93a2f6ce0c813b10a1a43b6a8241fe5 ]
In the current implementation of ice_reset_subtask, if multiple reset
types are set in the pf->state, the most intrusive one is meant to be
performed only, but the bits requesting the other types are not being
cleared. This would lead to another reset being performed the next time
the service task is scheduled.
Change the flow of ice_reset_subtask so that all reset request bits in
pf->state are cleared, and we still perform the most intrusive of the
resets requested.
Signed-off-by: Dave Ertman <david.m.ertman@intel.com>
Signed-off-by: Anirudh Venkataramanan <anirudh.venkataramanan@intel.com>
Tested-by: Andrew Bowers <andrewx.bowers@intel.com>
Signed-off-by: Jeff Kirsher <jeffrey.t.kirsher@intel.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/ethernet/intel/ice/ice_main.c | 10 ++++++++--
1 file changed, 8 insertions(+), 2 deletions(-)
diff --git a/drivers/net/ethernet/intel/ice/ice_main.c b/drivers/net/ethernet/intel/ice/ice_main.c
index ac30288720f71..ba9f88cd138de 100644
--- a/drivers/net/ethernet/intel/ice/ice_main.c
+++ b/drivers/net/ethernet/intel/ice/ice_main.c
@@ -416,8 +416,14 @@ static void ice_reset_subtask(struct ice_pf *pf)
* for the reset now), poll for reset done, rebuild and return.
*/
if (test_bit(__ICE_RESET_OICR_RECV, pf->state)) {
- clear_bit(__ICE_GLOBR_RECV, pf->state);
- clear_bit(__ICE_CORER_RECV, pf->state);
+ /* Perform the largest reset requested */
+ if (test_and_clear_bit(__ICE_CORER_RECV, pf->state))
+ reset_type = ICE_RESET_CORER;
+ if (test_and_clear_bit(__ICE_GLOBR_RECV, pf->state))
+ reset_type = ICE_RESET_GLOBR;
+ /* return if no valid reset type requested */
+ if (reset_type == ICE_RESET_INVAL)
+ return;
if (!test_bit(__ICE_PREPARED_FOR_RESET, pf->state))
ice_prepare_for_reset(pf);
--
2.20.1
^ permalink raw reply related [flat|nested] 429+ messages in thread
* [PATCH 5.1 319/405] selinux: avoid uninitialized variable warning
2019-05-30 2:59 [PATCH 5.1 000/405] 5.1.6-stable review Greg Kroah-Hartman
` (317 preceding siblings ...)
2019-05-30 3:05 ` [PATCH 5.1 318/405] ice: Prevent unintended multiple chain resets Greg Kroah-Hartman
@ 2019-05-30 3:05 ` Greg Kroah-Hartman
2019-05-30 3:05 ` [PATCH 5.1 320/405] batman-adv: allow updating DAT entry timeouts on incoming ARP Replies Greg Kroah-Hartman
` (90 subsequent siblings)
409 siblings, 0 replies; 429+ messages in thread
From: Greg Kroah-Hartman @ 2019-05-30 3:05 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Arnd Bergmann, Paul Moore, Sasha Levin
[ Upstream commit 98bbbb76f2edcfb8fb2b8f4b3ccc7b6e99d64bd8 ]
clang correctly points out a code path that would lead
to an uninitialized variable use:
security/selinux/netlabel.c:310:6: error: variable 'addr' is used uninitialized whenever 'if' condition is false
[-Werror,-Wsometimes-uninitialized]
if (ip_hdr(skb)->version == 4) {
^~~~~~~~~~~~~~~~~~~~~~~~~
security/selinux/netlabel.c:322:40: note: uninitialized use occurs here
rc = netlbl_conn_setattr(ep->base.sk, addr, &secattr);
^~~~
security/selinux/netlabel.c:310:2: note: remove the 'if' if its condition is always true
if (ip_hdr(skb)->version == 4) {
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
security/selinux/netlabel.c:291:23: note: initialize the variable 'addr' to silence this warning
struct sockaddr *addr;
^
= NULL
This is probably harmless since we should not see ipv6 packets
of CONFIG_IPV6 is disabled, but it's better to rearrange the code
so this cannot happen.
Signed-off-by: Arnd Bergmann <arnd@arndb.de>
[PM: removed old patchwork link, fixed checkpatch.pl style errors]
Signed-off-by: Paul Moore <paul@paul-moore.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
security/selinux/netlabel.c | 14 +++++---------
1 file changed, 5 insertions(+), 9 deletions(-)
diff --git a/security/selinux/netlabel.c b/security/selinux/netlabel.c
index 186e727b737b9..6fd9954e1c085 100644
--- a/security/selinux/netlabel.c
+++ b/security/selinux/netlabel.c
@@ -288,11 +288,8 @@ int selinux_netlbl_sctp_assoc_request(struct sctp_endpoint *ep,
int rc;
struct netlbl_lsm_secattr secattr;
struct sk_security_struct *sksec = ep->base.sk->sk_security;
- struct sockaddr *addr;
struct sockaddr_in addr4;
-#if IS_ENABLED(CONFIG_IPV6)
struct sockaddr_in6 addr6;
-#endif
if (ep->base.sk->sk_family != PF_INET &&
ep->base.sk->sk_family != PF_INET6)
@@ -310,16 +307,15 @@ int selinux_netlbl_sctp_assoc_request(struct sctp_endpoint *ep,
if (ip_hdr(skb)->version == 4) {
addr4.sin_family = AF_INET;
addr4.sin_addr.s_addr = ip_hdr(skb)->saddr;
- addr = (struct sockaddr *)&addr4;
-#if IS_ENABLED(CONFIG_IPV6)
- } else {
+ rc = netlbl_conn_setattr(ep->base.sk, (void *)&addr4, &secattr);
+ } else if (IS_ENABLED(CONFIG_IPV6) && ip_hdr(skb)->version == 6) {
addr6.sin6_family = AF_INET6;
addr6.sin6_addr = ipv6_hdr(skb)->saddr;
- addr = (struct sockaddr *)&addr6;
-#endif
+ rc = netlbl_conn_setattr(ep->base.sk, (void *)&addr6, &secattr);
+ } else {
+ rc = -EAFNOSUPPORT;
}
- rc = netlbl_conn_setattr(ep->base.sk, addr, &secattr);
if (rc == 0)
sksec->nlbl_state = NLBL_LABELED;
--
2.20.1
^ permalink raw reply related [flat|nested] 429+ messages in thread
* [PATCH 5.1 320/405] batman-adv: allow updating DAT entry timeouts on incoming ARP Replies
2019-05-30 2:59 [PATCH 5.1 000/405] 5.1.6-stable review Greg Kroah-Hartman
` (318 preceding siblings ...)
2019-05-30 3:05 ` [PATCH 5.1 319/405] selinux: avoid uninitialized variable warning Greg Kroah-Hartman
@ 2019-05-30 3:05 ` Greg Kroah-Hartman
2019-05-30 3:05 ` [PATCH 5.1 321/405] dmaengine: tegra210-adma: use devm_clk_*() helpers Greg Kroah-Hartman
` (89 subsequent siblings)
409 siblings, 0 replies; 429+ messages in thread
From: Greg Kroah-Hartman @ 2019-05-30 3:05 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Linus Lüssing,
Antonio Quartulli, Sven Eckelmann, Simon Wunderlich, Sasha Levin
[ Upstream commit 099e6cc1582dc2903fecb898bbeae8f7cf4262c7 ]
Currently incoming ARP Replies, for example via a DHT-PUT message, do
not update the timeout for an already existing DAT entry. These ARP
Replies are dropped instead.
This however defeats the purpose of the DHCPACK snooping, for instance.
Right now, a DAT entry in the DHT will be purged every five minutes,
likely leading to a mesh-wide ARP Request broadcast after this timeout.
Which then recreates the entry. The idea of the DHCPACK snooping is to
be able to update an entry before a timeout happens, to avoid ARP Request
flooding.
This patch fixes this issue by updating a DAT entry on incoming
ARP Replies even if a matching DAT entry already exists. While still
filtering the ARP Reply towards the soft-interface, to avoid duplicate
messages on the client device side.
Signed-off-by: Linus Lüssing <linus.luessing@c0d3.blue>
Acked-by: Antonio Quartulli <a@unstable.cc>
Signed-off-by: Sven Eckelmann <sven@narfation.org>
Signed-off-by: Simon Wunderlich <sw@simonwunderlich.de>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
net/batman-adv/distributed-arp-table.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/net/batman-adv/distributed-arp-table.c b/net/batman-adv/distributed-arp-table.c
index 310a4f353008d..8d290da0d5967 100644
--- a/net/batman-adv/distributed-arp-table.c
+++ b/net/batman-adv/distributed-arp-table.c
@@ -1444,7 +1444,6 @@ bool batadv_dat_snoop_incoming_arp_reply(struct batadv_priv *bat_priv,
hw_src, &ip_src, hw_dst, &ip_dst,
dat_entry->mac_addr, &dat_entry->ip);
dropped = true;
- goto out;
}
/* Update our internal cache with both the IP addresses the node got
@@ -1453,6 +1452,9 @@ bool batadv_dat_snoop_incoming_arp_reply(struct batadv_priv *bat_priv,
batadv_dat_entry_add(bat_priv, ip_src, hw_src, vid);
batadv_dat_entry_add(bat_priv, ip_dst, hw_dst, vid);
+ if (dropped)
+ goto out;
+
/* If BLA is enabled, only forward ARP replies if we have claimed the
* source of the ARP reply or if no one else of the same backbone has
* already claimed that client. This prevents that different gateways
--
2.20.1
^ permalink raw reply related [flat|nested] 429+ messages in thread
* [PATCH 5.1 321/405] dmaengine: tegra210-adma: use devm_clk_*() helpers
2019-05-30 2:59 [PATCH 5.1 000/405] 5.1.6-stable review Greg Kroah-Hartman
` (319 preceding siblings ...)
2019-05-30 3:05 ` [PATCH 5.1 320/405] batman-adv: allow updating DAT entry timeouts on incoming ARP Replies Greg Kroah-Hartman
@ 2019-05-30 3:05 ` Greg Kroah-Hartman
2019-05-30 3:05 ` [PATCH 5.1 322/405] x86/CPU/hygon: Fix phys_proc_id calculation logic for multi-die processors Greg Kroah-Hartman
` (88 subsequent siblings)
409 siblings, 0 replies; 429+ messages in thread
From: Greg Kroah-Hartman @ 2019-05-30 3:05 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Mohan Kumar D, Jonathan Hunter,
Sameer Pujar, Vinod Koul, Sasha Levin
[ Upstream commit f6ed6491d565c336a360471e0c29228e34f4380e ]
adma driver is using pm_clk_*() interface for managing clock resources.
With this it is observed that clocks remain ON always. This happens on
Tegra devices which use BPMP co-processor to manage clock resources,
where clocks are enabled during prepare phase. This is necessary because
clocks to BPMP are always blocking. When pm_clk_*() interface is used on
such Tegra devices, clock prepare count is not balanced till remove call
happens for the driver and hence clocks are seen ON always. Thus this
patch replaces pm_clk_*() with devm_clk_*() framework.
Suggested-by: Mohan Kumar D <mkumard@nvidia.com>
Reviewed-by: Jonathan Hunter <jonathanh@nvidia.com>
Signed-off-by: Sameer Pujar <spujar@nvidia.com>
Signed-off-by: Vinod Koul <vkoul@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/dma/tegra210-adma.c | 27 ++++++++++++---------------
1 file changed, 12 insertions(+), 15 deletions(-)
diff --git a/drivers/dma/tegra210-adma.c b/drivers/dma/tegra210-adma.c
index 9aa35a7f13692..1477cce33dbe5 100644
--- a/drivers/dma/tegra210-adma.c
+++ b/drivers/dma/tegra210-adma.c
@@ -22,7 +22,6 @@
#include <linux/of_device.h>
#include <linux/of_dma.h>
#include <linux/of_irq.h>
-#include <linux/pm_clock.h>
#include <linux/pm_runtime.h>
#include <linux/slab.h>
@@ -141,6 +140,7 @@ struct tegra_adma {
struct dma_device dma_dev;
struct device *dev;
void __iomem *base_addr;
+ struct clk *ahub_clk;
unsigned int nr_channels;
unsigned long rx_requests_reserved;
unsigned long tx_requests_reserved;
@@ -637,8 +637,9 @@ static int tegra_adma_runtime_suspend(struct device *dev)
struct tegra_adma *tdma = dev_get_drvdata(dev);
tdma->global_cmd = tdma_read(tdma, ADMA_GLOBAL_CMD);
+ clk_disable_unprepare(tdma->ahub_clk);
- return pm_clk_suspend(dev);
+ return 0;
}
static int tegra_adma_runtime_resume(struct device *dev)
@@ -646,10 +647,11 @@ static int tegra_adma_runtime_resume(struct device *dev)
struct tegra_adma *tdma = dev_get_drvdata(dev);
int ret;
- ret = pm_clk_resume(dev);
- if (ret)
+ ret = clk_prepare_enable(tdma->ahub_clk);
+ if (ret) {
+ dev_err(dev, "ahub clk_enable failed: %d\n", ret);
return ret;
-
+ }
tdma_write(tdma, ADMA_GLOBAL_CMD, tdma->global_cmd);
return 0;
@@ -693,13 +695,11 @@ static int tegra_adma_probe(struct platform_device *pdev)
if (IS_ERR(tdma->base_addr))
return PTR_ERR(tdma->base_addr);
- ret = pm_clk_create(&pdev->dev);
- if (ret)
- return ret;
-
- ret = of_pm_clk_add_clk(&pdev->dev, "d_audio");
- if (ret)
- goto clk_destroy;
+ tdma->ahub_clk = devm_clk_get(&pdev->dev, "d_audio");
+ if (IS_ERR(tdma->ahub_clk)) {
+ dev_err(&pdev->dev, "Error: Missing ahub controller clock\n");
+ return PTR_ERR(tdma->ahub_clk);
+ }
pm_runtime_enable(&pdev->dev);
@@ -776,8 +776,6 @@ static int tegra_adma_probe(struct platform_device *pdev)
pm_runtime_put_sync(&pdev->dev);
rpm_disable:
pm_runtime_disable(&pdev->dev);
-clk_destroy:
- pm_clk_destroy(&pdev->dev);
return ret;
}
@@ -795,7 +793,6 @@ static int tegra_adma_remove(struct platform_device *pdev)
pm_runtime_put_sync(&pdev->dev);
pm_runtime_disable(&pdev->dev);
- pm_clk_destroy(&pdev->dev);
return 0;
}
--
2.20.1
^ permalink raw reply related [flat|nested] 429+ messages in thread
* [PATCH 5.1 322/405] x86/CPU/hygon: Fix phys_proc_id calculation logic for multi-die processors
2019-05-30 2:59 [PATCH 5.1 000/405] 5.1.6-stable review Greg Kroah-Hartman
` (320 preceding siblings ...)
2019-05-30 3:05 ` [PATCH 5.1 321/405] dmaengine: tegra210-adma: use devm_clk_*() helpers Greg Kroah-Hartman
@ 2019-05-30 3:05 ` Greg Kroah-Hartman
2019-05-30 3:05 ` [PATCH 5.1 323/405] net/mlx5e: Fix compilation warning in en_tc.c Greg Kroah-Hartman
` (87 subsequent siblings)
409 siblings, 0 replies; 429+ messages in thread
From: Greg Kroah-Hartman @ 2019-05-30 3:05 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Pu Wen, Borislav Petkov,
H. Peter Anvin, Ingo Molnar, Thomas Gleixner, Thomas Lendacky,
Yazen Ghannam, x86-ml, Sasha Levin
[ Upstream commit e0ceeae708cebf22c990c3d703a4ca187dc837f5 ]
The Hygon family 18h multi-die processor platform supports 1, 2 or
4-Dies per socket. The topology looks like this:
System View (with 1-Die 2-Socket):
|------------|
------ -----
SOCKET0 | D0 | | D1 | SOCKET1
------ -----
System View (with 2-Die 2-socket):
--------------------
| -------------|------
| | | |
------------ ------------
SOCKET0 | D1 -- D0 | | D3 -- D2 | SOCKET1
------------ ------------
System View (with 4-Die 2-Socket) :
--------------------
| -------------|------
| | | |
------------ ------------
| D1 -- D0 | | D7 -- D6 |
| | \/ | | | | \/ | |
SOCKET0 | | /\ | | | | /\ | | SOCKET1
| D2 -- D3 | | D4 -- D5 |
------------ ------------
| | | |
------|------------| |
--------------------
Currently
phys_proc_id = initial_apicid >> bits
calculates the physical processor ID from the initial_apicid by shifting
*bits*.
However, this does not work for 1-Die and 2-Die 2-socket systems.
According to document [1] section 2.1.11.1, the bits is the value of
CPUID_Fn80000008_ECX[12:15]. The possible values are 4, 5 or 6 which
mean:
4 - 1 die
5 - 2 dies
6 - 3/4 dies.
Hygon programs the initial ApicId the same way as AMD. The ApicId is
read from CPUID_Fn00000001_EBX (see section 2.1.11.1 of referrence [1])
and the definition is as below (see section 2.1.10.2.1.3 of [1]):
-------------------------------------------------
Bit | 6 | 5 4 | 3 | 2 1 0 |
|-----------|---------|--------|----------------|
IDs | Socket ID | Node ID | CCX ID | Core/Thread ID |
-------------------------------------------------
So for 3/4-Die configurations, the bits variable is 6, which is the same
as the ApicID definition field.
For 1-Die and 2-Die configurations, bits is 4 or 5, which will cause the
right shifted result to not be exactly the value of socket ID.
However, the socket ID should be obtained from ApicId[6]. To fix the
problem and match the ApicID field definition, set the shift bits to 6
for all Hygon family 18h multi-die CPUs.
Because AMD doesn't have 2-Socket systems with 1-Die/2-Die processors
(see reference [2]), this doesn't need to be changed on the AMD side but
only for Hygon.
[1] https://www.amd.com/system/files/TechDocs/54945_PPR_Family_17h_Models_00h-0Fh.pdf
[2] https://www.amd.com/en/products/specifications/processors
[bp: heavily massage commit message. ]
Signed-off-by: Pu Wen <puwen@hygon.cn>
Signed-off-by: Borislav Petkov <bp@suse.de>
Cc: H. Peter Anvin <hpa@zytor.com>
Cc: Ingo Molnar <mingo@redhat.com>
Cc: Thomas Gleixner <tglx@linutronix.de>
Cc: Thomas Lendacky <Thomas.Lendacky@amd.com>
Cc: Yazen Ghannam <yazen.ghannam@amd.com>
Cc: x86-ml <x86@kernel.org>
Link: https://lkml.kernel.org/r/1553355740-19999-1-git-send-email-puwen@hygon.cn
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/x86/kernel/cpu/hygon.c | 5 +++++
1 file changed, 5 insertions(+)
diff --git a/arch/x86/kernel/cpu/hygon.c b/arch/x86/kernel/cpu/hygon.c
index cf25405444ab3..415621ddb8a23 100644
--- a/arch/x86/kernel/cpu/hygon.c
+++ b/arch/x86/kernel/cpu/hygon.c
@@ -19,6 +19,8 @@
#include "cpu.h"
+#define APICID_SOCKET_ID_BIT 6
+
/*
* nodes_per_socket: Stores the number of nodes per socket.
* Refer to CPUID Fn8000_001E_ECX Node Identifiers[10:8]
@@ -87,6 +89,9 @@ static void hygon_get_topology(struct cpuinfo_x86 *c)
if (!err)
c->x86_coreid_bits = get_count_order(c->x86_max_cores);
+ /* Socket ID is ApicId[6] for these processors. */
+ c->phys_proc_id = c->apicid >> APICID_SOCKET_ID_BIT;
+
cacheinfo_hygon_init_llc_id(c, cpu, node_id);
} else if (cpu_has(c, X86_FEATURE_NODEID_MSR)) {
u64 value;
--
2.20.1
^ permalink raw reply related [flat|nested] 429+ messages in thread
* [PATCH 5.1 323/405] net/mlx5e: Fix compilation warning in en_tc.c
2019-05-30 2:59 [PATCH 5.1 000/405] 5.1.6-stable review Greg Kroah-Hartman
` (321 preceding siblings ...)
2019-05-30 3:05 ` [PATCH 5.1 322/405] x86/CPU/hygon: Fix phys_proc_id calculation logic for multi-die processors Greg Kroah-Hartman
@ 2019-05-30 3:05 ` Greg Kroah-Hartman
2019-05-30 3:05 ` [PATCH 5.1 324/405] staging: mt7621-mmc: Check for nonzero number of scatterlist entries Greg Kroah-Hartman
` (86 subsequent siblings)
409 siblings, 0 replies; 429+ messages in thread
From: Greg Kroah-Hartman @ 2019-05-30 3:05 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Roi Dayan, Saeed Mahameed, Sasha Levin
[ Upstream commit ee576ec1c1c66ec1cd0c4735bb12bc08f675f530 ]
Amazingly a mlx5e_tc function is being called from the eswitch layer,
which is by itself very terrible! The function was declared locally in
eswitch_offloads.c so it could be used there, which caused the following
compilation warning, fix that.
drivers/.../mlx5/core/en_tc.c:3242:6: [-Werror=missing-prototypes]
error: no previous prototype for ‘mlx5e_tc_clean_fdb_peer_flows’
Fixes: 04de7dda7394 ("net/mlx5e: Infrastructure for duplicated offloading of TC flows")
Reviewed-by: Roi Dayan <roid@mellanox.com>
Signed-off-by: Saeed Mahameed <saeedm@mellanox.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/ethernet/mellanox/mlx5/core/eswitch.h | 3 +++
drivers/net/ethernet/mellanox/mlx5/core/eswitch_offloads.c | 2 --
2 files changed, 3 insertions(+), 2 deletions(-)
diff --git a/drivers/net/ethernet/mellanox/mlx5/core/eswitch.h b/drivers/net/ethernet/mellanox/mlx5/core/eswitch.h
index 3f3cd32ae60a2..e0ba59b5296f0 100644
--- a/drivers/net/ethernet/mellanox/mlx5/core/eswitch.h
+++ b/drivers/net/ethernet/mellanox/mlx5/core/eswitch.h
@@ -431,6 +431,9 @@ static inline int mlx5_eswitch_index_to_vport_num(struct mlx5_eswitch *esw,
return index;
}
+/* TODO: This mlx5e_tc function shouldn't be called by eswitch */
+void mlx5e_tc_clean_fdb_peer_flows(struct mlx5_eswitch *esw);
+
#else /* CONFIG_MLX5_ESWITCH */
/* eswitch API stubs */
static inline int mlx5_eswitch_init(struct mlx5_core_dev *dev) { return 0; }
diff --git a/drivers/net/ethernet/mellanox/mlx5/core/eswitch_offloads.c b/drivers/net/ethernet/mellanox/mlx5/core/eswitch_offloads.c
index d2d8da133082c..a97ffd0dbf014 100644
--- a/drivers/net/ethernet/mellanox/mlx5/core/eswitch_offloads.c
+++ b/drivers/net/ethernet/mellanox/mlx5/core/eswitch_offloads.c
@@ -1521,8 +1521,6 @@ static int mlx5_esw_offloads_pair(struct mlx5_eswitch *esw,
return 0;
}
-void mlx5e_tc_clean_fdb_peer_flows(struct mlx5_eswitch *esw);
-
static void mlx5_esw_offloads_unpair(struct mlx5_eswitch *esw)
{
mlx5e_tc_clean_fdb_peer_flows(esw);
--
2.20.1
^ permalink raw reply related [flat|nested] 429+ messages in thread
* [PATCH 5.1 324/405] staging: mt7621-mmc: Check for nonzero number of scatterlist entries
2019-05-30 2:59 [PATCH 5.1 000/405] 5.1.6-stable review Greg Kroah-Hartman
` (322 preceding siblings ...)
2019-05-30 3:05 ` [PATCH 5.1 323/405] net/mlx5e: Fix compilation warning in en_tc.c Greg Kroah-Hartman
@ 2019-05-30 3:05 ` Greg Kroah-Hartman
2019-05-30 3:05 ` [PATCH 5.1 325/405] hwrng: omap - Set default quality Greg Kroah-Hartman
` (85 subsequent siblings)
409 siblings, 0 replies; 429+ messages in thread
From: Greg Kroah-Hartman @ 2019-05-30 3:05 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, George Hilliard, Sasha Levin
[ Upstream commit d4223e06b6aed581625f574ad8faa71b6c0fc903 ]
The buffer descriptor setup loop is correct only if it is setting up at
least one bd struct. Besides, there is an error if dma_map_sg() returns
0, which is possible and must be handled.
Additionally, remove the BUG_ON() checking sglen, which is unnecessary
because we configure DMA with that constraint during init.
Signed-off-by: George Hilliard <thirtythreeforty@gmail.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/staging/mt7621-mmc/sd.c | 9 +++++++--
1 file changed, 7 insertions(+), 2 deletions(-)
diff --git a/drivers/staging/mt7621-mmc/sd.c b/drivers/staging/mt7621-mmc/sd.c
index 74f0e57ad2f15..38f9ea02ee3a9 100644
--- a/drivers/staging/mt7621-mmc/sd.c
+++ b/drivers/staging/mt7621-mmc/sd.c
@@ -596,8 +596,6 @@ static void msdc_dma_setup(struct msdc_host *host, struct msdc_dma *dma,
struct bd *bd;
u32 j;
- BUG_ON(sglen > MAX_BD_NUM); /* not support currently */
-
gpd = dma->gpd;
bd = dma->bd;
@@ -692,6 +690,13 @@ static int msdc_do_request(struct mmc_host *mmc, struct mmc_request *mrq)
data->sg_count = dma_map_sg(mmc_dev(mmc), data->sg,
data->sg_len,
mmc_get_dma_dir(data));
+
+ if (data->sg_count == 0) {
+ dev_err(mmc_dev(host->mmc), "failed to map DMA for transfer\n");
+ data->error = -ENOMEM;
+ goto done;
+ }
+
msdc_dma_setup(host, &host->dma, data->sg,
data->sg_count);
--
2.20.1
^ permalink raw reply related [flat|nested] 429+ messages in thread
* [PATCH 5.1 325/405] hwrng: omap - Set default quality
2019-05-30 2:59 [PATCH 5.1 000/405] 5.1.6-stable review Greg Kroah-Hartman
` (323 preceding siblings ...)
2019-05-30 3:05 ` [PATCH 5.1 324/405] staging: mt7621-mmc: Check for nonzero number of scatterlist entries Greg Kroah-Hartman
@ 2019-05-30 3:05 ` Greg Kroah-Hartman
2019-05-30 3:05 ` [PATCH 5.1 326/405] thunderbolt: Fix to check return value of ida_simple_get Greg Kroah-Hartman
` (84 subsequent siblings)
409 siblings, 0 replies; 429+ messages in thread
From: Greg Kroah-Hartman @ 2019-05-30 3:05 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Rouven Czerwinski, Herbert Xu, Sasha Levin
[ Upstream commit 62f95ae805fa9e1e84d47d3219adddd97b2654b7 ]
Newer combinations of the glibc, kernel and openssh can result in long initial
startup times on OMAP devices:
[ 6.671425] systemd-rc-once[102]: Creating ED25519 key; this may take some time ...
[ 142.652491] systemd-rc-once[102]: Creating ED25519 key; done.
due to the blocking getrandom(2) system call:
[ 142.610335] random: crng init done
Set the quality level for the omap hwrng driver allowing the kernel to use the
hwrng as an entropy source at boot.
Signed-off-by: Rouven Czerwinski <r.czerwinski@pengutronix.de>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/char/hw_random/omap-rng.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/drivers/char/hw_random/omap-rng.c b/drivers/char/hw_random/omap-rng.c
index b65ff69628995..e9b6ac61fb7f6 100644
--- a/drivers/char/hw_random/omap-rng.c
+++ b/drivers/char/hw_random/omap-rng.c
@@ -443,6 +443,7 @@ static int omap_rng_probe(struct platform_device *pdev)
priv->rng.read = omap_rng_do_read;
priv->rng.init = omap_rng_init;
priv->rng.cleanup = omap_rng_cleanup;
+ priv->rng.quality = 900;
priv->rng.priv = (unsigned long)priv;
platform_set_drvdata(pdev, priv);
--
2.20.1
^ permalink raw reply related [flat|nested] 429+ messages in thread
* [PATCH 5.1 326/405] thunderbolt: Fix to check return value of ida_simple_get
2019-05-30 2:59 [PATCH 5.1 000/405] 5.1.6-stable review Greg Kroah-Hartman
` (324 preceding siblings ...)
2019-05-30 3:05 ` [PATCH 5.1 325/405] hwrng: omap - Set default quality Greg Kroah-Hartman
@ 2019-05-30 3:05 ` Greg Kroah-Hartman
2019-05-30 3:05 ` [PATCH 5.1 327/405] thunderbolt: Fix to check for kmemdup failure Greg Kroah-Hartman
` (83 subsequent siblings)
409 siblings, 0 replies; 429+ messages in thread
From: Greg Kroah-Hartman @ 2019-05-30 3:05 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Aditya Pakki, Mika Westerberg, Sasha Levin
[ Upstream commit 9aabb68568b473bf2f0b179d053b403961e42e4d ]
In enumerate_services, ida_simple_get on failure can return an error and
leaks memory. The patch ensures that the dev_set_name is set on non
failure cases, and releases memory during failure.
Signed-off-by: Aditya Pakki <pakki001@umn.edu>
Signed-off-by: Mika Westerberg <mika.westerberg@linux.intel.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/thunderbolt/xdomain.c | 8 +++++++-
1 file changed, 7 insertions(+), 1 deletion(-)
diff --git a/drivers/thunderbolt/xdomain.c b/drivers/thunderbolt/xdomain.c
index e27dd8beb94be..e0642dcb8b9bd 100644
--- a/drivers/thunderbolt/xdomain.c
+++ b/drivers/thunderbolt/xdomain.c
@@ -740,6 +740,7 @@ static void enumerate_services(struct tb_xdomain *xd)
struct tb_service *svc;
struct tb_property *p;
struct device *dev;
+ int id;
/*
* First remove all services that are not available anymore in
@@ -768,7 +769,12 @@ static void enumerate_services(struct tb_xdomain *xd)
break;
}
- svc->id = ida_simple_get(&xd->service_ids, 0, 0, GFP_KERNEL);
+ id = ida_simple_get(&xd->service_ids, 0, 0, GFP_KERNEL);
+ if (id < 0) {
+ kfree(svc);
+ break;
+ }
+ svc->id = id;
svc->dev.bus = &tb_bus_type;
svc->dev.type = &tb_service_type;
svc->dev.parent = &xd->dev;
--
2.20.1
^ permalink raw reply related [flat|nested] 429+ messages in thread
* [PATCH 5.1 327/405] thunderbolt: Fix to check for kmemdup failure
2019-05-30 2:59 [PATCH 5.1 000/405] 5.1.6-stable review Greg Kroah-Hartman
` (325 preceding siblings ...)
2019-05-30 3:05 ` [PATCH 5.1 326/405] thunderbolt: Fix to check return value of ida_simple_get Greg Kroah-Hartman
@ 2019-05-30 3:05 ` Greg Kroah-Hartman
2019-05-30 3:05 ` [PATCH 5.1 328/405] spi: export tracepoint symbols to modules Greg Kroah-Hartman
` (82 subsequent siblings)
409 siblings, 0 replies; 429+ messages in thread
From: Greg Kroah-Hartman @ 2019-05-30 3:05 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Aditya Pakki, Mukesh Ojha,
Mika Westerberg, Sasha Levin
[ Upstream commit 2cc12751cf464a722ff57b54d17d30c84553f9c0 ]
Memory allocated via kmemdup might fail and return a NULL pointer.
This patch adds a check on the return value of kmemdup and passes the
error upstream.
Signed-off-by: Aditya Pakki <pakki001@umn.edu>
Reviewed-by: Mukesh Ojha <mojha@codeaurora.org>
Signed-off-by: Mika Westerberg <mika.westerberg@linux.intel.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/thunderbolt/switch.c | 22 ++++++++++++++++------
1 file changed, 16 insertions(+), 6 deletions(-)
diff --git a/drivers/thunderbolt/switch.c b/drivers/thunderbolt/switch.c
index 32e012713dbeb..f569a2673742f 100644
--- a/drivers/thunderbolt/switch.c
+++ b/drivers/thunderbolt/switch.c
@@ -1287,13 +1287,14 @@ int tb_switch_configure(struct tb_switch *sw)
return tb_plug_events_active(sw, true);
}
-static void tb_switch_set_uuid(struct tb_switch *sw)
+static int tb_switch_set_uuid(struct tb_switch *sw)
{
u32 uuid[4];
- int cap;
+ int cap, ret;
+ ret = 0;
if (sw->uuid)
- return;
+ return ret;
/*
* The newer controllers include fused UUID as part of link
@@ -1301,7 +1302,9 @@ static void tb_switch_set_uuid(struct tb_switch *sw)
*/
cap = tb_switch_find_vse_cap(sw, TB_VSE_CAP_LINK_CONTROLLER);
if (cap > 0) {
- tb_sw_read(sw, uuid, TB_CFG_SWITCH, cap + 3, 4);
+ ret = tb_sw_read(sw, uuid, TB_CFG_SWITCH, cap + 3, 4);
+ if (ret)
+ return ret;
} else {
/*
* ICM generates UUID based on UID and fills the upper
@@ -1316,6 +1319,9 @@ static void tb_switch_set_uuid(struct tb_switch *sw)
}
sw->uuid = kmemdup(uuid, sizeof(uuid), GFP_KERNEL);
+ if (!sw->uuid)
+ ret = -ENOMEM;
+ return ret;
}
static int tb_switch_add_dma_port(struct tb_switch *sw)
@@ -1365,7 +1371,9 @@ static int tb_switch_add_dma_port(struct tb_switch *sw)
if (status) {
tb_sw_info(sw, "switch flash authentication failed\n");
- tb_switch_set_uuid(sw);
+ ret = tb_switch_set_uuid(sw);
+ if (ret)
+ return ret;
nvm_set_auth_status(sw, status);
}
@@ -1415,7 +1423,9 @@ int tb_switch_add(struct tb_switch *sw)
}
tb_sw_dbg(sw, "uid: %#llx\n", sw->uid);
- tb_switch_set_uuid(sw);
+ ret = tb_switch_set_uuid(sw);
+ if (ret)
+ return ret;
for (i = 0; i <= sw->config.max_port_number; i++) {
if (sw->ports[i].disabled) {
--
2.20.1
^ permalink raw reply related [flat|nested] 429+ messages in thread
* [PATCH 5.1 328/405] spi: export tracepoint symbols to modules
2019-05-30 2:59 [PATCH 5.1 000/405] 5.1.6-stable review Greg Kroah-Hartman
` (326 preceding siblings ...)
2019-05-30 3:05 ` [PATCH 5.1 327/405] thunderbolt: Fix to check for kmemdup failure Greg Kroah-Hartman
@ 2019-05-30 3:05 ` Greg Kroah-Hartman
2019-05-30 3:05 ` [PATCH 5.1 329/405] regulator: add regulator_get_linear_step() stub helper Greg Kroah-Hartman
` (81 subsequent siblings)
409 siblings, 0 replies; 429+ messages in thread
From: Greg Kroah-Hartman @ 2019-05-30 3:05 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Arnd Bergmann, Mark Brown, Sasha Levin
[ Upstream commit ca1438dcb34c7fcad63b6ce14ea63a870b92a69b ]
The newly added tracepoints in the spi-mxs driver cause a link
error when the driver is a loadable module:
ERROR: "__tracepoint_spi_transfer_stop" [drivers/spi/spi-mxs.ko] undefined!
ERROR: "__tracepoint_spi_transfer_start" [drivers/spi/spi-mxs.ko] undefined!
I'm not quite sure where to put the export statements, but
directly after the inclusion of the header seems as good as
any other place.
Fixes: f3fdea3af405 ("spi: mxs: add tracing to custom .transfer_one_message callback")
Signed-off-by: Arnd Bergmann <arnd@arndb.de>
Signed-off-by: Mark Brown <broonie@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/spi/spi.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/drivers/spi/spi.c b/drivers/spi/spi.c
index e3f2e15b75ad4..6cb72287eac82 100644
--- a/drivers/spi/spi.c
+++ b/drivers/spi/spi.c
@@ -36,6 +36,8 @@
#define CREATE_TRACE_POINTS
#include <trace/events/spi.h>
+EXPORT_TRACEPOINT_SYMBOL(spi_transfer_start);
+EXPORT_TRACEPOINT_SYMBOL(spi_transfer_stop);
#include "internals.h"
--
2.20.1
^ permalink raw reply related [flat|nested] 429+ messages in thread
* [PATCH 5.1 329/405] regulator: add regulator_get_linear_step() stub helper
2019-05-30 2:59 [PATCH 5.1 000/405] 5.1.6-stable review Greg Kroah-Hartman
` (327 preceding siblings ...)
2019-05-30 3:05 ` [PATCH 5.1 328/405] spi: export tracepoint symbols to modules Greg Kroah-Hartman
@ 2019-05-30 3:05 ` Greg Kroah-Hartman
2019-05-30 3:05 ` [PATCH 5.1 330/405] drm/amd/display: fix releasing planes when exiting odm Greg Kroah-Hartman
` (80 subsequent siblings)
409 siblings, 0 replies; 429+ messages in thread
From: Greg Kroah-Hartman @ 2019-05-30 3:05 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Arnd Bergmann, Mark Brown, Sasha Levin
[ Upstream commit 7287275b4301e230be9e4569431c7dacb67ebc13 ]
The regulator header has empty inline functions for most interfaces,
but not regulator_get_linear_step(), which has just grown a user
that does not depend on regulators otherwise:
drivers/clk/tegra/clk-tegra124-dfll-fcpu.c: In function 'get_alignment_from_regulator':
drivers/clk/tegra/clk-tegra124-dfll-fcpu.c:555:19: error: implicit declaration of function 'regulator_get_linear_step'; did you mean 'regulator_get_drvdata'? [-Werror=implicit-function-declaration]
align->step_uv = regulator_get_linear_step(reg);
^~~~~~~~~~~~~~~~~~~~~~~~~
regulator_get_drvdata
cc1: all warnings being treated as errors
scripts/Makefile.build:278: recipe for target 'drivers/clk/tegra/clk-tegra124-dfll-fcpu.o' failed
Add the missing stub along the others.
Fixes: b3cf8d069505 ("clk: tegra: dfll: CVB calculation alignment with the regulator")
Signed-off-by: Arnd Bergmann <arnd@arndb.de>
Signed-off-by: Mark Brown <broonie@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
include/linux/regulator/consumer.h | 5 +++++
1 file changed, 5 insertions(+)
diff --git a/include/linux/regulator/consumer.h b/include/linux/regulator/consumer.h
index f3f76051e8b00..aaf3cee704397 100644
--- a/include/linux/regulator/consumer.h
+++ b/include/linux/regulator/consumer.h
@@ -478,6 +478,11 @@ static inline int regulator_is_supported_voltage(struct regulator *regulator,
return 0;
}
+static inline unsigned int regulator_get_linear_step(struct regulator *regulator)
+{
+ return 0;
+}
+
static inline int regulator_set_current_limit(struct regulator *regulator,
int min_uA, int max_uA)
{
--
2.20.1
^ permalink raw reply related [flat|nested] 429+ messages in thread
* [PATCH 5.1 330/405] drm/amd/display: fix releasing planes when exiting odm
2019-05-30 2:59 [PATCH 5.1 000/405] 5.1.6-stable review Greg Kroah-Hartman
` (328 preceding siblings ...)
2019-05-30 3:05 ` [PATCH 5.1 329/405] regulator: add regulator_get_linear_step() stub helper Greg Kroah-Hartman
@ 2019-05-30 3:05 ` Greg Kroah-Hartman
2019-05-30 3:05 ` [PATCH 5.1 331/405] drm/amd/display: Link train only when link is DP and backend is enabled Greg Kroah-Hartman
` (79 subsequent siblings)
409 siblings, 0 replies; 429+ messages in thread
From: Greg Kroah-Hartman @ 2019-05-30 3:05 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Dmytro Laktyushkin, Tony Cheng,
Bhawanpreet Lakha, Alex Deucher, Sasha Levin
[ Upstream commit bc2193992b00488f5734613ac95b78ef2d2803ab ]
Releasing planes should not release the 2nd odm pipe right away,
this change leaves us with 2 pipes with null planes and same stream
when planes are released during odm.
Signed-off-by: Dmytro Laktyushkin <Dmytro.Laktyushkin@amd.com>
Reviewed-by: Tony Cheng <Tony.Cheng@amd.com>
Acked-by: Bhawanpreet Lakha <Bhawanpreet.Lakha@amd.com>
Signed-off-by: Alex Deucher <alexander.deucher@amd.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/gpu/drm/amd/display/dc/core/dc_resource.c | 6 ++++--
1 file changed, 4 insertions(+), 2 deletions(-)
diff --git a/drivers/gpu/drm/amd/display/dc/core/dc_resource.c b/drivers/gpu/drm/amd/display/dc/core/dc_resource.c
index 349ab80177761..4c06eb52ab734 100644
--- a/drivers/gpu/drm/amd/display/dc/core/dc_resource.c
+++ b/drivers/gpu/drm/amd/display/dc/core/dc_resource.c
@@ -1266,10 +1266,12 @@ bool dc_remove_plane_from_context(
* For head pipe detach surfaces from pipe for tail
* pipe just zero it out
*/
- if (!pipe_ctx->top_pipe) {
+ if (!pipe_ctx->top_pipe ||
+ (!pipe_ctx->top_pipe->top_pipe &&
+ pipe_ctx->top_pipe->stream_res.opp != pipe_ctx->stream_res.opp)) {
pipe_ctx->plane_state = NULL;
pipe_ctx->bottom_pipe = NULL;
- } else {
+ } else {
memset(pipe_ctx, 0, sizeof(*pipe_ctx));
}
}
--
2.20.1
^ permalink raw reply related [flat|nested] 429+ messages in thread
* [PATCH 5.1 331/405] drm/amd/display: Link train only when link is DP and backend is enabled
2019-05-30 2:59 [PATCH 5.1 000/405] 5.1.6-stable review Greg Kroah-Hartman
` (329 preceding siblings ...)
2019-05-30 3:05 ` [PATCH 5.1 330/405] drm/amd/display: fix releasing planes when exiting odm Greg Kroah-Hartman
@ 2019-05-30 3:05 ` Greg Kroah-Hartman
2019-05-30 3:05 ` [PATCH 5.1 332/405] drm/amd/display: Update ABM crtc state on non-modeset Greg Kroah-Hartman
` (78 subsequent siblings)
409 siblings, 0 replies; 429+ messages in thread
From: Greg Kroah-Hartman @ 2019-05-30 3:05 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Samson Tam, Aric Cyr, Anthony Koo,
Bhawanpreet Lakha, Alex Deucher, Sasha Levin
[ Upstream commit 66acd4418d7de131ef3831e52a8af3d2480e5b15 ]
[Why]
In certain cases we do link training when we don't have a backend.
[How]
In dc_link_set_preferred_link_settings(), store preferred link settings
first and then verify that the link is DP and the link stream's backend is
enabled. If either is false, then we will not do any link retraining.
Signed-off-by: Samson Tam <Samson.Tam@amd.com>
Reviewed-by: Aric Cyr <Aric.Cyr@amd.com>
Acked-by: Anthony Koo <Anthony.Koo@amd.com>
Acked-by: Bhawanpreet Lakha <Bhawanpreet.Lakha@amd.com>
Signed-off-by: Alex Deucher <alexander.deucher@amd.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/gpu/drm/amd/display/dc/core/dc.c | 13 ++++++++++++-
1 file changed, 12 insertions(+), 1 deletion(-)
diff --git a/drivers/gpu/drm/amd/display/dc/core/dc.c b/drivers/gpu/drm/amd/display/dc/core/dc.c
index a6cda201c964c..c1a308c1dcbea 100644
--- a/drivers/gpu/drm/amd/display/dc/core/dc.c
+++ b/drivers/gpu/drm/amd/display/dc/core/dc.c
@@ -524,6 +524,14 @@ void dc_link_set_preferred_link_settings(struct dc *dc,
struct dc_stream_state *link_stream;
struct dc_link_settings store_settings = *link_setting;
+ link->preferred_link_setting = store_settings;
+
+ /* Retrain with preferred link settings only relevant for
+ * DP signal type
+ */
+ if (!dc_is_dp_signal(link->connector_signal))
+ return;
+
for (i = 0; i < MAX_PIPES; i++) {
pipe = &dc->current_state->res_ctx.pipe_ctx[i];
if (pipe->stream && pipe->stream->link) {
@@ -538,7 +546,10 @@ void dc_link_set_preferred_link_settings(struct dc *dc,
link_stream = link->dc->current_state->res_ctx.pipe_ctx[i].stream;
- link->preferred_link_setting = store_settings;
+ /* Cannot retrain link if backend is off */
+ if (link_stream->dpms_off)
+ return;
+
if (link_stream)
decide_link_settings(link_stream, &store_settings);
--
2.20.1
^ permalink raw reply related [flat|nested] 429+ messages in thread
* [PATCH 5.1 332/405] drm/amd/display: Update ABM crtc state on non-modeset
2019-05-30 2:59 [PATCH 5.1 000/405] 5.1.6-stable review Greg Kroah-Hartman
` (330 preceding siblings ...)
2019-05-30 3:05 ` [PATCH 5.1 331/405] drm/amd/display: Link train only when link is DP and backend is enabled Greg Kroah-Hartman
@ 2019-05-30 3:05 ` Greg Kroah-Hartman
2019-05-30 3:05 ` [PATCH 5.1 333/405] drm/amd/display: Reset alpha state for planes to the correct values Greg Kroah-Hartman
` (77 subsequent siblings)
409 siblings, 0 replies; 429+ messages in thread
From: Greg Kroah-Hartman @ 2019-05-30 3:05 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, David Francis, Nicholas Kazlauskas,
Bhawanpreet Lakha, Alex Deucher, Sasha Levin
[ Upstream commit b05e2c5e81f9a0be4a145e0926b1dfe62f6347d4 ]
[Why]
Somewhere in the atomic check reshuffle ABM got lost.
ABM is a crtc property (copied from a connector property).
It can change without a modeset, just like underscan.
[How]
In the skip_modeset branch of atomic check crtc updates,
copy over the abm property.
Signed-off-by: David Francis <David.Francis@amd.com>
Reviewed-by: Nicholas Kazlauskas <Nicholas.Kazlauskas@amd.com>
Acked-by: Bhawanpreet Lakha <Bhawanpreet.Lakha@amd.com>
Signed-off-by: Alex Deucher <alexander.deucher@amd.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c b/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c
index 66f19d1864b17..c212bff457eec 100644
--- a/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c
+++ b/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c
@@ -5661,6 +5661,9 @@ static int dm_update_crtc_state(struct amdgpu_display_manager *dm,
update_stream_scaling_settings(
&new_crtc_state->mode, dm_new_conn_state, dm_new_crtc_state->stream);
+ /* ABM settings */
+ dm_new_crtc_state->abm_level = dm_new_conn_state->abm_level;
+
/*
* Color management settings. We also update color properties
* when a modeset is needed, to ensure it gets reprogrammed.
--
2.20.1
^ permalink raw reply related [flat|nested] 429+ messages in thread
* [PATCH 5.1 333/405] drm/amd/display: Reset alpha state for planes to the correct values
2019-05-30 2:59 [PATCH 5.1 000/405] 5.1.6-stable review Greg Kroah-Hartman
` (331 preceding siblings ...)
2019-05-30 3:05 ` [PATCH 5.1 332/405] drm/amd/display: Update ABM crtc state on non-modeset Greg Kroah-Hartman
@ 2019-05-30 3:05 ` Greg Kroah-Hartman
2019-05-30 3:05 ` [PATCH 5.1 334/405] thunderbolt: property: Fix a NULL pointer dereference Greg Kroah-Hartman
` (76 subsequent siblings)
409 siblings, 0 replies; 429+ messages in thread
From: Greg Kroah-Hartman @ 2019-05-30 3:05 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Nicholas Kazlauskas, Harry Wentland,
Bhawanpreet Lakha, Alex Deucher, Sasha Levin
[ Upstream commit eec3d5efd16d13984a88396b685ae17462fb6d87 ]
[Why]
The plane_reset callback is subclassed but hasn't been updated since
the drm helper got updated to include resetting alpha related state
(state->alpha and state->pixel_blend_mode). The overlay planes
exposed by amdgpu_dm were therefore being rendered as invisible by
default ever since supported was exposed for alpha blending properties
on overlays.
This caused regressions in igt@kms_plane_multiple@atomic-tiling-none
and igt@kms_plane@plane-position-covered-pipe tests.
[How]
Reset the plane state values to their correct values as defined in
the drm helper.
This fixes the IGT test regression.
Signed-off-by: Nicholas Kazlauskas <nicholas.kazlauskas@amd.com>
Reviewed-by: Harry Wentland <Harry.Wentland@amd.com>
Acked-by: Bhawanpreet Lakha <Bhawanpreet.Lakha@amd.com>
Signed-off-by: Alex Deucher <alexander.deucher@amd.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c b/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c
index c212bff457eec..b14369ab151f6 100644
--- a/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c
+++ b/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c
@@ -3587,6 +3587,8 @@ static void dm_drm_plane_reset(struct drm_plane *plane)
plane->state = &amdgpu_state->base;
plane->state->plane = plane;
plane->state->rotation = DRM_MODE_ROTATE_0;
+ plane->state->alpha = DRM_BLEND_ALPHA_OPAQUE;
+ plane->state->pixel_blend_mode = DRM_MODE_BLEND_PREMULTI;
}
}
--
2.20.1
^ permalink raw reply related [flat|nested] 429+ messages in thread
* [PATCH 5.1 334/405] thunderbolt: property: Fix a NULL pointer dereference
2019-05-30 2:59 [PATCH 5.1 000/405] 5.1.6-stable review Greg Kroah-Hartman
` (332 preceding siblings ...)
2019-05-30 3:05 ` [PATCH 5.1 333/405] drm/amd/display: Reset alpha state for planes to the correct values Greg Kroah-Hartman
@ 2019-05-30 3:05 ` Greg Kroah-Hartman
2019-05-30 3:05 ` [PATCH 5.1 335/405] media: v4l2-fwnode: The first default data lane is 0 on C-PHY Greg Kroah-Hartman
` (75 subsequent siblings)
409 siblings, 0 replies; 429+ messages in thread
From: Greg Kroah-Hartman @ 2019-05-30 3:05 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Kangjie Lu, Mika Westerberg, Sasha Levin
[ Upstream commit 106204b56f60abf1bead7dceb88f2be3e34433da ]
In case kzalloc fails, the fix releases resources and returns
-ENOMEM to avoid the NULL pointer dereference.
Signed-off-by: Kangjie Lu <kjlu@umn.edu>
Signed-off-by: Mika Westerberg <mika.westerberg@linux.intel.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/thunderbolt/property.c | 5 +++++
1 file changed, 5 insertions(+)
diff --git a/drivers/thunderbolt/property.c b/drivers/thunderbolt/property.c
index ead18c532b53d..8c077c4f3b5b2 100644
--- a/drivers/thunderbolt/property.c
+++ b/drivers/thunderbolt/property.c
@@ -548,6 +548,11 @@ int tb_property_add_data(struct tb_property_dir *parent, const char *key,
property->length = size / 4;
property->value.data = kzalloc(size, GFP_KERNEL);
+ if (!property->value.data) {
+ kfree(property);
+ return -ENOMEM;
+ }
+
memcpy(property->value.data, buf, buflen);
list_add_tail(&property->list, &parent->properties);
--
2.20.1
^ permalink raw reply related [flat|nested] 429+ messages in thread
* [PATCH 5.1 335/405] media: v4l2-fwnode: The first default data lane is 0 on C-PHY
2019-05-30 2:59 [PATCH 5.1 000/405] 5.1.6-stable review Greg Kroah-Hartman
` (333 preceding siblings ...)
2019-05-30 3:05 ` [PATCH 5.1 334/405] thunderbolt: property: Fix a NULL pointer dereference Greg Kroah-Hartman
@ 2019-05-30 3:05 ` Greg Kroah-Hartman
2019-05-30 3:05 ` [PATCH 5.1 336/405] media: ov7670: restore default settings after power-up Greg Kroah-Hartman
` (74 subsequent siblings)
409 siblings, 0 replies; 429+ messages in thread
From: Greg Kroah-Hartman @ 2019-05-30 3:05 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Sakari Ailus, Mauro Carvalho Chehab,
Sasha Levin
[ Upstream commit fff35d45e16fae125c6000cb87e254cb634ac7fb ]
C-PHY has no clock lanes. Therefore the first data lane is 0 by default.
Fixes: edc6d56c2e7e ("media: v4l: fwnode: Support parsing of CSI-2 C-PHY endpoints")
Signed-off-by: Sakari Ailus <sakari.ailus@linux.intel.com>
Signed-off-by: Mauro Carvalho Chehab <mchehab+samsung@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/media/v4l2-core/v4l2-fwnode.c | 6 +++++-
1 file changed, 5 insertions(+), 1 deletion(-)
diff --git a/drivers/media/v4l2-core/v4l2-fwnode.c b/drivers/media/v4l2-core/v4l2-fwnode.c
index 20571846e6367..7495f83231479 100644
--- a/drivers/media/v4l2-core/v4l2-fwnode.c
+++ b/drivers/media/v4l2-core/v4l2-fwnode.c
@@ -225,6 +225,10 @@ static int v4l2_fwnode_endpoint_parse_csi2_bus(struct fwnode_handle *fwnode,
if (bus_type == V4L2_MBUS_CSI2_DPHY ||
bus_type == V4L2_MBUS_CSI2_CPHY || lanes_used ||
have_clk_lane || (flags & ~V4L2_MBUS_CSI2_CONTINUOUS_CLOCK)) {
+ /* Only D-PHY has a clock lane. */
+ unsigned int dfl_data_lane_index =
+ bus_type == V4L2_MBUS_CSI2_DPHY;
+
bus->flags = flags;
if (bus_type == V4L2_MBUS_UNKNOWN)
vep->bus_type = V4L2_MBUS_CSI2_DPHY;
@@ -233,7 +237,7 @@ static int v4l2_fwnode_endpoint_parse_csi2_bus(struct fwnode_handle *fwnode,
if (use_default_lane_mapping) {
bus->clock_lane = 0;
for (i = 0; i < num_data_lanes; i++)
- bus->data_lanes[i] = 1 + i;
+ bus->data_lanes[i] = dfl_data_lane_index + i;
} else {
bus->clock_lane = clock_lane;
for (i = 0; i < num_data_lanes; i++)
--
2.20.1
^ permalink raw reply related [flat|nested] 429+ messages in thread
* [PATCH 5.1 336/405] media: ov7670: restore default settings after power-up
2019-05-30 2:59 [PATCH 5.1 000/405] 5.1.6-stable review Greg Kroah-Hartman
` (334 preceding siblings ...)
2019-05-30 3:05 ` [PATCH 5.1 335/405] media: v4l2-fwnode: The first default data lane is 0 on C-PHY Greg Kroah-Hartman
@ 2019-05-30 3:05 ` Greg Kroah-Hartman
2019-05-30 3:05 ` [PATCH 5.1 337/405] media: staging/intel-ipu3: mark PM function as __maybe_unused Greg Kroah-Hartman
` (73 subsequent siblings)
409 siblings, 0 replies; 429+ messages in thread
From: Greg Kroah-Hartman @ 2019-05-30 3:05 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Jonathan Corbet, Akinobu Mita,
Lubomir Rintel, Sakari Ailus, Mauro Carvalho Chehab, Sasha Levin
[ Upstream commit 32ab688b280301f7cee9e547564cb74e33e06322 ]
Since commit 3d6a8fe25605 ("media: ov7670: hook s_power onto v4l2 core"),
the device is actually powered off while the video stream is stopped.
The frame format and framerate are restored right after power-up, but
restoring the default register settings is forgotten.
Fixes: 3d6a8fe25605 ("media: ov7670: hook s_power onto v4l2 core")
Cc: Jonathan Corbet <corbet@lwn.net>
Signed-off-by: Akinobu Mita <akinobu.mita@gmail.com>
Reviewed-by: Lubomir Rintel <lkundrak@v3.sk>
Tested-by: Lubomir Rintel <lkundrak@v3.sk>
Signed-off-by: Sakari Ailus <sakari.ailus@linux.intel.com>
Signed-off-by: Mauro Carvalho Chehab <mchehab+samsung@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/media/i2c/ov7670.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/drivers/media/i2c/ov7670.c b/drivers/media/i2c/ov7670.c
index a7d26b294eb58..e65693c2aad5f 100644
--- a/drivers/media/i2c/ov7670.c
+++ b/drivers/media/i2c/ov7670.c
@@ -1664,6 +1664,7 @@ static int ov7670_s_power(struct v4l2_subdev *sd, int on)
if (on) {
ov7670_power_on (sd);
+ ov7670_init(sd, 0);
ov7670_apply_fmt(sd);
ov7675_apply_framerate(sd);
v4l2_ctrl_handler_setup(&info->hdl);
--
2.20.1
^ permalink raw reply related [flat|nested] 429+ messages in thread
* [PATCH 5.1 337/405] media: staging/intel-ipu3: mark PM function as __maybe_unused
2019-05-30 2:59 [PATCH 5.1 000/405] 5.1.6-stable review Greg Kroah-Hartman
` (335 preceding siblings ...)
2019-05-30 3:05 ` [PATCH 5.1 336/405] media: ov7670: restore default settings after power-up Greg Kroah-Hartman
@ 2019-05-30 3:05 ` Greg Kroah-Hartman
2019-05-30 3:05 ` [PATCH 5.1 338/405] media: vicodec: reset last_src/dst_buf based on the IS_OUTPUT Greg Kroah-Hartman
` (72 subsequent siblings)
409 siblings, 0 replies; 429+ messages in thread
From: Greg Kroah-Hartman @ 2019-05-30 3:05 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Arnd Bergmann, Sakari Ailus,
Mauro Carvalho Chehab, Sasha Levin
[ Upstream commit 948dff7cfa1d7653e7828e7b905863bd24ca5c02 ]
The imgu_rpm_dummy_cb() looks like an API misuse that is explained
in the comment above it. Aside from that, it also causes a warning
when power management support is disabled:
drivers/staging/media/ipu3/ipu3.c:794:12: error: 'imgu_rpm_dummy_cb' defined but not used [-Werror=unused-function]
The warning is at least easy to fix by marking the function as
__maybe_unused.
Fixes: 7fc7af649ca7 ("media: staging/intel-ipu3: Add imgu top level pci device driver")
Signed-off-by: Arnd Bergmann <arnd@arndb.de>
Signed-off-by: Sakari Ailus <sakari.ailus@linux.intel.com>
Signed-off-by: Mauro Carvalho Chehab <mchehab+samsung@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/staging/media/ipu3/ipu3.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/staging/media/ipu3/ipu3.c b/drivers/staging/media/ipu3/ipu3.c
index d575ac78c8f0b..d00d26264c37d 100644
--- a/drivers/staging/media/ipu3/ipu3.c
+++ b/drivers/staging/media/ipu3/ipu3.c
@@ -791,7 +791,7 @@ static int __maybe_unused imgu_resume(struct device *dev)
* PCI rpm framework checks the existence of driver rpm callbacks.
* Place a dummy callback here to avoid rpm going into error state.
*/
-static int imgu_rpm_dummy_cb(struct device *dev)
+static __maybe_unused int imgu_rpm_dummy_cb(struct device *dev)
{
return 0;
}
--
2.20.1
^ permalink raw reply related [flat|nested] 429+ messages in thread
* [PATCH 5.1 338/405] media: vicodec: reset last_src/dst_buf based on the IS_OUTPUT
2019-05-30 2:59 [PATCH 5.1 000/405] 5.1.6-stable review Greg Kroah-Hartman
` (336 preceding siblings ...)
2019-05-30 3:05 ` [PATCH 5.1 337/405] media: staging/intel-ipu3: mark PM function as __maybe_unused Greg Kroah-Hartman
@ 2019-05-30 3:05 ` Greg Kroah-Hartman
2019-05-30 3:05 ` [PATCH 5.1 339/405] ice: Fix issue with VF reset and multiple VFs support on PFs Greg Kroah-Hartman
` (71 subsequent siblings)
409 siblings, 0 replies; 429+ messages in thread
From: Greg Kroah-Hartman @ 2019-05-30 3:05 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Hans Verkuil, Mauro Carvalho Chehab,
Sasha Levin
[ Upstream commit 76eb24fc233b8c94b2156ead5811e08d2046ad58 ]
When start_streaming was called both last_src_buf and last_dst_buf
pointers were set to NULL, but this depends on whether the capture
or output queue starts streaming.
When decoding with resolution changes in between the capture queue
has to restart streaming whenever a resolution change occurs. And
that would reset last_src_buf as well, which causes a problem if
the decoder was stopped by the application. Since last_src_buf
is now NULL, the LAST flag is never set for the last capture
buffer.
Signed-off-by: Hans Verkuil <hverkuil-cisco@xs4all.nl>
Signed-off-by: Mauro Carvalho Chehab <mchehab+samsung@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/media/platform/vicodec/vicodec-core.c | 7 +++++--
1 file changed, 5 insertions(+), 2 deletions(-)
diff --git a/drivers/media/platform/vicodec/vicodec-core.c b/drivers/media/platform/vicodec/vicodec-core.c
index 6b618452700c4..8788369e59a0a 100644
--- a/drivers/media/platform/vicodec/vicodec-core.c
+++ b/drivers/media/platform/vicodec/vicodec-core.c
@@ -1339,8 +1339,11 @@ static int vicodec_start_streaming(struct vb2_queue *q,
chroma_div = info->width_div * info->height_div;
q_data->sequence = 0;
- ctx->last_src_buf = NULL;
- ctx->last_dst_buf = NULL;
+ if (V4L2_TYPE_IS_OUTPUT(q->type))
+ ctx->last_src_buf = NULL;
+ else
+ ctx->last_dst_buf = NULL;
+
state->gop_cnt = 0;
if ((V4L2_TYPE_IS_OUTPUT(q->type) && !ctx->is_enc) ||
--
2.20.1
^ permalink raw reply related [flat|nested] 429+ messages in thread
* [PATCH 5.1 339/405] ice: Fix issue with VF reset and multiple VFs support on PFs
2019-05-30 2:59 [PATCH 5.1 000/405] 5.1.6-stable review Greg Kroah-Hartman
` (337 preceding siblings ...)
2019-05-30 3:05 ` [PATCH 5.1 338/405] media: vicodec: reset last_src/dst_buf based on the IS_OUTPUT Greg Kroah-Hartman
@ 2019-05-30 3:05 ` Greg Kroah-Hartman
2019-05-30 3:05 ` [PATCH 5.1 340/405] e1000e: Disable runtime PM on CNP+ Greg Kroah-Hartman
` (70 subsequent siblings)
409 siblings, 0 replies; 429+ messages in thread
From: Greg Kroah-Hartman @ 2019-05-30 3:05 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Akeem G Abodunrin,
Anirudh Venkataramanan, Andrew Bowers, Jeff Kirsher, Sasha Levin
[ Upstream commit 42b2cc83afb4d1afcf7794148dd4e8e45ba32943 ]
This patch fixes issues with VF queues being disabled, and VF netdev
network carrier being lost after reset. Basically, we need to check if VF
is enabled, and queue configured in reset_all_vfs flow, and disable/enable
those queues appropriately whenever the function is called after
Global/CORER/PFR reset/rebuild/replay.
Signed-off-by: Akeem G Abodunrin <akeem.g.abodunrin@intel.com>
Signed-off-by: Anirudh Venkataramanan <anirudh.venkataramanan@intel.com>
Tested-by: Andrew Bowers <andrewx.bowers@intel.com>
Signed-off-by: Jeff Kirsher <jeffrey.t.kirsher@intel.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
.../net/ethernet/intel/ice/ice_virtchnl_pf.c | 20 ++++++++++++-------
1 file changed, 13 insertions(+), 7 deletions(-)
diff --git a/drivers/net/ethernet/intel/ice/ice_virtchnl_pf.c b/drivers/net/ethernet/intel/ice/ice_virtchnl_pf.c
index 57155b4a59dc1..8b1ee9f3a39d6 100644
--- a/drivers/net/ethernet/intel/ice/ice_virtchnl_pf.c
+++ b/drivers/net/ethernet/intel/ice/ice_virtchnl_pf.c
@@ -764,6 +764,7 @@ static void ice_cleanup_and_realloc_vf(struct ice_vf *vf)
bool ice_reset_all_vfs(struct ice_pf *pf, bool is_vflr)
{
struct ice_hw *hw = &pf->hw;
+ struct ice_vf *vf;
int v, i;
/* If we don't have any VFs, then there is nothing to reset */
@@ -778,12 +779,17 @@ bool ice_reset_all_vfs(struct ice_pf *pf, bool is_vflr)
for (v = 0; v < pf->num_alloc_vfs; v++)
ice_trigger_vf_reset(&pf->vf[v], is_vflr);
- /* Call Disable LAN Tx queue AQ call with VFR bit set and 0
- * queues to inform Firmware about VF reset.
- */
- for (v = 0; v < pf->num_alloc_vfs; v++)
- ice_dis_vsi_txq(pf->vsi[0]->port_info, 0, NULL, NULL,
- ICE_VF_RESET, v, NULL);
+ for (v = 0; v < pf->num_alloc_vfs; v++) {
+ struct ice_vsi *vsi;
+
+ vf = &pf->vf[v];
+ vsi = pf->vsi[vf->lan_vsi_idx];
+ if (test_bit(ICE_VF_STATE_ENA, vf->vf_states)) {
+ ice_vsi_stop_lan_tx_rings(vsi, ICE_VF_RESET, vf->vf_id);
+ ice_vsi_stop_rx_rings(vsi);
+ clear_bit(ICE_VF_STATE_ENA, vf->vf_states);
+ }
+ }
/* HW requires some time to make sure it can flush the FIFO for a VF
* when it resets it. Poll the VPGEN_VFRSTAT register for each VF in
@@ -796,9 +802,9 @@ bool ice_reset_all_vfs(struct ice_pf *pf, bool is_vflr)
/* Check each VF in sequence */
while (v < pf->num_alloc_vfs) {
- struct ice_vf *vf = &pf->vf[v];
u32 reg;
+ vf = &pf->vf[v];
reg = rd32(hw, VPGEN_VFRSTAT(vf->vf_id));
if (!(reg & VPGEN_VFRSTAT_VFRD_M))
break;
--
2.20.1
^ permalink raw reply related [flat|nested] 429+ messages in thread
* [PATCH 5.1 340/405] e1000e: Disable runtime PM on CNP+
2019-05-30 2:59 [PATCH 5.1 000/405] 5.1.6-stable review Greg Kroah-Hartman
` (338 preceding siblings ...)
2019-05-30 3:05 ` [PATCH 5.1 339/405] ice: Fix issue with VF reset and multiple VFs support on PFs Greg Kroah-Hartman
@ 2019-05-30 3:05 ` Greg Kroah-Hartman
2019-05-30 3:05 ` [PATCH 5.1 341/405] tinydrm/mipi-dbi: Use dma-safe buffers for all SPI transfers Greg Kroah-Hartman
` (69 subsequent siblings)
409 siblings, 0 replies; 429+ messages in thread
From: Greg Kroah-Hartman @ 2019-05-30 3:05 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Kai-Heng Feng, Aaron Brown,
Jeff Kirsher, Sasha Levin
[ Upstream commit 459d69c407f9ba122f12216555c3012284dc9fd7 ]
There are some new e1000e devices can only be woken up from D3 one time,
by plugging Ethernet cable. Subsequent cable plugging does set PME bit
correctly, but it still doesn't get woken up.
Since e1000e connects to the root complex directly, we rely on ACPI to
wake it up. In this case, the GPE from _PRW only works once and stops
working after that. Though it appears to be a platform bug, e1000e
maintainers confirmed that I219 does not support D3.
So disable runtime PM on CNP+ chips. We may need to disable earlier
generations if this bug also hit older platforms.
Bugzilla: https://bugzilla.kernel.org/attachment.cgi?id=280819
Signed-off-by: Kai-Heng Feng <kai.heng.feng@canonical.com>
Tested-by: Aaron Brown <aaron.f.brown@intel.com>
Signed-off-by: Jeff Kirsher <jeffrey.t.kirsher@intel.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/ethernet/intel/e1000e/netdev.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/net/ethernet/intel/e1000e/netdev.c b/drivers/net/ethernet/intel/e1000e/netdev.c
index 7acc61e4f6456..c10c9d7eadaac 100644
--- a/drivers/net/ethernet/intel/e1000e/netdev.c
+++ b/drivers/net/ethernet/intel/e1000e/netdev.c
@@ -7350,7 +7350,7 @@ static int e1000_probe(struct pci_dev *pdev, const struct pci_device_id *ent)
dev_pm_set_driver_flags(&pdev->dev, DPM_FLAG_NEVER_SKIP);
- if (pci_dev_run_wake(pdev))
+ if (pci_dev_run_wake(pdev) && hw->mac.type < e1000_pch_cnp)
pm_runtime_put_noidle(&pdev->dev);
return 0;
--
2.20.1
^ permalink raw reply related [flat|nested] 429+ messages in thread
* [PATCH 5.1 341/405] tinydrm/mipi-dbi: Use dma-safe buffers for all SPI transfers
2019-05-30 2:59 [PATCH 5.1 000/405] 5.1.6-stable review Greg Kroah-Hartman
` (339 preceding siblings ...)
2019-05-30 3:05 ` [PATCH 5.1 340/405] e1000e: Disable runtime PM on CNP+ Greg Kroah-Hartman
@ 2019-05-30 3:05 ` Greg Kroah-Hartman
2019-05-30 3:05 ` [PATCH 5.1 342/405] igb: Exclude device from suspend direct complete optimization Greg Kroah-Hartman
` (68 subsequent siblings)
409 siblings, 0 replies; 429+ messages in thread
From: Greg Kroah-Hartman @ 2019-05-30 3:05 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Andy Shevchenko, Noralf Trønnes,
Sasha Levin
[ Upstream commit a89bfc5d9a0732d84b4de311e27133daa0586316 ]
Buffers passed to spi_sync() must be dma-safe even for tiny buffers since
some SPI controllers use DMA for all transfers.
Example splat with CONFIG_DMA_API_DEBUG enabled:
[ 23.750467] DMA-API: dw_dmac_pci 0000:00:15.0: device driver maps memory from stack [probable addr=000000001e49185d]
[ 23.750529] WARNING: CPU: 1 PID: 1296 at kernel/dma/debug.c:1161 check_for_stack+0xb7/0x190
[ 23.750533] Modules linked in: mmc_block(+) spi_pxa2xx_platform(+) pwm_lpss_pci pwm_lpss spi_pxa2xx_pci sdhci_pci cqhci intel_mrfld_pwrbtn extcon_intel_mrfld sdhci intel_mrfld_adc led_class mmc_core ili9341 mipi_dbi tinydrm backlight ti_ads7950 industrialio_triggered_buffer kfifo_buf intel_soc_pmic_mrfld hci_uart btbcm
[ 23.750599] CPU: 1 PID: 1296 Comm: modprobe Not tainted 5.0.0-rc7+ #236
[ 23.750605] Hardware name: Intel Corporation Merrifield/BODEGA BAY, BIOS 542 2015.01.21:18.19.48
[ 23.750620] RIP: 0010:check_for_stack+0xb7/0x190
[ 23.750630] Code: 8b 6d 50 4d 85 ed 75 04 4c 8b 6d 10 48 89 ef e8 2f 8b 44 00 48 89 c6 4a 8d 0c 23 4c 89 ea 48 c7 c7 88 d0 82 b4 e8 40 7c f9 ff <0f> 0b 8b 05 79 00 4b 01 85 c0 74 07 5b 5d 41 5c 41 5d c3 8b 05 54
[ 23.750637] RSP: 0000:ffff97bbc0292fa0 EFLAGS: 00010286
[ 23.750646] RAX: 0000000000000000 RBX: ffff97bbc0290000 RCX: 0000000000000006
[ 23.750652] RDX: 0000000000000007 RSI: 0000000000000002 RDI: ffff94b33e115450
[ 23.750658] RBP: ffff94b33c8578b0 R08: 0000000000000002 R09: 00000000000201c0
[ 23.750664] R10: 00000006ecb0ccc6 R11: 0000000000034f38 R12: 000000000000316c
[ 23.750670] R13: ffff94b33c84b250 R14: ffff94b33dedd5a0 R15: 0000000000000001
[ 23.750679] FS: 0000000000000000(0000) GS:ffff94b33e100000(0063) knlGS:00000000f7faf690
[ 23.750686] CS: 0010 DS: 002b ES: 002b CR0: 0000000080050033
[ 23.750691] CR2: 00000000f7f54faf CR3: 000000000722c000 CR4: 00000000001006e0
[ 23.750696] Call Trace:
[ 23.750713] debug_dma_map_sg+0x100/0x340
[ 23.750727] ? dma_direct_map_sg+0x3b/0xb0
[ 23.750739] spi_map_buf+0x25a/0x300
[ 23.750751] __spi_pump_messages+0x2a4/0x680
[ 23.750762] __spi_sync+0x1dd/0x1f0
[ 23.750773] spi_sync+0x26/0x40
[ 23.750790] mipi_dbi_typec3_command_read+0x14d/0x240 [mipi_dbi]
[ 23.750802] ? spi_finalize_current_transfer+0x10/0x10
[ 23.750821] mipi_dbi_typec3_command+0x1bc/0x1d0 [mipi_dbi]
Reported-by: Andy Shevchenko <andriy.shevchenko@linux.intel.com>
Signed-off-by: Noralf Trønnes <noralf@tronnes.org>
Tested-by: Andy Shevchenko <andriy.shevchenko@linux.intel.com>
Acked-by: Andy Shevchenko <andriy.shevchenko@linux.intel.com>
Link: https://patchwork.freedesktop.org/patch/msgid/20190222124329.23046-1-noralf@tronnes.org
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/gpu/drm/tinydrm/ili9225.c | 6 ++--
drivers/gpu/drm/tinydrm/mipi-dbi.c | 58 +++++++++++++++++++++---------
include/drm/tinydrm/mipi-dbi.h | 5 +--
3 files changed, 48 insertions(+), 21 deletions(-)
diff --git a/drivers/gpu/drm/tinydrm/ili9225.c b/drivers/gpu/drm/tinydrm/ili9225.c
index 43a3b68d90a20..998d75be9e16f 100644
--- a/drivers/gpu/drm/tinydrm/ili9225.c
+++ b/drivers/gpu/drm/tinydrm/ili9225.c
@@ -301,7 +301,7 @@ static void ili9225_pipe_disable(struct drm_simple_display_pipe *pipe)
mipi->enabled = false;
}
-static int ili9225_dbi_command(struct mipi_dbi *mipi, u8 cmd, u8 *par,
+static int ili9225_dbi_command(struct mipi_dbi *mipi, u8 *cmd, u8 *par,
size_t num)
{
struct spi_device *spi = mipi->spi;
@@ -311,11 +311,11 @@ static int ili9225_dbi_command(struct mipi_dbi *mipi, u8 cmd, u8 *par,
gpiod_set_value_cansleep(mipi->dc, 0);
speed_hz = mipi_dbi_spi_cmd_max_speed(spi, 1);
- ret = tinydrm_spi_transfer(spi, speed_hz, NULL, 8, &cmd, 1);
+ ret = tinydrm_spi_transfer(spi, speed_hz, NULL, 8, cmd, 1);
if (ret || !num)
return ret;
- if (cmd == ILI9225_WRITE_DATA_TO_GRAM && !mipi->swap_bytes)
+ if (*cmd == ILI9225_WRITE_DATA_TO_GRAM && !mipi->swap_bytes)
bpw = 16;
gpiod_set_value_cansleep(mipi->dc, 1);
diff --git a/drivers/gpu/drm/tinydrm/mipi-dbi.c b/drivers/gpu/drm/tinydrm/mipi-dbi.c
index 918f77c7de34e..295cbcbc2bb65 100644
--- a/drivers/gpu/drm/tinydrm/mipi-dbi.c
+++ b/drivers/gpu/drm/tinydrm/mipi-dbi.c
@@ -153,16 +153,42 @@ EXPORT_SYMBOL(mipi_dbi_command_read);
*/
int mipi_dbi_command_buf(struct mipi_dbi *mipi, u8 cmd, u8 *data, size_t len)
{
+ u8 *cmdbuf;
int ret;
+ /* SPI requires dma-safe buffers */
+ cmdbuf = kmemdup(&cmd, 1, GFP_KERNEL);
+ if (!cmdbuf)
+ return -ENOMEM;
+
mutex_lock(&mipi->cmdlock);
- ret = mipi->command(mipi, cmd, data, len);
+ ret = mipi->command(mipi, cmdbuf, data, len);
mutex_unlock(&mipi->cmdlock);
+ kfree(cmdbuf);
+
return ret;
}
EXPORT_SYMBOL(mipi_dbi_command_buf);
+/* This should only be used by mipi_dbi_command() */
+int mipi_dbi_command_stackbuf(struct mipi_dbi *mipi, u8 cmd, u8 *data, size_t len)
+{
+ u8 *buf;
+ int ret;
+
+ buf = kmemdup(data, len, GFP_KERNEL);
+ if (!buf)
+ return -ENOMEM;
+
+ ret = mipi_dbi_command_buf(mipi, cmd, buf, len);
+
+ kfree(buf);
+
+ return ret;
+}
+EXPORT_SYMBOL(mipi_dbi_command_stackbuf);
+
/**
* mipi_dbi_buf_copy - Copy a framebuffer, transforming it if necessary
* @dst: The destination buffer
@@ -774,18 +800,18 @@ static int mipi_dbi_spi1_transfer(struct mipi_dbi *mipi, int dc,
return 0;
}
-static int mipi_dbi_typec1_command(struct mipi_dbi *mipi, u8 cmd,
+static int mipi_dbi_typec1_command(struct mipi_dbi *mipi, u8 *cmd,
u8 *parameters, size_t num)
{
- unsigned int bpw = (cmd == MIPI_DCS_WRITE_MEMORY_START) ? 16 : 8;
+ unsigned int bpw = (*cmd == MIPI_DCS_WRITE_MEMORY_START) ? 16 : 8;
int ret;
- if (mipi_dbi_command_is_read(mipi, cmd))
+ if (mipi_dbi_command_is_read(mipi, *cmd))
return -ENOTSUPP;
- MIPI_DBI_DEBUG_COMMAND(cmd, parameters, num);
+ MIPI_DBI_DEBUG_COMMAND(*cmd, parameters, num);
- ret = mipi_dbi_spi1_transfer(mipi, 0, &cmd, 1, 8);
+ ret = mipi_dbi_spi1_transfer(mipi, 0, cmd, 1, 8);
if (ret || !num)
return ret;
@@ -794,7 +820,7 @@ static int mipi_dbi_typec1_command(struct mipi_dbi *mipi, u8 cmd,
/* MIPI DBI Type C Option 3 */
-static int mipi_dbi_typec3_command_read(struct mipi_dbi *mipi, u8 cmd,
+static int mipi_dbi_typec3_command_read(struct mipi_dbi *mipi, u8 *cmd,
u8 *data, size_t len)
{
struct spi_device *spi = mipi->spi;
@@ -803,7 +829,7 @@ static int mipi_dbi_typec3_command_read(struct mipi_dbi *mipi, u8 cmd,
struct spi_transfer tr[2] = {
{
.speed_hz = speed_hz,
- .tx_buf = &cmd,
+ .tx_buf = cmd,
.len = 1,
}, {
.speed_hz = speed_hz,
@@ -821,8 +847,8 @@ static int mipi_dbi_typec3_command_read(struct mipi_dbi *mipi, u8 cmd,
* Support non-standard 24-bit and 32-bit Nokia read commands which
* start with a dummy clock, so we need to read an extra byte.
*/
- if (cmd == MIPI_DCS_GET_DISPLAY_ID ||
- cmd == MIPI_DCS_GET_DISPLAY_STATUS) {
+ if (*cmd == MIPI_DCS_GET_DISPLAY_ID ||
+ *cmd == MIPI_DCS_GET_DISPLAY_STATUS) {
if (!(len == 3 || len == 4))
return -EINVAL;
@@ -852,7 +878,7 @@ static int mipi_dbi_typec3_command_read(struct mipi_dbi *mipi, u8 cmd,
data[i] = (buf[i] << 1) | !!(buf[i + 1] & BIT(7));
}
- MIPI_DBI_DEBUG_COMMAND(cmd, data, len);
+ MIPI_DBI_DEBUG_COMMAND(*cmd, data, len);
err_free:
kfree(buf);
@@ -860,7 +886,7 @@ static int mipi_dbi_typec3_command_read(struct mipi_dbi *mipi, u8 cmd,
return ret;
}
-static int mipi_dbi_typec3_command(struct mipi_dbi *mipi, u8 cmd,
+static int mipi_dbi_typec3_command(struct mipi_dbi *mipi, u8 *cmd,
u8 *par, size_t num)
{
struct spi_device *spi = mipi->spi;
@@ -868,18 +894,18 @@ static int mipi_dbi_typec3_command(struct mipi_dbi *mipi, u8 cmd,
u32 speed_hz;
int ret;
- if (mipi_dbi_command_is_read(mipi, cmd))
+ if (mipi_dbi_command_is_read(mipi, *cmd))
return mipi_dbi_typec3_command_read(mipi, cmd, par, num);
- MIPI_DBI_DEBUG_COMMAND(cmd, par, num);
+ MIPI_DBI_DEBUG_COMMAND(*cmd, par, num);
gpiod_set_value_cansleep(mipi->dc, 0);
speed_hz = mipi_dbi_spi_cmd_max_speed(spi, 1);
- ret = tinydrm_spi_transfer(spi, speed_hz, NULL, 8, &cmd, 1);
+ ret = tinydrm_spi_transfer(spi, speed_hz, NULL, 8, cmd, 1);
if (ret || !num)
return ret;
- if (cmd == MIPI_DCS_WRITE_MEMORY_START && !mipi->swap_bytes)
+ if (*cmd == MIPI_DCS_WRITE_MEMORY_START && !mipi->swap_bytes)
bpw = 16;
gpiod_set_value_cansleep(mipi->dc, 1);
diff --git a/include/drm/tinydrm/mipi-dbi.h b/include/drm/tinydrm/mipi-dbi.h
index f4ec2834bc229..7dfa67a15a04e 100644
--- a/include/drm/tinydrm/mipi-dbi.h
+++ b/include/drm/tinydrm/mipi-dbi.h
@@ -43,7 +43,7 @@ struct mipi_dbi {
struct spi_device *spi;
bool enabled;
struct mutex cmdlock;
- int (*command)(struct mipi_dbi *mipi, u8 cmd, u8 *param, size_t num);
+ int (*command)(struct mipi_dbi *mipi, u8 *cmd, u8 *param, size_t num);
const u8 *read_commands;
struct gpio_desc *dc;
u16 *tx_buf;
@@ -82,6 +82,7 @@ u32 mipi_dbi_spi_cmd_max_speed(struct spi_device *spi, size_t len);
int mipi_dbi_command_read(struct mipi_dbi *mipi, u8 cmd, u8 *val);
int mipi_dbi_command_buf(struct mipi_dbi *mipi, u8 cmd, u8 *data, size_t len);
+int mipi_dbi_command_stackbuf(struct mipi_dbi *mipi, u8 cmd, u8 *data, size_t len);
int mipi_dbi_buf_copy(void *dst, struct drm_framebuffer *fb,
struct drm_rect *clip, bool swap);
/**
@@ -99,7 +100,7 @@ int mipi_dbi_buf_copy(void *dst, struct drm_framebuffer *fb,
#define mipi_dbi_command(mipi, cmd, seq...) \
({ \
u8 d[] = { seq }; \
- mipi_dbi_command_buf(mipi, cmd, d, ARRAY_SIZE(d)); \
+ mipi_dbi_command_stackbuf(mipi, cmd, d, ARRAY_SIZE(d)); \
})
#ifdef CONFIG_DEBUG_FS
--
2.20.1
^ permalink raw reply related [flat|nested] 429+ messages in thread
* [PATCH 5.1 342/405] igb: Exclude device from suspend direct complete optimization
2019-05-30 2:59 [PATCH 5.1 000/405] 5.1.6-stable review Greg Kroah-Hartman
` (340 preceding siblings ...)
2019-05-30 3:05 ` [PATCH 5.1 341/405] tinydrm/mipi-dbi: Use dma-safe buffers for all SPI transfers Greg Kroah-Hartman
@ 2019-05-30 3:05 ` Greg Kroah-Hartman
2019-05-30 3:05 ` [PATCH 5.1 343/405] media: si2165: fix a missing check of return value Greg Kroah-Hartman
` (67 subsequent siblings)
409 siblings, 0 replies; 429+ messages in thread
From: Greg Kroah-Hartman @ 2019-05-30 3:05 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Kai-Heng Feng, Aaron Brown,
Jeff Kirsher, Sasha Levin
[ Upstream commit 5b6e13216be29ced7350d9c354a1af8fe0ad9a3e ]
igb sets different WoL settings in system suspend callback and runtime
suspend callback.
The suspend direct complete optimization leaves igb in runtime suspended
state with wrong WoL setting during system suspend.
To fix this, we need to disable suspend direct complete optimization to
let igb always use suspend callback to set correct WoL during system
suspend.
Signed-off-by: Kai-Heng Feng <kai.heng.feng@canonical.com>
Tested-by: Aaron Brown <aaron.f.brown@intel.com>
Signed-off-by: Jeff Kirsher <jeffrey.t.kirsher@intel.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/ethernet/intel/igb/igb_main.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/drivers/net/ethernet/intel/igb/igb_main.c b/drivers/net/ethernet/intel/igb/igb_main.c
index 3269d8e94744f..580d14b49fda1 100644
--- a/drivers/net/ethernet/intel/igb/igb_main.c
+++ b/drivers/net/ethernet/intel/igb/igb_main.c
@@ -3452,6 +3452,9 @@ static int igb_probe(struct pci_dev *pdev, const struct pci_device_id *ent)
break;
}
}
+
+ dev_pm_set_driver_flags(&pdev->dev, DPM_FLAG_NEVER_SKIP);
+
pm_runtime_put_noidle(&pdev->dev);
return 0;
--
2.20.1
^ permalink raw reply related [flat|nested] 429+ messages in thread
* [PATCH 5.1 343/405] media: si2165: fix a missing check of return value
2019-05-30 2:59 [PATCH 5.1 000/405] 5.1.6-stable review Greg Kroah-Hartman
` (341 preceding siblings ...)
2019-05-30 3:05 ` [PATCH 5.1 342/405] igb: Exclude device from suspend direct complete optimization Greg Kroah-Hartman
@ 2019-05-30 3:05 ` Greg Kroah-Hartman
2019-05-30 3:05 ` [PATCH 5.1 344/405] media: dvbsky: Avoid leaking dvb frontend Greg Kroah-Hartman
` (66 subsequent siblings)
409 siblings, 0 replies; 429+ messages in thread
From: Greg Kroah-Hartman @ 2019-05-30 3:05 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Kangjie Lu, Matthias Schwarzott,
Sean Young, Mauro Carvalho Chehab, Sasha Levin
[ Upstream commit 0ab34a08812a3334350dbaf69a018ee0ab3d2ddd ]
si2165_readreg8() may fail. Looking into si2165_readreg8(), we will find
that "val_tmp" will be an uninitialized value when regmap_read() fails.
"val_tmp" is then assigned to "val". So if si2165_readreg8() fails,
"val" will be a random value. Further use will lead to undefined
behaviors. The fix checks if si2165_readreg8() fails, and if so, returns
its error code upstream.
Signed-off-by: Kangjie Lu <kjlu@umn.edu>
Reviewed-by: Matthias Schwarzott <zzam@gentoo.org>
Tested-by: Matthias Schwarzott <zzam@gentoo.org>
Signed-off-by: Sean Young <sean@mess.org>
Signed-off-by: Mauro Carvalho Chehab <mchehab+samsung@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/media/dvb-frontends/si2165.c | 8 +++++---
1 file changed, 5 insertions(+), 3 deletions(-)
diff --git a/drivers/media/dvb-frontends/si2165.c b/drivers/media/dvb-frontends/si2165.c
index feacd8da421da..d55d8f169dca6 100644
--- a/drivers/media/dvb-frontends/si2165.c
+++ b/drivers/media/dvb-frontends/si2165.c
@@ -275,18 +275,20 @@ static u32 si2165_get_fe_clk(struct si2165_state *state)
static int si2165_wait_init_done(struct si2165_state *state)
{
- int ret = -EINVAL;
+ int ret;
u8 val = 0;
int i;
for (i = 0; i < 3; ++i) {
- si2165_readreg8(state, REG_INIT_DONE, &val);
+ ret = si2165_readreg8(state, REG_INIT_DONE, &val);
+ if (ret < 0)
+ return ret;
if (val == 0x01)
return 0;
usleep_range(1000, 50000);
}
dev_err(&state->client->dev, "init_done was not set\n");
- return ret;
+ return -EINVAL;
}
static int si2165_upload_firmware_block(struct si2165_state *state,
--
2.20.1
^ permalink raw reply related [flat|nested] 429+ messages in thread
* [PATCH 5.1 344/405] media: dvbsky: Avoid leaking dvb frontend
2019-05-30 2:59 [PATCH 5.1 000/405] 5.1.6-stable review Greg Kroah-Hartman
` (342 preceding siblings ...)
2019-05-30 3:05 ` [PATCH 5.1 343/405] media: si2165: fix a missing check of return value Greg Kroah-Hartman
@ 2019-05-30 3:05 ` Greg Kroah-Hartman
2019-05-30 3:05 ` [PATCH 5.1 345/405] media: m88ds3103: serialize reset messages in m88ds3103_set_frontend Greg Kroah-Hartman
` (65 subsequent siblings)
409 siblings, 0 replies; 429+ messages in thread
From: Greg Kroah-Hartman @ 2019-05-30 3:05 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Stefan Brüns, Sean Young,
Mauro Carvalho Chehab, Sasha Levin
[ Upstream commit fdfa59cd63b184e1e96d51ff170fcac739bc6f6f ]
Commit 14f4eaeddabc ("media: dvbsky: fix driver unregister logic") fixed
a use-after-free by removing the reference to the frontend after deleting
the backing i2c device.
This has the unfortunate side effect the frontend device is never freed
in the dvb core leaving a dangling device, leading to errors when the
dvb core tries to register the frontend after e.g. a replug as reported
here: https://www.spinics.net/lists/linux-media/msg138181.html
media: dvbsky: issues with DVBSky T680CI
===
[ 561.119145] sp2 8-0040: CIMaX SP2 successfully attached
[ 561.119161] usb 2-3: DVB: registering adapter 0 frontend 0 (Silicon Labs
Si2168)...
[ 561.119174] sysfs: cannot create duplicate filename '/class/dvb/
dvb0.frontend0'
===
The use after free happened as dvb_usbv2_disconnect calls in this order:
- dvb_usb_device::props->exit(...)
- dvb_usbv2_adapter_frontend_exit(...)
+ if (fe) dvb_unregister_frontend(fe)
+ dvb_usb_device::props->frontend_detach(...)
Moving the release of the i2c device from exit() to frontend_detach()
avoids the dangling pointer access and allows the core to unregister
the frontend.
This was originally reported for a DVBSky T680CI, but it also affects
the MyGica T230C. As all supported devices structure the registration/
unregistration identically, apply the change for all device types.
Signed-off-by: Stefan Brüns <stefan.bruens@rwth-aachen.de>
Signed-off-by: Sean Young <sean@mess.org>
Signed-off-by: Mauro Carvalho Chehab <mchehab+samsung@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/media/usb/dvb-usb-v2/dvbsky.c | 18 ++++++++++--------
1 file changed, 10 insertions(+), 8 deletions(-)
diff --git a/drivers/media/usb/dvb-usb-v2/dvbsky.c b/drivers/media/usb/dvb-usb-v2/dvbsky.c
index e28bd8836751e..ae0814dd202a6 100644
--- a/drivers/media/usb/dvb-usb-v2/dvbsky.c
+++ b/drivers/media/usb/dvb-usb-v2/dvbsky.c
@@ -615,16 +615,18 @@ static int dvbsky_init(struct dvb_usb_device *d)
return 0;
}
-static void dvbsky_exit(struct dvb_usb_device *d)
+static int dvbsky_frontend_detach(struct dvb_usb_adapter *adap)
{
+ struct dvb_usb_device *d = adap_to_d(adap);
struct dvbsky_state *state = d_to_priv(d);
- struct dvb_usb_adapter *adap = &d->adapter[0];
+
+ dev_dbg(&d->udev->dev, "%s: adap=%d\n", __func__, adap->id);
dvb_module_release(state->i2c_client_tuner);
dvb_module_release(state->i2c_client_demod);
dvb_module_release(state->i2c_client_ci);
- adap->fe[0] = NULL;
+ return 0;
}
/* DVB USB Driver stuff */
@@ -640,11 +642,11 @@ static struct dvb_usb_device_properties dvbsky_s960_props = {
.i2c_algo = &dvbsky_i2c_algo,
.frontend_attach = dvbsky_s960_attach,
+ .frontend_detach = dvbsky_frontend_detach,
.init = dvbsky_init,
.get_rc_config = dvbsky_get_rc_config,
.streaming_ctrl = dvbsky_streaming_ctrl,
.identify_state = dvbsky_identify_state,
- .exit = dvbsky_exit,
.read_mac_address = dvbsky_read_mac_addr,
.num_adapters = 1,
@@ -667,11 +669,11 @@ static struct dvb_usb_device_properties dvbsky_s960c_props = {
.i2c_algo = &dvbsky_i2c_algo,
.frontend_attach = dvbsky_s960c_attach,
+ .frontend_detach = dvbsky_frontend_detach,
.init = dvbsky_init,
.get_rc_config = dvbsky_get_rc_config,
.streaming_ctrl = dvbsky_streaming_ctrl,
.identify_state = dvbsky_identify_state,
- .exit = dvbsky_exit,
.read_mac_address = dvbsky_read_mac_addr,
.num_adapters = 1,
@@ -694,11 +696,11 @@ static struct dvb_usb_device_properties dvbsky_t680c_props = {
.i2c_algo = &dvbsky_i2c_algo,
.frontend_attach = dvbsky_t680c_attach,
+ .frontend_detach = dvbsky_frontend_detach,
.init = dvbsky_init,
.get_rc_config = dvbsky_get_rc_config,
.streaming_ctrl = dvbsky_streaming_ctrl,
.identify_state = dvbsky_identify_state,
- .exit = dvbsky_exit,
.read_mac_address = dvbsky_read_mac_addr,
.num_adapters = 1,
@@ -721,11 +723,11 @@ static struct dvb_usb_device_properties dvbsky_t330_props = {
.i2c_algo = &dvbsky_i2c_algo,
.frontend_attach = dvbsky_t330_attach,
+ .frontend_detach = dvbsky_frontend_detach,
.init = dvbsky_init,
.get_rc_config = dvbsky_get_rc_config,
.streaming_ctrl = dvbsky_streaming_ctrl,
.identify_state = dvbsky_identify_state,
- .exit = dvbsky_exit,
.read_mac_address = dvbsky_read_mac_addr,
.num_adapters = 1,
@@ -748,11 +750,11 @@ static struct dvb_usb_device_properties mygica_t230c_props = {
.i2c_algo = &dvbsky_i2c_algo,
.frontend_attach = dvbsky_mygica_t230c_attach,
+ .frontend_detach = dvbsky_frontend_detach,
.init = dvbsky_init,
.get_rc_config = dvbsky_get_rc_config,
.streaming_ctrl = dvbsky_streaming_ctrl,
.identify_state = dvbsky_identify_state,
- .exit = dvbsky_exit,
.num_adapters = 1,
.adapter = {
--
2.20.1
^ permalink raw reply related [flat|nested] 429+ messages in thread
* [PATCH 5.1 345/405] media: m88ds3103: serialize reset messages in m88ds3103_set_frontend
2019-05-30 2:59 [PATCH 5.1 000/405] 5.1.6-stable review Greg Kroah-Hartman
` (343 preceding siblings ...)
2019-05-30 3:05 ` [PATCH 5.1 344/405] media: dvbsky: Avoid leaking dvb frontend Greg Kroah-Hartman
@ 2019-05-30 3:05 ` Greg Kroah-Hartman
2019-05-30 3:05 ` [PATCH 5.1 346/405] drm/amd/display: add pipe lock during stream update Greg Kroah-Hartman
` (64 subsequent siblings)
409 siblings, 0 replies; 429+ messages in thread
From: Greg Kroah-Hartman @ 2019-05-30 3:05 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, James Hutchinson, Antti Palosaari,
Sean Young, Mauro Carvalho Chehab, Sasha Levin
[ Upstream commit 981fbe3da20a6f35f17977453bce7dfc1664d74f ]
Ref: https://bugzilla.kernel.org/show_bug.cgi?id=199323
Users are experiencing problems with the DVBSky S960/S960C USB devices
since the following commit:
9d659ae: ("locking/mutex: Add lock handoff to avoid starvation")
The device malfunctions after running for an indeterminable period of
time, and the problem can only be cleared by rebooting the machine.
It is possible to encourage the problem to surface by blocking the
signal to the LNB.
Further debugging revealed the cause of the problem.
In the following capture:
- thread #1325 is running m88ds3103_set_frontend
- thread #42 is running ts2020_stat_work
a> [1325] usb 1-1: dvb_usb_v2_generic_io: >>> 08 68 02 07 80
[1325] usb 1-1: dvb_usb_v2_generic_io: <<< 08
[42] usb 1-1: dvb_usb_v2_generic_io: >>> 09 01 01 68 3f
[42] usb 1-1: dvb_usb_v2_generic_io: <<< 08 ff
[42] usb 1-1: dvb_usb_v2_generic_io: >>> 08 68 02 03 11
[42] usb 1-1: dvb_usb_v2_generic_io: <<< 07
[42] usb 1-1: dvb_usb_v2_generic_io: >>> 09 01 01 60 3d
[42] usb 1-1: dvb_usb_v2_generic_io: <<< 07 ff
b> [1325] usb 1-1: dvb_usb_v2_generic_io: >>> 08 68 02 07 00
[1325] usb 1-1: dvb_usb_v2_generic_io: <<< 07
[42] usb 1-1: dvb_usb_v2_generic_io: >>> 08 68 02 03 11
[42] usb 1-1: dvb_usb_v2_generic_io: <<< 07
[42] usb 1-1: dvb_usb_v2_generic_io: >>> 09 01 01 60 21
[42] usb 1-1: dvb_usb_v2_generic_io: <<< 07 ff
[42] usb 1-1: dvb_usb_v2_generic_io: >>> 08 68 02 03 11
[42] usb 1-1: dvb_usb_v2_generic_io: <<< 07
[42] usb 1-1: dvb_usb_v2_generic_io: >>> 09 01 01 60 66
[42] usb 1-1: dvb_usb_v2_generic_io: <<< 07 ff
[1325] usb 1-1: dvb_usb_v2_generic_io: >>> 08 68 02 03 11
[1325] usb 1-1: dvb_usb_v2_generic_io: <<< 07
[1325] usb 1-1: dvb_usb_v2_generic_io: >>> 08 60 02 10 0b
[1325] usb 1-1: dvb_usb_v2_generic_io: <<< 07
Two i2c messages are sent to perform a reset in m88ds3103_set_frontend:
a. 0x07, 0x80
b. 0x07, 0x00
However, as shown in the capture, the regmap mutex is being handed over
to another thread (ts2020_stat_work) in between these two messages.
>From here, the device responds to every i2c message with an 07 message,
and will only return to normal operation following a power cycle.
Use regmap_multi_reg_write to group the two reset messages, ensuring
both are processed before the regmap mutex is unlocked.
Signed-off-by: James Hutchinson <jahutchinson99@googlemail.com>
Reviewed-by: Antti Palosaari <crope@iki.fi>
Signed-off-by: Sean Young <sean@mess.org>
Signed-off-by: Mauro Carvalho Chehab <mchehab+samsung@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/media/dvb-frontends/m88ds3103.c | 9 ++++-----
1 file changed, 4 insertions(+), 5 deletions(-)
diff --git a/drivers/media/dvb-frontends/m88ds3103.c b/drivers/media/dvb-frontends/m88ds3103.c
index 123f2a33738b0..403f42806455e 100644
--- a/drivers/media/dvb-frontends/m88ds3103.c
+++ b/drivers/media/dvb-frontends/m88ds3103.c
@@ -309,6 +309,9 @@ static int m88ds3103_set_frontend(struct dvb_frontend *fe)
u16 u16tmp;
u32 tuner_frequency_khz, target_mclk;
s32 s32tmp;
+ static const struct reg_sequence reset_buf[] = {
+ {0x07, 0x80}, {0x07, 0x00}
+ };
dev_dbg(&client->dev,
"delivery_system=%d modulation=%d frequency=%u symbol_rate=%d inversion=%d pilot=%d rolloff=%d\n",
@@ -321,11 +324,7 @@ static int m88ds3103_set_frontend(struct dvb_frontend *fe)
}
/* reset */
- ret = regmap_write(dev->regmap, 0x07, 0x80);
- if (ret)
- goto err;
-
- ret = regmap_write(dev->regmap, 0x07, 0x00);
+ ret = regmap_multi_reg_write(dev->regmap, reset_buf, 2);
if (ret)
goto err;
--
2.20.1
^ permalink raw reply related [flat|nested] 429+ messages in thread
* [PATCH 5.1 346/405] drm/amd/display: add pipe lock during stream update
2019-05-30 2:59 [PATCH 5.1 000/405] 5.1.6-stable review Greg Kroah-Hartman
` (344 preceding siblings ...)
2019-05-30 3:05 ` [PATCH 5.1 345/405] media: m88ds3103: serialize reset messages in m88ds3103_set_frontend Greg Kroah-Hartman
@ 2019-05-30 3:05 ` Greg Kroah-Hartman
2019-05-30 3:05 ` [PATCH 5.1 347/405] media: staging: davinci_vpfe: disallow building with COMPILE_TEST Greg Kroah-Hartman
` (63 subsequent siblings)
409 siblings, 0 replies; 429+ messages in thread
From: Greg Kroah-Hartman @ 2019-05-30 3:05 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Wenjing Liu, Jun Lei, Leo Li,
Alex Deucher, Sasha Levin
[ Upstream commit e6bddf6c67f9a3abf6f1ef75e52bc1cd228dfe4d ]
[why]
Stream update will adjust both info packets and stream params,
need to make sure all things are applied togather.
[how]
add pipe lock during stream update
Signed-off-by: Wenjing Liu <Wenjing.Liu@amd.com>
Reviewed-by: Jun Lei <Jun.Lei@amd.com>
Acked-by: Leo Li <sunpeng.li@amd.com>
Signed-off-by: Alex Deucher <alexander.deucher@amd.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/gpu/drm/amd/display/dc/core/dc.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/drivers/gpu/drm/amd/display/dc/core/dc.c b/drivers/gpu/drm/amd/display/dc/core/dc.c
index c1a308c1dcbea..88fe4fb43bfd5 100644
--- a/drivers/gpu/drm/amd/display/dc/core/dc.c
+++ b/drivers/gpu/drm/amd/display/dc/core/dc.c
@@ -1677,6 +1677,7 @@ static void commit_planes_do_stream_update(struct dc *dc,
continue;
if (stream_update->dpms_off) {
+ dc->hwss.pipe_control_lock(dc, pipe_ctx, true);
if (*stream_update->dpms_off) {
core_link_disable_stream(pipe_ctx, KEEP_ACQUIRED_RESOURCE);
dc->hwss.optimize_bandwidth(dc, dc->current_state);
@@ -1684,6 +1685,7 @@ static void commit_planes_do_stream_update(struct dc *dc,
dc->hwss.prepare_bandwidth(dc, dc->current_state);
core_link_enable_stream(dc->current_state, pipe_ctx);
}
+ dc->hwss.pipe_control_lock(dc, pipe_ctx, false);
}
if (stream_update->abm_level && pipe_ctx->stream_res.abm) {
--
2.20.1
^ permalink raw reply related [flat|nested] 429+ messages in thread
* [PATCH 5.1 347/405] media: staging: davinci_vpfe: disallow building with COMPILE_TEST
2019-05-30 2:59 [PATCH 5.1 000/405] 5.1.6-stable review Greg Kroah-Hartman
` (345 preceding siblings ...)
2019-05-30 3:05 ` [PATCH 5.1 346/405] drm/amd/display: add pipe lock during stream update Greg Kroah-Hartman
@ 2019-05-30 3:05 ` Greg Kroah-Hartman
2019-05-30 3:05 ` [PATCH 5.1 348/405] drm/amd/display: Fix Divide by 0 in memory calculations Greg Kroah-Hartman
` (62 subsequent siblings)
409 siblings, 0 replies; 429+ messages in thread
From: Greg Kroah-Hartman @ 2019-05-30 3:05 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Arnd Bergmann, Hans Verkuil,
Mauro Carvalho Chehab, Sasha Levin
[ Upstream commit 49dc762cffd8305a861ca649e82dc5533b3e3344 ]
The driver should really call dm365_isif_setup_pinmux() through a callback,
but uses a hack to include a davinci specific machine header file when
compile testing instead. This works almost everywhere, but not on the
ARM omap1 platform, which has another header named mach/mux.h. This
causes a build failure:
drivers/staging/media/davinci_vpfe/dm365_isif.c:2028:2: error: implicit declaration of function 'davinci_cfg_reg' [-Werror,-Wimplicit-function-declaration]
davinci_cfg_reg(DM365_VIN_CAM_WEN);
^
drivers/staging/media/davinci_vpfe/dm365_isif.c:2028:2: error: this function declaration is not a prototype [-Werror,-Wstrict-prototypes]
drivers/staging/media/davinci_vpfe/dm365_isif.c:2028:18: error: use of undeclared identifier 'DM365_VIN_CAM_WEN'
davinci_cfg_reg(DM365_VIN_CAM_WEN);
^
drivers/staging/media/davinci_vpfe/dm365_isif.c:2029:18: error: use of undeclared identifier 'DM365_VIN_CAM_VD'
davinci_cfg_reg(DM365_VIN_CAM_VD);
^
drivers/staging/media/davinci_vpfe/dm365_isif.c:2030:18: error: use of undeclared identifier 'DM365_VIN_CAM_HD'
davinci_cfg_reg(DM365_VIN_CAM_HD);
^
drivers/staging/media/davinci_vpfe/dm365_isif.c:2031:18: error: use of undeclared identifier 'DM365_VIN_YIN4_7_EN'
davinci_cfg_reg(DM365_VIN_YIN4_7_EN);
^
drivers/staging/media/davinci_vpfe/dm365_isif.c:2032:18: error: use of undeclared identifier 'DM365_VIN_YIN0_3_EN'
davinci_cfg_reg(DM365_VIN_YIN0_3_EN);
^
7 errors generated.
Exclude omap1 from compile-testing, under the assumption that all others
still work.
Fixes: 4907c73deefe ("media: staging: davinci_vpfe: allow building with COMPILE_TEST")
Signed-off-by: Arnd Bergmann <arnd@arndb.de>
Signed-off-by: Hans Verkuil <hverkuil-cisco@xs4all.nl>
Signed-off-by: Mauro Carvalho Chehab <mchehab+samsung@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/staging/media/davinci_vpfe/Kconfig | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/staging/media/davinci_vpfe/Kconfig b/drivers/staging/media/davinci_vpfe/Kconfig
index aea449a8dbf8a..76818cc48ddcb 100644
--- a/drivers/staging/media/davinci_vpfe/Kconfig
+++ b/drivers/staging/media/davinci_vpfe/Kconfig
@@ -1,7 +1,7 @@
config VIDEO_DM365_VPFE
tristate "DM365 VPFE Media Controller Capture Driver"
depends on VIDEO_V4L2
- depends on (ARCH_DAVINCI_DM365 && !VIDEO_DM365_ISIF) || COMPILE_TEST
+ depends on (ARCH_DAVINCI_DM365 && !VIDEO_DM365_ISIF) || (COMPILE_TEST && !ARCH_OMAP1)
depends on VIDEO_V4L2_SUBDEV_API
depends on VIDEO_DAVINCI_VPBE_DISPLAY
select VIDEOBUF2_DMA_CONTIG
--
2.20.1
^ permalink raw reply related [flat|nested] 429+ messages in thread
* [PATCH 5.1 348/405] drm/amd/display: Fix Divide by 0 in memory calculations
2019-05-30 2:59 [PATCH 5.1 000/405] 5.1.6-stable review Greg Kroah-Hartman
` (346 preceding siblings ...)
2019-05-30 3:05 ` [PATCH 5.1 347/405] media: staging: davinci_vpfe: disallow building with COMPILE_TEST Greg Kroah-Hartman
@ 2019-05-30 3:05 ` Greg Kroah-Hartman
2019-05-30 3:05 ` [PATCH 5.1 349/405] drm/amd/display: Re-add custom degamma support Greg Kroah-Hartman
` (61 subsequent siblings)
409 siblings, 0 replies; 429+ messages in thread
From: Greg Kroah-Hartman @ 2019-05-30 3:05 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Murton Liu, Aric Cyr,
Bhawanpreet Lakha, Sivapiriyan Kumarasamy, Alex Deucher,
Sasha Levin
[ Upstream commit 59979bf8be1784ebfc44215031c6c88ca22ae65d ]
Check if we get any values equal to 0, and set to 1 if so.
Signed-off-by: Murton Liu <murton.liu@amd.com>
Reviewed-by: Aric Cyr <Aric.Cyr@amd.com>
Acked-by: Bhawanpreet Lakha <Bhawanpreet.Lakha@amd.com>
Acked-by: Sivapiriyan Kumarasamy <Sivapiriyan.Kumarasamy@amd.com>
Signed-off-by: Alex Deucher <alexander.deucher@amd.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
.../drm/amd/display/dc/dcn10/dcn10_dpp_dscl.c | 20 ++++++++++++++-----
1 file changed, 15 insertions(+), 5 deletions(-)
diff --git a/drivers/gpu/drm/amd/display/dc/dcn10/dcn10_dpp_dscl.c b/drivers/gpu/drm/amd/display/dc/dcn10/dcn10_dpp_dscl.c
index c7642e7482970..ce21a290bf3e4 100644
--- a/drivers/gpu/drm/amd/display/dc/dcn10/dcn10_dpp_dscl.c
+++ b/drivers/gpu/drm/amd/display/dc/dcn10/dcn10_dpp_dscl.c
@@ -406,15 +406,25 @@ void dpp1_dscl_calc_lb_num_partitions(
int *num_part_y,
int *num_part_c)
{
+ int lb_memory_size, lb_memory_size_c, lb_memory_size_a, num_partitions_a,
+ lb_bpc, memory_line_size_y, memory_line_size_c, memory_line_size_a;
+
int line_size = scl_data->viewport.width < scl_data->recout.width ?
scl_data->viewport.width : scl_data->recout.width;
int line_size_c = scl_data->viewport_c.width < scl_data->recout.width ?
scl_data->viewport_c.width : scl_data->recout.width;
- int lb_bpc = dpp1_dscl_get_lb_depth_bpc(scl_data->lb_params.depth);
- int memory_line_size_y = (line_size * lb_bpc + 71) / 72; /* +71 to ceil */
- int memory_line_size_c = (line_size_c * lb_bpc + 71) / 72; /* +71 to ceil */
- int memory_line_size_a = (line_size + 5) / 6; /* +5 to ceil */
- int lb_memory_size, lb_memory_size_c, lb_memory_size_a, num_partitions_a;
+
+ if (line_size == 0)
+ line_size = 1;
+
+ if (line_size_c == 0)
+ line_size_c = 1;
+
+
+ lb_bpc = dpp1_dscl_get_lb_depth_bpc(scl_data->lb_params.depth);
+ memory_line_size_y = (line_size * lb_bpc + 71) / 72; /* +71 to ceil */
+ memory_line_size_c = (line_size_c * lb_bpc + 71) / 72; /* +71 to ceil */
+ memory_line_size_a = (line_size + 5) / 6; /* +5 to ceil */
if (lb_config == LB_MEMORY_CONFIG_1) {
lb_memory_size = 816;
--
2.20.1
^ permalink raw reply related [flat|nested] 429+ messages in thread
* [PATCH 5.1 349/405] drm/amd/display: Re-add custom degamma support
2019-05-30 2:59 [PATCH 5.1 000/405] 5.1.6-stable review Greg Kroah-Hartman
` (347 preceding siblings ...)
2019-05-30 3:05 ` [PATCH 5.1 348/405] drm/amd/display: Fix Divide by 0 in memory calculations Greg Kroah-Hartman
@ 2019-05-30 3:05 ` Greg Kroah-Hartman
2019-05-30 3:05 ` [PATCH 5.1 350/405] drm/amd/display: half bandwidth for YCbCr420 during validation Greg Kroah-Hartman
` (60 subsequent siblings)
409 siblings, 0 replies; 429+ messages in thread
From: Greg Kroah-Hartman @ 2019-05-30 3:05 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, David Francis, Krunoslav Kovac,
Bhawanpreet Lakha, Alex Deucher, Sasha Levin
[ Upstream commit f91813992c343272813e707343b50f8d06383659 ]
[Why]
The dc_gamma_type CUSTOM_GAMMA is used to represent degamma
mappings passed in by drm. This type of gamma must be interpolated
into a transfer function by apply_1d_lut. The line in
mod_color_calculate_degamma_params that handled this case
was erroneously removed.
[How]
For CUSTOM_GAMMA degamma, calculate the lut as before.
Signed-off-by: David Francis <David.Francis@amd.com>
Reviewed-by: Krunoslav Kovac <Krunoslav.Kovac@amd.com>
Acked-by: Bhawanpreet Lakha <Bhawanpreet.Lakha@amd.com>
Signed-off-by: Alex Deucher <alexander.deucher@amd.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/gpu/drm/amd/display/modules/color/color_gamma.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/drivers/gpu/drm/amd/display/modules/color/color_gamma.c b/drivers/gpu/drm/amd/display/modules/color/color_gamma.c
index 0fbc8fbc35416..a1055413bade6 100644
--- a/drivers/gpu/drm/amd/display/modules/color/color_gamma.c
+++ b/drivers/gpu/drm/amd/display/modules/color/color_gamma.c
@@ -1854,6 +1854,8 @@ bool mod_color_calculate_degamma_params(struct dc_transfer_func *input_tf,
coordinates_x, axis_x, curve,
MAX_HW_POINTS, tf_pts,
mapUserRamp && ramp && ramp->type == GAMMA_RGB_256);
+ if (ramp->type == GAMMA_CUSTOM)
+ apply_lut_1d(ramp, MAX_HW_POINTS, tf_pts);
ret = true;
--
2.20.1
^ permalink raw reply related [flat|nested] 429+ messages in thread
* [PATCH 5.1 350/405] drm/amd/display: half bandwidth for YCbCr420 during validation
2019-05-30 2:59 [PATCH 5.1 000/405] 5.1.6-stable review Greg Kroah-Hartman
` (348 preceding siblings ...)
2019-05-30 3:05 ` [PATCH 5.1 349/405] drm/amd/display: Re-add custom degamma support Greg Kroah-Hartman
@ 2019-05-30 3:05 ` Greg Kroah-Hartman
2019-05-30 3:05 ` [PATCH 5.1 351/405] drm/amd/display: Set stream->mode_changed when connectors change Greg Kroah-Hartman
` (59 subsequent siblings)
409 siblings, 0 replies; 429+ messages in thread
From: Greg Kroah-Hartman @ 2019-05-30 3:05 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Martin Leung, Wenjing Liu,
Aidan Wood, Bhawanpreet Lakha, Alex Deucher, Sasha Levin
[ Upstream commit 162f807858d15bde60cf373a3ad46e03200ad9d8 ]
[Why]
used to be unable to run 4:2:0 if using a dongle because 4k60 bandwidth
exceeded dongle caps
[How]
half pixel clock during comparison to dongle cap. *Could get stuck on black
screen on monitor that don't support 420 but will be selecting 420 as
preferred mode*
Signed-off-by: Martin Leung <martin.leung@amd.com>
Reviewed-by: Wenjing Liu <Wenjing.Liu@amd.com>
Acked-by: Aidan Wood <Aidan.Wood@amd.com>
Acked-by: Bhawanpreet Lakha <Bhawanpreet.Lakha@amd.com>
Signed-off-by: Alex Deucher <alexander.deucher@amd.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/gpu/drm/amd/display/dc/core/dc_link.c | 33 +++++++++++--------
1 file changed, 20 insertions(+), 13 deletions(-)
diff --git a/drivers/gpu/drm/amd/display/dc/core/dc_link.c b/drivers/gpu/drm/amd/display/dc/core/dc_link.c
index ea2f271e234bd..419e8de8c0f48 100644
--- a/drivers/gpu/drm/amd/display/dc/core/dc_link.c
+++ b/drivers/gpu/drm/amd/display/dc/core/dc_link.c
@@ -2074,11 +2074,28 @@ static void disable_link(struct dc_link *link, enum signal_type signal)
}
}
+static uint32_t get_timing_pixel_clock_100hz(const struct dc_crtc_timing *timing)
+{
+
+ uint32_t pxl_clk = timing->pix_clk_100hz;
+
+ if (timing->pixel_encoding == PIXEL_ENCODING_YCBCR420)
+ pxl_clk /= 2;
+ else if (timing->pixel_encoding == PIXEL_ENCODING_YCBCR422)
+ pxl_clk = pxl_clk * 2 / 3;
+
+ if (timing->display_color_depth == COLOR_DEPTH_101010)
+ pxl_clk = pxl_clk * 10 / 8;
+ else if (timing->display_color_depth == COLOR_DEPTH_121212)
+ pxl_clk = pxl_clk * 12 / 8;
+
+ return pxl_clk;
+}
+
static bool dp_active_dongle_validate_timing(
const struct dc_crtc_timing *timing,
const struct dpcd_caps *dpcd_caps)
{
- unsigned int required_pix_clk_100hz = timing->pix_clk_100hz;
const struct dc_dongle_caps *dongle_caps = &dpcd_caps->dongle_caps;
switch (dpcd_caps->dongle_type) {
@@ -2115,13 +2132,6 @@ static bool dp_active_dongle_validate_timing(
return false;
}
-
- /* Check Color Depth and Pixel Clock */
- if (timing->pixel_encoding == PIXEL_ENCODING_YCBCR420)
- required_pix_clk_100hz /= 2;
- else if (timing->pixel_encoding == PIXEL_ENCODING_YCBCR422)
- required_pix_clk_100hz = required_pix_clk_100hz * 2 / 3;
-
switch (timing->display_color_depth) {
case COLOR_DEPTH_666:
case COLOR_DEPTH_888:
@@ -2130,14 +2140,11 @@ static bool dp_active_dongle_validate_timing(
case COLOR_DEPTH_101010:
if (dongle_caps->dp_hdmi_max_bpc < 10)
return false;
- required_pix_clk_100hz = required_pix_clk_100hz * 10 / 8;
break;
case COLOR_DEPTH_121212:
if (dongle_caps->dp_hdmi_max_bpc < 12)
return false;
- required_pix_clk_100hz = required_pix_clk_100hz * 12 / 8;
break;
-
case COLOR_DEPTH_141414:
case COLOR_DEPTH_161616:
default:
@@ -2145,7 +2152,7 @@ static bool dp_active_dongle_validate_timing(
return false;
}
- if (required_pix_clk_100hz > (dongle_caps->dp_hdmi_max_pixel_clk * 10))
+ if (get_timing_pixel_clock_100hz(timing) > (dongle_caps->dp_hdmi_max_pixel_clk * 10))
return false;
return true;
@@ -2166,7 +2173,7 @@ enum dc_status dc_link_validate_mode_timing(
return DC_OK;
/* Passive Dongle */
- if (0 != max_pix_clk && timing->pix_clk_100hz > max_pix_clk)
+ if (max_pix_clk != 0 && get_timing_pixel_clock_100hz(timing) > max_pix_clk)
return DC_EXCEED_DONGLE_CAP;
/* Active Dongle*/
--
2.20.1
^ permalink raw reply related [flat|nested] 429+ messages in thread
* [PATCH 5.1 351/405] drm/amd/display: Set stream->mode_changed when connectors change
2019-05-30 2:59 [PATCH 5.1 000/405] 5.1.6-stable review Greg Kroah-Hartman
` (349 preceding siblings ...)
2019-05-30 3:05 ` [PATCH 5.1 350/405] drm/amd/display: half bandwidth for YCbCr420 during validation Greg Kroah-Hartman
@ 2019-05-30 3:05 ` Greg Kroah-Hartman
2019-05-30 3:05 ` [PATCH 5.1 352/405] scsi: ufs: fix a missing check of devm_reset_control_get Greg Kroah-Hartman
` (58 subsequent siblings)
409 siblings, 0 replies; 429+ messages in thread
From: Greg Kroah-Hartman @ 2019-05-30 3:05 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Nicholas Kazlauskas, Sun peng Li,
Bhawanpreet Lakha, Alex Deucher, Sasha Levin
[ Upstream commit b9952f93cd2cf5fca82b06a8179c0f5f7b769e83 ]
[Why]
The kms_plane@plane-position-covered-pipe-*-planes subtests can produce
a sequence of atomic commits such that neither active_changed nor
mode_changed but connectors_changed.
When this happens we remove the old stream from the context and add
a new stream but the new stream doesn't have mode_changed=true set.
This incorrect programming sequence causes CRC mismatches to occur in
the test.
The stream->mode_changed value should be set whenever a new stream
is created.
[How]
A new stream is created whenever drm_atomic_crtc_needs_modeset is true.
We previously covered the active_changed and mode_changed conditions
for the CRTC but connectors_changed is also checked within
drm_atomic_crtc_needs_modeset.
So just use drm_atomic_crtc_needs_modeset directly to determine the
mode_changed flag.
Signed-off-by: Nicholas Kazlauskas <nicholas.kazlauskas@amd.com>
Reviewed-by: Sun peng Li <Sunpeng.Li@amd.com>
Acked-by: Bhawanpreet Lakha <Bhawanpreet.Lakha@amd.com>
Signed-off-by: Alex Deucher <alexander.deucher@amd.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c | 3 +--
1 file changed, 1 insertion(+), 2 deletions(-)
diff --git a/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c b/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c
index b14369ab151f6..0886b36c23447 100644
--- a/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c
+++ b/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c
@@ -4955,8 +4955,7 @@ static void amdgpu_dm_commit_planes(struct drm_atomic_state *state,
static void amdgpu_dm_crtc_copy_transient_flags(struct drm_crtc_state *crtc_state,
struct dc_stream_state *stream_state)
{
- stream_state->mode_changed =
- crtc_state->mode_changed || crtc_state->active_changed;
+ stream_state->mode_changed = drm_atomic_crtc_needs_modeset(crtc_state);
}
static int amdgpu_dm_atomic_commit(struct drm_device *dev,
--
2.20.1
^ permalink raw reply related [flat|nested] 429+ messages in thread
* [PATCH 5.1 352/405] scsi: ufs: fix a missing check of devm_reset_control_get
2019-05-30 2:59 [PATCH 5.1 000/405] 5.1.6-stable review Greg Kroah-Hartman
` (350 preceding siblings ...)
2019-05-30 3:05 ` [PATCH 5.1 351/405] drm/amd/display: Set stream->mode_changed when connectors change Greg Kroah-Hartman
@ 2019-05-30 3:05 ` Greg Kroah-Hartman
2019-05-30 3:05 ` [PATCH 5.1 353/405] media: vimc: stream: fix thread state before sleep Greg Kroah-Hartman
` (57 subsequent siblings)
409 siblings, 0 replies; 429+ messages in thread
From: Greg Kroah-Hartman @ 2019-05-30 3:05 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Kangjie Lu, Avri Altman,
Martin K. Petersen, Sasha Levin
[ Upstream commit 63a06181d7ce169d09843645c50fea1901bc9f0a ]
devm_reset_control_get could fail, so the fix checks its return value and
passes the error code upstream in case it fails.
Signed-off-by: Kangjie Lu <kjlu@umn.edu>
Acked-by: Avri Altman <avri.altman@wdc.com>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/scsi/ufs/ufs-hisi.c | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/drivers/scsi/ufs/ufs-hisi.c b/drivers/scsi/ufs/ufs-hisi.c
index 0e855b5afe82a..2f592df921d97 100644
--- a/drivers/scsi/ufs/ufs-hisi.c
+++ b/drivers/scsi/ufs/ufs-hisi.c
@@ -587,6 +587,10 @@ static int ufs_hisi_init_common(struct ufs_hba *hba)
ufshcd_set_variant(hba, host);
host->rst = devm_reset_control_get(dev, "rst");
+ if (IS_ERR(host->rst)) {
+ dev_err(dev, "%s: failed to get reset control\n", __func__);
+ return PTR_ERR(host->rst);
+ }
ufs_hisi_set_pm_lvl(hba);
--
2.20.1
^ permalink raw reply related [flat|nested] 429+ messages in thread
* [PATCH 5.1 353/405] media: vimc: stream: fix thread state before sleep
2019-05-30 2:59 [PATCH 5.1 000/405] 5.1.6-stable review Greg Kroah-Hartman
` (351 preceding siblings ...)
2019-05-30 3:05 ` [PATCH 5.1 352/405] scsi: ufs: fix a missing check of devm_reset_control_get Greg Kroah-Hartman
@ 2019-05-30 3:05 ` Greg Kroah-Hartman
2019-05-30 3:05 ` [PATCH 5.1 354/405] media: gspca: do not resubmit URBs when streaming has stopped Greg Kroah-Hartman
` (56 subsequent siblings)
409 siblings, 0 replies; 429+ messages in thread
From: Greg Kroah-Hartman @ 2019-05-30 3:05 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Hans Verkuil, Helen Koike,
Hans Verkuil, Mauro Carvalho Chehab, Sasha Levin
[ Upstream commit 2978a505aaa981b279ef359f74ba93d25098e0a0 ]
The state TASK_UNINTERRUPTIBLE should be set just before
schedule_timeout() call, so it knows the sleep mode it should enter.
There is no point in setting TASK_UNINTERRUPTIBLE at the initialization
of the thread as schedule_timeout() will set the state back to
TASK_RUNNING.
This fixes a warning in __might_sleep() call, as it's expecting the
task to be in TASK_RUNNING state just before changing the state to
a sleeping state.
Reported-by: Hans Verkuil <hverkuil@xs4all.nl>
Signed-off-by: Helen Koike <helen.koike@collabora.com>
Signed-off-by: Hans Verkuil <hverkuil-cisco@xs4all.nl>
Signed-off-by: Mauro Carvalho Chehab <mchehab+samsung@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/media/platform/vimc/vimc-streamer.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/media/platform/vimc/vimc-streamer.c b/drivers/media/platform/vimc/vimc-streamer.c
index fcc897fb247bc..392754c18046c 100644
--- a/drivers/media/platform/vimc/vimc-streamer.c
+++ b/drivers/media/platform/vimc/vimc-streamer.c
@@ -120,7 +120,6 @@ static int vimc_streamer_thread(void *data)
int i;
set_freezable();
- set_current_state(TASK_UNINTERRUPTIBLE);
for (;;) {
try_to_freeze();
@@ -137,6 +136,7 @@ static int vimc_streamer_thread(void *data)
break;
}
//wait for 60hz
+ set_current_state(TASK_UNINTERRUPTIBLE);
schedule_timeout(HZ / 60);
}
--
2.20.1
^ permalink raw reply related [flat|nested] 429+ messages in thread
* [PATCH 5.1 354/405] media: gspca: do not resubmit URBs when streaming has stopped
2019-05-30 2:59 [PATCH 5.1 000/405] 5.1.6-stable review Greg Kroah-Hartman
` (352 preceding siblings ...)
2019-05-30 3:05 ` [PATCH 5.1 353/405] media: vimc: stream: fix thread state before sleep Greg Kroah-Hartman
@ 2019-05-30 3:05 ` Greg Kroah-Hartman
2019-05-30 3:05 ` [PATCH 5.1 355/405] media: vicodec: avoid clang frame size warning Greg Kroah-Hartman
` (55 subsequent siblings)
409 siblings, 0 replies; 429+ messages in thread
From: Greg Kroah-Hartman @ 2019-05-30 3:05 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Hans Verkuil, Mauro Carvalho Chehab,
Sasha Levin
[ Upstream commit e6f8bd59c28f758feea403a70d6c3ef28c50959f ]
When streaming is stopped all URBs are killed, but in fill_frame and in
bulk_irq this results in an attempt to resubmit the killed URB. That is
not what you want and causes spurious kernel messages.
So check if streaming has stopped before resubmitting.
Also check against gspca_dev->streaming rather than vb2_start_streaming_called()
since vb2_start_streaming_called() will return true when in stop_streaming,
but gspca_dev->streaming is set to false when stop_streaming is called.
Fixes: 6992effe5344 ("gspca: Kill all URBs before releasing any of them")
Signed-off-by: Hans Verkuil <hverkuil-cisco@xs4all.nl>
Signed-off-by: Mauro Carvalho Chehab <mchehab+samsung@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/media/usb/gspca/gspca.c | 8 ++++++--
1 file changed, 6 insertions(+), 2 deletions(-)
diff --git a/drivers/media/usb/gspca/gspca.c b/drivers/media/usb/gspca/gspca.c
index 128935f2a217e..4d7517411cc2d 100644
--- a/drivers/media/usb/gspca/gspca.c
+++ b/drivers/media/usb/gspca/gspca.c
@@ -314,6 +314,8 @@ static void fill_frame(struct gspca_dev *gspca_dev,
}
resubmit:
+ if (!gspca_dev->streaming)
+ return;
/* resubmit the URB */
st = usb_submit_urb(urb, GFP_ATOMIC);
if (st < 0)
@@ -330,7 +332,7 @@ static void isoc_irq(struct urb *urb)
struct gspca_dev *gspca_dev = (struct gspca_dev *) urb->context;
gspca_dbg(gspca_dev, D_PACK, "isoc irq\n");
- if (!vb2_start_streaming_called(&gspca_dev->queue))
+ if (!gspca_dev->streaming)
return;
fill_frame(gspca_dev, urb);
}
@@ -344,7 +346,7 @@ static void bulk_irq(struct urb *urb)
int st;
gspca_dbg(gspca_dev, D_PACK, "bulk irq\n");
- if (!vb2_start_streaming_called(&gspca_dev->queue))
+ if (!gspca_dev->streaming)
return;
switch (urb->status) {
case 0:
@@ -367,6 +369,8 @@ static void bulk_irq(struct urb *urb)
urb->actual_length);
resubmit:
+ if (!gspca_dev->streaming)
+ return;
/* resubmit the URB */
if (gspca_dev->cam.bulk_nurbs != 0) {
st = usb_submit_urb(urb, GFP_ATOMIC);
--
2.20.1
^ permalink raw reply related [flat|nested] 429+ messages in thread
* [PATCH 5.1 355/405] media: vicodec: avoid clang frame size warning
2019-05-30 2:59 [PATCH 5.1 000/405] 5.1.6-stable review Greg Kroah-Hartman
` (353 preceding siblings ...)
2019-05-30 3:05 ` [PATCH 5.1 354/405] media: gspca: do not resubmit URBs when streaming has stopped Greg Kroah-Hartman
@ 2019-05-30 3:05 ` Greg Kroah-Hartman
2019-05-30 3:05 ` [PATCH 5.1 356/405] media: go7007: avoid clang frame overflow warning with KASAN Greg Kroah-Hartman
` (54 subsequent siblings)
409 siblings, 0 replies; 429+ messages in thread
From: Greg Kroah-Hartman @ 2019-05-30 3:05 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Arnd Bergmann, Hans Verkuil,
Mauro Carvalho Chehab, Sasha Levin
[ Upstream commit e855165f3dae6f71da859a5f00b85d5368641d61 ]
Clang-9 makes some different inlining decisions compared to gcc, which
leads to a warning about a possible stack overflow problem when building
with CONFIG_KASAN, including when setting asan-stack=0, which avoids
most other frame overflow warnings:
drivers/media/platform/vicodec/codec-fwht.c:673:12: error: stack frame size of 2224 bytes in function 'encode_plane'
Manually adding noinline_for_stack annotations in those functions
called by encode_plane() or decode_plane() that require a significant
amount of kernel stack makes this impossible to happen with any
compiler.
Signed-off-by: Arnd Bergmann <arnd@arndb.de>
Signed-off-by: Hans Verkuil <hverkuil-cisco@xs4all.nl>
Signed-off-by: Mauro Carvalho Chehab <mchehab+samsung@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/media/platform/vicodec/codec-fwht.c | 29 +++++++++++++--------
1 file changed, 18 insertions(+), 11 deletions(-)
diff --git a/drivers/media/platform/vicodec/codec-fwht.c b/drivers/media/platform/vicodec/codec-fwht.c
index d1d6085da9f1d..cf469a1191aa7 100644
--- a/drivers/media/platform/vicodec/codec-fwht.c
+++ b/drivers/media/platform/vicodec/codec-fwht.c
@@ -46,8 +46,12 @@ static const uint8_t zigzag[64] = {
63,
};
-
-static int rlc(const s16 *in, __be16 *output, int blocktype)
+/*
+ * noinline_for_stack to work around
+ * https://bugs.llvm.org/show_bug.cgi?id=38809
+ */
+static int noinline_for_stack
+rlc(const s16 *in, __be16 *output, int blocktype)
{
s16 block[8 * 8];
s16 *wp = block;
@@ -106,8 +110,8 @@ static int rlc(const s16 *in, __be16 *output, int blocktype)
* This function will worst-case increase rlc_in by 65*2 bytes:
* one s16 value for the header and 8 * 8 coefficients of type s16.
*/
-static u16 derlc(const __be16 **rlc_in, s16 *dwht_out,
- const __be16 *end_of_input)
+static noinline_for_stack u16
+derlc(const __be16 **rlc_in, s16 *dwht_out, const __be16 *end_of_input)
{
/* header */
const __be16 *input = *rlc_in;
@@ -240,8 +244,9 @@ static void dequantize_inter(s16 *coeff)
*coeff <<= *quant;
}
-static void fwht(const u8 *block, s16 *output_block, unsigned int stride,
- unsigned int input_step, bool intra)
+static void noinline_for_stack fwht(const u8 *block, s16 *output_block,
+ unsigned int stride,
+ unsigned int input_step, bool intra)
{
/* we'll need more than 8 bits for the transformed coefficients */
s32 workspace1[8], workspace2[8];
@@ -373,7 +378,8 @@ static void fwht(const u8 *block, s16 *output_block, unsigned int stride,
* Furthermore values can be negative... This is just a version that
* works with 16 signed data
*/
-static void fwht16(const s16 *block, s16 *output_block, int stride, int intra)
+static void noinline_for_stack
+fwht16(const s16 *block, s16 *output_block, int stride, int intra)
{
/* we'll need more than 8 bits for the transformed coefficients */
s32 workspace1[8], workspace2[8];
@@ -456,7 +462,8 @@ static void fwht16(const s16 *block, s16 *output_block, int stride, int intra)
}
}
-static void ifwht(const s16 *block, s16 *output_block, int intra)
+static noinline_for_stack void
+ifwht(const s16 *block, s16 *output_block, int intra)
{
/*
* we'll need more than 8 bits for the transformed coefficients
@@ -604,9 +611,9 @@ static int var_inter(const s16 *old, const s16 *new)
return ret;
}
-static int decide_blocktype(const u8 *cur, const u8 *reference,
- s16 *deltablock, unsigned int stride,
- unsigned int input_step)
+static noinline_for_stack int
+decide_blocktype(const u8 *cur, const u8 *reference, s16 *deltablock,
+ unsigned int stride, unsigned int input_step)
{
s16 tmp[64];
s16 old[64];
--
2.20.1
^ permalink raw reply related [flat|nested] 429+ messages in thread
* [PATCH 5.1 356/405] media: go7007: avoid clang frame overflow warning with KASAN
2019-05-30 2:59 [PATCH 5.1 000/405] 5.1.6-stable review Greg Kroah-Hartman
` (354 preceding siblings ...)
2019-05-30 3:05 ` [PATCH 5.1 355/405] media: vicodec: avoid clang frame size warning Greg Kroah-Hartman
@ 2019-05-30 3:05 ` Greg Kroah-Hartman
2019-05-30 3:05 ` [PATCH 5.1 357/405] media: mtk-vcodec: fix access to vb2_v4l2_buffer struct Greg Kroah-Hartman
` (53 subsequent siblings)
409 siblings, 0 replies; 429+ messages in thread
From: Greg Kroah-Hartman @ 2019-05-30 3:05 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Arnd Bergmann, Hans Verkuil,
Mauro Carvalho Chehab, Sasha Levin
[ Upstream commit ed713a4a1367aca5c0f2f329579465db00c17995 ]
clang-8 warns about one function here when KASAN is enabled, even
without the 'asan-stack' option:
drivers/media/usb/go7007/go7007-fw.c:1551:5: warning: stack frame size of 2656 bytes in function
I have reported this issue in the llvm bugzilla, but to make
it work with the clang-8 release, a small annotation is still
needed.
Link: https://bugs.llvm.org/show_bug.cgi?id=38809
Signed-off-by: Arnd Bergmann <arnd@arndb.de>
Signed-off-by: Hans Verkuil <hverkuil-cisco@xs4all.nl>
[hverkuil-cisco@xs4all.nl: fix checkpatch warning]
Signed-off-by: Mauro Carvalho Chehab <mchehab+samsung@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/media/usb/go7007/go7007-fw.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/drivers/media/usb/go7007/go7007-fw.c b/drivers/media/usb/go7007/go7007-fw.c
index 24f5b615dc7af..dfa9f899d0c25 100644
--- a/drivers/media/usb/go7007/go7007-fw.c
+++ b/drivers/media/usb/go7007/go7007-fw.c
@@ -1499,8 +1499,8 @@ static int modet_to_package(struct go7007 *go, __le16 *code, int space)
return cnt;
}
-static int do_special(struct go7007 *go, u16 type, __le16 *code, int space,
- int *framelen)
+static noinline_for_stack int do_special(struct go7007 *go, u16 type,
+ __le16 *code, int space, int *framelen)
{
switch (type) {
case SPECIAL_FRM_HEAD:
--
2.20.1
^ permalink raw reply related [flat|nested] 429+ messages in thread
* [PATCH 5.1 357/405] media: mtk-vcodec: fix access to vb2_v4l2_buffer struct
2019-05-30 2:59 [PATCH 5.1 000/405] 5.1.6-stable review Greg Kroah-Hartman
` (355 preceding siblings ...)
2019-05-30 3:05 ` [PATCH 5.1 356/405] media: go7007: avoid clang frame overflow warning with KASAN Greg Kroah-Hartman
@ 2019-05-30 3:05 ` Greg Kroah-Hartman
2019-05-30 3:05 ` [PATCH 5.1 358/405] media: imx: vdic: Restore default case to prepare_vdi_in_buffers() Greg Kroah-Hartman
` (52 subsequent siblings)
409 siblings, 0 replies; 429+ messages in thread
From: Greg Kroah-Hartman @ 2019-05-30 3:05 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Alexandre Courbot, Hans Verkuil,
Mauro Carvalho Chehab, Sasha Levin
[ Upstream commit 3235d3946429f64b19addfd89fc926a36eaec06a ]
Commit 0650a91499e0 ("media: mtk-vcodec: Correct return type for mem2mem
buffer helpers") fixed the return types for mem2mem buffer helper
functions, but omitted two occurrences that are accessed in the
mtk_v4l2_debug() macro. These only trigger compiler errors when DEBUG is
defined.
Fixes: 0650a91499e0 ("media: mtk-vcodec: Correct return type for mem2mem buffer helpers")
Signed-off-by: Alexandre Courbot <acourbot@chromium.org>
Signed-off-by: Hans Verkuil <hverkuil-cisco@xs4all.nl>
Signed-off-by: Mauro Carvalho Chehab <mchehab+samsung@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/media/platform/mtk-vcodec/mtk_vcodec_dec.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/drivers/media/platform/mtk-vcodec/mtk_vcodec_dec.c b/drivers/media/platform/mtk-vcodec/mtk_vcodec_dec.c
index 49babf994cb75..e20b340855e76 100644
--- a/drivers/media/platform/mtk-vcodec/mtk_vcodec_dec.c
+++ b/drivers/media/platform/mtk-vcodec/mtk_vcodec_dec.c
@@ -1158,7 +1158,7 @@ static void vb2ops_vdec_buf_queue(struct vb2_buffer *vb)
src_mem.size = (size_t)src_buf->vb2_buf.planes[0].bytesused;
mtk_v4l2_debug(2,
"[%d] buf id=%d va=%p dma=%pad size=%zx",
- ctx->id, src_buf->index,
+ ctx->id, src_buf->vb2_buf.index,
src_mem.va, &src_mem.dma_addr,
src_mem.size);
@@ -1182,7 +1182,7 @@ static void vb2ops_vdec_buf_queue(struct vb2_buffer *vb)
}
mtk_v4l2_debug(ret ? 0 : 1,
"[%d] vdec_if_decode() src_buf=%d, size=%zu, fail=%d, res_chg=%d",
- ctx->id, src_buf->index,
+ ctx->id, src_buf->vb2_buf.index,
src_mem.size, ret, res_chg);
return;
}
--
2.20.1
^ permalink raw reply related [flat|nested] 429+ messages in thread
* [PATCH 5.1 358/405] media: imx: vdic: Restore default case to prepare_vdi_in_buffers()
2019-05-30 2:59 [PATCH 5.1 000/405] 5.1.6-stable review Greg Kroah-Hartman
` (356 preceding siblings ...)
2019-05-30 3:05 ` [PATCH 5.1 357/405] media: mtk-vcodec: fix access to vb2_v4l2_buffer struct Greg Kroah-Hartman
@ 2019-05-30 3:05 ` Greg Kroah-Hartman
2019-05-30 3:05 ` [PATCH 5.1 359/405] media: vimc: zero the media_device on probe Greg Kroah-Hartman
` (51 subsequent siblings)
409 siblings, 0 replies; 429+ messages in thread
From: Greg Kroah-Hartman @ 2019-05-30 3:05 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Hans Verkuil, Steve Longerbeam,
Hans Verkuil, Mauro Carvalho Chehab, Sasha Levin
[ Upstream commit ce3c2433b074eb9d569a0f63a15d6fd5dbc87f02 ]
Restore a default case to prepare_vdi_in_buffers() to fix the following
smatch errors:
drivers/staging/media/imx/imx-media-vdic.c:236 prepare_vdi_in_buffers() error: uninitialized symbol 'prev_phys'.
drivers/staging/media/imx/imx-media-vdic.c:237 prepare_vdi_in_buffers() error: uninitialized symbol 'curr_phys'.
drivers/staging/media/imx/imx-media-vdic.c:238 prepare_vdi_in_buffers() error: uninitialized symbol 'next_phys'.
Fixes: 6e537b58de772 ("media: imx: vdic: rely on VDIC for correct field order")
Reported-by: Hans Verkuil <hverkuil@xs4all.nl>
Signed-off-by: Steve Longerbeam <slongerbeam@gmail.com>
Signed-off-by: Hans Verkuil <hverkuil-cisco@xs4all.nl>
Signed-off-by: Mauro Carvalho Chehab <mchehab+samsung@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/staging/media/imx/imx-media-vdic.c | 6 ++++++
1 file changed, 6 insertions(+)
diff --git a/drivers/staging/media/imx/imx-media-vdic.c b/drivers/staging/media/imx/imx-media-vdic.c
index 8a9af4688fd41..8cdd3daa6c5f0 100644
--- a/drivers/staging/media/imx/imx-media-vdic.c
+++ b/drivers/staging/media/imx/imx-media-vdic.c
@@ -231,6 +231,12 @@ static void __maybe_unused prepare_vdi_in_buffers(struct vdic_priv *priv,
curr_phys = vb2_dma_contig_plane_dma_addr(curr_vb, 0);
next_phys = vb2_dma_contig_plane_dma_addr(curr_vb, 0) + is;
break;
+ default:
+ /*
+ * can't get here, priv->fieldtype can only be one of
+ * the above. This is to quiet smatch errors.
+ */
+ return;
}
ipu_cpmem_set_buffer(priv->vdi_in_ch_p, 0, prev_phys);
--
2.20.1
^ permalink raw reply related [flat|nested] 429+ messages in thread
* [PATCH 5.1 359/405] media: vimc: zero the media_device on probe
2019-05-30 2:59 [PATCH 5.1 000/405] 5.1.6-stable review Greg Kroah-Hartman
` (357 preceding siblings ...)
2019-05-30 3:05 ` [PATCH 5.1 358/405] media: imx: vdic: Restore default case to prepare_vdi_in_buffers() Greg Kroah-Hartman
@ 2019-05-30 3:05 ` Greg Kroah-Hartman
2019-05-30 3:05 ` [PATCH 5.1 360/405] media: vim2m: replace devm_kzalloc by kzalloc Greg Kroah-Hartman
` (50 subsequent siblings)
409 siblings, 0 replies; 429+ messages in thread
From: Greg Kroah-Hartman @ 2019-05-30 3:05 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Hans Verkuil, Laurent Pinchart,
Mauro Carvalho Chehab, Sasha Levin
[ Upstream commit f74267b51cb36321f777807b2e04ca02167ecc08 ]
The media_device is part of a static global vimc_device struct.
The media framework expects this to be zeroed before it is
used, however, since this is a global this is not the case if
vimc is unbound and then bound again.
So call memset to ensure any left-over values are cleared.
Signed-off-by: Hans Verkuil <hverkuil-cisco@xs4all.nl>
Reviewed-by: Laurent Pinchart <laurent.pinchart@ideasonboard.com>
Signed-off-by: Mauro Carvalho Chehab <mchehab+samsung@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/media/platform/vimc/vimc-core.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/drivers/media/platform/vimc/vimc-core.c b/drivers/media/platform/vimc/vimc-core.c
index 0fbb7914098f6..3aa62d7e3d0e0 100644
--- a/drivers/media/platform/vimc/vimc-core.c
+++ b/drivers/media/platform/vimc/vimc-core.c
@@ -304,6 +304,8 @@ static int vimc_probe(struct platform_device *pdev)
dev_dbg(&pdev->dev, "probe");
+ memset(&vimc->mdev, 0, sizeof(vimc->mdev));
+
/* Create platform_device for each entity in the topology*/
vimc->subdevs = devm_kcalloc(&vimc->pdev.dev, vimc->pipe_cfg->num_ents,
sizeof(*vimc->subdevs), GFP_KERNEL);
--
2.20.1
^ permalink raw reply related [flat|nested] 429+ messages in thread
* [PATCH 5.1 360/405] media: vim2m: replace devm_kzalloc by kzalloc
2019-05-30 2:59 [PATCH 5.1 000/405] 5.1.6-stable review Greg Kroah-Hartman
` (358 preceding siblings ...)
2019-05-30 3:05 ` [PATCH 5.1 359/405] media: vimc: zero the media_device on probe Greg Kroah-Hartman
@ 2019-05-30 3:05 ` Greg Kroah-Hartman
2019-05-30 3:05 ` [PATCH 5.1 361/405] media: cedrus: Add a quirk for not setting DMA offset Greg Kroah-Hartman
` (49 subsequent siblings)
409 siblings, 0 replies; 429+ messages in thread
From: Greg Kroah-Hartman @ 2019-05-30 3:05 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Hans Verkuil, Laurent Pinchart,
Mauro Carvalho Chehab, Sasha Levin
[ Upstream commit ea6c7e34f3b28e165988aa7391310752969842e8 ]
It is not possible to use devm_kzalloc since that memory is
freed immediately when the device instance is unbound.
Various objects like the video device may still be in use
since someone has the device node open, and when that is closed
it expects the memory to be around.
So use kzalloc and release it at the appropriate time.
Signed-off-by: Hans Verkuil <hverkuil-cisco@xs4all.nl>
Reviewed-by: Laurent Pinchart <laurent.pinchart@ideasonboard.com>
Signed-off-by: Mauro Carvalho Chehab <mchehab+samsung@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/media/platform/vim2m.c | 35 +++++++++++++++++++++-------------
1 file changed, 22 insertions(+), 13 deletions(-)
diff --git a/drivers/media/platform/vim2m.c b/drivers/media/platform/vim2m.c
index 34dcaca45d8bb..dd47821fc661d 100644
--- a/drivers/media/platform/vim2m.c
+++ b/drivers/media/platform/vim2m.c
@@ -1262,6 +1262,15 @@ static int vim2m_release(struct file *file)
return 0;
}
+static void vim2m_device_release(struct video_device *vdev)
+{
+ struct vim2m_dev *dev = container_of(vdev, struct vim2m_dev, vfd);
+
+ v4l2_device_unregister(&dev->v4l2_dev);
+ v4l2_m2m_release(dev->m2m_dev);
+ kfree(dev);
+}
+
static const struct v4l2_file_operations vim2m_fops = {
.owner = THIS_MODULE,
.open = vim2m_open,
@@ -1277,7 +1286,7 @@ static const struct video_device vim2m_videodev = {
.fops = &vim2m_fops,
.ioctl_ops = &vim2m_ioctl_ops,
.minor = -1,
- .release = video_device_release_empty,
+ .release = vim2m_device_release,
.device_caps = V4L2_CAP_VIDEO_M2M | V4L2_CAP_STREAMING,
};
@@ -1298,13 +1307,13 @@ static int vim2m_probe(struct platform_device *pdev)
struct video_device *vfd;
int ret;
- dev = devm_kzalloc(&pdev->dev, sizeof(*dev), GFP_KERNEL);
+ dev = kzalloc(sizeof(*dev), GFP_KERNEL);
if (!dev)
return -ENOMEM;
ret = v4l2_device_register(&pdev->dev, &dev->v4l2_dev);
if (ret)
- return ret;
+ goto error_free;
atomic_set(&dev->num_inst, 0);
mutex_init(&dev->dev_mutex);
@@ -1317,7 +1326,7 @@ static int vim2m_probe(struct platform_device *pdev)
ret = video_register_device(vfd, VFL_TYPE_GRABBER, 0);
if (ret) {
v4l2_err(&dev->v4l2_dev, "Failed to register video device\n");
- goto unreg_v4l2;
+ goto error_v4l2;
}
video_set_drvdata(vfd, dev);
@@ -1330,7 +1339,7 @@ static int vim2m_probe(struct platform_device *pdev)
if (IS_ERR(dev->m2m_dev)) {
v4l2_err(&dev->v4l2_dev, "Failed to init mem2mem device\n");
ret = PTR_ERR(dev->m2m_dev);
- goto unreg_dev;
+ goto error_dev;
}
#ifdef CONFIG_MEDIA_CONTROLLER
@@ -1346,27 +1355,29 @@ static int vim2m_probe(struct platform_device *pdev)
MEDIA_ENT_F_PROC_VIDEO_SCALER);
if (ret) {
v4l2_err(&dev->v4l2_dev, "Failed to init mem2mem media controller\n");
- goto unreg_m2m;
+ goto error_m2m;
}
ret = media_device_register(&dev->mdev);
if (ret) {
v4l2_err(&dev->v4l2_dev, "Failed to register mem2mem media device\n");
- goto unreg_m2m_mc;
+ goto error_m2m_mc;
}
#endif
return 0;
#ifdef CONFIG_MEDIA_CONTROLLER
-unreg_m2m_mc:
+error_m2m_mc:
v4l2_m2m_unregister_media_controller(dev->m2m_dev);
-unreg_m2m:
+error_m2m:
v4l2_m2m_release(dev->m2m_dev);
#endif
-unreg_dev:
+error_dev:
video_unregister_device(&dev->vfd);
-unreg_v4l2:
+error_v4l2:
v4l2_device_unregister(&dev->v4l2_dev);
+error_free:
+ kfree(dev);
return ret;
}
@@ -1382,9 +1393,7 @@ static int vim2m_remove(struct platform_device *pdev)
v4l2_m2m_unregister_media_controller(dev->m2m_dev);
media_device_cleanup(&dev->mdev);
#endif
- v4l2_m2m_release(dev->m2m_dev);
video_unregister_device(&dev->vfd);
- v4l2_device_unregister(&dev->v4l2_dev);
return 0;
}
--
2.20.1
^ permalink raw reply related [flat|nested] 429+ messages in thread
* [PATCH 5.1 361/405] media: cedrus: Add a quirk for not setting DMA offset
2019-05-30 2:59 [PATCH 5.1 000/405] 5.1.6-stable review Greg Kroah-Hartman
` (359 preceding siblings ...)
2019-05-30 3:05 ` [PATCH 5.1 360/405] media: vim2m: replace devm_kzalloc by kzalloc Greg Kroah-Hartman
@ 2019-05-30 3:05 ` Greg Kroah-Hartman
2019-05-30 3:06 ` [PATCH 5.1 362/405] scsi: lpfc: Fix FDMI manufacturer attribute value Greg Kroah-Hartman
` (48 subsequent siblings)
409 siblings, 0 replies; 429+ messages in thread
From: Greg Kroah-Hartman @ 2019-05-30 3:05 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Jernej Skrabec, Maxime Ripard,
Hans Verkuil, Mauro Carvalho Chehab, Sasha Levin
[ Upstream commit 70a4f5cda82f7197c350099b66fd23506620810e ]
H6 VPU doesn't work if DMA offset is set.
Add a quirk for it.
Signed-off-by: Jernej Skrabec <jernej.skrabec@siol.net>
Acked-by: Maxime Ripard <maxime.ripard@bootlin.com>
Signed-off-by: Hans Verkuil <hverkuil-cisco@xs4all.nl>
Signed-off-by: Mauro Carvalho Chehab <mchehab+samsung@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/staging/media/sunxi/cedrus/cedrus.h | 3 +++
drivers/staging/media/sunxi/cedrus/cedrus_hw.c | 3 ++-
2 files changed, 5 insertions(+), 1 deletion(-)
diff --git a/drivers/staging/media/sunxi/cedrus/cedrus.h b/drivers/staging/media/sunxi/cedrus/cedrus.h
index 4aedd24a98480..c57c04b41d2e8 100644
--- a/drivers/staging/media/sunxi/cedrus/cedrus.h
+++ b/drivers/staging/media/sunxi/cedrus/cedrus.h
@@ -28,6 +28,8 @@
#define CEDRUS_CAPABILITY_UNTILED BIT(0)
+#define CEDRUS_QUIRK_NO_DMA_OFFSET BIT(0)
+
enum cedrus_codec {
CEDRUS_CODEC_MPEG2,
@@ -91,6 +93,7 @@ struct cedrus_dec_ops {
struct cedrus_variant {
unsigned int capabilities;
+ unsigned int quirks;
};
struct cedrus_dev {
diff --git a/drivers/staging/media/sunxi/cedrus/cedrus_hw.c b/drivers/staging/media/sunxi/cedrus/cedrus_hw.c
index 0acf219a8c918..fbfff7c1c771f 100644
--- a/drivers/staging/media/sunxi/cedrus/cedrus_hw.c
+++ b/drivers/staging/media/sunxi/cedrus/cedrus_hw.c
@@ -177,7 +177,8 @@ int cedrus_hw_probe(struct cedrus_dev *dev)
*/
#ifdef PHYS_PFN_OFFSET
- dev->dev->dma_pfn_offset = PHYS_PFN_OFFSET;
+ if (!(variant->quirks & CEDRUS_QUIRK_NO_DMA_OFFSET))
+ dev->dev->dma_pfn_offset = PHYS_PFN_OFFSET;
#endif
ret = of_reserved_mem_device_init(dev->dev);
--
2.20.1
^ permalink raw reply related [flat|nested] 429+ messages in thread
* [PATCH 5.1 362/405] scsi: lpfc: Fix FDMI manufacturer attribute value
2019-05-30 2:59 [PATCH 5.1 000/405] 5.1.6-stable review Greg Kroah-Hartman
` (360 preceding siblings ...)
2019-05-30 3:05 ` [PATCH 5.1 361/405] media: cedrus: Add a quirk for not setting DMA offset Greg Kroah-Hartman
@ 2019-05-30 3:06 ` Greg Kroah-Hartman
2019-05-30 3:06 ` [PATCH 5.1 363/405] scsi: lpfc: Fix fc4type information for FDMI Greg Kroah-Hartman
` (47 subsequent siblings)
409 siblings, 0 replies; 429+ messages in thread
From: Greg Kroah-Hartman @ 2019-05-30 3:06 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Dick Kennedy, James Smart,
Martin K. Petersen, Sasha Levin
[ Upstream commit d67f935b79a76ac9d86dde1a27bdd413feb5d987 ]
The FDMI manufacturer value being reported on Linux is inconsistent with
other OS's.
Set the value to "Emulex Corporation" for consistency.
Signed-off-by: Dick Kennedy <dick.kennedy@broadcom.com>
Signed-off-by: James Smart <jsmart2021@gmail.com>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/scsi/lpfc/lpfc_ct.c | 5 ++++-
1 file changed, 4 insertions(+), 1 deletion(-)
diff --git a/drivers/scsi/lpfc/lpfc_ct.c b/drivers/scsi/lpfc/lpfc_ct.c
index 2e3949c6cd071..2e0ba206c084c 100644
--- a/drivers/scsi/lpfc/lpfc_ct.c
+++ b/drivers/scsi/lpfc/lpfc_ct.c
@@ -2005,8 +2005,11 @@ lpfc_fdmi_hba_attr_manufacturer(struct lpfc_vport *vport,
ae = (struct lpfc_fdmi_attr_entry *)&ad->AttrValue;
memset(ae, 0, 256);
+ /* This string MUST be consistent with other FC platforms
+ * supported by Broadcom.
+ */
strncpy(ae->un.AttrString,
- "Broadcom Inc.",
+ "Emulex Corporation",
sizeof(ae->un.AttrString));
len = strnlen(ae->un.AttrString,
sizeof(ae->un.AttrString));
--
2.20.1
^ permalink raw reply related [flat|nested] 429+ messages in thread
* [PATCH 5.1 363/405] scsi: lpfc: Fix fc4type information for FDMI
2019-05-30 2:59 [PATCH 5.1 000/405] 5.1.6-stable review Greg Kroah-Hartman
` (361 preceding siblings ...)
2019-05-30 3:06 ` [PATCH 5.1 362/405] scsi: lpfc: Fix FDMI manufacturer attribute value Greg Kroah-Hartman
@ 2019-05-30 3:06 ` Greg Kroah-Hartman
2019-05-30 3:06 ` [PATCH 5.1 364/405] scsi: lpfc: Fix io lost on host resets Greg Kroah-Hartman
` (46 subsequent siblings)
409 siblings, 0 replies; 429+ messages in thread
From: Greg Kroah-Hartman @ 2019-05-30 3:06 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Dick Kennedy, James Smart,
Martin K. Petersen, Sasha Levin
[ Upstream commit 32a80c093b524a0682f1c6166c910387b116ffce ]
The driver is reporting support for NVME even when not configured for NVME
operation.
Fix (and make more readable) when NVME protocol support is indicated.
Signed-off-by: Dick Kennedy <dick.kennedy@broadcom.com>
Signed-off-by: James Smart <jsmart2021@gmail.com>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/scsi/lpfc/lpfc_ct.c | 17 ++++++++++-------
1 file changed, 10 insertions(+), 7 deletions(-)
diff --git a/drivers/scsi/lpfc/lpfc_ct.c b/drivers/scsi/lpfc/lpfc_ct.c
index 2e0ba206c084c..25553e7ba85c8 100644
--- a/drivers/scsi/lpfc/lpfc_ct.c
+++ b/drivers/scsi/lpfc/lpfc_ct.c
@@ -2363,10 +2363,11 @@ lpfc_fdmi_port_attr_fc4type(struct lpfc_vport *vport,
ae = (struct lpfc_fdmi_attr_entry *)&ad->AttrValue;
memset(ae, 0, 32);
- ae->un.AttrTypes[3] = 0x02; /* Type 1 - ELS */
- ae->un.AttrTypes[2] = 0x01; /* Type 8 - FCP */
- ae->un.AttrTypes[6] = 0x01; /* Type 40 - NVME */
- ae->un.AttrTypes[7] = 0x01; /* Type 32 - CT */
+ ae->un.AttrTypes[3] = 0x02; /* Type 0x1 - ELS */
+ ae->un.AttrTypes[2] = 0x01; /* Type 0x8 - FCP */
+ if (vport->nvmei_support || vport->phba->nvmet_support)
+ ae->un.AttrTypes[6] = 0x01; /* Type 0x28 - NVME */
+ ae->un.AttrTypes[7] = 0x01; /* Type 0x20 - CT */
size = FOURBYTES + 32;
ad->AttrLen = cpu_to_be16(size);
ad->AttrType = cpu_to_be16(RPRT_SUPPORTED_FC4_TYPES);
@@ -2676,9 +2677,11 @@ lpfc_fdmi_port_attr_active_fc4type(struct lpfc_vport *vport,
ae = (struct lpfc_fdmi_attr_entry *)&ad->AttrValue;
memset(ae, 0, 32);
- ae->un.AttrTypes[3] = 0x02; /* Type 1 - ELS */
- ae->un.AttrTypes[2] = 0x01; /* Type 8 - FCP */
- ae->un.AttrTypes[7] = 0x01; /* Type 32 - CT */
+ ae->un.AttrTypes[3] = 0x02; /* Type 0x1 - ELS */
+ ae->un.AttrTypes[2] = 0x01; /* Type 0x8 - FCP */
+ if (vport->phba->cfg_enable_fc4_type & LPFC_ENABLE_NVME)
+ ae->un.AttrTypes[6] = 0x1; /* Type 0x28 - NVME */
+ ae->un.AttrTypes[7] = 0x01; /* Type 0x20 - CT */
size = FOURBYTES + 32;
ad->AttrLen = cpu_to_be16(size);
ad->AttrType = cpu_to_be16(RPRT_ACTIVE_FC4_TYPES);
--
2.20.1
^ permalink raw reply related [flat|nested] 429+ messages in thread
* [PATCH 5.1 364/405] scsi: lpfc: Fix io lost on host resets
2019-05-30 2:59 [PATCH 5.1 000/405] 5.1.6-stable review Greg Kroah-Hartman
` (362 preceding siblings ...)
2019-05-30 3:06 ` [PATCH 5.1 363/405] scsi: lpfc: Fix fc4type information for FDMI Greg Kroah-Hartman
@ 2019-05-30 3:06 ` Greg Kroah-Hartman
2019-05-30 3:06 ` [PATCH 5.1 365/405] media: saa7146: avoid high stack usage with clang Greg Kroah-Hartman
` (45 subsequent siblings)
409 siblings, 0 replies; 429+ messages in thread
From: Greg Kroah-Hartman @ 2019-05-30 3:06 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Dick Kennedy, James Smart,
Martin K. Petersen, Sasha Levin
[ Upstream commit c66a91974634bfdf9d8e8736219d3b27621fa704 ]
If the driver undergoes repeated host resets it starts losing exchange
structures and eventually returns SCSI_MLQUEUE_HOST_BUSY and does not
recover. The offline path is not reclaiming the outstanding ios on the fcp
pring txcmplq before calling lpfc_destroy_multixripool, which causes the
txmcplq to be reinit and the resources lost.
Flush the fcp rings before destroying the multixripools.
Signed-off-by: Dick Kennedy <dick.kennedy@broadcom.com>
Signed-off-by: James Smart <jsmart2021@gmail.com>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/scsi/lpfc/lpfc_init.c | 7 +++++++
1 file changed, 7 insertions(+)
diff --git a/drivers/scsi/lpfc/lpfc_init.c b/drivers/scsi/lpfc/lpfc_init.c
index 7fcdaed3fa945..89a0c2bdb6a15 100644
--- a/drivers/scsi/lpfc/lpfc_init.c
+++ b/drivers/scsi/lpfc/lpfc_init.c
@@ -3245,6 +3245,13 @@ void lpfc_destroy_multixri_pools(struct lpfc_hba *phba)
if (phba->cfg_enable_fc4_type & LPFC_ENABLE_NVME)
lpfc_destroy_expedite_pool(phba);
+ if (!(phba->pport->load_flag & FC_UNLOADING)) {
+ lpfc_sli_flush_fcp_rings(phba);
+
+ if (phba->cfg_enable_fc4_type & LPFC_ENABLE_NVME)
+ lpfc_sli_flush_nvme_rings(phba);
+ }
+
hwq_count = phba->cfg_hdw_queue;
for (i = 0; i < hwq_count; i++) {
--
2.20.1
^ permalink raw reply related [flat|nested] 429+ messages in thread
* [PATCH 5.1 365/405] media: saa7146: avoid high stack usage with clang
2019-05-30 2:59 [PATCH 5.1 000/405] 5.1.6-stable review Greg Kroah-Hartman
` (363 preceding siblings ...)
2019-05-30 3:06 ` [PATCH 5.1 364/405] scsi: lpfc: Fix io lost on host resets Greg Kroah-Hartman
@ 2019-05-30 3:06 ` Greg Kroah-Hartman
2019-05-30 3:06 ` [PATCH 5.1 366/405] scsi: lpfc: Fix SLI3 commands being issued on SLI4 devices Greg Kroah-Hartman
` (44 subsequent siblings)
409 siblings, 0 replies; 429+ messages in thread
From: Greg Kroah-Hartman @ 2019-05-30 3:06 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Arnd Bergmann, Nick Desaulniers,
Hans Verkuil, Mauro Carvalho Chehab, Sasha Levin
[ Upstream commit 03aa4f191a36f33fce015387f84efa0eee94408e ]
Two saa7146/hexium files contain a construct that causes a warning
when built with clang:
drivers/media/pci/saa7146/hexium_orion.c:210:12: error: stack frame size of 2272 bytes in function 'hexium_probe'
[-Werror,-Wframe-larger-than=]
static int hexium_probe(struct saa7146_dev *dev)
^
drivers/media/pci/saa7146/hexium_gemini.c:257:12: error: stack frame size of 2304 bytes in function 'hexium_attach'
[-Werror,-Wframe-larger-than=]
static int hexium_attach(struct saa7146_dev *dev, struct saa7146_pci_extension_data *info)
^
This one happens regardless of KASAN, and the problem is that a
constructor to initialize a dynamically allocated structure leads
to a copy of that structure on the stack, whereas gcc initializes
it in place.
Link: https://bugs.llvm.org/show_bug.cgi?id=40776
Signed-off-by: Arnd Bergmann <arnd@arndb.de>
Reviewed-by: Nick Desaulniers <ndesaulniers@google.com>
Signed-off-by: Hans Verkuil <hverkuil-cisco@xs4all.nl>
[hverkuil-cisco@xs4all.nl: fix checkpatch warnings]
Signed-off-by: Mauro Carvalho Chehab <mchehab+samsung@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/media/pci/saa7146/hexium_gemini.c | 5 ++---
drivers/media/pci/saa7146/hexium_orion.c | 5 ++---
2 files changed, 4 insertions(+), 6 deletions(-)
diff --git a/drivers/media/pci/saa7146/hexium_gemini.c b/drivers/media/pci/saa7146/hexium_gemini.c
index 5817d9cde4d0c..6d8e4afe9673a 100644
--- a/drivers/media/pci/saa7146/hexium_gemini.c
+++ b/drivers/media/pci/saa7146/hexium_gemini.c
@@ -270,9 +270,8 @@ static int hexium_attach(struct saa7146_dev *dev, struct saa7146_pci_extension_d
/* enable i2c-port pins */
saa7146_write(dev, MC1, (MASK_08 | MASK_24 | MASK_10 | MASK_26));
- hexium->i2c_adapter = (struct i2c_adapter) {
- .name = "hexium gemini",
- };
+ strscpy(hexium->i2c_adapter.name, "hexium gemini",
+ sizeof(hexium->i2c_adapter.name));
saa7146_i2c_adapter_prepare(dev, &hexium->i2c_adapter, SAA7146_I2C_BUS_BIT_RATE_480);
if (i2c_add_adapter(&hexium->i2c_adapter) < 0) {
DEB_S("cannot register i2c-device. skipping.\n");
diff --git a/drivers/media/pci/saa7146/hexium_orion.c b/drivers/media/pci/saa7146/hexium_orion.c
index 0a05176c18ab6..a794f9e5f9908 100644
--- a/drivers/media/pci/saa7146/hexium_orion.c
+++ b/drivers/media/pci/saa7146/hexium_orion.c
@@ -231,9 +231,8 @@ static int hexium_probe(struct saa7146_dev *dev)
saa7146_write(dev, DD1_STREAM_B, 0x00000000);
saa7146_write(dev, MC2, (MASK_09 | MASK_25 | MASK_10 | MASK_26));
- hexium->i2c_adapter = (struct i2c_adapter) {
- .name = "hexium orion",
- };
+ strscpy(hexium->i2c_adapter.name, "hexium orion",
+ sizeof(hexium->i2c_adapter.name));
saa7146_i2c_adapter_prepare(dev, &hexium->i2c_adapter, SAA7146_I2C_BUS_BIT_RATE_480);
if (i2c_add_adapter(&hexium->i2c_adapter) < 0) {
DEB_S("cannot register i2c-device. skipping.\n");
--
2.20.1
^ permalink raw reply related [flat|nested] 429+ messages in thread
* [PATCH 5.1 366/405] scsi: lpfc: Fix SLI3 commands being issued on SLI4 devices
2019-05-30 2:59 [PATCH 5.1 000/405] 5.1.6-stable review Greg Kroah-Hartman
` (364 preceding siblings ...)
2019-05-30 3:06 ` [PATCH 5.1 365/405] media: saa7146: avoid high stack usage with clang Greg Kroah-Hartman
@ 2019-05-30 3:06 ` Greg Kroah-Hartman
2019-05-30 3:06 ` [PATCH 5.1 367/405] scsi: lpfc: Fix mailbox hang on adapter init Greg Kroah-Hartman
` (43 subsequent siblings)
409 siblings, 0 replies; 429+ messages in thread
From: Greg Kroah-Hartman @ 2019-05-30 3:06 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Dick Kennedy, James Smart,
Martin K. Petersen, Sasha Levin
[ Upstream commit c95a3b4b0fb8d351e2329a96f87c4fc96a149505 ]
During debug, it was seen that the driver is issuing commands specific to
SLI3 on SLI4 devices. Although the adapter correctly rejected the command,
this should not be done.
Revise the code to stop sending these commands on a SLI4 adapter.
Signed-off-by: Dick Kennedy <dick.kennedy@broadcom.com>
Signed-off-by: James Smart <jsmart2021@gmail.com>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/scsi/lpfc/lpfc_hbadisc.c | 11 ++++++++++-
1 file changed, 10 insertions(+), 1 deletion(-)
diff --git a/drivers/scsi/lpfc/lpfc_hbadisc.c b/drivers/scsi/lpfc/lpfc_hbadisc.c
index aa4961a2caf81..676f4bf3f33a3 100644
--- a/drivers/scsi/lpfc/lpfc_hbadisc.c
+++ b/drivers/scsi/lpfc/lpfc_hbadisc.c
@@ -932,7 +932,11 @@ lpfc_linkdown(struct lpfc_hba *phba)
}
}
lpfc_destroy_vport_work_array(phba, vports);
- /* Clean up any firmware default rpi's */
+
+ /* Clean up any SLI3 firmware default rpi's */
+ if (phba->sli_rev > LPFC_SLI_REV3)
+ goto skip_unreg_did;
+
mb = mempool_alloc(phba->mbox_mem_pool, GFP_KERNEL);
if (mb) {
lpfc_unreg_did(phba, 0xffff, LPFC_UNREG_ALL_DFLT_RPIS, mb);
@@ -944,6 +948,7 @@ lpfc_linkdown(struct lpfc_hba *phba)
}
}
+ skip_unreg_did:
/* Setup myDID for link up if we are in pt2pt mode */
if (phba->pport->fc_flag & FC_PT2PT) {
mb = mempool_alloc(phba->mbox_mem_pool, GFP_KERNEL);
@@ -4979,6 +4984,10 @@ lpfc_unreg_default_rpis(struct lpfc_vport *vport)
LPFC_MBOXQ_t *mbox;
int rc;
+ /* Unreg DID is an SLI3 operation. */
+ if (phba->sli_rev > LPFC_SLI_REV3)
+ return;
+
mbox = mempool_alloc(phba->mbox_mem_pool, GFP_KERNEL);
if (mbox) {
lpfc_unreg_did(phba, vport->vpi, LPFC_UNREG_ALL_DFLT_RPIS,
--
2.20.1
^ permalink raw reply related [flat|nested] 429+ messages in thread
* [PATCH 5.1 367/405] scsi: lpfc: Fix mailbox hang on adapter init
2019-05-30 2:59 [PATCH 5.1 000/405] 5.1.6-stable review Greg Kroah-Hartman
` (365 preceding siblings ...)
2019-05-30 3:06 ` [PATCH 5.1 366/405] scsi: lpfc: Fix SLI3 commands being issued on SLI4 devices Greg Kroah-Hartman
@ 2019-05-30 3:06 ` Greg Kroah-Hartman
2019-05-30 3:06 ` [PATCH 5.1 368/405] scsi: lpfc: Resolve inconsistent check of hdwq in lpfc_scsi_cmd_iocb_cmpl Greg Kroah-Hartman
` (42 subsequent siblings)
409 siblings, 0 replies; 429+ messages in thread
From: Greg Kroah-Hartman @ 2019-05-30 3:06 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Dick Kennedy, James Smart,
Martin K. Petersen, Sasha Levin
[ Upstream commit e8869f5b0a7273fcf20ef99066fd8129e58ba5b7 ]
The adapter initialization sequence enables interrupts, initializes the
adapter link_state to LINK_DOWN, then issues commands to initialize the
adapter. The interrupt handler on the adapter validates the link_state (has
to be at least LINK_DOWN) and if invalid, will discard the interrupting
event.
In most cases, there is not a command completion, thus an interrupt until
the initialization commands have been sent which is post the setting of
state to LINK_DOWN. However, in cases of firmware reset, the reset will
modify the link_state to an invalid value (indicating a reset of the
adapter) and there occasionally are cases where the adapter will generate
an asynchronous event which shares the eq/cq used for mailbox commands. In
the failure case, an interrupt is generated immediately after enabling them
due to the async event. As link_state is invalid, the eq is list and the
CQ not serviced. At this point link_state is initialized and the mailbox
command sent. As the CQ has not been serviced, it is not armed, so no
interrupt event is generated when the mailbox command completes.
Modify the initialization sequence so that interrupts are enabled after
link_state is properly initialized, which avoids the race condition with
the async event.
Signed-off-by: Dick Kennedy <dick.kennedy@broadcom.com>
Signed-off-by: James Smart <jsmart2021@gmail.com>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/scsi/lpfc/lpfc_sli.c | 12 ++++++------
1 file changed, 6 insertions(+), 6 deletions(-)
diff --git a/drivers/scsi/lpfc/lpfc_sli.c b/drivers/scsi/lpfc/lpfc_sli.c
index 57b4a463b5892..7d2abb70cf093 100644
--- a/drivers/scsi/lpfc/lpfc_sli.c
+++ b/drivers/scsi/lpfc/lpfc_sli.c
@@ -7652,12 +7652,6 @@ lpfc_sli4_hba_setup(struct lpfc_hba *phba)
phba->cfg_xri_rebalancing = 0;
}
- /* Arm the CQs and then EQs on device */
- lpfc_sli4_arm_cqeq_intr(phba);
-
- /* Indicate device interrupt mode */
- phba->sli4_hba.intr_enable = 1;
-
/* Allow asynchronous mailbox command to go through */
spin_lock_irq(&phba->hbalock);
phba->sli.sli_flag &= ~LPFC_SLI_ASYNC_MBX_BLK;
@@ -7726,6 +7720,12 @@ lpfc_sli4_hba_setup(struct lpfc_hba *phba)
phba->trunk_link.link3.state = LPFC_LINK_DOWN;
spin_unlock_irq(&phba->hbalock);
+ /* Arm the CQs and then EQs on device */
+ lpfc_sli4_arm_cqeq_intr(phba);
+
+ /* Indicate device interrupt mode */
+ phba->sli4_hba.intr_enable = 1;
+
if (!(phba->hba_flag & HBA_FCOE_MODE) &&
(phba->hba_flag & LINK_DISABLED)) {
lpfc_printf_log(phba, KERN_ERR, LOG_INIT | LOG_SLI,
--
2.20.1
^ permalink raw reply related [flat|nested] 429+ messages in thread
* [PATCH 5.1 368/405] scsi: lpfc: Resolve inconsistent check of hdwq in lpfc_scsi_cmd_iocb_cmpl
2019-05-30 2:59 [PATCH 5.1 000/405] 5.1.6-stable review Greg Kroah-Hartman
` (366 preceding siblings ...)
2019-05-30 3:06 ` [PATCH 5.1 367/405] scsi: lpfc: Fix mailbox hang on adapter init Greg Kroah-Hartman
@ 2019-05-30 3:06 ` Greg Kroah-Hartman
2019-05-30 3:06 ` [PATCH 5.1 369/405] scsi: lpfc: Resolve irq-unsafe lockdep heirarchy warning in lpfc_io_free Greg Kroah-Hartman
` (41 subsequent siblings)
409 siblings, 0 replies; 429+ messages in thread
From: Greg Kroah-Hartman @ 2019-05-30 3:06 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Dan Carpenter, Dick Kennedy,
James Smart, Martin K. Petersen, Sasha Levin
[ Upstream commit ff6bf89717b0dc7b8dd0934d1c065f29069831e7 ]
A prior patch which added support for non-uniform allocation of MSIX
vectors now causes a smatch complaint:
drivers/scsi/lpfc/lpfc_scsi.c:3674 lpfc_scsi_cmd_iocb_cmpl()
error: we previously assumed 'phba->sli4_hba.hdwq' could be
null (see line 3667)
Resolve by removing the unnecessary check for a NULL hdwq table.
Fixes 6a828b0f6192: ("scsi: lpfc: Support non-uniform allocation of MSIX vectors to hardware queues")
Reported-by: Dan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: Dick Kennedy <dick.kennedy@broadcom.com>
Signed-off-by: James Smart <jsmart2021@gmail.com>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/scsi/lpfc/lpfc_scsi.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/scsi/lpfc/lpfc_scsi.c b/drivers/scsi/lpfc/lpfc_scsi.c
index a497b2c0cb798..25501d4605ff3 100644
--- a/drivers/scsi/lpfc/lpfc_scsi.c
+++ b/drivers/scsi/lpfc/lpfc_scsi.c
@@ -3670,7 +3670,7 @@ lpfc_scsi_cmd_iocb_cmpl(struct lpfc_hba *phba, struct lpfc_iocbq *pIocbIn,
#ifdef CONFIG_SCSI_LPFC_DEBUG_FS
if (phba->cpucheck_on & LPFC_CHECK_SCSI_IO) {
cpu = smp_processor_id();
- if (cpu < LPFC_CHECK_CPU_CNT)
+ if (cpu < LPFC_CHECK_CPU_CNT && phba->sli4_hba.hdwq)
phba->sli4_hba.hdwq[idx].cpucheck_cmpl_io[cpu]++;
}
#endif
--
2.20.1
^ permalink raw reply related [flat|nested] 429+ messages in thread
* [PATCH 5.1 369/405] scsi: lpfc: Resolve irq-unsafe lockdep heirarchy warning in lpfc_io_free
2019-05-30 2:59 [PATCH 5.1 000/405] 5.1.6-stable review Greg Kroah-Hartman
` (367 preceding siblings ...)
2019-05-30 3:06 ` [PATCH 5.1 368/405] scsi: lpfc: Resolve inconsistent check of hdwq in lpfc_scsi_cmd_iocb_cmpl Greg Kroah-Hartman
@ 2019-05-30 3:06 ` Greg Kroah-Hartman
2019-05-30 3:06 ` [PATCH 5.1 370/405] scsi: lpfc: Fix use-after-free mailbox cmd completion Greg Kroah-Hartman
` (40 subsequent siblings)
409 siblings, 0 replies; 429+ messages in thread
From: Greg Kroah-Hartman @ 2019-05-30 3:06 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Bart Van Assche, Dick Kennedy,
James Smart, Martin K. Petersen, Sasha Levin
[ Upstream commit 50e3f871fb20a9bb644743e2986e8f50f98a25bc ]
A patch in the 12.2.0.0 set caused a new lockdep warning:
WARNING: SOFTIRQ-safe -> SOFTIRQ-unsafe lock order detected
5.0.0-rc8-next-20190301-dbg+ #1 Not tainted
Possible interrupt unsafe locking scenario:
CPU0 CPU1
---- ----
lock(&(&qp->io_buf_list_put_lock)->rlock);
local_irq_disable();
lock(&(&phba->hbalock)->rlock);
lock(&(&qp->io_buf_list_put_lock)->rlock);
<Interrupt>
lock(&(&phba->hbalock)->rlock);
see: https://www.spinics.net/lists/linux-scsi/msg128389.html
In summary, the new patch added taking the io_buf_list_put_lock while under
an irq-disabled hbalock. This created a lock heirarchy dependent upon irq
being disabled, and there are paths that take the io_buf_list_put_lock
without disabling irq.
Looking at the lpfc_io_free routine, which is where the new heirarchy was
introduced, there is no reason to be taking out the hbalock and raising
irq, as the functionality is replaced by the io_buf_list_xxx locks.
Resolve by removing the hbalock/irq calls in lpfc_io_free.
Fixes: 5e5b511d8bfa ("scsi: lpfc: Partition XRI buffer list across Hardware Queues")
Reported-by: Bart Van Assche <bvanassche@acm.org>
Signed-off-by: Dick Kennedy <dick.kennedy@broadcom.com>
Signed-off-by: James Smart <jsmart2021@gmail.com>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/scsi/lpfc/lpfc_init.c | 4 ----
1 file changed, 4 deletions(-)
diff --git a/drivers/scsi/lpfc/lpfc_init.c b/drivers/scsi/lpfc/lpfc_init.c
index 89a0c2bdb6a15..46e155d1fa155 100644
--- a/drivers/scsi/lpfc/lpfc_init.c
+++ b/drivers/scsi/lpfc/lpfc_init.c
@@ -3618,8 +3618,6 @@ lpfc_io_free(struct lpfc_hba *phba)
struct lpfc_sli4_hdw_queue *qp;
int idx;
- spin_lock_irq(&phba->hbalock);
-
for (idx = 0; idx < phba->cfg_hdw_queue; idx++) {
qp = &phba->sli4_hba.hdwq[idx];
/* Release all the lpfc_nvme_bufs maintained by this host. */
@@ -3649,8 +3647,6 @@ lpfc_io_free(struct lpfc_hba *phba)
}
spin_unlock(&qp->io_buf_list_get_lock);
}
-
- spin_unlock_irq(&phba->hbalock);
}
/**
--
2.20.1
^ permalink raw reply related [flat|nested] 429+ messages in thread
* [PATCH 5.1 370/405] scsi: lpfc: Fix use-after-free mailbox cmd completion
2019-05-30 2:59 [PATCH 5.1 000/405] 5.1.6-stable review Greg Kroah-Hartman
` (368 preceding siblings ...)
2019-05-30 3:06 ` [PATCH 5.1 369/405] scsi: lpfc: Resolve irq-unsafe lockdep heirarchy warning in lpfc_io_free Greg Kroah-Hartman
@ 2019-05-30 3:06 ` Greg Kroah-Hartman
2019-05-30 3:06 ` [PATCH 5.1 371/405] audit: fix a memleak caused by auditing load module Greg Kroah-Hartman
` (39 subsequent siblings)
409 siblings, 0 replies; 429+ messages in thread
From: Greg Kroah-Hartman @ 2019-05-30 3:06 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Dick Kennedy, James Smart,
Martin K. Petersen, Sasha Levin
[ Upstream commit 9b1640686470fbbd1c6efb35ada6fe1427ea8d0f ]
When unloading the driver, mailbox commands may be sent without holding a
reference on the ndlp. By the time the mailbox command completes, the ndlp
may have reduced its ref counts and been freed. The problem was reported
by KASAN.
While unregistering due to driver unload, have the completion noop'd by
setting the ndlp context NULL'd. Due to the unload, no further action was
necessary. Also, while reviewing this path, the generic nulling of the
context after handling should be slightly moved.
Reported by: Bart Van Assche <bvanassche@acm.org>
Signed-off-by: Dick Kennedy <dick.kennedy@broadcom.com>
Signed-off-by: James Smart <jsmart2021@gmail.com>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/scsi/lpfc/lpfc_hbadisc.c | 4 ++++
drivers/scsi/lpfc/lpfc_sli.c | 2 +-
2 files changed, 5 insertions(+), 1 deletion(-)
diff --git a/drivers/scsi/lpfc/lpfc_hbadisc.c b/drivers/scsi/lpfc/lpfc_hbadisc.c
index 676f4bf3f33a3..75e9d46d44d42 100644
--- a/drivers/scsi/lpfc/lpfc_hbadisc.c
+++ b/drivers/scsi/lpfc/lpfc_hbadisc.c
@@ -4873,6 +4873,10 @@ lpfc_unreg_rpi(struct lpfc_vport *vport, struct lpfc_nodelist *ndlp)
* accept PLOGIs after unreg_rpi_cmpl
*/
acc_plogi = 0;
+ } else if (vport->load_flag & FC_UNLOADING) {
+ mbox->ctx_ndlp = NULL;
+ mbox->mbox_cmpl =
+ lpfc_sli_def_mbox_cmpl;
} else {
mbox->ctx_ndlp = ndlp;
mbox->mbox_cmpl =
diff --git a/drivers/scsi/lpfc/lpfc_sli.c b/drivers/scsi/lpfc/lpfc_sli.c
index 7d2abb70cf093..dc933b6d7800e 100644
--- a/drivers/scsi/lpfc/lpfc_sli.c
+++ b/drivers/scsi/lpfc/lpfc_sli.c
@@ -2502,8 +2502,8 @@ lpfc_sli_def_mbox_cmpl(struct lpfc_hba *phba, LPFC_MBOXQ_t *pmb)
} else {
ndlp->nlp_flag &= ~NLP_UNREG_INP;
}
+ pmb->ctx_ndlp = NULL;
}
- pmb->ctx_ndlp = NULL;
}
/* Check security permission status on INIT_LINK mailbox command */
--
2.20.1
^ permalink raw reply related [flat|nested] 429+ messages in thread
* [PATCH 5.1 371/405] audit: fix a memleak caused by auditing load module
2019-05-30 2:59 [PATCH 5.1 000/405] 5.1.6-stable review Greg Kroah-Hartman
` (369 preceding siblings ...)
2019-05-30 3:06 ` [PATCH 5.1 370/405] scsi: lpfc: Fix use-after-free mailbox cmd completion Greg Kroah-Hartman
@ 2019-05-30 3:06 ` Greg Kroah-Hartman
2019-05-30 3:06 ` [PATCH 5.1 372/405] spi : spi-topcliff-pch: Fix to handle empty DMA buffers Greg Kroah-Hartman
` (38 subsequent siblings)
409 siblings, 0 replies; 429+ messages in thread
From: Greg Kroah-Hartman @ 2019-05-30 3:06 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Zhang Yu, Li RongQing, Paul Moore,
Sasha Levin
[ Upstream commit 95e0b46fcebd7dbf6850dee96046e4c4ddc7f69c ]
module.name will be allocated unconditionally when auditing load
module, and audit_log_start() can fail with other reasons, or
audit_log_exit maybe not called, caused module.name is not freed
so free module.name in audit_free_context and __audit_syscall_exit
unreferenced object 0xffff88af90837d20 (size 8):
comm "modprobe", pid 1036, jiffies 4294704867 (age 3069.138s)
hex dump (first 8 bytes):
69 78 67 62 65 00 ff ff ixgbe...
backtrace:
[<0000000008da28fe>] __audit_log_kern_module+0x33/0x80
[<00000000c1491e61>] load_module+0x64f/0x3850
[<000000007fc9ae3f>] __do_sys_init_module+0x218/0x250
[<0000000000d4a478>] do_syscall_64+0x117/0x400
[<000000004924ded8>] entry_SYSCALL_64_after_hwframe+0x49/0xbe
[<000000007dc331dd>] 0xffffffffffffffff
Fixes: ca86cad7380e3 ("audit: log module name on init_module")
Signed-off-by: Zhang Yu <zhangyu31@baidu.com>
Signed-off-by: Li RongQing <lirongqing@baidu.com>
[PM: manual merge fixup in __audit_syscall_exit()]
Signed-off-by: Paul Moore <paul@paul-moore.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
kernel/auditsc.c | 10 +++++++++-
1 file changed, 9 insertions(+), 1 deletion(-)
diff --git a/kernel/auditsc.c b/kernel/auditsc.c
index d1eab1d4a930e..fa7b8047aab89 100644
--- a/kernel/auditsc.c
+++ b/kernel/auditsc.c
@@ -840,6 +840,13 @@ static inline void audit_proctitle_free(struct audit_context *context)
context->proctitle.len = 0;
}
+static inline void audit_free_module(struct audit_context *context)
+{
+ if (context->type == AUDIT_KERN_MODULE) {
+ kfree(context->module.name);
+ context->module.name = NULL;
+ }
+}
static inline void audit_free_names(struct audit_context *context)
{
struct audit_names *n, *next;
@@ -923,6 +930,7 @@ int audit_alloc(struct task_struct *tsk)
static inline void audit_free_context(struct audit_context *context)
{
+ audit_free_module(context);
audit_free_names(context);
unroll_tree_refs(context, NULL, 0);
free_tree_refs(context);
@@ -1266,7 +1274,6 @@ static void show_special(struct audit_context *context, int *call_panic)
audit_log_format(ab, "name=");
if (context->module.name) {
audit_log_untrustedstring(ab, context->module.name);
- kfree(context->module.name);
} else
audit_log_format(ab, "(null)");
@@ -1697,6 +1704,7 @@ void __audit_syscall_exit(int success, long return_code)
context->in_syscall = 0;
context->prio = context->state == AUDIT_RECORD_CONTEXT ? ~0ULL : 0;
+ audit_free_module(context);
audit_free_names(context);
unroll_tree_refs(context, NULL, 0);
audit_free_aux(context);
--
2.20.1
^ permalink raw reply related [flat|nested] 429+ messages in thread
* [PATCH 5.1 372/405] spi : spi-topcliff-pch: Fix to handle empty DMA buffers
2019-05-30 2:59 [PATCH 5.1 000/405] 5.1.6-stable review Greg Kroah-Hartman
` (370 preceding siblings ...)
2019-05-30 3:06 ` [PATCH 5.1 371/405] audit: fix a memleak caused by auditing load module Greg Kroah-Hartman
@ 2019-05-30 3:06 ` Greg Kroah-Hartman
2019-05-30 3:06 ` [PATCH 5.1 373/405] drm: writeback: Fix leak of writeback job Greg Kroah-Hartman
` (37 subsequent siblings)
409 siblings, 0 replies; 429+ messages in thread
From: Greg Kroah-Hartman @ 2019-05-30 3:06 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Aditya Pakki, Mark Brown, Sasha Levin
[ Upstream commit f37d8e67f39e6d3eaf4cc5471e8a3d21209843c6 ]
pch_alloc_dma_buf allocated tx, rx DMA buffers which can fail. Further,
these buffers are used without a check. The patch checks for these
failures and sends the error upstream.
Signed-off-by: Aditya Pakki <pakki001@umn.edu>
Signed-off-by: Mark Brown <broonie@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/spi/spi-topcliff-pch.c | 15 +++++++++++++--
1 file changed, 13 insertions(+), 2 deletions(-)
diff --git a/drivers/spi/spi-topcliff-pch.c b/drivers/spi/spi-topcliff-pch.c
index fba3f180f233b..8a5966963834c 100644
--- a/drivers/spi/spi-topcliff-pch.c
+++ b/drivers/spi/spi-topcliff-pch.c
@@ -1299,18 +1299,27 @@ static void pch_free_dma_buf(struct pch_spi_board_data *board_dat,
dma->rx_buf_virt, dma->rx_buf_dma);
}
-static void pch_alloc_dma_buf(struct pch_spi_board_data *board_dat,
+static int pch_alloc_dma_buf(struct pch_spi_board_data *board_dat,
struct pch_spi_data *data)
{
struct pch_spi_dma_ctrl *dma;
+ int ret;
dma = &data->dma;
+ ret = 0;
/* Get Consistent memory for Tx DMA */
dma->tx_buf_virt = dma_alloc_coherent(&board_dat->pdev->dev,
PCH_BUF_SIZE, &dma->tx_buf_dma, GFP_KERNEL);
+ if (!dma->tx_buf_virt)
+ ret = -ENOMEM;
+
/* Get Consistent memory for Rx DMA */
dma->rx_buf_virt = dma_alloc_coherent(&board_dat->pdev->dev,
PCH_BUF_SIZE, &dma->rx_buf_dma, GFP_KERNEL);
+ if (!dma->rx_buf_virt)
+ ret = -ENOMEM;
+
+ return ret;
}
static int pch_spi_pd_probe(struct platform_device *plat_dev)
@@ -1387,7 +1396,9 @@ static int pch_spi_pd_probe(struct platform_device *plat_dev)
if (use_dma) {
dev_info(&plat_dev->dev, "Use DMA for data transfers\n");
- pch_alloc_dma_buf(board_dat, data);
+ ret = pch_alloc_dma_buf(board_dat, data);
+ if (ret)
+ goto err_spi_register_master;
}
ret = spi_register_master(master);
--
2.20.1
^ permalink raw reply related [flat|nested] 429+ messages in thread
* [PATCH 5.1 373/405] drm: writeback: Fix leak of writeback job
2019-05-30 2:59 [PATCH 5.1 000/405] 5.1.6-stable review Greg Kroah-Hartman
` (371 preceding siblings ...)
2019-05-30 3:06 ` [PATCH 5.1 372/405] spi : spi-topcliff-pch: Fix to handle empty DMA buffers Greg Kroah-Hartman
@ 2019-05-30 3:06 ` Greg Kroah-Hartman
2019-05-30 3:06 ` [PATCH 5.1 374/405] drm/omap: dsi: Fix PM for display blank with paired dss_pll calls Greg Kroah-Hartman
` (36 subsequent siblings)
409 siblings, 0 replies; 429+ messages in thread
From: Greg Kroah-Hartman @ 2019-05-30 3:06 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Laurent Pinchart, Brian Starkey,
Liviu Dudau, Sasha Levin
[ Upstream commit e482ae9b5fdc01a343f22f52930e85a6cfdf85eb ]
Writeback jobs are allocated when the WRITEBACK_FB_ID is set, and
deleted when the jobs complete. This results in both a memory leak of
the job and a leak of the framebuffer if the atomic commit returns
before the job is queued for processing, for instance if the atomic
check fails or if the commit runs in test-only mode.
Fix this by implementing the drm_writeback_cleanup_job() function and
calling it from __drm_atomic_helper_connector_destroy_state(). As
writeback jobs are removed from the state when they're queued for
processing, any job left in the state when the state gets destroyed
needs to be cleaned up.
The existing declaration of the drm_writeback_cleanup_job() function
without an implementation hints that this problem was considered, but
never addressed.
Signed-off-by: Laurent Pinchart <laurent.pinchart+renesas@ideasonboard.com>
Reviewed-by: Brian Starkey <brian.starkey@arm.com>
Acked-by: Liviu Dudau <liviu.dudau@arm.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/gpu/drm/drm_atomic_state_helper.c | 4 ++++
drivers/gpu/drm/drm_writeback.c | 14 +++++++++++---
2 files changed, 15 insertions(+), 3 deletions(-)
diff --git a/drivers/gpu/drm/drm_atomic_state_helper.c b/drivers/gpu/drm/drm_atomic_state_helper.c
index 4985384e51f6e..59ffb6b9c7453 100644
--- a/drivers/gpu/drm/drm_atomic_state_helper.c
+++ b/drivers/gpu/drm/drm_atomic_state_helper.c
@@ -30,6 +30,7 @@
#include <drm/drm_connector.h>
#include <drm/drm_atomic.h>
#include <drm/drm_device.h>
+#include <drm/drm_writeback.h>
#include <linux/slab.h>
#include <linux/dma-fence.h>
@@ -412,6 +413,9 @@ __drm_atomic_helper_connector_destroy_state(struct drm_connector_state *state)
if (state->commit)
drm_crtc_commit_put(state->commit);
+
+ if (state->writeback_job)
+ drm_writeback_cleanup_job(state->writeback_job);
}
EXPORT_SYMBOL(__drm_atomic_helper_connector_destroy_state);
diff --git a/drivers/gpu/drm/drm_writeback.c b/drivers/gpu/drm/drm_writeback.c
index c20e6fe00cb38..2d75032f81591 100644
--- a/drivers/gpu/drm/drm_writeback.c
+++ b/drivers/gpu/drm/drm_writeback.c
@@ -268,6 +268,15 @@ void drm_writeback_queue_job(struct drm_writeback_connector *wb_connector,
}
EXPORT_SYMBOL(drm_writeback_queue_job);
+void drm_writeback_cleanup_job(struct drm_writeback_job *job)
+{
+ if (job->fb)
+ drm_framebuffer_put(job->fb);
+
+ kfree(job);
+}
+EXPORT_SYMBOL(drm_writeback_cleanup_job);
+
/*
* @cleanup_work: deferred cleanup of a writeback job
*
@@ -280,10 +289,9 @@ static void cleanup_work(struct work_struct *work)
struct drm_writeback_job *job = container_of(work,
struct drm_writeback_job,
cleanup_work);
- drm_framebuffer_put(job->fb);
- kfree(job);
-}
+ drm_writeback_cleanup_job(job);
+}
/**
* drm_writeback_signal_completion - Signal the completion of a writeback job
--
2.20.1
^ permalink raw reply related [flat|nested] 429+ messages in thread
* [PATCH 5.1 374/405] drm/omap: dsi: Fix PM for display blank with paired dss_pll calls
2019-05-30 2:59 [PATCH 5.1 000/405] 5.1.6-stable review Greg Kroah-Hartman
` (372 preceding siblings ...)
2019-05-30 3:06 ` [PATCH 5.1 373/405] drm: writeback: Fix leak of writeback job Greg Kroah-Hartman
@ 2019-05-30 3:06 ` Greg Kroah-Hartman
2019-05-30 3:06 ` [PATCH 5.1 375/405] drm/omap: Notify all devices in the pipeline of output disconnection Greg Kroah-Hartman
` (35 subsequent siblings)
409 siblings, 0 replies; 429+ messages in thread
From: Greg Kroah-Hartman @ 2019-05-30 3:06 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Tomi Valkeinen, Tony Lindgren, Sasha Levin
[ Upstream commit fe4ed1b457943113ee1138c939fbdeede4af6cf3 ]
Currently dsi_display_init_dsi() calls dss_pll_enable() but it is not
paired with dss_pll_disable() in dsi_display_uninit_dsi(). This leaves
the DSS clocks enabled when the display is blanked wasting about extra
5mW of power while idle.
The clock that is left on by not calling dss_pll_disable() is
DSS_CLKCTRL bit 10 OPTFCLKEN_SYS_CLK that is the source clock for
DSI PLL.
We can fix this issue by by making the current dsi_pll_uninit() into
dsi_pll_disable(). This way we can just call dss_pll_disable() from
dsi_display_uninit_dsi() and the code becomes a bit easier to follow.
However, we need to also consider that DSI PLL can be muxed for DVI too
as pointed out by Tomi Valkeinen <tomi.valkeinen@ti.com>. In the DVI
case, we want to unconditionally disable the clocks. To get around this
issue, we separate out the DSI lane handling from dsi_pll_enable() and
dsi_pll_disable() as suggested by Tomi in an earlier experimental patch.
So we must only toggle the DSI regulator based on the vdds_dsi_enabled
flag from dsi_display_init_dsi() and dsi_display_uninit_dsi().
We need to make these two changes together to avoid breaking things
for DVI when fixing the DSI clock handling. And this all causes a
slight renumbering of the error path for dsi_display_init_dsi().
Suggested-by: Tomi Valkeinen <tomi.valkeinen@ti.com>
Signed-off-by: Tony Lindgren <tony@atomide.com>
Signed-off-by: Tomi Valkeinen <tomi.valkeinen@ti.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/gpu/drm/omapdrm/dss/dsi.c | 60 ++++++++++++++++---------------
1 file changed, 31 insertions(+), 29 deletions(-)
diff --git a/drivers/gpu/drm/omapdrm/dss/dsi.c b/drivers/gpu/drm/omapdrm/dss/dsi.c
index 64fb788b66474..f0fe975ed46c7 100644
--- a/drivers/gpu/drm/omapdrm/dss/dsi.c
+++ b/drivers/gpu/drm/omapdrm/dss/dsi.c
@@ -1342,12 +1342,9 @@ static int dsi_pll_enable(struct dss_pll *pll)
*/
dsi_enable_scp_clk(dsi);
- if (!dsi->vdds_dsi_enabled) {
- r = regulator_enable(dsi->vdds_dsi_reg);
- if (r)
- goto err0;
- dsi->vdds_dsi_enabled = true;
- }
+ r = regulator_enable(dsi->vdds_dsi_reg);
+ if (r)
+ goto err0;
/* XXX PLL does not come out of reset without this... */
dispc_pck_free_enable(dsi->dss->dispc, 1);
@@ -1372,36 +1369,25 @@ static int dsi_pll_enable(struct dss_pll *pll)
return 0;
err1:
- if (dsi->vdds_dsi_enabled) {
- regulator_disable(dsi->vdds_dsi_reg);
- dsi->vdds_dsi_enabled = false;
- }
+ regulator_disable(dsi->vdds_dsi_reg);
err0:
dsi_disable_scp_clk(dsi);
dsi_runtime_put(dsi);
return r;
}
-static void dsi_pll_uninit(struct dsi_data *dsi, bool disconnect_lanes)
+static void dsi_pll_disable(struct dss_pll *pll)
{
+ struct dsi_data *dsi = container_of(pll, struct dsi_data, pll);
+
dsi_pll_power(dsi, DSI_PLL_POWER_OFF);
- if (disconnect_lanes) {
- WARN_ON(!dsi->vdds_dsi_enabled);
- regulator_disable(dsi->vdds_dsi_reg);
- dsi->vdds_dsi_enabled = false;
- }
+
+ regulator_disable(dsi->vdds_dsi_reg);
dsi_disable_scp_clk(dsi);
dsi_runtime_put(dsi);
- DSSDBG("PLL uninit done\n");
-}
-
-static void dsi_pll_disable(struct dss_pll *pll)
-{
- struct dsi_data *dsi = container_of(pll, struct dsi_data, pll);
-
- dsi_pll_uninit(dsi, true);
+ DSSDBG("PLL disable done\n");
}
static int dsi_dump_dsi_clocks(struct seq_file *s, void *p)
@@ -4096,11 +4082,11 @@ static int dsi_display_init_dsi(struct dsi_data *dsi)
r = dss_pll_enable(&dsi->pll);
if (r)
- goto err0;
+ return r;
r = dsi_configure_dsi_clocks(dsi);
if (r)
- goto err1;
+ goto err0;
dss_select_dsi_clk_source(dsi->dss, dsi->module_id,
dsi->module_id == 0 ?
@@ -4108,6 +4094,14 @@ static int dsi_display_init_dsi(struct dsi_data *dsi)
DSSDBG("PLL OK\n");
+ if (!dsi->vdds_dsi_enabled) {
+ r = regulator_enable(dsi->vdds_dsi_reg);
+ if (r)
+ goto err1;
+
+ dsi->vdds_dsi_enabled = true;
+ }
+
r = dsi_cio_init(dsi);
if (r)
goto err2;
@@ -4136,10 +4130,13 @@ static int dsi_display_init_dsi(struct dsi_data *dsi)
err3:
dsi_cio_uninit(dsi);
err2:
- dss_select_dsi_clk_source(dsi->dss, dsi->module_id, DSS_CLK_SRC_FCK);
+ regulator_disable(dsi->vdds_dsi_reg);
+ dsi->vdds_dsi_enabled = false;
err1:
- dss_pll_disable(&dsi->pll);
+ dss_select_dsi_clk_source(dsi->dss, dsi->module_id, DSS_CLK_SRC_FCK);
err0:
+ dss_pll_disable(&dsi->pll);
+
return r;
}
@@ -4158,7 +4155,12 @@ static void dsi_display_uninit_dsi(struct dsi_data *dsi, bool disconnect_lanes,
dss_select_dsi_clk_source(dsi->dss, dsi->module_id, DSS_CLK_SRC_FCK);
dsi_cio_uninit(dsi);
- dsi_pll_uninit(dsi, disconnect_lanes);
+ dss_pll_disable(&dsi->pll);
+
+ if (disconnect_lanes) {
+ regulator_disable(dsi->vdds_dsi_reg);
+ dsi->vdds_dsi_enabled = false;
+ }
}
static int dsi_display_enable(struct omap_dss_device *dssdev)
--
2.20.1
^ permalink raw reply related [flat|nested] 429+ messages in thread
* [PATCH 5.1 375/405] drm/omap: Notify all devices in the pipeline of output disconnection
2019-05-30 2:59 [PATCH 5.1 000/405] 5.1.6-stable review Greg Kroah-Hartman
` (373 preceding siblings ...)
2019-05-30 3:06 ` [PATCH 5.1 374/405] drm/omap: dsi: Fix PM for display blank with paired dss_pll calls Greg Kroah-Hartman
@ 2019-05-30 3:06 ` Greg Kroah-Hartman
2019-05-30 3:06 ` [PATCH 5.1 376/405] spi: rspi: Fix sequencer reset during initialization Greg Kroah-Hartman
` (34 subsequent siblings)
409 siblings, 0 replies; 429+ messages in thread
From: Greg Kroah-Hartman @ 2019-05-30 3:06 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Laurent Pinchart, Sebastian Reichel,
Tomi Valkeinen, Sasha Levin
[ Upstream commit 27a7e3e18419869cdcc414a404f3fe66f1b4e644 ]
For HDMI pipelines, when the output gets disconnected the device
handling CEC needs to be notified. Instead of guessing which device that
would be (and sometimes getting it wrong), notify all devices in the
pipeline.
Signed-off-by: Laurent Pinchart <laurent.pinchart@ideasonboard.com>
Reviewed-by: Sebastian Reichel <sebastian.reichel@collabora.com>
Tested-by: Sebastian Reichel <sebastian.reichel@collabora.com>
Signed-off-by: Tomi Valkeinen <tomi.valkeinen@ti.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/gpu/drm/omapdrm/omap_connector.c | 28 ++++++++++++++----------
1 file changed, 16 insertions(+), 12 deletions(-)
diff --git a/drivers/gpu/drm/omapdrm/omap_connector.c b/drivers/gpu/drm/omapdrm/omap_connector.c
index 9da94d10782a8..d37e3c001e24c 100644
--- a/drivers/gpu/drm/omapdrm/omap_connector.c
+++ b/drivers/gpu/drm/omapdrm/omap_connector.c
@@ -36,18 +36,22 @@ struct omap_connector {
};
static void omap_connector_hpd_notify(struct drm_connector *connector,
- struct omap_dss_device *src,
enum drm_connector_status status)
{
- if (status == connector_status_disconnected) {
- /*
- * If the source is an HDMI encoder, notify it of disconnection.
- * This is required to let the HDMI encoder reset any internal
- * state related to connection status, such as the CEC address.
- */
- if (src && src->type == OMAP_DISPLAY_TYPE_HDMI &&
- src->ops->hdmi.lost_hotplug)
- src->ops->hdmi.lost_hotplug(src);
+ struct omap_connector *omap_connector = to_omap_connector(connector);
+ struct omap_dss_device *dssdev;
+
+ if (status != connector_status_disconnected)
+ return;
+
+ /*
+ * Notify all devics in the pipeline of disconnection. This is required
+ * to let the HDMI encoders reset their internal state related to
+ * connection status, such as the CEC address.
+ */
+ for (dssdev = omap_connector->output; dssdev; dssdev = dssdev->next) {
+ if (dssdev->ops && dssdev->ops->hdmi.lost_hotplug)
+ dssdev->ops->hdmi.lost_hotplug(dssdev);
}
}
@@ -67,7 +71,7 @@ static void omap_connector_hpd_cb(void *cb_data,
if (old_status == status)
return;
- omap_connector_hpd_notify(connector, omap_connector->hpd, status);
+ omap_connector_hpd_notify(connector, status);
drm_kms_helper_hotplug_event(dev);
}
@@ -128,7 +132,7 @@ static enum drm_connector_status omap_connector_detect(
? connector_status_connected
: connector_status_disconnected;
- omap_connector_hpd_notify(connector, dssdev->src, status);
+ omap_connector_hpd_notify(connector, status);
} else {
switch (omap_connector->display->type) {
case OMAP_DISPLAY_TYPE_DPI:
--
2.20.1
^ permalink raw reply related [flat|nested] 429+ messages in thread
* [PATCH 5.1 376/405] spi: rspi: Fix sequencer reset during initialization
2019-05-30 2:59 [PATCH 5.1 000/405] 5.1.6-stable review Greg Kroah-Hartman
` (374 preceding siblings ...)
2019-05-30 3:06 ` [PATCH 5.1 375/405] drm/omap: Notify all devices in the pipeline of output disconnection Greg Kroah-Hartman
@ 2019-05-30 3:06 ` Greg Kroah-Hartman
2019-05-30 3:06 ` [PATCH 5.1 377/405] regulator: wm831x ldo: Fix notifier mutex lock warning Greg Kroah-Hartman
` (33 subsequent siblings)
409 siblings, 0 replies; 429+ messages in thread
From: Greg Kroah-Hartman @ 2019-05-30 3:06 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Geert Uytterhoeven, Mark Brown, Sasha Levin
[ Upstream commit 26843bb128590edd7eba1ad7ce22e4b9f1066ce3 ]
While the sequencer is reset after each SPI message since commit
880c6d114fd79a69 ("spi: rspi: Add support for Quad and Dual SPI
Transfers on QSPI"), it was never reset for the first message, thus
relying on reset state or bootloader settings.
Fix this by initializing it explicitly during configuration.
Fixes: 0b2182ddac4b8837 ("spi: add support for Renesas RSPI")
Signed-off-by: Geert Uytterhoeven <geert+renesas@glider.be>
Signed-off-by: Mark Brown <broonie@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/spi/spi-rspi.c | 9 ++++++---
1 file changed, 6 insertions(+), 3 deletions(-)
diff --git a/drivers/spi/spi-rspi.c b/drivers/spi/spi-rspi.c
index 556870dcdf799..5d35a82945cd1 100644
--- a/drivers/spi/spi-rspi.c
+++ b/drivers/spi/spi-rspi.c
@@ -271,7 +271,8 @@ static int rspi_set_config_register(struct rspi_data *rspi, int access_size)
/* Sets parity, interrupt mask */
rspi_write8(rspi, 0x00, RSPI_SPCR2);
- /* Sets SPCMD */
+ /* Resets sequencer */
+ rspi_write8(rspi, 0, RSPI_SPSCR);
rspi->spcmd |= SPCMD_SPB_8_TO_16(access_size);
rspi_write16(rspi, rspi->spcmd, RSPI_SPCMD0);
@@ -315,7 +316,8 @@ static int rspi_rz_set_config_register(struct rspi_data *rspi, int access_size)
rspi_write8(rspi, 0x00, RSPI_SSLND);
rspi_write8(rspi, 0x00, RSPI_SPND);
- /* Sets SPCMD */
+ /* Resets sequencer */
+ rspi_write8(rspi, 0, RSPI_SPSCR);
rspi->spcmd |= SPCMD_SPB_8_TO_16(access_size);
rspi_write16(rspi, rspi->spcmd, RSPI_SPCMD0);
@@ -366,7 +368,8 @@ static int qspi_set_config_register(struct rspi_data *rspi, int access_size)
/* Sets buffer to allow normal operation */
rspi_write8(rspi, 0x00, QSPI_SPBFCR);
- /* Sets SPCMD */
+ /* Resets sequencer */
+ rspi_write8(rspi, 0, RSPI_SPSCR);
rspi_write16(rspi, rspi->spcmd, RSPI_SPCMD0);
/* Sets RSPI mode */
--
2.20.1
^ permalink raw reply related [flat|nested] 429+ messages in thread
* [PATCH 5.1 377/405] regulator: wm831x ldo: Fix notifier mutex lock warning
2019-05-30 2:59 [PATCH 5.1 000/405] 5.1.6-stable review Greg Kroah-Hartman
` (375 preceding siblings ...)
2019-05-30 3:06 ` [PATCH 5.1 376/405] spi: rspi: Fix sequencer reset during initialization Greg Kroah-Hartman
@ 2019-05-30 3:06 ` Greg Kroah-Hartman
2019-05-30 3:06 ` [PATCH 5.1 378/405] regulator: wm831x isink: " Greg Kroah-Hartman
` (32 subsequent siblings)
409 siblings, 0 replies; 429+ messages in thread
From: Greg Kroah-Hartman @ 2019-05-30 3:06 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Adam Thomson, Steve Twiss,
Charles Keepax, Mark Brown, Sasha Levin
[ Upstream commit 8be64b6d87bd47d81753b60ddafe70102ebfd76b ]
The mutex for the regulator_dev must be controlled by the caller of
the regulator_notifier_call_chain(), as described in the comment
for that function.
Failure to mutex lock and unlock surrounding the notifier call results
in a kernel WARN_ON_ONCE() which will dump a backtrace for the
regulator_notifier_call_chain() when that function call is first made.
The mutex can be controlled using the regulator_lock/unlock() API.
Fixes: d1c6b4fe668b ("regulator: Add WM831x LDO support")
Suggested-by: Adam Thomson <Adam.Thomson.Opensource@diasemi.com>
Signed-off-by: Steve Twiss <stwiss.opensource@diasemi.com>
Acked-by: Charles Keepax <ckeepax@opensource.cirrus.com>
Signed-off-by: Mark Brown <broonie@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/regulator/wm831x-ldo.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/drivers/regulator/wm831x-ldo.c b/drivers/regulator/wm831x-ldo.c
index e4a6f888484ec..fcd038e7cd803 100644
--- a/drivers/regulator/wm831x-ldo.c
+++ b/drivers/regulator/wm831x-ldo.c
@@ -51,9 +51,11 @@ static irqreturn_t wm831x_ldo_uv_irq(int irq, void *data)
{
struct wm831x_ldo *ldo = data;
+ regulator_lock(ldo->regulator);
regulator_notifier_call_chain(ldo->regulator,
REGULATOR_EVENT_UNDER_VOLTAGE,
NULL);
+ regulator_unlock(ldo->regulator);
return IRQ_HANDLED;
}
--
2.20.1
^ permalink raw reply related [flat|nested] 429+ messages in thread
* [PATCH 5.1 378/405] regulator: wm831x isink: Fix notifier mutex lock warning
2019-05-30 2:59 [PATCH 5.1 000/405] 5.1.6-stable review Greg Kroah-Hartman
` (376 preceding siblings ...)
2019-05-30 3:06 ` [PATCH 5.1 377/405] regulator: wm831x ldo: Fix notifier mutex lock warning Greg Kroah-Hartman
@ 2019-05-30 3:06 ` Greg Kroah-Hartman
2019-05-30 3:06 ` [PATCH 5.1 379/405] regulator: ltc3676: " Greg Kroah-Hartman
` (31 subsequent siblings)
409 siblings, 0 replies; 429+ messages in thread
From: Greg Kroah-Hartman @ 2019-05-30 3:06 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Adam Thomson, Steve Twiss,
Charles Keepax, Mark Brown, Sasha Levin
[ Upstream commit f7a621728a6a23bfd2c6ac4d3e42e1303aefde0f ]
The mutex for the regulator_dev must be controlled by the caller of
the regulator_notifier_call_chain(), as described in the comment
for that function.
Failure to mutex lock and unlock surrounding the notifier call results
in a kernel WARN_ON_ONCE() which will dump a backtrace for the
regulator_notifier_call_chain() when that function call is first made.
The mutex can be controlled using the regulator_lock/unlock() API.
Fixes: d4d6b722e780 ("regulator: Add WM831x ISINK support")
Suggested-by: Adam Thomson <Adam.Thomson.Opensource@diasemi.com>
Signed-off-by: Steve Twiss <stwiss.opensource@diasemi.com>
Acked-by: Charles Keepax <ckeepax@opensource.cirrus.com>
Signed-off-by: Mark Brown <broonie@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/regulator/wm831x-isink.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/drivers/regulator/wm831x-isink.c b/drivers/regulator/wm831x-isink.c
index 6dd891d7eee3b..11f351191dba9 100644
--- a/drivers/regulator/wm831x-isink.c
+++ b/drivers/regulator/wm831x-isink.c
@@ -140,9 +140,11 @@ static irqreturn_t wm831x_isink_irq(int irq, void *data)
{
struct wm831x_isink *isink = data;
+ regulator_lock(isink->regulator);
regulator_notifier_call_chain(isink->regulator,
REGULATOR_EVENT_OVER_CURRENT,
NULL);
+ regulator_unlock(isink->regulator);
return IRQ_HANDLED;
}
--
2.20.1
^ permalink raw reply related [flat|nested] 429+ messages in thread
* [PATCH 5.1 379/405] regulator: ltc3676: Fix notifier mutex lock warning
2019-05-30 2:59 [PATCH 5.1 000/405] 5.1.6-stable review Greg Kroah-Hartman
` (377 preceding siblings ...)
2019-05-30 3:06 ` [PATCH 5.1 378/405] regulator: wm831x isink: " Greg Kroah-Hartman
@ 2019-05-30 3:06 ` Greg Kroah-Hartman
2019-05-30 3:06 ` [PATCH 5.1 380/405] regulator: ltc3589: " Greg Kroah-Hartman
` (30 subsequent siblings)
409 siblings, 0 replies; 429+ messages in thread
From: Greg Kroah-Hartman @ 2019-05-30 3:06 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Adam Thomson, Steve Twiss,
Mark Brown, Sasha Levin
[ Upstream commit 769fc8d4182c1d1875db7859852afeb436714c5c ]
The mutex for the regulator_dev must be controlled by the caller of
the regulator_notifier_call_chain(), as described in the comment
for that function.
Failure to mutex lock and unlock surrounding the notifier call results
in a kernel WARN_ON_ONCE() which will dump a backtrace for the
regulator_notifier_call_chain() when that function call is first made.
The mutex can be controlled using the regulator_lock/unlock() API.
Fixes: 37b918a034fe ("regulator: Add LTC3676 support")
Suggested-by: Adam Thomson <Adam.Thomson.Opensource@diasemi.com>
Signed-off-by: Steve Twiss <stwiss.opensource@diasemi.com>
Signed-off-by: Mark Brown <broonie@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/regulator/ltc3676.c | 10 ++++++++--
1 file changed, 8 insertions(+), 2 deletions(-)
diff --git a/drivers/regulator/ltc3676.c b/drivers/regulator/ltc3676.c
index e6d66e492b851..4be90c78c7209 100644
--- a/drivers/regulator/ltc3676.c
+++ b/drivers/regulator/ltc3676.c
@@ -285,17 +285,23 @@ static irqreturn_t ltc3676_isr(int irq, void *dev_id)
if (irqstat & LTC3676_IRQSTAT_THERMAL_WARN) {
dev_warn(dev, "Over-temperature Warning\n");
event = REGULATOR_EVENT_OVER_TEMP;
- for (i = 0; i < LTC3676_NUM_REGULATORS; i++)
+ for (i = 0; i < LTC3676_NUM_REGULATORS; i++) {
+ regulator_lock(ltc3676->regulators[i]);
regulator_notifier_call_chain(ltc3676->regulators[i],
event, NULL);
+ regulator_unlock(ltc3676->regulators[i]);
+ }
}
if (irqstat & LTC3676_IRQSTAT_UNDERVOLT_WARN) {
dev_info(dev, "Undervoltage Warning\n");
event = REGULATOR_EVENT_UNDER_VOLTAGE;
- for (i = 0; i < LTC3676_NUM_REGULATORS; i++)
+ for (i = 0; i < LTC3676_NUM_REGULATORS; i++) {
+ regulator_lock(ltc3676->regulators[i]);
regulator_notifier_call_chain(ltc3676->regulators[i],
event, NULL);
+ regulator_unlock(ltc3676->regulators[i]);
+ }
}
/* Clear warning condition */
--
2.20.1
^ permalink raw reply related [flat|nested] 429+ messages in thread
* [PATCH 5.1 380/405] regulator: ltc3589: Fix notifier mutex lock warning
2019-05-30 2:59 [PATCH 5.1 000/405] 5.1.6-stable review Greg Kroah-Hartman
` (378 preceding siblings ...)
2019-05-30 3:06 ` [PATCH 5.1 379/405] regulator: ltc3676: " Greg Kroah-Hartman
@ 2019-05-30 3:06 ` Greg Kroah-Hartman
2019-05-30 3:06 ` [PATCH 5.1 381/405] regulator: pv88060: " Greg Kroah-Hartman
` (29 subsequent siblings)
409 siblings, 0 replies; 429+ messages in thread
From: Greg Kroah-Hartman @ 2019-05-30 3:06 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Adam Thomson, Steve Twiss,
Mark Brown, Sasha Levin
[ Upstream commit f132da2534ec6599c78c4adcef15340cff2e9dd9 ]
The mutex for the regulator_dev must be controlled by the caller of
the regulator_notifier_call_chain(), as described in the comment
for that function.
Failure to mutex lock and unlock surrounding the notifier call results
in a kernel WARN_ON_ONCE() which will dump a backtrace for the
regulator_notifier_call_chain() when that function call is first made.
The mutex can be controlled using the regulator_lock/unlock() API.
Fixes: 3eb2c7ecb7ea ("regulator: Add LTC3589 support")
Suggested-by: Adam Thomson <Adam.Thomson.Opensource@diasemi.com>
Signed-off-by: Steve Twiss <stwiss.opensource@diasemi.com>
Signed-off-by: Mark Brown <broonie@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/regulator/ltc3589.c | 10 ++++++++--
1 file changed, 8 insertions(+), 2 deletions(-)
diff --git a/drivers/regulator/ltc3589.c b/drivers/regulator/ltc3589.c
index 63f724f260ef7..75089b037b723 100644
--- a/drivers/regulator/ltc3589.c
+++ b/drivers/regulator/ltc3589.c
@@ -419,16 +419,22 @@ static irqreturn_t ltc3589_isr(int irq, void *dev_id)
if (irqstat & LTC3589_IRQSTAT_THERMAL_WARN) {
event = REGULATOR_EVENT_OVER_TEMP;
- for (i = 0; i < LTC3589_NUM_REGULATORS; i++)
+ for (i = 0; i < LTC3589_NUM_REGULATORS; i++) {
+ regulator_lock(ltc3589->regulators[i]);
regulator_notifier_call_chain(ltc3589->regulators[i],
event, NULL);
+ regulator_unlock(ltc3589->regulators[i]);
+ }
}
if (irqstat & LTC3589_IRQSTAT_UNDERVOLT_WARN) {
event = REGULATOR_EVENT_UNDER_VOLTAGE;
- for (i = 0; i < LTC3589_NUM_REGULATORS; i++)
+ for (i = 0; i < LTC3589_NUM_REGULATORS; i++) {
+ regulator_lock(ltc3589->regulators[i]);
regulator_notifier_call_chain(ltc3589->regulators[i],
event, NULL);
+ regulator_unlock(ltc3589->regulators[i]);
+ }
}
/* Clear warning condition */
--
2.20.1
^ permalink raw reply related [flat|nested] 429+ messages in thread
* [PATCH 5.1 381/405] regulator: pv88060: Fix notifier mutex lock warning
2019-05-30 2:59 [PATCH 5.1 000/405] 5.1.6-stable review Greg Kroah-Hartman
` (379 preceding siblings ...)
2019-05-30 3:06 ` [PATCH 5.1 380/405] regulator: ltc3589: " Greg Kroah-Hartman
@ 2019-05-30 3:06 ` Greg Kroah-Hartman
2019-05-30 3:06 ` [PATCH 5.1 382/405] spi: imx: stop buffer overflow in RX FIFO flush Greg Kroah-Hartman
` (28 subsequent siblings)
409 siblings, 0 replies; 429+ messages in thread
From: Greg Kroah-Hartman @ 2019-05-30 3:06 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Adam Thomson, Steve Twiss,
Mark Brown, Sasha Levin
[ Upstream commit f58213637206e190453e3bd91f98f535566290a3 ]
The mutex for the regulator_dev must be controlled by the caller of
the regulator_notifier_call_chain(), as described in the comment
for that function.
Failure to mutex lock and unlock surrounding the notifier call results
in a kernel WARN_ON_ONCE() which will dump a backtrace for the
regulator_notifier_call_chain() when that function call is first made.
The mutex can be controlled using the regulator_lock/unlock() API.
Fixes: f307a7e9b7af ("regulator: pv88060: new regulator driver")
Suggested-by: Adam Thomson <Adam.Thomson.Opensource@diasemi.com>
Signed-off-by: Steve Twiss <stwiss.opensource@diasemi.com>
Signed-off-by: Mark Brown <broonie@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/regulator/pv88060-regulator.c | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/drivers/regulator/pv88060-regulator.c b/drivers/regulator/pv88060-regulator.c
index 1600f98218912..810816e9df5d5 100644
--- a/drivers/regulator/pv88060-regulator.c
+++ b/drivers/regulator/pv88060-regulator.c
@@ -244,9 +244,11 @@ static irqreturn_t pv88060_irq_handler(int irq, void *data)
if (reg_val & PV88060_E_VDD_FLT) {
for (i = 0; i < PV88060_MAX_REGULATORS; i++) {
if (chip->rdev[i] != NULL) {
+ regulator_lock(chip->rdev[i]);
regulator_notifier_call_chain(chip->rdev[i],
REGULATOR_EVENT_UNDER_VOLTAGE,
NULL);
+ regulator_unlock(chip->rdev[i]);
}
}
@@ -261,9 +263,11 @@ static irqreturn_t pv88060_irq_handler(int irq, void *data)
if (reg_val & PV88060_E_OVER_TEMP) {
for (i = 0; i < PV88060_MAX_REGULATORS; i++) {
if (chip->rdev[i] != NULL) {
+ regulator_lock(chip->rdev[i]);
regulator_notifier_call_chain(chip->rdev[i],
REGULATOR_EVENT_OVER_TEMP,
NULL);
+ regulator_unlock(chip->rdev[i]);
}
}
--
2.20.1
^ permalink raw reply related [flat|nested] 429+ messages in thread
* [PATCH 5.1 382/405] spi: imx: stop buffer overflow in RX FIFO flush
2019-05-30 2:59 [PATCH 5.1 000/405] 5.1.6-stable review Greg Kroah-Hartman
` (380 preceding siblings ...)
2019-05-30 3:06 ` [PATCH 5.1 381/405] regulator: pv88060: " Greg Kroah-Hartman
@ 2019-05-30 3:06 ` Greg Kroah-Hartman
2019-05-30 3:06 ` [PATCH 5.1 383/405] regulator: lp8755: Fix notifier mutex lock warning Greg Kroah-Hartman
` (27 subsequent siblings)
409 siblings, 0 replies; 429+ messages in thread
From: Greg Kroah-Hartman @ 2019-05-30 3:06 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Jiada Wang, Fabio Estevam,
Stefan Agner, Shawn Guo, Trent Piepho, Mark Brown, Sasha Levin
[ Upstream commit c842749ea1d32513f9e603c074d60d7aa07cb2ef ]
Commit 71abd29057cb ("spi: imx: Add support for SPI Slave mode") added
an RX FIFO flush before start of a transfer. In slave mode, the master
may have sent more data than expected and this data will still be in the
RX FIFO at the start of the next transfer, and so needs to be flushed.
However, the code to do the flush was accidentally saving this data into
the previous transfer's RX buffer, clobbering the contents of whatever
followed that buffer.
Change it to empty the FIFO and throw away the data. Every one of the
RX functions for the different eCSPI versions and modes reads the RX
FIFO data using the same readl() call, so just use that, rather than
using the spi_imx->rx function pointer and making sure all the different
rx functions have a working "throw away" mode.
There is another issue, which affects master mode when switching from
DMA to PIO. There can be extra data in the RX FIFO which triggers this
flush code, causing memory corruption in the same manner. I don't know
why this data is unexpectedly in the FIFO. It's likely there is a
different bug or erratum responsible for that. But regardless of that,
I think this is proper fix the for bug at hand here.
Fixes: 71abd29057cb ("spi: imx: Add support for SPI Slave mode")
Cc: Jiada Wang <jiada_wang@mentor.com>
Cc: Fabio Estevam <festevam@gmail.com>
Cc: Stefan Agner <stefan@agner.ch>
Cc: Shawn Guo <shawnguo@kernel.org>
Signed-off-by: Trent Piepho <tpiepho@impinj.com>
Signed-off-by: Mark Brown <broonie@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/spi/spi-imx.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/spi/spi-imx.c b/drivers/spi/spi-imx.c
index 6ec647bbba772..a81ae29aa68a9 100644
--- a/drivers/spi/spi-imx.c
+++ b/drivers/spi/spi-imx.c
@@ -1494,7 +1494,7 @@ static int spi_imx_transfer(struct spi_device *spi,
/* flush rxfifo before transfer */
while (spi_imx->devtype_data->rx_available(spi_imx))
- spi_imx->rx(spi_imx);
+ readl(spi_imx->base + MXC_CSPIRXDATA);
if (spi_imx->slave_mode)
return spi_imx_pio_transfer_slave(spi, transfer);
--
2.20.1
^ permalink raw reply related [flat|nested] 429+ messages in thread
* [PATCH 5.1 383/405] regulator: lp8755: Fix notifier mutex lock warning
2019-05-30 2:59 [PATCH 5.1 000/405] 5.1.6-stable review Greg Kroah-Hartman
` (381 preceding siblings ...)
2019-05-30 3:06 ` [PATCH 5.1 382/405] spi: imx: stop buffer overflow in RX FIFO flush Greg Kroah-Hartman
@ 2019-05-30 3:06 ` Greg Kroah-Hartman
2019-05-30 3:06 ` [PATCH 5.1 384/405] regulator: da9211: " Greg Kroah-Hartman
` (26 subsequent siblings)
409 siblings, 0 replies; 429+ messages in thread
From: Greg Kroah-Hartman @ 2019-05-30 3:06 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Adam Thomson, Steve Twiss,
Mark Brown, Sasha Levin
[ Upstream commit 89b2758c192c35068b07766a6830433bfbdc1f44 ]
The mutex for the regulator_dev must be controlled by the caller of
the regulator_notifier_call_chain(), as described in the comment
for that function.
Failure to mutex lock and unlock surrounding the notifier call results
in a kernel WARN_ON_ONCE() which will dump a backtrace for the
regulator_notifier_call_chain() when that function call is first made.
The mutex can be controlled using the regulator_lock/unlock() API.
Fixes: b59320cc5a5e ("regulator: lp8755: new driver for LP8755")
Suggested-by: Adam Thomson <Adam.Thomson.Opensource@diasemi.com>
Signed-off-by: Steve Twiss <stwiss.opensource@diasemi.com>
Signed-off-by: Mark Brown <broonie@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/regulator/lp8755.c | 15 ++++++++++++---
1 file changed, 12 insertions(+), 3 deletions(-)
diff --git a/drivers/regulator/lp8755.c b/drivers/regulator/lp8755.c
index 14fd388071349..2e16a6ab491d6 100644
--- a/drivers/regulator/lp8755.c
+++ b/drivers/regulator/lp8755.c
@@ -372,10 +372,13 @@ static irqreturn_t lp8755_irq_handler(int irq, void *data)
for (icnt = 0; icnt < LP8755_BUCK_MAX; icnt++)
if ((flag0 & (0x4 << icnt))
&& (pchip->irqmask & (0x04 << icnt))
- && (pchip->rdev[icnt] != NULL))
+ && (pchip->rdev[icnt] != NULL)) {
+ regulator_lock(pchip->rdev[icnt]);
regulator_notifier_call_chain(pchip->rdev[icnt],
LP8755_EVENT_PWR_FAULT,
NULL);
+ regulator_unlock(pchip->rdev[icnt]);
+ }
/* read flag1 register */
ret = lp8755_read(pchip, 0x0E, &flag1);
@@ -389,18 +392,24 @@ static irqreturn_t lp8755_irq_handler(int irq, void *data)
/* send OCP event to all regulator devices */
if ((flag1 & 0x01) && (pchip->irqmask & 0x01))
for (icnt = 0; icnt < LP8755_BUCK_MAX; icnt++)
- if (pchip->rdev[icnt] != NULL)
+ if (pchip->rdev[icnt] != NULL) {
+ regulator_lock(pchip->rdev[icnt]);
regulator_notifier_call_chain(pchip->rdev[icnt],
LP8755_EVENT_OCP,
NULL);
+ regulator_unlock(pchip->rdev[icnt]);
+ }
/* send OVP event to all regulator devices */
if ((flag1 & 0x02) && (pchip->irqmask & 0x02))
for (icnt = 0; icnt < LP8755_BUCK_MAX; icnt++)
- if (pchip->rdev[icnt] != NULL)
+ if (pchip->rdev[icnt] != NULL) {
+ regulator_lock(pchip->rdev[icnt]);
regulator_notifier_call_chain(pchip->rdev[icnt],
LP8755_EVENT_OVP,
NULL);
+ regulator_unlock(pchip->rdev[icnt]);
+ }
return IRQ_HANDLED;
err_i2c:
--
2.20.1
^ permalink raw reply related [flat|nested] 429+ messages in thread
* [PATCH 5.1 384/405] regulator: da9211: Fix notifier mutex lock warning
2019-05-30 2:59 [PATCH 5.1 000/405] 5.1.6-stable review Greg Kroah-Hartman
` (382 preceding siblings ...)
2019-05-30 3:06 ` [PATCH 5.1 383/405] regulator: lp8755: Fix notifier mutex lock warning Greg Kroah-Hartman
@ 2019-05-30 3:06 ` Greg Kroah-Hartman
2019-05-30 3:06 ` [PATCH 5.1 385/405] regulator: da9063: " Greg Kroah-Hartman
` (25 subsequent siblings)
409 siblings, 0 replies; 429+ messages in thread
From: Greg Kroah-Hartman @ 2019-05-30 3:06 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Adam Thomson, Steve Twiss,
Mark Brown, Sasha Levin
[ Upstream commit 65378de3359d30ebce44762d8b8027f372b5b1c4 ]
The mutex for the regulator_dev must be controlled by the caller of
the regulator_notifier_call_chain(), as described in the comment
for that function.
Failure to mutex lock and unlock surrounding the notifier call results
in a kernel WARN_ON_ONCE() which will dump a backtrace for the
regulator_notifier_call_chain() when that function call is first made.
The mutex can be controlled using the regulator_lock/unlock() API.
Fixes: 1028a37daa14 ("regulator: da9211: new regulator driver")
Suggested-by: Adam Thomson <Adam.Thomson.Opensource@diasemi.com>
Signed-off-by: Steve Twiss <stwiss.opensource@diasemi.com>
Signed-off-by: Mark Brown <broonie@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/regulator/da9211-regulator.c | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/drivers/regulator/da9211-regulator.c b/drivers/regulator/da9211-regulator.c
index 109ee12d43626..4d7fe4819c1ce 100644
--- a/drivers/regulator/da9211-regulator.c
+++ b/drivers/regulator/da9211-regulator.c
@@ -322,8 +322,10 @@ static irqreturn_t da9211_irq_handler(int irq, void *data)
goto error_i2c;
if (reg_val & DA9211_E_OV_CURR_A) {
+ regulator_lock(chip->rdev[0]);
regulator_notifier_call_chain(chip->rdev[0],
REGULATOR_EVENT_OVER_CURRENT, NULL);
+ regulator_unlock(chip->rdev[0]);
err = regmap_write(chip->regmap, DA9211_REG_EVENT_B,
DA9211_E_OV_CURR_A);
@@ -334,8 +336,10 @@ static irqreturn_t da9211_irq_handler(int irq, void *data)
}
if (reg_val & DA9211_E_OV_CURR_B) {
+ regulator_lock(chip->rdev[1]);
regulator_notifier_call_chain(chip->rdev[1],
REGULATOR_EVENT_OVER_CURRENT, NULL);
+ regulator_unlock(chip->rdev[1]);
err = regmap_write(chip->regmap, DA9211_REG_EVENT_B,
DA9211_E_OV_CURR_B);
--
2.20.1
^ permalink raw reply related [flat|nested] 429+ messages in thread
* [PATCH 5.1 385/405] regulator: da9063: Fix notifier mutex lock warning
2019-05-30 2:59 [PATCH 5.1 000/405] 5.1.6-stable review Greg Kroah-Hartman
` (383 preceding siblings ...)
2019-05-30 3:06 ` [PATCH 5.1 384/405] regulator: da9211: " Greg Kroah-Hartman
@ 2019-05-30 3:06 ` Greg Kroah-Hartman
2019-05-30 3:06 ` [PATCH 5.1 386/405] regulator: pv88080: " Greg Kroah-Hartman
` (24 subsequent siblings)
409 siblings, 0 replies; 429+ messages in thread
From: Greg Kroah-Hartman @ 2019-05-30 3:06 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Adam Thomson, Steve Twiss,
Mark Brown, Sasha Levin
[ Upstream commit 29d40b4a5776ec4727c9f0e00a884423dd5e3366 ]
The mutex for the regulator_dev must be controlled by the caller of
the regulator_notifier_call_chain(), as described in the comment
for that function.
Failure to mutex lock and unlock surrounding the notifier call results
in a kernel WARN_ON_ONCE() which will dump a backtrace for the
regulator_notifier_call_chain() when that function call is first made.
The mutex can be controlled using the regulator_lock/unlock() API.
Fixes: 69ca3e58d178 ("regulator: da9063: Add Dialog DA9063 voltage regulators support.")
Suggested-by: Adam Thomson <Adam.Thomson.Opensource@diasemi.com>
Signed-off-by: Steve Twiss <stwiss.opensource@diasemi.com>
Signed-off-by: Mark Brown <broonie@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/regulator/da9063-regulator.c | 5 ++++-
1 file changed, 4 insertions(+), 1 deletion(-)
diff --git a/drivers/regulator/da9063-regulator.c b/drivers/regulator/da9063-regulator.c
index 2b0c7a85306ab..d7bdb95b7602e 100644
--- a/drivers/regulator/da9063-regulator.c
+++ b/drivers/regulator/da9063-regulator.c
@@ -615,9 +615,12 @@ static irqreturn_t da9063_ldo_lim_event(int irq, void *data)
if (regl->info->oc_event.reg != DA9063_REG_STATUS_D)
continue;
- if (BIT(regl->info->oc_event.lsb) & bits)
+ if (BIT(regl->info->oc_event.lsb) & bits) {
+ regulator_lock(regl->rdev);
regulator_notifier_call_chain(regl->rdev,
REGULATOR_EVENT_OVER_CURRENT, NULL);
+ regulator_unlock(regl->rdev);
+ }
}
return IRQ_HANDLED;
--
2.20.1
^ permalink raw reply related [flat|nested] 429+ messages in thread
* [PATCH 5.1 386/405] regulator: pv88080: Fix notifier mutex lock warning
2019-05-30 2:59 [PATCH 5.1 000/405] 5.1.6-stable review Greg Kroah-Hartman
` (384 preceding siblings ...)
2019-05-30 3:06 ` [PATCH 5.1 385/405] regulator: da9063: " Greg Kroah-Hartman
@ 2019-05-30 3:06 ` Greg Kroah-Hartman
2019-05-30 3:06 ` [PATCH 5.1 387/405] regulator: wm831x: " Greg Kroah-Hartman
` (23 subsequent siblings)
409 siblings, 0 replies; 429+ messages in thread
From: Greg Kroah-Hartman @ 2019-05-30 3:06 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Adam Thomson, Steve Twiss,
Mark Brown, Sasha Levin
[ Upstream commit 1867af94cfdf37fc70fe67b3d522e78352800196 ]
The mutex for the regulator_dev must be controlled by the caller of
the regulator_notifier_call_chain(), as described in the comment
for that function.
Failure to mutex lock and unlock surrounding the notifier call results
in a kernel WARN_ON_ONCE() which will dump a backtrace for the
regulator_notifier_call_chain() when that function call is first made.
The mutex can be controlled using the regulator_lock/unlock() API.
Fixes: 99cf3af5e2d5 ("regulator: pv88080: new regulator driver")
Suggested-by: Adam Thomson <Adam.Thomson.Opensource@diasemi.com>
Signed-off-by: Steve Twiss <stwiss.opensource@diasemi.com>
Signed-off-by: Mark Brown <broonie@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/regulator/pv88080-regulator.c | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/drivers/regulator/pv88080-regulator.c b/drivers/regulator/pv88080-regulator.c
index bdddacdbeb996..6279216fb2540 100644
--- a/drivers/regulator/pv88080-regulator.c
+++ b/drivers/regulator/pv88080-regulator.c
@@ -345,9 +345,11 @@ static irqreturn_t pv88080_irq_handler(int irq, void *data)
if (reg_val & PV88080_E_VDD_FLT) {
for (i = 0; i < PV88080_MAX_REGULATORS; i++) {
if (chip->rdev[i] != NULL) {
+ regulator_lock(chip->rdev[i]);
regulator_notifier_call_chain(chip->rdev[i],
REGULATOR_EVENT_UNDER_VOLTAGE,
NULL);
+ regulator_unlock(chip->rdev[i]);
}
}
@@ -362,9 +364,11 @@ static irqreturn_t pv88080_irq_handler(int irq, void *data)
if (reg_val & PV88080_E_OVER_TEMP) {
for (i = 0; i < PV88080_MAX_REGULATORS; i++) {
if (chip->rdev[i] != NULL) {
+ regulator_lock(chip->rdev[i]);
regulator_notifier_call_chain(chip->rdev[i],
REGULATOR_EVENT_OVER_TEMP,
NULL);
+ regulator_unlock(chip->rdev[i]);
}
}
--
2.20.1
^ permalink raw reply related [flat|nested] 429+ messages in thread
* [PATCH 5.1 387/405] regulator: wm831x: Fix notifier mutex lock warning
2019-05-30 2:59 [PATCH 5.1 000/405] 5.1.6-stable review Greg Kroah-Hartman
` (385 preceding siblings ...)
2019-05-30 3:06 ` [PATCH 5.1 386/405] regulator: pv88080: " Greg Kroah-Hartman
@ 2019-05-30 3:06 ` Greg Kroah-Hartman
2019-05-30 3:06 ` [PATCH 5.1 388/405] regulator: pv88090: " Greg Kroah-Hartman
` (22 subsequent siblings)
409 siblings, 0 replies; 429+ messages in thread
From: Greg Kroah-Hartman @ 2019-05-30 3:06 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Adam Thomson, Steve Twiss,
Charles Keepax, Mark Brown, Sasha Levin
[ Upstream commit 119c4f5085c45b60cb23c5595e45d06135b89518 ]
The mutex for the regulator_dev must be controlled by the caller of
the regulator_notifier_call_chain(), as described in the comment
for that function.
Failure to mutex lock and unlock surrounding the notifier call results
in a kernel WARN_ON_ONCE() which will dump a backtrace for the
regulator_notifier_call_chain() when that function call is first made.
The mutex can be controlled using the regulator_lock/unlock() API.
Fixes: e4ee831f949a ("regulator: Add WM831x DC-DC buck convertor support")
Suggested-by: Adam Thomson <Adam.Thomson.Opensource@diasemi.com>
Signed-off-by: Steve Twiss <stwiss.opensource@diasemi.com>
Acked-by: Charles Keepax <ckeepax@opensource.cirrus.com>
Signed-off-by: Mark Brown <broonie@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/regulator/wm831x-dcdc.c | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/drivers/regulator/wm831x-dcdc.c b/drivers/regulator/wm831x-dcdc.c
index 12b422373580c..d1873f94bca74 100644
--- a/drivers/regulator/wm831x-dcdc.c
+++ b/drivers/regulator/wm831x-dcdc.c
@@ -183,9 +183,11 @@ static irqreturn_t wm831x_dcdc_uv_irq(int irq, void *data)
{
struct wm831x_dcdc *dcdc = data;
+ regulator_lock(dcdc->regulator);
regulator_notifier_call_chain(dcdc->regulator,
REGULATOR_EVENT_UNDER_VOLTAGE,
NULL);
+ regulator_unlock(dcdc->regulator);
return IRQ_HANDLED;
}
@@ -194,9 +196,11 @@ static irqreturn_t wm831x_dcdc_oc_irq(int irq, void *data)
{
struct wm831x_dcdc *dcdc = data;
+ regulator_lock(dcdc->regulator);
regulator_notifier_call_chain(dcdc->regulator,
REGULATOR_EVENT_OVER_CURRENT,
NULL);
+ regulator_unlock(dcdc->regulator);
return IRQ_HANDLED;
}
--
2.20.1
^ permalink raw reply related [flat|nested] 429+ messages in thread
* [PATCH 5.1 388/405] regulator: pv88090: Fix notifier mutex lock warning
2019-05-30 2:59 [PATCH 5.1 000/405] 5.1.6-stable review Greg Kroah-Hartman
` (386 preceding siblings ...)
2019-05-30 3:06 ` [PATCH 5.1 387/405] regulator: wm831x: " Greg Kroah-Hartman
@ 2019-05-30 3:06 ` Greg Kroah-Hartman
2019-05-30 3:06 ` [PATCH 5.1 389/405] regulator: da9062: " Greg Kroah-Hartman
` (21 subsequent siblings)
409 siblings, 0 replies; 429+ messages in thread
From: Greg Kroah-Hartman @ 2019-05-30 3:06 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Adam Thomson, Steve Twiss,
Mark Brown, Sasha Levin
[ Upstream commit 275513b7695a61b75b2546406ecd0f8e3d9fc8be ]
The mutex for the regulator_dev must be controlled by the caller of
the regulator_notifier_call_chain(), as described in the comment
for that function.
Failure to mutex lock and unlock surrounding the notifier call results
in a kernel WARN_ON_ONCE() which will dump a backtrace for the
regulator_notifier_call_chain() when that function call is first made.
The mutex can be controlled using the regulator_lock/unlock() API.
Fixes: c90456e36d9c ("regulator: pv88090: new regulator driver")
Suggested-by: Adam Thomson <Adam.Thomson.Opensource@diasemi.com>
Signed-off-by: Steve Twiss <stwiss.opensource@diasemi.com>
Signed-off-by: Mark Brown <broonie@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/regulator/pv88090-regulator.c | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/drivers/regulator/pv88090-regulator.c b/drivers/regulator/pv88090-regulator.c
index 6e97cc6df2eec..90f4f907fb3fb 100644
--- a/drivers/regulator/pv88090-regulator.c
+++ b/drivers/regulator/pv88090-regulator.c
@@ -237,9 +237,11 @@ static irqreturn_t pv88090_irq_handler(int irq, void *data)
if (reg_val & PV88090_E_VDD_FLT) {
for (i = 0; i < PV88090_MAX_REGULATORS; i++) {
if (chip->rdev[i] != NULL) {
+ regulator_lock(chip->rdev[i]);
regulator_notifier_call_chain(chip->rdev[i],
REGULATOR_EVENT_UNDER_VOLTAGE,
NULL);
+ regulator_unlock(chip->rdev[i]);
}
}
@@ -254,9 +256,11 @@ static irqreturn_t pv88090_irq_handler(int irq, void *data)
if (reg_val & PV88090_E_OVER_TEMP) {
for (i = 0; i < PV88090_MAX_REGULATORS; i++) {
if (chip->rdev[i] != NULL) {
+ regulator_lock(chip->rdev[i]);
regulator_notifier_call_chain(chip->rdev[i],
REGULATOR_EVENT_OVER_TEMP,
NULL);
+ regulator_unlock(chip->rdev[i]);
}
}
--
2.20.1
^ permalink raw reply related [flat|nested] 429+ messages in thread
* [PATCH 5.1 389/405] regulator: da9062: Fix notifier mutex lock warning
2019-05-30 2:59 [PATCH 5.1 000/405] 5.1.6-stable review Greg Kroah-Hartman
` (387 preceding siblings ...)
2019-05-30 3:06 ` [PATCH 5.1 388/405] regulator: pv88090: " Greg Kroah-Hartman
@ 2019-05-30 3:06 ` Greg Kroah-Hartman
2019-05-30 3:06 ` [PATCH 5.1 390/405] regulator: da9055: " Greg Kroah-Hartman
` (20 subsequent siblings)
409 siblings, 0 replies; 429+ messages in thread
From: Greg Kroah-Hartman @ 2019-05-30 3:06 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Adam Thomson, Steve Twiss,
Mark Brown, Sasha Levin
[ Upstream commit 978995def0f6030aa6b3b494682f673aca13881b ]
The mutex for the regulator_dev must be controlled by the caller of
the regulator_notifier_call_chain(), as described in the comment
for that function.
Failure to mutex lock and unlock surrounding the notifier call results
in a kernel WARN_ON_ONCE() which will dump a backtrace for the
regulator_notifier_call_chain() when that function call is first made.
The mutex can be controlled using the regulator_lock/unlock() API.
Fixes: 4068e5182ada ("regulator: da9062: DA9062 regulator driver")
Suggested-by: Adam Thomson <Adam.Thomson.Opensource@diasemi.com>
Signed-off-by: Steve Twiss <stwiss.opensource@diasemi.com>
Signed-off-by: Mark Brown <broonie@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/regulator/da9062-regulator.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/drivers/regulator/da9062-regulator.c b/drivers/regulator/da9062-regulator.c
index b064d8a19d4ce..bab88ddfc5098 100644
--- a/drivers/regulator/da9062-regulator.c
+++ b/drivers/regulator/da9062-regulator.c
@@ -974,8 +974,10 @@ static irqreturn_t da9062_ldo_lim_event(int irq, void *data)
continue;
if (BIT(regl->info->oc_event.lsb) & bits) {
+ regulator_lock(regl->rdev);
regulator_notifier_call_chain(regl->rdev,
REGULATOR_EVENT_OVER_CURRENT, NULL);
+ regulator_unlock(regl->rdev);
handled = IRQ_HANDLED;
}
}
--
2.20.1
^ permalink raw reply related [flat|nested] 429+ messages in thread
* [PATCH 5.1 390/405] regulator: da9055: Fix notifier mutex lock warning
2019-05-30 2:59 [PATCH 5.1 000/405] 5.1.6-stable review Greg Kroah-Hartman
` (388 preceding siblings ...)
2019-05-30 3:06 ` [PATCH 5.1 389/405] regulator: da9062: " Greg Kroah-Hartman
@ 2019-05-30 3:06 ` Greg Kroah-Hartman
2019-05-30 3:06 ` [PATCH 5.1 391/405] spi: Fix zero length xfer bug Greg Kroah-Hartman
` (19 subsequent siblings)
409 siblings, 0 replies; 429+ messages in thread
From: Greg Kroah-Hartman @ 2019-05-30 3:06 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Adam Thomson, Steve Twiss,
Mark Brown, Sasha Levin
[ Upstream commit 5e6afb3832bedf420dd8e4c5b32ed85117c5087d ]
The mutex for the regulator_dev must be controlled by the caller of
the regulator_notifier_call_chain(), as described in the comment
for that function.
Failure to mutex lock and unlock surrounding the notifier call results
in a kernel WARN_ON_ONCE() which will dump a backtrace for the
regulator_notifier_call_chain() when that function call is first made.
The mutex can be controlled using the regulator_lock/unlock() API.
Fixes: f6130be652d0 ("regulator: DA9055 regulator driver")
Suggested-by: Adam Thomson <Adam.Thomson.Opensource@diasemi.com>
Signed-off-by: Steve Twiss <stwiss.opensource@diasemi.com>
Signed-off-by: Mark Brown <broonie@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/regulator/da9055-regulator.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/drivers/regulator/da9055-regulator.c b/drivers/regulator/da9055-regulator.c
index 3c6fac7936585..3ade4b8d204eb 100644
--- a/drivers/regulator/da9055-regulator.c
+++ b/drivers/regulator/da9055-regulator.c
@@ -487,8 +487,10 @@ static irqreturn_t da9055_ldo5_6_oc_irq(int irq, void *data)
{
struct da9055_regulator *regulator = data;
+ regulator_lock(regulator->rdev);
regulator_notifier_call_chain(regulator->rdev,
REGULATOR_EVENT_OVER_CURRENT, NULL);
+ regulator_unlock(regulator->rdev);
return IRQ_HANDLED;
}
--
2.20.1
^ permalink raw reply related [flat|nested] 429+ messages in thread
* [PATCH 5.1 391/405] spi: Fix zero length xfer bug
2019-05-30 2:59 [PATCH 5.1 000/405] 5.1.6-stable review Greg Kroah-Hartman
` (389 preceding siblings ...)
2019-05-30 3:06 ` [PATCH 5.1 390/405] regulator: da9055: " Greg Kroah-Hartman
@ 2019-05-30 3:06 ` Greg Kroah-Hartman
2019-05-30 3:06 ` [PATCH 5.1 392/405] ASoC: davinci-mcasp: Fix clang warning without CONFIG_PM Greg Kroah-Hartman
` (18 subsequent siblings)
409 siblings, 0 replies; 429+ messages in thread
From: Greg Kroah-Hartman @ 2019-05-30 3:06 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Chris Lesiak, Mark Brown, Sasha Levin
[ Upstream commit 5442dcaa0d90fc376bdfc179a018931a8f43dea4 ]
This fixes a bug for messages containing both zero length and
unidirectional xfers.
The function spi_map_msg will allocate dummy tx and/or rx buffers
for use with unidirectional transfers when the hardware can only do
a bidirectional transfer. That dummy buffer will be used in place
of a NULL buffer even when the xfer length is 0.
Then in the function __spi_map_msg, if he hardware can dma,
the zero length xfer will have spi_map_buf called on the dummy
buffer.
Eventually, __sg_alloc_table is called and returns -EINVAL
because nents == 0.
This fix prevents the error by not using the dummy buffer when
the xfer length is zero.
Signed-off-by: Chris Lesiak <chris.lesiak@licor.com>
Signed-off-by: Mark Brown <broonie@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/spi/spi.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/drivers/spi/spi.c b/drivers/spi/spi.c
index 6cb72287eac82..a83fcddf1dadc 100644
--- a/drivers/spi/spi.c
+++ b/drivers/spi/spi.c
@@ -1041,6 +1041,8 @@ static int spi_map_msg(struct spi_controller *ctlr, struct spi_message *msg)
if (max_tx || max_rx) {
list_for_each_entry(xfer, &msg->transfers,
transfer_list) {
+ if (!xfer->len)
+ continue;
if (!xfer->tx_buf)
xfer->tx_buf = ctlr->dummy_tx;
if (!xfer->rx_buf)
--
2.20.1
^ permalink raw reply related [flat|nested] 429+ messages in thread
* [PATCH 5.1 392/405] ASoC: davinci-mcasp: Fix clang warning without CONFIG_PM
2019-05-30 2:59 [PATCH 5.1 000/405] 5.1.6-stable review Greg Kroah-Hartman
` (390 preceding siblings ...)
2019-05-30 3:06 ` [PATCH 5.1 391/405] spi: Fix zero length xfer bug Greg Kroah-Hartman
@ 2019-05-30 3:06 ` Greg Kroah-Hartman
2019-05-30 3:06 ` [PATCH 5.1 393/405] ASoC: ti: fix davinci_mcasp_probe dependencies Greg Kroah-Hartman
` (17 subsequent siblings)
409 siblings, 0 replies; 429+ messages in thread
From: Greg Kroah-Hartman @ 2019-05-30 3:06 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Arnd Bergmann, Peter Ujfalusi,
Nathan Chancellor, Mark Brown, Sasha Levin
[ Upstream commit 8ca5104715cfd14254ea5aecc390ae583b707607 ]
Building with clang shows a variable that is only used by the
suspend/resume functions but defined outside of their #ifdef block:
sound/soc/ti/davinci-mcasp.c:48:12: error: variable 'context_regs' is not needed and will not be emitted
We commonly fix these by marking the PM functions as __maybe_unused,
but here that would grow the davinci_mcasp structure, so instead
add another #ifdef here.
Fixes: 1cc0c054f380 ("ASoC: davinci-mcasp: Convert the context save/restore to use array")
Signed-off-by: Arnd Bergmann <arnd@arndb.de>
Acked-by: Peter Ujfalusi <peter.ujfalusi@ti.com>
Reviewed-by: Nathan Chancellor <natechancellor@gmail.com>
Signed-off-by: Mark Brown <broonie@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
sound/soc/ti/davinci-mcasp.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/sound/soc/ti/davinci-mcasp.c b/sound/soc/ti/davinci-mcasp.c
index a3a67a8f0f543..9fbc759fdefe1 100644
--- a/sound/soc/ti/davinci-mcasp.c
+++ b/sound/soc/ti/davinci-mcasp.c
@@ -45,6 +45,7 @@
#define MCASP_MAX_AFIFO_DEPTH 64
+#ifdef CONFIG_PM
static u32 context_regs[] = {
DAVINCI_MCASP_TXFMCTL_REG,
DAVINCI_MCASP_RXFMCTL_REG,
@@ -68,6 +69,7 @@ struct davinci_mcasp_context {
u32 *xrsr_regs; /* for serializer configuration */
bool pm_state;
};
+#endif
struct davinci_mcasp_ruledata {
struct davinci_mcasp *mcasp;
--
2.20.1
^ permalink raw reply related [flat|nested] 429+ messages in thread
* [PATCH 5.1 393/405] ASoC: ti: fix davinci_mcasp_probe dependencies
2019-05-30 2:59 [PATCH 5.1 000/405] 5.1.6-stable review Greg Kroah-Hartman
` (391 preceding siblings ...)
2019-05-30 3:06 ` [PATCH 5.1 392/405] ASoC: davinci-mcasp: Fix clang warning without CONFIG_PM Greg Kroah-Hartman
@ 2019-05-30 3:06 ` Greg Kroah-Hartman
2019-05-30 3:06 ` [PATCH 5.1 394/405] drm/v3d: Handle errors from IRQ setup Greg Kroah-Hartman
` (16 subsequent siblings)
409 siblings, 0 replies; 429+ messages in thread
From: Greg Kroah-Hartman @ 2019-05-30 3:06 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Arnd Bergmann, Peter Ujfalusi,
Mark Brown, Sasha Levin
[ Upstream commit 7d7b25d05ef1c5a1a9320190e1eeb55534847558 ]
The SND_SOC_DAVINCI_MCASP driver can use either edma or sdma as
a back-end, and it takes the presence of the respective dma engine
drivers in the configuration as an indication to which ones should be
built. However, this is flawed in multiple ways:
- With CONFIG_TI_EDMA=m and CONFIG_SND_SOC_DAVINCI_MCASP=y,
is enabled as =m, and we get a link error:
sound/soc/ti/davinci-mcasp.o: In function `davinci_mcasp_probe':
davinci-mcasp.c:(.text+0x930): undefined reference to `edma_pcm_platform_register'
- When CONFIG_SND_SOC_DAVINCI_MCASP=m has already been selected by
another driver, the same link error appears even if CONFIG_TI_EDMA
is disabled
There are possibly other issues here, but it seems that the only reasonable
solution is to always build both SND_SOC_TI_EDMA_PCM and
SND_SOC_TI_SDMA_PCM as a dependency here. Both are fairly small and
do not have any other compile-time dependencies, so the cost is
very small, and makes the configuration stage much more consistent.
Fixes: f2055e145f29 ("ASoC: ti: Merge davinci and omap directories")
Signed-off-by: Arnd Bergmann <arnd@arndb.de>
Acked-by: Peter Ujfalusi <peter.ujfalusi@ti.com>
Signed-off-by: Mark Brown <broonie@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
sound/soc/ti/Kconfig | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/sound/soc/ti/Kconfig b/sound/soc/ti/Kconfig
index 4bf3c15d4e514..ee7c202c69b77 100644
--- a/sound/soc/ti/Kconfig
+++ b/sound/soc/ti/Kconfig
@@ -21,8 +21,8 @@ config SND_SOC_DAVINCI_ASP
config SND_SOC_DAVINCI_MCASP
tristate "Multichannel Audio Serial Port (McASP) support"
- select SND_SOC_TI_EDMA_PCM if TI_EDMA
- select SND_SOC_TI_SDMA_PCM if DMA_OMAP
+ select SND_SOC_TI_EDMA_PCM
+ select SND_SOC_TI_SDMA_PCM
help
Say Y or M here if you want to have support for McASP IP found in
various Texas Instruments SoCs like:
--
2.20.1
^ permalink raw reply related [flat|nested] 429+ messages in thread
* [PATCH 5.1 394/405] drm/v3d: Handle errors from IRQ setup.
2019-05-30 2:59 [PATCH 5.1 000/405] 5.1.6-stable review Greg Kroah-Hartman
` (392 preceding siblings ...)
2019-05-30 3:06 ` [PATCH 5.1 393/405] ASoC: ti: fix davinci_mcasp_probe dependencies Greg Kroah-Hartman
@ 2019-05-30 3:06 ` Greg Kroah-Hartman
2019-05-30 3:06 ` [PATCH 5.1 395/405] drm/amd/display: Fix exception from AUX acquire failure Greg Kroah-Hartman
` (15 subsequent siblings)
409 siblings, 0 replies; 429+ messages in thread
From: Greg Kroah-Hartman @ 2019-05-30 3:06 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Eric Anholt, Dave Emett, Sasha Levin
[ Upstream commit fc22771547e7e8a63679f0218e943d72b107de65 ]
Noted in review by Dave Emett for V3D 4.2 support.
Signed-off-by: Eric Anholt <eric@anholt.net>
Link: https://patchwork.freedesktop.org/patch/msgid/20190308174336.7866-1-eric@anholt.net
Reviewed-by: Dave Emett <david.emett@broadcom.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/gpu/drm/v3d/v3d_drv.c | 8 ++++++--
drivers/gpu/drm/v3d/v3d_drv.h | 2 +-
drivers/gpu/drm/v3d/v3d_irq.c | 13 +++++++++++--
3 files changed, 18 insertions(+), 5 deletions(-)
diff --git a/drivers/gpu/drm/v3d/v3d_drv.c b/drivers/gpu/drm/v3d/v3d_drv.c
index f0afcec72c348..30ae1c74edaa8 100644
--- a/drivers/gpu/drm/v3d/v3d_drv.c
+++ b/drivers/gpu/drm/v3d/v3d_drv.c
@@ -312,14 +312,18 @@ static int v3d_platform_drm_probe(struct platform_device *pdev)
if (ret)
goto dev_destroy;
- v3d_irq_init(v3d);
+ ret = v3d_irq_init(v3d);
+ if (ret)
+ goto gem_destroy;
ret = drm_dev_register(drm, 0);
if (ret)
- goto gem_destroy;
+ goto irq_disable;
return 0;
+irq_disable:
+ v3d_irq_disable(v3d);
gem_destroy:
v3d_gem_destroy(drm);
dev_destroy:
diff --git a/drivers/gpu/drm/v3d/v3d_drv.h b/drivers/gpu/drm/v3d/v3d_drv.h
index fdda3037f7af7..2fdb456b72d32 100644
--- a/drivers/gpu/drm/v3d/v3d_drv.h
+++ b/drivers/gpu/drm/v3d/v3d_drv.h
@@ -310,7 +310,7 @@ void v3d_reset(struct v3d_dev *v3d);
void v3d_invalidate_caches(struct v3d_dev *v3d);
/* v3d_irq.c */
-void v3d_irq_init(struct v3d_dev *v3d);
+int v3d_irq_init(struct v3d_dev *v3d);
void v3d_irq_enable(struct v3d_dev *v3d);
void v3d_irq_disable(struct v3d_dev *v3d);
void v3d_irq_reset(struct v3d_dev *v3d);
diff --git a/drivers/gpu/drm/v3d/v3d_irq.c b/drivers/gpu/drm/v3d/v3d_irq.c
index 69338da70ddce..29d746cfce572 100644
--- a/drivers/gpu/drm/v3d/v3d_irq.c
+++ b/drivers/gpu/drm/v3d/v3d_irq.c
@@ -156,7 +156,7 @@ v3d_hub_irq(int irq, void *arg)
return status;
}
-void
+int
v3d_irq_init(struct v3d_dev *v3d)
{
int ret, core;
@@ -173,13 +173,22 @@ v3d_irq_init(struct v3d_dev *v3d)
ret = devm_request_irq(v3d->dev, platform_get_irq(v3d->pdev, 0),
v3d_hub_irq, IRQF_SHARED,
"v3d_hub", v3d);
+ if (ret)
+ goto fail;
+
ret = devm_request_irq(v3d->dev, platform_get_irq(v3d->pdev, 1),
v3d_irq, IRQF_SHARED,
"v3d_core0", v3d);
if (ret)
- dev_err(v3d->dev, "IRQ setup failed: %d\n", ret);
+ goto fail;
v3d_irq_enable(v3d);
+ return 0;
+
+fail:
+ if (ret != -EPROBE_DEFER)
+ dev_err(v3d->dev, "IRQ setup failed: %d\n", ret);
+ return ret;
}
void
--
2.20.1
^ permalink raw reply related [flat|nested] 429+ messages in thread
* [PATCH 5.1 395/405] drm/amd/display: Fix exception from AUX acquire failure
2019-05-30 2:59 [PATCH 5.1 000/405] 5.1.6-stable review Greg Kroah-Hartman
` (393 preceding siblings ...)
2019-05-30 3:06 ` [PATCH 5.1 394/405] drm/v3d: Handle errors from IRQ setup Greg Kroah-Hartman
@ 2019-05-30 3:06 ` Greg Kroah-Hartman
2019-05-30 3:06 ` [PATCH 5.1 396/405] drm/amd/display: Reset planes that were disabled in init_pipes Greg Kroah-Hartman
` (14 subsequent siblings)
409 siblings, 0 replies; 429+ messages in thread
From: Greg Kroah-Hartman @ 2019-05-30 3:06 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Anthony Koo, Aric Cyr, Leo Li,
Alex Deucher, Sasha Levin
[ Upstream commit dcf1a988678e2e39ce2b4115b8ce14d208c8c481 ]
[Why]
AUX arbitration occurs between SW and FW components.
When AUX acquire fails, it causes engine->ddc to be NULL,
which leads to an exception when we try to release the AUX
engine.
[How]
When AUX engine acquire fails, it should return from the
function without trying to continue the operation.
The upper level will determine if it wants to retry.
i.e. dce_aux_transfer_with_retries will be used and retry.
Signed-off-by: Anthony Koo <Anthony.Koo@amd.com>
Reviewed-by: Aric Cyr <Aric.Cyr@amd.com>
Acked-by: Leo Li <sunpeng.li@amd.com>
Signed-off-by: Alex Deucher <alexander.deucher@amd.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/gpu/drm/amd/display/dc/dce/dce_aux.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/drivers/gpu/drm/amd/display/dc/dce/dce_aux.c b/drivers/gpu/drm/amd/display/dc/dce/dce_aux.c
index 4fe3664fb4950..5ecfcb9ee8a0c 100644
--- a/drivers/gpu/drm/amd/display/dc/dce/dce_aux.c
+++ b/drivers/gpu/drm/amd/display/dc/dce/dce_aux.c
@@ -377,7 +377,6 @@ static bool acquire(
struct dce_aux *engine,
struct ddc *ddc)
{
-
enum gpio_result result;
if (!is_engine_available(engine))
@@ -458,7 +457,8 @@ int dce_aux_transfer(struct ddc_service *ddc,
memset(&aux_rep, 0, sizeof(aux_rep));
aux_engine = ddc->ctx->dc->res_pool->engines[ddc_pin->pin_data->en];
- acquire(aux_engine, ddc_pin);
+ if (!acquire(aux_engine, ddc_pin))
+ return -1;
if (payload->i2c_over_aux)
aux_req.type = AUX_TRANSACTION_TYPE_I2C;
--
2.20.1
^ permalink raw reply related [flat|nested] 429+ messages in thread
* [PATCH 5.1 396/405] drm/amd/display: Reset planes that were disabled in init_pipes
2019-05-30 2:59 [PATCH 5.1 000/405] 5.1.6-stable review Greg Kroah-Hartman
` (394 preceding siblings ...)
2019-05-30 3:06 ` [PATCH 5.1 395/405] drm/amd/display: Fix exception from AUX acquire failure Greg Kroah-Hartman
@ 2019-05-30 3:06 ` Greg Kroah-Hartman
2019-05-30 3:06 ` [PATCH 5.1 397/405] drm/drv: Hold ref on parent device during drm_device lifetime Greg Kroah-Hartman
` (13 subsequent siblings)
409 siblings, 0 replies; 429+ messages in thread
From: Greg Kroah-Hartman @ 2019-05-30 3:06 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Nicholas Kazlauskas, Anthony Koo,
Harry Wentland, Leo Li, Alex Deucher, Sasha Levin
[ Upstream commit 4bc46da4a3aeeb4d55e83dd276cf72756e908286 ]
[Why]
Seamless boot tries to reuse planes that were enabled for the first
commit applied.
In the case where Raven is booting with two monitors connected and the
first commit contains two streams the screen corruption would occur
because the second stream was trying to re-use a tg and plane that
weren't previously enabled.
The state on the first commit looks something like the following:
TG0: enabled=1
TG1: enabled=0
TG2: enabled=0
TG3: enabled=0
New state: pipe=0, stream=0, plane=0, new_tg=0
New state: pipe=1, stream=1, plane=1, new_tg=1
New state: pipe=2, stream=NULL, plane=NULL, new_tg=NULL
New state: pipe=3, stream=NULL, plane=NULL, new_tg=NULL
Only one plane/tg is setup before we enter accelerated mode so
we really want to disabling everything but that first plane.
[How]
Check if the stream is not NULL and if the tg is enabled before
deciding whether to skip the plane disable.
Also ensure we're also disabling on the current state's pipe_ctx so
we don't overwrite the fields in the new pending state.
Signed-off-by: Nicholas Kazlauskas <nicholas.kazlauskas@amd.com>
Reviewed-by: Anthony Koo <Anthony.Koo@amd.com>
Acked-by: Harry Wentland <Harry.Wentland@amd.com>
Acked-by: Leo Li <sunpeng.li@amd.com>
Signed-off-by: Alex Deucher <alexander.deucher@amd.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/gpu/drm/amd/display/dc/dcn10/dcn10_hw_sequencer.c | 7 ++++++-
1 file changed, 6 insertions(+), 1 deletion(-)
diff --git a/drivers/gpu/drm/amd/display/dc/dcn10/dcn10_hw_sequencer.c b/drivers/gpu/drm/amd/display/dc/dcn10/dcn10_hw_sequencer.c
index 401ea9561618e..5b551a544e82d 100644
--- a/drivers/gpu/drm/amd/display/dc/dcn10/dcn10_hw_sequencer.c
+++ b/drivers/gpu/drm/amd/display/dc/dcn10/dcn10_hw_sequencer.c
@@ -1008,9 +1008,14 @@ static void dcn10_init_pipes(struct dc *dc, struct dc_state *context)
* to non-preferred front end. If pipe_ctx->stream is not NULL,
* we will use the pipe, so don't disable
*/
- if (pipe_ctx->stream != NULL)
+ if (pipe_ctx->stream != NULL &&
+ pipe_ctx->stream_res.tg->funcs->is_tg_enabled(
+ pipe_ctx->stream_res.tg))
continue;
+ /* Disable on the current state so the new one isn't cleared. */
+ pipe_ctx = &dc->current_state->res_ctx.pipe_ctx[i];
+
dpp->funcs->dpp_reset(dpp);
pipe_ctx->stream_res.tg = tg;
--
2.20.1
^ permalink raw reply related [flat|nested] 429+ messages in thread
* [PATCH 5.1 397/405] drm/drv: Hold ref on parent device during drm_device lifetime
2019-05-30 2:59 [PATCH 5.1 000/405] 5.1.6-stable review Greg Kroah-Hartman
` (395 preceding siblings ...)
2019-05-30 3:06 ` [PATCH 5.1 396/405] drm/amd/display: Reset planes that were disabled in init_pipes Greg Kroah-Hartman
@ 2019-05-30 3:06 ` Greg Kroah-Hartman
2019-05-30 3:06 ` [PATCH 5.1 398/405] drm: Wake up next in drm_read() chain if we are forced to putback the event Greg Kroah-Hartman
` (12 subsequent siblings)
409 siblings, 0 replies; 429+ messages in thread
From: Greg Kroah-Hartman @ 2019-05-30 3:06 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Noralf Trønnes, Gerd Hoffmann,
Sasha Levin
[ Upstream commit 56be6503aab2bc3a30beae408071b9be5e1bae51 ]
This makes it safe to access drm_device->dev after the parent device has
been removed/unplugged.
Signed-off-by: Noralf Trønnes <noralf@tronnes.org>
Reviewed-by: Gerd Hoffmann <kraxel@redhat.com>
Link: https://patchwork.freedesktop.org/patch/msgid/20190225144232.20761-2-noralf@tronnes.org
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/gpu/drm/drm_drv.c | 5 ++++-
1 file changed, 4 insertions(+), 1 deletion(-)
diff --git a/drivers/gpu/drm/drm_drv.c b/drivers/gpu/drm/drm_drv.c
index 05bbc2b622fc1..04aa6ccdfb242 100644
--- a/drivers/gpu/drm/drm_drv.c
+++ b/drivers/gpu/drm/drm_drv.c
@@ -497,7 +497,7 @@ int drm_dev_init(struct drm_device *dev,
BUG_ON(!parent);
kref_init(&dev->ref);
- dev->dev = parent;
+ dev->dev = get_device(parent);
dev->driver = driver;
/* no per-device feature limits by default */
@@ -567,6 +567,7 @@ int drm_dev_init(struct drm_device *dev,
drm_minor_free(dev, DRM_MINOR_RENDER);
drm_fs_inode_free(dev->anon_inode);
err_free:
+ put_device(dev->dev);
mutex_destroy(&dev->master_mutex);
mutex_destroy(&dev->ctxlist_mutex);
mutex_destroy(&dev->clientlist_mutex);
@@ -602,6 +603,8 @@ void drm_dev_fini(struct drm_device *dev)
drm_minor_free(dev, DRM_MINOR_PRIMARY);
drm_minor_free(dev, DRM_MINOR_RENDER);
+ put_device(dev->dev);
+
mutex_destroy(&dev->master_mutex);
mutex_destroy(&dev->ctxlist_mutex);
mutex_destroy(&dev->clientlist_mutex);
--
2.20.1
^ permalink raw reply related [flat|nested] 429+ messages in thread
* [PATCH 5.1 398/405] drm: Wake up next in drm_read() chain if we are forced to putback the event
2019-05-30 2:59 [PATCH 5.1 000/405] 5.1.6-stable review Greg Kroah-Hartman
` (396 preceding siblings ...)
2019-05-30 3:06 ` [PATCH 5.1 397/405] drm/drv: Hold ref on parent device during drm_device lifetime Greg Kroah-Hartman
@ 2019-05-30 3:06 ` Greg Kroah-Hartman
2019-05-30 3:06 ` [PATCH 5.1 399/405] drm/sun4i: dsi: Change the start delay calculation Greg Kroah-Hartman
` (11 subsequent siblings)
409 siblings, 0 replies; 429+ messages in thread
From: Greg Kroah-Hartman @ 2019-05-30 3:06 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Chris Wilson, Daniel Vetter,
Ville Syrjälä,
Sasha Levin
[ Upstream commit 60b801999c48b6c1dd04e653a38e2e613664264e ]
After an event is sent, we try to copy it into the user buffer of the
first waiter in drm_read() and if the user buffer doesn't have enough
room we put it back onto the list. However, we didn't wake up any
subsequent waiter, so that event may sit on the list until either a new
vblank event is sent or a new waiter appears. Rare, but in the worst
case may lead to a stuck process.
Testcase: igt/drm_read/short-buffer-wakeup
Signed-off-by: Chris Wilson <chris@chris-wilson.co.uk>
Cc: Daniel Vetter <daniel.vetter@ffwll.ch>
Reviewed-by: Ville Syrjälä <ville.syrjala@linux.intel.com>
Link: https://patchwork.freedesktop.org/patch/msgid/20170804082328.17173-1-chris@chris-wilson.co.uk
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/gpu/drm/drm_file.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/drivers/gpu/drm/drm_file.c b/drivers/gpu/drm/drm_file.c
index 7caa3c7ed9789..9701469a6e933 100644
--- a/drivers/gpu/drm/drm_file.c
+++ b/drivers/gpu/drm/drm_file.c
@@ -577,6 +577,7 @@ ssize_t drm_read(struct file *filp, char __user *buffer,
file_priv->event_space -= length;
list_add(&e->link, &file_priv->event_list);
spin_unlock_irq(&dev->event_lock);
+ wake_up_interruptible(&file_priv->event_wait);
break;
}
--
2.20.1
^ permalink raw reply related [flat|nested] 429+ messages in thread
* [PATCH 5.1 399/405] drm/sun4i: dsi: Change the start delay calculation
2019-05-30 2:59 [PATCH 5.1 000/405] 5.1.6-stable review Greg Kroah-Hartman
` (397 preceding siblings ...)
2019-05-30 3:06 ` [PATCH 5.1 398/405] drm: Wake up next in drm_read() chain if we are forced to putback the event Greg Kroah-Hartman
@ 2019-05-30 3:06 ` Greg Kroah-Hartman
2019-05-30 3:06 ` [PATCH 5.1 400/405] drm/sun4i: dsi: Restrict DSI tcon clock divider Greg Kroah-Hartman
` (10 subsequent siblings)
409 siblings, 0 replies; 429+ messages in thread
From: Greg Kroah-Hartman @ 2019-05-30 3:06 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Paul Kocialkowski, Maxime Ripard,
Sasha Levin
[ Upstream commit da676c6aa6413d59ab0a80c97bbc273025e640b2 ]
The current calculation for the video start delay in the current DSI driver
is that it is the total vertical size, minus the front porch and sync length,
plus 1. This equals to the active vertical size plus the back porch plus 1.
That 1 is coming in the Allwinner BSP from an variable that is set to 1.
However, if we look at the Allwinner BSP more closely, and especially in
the "legacy" code for the display (in drivers/video/sunxi/legacy/), we can
see that this variable is actually computed from the porches and the sync
minus 10, clamped between 8 and 100.
This fixes the start delay symptom we've seen on some panels (vblank
timeouts with vertical white stripes at the bottom of the panel).
Reviewed-by: Paul Kocialkowski <paul.kocialkowski@bootlin.com>
Signed-off-by: Maxime Ripard <maxime.ripard@bootlin.com>
Link: https://patchwork.freedesktop.org/patch/msgid/6e5f72e68f47ca0223877464bf12f0c3f3978de8.1549896081.git-series.maxime.ripard@bootlin.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/gpu/drm/sun4i/sun6i_mipi_dsi.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/drivers/gpu/drm/sun4i/sun6i_mipi_dsi.c b/drivers/gpu/drm/sun4i/sun6i_mipi_dsi.c
index 318994cd1b851..25d8cb9f92661 100644
--- a/drivers/gpu/drm/sun4i/sun6i_mipi_dsi.c
+++ b/drivers/gpu/drm/sun4i/sun6i_mipi_dsi.c
@@ -358,7 +358,9 @@ static void sun6i_dsi_inst_init(struct sun6i_dsi *dsi,
static u16 sun6i_dsi_get_video_start_delay(struct sun6i_dsi *dsi,
struct drm_display_mode *mode)
{
- return mode->vtotal - (mode->vsync_end - mode->vdisplay) + 1;
+ u16 start = clamp(mode->vtotal - mode->vdisplay - 10, 8, 100);
+
+ return mode->vtotal - (mode->vsync_end - mode->vdisplay) + start;
}
static void sun6i_dsi_setup_burst(struct sun6i_dsi *dsi,
--
2.20.1
^ permalink raw reply related [flat|nested] 429+ messages in thread
* [PATCH 5.1 400/405] drm/sun4i: dsi: Restrict DSI tcon clock divider
2019-05-30 2:59 [PATCH 5.1 000/405] 5.1.6-stable review Greg Kroah-Hartman
` (398 preceding siblings ...)
2019-05-30 3:06 ` [PATCH 5.1 399/405] drm/sun4i: dsi: Change the start delay calculation Greg Kroah-Hartman
@ 2019-05-30 3:06 ` Greg Kroah-Hartman
2019-05-30 3:06 ` [PATCH 5.1 401/405] vfio-ccw: Prevent quiesce function going into an infinite loop Greg Kroah-Hartman
` (9 subsequent siblings)
409 siblings, 0 replies; 429+ messages in thread
From: Greg Kroah-Hartman @ 2019-05-30 3:06 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Paul Kocialkowski, Maxime Ripard,
Sasha Levin
[ Upstream commit 85fb352666732a9e5caf6027b9c253b3d7881d8f ]
The current code allows the TCON clock divider to have a range between 4
and 127 when feeding the DSI controller.
The only display supported so far had a display clock rate that ended up
using a divider of 4, but testing with other displays show that only 4
seems to be functional.
This also aligns with what Allwinner is doing in their BSP, so let's just
hardcode that we want a divider of 4 when using the DSI output.
Reviewed-by: Paul Kocialkowski <paul.kocialkowski@bootlin.com>
Signed-off-by: Maxime Ripard <maxime.ripard@bootlin.com>
Link: https://patchwork.freedesktop.org/patch/msgid/074e88ae472f5e0492e26939c74b44fb4125ffbd.1549896081.git-series.maxime.ripard@bootlin.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/gpu/drm/sun4i/sun4i_tcon.c | 4 ++--
drivers/gpu/drm/sun4i/sun6i_mipi_dsi.h | 2 ++
2 files changed, 4 insertions(+), 2 deletions(-)
diff --git a/drivers/gpu/drm/sun4i/sun4i_tcon.c b/drivers/gpu/drm/sun4i/sun4i_tcon.c
index 7136fc91c6036..e75f77ff8e0fc 100644
--- a/drivers/gpu/drm/sun4i/sun4i_tcon.c
+++ b/drivers/gpu/drm/sun4i/sun4i_tcon.c
@@ -341,8 +341,8 @@ static void sun4i_tcon0_mode_set_cpu(struct sun4i_tcon *tcon,
u32 block_space, start_delay;
u32 tcon_div;
- tcon->dclk_min_div = 4;
- tcon->dclk_max_div = 127;
+ tcon->dclk_min_div = SUN6I_DSI_TCON_DIV;
+ tcon->dclk_max_div = SUN6I_DSI_TCON_DIV;
sun4i_tcon0_mode_set_common(tcon, mode);
diff --git a/drivers/gpu/drm/sun4i/sun6i_mipi_dsi.h b/drivers/gpu/drm/sun4i/sun6i_mipi_dsi.h
index a07090579f84b..5c3ad5be06901 100644
--- a/drivers/gpu/drm/sun4i/sun6i_mipi_dsi.h
+++ b/drivers/gpu/drm/sun4i/sun6i_mipi_dsi.h
@@ -13,6 +13,8 @@
#include <drm/drm_encoder.h>
#include <drm/drm_mipi_dsi.h>
+#define SUN6I_DSI_TCON_DIV 4
+
struct sun6i_dsi {
struct drm_connector connector;
struct drm_encoder encoder;
--
2.20.1
^ permalink raw reply related [flat|nested] 429+ messages in thread
* [PATCH 5.1 401/405] vfio-ccw: Prevent quiesce function going into an infinite loop
2019-05-30 2:59 [PATCH 5.1 000/405] 5.1.6-stable review Greg Kroah-Hartman
` (399 preceding siblings ...)
2019-05-30 3:06 ` [PATCH 5.1 400/405] drm/sun4i: dsi: Restrict DSI tcon clock divider Greg Kroah-Hartman
@ 2019-05-30 3:06 ` Greg Kroah-Hartman
2019-05-30 3:06 ` [PATCH 5.1 402/405] extcon: axp288: Add a depends on ACPI to the Kconfig entry Greg Kroah-Hartman
` (8 subsequent siblings)
409 siblings, 0 replies; 429+ messages in thread
From: Greg Kroah-Hartman @ 2019-05-30 3:06 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Eric Farman, Farhan Ali, Halil Pasic,
Cornelia Huck, Sasha Levin
[ Upstream commit d1ffa760d22aa1d8190478e5ef555c59a771db27 ]
The quiesce function calls cio_cancel_halt_clear() and if we
get an -EBUSY we go into a loop where we:
- wait for any interrupts
- flush all I/O in the workqueue
- retry cio_cancel_halt_clear
During the period where we are waiting for interrupts or
flushing all I/O, the channel subsystem could have completed
a halt/clear action and turned off the corresponding activity
control bits in the subchannel status word. This means the next
time we call cio_cancel_halt_clear(), we will again start by
calling cancel subchannel and so we can be stuck between calling
cancel and halt forever.
Rather than calling cio_cancel_halt_clear() immediately after
waiting, let's try to disable the subchannel. If we succeed in
disabling the subchannel then we know nothing else can happen
with the device.
Suggested-by: Eric Farman <farman@linux.ibm.com>
Signed-off-by: Farhan Ali <alifm@linux.ibm.com>
Message-Id: <4d5a4b98ab1b41ac6131b5c36de18b76c5d66898.1555449329.git.alifm@linux.ibm.com>
Reviewed-by: Eric Farman <farman@linux.ibm.com>
Acked-by: Halil Pasic <pasic@linux.ibm.com>
Signed-off-by: Cornelia Huck <cohuck@redhat.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/s390/cio/vfio_ccw_drv.c | 32 ++++++++++++++++++--------------
1 file changed, 18 insertions(+), 14 deletions(-)
diff --git a/drivers/s390/cio/vfio_ccw_drv.c b/drivers/s390/cio/vfio_ccw_drv.c
index 64bb121ba5987..9e84d8a971ad9 100644
--- a/drivers/s390/cio/vfio_ccw_drv.c
+++ b/drivers/s390/cio/vfio_ccw_drv.c
@@ -40,26 +40,30 @@ int vfio_ccw_sch_quiesce(struct subchannel *sch)
if (ret != -EBUSY)
goto out_unlock;
+ iretry = 255;
do {
- iretry = 255;
ret = cio_cancel_halt_clear(sch, &iretry);
- while (ret == -EBUSY) {
- /*
- * Flush all I/O and wait for
- * cancel/halt/clear completion.
- */
- private->completion = &completion;
- spin_unlock_irq(sch->lock);
- wait_for_completion_timeout(&completion, 3*HZ);
+ if (ret == -EIO) {
+ pr_err("vfio_ccw: could not quiesce subchannel 0.%x.%04x!\n",
+ sch->schid.ssid, sch->schid.sch_no);
+ break;
+ }
+
+ /*
+ * Flush all I/O and wait for
+ * cancel/halt/clear completion.
+ */
+ private->completion = &completion;
+ spin_unlock_irq(sch->lock);
- private->completion = NULL;
- flush_workqueue(vfio_ccw_work_q);
- spin_lock_irq(sch->lock);
- ret = cio_cancel_halt_clear(sch, &iretry);
- };
+ if (ret == -EBUSY)
+ wait_for_completion_timeout(&completion, 3*HZ);
+ private->completion = NULL;
+ flush_workqueue(vfio_ccw_work_q);
+ spin_lock_irq(sch->lock);
ret = cio_disable_subchannel(sch);
} while (ret == -EBUSY);
out_unlock:
--
2.20.1
^ permalink raw reply related [flat|nested] 429+ messages in thread
* [PATCH 5.1 402/405] extcon: axp288: Add a depends on ACPI to the Kconfig entry
2019-05-30 2:59 [PATCH 5.1 000/405] 5.1.6-stable review Greg Kroah-Hartman
` (400 preceding siblings ...)
2019-05-30 3:06 ` [PATCH 5.1 401/405] vfio-ccw: Prevent quiesce function going into an infinite loop Greg Kroah-Hartman
@ 2019-05-30 3:06 ` Greg Kroah-Hartman
2019-05-30 3:06 ` [PATCH 5.1 403/405] ice: Put __ICE_PREPARED_FOR_RESET check in ice_prepare_for_reset Greg Kroah-Hartman
` (7 subsequent siblings)
409 siblings, 0 replies; 429+ messages in thread
From: Greg Kroah-Hartman @ 2019-05-30 3:06 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Hulk Robot, Hans de Goede,
YueHaibing, Mukesh Ojha, Chanwoo Choi, Sasha Levin
[ Upstream commit fa3c098c2d52a268f6372fa053932e11f50cecb1 ]
As Hans de Goede pointed, using this driver without ACPI
makes little sense, so add ACPI dependency to Kconfig entry
to fix a build error while CONFIG_ACPI is not set.
drivers/extcon/extcon-axp288.c: In function 'axp288_extcon_probe':
drivers/extcon/extcon-axp288.c:363:20: error: dereferencing pointer to incomplete type
put_device(&adev->dev);
Fixes: 0cf064db948a ("extcon: axp288: Convert to use acpi_dev_get_first_match_dev()")
Reported-by: Hulk Robot <hulkci@huawei.com>
Suggested-by: Hans de Goede <hdegoede@redhat.com>
Signed-off-by: YueHaibing <yuehaibing@huawei.com>
Reviewed-by: Hans de Goede <hdegoede@redhat.com>
Reviewed-by: Mukesh Ojha <mojha@codeaurora.org>
Signed-off-by: Chanwoo Choi <cw00.choi@samsung.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/extcon/Kconfig | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/extcon/Kconfig b/drivers/extcon/Kconfig
index 540e8cd16ee6e..db3bcf96b98fb 100644
--- a/drivers/extcon/Kconfig
+++ b/drivers/extcon/Kconfig
@@ -30,7 +30,7 @@ config EXTCON_ARIZONA
config EXTCON_AXP288
tristate "X-Power AXP288 EXTCON support"
- depends on MFD_AXP20X && USB_SUPPORT && X86
+ depends on MFD_AXP20X && USB_SUPPORT && X86 && ACPI
select USB_ROLE_SWITCH
help
Say Y here to enable support for USB peripheral detection
--
2.20.1
^ permalink raw reply related [flat|nested] 429+ messages in thread
* [PATCH 5.1 403/405] ice: Put __ICE_PREPARED_FOR_RESET check in ice_prepare_for_reset
2019-05-30 2:59 [PATCH 5.1 000/405] 5.1.6-stable review Greg Kroah-Hartman
` (401 preceding siblings ...)
2019-05-30 3:06 ` [PATCH 5.1 402/405] extcon: axp288: Add a depends on ACPI to the Kconfig entry Greg Kroah-Hartman
@ 2019-05-30 3:06 ` Greg Kroah-Hartman
2019-05-30 3:06 ` [PATCH 5.1 404/405] drm/sun4i: dsi: Enforce boundaries on the start delay Greg Kroah-Hartman
` (6 subsequent siblings)
409 siblings, 0 replies; 429+ messages in thread
From: Greg Kroah-Hartman @ 2019-05-30 3:06 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Brett Creeley,
Anirudh Venkataramanan, Andrew Bowers, Jeff Kirsher, Sasha Levin
[ Upstream commit 5abac9d7e1bb9a373673811154774d4c89a7f85e ]
Currently we check if the __ICE_PREPARED_FOR_RESET bit is set prior to
calling ice_prepare_for_reset in ice_reset_subtask(), but we aren't
checking that bit in ice_do_reset() before calling
ice_prepare_for_reset(). This is not consistent and can cause issues if
ice_prepare_for_reset() is called prior to ice_do_reset(). Fix this by
checking if the __ICE_PREPARED_FOR_RESET bit is set internal to
ice_prepare_for_reset().
Signed-off-by: Brett Creeley <brett.creeley@intel.com>
Signed-off-by: Anirudh Venkataramanan <anirudh.venkataramanan@intel.com>
Tested-by: Andrew Bowers <andrewx.bowers@intel.com>
Signed-off-by: Jeff Kirsher <jeffrey.t.kirsher@intel.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/ethernet/intel/ice/ice_main.c | 7 +++++--
1 file changed, 5 insertions(+), 2 deletions(-)
diff --git a/drivers/net/ethernet/intel/ice/ice_main.c b/drivers/net/ethernet/intel/ice/ice_main.c
index ba9f88cd138de..6ec73864019c0 100644
--- a/drivers/net/ethernet/intel/ice/ice_main.c
+++ b/drivers/net/ethernet/intel/ice/ice_main.c
@@ -342,6 +342,10 @@ ice_prepare_for_reset(struct ice_pf *pf)
{
struct ice_hw *hw = &pf->hw;
+ /* already prepared for reset */
+ if (test_bit(__ICE_PREPARED_FOR_RESET, pf->state))
+ return;
+
/* Notify VFs of impending reset */
if (ice_check_sq_alive(hw, &hw->mailboxq))
ice_vc_notify_reset(pf);
@@ -424,8 +428,7 @@ static void ice_reset_subtask(struct ice_pf *pf)
/* return if no valid reset type requested */
if (reset_type == ICE_RESET_INVAL)
return;
- if (!test_bit(__ICE_PREPARED_FOR_RESET, pf->state))
- ice_prepare_for_reset(pf);
+ ice_prepare_for_reset(pf);
/* make sure we are ready to rebuild */
if (ice_check_reset(&pf->hw)) {
--
2.20.1
^ permalink raw reply related [flat|nested] 429+ messages in thread
* [PATCH 5.1 404/405] drm/sun4i: dsi: Enforce boundaries on the start delay
2019-05-30 2:59 [PATCH 5.1 000/405] 5.1.6-stable review Greg Kroah-Hartman
` (402 preceding siblings ...)
2019-05-30 3:06 ` [PATCH 5.1 403/405] ice: Put __ICE_PREPARED_FOR_RESET check in ice_prepare_for_reset Greg Kroah-Hartman
@ 2019-05-30 3:06 ` Greg Kroah-Hartman
2019-05-30 3:06 ` [PATCH 5.1 405/405] NFS: Fix a double unlock from nfs_match,get_client Greg Kroah-Hartman
` (5 subsequent siblings)
409 siblings, 0 replies; 429+ messages in thread
From: Greg Kroah-Hartman @ 2019-05-30 3:06 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Maxime Ripard, Paul Kocialkowski,
Sasha Levin
[ Upstream commit efa31801203ac2f5c6a82a28cb991c7163ee0f1d ]
The Allwinner BSP makes sure that we don't end up with a null start delay
or with a delay larger than vtotal.
The former condition is likely to happen now with the reworked start delay,
so make sure we enforce the same boundaries.
Signed-off-by: Maxime Ripard <maxime.ripard@bootlin.com>
Reviewed-by: Paul Kocialkowski <paul.kocialkowski@bootlin.com>
Link: https://patchwork.freedesktop.org/patch/msgid/c9889cf5f7a3d101ef380905900b45a182596f56.1549896081.git-series.maxime.ripard@bootlin.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/gpu/drm/sun4i/sun6i_mipi_dsi.c | 6 +++++-
1 file changed, 5 insertions(+), 1 deletion(-)
diff --git a/drivers/gpu/drm/sun4i/sun6i_mipi_dsi.c b/drivers/gpu/drm/sun4i/sun6i_mipi_dsi.c
index 25d8cb9f92661..869e0aedf3434 100644
--- a/drivers/gpu/drm/sun4i/sun6i_mipi_dsi.c
+++ b/drivers/gpu/drm/sun4i/sun6i_mipi_dsi.c
@@ -359,8 +359,12 @@ static u16 sun6i_dsi_get_video_start_delay(struct sun6i_dsi *dsi,
struct drm_display_mode *mode)
{
u16 start = clamp(mode->vtotal - mode->vdisplay - 10, 8, 100);
+ u16 delay = mode->vtotal - (mode->vsync_end - mode->vdisplay) + start;
- return mode->vtotal - (mode->vsync_end - mode->vdisplay) + start;
+ if (delay > mode->vtotal)
+ delay = delay % mode->vtotal;
+
+ return max_t(u16, delay, 1);
}
static void sun6i_dsi_setup_burst(struct sun6i_dsi *dsi,
--
2.20.1
^ permalink raw reply related [flat|nested] 429+ messages in thread
* [PATCH 5.1 405/405] NFS: Fix a double unlock from nfs_match,get_client
2019-05-30 2:59 [PATCH 5.1 000/405] 5.1.6-stable review Greg Kroah-Hartman
` (403 preceding siblings ...)
2019-05-30 3:06 ` [PATCH 5.1 404/405] drm/sun4i: dsi: Enforce boundaries on the start delay Greg Kroah-Hartman
@ 2019-05-30 3:06 ` Greg Kroah-Hartman
2019-05-30 7:09 ` [PATCH 5.1 000/405] 5.1.6-stable review kernelci.org bot
` (4 subsequent siblings)
409 siblings, 0 replies; 429+ messages in thread
From: Greg Kroah-Hartman @ 2019-05-30 3:06 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, syzbot+228a82b263b5da91883d,
Benjamin Coddington, Anna Schumaker, Sasha Levin
[ Upstream commit c260121a97a3e4df6536edbc2f26e166eff370ce ]
Now that nfs_match_client drops the nfs_client_lock, we should be
careful
to always return it in the same condition: locked.
Fixes: 950a578c6128 ("NFS: make nfs_match_client killable")
Reported-by: syzbot+228a82b263b5da91883d@syzkaller.appspotmail.com
Signed-off-by: Benjamin Coddington <bcodding@redhat.com>
Signed-off-by: Anna Schumaker <Anna.Schumaker@Netapp.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
fs/nfs/client.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/fs/nfs/client.c b/fs/nfs/client.c
index 350cfa561e0e8..dfb796eab9121 100644
--- a/fs/nfs/client.c
+++ b/fs/nfs/client.c
@@ -299,9 +299,9 @@ static struct nfs_client *nfs_match_client(const struct nfs_client_initdata *dat
spin_unlock(&nn->nfs_client_lock);
error = nfs_wait_client_init_complete(clp);
nfs_put_client(clp);
+ spin_lock(&nn->nfs_client_lock);
if (error < 0)
return ERR_PTR(error);
- spin_lock(&nn->nfs_client_lock);
goto again;
}
--
2.20.1
^ permalink raw reply related [flat|nested] 429+ messages in thread
* Re: [PATCH 5.1 000/405] 5.1.6-stable review
2019-05-30 2:59 [PATCH 5.1 000/405] 5.1.6-stable review Greg Kroah-Hartman
` (404 preceding siblings ...)
2019-05-30 3:06 ` [PATCH 5.1 405/405] NFS: Fix a double unlock from nfs_match,get_client Greg Kroah-Hartman
@ 2019-05-30 7:09 ` kernelci.org bot
2019-05-30 13:23 ` Jon Hunter
` (3 subsequent siblings)
409 siblings, 0 replies; 429+ messages in thread
From: kernelci.org bot @ 2019-05-30 7:09 UTC (permalink / raw)
To: Greg Kroah-Hartman, linux-kernel
Cc: Greg Kroah-Hartman, torvalds, akpm, linux, shuah, patches,
ben.hutchings, lkft-triage, stable
stable-rc/linux-5.1.y boot: 125 boots: 1 failed, 122 passed with 2 untried/unknown (v5.1.5-406-ge151dd0525b9)
Full Boot Summary: https://kernelci.org/boot/all/job/stable-rc/branch/linux-5.1.y/kernel/v5.1.5-406-ge151dd0525b9/
Full Build Summary: https://kernelci.org/build/stable-rc/branch/linux-5.1.y/kernel/v5.1.5-406-ge151dd0525b9/
Tree: stable-rc
Branch: linux-5.1.y
Git Describe: v5.1.5-406-ge151dd0525b9
Git Commit: e151dd0525b9aaeac84987d2790c30d8a89ae274
Git URL: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git
Tested: 69 unique boards, 22 SoC families, 14 builds out of 209
Boot Failure Detected:
arm:
multi_v7_defconfig:
gcc-8:
bcm4708-smartrg-sr400ac: 1 failed lab
---
For more info write to <info@kernelci.org>
^ permalink raw reply [flat|nested] 429+ messages in thread
* Re: [PATCH 5.1 000/405] 5.1.6-stable review
2019-05-30 2:59 [PATCH 5.1 000/405] 5.1.6-stable review Greg Kroah-Hartman
@ 2019-05-30 13:23 ` Jon Hunter
2019-05-30 3:00 ` [PATCH 5.1 002/405] ext4: do not delete unlinked inode from orphan list on failed truncate Greg Kroah-Hartman
` (408 subsequent siblings)
409 siblings, 0 replies; 429+ messages in thread
From: Jon Hunter @ 2019-05-30 13:23 UTC (permalink / raw)
To: Greg Kroah-Hartman, linux-kernel
Cc: torvalds, akpm, linux, shuah, patches, ben.hutchings,
lkft-triage, stable, linux-tegra
On 30/05/2019 03:59, Greg Kroah-Hartman wrote:
> This is the start of the stable review cycle for the 5.1.6 release.
> There are 405 patches in this series, all will be posted as a response
> to this one. If anyone has any issues with these being applied, please
> let me know.
>
> Responses should be made by Sat 01 Jun 2019 03:01:59 AM UTC.
> Anything received after that time might be too late.
>
> The whole patch series can be found in one patch at:
> https://www.kernel.org/pub/linux/kernel/v5.x/stable-review/patch-5.1.6-rc1.gz
> or in the git tree and branch at:
> git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-5.1.y
> and the diffstat can be found below.
>
> thanks,
>
> greg k-h
All tests are passing for Tegra ...
Test results for stable-v5.1:
12 builds: 12 pass, 0 fail
22 boots: 22 pass, 0 fail
32 tests: 32 pass, 0 fail
Linux version: 5.1.6-rc1-g6df8e06
Boards tested: tegra124-jetson-tk1, tegra186-p2771-0000,
tegra194-p2972-0000, tegra20-ventana,
tegra210-p2371-2180, tegra30-cardhu-a04
Cheers
Jon
--
nvpublic
^ permalink raw reply [flat|nested] 429+ messages in thread
* Re: [PATCH 5.1 000/405] 5.1.6-stable review
@ 2019-05-30 13:23 ` Jon Hunter
0 siblings, 0 replies; 429+ messages in thread
From: Jon Hunter @ 2019-05-30 13:23 UTC (permalink / raw)
To: Greg Kroah-Hartman, linux-kernel
Cc: torvalds, akpm, linux, shuah, patches, ben.hutchings,
lkft-triage, stable, linux-tegra
On 30/05/2019 03:59, Greg Kroah-Hartman wrote:
> This is the start of the stable review cycle for the 5.1.6 release.
> There are 405 patches in this series, all will be posted as a response
> to this one. If anyone has any issues with these being applied, please
> let me know.
>
> Responses should be made by Sat 01 Jun 2019 03:01:59 AM UTC.
> Anything received after that time might be too late.
>
> The whole patch series can be found in one patch at:
> https://www.kernel.org/pub/linux/kernel/v5.x/stable-review/patch-5.1.6-rc1.gz
> or in the git tree and branch at:
> git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-5.1.y
> and the diffstat can be found below.
>
> thanks,
>
> greg k-h
All tests are passing for Tegra ...
Test results for stable-v5.1:
12 builds: 12 pass, 0 fail
22 boots: 22 pass, 0 fail
32 tests: 32 pass, 0 fail
Linux version: 5.1.6-rc1-g6df8e06
Boards tested: tegra124-jetson-tk1, tegra186-p2771-0000,
tegra194-p2972-0000, tegra20-ventana,
tegra210-p2371-2180, tegra30-cardhu-a04
Cheers
Jon
--
nvpublic
^ permalink raw reply [flat|nested] 429+ messages in thread
* Re: [PATCH 5.1 000/405] 5.1.6-stable review
2019-05-30 13:23 ` Jon Hunter
(?)
@ 2019-05-30 13:32 ` Greg Kroah-Hartman
-1 siblings, 0 replies; 429+ messages in thread
From: Greg Kroah-Hartman @ 2019-05-30 13:32 UTC (permalink / raw)
To: Jon Hunter
Cc: linux-kernel, torvalds, akpm, linux, shuah, patches,
ben.hutchings, lkft-triage, stable, linux-tegra
On Thu, May 30, 2019 at 02:23:11PM +0100, Jon Hunter wrote:
>
> On 30/05/2019 03:59, Greg Kroah-Hartman wrote:
> > This is the start of the stable review cycle for the 5.1.6 release.
> > There are 405 patches in this series, all will be posted as a response
> > to this one. If anyone has any issues with these being applied, please
> > let me know.
> >
> > Responses should be made by Sat 01 Jun 2019 03:01:59 AM UTC.
> > Anything received after that time might be too late.
> >
> > The whole patch series can be found in one patch at:
> > https://www.kernel.org/pub/linux/kernel/v5.x/stable-review/patch-5.1.6-rc1.gz
> > or in the git tree and branch at:
> > git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-5.1.y
> > and the diffstat can be found below.
> >
> > thanks,
> >
> > greg k-h
>
> All tests are passing for Tegra ...
>
> Test results for stable-v5.1:
> 12 builds: 12 pass, 0 fail
> 22 boots: 22 pass, 0 fail
> 32 tests: 32 pass, 0 fail
>
> Linux version: 5.1.6-rc1-g6df8e06
> Boards tested: tegra124-jetson-tk1, tegra186-p2771-0000,
> tegra194-p2972-0000, tegra20-ventana,
> tegra210-p2371-2180, tegra30-cardhu-a04
>
Wonderful, thanks for testing all of these and letting me know.
greg k-h
^ permalink raw reply [flat|nested] 429+ messages in thread
* Re: [PATCH 5.1 000/405] 5.1.6-stable review
2019-05-30 2:59 [PATCH 5.1 000/405] 5.1.6-stable review Greg Kroah-Hartman
` (406 preceding siblings ...)
2019-05-30 13:23 ` Jon Hunter
@ 2019-05-30 18:35 ` Guenter Roeck
2019-05-30 20:18 ` Greg Kroah-Hartman
2019-05-30 19:30 ` shuah
2019-05-31 14:16 ` Dan Rue
409 siblings, 1 reply; 429+ messages in thread
From: Guenter Roeck @ 2019-05-30 18:35 UTC (permalink / raw)
To: Greg Kroah-Hartman
Cc: linux-kernel, torvalds, akpm, shuah, patches, ben.hutchings,
lkft-triage, stable
On Wed, May 29, 2019 at 07:59:58PM -0700, Greg Kroah-Hartman wrote:
> This is the start of the stable review cycle for the 5.1.6 release.
> There are 405 patches in this series, all will be posted as a response
> to this one. If anyone has any issues with these being applied, please
> let me know.
>
> Responses should be made by Sat 01 Jun 2019 03:01:59 AM UTC.
> Anything received after that time might be too late.
>
Build results:
total: 159 pass: 159 fail: 0
Qemu test results:
total: 349 pass: 349 fail: 0
Guenter
^ permalink raw reply [flat|nested] 429+ messages in thread
* Re: [PATCH 5.1 000/405] 5.1.6-stable review
2019-05-30 2:59 [PATCH 5.1 000/405] 5.1.6-stable review Greg Kroah-Hartman
` (407 preceding siblings ...)
2019-05-30 18:35 ` Guenter Roeck
@ 2019-05-30 19:30 ` shuah
2019-05-30 20:18 ` Greg Kroah-Hartman
2019-05-31 14:16 ` Dan Rue
409 siblings, 1 reply; 429+ messages in thread
From: shuah @ 2019-05-30 19:30 UTC (permalink / raw)
To: Greg Kroah-Hartman, linux-kernel
Cc: torvalds, akpm, linux, patches, ben.hutchings, lkft-triage,
stable, shuah
On 5/29/19 8:59 PM, Greg Kroah-Hartman wrote:
> This is the start of the stable review cycle for the 5.1.6 release.
> There are 405 patches in this series, all will be posted as a response
> to this one. If anyone has any issues with these being applied, please
> let me know.
>
> Responses should be made by Sat 01 Jun 2019 03:01:59 AM UTC.
> Anything received after that time might be too late.
>
> The whole patch series can be found in one patch at:
> https://www.kernel.org/pub/linux/kernel/v5.x/stable-review/patch-5.1.6-rc1.gz
> or in the git tree and branch at:
> git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-5.1.y
> and the diffstat can be found below.
>
> thanks,
>
> greg k-h
>
Compiled and booted on my test system. No dmesg regressions.
thanks,
-- Shuah
^ permalink raw reply [flat|nested] 429+ messages in thread
* Re: [PATCH 5.1 000/405] 5.1.6-stable review
2019-05-30 19:30 ` shuah
@ 2019-05-30 20:18 ` Greg Kroah-Hartman
0 siblings, 0 replies; 429+ messages in thread
From: Greg Kroah-Hartman @ 2019-05-30 20:18 UTC (permalink / raw)
To: shuah
Cc: linux-kernel, torvalds, akpm, linux, patches, ben.hutchings,
lkft-triage, stable
On Thu, May 30, 2019 at 01:30:22PM -0600, shuah wrote:
> On 5/29/19 8:59 PM, Greg Kroah-Hartman wrote:
> > This is the start of the stable review cycle for the 5.1.6 release.
> > There are 405 patches in this series, all will be posted as a response
> > to this one. If anyone has any issues with these being applied, please
> > let me know.
> >
> > Responses should be made by Sat 01 Jun 2019 03:01:59 AM UTC.
> > Anything received after that time might be too late.
> >
> > The whole patch series can be found in one patch at:
> > https://www.kernel.org/pub/linux/kernel/v5.x/stable-review/patch-5.1.6-rc1.gz
> > or in the git tree and branch at:
> > git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-5.1.y
> > and the diffstat can be found below.
> >
> > thanks,
> >
> > greg k-h
> >
>
> Compiled and booted on my test system. No dmesg regressions.
Thanks for testing all of these (and 5.0 twice!) and letting me know.
greg k-h
^ permalink raw reply [flat|nested] 429+ messages in thread
* Re: [PATCH 5.1 000/405] 5.1.6-stable review
2019-05-30 18:35 ` Guenter Roeck
@ 2019-05-30 20:18 ` Greg Kroah-Hartman
0 siblings, 0 replies; 429+ messages in thread
From: Greg Kroah-Hartman @ 2019-05-30 20:18 UTC (permalink / raw)
To: Guenter Roeck
Cc: linux-kernel, torvalds, akpm, shuah, patches, ben.hutchings,
lkft-triage, stable
On Thu, May 30, 2019 at 11:35:50AM -0700, Guenter Roeck wrote:
> On Wed, May 29, 2019 at 07:59:58PM -0700, Greg Kroah-Hartman wrote:
> > This is the start of the stable review cycle for the 5.1.6 release.
> > There are 405 patches in this series, all will be posted as a response
> > to this one. If anyone has any issues with these being applied, please
> > let me know.
> >
> > Responses should be made by Sat 01 Jun 2019 03:01:59 AM UTC.
> > Anything received after that time might be too late.
> >
>
> Build results:
> total: 159 pass: 159 fail: 0
> Qemu test results:
> total: 349 pass: 349 fail: 0
Wonderful, thanks for testing all of these and letting me know.
greg k-h
^ permalink raw reply [flat|nested] 429+ messages in thread
* Re: [PATCH 5.1 000/405] 5.1.6-stable review
2019-05-30 2:59 [PATCH 5.1 000/405] 5.1.6-stable review Greg Kroah-Hartman
` (408 preceding siblings ...)
2019-05-30 19:30 ` shuah
@ 2019-05-31 14:16 ` Dan Rue
409 siblings, 0 replies; 429+ messages in thread
From: Dan Rue @ 2019-05-31 14:16 UTC (permalink / raw)
To: Greg Kroah-Hartman
Cc: linux-kernel, torvalds, akpm, linux, shuah, patches,
ben.hutchings, lkft-triage, stable
On Wed, May 29, 2019 at 07:59:58PM -0700, Greg Kroah-Hartman wrote:
> This is the start of the stable review cycle for the 5.1.6 release.
> There are 405 patches in this series, all will be posted as a response
> to this one. If anyone has any issues with these being applied, please
> let me know.
>
> Responses should be made by Sat 01 Jun 2019 03:01:59 AM UTC.
> Anything received after that time might be too late.
Results from Linaro’s test farm.
No regressions on arm64, arm, x86_64, and i386.
Summary
------------------------------------------------------------------------
kernel: 5.1.6-rc1
git repo: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git
git branch: linux-5.1.y
git commit: 6df8e06907e10b03bfeb68d794def0a11133a8a3
git describe: v5.1.5-406-g6df8e06907e1
Test details: https://qa-reports.linaro.org/lkft/linux-stable-rc-5.1-oe/build/v5.1.5-406-g6df8e06907e1
No regressions (compared to build v5.1.5)
No fixes (compared to build v5.1.5)
Ran 23969 total tests in the following environments and test suites.
Environments
--------------
- dragonboard-410c
- hi6220-hikey
- i386
- juno-r2
- qemu_arm
- qemu_arm64
- qemu_i386
- qemu_x86_64
- x15
- x86
Test Suites
-----------
* build
* install-android-platform-tools-r2600
* kselftest
* libgpiod
* libhugetlbfs
* ltp-cap_bounds-tests
* ltp-commands-tests
* ltp-containers-tests
* ltp-cpuhotplug-tests
* ltp-cve-tests
* ltp-dio-tests
* ltp-fcntl-locktests-tests
* ltp-filecaps-tests
* ltp-fs_bind-tests
* ltp-fs_perms_simple-tests
* ltp-fsx-tests
* ltp-hugetlb-tests
* ltp-io-tests
* ltp-ipc-tests
* ltp-math-tests
* ltp-mm-tests
* ltp-nptl-tests
* ltp-pty-tests
* ltp-sched-tests
* ltp-securebits-tests
* ltp-syscalls-tests
* ltp-timers-tests
* perf
* spectre-meltdown-checker-test
* v4l2-compliance
* network-basic-tests
* ltp-fs-tests
* ltp-open-posix-tests
* kvm-unit-tests
* kselftest-vsyscall-mode-native
* kselftest-vsyscall-mode-none
* ssuite
--
Linaro LKFT
https://lkft.linaro.org
^ permalink raw reply [flat|nested] 429+ messages in thread
end of thread, other threads:[~2019-05-31 14:16 UTC | newest]
Thread overview: 429+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2019-05-30 2:59 [PATCH 5.1 000/405] 5.1.6-stable review Greg Kroah-Hartman
2019-05-30 2:59 ` [PATCH 5.1 001/405] x86: Hide the int3_emulate_call/jmp functions from UML Greg Kroah-Hartman
2019-05-30 3:00 ` [PATCH 5.1 002/405] ext4: do not delete unlinked inode from orphan list on failed truncate Greg Kroah-Hartman
2019-05-30 3:00 ` [PATCH 5.1 003/405] ext4: wait for outstanding dio during truncate in nojournal mode Greg Kroah-Hartman
2019-05-30 3:00 ` [PATCH 5.1 004/405] KVM: x86: fix return value for reserved EFER Greg Kroah-Hartman
2019-05-30 3:00 ` [PATCH 5.1 005/405] x86/kvm/pmu: Set AMDs virt PMU version to 1 Greg Kroah-Hartman
2019-05-30 3:00 ` [PATCH 5.1 006/405] bio: fix improper use of smp_mb__before_atomic() Greg Kroah-Hartman
2019-05-30 3:00 ` [PATCH 5.1 007/405] sbitmap: " Greg Kroah-Hartman
2019-05-30 3:00 ` [PATCH 5.1 008/405] Revert "scsi: sd: Keep disk read-only when re-reading partition" Greg Kroah-Hartman
2019-05-30 3:00 ` [PATCH 5.1 009/405] crypto: hash - fix incorrect HASH_MAX_DESCSIZE Greg Kroah-Hartman
2019-05-30 3:00 ` [PATCH 5.1 010/405] crypto: vmx - CTR: always increment IV as quadword Greg Kroah-Hartman
2019-05-30 3:00 ` [PATCH 5.1 011/405] mmc: sdhci-iproc: cygnus: Set NO_HISPD bit to fix HS50 data hold time problem Greg Kroah-Hartman
2019-05-30 3:00 ` [PATCH 5.1 012/405] mmc: sdhci-iproc: " Greg Kroah-Hartman
2019-05-30 3:00 ` [PATCH 5.1 013/405] tracing: Add a check_val() check before updating cond_snapshot() track_val Greg Kroah-Hartman
2019-05-30 3:00 ` [PATCH 5.1 014/405] dax: Arrange for dax_supported check to span multiple devices Greg Kroah-Hartman
2019-05-30 3:00 ` [PATCH 5.1 015/405] kvm: Check irqchip mode before assign irqfd Greg Kroah-Hartman
2019-05-30 3:00 ` [PATCH 5.1 016/405] kvm: svm/avic: fix off-by-one in checking host APIC ID Greg Kroah-Hartman
2019-05-30 3:00 ` [PATCH 5.1 017/405] KVM: nVMX: Fix using __this_cpu_read() in preemptible context Greg Kroah-Hartman
2019-05-30 3:00 ` [PATCH 5.1 018/405] libnvdimm/pmem: Bypass CONFIG_HARDENED_USERCOPY overhead Greg Kroah-Hartman
2019-05-30 3:00 ` [PATCH 5.1 019/405] arm64/kernel: kaslr: reduce module randomization range to 2 GB Greg Kroah-Hartman
2019-05-30 3:00 ` [PATCH 5.1 020/405] arm64: Kconfig: Make ARM64_PSEUDO_NMI depend on BROKEN for now Greg Kroah-Hartman
2019-05-30 3:00 ` [PATCH 5.1 021/405] arm64/iommu: handle non-remapped addresses in ->mmap and ->get_sgtable Greg Kroah-Hartman
2019-05-30 3:00 ` [PATCH 5.1 022/405] gfs2: Fix sign extension bug in gfs2_update_stats Greg Kroah-Hartman
2019-05-30 3:00 ` [PATCH 5.1 023/405] btrfs: dont double unlock on error in btrfs_punch_hole Greg Kroah-Hartman
2019-05-30 3:00 ` [PATCH 5.1 024/405] btrfs: Check the compression level before getting a workspace Greg Kroah-Hartman
2019-05-30 3:00 ` [PATCH 5.1 025/405] Btrfs: do not abort transaction at btrfs_update_root() after failure to COW path Greg Kroah-Hartman
2019-05-30 3:00 ` [PATCH 5.1 026/405] Btrfs: avoid fallback to transaction commit during fsync of files with holes Greg Kroah-Hartman
2019-05-30 3:00 ` [PATCH 5.1 027/405] Btrfs: fix race between ranged fsync and writeback of adjacent ranges Greg Kroah-Hartman
2019-05-30 3:00 ` [PATCH 5.1 028/405] btrfs: sysfs: Fix error path kobject memory leak Greg Kroah-Hartman
2019-05-30 3:00 ` [PATCH 5.1 029/405] btrfs: sysfs: dont leak memory when failing add fsid Greg Kroah-Hartman
2019-05-30 3:00 ` [PATCH 5.1 030/405] fbdev: fix divide error in fb_var_to_videomode Greg Kroah-Hartman
2019-05-30 3:00 ` [PATCH 5.1 031/405] arm64: errata: Add workaround for Cortex-A76 erratum #1463225 Greg Kroah-Hartman
2019-05-30 3:00 ` [PATCH 5.1 032/405] ovl: relax WARN_ON() for overlapping layers use case Greg Kroah-Hartman
2019-05-30 3:00 ` [PATCH 5.1 033/405] fbdev: fix WARNING in __alloc_pages_nodemask bug Greg Kroah-Hartman
2019-05-30 3:00 ` [PATCH 5.1 034/405] media: cpia2: Fix use-after-free in cpia2_exit Greg Kroah-Hartman
2019-05-30 3:00 ` [PATCH 5.1 035/405] media: serial_ir: Fix use-after-free in serial_ir_init_module Greg Kroah-Hartman
2019-05-30 3:00 ` [PATCH 5.1 036/405] media: vb2: add waiting_in_dqbuf flag Greg Kroah-Hartman
2019-05-30 3:00 ` [PATCH 5.1 037/405] media: vivid: use vfree() instead of kfree() for dev->bitmap_cap Greg Kroah-Hartman
2019-05-30 3:00 ` [PATCH 5.1 038/405] ssb: Fix possible NULL pointer dereference in ssb_host_pcmcia_exit Greg Kroah-Hartman
2019-05-30 3:00 ` [PATCH 5.1 039/405] bpf: devmap: fix use-after-free Read in __dev_map_entry_free Greg Kroah-Hartman
2019-05-30 3:00 ` [PATCH 5.1 040/405] batman-adv: mcast: fix multicast tt/tvlv worker locking Greg Kroah-Hartman
2019-05-30 3:00 ` [PATCH 5.1 041/405] at76c50x-usb: Dont register led_trigger if usb_register_driver failed Greg Kroah-Hartman
2019-05-30 3:00 ` [PATCH 5.1 042/405] acct_on(): dont mess with freeze protection Greg Kroah-Hartman
2019-05-30 3:00 ` [PATCH 5.1 043/405] netfilter: ctnetlink: Resolve conntrack L3-protocol flush regression Greg Kroah-Hartman
2019-05-30 3:00 ` [PATCH 5.1 044/405] Revert "btrfs: Honour FITRIM range constraints during free space trim" Greg Kroah-Hartman
2019-05-30 3:00 ` [PATCH 5.1 045/405] gfs2: Fix lru_count going negative Greg Kroah-Hartman
2019-05-30 3:00 ` [PATCH 5.1 046/405] cxgb4: Fix error path in cxgb4_init_module Greg Kroah-Hartman
2019-05-30 3:00 ` [PATCH 5.1 047/405] afs: Fix getting the afs.fid xattr Greg Kroah-Hartman
2019-05-30 3:00 ` [PATCH 5.1 048/405] NFS: make nfs_match_client killable Greg Kroah-Hartman
2019-05-30 3:00 ` [PATCH 5.1 049/405] gfs2: fix race between gfs2_freeze_func and unmount Greg Kroah-Hartman
2019-05-30 3:00 ` [PATCH 5.1 050/405] io_uring: use cpu_online() to check p->sq_thread_cpu instead of cpu_possible() Greg Kroah-Hartman
2019-05-30 3:00 ` [PATCH 5.1 051/405] IB/hfi1: Fix WQ_MEM_RECLAIM warning Greg Kroah-Hartman
2019-05-30 3:00 ` [PATCH 5.1 052/405] gfs2: Fix occasional glock use-after-free Greg Kroah-Hartman
2019-05-30 3:00 ` [PATCH 5.1 053/405] mmc: core: Verify SD bus width Greg Kroah-Hartman
2019-05-30 3:00 ` [PATCH 5.1 054/405] tools/bpf: fix perf build error with uClibc (seen on ARC) Greg Kroah-Hartman
2019-05-30 3:00 ` [PATCH 5.1 055/405] i40e: Fix of memory leak and integer truncation in i40e_virtchnl.c Greg Kroah-Hartman
2019-05-30 3:00 ` [PATCH 5.1 056/405] libbpf: fix invalid munmap call Greg Kroah-Hartman
2019-05-30 3:00 ` [PATCH 5.1 057/405] selftests/bpf: set RLIMIT_MEMLOCK properly for test_libbpf_open.c Greg Kroah-Hartman
2019-05-30 3:00 ` [PATCH 5.1 058/405] bpftool: exclude bash-completion/bpftool from .gitignore pattern Greg Kroah-Hartman
2019-05-30 3:00 ` [PATCH 5.1 059/405] ice: Separate if conditions for ice_set_features() Greg Kroah-Hartman
2019-05-30 3:00 ` [PATCH 5.1 060/405] ice: Preserve VLAN Rx stripping settings Greg Kroah-Hartman
2019-05-30 3:00 ` [PATCH 5.1 061/405] blk-mq: split blk_mq_alloc_and_init_hctx into two parts Greg Kroah-Hartman
2019-05-30 3:01 ` [PATCH 5.1 062/405] blk-mq: grab .q_usage_counter when queuing request from plug code path Greg Kroah-Hartman
2019-05-30 3:01 ` [PATCH 5.1 063/405] dmaengine: tegra210-dma: free dma controller in remove() Greg Kroah-Hartman
2019-05-30 3:01 ` [PATCH 5.1 064/405] net: ena: gcc 8: fix compilation warning Greg Kroah-Hartman
2019-05-30 3:01 ` [PATCH 5.1 065/405] net: ena: fix: set freed objects to NULL to avoid failing future allocations Greg Kroah-Hartman
2019-05-30 3:01 ` [PATCH 5.1 066/405] hv_netvsc: fix race that may miss tx queue wakeup Greg Kroah-Hartman
2019-05-30 3:01 ` [PATCH 5.1 067/405] Bluetooth: Ignore CC events not matching the last HCI command Greg Kroah-Hartman
2019-05-30 3:01 ` [PATCH 5.1 068/405] pinctrl: zte: fix leaked of_node references Greg Kroah-Hartman
2019-05-30 3:01 ` [PATCH 5.1 069/405] ASoC: Intel: kbl_da7219_max98357a: Map BTN_0 to KEY_PLAYPAUSE Greg Kroah-Hartman
2019-05-30 3:01 ` [PATCH 5.1 070/405] usb: dwc2: gadget: Increase descriptors count for ISOCs Greg Kroah-Hartman
2019-05-30 3:01 ` [PATCH 5.1 071/405] usb: dwc3: move synchronize_irq() out of the spinlock protected block Greg Kroah-Hartman
2019-05-30 3:01 ` [PATCH 5.1 072/405] usb: gadget: f_fs: dont free buffer prematurely Greg Kroah-Hartman
2019-05-30 3:01 ` [PATCH 5.1 073/405] ASoC: hdmi-codec: unlock the device on startup errors Greg Kroah-Hartman
2019-05-30 3:01 ` [PATCH 5.1 074/405] powerpc/perf: Return accordingly on invalid chip-id in Greg Kroah-Hartman
2019-05-30 3:01 ` [PATCH 5.1 075/405] powerpc/boot: Fix missing check of lseek() return value Greg Kroah-Hartman
2019-05-30 3:01 ` [PATCH 5.1 076/405] powerpc/perf: Fix loop exit condition in nest_imc_event_init Greg Kroah-Hartman
2019-05-30 3:01 ` [PATCH 5.1 077/405] spi: atmel-quadspi: fix crash while suspending Greg Kroah-Hartman
2019-05-30 3:01 ` [PATCH 5.1 078/405] ASoC: imx: fix fiq dependencies Greg Kroah-Hartman
2019-05-30 3:01 ` [PATCH 5.1 079/405] spi: pxa2xx: fix SCR (divisor) calculation Greg Kroah-Hartman
2019-05-30 3:01 ` [PATCH 5.1 080/405] net/mlx5: E-Switch, Use atomic rep state to serialize state change Greg Kroah-Hartman
2019-05-30 3:01 ` [PATCH 5.1 081/405] brcm80211: potential NULL dereference in brcmf_cfg80211_vndr_cmds_dcmd_handler() Greg Kroah-Hartman
2019-05-30 3:01 ` [PATCH 5.1 082/405] ACPI / property: fix handling of data_nodes in acpi_get_next_subnode() Greg Kroah-Hartman
2019-05-30 3:01 ` [PATCH 5.1 083/405] drm/nouveau/bar/nv50: ensure BAR is mapped Greg Kroah-Hartman
2019-05-30 3:01 ` [PATCH 5.1 084/405] media: stm32-dcmi: return appropriate error codes during probe Greg Kroah-Hartman
2019-05-30 3:01 ` [PATCH 5.1 085/405] ARM: vdso: Remove dependency with the arch_timer driver internals Greg Kroah-Hartman
2019-05-30 3:01 ` [PATCH 5.1 086/405] arm64: Fix compiler warning from pte_unmap() with -Wunused-but-set-variable Greg Kroah-Hartman
2019-05-30 3:01 ` [PATCH 5.1 087/405] mt76: remove mt76_queue dependency from tx_queue_skb function pointer Greg Kroah-Hartman
2019-05-30 3:01 ` [PATCH 5.1 088/405] x86/ftrace: Set trampoline pages as executable Greg Kroah-Hartman
2019-05-30 3:01 ` [PATCH 5.1 089/405] powerpc/watchdog: Use hrtimers for per-CPU heartbeat Greg Kroah-Hartman
2019-05-30 3:01 ` [PATCH 5.1 090/405] cpufreq: Fix kobject memleak Greg Kroah-Hartman
2019-05-30 3:01 ` [PATCH 5.1 091/405] scsi: qla2xxx: Fix a qla24xx_enable_msix() error path Greg Kroah-Hartman
2019-05-30 3:01 ` [PATCH 5.1 092/405] scsi: qla2xxx: Fix abort handling in tcm_qla2xxx_write_pending() Greg Kroah-Hartman
2019-05-30 3:01 ` [PATCH 5.1 093/405] scsi: qla2xxx: Avoid that lockdep complains about unsafe locking in tcm_qla2xxx_close_session() Greg Kroah-Hartman
2019-05-30 3:01 ` [PATCH 5.1 094/405] scsi: qla2xxx: Fix hardirq-unsafe locking Greg Kroah-Hartman
2019-05-30 3:01 ` [PATCH 5.1 095/405] x86/modules: Avoid breaking W^X while loading modules Greg Kroah-Hartman
2019-05-30 3:01 ` [PATCH 5.1 096/405] Btrfs: fix data bytes_may_use underflow with fallocate due to failed quota reserve Greg Kroah-Hartman
2019-05-30 3:01 ` [PATCH 5.1 097/405] btrfs: fix panic during relocation after ENOSPC before writeback happens Greg Kroah-Hartman
2019-05-30 3:01 ` [PATCH 5.1 098/405] btrfs: Dont panic when we cant find a root key Greg Kroah-Hartman
2019-05-30 3:01 ` [PATCH 5.1 099/405] iwlwifi: pcie: dont crash on invalid RX interrupt Greg Kroah-Hartman
2019-05-30 3:01 ` [PATCH 5.1 100/405] rtc: 88pm860x: prevent use-after-free on device remove Greg Kroah-Hartman
2019-05-30 3:01 ` [PATCH 5.1 101/405] rtc: stm32: manage the get_irq probe defer case Greg Kroah-Hartman
2019-05-30 3:01 ` [PATCH 5.1 102/405] scsi: qedi: Abort ep termination if offload not scheduled Greg Kroah-Hartman
2019-05-30 3:01 ` [PATCH 5.1 103/405] s390/kexec_file: Fix detection of text segment in ELF loader Greg Kroah-Hartman
2019-05-30 3:01 ` [PATCH 5.1 104/405] ALSA: hda: fix unregister device twice on ASoC driver Greg Kroah-Hartman
2019-05-30 3:01 ` [PATCH 5.1 105/405] sched/nohz: Run NOHZ idle load balancer on HK_FLAG_MISC CPUs Greg Kroah-Hartman
2019-05-30 3:01 ` [PATCH 5.1 106/405] net: ethernet: ti: cpsw: fix allmulti cfg in dual_mac mode Greg Kroah-Hartman
2019-05-30 3:01 ` [PATCH 5.1 107/405] w1: fix the resume command API Greg Kroah-Hartman
2019-05-30 3:01 ` [PATCH 5.1 108/405] net: hns3: fix pause configure fail problem Greg Kroah-Hartman
2019-05-30 3:01 ` [PATCH 5.1 109/405] net: hns3: fix for TX clean num when cleaning TX BD Greg Kroah-Hartman
2019-05-30 3:01 ` [PATCH 5.1 110/405] net: phy: improve genphy_soft_reset Greg Kroah-Hartman
2019-05-30 3:01 ` [PATCH 5.1 111/405] s390: qeth: address type mismatch warning Greg Kroah-Hartman
2019-05-30 3:01 ` [PATCH 5.1 112/405] arm64: futex: Fix FUTEX_WAKE_OP atomic ops with non-zero result value Greg Kroah-Hartman
2019-05-30 3:01 ` [PATCH 5.1 113/405] net: hns3: use atomic_t replace u32 for arqs count Greg Kroah-Hartman
2019-05-30 3:01 ` [PATCH 5.1 114/405] dmaengine: pl330: _stop: clear interrupt status Greg Kroah-Hartman
2019-05-30 3:01 ` [PATCH 5.1 115/405] mac80211/cfg80211: update bss channel on channel switch Greg Kroah-Hartman
2019-05-30 3:01 ` [PATCH 5.1 116/405] drm: prefix header search paths with $(srctree)/ Greg Kroah-Hartman
2019-05-30 3:01 ` [PATCH 5.1 117/405] libbpf: fix samples/bpf build failure due to undefined UINT32_MAX Greg Kroah-Hartman
2019-05-30 3:01 ` [PATCH 5.1 118/405] slimbus: fix a potential NULL pointer dereference in of_qcom_slim_ngd_register Greg Kroah-Hartman
2019-05-30 3:01 ` [PATCH 5.1 119/405] regulator: core: Actually put the gpiod after use Greg Kroah-Hartman
2019-05-30 3:01 ` [PATCH 5.1 120/405] ASoC: fsl_sai: Update is_slave_mode with correct value Greg Kroah-Hartman
2019-05-30 3:01 ` [PATCH 5.1 121/405] Fix nfs4.2 return -EINVAL when do dedupe operation Greg Kroah-Hartman
2019-05-30 3:02 ` [PATCH 5.1 122/405] mwifiex: prevent an array overflow Greg Kroah-Hartman
2019-05-30 3:02 ` [PATCH 5.1 123/405] rsi: Fix NULL pointer dereference in kmalloc Greg Kroah-Hartman
2019-05-30 3:02 ` [PATCH 5.1 124/405] net: cw1200: fix a NULL pointer dereference Greg Kroah-Hartman
2019-05-30 3:02 ` [PATCH 5.1 125/405] nvme: set 0 capacity if namespace block size exceeds PAGE_SIZE Greg Kroah-Hartman
2019-05-30 3:02 ` [PATCH 5.1 126/405] nvme-rdma: fix a NULL deref when an admin connect times out Greg Kroah-Hartman
2019-05-30 3:02 ` [PATCH 5.1 127/405] nvme-tcp: " Greg Kroah-Hartman
2019-05-30 3:02 ` [PATCH 5.1 128/405] crypto: sun4i-ss - Fix invalid calculation of hash end Greg Kroah-Hartman
2019-05-30 3:02 ` [PATCH 5.1 129/405] bcache: avoid potential memleak of list of journal_replay(s) in the CACHE_SYNC branch of run_cache_set Greg Kroah-Hartman
2019-05-30 3:02 ` [PATCH 5.1 130/405] bcache: return error immediately in bch_journal_replay() Greg Kroah-Hartman
2019-05-30 3:02 ` [PATCH 5.1 131/405] bcache: fix failure in journal relplay Greg Kroah-Hartman
2019-05-30 3:02 ` [PATCH 5.1 132/405] bcache: add failure check to run_cache_set() for journal replay Greg Kroah-Hartman
2019-05-30 3:02 ` [PATCH 5.1 133/405] bcache: avoid clang -Wunintialized warning Greg Kroah-Hartman
2019-05-30 3:02 ` [PATCH 5.1 134/405] RDMA/cma: Consider scope_id while binding to ipv6 ll address Greg Kroah-Hartman
2019-05-30 3:02 ` [PATCH 5.1 135/405] vfio-ccw: Do not call flush_workqueue while holding the spinlock Greg Kroah-Hartman
2019-05-30 3:02 ` [PATCH 5.1 136/405] vfio-ccw: Release any channel program when releasing/removing vfio-ccw mdev Greg Kroah-Hartman
2019-05-30 3:02 ` [PATCH 5.1 137/405] x86/build: Move _etext to actual end of .text Greg Kroah-Hartman
2019-05-30 3:02 ` [PATCH 5.1 138/405] smpboot: Place the __percpu annotation correctly Greg Kroah-Hartman
2019-05-30 3:02 ` [PATCH 5.1 139/405] x86/uaccess: Dont leak the AC flag into __put_user() argument evaluation Greg Kroah-Hartman
2019-05-30 3:02 ` [PATCH 5.1 140/405] x86/mm: Remove in_nmi() warning from 64-bit implementation of vmalloc_fault() Greg Kroah-Hartman
2019-05-30 3:02 ` [PATCH 5.1 141/405] mm/uaccess: Use unsigned long to placate UBSAN warnings on older GCC versions Greg Kroah-Hartman
2019-05-30 3:02 ` [PATCH 5.1 142/405] Bluetooth: hci_qca: Fix crash with non-serdev devices Greg Kroah-Hartman
2019-05-30 3:02 ` [PATCH 5.1 143/405] Bluetooth: hci_qca: Give enough time to ROME controller to bootup Greg Kroah-Hartman
2019-05-30 3:02 ` [PATCH 5.1 144/405] Bluetooth: btbcm: Add default address for BCM43341B Greg Kroah-Hartman
2019-05-30 3:02 ` [PATCH 5.1 145/405] Bluetooth: mediatek: Fixed incorrect type in assignment Greg Kroah-Hartman
2019-05-30 3:02 ` [PATCH 5.1 146/405] HID: logitech-hidpp: use RAP instead of FAP to get the protocol version Greg Kroah-Hartman
2019-05-30 3:02 ` [PATCH 5.1 147/405] pinctrl: pistachio: fix leaked of_node references Greg Kroah-Hartman
2019-05-30 3:02 ` [PATCH 5.1 148/405] pinctrl: st: " Greg Kroah-Hartman
2019-05-30 3:02 ` [PATCH 5.1 149/405] pinctrl: samsung: " Greg Kroah-Hartman
2019-05-30 3:02 ` [PATCH 5.1 150/405] clk: rockchip: undo several noc and special clocks as critical on rk3288 Greg Kroah-Hartman
2019-05-30 3:02 ` [PATCH 5.1 151/405] perf/arm-cci: Remove broken race mitigation Greg Kroah-Hartman
2019-05-30 3:02 ` [PATCH 5.1 152/405] dmaengine: at_xdmac: remove BUG_ON macro in tasklet Greg Kroah-Hartman
2019-05-30 3:02 ` [PATCH 5.1 153/405] media: coda: clear error return value before picture run Greg Kroah-Hartman
2019-05-30 3:02 ` [PATCH 5.1 154/405] media: ov6650: Move v4l2_clk_get() to ov6650_video_probe() helper Greg Kroah-Hartman
2019-05-30 3:02 ` [PATCH 5.1 155/405] media: au0828: stop video streaming only when last user stops Greg Kroah-Hartman
2019-05-30 3:02 ` [PATCH 5.1 156/405] media: ov2659: make S_FMT succeed even if requested format doesnt match Greg Kroah-Hartman
2019-05-30 3:02 ` [PATCH 5.1 157/405] audit: fix a memory leak bug Greg Kroah-Hartman
2019-05-30 3:02 ` [PATCH 5.1 158/405] media: stm32-dcmi: fix crash when subdev do not expose any formats Greg Kroah-Hartman
2019-05-30 3:02 ` [PATCH 5.1 159/405] media: au0828: Fix NULL pointer dereference in au0828_analog_stream_enable() Greg Kroah-Hartman
2019-05-30 3:02 ` [PATCH 5.1 160/405] media: pvrusb2: Prevent a buffer overflow Greg Kroah-Hartman
2019-05-30 3:02 ` [PATCH 5.1 161/405] iio: adc: stm32-dfsdm: fix unmet direct dependencies detected Greg Kroah-Hartman
2019-05-30 3:02 ` [PATCH 5.1 162/405] block: fix use-after-free on gendisk Greg Kroah-Hartman
2019-05-30 3:02 ` [PATCH 5.1 163/405] powerpc/numa: improve control of topology updates Greg Kroah-Hartman
2019-05-30 3:02 ` [PATCH 5.1 164/405] powerpc/64: Fix booting large kernels with STRICT_KERNEL_RWX Greg Kroah-Hartman
2019-05-30 3:02 ` [PATCH 5.1 165/405] random: fix CRNG initialization when random.trust_cpu=1 Greg Kroah-Hartman
2019-05-30 3:02 ` [PATCH 5.1 166/405] random: add a spinlock_t to struct batched_entropy Greg Kroah-Hartman
2019-05-30 3:02 ` [PATCH 5.1 167/405] cgroup: protect cgroup->nr_(dying_)descendants by css_set_lock Greg Kroah-Hartman
2019-05-30 3:02 ` [PATCH 5.1 168/405] sched/core: Check quota and period overflow at usec to nsec conversion Greg Kroah-Hartman
2019-05-30 3:02 ` [PATCH 5.1 169/405] sched/rt: Check integer " Greg Kroah-Hartman
2019-05-30 3:02 ` [PATCH 5.1 170/405] sched/core: Handle overflow in cpu_shares_write_u64 Greg Kroah-Hartman
2019-05-30 3:02 ` [PATCH 5.1 171/405] staging: vc04_services: handle kzalloc failure Greg Kroah-Hartman
2019-05-30 3:02 ` [PATCH 5.1 172/405] drm/msm/dpu: release resources on modeset failure Greg Kroah-Hartman
2019-05-30 3:02 ` [PATCH 5.1 173/405] drm/msm: a5xx: fix possible object reference leak Greg Kroah-Hartman
2019-05-30 3:02 ` Greg Kroah-Hartman
2019-05-30 3:02 ` [PATCH 5.1 174/405] drm/msm: dpu: Dont set frame_busy_mask for async updates Greg Kroah-Hartman
2019-05-30 3:02 ` [PATCH 5.1 175/405] drm/msm: Fix NULL pointer dereference Greg Kroah-Hartman
2019-05-30 3:02 ` [PATCH 5.1 176/405] irq_work: Do not raise an IPI when queueing work on the local CPU Greg Kroah-Hartman
2019-05-30 3:02 ` [PATCH 5.1 177/405] thunderbolt: Take domain lock in switch sysfs attribute callbacks Greg Kroah-Hartman
2019-05-30 3:02 ` [PATCH 5.1 178/405] s390/qeth: handle error from qeth_update_from_chp_desc() Greg Kroah-Hartman
2019-05-30 3:02 ` [PATCH 5.1 179/405] USB: core: Dont unbind interfaces following device reset failure Greg Kroah-Hartman
2019-05-30 3:02 ` [PATCH 5.1 180/405] x86/irq/64: Limit IST stack overflow check to #DB stack Greg Kroah-Hartman
2019-05-30 3:02 ` [PATCH 5.1 181/405] drm: etnaviv: avoid DMA API warning when importing buffers Greg Kroah-Hartman
2019-05-30 3:03 ` [PATCH 5.1 182/405] dt-bindings: phy-qcom-qmp: Add UFS PHY reset Greg Kroah-Hartman
2019-05-30 3:03 ` [PATCH 5.1 183/405] phy: sun4i-usb: Make sure to disable PHY0 passby for peripheral mode Greg Kroah-Hartman
2019-05-30 3:03 ` [PATCH 5.1 184/405] phy: mapphone-mdm6600: add gpiolib dependency Greg Kroah-Hartman
2019-05-30 3:03 ` [PATCH 5.1 185/405] phy: ti: usb2: fix OMAP_CONTROL_PHY dependency Greg Kroah-Hartman
2019-05-30 3:03 ` [PATCH 5.1 186/405] dpaa2-eth: Fix Rx classification status Greg Kroah-Hartman
2019-05-30 3:03 ` [PATCH 5.1 187/405] i40e: Able to add up to 16 MAC filters on an untrusted VF Greg Kroah-Hartman
2019-05-30 3:03 ` [PATCH 5.1 188/405] i40e: dont allow changes to HW VLAN stripping on active port VLANs Greg Kroah-Hartman
2019-05-30 3:03 ` [PATCH 5.1 189/405] ACPI/IORT: Reject platform device creation on NUMA node mapping failure Greg Kroah-Hartman
2019-05-30 3:03 ` [PATCH 5.1 190/405] arm64: vdso: Fix clock_getres() for CLOCK_REALTIME Greg Kroah-Hartman
2019-05-30 3:03 ` [PATCH 5.1 191/405] RDMA/cxgb4: Fix null pointer dereference on alloc_skb failure Greg Kroah-Hartman
2019-05-30 3:03 ` [PATCH 5.1 192/405] fscrypt: use READ_ONCE() to access ->i_crypt_info Greg Kroah-Hartman
2019-05-30 3:03 ` [PATCH 5.1 193/405] perf/x86/msr: Add Icelake support Greg Kroah-Hartman
2019-05-30 3:03 ` [PATCH 5.1 194/405] perf/x86/intel/rapl: " Greg Kroah-Hartman
2019-05-30 3:03 ` [PATCH 5.1 195/405] perf/x86/intel/cstate: " Greg Kroah-Hartman
2019-05-30 3:03 ` [PATCH 5.1 196/405] PM / devfreq: Fix static checker warning in try_then_request_governor Greg Kroah-Hartman
2019-05-30 3:03 ` [PATCH 5.1 197/405] hwmon: (vt1211) Use request_muxed_region for Super-IO accesses Greg Kroah-Hartman
2019-05-30 3:03 ` [PATCH 5.1 198/405] hwmon: (smsc47m1) " Greg Kroah-Hartman
2019-05-30 3:03 ` [PATCH 5.1 199/405] hwmon: (smsc47b397) " Greg Kroah-Hartman
2019-05-30 3:03 ` [PATCH 5.1 200/405] hwmon: (pc87427) " Greg Kroah-Hartman
2019-05-30 3:03 ` [PATCH 5.1 201/405] hwmon: (f71805f) " Greg Kroah-Hartman
2019-05-30 3:03 ` [PATCH 5.1 202/405] scsi: libsas: Do discovery on empty PHY to update PHY info Greg Kroah-Hartman
2019-05-30 3:03 ` [PATCH 5.1 203/405] mmc: core: make pwrseq_emmc (partially) support sleepy GPIO controllers Greg Kroah-Hartman
2019-05-30 3:03 ` [PATCH 5.1 204/405] mmc_spi: add a status check for spi_sync_locked Greg Kroah-Hartman
2019-05-30 3:03 ` [PATCH 5.1 205/405] mmc: sdhci-of-esdhc: add erratum eSDHC5 support Greg Kroah-Hartman
2019-05-30 3:03 ` [PATCH 5.1 206/405] mmc: sdhci-of-esdhc: add erratum A-009204 support Greg Kroah-Hartman
2019-05-30 3:03 ` [PATCH 5.1 207/405] mmc: sdhci-of-esdhc: add erratum eSDHC-A001 and A-008358 support Greg Kroah-Hartman
2019-05-30 3:03 ` [PATCH 5.1 208/405] net: hns3: free the pending skb when clean RX ring Greg Kroah-Hartman
2019-05-30 3:03 ` [PATCH 5.1 209/405] drm/amdgpu: fix old fence check in amdgpu_fence_emit Greg Kroah-Hartman
2019-05-30 3:03 ` [PATCH 5.1 210/405] PM / core: Propagate dev->power.wakeup_path when no callbacks Greg Kroah-Hartman
2019-05-30 3:03 ` [PATCH 5.1 211/405] clk: rockchip: Fix video codec clocks on rk3288 Greg Kroah-Hartman
2019-05-30 3:03 ` [PATCH 5.1 212/405] extcon: arizona: Disable mic detect if running when driver is removed Greg Kroah-Hartman
2019-05-30 3:03 ` [PATCH 5.1 213/405] clk: rockchip: Make rkpwm a critical clock on rk3288 Greg Kroah-Hartman
2019-05-30 3:03 ` [PATCH 5.1 214/405] clk: zynqmp: fix check for fractional clock Greg Kroah-Hartman
2019-05-30 3:03 ` [PATCH 5.1 215/405] s390: zcrypt: initialize variables before_use Greg Kroah-Hartman
2019-05-30 3:03 ` [PATCH 5.1 216/405] x86/microcode: Fix the ancient deprecated microcode loading method Greg Kroah-Hartman
2019-05-30 3:03 ` [PATCH 5.1 217/405] drm/amd/display: Initialize stream_update with memset Greg Kroah-Hartman
2019-05-30 3:03 ` [PATCH 5.1 218/405] s390/mm: silence compiler warning when compiling without CONFIG_PGSTE Greg Kroah-Hartman
2019-05-30 3:03 ` [PATCH 5.1 219/405] s390: cio: fix cio_irb declaration Greg Kroah-Hartman
2019-05-30 3:03 ` [PATCH 5.1 220/405] drm/amd/display: use proper formula to calculate bandwidth from timing Greg Kroah-Hartman
2019-05-30 3:03 ` [PATCH 5.1 221/405] selftests: cgroup: fix cleanup path in test_memcg_subtree_control() Greg Kroah-Hartman
2019-05-30 3:03 ` [PATCH 5.1 222/405] net: hns3: fix keep_alive_timer not stop problem Greg Kroah-Hartman
2019-05-30 3:03 ` [PATCH 5.1 223/405] qmi_wwan: Add quirk for Quectel dynamic config Greg Kroah-Hartman
2019-05-30 3:03 ` [PATCH 5.1 224/405] net: hns3: add error handler for initializing command queue Greg Kroah-Hartman
2019-05-30 3:03 ` [PATCH 5.1 225/405] cpufreq: ppc_cbe: fix possible object reference leak Greg Kroah-Hartman
2019-05-30 3:03 ` [PATCH 5.1 226/405] cpufreq/pasemi: " Greg Kroah-Hartman
2019-05-30 3:03 ` Greg Kroah-Hartman
2019-05-30 3:03 ` [PATCH 5.1 227/405] cpufreq: pmac32: " Greg Kroah-Hartman
2019-05-30 3:03 ` Greg Kroah-Hartman
2019-05-30 3:03 ` [PATCH 5.1 228/405] cpufreq: kirkwood: " Greg Kroah-Hartman
2019-05-30 3:03 ` [PATCH 5.1 229/405] cpufreq: imx6q: " Greg Kroah-Hartman
2019-05-30 3:03 ` Greg Kroah-Hartman
2019-05-30 3:03 ` [PATCH 5.1 230/405] cpufreq: ap806: " Greg Kroah-Hartman
2019-05-30 3:03 ` Greg Kroah-Hartman
2019-05-30 3:03 ` [PATCH 5.1 231/405] block: sed-opal: fix IOC_OPAL_ENABLE_DISABLE_MBR Greg Kroah-Hartman
2019-05-30 3:03 ` [PATCH 5.1 232/405] habanalabs: prevent device PTE read/write during hard-reset Greg Kroah-Hartman
2019-05-30 3:03 ` [PATCH 5.1 233/405] habanalabs: all FD must be closed before removing device Greg Kroah-Hartman
2019-05-30 3:03 ` [PATCH 5.1 234/405] samples/bpf: fix build with new clang Greg Kroah-Hartman
2019-05-30 3:03 ` [PATCH 5.1 235/405] x86/build: Keep local relocations with ld.lld Greg Kroah-Hartman
2019-05-30 3:03 ` [PATCH 5.1 236/405] spi: Dont call spi_get_gpio_descs() before device name is set Greg Kroah-Hartman
2019-05-30 3:03 ` [PATCH 5.1 237/405] regulator: core: Avoid potential deadlock on regulator_unregister Greg Kroah-Hartman
2019-05-30 3:03 ` [PATCH 5.1 238/405] ASoC: core: remove link components before cleaning up card resources Greg Kroah-Hartman
2019-05-30 3:03 ` [PATCH 5.1 239/405] drm/pl111: fix possible object reference leak Greg Kroah-Hartman
2019-05-30 3:03 ` Greg Kroah-Hartman
2019-05-30 3:03 ` [PATCH 5.1 240/405] iio: ad_sigma_delta: Properly handle SPI bus locking vs CS assertion Greg Kroah-Hartman
2019-05-30 3:03 ` [PATCH 5.1 241/405] iio: hmc5843: fix potential NULL pointer dereferences Greg Kroah-Hartman
2019-05-30 3:04 ` [PATCH 5.1 242/405] iio: common: ssp_sensors: Initialize calculated_time in ssp_common_process_data Greg Kroah-Hartman
2019-05-30 3:04 ` [PATCH 5.1 243/405] iio: adc: ti-ads7950: Fix improper use of mlock Greg Kroah-Hartman
2019-05-30 3:04 ` [PATCH 5.1 244/405] net: hns3: check resetting status in hns3_get_stats() Greg Kroah-Hartman
2019-05-30 3:04 ` [PATCH 5.1 245/405] net: hns3: add protect when handling mac addr list Greg Kroah-Hartman
2019-05-30 3:04 ` [PATCH 5.1 246/405] selftests/bpf: ksym_search wont check symbols exists Greg Kroah-Hartman
2019-05-30 3:04 ` [PATCH 5.1 247/405] rtlwifi: fix a potential NULL pointer dereference Greg Kroah-Hartman
2019-05-30 3:04 ` [PATCH 5.1 248/405] mwifiex: Fix mem leak in mwifiex_tm_cmd Greg Kroah-Hartman
2019-05-30 3:04 ` [PATCH 5.1 249/405] brcmfmac: fix missing checks for kmemdup Greg Kroah-Hartman
2019-05-30 3:04 ` [PATCH 5.1 250/405] b43: shut up clang -Wuninitialized variable warning Greg Kroah-Hartman
2019-05-30 3:04 ` [PATCH 5.1 251/405] brcmfmac: convert dev_init_lock mutex to completion Greg Kroah-Hartman
2019-05-30 3:04 ` [PATCH 5.1 252/405] brcmfmac: fix WARNING during USB disconnect in case of unempty psq Greg Kroah-Hartman
2019-05-30 3:04 ` [PATCH 5.1 253/405] brcmfmac: fix race during disconnect when USB completion is in progress Greg Kroah-Hartman
2019-05-30 3:04 ` [PATCH 5.1 254/405] brcmfmac: fix Oops when bringing up interface during USB disconnect Greg Kroah-Hartman
2019-05-30 3:04 ` [PATCH 5.1 255/405] rtc: xgene: fix possible race condition Greg Kroah-Hartman
2019-05-30 3:04 ` [PATCH 5.1 256/405] spi: Add missing error handling for CS GPIOs Greg Kroah-Hartman
2019-05-30 3:04 ` [PATCH 5.1 257/405] rtlwifi: fix potential NULL pointer dereference Greg Kroah-Hartman
2019-05-30 3:04 ` [PATCH 5.1 258/405] scsi: ufs: Fix regulator load and icc-level configuration Greg Kroah-Hartman
2019-05-30 3:04 ` [PATCH 5.1 259/405] scsi: ufs: Avoid configuring regulator with undefined voltage range Greg Kroah-Hartman
2019-05-30 3:04 ` [PATCH 5.1 260/405] drm/panel: otm8009a: Add delay at the end of initialization Greg Kroah-Hartman
2019-05-30 3:04 ` [PATCH 5.1 261/405] drm/amd/display: Prevent cursor hotspot overflow for RV overlay planes Greg Kroah-Hartman
2019-05-30 3:04 ` [PATCH 5.1 262/405] arm64: cpu_ops: fix a leaked reference by adding missing of_node_put Greg Kroah-Hartman
2019-05-30 3:04 ` Greg Kroah-Hartman
2019-05-30 3:04 ` [PATCH 5.1 263/405] locking/static_key: Fix false positive warnings on concurrent dec/inc Greg Kroah-Hartman
2019-05-30 3:04 ` [PATCH 5.1 264/405] wil6210: fix return code of wmi_mgmt_tx and wmi_mgmt_tx_ext Greg Kroah-Hartman
2019-05-30 3:04 ` [PATCH 5.1 265/405] x86/uaccess, ftrace: Fix ftrace_likely_update() vs. SMAP Greg Kroah-Hartman
2019-05-30 3:04 ` [PATCH 5.1 266/405] iwlwifi: mvm: IBSS: use BE FIFO for multicast Greg Kroah-Hartman
2019-05-30 3:04 ` [PATCH 5.1 267/405] x86/uaccess, signal: Fix AC=1 bloat Greg Kroah-Hartman
2019-05-30 3:04 ` [PATCH 5.1 268/405] x86/ia32: Fix ia32_restore_sigcontext() AC leak Greg Kroah-Hartman
2019-05-30 3:04 ` [PATCH 5.1 269/405] x86/uaccess: Fix up the fixup Greg Kroah-Hartman
2019-05-30 3:04 ` [PATCH 5.1 270/405] chardev: add additional check for minor range overlap Greg Kroah-Hartman
2019-05-30 3:04 ` [PATCH 5.1 271/405] RDMA/hns: Fix bad endianess of port_pd variable Greg Kroah-Hartman
2019-05-30 3:04 ` [PATCH 5.1 272/405] sh: sh7786: Add explicit I/O cast to sh7786_mm_sel() Greg Kroah-Hartman
2019-05-30 3:04 ` [PATCH 5.1 273/405] HID: core: move Usage Page concatenation to Main item Greg Kroah-Hartman
2019-05-30 3:04 ` [PATCH 5.1 274/405] ASoC: eukrea-tlv320: fix a leaked reference by adding missing of_node_put Greg Kroah-Hartman
2019-05-30 3:04 ` Greg Kroah-Hartman
2019-05-30 3:04 ` [PATCH 5.1 275/405] ASoC: fsl_utils: " Greg Kroah-Hartman
2019-05-30 3:04 ` Greg Kroah-Hartman
2019-05-30 3:04 ` [PATCH 5.1 276/405] ASoC: wcd9335: " Greg Kroah-Hartman
2019-05-30 3:04 ` Greg Kroah-Hartman
2019-05-30 3:04 ` [PATCH 5.1 277/405] cxgb3/l2t: Fix undefined behaviour Greg Kroah-Hartman
2019-05-30 3:04 ` [PATCH 5.1 278/405] clk: renesas: rcar-gen3: Correct parent clock of SYS-DMAC Greg Kroah-Hartman
2019-05-30 3:04 ` [PATCH 5.1 279/405] block: avoid to break XEN by multi-page bvec Greg Kroah-Hartman
2019-05-30 3:04 ` [Xen-devel] " Greg Kroah-Hartman
2019-05-30 3:04 ` Greg Kroah-Hartman
2019-05-30 3:04 ` [PATCH 5.1 280/405] block: pass page to xen_biovec_phys_mergeable Greg Kroah-Hartman
2019-05-30 3:04 ` [Xen-devel] " Greg Kroah-Hartman
2019-05-30 3:04 ` Greg Kroah-Hartman
2019-05-30 3:04 ` [PATCH 5.1 281/405] clk: renesas: rcar-gen3: Correct parent clock of Audio-DMAC Greg Kroah-Hartman
2019-05-30 3:04 ` [PATCH 5.1 282/405] HID: logitech-hidpp: change low battery level threshold from 31 to 30 percent Greg Kroah-Hartman
2019-05-30 3:04 ` [PATCH 5.1 283/405] spi: tegra114: reset controller on probe Greg Kroah-Hartman
2019-05-30 3:04 ` [PATCH 5.1 284/405] habanalabs: prevent CPU soft lockup on Palladium Greg Kroah-Hartman
2019-05-30 3:04 ` [PATCH 5.1 285/405] kobject: Dont trigger kobject_uevent(KOBJ_REMOVE) twice Greg Kroah-Hartman
2019-05-30 3:04 ` [PATCH 5.1 286/405] media: video-mux: fix null pointer dereferences Greg Kroah-Hartman
2019-05-30 3:04 ` [PATCH 5.1 287/405] media: wl128x: prevent two potential buffer overflows Greg Kroah-Hartman
2019-05-30 3:04 ` [PATCH 5.1 288/405] media: gspca: Kill URBs on USB device disconnect Greg Kroah-Hartman
2019-05-30 3:04 ` [PATCH 5.1 289/405] efifb: Omit memory map check on legacy boot Greg Kroah-Hartman
2019-05-30 3:04 ` [PATCH 5.1 290/405] media: mtk-vcodec: fix access to incorrect planes member Greg Kroah-Hartman
2019-05-30 3:04 ` [PATCH 5.1 291/405] thunderbolt: property: Fix a missing check of kzalloc Greg Kroah-Hartman
2019-05-30 3:04 ` [PATCH 5.1 292/405] thunderbolt: Fix to check the return value of kmemdup Greg Kroah-Hartman
2019-05-30 3:04 ` [PATCH 5.1 293/405] drm: rcar-du: lvds: Set LVEN and LVRES bits together on D3 Greg Kroah-Hartman
2019-05-30 3:04 ` [PATCH 5.1 294/405] drm: rcar-du: lvds: Fix post-DLL divider calculation Greg Kroah-Hartman
2019-05-30 3:04 ` [PATCH 5.1 295/405] timekeeping: Force upper bound for setting CLOCK_REALTIME Greg Kroah-Hartman
2019-05-30 3:04 ` [PATCH 5.1 296/405] IB/mlx5: Compare only index part of a memory window rkey Greg Kroah-Hartman
2019-05-30 3:04 ` [PATCH 5.1 297/405] scsi: qedf: Add missing return in qedf_post_io_req() in the fcport offload check Greg Kroah-Hartman
2019-05-30 3:04 ` [PATCH 5.1 298/405] misc: fastrpc: consider address offset before sending to DSP Greg Kroah-Hartman
2019-05-30 3:04 ` [PATCH 5.1 299/405] misc: fastrpc: make sure memory read and writes are visible Greg Kroah-Hartman
2019-05-30 3:04 ` [PATCH 5.1 300/405] misc: fastrpc: Fix a possible double free Greg Kroah-Hartman
2019-05-30 3:04 ` [PATCH 5.1 301/405] virtio_console: initialize vtermno value for ports Greg Kroah-Hartman
2019-05-30 3:05 ` [PATCH 5.1 302/405] tty: ipwireless: fix missing checks for ioremap Greg Kroah-Hartman
2019-05-30 3:05 ` [PATCH 5.1 303/405] staging: mt7621-mmc: Initialize completions a single time during probe Greg Kroah-Hartman
2019-05-30 3:05 ` [PATCH 5.1 304/405] overflow: Fix -Wtype-limits compilation warnings Greg Kroah-Hartman
2019-05-30 3:05 ` [PATCH 5.1 305/405] x86/mce: Fix machine_check_poll() tests for error types Greg Kroah-Hartman
2019-05-30 3:05 ` [PATCH 5.1 306/405] rcutorture: Fix cleanup path for invalid torture_type strings Greg Kroah-Hartman
2019-05-30 3:05 ` [PATCH 5.1 307/405] x86/mce: Handle varying MCA bank counts Greg Kroah-Hartman
2019-05-30 3:05 ` [PATCH 5.1 308/405] rcuperf: Fix cleanup path for invalid perf_type strings Greg Kroah-Hartman
2019-05-30 3:05 ` [PATCH 5.1 309/405] rcu: Do a single rhp->func read in rcu_head_after_call_rcu() Greg Kroah-Hartman
2019-05-30 3:05 ` [PATCH 5.1 310/405] x86/platform/uv: Fix missing checks of kcalloc() return values Greg Kroah-Hartman
2019-05-30 3:05 ` [PATCH 5.1 311/405] RDMA/rxe: Fix slab-out-bounds access which lead to kernel crash later Greg Kroah-Hartman
2019-05-30 3:05 ` [PATCH 5.1 312/405] spi: stm32-qspi: add spi_master_put in release function Greg Kroah-Hartman
2019-05-30 3:05 ` [PATCH 5.1 313/405] usb: core: Add PM runtime calls to usb_hcd_platform_shutdown Greg Kroah-Hartman
2019-05-30 3:05 ` [PATCH 5.1 314/405] ice: Fix for adaptive interrupt moderation Greg Kroah-Hartman
2019-05-30 3:05 ` [PATCH 5.1 315/405] scsi: qla4xxx: avoid freeing unallocated dma memory Greg Kroah-Hartman
2019-05-30 3:05 ` [PATCH 5.1 316/405] scsi: lpfc: avoid uninitialized variable warning Greg Kroah-Hartman
2019-05-30 3:05 ` [PATCH 5.1 317/405] media: vicodec: bugfix - call v4l2_m2m_buf_copy_metadata also if decoding fails Greg Kroah-Hartman
2019-05-30 3:05 ` [PATCH 5.1 318/405] ice: Prevent unintended multiple chain resets Greg Kroah-Hartman
2019-05-30 3:05 ` [PATCH 5.1 319/405] selinux: avoid uninitialized variable warning Greg Kroah-Hartman
2019-05-30 3:05 ` [PATCH 5.1 320/405] batman-adv: allow updating DAT entry timeouts on incoming ARP Replies Greg Kroah-Hartman
2019-05-30 3:05 ` [PATCH 5.1 321/405] dmaengine: tegra210-adma: use devm_clk_*() helpers Greg Kroah-Hartman
2019-05-30 3:05 ` [PATCH 5.1 322/405] x86/CPU/hygon: Fix phys_proc_id calculation logic for multi-die processors Greg Kroah-Hartman
2019-05-30 3:05 ` [PATCH 5.1 323/405] net/mlx5e: Fix compilation warning in en_tc.c Greg Kroah-Hartman
2019-05-30 3:05 ` [PATCH 5.1 324/405] staging: mt7621-mmc: Check for nonzero number of scatterlist entries Greg Kroah-Hartman
2019-05-30 3:05 ` [PATCH 5.1 325/405] hwrng: omap - Set default quality Greg Kroah-Hartman
2019-05-30 3:05 ` [PATCH 5.1 326/405] thunderbolt: Fix to check return value of ida_simple_get Greg Kroah-Hartman
2019-05-30 3:05 ` [PATCH 5.1 327/405] thunderbolt: Fix to check for kmemdup failure Greg Kroah-Hartman
2019-05-30 3:05 ` [PATCH 5.1 328/405] spi: export tracepoint symbols to modules Greg Kroah-Hartman
2019-05-30 3:05 ` [PATCH 5.1 329/405] regulator: add regulator_get_linear_step() stub helper Greg Kroah-Hartman
2019-05-30 3:05 ` [PATCH 5.1 330/405] drm/amd/display: fix releasing planes when exiting odm Greg Kroah-Hartman
2019-05-30 3:05 ` [PATCH 5.1 331/405] drm/amd/display: Link train only when link is DP and backend is enabled Greg Kroah-Hartman
2019-05-30 3:05 ` [PATCH 5.1 332/405] drm/amd/display: Update ABM crtc state on non-modeset Greg Kroah-Hartman
2019-05-30 3:05 ` [PATCH 5.1 333/405] drm/amd/display: Reset alpha state for planes to the correct values Greg Kroah-Hartman
2019-05-30 3:05 ` [PATCH 5.1 334/405] thunderbolt: property: Fix a NULL pointer dereference Greg Kroah-Hartman
2019-05-30 3:05 ` [PATCH 5.1 335/405] media: v4l2-fwnode: The first default data lane is 0 on C-PHY Greg Kroah-Hartman
2019-05-30 3:05 ` [PATCH 5.1 336/405] media: ov7670: restore default settings after power-up Greg Kroah-Hartman
2019-05-30 3:05 ` [PATCH 5.1 337/405] media: staging/intel-ipu3: mark PM function as __maybe_unused Greg Kroah-Hartman
2019-05-30 3:05 ` [PATCH 5.1 338/405] media: vicodec: reset last_src/dst_buf based on the IS_OUTPUT Greg Kroah-Hartman
2019-05-30 3:05 ` [PATCH 5.1 339/405] ice: Fix issue with VF reset and multiple VFs support on PFs Greg Kroah-Hartman
2019-05-30 3:05 ` [PATCH 5.1 340/405] e1000e: Disable runtime PM on CNP+ Greg Kroah-Hartman
2019-05-30 3:05 ` [PATCH 5.1 341/405] tinydrm/mipi-dbi: Use dma-safe buffers for all SPI transfers Greg Kroah-Hartman
2019-05-30 3:05 ` [PATCH 5.1 342/405] igb: Exclude device from suspend direct complete optimization Greg Kroah-Hartman
2019-05-30 3:05 ` [PATCH 5.1 343/405] media: si2165: fix a missing check of return value Greg Kroah-Hartman
2019-05-30 3:05 ` [PATCH 5.1 344/405] media: dvbsky: Avoid leaking dvb frontend Greg Kroah-Hartman
2019-05-30 3:05 ` [PATCH 5.1 345/405] media: m88ds3103: serialize reset messages in m88ds3103_set_frontend Greg Kroah-Hartman
2019-05-30 3:05 ` [PATCH 5.1 346/405] drm/amd/display: add pipe lock during stream update Greg Kroah-Hartman
2019-05-30 3:05 ` [PATCH 5.1 347/405] media: staging: davinci_vpfe: disallow building with COMPILE_TEST Greg Kroah-Hartman
2019-05-30 3:05 ` [PATCH 5.1 348/405] drm/amd/display: Fix Divide by 0 in memory calculations Greg Kroah-Hartman
2019-05-30 3:05 ` [PATCH 5.1 349/405] drm/amd/display: Re-add custom degamma support Greg Kroah-Hartman
2019-05-30 3:05 ` [PATCH 5.1 350/405] drm/amd/display: half bandwidth for YCbCr420 during validation Greg Kroah-Hartman
2019-05-30 3:05 ` [PATCH 5.1 351/405] drm/amd/display: Set stream->mode_changed when connectors change Greg Kroah-Hartman
2019-05-30 3:05 ` [PATCH 5.1 352/405] scsi: ufs: fix a missing check of devm_reset_control_get Greg Kroah-Hartman
2019-05-30 3:05 ` [PATCH 5.1 353/405] media: vimc: stream: fix thread state before sleep Greg Kroah-Hartman
2019-05-30 3:05 ` [PATCH 5.1 354/405] media: gspca: do not resubmit URBs when streaming has stopped Greg Kroah-Hartman
2019-05-30 3:05 ` [PATCH 5.1 355/405] media: vicodec: avoid clang frame size warning Greg Kroah-Hartman
2019-05-30 3:05 ` [PATCH 5.1 356/405] media: go7007: avoid clang frame overflow warning with KASAN Greg Kroah-Hartman
2019-05-30 3:05 ` [PATCH 5.1 357/405] media: mtk-vcodec: fix access to vb2_v4l2_buffer struct Greg Kroah-Hartman
2019-05-30 3:05 ` [PATCH 5.1 358/405] media: imx: vdic: Restore default case to prepare_vdi_in_buffers() Greg Kroah-Hartman
2019-05-30 3:05 ` [PATCH 5.1 359/405] media: vimc: zero the media_device on probe Greg Kroah-Hartman
2019-05-30 3:05 ` [PATCH 5.1 360/405] media: vim2m: replace devm_kzalloc by kzalloc Greg Kroah-Hartman
2019-05-30 3:05 ` [PATCH 5.1 361/405] media: cedrus: Add a quirk for not setting DMA offset Greg Kroah-Hartman
2019-05-30 3:06 ` [PATCH 5.1 362/405] scsi: lpfc: Fix FDMI manufacturer attribute value Greg Kroah-Hartman
2019-05-30 3:06 ` [PATCH 5.1 363/405] scsi: lpfc: Fix fc4type information for FDMI Greg Kroah-Hartman
2019-05-30 3:06 ` [PATCH 5.1 364/405] scsi: lpfc: Fix io lost on host resets Greg Kroah-Hartman
2019-05-30 3:06 ` [PATCH 5.1 365/405] media: saa7146: avoid high stack usage with clang Greg Kroah-Hartman
2019-05-30 3:06 ` [PATCH 5.1 366/405] scsi: lpfc: Fix SLI3 commands being issued on SLI4 devices Greg Kroah-Hartman
2019-05-30 3:06 ` [PATCH 5.1 367/405] scsi: lpfc: Fix mailbox hang on adapter init Greg Kroah-Hartman
2019-05-30 3:06 ` [PATCH 5.1 368/405] scsi: lpfc: Resolve inconsistent check of hdwq in lpfc_scsi_cmd_iocb_cmpl Greg Kroah-Hartman
2019-05-30 3:06 ` [PATCH 5.1 369/405] scsi: lpfc: Resolve irq-unsafe lockdep heirarchy warning in lpfc_io_free Greg Kroah-Hartman
2019-05-30 3:06 ` [PATCH 5.1 370/405] scsi: lpfc: Fix use-after-free mailbox cmd completion Greg Kroah-Hartman
2019-05-30 3:06 ` [PATCH 5.1 371/405] audit: fix a memleak caused by auditing load module Greg Kroah-Hartman
2019-05-30 3:06 ` [PATCH 5.1 372/405] spi : spi-topcliff-pch: Fix to handle empty DMA buffers Greg Kroah-Hartman
2019-05-30 3:06 ` [PATCH 5.1 373/405] drm: writeback: Fix leak of writeback job Greg Kroah-Hartman
2019-05-30 3:06 ` [PATCH 5.1 374/405] drm/omap: dsi: Fix PM for display blank with paired dss_pll calls Greg Kroah-Hartman
2019-05-30 3:06 ` [PATCH 5.1 375/405] drm/omap: Notify all devices in the pipeline of output disconnection Greg Kroah-Hartman
2019-05-30 3:06 ` [PATCH 5.1 376/405] spi: rspi: Fix sequencer reset during initialization Greg Kroah-Hartman
2019-05-30 3:06 ` [PATCH 5.1 377/405] regulator: wm831x ldo: Fix notifier mutex lock warning Greg Kroah-Hartman
2019-05-30 3:06 ` [PATCH 5.1 378/405] regulator: wm831x isink: " Greg Kroah-Hartman
2019-05-30 3:06 ` [PATCH 5.1 379/405] regulator: ltc3676: " Greg Kroah-Hartman
2019-05-30 3:06 ` [PATCH 5.1 380/405] regulator: ltc3589: " Greg Kroah-Hartman
2019-05-30 3:06 ` [PATCH 5.1 381/405] regulator: pv88060: " Greg Kroah-Hartman
2019-05-30 3:06 ` [PATCH 5.1 382/405] spi: imx: stop buffer overflow in RX FIFO flush Greg Kroah-Hartman
2019-05-30 3:06 ` [PATCH 5.1 383/405] regulator: lp8755: Fix notifier mutex lock warning Greg Kroah-Hartman
2019-05-30 3:06 ` [PATCH 5.1 384/405] regulator: da9211: " Greg Kroah-Hartman
2019-05-30 3:06 ` [PATCH 5.1 385/405] regulator: da9063: " Greg Kroah-Hartman
2019-05-30 3:06 ` [PATCH 5.1 386/405] regulator: pv88080: " Greg Kroah-Hartman
2019-05-30 3:06 ` [PATCH 5.1 387/405] regulator: wm831x: " Greg Kroah-Hartman
2019-05-30 3:06 ` [PATCH 5.1 388/405] regulator: pv88090: " Greg Kroah-Hartman
2019-05-30 3:06 ` [PATCH 5.1 389/405] regulator: da9062: " Greg Kroah-Hartman
2019-05-30 3:06 ` [PATCH 5.1 390/405] regulator: da9055: " Greg Kroah-Hartman
2019-05-30 3:06 ` [PATCH 5.1 391/405] spi: Fix zero length xfer bug Greg Kroah-Hartman
2019-05-30 3:06 ` [PATCH 5.1 392/405] ASoC: davinci-mcasp: Fix clang warning without CONFIG_PM Greg Kroah-Hartman
2019-05-30 3:06 ` [PATCH 5.1 393/405] ASoC: ti: fix davinci_mcasp_probe dependencies Greg Kroah-Hartman
2019-05-30 3:06 ` [PATCH 5.1 394/405] drm/v3d: Handle errors from IRQ setup Greg Kroah-Hartman
2019-05-30 3:06 ` [PATCH 5.1 395/405] drm/amd/display: Fix exception from AUX acquire failure Greg Kroah-Hartman
2019-05-30 3:06 ` [PATCH 5.1 396/405] drm/amd/display: Reset planes that were disabled in init_pipes Greg Kroah-Hartman
2019-05-30 3:06 ` [PATCH 5.1 397/405] drm/drv: Hold ref on parent device during drm_device lifetime Greg Kroah-Hartman
2019-05-30 3:06 ` [PATCH 5.1 398/405] drm: Wake up next in drm_read() chain if we are forced to putback the event Greg Kroah-Hartman
2019-05-30 3:06 ` [PATCH 5.1 399/405] drm/sun4i: dsi: Change the start delay calculation Greg Kroah-Hartman
2019-05-30 3:06 ` [PATCH 5.1 400/405] drm/sun4i: dsi: Restrict DSI tcon clock divider Greg Kroah-Hartman
2019-05-30 3:06 ` [PATCH 5.1 401/405] vfio-ccw: Prevent quiesce function going into an infinite loop Greg Kroah-Hartman
2019-05-30 3:06 ` [PATCH 5.1 402/405] extcon: axp288: Add a depends on ACPI to the Kconfig entry Greg Kroah-Hartman
2019-05-30 3:06 ` [PATCH 5.1 403/405] ice: Put __ICE_PREPARED_FOR_RESET check in ice_prepare_for_reset Greg Kroah-Hartman
2019-05-30 3:06 ` [PATCH 5.1 404/405] drm/sun4i: dsi: Enforce boundaries on the start delay Greg Kroah-Hartman
2019-05-30 3:06 ` [PATCH 5.1 405/405] NFS: Fix a double unlock from nfs_match,get_client Greg Kroah-Hartman
2019-05-30 7:09 ` [PATCH 5.1 000/405] 5.1.6-stable review kernelci.org bot
2019-05-30 13:23 ` Jon Hunter
2019-05-30 13:23 ` Jon Hunter
2019-05-30 13:32 ` Greg Kroah-Hartman
2019-05-30 18:35 ` Guenter Roeck
2019-05-30 20:18 ` Greg Kroah-Hartman
2019-05-30 19:30 ` shuah
2019-05-30 20:18 ` Greg Kroah-Hartman
2019-05-31 14:16 ` Dan Rue
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.