* [PATCH 5.15 000/371] 5.15.111-rc1 review
@ 2023-05-08 9:43 Greg Kroah-Hartman
2023-05-08 9:43 ` [PATCH 5.15 001/371] ASOC: Intel: sof_sdw: add quirk for Intel Rooks County NUC M15 Greg Kroah-Hartman
` (374 more replies)
0 siblings, 375 replies; 391+ messages in thread
From: Greg Kroah-Hartman @ 2023-05-08 9:43 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, linux-kernel, torvalds, akpm, linux,
shuah, patches, lkft-triage, pavel, jonathanh, f.fainelli,
sudipm.mukherjee, srw, rwarsow
This is the start of the stable review cycle for the 5.15.111 release.
There are 371 patches in this series, all will be posted as a response
to this one. If anyone has any issues with these being applied, please
let me know.
Responses should be made by Wed, 10 May 2023 09:47:07 +0000.
Anything received after that time might be too late.
The whole patch series can be found in one patch at:
https://www.kernel.org/pub/linux/kernel/v5.x/stable-review/patch-5.15.111-rc1.gz
or in the git tree and branch at:
git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-5.15.y
and the diffstat can be found below.
thanks,
greg k-h
-------------
Pseudo-Shortlog of commits:
Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Linux 5.15.111-rc1
Vincent Guittot <vincent.guittot@linaro.org>
arm64: dts: qcom: sdm845: correct dynamic power coefficients - again
Miles Chen <miles.chen@mediatek.com>
sound/oss/dmasound: fix 'dmasound_setup' defined but not used
Thomas Gleixner <tglx@linutronix.de>
debugobject: Ensure pool refill (again)
Adrian Hunter <adrian.hunter@intel.com>
perf intel-pt: Fix CYC timestamps after standalone CBR
Adrian Hunter <adrian.hunter@intel.com>
perf auxtrace: Fix address filter entire kernel size
Li Lingfeng <lilingfeng3@huawei.com>
dm: don't lock fs when the map is NULL in process of resume
Mike Snitzer <snitzer@kernel.org>
dm ioctl: fix nested locking in table_clear() to remove deadlock concern
Mikulas Patocka <mpatocka@redhat.com>
dm flakey: fix a crash with invalid table line
Mike Snitzer <snitzer@kernel.org>
dm integrity: call kmem_cache_destroy() in dm_integrity_init() error path
Mike Snitzer <snitzer@kernel.org>
dm clone: call kmem_cache_destroy() in dm_clone_init() error path
Yeongjin Gil <youngjin.gil@samsung.com>
dm verity: fix error handling for check_at_most_once on FEC
Hugh Dickins <hughd@google.com>
ia64: fix an addr to taddr in huge_pte_offset()
Stefan Haberland <sth@linux.ibm.com>
s390/dasd: fix hanging blockdevice after request requeue
Qu Wenruo <wqu@suse.com>
btrfs: scrub: reject unsupported scrub flags
Peng Liu <liupeng17@lenovo.com>
scripts/gdb: fix lx-timerlist for Python3
Quentin Schulz <quentin.schulz@theobroma-systems.com>
clk: rockchip: rk3399: allow clk_cifout to force clk_cifout_src to reparent
Bitterblue Smith <rtl8821cerfe2@gmail.com>
wifi: rtl8xxxu: RTL8192EU always needs full init
Tanmay Shah <tanmay.shah@amd.com>
mailbox: zynqmp: Fix typo in IPI documentation
Tanmay Shah <tanmay.shah@amd.com>
mailbox: zynqmp: Fix IPI isr handling
Michael Walle <michael@walle.cc>
mtd: core: fix error path for nvmem provider
Michael Walle <michael@walle.cc>
mtd: core: fix nvmem error reporting
Michael Walle <michael@walle.cc>
mtd: core: provide unique name for nvmem device, take two
Li Nan <linan122@huawei.com>
md/raid10: fix null-ptr-deref in raid10_sync_request
Ryusuke Konishi <konishi.ryusuke@gmail.com>
nilfs2: fix infinite loop in nilfs_mdt_get_block()
Ryusuke Konishi <konishi.ryusuke@gmail.com>
nilfs2: do not write dirty data after degenerating to read-only
Geraldo Nascimento <geraldogabriel@gmail.com>
ALSA: usb-audio: Add quirk for Pioneer DDJ-800
Helge Deller <deller@gmx.de>
parisc: Fix argument pointer in real64_call_asm()
Marc Dionne <marc.dionne@auristor.com>
afs: Fix updating of i_size with dv jump from server
Matthias Schiffer <matthias.schiffer@ew.tq-group.com>
mfd: tqmx86: Correct board names for TQMxE39x
Matthias Schiffer <matthias.schiffer@ew.tq-group.com>
mfd: tqmx86: Specify IO port register range more precisely
Matthias Schiffer <matthias.schiffer@ew.tq-group.com>
mfd: tqmx86: Do not access I2C_DETECT register through io_base
Kang Chen <void0red@hust.edu.cn>
thermal/drivers/mediatek: Use devm_of_iomap to avoid resource leak in mtk_thermal_probe
Claudiu Beznea <claudiu.beznea@microchip.com>
dmaengine: at_xdmac: do not enable all cyclic channels
Tudor Ambarus <tudor.ambarus@microchip.com>
dmaengine: at_xdmac: Fix race for the tx desc callback
Tudor Ambarus <tudor.ambarus@microchip.com>
dmaengine: at_xdmac: Fix concurrency over chan's completed_cookie
Shunsuke Mie <mie@igel.co.jp>
dmaengine: dw-edma: Fix to enable to issue dma request on DMA processing
Shunsuke Mie <mie@igel.co.jp>
dmaengine: dw-edma: Fix to change for continuous transfer
Dmitry Baryshkov <dmitry.baryshkov@linaro.org>
dma: gpi: remove spurious unlock in gpi_ch_init
Gaosheng Cui <cuigaosheng1@huawei.com>
phy: tegra: xusb: Add missing tegra_xusb_port_unregister for usb2_port and ulpi_port
AngeloGioacchino Del Regno <angelogioacchino.delregno@collabora.com>
pwm: mtk-disp: Configure double buffering before reading in .get_state()
AngeloGioacchino Del Regno <angelogioacchino.delregno@collabora.com>
pwm: mtk-disp: Disable shadow registers before setting backlight values
H. Nikolaus Schaller <hns@goldelico.com>
leds: tca6507: Fix error handling of using fwnode_property_read_string
Christophe JAILLET <christophe.jaillet@wanadoo.fr>
dmaengine: mv_xor_v2: Fix an error code.
Randy Dunlap <rdunlap@infradead.org>
leds: TI_LMU_COMMON: select REGMAP instead of depending on it
Hai Pham <hai.pham.ud@renesas.com>
pinctrl: renesas: r8a779a0: Remove incorrect AVB[01] pinmux configuration
Ye Bin <yebin10@huawei.com>
ext4: fix use-after-free read in ext4_find_extent for bigalloc + inline
Zhihao Cheng <chengzhihao1@huawei.com>
ext4: fix i_disksize exceeding i_size problem in paritally written case
Bharath SM <bharathsm@microsoft.com>
SMB3: Close deferred file handles in case of handle lease break
Bharath SM <bharathsm@microsoft.com>
SMB3: Add missing locks to protect deferred close file list
Geert Uytterhoeven <geert+renesas@glider.be>
timekeeping: Fix references to nonexistent ktime_get_fast_ns()
Stafford Horne <shorne@gmail.com>
openrisc: Properly store r31 to pt_regs on unhandled exceptions
Qinrun Dai <flno@hust.edu.cn>
clocksource/drivers/davinci: Fix memory leak in davinci_timer_register when init fails
Mark Zhang <markzhang@nvidia.com>
RDMA/mlx5: Use correct device num_ports when modify DC
Dai Ngo <dai.ngo@oracle.com>
SUNRPC: remove the maximum number of retries in call_bind_status
Mark Bloch <mbloch@nvidia.com>
RDMA/mlx5: Fix flow counter query via DEVX
Miaoqian Lin <linmq006@gmail.com>
Input: raspberrypi-ts - fix refcount leak in rpi_ts_probe
Dmitry Baryshkov <dmitry.baryshkov@linaro.org>
clk: qcom: gcc-sm8350: fix PCIe PIPE clocks handling
Dmitry Baryshkov <dmitry.baryshkov@linaro.org>
clk: qcom: regmap: add PHY clock source implementation
Trond Myklebust <trond.myklebust@hammerspace.com>
NFSv4.1: Always send a RECLAIM_COMPLETE after establishing lease
Patrick Kelsey <pat.kelsey@cornelisnetworks.com>
IB/hfi1: Fix bugs with non-PAGE_SIZE-end multi-iovec user SDMA requests
Patrick Kelsey <pat.kelsey@cornelisnetworks.com>
IB/hfi1: Fix SDMA mmu_rb_node not being evicted in LRU order
Saravanan Vajravel <saravanan.vajravel@broadcom.com>
RDMA/srpt: Add a check for valid 'mad_agent' pointer
Mark Zhang <markzhang@nvidia.com>
RDMA/cm: Trace icm_send_rej event before the cm state is reset
Konrad Dybcio <konrad.dybcio@linaro.org>
clk: qcom: gcc-sm6115: Mark RCGs shared where applicable
Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
RDMA/siw: Remove namespace check from siw_netdev_event()
Clément Léger <clement.leger@bootlin.com>
clk: add missing of_node_put() in "assigned-clocks" property parsing
Sebastian Reichel <sre@kernel.org>
power: supply: generic-adc-battery: fix unit scaling
Zeng Heng <zengheng4@huawei.com>
fs/ntfs3: Fix slab-out-of-bounds read in hdr_delete_de()
ZhangPeng <zhangpeng362@huawei.com>
fs/ntfs3: Fix OOB read in indx_insert_into_buffer
ZhangPeng <zhangpeng362@huawei.com>
fs/ntfs3: Fix null-ptr-deref on inode->i_op in ntfs_lookup()
Jiasheng Jiang <jiasheng@iscas.ac.cn>
fs/ntfs3: Add check for kmemdup
Chen Zhongjin <chenzhongjin@huawei.com>
fs/ntfs3: Fix memory leak if ntfs_read_mft failed
Martin Blumenstingl <martin.blumenstingl@googlemail.com>
rtc: meson-vrtc: Use ktime_get_real_ts64() to get the current time
Dan Carpenter <error27@gmail.com>
RDMA/mlx4: Prevent shift wrapping in set_user_sq_size()
Krzysztof Kozlowski <krzysztof.kozlowski@linaro.org>
rtc: omap: include header for omap_rtc_power_off_program prototype
Petr Mladek <pmladek@suse.com>
workqueue: Fix hung time report of worker pools
Imran Khan <imran.f.khan@oracle.com>
workqueue: Introduce show_one_worker_pool and show_one_workqueue.
Natalia Petrova <n.petrova@fintech.ru>
RDMA/rdmavt: Delete unnecessary NULL check
Daniil Dulov <d.dulov@aladdin.ru>
RDMA/siw: Fix potential page_array out of range access
Claudiu Beznea <claudiu.beznea@microchip.com>
clk: at91: clk-sam9x60-pll: fix return value check
Schspa Shi <schspa@gmail.com>
sched/rt: Fix bad task migration for rt tasks
Josh Poimboeuf <jpoimboe@kernel.org>
Revert "objtool: Support addition to set CFA base"
Yang Jihong <yangjihong1@huawei.com>
perf/core: Fix hardlockup failure caused by perf throttle
Libo Chen <libo.chen@oracle.com>
sched/fair: Fix inaccurate tally of ttwu_move_affine
Yafang Shao <laoar.shao@gmail.com>
sched: Make struct sched_statistics independent of fair sched class
Yafang Shao <laoar.shao@gmail.com>
sched/fair: Use __schedstat_set() in set_next_entity()
Nathan Lynch <nathanl@linux.ibm.com>
powerpc/rtas: use memmove for potentially overlapping buffer copy
Randy Dunlap <rdunlap@infradead.org>
macintosh: via-pmu-led: requires ATA to be set
Randy Dunlap <rdunlap@infradead.org>
powerpc/sysdev/tsi108: fix resource printk format warnings
Randy Dunlap <rdunlap@infradead.org>
powerpc/wii: fix resource printk format warnings
Randy Dunlap <rdunlap@infradead.org>
powerpc/mpc512x: fix resource printk format warning
Liang He <windhl@126.com>
macintosh/windfarm_smu_sat: Add missing of_node_put()
Dhruva Gole <d-gole@ti.com>
spi: bcm63xx: remove PM_SLEEP based conditional compilation
Albert Huang <huangjie.albert@bytedance.com>
virtio_ring: don't update event idx on get_buf
Jishnu Prakash <quic_jprakash@quicinc.com>
spmi: Add a check for remove callback when removing a SPMI driver
Philipp Hortmann <philipp.g.hortmann@gmail.com>
staging: rtl8192e: Fix W_DISABLE# does not work after stop/start
Florian Fainelli <f.fainelli@gmail.com>
serial: 8250: Add missing wakeup event reporting
Shenwei Wang <shenwei.wang@nxp.com>
tty: serial: fsl_lpuart: adjust buffer length to the intended size
Dan Carpenter <dan.carpenter@linaro.org>
firmware: stratix10-svc: Fix an NULL vs IS_ERR() bug in probe
Chunfeng Yun <chunfeng.yun@mediatek.com>
usb: mtu3: fix kernel panic at qmu transfer done irq handler
Yinhao Hu <dddddd@hust.edu.cn>
usb: chipidea: fix missing goto in `ci_hdrc_probe`
Jon Hunter <jonathanh@nvidia.com>
usb: gadget: tegra-xudc: Fix crash in vbus_draw
John Paul Adrian Glaubitz <glaubitz@physik.fu-berlin.de>
sh: sq: Fix incorrect element size for allocating bitmap buffer
Kevin Brodsky <kevin.brodsky@arm.com>
uapi/linux/const.h: prefer ISO-friendly __typeof__
Florian Fainelli <f.fainelli@gmail.com>
scripts/gdb: raise error with reduced debugging information
Lars-Peter Clausen <lars@metafoo.de>
i2c: cadence: cdns_i2c_master_xfer(): Fix runtime PM leak on error path
Dhruva Gole <d-gole@ti.com>
spi: cadence-quadspi: fix suspend-resume implementations
Liliang Ye <yll@hust.edu.cn>
ASoC: fsl_mqs: move of_node_put() to the correct location
Suzuki K Poulose <suzuki.poulose@arm.com>
coresight: etm_pmu: Set the module field
Basavaraj Natikar <Basavaraj.Natikar@amd.com>
HID: amd_sfh: Add support for shutdown operation
Florian Fainelli <f.fainelli@gmail.com>
scripts/gdb: bail early if there are no generic PD
Florian Fainelli <f.fainelli@gmail.com>
scripts/gdb: bail early if there are no clocks
Randy Dunlap <rdunlap@infradead.org>
ia64: salinfo: placate defined-but-not-used warning
Randy Dunlap <rdunlap@infradead.org>
ia64: mm/contig: fix section mismatch warning/error
Kuppuswamy Sathyanarayanan <sathyanarayanan.kuppuswamy@linux.intel.com>
PCI/EDR: Clear Device Status after EDR error recovery
Miquel Raynal <miquel.raynal@bootlin.com>
of: Fix modalias string generation
Dae R. Jeong <threeearcat@gmail.com>
vmci_host: fix a race condition in vmci_host_poll() causing GPF
Christophe Leroy <christophe.leroy@csgroup.eu>
spi: fsl-spi: Fix CPM/QE mode Litte Endian
Uwe Kleine-König <u.kleine-koenig@pengutronix.de>
spi: qup: Don't skip cleanup in remove's error path
Randy Dunlap <rdunlap@infradead.org>
linux/vt_buffer.h: allow either builtin or modular for macros
Cristian Ciocaltea <cristian.ciocaltea@collabora.com>
ASoC: es8316: Handle optional IRQ assignment
H. Nikolaus Schaller <hns@goldelico.com>
PCI: imx6: Install the fault handler only on compatible match
Zheng Wang <zyytlz.wz@163.com>
usb: gadget: udc: renesas_usb3: Fix use after free bug in renesas_usb3_remove due to race condition
Uwe Kleine-König <u.kleine-koenig@pengutronix.de>
spi: imx: Don't skip cleanup in remove's error path
Minghao Chi <chi.minghao@zte.com.cn>
spi: spi-imx: using pm_runtime_resume_and_get instead of pm_runtime_get_sync
Doug Berger <opendmb@gmail.com>
serial: 8250_bcm7271: Fix arbitration handling
Krzysztof Kozlowski <krzysztof.kozlowski@linaro.org>
iio: light: max44009: add missing OF device matching
Marco Pagani <marpagan@redhat.com>
fpga: bridge: fix kernel-doc parameter description
Marek Vasut <marex@denx.de>
serial: stm32: Re-assert RTS/DE GPIO in RS485 mode only if more data are transmitted
Erwan Le Ray <erwan.leray@foss.st.com>
serial: stm32: re-introduce an irq flag condition in usart_receive_chars
Prashanth K <quic_prashk@quicinc.com>
usb: dwc3: gadget: Change condition for processing suspend event
Wolfram Sang <wsa+renesas@sang-engineering.com>
usb: host: xhci-rcar: remove leftover quirk handling
John Stultz <jstultz@google.com>
pstore: Revert pmsg_lock back to a normal mutex
Hans de Goede <hdegoede@redhat.com>
drivers: staging: rtl8723bs: Fix locking in rtw_scan_timeout_handler()
Hans de Goede <hdegoede@redhat.com>
drivers: staging: rtl8723bs: Fix locking in _rtw_join_timeout_handler()
Randy Dunlap <rdunlap@infradead.org>
ipmi: ASPEED_BT_IPMI_BMC: select REGMAP_MMIO instead of depending on it
Kuniyuki Iwashima <kuniyu@amazon.com>
tcp/udp: Fix memleaks of sk and zerocopy skbs with TX timestamp.
Gencen Gan <gangecen@hust.edu.cn>
net: amd: Fix link leak when verifying config failed
Kuniyuki Iwashima <kuniyu@amazon.com>
netlink: Use copy_to_user() for optval in netlink_getsockopt().
Liu Jian <liujian56@huawei.com>
Revert "Bluetooth: btsdio: fix use after free bug in btsdio_remove due to unfinished work"
Ziyang Xuan <william.xuanziyang@huawei.com>
ipv4: Fix potential uninit variable access bug in __ip_make_skb()
Davide Caratti <dcaratti@redhat.com>
net/sched: sch_fq: fix integer overflow of "credit"
Florian Westphal <fw@strlen.de>
netfilter: nf_tables: don't write table validation state without mutex
Stanislav Fomichev <sdf@google.com>
bpf: Don't EFAULT for getsockopt with optval=NULL
Yan Wang <rk.code@outlook.com>
net: stmmac:fix system hang when setting up tag_8021q VLAN for DSA ports
Chris Mi <cmi@nvidia.com>
net/mlx5: E-switch, Don't destroy indirect table in split rule
Joe Damato <jdamato@fastly.com>
ixgbe: Enable setting RSS table to default values
Joe Damato <jdamato@fastly.com>
ixgbe: Allow flow hash to be set via ethtool
Johannes Berg <johannes.berg@intel.com>
wifi: iwlwifi: fw: fix memory leak in debugfs
Johannes Berg <johannes.berg@intel.com>
wifi: iwlwifi: mvm: check firmware response size
Quan Zhou <quan.zhou@mediatek.com>
wifi: mt76: mt7921e: improve reliability of dma reset
Ming Yen Hsieh <mingyen.hsieh@mediatek.com>
wifi: mt76: fix 6GHz high channel not be scanned
Quan Zhou <quan.zhou@mediatek.com>
wifi: mt76: mt7921e: fix probe timeout after reboot
Deren Wu <deren.wu@mediatek.com>
wifi: mt76: add flexible polling wait-interval support
Kang Chen <void0red@gmail.com>
wifi: mt76: handle failure of vzalloc in mt7615_coredump_work
Emmanuel Grumbach <emmanuel.grumbach@intel.com>
wifi: iwlwifi: make the loop for card preparation effective
Jan Kara <jack@suse.cz>
jdb2: Don't refuse invalidation of already invalidated buffers
Tom Rix <trix@redhat.com>
wifi: iwlwifi: fw: move memset before early return
Tom Rix <trix@redhat.com>
wifi: iwlwifi: mvm: initialize seq variable
Daniel Gabay <daniel.gabay@intel.com>
wifi: iwlwifi: yoyo: Fix possible division by zero
Daniel Gabay <daniel.gabay@intel.com>
wifi: iwlwifi: yoyo: skip dump correctly on hw error
Yu Kuai <yukuai3@huawei.com>
md/raid10: don't call bio_start_io_acct twice for bio which experienced read error
Yu Kuai <yukuai3@huawei.com>
md/raid10: fix memleak of md thread
Yu Kuai <yukuai3@huawei.com>
md/raid10: fix memleak for 'conf->bio_split'
Yu Kuai <yukuai3@huawei.com>
md/raid10: fix leak of 'r10bio->remaining' for recovery
Li Nan <linan122@huawei.com>
md/raid10: fix task hung in raid10d
Yu Kuai <yukuai3@huawei.com>
md/raid10: factor out code from wait_barrier() to stop_waiting_barrier()
Vishal Verma <vverma@digitalocean.com>
md: raid10 add nowait support
Mariusz Tkaczyk <mariusz.tkaczyk@linux.intel.com>
md: drop queue limitation for RAID1 and RAID10
Daniel Borkmann <daniel@iogearbox.net>
bpf, sockmap: Revert buggy deadlock fix in the sockhash and sockmap
Song Liu <song@kernel.org>
selftests/bpf: Fix leaked bpf_link in get_stackid_cannot_attach
Ming Lei <ming.lei@redhat.com>
nvme-fcloop: fix "inconsistent {IN-HARDIRQ-W} -> {HARDIRQ-ON-W} usage"
Keith Busch <kbusch@kernel.org>
nvme: fix async event trace event
Michael Kelley <mikelley@microsoft.com>
nvme: handle the persistent internal error AER
Damien Le Moal <damien.lemoal@opensource.wdc.com>
nvmet: fix I/O Command Set specific Identify Controller
Damien Le Moal <damien.lemoal@opensource.wdc.com>
nvmet: fix Identify Active Namespace ID list handling
Damien Le Moal <damien.lemoal@opensource.wdc.com>
nvmet: fix Identify Controller handling
Damien Le Moal <damien.lemoal@opensource.wdc.com>
nvmet: fix Identify Namespace handling
Damien Le Moal <damien.lemoal@opensource.wdc.com>
nvmet: fix error handling in nvmet_execute_identify_cns_cs_ns()
Christoph Hellwig <hch@lst.de>
nvmet: move the call to nvmet_ns_changed out of nvmet_ns_revalidate
Chaitanya Kulkarni <kch@nvidia.com>
nvmet: use i_size_read() to set size for file-ns
Xin Liu <liuxin350@huawei.com>
bpf, sockmap: fix deadlocks in the sockhash and sockmap
Sebastian Reichel <sebastian.reichel@collabora.com>
net: ethernet: stmmac: dwmac-rk: fix optional phy regulator handling
Shuchang Li <lishuchang@hust.edu.cn>
scsi: lpfc: Fix ioremap issues in lpfc_sli4_pci_mem_setup()
Chao Yu <chao@kernel.org>
f2fs: fix to avoid use-after-free for cached IPU bio
Kal Conley <kal.conley@dectris.com>
xsk: Fix unaligned descriptor validation
Herbert Xu <herbert@gondor.apana.org.au>
crypto: drbg - Only fail when jent is unavailable in FIPS mode
Nicolai Stange <nstange@suse.de>
crypto: drbg - make drbg_prepare_hrng() handle jent instantiation errors
Quentin Monnet <quentin@isovalent.com>
bpftool: Fix bug for long instructions in program CFG dumps
YiFei Zhu <zhuyifei@google.com>
selftests/bpf: Wait for receive in cg_storage_multi test
Kal Conley <kal.conley@dectris.com>
selftests: xsk: Disable IPv6 on VETH1
Simon Horman <horms@kernel.org>
net: qrtr: correct types of trace event parameters
Armin Wolf <W_Armin@gmx.de>
wifi: rt2x00: Fix memory leak when handling surveys
Wei Chen <harperchen1110@gmail.com>
wifi: rtlwifi: fix incorrect error codes in rtl_debugfs_set_write_reg()
Wei Chen <harperchen1110@gmail.com>
wifi: rtlwifi: fix incorrect error codes in rtl_debugfs_set_write_rfreg()
Suman Anna <s-anna@ti.com>
crypto: sa2ul - Select CRYPTO_DES
Christophe JAILLET <christophe.jaillet@wanadoo.fr>
crypto: caam - Clear some memory in instantiate_rng
Yangtao Li <frank.li@vivo.com>
f2fs: compress: fix to call f2fs_wait_on_page_writeback() in f2fs_write_raw_pages()
Jaegeuk Kim <jaegeuk@kernel.org>
f2fs: apply zone capacity to all zone type
Jaegeuk Kim <jaegeuk@kernel.org>
f2fs: enforce single zone capacity
Yangtao Li <frank.li@vivo.com>
f2fs: handle dqget error in f2fs_transfer_project_quota()
Danila Chernetsov <listdansp@mail.ru>
scsi: megaraid: Fix mega_cmd_done() CMDID_INT_CMDS
Mike Christie <michael.christie@oracle.com>
scsi: target: iscsit: Fix TAS handling during conn cleanup
Mike Christie <michael.christie@oracle.com>
scsi: target: Fix multiple LUN_RESET handling
Eric Dumazet <edumazet@google.com>
net/packet: convert po->auxdata to an atomic flag
Eric Dumazet <edumazet@google.com>
net/packet: convert po->origdev to an atomic flag
Eric Dumazet <edumazet@google.com>
net/packet: annotate accesses to po->xmit
Vadim Fedorenko <vadim.fedorenko@linux.dev>
vlan: partially enable SIOCSHWTSTAMP in container
Russell King (Oracle) <rmk+kernel@armlinux.org.uk>
net: pcs: xpcs: remove double-read of link state when using AN
Luis Gerhorst <gerhorst@cs.fau.de>
bpf: Remove misleading spec_v1 check on var-offset stack read
Martin KaFai Lau <martin.lau@kernel.org>
selftests/bpf: Fix a fd leak in an error path in network_helpers.c
Alexander Mikhalitsyn <aleksandr.mikhalitsyn@canonical.com>
scm: fix MSG_CTRUNC setting condition for SO_PASSSEC
Andrii Nakryiko <andrii@kernel.org>
bpf: fix precision propagation verbose logging
Andrii Nakryiko <andrii@kernel.org>
bpf: take into account liveness when propagating precision
Martin Blumenstingl <martin.blumenstingl@googlemail.com>
wifi: rtw88: mac: Return the original error from rtw_mac_power_switch()
Martin Blumenstingl <martin.blumenstingl@googlemail.com>
wifi: rtw88: mac: Return the original error from rtw_pwr_seq_parser()
Luis Gerhorst <gerhorst@cs.fau.de>
tools: bpftool: Remove invalid \' json escape
Fedor Pchelkin <pchelkin@ispras.ru>
wifi: ath6kl: reduce WARN to dev_dbg() in callback
John Keeping <john@metanate.com>
wifi: brcmfmac: support CQM RSSI notification with older firmware
Dan Carpenter <error27@gmail.com>
wifi: ath5k: fix an off by one check in ath5k_eeprom_read_freq_list()
Fedor Pchelkin <pchelkin@ispras.ru>
wifi: ath9k: hif_usb: fix memory leak of remain_skbs
Alexey V. Vissarionov <gremlin@altlinux.org>
wifi: ath6kl: minor fix for allocation size
Tomáš Pecka <tomas.pecka@cesnet.cz>
hwmon: (pmbus/fsp-3y) Fix functionality bitmask in FSP-3Y YM-2151E
Sanjay Chandrashekara <sanjayc@nvidia.com>
cpufreq: use correct unit when verify cur freq
Sebastian Andrzej Siewior <bigeasy@linutronix.de>
tick/common: Align tick period with the HZ tick.
Ville Syrjälä <ville.syrjala@linux.intel.com>
drm/i915: Make intel_get_crtc_new_encoder() less oopsy
Thomas Gleixner <tglx@linutronix.de>
debugobject: Prevent init race with static objects
Sumit Garg <sumit.garg@linaro.org>
arm64: kgdb: Set PSTATE.SS to 1 to re-enable single-step
Saurabh Sengar <ssengar@linux.microsoft.com>
x86/ioapic: Don't return 0 from arch_dynirq_lower_bound()
YAN SHI <m202071378@hust.edu.cn>
regulator: stm32-pwr: fix of_iomap leak
Michał Krawczyk <mk@semihalf.com>
media: venus: dec: Fix handling of the start cmd
Florian Fainelli <f.fainelli@gmail.com>
media: rc: gpio-ir-recv: Fix support for wake-up
Igor Artemiev <Igor.A.Artemiev@mcst.ru>
drm/amd/display: Fix potential null dereference
Miaoqian Lin <linmq006@gmail.com>
media: rcar_fdp1: Fix refcount leak in probe and remove function
Uwe Kleine-König <u.kleine-koenig@pengutronix.de>
media: rcar_fdp1: Convert to platform remove callback returning void
Uwe Kleine-König <u.kleine-koenig@pengutronix.de>
platform: Provide a remove callback that returns no value
Tang Bin <tangbin@cmss.chinamobile.com>
media: rcar_fdp1: Fix the correct variable assignments
Cai Huoqing <caihuoqing@baidu.com>
media: rcar_fdp1: Make use of the helper function devm_platform_ioremap_resource()
Zheng Wang <zyytlz.wz@163.com>
media: saa7134: fix use after free bug in saa7134_finidev due to race condition
Zheng Wang <zyytlz.wz@163.com>
media: dm1105: Fix use after free bug in dm1105_remove due to race condition
Zheng Wang <zyytlz.wz@163.com>
media: rkvdec: fix use after free bug in rkvdec_remove
Uros Bizjak <ubizjak@gmail.com>
x86/apic: Fix atomic update of offset in reserve_eilvt_offset()
Douglas Anderson <dianders@chromium.org>
regulator: core: Avoid lockdep reports when resolving supplies
Douglas Anderson <dianders@chromium.org>
regulator: core: Consistently set mutex_owner when using ww_mutex_lock_slow()
Thomas Hellström <thomas.hellstrom@linux.intel.com>
drm/ttm/pool: Fix ttm_pool_alloc error path
Christian König <christian.koenig@amd.com>
drm/ttm: optimize pool allocations a bit v2
Krzysztof Kozlowski <krzysztof.kozlowski@linaro.org>
arm64: dts: qcom: msm8994-msft-lumia-octagon: drop unit address from PMI8994 regulator
Krzysztof Kozlowski <krzysztof.kozlowski@linaro.org>
arm64: dts: qcom: msm8994-kitakami: drop unit address from PMI8994 regulator
Krzysztof Kozlowski <krzysztof.kozlowski@linaro.org>
arm64: dts: qcom: sc7180-trogdor-lazor: correct trackpad supply
Conor Dooley <conor.dooley@microchip.com>
mailbox: mpfs: switch to txdone_poll
Harshit Mogalapalli <harshit.m.mogalapalli@oracle.com>
drm/lima/lima_drv: Add missing unwind goto in lima_pdev_probe()
Jean-Philippe Brucker <jean-philippe@linaro.org>
ACPI: VIOT: Initialize the correct IOMMU fwspec
Cristian Marussi <cristian.marussi@arm.com>
firmware: arm_scmi: Fix xfers allocation on Rx channel
H. Nikolaus Schaller <hns@goldelico.com>
ARM: dts: gta04: fix excess dma channel usage
Dan Carpenter <error27@gmail.com>
drm: rcar-du: Fix a NULL vs IS_ERR() bug
Georgii Kruglov <georgy.kruglov@yandex.ru>
mmc: sdhci-of-esdhc: fix quirk to ignore command inhibit for data
Roger Pau Monne <roger.pau@citrix.com>
ACPI: processor: Fix evaluating _PDC method when running as Xen dom0
Lee Jones <lee@kernel.org>
drm/amd/display/dc/dce60/Makefile: Fix previous attempt to silence known override-init warnings
Adam Skladowski <a39.skl@gmail.com>
drm: msm: adreno: Disable preemption on Adreno 510
Johan Hovold <johan+linaro@kernel.org>
drm/msm/adreno: drop bogus pm_runtime_set_active()
Rob Clark <robdclark@chromium.org>
drm/msm/adreno: Defer enabling runpm until hw_init()
Laurent Pinchart <laurent.pinchart@ideasonboard.com>
media: max9286: Free control handler
Adam Ford <aford173@gmail.com>
drm/bridge: adv7533: Fix adv7533_mode_valid for adv7533 and adv7535
Mukesh Ojha <quic_mojha@quicinc.com>
firmware: qcom_scm: Clear download bit during reboot
Dan Carpenter <error27@gmail.com>
media: av7110: prevent underflow in write_ts_to_decoder()
Jiasheng Jiang <jiasheng@iscas.ac.cn>
media: bdisp: Add missing check for create_workqueue
Muralidhara M K <muralimk@amd.com>
x86/MCE/AMD: Use an u64 for bank_map
Manivannan Sadhasivam <mani@kernel.org>
ARM: dts: qcom: ipq8064: Fix the PCI I/O port range
Christian Marangi <ansuelsmth@gmail.com>
ARM: dts: qcom: ipq8064: reduce pci IO size to 64K
Manivannan Sadhasivam <mani@kernel.org>
ARM: dts: qcom: ipq4019: Fix the PCI I/O port range
Manivannan Sadhasivam <mani@kernel.org>
arm64: dts: qcom: sm8250: Fix the PCI I/O port range
Manivannan Sadhasivam <mani@kernel.org>
arm64: dts: qcom: msm8996: Fix the PCI I/O port range
Manivannan Sadhasivam <mani@kernel.org>
arm64: dts: qcom: ipq6018: Fix the PCI I/O port range
Manivannan Sadhasivam <mani@kernel.org>
arm64: dts: qcom: ipq8074: Fix the PCI I/O port range
Manivannan Sadhasivam <mani@kernel.org>
arm64: dts: qcom: msm8998: Fix the PCI I/O port range
Manivannan Sadhasivam <mani@kernel.org>
arm64: dts: qcom: sdm845: Fix the PCI I/O port range
Dmitry Baryshkov <dmitry.baryshkov@linaro.org>
arm64: dts: qcom: sdm845: correct dynamic power coefficients
Konrad Dybcio <konrad.dybcio@linaro.org>
arm64: dts: qcom: msm8998: Fix stm-stimulus-base reg name
Rafał Miłecki <rafal@milecki.pl>
arm64: dts: broadcom: bcmbca: bcm4908: fix procmon nodename
Rafał Miłecki <rafal@milecki.pl>
arm64: dts: broadcom: bcmbca: bcm4908: fix NAND interrupt name
William Zhang <william.zhang@broadcom.com>
arm64: dts: Move BCM4908 dts to bcmbca folder
Rafał Miłecki <rafal@milecki.pl>
arm64: dts: Add base DTS file for bcmbca device Asus GT-AX6000
Anand Gore <anand.gore@broadcom.com>
ARM64: dts: Add DTS files for bcmbca SoC BCM6858
William Zhang <william.zhang@broadcom.com>
arm64: dts: Add DTS files for bcmbca SoC BCM4912
William Zhang <william.zhang@broadcom.com>
arm64: dts: Add DTS files for bcmbca SoC BCM63158
Rafał Miłecki <rafal@milecki.pl>
arm64: dts: broadcom: bcm4908: add DT for Netgear RAXE500
Bhavya Kapoor <b-kapoor@ti.com>
arm64: dts: ti: k3-j721e-main: Remove ti,strobe-sel property
Douglas Anderson <dianders@chromium.org>
regulator: core: Shorten off-on-delay-us for always-on/boot-on by time since booted
Qiuxu Zhuo <qiuxu.zhuo@intel.com>
EDAC/skx: Fix overflows on the DRAM row address mapping arrays
Vinod Polimera <quic_vpolimer@quicinc.com>
drm/msm/disp/dpu: check for crtc enable rather than crtc active to release shared resources
Geert Uytterhoeven <geert+renesas@glider.be>
arm64: dts: renesas: r8a774c0: Remove bogus voltages from OPP table
Geert Uytterhoeven <geert+renesas@glider.be>
arm64: dts: renesas: r8a77990: Remove bogus voltages from OPP table
Miaoqian Lin <linmq006@gmail.com>
soc: ti: pm33xx: Fix refcount leak in am33xx_pm_probe
Terry Bowman <terry.bowman@amd.com>
tools/x86/kcpuid: Fix avx512bw and avx512lvl fields in Fn00000007
Dom Cobley <popcornmix@gmail.com>
drm/probe-helper: Cancel previous job before starting new one
Maíra Canal <mcanal@igalia.com>
drm/vgem: add missing mutex_destroy
Rob Clark <robdclark@chromium.org>
drm/rockchip: Drop unbalanced obj unref
Jingbo Xu <jefflexu@linux.alibaba.com>
erofs: fix potential overflow calculating xattr_isize
Gao Xiang <hsiangkao@linux.alibaba.com>
erofs: stop parsing non-compact HEAD index if clusterofs is invalid
Lino Sanfilippo <l.sanfilippo@kunbus.com>
tpm, tpm_tis: Claim locality when interrupts are reenabled on resume
Lino Sanfilippo <l.sanfilippo@kunbus.com>
tpm, tpm: Implement usage counter for locality
Lino Sanfilippo <l.sanfilippo@kunbus.com>
tpm, tpm_tis: Claim locality before writing interrupt registers
Lino Sanfilippo <l.sanfilippo@kunbus.com>
tpm, tpm_tis: Disable interrupts if tpm_tis_probe_irq() failed
Lino Sanfilippo <l.sanfilippo@kunbus.com>
tpm, tpm_tis: Claim locality before writing TPM_INT_ENABLE register
Lino Sanfilippo <l.sanfilippo@kunbus.com>
tpm, tpm_tis: Do not skip reset of original interrupt vector
Paul Moore <paul@paul-moore.com>
selinux: ensure av_permissions.h is built when needed
Ondrej Mosnacek <omosnace@redhat.com>
selinux: fix Makefile dependencies of flask.h
Ilpo Järvinen <ilpo.jarvinen@linux.intel.com>
selftests/resctrl: Check for return value after write_schemata()
Ilpo Järvinen <ilpo.jarvinen@linux.intel.com>
selftests/resctrl: Allow ->setup() to return errors
Ilpo Järvinen <ilpo.jarvinen@linux.intel.com>
selftests/resctrl: Move ->setup() call outside of test specific branches
Shaopeng Tan <tan.shaopeng@jp.fujitsu.com>
selftests/resctrl: Extend CPU vendor detection
Ilpo Järvinen <ilpo.jarvinen@linux.intel.com>
selftests/resctrl: Return NULL if malloc_and_init_memory() did not alloc mem
Zqiang <qiang1.zhang@intel.com>
rcu: Fix missing TICK_DEP_MASK_RCU_EXP dependency check
Randy Dunlap <rdunlap@infradead.org>
sound/oss/dmasound: fix build when drivers are mixed =y/=m
Dave Chinner <dchinner@redhat.com>
xfs: don't consider future format versions valid
Mårten Lindahl <marten.lindahl@axis.com>
ubifs: Free memory for tmpfile name
Wang YanQing <udknight@gmail.com>
ubi: Fix return value overwrite issue in try_write_vid_and_data()
Zhihao Cheng <chengzhihao1@huawei.com>
ubifs: Fix memleak when insert_old_idx() failed
Zhihao Cheng <chengzhihao1@huawei.com>
Revert "ubifs: dirty_cow_znode: Fix memleak in error handling path"
Kishon Vijay Abraham I <kvijayab@amd.com>
iommu/amd: Fix "Guest Virtual APIC Table Root Pointer" configuration in IRTE
Ondrej Mosnacek <omosnace@redhat.com>
tracing: Fix permissions for the buffer_percent file
Song Shuai <suagrfillet@gmail.com>
riscv: mm: remove redundant parameter of create_fdt_early_page_table
Reid Tonking <reidt@ti.com>
i2c: omap: Fix standard mode false ACK readings
Namjae Jeon <linkinjeon@kernel.org>
ksmbd: fix memleak in session setup
Namjae Jeon <linkinjeon@kernel.org>
ksmbd: fix NULL pointer dereference in smb2_get_info_filesystem()
Namjae Jeon <linkinjeon@kernel.org>
ksmbd: call rcu_barrier() in ksmbd_server_exit()
Baokun Li <libaokun1@huawei.com>
writeback, cgroup: fix null-ptr-deref write in bdi_split_work_to_wbs
Zhang Zhengming <zhang.zhengming@h3c.com>
relayfs: fix out-of-bounds access in relay_file_read
Sean Christopherson <seanjc@google.com>
KVM: nVMX: Emulate NOPs in L2, and PAUSE if it's not intercepted
Roberto Sassu <roberto.sassu@huawei.com>
reiserfs: Add security prefix to xattr name in reiserfs_security_write()
Zheng Yejian <zhengyejian1@huawei.com>
rcu: Avoid stack overflow due to __rcu_irq_enter_check_tick() being kprobe-ed
Jonathan McDowell <noodles@earth.li>
crypto: safexcel - Cleanup ring IRQ workqueues on load failure
Toke Høiland-Jørgensen <toke@redhat.com>
crypto: api - Demote BUG_ON() in crypto_unregister_alg() to a WARN_ON()
Johannes Berg <johannes.berg@intel.com>
ring-buffer: Sync IRQ works before buffer destruction
Krzysztof Kozlowski <krzysztof.kozlowski@linaro.org>
pinctrl: qcom: lpass-lpi: set output value before enabling output
Krzysztof Kozlowski <krzysztof.kozlowski@linaro.org>
soundwire: qcom: correct setting ignore bit on v1.5.1
Heiner Kallweit <hkallweit1@gmail.com>
pwm: meson: Fix g12a ao clk81 name
Heiner Kallweit <hkallweit1@gmail.com>
pwm: meson: Fix axg ao mux parents
Felix Fietkau <nbd@nbd.name>
wifi: mt76: add missing locking to protect against concurrent rx/status calls
Kees Cook <keescook@chromium.org>
kheaders: Use array declaration instead of char
Zhang Yuchen <zhangyuchen.lcr@bytedance.com>
ipmi: fix SSIF not responding under certain cond.
Corey Minyard <minyard@acm.org>
ipmi:ssif: Add send_retries increment
Jiaxun Yang <jiaxun.yang@flygoat.com>
MIPS: fw: Allow firmware to pass a empty env
Joel Fernandes (Google) <joel@joelfernandes.org>
tick/nohz: Fix cpu_is_hotpluggable() by checking with nohz subsystem
Johan Hovold <johan+linaro@kernel.org>
xhci: fix debugfs register accesses while suspended
Ilpo Järvinen <ilpo.jarvinen@linux.intel.com>
tty: Prevent writing chars during tcsetattr TCSADRAIN/FLUSH
Nuno Sá <nuno.sa@analog.com>
staging: iio: resolver: ads1210: fix config mode
Harshad Shirwadkar <harshadshirwadkar@gmail.com>
ext4: use ext4_journal_start/stop for fast commit transactions
Eric Biggers <ebiggers@google.com>
blk-crypto: make blk_crypto_evict_key() more robust
Eric Biggers <ebiggers@google.com>
blk-crypto: make blk_crypto_evict_key() return void
Eric Biggers <ebiggers@google.com>
blk-mq: release crypto keyslot before reporting I/O complete
Thomas Gleixner <tglx@linutronix.de>
posix-cpu-timers: Implement the missing timer_wait_running callback
Chris Packham <chris.packham@alliedtelesis.co.nz>
hwmon: (adt7475) Use device_property APIs when configuring polarity
Babu Moger <Babu.Moger@amd.com>
hwmon: (k10temp) Check range scale when CUR_TEMP register is read-write
Johan Hovold <johan+linaro@kernel.org>
USB: dwc3: fix runtime pm imbalance on unbind
Johan Hovold <johan+linaro@kernel.org>
USB: dwc3: fix runtime pm imbalance on probe errors
Randy Dunlap <rdunlap@infradead.org>
IMA: allow/fix UML builds
Manivannan Sadhasivam <mani@kernel.org>
PCI: qcom: Fix the incorrect register usage in v2.7.0 config
Lukas Wunner <lukas@wunner.de>
PCI: pciehp: Fix AB-BA deadlock between reset_lock and device_lock
Ard Biesheuvel <ardb@kernel.org>
arm64: Stash shadow stack pointer in the task struct on interrupt
Ard Biesheuvel <ardb@kernel.org>
arm64: Always load shadow stack pointer directly from the task struct
Mario Limonciello <mario.limonciello@amd.com>
wifi: mt76: mt7921e: Set memory space enable in PCI_COMMAND if unset
Jiri Slaby (SUSE) <jirislaby@kernel.org>
wireguard: timers: cast enum limits members to int in prints
Tony Luck <tony.luck@intel.com>
x86/cpu: Add model number for Intel Arrow Lake processor
Vladimir Oltean <vladimir.oltean@nxp.com>
asm-generic/io.h: suppress endianness warnings for readq() and writeq()
Anh Tuan Phan <tuananhlfc@gmail.com>
selftests mount: Fix mount_setattr_test builds failed
Hans de Goede <hdegoede@redhat.com>
ASoC: Intel: bytcr_rt5640: Add quirk for the Acer Iconia One 7 B1-750
Patrik Dahlström <risca@dalakolonin.se>
iio: adc: palmas_gpadc: fix NULL dereference on rmmod
Michael Kelley <mikelley@microsoft.com>
x86/hyperv: Block root partition functionality in a Confidential VM
Shengjiu Wang <shengjiu.wang@nxp.com>
ASoC: soc-pcm: fix hw->formats cleared by soc_pcm_hw_init() for dpcm
Eugene Huang <eugene.huang99@gmail.com>
ASOC: Intel: sof_sdw: add quirk for Intel 'Rooks County' NUC M15
-------------
Diffstat:
Makefile | 4 +-
arch/arm/boot/dts/omap3-gta04.dtsi | 16 +
arch/arm/boot/dts/qcom-ipq4019.dtsi | 4 +-
arch/arm/boot/dts/qcom-ipq8064.dtsi | 12 +-
arch/arm64/boot/dts/broadcom/Makefile | 2 +-
arch/arm64/boot/dts/broadcom/bcm4908/Makefile | 4 -
arch/arm64/boot/dts/broadcom/bcmbca/Makefile | 10 +
.../{bcm4908 => bcmbca}/bcm4906-netgear-r8000p.dts | 0
.../bcm4906-tplink-archer-c2300-v1.dts | 0
.../dts/broadcom/{bcm4908 => bcmbca}/bcm4906.dtsi | 0
.../{bcm4908 => bcmbca}/bcm4908-asus-gt-ac5300.dts | 0
.../broadcom/bcmbca/bcm4908-netgear-raxe500.dts | 50 ++
.../dts/broadcom/{bcm4908 => bcmbca}/bcm4908.dtsi | 4 +-
.../dts/broadcom/bcmbca/bcm4912-asus-gt-ax6000.dts | 19 +
arch/arm64/boot/dts/broadcom/bcmbca/bcm4912.dtsi | 128 +++++
arch/arm64/boot/dts/broadcom/bcmbca/bcm63158.dtsi | 128 +++++
arch/arm64/boot/dts/broadcom/bcmbca/bcm6858.dtsi | 121 +++++
arch/arm64/boot/dts/broadcom/bcmbca/bcm94912.dts | 30 ++
arch/arm64/boot/dts/broadcom/bcmbca/bcm963158.dts | 30 ++
arch/arm64/boot/dts/broadcom/bcmbca/bcm96858.dts | 30 ++
arch/arm64/boot/dts/qcom/ipq6018.dtsi | 6 +-
arch/arm64/boot/dts/qcom/ipq8074.dtsi | 12 +-
.../boot/dts/qcom/msm8994-msft-lumia-octagon.dtsi | 3 +-
.../dts/qcom/msm8994-sony-xperia-kitakami.dtsi | 3 +-
arch/arm64/boot/dts/qcom/msm8996.dtsi | 12 +-
arch/arm64/boot/dts/qcom/msm8998.dtsi | 4 +-
.../qcom/sc7180-trogdor-lazor-limozeen-nots-r4.dts | 2 +-
arch/arm64/boot/dts/qcom/sdm845.dtsi | 30 +-
arch/arm64/boot/dts/qcom/sm8250.dtsi | 8 +-
arch/arm64/boot/dts/renesas/r8a774c0.dtsi | 3 -
arch/arm64/boot/dts/renesas/r8a77990.dtsi | 3 -
arch/arm64/boot/dts/ti/k3-j721e-main.dtsi | 1 -
arch/arm64/include/asm/debug-monitors.h | 1 +
arch/arm64/include/asm/scs.h | 7 +-
arch/arm64/kernel/debug-monitors.c | 5 +
arch/arm64/kernel/entry.S | 16 +-
arch/arm64/kernel/head.S | 2 +-
arch/arm64/kernel/kgdb.c | 2 +
arch/ia64/kernel/salinfo.c | 2 +-
arch/ia64/mm/contig.c | 2 +-
arch/ia64/mm/hugetlbpage.c | 2 +-
arch/mips/fw/lib/cmdline.c | 2 +-
arch/openrisc/kernel/entry.S | 6 +-
arch/parisc/kernel/real2.S | 5 +-
arch/powerpc/kernel/rtas.c | 2 +-
arch/powerpc/platforms/512x/clock-commonclk.c | 2 +-
arch/powerpc/platforms/embedded6xx/flipper-pic.c | 2 +-
arch/powerpc/platforms/embedded6xx/hlwd-pic.c | 2 +-
arch/powerpc/platforms/embedded6xx/wii.c | 4 +-
arch/powerpc/sysdev/tsi108_pci.c | 5 +-
arch/riscv/mm/init.c | 6 +-
arch/sh/kernel/cpu/sh4/sq.c | 2 +-
arch/x86/include/asm/intel-family.h | 2 +
arch/x86/kernel/apic/apic.c | 5 +-
arch/x86/kernel/apic/io_apic.c | 14 +-
arch/x86/kernel/cpu/mce/amd.c | 14 +-
arch/x86/kernel/cpu/mshyperv.c | 12 +-
arch/x86/kvm/vmx/vmx.c | 15 +
block/blk-core.c | 7 +
block/blk-crypto-internal.h | 25 +-
block/blk-crypto.c | 69 ++-
block/blk-merge.c | 2 +
block/blk-mq.c | 2 +-
block/keyslot-manager.c | 43 +-
crypto/algapi.c | 4 +-
crypto/drbg.c | 16 +-
drivers/acpi/processor_pdc.c | 11 +
drivers/acpi/viot.c | 5 +-
drivers/base/cpu.c | 3 +-
drivers/base/platform.c | 4 +-
drivers/bluetooth/btsdio.c | 1 -
drivers/char/ipmi/Kconfig | 3 +-
drivers/char/ipmi/ipmi_ssif.c | 8 +-
drivers/char/tpm/tpm_tis_core.c | 131 +++--
drivers/char/tpm/tpm_tis_core.h | 2 +
drivers/clk/at91/clk-sam9x60-pll.c | 2 +-
drivers/clk/clk-conf.c | 12 +-
drivers/clk/qcom/Makefile | 1 +
drivers/clk/qcom/clk-regmap-phy-mux.c | 62 +++
drivers/clk/qcom/clk-regmap-phy-mux.h | 33 ++
drivers/clk/qcom/gcc-sm6115.c | 50 +-
drivers/clk/qcom/gcc-sm8350.c | 47 +-
drivers/clk/rockchip/clk-rk3399.c | 2 +-
drivers/clocksource/timer-davinci.c | 30 +-
drivers/cpufreq/cpufreq.c | 2 +-
drivers/crypto/Kconfig | 1 +
drivers/crypto/caam/ctrl.c | 6 +-
drivers/crypto/inside-secure/safexcel.c | 37 +-
drivers/dma/at_xdmac.c | 33 +-
drivers/dma/dw-edma/dw-edma-core.c | 27 +-
drivers/dma/mv_xor_v2.c | 2 +-
drivers/dma/qcom/gpi.c | 1 -
drivers/edac/skx_base.c | 4 +-
drivers/firmware/arm_scmi/driver.c | 2 +-
drivers/firmware/qcom_scm.c | 3 +-
drivers/firmware/stratix10-svc.c | 4 +-
drivers/fpga/fpga-bridge.c | 2 +-
drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c | 3 +-
drivers/gpu/drm/amd/display/dc/dce60/Makefile | 2 +-
drivers/gpu/drm/bridge/adv7511/adv7533.c | 25 +-
drivers/gpu/drm/drm_probe_helper.c | 5 +-
drivers/gpu/drm/i915/display/intel_display.c | 2 +-
drivers/gpu/drm/lima/lima_drv.c | 6 +-
drivers/gpu/drm/msm/adreno/a5xx_gpu.c | 8 +-
drivers/gpu/drm/msm/adreno/adreno_device.c | 7 +-
drivers/gpu/drm/msm/adreno/adreno_gpu.c | 1 -
drivers/gpu/drm/msm/disp/dpu1/dpu_encoder.c | 2 +-
drivers/gpu/drm/rcar-du/rcar_du_encoder.c | 4 +-
drivers/gpu/drm/rockchip/rockchip_drm_gem.c | 3 -
drivers/gpu/drm/ttm/ttm_pool.c | 161 ++++--
drivers/gpu/drm/vgem/vgem_fence.c | 1 +
drivers/hid/amd-sfh-hid/amd_sfh_pcie.c | 9 +
drivers/hwmon/adt7475.c | 6 +-
drivers/hwmon/k10temp.c | 4 +-
drivers/hwmon/pmbus/fsp-3y.c | 1 -
drivers/hwtracing/coresight/coresight-etm-perf.c | 1 +
drivers/i2c/busses/i2c-cadence.c | 6 +-
drivers/i2c/busses/i2c-omap.c | 2 +-
drivers/iio/adc/palmas_gpadc.c | 2 +-
drivers/iio/light/max44009.c | 13 +-
drivers/infiniband/core/cm.c | 3 +-
drivers/infiniband/hw/hfi1/ipoib_tx.c | 1 +
drivers/infiniband/hw/hfi1/mmu_rb.c | 73 +--
drivers/infiniband/hw/hfi1/mmu_rb.h | 8 +-
drivers/infiniband/hw/hfi1/sdma.c | 21 +-
drivers/infiniband/hw/hfi1/sdma.h | 16 +-
drivers/infiniband/hw/hfi1/sdma_txreq.h | 1 +
drivers/infiniband/hw/hfi1/trace_mmu.h | 4 -
drivers/infiniband/hw/hfi1/user_sdma.c | 600 +++++++++++++--------
drivers/infiniband/hw/hfi1/user_sdma.h | 5 -
drivers/infiniband/hw/hfi1/verbs.c | 4 +-
drivers/infiniband/hw/hfi1/vnic_sdma.c | 1 +
drivers/infiniband/hw/mlx4/qp.c | 8 +-
drivers/infiniband/hw/mlx5/devx.c | 31 +-
drivers/infiniband/hw/mlx5/qp.c | 2 +-
drivers/infiniband/sw/rdmavt/qp.c | 2 -
drivers/infiniband/sw/siw/siw_main.c | 3 -
drivers/infiniband/sw/siw/siw_qp_tx.c | 2 +-
drivers/infiniband/ulp/srpt/ib_srpt.c | 23 +-
drivers/input/touchscreen/raspberrypi-ts.c | 3 +-
drivers/iommu/amd/amd_iommu_types.h | 4 +-
drivers/leds/Kconfig | 2 +-
drivers/leds/leds-tca6507.c | 5 +-
drivers/macintosh/Kconfig | 1 +
drivers/macintosh/windfarm_smu_sat.c | 1 +
drivers/mailbox/mailbox-mpfs.c | 12 +-
drivers/mailbox/zynqmp-ipi-mailbox.c | 6 +-
drivers/md/dm-clone-target.c | 1 +
drivers/md/dm-flakey.c | 4 +-
drivers/md/dm-integrity.c | 8 +-
drivers/md/dm-ioctl.c | 12 +-
drivers/md/dm-table.c | 19 +-
drivers/md/dm-verity-target.c | 2 +-
drivers/md/raid1-10.c | 6 -
drivers/md/raid1.c | 7 -
drivers/md/raid10.c | 221 +++++---
drivers/media/i2c/max9286.c | 1 +
drivers/media/pci/dm1105/dm1105.c | 1 +
drivers/media/pci/saa7134/saa7134-ts.c | 1 +
drivers/media/pci/saa7134/saa7134-vbi.c | 1 +
drivers/media/pci/saa7134/saa7134-video.c | 1 +
drivers/media/platform/qcom/venus/vdec.c | 8 +
drivers/media/platform/rcar_fdp1.c | 28 +-
drivers/media/platform/sti/bdisp/bdisp-v4l2.c | 2 +
drivers/media/rc/gpio-ir-recv.c | 2 +
drivers/mfd/tqmx86.c | 52 +-
drivers/misc/vmw_vmci/vmci_host.c | 8 +-
drivers/mmc/host/sdhci-of-esdhc.c | 24 +-
drivers/mtd/mtdcore.c | 23 +-
drivers/mtd/ubi/eba.c | 19 +-
drivers/net/ethernet/amd/nmclan_cs.c | 2 +-
drivers/net/ethernet/intel/ixgbe/ixgbe_ethtool.c | 23 +-
.../ethernet/mellanox/mlx5/core/eswitch_offloads.c | 2 -
drivers/net/ethernet/stmicro/stmmac/dwmac-rk.c | 14 +-
drivers/net/ethernet/stmicro/stmmac/stmmac_main.c | 12 +-
drivers/net/pcs/pcs-xpcs.c | 13 +-
drivers/net/wireguard/timers.c | 8 +-
drivers/net/wireless/ath/ath5k/eeprom.c | 2 +-
drivers/net/wireless/ath/ath6kl/bmi.c | 2 +-
drivers/net/wireless/ath/ath6kl/htc_pipe.c | 4 +-
drivers/net/wireless/ath/ath9k/hif_usb.c | 19 +
.../broadcom/brcm80211/brcmfmac/cfg80211.c | 14 +-
drivers/net/wireless/intel/iwlwifi/fw/dbg.c | 8 +-
drivers/net/wireless/intel/iwlwifi/fw/debugfs.c | 4 +-
drivers/net/wireless/intel/iwlwifi/iwl-dbg-tlv.c | 6 +
drivers/net/wireless/intel/iwlwifi/mvm/d3.c | 1 +
drivers/net/wireless/intel/iwlwifi/mvm/debugfs.c | 10 +
drivers/net/wireless/intel/iwlwifi/pcie/trans.c | 3 +-
drivers/net/wireless/mediatek/mt76/dma.c | 2 +
drivers/net/wireless/mediatek/mt76/mt76.h | 9 +-
drivers/net/wireless/mediatek/mt76/mt7603/mac.c | 5 +-
drivers/net/wireless/mediatek/mt76/mt7615/mac.c | 13 +-
.../net/wireless/mediatek/mt76/mt76_connac_mcu.c | 13 +-
drivers/net/wireless/mediatek/mt76/mt76x02_mac.c | 5 +-
drivers/net/wireless/mediatek/mt76/mt7921/dma.c | 40 +-
drivers/net/wireless/mediatek/mt76/mt7921/pci.c | 6 +
drivers/net/wireless/mediatek/mt76/tx.c | 4 +
drivers/net/wireless/mediatek/mt76/util.c | 10 +-
drivers/net/wireless/ralink/rt2x00/rt2x00dev.c | 1 +
.../net/wireless/realtek/rtl8xxxu/rtl8xxxu_8192e.c | 1 +
drivers/net/wireless/realtek/rtlwifi/debug.c | 12 +-
drivers/net/wireless/realtek/rtw88/mac.c | 8 +-
drivers/nvme/host/core.c | 34 +-
drivers/nvme/host/trace.h | 15 +-
drivers/nvme/target/admin-cmd.c | 51 +-
drivers/nvme/target/configfs.c | 3 +-
drivers/nvme/target/core.c | 5 +-
drivers/nvme/target/fcloop.c | 48 +-
drivers/nvme/target/io-cmd-file.c | 17 +-
drivers/nvme/target/nvmet.h | 6 +-
drivers/nvme/target/zns.c | 16 +-
drivers/of/device.c | 7 +-
drivers/pci/controller/dwc/pci-imx6.c | 7 +
drivers/pci/controller/dwc/pcie-qcom.c | 8 +-
drivers/pci/hotplug/pciehp_pci.c | 15 +
drivers/pci/pcie/edr.c | 1 +
drivers/phy/tegra/xusb.c | 2 +
drivers/pinctrl/qcom/pinctrl-lpass-lpi.c | 14 +-
drivers/pinctrl/renesas/pfc-r8a779a0.c | 8 -
drivers/power/supply/generic-adc-battery.c | 3 +
drivers/pwm/pwm-meson.c | 6 +-
drivers/pwm/pwm-mtk-disp.c | 34 +-
drivers/regulator/core.c | 100 +++-
drivers/regulator/stm32-pwr.c | 7 +-
drivers/rtc/rtc-meson-vrtc.c | 4 +-
drivers/rtc/rtc-omap.c | 1 +
drivers/s390/block/dasd.c | 2 +-
drivers/scsi/lpfc/lpfc_init.c | 10 +-
drivers/scsi/megaraid.c | 1 +
drivers/soc/ti/pm33xx.c | 5 +-
drivers/soundwire/qcom.c | 2 +-
drivers/spi/spi-bcm63xx.c | 2 -
drivers/spi/spi-cadence-quadspi.c | 19 +-
drivers/spi/spi-fsl-spi.c | 12 +-
drivers/spi/spi-imx.c | 14 +-
drivers/spi/spi-qup.c | 22 +-
drivers/spmi/spmi.c | 3 +-
drivers/staging/iio/resolver/ad2s1210.c | 2 +-
drivers/staging/media/av7110/av7110_av.c | 4 +-
drivers/staging/media/rkvdec/rkvdec.c | 2 +
drivers/staging/rtl8192e/rtl8192e/rtl_core.c | 1 +
drivers/staging/rtl8723bs/core/rtw_mlme.c | 8 +-
drivers/target/iscsi/iscsi_target.c | 16 +-
drivers/target/target_core_device.c | 1 +
drivers/target/target_core_tmr.c | 26 +-
drivers/thermal/mtk_thermal.c | 14 +-
drivers/tty/serial/8250/8250_bcm7271.c | 18 +-
drivers/tty/serial/8250/8250_port.c | 4 +
drivers/tty/serial/fsl_lpuart.c | 2 +-
drivers/tty/serial/stm32-usart.c | 26 +-
drivers/tty/sysrq.c | 2 +-
drivers/tty/tty.h | 2 +
drivers/tty/tty_io.c | 4 +-
drivers/tty/tty_ioctl.c | 45 +-
drivers/usb/chipidea/core.c | 2 +-
drivers/usb/dwc3/core.c | 15 +-
drivers/usb/dwc3/gadget.c | 11 +-
drivers/usb/gadget/udc/renesas_usb3.c | 1 +
drivers/usb/gadget/udc/tegra-xudc.c | 2 +-
drivers/usb/host/xhci-debugfs.c | 1 +
drivers/usb/host/xhci-rcar.c | 3 -
drivers/usb/mtu3/mtu3_qmu.c | 5 +-
drivers/virtio/virtio_ring.c | 22 +-
drivers/xen/pcpu.c | 20 +
fs/afs/inode.c | 1 +
fs/btrfs/ioctl.c | 5 +
fs/cifs/file.c | 16 +
fs/cifs/misc.c | 8 +-
fs/erofs/internal.h | 2 +-
fs/erofs/zmap.c | 4 +
fs/ext4/acl.c | 2 -
fs/ext4/extents.c | 6 +-
fs/ext4/file.c | 4 -
fs/ext4/inode.c | 10 +-
fs/ext4/ioctl.c | 10 +-
fs/f2fs/compress.c | 6 +
fs/f2fs/data.c | 5 +-
fs/f2fs/f2fs.h | 2 +-
fs/f2fs/file.c | 15 +-
fs/f2fs/segment.c | 76 +--
fs/f2fs/segment.h | 6 +
fs/f2fs/super.c | 33 +-
fs/fs-writeback.c | 17 +-
fs/jbd2/journal.c | 2 +
fs/jbd2/transaction.c | 3 +
fs/ksmbd/server.c | 1 +
fs/ksmbd/smb2pdu.c | 7 +
fs/nfs/nfs4state.c | 4 +
fs/nilfs2/bmap.c | 16 +-
fs/nilfs2/segment.c | 5 +-
fs/ntfs3/fslog.c | 6 +-
fs/ntfs3/index.c | 8 +
fs/ntfs3/inode.c | 2 +-
fs/ntfs3/namei.c | 10 +
fs/ntfs3/ntfs_fs.h | 1 +
fs/pstore/pmsg.c | 7 +-
fs/reiserfs/xattr_security.c | 8 +-
fs/ubifs/dir.c | 1 +
fs/ubifs/tnc.c | 142 +++--
fs/xfs/libxfs/xfs_sb.c | 11 +-
include/asm-generic/io.h | 4 +-
include/linux/blk-crypto.h | 4 +-
include/linux/mailbox/zynqmp-ipi-message.h | 2 +-
include/linux/mlx5/mlx5_ifc.h | 3 +-
include/linux/netfilter/nfnetlink.h | 1 -
include/linux/nvme.h | 4 +
include/linux/platform_device.h | 11 +
include/linux/posix-timers.h | 17 +-
include/linux/sched.h | 6 +-
include/linux/sunrpc/sched.h | 3 +-
include/linux/tick.h | 2 +
include/linux/vt_buffer.h | 2 +-
include/linux/workqueue.h | 3 +-
include/net/scm.h | 13 +-
include/net/xsk_buff_pool.h | 9 +-
include/target/target_core_base.h | 1 +
include/trace/events/qrtr.h | 33 +-
include/trace/events/timer.h | 3 +-
include/uapi/linux/btrfs.h | 1 +
include/uapi/linux/const.h | 2 +-
include/xen/xen.h | 11 +
kernel/bpf/cgroup.c | 9 +-
kernel/bpf/verifier.c | 26 +-
kernel/events/core.c | 4 +-
kernel/kheaders.c | 10 +-
kernel/power/process.c | 2 +-
kernel/rcu/tree.c | 1 +
kernel/relay.c | 3 +-
kernel/sched/core.c | 25 +-
kernel/sched/deadline.c | 5 +-
kernel/sched/debug.c | 92 ++--
kernel/sched/fair.c | 93 ++--
kernel/sched/rt.c | 8 +-
kernel/sched/stats.h | 19 +
kernel/sched/stop_task.c | 4 +-
kernel/time/posix-cpu-timers.c | 81 ++-
kernel/time/posix-timers.c | 4 +
kernel/time/tick-common.c | 12 +-
kernel/time/tick-sched.c | 16 +-
kernel/time/timekeeping.c | 4 +-
kernel/trace/ring_buffer.c | 4 +
kernel/trace/trace.c | 2 +-
kernel/workqueue.c | 176 +++---
lib/debugobjects.c | 146 ++---
mm/backing-dev.c | 12 +-
net/8021q/vlan_dev.c | 2 +-
net/core/skbuff.c | 3 +
net/ipv4/ip_output.c | 16 +-
net/netfilter/nf_tables_api.c | 8 +-
net/netfilter/nfnetlink.c | 2 -
net/netlink/af_netlink.c | 75 +--
net/packet/af_packet.c | 30 +-
net/packet/diag.c | 4 +-
net/packet/internal.h | 26 +-
net/sched/sch_fq.c | 6 +-
net/sunrpc/clnt.c | 3 -
net/sunrpc/sched.c | 1 -
net/xdp/xsk_queue.h | 1 +
scripts/gdb/linux/clk.py | 2 +
scripts/gdb/linux/constants.py.in | 2 +
scripts/gdb/linux/genpd.py | 4 +-
scripts/gdb/linux/timerlist.py | 4 +-
scripts/gdb/linux/utils.py | 5 +-
scripts/gdb/vmlinux-gdb.py | 5 +-
security/integrity/ima/Kconfig | 2 +-
security/selinux/Makefile | 4 +-
sound/oss/dmasound/dmasound.h | 6 -
sound/oss/dmasound/dmasound_core.c | 26 +-
sound/soc/codecs/es8316.c | 14 +-
sound/soc/fsl/fsl_mqs.c | 15 +-
sound/soc/intel/boards/bytcr_rt5640.c | 12 +
sound/soc/intel/boards/sof_sdw.c | 11 +
sound/soc/soc-pcm.c | 4 +
sound/usb/quirks-table.h | 58 ++
tools/arch/x86/kcpuid/cpuid.csv | 4 +-
tools/bpf/bpftool/json_writer.c | 3 -
tools/bpf/bpftool/xlated_dumper.c | 7 +
tools/objtool/check.c | 11 -
tools/perf/util/auxtrace.c | 5 +-
.../perf/util/intel-pt-decoder/intel-pt-decoder.c | 2 +
tools/testing/selftests/bpf/network_helpers.c | 2 +-
.../selftests/bpf/prog_tests/cg_storage_multi.c | 8 +-
.../bpf/prog_tests/get_stackid_cannot_attach.c | 1 +
tools/testing/selftests/bpf/test_xsk.sh | 1 +
.../selftests/mount_setattr/mount_setattr_test.c | 1 +
tools/testing/selftests/resctrl/cache.c | 4 +-
tools/testing/selftests/resctrl/cat_test.c | 4 +-
tools/testing/selftests/resctrl/cmt_test.c | 2 +-
tools/testing/selftests/resctrl/fill_buf.c | 2 +
tools/testing/selftests/resctrl/mba_test.c | 9 +-
tools/testing/selftests/resctrl/mbm_test.c | 2 +-
tools/testing/selftests/resctrl/resctrl.h | 7 +-
tools/testing/selftests/resctrl/resctrl_tests.c | 41 +-
tools/testing/selftests/resctrl/resctrl_val.c | 21 +-
tools/testing/selftests/resctrl/resctrlfs.c | 2 +-
395 files changed, 3860 insertions(+), 2108 deletions(-)
^ permalink raw reply [flat|nested] 391+ messages in thread
* [PATCH 5.15 001/371] ASOC: Intel: sof_sdw: add quirk for Intel Rooks County NUC M15
2023-05-08 9:43 [PATCH 5.15 000/371] 5.15.111-rc1 review Greg Kroah-Hartman
@ 2023-05-08 9:43 ` Greg Kroah-Hartman
2023-05-08 9:43 ` [PATCH 5.15 002/371] ASoC: soc-pcm: fix hw->formats cleared by soc_pcm_hw_init() for dpcm Greg Kroah-Hartman
` (373 subsequent siblings)
374 siblings, 0 replies; 391+ messages in thread
From: Greg Kroah-Hartman @ 2023-05-08 9:43 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Eugene Huang, Pierre-Louis Bossart,
Péter Ujfalusi, Bard Liao, Mark Brown, Sasha Levin
From: Eugene Huang <eugene.huang99@gmail.com>
[ Upstream commit 3c728b1bc5b99c5275ac5c7788ef814c0e51ef54 ]
Same quirks as the 'Bishop County' NUC M15, except the rt711 is in the
'JD2 100K' jack detection mode.
Link: https://github.com/thesofproject/linux/issues/4088
Signed-off-by: Eugene Huang <eugene.huang99@gmail.com>
Reviewed-by: Pierre-Louis Bossart <pierre-louis.bossart@linux.intel.com>
Reviewed-by: Péter Ujfalusi <peter.ujfalusi@linux.intel.com>
Signed-off-by: Bard Liao <yung-chuan.liao@linux.intel.com>
Link: https://lore.kernel.org/r/20230314090553.498664-2-yung-chuan.liao@linux.intel.com
Signed-off-by: Mark Brown <broonie@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
sound/soc/intel/boards/sof_sdw.c | 11 +++++++++++
1 file changed, 11 insertions(+)
diff --git a/sound/soc/intel/boards/sof_sdw.c b/sound/soc/intel/boards/sof_sdw.c
index 2d53a707aff9c..089b6c7994f9a 100644
--- a/sound/soc/intel/boards/sof_sdw.c
+++ b/sound/soc/intel/boards/sof_sdw.c
@@ -212,6 +212,17 @@ static const struct dmi_system_id sof_sdw_quirk_table[] = {
SOF_SDW_PCH_DMIC |
RT711_JD1),
},
+ {
+ /* NUC15 'Rooks County' LAPRC510 and LAPRC710 skews */
+ .callback = sof_sdw_quirk_cb,
+ .matches = {
+ DMI_MATCH(DMI_SYS_VENDOR, "Intel(R) Client Systems"),
+ DMI_MATCH(DMI_PRODUCT_NAME, "LAPRC"),
+ },
+ .driver_data = (void *)(SOF_SDW_TGL_HDMI |
+ SOF_SDW_PCH_DMIC |
+ RT711_JD2_100K),
+ },
/* TigerLake-SDCA devices */
{
.callback = sof_sdw_quirk_cb,
--
2.39.2
^ permalink raw reply related [flat|nested] 391+ messages in thread
* [PATCH 5.15 002/371] ASoC: soc-pcm: fix hw->formats cleared by soc_pcm_hw_init() for dpcm
2023-05-08 9:43 [PATCH 5.15 000/371] 5.15.111-rc1 review Greg Kroah-Hartman
2023-05-08 9:43 ` [PATCH 5.15 001/371] ASOC: Intel: sof_sdw: add quirk for Intel Rooks County NUC M15 Greg Kroah-Hartman
@ 2023-05-08 9:43 ` Greg Kroah-Hartman
2023-05-08 9:43 ` [PATCH 5.15 003/371] x86/hyperv: Block root partition functionality in a Confidential VM Greg Kroah-Hartman
` (372 subsequent siblings)
374 siblings, 0 replies; 391+ messages in thread
From: Greg Kroah-Hartman @ 2023-05-08 9:43 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Shengjiu Wang, Mark Brown, Sasha Levin
From: Shengjiu Wang <shengjiu.wang@nxp.com>
[ Upstream commit 083a25b18d6ad9f1f540e629909aa3eaaaf01823 ]
The hw->formats may be set by snd_dmaengine_pcm_refine_runtime_hwparams()
in component's startup()/open(), but soc_pcm_hw_init() will init
hw->formats in dpcm_runtime_setup_fe() after component's startup()/open(),
which causes the valuable hw->formats to be cleared.
So need to store the hw->formats before initialization, then restore
it after initialization.
Signed-off-by: Shengjiu Wang <shengjiu.wang@nxp.com>
Link: https://lore.kernel.org/r/1678346017-3660-1-git-send-email-shengjiu.wang@nxp.com
Signed-off-by: Mark Brown <broonie@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
sound/soc/soc-pcm.c | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/sound/soc/soc-pcm.c b/sound/soc/soc-pcm.c
index 3b673477f6215..6f616ac4490f0 100644
--- a/sound/soc/soc-pcm.c
+++ b/sound/soc/soc-pcm.c
@@ -1554,10 +1554,14 @@ static void dpcm_runtime_setup_fe(struct snd_pcm_substream *substream)
struct snd_pcm_hardware *hw = &runtime->hw;
struct snd_soc_dai *dai;
int stream = substream->stream;
+ u64 formats = hw->formats;
int i;
soc_pcm_hw_init(hw);
+ if (formats)
+ hw->formats &= formats;
+
for_each_rtd_cpu_dais(fe, i, dai) {
struct snd_soc_pcm_stream *cpu_stream;
--
2.39.2
^ permalink raw reply related [flat|nested] 391+ messages in thread
* [PATCH 5.15 003/371] x86/hyperv: Block root partition functionality in a Confidential VM
2023-05-08 9:43 [PATCH 5.15 000/371] 5.15.111-rc1 review Greg Kroah-Hartman
2023-05-08 9:43 ` [PATCH 5.15 001/371] ASOC: Intel: sof_sdw: add quirk for Intel Rooks County NUC M15 Greg Kroah-Hartman
2023-05-08 9:43 ` [PATCH 5.15 002/371] ASoC: soc-pcm: fix hw->formats cleared by soc_pcm_hw_init() for dpcm Greg Kroah-Hartman
@ 2023-05-08 9:43 ` Greg Kroah-Hartman
2023-05-08 9:43 ` [PATCH 5.15 004/371] iio: adc: palmas_gpadc: fix NULL dereference on rmmod Greg Kroah-Hartman
` (371 subsequent siblings)
374 siblings, 0 replies; 391+ messages in thread
From: Greg Kroah-Hartman @ 2023-05-08 9:43 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Michael Kelley, Wei Liu, Sasha Levin
From: Michael Kelley <mikelley@microsoft.com>
[ Upstream commit f8acb24aaf89fc46cd953229462ea8abe31b395f ]
Hyper-V should never specify a VM that is a Confidential VM and also
running in the root partition. Nonetheless, explicitly block such a
combination to guard against a compromised Hyper-V maliciously trying to
exploit root partition functionality in a Confidential VM to expose
Confidential VM secrets. No known bug is being fixed, but the attack
surface for Confidential VMs on Hyper-V is reduced.
Signed-off-by: Michael Kelley <mikelley@microsoft.com>
Link: https://lore.kernel.org/r/1678894453-95392-1-git-send-email-mikelley@microsoft.com
Signed-off-by: Wei Liu <wei.liu@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/x86/kernel/cpu/mshyperv.c | 12 ++++++++----
1 file changed, 8 insertions(+), 4 deletions(-)
diff --git a/arch/x86/kernel/cpu/mshyperv.c b/arch/x86/kernel/cpu/mshyperv.c
index ba0efc30fac52..8d3c649a1769b 100644
--- a/arch/x86/kernel/cpu/mshyperv.c
+++ b/arch/x86/kernel/cpu/mshyperv.c
@@ -289,12 +289,16 @@ static void __init ms_hyperv_init_platform(void)
* To mirror what Windows does we should extract CPU management
* features and use the ReservedIdentityBit to detect if Linux is the
* root partition. But that requires negotiating CPU management
- * interface (a process to be finalized).
+ * interface (a process to be finalized). For now, use the privilege
+ * flag as the indicator for running as root.
*
- * For now, use the privilege flag as the indicator for running as
- * root.
+ * Hyper-V should never specify running as root and as a Confidential
+ * VM. But to protect against a compromised/malicious Hyper-V trying
+ * to exploit root behavior to expose Confidential VM memory, ignore
+ * the root partition setting if also a Confidential VM.
*/
- if (cpuid_ebx(HYPERV_CPUID_FEATURES) & HV_CPU_MANAGEMENT) {
+ if ((ms_hyperv.priv_high & HV_CPU_MANAGEMENT) &&
+ !(ms_hyperv.priv_high & HV_ISOLATION)) {
hv_root_partition = true;
pr_info("Hyper-V: running as root partition\n");
}
--
2.39.2
^ permalink raw reply related [flat|nested] 391+ messages in thread
* [PATCH 5.15 004/371] iio: adc: palmas_gpadc: fix NULL dereference on rmmod
2023-05-08 9:43 [PATCH 5.15 000/371] 5.15.111-rc1 review Greg Kroah-Hartman
` (2 preceding siblings ...)
2023-05-08 9:43 ` [PATCH 5.15 003/371] x86/hyperv: Block root partition functionality in a Confidential VM Greg Kroah-Hartman
@ 2023-05-08 9:43 ` Greg Kroah-Hartman
2023-05-08 9:43 ` [PATCH 5.15 005/371] ASoC: Intel: bytcr_rt5640: Add quirk for the Acer Iconia One 7 B1-750 Greg Kroah-Hartman
` (370 subsequent siblings)
374 siblings, 0 replies; 391+ messages in thread
From: Greg Kroah-Hartman @ 2023-05-08 9:43 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Patrik Dahlström,
Jonathan Cameron, Sasha Levin
From: Patrik Dahlström <risca@dalakolonin.se>
[ Upstream commit 49f76c499d38bf67803438eee88c8300d0f6ce09 ]
Calling dev_to_iio_dev() on a platform device pointer is undefined and
will make adc NULL.
Signed-off-by: Patrik Dahlström <risca@dalakolonin.se>
Link: https://lore.kernel.org/r/20230313205029.1881745-1-risca@dalakolonin.se
Signed-off-by: Jonathan Cameron <Jonathan.Cameron@huawei.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/iio/adc/palmas_gpadc.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/iio/adc/palmas_gpadc.c b/drivers/iio/adc/palmas_gpadc.c
index f9c8385c72d3d..496aab94570a1 100644
--- a/drivers/iio/adc/palmas_gpadc.c
+++ b/drivers/iio/adc/palmas_gpadc.c
@@ -638,7 +638,7 @@ static int palmas_gpadc_probe(struct platform_device *pdev)
static int palmas_gpadc_remove(struct platform_device *pdev)
{
- struct iio_dev *indio_dev = dev_to_iio_dev(&pdev->dev);
+ struct iio_dev *indio_dev = dev_get_drvdata(&pdev->dev);
struct palmas_gpadc *adc = iio_priv(indio_dev);
if (adc->wakeup1_enable || adc->wakeup2_enable)
--
2.39.2
^ permalink raw reply related [flat|nested] 391+ messages in thread
* [PATCH 5.15 005/371] ASoC: Intel: bytcr_rt5640: Add quirk for the Acer Iconia One 7 B1-750
2023-05-08 9:43 [PATCH 5.15 000/371] 5.15.111-rc1 review Greg Kroah-Hartman
` (3 preceding siblings ...)
2023-05-08 9:43 ` [PATCH 5.15 004/371] iio: adc: palmas_gpadc: fix NULL dereference on rmmod Greg Kroah-Hartman
@ 2023-05-08 9:43 ` Greg Kroah-Hartman
2023-05-08 9:43 ` [PATCH 5.15 006/371] selftests mount: Fix mount_setattr_test builds failed Greg Kroah-Hartman
` (369 subsequent siblings)
374 siblings, 0 replies; 391+ messages in thread
From: Greg Kroah-Hartman @ 2023-05-08 9:43 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Pierre-Louis Bossart, Hans de Goede,
Mark Brown, Sasha Levin
From: Hans de Goede <hdegoede@redhat.com>
[ Upstream commit e38c5e80c3d293a883c6f1d553f2146ec0bda35e ]
The Acer Iconia One 7 B1-750 tablet mostly works fine with the defaults
for an Bay Trail CR tablet. Except for the internal mic, instead of
an analog mic on IN3 a digital mic on DMIC1 is uses.
Add a quirk with these settings for this tablet.
Acked-by: Pierre-Louis Bossart <pierre-louis.bossart@linux.intel.com>
Signed-off-by: Hans de Goede <hdegoede@redhat.com>
Link: https://lore.kernel.org/r/20230322145332.131525-1-hdegoede@redhat.com
Signed-off-by: Mark Brown <broonie@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
sound/soc/intel/boards/bytcr_rt5640.c | 12 ++++++++++++
1 file changed, 12 insertions(+)
diff --git a/sound/soc/intel/boards/bytcr_rt5640.c b/sound/soc/intel/boards/bytcr_rt5640.c
index 5f6e2bb324406..4df1be8170bb6 100644
--- a/sound/soc/intel/boards/bytcr_rt5640.c
+++ b/sound/soc/intel/boards/bytcr_rt5640.c
@@ -533,6 +533,18 @@ static int byt_rt5640_aif1_hw_params(struct snd_pcm_substream *substream,
/* Please keep this list alphabetically sorted */
static const struct dmi_system_id byt_rt5640_quirk_table[] = {
+ { /* Acer Iconia One 7 B1-750 */
+ .matches = {
+ DMI_EXACT_MATCH(DMI_SYS_VENDOR, "Insyde"),
+ DMI_EXACT_MATCH(DMI_PRODUCT_NAME, "VESPA2"),
+ },
+ .driver_data = (void *)(BYT_RT5640_DMIC1_MAP |
+ BYT_RT5640_JD_SRC_JD1_IN4P |
+ BYT_RT5640_OVCD_TH_1500UA |
+ BYT_RT5640_OVCD_SF_0P75 |
+ BYT_RT5640_SSP0_AIF1 |
+ BYT_RT5640_MCLK_EN),
+ },
{ /* Acer Iconia Tab 8 W1-810 */
.matches = {
DMI_EXACT_MATCH(DMI_SYS_VENDOR, "Acer"),
--
2.39.2
^ permalink raw reply related [flat|nested] 391+ messages in thread
* [PATCH 5.15 006/371] selftests mount: Fix mount_setattr_test builds failed
2023-05-08 9:43 [PATCH 5.15 000/371] 5.15.111-rc1 review Greg Kroah-Hartman
` (4 preceding siblings ...)
2023-05-08 9:43 ` [PATCH 5.15 005/371] ASoC: Intel: bytcr_rt5640: Add quirk for the Acer Iconia One 7 B1-750 Greg Kroah-Hartman
@ 2023-05-08 9:43 ` Greg Kroah-Hartman
2023-05-08 9:43 ` [PATCH 5.15 007/371] asm-generic/io.h: suppress endianness warnings for readq() and writeq() Greg Kroah-Hartman
` (368 subsequent siblings)
374 siblings, 0 replies; 391+ messages in thread
From: Greg Kroah-Hartman @ 2023-05-08 9:43 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Anh Tuan Phan, Christian Brauner,
Shuah Khan, Sasha Levin
From: Anh Tuan Phan <tuananhlfc@gmail.com>
[ Upstream commit f1594bc676579133a3cd906d7d27733289edfb86 ]
When compiling selftests with target mount_setattr I encountered some errors with the below messages:
mount_setattr_test.c: In function ‘mount_setattr_thread’:
mount_setattr_test.c:343:16: error: variable ‘attr’ has initializer but incomplete type
343 | struct mount_attr attr = {
| ^~~~~~~~~~
These errors might be because of linux/mount.h is not included. This patch resolves that issue.
Signed-off-by: Anh Tuan Phan <tuananhlfc@gmail.com>
Acked-by: Christian Brauner <brauner@kernel.org>
Signed-off-by: Shuah Khan <skhan@linuxfoundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
tools/testing/selftests/mount_setattr/mount_setattr_test.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/tools/testing/selftests/mount_setattr/mount_setattr_test.c b/tools/testing/selftests/mount_setattr/mount_setattr_test.c
index 8c5fea68ae677..969647228817b 100644
--- a/tools/testing/selftests/mount_setattr/mount_setattr_test.c
+++ b/tools/testing/selftests/mount_setattr/mount_setattr_test.c
@@ -18,6 +18,7 @@
#include <grp.h>
#include <stdbool.h>
#include <stdarg.h>
+#include <linux/mount.h>
#include "../kselftest_harness.h"
--
2.39.2
^ permalink raw reply related [flat|nested] 391+ messages in thread
* [PATCH 5.15 007/371] asm-generic/io.h: suppress endianness warnings for readq() and writeq()
2023-05-08 9:43 [PATCH 5.15 000/371] 5.15.111-rc1 review Greg Kroah-Hartman
` (5 preceding siblings ...)
2023-05-08 9:43 ` [PATCH 5.15 006/371] selftests mount: Fix mount_setattr_test builds failed Greg Kroah-Hartman
@ 2023-05-08 9:43 ` Greg Kroah-Hartman
2023-05-08 9:43 ` [PATCH 5.15 008/371] x86/cpu: Add model number for Intel Arrow Lake processor Greg Kroah-Hartman
` (367 subsequent siblings)
374 siblings, 0 replies; 391+ messages in thread
From: Greg Kroah-Hartman @ 2023-05-08 9:43 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Arnd Bergmann, Vladimir Oltean,
Jonathan Cameron, Sasha Levin
From: Vladimir Oltean <vladimir.oltean@nxp.com>
[ Upstream commit d564fa1ff19e893e2971d66e5c8f49dc1cdc8ffc ]
Commit c1d55d50139b ("asm-generic/io.h: Fix sparse warnings on
big-endian architectures") missed fixing the 64-bit accessors.
Arnd explains in the attached link why the casts are necessary, even if
__raw_readq() and __raw_writeq() do not take endian-specific types.
Link: https://lore.kernel.org/lkml/9105d6fc-880b-4734-857d-e3d30b87ccf6@app.fastmail.com/
Suggested-by: Arnd Bergmann <arnd@arndb.de>
Signed-off-by: Vladimir Oltean <vladimir.oltean@nxp.com>
Reviewed-by: Jonathan Cameron <Jonathan.Cameron@huawei.com>
Signed-off-by: Arnd Bergmann <arnd@arndb.de>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
include/asm-generic/io.h | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/include/asm-generic/io.h b/include/asm-generic/io.h
index 98954dda57344..82f2c01accbb9 100644
--- a/include/asm-generic/io.h
+++ b/include/asm-generic/io.h
@@ -190,7 +190,7 @@ static inline u64 readq(const volatile void __iomem *addr)
u64 val;
__io_br();
- val = __le64_to_cpu(__raw_readq(addr));
+ val = __le64_to_cpu((__le64 __force)__raw_readq(addr));
__io_ar(val);
return val;
}
@@ -233,7 +233,7 @@ static inline void writel(u32 value, volatile void __iomem *addr)
static inline void writeq(u64 value, volatile void __iomem *addr)
{
__io_bw();
- __raw_writeq(__cpu_to_le64(value), addr);
+ __raw_writeq((u64 __force)__cpu_to_le64(value), addr);
__io_aw();
}
#endif
--
2.39.2
^ permalink raw reply related [flat|nested] 391+ messages in thread
* [PATCH 5.15 008/371] x86/cpu: Add model number for Intel Arrow Lake processor
2023-05-08 9:43 [PATCH 5.15 000/371] 5.15.111-rc1 review Greg Kroah-Hartman
` (6 preceding siblings ...)
2023-05-08 9:43 ` [PATCH 5.15 007/371] asm-generic/io.h: suppress endianness warnings for readq() and writeq() Greg Kroah-Hartman
@ 2023-05-08 9:43 ` Greg Kroah-Hartman
2023-05-08 9:43 ` [PATCH 5.15 009/371] wireguard: timers: cast enum limits members to int in prints Greg Kroah-Hartman
` (366 subsequent siblings)
374 siblings, 0 replies; 391+ messages in thread
From: Greg Kroah-Hartman @ 2023-05-08 9:43 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Tony Luck, Borislav Petkov (AMD),
Sasha Levin
From: Tony Luck <tony.luck@intel.com>
[ Upstream commit 81515ecf155a38f3532bf5ddef88d651898df6be ]
Successor to Lunar Lake.
Signed-off-by: Tony Luck <tony.luck@intel.com>
Signed-off-by: Borislav Petkov (AMD) <bp@alien8.de>
Link: https://lore.kernel.org/r/20230404174641.426593-1-tony.luck@intel.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/x86/include/asm/intel-family.h | 2 ++
1 file changed, 2 insertions(+)
diff --git a/arch/x86/include/asm/intel-family.h b/arch/x86/include/asm/intel-family.h
index b8e7ea9e71e20..fc12d970a07c0 100644
--- a/arch/x86/include/asm/intel-family.h
+++ b/arch/x86/include/asm/intel-family.h
@@ -115,6 +115,8 @@
#define INTEL_FAM6_LUNARLAKE_M 0xBD
+#define INTEL_FAM6_ARROWLAKE 0xC6
+
/* "Small Core" Processors (Atom/E-Core) */
#define INTEL_FAM6_ATOM_BONNELL 0x1C /* Diamondville, Pineview */
--
2.39.2
^ permalink raw reply related [flat|nested] 391+ messages in thread
* [PATCH 5.15 009/371] wireguard: timers: cast enum limits members to int in prints
2023-05-08 9:43 [PATCH 5.15 000/371] 5.15.111-rc1 review Greg Kroah-Hartman
` (7 preceding siblings ...)
2023-05-08 9:43 ` [PATCH 5.15 008/371] x86/cpu: Add model number for Intel Arrow Lake processor Greg Kroah-Hartman
@ 2023-05-08 9:43 ` Greg Kroah-Hartman
2023-05-08 9:43 ` [PATCH 5.15 010/371] wifi: mt76: mt7921e: Set memory space enable in PCI_COMMAND if unset Greg Kroah-Hartman
` (365 subsequent siblings)
374 siblings, 0 replies; 391+ messages in thread
From: Greg Kroah-Hartman @ 2023-05-08 9:43 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Martin Liska, Jiri Slaby (SUSE),
Jason A. Donenfeld, Jakub Kicinski, Chris Clayton
From: Jiri Slaby (SUSE) <jirislaby@kernel.org>
commit 2d4ee16d969c97996e80e4c9cb6de0acaff22c9f upstream.
Since gcc13, each member of an enum has the same type as the enum. And
that is inherited from its members. Provided "REKEY_AFTER_MESSAGES =
1ULL << 60", the named type is unsigned long.
This generates warnings with gcc-13:
error: format '%d' expects argument of type 'int', but argument 6 has type 'long unsigned int'
Cast those particular enum members to int when printing them.
Link: https://gcc.gnu.org/bugzilla/show_bug.cgi?id=36113
Cc: Martin Liska <mliska@suse.cz>
Signed-off-by: Jiri Slaby (SUSE) <jirislaby@kernel.org>
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
Link: https://lore.kernel.org/all/20221213225208.3343692-2-Jason@zx2c4.com/
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Cc: Chris Clayton <chris2553@googlemail.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/net/wireguard/timers.c | 8 ++++----
1 file changed, 4 insertions(+), 4 deletions(-)
--- a/drivers/net/wireguard/timers.c
+++ b/drivers/net/wireguard/timers.c
@@ -46,7 +46,7 @@ static void wg_expired_retransmit_handsh
if (peer->timer_handshake_attempts > MAX_TIMER_HANDSHAKES) {
pr_debug("%s: Handshake for peer %llu (%pISpfsc) did not complete after %d attempts, giving up\n",
peer->device->dev->name, peer->internal_id,
- &peer->endpoint.addr, MAX_TIMER_HANDSHAKES + 2);
+ &peer->endpoint.addr, (int)MAX_TIMER_HANDSHAKES + 2);
del_timer(&peer->timer_send_keepalive);
/* We drop all packets without a keypair and don't try again,
@@ -64,7 +64,7 @@ static void wg_expired_retransmit_handsh
++peer->timer_handshake_attempts;
pr_debug("%s: Handshake for peer %llu (%pISpfsc) did not complete after %d seconds, retrying (try %d)\n",
peer->device->dev->name, peer->internal_id,
- &peer->endpoint.addr, REKEY_TIMEOUT,
+ &peer->endpoint.addr, (int)REKEY_TIMEOUT,
peer->timer_handshake_attempts + 1);
/* We clear the endpoint address src address, in case this is
@@ -94,7 +94,7 @@ static void wg_expired_new_handshake(str
pr_debug("%s: Retrying handshake with peer %llu (%pISpfsc) because we stopped hearing back after %d seconds\n",
peer->device->dev->name, peer->internal_id,
- &peer->endpoint.addr, KEEPALIVE_TIMEOUT + REKEY_TIMEOUT);
+ &peer->endpoint.addr, (int)(KEEPALIVE_TIMEOUT + REKEY_TIMEOUT));
/* We clear the endpoint address src address, in case this is the cause
* of trouble.
*/
@@ -126,7 +126,7 @@ static void wg_queued_expired_zero_key_m
pr_debug("%s: Zeroing out all keys for peer %llu (%pISpfsc), since we haven't received a new one in %d seconds\n",
peer->device->dev->name, peer->internal_id,
- &peer->endpoint.addr, REJECT_AFTER_TIME * 3);
+ &peer->endpoint.addr, (int)REJECT_AFTER_TIME * 3);
wg_noise_handshake_clear(&peer->handshake);
wg_noise_keypairs_clear(&peer->keypairs);
wg_peer_put(peer);
^ permalink raw reply [flat|nested] 391+ messages in thread
* [PATCH 5.15 010/371] wifi: mt76: mt7921e: Set memory space enable in PCI_COMMAND if unset
2023-05-08 9:43 [PATCH 5.15 000/371] 5.15.111-rc1 review Greg Kroah-Hartman
` (8 preceding siblings ...)
2023-05-08 9:43 ` [PATCH 5.15 009/371] wireguard: timers: cast enum limits members to int in prints Greg Kroah-Hartman
@ 2023-05-08 9:43 ` Greg Kroah-Hartman
2023-05-08 9:43 ` [PATCH 5.15 011/371] arm64: Always load shadow stack pointer directly from the task struct Greg Kroah-Hartman
` (364 subsequent siblings)
374 siblings, 0 replies; 391+ messages in thread
From: Greg Kroah-Hartman @ 2023-05-08 9:43 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Anson Tsao, Mario Limonciello,
Sean Wang, Felix Fietkau
From: Mario Limonciello <mario.limonciello@amd.com>
commit 09d4d6da1b65d09414e7bce61459593f3c80ead1 upstream.
When the BIOS has been configured for Fast Boot, systems with mt7921e
have non-functional wifi. Turning on Fast boot caused both bus master
enable and memory space enable bits in PCI_COMMAND not to get configured.
The mt7921 driver already sets bus master enable, but explicitly check
and set memory access enable as well to fix this problem.
Tested-by: Anson Tsao <anson.tsao@amd.com>
Signed-off-by: Mario Limonciello <mario.limonciello@amd.com>
Acked-by: Sean Wang <sean.wang@mediatek.com>
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/net/wireless/mediatek/mt76/mt7921/pci.c | 6 ++++++
1 file changed, 6 insertions(+)
--- a/drivers/net/wireless/mediatek/mt76/mt7921/pci.c
+++ b/drivers/net/wireless/mediatek/mt76/mt7921/pci.c
@@ -218,6 +218,7 @@ static int mt7921_pci_probe(struct pci_d
struct mt7921_dev *dev;
struct mt76_dev *mdev;
int ret;
+ u16 cmd;
ret = pcim_enable_device(pdev);
if (ret)
@@ -227,6 +228,11 @@ static int mt7921_pci_probe(struct pci_d
if (ret)
return ret;
+ pci_read_config_word(pdev, PCI_COMMAND, &cmd);
+ if (!(cmd & PCI_COMMAND_MEMORY)) {
+ cmd |= PCI_COMMAND_MEMORY;
+ pci_write_config_word(pdev, PCI_COMMAND, cmd);
+ }
pci_set_master(pdev);
ret = pci_alloc_irq_vectors(pdev, 1, 1, PCI_IRQ_ALL_TYPES);
^ permalink raw reply [flat|nested] 391+ messages in thread
* [PATCH 5.15 011/371] arm64: Always load shadow stack pointer directly from the task struct
2023-05-08 9:43 [PATCH 5.15 000/371] 5.15.111-rc1 review Greg Kroah-Hartman
` (9 preceding siblings ...)
2023-05-08 9:43 ` [PATCH 5.15 010/371] wifi: mt76: mt7921e: Set memory space enable in PCI_COMMAND if unset Greg Kroah-Hartman
@ 2023-05-08 9:43 ` Greg Kroah-Hartman
2023-05-08 9:43 ` [PATCH 5.15 012/371] arm64: Stash shadow stack pointer in the task struct on interrupt Greg Kroah-Hartman
` (363 subsequent siblings)
374 siblings, 0 replies; 391+ messages in thread
From: Greg Kroah-Hartman @ 2023-05-08 9:43 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Ard Biesheuvel, Mark Rutland,
Kees Cook, Catalin Marinas
From: Ard Biesheuvel <ardb@kernel.org>
commit 2198d07c509f1db4a1185d1f65aaada794c6ea59 upstream.
All occurrences of the scs_load macro load the value of the shadow call
stack pointer from the task which is current at that point. So instead
of taking a task struct register argument in the scs_load macro to
specify the task struct to load from, let's always reference the current
task directly. This should make it much harder to exploit any
instruction sequences reloading the shadow call stack pointer register
from memory.
Signed-off-by: Ard Biesheuvel <ardb@kernel.org>
Acked-by: Mark Rutland <mark.rutland@arm.com>
Reviewed-by: Kees Cook <keescook@chromium.org>
Link: https://lore.kernel.org/r/20230109174800.3286265-2-ardb@kernel.org
Signed-off-by: Catalin Marinas <catalin.marinas@arm.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
arch/arm64/include/asm/scs.h | 7 ++++---
arch/arm64/kernel/entry.S | 4 ++--
arch/arm64/kernel/head.S | 2 +-
3 files changed, 7 insertions(+), 6 deletions(-)
--- a/arch/arm64/include/asm/scs.h
+++ b/arch/arm64/include/asm/scs.h
@@ -9,15 +9,16 @@
#ifdef CONFIG_SHADOW_CALL_STACK
scs_sp .req x18
- .macro scs_load tsk
- ldr scs_sp, [\tsk, #TSK_TI_SCS_SP]
+ .macro scs_load_current
+ get_current_task scs_sp
+ ldr scs_sp, [scs_sp, #TSK_TI_SCS_SP]
.endm
.macro scs_save tsk
str scs_sp, [\tsk, #TSK_TI_SCS_SP]
.endm
#else
- .macro scs_load tsk
+ .macro scs_load_current
.endm
.macro scs_save tsk
--- a/arch/arm64/kernel/entry.S
+++ b/arch/arm64/kernel/entry.S
@@ -272,7 +272,7 @@ alternative_if ARM64_HAS_ADDRESS_AUTH
alternative_else_nop_endif
1:
- scs_load tsk
+ scs_load_current
.else
add x21, sp, #PT_REGS_SIZE
get_current_task tsk
@@ -855,7 +855,7 @@ SYM_FUNC_START(cpu_switch_to)
msr sp_el0, x1
ptrauth_keys_install_kernel x1, x8, x9, x10
scs_save x0
- scs_load x1
+ scs_load_current
ret
SYM_FUNC_END(cpu_switch_to)
NOKPROBE(cpu_switch_to)
--- a/arch/arm64/kernel/head.S
+++ b/arch/arm64/kernel/head.S
@@ -409,7 +409,7 @@ SYM_FUNC_END(__create_page_tables)
stp xzr, xzr, [sp, #S_STACKFRAME]
add x29, sp, #S_STACKFRAME
- scs_load \tsk
+ scs_load_current
adr_l \tmp1, __per_cpu_offset
ldr w\tmp2, [\tsk, #TSK_CPU]
^ permalink raw reply [flat|nested] 391+ messages in thread
* [PATCH 5.15 012/371] arm64: Stash shadow stack pointer in the task struct on interrupt
2023-05-08 9:43 [PATCH 5.15 000/371] 5.15.111-rc1 review Greg Kroah-Hartman
` (10 preceding siblings ...)
2023-05-08 9:43 ` [PATCH 5.15 011/371] arm64: Always load shadow stack pointer directly from the task struct Greg Kroah-Hartman
@ 2023-05-08 9:43 ` Greg Kroah-Hartman
2023-05-08 9:43 ` [PATCH 5.15 013/371] PCI: pciehp: Fix AB-BA deadlock between reset_lock and device_lock Greg Kroah-Hartman
` (362 subsequent siblings)
374 siblings, 0 replies; 391+ messages in thread
From: Greg Kroah-Hartman @ 2023-05-08 9:43 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Ard Biesheuvel, Kees Cook,
Mark Rutland, Catalin Marinas
From: Ard Biesheuvel <ardb@kernel.org>
commit 59b37fe52f49955791a460752c37145f1afdcad1 upstream.
Instead of reloading the shadow call stack pointer from the ordinary
stack, which may be vulnerable to the kind of gadget based attacks
shadow call stacks were designed to prevent, let's store a task's shadow
call stack pointer in the task struct when switching to the shadow IRQ
stack.
Given that currently, the task_struct::scs_sp field is only used to
preserve the shadow call stack pointer while a task is scheduled out or
running in user space, reusing this field to preserve and restore it
while running off the IRQ stack must be safe, as those occurrences are
guaranteed to never overlap. (The stack switching logic only switches
stacks when running from the task stack, and so the value being saved
here always corresponds to the task mode shadow stack)
While at it, fold a mov/add/mov sequence into a single add.
Signed-off-by: Ard Biesheuvel <ardb@kernel.org>
Reviewed-by: Kees Cook <keescook@chromium.org>
Acked-by: Mark Rutland <mark.rutland@arm.com>
Link: https://lore.kernel.org/r/20230109174800.3286265-3-ardb@kernel.org
Signed-off-by: Catalin Marinas <catalin.marinas@arm.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
arch/arm64/kernel/entry.S | 12 +++++-------
1 file changed, 5 insertions(+), 7 deletions(-)
--- a/arch/arm64/kernel/entry.S
+++ b/arch/arm64/kernel/entry.S
@@ -883,19 +883,19 @@ NOKPROBE(ret_from_fork)
*/
SYM_FUNC_START(call_on_irq_stack)
#ifdef CONFIG_SHADOW_CALL_STACK
- stp scs_sp, xzr, [sp, #-16]!
+ get_current_task x16
+ scs_save x16
ldr_this_cpu scs_sp, irq_shadow_call_stack_ptr, x17
#endif
+
/* Create a frame record to save our LR and SP (implicit in FP) */
stp x29, x30, [sp, #-16]!
mov x29, sp
ldr_this_cpu x16, irq_stack_ptr, x17
- mov x15, #IRQ_STACK_SIZE
- add x16, x16, x15
/* Move to the new stack and call the function there */
- mov sp, x16
+ add sp, x16, #IRQ_STACK_SIZE
blr x1
/*
@@ -904,9 +904,7 @@ SYM_FUNC_START(call_on_irq_stack)
*/
mov sp, x29
ldp x29, x30, [sp], #16
-#ifdef CONFIG_SHADOW_CALL_STACK
- ldp scs_sp, xzr, [sp], #16
-#endif
+ scs_load_current
ret
SYM_FUNC_END(call_on_irq_stack)
NOKPROBE(call_on_irq_stack)
^ permalink raw reply [flat|nested] 391+ messages in thread
* [PATCH 5.15 013/371] PCI: pciehp: Fix AB-BA deadlock between reset_lock and device_lock
2023-05-08 9:43 [PATCH 5.15 000/371] 5.15.111-rc1 review Greg Kroah-Hartman
` (11 preceding siblings ...)
2023-05-08 9:43 ` [PATCH 5.15 012/371] arm64: Stash shadow stack pointer in the task struct on interrupt Greg Kroah-Hartman
@ 2023-05-08 9:43 ` Greg Kroah-Hartman
2023-05-08 9:43 ` [PATCH 5.15 014/371] PCI: qcom: Fix the incorrect register usage in v2.7.0 config Greg Kroah-Hartman
` (361 subsequent siblings)
374 siblings, 0 replies; 391+ messages in thread
From: Greg Kroah-Hartman @ 2023-05-08 9:43 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Michael Haeuptle, Ian May,
Andrey Grodzovsky, Rahul Kumar, Jialin Zhang,
Anatoli Antonovitch, Lukas Wunner, Bjorn Helgaas, Dan Stein,
Ashok Raj, Alex Michon, Xiongfeng Wang, Alex Williamson,
Mika Westerberg, Sathyanarayanan Kuppuswamy
From: Lukas Wunner <lukas@wunner.de>
commit f5eff5591b8f9c5effd25c92c758a127765f74c1 upstream.
In 2013, commits
2e35afaefe64 ("PCI: pciehp: Add reset_slot() method")
608c388122c7 ("PCI: Add slot reset option to pci_dev_reset()")
amended PCIe hotplug to mask Presence Detect Changed events during a
Secondary Bus Reset. The reset thus no longer causes gratuitous slot
bringdown and bringup.
However the commits neglected to serialize reset with code paths reading
slot registers. For instance, a slot bringup due to an earlier hotplug
event may see the Presence Detect State bit cleared during a concurrent
Secondary Bus Reset.
In 2018, commit
5b3f7b7d062b ("PCI: pciehp: Avoid slot access during reset")
retrofitted the missing locking. It introduced a reset_lock which
serializes a Secondary Bus Reset with other parts of pciehp.
Unfortunately the locking turns out to be overzealous: reset_lock is
held for the entire enumeration and de-enumeration of hotplugged devices,
including driver binding and unbinding.
Driver binding and unbinding acquires device_lock while the reset_lock
of the ancestral hotplug port is held. A concurrent Secondary Bus Reset
acquires the ancestral reset_lock while already holding the device_lock.
The asymmetric locking order in the two code paths can lead to AB-BA
deadlocks.
Michael Haeuptle reports such deadlocks on simultaneous hot-removal and
vfio release (the latter implies a Secondary Bus Reset):
pciehp_ist() # down_read(reset_lock)
pciehp_handle_presence_or_link_change()
pciehp_disable_slot()
__pciehp_disable_slot()
remove_board()
pciehp_unconfigure_device()
pci_stop_and_remove_bus_device()
pci_stop_bus_device()
pci_stop_dev()
device_release_driver()
device_release_driver_internal()
__device_driver_lock() # device_lock()
SYS_munmap()
vfio_device_fops_release()
vfio_device_group_close()
vfio_device_close()
vfio_device_last_close()
vfio_pci_core_close_device()
vfio_pci_core_disable() # device_lock()
__pci_reset_function_locked()
pci_reset_bus_function()
pci_dev_reset_slot_function()
pci_reset_hotplug_slot()
pciehp_reset_slot() # down_write(reset_lock)
Ian May reports the same deadlock on simultaneous hot-removal and an
AER-induced Secondary Bus Reset:
aer_recover_work_func()
pcie_do_recovery()
aer_root_reset()
pci_bus_error_reset()
pci_slot_reset()
pci_slot_lock() # device_lock()
pci_reset_hotplug_slot()
pciehp_reset_slot() # down_write(reset_lock)
Fix by releasing the reset_lock during driver binding and unbinding,
thereby splitting and shrinking the critical section.
Driver binding and unbinding is protected by the device_lock() and thus
serialized with a Secondary Bus Reset. There's no need to additionally
protect it with the reset_lock. However, pciehp does not bind and
unbind devices directly, but rather invokes PCI core functions which
also perform certain enumeration and de-enumeration steps.
The reset_lock's purpose is to protect slot registers, not enumeration
and de-enumeration of hotplugged devices. That would arguably be the
job of the PCI core, not the PCIe hotplug driver. After all, an
AER-induced Secondary Bus Reset may as well happen during boot-time
enumeration of the PCI hierarchy and there's no locking to prevent that
either.
Exempting *de-enumeration* from the reset_lock is relatively harmless:
A concurrent Secondary Bus Reset may foil config space accesses such as
PME interrupt disablement. But if the device is physically gone, those
accesses are pointless anyway. If the device is physically present and
only logically removed through an Attention Button press or the sysfs
"power" attribute, PME interrupts as well as DMA cannot come through
because pciehp_unconfigure_device() disables INTx and Bus Master bits.
That's still protected by the reset_lock in the present commit.
Exempting *enumeration* from the reset_lock also has limited impact:
The exempted call to pci_bus_add_device() may perform device accesses
through pcibios_bus_add_device() and pci_fixup_device() which are now
no longer protected from a concurrent Secondary Bus Reset. Otherwise
there should be no impact.
In essence, the present commit seeks to fix the AB-BA deadlocks while
still retaining a best-effort reset protection for enumeration and
de-enumeration of hotplugged devices -- until a general solution is
implemented in the PCI core.
Link: https://lore.kernel.org/linux-pci/CS1PR8401MB0728FC6FDAB8A35C22BD90EC95F10@CS1PR8401MB0728.NAMPRD84.PROD.OUTLOOK.COM
Link: https://lore.kernel.org/linux-pci/20200615143250.438252-1-ian.may@canonical.com
Link: https://lore.kernel.org/linux-pci/ce878dab-c0c4-5bd0-a725-9805a075682d@amd.com
Link: https://lore.kernel.org/linux-pci/ed831249-384a-6d35-0831-70af191e9bce@huawei.com
Link: https://bugzilla.kernel.org/show_bug.cgi?id=215590
Fixes: 5b3f7b7d062b ("PCI: pciehp: Avoid slot access during reset")
Link: https://lore.kernel.org/r/fef2b2e9edf245c049a8c5b94743c0f74ff5008a.1681191902.git.lukas@wunner.de
Reported-by: Michael Haeuptle <michael.haeuptle@hpe.com>
Reported-by: Ian May <ian.may@canonical.com>
Reported-by: Andrey Grodzovsky <andrey2805@gmail.com>
Reported-by: Rahul Kumar <rahul.kumar1@amd.com>
Reported-by: Jialin Zhang <zhangjialin11@huawei.com>
Tested-by: Anatoli Antonovitch <Anatoli.Antonovitch@amd.com>
Signed-off-by: Lukas Wunner <lukas@wunner.de>
Signed-off-by: Bjorn Helgaas <bhelgaas@google.com>
Cc: stable@vger.kernel.org # v4.19+
Cc: Dan Stein <dstein@hpe.com>
Cc: Ashok Raj <ashok.raj@intel.com>
Cc: Alex Michon <amichon@kalrayinc.com>
Cc: Xiongfeng Wang <wangxiongfeng2@huawei.com>
Cc: Alex Williamson <alex.williamson@redhat.com>
Cc: Mika Westerberg <mika.westerberg@linux.intel.com>
Cc: Sathyanarayanan Kuppuswamy <sathyanarayanan.kuppuswamy@linux.intel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/pci/hotplug/pciehp_pci.c | 15 +++++++++++++++
1 file changed, 15 insertions(+)
--- a/drivers/pci/hotplug/pciehp_pci.c
+++ b/drivers/pci/hotplug/pciehp_pci.c
@@ -63,7 +63,14 @@ int pciehp_configure_device(struct contr
pci_assign_unassigned_bridge_resources(bridge);
pcie_bus_configure_settings(parent);
+
+ /*
+ * Release reset_lock during driver binding
+ * to avoid AB-BA deadlock with device_lock.
+ */
+ up_read(&ctrl->reset_lock);
pci_bus_add_devices(parent);
+ down_read_nested(&ctrl->reset_lock, ctrl->depth);
out:
pci_unlock_rescan_remove();
@@ -104,7 +111,15 @@ void pciehp_unconfigure_device(struct co
list_for_each_entry_safe_reverse(dev, temp, &parent->devices,
bus_list) {
pci_dev_get(dev);
+
+ /*
+ * Release reset_lock during driver unbinding
+ * to avoid AB-BA deadlock with device_lock.
+ */
+ up_read(&ctrl->reset_lock);
pci_stop_and_remove_bus_device(dev);
+ down_read_nested(&ctrl->reset_lock, ctrl->depth);
+
/*
* Ensure that no new Requests will be generated from
* the device.
^ permalink raw reply [flat|nested] 391+ messages in thread
* [PATCH 5.15 014/371] PCI: qcom: Fix the incorrect register usage in v2.7.0 config
2023-05-08 9:43 [PATCH 5.15 000/371] 5.15.111-rc1 review Greg Kroah-Hartman
` (12 preceding siblings ...)
2023-05-08 9:43 ` [PATCH 5.15 013/371] PCI: pciehp: Fix AB-BA deadlock between reset_lock and device_lock Greg Kroah-Hartman
@ 2023-05-08 9:43 ` Greg Kroah-Hartman
2023-05-08 9:43 ` Greg Kroah-Hartman
` (360 subsequent siblings)
374 siblings, 0 replies; 391+ messages in thread
From: Greg Kroah-Hartman @ 2023-05-08 9:43 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Manivannan Sadhasivam, Lorenzo Pieralisi
From: Manivannan Sadhasivam <manivannan.sadhasivam@linaro.org>
commit 2542e16c392508800f1d9037feee881a9c444951 upstream.
Qcom PCIe IP version v2.7.0 and its derivatives don't contain the
PCIE20_PARF_AXI_MSTR_WR_ADDR_HALT register. Instead, they have the new
PCIE20_PARF_AXI_MSTR_WR_ADDR_HALT_V2 register. So fix the incorrect
register usage which is modifying a different register.
Also in this IP version, this register change doesn't depend on MSI
being enabled. So remove that check also.
Link: https://lore.kernel.org/r/20230316081117.14288-2-manivannan.sadhasivam@linaro.org
Fixes: ed8cc3b1fc84 ("PCI: qcom: Add support for SDM845 PCIe controller")
Signed-off-by: Manivannan Sadhasivam <manivannan.sadhasivam@linaro.org>
Signed-off-by: Lorenzo Pieralisi <lpieralisi@kernel.org>
Cc: <stable@vger.kernel.org> # 5.6+
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/pci/controller/dwc/pcie-qcom.c | 8 +++-----
1 file changed, 3 insertions(+), 5 deletions(-)
--- a/drivers/pci/controller/dwc/pcie-qcom.c
+++ b/drivers/pci/controller/dwc/pcie-qcom.c
@@ -1228,11 +1228,9 @@ static int qcom_pcie_init_2_7_0(struct q
val |= BIT(4);
writel(val, pcie->parf + PCIE20_PARF_MHI_CLOCK_RESET_CTRL);
- if (IS_ENABLED(CONFIG_PCI_MSI)) {
- val = readl(pcie->parf + PCIE20_PARF_AXI_MSTR_WR_ADDR_HALT);
- val |= BIT(31);
- writel(val, pcie->parf + PCIE20_PARF_AXI_MSTR_WR_ADDR_HALT);
- }
+ val = readl(pcie->parf + PCIE20_PARF_AXI_MSTR_WR_ADDR_HALT_V2);
+ val |= BIT(31);
+ writel(val, pcie->parf + PCIE20_PARF_AXI_MSTR_WR_ADDR_HALT_V2);
return 0;
err_disable_clocks:
^ permalink raw reply [flat|nested] 391+ messages in thread
* [PATCH 5.15 015/371] IMA: allow/fix UML builds
2023-05-08 9:43 [PATCH 5.15 000/371] 5.15.111-rc1 review Greg Kroah-Hartman
@ 2023-05-08 9:43 ` Greg Kroah-Hartman
2023-05-08 9:43 ` [PATCH 5.15 002/371] ASoC: soc-pcm: fix hw->formats cleared by soc_pcm_hw_init() for dpcm Greg Kroah-Hartman
` (373 subsequent siblings)
374 siblings, 0 replies; 391+ messages in thread
From: Greg Kroah-Hartman @ 2023-05-08 9:43 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Randy Dunlap, Fabio Estevam,
Richard Weinberger, Anton Ivanov, Johannes Berg, linux-um,
Mimi Zohar
From: Randy Dunlap <rdunlap@infradead.org>
commit 644f17412f5acf01a19af9d04a921937a2bc86c6 upstream.
UML supports HAS_IOMEM since 0bbadafdc49d (um: allow disabling
NO_IOMEM).
Current IMA build on UML fails on allmodconfig (with TCG_TPM=m):
ld: security/integrity/ima/ima_queue.o: in function `ima_add_template_entry':
ima_queue.c:(.text+0x2d9): undefined reference to `tpm_pcr_extend'
ld: security/integrity/ima/ima_init.o: in function `ima_init':
ima_init.c:(.init.text+0x43f): undefined reference to `tpm_default_chip'
ld: security/integrity/ima/ima_crypto.o: in function `ima_calc_boot_aggregate_tfm':
ima_crypto.c:(.text+0x1044): undefined reference to `tpm_pcr_read'
ld: ima_crypto.c:(.text+0x10d8): undefined reference to `tpm_pcr_read'
Modify the IMA Kconfig entry so that it selects TCG_TPM if HAS_IOMEM
is set, regardless of the UML Kconfig setting.
This updates TCG_TPM from =m to =y and fixes the linker errors.
Fixes: f4a0391dfa91 ("ima: fix Kconfig dependencies")
Cc: Stable <stable@vger.kernel.org> # v5.14+
Signed-off-by: Randy Dunlap <rdunlap@infradead.org>
Cc: Fabio Estevam <festevam@gmail.com>
Cc: Richard Weinberger <richard@nod.at>
Cc: Anton Ivanov <anton.ivanov@cambridgegreys.com>
Cc: Johannes Berg <johannes@sipsolutions.net>
Cc: linux-um@lists.infradead.org
Signed-off-by: Mimi Zohar <zohar@linux.ibm.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
security/integrity/ima/Kconfig | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/security/integrity/ima/Kconfig
+++ b/security/integrity/ima/Kconfig
@@ -8,7 +8,7 @@ config IMA
select CRYPTO_HMAC
select CRYPTO_SHA1
select CRYPTO_HASH_INFO
- select TCG_TPM if HAS_IOMEM && !UML
+ select TCG_TPM if HAS_IOMEM
select TCG_TIS if TCG_TPM && X86
select TCG_CRB if TCG_TPM && ACPI
select TCG_IBMVTPM if TCG_TPM && PPC_PSERIES
^ permalink raw reply [flat|nested] 391+ messages in thread
* [PATCH 5.15 015/371] IMA: allow/fix UML builds
@ 2023-05-08 9:43 ` Greg Kroah-Hartman
0 siblings, 0 replies; 391+ messages in thread
From: Greg Kroah-Hartman @ 2023-05-08 9:43 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Randy Dunlap, Fabio Estevam,
Richard Weinberger, Anton Ivanov, Johannes Berg, linux-um,
Mimi Zohar
From: Randy Dunlap <rdunlap@infradead.org>
commit 644f17412f5acf01a19af9d04a921937a2bc86c6 upstream.
UML supports HAS_IOMEM since 0bbadafdc49d (um: allow disabling
NO_IOMEM).
Current IMA build on UML fails on allmodconfig (with TCG_TPM=m):
ld: security/integrity/ima/ima_queue.o: in function `ima_add_template_entry':
ima_queue.c:(.text+0x2d9): undefined reference to `tpm_pcr_extend'
ld: security/integrity/ima/ima_init.o: in function `ima_init':
ima_init.c:(.init.text+0x43f): undefined reference to `tpm_default_chip'
ld: security/integrity/ima/ima_crypto.o: in function `ima_calc_boot_aggregate_tfm':
ima_crypto.c:(.text+0x1044): undefined reference to `tpm_pcr_read'
ld: ima_crypto.c:(.text+0x10d8): undefined reference to `tpm_pcr_read'
Modify the IMA Kconfig entry so that it selects TCG_TPM if HAS_IOMEM
is set, regardless of the UML Kconfig setting.
This updates TCG_TPM from =m to =y and fixes the linker errors.
Fixes: f4a0391dfa91 ("ima: fix Kconfig dependencies")
Cc: Stable <stable@vger.kernel.org> # v5.14+
Signed-off-by: Randy Dunlap <rdunlap@infradead.org>
Cc: Fabio Estevam <festevam@gmail.com>
Cc: Richard Weinberger <richard@nod.at>
Cc: Anton Ivanov <anton.ivanov@cambridgegreys.com>
Cc: Johannes Berg <johannes@sipsolutions.net>
Cc: linux-um@lists.infradead.org
Signed-off-by: Mimi Zohar <zohar@linux.ibm.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
security/integrity/ima/Kconfig | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/security/integrity/ima/Kconfig
+++ b/security/integrity/ima/Kconfig
@@ -8,7 +8,7 @@ config IMA
select CRYPTO_HMAC
select CRYPTO_SHA1
select CRYPTO_HASH_INFO
- select TCG_TPM if HAS_IOMEM && !UML
+ select TCG_TPM if HAS_IOMEM
select TCG_TIS if TCG_TPM && X86
select TCG_CRB if TCG_TPM && ACPI
select TCG_IBMVTPM if TCG_TPM && PPC_PSERIES
_______________________________________________
linux-um mailing list
linux-um@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/linux-um
^ permalink raw reply [flat|nested] 391+ messages in thread
* [PATCH 5.15 016/371] USB: dwc3: fix runtime pm imbalance on probe errors
2023-05-08 9:43 [PATCH 5.15 000/371] 5.15.111-rc1 review Greg Kroah-Hartman
` (14 preceding siblings ...)
2023-05-08 9:43 ` Greg Kroah-Hartman
@ 2023-05-08 9:43 ` Greg Kroah-Hartman
2023-05-08 9:43 ` [PATCH 5.15 017/371] USB: dwc3: fix runtime pm imbalance on unbind Greg Kroah-Hartman
` (358 subsequent siblings)
374 siblings, 0 replies; 391+ messages in thread
From: Greg Kroah-Hartman @ 2023-05-08 9:43 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Roger Quadros, Thinh Nguyen, Johan Hovold
From: Johan Hovold <johan+linaro@kernel.org>
commit 9a8ad10c9f2e0925ff26308ec6756b93fc2f4977 upstream.
Make sure not to suspend the device when probe fails to avoid disabling
clocks and phys multiple times.
Fixes: 328082376aea ("usb: dwc3: fix runtime PM in error path")
Cc: stable@vger.kernel.org # 4.8
Cc: Roger Quadros <rogerq@ti.com>
Acked-by: Thinh Nguyen <Thinh.Nguyen@synopsys.com>
Signed-off-by: Johan Hovold <johan+linaro@kernel.org>
Link: https://lore.kernel.org/r/20230404072524.19014-2-johan+linaro@kernel.org
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/usb/dwc3/core.c | 14 +++++---------
1 file changed, 5 insertions(+), 9 deletions(-)
--- a/drivers/usb/dwc3/core.c
+++ b/drivers/usb/dwc3/core.c
@@ -1642,13 +1642,11 @@ static int dwc3_probe(struct platform_de
spin_lock_init(&dwc->lock);
mutex_init(&dwc->mutex);
+ pm_runtime_get_noresume(dev);
pm_runtime_set_active(dev);
pm_runtime_use_autosuspend(dev);
pm_runtime_set_autosuspend_delay(dev, DWC3_DEFAULT_AUTOSUSPEND_DELAY);
pm_runtime_enable(dev);
- ret = pm_runtime_get_sync(dev);
- if (ret < 0)
- goto err1;
pm_runtime_forbid(dev);
@@ -1707,12 +1705,10 @@ err3:
dwc3_free_event_buffers(dwc);
err2:
- pm_runtime_allow(&pdev->dev);
-
-err1:
- pm_runtime_put_sync(&pdev->dev);
- pm_runtime_disable(&pdev->dev);
-
+ pm_runtime_allow(dev);
+ pm_runtime_disable(dev);
+ pm_runtime_set_suspended(dev);
+ pm_runtime_put_noidle(dev);
disable_clks:
clk_bulk_disable_unprepare(dwc->num_clks, dwc->clks);
assert_reset:
^ permalink raw reply [flat|nested] 391+ messages in thread
* [PATCH 5.15 017/371] USB: dwc3: fix runtime pm imbalance on unbind
2023-05-08 9:43 [PATCH 5.15 000/371] 5.15.111-rc1 review Greg Kroah-Hartman
` (15 preceding siblings ...)
2023-05-08 9:43 ` [PATCH 5.15 016/371] USB: dwc3: fix runtime pm imbalance on probe errors Greg Kroah-Hartman
@ 2023-05-08 9:43 ` Greg Kroah-Hartman
2023-05-08 9:43 ` [PATCH 5.15 018/371] hwmon: (k10temp) Check range scale when CUR_TEMP register is read-write Greg Kroah-Hartman
` (357 subsequent siblings)
374 siblings, 0 replies; 391+ messages in thread
From: Greg Kroah-Hartman @ 2023-05-08 9:43 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Li Jun, Thinh Nguyen, Johan Hovold
From: Johan Hovold <johan+linaro@kernel.org>
commit 44d257e9012ee8040e41d224d0e5bfb5ef5427ea upstream.
Make sure to balance the runtime PM usage count on driver unbind by
adding back the pm_runtime_allow() call that had been erroneously
removed.
Fixes: 266d0493900a ("usb: dwc3: core: don't trigger runtime pm when remove driver")
Cc: stable@vger.kernel.org # 5.9
Cc: Li Jun <jun.li@nxp.com>
Acked-by: Thinh Nguyen <Thinh.Nguyen@synopsys.com>
Signed-off-by: Johan Hovold <johan+linaro@kernel.org>
Link: https://lore.kernel.org/r/20230404072524.19014-3-johan+linaro@kernel.org
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/usb/dwc3/core.c | 1 +
1 file changed, 1 insertion(+)
--- a/drivers/usb/dwc3/core.c
+++ b/drivers/usb/dwc3/core.c
@@ -1732,6 +1732,7 @@ static int dwc3_remove(struct platform_d
dwc3_core_exit(dwc);
dwc3_ulpi_exit(dwc);
+ pm_runtime_allow(&pdev->dev);
pm_runtime_disable(&pdev->dev);
pm_runtime_put_noidle(&pdev->dev);
pm_runtime_set_suspended(&pdev->dev);
^ permalink raw reply [flat|nested] 391+ messages in thread
* [PATCH 5.15 018/371] hwmon: (k10temp) Check range scale when CUR_TEMP register is read-write
2023-05-08 9:43 [PATCH 5.15 000/371] 5.15.111-rc1 review Greg Kroah-Hartman
` (16 preceding siblings ...)
2023-05-08 9:43 ` [PATCH 5.15 017/371] USB: dwc3: fix runtime pm imbalance on unbind Greg Kroah-Hartman
@ 2023-05-08 9:43 ` Greg Kroah-Hartman
2023-05-08 9:43 ` [PATCH 5.15 019/371] hwmon: (adt7475) Use device_property APIs when configuring polarity Greg Kroah-Hartman
` (356 subsequent siblings)
374 siblings, 0 replies; 391+ messages in thread
From: Greg Kroah-Hartman @ 2023-05-08 9:43 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Babu Moger, Guenter Roeck
From: Babu Moger <Babu.Moger@amd.com>
commit 0c072385348e3ac5229145644055d3e2afb5b3db upstream.
Spec says, when CUR_TEMP_TJ_SEL == 3 and CUR_TEMP_RANGE_SEL == 0,
it should use RangeUnadjusted is 0, which is (CurTmp*0.125 -49) C. The
CUR_TEMP register is read-write when CUR_TEMP_TJ_SEL == 3 (bit 17-16).
Add the check to detect it.
Sensors command's output before the patch.
$sensors
k10temp-pci-00c3
Adapter: PCI adapter
Tctl: +76.6°C <- Wrong value
Tccd1: +26.5°C
Tccd2: +27.5°C
Tccd3: +27.2°C
Tccd4: +27.5°C
Tccd5: +26.0°C
Tccd6: +26.2°C
Tccd7: +25.0°C
Tccd8: +26.5°C
Sensors command's output after the patch.
$sensors
k10temp-pci-00c3
Adapter: PCI adapter
Tctl: +28.8°C <- corrected value
Tccd1: +27.5°C
Tccd2: +28.5°C
Tccd3: +28.5°C
Tccd4: +28.5°C
Tccd5: +27.0°C
Tccd6: +27.5°C
Tccd7: +27.0°C
Tccd8: +27.5°C
Signed-off-by: Babu Moger <babu.moger@amd.com>
Fixes: 1b59788979ac ("hwmon: (k10temp) Add temperature offset for Ryzen 2700X")
Link: https://lore.kernel.org/r/20230413213958.847634-1-babu.moger@amd.com
Cc: stable@vger.kernel.org
Signed-off-by: Guenter Roeck <linux@roeck-us.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/hwmon/k10temp.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
--- a/drivers/hwmon/k10temp.c
+++ b/drivers/hwmon/k10temp.c
@@ -75,6 +75,7 @@ static DEFINE_MUTEX(nb_smu_ind_mutex);
#define ZEN_CUR_TEMP_SHIFT 21
#define ZEN_CUR_TEMP_RANGE_SEL_MASK BIT(19)
+#define ZEN_CUR_TEMP_TJ_SEL_MASK GENMASK(17, 16)
#define ZEN_SVI_BASE 0x0005A000
@@ -175,7 +176,8 @@ static long get_raw_temp(struct k10temp_
data->read_tempreg(data->pdev, ®val);
temp = (regval >> ZEN_CUR_TEMP_SHIFT) * 125;
- if (regval & data->temp_adjust_mask)
+ if ((regval & data->temp_adjust_mask) ||
+ (regval & ZEN_CUR_TEMP_TJ_SEL_MASK) == ZEN_CUR_TEMP_TJ_SEL_MASK)
temp -= 49000;
return temp;
}
^ permalink raw reply [flat|nested] 391+ messages in thread
* [PATCH 5.15 019/371] hwmon: (adt7475) Use device_property APIs when configuring polarity
2023-05-08 9:43 [PATCH 5.15 000/371] 5.15.111-rc1 review Greg Kroah-Hartman
` (17 preceding siblings ...)
2023-05-08 9:43 ` [PATCH 5.15 018/371] hwmon: (k10temp) Check range scale when CUR_TEMP register is read-write Greg Kroah-Hartman
@ 2023-05-08 9:43 ` Greg Kroah-Hartman
2023-05-08 9:43 ` [PATCH 5.15 020/371] posix-cpu-timers: Implement the missing timer_wait_running callback Greg Kroah-Hartman
` (355 subsequent siblings)
374 siblings, 0 replies; 391+ messages in thread
From: Greg Kroah-Hartman @ 2023-05-08 9:43 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Mariusz Białończyk,
Chris Packham, Guenter Roeck
From: Chris Packham <chris.packham@alliedtelesis.co.nz>
commit 2a8e41ad337508fc5d598c0f9288890214f8e318 upstream.
On DT unaware platforms of_property_read_u32_array() returns -ENOSYS
which wasn't handled by the code treating adi,pwm-active-state as
optional. Update the code to use device_property_read_u32_array() which
deals gracefully with DT unaware platforms.
Fixes: 86da28eed4fb ("hwmon: (adt7475) Add support for inverting pwm output")
Reported-by: Mariusz Białończyk <manio@skyboo.net>
Link: https://lore.kernel.org/linux-hwmon/52e26a67-9131-2dc0-40cb-db5c07370027@alliedtelesis.co.nz/T/#mdd0505801e0a4e72340de009a47c0fca4f771ed3
Signed-off-by: Chris Packham <chris.packham@alliedtelesis.co.nz>
Link: https://lore.kernel.org/r/20230418233656.869055-2-chris.packham@alliedtelesis.co.nz
Cc: stable@vger.kernel.org
Signed-off-by: Guenter Roeck <linux@roeck-us.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/hwmon/adt7475.c | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
--- a/drivers/hwmon/adt7475.c
+++ b/drivers/hwmon/adt7475.c
@@ -1515,9 +1515,9 @@ static int adt7475_set_pwm_polarity(stru
int ret, i;
u8 val;
- ret = of_property_read_u32_array(client->dev.of_node,
- "adi,pwm-active-state", states,
- ARRAY_SIZE(states));
+ ret = device_property_read_u32_array(&client->dev,
+ "adi,pwm-active-state", states,
+ ARRAY_SIZE(states));
if (ret)
return ret;
^ permalink raw reply [flat|nested] 391+ messages in thread
* [PATCH 5.15 020/371] posix-cpu-timers: Implement the missing timer_wait_running callback
2023-05-08 9:43 [PATCH 5.15 000/371] 5.15.111-rc1 review Greg Kroah-Hartman
` (18 preceding siblings ...)
2023-05-08 9:43 ` [PATCH 5.15 019/371] hwmon: (adt7475) Use device_property APIs when configuring polarity Greg Kroah-Hartman
@ 2023-05-08 9:43 ` Greg Kroah-Hartman
2023-05-08 9:43 ` [PATCH 5.15 021/371] blk-mq: release crypto keyslot before reporting I/O complete Greg Kroah-Hartman
` (354 subsequent siblings)
374 siblings, 0 replies; 391+ messages in thread
From: Greg Kroah-Hartman @ 2023-05-08 9:43 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Marco Elver, Thomas Gleixner,
Sebastian Andrzej Siewior, Frederic Weisbecker
From: Thomas Gleixner <tglx@linutronix.de>
commit f7abf14f0001a5a47539d9f60bbdca649e43536b upstream.
For some unknown reason the introduction of the timer_wait_running callback
missed to fixup posix CPU timers, which went unnoticed for almost four years.
Marco reported recently that the WARN_ON() in timer_wait_running()
triggers with a posix CPU timer test case.
Posix CPU timers have two execution models for expiring timers depending on
CONFIG_POSIX_CPU_TIMERS_TASK_WORK:
1) If not enabled, the expiry happens in hard interrupt context so
spin waiting on the remote CPU is reasonably time bound.
Implement an empty stub function for that case.
2) If enabled, the expiry happens in task work before returning to user
space or guest mode. The expired timers are marked as firing and moved
from the timer queue to a local list head with sighand lock held. Once
the timers are moved, sighand lock is dropped and the expiry happens in
fully preemptible context. That means the expiring task can be scheduled
out, migrated, interrupted etc. So spin waiting on it is more than
suboptimal.
The timer wheel has a timer_wait_running() mechanism for RT, which uses
a per CPU timer-base expiry lock which is held by the expiry code and the
task waiting for the timer function to complete blocks on that lock.
This does not work in the same way for posix CPU timers as there is no
timer base and expiry for process wide timers can run on any task
belonging to that process, but the concept of waiting on an expiry lock
can be used too in a slightly different way:
- Add a mutex to struct posix_cputimers_work. This struct is per task
and used to schedule the expiry task work from the timer interrupt.
- Add a task_struct pointer to struct cpu_timer which is used to store
a the task which runs the expiry. That's filled in when the task
moves the expired timers to the local expiry list. That's not
affecting the size of the k_itimer union as there are bigger union
members already
- Let the task take the expiry mutex around the expiry function
- Let the waiter acquire a task reference with rcu_read_lock() held and
block on the expiry mutex
This avoids spin-waiting on a task which might not even be on a CPU and
works nicely for RT too.
Fixes: ec8f954a40da ("posix-timers: Use a callback for cancel synchronization on PREEMPT_RT")
Reported-by: Marco Elver <elver@google.com>
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
Tested-by: Marco Elver <elver@google.com>
Tested-by: Sebastian Andrzej Siewior <bigeasy@linutronix.de>
Reviewed-by: Frederic Weisbecker <frederic@kernel.org>
Cc: stable@vger.kernel.org
Link: https://lore.kernel.org/r/87zg764ojw.ffs@tglx
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
include/linux/posix-timers.h | 17 +++++---
kernel/time/posix-cpu-timers.c | 81 +++++++++++++++++++++++++++++++++--------
kernel/time/posix-timers.c | 4 ++
3 files changed, 82 insertions(+), 20 deletions(-)
--- a/include/linux/posix-timers.h
+++ b/include/linux/posix-timers.h
@@ -4,6 +4,7 @@
#include <linux/spinlock.h>
#include <linux/list.h>
+#include <linux/mutex.h>
#include <linux/alarmtimer.h>
#include <linux/timerqueue.h>
#include <linux/task_work.h>
@@ -63,16 +64,18 @@ static inline int clockid_to_fd(const cl
* cpu_timer - Posix CPU timer representation for k_itimer
* @node: timerqueue node to queue in the task/sig
* @head: timerqueue head on which this timer is queued
- * @task: Pointer to target task
+ * @pid: Pointer to target task PID
* @elist: List head for the expiry list
* @firing: Timer is currently firing
+ * @handling: Pointer to the task which handles expiry
*/
struct cpu_timer {
- struct timerqueue_node node;
- struct timerqueue_head *head;
- struct pid *pid;
- struct list_head elist;
- int firing;
+ struct timerqueue_node node;
+ struct timerqueue_head *head;
+ struct pid *pid;
+ struct list_head elist;
+ int firing;
+ struct task_struct __rcu *handling;
};
static inline bool cpu_timer_enqueue(struct timerqueue_head *head,
@@ -136,10 +139,12 @@ struct posix_cputimers {
/**
* posix_cputimers_work - Container for task work based posix CPU timer expiry
* @work: The task work to be scheduled
+ * @mutex: Mutex held around expiry in context of this task work
* @scheduled: @work has been scheduled already, no further processing
*/
struct posix_cputimers_work {
struct callback_head work;
+ struct mutex mutex;
unsigned int scheduled;
};
--- a/kernel/time/posix-cpu-timers.c
+++ b/kernel/time/posix-cpu-timers.c
@@ -840,6 +840,8 @@ static u64 collect_timerqueue(struct tim
return expires;
ctmr->firing = 1;
+ /* See posix_cpu_timer_wait_running() */
+ rcu_assign_pointer(ctmr->handling, current);
cpu_timer_dequeue(ctmr);
list_add_tail(&ctmr->elist, firing);
}
@@ -1155,7 +1157,49 @@ static void handle_posix_cpu_timers(stru
#ifdef CONFIG_POSIX_CPU_TIMERS_TASK_WORK
static void posix_cpu_timers_work(struct callback_head *work)
{
+ struct posix_cputimers_work *cw = container_of(work, typeof(*cw), work);
+
+ mutex_lock(&cw->mutex);
handle_posix_cpu_timers(current);
+ mutex_unlock(&cw->mutex);
+}
+
+/*
+ * Invoked from the posix-timer core when a cancel operation failed because
+ * the timer is marked firing. The caller holds rcu_read_lock(), which
+ * protects the timer and the task which is expiring it from being freed.
+ */
+static void posix_cpu_timer_wait_running(struct k_itimer *timr)
+{
+ struct task_struct *tsk = rcu_dereference(timr->it.cpu.handling);
+
+ /* Has the handling task completed expiry already? */
+ if (!tsk)
+ return;
+
+ /* Ensure that the task cannot go away */
+ get_task_struct(tsk);
+ /* Now drop the RCU protection so the mutex can be locked */
+ rcu_read_unlock();
+ /* Wait on the expiry mutex */
+ mutex_lock(&tsk->posix_cputimers_work.mutex);
+ /* Release it immediately again. */
+ mutex_unlock(&tsk->posix_cputimers_work.mutex);
+ /* Drop the task reference. */
+ put_task_struct(tsk);
+ /* Relock RCU so the callsite is balanced */
+ rcu_read_lock();
+}
+
+static void posix_cpu_timer_wait_running_nsleep(struct k_itimer *timr)
+{
+ /* Ensure that timr->it.cpu.handling task cannot go away */
+ rcu_read_lock();
+ spin_unlock_irq(&timr->it_lock);
+ posix_cpu_timer_wait_running(timr);
+ rcu_read_unlock();
+ /* @timr is on stack and is valid */
+ spin_lock_irq(&timr->it_lock);
}
/*
@@ -1171,6 +1215,7 @@ void clear_posix_cputimers_work(struct t
sizeof(p->posix_cputimers_work.work));
init_task_work(&p->posix_cputimers_work.work,
posix_cpu_timers_work);
+ mutex_init(&p->posix_cputimers_work.mutex);
p->posix_cputimers_work.scheduled = false;
}
@@ -1249,6 +1294,18 @@ static inline void __run_posix_cpu_timer
lockdep_posixtimer_exit();
}
+static void posix_cpu_timer_wait_running(struct k_itimer *timr)
+{
+ cpu_relax();
+}
+
+static void posix_cpu_timer_wait_running_nsleep(struct k_itimer *timr)
+{
+ spin_unlock_irq(&timr->it_lock);
+ cpu_relax();
+ spin_lock_irq(&timr->it_lock);
+}
+
static inline bool posix_cpu_timers_work_scheduled(struct task_struct *tsk)
{
return false;
@@ -1357,6 +1414,8 @@ static void handle_posix_cpu_timers(stru
*/
if (likely(cpu_firing >= 0))
cpu_timer_fire(timer);
+ /* See posix_cpu_timer_wait_running() */
+ rcu_assign_pointer(timer->it.cpu.handling, NULL);
spin_unlock(&timer->it_lock);
}
}
@@ -1491,23 +1550,16 @@ static int do_cpu_nanosleep(const clocki
expires = cpu_timer_getexpires(&timer.it.cpu);
error = posix_cpu_timer_set(&timer, 0, &zero_it, &it);
if (!error) {
- /*
- * Timer is now unarmed, deletion can not fail.
- */
+ /* Timer is now unarmed, deletion can not fail. */
posix_cpu_timer_del(&timer);
+ } else {
+ while (error == TIMER_RETRY) {
+ posix_cpu_timer_wait_running_nsleep(&timer);
+ error = posix_cpu_timer_del(&timer);
+ }
}
- spin_unlock_irq(&timer.it_lock);
- while (error == TIMER_RETRY) {
- /*
- * We need to handle case when timer was or is in the
- * middle of firing. In other cases we already freed
- * resources.
- */
- spin_lock_irq(&timer.it_lock);
- error = posix_cpu_timer_del(&timer);
- spin_unlock_irq(&timer.it_lock);
- }
+ spin_unlock_irq(&timer.it_lock);
if ((it.it_value.tv_sec | it.it_value.tv_nsec) == 0) {
/*
@@ -1617,6 +1669,7 @@ const struct k_clock clock_posix_cpu = {
.timer_del = posix_cpu_timer_del,
.timer_get = posix_cpu_timer_get,
.timer_rearm = posix_cpu_timer_rearm,
+ .timer_wait_running = posix_cpu_timer_wait_running,
};
const struct k_clock clock_process = {
--- a/kernel/time/posix-timers.c
+++ b/kernel/time/posix-timers.c
@@ -846,6 +846,10 @@ static struct k_itimer *timer_wait_runni
rcu_read_lock();
unlock_timer(timer, *flags);
+ /*
+ * kc->timer_wait_running() might drop RCU lock. So @timer
+ * cannot be touched anymore after the function returns!
+ */
if (!WARN_ON_ONCE(!kc->timer_wait_running))
kc->timer_wait_running(timer);
^ permalink raw reply [flat|nested] 391+ messages in thread
* [PATCH 5.15 021/371] blk-mq: release crypto keyslot before reporting I/O complete
2023-05-08 9:43 [PATCH 5.15 000/371] 5.15.111-rc1 review Greg Kroah-Hartman
` (19 preceding siblings ...)
2023-05-08 9:43 ` [PATCH 5.15 020/371] posix-cpu-timers: Implement the missing timer_wait_running callback Greg Kroah-Hartman
@ 2023-05-08 9:43 ` Greg Kroah-Hartman
2023-05-08 9:43 ` [PATCH 5.15 022/371] blk-crypto: make blk_crypto_evict_key() return void Greg Kroah-Hartman
` (353 subsequent siblings)
374 siblings, 0 replies; 391+ messages in thread
From: Greg Kroah-Hartman @ 2023-05-08 9:43 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Nathan Huckleberry,
Christoph Hellwig, Eric Biggers, Jens Axboe
From: Eric Biggers <ebiggers@google.com>
commit 9cd1e566676bbcb8a126acd921e4e194e6339603 upstream.
Once all I/O using a blk_crypto_key has completed, filesystems can call
blk_crypto_evict_key(). However, the block layer currently doesn't call
blk_crypto_put_keyslot() until the request is being freed, which happens
after upper layers have been told (via bio_endio()) the I/O has
completed. This causes a race condition where blk_crypto_evict_key()
can see 'slot_refs != 0' without there being an actual bug.
This makes __blk_crypto_evict_key() hit the
'WARN_ON_ONCE(atomic_read(&slot->slot_refs) != 0)' and return without
doing anything, eventually causing a use-after-free in
blk_crypto_reprogram_all_keys(). (This is a very rare bug and has only
been seen when per-file keys are being used with fscrypt.)
There are two options to fix this: either release the keyslot before
bio_endio() is called on the request's last bio, or make
__blk_crypto_evict_key() ignore slot_refs. Let's go with the first
solution, since it preserves the ability to report bugs (via
WARN_ON_ONCE) where a key is evicted while still in-use.
Fixes: a892c8d52c02 ("block: Inline encryption support for blk-mq")
Cc: stable@vger.kernel.org
Reviewed-by: Nathan Huckleberry <nhuck@google.com>
Reviewed-by: Christoph Hellwig <hch@lst.de>
Signed-off-by: Eric Biggers <ebiggers@google.com>
Link: https://lore.kernel.org/r/20230315183907.53675-2-ebiggers@kernel.org
Signed-off-by: Jens Axboe <axboe@kernel.dk>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
block/blk-core.c | 7 +++++++
block/blk-crypto-internal.h | 25 +++++++++++++++++++++----
block/blk-crypto.c | 24 ++++++++++++------------
block/blk-merge.c | 2 ++
block/blk-mq.c | 2 +-
5 files changed, 43 insertions(+), 17 deletions(-)
--- a/block/blk-core.c
+++ b/block/blk-core.c
@@ -1421,6 +1421,13 @@ bool blk_update_request(struct request *
req->q->integrity.profile->complete_fn(req, nr_bytes);
#endif
+ /*
+ * Upper layers may call blk_crypto_evict_key() anytime after the last
+ * bio_endio(). Therefore, the keyslot must be released before that.
+ */
+ if (blk_crypto_rq_has_keyslot(req) && nr_bytes >= blk_rq_bytes(req))
+ __blk_crypto_rq_put_keyslot(req);
+
if (unlikely(error && !blk_rq_is_passthrough(req) &&
!(req->rq_flags & RQF_QUIET)))
print_req_error(req, error, __func__);
--- a/block/blk-crypto-internal.h
+++ b/block/blk-crypto-internal.h
@@ -60,6 +60,11 @@ static inline bool blk_crypto_rq_is_encr
return rq->crypt_ctx;
}
+static inline bool blk_crypto_rq_has_keyslot(struct request *rq)
+{
+ return rq->crypt_keyslot;
+}
+
#else /* CONFIG_BLK_INLINE_ENCRYPTION */
static inline bool bio_crypt_rq_ctx_compatible(struct request *rq,
@@ -93,6 +98,11 @@ static inline bool blk_crypto_rq_is_encr
return false;
}
+static inline bool blk_crypto_rq_has_keyslot(struct request *rq)
+{
+ return false;
+}
+
#endif /* CONFIG_BLK_INLINE_ENCRYPTION */
void __bio_crypt_advance(struct bio *bio, unsigned int bytes);
@@ -127,14 +137,21 @@ static inline bool blk_crypto_bio_prep(s
return true;
}
-blk_status_t __blk_crypto_init_request(struct request *rq);
-static inline blk_status_t blk_crypto_init_request(struct request *rq)
+blk_status_t __blk_crypto_rq_get_keyslot(struct request *rq);
+static inline blk_status_t blk_crypto_rq_get_keyslot(struct request *rq)
{
if (blk_crypto_rq_is_encrypted(rq))
- return __blk_crypto_init_request(rq);
+ return __blk_crypto_rq_get_keyslot(rq);
return BLK_STS_OK;
}
+void __blk_crypto_rq_put_keyslot(struct request *rq);
+static inline void blk_crypto_rq_put_keyslot(struct request *rq)
+{
+ if (blk_crypto_rq_has_keyslot(rq))
+ __blk_crypto_rq_put_keyslot(rq);
+}
+
void __blk_crypto_free_request(struct request *rq);
static inline void blk_crypto_free_request(struct request *rq)
{
@@ -173,7 +190,7 @@ static inline blk_status_t blk_crypto_in
{
if (blk_crypto_rq_is_encrypted(rq))
- return blk_crypto_init_request(rq);
+ return blk_crypto_rq_get_keyslot(rq);
return BLK_STS_OK;
}
--- a/block/blk-crypto.c
+++ b/block/blk-crypto.c
@@ -216,26 +216,26 @@ static bool bio_crypt_check_alignment(st
return true;
}
-blk_status_t __blk_crypto_init_request(struct request *rq)
+blk_status_t __blk_crypto_rq_get_keyslot(struct request *rq)
{
return blk_ksm_get_slot_for_key(rq->q->ksm, rq->crypt_ctx->bc_key,
&rq->crypt_keyslot);
}
-/**
- * __blk_crypto_free_request - Uninitialize the crypto fields of a request.
- *
- * @rq: The request whose crypto fields to uninitialize.
- *
- * Completely uninitializes the crypto fields of a request. If a keyslot has
- * been programmed into some inline encryption hardware, that keyslot is
- * released. The rq->crypt_ctx is also freed.
- */
-void __blk_crypto_free_request(struct request *rq)
+void __blk_crypto_rq_put_keyslot(struct request *rq)
{
blk_ksm_put_slot(rq->crypt_keyslot);
+ rq->crypt_keyslot = NULL;
+}
+
+void __blk_crypto_free_request(struct request *rq)
+{
+ /* The keyslot, if one was needed, should have been released earlier. */
+ if (WARN_ON_ONCE(rq->crypt_keyslot))
+ __blk_crypto_rq_put_keyslot(rq);
+
mempool_free(rq->crypt_ctx, bio_crypt_ctx_pool);
- blk_crypto_rq_set_defaults(rq);
+ rq->crypt_ctx = NULL;
}
/**
--- a/block/blk-merge.c
+++ b/block/blk-merge.c
@@ -818,6 +818,8 @@ static struct request *attempt_merge(str
if (!blk_discard_mergable(req))
elv_merge_requests(q, req, next);
+ blk_crypto_rq_put_keyslot(next);
+
/*
* 'next' is going away, so update stats accordingly
*/
--- a/block/blk-mq.c
+++ b/block/blk-mq.c
@@ -2228,7 +2228,7 @@ blk_qc_t blk_mq_submit_bio(struct bio *b
blk_mq_bio_to_request(rq, bio, nr_segs);
- ret = blk_crypto_init_request(rq);
+ ret = blk_crypto_rq_get_keyslot(rq);
if (ret != BLK_STS_OK) {
bio->bi_status = ret;
bio_endio(bio);
^ permalink raw reply [flat|nested] 391+ messages in thread
* [PATCH 5.15 022/371] blk-crypto: make blk_crypto_evict_key() return void
2023-05-08 9:43 [PATCH 5.15 000/371] 5.15.111-rc1 review Greg Kroah-Hartman
` (20 preceding siblings ...)
2023-05-08 9:43 ` [PATCH 5.15 021/371] blk-mq: release crypto keyslot before reporting I/O complete Greg Kroah-Hartman
@ 2023-05-08 9:43 ` Greg Kroah-Hartman
2023-05-08 9:43 ` [PATCH 5.15 023/371] blk-crypto: make blk_crypto_evict_key() more robust Greg Kroah-Hartman
` (352 subsequent siblings)
374 siblings, 0 replies; 391+ messages in thread
From: Greg Kroah-Hartman @ 2023-05-08 9:43 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Eric Biggers, Christoph Hellwig, Jens Axboe
From: Eric Biggers <ebiggers@google.com>
commit 70493a63ba04f754f7a7dd53a4fcc82700181490 upstream.
blk_crypto_evict_key() is only called in contexts such as inode eviction
where failure is not an option. So there is nothing the caller can do
with errors except log them. (dm-table.c does "use" the error code, but
only to pass on to upper layers, so it doesn't really count.)
Just make blk_crypto_evict_key() return void and log errors itself.
Cc: stable@vger.kernel.org
Signed-off-by: Eric Biggers <ebiggers@google.com>
Reviewed-by: Christoph Hellwig <hch@lst.de>
Link: https://lore.kernel.org/r/20230315183907.53675-2-ebiggers@kernel.org
Signed-off-by: Jens Axboe <axboe@kernel.dk>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
block/blk-crypto.c | 22 ++++++++++------------
drivers/md/dm-table.c | 19 +++++--------------
include/linux/blk-crypto.h | 4 ++--
3 files changed, 17 insertions(+), 28 deletions(-)
--- a/block/blk-crypto.c
+++ b/block/blk-crypto.c
@@ -13,6 +13,7 @@
#include <linux/blkdev.h>
#include <linux/keyslot-manager.h>
#include <linux/module.h>
+#include <linux/ratelimit.h>
#include <linux/slab.h>
#include "blk-crypto-internal.h"
@@ -393,20 +394,17 @@ int blk_crypto_start_using_key(const str
* Upper layers (filesystems) must call this function to ensure that a key is
* evicted from any hardware that it might have been programmed into. The key
* must not be in use by any in-flight IO when this function is called.
- *
- * Return: 0 on success or if key is not present in the q's ksm, -err on error.
*/
-int blk_crypto_evict_key(struct request_queue *q,
- const struct blk_crypto_key *key)
+void blk_crypto_evict_key(struct request_queue *q,
+ const struct blk_crypto_key *key)
{
- if (blk_ksm_crypto_cfg_supported(q->ksm, &key->crypto_cfg))
- return blk_ksm_evict_key(q->ksm, key);
+ int err;
- /*
- * If the request queue's associated inline encryption hardware didn't
- * have support for the key, then the key might have been programmed
- * into the fallback keyslot manager, so try to evict from there.
- */
- return blk_crypto_fallback_evict_key(key);
+ if (blk_ksm_crypto_cfg_supported(q->ksm, &key->crypto_cfg))
+ err = blk_ksm_evict_key(q->ksm, key);
+ else
+ err = blk_crypto_fallback_evict_key(key);
+ if (err)
+ pr_warn_ratelimited("error %d evicting key\n", err);
}
EXPORT_SYMBOL_GPL(blk_crypto_evict_key);
--- a/drivers/md/dm-table.c
+++ b/drivers/md/dm-table.c
@@ -1191,21 +1191,12 @@ struct dm_keyslot_manager {
struct mapped_device *md;
};
-struct dm_keyslot_evict_args {
- const struct blk_crypto_key *key;
- int err;
-};
-
static int dm_keyslot_evict_callback(struct dm_target *ti, struct dm_dev *dev,
sector_t start, sector_t len, void *data)
{
- struct dm_keyslot_evict_args *args = data;
- int err;
+ const struct blk_crypto_key *key = data;
- err = blk_crypto_evict_key(bdev_get_queue(dev->bdev), args->key);
- if (!args->err)
- args->err = err;
- /* Always try to evict the key from all devices. */
+ blk_crypto_evict_key(bdev_get_queue(dev->bdev), key);
return 0;
}
@@ -1220,7 +1211,6 @@ static int dm_keyslot_evict(struct blk_k
struct dm_keyslot_manager,
ksm);
struct mapped_device *md = dksm->md;
- struct dm_keyslot_evict_args args = { key };
struct dm_table *t;
int srcu_idx;
int i;
@@ -1233,10 +1223,11 @@ static int dm_keyslot_evict(struct blk_k
ti = dm_table_get_target(t, i);
if (!ti->type->iterate_devices)
continue;
- ti->type->iterate_devices(ti, dm_keyslot_evict_callback, &args);
+ ti->type->iterate_devices(ti, dm_keyslot_evict_callback,
+ (void *)key);
}
dm_put_live_table(md, srcu_idx);
- return args.err;
+ return 0;
}
static const struct blk_ksm_ll_ops dm_ksm_ll_ops = {
--- a/include/linux/blk-crypto.h
+++ b/include/linux/blk-crypto.h
@@ -97,8 +97,8 @@ int blk_crypto_init_key(struct blk_crypt
int blk_crypto_start_using_key(const struct blk_crypto_key *key,
struct request_queue *q);
-int blk_crypto_evict_key(struct request_queue *q,
- const struct blk_crypto_key *key);
+void blk_crypto_evict_key(struct request_queue *q,
+ const struct blk_crypto_key *key);
bool blk_crypto_config_supported(struct request_queue *q,
const struct blk_crypto_config *cfg);
^ permalink raw reply [flat|nested] 391+ messages in thread
* [PATCH 5.15 023/371] blk-crypto: make blk_crypto_evict_key() more robust
2023-05-08 9:43 [PATCH 5.15 000/371] 5.15.111-rc1 review Greg Kroah-Hartman
` (21 preceding siblings ...)
2023-05-08 9:43 ` [PATCH 5.15 022/371] blk-crypto: make blk_crypto_evict_key() return void Greg Kroah-Hartman
@ 2023-05-08 9:43 ` Greg Kroah-Hartman
2023-05-08 9:43 ` [PATCH 5.15 024/371] ext4: use ext4_journal_start/stop for fast commit transactions Greg Kroah-Hartman
` (351 subsequent siblings)
374 siblings, 0 replies; 391+ messages in thread
From: Greg Kroah-Hartman @ 2023-05-08 9:43 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Eric Biggers, Christoph Hellwig, Jens Axboe
From: Eric Biggers <ebiggers@google.com>
commit 5c7cb94452901a93e90c2230632e2c12a681bc92 upstream.
If blk_crypto_evict_key() sees that the key is still in-use (due to a
bug) or that ->keyslot_evict failed, it currently just returns while
leaving the key linked into the keyslot management structures.
However, blk_crypto_evict_key() is only called in contexts such as inode
eviction where failure is not an option. So actually the caller
proceeds with freeing the blk_crypto_key regardless of the return value
of blk_crypto_evict_key().
These two assumptions don't match, and the result is that there can be a
use-after-free in blk_crypto_reprogram_all_keys() after one of these
errors occurs. (Note, these errors *shouldn't* happen; we're just
talking about what happens if they do anyway.)
Fix this by making blk_crypto_evict_key() unlink the key from the
keyslot management structures even on failure.
Also improve some comments.
Fixes: 1b2628397058 ("block: Keyslot Manager for Inline Encryption")
Cc: stable@vger.kernel.org
Signed-off-by: Eric Biggers <ebiggers@google.com>
Reviewed-by: Christoph Hellwig <hch@lst.de>
Link: https://lore.kernel.org/r/20230315183907.53675-2-ebiggers@kernel.org
Signed-off-by: Jens Axboe <axboe@kernel.dk>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
block/blk-crypto.c | 29 +++++++++++++++++++++--------
block/keyslot-manager.c | 43 +++++++++++++++++++++----------------------
2 files changed, 42 insertions(+), 30 deletions(-)
--- a/block/blk-crypto.c
+++ b/block/blk-crypto.c
@@ -385,15 +385,20 @@ int blk_crypto_start_using_key(const str
}
/**
- * blk_crypto_evict_key() - Evict a key from any inline encryption hardware
- * it may have been programmed into
- * @q: The request queue who's associated inline encryption hardware this key
- * might have been programmed into
- * @key: The key to evict
+ * blk_crypto_evict_key() - Evict a blk_crypto_key from a request_queue
+ * @q: a request_queue on which I/O using the key may have been done
+ * @key: the key to evict
*
- * Upper layers (filesystems) must call this function to ensure that a key is
- * evicted from any hardware that it might have been programmed into. The key
- * must not be in use by any in-flight IO when this function is called.
+ * For a given request_queue, this function removes the given blk_crypto_key
+ * from the keyslot management structures and evicts it from any underlying
+ * hardware keyslot(s) or blk-crypto-fallback keyslot it may have been
+ * programmed into.
+ *
+ * Upper layers must call this before freeing the blk_crypto_key. It must be
+ * called for every request_queue the key may have been used on. The key must
+ * no longer be in use by any I/O when this function is called.
+ *
+ * Context: May sleep.
*/
void blk_crypto_evict_key(struct request_queue *q,
const struct blk_crypto_key *key)
@@ -404,6 +409,14 @@ void blk_crypto_evict_key(struct request
err = blk_ksm_evict_key(q->ksm, key);
else
err = blk_crypto_fallback_evict_key(key);
+ /*
+ * An error can only occur here if the key failed to be evicted from a
+ * keyslot (due to a hardware or driver issue) or is allegedly still in
+ * use by I/O (due to a kernel bug). Even in these cases, the key is
+ * still unlinked from the keyslot management structures, and the caller
+ * is allowed and expected to free it right away. There's nothing
+ * callers can do to handle errors, so just log them and return void.
+ */
if (err)
pr_warn_ratelimited("error %d evicting key\n", err);
}
--- a/block/keyslot-manager.c
+++ b/block/keyslot-manager.c
@@ -343,25 +343,16 @@ bool blk_ksm_crypto_cfg_supported(struct
return true;
}
-/**
- * blk_ksm_evict_key() - Evict a key from the lower layer device.
- * @ksm: The keyslot manager to evict from
- * @key: The key to evict
- *
- * Find the keyslot that the specified key was programmed into, and evict that
- * slot from the lower layer device. The slot must not be in use by any
- * in-flight IO when this function is called.
- *
- * Context: Process context. Takes and releases ksm->lock.
- * Return: 0 on success or if there's no keyslot with the specified key, -EBUSY
- * if the keyslot is still in use, or another -errno value on other
- * error.
+/*
+ * This is an internal function that evicts a key from an inline encryption
+ * device that can be either a real device or the blk-crypto-fallback "device".
+ * It is used only by blk_crypto_evict_key(); see that function for details.
*/
int blk_ksm_evict_key(struct blk_keyslot_manager *ksm,
const struct blk_crypto_key *key)
{
struct blk_ksm_keyslot *slot;
- int err = 0;
+ int err;
if (blk_ksm_is_passthrough(ksm)) {
if (ksm->ksm_ll_ops.keyslot_evict) {
@@ -375,22 +366,30 @@ int blk_ksm_evict_key(struct blk_keyslot
blk_ksm_hw_enter(ksm);
slot = blk_ksm_find_keyslot(ksm, key);
- if (!slot)
- goto out_unlock;
+ if (!slot) {
+ /*
+ * Not an error, since a key not in use by I/O is not guaranteed
+ * to be in a keyslot. There can be more keys than keyslots.
+ */
+ err = 0;
+ goto out;
+ }
if (WARN_ON_ONCE(atomic_read(&slot->slot_refs) != 0)) {
+ /* BUG: key is still in use by I/O */
err = -EBUSY;
- goto out_unlock;
+ goto out_remove;
}
err = ksm->ksm_ll_ops.keyslot_evict(ksm, key,
blk_ksm_get_slot_idx(slot));
- if (err)
- goto out_unlock;
-
+out_remove:
+ /*
+ * Callers free the key even on error, so unlink the key from the hash
+ * table and clear slot->key even on error.
+ */
hlist_del(&slot->hash_node);
slot->key = NULL;
- err = 0;
-out_unlock:
+out:
blk_ksm_hw_exit(ksm);
return err;
}
^ permalink raw reply [flat|nested] 391+ messages in thread
* [PATCH 5.15 024/371] ext4: use ext4_journal_start/stop for fast commit transactions
2023-05-08 9:43 [PATCH 5.15 000/371] 5.15.111-rc1 review Greg Kroah-Hartman
` (22 preceding siblings ...)
2023-05-08 9:43 ` [PATCH 5.15 023/371] blk-crypto: make blk_crypto_evict_key() more robust Greg Kroah-Hartman
@ 2023-05-08 9:43 ` Greg Kroah-Hartman
2023-05-08 9:43 ` [PATCH 5.15 025/371] staging: iio: resolver: ads1210: fix config mode Greg Kroah-Hartman
` (350 subsequent siblings)
374 siblings, 0 replies; 391+ messages in thread
From: Greg Kroah-Hartman @ 2023-05-08 9:43 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Harshad Shirwadkar, Theodore Tso, Jan Kara
From: Harshad Shirwadkar <harshadshirwadkar@gmail.com>
commit 2729cfdcfa1cc49bef5a90d046fa4a187fdfcc69 upstream.
This patch drops all calls to ext4_fc_start_update() and
ext4_fc_stop_update(). To ensure that there are no ongoing journal
updates during fast commit, we also make jbd2_fc_begin_commit() lock
journal for updates. This way we don't have to maintain two different
transaction start stop APIs for fast commit and full commit. This
patch doesn't remove the functions altogether since in future we want
to have inode level locking for fast commits.
Signed-off-by: Harshad Shirwadkar <harshadshirwadkar@gmail.com>
Link: https://lore.kernel.org/r/20211223202140.2061101-2-harshads@google.com
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
Signed-off-by: Jan Kara <jack@suse.cz>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/ext4/acl.c | 2 --
fs/ext4/extents.c | 3 ---
fs/ext4/file.c | 4 ----
fs/ext4/inode.c | 7 +------
fs/ext4/ioctl.c | 10 +---------
fs/jbd2/journal.c | 2 ++
6 files changed, 4 insertions(+), 24 deletions(-)
--- a/fs/ext4/acl.c
+++ b/fs/ext4/acl.c
@@ -246,7 +246,6 @@ retry:
handle = ext4_journal_start(inode, EXT4_HT_XATTR, credits);
if (IS_ERR(handle))
return PTR_ERR(handle);
- ext4_fc_start_update(inode);
if ((type == ACL_TYPE_ACCESS) && acl) {
error = posix_acl_update_mode(mnt_userns, inode, &mode, &acl);
@@ -264,7 +263,6 @@ retry:
}
out_stop:
ext4_journal_stop(handle);
- ext4_fc_stop_update(inode);
if (error == -ENOSPC && ext4_should_retry_alloc(inode->i_sb, &retries))
goto retry;
return error;
--- a/fs/ext4/extents.c
+++ b/fs/ext4/extents.c
@@ -4701,8 +4701,6 @@ long ext4_fallocate(struct file *file, i
FALLOC_FL_INSERT_RANGE))
return -EOPNOTSUPP;
- ext4_fc_start_update(inode);
-
inode_lock(inode);
ret = ext4_convert_inline_data(inode);
inode_unlock(inode);
@@ -4772,7 +4770,6 @@ out:
inode_unlock(inode);
trace_ext4_fallocate_exit(inode, offset, max_blocks, ret);
exit:
- ext4_fc_stop_update(inode);
return ret;
}
--- a/fs/ext4/file.c
+++ b/fs/ext4/file.c
@@ -259,7 +259,6 @@ static ssize_t ext4_buffered_write_iter(
if (iocb->ki_flags & IOCB_NOWAIT)
return -EOPNOTSUPP;
- ext4_fc_start_update(inode);
inode_lock(inode);
ret = ext4_write_checks(iocb, from);
if (ret <= 0)
@@ -271,7 +270,6 @@ static ssize_t ext4_buffered_write_iter(
out:
inode_unlock(inode);
- ext4_fc_stop_update(inode);
if (likely(ret > 0)) {
iocb->ki_pos += ret;
ret = generic_write_sync(iocb, ret);
@@ -558,9 +556,7 @@ static ssize_t ext4_dio_write_iter(struc
goto out;
}
- ext4_fc_start_update(inode);
ret = ext4_orphan_add(handle, inode);
- ext4_fc_stop_update(inode);
if (ret) {
ext4_journal_stop(handle);
goto out;
--- a/fs/ext4/inode.c
+++ b/fs/ext4/inode.c
@@ -5366,7 +5366,7 @@ int ext4_setattr(struct user_namespace *
if (error)
return error;
}
- ext4_fc_start_update(inode);
+
if ((ia_valid & ATTR_UID && !uid_eq(attr->ia_uid, inode->i_uid)) ||
(ia_valid & ATTR_GID && !gid_eq(attr->ia_gid, inode->i_gid))) {
handle_t *handle;
@@ -5390,7 +5390,6 @@ int ext4_setattr(struct user_namespace *
if (error) {
ext4_journal_stop(handle);
- ext4_fc_stop_update(inode);
return error;
}
/* Update corresponding info in inode so that everything is in
@@ -5402,7 +5401,6 @@ int ext4_setattr(struct user_namespace *
error = ext4_mark_inode_dirty(handle, inode);
ext4_journal_stop(handle);
if (unlikely(error)) {
- ext4_fc_stop_update(inode);
return error;
}
}
@@ -5417,12 +5415,10 @@ int ext4_setattr(struct user_namespace *
struct ext4_sb_info *sbi = EXT4_SB(inode->i_sb);
if (attr->ia_size > sbi->s_bitmap_maxbytes) {
- ext4_fc_stop_update(inode);
return -EFBIG;
}
}
if (!S_ISREG(inode->i_mode)) {
- ext4_fc_stop_update(inode);
return -EINVAL;
}
@@ -5548,7 +5544,6 @@ err_out:
ext4_std_error(inode->i_sb, error);
if (!error)
error = rc;
- ext4_fc_stop_update(inode);
return error;
}
--- a/fs/ext4/ioctl.c
+++ b/fs/ext4/ioctl.c
@@ -744,7 +744,6 @@ int ext4_fileattr_set(struct user_namesp
u32 flags = fa->flags;
int err = -EOPNOTSUPP;
- ext4_fc_start_update(inode);
if (flags & ~EXT4_FL_USER_VISIBLE)
goto out;
@@ -765,7 +764,6 @@ int ext4_fileattr_set(struct user_namesp
goto out;
err = ext4_ioctl_setproject(inode, fa->fsx_projid);
out:
- ext4_fc_stop_update(inode);
return err;
}
@@ -1272,13 +1270,7 @@ resizefs_out:
long ext4_ioctl(struct file *filp, unsigned int cmd, unsigned long arg)
{
- long ret;
-
- ext4_fc_start_update(file_inode(filp));
- ret = __ext4_ioctl(filp, cmd, arg);
- ext4_fc_stop_update(file_inode(filp));
-
- return ret;
+ return __ext4_ioctl(filp, cmd, arg);
}
#ifdef CONFIG_COMPAT
--- a/fs/jbd2/journal.c
+++ b/fs/jbd2/journal.c
@@ -757,6 +757,7 @@ int jbd2_fc_begin_commit(journal_t *jour
}
journal->j_flags |= JBD2_FAST_COMMIT_ONGOING;
write_unlock(&journal->j_state_lock);
+ jbd2_journal_lock_updates(journal);
return 0;
}
@@ -768,6 +769,7 @@ EXPORT_SYMBOL(jbd2_fc_begin_commit);
*/
static int __jbd2_fc_end_commit(journal_t *journal, tid_t tid, bool fallback)
{
+ jbd2_journal_unlock_updates(journal);
if (journal->j_fc_cleanup_callback)
journal->j_fc_cleanup_callback(journal, 0, tid);
write_lock(&journal->j_state_lock);
^ permalink raw reply [flat|nested] 391+ messages in thread
* [PATCH 5.15 025/371] staging: iio: resolver: ads1210: fix config mode
2023-05-08 9:43 [PATCH 5.15 000/371] 5.15.111-rc1 review Greg Kroah-Hartman
` (23 preceding siblings ...)
2023-05-08 9:43 ` [PATCH 5.15 024/371] ext4: use ext4_journal_start/stop for fast commit transactions Greg Kroah-Hartman
@ 2023-05-08 9:43 ` Greg Kroah-Hartman
2023-05-08 9:43 ` [PATCH 5.15 026/371] tty: Prevent writing chars during tcsetattr TCSADRAIN/FLUSH Greg Kroah-Hartman
` (349 subsequent siblings)
374 siblings, 0 replies; 391+ messages in thread
From: Greg Kroah-Hartman @ 2023-05-08 9:43 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, stable, Nuno Sá
From: Nuno Sá <nuno.sa@analog.com>
commit 16313403d873ff17a587818b61f84c8cb4971cef upstream.
As stated in the device datasheet [1], bits a0 and a1 have to be set to
1 for the configuration mode.
[1]: https://www.analog.com/media/en/technical-documentation/data-sheets/ad2s1210.pdf
Fixes: b19e9ad5e2cb9 ("staging:iio:resolver:ad2s1210 general driver cleanup")
Cc: stable <stable@kernel.org>
Signed-off-by: Nuno Sá <nuno.sa@analog.com>
Link: https://lore.kernel.org/r/20230327145414.1505537-1-nuno.sa@analog.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/staging/iio/resolver/ad2s1210.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/drivers/staging/iio/resolver/ad2s1210.c
+++ b/drivers/staging/iio/resolver/ad2s1210.c
@@ -101,7 +101,7 @@ struct ad2s1210_state {
static const int ad2s1210_mode_vals[4][2] = {
[MOD_POS] = { 0, 0 },
[MOD_VEL] = { 0, 1 },
- [MOD_CONFIG] = { 1, 0 },
+ [MOD_CONFIG] = { 1, 1 },
};
static inline void ad2s1210_set_mode(enum ad2s1210_mode mode,
^ permalink raw reply [flat|nested] 391+ messages in thread
* [PATCH 5.15 026/371] tty: Prevent writing chars during tcsetattr TCSADRAIN/FLUSH
2023-05-08 9:43 [PATCH 5.15 000/371] 5.15.111-rc1 review Greg Kroah-Hartman
` (24 preceding siblings ...)
2023-05-08 9:43 ` [PATCH 5.15 025/371] staging: iio: resolver: ads1210: fix config mode Greg Kroah-Hartman
@ 2023-05-08 9:43 ` Greg Kroah-Hartman
2023-05-08 9:43 ` [PATCH 5.15 027/371] xhci: fix debugfs register accesses while suspended Greg Kroah-Hartman
` (348 subsequent siblings)
374 siblings, 0 replies; 391+ messages in thread
From: Greg Kroah-Hartman @ 2023-05-08 9:43 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Ilpo Järvinen
From: Ilpo Järvinen <ilpo.jarvinen@linux.intel.com>
commit 094fb49a2d0d6827c86d2e0840873e6db0c491d2 upstream.
If userspace races tcsetattr() with a write, the drained condition
might not be guaranteed by the kernel. There is a race window after
checking Tx is empty before tty_set_termios() takes termios_rwsem for
write. During that race window, more characters can be queued by a
racing writer.
Any ongoing transmission might produce garbage during HW's
->set_termios() call. The intent of TCSADRAIN/FLUSH seems to be
preventing such a character corruption. If those flags are set, take
tty's write lock to stop any writer before performing the lower layer
Tx empty check and wait for the pending characters to be sent (if any).
The initial wait for all-writers-done must be placed outside of tty's
write lock to avoid deadlock which makes it impossible to use
tty_wait_until_sent(). The write lock is retried if a racing write is
detected.
Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2")
Cc: stable@vger.kernel.org
Signed-off-by: Ilpo Järvinen <ilpo.jarvinen@linux.intel.com>
Link: https://lore.kernel.org/r/20230317113318.31327-2-ilpo.jarvinen@linux.intel.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/tty/tty.h | 2 ++
drivers/tty/tty_io.c | 4 ++--
drivers/tty/tty_ioctl.c | 45 +++++++++++++++++++++++++++++++++------------
3 files changed, 37 insertions(+), 14 deletions(-)
--- a/drivers/tty/tty.h
+++ b/drivers/tty/tty.h
@@ -62,6 +62,8 @@ int __tty_check_change(struct tty_struct
int tty_check_change(struct tty_struct *tty);
void __stop_tty(struct tty_struct *tty);
void __start_tty(struct tty_struct *tty);
+void tty_write_unlock(struct tty_struct *tty);
+int tty_write_lock(struct tty_struct *tty, int ndelay);
void tty_vhangup_session(struct tty_struct *tty);
void tty_open_proc_set_tty(struct file *filp, struct tty_struct *tty);
int tty_signal_session_leader(struct tty_struct *tty, int exit_session);
--- a/drivers/tty/tty_io.c
+++ b/drivers/tty/tty_io.c
@@ -950,13 +950,13 @@ static ssize_t tty_read(struct kiocb *io
return i;
}
-static void tty_write_unlock(struct tty_struct *tty)
+void tty_write_unlock(struct tty_struct *tty)
{
mutex_unlock(&tty->atomic_write_lock);
wake_up_interruptible_poll(&tty->write_wait, EPOLLOUT);
}
-static int tty_write_lock(struct tty_struct *tty, int ndelay)
+int tty_write_lock(struct tty_struct *tty, int ndelay)
{
if (!mutex_trylock(&tty->atomic_write_lock)) {
if (ndelay)
--- a/drivers/tty/tty_ioctl.c
+++ b/drivers/tty/tty_ioctl.c
@@ -421,21 +421,42 @@ static int set_termios(struct tty_struct
tmp_termios.c_ispeed = tty_termios_input_baud_rate(&tmp_termios);
tmp_termios.c_ospeed = tty_termios_baud_rate(&tmp_termios);
- ld = tty_ldisc_ref(tty);
+ if (opt & (TERMIOS_FLUSH|TERMIOS_WAIT)) {
+retry_write_wait:
+ retval = wait_event_interruptible(tty->write_wait, !tty_chars_in_buffer(tty));
+ if (retval < 0)
+ return retval;
- if (ld != NULL) {
- if ((opt & TERMIOS_FLUSH) && ld->ops->flush_buffer)
- ld->ops->flush_buffer(tty);
- tty_ldisc_deref(ld);
- }
+ if (tty_write_lock(tty, 0) < 0)
+ goto retry_write_wait;
- if (opt & TERMIOS_WAIT) {
- tty_wait_until_sent(tty, 0);
- if (signal_pending(current))
- return -ERESTARTSYS;
- }
+ /* Racing writer? */
+ if (tty_chars_in_buffer(tty)) {
+ tty_write_unlock(tty);
+ goto retry_write_wait;
+ }
+
+ ld = tty_ldisc_ref(tty);
+ if (ld != NULL) {
+ if ((opt & TERMIOS_FLUSH) && ld->ops->flush_buffer)
+ ld->ops->flush_buffer(tty);
+ tty_ldisc_deref(ld);
+ }
- tty_set_termios(tty, &tmp_termios);
+ if ((opt & TERMIOS_WAIT) && tty->ops->wait_until_sent) {
+ tty->ops->wait_until_sent(tty, 0);
+ if (signal_pending(current)) {
+ tty_write_unlock(tty);
+ return -ERESTARTSYS;
+ }
+ }
+
+ tty_set_termios(tty, &tmp_termios);
+
+ tty_write_unlock(tty);
+ } else {
+ tty_set_termios(tty, &tmp_termios);
+ }
/* FIXME: Arguably if tmp_termios == tty->termios AND the
actual requested termios was not tmp_termios then we may
^ permalink raw reply [flat|nested] 391+ messages in thread
* [PATCH 5.15 027/371] xhci: fix debugfs register accesses while suspended
2023-05-08 9:43 [PATCH 5.15 000/371] 5.15.111-rc1 review Greg Kroah-Hartman
` (25 preceding siblings ...)
2023-05-08 9:43 ` [PATCH 5.15 026/371] tty: Prevent writing chars during tcsetattr TCSADRAIN/FLUSH Greg Kroah-Hartman
@ 2023-05-08 9:43 ` Greg Kroah-Hartman
2023-05-08 9:43 ` [PATCH 5.15 028/371] tick/nohz: Fix cpu_is_hotpluggable() by checking with nohz subsystem Greg Kroah-Hartman
` (347 subsequent siblings)
374 siblings, 0 replies; 391+ messages in thread
From: Greg Kroah-Hartman @ 2023-05-08 9:43 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Johan Hovold
From: Johan Hovold <johan+linaro@kernel.org>
commit 735baf1b23458f71a8b15cb924af22c9ff9cd125 upstream.
Wire up the debugfs regset device pointer so that the controller is
resumed before accessing registers to avoid crashing or locking up if it
happens to be runtime suspended.
Fixes: 02b6fdc2a153 ("usb: xhci: Add debugfs interface for xHCI driver")
Cc: stable@vger.kernel.org # 4.15: 30332eeefec8: debugfs: regset32: Add Runtime PM support
Cc: stable@vger.kernel.org # 4.15
Signed-off-by: Johan Hovold <johan+linaro@kernel.org>
Link: https://lore.kernel.org/r/20230405090342.7363-1-johan+linaro@kernel.org
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/usb/host/xhci-debugfs.c | 1 +
1 file changed, 1 insertion(+)
--- a/drivers/usb/host/xhci-debugfs.c
+++ b/drivers/usb/host/xhci-debugfs.c
@@ -133,6 +133,7 @@ static void xhci_debugfs_regset(struct x
regset->regs = regs;
regset->nregs = nregs;
regset->base = hcd->regs + base;
+ regset->dev = hcd->self.controller;
debugfs_create_regset32((const char *)rgs->name, 0444, parent, regset);
}
^ permalink raw reply [flat|nested] 391+ messages in thread
* [PATCH 5.15 028/371] tick/nohz: Fix cpu_is_hotpluggable() by checking with nohz subsystem
2023-05-08 9:43 [PATCH 5.15 000/371] 5.15.111-rc1 review Greg Kroah-Hartman
` (26 preceding siblings ...)
2023-05-08 9:43 ` [PATCH 5.15 027/371] xhci: fix debugfs register accesses while suspended Greg Kroah-Hartman
@ 2023-05-08 9:43 ` Greg Kroah-Hartman
2023-05-08 9:43 ` [PATCH 5.15 029/371] MIPS: fw: Allow firmware to pass a empty env Greg Kroah-Hartman
` (346 subsequent siblings)
374 siblings, 0 replies; 391+ messages in thread
From: Greg Kroah-Hartman @ 2023-05-08 9:43 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Frederic Weisbecker,
Paul E. McKenney, Zhouyi Zhou, Will Deacon, Marc Zyngier, rcu,
Joel Fernandes (Google)
From: Joel Fernandes (Google) <joel@joelfernandes.org>
commit 58d7668242647e661a20efe065519abd6454287e upstream.
For CONFIG_NO_HZ_FULL systems, the tick_do_timer_cpu cannot be offlined.
However, cpu_is_hotpluggable() still returns true for those CPUs. This causes
torture tests that do offlining to end up trying to offline this CPU causing
test failures. Such failure happens on all architectures.
Fix the repeated error messages thrown by this (even if the hotplug errors are
harmless) by asking the opinion of the nohz subsystem on whether the CPU can be
hotplugged.
[ Apply Frederic Weisbecker feedback on refactoring tick_nohz_cpu_down(). ]
For drivers/base/ portion:
Acked-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Acked-by: Frederic Weisbecker <frederic@kernel.org>
Cc: Frederic Weisbecker <frederic@kernel.org>
Cc: "Paul E. McKenney" <paulmck@kernel.org>
Cc: Zhouyi Zhou <zhouzhouyi@gmail.com>
Cc: Will Deacon <will@kernel.org>
Cc: Marc Zyngier <maz@kernel.org>
Cc: rcu <rcu@vger.kernel.org>
Cc: stable@vger.kernel.org
Fixes: 2987557f52b9 ("driver-core/cpu: Expose hotpluggability to the rest of the kernel")
Signed-off-by: Paul E. McKenney <paulmck@kernel.org>
Signed-off-by: Joel Fernandes (Google) <joel@joelfernandes.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/base/cpu.c | 3 ++-
include/linux/tick.h | 2 ++
kernel/time/tick-sched.c | 11 ++++++++---
3 files changed, 12 insertions(+), 4 deletions(-)
--- a/drivers/base/cpu.c
+++ b/drivers/base/cpu.c
@@ -487,7 +487,8 @@ static const struct attribute_group *cpu
bool cpu_is_hotpluggable(unsigned int cpu)
{
struct device *dev = get_cpu_device(cpu);
- return dev && container_of(dev, struct cpu, dev)->hotpluggable;
+ return dev && container_of(dev, struct cpu, dev)->hotpluggable
+ && tick_nohz_cpu_hotpluggable(cpu);
}
EXPORT_SYMBOL_GPL(cpu_is_hotpluggable);
--- a/include/linux/tick.h
+++ b/include/linux/tick.h
@@ -216,6 +216,7 @@ extern void tick_nohz_dep_set_signal(str
enum tick_dep_bits bit);
extern void tick_nohz_dep_clear_signal(struct signal_struct *signal,
enum tick_dep_bits bit);
+extern bool tick_nohz_cpu_hotpluggable(unsigned int cpu);
/*
* The below are tick_nohz_[set,clear]_dep() wrappers that optimize off-cases
@@ -280,6 +281,7 @@ static inline void tick_nohz_full_add_cp
static inline void tick_nohz_dep_set_cpu(int cpu, enum tick_dep_bits bit) { }
static inline void tick_nohz_dep_clear_cpu(int cpu, enum tick_dep_bits bit) { }
+static inline bool tick_nohz_cpu_hotpluggable(unsigned int cpu) { return true; }
static inline void tick_dep_set(enum tick_dep_bits bit) { }
static inline void tick_dep_clear(enum tick_dep_bits bit) { }
--- a/kernel/time/tick-sched.c
+++ b/kernel/time/tick-sched.c
@@ -510,7 +510,7 @@ void __init tick_nohz_full_setup(cpumask
tick_nohz_full_running = true;
}
-static int tick_nohz_cpu_down(unsigned int cpu)
+bool tick_nohz_cpu_hotpluggable(unsigned int cpu)
{
/*
* The tick_do_timer_cpu CPU handles housekeeping duty (unbound
@@ -518,8 +518,13 @@ static int tick_nohz_cpu_down(unsigned i
* CPUs. It must remain online when nohz full is enabled.
*/
if (tick_nohz_full_running && tick_do_timer_cpu == cpu)
- return -EBUSY;
- return 0;
+ return false;
+ return true;
+}
+
+static int tick_nohz_cpu_down(unsigned int cpu)
+{
+ return tick_nohz_cpu_hotpluggable(cpu) ? 0 : -EBUSY;
}
void __init tick_nohz_init(void)
^ permalink raw reply [flat|nested] 391+ messages in thread
* [PATCH 5.15 029/371] MIPS: fw: Allow firmware to pass a empty env
2023-05-08 9:43 [PATCH 5.15 000/371] 5.15.111-rc1 review Greg Kroah-Hartman
` (27 preceding siblings ...)
2023-05-08 9:43 ` [PATCH 5.15 028/371] tick/nohz: Fix cpu_is_hotpluggable() by checking with nohz subsystem Greg Kroah-Hartman
@ 2023-05-08 9:43 ` Greg Kroah-Hartman
2023-05-08 9:43 ` [PATCH 5.15 030/371] ipmi:ssif: Add send_retries increment Greg Kroah-Hartman
` (345 subsequent siblings)
374 siblings, 0 replies; 391+ messages in thread
From: Greg Kroah-Hartman @ 2023-05-08 9:43 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Jiaxun Yang, Thomas Bogendoerfer
From: Jiaxun Yang <jiaxun.yang@flygoat.com>
commit ee1809ed7bc456a72dc8410b475b73021a3a68d5 upstream.
fw_getenv will use env entry to determine style of env,
however it is legal for firmware to just pass a empty list.
Check if first entry exist before running strchr to avoid
null pointer dereference.
Cc: stable@vger.kernel.org
Link: https://github.com/clbr/n64bootloader/issues/5
Signed-off-by: Jiaxun Yang <jiaxun.yang@flygoat.com>
Signed-off-by: Thomas Bogendoerfer <tsbogend@alpha.franken.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
arch/mips/fw/lib/cmdline.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/arch/mips/fw/lib/cmdline.c
+++ b/arch/mips/fw/lib/cmdline.c
@@ -53,7 +53,7 @@ char *fw_getenv(char *envname)
{
char *result = NULL;
- if (_fw_envp != NULL) {
+ if (_fw_envp != NULL && fw_envp(0) != NULL) {
/*
* Return a pointer to the given environment variable.
* YAMON uses "name", "value" pairs, while U-Boot uses
^ permalink raw reply [flat|nested] 391+ messages in thread
* [PATCH 5.15 030/371] ipmi:ssif: Add send_retries increment
2023-05-08 9:43 [PATCH 5.15 000/371] 5.15.111-rc1 review Greg Kroah-Hartman
` (28 preceding siblings ...)
2023-05-08 9:43 ` [PATCH 5.15 029/371] MIPS: fw: Allow firmware to pass a empty env Greg Kroah-Hartman
@ 2023-05-08 9:43 ` Greg Kroah-Hartman
2023-05-08 9:43 ` [PATCH 5.15 031/371] ipmi: fix SSIF not responding under certain cond Greg Kroah-Hartman
` (344 subsequent siblings)
374 siblings, 0 replies; 391+ messages in thread
From: Greg Kroah-Hartman @ 2023-05-08 9:43 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Pavel Machek, Corey Minyard
From: Corey Minyard <minyard@acm.org>
commit 6ce7995a43febe693d4894033c6e29314970646a upstream.
A recent change removed an increment of send_retries, re-add it.
Fixes: 95767ed78a18 ipmi:ssif: resend_msg() cannot fail
Reported-by: Pavel Machek <pavel@denx.de>
Cc: stable@vger.kernel.org
Signed-off-by: Corey Minyard <minyard@acm.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/char/ipmi/ipmi_ssif.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
--- a/drivers/char/ipmi/ipmi_ssif.c
+++ b/drivers/char/ipmi/ipmi_ssif.c
@@ -564,8 +564,10 @@ static void retry_timeout(struct timer_l
if (waiting)
start_get(ssif_info);
- if (resend)
+ if (resend) {
start_resend(ssif_info);
+ ssif_inc_stat(ssif_info, send_retries);
+ }
}
static void watch_timeout(struct timer_list *t)
^ permalink raw reply [flat|nested] 391+ messages in thread
* [PATCH 5.15 031/371] ipmi: fix SSIF not responding under certain cond.
2023-05-08 9:43 [PATCH 5.15 000/371] 5.15.111-rc1 review Greg Kroah-Hartman
` (29 preceding siblings ...)
2023-05-08 9:43 ` [PATCH 5.15 030/371] ipmi:ssif: Add send_retries increment Greg Kroah-Hartman
@ 2023-05-08 9:43 ` Greg Kroah-Hartman
2023-05-08 9:43 ` [PATCH 5.15 032/371] kheaders: Use array declaration instead of char Greg Kroah-Hartman
` (343 subsequent siblings)
374 siblings, 0 replies; 391+ messages in thread
From: Greg Kroah-Hartman @ 2023-05-08 9:43 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Zhang Yuchen, Corey Minyard
From: Zhang Yuchen <zhangyuchen.lcr@bytedance.com>
commit 6d2555cde2918409b0331560e66f84a0ad4849c6 upstream.
The ipmi communication is not restored after a specific version of BMC is
upgraded on our server.
The ipmi driver does not respond after printing the following log:
ipmi_ssif: Invalid response getting flags: 1c 1
I found that after entering this branch, ssif_info->ssif_state always
holds SSIF_GETTING_FLAGS and never return to IDLE.
As a result, the driver cannot be loaded, because the driver status is
checked during the unload process and must be IDLE in shutdown_ssif():
while (ssif_info->ssif_state != SSIF_IDLE)
schedule_timeout(1);
The process trigger this problem is:
1. One msg timeout and next msg start send, and call
ssif_set_need_watch().
2. ssif_set_need_watch()->watch_timeout()->start_flag_fetch() change
ssif_state to SSIF_GETTING_FLAGS.
3. In msg_done_handler() ssif_state == SSIF_GETTING_FLAGS, if an error
message is received, the second branch does not modify the ssif_state.
4. All retry action need IS_SSIF_IDLE() == True. Include retry action in
watch_timeout(), msg_done_handler(). Sending msg does not work either.
SSIF_IDLE is also checked in start_next_msg().
5. The only thing that can be triggered in the SSIF driver is
watch_timeout(), after destory_user(), this timer will stop too.
So, if enter this branch, the ssif_state will remain SSIF_GETTING_FLAGS
and can't send msg, no timer started, can't unload.
We did a comparative test before and after adding this patch, and the
result is effective.
Fixes: 259307074bfc ("ipmi: Add SMBus interface driver (SSIF)")
Cc: stable@vger.kernel.org
Signed-off-by: Zhang Yuchen <zhangyuchen.lcr@bytedance.com>
Message-Id: <20230412074907.80046-1-zhangyuchen.lcr@bytedance.com>
Signed-off-by: Corey Minyard <minyard@acm.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/char/ipmi/ipmi_ssif.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
--- a/drivers/char/ipmi/ipmi_ssif.c
+++ b/drivers/char/ipmi/ipmi_ssif.c
@@ -794,9 +794,9 @@ static void msg_done_handler(struct ssif
} else if (data[0] != (IPMI_NETFN_APP_REQUEST | 1) << 2
|| data[1] != IPMI_GET_MSG_FLAGS_CMD) {
/*
- * Don't abort here, maybe it was a queued
- * response to a previous command.
+ * Recv error response, give up.
*/
+ ssif_info->ssif_state = SSIF_IDLE;
ipmi_ssif_unlock_cond(ssif_info, flags);
dev_warn(&ssif_info->client->dev,
"Invalid response getting flags: %x %x\n",
^ permalink raw reply [flat|nested] 391+ messages in thread
* [PATCH 5.15 032/371] kheaders: Use array declaration instead of char
2023-05-08 9:43 [PATCH 5.15 000/371] 5.15.111-rc1 review Greg Kroah-Hartman
` (30 preceding siblings ...)
2023-05-08 9:43 ` [PATCH 5.15 031/371] ipmi: fix SSIF not responding under certain cond Greg Kroah-Hartman
@ 2023-05-08 9:43 ` Greg Kroah-Hartman
2023-05-08 9:43 ` [PATCH 5.15 033/371] wifi: mt76: add missing locking to protect against concurrent rx/status calls Greg Kroah-Hartman
` (342 subsequent siblings)
374 siblings, 0 replies; 391+ messages in thread
From: Greg Kroah-Hartman @ 2023-05-08 9:43 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Jakub Kicinski,
Joel Fernandes (Google),
Alexander Lobakin, Kees Cook
From: Kees Cook <keescook@chromium.org>
commit b69edab47f1da8edd8e7bfdf8c70f51a2a5d89fb upstream.
Under CONFIG_FORTIFY_SOURCE, memcpy() will check the size of destination
and source buffers. Defining kernel_headers_data as "char" would trip
this check. Since these addresses are treated as byte arrays, define
them as arrays (as done everywhere else).
This was seen with:
$ cat /sys/kernel/kheaders.tar.xz >> /dev/null
detected buffer overflow in memcpy
kernel BUG at lib/string_helpers.c:1027!
...
RIP: 0010:fortify_panic+0xf/0x20
[...]
Call Trace:
<TASK>
ikheaders_read+0x45/0x50 [kheaders]
kernfs_fop_read_iter+0x1a4/0x2f0
...
Reported-by: Jakub Kicinski <kuba@kernel.org>
Link: https://lore.kernel.org/bpf/20230302112130.6e402a98@kernel.org/
Acked-by: Joel Fernandes (Google) <joel@joelfernandes.org>
Reviewed-by: Alexander Lobakin <aleksander.lobakin@intel.com>
Tested-by: Jakub Kicinski <kuba@kernel.org>
Fixes: 43d8ce9d65a5 ("Provide in-kernel headers to make extending kernel easier")
Cc: stable@vger.kernel.org
Signed-off-by: Kees Cook <keescook@chromium.org>
Link: https://lore.kernel.org/r/20230302224946.never.243-kees@kernel.org
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
| 10 +++++-----
1 file changed, 5 insertions(+), 5 deletions(-)
--- a/kernel/kheaders.c
+++ b/kernel/kheaders.c
@@ -26,15 +26,15 @@ asm (
" .popsection \n"
);
-extern char kernel_headers_data;
-extern char kernel_headers_data_end;
+extern char kernel_headers_data[];
+extern char kernel_headers_data_end[];
static ssize_t
ikheaders_read(struct file *file, struct kobject *kobj,
struct bin_attribute *bin_attr,
char *buf, loff_t off, size_t len)
{
- memcpy(buf, &kernel_headers_data + off, len);
+ memcpy(buf, &kernel_headers_data[off], len);
return len;
}
@@ -48,8 +48,8 @@ static struct bin_attribute kheaders_att
static int __init ikheaders_init(void)
{
- kheaders_attr.size = (&kernel_headers_data_end -
- &kernel_headers_data);
+ kheaders_attr.size = (kernel_headers_data_end -
+ kernel_headers_data);
return sysfs_create_bin_file(kernel_kobj, &kheaders_attr);
}
^ permalink raw reply [flat|nested] 391+ messages in thread
* [PATCH 5.15 033/371] wifi: mt76: add missing locking to protect against concurrent rx/status calls
2023-05-08 9:43 [PATCH 5.15 000/371] 5.15.111-rc1 review Greg Kroah-Hartman
` (31 preceding siblings ...)
2023-05-08 9:43 ` [PATCH 5.15 032/371] kheaders: Use array declaration instead of char Greg Kroah-Hartman
@ 2023-05-08 9:43 ` Greg Kroah-Hartman
2023-05-08 9:43 ` [PATCH 5.15 034/371] pwm: meson: Fix axg ao mux parents Greg Kroah-Hartman
` (341 subsequent siblings)
374 siblings, 0 replies; 391+ messages in thread
From: Greg Kroah-Hartman @ 2023-05-08 9:43 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Brian Coverstone, Felix Fietkau
From: Felix Fietkau <nbd@nbd.name>
commit 5b8ccdfb943f6a03c676d2ea816dd38c149e920b upstream.
According to the documentation, ieee80211_rx_list must not run concurrently
with ieee80211_tx_status (or its variants).
Cc: stable@vger.kernel.org
Fixes: 88046b2c9f6d ("mt76: add support for reporting tx status with skb")
Reported-by: Brian Coverstone <brian@mainsequence.net>
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/net/wireless/mediatek/mt76/dma.c | 2 ++
drivers/net/wireless/mediatek/mt76/mt7603/mac.c | 5 ++++-
drivers/net/wireless/mediatek/mt76/mt7615/mac.c | 5 ++++-
drivers/net/wireless/mediatek/mt76/mt76x02_mac.c | 5 ++++-
drivers/net/wireless/mediatek/mt76/tx.c | 4 ++++
5 files changed, 18 insertions(+), 3 deletions(-)
--- a/drivers/net/wireless/mediatek/mt76/dma.c
+++ b/drivers/net/wireless/mediatek/mt76/dma.c
@@ -434,7 +434,9 @@ free:
free_skb:
status.skb = tx_info.skb;
hw = mt76_tx_status_get_hw(dev, tx_info.skb);
+ spin_lock_bh(&dev->rx_lock);
ieee80211_tx_status_ext(hw, &status);
+ spin_unlock_bh(&dev->rx_lock);
return ret;
}
--- a/drivers/net/wireless/mediatek/mt76/mt7603/mac.c
+++ b/drivers/net/wireless/mediatek/mt76/mt7603/mac.c
@@ -1284,8 +1284,11 @@ void mt7603_mac_add_txs(struct mt7603_de
if (wcidx >= MT7603_WTBL_STA || !sta)
goto out;
- if (mt7603_fill_txs(dev, msta, &info, txs_data))
+ if (mt7603_fill_txs(dev, msta, &info, txs_data)) {
+ spin_lock_bh(&dev->mt76.rx_lock);
ieee80211_tx_status_noskb(mt76_hw(dev), sta, &info);
+ spin_unlock_bh(&dev->mt76.rx_lock);
+ }
out:
rcu_read_unlock();
--- a/drivers/net/wireless/mediatek/mt76/mt7615/mac.c
+++ b/drivers/net/wireless/mediatek/mt76/mt7615/mac.c
@@ -1496,8 +1496,11 @@ static void mt7615_mac_add_txs(struct mt
if (wcid->ext_phy && dev->mt76.phy2)
mphy = dev->mt76.phy2;
- if (mt7615_fill_txs(dev, msta, &info, txs_data))
+ if (mt7615_fill_txs(dev, msta, &info, txs_data)) {
+ spin_lock_bh(&dev->mt76.rx_lock);
ieee80211_tx_status_noskb(mphy->hw, sta, &info);
+ spin_unlock_bh(&dev->mt76.rx_lock);
+ }
out:
rcu_read_unlock();
--- a/drivers/net/wireless/mediatek/mt76/mt76x02_mac.c
+++ b/drivers/net/wireless/mediatek/mt76/mt76x02_mac.c
@@ -631,8 +631,11 @@ void mt76x02_send_tx_status(struct mt76x
mt76_tx_status_unlock(mdev, &list);
- if (!status.skb)
+ if (!status.skb) {
+ spin_lock_bh(&dev->mt76.rx_lock);
ieee80211_tx_status_ext(mt76_hw(dev), &status);
+ spin_unlock_bh(&dev->mt76.rx_lock);
+ }
if (!len)
goto out;
--- a/drivers/net/wireless/mediatek/mt76/tx.c
+++ b/drivers/net/wireless/mediatek/mt76/tx.c
@@ -68,7 +68,9 @@ mt76_tx_status_unlock(struct mt76_dev *d
status.sta = wcid_to_sta(wcid);
hw = mt76_tx_status_get_hw(dev, skb);
+ spin_lock_bh(&dev->rx_lock);
ieee80211_tx_status_ext(hw, &status);
+ spin_unlock_bh(&dev->rx_lock);
}
rcu_read_unlock();
}
@@ -229,7 +231,9 @@ void __mt76_tx_complete_skb(struct mt76_
if (!skb->prev) {
hw = mt76_tx_status_get_hw(dev, skb);
status.sta = wcid_to_sta(wcid);
+ spin_lock_bh(&dev->rx_lock);
ieee80211_tx_status_ext(hw, &status);
+ spin_unlock_bh(&dev->rx_lock);
goto out;
}
^ permalink raw reply [flat|nested] 391+ messages in thread
* [PATCH 5.15 034/371] pwm: meson: Fix axg ao mux parents
2023-05-08 9:43 [PATCH 5.15 000/371] 5.15.111-rc1 review Greg Kroah-Hartman
` (32 preceding siblings ...)
2023-05-08 9:43 ` [PATCH 5.15 033/371] wifi: mt76: add missing locking to protect against concurrent rx/status calls Greg Kroah-Hartman
@ 2023-05-08 9:43 ` Greg Kroah-Hartman
2023-05-08 9:43 ` [PATCH 5.15 035/371] pwm: meson: Fix g12a ao clk81 name Greg Kroah-Hartman
` (340 subsequent siblings)
374 siblings, 0 replies; 391+ messages in thread
From: Greg Kroah-Hartman @ 2023-05-08 9:43 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Heiner Kallweit,
Martin Blumenstingl, Thierry Reding
From: Heiner Kallweit <hkallweit1@gmail.com>
commit eb411c0cf59ae6344b34bc6f0d298a22b300627e upstream.
This fix is basically the same as 9bce02ef0dfa ("pwm: meson: Fix the
G12A AO clock parents order"). Vendor driver referenced there has
xtal as first parent also for axg ao. In addition fix the name
of the aoclk81 clock. Apparently name aoclk81 as used by the vendor
driver was changed when mainlining the axg clock driver.
Fixes: bccaa3f917c9 ("pwm: meson: Add clock source configuration for Meson-AXG")
Cc: stable@vger.kernel.org
Signed-off-by: Heiner Kallweit <hkallweit1@gmail.com>
Reviewed-by: Martin Blumenstingl <martin.blumenstingl@googlemail.com>
Signed-off-by: Thierry Reding <thierry.reding@gmail.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/pwm/pwm-meson.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/drivers/pwm/pwm-meson.c
+++ b/drivers/pwm/pwm-meson.c
@@ -424,7 +424,7 @@ static const struct meson_pwm_data pwm_a
};
static const char * const pwm_axg_ao_parent_names[] = {
- "aoclk81", "xtal", "fclk_div4", "fclk_div5"
+ "xtal", "axg_ao_clk81", "fclk_div4", "fclk_div5"
};
static const struct meson_pwm_data pwm_axg_ao_data = {
^ permalink raw reply [flat|nested] 391+ messages in thread
* [PATCH 5.15 035/371] pwm: meson: Fix g12a ao clk81 name
2023-05-08 9:43 [PATCH 5.15 000/371] 5.15.111-rc1 review Greg Kroah-Hartman
` (33 preceding siblings ...)
2023-05-08 9:43 ` [PATCH 5.15 034/371] pwm: meson: Fix axg ao mux parents Greg Kroah-Hartman
@ 2023-05-08 9:43 ` Greg Kroah-Hartman
2023-05-08 9:43 ` [PATCH 5.15 036/371] soundwire: qcom: correct setting ignore bit on v1.5.1 Greg Kroah-Hartman
` (339 subsequent siblings)
374 siblings, 0 replies; 391+ messages in thread
From: Greg Kroah-Hartman @ 2023-05-08 9:43 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Heiner Kallweit,
Martin Blumenstingl, Thierry Reding
From: Heiner Kallweit <hkallweit1@gmail.com>
commit 9e4fa80ab7ef9eb4f7b1ea9fc31e0eb040e85e25 upstream.
Fix the name of the aoclk81 clock. Apparently name aoclk81 as used by
the vendor driver was changed when mainlining the g12a clock driver.
Fixes: f41efceb46e6 ("pwm: meson: Add clock source configuration for Meson G12A")
Cc: stable@vger.kernel.org
Signed-off-by: Heiner Kallweit <hkallweit1@gmail.com>
Reviewed-by: Martin Blumenstingl <martin.blumenstingl@googlemail.com>
Signed-off-by: Thierry Reding <thierry.reding@gmail.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/pwm/pwm-meson.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
--- a/drivers/pwm/pwm-meson.c
+++ b/drivers/pwm/pwm-meson.c
@@ -433,7 +433,7 @@ static const struct meson_pwm_data pwm_a
};
static const char * const pwm_g12a_ao_ab_parent_names[] = {
- "xtal", "aoclk81", "fclk_div4", "fclk_div5"
+ "xtal", "g12a_ao_clk81", "fclk_div4", "fclk_div5"
};
static const struct meson_pwm_data pwm_g12a_ao_ab_data = {
@@ -442,7 +442,7 @@ static const struct meson_pwm_data pwm_g
};
static const char * const pwm_g12a_ao_cd_parent_names[] = {
- "xtal", "aoclk81",
+ "xtal", "g12a_ao_clk81",
};
static const struct meson_pwm_data pwm_g12a_ao_cd_data = {
^ permalink raw reply [flat|nested] 391+ messages in thread
* [PATCH 5.15 036/371] soundwire: qcom: correct setting ignore bit on v1.5.1
2023-05-08 9:43 [PATCH 5.15 000/371] 5.15.111-rc1 review Greg Kroah-Hartman
` (34 preceding siblings ...)
2023-05-08 9:43 ` [PATCH 5.15 035/371] pwm: meson: Fix g12a ao clk81 name Greg Kroah-Hartman
@ 2023-05-08 9:43 ` Greg Kroah-Hartman
2023-05-08 9:43 ` [PATCH 5.15 037/371] pinctrl: qcom: lpass-lpi: set output value before enabling output Greg Kroah-Hartman
` (338 subsequent siblings)
374 siblings, 0 replies; 391+ messages in thread
From: Greg Kroah-Hartman @ 2023-05-08 9:43 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Krzysztof Kozlowski, Konrad Dybcio,
Vinod Koul
From: Krzysztof Kozlowski <krzysztof.kozlowski@linaro.org>
commit bd934f77eeac377e81ddac8673803e7334b82d3d upstream.
According to the comment and to downstream sources, the
SWRM_CONTINUE_EXEC_ON_CMD_IGNORE in SWRM_CMD_FIFO_CFG_ADDR register
should be set for v1.5.1 and newer, so fix the >= operator.
Fixes: 542d3491cdd7 ("soundwire: qcom: set continue execution flag for ignored commands")
Cc: <stable@vger.kernel.org>
Signed-off-by: Krzysztof Kozlowski <krzysztof.kozlowski@linaro.org>
Reviewed-by: Konrad Dybcio <konrad.dybcio@linaro.org>
Link: https://lore.kernel.org/r/20230222140343.188691-1-krzysztof.kozlowski@linaro.org
Signed-off-by: Vinod Koul <vkoul@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/soundwire/qcom.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/drivers/soundwire/qcom.c
+++ b/drivers/soundwire/qcom.c
@@ -640,7 +640,7 @@ static int qcom_swrm_init(struct qcom_sw
ctrl->reg_write(ctrl, SWRM_MCP_BUS_CTRL, SWRM_MCP_BUS_CLK_START);
/* Configure number of retries of a read/write cmd */
- if (ctrl->version > 0x01050001) {
+ if (ctrl->version >= 0x01050001) {
/* Only for versions >= 1.5.1 */
ctrl->reg_write(ctrl, SWRM_CMD_FIFO_CFG_ADDR,
SWRM_RD_WR_CMD_RETRIES |
^ permalink raw reply [flat|nested] 391+ messages in thread
* [PATCH 5.15 037/371] pinctrl: qcom: lpass-lpi: set output value before enabling output
2023-05-08 9:43 [PATCH 5.15 000/371] 5.15.111-rc1 review Greg Kroah-Hartman
` (35 preceding siblings ...)
2023-05-08 9:43 ` [PATCH 5.15 036/371] soundwire: qcom: correct setting ignore bit on v1.5.1 Greg Kroah-Hartman
@ 2023-05-08 9:43 ` Greg Kroah-Hartman
2023-05-08 9:43 ` [PATCH 5.15 038/371] ring-buffer: Sync IRQ works before buffer destruction Greg Kroah-Hartman
` (337 subsequent siblings)
374 siblings, 0 replies; 391+ messages in thread
From: Greg Kroah-Hartman @ 2023-05-08 9:43 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Krzysztof Kozlowski, Konrad Dybcio,
Linus Walleij
From: Krzysztof Kozlowski <krzysztof.kozlowski@linaro.org>
commit 163bfb0cb1f6fbf961cf912cbde57399ea1ae0e8 upstream.
As per Hardware Programming Guide, when configuring pin as output,
set the pin value before setting output-enable (OE). Similar approach
is in main SoC TLMM pin controller.
Cc: <stable@vger.kernel.org>
Fixes: 6e261d1090d6 ("pinctrl: qcom: Add sm8250 lpass lpi pinctrl driver")
Signed-off-by: Krzysztof Kozlowski <krzysztof.kozlowski@linaro.org>
Reviewed-by: Konrad Dybcio <konrad.dybcio@linaro.org>
Link: https://lore.kernel.org/r/20230309154949.658380-1-krzysztof.kozlowski@linaro.org
Signed-off-by: Linus Walleij <linus.walleij@linaro.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/pinctrl/qcom/pinctrl-lpass-lpi.c | 14 +++++++++-----
1 file changed, 9 insertions(+), 5 deletions(-)
--- a/drivers/pinctrl/qcom/pinctrl-lpass-lpi.c
+++ b/drivers/pinctrl/qcom/pinctrl-lpass-lpi.c
@@ -452,6 +452,15 @@ static int lpi_config_set(struct pinctrl
}
}
+ /*
+ * As per Hardware Programming Guide, when configuring pin as output,
+ * set the pin value before setting output-enable (OE).
+ */
+ if (output_enabled) {
+ val = u32_encode_bits(value ? 1 : 0, LPI_GPIO_VALUE_OUT_MASK);
+ lpi_gpio_write(pctrl, group, LPI_GPIO_VALUE_REG, val);
+ }
+
val = lpi_gpio_read(pctrl, group, LPI_GPIO_CFG_REG);
u32p_replace_bits(&val, pullup, LPI_GPIO_PULL_MASK);
@@ -461,11 +470,6 @@ static int lpi_config_set(struct pinctrl
lpi_gpio_write(pctrl, group, LPI_GPIO_CFG_REG, val);
- if (output_enabled) {
- val = u32_encode_bits(value ? 1 : 0, LPI_GPIO_VALUE_OUT_MASK);
- lpi_gpio_write(pctrl, group, LPI_GPIO_VALUE_REG, val);
- }
-
return 0;
}
^ permalink raw reply [flat|nested] 391+ messages in thread
* [PATCH 5.15 038/371] ring-buffer: Sync IRQ works before buffer destruction
2023-05-08 9:43 [PATCH 5.15 000/371] 5.15.111-rc1 review Greg Kroah-Hartman
` (36 preceding siblings ...)
2023-05-08 9:43 ` [PATCH 5.15 037/371] pinctrl: qcom: lpass-lpi: set output value before enabling output Greg Kroah-Hartman
@ 2023-05-08 9:43 ` Greg Kroah-Hartman
2023-05-08 9:44 ` [PATCH 5.15 039/371] crypto: api - Demote BUG_ON() in crypto_unregister_alg() to a WARN_ON() Greg Kroah-Hartman
` (336 subsequent siblings)
374 siblings, 0 replies; 391+ messages in thread
From: Greg Kroah-Hartman @ 2023-05-08 9:43 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Masami Hiramatsu, Johannes Berg,
Steven Rostedt (Google)
From: Johannes Berg <johannes.berg@intel.com>
commit 675751bb20634f981498c7d66161584080cc061e upstream.
If something was written to the buffer just before destruction,
it may be possible (maybe not in a real system, but it did
happen in ARCH=um with time-travel) to destroy the ringbuffer
before the IRQ work ran, leading this KASAN report (or a crash
without KASAN):
BUG: KASAN: slab-use-after-free in irq_work_run_list+0x11a/0x13a
Read of size 8 at addr 000000006d640a48 by task swapper/0
CPU: 0 PID: 0 Comm: swapper Tainted: G W O 6.3.0-rc1 #7
Stack:
60c4f20f 0c203d48 41b58ab3 60f224fc
600477fa 60f35687 60c4f20f 601273dd
00000008 6101eb00 6101eab0 615be548
Call Trace:
[<60047a58>] show_stack+0x25e/0x282
[<60c609e0>] dump_stack_lvl+0x96/0xfd
[<60c50d4c>] print_report+0x1a7/0x5a8
[<603078d3>] kasan_report+0xc1/0xe9
[<60308950>] __asan_report_load8_noabort+0x1b/0x1d
[<60232844>] irq_work_run_list+0x11a/0x13a
[<602328b4>] irq_work_tick+0x24/0x34
[<6017f9dc>] update_process_times+0x162/0x196
[<6019f335>] tick_sched_handle+0x1a4/0x1c3
[<6019fd9e>] tick_sched_timer+0x79/0x10c
[<601812b9>] __hrtimer_run_queues.constprop.0+0x425/0x695
[<60182913>] hrtimer_interrupt+0x16c/0x2c4
[<600486a3>] um_timer+0x164/0x183
[...]
Allocated by task 411:
save_stack_trace+0x99/0xb5
stack_trace_save+0x81/0x9b
kasan_save_stack+0x2d/0x54
kasan_set_track+0x34/0x3e
kasan_save_alloc_info+0x25/0x28
____kasan_kmalloc+0x8b/0x97
__kasan_kmalloc+0x10/0x12
__kmalloc+0xb2/0xe8
load_elf_phdrs+0xee/0x182
[...]
The buggy address belongs to the object at 000000006d640800
which belongs to the cache kmalloc-1k of size 1024
The buggy address is located 584 bytes inside of
freed 1024-byte region [000000006d640800, 000000006d640c00)
Add the appropriate irq_work_sync() so the work finishes before
the buffers are destroyed.
Prior to the commit in the Fixes tag below, there was only a
single global IRQ work, so this issue didn't exist.
Link: https://lore.kernel.org/linux-trace-kernel/20230427175920.a76159263122.I8295e405c44362a86c995e9c2c37e3e03810aa56@changeid
Cc: stable@vger.kernel.org
Cc: Masami Hiramatsu <mhiramat@kernel.org>
Fixes: 15693458c4bc ("tracing/ring-buffer: Move poll wake ups into ring buffer code")
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: Steven Rostedt (Google) <rostedt@goodmis.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
kernel/trace/ring_buffer.c | 4 ++++
1 file changed, 4 insertions(+)
--- a/kernel/trace/ring_buffer.c
+++ b/kernel/trace/ring_buffer.c
@@ -1742,6 +1742,8 @@ static void rb_free_cpu_buffer(struct ri
struct list_head *head = cpu_buffer->pages;
struct buffer_page *bpage, *tmp;
+ irq_work_sync(&cpu_buffer->irq_work.work);
+
free_buffer_page(cpu_buffer->reader_page);
if (head) {
@@ -1848,6 +1850,8 @@ ring_buffer_free(struct trace_buffer *bu
cpuhp_state_remove_instance(CPUHP_TRACE_RB_PREPARE, &buffer->node);
+ irq_work_sync(&buffer->irq_work.work);
+
for_each_buffer_cpu(buffer, cpu)
rb_free_cpu_buffer(buffer->buffers[cpu]);
^ permalink raw reply [flat|nested] 391+ messages in thread
* [PATCH 5.15 039/371] crypto: api - Demote BUG_ON() in crypto_unregister_alg() to a WARN_ON()
2023-05-08 9:43 [PATCH 5.15 000/371] 5.15.111-rc1 review Greg Kroah-Hartman
` (37 preceding siblings ...)
2023-05-08 9:43 ` [PATCH 5.15 038/371] ring-buffer: Sync IRQ works before buffer destruction Greg Kroah-Hartman
@ 2023-05-08 9:44 ` Greg Kroah-Hartman
2023-05-08 9:44 ` [PATCH 5.15 040/371] crypto: safexcel - Cleanup ring IRQ workqueues on load failure Greg Kroah-Hartman
` (335 subsequent siblings)
374 siblings, 0 replies; 391+ messages in thread
From: Greg Kroah-Hartman @ 2023-05-08 9:44 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Toke Høiland-Jørgensen,
Herbert Xu
From: Toke Høiland-Jørgensen <toke@redhat.com>
commit a543ada7db729514ddd3ba4efa45f4c7b802ad85 upstream.
The crypto_unregister_alg() function expects callers to ensure that any
algorithm that is unregistered has a refcnt of exactly 1, and issues a
BUG_ON() if this is not the case. However, there are in fact drivers that
will call crypto_unregister_alg() without ensuring that the refcnt has been
lowered first, most notably on system shutdown. This causes the BUG_ON() to
trigger, which prevents a clean shutdown and hangs the system.
To avoid such hangs on shutdown, demote the BUG_ON() in
crypto_unregister_alg() to a WARN_ON() with early return. Cc stable because
this problem was observed on a 6.2 kernel, cf the link below.
Link: https://lore.kernel.org/r/87r0tyq8ph.fsf@toke.dk
Cc: stable@vger.kernel.org
Signed-off-by: Toke Høiland-Jørgensen <toke@redhat.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
crypto/algapi.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
--- a/crypto/algapi.c
+++ b/crypto/algapi.c
@@ -456,7 +456,9 @@ void crypto_unregister_alg(struct crypto
if (WARN(ret, "Algorithm %s is not registered", alg->cra_driver_name))
return;
- BUG_ON(refcount_read(&alg->cra_refcnt) != 1);
+ if (WARN_ON(refcount_read(&alg->cra_refcnt) != 1))
+ return;
+
if (alg->cra_destroy)
alg->cra_destroy(alg);
^ permalink raw reply [flat|nested] 391+ messages in thread
* [PATCH 5.15 040/371] crypto: safexcel - Cleanup ring IRQ workqueues on load failure
2023-05-08 9:43 [PATCH 5.15 000/371] 5.15.111-rc1 review Greg Kroah-Hartman
` (38 preceding siblings ...)
2023-05-08 9:44 ` [PATCH 5.15 039/371] crypto: api - Demote BUG_ON() in crypto_unregister_alg() to a WARN_ON() Greg Kroah-Hartman
@ 2023-05-08 9:44 ` Greg Kroah-Hartman
2023-05-08 9:44 ` [PATCH 5.15 041/371] rcu: Avoid stack overflow due to __rcu_irq_enter_check_tick() being kprobe-ed Greg Kroah-Hartman
` (334 subsequent siblings)
374 siblings, 0 replies; 391+ messages in thread
From: Greg Kroah-Hartman @ 2023-05-08 9:44 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Jonathan McDowell, Herbert Xu
From: Jonathan McDowell <noodles@earth.li>
commit ca25c00ccbc5f942c63897ed23584cfc66e8ec81 upstream.
A failure loading the safexcel driver results in the following warning
on boot, because the IRQ affinity has not been correctly cleaned up.
Ensure we clean up the affinity and workqueues on a failure to load the
driver.
crypto-safexcel: probe of f2800000.crypto failed with error -2
------------[ cut here ]------------
WARNING: CPU: 1 PID: 232 at kernel/irq/manage.c:1913 free_irq+0x300/0x340
Modules linked in: hwmon mdio_i2c crypto_safexcel(+) md5 sha256_generic libsha256 authenc libdes omap_rng rng_core nft_masq nft_nat nft_chain_nat nf_nat nft_ct nf_conntrack nf_defrag_ipv6 nf_defrag_ipv4 nf_tables libcrc32c nfnetlink fuse autofs4
CPU: 1 PID: 232 Comm: systemd-udevd Tainted: G W 6.1.6-00002-g9d4898824677 #3
Hardware name: MikroTik RB5009 (DT)
pstate: 600000c5 (nZCv daIF -PAN -UAO -TCO -DIT -SSBS BTYPE=--)
pc : free_irq+0x300/0x340
lr : free_irq+0x2e0/0x340
sp : ffff800008fa3890
x29: ffff800008fa3890 x28: 0000000000000000 x27: 0000000000000000
x26: ffff8000008e6dc0 x25: ffff000009034cac x24: ffff000009034d50
x23: 0000000000000000 x22: 000000000000004a x21: ffff0000093e0d80
x20: ffff000009034c00 x19: ffff00000615fc00 x18: 0000000000000000
x17: 0000000000000000 x16: 0000000000000000 x15: 000075f5c1584c5e
x14: 0000000000000017 x13: 0000000000000000 x12: 0000000000000040
x11: ffff000000579b60 x10: ffff000000579b62 x9 : ffff800008bbe370
x8 : ffff000000579dd0 x7 : 0000000000000000 x6 : ffff000000579e18
x5 : ffff000000579da8 x4 : ffff800008ca0000 x3 : ffff800008ca0188
x2 : 0000000013033204 x1 : ffff000009034c00 x0 : ffff8000087eadf0
Call trace:
free_irq+0x300/0x340
devm_irq_release+0x14/0x20
devres_release_all+0xa0/0x100
device_unbind_cleanup+0x14/0x60
really_probe+0x198/0x2d4
__driver_probe_device+0x74/0xdc
driver_probe_device+0x3c/0x110
__driver_attach+0x8c/0x190
bus_for_each_dev+0x6c/0xc0
driver_attach+0x20/0x30
bus_add_driver+0x148/0x1fc
driver_register+0x74/0x120
__platform_driver_register+0x24/0x30
safexcel_init+0x48/0x1000 [crypto_safexcel]
do_one_initcall+0x4c/0x1b0
do_init_module+0x44/0x1cc
load_module+0x1724/0x1be4
__do_sys_finit_module+0xbc/0x110
__arm64_sys_finit_module+0x1c/0x24
invoke_syscall+0x44/0x110
el0_svc_common.constprop.0+0xc0/0xe0
do_el0_svc+0x20/0x80
el0_svc+0x14/0x4c
el0t_64_sync_handler+0xb0/0xb4
el0t_64_sync+0x148/0x14c
---[ end trace 0000000000000000 ]---
Fixes: 1b44c5a60c13 ("inside-secure - add SafeXcel EIP197 crypto engine driver")
Signed-off-by: Jonathan McDowell <noodles@earth.li>
Cc: stable@vger.kernel.org
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/crypto/inside-secure/safexcel.c | 37 +++++++++++++++++++++++---------
1 file changed, 27 insertions(+), 10 deletions(-)
--- a/drivers/crypto/inside-secure/safexcel.c
+++ b/drivers/crypto/inside-secure/safexcel.c
@@ -1631,19 +1631,23 @@ static int safexcel_probe_generic(void *
&priv->ring[i].rdr);
if (ret) {
dev_err(dev, "Failed to initialize rings\n");
- return ret;
+ goto err_cleanup_rings;
}
priv->ring[i].rdr_req = devm_kcalloc(dev,
EIP197_DEFAULT_RING_SIZE,
sizeof(*priv->ring[i].rdr_req),
GFP_KERNEL);
- if (!priv->ring[i].rdr_req)
- return -ENOMEM;
+ if (!priv->ring[i].rdr_req) {
+ ret = -ENOMEM;
+ goto err_cleanup_rings;
+ }
ring_irq = devm_kzalloc(dev, sizeof(*ring_irq), GFP_KERNEL);
- if (!ring_irq)
- return -ENOMEM;
+ if (!ring_irq) {
+ ret = -ENOMEM;
+ goto err_cleanup_rings;
+ }
ring_irq->priv = priv;
ring_irq->ring = i;
@@ -1657,7 +1661,8 @@ static int safexcel_probe_generic(void *
ring_irq);
if (irq < 0) {
dev_err(dev, "Failed to get IRQ ID for ring %d\n", i);
- return irq;
+ ret = irq;
+ goto err_cleanup_rings;
}
priv->ring[i].irq = irq;
@@ -1669,8 +1674,10 @@ static int safexcel_probe_generic(void *
snprintf(wq_name, 9, "wq_ring%d", i);
priv->ring[i].workqueue =
create_singlethread_workqueue(wq_name);
- if (!priv->ring[i].workqueue)
- return -ENOMEM;
+ if (!priv->ring[i].workqueue) {
+ ret = -ENOMEM;
+ goto err_cleanup_rings;
+ }
priv->ring[i].requests = 0;
priv->ring[i].busy = false;
@@ -1687,16 +1694,26 @@ static int safexcel_probe_generic(void *
ret = safexcel_hw_init(priv);
if (ret) {
dev_err(dev, "HW init failed (%d)\n", ret);
- return ret;
+ goto err_cleanup_rings;
}
ret = safexcel_register_algorithms(priv);
if (ret) {
dev_err(dev, "Failed to register algorithms (%d)\n", ret);
- return ret;
+ goto err_cleanup_rings;
}
return 0;
+
+err_cleanup_rings:
+ for (i = 0; i < priv->config.rings; i++) {
+ if (priv->ring[i].irq)
+ irq_set_affinity_hint(priv->ring[i].irq, NULL);
+ if (priv->ring[i].workqueue)
+ destroy_workqueue(priv->ring[i].workqueue);
+ }
+
+ return ret;
}
static void safexcel_hw_reset_rings(struct safexcel_crypto_priv *priv)
^ permalink raw reply [flat|nested] 391+ messages in thread
* [PATCH 5.15 041/371] rcu: Avoid stack overflow due to __rcu_irq_enter_check_tick() being kprobe-ed
2023-05-08 9:43 [PATCH 5.15 000/371] 5.15.111-rc1 review Greg Kroah-Hartman
` (39 preceding siblings ...)
2023-05-08 9:44 ` [PATCH 5.15 040/371] crypto: safexcel - Cleanup ring IRQ workqueues on load failure Greg Kroah-Hartman
@ 2023-05-08 9:44 ` Greg Kroah-Hartman
2023-05-08 9:44 ` [PATCH 5.15 042/371] reiserfs: Add security prefix to xattr name in reiserfs_security_write() Greg Kroah-Hartman
` (333 subsequent siblings)
374 siblings, 0 replies; 391+ messages in thread
From: Greg Kroah-Hartman @ 2023-05-08 9:44 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Joel Fernandes (Google),
Zheng Yejian, Paul E. McKenney
From: Zheng Yejian <zhengyejian1@huawei.com>
commit 7a29fb4a4771124bc61de397dbfc1554dbbcc19c upstream.
Registering a kprobe on __rcu_irq_enter_check_tick() can cause kernel
stack overflow as shown below. This issue can be reproduced by enabling
CONFIG_NO_HZ_FULL and booting the kernel with argument "nohz_full=",
and then giving the following commands at the shell prompt:
# cd /sys/kernel/tracing/
# echo 'p:mp1 __rcu_irq_enter_check_tick' >> kprobe_events
# echo 1 > events/kprobes/enable
This commit therefore adds __rcu_irq_enter_check_tick() to the kprobes
blacklist using NOKPROBE_SYMBOL().
Insufficient stack space to handle exception!
ESR: 0x00000000f2000004 -- BRK (AArch64)
FAR: 0x0000ffffccf3e510
Task stack: [0xffff80000ad30000..0xffff80000ad38000]
IRQ stack: [0xffff800008050000..0xffff800008058000]
Overflow stack: [0xffff089c36f9f310..0xffff089c36fa0310]
CPU: 5 PID: 190 Comm: bash Not tainted 6.2.0-rc2-00320-g1f5abbd77e2c #19
Hardware name: linux,dummy-virt (DT)
pstate: 400003c5 (nZcv DAIF -PAN -UAO -TCO -DIT -SSBS BTYPE=--)
pc : __rcu_irq_enter_check_tick+0x0/0x1b8
lr : ct_nmi_enter+0x11c/0x138
sp : ffff80000ad30080
x29: ffff80000ad30080 x28: ffff089c82e20000 x27: 0000000000000000
x26: 0000000000000000 x25: ffff089c02a8d100 x24: 0000000000000000
x23: 00000000400003c5 x22: 0000ffffccf3e510 x21: ffff089c36fae148
x20: ffff80000ad30120 x19: ffffa8da8fcce148 x18: 0000000000000000
x17: 0000000000000000 x16: 0000000000000000 x15: ffffa8da8e44ea6c
x14: ffffa8da8e44e968 x13: ffffa8da8e03136c x12: 1fffe113804d6809
x11: ffff6113804d6809 x10: 0000000000000a60 x9 : dfff800000000000
x8 : ffff089c026b404f x7 : 00009eec7fb297f7 x6 : 0000000000000001
x5 : ffff80000ad30120 x4 : dfff800000000000 x3 : ffffa8da8e3016f4
x2 : 0000000000000003 x1 : 0000000000000000 x0 : 0000000000000000
Kernel panic - not syncing: kernel stack overflow
CPU: 5 PID: 190 Comm: bash Not tainted 6.2.0-rc2-00320-g1f5abbd77e2c #19
Hardware name: linux,dummy-virt (DT)
Call trace:
dump_backtrace+0xf8/0x108
show_stack+0x20/0x30
dump_stack_lvl+0x68/0x84
dump_stack+0x1c/0x38
panic+0x214/0x404
add_taint+0x0/0xf8
panic_bad_stack+0x144/0x160
handle_bad_stack+0x38/0x58
__bad_stack+0x78/0x7c
__rcu_irq_enter_check_tick+0x0/0x1b8
arm64_enter_el1_dbg.isra.0+0x14/0x20
el1_dbg+0x2c/0x90
el1h_64_sync_handler+0xcc/0xe8
el1h_64_sync+0x64/0x68
__rcu_irq_enter_check_tick+0x0/0x1b8
arm64_enter_el1_dbg.isra.0+0x14/0x20
el1_dbg+0x2c/0x90
el1h_64_sync_handler+0xcc/0xe8
el1h_64_sync+0x64/0x68
__rcu_irq_enter_check_tick+0x0/0x1b8
arm64_enter_el1_dbg.isra.0+0x14/0x20
el1_dbg+0x2c/0x90
el1h_64_sync_handler+0xcc/0xe8
el1h_64_sync+0x64/0x68
__rcu_irq_enter_check_tick+0x0/0x1b8
[...]
el1_dbg+0x2c/0x90
el1h_64_sync_handler+0xcc/0xe8
el1h_64_sync+0x64/0x68
__rcu_irq_enter_check_tick+0x0/0x1b8
arm64_enter_el1_dbg.isra.0+0x14/0x20
el1_dbg+0x2c/0x90
el1h_64_sync_handler+0xcc/0xe8
el1h_64_sync+0x64/0x68
__rcu_irq_enter_check_tick+0x0/0x1b8
arm64_enter_el1_dbg.isra.0+0x14/0x20
el1_dbg+0x2c/0x90
el1h_64_sync_handler+0xcc/0xe8
el1h_64_sync+0x64/0x68
__rcu_irq_enter_check_tick+0x0/0x1b8
el1_interrupt+0x28/0x60
el1h_64_irq_handler+0x18/0x28
el1h_64_irq+0x64/0x68
__ftrace_set_clr_event_nolock+0x98/0x198
__ftrace_set_clr_event+0x58/0x80
system_enable_write+0x144/0x178
vfs_write+0x174/0x738
ksys_write+0xd0/0x188
__arm64_sys_write+0x4c/0x60
invoke_syscall+0x64/0x180
el0_svc_common.constprop.0+0x84/0x160
do_el0_svc+0x48/0xe8
el0_svc+0x34/0xd0
el0t_64_sync_handler+0xb8/0xc0
el0t_64_sync+0x190/0x194
SMP: stopping secondary CPUs
Kernel Offset: 0x28da86000000 from 0xffff800008000000
PHYS_OFFSET: 0xfffff76600000000
CPU features: 0x00000,01a00100,0000421b
Memory Limit: none
Acked-by: Joel Fernandes (Google) <joel@joelfernandes.org>
Link: https://lore.kernel.org/all/20221119040049.795065-1-zhengyejian1@huawei.com/
Fixes: aaf2bc50df1f ("rcu: Abstract out rcu_irq_enter_check_tick() from rcu_nmi_enter()")
Signed-off-by: Zheng Yejian <zhengyejian1@huawei.com>
Cc: stable@vger.kernel.org
Signed-off-by: Paul E. McKenney <paulmck@kernel.org>
Signed-off-by: Joel Fernandes (Google) <joel@joelfernandes.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
kernel/rcu/tree.c | 1 +
1 file changed, 1 insertion(+)
--- a/kernel/rcu/tree.c
+++ b/kernel/rcu/tree.c
@@ -975,6 +975,7 @@ void __rcu_irq_enter_check_tick(void)
}
raw_spin_unlock_rcu_node(rdp->mynode);
}
+NOKPROBE_SYMBOL(__rcu_irq_enter_check_tick);
#endif /* CONFIG_NO_HZ_FULL */
/**
^ permalink raw reply [flat|nested] 391+ messages in thread
* [PATCH 5.15 042/371] reiserfs: Add security prefix to xattr name in reiserfs_security_write()
2023-05-08 9:43 [PATCH 5.15 000/371] 5.15.111-rc1 review Greg Kroah-Hartman
` (40 preceding siblings ...)
2023-05-08 9:44 ` [PATCH 5.15 041/371] rcu: Avoid stack overflow due to __rcu_irq_enter_check_tick() being kprobe-ed Greg Kroah-Hartman
@ 2023-05-08 9:44 ` Greg Kroah-Hartman
2023-05-08 9:44 ` [PATCH 5.15 043/371] KVM: nVMX: Emulate NOPs in L2, and PAUSE if its not intercepted Greg Kroah-Hartman
` (332 subsequent siblings)
374 siblings, 0 replies; 391+ messages in thread
From: Greg Kroah-Hartman @ 2023-05-08 9:44 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Roberto Sassu, Paul Moore
From: Roberto Sassu <roberto.sassu@huawei.com>
commit d82dcd9e21b77d338dc4875f3d4111f0db314a7c upstream.
Reiserfs sets a security xattr at inode creation time in two stages: first,
it calls reiserfs_security_init() to obtain the xattr from active LSMs;
then, it calls reiserfs_security_write() to actually write that xattr.
Unfortunately, it seems there is a wrong expectation that LSMs provide the
full xattr name in the form 'security.<suffix>'. However, LSMs always
provided just the suffix, causing reiserfs to not write the xattr at all
(if the suffix is shorter than the prefix), or to write an xattr with the
wrong name.
Add a temporary buffer in reiserfs_security_write(), and write to it the
full xattr name, before passing it to reiserfs_xattr_set_handle().
Also replace the name length check with a check that the full xattr name is
not larger than XATTR_NAME_MAX.
Cc: stable@vger.kernel.org # v2.6.x
Fixes: 57fe60df6241 ("reiserfs: add atomic addition of selinux attributes during inode creation")
Signed-off-by: Roberto Sassu <roberto.sassu@huawei.com>
Signed-off-by: Paul Moore <paul@paul-moore.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/reiserfs/xattr_security.c | 8 ++++++--
1 file changed, 6 insertions(+), 2 deletions(-)
--- a/fs/reiserfs/xattr_security.c
+++ b/fs/reiserfs/xattr_security.c
@@ -82,11 +82,15 @@ int reiserfs_security_write(struct reise
struct inode *inode,
struct reiserfs_security_handle *sec)
{
+ char xattr_name[XATTR_NAME_MAX + 1] = XATTR_SECURITY_PREFIX;
int error;
- if (strlen(sec->name) < sizeof(XATTR_SECURITY_PREFIX))
+
+ if (XATTR_SECURITY_PREFIX_LEN + strlen(sec->name) > XATTR_NAME_MAX)
return -EINVAL;
- error = reiserfs_xattr_set_handle(th, inode, sec->name, sec->value,
+ strlcat(xattr_name, sec->name, sizeof(xattr_name));
+
+ error = reiserfs_xattr_set_handle(th, inode, xattr_name, sec->value,
sec->length, XATTR_CREATE);
if (error == -ENODATA || error == -EOPNOTSUPP)
error = 0;
^ permalink raw reply [flat|nested] 391+ messages in thread
* [PATCH 5.15 043/371] KVM: nVMX: Emulate NOPs in L2, and PAUSE if its not intercepted
2023-05-08 9:43 [PATCH 5.15 000/371] 5.15.111-rc1 review Greg Kroah-Hartman
` (41 preceding siblings ...)
2023-05-08 9:44 ` [PATCH 5.15 042/371] reiserfs: Add security prefix to xattr name in reiserfs_security_write() Greg Kroah-Hartman
@ 2023-05-08 9:44 ` Greg Kroah-Hartman
2023-05-08 9:44 ` [PATCH 5.15 044/371] relayfs: fix out-of-bounds access in relay_file_read Greg Kroah-Hartman
` (331 subsequent siblings)
374 siblings, 0 replies; 391+ messages in thread
From: Greg Kroah-Hartman @ 2023-05-08 9:44 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Mathias Krause, Paolo Bonzini,
Sean Christopherson
From: Sean Christopherson <seanjc@google.com>
commit 4984563823f0034d3533854c1b50e729f5191089 upstream.
Extend VMX's nested intercept logic for emulated instructions to handle
"pause" interception, in quotes because KVM's emulator doesn't filter out
NOPs when checking for nested intercepts. Failure to allow emulation of
NOPs results in KVM injecting a #UD into L2 on any NOP that collides with
the emulator's definition of PAUSE, i.e. on all single-byte NOPs.
For PAUSE itself, honor L1's PAUSE-exiting control, but ignore PLE to
avoid unnecessarily injecting a #UD into L2. Per the SDM, the first
execution of PAUSE after VM-Entry is treated as the beginning of a new
loop, i.e. will never trigger a PLE VM-Exit, and so L1 can't expect any
given execution of PAUSE to deterministically exit.
... the processor considers this execution to be the first execution of
PAUSE in a loop. (It also does so for the first execution of PAUSE at
CPL 0 after VM entry.)
All that said, the PLE side of things is currently a moot point, as KVM
doesn't expose PLE to L1.
Note, vmx_check_intercept() is still wildly broken when L1 wants to
intercept an instruction, as KVM injects a #UD instead of synthesizing a
nested VM-Exit. That issue extends far beyond NOP/PAUSE and needs far
more effort to fix, i.e. is a problem for the future.
Fixes: 07721feee46b ("KVM: nVMX: Don't emulate instructions in guest mode")
Cc: Mathias Krause <minipli@grsecurity.net>
Cc: stable@vger.kernel.org
Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
Link: https://lore.kernel.org/r/20230405002359.418138-1-seanjc@google.com
Signed-off-by: Sean Christopherson <seanjc@google.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
arch/x86/kvm/vmx/vmx.c | 15 +++++++++++++++
1 file changed, 15 insertions(+)
--- a/arch/x86/kvm/vmx/vmx.c
+++ b/arch/x86/kvm/vmx/vmx.c
@@ -7493,6 +7493,21 @@ static int vmx_check_intercept(struct kv
/* FIXME: produce nested vmexit and return X86EMUL_INTERCEPTED. */
break;
+ case x86_intercept_pause:
+ /*
+ * PAUSE is a single-byte NOP with a REPE prefix, i.e. collides
+ * with vanilla NOPs in the emulator. Apply the interception
+ * check only to actual PAUSE instructions. Don't check
+ * PAUSE-loop-exiting, software can't expect a given PAUSE to
+ * exit, i.e. KVM is within its rights to allow L2 to execute
+ * the PAUSE.
+ */
+ if ((info->rep_prefix != REPE_PREFIX) ||
+ !nested_cpu_has2(vmcs12, CPU_BASED_PAUSE_EXITING))
+ return X86EMUL_CONTINUE;
+
+ break;
+
/* TODO: check more intercepts... */
default:
break;
^ permalink raw reply [flat|nested] 391+ messages in thread
* [PATCH 5.15 044/371] relayfs: fix out-of-bounds access in relay_file_read
2023-05-08 9:43 [PATCH 5.15 000/371] 5.15.111-rc1 review Greg Kroah-Hartman
` (42 preceding siblings ...)
2023-05-08 9:44 ` [PATCH 5.15 043/371] KVM: nVMX: Emulate NOPs in L2, and PAUSE if its not intercepted Greg Kroah-Hartman
@ 2023-05-08 9:44 ` Greg Kroah-Hartman
2023-05-08 9:44 ` [PATCH 5.15 045/371] writeback, cgroup: fix null-ptr-deref write in bdi_split_work_to_wbs Greg Kroah-Hartman
` (330 subsequent siblings)
374 siblings, 0 replies; 391+ messages in thread
From: Greg Kroah-Hartman @ 2023-05-08 9:44 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Zhang Zhengming, Zhao Lei,
Zhou Kete, Pengcheng Yang, Jens Axboe, Andrew Morton
From: Zhang Zhengming <zhang.zhengming@h3c.com>
commit 43ec16f1450f4936025a9bdf1a273affdb9732c1 upstream.
There is a crash in relay_file_read, as the var from
point to the end of last subbuf.
The oops looks something like:
pc : __arch_copy_to_user+0x180/0x310
lr : relay_file_read+0x20c/0x2c8
Call trace:
__arch_copy_to_user+0x180/0x310
full_proxy_read+0x68/0x98
vfs_read+0xb0/0x1d0
ksys_read+0x6c/0xf0
__arm64_sys_read+0x20/0x28
el0_svc_common.constprop.3+0x84/0x108
do_el0_svc+0x74/0x90
el0_svc+0x1c/0x28
el0_sync_handler+0x88/0xb0
el0_sync+0x148/0x180
We get the condition by analyzing the vmcore:
1). The last produced byte and last consumed byte
both at the end of the last subbuf
2). A softirq calls function(e.g __blk_add_trace)
to write relay buffer occurs when an program is calling
relay_file_read_avail().
relay_file_read
relay_file_read_avail
relay_file_read_consume(buf, 0, 0);
//interrupted by softirq who will write subbuf
....
return 1;
//read_start point to the end of the last subbuf
read_start = relay_file_read_start_pos
//avail is equal to subsize
avail = relay_file_read_subbuf_avail
//from points to an invalid memory address
from = buf->start + read_start
//system is crashed
copy_to_user(buffer, from, avail)
Link: https://lkml.kernel.org/r/20230419040203.37676-1-zhang.zhengming@h3c.com
Fixes: 8d62fdebdaf9 ("relay file read: start-pos fix")
Signed-off-by: Zhang Zhengming <zhang.zhengming@h3c.com>
Reviewed-by: Zhao Lei <zhao_lei1@hoperun.com>
Reviewed-by: Zhou Kete <zhou.kete@h3c.com>
Reviewed-by: Pengcheng Yang <yangpc@wangsu.com>
Cc: Jens Axboe <axboe@kernel.dk>
Cc: <stable@vger.kernel.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
kernel/relay.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
--- a/kernel/relay.c
+++ b/kernel/relay.c
@@ -992,7 +992,8 @@ static size_t relay_file_read_start_pos(
size_t subbuf_size = buf->chan->subbuf_size;
size_t n_subbufs = buf->chan->n_subbufs;
size_t consumed = buf->subbufs_consumed % n_subbufs;
- size_t read_pos = consumed * subbuf_size + buf->bytes_consumed;
+ size_t read_pos = (consumed * subbuf_size + buf->bytes_consumed)
+ % (n_subbufs * subbuf_size);
read_subbuf = read_pos / subbuf_size;
padding = buf->padding[read_subbuf];
^ permalink raw reply [flat|nested] 391+ messages in thread
* [PATCH 5.15 045/371] writeback, cgroup: fix null-ptr-deref write in bdi_split_work_to_wbs
2023-05-08 9:43 [PATCH 5.15 000/371] 5.15.111-rc1 review Greg Kroah-Hartman
` (43 preceding siblings ...)
2023-05-08 9:44 ` [PATCH 5.15 044/371] relayfs: fix out-of-bounds access in relay_file_read Greg Kroah-Hartman
@ 2023-05-08 9:44 ` Greg Kroah-Hartman
2023-05-08 9:44 ` [PATCH 5.15 046/371] ksmbd: call rcu_barrier() in ksmbd_server_exit() Greg Kroah-Hartman
` (329 subsequent siblings)
374 siblings, 0 replies; 391+ messages in thread
From: Greg Kroah-Hartman @ 2023-05-08 9:44 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Baokun Li, Jan Kara, Tejun Heo,
Alexander Viro, Andreas Dilger, Christian Brauner, Dennis Zhou,
Hou Tao, yangerkun, Zhang Yi, Jens Axboe, Andrew Morton,
Sasha Levin
From: Baokun Li <libaokun1@huawei.com>
[ Upstream commit 1ba1199ec5747f475538c0d25a32804e5ba1dfde ]
KASAN report null-ptr-deref:
==================================================================
BUG: KASAN: null-ptr-deref in bdi_split_work_to_wbs+0x5c5/0x7b0
Write of size 8 at addr 0000000000000000 by task sync/943
CPU: 5 PID: 943 Comm: sync Tainted: 6.3.0-rc5-next-20230406-dirty #461
Call Trace:
<TASK>
dump_stack_lvl+0x7f/0xc0
print_report+0x2ba/0x340
kasan_report+0xc4/0x120
kasan_check_range+0x1b7/0x2e0
__kasan_check_write+0x24/0x40
bdi_split_work_to_wbs+0x5c5/0x7b0
sync_inodes_sb+0x195/0x630
sync_inodes_one_sb+0x3a/0x50
iterate_supers+0x106/0x1b0
ksys_sync+0x98/0x160
[...]
==================================================================
The race that causes the above issue is as follows:
cpu1 cpu2
-------------------------|-------------------------
inode_switch_wbs
INIT_WORK(&isw->work, inode_switch_wbs_work_fn)
queue_rcu_work(isw_wq, &isw->work)
// queue_work async
inode_switch_wbs_work_fn
wb_put_many(old_wb, nr_switched)
percpu_ref_put_many
ref->data->release(ref)
cgwb_release
queue_work(cgwb_release_wq, &wb->release_work)
// queue_work async
&wb->release_work
cgwb_release_workfn
ksys_sync
iterate_supers
sync_inodes_one_sb
sync_inodes_sb
bdi_split_work_to_wbs
kmalloc(sizeof(*work), GFP_ATOMIC)
// alloc memory failed
percpu_ref_exit
ref->data = NULL
kfree(data)
wb_get(wb)
percpu_ref_get(&wb->refcnt)
percpu_ref_get_many(ref, 1)
atomic_long_add(nr, &ref->data->count)
atomic64_add(i, v)
// trigger null-ptr-deref
bdi_split_work_to_wbs() traverses &bdi->wb_list to split work into all
wbs. If the allocation of new work fails, the on-stack fallback will be
used and the reference count of the current wb is increased afterwards.
If cgroup writeback membership switches occur before getting the reference
count and the current wb is released as old_wd, then calling wb_get() or
wb_put() will trigger the null pointer dereference above.
This issue was introduced in v4.3-rc7 (see fix tag1). Both
sync_inodes_sb() and __writeback_inodes_sb_nr() calls to
bdi_split_work_to_wbs() can trigger this issue. For scenarios called via
sync_inodes_sb(), originally commit 7fc5854f8c6e ("writeback: synchronize
sync(2) against cgroup writeback membership switches") reduced the
possibility of the issue by adding wb_switch_rwsem, but in v5.14-rc1 (see
fix tag2) removed the "inode_io_list_del_locked(inode, old_wb)" from
inode_switch_wbs_work_fn() so that wb->state contains WB_has_dirty_io,
thus old_wb is not skipped when traversing wbs in bdi_split_work_to_wbs(),
and the issue becomes easily reproducible again.
To solve this problem, percpu_ref_exit() is called under RCU protection to
avoid race between cgwb_release_workfn() and bdi_split_work_to_wbs().
Moreover, replace wb_get() with wb_tryget() in bdi_split_work_to_wbs(),
and skip the current wb if wb_tryget() fails because the wb has already
been shutdown.
Link: https://lkml.kernel.org/r/20230410130826.1492525-1-libaokun1@huawei.com
Fixes: b817525a4a80 ("writeback: bdi_writeback iteration must not skip dying ones")
Signed-off-by: Baokun Li <libaokun1@huawei.com>
Reviewed-by: Jan Kara <jack@suse.cz>
Acked-by: Tejun Heo <tj@kernel.org>
Cc: Alexander Viro <viro@zeniv.linux.org.uk>
Cc: Andreas Dilger <adilger.kernel@dilger.ca>
Cc: Christian Brauner <brauner@kernel.org>
Cc: Dennis Zhou <dennis@kernel.org>
Cc: Hou Tao <houtao1@huawei.com>
Cc: yangerkun <yangerkun@huawei.com>
Cc: Zhang Yi <yi.zhang@huawei.com>
Cc: Jens Axboe <axboe@kernel.dk>
Cc: <stable@vger.kernel.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
fs/fs-writeback.c | 17 ++++++++++-------
mm/backing-dev.c | 12 ++++++++++--
2 files changed, 20 insertions(+), 9 deletions(-)
--- a/fs/fs-writeback.c
+++ b/fs/fs-writeback.c
@@ -1009,6 +1009,16 @@ restart:
continue;
}
+ /*
+ * If wb_tryget fails, the wb has been shutdown, skip it.
+ *
+ * Pin @wb so that it stays on @bdi->wb_list. This allows
+ * continuing iteration from @wb after dropping and
+ * regrabbing rcu read lock.
+ */
+ if (!wb_tryget(wb))
+ continue;
+
/* alloc failed, execute synchronously using on-stack fallback */
work = &fallback_work;
*work = *base_work;
@@ -1017,13 +1027,6 @@ restart:
work->done = &fallback_work_done;
wb_queue_work(wb, work);
-
- /*
- * Pin @wb so that it stays on @bdi->wb_list. This allows
- * continuing iteration from @wb after dropping and
- * regrabbing rcu read lock.
- */
- wb_get(wb);
last_wb = wb;
rcu_read_unlock();
--- a/mm/backing-dev.c
+++ b/mm/backing-dev.c
@@ -385,6 +385,15 @@ static LIST_HEAD(offline_cgwbs);
static void cleanup_offline_cgwbs_workfn(struct work_struct *work);
static DECLARE_WORK(cleanup_offline_cgwbs_work, cleanup_offline_cgwbs_workfn);
+static void cgwb_free_rcu(struct rcu_head *rcu_head)
+{
+ struct bdi_writeback *wb = container_of(rcu_head,
+ struct bdi_writeback, rcu);
+
+ percpu_ref_exit(&wb->refcnt);
+ kfree(wb);
+}
+
static void cgwb_release_workfn(struct work_struct *work)
{
struct bdi_writeback *wb = container_of(work, struct bdi_writeback,
@@ -407,10 +416,9 @@ static void cgwb_release_workfn(struct w
list_del(&wb->offline_node);
spin_unlock_irq(&cgwb_lock);
- percpu_ref_exit(&wb->refcnt);
wb_exit(wb);
WARN_ON_ONCE(!list_empty(&wb->b_attached));
- kfree_rcu(wb, rcu);
+ call_rcu(&wb->rcu, cgwb_free_rcu);
}
static void cgwb_release(struct percpu_ref *refcnt)
^ permalink raw reply [flat|nested] 391+ messages in thread
* [PATCH 5.15 046/371] ksmbd: call rcu_barrier() in ksmbd_server_exit()
2023-05-08 9:43 [PATCH 5.15 000/371] 5.15.111-rc1 review Greg Kroah-Hartman
` (44 preceding siblings ...)
2023-05-08 9:44 ` [PATCH 5.15 045/371] writeback, cgroup: fix null-ptr-deref write in bdi_split_work_to_wbs Greg Kroah-Hartman
@ 2023-05-08 9:44 ` Greg Kroah-Hartman
2023-05-08 9:44 ` [PATCH 5.15 047/371] ksmbd: fix NULL pointer dereference in smb2_get_info_filesystem() Greg Kroah-Hartman
` (328 subsequent siblings)
374 siblings, 0 replies; 391+ messages in thread
From: Greg Kroah-Hartman @ 2023-05-08 9:44 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Namjae Jeon, Steve French, zdi-disclosures
From: Namjae Jeon <linkinjeon@kernel.org>
commit eb307d09fe15844fdaebeb8cc8c9b9e925430aa5 upstream.
racy issue is triggered the bug by racing between closing a connection
and rmmod. In ksmbd, rcu_barrier() is not called at module unload time,
so nothing prevents ksmbd from getting unloaded while it still has RCU
callbacks pending. It leads to trigger unintended execution of kernel
code locally and use to defeat protections such as Kernel Lockdown
Cc: stable@vger.kernel.org
Reported-by: zdi-disclosures@trendmicro.com # ZDI-CAN-20477
Signed-off-by: Namjae Jeon <linkinjeon@kernel.org>
Signed-off-by: Steve French <stfrench@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/ksmbd/server.c | 1 +
1 file changed, 1 insertion(+)
--- a/fs/ksmbd/server.c
+++ b/fs/ksmbd/server.c
@@ -611,6 +611,7 @@ err_unregister:
static void __exit ksmbd_server_exit(void)
{
ksmbd_server_shutdown();
+ rcu_barrier();
ksmbd_release_inode_hash();
}
^ permalink raw reply [flat|nested] 391+ messages in thread
* [PATCH 5.15 047/371] ksmbd: fix NULL pointer dereference in smb2_get_info_filesystem()
2023-05-08 9:43 [PATCH 5.15 000/371] 5.15.111-rc1 review Greg Kroah-Hartman
` (45 preceding siblings ...)
2023-05-08 9:44 ` [PATCH 5.15 046/371] ksmbd: call rcu_barrier() in ksmbd_server_exit() Greg Kroah-Hartman
@ 2023-05-08 9:44 ` Greg Kroah-Hartman
2023-05-08 9:44 ` [PATCH 5.15 048/371] ksmbd: fix memleak in session setup Greg Kroah-Hartman
` (327 subsequent siblings)
374 siblings, 0 replies; 391+ messages in thread
From: Greg Kroah-Hartman @ 2023-05-08 9:44 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Namjae Jeon, Steve French, zdi-disclosures
From: Namjae Jeon <linkinjeon@kernel.org>
commit 3ac00a2ab69b34189942afa9e862d5170cdcb018 upstream.
If share is , share->path is NULL and it cause NULL pointer
dereference issue.
Cc: stable@vger.kernel.org
Reported-by: zdi-disclosures@trendmicro.com # ZDI-CAN-20479
Signed-off-by: Namjae Jeon <linkinjeon@kernel.org>
Signed-off-by: Steve French <stfrench@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/ksmbd/smb2pdu.c | 3 +++
1 file changed, 3 insertions(+)
--- a/fs/ksmbd/smb2pdu.c
+++ b/fs/ksmbd/smb2pdu.c
@@ -4879,6 +4879,9 @@ static int smb2_get_info_filesystem(stru
int rc = 0, len;
int fs_infoclass_size = 0;
+ if (!share->path)
+ return -EIO;
+
rc = kern_path(share->path, LOOKUP_NO_SYMLINKS, &path);
if (rc) {
pr_err("cannot create vfs path\n");
^ permalink raw reply [flat|nested] 391+ messages in thread
* [PATCH 5.15 048/371] ksmbd: fix memleak in session setup
2023-05-08 9:43 [PATCH 5.15 000/371] 5.15.111-rc1 review Greg Kroah-Hartman
` (46 preceding siblings ...)
2023-05-08 9:44 ` [PATCH 5.15 047/371] ksmbd: fix NULL pointer dereference in smb2_get_info_filesystem() Greg Kroah-Hartman
@ 2023-05-08 9:44 ` Greg Kroah-Hartman
2023-05-08 9:44 ` [PATCH 5.15 049/371] i2c: omap: Fix standard mode false ACK readings Greg Kroah-Hartman
` (326 subsequent siblings)
374 siblings, 0 replies; 391+ messages in thread
From: Greg Kroah-Hartman @ 2023-05-08 9:44 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Namjae Jeon, Steve French, zdi-disclosures
From: Namjae Jeon <linkinjeon@kernel.org>
commit 6d7cb549c2ca20e1f07593f15e936fd54b763028 upstream.
If client send session setup request with unknown NTLMSSP message type,
session that does not included channel can be created. It will cause
session memleak. because ksmbd_sessions_deregister() does not destroy
session if channel is not included. This patch return error response if
client send the request unknown NTLMSSP message type.
Cc: stable@vger.kernel.org
Reported-by: zdi-disclosures@trendmicro.com # ZDI-CAN-20593
Signed-off-by: Namjae Jeon <linkinjeon@kernel.org>
Signed-off-by: Steve French <stfrench@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/ksmbd/smb2pdu.c | 4 ++++
1 file changed, 4 insertions(+)
--- a/fs/ksmbd/smb2pdu.c
+++ b/fs/ksmbd/smb2pdu.c
@@ -1786,6 +1786,10 @@ int smb2_sess_setup(struct ksmbd_work *w
}
kfree(sess->Preauth_HashValue);
sess->Preauth_HashValue = NULL;
+ } else {
+ pr_info_ratelimited("Unknown NTLMSSP message type : 0x%x\n",
+ le32_to_cpu(negblob->MessageType));
+ rc = -EINVAL;
}
} else {
/* TODO: need one more negotiation */
^ permalink raw reply [flat|nested] 391+ messages in thread
* [PATCH 5.15 049/371] i2c: omap: Fix standard mode false ACK readings
2023-05-08 9:43 [PATCH 5.15 000/371] 5.15.111-rc1 review Greg Kroah-Hartman
` (47 preceding siblings ...)
2023-05-08 9:44 ` [PATCH 5.15 048/371] ksmbd: fix memleak in session setup Greg Kroah-Hartman
@ 2023-05-08 9:44 ` Greg Kroah-Hartman
2023-05-08 9:44 ` [PATCH 5.15 050/371] riscv: mm: remove redundant parameter of create_fdt_early_page_table Greg Kroah-Hartman
` (325 subsequent siblings)
374 siblings, 0 replies; 391+ messages in thread
From: Greg Kroah-Hartman @ 2023-05-08 9:44 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Reid Tonking, Vignesh Raghavendra,
Tony Lindgren, Wolfram Sang
From: Reid Tonking <reidt@ti.com>
commit c770657bd2611b077ec1e7b1fe6aa92f249399bd upstream.
Using standard mode, rare false ACK responses were appearing with
i2cdetect tool. This was happening due to NACK interrupt triggering
ISR thread before register access interrupt was ready. Removing the
NACK interrupt's ability to trigger ISR thread lets register access
ready interrupt do this instead.
Cc: <stable@vger.kernel.org> # v3.7+
Fixes: 3b2f8f82dad7 ("i2c: omap: switch to threaded IRQ support")
Signed-off-by: Reid Tonking <reidt@ti.com>
Acked-by: Vignesh Raghavendra <vigneshr@ti.com>
Reviewed-by: Tony Lindgren <tony@atomide.com>
Signed-off-by: Wolfram Sang <wsa@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/i2c/busses/i2c-omap.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/drivers/i2c/busses/i2c-omap.c
+++ b/drivers/i2c/busses/i2c-omap.c
@@ -1058,7 +1058,7 @@ omap_i2c_isr(int irq, void *dev_id)
u16 stat;
stat = omap_i2c_read_reg(omap, OMAP_I2C_STAT_REG);
- mask = omap_i2c_read_reg(omap, OMAP_I2C_IE_REG);
+ mask = omap_i2c_read_reg(omap, OMAP_I2C_IE_REG) & ~OMAP_I2C_STAT_NACK;
if (stat & mask)
ret = IRQ_WAKE_THREAD;
^ permalink raw reply [flat|nested] 391+ messages in thread
* [PATCH 5.15 050/371] riscv: mm: remove redundant parameter of create_fdt_early_page_table
2023-05-08 9:43 [PATCH 5.15 000/371] 5.15.111-rc1 review Greg Kroah-Hartman
` (48 preceding siblings ...)
2023-05-08 9:44 ` [PATCH 5.15 049/371] i2c: omap: Fix standard mode false ACK readings Greg Kroah-Hartman
@ 2023-05-08 9:44 ` Greg Kroah-Hartman
2023-05-08 9:44 ` [PATCH 5.15 051/371] tracing: Fix permissions for the buffer_percent file Greg Kroah-Hartman
` (324 subsequent siblings)
374 siblings, 0 replies; 391+ messages in thread
From: Greg Kroah-Hartman @ 2023-05-08 9:44 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Alexandre Ghiti, Song Shuai,
Conor Dooley, Palmer Dabbelt
From: Song Shuai <suagrfillet@gmail.com>
commit e4ef93edd4e0b022529303db1915766ff9de450e upstream.
create_fdt_early_page_table() explicitly uses early_pg_dir for
32-bit fdt mapping and the pgdir parameter is redundant here.
So remove it and its caller.
Reviewed-by: Alexandre Ghiti <alexghiti@rivosinc.com>
Signed-off-by: Song Shuai <suagrfillet@gmail.com>
Reviewed-by: Conor Dooley <conor.dooley@microchip.com>
Fixes: ef69d2559fe9 ("riscv: Move early dtb mapping into the fixmap region")
Cc: stable@vger.kernel.org
Link: https://lore.kernel.org/r/20230426100009.685435-1-suagrfillet@gmail.com
Signed-off-by: Palmer Dabbelt <palmer@rivosinc.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
arch/riscv/mm/init.c | 6 ++----
1 file changed, 2 insertions(+), 4 deletions(-)
--- a/arch/riscv/mm/init.c
+++ b/arch/riscv/mm/init.c
@@ -569,8 +569,7 @@ static void __init create_kernel_page_ta
* this means 2 PMD entries whereas for 32-bit kernel, this is only 1 PGDIR
* entry.
*/
-static void __init create_fdt_early_page_table(pgd_t *pgdir,
- uintptr_t fix_fdt_va,
+static void __init create_fdt_early_page_table(uintptr_t fix_fdt_va,
uintptr_t dtb_pa)
{
uintptr_t pa = dtb_pa & ~(PMD_SIZE - 1);
@@ -678,8 +677,7 @@ asmlinkage void __init setup_vm(uintptr_
create_kernel_page_table(early_pg_dir, true);
/* Setup early mapping for FDT early scan */
- create_fdt_early_page_table(early_pg_dir,
- __fix_to_virt(FIX_FDT), dtb_pa);
+ create_fdt_early_page_table(__fix_to_virt(FIX_FDT), dtb_pa);
/*
* Bootime fixmap only can handle PMD_SIZE mapping. Thus, boot-ioremap
^ permalink raw reply [flat|nested] 391+ messages in thread
* [PATCH 5.15 051/371] tracing: Fix permissions for the buffer_percent file
2023-05-08 9:43 [PATCH 5.15 000/371] 5.15.111-rc1 review Greg Kroah-Hartman
` (49 preceding siblings ...)
2023-05-08 9:44 ` [PATCH 5.15 050/371] riscv: mm: remove redundant parameter of create_fdt_early_page_table Greg Kroah-Hartman
@ 2023-05-08 9:44 ` Greg Kroah-Hartman
2023-05-08 9:44 ` [PATCH 5.15 052/371] iommu/amd: Fix "Guest Virtual APIC Table Root Pointer" configuration in IRTE Greg Kroah-Hartman
` (323 subsequent siblings)
374 siblings, 0 replies; 391+ messages in thread
From: Greg Kroah-Hartman @ 2023-05-08 9:44 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Masami Hiramatsu, Ondrej Mosnacek,
Steven Rostedt (Google)
From: Ondrej Mosnacek <omosnace@redhat.com>
commit 4f94559f40ad06d627c0fdfc3319cec778a2845b upstream.
This file defines both read and write operations, yet it is being
created as read-only. This means that it can't be written to without the
CAP_DAC_OVERRIDE capability. Fix the permissions to allow root to write
to it without the need to override DAC perms.
Link: https://lore.kernel.org/linux-trace-kernel/20230503140114.3280002-1-omosnace@redhat.com
Cc: stable@vger.kernel.org
Cc: Masami Hiramatsu <mhiramat@kernel.org>
Fixes: 03329f993978 ("tracing: Add tracefs file buffer_percentage")
Signed-off-by: Ondrej Mosnacek <omosnace@redhat.com>
Signed-off-by: Steven Rostedt (Google) <rostedt@goodmis.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
kernel/trace/trace.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/kernel/trace/trace.c
+++ b/kernel/trace/trace.c
@@ -9565,7 +9565,7 @@ init_tracer_tracefs(struct trace_array *
tr->buffer_percent = 50;
- trace_create_file("buffer_percent", TRACE_MODE_READ, d_tracer,
+ trace_create_file("buffer_percent", TRACE_MODE_WRITE, d_tracer,
tr, &buffer_percent_fops);
create_trace_options_dir(tr);
^ permalink raw reply [flat|nested] 391+ messages in thread
* [PATCH 5.15 052/371] iommu/amd: Fix "Guest Virtual APIC Table Root Pointer" configuration in IRTE
2023-05-08 9:43 [PATCH 5.15 000/371] 5.15.111-rc1 review Greg Kroah-Hartman
` (50 preceding siblings ...)
2023-05-08 9:44 ` [PATCH 5.15 051/371] tracing: Fix permissions for the buffer_percent file Greg Kroah-Hartman
@ 2023-05-08 9:44 ` Greg Kroah-Hartman
2023-05-08 9:44 ` [PATCH 5.15 053/371] Revert "ubifs: dirty_cow_znode: Fix memleak in error handling path" Greg Kroah-Hartman
` (322 subsequent siblings)
374 siblings, 0 replies; 391+ messages in thread
From: Greg Kroah-Hartman @ 2023-05-08 9:44 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Alejandro Jimenez,
Suravee Suthikulpanit, Kishon Vijay Abraham I, Joerg Roedel
From: Kishon Vijay Abraham I <kvijayab@amd.com>
commit ccc62b827775915a9b82db42a29813d04f92df7a upstream.
commit b9c6ff94e43a ("iommu/amd: Re-factor guest virtual APIC
(de-)activation code") while refactoring guest virtual APIC
activation/de-activation code, stored information for activate/de-activate
in "struct amd_ir_data". It used 32-bit integer data type for storing the
"Guest Virtual APIC Table Root Pointer" (ga_root_ptr), though the
"ga_root_ptr" is actually a 40-bit field in IRTE (Interrupt Remapping
Table Entry).
This causes interrupts from PCIe devices to not reach the guest in the case
of PCIe passthrough with SME (Secure Memory Encryption) enabled as _SME_
bit in the "ga_root_ptr" is lost before writing it to the IRTE.
Fix it by using 64-bit data type for storing the "ga_root_ptr". While at
that also change the data type of "ga_tag" to u32 in order to match
the IOMMU spec.
Fixes: b9c6ff94e43a ("iommu/amd: Re-factor guest virtual APIC (de-)activation code")
Cc: stable@vger.kernel.org # v5.4+
Reported-by: Alejandro Jimenez <alejandro.j.jimenez@oracle.com>
Reviewed-by: Suravee Suthikulpanit <suravee.suthikulpanit@amd.com>
Signed-off-by: Kishon Vijay Abraham I <kvijayab@amd.com>
Link: https://lore.kernel.org/r/20230405130317.9351-1-kvijayab@amd.com
Signed-off-by: Joerg Roedel <jroedel@suse.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/iommu/amd/amd_iommu_types.h | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
--- a/drivers/iommu/amd/amd_iommu_types.h
+++ b/drivers/iommu/amd/amd_iommu_types.h
@@ -918,8 +918,8 @@ struct amd_ir_data {
*/
struct irq_cfg *cfg;
int ga_vector;
- int ga_root_ptr;
- int ga_tag;
+ u64 ga_root_ptr;
+ u32 ga_tag;
};
struct amd_irte_ops {
^ permalink raw reply [flat|nested] 391+ messages in thread
* [PATCH 5.15 053/371] Revert "ubifs: dirty_cow_znode: Fix memleak in error handling path"
2023-05-08 9:43 [PATCH 5.15 000/371] 5.15.111-rc1 review Greg Kroah-Hartman
` (51 preceding siblings ...)
2023-05-08 9:44 ` [PATCH 5.15 052/371] iommu/amd: Fix "Guest Virtual APIC Table Root Pointer" configuration in IRTE Greg Kroah-Hartman
@ 2023-05-08 9:44 ` Greg Kroah-Hartman
2023-05-08 9:44 ` [PATCH 5.15 054/371] ubifs: Fix memleak when insert_old_idx() failed Greg Kroah-Hartman
` (321 subsequent siblings)
374 siblings, 0 replies; 391+ messages in thread
From: Greg Kroah-Hartman @ 2023-05-08 9:44 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Zhihao Cheng, Richard Weinberger
From: Zhihao Cheng <chengzhihao1@huawei.com>
commit 7d01cb27f6aebc54efbe28d8961a973b8f795b13 upstream.
This reverts commit 122deabfe1428 (ubifs: dirty_cow_znode: Fix memleak
in error handling path).
After commit 122deabfe1428 applied, if insert_old_idx() failed, old
index neither exists in TNC nor in old-index tree. Which means that
old index node could be overwritten in layout_leb_in_gaps(), then
ubifs image will be corrupted in power-cut.
Fixes: 122deabfe1428 (ubifs: dirty_cow_znode: Fix memleak ... path)
Cc: stable@vger.kernel.org
Signed-off-by: Zhihao Cheng <chengzhihao1@huawei.com>
Signed-off-by: Richard Weinberger <richard@nod.at>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/ubifs/tnc.c | 9 +--------
1 file changed, 1 insertion(+), 8 deletions(-)
--- a/fs/ubifs/tnc.c
+++ b/fs/ubifs/tnc.c
@@ -267,18 +267,11 @@ static struct ubifs_znode *dirty_cow_zno
if (zbr->len) {
err = insert_old_idx(c, zbr->lnum, zbr->offs);
if (unlikely(err))
- /*
- * Obsolete znodes will be freed by tnc_destroy_cnext()
- * or free_obsolete_znodes(), copied up znodes should
- * be added back to tnc and freed by
- * ubifs_destroy_tnc_subtree().
- */
- goto out;
+ return ERR_PTR(err);
err = add_idx_dirt(c, zbr->lnum, zbr->len);
} else
err = 0;
-out:
zbr->znode = zn;
zbr->lnum = 0;
zbr->offs = 0;
^ permalink raw reply [flat|nested] 391+ messages in thread
* [PATCH 5.15 054/371] ubifs: Fix memleak when insert_old_idx() failed
2023-05-08 9:43 [PATCH 5.15 000/371] 5.15.111-rc1 review Greg Kroah-Hartman
` (52 preceding siblings ...)
2023-05-08 9:44 ` [PATCH 5.15 053/371] Revert "ubifs: dirty_cow_znode: Fix memleak in error handling path" Greg Kroah-Hartman
@ 2023-05-08 9:44 ` Greg Kroah-Hartman
2023-05-08 9:44 ` [PATCH 5.15 055/371] ubi: Fix return value overwrite issue in try_write_vid_and_data() Greg Kroah-Hartman
` (320 subsequent siblings)
374 siblings, 0 replies; 391+ messages in thread
From: Greg Kroah-Hartman @ 2023-05-08 9:44 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Zhihao Cheng, Richard Weinberger
From: Zhihao Cheng <chengzhihao1@huawei.com>
commit b5fda08ef213352ac2df7447611eb4d383cce929 upstream.
Following process will cause a memleak for copied up znode:
dirty_cow_znode
zn = copy_znode(c, znode);
err = insert_old_idx(c, zbr->lnum, zbr->offs);
if (unlikely(err))
return ERR_PTR(err); // No one refers to zn.
Fetch a reproducer in [Link].
Function copy_znode() is split into 2 parts: resource allocation
and znode replacement, insert_old_idx() is split in similar way,
so resource cleanup could be done in error handling path without
corrupting metadata(mem & disk).
It's okay that old index inserting is put behind of add_idx_dirt(),
old index is used in layout_leb_in_gaps(), so the two processes do
not depend on each other.
Link: https://bugzilla.kernel.org/show_bug.cgi?id=216705
Fixes: 1e51764a3c2a ("UBIFS: add new flash file system")
Cc: stable@vger.kernel.org
Signed-off-by: Zhihao Cheng <chengzhihao1@huawei.com>
Signed-off-by: Richard Weinberger <richard@nod.at>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/ubifs/tnc.c | 137 ++++++++++++++++++++++++++++++++++++---------------------
1 file changed, 87 insertions(+), 50 deletions(-)
--- a/fs/ubifs/tnc.c
+++ b/fs/ubifs/tnc.c
@@ -44,6 +44,33 @@ enum {
NOT_ON_MEDIA = 3,
};
+static void do_insert_old_idx(struct ubifs_info *c,
+ struct ubifs_old_idx *old_idx)
+{
+ struct ubifs_old_idx *o;
+ struct rb_node **p, *parent = NULL;
+
+ p = &c->old_idx.rb_node;
+ while (*p) {
+ parent = *p;
+ o = rb_entry(parent, struct ubifs_old_idx, rb);
+ if (old_idx->lnum < o->lnum)
+ p = &(*p)->rb_left;
+ else if (old_idx->lnum > o->lnum)
+ p = &(*p)->rb_right;
+ else if (old_idx->offs < o->offs)
+ p = &(*p)->rb_left;
+ else if (old_idx->offs > o->offs)
+ p = &(*p)->rb_right;
+ else {
+ ubifs_err(c, "old idx added twice!");
+ kfree(old_idx);
+ }
+ }
+ rb_link_node(&old_idx->rb, parent, p);
+ rb_insert_color(&old_idx->rb, &c->old_idx);
+}
+
/**
* insert_old_idx - record an index node obsoleted since the last commit start.
* @c: UBIFS file-system description object
@@ -69,35 +96,15 @@ enum {
*/
static int insert_old_idx(struct ubifs_info *c, int lnum, int offs)
{
- struct ubifs_old_idx *old_idx, *o;
- struct rb_node **p, *parent = NULL;
+ struct ubifs_old_idx *old_idx;
old_idx = kmalloc(sizeof(struct ubifs_old_idx), GFP_NOFS);
if (unlikely(!old_idx))
return -ENOMEM;
old_idx->lnum = lnum;
old_idx->offs = offs;
+ do_insert_old_idx(c, old_idx);
- p = &c->old_idx.rb_node;
- while (*p) {
- parent = *p;
- o = rb_entry(parent, struct ubifs_old_idx, rb);
- if (lnum < o->lnum)
- p = &(*p)->rb_left;
- else if (lnum > o->lnum)
- p = &(*p)->rb_right;
- else if (offs < o->offs)
- p = &(*p)->rb_left;
- else if (offs > o->offs)
- p = &(*p)->rb_right;
- else {
- ubifs_err(c, "old idx added twice!");
- kfree(old_idx);
- return 0;
- }
- }
- rb_link_node(&old_idx->rb, parent, p);
- rb_insert_color(&old_idx->rb, &c->old_idx);
return 0;
}
@@ -199,23 +206,6 @@ static struct ubifs_znode *copy_znode(st
__set_bit(DIRTY_ZNODE, &zn->flags);
__clear_bit(COW_ZNODE, &zn->flags);
- ubifs_assert(c, !ubifs_zn_obsolete(znode));
- __set_bit(OBSOLETE_ZNODE, &znode->flags);
-
- if (znode->level != 0) {
- int i;
- const int n = zn->child_cnt;
-
- /* The children now have new parent */
- for (i = 0; i < n; i++) {
- struct ubifs_zbranch *zbr = &zn->zbranch[i];
-
- if (zbr->znode)
- zbr->znode->parent = zn;
- }
- }
-
- atomic_long_inc(&c->dirty_zn_cnt);
return zn;
}
@@ -234,6 +224,42 @@ static int add_idx_dirt(struct ubifs_inf
}
/**
+ * replace_znode - replace old znode with new znode.
+ * @c: UBIFS file-system description object
+ * @new_zn: new znode
+ * @old_zn: old znode
+ * @zbr: the branch of parent znode
+ *
+ * Replace old znode with new znode in TNC.
+ */
+static void replace_znode(struct ubifs_info *c, struct ubifs_znode *new_zn,
+ struct ubifs_znode *old_zn, struct ubifs_zbranch *zbr)
+{
+ ubifs_assert(c, !ubifs_zn_obsolete(old_zn));
+ __set_bit(OBSOLETE_ZNODE, &old_zn->flags);
+
+ if (old_zn->level != 0) {
+ int i;
+ const int n = new_zn->child_cnt;
+
+ /* The children now have new parent */
+ for (i = 0; i < n; i++) {
+ struct ubifs_zbranch *child = &new_zn->zbranch[i];
+
+ if (child->znode)
+ child->znode->parent = new_zn;
+ }
+ }
+
+ zbr->znode = new_zn;
+ zbr->lnum = 0;
+ zbr->offs = 0;
+ zbr->len = 0;
+
+ atomic_long_inc(&c->dirty_zn_cnt);
+}
+
+/**
* dirty_cow_znode - ensure a znode is not being committed.
* @c: UBIFS file-system description object
* @zbr: branch of znode to check
@@ -265,21 +291,32 @@ static struct ubifs_znode *dirty_cow_zno
return zn;
if (zbr->len) {
- err = insert_old_idx(c, zbr->lnum, zbr->offs);
- if (unlikely(err))
- return ERR_PTR(err);
+ struct ubifs_old_idx *old_idx;
+
+ old_idx = kmalloc(sizeof(struct ubifs_old_idx), GFP_NOFS);
+ if (unlikely(!old_idx)) {
+ err = -ENOMEM;
+ goto out;
+ }
+ old_idx->lnum = zbr->lnum;
+ old_idx->offs = zbr->offs;
+
err = add_idx_dirt(c, zbr->lnum, zbr->len);
- } else
- err = 0;
+ if (err) {
+ kfree(old_idx);
+ goto out;
+ }
- zbr->znode = zn;
- zbr->lnum = 0;
- zbr->offs = 0;
- zbr->len = 0;
+ do_insert_old_idx(c, old_idx);
+ }
+
+ replace_znode(c, zn, znode, zbr);
- if (unlikely(err))
- return ERR_PTR(err);
return zn;
+
+out:
+ kfree(zn);
+ return ERR_PTR(err);
}
/**
^ permalink raw reply [flat|nested] 391+ messages in thread
* [PATCH 5.15 055/371] ubi: Fix return value overwrite issue in try_write_vid_and_data()
2023-05-08 9:43 [PATCH 5.15 000/371] 5.15.111-rc1 review Greg Kroah-Hartman
` (53 preceding siblings ...)
2023-05-08 9:44 ` [PATCH 5.15 054/371] ubifs: Fix memleak when insert_old_idx() failed Greg Kroah-Hartman
@ 2023-05-08 9:44 ` Greg Kroah-Hartman
2023-05-08 9:44 ` [PATCH 5.15 056/371] ubifs: Free memory for tmpfile name Greg Kroah-Hartman
` (319 subsequent siblings)
374 siblings, 0 replies; 391+ messages in thread
From: Greg Kroah-Hartman @ 2023-05-08 9:44 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Wang YanQing, Zhihao Cheng,
Richard Weinberger
From: Wang YanQing <udknight@gmail.com>
commit 31a149d5c13c4cbcf97de3435817263a2d8c9d6e upstream.
The commit 2d78aee426d8 ("UBI: simplify LEB write and atomic LEB change code")
adds helper function, try_write_vid_and_data(), to simplify the code, but this
helper function has bug, it will return 0 (success) when ubi_io_write_vid_hdr()
or the ubi_io_write_data() return error number (-EIO, etc), because the return
value of ubi_wl_put_peb() will overwrite the original return value.
This issue will cause unexpected data loss issue, because the caller of this
function and UBIFS willn't know the data is lost.
Fixes: 2d78aee426d8 ("UBI: simplify LEB write and atomic LEB change code")
Cc: stable@vger.kernel.org
Signed-off-by: Wang YanQing <udknight@gmail.com>
Reviewed-by: Zhihao Cheng <chengzhihao1@huawei.com>
Signed-off-by: Richard Weinberger <richard@nod.at>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/mtd/ubi/eba.c | 19 ++++++++++++++-----
1 file changed, 14 insertions(+), 5 deletions(-)
--- a/drivers/mtd/ubi/eba.c
+++ b/drivers/mtd/ubi/eba.c
@@ -946,7 +946,7 @@ static int try_write_vid_and_data(struct
int offset, int len)
{
struct ubi_device *ubi = vol->ubi;
- int pnum, opnum, err, vol_id = vol->vol_id;
+ int pnum, opnum, err, err2, vol_id = vol->vol_id;
pnum = ubi_wl_get_peb(ubi);
if (pnum < 0) {
@@ -981,10 +981,19 @@ static int try_write_vid_and_data(struct
out_put:
up_read(&ubi->fm_eba_sem);
- if (err && pnum >= 0)
- err = ubi_wl_put_peb(ubi, vol_id, lnum, pnum, 1);
- else if (!err && opnum >= 0)
- err = ubi_wl_put_peb(ubi, vol_id, lnum, opnum, 0);
+ if (err && pnum >= 0) {
+ err2 = ubi_wl_put_peb(ubi, vol_id, lnum, pnum, 1);
+ if (err2) {
+ ubi_warn(ubi, "failed to return physical eraseblock %d, error %d",
+ pnum, err2);
+ }
+ } else if (!err && opnum >= 0) {
+ err2 = ubi_wl_put_peb(ubi, vol_id, lnum, opnum, 0);
+ if (err2) {
+ ubi_warn(ubi, "failed to return physical eraseblock %d, error %d",
+ opnum, err2);
+ }
+ }
return err;
}
^ permalink raw reply [flat|nested] 391+ messages in thread
* [PATCH 5.15 056/371] ubifs: Free memory for tmpfile name
2023-05-08 9:43 [PATCH 5.15 000/371] 5.15.111-rc1 review Greg Kroah-Hartman
` (54 preceding siblings ...)
2023-05-08 9:44 ` [PATCH 5.15 055/371] ubi: Fix return value overwrite issue in try_write_vid_and_data() Greg Kroah-Hartman
@ 2023-05-08 9:44 ` Greg Kroah-Hartman
2023-05-08 9:44 ` [PATCH 5.15 057/371] xfs: dont consider future format versions valid Greg Kroah-Hartman
` (318 subsequent siblings)
374 siblings, 0 replies; 391+ messages in thread
From: Greg Kroah-Hartman @ 2023-05-08 9:44 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Mårten Lindahl, Zhihao Cheng,
Richard Weinberger
From: Mårten Lindahl <marten.lindahl@axis.com>
commit 1fb815b38bb31d6af9bd0540b8652a0d6fe6cfd3 upstream.
When opening a ubifs tmpfile on an encrypted directory, function
fscrypt_setup_filename allocates memory for the name that is to be
stored in the directory entry, but after the name has been copied to the
directory entry inode, the memory is not freed.
When running kmemleak on it we see that it is registered as a leak. The
report below is triggered by a simple program 'tmpfile' just opening a
tmpfile:
unreferenced object 0xffff88810178f380 (size 32):
comm "tmpfile", pid 509, jiffies 4294934744 (age 1524.742s)
backtrace:
__kmem_cache_alloc_node
__kmalloc
fscrypt_setup_filename
ubifs_tmpfile
vfs_tmpfile
path_openat
Free this memory after it has been copied to the inode.
Signed-off-by: Mårten Lindahl <marten.lindahl@axis.com>
Reviewed-by: Zhihao Cheng <chengzhihao1@huawei.com>
Cc: stable@vger.kernel.org
Signed-off-by: Richard Weinberger <richard@nod.at>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/ubifs/dir.c | 1 +
1 file changed, 1 insertion(+)
--- a/fs/ubifs/dir.c
+++ b/fs/ubifs/dir.c
@@ -488,6 +488,7 @@ static int ubifs_tmpfile(struct user_nam
unlock_2_inodes(dir, inode);
ubifs_release_budget(c, &req);
+ fscrypt_free_filename(&nm);
return 0;
^ permalink raw reply [flat|nested] 391+ messages in thread
* [PATCH 5.15 057/371] xfs: dont consider future format versions valid
2023-05-08 9:43 [PATCH 5.15 000/371] 5.15.111-rc1 review Greg Kroah-Hartman
` (55 preceding siblings ...)
2023-05-08 9:44 ` [PATCH 5.15 056/371] ubifs: Free memory for tmpfile name Greg Kroah-Hartman
@ 2023-05-08 9:44 ` Greg Kroah-Hartman
2023-05-08 9:44 ` Greg Kroah-Hartman
` (317 subsequent siblings)
374 siblings, 0 replies; 391+ messages in thread
From: Greg Kroah-Hartman @ 2023-05-08 9:44 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Dave Chinner, Darrick J. Wong, Dave Chinner
From: Dave Chinner <dchinner@redhat.com>
commit aa88019851a85df80cb77f143758b13aee09e3d9 upstream.
In commit fe08cc504448 we reworked the valid superblock version
checks. If it is a V5 filesystem, it is always valid, then we
checked if the version was less than V4 (reject) and then checked
feature fields in the V4 flags to determine if it was valid.
What we missed was that if the version is not V4 at this point,
we shoudl reject the fs. i.e. the check current treats V6+
filesystems as if it was a v4 filesystem. Fix this.
cc: stable@vger.kernel.org
Fixes: fe08cc504448 ("xfs: open code sb verifier feature checks")
Signed-off-by: Dave Chinner <dchinner@redhat.com>
Reviewed-by: Darrick J. Wong <djwong@kernel.org>
Signed-off-by: Dave Chinner <david@fromorbit.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/xfs/libxfs/xfs_sb.c | 11 ++++++-----
1 file changed, 6 insertions(+), 5 deletions(-)
--- a/fs/xfs/libxfs/xfs_sb.c
+++ b/fs/xfs/libxfs/xfs_sb.c
@@ -72,7 +72,8 @@ xfs_sb_validate_v5_features(
}
/*
- * We support all XFS versions newer than a v4 superblock with V2 directories.
+ * We current support XFS v5 formats with known features and v4 superblocks with
+ * at least V2 directories.
*/
bool
xfs_sb_good_version(
@@ -86,16 +87,16 @@ xfs_sb_good_version(
if (xfs_sb_is_v5(sbp))
return xfs_sb_validate_v5_features(sbp);
+ /* versions prior to v4 are not supported */
+ if (XFS_SB_VERSION_NUM(sbp) != XFS_SB_VERSION_4)
+ return false;
+
/* We must not have any unknown v4 feature bits set */
if ((sbp->sb_versionnum & ~XFS_SB_VERSION_OKBITS) ||
((sbp->sb_versionnum & XFS_SB_VERSION_MOREBITSBIT) &&
(sbp->sb_features2 & ~XFS_SB_VERSION2_OKBITS)))
return false;
- /* versions prior to v4 are not supported */
- if (XFS_SB_VERSION_NUM(sbp) < XFS_SB_VERSION_4)
- return false;
-
/* V4 filesystems need v2 directories and unwritten extents */
if (!(sbp->sb_versionnum & XFS_SB_VERSION_DIRV2BIT))
return false;
^ permalink raw reply [flat|nested] 391+ messages in thread
* [PATCH 5.15 058/371] sound/oss/dmasound: fix build when drivers are mixed =y/=m
2023-05-08 9:43 [PATCH 5.15 000/371] 5.15.111-rc1 review Greg Kroah-Hartman
@ 2023-05-08 9:44 ` Greg Kroah-Hartman
2023-05-08 9:43 ` [PATCH 5.15 002/371] ASoC: soc-pcm: fix hw->formats cleared by soc_pcm_hw_init() for dpcm Greg Kroah-Hartman
` (373 subsequent siblings)
374 siblings, 0 replies; 391+ messages in thread
From: Greg Kroah-Hartman @ 2023-05-08 9:44 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Arnd Bergmann, Geert Uytterhoeven,
Randy Dunlap, kernel test robot, Jaroslav Kysela, Takashi Iwai,
alsa-devel, Takashi Iwai
From: Randy Dunlap <rdunlap@infradead.org>
commit 9dd7c46346ca4390f84a7ea9933005eb1b175c15 upstream.
When CONFIG_DMASOUND_ATARI=m and CONFIG_DMASOUND_Q40=y (or vice versa),
dmasound_core.o can be built without dmasound_deinit() being defined,
causing a build error:
ERROR: modpost: "dmasound_deinit" [sound/oss/dmasound/dmasound_atari.ko] undefined!
Modify dmasound_core.c and dmasound.h so that dmasound_deinit() is
always available.
The mixed modes (=y/=m) also mean that several variables and structs
have to be declared in all cases.
Suggested-by: Arnd Bergmann <arnd@arndb.de>
Suggested-by: Geert Uytterhoeven <geert@linux-m68k.org>
Signed-off-by: Randy Dunlap <rdunlap@infradead.org>
Reported-by: kernel test robot <lkp@intel.com>
Link: lore.kernel.org/r/202204032138.EFT9qGEd-lkp@intel.com
Cc: Geert Uytterhoeven <geert@linux-m68k.org>
Cc: Jaroslav Kysela <perex@perex.cz>
Cc: Takashi Iwai <tiwai@suse.com>
Cc: alsa-devel@alsa-project.org
Link: https://lore.kernel.org/r/20220405234118.24830-1-rdunlap@infradead.org
Signed-off-by: Takashi Iwai <tiwai@suse.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
sound/oss/dmasound/dmasound.h | 6 ------
sound/oss/dmasound/dmasound_core.c | 24 +-----------------------
2 files changed, 1 insertion(+), 29 deletions(-)
--- a/sound/oss/dmasound/dmasound.h
+++ b/sound/oss/dmasound/dmasound.h
@@ -88,11 +88,7 @@ static inline int ioctl_return(int __use
*/
extern int dmasound_init(void);
-#ifdef MODULE
extern void dmasound_deinit(void);
-#else
-#define dmasound_deinit() do { } while (0)
-#endif
/* description of the set-up applies to either hard or soft settings */
@@ -114,9 +110,7 @@ typedef struct {
void *(*dma_alloc)(unsigned int, gfp_t);
void (*dma_free)(void *, unsigned int);
int (*irqinit)(void);
-#ifdef MODULE
void (*irqcleanup)(void);
-#endif
void (*init)(void);
void (*silence)(void);
int (*setFormat)(int);
--- a/sound/oss/dmasound/dmasound_core.c
+++ b/sound/oss/dmasound/dmasound_core.c
@@ -206,12 +206,10 @@ module_param(writeBufSize, int, 0);
MODULE_LICENSE("GPL");
-#ifdef MODULE
static int sq_unit = -1;
static int mixer_unit = -1;
static int state_unit = -1;
static int irq_installed;
-#endif /* MODULE */
/* control over who can modify resources shared between play/record */
static fmode_t shared_resource_owner;
@@ -391,9 +389,6 @@ static const struct file_operations mixe
static void mixer_init(void)
{
-#ifndef MODULE
- int mixer_unit;
-#endif
mixer_unit = register_sound_mixer(&mixer_fops, -1);
if (mixer_unit < 0)
return;
@@ -1171,9 +1166,6 @@ static const struct file_operations sq_f
static int sq_init(void)
{
const struct file_operations *fops = &sq_fops;
-#ifndef MODULE
- int sq_unit;
-#endif
sq_unit = register_sound_dsp(fops, -1);
if (sq_unit < 0) {
@@ -1366,9 +1358,6 @@ static const struct file_operations stat
static int state_init(void)
{
-#ifndef MODULE
- int state_unit;
-#endif
state_unit = register_sound_special(&state_fops, SND_DEV_STATUS);
if (state_unit < 0)
return state_unit ;
@@ -1386,10 +1375,9 @@ static int state_init(void)
int dmasound_init(void)
{
int res ;
-#ifdef MODULE
+
if (irq_installed)
return -EBUSY;
-#endif
/* Set up sound queue, /dev/audio and /dev/dsp. */
@@ -1408,9 +1396,7 @@ int dmasound_init(void)
printk(KERN_ERR "DMA sound driver: Interrupt initialization failed\n");
return -ENODEV;
}
-#ifdef MODULE
irq_installed = 1;
-#endif
printk(KERN_INFO "%s DMA sound driver rev %03d installed\n",
dmasound.mach.name, (DMASOUND_CORE_REVISION<<4) +
@@ -1424,8 +1410,6 @@ int dmasound_init(void)
return 0;
}
-#ifdef MODULE
-
void dmasound_deinit(void)
{
if (irq_installed) {
@@ -1444,8 +1428,6 @@ void dmasound_deinit(void)
unregister_sound_dsp(sq_unit);
}
-#else /* !MODULE */
-
static int dmasound_setup(char *str)
{
int ints[6], size;
@@ -1489,8 +1471,6 @@ static int dmasound_setup(char *str)
__setup("dmasound=", dmasound_setup);
-#endif /* !MODULE */
-
/*
* Conversion tables
*/
@@ -1577,9 +1557,7 @@ char dmasound_alaw2dma8[] = {
EXPORT_SYMBOL(dmasound);
EXPORT_SYMBOL(dmasound_init);
-#ifdef MODULE
EXPORT_SYMBOL(dmasound_deinit);
-#endif
EXPORT_SYMBOL(dmasound_write_sq);
EXPORT_SYMBOL(dmasound_catchRadius);
#ifdef HAS_8BIT_TABLES
^ permalink raw reply [flat|nested] 391+ messages in thread
* [PATCH 5.15 058/371] sound/oss/dmasound: fix build when drivers are mixed =y/=m
@ 2023-05-08 9:44 ` Greg Kroah-Hartman
0 siblings, 0 replies; 391+ messages in thread
From: Greg Kroah-Hartman @ 2023-05-08 9:44 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Arnd Bergmann, Geert Uytterhoeven,
Randy Dunlap, kernel test robot, Takashi Iwai, alsa-devel,
Takashi Iwai
From: Randy Dunlap <rdunlap@infradead.org>
commit 9dd7c46346ca4390f84a7ea9933005eb1b175c15 upstream.
When CONFIG_DMASOUND_ATARI=m and CONFIG_DMASOUND_Q40=y (or vice versa),
dmasound_core.o can be built without dmasound_deinit() being defined,
causing a build error:
ERROR: modpost: "dmasound_deinit" [sound/oss/dmasound/dmasound_atari.ko] undefined!
Modify dmasound_core.c and dmasound.h so that dmasound_deinit() is
always available.
The mixed modes (=y/=m) also mean that several variables and structs
have to be declared in all cases.
Suggested-by: Arnd Bergmann <arnd@arndb.de>
Suggested-by: Geert Uytterhoeven <geert@linux-m68k.org>
Signed-off-by: Randy Dunlap <rdunlap@infradead.org>
Reported-by: kernel test robot <lkp@intel.com>
Link: lore.kernel.org/r/202204032138.EFT9qGEd-lkp@intel.com
Cc: Geert Uytterhoeven <geert@linux-m68k.org>
Cc: Jaroslav Kysela <perex@perex.cz>
Cc: Takashi Iwai <tiwai@suse.com>
Cc: alsa-devel@alsa-project.org
Link: https://lore.kernel.org/r/20220405234118.24830-1-rdunlap@infradead.org
Signed-off-by: Takashi Iwai <tiwai@suse.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
sound/oss/dmasound/dmasound.h | 6 ------
sound/oss/dmasound/dmasound_core.c | 24 +-----------------------
2 files changed, 1 insertion(+), 29 deletions(-)
--- a/sound/oss/dmasound/dmasound.h
+++ b/sound/oss/dmasound/dmasound.h
@@ -88,11 +88,7 @@ static inline int ioctl_return(int __use
*/
extern int dmasound_init(void);
-#ifdef MODULE
extern void dmasound_deinit(void);
-#else
-#define dmasound_deinit() do { } while (0)
-#endif
/* description of the set-up applies to either hard or soft settings */
@@ -114,9 +110,7 @@ typedef struct {
void *(*dma_alloc)(unsigned int, gfp_t);
void (*dma_free)(void *, unsigned int);
int (*irqinit)(void);
-#ifdef MODULE
void (*irqcleanup)(void);
-#endif
void (*init)(void);
void (*silence)(void);
int (*setFormat)(int);
--- a/sound/oss/dmasound/dmasound_core.c
+++ b/sound/oss/dmasound/dmasound_core.c
@@ -206,12 +206,10 @@ module_param(writeBufSize, int, 0);
MODULE_LICENSE("GPL");
-#ifdef MODULE
static int sq_unit = -1;
static int mixer_unit = -1;
static int state_unit = -1;
static int irq_installed;
-#endif /* MODULE */
/* control over who can modify resources shared between play/record */
static fmode_t shared_resource_owner;
@@ -391,9 +389,6 @@ static const struct file_operations mixe
static void mixer_init(void)
{
-#ifndef MODULE
- int mixer_unit;
-#endif
mixer_unit = register_sound_mixer(&mixer_fops, -1);
if (mixer_unit < 0)
return;
@@ -1171,9 +1166,6 @@ static const struct file_operations sq_f
static int sq_init(void)
{
const struct file_operations *fops = &sq_fops;
-#ifndef MODULE
- int sq_unit;
-#endif
sq_unit = register_sound_dsp(fops, -1);
if (sq_unit < 0) {
@@ -1366,9 +1358,6 @@ static const struct file_operations stat
static int state_init(void)
{
-#ifndef MODULE
- int state_unit;
-#endif
state_unit = register_sound_special(&state_fops, SND_DEV_STATUS);
if (state_unit < 0)
return state_unit ;
@@ -1386,10 +1375,9 @@ static int state_init(void)
int dmasound_init(void)
{
int res ;
-#ifdef MODULE
+
if (irq_installed)
return -EBUSY;
-#endif
/* Set up sound queue, /dev/audio and /dev/dsp. */
@@ -1408,9 +1396,7 @@ int dmasound_init(void)
printk(KERN_ERR "DMA sound driver: Interrupt initialization failed\n");
return -ENODEV;
}
-#ifdef MODULE
irq_installed = 1;
-#endif
printk(KERN_INFO "%s DMA sound driver rev %03d installed\n",
dmasound.mach.name, (DMASOUND_CORE_REVISION<<4) +
@@ -1424,8 +1410,6 @@ int dmasound_init(void)
return 0;
}
-#ifdef MODULE
-
void dmasound_deinit(void)
{
if (irq_installed) {
@@ -1444,8 +1428,6 @@ void dmasound_deinit(void)
unregister_sound_dsp(sq_unit);
}
-#else /* !MODULE */
-
static int dmasound_setup(char *str)
{
int ints[6], size;
@@ -1489,8 +1471,6 @@ static int dmasound_setup(char *str)
__setup("dmasound=", dmasound_setup);
-#endif /* !MODULE */
-
/*
* Conversion tables
*/
@@ -1577,9 +1557,7 @@ char dmasound_alaw2dma8[] = {
EXPORT_SYMBOL(dmasound);
EXPORT_SYMBOL(dmasound_init);
-#ifdef MODULE
EXPORT_SYMBOL(dmasound_deinit);
-#endif
EXPORT_SYMBOL(dmasound_write_sq);
EXPORT_SYMBOL(dmasound_catchRadius);
#ifdef HAS_8BIT_TABLES
^ permalink raw reply [flat|nested] 391+ messages in thread
* [PATCH 5.15 059/371] rcu: Fix missing TICK_DEP_MASK_RCU_EXP dependency check
2023-05-08 9:43 [PATCH 5.15 000/371] 5.15.111-rc1 review Greg Kroah-Hartman
` (57 preceding siblings ...)
2023-05-08 9:44 ` Greg Kroah-Hartman
@ 2023-05-08 9:44 ` Greg Kroah-Hartman
2023-05-08 9:44 ` [PATCH 5.15 060/371] selftests/resctrl: Return NULL if malloc_and_init_memory() did not alloc mem Greg Kroah-Hartman
` (315 subsequent siblings)
374 siblings, 0 replies; 391+ messages in thread
From: Greg Kroah-Hartman @ 2023-05-08 9:44 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Zqiang, Steven Rostedt,
Masami Hiramatsu, Frederic Weisbecker, Thomas Gleixner,
Ingo Molnar, Anna-Maria Behnsen, Frederic Weisbecker,
Paul E. McKenney, Joel Fernandes (Google),
Sasha Levin
From: Zqiang <qiang1.zhang@intel.com>
[ Upstream commit db7b464df9d820186e98a65aa6a10f0d51fbf8ce ]
This commit adds checks for the TICK_DEP_MASK_RCU_EXP bit, thus enabling
RCU expedited grace periods to actually force-enable scheduling-clock
interrupts on holdout CPUs.
Fixes: df1e849ae455 ("rcu: Enable tick for nohz_full CPUs slow to provide expedited QS")
Signed-off-by: Zqiang <qiang1.zhang@intel.com>
Cc: Steven Rostedt <rostedt@goodmis.org>
Cc: Masami Hiramatsu <mhiramat@kernel.org>
Cc: Frederic Weisbecker <fweisbec@gmail.com>
Cc: Thomas Gleixner <tglx@linutronix.de>
Cc: Ingo Molnar <mingo@kernel.org>
Cc: Anna-Maria Behnsen <anna-maria@linutronix.de>
Acked-by: Frederic Weisbecker <frederic@kernel.org>
Signed-off-by: Paul E. McKenney <paulmck@kernel.org>
Signed-off-by: Joel Fernandes (Google) <joel@joelfernandes.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
include/trace/events/timer.h | 3 ++-
kernel/time/tick-sched.c | 5 +++++
2 files changed, 7 insertions(+), 1 deletion(-)
diff --git a/include/trace/events/timer.h b/include/trace/events/timer.h
index 6ad031c71be74..1cf012de6442e 100644
--- a/include/trace/events/timer.h
+++ b/include/trace/events/timer.h
@@ -368,7 +368,8 @@ TRACE_EVENT(itimer_expire,
tick_dep_name(PERF_EVENTS) \
tick_dep_name(SCHED) \
tick_dep_name(CLOCK_UNSTABLE) \
- tick_dep_name_end(RCU)
+ tick_dep_name(RCU) \
+ tick_dep_name_end(RCU_EXP)
#undef tick_dep_name
#undef tick_dep_mask_name
diff --git a/kernel/time/tick-sched.c b/kernel/time/tick-sched.c
index 63e3e8ebcd643..e014927c82e76 100644
--- a/kernel/time/tick-sched.c
+++ b/kernel/time/tick-sched.c
@@ -264,6 +264,11 @@ static bool check_tick_dependency(atomic_t *dep)
return true;
}
+ if (val & TICK_DEP_MASK_RCU_EXP) {
+ trace_tick_stop(0, TICK_DEP_MASK_RCU_EXP);
+ return true;
+ }
+
return false;
}
--
2.39.2
^ permalink raw reply related [flat|nested] 391+ messages in thread
* [PATCH 5.15 060/371] selftests/resctrl: Return NULL if malloc_and_init_memory() did not alloc mem
2023-05-08 9:43 [PATCH 5.15 000/371] 5.15.111-rc1 review Greg Kroah-Hartman
` (58 preceding siblings ...)
2023-05-08 9:44 ` [PATCH 5.15 059/371] rcu: Fix missing TICK_DEP_MASK_RCU_EXP dependency check Greg Kroah-Hartman
@ 2023-05-08 9:44 ` Greg Kroah-Hartman
2023-05-08 9:44 ` [PATCH 5.15 061/371] selftests/resctrl: Extend CPU vendor detection Greg Kroah-Hartman
` (314 subsequent siblings)
374 siblings, 0 replies; 391+ messages in thread
From: Greg Kroah-Hartman @ 2023-05-08 9:44 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Fenghua Yu, Ilpo Järvinen,
Reinette Chatre, Shuah Khan, Sasha Levin
From: Ilpo Järvinen <ilpo.jarvinen@linux.intel.com>
[ Upstream commit 22a8be280383812235131dda18a8212a59fadd2d ]
malloc_and_init_memory() in fill_buf isn't checking if memalign()
successfully allocated memory or not before accessing the memory.
Check the return value of memalign() and return NULL if allocating
aligned memory fails.
Fixes: a2561b12fe39 ("selftests/resctrl: Add built in benchmark")
Co-developed-by: Fenghua Yu <fenghua.yu@intel.com>
Signed-off-by: Fenghua Yu <fenghua.yu@intel.com>
Signed-off-by: Ilpo Järvinen <ilpo.jarvinen@linux.intel.com>
Reviewed-by: Reinette Chatre <reinette.chatre@intel.com>
Signed-off-by: Shuah Khan <skhan@linuxfoundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
tools/testing/selftests/resctrl/fill_buf.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/tools/testing/selftests/resctrl/fill_buf.c b/tools/testing/selftests/resctrl/fill_buf.c
index 56ccbeae0638d..c20d0a7ecbe63 100644
--- a/tools/testing/selftests/resctrl/fill_buf.c
+++ b/tools/testing/selftests/resctrl/fill_buf.c
@@ -68,6 +68,8 @@ static void *malloc_and_init_memory(size_t s)
size_t s64;
void *p = memalign(PAGE_SIZE, s);
+ if (!p)
+ return NULL;
p64 = (uint64_t *)p;
s64 = s / sizeof(uint64_t);
--
2.39.2
^ permalink raw reply related [flat|nested] 391+ messages in thread
* [PATCH 5.15 061/371] selftests/resctrl: Extend CPU vendor detection
2023-05-08 9:43 [PATCH 5.15 000/371] 5.15.111-rc1 review Greg Kroah-Hartman
` (59 preceding siblings ...)
2023-05-08 9:44 ` [PATCH 5.15 060/371] selftests/resctrl: Return NULL if malloc_and_init_memory() did not alloc mem Greg Kroah-Hartman
@ 2023-05-08 9:44 ` Greg Kroah-Hartman
2023-05-08 9:44 ` [PATCH 5.15 062/371] selftests/resctrl: Move ->setup() call outside of test specific branches Greg Kroah-Hartman
` (313 subsequent siblings)
374 siblings, 0 replies; 391+ messages in thread
From: Greg Kroah-Hartman @ 2023-05-08 9:44 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Shaopeng Tan, Reinette Chatre,
Shuah Khan, Sasha Levin
From: Shaopeng Tan <tan.shaopeng@jp.fujitsu.com>
[ Upstream commit 6220f69e72a534838cffd84dce6afd777777be03 ]
Currently, the resctrl_tests only has a function to detect AMD vendor.
Since when the Intel Sub-NUMA Clustering feature is enabled,
Intel CMT and MBM counters may not be accurate,
the resctrl_tests also need a function to detect Intel vendor.
And in the future, resctrl_tests will need a function to detect different
vendors, such as Arm.
Extend the function to detect Intel vendor as well. Also,
this function can be easily extended to detect other vendors.
Signed-off-by: Shaopeng Tan <tan.shaopeng@jp.fujitsu.com>
Reviewed-by: Reinette Chatre <reinette.chatre@intel.com>
Reviewed-by: Shuah Khan <skhan@linuxfoundation.org>
Signed-off-by: Shuah Khan <skhan@linuxfoundation.org>
Stable-dep-of: fa10366cc6f4 ("selftests/resctrl: Allow ->setup() to return errors")
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
tools/testing/selftests/resctrl/cat_test.c | 2 +-
tools/testing/selftests/resctrl/resctrl.h | 5 ++-
.../testing/selftests/resctrl/resctrl_tests.c | 41 ++++++++++++-------
tools/testing/selftests/resctrl/resctrlfs.c | 2 +-
4 files changed, 33 insertions(+), 17 deletions(-)
diff --git a/tools/testing/selftests/resctrl/cat_test.c b/tools/testing/selftests/resctrl/cat_test.c
index cd4f68388e0f6..1c5e90c632548 100644
--- a/tools/testing/selftests/resctrl/cat_test.c
+++ b/tools/testing/selftests/resctrl/cat_test.c
@@ -89,7 +89,7 @@ static int check_results(struct resctrl_val_param *param)
return show_cache_info(sum_llc_perf_miss, no_of_bits, param->span / 64,
MAX_DIFF, MAX_DIFF_PERCENT, NUM_OF_RUNS,
- !is_amd, false);
+ get_vendor() == ARCH_INTEL, false);
}
void cat_test_cleanup(void)
diff --git a/tools/testing/selftests/resctrl/resctrl.h b/tools/testing/selftests/resctrl/resctrl.h
index 1ad10c47e31d1..f0ded31fb3c7c 100644
--- a/tools/testing/selftests/resctrl/resctrl.h
+++ b/tools/testing/selftests/resctrl/resctrl.h
@@ -34,6 +34,9 @@
#define L3_MON_PATH "/sys/fs/resctrl/info/L3_MON"
#define L3_MON_FEATURES_PATH "/sys/fs/resctrl/info/L3_MON/mon_features"
+#define ARCH_INTEL 1
+#define ARCH_AMD 2
+
#define PARENT_EXIT(err_msg) \
do { \
perror(err_msg); \
@@ -75,8 +78,8 @@ struct resctrl_val_param {
extern pid_t bm_pid, ppid;
extern char llc_occup_path[1024];
-extern bool is_amd;
+int get_vendor(void);
bool check_resctrlfs_support(void);
int filter_dmesg(void);
int remount_resctrlfs(bool mum_resctrlfs);
diff --git a/tools/testing/selftests/resctrl/resctrl_tests.c b/tools/testing/selftests/resctrl/resctrl_tests.c
index 973f09a66e1ee..3e7cdf1125df4 100644
--- a/tools/testing/selftests/resctrl/resctrl_tests.c
+++ b/tools/testing/selftests/resctrl/resctrl_tests.c
@@ -13,25 +13,41 @@
#define BENCHMARK_ARGS 64
#define BENCHMARK_ARG_SIZE 64
-bool is_amd;
-
-void detect_amd(void)
+static int detect_vendor(void)
{
FILE *inf = fopen("/proc/cpuinfo", "r");
+ int vendor_id = 0;
+ char *s = NULL;
char *res;
if (!inf)
- return;
+ return vendor_id;
res = fgrep(inf, "vendor_id");
- if (res) {
- char *s = strchr(res, ':');
+ if (res)
+ s = strchr(res, ':');
+
+ if (s && !strcmp(s, ": GenuineIntel\n"))
+ vendor_id = ARCH_INTEL;
+ else if (s && !strcmp(s, ": AuthenticAMD\n"))
+ vendor_id = ARCH_AMD;
- is_amd = s && !strcmp(s, ": AuthenticAMD\n");
- free(res);
- }
fclose(inf);
+ free(res);
+ return vendor_id;
+}
+
+int get_vendor(void)
+{
+ static int vendor = -1;
+
+ if (vendor == -1)
+ vendor = detect_vendor();
+ if (vendor == 0)
+ ksft_print_msg("Can not get vendor info...\n");
+
+ return vendor;
}
static void cmd_help(void)
@@ -207,9 +223,6 @@ int main(int argc, char **argv)
if (geteuid() != 0)
return ksft_exit_fail_msg("Not running as root, abort testing.\n");
- /* Detect AMD vendor */
- detect_amd();
-
if (has_ben) {
/* Extract benchmark command from command line. */
for (i = ben_ind; i < argc; i++) {
@@ -241,10 +254,10 @@ int main(int argc, char **argv)
ksft_set_plan(tests ? : 4);
- if (!is_amd && mbm_test)
+ if ((get_vendor() == ARCH_INTEL) && mbm_test)
run_mbm_test(has_ben, benchmark_cmd, span, cpu_no, bw_report);
- if (!is_amd && mba_test)
+ if ((get_vendor() == ARCH_INTEL) && mba_test)
run_mba_test(has_ben, benchmark_cmd, span, cpu_no, bw_report);
if (cmt_test)
diff --git a/tools/testing/selftests/resctrl/resctrlfs.c b/tools/testing/selftests/resctrl/resctrlfs.c
index 5f5a166ade60a..6f543e470ad4a 100644
--- a/tools/testing/selftests/resctrl/resctrlfs.c
+++ b/tools/testing/selftests/resctrl/resctrlfs.c
@@ -106,7 +106,7 @@ int get_resource_id(int cpu_no, int *resource_id)
char phys_pkg_path[1024];
FILE *fp;
- if (is_amd)
+ if (get_vendor() == ARCH_AMD)
sprintf(phys_pkg_path, "%s%d/cache/index3/id",
PHYS_ID_PATH, cpu_no);
else
--
2.39.2
^ permalink raw reply related [flat|nested] 391+ messages in thread
* [PATCH 5.15 062/371] selftests/resctrl: Move ->setup() call outside of test specific branches
2023-05-08 9:43 [PATCH 5.15 000/371] 5.15.111-rc1 review Greg Kroah-Hartman
` (60 preceding siblings ...)
2023-05-08 9:44 ` [PATCH 5.15 061/371] selftests/resctrl: Extend CPU vendor detection Greg Kroah-Hartman
@ 2023-05-08 9:44 ` Greg Kroah-Hartman
2023-05-08 9:44 ` [PATCH 5.15 063/371] selftests/resctrl: Allow ->setup() to return errors Greg Kroah-Hartman
` (312 subsequent siblings)
374 siblings, 0 replies; 391+ messages in thread
From: Greg Kroah-Hartman @ 2023-05-08 9:44 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Fenghua Yu, Ilpo Järvinen,
Reinette Chatre, Shuah Khan, Sasha Levin
From: Ilpo Järvinen <ilpo.jarvinen@linux.intel.com>
[ Upstream commit c90b3b588e369c20087699316259fa5ebbb16f2d ]
resctrl_val() function is called only by MBM, MBA, and CMT tests which
means the else branch is never used.
Both test branches call param->setup().
Remove the unused else branch and place the ->setup() call outside of
the test specific branches reducing code duplication.
Co-developed-by: Fenghua Yu <fenghua.yu@intel.com>
Signed-off-by: Fenghua Yu <fenghua.yu@intel.com>
Signed-off-by: Ilpo Järvinen <ilpo.jarvinen@linux.intel.com>
Reviewed-by: Reinette Chatre <reinette.chatre@intel.com>
Signed-off-by: Shuah Khan <skhan@linuxfoundation.org>
Stable-dep-of: fa10366cc6f4 ("selftests/resctrl: Allow ->setup() to return errors")
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
tools/testing/selftests/resctrl/resctrl_val.c | 19 ++++++-------------
1 file changed, 6 insertions(+), 13 deletions(-)
diff --git a/tools/testing/selftests/resctrl/resctrl_val.c b/tools/testing/selftests/resctrl/resctrl_val.c
index 95224345c78e7..dd907809d0b29 100644
--- a/tools/testing/selftests/resctrl/resctrl_val.c
+++ b/tools/testing/selftests/resctrl/resctrl_val.c
@@ -733,29 +733,22 @@ int resctrl_val(char **benchmark_cmd, struct resctrl_val_param *param)
/* Test runs until the callback setup() tells the test to stop. */
while (1) {
+ ret = param->setup(1, param);
+ if (ret) {
+ ret = 0;
+ break;
+ }
+
if (!strncmp(resctrl_val, MBM_STR, sizeof(MBM_STR)) ||
!strncmp(resctrl_val, MBA_STR, sizeof(MBA_STR))) {
- ret = param->setup(1, param);
- if (ret) {
- ret = 0;
- break;
- }
-
ret = measure_vals(param, &bw_resc_start);
if (ret)
break;
} else if (!strncmp(resctrl_val, CMT_STR, sizeof(CMT_STR))) {
- ret = param->setup(1, param);
- if (ret) {
- ret = 0;
- break;
- }
sleep(1);
ret = measure_cache_vals(param, bm_pid);
if (ret)
break;
- } else {
- break;
}
}
--
2.39.2
^ permalink raw reply related [flat|nested] 391+ messages in thread
* [PATCH 5.15 063/371] selftests/resctrl: Allow ->setup() to return errors
2023-05-08 9:43 [PATCH 5.15 000/371] 5.15.111-rc1 review Greg Kroah-Hartman
` (61 preceding siblings ...)
2023-05-08 9:44 ` [PATCH 5.15 062/371] selftests/resctrl: Move ->setup() call outside of test specific branches Greg Kroah-Hartman
@ 2023-05-08 9:44 ` Greg Kroah-Hartman
2023-05-08 9:44 ` [PATCH 5.15 064/371] selftests/resctrl: Check for return value after write_schemata() Greg Kroah-Hartman
` (311 subsequent siblings)
374 siblings, 0 replies; 391+ messages in thread
From: Greg Kroah-Hartman @ 2023-05-08 9:44 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Ilpo Järvinen, Reinette Chatre,
Shuah Khan, Sasha Levin
From: Ilpo Järvinen <ilpo.jarvinen@linux.intel.com>
[ Upstream commit fa10366cc6f4cc862871f8938426d85c2481f084 ]
resctrl_val() assumes ->setup() always returns either 0 to continue
tests or < 0 in case of the normal termination of tests after x runs.
The latter overlaps with normal error returns.
Define END_OF_TESTS (=1) to differentiate the normal termination of
tests and return errors as negative values. Alter callers of ->setup()
to handle errors properly.
Fixes: 790bf585b0ee ("selftests/resctrl: Add Cache Allocation Technology (CAT) selftest")
Fixes: ecdbb911f22d ("selftests/resctrl: Add MBM test")
Signed-off-by: Ilpo Järvinen <ilpo.jarvinen@linux.intel.com>
Reviewed-by: Reinette Chatre <reinette.chatre@intel.com>
Signed-off-by: Shuah Khan <skhan@linuxfoundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
tools/testing/selftests/resctrl/cache.c | 4 +++-
tools/testing/selftests/resctrl/cat_test.c | 2 +-
tools/testing/selftests/resctrl/cmt_test.c | 2 +-
tools/testing/selftests/resctrl/mba_test.c | 2 +-
tools/testing/selftests/resctrl/mbm_test.c | 2 +-
tools/testing/selftests/resctrl/resctrl.h | 2 ++
tools/testing/selftests/resctrl/resctrl_val.c | 4 +++-
7 files changed, 12 insertions(+), 6 deletions(-)
diff --git a/tools/testing/selftests/resctrl/cache.c b/tools/testing/selftests/resctrl/cache.c
index 68ff856d36f0b..0485863a169f2 100644
--- a/tools/testing/selftests/resctrl/cache.c
+++ b/tools/testing/selftests/resctrl/cache.c
@@ -244,10 +244,12 @@ int cat_val(struct resctrl_val_param *param)
while (1) {
if (!strncmp(resctrl_val, CAT_STR, sizeof(CAT_STR))) {
ret = param->setup(1, param);
- if (ret) {
+ if (ret == END_OF_TESTS) {
ret = 0;
break;
}
+ if (ret < 0)
+ break;
ret = reset_enable_llc_perf(bm_pid, param->cpu_no);
if (ret)
break;
diff --git a/tools/testing/selftests/resctrl/cat_test.c b/tools/testing/selftests/resctrl/cat_test.c
index 1c5e90c632548..2d3c7c77ab6cb 100644
--- a/tools/testing/selftests/resctrl/cat_test.c
+++ b/tools/testing/selftests/resctrl/cat_test.c
@@ -40,7 +40,7 @@ static int cat_setup(int num, ...)
/* Run NUM_OF_RUNS times */
if (p->num_of_runs >= NUM_OF_RUNS)
- return -1;
+ return END_OF_TESTS;
if (p->num_of_runs == 0) {
sprintf(schemata, "%lx", p->mask);
diff --git a/tools/testing/selftests/resctrl/cmt_test.c b/tools/testing/selftests/resctrl/cmt_test.c
index 8968e36db99d7..3b0454e7fc826 100644
--- a/tools/testing/selftests/resctrl/cmt_test.c
+++ b/tools/testing/selftests/resctrl/cmt_test.c
@@ -32,7 +32,7 @@ static int cmt_setup(int num, ...)
/* Run NUM_OF_RUNS times */
if (p->num_of_runs >= NUM_OF_RUNS)
- return -1;
+ return END_OF_TESTS;
p->num_of_runs++;
diff --git a/tools/testing/selftests/resctrl/mba_test.c b/tools/testing/selftests/resctrl/mba_test.c
index 1a1bdb6180cf2..f32289ae17aeb 100644
--- a/tools/testing/selftests/resctrl/mba_test.c
+++ b/tools/testing/selftests/resctrl/mba_test.c
@@ -41,7 +41,7 @@ static int mba_setup(int num, ...)
return 0;
if (allocation < ALLOCATION_MIN || allocation > ALLOCATION_MAX)
- return -1;
+ return END_OF_TESTS;
sprintf(allocation_str, "%d", allocation);
diff --git a/tools/testing/selftests/resctrl/mbm_test.c b/tools/testing/selftests/resctrl/mbm_test.c
index 8392e5c55ed02..280187628054d 100644
--- a/tools/testing/selftests/resctrl/mbm_test.c
+++ b/tools/testing/selftests/resctrl/mbm_test.c
@@ -95,7 +95,7 @@ static int mbm_setup(int num, ...)
/* Run NUM_OF_RUNS times */
if (num_of_runs++ >= NUM_OF_RUNS)
- return -1;
+ return END_OF_TESTS;
va_start(param, num);
p = va_arg(param, struct resctrl_val_param *);
diff --git a/tools/testing/selftests/resctrl/resctrl.h b/tools/testing/selftests/resctrl/resctrl.h
index f0ded31fb3c7c..f44fa2de4d986 100644
--- a/tools/testing/selftests/resctrl/resctrl.h
+++ b/tools/testing/selftests/resctrl/resctrl.h
@@ -37,6 +37,8 @@
#define ARCH_INTEL 1
#define ARCH_AMD 2
+#define END_OF_TESTS 1
+
#define PARENT_EXIT(err_msg) \
do { \
perror(err_msg); \
diff --git a/tools/testing/selftests/resctrl/resctrl_val.c b/tools/testing/selftests/resctrl/resctrl_val.c
index dd907809d0b29..02110e7ee6361 100644
--- a/tools/testing/selftests/resctrl/resctrl_val.c
+++ b/tools/testing/selftests/resctrl/resctrl_val.c
@@ -734,10 +734,12 @@ int resctrl_val(char **benchmark_cmd, struct resctrl_val_param *param)
/* Test runs until the callback setup() tells the test to stop. */
while (1) {
ret = param->setup(1, param);
- if (ret) {
+ if (ret == END_OF_TESTS) {
ret = 0;
break;
}
+ if (ret < 0)
+ break;
if (!strncmp(resctrl_val, MBM_STR, sizeof(MBM_STR)) ||
!strncmp(resctrl_val, MBA_STR, sizeof(MBA_STR))) {
--
2.39.2
^ permalink raw reply related [flat|nested] 391+ messages in thread
* [PATCH 5.15 064/371] selftests/resctrl: Check for return value after write_schemata()
2023-05-08 9:43 [PATCH 5.15 000/371] 5.15.111-rc1 review Greg Kroah-Hartman
` (62 preceding siblings ...)
2023-05-08 9:44 ` [PATCH 5.15 063/371] selftests/resctrl: Allow ->setup() to return errors Greg Kroah-Hartman
@ 2023-05-08 9:44 ` Greg Kroah-Hartman
2023-05-08 9:44 ` [PATCH 5.15 065/371] selinux: fix Makefile dependencies of flask.h Greg Kroah-Hartman
` (310 subsequent siblings)
374 siblings, 0 replies; 391+ messages in thread
From: Greg Kroah-Hartman @ 2023-05-08 9:44 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Fenghua Yu, Ilpo Järvinen,
Reinette Chatre, Shuah Khan, Sasha Levin
From: Ilpo Järvinen <ilpo.jarvinen@linux.intel.com>
[ Upstream commit 0d45c83b95da414e98ad333e723141a94f6e2c64 ]
MBA test case writes schemata but it does not check if the write is
successful or not.
Add the error check and return error properly.
Fixes: 01fee6b4d1f9 ("selftests/resctrl: Add MBA test")
Co-developed-by: Fenghua Yu <fenghua.yu@intel.com>
Signed-off-by: Fenghua Yu <fenghua.yu@intel.com>
Signed-off-by: Ilpo Järvinen <ilpo.jarvinen@linux.intel.com>
Reviewed-by: Reinette Chatre <reinette.chatre@intel.com>
Signed-off-by: Shuah Khan <skhan@linuxfoundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
tools/testing/selftests/resctrl/mba_test.c | 7 ++++++-
1 file changed, 6 insertions(+), 1 deletion(-)
diff --git a/tools/testing/selftests/resctrl/mba_test.c b/tools/testing/selftests/resctrl/mba_test.c
index f32289ae17aeb..97dc98c0c9497 100644
--- a/tools/testing/selftests/resctrl/mba_test.c
+++ b/tools/testing/selftests/resctrl/mba_test.c
@@ -28,6 +28,7 @@ static int mba_setup(int num, ...)
struct resctrl_val_param *p;
char allocation_str[64];
va_list param;
+ int ret;
va_start(param, num);
p = va_arg(param, struct resctrl_val_param *);
@@ -45,7 +46,11 @@ static int mba_setup(int num, ...)
sprintf(allocation_str, "%d", allocation);
- write_schemata(p->ctrlgrp, allocation_str, p->cpu_no, p->resctrl_val);
+ ret = write_schemata(p->ctrlgrp, allocation_str, p->cpu_no,
+ p->resctrl_val);
+ if (ret < 0)
+ return ret;
+
allocation -= ALLOCATION_STEP;
return 0;
--
2.39.2
^ permalink raw reply related [flat|nested] 391+ messages in thread
* [PATCH 5.15 065/371] selinux: fix Makefile dependencies of flask.h
2023-05-08 9:43 [PATCH 5.15 000/371] 5.15.111-rc1 review Greg Kroah-Hartman
` (63 preceding siblings ...)
2023-05-08 9:44 ` [PATCH 5.15 064/371] selftests/resctrl: Check for return value after write_schemata() Greg Kroah-Hartman
@ 2023-05-08 9:44 ` Greg Kroah-Hartman
2023-05-08 9:44 ` [PATCH 5.15 066/371] selinux: ensure av_permissions.h is built when needed Greg Kroah-Hartman
` (309 subsequent siblings)
374 siblings, 0 replies; 391+ messages in thread
From: Greg Kroah-Hartman @ 2023-05-08 9:44 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Ondrej Mosnacek, Stephen Smalley,
Paul Moore, Sasha Levin
From: Ondrej Mosnacek <omosnace@redhat.com>
[ Upstream commit bcab1adeaad4b39a1e04cb98979a367d08253f03 ]
Make the flask.h target depend on the genheaders binary instead of
classmap.h to ensure that it is rebuilt if any of the dependencies of
genheaders are changed.
Notably this fixes flask.h not being rebuilt when
initial_sid_to_string.h is modified.
Fixes: 8753f6bec352 ("selinux: generate flask headers during kernel build")
Signed-off-by: Ondrej Mosnacek <omosnace@redhat.com>
Acked-by: Stephen Smalley <stephen.smalley.work@gmail.com>
Signed-off-by: Paul Moore <paul@paul-moore.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
security/selinux/Makefile | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/security/selinux/Makefile b/security/selinux/Makefile
index 7761624448826..103c2776478a7 100644
--- a/security/selinux/Makefile
+++ b/security/selinux/Makefile
@@ -23,8 +23,8 @@ ccflags-y := -I$(srctree)/security/selinux -I$(srctree)/security/selinux/include
$(addprefix $(obj)/,$(selinux-y)): $(obj)/flask.h
quiet_cmd_flask = GEN $(obj)/flask.h $(obj)/av_permissions.h
- cmd_flask = scripts/selinux/genheaders/genheaders $(obj)/flask.h $(obj)/av_permissions.h
+ cmd_flask = $< $(obj)/flask.h $(obj)/av_permissions.h
targets += flask.h av_permissions.h
-$(obj)/flask.h: $(src)/include/classmap.h FORCE
+$(obj)/flask.h: scripts/selinux/genheaders/genheaders FORCE
$(call if_changed,flask)
--
2.39.2
^ permalink raw reply related [flat|nested] 391+ messages in thread
* [PATCH 5.15 066/371] selinux: ensure av_permissions.h is built when needed
2023-05-08 9:43 [PATCH 5.15 000/371] 5.15.111-rc1 review Greg Kroah-Hartman
` (64 preceding siblings ...)
2023-05-08 9:44 ` [PATCH 5.15 065/371] selinux: fix Makefile dependencies of flask.h Greg Kroah-Hartman
@ 2023-05-08 9:44 ` Greg Kroah-Hartman
2023-05-08 9:44 ` [PATCH 5.15 067/371] tpm, tpm_tis: Do not skip reset of original interrupt vector Greg Kroah-Hartman
` (308 subsequent siblings)
374 siblings, 0 replies; 391+ messages in thread
From: Greg Kroah-Hartman @ 2023-05-08 9:44 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Paul Moore, Sasha Levin
From: Paul Moore <paul@paul-moore.com>
[ Upstream commit 4ce1f694eb5d8ca607fed8542d32a33b4f1217a5 ]
The Makefile rule responsible for building flask.h and
av_permissions.h only lists flask.h as a target which means that
av_permissions.h is only generated when flask.h needs to be
generated. This patch fixes this by adding av_permissions.h as a
target to the rule.
Fixes: 8753f6bec352 ("selinux: generate flask headers during kernel build")
Signed-off-by: Paul Moore <paul@paul-moore.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
security/selinux/Makefile | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/security/selinux/Makefile b/security/selinux/Makefile
index 103c2776478a7..0aecf9334ec31 100644
--- a/security/selinux/Makefile
+++ b/security/selinux/Makefile
@@ -26,5 +26,5 @@ quiet_cmd_flask = GEN $(obj)/flask.h $(obj)/av_permissions.h
cmd_flask = $< $(obj)/flask.h $(obj)/av_permissions.h
targets += flask.h av_permissions.h
-$(obj)/flask.h: scripts/selinux/genheaders/genheaders FORCE
+$(obj)/flask.h $(obj)/av_permissions.h &: scripts/selinux/genheaders/genheaders FORCE
$(call if_changed,flask)
--
2.39.2
^ permalink raw reply related [flat|nested] 391+ messages in thread
* [PATCH 5.15 067/371] tpm, tpm_tis: Do not skip reset of original interrupt vector
2023-05-08 9:43 [PATCH 5.15 000/371] 5.15.111-rc1 review Greg Kroah-Hartman
` (65 preceding siblings ...)
2023-05-08 9:44 ` [PATCH 5.15 066/371] selinux: ensure av_permissions.h is built when needed Greg Kroah-Hartman
@ 2023-05-08 9:44 ` Greg Kroah-Hartman
2023-05-08 9:44 ` [PATCH 5.15 068/371] tpm, tpm_tis: Claim locality before writing TPM_INT_ENABLE register Greg Kroah-Hartman
` (307 subsequent siblings)
374 siblings, 0 replies; 391+ messages in thread
From: Greg Kroah-Hartman @ 2023-05-08 9:44 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Lino Sanfilippo, Jarkko Sakkinen,
Sasha Levin
From: Lino Sanfilippo <l.sanfilippo@kunbus.com>
[ Upstream commit ed9be0e6c892a783800d77a41ca4c7255c6af8c5 ]
If in tpm_tis_probe_irq_single() an error occurs after the original
interrupt vector has been read, restore the interrupts before the error is
returned.
Since the caller does not check the error value, return -1 in any case that
the TPM_CHIP_FLAG_IRQ flag is not set. Since the return value of function
tpm_tis_gen_interrupt() is not longer used, make it a void function.
Fixes: 1107d065fdf1 ("tpm_tis: Introduce intermediate layer for TPM access")
Signed-off-by: Lino Sanfilippo <l.sanfilippo@kunbus.com>
Tested-by: Jarkko Sakkinen <jarkko@kernel.org>
Reviewed-by: Jarkko Sakkinen <jarkko@kernel.org>
Signed-off-by: Jarkko Sakkinen <jarkko@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/char/tpm/tpm_tis_core.c | 29 +++++++++++------------------
1 file changed, 11 insertions(+), 18 deletions(-)
diff --git a/drivers/char/tpm/tpm_tis_core.c b/drivers/char/tpm/tpm_tis_core.c
index dc56b976d8162..ae0c773a6041a 100644
--- a/drivers/char/tpm/tpm_tis_core.c
+++ b/drivers/char/tpm/tpm_tis_core.c
@@ -714,7 +714,7 @@ static irqreturn_t tis_int_handler(int dummy, void *dev_id)
return IRQ_HANDLED;
}
-static int tpm_tis_gen_interrupt(struct tpm_chip *chip)
+static void tpm_tis_gen_interrupt(struct tpm_chip *chip)
{
const char *desc = "attempting to generate an interrupt";
u32 cap2;
@@ -723,7 +723,7 @@ static int tpm_tis_gen_interrupt(struct tpm_chip *chip)
ret = request_locality(chip, 0);
if (ret < 0)
- return ret;
+ return;
if (chip->flags & TPM_CHIP_FLAG_TPM2)
ret = tpm2_get_tpm_pt(chip, 0x100, &cap2, desc);
@@ -731,8 +731,6 @@ static int tpm_tis_gen_interrupt(struct tpm_chip *chip)
ret = tpm1_getcap(chip, TPM_CAP_PROP_TIS_TIMEOUT, &cap, desc, 0);
release_locality(chip, 0);
-
- return ret;
}
/* Register the IRQ and issue a command that will cause an interrupt. If an
@@ -762,42 +760,37 @@ static int tpm_tis_probe_irq_single(struct tpm_chip *chip, u32 intmask,
rc = tpm_tis_write8(priv, TPM_INT_VECTOR(priv->locality), irq);
if (rc < 0)
- return rc;
+ goto restore_irqs;
rc = tpm_tis_read32(priv, TPM_INT_STATUS(priv->locality), &int_status);
if (rc < 0)
- return rc;
+ goto restore_irqs;
/* Clear all existing */
rc = tpm_tis_write32(priv, TPM_INT_STATUS(priv->locality), int_status);
if (rc < 0)
- return rc;
-
+ goto restore_irqs;
/* Turn on */
rc = tpm_tis_write32(priv, TPM_INT_ENABLE(priv->locality),
intmask | TPM_GLOBAL_INT_ENABLE);
if (rc < 0)
- return rc;
+ goto restore_irqs;
priv->irq_tested = false;
/* Generate an interrupt by having the core call through to
* tpm_tis_send
*/
- rc = tpm_tis_gen_interrupt(chip);
- if (rc < 0)
- return rc;
+ tpm_tis_gen_interrupt(chip);
+restore_irqs:
/* tpm_tis_send will either confirm the interrupt is working or it
* will call disable_irq which undoes all of the above.
*/
if (!(chip->flags & TPM_CHIP_FLAG_IRQ)) {
- rc = tpm_tis_write8(priv, original_int_vec,
- TPM_INT_VECTOR(priv->locality));
- if (rc < 0)
- return rc;
-
- return 1;
+ tpm_tis_write8(priv, original_int_vec,
+ TPM_INT_VECTOR(priv->locality));
+ return -1;
}
return 0;
--
2.39.2
^ permalink raw reply related [flat|nested] 391+ messages in thread
* [PATCH 5.15 068/371] tpm, tpm_tis: Claim locality before writing TPM_INT_ENABLE register
2023-05-08 9:43 [PATCH 5.15 000/371] 5.15.111-rc1 review Greg Kroah-Hartman
` (66 preceding siblings ...)
2023-05-08 9:44 ` [PATCH 5.15 067/371] tpm, tpm_tis: Do not skip reset of original interrupt vector Greg Kroah-Hartman
@ 2023-05-08 9:44 ` Greg Kroah-Hartman
2023-05-08 9:44 ` [PATCH 5.15 069/371] tpm, tpm_tis: Disable interrupts if tpm_tis_probe_irq() failed Greg Kroah-Hartman
` (306 subsequent siblings)
374 siblings, 0 replies; 391+ messages in thread
From: Greg Kroah-Hartman @ 2023-05-08 9:44 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Lino Sanfilippo,
Michael Niewöhner, Jarkko Sakkinen, Sasha Levin
From: Lino Sanfilippo <l.sanfilippo@kunbus.com>
[ Upstream commit 282657a8bd7fddcf511b834f43705001668b33a7 ]
In disable_interrupts() the TPM_GLOBAL_INT_ENABLE bit is unset in the
TPM_INT_ENABLE register to shut the interrupts off. However modifying the
register is only possible with a held locality. So claim the locality
before disable_interrupts() is called.
Signed-off-by: Lino Sanfilippo <l.sanfilippo@kunbus.com>
Tested-by: Michael Niewöhner <linux@mniewoehner.de>
Tested-by: Jarkko Sakkinen <jarkko@kernel.org>
Reviewed-by: Jarkko Sakkinen <jarkko@kernel.org>
Signed-off-by: Jarkko Sakkinen <jarkko@kernel.org>
Stable-dep-of: 955df4f87760 ("tpm, tpm_tis: Claim locality when interrupts are reenabled on resume")
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/char/tpm/tpm_tis_core.c | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/drivers/char/tpm/tpm_tis_core.c b/drivers/char/tpm/tpm_tis_core.c
index ae0c773a6041a..274096fece3fa 100644
--- a/drivers/char/tpm/tpm_tis_core.c
+++ b/drivers/char/tpm/tpm_tis_core.c
@@ -1076,7 +1076,11 @@ int tpm_tis_core_init(struct device *dev, struct tpm_tis_data *priv, int irq,
dev_err(&chip->dev, FW_BUG
"TPM interrupt not working, polling instead\n");
+ rc = request_locality(chip, 0);
+ if (rc < 0)
+ goto out_err;
disable_interrupts(chip);
+ release_locality(chip, 0);
}
} else {
tpm_tis_probe_irq(chip, intmask);
--
2.39.2
^ permalink raw reply related [flat|nested] 391+ messages in thread
* [PATCH 5.15 069/371] tpm, tpm_tis: Disable interrupts if tpm_tis_probe_irq() failed
2023-05-08 9:43 [PATCH 5.15 000/371] 5.15.111-rc1 review Greg Kroah-Hartman
` (67 preceding siblings ...)
2023-05-08 9:44 ` [PATCH 5.15 068/371] tpm, tpm_tis: Claim locality before writing TPM_INT_ENABLE register Greg Kroah-Hartman
@ 2023-05-08 9:44 ` Greg Kroah-Hartman
2023-05-08 9:44 ` [PATCH 5.15 070/371] tpm, tpm_tis: Claim locality before writing interrupt registers Greg Kroah-Hartman
` (305 subsequent siblings)
374 siblings, 0 replies; 391+ messages in thread
From: Greg Kroah-Hartman @ 2023-05-08 9:44 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Lino Sanfilippo,
Michael Niewöhner, Jarkko Sakkinen, Sasha Levin
From: Lino Sanfilippo <l.sanfilippo@kunbus.com>
[ Upstream commit 6d789ad726950e612a7f31044260337237c5b490 ]
Both functions tpm_tis_probe_irq_single() and tpm_tis_probe_irq() may setup
the interrupts and then return with an error. This case is indicated by a
missing TPM_CHIP_FLAG_IRQ flag in chip->flags.
Currently the interrupt setup is only undone if tpm_tis_probe_irq_single()
fails. Undo the setup also if tpm_tis_probe_irq() fails.
Signed-off-by: Lino Sanfilippo <l.sanfilippo@kunbus.com>
Tested-by: Michael Niewöhner <linux@mniewoehner.de>
Tested-by: Jarkko Sakkinen <jarkko@kernel.org>
Reviewed-by: Jarkko Sakkinen <jarkko@kernel.org>
Signed-off-by: Jarkko Sakkinen <jarkko@kernel.org>
Stable-dep-of: 955df4f87760 ("tpm, tpm_tis: Claim locality when interrupts are reenabled on resume")
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/char/tpm/tpm_tis_core.c | 22 +++++++++++-----------
1 file changed, 11 insertions(+), 11 deletions(-)
diff --git a/drivers/char/tpm/tpm_tis_core.c b/drivers/char/tpm/tpm_tis_core.c
index 274096fece3fa..99cbf6fb062ce 100644
--- a/drivers/char/tpm/tpm_tis_core.c
+++ b/drivers/char/tpm/tpm_tis_core.c
@@ -1069,21 +1069,21 @@ int tpm_tis_core_init(struct device *dev, struct tpm_tis_data *priv, int irq,
goto out_err;
}
- if (irq) {
+ if (irq)
tpm_tis_probe_irq_single(chip, intmask, IRQF_SHARED,
irq);
- if (!(chip->flags & TPM_CHIP_FLAG_IRQ)) {
- dev_err(&chip->dev, FW_BUG
+ else
+ tpm_tis_probe_irq(chip, intmask);
+
+ if (!(chip->flags & TPM_CHIP_FLAG_IRQ)) {
+ dev_err(&chip->dev, FW_BUG
"TPM interrupt not working, polling instead\n");
- rc = request_locality(chip, 0);
- if (rc < 0)
- goto out_err;
- disable_interrupts(chip);
- release_locality(chip, 0);
- }
- } else {
- tpm_tis_probe_irq(chip, intmask);
+ rc = request_locality(chip, 0);
+ if (rc < 0)
+ goto out_err;
+ disable_interrupts(chip);
+ release_locality(chip, 0);
}
}
--
2.39.2
^ permalink raw reply related [flat|nested] 391+ messages in thread
* [PATCH 5.15 070/371] tpm, tpm_tis: Claim locality before writing interrupt registers
2023-05-08 9:43 [PATCH 5.15 000/371] 5.15.111-rc1 review Greg Kroah-Hartman
` (68 preceding siblings ...)
2023-05-08 9:44 ` [PATCH 5.15 069/371] tpm, tpm_tis: Disable interrupts if tpm_tis_probe_irq() failed Greg Kroah-Hartman
@ 2023-05-08 9:44 ` Greg Kroah-Hartman
2023-05-15 15:37 ` Felix Riemann
2023-05-08 9:44 ` [PATCH 5.15 071/371] tpm, tpm: Implement usage counter for locality Greg Kroah-Hartman
` (304 subsequent siblings)
374 siblings, 1 reply; 391+ messages in thread
From: Greg Kroah-Hartman @ 2023-05-08 9:44 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Lino Sanfilippo, Jarkko Sakkinen,
Sasha Levin
From: Lino Sanfilippo <l.sanfilippo@kunbus.com>
[ Upstream commit 15d7aa4e46eba87242a320f39773aa16faddadee ]
In tpm_tis_probe_single_irq() interrupt registers TPM_INT_VECTOR,
TPM_INT_STATUS and TPM_INT_ENABLE are modified to setup the interrupts.
Currently these modifications are done without holding a locality thus they
have no effect. Fix this by claiming the (default) locality before the
registers are written.
Since now tpm_tis_gen_interrupt() is called with the locality already
claimed remove locality request and release from this function.
Signed-off-by: Lino Sanfilippo <l.sanfilippo@kunbus.com>
Tested-by: Jarkko Sakkinen <jarkko@kernel.org>
Reviewed-by: Jarkko Sakkinen <jarkko@kernel.org>
Signed-off-by: Jarkko Sakkinen <jarkko@kernel.org>
Stable-dep-of: 955df4f87760 ("tpm, tpm_tis: Claim locality when interrupts are reenabled on resume")
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/char/tpm/tpm_tis_core.c | 20 +++++++++++---------
1 file changed, 11 insertions(+), 9 deletions(-)
diff --git a/drivers/char/tpm/tpm_tis_core.c b/drivers/char/tpm/tpm_tis_core.c
index 99cbf6fb062ce..52826a7edf800 100644
--- a/drivers/char/tpm/tpm_tis_core.c
+++ b/drivers/char/tpm/tpm_tis_core.c
@@ -721,16 +721,10 @@ static void tpm_tis_gen_interrupt(struct tpm_chip *chip)
cap_t cap;
int ret;
- ret = request_locality(chip, 0);
- if (ret < 0)
- return;
-
if (chip->flags & TPM_CHIP_FLAG_TPM2)
ret = tpm2_get_tpm_pt(chip, 0x100, &cap2, desc);
else
ret = tpm1_getcap(chip, TPM_CAP_PROP_TIS_TIMEOUT, &cap, desc, 0);
-
- release_locality(chip, 0);
}
/* Register the IRQ and issue a command that will cause an interrupt. If an
@@ -753,10 +747,16 @@ static int tpm_tis_probe_irq_single(struct tpm_chip *chip, u32 intmask,
}
priv->irq = irq;
+ rc = request_locality(chip, 0);
+ if (rc < 0)
+ return rc;
+
rc = tpm_tis_read8(priv, TPM_INT_VECTOR(priv->locality),
&original_int_vec);
- if (rc < 0)
+ if (rc < 0) {
+ release_locality(chip, priv->locality);
return rc;
+ }
rc = tpm_tis_write8(priv, TPM_INT_VECTOR(priv->locality), irq);
if (rc < 0)
@@ -790,10 +790,12 @@ static int tpm_tis_probe_irq_single(struct tpm_chip *chip, u32 intmask,
if (!(chip->flags & TPM_CHIP_FLAG_IRQ)) {
tpm_tis_write8(priv, original_int_vec,
TPM_INT_VECTOR(priv->locality));
- return -1;
+ rc = -1;
}
- return 0;
+ release_locality(chip, priv->locality);
+
+ return rc;
}
/* Try to find the IRQ the TPM is using. This is for legacy x86 systems that
--
2.39.2
^ permalink raw reply related [flat|nested] 391+ messages in thread
* [PATCH 5.15 071/371] tpm, tpm: Implement usage counter for locality
2023-05-08 9:43 [PATCH 5.15 000/371] 5.15.111-rc1 review Greg Kroah-Hartman
` (69 preceding siblings ...)
2023-05-08 9:44 ` [PATCH 5.15 070/371] tpm, tpm_tis: Claim locality before writing interrupt registers Greg Kroah-Hartman
@ 2023-05-08 9:44 ` Greg Kroah-Hartman
2023-05-08 9:44 ` [PATCH 5.15 072/371] tpm, tpm_tis: Claim locality when interrupts are reenabled on resume Greg Kroah-Hartman
` (303 subsequent siblings)
374 siblings, 0 replies; 391+ messages in thread
From: Greg Kroah-Hartman @ 2023-05-08 9:44 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Lino Sanfilippo,
Michael Niewöhner, Jarkko Sakkinen, Sasha Levin
From: Lino Sanfilippo <l.sanfilippo@kunbus.com>
[ Upstream commit 7a2f55d0be296c4e81fd782f3d6c43ed4ec7e265 ]
Implement a usage counter for the (default) locality used by the TPM TIS
driver:
Request the locality from the TPM if it has not been claimed yet, otherwise
only increment the counter. Also release the locality if the counter is 0
otherwise only decrement the counter. Since in case of SPI the register
accesses are locked by means of the SPI bus mutex use a sleepable lock
(i.e. also a mutex) to ensure thread-safety of the counter which may be
accessed by both a userspace thread and the interrupt handler.
By doing this refactor the names of the amended functions to use a more
appropriate prefix.
Signed-off-by: Lino Sanfilippo <l.sanfilippo@kunbus.com>
Tested-by: Michael Niewöhner <linux@mniewoehner.de>
Tested-by: Jarkko Sakkinen <jarkko@kernel.org>
Reviewed-by: Jarkko Sakkinen <jarkko@kernel.org>
Signed-off-by: Jarkko Sakkinen <jarkko@kernel.org>
Stable-dep-of: 955df4f87760 ("tpm, tpm_tis: Claim locality when interrupts are reenabled on resume")
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/char/tpm/tpm_tis_core.c | 63 +++++++++++++++++++++++----------
drivers/char/tpm/tpm_tis_core.h | 2 ++
2 files changed, 47 insertions(+), 18 deletions(-)
diff --git a/drivers/char/tpm/tpm_tis_core.c b/drivers/char/tpm/tpm_tis_core.c
index 52826a7edf800..3ea0fff30273e 100644
--- a/drivers/char/tpm/tpm_tis_core.c
+++ b/drivers/char/tpm/tpm_tis_core.c
@@ -136,16 +136,27 @@ static bool check_locality(struct tpm_chip *chip, int l)
return false;
}
-static int release_locality(struct tpm_chip *chip, int l)
+static int __tpm_tis_relinquish_locality(struct tpm_tis_data *priv, int l)
+{
+ tpm_tis_write8(priv, TPM_ACCESS(l), TPM_ACCESS_ACTIVE_LOCALITY);
+
+ return 0;
+}
+
+static int tpm_tis_relinquish_locality(struct tpm_chip *chip, int l)
{
struct tpm_tis_data *priv = dev_get_drvdata(&chip->dev);
- tpm_tis_write8(priv, TPM_ACCESS(l), TPM_ACCESS_ACTIVE_LOCALITY);
+ mutex_lock(&priv->locality_count_mutex);
+ priv->locality_count--;
+ if (priv->locality_count == 0)
+ __tpm_tis_relinquish_locality(priv, l);
+ mutex_unlock(&priv->locality_count_mutex);
return 0;
}
-static int request_locality(struct tpm_chip *chip, int l)
+static int __tpm_tis_request_locality(struct tpm_chip *chip, int l)
{
struct tpm_tis_data *priv = dev_get_drvdata(&chip->dev);
unsigned long stop, timeout;
@@ -186,6 +197,20 @@ static int request_locality(struct tpm_chip *chip, int l)
return -1;
}
+static int tpm_tis_request_locality(struct tpm_chip *chip, int l)
+{
+ struct tpm_tis_data *priv = dev_get_drvdata(&chip->dev);
+ int ret = 0;
+
+ mutex_lock(&priv->locality_count_mutex);
+ if (priv->locality_count == 0)
+ ret = __tpm_tis_request_locality(chip, l);
+ if (!ret)
+ priv->locality_count++;
+ mutex_unlock(&priv->locality_count_mutex);
+ return ret;
+}
+
static u8 tpm_tis_status(struct tpm_chip *chip)
{
struct tpm_tis_data *priv = dev_get_drvdata(&chip->dev);
@@ -638,7 +663,7 @@ static int probe_itpm(struct tpm_chip *chip)
if (vendor != TPM_VID_INTEL)
return 0;
- if (request_locality(chip, 0) != 0)
+ if (tpm_tis_request_locality(chip, 0) != 0)
return -EBUSY;
rc = tpm_tis_send_data(chip, cmd_getticks, len);
@@ -659,7 +684,7 @@ static int probe_itpm(struct tpm_chip *chip)
out:
tpm_tis_ready(chip);
- release_locality(chip, priv->locality);
+ tpm_tis_relinquish_locality(chip, priv->locality);
return rc;
}
@@ -747,14 +772,14 @@ static int tpm_tis_probe_irq_single(struct tpm_chip *chip, u32 intmask,
}
priv->irq = irq;
- rc = request_locality(chip, 0);
+ rc = tpm_tis_request_locality(chip, 0);
if (rc < 0)
return rc;
rc = tpm_tis_read8(priv, TPM_INT_VECTOR(priv->locality),
&original_int_vec);
if (rc < 0) {
- release_locality(chip, priv->locality);
+ tpm_tis_relinquish_locality(chip, priv->locality);
return rc;
}
@@ -793,7 +818,7 @@ static int tpm_tis_probe_irq_single(struct tpm_chip *chip, u32 intmask,
rc = -1;
}
- release_locality(chip, priv->locality);
+ tpm_tis_relinquish_locality(chip, priv->locality);
return rc;
}
@@ -909,8 +934,8 @@ static const struct tpm_class_ops tpm_tis = {
.req_complete_mask = TPM_STS_DATA_AVAIL | TPM_STS_VALID,
.req_complete_val = TPM_STS_DATA_AVAIL | TPM_STS_VALID,
.req_canceled = tpm_tis_req_canceled,
- .request_locality = request_locality,
- .relinquish_locality = release_locality,
+ .request_locality = tpm_tis_request_locality,
+ .relinquish_locality = tpm_tis_relinquish_locality,
.clk_enable = tpm_tis_clkrun_enable,
};
@@ -944,6 +969,8 @@ int tpm_tis_core_init(struct device *dev, struct tpm_tis_data *priv, int irq,
priv->timeout_min = TPM_TIMEOUT_USECS_MIN;
priv->timeout_max = TPM_TIMEOUT_USECS_MAX;
priv->phy_ops = phy_ops;
+ priv->locality_count = 0;
+ mutex_init(&priv->locality_count_mutex);
dev_set_drvdata(&chip->dev, priv);
@@ -990,14 +1017,14 @@ int tpm_tis_core_init(struct device *dev, struct tpm_tis_data *priv, int irq,
TPM_INTF_DATA_AVAIL_INT | TPM_INTF_STS_VALID_INT;
intmask &= ~TPM_GLOBAL_INT_ENABLE;
- rc = request_locality(chip, 0);
+ rc = tpm_tis_request_locality(chip, 0);
if (rc < 0) {
rc = -ENODEV;
goto out_err;
}
tpm_tis_write32(priv, TPM_INT_ENABLE(priv->locality), intmask);
- release_locality(chip, 0);
+ tpm_tis_relinquish_locality(chip, 0);
rc = tpm_chip_start(chip);
if (rc)
@@ -1057,13 +1084,13 @@ int tpm_tis_core_init(struct device *dev, struct tpm_tis_data *priv, int irq,
* proper timeouts for the driver.
*/
- rc = request_locality(chip, 0);
+ rc = tpm_tis_request_locality(chip, 0);
if (rc < 0)
goto out_err;
rc = tpm_get_timeouts(chip);
- release_locality(chip, 0);
+ tpm_tis_relinquish_locality(chip, 0);
if (rc) {
dev_err(dev, "Could not get TPM timeouts and durations\n");
@@ -1081,11 +1108,11 @@ int tpm_tis_core_init(struct device *dev, struct tpm_tis_data *priv, int irq,
dev_err(&chip->dev, FW_BUG
"TPM interrupt not working, polling instead\n");
- rc = request_locality(chip, 0);
+ rc = tpm_tis_request_locality(chip, 0);
if (rc < 0)
goto out_err;
disable_interrupts(chip);
- release_locality(chip, 0);
+ tpm_tis_relinquish_locality(chip, 0);
}
}
@@ -1158,13 +1185,13 @@ int tpm_tis_resume(struct device *dev)
* an error code but for unknown reason it isn't handled.
*/
if (!(chip->flags & TPM_CHIP_FLAG_TPM2)) {
- ret = request_locality(chip, 0);
+ ret = tpm_tis_request_locality(chip, 0);
if (ret < 0)
return ret;
tpm1_do_selftest(chip);
- release_locality(chip, 0);
+ tpm_tis_relinquish_locality(chip, 0);
}
return 0;
diff --git a/drivers/char/tpm/tpm_tis_core.h b/drivers/char/tpm/tpm_tis_core.h
index 3be24f221e32a..464ed352ab2e8 100644
--- a/drivers/char/tpm/tpm_tis_core.h
+++ b/drivers/char/tpm/tpm_tis_core.h
@@ -90,6 +90,8 @@ enum tpm_tis_flags {
struct tpm_tis_data {
u16 manufacturer_id;
+ struct mutex locality_count_mutex;
+ unsigned int locality_count;
int locality;
int irq;
bool irq_tested;
--
2.39.2
^ permalink raw reply related [flat|nested] 391+ messages in thread
* [PATCH 5.15 072/371] tpm, tpm_tis: Claim locality when interrupts are reenabled on resume
2023-05-08 9:43 [PATCH 5.15 000/371] 5.15.111-rc1 review Greg Kroah-Hartman
` (70 preceding siblings ...)
2023-05-08 9:44 ` [PATCH 5.15 071/371] tpm, tpm: Implement usage counter for locality Greg Kroah-Hartman
@ 2023-05-08 9:44 ` Greg Kroah-Hartman
2023-05-08 9:44 ` [PATCH 5.15 073/371] erofs: stop parsing non-compact HEAD index if clusterofs is invalid Greg Kroah-Hartman
` (302 subsequent siblings)
374 siblings, 0 replies; 391+ messages in thread
From: Greg Kroah-Hartman @ 2023-05-08 9:44 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Lino Sanfilippo, Jarkko Sakkinen,
Sasha Levin
From: Lino Sanfilippo <l.sanfilippo@kunbus.com>
[ Upstream commit 955df4f87760b3bb2af253d3fbb12fb712b3ffa6 ]
In tpm_tis_resume() make sure that the locality has been claimed when
tpm_tis_reenable_interrupts() is called. Otherwise the writings to the
register might not have any effect.
Fixes: 45baa1d1fa39 ("tpm_tis: Re-enable interrupts upon (S3) resume")
Signed-off-by: Lino Sanfilippo <l.sanfilippo@kunbus.com>
Tested-by: Jarkko Sakkinen <jarkko@kernel.org>
Reviewed-by: Jarkko Sakkinen <jarkko@kernel.org>
Signed-off-by: Jarkko Sakkinen <jarkko@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/char/tpm/tpm_tis_core.c | 19 +++++++++----------
1 file changed, 9 insertions(+), 10 deletions(-)
diff --git a/drivers/char/tpm/tpm_tis_core.c b/drivers/char/tpm/tpm_tis_core.c
index 3ea0fff30273e..d65fff4e2ebe9 100644
--- a/drivers/char/tpm/tpm_tis_core.c
+++ b/drivers/char/tpm/tpm_tis_core.c
@@ -1173,28 +1173,27 @@ int tpm_tis_resume(struct device *dev)
struct tpm_chip *chip = dev_get_drvdata(dev);
int ret;
+ ret = tpm_tis_request_locality(chip, 0);
+ if (ret < 0)
+ return ret;
+
if (chip->flags & TPM_CHIP_FLAG_IRQ)
tpm_tis_reenable_interrupts(chip);
ret = tpm_pm_resume(dev);
if (ret)
- return ret;
+ goto out;
/*
* TPM 1.2 requires self-test on resume. This function actually returns
* an error code but for unknown reason it isn't handled.
*/
- if (!(chip->flags & TPM_CHIP_FLAG_TPM2)) {
- ret = tpm_tis_request_locality(chip, 0);
- if (ret < 0)
- return ret;
-
+ if (!(chip->flags & TPM_CHIP_FLAG_TPM2))
tpm1_do_selftest(chip);
+out:
+ tpm_tis_relinquish_locality(chip, 0);
- tpm_tis_relinquish_locality(chip, 0);
- }
-
- return 0;
+ return ret;
}
EXPORT_SYMBOL_GPL(tpm_tis_resume);
#endif
--
2.39.2
^ permalink raw reply related [flat|nested] 391+ messages in thread
* [PATCH 5.15 073/371] erofs: stop parsing non-compact HEAD index if clusterofs is invalid
2023-05-08 9:43 [PATCH 5.15 000/371] 5.15.111-rc1 review Greg Kroah-Hartman
` (71 preceding siblings ...)
2023-05-08 9:44 ` [PATCH 5.15 072/371] tpm, tpm_tis: Claim locality when interrupts are reenabled on resume Greg Kroah-Hartman
@ 2023-05-08 9:44 ` Greg Kroah-Hartman
2023-05-08 9:44 ` [PATCH 5.15 074/371] erofs: fix potential overflow calculating xattr_isize Greg Kroah-Hartman
` (301 subsequent siblings)
374 siblings, 0 replies; 391+ messages in thread
From: Greg Kroah-Hartman @ 2023-05-08 9:44 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Gao Xiang, Chao Yu, Sasha Levin,
syzbot+aafb3f37cfeb6534c4ac
From: Gao Xiang <hsiangkao@linux.alibaba.com>
[ Upstream commit cc4efd3dd2ac9f89143e5d881609747ecff04164 ]
Syzbot generated a crafted image [1] with a non-compact HEAD index of
clusterofs 33024 while valid numbers should be 0 ~ lclustersize-1,
which causes the following unexpected behavior as below:
BUG: unable to handle page fault for address: fffff52101a3fff9
#PF: supervisor read access in kernel mode
#PF: error_code(0x0000) - not-present page
PGD 23ffed067 P4D 23ffed067 PUD 0
Oops: 0000 [#1] PREEMPT SMP KASAN
CPU: 1 PID: 4398 Comm: kworker/u5:1 Not tainted 6.3.0-rc6-syzkaller-g09a9639e56c0 #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/30/2023
Workqueue: erofs_worker z_erofs_decompressqueue_work
RIP: 0010:z_erofs_decompress_queue+0xb7e/0x2b40
...
Call Trace:
<TASK>
z_erofs_decompressqueue_work+0x99/0xe0
process_one_work+0x8f6/0x1170
worker_thread+0xa63/0x1210
kthread+0x270/0x300
ret_from_fork+0x1f/0x30
Note that normal images or images using compact indexes are not
impacted. Let's fix this now.
[1] https://lore.kernel.org/r/000000000000ec75b005ee97fbaa@google.com
Reported-and-tested-by: syzbot+aafb3f37cfeb6534c4ac@syzkaller.appspotmail.com
Fixes: 02827e1796b3 ("staging: erofs: add erofs_map_blocks_iter")
Fixes: 152a333a5895 ("staging: erofs: add compacted compression indexes support")
Signed-off-by: Gao Xiang <hsiangkao@linux.alibaba.com>
Reviewed-by: Chao Yu <chao@kernel.org>
Link: https://lore.kernel.org/r/20230410173714.104604-1-hsiangkao@linux.alibaba.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
fs/erofs/zmap.c | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/fs/erofs/zmap.c b/fs/erofs/zmap.c
index 73b86b5c1a75b..2c8575a8f6dae 100644
--- a/fs/erofs/zmap.c
+++ b/fs/erofs/zmap.c
@@ -191,6 +191,10 @@ static int legacy_load_cluster_from_disk(struct z_erofs_maprecorder *m,
case Z_EROFS_VLE_CLUSTER_TYPE_PLAIN:
case Z_EROFS_VLE_CLUSTER_TYPE_HEAD:
m->clusterofs = le16_to_cpu(di->di_clusterofs);
+ if (m->clusterofs >= 1 << vi->z_logical_clusterbits) {
+ DBG_BUGON(1);
+ return -EFSCORRUPTED;
+ }
m->pblk = le32_to_cpu(di->di_u.blkaddr);
break;
default:
--
2.39.2
^ permalink raw reply related [flat|nested] 391+ messages in thread
* [PATCH 5.15 074/371] erofs: fix potential overflow calculating xattr_isize
2023-05-08 9:43 [PATCH 5.15 000/371] 5.15.111-rc1 review Greg Kroah-Hartman
` (72 preceding siblings ...)
2023-05-08 9:44 ` [PATCH 5.15 073/371] erofs: stop parsing non-compact HEAD index if clusterofs is invalid Greg Kroah-Hartman
@ 2023-05-08 9:44 ` Greg Kroah-Hartman
2023-05-08 9:44 ` [PATCH 5.15 075/371] drm/rockchip: Drop unbalanced obj unref Greg Kroah-Hartman
` (300 subsequent siblings)
374 siblings, 0 replies; 391+ messages in thread
From: Greg Kroah-Hartman @ 2023-05-08 9:44 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Jingbo Xu, Gao Xiang, Chao Yu, Sasha Levin
From: Jingbo Xu <jefflexu@linux.alibaba.com>
[ Upstream commit 1b3567a1969b26f709d82a874498c0754ea841c3 ]
Given on-disk i_xattr_icount is 16 bits and xattr_isize is calculated
from i_xattr_icount multiplying 4, xattr_isize has a theoretical maximum
of 256K (64K * 4).
Thus declare xattr_isize as unsigned int to avoid the potential overflow.
Fixes: bfb8674dc044 ("staging: erofs: add erofs in-memory stuffs")
Signed-off-by: Jingbo Xu <jefflexu@linux.alibaba.com>
Reviewed-by: Gao Xiang <hsiangkao@linux.alibaba.com>
Reviewed-by: Chao Yu <chao@kernel.org>
Link: https://lore.kernel.org/r/20230414061810.6479-1-jefflexu@linux.alibaba.com
Signed-off-by: Gao Xiang <hsiangkao@linux.alibaba.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
fs/erofs/internal.h | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/fs/erofs/internal.h b/fs/erofs/internal.h
index b77acf09726c6..beadb06d8feb9 100644
--- a/fs/erofs/internal.h
+++ b/fs/erofs/internal.h
@@ -226,7 +226,7 @@ struct erofs_inode {
unsigned char datalayout;
unsigned char inode_isize;
- unsigned short xattr_isize;
+ unsigned int xattr_isize;
unsigned int xattr_shared_count;
unsigned int *xattr_shared_xattrs;
--
2.39.2
^ permalink raw reply related [flat|nested] 391+ messages in thread
* [PATCH 5.15 075/371] drm/rockchip: Drop unbalanced obj unref
2023-05-08 9:43 [PATCH 5.15 000/371] 5.15.111-rc1 review Greg Kroah-Hartman
` (73 preceding siblings ...)
2023-05-08 9:44 ` [PATCH 5.15 074/371] erofs: fix potential overflow calculating xattr_isize Greg Kroah-Hartman
@ 2023-05-08 9:44 ` Greg Kroah-Hartman
2023-05-08 9:44 ` [PATCH 5.15 076/371] drm/vgem: add missing mutex_destroy Greg Kroah-Hartman
` (299 subsequent siblings)
374 siblings, 0 replies; 391+ messages in thread
From: Greg Kroah-Hartman @ 2023-05-08 9:44 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Rob Clark, Heiko Stuebner, Sasha Levin
From: Rob Clark <robdclark@chromium.org>
[ Upstream commit 8ee3b0e85f6ccd9e6c527bc50eaba774c3bb18d0 ]
In the error path, rockchip_drm_gem_object_mmap() is dropping an obj
reference that it doesn't own.
Fixes: 41315b793e13 ("drm/rockchip: use drm_gem_mmap helpers")
Signed-off-by: Rob Clark <robdclark@chromium.org>
Signed-off-by: Heiko Stuebner <heiko@sntech.de>
Link: https://patchwork.freedesktop.org/patch/msgid/20230119231734.2884543-1-robdclark@gmail.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/gpu/drm/rockchip/rockchip_drm_gem.c | 3 ---
1 file changed, 3 deletions(-)
diff --git a/drivers/gpu/drm/rockchip/rockchip_drm_gem.c b/drivers/gpu/drm/rockchip/rockchip_drm_gem.c
index 7971f57436dd7..3b18b6a7acd3e 100644
--- a/drivers/gpu/drm/rockchip/rockchip_drm_gem.c
+++ b/drivers/gpu/drm/rockchip/rockchip_drm_gem.c
@@ -251,9 +251,6 @@ static int rockchip_drm_gem_object_mmap(struct drm_gem_object *obj,
else
ret = rockchip_drm_gem_object_mmap_dma(obj, vma);
- if (ret)
- drm_gem_vm_close(vma);
-
return ret;
}
--
2.39.2
^ permalink raw reply related [flat|nested] 391+ messages in thread
* [PATCH 5.15 076/371] drm/vgem: add missing mutex_destroy
2023-05-08 9:43 [PATCH 5.15 000/371] 5.15.111-rc1 review Greg Kroah-Hartman
` (74 preceding siblings ...)
2023-05-08 9:44 ` [PATCH 5.15 075/371] drm/rockchip: Drop unbalanced obj unref Greg Kroah-Hartman
@ 2023-05-08 9:44 ` Greg Kroah-Hartman
2023-05-08 9:44 ` [PATCH 5.15 077/371] drm/probe-helper: Cancel previous job before starting new one Greg Kroah-Hartman
` (298 subsequent siblings)
374 siblings, 0 replies; 391+ messages in thread
From: Greg Kroah-Hartman @ 2023-05-08 9:44 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Maíra Canal, Stanislaw Gruszka,
Maíra Canal, Sasha Levin
From: Maíra Canal <mcanal@igalia.com>
[ Upstream commit 7c18189b14b33c1fbf76480b1bd217877c086e67 ]
vgem_fence_open() instantiates a mutex for a particular fence
instance, but never destroys it by calling mutex_destroy() in
vgem_fence_close().
So, add the missing mutex_destroy() to guarantee proper resource
destruction.
Fixes: 407779848445 ("drm/vgem: Attach sw fences to exported vGEM dma-buf (ioctl)")
Signed-off-by: Maíra Canal <mcanal@igalia.com>
Reviewed-by: Stanislaw Gruszka <stanislaw.gruszka@linux.intel.com>
Signed-off-by: Maíra Canal <mairacanal@riseup.net>
Link: https://patchwork.freedesktop.org/patch/msgid/20230202125517.427976-1-mcanal@igalia.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/gpu/drm/vgem/vgem_fence.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/drivers/gpu/drm/vgem/vgem_fence.c b/drivers/gpu/drm/vgem/vgem_fence.c
index bd6f75285fd95..43fc56d0c4a06 100644
--- a/drivers/gpu/drm/vgem/vgem_fence.c
+++ b/drivers/gpu/drm/vgem/vgem_fence.c
@@ -248,4 +248,5 @@ void vgem_fence_close(struct vgem_file *vfile)
{
idr_for_each(&vfile->fence_idr, __vgem_fence_idr_fini, vfile);
idr_destroy(&vfile->fence_idr);
+ mutex_destroy(&vfile->fence_mutex);
}
--
2.39.2
^ permalink raw reply related [flat|nested] 391+ messages in thread
* [PATCH 5.15 077/371] drm/probe-helper: Cancel previous job before starting new one
2023-05-08 9:43 [PATCH 5.15 000/371] 5.15.111-rc1 review Greg Kroah-Hartman
` (75 preceding siblings ...)
2023-05-08 9:44 ` [PATCH 5.15 076/371] drm/vgem: add missing mutex_destroy Greg Kroah-Hartman
@ 2023-05-08 9:44 ` Greg Kroah-Hartman
2023-05-08 9:44 ` [PATCH 5.15 078/371] tools/x86/kcpuid: Fix avx512bw and avx512lvl fields in Fn00000007 Greg Kroah-Hartman
` (297 subsequent siblings)
374 siblings, 0 replies; 391+ messages in thread
From: Greg Kroah-Hartman @ 2023-05-08 9:44 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Daniel Vetter, Dom Cobley,
Maxime Ripard, Sasha Levin
From: Dom Cobley <popcornmix@gmail.com>
[ Upstream commit a8e47884f1906cd7440fafa056adc8817568e73e ]
Currently we schedule a call to output_poll_execute from
drm_kms_helper_poll_enable for 10s in future. Later we try to replace
that in drm_helper_probe_single_connector_modes with a 0s schedule with
delayed_event set.
But as there is already a job in the queue this fails, and the immediate
job we wanted with delayed_event set doesn't occur until 10s later.
And that call acts as if connector state has changed, reprobing modes.
This has a side effect of waking up a display that has been blanked.
Make sure we cancel the old job before submitting the immediate one.
Fixes: 162b6a57ac50 ("drm/probe-helper: don't lose hotplug event")
Acked-by: Daniel Vetter <daniel@ffwll.ch>
Signed-off-by: Dom Cobley <popcornmix@gmail.com>
[Maxime: Switched to mod_delayed_work]
Signed-off-by: Maxime Ripard <maxime@cerno.tech>
Link: https://patchwork.freedesktop.org/patch/msgid/20230127154052.452524-1-maxime@cerno.tech
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/gpu/drm/drm_probe_helper.c | 5 +++--
1 file changed, 3 insertions(+), 2 deletions(-)
diff --git a/drivers/gpu/drm/drm_probe_helper.c b/drivers/gpu/drm/drm_probe_helper.c
index 5606bca3caa83..f6b72e03688d4 100644
--- a/drivers/gpu/drm/drm_probe_helper.c
+++ b/drivers/gpu/drm/drm_probe_helper.c
@@ -488,8 +488,9 @@ int drm_helper_probe_single_connector_modes(struct drm_connector *connector,
*/
dev->mode_config.delayed_event = true;
if (dev->mode_config.poll_enabled)
- schedule_delayed_work(&dev->mode_config.output_poll_work,
- 0);
+ mod_delayed_work(system_wq,
+ &dev->mode_config.output_poll_work,
+ 0);
}
/* Re-enable polling in case the global poll config changed. */
--
2.39.2
^ permalink raw reply related [flat|nested] 391+ messages in thread
* [PATCH 5.15 078/371] tools/x86/kcpuid: Fix avx512bw and avx512lvl fields in Fn00000007
2023-05-08 9:43 [PATCH 5.15 000/371] 5.15.111-rc1 review Greg Kroah-Hartman
` (76 preceding siblings ...)
2023-05-08 9:44 ` [PATCH 5.15 077/371] drm/probe-helper: Cancel previous job before starting new one Greg Kroah-Hartman
@ 2023-05-08 9:44 ` Greg Kroah-Hartman
2023-05-08 9:44 ` [PATCH 5.15 079/371] soc: ti: pm33xx: Fix refcount leak in am33xx_pm_probe Greg Kroah-Hartman
` (296 subsequent siblings)
374 siblings, 0 replies; 391+ messages in thread
From: Greg Kroah-Hartman @ 2023-05-08 9:44 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Terry Bowman, Borislav Petkov (AMD),
Feng Tang, Sasha Levin
From: Terry Bowman <terry.bowman@amd.com>
[ Upstream commit 4e347bdf44c1fd4296a7b9657a2c0e1bd900fa50 ]
Leaf Fn00000007 contains avx512bw at bit 26 and avx512vl at bit 28. This
is incorrect per the SDM. Correct avx512bw to be bit 30 and avx512lvl to
be bit 31.
Fixes: c6b2f240bf8d ("tools/x86: Add a kcpuid tool to show raw CPU features")
Signed-off-by: Terry Bowman <terry.bowman@amd.com>
Signed-off-by: Borislav Petkov (AMD) <bp@alien8.de>
Reviewed-by: Feng Tang <feng.tang@intel.com>
Link: https://lore.kernel.org/r/20230206141832.4162264-2-terry.bowman@amd.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
tools/arch/x86/kcpuid/cpuid.csv | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/tools/arch/x86/kcpuid/cpuid.csv b/tools/arch/x86/kcpuid/cpuid.csv
index 4f1c4b0c29e98..9914bdf4fc9ec 100644
--- a/tools/arch/x86/kcpuid/cpuid.csv
+++ b/tools/arch/x86/kcpuid/cpuid.csv
@@ -184,8 +184,8 @@
7, 0, EBX, 27, avx512er, AVX512 Exponent Reciproca instr
7, 0, EBX, 28, avx512cd, AVX512 Conflict Detection instr
7, 0, EBX, 29, sha, Intel Secure Hash Algorithm Extensions instr
- 7, 0, EBX, 26, avx512bw, AVX512 Byte & Word instr
- 7, 0, EBX, 28, avx512vl, AVX512 Vector Length Extentions (VL)
+ 7, 0, EBX, 30, avx512bw, AVX512 Byte & Word instr
+ 7, 0, EBX, 31, avx512vl, AVX512 Vector Length Extentions (VL)
7, 0, ECX, 0, prefetchwt1, X
7, 0, ECX, 1, avx512vbmi, AVX512 Vector Byte Manipulation Instructions
7, 0, ECX, 2, umip, User-mode Instruction Prevention
--
2.39.2
^ permalink raw reply related [flat|nested] 391+ messages in thread
* [PATCH 5.15 079/371] soc: ti: pm33xx: Fix refcount leak in am33xx_pm_probe
2023-05-08 9:43 [PATCH 5.15 000/371] 5.15.111-rc1 review Greg Kroah-Hartman
` (77 preceding siblings ...)
2023-05-08 9:44 ` [PATCH 5.15 078/371] tools/x86/kcpuid: Fix avx512bw and avx512lvl fields in Fn00000007 Greg Kroah-Hartman
@ 2023-05-08 9:44 ` Greg Kroah-Hartman
2023-05-08 9:44 ` [PATCH 5.15 080/371] arm64: dts: renesas: r8a77990: Remove bogus voltages from OPP table Greg Kroah-Hartman
` (295 subsequent siblings)
374 siblings, 0 replies; 391+ messages in thread
From: Greg Kroah-Hartman @ 2023-05-08 9:44 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Miaoqian Lin, Nishanth Menon, Sasha Levin
From: Miaoqian Lin <linmq006@gmail.com>
[ Upstream commit 8f3c307b580a4a6425896007325bddefc36e8d91 ]
wkup_m3_ipc_get() takes refcount, which should be freed by
wkup_m3_ipc_put(). Add missing refcount release in the error paths.
Fixes: 5a99ae0092fe ("soc: ti: pm33xx: AM437X: Add rtc_only with ddr in self-refresh support")
Signed-off-by: Miaoqian Lin <linmq006@gmail.com>
Link: https://lore.kernel.org/r/20230106054022.947529-1-linmq006@gmail.com
Signed-off-by: Nishanth Menon <nm@ti.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/soc/ti/pm33xx.c | 5 +++--
1 file changed, 3 insertions(+), 2 deletions(-)
diff --git a/drivers/soc/ti/pm33xx.c b/drivers/soc/ti/pm33xx.c
index 7bab4bbaf02dc..285302bf3ef91 100644
--- a/drivers/soc/ti/pm33xx.c
+++ b/drivers/soc/ti/pm33xx.c
@@ -527,7 +527,7 @@ static int am33xx_pm_probe(struct platform_device *pdev)
ret = am33xx_pm_alloc_sram();
if (ret)
- return ret;
+ goto err_wkup_m3_ipc_put;
ret = am33xx_pm_rtc_setup();
if (ret)
@@ -574,13 +574,14 @@ static int am33xx_pm_probe(struct platform_device *pdev)
pm_runtime_put_sync(dev);
err_pm_runtime_disable:
pm_runtime_disable(dev);
- wkup_m3_ipc_put(m3_ipc);
err_unsetup_rtc:
iounmap(rtc_base_virt);
clk_put(rtc_fck);
err_free_sram:
am33xx_pm_free_sram();
pm33xx_dev = NULL;
+err_wkup_m3_ipc_put:
+ wkup_m3_ipc_put(m3_ipc);
return ret;
}
--
2.39.2
^ permalink raw reply related [flat|nested] 391+ messages in thread
* [PATCH 5.15 080/371] arm64: dts: renesas: r8a77990: Remove bogus voltages from OPP table
2023-05-08 9:43 [PATCH 5.15 000/371] 5.15.111-rc1 review Greg Kroah-Hartman
` (78 preceding siblings ...)
2023-05-08 9:44 ` [PATCH 5.15 079/371] soc: ti: pm33xx: Fix refcount leak in am33xx_pm_probe Greg Kroah-Hartman
@ 2023-05-08 9:44 ` Greg Kroah-Hartman
2023-05-08 9:44 ` [PATCH 5.15 081/371] arm64: dts: renesas: r8a774c0: " Greg Kroah-Hartman
` (294 subsequent siblings)
374 siblings, 0 replies; 391+ messages in thread
From: Greg Kroah-Hartman @ 2023-05-08 9:44 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Geert Uytterhoeven, Sasha Levin
From: Geert Uytterhoeven <geert+renesas@glider.be>
[ Upstream commit fb76b0fae3ca880363214e1dcd6513ab8bd529e7 ]
According to the R-Car Series, 3rd Generation Hardware User’s Manual
Rev. 2.30, the System CPU cores on R-Car E3 do not have their own power
supply, but use the common internal power supply (typical 1.03V).
Hence remove the "opp-microvolt" properties from the Operating
Performance Points table. They are optional, and unused, when none of
the CPU nodes is tied to a regulator using the "cpu-supply" property.
Fixes: dd7188eb4ed128dc ("arm64: dts: renesas: r8a77990: Add OPPs table for cpu devices")
Signed-off-by: Geert Uytterhoeven <geert+renesas@glider.be>
Link: https://lore.kernel.org/r/9232578d9d395d529f64db3333a371e31327f459.1676560856.git.geert+renesas@glider.be
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/arm64/boot/dts/renesas/r8a77990.dtsi | 3 ---
1 file changed, 3 deletions(-)
diff --git a/arch/arm64/boot/dts/renesas/r8a77990.dtsi b/arch/arm64/boot/dts/renesas/r8a77990.dtsi
index 9e616b0f04d46..adcb03fa23148 100644
--- a/arch/arm64/boot/dts/renesas/r8a77990.dtsi
+++ b/arch/arm64/boot/dts/renesas/r8a77990.dtsi
@@ -60,17 +60,14 @@
opp-shared;
opp-800000000 {
opp-hz = /bits/ 64 <800000000>;
- opp-microvolt = <820000>;
clock-latency-ns = <300000>;
};
opp-1000000000 {
opp-hz = /bits/ 64 <1000000000>;
- opp-microvolt = <820000>;
clock-latency-ns = <300000>;
};
opp-1200000000 {
opp-hz = /bits/ 64 <1200000000>;
- opp-microvolt = <820000>;
clock-latency-ns = <300000>;
opp-suspend;
};
--
2.39.2
^ permalink raw reply related [flat|nested] 391+ messages in thread
* [PATCH 5.15 081/371] arm64: dts: renesas: r8a774c0: Remove bogus voltages from OPP table
2023-05-08 9:43 [PATCH 5.15 000/371] 5.15.111-rc1 review Greg Kroah-Hartman
` (79 preceding siblings ...)
2023-05-08 9:44 ` [PATCH 5.15 080/371] arm64: dts: renesas: r8a77990: Remove bogus voltages from OPP table Greg Kroah-Hartman
@ 2023-05-08 9:44 ` Greg Kroah-Hartman
2023-05-08 9:44 ` [PATCH 5.15 082/371] drm/msm/disp/dpu: check for crtc enable rather than crtc active to release shared resources Greg Kroah-Hartman
` (293 subsequent siblings)
374 siblings, 0 replies; 391+ messages in thread
From: Greg Kroah-Hartman @ 2023-05-08 9:44 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Geert Uytterhoeven, Sasha Levin
From: Geert Uytterhoeven <geert+renesas@glider.be>
[ Upstream commit 554edc3e9239bb81e61be9f0f5dbbeb528a69e72 ]
According to the RZ/G Series, 2nd Generation Hardware User’s Manual
Rev. 1.11, the System CPU cores on RZ/G2E do not have their own power
supply, but use the common internal power supply (typical 1.03V).
Hence remove the "opp-microvolt" properties from the Operating
Performance Points table. They are optional, and unused, when none of
the CPU nodes is tied to a regulator using the "cpu-supply" property.
Fixes: 231d8908a66fa98f ("arm64: dts: renesas: r8a774c0: Add OPPs table for cpu devices")
Signed-off-by: Geert Uytterhoeven <geert+renesas@glider.be>
Link: https://lore.kernel.org/r/8348e18a011ded94e35919cd8e17c0be1f9acf2f.1676560856.git.geert+renesas@glider.be
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/arm64/boot/dts/renesas/r8a774c0.dtsi | 3 ---
1 file changed, 3 deletions(-)
diff --git a/arch/arm64/boot/dts/renesas/r8a774c0.dtsi b/arch/arm64/boot/dts/renesas/r8a774c0.dtsi
index 9eb08be3b98e2..50189209b6605 100644
--- a/arch/arm64/boot/dts/renesas/r8a774c0.dtsi
+++ b/arch/arm64/boot/dts/renesas/r8a774c0.dtsi
@@ -49,17 +49,14 @@
opp-shared;
opp-800000000 {
opp-hz = /bits/ 64 <800000000>;
- opp-microvolt = <820000>;
clock-latency-ns = <300000>;
};
opp-1000000000 {
opp-hz = /bits/ 64 <1000000000>;
- opp-microvolt = <820000>;
clock-latency-ns = <300000>;
};
opp-1200000000 {
opp-hz = /bits/ 64 <1200000000>;
- opp-microvolt = <820000>;
clock-latency-ns = <300000>;
opp-suspend;
};
--
2.39.2
^ permalink raw reply related [flat|nested] 391+ messages in thread
* [PATCH 5.15 082/371] drm/msm/disp/dpu: check for crtc enable rather than crtc active to release shared resources
2023-05-08 9:43 [PATCH 5.15 000/371] 5.15.111-rc1 review Greg Kroah-Hartman
` (80 preceding siblings ...)
2023-05-08 9:44 ` [PATCH 5.15 081/371] arm64: dts: renesas: r8a774c0: " Greg Kroah-Hartman
@ 2023-05-08 9:44 ` Greg Kroah-Hartman
2023-05-08 9:44 ` [PATCH 5.15 083/371] EDAC/skx: Fix overflows on the DRAM row address mapping arrays Greg Kroah-Hartman
` (292 subsequent siblings)
374 siblings, 0 replies; 391+ messages in thread
From: Greg Kroah-Hartman @ 2023-05-08 9:44 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Vinod Polimera, Dmitry Baryshkov,
Sasha Levin
From: Vinod Polimera <quic_vpolimer@quicinc.com>
[ Upstream commit b6975693846b562c4d3e0e60cc884affc5bdac00 ]
According to KMS documentation, The driver must not release any shared
resources if active is set to false but enable still true.
Fixes: ccc862b957c6 ("drm/msm/dpu: Fix reservation failures in modeset")
Signed-off-by: Vinod Polimera <quic_vpolimer@quicinc.com>
Reviewed-by: Dmitry Baryshkov <dmitry.baryshkov@linaro.org>
Patchwork: https://patchwork.freedesktop.org/patch/524726/
Link: https://lore.kernel.org/r/1677774797-31063-5-git-send-email-quic_vpolimer@quicinc.com
Signed-off-by: Dmitry Baryshkov <dmitry.baryshkov@linaro.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/gpu/drm/msm/disp/dpu1/dpu_encoder.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/gpu/drm/msm/disp/dpu1/dpu_encoder.c b/drivers/gpu/drm/msm/disp/dpu1/dpu_encoder.c
index 5f236395677e6..03bddd904d1a1 100644
--- a/drivers/gpu/drm/msm/disp/dpu1/dpu_encoder.c
+++ b/drivers/gpu/drm/msm/disp/dpu1/dpu_encoder.c
@@ -637,7 +637,7 @@ static int dpu_encoder_virt_atomic_check(
if (drm_atomic_crtc_needs_modeset(crtc_state)) {
dpu_rm_release(global_state, drm_enc);
- if (!crtc_state->active_changed || crtc_state->active)
+ if (!crtc_state->active_changed || crtc_state->enable)
ret = dpu_rm_reserve(&dpu_kms->rm, global_state,
drm_enc, crtc_state, topology);
}
--
2.39.2
^ permalink raw reply related [flat|nested] 391+ messages in thread
* [PATCH 5.15 083/371] EDAC/skx: Fix overflows on the DRAM row address mapping arrays
2023-05-08 9:43 [PATCH 5.15 000/371] 5.15.111-rc1 review Greg Kroah-Hartman
` (81 preceding siblings ...)
2023-05-08 9:44 ` [PATCH 5.15 082/371] drm/msm/disp/dpu: check for crtc enable rather than crtc active to release shared resources Greg Kroah-Hartman
@ 2023-05-08 9:44 ` Greg Kroah-Hartman
2023-05-08 9:44 ` [PATCH 5.15 084/371] regulator: core: Shorten off-on-delay-us for always-on/boot-on by time since booted Greg Kroah-Hartman
` (291 subsequent siblings)
374 siblings, 0 replies; 391+ messages in thread
From: Greg Kroah-Hartman @ 2023-05-08 9:44 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Feng Xu, Qiuxu Zhuo, Tony Luck, Sasha Levin
From: Qiuxu Zhuo <qiuxu.zhuo@intel.com>
[ Upstream commit 71b1e3ba3fed5a34c5fac6d3a15c2634b04c1eb7 ]
The current DRAM row address mapping arrays skx_{open,close}_row[]
only support ranks with sizes up to 16G. Decoding a rank address
to a DRAM row address for a 32G rank by using either one of the
above arrays by the skx_edac driver, will result in an overflow on
the array.
For a 32G rank, the most significant DRAM row address bit (the
bit17) is mapped from the bit34 of the rank address. Add this new
mapping item to both arrays to fix the overflow issue.
Fixes: 4ec656bdf43a ("EDAC, skx_edac: Add EDAC driver for Skylake")
Reported-by: Feng Xu <feng.f.xu@intel.com>
Tested-by: Feng Xu <feng.f.xu@intel.com>
Signed-off-by: Qiuxu Zhuo <qiuxu.zhuo@intel.com>
Signed-off-by: Tony Luck <tony.luck@intel.com>
Link: https://lore.kernel.org/all/20230211011728.71764-1-qiuxu.zhuo@intel.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/edac/skx_base.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/drivers/edac/skx_base.c b/drivers/edac/skx_base.c
index 1abc020d49ab6..984c93c8825f0 100644
--- a/drivers/edac/skx_base.c
+++ b/drivers/edac/skx_base.c
@@ -510,7 +510,7 @@ static bool skx_rir_decode(struct decoded_addr *res)
}
static u8 skx_close_row[] = {
- 15, 16, 17, 18, 20, 21, 22, 28, 10, 11, 12, 13, 29, 30, 31, 32, 33
+ 15, 16, 17, 18, 20, 21, 22, 28, 10, 11, 12, 13, 29, 30, 31, 32, 33, 34
};
static u8 skx_close_column[] = {
@@ -518,7 +518,7 @@ static u8 skx_close_column[] = {
};
static u8 skx_open_row[] = {
- 14, 15, 16, 20, 28, 21, 22, 23, 24, 25, 26, 27, 29, 30, 31, 32, 33
+ 14, 15, 16, 20, 28, 21, 22, 23, 24, 25, 26, 27, 29, 30, 31, 32, 33, 34
};
static u8 skx_open_column[] = {
--
2.39.2
^ permalink raw reply related [flat|nested] 391+ messages in thread
* [PATCH 5.15 084/371] regulator: core: Shorten off-on-delay-us for always-on/boot-on by time since booted
2023-05-08 9:43 [PATCH 5.15 000/371] 5.15.111-rc1 review Greg Kroah-Hartman
` (82 preceding siblings ...)
2023-05-08 9:44 ` [PATCH 5.15 083/371] EDAC/skx: Fix overflows on the DRAM row address mapping arrays Greg Kroah-Hartman
@ 2023-05-08 9:44 ` Greg Kroah-Hartman
2023-05-08 9:44 ` [PATCH 5.15 085/371] arm64: dts: ti: k3-j721e-main: Remove ti,strobe-sel property Greg Kroah-Hartman
` (290 subsequent siblings)
374 siblings, 0 replies; 391+ messages in thread
From: Greg Kroah-Hartman @ 2023-05-08 9:44 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Christian Kohlschütter,
Douglas Anderson, Mark Brown, Sasha Levin
From: Douglas Anderson <dianders@chromium.org>
[ Upstream commit 691c1fcda5351ed98a44610b7dccc0e3ee920020 ]
This is very close to a straight revert of commit 218320fec294
("regulator: core: Fix off-on-delay-us for always-on/boot-on
regulators"). We've identified that patch as causing a boot speed
regression on sc7180-trogdor boards. While boot speed certainly isn't
more important than making sure that power sequencing is correct,
looking closely at the original change it doesn't seem to have been
fully justified. It mentions "cycling issues" without describing
exactly what the issues were. That means it's possible that the
cycling issues were really a problem that should be fixed in a
different way.
Let's take a careful look at how we should handle regulators that have
an off-on-delay and that are boot-on or always-on. Linux currently
doesn't have any way to identify whether a GPIO regulator was already
on when the kernel booted. That means that when the kernel boots we
probe a regulator, see that it wants boot-on / always-on we, and then
turn the regulator on. We could be in one of two cases when we do
this:
a) The regulator might have been left on by the bootloader and we're
ensuring that it stays on.
b) The regulator might have been left off by the bootloader and we're
just now turning it on.
For case a) we definitely don't need any sort of delay. For case b) we
_might_ need some delay in case the bootloader turned the regulator
off _right_ before booting the kernel. To get the proper delay for
case b) then we can just assume a `last_off` of 0, which is what it
gets initialized to by default.
As per above, we can't tell whether we're in case a) or case b) so
we'll assume the longer delay (case b). This basically puts the code
to how it was before commit 218320fec294 ("regulator: core: Fix
off-on-delay-us for always-on/boot-on regulators"). However, we add
one important change: we make sure that the delay is actually honored
if `last_off` is 0. Though the original "cycling issues" cited were
vague, I'm hopeful that this important extra change will be enough to
fix the issues that the initial commit mentioned.
With this fix, I've confined that on a sc7180-trogdor board the delay
at boot goes down from 500 ms to ~250 ms. That's not as good as the 0
ms that we had prior to commit 218320fec294 ("regulator: core: Fix
off-on-delay-us for always-on/boot-on regulators"), but it's probably
safer because we don't know if the bootloader turned the regulator off
right before booting.
One note is that it's possible that we could be in a state that's not
a) or b) if there are other issues in the kernel. The only one I can
think of is related to pinctrl. If the pinctrl driver being used on a
board isn't careful about avoiding glitches when setting up a pin then
it's possible that setting up a pin could cause the regulator to "turn
off" briefly immediately before the regulator probes. If this is
indeed causing problems then the pinctrl driver should be fixed,
perhaps in a similar way to what was done in commit d21f4b7ffc22
("pinctrl: qcom: Avoid glitching lines when we first mux to output")
Fixes: 218320fec294 ("regulator: core: Fix off-on-delay-us for always-on/boot-on regulators")
Cc: Christian Kohlschütter <christian@kohlschutter.com>
Signed-off-by: Douglas Anderson <dianders@chromium.org>
Link: https://lore.kernel.org/r/20230313111806.1.I2eaad872be0932a805c239a7c7a102233fb0b03b@changeid
Signed-off-by: Mark Brown <broonie@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/regulator/core.c | 7 +++----
1 file changed, 3 insertions(+), 4 deletions(-)
diff --git a/drivers/regulator/core.c b/drivers/regulator/core.c
index cd10880378a6d..e876702d6ef36 100644
--- a/drivers/regulator/core.c
+++ b/drivers/regulator/core.c
@@ -1539,9 +1539,6 @@ static int set_machine_constraints(struct regulator_dev *rdev)
rdev->constraints->always_on = true;
}
- if (rdev->desc->off_on_delay)
- rdev->last_off = ktime_get_boottime();
-
/* If the constraints say the regulator should be on at this point
* and we have control then make sure it is enabled.
*/
@@ -1575,6 +1572,8 @@ static int set_machine_constraints(struct regulator_dev *rdev)
if (rdev->constraints->always_on)
rdev->use_count++;
+ } else if (rdev->desc->off_on_delay) {
+ rdev->last_off = ktime_get();
}
print_constraints(rdev);
@@ -2624,7 +2623,7 @@ static int _regulator_do_enable(struct regulator_dev *rdev)
trace_regulator_enable(rdev_get_name(rdev));
- if (rdev->desc->off_on_delay && rdev->last_off) {
+ if (rdev->desc->off_on_delay) {
/* if needed, keep a distance of off_on_delay from last time
* this regulator was disabled.
*/
--
2.39.2
^ permalink raw reply related [flat|nested] 391+ messages in thread
* [PATCH 5.15 085/371] arm64: dts: ti: k3-j721e-main: Remove ti,strobe-sel property
2023-05-08 9:43 [PATCH 5.15 000/371] 5.15.111-rc1 review Greg Kroah-Hartman
` (83 preceding siblings ...)
2023-05-08 9:44 ` [PATCH 5.15 084/371] regulator: core: Shorten off-on-delay-us for always-on/boot-on by time since booted Greg Kroah-Hartman
@ 2023-05-08 9:44 ` Greg Kroah-Hartman
2023-05-08 9:44 ` [PATCH 5.15 086/371] arm64: dts: broadcom: bcm4908: add DT for Netgear RAXE500 Greg Kroah-Hartman
` (289 subsequent siblings)
374 siblings, 0 replies; 391+ messages in thread
From: Greg Kroah-Hartman @ 2023-05-08 9:44 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Bhavya Kapoor, Nishanth Menon,
Diwakar Dhyani, Nitin Yadav, Sasha Levin
From: Bhavya Kapoor <b-kapoor@ti.com>
[ Upstream commit 4f4b30a777d3e61603119297965343a37be36435 ]
According to latest errata of J721e [1], (i2024) 'MMCSD: Peripherals
Do Not Support HS400' which applies to MMCSD0 subsystem. Speed modes
supported has been already updated but missed dropping 'ti,strobe-sel'
property which is only required by HS400 speed mode.
Thus, drop 'ti,strobe-sel' property from kernel dtsi for J721e SoC.
[1] https://www.ti.com/lit/er/sprz455/sprz455.pdf
Fixes: eb8f6194e807 ("arm64: dts: ti: k3-j721e-main: Update the speed modes supported and their itap delay values for MMCSD subsystems")
Signed-off-by: Bhavya Kapoor <b-kapoor@ti.com>
Signed-off-by: Nishanth Menon <nm@ti.com>
Reviewed-by: Diwakar Dhyani <d-dhyani@ti.com>
Reviewed-by: Nitin Yadav <n-yadav@ti.com>
Link: https://lore.kernel.org/r/20230203073724.29529-1-b-kapoor@ti.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/arm64/boot/dts/ti/k3-j721e-main.dtsi | 1 -
1 file changed, 1 deletion(-)
diff --git a/arch/arm64/boot/dts/ti/k3-j721e-main.dtsi b/arch/arm64/boot/dts/ti/k3-j721e-main.dtsi
index ad21bb1417aa6..d662eeb7d80a7 100644
--- a/arch/arm64/boot/dts/ti/k3-j721e-main.dtsi
+++ b/arch/arm64/boot/dts/ti/k3-j721e-main.dtsi
@@ -1051,7 +1051,6 @@
ti,itap-del-sel-mmc-hs = <0xa>;
ti,itap-del-sel-ddr52 = <0x3>;
ti,trm-icp = <0x8>;
- ti,strobe-sel = <0x77>;
dma-coherent;
};
--
2.39.2
^ permalink raw reply related [flat|nested] 391+ messages in thread
* [PATCH 5.15 086/371] arm64: dts: broadcom: bcm4908: add DT for Netgear RAXE500
2023-05-08 9:43 [PATCH 5.15 000/371] 5.15.111-rc1 review Greg Kroah-Hartman
` (84 preceding siblings ...)
2023-05-08 9:44 ` [PATCH 5.15 085/371] arm64: dts: ti: k3-j721e-main: Remove ti,strobe-sel property Greg Kroah-Hartman
@ 2023-05-08 9:44 ` Greg Kroah-Hartman
2023-05-08 9:44 ` [PATCH 5.15 087/371] arm64: dts: Add DTS files for bcmbca SoC BCM63158 Greg Kroah-Hartman
` (288 subsequent siblings)
374 siblings, 0 replies; 391+ messages in thread
From: Greg Kroah-Hartman @ 2023-05-08 9:44 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Rafał Miłecki,
Florian Fainelli, Sasha Levin
From: Rafał Miłecki <rafal@milecki.pl>
[ Upstream commit d0e68d354f345873e15876a7b35be1baaf5e3ec9 ]
It's a home router based on BCM4908 SoC. It has: 1 GiB of RAM, 512 MiB
NAND flash, 6 Ethernet ports and 3 x BCM43684 (WiFi). One of Ethernet
ports is "2.5 G Multi-Gig port" that isn't described yet (it isn't known
how it's wired up).
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
Signed-off-by: Florian Fainelli <f.fainelli@gmail.com>
Stable-dep-of: 5cca02449490 ("arm64: dts: broadcom: bcmbca: bcm4908: fix NAND interrupt name")
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/arm64/boot/dts/broadcom/bcm4908/Makefile | 1 +
.../bcm4908/bcm4908-netgear-raxe500.dts | 50 +++++++++++++++++++
2 files changed, 51 insertions(+)
create mode 100644 arch/arm64/boot/dts/broadcom/bcm4908/bcm4908-netgear-raxe500.dts
diff --git a/arch/arm64/boot/dts/broadcom/bcm4908/Makefile b/arch/arm64/boot/dts/broadcom/bcm4908/Makefile
index cc75854519ac3..6e364e304d4fd 100644
--- a/arch/arm64/boot/dts/broadcom/bcm4908/Makefile
+++ b/arch/arm64/boot/dts/broadcom/bcm4908/Makefile
@@ -2,3 +2,4 @@
dtb-$(CONFIG_ARCH_BCM4908) += bcm4906-netgear-r8000p.dtb
dtb-$(CONFIG_ARCH_BCM4908) += bcm4906-tplink-archer-c2300-v1.dtb
dtb-$(CONFIG_ARCH_BCM4908) += bcm4908-asus-gt-ac5300.dtb
+dtb-$(CONFIG_ARCH_BCM4908) += bcm4908-netgear-raxe500.dtb
diff --git a/arch/arm64/boot/dts/broadcom/bcm4908/bcm4908-netgear-raxe500.dts b/arch/arm64/boot/dts/broadcom/bcm4908/bcm4908-netgear-raxe500.dts
new file mode 100644
index 0000000000000..3c2cf2d238b6f
--- /dev/null
+++ b/arch/arm64/boot/dts/broadcom/bcm4908/bcm4908-netgear-raxe500.dts
@@ -0,0 +1,50 @@
+// SPDX-License-Identifier: GPL-2.0-or-later OR MIT
+
+#include "bcm4908.dtsi"
+
+/ {
+ compatible = "netgear,raxe500", "brcm,bcm4908";
+ model = "Netgear RAXE500";
+
+ memory@0 {
+ device_type = "memory";
+ reg = <0x00 0x00 0x00 0x40000000>;
+ };
+};
+
+&ehci {
+ status = "okay";
+};
+
+&ohci {
+ status = "okay";
+};
+
+&xhci {
+ status = "okay";
+};
+
+&ports {
+ port@0 {
+ label = "lan4";
+ };
+
+ port@1 {
+ label = "lan3";
+ };
+
+ port@2 {
+ label = "lan2";
+ };
+
+ port@3 {
+ label = "lan1";
+ };
+
+ port@7 {
+ reg = <7>;
+ phy-mode = "internal";
+ phy-handle = <&phy12>;
+ label = "wan";
+ };
+};
--
2.39.2
^ permalink raw reply related [flat|nested] 391+ messages in thread
* [PATCH 5.15 087/371] arm64: dts: Add DTS files for bcmbca SoC BCM63158
2023-05-08 9:43 [PATCH 5.15 000/371] 5.15.111-rc1 review Greg Kroah-Hartman
` (85 preceding siblings ...)
2023-05-08 9:44 ` [PATCH 5.15 086/371] arm64: dts: broadcom: bcm4908: add DT for Netgear RAXE500 Greg Kroah-Hartman
@ 2023-05-08 9:44 ` Greg Kroah-Hartman
2023-05-08 9:44 ` [PATCH 5.15 088/371] arm64: dts: Add DTS files for bcmbca SoC BCM4912 Greg Kroah-Hartman
` (287 subsequent siblings)
374 siblings, 0 replies; 391+ messages in thread
From: Greg Kroah-Hartman @ 2023-05-08 9:44 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, William Zhang, Florian Fainelli,
Sasha Levin
From: William Zhang <william.zhang@broadcom.com>
[ Upstream commit 076dcedc6628c6bf92bd17bfcf8fb7b1af62bfb6 ]
Add DTS for ARMv8 based broadband SoC BCM63158. bcm63158.dtsi is the
SoC description DTS header and bcm963158.dts is a simple DTS file for
Broadcom BCM963158 Reference board that only enable the UART port.
Signed-off-by: William Zhang <william.zhang@broadcom.com>
Signed-off-by: Florian Fainelli <f.fainelli@gmail.com>
Stable-dep-of: 5cca02449490 ("arm64: dts: broadcom: bcmbca: bcm4908: fix NAND interrupt name")
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/arm64/boot/dts/broadcom/Makefile | 1 +
arch/arm64/boot/dts/broadcom/bcmbca/Makefile | 2 +
.../boot/dts/broadcom/bcmbca/bcm63158.dtsi | 128 ++++++++++++++++++
.../boot/dts/broadcom/bcmbca/bcm963158.dts | 30 ++++
4 files changed, 161 insertions(+)
create mode 100644 arch/arm64/boot/dts/broadcom/bcmbca/Makefile
create mode 100644 arch/arm64/boot/dts/broadcom/bcmbca/bcm63158.dtsi
create mode 100644 arch/arm64/boot/dts/broadcom/bcmbca/bcm963158.dts
diff --git a/arch/arm64/boot/dts/broadcom/Makefile b/arch/arm64/boot/dts/broadcom/Makefile
index 11eae3e3a9447..9a0ea4b97ef23 100644
--- a/arch/arm64/boot/dts/broadcom/Makefile
+++ b/arch/arm64/boot/dts/broadcom/Makefile
@@ -7,5 +7,6 @@ dtb-$(CONFIG_ARCH_BCM2835) += bcm2711-rpi-400.dtb \
bcm2837-rpi-cm3-io3.dtb
subdir-y += bcm4908
+subdir-y += bcmbca
subdir-y += northstar2
subdir-y += stingray
diff --git a/arch/arm64/boot/dts/broadcom/bcmbca/Makefile b/arch/arm64/boot/dts/broadcom/bcmbca/Makefile
new file mode 100644
index 0000000000000..d5f89245336c4
--- /dev/null
+++ b/arch/arm64/boot/dts/broadcom/bcmbca/Makefile
@@ -0,0 +1,2 @@
+# SPDX-License-Identifier: GPL-2.0
+dtb-$(CONFIG_ARCH_BCMBCA) += bcm963158.dtb
diff --git a/arch/arm64/boot/dts/broadcom/bcmbca/bcm63158.dtsi b/arch/arm64/boot/dts/broadcom/bcmbca/bcm63158.dtsi
new file mode 100644
index 0000000000000..13629702f70b8
--- /dev/null
+++ b/arch/arm64/boot/dts/broadcom/bcmbca/bcm63158.dtsi
@@ -0,0 +1,128 @@
+// SPDX-License-Identifier: (GPL-2.0+ OR MIT)
+/*
+ * Copyright 2022 Broadcom Ltd.
+ */
+
+#include <dt-bindings/interrupt-controller/irq.h>
+#include <dt-bindings/interrupt-controller/arm-gic.h>
+
+/ {
+ compatible = "brcm,bcm63158", "brcm,bcmbca";
+ #address-cells = <2>;
+ #size-cells = <2>;
+
+ interrupt-parent = <&gic>;
+
+ cpus {
+ #address-cells = <2>;
+ #size-cells = <0>;
+
+ B53_0: cpu@0 {
+ compatible = "brcm,brahma-b53";
+ device_type = "cpu";
+ reg = <0x0 0x0>;
+ next-level-cache = <&L2_0>;
+ enable-method = "psci";
+ };
+
+ B53_1: cpu@1 {
+ compatible = "brcm,brahma-b53";
+ device_type = "cpu";
+ reg = <0x0 0x1>;
+ next-level-cache = <&L2_0>;
+ enable-method = "psci";
+ };
+
+ B53_2: cpu@2 {
+ compatible = "brcm,brahma-b53";
+ device_type = "cpu";
+ reg = <0x0 0x2>;
+ next-level-cache = <&L2_0>;
+ enable-method = "psci";
+ };
+
+ B53_3: cpu@3 {
+ compatible = "brcm,brahma-b53";
+ device_type = "cpu";
+ reg = <0x0 0x3>;
+ next-level-cache = <&L2_0>;
+ enable-method = "psci";
+ };
+
+ L2_0: l2-cache0 {
+ compatible = "cache";
+ };
+ };
+
+ timer {
+ compatible = "arm,armv8-timer";
+ interrupts = <GIC_PPI 13 (GIC_CPU_MASK_SIMPLE(4) | IRQ_TYPE_LEVEL_LOW)>,
+ <GIC_PPI 14 (GIC_CPU_MASK_SIMPLE(4) | IRQ_TYPE_LEVEL_LOW)>,
+ <GIC_PPI 11 (GIC_CPU_MASK_SIMPLE(4) | IRQ_TYPE_LEVEL_LOW)>,
+ <GIC_PPI 10 (GIC_CPU_MASK_SIMPLE(4) | IRQ_TYPE_LEVEL_LOW)>;
+ };
+
+ pmu: pmu {
+ compatible = "arm,cortex-a53-pmu";
+ interrupts = <GIC_SPI 9 IRQ_TYPE_LEVEL_HIGH>,
+ <GIC_SPI 10 IRQ_TYPE_LEVEL_HIGH>,
+ <GIC_SPI 11 IRQ_TYPE_LEVEL_HIGH>,
+ <GIC_SPI 12 IRQ_TYPE_LEVEL_HIGH>;
+ interrupt-affinity = <&B53_0>, <&B53_1>,
+ <&B53_2>, <&B53_3>;
+ };
+
+ clocks: clocks {
+ periph_clk: periph-clk {
+ compatible = "fixed-clock";
+ #clock-cells = <0>;
+ clock-frequency = <200000000>;
+ };
+ uart_clk: uart-clk {
+ compatible = "fixed-factor-clock";
+ #clock-cells = <0>;
+ clocks = <&periph_clk>;
+ clock-div = <4>;
+ clock-mult = <1>;
+ };
+ };
+
+ psci {
+ compatible = "arm,psci-0.2";
+ method = "smc";
+ };
+
+ axi@81000000 {
+ compatible = "simple-bus";
+ #address-cells = <1>;
+ #size-cells = <1>;
+ ranges = <0x0 0x0 0x81000000 0x8000>;
+
+ gic: interrupt-controller@1000 {
+ compatible = "arm,gic-400";
+ #interrupt-cells = <3>;
+ interrupt-controller;
+ interrupts = <GIC_PPI 9 (GIC_CPU_MASK_SIMPLE(4) | IRQ_TYPE_LEVEL_HIGH)>;
+ reg = <0x1000 0x1000>,
+ <0x2000 0x2000>,
+ <0x4000 0x2000>,
+ <0x6000 0x2000>;
+ };
+ };
+
+ bus@ff800000 {
+ compatible = "simple-bus";
+ #address-cells = <1>;
+ #size-cells = <1>;
+ ranges = <0x0 0x0 0xff800000 0x800000>;
+
+ uart0: serial@12000 {
+ compatible = "arm,pl011", "arm,primecell";
+ reg = <0x12000 0x1000>;
+ interrupts = <GIC_SPI 32 IRQ_TYPE_LEVEL_HIGH>;
+ clocks = <&uart_clk>, <&uart_clk>;
+ clock-names = "uartclk", "apb_pclk";
+ status = "disabled";
+ };
+ };
+};
diff --git a/arch/arm64/boot/dts/broadcom/bcmbca/bcm963158.dts b/arch/arm64/boot/dts/broadcom/bcmbca/bcm963158.dts
new file mode 100644
index 0000000000000..eba07e0b1ca6f
--- /dev/null
+++ b/arch/arm64/boot/dts/broadcom/bcmbca/bcm963158.dts
@@ -0,0 +1,30 @@
+// SPDX-License-Identifier: (GPL-2.0+ OR MIT)
+/*
+ * Copyright 2022 Broadcom Ltd.
+ */
+
+/dts-v1/;
+
+#include "bcm63158.dtsi"
+
+/ {
+ model = "Broadcom BCM963158 Reference Board";
+ compatible = "brcm,bcm963158", "brcm,bcm63158", "brcm,bcmbca";
+
+ aliases {
+ serial0 = &uart0;
+ };
+
+ chosen {
+ stdout-path = "serial0:115200n8";
+ };
+
+ memory@0 {
+ device_type = "memory";
+ reg = <0x0 0x0 0x0 0x08000000>;
+ };
+};
+
+&uart0 {
+ status = "okay";
+};
--
2.39.2
^ permalink raw reply related [flat|nested] 391+ messages in thread
* [PATCH 5.15 088/371] arm64: dts: Add DTS files for bcmbca SoC BCM4912
2023-05-08 9:43 [PATCH 5.15 000/371] 5.15.111-rc1 review Greg Kroah-Hartman
` (86 preceding siblings ...)
2023-05-08 9:44 ` [PATCH 5.15 087/371] arm64: dts: Add DTS files for bcmbca SoC BCM63158 Greg Kroah-Hartman
@ 2023-05-08 9:44 ` Greg Kroah-Hartman
2023-05-08 9:44 ` [PATCH 5.15 089/371] ARM64: dts: Add DTS files for bcmbca SoC BCM6858 Greg Kroah-Hartman
` (286 subsequent siblings)
374 siblings, 0 replies; 391+ messages in thread
From: Greg Kroah-Hartman @ 2023-05-08 9:44 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, William Zhang, Krzysztof Kozlowski,
Florian Fainelli, Sasha Levin
From: William Zhang <william.zhang@broadcom.com>
[ Upstream commit 1ba56aeb391401c4cb2126c39f90b3cdbfabdb3f ]
Add DTS for ARMv8 based broadband SoC BCM4912. bcm4912.dtsi is the
SoC description DTS header and bcm94912.dts is a simple DTS file for
Broadcom BCM94912 Reference board that only enable the UART port.
Signed-off-by: William Zhang <william.zhang@broadcom.com>
Acked-by: Krzysztof Kozlowski <krzysztof.kozlowski@linaro.org>
Signed-off-by: Florian Fainelli <f.fainelli@gmail.com>
Stable-dep-of: 5cca02449490 ("arm64: dts: broadcom: bcmbca: bcm4908: fix NAND interrupt name")
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/arm64/boot/dts/broadcom/bcmbca/Makefile | 3 +-
.../boot/dts/broadcom/bcmbca/bcm4912.dtsi | 128 ++++++++++++++++++
.../boot/dts/broadcom/bcmbca/bcm94912.dts | 30 ++++
3 files changed, 160 insertions(+), 1 deletion(-)
create mode 100644 arch/arm64/boot/dts/broadcom/bcmbca/bcm4912.dtsi
create mode 100644 arch/arm64/boot/dts/broadcom/bcmbca/bcm94912.dts
diff --git a/arch/arm64/boot/dts/broadcom/bcmbca/Makefile b/arch/arm64/boot/dts/broadcom/bcmbca/Makefile
index d5f89245336c4..b6e520e9f2f21 100644
--- a/arch/arm64/boot/dts/broadcom/bcmbca/Makefile
+++ b/arch/arm64/boot/dts/broadcom/bcmbca/Makefile
@@ -1,2 +1,3 @@
# SPDX-License-Identifier: GPL-2.0
-dtb-$(CONFIG_ARCH_BCMBCA) += bcm963158.dtb
+dtb-$(CONFIG_ARCH_BCMBCA) += bcm94912.dtb \
+ bcm963158.dtb
diff --git a/arch/arm64/boot/dts/broadcom/bcmbca/bcm4912.dtsi b/arch/arm64/boot/dts/broadcom/bcmbca/bcm4912.dtsi
new file mode 100644
index 0000000000000..3d016c2ce6759
--- /dev/null
+++ b/arch/arm64/boot/dts/broadcom/bcmbca/bcm4912.dtsi
@@ -0,0 +1,128 @@
+// SPDX-License-Identifier: (GPL-2.0+ OR MIT)
+/*
+ * Copyright 2022 Broadcom Ltd.
+ */
+
+#include <dt-bindings/interrupt-controller/irq.h>
+#include <dt-bindings/interrupt-controller/arm-gic.h>
+
+/ {
+ compatible = "brcm,bcm4912", "brcm,bcmbca";
+ #address-cells = <2>;
+ #size-cells = <2>;
+
+ interrupt-parent = <&gic>;
+
+ cpus {
+ #address-cells = <2>;
+ #size-cells = <0>;
+
+ B53_0: cpu@0 {
+ compatible = "brcm,brahma-b53";
+ device_type = "cpu";
+ reg = <0x0 0x0>;
+ next-level-cache = <&L2_0>;
+ enable-method = "psci";
+ };
+
+ B53_1: cpu@1 {
+ compatible = "brcm,brahma-b53";
+ device_type = "cpu";
+ reg = <0x0 0x1>;
+ next-level-cache = <&L2_0>;
+ enable-method = "psci";
+ };
+
+ B53_2: cpu@2 {
+ compatible = "brcm,brahma-b53";
+ device_type = "cpu";
+ reg = <0x0 0x2>;
+ next-level-cache = <&L2_0>;
+ enable-method = "psci";
+ };
+
+ B53_3: cpu@3 {
+ compatible = "brcm,brahma-b53";
+ device_type = "cpu";
+ reg = <0x0 0x3>;
+ next-level-cache = <&L2_0>;
+ enable-method = "psci";
+ };
+
+ L2_0: l2-cache0 {
+ compatible = "cache";
+ };
+ };
+
+ timer {
+ compatible = "arm,armv8-timer";
+ interrupts = <GIC_PPI 13 (GIC_CPU_MASK_SIMPLE(4) | IRQ_TYPE_LEVEL_LOW)>,
+ <GIC_PPI 14 (GIC_CPU_MASK_SIMPLE(4) | IRQ_TYPE_LEVEL_LOW)>,
+ <GIC_PPI 11 (GIC_CPU_MASK_SIMPLE(4) | IRQ_TYPE_LEVEL_LOW)>,
+ <GIC_PPI 10 (GIC_CPU_MASK_SIMPLE(4) | IRQ_TYPE_LEVEL_LOW)>;
+ };
+
+ pmu: pmu {
+ compatible = "arm,cortex-a53-pmu";
+ interrupts = <GIC_SPI 7 IRQ_TYPE_LEVEL_HIGH>,
+ <GIC_SPI 8 IRQ_TYPE_LEVEL_HIGH>,
+ <GIC_SPI 9 IRQ_TYPE_LEVEL_HIGH>,
+ <GIC_SPI 10 IRQ_TYPE_LEVEL_HIGH>;
+ interrupt-affinity = <&B53_0>, <&B53_1>,
+ <&B53_2>, <&B53_3>;
+ };
+
+ clocks: clocks {
+ periph_clk: periph-clk {
+ compatible = "fixed-clock";
+ #clock-cells = <0>;
+ clock-frequency = <200000000>;
+ };
+ uart_clk: uart-clk {
+ compatible = "fixed-factor-clock";
+ #clock-cells = <0>;
+ clocks = <&periph_clk>;
+ clock-div = <4>;
+ clock-mult = <1>;
+ };
+ };
+
+ psci {
+ compatible = "arm,psci-0.2";
+ method = "smc";
+ };
+
+ axi@81000000 {
+ compatible = "simple-bus";
+ #address-cells = <1>;
+ #size-cells = <1>;
+ ranges = <0x0 0x0 0x81000000 0x8000>;
+
+ gic: interrupt-controller@1000 {
+ compatible = "arm,gic-400";
+ #interrupt-cells = <3>;
+ interrupt-controller;
+ interrupts = <GIC_PPI 9 (GIC_CPU_MASK_SIMPLE(4) | IRQ_TYPE_LEVEL_HIGH)>;
+ reg = <0x1000 0x1000>,
+ <0x2000 0x2000>,
+ <0x4000 0x2000>,
+ <0x6000 0x2000>;
+ };
+ };
+
+ bus@ff800000 {
+ compatible = "simple-bus";
+ #address-cells = <1>;
+ #size-cells = <1>;
+ ranges = <0x0 0x0 0xff800000 0x800000>;
+
+ uart0: serial@12000 {
+ compatible = "arm,pl011", "arm,primecell";
+ reg = <0x12000 0x1000>;
+ interrupts = <GIC_SPI 32 IRQ_TYPE_LEVEL_HIGH>;
+ clocks = <&uart_clk>, <&uart_clk>;
+ clock-names = "uartclk", "apb_pclk";
+ status = "disabled";
+ };
+ };
+};
diff --git a/arch/arm64/boot/dts/broadcom/bcmbca/bcm94912.dts b/arch/arm64/boot/dts/broadcom/bcmbca/bcm94912.dts
new file mode 100644
index 0000000000000..a3623e6f6919c
--- /dev/null
+++ b/arch/arm64/boot/dts/broadcom/bcmbca/bcm94912.dts
@@ -0,0 +1,30 @@
+// SPDX-License-Identifier: (GPL-2.0+ OR MIT)
+/*
+ * Copyright 2022 Broadcom Ltd.
+ */
+
+/dts-v1/;
+
+#include "bcm4912.dtsi"
+
+/ {
+ model = "Broadcom BCM94912 Reference Board";
+ compatible = "brcm,bcm94912", "brcm,bcm4912", "brcm,bcmbca";
+
+ aliases {
+ serial0 = &uart0;
+ };
+
+ chosen {
+ stdout-path = "serial0:115200n8";
+ };
+
+ memory@0 {
+ device_type = "memory";
+ reg = <0x0 0x0 0x0 0x08000000>;
+ };
+};
+
+&uart0 {
+ status = "okay";
+};
--
2.39.2
^ permalink raw reply related [flat|nested] 391+ messages in thread
* [PATCH 5.15 089/371] ARM64: dts: Add DTS files for bcmbca SoC BCM6858
2023-05-08 9:43 [PATCH 5.15 000/371] 5.15.111-rc1 review Greg Kroah-Hartman
` (87 preceding siblings ...)
2023-05-08 9:44 ` [PATCH 5.15 088/371] arm64: dts: Add DTS files for bcmbca SoC BCM4912 Greg Kroah-Hartman
@ 2023-05-08 9:44 ` Greg Kroah-Hartman
2023-05-08 9:44 ` [PATCH 5.15 090/371] arm64: dts: Add base DTS file for bcmbca device Asus GT-AX6000 Greg Kroah-Hartman
` (285 subsequent siblings)
374 siblings, 0 replies; 391+ messages in thread
From: Greg Kroah-Hartman @ 2023-05-08 9:44 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Anand Gore, Florian Fainelli, Sasha Levin
From: Anand Gore <anand.gore@broadcom.com>
[ Upstream commit e663e06bd3f21e64bc2163910f626af68add6308 ]
Add DTS for ARMv8 based broadband SoC BCM6858. bcm6858.dtsi is the SoC
description DTS header and bcm96858.dts is a simple DTS file for
Broadcom BCM96858 Reference board that only enables the UART port.
Signed-off-by: Anand Gore <anand.gore@broadcom.com>
Signed-off-by: Florian Fainelli <f.fainelli@gmail.com>
Stable-dep-of: 5cca02449490 ("arm64: dts: broadcom: bcmbca: bcm4908: fix NAND interrupt name")
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/arm64/boot/dts/broadcom/bcmbca/Makefile | 3 +-
.../boot/dts/broadcom/bcmbca/bcm6858.dtsi | 121 ++++++++++++++++++
.../boot/dts/broadcom/bcmbca/bcm96858.dts | 30 +++++
3 files changed, 153 insertions(+), 1 deletion(-)
create mode 100644 arch/arm64/boot/dts/broadcom/bcmbca/bcm6858.dtsi
create mode 100644 arch/arm64/boot/dts/broadcom/bcmbca/bcm96858.dts
diff --git a/arch/arm64/boot/dts/broadcom/bcmbca/Makefile b/arch/arm64/boot/dts/broadcom/bcmbca/Makefile
index b6e520e9f2f21..4161d557b1329 100644
--- a/arch/arm64/boot/dts/broadcom/bcmbca/Makefile
+++ b/arch/arm64/boot/dts/broadcom/bcmbca/Makefile
@@ -1,3 +1,4 @@
# SPDX-License-Identifier: GPL-2.0
dtb-$(CONFIG_ARCH_BCMBCA) += bcm94912.dtb \
- bcm963158.dtb
+ bcm963158.dtb \
+ bcm96858.dtb
diff --git a/arch/arm64/boot/dts/broadcom/bcmbca/bcm6858.dtsi b/arch/arm64/boot/dts/broadcom/bcmbca/bcm6858.dtsi
new file mode 100644
index 0000000000000..29a880c6c8588
--- /dev/null
+++ b/arch/arm64/boot/dts/broadcom/bcmbca/bcm6858.dtsi
@@ -0,0 +1,121 @@
+// SPDX-License-Identifier: (GPL-2.0+ OR MIT)
+/*
+ * Copyright 2022 Broadcom Ltd.
+ */
+
+#include <dt-bindings/interrupt-controller/irq.h>
+#include <dt-bindings/interrupt-controller/arm-gic.h>
+
+/ {
+ compatible = "brcm,bcm6858", "brcm,bcmbca";
+ #address-cells = <2>;
+ #size-cells = <2>;
+
+ interrupt-parent = <&gic>;
+
+ cpus {
+ #address-cells = <2>;
+ #size-cells = <0>;
+
+ B53_0: cpu@0 {
+ compatible = "brcm,brahma-b53";
+ device_type = "cpu";
+ reg = <0x0 0x0>;
+ next-level-cache = <&L2_0>;
+ enable-method = "psci";
+ };
+
+ B53_1: cpu@1 {
+ compatible = "brcm,brahma-b53";
+ device_type = "cpu";
+ reg = <0x0 0x1>;
+ next-level-cache = <&L2_0>;
+ enable-method = "psci";
+ };
+
+ B53_2: cpu@2 {
+ compatible = "brcm,brahma-b53";
+ device_type = "cpu";
+ reg = <0x0 0x2>;
+ next-level-cache = <&L2_0>;
+ enable-method = "psci";
+ };
+
+ B53_3: cpu@3 {
+ compatible = "brcm,brahma-b53";
+ device_type = "cpu";
+ reg = <0x0 0x3>;
+ next-level-cache = <&L2_0>;
+ enable-method = "psci";
+ };
+ L2_0: l2-cache0 {
+ compatible = "cache";
+ };
+ };
+
+ timer {
+ compatible = "arm,armv8-timer";
+ interrupts = <GIC_PPI 13 (GIC_CPU_MASK_SIMPLE(4) | IRQ_TYPE_LEVEL_LOW)>,
+ <GIC_PPI 14 (GIC_CPU_MASK_SIMPLE(4) | IRQ_TYPE_LEVEL_LOW)>,
+ <GIC_PPI 11 (GIC_CPU_MASK_SIMPLE(4) | IRQ_TYPE_LEVEL_LOW)>,
+ <GIC_PPI 10 (GIC_CPU_MASK_SIMPLE(4) | IRQ_TYPE_LEVEL_LOW)>;
+ };
+
+ pmu: pmu {
+ compatible = "arm,armv8-pmuv3";
+ interrupts = <GIC_SPI 9 IRQ_TYPE_LEVEL_HIGH>,
+ <GIC_SPI 10 IRQ_TYPE_LEVEL_HIGH>,
+ <GIC_SPI 11 IRQ_TYPE_LEVEL_HIGH>,
+ <GIC_SPI 12 IRQ_TYPE_LEVEL_HIGH>;
+ interrupt-affinity = <&B53_0>, <&B53_1>,
+ <&B53_2>, <&B53_3>;
+ };
+
+ clocks: clocks {
+ periph_clk:periph-clk {
+ compatible = "fixed-clock";
+ #clock-cells = <0>;
+ clock-frequency = <200000000>;
+ };
+ };
+
+ psci {
+ compatible = "arm,psci-0.2";
+ method = "smc";
+ };
+
+ axi@81000000 {
+ compatible = "simple-bus";
+ #address-cells = <1>;
+ #size-cells = <1>;
+ ranges = <0x0 0x0 0x81000000 0x8000>;
+
+ gic: interrupt-controller@1000 {
+ compatible = "arm,gic-400";
+ #interrupt-cells = <3>;
+ interrupt-controller;
+ reg = <0x1000 0x1000>, /* GICD */
+ <0x2000 0x2000>, /* GICC */
+ <0x4000 0x2000>, /* GICH */
+ <0x6000 0x2000>; /* GICV */
+ interrupts = <GIC_PPI 9 (GIC_CPU_MASK_SIMPLE(4) |
+ IRQ_TYPE_LEVEL_HIGH)>;
+ };
+ };
+
+ bus@ff800000 {
+ compatible = "simple-bus";
+ #address-cells = <1>;
+ #size-cells = <1>;
+ ranges = <0x0 0x0 0xff800000 0x62000>;
+
+ uart0: serial@640 {
+ compatible = "brcm,bcm6345-uart";
+ reg = <0x640 0x18>;
+ interrupts = <GIC_SPI 32 IRQ_TYPE_LEVEL_HIGH>;
+ clocks = <&periph_clk>;
+ clock-names = "refclk";
+ status = "disabled";
+ };
+ };
+};
diff --git a/arch/arm64/boot/dts/broadcom/bcmbca/bcm96858.dts b/arch/arm64/boot/dts/broadcom/bcmbca/bcm96858.dts
new file mode 100644
index 0000000000000..0cbf582f5d545
--- /dev/null
+++ b/arch/arm64/boot/dts/broadcom/bcmbca/bcm96858.dts
@@ -0,0 +1,30 @@
+// SPDX-License-Identifier: (GPL-2.0+ OR MIT)
+/*
+ * Copyright 2022 Broadcom Ltd.
+ */
+
+/dts-v1/;
+
+#include "bcm6858.dtsi"
+
+/ {
+ model = "Broadcom BCM96858 Reference Board";
+ compatible = "brcm,bcm96858", "brcm,bcm6858", "brcm,bcmbca";
+
+ aliases {
+ serial0 = &uart0;
+ };
+
+ chosen {
+ stdout-path = "serial0:115200n8";
+ };
+
+ memory@0 {
+ device_type = "memory";
+ reg = <0x0 0x0 0x0 0x08000000>;
+ };
+};
+
+&uart0 {
+ status = "okay";
+};
--
2.39.2
^ permalink raw reply related [flat|nested] 391+ messages in thread
* [PATCH 5.15 090/371] arm64: dts: Add base DTS file for bcmbca device Asus GT-AX6000
2023-05-08 9:43 [PATCH 5.15 000/371] 5.15.111-rc1 review Greg Kroah-Hartman
` (88 preceding siblings ...)
2023-05-08 9:44 ` [PATCH 5.15 089/371] ARM64: dts: Add DTS files for bcmbca SoC BCM6858 Greg Kroah-Hartman
@ 2023-05-08 9:44 ` Greg Kroah-Hartman
2023-05-08 9:44 ` [PATCH 5.15 091/371] arm64: dts: Move BCM4908 dts to bcmbca folder Greg Kroah-Hartman
` (284 subsequent siblings)
374 siblings, 0 replies; 391+ messages in thread
From: Greg Kroah-Hartman @ 2023-05-08 9:44 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Rafał Miłecki,
William Zhang, Florian Fainelli, Sasha Levin
From: Rafał Miłecki <rafal@milecki.pl>
[ Upstream commit f3f575c4bef95384e68de552c7b29938fd0d9201 ]
It's a home router with 1 GiB of RAM, 6 Ethernet ports, 2 USB ports.
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
Acked-by: William Zhang <william.zhang@broadcom.com>
Link: https://lore.kernel.org/r/20220713200351.28526-2-zajec5@gmail.com
Signed-off-by: Florian Fainelli <f.fainelli@gmail.com>
Stable-dep-of: 5cca02449490 ("arm64: dts: broadcom: bcmbca: bcm4908: fix NAND interrupt name")
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/arm64/boot/dts/broadcom/bcmbca/Makefile | 4 +++-
.../bcmbca/bcm4912-asus-gt-ax6000.dts | 19 +++++++++++++++++++
2 files changed, 22 insertions(+), 1 deletion(-)
create mode 100644 arch/arm64/boot/dts/broadcom/bcmbca/bcm4912-asus-gt-ax6000.dts
diff --git a/arch/arm64/boot/dts/broadcom/bcmbca/Makefile b/arch/arm64/boot/dts/broadcom/bcmbca/Makefile
index 4161d557b1329..fd60418478696 100644
--- a/arch/arm64/boot/dts/broadcom/bcmbca/Makefile
+++ b/arch/arm64/boot/dts/broadcom/bcmbca/Makefile
@@ -1,4 +1,6 @@
# SPDX-License-Identifier: GPL-2.0
-dtb-$(CONFIG_ARCH_BCMBCA) += bcm94912.dtb \
+dtb-$(CONFIG_ARCH_BCMBCA) += \
+ bcm4912-asus-gt-ax6000.dtb \
+ bcm94912.dtb \
bcm963158.dtb \
bcm96858.dtb
diff --git a/arch/arm64/boot/dts/broadcom/bcmbca/bcm4912-asus-gt-ax6000.dts b/arch/arm64/boot/dts/broadcom/bcmbca/bcm4912-asus-gt-ax6000.dts
new file mode 100644
index 0000000000000..ed554666e95ea
--- /dev/null
+++ b/arch/arm64/boot/dts/broadcom/bcmbca/bcm4912-asus-gt-ax6000.dts
@@ -0,0 +1,19 @@
+// SPDX-License-Identifier: GPL-2.0-or-later OR MIT
+
+/dts-v1/;
+
+#include "bcm4912.dtsi"
+
+/ {
+ compatible = "asus,gt-ax6000", "brcm,bcm4912", "brcm,bcmbca";
+ model = "Asus GT-AX6000";
+
+ memory@0 {
+ device_type = "memory";
+ reg = <0x00 0x00 0x00 0x40000000>;
+ };
+};
+
+&uart0 {
+ status = "okay";
+};
--
2.39.2
^ permalink raw reply related [flat|nested] 391+ messages in thread
* [PATCH 5.15 091/371] arm64: dts: Move BCM4908 dts to bcmbca folder
2023-05-08 9:43 [PATCH 5.15 000/371] 5.15.111-rc1 review Greg Kroah-Hartman
` (89 preceding siblings ...)
2023-05-08 9:44 ` [PATCH 5.15 090/371] arm64: dts: Add base DTS file for bcmbca device Asus GT-AX6000 Greg Kroah-Hartman
@ 2023-05-08 9:44 ` Greg Kroah-Hartman
2023-05-08 9:44 ` [PATCH 5.15 092/371] arm64: dts: broadcom: bcmbca: bcm4908: fix NAND interrupt name Greg Kroah-Hartman
` (283 subsequent siblings)
374 siblings, 0 replies; 391+ messages in thread
From: Greg Kroah-Hartman @ 2023-05-08 9:44 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, William Zhang, Florian Fainelli,
Sasha Levin
From: William Zhang <william.zhang@broadcom.com>
[ Upstream commit ded8f22945899f4e87dd6d952bbc4abce6e64b7e ]
As part of ARCH_BCM4908 to ARCH_BCMBCA migration, move the BCM4908 dts
files to bcmbca folder and use CONFIG_ARCH_BCMBCA to build all the
BCM4908 board dts. Delete bcm4908 folder and its makefile as well.
Signed-off-by: William Zhang <william.zhang@broadcom.com>
Link: https://lore.kernel.org/r/20220803175455.47638-5-william.zhang@broadcom.com
Signed-off-by: Florian Fainelli <f.fainelli@gmail.com>
Stable-dep-of: 5cca02449490 ("arm64: dts: broadcom: bcmbca: bcm4908: fix NAND interrupt name")
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/arm64/boot/dts/broadcom/Makefile | 1 -
arch/arm64/boot/dts/broadcom/bcm4908/Makefile | 5 -----
arch/arm64/boot/dts/broadcom/bcmbca/Makefile | 4 ++++
.../broadcom/{bcm4908 => bcmbca}/bcm4906-netgear-r8000p.dts | 0
.../{bcm4908 => bcmbca}/bcm4906-tplink-archer-c2300-v1.dts | 0
.../arm64/boot/dts/broadcom/{bcm4908 => bcmbca}/bcm4906.dtsi | 0
.../broadcom/{bcm4908 => bcmbca}/bcm4908-asus-gt-ac5300.dts | 0
.../broadcom/{bcm4908 => bcmbca}/bcm4908-netgear-raxe500.dts | 0
.../arm64/boot/dts/broadcom/{bcm4908 => bcmbca}/bcm4908.dtsi | 0
9 files changed, 4 insertions(+), 6 deletions(-)
delete mode 100644 arch/arm64/boot/dts/broadcom/bcm4908/Makefile
rename arch/arm64/boot/dts/broadcom/{bcm4908 => bcmbca}/bcm4906-netgear-r8000p.dts (100%)
rename arch/arm64/boot/dts/broadcom/{bcm4908 => bcmbca}/bcm4906-tplink-archer-c2300-v1.dts (100%)
rename arch/arm64/boot/dts/broadcom/{bcm4908 => bcmbca}/bcm4906.dtsi (100%)
rename arch/arm64/boot/dts/broadcom/{bcm4908 => bcmbca}/bcm4908-asus-gt-ac5300.dts (100%)
rename arch/arm64/boot/dts/broadcom/{bcm4908 => bcmbca}/bcm4908-netgear-raxe500.dts (100%)
rename arch/arm64/boot/dts/broadcom/{bcm4908 => bcmbca}/bcm4908.dtsi (100%)
diff --git a/arch/arm64/boot/dts/broadcom/Makefile b/arch/arm64/boot/dts/broadcom/Makefile
index 9a0ea4b97ef23..bce0a12554539 100644
--- a/arch/arm64/boot/dts/broadcom/Makefile
+++ b/arch/arm64/boot/dts/broadcom/Makefile
@@ -6,7 +6,6 @@ dtb-$(CONFIG_ARCH_BCM2835) += bcm2711-rpi-400.dtb \
bcm2837-rpi-3-b-plus.dtb \
bcm2837-rpi-cm3-io3.dtb
-subdir-y += bcm4908
subdir-y += bcmbca
subdir-y += northstar2
subdir-y += stingray
diff --git a/arch/arm64/boot/dts/broadcom/bcm4908/Makefile b/arch/arm64/boot/dts/broadcom/bcm4908/Makefile
deleted file mode 100644
index 6e364e304d4fd..0000000000000
--- a/arch/arm64/boot/dts/broadcom/bcm4908/Makefile
+++ /dev/null
@@ -1,5 +0,0 @@
-# SPDX-License-Identifier: GPL-2.0
-dtb-$(CONFIG_ARCH_BCM4908) += bcm4906-netgear-r8000p.dtb
-dtb-$(CONFIG_ARCH_BCM4908) += bcm4906-tplink-archer-c2300-v1.dtb
-dtb-$(CONFIG_ARCH_BCM4908) += bcm4908-asus-gt-ac5300.dtb
-dtb-$(CONFIG_ARCH_BCM4908) += bcm4908-netgear-raxe500.dtb
diff --git a/arch/arm64/boot/dts/broadcom/bcmbca/Makefile b/arch/arm64/boot/dts/broadcom/bcmbca/Makefile
index fd60418478696..dc68357849a9b 100644
--- a/arch/arm64/boot/dts/broadcom/bcmbca/Makefile
+++ b/arch/arm64/boot/dts/broadcom/bcmbca/Makefile
@@ -1,5 +1,9 @@
# SPDX-License-Identifier: GPL-2.0
dtb-$(CONFIG_ARCH_BCMBCA) += \
+ bcm4906-netgear-r8000p.dtb \
+ bcm4906-tplink-archer-c2300-v1.dtb \
+ bcm4908-asus-gt-ac5300.dtb \
+ bcm4908-netgear-raxe500.dtb \
bcm4912-asus-gt-ax6000.dtb \
bcm94912.dtb \
bcm963158.dtb \
diff --git a/arch/arm64/boot/dts/broadcom/bcm4908/bcm4906-netgear-r8000p.dts b/arch/arm64/boot/dts/broadcom/bcmbca/bcm4906-netgear-r8000p.dts
similarity index 100%
rename from arch/arm64/boot/dts/broadcom/bcm4908/bcm4906-netgear-r8000p.dts
rename to arch/arm64/boot/dts/broadcom/bcmbca/bcm4906-netgear-r8000p.dts
diff --git a/arch/arm64/boot/dts/broadcom/bcm4908/bcm4906-tplink-archer-c2300-v1.dts b/arch/arm64/boot/dts/broadcom/bcmbca/bcm4906-tplink-archer-c2300-v1.dts
similarity index 100%
rename from arch/arm64/boot/dts/broadcom/bcm4908/bcm4906-tplink-archer-c2300-v1.dts
rename to arch/arm64/boot/dts/broadcom/bcmbca/bcm4906-tplink-archer-c2300-v1.dts
diff --git a/arch/arm64/boot/dts/broadcom/bcm4908/bcm4906.dtsi b/arch/arm64/boot/dts/broadcom/bcmbca/bcm4906.dtsi
similarity index 100%
rename from arch/arm64/boot/dts/broadcom/bcm4908/bcm4906.dtsi
rename to arch/arm64/boot/dts/broadcom/bcmbca/bcm4906.dtsi
diff --git a/arch/arm64/boot/dts/broadcom/bcm4908/bcm4908-asus-gt-ac5300.dts b/arch/arm64/boot/dts/broadcom/bcmbca/bcm4908-asus-gt-ac5300.dts
similarity index 100%
rename from arch/arm64/boot/dts/broadcom/bcm4908/bcm4908-asus-gt-ac5300.dts
rename to arch/arm64/boot/dts/broadcom/bcmbca/bcm4908-asus-gt-ac5300.dts
diff --git a/arch/arm64/boot/dts/broadcom/bcm4908/bcm4908-netgear-raxe500.dts b/arch/arm64/boot/dts/broadcom/bcmbca/bcm4908-netgear-raxe500.dts
similarity index 100%
rename from arch/arm64/boot/dts/broadcom/bcm4908/bcm4908-netgear-raxe500.dts
rename to arch/arm64/boot/dts/broadcom/bcmbca/bcm4908-netgear-raxe500.dts
diff --git a/arch/arm64/boot/dts/broadcom/bcm4908/bcm4908.dtsi b/arch/arm64/boot/dts/broadcom/bcmbca/bcm4908.dtsi
similarity index 100%
rename from arch/arm64/boot/dts/broadcom/bcm4908/bcm4908.dtsi
rename to arch/arm64/boot/dts/broadcom/bcmbca/bcm4908.dtsi
--
2.39.2
^ permalink raw reply related [flat|nested] 391+ messages in thread
* [PATCH 5.15 092/371] arm64: dts: broadcom: bcmbca: bcm4908: fix NAND interrupt name
2023-05-08 9:43 [PATCH 5.15 000/371] 5.15.111-rc1 review Greg Kroah-Hartman
` (90 preceding siblings ...)
2023-05-08 9:44 ` [PATCH 5.15 091/371] arm64: dts: Move BCM4908 dts to bcmbca folder Greg Kroah-Hartman
@ 2023-05-08 9:44 ` Greg Kroah-Hartman
2023-05-08 9:44 ` [PATCH 5.15 093/371] arm64: dts: broadcom: bcmbca: bcm4908: fix procmon nodename Greg Kroah-Hartman
` (282 subsequent siblings)
374 siblings, 0 replies; 391+ messages in thread
From: Greg Kroah-Hartman @ 2023-05-08 9:44 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Rafał Miłecki,
Florian Fainelli, Sasha Levin
From: Rafał Miłecki <rafal@milecki.pl>
[ Upstream commit 5cca02449490e767289bda38db1577e2c375c084 ]
This fixes:
arch/arm64/boot/dts/broadcom/bcmbca/bcm94908.dtb: nand-controller@1800: interrupt-names:0: 'nand_ctlrdy' was expected
From schema: Documentation/devicetree/bindings/mtd/brcm,brcmnand.yaml
arch/arm64/boot/dts/broadcom/bcmbca/bcm94908.dtb: nand-controller@1800: Unevaluated properties are not allowed ('interrupt-names' was unexpected)
From schema: Documentation/devicetree/bindings/mtd/brcm,brcmnand.yaml
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
Link: https://lore.kernel.org/all/20230228144400.21689-1-zajec5@gmail.com/
Signed-off-by: Florian Fainelli <f.fainelli@gmail.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/arm64/boot/dts/broadcom/bcmbca/bcm4908.dtsi | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/arch/arm64/boot/dts/broadcom/bcmbca/bcm4908.dtsi b/arch/arm64/boot/dts/broadcom/bcmbca/bcm4908.dtsi
index e510a6961cf95..03e27bcc44464 100644
--- a/arch/arm64/boot/dts/broadcom/bcmbca/bcm4908.dtsi
+++ b/arch/arm64/boot/dts/broadcom/bcmbca/bcm4908.dtsi
@@ -305,7 +305,7 @@
reg = <0x1800 0x600>, <0x2000 0x10>;
reg-names = "nand", "nand-int-base";
interrupts = <GIC_SPI 37 IRQ_TYPE_LEVEL_HIGH>;
- interrupt-names = "nand";
+ interrupt-names = "nand_ctlrdy";
status = "okay";
nandcs: nand@0 {
--
2.39.2
^ permalink raw reply related [flat|nested] 391+ messages in thread
* [PATCH 5.15 093/371] arm64: dts: broadcom: bcmbca: bcm4908: fix procmon nodename
2023-05-08 9:43 [PATCH 5.15 000/371] 5.15.111-rc1 review Greg Kroah-Hartman
` (91 preceding siblings ...)
2023-05-08 9:44 ` [PATCH 5.15 092/371] arm64: dts: broadcom: bcmbca: bcm4908: fix NAND interrupt name Greg Kroah-Hartman
@ 2023-05-08 9:44 ` Greg Kroah-Hartman
2023-05-08 9:44 ` [PATCH 5.15 094/371] arm64: dts: qcom: msm8998: Fix stm-stimulus-base reg name Greg Kroah-Hartman
` (281 subsequent siblings)
374 siblings, 0 replies; 391+ messages in thread
From: Greg Kroah-Hartman @ 2023-05-08 9:44 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Rafał Miłecki,
Florian Fainelli, Sasha Levin
From: Rafał Miłecki <rafal@milecki.pl>
[ Upstream commit f16a8294dd7a02c7ad042cd2e3acc5ea06698dc1 ]
This fixes:
arch/arm64/boot/dts/broadcom/bcmbca/bcm94908.dtb: syscon@280000: $nodename:0: 'syscon@280000' does not match '^([a-z][a-z0-9\\-]+-bus|bus|localbus|soc|axi|ahb|apb)(@.+)?$'
From schema: schemas/simple-bus.yaml
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
Link: https://lore.kernel.org/all/20230228144400.21689-3-zajec5@gmail.com/
Signed-off-by: Florian Fainelli <f.fainelli@gmail.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/arm64/boot/dts/broadcom/bcmbca/bcm4908.dtsi | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/arch/arm64/boot/dts/broadcom/bcmbca/bcm4908.dtsi b/arch/arm64/boot/dts/broadcom/bcmbca/bcm4908.dtsi
index 03e27bcc44464..b7db95ce0bbf2 100644
--- a/arch/arm64/boot/dts/broadcom/bcmbca/bcm4908.dtsi
+++ b/arch/arm64/boot/dts/broadcom/bcmbca/bcm4908.dtsi
@@ -253,7 +253,7 @@
};
};
- procmon: syscon@280000 {
+ procmon: bus@280000 {
compatible = "simple-bus";
reg = <0x280000 0x1000>;
ranges;
--
2.39.2
^ permalink raw reply related [flat|nested] 391+ messages in thread
* [PATCH 5.15 094/371] arm64: dts: qcom: msm8998: Fix stm-stimulus-base reg name
2023-05-08 9:43 [PATCH 5.15 000/371] 5.15.111-rc1 review Greg Kroah-Hartman
` (92 preceding siblings ...)
2023-05-08 9:44 ` [PATCH 5.15 093/371] arm64: dts: broadcom: bcmbca: bcm4908: fix procmon nodename Greg Kroah-Hartman
@ 2023-05-08 9:44 ` Greg Kroah-Hartman
2023-05-08 9:44 ` [PATCH 5.15 095/371] arm64: dts: qcom: sdm845: correct dynamic power coefficients Greg Kroah-Hartman
` (280 subsequent siblings)
374 siblings, 0 replies; 391+ messages in thread
From: Greg Kroah-Hartman @ 2023-05-08 9:44 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Konrad Dybcio, Bjorn Andersson, Sasha Levin
From: Konrad Dybcio <konrad.dybcio@linaro.org>
[ Upstream commit b5d08f08377218b1d2ab4026e427a7788b271c8e ]
The name stm-data-base comes from ancient (msm-3.10 or older)
downstream kernels. Upstream uses stm-stimulus-base instead. Fix it.
Fixes: 783abfa2249a ("arm64: dts: qcom: msm8998: Add Coresight support")
Signed-off-by: Konrad Dybcio <konrad.dybcio@linaro.org>
Signed-off-by: Bjorn Andersson <andersson@kernel.org>
Link: https://lore.kernel.org/r/20230213210331.2106877-1-konrad.dybcio@linaro.org
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/arm64/boot/dts/qcom/msm8998.dtsi | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/arch/arm64/boot/dts/qcom/msm8998.dtsi b/arch/arm64/boot/dts/qcom/msm8998.dtsi
index 5350b911f4f6c..5ddf9fa904aba 100644
--- a/arch/arm64/boot/dts/qcom/msm8998.dtsi
+++ b/arch/arm64/boot/dts/qcom/msm8998.dtsi
@@ -1473,7 +1473,7 @@
compatible = "arm,coresight-stm", "arm,primecell";
reg = <0x06002000 0x1000>,
<0x16280000 0x180000>;
- reg-names = "stm-base", "stm-data-base";
+ reg-names = "stm-base", "stm-stimulus-base";
status = "disabled";
clocks = <&rpmcc RPM_SMD_QDSS_CLK>, <&rpmcc RPM_SMD_QDSS_A_CLK>;
--
2.39.2
^ permalink raw reply related [flat|nested] 391+ messages in thread
* [PATCH 5.15 095/371] arm64: dts: qcom: sdm845: correct dynamic power coefficients
2023-05-08 9:43 [PATCH 5.15 000/371] 5.15.111-rc1 review Greg Kroah-Hartman
` (93 preceding siblings ...)
2023-05-08 9:44 ` [PATCH 5.15 094/371] arm64: dts: qcom: msm8998: Fix stm-stimulus-base reg name Greg Kroah-Hartman
@ 2023-05-08 9:44 ` Greg Kroah-Hartman
2023-05-08 9:44 ` [PATCH 5.15 096/371] arm64: dts: qcom: sdm845: Fix the PCI I/O port range Greg Kroah-Hartman
` (279 subsequent siblings)
374 siblings, 0 replies; 391+ messages in thread
From: Greg Kroah-Hartman @ 2023-05-08 9:44 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Danny Lin, Dmitry Baryshkov,
Bjorn Andersson, Sasha Levin
From: Dmitry Baryshkov <dmitry.baryshkov@linaro.org>
[ Upstream commit 0e0a8e35d72533b3eef3365e900baacd7cede8e2 ]
Following sm8150/sm8250 update sdm845 capacity-dmips-mhz and
dynamic-power-coefficient based on the measurements [1], [2].
The energy model dynamic-power-coefficient values were calculated with
DPC = µW / MHz / V^2
for each OPP, and averaged across all OPPs within each cluster for the
final coefficient. Voltages were obtained from the qcom-cpufreq-hw
driver that reads voltages from the OSM LUT programmed into the SoC.
Normalized DMIPS/MHz capacity scale values for each CPU were calculated
from CoreMarks/MHz (CoreMark iterations per second per MHz), which
serves the same purpose. For each CPU, the final capacity-dmips-mhz
value is the C/MHz value of its maximum frequency normalized to
SCHED_CAPACITY_SCALE (1024) for the fastest CPU in the system.
For more details on measurement process see the commit message for the
commit 6aabed5526ee ("arm64: dts: qcom: sm8250: Add CPU capacities and
energy model").
[1] https://github.com/kdrag0n/freqbench
[2] https://github.com/kdrag0n/freqbench/tree/master/results/sdm845/main
Cc: Danny Lin <danny@kdrag0n.dev>
Signed-off-by: Dmitry Baryshkov <dmitry.baryshkov@linaro.org>
Signed-off-by: Bjorn Andersson <bjorn.andersson@linaro.org>
Link: https://lore.kernel.org/r/20220315141104.730235-1-dmitry.baryshkov@linaro.org
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/arm64/boot/dts/qcom/sdm845.dtsi | 24 ++++++++++++------------
1 file changed, 12 insertions(+), 12 deletions(-)
diff --git a/arch/arm64/boot/dts/qcom/sdm845.dtsi b/arch/arm64/boot/dts/qcom/sdm845.dtsi
index ed293f635f145..26849cece1eb9 100644
--- a/arch/arm64/boot/dts/qcom/sdm845.dtsi
+++ b/arch/arm64/boot/dts/qcom/sdm845.dtsi
@@ -196,8 +196,8 @@
cpu-idle-states = <&LITTLE_CPU_SLEEP_0
&LITTLE_CPU_SLEEP_1
&CLUSTER_SLEEP_0>;
- capacity-dmips-mhz = <607>;
- dynamic-power-coefficient = <100>;
+ capacity-dmips-mhz = <611>;
+ dynamic-power-coefficient = <290>;
qcom,freq-domain = <&cpufreq_hw 0>;
operating-points-v2 = <&cpu0_opp_table>;
interconnects = <&gladiator_noc MASTER_APPSS_PROC 3 &mem_noc SLAVE_EBI1 3>,
@@ -221,8 +221,8 @@
cpu-idle-states = <&LITTLE_CPU_SLEEP_0
&LITTLE_CPU_SLEEP_1
&CLUSTER_SLEEP_0>;
- capacity-dmips-mhz = <607>;
- dynamic-power-coefficient = <100>;
+ capacity-dmips-mhz = <611>;
+ dynamic-power-coefficient = <290>;
qcom,freq-domain = <&cpufreq_hw 0>;
operating-points-v2 = <&cpu0_opp_table>;
interconnects = <&gladiator_noc MASTER_APPSS_PROC 3 &mem_noc SLAVE_EBI1 3>,
@@ -243,8 +243,8 @@
cpu-idle-states = <&LITTLE_CPU_SLEEP_0
&LITTLE_CPU_SLEEP_1
&CLUSTER_SLEEP_0>;
- capacity-dmips-mhz = <607>;
- dynamic-power-coefficient = <100>;
+ capacity-dmips-mhz = <611>;
+ dynamic-power-coefficient = <290>;
qcom,freq-domain = <&cpufreq_hw 0>;
operating-points-v2 = <&cpu0_opp_table>;
interconnects = <&gladiator_noc MASTER_APPSS_PROC 3 &mem_noc SLAVE_EBI1 3>,
@@ -265,8 +265,8 @@
cpu-idle-states = <&LITTLE_CPU_SLEEP_0
&LITTLE_CPU_SLEEP_1
&CLUSTER_SLEEP_0>;
- capacity-dmips-mhz = <607>;
- dynamic-power-coefficient = <100>;
+ capacity-dmips-mhz = <611>;
+ dynamic-power-coefficient = <290>;
qcom,freq-domain = <&cpufreq_hw 0>;
operating-points-v2 = <&cpu0_opp_table>;
interconnects = <&gladiator_noc MASTER_APPSS_PROC 3 &mem_noc SLAVE_EBI1 3>,
@@ -288,7 +288,7 @@
cpu-idle-states = <&BIG_CPU_SLEEP_0
&BIG_CPU_SLEEP_1
&CLUSTER_SLEEP_0>;
- dynamic-power-coefficient = <396>;
+ dynamic-power-coefficient = <442>;
qcom,freq-domain = <&cpufreq_hw 1>;
operating-points-v2 = <&cpu4_opp_table>;
interconnects = <&gladiator_noc MASTER_APPSS_PROC 3 &mem_noc SLAVE_EBI1 3>,
@@ -310,7 +310,7 @@
cpu-idle-states = <&BIG_CPU_SLEEP_0
&BIG_CPU_SLEEP_1
&CLUSTER_SLEEP_0>;
- dynamic-power-coefficient = <396>;
+ dynamic-power-coefficient = <442>;
qcom,freq-domain = <&cpufreq_hw 1>;
operating-points-v2 = <&cpu4_opp_table>;
interconnects = <&gladiator_noc MASTER_APPSS_PROC 3 &mem_noc SLAVE_EBI1 3>,
@@ -332,7 +332,7 @@
cpu-idle-states = <&BIG_CPU_SLEEP_0
&BIG_CPU_SLEEP_1
&CLUSTER_SLEEP_0>;
- dynamic-power-coefficient = <396>;
+ dynamic-power-coefficient = <442>;
qcom,freq-domain = <&cpufreq_hw 1>;
operating-points-v2 = <&cpu4_opp_table>;
interconnects = <&gladiator_noc MASTER_APPSS_PROC 3 &mem_noc SLAVE_EBI1 3>,
@@ -354,7 +354,7 @@
cpu-idle-states = <&BIG_CPU_SLEEP_0
&BIG_CPU_SLEEP_1
&CLUSTER_SLEEP_0>;
- dynamic-power-coefficient = <396>;
+ dynamic-power-coefficient = <442>;
qcom,freq-domain = <&cpufreq_hw 1>;
operating-points-v2 = <&cpu4_opp_table>;
interconnects = <&gladiator_noc MASTER_APPSS_PROC 3 &mem_noc SLAVE_EBI1 3>,
--
2.39.2
^ permalink raw reply related [flat|nested] 391+ messages in thread
* [PATCH 5.15 096/371] arm64: dts: qcom: sdm845: Fix the PCI I/O port range
2023-05-08 9:43 [PATCH 5.15 000/371] 5.15.111-rc1 review Greg Kroah-Hartman
` (94 preceding siblings ...)
2023-05-08 9:44 ` [PATCH 5.15 095/371] arm64: dts: qcom: sdm845: correct dynamic power coefficients Greg Kroah-Hartman
@ 2023-05-08 9:44 ` Greg Kroah-Hartman
2023-05-08 9:44 ` [PATCH 5.15 097/371] arm64: dts: qcom: msm8998: " Greg Kroah-Hartman
` (278 subsequent siblings)
374 siblings, 0 replies; 391+ messages in thread
From: Greg Kroah-Hartman @ 2023-05-08 9:44 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Arnd Bergmann,
Manivannan Sadhasivam, Bjorn Andersson, Sasha Levin
From: Manivannan Sadhasivam <manivannan.sadhasivam@linaro.org>
[ Upstream commit 67aa109eee654c76dcc100554e637fa64d5aa099 ]
For 1MiB of the I/O region, the I/O ports of the legacy PCI devices are
located in the range of 0x0 to 0x100000. Hence, fix the bogus PCI addresses
(0x60200000, 0x40200000) specified in the ranges property for I/O region.
While at it, let's use the missing 0x prefix for the addresses.
Fixes: 42ad231338c1 ("arm64: dts: qcom: sdm845: Add second PCIe PHY and controller")
Fixes: 5c538e09cb19 ("arm64: dts: qcom: sdm845: Add first PCIe controller and PHY")
Reported-by: Arnd Bergmann <arnd@arndb.de>
Link: https://lore.kernel.org/linux-arm-msm/7c5dfa87-41df-4ba7-b0e4-72c8386402a8@app.fastmail.com/
Signed-off-by: Manivannan Sadhasivam <manivannan.sadhasivam@linaro.org>
Reviewed-by: Arnd Bergmann <arnd@arndb.de>
Signed-off-by: Bjorn Andersson <andersson@kernel.org>
Link: https://lore.kernel.org/r/20230228164752.55682-2-manivannan.sadhasivam@linaro.org
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/arm64/boot/dts/qcom/sdm845.dtsi | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/arch/arm64/boot/dts/qcom/sdm845.dtsi b/arch/arm64/boot/dts/qcom/sdm845.dtsi
index 26849cece1eb9..a5c6b1635ff6d 100644
--- a/arch/arm64/boot/dts/qcom/sdm845.dtsi
+++ b/arch/arm64/boot/dts/qcom/sdm845.dtsi
@@ -1988,8 +1988,8 @@
#address-cells = <3>;
#size-cells = <2>;
- ranges = <0x01000000 0x0 0x60200000 0 0x60200000 0x0 0x100000>,
- <0x02000000 0x0 0x60300000 0 0x60300000 0x0 0xd00000>;
+ ranges = <0x01000000 0x0 0x00000000 0x0 0x60200000 0x0 0x100000>,
+ <0x02000000 0x0 0x60300000 0x0 0x60300000 0x0 0xd00000>;
interrupts = <GIC_SPI 141 IRQ_TYPE_LEVEL_HIGH>;
interrupt-names = "msi";
@@ -2093,7 +2093,7 @@
#address-cells = <3>;
#size-cells = <2>;
- ranges = <0x01000000 0x0 0x40200000 0x0 0x40200000 0x0 0x100000>,
+ ranges = <0x01000000 0x0 0x00000000 0x0 0x40200000 0x0 0x100000>,
<0x02000000 0x0 0x40300000 0x0 0x40300000 0x0 0x1fd00000>;
interrupts = <GIC_SPI 307 IRQ_TYPE_EDGE_RISING>;
--
2.39.2
^ permalink raw reply related [flat|nested] 391+ messages in thread
* [PATCH 5.15 097/371] arm64: dts: qcom: msm8998: Fix the PCI I/O port range
2023-05-08 9:43 [PATCH 5.15 000/371] 5.15.111-rc1 review Greg Kroah-Hartman
` (95 preceding siblings ...)
2023-05-08 9:44 ` [PATCH 5.15 096/371] arm64: dts: qcom: sdm845: Fix the PCI I/O port range Greg Kroah-Hartman
@ 2023-05-08 9:44 ` Greg Kroah-Hartman
2023-05-08 9:44 ` [PATCH 5.15 098/371] arm64: dts: qcom: ipq8074: " Greg Kroah-Hartman
` (277 subsequent siblings)
374 siblings, 0 replies; 391+ messages in thread
From: Greg Kroah-Hartman @ 2023-05-08 9:44 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Arnd Bergmann,
Manivannan Sadhasivam, Bjorn Andersson, Sasha Levin
From: Manivannan Sadhasivam <manivannan.sadhasivam@linaro.org>
[ Upstream commit c30a27dcfe4545edbda1578b3a63ed6147519cdd ]
For 1MiB of the I/O region, the I/O ports of the legacy PCI devices are
located in the range of 0x0 to 0x100000. Hence, fix the bogus PCI address
(0x1b200000) specified in the ranges property for I/O region.
Fixes: b84dfd175c09 ("arm64: dts: qcom: msm8998: Add PCIe PHY and RC nodes")
Reported-by: Arnd Bergmann <arnd@arndb.de>
Link: https://lore.kernel.org/linux-arm-msm/7c5dfa87-41df-4ba7-b0e4-72c8386402a8@app.fastmail.com/
Signed-off-by: Manivannan Sadhasivam <manivannan.sadhasivam@linaro.org>
Reviewed-by: Arnd Bergmann <arnd@arndb.de>
Signed-off-by: Bjorn Andersson <andersson@kernel.org>
Link: https://lore.kernel.org/r/20230228164752.55682-3-manivannan.sadhasivam@linaro.org
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/arm64/boot/dts/qcom/msm8998.dtsi | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/arch/arm64/boot/dts/qcom/msm8998.dtsi b/arch/arm64/boot/dts/qcom/msm8998.dtsi
index 5ddf9fa904aba..b7d72b0d579e4 100644
--- a/arch/arm64/boot/dts/qcom/msm8998.dtsi
+++ b/arch/arm64/boot/dts/qcom/msm8998.dtsi
@@ -951,7 +951,7 @@
phy-names = "pciephy";
status = "disabled";
- ranges = <0x01000000 0x0 0x1b200000 0x1b200000 0x0 0x100000>,
+ ranges = <0x01000000 0x0 0x00000000 0x1b200000 0x0 0x100000>,
<0x02000000 0x0 0x1b300000 0x1b300000 0x0 0xd00000>;
#interrupt-cells = <1>;
--
2.39.2
^ permalink raw reply related [flat|nested] 391+ messages in thread
* [PATCH 5.15 098/371] arm64: dts: qcom: ipq8074: Fix the PCI I/O port range
2023-05-08 9:43 [PATCH 5.15 000/371] 5.15.111-rc1 review Greg Kroah-Hartman
` (96 preceding siblings ...)
2023-05-08 9:44 ` [PATCH 5.15 097/371] arm64: dts: qcom: msm8998: " Greg Kroah-Hartman
@ 2023-05-08 9:44 ` Greg Kroah-Hartman
2023-05-08 9:45 ` [PATCH 5.15 099/371] arm64: dts: qcom: ipq6018: " Greg Kroah-Hartman
` (276 subsequent siblings)
374 siblings, 0 replies; 391+ messages in thread
From: Greg Kroah-Hartman @ 2023-05-08 9:44 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Arnd Bergmann,
Manivannan Sadhasivam, Bjorn Andersson, Sasha Levin
From: Manivannan Sadhasivam <manivannan.sadhasivam@linaro.org>
[ Upstream commit e49eafefe5ab325e38dd074f2005076ffc271e54 ]
For 64KiB of the I/O region, the I/O ports of the legacy PCI devices are
located in the range of 0x0 to 0x10000. Hence, fix the bogus PCI addresses
(0x10200000, 0x20200000) specified in the ranges property for I/O region.
While at it, let's use the missing 0x prefix for the addresses and align
them in a single line.
Fixes: 33057e1672fe ("ARM: dts: ipq8074: Add pcie nodes")
Reported-by: Arnd Bergmann <arnd@arndb.de>
Link: https://lore.kernel.org/linux-arm-msm/7c5dfa87-41df-4ba7-b0e4-72c8386402a8@app.fastmail.com/
Signed-off-by: Manivannan Sadhasivam <manivannan.sadhasivam@linaro.org>
Reviewed-by: Arnd Bergmann <arnd@arndb.de>
Signed-off-by: Bjorn Andersson <andersson@kernel.org>
Link: https://lore.kernel.org/r/20230228164752.55682-6-manivannan.sadhasivam@linaro.org
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/arm64/boot/dts/qcom/ipq8074.dtsi | 12 ++++--------
1 file changed, 4 insertions(+), 8 deletions(-)
diff --git a/arch/arm64/boot/dts/qcom/ipq8074.dtsi b/arch/arm64/boot/dts/qcom/ipq8074.dtsi
index 68e82c755986c..17eeff106bab7 100644
--- a/arch/arm64/boot/dts/qcom/ipq8074.dtsi
+++ b/arch/arm64/boot/dts/qcom/ipq8074.dtsi
@@ -661,10 +661,8 @@
phys = <&pcie_phy1>;
phy-names = "pciephy";
- ranges = <0x81000000 0 0x10200000 0x10200000
- 0 0x10000>, /* downstream I/O */
- <0x82000000 0 0x10220000 0x10220000
- 0 0xfde0000>; /* non-prefetchable memory */
+ ranges = <0x81000000 0x0 0x00000000 0x10200000 0x0 0x10000>, /* I/O */
+ <0x82000000 0x0 0x10220000 0x10220000 0x0 0xfde0000>; /* MEM */
interrupts = <GIC_SPI 85 IRQ_TYPE_LEVEL_HIGH>;
interrupt-names = "msi";
@@ -725,10 +723,8 @@
phys = <&pcie_phy0>;
phy-names = "pciephy";
- ranges = <0x81000000 0 0x20200000 0x20200000
- 0 0x10000>, /* downstream I/O */
- <0x82000000 0 0x20220000 0x20220000
- 0 0xfde0000>; /* non-prefetchable memory */
+ ranges = <0x81000000 0x0 0x00000000 0x20200000 0x0 0x10000>, /* I/O */
+ <0x82000000 0x0 0x20220000 0x20220000 0x0 0xfde0000>; /* MEM */
interrupts = <GIC_SPI 52 IRQ_TYPE_LEVEL_HIGH>;
interrupt-names = "msi";
--
2.39.2
^ permalink raw reply related [flat|nested] 391+ messages in thread
* [PATCH 5.15 099/371] arm64: dts: qcom: ipq6018: Fix the PCI I/O port range
2023-05-08 9:43 [PATCH 5.15 000/371] 5.15.111-rc1 review Greg Kroah-Hartman
` (97 preceding siblings ...)
2023-05-08 9:44 ` [PATCH 5.15 098/371] arm64: dts: qcom: ipq8074: " Greg Kroah-Hartman
@ 2023-05-08 9:45 ` Greg Kroah-Hartman
2023-05-08 9:45 ` [PATCH 5.15 100/371] arm64: dts: qcom: msm8996: " Greg Kroah-Hartman
` (275 subsequent siblings)
374 siblings, 0 replies; 391+ messages in thread
From: Greg Kroah-Hartman @ 2023-05-08 9:45 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Arnd Bergmann,
Manivannan Sadhasivam, Bjorn Andersson, Sasha Levin
From: Manivannan Sadhasivam <manivannan.sadhasivam@linaro.org>
[ Upstream commit 75a6e1fdb351189f55097741e8460ca3f9b2883f ]
For 64KiB of the I/O region, the I/O ports of the legacy PCI devices are
located in the range of 0x0 to 0x10000. Hence, fix the bogus PCI address
(0x20200000) specified in the ranges property for I/O region.
While at it, let's use the missing 0x prefix for the addresses.
Fixes: 095bbdd9a5c3 ("arm64: dts: qcom: ipq6018: Add pcie support")
Reported-by: Arnd Bergmann <arnd@arndb.de>
Link: https://lore.kernel.org/linux-arm-msm/7c5dfa87-41df-4ba7-b0e4-72c8386402a8@app.fastmail.com/
Signed-off-by: Manivannan Sadhasivam <manivannan.sadhasivam@linaro.org>
Reviewed-by: Arnd Bergmann <arnd@arndb.de>
Signed-off-by: Bjorn Andersson <andersson@kernel.org>
Link: https://lore.kernel.org/r/20230228164752.55682-7-manivannan.sadhasivam@linaro.org
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/arm64/boot/dts/qcom/ipq6018.dtsi | 6 ++----
1 file changed, 2 insertions(+), 4 deletions(-)
--- a/arch/arm64/boot/dts/qcom/ipq6018.dtsi
+++ b/arch/arm64/boot/dts/qcom/ipq6018.dtsi
@@ -433,10 +433,8 @@
phys = <&pcie_phy0>;
phy-names = "pciephy";
- ranges = <0x81000000 0 0x20200000 0 0x20200000
- 0 0x10000>, /* downstream I/O */
- <0x82000000 0 0x20220000 0 0x20220000
- 0 0xfde0000>; /* non-prefetchable memory */
+ ranges = <0x81000000 0x0 0x00000000 0x0 0x20200000 0x0 0x10000>,
+ <0x82000000 0x0 0x20220000 0x0 0x20220000 0x0 0xfde0000>;
interrupts = <GIC_SPI 52 IRQ_TYPE_LEVEL_HIGH>;
interrupt-names = "msi";
^ permalink raw reply [flat|nested] 391+ messages in thread
* [PATCH 5.15 100/371] arm64: dts: qcom: msm8996: Fix the PCI I/O port range
2023-05-08 9:43 [PATCH 5.15 000/371] 5.15.111-rc1 review Greg Kroah-Hartman
` (98 preceding siblings ...)
2023-05-08 9:45 ` [PATCH 5.15 099/371] arm64: dts: qcom: ipq6018: " Greg Kroah-Hartman
@ 2023-05-08 9:45 ` Greg Kroah-Hartman
2023-05-08 9:45 ` [PATCH 5.15 101/371] arm64: dts: qcom: sm8250: " Greg Kroah-Hartman
` (274 subsequent siblings)
374 siblings, 0 replies; 391+ messages in thread
From: Greg Kroah-Hartman @ 2023-05-08 9:45 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Arnd Bergmann,
Manivannan Sadhasivam, Bjorn Andersson, Sasha Levin
From: Manivannan Sadhasivam <manivannan.sadhasivam@linaro.org>
[ Upstream commit cf0ac10feb17661987d0018eb9475dc03e2a2253 ]
For 1MiB of the I/O region, the I/O ports of the legacy PCI devices are
located in the range of 0x0 to 0x100000. Hence, fix the bogus PCI addresses
(0x0c200000, 0x0d200000, 0x0e200000) specified in the ranges property for
I/O region.
While at it, let's also align the entries.
Fixes: ed965ef89227 ("arm64: dts: qcom: msm8996: add support to pcie")
Reported-by: Arnd Bergmann <arnd@arndb.de>
Link: https://lore.kernel.org/linux-arm-msm/7c5dfa87-41df-4ba7-b0e4-72c8386402a8@app.fastmail.com/
Signed-off-by: Manivannan Sadhasivam <manivannan.sadhasivam@linaro.org>
Reviewed-by: Arnd Bergmann <arnd@arndb.de>
Signed-off-by: Bjorn Andersson <andersson@kernel.org>
Link: https://lore.kernel.org/r/20230228164752.55682-8-manivannan.sadhasivam@linaro.org
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/arm64/boot/dts/qcom/msm8996.dtsi | 12 ++++++------
1 file changed, 6 insertions(+), 6 deletions(-)
diff --git a/arch/arm64/boot/dts/qcom/msm8996.dtsi b/arch/arm64/boot/dts/qcom/msm8996.dtsi
index 40174220e8e28..b22d3c8db3b39 100644
--- a/arch/arm64/boot/dts/qcom/msm8996.dtsi
+++ b/arch/arm64/boot/dts/qcom/msm8996.dtsi
@@ -1555,8 +1555,8 @@
#address-cells = <3>;
#size-cells = <2>;
- ranges = <0x01000000 0x0 0x0c200000 0x0c200000 0x0 0x100000>,
- <0x02000000 0x0 0x0c300000 0x0c300000 0x0 0xd00000>;
+ ranges = <0x01000000 0x0 0x00000000 0x0c200000 0x0 0x100000>,
+ <0x02000000 0x0 0x0c300000 0x0c300000 0x0 0xd00000>;
device_type = "pci";
@@ -1609,8 +1609,8 @@
#address-cells = <3>;
#size-cells = <2>;
- ranges = <0x01000000 0x0 0x0d200000 0x0d200000 0x0 0x100000>,
- <0x02000000 0x0 0x0d300000 0x0d300000 0x0 0xd00000>;
+ ranges = <0x01000000 0x0 0x00000000 0x0d200000 0x0 0x100000>,
+ <0x02000000 0x0 0x0d300000 0x0d300000 0x0 0xd00000>;
device_type = "pci";
@@ -1660,8 +1660,8 @@
#address-cells = <3>;
#size-cells = <2>;
- ranges = <0x01000000 0x0 0x0e200000 0x0e200000 0x0 0x100000>,
- <0x02000000 0x0 0x0e300000 0x0e300000 0x0 0x1d00000>;
+ ranges = <0x01000000 0x0 0x00000000 0x0e200000 0x0 0x100000>,
+ <0x02000000 0x0 0x0e300000 0x0e300000 0x0 0x1d00000>;
device_type = "pci";
--
2.39.2
^ permalink raw reply related [flat|nested] 391+ messages in thread
* [PATCH 5.15 101/371] arm64: dts: qcom: sm8250: Fix the PCI I/O port range
2023-05-08 9:43 [PATCH 5.15 000/371] 5.15.111-rc1 review Greg Kroah-Hartman
` (99 preceding siblings ...)
2023-05-08 9:45 ` [PATCH 5.15 100/371] arm64: dts: qcom: msm8996: " Greg Kroah-Hartman
@ 2023-05-08 9:45 ` Greg Kroah-Hartman
2023-05-08 9:45 ` [PATCH 5.15 102/371] ARM: dts: qcom: ipq4019: " Greg Kroah-Hartman
` (273 subsequent siblings)
374 siblings, 0 replies; 391+ messages in thread
From: Greg Kroah-Hartman @ 2023-05-08 9:45 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Arnd Bergmann,
Manivannan Sadhasivam, Bjorn Andersson, Sasha Levin
From: Manivannan Sadhasivam <manivannan.sadhasivam@linaro.org>
[ Upstream commit e115a4495db687898b8d91d4f16c2cf55bbf167c ]
For 1MiB of the I/O region, the I/O ports of the legacy PCI devices are
located in the range of 0x0 to 0x100000. Hence, fix the bogus PCI addresses
(0x60200000, 0x40200000, 0x64200000) specified in the ranges property for
I/O region.
While at it, let's use the missing 0x prefix for the addresses.
Fixes: e53bdfc00977 ("arm64: dts: qcom: sm8250: Add PCIe support")
Reported-by: Arnd Bergmann <arnd@arndb.de>
Link: https://lore.kernel.org/linux-arm-msm/7c5dfa87-41df-4ba7-b0e4-72c8386402a8@app.fastmail.com/
Signed-off-by: Manivannan Sadhasivam <manivannan.sadhasivam@linaro.org>
Reviewed-by: Arnd Bergmann <arnd@arndb.de>
Signed-off-by: Bjorn Andersson <andersson@kernel.org>
Link: https://lore.kernel.org/r/20230228164752.55682-9-manivannan.sadhasivam@linaro.org
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/arm64/boot/dts/qcom/sm8250.dtsi | 8 ++++----
1 file changed, 4 insertions(+), 4 deletions(-)
diff --git a/arch/arm64/boot/dts/qcom/sm8250.dtsi b/arch/arm64/boot/dts/qcom/sm8250.dtsi
index 4e3b772a8bded..181e32b8a2728 100644
--- a/arch/arm64/boot/dts/qcom/sm8250.dtsi
+++ b/arch/arm64/boot/dts/qcom/sm8250.dtsi
@@ -1393,8 +1393,8 @@
#address-cells = <3>;
#size-cells = <2>;
- ranges = <0x01000000 0x0 0x60200000 0 0x60200000 0x0 0x100000>,
- <0x02000000 0x0 0x60300000 0 0x60300000 0x0 0x3d00000>;
+ ranges = <0x01000000 0x0 0x00000000 0x0 0x60200000 0x0 0x100000>,
+ <0x02000000 0x0 0x60300000 0x0 0x60300000 0x0 0x3d00000>;
interrupts = <GIC_SPI 141 IRQ_TYPE_LEVEL_HIGH>;
interrupt-names = "msi";
@@ -1494,7 +1494,7 @@
#address-cells = <3>;
#size-cells = <2>;
- ranges = <0x01000000 0x0 0x40200000 0x0 0x40200000 0x0 0x100000>,
+ ranges = <0x01000000 0x0 0x00000000 0x0 0x40200000 0x0 0x100000>,
<0x02000000 0x0 0x40300000 0x0 0x40300000 0x0 0x1fd00000>;
interrupts = <GIC_SPI 307 IRQ_TYPE_LEVEL_HIGH>;
@@ -1602,7 +1602,7 @@
#address-cells = <3>;
#size-cells = <2>;
- ranges = <0x01000000 0x0 0x64200000 0x0 0x64200000 0x0 0x100000>,
+ ranges = <0x01000000 0x0 0x00000000 0x0 0x64200000 0x0 0x100000>,
<0x02000000 0x0 0x64300000 0x0 0x64300000 0x0 0x3d00000>;
interrupts = <GIC_SPI 243 IRQ_TYPE_LEVEL_HIGH>;
--
2.39.2
^ permalink raw reply related [flat|nested] 391+ messages in thread
* [PATCH 5.15 102/371] ARM: dts: qcom: ipq4019: Fix the PCI I/O port range
2023-05-08 9:43 [PATCH 5.15 000/371] 5.15.111-rc1 review Greg Kroah-Hartman
` (100 preceding siblings ...)
2023-05-08 9:45 ` [PATCH 5.15 101/371] arm64: dts: qcom: sm8250: " Greg Kroah-Hartman
@ 2023-05-08 9:45 ` Greg Kroah-Hartman
2023-05-08 9:45 ` [PATCH 5.15 103/371] ARM: dts: qcom: ipq8064: reduce pci IO size to 64K Greg Kroah-Hartman
` (272 subsequent siblings)
374 siblings, 0 replies; 391+ messages in thread
From: Greg Kroah-Hartman @ 2023-05-08 9:45 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Arnd Bergmann,
Manivannan Sadhasivam, Bjorn Andersson, Sasha Levin
From: Manivannan Sadhasivam <manivannan.sadhasivam@linaro.org>
[ Upstream commit 2540279e9a9e74fc880d1e4c83754ecfcbe290a0 ]
For 1MiB of the I/O region, the I/O ports of the legacy PCI devices are
located in the range of 0x0 to 0x100000. Hence, fix the bogus PCI address
(0x40200000) specified in the ranges property for I/O region.
While at it, let's use the missing 0x prefix for the addresses.
Fixes: 187519403273 ("ARM: dts: ipq4019: Add a few peripheral nodes")
Reported-by: Arnd Bergmann <arnd@arndb.de>
Link: https://lore.kernel.org/linux-arm-msm/7c5dfa87-41df-4ba7-b0e4-72c8386402a8@app.fastmail.com/
Signed-off-by: Manivannan Sadhasivam <manivannan.sadhasivam@linaro.org>
Reviewed-by: Arnd Bergmann <arnd@arndb.de>
Signed-off-by: Bjorn Andersson <andersson@kernel.org>
Link: https://lore.kernel.org/r/20230228164752.55682-16-manivannan.sadhasivam@linaro.org
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/arm/boot/dts/qcom-ipq4019.dtsi | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/arch/arm/boot/dts/qcom-ipq4019.dtsi b/arch/arm/boot/dts/qcom-ipq4019.dtsi
index 08bc5f46649dd..9dcf308b3ad49 100644
--- a/arch/arm/boot/dts/qcom-ipq4019.dtsi
+++ b/arch/arm/boot/dts/qcom-ipq4019.dtsi
@@ -424,8 +424,8 @@
#address-cells = <3>;
#size-cells = <2>;
- ranges = <0x81000000 0 0x40200000 0x40200000 0 0x00100000>,
- <0x82000000 0 0x40300000 0x40300000 0 0x00d00000>;
+ ranges = <0x81000000 0x0 0x00000000 0x40200000 0x0 0x00100000>,
+ <0x82000000 0x0 0x40300000 0x40300000 0x0 0x00d00000>;
interrupts = <GIC_SPI 141 IRQ_TYPE_LEVEL_HIGH>;
interrupt-names = "msi";
--
2.39.2
^ permalink raw reply related [flat|nested] 391+ messages in thread
* [PATCH 5.15 103/371] ARM: dts: qcom: ipq8064: reduce pci IO size to 64K
2023-05-08 9:43 [PATCH 5.15 000/371] 5.15.111-rc1 review Greg Kroah-Hartman
` (101 preceding siblings ...)
2023-05-08 9:45 ` [PATCH 5.15 102/371] ARM: dts: qcom: ipq4019: " Greg Kroah-Hartman
@ 2023-05-08 9:45 ` Greg Kroah-Hartman
2023-05-08 9:45 ` [PATCH 5.15 104/371] ARM: dts: qcom: ipq8064: Fix the PCI I/O port range Greg Kroah-Hartman
` (271 subsequent siblings)
374 siblings, 0 replies; 391+ messages in thread
From: Greg Kroah-Hartman @ 2023-05-08 9:45 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Christian Marangi,
Jonathan McDowell, Bjorn Andersson, Sasha Levin
From: Christian Marangi <ansuelsmth@gmail.com>
[ Upstream commit 8fafb7e5c041814876266259e5e439f93571dcef ]
The current value for pci IO is problematic for ath10k wifi card
commonly connected to ipq8064 SoC.
The current value is probably a typo and is actually uncommon to find
1MB IO space even on a x86 arch. Also with recent changes to the pci
driver, pci1 and pci2 now fails to function as any connected device
fails any reg read/write. Reduce this to 64K as it should be more than
enough and 3 * 64K of total IO space doesn't exceed the IO_SPACE_LIMIT
hardcoded for the ARM arch.
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
Tested-by: Jonathan McDowell <noodles@earth.li>
Signed-off-by: Bjorn Andersson <bjorn.andersson@linaro.org>
Link: https://lore.kernel.org/r/20220707010943.20857-7-ansuelsmth@gmail.com
Stable-dep-of: 0b16b34e4916 ("ARM: dts: qcom: ipq8064: Fix the PCI I/O port range")
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/arm/boot/dts/qcom-ipq8064.dtsi | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/arch/arm/boot/dts/qcom-ipq8064.dtsi b/arch/arm/boot/dts/qcom-ipq8064.dtsi
index 4139d3817bd6f..8ec927f044c38 100644
--- a/arch/arm/boot/dts/qcom-ipq8064.dtsi
+++ b/arch/arm/boot/dts/qcom-ipq8064.dtsi
@@ -808,7 +808,7 @@
#address-cells = <3>;
#size-cells = <2>;
- ranges = <0x81000000 0 0x0fe00000 0x0fe00000 0 0x00100000 /* downstream I/O */
+ ranges = <0x81000000 0 0x0fe00000 0x0fe00000 0 0x00010000 /* downstream I/O */
0x82000000 0 0x08000000 0x08000000 0 0x07e00000>; /* non-prefetchable memory */
interrupts = <GIC_SPI 35 IRQ_TYPE_LEVEL_HIGH>;
@@ -859,7 +859,7 @@
#address-cells = <3>;
#size-cells = <2>;
- ranges = <0x81000000 0 0x31e00000 0x31e00000 0 0x00100000 /* downstream I/O */
+ ranges = <0x81000000 0 0x31e00000 0x31e00000 0 0x00010000 /* downstream I/O */
0x82000000 0 0x2e000000 0x2e000000 0 0x03e00000>; /* non-prefetchable memory */
interrupts = <GIC_SPI 57 IRQ_TYPE_LEVEL_HIGH>;
@@ -910,7 +910,7 @@
#address-cells = <3>;
#size-cells = <2>;
- ranges = <0x81000000 0 0x35e00000 0x35e00000 0 0x00100000 /* downstream I/O */
+ ranges = <0x81000000 0 0x35e00000 0x35e00000 0 0x00010000 /* downstream I/O */
0x82000000 0 0x32000000 0x32000000 0 0x03e00000>; /* non-prefetchable memory */
interrupts = <GIC_SPI 71 IRQ_TYPE_LEVEL_HIGH>;
--
2.39.2
^ permalink raw reply related [flat|nested] 391+ messages in thread
* [PATCH 5.15 104/371] ARM: dts: qcom: ipq8064: Fix the PCI I/O port range
2023-05-08 9:43 [PATCH 5.15 000/371] 5.15.111-rc1 review Greg Kroah-Hartman
` (102 preceding siblings ...)
2023-05-08 9:45 ` [PATCH 5.15 103/371] ARM: dts: qcom: ipq8064: reduce pci IO size to 64K Greg Kroah-Hartman
@ 2023-05-08 9:45 ` Greg Kroah-Hartman
2023-05-08 9:45 ` [PATCH 5.15 105/371] x86/MCE/AMD: Use an u64 for bank_map Greg Kroah-Hartman
` (270 subsequent siblings)
374 siblings, 0 replies; 391+ messages in thread
From: Greg Kroah-Hartman @ 2023-05-08 9:45 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Arnd Bergmann,
Manivannan Sadhasivam, Bjorn Andersson, Sasha Levin
From: Manivannan Sadhasivam <manivannan.sadhasivam@linaro.org>
[ Upstream commit 0b16b34e491629016109e56747ad64588074194b ]
For 64KiB of the I/O region, the I/O ports of the legacy PCI devices are
located in the range of 0x0 to 0x10000. Hence, fix the bogus PCI addresses
(0x0fe00000, 0x31e00000, 0x35e00000) specified in the ranges property for
I/O region.
While at it, let's use the missing 0x prefix for the addresses.
Fixes: 93241840b664 ("ARM: dts: qcom: Add pcie nodes for ipq8064")
Reported-by: Arnd Bergmann <arnd@arndb.de>
Link: https://lore.kernel.org/linux-arm-msm/7c5dfa87-41df-4ba7-b0e4-72c8386402a8@app.fastmail.com/
Signed-off-by: Manivannan Sadhasivam <manivannan.sadhasivam@linaro.org>
Reviewed-by: Arnd Bergmann <arnd@arndb.de>
Signed-off-by: Bjorn Andersson <andersson@kernel.org>
Link: https://lore.kernel.org/r/20230228164752.55682-17-manivannan.sadhasivam@linaro.org
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/arm/boot/dts/qcom-ipq8064.dtsi | 12 ++++++------
1 file changed, 6 insertions(+), 6 deletions(-)
diff --git a/arch/arm/boot/dts/qcom-ipq8064.dtsi b/arch/arm/boot/dts/qcom-ipq8064.dtsi
index 8ec927f044c38..f4139411c41ed 100644
--- a/arch/arm/boot/dts/qcom-ipq8064.dtsi
+++ b/arch/arm/boot/dts/qcom-ipq8064.dtsi
@@ -808,8 +808,8 @@
#address-cells = <3>;
#size-cells = <2>;
- ranges = <0x81000000 0 0x0fe00000 0x0fe00000 0 0x00010000 /* downstream I/O */
- 0x82000000 0 0x08000000 0x08000000 0 0x07e00000>; /* non-prefetchable memory */
+ ranges = <0x81000000 0x0 0x00000000 0x0fe00000 0x0 0x00010000 /* I/O */
+ 0x82000000 0x0 0x08000000 0x08000000 0x0 0x07e00000>; /* MEM */
interrupts = <GIC_SPI 35 IRQ_TYPE_LEVEL_HIGH>;
interrupt-names = "msi";
@@ -859,8 +859,8 @@
#address-cells = <3>;
#size-cells = <2>;
- ranges = <0x81000000 0 0x31e00000 0x31e00000 0 0x00010000 /* downstream I/O */
- 0x82000000 0 0x2e000000 0x2e000000 0 0x03e00000>; /* non-prefetchable memory */
+ ranges = <0x81000000 0x0 0x00000000 0x31e00000 0x0 0x00010000 /* I/O */
+ 0x82000000 0x0 0x2e000000 0x2e000000 0x0 0x03e00000>; /* MEM */
interrupts = <GIC_SPI 57 IRQ_TYPE_LEVEL_HIGH>;
interrupt-names = "msi";
@@ -910,8 +910,8 @@
#address-cells = <3>;
#size-cells = <2>;
- ranges = <0x81000000 0 0x35e00000 0x35e00000 0 0x00010000 /* downstream I/O */
- 0x82000000 0 0x32000000 0x32000000 0 0x03e00000>; /* non-prefetchable memory */
+ ranges = <0x81000000 0x0 0x00000000 0x35e00000 0x0 0x00010000 /* I/O */
+ 0x82000000 0x0 0x32000000 0x32000000 0x0 0x03e00000>; /* MEM */
interrupts = <GIC_SPI 71 IRQ_TYPE_LEVEL_HIGH>;
interrupt-names = "msi";
--
2.39.2
^ permalink raw reply related [flat|nested] 391+ messages in thread
* [PATCH 5.15 105/371] x86/MCE/AMD: Use an u64 for bank_map
2023-05-08 9:43 [PATCH 5.15 000/371] 5.15.111-rc1 review Greg Kroah-Hartman
` (103 preceding siblings ...)
2023-05-08 9:45 ` [PATCH 5.15 104/371] ARM: dts: qcom: ipq8064: Fix the PCI I/O port range Greg Kroah-Hartman
@ 2023-05-08 9:45 ` Greg Kroah-Hartman
2023-05-08 9:45 ` [PATCH 5.15 106/371] media: bdisp: Add missing check for create_workqueue Greg Kroah-Hartman
` (269 subsequent siblings)
374 siblings, 0 replies; 391+ messages in thread
From: Greg Kroah-Hartman @ 2023-05-08 9:45 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Muralidhara M K,
Borislav Petkov (AMD),
Sasha Levin
From: Muralidhara M K <muralimk@amd.com>
[ Upstream commit 4c1cdec319b9aadb65737c3eb1f5cb74bd6aa156 ]
Thee maximum number of MCA banks is 64 (MAX_NR_BANKS), see
a0bc32b3cacf ("x86/mce: Increase maximum number of banks to 64").
However, the bank_map which contains a bitfield of which banks to
initialize is of type unsigned int and that overflows when those bit
numbers are >= 32, leading to UBSAN complaining correctly:
UBSAN: shift-out-of-bounds in arch/x86/kernel/cpu/mce/amd.c:1365:38
shift exponent 32 is too large for 32-bit type 'int'
Change the bank_map to a u64 and use the proper BIT_ULL() macro when
modifying bits in there.
[ bp: Rewrite commit message. ]
Fixes: a0bc32b3cacf ("x86/mce: Increase maximum number of banks to 64")
Signed-off-by: Muralidhara M K <muralimk@amd.com>
Signed-off-by: Borislav Petkov (AMD) <bp@alien8.de>
Link: https://lore.kernel.org/r/20230127151601.1068324-1-muralimk@amd.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/x86/kernel/cpu/mce/amd.c | 14 +++++++-------
1 file changed, 7 insertions(+), 7 deletions(-)
diff --git a/arch/x86/kernel/cpu/mce/amd.c b/arch/x86/kernel/cpu/mce/amd.c
index 6469d3135d268..d4e75be64a4c5 100644
--- a/arch/x86/kernel/cpu/mce/amd.c
+++ b/arch/x86/kernel/cpu/mce/amd.c
@@ -210,10 +210,10 @@ static DEFINE_PER_CPU(struct threshold_bank **, threshold_banks);
* A list of the banks enabled on each logical CPU. Controls which respective
* descriptors to initialize later in mce_threshold_create_device().
*/
-static DEFINE_PER_CPU(unsigned int, bank_map);
+static DEFINE_PER_CPU(u64, bank_map);
/* Map of banks that have more than MCA_MISC0 available. */
-static DEFINE_PER_CPU(u32, smca_misc_banks_map);
+static DEFINE_PER_CPU(u64, smca_misc_banks_map);
static void amd_threshold_interrupt(void);
static void amd_deferred_error_interrupt(void);
@@ -242,7 +242,7 @@ static void smca_set_misc_banks_map(unsigned int bank, unsigned int cpu)
return;
if (low & MASK_BLKPTR_LO)
- per_cpu(smca_misc_banks_map, cpu) |= BIT(bank);
+ per_cpu(smca_misc_banks_map, cpu) |= BIT_ULL(bank);
}
@@ -505,7 +505,7 @@ static u32 smca_get_block_address(unsigned int bank, unsigned int block,
if (!block)
return MSR_AMD64_SMCA_MCx_MISC(bank);
- if (!(per_cpu(smca_misc_banks_map, cpu) & BIT(bank)))
+ if (!(per_cpu(smca_misc_banks_map, cpu) & BIT_ULL(bank)))
return 0;
return MSR_AMD64_SMCA_MCx_MISCy(bank, block - 1);
@@ -549,7 +549,7 @@ prepare_threshold_block(unsigned int bank, unsigned int block, u32 addr,
int new;
if (!block)
- per_cpu(bank_map, cpu) |= (1 << bank);
+ per_cpu(bank_map, cpu) |= BIT_ULL(bank);
memset(&b, 0, sizeof(b));
b.cpu = cpu;
@@ -1061,7 +1061,7 @@ static void amd_threshold_interrupt(void)
return;
for (bank = 0; bank < this_cpu_read(mce_num_banks); ++bank) {
- if (!(per_cpu(bank_map, cpu) & (1 << bank)))
+ if (!(per_cpu(bank_map, cpu) & BIT_ULL(bank)))
continue;
first_block = bp[bank]->blocks;
@@ -1538,7 +1538,7 @@ int mce_threshold_create_device(unsigned int cpu)
return -ENOMEM;
for (bank = 0; bank < numbanks; ++bank) {
- if (!(this_cpu_read(bank_map) & (1 << bank)))
+ if (!(this_cpu_read(bank_map) & BIT_ULL(bank)))
continue;
err = threshold_create_bank(bp, cpu, bank);
if (err) {
--
2.39.2
^ permalink raw reply related [flat|nested] 391+ messages in thread
* [PATCH 5.15 106/371] media: bdisp: Add missing check for create_workqueue
2023-05-08 9:43 [PATCH 5.15 000/371] 5.15.111-rc1 review Greg Kroah-Hartman
` (104 preceding siblings ...)
2023-05-08 9:45 ` [PATCH 5.15 105/371] x86/MCE/AMD: Use an u64 for bank_map Greg Kroah-Hartman
@ 2023-05-08 9:45 ` Greg Kroah-Hartman
2023-05-08 9:45 ` [PATCH 5.15 107/371] media: av7110: prevent underflow in write_ts_to_decoder() Greg Kroah-Hartman
` (268 subsequent siblings)
374 siblings, 0 replies; 391+ messages in thread
From: Greg Kroah-Hartman @ 2023-05-08 9:45 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Jiasheng Jiang, Hans Verkuil,
Mauro Carvalho Chehab, Sasha Levin
From: Jiasheng Jiang <jiasheng@iscas.ac.cn>
[ Upstream commit 2371adeab717d8fe32144a84f3491a03c5838cfb ]
Add the check for the return value of the create_workqueue
in order to avoid NULL pointer dereference.
Fixes: 28ffeebbb7bd ("[media] bdisp: 2D blitter driver using v4l2 mem2mem framework")
Signed-off-by: Jiasheng Jiang <jiasheng@iscas.ac.cn>
Signed-off-by: Hans Verkuil <hverkuil-cisco@xs4all.nl>
Signed-off-by: Mauro Carvalho Chehab <mchehab@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/media/platform/sti/bdisp/bdisp-v4l2.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/drivers/media/platform/sti/bdisp/bdisp-v4l2.c b/drivers/media/platform/sti/bdisp/bdisp-v4l2.c
index 6413cd2791251..19a0f12483dba 100644
--- a/drivers/media/platform/sti/bdisp/bdisp-v4l2.c
+++ b/drivers/media/platform/sti/bdisp/bdisp-v4l2.c
@@ -1310,6 +1310,8 @@ static int bdisp_probe(struct platform_device *pdev)
init_waitqueue_head(&bdisp->irq_queue);
INIT_DELAYED_WORK(&bdisp->timeout_work, bdisp_irq_timeout);
bdisp->work_queue = create_workqueue(BDISP_NAME);
+ if (!bdisp->work_queue)
+ return -ENOMEM;
spin_lock_init(&bdisp->slock);
mutex_init(&bdisp->lock);
--
2.39.2
^ permalink raw reply related [flat|nested] 391+ messages in thread
* [PATCH 5.15 107/371] media: av7110: prevent underflow in write_ts_to_decoder()
2023-05-08 9:43 [PATCH 5.15 000/371] 5.15.111-rc1 review Greg Kroah-Hartman
` (105 preceding siblings ...)
2023-05-08 9:45 ` [PATCH 5.15 106/371] media: bdisp: Add missing check for create_workqueue Greg Kroah-Hartman
@ 2023-05-08 9:45 ` Greg Kroah-Hartman
2023-05-08 9:45 ` [PATCH 5.15 108/371] firmware: qcom_scm: Clear download bit during reboot Greg Kroah-Hartman
` (267 subsequent siblings)
374 siblings, 0 replies; 391+ messages in thread
From: Greg Kroah-Hartman @ 2023-05-08 9:45 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Dan Carpenter, Hans Verkuil,
Mauro Carvalho Chehab, Sasha Levin
From: Dan Carpenter <error27@gmail.com>
[ Upstream commit eed9496a0501357aa326ddd6b71408189ed872eb ]
The buf[4] value comes from the user via ts_play(). It is a value in
the u8 range. The final length we pass to av7110_ipack_instant_repack()
is "len - (buf[4] + 1) - 4" so add a check to ensure that the length is
not negative. It's not clear that passing a negative len value does
anything bad necessarily, but it's not best practice.
With the new bounds checking the "if (!len)" condition is no longer
possible or required so remove that.
Fixes: fd46d16d602a ("V4L/DVB (11759): dvb-ttpci: Add TS replay capability")
Signed-off-by: Dan Carpenter <error27@gmail.com>
Signed-off-by: Hans Verkuil <hverkuil-cisco@xs4all.nl>
Signed-off-by: Mauro Carvalho Chehab <mchehab@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/staging/media/av7110/av7110_av.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/drivers/staging/media/av7110/av7110_av.c b/drivers/staging/media/av7110/av7110_av.c
index 91f4866c7e59b..964092e2f41fd 100644
--- a/drivers/staging/media/av7110/av7110_av.c
+++ b/drivers/staging/media/av7110/av7110_av.c
@@ -823,10 +823,10 @@ static int write_ts_to_decoder(struct av7110 *av7110, int type, const u8 *buf, s
av7110_ipack_flush(ipack);
if (buf[3] & ADAPT_FIELD) {
+ if (buf[4] > len - 1 - 4)
+ return 0;
len -= buf[4] + 1;
buf += buf[4] + 1;
- if (!len)
- return 0;
}
av7110_ipack_instant_repack(buf + 4, len - 4, ipack);
--
2.39.2
^ permalink raw reply related [flat|nested] 391+ messages in thread
* [PATCH 5.15 108/371] firmware: qcom_scm: Clear download bit during reboot
2023-05-08 9:43 [PATCH 5.15 000/371] 5.15.111-rc1 review Greg Kroah-Hartman
` (106 preceding siblings ...)
2023-05-08 9:45 ` [PATCH 5.15 107/371] media: av7110: prevent underflow in write_ts_to_decoder() Greg Kroah-Hartman
@ 2023-05-08 9:45 ` Greg Kroah-Hartman
2023-05-08 9:45 ` [PATCH 5.15 109/371] drm/bridge: adv7533: Fix adv7533_mode_valid for adv7533 and adv7535 Greg Kroah-Hartman
` (266 subsequent siblings)
374 siblings, 0 replies; 391+ messages in thread
From: Greg Kroah-Hartman @ 2023-05-08 9:45 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Mukesh Ojha, Bjorn Andersson, Sasha Levin
From: Mukesh Ojha <quic_mojha@quicinc.com>
[ Upstream commit 781d32d1c9709fd25655c4e3e3e15370ae4ae4db ]
During normal restart of a system download bit should
be cleared irrespective of whether download mode is
set or not.
Fixes: 8c1b7dc9ba22 ("firmware: qcom: scm: Expose download-mode control")
Signed-off-by: Mukesh Ojha <quic_mojha@quicinc.com>
Signed-off-by: Bjorn Andersson <andersson@kernel.org>
Link: https://lore.kernel.org/r/1678979666-551-1-git-send-email-quic_mojha@quicinc.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/firmware/qcom_scm.c | 3 +--
1 file changed, 1 insertion(+), 2 deletions(-)
diff --git a/drivers/firmware/qcom_scm.c b/drivers/firmware/qcom_scm.c
index 2b5214d5c0daf..18e1a4b80401c 100644
--- a/drivers/firmware/qcom_scm.c
+++ b/drivers/firmware/qcom_scm.c
@@ -1320,8 +1320,7 @@ static int qcom_scm_probe(struct platform_device *pdev)
static void qcom_scm_shutdown(struct platform_device *pdev)
{
/* Clean shutdown, disable download mode to allow normal restart */
- if (download_mode)
- qcom_scm_set_download_mode(false);
+ qcom_scm_set_download_mode(false);
}
static const struct of_device_id qcom_scm_dt_match[] = {
--
2.39.2
^ permalink raw reply related [flat|nested] 391+ messages in thread
* [PATCH 5.15 109/371] drm/bridge: adv7533: Fix adv7533_mode_valid for adv7533 and adv7535
2023-05-08 9:43 [PATCH 5.15 000/371] 5.15.111-rc1 review Greg Kroah-Hartman
` (107 preceding siblings ...)
2023-05-08 9:45 ` [PATCH 5.15 108/371] firmware: qcom_scm: Clear download bit during reboot Greg Kroah-Hartman
@ 2023-05-08 9:45 ` Greg Kroah-Hartman
2023-05-08 9:45 ` [PATCH 5.15 110/371] media: max9286: Free control handler Greg Kroah-Hartman
` (265 subsequent siblings)
374 siblings, 0 replies; 391+ messages in thread
From: Greg Kroah-Hartman @ 2023-05-08 9:45 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Robert Foss, Adam Ford, Sasha Levin
From: Adam Ford <aford173@gmail.com>
[ Upstream commit ee0285e13455fdbce5de315bdbe91b5f198a2a06 ]
When dynamically switching lanes was removed, the intent of the code
was to check to make sure that higher speed items used 4 lanes, but
it had the unintended consequence of removing the slower speeds for
4-lane users.
This attempts to remedy this by doing a check to see that the
max frequency doesn't exceed the chip limit, and a second
check to make sure that the max bit-rate doesn't exceed the
number of lanes * max bit rate / lane.
Fixes: 9a0cdcd6649b ("drm/bridge: adv7533: remove dynamic lane switching from adv7533 bridge")
Reviewed-by: Robert Foss <rfoss@kernel.org>
Signed-off-by: Adam Ford <aford173@gmail.com>
Signed-off-by: Robert Foss <rfoss@kernel.org>
Link: https://patchwork.freedesktop.org/patch/msgid/20230319125524.58803-1-aford173@gmail.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/gpu/drm/bridge/adv7511/adv7533.c | 25 +++++++++++-------------
1 file changed, 11 insertions(+), 14 deletions(-)
diff --git a/drivers/gpu/drm/bridge/adv7511/adv7533.c b/drivers/gpu/drm/bridge/adv7511/adv7533.c
index 7eda12f338a1d..babc0be0bbb56 100644
--- a/drivers/gpu/drm/bridge/adv7511/adv7533.c
+++ b/drivers/gpu/drm/bridge/adv7511/adv7533.c
@@ -103,22 +103,19 @@ void adv7533_dsi_power_off(struct adv7511 *adv)
enum drm_mode_status adv7533_mode_valid(struct adv7511 *adv,
const struct drm_display_mode *mode)
{
- int lanes;
+ unsigned long max_lane_freq;
struct mipi_dsi_device *dsi = adv->dsi;
+ u8 bpp = mipi_dsi_pixel_format_to_bpp(dsi->format);
- if (mode->clock > 80000)
- lanes = 4;
- else
- lanes = 3;
-
- /*
- * TODO: add support for dynamic switching of lanes
- * by using the bridge pre_enable() op . Till then filter
- * out the modes which shall need different number of lanes
- * than what was configured in the device tree.
- */
- if (lanes != dsi->lanes)
- return MODE_BAD;
+ /* Check max clock for either 7533 or 7535 */
+ if (mode->clock > (adv->type == ADV7533 ? 80000 : 148500))
+ return MODE_CLOCK_HIGH;
+
+ /* Check max clock for each lane */
+ max_lane_freq = (adv->type == ADV7533 ? 800000 : 891000);
+
+ if (mode->clock * bpp > max_lane_freq * adv->num_dsi_lanes)
+ return MODE_CLOCK_HIGH;
return MODE_OK;
}
--
2.39.2
^ permalink raw reply related [flat|nested] 391+ messages in thread
* [PATCH 5.15 110/371] media: max9286: Free control handler
2023-05-08 9:43 [PATCH 5.15 000/371] 5.15.111-rc1 review Greg Kroah-Hartman
` (108 preceding siblings ...)
2023-05-08 9:45 ` [PATCH 5.15 109/371] drm/bridge: adv7533: Fix adv7533_mode_valid for adv7533 and adv7535 Greg Kroah-Hartman
@ 2023-05-08 9:45 ` Greg Kroah-Hartman
2023-05-08 9:45 ` [PATCH 5.15 111/371] drm/msm/adreno: Defer enabling runpm until hw_init() Greg Kroah-Hartman
` (264 subsequent siblings)
374 siblings, 0 replies; 391+ messages in thread
From: Greg Kroah-Hartman @ 2023-05-08 9:45 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Laurent Pinchart,
Niklas Söderlund, Jacopo Mondi, Sakari Ailus,
Mauro Carvalho Chehab, Sasha Levin
From: Laurent Pinchart <laurent.pinchart@ideasonboard.com>
[ Upstream commit bfce6a12e5ba1edde95126aa06778027f16115d4 ]
The control handler is leaked in some probe-time error paths, as well as
in the remove path. Fix it.
Fixes: 66d8c9d2422d ("media: i2c: Add MAX9286 driver")
Signed-off-by: Laurent Pinchart <laurent.pinchart@ideasonboard.com>
Reviewed-by: Niklas Söderlund <niklas.soderlund+renesas@ragnatech.se>
Reviewed-by: Jacopo Mondi <jacopo.mondi@ideasonboard.com>
Signed-off-by: Sakari Ailus <sakari.ailus@linux.intel.com>
Signed-off-by: Mauro Carvalho Chehab <mchehab@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/media/i2c/max9286.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/drivers/media/i2c/max9286.c b/drivers/media/i2c/max9286.c
index b9513e93ac617..404a03f48b976 100644
--- a/drivers/media/i2c/max9286.c
+++ b/drivers/media/i2c/max9286.c
@@ -937,6 +937,7 @@ static int max9286_v4l2_register(struct max9286_priv *priv)
static void max9286_v4l2_unregister(struct max9286_priv *priv)
{
fwnode_handle_put(priv->sd.fwnode);
+ v4l2_ctrl_handler_free(&priv->ctrls);
v4l2_async_unregister_subdev(&priv->sd);
max9286_v4l2_notifier_unregister(priv);
}
--
2.39.2
^ permalink raw reply related [flat|nested] 391+ messages in thread
* [PATCH 5.15 111/371] drm/msm/adreno: Defer enabling runpm until hw_init()
2023-05-08 9:43 [PATCH 5.15 000/371] 5.15.111-rc1 review Greg Kroah-Hartman
` (109 preceding siblings ...)
2023-05-08 9:45 ` [PATCH 5.15 110/371] media: max9286: Free control handler Greg Kroah-Hartman
@ 2023-05-08 9:45 ` Greg Kroah-Hartman
2023-05-08 9:45 ` [PATCH 5.15 112/371] drm/msm/adreno: drop bogus pm_runtime_set_active() Greg Kroah-Hartman
` (263 subsequent siblings)
374 siblings, 0 replies; 391+ messages in thread
From: Greg Kroah-Hartman @ 2023-05-08 9:45 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Rob Clark, Sasha Levin
From: Rob Clark <robdclark@chromium.org>
[ Upstream commit 4b18299b33655fa9672b774b6df774dc03d6aee8 ]
To avoid preventing the display from coming up before the rootfs is
mounted, without resorting to packing fw in the initrd, the GPU has
this limbo state where the device is probed, but we aren't ready to
start sending commands to it. This is particularly problematic for
a6xx, since the GMU (which requires fw to be loaded) is the one that
is controlling the power/clk/icc votes.
So defer enabling runpm until we are ready to call gpu->hw_init(),
as that is a point where we know we have all the needed fw and are
ready to start sending commands to the coproc's.
Signed-off-by: Rob Clark <robdclark@chromium.org>
Patchwork: https://patchwork.freedesktop.org/patch/489337/
Link: https://lore.kernel.org/r/20220613182036.2567963-1-robdclark@gmail.com
Stable-dep-of: db7662d076c9 ("drm/msm/adreno: drop bogus pm_runtime_set_active()")
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/gpu/drm/msm/adreno/adreno_device.c | 6 ++++++
drivers/gpu/drm/msm/adreno/adreno_gpu.c | 1 -
2 files changed, 6 insertions(+), 1 deletion(-)
diff --git a/drivers/gpu/drm/msm/adreno/adreno_device.c b/drivers/gpu/drm/msm/adreno/adreno_device.c
index 2a6ce76656aa2..32207bc42b281 100644
--- a/drivers/gpu/drm/msm/adreno/adreno_device.c
+++ b/drivers/gpu/drm/msm/adreno/adreno_device.c
@@ -398,6 +398,12 @@ struct msm_gpu *adreno_load_gpu(struct drm_device *dev)
if (ret)
return NULL;
+ /*
+ * Now that we have firmware loaded, and are ready to begin
+ * booting the gpu, go ahead and enable runpm:
+ */
+ pm_runtime_enable(&pdev->dev);
+
/* Make sure pm runtime is active and reset any previous errors */
pm_runtime_set_active(&pdev->dev);
diff --git a/drivers/gpu/drm/msm/adreno/adreno_gpu.c b/drivers/gpu/drm/msm/adreno/adreno_gpu.c
index 3fa01938f4b29..47a260715a89c 100644
--- a/drivers/gpu/drm/msm/adreno/adreno_gpu.c
+++ b/drivers/gpu/drm/msm/adreno/adreno_gpu.c
@@ -943,7 +943,6 @@ int adreno_gpu_init(struct drm_device *drm, struct platform_device *pdev,
pm_runtime_set_autosuspend_delay(dev,
adreno_gpu->info->inactive_period);
pm_runtime_use_autosuspend(dev);
- pm_runtime_enable(dev);
return msm_gpu_init(drm, pdev, &adreno_gpu->base, &funcs->base,
adreno_gpu->info->name, &adreno_gpu_config);
--
2.39.2
^ permalink raw reply related [flat|nested] 391+ messages in thread
* [PATCH 5.15 112/371] drm/msm/adreno: drop bogus pm_runtime_set_active()
2023-05-08 9:43 [PATCH 5.15 000/371] 5.15.111-rc1 review Greg Kroah-Hartman
` (110 preceding siblings ...)
2023-05-08 9:45 ` [PATCH 5.15 111/371] drm/msm/adreno: Defer enabling runpm until hw_init() Greg Kroah-Hartman
@ 2023-05-08 9:45 ` Greg Kroah-Hartman
2023-05-08 9:45 ` [PATCH 5.15 113/371] drm: msm: adreno: Disable preemption on Adreno 510 Greg Kroah-Hartman
` (262 subsequent siblings)
374 siblings, 0 replies; 391+ messages in thread
From: Greg Kroah-Hartman @ 2023-05-08 9:45 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Johan Hovold, Rob Clark, Sasha Levin
From: Johan Hovold <johan+linaro@kernel.org>
[ Upstream commit db7662d076c973072d788bd0e8130e04430307a1 ]
The runtime PM status can only be updated while runtime PM is disabled.
Drop the bogus pm_runtime_set_active() call that was made after enabling
runtime PM and which (incidentally but correctly) left the runtime PM
status set to 'suspended'.
Fixes: 2c087a336676 ("drm/msm/adreno: Load the firmware before bringing up the hardware")
Signed-off-by: Johan Hovold <johan+linaro@kernel.org>
Patchwork: https://patchwork.freedesktop.org/patch/524972/
Link: https://lore.kernel.org/r/20230303164807.13124-4-johan+linaro@kernel.org
Signed-off-by: Rob Clark <robdclark@chromium.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/gpu/drm/msm/adreno/adreno_device.c | 3 ---
1 file changed, 3 deletions(-)
diff --git a/drivers/gpu/drm/msm/adreno/adreno_device.c b/drivers/gpu/drm/msm/adreno/adreno_device.c
index 32207bc42b281..3eb9146653444 100644
--- a/drivers/gpu/drm/msm/adreno/adreno_device.c
+++ b/drivers/gpu/drm/msm/adreno/adreno_device.c
@@ -404,9 +404,6 @@ struct msm_gpu *adreno_load_gpu(struct drm_device *dev)
*/
pm_runtime_enable(&pdev->dev);
- /* Make sure pm runtime is active and reset any previous errors */
- pm_runtime_set_active(&pdev->dev);
-
ret = pm_runtime_get_sync(&pdev->dev);
if (ret < 0) {
pm_runtime_put_sync(&pdev->dev);
--
2.39.2
^ permalink raw reply related [flat|nested] 391+ messages in thread
* [PATCH 5.15 113/371] drm: msm: adreno: Disable preemption on Adreno 510
2023-05-08 9:43 [PATCH 5.15 000/371] 5.15.111-rc1 review Greg Kroah-Hartman
` (111 preceding siblings ...)
2023-05-08 9:45 ` [PATCH 5.15 112/371] drm/msm/adreno: drop bogus pm_runtime_set_active() Greg Kroah-Hartman
@ 2023-05-08 9:45 ` Greg Kroah-Hartman
2023-05-08 9:45 ` Greg Kroah-Hartman
` (261 subsequent siblings)
374 siblings, 0 replies; 391+ messages in thread
From: Greg Kroah-Hartman @ 2023-05-08 9:45 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Dmitry Baryshkov, Adam Skladowski,
Rob Clark, Sasha Levin
From: Adam Skladowski <a39.skl@gmail.com>
[ Upstream commit 010c8bbad2cb8c33c47963e29f051f1e917e45a5 ]
Downstream driver appears to not support preemption on A510 target,
trying to use one make device slow and fill log with rings related errors.
Set num_rings to 1 to disable preemption.
Suggested-by: Dmitry Baryshkov <dmitry.baryshkov@linaro.org>
Fixes: e20c9284c8f2 ("drm/msm/adreno: Add support for Adreno 510 GPU")
Signed-off-by: Adam Skladowski <a39.skl@gmail.com>
Reviewed-by: Dmitry Baryshkov <dmitry.baryshkov@linaro.org>
Patchwork: https://patchwork.freedesktop.org/patch/526898/
Link: https://lore.kernel.org/r/20230314221757.13096-1-a39.skl@gmail.com
Signed-off-by: Rob Clark <robdclark@chromium.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/gpu/drm/msm/adreno/a5xx_gpu.c | 8 +++++++-
1 file changed, 7 insertions(+), 1 deletion(-)
diff --git a/drivers/gpu/drm/msm/adreno/a5xx_gpu.c b/drivers/gpu/drm/msm/adreno/a5xx_gpu.c
index b8c49ba65254c..d92416d526286 100644
--- a/drivers/gpu/drm/msm/adreno/a5xx_gpu.c
+++ b/drivers/gpu/drm/msm/adreno/a5xx_gpu.c
@@ -1749,6 +1749,7 @@ struct msm_gpu *a5xx_gpu_init(struct drm_device *dev)
struct a5xx_gpu *a5xx_gpu = NULL;
struct adreno_gpu *adreno_gpu;
struct msm_gpu *gpu;
+ unsigned int nr_rings;
int ret;
if (!pdev) {
@@ -1769,7 +1770,12 @@ struct msm_gpu *a5xx_gpu_init(struct drm_device *dev)
check_speed_bin(&pdev->dev);
- ret = adreno_gpu_init(dev, pdev, adreno_gpu, &funcs, 4);
+ nr_rings = 4;
+
+ if (adreno_is_a510(adreno_gpu))
+ nr_rings = 1;
+
+ ret = adreno_gpu_init(dev, pdev, adreno_gpu, &funcs, nr_rings);
if (ret) {
a5xx_destroy(&(a5xx_gpu->base.base));
return ERR_PTR(ret);
--
2.39.2
^ permalink raw reply related [flat|nested] 391+ messages in thread
* [PATCH 5.15 114/371] drm/amd/display/dc/dce60/Makefile: Fix previous attempt to silence known override-init warnings
2023-05-08 9:43 [PATCH 5.15 000/371] 5.15.111-rc1 review Greg Kroah-Hartman
2023-05-08 9:43 ` [PATCH 5.15 001/371] ASOC: Intel: sof_sdw: add quirk for Intel Rooks County NUC M15 Greg Kroah-Hartman
@ 2023-05-08 9:45 ` Greg Kroah-Hartman
2023-05-08 9:43 ` [PATCH 5.15 003/371] x86/hyperv: Block root partition functionality in a Confidential VM Greg Kroah-Hartman
` (372 subsequent siblings)
374 siblings, 0 replies; 391+ messages in thread
From: Greg Kroah-Hartman @ 2023-05-08 9:45 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Harry Wentland, Leo Li,
Rodrigo Siqueira, Alex Deucher, Christian König, Pan,
Xinhui, David Airlie, Daniel Vetter, Mauro Rossi, amd-gfx,
dri-devel, Lee Jones, Sasha Levin
From: Lee Jones <lee@kernel.org>
[ Upstream commit 4082b9f5ead4966797dddcfef0905d59e5a83873 ]
Fixes the following W=1 kernel build warning(s):
drivers/gpu/drm/amd/amdgpu/../display/dc/dce60/dce60_resource.c:157:21: note: in expansion of macro ‘mmCRTC1_DCFE_MEM_LIGHT_SLEEP_CNTL’
drivers/gpu/drm/amd/amdgpu/../display/dc/dce/dce_transform.h:170:9: note: in expansion of macro ‘SRI’
drivers/gpu/drm/amd/amdgpu/../display/dc/dce60/dce60_resource.c:183:17: note: in expansion of macro ‘XFM_COMMON_REG_LIST_DCE60’
drivers/gpu/drm/amd/amdgpu/../display/dc/dce60/dce60_resource.c:188:17: note: in expansion of macro ‘transform_regs’
drivers/gpu/drm/amd/amdgpu/../include/asic_reg/dce/dce_6_0_d.h:722:43: warning: initialized field overwritten [-Woverride-init]
drivers/gpu/drm/amd/amdgpu/../display/dc/dce60/dce60_resource.c:157:21: note: in expansion of macro ‘mmCRTC2_DCFE_MEM_LIGHT_SLEEP_CNTL’
drivers/gpu/drm/amd/amdgpu/../display/dc/dce/dce_transform.h:170:9: note: in expansion of macro ‘SRI’
drivers/gpu/drm/amd/amdgpu/../display/dc/dce60/dce60_resource.c:183:17: note: in expansion of macro ‘XFM_COMMON_REG_LIST_DCE60’
drivers/gpu/drm/amd/amdgpu/../display/dc/dce60/dce60_resource.c:189:17: note: in expansion of macro ‘transform_regs’
drivers/gpu/drm/amd/amdgpu/../include/asic_reg/dce/dce_6_0_d.h:722:43: note: (near initialization for ‘xfm_regs[2].DCFE_MEM_LIGHT_SLEEP_CN
[100 lines snipped for brevity]
Fixes: ceb3cf476a441 ("drm/amd/display/dc/dce60/Makefile: Ignore -Woverride-init warning")
Cc: Harry Wentland <harry.wentland@amd.com>
Cc: Leo Li <sunpeng.li@amd.com>
Cc: Rodrigo Siqueira <Rodrigo.Siqueira@amd.com>
Cc: Alex Deucher <alexander.deucher@amd.com>
Cc: "Christian König" <christian.koenig@amd.com>
Cc: "Pan, Xinhui" <Xinhui.Pan@amd.com>
Cc: David Airlie <airlied@gmail.com>
Cc: Daniel Vetter <daniel@ffwll.ch>
Cc: Mauro Rossi <issor.oruam@gmail.com>
Cc: amd-gfx@lists.freedesktop.org
Cc: dri-devel@lists.freedesktop.org
Signed-off-by: Lee Jones <lee@kernel.org>
Signed-off-by: Alex Deucher <alexander.deucher@amd.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/gpu/drm/amd/display/dc/dce60/Makefile | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/gpu/drm/amd/display/dc/dce60/Makefile b/drivers/gpu/drm/amd/display/dc/dce60/Makefile
index dda596fa1cd76..fee331accc0e7 100644
--- a/drivers/gpu/drm/amd/display/dc/dce60/Makefile
+++ b/drivers/gpu/drm/amd/display/dc/dce60/Makefile
@@ -23,7 +23,7 @@
# Makefile for the 'controller' sub-component of DAL.
# It provides the control and status of HW CRTC block.
-CFLAGS_AMDDALPATH)/dc/dce60/dce60_resource.o = $(call cc-disable-warning, override-init)
+CFLAGS_$(AMDDALPATH)/dc/dce60/dce60_resource.o = $(call cc-disable-warning, override-init)
DCE60 = dce60_timing_generator.o dce60_hw_sequencer.o \
dce60_resource.o
--
2.39.2
^ permalink raw reply related [flat|nested] 391+ messages in thread
* [PATCH 5.15 114/371] drm/amd/display/dc/dce60/Makefile: Fix previous attempt to silence known override-init warnings
@ 2023-05-08 9:45 ` Greg Kroah-Hartman
0 siblings, 0 replies; 391+ messages in thread
From: Greg Kroah-Hartman @ 2023-05-08 9:45 UTC (permalink / raw)
To: stable
Cc: Sasha Levin, Lee Jones, Leo Li, Greg Kroah-Hartman, Mauro Rossi,
Pan, Xinhui, Rodrigo Siqueira, patches, amd-gfx, dri-devel,
Alex Deucher, Christian König
From: Lee Jones <lee@kernel.org>
[ Upstream commit 4082b9f5ead4966797dddcfef0905d59e5a83873 ]
Fixes the following W=1 kernel build warning(s):
drivers/gpu/drm/amd/amdgpu/../display/dc/dce60/dce60_resource.c:157:21: note: in expansion of macro ‘mmCRTC1_DCFE_MEM_LIGHT_SLEEP_CNTL’
drivers/gpu/drm/amd/amdgpu/../display/dc/dce/dce_transform.h:170:9: note: in expansion of macro ‘SRI’
drivers/gpu/drm/amd/amdgpu/../display/dc/dce60/dce60_resource.c:183:17: note: in expansion of macro ‘XFM_COMMON_REG_LIST_DCE60’
drivers/gpu/drm/amd/amdgpu/../display/dc/dce60/dce60_resource.c:188:17: note: in expansion of macro ‘transform_regs’
drivers/gpu/drm/amd/amdgpu/../include/asic_reg/dce/dce_6_0_d.h:722:43: warning: initialized field overwritten [-Woverride-init]
drivers/gpu/drm/amd/amdgpu/../display/dc/dce60/dce60_resource.c:157:21: note: in expansion of macro ‘mmCRTC2_DCFE_MEM_LIGHT_SLEEP_CNTL’
drivers/gpu/drm/amd/amdgpu/../display/dc/dce/dce_transform.h:170:9: note: in expansion of macro ‘SRI’
drivers/gpu/drm/amd/amdgpu/../display/dc/dce60/dce60_resource.c:183:17: note: in expansion of macro ‘XFM_COMMON_REG_LIST_DCE60’
drivers/gpu/drm/amd/amdgpu/../display/dc/dce60/dce60_resource.c:189:17: note: in expansion of macro ‘transform_regs’
drivers/gpu/drm/amd/amdgpu/../include/asic_reg/dce/dce_6_0_d.h:722:43: note: (near initialization for ‘xfm_regs[2].DCFE_MEM_LIGHT_SLEEP_CN
[100 lines snipped for brevity]
Fixes: ceb3cf476a441 ("drm/amd/display/dc/dce60/Makefile: Ignore -Woverride-init warning")
Cc: Harry Wentland <harry.wentland@amd.com>
Cc: Leo Li <sunpeng.li@amd.com>
Cc: Rodrigo Siqueira <Rodrigo.Siqueira@amd.com>
Cc: Alex Deucher <alexander.deucher@amd.com>
Cc: "Christian König" <christian.koenig@amd.com>
Cc: "Pan, Xinhui" <Xinhui.Pan@amd.com>
Cc: David Airlie <airlied@gmail.com>
Cc: Daniel Vetter <daniel@ffwll.ch>
Cc: Mauro Rossi <issor.oruam@gmail.com>
Cc: amd-gfx@lists.freedesktop.org
Cc: dri-devel@lists.freedesktop.org
Signed-off-by: Lee Jones <lee@kernel.org>
Signed-off-by: Alex Deucher <alexander.deucher@amd.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/gpu/drm/amd/display/dc/dce60/Makefile | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/gpu/drm/amd/display/dc/dce60/Makefile b/drivers/gpu/drm/amd/display/dc/dce60/Makefile
index dda596fa1cd76..fee331accc0e7 100644
--- a/drivers/gpu/drm/amd/display/dc/dce60/Makefile
+++ b/drivers/gpu/drm/amd/display/dc/dce60/Makefile
@@ -23,7 +23,7 @@
# Makefile for the 'controller' sub-component of DAL.
# It provides the control and status of HW CRTC block.
-CFLAGS_AMDDALPATH)/dc/dce60/dce60_resource.o = $(call cc-disable-warning, override-init)
+CFLAGS_$(AMDDALPATH)/dc/dce60/dce60_resource.o = $(call cc-disable-warning, override-init)
DCE60 = dce60_timing_generator.o dce60_hw_sequencer.o \
dce60_resource.o
--
2.39.2
^ permalink raw reply related [flat|nested] 391+ messages in thread
* [PATCH 5.15 114/371] drm/amd/display/dc/dce60/Makefile: Fix previous attempt to silence known override-init warnings
@ 2023-05-08 9:45 ` Greg Kroah-Hartman
0 siblings, 0 replies; 391+ messages in thread
From: Greg Kroah-Hartman @ 2023-05-08 9:45 UTC (permalink / raw)
To: stable
Cc: Sasha Levin, Lee Jones, Leo Li, Greg Kroah-Hartman, Mauro Rossi,
Pan, Xinhui, Rodrigo Siqueira, patches, amd-gfx, dri-devel,
Daniel Vetter, Alex Deucher, David Airlie, Harry Wentland,
Christian König
From: Lee Jones <lee@kernel.org>
[ Upstream commit 4082b9f5ead4966797dddcfef0905d59e5a83873 ]
Fixes the following W=1 kernel build warning(s):
drivers/gpu/drm/amd/amdgpu/../display/dc/dce60/dce60_resource.c:157:21: note: in expansion of macro ‘mmCRTC1_DCFE_MEM_LIGHT_SLEEP_CNTL’
drivers/gpu/drm/amd/amdgpu/../display/dc/dce/dce_transform.h:170:9: note: in expansion of macro ‘SRI’
drivers/gpu/drm/amd/amdgpu/../display/dc/dce60/dce60_resource.c:183:17: note: in expansion of macro ‘XFM_COMMON_REG_LIST_DCE60’
drivers/gpu/drm/amd/amdgpu/../display/dc/dce60/dce60_resource.c:188:17: note: in expansion of macro ‘transform_regs’
drivers/gpu/drm/amd/amdgpu/../include/asic_reg/dce/dce_6_0_d.h:722:43: warning: initialized field overwritten [-Woverride-init]
drivers/gpu/drm/amd/amdgpu/../display/dc/dce60/dce60_resource.c:157:21: note: in expansion of macro ‘mmCRTC2_DCFE_MEM_LIGHT_SLEEP_CNTL’
drivers/gpu/drm/amd/amdgpu/../display/dc/dce/dce_transform.h:170:9: note: in expansion of macro ‘SRI’
drivers/gpu/drm/amd/amdgpu/../display/dc/dce60/dce60_resource.c:183:17: note: in expansion of macro ‘XFM_COMMON_REG_LIST_DCE60’
drivers/gpu/drm/amd/amdgpu/../display/dc/dce60/dce60_resource.c:189:17: note: in expansion of macro ‘transform_regs’
drivers/gpu/drm/amd/amdgpu/../include/asic_reg/dce/dce_6_0_d.h:722:43: note: (near initialization for ‘xfm_regs[2].DCFE_MEM_LIGHT_SLEEP_CN
[100 lines snipped for brevity]
Fixes: ceb3cf476a441 ("drm/amd/display/dc/dce60/Makefile: Ignore -Woverride-init warning")
Cc: Harry Wentland <harry.wentland@amd.com>
Cc: Leo Li <sunpeng.li@amd.com>
Cc: Rodrigo Siqueira <Rodrigo.Siqueira@amd.com>
Cc: Alex Deucher <alexander.deucher@amd.com>
Cc: "Christian König" <christian.koenig@amd.com>
Cc: "Pan, Xinhui" <Xinhui.Pan@amd.com>
Cc: David Airlie <airlied@gmail.com>
Cc: Daniel Vetter <daniel@ffwll.ch>
Cc: Mauro Rossi <issor.oruam@gmail.com>
Cc: amd-gfx@lists.freedesktop.org
Cc: dri-devel@lists.freedesktop.org
Signed-off-by: Lee Jones <lee@kernel.org>
Signed-off-by: Alex Deucher <alexander.deucher@amd.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/gpu/drm/amd/display/dc/dce60/Makefile | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/gpu/drm/amd/display/dc/dce60/Makefile b/drivers/gpu/drm/amd/display/dc/dce60/Makefile
index dda596fa1cd76..fee331accc0e7 100644
--- a/drivers/gpu/drm/amd/display/dc/dce60/Makefile
+++ b/drivers/gpu/drm/amd/display/dc/dce60/Makefile
@@ -23,7 +23,7 @@
# Makefile for the 'controller' sub-component of DAL.
# It provides the control and status of HW CRTC block.
-CFLAGS_AMDDALPATH)/dc/dce60/dce60_resource.o = $(call cc-disable-warning, override-init)
+CFLAGS_$(AMDDALPATH)/dc/dce60/dce60_resource.o = $(call cc-disable-warning, override-init)
DCE60 = dce60_timing_generator.o dce60_hw_sequencer.o \
dce60_resource.o
--
2.39.2
^ permalink raw reply related [flat|nested] 391+ messages in thread
* [PATCH 5.15 115/371] ACPI: processor: Fix evaluating _PDC method when running as Xen dom0
2023-05-08 9:43 [PATCH 5.15 000/371] 5.15.111-rc1 review Greg Kroah-Hartman
` (113 preceding siblings ...)
2023-05-08 9:45 ` Greg Kroah-Hartman
@ 2023-05-08 9:45 ` Greg Kroah-Hartman
2023-05-08 9:45 ` [PATCH 5.15 116/371] mmc: sdhci-of-esdhc: fix quirk to ignore command inhibit for data Greg Kroah-Hartman
` (259 subsequent siblings)
374 siblings, 0 replies; 391+ messages in thread
From: Greg Kroah-Hartman @ 2023-05-08 9:45 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Roger Pau Monné,
Juergen Gross, Rafael J. Wysocki, Sasha Levin
From: Roger Pau Monne <roger.pau@citrix.com>
[ Upstream commit 073828e954459b883f23e53999d31e4c55ab9654 ]
In ACPI systems, the OS can direct power management, as opposed to the
firmware. This OS-directed Power Management is called OSPM. Part of
telling the firmware that the OS going to direct power management is
making ACPI "_PDC" (Processor Driver Capabilities) calls. These _PDC
methods must be evaluated for every processor object. If these _PDC
calls are not completed for every processor it can lead to
inconsistency and later failures in things like the CPU frequency
driver.
In a Xen system, the dom0 kernel is responsible for system-wide power
management. The dom0 kernel is in charge of OSPM. However, the
number of CPUs available to dom0 can be different than the number of
CPUs physically present on the system.
This leads to a problem: the dom0 kernel needs to evaluate _PDC for
all the processors, but it can't always see them.
In dom0 kernels, ignore the existing ACPI method for determining if a
processor is physically present because it might not be accurate.
Instead, ask the hypervisor for this information.
Fix this by introducing a custom function to use when running as Xen
dom0 in order to check whether a processor object matches a CPU that's
online. Such checking is done using the existing information fetched
by the Xen pCPU subsystem, extending it to also store the ACPI ID.
This ensures that _PDC method gets evaluated for all physically online
CPUs, regardless of the number of CPUs made available to dom0.
Fixes: 5d554a7bb064 ("ACPI: processor: add internal processor_physically_present()")
Signed-off-by: Roger Pau Monné <roger.pau@citrix.com>
Reviewed-by: Juergen Gross <jgross@suse.com>
Signed-off-by: Rafael J. Wysocki <rafael.j.wysocki@intel.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/acpi/processor_pdc.c | 11 +++++++++++
drivers/xen/pcpu.c | 20 ++++++++++++++++++++
include/xen/xen.h | 11 +++++++++++
3 files changed, 42 insertions(+)
diff --git a/drivers/acpi/processor_pdc.c b/drivers/acpi/processor_pdc.c
index 8c3f82c9fff35..18fb04523f93b 100644
--- a/drivers/acpi/processor_pdc.c
+++ b/drivers/acpi/processor_pdc.c
@@ -14,6 +14,8 @@
#include <linux/acpi.h>
#include <acpi/processor.h>
+#include <xen/xen.h>
+
#include "internal.h"
static bool __init processor_physically_present(acpi_handle handle)
@@ -47,6 +49,15 @@ static bool __init processor_physically_present(acpi_handle handle)
return false;
}
+ if (xen_initial_domain())
+ /*
+ * When running as a Xen dom0 the number of processors Linux
+ * sees can be different from the real number of processors on
+ * the system, and we still need to execute _PDC for all of
+ * them.
+ */
+ return xen_processor_present(acpi_id);
+
type = (acpi_type == ACPI_TYPE_DEVICE) ? 1 : 0;
cpuid = acpi_get_cpuid(handle, type, acpi_id);
diff --git a/drivers/xen/pcpu.c b/drivers/xen/pcpu.c
index fd3a644b08559..b3e3d1bb37f3e 100644
--- a/drivers/xen/pcpu.c
+++ b/drivers/xen/pcpu.c
@@ -58,6 +58,7 @@ struct pcpu {
struct list_head list;
struct device dev;
uint32_t cpu_id;
+ uint32_t acpi_id;
uint32_t flags;
};
@@ -249,6 +250,7 @@ static struct pcpu *create_and_register_pcpu(struct xenpf_pcpuinfo *info)
INIT_LIST_HEAD(&pcpu->list);
pcpu->cpu_id = info->xen_cpuid;
+ pcpu->acpi_id = info->acpi_id;
pcpu->flags = info->flags;
/* Need hold on xen_pcpu_lock before pcpu list manipulations */
@@ -381,3 +383,21 @@ static int __init xen_pcpu_init(void)
return ret;
}
arch_initcall(xen_pcpu_init);
+
+#ifdef CONFIG_ACPI
+bool __init xen_processor_present(uint32_t acpi_id)
+{
+ const struct pcpu *pcpu;
+ bool online = false;
+
+ mutex_lock(&xen_pcpu_lock);
+ list_for_each_entry(pcpu, &xen_pcpus, list)
+ if (pcpu->acpi_id == acpi_id) {
+ online = pcpu->flags & XEN_PCPU_FLAGS_ONLINE;
+ break;
+ }
+ mutex_unlock(&xen_pcpu_lock);
+
+ return online;
+}
+#endif
diff --git a/include/xen/xen.h b/include/xen/xen.h
index 43efba045acc7..5a6a2ab675bed 100644
--- a/include/xen/xen.h
+++ b/include/xen/xen.h
@@ -61,4 +61,15 @@ void xen_free_unpopulated_pages(unsigned int nr_pages, struct page **pages);
#include <xen/balloon.h>
#endif
+#if defined(CONFIG_XEN_DOM0) && defined(CONFIG_ACPI) && defined(CONFIG_X86)
+bool __init xen_processor_present(uint32_t acpi_id);
+#else
+#include <linux/bug.h>
+static inline bool xen_processor_present(uint32_t acpi_id)
+{
+ BUG();
+ return false;
+}
+#endif
+
#endif /* _XEN_XEN_H */
--
2.39.2
^ permalink raw reply related [flat|nested] 391+ messages in thread
* [PATCH 5.15 116/371] mmc: sdhci-of-esdhc: fix quirk to ignore command inhibit for data
2023-05-08 9:43 [PATCH 5.15 000/371] 5.15.111-rc1 review Greg Kroah-Hartman
` (114 preceding siblings ...)
2023-05-08 9:45 ` [PATCH 5.15 115/371] ACPI: processor: Fix evaluating _PDC method when running as Xen dom0 Greg Kroah-Hartman
@ 2023-05-08 9:45 ` Greg Kroah-Hartman
2023-05-08 9:45 ` [PATCH 5.15 117/371] drm: rcar-du: Fix a NULL vs IS_ERR() bug Greg Kroah-Hartman
` (258 subsequent siblings)
374 siblings, 0 replies; 391+ messages in thread
From: Greg Kroah-Hartman @ 2023-05-08 9:45 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Georgii Kruglov, Adrian Hunter,
Ulf Hansson, Sasha Levin
From: Georgii Kruglov <georgy.kruglov@yandex.ru>
[ Upstream commit 0dd8316037a2a6d85b2be208bef9991de7b42170 ]
If spec_reg is equal to 'SDHCI_PRESENT_STATE', esdhc_readl_fixup()
fixes up register value and returns it immediately. As a result, the
further block
(spec_reg == SDHCI_PRESENT_STATE)
&&(esdhc->quirk_ignore_data_inhibit == true),
is never executed.
The patch merges the second block into the first one.
Found by Linux Verification Center (linuxtesting.org) with SVACE.
Fixes: 1f1929f3f2fa ("mmc: sdhci-of-esdhc: add quirk to ignore command inhibit for data")
Signed-off-by: Georgii Kruglov <georgy.kruglov@yandex.ru>
Acked-by: Adrian Hunter <adrian.hunter@intel.com>
Link: https://lore.kernel.org/r/20230321203715.3975-1-georgy.kruglov@yandex.ru
Signed-off-by: Ulf Hansson <ulf.hansson@linaro.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/mmc/host/sdhci-of-esdhc.c | 24 +++++++++++-------------
1 file changed, 11 insertions(+), 13 deletions(-)
diff --git a/drivers/mmc/host/sdhci-of-esdhc.c b/drivers/mmc/host/sdhci-of-esdhc.c
index 04a37fd137ee1..ea9bb545b1a21 100644
--- a/drivers/mmc/host/sdhci-of-esdhc.c
+++ b/drivers/mmc/host/sdhci-of-esdhc.c
@@ -126,6 +126,7 @@ static u32 esdhc_readl_fixup(struct sdhci_host *host,
return ret;
}
}
+
/*
* The DAT[3:0] line signal levels and the CMD line signal level are
* not compatible with standard SDHC register. The line signal levels
@@ -137,6 +138,16 @@ static u32 esdhc_readl_fixup(struct sdhci_host *host,
ret = value & 0x000fffff;
ret |= (value >> 4) & SDHCI_DATA_LVL_MASK;
ret |= (value << 1) & SDHCI_CMD_LVL;
+
+ /*
+ * Some controllers have unreliable Data Line Active
+ * bit for commands with busy signal. This affects
+ * Command Inhibit (data) bit. Just ignore it since
+ * MMC core driver has already polled card status
+ * with CMD13 after any command with busy siganl.
+ */
+ if (esdhc->quirk_ignore_data_inhibit)
+ ret &= ~SDHCI_DATA_INHIBIT;
return ret;
}
@@ -151,19 +162,6 @@ static u32 esdhc_readl_fixup(struct sdhci_host *host,
return ret;
}
- /*
- * Some controllers have unreliable Data Line Active
- * bit for commands with busy signal. This affects
- * Command Inhibit (data) bit. Just ignore it since
- * MMC core driver has already polled card status
- * with CMD13 after any command with busy siganl.
- */
- if ((spec_reg == SDHCI_PRESENT_STATE) &&
- (esdhc->quirk_ignore_data_inhibit == true)) {
- ret = value & ~SDHCI_DATA_INHIBIT;
- return ret;
- }
-
ret = value;
return ret;
}
--
2.39.2
^ permalink raw reply related [flat|nested] 391+ messages in thread
* [PATCH 5.15 117/371] drm: rcar-du: Fix a NULL vs IS_ERR() bug
2023-05-08 9:43 [PATCH 5.15 000/371] 5.15.111-rc1 review Greg Kroah-Hartman
` (115 preceding siblings ...)
2023-05-08 9:45 ` [PATCH 5.15 116/371] mmc: sdhci-of-esdhc: fix quirk to ignore command inhibit for data Greg Kroah-Hartman
@ 2023-05-08 9:45 ` Greg Kroah-Hartman
2023-05-08 9:45 ` [PATCH 5.15 118/371] ARM: dts: gta04: fix excess dma channel usage Greg Kroah-Hartman
` (257 subsequent siblings)
374 siblings, 0 replies; 391+ messages in thread
From: Greg Kroah-Hartman @ 2023-05-08 9:45 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Dan Carpenter, Kieran Bingham,
Laurent Pinchart, Sasha Levin
From: Dan Carpenter <error27@gmail.com>
[ Upstream commit 40f43730f43699ce8557e4fe59622d4f4b69f44a ]
The drmm_encoder_alloc() function returns error pointers. It never
returns NULL. Fix the check accordingly.
Fixes: 7a1adbd23990 ("drm: rcar-du: Use drmm_encoder_alloc() to manage encoder")
Signed-off-by: Dan Carpenter <error27@gmail.com>
Reviewed-by: Kieran Bingham <kieran.bingham+renesas@ideasonboard.com>
Reviewed-by: Laurent Pinchart <laurent.pinchart+renesas@ideasonboard.com>
Signed-off-by: Laurent Pinchart <laurent.pinchart+renesas@ideasonboard.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/gpu/drm/rcar-du/rcar_du_encoder.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/drivers/gpu/drm/rcar-du/rcar_du_encoder.c b/drivers/gpu/drm/rcar-du/rcar_du_encoder.c
index 4bf4e25d7f011..6bc0c4e6cd965 100644
--- a/drivers/gpu/drm/rcar-du/rcar_du_encoder.c
+++ b/drivers/gpu/drm/rcar-du/rcar_du_encoder.c
@@ -109,8 +109,8 @@ int rcar_du_encoder_init(struct rcar_du_device *rcdu,
renc = drmm_encoder_alloc(&rcdu->ddev, struct rcar_du_encoder, base,
&rcar_du_encoder_funcs, DRM_MODE_ENCODER_NONE,
NULL);
- if (!renc)
- return -ENOMEM;
+ if (IS_ERR(renc))
+ return PTR_ERR(renc);
renc->output = output;
--
2.39.2
^ permalink raw reply related [flat|nested] 391+ messages in thread
* [PATCH 5.15 118/371] ARM: dts: gta04: fix excess dma channel usage
2023-05-08 9:43 [PATCH 5.15 000/371] 5.15.111-rc1 review Greg Kroah-Hartman
` (116 preceding siblings ...)
2023-05-08 9:45 ` [PATCH 5.15 117/371] drm: rcar-du: Fix a NULL vs IS_ERR() bug Greg Kroah-Hartman
@ 2023-05-08 9:45 ` Greg Kroah-Hartman
2023-05-08 9:45 ` [PATCH 5.15 119/371] firmware: arm_scmi: Fix xfers allocation on Rx channel Greg Kroah-Hartman
` (256 subsequent siblings)
374 siblings, 0 replies; 391+ messages in thread
From: Greg Kroah-Hartman @ 2023-05-08 9:45 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, H. Nikolaus Schaller,
Andreas Kemnade, Tony Lindgren, Sasha Levin
From: H. Nikolaus Schaller <hns@goldelico.com>
[ Upstream commit a622310f7f0185da02e42cdb06475f533efaae60 ]
OMAP processors support 32 channels but there is no check or
inspect this except booting a device and looking at dmesg reports
of not available channels.
Recently some more subsystems with DMA (aes1+2) were added filling
the list of dma channels beyond the limit of 32 (even if other
parameters indicate 96 or 128 channels). This leads to random
subsystem failures i(e.g. mcbsp for audio) after boot or boot
messages that DMA can not be initialized.
Another symptom is that
/sys/kernel/debug/dmaengine/summary
has 32 entries and does not show all required channels.
Fix by disabling unused (on the GTA04 hardware) mcspi1...4.
Each SPI channel allocates 4 DMA channels rapidly filling
the available ones.
Disabling unused SPI modules on the OMAP3 SoC may also save
some energy (has not been checked).
Fixes: c312f066314e ("ARM: dts: omap3: Migrate AES from hwmods to sysc-omap2")
Signed-off-by: H. Nikolaus Schaller <hns@goldelico.com>
[re-enabled aes2, improved commit subject line]
Signed-off-by: Andreas Kemnade <andreas@kemnade.info>
Message-Id: <20230113211151.2314874-1-andreas@kemnade.info>
Signed-off-by: Tony Lindgren <tony@atomide.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/arm/boot/dts/omap3-gta04.dtsi | 16 ++++++++++++++++
1 file changed, 16 insertions(+)
diff --git a/arch/arm/boot/dts/omap3-gta04.dtsi b/arch/arm/boot/dts/omap3-gta04.dtsi
index 3923b38e798d0..bb5e00b36d8dc 100644
--- a/arch/arm/boot/dts/omap3-gta04.dtsi
+++ b/arch/arm/boot/dts/omap3-gta04.dtsi
@@ -609,6 +609,22 @@
clock-frequency = <100000>;
};
+&mcspi1 {
+ status = "disabled";
+};
+
+&mcspi2 {
+ status = "disabled";
+};
+
+&mcspi3 {
+ status = "disabled";
+};
+
+&mcspi4 {
+ status = "disabled";
+};
+
&usb_otg_hs {
interface-type = <0>;
usb-phy = <&usb2_phy>;
--
2.39.2
^ permalink raw reply related [flat|nested] 391+ messages in thread
* [PATCH 5.15 119/371] firmware: arm_scmi: Fix xfers allocation on Rx channel
2023-05-08 9:43 [PATCH 5.15 000/371] 5.15.111-rc1 review Greg Kroah-Hartman
` (117 preceding siblings ...)
2023-05-08 9:45 ` [PATCH 5.15 118/371] ARM: dts: gta04: fix excess dma channel usage Greg Kroah-Hartman
@ 2023-05-08 9:45 ` Greg Kroah-Hartman
2023-05-08 9:45 ` [PATCH 5.15 120/371] ACPI: VIOT: Initialize the correct IOMMU fwspec Greg Kroah-Hartman
` (255 subsequent siblings)
374 siblings, 0 replies; 391+ messages in thread
From: Greg Kroah-Hartman @ 2023-05-08 9:45 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Cristian Marussi, Sudeep Holla, Sasha Levin
From: Cristian Marussi <cristian.marussi@arm.com>
[ Upstream commit b2ccba9e8cdc6fb3985cc227844e7c6af309ffb1 ]
Two distinct pools of xfer descriptors are allocated at initialization
time: one (Tx) used to provide xfers to track commands and their replies
(or delayed replies) and another (Rx) to pick xfers from to be used for
processing notifications.
Such pools, though, are allocated globally to be used by the whole SCMI
instance, they are not allocated per-channel and as such the allocation of
notifications xfers cannot be simply skipped if no Rx channel was found for
the base protocol common channel, because there could be defined more
optional per-protocol dedicated channels that instead support Rx channels.
Change the conditional check to skip allocation for the notification pool
only if no Rx channel has been detected on any per-channel protocol at all.
Fixes: 4ebd8f6dea81 ("firmware: arm_scmi: Add receive buffer support for notifications")
Signed-off-by: Cristian Marussi <cristian.marussi@arm.com>
Link: https://lore.kernel.org/r/20230326203449.3492948-1-cristian.marussi@arm.com
Signed-off-by: Sudeep Holla <sudeep.holla@arm.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/firmware/arm_scmi/driver.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/firmware/arm_scmi/driver.c b/drivers/firmware/arm_scmi/driver.c
index 11842497b2261..7ccda7d720a19 100644
--- a/drivers/firmware/arm_scmi/driver.c
+++ b/drivers/firmware/arm_scmi/driver.c
@@ -1463,7 +1463,7 @@ static int scmi_xfer_info_init(struct scmi_info *sinfo)
return ret;
ret = __scmi_xfer_info_init(sinfo, &sinfo->tx_minfo);
- if (!ret && idr_find(&sinfo->rx_idr, SCMI_PROTOCOL_BASE))
+ if (!ret && !idr_is_empty(&sinfo->rx_idr))
ret = __scmi_xfer_info_init(sinfo, &sinfo->rx_minfo);
return ret;
--
2.39.2
^ permalink raw reply related [flat|nested] 391+ messages in thread
* [PATCH 5.15 120/371] ACPI: VIOT: Initialize the correct IOMMU fwspec
2023-05-08 9:43 [PATCH 5.15 000/371] 5.15.111-rc1 review Greg Kroah-Hartman
` (118 preceding siblings ...)
2023-05-08 9:45 ` [PATCH 5.15 119/371] firmware: arm_scmi: Fix xfers allocation on Rx channel Greg Kroah-Hartman
@ 2023-05-08 9:45 ` Greg Kroah-Hartman
2023-05-08 9:45 ` [PATCH 5.15 121/371] drm/lima/lima_drv: Add missing unwind goto in lima_pdev_probe() Greg Kroah-Hartman
` (254 subsequent siblings)
374 siblings, 0 replies; 391+ messages in thread
From: Greg Kroah-Hartman @ 2023-05-08 9:45 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Eric Auger, Jean-Philippe Brucker,
Rafael J. Wysocki, Sasha Levin
From: Jean-Philippe Brucker <jean-philippe@linaro.org>
[ Upstream commit 47d26684185d09e083669bbbd0c465ab3493a51f ]
When setting up DMA for a PCI device, we need to initialize its
iommu_fwspec with all possible alias RIDs (such as PCI bridges). To do
this we use pci_for_each_dma_alias() which calls
viot_pci_dev_iommu_init(). This function incorrectly initializes the
fwspec of the bridge instead of the device being configured. Fix it by
passing the original device as context to pci_for_each_dma_alias().
Fixes: 3cf485540e7b ("ACPI: Add driver for the VIOT table")
Link: https://lore.kernel.org/all/Y8qzOKm6kvhGWG1T@myrica
Reported-by: Eric Auger <eric.auger@redhat.com>
Signed-off-by: Jean-Philippe Brucker <jean-philippe@linaro.org>
Reviewed-by: Eric Auger <eric.auger@redhat.com>
Tested-by: Eric Auger <eric.auger@redhat.com>
Signed-off-by: Rafael J. Wysocki <rafael.j.wysocki@intel.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/acpi/viot.c | 5 +++--
1 file changed, 3 insertions(+), 2 deletions(-)
diff --git a/drivers/acpi/viot.c b/drivers/acpi/viot.c
index 647f11cf165d7..fe4b66dae01b5 100644
--- a/drivers/acpi/viot.c
+++ b/drivers/acpi/viot.c
@@ -329,6 +329,7 @@ static int viot_pci_dev_iommu_init(struct pci_dev *pdev, u16 dev_id, void *data)
{
u32 epid;
struct viot_endpoint *ep;
+ struct device *aliased_dev = data;
u32 domain_nr = pci_domain_nr(pdev->bus);
list_for_each_entry(ep, &viot_pci_ranges, list) {
@@ -339,7 +340,7 @@ static int viot_pci_dev_iommu_init(struct pci_dev *pdev, u16 dev_id, void *data)
epid = ((domain_nr - ep->segment_start) << 16) +
dev_id - ep->bdf_start + ep->endpoint_id;
- return viot_dev_iommu_init(&pdev->dev, ep->viommu,
+ return viot_dev_iommu_init(aliased_dev, ep->viommu,
epid);
}
}
@@ -373,7 +374,7 @@ int viot_iommu_configure(struct device *dev)
{
if (dev_is_pci(dev))
return pci_for_each_dma_alias(to_pci_dev(dev),
- viot_pci_dev_iommu_init, NULL);
+ viot_pci_dev_iommu_init, dev);
else if (dev_is_platform(dev))
return viot_mmio_dev_iommu_init(to_platform_device(dev));
return -ENODEV;
--
2.39.2
^ permalink raw reply related [flat|nested] 391+ messages in thread
* [PATCH 5.15 121/371] drm/lima/lima_drv: Add missing unwind goto in lima_pdev_probe()
2023-05-08 9:43 [PATCH 5.15 000/371] 5.15.111-rc1 review Greg Kroah-Hartman
` (119 preceding siblings ...)
2023-05-08 9:45 ` [PATCH 5.15 120/371] ACPI: VIOT: Initialize the correct IOMMU fwspec Greg Kroah-Hartman
@ 2023-05-08 9:45 ` Greg Kroah-Hartman
2023-05-08 9:45 ` [PATCH 5.15 122/371] mailbox: mpfs: switch to txdone_poll Greg Kroah-Hartman
` (253 subsequent siblings)
374 siblings, 0 replies; 391+ messages in thread
From: Greg Kroah-Hartman @ 2023-05-08 9:45 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Harshit Mogalapalli, Qiang Yu, Sasha Levin
From: Harshit Mogalapalli <harshit.m.mogalapalli@oracle.com>
[ Upstream commit c5647cae2704e58d1c4e5fedbf63f11bca6376c9 ]
Smatch reports:
drivers/gpu/drm/lima/lima_drv.c:396 lima_pdev_probe() warn:
missing unwind goto?
Store return value in err and goto 'err_out0' which has
lima_sched_slab_fini() before returning.
Fixes: a1d2a6339961 ("drm/lima: driver for ARM Mali4xx GPUs")
Signed-off-by: Harshit Mogalapalli <harshit.m.mogalapalli@oracle.com>
Signed-off-by: Qiang Yu <yuq825@gmail.com>
Link: https://patchwork.freedesktop.org/patch/msgid/20230314052711.4061652-1-harshit.m.mogalapalli@oracle.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/gpu/drm/lima/lima_drv.c | 6 ++++--
1 file changed, 4 insertions(+), 2 deletions(-)
diff --git a/drivers/gpu/drm/lima/lima_drv.c b/drivers/gpu/drm/lima/lima_drv.c
index 7b8d7178d09aa..39cab4a55f572 100644
--- a/drivers/gpu/drm/lima/lima_drv.c
+++ b/drivers/gpu/drm/lima/lima_drv.c
@@ -392,8 +392,10 @@ static int lima_pdev_probe(struct platform_device *pdev)
/* Allocate and initialize the DRM device. */
ddev = drm_dev_alloc(&lima_drm_driver, &pdev->dev);
- if (IS_ERR(ddev))
- return PTR_ERR(ddev);
+ if (IS_ERR(ddev)) {
+ err = PTR_ERR(ddev);
+ goto err_out0;
+ }
ddev->dev_private = ldev;
ldev->ddev = ddev;
--
2.39.2
^ permalink raw reply related [flat|nested] 391+ messages in thread
* [PATCH 5.15 122/371] mailbox: mpfs: switch to txdone_poll
2023-05-08 9:43 [PATCH 5.15 000/371] 5.15.111-rc1 review Greg Kroah-Hartman
` (120 preceding siblings ...)
2023-05-08 9:45 ` [PATCH 5.15 121/371] drm/lima/lima_drv: Add missing unwind goto in lima_pdev_probe() Greg Kroah-Hartman
@ 2023-05-08 9:45 ` Greg Kroah-Hartman
2023-05-08 9:45 ` [PATCH 5.15 123/371] arm64: dts: qcom: sc7180-trogdor-lazor: correct trackpad supply Greg Kroah-Hartman
` (252 subsequent siblings)
374 siblings, 0 replies; 391+ messages in thread
From: Greg Kroah-Hartman @ 2023-05-08 9:45 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Jassi Brar, Valentina Fernandez,
Conor Dooley, Sasha Levin
From: Conor Dooley <conor.dooley@microchip.com>
[ Upstream commit b5984a9844fc45cd301a28fb56f3de95f7e20f3c ]
The system controller on PolarFire SoC has no interrupt to signify that
the TX has been completed. The interrupt instead signals that a service
requested by the mailbox client has succeeded. If a service fails, there
will be no interrupt delivered.
Switch to polling the busy register to determine whether transmission
has completed.
Fixes: 83d7b1560810 ("mbox: add polarfire soc system controller mailbox")
Acked-by: Jassi Brar <jaswinder.singh@linaro.org>
Tested-by: Valentina Fernandez <valentina.fernandezalanis@microchip.com>
Signed-off-by: Conor Dooley <conor.dooley@microchip.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/mailbox/mailbox-mpfs.c | 12 ++++++++++--
1 file changed, 10 insertions(+), 2 deletions(-)
diff --git a/drivers/mailbox/mailbox-mpfs.c b/drivers/mailbox/mailbox-mpfs.c
index 853901acaeec2..08aa840cccaca 100644
--- a/drivers/mailbox/mailbox-mpfs.c
+++ b/drivers/mailbox/mailbox-mpfs.c
@@ -79,6 +79,13 @@ static bool mpfs_mbox_busy(struct mpfs_mbox *mbox)
return status & SCB_STATUS_BUSY_MASK;
}
+static bool mpfs_mbox_last_tx_done(struct mbox_chan *chan)
+{
+ struct mpfs_mbox *mbox = (struct mpfs_mbox *)chan->con_priv;
+
+ return !mpfs_mbox_busy(mbox);
+}
+
static int mpfs_mbox_send_data(struct mbox_chan *chan, void *data)
{
struct mpfs_mbox *mbox = (struct mpfs_mbox *)chan->con_priv;
@@ -182,7 +189,6 @@ static irqreturn_t mpfs_mbox_inbox_isr(int irq, void *data)
mpfs_mbox_rx_data(chan);
- mbox_chan_txdone(chan, 0);
return IRQ_HANDLED;
}
@@ -212,6 +218,7 @@ static const struct mbox_chan_ops mpfs_mbox_ops = {
.send_data = mpfs_mbox_send_data,
.startup = mpfs_mbox_startup,
.shutdown = mpfs_mbox_shutdown,
+ .last_tx_done = mpfs_mbox_last_tx_done,
};
static int mpfs_mbox_probe(struct platform_device *pdev)
@@ -247,7 +254,8 @@ static int mpfs_mbox_probe(struct platform_device *pdev)
mbox->controller.num_chans = 1;
mbox->controller.chans = mbox->chans;
mbox->controller.ops = &mpfs_mbox_ops;
- mbox->controller.txdone_irq = true;
+ mbox->controller.txdone_poll = true;
+ mbox->controller.txpoll_period = 10u;
ret = devm_mbox_controller_register(&pdev->dev, &mbox->controller);
if (ret) {
--
2.39.2
^ permalink raw reply related [flat|nested] 391+ messages in thread
* [PATCH 5.15 123/371] arm64: dts: qcom: sc7180-trogdor-lazor: correct trackpad supply
2023-05-08 9:43 [PATCH 5.15 000/371] 5.15.111-rc1 review Greg Kroah-Hartman
` (121 preceding siblings ...)
2023-05-08 9:45 ` [PATCH 5.15 122/371] mailbox: mpfs: switch to txdone_poll Greg Kroah-Hartman
@ 2023-05-08 9:45 ` Greg Kroah-Hartman
2023-05-08 9:45 ` [PATCH 5.15 124/371] arm64: dts: qcom: msm8994-kitakami: drop unit address from PMI8994 regulator Greg Kroah-Hartman
` (251 subsequent siblings)
374 siblings, 0 replies; 391+ messages in thread
From: Greg Kroah-Hartman @ 2023-05-08 9:45 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Krzysztof Kozlowski, Stephen Boyd,
Douglas Anderson, Konrad Dybcio, Bjorn Andersson, Sasha Levin
From: Krzysztof Kozlowski <krzysztof.kozlowski@linaro.org>
[ Upstream commit 52e2996f253d82520011340d40dbc1c76ea79208 ]
The hid-over-i2c takes VDD, not VCC supply. Fix copy-pasta from other
boards which use elan,ekth3000 with valid VCC:
sc7180-trogdor-lazor-limozeen-nots-r4.dtb: trackpad@2c: 'vcc-supply' does not match any of the regexes: 'pinctrl-[0-9]+'
Fixes: 2c26adb8dbab ("arm64: dts: qcom: Add sc7180-lazor-limozeen skus")
Signed-off-by: Krzysztof Kozlowski <krzysztof.kozlowski@linaro.org>
Reviewed-by: Stephen Boyd <swboyd@chromium.org>
Reviewed-by: Douglas Anderson <dianders@chromium.org>
Reviewed-by: Konrad Dybcio <konrad.dybcio@linaro.org>
Signed-off-by: Bjorn Andersson <andersson@kernel.org>
Link: https://lore.kernel.org/r/20230312183622.460488-3-krzysztof.kozlowski@linaro.org
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
.../boot/dts/qcom/sc7180-trogdor-lazor-limozeen-nots-r4.dts | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/arch/arm64/boot/dts/qcom/sc7180-trogdor-lazor-limozeen-nots-r4.dts b/arch/arm64/boot/dts/qcom/sc7180-trogdor-lazor-limozeen-nots-r4.dts
index 6ebde0828550c..8a98a6f849c4f 100644
--- a/arch/arm64/boot/dts/qcom/sc7180-trogdor-lazor-limozeen-nots-r4.dts
+++ b/arch/arm64/boot/dts/qcom/sc7180-trogdor-lazor-limozeen-nots-r4.dts
@@ -26,7 +26,7 @@
interrupt-parent = <&tlmm>;
interrupts = <58 IRQ_TYPE_EDGE_FALLING>;
- vcc-supply = <&pp3300_fp_tp>;
+ vdd-supply = <&pp3300_fp_tp>;
hid-descr-addr = <0x20>;
wakeup-source;
--
2.39.2
^ permalink raw reply related [flat|nested] 391+ messages in thread
* [PATCH 5.15 124/371] arm64: dts: qcom: msm8994-kitakami: drop unit address from PMI8994 regulator
2023-05-08 9:43 [PATCH 5.15 000/371] 5.15.111-rc1 review Greg Kroah-Hartman
` (122 preceding siblings ...)
2023-05-08 9:45 ` [PATCH 5.15 123/371] arm64: dts: qcom: sc7180-trogdor-lazor: correct trackpad supply Greg Kroah-Hartman
@ 2023-05-08 9:45 ` Greg Kroah-Hartman
2023-05-08 9:45 ` [PATCH 5.15 125/371] arm64: dts: qcom: msm8994-msft-lumia-octagon: " Greg Kroah-Hartman
` (250 subsequent siblings)
374 siblings, 0 replies; 391+ messages in thread
From: Greg Kroah-Hartman @ 2023-05-08 9:45 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Krzysztof Kozlowski, Konrad Dybcio,
Bjorn Andersson, Sasha Levin
From: Krzysztof Kozlowski <krzysztof.kozlowski@linaro.org>
[ Upstream commit 3555dd528ba9c08d6ccd56239c695dbeac3b63e3 ]
The PMIC regulators are not supposed to have unit addresses.
Fixes: e9783584c9b7 ("arm64: dts: qcom: msm8994-kitakami: Add VDD_GFX regulator")
Signed-off-by: Krzysztof Kozlowski <krzysztof.kozlowski@linaro.org>
Reviewed-by: Konrad Dybcio <konrad.dybcio@linaro.org>
Signed-off-by: Bjorn Andersson <andersson@kernel.org>
Link: https://lore.kernel.org/r/20230312183622.460488-6-krzysztof.kozlowski@linaro.org
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/arm64/boot/dts/qcom/msm8994-sony-xperia-kitakami.dtsi | 3 +--
1 file changed, 1 insertion(+), 2 deletions(-)
diff --git a/arch/arm64/boot/dts/qcom/msm8994-sony-xperia-kitakami.dtsi b/arch/arm64/boot/dts/qcom/msm8994-sony-xperia-kitakami.dtsi
index 48de66bf19c4c..55198190bbeaa 100644
--- a/arch/arm64/boot/dts/qcom/msm8994-sony-xperia-kitakami.dtsi
+++ b/arch/arm64/boot/dts/qcom/msm8994-sony-xperia-kitakami.dtsi
@@ -183,8 +183,7 @@
* power domain.. which still isn't enough and forces us to bind
* OXILI_CX and OXILI_GX together!
*/
- vdd_gfx: s2@1700 {
- reg = <0x1700 0x100>;
+ vdd_gfx: s2 {
regulator-name = "VDD_GFX";
regulator-min-microvolt = <980000>;
regulator-max-microvolt = <980000>;
--
2.39.2
^ permalink raw reply related [flat|nested] 391+ messages in thread
* [PATCH 5.15 125/371] arm64: dts: qcom: msm8994-msft-lumia-octagon: drop unit address from PMI8994 regulator
2023-05-08 9:43 [PATCH 5.15 000/371] 5.15.111-rc1 review Greg Kroah-Hartman
` (123 preceding siblings ...)
2023-05-08 9:45 ` [PATCH 5.15 124/371] arm64: dts: qcom: msm8994-kitakami: drop unit address from PMI8994 regulator Greg Kroah-Hartman
@ 2023-05-08 9:45 ` Greg Kroah-Hartman
2023-05-08 9:45 ` [PATCH 5.15 126/371] drm/ttm: optimize pool allocations a bit v2 Greg Kroah-Hartman
` (249 subsequent siblings)
374 siblings, 0 replies; 391+ messages in thread
From: Greg Kroah-Hartman @ 2023-05-08 9:45 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Krzysztof Kozlowski, Konrad Dybcio,
Bjorn Andersson, Sasha Levin
From: Krzysztof Kozlowski <krzysztof.kozlowski@linaro.org>
[ Upstream commit 7a202df0f3eed006e4a9e7c06d62cf67be56c14c ]
The PMIC regulators are not supposed to have unit addresses.
Fixes: 60b214effb80 ("arm64: dts: qcom: msm8994-octagon: Configure regulators")
Signed-off-by: Krzysztof Kozlowski <krzysztof.kozlowski@linaro.org>
Reviewed-by: Konrad Dybcio <konrad.dybcio@linaro.org>
Signed-off-by: Bjorn Andersson <andersson@kernel.org>
Link: https://lore.kernel.org/r/20230312183622.460488-7-krzysztof.kozlowski@linaro.org
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/arm64/boot/dts/qcom/msm8994-msft-lumia-octagon.dtsi | 3 +--
1 file changed, 1 insertion(+), 2 deletions(-)
diff --git a/arch/arm64/boot/dts/qcom/msm8994-msft-lumia-octagon.dtsi b/arch/arm64/boot/dts/qcom/msm8994-msft-lumia-octagon.dtsi
index 3a3790a52a2ce..e2d08915ec426 100644
--- a/arch/arm64/boot/dts/qcom/msm8994-msft-lumia-octagon.dtsi
+++ b/arch/arm64/boot/dts/qcom/msm8994-msft-lumia-octagon.dtsi
@@ -540,8 +540,7 @@
};
&pmi8994_spmi_regulators {
- vdd_gfx: s2@1700 {
- reg = <0x1700 0x100>;
+ vdd_gfx: s2 {
regulator-min-microvolt = <980000>;
regulator-max-microvolt = <980000>;
};
--
2.39.2
^ permalink raw reply related [flat|nested] 391+ messages in thread
* [PATCH 5.15 126/371] drm/ttm: optimize pool allocations a bit v2
2023-05-08 9:43 [PATCH 5.15 000/371] 5.15.111-rc1 review Greg Kroah-Hartman
` (124 preceding siblings ...)
2023-05-08 9:45 ` [PATCH 5.15 125/371] arm64: dts: qcom: msm8994-msft-lumia-octagon: " Greg Kroah-Hartman
@ 2023-05-08 9:45 ` Greg Kroah-Hartman
2023-05-08 9:45 ` Greg Kroah-Hartman
` (248 subsequent siblings)
374 siblings, 0 replies; 391+ messages in thread
From: Greg Kroah-Hartman @ 2023-05-08 9:45 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Christian König,
Felix Kuehling, Sasha Levin
From: Christian König <christian.koenig@amd.com>
[ Upstream commit 735c466465eba51deaee3012d8403c10fc7c8c03 ]
If we got a page pool use it as much as possible.
If we can't get more pages from the pool allocate as much as possible.
Only if that still doesn't work reduce the order and try again.
v2: minor cleanups
Signed-off-by: Christian König <christian.koenig@amd.com>
Reviewed-by: Felix Kuehling <Felix.Kuehling@amd.com>
Link: https://patchwork.freedesktop.org/patch/msgid/20221107195808.1873-1-christian.koenig@amd.com
Stable-dep-of: 379989e7cbdc ("drm/ttm/pool: Fix ttm_pool_alloc error path")
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/gpu/drm/ttm/ttm_pool.c | 82 ++++++++++++++++++++++++----------
1 file changed, 58 insertions(+), 24 deletions(-)
diff --git a/drivers/gpu/drm/ttm/ttm_pool.c b/drivers/gpu/drm/ttm/ttm_pool.c
index 82cbb29a05aa3..603b044833048 100644
--- a/drivers/gpu/drm/ttm/ttm_pool.c
+++ b/drivers/gpu/drm/ttm/ttm_pool.c
@@ -345,6 +345,28 @@ static unsigned int ttm_pool_page_order(struct ttm_pool *pool, struct page *p)
return p->private;
}
+/* Called when we got a page, either from a pool or newly allocated */
+static int ttm_pool_page_allocated(struct ttm_pool *pool, unsigned int order,
+ struct page *p, dma_addr_t **dma_addr,
+ unsigned long *num_pages,
+ struct page ***pages)
+{
+ unsigned int i;
+ int r;
+
+ if (*dma_addr) {
+ r = ttm_pool_map(pool, order, p, dma_addr);
+ if (r)
+ return r;
+ }
+
+ *num_pages -= 1 << order;
+ for (i = 1 << order; i; --i, ++(*pages), ++p)
+ **pages = p;
+
+ return 0;
+}
+
/**
* ttm_pool_alloc - Fill a ttm_tt object
*
@@ -386,45 +408,57 @@ int ttm_pool_alloc(struct ttm_pool *pool, struct ttm_tt *tt,
for (order = min_t(unsigned int, MAX_ORDER - 1, __fls(num_pages));
num_pages;
order = min_t(unsigned int, order, __fls(num_pages))) {
- bool apply_caching = false;
struct ttm_pool_type *pt;
pt = ttm_pool_select_type(pool, tt->caching, order);
p = pt ? ttm_pool_type_take(pt) : NULL;
if (p) {
- apply_caching = true;
- } else {
- p = ttm_pool_alloc_page(pool, gfp_flags, order);
- if (p && PageHighMem(p))
- apply_caching = true;
- }
-
- if (!p) {
- if (order) {
- --order;
- continue;
- }
- r = -ENOMEM;
- goto error_free_all;
- }
-
- if (apply_caching) {
r = ttm_pool_apply_caching(caching, pages,
tt->caching);
if (r)
goto error_free_page;
- caching = pages + (1 << order);
+
+ do {
+ r = ttm_pool_page_allocated(pool, order, p,
+ &dma_addr,
+ &num_pages,
+ &pages);
+ if (r)
+ goto error_free_page;
+
+ if (num_pages < (1 << order))
+ break;
+
+ p = ttm_pool_type_take(pt);
+ } while (p);
+ caching = pages;
}
- if (dma_addr) {
- r = ttm_pool_map(pool, order, p, &dma_addr);
+ while (num_pages >= (1 << order) &&
+ (p = ttm_pool_alloc_page(pool, gfp_flags, order))) {
+
+ if (PageHighMem(p)) {
+ r = ttm_pool_apply_caching(caching, pages,
+ tt->caching);
+ if (r)
+ goto error_free_page;
+ }
+ r = ttm_pool_page_allocated(pool, order, p, &dma_addr,
+ &num_pages, &pages);
if (r)
goto error_free_page;
+ if (PageHighMem(p))
+ caching = pages;
}
- num_pages -= 1 << order;
- for (i = 1 << order; i; --i)
- *(pages++) = p++;
+ if (!p) {
+ if (order) {
+ --order;
+ continue;
+ }
+ r = -ENOMEM;
+ goto error_free_all;
+ }
}
r = ttm_pool_apply_caching(caching, pages, tt->caching);
--
2.39.2
^ permalink raw reply related [flat|nested] 391+ messages in thread
* [PATCH 5.15 127/371] drm/ttm/pool: Fix ttm_pool_alloc error path
2023-05-08 9:43 [PATCH 5.15 000/371] 5.15.111-rc1 review Greg Kroah-Hartman
@ 2023-05-08 9:45 ` Greg Kroah-Hartman
2023-05-08 9:43 ` [PATCH 5.15 002/371] ASoC: soc-pcm: fix hw->formats cleared by soc_pcm_hw_init() for dpcm Greg Kroah-Hartman
` (373 subsequent siblings)
374 siblings, 0 replies; 391+ messages in thread
From: Greg Kroah-Hartman @ 2023-05-08 9:45 UTC (permalink / raw)
To: stable
Cc: Sasha Levin, Thomas Hellström, Greg Kroah-Hartman, patches,
dri-devel, Huang Rui, Dave Airlie, Christian König
From: Thomas Hellström <thomas.hellstrom@linux.intel.com>
[ Upstream commit 379989e7cbdc7aa7496a00ee286ec146c7599cf0 ]
When hitting an error, the error path forgot to unmap dma mappings and
could call set_pages_wb() on already uncached pages.
Fix this by introducing a common ttm_pool_free_range() function that
does the right thing.
v2:
- Simplify that common function (Christian König)
v3:
- Rename that common function to ttm_pool_free_range() (Christian König)
Fixes: d099fc8f540a ("drm/ttm: new TT backend allocation pool v3")
Cc: Christian König <christian.koenig@amd.com>
Cc: Dave Airlie <airlied@redhat.com>
Cc: Christian Koenig <christian.koenig@amd.com>
Cc: Huang Rui <ray.huang@amd.com>
Cc: dri-devel@lists.freedesktop.org
Signed-off-by: Thomas Hellström <thomas.hellstrom@linux.intel.com>
Reviewed-by: Christian König <christian.koenig@amd.com>
Link: https://patchwork.freedesktop.org/patch/msgid/20230404200650.11043-2-thomas.hellstrom@linux.intel.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/gpu/drm/ttm/ttm_pool.c | 81 +++++++++++++++++++++-------------
1 file changed, 51 insertions(+), 30 deletions(-)
diff --git a/drivers/gpu/drm/ttm/ttm_pool.c b/drivers/gpu/drm/ttm/ttm_pool.c
index 603b044833048..aa3512af051ad 100644
--- a/drivers/gpu/drm/ttm/ttm_pool.c
+++ b/drivers/gpu/drm/ttm/ttm_pool.c
@@ -367,6 +367,43 @@ static int ttm_pool_page_allocated(struct ttm_pool *pool, unsigned int order,
return 0;
}
+/**
+ * ttm_pool_free_range() - Free a range of TTM pages
+ * @pool: The pool used for allocating.
+ * @tt: The struct ttm_tt holding the page pointers.
+ * @caching: The page caching mode used by the range.
+ * @start_page: index for first page to free.
+ * @end_page: index for last page to free + 1.
+ *
+ * During allocation the ttm_tt page-vector may be populated with ranges of
+ * pages with different attributes if allocation hit an error without being
+ * able to completely fulfill the allocation. This function can be used
+ * to free these individual ranges.
+ */
+static void ttm_pool_free_range(struct ttm_pool *pool, struct ttm_tt *tt,
+ enum ttm_caching caching,
+ pgoff_t start_page, pgoff_t end_page)
+{
+ struct page **pages = tt->pages;
+ unsigned int order;
+ pgoff_t i, nr;
+
+ for (i = start_page; i < end_page; i += nr, pages += nr) {
+ struct ttm_pool_type *pt = NULL;
+
+ order = ttm_pool_page_order(pool, *pages);
+ nr = (1UL << order);
+ if (tt->dma_address)
+ ttm_pool_unmap(pool, tt->dma_address[i], nr);
+
+ pt = ttm_pool_select_type(pool, caching, order);
+ if (pt)
+ ttm_pool_type_give(pt, *pages);
+ else
+ ttm_pool_free_page(pool, caching, order, *pages);
+ }
+}
+
/**
* ttm_pool_alloc - Fill a ttm_tt object
*
@@ -382,12 +419,14 @@ static int ttm_pool_page_allocated(struct ttm_pool *pool, unsigned int order,
int ttm_pool_alloc(struct ttm_pool *pool, struct ttm_tt *tt,
struct ttm_operation_ctx *ctx)
{
- unsigned long num_pages = tt->num_pages;
+ pgoff_t num_pages = tt->num_pages;
dma_addr_t *dma_addr = tt->dma_address;
struct page **caching = tt->pages;
struct page **pages = tt->pages;
+ enum ttm_caching page_caching;
gfp_t gfp_flags = GFP_USER;
- unsigned int i, order;
+ pgoff_t caching_divide;
+ unsigned int order;
struct page *p;
int r;
@@ -410,6 +449,7 @@ int ttm_pool_alloc(struct ttm_pool *pool, struct ttm_tt *tt,
order = min_t(unsigned int, order, __fls(num_pages))) {
struct ttm_pool_type *pt;
+ page_caching = tt->caching;
pt = ttm_pool_select_type(pool, tt->caching, order);
p = pt ? ttm_pool_type_take(pt) : NULL;
if (p) {
@@ -418,6 +458,7 @@ int ttm_pool_alloc(struct ttm_pool *pool, struct ttm_tt *tt,
if (r)
goto error_free_page;
+ caching = pages;
do {
r = ttm_pool_page_allocated(pool, order, p,
&dma_addr,
@@ -426,14 +467,15 @@ int ttm_pool_alloc(struct ttm_pool *pool, struct ttm_tt *tt,
if (r)
goto error_free_page;
+ caching = pages;
if (num_pages < (1 << order))
break;
p = ttm_pool_type_take(pt);
} while (p);
- caching = pages;
}
+ page_caching = ttm_cached;
while (num_pages >= (1 << order) &&
(p = ttm_pool_alloc_page(pool, gfp_flags, order))) {
@@ -442,6 +484,7 @@ int ttm_pool_alloc(struct ttm_pool *pool, struct ttm_tt *tt,
tt->caching);
if (r)
goto error_free_page;
+ caching = pages;
}
r = ttm_pool_page_allocated(pool, order, p, &dma_addr,
&num_pages, &pages);
@@ -468,15 +511,13 @@ int ttm_pool_alloc(struct ttm_pool *pool, struct ttm_tt *tt,
return 0;
error_free_page:
- ttm_pool_free_page(pool, tt->caching, order, p);
+ ttm_pool_free_page(pool, page_caching, order, p);
error_free_all:
num_pages = tt->num_pages - num_pages;
- for (i = 0; i < num_pages; ) {
- order = ttm_pool_page_order(pool, tt->pages[i]);
- ttm_pool_free_page(pool, tt->caching, order, tt->pages[i]);
- i += 1 << order;
- }
+ caching_divide = caching - tt->pages;
+ ttm_pool_free_range(pool, tt, tt->caching, 0, caching_divide);
+ ttm_pool_free_range(pool, tt, ttm_cached, caching_divide, num_pages);
return r;
}
@@ -492,27 +533,7 @@ EXPORT_SYMBOL(ttm_pool_alloc);
*/
void ttm_pool_free(struct ttm_pool *pool, struct ttm_tt *tt)
{
- unsigned int i;
-
- for (i = 0; i < tt->num_pages; ) {
- struct page *p = tt->pages[i];
- unsigned int order, num_pages;
- struct ttm_pool_type *pt;
-
- order = ttm_pool_page_order(pool, p);
- num_pages = 1ULL << order;
- if (tt->dma_address)
- ttm_pool_unmap(pool, tt->dma_address[i], num_pages);
-
- pt = ttm_pool_select_type(pool, tt->caching, order);
- if (pt)
- ttm_pool_type_give(pt, tt->pages[i]);
- else
- ttm_pool_free_page(pool, tt->caching, order,
- tt->pages[i]);
-
- i += num_pages;
- }
+ ttm_pool_free_range(pool, tt, tt->caching, 0, tt->num_pages);
while (atomic_long_read(&allocated_pages) > page_pool_size)
ttm_pool_shrink();
--
2.39.2
^ permalink raw reply related [flat|nested] 391+ messages in thread
* [PATCH 5.15 127/371] drm/ttm/pool: Fix ttm_pool_alloc error path
@ 2023-05-08 9:45 ` Greg Kroah-Hartman
0 siblings, 0 replies; 391+ messages in thread
From: Greg Kroah-Hartman @ 2023-05-08 9:45 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Christian König, Dave Airlie,
Huang Rui, dri-devel, Thomas Hellström, Sasha Levin
From: Thomas Hellström <thomas.hellstrom@linux.intel.com>
[ Upstream commit 379989e7cbdc7aa7496a00ee286ec146c7599cf0 ]
When hitting an error, the error path forgot to unmap dma mappings and
could call set_pages_wb() on already uncached pages.
Fix this by introducing a common ttm_pool_free_range() function that
does the right thing.
v2:
- Simplify that common function (Christian König)
v3:
- Rename that common function to ttm_pool_free_range() (Christian König)
Fixes: d099fc8f540a ("drm/ttm: new TT backend allocation pool v3")
Cc: Christian König <christian.koenig@amd.com>
Cc: Dave Airlie <airlied@redhat.com>
Cc: Christian Koenig <christian.koenig@amd.com>
Cc: Huang Rui <ray.huang@amd.com>
Cc: dri-devel@lists.freedesktop.org
Signed-off-by: Thomas Hellström <thomas.hellstrom@linux.intel.com>
Reviewed-by: Christian König <christian.koenig@amd.com>
Link: https://patchwork.freedesktop.org/patch/msgid/20230404200650.11043-2-thomas.hellstrom@linux.intel.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/gpu/drm/ttm/ttm_pool.c | 81 +++++++++++++++++++++-------------
1 file changed, 51 insertions(+), 30 deletions(-)
diff --git a/drivers/gpu/drm/ttm/ttm_pool.c b/drivers/gpu/drm/ttm/ttm_pool.c
index 603b044833048..aa3512af051ad 100644
--- a/drivers/gpu/drm/ttm/ttm_pool.c
+++ b/drivers/gpu/drm/ttm/ttm_pool.c
@@ -367,6 +367,43 @@ static int ttm_pool_page_allocated(struct ttm_pool *pool, unsigned int order,
return 0;
}
+/**
+ * ttm_pool_free_range() - Free a range of TTM pages
+ * @pool: The pool used for allocating.
+ * @tt: The struct ttm_tt holding the page pointers.
+ * @caching: The page caching mode used by the range.
+ * @start_page: index for first page to free.
+ * @end_page: index for last page to free + 1.
+ *
+ * During allocation the ttm_tt page-vector may be populated with ranges of
+ * pages with different attributes if allocation hit an error without being
+ * able to completely fulfill the allocation. This function can be used
+ * to free these individual ranges.
+ */
+static void ttm_pool_free_range(struct ttm_pool *pool, struct ttm_tt *tt,
+ enum ttm_caching caching,
+ pgoff_t start_page, pgoff_t end_page)
+{
+ struct page **pages = tt->pages;
+ unsigned int order;
+ pgoff_t i, nr;
+
+ for (i = start_page; i < end_page; i += nr, pages += nr) {
+ struct ttm_pool_type *pt = NULL;
+
+ order = ttm_pool_page_order(pool, *pages);
+ nr = (1UL << order);
+ if (tt->dma_address)
+ ttm_pool_unmap(pool, tt->dma_address[i], nr);
+
+ pt = ttm_pool_select_type(pool, caching, order);
+ if (pt)
+ ttm_pool_type_give(pt, *pages);
+ else
+ ttm_pool_free_page(pool, caching, order, *pages);
+ }
+}
+
/**
* ttm_pool_alloc - Fill a ttm_tt object
*
@@ -382,12 +419,14 @@ static int ttm_pool_page_allocated(struct ttm_pool *pool, unsigned int order,
int ttm_pool_alloc(struct ttm_pool *pool, struct ttm_tt *tt,
struct ttm_operation_ctx *ctx)
{
- unsigned long num_pages = tt->num_pages;
+ pgoff_t num_pages = tt->num_pages;
dma_addr_t *dma_addr = tt->dma_address;
struct page **caching = tt->pages;
struct page **pages = tt->pages;
+ enum ttm_caching page_caching;
gfp_t gfp_flags = GFP_USER;
- unsigned int i, order;
+ pgoff_t caching_divide;
+ unsigned int order;
struct page *p;
int r;
@@ -410,6 +449,7 @@ int ttm_pool_alloc(struct ttm_pool *pool, struct ttm_tt *tt,
order = min_t(unsigned int, order, __fls(num_pages))) {
struct ttm_pool_type *pt;
+ page_caching = tt->caching;
pt = ttm_pool_select_type(pool, tt->caching, order);
p = pt ? ttm_pool_type_take(pt) : NULL;
if (p) {
@@ -418,6 +458,7 @@ int ttm_pool_alloc(struct ttm_pool *pool, struct ttm_tt *tt,
if (r)
goto error_free_page;
+ caching = pages;
do {
r = ttm_pool_page_allocated(pool, order, p,
&dma_addr,
@@ -426,14 +467,15 @@ int ttm_pool_alloc(struct ttm_pool *pool, struct ttm_tt *tt,
if (r)
goto error_free_page;
+ caching = pages;
if (num_pages < (1 << order))
break;
p = ttm_pool_type_take(pt);
} while (p);
- caching = pages;
}
+ page_caching = ttm_cached;
while (num_pages >= (1 << order) &&
(p = ttm_pool_alloc_page(pool, gfp_flags, order))) {
@@ -442,6 +484,7 @@ int ttm_pool_alloc(struct ttm_pool *pool, struct ttm_tt *tt,
tt->caching);
if (r)
goto error_free_page;
+ caching = pages;
}
r = ttm_pool_page_allocated(pool, order, p, &dma_addr,
&num_pages, &pages);
@@ -468,15 +511,13 @@ int ttm_pool_alloc(struct ttm_pool *pool, struct ttm_tt *tt,
return 0;
error_free_page:
- ttm_pool_free_page(pool, tt->caching, order, p);
+ ttm_pool_free_page(pool, page_caching, order, p);
error_free_all:
num_pages = tt->num_pages - num_pages;
- for (i = 0; i < num_pages; ) {
- order = ttm_pool_page_order(pool, tt->pages[i]);
- ttm_pool_free_page(pool, tt->caching, order, tt->pages[i]);
- i += 1 << order;
- }
+ caching_divide = caching - tt->pages;
+ ttm_pool_free_range(pool, tt, tt->caching, 0, caching_divide);
+ ttm_pool_free_range(pool, tt, ttm_cached, caching_divide, num_pages);
return r;
}
@@ -492,27 +533,7 @@ EXPORT_SYMBOL(ttm_pool_alloc);
*/
void ttm_pool_free(struct ttm_pool *pool, struct ttm_tt *tt)
{
- unsigned int i;
-
- for (i = 0; i < tt->num_pages; ) {
- struct page *p = tt->pages[i];
- unsigned int order, num_pages;
- struct ttm_pool_type *pt;
-
- order = ttm_pool_page_order(pool, p);
- num_pages = 1ULL << order;
- if (tt->dma_address)
- ttm_pool_unmap(pool, tt->dma_address[i], num_pages);
-
- pt = ttm_pool_select_type(pool, tt->caching, order);
- if (pt)
- ttm_pool_type_give(pt, tt->pages[i]);
- else
- ttm_pool_free_page(pool, tt->caching, order,
- tt->pages[i]);
-
- i += num_pages;
- }
+ ttm_pool_free_range(pool, tt, tt->caching, 0, tt->num_pages);
while (atomic_long_read(&allocated_pages) > page_pool_size)
ttm_pool_shrink();
--
2.39.2
^ permalink raw reply related [flat|nested] 391+ messages in thread
* [PATCH 5.15 128/371] regulator: core: Consistently set mutex_owner when using ww_mutex_lock_slow()
2023-05-08 9:43 [PATCH 5.15 000/371] 5.15.111-rc1 review Greg Kroah-Hartman
` (126 preceding siblings ...)
2023-05-08 9:45 ` Greg Kroah-Hartman
@ 2023-05-08 9:45 ` Greg Kroah-Hartman
2023-05-08 9:45 ` [PATCH 5.15 129/371] regulator: core: Avoid lockdep reports when resolving supplies Greg Kroah-Hartman
` (246 subsequent siblings)
374 siblings, 0 replies; 391+ messages in thread
From: Greg Kroah-Hartman @ 2023-05-08 9:45 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Douglas Anderson, Mark Brown, Sasha Levin
From: Douglas Anderson <dianders@chromium.org>
[ Upstream commit b83a1772be854f87602de14726737d3e5b06e1f4 ]
When a codepath locks a rdev using ww_mutex_lock_slow() directly then
that codepath is responsible for incrementing the "ref_cnt" and also
setting the "mutex_owner" to "current".
The regulator core consistently got that right for "ref_cnt" but
didn't always get it right for "mutex_owner". Let's fix this.
It's unlikely that this truly matters because the "mutex_owner" is
only needed if we're going to do subsequent locking of the same
rdev. However, even though it's not truly needed it seems less
surprising if we consistently set "mutex_owner" properly.
Fixes: f8702f9e4aa7 ("regulator: core: Use ww_mutex for regulators locking")
Signed-off-by: Douglas Anderson <dianders@chromium.org>
Link: https://lore.kernel.org/r/20230329143317.RFC.v2.1.I4e9d433ea26360c06dd1381d091c82bb1a4ce843@changeid
Signed-off-by: Mark Brown <broonie@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/regulator/core.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/drivers/regulator/core.c b/drivers/regulator/core.c
index e876702d6ef36..48db0735e3dba 100644
--- a/drivers/regulator/core.c
+++ b/drivers/regulator/core.c
@@ -333,6 +333,7 @@ static void regulator_lock_dependent(struct regulator_dev *rdev,
ww_mutex_lock_slow(&new_contended_rdev->mutex, ww_ctx);
old_contended_rdev = new_contended_rdev;
old_contended_rdev->ref_cnt++;
+ old_contended_rdev->mutex_owner = current;
}
err = regulator_lock_recursive(rdev,
@@ -5966,6 +5967,7 @@ static void regulator_summary_lock(struct ww_acquire_ctx *ww_ctx)
ww_mutex_lock_slow(&new_contended_rdev->mutex, ww_ctx);
old_contended_rdev = new_contended_rdev;
old_contended_rdev->ref_cnt++;
+ old_contended_rdev->mutex_owner = current;
}
err = regulator_summary_lock_all(ww_ctx,
--
2.39.2
^ permalink raw reply related [flat|nested] 391+ messages in thread
* [PATCH 5.15 129/371] regulator: core: Avoid lockdep reports when resolving supplies
2023-05-08 9:43 [PATCH 5.15 000/371] 5.15.111-rc1 review Greg Kroah-Hartman
` (127 preceding siblings ...)
2023-05-08 9:45 ` [PATCH 5.15 128/371] regulator: core: Consistently set mutex_owner when using ww_mutex_lock_slow() Greg Kroah-Hartman
@ 2023-05-08 9:45 ` Greg Kroah-Hartman
2023-05-08 9:45 ` [PATCH 5.15 130/371] x86/apic: Fix atomic update of offset in reserve_eilvt_offset() Greg Kroah-Hartman
` (245 subsequent siblings)
374 siblings, 0 replies; 391+ messages in thread
From: Greg Kroah-Hartman @ 2023-05-08 9:45 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Douglas Anderson, Mark Brown, Sasha Levin
From: Douglas Anderson <dianders@chromium.org>
[ Upstream commit cba6cfdc7c3f1516f0d08ddfb24e689af0932573 ]
An automated bot told me that there was a potential lockdep problem
with regulators. This was on the chromeos-5.15 kernel, but I see
nothing that would be different downstream compared to upstream. The
bot said:
============================================
WARNING: possible recursive locking detected
5.15.104-lockdep-17461-gc1e499ed6604 #1 Not tainted
--------------------------------------------
kworker/u16:4/115 is trying to acquire lock:
ffffff8083110170 (regulator_ww_class_mutex){+.+.}-{3:3}, at: create_regulator+0x398/0x7ec
but task is already holding lock:
ffffff808378e170 (regulator_ww_class_mutex){+.+.}-{3:3}, at: ww_mutex_trylock+0x3c/0x7b8
other info that might help us debug this:
Possible unsafe locking scenario:
CPU0
----
lock(regulator_ww_class_mutex);
lock(regulator_ww_class_mutex);
*** DEADLOCK ***
May be due to missing lock nesting notation
4 locks held by kworker/u16:4/115:
#0: ffffff808006a948 ((wq_completion)events_unbound){+.+.}-{0:0}, at: process_one_work+0x520/0x1348
#1: ffffffc00e0a7cc0 ((work_completion)(&entry->work)){+.+.}-{0:0}, at: process_one_work+0x55c/0x1348
#2: ffffff80828a2260 (&dev->mutex){....}-{3:3}, at: __device_attach_async_helper+0xd0/0x2a4
#3: ffffff808378e170 (regulator_ww_class_mutex){+.+.}-{3:3}, at: ww_mutex_trylock+0x3c/0x7b8
stack backtrace:
CPU: 2 PID: 115 Comm: kworker/u16:4 Not tainted 5.15.104-lockdep-17461-gc1e499ed6604 #1 9292e52fa83c0e23762b2b3aa1bacf5787a4d5da
Hardware name: Google Quackingstick (rev0+) (DT)
Workqueue: events_unbound async_run_entry_fn
Call trace:
dump_backtrace+0x0/0x4ec
show_stack+0x34/0x50
dump_stack_lvl+0xdc/0x11c
dump_stack+0x1c/0x48
__lock_acquire+0x16d4/0x6c74
lock_acquire+0x208/0x750
__mutex_lock_common+0x11c/0x11f8
ww_mutex_lock+0xc0/0x440
create_regulator+0x398/0x7ec
regulator_resolve_supply+0x654/0x7c4
regulator_register_resolve_supply+0x30/0x120
class_for_each_device+0x1b8/0x230
regulator_register+0x17a4/0x1f40
devm_regulator_register+0x60/0xd0
reg_fixed_voltage_probe+0x728/0xaec
platform_probe+0x150/0x1c8
really_probe+0x274/0xa20
__driver_probe_device+0x1dc/0x3f4
driver_probe_device+0x78/0x1c0
__device_attach_driver+0x1ac/0x2c8
bus_for_each_drv+0x11c/0x190
__device_attach_async_helper+0x1e4/0x2a4
async_run_entry_fn+0xa0/0x3ac
process_one_work+0x638/0x1348
worker_thread+0x4a8/0x9c4
kthread+0x2e4/0x3a0
ret_from_fork+0x10/0x20
The problem was first reported soon after we made many of the
regulators probe asynchronously, though nothing I've seen implies that
the problems couldn't have also happened even without that.
I haven't personally been able to reproduce the lockdep issue, but the
issue does look somewhat legitimate. Specifically, it looks like in
regulator_resolve_supply() we are holding a "rdev" lock while calling
set_supply() -> create_regulator() which grabs the lock of a
_different_ "rdev" (the one for our supply). This is not necessarily
safe from a lockdep perspective since there is no documented ordering
between these two locks.
In reality, we should always be locking a regulator before the
supplying regulator, so I don't expect there to be any real deadlocks
in practice. However, the regulator framework in general doesn't
express this to lockdep.
Let's fix the issue by simply grabbing the two locks involved in the
same way we grab multiple locks elsewhere in the regulator framework:
using the "wound/wait" mechanisms.
Fixes: eaa7995c529b ("regulator: core: avoid regulator_resolve_supply() race condition")
Signed-off-by: Douglas Anderson <dianders@chromium.org>
Link: https://lore.kernel.org/r/20230329143317.RFC.v2.2.I30d8e1ca10cfbe5403884cdd192253a2e063eb9e@changeid
Signed-off-by: Mark Brown <broonie@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/regulator/core.c | 91 ++++++++++++++++++++++++++++++++++++----
1 file changed, 83 insertions(+), 8 deletions(-)
diff --git a/drivers/regulator/core.c b/drivers/regulator/core.c
index 48db0735e3dba..9ddb80d10dee3 100644
--- a/drivers/regulator/core.c
+++ b/drivers/regulator/core.c
@@ -206,6 +206,78 @@ static void regulator_unlock(struct regulator_dev *rdev)
mutex_unlock(®ulator_nesting_mutex);
}
+/**
+ * regulator_lock_two - lock two regulators
+ * @rdev1: first regulator
+ * @rdev2: second regulator
+ * @ww_ctx: w/w mutex acquire context
+ *
+ * Locks both rdevs using the regulator_ww_class.
+ */
+static void regulator_lock_two(struct regulator_dev *rdev1,
+ struct regulator_dev *rdev2,
+ struct ww_acquire_ctx *ww_ctx)
+{
+ struct regulator_dev *tmp;
+ int ret;
+
+ ww_acquire_init(ww_ctx, ®ulator_ww_class);
+
+ /* Try to just grab both of them */
+ ret = regulator_lock_nested(rdev1, ww_ctx);
+ WARN_ON(ret);
+ ret = regulator_lock_nested(rdev2, ww_ctx);
+ if (ret != -EDEADLOCK) {
+ WARN_ON(ret);
+ goto exit;
+ }
+
+ while (true) {
+ /*
+ * Start of loop: rdev1 was locked and rdev2 was contended.
+ * Need to unlock rdev1, slowly lock rdev2, then try rdev1
+ * again.
+ */
+ regulator_unlock(rdev1);
+
+ ww_mutex_lock_slow(&rdev2->mutex, ww_ctx);
+ rdev2->ref_cnt++;
+ rdev2->mutex_owner = current;
+ ret = regulator_lock_nested(rdev1, ww_ctx);
+
+ if (ret == -EDEADLOCK) {
+ /* More contention; swap which needs to be slow */
+ tmp = rdev1;
+ rdev1 = rdev2;
+ rdev2 = tmp;
+ } else {
+ WARN_ON(ret);
+ break;
+ }
+ }
+
+exit:
+ ww_acquire_done(ww_ctx);
+}
+
+/**
+ * regulator_unlock_two - unlock two regulators
+ * @rdev1: first regulator
+ * @rdev2: second regulator
+ * @ww_ctx: w/w mutex acquire context
+ *
+ * The inverse of regulator_lock_two().
+ */
+
+static void regulator_unlock_two(struct regulator_dev *rdev1,
+ struct regulator_dev *rdev2,
+ struct ww_acquire_ctx *ww_ctx)
+{
+ regulator_unlock(rdev2);
+ regulator_unlock(rdev1);
+ ww_acquire_fini(ww_ctx);
+}
+
static bool regulator_supply_is_couple(struct regulator_dev *rdev)
{
struct regulator_dev *c_rdev;
@@ -1583,8 +1655,8 @@ static int set_machine_constraints(struct regulator_dev *rdev)
/**
* set_supply - set regulator supply regulator
- * @rdev: regulator name
- * @supply_rdev: supply regulator name
+ * @rdev: regulator (locked)
+ * @supply_rdev: supply regulator (locked))
*
* Called by platform initialisation code to set the supply regulator for this
* regulator. This ensures that a regulators supply will also be enabled by the
@@ -1756,6 +1828,8 @@ static struct regulator *create_regulator(struct regulator_dev *rdev,
struct regulator *regulator;
int err = 0;
+ lockdep_assert_held_once(&rdev->mutex.base);
+
if (dev) {
char buf[REG_STR_SIZE];
int size;
@@ -1783,9 +1857,7 @@ static struct regulator *create_regulator(struct regulator_dev *rdev,
regulator->rdev = rdev;
regulator->supply_name = supply_name;
- regulator_lock(rdev);
list_add(®ulator->list, &rdev->consumer_list);
- regulator_unlock(rdev);
if (dev) {
regulator->dev = dev;
@@ -1951,6 +2023,7 @@ static int regulator_resolve_supply(struct regulator_dev *rdev)
{
struct regulator_dev *r;
struct device *dev = rdev->dev.parent;
+ struct ww_acquire_ctx ww_ctx;
int ret = 0;
/* No supply to resolve? */
@@ -2017,23 +2090,23 @@ static int regulator_resolve_supply(struct regulator_dev *rdev)
* between rdev->supply null check and setting rdev->supply in
* set_supply() from concurrent tasks.
*/
- regulator_lock(rdev);
+ regulator_lock_two(rdev, r, &ww_ctx);
/* Supply just resolved by a concurrent task? */
if (rdev->supply) {
- regulator_unlock(rdev);
+ regulator_unlock_two(rdev, r, &ww_ctx);
put_device(&r->dev);
goto out;
}
ret = set_supply(rdev, r);
if (ret < 0) {
- regulator_unlock(rdev);
+ regulator_unlock_two(rdev, r, &ww_ctx);
put_device(&r->dev);
goto out;
}
- regulator_unlock(rdev);
+ regulator_unlock_two(rdev, r, &ww_ctx);
/*
* In set_machine_constraints() we may have turned this regulator on
@@ -2146,7 +2219,9 @@ struct regulator *_regulator_get(struct device *dev, const char *id,
return regulator;
}
+ regulator_lock(rdev);
regulator = create_regulator(rdev, dev, id);
+ regulator_unlock(rdev);
if (regulator == NULL) {
regulator = ERR_PTR(-ENOMEM);
module_put(rdev->owner);
--
2.39.2
^ permalink raw reply related [flat|nested] 391+ messages in thread
* [PATCH 5.15 130/371] x86/apic: Fix atomic update of offset in reserve_eilvt_offset()
2023-05-08 9:43 [PATCH 5.15 000/371] 5.15.111-rc1 review Greg Kroah-Hartman
` (128 preceding siblings ...)
2023-05-08 9:45 ` [PATCH 5.15 129/371] regulator: core: Avoid lockdep reports when resolving supplies Greg Kroah-Hartman
@ 2023-05-08 9:45 ` Greg Kroah-Hartman
2023-05-08 9:45 ` [PATCH 5.15 131/371] media: rkvdec: fix use after free bug in rkvdec_remove Greg Kroah-Hartman
` (244 subsequent siblings)
374 siblings, 0 replies; 391+ messages in thread
From: Greg Kroah-Hartman @ 2023-05-08 9:45 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Uros Bizjak, Borislav Petkov (AMD),
Sasha Levin
From: Uros Bizjak <ubizjak@gmail.com>
[ Upstream commit f96fb2df3eb31ede1b34b0521560967310267750 ]
The detection of atomic update failure in reserve_eilvt_offset() is
not correct. The value returned by atomic_cmpxchg() should be compared
to the old value from the location to be updated.
If these two are the same, then atomic update succeeded and
"eilvt_offsets[offset]" location is updated to "new" in an atomic way.
Otherwise, the atomic update failed and it should be retried with the
value from "eilvt_offsets[offset]" - exactly what atomic_try_cmpxchg()
does in a correct and more optimal way.
Fixes: a68c439b1966c ("apic, x86: Check if EILVT APIC registers are available (AMD only)")
Signed-off-by: Uros Bizjak <ubizjak@gmail.com>
Signed-off-by: Borislav Petkov (AMD) <bp@alien8.de>
Link: https://lore.kernel.org/r/20230227160917.107820-1-ubizjak@gmail.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/x86/kernel/apic/apic.c | 5 ++---
1 file changed, 2 insertions(+), 3 deletions(-)
diff --git a/arch/x86/kernel/apic/apic.c b/arch/x86/kernel/apic/apic.c
index ed7d9cf71f68d..4df7d694369a5 100644
--- a/arch/x86/kernel/apic/apic.c
+++ b/arch/x86/kernel/apic/apic.c
@@ -412,10 +412,9 @@ static unsigned int reserve_eilvt_offset(int offset, unsigned int new)
if (vector && !eilvt_entry_is_changeable(vector, new))
/* may not change if vectors are different */
return rsvd;
- rsvd = atomic_cmpxchg(&eilvt_offsets[offset], rsvd, new);
- } while (rsvd != new);
+ } while (!atomic_try_cmpxchg(&eilvt_offsets[offset], &rsvd, new));
- rsvd &= ~APIC_EILVT_MASKED;
+ rsvd = new & ~APIC_EILVT_MASKED;
if (rsvd && rsvd != vector)
pr_info("LVT offset %d assigned for vector 0x%02x\n",
offset, rsvd);
--
2.39.2
^ permalink raw reply related [flat|nested] 391+ messages in thread
* [PATCH 5.15 131/371] media: rkvdec: fix use after free bug in rkvdec_remove
2023-05-08 9:43 [PATCH 5.15 000/371] 5.15.111-rc1 review Greg Kroah-Hartman
` (129 preceding siblings ...)
2023-05-08 9:45 ` [PATCH 5.15 130/371] x86/apic: Fix atomic update of offset in reserve_eilvt_offset() Greg Kroah-Hartman
@ 2023-05-08 9:45 ` Greg Kroah-Hartman
2023-05-08 9:45 ` [PATCH 5.15 132/371] media: dm1105: Fix use after free bug in dm1105_remove due to race condition Greg Kroah-Hartman
` (243 subsequent siblings)
374 siblings, 0 replies; 391+ messages in thread
From: Greg Kroah-Hartman @ 2023-05-08 9:45 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Zheng Wang, Hans Verkuil,
Mauro Carvalho Chehab, Sasha Levin
From: Zheng Wang <zyytlz.wz@163.com>
[ Upstream commit 3228cec23b8b29215e18090c6ba635840190993d ]
In rkvdec_probe, rkvdec->watchdog_work is bound with
rkvdec_watchdog_func. Then rkvdec_vp9_run may
be called to start the work.
If we remove the module which will call rkvdec_remove
to make cleanup, there may be a unfinished work.
The possible sequence is as follows, which will
cause a typical UAF bug.
Fix it by canceling the work before cleanup in rkvdec_remove.
CPU0 CPU1
|rkvdec_watchdog_func
rkvdec_remove |
rkvdec_v4l2_cleanup|
v4l2_m2m_release |
kfree(m2m_dev); |
|
| v4l2_m2m_get_curr_priv
| m2m_dev->curr_ctx //use
Fixes: cd33c830448b ("media: rkvdec: Add the rkvdec driver")
Signed-off-by: Zheng Wang <zyytlz.wz@163.com>
Signed-off-by: Hans Verkuil <hverkuil-cisco@xs4all.nl>
Signed-off-by: Mauro Carvalho Chehab <mchehab@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/staging/media/rkvdec/rkvdec.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/drivers/staging/media/rkvdec/rkvdec.c b/drivers/staging/media/rkvdec/rkvdec.c
index 4fd4a2907da70..bc4683a75e61f 100644
--- a/drivers/staging/media/rkvdec/rkvdec.c
+++ b/drivers/staging/media/rkvdec/rkvdec.c
@@ -1042,6 +1042,8 @@ static int rkvdec_remove(struct platform_device *pdev)
{
struct rkvdec_dev *rkvdec = platform_get_drvdata(pdev);
+ cancel_delayed_work_sync(&rkvdec->watchdog_work);
+
rkvdec_v4l2_cleanup(rkvdec);
pm_runtime_disable(&pdev->dev);
pm_runtime_dont_use_autosuspend(&pdev->dev);
--
2.39.2
^ permalink raw reply related [flat|nested] 391+ messages in thread
* [PATCH 5.15 132/371] media: dm1105: Fix use after free bug in dm1105_remove due to race condition
2023-05-08 9:43 [PATCH 5.15 000/371] 5.15.111-rc1 review Greg Kroah-Hartman
` (130 preceding siblings ...)
2023-05-08 9:45 ` [PATCH 5.15 131/371] media: rkvdec: fix use after free bug in rkvdec_remove Greg Kroah-Hartman
@ 2023-05-08 9:45 ` Greg Kroah-Hartman
2023-05-08 9:45 ` [PATCH 5.15 133/371] media: saa7134: fix use after free bug in saa7134_finidev " Greg Kroah-Hartman
` (242 subsequent siblings)
374 siblings, 0 replies; 391+ messages in thread
From: Greg Kroah-Hartman @ 2023-05-08 9:45 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Zheng Wang, Hans Verkuil, Sasha Levin
From: Zheng Wang <zyytlz.wz@163.com>
[ Upstream commit 5abda7a16698d4d1f47af1168d8fa2c640116b4a ]
In dm1105_probe, it called dm1105_ir_init and bound
&dm1105->ir.work with dm1105_emit_key.
When it handles IRQ request with dm1105_irq,
it may call schedule_work to start the work.
When we call dm1105_remove to remove the driver, there
may be a sequence as follows:
Fix it by finishing the work before cleanup in dm1105_remove
CPU0 CPU1
|dm1105_emit_key
dm1105_remove |
dm1105_ir_exit |
rc_unregister_device |
rc_free_device |
rc_dev_release |
kfree(dev); |
|
| rc_keydown
| //use
Fixes: 34d2f9bf189c ("V4L/DVB: dm1105: use dm1105_dev & dev instead of dm1105dvb")
Signed-off-by: Zheng Wang <zyytlz.wz@163.com>
Signed-off-by: Hans Verkuil <hverkuil-cisco@xs4all.nl>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/media/pci/dm1105/dm1105.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/drivers/media/pci/dm1105/dm1105.c b/drivers/media/pci/dm1105/dm1105.c
index 4ac645a56c14e..9e9c7c071accc 100644
--- a/drivers/media/pci/dm1105/dm1105.c
+++ b/drivers/media/pci/dm1105/dm1105.c
@@ -1176,6 +1176,7 @@ static void dm1105_remove(struct pci_dev *pdev)
struct dvb_demux *dvbdemux = &dev->demux;
struct dmx_demux *dmx = &dvbdemux->dmx;
+ cancel_work_sync(&dev->ir.work);
dm1105_ir_exit(dev);
dmx->close(dmx);
dvb_net_release(&dev->dvbnet);
--
2.39.2
^ permalink raw reply related [flat|nested] 391+ messages in thread
* [PATCH 5.15 133/371] media: saa7134: fix use after free bug in saa7134_finidev due to race condition
2023-05-08 9:43 [PATCH 5.15 000/371] 5.15.111-rc1 review Greg Kroah-Hartman
` (131 preceding siblings ...)
2023-05-08 9:45 ` [PATCH 5.15 132/371] media: dm1105: Fix use after free bug in dm1105_remove due to race condition Greg Kroah-Hartman
@ 2023-05-08 9:45 ` Greg Kroah-Hartman
2023-05-08 9:45 ` [PATCH 5.15 134/371] media: rcar_fdp1: Make use of the helper function devm_platform_ioremap_resource() Greg Kroah-Hartman
` (241 subsequent siblings)
374 siblings, 0 replies; 391+ messages in thread
From: Greg Kroah-Hartman @ 2023-05-08 9:45 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Zheng Wang, Hans Verkuil, Sasha Levin
From: Zheng Wang <zyytlz.wz@163.com>
[ Upstream commit 30cf57da176cca80f11df0d9b7f71581fe601389 ]
In saa7134_initdev, it will call saa7134_hwinit1. There are three
function invoking here: saa7134_video_init1, saa7134_ts_init1
and saa7134_vbi_init1.
All of them will init a timer with same function. Take
saa7134_video_init1 as an example. It'll bound &dev->video_q.timeout
with saa7134_buffer_timeout.
In buffer_activate, the timer funtcion is started.
If we remove the module or device which will call saa7134_finidev
to make cleanup, there may be a unfinished work. The
possible sequence is as follows, which will cause a
typical UAF bug.
Fix it by canceling the timer works accordingly before cleanup in
saa7134_finidev.
CPU0 CPU1
|saa7134_buffer_timeout
saa7134_finidev |
kfree(dev); |
|
| saa7134_buffer_next
| //use dev
Fixes: 1e7126b4a86a ("media: saa7134: Convert timers to use timer_setup()")
Signed-off-by: Zheng Wang <zyytlz.wz@163.com>
Signed-off-by: Hans Verkuil <hverkuil-cisco@xs4all.nl>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/media/pci/saa7134/saa7134-ts.c | 1 +
drivers/media/pci/saa7134/saa7134-vbi.c | 1 +
drivers/media/pci/saa7134/saa7134-video.c | 1 +
3 files changed, 3 insertions(+)
diff --git a/drivers/media/pci/saa7134/saa7134-ts.c b/drivers/media/pci/saa7134/saa7134-ts.c
index 6a5053126237f..437dbe5e75e29 100644
--- a/drivers/media/pci/saa7134/saa7134-ts.c
+++ b/drivers/media/pci/saa7134/saa7134-ts.c
@@ -300,6 +300,7 @@ int saa7134_ts_start(struct saa7134_dev *dev)
int saa7134_ts_fini(struct saa7134_dev *dev)
{
+ del_timer_sync(&dev->ts_q.timeout);
saa7134_pgtable_free(dev->pci, &dev->ts_q.pt);
return 0;
}
diff --git a/drivers/media/pci/saa7134/saa7134-vbi.c b/drivers/media/pci/saa7134/saa7134-vbi.c
index 3f0b0933eed69..3e773690468bd 100644
--- a/drivers/media/pci/saa7134/saa7134-vbi.c
+++ b/drivers/media/pci/saa7134/saa7134-vbi.c
@@ -185,6 +185,7 @@ int saa7134_vbi_init1(struct saa7134_dev *dev)
int saa7134_vbi_fini(struct saa7134_dev *dev)
{
/* nothing */
+ del_timer_sync(&dev->vbi_q.timeout);
return 0;
}
diff --git a/drivers/media/pci/saa7134/saa7134-video.c b/drivers/media/pci/saa7134/saa7134-video.c
index 374c8e1087de1..81bb9a3671953 100644
--- a/drivers/media/pci/saa7134/saa7134-video.c
+++ b/drivers/media/pci/saa7134/saa7134-video.c
@@ -2153,6 +2153,7 @@ int saa7134_video_init1(struct saa7134_dev *dev)
void saa7134_video_fini(struct saa7134_dev *dev)
{
+ del_timer_sync(&dev->video_q.timeout);
/* free stuff */
saa7134_pgtable_free(dev->pci, &dev->video_q.pt);
saa7134_pgtable_free(dev->pci, &dev->vbi_q.pt);
--
2.39.2
^ permalink raw reply related [flat|nested] 391+ messages in thread
* [PATCH 5.15 134/371] media: rcar_fdp1: Make use of the helper function devm_platform_ioremap_resource()
2023-05-08 9:43 [PATCH 5.15 000/371] 5.15.111-rc1 review Greg Kroah-Hartman
` (132 preceding siblings ...)
2023-05-08 9:45 ` [PATCH 5.15 133/371] media: saa7134: fix use after free bug in saa7134_finidev " Greg Kroah-Hartman
@ 2023-05-08 9:45 ` Greg Kroah-Hartman
2023-05-08 9:45 ` [PATCH 5.15 135/371] media: rcar_fdp1: Fix the correct variable assignments Greg Kroah-Hartman
` (240 subsequent siblings)
374 siblings, 0 replies; 391+ messages in thread
From: Greg Kroah-Hartman @ 2023-05-08 9:45 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Cai Huoqing, Kieran Bingham,
Hans Verkuil, Mauro Carvalho Chehab, Sasha Levin
From: Cai Huoqing <caihuoqing@baidu.com>
[ Upstream commit 736cce12fa630e28705de06570d74f0513d948d5 ]
Use the devm_platform_ioremap_resource() helper instead of
calling platform_get_resource() and devm_ioremap_resource()
separately
Signed-off-by: Cai Huoqing <caihuoqing@baidu.com>
Reviewed-by: Kieran Bingham <kieran.bingham+renesas@ideasonboard.com>
Signed-off-by: Hans Verkuil <hverkuil-cisco@xs4all.nl>
Signed-off-by: Mauro Carvalho Chehab <mchehab+huawei@kernel.org>
Stable-dep-of: c766c90faf93 ("media: rcar_fdp1: Fix refcount leak in probe and remove function")
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/media/platform/rcar_fdp1.c | 4 +---
1 file changed, 1 insertion(+), 3 deletions(-)
diff --git a/drivers/media/platform/rcar_fdp1.c b/drivers/media/platform/rcar_fdp1.c
index 89aac60066d91..19de3c19bcca2 100644
--- a/drivers/media/platform/rcar_fdp1.c
+++ b/drivers/media/platform/rcar_fdp1.c
@@ -2256,7 +2256,6 @@ static int fdp1_probe(struct platform_device *pdev)
struct fdp1_dev *fdp1;
struct video_device *vfd;
struct device_node *fcp_node;
- struct resource *res;
struct clk *clk;
unsigned int i;
@@ -2283,8 +2282,7 @@ static int fdp1_probe(struct platform_device *pdev)
platform_set_drvdata(pdev, fdp1);
/* Memory-mapped registers */
- res = platform_get_resource(pdev, IORESOURCE_MEM, 0);
- fdp1->regs = devm_ioremap_resource(&pdev->dev, res);
+ fdp1->regs = devm_platform_ioremap_resource(pdev, 0);
if (IS_ERR(fdp1->regs))
return PTR_ERR(fdp1->regs);
--
2.39.2
^ permalink raw reply related [flat|nested] 391+ messages in thread
* [PATCH 5.15 135/371] media: rcar_fdp1: Fix the correct variable assignments
2023-05-08 9:43 [PATCH 5.15 000/371] 5.15.111-rc1 review Greg Kroah-Hartman
` (133 preceding siblings ...)
2023-05-08 9:45 ` [PATCH 5.15 134/371] media: rcar_fdp1: Make use of the helper function devm_platform_ioremap_resource() Greg Kroah-Hartman
@ 2023-05-08 9:45 ` Greg Kroah-Hartman
2023-05-08 9:45 ` [PATCH 5.15 136/371] platform: Provide a remove callback that returns no value Greg Kroah-Hartman
` (239 subsequent siblings)
374 siblings, 0 replies; 391+ messages in thread
From: Greg Kroah-Hartman @ 2023-05-08 9:45 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Tang Bin, Geert Uytterhoeven,
Kieran Bingham, Hans Verkuil, Mauro Carvalho Chehab, Sasha Levin
From: Tang Bin <tangbin@cmss.chinamobile.com>
[ Upstream commit af88c2adbb72a09ab1bb5c37ba388c98fecca69b ]
In the function fdp1_probe(), when get irq failed, the
function platform_get_irq() log an error message, so
remove redundant message here. And the variable type
of "ret" is int, the "fdp1->irq" is unsigned int, when
irq failed, this place maybe wrong, thus fix it.
Signed-off-by: Tang Bin <tangbin@cmss.chinamobile.com>
Reviewed-by: Geert Uytterhoeven <geert+renesas@glider.be>
Reviewed-by: Kieran Bingham <kieran.bingham+renesas@ideasonboard.com>
Signed-off-by: Hans Verkuil <hverkuil-cisco@xs4all.nl>
Signed-off-by: Mauro Carvalho Chehab <mchehab+huawei@kernel.org>
Stable-dep-of: c766c90faf93 ("media: rcar_fdp1: Fix refcount leak in probe and remove function")
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/media/platform/rcar_fdp1.c | 7 +++----
1 file changed, 3 insertions(+), 4 deletions(-)
diff --git a/drivers/media/platform/rcar_fdp1.c b/drivers/media/platform/rcar_fdp1.c
index 19de3c19bcca2..37ecf489d112e 100644
--- a/drivers/media/platform/rcar_fdp1.c
+++ b/drivers/media/platform/rcar_fdp1.c
@@ -2287,11 +2287,10 @@ static int fdp1_probe(struct platform_device *pdev)
return PTR_ERR(fdp1->regs);
/* Interrupt service routine registration */
- fdp1->irq = ret = platform_get_irq(pdev, 0);
- if (ret < 0) {
- dev_err(&pdev->dev, "cannot find IRQ\n");
+ ret = platform_get_irq(pdev, 0);
+ if (ret < 0)
return ret;
- }
+ fdp1->irq = ret;
ret = devm_request_irq(&pdev->dev, fdp1->irq, fdp1_irq_handler, 0,
dev_name(&pdev->dev), fdp1);
--
2.39.2
^ permalink raw reply related [flat|nested] 391+ messages in thread
* [PATCH 5.15 136/371] platform: Provide a remove callback that returns no value
2023-05-08 9:43 [PATCH 5.15 000/371] 5.15.111-rc1 review Greg Kroah-Hartman
` (134 preceding siblings ...)
2023-05-08 9:45 ` [PATCH 5.15 135/371] media: rcar_fdp1: Fix the correct variable assignments Greg Kroah-Hartman
@ 2023-05-08 9:45 ` Greg Kroah-Hartman
2023-05-08 9:45 ` [PATCH 5.15 137/371] media: rcar_fdp1: Convert to platform remove callback returning void Greg Kroah-Hartman
` (238 subsequent siblings)
374 siblings, 0 replies; 391+ messages in thread
From: Greg Kroah-Hartman @ 2023-05-08 9:45 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Uwe Kleine-König, Sasha Levin
From: Uwe Kleine-König <u.kleine-koenig@pengutronix.de>
[ Upstream commit 5c5a7680e67ba6fbbb5f4d79fa41485450c1985c ]
struct platform_driver::remove returning an integer made driver authors
expect that returning an error code was proper error handling. However
the driver core ignores the error and continues to remove the device
because there is nothing the core could do anyhow and reentering the
remove callback again is only calling for trouble.
So this is an source for errors typically yielding resource leaks in the
error path.
As there are too many platform drivers to neatly convert them all to
return void in a single go, do it in several steps after this patch:
a) Convert all drivers to implement .remove_new() returning void instead
of .remove() returning int;
b) Change struct platform_driver::remove() to return void and so make
it identical to .remove_new();
c) Change all drivers back to .remove() now with the better prototype;
d) drop struct platform_driver::remove_new().
While this touches all drivers eventually twice, steps a) and c) can be
done one driver after another and so reduces coordination efforts
immensely and simplifies review.
Signed-off-by: Uwe Kleine-König <u.kleine-koenig@pengutronix.de>
Link: https://lore.kernel.org/r/20221209150914.3557650-1-u.kleine-koenig@pengutronix.de
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Stable-dep-of: c766c90faf93 ("media: rcar_fdp1: Fix refcount leak in probe and remove function")
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/base/platform.c | 4 +++-
include/linux/platform_device.h | 11 +++++++++++
2 files changed, 14 insertions(+), 1 deletion(-)
diff --git a/drivers/base/platform.c b/drivers/base/platform.c
index 652531f67135a..ac5cf1a8d79ab 100644
--- a/drivers/base/platform.c
+++ b/drivers/base/platform.c
@@ -1427,7 +1427,9 @@ static void platform_remove(struct device *_dev)
struct platform_driver *drv = to_platform_driver(_dev->driver);
struct platform_device *dev = to_platform_device(_dev);
- if (drv->remove) {
+ if (drv->remove_new) {
+ drv->remove_new(dev);
+ } else if (drv->remove) {
int ret = drv->remove(dev);
if (ret)
diff --git a/include/linux/platform_device.h b/include/linux/platform_device.h
index 7c96f169d2740..8aefdc0099c86 100644
--- a/include/linux/platform_device.h
+++ b/include/linux/platform_device.h
@@ -203,7 +203,18 @@ extern void platform_device_put(struct platform_device *pdev);
struct platform_driver {
int (*probe)(struct platform_device *);
+
+ /*
+ * Traditionally the remove callback returned an int which however is
+ * ignored by the driver core. This led to wrong expectations by driver
+ * authors who thought returning an error code was a valid error
+ * handling strategy. To convert to a callback returning void, new
+ * drivers should implement .remove_new() until the conversion it done
+ * that eventually makes .remove() return void.
+ */
int (*remove)(struct platform_device *);
+ void (*remove_new)(struct platform_device *);
+
void (*shutdown)(struct platform_device *);
int (*suspend)(struct platform_device *, pm_message_t state);
int (*resume)(struct platform_device *);
--
2.39.2
^ permalink raw reply related [flat|nested] 391+ messages in thread
* [PATCH 5.15 137/371] media: rcar_fdp1: Convert to platform remove callback returning void
2023-05-08 9:43 [PATCH 5.15 000/371] 5.15.111-rc1 review Greg Kroah-Hartman
` (135 preceding siblings ...)
2023-05-08 9:45 ` [PATCH 5.15 136/371] platform: Provide a remove callback that returns no value Greg Kroah-Hartman
@ 2023-05-08 9:45 ` Greg Kroah-Hartman
2023-05-08 9:45 ` [PATCH 5.15 138/371] media: rcar_fdp1: Fix refcount leak in probe and remove function Greg Kroah-Hartman
` (237 subsequent siblings)
374 siblings, 0 replies; 391+ messages in thread
From: Greg Kroah-Hartman @ 2023-05-08 9:45 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Uwe Kleine-König,
Geert Uytterhoeven, Hans Verkuil, Sasha Levin
From: Uwe Kleine-König <u.kleine-koenig@pengutronix.de>
[ Upstream commit 0e82d3715fd208de567b8e4307fbf91ae5e57db4 ]
The .remove() callback for a platform driver returns an int which makes
many driver authors wrongly assume it's possible to do error handling by
returning an error code. However the value returned is (mostly) ignored
and this typically results in resource leaks. To improve here there is a
quest to make the remove callback return void. In the first step of this
quest all drivers are converted to .remove_new() which already returns
void.
Trivially convert this driver from always returning zero in the remove
callback to the void returning variant.
Signed-off-by: Uwe Kleine-König <u.kleine-koenig@pengutronix.de>
Reviewed-by: Geert Uytterhoeven <geert+renesas@glider.be>
Signed-off-by: Hans Verkuil <hverkuil-cisco@xs4all.nl>
Stable-dep-of: c766c90faf93 ("media: rcar_fdp1: Fix refcount leak in probe and remove function")
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/media/platform/rcar_fdp1.c | 6 ++----
1 file changed, 2 insertions(+), 4 deletions(-)
diff --git a/drivers/media/platform/rcar_fdp1.c b/drivers/media/platform/rcar_fdp1.c
index 37ecf489d112e..d80b3214dfae1 100644
--- a/drivers/media/platform/rcar_fdp1.c
+++ b/drivers/media/platform/rcar_fdp1.c
@@ -2396,7 +2396,7 @@ static int fdp1_probe(struct platform_device *pdev)
return ret;
}
-static int fdp1_remove(struct platform_device *pdev)
+static void fdp1_remove(struct platform_device *pdev)
{
struct fdp1_dev *fdp1 = platform_get_drvdata(pdev);
@@ -2404,8 +2404,6 @@ static int fdp1_remove(struct platform_device *pdev)
video_unregister_device(&fdp1->vfd);
v4l2_device_unregister(&fdp1->v4l2_dev);
pm_runtime_disable(&pdev->dev);
-
- return 0;
}
static int __maybe_unused fdp1_pm_runtime_suspend(struct device *dev)
@@ -2441,7 +2439,7 @@ MODULE_DEVICE_TABLE(of, fdp1_dt_ids);
static struct platform_driver fdp1_pdrv = {
.probe = fdp1_probe,
- .remove = fdp1_remove,
+ .remove_new = fdp1_remove,
.driver = {
.name = DRIVER_NAME,
.of_match_table = fdp1_dt_ids,
--
2.39.2
^ permalink raw reply related [flat|nested] 391+ messages in thread
* [PATCH 5.15 138/371] media: rcar_fdp1: Fix refcount leak in probe and remove function
2023-05-08 9:43 [PATCH 5.15 000/371] 5.15.111-rc1 review Greg Kroah-Hartman
` (136 preceding siblings ...)
2023-05-08 9:45 ` [PATCH 5.15 137/371] media: rcar_fdp1: Convert to platform remove callback returning void Greg Kroah-Hartman
@ 2023-05-08 9:45 ` Greg Kroah-Hartman
2023-05-08 9:45 ` [PATCH 5.15 139/371] drm/amd/display: Fix potential null dereference Greg Kroah-Hartman
` (236 subsequent siblings)
374 siblings, 0 replies; 391+ messages in thread
From: Greg Kroah-Hartman @ 2023-05-08 9:45 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Miaoqian Lin, Laurent Pinchart,
Hans Verkuil, Sasha Levin
From: Miaoqian Lin <linmq006@gmail.com>
[ Upstream commit c766c90faf93897b77c9c5daa603cffab85ba907 ]
rcar_fcp_get() take reference, which should be balanced with
rcar_fcp_put(). Add missing rcar_fcp_put() in fdp1_remove and
the error paths of fdp1_probe() to fix this.
Fixes: 4710b752e029 ("[media] v4l: Add Renesas R-Car FDP1 Driver")
Signed-off-by: Miaoqian Lin <linmq006@gmail.com>
Reviewed-by: Laurent Pinchart <laurent.pinchart+renesas@ideasonboard.com>
Signed-off-by: Laurent Pinchart <laurent.pinchart+renesas@ideasonboard.com>
[hverkuil: resolve merge conflict, remove() is now void]
Signed-off-by: Hans Verkuil <hverkuil-cisco@xs4all.nl>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/media/platform/rcar_fdp1.c | 11 ++++++++---
1 file changed, 8 insertions(+), 3 deletions(-)
diff --git a/drivers/media/platform/rcar_fdp1.c b/drivers/media/platform/rcar_fdp1.c
index d80b3214dfae1..c548cb01957b0 100644
--- a/drivers/media/platform/rcar_fdp1.c
+++ b/drivers/media/platform/rcar_fdp1.c
@@ -2313,8 +2313,10 @@ static int fdp1_probe(struct platform_device *pdev)
/* Determine our clock rate */
clk = clk_get(&pdev->dev, NULL);
- if (IS_ERR(clk))
- return PTR_ERR(clk);
+ if (IS_ERR(clk)) {
+ ret = PTR_ERR(clk);
+ goto put_dev;
+ }
fdp1->clk_rate = clk_get_rate(clk);
clk_put(clk);
@@ -2323,7 +2325,7 @@ static int fdp1_probe(struct platform_device *pdev)
ret = v4l2_device_register(&pdev->dev, &fdp1->v4l2_dev);
if (ret) {
v4l2_err(&fdp1->v4l2_dev, "Failed to register video device\n");
- return ret;
+ goto put_dev;
}
/* M2M registration */
@@ -2393,6 +2395,8 @@ static int fdp1_probe(struct platform_device *pdev)
unreg_dev:
v4l2_device_unregister(&fdp1->v4l2_dev);
+put_dev:
+ rcar_fcp_put(fdp1->fcp);
return ret;
}
@@ -2404,6 +2408,7 @@ static void fdp1_remove(struct platform_device *pdev)
video_unregister_device(&fdp1->vfd);
v4l2_device_unregister(&fdp1->v4l2_dev);
pm_runtime_disable(&pdev->dev);
+ rcar_fcp_put(fdp1->fcp);
}
static int __maybe_unused fdp1_pm_runtime_suspend(struct device *dev)
--
2.39.2
^ permalink raw reply related [flat|nested] 391+ messages in thread
* [PATCH 5.15 139/371] drm/amd/display: Fix potential null dereference
2023-05-08 9:43 [PATCH 5.15 000/371] 5.15.111-rc1 review Greg Kroah-Hartman
` (137 preceding siblings ...)
2023-05-08 9:45 ` [PATCH 5.15 138/371] media: rcar_fdp1: Fix refcount leak in probe and remove function Greg Kroah-Hartman
@ 2023-05-08 9:45 ` Greg Kroah-Hartman
2023-05-08 9:45 ` [PATCH 5.15 140/371] media: rc: gpio-ir-recv: Fix support for wake-up Greg Kroah-Hartman
` (235 subsequent siblings)
374 siblings, 0 replies; 391+ messages in thread
From: Greg Kroah-Hartman @ 2023-05-08 9:45 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Igor Artemiev, Hamza Mahfooz,
Alex Deucher, Sasha Levin
From: Igor Artemiev <Igor.A.Artemiev@mcst.ru>
[ Upstream commit 52f1783ff4146344342422c1cd94fcb4ce39b6fe ]
The adev->dm.dc pointer can be NULL and dereferenced in amdgpu_dm_fini()
without checking.
Add a NULL pointer check before calling dc_dmub_srv_destroy().
Found by Linux Verification Center (linuxtesting.org) with SVACE.
Fixes: 9a71c7d31734 ("drm/amd/display: Register DMUB service with DC")
Signed-off-by: Igor Artemiev <Igor.A.Artemiev@mcst.ru>
Signed-off-by: Hamza Mahfooz <hamza.mahfooz@amd.com>
Signed-off-by: Alex Deucher <alexander.deucher@amd.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c b/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c
index 68c98e30fee71..1e0ddf7722cd4 100644
--- a/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c
+++ b/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c
@@ -1707,7 +1707,8 @@ static void amdgpu_dm_fini(struct amdgpu_device *adev)
dc_deinit_callbacks(adev->dm.dc);
#endif
- dc_dmub_srv_destroy(&adev->dm.dc->ctx->dmub_srv);
+ if (adev->dm.dc)
+ dc_dmub_srv_destroy(&adev->dm.dc->ctx->dmub_srv);
if (dc_enable_dmub_notifications(adev->dm.dc)) {
kfree(adev->dm.dmub_notify);
--
2.39.2
^ permalink raw reply related [flat|nested] 391+ messages in thread
* [PATCH 5.15 140/371] media: rc: gpio-ir-recv: Fix support for wake-up
2023-05-08 9:43 [PATCH 5.15 000/371] 5.15.111-rc1 review Greg Kroah-Hartman
` (138 preceding siblings ...)
2023-05-08 9:45 ` [PATCH 5.15 139/371] drm/amd/display: Fix potential null dereference Greg Kroah-Hartman
@ 2023-05-08 9:45 ` Greg Kroah-Hartman
2023-05-08 9:45 ` [PATCH 5.15 141/371] media: venus: dec: Fix handling of the start cmd Greg Kroah-Hartman
` (234 subsequent siblings)
374 siblings, 0 replies; 391+ messages in thread
From: Greg Kroah-Hartman @ 2023-05-08 9:45 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Matthew Lear, Florian Fainelli,
Sean Young, Hans Verkuil, Sasha Levin
From: Florian Fainelli <f.fainelli@gmail.com>
[ Upstream commit 9c592f8ab114875fdb3b2040f01818e53de44991 ]
The driver was intended from the start to be a wake-up source for the
system, however due to the absence of a suitable call to
device_set_wakeup_capable(), the device_may_wakeup() call used to decide
whether to enable the GPIO interrupt as a wake-up source would never
happen. Lookup the DT standard "wakeup-source" property and call
device_init_wakeup() to ensure the device is flagged as being wakeup
capable.
Reported-by: Matthew Lear <matthew.lear@broadcom.com>
Fixes: fd0f6851eb46 ("[media] rc: Add support for GPIO based IR Receiver driver")
Signed-off-by: Florian Fainelli <f.fainelli@gmail.com>
Signed-off-by: Sean Young <sean@mess.org>
Signed-off-by: Hans Verkuil <hverkuil-cisco@xs4all.nl>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/media/rc/gpio-ir-recv.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/drivers/media/rc/gpio-ir-recv.c b/drivers/media/rc/gpio-ir-recv.c
index a56c844d7f816..16795e07dc103 100644
--- a/drivers/media/rc/gpio-ir-recv.c
+++ b/drivers/media/rc/gpio-ir-recv.c
@@ -107,6 +107,8 @@ static int gpio_ir_recv_probe(struct platform_device *pdev)
rcdev->map_name = RC_MAP_EMPTY;
gpio_dev->rcdev = rcdev;
+ if (of_property_read_bool(np, "wakeup-source"))
+ device_init_wakeup(dev, true);
rc = devm_rc_register_device(dev, rcdev);
if (rc < 0) {
--
2.39.2
^ permalink raw reply related [flat|nested] 391+ messages in thread
* [PATCH 5.15 141/371] media: venus: dec: Fix handling of the start cmd
2023-05-08 9:43 [PATCH 5.15 000/371] 5.15.111-rc1 review Greg Kroah-Hartman
` (139 preceding siblings ...)
2023-05-08 9:45 ` [PATCH 5.15 140/371] media: rc: gpio-ir-recv: Fix support for wake-up Greg Kroah-Hartman
@ 2023-05-08 9:45 ` Greg Kroah-Hartman
2023-05-08 9:45 ` [PATCH 5.15 142/371] regulator: stm32-pwr: fix of_iomap leak Greg Kroah-Hartman
` (233 subsequent siblings)
374 siblings, 0 replies; 391+ messages in thread
From: Greg Kroah-Hartman @ 2023-05-08 9:45 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Michał Krawczyk,
Stanimir Varbanov, Hans Verkuil, Sasha Levin
From: Michał Krawczyk <mk@semihalf.com>
[ Upstream commit 50248ad9f190d527cbd578190ca769729518b703 ]
The decoder driver should clear the last_buffer_dequeued flag of the
capture queue upon receiving V4L2_DEC_CMD_START.
The last_buffer_dequeued flag is set upon receiving EOS (which always
happens upon receiving V4L2_DEC_CMD_STOP).
Without this patch, after issuing the V4L2_DEC_CMD_STOP and
V4L2_DEC_CMD_START, the vb2_dqbuf() function will always fail, even if
the buffers are completed by the hardware.
Fixes: beac82904a87 ("media: venus: make decoder compliant with stateful codec API")
Signed-off-by: Michał Krawczyk <mk@semihalf.com>
Signed-off-by: Stanimir Varbanov <stanimir.k.varbanov@gmail.com>
Signed-off-by: Hans Verkuil <hverkuil-cisco@xs4all.nl>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/media/platform/qcom/venus/vdec.c | 8 ++++++++
1 file changed, 8 insertions(+)
diff --git a/drivers/media/platform/qcom/venus/vdec.c b/drivers/media/platform/qcom/venus/vdec.c
index 9a4443a390b1f..6e0466772339a 100644
--- a/drivers/media/platform/qcom/venus/vdec.c
+++ b/drivers/media/platform/qcom/venus/vdec.c
@@ -498,6 +498,7 @@ static int
vdec_decoder_cmd(struct file *file, void *fh, struct v4l2_decoder_cmd *cmd)
{
struct venus_inst *inst = to_inst(file);
+ struct vb2_queue *dst_vq;
struct hfi_frame_data fdata = {0};
int ret;
@@ -528,6 +529,13 @@ vdec_decoder_cmd(struct file *file, void *fh, struct v4l2_decoder_cmd *cmd)
inst->codec_state = VENUS_DEC_STATE_DRAIN;
inst->drain_active = true;
}
+ } else if (cmd->cmd == V4L2_DEC_CMD_START &&
+ inst->codec_state == VENUS_DEC_STATE_STOPPED) {
+ dst_vq = v4l2_m2m_get_vq(inst->fh.m2m_ctx,
+ V4L2_BUF_TYPE_VIDEO_CAPTURE_MPLANE);
+ vb2_clear_last_buffer_dequeued(dst_vq);
+
+ inst->codec_state = VENUS_DEC_STATE_DECODING;
}
unlock:
--
2.39.2
^ permalink raw reply related [flat|nested] 391+ messages in thread
* [PATCH 5.15 142/371] regulator: stm32-pwr: fix of_iomap leak
2023-05-08 9:43 [PATCH 5.15 000/371] 5.15.111-rc1 review Greg Kroah-Hartman
` (140 preceding siblings ...)
2023-05-08 9:45 ` [PATCH 5.15 141/371] media: venus: dec: Fix handling of the start cmd Greg Kroah-Hartman
@ 2023-05-08 9:45 ` Greg Kroah-Hartman
2023-05-08 9:45 ` [PATCH 5.15 143/371] x86/ioapic: Dont return 0 from arch_dynirq_lower_bound() Greg Kroah-Hartman
` (232 subsequent siblings)
374 siblings, 0 replies; 391+ messages in thread
From: Greg Kroah-Hartman @ 2023-05-08 9:45 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, YAN SHI, kernel test robot,
Dongliang Mu, Mark Brown, Sasha Levin
From: YAN SHI <m202071378@hust.edu.cn>
[ Upstream commit c4a413e56d16a2ae84e6d8992f215c4dcc7fac20 ]
Smatch reports:
drivers/regulator/stm32-pwr.c:166 stm32_pwr_regulator_probe() warn:
'base' from of_iomap() not released on lines: 151,166.
In stm32_pwr_regulator_probe(), base is not released
when devm_kzalloc() fails to allocate memory or
devm_regulator_register() fails to register a new regulator device,
which may cause a leak.
To fix this issue, replace of_iomap() with
devm_platform_ioremap_resource(). devm_platform_ioremap_resource()
is a specialized function for platform devices.
It allows 'base' to be automatically released whether the probe
function succeeds or fails.
Besides, use IS_ERR(base) instead of !base
as the return value of devm_platform_ioremap_resource()
can either be a pointer to the remapped memory or
an ERR_PTR() encoded error code if the operation fails.
Fixes: dc62f951a6a8 ("regulator: stm32-pwr: Fix return value check in stm32_pwr_regulator_probe()")
Signed-off-by: YAN SHI <m202071378@hust.edu.cn>
Reported-by: kernel test robot <lkp@intel.com>
Link: https://lore.kernel.org/oe-kbuild-all/202304111750.o2643eJN-lkp@intel.com/
Reviewed-by: Dongliang Mu <dzm91@hust.edu.cn>
Link: https://lore.kernel.org/r/20230412033529.18890-1-m202071378@hust.edu.cn
Signed-off-by: Mark Brown <broonie@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/regulator/stm32-pwr.c | 7 +++----
1 file changed, 3 insertions(+), 4 deletions(-)
diff --git a/drivers/regulator/stm32-pwr.c b/drivers/regulator/stm32-pwr.c
index 2a42acb7c24e9..e5dd4db6403b2 100644
--- a/drivers/regulator/stm32-pwr.c
+++ b/drivers/regulator/stm32-pwr.c
@@ -129,17 +129,16 @@ static const struct regulator_desc stm32_pwr_desc[] = {
static int stm32_pwr_regulator_probe(struct platform_device *pdev)
{
- struct device_node *np = pdev->dev.of_node;
struct stm32_pwr_reg *priv;
void __iomem *base;
struct regulator_dev *rdev;
struct regulator_config config = { };
int i, ret = 0;
- base = of_iomap(np, 0);
- if (!base) {
+ base = devm_platform_ioremap_resource(pdev, 0);
+ if (IS_ERR(base)) {
dev_err(&pdev->dev, "Unable to map IO memory\n");
- return -ENOMEM;
+ return PTR_ERR(base);
}
config.dev = &pdev->dev;
--
2.39.2
^ permalink raw reply related [flat|nested] 391+ messages in thread
* [PATCH 5.15 143/371] x86/ioapic: Dont return 0 from arch_dynirq_lower_bound()
2023-05-08 9:43 [PATCH 5.15 000/371] 5.15.111-rc1 review Greg Kroah-Hartman
` (141 preceding siblings ...)
2023-05-08 9:45 ` [PATCH 5.15 142/371] regulator: stm32-pwr: fix of_iomap leak Greg Kroah-Hartman
@ 2023-05-08 9:45 ` Greg Kroah-Hartman
2023-05-08 9:45 ` [PATCH 5.15 144/371] arm64: kgdb: Set PSTATE.SS to 1 to re-enable single-step Greg Kroah-Hartman
` (231 subsequent siblings)
374 siblings, 0 replies; 391+ messages in thread
From: Greg Kroah-Hartman @ 2023-05-08 9:45 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Saurabh Sengar, Thomas Gleixner,
Sasha Levin
From: Saurabh Sengar <ssengar@linux.microsoft.com>
[ Upstream commit 5af507bef93c09a94fb8f058213b489178f4cbe5 ]
arch_dynirq_lower_bound() is invoked by the core interrupt code to
retrieve the lowest possible Linux interrupt number for dynamically
allocated interrupts like MSI.
The x86 implementation uses this to exclude the IO/APIC GSI space.
This works correctly as long as there is an IO/APIC registered, but
returns 0 if not. This has been observed in VMs where the BIOS does
not advertise an IO/APIC.
0 is an invalid interrupt number except for the legacy timer interrupt
on x86. The return value is unchecked in the core code, so it ends up
to allocate interrupt number 0 which is subsequently considered to be
invalid by the caller, e.g. the MSI allocation code.
The function has already a check for 0 in the case that an IO/APIC is
registered, as ioapic_dynirq_base is 0 in case of device tree setups.
Consolidate this and zero check for both ioapic_dynirq_base and gsi_top,
which is used in the case that no IO/APIC is registered.
Fixes: 3e5bedc2c258 ("x86/apic: Fix arch_dynirq_lower_bound() bug for DT enabled machines")
Signed-off-by: Saurabh Sengar <ssengar@linux.microsoft.com>
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
Link: https://lore.kernel.org/r/1679988604-20308-1-git-send-email-ssengar@linux.microsoft.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/x86/kernel/apic/io_apic.c | 14 +++++++++-----
1 file changed, 9 insertions(+), 5 deletions(-)
diff --git a/arch/x86/kernel/apic/io_apic.c b/arch/x86/kernel/apic/io_apic.c
index c1bb384935b05..bb71b628edcb4 100644
--- a/arch/x86/kernel/apic/io_apic.c
+++ b/arch/x86/kernel/apic/io_apic.c
@@ -2479,17 +2479,21 @@ static int io_apic_get_redir_entries(int ioapic)
unsigned int arch_dynirq_lower_bound(unsigned int from)
{
+ unsigned int ret;
+
/*
* dmar_alloc_hwirq() may be called before setup_IO_APIC(), so use
* gsi_top if ioapic_dynirq_base hasn't been initialized yet.
*/
- if (!ioapic_initialized)
- return gsi_top;
+ ret = ioapic_dynirq_base ? : gsi_top;
+
/*
- * For DT enabled machines ioapic_dynirq_base is irrelevant and not
- * updated. So simply return @from if ioapic_dynirq_base == 0.
+ * For DT enabled machines ioapic_dynirq_base is irrelevant and
+ * always 0. gsi_top can be 0 if there is no IO/APIC registered.
+ * 0 is an invalid interrupt number for dynamic allocations. Return
+ * @from instead.
*/
- return ioapic_dynirq_base ? : from;
+ return ret ? : from;
}
#ifdef CONFIG_X86_32
--
2.39.2
^ permalink raw reply related [flat|nested] 391+ messages in thread
* [PATCH 5.15 144/371] arm64: kgdb: Set PSTATE.SS to 1 to re-enable single-step
2023-05-08 9:43 [PATCH 5.15 000/371] 5.15.111-rc1 review Greg Kroah-Hartman
` (142 preceding siblings ...)
2023-05-08 9:45 ` [PATCH 5.15 143/371] x86/ioapic: Dont return 0 from arch_dynirq_lower_bound() Greg Kroah-Hartman
@ 2023-05-08 9:45 ` Greg Kroah-Hartman
2023-05-08 9:45 ` [PATCH 5.15 145/371] debugobject: Prevent init race with static objects Greg Kroah-Hartman
` (230 subsequent siblings)
374 siblings, 0 replies; 391+ messages in thread
From: Greg Kroah-Hartman @ 2023-05-08 9:45 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Wei Li, Sumit Garg,
Douglas Anderson, Daniel Thompson, Will Deacon, Sasha Levin
From: Sumit Garg <sumit.garg@linaro.org>
[ Upstream commit af6c0bd59f4f3ad5daad2f7b777954b1954551d5 ]
Currently only the first attempt to single-step has any effect. After
that all further stepping remains "stuck" at the same program counter
value.
Refer to the ARM Architecture Reference Manual (ARM DDI 0487E.a) D2.12,
PSTATE.SS=1 should be set at each step before transferring the PE to the
'Active-not-pending' state. The problem here is PSTATE.SS=1 is not set
since the second single-step.
After the first single-step, the PE transferes to the 'Inactive' state,
with PSTATE.SS=0 and MDSCR.SS=1, thus PSTATE.SS won't be set to 1 due to
kernel_active_single_step()=true. Then the PE transferes to the
'Active-pending' state when ERET and returns to the debugger by step
exception.
Before this patch:
==================
Entering kdb (current=0xffff3376039f0000, pid 1) on processor 0 due to Keyboard Entry
[0]kdb>
[0]kdb>
[0]kdb> bp write_sysrq_trigger
Instruction(i) BP #0 at 0xffffa45c13d09290 (write_sysrq_trigger)
is enabled addr at ffffa45c13d09290, hardtype=0 installed=0
[0]kdb> go
$ echo h > /proc/sysrq-trigger
Entering kdb (current=0xffff4f7e453f8000, pid 175) on processor 1 due to Breakpoint @ 0xffffad651a309290
[1]kdb> ss
Entering kdb (current=0xffff4f7e453f8000, pid 175) on processor 1 due to SS trap @ 0xffffad651a309294
[1]kdb> ss
Entering kdb (current=0xffff4f7e453f8000, pid 175) on processor 1 due to SS trap @ 0xffffad651a309294
[1]kdb>
After this patch:
=================
Entering kdb (current=0xffff6851c39f0000, pid 1) on processor 0 due to Keyboard Entry
[0]kdb> bp write_sysrq_trigger
Instruction(i) BP #0 at 0xffffc02d2dd09290 (write_sysrq_trigger)
is enabled addr at ffffc02d2dd09290, hardtype=0 installed=0
[0]kdb> go
$ echo h > /proc/sysrq-trigger
Entering kdb (current=0xffff6851c53c1840, pid 174) on processor 1 due to Breakpoint @ 0xffffc02d2dd09290
[1]kdb> ss
Entering kdb (current=0xffff6851c53c1840, pid 174) on processor 1 due to SS trap @ 0xffffc02d2dd09294
[1]kdb> ss
Entering kdb (current=0xffff6851c53c1840, pid 174) on processor 1 due to SS trap @ 0xffffc02d2dd09298
[1]kdb> ss
Entering kdb (current=0xffff6851c53c1840, pid 174) on processor 1 due to SS trap @ 0xffffc02d2dd0929c
[1]kdb>
Fixes: 44679a4f142b ("arm64: KGDB: Add step debugging support")
Co-developed-by: Wei Li <liwei391@huawei.com>
Signed-off-by: Wei Li <liwei391@huawei.com>
Signed-off-by: Sumit Garg <sumit.garg@linaro.org>
Tested-by: Douglas Anderson <dianders@chromium.org>
Acked-by: Daniel Thompson <daniel.thompson@linaro.org>
Tested-by: Daniel Thompson <daniel.thompson@linaro.org>
Link: https://lore.kernel.org/r/20230202073148.657746-3-sumit.garg@linaro.org
Signed-off-by: Will Deacon <will@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/arm64/include/asm/debug-monitors.h | 1 +
arch/arm64/kernel/debug-monitors.c | 5 +++++
arch/arm64/kernel/kgdb.c | 2 ++
3 files changed, 8 insertions(+)
diff --git a/arch/arm64/include/asm/debug-monitors.h b/arch/arm64/include/asm/debug-monitors.h
index e1e10a24519b2..8de1a840ad974 100644
--- a/arch/arm64/include/asm/debug-monitors.h
+++ b/arch/arm64/include/asm/debug-monitors.h
@@ -116,6 +116,7 @@ void user_regs_reset_single_step(struct user_pt_regs *regs,
void kernel_enable_single_step(struct pt_regs *regs);
void kernel_disable_single_step(void);
int kernel_active_single_step(void);
+void kernel_rewind_single_step(struct pt_regs *regs);
#ifdef CONFIG_HAVE_HW_BREAKPOINT
int reinstall_suspended_bps(struct pt_regs *regs);
diff --git a/arch/arm64/kernel/debug-monitors.c b/arch/arm64/kernel/debug-monitors.c
index bf9fe71589bca..732f0890416de 100644
--- a/arch/arm64/kernel/debug-monitors.c
+++ b/arch/arm64/kernel/debug-monitors.c
@@ -438,6 +438,11 @@ int kernel_active_single_step(void)
}
NOKPROBE_SYMBOL(kernel_active_single_step);
+void kernel_rewind_single_step(struct pt_regs *regs)
+{
+ set_regs_spsr_ss(regs);
+}
+
/* ptrace API */
void user_enable_single_step(struct task_struct *task)
{
diff --git a/arch/arm64/kernel/kgdb.c b/arch/arm64/kernel/kgdb.c
index cda9c1e9864f7..4e1f983df3d1c 100644
--- a/arch/arm64/kernel/kgdb.c
+++ b/arch/arm64/kernel/kgdb.c
@@ -224,6 +224,8 @@ int kgdb_arch_handle_exception(int exception_vector, int signo,
*/
if (!kernel_active_single_step())
kernel_enable_single_step(linux_regs);
+ else
+ kernel_rewind_single_step(linux_regs);
err = 0;
break;
default:
--
2.39.2
^ permalink raw reply related [flat|nested] 391+ messages in thread
* [PATCH 5.15 145/371] debugobject: Prevent init race with static objects
2023-05-08 9:43 [PATCH 5.15 000/371] 5.15.111-rc1 review Greg Kroah-Hartman
` (143 preceding siblings ...)
2023-05-08 9:45 ` [PATCH 5.15 144/371] arm64: kgdb: Set PSTATE.SS to 1 to re-enable single-step Greg Kroah-Hartman
@ 2023-05-08 9:45 ` Greg Kroah-Hartman
2023-05-08 9:45 ` [PATCH 5.15 146/371] drm/i915: Make intel_get_crtc_new_encoder() less oopsy Greg Kroah-Hartman
` (229 subsequent siblings)
374 siblings, 0 replies; 391+ messages in thread
From: Greg Kroah-Hartman @ 2023-05-08 9:45 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, syzbot+5093ba19745994288b53,
Thomas Gleixner, Stephen Boyd, Sasha Levin, Schspa Shi
From: Thomas Gleixner <tglx@linutronix.de>
[ Upstream commit 63a759694eed61025713b3e14dd827c8548daadc ]
Statically initialized objects are usually not initialized via the init()
function of the subsystem. They are special cased and the subsystem
provides a function to validate whether an object which is not yet tracked
by debugobjects is statically initialized. This means the object is started
to be tracked on first use, e.g. activation.
This works perfectly fine, unless there are two concurrent operations on
that object. Schspa decoded the problem:
T0 T1
debug_object_assert_init(addr)
lock_hash_bucket()
obj = lookup_object(addr);
if (!obj) {
unlock_hash_bucket();
- > preemption
lock_subsytem_object(addr);
activate_object(addr)
lock_hash_bucket();
obj = lookup_object(addr);
if (!obj) {
unlock_hash_bucket();
if (is_static_object(addr))
init_and_track(addr);
lock_hash_bucket();
obj = lookup_object(addr);
obj->state = ACTIVATED;
unlock_hash_bucket();
subsys function modifies content of addr,
so static object detection does
not longer work.
unlock_subsytem_object(addr);
if (is_static_object(addr)) <- Fails
debugobject emits a warning and invokes the fixup function which
reinitializes the already active object in the worst case.
This race exists forever, but was never observed until mod_timer() got a
debug_object_assert_init() added which is outside of the timer base lock
held section right at the beginning of the function to cover the lockless
early exit points too.
Rework the code so that the lookup, the static object check and the
tracking object association happens atomically under the hash bucket
lock. This prevents the issue completely as all callers are serialized on
the hash bucket lock and therefore cannot observe inconsistent state.
Fixes: 3ac7fe5a4aab ("infrastructure to debug (dynamic) objects")
Reported-by: syzbot+5093ba19745994288b53@syzkaller.appspotmail.com
Debugged-by: Schspa Shi <schspa@gmail.com>
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
Reviewed-by: Stephen Boyd <swboyd@chromium.org>
Link: https://syzkaller.appspot.com/bug?id=22c8a5938eab640d1c6bcc0e3dc7be519d878462
Link: https://lore.kernel.org/lkml/20230303161906.831686-1-schspa@gmail.com
Link: https://lore.kernel.org/r/87zg7dzgao.ffs@tglx
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
lib/debugobjects.c | 125 ++++++++++++++++++++++++---------------------
1 file changed, 66 insertions(+), 59 deletions(-)
diff --git a/lib/debugobjects.c b/lib/debugobjects.c
index 793c31b7e417d..097071b5a11d9 100644
--- a/lib/debugobjects.c
+++ b/lib/debugobjects.c
@@ -219,10 +219,6 @@ static struct debug_obj *__alloc_object(struct hlist_head *list)
return obj;
}
-/*
- * Allocate a new object. If the pool is empty, switch off the debugger.
- * Must be called with interrupts disabled.
- */
static struct debug_obj *
alloc_object(void *addr, struct debug_bucket *b, const struct debug_obj_descr *descr)
{
@@ -555,11 +551,49 @@ static void debug_object_is_on_stack(void *addr, int onstack)
WARN_ON(1);
}
+static struct debug_obj *lookup_object_or_alloc(void *addr, struct debug_bucket *b,
+ const struct debug_obj_descr *descr,
+ bool onstack, bool alloc_ifstatic)
+{
+ struct debug_obj *obj = lookup_object(addr, b);
+ enum debug_obj_state state = ODEBUG_STATE_NONE;
+
+ if (likely(obj))
+ return obj;
+
+ /*
+ * debug_object_init() unconditionally allocates untracked
+ * objects. It does not matter whether it is a static object or
+ * not.
+ *
+ * debug_object_assert_init() and debug_object_activate() allow
+ * allocation only if the descriptor callback confirms that the
+ * object is static and considered initialized. For non-static
+ * objects the allocation needs to be done from the fixup callback.
+ */
+ if (unlikely(alloc_ifstatic)) {
+ if (!descr->is_static_object || !descr->is_static_object(addr))
+ return ERR_PTR(-ENOENT);
+ /* Statically allocated objects are considered initialized */
+ state = ODEBUG_STATE_INIT;
+ }
+
+ obj = alloc_object(addr, b, descr);
+ if (likely(obj)) {
+ obj->state = state;
+ debug_object_is_on_stack(addr, onstack);
+ return obj;
+ }
+
+ /* Out of memory. Do the cleanup outside of the locked region */
+ debug_objects_enabled = 0;
+ return NULL;
+}
+
static void
__debug_object_init(void *addr, const struct debug_obj_descr *descr, int onstack)
{
enum debug_obj_state state;
- bool check_stack = false;
struct debug_bucket *db;
struct debug_obj *obj;
unsigned long flags;
@@ -575,16 +609,11 @@ __debug_object_init(void *addr, const struct debug_obj_descr *descr, int onstack
raw_spin_lock_irqsave(&db->lock, flags);
- obj = lookup_object(addr, db);
- if (!obj) {
- obj = alloc_object(addr, db, descr);
- if (!obj) {
- debug_objects_enabled = 0;
- raw_spin_unlock_irqrestore(&db->lock, flags);
- debug_objects_oom();
- return;
- }
- check_stack = true;
+ obj = lookup_object_or_alloc(addr, db, descr, onstack, false);
+ if (unlikely(!obj)) {
+ raw_spin_unlock_irqrestore(&db->lock, flags);
+ debug_objects_oom();
+ return;
}
switch (obj->state) {
@@ -610,8 +639,6 @@ __debug_object_init(void *addr, const struct debug_obj_descr *descr, int onstack
}
raw_spin_unlock_irqrestore(&db->lock, flags);
- if (check_stack)
- debug_object_is_on_stack(addr, onstack);
}
/**
@@ -651,14 +678,12 @@ EXPORT_SYMBOL_GPL(debug_object_init_on_stack);
*/
int debug_object_activate(void *addr, const struct debug_obj_descr *descr)
{
+ struct debug_obj o = { .object = addr, .state = ODEBUG_STATE_NOTAVAILABLE, .descr = descr };
enum debug_obj_state state;
struct debug_bucket *db;
struct debug_obj *obj;
unsigned long flags;
int ret;
- struct debug_obj o = { .object = addr,
- .state = ODEBUG_STATE_NOTAVAILABLE,
- .descr = descr };
if (!debug_objects_enabled)
return 0;
@@ -667,8 +692,8 @@ int debug_object_activate(void *addr, const struct debug_obj_descr *descr)
raw_spin_lock_irqsave(&db->lock, flags);
- obj = lookup_object(addr, db);
- if (obj) {
+ obj = lookup_object_or_alloc(addr, db, descr, false, true);
+ if (likely(!IS_ERR_OR_NULL(obj))) {
bool print_object = false;
switch (obj->state) {
@@ -701,24 +726,16 @@ int debug_object_activate(void *addr, const struct debug_obj_descr *descr)
raw_spin_unlock_irqrestore(&db->lock, flags);
- /*
- * We are here when a static object is activated. We
- * let the type specific code confirm whether this is
- * true or not. if true, we just make sure that the
- * static object is tracked in the object tracker. If
- * not, this must be a bug, so we try to fix it up.
- */
- if (descr->is_static_object && descr->is_static_object(addr)) {
- /* track this static object */
- debug_object_init(addr, descr);
- debug_object_activate(addr, descr);
- } else {
- debug_print_object(&o, "activate");
- ret = debug_object_fixup(descr->fixup_activate, addr,
- ODEBUG_STATE_NOTAVAILABLE);
- return ret ? 0 : -EINVAL;
+ /* If NULL the allocation has hit OOM */
+ if (!obj) {
+ debug_objects_oom();
+ return 0;
}
- return 0;
+
+ /* Object is neither static nor tracked. It's not initialized */
+ debug_print_object(&o, "activate");
+ ret = debug_object_fixup(descr->fixup_activate, addr, ODEBUG_STATE_NOTAVAILABLE);
+ return ret ? 0 : -EINVAL;
}
EXPORT_SYMBOL_GPL(debug_object_activate);
@@ -872,6 +889,7 @@ EXPORT_SYMBOL_GPL(debug_object_free);
*/
void debug_object_assert_init(void *addr, const struct debug_obj_descr *descr)
{
+ struct debug_obj o = { .object = addr, .state = ODEBUG_STATE_NOTAVAILABLE, .descr = descr };
struct debug_bucket *db;
struct debug_obj *obj;
unsigned long flags;
@@ -882,31 +900,20 @@ void debug_object_assert_init(void *addr, const struct debug_obj_descr *descr)
db = get_bucket((unsigned long) addr);
raw_spin_lock_irqsave(&db->lock, flags);
+ obj = lookup_object_or_alloc(addr, db, descr, false, true);
+ raw_spin_unlock_irqrestore(&db->lock, flags);
+ if (likely(!IS_ERR_OR_NULL(obj)))
+ return;
- obj = lookup_object(addr, db);
+ /* If NULL the allocation has hit OOM */
if (!obj) {
- struct debug_obj o = { .object = addr,
- .state = ODEBUG_STATE_NOTAVAILABLE,
- .descr = descr };
-
- raw_spin_unlock_irqrestore(&db->lock, flags);
- /*
- * Maybe the object is static, and we let the type specific
- * code confirm. Track this static object if true, else invoke
- * fixup.
- */
- if (descr->is_static_object && descr->is_static_object(addr)) {
- /* Track this static object */
- debug_object_init(addr, descr);
- } else {
- debug_print_object(&o, "assert_init");
- debug_object_fixup(descr->fixup_assert_init, addr,
- ODEBUG_STATE_NOTAVAILABLE);
- }
+ debug_objects_oom();
return;
}
- raw_spin_unlock_irqrestore(&db->lock, flags);
+ /* Object is neither tracked nor static. It's not initialized. */
+ debug_print_object(&o, "assert_init");
+ debug_object_fixup(descr->fixup_assert_init, addr, ODEBUG_STATE_NOTAVAILABLE);
}
EXPORT_SYMBOL_GPL(debug_object_assert_init);
--
2.39.2
^ permalink raw reply related [flat|nested] 391+ messages in thread
* [PATCH 5.15 146/371] drm/i915: Make intel_get_crtc_new_encoder() less oopsy
2023-05-08 9:43 [PATCH 5.15 000/371] 5.15.111-rc1 review Greg Kroah-Hartman
` (144 preceding siblings ...)
2023-05-08 9:45 ` [PATCH 5.15 145/371] debugobject: Prevent init race with static objects Greg Kroah-Hartman
@ 2023-05-08 9:45 ` Greg Kroah-Hartman
2023-05-08 9:45 ` [PATCH 5.15 147/371] tick/common: Align tick period with the HZ tick Greg Kroah-Hartman
` (228 subsequent siblings)
374 siblings, 0 replies; 391+ messages in thread
From: Greg Kroah-Hartman @ 2023-05-08 9:45 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Ville Syrjälä,
Jani Nikula, Joonas Lahtinen, Sasha Levin
From: Ville Syrjälä <ville.syrjala@linux.intel.com>
[ Upstream commit 631420b06597a33c72b6dcef78d1c2dea17f452d ]
The point of the WARN was to print something, not oops
straight up. Currently that is precisely what happens
if we can't find the connector for the crtc in the atomic
state. Get the dev pointer from the atomic state instead
of the potentially NULL encoder to avoid that.
Signed-off-by: Ville Syrjälä <ville.syrjala@linux.intel.com>
Link: https://patchwork.freedesktop.org/patch/msgid/20230413200602.6037-2-ville.syrjala@linux.intel.com
Fixes: 3a47ae201e07 ("drm/i915/display: Make WARN* drm specific where encoder ptr is available")
Reviewed-by: Jani Nikula <jani.nikula@intel.com>
(cherry picked from commit 3b6692357f70498f617ea1b31a0378070a0acf1c)
Signed-off-by: Joonas Lahtinen <joonas.lahtinen@linux.intel.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/gpu/drm/i915/display/intel_display.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/gpu/drm/i915/display/intel_display.c b/drivers/gpu/drm/i915/display/intel_display.c
index 566b34ba57e18..26811176846dc 100644
--- a/drivers/gpu/drm/i915/display/intel_display.c
+++ b/drivers/gpu/drm/i915/display/intel_display.c
@@ -2303,7 +2303,7 @@ intel_get_crtc_new_encoder(const struct intel_atomic_state *state,
num_encoders++;
}
- drm_WARN(encoder->base.dev, num_encoders != 1,
+ drm_WARN(state->base.dev, num_encoders != 1,
"%d encoders for pipe %c\n",
num_encoders, pipe_name(crtc->pipe));
--
2.39.2
^ permalink raw reply related [flat|nested] 391+ messages in thread
* [PATCH 5.15 147/371] tick/common: Align tick period with the HZ tick.
2023-05-08 9:43 [PATCH 5.15 000/371] 5.15.111-rc1 review Greg Kroah-Hartman
` (145 preceding siblings ...)
2023-05-08 9:45 ` [PATCH 5.15 146/371] drm/i915: Make intel_get_crtc_new_encoder() less oopsy Greg Kroah-Hartman
@ 2023-05-08 9:45 ` Greg Kroah-Hartman
2023-05-08 9:45 ` [PATCH 5.15 148/371] cpufreq: use correct unit when verify cur freq Greg Kroah-Hartman
` (227 subsequent siblings)
374 siblings, 0 replies; 391+ messages in thread
From: Greg Kroah-Hartman @ 2023-05-08 9:45 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Gusenleitner Klaus,
Sebastian Andrzej Siewior, Thomas Gleixner, Sasha Levin
From: Sebastian Andrzej Siewior <bigeasy@linutronix.de>
[ Upstream commit e9523a0d81899361214d118ad60ef76f0e92f71d ]
With HIGHRES enabled tick_sched_timer() is programmed every jiffy to
expire the timer_list timers. This timer is programmed accurate in
respect to CLOCK_MONOTONIC so that 0 seconds and nanoseconds is the
first tick and the next one is 1000/CONFIG_HZ ms later. For HZ=250 it is
every 4 ms and so based on the current time the next tick can be
computed.
This accuracy broke since the commit mentioned below because the jiffy
based clocksource is initialized with higher accuracy in
read_persistent_wall_and_boot_offset(). This higher accuracy is
inherited during the setup in tick_setup_device(). The timer still fires
every 4ms with HZ=250 but timer is no longer aligned with
CLOCK_MONOTONIC with 0 as it origin but has an offset in the us/ns part
of the timestamp. The offset differs with every boot and makes it
impossible for user land to align with the tick.
Align the tick period with CLOCK_MONOTONIC ensuring that it is always a
multiple of 1000/CONFIG_HZ ms.
Fixes: 857baa87b6422 ("sched/clock: Enable sched clock early")
Reported-by: Gusenleitner Klaus <gus@keba.com>
Signed-off-by: Sebastian Andrzej Siewior <bigeasy@linutronix.de>
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
Link: https://lore.kernel.org/20230406095735.0_14edn3@linutronix.de
Link: https://lore.kernel.org/r/20230418122639.ikgfvu3f@linutronix.de
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
kernel/time/tick-common.c | 12 +++++++++++-
1 file changed, 11 insertions(+), 1 deletion(-)
diff --git a/kernel/time/tick-common.c b/kernel/time/tick-common.c
index 46789356f856e..65b8658da829e 100644
--- a/kernel/time/tick-common.c
+++ b/kernel/time/tick-common.c
@@ -218,9 +218,19 @@ static void tick_setup_device(struct tick_device *td,
* this cpu:
*/
if (tick_do_timer_cpu == TICK_DO_TIMER_BOOT) {
+ ktime_t next_p;
+ u32 rem;
+
tick_do_timer_cpu = cpu;
- tick_next_period = ktime_get();
+ next_p = ktime_get();
+ div_u64_rem(next_p, TICK_NSEC, &rem);
+ if (rem) {
+ next_p -= rem;
+ next_p += TICK_NSEC;
+ }
+
+ tick_next_period = next_p;
#ifdef CONFIG_NO_HZ_FULL
/*
* The boot CPU may be nohz_full, in which case set
--
2.39.2
^ permalink raw reply related [flat|nested] 391+ messages in thread
* [PATCH 5.15 148/371] cpufreq: use correct unit when verify cur freq
2023-05-08 9:43 [PATCH 5.15 000/371] 5.15.111-rc1 review Greg Kroah-Hartman
` (146 preceding siblings ...)
2023-05-08 9:45 ` [PATCH 5.15 147/371] tick/common: Align tick period with the HZ tick Greg Kroah-Hartman
@ 2023-05-08 9:45 ` Greg Kroah-Hartman
2023-05-08 9:45 ` [PATCH 5.15 149/371] hwmon: (pmbus/fsp-3y) Fix functionality bitmask in FSP-3Y YM-2151E Greg Kroah-Hartman
` (226 subsequent siblings)
374 siblings, 0 replies; 391+ messages in thread
From: Greg Kroah-Hartman @ 2023-05-08 9:45 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Sanjay Chandrashekara, Sumit Gupta,
Rafael J. Wysocki, Sasha Levin
From: Sanjay Chandrashekara <sanjayc@nvidia.com>
[ Upstream commit 44295af5019f1997d038ad2611086a2d1e2af167 ]
cpufreq_verify_current_freq checks() if the frequency returned by
the hardware has a slight delta with the valid frequency value
last set and returns "policy->cur" if the delta is within "1 MHz".
In the comparison, "policy->cur" is in "kHz" but it's compared
against HZ_PER_MHZ. So, the comparison range becomes "1 GHz".
Fix this by comparing against KHZ_PER_MHZ instead of HZ_PER_MHZ.
Fixes: f55ae08c8987 ("cpufreq: Avoid unnecessary frequency updates due to mismatch")
Signed-off-by: Sanjay Chandrashekara <sanjayc@nvidia.com>
[ sumit gupta: Commit message update ]
Signed-off-by: Sumit Gupta <sumitg@nvidia.com>
Signed-off-by: Rafael J. Wysocki <rafael.j.wysocki@intel.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/cpufreq/cpufreq.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/cpufreq/cpufreq.c b/drivers/cpufreq/cpufreq.c
index b998b50839534..ae7b95e15ac7e 100644
--- a/drivers/cpufreq/cpufreq.c
+++ b/drivers/cpufreq/cpufreq.c
@@ -1709,7 +1709,7 @@ static unsigned int cpufreq_verify_current_freq(struct cpufreq_policy *policy, b
* MHz. In such cases it is better to avoid getting into
* unnecessary frequency updates.
*/
- if (abs(policy->cur - new_freq) < HZ_PER_MHZ)
+ if (abs(policy->cur - new_freq) < KHZ_PER_MHZ)
return policy->cur;
cpufreq_out_of_sync(policy, new_freq);
--
2.39.2
^ permalink raw reply related [flat|nested] 391+ messages in thread
* [PATCH 5.15 149/371] hwmon: (pmbus/fsp-3y) Fix functionality bitmask in FSP-3Y YM-2151E
2023-05-08 9:43 [PATCH 5.15 000/371] 5.15.111-rc1 review Greg Kroah-Hartman
` (147 preceding siblings ...)
2023-05-08 9:45 ` [PATCH 5.15 148/371] cpufreq: use correct unit when verify cur freq Greg Kroah-Hartman
@ 2023-05-08 9:45 ` Greg Kroah-Hartman
2023-05-08 9:45 ` [PATCH 5.15 150/371] wifi: ath6kl: minor fix for allocation size Greg Kroah-Hartman
` (225 subsequent siblings)
374 siblings, 0 replies; 391+ messages in thread
From: Greg Kroah-Hartman @ 2023-05-08 9:45 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Jan Kundrát,
Tomáš Pecka, Guenter Roeck, Sasha Levin
From: Tomáš Pecka <tomas.pecka@cesnet.cz>
[ Upstream commit 93822f5161a2dc57a60b95b35b3cb8589f53413e ]
The bit flags in pmbus_driver_info functionality for YM-2151E chip were
joined with a comma operator instead of a bitwise OR. This means that
the last constant PMBUS_HAVE_IIN was not OR-ed with the other
PM_BUS_HAVE_* constants for this page but it initialized the next element
of the func array (which was not accessed from anywhere because of the
number of pages).
However, there is no need for setting PMBUS_HAVE_IIN in the 5Vsb page
because this command does not seem to be paged. Obviously, the device
only has one IIN sensor, so it doesn't make sense to query it again from
the second page.
Fixes: 1734b4135a62 ("hwmon: Add driver for fsp-3y PSUs and PDUs")
Signed-off-by: Jan Kundrát <jan.kundrat@cesnet.cz>
Signed-off-by: Tomáš Pecka <tomas.pecka@cesnet.cz>
Link: https://lore.kernel.org/r/20230420171939.212040-1-tomas.pecka@cesnet.cz
Signed-off-by: Guenter Roeck <linux@roeck-us.net>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/hwmon/pmbus/fsp-3y.c | 1 -
1 file changed, 1 deletion(-)
diff --git a/drivers/hwmon/pmbus/fsp-3y.c b/drivers/hwmon/pmbus/fsp-3y.c
index aec294cc72d1f..c7469d2cdedcf 100644
--- a/drivers/hwmon/pmbus/fsp-3y.c
+++ b/drivers/hwmon/pmbus/fsp-3y.c
@@ -180,7 +180,6 @@ static struct pmbus_driver_info fsp3y_info[] = {
PMBUS_HAVE_FAN12,
.func[YM2151_PAGE_5VSB_LOG] =
PMBUS_HAVE_VOUT | PMBUS_HAVE_IOUT,
- PMBUS_HAVE_IIN,
.read_word_data = fsp3y_read_word_data,
.read_byte_data = fsp3y_read_byte_data,
},
--
2.39.2
^ permalink raw reply related [flat|nested] 391+ messages in thread
* [PATCH 5.15 150/371] wifi: ath6kl: minor fix for allocation size
2023-05-08 9:43 [PATCH 5.15 000/371] 5.15.111-rc1 review Greg Kroah-Hartman
` (148 preceding siblings ...)
2023-05-08 9:45 ` [PATCH 5.15 149/371] hwmon: (pmbus/fsp-3y) Fix functionality bitmask in FSP-3Y YM-2151E Greg Kroah-Hartman
@ 2023-05-08 9:45 ` Greg Kroah-Hartman
2023-05-08 9:45 ` [PATCH 5.15 151/371] wifi: ath9k: hif_usb: fix memory leak of remain_skbs Greg Kroah-Hartman
` (224 subsequent siblings)
374 siblings, 0 replies; 391+ messages in thread
From: Greg Kroah-Hartman @ 2023-05-08 9:45 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Alexey V. Vissarionov, Kalle Valo,
Sasha Levin
From: Alexey V. Vissarionov <gremlin@altlinux.org>
[ Upstream commit 778f83f889e7fca37780d9640fcbd0229ae38eaa ]
Although the "param" pointer occupies more or equal space compared
to "*param", the allocation size should use the size of variable
itself.
Found by Linux Verification Center (linuxtesting.org) with SVACE.
Fixes: bdcd81707973cf8a ("Add ath6kl cleaned up driver")
Signed-off-by: Alexey V. Vissarionov <gremlin@altlinux.org>
Signed-off-by: Kalle Valo <quic_kvalo@quicinc.com>
Link: https://lore.kernel.org/r/20230117110414.GC12547@altlinux.org
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/wireless/ath/ath6kl/bmi.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/net/wireless/ath/ath6kl/bmi.c b/drivers/net/wireless/ath/ath6kl/bmi.c
index bde5a10d470c8..af98e871199d3 100644
--- a/drivers/net/wireless/ath/ath6kl/bmi.c
+++ b/drivers/net/wireless/ath/ath6kl/bmi.c
@@ -246,7 +246,7 @@ int ath6kl_bmi_execute(struct ath6kl *ar, u32 addr, u32 *param)
return -EACCES;
}
- size = sizeof(cid) + sizeof(addr) + sizeof(param);
+ size = sizeof(cid) + sizeof(addr) + sizeof(*param);
if (size > ar->bmi.max_cmd_size) {
WARN_ON(1);
return -EINVAL;
--
2.39.2
^ permalink raw reply related [flat|nested] 391+ messages in thread
* [PATCH 5.15 151/371] wifi: ath9k: hif_usb: fix memory leak of remain_skbs
2023-05-08 9:43 [PATCH 5.15 000/371] 5.15.111-rc1 review Greg Kroah-Hartman
` (149 preceding siblings ...)
2023-05-08 9:45 ` [PATCH 5.15 150/371] wifi: ath6kl: minor fix for allocation size Greg Kroah-Hartman
@ 2023-05-08 9:45 ` Greg Kroah-Hartman
2023-05-08 9:45 ` [PATCH 5.15 152/371] wifi: ath5k: fix an off by one check in ath5k_eeprom_read_freq_list() Greg Kroah-Hartman
` (223 subsequent siblings)
374 siblings, 0 replies; 391+ messages in thread
From: Greg Kroah-Hartman @ 2023-05-08 9:45 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Fedor Pchelkin, Alexey Khoroshilov,
Toke Høiland-Jørgensen, Kalle Valo, Sasha Levin
From: Fedor Pchelkin <pchelkin@ispras.ru>
[ Upstream commit 7654cc03eb699297130b693ec34e25f77b17c947 ]
hif_dev->remain_skb is allocated and used exclusively in
ath9k_hif_usb_rx_stream(). It is implied that an allocated remain_skb is
processed and subsequently freed (in error paths) only during the next
call of ath9k_hif_usb_rx_stream().
So, if the urbs are deallocated between those two calls due to the device
deinitialization or suspend, it is possible that ath9k_hif_usb_rx_stream()
is not called next time and the allocated remain_skb is leaked. Our local
Syzkaller instance was able to trigger that.
remain_skb makes sense when receiving two consecutive urbs which are
logically linked together, i.e. a specific data field from the first skb
indicates a cached skb to be allocated, memcpy'd with some data and
subsequently processed in the next call to ath9k_hif_usb_rx_stream(). Urbs
deallocation supposedly makes that link irrelevant so we need to free the
cached skb in those cases.
Fix the leak by introducing a function to explicitly free remain_skb (if
it is not NULL) when the rx urbs have been deallocated. remain_skb is NULL
when it has not been allocated at all (hif_dev struct is kzalloced) or
when it has been processed in next call to ath9k_hif_usb_rx_stream().
Found by Linux Verification Center (linuxtesting.org) with Syzkaller.
Fixes: fb9987d0f748 ("ath9k_htc: Support for AR9271 chipset.")
Signed-off-by: Fedor Pchelkin <pchelkin@ispras.ru>
Signed-off-by: Alexey Khoroshilov <khoroshilov@ispras.ru>
Acked-by: Toke Høiland-Jørgensen <toke@toke.dk>
Signed-off-by: Kalle Valo <quic_kvalo@quicinc.com>
Link: https://lore.kernel.org/r/20230216192301.171225-1-pchelkin@ispras.ru
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/wireless/ath/ath9k/hif_usb.c | 19 +++++++++++++++++++
1 file changed, 19 insertions(+)
diff --git a/drivers/net/wireless/ath/ath9k/hif_usb.c b/drivers/net/wireless/ath/ath9k/hif_usb.c
index f521dfa2f1945..e0130beb304df 100644
--- a/drivers/net/wireless/ath/ath9k/hif_usb.c
+++ b/drivers/net/wireless/ath/ath9k/hif_usb.c
@@ -534,6 +534,24 @@ static struct ath9k_htc_hif hif_usb = {
.send = hif_usb_send,
};
+/* Need to free remain_skb allocated in ath9k_hif_usb_rx_stream
+ * in case ath9k_hif_usb_rx_stream wasn't called next time to
+ * process the buffer and subsequently free it.
+ */
+static void ath9k_hif_usb_free_rx_remain_skb(struct hif_device_usb *hif_dev)
+{
+ unsigned long flags;
+
+ spin_lock_irqsave(&hif_dev->rx_lock, flags);
+ if (hif_dev->remain_skb) {
+ dev_kfree_skb_any(hif_dev->remain_skb);
+ hif_dev->remain_skb = NULL;
+ hif_dev->rx_remain_len = 0;
+ RX_STAT_INC(hif_dev, skb_dropped);
+ }
+ spin_unlock_irqrestore(&hif_dev->rx_lock, flags);
+}
+
static void ath9k_hif_usb_rx_stream(struct hif_device_usb *hif_dev,
struct sk_buff *skb)
{
@@ -868,6 +886,7 @@ static int ath9k_hif_usb_alloc_tx_urbs(struct hif_device_usb *hif_dev)
static void ath9k_hif_usb_dealloc_rx_urbs(struct hif_device_usb *hif_dev)
{
usb_kill_anchored_urbs(&hif_dev->rx_submitted);
+ ath9k_hif_usb_free_rx_remain_skb(hif_dev);
}
static int ath9k_hif_usb_alloc_rx_urbs(struct hif_device_usb *hif_dev)
--
2.39.2
^ permalink raw reply related [flat|nested] 391+ messages in thread
* [PATCH 5.15 152/371] wifi: ath5k: fix an off by one check in ath5k_eeprom_read_freq_list()
2023-05-08 9:43 [PATCH 5.15 000/371] 5.15.111-rc1 review Greg Kroah-Hartman
` (150 preceding siblings ...)
2023-05-08 9:45 ` [PATCH 5.15 151/371] wifi: ath9k: hif_usb: fix memory leak of remain_skbs Greg Kroah-Hartman
@ 2023-05-08 9:45 ` Greg Kroah-Hartman
2023-05-08 9:45 ` [PATCH 5.15 153/371] wifi: brcmfmac: support CQM RSSI notification with older firmware Greg Kroah-Hartman
` (222 subsequent siblings)
374 siblings, 0 replies; 391+ messages in thread
From: Greg Kroah-Hartman @ 2023-05-08 9:45 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Dan Carpenter, Luis Chamberlain,
Kalle Valo, Sasha Levin
From: Dan Carpenter <error27@gmail.com>
[ Upstream commit 4c856ee12df85aabd437c3836ed9f68d94268358 ]
This loop checks that i < max at the start of loop but then it does
i++ which could put it past the end of the array. It's harmless to
check again and prevent a potential out of bounds.
Fixes: 1048643ea94d ("ath5k: Clean up eeprom parsing and add missing calibration data")
Signed-off-by: Dan Carpenter <error27@gmail.com>
Reviewed-by: Luis Chamberlain <mcgrof@kernel.org>
Signed-off-by: Kalle Valo <quic_kvalo@quicinc.com>
Link: https://lore.kernel.org/r/Y+D9hPQrHfWBJhXz@kili
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/wireless/ath/ath5k/eeprom.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/net/wireless/ath/ath5k/eeprom.c b/drivers/net/wireless/ath/ath5k/eeprom.c
index d444b3d70ba2e..58d3e86f6256d 100644
--- a/drivers/net/wireless/ath/ath5k/eeprom.c
+++ b/drivers/net/wireless/ath/ath5k/eeprom.c
@@ -529,7 +529,7 @@ ath5k_eeprom_read_freq_list(struct ath5k_hw *ah, int *offset, int max,
ee->ee_n_piers[mode]++;
freq2 = (val >> 8) & 0xff;
- if (!freq2)
+ if (!freq2 || i >= max)
break;
pc[i++].freq = ath5k_eeprom_bin2freq(ee,
--
2.39.2
^ permalink raw reply related [flat|nested] 391+ messages in thread
* [PATCH 5.15 153/371] wifi: brcmfmac: support CQM RSSI notification with older firmware
2023-05-08 9:43 [PATCH 5.15 000/371] 5.15.111-rc1 review Greg Kroah-Hartman
` (151 preceding siblings ...)
2023-05-08 9:45 ` [PATCH 5.15 152/371] wifi: ath5k: fix an off by one check in ath5k_eeprom_read_freq_list() Greg Kroah-Hartman
@ 2023-05-08 9:45 ` Greg Kroah-Hartman
2023-05-08 9:45 ` [PATCH 5.15 154/371] wifi: ath6kl: reduce WARN to dev_dbg() in callback Greg Kroah-Hartman
` (221 subsequent siblings)
374 siblings, 0 replies; 391+ messages in thread
From: Greg Kroah-Hartman @ 2023-05-08 9:45 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, John Keeping, Kalle Valo, Sasha Levin
From: John Keeping <john@metanate.com>
[ Upstream commit ec52d77d077529f198fd874c550a26b9cc86a331 ]
Using the BCM4339 firmware from linux-firmware (version "BCM4339/2 wl0:
Sep 5 2019 11:05:52 version 6.37.39.113 (r722271 CY)" from
cypress/cyfmac4339-sdio.bin) the RSSI respose is only 4 bytes, which
results in an error being logged.
It seems that older devices send only the RSSI field and neither SNR nor
noise is included. Handle this by accepting a 4 byte message and
reading only the RSSI from it.
Fixes: 7dd56ea45a66 ("brcmfmac: add support for CQM RSSI notifications")
Signed-off-by: John Keeping <john@metanate.com>
Signed-off-by: Kalle Valo <kvalo@kernel.org>
Link: https://lore.kernel.org/r/20230124104248.2917465-1-john@metanate.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
.../broadcom/brcm80211/brcmfmac/cfg80211.c | 14 ++++++++------
1 file changed, 8 insertions(+), 6 deletions(-)
diff --git a/drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg80211.c b/drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg80211.c
index cba909c5bc6b6..5a1b01db02e6e 100644
--- a/drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg80211.c
+++ b/drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg80211.c
@@ -6212,18 +6212,20 @@ static s32 brcmf_notify_rssi(struct brcmf_if *ifp,
{
struct brcmf_cfg80211_vif *vif = ifp->vif;
struct brcmf_rssi_be *info = data;
- s32 rssi, snr, noise;
+ s32 rssi, snr = 0, noise = 0;
s32 low, high, last;
- if (e->datalen < sizeof(*info)) {
+ if (e->datalen >= sizeof(*info)) {
+ rssi = be32_to_cpu(info->rssi);
+ snr = be32_to_cpu(info->snr);
+ noise = be32_to_cpu(info->noise);
+ } else if (e->datalen >= sizeof(rssi)) {
+ rssi = be32_to_cpu(*(__be32 *)data);
+ } else {
brcmf_err("insufficient RSSI event data\n");
return 0;
}
- rssi = be32_to_cpu(info->rssi);
- snr = be32_to_cpu(info->snr);
- noise = be32_to_cpu(info->noise);
-
low = vif->cqm_rssi_low;
high = vif->cqm_rssi_high;
last = vif->cqm_rssi_last;
--
2.39.2
^ permalink raw reply related [flat|nested] 391+ messages in thread
* [PATCH 5.15 154/371] wifi: ath6kl: reduce WARN to dev_dbg() in callback
2023-05-08 9:43 [PATCH 5.15 000/371] 5.15.111-rc1 review Greg Kroah-Hartman
` (152 preceding siblings ...)
2023-05-08 9:45 ` [PATCH 5.15 153/371] wifi: brcmfmac: support CQM RSSI notification with older firmware Greg Kroah-Hartman
@ 2023-05-08 9:45 ` Greg Kroah-Hartman
2023-05-08 9:45 ` [PATCH 5.15 155/371] tools: bpftool: Remove invalid \ json escape Greg Kroah-Hartman
` (220 subsequent siblings)
374 siblings, 0 replies; 391+ messages in thread
From: Greg Kroah-Hartman @ 2023-05-08 9:45 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Oliver Neukum, Fedor Pchelkin,
Alexey Khoroshilov, Kalle Valo, Sasha Levin,
syzbot+555908813b2ea35dae9a
From: Fedor Pchelkin <pchelkin@ispras.ru>
[ Upstream commit 75c4a8154cb6c7239fb55d5550f481f6765fb83c ]
The warn is triggered on a known race condition, documented in the code above
the test, that is correctly handled. Using WARN() hinders automated testing.
Reducing severity.
Fixes: de2070fc4aa7 ("ath6kl: Fix kernel panic on continuous driver load/unload")
Reported-and-tested-by: syzbot+555908813b2ea35dae9a@syzkaller.appspotmail.com
Signed-off-by: Oliver Neukum <oneukum@suse.com>
Signed-off-by: Fedor Pchelkin <pchelkin@ispras.ru>
Signed-off-by: Alexey Khoroshilov <khoroshilov@ispras.ru>
Signed-off-by: Kalle Valo <quic_kvalo@quicinc.com>
Link: https://lore.kernel.org/r/20230126182431.867984-1-pchelkin@ispras.ru
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/wireless/ath/ath6kl/htc_pipe.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/drivers/net/wireless/ath/ath6kl/htc_pipe.c b/drivers/net/wireless/ath/ath6kl/htc_pipe.c
index c68848819a52d..9b88d96bfe96c 100644
--- a/drivers/net/wireless/ath/ath6kl/htc_pipe.c
+++ b/drivers/net/wireless/ath/ath6kl/htc_pipe.c
@@ -960,8 +960,8 @@ static int ath6kl_htc_pipe_rx_complete(struct ath6kl *ar, struct sk_buff *skb,
* Thus the possibility of ar->htc_target being NULL
* via ath6kl_recv_complete -> ath6kl_usb_io_comp_work.
*/
- if (WARN_ON_ONCE(!target)) {
- ath6kl_err("Target not yet initialized\n");
+ if (!target) {
+ ath6kl_dbg(ATH6KL_DBG_HTC, "Target not yet initialized\n");
status = -EINVAL;
goto free_skb;
}
--
2.39.2
^ permalink raw reply related [flat|nested] 391+ messages in thread
* [PATCH 5.15 155/371] tools: bpftool: Remove invalid \ json escape
2023-05-08 9:43 [PATCH 5.15 000/371] 5.15.111-rc1 review Greg Kroah-Hartman
` (153 preceding siblings ...)
2023-05-08 9:45 ` [PATCH 5.15 154/371] wifi: ath6kl: reduce WARN to dev_dbg() in callback Greg Kroah-Hartman
@ 2023-05-08 9:45 ` Greg Kroah-Hartman
2023-05-08 9:45 ` [PATCH 5.15 156/371] wifi: rtw88: mac: Return the original error from rtw_pwr_seq_parser() Greg Kroah-Hartman
` (219 subsequent siblings)
374 siblings, 0 replies; 391+ messages in thread
From: Greg Kroah-Hartman @ 2023-05-08 9:45 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Luis Gerhorst, Andrii Nakryiko,
Quentin Monnet, Sasha Levin
From: Luis Gerhorst <gerhorst@cs.fau.de>
[ Upstream commit c679bbd611c08b0559ffae079330bc4e5574696a ]
RFC8259 ("The JavaScript Object Notation (JSON) Data Interchange
Format") only specifies \", \\, \/, \b, \f, \n, \r, and \r as valid
two-character escape sequences. This does not include \', which is not
required in JSON because it exclusively uses double quotes as string
separators.
Solidus (/) may be escaped, but does not have to. Only reverse
solidus (\), double quotes ("), and the control characters have to be
escaped. Therefore, with this fix, bpftool correctly supports all valid
two-character escape sequences (but still does not support characters
that require multi-character escape sequences).
Witout this fix, attempting to load a JSON file generated by bpftool
using Python 3.10.6's default json.load() may fail with the error
"Invalid \escape" if the file contains the invalid escaped single
quote (\').
Fixes: b66e907cfee2 ("tools: bpftool: copy JSON writer from iproute2 repository")
Signed-off-by: Luis Gerhorst <gerhorst@cs.fau.de>
Signed-off-by: Andrii Nakryiko <andrii@kernel.org>
Reviewed-by: Quentin Monnet <quentin@isovalent.com>
Link: https://lore.kernel.org/bpf/20230227150853.16863-1-gerhorst@cs.fau.de
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
tools/bpf/bpftool/json_writer.c | 3 ---
1 file changed, 3 deletions(-)
diff --git a/tools/bpf/bpftool/json_writer.c b/tools/bpf/bpftool/json_writer.c
index 7fea83bedf488..bca5dd0a59e34 100644
--- a/tools/bpf/bpftool/json_writer.c
+++ b/tools/bpf/bpftool/json_writer.c
@@ -80,9 +80,6 @@ static void jsonw_puts(json_writer_t *self, const char *str)
case '"':
fputs("\\\"", self->out);
break;
- case '\'':
- fputs("\\\'", self->out);
- break;
default:
putc(*str, self->out);
}
--
2.39.2
^ permalink raw reply related [flat|nested] 391+ messages in thread
* [PATCH 5.15 156/371] wifi: rtw88: mac: Return the original error from rtw_pwr_seq_parser()
2023-05-08 9:43 [PATCH 5.15 000/371] 5.15.111-rc1 review Greg Kroah-Hartman
` (154 preceding siblings ...)
2023-05-08 9:45 ` [PATCH 5.15 155/371] tools: bpftool: Remove invalid \ json escape Greg Kroah-Hartman
@ 2023-05-08 9:45 ` Greg Kroah-Hartman
2023-05-08 9:45 ` [PATCH 5.15 157/371] wifi: rtw88: mac: Return the original error from rtw_mac_power_switch() Greg Kroah-Hartman
` (218 subsequent siblings)
374 siblings, 0 replies; 391+ messages in thread
From: Greg Kroah-Hartman @ 2023-05-08 9:45 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Martin Blumenstingl, Ping-Ke Shih,
Kalle Valo, Sasha Levin
From: Martin Blumenstingl <martin.blumenstingl@googlemail.com>
[ Upstream commit b7ed9fa2cb76ca7a3c3cd4a6d35748fe1fbda9f6 ]
rtw_pwr_seq_parser() calls rtw_sub_pwr_seq_parser() which can either
return -EBUSY, -EINVAL or 0. Propagate the original error code instead
of unconditionally returning -EBUSY in case of an error.
Fixes: e3037485c68e ("rtw88: new Realtek 802.11ac driver")
Signed-off-by: Martin Blumenstingl <martin.blumenstingl@googlemail.com>
Reviewed-by: Ping-Ke Shih <pkshih@realtek.com>
Signed-off-by: Kalle Valo <kvalo@kernel.org>
Link: https://lore.kernel.org/r/20230226221004.138331-2-martin.blumenstingl@googlemail.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/wireless/realtek/rtw88/mac.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/net/wireless/realtek/rtw88/mac.c b/drivers/net/wireless/realtek/rtw88/mac.c
index d1678aed9d9cb..6ad235d7145e1 100644
--- a/drivers/net/wireless/realtek/rtw88/mac.c
+++ b/drivers/net/wireless/realtek/rtw88/mac.c
@@ -233,7 +233,7 @@ static int rtw_pwr_seq_parser(struct rtw_dev *rtwdev,
ret = rtw_sub_pwr_seq_parser(rtwdev, intf_mask, cut_mask, cmd);
if (ret)
- return -EBUSY;
+ return ret;
idx++;
} while (1);
--
2.39.2
^ permalink raw reply related [flat|nested] 391+ messages in thread
* [PATCH 5.15 157/371] wifi: rtw88: mac: Return the original error from rtw_mac_power_switch()
2023-05-08 9:43 [PATCH 5.15 000/371] 5.15.111-rc1 review Greg Kroah-Hartman
` (155 preceding siblings ...)
2023-05-08 9:45 ` [PATCH 5.15 156/371] wifi: rtw88: mac: Return the original error from rtw_pwr_seq_parser() Greg Kroah-Hartman
@ 2023-05-08 9:45 ` Greg Kroah-Hartman
2023-05-08 9:45 ` [PATCH 5.15 158/371] bpf: take into account liveness when propagating precision Greg Kroah-Hartman
` (217 subsequent siblings)
374 siblings, 0 replies; 391+ messages in thread
From: Greg Kroah-Hartman @ 2023-05-08 9:45 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Martin Blumenstingl, Ping-Ke Shih,
Kalle Valo, Sasha Levin
From: Martin Blumenstingl <martin.blumenstingl@googlemail.com>
[ Upstream commit 15c8e267dfa62f207ee1db666c822324e3362b84 ]
rtw_mac_power_switch() calls rtw_pwr_seq_parser() which can return
-EINVAL, -EBUSY or 0. Propagate the original error code instead of
unconditionally returning -EINVAL in case of an error.
Fixes: e3037485c68e ("rtw88: new Realtek 802.11ac driver")
Signed-off-by: Martin Blumenstingl <martin.blumenstingl@googlemail.com>
Reviewed-by: Ping-Ke Shih <pkshih@realtek.com>
Signed-off-by: Kalle Valo <kvalo@kernel.org>
Link: https://lore.kernel.org/r/20230226221004.138331-3-martin.blumenstingl@googlemail.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/wireless/realtek/rtw88/mac.c | 6 ++++--
1 file changed, 4 insertions(+), 2 deletions(-)
diff --git a/drivers/net/wireless/realtek/rtw88/mac.c b/drivers/net/wireless/realtek/rtw88/mac.c
index 6ad235d7145e1..a0576cc0c8452 100644
--- a/drivers/net/wireless/realtek/rtw88/mac.c
+++ b/drivers/net/wireless/realtek/rtw88/mac.c
@@ -247,6 +247,7 @@ static int rtw_mac_power_switch(struct rtw_dev *rtwdev, bool pwr_on)
const struct rtw_pwr_seq_cmd **pwr_seq;
u8 rpwm;
bool cur_pwr;
+ int ret;
if (rtw_chip_wcpu_11ac(rtwdev)) {
rpwm = rtw_read8(rtwdev, rtwdev->hci.rpwm_addr);
@@ -270,8 +271,9 @@ static int rtw_mac_power_switch(struct rtw_dev *rtwdev, bool pwr_on)
return -EALREADY;
pwr_seq = pwr_on ? chip->pwr_on_seq : chip->pwr_off_seq;
- if (rtw_pwr_seq_parser(rtwdev, pwr_seq))
- return -EINVAL;
+ ret = rtw_pwr_seq_parser(rtwdev, pwr_seq);
+ if (ret)
+ return ret;
return 0;
}
--
2.39.2
^ permalink raw reply related [flat|nested] 391+ messages in thread
* [PATCH 5.15 158/371] bpf: take into account liveness when propagating precision
2023-05-08 9:43 [PATCH 5.15 000/371] 5.15.111-rc1 review Greg Kroah-Hartman
` (156 preceding siblings ...)
2023-05-08 9:45 ` [PATCH 5.15 157/371] wifi: rtw88: mac: Return the original error from rtw_mac_power_switch() Greg Kroah-Hartman
@ 2023-05-08 9:45 ` Greg Kroah-Hartman
2023-05-08 9:46 ` [PATCH 5.15 159/371] bpf: fix precision propagation verbose logging Greg Kroah-Hartman
` (216 subsequent siblings)
374 siblings, 0 replies; 391+ messages in thread
From: Greg Kroah-Hartman @ 2023-05-08 9:45 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Andrii Nakryiko, Alexei Starovoitov,
Sasha Levin
From: Andrii Nakryiko <andrii@kernel.org>
[ Upstream commit 52c2b005a3c18c565fc70cfd0ca49375f301e952 ]
When doing state comparison, if old state has register that is not
marked as REG_LIVE_READ, then we just skip comparison, regardless what's
the state of corresponing register in current state. This is because not
REG_LIVE_READ register is irrelevant for further program execution and
correctness. All good here.
But when we get to precision propagation, after two states were declared
equivalent, we don't take into account old register's liveness, and thus
attempt to propagate precision for register in current state even if
that register in old state was not REG_LIVE_READ anymore. This is bad,
because register in current state could be anything at all and this
could cause -EFAULT due to internal logic bugs.
Fix by taking into account REG_LIVE_READ liveness mark to keep the logic
in state comparison in sync with precision propagation.
Fixes: a3ce685dd01a ("bpf: fix precision tracking")
Signed-off-by: Andrii Nakryiko <andrii@kernel.org>
Link: https://lore.kernel.org/r/20230309224131.57449-1-andrii@kernel.org
Signed-off-by: Alexei Starovoitov <ast@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
kernel/bpf/verifier.c | 6 ++++--
1 file changed, 4 insertions(+), 2 deletions(-)
diff --git a/kernel/bpf/verifier.c b/kernel/bpf/verifier.c
index 37d4b5f5ec0c3..8e6f868d6cb9b 100644
--- a/kernel/bpf/verifier.c
+++ b/kernel/bpf/verifier.c
@@ -10616,7 +10616,8 @@ static int propagate_precision(struct bpf_verifier_env *env,
state_reg = state->regs;
for (i = 0; i < BPF_REG_FP; i++, state_reg++) {
if (state_reg->type != SCALAR_VALUE ||
- !state_reg->precise)
+ !state_reg->precise ||
+ !(state_reg->live & REG_LIVE_READ))
continue;
if (env->log.level & BPF_LOG_LEVEL2)
verbose(env, "frame %d: propagating r%d\n", i, fr);
@@ -10630,7 +10631,8 @@ static int propagate_precision(struct bpf_verifier_env *env,
continue;
state_reg = &state->stack[i].spilled_ptr;
if (state_reg->type != SCALAR_VALUE ||
- !state_reg->precise)
+ !state_reg->precise ||
+ !(state_reg->live & REG_LIVE_READ))
continue;
if (env->log.level & BPF_LOG_LEVEL2)
verbose(env, "frame %d: propagating fp%d\n",
--
2.39.2
^ permalink raw reply related [flat|nested] 391+ messages in thread
* [PATCH 5.15 159/371] bpf: fix precision propagation verbose logging
2023-05-08 9:43 [PATCH 5.15 000/371] 5.15.111-rc1 review Greg Kroah-Hartman
` (157 preceding siblings ...)
2023-05-08 9:45 ` [PATCH 5.15 158/371] bpf: take into account liveness when propagating precision Greg Kroah-Hartman
@ 2023-05-08 9:46 ` Greg Kroah-Hartman
2023-05-08 9:46 ` [PATCH 5.15 160/371] scm: fix MSG_CTRUNC setting condition for SO_PASSSEC Greg Kroah-Hartman
` (215 subsequent siblings)
374 siblings, 0 replies; 391+ messages in thread
From: Greg Kroah-Hartman @ 2023-05-08 9:46 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Andrii Nakryiko, Alexei Starovoitov,
Sasha Levin
From: Andrii Nakryiko <andrii@kernel.org>
[ Upstream commit 34f0677e7afd3a292bc1aadda7ce8e35faedb204 ]
Fix wrong order of frame index vs register/slot index in precision
propagation verbose (level 2) output. It's wrong and very confusing as is.
Fixes: 529409ea92d5 ("bpf: propagate precision across all frames, not just the last one")
Signed-off-by: Andrii Nakryiko <andrii@kernel.org>
Link: https://lore.kernel.org/r/20230313184017.4083374-1-andrii@kernel.org
Signed-off-by: Alexei Starovoitov <ast@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
kernel/bpf/verifier.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/kernel/bpf/verifier.c b/kernel/bpf/verifier.c
index 8e6f868d6cb9b..41601299f8b4a 100644
--- a/kernel/bpf/verifier.c
+++ b/kernel/bpf/verifier.c
@@ -10620,7 +10620,7 @@ static int propagate_precision(struct bpf_verifier_env *env,
!(state_reg->live & REG_LIVE_READ))
continue;
if (env->log.level & BPF_LOG_LEVEL2)
- verbose(env, "frame %d: propagating r%d\n", i, fr);
+ verbose(env, "frame %d: propagating r%d\n", fr, i);
err = mark_chain_precision_frame(env, fr, i);
if (err < 0)
return err;
@@ -10636,7 +10636,7 @@ static int propagate_precision(struct bpf_verifier_env *env,
continue;
if (env->log.level & BPF_LOG_LEVEL2)
verbose(env, "frame %d: propagating fp%d\n",
- (-i - 1) * BPF_REG_SIZE, fr);
+ fr, (-i - 1) * BPF_REG_SIZE);
err = mark_chain_precision_stack_frame(env, fr, i);
if (err < 0)
return err;
--
2.39.2
^ permalink raw reply related [flat|nested] 391+ messages in thread
* [PATCH 5.15 160/371] scm: fix MSG_CTRUNC setting condition for SO_PASSSEC
2023-05-08 9:43 [PATCH 5.15 000/371] 5.15.111-rc1 review Greg Kroah-Hartman
` (158 preceding siblings ...)
2023-05-08 9:46 ` [PATCH 5.15 159/371] bpf: fix precision propagation verbose logging Greg Kroah-Hartman
@ 2023-05-08 9:46 ` Greg Kroah-Hartman
2023-05-08 9:46 ` [PATCH 5.15 161/371] selftests/bpf: Fix a fd leak in an error path in network_helpers.c Greg Kroah-Hartman
` (214 subsequent siblings)
374 siblings, 0 replies; 391+ messages in thread
From: Greg Kroah-Hartman @ 2023-05-08 9:46 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, David S. Miller, Eric Dumazet,
Jakub Kicinski, Paolo Abeni, Leon Romanovsky,
Alexander Mikhalitsyn, Paul Moore, Sasha Levin
From: Alexander Mikhalitsyn <aleksandr.mikhalitsyn@canonical.com>
[ Upstream commit a02d83f9947d8f71904eda4de046630c3eb6802c ]
Currently, kernel would set MSG_CTRUNC flag if msg_control buffer
wasn't provided and SO_PASSCRED was set or if there was pending SCM_RIGHTS.
For some reason we have no corresponding check for SO_PASSSEC.
In the recvmsg(2) doc we have:
MSG_CTRUNC
indicates that some control data was discarded due to lack
of space in the buffer for ancillary data.
So, we need to set MSG_CTRUNC flag for all types of SCM.
This change can break applications those don't check MSG_CTRUNC flag.
Cc: "David S. Miller" <davem@davemloft.net>
Cc: Eric Dumazet <edumazet@google.com>
Cc: Jakub Kicinski <kuba@kernel.org>
Cc: Paolo Abeni <pabeni@redhat.com>
Cc: Leon Romanovsky <leon@kernel.org>
Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2")
Signed-off-by: Alexander Mikhalitsyn <aleksandr.mikhalitsyn@canonical.com>
v2:
- commit message was rewritten according to Eric's suggestion
Acked-by: Paul Moore <paul@paul-moore.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
include/net/scm.h | 13 ++++++++++++-
1 file changed, 12 insertions(+), 1 deletion(-)
diff --git a/include/net/scm.h b/include/net/scm.h
index 1ce365f4c2560..585adc1346bd0 100644
--- a/include/net/scm.h
+++ b/include/net/scm.h
@@ -105,16 +105,27 @@ static inline void scm_passec(struct socket *sock, struct msghdr *msg, struct sc
}
}
}
+
+static inline bool scm_has_secdata(struct socket *sock)
+{
+ return test_bit(SOCK_PASSSEC, &sock->flags);
+}
#else
static inline void scm_passec(struct socket *sock, struct msghdr *msg, struct scm_cookie *scm)
{ }
+
+static inline bool scm_has_secdata(struct socket *sock)
+{
+ return false;
+}
#endif /* CONFIG_SECURITY_NETWORK */
static __inline__ void scm_recv(struct socket *sock, struct msghdr *msg,
struct scm_cookie *scm, int flags)
{
if (!msg->msg_control) {
- if (test_bit(SOCK_PASSCRED, &sock->flags) || scm->fp)
+ if (test_bit(SOCK_PASSCRED, &sock->flags) || scm->fp ||
+ scm_has_secdata(sock))
msg->msg_flags |= MSG_CTRUNC;
scm_destroy(scm);
return;
--
2.39.2
^ permalink raw reply related [flat|nested] 391+ messages in thread
* [PATCH 5.15 161/371] selftests/bpf: Fix a fd leak in an error path in network_helpers.c
2023-05-08 9:43 [PATCH 5.15 000/371] 5.15.111-rc1 review Greg Kroah-Hartman
` (159 preceding siblings ...)
2023-05-08 9:46 ` [PATCH 5.15 160/371] scm: fix MSG_CTRUNC setting condition for SO_PASSSEC Greg Kroah-Hartman
@ 2023-05-08 9:46 ` Greg Kroah-Hartman
2023-05-08 9:46 ` [PATCH 5.15 162/371] bpf: Remove misleading spec_v1 check on var-offset stack read Greg Kroah-Hartman
` (213 subsequent siblings)
374 siblings, 0 replies; 391+ messages in thread
From: Greg Kroah-Hartman @ 2023-05-08 9:46 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Andrii Nakryiko, Martin KaFai Lau,
Daniel Borkmann, Yonghong Song, John Fastabend, Sasha Levin
From: Martin KaFai Lau <martin.lau@kernel.org>
[ Upstream commit 226efec2b0efad60d4a6c4b2c3a8710dafc4dc21 ]
In __start_server, it leaks a fd when setsockopt(SO_REUSEPORT) fails.
This patch fixes it.
Fixes: eed92afdd14c ("bpf: selftest: Test batching and bpf_(get|set)sockopt in bpf tcp iter")
Reported-by: Andrii Nakryiko <andrii@kernel.org>
Signed-off-by: Martin KaFai Lau <martin.lau@kernel.org>
Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
Acked-by: Yonghong Song <yhs@fb.com>
Acked-by: John Fastabend <john.fastabend@gmail.com>
Link: https://lore.kernel.org/bpf/20230316000726.1016773-2-martin.lau@linux.dev
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
tools/testing/selftests/bpf/network_helpers.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/tools/testing/selftests/bpf/network_helpers.c b/tools/testing/selftests/bpf/network_helpers.c
index 6db1af8fdee78..c57e1e47e52f2 100644
--- a/tools/testing/selftests/bpf/network_helpers.c
+++ b/tools/testing/selftests/bpf/network_helpers.c
@@ -84,7 +84,7 @@ static int __start_server(int type, const struct sockaddr *addr,
if (reuseport &&
setsockopt(fd, SOL_SOCKET, SO_REUSEPORT, &on, sizeof(on))) {
log_err("Failed to set SO_REUSEPORT");
- return -1;
+ goto error_close;
}
if (bind(fd, addr, addrlen) < 0) {
--
2.39.2
^ permalink raw reply related [flat|nested] 391+ messages in thread
* [PATCH 5.15 162/371] bpf: Remove misleading spec_v1 check on var-offset stack read
2023-05-08 9:43 [PATCH 5.15 000/371] 5.15.111-rc1 review Greg Kroah-Hartman
` (160 preceding siblings ...)
2023-05-08 9:46 ` [PATCH 5.15 161/371] selftests/bpf: Fix a fd leak in an error path in network_helpers.c Greg Kroah-Hartman
@ 2023-05-08 9:46 ` Greg Kroah-Hartman
2023-05-08 9:46 ` [PATCH 5.15 163/371] net: pcs: xpcs: remove double-read of link state when using AN Greg Kroah-Hartman
` (212 subsequent siblings)
374 siblings, 0 replies; 391+ messages in thread
From: Greg Kroah-Hartman @ 2023-05-08 9:46 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Luis Gerhorst, Daniel Borkmann, Sasha Levin
From: Luis Gerhorst <gerhorst@cs.fau.de>
[ Upstream commit 082cdc69a4651dd2a77539d69416a359ed1214f5 ]
For every BPF_ADD/SUB involving a pointer, adjust_ptr_min_max_vals()
ensures that the resulting pointer has a constant offset if
bypass_spec_v1 is false. This is ensured by calling sanitize_check_bounds()
which in turn calls check_stack_access_for_ptr_arithmetic(). There,
-EACCESS is returned if the register's offset is not constant, thereby
rejecting the program.
In summary, an unprivileged user must never be able to create stack
pointers with a variable offset. That is also the case, because a
respective check in check_stack_write() is missing. If they were able
to create a variable-offset pointer, users could still use it in a
stack-write operation to trigger unsafe speculative behavior [1].
Because unprivileged users must already be prevented from creating
variable-offset stack pointers, viable options are to either remove
this check (replacing it with a clarifying comment), or to turn it
into a "verifier BUG"-message, also adding a similar check in
check_stack_write() (for consistency, as a second-level defense).
This patch implements the first option to reduce verifier bloat.
This check was introduced by commit 01f810ace9ed ("bpf: Allow
variable-offset stack access") which correctly notes that
"variable-offset reads and writes are disallowed (they were already
disallowed for the indirect access case) because the speculative
execution checking code doesn't support them". However, it does not
further discuss why the check in check_stack_read() is necessary.
The code which made this check obsolete was also introduced in this
commit.
I have compiled ~650 programs from the Linux selftests, Linux samples,
Cilium, and libbpf/examples projects and confirmed that none of these
trigger the check in check_stack_read() [2]. Instead, all of these
programs are, as expected, already rejected when constructing the
variable-offset pointers. Note that the check in
check_stack_access_for_ptr_arithmetic() also prints "off=%d" while the
code removed by this patch does not (the error removed does not appear
in the "verification_error" values). For reproducibility, the
repository linked includes the raw data and scripts used to create
the plot.
[1] https://arxiv.org/pdf/1807.03757.pdf
[2] https://gitlab.cs.fau.de/un65esoq/bpf-spectre/-/raw/53dc19fcf459c186613b1156a81504b39c8d49db/data/plots/23-02-26_23-56_bpftool/bpftool/0004-errors.pdf?inline=false
Fixes: 01f810ace9ed ("bpf: Allow variable-offset stack access")
Signed-off-by: Luis Gerhorst <gerhorst@cs.fau.de>
Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
Acked-by: Daniel Borkmann <daniel@iogearbox.net>
Link: https://lore.kernel.org/bpf/20230315165358.23701-1-gerhorst@cs.fau.de
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
kernel/bpf/verifier.c | 16 ++++++----------
1 file changed, 6 insertions(+), 10 deletions(-)
diff --git a/kernel/bpf/verifier.c b/kernel/bpf/verifier.c
index 41601299f8b4a..261c2ed3adb17 100644
--- a/kernel/bpf/verifier.c
+++ b/kernel/bpf/verifier.c
@@ -3114,17 +3114,13 @@ static int check_stack_read(struct bpf_verifier_env *env,
}
/* Variable offset is prohibited for unprivileged mode for simplicity
* since it requires corresponding support in Spectre masking for stack
- * ALU. See also retrieve_ptr_limit().
+ * ALU. See also retrieve_ptr_limit(). The check in
+ * check_stack_access_for_ptr_arithmetic() called by
+ * adjust_ptr_min_max_vals() prevents users from creating stack pointers
+ * with variable offsets, therefore no check is required here. Further,
+ * just checking it here would be insufficient as speculative stack
+ * writes could still lead to unsafe speculative behaviour.
*/
- if (!env->bypass_spec_v1 && var_off) {
- char tn_buf[48];
-
- tnum_strn(tn_buf, sizeof(tn_buf), reg->var_off);
- verbose(env, "R%d variable offset stack access prohibited for !root, var_off=%s\n",
- ptr_regno, tn_buf);
- return -EACCES;
- }
-
if (!var_off) {
off += reg->var_off.value;
err = check_stack_read_fixed_off(env, state, off, size,
--
2.39.2
^ permalink raw reply related [flat|nested] 391+ messages in thread
* [PATCH 5.15 163/371] net: pcs: xpcs: remove double-read of link state when using AN
2023-05-08 9:43 [PATCH 5.15 000/371] 5.15.111-rc1 review Greg Kroah-Hartman
` (161 preceding siblings ...)
2023-05-08 9:46 ` [PATCH 5.15 162/371] bpf: Remove misleading spec_v1 check on var-offset stack read Greg Kroah-Hartman
@ 2023-05-08 9:46 ` Greg Kroah-Hartman
2023-05-08 9:46 ` [PATCH 5.15 164/371] vlan: partially enable SIOCSHWTSTAMP in container Greg Kroah-Hartman
` (211 subsequent siblings)
374 siblings, 0 replies; 391+ messages in thread
From: Greg Kroah-Hartman @ 2023-05-08 9:46 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Russell King (Oracle),
David S. Miller, Sasha Levin
From: Russell King (Oracle) <rmk+kernel@armlinux.org.uk>
[ Upstream commit ef63461caf427a77a04620d74ba90035a712af9c ]
Phylink does not want the current state of the link when reading the
PCS link state - it wants the latched state. Don't double-read the
MII status register. Phylink will re-read as necessary to capture
transient link-down events as of dbae3388ea9c ("net: phylink: Force
retrigger in case of latched link-fail indicator").
The above referenced commit is a dependency for this change, and thus
this change should not be backported to any kernel that does not
contain the above referenced commit.
Fixes: fcb26bd2b6ca ("net: phy: Add Synopsys DesignWare XPCS MDIO module")
Signed-off-by: Russell King (Oracle) <rmk+kernel@armlinux.org.uk>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/pcs/pcs-xpcs.c | 13 ++-----------
1 file changed, 2 insertions(+), 11 deletions(-)
diff --git a/drivers/net/pcs/pcs-xpcs.c b/drivers/net/pcs/pcs-xpcs.c
index fd4cbf8a55ad7..556ca98843565 100644
--- a/drivers/net/pcs/pcs-xpcs.c
+++ b/drivers/net/pcs/pcs-xpcs.c
@@ -309,7 +309,7 @@ static int xpcs_read_fault_c73(struct dw_xpcs *xpcs,
return 0;
}
-static int xpcs_read_link_c73(struct dw_xpcs *xpcs, bool an)
+static int xpcs_read_link_c73(struct dw_xpcs *xpcs)
{
bool link = true;
int ret;
@@ -321,15 +321,6 @@ static int xpcs_read_link_c73(struct dw_xpcs *xpcs, bool an)
if (!(ret & MDIO_STAT1_LSTATUS))
link = false;
- if (an) {
- ret = xpcs_read(xpcs, MDIO_MMD_AN, MDIO_STAT1);
- if (ret < 0)
- return ret;
-
- if (!(ret & MDIO_STAT1_LSTATUS))
- link = false;
- }
-
return link;
}
@@ -847,7 +838,7 @@ static int xpcs_get_state_c73(struct dw_xpcs *xpcs,
int ret;
/* Link needs to be read first ... */
- state->link = xpcs_read_link_c73(xpcs, state->an_enabled) > 0 ? 1 : 0;
+ state->link = xpcs_read_link_c73(xpcs) > 0 ? 1 : 0;
/* ... and then we check the faults. */
ret = xpcs_read_fault_c73(xpcs, state);
--
2.39.2
^ permalink raw reply related [flat|nested] 391+ messages in thread
* [PATCH 5.15 164/371] vlan: partially enable SIOCSHWTSTAMP in container
2023-05-08 9:43 [PATCH 5.15 000/371] 5.15.111-rc1 review Greg Kroah-Hartman
` (162 preceding siblings ...)
2023-05-08 9:46 ` [PATCH 5.15 163/371] net: pcs: xpcs: remove double-read of link state when using AN Greg Kroah-Hartman
@ 2023-05-08 9:46 ` Greg Kroah-Hartman
2023-05-08 9:46 ` [PATCH 5.15 165/371] net/packet: annotate accesses to po->xmit Greg Kroah-Hartman
` (210 subsequent siblings)
374 siblings, 0 replies; 391+ messages in thread
From: Greg Kroah-Hartman @ 2023-05-08 9:46 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Vadim Fedorenko, David S. Miller,
Sasha Levin
From: Vadim Fedorenko <vadim.fedorenko@linux.dev>
[ Upstream commit 731b73dba359e3ff00517c13aa0daa82b34ff466 ]
Setting timestamp filter was explicitly disabled on vlan devices in
containers because it might affect other processes on the host. But it's
absolutely legit in case when real device is in the same namespace.
Fixes: 873017af7784 ("vlan: disable SIOCSHWTSTAMP in container")
Signed-off-by: Vadim Fedorenko <vadim.fedorenko@linux.dev>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
net/8021q/vlan_dev.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/net/8021q/vlan_dev.c b/net/8021q/vlan_dev.c
index a54535cbcf4cf..b6d456c7952ed 100644
--- a/net/8021q/vlan_dev.c
+++ b/net/8021q/vlan_dev.c
@@ -365,7 +365,7 @@ static int vlan_dev_ioctl(struct net_device *dev, struct ifreq *ifr, int cmd)
switch (cmd) {
case SIOCSHWTSTAMP:
- if (!net_eq(dev_net(dev), &init_net))
+ if (!net_eq(dev_net(dev), dev_net(real_dev)))
break;
fallthrough;
case SIOCGMIIPHY:
--
2.39.2
^ permalink raw reply related [flat|nested] 391+ messages in thread
* [PATCH 5.15 165/371] net/packet: annotate accesses to po->xmit
2023-05-08 9:43 [PATCH 5.15 000/371] 5.15.111-rc1 review Greg Kroah-Hartman
` (163 preceding siblings ...)
2023-05-08 9:46 ` [PATCH 5.15 164/371] vlan: partially enable SIOCSHWTSTAMP in container Greg Kroah-Hartman
@ 2023-05-08 9:46 ` Greg Kroah-Hartman
2023-05-08 9:46 ` [PATCH 5.15 166/371] net/packet: convert po->origdev to an atomic flag Greg Kroah-Hartman
` (209 subsequent siblings)
374 siblings, 0 replies; 391+ messages in thread
From: Greg Kroah-Hartman @ 2023-05-08 9:46 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Eric Dumazet, David S. Miller, Sasha Levin
From: Eric Dumazet <edumazet@google.com>
[ Upstream commit b9d83ab8a708f23a4001d60e9d8d0b3be3d9f607 ]
po->xmit can be set from setsockopt(PACKET_QDISC_BYPASS),
while read locklessly.
Use READ_ONCE()/WRITE_ONCE() to avoid potential load/store
tearing issues.
Fixes: d346a3fae3ff ("packet: introduce PACKET_QDISC_BYPASS socket option")
Signed-off-by: Eric Dumazet <edumazet@google.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
net/packet/af_packet.c | 12 ++++++++----
1 file changed, 8 insertions(+), 4 deletions(-)
diff --git a/net/packet/af_packet.c b/net/packet/af_packet.c
index 7f9f2d0ef0e62..1b3c54e0fbdfb 100644
--- a/net/packet/af_packet.c
+++ b/net/packet/af_packet.c
@@ -271,7 +271,8 @@ static void packet_cached_dev_reset(struct packet_sock *po)
static bool packet_use_direct_xmit(const struct packet_sock *po)
{
- return po->xmit == packet_direct_xmit;
+ /* Paired with WRITE_ONCE() in packet_setsockopt() */
+ return READ_ONCE(po->xmit) == packet_direct_xmit;
}
static u16 packet_pick_tx_queue(struct sk_buff *skb)
@@ -2828,7 +2829,8 @@ static int tpacket_snd(struct packet_sock *po, struct msghdr *msg)
packet_inc_pending(&po->tx_ring);
status = TP_STATUS_SEND_REQUEST;
- err = po->xmit(skb);
+ /* Paired with WRITE_ONCE() in packet_setsockopt() */
+ err = READ_ONCE(po->xmit)(skb);
if (unlikely(err != 0)) {
if (err > 0)
err = net_xmit_errno(err);
@@ -3031,7 +3033,8 @@ static int packet_snd(struct socket *sock, struct msghdr *msg, size_t len)
virtio_net_hdr_set_proto(skb, &vnet_hdr);
}
- err = po->xmit(skb);
+ /* Paired with WRITE_ONCE() in packet_setsockopt() */
+ err = READ_ONCE(po->xmit)(skb);
if (unlikely(err != 0)) {
if (err > 0)
err = net_xmit_errno(err);
@@ -3976,7 +3979,8 @@ packet_setsockopt(struct socket *sock, int level, int optname, sockptr_t optval,
if (copy_from_sockptr(&val, optval, sizeof(val)))
return -EFAULT;
- po->xmit = val ? packet_direct_xmit : dev_queue_xmit;
+ /* Paired with all lockless reads of po->xmit */
+ WRITE_ONCE(po->xmit, val ? packet_direct_xmit : dev_queue_xmit);
return 0;
}
default:
--
2.39.2
^ permalink raw reply related [flat|nested] 391+ messages in thread
* [PATCH 5.15 166/371] net/packet: convert po->origdev to an atomic flag
2023-05-08 9:43 [PATCH 5.15 000/371] 5.15.111-rc1 review Greg Kroah-Hartman
` (164 preceding siblings ...)
2023-05-08 9:46 ` [PATCH 5.15 165/371] net/packet: annotate accesses to po->xmit Greg Kroah-Hartman
@ 2023-05-08 9:46 ` Greg Kroah-Hartman
2023-05-08 9:46 ` [PATCH 5.15 167/371] net/packet: convert po->auxdata " Greg Kroah-Hartman
` (208 subsequent siblings)
374 siblings, 0 replies; 391+ messages in thread
From: Greg Kroah-Hartman @ 2023-05-08 9:46 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Eric Dumazet, syzbot,
David S. Miller, Sasha Levin
From: Eric Dumazet <edumazet@google.com>
[ Upstream commit ee5675ecdf7a4e713ed21d98a70c2871d6ebed01 ]
syzbot/KCAN reported that po->origdev can be read
while another thread is changing its value.
We can avoid this splat by converting this field
to an actual bit.
Following patches will convert remaining 1bit fields.
Fixes: 80feaacb8a64 ("[AF_PACKET]: Add option to return orig_dev to userspace.")
Signed-off-by: Eric Dumazet <edumazet@google.com>
Reported-by: syzbot <syzkaller@googlegroups.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
net/packet/af_packet.c | 10 ++++------
net/packet/diag.c | 2 +-
net/packet/internal.h | 22 +++++++++++++++++++++-
3 files changed, 26 insertions(+), 8 deletions(-)
diff --git a/net/packet/af_packet.c b/net/packet/af_packet.c
index 1b3c54e0fbdfb..cb944ae999471 100644
--- a/net/packet/af_packet.c
+++ b/net/packet/af_packet.c
@@ -2149,7 +2149,7 @@ static int packet_rcv(struct sk_buff *skb, struct net_device *dev,
sll = &PACKET_SKB_CB(skb)->sa.ll;
sll->sll_hatype = dev->type;
sll->sll_pkttype = skb->pkt_type;
- if (unlikely(po->origdev))
+ if (unlikely(packet_sock_flag(po, PACKET_SOCK_ORIGDEV)))
sll->sll_ifindex = orig_dev->ifindex;
else
sll->sll_ifindex = dev->ifindex;
@@ -2422,7 +2422,7 @@ static int tpacket_rcv(struct sk_buff *skb, struct net_device *dev,
sll->sll_hatype = dev->type;
sll->sll_protocol = skb->protocol;
sll->sll_pkttype = skb->pkt_type;
- if (unlikely(po->origdev))
+ if (unlikely(packet_sock_flag(po, PACKET_SOCK_ORIGDEV)))
sll->sll_ifindex = orig_dev->ifindex;
else
sll->sll_ifindex = dev->ifindex;
@@ -3883,9 +3883,7 @@ packet_setsockopt(struct socket *sock, int level, int optname, sockptr_t optval,
if (copy_from_sockptr(&val, optval, sizeof(val)))
return -EFAULT;
- lock_sock(sk);
- po->origdev = !!val;
- release_sock(sk);
+ packet_sock_flag_set(po, PACKET_SOCK_ORIGDEV, val);
return 0;
}
case PACKET_VNET_HDR:
@@ -4034,7 +4032,7 @@ static int packet_getsockopt(struct socket *sock, int level, int optname,
val = po->auxdata;
break;
case PACKET_ORIGDEV:
- val = po->origdev;
+ val = packet_sock_flag(po, PACKET_SOCK_ORIGDEV);
break;
case PACKET_VNET_HDR:
val = po->has_vnet_hdr;
diff --git a/net/packet/diag.c b/net/packet/diag.c
index 07812ae5ca073..e1ac9bb375b31 100644
--- a/net/packet/diag.c
+++ b/net/packet/diag.c
@@ -25,7 +25,7 @@ static int pdiag_put_info(const struct packet_sock *po, struct sk_buff *nlskb)
pinfo.pdi_flags |= PDI_RUNNING;
if (po->auxdata)
pinfo.pdi_flags |= PDI_AUXDATA;
- if (po->origdev)
+ if (packet_sock_flag(po, PACKET_SOCK_ORIGDEV))
pinfo.pdi_flags |= PDI_ORIGDEV;
if (po->has_vnet_hdr)
pinfo.pdi_flags |= PDI_VNETHDR;
diff --git a/net/packet/internal.h b/net/packet/internal.h
index 48af35b1aed25..178cd1852238d 100644
--- a/net/packet/internal.h
+++ b/net/packet/internal.h
@@ -116,9 +116,9 @@ struct packet_sock {
int copy_thresh;
spinlock_t bind_lock;
struct mutex pg_vec_lock;
+ unsigned long flags;
unsigned int running; /* bind_lock must be held */
unsigned int auxdata:1, /* writer must hold sock lock */
- origdev:1,
has_vnet_hdr:1,
tp_loss:1,
tp_tx_has_off:1;
@@ -144,4 +144,24 @@ static inline struct packet_sock *pkt_sk(struct sock *sk)
return (struct packet_sock *)sk;
}
+enum packet_sock_flags {
+ PACKET_SOCK_ORIGDEV,
+};
+
+static inline void packet_sock_flag_set(struct packet_sock *po,
+ enum packet_sock_flags flag,
+ bool val)
+{
+ if (val)
+ set_bit(flag, &po->flags);
+ else
+ clear_bit(flag, &po->flags);
+}
+
+static inline bool packet_sock_flag(const struct packet_sock *po,
+ enum packet_sock_flags flag)
+{
+ return test_bit(flag, &po->flags);
+}
+
#endif
--
2.39.2
^ permalink raw reply related [flat|nested] 391+ messages in thread
* [PATCH 5.15 167/371] net/packet: convert po->auxdata to an atomic flag
2023-05-08 9:43 [PATCH 5.15 000/371] 5.15.111-rc1 review Greg Kroah-Hartman
` (165 preceding siblings ...)
2023-05-08 9:46 ` [PATCH 5.15 166/371] net/packet: convert po->origdev to an atomic flag Greg Kroah-Hartman
@ 2023-05-08 9:46 ` Greg Kroah-Hartman
2023-05-08 9:46 ` [PATCH 5.15 168/371] scsi: target: Fix multiple LUN_RESET handling Greg Kroah-Hartman
` (207 subsequent siblings)
374 siblings, 0 replies; 391+ messages in thread
From: Greg Kroah-Hartman @ 2023-05-08 9:46 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Eric Dumazet, David S. Miller, Sasha Levin
From: Eric Dumazet <edumazet@google.com>
[ Upstream commit fd53c297aa7b077ae98a3d3d2d3aa278a1686ba6 ]
po->auxdata can be read while another thread
is changing its value, potentially raising KCSAN splat.
Convert it to PACKET_SOCK_AUXDATA flag.
Fixes: 8dc419447415 ("[PACKET]: Add optional checksum computation for recvmsg")
Signed-off-by: Eric Dumazet <edumazet@google.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
net/packet/af_packet.c | 8 +++-----
net/packet/diag.c | 2 +-
net/packet/internal.h | 4 ++--
3 files changed, 6 insertions(+), 8 deletions(-)
diff --git a/net/packet/af_packet.c b/net/packet/af_packet.c
index cb944ae999471..0db871edd3a18 100644
--- a/net/packet/af_packet.c
+++ b/net/packet/af_packet.c
@@ -3485,7 +3485,7 @@ static int packet_recvmsg(struct socket *sock, struct msghdr *msg, size_t len,
memcpy(msg->msg_name, &PACKET_SKB_CB(skb)->sa, copy_len);
}
- if (pkt_sk(sk)->auxdata) {
+ if (packet_sock_flag(pkt_sk(sk), PACKET_SOCK_AUXDATA)) {
struct tpacket_auxdata aux;
aux.tp_status = TP_STATUS_USER;
@@ -3869,9 +3869,7 @@ packet_setsockopt(struct socket *sock, int level, int optname, sockptr_t optval,
if (copy_from_sockptr(&val, optval, sizeof(val)))
return -EFAULT;
- lock_sock(sk);
- po->auxdata = !!val;
- release_sock(sk);
+ packet_sock_flag_set(po, PACKET_SOCK_AUXDATA, val);
return 0;
}
case PACKET_ORIGDEV:
@@ -4029,7 +4027,7 @@ static int packet_getsockopt(struct socket *sock, int level, int optname,
break;
case PACKET_AUXDATA:
- val = po->auxdata;
+ val = packet_sock_flag(po, PACKET_SOCK_AUXDATA);
break;
case PACKET_ORIGDEV:
val = packet_sock_flag(po, PACKET_SOCK_ORIGDEV);
diff --git a/net/packet/diag.c b/net/packet/diag.c
index e1ac9bb375b31..d704c7bf51b20 100644
--- a/net/packet/diag.c
+++ b/net/packet/diag.c
@@ -23,7 +23,7 @@ static int pdiag_put_info(const struct packet_sock *po, struct sk_buff *nlskb)
pinfo.pdi_flags = 0;
if (po->running)
pinfo.pdi_flags |= PDI_RUNNING;
- if (po->auxdata)
+ if (packet_sock_flag(po, PACKET_SOCK_AUXDATA))
pinfo.pdi_flags |= PDI_AUXDATA;
if (packet_sock_flag(po, PACKET_SOCK_ORIGDEV))
pinfo.pdi_flags |= PDI_ORIGDEV;
diff --git a/net/packet/internal.h b/net/packet/internal.h
index 178cd1852238d..3bae8ea7a36f5 100644
--- a/net/packet/internal.h
+++ b/net/packet/internal.h
@@ -118,8 +118,7 @@ struct packet_sock {
struct mutex pg_vec_lock;
unsigned long flags;
unsigned int running; /* bind_lock must be held */
- unsigned int auxdata:1, /* writer must hold sock lock */
- has_vnet_hdr:1,
+ unsigned int has_vnet_hdr:1, /* writer must hold sock lock */
tp_loss:1,
tp_tx_has_off:1;
int pressure;
@@ -146,6 +145,7 @@ static inline struct packet_sock *pkt_sk(struct sock *sk)
enum packet_sock_flags {
PACKET_SOCK_ORIGDEV,
+ PACKET_SOCK_AUXDATA,
};
static inline void packet_sock_flag_set(struct packet_sock *po,
--
2.39.2
^ permalink raw reply related [flat|nested] 391+ messages in thread
* [PATCH 5.15 168/371] scsi: target: Fix multiple LUN_RESET handling
2023-05-08 9:43 [PATCH 5.15 000/371] 5.15.111-rc1 review Greg Kroah-Hartman
` (166 preceding siblings ...)
2023-05-08 9:46 ` [PATCH 5.15 167/371] net/packet: convert po->auxdata " Greg Kroah-Hartman
@ 2023-05-08 9:46 ` Greg Kroah-Hartman
2023-05-08 9:46 ` [PATCH 5.15 169/371] scsi: target: iscsit: Fix TAS handling during conn cleanup Greg Kroah-Hartman
` (206 subsequent siblings)
374 siblings, 0 replies; 391+ messages in thread
From: Greg Kroah-Hartman @ 2023-05-08 9:46 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Mike Christie, Martin K. Petersen,
Sasha Levin
From: Mike Christie <michael.christie@oracle.com>
[ Upstream commit 673db054d7a2b5a470d7a25baf65956d005ad729 ]
This fixes a bug where an initiator thinks a LUN_RESET has cleaned up
running commands when it hasn't. The bug was added in commit 51ec502a3266
("target: Delete tmr from list before processing").
The problem occurs when:
1. We have N I/O cmds running in the target layer spread over 2 sessions.
2. The initiator sends a LUN_RESET for each session.
3. session1's LUN_RESET loops over all the running commands from both
sessions and moves them to its local drain_task_list.
4. session2's LUN_RESET does not see the LUN_RESET from session1 because
the commit above has it remove itself. session2 also does not see any
commands since the other reset moved them off the state lists.
5. sessions2's LUN_RESET will then complete with a successful response.
6. sessions2's inititor believes the running commands on its session are
now cleaned up due to the successful response and cleans up the running
commands from its side. It then restarts them.
7. The commands do eventually complete on the backend and the target
starts to return aborted task statuses for them. The initiator will
either throw a invalid ITT error or might accidentally lookup a new
task if the ITT has been reallocated already.
Fix the bug by reverting the patch, and serialize the execution of
LUN_RESETs and Preempt and Aborts.
Also prevent us from waiting on LUN_RESETs in core_tmr_drain_tmr_list,
because it turns out the original patch fixed a bug that was not
mentioned. For LUN_RESET1 core_tmr_drain_tmr_list can see a second
LUN_RESET and wait on it. Then the second reset will run
core_tmr_drain_tmr_list and see the first reset and wait on it resulting in
a deadlock.
Fixes: 51ec502a3266 ("target: Delete tmr from list before processing")
Signed-off-by: Mike Christie <michael.christie@oracle.com>
Link: https://lore.kernel.org/r/20230319015620.96006-8-michael.christie@oracle.com
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/target/target_core_device.c | 1 +
drivers/target/target_core_tmr.c | 26 +++++++++++++++++++++++---
include/target/target_core_base.h | 1 +
3 files changed, 25 insertions(+), 3 deletions(-)
diff --git a/drivers/target/target_core_device.c b/drivers/target/target_core_device.c
index fa866acef5bb2..e18617371a9b2 100644
--- a/drivers/target/target_core_device.c
+++ b/drivers/target/target_core_device.c
@@ -773,6 +773,7 @@ struct se_device *target_alloc_device(struct se_hba *hba, const char *name)
spin_lock_init(&dev->t10_alua.lba_map_lock);
INIT_WORK(&dev->delayed_cmd_work, target_do_delayed_work);
+ mutex_init(&dev->lun_reset_mutex);
dev->t10_wwn.t10_dev = dev;
/*
diff --git a/drivers/target/target_core_tmr.c b/drivers/target/target_core_tmr.c
index 2b95b4550a637..4718db628222b 100644
--- a/drivers/target/target_core_tmr.c
+++ b/drivers/target/target_core_tmr.c
@@ -188,14 +188,23 @@ static void core_tmr_drain_tmr_list(
* LUN_RESET tmr..
*/
spin_lock_irqsave(&dev->se_tmr_lock, flags);
- if (tmr)
- list_del_init(&tmr->tmr_list);
list_for_each_entry_safe(tmr_p, tmr_pp, &dev->dev_tmr_list, tmr_list) {
+ if (tmr_p == tmr)
+ continue;
+
cmd = tmr_p->task_cmd;
if (!cmd) {
pr_err("Unable to locate struct se_cmd for TMR\n");
continue;
}
+
+ /*
+ * We only execute one LUN_RESET at a time so we can't wait
+ * on them below.
+ */
+ if (tmr_p->function == TMR_LUN_RESET)
+ continue;
+
/*
* If this function was called with a valid pr_res_key
* parameter (eg: for PROUT PREEMPT_AND_ABORT service action
@@ -379,14 +388,25 @@ int core_tmr_lun_reset(
tmr_nacl->initiatorname);
}
}
+
+
+ /*
+ * We only allow one reset or preempt and abort to execute at a time
+ * to prevent one call from claiming all the cmds causing a second
+ * call from returning while cmds it should have waited on are still
+ * running.
+ */
+ mutex_lock(&dev->lun_reset_mutex);
+
pr_debug("LUN_RESET: %s starting for [%s], tas: %d\n",
(preempt_and_abort_list) ? "Preempt" : "TMR",
dev->transport->name, tas);
-
core_tmr_drain_tmr_list(dev, tmr, preempt_and_abort_list);
core_tmr_drain_state_list(dev, prout_cmd, tmr_sess, tas,
preempt_and_abort_list);
+ mutex_unlock(&dev->lun_reset_mutex);
+
/*
* Clear any legacy SPC-2 reservation when called during
* LOGICAL UNIT RESET
diff --git a/include/target/target_core_base.h b/include/target/target_core_base.h
index 2121a323fd6c3..c83bb58bfcd1f 100644
--- a/include/target/target_core_base.h
+++ b/include/target/target_core_base.h
@@ -865,6 +865,7 @@ struct se_device {
struct rcu_head rcu_head;
int queue_cnt;
struct se_device_queue *queues;
+ struct mutex lun_reset_mutex;
};
struct se_hba {
--
2.39.2
^ permalink raw reply related [flat|nested] 391+ messages in thread
* [PATCH 5.15 169/371] scsi: target: iscsit: Fix TAS handling during conn cleanup
2023-05-08 9:43 [PATCH 5.15 000/371] 5.15.111-rc1 review Greg Kroah-Hartman
` (167 preceding siblings ...)
2023-05-08 9:46 ` [PATCH 5.15 168/371] scsi: target: Fix multiple LUN_RESET handling Greg Kroah-Hartman
@ 2023-05-08 9:46 ` Greg Kroah-Hartman
2023-05-08 9:46 ` [PATCH 5.15 170/371] scsi: megaraid: Fix mega_cmd_done() CMDID_INT_CMDS Greg Kroah-Hartman
` (205 subsequent siblings)
374 siblings, 0 replies; 391+ messages in thread
From: Greg Kroah-Hartman @ 2023-05-08 9:46 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Mike Christie, Martin K. Petersen,
Sasha Levin
From: Mike Christie <michael.christie@oracle.com>
[ Upstream commit cc79da306ebb2edb700c3816b90219223182ac3c ]
Fix a bug added in commit f36199355c64 ("scsi: target: iscsi: Fix cmd abort
fabric stop race").
If CMD_T_TAS is set on the se_cmd we must call iscsit_free_cmd() to do the
last put on the cmd and free it, because the connection is down and we will
not up sending the response and doing the put from the normal I/O
path.
Add a check for CMD_T_TAS in iscsit_release_commands_from_conn() so we now
detect this case and run iscsit_free_cmd().
Fixes: f36199355c64 ("scsi: target: iscsi: Fix cmd abort fabric stop race")
Signed-off-by: Mike Christie <michael.christie@oracle.com>
Link: https://lore.kernel.org/r/20230319015620.96006-9-michael.christie@oracle.com
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/target/iscsi/iscsi_target.c | 16 +++++++++-------
1 file changed, 9 insertions(+), 7 deletions(-)
diff --git a/drivers/target/iscsi/iscsi_target.c b/drivers/target/iscsi/iscsi_target.c
index 2c54c5d8412d8..9c6b98438f98f 100644
--- a/drivers/target/iscsi/iscsi_target.c
+++ b/drivers/target/iscsi/iscsi_target.c
@@ -4086,9 +4086,12 @@ static void iscsit_release_commands_from_conn(struct iscsi_conn *conn)
list_for_each_entry_safe(cmd, cmd_tmp, &tmp_list, i_conn_node) {
struct se_cmd *se_cmd = &cmd->se_cmd;
- if (se_cmd->se_tfo != NULL) {
- spin_lock_irq(&se_cmd->t_state_lock);
- if (se_cmd->transport_state & CMD_T_ABORTED) {
+ if (!se_cmd->se_tfo)
+ continue;
+
+ spin_lock_irq(&se_cmd->t_state_lock);
+ if (se_cmd->transport_state & CMD_T_ABORTED) {
+ if (!(se_cmd->transport_state & CMD_T_TAS))
/*
* LIO's abort path owns the cleanup for this,
* so put it back on the list and let
@@ -4096,11 +4099,10 @@ static void iscsit_release_commands_from_conn(struct iscsi_conn *conn)
*/
list_move_tail(&cmd->i_conn_node,
&conn->conn_cmd_list);
- } else {
- se_cmd->transport_state |= CMD_T_FABRIC_STOP;
- }
- spin_unlock_irq(&se_cmd->t_state_lock);
+ } else {
+ se_cmd->transport_state |= CMD_T_FABRIC_STOP;
}
+ spin_unlock_irq(&se_cmd->t_state_lock);
}
spin_unlock_bh(&conn->cmd_lock);
--
2.39.2
^ permalink raw reply related [flat|nested] 391+ messages in thread
* [PATCH 5.15 170/371] scsi: megaraid: Fix mega_cmd_done() CMDID_INT_CMDS
2023-05-08 9:43 [PATCH 5.15 000/371] 5.15.111-rc1 review Greg Kroah-Hartman
` (168 preceding siblings ...)
2023-05-08 9:46 ` [PATCH 5.15 169/371] scsi: target: iscsit: Fix TAS handling during conn cleanup Greg Kroah-Hartman
@ 2023-05-08 9:46 ` Greg Kroah-Hartman
2023-05-08 9:46 ` [PATCH 5.15 171/371] f2fs: handle dqget error in f2fs_transfer_project_quota() Greg Kroah-Hartman
` (204 subsequent siblings)
374 siblings, 0 replies; 391+ messages in thread
From: Greg Kroah-Hartman @ 2023-05-08 9:46 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Danila Chernetsov,
Martin K. Petersen, Sasha Levin
From: Danila Chernetsov <listdansp@mail.ru>
[ Upstream commit 75cb113cd43f06aaf4f1bda0069cfd5b98e909eb ]
When cmdid == CMDID_INT_CMDS, the 'cmds' pointer is NULL but is
dereferenced below.
Found by Linux Verification Center (linuxtesting.org) with SVACE.
Fixes: 0f2bb84d2a68 ("[SCSI] megaraid: simplify internal command handling")
Signed-off-by: Danila Chernetsov <listdansp@mail.ru>
Link: https://lore.kernel.org/r/20230317175109.18585-1-listdansp@mail.ru
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/scsi/megaraid.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/drivers/scsi/megaraid.c b/drivers/scsi/megaraid.c
index 7dd6dd74d2bc2..6122cc60a8b3d 100644
--- a/drivers/scsi/megaraid.c
+++ b/drivers/scsi/megaraid.c
@@ -1443,6 +1443,7 @@ mega_cmd_done(adapter_t *adapter, u8 completed[], int nstatus, int status)
*/
if (cmdid == CMDID_INT_CMDS) {
scb = &adapter->int_scb;
+ cmd = scb->cmd;
list_del_init(&scb->list);
scb->state = SCB_FREE;
--
2.39.2
^ permalink raw reply related [flat|nested] 391+ messages in thread
* [PATCH 5.15 171/371] f2fs: handle dqget error in f2fs_transfer_project_quota()
2023-05-08 9:43 [PATCH 5.15 000/371] 5.15.111-rc1 review Greg Kroah-Hartman
` (169 preceding siblings ...)
2023-05-08 9:46 ` [PATCH 5.15 170/371] scsi: megaraid: Fix mega_cmd_done() CMDID_INT_CMDS Greg Kroah-Hartman
@ 2023-05-08 9:46 ` Greg Kroah-Hartman
2023-05-08 9:46 ` [PATCH 5.15 172/371] f2fs: enforce single zone capacity Greg Kroah-Hartman
` (203 subsequent siblings)
374 siblings, 0 replies; 391+ messages in thread
From: Greg Kroah-Hartman @ 2023-05-08 9:46 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Yangtao Li, Jaegeuk Kim, Sasha Levin
From: Yangtao Li <frank.li@vivo.com>
[ Upstream commit 8051692f5f23260215bfe9a72e712d93606acc5f ]
We should set the error code when dqget() failed.
Fixes: 2c1d03056991 ("f2fs: support F2FS_IOC_FS{GET,SET}XATTR")
Signed-off-by: Yangtao Li <frank.li@vivo.com>
Signed-off-by: Jaegeuk Kim <jaegeuk@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
fs/f2fs/file.c | 15 ++++++++-------
1 file changed, 8 insertions(+), 7 deletions(-)
diff --git a/fs/f2fs/file.c b/fs/f2fs/file.c
index 3be34ea4e2998..2c24162f72f0c 100644
--- a/fs/f2fs/file.c
+++ b/fs/f2fs/file.c
@@ -2977,15 +2977,16 @@ int f2fs_transfer_project_quota(struct inode *inode, kprojid_t kprojid)
struct dquot *transfer_to[MAXQUOTAS] = {};
struct f2fs_sb_info *sbi = F2FS_I_SB(inode);
struct super_block *sb = sbi->sb;
- int err = 0;
+ int err;
transfer_to[PRJQUOTA] = dqget(sb, make_kqid_projid(kprojid));
- if (!IS_ERR(transfer_to[PRJQUOTA])) {
- err = __dquot_transfer(inode, transfer_to);
- if (err)
- set_sbi_flag(sbi, SBI_QUOTA_NEED_REPAIR);
- dqput(transfer_to[PRJQUOTA]);
- }
+ if (IS_ERR(transfer_to[PRJQUOTA]))
+ return PTR_ERR(transfer_to[PRJQUOTA]);
+
+ err = __dquot_transfer(inode, transfer_to);
+ if (err)
+ set_sbi_flag(sbi, SBI_QUOTA_NEED_REPAIR);
+ dqput(transfer_to[PRJQUOTA]);
return err;
}
--
2.39.2
^ permalink raw reply related [flat|nested] 391+ messages in thread
* [PATCH 5.15 172/371] f2fs: enforce single zone capacity
2023-05-08 9:43 [PATCH 5.15 000/371] 5.15.111-rc1 review Greg Kroah-Hartman
` (170 preceding siblings ...)
2023-05-08 9:46 ` [PATCH 5.15 171/371] f2fs: handle dqget error in f2fs_transfer_project_quota() Greg Kroah-Hartman
@ 2023-05-08 9:46 ` Greg Kroah-Hartman
2023-05-08 9:46 ` [PATCH 5.15 173/371] f2fs: apply zone capacity to all zone type Greg Kroah-Hartman
` (202 subsequent siblings)
374 siblings, 0 replies; 391+ messages in thread
From: Greg Kroah-Hartman @ 2023-05-08 9:46 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Chao Yu, Jaegeuk Kim, Sasha Levin
From: Jaegeuk Kim <jaegeuk@kernel.org>
[ Upstream commit b771aadc6e4c221a468fe4a2dfcfffec01a06722 ]
In order to simplify the complicated per-zone capacity, let's support
only one capacity for entire zoned device.
Reviewed-by: Chao Yu <chao@kernel.org>
Signed-off-by: Jaegeuk Kim <jaegeuk@kernel.org>
Stable-dep-of: 0b37ed21e336 ("f2fs: apply zone capacity to all zone type")
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
fs/f2fs/f2fs.h | 2 +-
fs/f2fs/segment.c | 19 ++++++-------------
fs/f2fs/segment.h | 3 +++
fs/f2fs/super.c | 33 ++++++++++++---------------------
4 files changed, 22 insertions(+), 35 deletions(-)
diff --git a/fs/f2fs/f2fs.h b/fs/f2fs/f2fs.h
index 80e4f9afe86f7..7424470c68cbe 100644
--- a/fs/f2fs/f2fs.h
+++ b/fs/f2fs/f2fs.h
@@ -1211,7 +1211,6 @@ struct f2fs_dev_info {
#ifdef CONFIG_BLK_DEV_ZONED
unsigned int nr_blkz; /* Total number of zones */
unsigned long *blkz_seq; /* Bitmap indicating sequential zones */
- block_t *zone_capacity_blocks; /* Array of zone capacity in blks */
#endif
};
@@ -1632,6 +1631,7 @@ struct f2fs_sb_info {
unsigned int meta_ino_num; /* meta inode number*/
unsigned int log_blocks_per_seg; /* log2 blocks per segment */
unsigned int blocks_per_seg; /* blocks per segment */
+ unsigned int unusable_blocks_per_sec; /* unusable blocks per section */
unsigned int segs_per_sec; /* segments per section */
unsigned int secs_per_zone; /* sections per zone */
unsigned int total_sections; /* total section count */
diff --git a/fs/f2fs/segment.c b/fs/f2fs/segment.c
index 58dd4de41986e..880447750caf4 100644
--- a/fs/f2fs/segment.c
+++ b/fs/f2fs/segment.c
@@ -5078,7 +5078,7 @@ static unsigned int get_zone_idx(struct f2fs_sb_info *sbi, unsigned int secno,
static inline unsigned int f2fs_usable_zone_segs_in_sec(
struct f2fs_sb_info *sbi, unsigned int segno)
{
- unsigned int dev_idx, zone_idx, unusable_segs_in_sec;
+ unsigned int dev_idx, zone_idx;
dev_idx = f2fs_target_device_index(sbi, START_BLOCK(sbi, segno));
zone_idx = get_zone_idx(sbi, GET_SEC_FROM_SEG(sbi, segno), dev_idx);
@@ -5087,18 +5087,12 @@ static inline unsigned int f2fs_usable_zone_segs_in_sec(
if (is_conv_zone(sbi, zone_idx, dev_idx))
return sbi->segs_per_sec;
- /*
- * If the zone_capacity_blocks array is NULL, then zone capacity
- * is equal to the zone size for all zones
- */
- if (!FDEV(dev_idx).zone_capacity_blocks)
+ if (!sbi->unusable_blocks_per_sec)
return sbi->segs_per_sec;
/* Get the segment count beyond zone capacity block */
- unusable_segs_in_sec = (sbi->blocks_per_blkz -
- FDEV(dev_idx).zone_capacity_blocks[zone_idx]) >>
- sbi->log_blocks_per_seg;
- return sbi->segs_per_sec - unusable_segs_in_sec;
+ return sbi->segs_per_sec - (sbi->unusable_blocks_per_sec >>
+ sbi->log_blocks_per_seg);
}
/*
@@ -5127,12 +5121,11 @@ static inline unsigned int f2fs_usable_zone_blks_in_seg(
if (is_conv_zone(sbi, zone_idx, dev_idx))
return sbi->blocks_per_seg;
- if (!FDEV(dev_idx).zone_capacity_blocks)
+ if (!sbi->unusable_blocks_per_sec)
return sbi->blocks_per_seg;
sec_start_blkaddr = START_BLOCK(sbi, GET_SEG_FROM_SEC(sbi, secno));
- sec_cap_blkaddr = sec_start_blkaddr +
- FDEV(dev_idx).zone_capacity_blocks[zone_idx];
+ sec_cap_blkaddr = sec_start_blkaddr + CAP_BLKS_PER_SEC(sbi);
/*
* If segment starts before zone capacity and spans beyond
diff --git a/fs/f2fs/segment.h b/fs/f2fs/segment.h
index 957edb6d70d7b..9eb8364ac38c7 100644
--- a/fs/f2fs/segment.h
+++ b/fs/f2fs/segment.h
@@ -101,6 +101,9 @@ static inline void sanity_check_seg_type(struct f2fs_sb_info *sbi,
GET_SEGNO_FROM_SEG0(sbi, blk_addr)))
#define BLKS_PER_SEC(sbi) \
((sbi)->segs_per_sec * (sbi)->blocks_per_seg)
+#define CAP_BLKS_PER_SEC(sbi) \
+ ((sbi)->segs_per_sec * (sbi)->blocks_per_seg - \
+ (sbi)->unusable_blocks_per_sec)
#define GET_SEC_FROM_SEG(sbi, segno) \
(((segno) == -1) ? -1: (segno) / (sbi)->segs_per_sec)
#define GET_SEG_FROM_SEC(sbi, secno) \
diff --git a/fs/f2fs/super.c b/fs/f2fs/super.c
index ae72211e422e7..4cc9b948139ad 100644
--- a/fs/f2fs/super.c
+++ b/fs/f2fs/super.c
@@ -1515,7 +1515,6 @@ static void destroy_device_list(struct f2fs_sb_info *sbi)
blkdev_put(FDEV(i).bdev, FMODE_EXCL);
#ifdef CONFIG_BLK_DEV_ZONED
kvfree(FDEV(i).blkz_seq);
- kfree(FDEV(i).zone_capacity_blocks);
#endif
}
kvfree(sbi->devs);
@@ -3631,24 +3630,29 @@ static int init_percpu_info(struct f2fs_sb_info *sbi)
#ifdef CONFIG_BLK_DEV_ZONED
struct f2fs_report_zones_args {
+ struct f2fs_sb_info *sbi;
struct f2fs_dev_info *dev;
- bool zone_cap_mismatch;
};
static int f2fs_report_zone_cb(struct blk_zone *zone, unsigned int idx,
void *data)
{
struct f2fs_report_zones_args *rz_args = data;
+ block_t unusable_blocks = (zone->len - zone->capacity) >>
+ F2FS_LOG_SECTORS_PER_BLOCK;
if (zone->type == BLK_ZONE_TYPE_CONVENTIONAL)
return 0;
set_bit(idx, rz_args->dev->blkz_seq);
- rz_args->dev->zone_capacity_blocks[idx] = zone->capacity >>
- F2FS_LOG_SECTORS_PER_BLOCK;
- if (zone->len != zone->capacity && !rz_args->zone_cap_mismatch)
- rz_args->zone_cap_mismatch = true;
-
+ if (!rz_args->sbi->unusable_blocks_per_sec) {
+ rz_args->sbi->unusable_blocks_per_sec = unusable_blocks;
+ return 0;
+ }
+ if (rz_args->sbi->unusable_blocks_per_sec != unusable_blocks) {
+ f2fs_err(rz_args->sbi, "F2FS supports single zone capacity\n");
+ return -EINVAL;
+ }
return 0;
}
@@ -3682,26 +3686,13 @@ static int init_blkz_info(struct f2fs_sb_info *sbi, int devi)
if (!FDEV(devi).blkz_seq)
return -ENOMEM;
- /* Get block zones type and zone-capacity */
- FDEV(devi).zone_capacity_blocks = f2fs_kzalloc(sbi,
- FDEV(devi).nr_blkz * sizeof(block_t),
- GFP_KERNEL);
- if (!FDEV(devi).zone_capacity_blocks)
- return -ENOMEM;
-
+ rep_zone_arg.sbi = sbi;
rep_zone_arg.dev = &FDEV(devi);
- rep_zone_arg.zone_cap_mismatch = false;
ret = blkdev_report_zones(bdev, 0, BLK_ALL_ZONES, f2fs_report_zone_cb,
&rep_zone_arg);
if (ret < 0)
return ret;
-
- if (!rep_zone_arg.zone_cap_mismatch) {
- kfree(FDEV(devi).zone_capacity_blocks);
- FDEV(devi).zone_capacity_blocks = NULL;
- }
-
return 0;
}
#endif
--
2.39.2
^ permalink raw reply related [flat|nested] 391+ messages in thread
* [PATCH 5.15 173/371] f2fs: apply zone capacity to all zone type
2023-05-08 9:43 [PATCH 5.15 000/371] 5.15.111-rc1 review Greg Kroah-Hartman
` (171 preceding siblings ...)
2023-05-08 9:46 ` [PATCH 5.15 172/371] f2fs: enforce single zone capacity Greg Kroah-Hartman
@ 2023-05-08 9:46 ` Greg Kroah-Hartman
2023-05-08 9:46 ` [PATCH 5.15 174/371] f2fs: compress: fix to call f2fs_wait_on_page_writeback() in f2fs_write_raw_pages() Greg Kroah-Hartman
` (201 subsequent siblings)
374 siblings, 0 replies; 391+ messages in thread
From: Greg Kroah-Hartman @ 2023-05-08 9:46 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Chao Yu, Jaegeuk Kim, Sasha Levin
From: Jaegeuk Kim <jaegeuk@kernel.org>
[ Upstream commit 0b37ed21e3367539b79284e0b0af2246ffcf0dca ]
If we manage the zone capacity per zone type, it'll break the GC assumption.
And, the current logic complains valid block count mismatch.
Let's apply zone capacity to all zone type, if specified.
Fixes: de881df97768 ("f2fs: support zone capacity less than zone size")
Reviewed-by: Chao Yu <chao@kernel.org>
Signed-off-by: Jaegeuk Kim <jaegeuk@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
fs/f2fs/segment.c | 65 +++--------------------------------------------
fs/f2fs/segment.h | 3 +++
2 files changed, 7 insertions(+), 61 deletions(-)
diff --git a/fs/f2fs/segment.c b/fs/f2fs/segment.c
index 880447750caf4..79ad696cddec0 100644
--- a/fs/f2fs/segment.c
+++ b/fs/f2fs/segment.c
@@ -5053,48 +5053,6 @@ int f2fs_check_write_pointer(struct f2fs_sb_info *sbi)
return 0;
}
-static bool is_conv_zone(struct f2fs_sb_info *sbi, unsigned int zone_idx,
- unsigned int dev_idx)
-{
- if (!bdev_is_zoned(FDEV(dev_idx).bdev))
- return true;
- return !test_bit(zone_idx, FDEV(dev_idx).blkz_seq);
-}
-
-/* Return the zone index in the given device */
-static unsigned int get_zone_idx(struct f2fs_sb_info *sbi, unsigned int secno,
- int dev_idx)
-{
- block_t sec_start_blkaddr = START_BLOCK(sbi, GET_SEG_FROM_SEC(sbi, secno));
-
- return (sec_start_blkaddr - FDEV(dev_idx).start_blk) >>
- sbi->log_blocks_per_blkz;
-}
-
-/*
- * Return the usable segments in a section based on the zone's
- * corresponding zone capacity. Zone is equal to a section.
- */
-static inline unsigned int f2fs_usable_zone_segs_in_sec(
- struct f2fs_sb_info *sbi, unsigned int segno)
-{
- unsigned int dev_idx, zone_idx;
-
- dev_idx = f2fs_target_device_index(sbi, START_BLOCK(sbi, segno));
- zone_idx = get_zone_idx(sbi, GET_SEC_FROM_SEG(sbi, segno), dev_idx);
-
- /* Conventional zone's capacity is always equal to zone size */
- if (is_conv_zone(sbi, zone_idx, dev_idx))
- return sbi->segs_per_sec;
-
- if (!sbi->unusable_blocks_per_sec)
- return sbi->segs_per_sec;
-
- /* Get the segment count beyond zone capacity block */
- return sbi->segs_per_sec - (sbi->unusable_blocks_per_sec >>
- sbi->log_blocks_per_seg);
-}
-
/*
* Return the number of usable blocks in a segment. The number of blocks
* returned is always equal to the number of blocks in a segment for
@@ -5107,23 +5065,13 @@ static inline unsigned int f2fs_usable_zone_blks_in_seg(
struct f2fs_sb_info *sbi, unsigned int segno)
{
block_t seg_start, sec_start_blkaddr, sec_cap_blkaddr;
- unsigned int zone_idx, dev_idx, secno;
-
- secno = GET_SEC_FROM_SEG(sbi, segno);
- seg_start = START_BLOCK(sbi, segno);
- dev_idx = f2fs_target_device_index(sbi, seg_start);
- zone_idx = get_zone_idx(sbi, secno, dev_idx);
-
- /*
- * Conventional zone's capacity is always equal to zone size,
- * so, blocks per segment is unchanged.
- */
- if (is_conv_zone(sbi, zone_idx, dev_idx))
- return sbi->blocks_per_seg;
+ unsigned int secno;
if (!sbi->unusable_blocks_per_sec)
return sbi->blocks_per_seg;
+ secno = GET_SEC_FROM_SEG(sbi, segno);
+ seg_start = START_BLOCK(sbi, segno);
sec_start_blkaddr = START_BLOCK(sbi, GET_SEG_FROM_SEC(sbi, secno));
sec_cap_blkaddr = sec_start_blkaddr + CAP_BLKS_PER_SEC(sbi);
@@ -5157,11 +5105,6 @@ static inline unsigned int f2fs_usable_zone_blks_in_seg(struct f2fs_sb_info *sbi
return 0;
}
-static inline unsigned int f2fs_usable_zone_segs_in_sec(struct f2fs_sb_info *sbi,
- unsigned int segno)
-{
- return 0;
-}
#endif
unsigned int f2fs_usable_blks_in_seg(struct f2fs_sb_info *sbi,
unsigned int segno)
@@ -5176,7 +5119,7 @@ unsigned int f2fs_usable_segs_in_sec(struct f2fs_sb_info *sbi,
unsigned int segno)
{
if (f2fs_sb_has_blkzoned(sbi))
- return f2fs_usable_zone_segs_in_sec(sbi, segno);
+ return CAP_SEGS_PER_SEC(sbi);
return sbi->segs_per_sec;
}
diff --git a/fs/f2fs/segment.h b/fs/f2fs/segment.h
index 9eb8364ac38c7..04f448ddf49ea 100644
--- a/fs/f2fs/segment.h
+++ b/fs/f2fs/segment.h
@@ -104,6 +104,9 @@ static inline void sanity_check_seg_type(struct f2fs_sb_info *sbi,
#define CAP_BLKS_PER_SEC(sbi) \
((sbi)->segs_per_sec * (sbi)->blocks_per_seg - \
(sbi)->unusable_blocks_per_sec)
+#define CAP_SEGS_PER_SEC(sbi) \
+ ((sbi)->segs_per_sec - ((sbi)->unusable_blocks_per_sec >>\
+ (sbi)->log_blocks_per_seg))
#define GET_SEC_FROM_SEG(sbi, segno) \
(((segno) == -1) ? -1: (segno) / (sbi)->segs_per_sec)
#define GET_SEG_FROM_SEC(sbi, secno) \
--
2.39.2
^ permalink raw reply related [flat|nested] 391+ messages in thread
* [PATCH 5.15 174/371] f2fs: compress: fix to call f2fs_wait_on_page_writeback() in f2fs_write_raw_pages()
2023-05-08 9:43 [PATCH 5.15 000/371] 5.15.111-rc1 review Greg Kroah-Hartman
` (172 preceding siblings ...)
2023-05-08 9:46 ` [PATCH 5.15 173/371] f2fs: apply zone capacity to all zone type Greg Kroah-Hartman
@ 2023-05-08 9:46 ` Greg Kroah-Hartman
2023-05-08 9:46 ` [PATCH 5.15 175/371] crypto: caam - Clear some memory in instantiate_rng Greg Kroah-Hartman
` (200 subsequent siblings)
374 siblings, 0 replies; 391+ messages in thread
From: Greg Kroah-Hartman @ 2023-05-08 9:46 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Christoph Hellwig, Qi Han,
Yangtao Li, Chao Yu, Jaegeuk Kim, Sasha Levin
From: Yangtao Li <frank.li@vivo.com>
[ Upstream commit babedcbac164cec970872b8097401ca913a80e61 ]
BUG_ON() will be triggered when writing files concurrently,
because the same page is writtenback multiple times.
1597 void folio_end_writeback(struct folio *folio)
1598 {
......
1618 if (!__folio_end_writeback(folio))
1619 BUG();
......
1625 }
kernel BUG at mm/filemap.c:1619!
Call Trace:
<TASK>
f2fs_write_end_io+0x1a0/0x370
blk_update_request+0x6c/0x410
blk_mq_end_request+0x15/0x130
blk_complete_reqs+0x3c/0x50
__do_softirq+0xb8/0x29b
? sort_range+0x20/0x20
run_ksoftirqd+0x19/0x20
smpboot_thread_fn+0x10b/0x1d0
kthread+0xde/0x110
? kthread_complete_and_exit+0x20/0x20
ret_from_fork+0x22/0x30
</TASK>
Below is the concurrency scenario:
[Process A] [Process B] [Process C]
f2fs_write_raw_pages()
- redirty_page_for_writepage()
- unlock page()
f2fs_do_write_data_page()
- lock_page()
- clear_page_dirty_for_io()
- set_page_writeback() [1st writeback]
.....
- unlock page()
generic_perform_write()
- f2fs_write_begin()
- wait_for_stable_page()
- f2fs_write_end()
- set_page_dirty()
- lock_page()
- f2fs_do_write_data_page()
- set_page_writeback() [2st writeback]
This problem was introduced by the previous commit 7377e853967b ("f2fs:
compress: fix potential deadlock of compress file"). All pagelocks were
released in f2fs_write_raw_pages(), but whether the page was
in the writeback state was ignored in the subsequent writing process.
Let's fix it by waiting for the page to writeback before writing.
Cc: Christoph Hellwig <hch@lst.de>
Fixes: 4c8ff7095bef ("f2fs: support data compression")
Fixes: 7377e853967b ("f2fs: compress: fix potential deadlock of compress file")
Signed-off-by: Qi Han <hanqi@vivo.com>
Signed-off-by: Yangtao Li <frank.li@vivo.com>
Reviewed-by: Chao Yu <chao@kernel.org>
Signed-off-by: Jaegeuk Kim <jaegeuk@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
fs/f2fs/compress.c | 6 ++++++
1 file changed, 6 insertions(+)
diff --git a/fs/f2fs/compress.c b/fs/f2fs/compress.c
index 4fa62f98cb515..455fac164fda0 100644
--- a/fs/f2fs/compress.c
+++ b/fs/f2fs/compress.c
@@ -1477,6 +1477,12 @@ static int f2fs_write_raw_pages(struct compress_ctx *cc,
if (!PageDirty(cc->rpages[i]))
goto continue_unlock;
+ if (PageWriteback(cc->rpages[i])) {
+ if (wbc->sync_mode == WB_SYNC_NONE)
+ goto continue_unlock;
+ f2fs_wait_on_page_writeback(cc->rpages[i], DATA, true, true);
+ }
+
if (!clear_page_dirty_for_io(cc->rpages[i]))
goto continue_unlock;
--
2.39.2
^ permalink raw reply related [flat|nested] 391+ messages in thread
* [PATCH 5.15 175/371] crypto: caam - Clear some memory in instantiate_rng
2023-05-08 9:43 [PATCH 5.15 000/371] 5.15.111-rc1 review Greg Kroah-Hartman
` (173 preceding siblings ...)
2023-05-08 9:46 ` [PATCH 5.15 174/371] f2fs: compress: fix to call f2fs_wait_on_page_writeback() in f2fs_write_raw_pages() Greg Kroah-Hartman
@ 2023-05-08 9:46 ` Greg Kroah-Hartman
2023-05-08 9:46 ` [PATCH 5.15 176/371] crypto: sa2ul - Select CRYPTO_DES Greg Kroah-Hartman
` (199 subsequent siblings)
374 siblings, 0 replies; 391+ messages in thread
From: Greg Kroah-Hartman @ 2023-05-08 9:46 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Christophe JAILLET, Gaurav Jain,
Herbert Xu, Sasha Levin
From: Christophe JAILLET <christophe.jaillet@wanadoo.fr>
[ Upstream commit 9c19fb86a8cb2ee82a832c95e139f29ea05c4d08 ]
According to the comment at the end of the 'for' loop just a few lines
below, it looks needed to clear 'desc'.
So it should also be cleared for the first iteration.
Move the memset() to the beginning of the loop to be safe.
Fixes: 281922a1d4f5 ("crypto: caam - add support for SEC v5.x RNG4")
Signed-off-by: Christophe JAILLET <christophe.jaillet@wanadoo.fr>
Reviewed-by: Gaurav Jain <gaurav.jain@nxp.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/crypto/caam/ctrl.c | 6 ++++--
1 file changed, 4 insertions(+), 2 deletions(-)
diff --git a/drivers/crypto/caam/ctrl.c b/drivers/crypto/caam/ctrl.c
index f87aa2169e5f5..f9a1ec3c84851 100644
--- a/drivers/crypto/caam/ctrl.c
+++ b/drivers/crypto/caam/ctrl.c
@@ -284,6 +284,10 @@ static int instantiate_rng(struct device *ctrldev, int state_handle_mask,
const u32 rdsta_if = RDSTA_IF0 << sh_idx;
const u32 rdsta_pr = RDSTA_PR0 << sh_idx;
const u32 rdsta_mask = rdsta_if | rdsta_pr;
+
+ /* Clear the contents before using the descriptor */
+ memset(desc, 0x00, CAAM_CMD_SZ * 7);
+
/*
* If the corresponding bit is set, this state handle
* was initialized by somebody else, so it's left alone.
@@ -327,8 +331,6 @@ static int instantiate_rng(struct device *ctrldev, int state_handle_mask,
}
dev_info(ctrldev, "Instantiated RNG4 SH%d\n", sh_idx);
- /* Clear the contents before recreating the descriptor */
- memset(desc, 0x00, CAAM_CMD_SZ * 7);
}
kfree(desc);
--
2.39.2
^ permalink raw reply related [flat|nested] 391+ messages in thread
* [PATCH 5.15 176/371] crypto: sa2ul - Select CRYPTO_DES
2023-05-08 9:43 [PATCH 5.15 000/371] 5.15.111-rc1 review Greg Kroah-Hartman
` (174 preceding siblings ...)
2023-05-08 9:46 ` [PATCH 5.15 175/371] crypto: caam - Clear some memory in instantiate_rng Greg Kroah-Hartman
@ 2023-05-08 9:46 ` Greg Kroah-Hartman
2023-05-08 9:46 ` [PATCH 5.15 177/371] wifi: rtlwifi: fix incorrect error codes in rtl_debugfs_set_write_rfreg() Greg Kroah-Hartman
` (198 subsequent siblings)
374 siblings, 0 replies; 391+ messages in thread
From: Greg Kroah-Hartman @ 2023-05-08 9:46 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Suman Anna, Jayesh Choudhary,
Herbert Xu, Sasha Levin
From: Suman Anna <s-anna@ti.com>
[ Upstream commit 8832023efd20966e29944dac92118dfbf1fa1bc0 ]
The SA2UL Crypto driver provides support for couple of
DES3 algos "cbc(des3_ede)" and "ecb(des3_ede)", and enabling
the crypto selftest throws the following errors (as seen on
K3 J721E SoCs):
saul-crypto 4e00000.crypto: Error allocating fallback algo cbc(des3_ede)
alg: skcipher: failed to allocate transform for cbc-des3-sa2ul: -2
saul-crypto 4e00000.crypto: Error allocating fallback algo ecb(des3_ede)
alg: skcipher: failed to allocate transform for ecb-des3-sa2ul: -2
Fix this by selecting CRYPTO_DES which was missed while
adding base driver support.
Fixes: 7694b6ca649f ("crypto: sa2ul - Add crypto driver")
Signed-off-by: Suman Anna <s-anna@ti.com>
Signed-off-by: Jayesh Choudhary <j-choudhary@ti.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/crypto/Kconfig | 1 +
1 file changed, 1 insertion(+)
diff --git a/drivers/crypto/Kconfig b/drivers/crypto/Kconfig
index b46343b5c26b4..a40883e118424 100644
--- a/drivers/crypto/Kconfig
+++ b/drivers/crypto/Kconfig
@@ -905,6 +905,7 @@ config CRYPTO_DEV_SA2UL
select CRYPTO_AES_ARM64
select CRYPTO_ALGAPI
select CRYPTO_AUTHENC
+ select CRYPTO_DES
select CRYPTO_SHA1
select CRYPTO_SHA256
select CRYPTO_SHA512
--
2.39.2
^ permalink raw reply related [flat|nested] 391+ messages in thread
* [PATCH 5.15 177/371] wifi: rtlwifi: fix incorrect error codes in rtl_debugfs_set_write_rfreg()
2023-05-08 9:43 [PATCH 5.15 000/371] 5.15.111-rc1 review Greg Kroah-Hartman
` (175 preceding siblings ...)
2023-05-08 9:46 ` [PATCH 5.15 176/371] crypto: sa2ul - Select CRYPTO_DES Greg Kroah-Hartman
@ 2023-05-08 9:46 ` Greg Kroah-Hartman
2023-05-08 9:46 ` [PATCH 5.15 178/371] wifi: rtlwifi: fix incorrect error codes in rtl_debugfs_set_write_reg() Greg Kroah-Hartman
` (197 subsequent siblings)
374 siblings, 0 replies; 391+ messages in thread
From: Greg Kroah-Hartman @ 2023-05-08 9:46 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Wei Chen, Simon Horman, Kalle Valo,
Sasha Levin
From: Wei Chen <harperchen1110@gmail.com>
[ Upstream commit 905a9241e4e8c15d2c084fee916280514848fe35 ]
If there is a failure during copy_from_user or user-provided data buffer
is invalid, rtl_debugfs_set_write_rfreg should return negative error code
instead of a positive value count.
Fix this bug by returning correct error code. Moreover, the check of buffer
against null is removed since it will be handled by copy_from_user.
Fixes: 610247f46feb ("rtlwifi: Improve debugging by using debugfs")
Signed-off-by: Wei Chen <harperchen1110@gmail.com>
Reviewed-by: Simon Horman <simon.horman@corigine.com>
Signed-off-by: Kalle Valo <kvalo@kernel.org>
Link: https://lore.kernel.org/r/20230326053138.91338-1-harperchen1110@gmail.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/wireless/realtek/rtlwifi/debug.c | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/drivers/net/wireless/realtek/rtlwifi/debug.c b/drivers/net/wireless/realtek/rtlwifi/debug.c
index 0b1bc04cb6adb..602717928887d 100644
--- a/drivers/net/wireless/realtek/rtlwifi/debug.c
+++ b/drivers/net/wireless/realtek/rtlwifi/debug.c
@@ -375,8 +375,8 @@ static ssize_t rtl_debugfs_set_write_rfreg(struct file *filp,
tmp_len = (count > sizeof(tmp) - 1 ? sizeof(tmp) - 1 : count);
- if (!buffer || copy_from_user(tmp, buffer, tmp_len))
- return count;
+ if (copy_from_user(tmp, buffer, tmp_len))
+ return -EFAULT;
tmp[tmp_len] = '\0';
@@ -386,7 +386,7 @@ static ssize_t rtl_debugfs_set_write_rfreg(struct file *filp,
if (num != 4) {
rtl_dbg(rtlpriv, COMP_ERR, DBG_DMESG,
"Format is <path> <addr> <mask> <data>\n");
- return count;
+ return -EINVAL;
}
rtl_set_rfreg(hw, path, addr, bitmask, data);
--
2.39.2
^ permalink raw reply related [flat|nested] 391+ messages in thread
* [PATCH 5.15 178/371] wifi: rtlwifi: fix incorrect error codes in rtl_debugfs_set_write_reg()
2023-05-08 9:43 [PATCH 5.15 000/371] 5.15.111-rc1 review Greg Kroah-Hartman
` (176 preceding siblings ...)
2023-05-08 9:46 ` [PATCH 5.15 177/371] wifi: rtlwifi: fix incorrect error codes in rtl_debugfs_set_write_rfreg() Greg Kroah-Hartman
@ 2023-05-08 9:46 ` Greg Kroah-Hartman
2023-05-08 9:46 ` [PATCH 5.15 179/371] wifi: rt2x00: Fix memory leak when handling surveys Greg Kroah-Hartman
` (196 subsequent siblings)
374 siblings, 0 replies; 391+ messages in thread
From: Greg Kroah-Hartman @ 2023-05-08 9:46 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Wei Chen, Simon Horman, Kalle Valo,
Sasha Levin
From: Wei Chen <harperchen1110@gmail.com>
[ Upstream commit 5dbe1f8eb8c5ac69394400a5b86fd81775e96c43 ]
If there is a failure during copy_from_user or user-provided data buffer is
invalid, rtl_debugfs_set_write_reg should return negative error code instead
of a positive value count.
Fix this bug by returning correct error code. Moreover, the check of buffer
against null is removed since it will be handled by copy_from_user.
Fixes: 610247f46feb ("rtlwifi: Improve debugging by using debugfs")
Signed-off-by: Wei Chen <harperchen1110@gmail.com>
Reviewed-by: Simon Horman <simon.horman@corigine.com>
Signed-off-by: Kalle Valo <kvalo@kernel.org>
Link: https://lore.kernel.org/r/20230326054217.93492-1-harperchen1110@gmail.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/wireless/realtek/rtlwifi/debug.c | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/drivers/net/wireless/realtek/rtlwifi/debug.c b/drivers/net/wireless/realtek/rtlwifi/debug.c
index 602717928887d..9eb26dfe4ca92 100644
--- a/drivers/net/wireless/realtek/rtlwifi/debug.c
+++ b/drivers/net/wireless/realtek/rtlwifi/debug.c
@@ -278,8 +278,8 @@ static ssize_t rtl_debugfs_set_write_reg(struct file *filp,
tmp_len = (count > sizeof(tmp) - 1 ? sizeof(tmp) - 1 : count);
- if (!buffer || copy_from_user(tmp, buffer, tmp_len))
- return count;
+ if (copy_from_user(tmp, buffer, tmp_len))
+ return -EFAULT;
tmp[tmp_len] = '\0';
@@ -287,7 +287,7 @@ static ssize_t rtl_debugfs_set_write_reg(struct file *filp,
num = sscanf(tmp, "%x %x %x", &addr, &val, &len);
if (num != 3)
- return count;
+ return -EINVAL;
switch (len) {
case 1:
--
2.39.2
^ permalink raw reply related [flat|nested] 391+ messages in thread
* [PATCH 5.15 179/371] wifi: rt2x00: Fix memory leak when handling surveys
2023-05-08 9:43 [PATCH 5.15 000/371] 5.15.111-rc1 review Greg Kroah-Hartman
` (177 preceding siblings ...)
2023-05-08 9:46 ` [PATCH 5.15 178/371] wifi: rtlwifi: fix incorrect error codes in rtl_debugfs_set_write_reg() Greg Kroah-Hartman
@ 2023-05-08 9:46 ` Greg Kroah-Hartman
2023-05-08 9:46 ` [PATCH 5.15 180/371] net: qrtr: correct types of trace event parameters Greg Kroah-Hartman
` (195 subsequent siblings)
374 siblings, 0 replies; 391+ messages in thread
From: Greg Kroah-Hartman @ 2023-05-08 9:46 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Armin Wolf, Simon Horman,
Stanislaw Gruszka, Kalle Valo, Sasha Levin
From: Armin Wolf <W_Armin@gmx.de>
[ Upstream commit cbef9a83c51dfcb07f77cfa6ac26f53a1ea86f49 ]
When removing a rt2x00 device, its associated channel surveys
are not freed, causing a memory leak observable with kmemleak:
unreferenced object 0xffff9620f0881a00 (size 512):
comm "systemd-udevd", pid 2290, jiffies 4294906974 (age 33.768s)
hex dump (first 32 bytes):
70 44 12 00 00 00 00 00 92 8a 00 00 00 00 00 00 pD..............
00 00 00 00 00 00 00 00 ab 87 01 00 00 00 00 00 ................
backtrace:
[<ffffffffb0ed858b>] __kmalloc+0x4b/0x130
[<ffffffffc1b0f29b>] rt2800_probe_hw+0xc2b/0x1380 [rt2800lib]
[<ffffffffc1a9496e>] rt2800usb_probe_hw+0xe/0x60 [rt2800usb]
[<ffffffffc1ae491a>] rt2x00lib_probe_dev+0x21a/0x7d0 [rt2x00lib]
[<ffffffffc1b3b83e>] rt2x00usb_probe+0x1be/0x980 [rt2x00usb]
[<ffffffffc05981e2>] usb_probe_interface+0xe2/0x310 [usbcore]
[<ffffffffb13be2d5>] really_probe+0x1a5/0x410
[<ffffffffb13be5c8>] __driver_probe_device+0x78/0x180
[<ffffffffb13be6fe>] driver_probe_device+0x1e/0x90
[<ffffffffb13be972>] __driver_attach+0xd2/0x1c0
[<ffffffffb13bbc57>] bus_for_each_dev+0x77/0xd0
[<ffffffffb13bd2a2>] bus_add_driver+0x112/0x210
[<ffffffffb13bfc6c>] driver_register+0x5c/0x120
[<ffffffffc0596ae8>] usb_register_driver+0x88/0x150 [usbcore]
[<ffffffffb0c011c4>] do_one_initcall+0x44/0x220
[<ffffffffb0d6134c>] do_init_module+0x4c/0x220
Fix this by freeing the channel surveys on device removal.
Tested with a RT3070 based USB wireless adapter.
Fixes: 5447626910f5 ("rt2x00: save survey for every channel visited")
Signed-off-by: Armin Wolf <W_Armin@gmx.de>
Reviewed-by: Simon Horman <simon.horman@corigine.com>
Acked-by: Stanislaw Gruszka <stf_xl@wp.pl>
Signed-off-by: Kalle Valo <kvalo@kernel.org>
Link: https://lore.kernel.org/r/20230330215637.4332-1-W_Armin@gmx.de
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/wireless/ralink/rt2x00/rt2x00dev.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/drivers/net/wireless/ralink/rt2x00/rt2x00dev.c b/drivers/net/wireless/ralink/rt2x00/rt2x00dev.c
index e95c101c27111..388675d073ce2 100644
--- a/drivers/net/wireless/ralink/rt2x00/rt2x00dev.c
+++ b/drivers/net/wireless/ralink/rt2x00/rt2x00dev.c
@@ -1091,6 +1091,7 @@ static void rt2x00lib_remove_hw(struct rt2x00_dev *rt2x00dev)
}
kfree(rt2x00dev->spec.channels_info);
+ kfree(rt2x00dev->chan_survey);
}
static int rt2x00lib_probe_hw(struct rt2x00_dev *rt2x00dev)
--
2.39.2
^ permalink raw reply related [flat|nested] 391+ messages in thread
* [PATCH 5.15 180/371] net: qrtr: correct types of trace event parameters
2023-05-08 9:43 [PATCH 5.15 000/371] 5.15.111-rc1 review Greg Kroah-Hartman
` (178 preceding siblings ...)
2023-05-08 9:46 ` [PATCH 5.15 179/371] wifi: rt2x00: Fix memory leak when handling surveys Greg Kroah-Hartman
@ 2023-05-08 9:46 ` Greg Kroah-Hartman
2023-05-08 9:46 ` [PATCH 5.15 181/371] selftests: xsk: Disable IPv6 on VETH1 Greg Kroah-Hartman
` (194 subsequent siblings)
374 siblings, 0 replies; 391+ messages in thread
From: Greg Kroah-Hartman @ 2023-05-08 9:46 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Manivannan Sadhasivam, Simon Horman,
Jakub Kicinski, Sasha Levin
From: Simon Horman <horms@kernel.org>
[ Upstream commit 054fbf7ff8143d35ca7d3bb5414bb44ee1574194 ]
The arguments passed to the trace events are of type unsigned int,
however the signature of the events used __le32 parameters.
I may be missing the point here, but sparse flagged this and it
does seem incorrect to me.
net/qrtr/ns.c: note: in included file (through include/trace/trace_events.h, include/trace/define_trace.h, include/trace/events/qrtr.h):
./include/trace/events/qrtr.h:11:1: warning: cast to restricted __le32
./include/trace/events/qrtr.h:11:1: warning: restricted __le32 degrades to integer
./include/trace/events/qrtr.h:11:1: warning: restricted __le32 degrades to integer
... (a lot more similar warnings)
net/qrtr/ns.c:115:47: expected restricted __le32 [usertype] service
net/qrtr/ns.c:115:47: got unsigned int service
net/qrtr/ns.c:115:61: warning: incorrect type in argument 2 (different base types)
... (a lot more similar warnings)
Fixes: dfddb54043f0 ("net: qrtr: Add tracepoint support")
Reviewed-by: Manivannan Sadhasivam <mani@kernel.org>
Signed-off-by: Simon Horman <horms@kernel.org>
Link: https://lore.kernel.org/r/20230402-qrtr-trace-types-v1-1-92ad55008dd3@kernel.org
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
include/trace/events/qrtr.h | 33 ++++++++++++++++++---------------
1 file changed, 18 insertions(+), 15 deletions(-)
diff --git a/include/trace/events/qrtr.h b/include/trace/events/qrtr.h
index b1de14c3bb934..441132c67133f 100644
--- a/include/trace/events/qrtr.h
+++ b/include/trace/events/qrtr.h
@@ -10,15 +10,16 @@
TRACE_EVENT(qrtr_ns_service_announce_new,
- TP_PROTO(__le32 service, __le32 instance, __le32 node, __le32 port),
+ TP_PROTO(unsigned int service, unsigned int instance,
+ unsigned int node, unsigned int port),
TP_ARGS(service, instance, node, port),
TP_STRUCT__entry(
- __field(__le32, service)
- __field(__le32, instance)
- __field(__le32, node)
- __field(__le32, port)
+ __field(unsigned int, service)
+ __field(unsigned int, instance)
+ __field(unsigned int, node)
+ __field(unsigned int, port)
),
TP_fast_assign(
@@ -36,15 +37,16 @@ TRACE_EVENT(qrtr_ns_service_announce_new,
TRACE_EVENT(qrtr_ns_service_announce_del,
- TP_PROTO(__le32 service, __le32 instance, __le32 node, __le32 port),
+ TP_PROTO(unsigned int service, unsigned int instance,
+ unsigned int node, unsigned int port),
TP_ARGS(service, instance, node, port),
TP_STRUCT__entry(
- __field(__le32, service)
- __field(__le32, instance)
- __field(__le32, node)
- __field(__le32, port)
+ __field(unsigned int, service)
+ __field(unsigned int, instance)
+ __field(unsigned int, node)
+ __field(unsigned int, port)
),
TP_fast_assign(
@@ -62,15 +64,16 @@ TRACE_EVENT(qrtr_ns_service_announce_del,
TRACE_EVENT(qrtr_ns_server_add,
- TP_PROTO(__le32 service, __le32 instance, __le32 node, __le32 port),
+ TP_PROTO(unsigned int service, unsigned int instance,
+ unsigned int node, unsigned int port),
TP_ARGS(service, instance, node, port),
TP_STRUCT__entry(
- __field(__le32, service)
- __field(__le32, instance)
- __field(__le32, node)
- __field(__le32, port)
+ __field(unsigned int, service)
+ __field(unsigned int, instance)
+ __field(unsigned int, node)
+ __field(unsigned int, port)
),
TP_fast_assign(
--
2.39.2
^ permalink raw reply related [flat|nested] 391+ messages in thread
* [PATCH 5.15 181/371] selftests: xsk: Disable IPv6 on VETH1
2023-05-08 9:43 [PATCH 5.15 000/371] 5.15.111-rc1 review Greg Kroah-Hartman
` (179 preceding siblings ...)
2023-05-08 9:46 ` [PATCH 5.15 180/371] net: qrtr: correct types of trace event parameters Greg Kroah-Hartman
@ 2023-05-08 9:46 ` Greg Kroah-Hartman
2023-05-08 9:46 ` [PATCH 5.15 182/371] selftests/bpf: Wait for receive in cg_storage_multi test Greg Kroah-Hartman
` (193 subsequent siblings)
374 siblings, 0 replies; 391+ messages in thread
From: Greg Kroah-Hartman @ 2023-05-08 9:46 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Kal Conley, Martin KaFai Lau, Sasha Levin
From: Kal Conley <kal.conley@dectris.com>
[ Upstream commit f2b50f17268390567bc0e95642170d88f336c8f4 ]
This change fixes flakiness in the BIDIRECTIONAL test:
# [is_pkt_valid] expected length [60], got length [90]
not ok 1 FAIL: SKB BUSY-POLL BIDIRECTIONAL
When IPv6 is enabled, the interface will periodically send MLDv1 and
MLDv2 packets. These packets can cause the BIDIRECTIONAL test to fail
since it uses VETH0 for RX.
For other tests, this was not a problem since they only receive on VETH1
and IPv6 was already disabled on VETH0.
Fixes: a89052572ebb ("selftests/bpf: Xsk selftests framework")
Signed-off-by: Kal Conley <kal.conley@dectris.com>
Link: https://lore.kernel.org/r/20230405082905.6303-1-kal.conley@dectris.com
Signed-off-by: Martin KaFai Lau <martin.lau@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
tools/testing/selftests/bpf/test_xsk.sh | 1 +
1 file changed, 1 insertion(+)
diff --git a/tools/testing/selftests/bpf/test_xsk.sh b/tools/testing/selftests/bpf/test_xsk.sh
index cd7bf32e6a173..661995af75602 100755
--- a/tools/testing/selftests/bpf/test_xsk.sh
+++ b/tools/testing/selftests/bpf/test_xsk.sh
@@ -106,6 +106,7 @@ setup_vethPairs() {
ip link add ${VETH0} numtxqueues 4 numrxqueues 4 type veth peer name ${VETH1} numtxqueues 4 numrxqueues 4
if [ -f /proc/net/if_inet6 ]; then
echo 1 > /proc/sys/net/ipv6/conf/${VETH0}/disable_ipv6
+ echo 1 > /proc/sys/net/ipv6/conf/${VETH1}/disable_ipv6
fi
if [[ $verbose -eq 1 ]]; then
echo "setting up ${VETH1}: namespace: ${NS1}"
--
2.39.2
^ permalink raw reply related [flat|nested] 391+ messages in thread
* [PATCH 5.15 182/371] selftests/bpf: Wait for receive in cg_storage_multi test
2023-05-08 9:43 [PATCH 5.15 000/371] 5.15.111-rc1 review Greg Kroah-Hartman
` (180 preceding siblings ...)
2023-05-08 9:46 ` [PATCH 5.15 181/371] selftests: xsk: Disable IPv6 on VETH1 Greg Kroah-Hartman
@ 2023-05-08 9:46 ` Greg Kroah-Hartman
2023-05-08 9:46 ` [PATCH 5.15 183/371] bpftool: Fix bug for long instructions in program CFG dumps Greg Kroah-Hartman
` (192 subsequent siblings)
374 siblings, 0 replies; 391+ messages in thread
From: Greg Kroah-Hartman @ 2023-05-08 9:46 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Martin KaFai Lau,
Stanislav Fomichev, YiFei Zhu, Martin KaFai Lau, Sasha Levin
From: YiFei Zhu <zhuyifei@google.com>
[ Upstream commit 5af607a861d43ffff830fc1890033e579ec44799 ]
In some cases the loopback latency might be large enough, causing
the assertion on invocations to be run before ingress prog getting
executed. The assertion would fail and the test would flake.
This can be reliably reproduced by arbitrarily increasing the
loopback latency (thanks to [1]):
tc qdisc add dev lo root handle 1: htb default 12
tc class add dev lo parent 1:1 classid 1:12 htb rate 20kbps ceil 20kbps
tc qdisc add dev lo parent 1:12 netem delay 100ms
Fix this by waiting on the receive end, instead of instantly
returning to the assert. The call to read() will wait for the
default SO_RCVTIMEO timeout of 3 seconds provided by
start_server().
[1] https://gist.github.com/kstevens715/4598301
Reported-by: Martin KaFai Lau <martin.lau@linux.dev>
Link: https://lore.kernel.org/bpf/9c5c8b7e-1d89-a3af-5400-14fde81f4429@linux.dev/
Fixes: 3573f384014f ("selftests/bpf: Test CGROUP_STORAGE behavior on shared egress + ingress")
Acked-by: Stanislav Fomichev <sdf@google.com>
Signed-off-by: YiFei Zhu <zhuyifei@google.com>
Link: https://lore.kernel.org/r/20230405193354.1956209-1-zhuyifei@google.com
Signed-off-by: Martin KaFai Lau <martin.lau@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
tools/testing/selftests/bpf/prog_tests/cg_storage_multi.c | 8 ++++++--
1 file changed, 6 insertions(+), 2 deletions(-)
diff --git a/tools/testing/selftests/bpf/prog_tests/cg_storage_multi.c b/tools/testing/selftests/bpf/prog_tests/cg_storage_multi.c
index 876be0ecb654f..a47ea4804766b 100644
--- a/tools/testing/selftests/bpf/prog_tests/cg_storage_multi.c
+++ b/tools/testing/selftests/bpf/prog_tests/cg_storage_multi.c
@@ -56,8 +56,9 @@ static bool assert_storage_noexist(struct bpf_map *map, const void *key)
static bool connect_send(const char *cgroup_path)
{
- bool res = true;
int server_fd = -1, client_fd = -1;
+ char message[] = "message";
+ bool res = true;
if (join_cgroup(cgroup_path))
goto out_clean;
@@ -70,7 +71,10 @@ static bool connect_send(const char *cgroup_path)
if (client_fd < 0)
goto out_clean;
- if (send(client_fd, "message", strlen("message"), 0) < 0)
+ if (send(client_fd, &message, sizeof(message), 0) < 0)
+ goto out_clean;
+
+ if (read(server_fd, &message, sizeof(message)) < 0)
goto out_clean;
res = false;
--
2.39.2
^ permalink raw reply related [flat|nested] 391+ messages in thread
* [PATCH 5.15 183/371] bpftool: Fix bug for long instructions in program CFG dumps
2023-05-08 9:43 [PATCH 5.15 000/371] 5.15.111-rc1 review Greg Kroah-Hartman
` (181 preceding siblings ...)
2023-05-08 9:46 ` [PATCH 5.15 182/371] selftests/bpf: Wait for receive in cg_storage_multi test Greg Kroah-Hartman
@ 2023-05-08 9:46 ` Greg Kroah-Hartman
2023-05-08 9:46 ` [PATCH 5.15 184/371] crypto: drbg - make drbg_prepare_hrng() handle jent instantiation errors Greg Kroah-Hartman
` (191 subsequent siblings)
374 siblings, 0 replies; 391+ messages in thread
From: Greg Kroah-Hartman @ 2023-05-08 9:46 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Quentin Monnet, Alexei Starovoitov,
Sasha Levin
From: Quentin Monnet <quentin@isovalent.com>
[ Upstream commit 67cf52cdb6c8fa6365d29106555dacf95c9fd374 ]
When dumping the control flow graphs for programs using the 16-byte long
load instruction, we need to skip the second part of this instruction
when looking for the next instruction to process. Otherwise, we end up
printing "BUG_ld_00" from the kernel disassembler in the CFG.
Fixes: efcef17a6d65 ("tools: bpftool: generate .dot graph from CFG information")
Signed-off-by: Quentin Monnet <quentin@isovalent.com>
Link: https://lore.kernel.org/r/20230405132120.59886-3-quentin@isovalent.com
Signed-off-by: Alexei Starovoitov <ast@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
tools/bpf/bpftool/xlated_dumper.c | 7 +++++++
1 file changed, 7 insertions(+)
diff --git a/tools/bpf/bpftool/xlated_dumper.c b/tools/bpf/bpftool/xlated_dumper.c
index f1f32e21d5cd0..b91c62d0a7d62 100644
--- a/tools/bpf/bpftool/xlated_dumper.c
+++ b/tools/bpf/bpftool/xlated_dumper.c
@@ -369,8 +369,15 @@ void dump_xlated_for_graph(struct dump_data *dd, void *buf_start, void *buf_end,
struct bpf_insn *insn_start = buf_start;
struct bpf_insn *insn_end = buf_end;
struct bpf_insn *cur = insn_start;
+ bool double_insn = false;
for (; cur <= insn_end; cur++) {
+ if (double_insn) {
+ double_insn = false;
+ continue;
+ }
+ double_insn = cur->code == (BPF_LD | BPF_IMM | BPF_DW);
+
printf("% 4d: ", (int)(cur - insn_start + start_idx));
print_bpf_insn(&cbs, cur, true);
if (cur != insn_end)
--
2.39.2
^ permalink raw reply related [flat|nested] 391+ messages in thread
* [PATCH 5.15 184/371] crypto: drbg - make drbg_prepare_hrng() handle jent instantiation errors
2023-05-08 9:43 [PATCH 5.15 000/371] 5.15.111-rc1 review Greg Kroah-Hartman
` (182 preceding siblings ...)
2023-05-08 9:46 ` [PATCH 5.15 183/371] bpftool: Fix bug for long instructions in program CFG dumps Greg Kroah-Hartman
@ 2023-05-08 9:46 ` Greg Kroah-Hartman
2023-05-08 9:46 ` [PATCH 5.15 185/371] crypto: drbg - Only fail when jent is unavailable in FIPS mode Greg Kroah-Hartman
` (190 subsequent siblings)
374 siblings, 0 replies; 391+ messages in thread
From: Greg Kroah-Hartman @ 2023-05-08 9:46 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Nicolai Stange, Stephan Müller,
Herbert Xu, Sasha Levin
From: Nicolai Stange <nstange@suse.de>
[ Upstream commit 559edd47cce4cc407d606b4d7f376822816fd4b8 ]
Now that drbg_prepare_hrng() doesn't do anything but to instantiate a
jitterentropy crypto_rng instance, it looks a little odd to have the
related error handling at its only caller, drbg_instantiate().
Move the handling of jitterentropy allocation failures from
drbg_instantiate() close to the allocation itself in drbg_prepare_hrng().
There is no change in behaviour.
Signed-off-by: Nicolai Stange <nstange@suse.de>
Reviewed-by: Stephan Müller <smueller@chronox.de>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Stable-dep-of: 686cd976b6dd ("crypto: drbg - Only fail when jent is unavailable in FIPS mode")
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
crypto/drbg.c | 16 ++++++++--------
1 file changed, 8 insertions(+), 8 deletions(-)
diff --git a/crypto/drbg.c b/crypto/drbg.c
index 761104e93d44a..c89e26e677404 100644
--- a/crypto/drbg.c
+++ b/crypto/drbg.c
@@ -1516,6 +1516,14 @@ static int drbg_prepare_hrng(struct drbg_state *drbg)
return 0;
drbg->jent = crypto_alloc_rng("jitterentropy_rng", 0, 0);
+ if (IS_ERR(drbg->jent)) {
+ const int err = PTR_ERR(drbg->jent);
+
+ drbg->jent = NULL;
+ if (fips_enabled || err != -ENOENT)
+ return err;
+ pr_info("DRBG: Continuing without Jitter RNG\n");
+ }
return 0;
}
@@ -1571,14 +1579,6 @@ static int drbg_instantiate(struct drbg_state *drbg, struct drbg_string *pers,
if (ret)
goto free_everything;
- if (IS_ERR(drbg->jent)) {
- ret = PTR_ERR(drbg->jent);
- drbg->jent = NULL;
- if (fips_enabled || ret != -ENOENT)
- goto free_everything;
- pr_info("DRBG: Continuing without Jitter RNG\n");
- }
-
reseed = false;
}
--
2.39.2
^ permalink raw reply related [flat|nested] 391+ messages in thread
* [PATCH 5.15 185/371] crypto: drbg - Only fail when jent is unavailable in FIPS mode
2023-05-08 9:43 [PATCH 5.15 000/371] 5.15.111-rc1 review Greg Kroah-Hartman
` (183 preceding siblings ...)
2023-05-08 9:46 ` [PATCH 5.15 184/371] crypto: drbg - make drbg_prepare_hrng() handle jent instantiation errors Greg Kroah-Hartman
@ 2023-05-08 9:46 ` Greg Kroah-Hartman
2023-05-08 9:46 ` [PATCH 5.15 186/371] xsk: Fix unaligned descriptor validation Greg Kroah-Hartman
` (189 subsequent siblings)
374 siblings, 0 replies; 391+ messages in thread
From: Greg Kroah-Hartman @ 2023-05-08 9:46 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Herbert Xu, Stephan Mueller, Sasha Levin
From: Herbert Xu <herbert@gondor.apana.org.au>
[ Upstream commit 686cd976b6ddedeeb1a1fb09ba53a891d3cc9a03 ]
When jent initialisation fails for any reason other than ENOENT,
the entire drbg fails to initialise, even when we're not in FIPS
mode. This is wrong because we can still use the kernel RNG when
we're not in FIPS mode.
Change it so that it only fails when we are in FIPS mode.
Fixes: 57225e679788 ("crypto: drbg - Use callback API for random readiness")
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Reviewed-by: Stephan Mueller <smueller@chronox.de>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
crypto/drbg.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/crypto/drbg.c b/crypto/drbg.c
index c89e26e677404..44b0a7f624021 100644
--- a/crypto/drbg.c
+++ b/crypto/drbg.c
@@ -1520,7 +1520,7 @@ static int drbg_prepare_hrng(struct drbg_state *drbg)
const int err = PTR_ERR(drbg->jent);
drbg->jent = NULL;
- if (fips_enabled || err != -ENOENT)
+ if (fips_enabled)
return err;
pr_info("DRBG: Continuing without Jitter RNG\n");
}
--
2.39.2
^ permalink raw reply related [flat|nested] 391+ messages in thread
* [PATCH 5.15 186/371] xsk: Fix unaligned descriptor validation
2023-05-08 9:43 [PATCH 5.15 000/371] 5.15.111-rc1 review Greg Kroah-Hartman
` (184 preceding siblings ...)
2023-05-08 9:46 ` [PATCH 5.15 185/371] crypto: drbg - Only fail when jent is unavailable in FIPS mode Greg Kroah-Hartman
@ 2023-05-08 9:46 ` Greg Kroah-Hartman
2023-05-08 9:46 ` [PATCH 5.15 187/371] f2fs: fix to avoid use-after-free for cached IPU bio Greg Kroah-Hartman
` (188 subsequent siblings)
374 siblings, 0 replies; 391+ messages in thread
From: Greg Kroah-Hartman @ 2023-05-08 9:46 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Kal Conley, Magnus Karlsson,
Martin KaFai Lau, Sasha Levin
From: Kal Conley <kal.conley@dectris.com>
[ Upstream commit d769ccaf957fe7391f357c0a923de71f594b8a2b ]
Make sure unaligned descriptors that straddle the end of the UMEM are
considered invalid. Currently, descriptor validation is broken for
zero-copy mode which only checks descriptors at page granularity.
For example, descriptors in zero-copy mode that overrun the end of the
UMEM but not a page boundary are (incorrectly) considered valid. The
UMEM boundary check needs to happen before the page boundary and
contiguity checks in xp_desc_crosses_non_contig_pg(). Do this check in
xp_unaligned_validate_desc() instead like xp_check_unaligned() already
does.
Fixes: 2b43470add8c ("xsk: Introduce AF_XDP buffer allocation API")
Signed-off-by: Kal Conley <kal.conley@dectris.com>
Acked-by: Magnus Karlsson <magnus.karlsson@intel.com>
Link: https://lore.kernel.org/r/20230405235920.7305-2-kal.conley@dectris.com
Signed-off-by: Martin KaFai Lau <martin.lau@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
include/net/xsk_buff_pool.h | 9 ++-------
net/xdp/xsk_queue.h | 1 +
2 files changed, 3 insertions(+), 7 deletions(-)
diff --git a/include/net/xsk_buff_pool.h b/include/net/xsk_buff_pool.h
index 7517f4faf6b32..ebd1f43578d65 100644
--- a/include/net/xsk_buff_pool.h
+++ b/include/net/xsk_buff_pool.h
@@ -152,13 +152,8 @@ static inline bool xp_desc_crosses_non_contig_pg(struct xsk_buff_pool *pool,
if (likely(!cross_pg))
return false;
- if (pool->dma_pages_cnt) {
- return !(pool->dma_pages[addr >> PAGE_SHIFT] &
- XSK_NEXT_PG_CONTIG_MASK);
- }
-
- /* skb path */
- return addr + len > pool->addrs_cnt;
+ return pool->dma_pages_cnt &&
+ !(pool->dma_pages[addr >> PAGE_SHIFT] & XSK_NEXT_PG_CONTIG_MASK);
}
static inline u64 xp_aligned_extract_addr(struct xsk_buff_pool *pool, u64 addr)
diff --git a/net/xdp/xsk_queue.h b/net/xdp/xsk_queue.h
index cca1fce8035cb..6b4df83aa28f6 100644
--- a/net/xdp/xsk_queue.h
+++ b/net/xdp/xsk_queue.h
@@ -157,6 +157,7 @@ static inline bool xp_unaligned_validate_desc(struct xsk_buff_pool *pool,
return false;
if (base_addr >= pool->addrs_cnt || addr >= pool->addrs_cnt ||
+ addr + desc->len > pool->addrs_cnt ||
xp_desc_crosses_non_contig_pg(pool, addr, desc->len))
return false;
--
2.39.2
^ permalink raw reply related [flat|nested] 391+ messages in thread
* [PATCH 5.15 187/371] f2fs: fix to avoid use-after-free for cached IPU bio
2023-05-08 9:43 [PATCH 5.15 000/371] 5.15.111-rc1 review Greg Kroah-Hartman
` (185 preceding siblings ...)
2023-05-08 9:46 ` [PATCH 5.15 186/371] xsk: Fix unaligned descriptor validation Greg Kroah-Hartman
@ 2023-05-08 9:46 ` Greg Kroah-Hartman
2023-05-08 9:46 ` [PATCH 5.15 188/371] scsi: lpfc: Fix ioremap issues in lpfc_sli4_pci_mem_setup() Greg Kroah-Hartman
` (187 subsequent siblings)
374 siblings, 0 replies; 391+ messages in thread
From: Greg Kroah-Hartman @ 2023-05-08 9:46 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Chao Yu, Jaegeuk Kim, Sasha Levin
From: Chao Yu <chao@kernel.org>
[ Upstream commit 5cdb422c839134273866208dad5360835ddb9794 ]
xfstest generic/019 reports a bug:
kernel BUG at mm/filemap.c:1619!
RIP: 0010:folio_end_writeback+0x8a/0x90
Call Trace:
end_page_writeback+0x1c/0x60
f2fs_write_end_io+0x199/0x420
bio_endio+0x104/0x180
submit_bio_noacct+0xa5/0x510
submit_bio+0x48/0x80
f2fs_submit_write_bio+0x35/0x300
f2fs_submit_merged_ipu_write+0x2a0/0x2b0
f2fs_write_single_data_page+0x838/0x8b0
f2fs_write_cache_pages+0x379/0xa30
f2fs_write_data_pages+0x30c/0x340
do_writepages+0xd8/0x1b0
__writeback_single_inode+0x44/0x370
writeback_sb_inodes+0x233/0x4d0
__writeback_inodes_wb+0x56/0xf0
wb_writeback+0x1dd/0x2d0
wb_workfn+0x367/0x4a0
process_one_work+0x21d/0x430
worker_thread+0x4e/0x3c0
kthread+0x103/0x130
ret_from_fork+0x2c/0x50
The root cause is: after cp_error is set, f2fs_submit_merged_ipu_write()
in f2fs_write_single_data_page() tries to flush IPU bio in cache, however
f2fs_submit_merged_ipu_write() missed to check validity of @bio parameter,
result in submitting random cached bio which belong to other IO context,
then it will cause use-after-free issue, fix it by adding additional
validity check.
Fixes: 0b20fcec8651 ("f2fs: cache global IPU bio")
Signed-off-by: Chao Yu <chao@kernel.org>
Signed-off-by: Jaegeuk Kim <jaegeuk@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
fs/f2fs/data.c | 5 ++++-
1 file changed, 4 insertions(+), 1 deletion(-)
diff --git a/fs/f2fs/data.c b/fs/f2fs/data.c
index 524d4b49a5209..d38bffe28b034 100644
--- a/fs/f2fs/data.c
+++ b/fs/f2fs/data.c
@@ -808,6 +808,8 @@ void f2fs_submit_merged_ipu_write(struct f2fs_sb_info *sbi,
bool found = false;
struct bio *target = bio ? *bio : NULL;
+ f2fs_bug_on(sbi, !target && !page);
+
for (temp = HOT; temp < NR_TEMP_TYPE && !found; temp++) {
struct f2fs_bio_info *io = sbi->write_io[DATA] + temp;
struct list_head *head = &io->bio_list;
@@ -2867,7 +2869,8 @@ int f2fs_write_single_data_page(struct page *page, int *submitted,
if (unlikely(f2fs_cp_error(sbi))) {
f2fs_submit_merged_write(sbi, DATA);
- f2fs_submit_merged_ipu_write(sbi, bio, NULL);
+ if (bio && *bio)
+ f2fs_submit_merged_ipu_write(sbi, bio, NULL);
submitted = NULL;
}
--
2.39.2
^ permalink raw reply related [flat|nested] 391+ messages in thread
* [PATCH 5.15 188/371] scsi: lpfc: Fix ioremap issues in lpfc_sli4_pci_mem_setup()
2023-05-08 9:43 [PATCH 5.15 000/371] 5.15.111-rc1 review Greg Kroah-Hartman
` (186 preceding siblings ...)
2023-05-08 9:46 ` [PATCH 5.15 187/371] f2fs: fix to avoid use-after-free for cached IPU bio Greg Kroah-Hartman
@ 2023-05-08 9:46 ` Greg Kroah-Hartman
2023-05-08 9:46 ` [PATCH 5.15 189/371] net: ethernet: stmmac: dwmac-rk: fix optional phy regulator handling Greg Kroah-Hartman
` (186 subsequent siblings)
374 siblings, 0 replies; 391+ messages in thread
From: Greg Kroah-Hartman @ 2023-05-08 9:46 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Shuchang Li, Justin Tee,
Martin K. Petersen, Sasha Levin
From: Shuchang Li <lishuchang@hust.edu.cn>
[ Upstream commit 91a0c0c1413239d0548b5aac4c82f38f6d53a91e ]
When if_type equals zero and pci_resource_start(pdev, PCI_64BIT_BAR4)
returns false, drbl_regs_memmap_p is not remapped. This passes a NULL
pointer to iounmap(), which can trigger a WARN() on certain arches.
When if_type equals six and pci_resource_start(pdev, PCI_64BIT_BAR4)
returns true, drbl_regs_memmap_p may has been remapped and
ctrl_regs_memmap_p is not remapped. This is a resource leak and passes a
NULL pointer to iounmap().
To fix these issues, we need to add null checks before iounmap(), and
change some goto labels.
Fixes: 1351e69fc6db ("scsi: lpfc: Add push-to-adapter support to sli4")
Signed-off-by: Shuchang Li <lishuchang@hust.edu.cn>
Link: https://lore.kernel.org/r/20230404072133.1022-1-lishuchang@hust.edu.cn
Reviewed-by: Justin Tee <justin.tee@broadcom.com>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/scsi/lpfc/lpfc_init.c | 10 ++++++----
1 file changed, 6 insertions(+), 4 deletions(-)
diff --git a/drivers/scsi/lpfc/lpfc_init.c b/drivers/scsi/lpfc/lpfc_init.c
index f79299f6178cd..2ca4cf1b58c4f 100644
--- a/drivers/scsi/lpfc/lpfc_init.c
+++ b/drivers/scsi/lpfc/lpfc_init.c
@@ -11738,7 +11738,7 @@ lpfc_sli4_pci_mem_setup(struct lpfc_hba *phba)
goto out_iounmap_all;
} else {
error = -ENOMEM;
- goto out_iounmap_all;
+ goto out_iounmap_ctrl;
}
}
@@ -11756,7 +11756,7 @@ lpfc_sli4_pci_mem_setup(struct lpfc_hba *phba)
dev_err(&pdev->dev,
"ioremap failed for SLI4 HBA dpp registers.\n");
error = -ENOMEM;
- goto out_iounmap_ctrl;
+ goto out_iounmap_all;
}
phba->pci_bar4_memmap_p = phba->sli4_hba.dpp_regs_memmap_p;
}
@@ -11781,9 +11781,11 @@ lpfc_sli4_pci_mem_setup(struct lpfc_hba *phba)
return 0;
out_iounmap_all:
- iounmap(phba->sli4_hba.drbl_regs_memmap_p);
+ if (phba->sli4_hba.drbl_regs_memmap_p)
+ iounmap(phba->sli4_hba.drbl_regs_memmap_p);
out_iounmap_ctrl:
- iounmap(phba->sli4_hba.ctrl_regs_memmap_p);
+ if (phba->sli4_hba.ctrl_regs_memmap_p)
+ iounmap(phba->sli4_hba.ctrl_regs_memmap_p);
out_iounmap_conf:
iounmap(phba->sli4_hba.conf_regs_memmap_p);
--
2.39.2
^ permalink raw reply related [flat|nested] 391+ messages in thread
* [PATCH 5.15 189/371] net: ethernet: stmmac: dwmac-rk: fix optional phy regulator handling
2023-05-08 9:43 [PATCH 5.15 000/371] 5.15.111-rc1 review Greg Kroah-Hartman
` (187 preceding siblings ...)
2023-05-08 9:46 ` [PATCH 5.15 188/371] scsi: lpfc: Fix ioremap issues in lpfc_sli4_pci_mem_setup() Greg Kroah-Hartman
@ 2023-05-08 9:46 ` Greg Kroah-Hartman
2023-05-08 9:46 ` [PATCH 5.15 190/371] bpf, sockmap: fix deadlocks in the sockhash and sockmap Greg Kroah-Hartman
` (185 subsequent siblings)
374 siblings, 0 replies; 391+ messages in thread
From: Greg Kroah-Hartman @ 2023-05-08 9:46 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Sebastian Reichel, David S. Miller,
Sasha Levin
From: Sebastian Reichel <sebastian.reichel@collabora.com>
[ Upstream commit db21973263f8c56750cb610f1d5e8bee00a513b9 ]
The usual devm_regulator_get() call already handles "optional"
regulators by returning a valid dummy and printing a warning
that the dummy regulator should be described properly. This
code open coded the same behaviour, but masked any errors that
are not -EPROBE_DEFER and is quite noisy.
This change effectively unmasks and propagates regulators errors
not involving -ENODEV, downgrades the error print to warning level
if no regulator is specified and captures the probe defer message
for /sys/kernel/debug/devices_deferred.
Fixes: 2e12f536635f ("net: stmmac: dwmac-rk: Use standard devicetree property for phy regulator")
Signed-off-by: Sebastian Reichel <sebastian.reichel@collabora.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/ethernet/stmicro/stmmac/dwmac-rk.c | 14 ++++----------
1 file changed, 4 insertions(+), 10 deletions(-)
diff --git a/drivers/net/ethernet/stmicro/stmmac/dwmac-rk.c b/drivers/net/ethernet/stmicro/stmmac/dwmac-rk.c
index c469abc91fa1b..8394a215725d3 100644
--- a/drivers/net/ethernet/stmicro/stmmac/dwmac-rk.c
+++ b/drivers/net/ethernet/stmicro/stmmac/dwmac-rk.c
@@ -1347,9 +1347,6 @@ static int phy_power_on(struct rk_priv_data *bsp_priv, bool enable)
int ret;
struct device *dev = &bsp_priv->pdev->dev;
- if (!ldo)
- return 0;
-
if (enable) {
ret = regulator_enable(ldo);
if (ret)
@@ -1397,14 +1394,11 @@ static struct rk_priv_data *rk_gmac_setup(struct platform_device *pdev,
}
}
- bsp_priv->regulator = devm_regulator_get_optional(dev, "phy");
+ bsp_priv->regulator = devm_regulator_get(dev, "phy");
if (IS_ERR(bsp_priv->regulator)) {
- if (PTR_ERR(bsp_priv->regulator) == -EPROBE_DEFER) {
- dev_err(dev, "phy regulator is not available yet, deferred probing\n");
- return ERR_PTR(-EPROBE_DEFER);
- }
- dev_err(dev, "no regulator found\n");
- bsp_priv->regulator = NULL;
+ ret = PTR_ERR(bsp_priv->regulator);
+ dev_err_probe(dev, ret, "failed to get phy regulator\n");
+ return ERR_PTR(ret);
}
ret = of_property_read_string(dev->of_node, "clock_in_out", &strings);
--
2.39.2
^ permalink raw reply related [flat|nested] 391+ messages in thread
* [PATCH 5.15 190/371] bpf, sockmap: fix deadlocks in the sockhash and sockmap
2023-05-08 9:43 [PATCH 5.15 000/371] 5.15.111-rc1 review Greg Kroah-Hartman
` (188 preceding siblings ...)
2023-05-08 9:46 ` [PATCH 5.15 189/371] net: ethernet: stmmac: dwmac-rk: fix optional phy regulator handling Greg Kroah-Hartman
@ 2023-05-08 9:46 ` Greg Kroah-Hartman
2023-05-08 9:46 ` [PATCH 5.15 191/371] nvmet: use i_size_read() to set size for file-ns Greg Kroah-Hartman
` (184 subsequent siblings)
374 siblings, 0 replies; 391+ messages in thread
From: Greg Kroah-Hartman @ 2023-05-08 9:46 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Hsin-Wei Hung, Xin Liu,
John Fastabend, Alexei Starovoitov, Sasha Levin
From: Xin Liu <liuxin350@huawei.com>
[ Upstream commit ed17aa92dc56b6d8883e4b7a8f1c6fbf5ed6cd29 ]
When huang uses sched_switch tracepoint, the tracepoint
does only one thing in the mounted ebpf program, which
deletes the fixed elements in sockhash ([0])
It seems that elements in sockhash are rarely actively
deleted by users or ebpf program. Therefore, we do not
pay much attention to their deletion. Compared with hash
maps, sockhash only provides spin_lock_bh protection.
This causes it to appear to have self-locking behavior
in the interrupt context.
[0]:https://lore.kernel.org/all/CABcoxUayum5oOqFMMqAeWuS8+EzojquSOSyDA3J_2omY=2EeAg@mail.gmail.com/
Reported-by: Hsin-Wei Hung <hsinweih@uci.edu>
Fixes: 604326b41a6f ("bpf, sockmap: convert to generic sk_msg interface")
Signed-off-by: Xin Liu <liuxin350@huawei.com>
Acked-by: John Fastabend <john.fastabend@gmail.com>
Link: https://lore.kernel.org/r/20230406122622.109978-1-liuxin350@huawei.com
Signed-off-by: Alexei Starovoitov <ast@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
net/core/sock_map.c | 10 ++++++----
1 file changed, 6 insertions(+), 4 deletions(-)
diff --git a/net/core/sock_map.c b/net/core/sock_map.c
index 86b4e8909ad1e..36afe39dd2df9 100644
--- a/net/core/sock_map.c
+++ b/net/core/sock_map.c
@@ -414,8 +414,9 @@ static int __sock_map_delete(struct bpf_stab *stab, struct sock *sk_test,
{
struct sock *sk;
int err = 0;
+ unsigned long flags;
- raw_spin_lock_bh(&stab->lock);
+ raw_spin_lock_irqsave(&stab->lock, flags);
sk = *psk;
if (!sk_test || sk_test == sk)
sk = xchg(psk, NULL);
@@ -425,7 +426,7 @@ static int __sock_map_delete(struct bpf_stab *stab, struct sock *sk_test,
else
err = -EINVAL;
- raw_spin_unlock_bh(&stab->lock);
+ raw_spin_unlock_irqrestore(&stab->lock, flags);
return err;
}
@@ -930,11 +931,12 @@ static int sock_hash_delete_elem(struct bpf_map *map, void *key)
struct bpf_shtab_bucket *bucket;
struct bpf_shtab_elem *elem;
int ret = -ENOENT;
+ unsigned long flags;
hash = sock_hash_bucket_hash(key, key_size);
bucket = sock_hash_select_bucket(htab, hash);
- raw_spin_lock_bh(&bucket->lock);
+ raw_spin_lock_irqsave(&bucket->lock, flags);
elem = sock_hash_lookup_elem_raw(&bucket->head, hash, key, key_size);
if (elem) {
hlist_del_rcu(&elem->node);
@@ -942,7 +944,7 @@ static int sock_hash_delete_elem(struct bpf_map *map, void *key)
sock_hash_free_elem(htab, elem);
ret = 0;
}
- raw_spin_unlock_bh(&bucket->lock);
+ raw_spin_unlock_irqrestore(&bucket->lock, flags);
return ret;
}
--
2.39.2
^ permalink raw reply related [flat|nested] 391+ messages in thread
* [PATCH 5.15 191/371] nvmet: use i_size_read() to set size for file-ns
2023-05-08 9:43 [PATCH 5.15 000/371] 5.15.111-rc1 review Greg Kroah-Hartman
` (189 preceding siblings ...)
2023-05-08 9:46 ` [PATCH 5.15 190/371] bpf, sockmap: fix deadlocks in the sockhash and sockmap Greg Kroah-Hartman
@ 2023-05-08 9:46 ` Greg Kroah-Hartman
2023-05-08 9:46 ` [PATCH 5.15 192/371] nvmet: move the call to nvmet_ns_changed out of nvmet_ns_revalidate Greg Kroah-Hartman
` (183 subsequent siblings)
374 siblings, 0 replies; 391+ messages in thread
From: Greg Kroah-Hartman @ 2023-05-08 9:46 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Chaitanya Kulkarni,
Christoph Hellwig, Sasha Levin
From: Chaitanya Kulkarni <kch@nvidia.com>
[ Upstream commit 2caecd62ea5160803b25d96cb1a14ce755c2c259 ]
Instead of calling vfs_getattr() use i_size_read() to read the size of
file so we can read the size of not only file type but also block type
with one call. This is needed to implement buffered_io support for the
NVMeOF block device backend.
We also change return type of function nvmet_file_ns_revalidate() from
int to void, since this function does not return any meaning value.
Signed-off-by: Chaitanya Kulkarni <kch@nvidia.com>
Signed-off-by: Christoph Hellwig <hch@lst.de>
Stable-dep-of: ab76e7206b67 ("nvmet: fix error handling in nvmet_execute_identify_cns_cs_ns()")
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/nvme/target/io-cmd-file.c | 17 ++++-------------
drivers/nvme/target/nvmet.h | 2 +-
2 files changed, 5 insertions(+), 14 deletions(-)
diff --git a/drivers/nvme/target/io-cmd-file.c b/drivers/nvme/target/io-cmd-file.c
index eadba13b276de..098b6bf12cd0a 100644
--- a/drivers/nvme/target/io-cmd-file.c
+++ b/drivers/nvme/target/io-cmd-file.c
@@ -13,16 +13,9 @@
#define NVMET_MIN_MPOOL_OBJ 16
-int nvmet_file_ns_revalidate(struct nvmet_ns *ns)
+void nvmet_file_ns_revalidate(struct nvmet_ns *ns)
{
- struct kstat stat;
- int ret;
-
- ret = vfs_getattr(&ns->file->f_path, &stat, STATX_SIZE,
- AT_STATX_FORCE_SYNC);
- if (!ret)
- ns->size = stat.size;
- return ret;
+ ns->size = i_size_read(ns->file->f_mapping->host);
}
void nvmet_file_ns_disable(struct nvmet_ns *ns)
@@ -40,7 +33,7 @@ void nvmet_file_ns_disable(struct nvmet_ns *ns)
int nvmet_file_ns_enable(struct nvmet_ns *ns)
{
int flags = O_RDWR | O_LARGEFILE;
- int ret;
+ int ret = 0;
if (!ns->buffered_io)
flags |= O_DIRECT;
@@ -54,9 +47,7 @@ int nvmet_file_ns_enable(struct nvmet_ns *ns)
return ret;
}
- ret = nvmet_file_ns_revalidate(ns);
- if (ret)
- goto err;
+ nvmet_file_ns_revalidate(ns);
/*
* i_blkbits can be greater than the universally accepted upper bound,
diff --git a/drivers/nvme/target/nvmet.h b/drivers/nvme/target/nvmet.h
index fdb06a9d430d2..f3e42d2c85c6c 100644
--- a/drivers/nvme/target/nvmet.h
+++ b/drivers/nvme/target/nvmet.h
@@ -542,7 +542,7 @@ u16 nvmet_bdev_flush(struct nvmet_req *req);
u16 nvmet_file_flush(struct nvmet_req *req);
void nvmet_ns_changed(struct nvmet_subsys *subsys, u32 nsid);
void nvmet_bdev_ns_revalidate(struct nvmet_ns *ns);
-int nvmet_file_ns_revalidate(struct nvmet_ns *ns);
+void nvmet_file_ns_revalidate(struct nvmet_ns *ns);
void nvmet_ns_revalidate(struct nvmet_ns *ns);
u16 blk_to_nvme_status(struct nvmet_req *req, blk_status_t blk_sts);
--
2.39.2
^ permalink raw reply related [flat|nested] 391+ messages in thread
* [PATCH 5.15 192/371] nvmet: move the call to nvmet_ns_changed out of nvmet_ns_revalidate
2023-05-08 9:43 [PATCH 5.15 000/371] 5.15.111-rc1 review Greg Kroah-Hartman
` (190 preceding siblings ...)
2023-05-08 9:46 ` [PATCH 5.15 191/371] nvmet: use i_size_read() to set size for file-ns Greg Kroah-Hartman
@ 2023-05-08 9:46 ` Greg Kroah-Hartman
2023-05-08 9:46 ` [PATCH 5.15 193/371] nvmet: fix error handling in nvmet_execute_identify_cns_cs_ns() Greg Kroah-Hartman
` (182 subsequent siblings)
374 siblings, 0 replies; 391+ messages in thread
From: Greg Kroah-Hartman @ 2023-05-08 9:46 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Niels Dossche, Christoph Hellwig,
Sagi Grimberg, Chaitanya Kulkarni, Sasha Levin
From: Christoph Hellwig <hch@lst.de>
[ Upstream commit da7837339641601f202f27515771dc0646083938 ]
nvmet_ns_changed states via lockdep that the ns->subsys->lock must be
held. The only caller of nvmet_ns_changed which does not acquire that
lock is nvmet_ns_revalidate. nvmet_ns_revalidate has 3 callers,
of which 2 do not acquire that lock: nvmet_execute_identify_cns_cs_ns
and nvmet_execute_identify_ns. The other caller
nvmet_ns_revalidate_size_store does acquire the lock.
Move the call to nvmet_ns_changed from nvmet_ns_revalidate to the callers
so that they can perform the correct locking as needed.
This issue was found using a static type-based analyser and manually
verified.
Reported-by: Niels Dossche <dossche.niels@gmail.com>
Signed-off-by: Christoph Hellwig <hch@lst.de>
Reviewed-by: Sagi Grimberg <sagi@grimberg.me>
Reviewed-by: Chaitanya Kulkarni <kch@nvidia.com>
Stable-dep-of: ab76e7206b67 ("nvmet: fix error handling in nvmet_execute_identify_cns_cs_ns()")
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/nvme/target/admin-cmd.c | 6 +++++-
drivers/nvme/target/configfs.c | 3 ++-
drivers/nvme/target/core.c | 5 ++---
drivers/nvme/target/nvmet.h | 2 +-
drivers/nvme/target/zns.c | 6 +++++-
5 files changed, 15 insertions(+), 7 deletions(-)
diff --git a/drivers/nvme/target/admin-cmd.c b/drivers/nvme/target/admin-cmd.c
index bf78c58ed41d4..da873a7f8ff90 100644
--- a/drivers/nvme/target/admin-cmd.c
+++ b/drivers/nvme/target/admin-cmd.c
@@ -508,7 +508,11 @@ static void nvmet_execute_identify_ns(struct nvmet_req *req)
goto done;
}
- nvmet_ns_revalidate(req->ns);
+ if (nvmet_ns_revalidate(req->ns)) {
+ mutex_lock(&req->ns->subsys->lock);
+ nvmet_ns_changed(req->ns->subsys, req->ns->nsid);
+ mutex_unlock(&req->ns->subsys->lock);
+ }
/*
* nuse = ncap = nsze isn't always true, but we have no way to find
diff --git a/drivers/nvme/target/configfs.c b/drivers/nvme/target/configfs.c
index 625038057a762..5bdc3ba51f7ef 100644
--- a/drivers/nvme/target/configfs.c
+++ b/drivers/nvme/target/configfs.c
@@ -586,7 +586,8 @@ static ssize_t nvmet_ns_revalidate_size_store(struct config_item *item,
mutex_unlock(&ns->subsys->lock);
return -EINVAL;
}
- nvmet_ns_revalidate(ns);
+ if (nvmet_ns_revalidate(ns))
+ nvmet_ns_changed(ns->subsys, ns->nsid);
mutex_unlock(&ns->subsys->lock);
return count;
}
diff --git a/drivers/nvme/target/core.c b/drivers/nvme/target/core.c
index 4c6d56dd29adc..2c44d5a95c8d6 100644
--- a/drivers/nvme/target/core.c
+++ b/drivers/nvme/target/core.c
@@ -535,7 +535,7 @@ static void nvmet_p2pmem_ns_add_p2p(struct nvmet_ctrl *ctrl,
ns->nsid);
}
-void nvmet_ns_revalidate(struct nvmet_ns *ns)
+bool nvmet_ns_revalidate(struct nvmet_ns *ns)
{
loff_t oldsize = ns->size;
@@ -544,8 +544,7 @@ void nvmet_ns_revalidate(struct nvmet_ns *ns)
else
nvmet_file_ns_revalidate(ns);
- if (oldsize != ns->size)
- nvmet_ns_changed(ns->subsys, ns->nsid);
+ return oldsize != ns->size;
}
int nvmet_ns_enable(struct nvmet_ns *ns)
diff --git a/drivers/nvme/target/nvmet.h b/drivers/nvme/target/nvmet.h
index f3e42d2c85c6c..abb5e78ab8919 100644
--- a/drivers/nvme/target/nvmet.h
+++ b/drivers/nvme/target/nvmet.h
@@ -543,7 +543,7 @@ u16 nvmet_file_flush(struct nvmet_req *req);
void nvmet_ns_changed(struct nvmet_subsys *subsys, u32 nsid);
void nvmet_bdev_ns_revalidate(struct nvmet_ns *ns);
void nvmet_file_ns_revalidate(struct nvmet_ns *ns);
-void nvmet_ns_revalidate(struct nvmet_ns *ns);
+bool nvmet_ns_revalidate(struct nvmet_ns *ns);
u16 blk_to_nvme_status(struct nvmet_req *req, blk_status_t blk_sts);
bool nvmet_bdev_zns_enable(struct nvmet_ns *ns);
diff --git a/drivers/nvme/target/zns.c b/drivers/nvme/target/zns.c
index 1466698751c55..ad608bd6515a7 100644
--- a/drivers/nvme/target/zns.c
+++ b/drivers/nvme/target/zns.c
@@ -123,7 +123,11 @@ void nvmet_execute_identify_cns_cs_ns(struct nvmet_req *req)
goto done;
}
- nvmet_ns_revalidate(req->ns);
+ if (nvmet_ns_revalidate(req->ns)) {
+ mutex_lock(&req->ns->subsys->lock);
+ nvmet_ns_changed(req->ns->subsys, req->ns->nsid);
+ mutex_unlock(&req->ns->subsys->lock);
+ }
zsze = (bdev_zone_sectors(req->ns->bdev) << 9) >>
req->ns->blksize_shift;
id_zns->lbafe[0].zsze = cpu_to_le64(zsze);
--
2.39.2
^ permalink raw reply related [flat|nested] 391+ messages in thread
* [PATCH 5.15 193/371] nvmet: fix error handling in nvmet_execute_identify_cns_cs_ns()
2023-05-08 9:43 [PATCH 5.15 000/371] 5.15.111-rc1 review Greg Kroah-Hartman
` (191 preceding siblings ...)
2023-05-08 9:46 ` [PATCH 5.15 192/371] nvmet: move the call to nvmet_ns_changed out of nvmet_ns_revalidate Greg Kroah-Hartman
@ 2023-05-08 9:46 ` Greg Kroah-Hartman
2023-05-08 9:46 ` [PATCH 5.15 194/371] nvmet: fix Identify Namespace handling Greg Kroah-Hartman
` (181 subsequent siblings)
374 siblings, 0 replies; 391+ messages in thread
From: Greg Kroah-Hartman @ 2023-05-08 9:46 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Damien Le Moal, Keith Busch,
Sagi Grimberg, Chaitanya Kulkarni, Christoph Hellwig,
Sasha Levin
From: Damien Le Moal <damien.lemoal@opensource.wdc.com>
[ Upstream commit ab76e7206b672b2e8818cb121a04506956d6b223 ]
Nvme specifications state that:
If the I/O Command Set associated with the namespace identified by the
NSID field does not support the Identify Namespace data structure
specified by the CSI field, the controller shall abort the command with
a status code of Invalid Field in Command.
In other words, if nvmet_execute_identify_cns_cs_ns() is called for a
target with a block device that is not zoned, we should not return any
data and set the status to NVME_SC_INVALID_FIELD.
While at it, it is also better to revalidate the ns block devie *before*
checking if the block device is zoned, to ensure that
nvmet_execute_identify_cns_cs_ns() operates against updated device
characteristics.
Fixes: aaf2e048af27 ("nvmet: add ZBD over ZNS backend support")
Signed-off-by: Damien Le Moal <damien.lemoal@opensource.wdc.com>
Reviewed-by: Keith Busch <kbusch@kernel.org>
Reviewed-by: Sagi Grimberg <sagi@grimberg.me>
Reviewed-by: Chaitanya Kulkarni <kch@nvidia.com>
Signed-off-by: Christoph Hellwig <hch@lst.de>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/nvme/target/zns.c | 16 +++++++++-------
1 file changed, 9 insertions(+), 7 deletions(-)
diff --git a/drivers/nvme/target/zns.c b/drivers/nvme/target/zns.c
index ad608bd6515a7..f4f8598cbdc15 100644
--- a/drivers/nvme/target/zns.c
+++ b/drivers/nvme/target/zns.c
@@ -97,7 +97,7 @@ void nvmet_execute_identify_cns_cs_ctrl(struct nvmet_req *req)
void nvmet_execute_identify_cns_cs_ns(struct nvmet_req *req)
{
- struct nvme_id_ns_zns *id_zns;
+ struct nvme_id_ns_zns *id_zns = NULL;
u64 zsze;
u16 status;
u32 mar, mor;
@@ -118,16 +118,18 @@ void nvmet_execute_identify_cns_cs_ns(struct nvmet_req *req)
if (status)
goto done;
- if (!bdev_is_zoned(req->ns->bdev)) {
- req->error_loc = offsetof(struct nvme_identify, nsid);
- goto done;
- }
-
if (nvmet_ns_revalidate(req->ns)) {
mutex_lock(&req->ns->subsys->lock);
nvmet_ns_changed(req->ns->subsys, req->ns->nsid);
mutex_unlock(&req->ns->subsys->lock);
}
+
+ if (!bdev_is_zoned(req->ns->bdev)) {
+ status = NVME_SC_INVALID_FIELD | NVME_SC_DNR;
+ req->error_loc = offsetof(struct nvme_identify, nsid);
+ goto out;
+ }
+
zsze = (bdev_zone_sectors(req->ns->bdev) << 9) >>
req->ns->blksize_shift;
id_zns->lbafe[0].zsze = cpu_to_le64(zsze);
@@ -148,8 +150,8 @@ void nvmet_execute_identify_cns_cs_ns(struct nvmet_req *req)
done:
status = nvmet_copy_to_sgl(req, 0, id_zns, sizeof(*id_zns));
- kfree(id_zns);
out:
+ kfree(id_zns);
nvmet_req_complete(req, status);
}
--
2.39.2
^ permalink raw reply related [flat|nested] 391+ messages in thread
* [PATCH 5.15 194/371] nvmet: fix Identify Namespace handling
2023-05-08 9:43 [PATCH 5.15 000/371] 5.15.111-rc1 review Greg Kroah-Hartman
` (192 preceding siblings ...)
2023-05-08 9:46 ` [PATCH 5.15 193/371] nvmet: fix error handling in nvmet_execute_identify_cns_cs_ns() Greg Kroah-Hartman
@ 2023-05-08 9:46 ` Greg Kroah-Hartman
2023-05-08 9:46 ` [PATCH 5.15 195/371] nvmet: fix Identify Controller handling Greg Kroah-Hartman
` (180 subsequent siblings)
374 siblings, 0 replies; 391+ messages in thread
From: Greg Kroah-Hartman @ 2023-05-08 9:46 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Damien Le Moal, Chaitanya Kulkarni,
Christoph Hellwig, Sasha Levin
From: Damien Le Moal <damien.lemoal@opensource.wdc.com>
[ Upstream commit 8c098aa00118c35108f0c19bd3cdc45e11574948 ]
The identify command with cns set to NVME_ID_CNS_NS does not directly
depend on the command set. The NVMe specifications is rather confusing
here as it appears that this command only applies to the NVM command
set. However, footnote 8 of Figure 273 in the NVMe 2.0 base
specifications clearly state that this command applies to NVM command
sets that support logical blocks, that is, NVM and ZNS. Both the NVM and
ZNS command set specifications also list this identify as mandatory.
The command handling should thus not look at the csi field since it is
defined as unused for this command. Given that we do not support the
KV command set, simply remove the csi switch-case for that command
handling and call directly nvmet_execute_identify_ns() in
nvmet_execute_identify().
Fixes: ab5d0b38c047 ("nvmet: add Command Set Identifier support")
Signed-off-by: Damien Le Moal <damien.lemoal@opensource.wdc.com>
Reviewed-by: Chaitanya Kulkarni <kch@nvidia.com>
Tested-by: Chaitanya Kulkarni <kch@nvidia.com>
Signed-off-by: Christoph Hellwig <hch@lst.de>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/nvme/target/admin-cmd.c | 9 ++-------
1 file changed, 2 insertions(+), 7 deletions(-)
diff --git a/drivers/nvme/target/admin-cmd.c b/drivers/nvme/target/admin-cmd.c
index da873a7f8ff90..4911de26d7343 100644
--- a/drivers/nvme/target/admin-cmd.c
+++ b/drivers/nvme/target/admin-cmd.c
@@ -687,13 +687,8 @@ static void nvmet_execute_identify(struct nvmet_req *req)
switch (req->cmd->identify.cns) {
case NVME_ID_CNS_NS:
- switch (req->cmd->identify.csi) {
- case NVME_CSI_NVM:
- return nvmet_execute_identify_ns(req);
- default:
- break;
- }
- break;
+ nvmet_execute_identify_ns(req);
+ return;
case NVME_ID_CNS_CS_NS:
if (IS_ENABLED(CONFIG_BLK_DEV_ZONED)) {
switch (req->cmd->identify.csi) {
--
2.39.2
^ permalink raw reply related [flat|nested] 391+ messages in thread
* [PATCH 5.15 195/371] nvmet: fix Identify Controller handling
2023-05-08 9:43 [PATCH 5.15 000/371] 5.15.111-rc1 review Greg Kroah-Hartman
` (193 preceding siblings ...)
2023-05-08 9:46 ` [PATCH 5.15 194/371] nvmet: fix Identify Namespace handling Greg Kroah-Hartman
@ 2023-05-08 9:46 ` Greg Kroah-Hartman
2023-05-08 9:46 ` [PATCH 5.15 196/371] nvmet: fix Identify Active Namespace ID list handling Greg Kroah-Hartman
` (179 subsequent siblings)
374 siblings, 0 replies; 391+ messages in thread
From: Greg Kroah-Hartman @ 2023-05-08 9:46 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Damien Le Moal, Chaitanya Kulkarni,
Christoph Hellwig, Sasha Levin
From: Damien Le Moal <damien.lemoal@opensource.wdc.com>
[ Upstream commit 62904b3b333e7f3c0f879dc3513295eee5765c9f ]
The identify command with cns set to NVME_ID_CNS_CTRL does not depend on
the command set. The execution of this command should thus not look at
the csi specified in the command. Simplify nvmet_execute_identify() to
directly call nvmet_execute_identify_ctrl() without the csi switch-case.
Fixes: ab5d0b38c047 ("nvmet: add Command Set Identifier support")
Signed-off-by: Damien Le Moal <damien.lemoal@opensource.wdc.com>
Reviewed-by: Chaitanya Kulkarni <kch@nvidia.com>
Tested-by: Chaitanya Kulkarni <kch@nvidia.com>
Signed-off-by: Christoph Hellwig <hch@lst.de>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/nvme/target/admin-cmd.c | 7 ++-----
1 file changed, 2 insertions(+), 5 deletions(-)
diff --git a/drivers/nvme/target/admin-cmd.c b/drivers/nvme/target/admin-cmd.c
index 4911de26d7343..0638be507a645 100644
--- a/drivers/nvme/target/admin-cmd.c
+++ b/drivers/nvme/target/admin-cmd.c
@@ -700,11 +700,8 @@ static void nvmet_execute_identify(struct nvmet_req *req)
}
break;
case NVME_ID_CNS_CTRL:
- switch (req->cmd->identify.csi) {
- case NVME_CSI_NVM:
- return nvmet_execute_identify_ctrl(req);
- }
- break;
+ nvmet_execute_identify_ctrl(req);
+ return;
case NVME_ID_CNS_CS_CTRL:
if (IS_ENABLED(CONFIG_BLK_DEV_ZONED)) {
switch (req->cmd->identify.csi) {
--
2.39.2
^ permalink raw reply related [flat|nested] 391+ messages in thread
* [PATCH 5.15 196/371] nvmet: fix Identify Active Namespace ID list handling
2023-05-08 9:43 [PATCH 5.15 000/371] 5.15.111-rc1 review Greg Kroah-Hartman
` (194 preceding siblings ...)
2023-05-08 9:46 ` [PATCH 5.15 195/371] nvmet: fix Identify Controller handling Greg Kroah-Hartman
@ 2023-05-08 9:46 ` Greg Kroah-Hartman
2023-05-08 9:46 ` [PATCH 5.15 197/371] nvmet: fix I/O Command Set specific Identify Controller Greg Kroah-Hartman
` (178 subsequent siblings)
374 siblings, 0 replies; 391+ messages in thread
From: Greg Kroah-Hartman @ 2023-05-08 9:46 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Damien Le Moal, Chaitanya Kulkarni,
Christoph Hellwig, Sasha Levin
From: Damien Le Moal <damien.lemoal@opensource.wdc.com>
[ Upstream commit 97416f67d55fb8b866ff1815ca7ef26b6dfa6a5e ]
The identify command with cns set to NVME_ID_CNS_NS_ACTIVE_LIST does
not depend on the command set. The execution of this command should
thus not look at the csi field specified in the command. Simplify
nvmet_execute_identify() to directly call
nvmet_execute_identify_nslist() without the csi switch-case.
Fixes: ab5d0b38c047 ("nvmet: add Command Set Identifier support")
Signed-off-by: Damien Le Moal <damien.lemoal@opensource.wdc.com>
Reviewed-by: Chaitanya Kulkarni <kch@nvidia.com>
Tested-by: Chaitanya Kulkarni <kch@nvidia.com>
Signed-off-by: Christoph Hellwig <hch@lst.de>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/nvme/target/admin-cmd.c | 9 ++-------
1 file changed, 2 insertions(+), 7 deletions(-)
diff --git a/drivers/nvme/target/admin-cmd.c b/drivers/nvme/target/admin-cmd.c
index 0638be507a645..2b8227259786c 100644
--- a/drivers/nvme/target/admin-cmd.c
+++ b/drivers/nvme/target/admin-cmd.c
@@ -713,13 +713,8 @@ static void nvmet_execute_identify(struct nvmet_req *req)
}
break;
case NVME_ID_CNS_NS_ACTIVE_LIST:
- switch (req->cmd->identify.csi) {
- case NVME_CSI_NVM:
- return nvmet_execute_identify_nslist(req);
- default:
- break;
- }
- break;
+ nvmet_execute_identify_nslist(req);
+ return;
case NVME_ID_CNS_NS_DESC_LIST:
if (nvmet_handle_identify_desclist(req) == true)
return;
--
2.39.2
^ permalink raw reply related [flat|nested] 391+ messages in thread
* [PATCH 5.15 197/371] nvmet: fix I/O Command Set specific Identify Controller
2023-05-08 9:43 [PATCH 5.15 000/371] 5.15.111-rc1 review Greg Kroah-Hartman
` (195 preceding siblings ...)
2023-05-08 9:46 ` [PATCH 5.15 196/371] nvmet: fix Identify Active Namespace ID list handling Greg Kroah-Hartman
@ 2023-05-08 9:46 ` Greg Kroah-Hartman
2023-05-08 9:46 ` [PATCH 5.15 198/371] nvme: handle the persistent internal error AER Greg Kroah-Hartman
` (177 subsequent siblings)
374 siblings, 0 replies; 391+ messages in thread
From: Greg Kroah-Hartman @ 2023-05-08 9:46 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Damien Le Moal, Chaitanya Kulkarni,
Christoph Hellwig, Sasha Levin
From: Damien Le Moal <damien.lemoal@opensource.wdc.com>
[ Upstream commit a5a6ab0950b46ab1ef4a5c83c80234018b81b38a ]
For an identify command with cns set to NVME_ID_CNS_CS_CTRL, the NVMe
2.0 specification states that:
If the I/O Command Set specified by the CSI field does not have an
Identify Controller data structure, then the controller shall return
a zero filled data structure. If the host requests a data structure for
an I/O Command Set that the controller does not support, the controller
shall abort the command with a status code of Invalid Field in Command.
However, the current implementation of this identify command in
nvmet_execute_identify() only handles the ZNS command set, returning an
error for the NVM command set, which is not compliant with the
specifications as we do support this command set.
Fix this by:
1) Renaming nvmet_execute_identify_cns_cs_ctrl() to
nvmet_execute_identify_ctrl_zns() to continue handling the
ZNS command set as is.
2) Introduce a nvmet_execute_identify_ctrl_ns() helper to handle the
NVM command set, returning a zero filled nvme_id_ctrl_nvm data
structure.
3) Modify nvmet_execute_identify() to call these helpers based on
the csi specified, returning an error for unsupported command sets.
Fixes: aaf2e048af27 ("nvmet: add ZBD over ZNS backend support")
Signed-off-by: Damien Le Moal <damien.lemoal@opensource.wdc.com>
Reviewed-by: Chaitanya Kulkarni <kch@nvidia.com>
Tested-by: Chaitanya Kulkarni <kch@nvidia.com>
Signed-off-by: Christoph Hellwig <hch@lst.de>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/nvme/target/admin-cmd.c | 22 ++++++++++++++++------
drivers/nvme/target/nvmet.h | 2 +-
drivers/nvme/target/zns.c | 2 +-
3 files changed, 18 insertions(+), 8 deletions(-)
diff --git a/drivers/nvme/target/admin-cmd.c b/drivers/nvme/target/admin-cmd.c
index 2b8227259786c..ec13f568785e5 100644
--- a/drivers/nvme/target/admin-cmd.c
+++ b/drivers/nvme/target/admin-cmd.c
@@ -680,6 +680,13 @@ static bool nvmet_handle_identify_desclist(struct nvmet_req *req)
}
}
+static void nvmet_execute_identify_ctrl_nvm(struct nvmet_req *req)
+{
+ /* Not supported: return zeroes */
+ nvmet_req_complete(req,
+ nvmet_zero_sgl(req, 0, sizeof(struct nvme_id_ctrl_nvm)));
+}
+
static void nvmet_execute_identify(struct nvmet_req *req)
{
if (!nvmet_check_transfer_len(req, NVME_IDENTIFY_DATA_SIZE))
@@ -703,13 +710,16 @@ static void nvmet_execute_identify(struct nvmet_req *req)
nvmet_execute_identify_ctrl(req);
return;
case NVME_ID_CNS_CS_CTRL:
- if (IS_ENABLED(CONFIG_BLK_DEV_ZONED)) {
- switch (req->cmd->identify.csi) {
- case NVME_CSI_ZNS:
- return nvmet_execute_identify_cns_cs_ctrl(req);
- default:
- break;
+ switch (req->cmd->identify.csi) {
+ case NVME_CSI_NVM:
+ nvmet_execute_identify_ctrl_nvm(req);
+ return;
+ case NVME_CSI_ZNS:
+ if (IS_ENABLED(CONFIG_BLK_DEV_ZONED)) {
+ nvmet_execute_identify_ctrl_zns(req);
+ return;
}
+ break;
}
break;
case NVME_ID_CNS_NS_ACTIVE_LIST:
diff --git a/drivers/nvme/target/nvmet.h b/drivers/nvme/target/nvmet.h
index abb5e78ab8919..17dd845514588 100644
--- a/drivers/nvme/target/nvmet.h
+++ b/drivers/nvme/target/nvmet.h
@@ -547,7 +547,7 @@ bool nvmet_ns_revalidate(struct nvmet_ns *ns);
u16 blk_to_nvme_status(struct nvmet_req *req, blk_status_t blk_sts);
bool nvmet_bdev_zns_enable(struct nvmet_ns *ns);
-void nvmet_execute_identify_cns_cs_ctrl(struct nvmet_req *req);
+void nvmet_execute_identify_ctrl_zns(struct nvmet_req *req);
void nvmet_execute_identify_cns_cs_ns(struct nvmet_req *req);
void nvmet_bdev_execute_zone_mgmt_recv(struct nvmet_req *req);
void nvmet_bdev_execute_zone_mgmt_send(struct nvmet_req *req);
diff --git a/drivers/nvme/target/zns.c b/drivers/nvme/target/zns.c
index f4f8598cbdc15..ae617d66b1378 100644
--- a/drivers/nvme/target/zns.c
+++ b/drivers/nvme/target/zns.c
@@ -70,7 +70,7 @@ bool nvmet_bdev_zns_enable(struct nvmet_ns *ns)
return true;
}
-void nvmet_execute_identify_cns_cs_ctrl(struct nvmet_req *req)
+void nvmet_execute_identify_ctrl_zns(struct nvmet_req *req)
{
u8 zasl = req->sq->ctrl->subsys->zasl;
struct nvmet_ctrl *ctrl = req->sq->ctrl;
--
2.39.2
^ permalink raw reply related [flat|nested] 391+ messages in thread
* [PATCH 5.15 198/371] nvme: handle the persistent internal error AER
2023-05-08 9:43 [PATCH 5.15 000/371] 5.15.111-rc1 review Greg Kroah-Hartman
` (196 preceding siblings ...)
2023-05-08 9:46 ` [PATCH 5.15 197/371] nvmet: fix I/O Command Set specific Identify Controller Greg Kroah-Hartman
@ 2023-05-08 9:46 ` Greg Kroah-Hartman
2023-05-08 9:46 ` [PATCH 5.15 199/371] nvme: fix async event trace event Greg Kroah-Hartman
` (176 subsequent siblings)
374 siblings, 0 replies; 391+ messages in thread
From: Greg Kroah-Hartman @ 2023-05-08 9:46 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Michael Kelley, Christoph Hellwig,
Jens Axboe, Sasha Levin
From: Michael Kelley <mikelley@microsoft.com>
[ Upstream commit 2c61c97fb12b806e1c8eb15f04c277ad097ec95e ]
In the NVM Express Revision 1.4 spec, Figure 145 describes possible
values for an AER with event type "Error" (value 000b). For a
Persistent Internal Error (value 03h), the host should perform a
controller reset.
Add support for this error using code that already exists for
doing a controller reset. As part of this support, introduce
two utility functions for parsing the AER type and subtype.
This new support was tested in a lab environment where we can
generate the persistent internal error on demand, and observe
both the Linux side and NVMe controller side to see that the
controller reset has been done.
Signed-off-by: Michael Kelley <mikelley@microsoft.com>
Signed-off-by: Christoph Hellwig <hch@lst.de>
Signed-off-by: Jens Axboe <axboe@kernel.dk>
Stable-dep-of: 6622b76fe922 ("nvme: fix async event trace event")
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/nvme/host/core.c | 31 +++++++++++++++++++++++++++++--
include/linux/nvme.h | 4 ++++
2 files changed, 33 insertions(+), 2 deletions(-)
diff --git a/drivers/nvme/host/core.c b/drivers/nvme/host/core.c
index ef9d7a795b007..2ad1e4acc0d6b 100644
--- a/drivers/nvme/host/core.c
+++ b/drivers/nvme/host/core.c
@@ -4360,9 +4360,19 @@ static void nvme_fw_act_work(struct work_struct *work)
nvme_get_fw_slot_info(ctrl);
}
+static u32 nvme_aer_type(u32 result)
+{
+ return result & 0x7;
+}
+
+static u32 nvme_aer_subtype(u32 result)
+{
+ return (result & 0xff00) >> 8;
+}
+
static void nvme_handle_aen_notice(struct nvme_ctrl *ctrl, u32 result)
{
- u32 aer_notice_type = (result & 0xff00) >> 8;
+ u32 aer_notice_type = nvme_aer_subtype(result);
trace_nvme_async_event(ctrl, aer_notice_type);
@@ -4395,11 +4405,19 @@ static void nvme_handle_aen_notice(struct nvme_ctrl *ctrl, u32 result)
}
}
+static void nvme_handle_aer_persistent_error(struct nvme_ctrl *ctrl)
+{
+ trace_nvme_async_event(ctrl, NVME_AER_ERROR);
+ dev_warn(ctrl->device, "resetting controller due to AER\n");
+ nvme_reset_ctrl(ctrl);
+}
+
void nvme_complete_async_event(struct nvme_ctrl *ctrl, __le16 status,
volatile union nvme_result *res)
{
u32 result = le32_to_cpu(res->u32);
- u32 aer_type = result & 0x07;
+ u32 aer_type = nvme_aer_type(result);
+ u32 aer_subtype = nvme_aer_subtype(result);
if (le16_to_cpu(status) >> 1 != NVME_SC_SUCCESS)
return;
@@ -4409,6 +4427,15 @@ void nvme_complete_async_event(struct nvme_ctrl *ctrl, __le16 status,
nvme_handle_aen_notice(ctrl, result);
break;
case NVME_AER_ERROR:
+ /*
+ * For a persistent internal error, don't run async_event_work
+ * to submit a new AER. The controller reset will do it.
+ */
+ if (aer_subtype == NVME_AER_ERROR_PERSIST_INT_ERR) {
+ nvme_handle_aer_persistent_error(ctrl);
+ return;
+ }
+ fallthrough;
case NVME_AER_SMART:
case NVME_AER_CSS:
case NVME_AER_VS:
diff --git a/include/linux/nvme.h b/include/linux/nvme.h
index de235916c31c2..461ee0ee59fe4 100644
--- a/include/linux/nvme.h
+++ b/include/linux/nvme.h
@@ -613,6 +613,10 @@ enum {
NVME_AER_VS = 7,
};
+enum {
+ NVME_AER_ERROR_PERSIST_INT_ERR = 0x03,
+};
+
enum {
NVME_AER_NOTICE_NS_CHANGED = 0x00,
NVME_AER_NOTICE_FW_ACT_STARTING = 0x01,
--
2.39.2
^ permalink raw reply related [flat|nested] 391+ messages in thread
* [PATCH 5.15 199/371] nvme: fix async event trace event
2023-05-08 9:43 [PATCH 5.15 000/371] 5.15.111-rc1 review Greg Kroah-Hartman
` (197 preceding siblings ...)
2023-05-08 9:46 ` [PATCH 5.15 198/371] nvme: handle the persistent internal error AER Greg Kroah-Hartman
@ 2023-05-08 9:46 ` Greg Kroah-Hartman
2023-05-08 9:46 ` [PATCH 5.15 200/371] nvme-fcloop: fix "inconsistent {IN-HARDIRQ-W} -> {HARDIRQ-ON-W} usage" Greg Kroah-Hartman
` (175 subsequent siblings)
374 siblings, 0 replies; 391+ messages in thread
From: Greg Kroah-Hartman @ 2023-05-08 9:46 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Nate Thornton, Sagi Grimberg,
Minwoo Im, Chaitanya Kulkarni, Keith Busch, Christoph Hellwig,
Sasha Levin
From: Keith Busch <kbusch@kernel.org>
[ Upstream commit 6622b76fe922b94189499a90ccdb714a4a8d0773 ]
Mixing AER Event Type and Event Info has masking clashes. Just print the
event type, but also include the event info of the AER result in the
trace.
Fixes: 09bd1ff4b15143b ("nvme-core: add async event trace helper")
Reported-by: Nate Thornton <nate.thornton@samsung.com>
Reviewed-by: Sagi Grimberg <sagi@grimberg.me>
Reviewed-by: Minwoo Im <minwoo.im@samsung.com>
Reviewed-by: Chaitanya Kulkarni <kch@nvidia.com>
Signed-off-by: Keith Busch <kbusch@kernel.org>
Signed-off-by: Christoph Hellwig <hch@lst.de>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/nvme/host/core.c | 5 +----
drivers/nvme/host/trace.h | 15 ++++++---------
2 files changed, 7 insertions(+), 13 deletions(-)
diff --git a/drivers/nvme/host/core.c b/drivers/nvme/host/core.c
index 2ad1e4acc0d6b..e5318b38c6624 100644
--- a/drivers/nvme/host/core.c
+++ b/drivers/nvme/host/core.c
@@ -4374,8 +4374,6 @@ static void nvme_handle_aen_notice(struct nvme_ctrl *ctrl, u32 result)
{
u32 aer_notice_type = nvme_aer_subtype(result);
- trace_nvme_async_event(ctrl, aer_notice_type);
-
switch (aer_notice_type) {
case NVME_AER_NOTICE_NS_CHANGED:
set_bit(NVME_AER_NOTICE_NS_CHANGED, &ctrl->events);
@@ -4407,7 +4405,6 @@ static void nvme_handle_aen_notice(struct nvme_ctrl *ctrl, u32 result)
static void nvme_handle_aer_persistent_error(struct nvme_ctrl *ctrl)
{
- trace_nvme_async_event(ctrl, NVME_AER_ERROR);
dev_warn(ctrl->device, "resetting controller due to AER\n");
nvme_reset_ctrl(ctrl);
}
@@ -4422,6 +4419,7 @@ void nvme_complete_async_event(struct nvme_ctrl *ctrl, __le16 status,
if (le16_to_cpu(status) >> 1 != NVME_SC_SUCCESS)
return;
+ trace_nvme_async_event(ctrl, result);
switch (aer_type) {
case NVME_AER_NOTICE:
nvme_handle_aen_notice(ctrl, result);
@@ -4439,7 +4437,6 @@ void nvme_complete_async_event(struct nvme_ctrl *ctrl, __le16 status,
case NVME_AER_SMART:
case NVME_AER_CSS:
case NVME_AER_VS:
- trace_nvme_async_event(ctrl, aer_type);
ctrl->aen_result = result;
break;
default:
diff --git a/drivers/nvme/host/trace.h b/drivers/nvme/host/trace.h
index aa8b0f86b2be1..b258f7b8788e1 100644
--- a/drivers/nvme/host/trace.h
+++ b/drivers/nvme/host/trace.h
@@ -127,15 +127,12 @@ TRACE_EVENT(nvme_async_event,
),
TP_printk("nvme%d: NVME_AEN=%#08x [%s]",
__entry->ctrl_id, __entry->result,
- __print_symbolic(__entry->result,
- aer_name(NVME_AER_NOTICE_NS_CHANGED),
- aer_name(NVME_AER_NOTICE_ANA),
- aer_name(NVME_AER_NOTICE_FW_ACT_STARTING),
- aer_name(NVME_AER_NOTICE_DISC_CHANGED),
- aer_name(NVME_AER_ERROR),
- aer_name(NVME_AER_SMART),
- aer_name(NVME_AER_CSS),
- aer_name(NVME_AER_VS))
+ __print_symbolic(__entry->result & 0x7,
+ aer_name(NVME_AER_ERROR),
+ aer_name(NVME_AER_SMART),
+ aer_name(NVME_AER_NOTICE),
+ aer_name(NVME_AER_CSS),
+ aer_name(NVME_AER_VS))
)
);
--
2.39.2
^ permalink raw reply related [flat|nested] 391+ messages in thread
* [PATCH 5.15 200/371] nvme-fcloop: fix "inconsistent {IN-HARDIRQ-W} -> {HARDIRQ-ON-W} usage"
2023-05-08 9:43 [PATCH 5.15 000/371] 5.15.111-rc1 review Greg Kroah-Hartman
` (198 preceding siblings ...)
2023-05-08 9:46 ` [PATCH 5.15 199/371] nvme: fix async event trace event Greg Kroah-Hartman
@ 2023-05-08 9:46 ` Greg Kroah-Hartman
2023-05-08 9:46 ` [PATCH 5.15 201/371] selftests/bpf: Fix leaked bpf_link in get_stackid_cannot_attach Greg Kroah-Hartman
` (174 subsequent siblings)
374 siblings, 0 replies; 391+ messages in thread
From: Greg Kroah-Hartman @ 2023-05-08 9:46 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Yi Zhang, Ming Lei, Ewan D. Milne,
Christoph Hellwig, Sasha Levin
From: Ming Lei <ming.lei@redhat.com>
[ Upstream commit 4f86a6ff6fbd891232dda3ca97fd1b9630b59809 ]
fcloop_fcp_op() could be called from flush request's ->end_io(flush_end_io) in
which the spinlock of fq->mq_flush_lock is grabbed with irq saved/disabled.
So fcloop_fcp_op() can't call spin_unlock_irq(&tfcp_req->reqlock) simply
which enables irq unconditionally.
Fixes the warning by switching to spin_lock_irqsave()/spin_unlock_irqrestore()
Fixes: c38dbbfab1bc ("nvme-fcloop: fix inconsistent lock state warnings")
Reported-by: Yi Zhang <yi.zhang@redhat.com>
Signed-off-by: Ming Lei <ming.lei@redhat.com>
Reviewed-by: Ewan D. Milne <emilne@redhat.com>
Tested-by: Yi Zhang <yi.zhang@redhat.com>
Signed-off-by: Christoph Hellwig <hch@lst.de>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/nvme/target/fcloop.c | 48 ++++++++++++++++++++----------------
1 file changed, 27 insertions(+), 21 deletions(-)
diff --git a/drivers/nvme/target/fcloop.c b/drivers/nvme/target/fcloop.c
index 5c16372f3b533..c780af36c1d4a 100644
--- a/drivers/nvme/target/fcloop.c
+++ b/drivers/nvme/target/fcloop.c
@@ -614,10 +614,11 @@ fcloop_fcp_recv_work(struct work_struct *work)
struct fcloop_fcpreq *tfcp_req =
container_of(work, struct fcloop_fcpreq, fcp_rcv_work);
struct nvmefc_fcp_req *fcpreq = tfcp_req->fcpreq;
+ unsigned long flags;
int ret = 0;
bool aborted = false;
- spin_lock_irq(&tfcp_req->reqlock);
+ spin_lock_irqsave(&tfcp_req->reqlock, flags);
switch (tfcp_req->inistate) {
case INI_IO_START:
tfcp_req->inistate = INI_IO_ACTIVE;
@@ -626,11 +627,11 @@ fcloop_fcp_recv_work(struct work_struct *work)
aborted = true;
break;
default:
- spin_unlock_irq(&tfcp_req->reqlock);
+ spin_unlock_irqrestore(&tfcp_req->reqlock, flags);
WARN_ON(1);
return;
}
- spin_unlock_irq(&tfcp_req->reqlock);
+ spin_unlock_irqrestore(&tfcp_req->reqlock, flags);
if (unlikely(aborted))
ret = -ECANCELED;
@@ -655,8 +656,9 @@ fcloop_fcp_abort_recv_work(struct work_struct *work)
container_of(work, struct fcloop_fcpreq, abort_rcv_work);
struct nvmefc_fcp_req *fcpreq;
bool completed = false;
+ unsigned long flags;
- spin_lock_irq(&tfcp_req->reqlock);
+ spin_lock_irqsave(&tfcp_req->reqlock, flags);
fcpreq = tfcp_req->fcpreq;
switch (tfcp_req->inistate) {
case INI_IO_ABORTED:
@@ -665,11 +667,11 @@ fcloop_fcp_abort_recv_work(struct work_struct *work)
completed = true;
break;
default:
- spin_unlock_irq(&tfcp_req->reqlock);
+ spin_unlock_irqrestore(&tfcp_req->reqlock, flags);
WARN_ON(1);
return;
}
- spin_unlock_irq(&tfcp_req->reqlock);
+ spin_unlock_irqrestore(&tfcp_req->reqlock, flags);
if (unlikely(completed)) {
/* remove reference taken in original abort downcall */
@@ -681,9 +683,9 @@ fcloop_fcp_abort_recv_work(struct work_struct *work)
nvmet_fc_rcv_fcp_abort(tfcp_req->tport->targetport,
&tfcp_req->tgt_fcp_req);
- spin_lock_irq(&tfcp_req->reqlock);
+ spin_lock_irqsave(&tfcp_req->reqlock, flags);
tfcp_req->fcpreq = NULL;
- spin_unlock_irq(&tfcp_req->reqlock);
+ spin_unlock_irqrestore(&tfcp_req->reqlock, flags);
fcloop_call_host_done(fcpreq, tfcp_req, -ECANCELED);
/* call_host_done releases reference for abort downcall */
@@ -699,11 +701,12 @@ fcloop_tgt_fcprqst_done_work(struct work_struct *work)
struct fcloop_fcpreq *tfcp_req =
container_of(work, struct fcloop_fcpreq, tio_done_work);
struct nvmefc_fcp_req *fcpreq;
+ unsigned long flags;
- spin_lock_irq(&tfcp_req->reqlock);
+ spin_lock_irqsave(&tfcp_req->reqlock, flags);
fcpreq = tfcp_req->fcpreq;
tfcp_req->inistate = INI_IO_COMPLETED;
- spin_unlock_irq(&tfcp_req->reqlock);
+ spin_unlock_irqrestore(&tfcp_req->reqlock, flags);
fcloop_call_host_done(fcpreq, tfcp_req, tfcp_req->status);
}
@@ -807,13 +810,14 @@ fcloop_fcp_op(struct nvmet_fc_target_port *tgtport,
u32 rsplen = 0, xfrlen = 0;
int fcp_err = 0, active, aborted;
u8 op = tgt_fcpreq->op;
+ unsigned long flags;
- spin_lock_irq(&tfcp_req->reqlock);
+ spin_lock_irqsave(&tfcp_req->reqlock, flags);
fcpreq = tfcp_req->fcpreq;
active = tfcp_req->active;
aborted = tfcp_req->aborted;
tfcp_req->active = true;
- spin_unlock_irq(&tfcp_req->reqlock);
+ spin_unlock_irqrestore(&tfcp_req->reqlock, flags);
if (unlikely(active))
/* illegal - call while i/o active */
@@ -821,9 +825,9 @@ fcloop_fcp_op(struct nvmet_fc_target_port *tgtport,
if (unlikely(aborted)) {
/* target transport has aborted i/o prior */
- spin_lock_irq(&tfcp_req->reqlock);
+ spin_lock_irqsave(&tfcp_req->reqlock, flags);
tfcp_req->active = false;
- spin_unlock_irq(&tfcp_req->reqlock);
+ spin_unlock_irqrestore(&tfcp_req->reqlock, flags);
tgt_fcpreq->transferred_length = 0;
tgt_fcpreq->fcp_error = -ECANCELED;
tgt_fcpreq->done(tgt_fcpreq);
@@ -880,9 +884,9 @@ fcloop_fcp_op(struct nvmet_fc_target_port *tgtport,
break;
}
- spin_lock_irq(&tfcp_req->reqlock);
+ spin_lock_irqsave(&tfcp_req->reqlock, flags);
tfcp_req->active = false;
- spin_unlock_irq(&tfcp_req->reqlock);
+ spin_unlock_irqrestore(&tfcp_req->reqlock, flags);
tgt_fcpreq->transferred_length = xfrlen;
tgt_fcpreq->fcp_error = fcp_err;
@@ -896,15 +900,16 @@ fcloop_tgt_fcp_abort(struct nvmet_fc_target_port *tgtport,
struct nvmefc_tgt_fcp_req *tgt_fcpreq)
{
struct fcloop_fcpreq *tfcp_req = tgt_fcp_req_to_fcpreq(tgt_fcpreq);
+ unsigned long flags;
/*
* mark aborted only in case there were 2 threads in transport
* (one doing io, other doing abort) and only kills ops posted
* after the abort request
*/
- spin_lock_irq(&tfcp_req->reqlock);
+ spin_lock_irqsave(&tfcp_req->reqlock, flags);
tfcp_req->aborted = true;
- spin_unlock_irq(&tfcp_req->reqlock);
+ spin_unlock_irqrestore(&tfcp_req->reqlock, flags);
tfcp_req->status = NVME_SC_INTERNAL;
@@ -946,6 +951,7 @@ fcloop_fcp_abort(struct nvme_fc_local_port *localport,
struct fcloop_ini_fcpreq *inireq = fcpreq->private;
struct fcloop_fcpreq *tfcp_req;
bool abortio = true;
+ unsigned long flags;
spin_lock(&inireq->inilock);
tfcp_req = inireq->tfcp_req;
@@ -958,7 +964,7 @@ fcloop_fcp_abort(struct nvme_fc_local_port *localport,
return;
/* break initiator/target relationship for io */
- spin_lock_irq(&tfcp_req->reqlock);
+ spin_lock_irqsave(&tfcp_req->reqlock, flags);
switch (tfcp_req->inistate) {
case INI_IO_START:
case INI_IO_ACTIVE:
@@ -968,11 +974,11 @@ fcloop_fcp_abort(struct nvme_fc_local_port *localport,
abortio = false;
break;
default:
- spin_unlock_irq(&tfcp_req->reqlock);
+ spin_unlock_irqrestore(&tfcp_req->reqlock, flags);
WARN_ON(1);
return;
}
- spin_unlock_irq(&tfcp_req->reqlock);
+ spin_unlock_irqrestore(&tfcp_req->reqlock, flags);
if (abortio)
/* leave the reference while the work item is scheduled */
--
2.39.2
^ permalink raw reply related [flat|nested] 391+ messages in thread
* [PATCH 5.15 201/371] selftests/bpf: Fix leaked bpf_link in get_stackid_cannot_attach
2023-05-08 9:43 [PATCH 5.15 000/371] 5.15.111-rc1 review Greg Kroah-Hartman
` (199 preceding siblings ...)
2023-05-08 9:46 ` [PATCH 5.15 200/371] nvme-fcloop: fix "inconsistent {IN-HARDIRQ-W} -> {HARDIRQ-ON-W} usage" Greg Kroah-Hartman
@ 2023-05-08 9:46 ` Greg Kroah-Hartman
2023-05-08 9:46 ` [PATCH 5.15 202/371] bpf, sockmap: Revert buggy deadlock fix in the sockhash and sockmap Greg Kroah-Hartman
` (173 subsequent siblings)
374 siblings, 0 replies; 391+ messages in thread
From: Greg Kroah-Hartman @ 2023-05-08 9:46 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Song Liu, Daniel Borkmann, Sasha Levin
From: Song Liu <song@kernel.org>
[ Upstream commit c1e07a80cf23d3a6e96172bc9a73bfa912a9fcbc ]
skel->links.oncpu is leaked in one case. This causes test perf_branches
fails when it runs after get_stackid_cannot_attach:
./test_progs -t get_stackid_cannot_attach,perf_branches
84 get_stackid_cannot_attach:OK
test_perf_branches_common:PASS:test_perf_branches_load 0 nsec
test_perf_branches_common:PASS:attach_perf_event 0 nsec
test_perf_branches_common:PASS:set_affinity 0 nsec
check_good_sample:FAIL:output not valid no valid sample from prog
146/1 perf_branches/perf_branches_hw:FAIL
146/2 perf_branches/perf_branches_no_hw:OK
146 perf_branches:FAIL
All error logs:
test_perf_branches_common:PASS:test_perf_branches_load 0 nsec
test_perf_branches_common:PASS:attach_perf_event 0 nsec
test_perf_branches_common:PASS:set_affinity 0 nsec
check_good_sample:FAIL:output not valid no valid sample from prog
146/1 perf_branches/perf_branches_hw:FAIL
146 perf_branches:FAIL
Summary: 1/1 PASSED, 0 SKIPPED, 1 FAILED
Fix this by adding the missing bpf_link__destroy().
Fixes: 346938e9380c ("selftests/bpf: Add get_stackid_cannot_attach")
Signed-off-by: Song Liu <song@kernel.org>
Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
Link: https://lore.kernel.org/bpf/20230412210423.900851-3-song@kernel.org
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
.../testing/selftests/bpf/prog_tests/get_stackid_cannot_attach.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/tools/testing/selftests/bpf/prog_tests/get_stackid_cannot_attach.c b/tools/testing/selftests/bpf/prog_tests/get_stackid_cannot_attach.c
index 8d5a6023a1bbf..4022c89ea268a 100644
--- a/tools/testing/selftests/bpf/prog_tests/get_stackid_cannot_attach.c
+++ b/tools/testing/selftests/bpf/prog_tests/get_stackid_cannot_attach.c
@@ -65,6 +65,7 @@ void test_get_stackid_cannot_attach(void)
skel->links.oncpu = bpf_program__attach_perf_event(skel->progs.oncpu,
pmu_fd);
ASSERT_OK_PTR(skel->links.oncpu, "attach_perf_event_callchain");
+ bpf_link__destroy(skel->links.oncpu);
close(pmu_fd);
/* add exclude_callchain_kernel, attach should fail */
--
2.39.2
^ permalink raw reply related [flat|nested] 391+ messages in thread
* [PATCH 5.15 202/371] bpf, sockmap: Revert buggy deadlock fix in the sockhash and sockmap
2023-05-08 9:43 [PATCH 5.15 000/371] 5.15.111-rc1 review Greg Kroah-Hartman
` (200 preceding siblings ...)
2023-05-08 9:46 ` [PATCH 5.15 201/371] selftests/bpf: Fix leaked bpf_link in get_stackid_cannot_attach Greg Kroah-Hartman
@ 2023-05-08 9:46 ` Greg Kroah-Hartman
2023-05-08 9:46 ` [PATCH 5.15 203/371] md: drop queue limitation for RAID1 and RAID10 Greg Kroah-Hartman
` (172 subsequent siblings)
374 siblings, 0 replies; 391+ messages in thread
From: Greg Kroah-Hartman @ 2023-05-08 9:46 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, syzbot+49f6cef45247ff249498,
Hsin-Wei Hung, Xin Liu, John Fastabend, Daniel Borkmann,
Sasha Levin
From: Daniel Borkmann <daniel@iogearbox.net>
[ Upstream commit 8c5c2a4898e3d6bad86e29d471e023c8a19ba799 ]
syzbot reported a splat and bisected it to recent commit ed17aa92dc56 ("bpf,
sockmap: fix deadlocks in the sockhash and sockmap"):
[...]
WARNING: CPU: 1 PID: 9280 at kernel/softirq.c:376 __local_bh_enable_ip+0xbe/0x130 kernel/softirq.c:376
Modules linked in:
CPU: 1 PID: 9280 Comm: syz-executor.1 Not tainted 6.2.0-syzkaller-13249-gd319f344561d #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/30/2023
RIP: 0010:__local_bh_enable_ip+0xbe/0x130 kernel/softirq.c:376
[...]
Call Trace:
<TASK>
spin_unlock_bh include/linux/spinlock.h:395 [inline]
sock_map_del_link+0x2ea/0x510 net/core/sock_map.c:165
sock_map_unref+0xb0/0x1d0 net/core/sock_map.c:184
sock_hash_delete_elem+0x1ec/0x2a0 net/core/sock_map.c:945
map_delete_elem kernel/bpf/syscall.c:1536 [inline]
__sys_bpf+0x2edc/0x53e0 kernel/bpf/syscall.c:5053
__do_sys_bpf kernel/bpf/syscall.c:5166 [inline]
__se_sys_bpf kernel/bpf/syscall.c:5164 [inline]
__x64_sys_bpf+0x79/0xc0 kernel/bpf/syscall.c:5164
do_syscall_x64 arch/x86/entry/common.c:50 [inline]
do_syscall_64+0x39/0xb0 arch/x86/entry/common.c:80
entry_SYSCALL_64_after_hwframe+0x63/0xcd
RIP: 0033:0x7fe8f7c8c169
</TASK>
[...]
Revert for now until we have a proper solution.
Fixes: ed17aa92dc56 ("bpf, sockmap: fix deadlocks in the sockhash and sockmap")
Reported-by: syzbot+49f6cef45247ff249498@syzkaller.appspotmail.com
Cc: Hsin-Wei Hung <hsinweih@uci.edu>
Cc: Xin Liu <liuxin350@huawei.com>
Cc: John Fastabend <john.fastabend@gmail.com>
Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
Link: https://lore.kernel.org/bpf/000000000000f1db9605f939720e@google.com/
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
net/core/sock_map.c | 10 ++++------
1 file changed, 4 insertions(+), 6 deletions(-)
diff --git a/net/core/sock_map.c b/net/core/sock_map.c
index 36afe39dd2df9..86b4e8909ad1e 100644
--- a/net/core/sock_map.c
+++ b/net/core/sock_map.c
@@ -414,9 +414,8 @@ static int __sock_map_delete(struct bpf_stab *stab, struct sock *sk_test,
{
struct sock *sk;
int err = 0;
- unsigned long flags;
- raw_spin_lock_irqsave(&stab->lock, flags);
+ raw_spin_lock_bh(&stab->lock);
sk = *psk;
if (!sk_test || sk_test == sk)
sk = xchg(psk, NULL);
@@ -426,7 +425,7 @@ static int __sock_map_delete(struct bpf_stab *stab, struct sock *sk_test,
else
err = -EINVAL;
- raw_spin_unlock_irqrestore(&stab->lock, flags);
+ raw_spin_unlock_bh(&stab->lock);
return err;
}
@@ -931,12 +930,11 @@ static int sock_hash_delete_elem(struct bpf_map *map, void *key)
struct bpf_shtab_bucket *bucket;
struct bpf_shtab_elem *elem;
int ret = -ENOENT;
- unsigned long flags;
hash = sock_hash_bucket_hash(key, key_size);
bucket = sock_hash_select_bucket(htab, hash);
- raw_spin_lock_irqsave(&bucket->lock, flags);
+ raw_spin_lock_bh(&bucket->lock);
elem = sock_hash_lookup_elem_raw(&bucket->head, hash, key, key_size);
if (elem) {
hlist_del_rcu(&elem->node);
@@ -944,7 +942,7 @@ static int sock_hash_delete_elem(struct bpf_map *map, void *key)
sock_hash_free_elem(htab, elem);
ret = 0;
}
- raw_spin_unlock_irqrestore(&bucket->lock, flags);
+ raw_spin_unlock_bh(&bucket->lock);
return ret;
}
--
2.39.2
^ permalink raw reply related [flat|nested] 391+ messages in thread
* [PATCH 5.15 203/371] md: drop queue limitation for RAID1 and RAID10
2023-05-08 9:43 [PATCH 5.15 000/371] 5.15.111-rc1 review Greg Kroah-Hartman
` (201 preceding siblings ...)
2023-05-08 9:46 ` [PATCH 5.15 202/371] bpf, sockmap: Revert buggy deadlock fix in the sockhash and sockmap Greg Kroah-Hartman
@ 2023-05-08 9:46 ` Greg Kroah-Hartman
2023-05-08 9:46 ` [PATCH 5.15 204/371] md: raid10 add nowait support Greg Kroah-Hartman
` (171 subsequent siblings)
374 siblings, 0 replies; 391+ messages in thread
From: Greg Kroah-Hartman @ 2023-05-08 9:46 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Mariusz Tkaczyk, Song Liu, Sasha Levin
From: Mariusz Tkaczyk <mariusz.tkaczyk@linux.intel.com>
[ Upstream commit a92ce0feffeed8b91f02dac85246d1205e4a64b6 ]
As suggested by Neil Brown[1], this limitation seems to be
deprecated.
With plugging in use, writes are processed behind the raid thread
and conf->pending_count is not increased. This limitation occurs only
if caller doesn't use plugs.
It can be avoided and often it is (with plugging). There are no reports
that queue is growing to enormous size so remove queue limitation for
non-plugged IOs too.
[1] https://lore.kernel.org/linux-raid/162496301481.7211.18031090130574610495@noble.neil.brown.name
Signed-off-by: Mariusz Tkaczyk <mariusz.tkaczyk@linux.intel.com>
Signed-off-by: Song Liu <song@kernel.org>
Stable-dep-of: 72c215ed8731 ("md/raid10: fix task hung in raid10d")
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/md/raid1-10.c | 6 ------
drivers/md/raid1.c | 7 -------
drivers/md/raid10.c | 7 -------
3 files changed, 20 deletions(-)
diff --git a/drivers/md/raid1-10.c b/drivers/md/raid1-10.c
index 54db341639687..83f9a4f3d82e0 100644
--- a/drivers/md/raid1-10.c
+++ b/drivers/md/raid1-10.c
@@ -22,12 +22,6 @@
#define BIO_SPECIAL(bio) ((unsigned long)bio <= 2)
-/* When there are this many requests queue to be written by
- * the raid thread, we become 'congested' to provide back-pressure
- * for writeback.
- */
-static int max_queued_requests = 1024;
-
/* for managing resync I/O pages */
struct resync_pages {
void *raid_bio;
diff --git a/drivers/md/raid1.c b/drivers/md/raid1.c
index 783763f6845f4..47997a9a3ca18 100644
--- a/drivers/md/raid1.c
+++ b/drivers/md/raid1.c
@@ -1358,12 +1358,6 @@ static void raid1_write_request(struct mddev *mddev, struct bio *bio,
r1_bio = alloc_r1bio(mddev, bio);
r1_bio->sectors = max_write_sectors;
- if (conf->pending_count >= max_queued_requests) {
- md_wakeup_thread(mddev->thread);
- raid1_log(mddev, "wait queued");
- wait_event(conf->wait_barrier,
- conf->pending_count < max_queued_requests);
- }
/* first select target devices under rcu_lock and
* inc refcount on their rdev. Record them by setting
* bios[x] to bio
@@ -3413,4 +3407,3 @@ MODULE_ALIAS("md-personality-3"); /* RAID1 */
MODULE_ALIAS("md-raid1");
MODULE_ALIAS("md-level-1");
-module_param(max_queued_requests, int, S_IRUGO|S_IWUSR);
diff --git a/drivers/md/raid10.c b/drivers/md/raid10.c
index c4c1a3a7d7abc..69708b455295b 100644
--- a/drivers/md/raid10.c
+++ b/drivers/md/raid10.c
@@ -1387,12 +1387,6 @@ static void raid10_write_request(struct mddev *mddev, struct bio *bio,
conf->reshape_safe = mddev->reshape_position;
}
- if (conf->pending_count >= max_queued_requests) {
- md_wakeup_thread(mddev->thread);
- raid10_log(mddev, "wait queued");
- wait_event(conf->wait_barrier,
- conf->pending_count < max_queued_requests);
- }
/* first select target devices under rcu_lock and
* inc refcount on their rdev. Record them by setting
* bios[x] to bio
@@ -5246,4 +5240,3 @@ MODULE_ALIAS("md-personality-9"); /* RAID10 */
MODULE_ALIAS("md-raid10");
MODULE_ALIAS("md-level-10");
-module_param(max_queued_requests, int, S_IRUGO|S_IWUSR);
--
2.39.2
^ permalink raw reply related [flat|nested] 391+ messages in thread
* [PATCH 5.15 204/371] md: raid10 add nowait support
2023-05-08 9:43 [PATCH 5.15 000/371] 5.15.111-rc1 review Greg Kroah-Hartman
` (202 preceding siblings ...)
2023-05-08 9:46 ` [PATCH 5.15 203/371] md: drop queue limitation for RAID1 and RAID10 Greg Kroah-Hartman
@ 2023-05-08 9:46 ` Greg Kroah-Hartman
2023-05-08 9:46 ` [PATCH 5.15 205/371] md/raid10: factor out code from wait_barrier() to stop_waiting_barrier() Greg Kroah-Hartman
` (170 subsequent siblings)
374 siblings, 0 replies; 391+ messages in thread
From: Greg Kroah-Hartman @ 2023-05-08 9:46 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Jens Axboe, Vishal Verma, Song Liu,
Sasha Levin
From: Vishal Verma <vverma@digitalocean.com>
[ Upstream commit c9aa889b035fca4598ae985a0f0c76ebbb547ad2 ]
This adds nowait support to the RAID10 driver. Very similar to
raid1 driver changes. It makes RAID10 driver return with EAGAIN
for situations where it could wait for eg:
- Waiting for the barrier,
- Reshape operation,
- Discard operation.
wait_barrier() and regular_request_wait() fn are modified to return bool
to support error for wait barriers. They returns true in case of wait
or if wait is not required and returns false if wait was required
but not performed to support nowait.
Reviewed-by: Jens Axboe <axboe@kernel.dk>
Signed-off-by: Vishal Verma <vverma@digitalocean.com>
Signed-off-by: Song Liu <song@kernel.org>
Stable-dep-of: 72c215ed8731 ("md/raid10: fix task hung in raid10d")
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/md/raid10.c | 100 +++++++++++++++++++++++++++++---------------
1 file changed, 67 insertions(+), 33 deletions(-)
diff --git a/drivers/md/raid10.c b/drivers/md/raid10.c
index 69708b455295b..287bebde2e546 100644
--- a/drivers/md/raid10.c
+++ b/drivers/md/raid10.c
@@ -952,8 +952,10 @@ static void lower_barrier(struct r10conf *conf)
wake_up(&conf->wait_barrier);
}
-static void wait_barrier(struct r10conf *conf)
+static bool wait_barrier(struct r10conf *conf, bool nowait)
{
+ bool ret = true;
+
spin_lock_irq(&conf->resync_lock);
if (conf->barrier) {
struct bio_list *bio_list = current->bio_list;
@@ -967,27 +969,35 @@ static void wait_barrier(struct r10conf *conf)
* that queue to get the nr_pending
* count down.
*/
- raid10_log(conf->mddev, "wait barrier");
- wait_event_lock_irq(conf->wait_barrier,
- !conf->barrier ||
- (atomic_read(&conf->nr_pending) &&
- bio_list &&
- (!bio_list_empty(&bio_list[0]) ||
- !bio_list_empty(&bio_list[1]))) ||
- /* move on if recovery thread is
- * blocked by us
- */
- (conf->mddev->thread->tsk == current &&
- test_bit(MD_RECOVERY_RUNNING,
- &conf->mddev->recovery) &&
- conf->nr_queued > 0),
- conf->resync_lock);
+ /* Return false when nowait flag is set */
+ if (nowait) {
+ ret = false;
+ } else {
+ raid10_log(conf->mddev, "wait barrier");
+ wait_event_lock_irq(conf->wait_barrier,
+ !conf->barrier ||
+ (atomic_read(&conf->nr_pending) &&
+ bio_list &&
+ (!bio_list_empty(&bio_list[0]) ||
+ !bio_list_empty(&bio_list[1]))) ||
+ /* move on if recovery thread is
+ * blocked by us
+ */
+ (conf->mddev->thread->tsk == current &&
+ test_bit(MD_RECOVERY_RUNNING,
+ &conf->mddev->recovery) &&
+ conf->nr_queued > 0),
+ conf->resync_lock);
+ }
conf->nr_waiting--;
if (!conf->nr_waiting)
wake_up(&conf->wait_barrier);
}
- atomic_inc(&conf->nr_pending);
+ /* Only increment nr_pending when we wait */
+ if (ret)
+ atomic_inc(&conf->nr_pending);
spin_unlock_irq(&conf->resync_lock);
+ return ret;
}
static void allow_barrier(struct r10conf *conf)
@@ -1098,21 +1108,30 @@ static void raid10_unplug(struct blk_plug_cb *cb, bool from_schedule)
* currently.
* 2. If IO spans the reshape position. Need to wait for reshape to pass.
*/
-static void regular_request_wait(struct mddev *mddev, struct r10conf *conf,
+static bool regular_request_wait(struct mddev *mddev, struct r10conf *conf,
struct bio *bio, sector_t sectors)
{
- wait_barrier(conf);
+ /* Bail out if REQ_NOWAIT is set for the bio */
+ if (!wait_barrier(conf, bio->bi_opf & REQ_NOWAIT)) {
+ bio_wouldblock_error(bio);
+ return false;
+ }
while (test_bit(MD_RECOVERY_RESHAPE, &mddev->recovery) &&
bio->bi_iter.bi_sector < conf->reshape_progress &&
bio->bi_iter.bi_sector + sectors > conf->reshape_progress) {
- raid10_log(conf->mddev, "wait reshape");
allow_barrier(conf);
+ if (bio->bi_opf & REQ_NOWAIT) {
+ bio_wouldblock_error(bio);
+ return false;
+ }
+ raid10_log(conf->mddev, "wait reshape");
wait_event(conf->wait_barrier,
conf->reshape_progress <= bio->bi_iter.bi_sector ||
conf->reshape_progress >= bio->bi_iter.bi_sector +
sectors);
- wait_barrier(conf);
+ wait_barrier(conf, false);
}
+ return true;
}
static void raid10_read_request(struct mddev *mddev, struct bio *bio,
@@ -1157,7 +1176,8 @@ static void raid10_read_request(struct mddev *mddev, struct bio *bio,
rcu_read_unlock();
}
- regular_request_wait(mddev, conf, bio, r10_bio->sectors);
+ if (!regular_request_wait(mddev, conf, bio, r10_bio->sectors))
+ return;
rdev = read_balance(conf, r10_bio, &max_sectors);
if (!rdev) {
if (err_rdev) {
@@ -1179,7 +1199,7 @@ static void raid10_read_request(struct mddev *mddev, struct bio *bio,
bio_chain(split, bio);
allow_barrier(conf);
submit_bio_noacct(bio);
- wait_barrier(conf);
+ wait_barrier(conf, false);
bio = split;
r10_bio->master_bio = bio;
r10_bio->sectors = max_sectors;
@@ -1338,7 +1358,7 @@ static void wait_blocked_dev(struct mddev *mddev, struct r10bio *r10_bio)
raid10_log(conf->mddev, "%s wait rdev %d blocked",
__func__, blocked_rdev->raid_disk);
md_wait_for_blocked_rdev(blocked_rdev, mddev);
- wait_barrier(conf);
+ wait_barrier(conf, false);
goto retry_wait;
}
}
@@ -1356,6 +1376,11 @@ static void raid10_write_request(struct mddev *mddev, struct bio *bio,
bio->bi_iter.bi_sector,
bio_end_sector(bio)))) {
DEFINE_WAIT(w);
+ /* Bail out if REQ_NOWAIT is set for the bio */
+ if (bio->bi_opf & REQ_NOWAIT) {
+ bio_wouldblock_error(bio);
+ return;
+ }
for (;;) {
prepare_to_wait(&conf->wait_barrier,
&w, TASK_IDLE);
@@ -1368,7 +1393,8 @@ static void raid10_write_request(struct mddev *mddev, struct bio *bio,
}
sectors = r10_bio->sectors;
- regular_request_wait(mddev, conf, bio, sectors);
+ if (!regular_request_wait(mddev, conf, bio, sectors))
+ return;
if (test_bit(MD_RECOVERY_RESHAPE, &mddev->recovery) &&
(mddev->reshape_backwards
? (bio->bi_iter.bi_sector < conf->reshape_safe &&
@@ -1380,6 +1406,11 @@ static void raid10_write_request(struct mddev *mddev, struct bio *bio,
set_mask_bits(&mddev->sb_flags, 0,
BIT(MD_SB_CHANGE_DEVS) | BIT(MD_SB_CHANGE_PENDING));
md_wakeup_thread(mddev->thread);
+ if (bio->bi_opf & REQ_NOWAIT) {
+ allow_barrier(conf);
+ bio_wouldblock_error(bio);
+ return;
+ }
raid10_log(conf->mddev, "wait reshape metadata");
wait_event(mddev->sb_wait,
!test_bit(MD_SB_CHANGE_PENDING, &mddev->sb_flags));
@@ -1476,7 +1507,7 @@ static void raid10_write_request(struct mddev *mddev, struct bio *bio,
bio_chain(split, bio);
allow_barrier(conf);
submit_bio_noacct(bio);
- wait_barrier(conf);
+ wait_barrier(conf, false);
bio = split;
r10_bio->master_bio = bio;
}
@@ -1601,7 +1632,11 @@ static int raid10_handle_discard(struct mddev *mddev, struct bio *bio)
if (test_bit(MD_RECOVERY_RESHAPE, &mddev->recovery))
return -EAGAIN;
- wait_barrier(conf);
+ if (WARN_ON_ONCE(bio->bi_opf & REQ_NOWAIT)) {
+ bio_wouldblock_error(bio);
+ return 0;
+ }
+ wait_barrier(conf, false);
/*
* Check reshape again to avoid reshape happens after checking
@@ -1643,7 +1678,7 @@ static int raid10_handle_discard(struct mddev *mddev, struct bio *bio)
allow_barrier(conf);
/* Resend the fist split part */
submit_bio_noacct(split);
- wait_barrier(conf);
+ wait_barrier(conf, false);
}
div_u64_rem(bio_end, stripe_size, &remainder);
if (remainder) {
@@ -1654,7 +1689,7 @@ static int raid10_handle_discard(struct mddev *mddev, struct bio *bio)
/* Resend the second split part */
submit_bio_noacct(bio);
bio = split;
- wait_barrier(conf);
+ wait_barrier(conf, false);
}
bio_start = bio->bi_iter.bi_sector;
@@ -1810,7 +1845,7 @@ static int raid10_handle_discard(struct mddev *mddev, struct bio *bio)
end_disk_offset += geo->stride;
atomic_inc(&first_r10bio->remaining);
raid_end_discard_bio(r10_bio);
- wait_barrier(conf);
+ wait_barrier(conf, false);
goto retry_discard;
}
@@ -2005,7 +2040,7 @@ static void print_conf(struct r10conf *conf)
static void close_sync(struct r10conf *conf)
{
- wait_barrier(conf);
+ wait_barrier(conf, false);
allow_barrier(conf);
mempool_exit(&conf->r10buf_pool);
@@ -4816,7 +4851,7 @@ static sector_t reshape_request(struct mddev *mddev, sector_t sector_nr,
if (need_flush ||
time_after(jiffies, conf->reshape_checkpoint + 10*HZ)) {
/* Need to update reshape_position in metadata */
- wait_barrier(conf);
+ wait_barrier(conf, false);
mddev->reshape_position = conf->reshape_progress;
if (mddev->reshape_backwards)
mddev->curr_resync_completed = raid10_size(mddev, 0, 0)
@@ -5239,4 +5274,3 @@ MODULE_DESCRIPTION("RAID10 (striped mirror) personality for MD");
MODULE_ALIAS("md-personality-9"); /* RAID10 */
MODULE_ALIAS("md-raid10");
MODULE_ALIAS("md-level-10");
-
--
2.39.2
^ permalink raw reply related [flat|nested] 391+ messages in thread
* [PATCH 5.15 205/371] md/raid10: factor out code from wait_barrier() to stop_waiting_barrier()
2023-05-08 9:43 [PATCH 5.15 000/371] 5.15.111-rc1 review Greg Kroah-Hartman
` (203 preceding siblings ...)
2023-05-08 9:46 ` [PATCH 5.15 204/371] md: raid10 add nowait support Greg Kroah-Hartman
@ 2023-05-08 9:46 ` Greg Kroah-Hartman
2023-05-08 9:46 ` [PATCH 5.15 206/371] md/raid10: fix task hung in raid10d Greg Kroah-Hartman
` (169 subsequent siblings)
374 siblings, 0 replies; 391+ messages in thread
From: Greg Kroah-Hartman @ 2023-05-08 9:46 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Yu Kuai, Paul Menzel,
Logan Gunthorpe, Guoqing Jiang, Song Liu, Sasha Levin
From: Yu Kuai <yukuai3@huawei.com>
[ Upstream commit ed2e063f92c44c891ccd883e289dde6ca870edcc ]
Currently the nasty condition in wait_barrier() is hard to read. This
patch factors out the condition into a function.
There are no functional changes.
Signed-off-by: Yu Kuai <yukuai3@huawei.com>
Acked-by: Paul Menzel <pmenzel@molgen.mpg.de>
Reviewed-by: Logan Gunthorpe <logang@deltatee.com>
Acked-by: Guoqing Jiang <guoqing.jiang@linux.dev>
Signed-off-by: Song Liu <song@kernel.org>
Stable-dep-of: 72c215ed8731 ("md/raid10: fix task hung in raid10d")
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/md/raid10.c | 50 +++++++++++++++++++++++++--------------------
1 file changed, 28 insertions(+), 22 deletions(-)
diff --git a/drivers/md/raid10.c b/drivers/md/raid10.c
index 287bebde2e546..31ecb080851ac 100644
--- a/drivers/md/raid10.c
+++ b/drivers/md/raid10.c
@@ -952,41 +952,47 @@ static void lower_barrier(struct r10conf *conf)
wake_up(&conf->wait_barrier);
}
+static bool stop_waiting_barrier(struct r10conf *conf)
+{
+ struct bio_list *bio_list = current->bio_list;
+
+ /* barrier is dropped */
+ if (!conf->barrier)
+ return true;
+
+ /*
+ * If there are already pending requests (preventing the barrier from
+ * rising completely), and the pre-process bio queue isn't empty, then
+ * don't wait, as we need to empty that queue to get the nr_pending
+ * count down.
+ */
+ if (atomic_read(&conf->nr_pending) && bio_list &&
+ (!bio_list_empty(&bio_list[0]) || !bio_list_empty(&bio_list[1])))
+ return true;
+
+ /* move on if recovery thread is blocked by us */
+ if (conf->mddev->thread->tsk == current &&
+ test_bit(MD_RECOVERY_RUNNING, &conf->mddev->recovery) &&
+ conf->nr_queued > 0)
+ return true;
+
+ return false;
+}
+
static bool wait_barrier(struct r10conf *conf, bool nowait)
{
bool ret = true;
spin_lock_irq(&conf->resync_lock);
if (conf->barrier) {
- struct bio_list *bio_list = current->bio_list;
conf->nr_waiting++;
- /* Wait for the barrier to drop.
- * However if there are already pending
- * requests (preventing the barrier from
- * rising completely), and the
- * pre-process bio queue isn't empty,
- * then don't wait, as we need to empty
- * that queue to get the nr_pending
- * count down.
- */
/* Return false when nowait flag is set */
if (nowait) {
ret = false;
} else {
raid10_log(conf->mddev, "wait barrier");
wait_event_lock_irq(conf->wait_barrier,
- !conf->barrier ||
- (atomic_read(&conf->nr_pending) &&
- bio_list &&
- (!bio_list_empty(&bio_list[0]) ||
- !bio_list_empty(&bio_list[1]))) ||
- /* move on if recovery thread is
- * blocked by us
- */
- (conf->mddev->thread->tsk == current &&
- test_bit(MD_RECOVERY_RUNNING,
- &conf->mddev->recovery) &&
- conf->nr_queued > 0),
+ stop_waiting_barrier(conf),
conf->resync_lock);
}
conf->nr_waiting--;
--
2.39.2
^ permalink raw reply related [flat|nested] 391+ messages in thread
* [PATCH 5.15 206/371] md/raid10: fix task hung in raid10d
2023-05-08 9:43 [PATCH 5.15 000/371] 5.15.111-rc1 review Greg Kroah-Hartman
` (204 preceding siblings ...)
2023-05-08 9:46 ` [PATCH 5.15 205/371] md/raid10: factor out code from wait_barrier() to stop_waiting_barrier() Greg Kroah-Hartman
@ 2023-05-08 9:46 ` Greg Kroah-Hartman
2023-05-08 9:46 ` [PATCH 5.15 207/371] md/raid10: fix leak of r10bio->remaining for recovery Greg Kroah-Hartman
` (168 subsequent siblings)
374 siblings, 0 replies; 391+ messages in thread
From: Greg Kroah-Hartman @ 2023-05-08 9:46 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Li Nan, Song Liu, Sasha Levin
From: Li Nan <linan122@huawei.com>
[ Upstream commit 72c215ed8731c88b2d7e09afc51fffc207ae47b8 ]
commit fe630de009d0 ("md/raid10: avoid deadlock on recovery.") allowed
normal io and sync io to exist at the same time. Task hung will occur as
below:
T1 T2 T3 T4
raid10d
handle_read_error
allow_barrier
conf->nr_pending--
-> 0
//submit sync io
raid10_sync_request
raise_barrier
->will not be blocked
...
//submit to drivers
raid10_read_request
wait_barrier
conf->nr_pending++
-> 1
//retry read fail
raid10_end_read_request
reschedule_retry
add to retry_list
conf->nr_queued++
-> 1
//sync io fail
end_sync_read
__end_sync_read
reschedule_retry
add to retry_list
conf->nr_queued++
-> 2
...
handle_read_error
get form retry_list
conf->nr_queued--
freeze_array
wait nr_pending == nr_queued+1
->1 ->2
//task hung
retry read and sync io will be added to retry_list(nr_queued->2) if they
fails. raid10d() called handle_read_error() and hung in freeze_array().
nr_queued will not decrease because raid10d is blocked, nr_pending will
not increase because conf->barrier is not released.
Fix it by moving allow_barrier() after raid10_read_request().
raise_barrier() will wait for nr_waiting to become 0. Therefore, sync io
and regular io will not be issued at the same time.
Also remove the check of nr_queued in stop_waiting_barrier. It can be 0
but don't need to be blocking. Remove the check for MD_RECOVERY_RUNNING as
the check is redundent.
Fixes: fe630de009d0 ("md/raid10: avoid deadlock on recovery.")
Signed-off-by: Li Nan <linan122@huawei.com>
Signed-off-by: Song Liu <song@kernel.org>
Link: https://lore.kernel.org/r/20230222041000.3341651-2-linan666@huaweicloud.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/md/raid10.c | 18 +++++++++++++-----
1 file changed, 13 insertions(+), 5 deletions(-)
diff --git a/drivers/md/raid10.c b/drivers/md/raid10.c
index 31ecb080851ac..4bf09ecedec14 100644
--- a/drivers/md/raid10.c
+++ b/drivers/md/raid10.c
@@ -970,11 +970,15 @@ static bool stop_waiting_barrier(struct r10conf *conf)
(!bio_list_empty(&bio_list[0]) || !bio_list_empty(&bio_list[1])))
return true;
- /* move on if recovery thread is blocked by us */
- if (conf->mddev->thread->tsk == current &&
- test_bit(MD_RECOVERY_RUNNING, &conf->mddev->recovery) &&
- conf->nr_queued > 0)
+ /*
+ * move on if io is issued from raid10d(), nr_pending is not released
+ * from original io(see handle_read_error()). All raise barrier is
+ * blocked until this io is done.
+ */
+ if (conf->mddev->thread->tsk == current) {
+ WARN_ON_ONCE(atomic_read(&conf->nr_pending) == 0);
return true;
+ }
return false;
}
@@ -2954,9 +2958,13 @@ static void handle_read_error(struct mddev *mddev, struct r10bio *r10_bio)
md_error(mddev, rdev);
rdev_dec_pending(rdev, mddev);
- allow_barrier(conf);
r10_bio->state = 0;
raid10_read_request(mddev, r10_bio->master_bio, r10_bio);
+ /*
+ * allow_barrier after re-submit to ensure no sync io
+ * can be issued while regular io pending.
+ */
+ allow_barrier(conf);
}
static void handle_write_completed(struct r10conf *conf, struct r10bio *r10_bio)
--
2.39.2
^ permalink raw reply related [flat|nested] 391+ messages in thread
* [PATCH 5.15 207/371] md/raid10: fix leak of r10bio->remaining for recovery
2023-05-08 9:43 [PATCH 5.15 000/371] 5.15.111-rc1 review Greg Kroah-Hartman
` (205 preceding siblings ...)
2023-05-08 9:46 ` [PATCH 5.15 206/371] md/raid10: fix task hung in raid10d Greg Kroah-Hartman
@ 2023-05-08 9:46 ` Greg Kroah-Hartman
2023-05-08 9:46 ` [PATCH 5.15 208/371] md/raid10: fix memleak for conf->bio_split Greg Kroah-Hartman
` (167 subsequent siblings)
374 siblings, 0 replies; 391+ messages in thread
From: Greg Kroah-Hartman @ 2023-05-08 9:46 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Yu Kuai, Song Liu, Sasha Levin
From: Yu Kuai <yukuai3@huawei.com>
[ Upstream commit 26208a7cffd0c7cbf14237ccd20c7270b3ffeb7e ]
raid10_sync_request() will add 'r10bio->remaining' for both rdev and
replacement rdev. However, if the read io fails, recovery_request_write()
returns without issuing the write io, in this case, end_sync_request()
is only called once and 'remaining' is leaked, cause an io hang.
Fix the problem by decreasing 'remaining' according to if 'bio' and
'repl_bio' is valid.
Fixes: 24afd80d99f8 ("md/raid10: handle recovery of replacement devices.")
Signed-off-by: Yu Kuai <yukuai3@huawei.com>
Signed-off-by: Song Liu <song@kernel.org>
Link: https://lore.kernel.org/r/20230310073855.1337560-5-yukuai1@huaweicloud.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/md/raid10.c | 23 +++++++++++++----------
1 file changed, 13 insertions(+), 10 deletions(-)
diff --git a/drivers/md/raid10.c b/drivers/md/raid10.c
index 4bf09ecedec14..2b4a4dc213d8c 100644
--- a/drivers/md/raid10.c
+++ b/drivers/md/raid10.c
@@ -2581,11 +2581,22 @@ static void recovery_request_write(struct mddev *mddev, struct r10bio *r10_bio)
{
struct r10conf *conf = mddev->private;
int d;
- struct bio *wbio, *wbio2;
+ struct bio *wbio = r10_bio->devs[1].bio;
+ struct bio *wbio2 = r10_bio->devs[1].repl_bio;
+
+ /* Need to test wbio2->bi_end_io before we call
+ * submit_bio_noacct as if the former is NULL,
+ * the latter is free to free wbio2.
+ */
+ if (wbio2 && !wbio2->bi_end_io)
+ wbio2 = NULL;
if (!test_bit(R10BIO_Uptodate, &r10_bio->state)) {
fix_recovery_read_error(r10_bio);
- end_sync_request(r10_bio);
+ if (wbio->bi_end_io)
+ end_sync_request(r10_bio);
+ if (wbio2)
+ end_sync_request(r10_bio);
return;
}
@@ -2594,14 +2605,6 @@ static void recovery_request_write(struct mddev *mddev, struct r10bio *r10_bio)
* and submit the write request
*/
d = r10_bio->devs[1].devnum;
- wbio = r10_bio->devs[1].bio;
- wbio2 = r10_bio->devs[1].repl_bio;
- /* Need to test wbio2->bi_end_io before we call
- * submit_bio_noacct as if the former is NULL,
- * the latter is free to free wbio2.
- */
- if (wbio2 && !wbio2->bi_end_io)
- wbio2 = NULL;
if (wbio->bi_end_io) {
atomic_inc(&conf->mirrors[d].rdev->nr_pending);
md_sync_acct(conf->mirrors[d].rdev->bdev, bio_sectors(wbio));
--
2.39.2
^ permalink raw reply related [flat|nested] 391+ messages in thread
* [PATCH 5.15 208/371] md/raid10: fix memleak for conf->bio_split
2023-05-08 9:43 [PATCH 5.15 000/371] 5.15.111-rc1 review Greg Kroah-Hartman
` (206 preceding siblings ...)
2023-05-08 9:46 ` [PATCH 5.15 207/371] md/raid10: fix leak of r10bio->remaining for recovery Greg Kroah-Hartman
@ 2023-05-08 9:46 ` Greg Kroah-Hartman
2023-05-08 9:46 ` [PATCH 5.15 209/371] md/raid10: fix memleak of md thread Greg Kroah-Hartman
` (166 subsequent siblings)
374 siblings, 0 replies; 391+ messages in thread
From: Greg Kroah-Hartman @ 2023-05-08 9:46 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Yu Kuai, Song Liu, Sasha Levin
From: Yu Kuai <yukuai3@huawei.com>
[ Upstream commit c9ac2acde53f5385de185bccf6aaa91cf9ac1541 ]
In the error path of raid10_run(), 'conf' need be freed, however,
'conf->bio_split' is missed and memory will be leaked.
Since there are 3 places to free 'conf', factor out a helper to fix the
problem.
Fixes: fc9977dd069e ("md/raid10: simplify the splitting of requests.")
Signed-off-by: Yu Kuai <yukuai3@huawei.com>
Signed-off-by: Song Liu <song@kernel.org>
Link: https://lore.kernel.org/r/20230310073855.1337560-6-yukuai1@huaweicloud.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/md/raid10.c | 37 +++++++++++++++++--------------------
1 file changed, 17 insertions(+), 20 deletions(-)
diff --git a/drivers/md/raid10.c b/drivers/md/raid10.c
index 2b4a4dc213d8c..69650b1ac1484 100644
--- a/drivers/md/raid10.c
+++ b/drivers/md/raid10.c
@@ -3991,6 +3991,20 @@ static int setup_geo(struct geom *geo, struct mddev *mddev, enum geo_type new)
return nc*fc;
}
+static void raid10_free_conf(struct r10conf *conf)
+{
+ if (!conf)
+ return;
+
+ mempool_exit(&conf->r10bio_pool);
+ kfree(conf->mirrors);
+ kfree(conf->mirrors_old);
+ kfree(conf->mirrors_new);
+ safe_put_page(conf->tmppage);
+ bioset_exit(&conf->bio_split);
+ kfree(conf);
+}
+
static struct r10conf *setup_conf(struct mddev *mddev)
{
struct r10conf *conf = NULL;
@@ -4073,13 +4087,7 @@ static struct r10conf *setup_conf(struct mddev *mddev)
return conf;
out:
- if (conf) {
- mempool_exit(&conf->r10bio_pool);
- kfree(conf->mirrors);
- safe_put_page(conf->tmppage);
- bioset_exit(&conf->bio_split);
- kfree(conf);
- }
+ raid10_free_conf(conf);
return ERR_PTR(err);
}
@@ -4285,10 +4293,7 @@ static int raid10_run(struct mddev *mddev)
out_free_conf:
md_unregister_thread(&mddev->thread);
- mempool_exit(&conf->r10bio_pool);
- safe_put_page(conf->tmppage);
- kfree(conf->mirrors);
- kfree(conf);
+ raid10_free_conf(conf);
mddev->private = NULL;
out:
return -EIO;
@@ -4296,15 +4301,7 @@ static int raid10_run(struct mddev *mddev)
static void raid10_free(struct mddev *mddev, void *priv)
{
- struct r10conf *conf = priv;
-
- mempool_exit(&conf->r10bio_pool);
- safe_put_page(conf->tmppage);
- kfree(conf->mirrors);
- kfree(conf->mirrors_old);
- kfree(conf->mirrors_new);
- bioset_exit(&conf->bio_split);
- kfree(conf);
+ raid10_free_conf(priv);
}
static void raid10_quiesce(struct mddev *mddev, int quiesce)
--
2.39.2
^ permalink raw reply related [flat|nested] 391+ messages in thread
* [PATCH 5.15 209/371] md/raid10: fix memleak of md thread
2023-05-08 9:43 [PATCH 5.15 000/371] 5.15.111-rc1 review Greg Kroah-Hartman
` (207 preceding siblings ...)
2023-05-08 9:46 ` [PATCH 5.15 208/371] md/raid10: fix memleak for conf->bio_split Greg Kroah-Hartman
@ 2023-05-08 9:46 ` Greg Kroah-Hartman
2023-05-08 9:46 ` [PATCH 5.15 210/371] md/raid10: dont call bio_start_io_acct twice for bio which experienced read error Greg Kroah-Hartman
` (165 subsequent siblings)
374 siblings, 0 replies; 391+ messages in thread
From: Greg Kroah-Hartman @ 2023-05-08 9:46 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Yu Kuai, Song Liu, Sasha Levin
From: Yu Kuai <yukuai3@huawei.com>
[ Upstream commit f0ddb83da3cbbf8a1f9087a642c448ff52ee9abd ]
In raid10_run(), if setup_conf() succeed and raid10_run() failed before
setting 'mddev->thread', then in the error path 'conf->thread' is not
freed.
Fix the problem by setting 'mddev->thread' right after setup_conf().
Fixes: 43a521238aca ("md-cluster: choose correct label when clustered layout is not supported")
Signed-off-by: Yu Kuai <yukuai3@huawei.com>
Signed-off-by: Song Liu <song@kernel.org>
Link: https://lore.kernel.org/r/20230310073855.1337560-7-yukuai1@huaweicloud.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/md/raid10.c | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/drivers/md/raid10.c b/drivers/md/raid10.c
index 69650b1ac1484..9fc9198fc5c4f 100644
--- a/drivers/md/raid10.c
+++ b/drivers/md/raid10.c
@@ -4125,6 +4125,9 @@ static int raid10_run(struct mddev *mddev)
if (!conf)
goto out;
+ mddev->thread = conf->thread;
+ conf->thread = NULL;
+
if (mddev_is_clustered(conf->mddev)) {
int fc, fo;
@@ -4137,9 +4140,6 @@ static int raid10_run(struct mddev *mddev)
}
}
- mddev->thread = conf->thread;
- conf->thread = NULL;
-
if (mddev->queue) {
blk_queue_max_discard_sectors(mddev->queue,
UINT_MAX);
--
2.39.2
^ permalink raw reply related [flat|nested] 391+ messages in thread
* [PATCH 5.15 210/371] md/raid10: dont call bio_start_io_acct twice for bio which experienced read error
2023-05-08 9:43 [PATCH 5.15 000/371] 5.15.111-rc1 review Greg Kroah-Hartman
` (208 preceding siblings ...)
2023-05-08 9:46 ` [PATCH 5.15 209/371] md/raid10: fix memleak of md thread Greg Kroah-Hartman
@ 2023-05-08 9:46 ` Greg Kroah-Hartman
2023-05-08 9:46 ` [PATCH 5.15 211/371] wifi: iwlwifi: yoyo: skip dump correctly on hw error Greg Kroah-Hartman
` (164 subsequent siblings)
374 siblings, 0 replies; 391+ messages in thread
From: Greg Kroah-Hartman @ 2023-05-08 9:46 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Song Liu, Yu Kuai, Sasha Levin
From: Yu Kuai <yukuai3@huawei.com>
[ Upstream commit 7cddb055bfda5f7b0be931e8ea750fc28bc18a27 ]
handle_read_error() will resumit r10_bio by raid10_read_request(), which
will call bio_start_io_acct() again, while bio_end_io_acct() will only
be called once.
Fix the problem by don't account io again from handle_read_error().
Fixes: 528bc2cf2fcc ("md/raid10: enable io accounting")
Suggested-by: Song Liu <song@kernel.org>
Signed-off-by: Yu Kuai <yukuai3@huawei.com>
Signed-off-by: Song Liu <song@kernel.org>
Link: https://lore.kernel.org/r/20230314012258.2395894-1-yukuai1@huaweicloud.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/md/raid10.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/drivers/md/raid10.c b/drivers/md/raid10.c
index 9fc9198fc5c4f..5df5e7df6069c 100644
--- a/drivers/md/raid10.c
+++ b/drivers/md/raid10.c
@@ -1216,7 +1216,8 @@ static void raid10_read_request(struct mddev *mddev, struct bio *bio,
}
slot = r10_bio->read_slot;
- if (blk_queue_io_stat(bio->bi_bdev->bd_disk->queue))
+ if (!r10_bio->start_time &&
+ blk_queue_io_stat(bio->bi_bdev->bd_disk->queue))
r10_bio->start_time = bio_start_io_acct(bio);
read_bio = bio_clone_fast(bio, gfp, &mddev->bio_set);
@@ -1550,6 +1551,7 @@ static void __make_request(struct mddev *mddev, struct bio *bio, int sectors)
r10_bio->sector = bio->bi_iter.bi_sector;
r10_bio->state = 0;
r10_bio->read_slot = -1;
+ r10_bio->start_time = 0;
memset(r10_bio->devs, 0, sizeof(r10_bio->devs[0]) *
conf->geo.raid_disks);
--
2.39.2
^ permalink raw reply related [flat|nested] 391+ messages in thread
* [PATCH 5.15 211/371] wifi: iwlwifi: yoyo: skip dump correctly on hw error
2023-05-08 9:43 [PATCH 5.15 000/371] 5.15.111-rc1 review Greg Kroah-Hartman
` (209 preceding siblings ...)
2023-05-08 9:46 ` [PATCH 5.15 210/371] md/raid10: dont call bio_start_io_acct twice for bio which experienced read error Greg Kroah-Hartman
@ 2023-05-08 9:46 ` Greg Kroah-Hartman
2023-05-08 9:46 ` [PATCH 5.15 212/371] wifi: iwlwifi: yoyo: Fix possible division by zero Greg Kroah-Hartman
` (163 subsequent siblings)
374 siblings, 0 replies; 391+ messages in thread
From: Greg Kroah-Hartman @ 2023-05-08 9:46 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Daniel Gabay, Gregory Greenman,
Johannes Berg, Sasha Levin
From: Daniel Gabay <daniel.gabay@intel.com>
[ Upstream commit 11195ab0d6f3202cf7af1a4c69570f59c377d8ad ]
When NIC is in a bad state, reading data will return 28 bits as
0xa5a5a5a and the lowest 4 bits are not fixed value.
Mask these bits in a few places to skip the dump correctly.
Fixes: 89639e06d0f3 ("iwlwifi: yoyo: support for new DBGI_SRAM region")
Signed-off-by: Daniel Gabay <daniel.gabay@intel.com>
Signed-off-by: Gregory Greenman <gregory.greenman@intel.com>
Link: https://lore.kernel.org/r/20230413213309.df6c0663179d.I36d8487b2419c6fefa65e5514855d94327c3b1eb@changeid
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/wireless/intel/iwlwifi/fw/dbg.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/drivers/net/wireless/intel/iwlwifi/fw/dbg.c b/drivers/net/wireless/intel/iwlwifi/fw/dbg.c
index b00cf92c8965a..69616a2868bb8 100644
--- a/drivers/net/wireless/intel/iwlwifi/fw/dbg.c
+++ b/drivers/net/wireless/intel/iwlwifi/fw/dbg.c
@@ -1022,7 +1022,7 @@ iwl_dump_ini_prph_mac_iter(struct iwl_fw_runtime *fwrt,
range->range_data_size = reg->dev_addr.size;
for (i = 0; i < le32_to_cpu(reg->dev_addr.size); i += 4) {
prph_val = iwl_read_prph(fwrt->trans, addr + i);
- if (prph_val == 0x5a5a5a5a)
+ if ((prph_val & ~0xf) == 0xa5a5a5a0)
return -EBUSY;
*val++ = cpu_to_le32(prph_val);
}
@@ -1536,7 +1536,7 @@ iwl_dump_ini_dbgi_sram_iter(struct iwl_fw_runtime *fwrt,
prph_data = iwl_read_prph(fwrt->trans, (i % 2) ?
DBGI_SRAM_TARGET_ACCESS_RDATA_MSB :
DBGI_SRAM_TARGET_ACCESS_RDATA_LSB);
- if (prph_data == 0x5a5a5a5a) {
+ if ((prph_data & ~0xf) == 0xa5a5a5a0) {
iwl_trans_release_nic_access(fwrt->trans);
return -EBUSY;
}
--
2.39.2
^ permalink raw reply related [flat|nested] 391+ messages in thread
* [PATCH 5.15 212/371] wifi: iwlwifi: yoyo: Fix possible division by zero
2023-05-08 9:43 [PATCH 5.15 000/371] 5.15.111-rc1 review Greg Kroah-Hartman
` (210 preceding siblings ...)
2023-05-08 9:46 ` [PATCH 5.15 211/371] wifi: iwlwifi: yoyo: skip dump correctly on hw error Greg Kroah-Hartman
@ 2023-05-08 9:46 ` Greg Kroah-Hartman
2023-05-08 9:46 ` [PATCH 5.15 213/371] wifi: iwlwifi: mvm: initialize seq variable Greg Kroah-Hartman
` (162 subsequent siblings)
374 siblings, 0 replies; 391+ messages in thread
From: Greg Kroah-Hartman @ 2023-05-08 9:46 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Daniel Gabay, Gregory Greenman,
Johannes Berg, Sasha Levin
From: Daniel Gabay <daniel.gabay@intel.com>
[ Upstream commit ba30415118eee374a08b39a0460a1d1e52c24a25 ]
Don't allow buffer allocation TLV with zero req_size since it
leads later to division by zero in iwl_dbg_tlv_alloc_fragments().
Also, NPK/SRAM locations are allowed to have zero buffer req_size,
don't discard them.
Fixes: a9248de42464 ("iwlwifi: dbg_ini: add TLV allocation new API support")
Signed-off-by: Daniel Gabay <daniel.gabay@intel.com>
Signed-off-by: Gregory Greenman <gregory.greenman@intel.com>
Link: https://lore.kernel.org/r/20230413213309.5d6688ed74d8.I5c2f3a882b50698b708d54f4524dc5bdf11e3d32@changeid
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/wireless/intel/iwlwifi/iwl-dbg-tlv.c | 6 ++++++
1 file changed, 6 insertions(+)
diff --git a/drivers/net/wireless/intel/iwlwifi/iwl-dbg-tlv.c b/drivers/net/wireless/intel/iwlwifi/iwl-dbg-tlv.c
index fc4197bf2478e..f9bd081dd9e08 100644
--- a/drivers/net/wireless/intel/iwlwifi/iwl-dbg-tlv.c
+++ b/drivers/net/wireless/intel/iwlwifi/iwl-dbg-tlv.c
@@ -134,6 +134,12 @@ static int iwl_dbg_tlv_alloc_buf_alloc(struct iwl_trans *trans,
alloc_id != IWL_FW_INI_ALLOCATION_ID_DBGC1)
goto err;
+ if (buf_location == IWL_FW_INI_LOCATION_DRAM_PATH &&
+ alloc->req_size == 0) {
+ IWL_ERR(trans, "WRT: Invalid DRAM buffer allocation requested size (0)\n");
+ return -EINVAL;
+ }
+
trans->dbg.fw_mon_cfg[alloc_id] = *alloc;
return 0;
--
2.39.2
^ permalink raw reply related [flat|nested] 391+ messages in thread
* [PATCH 5.15 213/371] wifi: iwlwifi: mvm: initialize seq variable
2023-05-08 9:43 [PATCH 5.15 000/371] 5.15.111-rc1 review Greg Kroah-Hartman
` (211 preceding siblings ...)
2023-05-08 9:46 ` [PATCH 5.15 212/371] wifi: iwlwifi: yoyo: Fix possible division by zero Greg Kroah-Hartman
@ 2023-05-08 9:46 ` Greg Kroah-Hartman
2023-05-08 9:46 ` [PATCH 5.15 214/371] wifi: iwlwifi: fw: move memset before early return Greg Kroah-Hartman
` (161 subsequent siblings)
374 siblings, 0 replies; 391+ messages in thread
From: Greg Kroah-Hartman @ 2023-05-08 9:46 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Tom Rix, Nick Desaulniers,
Gregory Greenman, Johannes Berg, Sasha Levin
From: Tom Rix <trix@redhat.com>
[ Upstream commit 11e94d2bcd88dea5d9ce99555b6b172f5232d3e2 ]
Clang static analysis reports this issue
d3.c:567:22: warning: The left operand of '>' is
a garbage value
if (seq.tkip.iv32 > cur_rx_iv32)
~~~~~~~~~~~~~ ^
seq is never initialized. Call ieee80211_get_key_rx_seq() to
initialize seq.
Fixes: 0419e5e672d6 ("iwlwifi: mvm: d3: separate TKIP data from key iteration")
Signed-off-by: Tom Rix <trix@redhat.com>
Reviewed-by: Nick Desaulniers <ndesaulniers@google.com>
Signed-off-by: Gregory Greenman <gregory.greenman@intel.com>
Link: https://lore.kernel.org/r/20230414130637.6dd372f84f93.If1f708c90e6424a935b4eba3917dfb7582e0dd0a@changeid
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/wireless/intel/iwlwifi/mvm/d3.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/drivers/net/wireless/intel/iwlwifi/mvm/d3.c b/drivers/net/wireless/intel/iwlwifi/mvm/d3.c
index 00ca17f3b263c..6dde3bd8f4416 100644
--- a/drivers/net/wireless/intel/iwlwifi/mvm/d3.c
+++ b/drivers/net/wireless/intel/iwlwifi/mvm/d3.c
@@ -564,6 +564,7 @@ static void iwl_mvm_wowlan_get_tkip_data(struct ieee80211_hw *hw,
}
for (i = 0; i < IWL_NUM_RSC; i++) {
+ ieee80211_get_key_rx_seq(key, i, &seq);
/* wrapping isn't allowed, AP must rekey */
if (seq.tkip.iv32 > cur_rx_iv32)
cur_rx_iv32 = seq.tkip.iv32;
--
2.39.2
^ permalink raw reply related [flat|nested] 391+ messages in thread
* [PATCH 5.15 214/371] wifi: iwlwifi: fw: move memset before early return
2023-05-08 9:43 [PATCH 5.15 000/371] 5.15.111-rc1 review Greg Kroah-Hartman
` (212 preceding siblings ...)
2023-05-08 9:46 ` [PATCH 5.15 213/371] wifi: iwlwifi: mvm: initialize seq variable Greg Kroah-Hartman
@ 2023-05-08 9:46 ` Greg Kroah-Hartman
2023-05-08 9:46 ` [PATCH 5.15 215/371] jdb2: Dont refuse invalidation of already invalidated buffers Greg Kroah-Hartman
` (160 subsequent siblings)
374 siblings, 0 replies; 391+ messages in thread
From: Greg Kroah-Hartman @ 2023-05-08 9:46 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Tom Rix, Gregory Greenman,
Johannes Berg, Sasha Levin
From: Tom Rix <trix@redhat.com>
[ Upstream commit 8ce437dd5b2e4adef13aa4ecce07392f9966b1ab ]
Clang static analysis reports this representative issue
dbg.c:1455:6: warning: Branch condition evaluates to
a garbage value
if (!rxf_data.size)
^~~~~~~~~~~~~~
This check depends on iwl_ini_get_rxf_data() to clear
rxf_data but the function can return early without
doing the clear. So move the memset before the early
return.
Fixes: cc9b6012d34b ("iwlwifi: yoyo: use hweight_long instead of bit manipulating")
Signed-off-by: Tom Rix <trix@redhat.com>
Signed-off-by: Gregory Greenman <gregory.greenman@intel.com>
Link: https://lore.kernel.org/r/20230414130637.872a7175f1ff.I33802a77a91998276992b088fbe25f61c87c33ac@changeid
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/wireless/intel/iwlwifi/fw/dbg.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/drivers/net/wireless/intel/iwlwifi/fw/dbg.c b/drivers/net/wireless/intel/iwlwifi/fw/dbg.c
index 69616a2868bb8..c69f3fb833327 100644
--- a/drivers/net/wireless/intel/iwlwifi/fw/dbg.c
+++ b/drivers/net/wireless/intel/iwlwifi/fw/dbg.c
@@ -1362,13 +1362,13 @@ static void iwl_ini_get_rxf_data(struct iwl_fw_runtime *fwrt,
if (!data)
return;
+ memset(data, 0, sizeof(*data));
+
/* make sure only one bit is set in only one fid */
if (WARN_ONCE(hweight_long(fid1) + hweight_long(fid2) != 1,
"fid1=%x, fid2=%x\n", fid1, fid2))
return;
- memset(data, 0, sizeof(*data));
-
if (fid1) {
fifo_idx = ffs(fid1) - 1;
if (WARN_ONCE(fifo_idx >= MAX_NUM_LMAC, "fifo_idx=%d\n",
--
2.39.2
^ permalink raw reply related [flat|nested] 391+ messages in thread
* [PATCH 5.15 215/371] jdb2: Dont refuse invalidation of already invalidated buffers
2023-05-08 9:43 [PATCH 5.15 000/371] 5.15.111-rc1 review Greg Kroah-Hartman
` (213 preceding siblings ...)
2023-05-08 9:46 ` [PATCH 5.15 214/371] wifi: iwlwifi: fw: move memset before early return Greg Kroah-Hartman
@ 2023-05-08 9:46 ` Greg Kroah-Hartman
2023-05-08 9:46 ` [PATCH 5.15 216/371] wifi: iwlwifi: make the loop for card preparation effective Greg Kroah-Hartman
` (159 subsequent siblings)
374 siblings, 0 replies; 391+ messages in thread
From: Greg Kroah-Hartman @ 2023-05-08 9:46 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Jan Kara, Theodore Tso, Sasha Levin
From: Jan Kara <jack@suse.cz>
[ Upstream commit bd159398a2d2234de07d310132865706964aaaa7 ]
When invalidating buffers under the partial tail page,
jbd2_journal_invalidate_folio() returns -EBUSY if the buffer is part of
the committing transaction as we cannot safely modify buffer state.
However if the buffer is already invalidated (due to previous
invalidation attempts from ext4_wait_for_tail_page_commit()), there's
nothing to do and there's no point in returning -EBUSY. This fixes
occasional warnings from ext4_journalled_invalidate_folio() triggered by
generic/051 fstest when blocksize < pagesize.
Fixes: 53e872681fed ("ext4: fix deadlock in journal_unmap_buffer()")
Signed-off-by: Jan Kara <jack@suse.cz>
Link: https://lore.kernel.org/r/20230329154950.19720-1-jack@suse.cz
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
fs/jbd2/transaction.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/fs/jbd2/transaction.c b/fs/jbd2/transaction.c
index 55232064cab21..ce4a5ccadeff4 100644
--- a/fs/jbd2/transaction.c
+++ b/fs/jbd2/transaction.c
@@ -2378,6 +2378,9 @@ static int journal_unmap_buffer(journal_t *journal, struct buffer_head *bh,
spin_unlock(&jh->b_state_lock);
write_unlock(&journal->j_state_lock);
jbd2_journal_put_journal_head(jh);
+ /* Already zapped buffer? Nothing to do... */
+ if (!bh->b_bdev)
+ return 0;
return -EBUSY;
}
/*
--
2.39.2
^ permalink raw reply related [flat|nested] 391+ messages in thread
* [PATCH 5.15 216/371] wifi: iwlwifi: make the loop for card preparation effective
2023-05-08 9:43 [PATCH 5.15 000/371] 5.15.111-rc1 review Greg Kroah-Hartman
` (214 preceding siblings ...)
2023-05-08 9:46 ` [PATCH 5.15 215/371] jdb2: Dont refuse invalidation of already invalidated buffers Greg Kroah-Hartman
@ 2023-05-08 9:46 ` Greg Kroah-Hartman
2023-05-08 9:46 ` [PATCH 5.15 217/371] wifi: mt76: handle failure of vzalloc in mt7615_coredump_work Greg Kroah-Hartman
` (158 subsequent siblings)
374 siblings, 0 replies; 391+ messages in thread
From: Greg Kroah-Hartman @ 2023-05-08 9:46 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Emmanuel Grumbach, Gregory Greenman,
Johannes Berg, Sasha Levin, Lorenzo Zolfanelli
From: Emmanuel Grumbach <emmanuel.grumbach@intel.com>
[ Upstream commit 28965ec0b5d9112585f725660e2ff13218505ace ]
Since we didn't reset t to 0, only the first iteration of the loop
did checked the ready bit several times.
>From the second iteration and on, we just tested the bit once and
continued to the next iteration.
Reported-and-tested-by: Lorenzo Zolfanelli <lorenzo@zolfa.nl>
Link: https://bugzilla.kernel.org/show_bug.cgi?id=216452
Fixes: 289e5501c314 ("iwlwifi: fix the preparation of the card")
Signed-off-by: Emmanuel Grumbach <emmanuel.grumbach@intel.com>
Signed-off-by: Gregory Greenman <gregory.greenman@intel.com>
Link: https://lore.kernel.org/r/20230416154301.615b683ab9c8.Ic52c3229d3345b0064fa34263293db095d88daf8@changeid
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/wireless/intel/iwlwifi/pcie/trans.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/drivers/net/wireless/intel/iwlwifi/pcie/trans.c b/drivers/net/wireless/intel/iwlwifi/pcie/trans.c
index 02da9cc8646cf..ee325950de9d2 100644
--- a/drivers/net/wireless/intel/iwlwifi/pcie/trans.c
+++ b/drivers/net/wireless/intel/iwlwifi/pcie/trans.c
@@ -581,7 +581,6 @@ static int iwl_pcie_set_hw_ready(struct iwl_trans *trans)
int iwl_pcie_prepare_card_hw(struct iwl_trans *trans)
{
int ret;
- int t = 0;
int iter;
IWL_DEBUG_INFO(trans, "iwl_trans_prepare_card_hw enter\n");
@@ -596,6 +595,8 @@ int iwl_pcie_prepare_card_hw(struct iwl_trans *trans)
usleep_range(1000, 2000);
for (iter = 0; iter < 10; iter++) {
+ int t = 0;
+
/* If HW is not ready, prepare the conditions to check again */
iwl_set_bit(trans, CSR_HW_IF_CONFIG_REG,
CSR_HW_IF_CONFIG_REG_PREPARE);
--
2.39.2
^ permalink raw reply related [flat|nested] 391+ messages in thread
* [PATCH 5.15 217/371] wifi: mt76: handle failure of vzalloc in mt7615_coredump_work
2023-05-08 9:43 [PATCH 5.15 000/371] 5.15.111-rc1 review Greg Kroah-Hartman
` (215 preceding siblings ...)
2023-05-08 9:46 ` [PATCH 5.15 216/371] wifi: iwlwifi: make the loop for card preparation effective Greg Kroah-Hartman
@ 2023-05-08 9:46 ` Greg Kroah-Hartman
2023-05-08 9:46 ` [PATCH 5.15 218/371] wifi: mt76: add flexible polling wait-interval support Greg Kroah-Hartman
` (157 subsequent siblings)
374 siblings, 0 replies; 391+ messages in thread
From: Greg Kroah-Hartman @ 2023-05-08 9:46 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Kang Chen, Felix Fietkau, Sasha Levin
From: Kang Chen <void0red@gmail.com>
[ Upstream commit 9e47dd9f64a47ae00ca0123017584c37209ee900 ]
vzalloc may fails, dump might be null and will cause
illegal address access later.
Link: https://lore.kernel.org/all/Y%2Fy5Asxw3T3m4jCw@lore-desk
Fixes: d2bf7959d9c0 ("mt76: mt7663: introduce coredump support")
Signed-off-by: Kang Chen <void0red@gmail.com>
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/wireless/mediatek/mt76/mt7615/mac.c | 8 +++++---
1 file changed, 5 insertions(+), 3 deletions(-)
diff --git a/drivers/net/wireless/mediatek/mt76/mt7615/mac.c b/drivers/net/wireless/mediatek/mt76/mt7615/mac.c
index c7e084821b292..37bc307c19719 100644
--- a/drivers/net/wireless/mediatek/mt76/mt7615/mac.c
+++ b/drivers/net/wireless/mediatek/mt76/mt7615/mac.c
@@ -2273,7 +2273,7 @@ void mt7615_coredump_work(struct work_struct *work)
break;
skb_pull(skb, sizeof(struct mt7615_mcu_rxd));
- if (data + skb->len - dump > MT76_CONNAC_COREDUMP_SZ) {
+ if (!dump || data + skb->len - dump > MT76_CONNAC_COREDUMP_SZ) {
dev_kfree_skb(skb);
continue;
}
@@ -2283,6 +2283,8 @@ void mt7615_coredump_work(struct work_struct *work)
dev_kfree_skb(skb);
}
- dev_coredumpv(dev->mt76.dev, dump, MT76_CONNAC_COREDUMP_SZ,
- GFP_KERNEL);
+
+ if (dump)
+ dev_coredumpv(dev->mt76.dev, dump, MT76_CONNAC_COREDUMP_SZ,
+ GFP_KERNEL);
}
--
2.39.2
^ permalink raw reply related [flat|nested] 391+ messages in thread
* [PATCH 5.15 218/371] wifi: mt76: add flexible polling wait-interval support
2023-05-08 9:43 [PATCH 5.15 000/371] 5.15.111-rc1 review Greg Kroah-Hartman
` (216 preceding siblings ...)
2023-05-08 9:46 ` [PATCH 5.15 217/371] wifi: mt76: handle failure of vzalloc in mt7615_coredump_work Greg Kroah-Hartman
@ 2023-05-08 9:46 ` Greg Kroah-Hartman
2023-05-08 9:47 ` [PATCH 5.15 219/371] wifi: mt76: mt7921e: fix probe timeout after reboot Greg Kroah-Hartman
` (156 subsequent siblings)
374 siblings, 0 replies; 391+ messages in thread
From: Greg Kroah-Hartman @ 2023-05-08 9:46 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Lorenzo Bianconi, Deren Wu,
Felix Fietkau, Sasha Levin
From: Deren Wu <deren.wu@mediatek.com>
[ Upstream commit 35effe6c0c24adcf0f732bb1c3d75573d4c88e63 ]
The default waiting unit is 10ms and the value is too much for
data path related control. Provide a new API mt76_poll_msec_tick()
to support different cases, such as 1ms polling waiting kick.
Reviewed-by: Lorenzo Bianconi <lorenzo@kernel.org>
Signed-off-by: Deren Wu <deren.wu@mediatek.com>
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Stable-dep-of: c397fc1e6365 ("wifi: mt76: mt7921e: fix probe timeout after reboot")
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/wireless/mediatek/mt76/mt76.h | 9 +++++----
drivers/net/wireless/mediatek/mt76/util.c | 10 +++++-----
2 files changed, 10 insertions(+), 9 deletions(-)
diff --git a/drivers/net/wireless/mediatek/mt76/mt76.h b/drivers/net/wireless/mediatek/mt76/mt76.h
index 4e4af6e17b503..eb1fb955b7777 100644
--- a/drivers/net/wireless/mediatek/mt76/mt76.h
+++ b/drivers/net/wireless/mediatek/mt76/mt76.h
@@ -820,10 +820,11 @@ bool __mt76_poll(struct mt76_dev *dev, u32 offset, u32 mask, u32 val,
#define mt76_poll(dev, ...) __mt76_poll(&((dev)->mt76), __VA_ARGS__)
-bool __mt76_poll_msec(struct mt76_dev *dev, u32 offset, u32 mask, u32 val,
- int timeout);
-
-#define mt76_poll_msec(dev, ...) __mt76_poll_msec(&((dev)->mt76), __VA_ARGS__)
+bool ____mt76_poll_msec(struct mt76_dev *dev, u32 offset, u32 mask, u32 val,
+ int timeout, int kick);
+#define __mt76_poll_msec(...) ____mt76_poll_msec(__VA_ARGS__, 10)
+#define mt76_poll_msec(dev, ...) ____mt76_poll_msec(&((dev)->mt76), __VA_ARGS__, 10)
+#define mt76_poll_msec_tick(dev, ...) ____mt76_poll_msec(&((dev)->mt76), __VA_ARGS__)
void mt76_mmio_init(struct mt76_dev *dev, void __iomem *regs);
void mt76_pci_disable_aspm(struct pci_dev *pdev);
diff --git a/drivers/net/wireless/mediatek/mt76/util.c b/drivers/net/wireless/mediatek/mt76/util.c
index 581964425468f..fc76c66ff1a5a 100644
--- a/drivers/net/wireless/mediatek/mt76/util.c
+++ b/drivers/net/wireless/mediatek/mt76/util.c
@@ -24,23 +24,23 @@ bool __mt76_poll(struct mt76_dev *dev, u32 offset, u32 mask, u32 val,
}
EXPORT_SYMBOL_GPL(__mt76_poll);
-bool __mt76_poll_msec(struct mt76_dev *dev, u32 offset, u32 mask, u32 val,
- int timeout)
+bool ____mt76_poll_msec(struct mt76_dev *dev, u32 offset, u32 mask, u32 val,
+ int timeout, int tick)
{
u32 cur;
- timeout /= 10;
+ timeout /= tick;
do {
cur = __mt76_rr(dev, offset) & mask;
if (cur == val)
return true;
- usleep_range(10000, 20000);
+ usleep_range(1000 * tick, 2000 * tick);
} while (timeout-- > 0);
return false;
}
-EXPORT_SYMBOL_GPL(__mt76_poll_msec);
+EXPORT_SYMBOL_GPL(____mt76_poll_msec);
int mt76_wcid_alloc(u32 *mask, int size)
{
--
2.39.2
^ permalink raw reply related [flat|nested] 391+ messages in thread
* [PATCH 5.15 219/371] wifi: mt76: mt7921e: fix probe timeout after reboot
2023-05-08 9:43 [PATCH 5.15 000/371] 5.15.111-rc1 review Greg Kroah-Hartman
` (217 preceding siblings ...)
2023-05-08 9:46 ` [PATCH 5.15 218/371] wifi: mt76: add flexible polling wait-interval support Greg Kroah-Hartman
@ 2023-05-08 9:47 ` Greg Kroah-Hartman
2023-05-08 9:47 ` [PATCH 5.15 220/371] wifi: mt76: fix 6GHz high channel not be scanned Greg Kroah-Hartman
` (155 subsequent siblings)
374 siblings, 0 replies; 391+ messages in thread
From: Greg Kroah-Hartman @ 2023-05-08 9:47 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Quan Zhou, Deren Wu, Felix Fietkau,
Sasha Levin
From: Quan Zhou <quan.zhou@mediatek.com>
[ Upstream commit c397fc1e6365a2a9e5540a85b2c1d4ea412aa0e2 ]
In system warm reboot scene, due to the polling timeout(now 1000us)
is too short to wait dma idle in time, it may make driver probe fail
with error code -ETIMEDOUT. Meanwhile, we also found the dma may take
around 70ms to enter idle state. Change the polling idle timeout to
100ms to avoid the probabilistic probe fail.
Tested pass with 5000 times warm reboot on x86 platform.
[4.477496] pci 0000:01:00.0: attach allowed to drvr mt7921e [internal device]
[4.478306] mt7921e 0000:01:00.0: ASIC revision: 79610010
[4.480063] mt7921e: probe of 0000:01:00.0 failed with error -110
Fixes: 0a1059d0f060 ("mt76: mt7921: move mt7921_dma_reset in dma.c")
Signed-off-by: Quan Zhou <quan.zhou@mediatek.com>
Signed-off-by: Deren Wu <deren.wu@mediatek.com>
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/wireless/mediatek/mt76/mt7921/dma.c | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/drivers/net/wireless/mediatek/mt76/mt7921/dma.c b/drivers/net/wireless/mediatek/mt76/mt7921/dma.c
index 93d0cc1827d26..7e39bcfdb0b7a 100644
--- a/drivers/net/wireless/mediatek/mt76/mt7921/dma.c
+++ b/drivers/net/wireless/mediatek/mt76/mt7921/dma.c
@@ -144,9 +144,9 @@ static int mt7921_dma_disable(struct mt7921_dev *dev, bool force)
MT_WFDMA0_GLO_CFG_OMIT_RX_INFO |
MT_WFDMA0_GLO_CFG_OMIT_RX_INFO_PFET2);
- if (!mt76_poll(dev, MT_WFDMA0_GLO_CFG,
- MT_WFDMA0_GLO_CFG_TX_DMA_BUSY |
- MT_WFDMA0_GLO_CFG_RX_DMA_BUSY, 0, 1000))
+ if (!mt76_poll_msec_tick(dev, MT_WFDMA0_GLO_CFG,
+ MT_WFDMA0_GLO_CFG_TX_DMA_BUSY |
+ MT_WFDMA0_GLO_CFG_RX_DMA_BUSY, 0, 100, 1))
return -ETIMEDOUT;
return 0;
--
2.39.2
^ permalink raw reply related [flat|nested] 391+ messages in thread
* [PATCH 5.15 220/371] wifi: mt76: fix 6GHz high channel not be scanned
2023-05-08 9:43 [PATCH 5.15 000/371] 5.15.111-rc1 review Greg Kroah-Hartman
` (218 preceding siblings ...)
2023-05-08 9:47 ` [PATCH 5.15 219/371] wifi: mt76: mt7921e: fix probe timeout after reboot Greg Kroah-Hartman
@ 2023-05-08 9:47 ` Greg Kroah-Hartman
2023-05-08 9:47 ` [PATCH 5.15 221/371] wifi: mt76: mt7921e: improve reliability of dma reset Greg Kroah-Hartman
` (154 subsequent siblings)
374 siblings, 0 replies; 391+ messages in thread
From: Greg Kroah-Hartman @ 2023-05-08 9:47 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Ben Greear, Isaac Konikoff,
Ming Yen Hsieh, Deren Wu, Felix Fietkau, Sasha Levin
From: Ming Yen Hsieh <mingyen.hsieh@mediatek.com>
[ Upstream commit 23792cedaff02351b57bddd8957fc917fa88f2e0 ]
mt76 scan command only support 64 channels currently. If the
channel count is larger than 64(for 2+5+6GHz), some channels will
not be scanned. Hence change the scan type to full channel scan
in case of the command cannot include proper list for chip.
Fixes: 399090ef9605 ("mt76: mt76_connac: move hw_scan and sched_scan routine in mt76_connac_mcu module")
Reported-by: Ben Greear <greearb@candelatech.com>
Tested-by: Isaac Konikoff <konikofi@candelatech.com>
Signed-off-by: Ming Yen Hsieh <mingyen.hsieh@mediatek.com>
Signed-off-by: Deren Wu <deren.wu@mediatek.com>
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
.../net/wireless/mediatek/mt76/mt76_connac_mcu.c | 13 ++++++++++---
1 file changed, 10 insertions(+), 3 deletions(-)
diff --git a/drivers/net/wireless/mediatek/mt76/mt76_connac_mcu.c b/drivers/net/wireless/mediatek/mt76/mt76_connac_mcu.c
index 017bd59c4ea80..98f651fec3bf3 100644
--- a/drivers/net/wireless/mediatek/mt76/mt76_connac_mcu.c
+++ b/drivers/net/wireless/mediatek/mt76/mt76_connac_mcu.c
@@ -1446,8 +1446,16 @@ int mt76_connac_mcu_hw_scan(struct mt76_phy *phy, struct ieee80211_vif *vif,
req->channel_min_dwell_time = cpu_to_le16(duration);
req->channel_dwell_time = cpu_to_le16(duration);
- req->channels_num = min_t(u8, sreq->n_channels, 32);
- req->ext_channels_num = min_t(u8, ext_channels_num, 32);
+ if (sreq->n_channels == 0 || sreq->n_channels > 64) {
+ req->channel_type = 0;
+ req->channels_num = 0;
+ req->ext_channels_num = 0;
+ } else {
+ req->channel_type = 4;
+ req->channels_num = min_t(u8, sreq->n_channels, 32);
+ req->ext_channels_num = min_t(u8, ext_channels_num, 32);
+ }
+
for (i = 0; i < req->channels_num + req->ext_channels_num; i++) {
if (i >= 32)
chan = &req->ext_channels[i - 32];
@@ -1457,7 +1465,6 @@ int mt76_connac_mcu_hw_scan(struct mt76_phy *phy, struct ieee80211_vif *vif,
chan->band = scan_list[i]->band == NL80211_BAND_2GHZ ? 1 : 2;
chan->channel_num = scan_list[i]->hw_value;
}
- req->channel_type = sreq->n_channels ? 4 : 0;
if (sreq->ie_len > 0) {
memcpy(req->ies, sreq->ie, sreq->ie_len);
--
2.39.2
^ permalink raw reply related [flat|nested] 391+ messages in thread
* [PATCH 5.15 221/371] wifi: mt76: mt7921e: improve reliability of dma reset
2023-05-08 9:43 [PATCH 5.15 000/371] 5.15.111-rc1 review Greg Kroah-Hartman
` (219 preceding siblings ...)
2023-05-08 9:47 ` [PATCH 5.15 220/371] wifi: mt76: fix 6GHz high channel not be scanned Greg Kroah-Hartman
@ 2023-05-08 9:47 ` Greg Kroah-Hartman
2023-05-08 9:47 ` [PATCH 5.15 222/371] wifi: iwlwifi: mvm: check firmware response size Greg Kroah-Hartman
` (153 subsequent siblings)
374 siblings, 0 replies; 391+ messages in thread
From: Greg Kroah-Hartman @ 2023-05-08 9:47 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Sean Wang, Deren Wu, Wang Zhao,
Quan Zhou, Felix Fietkau, Sasha Levin
From: Quan Zhou <quan.zhou@mediatek.com>
[ Upstream commit 87714bf6ed1589813e473db5471e6e9857755764 ]
The hardware team has advised the driver that it is necessary to first put
WFDMA into an idle state before resetting the WFDMA. Otherwise, the WFDMA
may enter an unknown state where it cannot be polled with the right state
successfully. To ensure that the DMA can work properly while a stressful
cold reboot test was being made, we have reordered the programming sequence
in the driver based on the hardware team's guidance.
The patch would modify the WFDMA disabling flow from
"DMA reset -> disabling DMASHDL -> disabling WFDMA -> polling and waiting
until DMA idle" to "disabling WFDMA -> polling and waiting for DMA idle ->
disabling DMASHDL -> DMA reset.
Where he polling and waiting until WFDMA is idle is coordinated with the
operation of disabling WFDMA. Even while WFDMA is being disabled, it can
still handle Tx/Rx requests. The additional polling allows sufficient time
for WFDMA to process the last T/Rx request. When the idle state of WFDMA is
reached, it is a reliable indication that DMASHDL is also idle to ensure it
is safe to disable it and perform the DMA reset.
Fixes: 0a1059d0f060 ("mt76: mt7921: move mt7921_dma_reset in dma.c")
Co-developed-by: Sean Wang <sean.wang@mediatek.com>
Signed-off-by: Sean Wang <sean.wang@mediatek.com>
Co-developed-by: Deren Wu <deren.wu@mediatek.com>
Signed-off-by: Deren Wu <deren.wu@mediatek.com>
Co-developed-by: Wang Zhao <wang.zhao@mediatek.com>
Signed-off-by: Wang Zhao <wang.zhao@mediatek.com>
Signed-off-by: Quan Zhou <quan.zhou@mediatek.com>
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
.../net/wireless/mediatek/mt76/mt7921/dma.c | 36 ++++++++++---------
1 file changed, 20 insertions(+), 16 deletions(-)
diff --git a/drivers/net/wireless/mediatek/mt76/mt7921/dma.c b/drivers/net/wireless/mediatek/mt76/mt7921/dma.c
index 7e39bcfdb0b7a..983861edc6834 100644
--- a/drivers/net/wireless/mediatek/mt76/mt7921/dma.c
+++ b/drivers/net/wireless/mediatek/mt76/mt7921/dma.c
@@ -120,22 +120,6 @@ static void mt7921_dma_prefetch(struct mt7921_dev *dev)
static int mt7921_dma_disable(struct mt7921_dev *dev, bool force)
{
- if (force) {
- /* reset */
- mt76_clear(dev, MT_WFDMA0_RST,
- MT_WFDMA0_RST_DMASHDL_ALL_RST |
- MT_WFDMA0_RST_LOGIC_RST);
-
- mt76_set(dev, MT_WFDMA0_RST,
- MT_WFDMA0_RST_DMASHDL_ALL_RST |
- MT_WFDMA0_RST_LOGIC_RST);
- }
-
- /* disable dmashdl */
- mt76_clear(dev, MT_WFDMA0_GLO_CFG_EXT0,
- MT_WFDMA0_CSR_TX_DMASHDL_ENABLE);
- mt76_set(dev, MT_DMASHDL_SW_CONTROL, MT_DMASHDL_DMASHDL_BYPASS);
-
/* disable WFDMA0 */
mt76_clear(dev, MT_WFDMA0_GLO_CFG,
MT_WFDMA0_GLO_CFG_TX_DMA_EN | MT_WFDMA0_GLO_CFG_RX_DMA_EN |
@@ -149,6 +133,22 @@ static int mt7921_dma_disable(struct mt7921_dev *dev, bool force)
MT_WFDMA0_GLO_CFG_RX_DMA_BUSY, 0, 100, 1))
return -ETIMEDOUT;
+ /* disable dmashdl */
+ mt76_clear(dev, MT_WFDMA0_GLO_CFG_EXT0,
+ MT_WFDMA0_CSR_TX_DMASHDL_ENABLE);
+ mt76_set(dev, MT_DMASHDL_SW_CONTROL, MT_DMASHDL_DMASHDL_BYPASS);
+
+ if (force) {
+ /* reset */
+ mt76_clear(dev, MT_WFDMA0_RST,
+ MT_WFDMA0_RST_DMASHDL_ALL_RST |
+ MT_WFDMA0_RST_LOGIC_RST);
+
+ mt76_set(dev, MT_WFDMA0_RST,
+ MT_WFDMA0_RST_DMASHDL_ALL_RST |
+ MT_WFDMA0_RST_LOGIC_RST);
+ }
+
return 0;
}
@@ -354,6 +354,10 @@ void mt7921_dma_cleanup(struct mt7921_dev *dev)
MT_WFDMA0_GLO_CFG_OMIT_RX_INFO |
MT_WFDMA0_GLO_CFG_OMIT_RX_INFO_PFET2);
+ mt76_poll_msec_tick(dev, MT_WFDMA0_GLO_CFG,
+ MT_WFDMA0_GLO_CFG_TX_DMA_BUSY |
+ MT_WFDMA0_GLO_CFG_RX_DMA_BUSY, 0, 100, 1);
+
/* reset */
mt76_clear(dev, MT_WFDMA0_RST,
MT_WFDMA0_RST_DMASHDL_ALL_RST |
--
2.39.2
^ permalink raw reply related [flat|nested] 391+ messages in thread
* [PATCH 5.15 222/371] wifi: iwlwifi: mvm: check firmware response size
2023-05-08 9:43 [PATCH 5.15 000/371] 5.15.111-rc1 review Greg Kroah-Hartman
` (220 preceding siblings ...)
2023-05-08 9:47 ` [PATCH 5.15 221/371] wifi: mt76: mt7921e: improve reliability of dma reset Greg Kroah-Hartman
@ 2023-05-08 9:47 ` Greg Kroah-Hartman
2023-05-08 9:47 ` [PATCH 5.15 223/371] wifi: iwlwifi: fw: fix memory leak in debugfs Greg Kroah-Hartman
` (152 subsequent siblings)
374 siblings, 0 replies; 391+ messages in thread
From: Greg Kroah-Hartman @ 2023-05-08 9:47 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Johannes Berg, Gregory Greenman,
Sasha Levin
From: Johannes Berg <johannes.berg@intel.com>
[ Upstream commit 13513cec93ac9902d0b896976d8bab3758a9881c ]
Check the firmware response size for responses to the
memory read/write command in debugfs before using it.
Fixes: 2b55f43f8e47 ("iwlwifi: mvm: Add mem debugfs entry")
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: Gregory Greenman <gregory.greenman@intel.com>
Link: https://lore.kernel.org/r/20230417113648.0d56fcaf68ee.I70e9571f3ed7263929b04f8fabad23c9b999e4ea@changeid
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/wireless/intel/iwlwifi/mvm/debugfs.c | 10 ++++++++++
1 file changed, 10 insertions(+)
diff --git a/drivers/net/wireless/intel/iwlwifi/mvm/debugfs.c b/drivers/net/wireless/intel/iwlwifi/mvm/debugfs.c
index d398a06b26567..0f5c4c2510ef1 100644
--- a/drivers/net/wireless/intel/iwlwifi/mvm/debugfs.c
+++ b/drivers/net/wireless/intel/iwlwifi/mvm/debugfs.c
@@ -1931,6 +1931,11 @@ static ssize_t iwl_dbgfs_mem_read(struct file *file, char __user *user_buf,
if (ret < 0)
return ret;
+ if (iwl_rx_packet_payload_len(hcmd.resp_pkt) < sizeof(*rsp)) {
+ ret = -EIO;
+ goto out;
+ }
+
rsp = (void *)hcmd.resp_pkt->data;
if (le32_to_cpu(rsp->status) != DEBUG_MEM_STATUS_SUCCESS) {
ret = -ENXIO;
@@ -2008,6 +2013,11 @@ static ssize_t iwl_dbgfs_mem_write(struct file *file,
if (ret < 0)
return ret;
+ if (iwl_rx_packet_payload_len(hcmd.resp_pkt) < sizeof(*rsp)) {
+ ret = -EIO;
+ goto out;
+ }
+
rsp = (void *)hcmd.resp_pkt->data;
if (rsp->status != DEBUG_MEM_STATUS_SUCCESS) {
ret = -ENXIO;
--
2.39.2
^ permalink raw reply related [flat|nested] 391+ messages in thread
* [PATCH 5.15 223/371] wifi: iwlwifi: fw: fix memory leak in debugfs
2023-05-08 9:43 [PATCH 5.15 000/371] 5.15.111-rc1 review Greg Kroah-Hartman
` (221 preceding siblings ...)
2023-05-08 9:47 ` [PATCH 5.15 222/371] wifi: iwlwifi: mvm: check firmware response size Greg Kroah-Hartman
@ 2023-05-08 9:47 ` Greg Kroah-Hartman
2023-05-08 9:47 ` [PATCH 5.15 224/371] ixgbe: Allow flow hash to be set via ethtool Greg Kroah-Hartman
` (151 subsequent siblings)
374 siblings, 0 replies; 391+ messages in thread
From: Greg Kroah-Hartman @ 2023-05-08 9:47 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Johannes Berg, Gregory Greenman,
Sasha Levin
From: Johannes Berg <johannes.berg@intel.com>
[ Upstream commit 3d90d2f4a018fe8cfd65068bc6350b6222be4852 ]
Fix a memory leak that occurs when reading the fw_info
file all the way, since we return NULL indicating no
more data, but don't free the status tracking object.
Fixes: 36dfe9ac6e8b ("iwlwifi: dump api version in yaml format")
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: Gregory Greenman <gregory.greenman@intel.com>
Link: https://lore.kernel.org/r/20230418122405.239e501b3b8d.I4268f87809ef91209cbcd748eee0863195e70fa2@changeid
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/wireless/intel/iwlwifi/fw/debugfs.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/drivers/net/wireless/intel/iwlwifi/fw/debugfs.c b/drivers/net/wireless/intel/iwlwifi/fw/debugfs.c
index a152ce3064759..e372f935f6983 100644
--- a/drivers/net/wireless/intel/iwlwifi/fw/debugfs.c
+++ b/drivers/net/wireless/intel/iwlwifi/fw/debugfs.c
@@ -317,8 +317,10 @@ static void *iwl_dbgfs_fw_info_seq_next(struct seq_file *seq,
const struct iwl_fw *fw = priv->fwrt->fw;
*pos = ++state->pos;
- if (*pos >= fw->ucode_capa.n_cmd_versions)
+ if (*pos >= fw->ucode_capa.n_cmd_versions) {
+ kfree(state);
return NULL;
+ }
return state;
}
--
2.39.2
^ permalink raw reply related [flat|nested] 391+ messages in thread
* [PATCH 5.15 224/371] ixgbe: Allow flow hash to be set via ethtool
2023-05-08 9:43 [PATCH 5.15 000/371] 5.15.111-rc1 review Greg Kroah-Hartman
` (222 preceding siblings ...)
2023-05-08 9:47 ` [PATCH 5.15 223/371] wifi: iwlwifi: fw: fix memory leak in debugfs Greg Kroah-Hartman
@ 2023-05-08 9:47 ` Greg Kroah-Hartman
2023-05-08 9:47 ` [PATCH 5.15 225/371] ixgbe: Enable setting RSS table to default values Greg Kroah-Hartman
` (150 subsequent siblings)
374 siblings, 0 replies; 391+ messages in thread
From: Greg Kroah-Hartman @ 2023-05-08 9:47 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Joe Damato, Sridhar Samudrala,
Tony Nguyen, Sasha Levin, Pucha Himasekhar Reddy
From: Joe Damato <jdamato@fastly.com>
[ Upstream commit 4f3ed1293feb9502dc254b05802faf1ad3317ac6 ]
ixgbe currently returns `EINVAL` whenever the flowhash it set by ethtool
because the ethtool code in the kernel passes a non-zero value for hfunc
that ixgbe should allow.
When ethtool is called with `ETHTOOL_SRXFHINDIR`,
`ethtool_set_rxfh_indir` will call ixgbe's set_rxfh function
with `ETH_RSS_HASH_NO_CHANGE`. This value should be accepted.
When ethtool is called with `ETHTOOL_SRSSH`, `ethtool_set_rxfh` will
call ixgbe's set_rxfh function with `rxfh.hfunc`, which appears to be
hardcoded in ixgbe to always be `ETH_RSS_HASH_TOP`. This value should
also be accepted.
Before this patch:
$ sudo ethtool -L eth1 combined 10
$ sudo ethtool -X eth1 default
Cannot set RX flow hash configuration: Invalid argument
After this patch:
$ sudo ethtool -L eth1 combined 10
$ sudo ethtool -X eth1 default
$ sudo ethtool -x eth1
RX flow hash indirection table for eth1 with 10 RX ring(s):
0: 0 1 2 3 4 5 6 7
8: 8 9 0 1 2 3 4 5
16: 6 7 8 9 0 1 2 3
24: 4 5 6 7 8 9 0 1
...
Fixes: 1c7cf0784e4d ("ixgbe: support for ethtool set_rxfh")
Signed-off-by: Joe Damato <jdamato@fastly.com>
Reviewed-by: Sridhar Samudrala <sridhar.samudrala@intel.com>
Tested-by: Pucha Himasekhar Reddy <himasekharx.reddy.pucha@intel.com> (A Contingent worker at Intel)
Signed-off-by: Tony Nguyen <anthony.l.nguyen@intel.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/ethernet/intel/ixgbe/ixgbe_ethtool.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/drivers/net/ethernet/intel/ixgbe/ixgbe_ethtool.c b/drivers/net/ethernet/intel/ixgbe/ixgbe_ethtool.c
index beda8e0ef7d42..37d57cb48071c 100644
--- a/drivers/net/ethernet/intel/ixgbe/ixgbe_ethtool.c
+++ b/drivers/net/ethernet/intel/ixgbe/ixgbe_ethtool.c
@@ -3099,8 +3099,8 @@ static int ixgbe_set_rxfh(struct net_device *netdev, const u32 *indir,
int i;
u32 reta_entries = ixgbe_rss_indir_tbl_entries(adapter);
- if (hfunc)
- return -EINVAL;
+ if (hfunc != ETH_RSS_HASH_NO_CHANGE && hfunc != ETH_RSS_HASH_TOP)
+ return -EOPNOTSUPP;
/* Fill out the redirection table */
if (indir) {
--
2.39.2
^ permalink raw reply related [flat|nested] 391+ messages in thread
* [PATCH 5.15 225/371] ixgbe: Enable setting RSS table to default values
2023-05-08 9:43 [PATCH 5.15 000/371] 5.15.111-rc1 review Greg Kroah-Hartman
` (223 preceding siblings ...)
2023-05-08 9:47 ` [PATCH 5.15 224/371] ixgbe: Allow flow hash to be set via ethtool Greg Kroah-Hartman
@ 2023-05-08 9:47 ` Greg Kroah-Hartman
2023-05-08 9:47 ` [PATCH 5.15 226/371] net/mlx5: E-switch, Dont destroy indirect table in split rule Greg Kroah-Hartman
` (149 subsequent siblings)
374 siblings, 0 replies; 391+ messages in thread
From: Greg Kroah-Hartman @ 2023-05-08 9:47 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Joe Damato, Sridhar Samudrala,
Tony Nguyen, Sasha Levin, Pucha Himasekhar Reddy
From: Joe Damato <jdamato@fastly.com>
[ Upstream commit e85d3d55875f7a1079edfbc4e4e98d6f8aea9ac7 ]
ethtool uses `ETHTOOL_GRXRINGS` to compute how many queues are supported
by RSS. The driver should return the smaller of either:
- The maximum number of RSS queues the device supports, OR
- The number of RX queues configured
Prior to this change, running `ethtool -X $iface default` fails if the
number of queues configured is larger than the number supported by RSS,
even though changing the queue count correctly resets the flowhash to
use all supported queues.
Other drivers (for example, i40e) will succeed but the flow hash will
reset to support the maximum number of queues supported by RSS, even if
that amount is smaller than the configured amount.
Prior to this change:
$ sudo ethtool -L eth1 combined 20
$ sudo ethtool -x eth1
RX flow hash indirection table for eth1 with 20 RX ring(s):
0: 0 1 2 3 4 5 6 7
8: 8 9 10 11 12 13 14 15
16: 0 1 2 3 4 5 6 7
24: 8 9 10 11 12 13 14 15
32: 0 1 2 3 4 5 6 7
...
You can see that the flowhash was correctly set to use the maximum
number of queues supported by the driver (16).
However, asking the NIC to reset to "default" fails:
$ sudo ethtool -X eth1 default
Cannot set RX flow hash configuration: Invalid argument
After this change, the flowhash can be reset to default which will use
all of the available RSS queues (16) or the configured queue count,
whichever is smaller.
Starting with eth1 which has 10 queues and a flowhash distributing to
all 10 queues:
$ sudo ethtool -x eth1
RX flow hash indirection table for eth1 with 10 RX ring(s):
0: 0 1 2 3 4 5 6 7
8: 8 9 0 1 2 3 4 5
16: 6 7 8 9 0 1 2 3
...
Increasing the queue count to 48 resets the flowhash to distribute to 16
queues, as it did before this patch:
$ sudo ethtool -L eth1 combined 48
$ sudo ethtool -x eth1
RX flow hash indirection table for eth1 with 16 RX ring(s):
0: 0 1 2 3 4 5 6 7
8: 8 9 10 11 12 13 14 15
16: 0 1 2 3 4 5 6 7
...
Due to the other bugfix in this series, the flowhash can be set to use
queues 0-5:
$ sudo ethtool -X eth1 equal 5
$ sudo ethtool -x eth1
RX flow hash indirection table for eth1 with 16 RX ring(s):
0: 0 1 2 3 4 0 1 2
8: 3 4 0 1 2 3 4 0
16: 1 2 3 4 0 1 2 3
...
Due to this bugfix, the flowhash can be reset to default and use 16
queues:
$ sudo ethtool -X eth1 default
$ sudo ethtool -x eth1
RX flow hash indirection table for eth1 with 16 RX ring(s):
0: 0 1 2 3 4 5 6 7
8: 8 9 10 11 12 13 14 15
16: 0 1 2 3 4 5 6 7
...
Fixes: 91cd94bfe4f0 ("ixgbe: add basic support for setting and getting nfc controls")
Signed-off-by: Joe Damato <jdamato@fastly.com>
Reviewed-by: Sridhar Samudrala <sridhar.samudrala@intel.com>
Tested-by: Pucha Himasekhar Reddy <himasekharx.reddy.pucha@intel.com> (A Contingent worker at Intel)
Signed-off-by: Tony Nguyen <anthony.l.nguyen@intel.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
.../net/ethernet/intel/ixgbe/ixgbe_ethtool.c | 19 ++++++++++---------
1 file changed, 10 insertions(+), 9 deletions(-)
diff --git a/drivers/net/ethernet/intel/ixgbe/ixgbe_ethtool.c b/drivers/net/ethernet/intel/ixgbe/ixgbe_ethtool.c
index 37d57cb48071c..c829cb65171c7 100644
--- a/drivers/net/ethernet/intel/ixgbe/ixgbe_ethtool.c
+++ b/drivers/net/ethernet/intel/ixgbe/ixgbe_ethtool.c
@@ -2633,6 +2633,14 @@ static int ixgbe_get_rss_hash_opts(struct ixgbe_adapter *adapter,
return 0;
}
+static int ixgbe_rss_indir_tbl_max(struct ixgbe_adapter *adapter)
+{
+ if (adapter->hw.mac.type < ixgbe_mac_X550)
+ return 16;
+ else
+ return 64;
+}
+
static int ixgbe_get_rxnfc(struct net_device *dev, struct ethtool_rxnfc *cmd,
u32 *rule_locs)
{
@@ -2641,7 +2649,8 @@ static int ixgbe_get_rxnfc(struct net_device *dev, struct ethtool_rxnfc *cmd,
switch (cmd->cmd) {
case ETHTOOL_GRXRINGS:
- cmd->data = adapter->num_rx_queues;
+ cmd->data = min_t(int, adapter->num_rx_queues,
+ ixgbe_rss_indir_tbl_max(adapter));
ret = 0;
break;
case ETHTOOL_GRXCLSRLCNT:
@@ -3043,14 +3052,6 @@ static int ixgbe_set_rxnfc(struct net_device *dev, struct ethtool_rxnfc *cmd)
return ret;
}
-static int ixgbe_rss_indir_tbl_max(struct ixgbe_adapter *adapter)
-{
- if (adapter->hw.mac.type < ixgbe_mac_X550)
- return 16;
- else
- return 64;
-}
-
static u32 ixgbe_get_rxfh_key_size(struct net_device *netdev)
{
return IXGBE_RSS_KEY_SIZE;
--
2.39.2
^ permalink raw reply related [flat|nested] 391+ messages in thread
* [PATCH 5.15 226/371] net/mlx5: E-switch, Dont destroy indirect table in split rule
2023-05-08 9:43 [PATCH 5.15 000/371] 5.15.111-rc1 review Greg Kroah-Hartman
` (224 preceding siblings ...)
2023-05-08 9:47 ` [PATCH 5.15 225/371] ixgbe: Enable setting RSS table to default values Greg Kroah-Hartman
@ 2023-05-08 9:47 ` Greg Kroah-Hartman
2023-05-08 9:47 ` [PATCH 5.15 227/371] net: stmmac:fix system hang when setting up tag_8021q VLAN for DSA ports Greg Kroah-Hartman
` (148 subsequent siblings)
374 siblings, 0 replies; 391+ messages in thread
From: Greg Kroah-Hartman @ 2023-05-08 9:47 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Chris Mi, Roi Dayan, Maor Dickman,
Saeed Mahameed, Sasha Levin
From: Chris Mi <cmi@nvidia.com>
[ Upstream commit 4c8189302567f75099a336b0efcff8291ec86ff4 ]
Source port rewrite (forward to ovs internal port or statck device) isn't
supported in the rule of split action. So there is no indirect table in
split rule. The cited commit destroyes indirect table in split rule. The
indirect table for other rules will be destroyed wrongly. It will cause
traffic loss.
Fix it by removing the destroy function in split rule. And also remove
the destroy function in error flow.
Fixes: 10742efc20a4 ("net/mlx5e: VF tunnel TX traffic offloading")
Signed-off-by: Chris Mi <cmi@nvidia.com>
Reviewed-by: Roi Dayan <roid@nvidia.com>
Reviewed-by: Maor Dickman <maord@nvidia.com>
Signed-off-by: Saeed Mahameed <saeedm@nvidia.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/ethernet/mellanox/mlx5/core/eswitch_offloads.c | 2 --
1 file changed, 2 deletions(-)
diff --git a/drivers/net/ethernet/mellanox/mlx5/core/eswitch_offloads.c b/drivers/net/ethernet/mellanox/mlx5/core/eswitch_offloads.c
index 002567792e91e..829f703233a9e 100644
--- a/drivers/net/ethernet/mellanox/mlx5/core/eswitch_offloads.c
+++ b/drivers/net/ethernet/mellanox/mlx5/core/eswitch_offloads.c
@@ -656,7 +656,6 @@ mlx5_eswitch_add_fwd_rule(struct mlx5_eswitch *esw,
return rule;
err_chain_src_rewrite:
- esw_put_dest_tables_loop(esw, attr, 0, i);
mlx5_esw_vporttbl_put(esw, &fwd_attr);
err_get_fwd:
mlx5_chains_put_table(chains, attr->chain, attr->prio, 0);
@@ -698,7 +697,6 @@ __mlx5_eswitch_del_rule(struct mlx5_eswitch *esw,
if (fwd_rule) {
mlx5_esw_vporttbl_put(esw, &fwd_attr);
mlx5_chains_put_table(chains, attr->chain, attr->prio, 0);
- esw_put_dest_tables_loop(esw, attr, 0, esw_attr->split_count);
} else {
if (split)
mlx5_esw_vporttbl_put(esw, &fwd_attr);
--
2.39.2
^ permalink raw reply related [flat|nested] 391+ messages in thread
* [PATCH 5.15 227/371] net: stmmac:fix system hang when setting up tag_8021q VLAN for DSA ports
2023-05-08 9:43 [PATCH 5.15 000/371] 5.15.111-rc1 review Greg Kroah-Hartman
` (225 preceding siblings ...)
2023-05-08 9:47 ` [PATCH 5.15 226/371] net/mlx5: E-switch, Dont destroy indirect table in split rule Greg Kroah-Hartman
@ 2023-05-08 9:47 ` Greg Kroah-Hartman
2023-05-08 9:47 ` [PATCH 5.15 228/371] bpf: Dont EFAULT for getsockopt with optval=NULL Greg Kroah-Hartman
` (147 subsequent siblings)
374 siblings, 0 replies; 391+ messages in thread
From: Greg Kroah-Hartman @ 2023-05-08 9:47 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Jacob Keller, Yan Wang,
David S. Miller, Sasha Levin
From: Yan Wang <rk.code@outlook.com>
[ Upstream commit 35226750f7ab9d49140d95bc7d38a2a9b0f4fdfc ]
The system hang because of dsa_tag_8021q_port_setup()->
stmmac_vlan_rx_add_vid().
I found in stmmac_drv_probe() that cailing pm_runtime_put()
disabled the clock.
First, when the kernel is compiled with CONFIG_PM=y,The stmmac's
resume/suspend is active.
Secondly,stmmac as DSA master,the dsa_tag_8021q_port_setup() function
will callback stmmac_vlan_rx_add_vid when DSA dirver starts. However,
The system is hanged for the stmmac_vlan_rx_add_vid() accesses its
registers after stmmac's clock is closed.
I would suggest adding the pm_runtime_resume_and_get() to the
stmmac_vlan_rx_add_vid().This guarantees that resuming clock output
while in use.
Fixes: b3dcb3127786 ("net: stmmac: correct clocks enabled in stmmac_vlan_rx_kill_vid()")
Reviewed-by: Jacob Keller <jacob.e.keller@intel.com>
Signed-off-by: Yan Wang <rk.code@outlook.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/ethernet/stmicro/stmmac/stmmac_main.c | 12 +++++++++---
1 file changed, 9 insertions(+), 3 deletions(-)
diff --git a/drivers/net/ethernet/stmicro/stmmac/stmmac_main.c b/drivers/net/ethernet/stmicro/stmmac/stmmac_main.c
index a3bd5396c2f87..179f8d196c890 100644
--- a/drivers/net/ethernet/stmicro/stmmac/stmmac_main.c
+++ b/drivers/net/ethernet/stmicro/stmmac/stmmac_main.c
@@ -6283,6 +6283,10 @@ static int stmmac_vlan_rx_add_vid(struct net_device *ndev, __be16 proto, u16 vid
bool is_double = false;
int ret;
+ ret = pm_runtime_resume_and_get(priv->device);
+ if (ret < 0)
+ return ret;
+
if (be16_to_cpu(proto) == ETH_P_8021AD)
is_double = true;
@@ -6290,16 +6294,18 @@ static int stmmac_vlan_rx_add_vid(struct net_device *ndev, __be16 proto, u16 vid
ret = stmmac_vlan_update(priv, is_double);
if (ret) {
clear_bit(vid, priv->active_vlans);
- return ret;
+ goto err_pm_put;
}
if (priv->hw->num_vlan) {
ret = stmmac_add_hw_vlan_rx_fltr(priv, ndev, priv->hw, proto, vid);
if (ret)
- return ret;
+ goto err_pm_put;
}
+err_pm_put:
+ pm_runtime_put(priv->device);
- return 0;
+ return ret;
}
static int stmmac_vlan_rx_kill_vid(struct net_device *ndev, __be16 proto, u16 vid)
--
2.39.2
^ permalink raw reply related [flat|nested] 391+ messages in thread
* [PATCH 5.15 228/371] bpf: Dont EFAULT for getsockopt with optval=NULL
2023-05-08 9:43 [PATCH 5.15 000/371] 5.15.111-rc1 review Greg Kroah-Hartman
` (226 preceding siblings ...)
2023-05-08 9:47 ` [PATCH 5.15 227/371] net: stmmac:fix system hang when setting up tag_8021q VLAN for DSA ports Greg Kroah-Hartman
@ 2023-05-08 9:47 ` Greg Kroah-Hartman
2023-05-08 9:47 ` [PATCH 5.15 229/371] netfilter: nf_tables: dont write table validation state without mutex Greg Kroah-Hartman
` (146 subsequent siblings)
374 siblings, 0 replies; 391+ messages in thread
From: Greg Kroah-Hartman @ 2023-05-08 9:47 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Martin KaFai Lau,
Stanislav Fomichev, Daniel Borkmann, Sasha Levin
From: Stanislav Fomichev <sdf@google.com>
[ Upstream commit 00e74ae0863827d944e36e56a4ce1e77e50edb91 ]
Some socket options do getsockopt with optval=NULL to estimate the size
of the final buffer (which is returned via optlen). This breaks BPF
getsockopt assumptions about permitted optval buffer size. Let's enforce
these assumptions only when non-NULL optval is provided.
Fixes: 0d01da6afc54 ("bpf: implement getsockopt and setsockopt hooks")
Reported-by: Martin KaFai Lau <martin.lau@kernel.org>
Signed-off-by: Stanislav Fomichev <sdf@google.com>
Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
Link: https://lore.kernel.org/bpf/ZD7Js4fj5YyI2oLd@google.com/T/#mb68daf700f87a9244a15d01d00c3f0e5b08f49f7
Link: https://lore.kernel.org/bpf/20230418225343.553806-2-sdf@google.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
kernel/bpf/cgroup.c | 9 ++++++---
1 file changed, 6 insertions(+), 3 deletions(-)
diff --git a/kernel/bpf/cgroup.c b/kernel/bpf/cgroup.c
index eb3e787a3a977..87174832aa86d 100644
--- a/kernel/bpf/cgroup.c
+++ b/kernel/bpf/cgroup.c
@@ -1586,7 +1586,7 @@ int __cgroup_bpf_run_filter_getsockopt(struct sock *sk, int level,
goto out;
}
- if (ctx.optlen > max_optlen || ctx.optlen < 0) {
+ if (optval && (ctx.optlen > max_optlen || ctx.optlen < 0)) {
ret = -EFAULT;
goto out;
}
@@ -1600,8 +1600,11 @@ int __cgroup_bpf_run_filter_getsockopt(struct sock *sk, int level,
}
if (ctx.optlen != 0) {
- if (copy_to_user(optval, ctx.optval, ctx.optlen) ||
- put_user(ctx.optlen, optlen)) {
+ if (optval && copy_to_user(optval, ctx.optval, ctx.optlen)) {
+ ret = -EFAULT;
+ goto out;
+ }
+ if (put_user(ctx.optlen, optlen)) {
ret = -EFAULT;
goto out;
}
--
2.39.2
^ permalink raw reply related [flat|nested] 391+ messages in thread
* [PATCH 5.15 229/371] netfilter: nf_tables: dont write table validation state without mutex
2023-05-08 9:43 [PATCH 5.15 000/371] 5.15.111-rc1 review Greg Kroah-Hartman
` (227 preceding siblings ...)
2023-05-08 9:47 ` [PATCH 5.15 228/371] bpf: Dont EFAULT for getsockopt with optval=NULL Greg Kroah-Hartman
@ 2023-05-08 9:47 ` Greg Kroah-Hartman
2023-05-08 9:47 ` [PATCH 5.15 230/371] net/sched: sch_fq: fix integer overflow of "credit" Greg Kroah-Hartman
` (145 subsequent siblings)
374 siblings, 0 replies; 391+ messages in thread
From: Greg Kroah-Hartman @ 2023-05-08 9:47 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Florian Westphal, Pablo Neira Ayuso,
Sasha Levin
From: Florian Westphal <fw@strlen.de>
[ Upstream commit 9a32e9850686599ed194ccdceb6cd3dd56b2d9b9 ]
The ->cleanup callback needs to be removed, this doesn't work anymore as
the transaction mutex is already released in the ->abort function.
Just do it after a successful validation pass, this either happens
from commit or abort phases where transaction mutex is held.
Fixes: f102d66b335a ("netfilter: nf_tables: use dedicated mutex to guard transactions")
Signed-off-by: Florian Westphal <fw@strlen.de>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
include/linux/netfilter/nfnetlink.h | 1 -
net/netfilter/nf_tables_api.c | 8 ++------
net/netfilter/nfnetlink.c | 2 --
3 files changed, 2 insertions(+), 9 deletions(-)
diff --git a/include/linux/netfilter/nfnetlink.h b/include/linux/netfilter/nfnetlink.h
index 241e005f290ad..e9a9ab34a7ccc 100644
--- a/include/linux/netfilter/nfnetlink.h
+++ b/include/linux/netfilter/nfnetlink.h
@@ -45,7 +45,6 @@ struct nfnetlink_subsystem {
int (*commit)(struct net *net, struct sk_buff *skb);
int (*abort)(struct net *net, struct sk_buff *skb,
enum nfnl_abort_action action);
- void (*cleanup)(struct net *net);
bool (*valid_genid)(struct net *net, u32 genid);
};
diff --git a/net/netfilter/nf_tables_api.c b/net/netfilter/nf_tables_api.c
index d950041364d5f..822d13e64b326 100644
--- a/net/netfilter/nf_tables_api.c
+++ b/net/netfilter/nf_tables_api.c
@@ -8360,6 +8360,8 @@ static int nf_tables_validate(struct net *net)
if (nft_table_validate(net, table) < 0)
return -EAGAIN;
}
+
+ nft_validate_state_update(net, NFT_VALIDATE_SKIP);
break;
}
@@ -9231,11 +9233,6 @@ static int __nf_tables_abort(struct net *net, enum nfnl_abort_action action)
return 0;
}
-static void nf_tables_cleanup(struct net *net)
-{
- nft_validate_state_update(net, NFT_VALIDATE_SKIP);
-}
-
static int nf_tables_abort(struct net *net, struct sk_buff *skb,
enum nfnl_abort_action action)
{
@@ -9269,7 +9266,6 @@ static const struct nfnetlink_subsystem nf_tables_subsys = {
.cb = nf_tables_cb,
.commit = nf_tables_commit,
.abort = nf_tables_abort,
- .cleanup = nf_tables_cleanup,
.valid_genid = nf_tables_valid_genid,
.owner = THIS_MODULE,
};
diff --git a/net/netfilter/nfnetlink.c b/net/netfilter/nfnetlink.c
index 2cce4033a70a6..4d7a2a7bbd434 100644
--- a/net/netfilter/nfnetlink.c
+++ b/net/netfilter/nfnetlink.c
@@ -585,8 +585,6 @@ static void nfnetlink_rcv_batch(struct sk_buff *skb, struct nlmsghdr *nlh,
goto replay_abort;
}
}
- if (ss->cleanup)
- ss->cleanup(net);
nfnl_err_deliver(&err_list, oskb);
kfree_skb(skb);
--
2.39.2
^ permalink raw reply related [flat|nested] 391+ messages in thread
* [PATCH 5.15 230/371] net/sched: sch_fq: fix integer overflow of "credit"
2023-05-08 9:43 [PATCH 5.15 000/371] 5.15.111-rc1 review Greg Kroah-Hartman
` (228 preceding siblings ...)
2023-05-08 9:47 ` [PATCH 5.15 229/371] netfilter: nf_tables: dont write table validation state without mutex Greg Kroah-Hartman
@ 2023-05-08 9:47 ` Greg Kroah-Hartman
2023-05-08 9:47 ` [PATCH 5.15 231/371] ipv4: Fix potential uninit variable access bug in __ip_make_skb() Greg Kroah-Hartman
` (144 subsequent siblings)
374 siblings, 0 replies; 391+ messages in thread
From: Greg Kroah-Hartman @ 2023-05-08 9:47 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Christoph Paasch, Eric Dumazet,
Davide Caratti, Jakub Kicinski, Sasha Levin
From: Davide Caratti <dcaratti@redhat.com>
[ Upstream commit 7041101ff6c3073fd8f2e99920f535b111c929cb ]
if sch_fq is configured with "initial quantum" having values greater than
INT_MAX, the first assignment of "credit" does signed integer overflow to
a very negative value.
In this situation, the syzkaller script provided by Cristoph triggers the
CPU soft-lockup warning even with few sockets. It's not an infinite loop,
but "credit" wasn't probably meant to be minus 2Gb for each new flow.
Capping "initial quantum" to INT_MAX proved to fix the issue.
v2: validation of "initial quantum" is done in fq_policy, instead of open
coding in fq_change() _ suggested by Jakub Kicinski
Reported-by: Christoph Paasch <cpaasch@apple.com>
Link: https://github.com/multipath-tcp/mptcp_net-next/issues/377
Fixes: afe4fd062416 ("pkt_sched: fq: Fair Queue packet scheduler")
Reviewed-by: Eric Dumazet <edumazet@google.com>
Signed-off-by: Davide Caratti <dcaratti@redhat.com>
Link: https://lore.kernel.org/r/7b3a3c7e36d03068707a021760a194a8eb5ad41a.1682002300.git.dcaratti@redhat.com
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
net/sched/sch_fq.c | 6 +++++-
1 file changed, 5 insertions(+), 1 deletion(-)
diff --git a/net/sched/sch_fq.c b/net/sched/sch_fq.c
index 2fb76fc0cc31b..5a1274199fe33 100644
--- a/net/sched/sch_fq.c
+++ b/net/sched/sch_fq.c
@@ -779,13 +779,17 @@ static int fq_resize(struct Qdisc *sch, u32 log)
return 0;
}
+static struct netlink_range_validation iq_range = {
+ .max = INT_MAX,
+};
+
static const struct nla_policy fq_policy[TCA_FQ_MAX + 1] = {
[TCA_FQ_UNSPEC] = { .strict_start_type = TCA_FQ_TIMER_SLACK },
[TCA_FQ_PLIMIT] = { .type = NLA_U32 },
[TCA_FQ_FLOW_PLIMIT] = { .type = NLA_U32 },
[TCA_FQ_QUANTUM] = { .type = NLA_U32 },
- [TCA_FQ_INITIAL_QUANTUM] = { .type = NLA_U32 },
+ [TCA_FQ_INITIAL_QUANTUM] = NLA_POLICY_FULL_RANGE(NLA_U32, &iq_range),
[TCA_FQ_RATE_ENABLE] = { .type = NLA_U32 },
[TCA_FQ_FLOW_DEFAULT_RATE] = { .type = NLA_U32 },
[TCA_FQ_FLOW_MAX_RATE] = { .type = NLA_U32 },
--
2.39.2
^ permalink raw reply related [flat|nested] 391+ messages in thread
* [PATCH 5.15 231/371] ipv4: Fix potential uninit variable access bug in __ip_make_skb()
2023-05-08 9:43 [PATCH 5.15 000/371] 5.15.111-rc1 review Greg Kroah-Hartman
` (229 preceding siblings ...)
2023-05-08 9:47 ` [PATCH 5.15 230/371] net/sched: sch_fq: fix integer overflow of "credit" Greg Kroah-Hartman
@ 2023-05-08 9:47 ` Greg Kroah-Hartman
2023-05-08 9:47 ` [PATCH 5.15 232/371] Revert "Bluetooth: btsdio: fix use after free bug in btsdio_remove due to unfinished work" Greg Kroah-Hartman
` (143 subsequent siblings)
374 siblings, 0 replies; 391+ messages in thread
From: Greg Kroah-Hartman @ 2023-05-08 9:47 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Willem de Bruijn, Ziyang Xuan,
David S. Miller, Sasha Levin
From: Ziyang Xuan <william.xuanziyang@huawei.com>
[ Upstream commit 99e5acae193e369b71217efe6f1dad42f3f18815 ]
Like commit ea30388baebc ("ipv6: Fix an uninit variable access bug in
__ip6_make_skb()"). icmphdr does not in skb linear region under the
scenario of SOCK_RAW socket. Access icmp_hdr(skb)->type directly will
trigger the uninit variable access bug.
Use a local variable icmp_type to carry the correct value in different
scenarios.
Fixes: 96793b482540 ("[IPV4]: Add ICMPMsgStats MIB (RFC 4293)")
Reviewed-by: Willem de Bruijn <willemb@google.com>
Signed-off-by: Ziyang Xuan <william.xuanziyang@huawei.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
net/ipv4/ip_output.c | 16 +++++++++++++---
1 file changed, 13 insertions(+), 3 deletions(-)
diff --git a/net/ipv4/ip_output.c b/net/ipv4/ip_output.c
index ef786c6232df7..ae8a456df5ab2 100644
--- a/net/ipv4/ip_output.c
+++ b/net/ipv4/ip_output.c
@@ -1555,9 +1555,19 @@ struct sk_buff *__ip_make_skb(struct sock *sk,
cork->dst = NULL;
skb_dst_set(skb, &rt->dst);
- if (iph->protocol == IPPROTO_ICMP)
- icmp_out_count(net, ((struct icmphdr *)
- skb_transport_header(skb))->type);
+ if (iph->protocol == IPPROTO_ICMP) {
+ u8 icmp_type;
+
+ /* For such sockets, transhdrlen is zero when do ip_append_data(),
+ * so icmphdr does not in skb linear region and can not get icmp_type
+ * by icmp_hdr(skb)->type.
+ */
+ if (sk->sk_type == SOCK_RAW && !inet_sk(sk)->hdrincl)
+ icmp_type = fl4->fl4_icmp_type;
+ else
+ icmp_type = icmp_hdr(skb)->type;
+ icmp_out_count(net, icmp_type);
+ }
ip_cork_release(cork);
out:
--
2.39.2
^ permalink raw reply related [flat|nested] 391+ messages in thread
* [PATCH 5.15 232/371] Revert "Bluetooth: btsdio: fix use after free bug in btsdio_remove due to unfinished work"
2023-05-08 9:43 [PATCH 5.15 000/371] 5.15.111-rc1 review Greg Kroah-Hartman
` (230 preceding siblings ...)
2023-05-08 9:47 ` [PATCH 5.15 231/371] ipv4: Fix potential uninit variable access bug in __ip_make_skb() Greg Kroah-Hartman
@ 2023-05-08 9:47 ` Greg Kroah-Hartman
2023-05-08 9:47 ` [PATCH 5.15 233/371] netlink: Use copy_to_user() for optval in netlink_getsockopt() Greg Kroah-Hartman
` (142 subsequent siblings)
374 siblings, 0 replies; 391+ messages in thread
From: Greg Kroah-Hartman @ 2023-05-08 9:47 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Liu Jian, Luiz Augusto von Dentz,
Sasha Levin
From: Liu Jian <liujian56@huawei.com>
[ Upstream commit db2bf510bd5d57f064d9e1db395ed86a08320c54 ]
This reverts commit 1e9ac114c4428fdb7ff4635b45d4f46017e8916f.
This patch introduces a possible null-ptr-def problem. Revert it. And the
fixed bug by this patch have resolved by commit 73f7b171b7c0 ("Bluetooth:
btsdio: fix use after free bug in btsdio_remove due to race condition").
Fixes: 1e9ac114c442 ("Bluetooth: btsdio: fix use after free bug in btsdio_remove due to unfinished work")
Signed-off-by: Liu Jian <liujian56@huawei.com>
Signed-off-by: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/bluetooth/btsdio.c | 1 -
1 file changed, 1 deletion(-)
diff --git a/drivers/bluetooth/btsdio.c b/drivers/bluetooth/btsdio.c
index 7050a16e7efeb..199e8f7d426d9 100644
--- a/drivers/bluetooth/btsdio.c
+++ b/drivers/bluetooth/btsdio.c
@@ -352,7 +352,6 @@ static void btsdio_remove(struct sdio_func *func)
BT_DBG("func %p", func);
- cancel_work_sync(&data->work);
if (!data)
return;
--
2.39.2
^ permalink raw reply related [flat|nested] 391+ messages in thread
* [PATCH 5.15 233/371] netlink: Use copy_to_user() for optval in netlink_getsockopt().
2023-05-08 9:43 [PATCH 5.15 000/371] 5.15.111-rc1 review Greg Kroah-Hartman
` (231 preceding siblings ...)
2023-05-08 9:47 ` [PATCH 5.15 232/371] Revert "Bluetooth: btsdio: fix use after free bug in btsdio_remove due to unfinished work" Greg Kroah-Hartman
@ 2023-05-08 9:47 ` Greg Kroah-Hartman
2023-05-08 9:47 ` [PATCH 5.15 234/371] net: amd: Fix link leak when verifying config failed Greg Kroah-Hartman
` (141 subsequent siblings)
374 siblings, 0 replies; 391+ messages in thread
From: Greg Kroah-Hartman @ 2023-05-08 9:47 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Brad Spencer, Kuniyuki Iwashima,
Johannes Berg, Jakub Kicinski, Sasha Levin
From: Kuniyuki Iwashima <kuniyu@amazon.com>
[ Upstream commit d913d32cc2707e9cd24fe6fa6d7d470e9c728980 ]
Brad Spencer provided a detailed report [0] that when calling getsockopt()
for AF_NETLINK, some SOL_NETLINK options set only 1 byte even though such
options require at least sizeof(int) as length.
The options return a flag value that fits into 1 byte, but such behaviour
confuses users who do not initialise the variable before calling
getsockopt() and do not strictly check the returned value as char.
Currently, netlink_getsockopt() uses put_user() to copy data to optlen and
optval, but put_user() casts the data based on the pointer, char *optval.
As a result, only 1 byte is set to optval.
To avoid this behaviour, we need to use copy_to_user() or cast optval for
put_user().
Note that this changes the behaviour on big-endian systems, but we document
that the size of optval is int in the man page.
$ man 7 netlink
...
Socket options
To set or get a netlink socket option, call getsockopt(2) to read
or setsockopt(2) to write the option with the option level argument
set to SOL_NETLINK. Unless otherwise noted, optval is a pointer to
an int.
Fixes: 9a4595bc7e67 ("[NETLINK]: Add set/getsockopt options to support more than 32 groups")
Fixes: be0c22a46cfb ("netlink: add NETLINK_BROADCAST_ERROR socket option")
Fixes: 38938bfe3489 ("netlink: add NETLINK_NO_ENOBUFS socket flag")
Fixes: 0a6a3a23ea6e ("netlink: add NETLINK_CAP_ACK socket option")
Fixes: 2d4bc93368f5 ("netlink: extended ACK reporting")
Fixes: 89d35528d17d ("netlink: Add new socket option to enable strict checking on dumps")
Reported-by: Brad Spencer <bspencer@blackberry.com>
Link: https://lore.kernel.org/netdev/ZD7VkNWFfp22kTDt@datsun.rim.net/
Signed-off-by: Kuniyuki Iwashima <kuniyu@amazon.com>
Reviewed-by: Johannes Berg <johannes@sipsolutions.net>
Link: https://lore.kernel.org/r/20230421185255.94606-1-kuniyu@amazon.com
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
net/netlink/af_netlink.c | 75 ++++++++++++----------------------------
1 file changed, 23 insertions(+), 52 deletions(-)
diff --git a/net/netlink/af_netlink.c b/net/netlink/af_netlink.c
index 011ec7d9a719e..84a7a29be49d8 100644
--- a/net/netlink/af_netlink.c
+++ b/net/netlink/af_netlink.c
@@ -1752,7 +1752,8 @@ static int netlink_getsockopt(struct socket *sock, int level, int optname,
{
struct sock *sk = sock->sk;
struct netlink_sock *nlk = nlk_sk(sk);
- int len, val, err;
+ unsigned int flag;
+ int len, val;
if (level != SOL_NETLINK)
return -ENOPROTOOPT;
@@ -1764,39 +1765,17 @@ static int netlink_getsockopt(struct socket *sock, int level, int optname,
switch (optname) {
case NETLINK_PKTINFO:
- if (len < sizeof(int))
- return -EINVAL;
- len = sizeof(int);
- val = nlk->flags & NETLINK_F_RECV_PKTINFO ? 1 : 0;
- if (put_user(len, optlen) ||
- put_user(val, optval))
- return -EFAULT;
- err = 0;
+ flag = NETLINK_F_RECV_PKTINFO;
break;
case NETLINK_BROADCAST_ERROR:
- if (len < sizeof(int))
- return -EINVAL;
- len = sizeof(int);
- val = nlk->flags & NETLINK_F_BROADCAST_SEND_ERROR ? 1 : 0;
- if (put_user(len, optlen) ||
- put_user(val, optval))
- return -EFAULT;
- err = 0;
+ flag = NETLINK_F_BROADCAST_SEND_ERROR;
break;
case NETLINK_NO_ENOBUFS:
- if (len < sizeof(int))
- return -EINVAL;
- len = sizeof(int);
- val = nlk->flags & NETLINK_F_RECV_NO_ENOBUFS ? 1 : 0;
- if (put_user(len, optlen) ||
- put_user(val, optval))
- return -EFAULT;
- err = 0;
+ flag = NETLINK_F_RECV_NO_ENOBUFS;
break;
case NETLINK_LIST_MEMBERSHIPS: {
- int pos, idx, shift;
+ int pos, idx, shift, err = 0;
- err = 0;
netlink_lock_table();
for (pos = 0; pos * 8 < nlk->ngroups; pos += sizeof(u32)) {
if (len - pos < sizeof(u32))
@@ -1813,40 +1792,32 @@ static int netlink_getsockopt(struct socket *sock, int level, int optname,
if (put_user(ALIGN(nlk->ngroups / 8, sizeof(u32)), optlen))
err = -EFAULT;
netlink_unlock_table();
- break;
+ return err;
}
case NETLINK_CAP_ACK:
- if (len < sizeof(int))
- return -EINVAL;
- len = sizeof(int);
- val = nlk->flags & NETLINK_F_CAP_ACK ? 1 : 0;
- if (put_user(len, optlen) ||
- put_user(val, optval))
- return -EFAULT;
- err = 0;
+ flag = NETLINK_F_CAP_ACK;
break;
case NETLINK_EXT_ACK:
- if (len < sizeof(int))
- return -EINVAL;
- len = sizeof(int);
- val = nlk->flags & NETLINK_F_EXT_ACK ? 1 : 0;
- if (put_user(len, optlen) || put_user(val, optval))
- return -EFAULT;
- err = 0;
+ flag = NETLINK_F_EXT_ACK;
break;
case NETLINK_GET_STRICT_CHK:
- if (len < sizeof(int))
- return -EINVAL;
- len = sizeof(int);
- val = nlk->flags & NETLINK_F_STRICT_CHK ? 1 : 0;
- if (put_user(len, optlen) || put_user(val, optval))
- return -EFAULT;
- err = 0;
+ flag = NETLINK_F_STRICT_CHK;
break;
default:
- err = -ENOPROTOOPT;
+ return -ENOPROTOOPT;
}
- return err;
+
+ if (len < sizeof(int))
+ return -EINVAL;
+
+ len = sizeof(int);
+ val = nlk->flags & flag ? 1 : 0;
+
+ if (put_user(len, optlen) ||
+ copy_to_user(optval, &val, len))
+ return -EFAULT;
+
+ return 0;
}
static void netlink_cmsg_recv_pktinfo(struct msghdr *msg, struct sk_buff *skb)
--
2.39.2
^ permalink raw reply related [flat|nested] 391+ messages in thread
* [PATCH 5.15 234/371] net: amd: Fix link leak when verifying config failed
2023-05-08 9:43 [PATCH 5.15 000/371] 5.15.111-rc1 review Greg Kroah-Hartman
` (232 preceding siblings ...)
2023-05-08 9:47 ` [PATCH 5.15 233/371] netlink: Use copy_to_user() for optval in netlink_getsockopt() Greg Kroah-Hartman
@ 2023-05-08 9:47 ` Greg Kroah-Hartman
2023-05-08 9:47 ` [PATCH 5.15 235/371] tcp/udp: Fix memleaks of sk and zerocopy skbs with TX timestamp Greg Kroah-Hartman
` (140 subsequent siblings)
374 siblings, 0 replies; 391+ messages in thread
From: Greg Kroah-Hartman @ 2023-05-08 9:47 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Gan Gecen, Dongliang Mu,
David S. Miller, Sasha Levin
From: Gencen Gan <gangecen@hust.edu.cn>
[ Upstream commit d325c34d9e7e38d371c0a299d415e9b07f66a1fb ]
After failing to verify configuration, it returns directly without
releasing link, which may cause memory leak.
Paolo Abeni thinks that the whole code of this driver is quite
"suboptimal" and looks unmainatained since at least ~15y, so he
suggests that we could simply remove the whole driver, please
take it into consideration.
Simon Horman suggests that the fix label should be set to
"Linux-2.6.12-rc2" considering that the problem has existed
since the driver was introduced and the commit above doesn't
seem to exist in net/net-next.
Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2")
Signed-off-by: Gan Gecen <gangecen@hust.edu.cn>
Reviewed-by: Dongliang Mu <dzm91@hust.edu.cn>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/ethernet/amd/nmclan_cs.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/net/ethernet/amd/nmclan_cs.c b/drivers/net/ethernet/amd/nmclan_cs.c
index 4019cab875051..8bd063e54ac38 100644
--- a/drivers/net/ethernet/amd/nmclan_cs.c
+++ b/drivers/net/ethernet/amd/nmclan_cs.c
@@ -650,7 +650,7 @@ static int nmclan_config(struct pcmcia_device *link)
} else {
pr_notice("mace id not found: %x %x should be 0x40 0x?9\n",
sig[0], sig[1]);
- return -ENODEV;
+ goto failed;
}
}
--
2.39.2
^ permalink raw reply related [flat|nested] 391+ messages in thread
* [PATCH 5.15 235/371] tcp/udp: Fix memleaks of sk and zerocopy skbs with TX timestamp.
2023-05-08 9:43 [PATCH 5.15 000/371] 5.15.111-rc1 review Greg Kroah-Hartman
` (233 preceding siblings ...)
2023-05-08 9:47 ` [PATCH 5.15 234/371] net: amd: Fix link leak when verifying config failed Greg Kroah-Hartman
@ 2023-05-08 9:47 ` Greg Kroah-Hartman
2023-05-08 9:47 ` [PATCH 5.15 236/371] ipmi: ASPEED_BT_IPMI_BMC: select REGMAP_MMIO instead of depending on it Greg Kroah-Hartman
` (139 subsequent siblings)
374 siblings, 0 replies; 391+ messages in thread
From: Greg Kroah-Hartman @ 2023-05-08 9:47 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, syzbot, Kuniyuki Iwashima,
Willem de Bruijn, David S. Miller, Sasha Levin
From: Kuniyuki Iwashima <kuniyu@amazon.com>
[ Upstream commit 50749f2dd6854a41830996ad302aef2ffaf011d8 ]
syzkaller reported [0] memory leaks of an UDP socket and ZEROCOPY
skbs. We can reproduce the problem with these sequences:
sk = socket(AF_INET, SOCK_DGRAM, 0)
sk.setsockopt(SOL_SOCKET, SO_TIMESTAMPING, SOF_TIMESTAMPING_TX_SOFTWARE)
sk.setsockopt(SOL_SOCKET, SO_ZEROCOPY, 1)
sk.sendto(b'', MSG_ZEROCOPY, ('127.0.0.1', 53))
sk.close()
sendmsg() calls msg_zerocopy_alloc(), which allocates a skb, sets
skb->cb->ubuf.refcnt to 1, and calls sock_hold(). Here, struct
ubuf_info_msgzc indirectly holds a refcnt of the socket. When the
skb is sent, __skb_tstamp_tx() clones it and puts the clone into
the socket's error queue with the TX timestamp.
When the original skb is received locally, skb_copy_ubufs() calls
skb_unclone(), and pskb_expand_head() increments skb->cb->ubuf.refcnt.
This additional count is decremented while freeing the skb, but struct
ubuf_info_msgzc still has a refcnt, so __msg_zerocopy_callback() is
not called.
The last refcnt is not released unless we retrieve the TX timestamped
skb by recvmsg(). Since we clear the error queue in inet_sock_destruct()
after the socket's refcnt reaches 0, there is a circular dependency.
If we close() the socket holding such skbs, we never call sock_put()
and leak the count, sk, and skb.
TCP has the same problem, and commit e0c8bccd40fc ("net: stream:
purge sk_error_queue in sk_stream_kill_queues()") tried to fix it
by calling skb_queue_purge() during close(). However, there is a
small chance that skb queued in a qdisc or device could be put
into the error queue after the skb_queue_purge() call.
In __skb_tstamp_tx(), the cloned skb should not have a reference
to the ubuf to remove the circular dependency, but skb_clone() does
not call skb_copy_ubufs() for zerocopy skb. So, we need to call
skb_orphan_frags_rx() for the cloned skb to call skb_copy_ubufs().
[0]:
BUG: memory leak
unreferenced object 0xffff88800c6d2d00 (size 1152):
comm "syz-executor392", pid 264, jiffies 4294785440 (age 13.044s)
hex dump (first 32 bytes):
00 00 00 00 00 00 00 00 cd af e8 81 00 00 00 00 ................
02 00 07 40 00 00 00 00 00 00 00 00 00 00 00 00 ...@............
backtrace:
[<0000000055636812>] sk_prot_alloc+0x64/0x2a0 net/core/sock.c:2024
[<0000000054d77b7a>] sk_alloc+0x3b/0x800 net/core/sock.c:2083
[<0000000066f3c7e0>] inet_create net/ipv4/af_inet.c:319 [inline]
[<0000000066f3c7e0>] inet_create+0x31e/0xe40 net/ipv4/af_inet.c:245
[<000000009b83af97>] __sock_create+0x2ab/0x550 net/socket.c:1515
[<00000000b9b11231>] sock_create net/socket.c:1566 [inline]
[<00000000b9b11231>] __sys_socket_create net/socket.c:1603 [inline]
[<00000000b9b11231>] __sys_socket_create net/socket.c:1588 [inline]
[<00000000b9b11231>] __sys_socket+0x138/0x250 net/socket.c:1636
[<000000004fb45142>] __do_sys_socket net/socket.c:1649 [inline]
[<000000004fb45142>] __se_sys_socket net/socket.c:1647 [inline]
[<000000004fb45142>] __x64_sys_socket+0x73/0xb0 net/socket.c:1647
[<0000000066999e0e>] do_syscall_x64 arch/x86/entry/common.c:50 [inline]
[<0000000066999e0e>] do_syscall_64+0x38/0x90 arch/x86/entry/common.c:80
[<0000000017f238c1>] entry_SYSCALL_64_after_hwframe+0x63/0xcd
BUG: memory leak
unreferenced object 0xffff888017633a00 (size 240):
comm "syz-executor392", pid 264, jiffies 4294785440 (age 13.044s)
hex dump (first 32 bytes):
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00 00 00 00 00 00 00 00 00 2d 6d 0c 80 88 ff ff .........-m.....
backtrace:
[<000000002b1c4368>] __alloc_skb+0x229/0x320 net/core/skbuff.c:497
[<00000000143579a6>] alloc_skb include/linux/skbuff.h:1265 [inline]
[<00000000143579a6>] sock_omalloc+0xaa/0x190 net/core/sock.c:2596
[<00000000be626478>] msg_zerocopy_alloc net/core/skbuff.c:1294 [inline]
[<00000000be626478>] msg_zerocopy_realloc+0x1ce/0x7f0 net/core/skbuff.c:1370
[<00000000cbfc9870>] __ip_append_data+0x2adf/0x3b30 net/ipv4/ip_output.c:1037
[<0000000089869146>] ip_make_skb+0x26c/0x2e0 net/ipv4/ip_output.c:1652
[<00000000098015c2>] udp_sendmsg+0x1bac/0x2390 net/ipv4/udp.c:1253
[<0000000045e0e95e>] inet_sendmsg+0x10a/0x150 net/ipv4/af_inet.c:819
[<000000008d31bfde>] sock_sendmsg_nosec net/socket.c:714 [inline]
[<000000008d31bfde>] sock_sendmsg+0x141/0x190 net/socket.c:734
[<0000000021e21aa4>] __sys_sendto+0x243/0x360 net/socket.c:2117
[<00000000ac0af00c>] __do_sys_sendto net/socket.c:2129 [inline]
[<00000000ac0af00c>] __se_sys_sendto net/socket.c:2125 [inline]
[<00000000ac0af00c>] __x64_sys_sendto+0xe1/0x1c0 net/socket.c:2125
[<0000000066999e0e>] do_syscall_x64 arch/x86/entry/common.c:50 [inline]
[<0000000066999e0e>] do_syscall_64+0x38/0x90 arch/x86/entry/common.c:80
[<0000000017f238c1>] entry_SYSCALL_64_after_hwframe+0x63/0xcd
Fixes: f214f915e7db ("tcp: enable MSG_ZEROCOPY")
Fixes: b5947e5d1e71 ("udp: msg_zerocopy")
Reported-by: syzbot <syzkaller@googlegroups.com>
Signed-off-by: Kuniyuki Iwashima <kuniyu@amazon.com>
Reviewed-by: Willem de Bruijn <willemb@google.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
net/core/skbuff.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/net/core/skbuff.c b/net/core/skbuff.c
index 46cc3a7632f79..d4b25d6fd01d5 100644
--- a/net/core/skbuff.c
+++ b/net/core/skbuff.c
@@ -4960,6 +4960,9 @@ void __skb_tstamp_tx(struct sk_buff *orig_skb,
skb = alloc_skb(0, GFP_ATOMIC);
} else {
skb = skb_clone(orig_skb, GFP_ATOMIC);
+
+ if (skb_orphan_frags_rx(skb, GFP_ATOMIC))
+ return;
}
if (!skb)
return;
--
2.39.2
^ permalink raw reply related [flat|nested] 391+ messages in thread
* [PATCH 5.15 236/371] ipmi: ASPEED_BT_IPMI_BMC: select REGMAP_MMIO instead of depending on it
2023-05-08 9:43 [PATCH 5.15 000/371] 5.15.111-rc1 review Greg Kroah-Hartman
` (234 preceding siblings ...)
2023-05-08 9:47 ` [PATCH 5.15 235/371] tcp/udp: Fix memleaks of sk and zerocopy skbs with TX timestamp Greg Kroah-Hartman
@ 2023-05-08 9:47 ` Greg Kroah-Hartman
2023-05-08 9:47 ` [PATCH 5.15 237/371] drivers: staging: rtl8723bs: Fix locking in _rtw_join_timeout_handler() Greg Kroah-Hartman
` (138 subsequent siblings)
374 siblings, 0 replies; 391+ messages in thread
From: Greg Kroah-Hartman @ 2023-05-08 9:47 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Randy Dunlap, Andrew Jeffery,
Corey Minyard, openipmi-developer, Arnd Bergmann, Corey Minyard,
Sasha Levin
From: Randy Dunlap <rdunlap@infradead.org>
[ Upstream commit 2a587b9ad052e7e92e508aea90c1e2ae433c1908 ]
REGMAP is a hidden (not user visible) symbol. Users cannot set it
directly thru "make *config", so drivers should select it instead of
depending on it if they need it.
Consistently using "select" or "depends on" can also help reduce
Kconfig circular dependency issues.
Therefore, change the use of "depends on REGMAP_MMIO" to
"select REGMAP_MMIO", which will also set REGMAP.
Fixes: eb994594bc22 ("ipmi: bt-bmc: Use a regmap for register access")
Signed-off-by: Randy Dunlap <rdunlap@infradead.org>
Cc: Andrew Jeffery <andrew@aj.id.au>
Cc: Corey Minyard <minyard@acm.org>
Cc: openipmi-developer@lists.sourceforge.net
Cc: Arnd Bergmann <arnd@arndb.de>
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Message-Id: <20230226053953.4681-2-rdunlap@infradead.org>
Signed-off-by: Corey Minyard <cminyard@mvista.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/char/ipmi/Kconfig | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/drivers/char/ipmi/Kconfig b/drivers/char/ipmi/Kconfig
index 249b31197eeae..8298a4dd0de68 100644
--- a/drivers/char/ipmi/Kconfig
+++ b/drivers/char/ipmi/Kconfig
@@ -153,7 +153,8 @@ config IPMI_KCS_BMC_SERIO
config ASPEED_BT_IPMI_BMC
depends on ARCH_ASPEED || COMPILE_TEST
- depends on REGMAP && REGMAP_MMIO && MFD_SYSCON
+ depends on MFD_SYSCON
+ select REGMAP_MMIO
tristate "BT IPMI bmc driver"
help
Provides a driver for the BT (Block Transfer) IPMI interface
--
2.39.2
^ permalink raw reply related [flat|nested] 391+ messages in thread
* [PATCH 5.15 237/371] drivers: staging: rtl8723bs: Fix locking in _rtw_join_timeout_handler()
2023-05-08 9:43 [PATCH 5.15 000/371] 5.15.111-rc1 review Greg Kroah-Hartman
` (235 preceding siblings ...)
2023-05-08 9:47 ` [PATCH 5.15 236/371] ipmi: ASPEED_BT_IPMI_BMC: select REGMAP_MMIO instead of depending on it Greg Kroah-Hartman
@ 2023-05-08 9:47 ` Greg Kroah-Hartman
2023-05-08 9:47 ` [PATCH 5.15 238/371] drivers: staging: rtl8723bs: Fix locking in rtw_scan_timeout_handler() Greg Kroah-Hartman
` (137 subsequent siblings)
374 siblings, 0 replies; 391+ messages in thread
From: Greg Kroah-Hartman @ 2023-05-08 9:47 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Duoming Zhou, Hans de Goede, Sasha Levin
From: Hans de Goede <hdegoede@redhat.com>
[ Upstream commit 215792eda008f6a1e7ed9d77fa20d582d22bb114 ]
Commit 041879b12ddb ("drivers: staging: rtl8192bs: Fix deadlock in
rtw_joinbss_event_prehandle()") besides fixing the deadlock also
modified _rtw_join_timeout_handler() to use spin_[un]lock_irq()
instead of spin_[un]lock_bh().
_rtw_join_timeout_handler() calls rtw_do_join() which takes
pmlmepriv->scanned_queue.lock using spin_[un]lock_bh(). This
spin_unlock_bh() call re-enables softirqs which triggers an oops in
kernel/softirq.c: __local_bh_enable_ip() when it calls
lockdep_assert_irqs_enabled():
[ 244.506087] WARNING: CPU: 2 PID: 0 at kernel/softirq.c:376 __local_bh_enable_ip+0xa6/0x100
...
[ 244.509022] Call Trace:
[ 244.509048] <IRQ>
[ 244.509100] _rtw_join_timeout_handler+0x134/0x170 [r8723bs]
[ 244.509468] ? __pfx__rtw_join_timeout_handler+0x10/0x10 [r8723bs]
[ 244.509772] ? __pfx__rtw_join_timeout_handler+0x10/0x10 [r8723bs]
[ 244.510076] call_timer_fn+0x95/0x2a0
[ 244.510200] __run_timers.part.0+0x1da/0x2d0
This oops is causd by the switch to spin_[un]lock_irq() which disables
the IRQs for the entire duration of _rtw_join_timeout_handler().
Disabling the IRQs is not necessary since all code taking this lock
runs from either user contexts or from softirqs, switch back to
spin_[un]lock_bh() to fix this.
Fixes: 041879b12ddb ("drivers: staging: rtl8192bs: Fix deadlock in rtw_joinbss_event_prehandle()")
Cc: Duoming Zhou <duoming@zju.edu.cn>
Signed-off-by: Hans de Goede <hdegoede@redhat.com>
Link: https://lore.kernel.org/r/20230221145326.7808-1-hdegoede@redhat.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/staging/rtl8723bs/core/rtw_mlme.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/drivers/staging/rtl8723bs/core/rtw_mlme.c b/drivers/staging/rtl8723bs/core/rtw_mlme.c
index 26c40042d2bed..f85ef7dd61b24 100644
--- a/drivers/staging/rtl8723bs/core/rtw_mlme.c
+++ b/drivers/staging/rtl8723bs/core/rtw_mlme.c
@@ -1547,7 +1547,7 @@ void _rtw_join_timeout_handler(struct timer_list *t)
if (adapter->bDriverStopped || adapter->bSurpriseRemoved)
return;
- spin_lock_irq(&pmlmepriv->lock);
+ spin_lock_bh(&pmlmepriv->lock);
if (rtw_to_roam(adapter) > 0) { /* join timeout caused by roaming */
while (1) {
@@ -1575,7 +1575,7 @@ void _rtw_join_timeout_handler(struct timer_list *t)
}
- spin_unlock_irq(&pmlmepriv->lock);
+ spin_unlock_bh(&pmlmepriv->lock);
}
/*
--
2.39.2
^ permalink raw reply related [flat|nested] 391+ messages in thread
* [PATCH 5.15 238/371] drivers: staging: rtl8723bs: Fix locking in rtw_scan_timeout_handler()
2023-05-08 9:43 [PATCH 5.15 000/371] 5.15.111-rc1 review Greg Kroah-Hartman
` (236 preceding siblings ...)
2023-05-08 9:47 ` [PATCH 5.15 237/371] drivers: staging: rtl8723bs: Fix locking in _rtw_join_timeout_handler() Greg Kroah-Hartman
@ 2023-05-08 9:47 ` Greg Kroah-Hartman
2023-05-08 9:47 ` [PATCH 5.15 239/371] pstore: Revert pmsg_lock back to a normal mutex Greg Kroah-Hartman
` (136 subsequent siblings)
374 siblings, 0 replies; 391+ messages in thread
From: Greg Kroah-Hartman @ 2023-05-08 9:47 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Duoming Zhou, Hans de Goede, Sasha Levin
From: Hans de Goede <hdegoede@redhat.com>
[ Upstream commit 3f467036093fedd7e231924327455fc609b5ef02 ]
Commit cc7ad0d77b51 ("drivers: staging: rtl8723bs: Fix deadlock in
rtw_surveydone_event_callback()") besides fixing the deadlock also
modified rtw_scan_timeout_handler() to use spin_[un]lock_irq()
instead of spin_[un]lock_bh().
Disabling the IRQs is not necessary since all code taking this lock
runs from either user contexts or from softirqs
rtw_scan_timeout_handler() is the only function taking pmlmepriv->lock
which uses spin_[un]lock_irq() for this. Switch back to
spin_[un]lock_bh() to make it consistent with the rest of the code.
Fixes: cc7ad0d77b51 ("drivers: staging: rtl8723bs: Fix deadlock in rtw_surveydone_event_callback()")
Cc: Duoming Zhou <duoming@zju.edu.cn>
Signed-off-by: Hans de Goede <hdegoede@redhat.com>
Link: https://lore.kernel.org/r/20230221145326.7808-2-hdegoede@redhat.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/staging/rtl8723bs/core/rtw_mlme.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/drivers/staging/rtl8723bs/core/rtw_mlme.c b/drivers/staging/rtl8723bs/core/rtw_mlme.c
index f85ef7dd61b24..5b64980e8522f 100644
--- a/drivers/staging/rtl8723bs/core/rtw_mlme.c
+++ b/drivers/staging/rtl8723bs/core/rtw_mlme.c
@@ -1588,11 +1588,11 @@ void rtw_scan_timeout_handler(struct timer_list *t)
mlmepriv.scan_to_timer);
struct mlme_priv *pmlmepriv = &adapter->mlmepriv;
- spin_lock_irq(&pmlmepriv->lock);
+ spin_lock_bh(&pmlmepriv->lock);
_clr_fwstate_(pmlmepriv, _FW_UNDER_SURVEY);
- spin_unlock_irq(&pmlmepriv->lock);
+ spin_unlock_bh(&pmlmepriv->lock);
rtw_indicate_scan_done(adapter, true);
}
--
2.39.2
^ permalink raw reply related [flat|nested] 391+ messages in thread
* [PATCH 5.15 239/371] pstore: Revert pmsg_lock back to a normal mutex
2023-05-08 9:43 [PATCH 5.15 000/371] 5.15.111-rc1 review Greg Kroah-Hartman
` (237 preceding siblings ...)
2023-05-08 9:47 ` [PATCH 5.15 238/371] drivers: staging: rtl8723bs: Fix locking in rtw_scan_timeout_handler() Greg Kroah-Hartman
@ 2023-05-08 9:47 ` Greg Kroah-Hartman
2023-05-08 9:47 ` [PATCH 5.15 240/371] usb: host: xhci-rcar: remove leftover quirk handling Greg Kroah-Hartman
` (135 subsequent siblings)
374 siblings, 0 replies; 391+ messages in thread
From: Greg Kroah-Hartman @ 2023-05-08 9:47 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Wei Wang, Midas Chien, Chunhui Li ,
Steven Rostedt, Kees Cook, Anton Vorontsov, Guilherme G. Piccoli,
Tony Luck, kernel-team, John Stultz, Sasha Levin
From: John Stultz <jstultz@google.com>
[ Upstream commit 5239a89b06d6b199f133bf0ffea421683187f257 ]
This reverts commit 76d62f24db07f22ccf9bc18ca793c27d4ebef721.
So while priority inversion on the pmsg_lock is an occasional
problem that an rt_mutex would help with, in uses where logging
is writing to pmsg heavily from multiple threads, the pmsg_lock
can be heavily contended.
After this change landed, it was reported that cases where the
mutex locking overhead was commonly adding on the order of 10s
of usecs delay had suddenly jumped to ~msec delay with rtmutex.
It seems the slight differences in the locks under this level
of contention causes the normal mutexes to utilize the spinning
optimizations, while the rtmutexes end up in the sleeping
slowpath (which allows additional threads to pile on trying
to take the lock).
In this case, it devolves to a worse case senerio where the lock
acquisition and scheduling overhead dominates, and each thread
is waiting on the order of ~ms to do ~us of work.
Obviously, having tons of threads all contending on a single
lock for logging is non-optimal, so the proper fix is probably
reworking pstore pmsg to have per-cpu buffers so we don't have
contention.
Additionally, Steven Rostedt has provided some furhter
optimizations for rtmutexes that improves the rtmutex spinning
path, but at least in my testing, I still see the test tripping
into the sleeping path on rtmutexes while utilizing the spinning
path with mutexes.
But in the short term, lets revert the change to the rt_mutex
and go back to normal mutexes to avoid a potentially major
performance regression. And we can work on optimizations to both
rtmutexes and finer-grained locking for pstore pmsg in the
future.
Cc: Wei Wang <wvw@google.com>
Cc: Midas Chien<midaschieh@google.com>
Cc: "Chunhui Li (李春辉)" <chunhui.li@mediatek.com>
Cc: Steven Rostedt <rostedt@goodmis.org>
Cc: Kees Cook <keescook@chromium.org>
Cc: Anton Vorontsov <anton@enomsg.org>
Cc: "Guilherme G. Piccoli" <gpiccoli@igalia.com>
Cc: Tony Luck <tony.luck@intel.com>
Cc: kernel-team@android.com
Fixes: 76d62f24db07 ("pstore: Switch pmsg_lock to an rt_mutex to avoid priority inversion")
Reported-by: "Chunhui Li (李春辉)" <chunhui.li@mediatek.com>
Signed-off-by: John Stultz <jstultz@google.com>
Signed-off-by: Kees Cook <keescook@chromium.org>
Link: https://lore.kernel.org/r/20230308204043.2061631-1-jstultz@google.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
fs/pstore/pmsg.c | 7 +++----
1 file changed, 3 insertions(+), 4 deletions(-)
diff --git a/fs/pstore/pmsg.c b/fs/pstore/pmsg.c
index 18cf94b597e05..d8542ec2f38c6 100644
--- a/fs/pstore/pmsg.c
+++ b/fs/pstore/pmsg.c
@@ -7,10 +7,9 @@
#include <linux/device.h>
#include <linux/fs.h>
#include <linux/uaccess.h>
-#include <linux/rtmutex.h>
#include "internal.h"
-static DEFINE_RT_MUTEX(pmsg_lock);
+static DEFINE_MUTEX(pmsg_lock);
static ssize_t write_pmsg(struct file *file, const char __user *buf,
size_t count, loff_t *ppos)
@@ -29,9 +28,9 @@ static ssize_t write_pmsg(struct file *file, const char __user *buf,
if (!access_ok(buf, count))
return -EFAULT;
- rt_mutex_lock(&pmsg_lock);
+ mutex_lock(&pmsg_lock);
ret = psinfo->write_user(&record, buf);
- rt_mutex_unlock(&pmsg_lock);
+ mutex_unlock(&pmsg_lock);
return ret ? ret : count;
}
--
2.39.2
^ permalink raw reply related [flat|nested] 391+ messages in thread
* [PATCH 5.15 240/371] usb: host: xhci-rcar: remove leftover quirk handling
2023-05-08 9:43 [PATCH 5.15 000/371] 5.15.111-rc1 review Greg Kroah-Hartman
` (238 preceding siblings ...)
2023-05-08 9:47 ` [PATCH 5.15 239/371] pstore: Revert pmsg_lock back to a normal mutex Greg Kroah-Hartman
@ 2023-05-08 9:47 ` Greg Kroah-Hartman
2023-05-08 9:47 ` [PATCH 5.15 241/371] usb: dwc3: gadget: Change condition for processing suspend event Greg Kroah-Hartman
` (134 subsequent siblings)
374 siblings, 0 replies; 391+ messages in thread
From: Greg Kroah-Hartman @ 2023-05-08 9:47 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Geert Uytterhoeven, Wolfram Sang,
Sasha Levin
From: Wolfram Sang <wsa+renesas@sang-engineering.com>
[ Upstream commit 5d67f4861884762ebc2bddb5d667444e45f25782 ]
Loading V3 firmware does not need a quirk anymore, remove the leftover
code.
Fixes: ed8603e11124 ("usb: host: xhci-rcar: Simplify getting the firmware name for R-Car Gen3")
Reviewed-by: Geert Uytterhoeven <geert+renesas@glider.be>
Signed-off-by: Wolfram Sang <wsa+renesas@sang-engineering.com>
Link: https://lore.kernel.org/r/20230307163041.3815-10-wsa+renesas@sang-engineering.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/usb/host/xhci-rcar.c | 3 ---
1 file changed, 3 deletions(-)
diff --git a/drivers/usb/host/xhci-rcar.c b/drivers/usb/host/xhci-rcar.c
index 9888ba7d85b6a..cfafa1c50adea 100644
--- a/drivers/usb/host/xhci-rcar.c
+++ b/drivers/usb/host/xhci-rcar.c
@@ -75,7 +75,6 @@ MODULE_FIRMWARE(XHCI_RCAR_FIRMWARE_NAME_V3);
/* For soc_device_attribute */
#define RCAR_XHCI_FIRMWARE_V2 BIT(0) /* FIRMWARE V2 */
-#define RCAR_XHCI_FIRMWARE_V3 BIT(1) /* FIRMWARE V3 */
static const struct soc_device_attribute rcar_quirks_match[] = {
{
@@ -147,8 +146,6 @@ static int xhci_rcar_download_firmware(struct usb_hcd *hcd)
if (quirks & RCAR_XHCI_FIRMWARE_V2)
firmware_name = XHCI_RCAR_FIRMWARE_NAME_V2;
- else if (quirks & RCAR_XHCI_FIRMWARE_V3)
- firmware_name = XHCI_RCAR_FIRMWARE_NAME_V3;
else
firmware_name = priv->firmware_name;
--
2.39.2
^ permalink raw reply related [flat|nested] 391+ messages in thread
* [PATCH 5.15 241/371] usb: dwc3: gadget: Change condition for processing suspend event
2023-05-08 9:43 [PATCH 5.15 000/371] 5.15.111-rc1 review Greg Kroah-Hartman
` (239 preceding siblings ...)
2023-05-08 9:47 ` [PATCH 5.15 240/371] usb: host: xhci-rcar: remove leftover quirk handling Greg Kroah-Hartman
@ 2023-05-08 9:47 ` Greg Kroah-Hartman
2023-05-08 9:47 ` [PATCH 5.15 242/371] serial: stm32: re-introduce an irq flag condition in usart_receive_chars Greg Kroah-Hartman
` (133 subsequent siblings)
374 siblings, 0 replies; 391+ messages in thread
From: Greg Kroah-Hartman @ 2023-05-08 9:47 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Prashanth K, Thinh Nguyen, Sasha Levin
From: Prashanth K <quic_prashk@quicinc.com>
[ Upstream commit 4decf4060ecfee1f7a710999fcd421645ac0c419 ]
Currently we process the suspend interrupt event only if the
device is in configured state. Consider a case where device
is not configured and got suspend interrupt, in that case our
gadget will still use 100mA as composite_suspend didn't happen.
But battery charging specification (BC1.2) expects a downstream
device to draw less than 2.5mA when unconnected OR suspended.
Fix this by removing the condition for processing suspend event,
and thus composite_resume would set vbus draw to 2.
Fixes: 72704f876f50 ("dwc3: gadget: Implement the suspend entry event handler")
Signed-off-by: Prashanth K <quic_prashk@quicinc.com>
Acked-by: Thinh Nguyen <Thinh.Nguyen@synopsys.com>
Link: https://lore.kernel.org/r/1677217619-10261-2-git-send-email-quic_prashk@quicinc.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/usb/dwc3/gadget.c | 11 ++---------
1 file changed, 2 insertions(+), 9 deletions(-)
diff --git a/drivers/usb/dwc3/gadget.c b/drivers/usb/dwc3/gadget.c
index eaf64f33fe077..7ff77a0de5152 100644
--- a/drivers/usb/dwc3/gadget.c
+++ b/drivers/usb/dwc3/gadget.c
@@ -4092,15 +4092,8 @@ static void dwc3_gadget_interrupt(struct dwc3 *dwc,
break;
case DWC3_DEVICE_EVENT_SUSPEND:
/* It changed to be suspend event for version 2.30a and above */
- if (!DWC3_VER_IS_PRIOR(DWC3, 230A)) {
- /*
- * Ignore suspend event until the gadget enters into
- * USB_STATE_CONFIGURED state.
- */
- if (dwc->gadget->state >= USB_STATE_CONFIGURED)
- dwc3_gadget_suspend_interrupt(dwc,
- event->event_info);
- }
+ if (!DWC3_VER_IS_PRIOR(DWC3, 230A))
+ dwc3_gadget_suspend_interrupt(dwc, event->event_info);
break;
case DWC3_DEVICE_EVENT_SOF:
case DWC3_DEVICE_EVENT_ERRATIC_ERROR:
--
2.39.2
^ permalink raw reply related [flat|nested] 391+ messages in thread
* [PATCH 5.15 242/371] serial: stm32: re-introduce an irq flag condition in usart_receive_chars
2023-05-08 9:43 [PATCH 5.15 000/371] 5.15.111-rc1 review Greg Kroah-Hartman
` (240 preceding siblings ...)
2023-05-08 9:47 ` [PATCH 5.15 241/371] usb: dwc3: gadget: Change condition for processing suspend event Greg Kroah-Hartman
@ 2023-05-08 9:47 ` Greg Kroah-Hartman
2023-05-08 9:47 ` [PATCH 5.15 243/371] serial: stm32: Re-assert RTS/DE GPIO in RS485 mode only if more data are transmitted Greg Kroah-Hartman
` (132 subsequent siblings)
374 siblings, 0 replies; 391+ messages in thread
From: Greg Kroah-Hartman @ 2023-05-08 9:47 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Erwan Le Ray, Sasha Levin
From: Erwan Le Ray <erwan.leray@foss.st.com>
[ Upstream commit cc58d0a3f0a4755b9c808e065d9227c6e984e7db ]
Re-introduce an irq flag condition in usart_receive_chars.
This condition has been deleted by commit 75f4e830fa9c ("serial: do not
restore interrupt state in sysrq helper").
This code was present to handle threaded case, and has been removed
because it is no more needed in this case. Nevertheless an irq safe lock
is still needed in some cases, when DMA should be stopped to receive errors
or breaks in PIO mode.
This patch is a precursor to the complete rework or stm32 serial driver
DMA implementation.
Signed-off-by: Erwan Le Ray <erwan.leray@foss.st.com>
Link: https://lore.kernel.org/r/20211020150332.10214-2-erwan.leray@foss.st.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Stable-dep-of: c47527cbcc3c ("serial: stm32: Re-assert RTS/DE GPIO in RS485 mode only if more data are transmitted")
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/tty/serial/stm32-usart.c | 21 +++++++++++++--------
1 file changed, 13 insertions(+), 8 deletions(-)
diff --git a/drivers/tty/serial/stm32-usart.c b/drivers/tty/serial/stm32-usart.c
index 5c60960e185d2..0e8158cfaf0f9 100644
--- a/drivers/tty/serial/stm32-usart.c
+++ b/drivers/tty/serial/stm32-usart.c
@@ -264,19 +264,22 @@ static unsigned long stm32_usart_get_char(struct uart_port *port, u32 *sr,
return c;
}
-static void stm32_usart_receive_chars(struct uart_port *port, bool threaded)
+static void stm32_usart_receive_chars(struct uart_port *port, bool irqflag)
{
struct tty_port *tport = &port->state->port;
struct stm32_port *stm32_port = to_stm32_port(port);
const struct stm32_usart_offsets *ofs = &stm32_port->info->ofs;
- unsigned long c;
+ unsigned long c, flags;
u32 sr;
char flag;
- spin_lock(&port->lock);
+ if (irqflag)
+ spin_lock_irqsave(&port->lock, flags);
+ else
+ spin_lock(&port->lock);
while (stm32_usart_pending_rx(port, &sr, &stm32_port->last_res,
- threaded)) {
+ irqflag)) {
sr |= USART_SR_DUMMY_RX;
flag = TTY_NORMAL;
@@ -330,7 +333,10 @@ static void stm32_usart_receive_chars(struct uart_port *port, bool threaded)
uart_insert_char(port, sr, USART_SR_ORE, c, flag);
}
- uart_unlock_and_check_sysrq(port);
+ if (irqflag)
+ uart_unlock_and_check_sysrq_irqrestore(port, irqflag);
+ else
+ uart_unlock_and_check_sysrq(port);
tty_flip_buffer_push(tport);
}
@@ -599,10 +605,9 @@ static irqreturn_t stm32_usart_interrupt(int irq, void *ptr)
static irqreturn_t stm32_usart_threaded_interrupt(int irq, void *ptr)
{
struct uart_port *port = ptr;
- struct stm32_port *stm32_port = to_stm32_port(port);
- if (stm32_port->rx_ch)
- stm32_usart_receive_chars(port, true);
+ /* Receiver timeout irq for DMA RX */
+ stm32_usart_receive_chars(port, false);
return IRQ_HANDLED;
}
--
2.39.2
^ permalink raw reply related [flat|nested] 391+ messages in thread
* [PATCH 5.15 243/371] serial: stm32: Re-assert RTS/DE GPIO in RS485 mode only if more data are transmitted
2023-05-08 9:43 [PATCH 5.15 000/371] 5.15.111-rc1 review Greg Kroah-Hartman
` (241 preceding siblings ...)
2023-05-08 9:47 ` [PATCH 5.15 242/371] serial: stm32: re-introduce an irq flag condition in usart_receive_chars Greg Kroah-Hartman
@ 2023-05-08 9:47 ` Greg Kroah-Hartman
2023-05-08 9:47 ` [PATCH 5.15 244/371] fpga: bridge: fix kernel-doc parameter description Greg Kroah-Hartman
` (131 subsequent siblings)
374 siblings, 0 replies; 391+ messages in thread
From: Greg Kroah-Hartman @ 2023-05-08 9:47 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Marek Vasut, Sasha Levin
From: Marek Vasut <marex@denx.de>
[ Upstream commit c47527cbcc3c50800f34b8c684f29721f75de246 ]
The stm32_usart_transmit_chars() may be called with empty or stopped
transmit queue, and no XON/OFF character pending. This can happen at
the end of transmission, where this last call is used to either handle
the XON/XOFF x_char, or disable TX interrupt if queue is empty or
stopped.
If that occurs, do not assert the RS485 RTS/DE GPIO anymore, as the
GPIO would remain asserted past the end of transmission and that would
block the RS485 bus after the transmission.
Only assert the RS485 RTS/DE GPIO if there is either pending XON/XOFF
x_char, or at least one character in running transmit queue.
Fixes: d7c76716169d ("serial: stm32: Use TC interrupt to deassert GPIO RTS in RS485 mode")
Signed-off-by: Marek Vasut <marex@denx.de>
Link: https://lore.kernel.org/r/20230223042252.95480-2-marex@denx.de
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/tty/serial/stm32-usart.c | 5 +++--
1 file changed, 3 insertions(+), 2 deletions(-)
diff --git a/drivers/tty/serial/stm32-usart.c b/drivers/tty/serial/stm32-usart.c
index 0e8158cfaf0f9..3b7d4481edbea 100644
--- a/drivers/tty/serial/stm32-usart.c
+++ b/drivers/tty/serial/stm32-usart.c
@@ -502,8 +502,9 @@ static void stm32_usart_transmit_chars(struct uart_port *port)
int ret;
if (!stm32_port->hw_flow_control &&
- port->rs485.flags & SER_RS485_ENABLED) {
- stm32_port->txdone = false;
+ port->rs485.flags & SER_RS485_ENABLED &&
+ (port->x_char ||
+ !(uart_circ_empty(xmit) || uart_tx_stopped(port)))) {
stm32_usart_tc_interrupt_disable(port);
stm32_usart_rs485_rts_enable(port);
}
--
2.39.2
^ permalink raw reply related [flat|nested] 391+ messages in thread
* [PATCH 5.15 244/371] fpga: bridge: fix kernel-doc parameter description
2023-05-08 9:43 [PATCH 5.15 000/371] 5.15.111-rc1 review Greg Kroah-Hartman
` (242 preceding siblings ...)
2023-05-08 9:47 ` [PATCH 5.15 243/371] serial: stm32: Re-assert RTS/DE GPIO in RS485 mode only if more data are transmitted Greg Kroah-Hartman
@ 2023-05-08 9:47 ` Greg Kroah-Hartman
2023-05-08 9:47 ` [PATCH 5.15 245/371] iio: light: max44009: add missing OF device matching Greg Kroah-Hartman
` (130 subsequent siblings)
374 siblings, 0 replies; 391+ messages in thread
From: Greg Kroah-Hartman @ 2023-05-08 9:47 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Marco Pagani, Tom Rix, Xu Yilun,
Sasha Levin
From: Marco Pagani <marpagan@redhat.com>
[ Upstream commit 7ef1a2c1c9dffa177ecc3ea50b7f5ee63a621137 ]
Fix the kernel-doc description for the "struct fpga_image_info *info"
parameter of the fpga_bridge_get() function.
Fixes: 060ac5c8fa7b ("fpga: bridge: kernel-doc fixes")
Signed-off-by: Marco Pagani <marpagan@redhat.com>
Reviewed-by: Tom Rix <trix@redhat.com>
Acked-by: Xu Yilun <yilun.xu@intel.com>
Link: https://lore.kernel.org/r/20230301140309.512578-1-marpagan@redhat.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/fpga/fpga-bridge.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/fpga/fpga-bridge.c b/drivers/fpga/fpga-bridge.c
index 798f55670646c..75a24b0457243 100644
--- a/drivers/fpga/fpga-bridge.c
+++ b/drivers/fpga/fpga-bridge.c
@@ -115,7 +115,7 @@ static int fpga_bridge_dev_match(struct device *dev, const void *data)
/**
* fpga_bridge_get - get an exclusive reference to an fpga bridge
* @dev: parent device that fpga bridge was registered with
- * @info: fpga manager info
+ * @info: fpga image specific information
*
* Given a device, get an exclusive reference to an fpga bridge.
*
--
2.39.2
^ permalink raw reply related [flat|nested] 391+ messages in thread
* [PATCH 5.15 245/371] iio: light: max44009: add missing OF device matching
2023-05-08 9:43 [PATCH 5.15 000/371] 5.15.111-rc1 review Greg Kroah-Hartman
` (243 preceding siblings ...)
2023-05-08 9:47 ` [PATCH 5.15 244/371] fpga: bridge: fix kernel-doc parameter description Greg Kroah-Hartman
@ 2023-05-08 9:47 ` Greg Kroah-Hartman
2023-05-08 9:47 ` [PATCH 5.15 246/371] serial: 8250_bcm7271: Fix arbitration handling Greg Kroah-Hartman
` (129 subsequent siblings)
374 siblings, 0 replies; 391+ messages in thread
From: Greg Kroah-Hartman @ 2023-05-08 9:47 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Krzysztof Kozlowski,
Jonathan Cameron, Sasha Levin
From: Krzysztof Kozlowski <krzysztof.kozlowski@linaro.org>
[ Upstream commit b29c49026c3c05a11f845dba17cad0b3ba06836d ]
The driver currently matches only via i2c_device_id, but also has
of_device_id table:
drivers/iio/light/max44009.c:545:34: error: ‘max44009_of_match’ defined but not used [-Werror=unused-const-variable=]
Fixes: 6aef699a7d7e ("iio: light: add driver for MAX44009")
Signed-off-by: Krzysztof Kozlowski <krzysztof.kozlowski@linaro.org>
Link: https://lore.kernel.org/r/20230312153429.371702-2-krzysztof.kozlowski@linaro.org
Signed-off-by: Jonathan Cameron <Jonathan.Cameron@huawei.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/iio/light/max44009.c | 13 +++++++------
1 file changed, 7 insertions(+), 6 deletions(-)
diff --git a/drivers/iio/light/max44009.c b/drivers/iio/light/max44009.c
index 801e5a0ad496b..f3648f20ef2c0 100644
--- a/drivers/iio/light/max44009.c
+++ b/drivers/iio/light/max44009.c
@@ -528,6 +528,12 @@ static int max44009_probe(struct i2c_client *client,
return devm_iio_device_register(&client->dev, indio_dev);
}
+static const struct of_device_id max44009_of_match[] = {
+ { .compatible = "maxim,max44009" },
+ { }
+};
+MODULE_DEVICE_TABLE(of, max44009_of_match);
+
static const struct i2c_device_id max44009_id[] = {
{ "max44009", 0 },
{ }
@@ -537,18 +543,13 @@ MODULE_DEVICE_TABLE(i2c, max44009_id);
static struct i2c_driver max44009_driver = {
.driver = {
.name = MAX44009_DRV_NAME,
+ .of_match_table = max44009_of_match,
},
.probe = max44009_probe,
.id_table = max44009_id,
};
module_i2c_driver(max44009_driver);
-static const struct of_device_id max44009_of_match[] = {
- { .compatible = "maxim,max44009" },
- { }
-};
-MODULE_DEVICE_TABLE(of, max44009_of_match);
-
MODULE_AUTHOR("Robert Eshleman <bobbyeshleman@gmail.com>");
MODULE_LICENSE("GPL v2");
MODULE_DESCRIPTION("MAX44009 ambient light sensor driver");
--
2.39.2
^ permalink raw reply related [flat|nested] 391+ messages in thread
* [PATCH 5.15 246/371] serial: 8250_bcm7271: Fix arbitration handling
2023-05-08 9:43 [PATCH 5.15 000/371] 5.15.111-rc1 review Greg Kroah-Hartman
` (244 preceding siblings ...)
2023-05-08 9:47 ` [PATCH 5.15 245/371] iio: light: max44009: add missing OF device matching Greg Kroah-Hartman
@ 2023-05-08 9:47 ` Greg Kroah-Hartman
2023-05-08 9:47 ` [PATCH 5.15 247/371] spi: spi-imx: using pm_runtime_resume_and_get instead of pm_runtime_get_sync Greg Kroah-Hartman
` (128 subsequent siblings)
374 siblings, 0 replies; 391+ messages in thread
From: Greg Kroah-Hartman @ 2023-05-08 9:47 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Doug Berger, Florian Fainelli, Sasha Levin
From: Doug Berger <opendmb@gmail.com>
[ Upstream commit 15ac1122fd6d4bf408a03e6f23c7ad4f60b22f9e ]
The arbitration of the UART DMA is mishandled for a few
exceptional cases when probing and releasing the driver.
It is possible that the DMA register spaces are not defined in
device tree for an instance of the driver, so attempts to access
the registers in brcmuart_arbitration() would use NULL pointers.
It is also possible for the probe function to return an error
while still holding the UART DMA. This would prevent the UART
DMA from being claimed by an instance that could use it.
These errors are addressed by only releasing the UART DMA if it
is held by this instance (i.e. priv->dma_enabled == 1) and
directing early error paths in probe to this common release_dma
handling.
Fixes: 41a469482de2 ("serial: 8250: Add new 8250-core based Broadcom STB driver")
Signed-off-by: Doug Berger <opendmb@gmail.com>
Acked-by: Florian Fainelli <f.fainelli@gmail.com>
Link: https://lore.kernel.org/r/20230309190224.687380-1-opendmb@gmail.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/tty/serial/8250/8250_bcm7271.c | 18 ++++++++++++------
1 file changed, 12 insertions(+), 6 deletions(-)
diff --git a/drivers/tty/serial/8250/8250_bcm7271.c b/drivers/tty/serial/8250/8250_bcm7271.c
index 60b3ac1a03175..87ff28a3a94c5 100644
--- a/drivers/tty/serial/8250/8250_bcm7271.c
+++ b/drivers/tty/serial/8250/8250_bcm7271.c
@@ -1018,14 +1018,16 @@ static int brcmuart_probe(struct platform_device *pdev)
/* See if a Baud clock has been specified */
baud_mux_clk = of_clk_get_by_name(np, "sw_baud");
if (IS_ERR(baud_mux_clk)) {
- if (PTR_ERR(baud_mux_clk) == -EPROBE_DEFER)
- return -EPROBE_DEFER;
+ if (PTR_ERR(baud_mux_clk) == -EPROBE_DEFER) {
+ ret = -EPROBE_DEFER;
+ goto release_dma;
+ }
dev_dbg(dev, "BAUD MUX clock not specified\n");
} else {
dev_dbg(dev, "BAUD MUX clock found\n");
ret = clk_prepare_enable(baud_mux_clk);
if (ret)
- return ret;
+ goto release_dma;
priv->baud_mux_clk = baud_mux_clk;
init_real_clk_rates(dev, priv);
clk_rate = priv->default_mux_rate;
@@ -1033,7 +1035,8 @@ static int brcmuart_probe(struct platform_device *pdev)
if (clk_rate == 0) {
dev_err(dev, "clock-frequency or clk not defined\n");
- return -EINVAL;
+ ret = -EINVAL;
+ goto release_dma;
}
dev_dbg(dev, "DMA is %senabled\n", priv->dma_enabled ? "" : "not ");
@@ -1120,7 +1123,9 @@ static int brcmuart_probe(struct platform_device *pdev)
serial8250_unregister_port(priv->line);
err:
brcmuart_free_bufs(dev, priv);
- brcmuart_arbitration(priv, 0);
+release_dma:
+ if (priv->dma_enabled)
+ brcmuart_arbitration(priv, 0);
return ret;
}
@@ -1132,7 +1137,8 @@ static int brcmuart_remove(struct platform_device *pdev)
hrtimer_cancel(&priv->hrt);
serial8250_unregister_port(priv->line);
brcmuart_free_bufs(&pdev->dev, priv);
- brcmuart_arbitration(priv, 0);
+ if (priv->dma_enabled)
+ brcmuart_arbitration(priv, 0);
return 0;
}
--
2.39.2
^ permalink raw reply related [flat|nested] 391+ messages in thread
* [PATCH 5.15 247/371] spi: spi-imx: using pm_runtime_resume_and_get instead of pm_runtime_get_sync
2023-05-08 9:43 [PATCH 5.15 000/371] 5.15.111-rc1 review Greg Kroah-Hartman
` (245 preceding siblings ...)
2023-05-08 9:47 ` [PATCH 5.15 246/371] serial: 8250_bcm7271: Fix arbitration handling Greg Kroah-Hartman
@ 2023-05-08 9:47 ` Greg Kroah-Hartman
2023-05-08 9:47 ` [PATCH 5.15 248/371] spi: imx: Dont skip cleanup in removes error path Greg Kroah-Hartman
` (127 subsequent siblings)
374 siblings, 0 replies; 391+ messages in thread
From: Greg Kroah-Hartman @ 2023-05-08 9:47 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Zeal Robot, Minghao Chi, Mark Brown,
Sasha Levin
From: Minghao Chi <chi.minghao@zte.com.cn>
[ Upstream commit 7d34ff58f35c82207698f43af79817a05e1342e5 ]
Using pm_runtime_resume_and_get() to replace pm_runtime_get_sync and
pm_runtime_put_noidle. This change is just to simplify the code, no
actual functional changes.
Reported-by: Zeal Robot <zealci@zte.com.cn>
Signed-off-by: Minghao Chi <chi.minghao@zte.com.cn>
Link: https://lore.kernel.org/r/20220414085343.2541608-1-chi.minghao@zte.com.cn
Signed-off-by: Mark Brown <broonie@kernel.org>
Stable-dep-of: 11951c9e3f36 ("spi: imx: Don't skip cleanup in remove's error path")
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/spi/spi-imx.c | 6 ++----
1 file changed, 2 insertions(+), 4 deletions(-)
diff --git a/drivers/spi/spi-imx.c b/drivers/spi/spi-imx.c
index 890b2cf02149c..980cd168fe4c8 100644
--- a/drivers/spi/spi-imx.c
+++ b/drivers/spi/spi-imx.c
@@ -1552,9 +1552,8 @@ spi_imx_prepare_message(struct spi_master *master, struct spi_message *msg)
struct spi_imx_data *spi_imx = spi_master_get_devdata(master);
int ret;
- ret = pm_runtime_get_sync(spi_imx->dev);
+ ret = pm_runtime_resume_and_get(spi_imx->dev);
if (ret < 0) {
- pm_runtime_put_noidle(spi_imx->dev);
dev_err(spi_imx->dev, "failed to enable clock\n");
return ret;
}
@@ -1770,9 +1769,8 @@ static int spi_imx_remove(struct platform_device *pdev)
spi_bitbang_stop(&spi_imx->bitbang);
- ret = pm_runtime_get_sync(spi_imx->dev);
+ ret = pm_runtime_resume_and_get(spi_imx->dev);
if (ret < 0) {
- pm_runtime_put_noidle(spi_imx->dev);
dev_err(spi_imx->dev, "failed to enable clock\n");
return ret;
}
--
2.39.2
^ permalink raw reply related [flat|nested] 391+ messages in thread
* [PATCH 5.15 248/371] spi: imx: Dont skip cleanup in removes error path
2023-05-08 9:43 [PATCH 5.15 000/371] 5.15.111-rc1 review Greg Kroah-Hartman
` (246 preceding siblings ...)
2023-05-08 9:47 ` [PATCH 5.15 247/371] spi: spi-imx: using pm_runtime_resume_and_get instead of pm_runtime_get_sync Greg Kroah-Hartman
@ 2023-05-08 9:47 ` Greg Kroah-Hartman
2023-05-08 9:47 ` [PATCH 5.15 249/371] usb: gadget: udc: renesas_usb3: Fix use after free bug in renesas_usb3_remove due to race condition Greg Kroah-Hartman
` (126 subsequent siblings)
374 siblings, 0 replies; 391+ messages in thread
From: Greg Kroah-Hartman @ 2023-05-08 9:47 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Uwe Kleine-König, Mark Brown,
Sasha Levin
From: Uwe Kleine-König <u.kleine-koenig@pengutronix.de>
[ Upstream commit 11951c9e3f364d7ae3b568a0e52c8335d43066b5 ]
Returning early in a platform driver's remove callback is wrong. In this
case the dma resources are not released in the error path. this is never
retried later and so this is a permanent leak. To fix this, only skip
hardware disabling if waking the device fails.
Fixes: d593574aff0a ("spi: imx: do not access registers while clocks disabled")
Signed-off-by: Uwe Kleine-König <u.kleine-koenig@pengutronix.de>
Link: https://lore.kernel.org/r/20230306065733.2170662-2-u.kleine-koenig@pengutronix.de
Signed-off-by: Mark Brown <broonie@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/spi/spi-imx.c | 12 +++++-------
1 file changed, 5 insertions(+), 7 deletions(-)
diff --git a/drivers/spi/spi-imx.c b/drivers/spi/spi-imx.c
index 980cd168fe4c8..2f06f2840d616 100644
--- a/drivers/spi/spi-imx.c
+++ b/drivers/spi/spi-imx.c
@@ -1769,13 +1769,11 @@ static int spi_imx_remove(struct platform_device *pdev)
spi_bitbang_stop(&spi_imx->bitbang);
- ret = pm_runtime_resume_and_get(spi_imx->dev);
- if (ret < 0) {
- dev_err(spi_imx->dev, "failed to enable clock\n");
- return ret;
- }
-
- writel(0, spi_imx->base + MXC_CSPICTRL);
+ ret = pm_runtime_get_sync(spi_imx->dev);
+ if (ret >= 0)
+ writel(0, spi_imx->base + MXC_CSPICTRL);
+ else
+ dev_warn(spi_imx->dev, "failed to enable clock, skip hw disable\n");
pm_runtime_dont_use_autosuspend(spi_imx->dev);
pm_runtime_put_sync(spi_imx->dev);
--
2.39.2
^ permalink raw reply related [flat|nested] 391+ messages in thread
* [PATCH 5.15 249/371] usb: gadget: udc: renesas_usb3: Fix use after free bug in renesas_usb3_remove due to race condition
2023-05-08 9:43 [PATCH 5.15 000/371] 5.15.111-rc1 review Greg Kroah-Hartman
` (247 preceding siblings ...)
2023-05-08 9:47 ` [PATCH 5.15 248/371] spi: imx: Dont skip cleanup in removes error path Greg Kroah-Hartman
@ 2023-05-08 9:47 ` Greg Kroah-Hartman
2023-05-08 9:47 ` [PATCH 5.15 250/371] PCI: imx6: Install the fault handler only on compatible match Greg Kroah-Hartman
` (125 subsequent siblings)
374 siblings, 0 replies; 391+ messages in thread
From: Greg Kroah-Hartman @ 2023-05-08 9:47 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Zheng Wang, Yoshihiro Shimoda, Sasha Levin
From: Zheng Wang <zyytlz.wz@163.com>
[ Upstream commit 2b947f8769be8b8181dc795fd292d3e7120f5204 ]
In renesas_usb3_probe, role_work is bound with renesas_usb3_role_work.
renesas_usb3_start will be called to start the work.
If we remove the driver which will call usbhs_remove, there may be
an unfinished work. The possible sequence is as follows:
CPU0 CPU1
renesas_usb3_role_work
renesas_usb3_remove
usb_role_switch_unregister
device_unregister
kfree(sw)
//free usb3->role_sw
usb_role_switch_set_role
//use usb3->role_sw
The usb3->role_sw could be freed under such circumstance and then
used in usb_role_switch_set_role.
This bug was found by static analysis. And note that removing a
driver is a root-only operation, and should never happen in normal
case. But the root user may directly remove the device which
will also trigger the remove function.
Fix it by canceling the work before cleanup in the renesas_usb3_remove.
Fixes: 39facfa01c9f ("usb: gadget: udc: renesas_usb3: Add register of usb role switch")
Signed-off-by: Zheng Wang <zyytlz.wz@163.com>
Reviewed-by: Yoshihiro Shimoda <yoshihiro.shimoda.uh@renesas.com>
Link: https://lore.kernel.org/r/20230320062931.505170-1-zyytlz.wz@163.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/usb/gadget/udc/renesas_usb3.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/drivers/usb/gadget/udc/renesas_usb3.c b/drivers/usb/gadget/udc/renesas_usb3.c
index 601829a6b4bad..a10f41c4a3f2f 100644
--- a/drivers/usb/gadget/udc/renesas_usb3.c
+++ b/drivers/usb/gadget/udc/renesas_usb3.c
@@ -2568,6 +2568,7 @@ static int renesas_usb3_remove(struct platform_device *pdev)
debugfs_remove_recursive(usb3->dentry);
device_remove_file(&pdev->dev, &dev_attr_role);
+ cancel_work_sync(&usb3->role_work);
usb_role_switch_unregister(usb3->role_sw);
usb_del_gadget_udc(&usb3->gadget);
--
2.39.2
^ permalink raw reply related [flat|nested] 391+ messages in thread
* [PATCH 5.15 250/371] PCI: imx6: Install the fault handler only on compatible match
2023-05-08 9:43 [PATCH 5.15 000/371] 5.15.111-rc1 review Greg Kroah-Hartman
` (248 preceding siblings ...)
2023-05-08 9:47 ` [PATCH 5.15 249/371] usb: gadget: udc: renesas_usb3: Fix use after free bug in renesas_usb3_remove due to race condition Greg Kroah-Hartman
@ 2023-05-08 9:47 ` Greg Kroah-Hartman
2023-05-08 9:47 ` [PATCH 5.15 251/371] ASoC: es8316: Handle optional IRQ assignment Greg Kroah-Hartman
` (124 subsequent siblings)
374 siblings, 0 replies; 391+ messages in thread
From: Greg Kroah-Hartman @ 2023-05-08 9:47 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, H. Nikolaus Schaller,
Lorenzo Pieralisi, Richard Zhu, Sasha Levin
From: H. Nikolaus Schaller <hns@goldelico.com>
[ Upstream commit 5f5ac460dfe7f4e11f99de9870f240e39189cf72 ]
commit bb38919ec56e ("PCI: imx6: Add support for i.MX6 PCIe controller")
added a fault hook to this driver in the probe function. So it was only
installed if needed.
commit bde4a5a00e76 ("PCI: imx6: Allow probe deferral by reset GPIO")
moved it from probe to driver init which installs the hook unconditionally
as soon as the driver is compiled into a kernel.
When this driver is compiled as a module, the hook is not registered
until after the driver has been matched with a .compatible and
loaded.
commit 415b6185c541 ("PCI: imx6: Fix config read timeout handling")
extended the fault handling code.
commit 2d8ed461dbc9 ("PCI: imx6: Add support for i.MX8MQ")
added some protection for non-ARM architectures, but this does not
protect non-i.MX ARM architectures.
Since fault handlers can be triggered on any architecture for different
reasons, there is no guarantee that they will be triggered only for the
assumed situation, leading to improper error handling (i.MX6-specific
imx6q_pcie_abort_handler) on foreign systems.
I had seen strange L3 imprecise external abort messages several times on
OMAP4 and OMAP5 devices and couldn't make sense of them until I realized
they were related to this unused imx6q driver because I had
CONFIG_PCI_IMX6=y.
Note that CONFIG_PCI_IMX6=y is useful for kernel binaries that are designed
to run on different ARM SoC and be differentiated only by device tree
binaries. So turning off CONFIG_PCI_IMX6 is not a solution.
Therefore we check the compatible in the init function before registering
the fault handler.
Link: https://lore.kernel.org/r/e1bcfc3078c82b53aa9b78077a89955abe4ea009.1678380991.git.hns@goldelico.com
Fixes: bde4a5a00e76 ("PCI: imx6: Allow probe deferral by reset GPIO")
Fixes: 415b6185c541 ("PCI: imx6: Fix config read timeout handling")
Fixes: 2d8ed461dbc9 ("PCI: imx6: Add support for i.MX8MQ")
Signed-off-by: H. Nikolaus Schaller <hns@goldelico.com>
Signed-off-by: Lorenzo Pieralisi <lpieralisi@kernel.org>
Reviewed-by: Richard Zhu <hongxing.zhu@nxp.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/pci/controller/dwc/pci-imx6.c | 7 +++++++
1 file changed, 7 insertions(+)
diff --git a/drivers/pci/controller/dwc/pci-imx6.c b/drivers/pci/controller/dwc/pci-imx6.c
index 67dbf9d88d222..6a3336f2105b8 100644
--- a/drivers/pci/controller/dwc/pci-imx6.c
+++ b/drivers/pci/controller/dwc/pci-imx6.c
@@ -1258,6 +1258,13 @@ DECLARE_PCI_FIXUP_CLASS_HEADER(PCI_VENDOR_ID_SYNOPSYS, 0xabcd,
static int __init imx6_pcie_init(void)
{
#ifdef CONFIG_ARM
+ struct device_node *np;
+
+ np = of_find_matching_node(NULL, imx6_pcie_of_match);
+ if (!np)
+ return -ENODEV;
+ of_node_put(np);
+
/*
* Since probe() can be deferred we need to make sure that
* hook_fault_code is not called after __init memory is freed
--
2.39.2
^ permalink raw reply related [flat|nested] 391+ messages in thread
* [PATCH 5.15 251/371] ASoC: es8316: Handle optional IRQ assignment
2023-05-08 9:43 [PATCH 5.15 000/371] 5.15.111-rc1 review Greg Kroah-Hartman
` (249 preceding siblings ...)
2023-05-08 9:47 ` [PATCH 5.15 250/371] PCI: imx6: Install the fault handler only on compatible match Greg Kroah-Hartman
@ 2023-05-08 9:47 ` Greg Kroah-Hartman
2023-05-08 9:47 ` Greg Kroah-Hartman
` (123 subsequent siblings)
374 siblings, 0 replies; 391+ messages in thread
From: Greg Kroah-Hartman @ 2023-05-08 9:47 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Cristian Ciocaltea, Hans de Goede,
Mark Brown, Sasha Levin
From: Cristian Ciocaltea <cristian.ciocaltea@collabora.com>
[ Upstream commit 39db65a0a17b54915b269d3685f253a4731f344c ]
The driver is able to work fine without relying on a mandatory interrupt
being assigned to the I2C device. This is only needed when making use of
the jack-detect support.
However, the following warning message is always emitted when there is
no such interrupt available:
es8316 0-0011: Failed to get IRQ 0: -22
Do not attempt to request an IRQ if it is not available/valid. This also
ensures the rather misleading message is not displayed anymore.
Also note the IRQ validation relies on commit dab472eb931bc291 ("i2c /
ACPI: Use 0 to indicate that device does not have interrupt assigned").
Fixes: 822257661031 ("ASoC: es8316: Add jack-detect support")
Signed-off-by: Cristian Ciocaltea <cristian.ciocaltea@collabora.com>
Reviewed-by: Hans de Goede <hdegoede@redhat.com>
Link: https://lore.kernel.org/r/20230328094901.50763-1-cristian.ciocaltea@collabora.com
Signed-off-by: Mark Brown <broonie@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
sound/soc/codecs/es8316.c | 14 ++++++++------
1 file changed, 8 insertions(+), 6 deletions(-)
diff --git a/sound/soc/codecs/es8316.c b/sound/soc/codecs/es8316.c
index 5fb02635c1406..afd6d401e3d09 100644
--- a/sound/soc/codecs/es8316.c
+++ b/sound/soc/codecs/es8316.c
@@ -810,12 +810,14 @@ static int es8316_i2c_probe(struct i2c_client *i2c_client,
es8316->irq = i2c_client->irq;
mutex_init(&es8316->lock);
- ret = devm_request_threaded_irq(dev, es8316->irq, NULL, es8316_irq,
- IRQF_TRIGGER_HIGH | IRQF_ONESHOT | IRQF_NO_AUTOEN,
- "es8316", es8316);
- if (ret) {
- dev_warn(dev, "Failed to get IRQ %d: %d\n", es8316->irq, ret);
- es8316->irq = -ENXIO;
+ if (es8316->irq > 0) {
+ ret = devm_request_threaded_irq(dev, es8316->irq, NULL, es8316_irq,
+ IRQF_TRIGGER_HIGH | IRQF_ONESHOT | IRQF_NO_AUTOEN,
+ "es8316", es8316);
+ if (ret) {
+ dev_warn(dev, "Failed to get IRQ %d: %d\n", es8316->irq, ret);
+ es8316->irq = -ENXIO;
+ }
}
return devm_snd_soc_register_component(&i2c_client->dev,
--
2.39.2
^ permalink raw reply related [flat|nested] 391+ messages in thread
* [PATCH 5.15 252/371] linux/vt_buffer.h: allow either builtin or modular for macros
2023-05-08 9:43 [PATCH 5.15 000/371] 5.15.111-rc1 review Greg Kroah-Hartman
@ 2023-05-08 9:47 ` Greg Kroah-Hartman
2023-05-08 9:43 ` [PATCH 5.15 002/371] ASoC: soc-pcm: fix hw->formats cleared by soc_pcm_hw_init() for dpcm Greg Kroah-Hartman
` (373 subsequent siblings)
374 siblings, 0 replies; 391+ messages in thread
From: Greg Kroah-Hartman @ 2023-05-08 9:47 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Randy Dunlap, Jiri Slaby, dri-devel,
linux-fbdev, Sasha Levin
From: Randy Dunlap <rdunlap@infradead.org>
[ Upstream commit 2b76ffe81e32afd6d318dc4547e2ba8c46207b77 ]
Fix build errors on ARCH=alpha when CONFIG_MDA_CONSOLE=m.
This allows the ARCH macros to be the only ones defined.
In file included from ../drivers/video/console/mdacon.c:37:
../arch/alpha/include/asm/vga.h:17:40: error: expected identifier or '(' before 'volatile'
17 | static inline void scr_writew(u16 val, volatile u16 *addr)
| ^~~~~~~~
../include/linux/vt_buffer.h:24:34: note: in definition of macro 'scr_writew'
24 | #define scr_writew(val, addr) (*(addr) = (val))
| ^~~~
../include/linux/vt_buffer.h:24:40: error: expected ')' before '=' token
24 | #define scr_writew(val, addr) (*(addr) = (val))
| ^
../arch/alpha/include/asm/vga.h:17:20: note: in expansion of macro 'scr_writew'
17 | static inline void scr_writew(u16 val, volatile u16 *addr)
| ^~~~~~~~~~
../arch/alpha/include/asm/vga.h:25:29: error: expected identifier or '(' before 'volatile'
25 | static inline u16 scr_readw(volatile const u16 *addr)
| ^~~~~~~~
Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2")
Signed-off-by: Randy Dunlap <rdunlap@infradead.org>
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Cc: Jiri Slaby <jirislaby@kernel.org>
Cc: dri-devel@lists.freedesktop.org
Cc: linux-fbdev@vger.kernel.org
Link: https://lore.kernel.org/r/20230329021529.16188-1-rdunlap@infradead.org
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
include/linux/vt_buffer.h | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/include/linux/vt_buffer.h b/include/linux/vt_buffer.h
index 848db1b1569ff..919d999a8c1db 100644
--- a/include/linux/vt_buffer.h
+++ b/include/linux/vt_buffer.h
@@ -16,7 +16,7 @@
#include <linux/string.h>
-#if defined(CONFIG_VGA_CONSOLE) || defined(CONFIG_MDA_CONSOLE)
+#if IS_ENABLED(CONFIG_VGA_CONSOLE) || IS_ENABLED(CONFIG_MDA_CONSOLE)
#include <asm/vga.h>
#endif
--
2.39.2
^ permalink raw reply related [flat|nested] 391+ messages in thread
* [PATCH 5.15 252/371] linux/vt_buffer.h: allow either builtin or modular for macros
@ 2023-05-08 9:47 ` Greg Kroah-Hartman
0 siblings, 0 replies; 391+ messages in thread
From: Greg Kroah-Hartman @ 2023-05-08 9:47 UTC (permalink / raw)
To: stable
Cc: Sasha Levin, linux-fbdev, Greg Kroah-Hartman, Randy Dunlap,
patches, dri-devel, Jiri Slaby
From: Randy Dunlap <rdunlap@infradead.org>
[ Upstream commit 2b76ffe81e32afd6d318dc4547e2ba8c46207b77 ]
Fix build errors on ARCH=alpha when CONFIG_MDA_CONSOLE=m.
This allows the ARCH macros to be the only ones defined.
In file included from ../drivers/video/console/mdacon.c:37:
../arch/alpha/include/asm/vga.h:17:40: error: expected identifier or '(' before 'volatile'
17 | static inline void scr_writew(u16 val, volatile u16 *addr)
| ^~~~~~~~
../include/linux/vt_buffer.h:24:34: note: in definition of macro 'scr_writew'
24 | #define scr_writew(val, addr) (*(addr) = (val))
| ^~~~
../include/linux/vt_buffer.h:24:40: error: expected ')' before '=' token
24 | #define scr_writew(val, addr) (*(addr) = (val))
| ^
../arch/alpha/include/asm/vga.h:17:20: note: in expansion of macro 'scr_writew'
17 | static inline void scr_writew(u16 val, volatile u16 *addr)
| ^~~~~~~~~~
../arch/alpha/include/asm/vga.h:25:29: error: expected identifier or '(' before 'volatile'
25 | static inline u16 scr_readw(volatile const u16 *addr)
| ^~~~~~~~
Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2")
Signed-off-by: Randy Dunlap <rdunlap@infradead.org>
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Cc: Jiri Slaby <jirislaby@kernel.org>
Cc: dri-devel@lists.freedesktop.org
Cc: linux-fbdev@vger.kernel.org
Link: https://lore.kernel.org/r/20230329021529.16188-1-rdunlap@infradead.org
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
include/linux/vt_buffer.h | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/include/linux/vt_buffer.h b/include/linux/vt_buffer.h
index 848db1b1569ff..919d999a8c1db 100644
--- a/include/linux/vt_buffer.h
+++ b/include/linux/vt_buffer.h
@@ -16,7 +16,7 @@
#include <linux/string.h>
-#if defined(CONFIG_VGA_CONSOLE) || defined(CONFIG_MDA_CONSOLE)
+#if IS_ENABLED(CONFIG_VGA_CONSOLE) || IS_ENABLED(CONFIG_MDA_CONSOLE)
#include <asm/vga.h>
#endif
--
2.39.2
^ permalink raw reply related [flat|nested] 391+ messages in thread
* [PATCH 5.15 253/371] spi: qup: Dont skip cleanup in removes error path
2023-05-08 9:43 [PATCH 5.15 000/371] 5.15.111-rc1 review Greg Kroah-Hartman
` (251 preceding siblings ...)
2023-05-08 9:47 ` Greg Kroah-Hartman
@ 2023-05-08 9:47 ` Greg Kroah-Hartman
2023-05-08 9:47 ` [PATCH 5.15 254/371] spi: fsl-spi: Fix CPM/QE mode Litte Endian Greg Kroah-Hartman
` (121 subsequent siblings)
374 siblings, 0 replies; 391+ messages in thread
From: Greg Kroah-Hartman @ 2023-05-08 9:47 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Uwe Kleine-König, Mark Brown,
Sasha Levin
From: Uwe Kleine-König <u.kleine-koenig@pengutronix.de>
[ Upstream commit 61f49171a43ab1f80c73c5c88c508770c461e0f2 ]
Returning early in a platform driver's remove callback is wrong. In this
case the dma resources are not released in the error path. this is never
retried later and so this is a permanent leak. To fix this, only skip
hardware disabling if waking the device fails.
Fixes: 64ff247a978f ("spi: Add Qualcomm QUP SPI controller support")
Signed-off-by: Uwe Kleine-König <u.kleine-koenig@pengutronix.de>
Link: https://lore.kernel.org/r/20230330210341.2459548-2-u.kleine-koenig@pengutronix.de
Signed-off-by: Mark Brown <broonie@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/spi/spi-qup.c | 22 +++++++++++++---------
1 file changed, 13 insertions(+), 9 deletions(-)
diff --git a/drivers/spi/spi-qup.c b/drivers/spi/spi-qup.c
index f3877eeb3da65..8bf58510cca6d 100644
--- a/drivers/spi/spi-qup.c
+++ b/drivers/spi/spi-qup.c
@@ -1276,18 +1276,22 @@ static int spi_qup_remove(struct platform_device *pdev)
struct spi_qup *controller = spi_master_get_devdata(master);
int ret;
- ret = pm_runtime_resume_and_get(&pdev->dev);
- if (ret < 0)
- return ret;
+ ret = pm_runtime_get_sync(&pdev->dev);
- ret = spi_qup_set_state(controller, QUP_STATE_RESET);
- if (ret)
- return ret;
+ if (ret >= 0) {
+ ret = spi_qup_set_state(controller, QUP_STATE_RESET);
+ if (ret)
+ dev_warn(&pdev->dev, "failed to reset controller (%pe)\n",
+ ERR_PTR(ret));
- spi_qup_release_dma(master);
+ clk_disable_unprepare(controller->cclk);
+ clk_disable_unprepare(controller->iclk);
+ } else {
+ dev_warn(&pdev->dev, "failed to resume, skip hw disable (%pe)\n",
+ ERR_PTR(ret));
+ }
- clk_disable_unprepare(controller->cclk);
- clk_disable_unprepare(controller->iclk);
+ spi_qup_release_dma(master);
pm_runtime_put_noidle(&pdev->dev);
pm_runtime_disable(&pdev->dev);
--
2.39.2
^ permalink raw reply related [flat|nested] 391+ messages in thread
* [PATCH 5.15 254/371] spi: fsl-spi: Fix CPM/QE mode Litte Endian
2023-05-08 9:43 [PATCH 5.15 000/371] 5.15.111-rc1 review Greg Kroah-Hartman
` (252 preceding siblings ...)
2023-05-08 9:47 ` [PATCH 5.15 253/371] spi: qup: Dont skip cleanup in removes error path Greg Kroah-Hartman
@ 2023-05-08 9:47 ` Greg Kroah-Hartman
2023-05-08 9:47 ` [PATCH 5.15 255/371] vmci_host: fix a race condition in vmci_host_poll() causing GPF Greg Kroah-Hartman
` (120 subsequent siblings)
374 siblings, 0 replies; 391+ messages in thread
From: Greg Kroah-Hartman @ 2023-05-08 9:47 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Christophe Leroy, Joakim Tjernlund,
Mark Brown, Sasha Levin
From: Christophe Leroy <christophe.leroy@csgroup.eu>
[ Upstream commit c20c57d9868d7f9fd1b2904c7801b07e128f6322 ]
CPM has the same problem as QE so for CPM also use the fix added
by commit 0398fb70940e ("spi/spi_mpc8xxx: Fix QE mode Litte Endian"):
CPM mode uses Little Endian so words > 8 bits are byte swapped.
Workaround this by always enforcing wordsize 8 for 16 and 32 bits
words. Unfortunately this will not work for LSB transfers
where wordsize is > 8 bits so disable these for now.
Also limit the workaround to 16 and 32 bits words because it can
only work for multiples of 8-bits.
Signed-off-by: Christophe Leroy <christophe.leroy@csgroup.eu>
Cc: Joakim Tjernlund <Joakim.Tjernlund@infinera.com>
Fixes: 0398fb70940e ("spi/spi_mpc8xxx: Fix QE mode Litte Endian")
Link: https://lore.kernel.org/r/1b7d3e84b1128f42c1887dd2fb9cdf390f541bc1.1680371809.git.christophe.leroy@csgroup.eu
Signed-off-by: Mark Brown <broonie@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/spi/spi-fsl-spi.c | 12 +++++++-----
1 file changed, 7 insertions(+), 5 deletions(-)
diff --git a/drivers/spi/spi-fsl-spi.c b/drivers/spi/spi-fsl-spi.c
index bdf94cc7be1af..1bad0ceac81b4 100644
--- a/drivers/spi/spi-fsl-spi.c
+++ b/drivers/spi/spi-fsl-spi.c
@@ -207,8 +207,8 @@ static int mspi_apply_qe_mode_quirks(struct spi_mpc8xxx_cs *cs,
struct spi_device *spi,
int bits_per_word)
{
- /* QE uses Little Endian for words > 8
- * so transform all words > 8 into 8 bits
+ /* CPM/QE uses Little Endian for words > 8
+ * so transform 16 and 32 bits words into 8 bits
* Unfortnatly that doesn't work for LSB so
* reject these for now */
/* Note: 32 bits word, LSB works iff
@@ -216,9 +216,11 @@ static int mspi_apply_qe_mode_quirks(struct spi_mpc8xxx_cs *cs,
if (spi->mode & SPI_LSB_FIRST &&
bits_per_word > 8)
return -EINVAL;
- if (bits_per_word > 8)
+ if (bits_per_word <= 8)
+ return bits_per_word;
+ if (bits_per_word == 16 || bits_per_word == 32)
return 8; /* pretend its 8 bits */
- return bits_per_word;
+ return -EINVAL;
}
static int fsl_spi_setup_transfer(struct spi_device *spi,
@@ -248,7 +250,7 @@ static int fsl_spi_setup_transfer(struct spi_device *spi,
bits_per_word = mspi_apply_cpu_mode_quirks(cs, spi,
mpc8xxx_spi,
bits_per_word);
- else if (mpc8xxx_spi->flags & SPI_QE)
+ else
bits_per_word = mspi_apply_qe_mode_quirks(cs, spi,
bits_per_word);
--
2.39.2
^ permalink raw reply related [flat|nested] 391+ messages in thread
* [PATCH 5.15 255/371] vmci_host: fix a race condition in vmci_host_poll() causing GPF
2023-05-08 9:43 [PATCH 5.15 000/371] 5.15.111-rc1 review Greg Kroah-Hartman
` (253 preceding siblings ...)
2023-05-08 9:47 ` [PATCH 5.15 254/371] spi: fsl-spi: Fix CPM/QE mode Litte Endian Greg Kroah-Hartman
@ 2023-05-08 9:47 ` Greg Kroah-Hartman
2023-05-08 9:47 ` [PATCH 5.15 256/371] of: Fix modalias string generation Greg Kroah-Hartman
` (119 subsequent siblings)
374 siblings, 0 replies; 391+ messages in thread
From: Greg Kroah-Hartman @ 2023-05-08 9:47 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Dae R. Jeong, Sasha Levin
From: Dae R. Jeong <threeearcat@gmail.com>
[ Upstream commit ae13381da5ff0e8e084c0323c3cc0a945e43e9c7 ]
During fuzzing, a general protection fault is observed in
vmci_host_poll().
general protection fault, probably for non-canonical address 0xdffffc0000000019: 0000 [#1] PREEMPT SMP KASAN
KASAN: null-ptr-deref in range [0x00000000000000c8-0x00000000000000cf]
RIP: 0010:__lock_acquire+0xf3/0x5e00 kernel/locking/lockdep.c:4926
<- omitting registers ->
Call Trace:
<TASK>
lock_acquire+0x1a4/0x4a0 kernel/locking/lockdep.c:5672
__raw_spin_lock_irqsave include/linux/spinlock_api_smp.h:110 [inline]
_raw_spin_lock_irqsave+0xb3/0x100 kernel/locking/spinlock.c:162
add_wait_queue+0x3d/0x260 kernel/sched/wait.c:22
poll_wait include/linux/poll.h:49 [inline]
vmci_host_poll+0xf8/0x2b0 drivers/misc/vmw_vmci/vmci_host.c:174
vfs_poll include/linux/poll.h:88 [inline]
do_pollfd fs/select.c:873 [inline]
do_poll fs/select.c:921 [inline]
do_sys_poll+0xc7c/0x1aa0 fs/select.c:1015
__do_sys_ppoll fs/select.c:1121 [inline]
__se_sys_ppoll+0x2cc/0x330 fs/select.c:1101
do_syscall_x64 arch/x86/entry/common.c:51 [inline]
do_syscall_64+0x4e/0xa0 arch/x86/entry/common.c:82
entry_SYSCALL_64_after_hwframe+0x46/0xb0
Example thread interleaving that causes the general protection fault
is as follows:
CPU1 (vmci_host_poll) CPU2 (vmci_host_do_init_context)
----- -----
// Read uninitialized context
context = vmci_host_dev->context;
// Initialize context
vmci_host_dev->context = vmci_ctx_create();
vmci_host_dev->ct_type = VMCIOBJ_CONTEXT;
if (vmci_host_dev->ct_type == VMCIOBJ_CONTEXT) {
// Dereferencing the wrong pointer
poll_wait(..., &context->host_context);
}
In this scenario, vmci_host_poll() reads vmci_host_dev->context first,
and then reads vmci_host_dev->ct_type to check that
vmci_host_dev->context is initialized. However, since these two reads
are not atomically executed, there is a chance of a race condition as
described above.
To fix this race condition, read vmci_host_dev->context after checking
the value of vmci_host_dev->ct_type so that vmci_host_poll() always
reads an initialized context.
Reported-by: Dae R. Jeong <threeearcat@gmail.com>
Fixes: 8bf503991f87 ("VMCI: host side driver implementation.")
Signed-off-by: Dae R. Jeong <threeearcat@gmail.com>
Link: https://lore.kernel.org/r/ZCGFsdBAU4cYww5l@dragonet
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/misc/vmw_vmci/vmci_host.c | 8 +++++++-
1 file changed, 7 insertions(+), 1 deletion(-)
diff --git a/drivers/misc/vmw_vmci/vmci_host.c b/drivers/misc/vmw_vmci/vmci_host.c
index 857b9851402a6..abe79f6fd2a79 100644
--- a/drivers/misc/vmw_vmci/vmci_host.c
+++ b/drivers/misc/vmw_vmci/vmci_host.c
@@ -165,10 +165,16 @@ static int vmci_host_close(struct inode *inode, struct file *filp)
static __poll_t vmci_host_poll(struct file *filp, poll_table *wait)
{
struct vmci_host_dev *vmci_host_dev = filp->private_data;
- struct vmci_ctx *context = vmci_host_dev->context;
+ struct vmci_ctx *context;
__poll_t mask = 0;
if (vmci_host_dev->ct_type == VMCIOBJ_CONTEXT) {
+ /*
+ * Read context only if ct_type == VMCIOBJ_CONTEXT to make
+ * sure that context is initialized
+ */
+ context = vmci_host_dev->context;
+
/* Check for VMCI calls to this VM context. */
if (wait)
poll_wait(filp, &context->host_context.wait_queue,
--
2.39.2
^ permalink raw reply related [flat|nested] 391+ messages in thread
* [PATCH 5.15 256/371] of: Fix modalias string generation
2023-05-08 9:43 [PATCH 5.15 000/371] 5.15.111-rc1 review Greg Kroah-Hartman
` (254 preceding siblings ...)
2023-05-08 9:47 ` [PATCH 5.15 255/371] vmci_host: fix a race condition in vmci_host_poll() causing GPF Greg Kroah-Hartman
@ 2023-05-08 9:47 ` Greg Kroah-Hartman
2023-05-08 9:47 ` [PATCH 5.15 257/371] PCI/EDR: Clear Device Status after EDR error recovery Greg Kroah-Hartman
` (118 subsequent siblings)
374 siblings, 0 replies; 391+ messages in thread
From: Greg Kroah-Hartman @ 2023-05-08 9:47 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Stephen Boyd, Peter Chen,
Miquel Raynal, Rob Herring, Srinivas Kandagatla, Sasha Levin
From: Miquel Raynal <miquel.raynal@bootlin.com>
[ Upstream commit b19a4266c52de78496fe40f0b37580a3b762e67d ]
The helper generating an OF based modalias (of_device_get_modalias())
works fine, but due to the use of snprintf() internally it needs a
buffer one byte longer than what should be needed just for the entire
string (excluding the '\0'). Most users of this helper are sysfs hooks
providing the modalias string to users. They all provide a PAGE_SIZE
buffer which is way above the number of bytes required to fit the
modalias string and hence do not suffer from this issue.
There is another user though, of_device_request_module(), which is only
called by drivers/usb/common/ulpi.c. This request module function is
faulty, but maybe because in most cases there is an alternative, ULPI
driver users have not noticed it.
In this function, of_device_get_modalias() is called twice. The first
time without buffer just to get the number of bytes required by the
modalias string (excluding the null byte), and a second time, after
buffer allocation, to fill the buffer. The allocation asks for an
additional byte, in order to store the trailing '\0'. However, the
buffer *length* provided to of_device_get_modalias() excludes this extra
byte. The internal use of snprintf() with a length that is exactly the
number of bytes to be written has the effect of using the last available
byte to store a '\0', which then smashes the last character of the
modalias string.
Provide the actual size of the buffer to of_device_get_modalias() to fix
this issue.
Note: the "str[size - 1] = '\0';" line is not really needed as snprintf
will anyway end the string with a null byte, but there is a possibility
that this function might be called on a struct device_node without
compatible, in this case snprintf() would not be executed. So we keep it
just to avoid possible unbounded strings.
Cc: Stephen Boyd <sboyd@kernel.org>
Cc: Peter Chen <peter.chen@kernel.org>
Fixes: 9c829c097f2f ("of: device: Support loading a module with OF based modalias")
Signed-off-by: Miquel Raynal <miquel.raynal@bootlin.com>
Reviewed-by: Rob Herring <robh@kernel.org>
Signed-off-by: Srinivas Kandagatla <srinivas.kandagatla@linaro.org>
Link: https://lore.kernel.org/r/20230404172148.82422-2-srinivas.kandagatla@linaro.org
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/of/device.c | 7 +++++--
1 file changed, 5 insertions(+), 2 deletions(-)
diff --git a/drivers/of/device.c b/drivers/of/device.c
index 45335fe523f7d..19c42a9dcba91 100644
--- a/drivers/of/device.c
+++ b/drivers/of/device.c
@@ -290,12 +290,15 @@ int of_device_request_module(struct device *dev)
if (size < 0)
return size;
- str = kmalloc(size + 1, GFP_KERNEL);
+ /* Reserve an additional byte for the trailing '\0' */
+ size++;
+
+ str = kmalloc(size, GFP_KERNEL);
if (!str)
return -ENOMEM;
of_device_get_modalias(dev, str, size);
- str[size] = '\0';
+ str[size - 1] = '\0';
ret = request_module(str);
kfree(str);
--
2.39.2
^ permalink raw reply related [flat|nested] 391+ messages in thread
* [PATCH 5.15 257/371] PCI/EDR: Clear Device Status after EDR error recovery
2023-05-08 9:43 [PATCH 5.15 000/371] 5.15.111-rc1 review Greg Kroah-Hartman
` (255 preceding siblings ...)
2023-05-08 9:47 ` [PATCH 5.15 256/371] of: Fix modalias string generation Greg Kroah-Hartman
@ 2023-05-08 9:47 ` Greg Kroah-Hartman
2023-05-08 9:47 ` [PATCH 5.15 258/371] ia64: mm/contig: fix section mismatch warning/error Greg Kroah-Hartman
` (117 subsequent siblings)
374 siblings, 0 replies; 391+ messages in thread
From: Greg Kroah-Hartman @ 2023-05-08 9:47 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Tsaur Erwin,
Kuppuswamy Sathyanarayanan, Bjorn Helgaas, Sasha Levin
From: Kuppuswamy Sathyanarayanan <sathyanarayanan.kuppuswamy@linux.intel.com>
[ Upstream commit c441b1e03da6c680a3e12da59c554f454f2ccf5e ]
During EDR recovery, the OS must clear error status of the port that
triggered DPC even if firmware retains control of DPC and AER (see the
implementation note in the PCI Firmware spec r3.3, sec 4.6.12).
Prior to 068c29a248b6 ("PCI/ERR: Clear PCIe Device Status errors only if
OS owns AER"), the port Device Status was cleared in this path:
edr_handle_event
dpc_process_error(dev) # "dev" triggered DPC
pcie_do_recovery(dev, dpc_reset_link)
dpc_reset_link # exit DPC
pcie_clear_device_status(dev) # clear Device Status
After 068c29a248b6, pcie_do_recovery() no longer clears Device Status when
firmware controls AER, so the error bit remains set even after recovery.
Per the "Downstream Port Containment configuration control" bit in the
returned _OSC Control Field (sec 4.5.1), the OS is allowed to clear error
status until it evaluates _OST, so clear Device Status in
edr_handle_event() if the error recovery was successful.
[bhelgaas: commit log]
Fixes: 068c29a248b6 ("PCI/ERR: Clear PCIe Device Status errors only if OS owns AER")
Link: https://lore.kernel.org/r/20230315235449.1279209-1-sathyanarayanan.kuppuswamy@linux.intel.com
Reported-by: Tsaur Erwin <erwin.tsaur@intel.com>
Signed-off-by: Kuppuswamy Sathyanarayanan <sathyanarayanan.kuppuswamy@linux.intel.com>
Signed-off-by: Bjorn Helgaas <bhelgaas@google.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/pci/pcie/edr.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/drivers/pci/pcie/edr.c b/drivers/pci/pcie/edr.c
index a6b9b479b97ad..87734e4c3c204 100644
--- a/drivers/pci/pcie/edr.c
+++ b/drivers/pci/pcie/edr.c
@@ -193,6 +193,7 @@ static void edr_handle_event(acpi_handle handle, u32 event, void *data)
*/
if (estate == PCI_ERS_RESULT_RECOVERED) {
pci_dbg(edev, "DPC port successfully recovered\n");
+ pcie_clear_device_status(edev);
acpi_send_edr_status(pdev, edev, EDR_OST_SUCCESS);
} else {
pci_dbg(edev, "DPC port recovery failed\n");
--
2.39.2
^ permalink raw reply related [flat|nested] 391+ messages in thread
* [PATCH 5.15 258/371] ia64: mm/contig: fix section mismatch warning/error
2023-05-08 9:43 [PATCH 5.15 000/371] 5.15.111-rc1 review Greg Kroah-Hartman
` (256 preceding siblings ...)
2023-05-08 9:47 ` [PATCH 5.15 257/371] PCI/EDR: Clear Device Status after EDR error recovery Greg Kroah-Hartman
@ 2023-05-08 9:47 ` Greg Kroah-Hartman
2023-05-08 9:47 ` [PATCH 5.15 259/371] ia64: salinfo: placate defined-but-not-used warning Greg Kroah-Hartman
` (116 subsequent siblings)
374 siblings, 0 replies; 391+ messages in thread
From: Greg Kroah-Hartman @ 2023-05-08 9:47 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Randy Dunlap, Christoph Hellwig,
Andrew Morton, Sasha Levin
From: Randy Dunlap <rdunlap@infradead.org>
[ Upstream commit 58deeb4ef3b054498747d0929d94ac53ab90981f ]
alloc_per_cpu_data() is called by find_memory(), which is marked as
__init. Therefore alloc_per_cpu_data() can also be marked as __init to
remedy this modpost problem.
WARNING: modpost: vmlinux.o: section mismatch in reference: alloc_per_cpu_data (section: .text) -> memblock_alloc_try_nid (section: .init.text)
Link: https://lkml.kernel.org/r/20230223034258.12917-1-rdunlap@infradead.org
Fixes: 4b9ddc7cf272 ("[IA64] Fix section mismatch in contig.c version of per_cpu_init()")
Signed-off-by: Randy Dunlap <rdunlap@infradead.org>
Cc: Christoph Hellwig <hch@lst.de>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/ia64/mm/contig.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/arch/ia64/mm/contig.c b/arch/ia64/mm/contig.c
index 42e025cfbd088..9817caba07026 100644
--- a/arch/ia64/mm/contig.c
+++ b/arch/ia64/mm/contig.c
@@ -77,7 +77,7 @@ void *per_cpu_init(void)
return __per_cpu_start + __per_cpu_offset[smp_processor_id()];
}
-static inline void
+static inline __init void
alloc_per_cpu_data(void)
{
size_t size = PERCPU_PAGE_SIZE * num_possible_cpus();
--
2.39.2
^ permalink raw reply related [flat|nested] 391+ messages in thread
* [PATCH 5.15 259/371] ia64: salinfo: placate defined-but-not-used warning
2023-05-08 9:43 [PATCH 5.15 000/371] 5.15.111-rc1 review Greg Kroah-Hartman
` (257 preceding siblings ...)
2023-05-08 9:47 ` [PATCH 5.15 258/371] ia64: mm/contig: fix section mismatch warning/error Greg Kroah-Hartman
@ 2023-05-08 9:47 ` Greg Kroah-Hartman
2023-05-08 9:47 ` [PATCH 5.15 260/371] scripts/gdb: bail early if there are no clocks Greg Kroah-Hartman
` (115 subsequent siblings)
374 siblings, 0 replies; 391+ messages in thread
From: Greg Kroah-Hartman @ 2023-05-08 9:47 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Randy Dunlap, Christoph Hellwig,
Andrew Morton, Sasha Levin
From: Randy Dunlap <rdunlap@infradead.org>
[ Upstream commit 0de155752b152d6bcd96b5b5bf20af336abd183a ]
When CONFIG_PROC_FS is not set, proc_salinfo_show() is not used. Mark the
function as __maybe_unused to quieten the warning message.
../arch/ia64/kernel/salinfo.c:584:12: warning: 'proc_salinfo_show' defined but not used [-Wunused-function]
584 | static int proc_salinfo_show(struct seq_file *m, void *v)
| ^~~~~~~~~~~~~~~~~
Link: https://lkml.kernel.org/r/20230223034309.13375-1-rdunlap@infradead.org
Fixes: 3f3942aca6da ("proc: introduce proc_create_single{,_data}")
Signed-off-by: Randy Dunlap <rdunlap@infradead.org>
Cc: Christoph Hellwig <hch@lst.de>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/ia64/kernel/salinfo.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/arch/ia64/kernel/salinfo.c b/arch/ia64/kernel/salinfo.c
index a25ab9b37953e..bb99b543dc672 100644
--- a/arch/ia64/kernel/salinfo.c
+++ b/arch/ia64/kernel/salinfo.c
@@ -581,7 +581,7 @@ static int salinfo_cpu_pre_down(unsigned int cpu)
* 'data' contains an integer that corresponds to the feature we're
* testing
*/
-static int proc_salinfo_show(struct seq_file *m, void *v)
+static int __maybe_unused proc_salinfo_show(struct seq_file *m, void *v)
{
unsigned long data = (unsigned long)v;
seq_puts(m, (sal_platform_features & data) ? "1\n" : "0\n");
--
2.39.2
^ permalink raw reply related [flat|nested] 391+ messages in thread
* [PATCH 5.15 260/371] scripts/gdb: bail early if there are no clocks
2023-05-08 9:43 [PATCH 5.15 000/371] 5.15.111-rc1 review Greg Kroah-Hartman
` (258 preceding siblings ...)
2023-05-08 9:47 ` [PATCH 5.15 259/371] ia64: salinfo: placate defined-but-not-used warning Greg Kroah-Hartman
@ 2023-05-08 9:47 ` Greg Kroah-Hartman
2023-05-08 9:47 ` [PATCH 5.15 261/371] scripts/gdb: bail early if there are no generic PD Greg Kroah-Hartman
` (114 subsequent siblings)
374 siblings, 0 replies; 391+ messages in thread
From: Greg Kroah-Hartman @ 2023-05-08 9:47 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Florian Fainelli, Jan Kiszka,
Kieran Bingham, Leonard Crestez, Stephen Boyd, Andrew Morton,
Sasha Levin
From: Florian Fainelli <f.fainelli@gmail.com>
[ Upstream commit 1d7adbc74c009057ed9dc3112f388e91a9c79acc ]
Avoid generating an exception if there are no clocks registered:
(gdb) lx-clk-summary
enable prepare protect
clock count count count rate
------------------------------------------------------------------------
Python Exception <class 'gdb.error'>: No symbol "clk_root_list" in
current context.
Error occurred in Python: No symbol "clk_root_list" in current context.
Link: https://lkml.kernel.org/r/20230323225246.3302977-1-f.fainelli@gmail.com
Fixes: d1e9710b63d8 ("scripts/gdb: initial clk support: lx-clk-summary")
Signed-off-by: Florian Fainelli <f.fainelli@gmail.com>
Cc: Jan Kiszka <jan.kiszka@siemens.com>
Cc: Kieran Bingham <kbingham@kernel.org>
Cc: Leonard Crestez <leonard.crestez@nxp.com>
Cc: Stephen Boyd <sboyd@kernel.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
scripts/gdb/linux/clk.py | 2 ++
1 file changed, 2 insertions(+)
diff --git a/scripts/gdb/linux/clk.py b/scripts/gdb/linux/clk.py
index 061aecfa294e6..7a01fdc3e8446 100644
--- a/scripts/gdb/linux/clk.py
+++ b/scripts/gdb/linux/clk.py
@@ -41,6 +41,8 @@ are cached and potentially out of date"""
self.show_subtree(child, level + 1)
def invoke(self, arg, from_tty):
+ if utils.gdb_eval_or_none("clk_root_list") is None:
+ raise gdb.GdbError("No clocks registered")
gdb.write(" enable prepare protect \n")
gdb.write(" clock count count count rate \n")
gdb.write("------------------------------------------------------------------------\n")
--
2.39.2
^ permalink raw reply related [flat|nested] 391+ messages in thread
* [PATCH 5.15 261/371] scripts/gdb: bail early if there are no generic PD
2023-05-08 9:43 [PATCH 5.15 000/371] 5.15.111-rc1 review Greg Kroah-Hartman
` (259 preceding siblings ...)
2023-05-08 9:47 ` [PATCH 5.15 260/371] scripts/gdb: bail early if there are no clocks Greg Kroah-Hartman
@ 2023-05-08 9:47 ` Greg Kroah-Hartman
2023-05-08 9:47 ` [PATCH 5.15 262/371] HID: amd_sfh: Add support for shutdown operation Greg Kroah-Hartman
` (113 subsequent siblings)
374 siblings, 0 replies; 391+ messages in thread
From: Greg Kroah-Hartman @ 2023-05-08 9:47 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Florian Fainelli, Jan Kiszka,
Kieran Bingham, Leonard Crestez, Stephen Boyd, Andrew Morton,
Sasha Levin
From: Florian Fainelli <f.fainelli@gmail.com>
[ Upstream commit f19c3c2959e465209ade1a7a699e6cbf4359ce78 ]
Avoid generating an exception if there are no generic power domain(s)
registered:
(gdb) lx-genpd-summary
domain status children
/device runtime status
----------------------------------------------------------------------
Python Exception <class 'gdb.error'>: No symbol "gpd_list" in current context.
Error occurred in Python: No symbol "gpd_list" in current context.
(gdb) quit
[f.fainelli@gmail.com: correctly invoke gdb_eval_or_none]
Link: https://lkml.kernel.org/r/20230327185746.3856407-1-f.fainelli@gmail.com
Link: https://lkml.kernel.org/r/20230323231659.3319941-1-f.fainelli@gmail.com
Fixes: 8207d4a88e1e ("scripts/gdb: add lx-genpd-summary command")
Signed-off-by: Florian Fainelli <f.fainelli@gmail.com>
Cc: Jan Kiszka <jan.kiszka@siemens.com>
Cc: Kieran Bingham <kbingham@kernel.org>
Cc: Leonard Crestez <leonard.crestez@nxp.com>
Cc: Stephen Boyd <sboyd@kernel.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
scripts/gdb/linux/genpd.py | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/scripts/gdb/linux/genpd.py b/scripts/gdb/linux/genpd.py
index 39cd1abd85590..b53649c0a77a6 100644
--- a/scripts/gdb/linux/genpd.py
+++ b/scripts/gdb/linux/genpd.py
@@ -5,7 +5,7 @@
import gdb
import sys
-from linux.utils import CachedType
+from linux.utils import CachedType, gdb_eval_or_none
from linux.lists import list_for_each_entry
generic_pm_domain_type = CachedType('struct generic_pm_domain')
@@ -70,6 +70,8 @@ Output is similar to /sys/kernel/debug/pm_genpd/pm_genpd_summary'''
gdb.write(' %-50s %s\n' % (kobj_path, rtpm_status_str(dev)))
def invoke(self, arg, from_tty):
+ if gdb_eval_or_none("&gpd_list") is None:
+ raise gdb.GdbError("No power domain(s) registered")
gdb.write('domain status children\n');
gdb.write(' /device runtime status\n');
gdb.write('----------------------------------------------------------------------\n');
--
2.39.2
^ permalink raw reply related [flat|nested] 391+ messages in thread
* [PATCH 5.15 262/371] HID: amd_sfh: Add support for shutdown operation
2023-05-08 9:43 [PATCH 5.15 000/371] 5.15.111-rc1 review Greg Kroah-Hartman
` (260 preceding siblings ...)
2023-05-08 9:47 ` [PATCH 5.15 261/371] scripts/gdb: bail early if there are no generic PD Greg Kroah-Hartman
@ 2023-05-08 9:47 ` Greg Kroah-Hartman
2023-05-08 9:47 ` [PATCH 5.15 263/371] coresight: etm_pmu: Set the module field Greg Kroah-Hartman
` (112 subsequent siblings)
374 siblings, 0 replies; 391+ messages in thread
From: Greg Kroah-Hartman @ 2023-05-08 9:47 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Basavaraj Natikar, Jiri Kosina, Sasha Levin
From: Basavaraj Natikar <Basavaraj.Natikar@amd.com>
[ Upstream commit 1353ecaf1830d6d1b74f3225378a9498b4e14fdd ]
As soon as the system is booted after shutdown, the sensors may remain in
a weird state and fail to initialize. Therefore, all sensors should be
turned off during shutdown.
Fixes: 4f567b9f8141 ("SFH: PCIe driver to add support of AMD sensor fusion hub")
Signed-off-by: Basavaraj Natikar <Basavaraj.Natikar@amd.com>
Signed-off-by: Jiri Kosina <jkosina@suse.cz>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/hid/amd-sfh-hid/amd_sfh_pcie.c | 9 +++++++++
1 file changed, 9 insertions(+)
diff --git a/drivers/hid/amd-sfh-hid/amd_sfh_pcie.c b/drivers/hid/amd-sfh-hid/amd_sfh_pcie.c
index f17f061aeb792..6ff8f254dc840 100644
--- a/drivers/hid/amd-sfh-hid/amd_sfh_pcie.c
+++ b/drivers/hid/amd-sfh-hid/amd_sfh_pcie.c
@@ -351,6 +351,14 @@ static int amd_mp2_pci_probe(struct pci_dev *pdev, const struct pci_device_id *i
return devm_add_action_or_reset(&pdev->dev, amd_mp2_pci_remove, privdata);
}
+static void amd_sfh_shutdown(struct pci_dev *pdev)
+{
+ struct amd_mp2_dev *mp2 = pci_get_drvdata(pdev);
+
+ if (mp2 && mp2->mp2_ops)
+ mp2->mp2_ops->stop_all(mp2);
+}
+
static int __maybe_unused amd_mp2_pci_resume(struct device *dev)
{
struct pci_dev *pdev = to_pci_dev(dev);
@@ -420,6 +428,7 @@ static struct pci_driver amd_mp2_pci_driver = {
.id_table = amd_mp2_pci_tbl,
.probe = amd_mp2_pci_probe,
.driver.pm = &amd_mp2_pm_ops,
+ .shutdown = amd_sfh_shutdown,
};
module_pci_driver(amd_mp2_pci_driver);
--
2.39.2
^ permalink raw reply related [flat|nested] 391+ messages in thread
* [PATCH 5.15 263/371] coresight: etm_pmu: Set the module field
2023-05-08 9:43 [PATCH 5.15 000/371] 5.15.111-rc1 review Greg Kroah-Hartman
` (261 preceding siblings ...)
2023-05-08 9:47 ` [PATCH 5.15 262/371] HID: amd_sfh: Add support for shutdown operation Greg Kroah-Hartman
@ 2023-05-08 9:47 ` Greg Kroah-Hartman
2023-05-08 9:47 ` [PATCH 5.15 264/371] ASoC: fsl_mqs: move of_node_put() to the correct location Greg Kroah-Hartman
` (111 subsequent siblings)
374 siblings, 0 replies; 391+ messages in thread
From: Greg Kroah-Hartman @ 2023-05-08 9:47 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Suzuki K Poulose, Sasha Levin
From: Suzuki K Poulose <suzuki.poulose@arm.com>
[ Upstream commit 18996a113f2567aef3057e300e3193ce2df1684c ]
struct pmu::module must be set to the module owning the PMU driver.
Set this for the coresight etm_pmu.
Fixes: 8e264c52e1dab ("coresight: core: Allow the coresight core driver to be built as a module")
Signed-off-by: Suzuki K Poulose <suzuki.poulose@arm.com>
Link: https://lore.kernel.org/r/20230405094922.667834-1-suzuki.poulose@arm.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/hwtracing/coresight/coresight-etm-perf.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/drivers/hwtracing/coresight/coresight-etm-perf.c b/drivers/hwtracing/coresight/coresight-etm-perf.c
index 8ebd728d3a800..1feb8f0e6556a 100644
--- a/drivers/hwtracing/coresight/coresight-etm-perf.c
+++ b/drivers/hwtracing/coresight/coresight-etm-perf.c
@@ -830,6 +830,7 @@ int __init etm_perf_init(void)
etm_pmu.addr_filters_sync = etm_addr_filters_sync;
etm_pmu.addr_filters_validate = etm_addr_filters_validate;
etm_pmu.nr_addr_filters = ETM_ADDR_CMP_MAX;
+ etm_pmu.module = THIS_MODULE;
ret = perf_pmu_register(&etm_pmu, CORESIGHT_ETM_PMU_NAME, -1);
if (ret == 0)
--
2.39.2
^ permalink raw reply related [flat|nested] 391+ messages in thread
* [PATCH 5.15 264/371] ASoC: fsl_mqs: move of_node_put() to the correct location
2023-05-08 9:43 [PATCH 5.15 000/371] 5.15.111-rc1 review Greg Kroah-Hartman
` (262 preceding siblings ...)
2023-05-08 9:47 ` [PATCH 5.15 263/371] coresight: etm_pmu: Set the module field Greg Kroah-Hartman
@ 2023-05-08 9:47 ` Greg Kroah-Hartman
2023-05-08 9:47 ` [PATCH 5.15 265/371] spi: cadence-quadspi: fix suspend-resume implementations Greg Kroah-Hartman
` (110 subsequent siblings)
374 siblings, 0 replies; 391+ messages in thread
From: Greg Kroah-Hartman @ 2023-05-08 9:47 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Liliang Ye, Dan Carpenter,
Mark Brown, Sasha Levin
From: Liliang Ye <yll@hust.edu.cn>
[ Upstream commit 1c34890273a020d61d6127ade3f68ed1cb21c16a ]
of_node_put() should have been done directly after
mqs_priv->regmap = syscon_node_to_regmap(gpr_np);
otherwise it creates a reference leak on the success path.
To fix this, of_node_put() is moved to the correct location, and change
all the gotos to direct returns.
Fixes: a9d273671440 ("ASoC: fsl_mqs: Fix error handling in probe")
Signed-off-by: Liliang Ye <yll@hust.edu.cn>
Reviewed-by: Dan Carpenter <error27@gmail.com>
Link: https://lore.kernel.org/r/20230403152647.17638-1-yll@hust.edu.cn
Signed-off-by: Mark Brown <broonie@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
sound/soc/fsl/fsl_mqs.c | 15 +++++----------
1 file changed, 5 insertions(+), 10 deletions(-)
diff --git a/sound/soc/fsl/fsl_mqs.c b/sound/soc/fsl/fsl_mqs.c
index 0d4efbed41dab..c33439650823b 100644
--- a/sound/soc/fsl/fsl_mqs.c
+++ b/sound/soc/fsl/fsl_mqs.c
@@ -204,10 +204,10 @@ static int fsl_mqs_probe(struct platform_device *pdev)
}
mqs_priv->regmap = syscon_node_to_regmap(gpr_np);
+ of_node_put(gpr_np);
if (IS_ERR(mqs_priv->regmap)) {
dev_err(&pdev->dev, "failed to get gpr regmap\n");
- ret = PTR_ERR(mqs_priv->regmap);
- goto err_free_gpr_np;
+ return PTR_ERR(mqs_priv->regmap);
}
} else {
regs = devm_platform_ioremap_resource(pdev, 0);
@@ -236,8 +236,7 @@ static int fsl_mqs_probe(struct platform_device *pdev)
if (IS_ERR(mqs_priv->mclk)) {
dev_err(&pdev->dev, "failed to get the clock: %ld\n",
PTR_ERR(mqs_priv->mclk));
- ret = PTR_ERR(mqs_priv->mclk);
- goto err_free_gpr_np;
+ return PTR_ERR(mqs_priv->mclk);
}
dev_set_drvdata(&pdev->dev, mqs_priv);
@@ -246,13 +245,9 @@ static int fsl_mqs_probe(struct platform_device *pdev)
ret = devm_snd_soc_register_component(&pdev->dev, &soc_codec_fsl_mqs,
&fsl_mqs_dai, 1);
if (ret)
- goto err_free_gpr_np;
- return 0;
-
-err_free_gpr_np:
- of_node_put(gpr_np);
+ return ret;
- return ret;
+ return 0;
}
static int fsl_mqs_remove(struct platform_device *pdev)
--
2.39.2
^ permalink raw reply related [flat|nested] 391+ messages in thread
* [PATCH 5.15 265/371] spi: cadence-quadspi: fix suspend-resume implementations
2023-05-08 9:43 [PATCH 5.15 000/371] 5.15.111-rc1 review Greg Kroah-Hartman
` (263 preceding siblings ...)
2023-05-08 9:47 ` [PATCH 5.15 264/371] ASoC: fsl_mqs: move of_node_put() to the correct location Greg Kroah-Hartman
@ 2023-05-08 9:47 ` Greg Kroah-Hartman
2023-05-08 9:47 ` [PATCH 5.15 266/371] i2c: cadence: cdns_i2c_master_xfer(): Fix runtime PM leak on error path Greg Kroah-Hartman
` (109 subsequent siblings)
374 siblings, 0 replies; 391+ messages in thread
From: Greg Kroah-Hartman @ 2023-05-08 9:47 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Dhruva Gole, Mark Brown, Sasha Levin
From: Dhruva Gole <d-gole@ti.com>
[ Upstream commit 2087e85bb66ee3652dafe732bb9b9b896229eafc ]
The cadence QSPI driver misbehaves after performing a full system suspend
resume:
...
spi-nor spi0.0: resume() failed
...
This results in a flash connected via OSPI interface after system suspend-
resume to be unusable.
fix these suspend and resume functions.
Fixes: 140623410536 ("mtd: spi-nor: Add driver for Cadence Quad SPI Flash Controller")
Signed-off-by: Dhruva Gole <d-gole@ti.com>
Link: https://lore.kernel.org/r/20230417091027.966146-3-d-gole@ti.com
Signed-off-by: Mark Brown <broonie@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/spi/spi-cadence-quadspi.c | 19 ++++++++++++++++---
1 file changed, 16 insertions(+), 3 deletions(-)
diff --git a/drivers/spi/spi-cadence-quadspi.c b/drivers/spi/spi-cadence-quadspi.c
index cda70de383309..5c8f198b0ae38 100644
--- a/drivers/spi/spi-cadence-quadspi.c
+++ b/drivers/spi/spi-cadence-quadspi.c
@@ -1619,17 +1619,30 @@ static int cqspi_remove(struct platform_device *pdev)
static int cqspi_suspend(struct device *dev)
{
struct cqspi_st *cqspi = dev_get_drvdata(dev);
+ struct spi_master *master = dev_get_drvdata(dev);
+ int ret;
+ ret = spi_master_suspend(master);
cqspi_controller_enable(cqspi, 0);
- return 0;
+
+ clk_disable_unprepare(cqspi->clk);
+
+ return ret;
}
static int cqspi_resume(struct device *dev)
{
struct cqspi_st *cqspi = dev_get_drvdata(dev);
+ struct spi_master *master = dev_get_drvdata(dev);
- cqspi_controller_enable(cqspi, 1);
- return 0;
+ clk_prepare_enable(cqspi->clk);
+ cqspi_wait_idle(cqspi);
+ cqspi_controller_init(cqspi);
+
+ cqspi->current_cs = -1;
+ cqspi->sclk = 0;
+
+ return spi_master_resume(master);
}
static const struct dev_pm_ops cqspi__dev_pm_ops = {
--
2.39.2
^ permalink raw reply related [flat|nested] 391+ messages in thread
* [PATCH 5.15 266/371] i2c: cadence: cdns_i2c_master_xfer(): Fix runtime PM leak on error path
2023-05-08 9:43 [PATCH 5.15 000/371] 5.15.111-rc1 review Greg Kroah-Hartman
` (264 preceding siblings ...)
2023-05-08 9:47 ` [PATCH 5.15 265/371] spi: cadence-quadspi: fix suspend-resume implementations Greg Kroah-Hartman
@ 2023-05-08 9:47 ` Greg Kroah-Hartman
2023-05-08 9:47 ` [PATCH 5.15 267/371] scripts/gdb: raise error with reduced debugging information Greg Kroah-Hartman
` (108 subsequent siblings)
374 siblings, 0 replies; 391+ messages in thread
From: Greg Kroah-Hartman @ 2023-05-08 9:47 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Lars-Peter Clausen, Michal Simek,
Wolfram Sang, Sasha Levin
From: Lars-Peter Clausen <lars@metafoo.de>
[ Upstream commit ae1664f04f504a998737f5bb563f16b44357bcca ]
The cdns_i2c_master_xfer() function gets a runtime PM reference when the
function is entered. This reference is released when the function is
exited. There is currently one error path where the function exits
directly, which leads to a leak of the runtime PM reference.
Make sure that this error path also releases the runtime PM reference.
Fixes: 1a351b10b967 ("i2c: cadence: Added slave support")
Signed-off-by: Lars-Peter Clausen <lars@metafoo.de>
Reviewed-by: Michal Simek <michal.simek@amd.com>
Signed-off-by: Wolfram Sang <wsa@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/i2c/busses/i2c-cadence.c | 6 ++++--
1 file changed, 4 insertions(+), 2 deletions(-)
diff --git a/drivers/i2c/busses/i2c-cadence.c b/drivers/i2c/busses/i2c-cadence.c
index 33f5588a50c07..5ea92dc97f0c5 100644
--- a/drivers/i2c/busses/i2c-cadence.c
+++ b/drivers/i2c/busses/i2c-cadence.c
@@ -828,8 +828,10 @@ static int cdns_i2c_master_xfer(struct i2c_adapter *adap, struct i2c_msg *msgs,
#if IS_ENABLED(CONFIG_I2C_SLAVE)
/* Check i2c operating mode and switch if possible */
if (id->dev_mode == CDNS_I2C_MODE_SLAVE) {
- if (id->slave_state != CDNS_I2C_SLAVE_STATE_IDLE)
- return -EAGAIN;
+ if (id->slave_state != CDNS_I2C_SLAVE_STATE_IDLE) {
+ ret = -EAGAIN;
+ goto out;
+ }
/* Set mode to master */
cdns_i2c_set_mode(CDNS_I2C_MODE_MASTER, id);
--
2.39.2
^ permalink raw reply related [flat|nested] 391+ messages in thread
* [PATCH 5.15 267/371] scripts/gdb: raise error with reduced debugging information
2023-05-08 9:43 [PATCH 5.15 000/371] 5.15.111-rc1 review Greg Kroah-Hartman
` (265 preceding siblings ...)
2023-05-08 9:47 ` [PATCH 5.15 266/371] i2c: cadence: cdns_i2c_master_xfer(): Fix runtime PM leak on error path Greg Kroah-Hartman
@ 2023-05-08 9:47 ` Greg Kroah-Hartman
2023-05-08 9:47 ` [PATCH 5.15 268/371] uapi/linux/const.h: prefer ISO-friendly __typeof__ Greg Kroah-Hartman
` (107 subsequent siblings)
374 siblings, 0 replies; 391+ messages in thread
From: Greg Kroah-Hartman @ 2023-05-08 9:47 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Florian Fainelli, Antonio Borneo,
Jan Kiszka, John Ogness, Kieran Bingham, Petr Mladek,
Andrew Morton, Sasha Levin
From: Florian Fainelli <f.fainelli@gmail.com>
[ Upstream commit 8af055ae25bff48f57227f5e3d48a4306f3dd1c4 ]
If CONFIG_DEBUG_INFO_REDUCED is enabled in the kernel configuration, we
will typically not be able to load vmlinux-gdb.py and will fail with:
Traceback (most recent call last):
File "/home/fainelli/work/buildroot/output/arm64/build/linux-custom/vmlinux-gdb.py", line 25, in <module>
import linux.utils
File "/home/fainelli/work/buildroot/output/arm64/build/linux-custom/scripts/gdb/linux/utils.py", line 131, in <module>
atomic_long_counter_offset = atomic_long_type.get_type()['counter'].bitpos
KeyError: 'counter'
Rather be left wondering what is happening only to find out that reduced
debug information is the cause, raise an eror. This was not typically a
problem until e3c8d33e0d62 ("scripts/gdb: fix 'lx-dmesg' on 32 bits arch")
but it has since then.
Link: https://lkml.kernel.org/r/20230406215252.1580538-1-f.fainelli@gmail.com
Fixes: e3c8d33e0d62 ("scripts/gdb: fix 'lx-dmesg' on 32 bits arch")
Signed-off-by: Florian Fainelli <f.fainelli@gmail.com>
Cc: Antonio Borneo <antonio.borneo@foss.st.com>
Cc: Jan Kiszka <jan.kiszka@siemens.com>
Cc: John Ogness <john.ogness@linutronix.de>
Cc: Kieran Bingham <kbingham@kernel.org>
Cc: Petr Mladek <pmladek@suse.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
scripts/gdb/linux/constants.py.in | 2 ++
scripts/gdb/vmlinux-gdb.py | 5 ++++-
2 files changed, 6 insertions(+), 1 deletion(-)
diff --git a/scripts/gdb/linux/constants.py.in b/scripts/gdb/linux/constants.py.in
index 2efbec6b6b8db..08f0587d15ea1 100644
--- a/scripts/gdb/linux/constants.py.in
+++ b/scripts/gdb/linux/constants.py.in
@@ -39,6 +39,8 @@
import gdb
+LX_CONFIG(CONFIG_DEBUG_INFO_REDUCED)
+
/* linux/clk-provider.h */
if IS_BUILTIN(CONFIG_COMMON_CLK):
LX_GDBPARSED(CLK_GET_RATE_NOCACHE)
diff --git a/scripts/gdb/vmlinux-gdb.py b/scripts/gdb/vmlinux-gdb.py
index 4136dc2c59df2..cd03de50c3bec 100644
--- a/scripts/gdb/vmlinux-gdb.py
+++ b/scripts/gdb/vmlinux-gdb.py
@@ -22,6 +22,10 @@ except:
gdb.write("NOTE: gdb 7.2 or later required for Linux helper scripts to "
"work.\n")
else:
+ import linux.constants
+ if linux.constants.LX_CONFIG_DEBUG_INFO_REDUCED:
+ raise gdb.GdbError("Reduced debug information will prevent GDB "
+ "from having complete types.\n")
import linux.utils
import linux.symbols
import linux.modules
@@ -32,7 +36,6 @@ else:
import linux.lists
import linux.rbtree
import linux.proc
- import linux.constants
import linux.timerlist
import linux.clk
import linux.genpd
--
2.39.2
^ permalink raw reply related [flat|nested] 391+ messages in thread
* [PATCH 5.15 268/371] uapi/linux/const.h: prefer ISO-friendly __typeof__
2023-05-08 9:43 [PATCH 5.15 000/371] 5.15.111-rc1 review Greg Kroah-Hartman
` (266 preceding siblings ...)
2023-05-08 9:47 ` [PATCH 5.15 267/371] scripts/gdb: raise error with reduced debugging information Greg Kroah-Hartman
@ 2023-05-08 9:47 ` Greg Kroah-Hartman
2023-05-08 9:47 ` [PATCH 5.15 269/371] sh: sq: Fix incorrect element size for allocating bitmap buffer Greg Kroah-Hartman
` (106 subsequent siblings)
374 siblings, 0 replies; 391+ messages in thread
From: Greg Kroah-Hartman @ 2023-05-08 9:47 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Kevin Brodsky, Ruben Ayrapetyan,
Petr Vorel, Masahiro Yamada, Sam Ravnborg, Andrew Morton,
Sasha Levin
From: Kevin Brodsky <kevin.brodsky@arm.com>
[ Upstream commit 31088f6f7906253ef4577f6a9b84e2d42447dba0 ]
typeof is (still) a GNU extension, which means that it cannot be used when
building ISO C (e.g. -std=c99). It should therefore be avoided in uapi
headers in favour of the ISO-friendly __typeof__.
Unfortunately this issue could not be detected by
CONFIG_UAPI_HEADER_TEST=y as the __ALIGN_KERNEL() macro is not expanded in
any uapi header.
This matters from a userspace perspective, not a kernel one. uapi
headers and their contents are expected to be usable in a variety of
situations, and in particular when building ISO C applications (with
-std=c99 or similar).
This particular problem can be reproduced by trying to use the
__ALIGN_KERNEL macro directly in application code, say:
#include <linux/const.h>
int align(int x, int a)
{
return __KERNEL_ALIGN(x, a);
}
and trying to build that with -std=c99.
Link: https://lkml.kernel.org/r/20230411092747.3759032-1-kevin.brodsky@arm.com
Fixes: a79ff731a1b2 ("netfilter: xtables: make XT_ALIGN() usable in exported headers by exporting __ALIGN_KERNEL()")
Signed-off-by: Kevin Brodsky <kevin.brodsky@arm.com>
Reported-by: Ruben Ayrapetyan <ruben.ayrapetyan@arm.com>
Tested-by: Ruben Ayrapetyan <ruben.ayrapetyan@arm.com>
Reviewed-by: Petr Vorel <pvorel@suse.cz>
Tested-by: Petr Vorel <pvorel@suse.cz>
Reviewed-by: Masahiro Yamada <masahiroy@kernel.org>
Cc: Sam Ravnborg <sam@ravnborg.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
include/uapi/linux/const.h | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/include/uapi/linux/const.h b/include/uapi/linux/const.h
index af2a44c08683d..a429381e7ca50 100644
--- a/include/uapi/linux/const.h
+++ b/include/uapi/linux/const.h
@@ -28,7 +28,7 @@
#define _BITUL(x) (_UL(1) << (x))
#define _BITULL(x) (_ULL(1) << (x))
-#define __ALIGN_KERNEL(x, a) __ALIGN_KERNEL_MASK(x, (typeof(x))(a) - 1)
+#define __ALIGN_KERNEL(x, a) __ALIGN_KERNEL_MASK(x, (__typeof__(x))(a) - 1)
#define __ALIGN_KERNEL_MASK(x, mask) (((x) + (mask)) & ~(mask))
#define __KERNEL_DIV_ROUND_UP(n, d) (((n) + (d) - 1) / (d))
--
2.39.2
^ permalink raw reply related [flat|nested] 391+ messages in thread
* [PATCH 5.15 269/371] sh: sq: Fix incorrect element size for allocating bitmap buffer
2023-05-08 9:43 [PATCH 5.15 000/371] 5.15.111-rc1 review Greg Kroah-Hartman
` (267 preceding siblings ...)
2023-05-08 9:47 ` [PATCH 5.15 268/371] uapi/linux/const.h: prefer ISO-friendly __typeof__ Greg Kroah-Hartman
@ 2023-05-08 9:47 ` Greg Kroah-Hartman
2023-05-08 9:47 ` [PATCH 5.15 270/371] usb: gadget: tegra-xudc: Fix crash in vbus_draw Greg Kroah-Hartman
` (105 subsequent siblings)
374 siblings, 0 replies; 391+ messages in thread
From: Greg Kroah-Hartman @ 2023-05-08 9:47 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Geert Uytterhoeven,
John Paul Adrian Glaubitz, Sasha Levin
From: John Paul Adrian Glaubitz <glaubitz@physik.fu-berlin.de>
[ Upstream commit 80f746e2bd0e1da3fdb49a53570e54a1a225faac ]
The Store Queue code allocates a bitmap buffer with the size of
multiple of sizeof(long) in sq_api_init(). While the buffer size
is calculated correctly, the code uses the wrong element size to
allocate the buffer which results in the allocated bitmap buffer
being too small.
Fix this by allocating the buffer with kcalloc() with element size
sizeof(long) instead of kzalloc() whose elements size defaults to
sizeof(char).
Fixes: d7c30c682a27 ("sh: Store Queue API rework.")
Reviewed-by: Geert Uytterhoeven <geert+renesas@glider.be>
Signed-off-by: John Paul Adrian Glaubitz <glaubitz@physik.fu-berlin.de>
Link: https://lore.kernel.org/r/20230419114854.528677-1-glaubitz@physik.fu-berlin.de
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/sh/kernel/cpu/sh4/sq.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/arch/sh/kernel/cpu/sh4/sq.c b/arch/sh/kernel/cpu/sh4/sq.c
index d432164b23b7c..c31ec0fea3003 100644
--- a/arch/sh/kernel/cpu/sh4/sq.c
+++ b/arch/sh/kernel/cpu/sh4/sq.c
@@ -381,7 +381,7 @@ static int __init sq_api_init(void)
if (unlikely(!sq_cache))
return ret;
- sq_bitmap = kzalloc(size, GFP_KERNEL);
+ sq_bitmap = kcalloc(size, sizeof(long), GFP_KERNEL);
if (unlikely(!sq_bitmap))
goto out;
--
2.39.2
^ permalink raw reply related [flat|nested] 391+ messages in thread
* [PATCH 5.15 270/371] usb: gadget: tegra-xudc: Fix crash in vbus_draw
2023-05-08 9:43 [PATCH 5.15 000/371] 5.15.111-rc1 review Greg Kroah-Hartman
` (268 preceding siblings ...)
2023-05-08 9:47 ` [PATCH 5.15 269/371] sh: sq: Fix incorrect element size for allocating bitmap buffer Greg Kroah-Hartman
@ 2023-05-08 9:47 ` Greg Kroah-Hartman
2023-05-08 9:47 ` [PATCH 5.15 271/371] usb: chipidea: fix missing goto in `ci_hdrc_probe` Greg Kroah-Hartman
` (104 subsequent siblings)
374 siblings, 0 replies; 391+ messages in thread
From: Greg Kroah-Hartman @ 2023-05-08 9:47 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Thierry Reding, Jon Hunter, Sasha Levin
From: Jon Hunter <jonathanh@nvidia.com>
[ Upstream commit 5629d31955297ca47b9283c64fff70f2f34aa528 ]
Commit ac82b56bda5f ("usb: gadget: tegra-xudc: Add vbus_draw support")
populated the vbus_draw callback for the Tegra XUDC driver. The function
tegra_xudc_gadget_vbus_draw(), that was added by this commit, assumes
that the pointer 'curr_usbphy' has been initialised, which is not always
the case because this is only initialised when the USB role is updated.
Fix this crash, by checking that the 'curr_usbphy' is valid before
dereferencing.
Fixes: ac82b56bda5f ("usb: gadget: tegra-xudc: Add vbus_draw support")
Reviewed-by: Thierry Reding <treding@nvidia.com>
Signed-off-by: Jon Hunter <jonathanh@nvidia.com>
Link: https://lore.kernel.org/r/20230405181854.42355-1-jonathanh@nvidia.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/usb/gadget/udc/tegra-xudc.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/usb/gadget/udc/tegra-xudc.c b/drivers/usb/gadget/udc/tegra-xudc.c
index cb4ddfa52cb0f..1cb4258077bd3 100644
--- a/drivers/usb/gadget/udc/tegra-xudc.c
+++ b/drivers/usb/gadget/udc/tegra-xudc.c
@@ -2154,7 +2154,7 @@ static int tegra_xudc_gadget_vbus_draw(struct usb_gadget *gadget,
dev_dbg(xudc->dev, "%s: %u mA\n", __func__, m_a);
- if (xudc->curr_usbphy->chg_type == SDP_TYPE)
+ if (xudc->curr_usbphy && xudc->curr_usbphy->chg_type == SDP_TYPE)
ret = usb_phy_set_power(xudc->curr_usbphy, m_a);
return ret;
--
2.39.2
^ permalink raw reply related [flat|nested] 391+ messages in thread
* [PATCH 5.15 271/371] usb: chipidea: fix missing goto in `ci_hdrc_probe`
2023-05-08 9:43 [PATCH 5.15 000/371] 5.15.111-rc1 review Greg Kroah-Hartman
` (269 preceding siblings ...)
2023-05-08 9:47 ` [PATCH 5.15 270/371] usb: gadget: tegra-xudc: Fix crash in vbus_draw Greg Kroah-Hartman
@ 2023-05-08 9:47 ` Greg Kroah-Hartman
2023-05-08 9:47 ` [PATCH 5.15 272/371] usb: mtu3: fix kernel panic at qmu transfer done irq handler Greg Kroah-Hartman
` (103 subsequent siblings)
374 siblings, 0 replies; 391+ messages in thread
From: Greg Kroah-Hartman @ 2023-05-08 9:47 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Dongliang Mu, Peter Chen, Yinhao Hu,
Sasha Levin
From: Yinhao Hu <dddddd@hust.edu.cn>
[ Upstream commit d6f712f53b79f5017cdcefafb7a5aea9ec52da5d ]
>From the comment of ci_usb_phy_init, it returns an error code if
usb_phy_init has failed, and it should do some clean up, not just
return directly.
Fix this by goto the error handling.
Fixes: 74475ede784d ("usb: chipidea: move PHY operation to core")
Reviewed-by: Dongliang Mu <dzm91@hust.edu.cn>
Acked-by: Peter Chen <peter.chen@kernel.org>
Signed-off-by: Yinhao Hu <dddddd@hust.edu.cn>
Link: https://lore.kernel.org/r/20230412055852.971991-1-dddddd@hust.edu.cn
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/usb/chipidea/core.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/usb/chipidea/core.c b/drivers/usb/chipidea/core.c
index a9869975ce32f..0e8f4aa031f81 100644
--- a/drivers/usb/chipidea/core.c
+++ b/drivers/usb/chipidea/core.c
@@ -1098,7 +1098,7 @@ static int ci_hdrc_probe(struct platform_device *pdev)
ret = ci_usb_phy_init(ci);
if (ret) {
dev_err(dev, "unable to init phy: %d\n", ret);
- return ret;
+ goto ulpi_exit;
}
ci->hw_bank.phys = res->start;
--
2.39.2
^ permalink raw reply related [flat|nested] 391+ messages in thread
* [PATCH 5.15 272/371] usb: mtu3: fix kernel panic at qmu transfer done irq handler
2023-05-08 9:43 [PATCH 5.15 000/371] 5.15.111-rc1 review Greg Kroah-Hartman
` (270 preceding siblings ...)
2023-05-08 9:47 ` [PATCH 5.15 271/371] usb: chipidea: fix missing goto in `ci_hdrc_probe` Greg Kroah-Hartman
@ 2023-05-08 9:47 ` Greg Kroah-Hartman
2023-05-08 9:47 ` [PATCH 5.15 273/371] firmware: stratix10-svc: Fix an NULL vs IS_ERR() bug in probe Greg Kroah-Hartman
` (102 subsequent siblings)
374 siblings, 0 replies; 391+ messages in thread
From: Greg Kroah-Hartman @ 2023-05-08 9:47 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Chunfeng Yun, Sasha Levin
From: Chunfeng Yun <chunfeng.yun@mediatek.com>
[ Upstream commit d28f4091ea7ec3510fd6a3c6d433234e7a2bef14 ]
When handle qmu transfer irq, it will unlock @mtu->lock before give back
request, if another thread handle disconnect event at the same time, and
try to disable ep, it may lock @mtu->lock and free qmu ring, then qmu
irq hanlder may get a NULL gpd, avoid the KE by checking gpd's value before
handling it.
e.g.
qmu done irq on cpu0 thread running on cpu1
qmu_done_tx()
handle gpd [0]
mtu3_requ_complete() mtu3_gadget_ep_disable()
unlock @mtu->lock
give back request lock @mtu->lock
mtu3_ep_disable()
mtu3_gpd_ring_free()
unlock @mtu->lock
lock @mtu->lock
get next gpd [1]
[1]: goto [0] to handle next gpd, and next gpd may be NULL.
Fixes: 48e0d3735aa5 ("usb: mtu3: supports new QMU format")
Signed-off-by: Chunfeng Yun <chunfeng.yun@mediatek.com>
Link: https://lore.kernel.org/r/20230417025203.18097-3-chunfeng.yun@mediatek.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/usb/mtu3/mtu3_qmu.c | 5 +++--
1 file changed, 3 insertions(+), 2 deletions(-)
diff --git a/drivers/usb/mtu3/mtu3_qmu.c b/drivers/usb/mtu3/mtu3_qmu.c
index 2ea3157ddb6e2..e65586147965d 100644
--- a/drivers/usb/mtu3/mtu3_qmu.c
+++ b/drivers/usb/mtu3/mtu3_qmu.c
@@ -210,6 +210,7 @@ static struct qmu_gpd *advance_enq_gpd(struct mtu3_gpd_ring *ring)
return ring->enqueue;
}
+/* @dequeue may be NULL if ring is unallocated or freed */
static struct qmu_gpd *advance_deq_gpd(struct mtu3_gpd_ring *ring)
{
if (ring->dequeue < ring->end)
@@ -484,7 +485,7 @@ static void qmu_done_tx(struct mtu3 *mtu, u8 epnum)
dev_dbg(mtu->dev, "%s EP%d, last=%p, current=%p, enq=%p\n",
__func__, epnum, gpd, gpd_current, ring->enqueue);
- while (gpd != gpd_current && !GET_GPD_HWO(gpd)) {
+ while (gpd && gpd != gpd_current && !GET_GPD_HWO(gpd)) {
mreq = next_request(mep);
@@ -523,7 +524,7 @@ static void qmu_done_rx(struct mtu3 *mtu, u8 epnum)
dev_dbg(mtu->dev, "%s EP%d, last=%p, current=%p, enq=%p\n",
__func__, epnum, gpd, gpd_current, ring->enqueue);
- while (gpd != gpd_current && !GET_GPD_HWO(gpd)) {
+ while (gpd && gpd != gpd_current && !GET_GPD_HWO(gpd)) {
mreq = next_request(mep);
--
2.39.2
^ permalink raw reply related [flat|nested] 391+ messages in thread
* [PATCH 5.15 273/371] firmware: stratix10-svc: Fix an NULL vs IS_ERR() bug in probe
2023-05-08 9:43 [PATCH 5.15 000/371] 5.15.111-rc1 review Greg Kroah-Hartman
` (271 preceding siblings ...)
2023-05-08 9:47 ` [PATCH 5.15 272/371] usb: mtu3: fix kernel panic at qmu transfer done irq handler Greg Kroah-Hartman
@ 2023-05-08 9:47 ` Greg Kroah-Hartman
2023-05-08 9:47 ` [PATCH 5.15 274/371] tty: serial: fsl_lpuart: adjust buffer length to the intended size Greg Kroah-Hartman
` (101 subsequent siblings)
374 siblings, 0 replies; 391+ messages in thread
From: Greg Kroah-Hartman @ 2023-05-08 9:47 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Dan Carpenter, Sasha Levin
From: Dan Carpenter <dan.carpenter@linaro.org>
[ Upstream commit e1d6ca042e62c2a69513235f8629eb6e62ca79c5 ]
The svc_create_memory_pool() function returns error pointers. It never
returns NULL. Fix the check.
Fixes: 7ca5ce896524 ("firmware: add Intel Stratix10 service layer driver")
Signed-off-by: Dan Carpenter <dan.carpenter@linaro.org>
Link: https://lore.kernel.org/r/5f9a8cb4-5a4f-460b-9cdc-2fae6c5b7922@kili.mountain
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/firmware/stratix10-svc.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/drivers/firmware/stratix10-svc.c b/drivers/firmware/stratix10-svc.c
index 4fdd75f1e86ea..2b50dc21fba1e 100644
--- a/drivers/firmware/stratix10-svc.c
+++ b/drivers/firmware/stratix10-svc.c
@@ -989,8 +989,8 @@ static int stratix10_svc_drv_probe(struct platform_device *pdev)
return ret;
genpool = svc_create_memory_pool(pdev, sh_memory);
- if (!genpool)
- return -ENOMEM;
+ if (IS_ERR(genpool))
+ return PTR_ERR(genpool);
/* allocate service controller and supporting channel */
controller = devm_kzalloc(dev, sizeof(*controller), GFP_KERNEL);
--
2.39.2
^ permalink raw reply related [flat|nested] 391+ messages in thread
* [PATCH 5.15 274/371] tty: serial: fsl_lpuart: adjust buffer length to the intended size
2023-05-08 9:43 [PATCH 5.15 000/371] 5.15.111-rc1 review Greg Kroah-Hartman
` (272 preceding siblings ...)
2023-05-08 9:47 ` [PATCH 5.15 273/371] firmware: stratix10-svc: Fix an NULL vs IS_ERR() bug in probe Greg Kroah-Hartman
@ 2023-05-08 9:47 ` Greg Kroah-Hartman
2023-05-08 9:47 ` [PATCH 5.15 275/371] serial: 8250: Add missing wakeup event reporting Greg Kroah-Hartman
` (100 subsequent siblings)
374 siblings, 0 replies; 391+ messages in thread
From: Greg Kroah-Hartman @ 2023-05-08 9:47 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Shenwei Wang, Sasha Levin
From: Shenwei Wang <shenwei.wang@nxp.com>
[ Upstream commit f73fd750552524b06b5d77ebfdd106ccc8fcac61 ]
Based on the fls function definition provided below, we should not
subtract 1 to obtain the correct buffer length:
fls(0) = 0, fls(1) = 1, fls(0x80000000) = 32.
Fixes: 5887ad43ee02 ("tty: serial: fsl_lpuart: Use cyclic DMA for Rx")
Signed-off-by: Shenwei Wang <shenwei.wang@nxp.com>
Link: https://lore.kernel.org/r/20230410195555.1003900-1-shenwei.wang@nxp.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/tty/serial/fsl_lpuart.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/tty/serial/fsl_lpuart.c b/drivers/tty/serial/fsl_lpuart.c
index 5cabc3c85eb1c..00a941db8dcb7 100644
--- a/drivers/tty/serial/fsl_lpuart.c
+++ b/drivers/tty/serial/fsl_lpuart.c
@@ -1250,7 +1250,7 @@ static inline int lpuart_start_rx_dma(struct lpuart_port *sport)
* 10ms at any baud rate.
*/
sport->rx_dma_rng_buf_len = (DMA_RX_TIMEOUT * baud / bits / 1000) * 2;
- sport->rx_dma_rng_buf_len = (1 << (fls(sport->rx_dma_rng_buf_len) - 1));
+ sport->rx_dma_rng_buf_len = (1 << fls(sport->rx_dma_rng_buf_len));
if (sport->rx_dma_rng_buf_len < 16)
sport->rx_dma_rng_buf_len = 16;
--
2.39.2
^ permalink raw reply related [flat|nested] 391+ messages in thread
* [PATCH 5.15 275/371] serial: 8250: Add missing wakeup event reporting
2023-05-08 9:43 [PATCH 5.15 000/371] 5.15.111-rc1 review Greg Kroah-Hartman
` (273 preceding siblings ...)
2023-05-08 9:47 ` [PATCH 5.15 274/371] tty: serial: fsl_lpuart: adjust buffer length to the intended size Greg Kroah-Hartman
@ 2023-05-08 9:47 ` Greg Kroah-Hartman
2023-05-08 9:47 ` [PATCH 5.15 276/371] staging: rtl8192e: Fix W_DISABLE# does not work after stop/start Greg Kroah-Hartman
` (99 subsequent siblings)
374 siblings, 0 replies; 391+ messages in thread
From: Greg Kroah-Hartman @ 2023-05-08 9:47 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Florian Fainelli, Sasha Levin
From: Florian Fainelli <f.fainelli@gmail.com>
[ Upstream commit 0ba9e3a13c6adfa99e32b2576d20820ab10ad48a ]
An 8250 UART configured as a wake-up source would not have reported
itself through sysfs as being the source of wake-up, correct that.
Fixes: b3b708fa2780 ("wake up from a serial port")
Signed-off-by: Florian Fainelli <f.fainelli@gmail.com>
Link: https://lore.kernel.org/r/20230414170241.2016255-1-f.fainelli@gmail.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/tty/serial/8250/8250_port.c | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/drivers/tty/serial/8250/8250_port.c b/drivers/tty/serial/8250/8250_port.c
index 691e7a07565c5..5939f510cb0cf 100644
--- a/drivers/tty/serial/8250/8250_port.c
+++ b/drivers/tty/serial/8250/8250_port.c
@@ -15,6 +15,7 @@
#include <linux/moduleparam.h>
#include <linux/ioport.h>
#include <linux/init.h>
+#include <linux/irq.h>
#include <linux/console.h>
#include <linux/gpio/consumer.h>
#include <linux/sysrq.h>
@@ -1904,6 +1905,7 @@ int serial8250_handle_irq(struct uart_port *port, unsigned int iir)
{
unsigned char status;
struct uart_8250_port *up = up_to_u8250p(port);
+ struct tty_port *tport = &port->state->port;
bool skip_rx = false;
unsigned long flags;
@@ -1928,6 +1930,8 @@ int serial8250_handle_irq(struct uart_port *port, unsigned int iir)
skip_rx = true;
if (status & (UART_LSR_DR | UART_LSR_BI) && !skip_rx) {
+ if (irqd_is_wakeup_set(irq_get_irq_data(port->irq)))
+ pm_wakeup_event(tport->tty->dev, 0);
if (!up->dma || handle_rx_dma(up, iir))
status = serial8250_rx_chars(up, status);
}
--
2.39.2
^ permalink raw reply related [flat|nested] 391+ messages in thread
* [PATCH 5.15 276/371] staging: rtl8192e: Fix W_DISABLE# does not work after stop/start
2023-05-08 9:43 [PATCH 5.15 000/371] 5.15.111-rc1 review Greg Kroah-Hartman
` (274 preceding siblings ...)
2023-05-08 9:47 ` [PATCH 5.15 275/371] serial: 8250: Add missing wakeup event reporting Greg Kroah-Hartman
@ 2023-05-08 9:47 ` Greg Kroah-Hartman
2023-05-08 9:47 ` [PATCH 5.15 277/371] spmi: Add a check for remove callback when removing a SPMI driver Greg Kroah-Hartman
` (98 subsequent siblings)
374 siblings, 0 replies; 391+ messages in thread
From: Greg Kroah-Hartman @ 2023-05-08 9:47 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Philipp Hortmann, Sasha Levin
From: Philipp Hortmann <philipp.g.hortmann@gmail.com>
[ Upstream commit 3fac2397f562eb669ddc2f45867a253f3fc26184 ]
When loading the driver for rtl8192e, the W_DISABLE# switch is working as
intended. But when the WLAN is turned off in software and then turned on
again the W_DISABLE# does not work anymore. Reason for this is that in
the function _rtl92e_dm_check_rf_ctrl_gpio() the bfirst_after_down is
checked and returned when true. bfirst_after_down is set true when
switching the WLAN off in software. But it is not set to false again
when WLAN is turned on again.
Add bfirst_after_down = false in _rtl92e_sta_up to reset bit and fix
above described bug.
Fixes: 94a799425eee ("From: wlanfae <wlanfae@realtek.com> [PATCH 1/8] rtl8192e: Import new version of driver from realtek")
Signed-off-by: Philipp Hortmann <philipp.g.hortmann@gmail.com>
Link: https://lore.kernel.org/r/20230418200201.GA17398@matrix-ESPRIMO-P710
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/staging/rtl8192e/rtl8192e/rtl_core.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/drivers/staging/rtl8192e/rtl8192e/rtl_core.c b/drivers/staging/rtl8192e/rtl8192e/rtl_core.c
index 616ab3c8fde4f..48c696df8d015 100644
--- a/drivers/staging/rtl8192e/rtl8192e/rtl_core.c
+++ b/drivers/staging/rtl8192e/rtl8192e/rtl_core.c
@@ -768,6 +768,7 @@ static int _rtl92e_sta_up(struct net_device *dev, bool is_silent_reset)
else
netif_wake_queue(dev);
+ priv->bfirst_after_down = false;
return 0;
}
--
2.39.2
^ permalink raw reply related [flat|nested] 391+ messages in thread
* [PATCH 5.15 277/371] spmi: Add a check for remove callback when removing a SPMI driver
2023-05-08 9:43 [PATCH 5.15 000/371] 5.15.111-rc1 review Greg Kroah-Hartman
` (275 preceding siblings ...)
2023-05-08 9:47 ` [PATCH 5.15 276/371] staging: rtl8192e: Fix W_DISABLE# does not work after stop/start Greg Kroah-Hartman
@ 2023-05-08 9:47 ` Greg Kroah-Hartman
2023-05-08 9:47 ` [PATCH 5.15 278/371] virtio_ring: dont update event idx on get_buf Greg Kroah-Hartman
` (97 subsequent siblings)
374 siblings, 0 replies; 391+ messages in thread
From: Greg Kroah-Hartman @ 2023-05-08 9:47 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Jishnu Prakash, Stephen Boyd, Sasha Levin
From: Jishnu Prakash <quic_jprakash@quicinc.com>
[ Upstream commit b56eef3e16d888883fefab47425036de80dd38fc ]
When removing a SPMI driver, there can be a crash due to NULL pointer
dereference if it does not have a remove callback defined. This is
one such call trace observed when removing the QCOM SPMI PMIC driver:
dump_backtrace.cfi_jt+0x0/0x8
dump_stack_lvl+0xd8/0x16c
panic+0x188/0x498
__cfi_slowpath+0x0/0x214
__cfi_slowpath+0x1dc/0x214
spmi_drv_remove+0x16c/0x1e0
device_release_driver_internal+0x468/0x79c
driver_detach+0x11c/0x1a0
bus_remove_driver+0xc4/0x124
driver_unregister+0x58/0x84
cleanup_module+0x1c/0xc24 [qcom_spmi_pmic]
__do_sys_delete_module+0x3ec/0x53c
__arm64_sys_delete_module+0x18/0x28
el0_svc_common+0xdc/0x294
el0_svc+0x38/0x9c
el0_sync_handler+0x8c/0xf0
el0_sync+0x1b4/0x1c0
If a driver has all its resources allocated through devm_() APIs and
does not need any other explicit cleanup, it would not require a
remove callback to be defined. Hence, add a check for remove callback
presence before calling it when removing a SPMI driver.
Link: https://lore.kernel.org/r/1671601032-18397-2-git-send-email-quic_jprakash@quicinc.com
Fixes: 6f00f8c8635f ("mfd: qcom-spmi-pmic: Use devm_of_platform_populate()")
Fixes: 5a86bf343976 ("spmi: Linux driver framework for SPMI")
Signed-off-by: Jishnu Prakash <quic_jprakash@quicinc.com>
Signed-off-by: Stephen Boyd <sboyd@kernel.org>
Link: https://lore.kernel.org/r/20230413223834.4084793-7-sboyd@kernel.org
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/spmi/spmi.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/drivers/spmi/spmi.c b/drivers/spmi/spmi.c
index b37ead9e2fade..38913c0f11158 100644
--- a/drivers/spmi/spmi.c
+++ b/drivers/spmi/spmi.c
@@ -350,7 +350,8 @@ static void spmi_drv_remove(struct device *dev)
const struct spmi_driver *sdrv = to_spmi_driver(dev->driver);
pm_runtime_get_sync(dev);
- sdrv->remove(to_spmi_device(dev));
+ if (sdrv->remove)
+ sdrv->remove(to_spmi_device(dev));
pm_runtime_put_noidle(dev);
pm_runtime_disable(dev);
--
2.39.2
^ permalink raw reply related [flat|nested] 391+ messages in thread
* [PATCH 5.15 278/371] virtio_ring: dont update event idx on get_buf
2023-05-08 9:43 [PATCH 5.15 000/371] 5.15.111-rc1 review Greg Kroah-Hartman
` (276 preceding siblings ...)
2023-05-08 9:47 ` [PATCH 5.15 277/371] spmi: Add a check for remove callback when removing a SPMI driver Greg Kroah-Hartman
@ 2023-05-08 9:47 ` Greg Kroah-Hartman
2023-05-08 9:48 ` [PATCH 5.15 279/371] spi: bcm63xx: remove PM_SLEEP based conditional compilation Greg Kroah-Hartman
` (96 subsequent siblings)
374 siblings, 0 replies; 391+ messages in thread
From: Greg Kroah-Hartman @ 2023-05-08 9:47 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Albert Huang, Michael S. Tsirkin,
Jason Wang, Sasha Levin
From: Albert Huang <huangjie.albert@bytedance.com>
[ Upstream commit 6c0b057cec5eade4c3afec3908821176931a9997 ]
In virtio_net, if we disable napi_tx, when we trigger a tx interrupt,
the vq->event_triggered will be set to true. It is then never reset
until we explicitly call virtqueue_enable_cb_delayed or
virtqueue_enable_cb_prepare.
If we disable the napi_tx, virtqueue_enable_cb* will only be called when
the tx ring is getting relatively empty.
Since event_triggered is true, VRING_AVAIL_F_NO_INTERRUPT or
VRING_PACKED_EVENT_FLAG_DISABLE will not be set. As a result we update
vring_used_event(&vq->split.vring) or vq->packed.vring.driver->off_wrap
every time we call virtqueue_get_buf_ctx. This causes more interrupts.
To summarize:
1) event_triggered was set to true in vring_interrupt()
2) after this nothing will happen in virtqueue_disable_cb() so
VRING_AVAIL_F_NO_INTERRUPT is not set in avail_flags_shadow
3) virtqueue_get_buf_ctx_split() will still think the cb is enabled
and then it will publish a new event index
To fix:
update VRING_AVAIL_F_NO_INTERRUPT or VRING_PACKED_EVENT_FLAG_DISABLE in
the vq when we call virtqueue_disable_cb even when event_triggered is
true.
Tested with iperf:
iperf3 tcp stream:
vm1 -----------------> vm2
vm2 just receives tcp data stream from vm1, and sends acks to vm1,
there are many tx interrupts in vm2.
with the patch applied there are just a few tx interrupts.
v2->v3:
-update the interrupt disable flag even with the event_triggered is set,
-instead of checking whether event_triggered is set in
-virtqueue_get_buf_ctx_{packed/split}, will cause the drivers which have
-not called virtqueue_{enable/disable}_cb to miss notifications.
v3->v4:
-remove change for
-"if (vq->packed.event_flags_shadow != VRING_PACKED_EVENT_FLAG_DISABLE)"
-in virtqueue_disable_cb_packed
Fixes: 8d622d21d248 ("virtio: fix up virtio_disable_cb")
Signed-off-by: Albert Huang <huangjie.albert@bytedance.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Jason Wang <jasowang@redhat.com>
Message-Id: <20230329102300.61000-1-huangjie.albert@bytedance.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/virtio/virtio_ring.c | 22 ++++++++++++++++------
1 file changed, 16 insertions(+), 6 deletions(-)
diff --git a/drivers/virtio/virtio_ring.c b/drivers/virtio/virtio_ring.c
index 603a6f4345efd..800df63c58692 100644
--- a/drivers/virtio/virtio_ring.c
+++ b/drivers/virtio/virtio_ring.c
@@ -809,6 +809,14 @@ static void virtqueue_disable_cb_split(struct virtqueue *_vq)
if (!(vq->split.avail_flags_shadow & VRING_AVAIL_F_NO_INTERRUPT)) {
vq->split.avail_flags_shadow |= VRING_AVAIL_F_NO_INTERRUPT;
+
+ /*
+ * If device triggered an event already it won't trigger one again:
+ * no need to disable.
+ */
+ if (vq->event_triggered)
+ return;
+
if (vq->event)
/* TODO: this is a hack. Figure out a cleaner value to write. */
vring_used_event(&vq->split.vring) = 0x0;
@@ -1500,6 +1508,14 @@ static void virtqueue_disable_cb_packed(struct virtqueue *_vq)
if (vq->packed.event_flags_shadow != VRING_PACKED_EVENT_FLAG_DISABLE) {
vq->packed.event_flags_shadow = VRING_PACKED_EVENT_FLAG_DISABLE;
+
+ /*
+ * If device triggered an event already it won't trigger one again:
+ * no need to disable.
+ */
+ if (vq->event_triggered)
+ return;
+
vq->packed.vring.driver->flags =
cpu_to_le16(vq->packed.event_flags_shadow);
}
@@ -2019,12 +2035,6 @@ void virtqueue_disable_cb(struct virtqueue *_vq)
{
struct vring_virtqueue *vq = to_vvq(_vq);
- /* If device triggered an event already it won't trigger one again:
- * no need to disable.
- */
- if (vq->event_triggered)
- return;
-
if (vq->packed_ring)
virtqueue_disable_cb_packed(_vq);
else
--
2.39.2
^ permalink raw reply related [flat|nested] 391+ messages in thread
* [PATCH 5.15 279/371] spi: bcm63xx: remove PM_SLEEP based conditional compilation
2023-05-08 9:43 [PATCH 5.15 000/371] 5.15.111-rc1 review Greg Kroah-Hartman
` (277 preceding siblings ...)
2023-05-08 9:47 ` [PATCH 5.15 278/371] virtio_ring: dont update event idx on get_buf Greg Kroah-Hartman
@ 2023-05-08 9:48 ` Greg Kroah-Hartman
2023-05-08 9:48 ` [PATCH 5.15 280/371] macintosh/windfarm_smu_sat: Add missing of_node_put() Greg Kroah-Hartman
` (95 subsequent siblings)
374 siblings, 0 replies; 391+ messages in thread
From: Greg Kroah-Hartman @ 2023-05-08 9:48 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Dhruva Gole, Mark Brown, Sasha Levin
From: Dhruva Gole <d-gole@ti.com>
[ Upstream commit 25f0617109496e1aff49594fbae5644286447a0f ]
Get rid of conditional compilation based on CONFIG_PM_SLEEP because
it may introduce build issues with certain configs where it maybe disabled
This is because if above config is not enabled the suspend-resume
functions are never part of the code but the bcm63xx_spi_pm_ops struct
still inits them to non-existent suspend-resume functions.
Fixes: b42dfed83d95 ("spi: add Broadcom BCM63xx SPI controller driver")
Signed-off-by: Dhruva Gole <d-gole@ti.com>
Link: https://lore.kernel.org/r/20230420121615.967487-1-d-gole@ti.com
Signed-off-by: Mark Brown <broonie@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/spi/spi-bcm63xx.c | 2 --
1 file changed, 2 deletions(-)
diff --git a/drivers/spi/spi-bcm63xx.c b/drivers/spi/spi-bcm63xx.c
index 80fa0ef8909ca..0324ab3ce1c84 100644
--- a/drivers/spi/spi-bcm63xx.c
+++ b/drivers/spi/spi-bcm63xx.c
@@ -630,7 +630,6 @@ static int bcm63xx_spi_remove(struct platform_device *pdev)
return 0;
}
-#ifdef CONFIG_PM_SLEEP
static int bcm63xx_spi_suspend(struct device *dev)
{
struct spi_master *master = dev_get_drvdata(dev);
@@ -657,7 +656,6 @@ static int bcm63xx_spi_resume(struct device *dev)
return 0;
}
-#endif
static const struct dev_pm_ops bcm63xx_spi_pm_ops = {
SET_SYSTEM_SLEEP_PM_OPS(bcm63xx_spi_suspend, bcm63xx_spi_resume)
--
2.39.2
^ permalink raw reply related [flat|nested] 391+ messages in thread
* [PATCH 5.15 280/371] macintosh/windfarm_smu_sat: Add missing of_node_put()
2023-05-08 9:43 [PATCH 5.15 000/371] 5.15.111-rc1 review Greg Kroah-Hartman
` (278 preceding siblings ...)
2023-05-08 9:48 ` [PATCH 5.15 279/371] spi: bcm63xx: remove PM_SLEEP based conditional compilation Greg Kroah-Hartman
@ 2023-05-08 9:48 ` Greg Kroah-Hartman
2023-05-08 9:48 ` [PATCH 5.15 281/371] powerpc/mpc512x: fix resource printk format warning Greg Kroah-Hartman
` (94 subsequent siblings)
374 siblings, 0 replies; 391+ messages in thread
From: Greg Kroah-Hartman @ 2023-05-08 9:48 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Liang He, Michael Ellerman, Sasha Levin
From: Liang He <windhl@126.com>
[ Upstream commit 631cf002826007ab7415258ee647dcaf8845ad5a ]
We call of_node_get() in wf_sat_probe() after sat is created,
so we need the of_node_put() before *kfree(sat)*.
Fixes: ac171c46667c ("[PATCH] powerpc: Thermal control for dual core G5s")
Signed-off-by: Liang He <windhl@126.com>
Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>
Link: https://msgid.link/20230330033558.2562778-1-windhl@126.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/macintosh/windfarm_smu_sat.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/drivers/macintosh/windfarm_smu_sat.c b/drivers/macintosh/windfarm_smu_sat.c
index e46e1153a0b43..7d7d6213e32aa 100644
--- a/drivers/macintosh/windfarm_smu_sat.c
+++ b/drivers/macintosh/windfarm_smu_sat.c
@@ -171,6 +171,7 @@ static void wf_sat_release(struct kref *ref)
if (sat->nr >= 0)
sats[sat->nr] = NULL;
+ of_node_put(sat->node);
kfree(sat);
}
--
2.39.2
^ permalink raw reply related [flat|nested] 391+ messages in thread
* [PATCH 5.15 281/371] powerpc/mpc512x: fix resource printk format warning
2023-05-08 9:43 [PATCH 5.15 000/371] 5.15.111-rc1 review Greg Kroah-Hartman
` (279 preceding siblings ...)
2023-05-08 9:48 ` [PATCH 5.15 280/371] macintosh/windfarm_smu_sat: Add missing of_node_put() Greg Kroah-Hartman
@ 2023-05-08 9:48 ` Greg Kroah-Hartman
2023-05-08 9:48 ` [PATCH 5.15 282/371] powerpc/wii: fix resource printk format warnings Greg Kroah-Hartman
` (93 subsequent siblings)
374 siblings, 0 replies; 391+ messages in thread
From: Greg Kroah-Hartman @ 2023-05-08 9:48 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Randy Dunlap, Michael Ellerman, Sasha Levin
From: Randy Dunlap <rdunlap@infradead.org>
[ Upstream commit 7538c97e2b80ff6b7a8ea2ecf16a04355461b439 ]
Use "%pa" format specifier for resource_size_t to avoid a compiler
printk format warning.
../arch/powerpc/platforms/512x/clock-commonclk.c: In function 'mpc5121_clk_provide_backwards_compat':
../arch/powerpc/platforms/512x/clock-commonclk.c:989:44: error: format '%x' expects argument of type 'unsigned int', but argument 4 has type 'resource_size_t' {aka 'long long unsigned int'} [-Werror=format=]
989 | snprintf(devname, sizeof(devname), "%08x.%s", res.start, np->name); \
| ^~~~~~~~~ ~~~~~~~~~
| |
| resource_size_t {aka long long unsigned int}
Prevents 24 such warnings.
Fixes: 01f25c371658 ("clk: mpc512x: add backwards compat to the CCF code")
Signed-off-by: Randy Dunlap <rdunlap@infradead.org>
Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>
Link: https://msgid.link/20230223070116.660-2-rdunlap@infradead.org
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/powerpc/platforms/512x/clock-commonclk.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/arch/powerpc/platforms/512x/clock-commonclk.c b/arch/powerpc/platforms/512x/clock-commonclk.c
index 30342b60aa63f..42c3d40355d90 100644
--- a/arch/powerpc/platforms/512x/clock-commonclk.c
+++ b/arch/powerpc/platforms/512x/clock-commonclk.c
@@ -984,7 +984,7 @@ static void mpc5121_clk_provide_migration_support(void)
#define NODE_PREP do { \
of_address_to_resource(np, 0, &res); \
- snprintf(devname, sizeof(devname), "%08x.%s", res.start, np->name); \
+ snprintf(devname, sizeof(devname), "%pa.%s", &res.start, np->name); \
} while (0)
#define NODE_CHK(clkname, clkitem, regnode, regflag) do { \
--
2.39.2
^ permalink raw reply related [flat|nested] 391+ messages in thread
* [PATCH 5.15 282/371] powerpc/wii: fix resource printk format warnings
2023-05-08 9:43 [PATCH 5.15 000/371] 5.15.111-rc1 review Greg Kroah-Hartman
` (280 preceding siblings ...)
2023-05-08 9:48 ` [PATCH 5.15 281/371] powerpc/mpc512x: fix resource printk format warning Greg Kroah-Hartman
@ 2023-05-08 9:48 ` Greg Kroah-Hartman
2023-05-08 9:48 ` [PATCH 5.15 283/371] powerpc/sysdev/tsi108: " Greg Kroah-Hartman
` (92 subsequent siblings)
374 siblings, 0 replies; 391+ messages in thread
From: Greg Kroah-Hartman @ 2023-05-08 9:48 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Randy Dunlap, Michael Ellerman, Sasha Levin
From: Randy Dunlap <rdunlap@infradead.org>
[ Upstream commit 7b69600d4da0049244e9be2f5ef5a2f8e04fcd9a ]
Use "%pa" format specifier for resource_size_t to avoid compiler
printk format warnings.
../arch/powerpc/platforms/embedded6xx/flipper-pic.c: In function 'flipper_pic_init':
../include/linux/kern_levels.h:5:25: error: format '%x' expects argument of type 'unsigned int', but argument 2 has type 'resource_size_t' {aka 'long long unsigned int'} [-Werror=format=]
../arch/powerpc/platforms/embedded6xx/flipper-pic.c:148:9: note: in expansion of macro 'pr_info'
148 | pr_info("controller at 0x%08x mapped to 0x%p\n", res.start, io_base);
| ^~~~~~~
../arch/powerpc/platforms/embedded6xx/hlwd-pic.c: In function 'hlwd_pic_init':
../include/linux/kern_levels.h:5:25: error: format '%x' expects argument of type 'unsigned int', but argument 2 has type 'resource_size_t' {aka 'long long unsigned int'} [-Werror=format=]
../arch/powerpc/platforms/embedded6xx/hlwd-pic.c:174:9: note: in expansion of macro 'pr_info'
174 | pr_info("controller at 0x%08x mapped to 0x%p\n", res.start, io_base);
| ^~~~~~~
../arch/powerpc/platforms/embedded6xx/wii.c: In function 'wii_ioremap_hw_regs':
../include/linux/kern_levels.h:5:25: error: format '%x' expects argument of type 'unsigned int', but argument 3 has type 'resource_size_t' {aka 'long long unsigned int'} [-Werror=format=]
../arch/powerpc/platforms/embedded6xx/wii.c:77:17: note: in expansion of macro 'pr_info'
77 | pr_info("%s at 0x%08x mapped to 0x%p\n", name,
| ^~~~~~~
Fixes: 028ee972f032 ("powerpc: gamecube/wii: flipper interrupt controller support")
Fixes: 9c21025c7845 ("powerpc: wii: hollywood interrupt controller support")
Fixes: 5a7ee3198dfa ("powerpc: wii: platform support")
Signed-off-by: Randy Dunlap <rdunlap@infradead.org>
Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>
Link: https://msgid.link/20230223070116.660-3-rdunlap@infradead.org
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/powerpc/platforms/embedded6xx/flipper-pic.c | 2 +-
arch/powerpc/platforms/embedded6xx/hlwd-pic.c | 2 +-
arch/powerpc/platforms/embedded6xx/wii.c | 4 ++--
3 files changed, 4 insertions(+), 4 deletions(-)
diff --git a/arch/powerpc/platforms/embedded6xx/flipper-pic.c b/arch/powerpc/platforms/embedded6xx/flipper-pic.c
index 609bda2ad5dd2..4d9200bdba78c 100644
--- a/arch/powerpc/platforms/embedded6xx/flipper-pic.c
+++ b/arch/powerpc/platforms/embedded6xx/flipper-pic.c
@@ -145,7 +145,7 @@ static struct irq_domain * __init flipper_pic_init(struct device_node *np)
}
io_base = ioremap(res.start, resource_size(&res));
- pr_info("controller at 0x%08x mapped to 0x%p\n", res.start, io_base);
+ pr_info("controller at 0x%pa mapped to 0x%p\n", &res.start, io_base);
__flipper_quiesce(io_base);
diff --git a/arch/powerpc/platforms/embedded6xx/hlwd-pic.c b/arch/powerpc/platforms/embedded6xx/hlwd-pic.c
index a4b020e4b6af0..132e5c175e2d6 100644
--- a/arch/powerpc/platforms/embedded6xx/hlwd-pic.c
+++ b/arch/powerpc/platforms/embedded6xx/hlwd-pic.c
@@ -171,7 +171,7 @@ static struct irq_domain *hlwd_pic_init(struct device_node *np)
return NULL;
}
- pr_info("controller at 0x%08x mapped to 0x%p\n", res.start, io_base);
+ pr_info("controller at 0x%pa mapped to 0x%p\n", &res.start, io_base);
__hlwd_quiesce(io_base);
diff --git a/arch/powerpc/platforms/embedded6xx/wii.c b/arch/powerpc/platforms/embedded6xx/wii.c
index a802ef957d63e..458a63a30e803 100644
--- a/arch/powerpc/platforms/embedded6xx/wii.c
+++ b/arch/powerpc/platforms/embedded6xx/wii.c
@@ -89,8 +89,8 @@ static void __iomem *wii_ioremap_hw_regs(char *name, char *compatible)
hw_regs = ioremap(res.start, resource_size(&res));
if (hw_regs) {
- pr_info("%s at 0x%08x mapped to 0x%p\n", name,
- res.start, hw_regs);
+ pr_info("%s at 0x%pa mapped to 0x%p\n", name,
+ &res.start, hw_regs);
}
out_put:
--
2.39.2
^ permalink raw reply related [flat|nested] 391+ messages in thread
* [PATCH 5.15 283/371] powerpc/sysdev/tsi108: fix resource printk format warnings
2023-05-08 9:43 [PATCH 5.15 000/371] 5.15.111-rc1 review Greg Kroah-Hartman
` (281 preceding siblings ...)
2023-05-08 9:48 ` [PATCH 5.15 282/371] powerpc/wii: fix resource printk format warnings Greg Kroah-Hartman
@ 2023-05-08 9:48 ` Greg Kroah-Hartman
2023-05-08 9:48 ` [PATCH 5.15 284/371] macintosh: via-pmu-led: requires ATA to be set Greg Kroah-Hartman
` (91 subsequent siblings)
374 siblings, 0 replies; 391+ messages in thread
From: Greg Kroah-Hartman @ 2023-05-08 9:48 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Randy Dunlap, Michael Ellerman, Sasha Levin
From: Randy Dunlap <rdunlap@infradead.org>
[ Upstream commit 55d8bd02cc1b9f1063993b5c42c9cabf4af67dea ]
Use "%pa" format specifier for resource_size_t to avoid a compiler
printk format warning.
arch/powerpc/sysdev/tsi108_pci.c: In function 'tsi108_setup_pci':
include/linux/kern_levels.h:5:25: error: format '%x' expects argument of type 'unsigned int', but argument 2 has type 'resource_size_t'
Fixes: c4342ff92bed ("[POWERPC] Update mpc7448hpc2 board irq support using device tree")
Fixes: 2b9d7467a6db ("[POWERPC] Add tsi108 pci and platform device data register function")
Signed-off-by: Randy Dunlap <rdunlap@infradead.org>
[mpe: Use pr_info() and unsplit string]
Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>
Link: https://msgid.link/20230223070116.660-5-rdunlap@infradead.org
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/powerpc/sysdev/tsi108_pci.c | 5 ++---
1 file changed, 2 insertions(+), 3 deletions(-)
diff --git a/arch/powerpc/sysdev/tsi108_pci.c b/arch/powerpc/sysdev/tsi108_pci.c
index 042bb38fa5c24..a06297aa3f1be 100644
--- a/arch/powerpc/sysdev/tsi108_pci.c
+++ b/arch/powerpc/sysdev/tsi108_pci.c
@@ -216,9 +216,8 @@ int __init tsi108_setup_pci(struct device_node *dev, u32 cfg_phys, int primary)
(hose)->ops = &tsi108_direct_pci_ops;
- printk(KERN_INFO "Found tsi108 PCI host bridge at 0x%08x. "
- "Firmware bus number: %d->%d\n",
- rsrc.start, hose->first_busno, hose->last_busno);
+ pr_info("Found tsi108 PCI host bridge at 0x%pa. Firmware bus number: %d->%d\n",
+ &rsrc.start, hose->first_busno, hose->last_busno);
/* Interpret the "ranges" property */
/* This also maps the I/O region and sets isa_io/mem_base */
--
2.39.2
^ permalink raw reply related [flat|nested] 391+ messages in thread
* [PATCH 5.15 284/371] macintosh: via-pmu-led: requires ATA to be set
2023-05-08 9:43 [PATCH 5.15 000/371] 5.15.111-rc1 review Greg Kroah-Hartman
` (282 preceding siblings ...)
2023-05-08 9:48 ` [PATCH 5.15 283/371] powerpc/sysdev/tsi108: " Greg Kroah-Hartman
@ 2023-05-08 9:48 ` Greg Kroah-Hartman
2023-05-08 9:48 ` [PATCH 5.15 285/371] powerpc/rtas: use memmove for potentially overlapping buffer copy Greg Kroah-Hartman
` (90 subsequent siblings)
374 siblings, 0 replies; 391+ messages in thread
From: Greg Kroah-Hartman @ 2023-05-08 9:48 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Randy Dunlap, Michael Ellerman, Sasha Levin
From: Randy Dunlap <rdunlap@infradead.org>
[ Upstream commit 05dce4ba125336875cd3eed3c1503fa81cd2f691 ]
LEDS_TRIGGER_DISK depends on ATA, so selecting LEDS_TRIGGER_DISK
when ATA is not set/enabled causes a Kconfig warning:
WARNING: unmet direct dependencies detected for LEDS_TRIGGER_DISK
Depends on [n]: NEW_LEDS [=y] && LEDS_TRIGGERS [=y] && ATA [=n]
Selected by [y]:
- ADB_PMU_LED_DISK [=y] && MACINTOSH_DRIVERS [=y] && ADB_PMU_LED [=y] && LEDS_CLASS [=y]
Fix this by making ADB_PMU_LED_DISK depend on ATA.
Seen on both PPC32 and PPC64.
Fixes: 0e865a80c135 ("macintosh: Remove dependency on IDE_GD_ATA if ADB_PMU_LED_DISK is selected")
Signed-off-by: Randy Dunlap <rdunlap@infradead.org>
Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>
Link: https://msgid.link/20230223014241.20878-1-rdunlap@infradead.org
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/macintosh/Kconfig | 1 +
1 file changed, 1 insertion(+)
diff --git a/drivers/macintosh/Kconfig b/drivers/macintosh/Kconfig
index 539a2ed4e13dc..a0e717a986dcb 100644
--- a/drivers/macintosh/Kconfig
+++ b/drivers/macintosh/Kconfig
@@ -86,6 +86,7 @@ config ADB_PMU_LED
config ADB_PMU_LED_DISK
bool "Use front LED as DISK LED by default"
+ depends on ATA
depends on ADB_PMU_LED
depends on LEDS_CLASS
select LEDS_TRIGGERS
--
2.39.2
^ permalink raw reply related [flat|nested] 391+ messages in thread
* [PATCH 5.15 285/371] powerpc/rtas: use memmove for potentially overlapping buffer copy
2023-05-08 9:43 [PATCH 5.15 000/371] 5.15.111-rc1 review Greg Kroah-Hartman
` (283 preceding siblings ...)
2023-05-08 9:48 ` [PATCH 5.15 284/371] macintosh: via-pmu-led: requires ATA to be set Greg Kroah-Hartman
@ 2023-05-08 9:48 ` Greg Kroah-Hartman
2023-05-08 9:48 ` [PATCH 5.15 286/371] sched/fair: Use __schedstat_set() in set_next_entity() Greg Kroah-Hartman
` (89 subsequent siblings)
374 siblings, 0 replies; 391+ messages in thread
From: Greg Kroah-Hartman @ 2023-05-08 9:48 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Nathan Lynch, Andrew Donnellan,
Michael Ellerman, Sasha Levin
From: Nathan Lynch <nathanl@linux.ibm.com>
[ Upstream commit 271208ee5e335cb1ad280d22784940daf7ddf820 ]
Using memcpy() isn't safe when buf is identical to rtas_err_buf, which
can happen during boot before slab is up. Full context which may not
be obvious from the diff:
if (altbuf) {
buf = altbuf;
} else {
buf = rtas_err_buf;
if (slab_is_available())
buf = kmalloc(RTAS_ERROR_LOG_MAX, GFP_ATOMIC);
}
if (buf)
memcpy(buf, rtas_err_buf, RTAS_ERROR_LOG_MAX);
This was found by inspection and I'm not aware of it causing problems
in practice. It appears to have been introduced by commit
033ef338b6e0 ("powerpc: Merge rtas.c into arch/powerpc/kernel"); the
old ppc64 version of this code did not have this problem.
Use memmove() instead.
Fixes: 033ef338b6e0 ("powerpc: Merge rtas.c into arch/powerpc/kernel")
Signed-off-by: Nathan Lynch <nathanl@linux.ibm.com>
Reviewed-by: Andrew Donnellan <ajd@linux.ibm.com>
Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>
Link: https://msgid.link/20230220-rtas-queue-for-6-4-v1-2-010e4416f13f@linux.ibm.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/powerpc/kernel/rtas.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/arch/powerpc/kernel/rtas.c b/arch/powerpc/kernel/rtas.c
index 2dae702e7a5a7..a4cd2484dbca2 100644
--- a/arch/powerpc/kernel/rtas.c
+++ b/arch/powerpc/kernel/rtas.c
@@ -415,7 +415,7 @@ static char *__fetch_rtas_last_error(char *altbuf)
buf = kmalloc(RTAS_ERROR_LOG_MAX, GFP_ATOMIC);
}
if (buf)
- memcpy(buf, rtas_err_buf, RTAS_ERROR_LOG_MAX);
+ memmove(buf, rtas_err_buf, RTAS_ERROR_LOG_MAX);
}
return buf;
--
2.39.2
^ permalink raw reply related [flat|nested] 391+ messages in thread
* [PATCH 5.15 286/371] sched/fair: Use __schedstat_set() in set_next_entity()
2023-05-08 9:43 [PATCH 5.15 000/371] 5.15.111-rc1 review Greg Kroah-Hartman
` (284 preceding siblings ...)
2023-05-08 9:48 ` [PATCH 5.15 285/371] powerpc/rtas: use memmove for potentially overlapping buffer copy Greg Kroah-Hartman
@ 2023-05-08 9:48 ` Greg Kroah-Hartman
2023-05-08 9:48 ` [PATCH 5.15 287/371] sched: Make struct sched_statistics independent of fair sched class Greg Kroah-Hartman
` (88 subsequent siblings)
374 siblings, 0 replies; 391+ messages in thread
From: Greg Kroah-Hartman @ 2023-05-08 9:48 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Yafang Shao, Peter Zijlstra (Intel),
Mel Gorman, Sasha Levin
From: Yafang Shao <laoar.shao@gmail.com>
[ Upstream commit a2dcb276ff9287fcea103ca1a2436383e8583751 ]
schedstat_enabled() has been already checked, so we can use
__schedstat_set() directly.
Signed-off-by: Yafang Shao <laoar.shao@gmail.com>
Signed-off-by: Peter Zijlstra (Intel) <peterz@infradead.org>
Acked-by: Mel Gorman <mgorman@suse.de>
Link: https://lore.kernel.org/r/20210905143547.4668-2-laoar.shao@gmail.com
Stable-dep-of: 39afe5d6fc59 ("sched/fair: Fix inaccurate tally of ttwu_move_affine")
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
kernel/sched/fair.c | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/kernel/sched/fair.c b/kernel/sched/fair.c
index 591fdc81378e0..70f7a3896a90c 100644
--- a/kernel/sched/fair.c
+++ b/kernel/sched/fair.c
@@ -4691,9 +4691,9 @@ set_next_entity(struct cfs_rq *cfs_rq, struct sched_entity *se)
*/
if (schedstat_enabled() &&
rq_of(cfs_rq)->cfs.load.weight >= 2*se->load.weight) {
- schedstat_set(se->statistics.slice_max,
- max((u64)schedstat_val(se->statistics.slice_max),
- se->sum_exec_runtime - se->prev_sum_exec_runtime));
+ __schedstat_set(se->statistics.slice_max,
+ max((u64)se->statistics.slice_max,
+ se->sum_exec_runtime - se->prev_sum_exec_runtime));
}
se->prev_sum_exec_runtime = se->sum_exec_runtime;
--
2.39.2
^ permalink raw reply related [flat|nested] 391+ messages in thread
* [PATCH 5.15 287/371] sched: Make struct sched_statistics independent of fair sched class
2023-05-08 9:43 [PATCH 5.15 000/371] 5.15.111-rc1 review Greg Kroah-Hartman
` (285 preceding siblings ...)
2023-05-08 9:48 ` [PATCH 5.15 286/371] sched/fair: Use __schedstat_set() in set_next_entity() Greg Kroah-Hartman
@ 2023-05-08 9:48 ` Greg Kroah-Hartman
2023-05-08 9:48 ` [PATCH 5.15 288/371] sched/fair: Fix inaccurate tally of ttwu_move_affine Greg Kroah-Hartman
` (87 subsequent siblings)
374 siblings, 0 replies; 391+ messages in thread
From: Greg Kroah-Hartman @ 2023-05-08 9:48 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Yafang Shao, Peter Zijlstra (Intel),
Mel Gorman, Sasha Levin
From: Yafang Shao <laoar.shao@gmail.com>
[ Upstream commit ceeadb83aea28372e54857bf88ab7e17af48ab7b ]
If we want to use the schedstats facility to trace other sched classes, we
should make it independent of fair sched class. The struct sched_statistics
is the schedular statistics of a task_struct or a task_group. So we can
move it into struct task_struct and struct task_group to achieve the goal.
After the patch, schestats are orgnized as follows,
struct task_struct {
...
struct sched_entity se;
struct sched_rt_entity rt;
struct sched_dl_entity dl;
...
struct sched_statistics stats;
...
};
Regarding the task group, schedstats is only supported for fair group
sched, and a new struct sched_entity_stats is introduced, suggested by
Peter -
struct sched_entity_stats {
struct sched_entity se;
struct sched_statistics stats;
} __no_randomize_layout;
Then with the se in a task_group, we can easily get the stats.
The sched_statistics members may be frequently modified when schedstats is
enabled, in order to avoid impacting on random data which may in the same
cacheline with them, the struct sched_statistics is defined as cacheline
aligned.
As this patch changes the core struct of scheduler, so I verified the
performance it may impact on the scheduler with 'perf bench sched
pipe', suggested by Mel. Below is the result, in which all the values
are in usecs/op.
Before After
kernel.sched_schedstats=0 5.2~5.4 5.2~5.4
kernel.sched_schedstats=1 5.3~5.5 5.3~5.5
[These data is a little difference with the earlier version, that is
because my old test machine is destroyed so I have to use a new
different test machine.]
Almost no impact on the sched performance.
No functional change.
[lkp@intel.com: reported build failure in earlier version]
Signed-off-by: Yafang Shao <laoar.shao@gmail.com>
Signed-off-by: Peter Zijlstra (Intel) <peterz@infradead.org>
Acked-by: Mel Gorman <mgorman@suse.de>
Link: https://lore.kernel.org/r/20210905143547.4668-3-laoar.shao@gmail.com
Stable-dep-of: 39afe5d6fc59 ("sched/fair: Fix inaccurate tally of ttwu_move_affine")
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
include/linux/sched.h | 6 +--
kernel/sched/core.c | 25 ++++++-----
kernel/sched/deadline.c | 4 +-
kernel/sched/debug.c | 92 +++++++++++++++++++++-------------------
kernel/sched/fair.c | 89 ++++++++++++++++++++++----------------
kernel/sched/rt.c | 4 +-
kernel/sched/stats.h | 19 +++++++++
kernel/sched/stop_task.c | 4 +-
8 files changed, 143 insertions(+), 100 deletions(-)
diff --git a/include/linux/sched.h b/include/linux/sched.h
index e418935f8db6a..7c17742d359cd 100644
--- a/include/linux/sched.h
+++ b/include/linux/sched.h
@@ -522,7 +522,7 @@ struct sched_statistics {
u64 nr_wakeups_passive;
u64 nr_wakeups_idle;
#endif
-};
+} ____cacheline_aligned;
struct sched_entity {
/* For load-balancing: */
@@ -538,8 +538,6 @@ struct sched_entity {
u64 nr_migrations;
- struct sched_statistics statistics;
-
#ifdef CONFIG_FAIR_GROUP_SCHED
int depth;
struct sched_entity *parent;
@@ -803,6 +801,8 @@ struct task_struct {
struct uclamp_se uclamp[UCLAMP_CNT];
#endif
+ struct sched_statistics stats;
+
#ifdef CONFIG_PREEMPT_NOTIFIERS
/* List of struct preempt_notifier: */
struct hlist_head preempt_notifiers;
diff --git a/kernel/sched/core.c b/kernel/sched/core.c
index ed57d8358f243..d34a56f16d13b 100644
--- a/kernel/sched/core.c
+++ b/kernel/sched/core.c
@@ -3522,11 +3522,11 @@ ttwu_stat(struct task_struct *p, int cpu, int wake_flags)
#ifdef CONFIG_SMP
if (cpu == rq->cpu) {
__schedstat_inc(rq->ttwu_local);
- __schedstat_inc(p->se.statistics.nr_wakeups_local);
+ __schedstat_inc(p->stats.nr_wakeups_local);
} else {
struct sched_domain *sd;
- __schedstat_inc(p->se.statistics.nr_wakeups_remote);
+ __schedstat_inc(p->stats.nr_wakeups_remote);
rcu_read_lock();
for_each_domain(rq->cpu, sd) {
if (cpumask_test_cpu(cpu, sched_domain_span(sd))) {
@@ -3538,14 +3538,14 @@ ttwu_stat(struct task_struct *p, int cpu, int wake_flags)
}
if (wake_flags & WF_MIGRATED)
- __schedstat_inc(p->se.statistics.nr_wakeups_migrate);
+ __schedstat_inc(p->stats.nr_wakeups_migrate);
#endif /* CONFIG_SMP */
__schedstat_inc(rq->ttwu_count);
- __schedstat_inc(p->se.statistics.nr_wakeups);
+ __schedstat_inc(p->stats.nr_wakeups);
if (wake_flags & WF_SYNC)
- __schedstat_inc(p->se.statistics.nr_wakeups_sync);
+ __schedstat_inc(p->stats.nr_wakeups_sync);
}
/*
@@ -4241,7 +4241,7 @@ static void __sched_fork(unsigned long clone_flags, struct task_struct *p)
#ifdef CONFIG_SCHEDSTATS
/* Even if schedstat is disabled, there should not be garbage */
- memset(&p->se.statistics, 0, sizeof(p->se.statistics));
+ memset(&p->stats, 0, sizeof(p->stats));
#endif
RB_CLEAR_NODE(&p->dl.rb_node);
@@ -9706,9 +9706,9 @@ void normalize_rt_tasks(void)
continue;
p->se.exec_start = 0;
- schedstat_set(p->se.statistics.wait_start, 0);
- schedstat_set(p->se.statistics.sleep_start, 0);
- schedstat_set(p->se.statistics.block_start, 0);
+ schedstat_set(p->stats.wait_start, 0);
+ schedstat_set(p->stats.sleep_start, 0);
+ schedstat_set(p->stats.block_start, 0);
if (!dl_task(p) && !rt_task(p)) {
/*
@@ -10576,11 +10576,14 @@ static int cpu_cfs_stat_show(struct seq_file *sf, void *v)
seq_printf(sf, "throttled_time %llu\n", cfs_b->throttled_time);
if (schedstat_enabled() && tg != &root_task_group) {
+ struct sched_statistics *stats;
u64 ws = 0;
int i;
- for_each_possible_cpu(i)
- ws += schedstat_val(tg->se[i]->statistics.wait_sum);
+ for_each_possible_cpu(i) {
+ stats = __schedstats_from_se(tg->se[i]);
+ ws += schedstat_val(stats->wait_sum);
+ }
seq_printf(sf, "wait_sum %llu\n", ws);
}
diff --git a/kernel/sched/deadline.c b/kernel/sched/deadline.c
index 226c814368d1b..3aad381f42ed4 100644
--- a/kernel/sched/deadline.c
+++ b/kernel/sched/deadline.c
@@ -1265,8 +1265,8 @@ static void update_curr_dl(struct rq *rq)
return;
}
- schedstat_set(curr->se.statistics.exec_max,
- max(curr->se.statistics.exec_max, delta_exec));
+ schedstat_set(curr->stats.exec_max,
+ max(curr->stats.exec_max, delta_exec));
curr->se.sum_exec_runtime += delta_exec;
account_group_exec_runtime(curr, delta_exec);
diff --git a/kernel/sched/debug.c b/kernel/sched/debug.c
index 34c5ff3a0669b..652499c388287 100644
--- a/kernel/sched/debug.c
+++ b/kernel/sched/debug.c
@@ -448,9 +448,11 @@ static void print_cfs_group_stats(struct seq_file *m, int cpu, struct task_group
struct sched_entity *se = tg->se[cpu];
#define P(F) SEQ_printf(m, " .%-30s: %lld\n", #F, (long long)F)
-#define P_SCHEDSTAT(F) SEQ_printf(m, " .%-30s: %lld\n", #F, (long long)schedstat_val(F))
+#define P_SCHEDSTAT(F) SEQ_printf(m, " .%-30s: %lld\n", \
+ #F, (long long)schedstat_val(stats->F))
#define PN(F) SEQ_printf(m, " .%-30s: %lld.%06ld\n", #F, SPLIT_NS((long long)F))
-#define PN_SCHEDSTAT(F) SEQ_printf(m, " .%-30s: %lld.%06ld\n", #F, SPLIT_NS((long long)schedstat_val(F)))
+#define PN_SCHEDSTAT(F) SEQ_printf(m, " .%-30s: %lld.%06ld\n", \
+ #F, SPLIT_NS((long long)schedstat_val(stats->F)))
if (!se)
return;
@@ -460,16 +462,18 @@ static void print_cfs_group_stats(struct seq_file *m, int cpu, struct task_group
PN(se->sum_exec_runtime);
if (schedstat_enabled()) {
- PN_SCHEDSTAT(se->statistics.wait_start);
- PN_SCHEDSTAT(se->statistics.sleep_start);
- PN_SCHEDSTAT(se->statistics.block_start);
- PN_SCHEDSTAT(se->statistics.sleep_max);
- PN_SCHEDSTAT(se->statistics.block_max);
- PN_SCHEDSTAT(se->statistics.exec_max);
- PN_SCHEDSTAT(se->statistics.slice_max);
- PN_SCHEDSTAT(se->statistics.wait_max);
- PN_SCHEDSTAT(se->statistics.wait_sum);
- P_SCHEDSTAT(se->statistics.wait_count);
+ struct sched_statistics *stats = __schedstats_from_se(se);
+
+ PN_SCHEDSTAT(wait_start);
+ PN_SCHEDSTAT(sleep_start);
+ PN_SCHEDSTAT(block_start);
+ PN_SCHEDSTAT(sleep_max);
+ PN_SCHEDSTAT(block_max);
+ PN_SCHEDSTAT(exec_max);
+ PN_SCHEDSTAT(slice_max);
+ PN_SCHEDSTAT(wait_max);
+ PN_SCHEDSTAT(wait_sum);
+ P_SCHEDSTAT(wait_count);
}
P(se->load.weight);
@@ -536,9 +540,9 @@ print_task(struct seq_file *m, struct rq *rq, struct task_struct *p)
p->prio);
SEQ_printf(m, "%9Ld.%06ld %9Ld.%06ld %9Ld.%06ld",
- SPLIT_NS(schedstat_val_or_zero(p->se.statistics.wait_sum)),
+ SPLIT_NS(schedstat_val_or_zero(p->stats.wait_sum)),
SPLIT_NS(p->se.sum_exec_runtime),
- SPLIT_NS(schedstat_val_or_zero(p->se.statistics.sum_sleep_runtime)));
+ SPLIT_NS(schedstat_val_or_zero(p->stats.sum_sleep_runtime)));
#ifdef CONFIG_NUMA_BALANCING
SEQ_printf(m, " %d %d", task_node(p), task_numa_group_id(p));
@@ -944,8 +948,8 @@ void proc_sched_show_task(struct task_struct *p, struct pid_namespace *ns,
"---------------------------------------------------------"
"----------\n");
-#define P_SCHEDSTAT(F) __PS(#F, schedstat_val(p->F))
-#define PN_SCHEDSTAT(F) __PSN(#F, schedstat_val(p->F))
+#define P_SCHEDSTAT(F) __PS(#F, schedstat_val(p->stats.F))
+#define PN_SCHEDSTAT(F) __PSN(#F, schedstat_val(p->stats.F))
PN(se.exec_start);
PN(se.vruntime);
@@ -958,33 +962,33 @@ void proc_sched_show_task(struct task_struct *p, struct pid_namespace *ns,
if (schedstat_enabled()) {
u64 avg_atom, avg_per_cpu;
- PN_SCHEDSTAT(se.statistics.sum_sleep_runtime);
- PN_SCHEDSTAT(se.statistics.wait_start);
- PN_SCHEDSTAT(se.statistics.sleep_start);
- PN_SCHEDSTAT(se.statistics.block_start);
- PN_SCHEDSTAT(se.statistics.sleep_max);
- PN_SCHEDSTAT(se.statistics.block_max);
- PN_SCHEDSTAT(se.statistics.exec_max);
- PN_SCHEDSTAT(se.statistics.slice_max);
- PN_SCHEDSTAT(se.statistics.wait_max);
- PN_SCHEDSTAT(se.statistics.wait_sum);
- P_SCHEDSTAT(se.statistics.wait_count);
- PN_SCHEDSTAT(se.statistics.iowait_sum);
- P_SCHEDSTAT(se.statistics.iowait_count);
- P_SCHEDSTAT(se.statistics.nr_migrations_cold);
- P_SCHEDSTAT(se.statistics.nr_failed_migrations_affine);
- P_SCHEDSTAT(se.statistics.nr_failed_migrations_running);
- P_SCHEDSTAT(se.statistics.nr_failed_migrations_hot);
- P_SCHEDSTAT(se.statistics.nr_forced_migrations);
- P_SCHEDSTAT(se.statistics.nr_wakeups);
- P_SCHEDSTAT(se.statistics.nr_wakeups_sync);
- P_SCHEDSTAT(se.statistics.nr_wakeups_migrate);
- P_SCHEDSTAT(se.statistics.nr_wakeups_local);
- P_SCHEDSTAT(se.statistics.nr_wakeups_remote);
- P_SCHEDSTAT(se.statistics.nr_wakeups_affine);
- P_SCHEDSTAT(se.statistics.nr_wakeups_affine_attempts);
- P_SCHEDSTAT(se.statistics.nr_wakeups_passive);
- P_SCHEDSTAT(se.statistics.nr_wakeups_idle);
+ PN_SCHEDSTAT(sum_sleep_runtime);
+ PN_SCHEDSTAT(wait_start);
+ PN_SCHEDSTAT(sleep_start);
+ PN_SCHEDSTAT(block_start);
+ PN_SCHEDSTAT(sleep_max);
+ PN_SCHEDSTAT(block_max);
+ PN_SCHEDSTAT(exec_max);
+ PN_SCHEDSTAT(slice_max);
+ PN_SCHEDSTAT(wait_max);
+ PN_SCHEDSTAT(wait_sum);
+ P_SCHEDSTAT(wait_count);
+ PN_SCHEDSTAT(iowait_sum);
+ P_SCHEDSTAT(iowait_count);
+ P_SCHEDSTAT(nr_migrations_cold);
+ P_SCHEDSTAT(nr_failed_migrations_affine);
+ P_SCHEDSTAT(nr_failed_migrations_running);
+ P_SCHEDSTAT(nr_failed_migrations_hot);
+ P_SCHEDSTAT(nr_forced_migrations);
+ P_SCHEDSTAT(nr_wakeups);
+ P_SCHEDSTAT(nr_wakeups_sync);
+ P_SCHEDSTAT(nr_wakeups_migrate);
+ P_SCHEDSTAT(nr_wakeups_local);
+ P_SCHEDSTAT(nr_wakeups_remote);
+ P_SCHEDSTAT(nr_wakeups_affine);
+ P_SCHEDSTAT(nr_wakeups_affine_attempts);
+ P_SCHEDSTAT(nr_wakeups_passive);
+ P_SCHEDSTAT(nr_wakeups_idle);
avg_atom = p->se.sum_exec_runtime;
if (nr_switches)
@@ -1050,7 +1054,7 @@ void proc_sched_show_task(struct task_struct *p, struct pid_namespace *ns,
void proc_sched_set_task(struct task_struct *p)
{
#ifdef CONFIG_SCHEDSTATS
- memset(&p->se.statistics, 0, sizeof(p->se.statistics));
+ memset(&p->stats, 0, sizeof(p->stats));
#endif
}
diff --git a/kernel/sched/fair.c b/kernel/sched/fair.c
index 70f7a3896a90c..2dd67e212f0ac 100644
--- a/kernel/sched/fair.c
+++ b/kernel/sched/fair.c
@@ -837,8 +837,13 @@ static void update_curr(struct cfs_rq *cfs_rq)
curr->exec_start = now;
- schedstat_set(curr->statistics.exec_max,
- max(delta_exec, curr->statistics.exec_max));
+ if (schedstat_enabled()) {
+ struct sched_statistics *stats;
+
+ stats = __schedstats_from_se(curr);
+ __schedstat_set(stats->exec_max,
+ max(delta_exec, stats->exec_max));
+ }
curr->sum_exec_runtime += delta_exec;
schedstat_add(cfs_rq->exec_clock, delta_exec);
@@ -866,39 +871,45 @@ static inline void
update_stats_wait_start(struct cfs_rq *cfs_rq, struct sched_entity *se)
{
u64 wait_start, prev_wait_start;
+ struct sched_statistics *stats;
if (!schedstat_enabled())
return;
+ stats = __schedstats_from_se(se);
+
wait_start = rq_clock(rq_of(cfs_rq));
- prev_wait_start = schedstat_val(se->statistics.wait_start);
+ prev_wait_start = schedstat_val(stats->wait_start);
if (entity_is_task(se) && task_on_rq_migrating(task_of(se)) &&
likely(wait_start > prev_wait_start))
wait_start -= prev_wait_start;
- __schedstat_set(se->statistics.wait_start, wait_start);
+ __schedstat_set(stats->wait_start, wait_start);
}
static inline void
update_stats_wait_end(struct cfs_rq *cfs_rq, struct sched_entity *se)
{
- struct task_struct *p;
+ struct sched_statistics *stats;
+ struct task_struct *p = NULL;
u64 delta;
if (!schedstat_enabled())
return;
+ stats = __schedstats_from_se(se);
+
/*
* When the sched_schedstat changes from 0 to 1, some sched se
* maybe already in the runqueue, the se->statistics.wait_start
* will be 0.So it will let the delta wrong. We need to avoid this
* scenario.
*/
- if (unlikely(!schedstat_val(se->statistics.wait_start)))
+ if (unlikely(!schedstat_val(stats->wait_start)))
return;
- delta = rq_clock(rq_of(cfs_rq)) - schedstat_val(se->statistics.wait_start);
+ delta = rq_clock(rq_of(cfs_rq)) - schedstat_val(stats->wait_start);
if (entity_is_task(se)) {
p = task_of(se);
@@ -908,30 +919,33 @@ update_stats_wait_end(struct cfs_rq *cfs_rq, struct sched_entity *se)
* time stamp can be adjusted to accumulate wait time
* prior to migration.
*/
- __schedstat_set(se->statistics.wait_start, delta);
+ __schedstat_set(stats->wait_start, delta);
return;
}
trace_sched_stat_wait(p, delta);
}
- __schedstat_set(se->statistics.wait_max,
- max(schedstat_val(se->statistics.wait_max), delta));
- __schedstat_inc(se->statistics.wait_count);
- __schedstat_add(se->statistics.wait_sum, delta);
- __schedstat_set(se->statistics.wait_start, 0);
+ __schedstat_set(stats->wait_max,
+ max(schedstat_val(stats->wait_max), delta));
+ __schedstat_inc(stats->wait_count);
+ __schedstat_add(stats->wait_sum, delta);
+ __schedstat_set(stats->wait_start, 0);
}
static inline void
update_stats_enqueue_sleeper(struct cfs_rq *cfs_rq, struct sched_entity *se)
{
+ struct sched_statistics *stats;
struct task_struct *tsk = NULL;
u64 sleep_start, block_start;
if (!schedstat_enabled())
return;
- sleep_start = schedstat_val(se->statistics.sleep_start);
- block_start = schedstat_val(se->statistics.block_start);
+ stats = __schedstats_from_se(se);
+
+ sleep_start = schedstat_val(stats->sleep_start);
+ block_start = schedstat_val(stats->block_start);
if (entity_is_task(se))
tsk = task_of(se);
@@ -942,11 +956,11 @@ update_stats_enqueue_sleeper(struct cfs_rq *cfs_rq, struct sched_entity *se)
if ((s64)delta < 0)
delta = 0;
- if (unlikely(delta > schedstat_val(se->statistics.sleep_max)))
- __schedstat_set(se->statistics.sleep_max, delta);
+ if (unlikely(delta > schedstat_val(stats->sleep_max)))
+ __schedstat_set(stats->sleep_max, delta);
- __schedstat_set(se->statistics.sleep_start, 0);
- __schedstat_add(se->statistics.sum_sleep_runtime, delta);
+ __schedstat_set(stats->sleep_start, 0);
+ __schedstat_add(stats->sum_sleep_runtime, delta);
if (tsk) {
account_scheduler_latency(tsk, delta >> 10, 1);
@@ -959,16 +973,16 @@ update_stats_enqueue_sleeper(struct cfs_rq *cfs_rq, struct sched_entity *se)
if ((s64)delta < 0)
delta = 0;
- if (unlikely(delta > schedstat_val(se->statistics.block_max)))
- __schedstat_set(se->statistics.block_max, delta);
+ if (unlikely(delta > schedstat_val(stats->block_max)))
+ __schedstat_set(stats->block_max, delta);
- __schedstat_set(se->statistics.block_start, 0);
- __schedstat_add(se->statistics.sum_sleep_runtime, delta);
+ __schedstat_set(stats->block_start, 0);
+ __schedstat_add(stats->sum_sleep_runtime, delta);
if (tsk) {
if (tsk->in_iowait) {
- __schedstat_add(se->statistics.iowait_sum, delta);
- __schedstat_inc(se->statistics.iowait_count);
+ __schedstat_add(stats->iowait_sum, delta);
+ __schedstat_inc(stats->iowait_count);
trace_sched_stat_iowait(tsk, delta);
}
@@ -1030,10 +1044,10 @@ update_stats_dequeue(struct cfs_rq *cfs_rq, struct sched_entity *se, int flags)
/* XXX racy against TTWU */
state = READ_ONCE(tsk->__state);
if (state & TASK_INTERRUPTIBLE)
- __schedstat_set(se->statistics.sleep_start,
+ __schedstat_set(tsk->stats.sleep_start,
rq_clock(rq_of(cfs_rq)));
if (state & TASK_UNINTERRUPTIBLE)
- __schedstat_set(se->statistics.block_start,
+ __schedstat_set(tsk->stats.block_start,
rq_clock(rq_of(cfs_rq)));
}
}
@@ -4691,8 +4705,11 @@ set_next_entity(struct cfs_rq *cfs_rq, struct sched_entity *se)
*/
if (schedstat_enabled() &&
rq_of(cfs_rq)->cfs.load.weight >= 2*se->load.weight) {
- __schedstat_set(se->statistics.slice_max,
- max((u64)se->statistics.slice_max,
+ struct sched_statistics *stats;
+
+ stats = __schedstats_from_se(se);
+ __schedstat_set(stats->slice_max,
+ max((u64)stats->slice_max,
se->sum_exec_runtime - se->prev_sum_exec_runtime));
}
@@ -6189,12 +6206,12 @@ static int wake_affine(struct sched_domain *sd, struct task_struct *p,
if (sched_feat(WA_WEIGHT) && target == nr_cpumask_bits)
target = wake_affine_weight(sd, p, this_cpu, prev_cpu, sync);
- schedstat_inc(p->se.statistics.nr_wakeups_affine_attempts);
+ schedstat_inc(p->stats.nr_wakeups_affine_attempts);
if (target == nr_cpumask_bits)
return prev_cpu;
schedstat_inc(sd->ttwu_move_affine);
- schedstat_inc(p->se.statistics.nr_wakeups_affine);
+ schedstat_inc(p->stats.nr_wakeups_affine);
return target;
}
@@ -8030,7 +8047,7 @@ int can_migrate_task(struct task_struct *p, struct lb_env *env)
if (!cpumask_test_cpu(env->dst_cpu, p->cpus_ptr)) {
int cpu;
- schedstat_inc(p->se.statistics.nr_failed_migrations_affine);
+ schedstat_inc(p->stats.nr_failed_migrations_affine);
env->flags |= LBF_SOME_PINNED;
@@ -8064,7 +8081,7 @@ int can_migrate_task(struct task_struct *p, struct lb_env *env)
env->flags &= ~LBF_ALL_PINNED;
if (task_running(env->src_rq, p)) {
- schedstat_inc(p->se.statistics.nr_failed_migrations_running);
+ schedstat_inc(p->stats.nr_failed_migrations_running);
return 0;
}
@@ -8086,12 +8103,12 @@ int can_migrate_task(struct task_struct *p, struct lb_env *env)
env->sd->nr_balance_failed > env->sd->cache_nice_tries) {
if (tsk_cache_hot == 1) {
schedstat_inc(env->sd->lb_hot_gained[env->idle]);
- schedstat_inc(p->se.statistics.nr_forced_migrations);
+ schedstat_inc(p->stats.nr_forced_migrations);
}
return 1;
}
- schedstat_inc(p->se.statistics.nr_failed_migrations_hot);
+ schedstat_inc(p->stats.nr_failed_migrations_hot);
return 0;
}
@@ -11774,7 +11791,7 @@ int alloc_fair_sched_group(struct task_group *tg, struct task_group *parent)
if (!cfs_rq)
goto err;
- se = kzalloc_node(sizeof(struct sched_entity),
+ se = kzalloc_node(sizeof(struct sched_entity_stats),
GFP_KERNEL, cpu_to_node(i));
if (!se)
goto err_free_rq;
diff --git a/kernel/sched/rt.c b/kernel/sched/rt.c
index 08af6076c8097..8d170b5bdae92 100644
--- a/kernel/sched/rt.c
+++ b/kernel/sched/rt.c
@@ -1021,8 +1021,8 @@ static void update_curr_rt(struct rq *rq)
if (unlikely((s64)delta_exec <= 0))
return;
- schedstat_set(curr->se.statistics.exec_max,
- max(curr->se.statistics.exec_max, delta_exec));
+ schedstat_set(curr->stats.exec_max,
+ max(curr->stats.exec_max, delta_exec));
curr->se.sum_exec_runtime += delta_exec;
account_group_exec_runtime(curr, delta_exec);
diff --git a/kernel/sched/stats.h b/kernel/sched/stats.h
index 606a3982d13a5..975703572bc0d 100644
--- a/kernel/sched/stats.h
+++ b/kernel/sched/stats.h
@@ -41,6 +41,7 @@ rq_sched_info_dequeue(struct rq *rq, unsigned long long delta)
#define schedstat_val_or_zero(var) ((schedstat_enabled()) ? (var) : 0)
#else /* !CONFIG_SCHEDSTATS: */
+
static inline void rq_sched_info_arrive (struct rq *rq, unsigned long long delta) { }
static inline void rq_sched_info_dequeue(struct rq *rq, unsigned long long delta) { }
static inline void rq_sched_info_depart (struct rq *rq, unsigned long long delta) { }
@@ -53,8 +54,26 @@ static inline void rq_sched_info_depart (struct rq *rq, unsigned long long delt
# define schedstat_set(var, val) do { } while (0)
# define schedstat_val(var) 0
# define schedstat_val_or_zero(var) 0
+
#endif /* CONFIG_SCHEDSTATS */
+#ifdef CONFIG_FAIR_GROUP_SCHED
+struct sched_entity_stats {
+ struct sched_entity se;
+ struct sched_statistics stats;
+} __no_randomize_layout;
+#endif
+
+static inline struct sched_statistics *
+__schedstats_from_se(struct sched_entity *se)
+{
+#ifdef CONFIG_FAIR_GROUP_SCHED
+ if (!entity_is_task(se))
+ return &container_of(se, struct sched_entity_stats, se)->stats;
+#endif
+ return &task_of(se)->stats;
+}
+
#ifdef CONFIG_PSI
/*
* PSI tracks state that persists across sleeps, such as iowaits and
diff --git a/kernel/sched/stop_task.c b/kernel/sched/stop_task.c
index f988ebe3febb9..0b165a25f22f8 100644
--- a/kernel/sched/stop_task.c
+++ b/kernel/sched/stop_task.c
@@ -78,8 +78,8 @@ static void put_prev_task_stop(struct rq *rq, struct task_struct *prev)
if (unlikely((s64)delta_exec < 0))
delta_exec = 0;
- schedstat_set(curr->se.statistics.exec_max,
- max(curr->se.statistics.exec_max, delta_exec));
+ schedstat_set(curr->stats.exec_max,
+ max(curr->stats.exec_max, delta_exec));
curr->se.sum_exec_runtime += delta_exec;
account_group_exec_runtime(curr, delta_exec);
--
2.39.2
^ permalink raw reply related [flat|nested] 391+ messages in thread
* [PATCH 5.15 288/371] sched/fair: Fix inaccurate tally of ttwu_move_affine
2023-05-08 9:43 [PATCH 5.15 000/371] 5.15.111-rc1 review Greg Kroah-Hartman
` (286 preceding siblings ...)
2023-05-08 9:48 ` [PATCH 5.15 287/371] sched: Make struct sched_statistics independent of fair sched class Greg Kroah-Hartman
@ 2023-05-08 9:48 ` Greg Kroah-Hartman
2023-05-08 9:48 ` [PATCH 5.15 289/371] perf/core: Fix hardlockup failure caused by perf throttle Greg Kroah-Hartman
` (86 subsequent siblings)
374 siblings, 0 replies; 391+ messages in thread
From: Greg Kroah-Hartman @ 2023-05-08 9:48 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Daniel Jordan, Libo Chen,
Peter Zijlstra (Intel),
Gautham R. Shenoy, Sasha Levin
From: Libo Chen <libo.chen@oracle.com>
[ Upstream commit 39afe5d6fc59237ff7738bf3ede5a8856822d59d ]
There are scenarios where non-affine wakeups are incorrectly counted as
affine wakeups by schedstats.
When wake_affine_idle() returns prev_cpu which doesn't equal to
nr_cpumask_bits, it will slip through the check: target == nr_cpumask_bits
in wake_affine() and be counted as if target == this_cpu in schedstats.
Replace target == nr_cpumask_bits with target != this_cpu to make sure
affine wakeups are accurately tallied.
Fixes: 806486c377e33 (sched/fair: Do not migrate if the prev_cpu is idle)
Suggested-by: Daniel Jordan <daniel.m.jordan@oracle.com>
Signed-off-by: Libo Chen <libo.chen@oracle.com>
Signed-off-by: Peter Zijlstra (Intel) <peterz@infradead.org>
Reviewed-by: Gautham R. Shenoy <gautham.shenoy@amd.com>
Link: https://lore.kernel.org/r/20220810223313.386614-1-libo.chen@oracle.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
kernel/sched/fair.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/kernel/sched/fair.c b/kernel/sched/fair.c
index 2dd67e212f0ac..646a6ae4b2509 100644
--- a/kernel/sched/fair.c
+++ b/kernel/sched/fair.c
@@ -6207,7 +6207,7 @@ static int wake_affine(struct sched_domain *sd, struct task_struct *p,
target = wake_affine_weight(sd, p, this_cpu, prev_cpu, sync);
schedstat_inc(p->stats.nr_wakeups_affine_attempts);
- if (target == nr_cpumask_bits)
+ if (target != this_cpu)
return prev_cpu;
schedstat_inc(sd->ttwu_move_affine);
--
2.39.2
^ permalink raw reply related [flat|nested] 391+ messages in thread
* [PATCH 5.15 289/371] perf/core: Fix hardlockup failure caused by perf throttle
2023-05-08 9:43 [PATCH 5.15 000/371] 5.15.111-rc1 review Greg Kroah-Hartman
` (287 preceding siblings ...)
2023-05-08 9:48 ` [PATCH 5.15 288/371] sched/fair: Fix inaccurate tally of ttwu_move_affine Greg Kroah-Hartman
@ 2023-05-08 9:48 ` Greg Kroah-Hartman
2023-05-08 9:48 ` [PATCH 5.15 290/371] Revert "objtool: Support addition to set CFA base" Greg Kroah-Hartman
` (85 subsequent siblings)
374 siblings, 0 replies; 391+ messages in thread
From: Greg Kroah-Hartman @ 2023-05-08 9:48 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Yang Jihong, Peter Zijlstra (Intel),
Sasha Levin
From: Yang Jihong <yangjihong1@huawei.com>
[ Upstream commit 15def34e2635ab7e0e96f1bc32e1b69609f14942 ]
commit e050e3f0a71bf ("perf: Fix broken interrupt rate throttling")
introduces a change in throttling threshold judgment. Before this,
compare hwc->interrupts and max_samples_per_tick, then increase
hwc->interrupts by 1, but this commit reverses order of these two
behaviors, causing the semantics of max_samples_per_tick to change.
In literal sense of "max_samples_per_tick", if hwc->interrupts ==
max_samples_per_tick, it should not be throttled, therefore, the judgment
condition should be changed to "hwc->interrupts > max_samples_per_tick".
In fact, this may cause the hardlockup to fail, The minimum value of
max_samples_per_tick may be 1, in this case, the return value of
__perf_event_account_interrupt function is 1.
As a result, nmi_watchdog gets throttled, which would stop PMU (Use x86
architecture as an example, see x86_pmu_handle_irq).
Fixes: e050e3f0a71b ("perf: Fix broken interrupt rate throttling")
Signed-off-by: Yang Jihong <yangjihong1@huawei.com>
Signed-off-by: Peter Zijlstra (Intel) <peterz@infradead.org>
Link: https://lkml.kernel.org/r/20230227023508.102230-1-yangjihong1@huawei.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
kernel/events/core.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/kernel/events/core.c b/kernel/events/core.c
index dc57835e70966..97052b2dff7ea 100644
--- a/kernel/events/core.c
+++ b/kernel/events/core.c
@@ -9271,8 +9271,8 @@ __perf_event_account_interrupt(struct perf_event *event, int throttle)
hwc->interrupts = 1;
} else {
hwc->interrupts++;
- if (unlikely(throttle
- && hwc->interrupts >= max_samples_per_tick)) {
+ if (unlikely(throttle &&
+ hwc->interrupts > max_samples_per_tick)) {
__this_cpu_inc(perf_throttled_count);
tick_dep_set_cpu(smp_processor_id(), TICK_DEP_BIT_PERF_EVENTS);
hwc->interrupts = MAX_INTERRUPTS;
--
2.39.2
^ permalink raw reply related [flat|nested] 391+ messages in thread
* [PATCH 5.15 290/371] Revert "objtool: Support addition to set CFA base"
2023-05-08 9:43 [PATCH 5.15 000/371] 5.15.111-rc1 review Greg Kroah-Hartman
` (288 preceding siblings ...)
2023-05-08 9:48 ` [PATCH 5.15 289/371] perf/core: Fix hardlockup failure caused by perf throttle Greg Kroah-Hartman
@ 2023-05-08 9:48 ` Greg Kroah-Hartman
2023-05-08 9:48 ` [PATCH 5.15 291/371] sched/rt: Fix bad task migration for rt tasks Greg Kroah-Hartman
` (84 subsequent siblings)
374 siblings, 0 replies; 391+ messages in thread
From: Greg Kroah-Hartman @ 2023-05-08 9:48 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, kernel test robot, Josh Poimboeuf,
Peter Zijlstra (Intel),
Sasha Levin
From: Josh Poimboeuf <jpoimboe@kernel.org>
[ Upstream commit e18398e80c73e3cc7d9c3d2e0bc06a4af8f4f1cb ]
Commit 468af56a7bba ("objtool: Support addition to set CFA base") was
added as a preparatory patch for arm64 support, but that support never
came. It triggers a false positive warning on x86, so just revert it
for now.
Fixes the following warning:
vmlinux.o: warning: objtool: cdce925_regmap_i2c_write+0xdb: stack state mismatch: cfa1=4+120 cfa2=5+40
Fixes: 468af56a7bba ("objtool: Support addition to set CFA base")
Reported-by: kernel test robot <lkp@intel.com>
Signed-off-by: Josh Poimboeuf <jpoimboe@kernel.org>
Signed-off-by: Peter Zijlstra (Intel) <peterz@infradead.org>
Link: https://lore.kernel.org/oe-kbuild-all/202304080538.j5G6h1AB-lkp@intel.com/
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
tools/objtool/check.c | 11 -----------
1 file changed, 11 deletions(-)
diff --git a/tools/objtool/check.c b/tools/objtool/check.c
index 32f119e8c3b2c..f331780f04252 100644
--- a/tools/objtool/check.c
+++ b/tools/objtool/check.c
@@ -2481,17 +2481,6 @@ static int update_cfi_state(struct instruction *insn,
break;
}
- if (!cfi->drap && op->src.reg == CFI_SP &&
- op->dest.reg == CFI_BP && cfa->base == CFI_SP &&
- check_reg_frame_pos(®s[CFI_BP], -cfa->offset + op->src.offset)) {
-
- /* lea disp(%rsp), %rbp */
- cfa->base = CFI_BP;
- cfa->offset -= op->src.offset;
- cfi->bp_scratch = false;
- break;
- }
-
if (op->src.reg == CFI_SP && cfa->base == CFI_SP) {
/* drap: lea disp(%rsp), %drap */
--
2.39.2
^ permalink raw reply related [flat|nested] 391+ messages in thread
* [PATCH 5.15 291/371] sched/rt: Fix bad task migration for rt tasks
2023-05-08 9:43 [PATCH 5.15 000/371] 5.15.111-rc1 review Greg Kroah-Hartman
` (289 preceding siblings ...)
2023-05-08 9:48 ` [PATCH 5.15 290/371] Revert "objtool: Support addition to set CFA base" Greg Kroah-Hartman
@ 2023-05-08 9:48 ` Greg Kroah-Hartman
2023-05-08 9:48 ` [PATCH 5.15 292/371] clk: at91: clk-sam9x60-pll: fix return value check Greg Kroah-Hartman
` (83 subsequent siblings)
374 siblings, 0 replies; 391+ messages in thread
From: Greg Kroah-Hartman @ 2023-05-08 9:48 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Schspa Shi, Peter Zijlstra (Intel),
Steven Rostedt (Google),
Dietmar Eggemann, Valentin Schneider, Dwaine Gonyier,
Sasha Levin
From: Schspa Shi <schspa@gmail.com>
[ Upstream commit feffe5bb274dd3442080ef0e4053746091878799 ]
Commit 95158a89dd50 ("sched,rt: Use the full cpumask for balancing")
allows find_lock_lowest_rq() to pick a task with migration disabled.
The purpose of the commit is to push the current running task on the
CPU that has the migrate_disable() task away.
However, there is a race which allows a migrate_disable() task to be
migrated. Consider:
CPU0 CPU1
push_rt_task
check is_migration_disabled(next_task)
task not running and
migration_disabled == 0
find_lock_lowest_rq(next_task, rq);
_double_lock_balance(this_rq, busiest);
raw_spin_rq_unlock(this_rq);
double_rq_lock(this_rq, busiest);
<<wait for busiest rq>>
<wakeup>
task become running
migrate_disable();
<context out>
deactivate_task(rq, next_task, 0);
set_task_cpu(next_task, lowest_rq->cpu);
WARN_ON_ONCE(is_migration_disabled(p));
Fixes: 95158a89dd50 ("sched,rt: Use the full cpumask for balancing")
Signed-off-by: Schspa Shi <schspa@gmail.com>
Signed-off-by: Peter Zijlstra (Intel) <peterz@infradead.org>
Reviewed-by: Steven Rostedt (Google) <rostedt@goodmis.org>
Reviewed-by: Dietmar Eggemann <dietmar.eggemann@arm.com>
Reviewed-by: Valentin Schneider <vschneid@redhat.com>
Tested-by: Dwaine Gonyier <dgonyier@redhat.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
kernel/sched/deadline.c | 1 +
kernel/sched/rt.c | 4 ++++
2 files changed, 5 insertions(+)
diff --git a/kernel/sched/deadline.c b/kernel/sched/deadline.c
index 3aad381f42ed4..b3e2064983952 100644
--- a/kernel/sched/deadline.c
+++ b/kernel/sched/deadline.c
@@ -2084,6 +2084,7 @@ static struct rq *find_lock_later_rq(struct task_struct *task, struct rq *rq)
!cpumask_test_cpu(later_rq->cpu, &task->cpus_mask) ||
task_running(rq, task) ||
!dl_task(task) ||
+ is_migration_disabled(task) ||
!task_on_rq_queued(task))) {
double_unlock_balance(rq, later_rq);
later_rq = NULL;
diff --git a/kernel/sched/rt.c b/kernel/sched/rt.c
index 8d170b5bdae92..4b9281e6b1ccd 100644
--- a/kernel/sched/rt.c
+++ b/kernel/sched/rt.c
@@ -1842,11 +1842,15 @@ static struct rq *find_lock_lowest_rq(struct task_struct *task, struct rq *rq)
* the mean time, task could have
* migrated already or had its affinity changed.
* Also make sure that it wasn't scheduled on its rq.
+ * It is possible the task was scheduled, set
+ * "migrate_disabled" and then got preempted, so we must
+ * check the task migration disable flag here too.
*/
if (unlikely(task_rq(task) != rq ||
!cpumask_test_cpu(lowest_rq->cpu, &task->cpus_mask) ||
task_running(rq, task) ||
!rt_task(task) ||
+ is_migration_disabled(task) ||
!task_on_rq_queued(task))) {
double_unlock_balance(rq, lowest_rq);
--
2.39.2
^ permalink raw reply related [flat|nested] 391+ messages in thread
* [PATCH 5.15 292/371] clk: at91: clk-sam9x60-pll: fix return value check
2023-05-08 9:43 [PATCH 5.15 000/371] 5.15.111-rc1 review Greg Kroah-Hartman
` (290 preceding siblings ...)
2023-05-08 9:48 ` [PATCH 5.15 291/371] sched/rt: Fix bad task migration for rt tasks Greg Kroah-Hartman
@ 2023-05-08 9:48 ` Greg Kroah-Hartman
2023-05-08 9:48 ` [PATCH 5.15 293/371] RDMA/siw: Fix potential page_array out of range access Greg Kroah-Hartman
` (82 subsequent siblings)
374 siblings, 0 replies; 391+ messages in thread
From: Greg Kroah-Hartman @ 2023-05-08 9:48 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Dan Carpenter, Claudiu Beznea,
Stephen Boyd, Sasha Levin
From: Claudiu Beznea <claudiu.beznea@microchip.com>
[ Upstream commit 1bd8e27fd0db0fe7f489213836dcbab92934f8fa ]
sam9x60_frac_pll_compute_mul_frac() can't return zero. Remove the check
against zero to reflect this.
Fixes: 43b1bb4a9b3e ("clk: at91: clk-sam9x60-pll: re-factor to support plls with multiple outputs")
Reported-by: Dan Carpenter <error27@gmail.com>
Signed-off-by: Claudiu Beznea <claudiu.beznea@microchip.com>
Link: https://lore.kernel.org/r/20230227105931.2812412-1-claudiu.beznea@microchip.com
Signed-off-by: Stephen Boyd <sboyd@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/clk/at91/clk-sam9x60-pll.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/clk/at91/clk-sam9x60-pll.c b/drivers/clk/at91/clk-sam9x60-pll.c
index 1f52409475e9c..a6600afa21454 100644
--- a/drivers/clk/at91/clk-sam9x60-pll.c
+++ b/drivers/clk/at91/clk-sam9x60-pll.c
@@ -561,7 +561,7 @@ sam9x60_clk_register_frac_pll(struct regmap *regmap, spinlock_t *lock,
ret = sam9x60_frac_pll_compute_mul_frac(&frac->core, FCORE_MIN,
parent_rate, true);
- if (ret <= 0) {
+ if (ret < 0) {
hw = ERR_PTR(ret);
goto free;
}
--
2.39.2
^ permalink raw reply related [flat|nested] 391+ messages in thread
* [PATCH 5.15 293/371] RDMA/siw: Fix potential page_array out of range access
2023-05-08 9:43 [PATCH 5.15 000/371] 5.15.111-rc1 review Greg Kroah-Hartman
` (291 preceding siblings ...)
2023-05-08 9:48 ` [PATCH 5.15 292/371] clk: at91: clk-sam9x60-pll: fix return value check Greg Kroah-Hartman
@ 2023-05-08 9:48 ` Greg Kroah-Hartman
2023-05-08 9:48 ` [PATCH 5.15 294/371] RDMA/rdmavt: Delete unnecessary NULL check Greg Kroah-Hartman
` (81 subsequent siblings)
374 siblings, 0 replies; 391+ messages in thread
From: Greg Kroah-Hartman @ 2023-05-08 9:48 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Daniil Dulov, Leon Romanovsky, Sasha Levin
From: Daniil Dulov <d.dulov@aladdin.ru>
[ Upstream commit 271bfcfb83a9f77cbae3d6e1a16e3c14132922f0 ]
When seg is equal to MAX_ARRAY, the loop should break, otherwise
it will result in out of range access.
Found by Linux Verification Center (linuxtesting.org) with SVACE.
Fixes: b9be6f18cf9e ("rdma/siw: transmit path")
Signed-off-by: Daniil Dulov <d.dulov@aladdin.ru>
Link: https://lore.kernel.org/r/20230227091751.589612-1-d.dulov@aladdin.ru
Signed-off-by: Leon Romanovsky <leon@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/infiniband/sw/siw/siw_qp_tx.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/infiniband/sw/siw/siw_qp_tx.c b/drivers/infiniband/sw/siw/siw_qp_tx.c
index 05052b49107f2..6bb9e9e81ff4c 100644
--- a/drivers/infiniband/sw/siw/siw_qp_tx.c
+++ b/drivers/infiniband/sw/siw/siw_qp_tx.c
@@ -558,7 +558,7 @@ static int siw_tx_hdt(struct siw_iwarp_tx *c_tx, struct socket *s)
data_len -= plen;
fp_off = 0;
- if (++seg > (int)MAX_ARRAY) {
+ if (++seg >= (int)MAX_ARRAY) {
siw_dbg_qp(tx_qp(c_tx), "to many fragments\n");
siw_unmap_pages(iov, kmap_mask, seg-1);
wqe->processed -= c_tx->bytes_unsent;
--
2.39.2
^ permalink raw reply related [flat|nested] 391+ messages in thread
* [PATCH 5.15 294/371] RDMA/rdmavt: Delete unnecessary NULL check
2023-05-08 9:43 [PATCH 5.15 000/371] 5.15.111-rc1 review Greg Kroah-Hartman
` (292 preceding siblings ...)
2023-05-08 9:48 ` [PATCH 5.15 293/371] RDMA/siw: Fix potential page_array out of range access Greg Kroah-Hartman
@ 2023-05-08 9:48 ` Greg Kroah-Hartman
2023-05-08 9:48 ` [PATCH 5.15 295/371] workqueue: Introduce show_one_worker_pool and show_one_workqueue Greg Kroah-Hartman
` (80 subsequent siblings)
374 siblings, 0 replies; 391+ messages in thread
From: Greg Kroah-Hartman @ 2023-05-08 9:48 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Natalia Petrova, Leon Romanovsky,
Sasha Levin
From: Natalia Petrova <n.petrova@fintech.ru>
[ Upstream commit b73a0b80c69de77d8d4942abb37066531c0169b2 ]
There is no need to check 'rdi->qp_dev' for NULL. The field 'qp_dev'
is created in rvt_register_device() which will fail if the 'qp_dev'
allocation fails in rvt_driver_qp_init(). Overwise this pointer
doesn't changed and passed to rvt_qp_exit() by the next step.
Found by Linux Verification Center (linuxtesting.org) with SVACE.
Fixes: 0acb0cc7ecc1 ("IB/rdmavt: Initialize and teardown of qpn table")
Signed-off-by: Natalia Petrova <n.petrova@fintech.ru>
Link: https://lore.kernel.org/r/20230303124408.16685-1-n.petrova@fintech.ru
Signed-off-by: Leon Romanovsky <leon@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/infiniband/sw/rdmavt/qp.c | 2 --
1 file changed, 2 deletions(-)
diff --git a/drivers/infiniband/sw/rdmavt/qp.c b/drivers/infiniband/sw/rdmavt/qp.c
index 3acab569fbb94..2bdc4486c3daa 100644
--- a/drivers/infiniband/sw/rdmavt/qp.c
+++ b/drivers/infiniband/sw/rdmavt/qp.c
@@ -464,8 +464,6 @@ void rvt_qp_exit(struct rvt_dev_info *rdi)
if (qps_inuse)
rvt_pr_err(rdi, "QP memory leak! %u still in use\n",
qps_inuse);
- if (!rdi->qp_dev)
- return;
kfree(rdi->qp_dev->qp_table);
free_qpn_table(&rdi->qp_dev->qpn_table);
--
2.39.2
^ permalink raw reply related [flat|nested] 391+ messages in thread
* [PATCH 5.15 295/371] workqueue: Introduce show_one_worker_pool and show_one_workqueue.
2023-05-08 9:43 [PATCH 5.15 000/371] 5.15.111-rc1 review Greg Kroah-Hartman
` (293 preceding siblings ...)
2023-05-08 9:48 ` [PATCH 5.15 294/371] RDMA/rdmavt: Delete unnecessary NULL check Greg Kroah-Hartman
@ 2023-05-08 9:48 ` Greg Kroah-Hartman
2023-05-08 9:48 ` [PATCH 5.15 296/371] workqueue: Fix hung time report of worker pools Greg Kroah-Hartman
` (79 subsequent siblings)
374 siblings, 0 replies; 391+ messages in thread
From: Greg Kroah-Hartman @ 2023-05-08 9:48 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Imran Khan, Tejun Heo, Sasha Levin
From: Imran Khan <imran.f.khan@oracle.com>
[ Upstream commit 55df0933be74bd2e52aba0b67eb743ae0feabe7e ]
Currently show_workqueue_state shows the state of all workqueues and of
all worker pools. In certain cases we may need to dump state of only a
specific workqueue or worker pool. For example in destroy_workqueue we
only need to show state of the workqueue which is getting destroyed.
So rename show_workqueue_state to show_all_workqueues(to signify it
dumps state of all busy workqueues) and divide it into more granular
functions (show_one_workqueue and show_one_worker_pool), that would show
states of individual workqueues and worker pools and can be used in
cases such as the one mentioned above.
Also, as mentioned earlier, make destroy_workqueue dump data pertaining
to only the workqueue that is being destroyed and make user(s) of
earlier interface(show_workqueue_state), use new interface
(show_all_workqueues).
Signed-off-by: Imran Khan <imran.f.khan@oracle.com>
Signed-off-by: Tejun Heo <tj@kernel.org>
Stable-dep-of: 335a42ebb0ca ("workqueue: Fix hung time report of worker pools")
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/tty/sysrq.c | 2 +-
include/linux/workqueue.h | 3 +-
kernel/power/process.c | 2 +-
kernel/workqueue.c | 172 +++++++++++++++++++++-----------------
4 files changed, 100 insertions(+), 79 deletions(-)
diff --git a/drivers/tty/sysrq.c b/drivers/tty/sysrq.c
index 6b445ece83395..4ffed77f80018 100644
--- a/drivers/tty/sysrq.c
+++ b/drivers/tty/sysrq.c
@@ -301,7 +301,7 @@ static const struct sysrq_key_op sysrq_showregs_op = {
static void sysrq_handle_showstate(int key)
{
show_state();
- show_workqueue_state();
+ show_all_workqueues();
}
static const struct sysrq_key_op sysrq_showstate_op = {
.handler = sysrq_handle_showstate,
diff --git a/include/linux/workqueue.h b/include/linux/workqueue.h
index 74d3c1efd9bb5..7fee9b6cfedef 100644
--- a/include/linux/workqueue.h
+++ b/include/linux/workqueue.h
@@ -469,7 +469,8 @@ extern bool workqueue_congested(int cpu, struct workqueue_struct *wq);
extern unsigned int work_busy(struct work_struct *work);
extern __printf(1, 2) void set_worker_desc(const char *fmt, ...);
extern void print_worker_info(const char *log_lvl, struct task_struct *task);
-extern void show_workqueue_state(void);
+extern void show_all_workqueues(void);
+extern void show_one_workqueue(struct workqueue_struct *wq);
extern void wq_worker_comm(char *buf, size_t size, struct task_struct *task);
/**
diff --git a/kernel/power/process.c b/kernel/power/process.c
index ee78a39463e63..11b570fcf0494 100644
--- a/kernel/power/process.c
+++ b/kernel/power/process.c
@@ -94,7 +94,7 @@ static int try_to_freeze_tasks(bool user_only)
todo - wq_busy, wq_busy);
if (wq_busy)
- show_workqueue_state();
+ show_all_workqueues();
if (!wakeup || pm_debug_messages_on) {
read_lock(&tasklist_lock);
diff --git a/kernel/workqueue.c b/kernel/workqueue.c
index f5fa7be8d17ea..de6463b931762 100644
--- a/kernel/workqueue.c
+++ b/kernel/workqueue.c
@@ -375,6 +375,7 @@ EXPORT_SYMBOL_GPL(system_freezable_power_efficient_wq);
static int worker_thread(void *__worker);
static void workqueue_sysfs_unregister(struct workqueue_struct *wq);
static void show_pwq(struct pool_workqueue *pwq);
+static void show_one_worker_pool(struct worker_pool *pool);
#define CREATE_TRACE_POINTS
#include <trace/events/workqueue.h>
@@ -4454,7 +4455,7 @@ void destroy_workqueue(struct workqueue_struct *wq)
raw_spin_unlock_irq(&pwq->pool->lock);
mutex_unlock(&wq->mutex);
mutex_unlock(&wq_pool_mutex);
- show_workqueue_state();
+ show_one_workqueue(wq);
return;
}
raw_spin_unlock_irq(&pwq->pool->lock);
@@ -4804,97 +4805,116 @@ static void show_pwq(struct pool_workqueue *pwq)
}
/**
- * show_workqueue_state - dump workqueue state
- *
- * Called from a sysrq handler or try_to_freeze_tasks() and prints out
- * all busy workqueues and pools.
+ * show_one_workqueue - dump state of specified workqueue
+ * @wq: workqueue whose state will be printed
*/
-void show_workqueue_state(void)
+void show_one_workqueue(struct workqueue_struct *wq)
{
- struct workqueue_struct *wq;
- struct worker_pool *pool;
+ struct pool_workqueue *pwq;
+ bool idle = true;
unsigned long flags;
- int pi;
-
- rcu_read_lock();
- pr_info("Showing busy workqueues and worker pools:\n");
-
- list_for_each_entry_rcu(wq, &workqueues, list) {
- struct pool_workqueue *pwq;
- bool idle = true;
-
- for_each_pwq(pwq, wq) {
- if (pwq->nr_active || !list_empty(&pwq->inactive_works)) {
- idle = false;
- break;
- }
+ for_each_pwq(pwq, wq) {
+ if (pwq->nr_active || !list_empty(&pwq->inactive_works)) {
+ idle = false;
+ break;
}
- if (idle)
- continue;
+ }
+ if (idle) /* Nothing to print for idle workqueue */
+ return;
- pr_info("workqueue %s: flags=0x%x\n", wq->name, wq->flags);
+ pr_info("workqueue %s: flags=0x%x\n", wq->name, wq->flags);
- for_each_pwq(pwq, wq) {
- raw_spin_lock_irqsave(&pwq->pool->lock, flags);
- if (pwq->nr_active || !list_empty(&pwq->inactive_works)) {
- /*
- * Defer printing to avoid deadlocks in console
- * drivers that queue work while holding locks
- * also taken in their write paths.
- */
- printk_deferred_enter();
- show_pwq(pwq);
- printk_deferred_exit();
- }
- raw_spin_unlock_irqrestore(&pwq->pool->lock, flags);
+ for_each_pwq(pwq, wq) {
+ raw_spin_lock_irqsave(&pwq->pool->lock, flags);
+ if (pwq->nr_active || !list_empty(&pwq->inactive_works)) {
/*
- * We could be printing a lot from atomic context, e.g.
- * sysrq-t -> show_workqueue_state(). Avoid triggering
- * hard lockup.
+ * Defer printing to avoid deadlocks in console
+ * drivers that queue work while holding locks
+ * also taken in their write paths.
*/
- touch_nmi_watchdog();
- }
- }
-
- for_each_pool(pool, pi) {
- struct worker *worker;
- bool first = true;
-
- raw_spin_lock_irqsave(&pool->lock, flags);
- if (pool->nr_workers == pool->nr_idle)
- goto next_pool;
- /*
- * Defer printing to avoid deadlocks in console drivers that
- * queue work while holding locks also taken in their write
- * paths.
- */
- printk_deferred_enter();
- pr_info("pool %d:", pool->id);
- pr_cont_pool_info(pool);
- pr_cont(" hung=%us workers=%d",
- jiffies_to_msecs(jiffies - pool->watchdog_ts) / 1000,
- pool->nr_workers);
- if (pool->manager)
- pr_cont(" manager: %d",
- task_pid_nr(pool->manager->task));
- list_for_each_entry(worker, &pool->idle_list, entry) {
- pr_cont(" %s%d", first ? "idle: " : "",
- task_pid_nr(worker->task));
- first = false;
+ printk_deferred_enter();
+ show_pwq(pwq);
+ printk_deferred_exit();
}
- pr_cont("\n");
- printk_deferred_exit();
- next_pool:
- raw_spin_unlock_irqrestore(&pool->lock, flags);
+ raw_spin_unlock_irqrestore(&pwq->pool->lock, flags);
/*
* We could be printing a lot from atomic context, e.g.
- * sysrq-t -> show_workqueue_state(). Avoid triggering
+ * sysrq-t -> show_all_workqueues(). Avoid triggering
* hard lockup.
*/
touch_nmi_watchdog();
}
+}
+
+/**
+ * show_one_worker_pool - dump state of specified worker pool
+ * @pool: worker pool whose state will be printed
+ */
+static void show_one_worker_pool(struct worker_pool *pool)
+{
+ struct worker *worker;
+ bool first = true;
+ unsigned long flags;
+
+ raw_spin_lock_irqsave(&pool->lock, flags);
+ if (pool->nr_workers == pool->nr_idle)
+ goto next_pool;
+ /*
+ * Defer printing to avoid deadlocks in console drivers that
+ * queue work while holding locks also taken in their write
+ * paths.
+ */
+ printk_deferred_enter();
+ pr_info("pool %d:", pool->id);
+ pr_cont_pool_info(pool);
+ pr_cont(" hung=%us workers=%d",
+ jiffies_to_msecs(jiffies - pool->watchdog_ts) / 1000,
+ pool->nr_workers);
+ if (pool->manager)
+ pr_cont(" manager: %d",
+ task_pid_nr(pool->manager->task));
+ list_for_each_entry(worker, &pool->idle_list, entry) {
+ pr_cont(" %s%d", first ? "idle: " : "",
+ task_pid_nr(worker->task));
+ first = false;
+ }
+ pr_cont("\n");
+ printk_deferred_exit();
+next_pool:
+ raw_spin_unlock_irqrestore(&pool->lock, flags);
+ /*
+ * We could be printing a lot from atomic context, e.g.
+ * sysrq-t -> show_all_workqueues(). Avoid triggering
+ * hard lockup.
+ */
+ touch_nmi_watchdog();
+
+}
+
+/**
+ * show_all_workqueues - dump workqueue state
+ *
+ * Called from a sysrq handler or try_to_freeze_tasks() and prints out
+ * all busy workqueues and pools.
+ */
+void show_all_workqueues(void)
+{
+ struct workqueue_struct *wq;
+ struct worker_pool *pool;
+ int pi;
+
+ rcu_read_lock();
+
+ pr_info("Showing busy workqueues and worker pools:\n");
+
+ list_for_each_entry_rcu(wq, &workqueues, list)
+ show_one_workqueue(wq);
+
+ for_each_pool(pool, pi)
+ show_one_worker_pool(pool);
+
rcu_read_unlock();
}
@@ -5883,7 +5903,7 @@ static void wq_watchdog_timer_fn(struct timer_list *unused)
rcu_read_unlock();
if (lockup_detected)
- show_workqueue_state();
+ show_all_workqueues();
wq_watchdog_reset_touched();
mod_timer(&wq_watchdog_timer, jiffies + thresh);
--
2.39.2
^ permalink raw reply related [flat|nested] 391+ messages in thread
* [PATCH 5.15 296/371] workqueue: Fix hung time report of worker pools
2023-05-08 9:43 [PATCH 5.15 000/371] 5.15.111-rc1 review Greg Kroah-Hartman
` (294 preceding siblings ...)
2023-05-08 9:48 ` [PATCH 5.15 295/371] workqueue: Introduce show_one_worker_pool and show_one_workqueue Greg Kroah-Hartman
@ 2023-05-08 9:48 ` Greg Kroah-Hartman
2023-05-08 9:48 ` [PATCH 5.15 297/371] rtc: omap: include header for omap_rtc_power_off_program prototype Greg Kroah-Hartman
` (78 subsequent siblings)
374 siblings, 0 replies; 391+ messages in thread
From: Greg Kroah-Hartman @ 2023-05-08 9:48 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Petr Mladek, Tejun Heo, Sasha Levin
From: Petr Mladek <pmladek@suse.com>
[ Upstream commit 335a42ebb0ca8ee9997a1731aaaae6dcd704c113 ]
The workqueue watchdog prints a warning when there is no progress in
a worker pool. Where the progress means that the pool started processing
a pending work item.
Note that it is perfectly fine to process work items much longer.
The progress should be guaranteed by waking up or creating idle
workers.
show_one_worker_pool() prints state of non-idle worker pool. It shows
a delay since the last pool->watchdog_ts.
The timestamp is updated when a first pending work is queued in
__queue_work(). Also it is updated when a work is dequeued for
processing in worker_thread() and rescuer_thread().
The delay is misleading when there is no pending work item. In this
case it shows how long the last work item is being proceed. Show
zero instead. There is no stall if there is no pending work.
Fixes: 82607adcf9cdf40fb7b ("workqueue: implement lockup detector")
Signed-off-by: Petr Mladek <pmladek@suse.com>
Signed-off-by: Tejun Heo <tj@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
kernel/workqueue.c | 10 +++++++---
1 file changed, 7 insertions(+), 3 deletions(-)
diff --git a/kernel/workqueue.c b/kernel/workqueue.c
index de6463b931762..2d27bed9881dd 100644
--- a/kernel/workqueue.c
+++ b/kernel/workqueue.c
@@ -4857,10 +4857,16 @@ static void show_one_worker_pool(struct worker_pool *pool)
struct worker *worker;
bool first = true;
unsigned long flags;
+ unsigned long hung = 0;
raw_spin_lock_irqsave(&pool->lock, flags);
if (pool->nr_workers == pool->nr_idle)
goto next_pool;
+
+ /* How long the first pending work is waiting for a worker. */
+ if (!list_empty(&pool->worklist))
+ hung = jiffies_to_msecs(jiffies - pool->watchdog_ts) / 1000;
+
/*
* Defer printing to avoid deadlocks in console drivers that
* queue work while holding locks also taken in their write
@@ -4869,9 +4875,7 @@ static void show_one_worker_pool(struct worker_pool *pool)
printk_deferred_enter();
pr_info("pool %d:", pool->id);
pr_cont_pool_info(pool);
- pr_cont(" hung=%us workers=%d",
- jiffies_to_msecs(jiffies - pool->watchdog_ts) / 1000,
- pool->nr_workers);
+ pr_cont(" hung=%lus workers=%d", hung, pool->nr_workers);
if (pool->manager)
pr_cont(" manager: %d",
task_pid_nr(pool->manager->task));
--
2.39.2
^ permalink raw reply related [flat|nested] 391+ messages in thread
* [PATCH 5.15 297/371] rtc: omap: include header for omap_rtc_power_off_program prototype
2023-05-08 9:43 [PATCH 5.15 000/371] 5.15.111-rc1 review Greg Kroah-Hartman
` (295 preceding siblings ...)
2023-05-08 9:48 ` [PATCH 5.15 296/371] workqueue: Fix hung time report of worker pools Greg Kroah-Hartman
@ 2023-05-08 9:48 ` Greg Kroah-Hartman
2023-05-08 9:48 ` [PATCH 5.15 298/371] RDMA/mlx4: Prevent shift wrapping in set_user_sq_size() Greg Kroah-Hartman
` (77 subsequent siblings)
374 siblings, 0 replies; 391+ messages in thread
From: Greg Kroah-Hartman @ 2023-05-08 9:48 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Krzysztof Kozlowski,
Alexandre Belloni, Sasha Levin
From: Krzysztof Kozlowski <krzysztof.kozlowski@linaro.org>
[ Upstream commit f69c2b5420497b7a54181ce170d682cbeb1f119f ]
Non-static functions should have a prototype:
drivers/rtc/rtc-omap.c:410:5: error: no previous prototype for ‘omap_rtc_power_off_program’ [-Werror=missing-prototypes]
Fixes: 6256f7f7f217 ("rtc: OMAP: Add support for rtc-only mode")
Signed-off-by: Krzysztof Kozlowski <krzysztof.kozlowski@linaro.org>
Link: https://lore.kernel.org/r/20230311094021.79730-1-krzysztof.kozlowski@linaro.org
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/rtc/rtc-omap.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/drivers/rtc/rtc-omap.c b/drivers/rtc/rtc-omap.c
index d46e0f0cc5020..3ff832a5af37c 100644
--- a/drivers/rtc/rtc-omap.c
+++ b/drivers/rtc/rtc-omap.c
@@ -25,6 +25,7 @@
#include <linux/platform_device.h>
#include <linux/pm_runtime.h>
#include <linux/rtc.h>
+#include <linux/rtc/rtc-omap.h>
/*
* The OMAP RTC is a year/month/day/hours/minutes/seconds BCD clock
--
2.39.2
^ permalink raw reply related [flat|nested] 391+ messages in thread
* [PATCH 5.15 298/371] RDMA/mlx4: Prevent shift wrapping in set_user_sq_size()
2023-05-08 9:43 [PATCH 5.15 000/371] 5.15.111-rc1 review Greg Kroah-Hartman
` (296 preceding siblings ...)
2023-05-08 9:48 ` [PATCH 5.15 297/371] rtc: omap: include header for omap_rtc_power_off_program prototype Greg Kroah-Hartman
@ 2023-05-08 9:48 ` Greg Kroah-Hartman
2023-05-08 9:48 ` [PATCH 5.15 299/371] rtc: meson-vrtc: Use ktime_get_real_ts64() to get the current time Greg Kroah-Hartman
` (76 subsequent siblings)
374 siblings, 0 replies; 391+ messages in thread
From: Greg Kroah-Hartman @ 2023-05-08 9:48 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Dan Carpenter, Leon Romanovsky, Sasha Levin
From: Dan Carpenter <error27@gmail.com>
[ Upstream commit d50b3c73f1ac20dabc53dc6e9d64ce9c79a331eb ]
The ucmd->log_sq_bb_count variable is controlled by the user so this
shift can wrap. Fix it by using check_shl_overflow() in the same way
that it was done in commit 515f60004ed9 ("RDMA/hns: Prevent undefined
behavior in hns_roce_set_user_sq_size()").
Fixes: 839041329fd3 ("IB/mlx4: Sanity check userspace send queue sizes")
Signed-off-by: Dan Carpenter <error27@gmail.com>
Link: https://lore.kernel.org/r/a8dfbd1d-c019-4556-930b-bab1ded73b10@kili.mountain
Signed-off-by: Leon Romanovsky <leon@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/infiniband/hw/mlx4/qp.c | 8 ++++++--
1 file changed, 6 insertions(+), 2 deletions(-)
diff --git a/drivers/infiniband/hw/mlx4/qp.c b/drivers/infiniband/hw/mlx4/qp.c
index 3a1a4ac9dd33d..ec545b8858cc0 100644
--- a/drivers/infiniband/hw/mlx4/qp.c
+++ b/drivers/infiniband/hw/mlx4/qp.c
@@ -412,9 +412,13 @@ static int set_user_sq_size(struct mlx4_ib_dev *dev,
struct mlx4_ib_qp *qp,
struct mlx4_ib_create_qp *ucmd)
{
+ u32 cnt;
+
/* Sanity check SQ size before proceeding */
- if ((1 << ucmd->log_sq_bb_count) > dev->dev->caps.max_wqes ||
- ucmd->log_sq_stride >
+ if (check_shl_overflow(1, ucmd->log_sq_bb_count, &cnt) ||
+ cnt > dev->dev->caps.max_wqes)
+ return -EINVAL;
+ if (ucmd->log_sq_stride >
ilog2(roundup_pow_of_two(dev->dev->caps.max_sq_desc_sz)) ||
ucmd->log_sq_stride < MLX4_IB_MIN_SQ_STRIDE)
return -EINVAL;
--
2.39.2
^ permalink raw reply related [flat|nested] 391+ messages in thread
* [PATCH 5.15 299/371] rtc: meson-vrtc: Use ktime_get_real_ts64() to get the current time
2023-05-08 9:43 [PATCH 5.15 000/371] 5.15.111-rc1 review Greg Kroah-Hartman
` (297 preceding siblings ...)
2023-05-08 9:48 ` [PATCH 5.15 298/371] RDMA/mlx4: Prevent shift wrapping in set_user_sq_size() Greg Kroah-Hartman
@ 2023-05-08 9:48 ` Greg Kroah-Hartman
2023-05-08 9:48 ` [PATCH 5.15 300/371] fs/ntfs3: Fix memory leak if ntfs_read_mft failed Greg Kroah-Hartman
` (75 subsequent siblings)
374 siblings, 0 replies; 391+ messages in thread
From: Greg Kroah-Hartman @ 2023-05-08 9:48 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Martin Blumenstingl, Neil Armstrong,
Kevin Hilman, Alexandre Belloni, Sasha Levin
From: Martin Blumenstingl <martin.blumenstingl@googlemail.com>
[ Upstream commit 0e6255fa3f649170da6bd1a544680589cfae1131 ]
The VRTC alarm register can be programmed with an amount of seconds
after which the SoC will be woken up by the VRTC timer again. We are
already converting the alarm time from meson_vrtc_set_alarm() to
"seconds since 1970". This means we also need to use "seconds since
1970" for the current time.
This fixes a problem where setting the alarm to one minute in the future
results in the firmware (which handles wakeup) to output (on the serial
console) that the system will be woken up in billions of seconds.
ktime_get_raw_ts64() returns the time since boot, not since 1970. Switch
to ktime_get_real_ts64() to fix the calculation of the alarm time and to
make the SoC wake up at the specified date/time. Also the firmware
(which manages suspend) now prints either 59 or 60 seconds until wakeup
(depending on how long it takes for the system to enter suspend).
Fixes: 6ef35398e827 ("rtc: Add Amlogic Virtual Wake RTC")
Signed-off-by: Martin Blumenstingl <martin.blumenstingl@googlemail.com>
Reviewed-by: Neil Armstrong <neil.armstrong@linaro.org>
Reviewed-by: Kevin Hilman <khilman@baylibre.com>
Link: https://lore.kernel.org/r/20230320212142.2355062-1-martin.blumenstingl@googlemail.com
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/rtc/rtc-meson-vrtc.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/drivers/rtc/rtc-meson-vrtc.c b/drivers/rtc/rtc-meson-vrtc.c
index 1463c86215615..648fa362ec447 100644
--- a/drivers/rtc/rtc-meson-vrtc.c
+++ b/drivers/rtc/rtc-meson-vrtc.c
@@ -23,7 +23,7 @@ static int meson_vrtc_read_time(struct device *dev, struct rtc_time *tm)
struct timespec64 time;
dev_dbg(dev, "%s\n", __func__);
- ktime_get_raw_ts64(&time);
+ ktime_get_real_ts64(&time);
rtc_time64_to_tm(time.tv_sec, tm);
return 0;
@@ -96,7 +96,7 @@ static int __maybe_unused meson_vrtc_suspend(struct device *dev)
long alarm_secs;
struct timespec64 time;
- ktime_get_raw_ts64(&time);
+ ktime_get_real_ts64(&time);
local_time = time.tv_sec;
dev_dbg(dev, "alarm_time = %lus, local_time=%lus\n",
--
2.39.2
^ permalink raw reply related [flat|nested] 391+ messages in thread
* [PATCH 5.15 300/371] fs/ntfs3: Fix memory leak if ntfs_read_mft failed
2023-05-08 9:43 [PATCH 5.15 000/371] 5.15.111-rc1 review Greg Kroah-Hartman
` (298 preceding siblings ...)
2023-05-08 9:48 ` [PATCH 5.15 299/371] rtc: meson-vrtc: Use ktime_get_real_ts64() to get the current time Greg Kroah-Hartman
@ 2023-05-08 9:48 ` Greg Kroah-Hartman
2023-05-08 9:48 ` [PATCH 5.15 301/371] fs/ntfs3: Add check for kmemdup Greg Kroah-Hartman
` (74 subsequent siblings)
374 siblings, 0 replies; 391+ messages in thread
From: Greg Kroah-Hartman @ 2023-05-08 9:48 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Chen Zhongjin, Konstantin Komarov,
Sasha Levin
From: Chen Zhongjin <chenzhongjin@huawei.com>
[ Upstream commit bfa434c60157c9793e9b12c9b68ade02aff9f803 ]
Label ATTR_ROOT in ntfs_read_mft() sets is_root = true and
ni->ni_flags |= NI_FLAG_DIR, then next attr will goto label ATTR_ALLOC
and alloc ni->dir.alloc_run. However two states are not always
consistent and can make memory leak.
1) attr_name in ATTR_ROOT does not fit the condition it will set
is_root = true but NI_FLAG_DIR is not set.
2) next attr_name in ATTR_ALLOC fits the condition and alloc
ni->dir.alloc_run
3) in cleanup function ni_clear(), when NI_FLAG_DIR is set, it frees
ni->dir.alloc_run, otherwise it frees ni->file.run
4) because NI_FLAG_DIR is not set in this case, ni->dir.alloc_run is
leaked as kmemleak reported:
unreferenced object 0xffff888003bc5480 (size 64):
backtrace:
[<000000003d42e6b0>] __kmalloc_node+0x4e/0x1c0
[<00000000d8e19b8a>] kvmalloc_node+0x39/0x1f0
[<00000000fc3eb5b8>] run_add_entry+0x18a/0xa40 [ntfs3]
[<0000000011c9f978>] run_unpack+0x75d/0x8e0 [ntfs3]
[<00000000e7cf1819>] run_unpack_ex+0xbc/0x500 [ntfs3]
[<00000000bbf0a43d>] ntfs_iget5+0xb25/0x2dd0 [ntfs3]
[<00000000a6e50693>] ntfs_fill_super+0x218d/0x3580 [ntfs3]
[<00000000b9170608>] get_tree_bdev+0x3fb/0x710
[<000000004833798a>] vfs_get_tree+0x8e/0x280
[<000000006e20b8e6>] path_mount+0xf3c/0x1930
[<000000007bf15a5f>] do_mount+0xf3/0x110
...
Fix this by always setting is_root and NI_FLAG_DIR together.
Fixes: 82cae269cfa9 ("fs/ntfs3: Add initialization of super block")
Signed-off-by: Chen Zhongjin <chenzhongjin@huawei.com>
Signed-off-by: Konstantin Komarov <almaz.alexandrovich@paragon-software.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
fs/ntfs3/inode.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/fs/ntfs3/inode.c b/fs/ntfs3/inode.c
index 136236a25da60..359eff346910e 100644
--- a/fs/ntfs3/inode.c
+++ b/fs/ntfs3/inode.c
@@ -257,7 +257,6 @@ static struct inode *ntfs_read_mft(struct inode *inode,
goto out;
root = Add2Ptr(attr, roff);
- is_root = true;
if (attr->name_len != ARRAY_SIZE(I30_NAME) ||
memcmp(attr_name(attr), I30_NAME, sizeof(I30_NAME)))
@@ -270,6 +269,7 @@ static struct inode *ntfs_read_mft(struct inode *inode,
if (!is_dir)
goto next_attr;
+ is_root = true;
ni->ni_flags |= NI_FLAG_DIR;
err = indx_init(&ni->dir, sbi, attr, INDEX_MUTEX_I30);
--
2.39.2
^ permalink raw reply related [flat|nested] 391+ messages in thread
* [PATCH 5.15 301/371] fs/ntfs3: Add check for kmemdup
2023-05-08 9:43 [PATCH 5.15 000/371] 5.15.111-rc1 review Greg Kroah-Hartman
` (299 preceding siblings ...)
2023-05-08 9:48 ` [PATCH 5.15 300/371] fs/ntfs3: Fix memory leak if ntfs_read_mft failed Greg Kroah-Hartman
@ 2023-05-08 9:48 ` Greg Kroah-Hartman
2023-05-08 9:48 ` [PATCH 5.15 302/371] fs/ntfs3: Fix null-ptr-deref on inode->i_op in ntfs_lookup() Greg Kroah-Hartman
` (73 subsequent siblings)
374 siblings, 0 replies; 391+ messages in thread
From: Greg Kroah-Hartman @ 2023-05-08 9:48 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Jiasheng Jiang, Konstantin Komarov,
Sasha Levin
From: Jiasheng Jiang <jiasheng@iscas.ac.cn>
[ Upstream commit e6c3cef24cb0d045f99d5cb039b344874e3cfd74 ]
Since the kmemdup may return NULL pointer,
it should be better to add check for the return value
in order to avoid NULL pointer dereference.
Fixes: b46acd6a6a62 ("fs/ntfs3: Add NTFS journal")
Signed-off-by: Jiasheng Jiang <jiasheng@iscas.ac.cn>
Signed-off-by: Konstantin Komarov <almaz.alexandrovich@paragon-software.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
fs/ntfs3/fslog.c | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/fs/ntfs3/fslog.c b/fs/ntfs3/fslog.c
index 20abdb2682860..88218831527c2 100644
--- a/fs/ntfs3/fslog.c
+++ b/fs/ntfs3/fslog.c
@@ -4256,6 +4256,10 @@ int log_replay(struct ntfs_inode *ni, bool *initialized)
rec_len -= t32;
attr_names = kmemdup(Add2Ptr(lrh, t32), rec_len, GFP_NOFS);
+ if (!attr_names) {
+ err = -ENOMEM;
+ goto out;
+ }
lcb_put(lcb);
lcb = NULL;
--
2.39.2
^ permalink raw reply related [flat|nested] 391+ messages in thread
* [PATCH 5.15 302/371] fs/ntfs3: Fix null-ptr-deref on inode->i_op in ntfs_lookup()
2023-05-08 9:43 [PATCH 5.15 000/371] 5.15.111-rc1 review Greg Kroah-Hartman
` (300 preceding siblings ...)
2023-05-08 9:48 ` [PATCH 5.15 301/371] fs/ntfs3: Add check for kmemdup Greg Kroah-Hartman
@ 2023-05-08 9:48 ` Greg Kroah-Hartman
2023-05-08 9:48 ` [PATCH 5.15 303/371] fs/ntfs3: Fix OOB read in indx_insert_into_buffer Greg Kroah-Hartman
` (72 subsequent siblings)
374 siblings, 0 replies; 391+ messages in thread
From: Greg Kroah-Hartman @ 2023-05-08 9:48 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, syzbot+a8f26a403c169b7593fe,
ZhangPeng, Konstantin Komarov, Sasha Levin
From: ZhangPeng <zhangpeng362@huawei.com>
[ Upstream commit 254e69f284d7270e0abdc023ee53b71401c3ba0c ]
Syzbot reported a null-ptr-deref bug:
ntfs3: loop0: Different NTFS' sector size (1024) and media sector size
(512)
ntfs3: loop0: Mark volume as dirty due to NTFS errors
general protection fault, probably for non-canonical address
0xdffffc0000000001: 0000 [#1] PREEMPT SMP KASAN
KASAN: null-ptr-deref in range [0x0000000000000008-0x000000000000000f]
RIP: 0010:d_flags_for_inode fs/dcache.c:1980 [inline]
RIP: 0010:__d_add+0x5ce/0x800 fs/dcache.c:2796
Call Trace:
<TASK>
d_splice_alias+0x122/0x3b0 fs/dcache.c:3191
lookup_open fs/namei.c:3391 [inline]
open_last_lookups fs/namei.c:3481 [inline]
path_openat+0x10e6/0x2df0 fs/namei.c:3688
do_filp_open+0x264/0x4f0 fs/namei.c:3718
do_sys_openat2+0x124/0x4e0 fs/open.c:1310
do_sys_open fs/open.c:1326 [inline]
__do_sys_open fs/open.c:1334 [inline]
__se_sys_open fs/open.c:1330 [inline]
__x64_sys_open+0x221/0x270 fs/open.c:1330
do_syscall_x64 arch/x86/entry/common.c:50 [inline]
do_syscall_64+0x3d/0xb0 arch/x86/entry/common.c:80
entry_SYSCALL_64_after_hwframe+0x63/0xcd
If the MFT record of ntfs inode is not a base record, inode->i_op can be
NULL. And a null-ptr-deref may happen:
ntfs_lookup()
dir_search_u() # inode->i_op is set to NULL
d_splice_alias()
__d_add()
d_flags_for_inode() # inode->i_op->get_link null-ptr-deref
Fix this by adding a Check on inode->i_op before calling the
d_splice_alias() function.
Fixes: 4342306f0f0d ("fs/ntfs3: Add file operations and implementation")
Reported-by: syzbot+a8f26a403c169b7593fe@syzkaller.appspotmail.com
Signed-off-by: ZhangPeng <zhangpeng362@huawei.com>
Signed-off-by: Konstantin Komarov <almaz.alexandrovich@paragon-software.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
fs/ntfs3/namei.c | 10 ++++++++++
1 file changed, 10 insertions(+)
diff --git a/fs/ntfs3/namei.c b/fs/ntfs3/namei.c
index bc741213ad848..29fd76d94c744 100644
--- a/fs/ntfs3/namei.c
+++ b/fs/ntfs3/namei.c
@@ -86,6 +86,16 @@ static struct dentry *ntfs_lookup(struct inode *dir, struct dentry *dentry,
__putname(uni);
}
+ /*
+ * Check for a null pointer
+ * If the MFT record of ntfs inode is not a base record, inode->i_op can be NULL.
+ * This causes null pointer dereference in d_splice_alias().
+ */
+ if (!IS_ERR(inode) && inode->i_op == NULL) {
+ iput(inode);
+ inode = ERR_PTR(-EINVAL);
+ }
+
return d_splice_alias(inode, dentry);
}
--
2.39.2
^ permalink raw reply related [flat|nested] 391+ messages in thread
* [PATCH 5.15 303/371] fs/ntfs3: Fix OOB read in indx_insert_into_buffer
2023-05-08 9:43 [PATCH 5.15 000/371] 5.15.111-rc1 review Greg Kroah-Hartman
` (301 preceding siblings ...)
2023-05-08 9:48 ` [PATCH 5.15 302/371] fs/ntfs3: Fix null-ptr-deref on inode->i_op in ntfs_lookup() Greg Kroah-Hartman
@ 2023-05-08 9:48 ` Greg Kroah-Hartman
2023-05-08 9:48 ` [PATCH 5.15 304/371] fs/ntfs3: Fix slab-out-of-bounds read in hdr_delete_de() Greg Kroah-Hartman
` (71 subsequent siblings)
374 siblings, 0 replies; 391+ messages in thread
From: Greg Kroah-Hartman @ 2023-05-08 9:48 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, syzbot+d882d57193079e379309,
ZhangPeng, Konstantin Komarov, Sasha Levin
From: ZhangPeng <zhangpeng362@huawei.com>
[ Upstream commit b8c44949044e5f7f864525fdffe8e95135ce9ce5 ]
Syzbot reported a OOB read bug:
BUG: KASAN: slab-out-of-bounds in indx_insert_into_buffer+0xaa3/0x13b0
fs/ntfs3/index.c:1755
Read of size 17168 at addr ffff8880255e06c0 by task syz-executor308/3630
Call Trace:
<TASK>
memmove+0x25/0x60 mm/kasan/shadow.c:54
indx_insert_into_buffer+0xaa3/0x13b0 fs/ntfs3/index.c:1755
indx_insert_entry+0x446/0x6b0 fs/ntfs3/index.c:1863
ntfs_create_inode+0x1d3f/0x35c0 fs/ntfs3/inode.c:1548
ntfs_create+0x3e/0x60 fs/ntfs3/namei.c:100
lookup_open fs/namei.c:3413 [inline]
If the member struct INDEX_BUFFER *index of struct indx_node is
incorrect, that is, the value of __le32 used is greater than the value
of __le32 total in struct INDEX_HDR. Therefore, OOB read occurs when
memmove is called in indx_insert_into_buffer().
Fix this by adding a check in hdr_find_e().
Fixes: 82cae269cfa9 ("fs/ntfs3: Add initialization of super block")
Reported-by: syzbot+d882d57193079e379309@syzkaller.appspotmail.com
Signed-off-by: ZhangPeng <zhangpeng362@huawei.com>
Signed-off-by: Konstantin Komarov <almaz.alexandrovich@paragon-software.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
fs/ntfs3/index.c | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/fs/ntfs3/index.c b/fs/ntfs3/index.c
index 99f8a57e9f7a9..37688cf6e3d05 100644
--- a/fs/ntfs3/index.c
+++ b/fs/ntfs3/index.c
@@ -679,9 +679,13 @@ static struct NTFS_DE *hdr_find_e(const struct ntfs_index *indx,
u32 e_size, e_key_len;
u32 end = le32_to_cpu(hdr->used);
u32 off = le32_to_cpu(hdr->de_off);
+ u32 total = le32_to_cpu(hdr->total);
u16 offs[128];
fill_table:
+ if (end > total)
+ return NULL;
+
if (off + sizeof(struct NTFS_DE) > end)
return NULL;
--
2.39.2
^ permalink raw reply related [flat|nested] 391+ messages in thread
* [PATCH 5.15 304/371] fs/ntfs3: Fix slab-out-of-bounds read in hdr_delete_de()
2023-05-08 9:43 [PATCH 5.15 000/371] 5.15.111-rc1 review Greg Kroah-Hartman
` (302 preceding siblings ...)
2023-05-08 9:48 ` [PATCH 5.15 303/371] fs/ntfs3: Fix OOB read in indx_insert_into_buffer Greg Kroah-Hartman
@ 2023-05-08 9:48 ` Greg Kroah-Hartman
2023-05-08 9:48 ` [PATCH 5.15 305/371] power: supply: generic-adc-battery: fix unit scaling Greg Kroah-Hartman
` (70 subsequent siblings)
374 siblings, 0 replies; 391+ messages in thread
From: Greg Kroah-Hartman @ 2023-05-08 9:48 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, syzbot+9c2811fd56591639ff5f,
Zeng Heng, Konstantin Komarov, Sasha Levin
From: Zeng Heng <zengheng4@huawei.com>
[ Upstream commit ab84eee4c7ab929996602eda7832854c35a6dda2 ]
Here is a BUG report from syzbot:
BUG: KASAN: slab-out-of-bounds in hdr_delete_de+0xe0/0x150 fs/ntfs3/index.c:806
Read of size 16842960 at addr ffff888079cc0600 by task syz-executor934/3631
Call Trace:
memmove+0x25/0x60 mm/kasan/shadow.c:54
hdr_delete_de+0xe0/0x150 fs/ntfs3/index.c:806
indx_delete_entry+0x74f/0x3670 fs/ntfs3/index.c:2193
ni_remove_name+0x27a/0x980 fs/ntfs3/frecord.c:2910
ntfs_unlink_inode+0x3d4/0x720 fs/ntfs3/inode.c:1712
ntfs_rename+0x41a/0xcb0 fs/ntfs3/namei.c:276
Before using the meta-data in struct INDEX_HDR, we need to
check index header valid or not. Otherwise, the corruptedi
(or malicious) fs image can cause out-of-bounds access which
could make kernel panic.
Fixes: 82cae269cfa9 ("fs/ntfs3: Add initialization of super block")
Reported-by: syzbot+9c2811fd56591639ff5f@syzkaller.appspotmail.com
Signed-off-by: Zeng Heng <zengheng4@huawei.com>
Signed-off-by: Konstantin Komarov <almaz.alexandrovich@paragon-software.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
fs/ntfs3/fslog.c | 2 +-
fs/ntfs3/index.c | 4 ++++
fs/ntfs3/ntfs_fs.h | 1 +
3 files changed, 6 insertions(+), 1 deletion(-)
diff --git a/fs/ntfs3/fslog.c b/fs/ntfs3/fslog.c
index 88218831527c2..59f813cbdaa8e 100644
--- a/fs/ntfs3/fslog.c
+++ b/fs/ntfs3/fslog.c
@@ -2575,7 +2575,7 @@ static int read_next_log_rec(struct ntfs_log *log, struct lcb *lcb, u64 *lsn)
return find_log_rec(log, *lsn, lcb);
}
-static inline bool check_index_header(const struct INDEX_HDR *hdr, size_t bytes)
+bool check_index_header(const struct INDEX_HDR *hdr, size_t bytes)
{
__le16 mask;
u32 min_de, de_off, used, total;
diff --git a/fs/ntfs3/index.c b/fs/ntfs3/index.c
index 37688cf6e3d05..f62e0df7a7b4e 100644
--- a/fs/ntfs3/index.c
+++ b/fs/ntfs3/index.c
@@ -802,6 +802,10 @@ static inline struct NTFS_DE *hdr_delete_de(struct INDEX_HDR *hdr,
u32 off = PtrOffset(hdr, re);
int bytes = used - (off + esize);
+ /* check INDEX_HDR valid before using INDEX_HDR */
+ if (!check_index_header(hdr, le32_to_cpu(hdr->total)))
+ return NULL;
+
if (off >= used || esize < sizeof(struct NTFS_DE) ||
bytes < sizeof(struct NTFS_DE))
return NULL;
diff --git a/fs/ntfs3/ntfs_fs.h b/fs/ntfs3/ntfs_fs.h
index 8aaec7e0804ef..e571e7643596e 100644
--- a/fs/ntfs3/ntfs_fs.h
+++ b/fs/ntfs3/ntfs_fs.h
@@ -575,6 +575,7 @@ int ni_rename(struct ntfs_inode *dir_ni, struct ntfs_inode *new_dir_ni,
bool ni_is_dirty(struct inode *inode);
/* Globals from fslog.c */
+bool check_index_header(const struct INDEX_HDR *hdr, size_t bytes);
int log_replay(struct ntfs_inode *ni, bool *initialized);
/* Globals from fsntfs.c */
--
2.39.2
^ permalink raw reply related [flat|nested] 391+ messages in thread
* [PATCH 5.15 305/371] power: supply: generic-adc-battery: fix unit scaling
2023-05-08 9:43 [PATCH 5.15 000/371] 5.15.111-rc1 review Greg Kroah-Hartman
` (303 preceding siblings ...)
2023-05-08 9:48 ` [PATCH 5.15 304/371] fs/ntfs3: Fix slab-out-of-bounds read in hdr_delete_de() Greg Kroah-Hartman
@ 2023-05-08 9:48 ` Greg Kroah-Hartman
2023-05-08 9:48 ` [PATCH 5.15 306/371] clk: add missing of_node_put() in "assigned-clocks" property parsing Greg Kroah-Hartman
` (69 subsequent siblings)
374 siblings, 0 replies; 391+ messages in thread
From: Greg Kroah-Hartman @ 2023-05-08 9:48 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Linus Walleij, Matti Vaittinen,
Sebastian Reichel, Sasha Levin
From: Sebastian Reichel <sre@kernel.org>
[ Upstream commit 44263f50065969f2344808388bd589740f026167 ]
power-supply properties are reported in µV, µA and µW.
The IIO API provides mV, mA, mW, so the values need to
be multiplied by 1000.
Fixes: e60fea794e6e ("power: battery: Generic battery driver using IIO")
Reviewed-by: Linus Walleij <linus.walleij@linaro.org>
Reviewed-by: Matti Vaittinen <mazziesaccount@gmail.com>
Signed-off-by: Sebastian Reichel <sre@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/power/supply/generic-adc-battery.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/drivers/power/supply/generic-adc-battery.c b/drivers/power/supply/generic-adc-battery.c
index 66039c665dd1e..0af536f4932f1 100644
--- a/drivers/power/supply/generic-adc-battery.c
+++ b/drivers/power/supply/generic-adc-battery.c
@@ -135,6 +135,9 @@ static int read_channel(struct gab *adc_bat, enum power_supply_property psp,
result);
if (ret < 0)
pr_err("read channel error\n");
+ else
+ *result *= 1000;
+
return ret;
}
--
2.39.2
^ permalink raw reply related [flat|nested] 391+ messages in thread
* [PATCH 5.15 306/371] clk: add missing of_node_put() in "assigned-clocks" property parsing
2023-05-08 9:43 [PATCH 5.15 000/371] 5.15.111-rc1 review Greg Kroah-Hartman
` (304 preceding siblings ...)
2023-05-08 9:48 ` [PATCH 5.15 305/371] power: supply: generic-adc-battery: fix unit scaling Greg Kroah-Hartman
@ 2023-05-08 9:48 ` Greg Kroah-Hartman
2023-05-08 9:48 ` [PATCH 5.15 307/371] RDMA/siw: Remove namespace check from siw_netdev_event() Greg Kroah-Hartman
` (68 subsequent siblings)
374 siblings, 0 replies; 391+ messages in thread
From: Greg Kroah-Hartman @ 2023-05-08 9:48 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Clément Léger,
Stephen Boyd, Sasha Levin
From: Clément Léger <clement.leger@bootlin.com>
[ Upstream commit 27a6e1b09a782517fddac91259970ac466a3f7b6 ]
When returning from of_parse_phandle_with_args(), the np member of the
of_phandle_args structure should be put after usage. Add missing
of_node_put() calls in both __set_clk_parents() and __set_clk_rates().
Fixes: 86be408bfbd8 ("clk: Support for clock parents and rates assigned from device tree")
Signed-off-by: Clément Léger <clement.leger@bootlin.com>
Link: https://lore.kernel.org/r/20230131083227.10990-1-clement.leger@bootlin.com
Signed-off-by: Stephen Boyd <sboyd@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/clk/clk-conf.c | 12 ++++++++++--
1 file changed, 10 insertions(+), 2 deletions(-)
diff --git a/drivers/clk/clk-conf.c b/drivers/clk/clk-conf.c
index 2ef819606c417..1a4e6340f95ce 100644
--- a/drivers/clk/clk-conf.c
+++ b/drivers/clk/clk-conf.c
@@ -33,9 +33,12 @@ static int __set_clk_parents(struct device_node *node, bool clk_supplier)
else
return rc;
}
- if (clkspec.np == node && !clk_supplier)
+ if (clkspec.np == node && !clk_supplier) {
+ of_node_put(clkspec.np);
return 0;
+ }
pclk = of_clk_get_from_provider(&clkspec);
+ of_node_put(clkspec.np);
if (IS_ERR(pclk)) {
if (PTR_ERR(pclk) != -EPROBE_DEFER)
pr_warn("clk: couldn't get parent clock %d for %pOF\n",
@@ -48,10 +51,12 @@ static int __set_clk_parents(struct device_node *node, bool clk_supplier)
if (rc < 0)
goto err;
if (clkspec.np == node && !clk_supplier) {
+ of_node_put(clkspec.np);
rc = 0;
goto err;
}
clk = of_clk_get_from_provider(&clkspec);
+ of_node_put(clkspec.np);
if (IS_ERR(clk)) {
if (PTR_ERR(clk) != -EPROBE_DEFER)
pr_warn("clk: couldn't get assigned clock %d for %pOF\n",
@@ -93,10 +98,13 @@ static int __set_clk_rates(struct device_node *node, bool clk_supplier)
else
return rc;
}
- if (clkspec.np == node && !clk_supplier)
+ if (clkspec.np == node && !clk_supplier) {
+ of_node_put(clkspec.np);
return 0;
+ }
clk = of_clk_get_from_provider(&clkspec);
+ of_node_put(clkspec.np);
if (IS_ERR(clk)) {
if (PTR_ERR(clk) != -EPROBE_DEFER)
pr_warn("clk: couldn't get clock %d for %pOF\n",
--
2.39.2
^ permalink raw reply related [flat|nested] 391+ messages in thread
* [PATCH 5.15 307/371] RDMA/siw: Remove namespace check from siw_netdev_event()
2023-05-08 9:43 [PATCH 5.15 000/371] 5.15.111-rc1 review Greg Kroah-Hartman
` (305 preceding siblings ...)
2023-05-08 9:48 ` [PATCH 5.15 306/371] clk: add missing of_node_put() in "assigned-clocks" property parsing Greg Kroah-Hartman
@ 2023-05-08 9:48 ` Greg Kroah-Hartman
2023-05-08 9:48 ` [PATCH 5.15 308/371] clk: qcom: gcc-sm6115: Mark RCGs shared where applicable Greg Kroah-Hartman
` (67 subsequent siblings)
374 siblings, 0 replies; 391+ messages in thread
From: Greg Kroah-Hartman @ 2023-05-08 9:48 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, syzbot, Jason Gunthorpe,
Leon Romanovsky, Tetsuo Handa, Bernard Metzler, Sasha Levin
From: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
[ Upstream commit 266e9b3475ba82212062771fdbc40be0e3c06ec8 ]
syzbot is reporting that siw_netdev_event(NETDEV_UNREGISTER) cannot destroy
siw_device created after unshare(CLONE_NEWNET) due to net namespace check.
It seems that this check was by error there and should be removed.
Reported-by: syzbot <syzbot+5e70d01ee8985ae62a3b@syzkaller.appspotmail.com>
Link: https://syzkaller.appspot.com/bug?extid=5e70d01ee8985ae62a3b
Suggested-by: Jason Gunthorpe <jgg@ziepe.ca>
Suggested-by: Leon Romanovsky <leon@kernel.org>
Fixes: bdcf26bf9b3a ("rdma/siw: network and RDMA core interface")
Signed-off-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
Link: https://lore.kernel.org/r/a44e9ac5-44e2-d575-9e30-02483cc7ffd1@I-love.SAKURA.ne.jp
Reviewed-by: Bernard Metzler <bmt@zurich.ibm.com>
Signed-off-by: Leon Romanovsky <leon@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/infiniband/sw/siw/siw_main.c | 3 ---
1 file changed, 3 deletions(-)
diff --git a/drivers/infiniband/sw/siw/siw_main.c b/drivers/infiniband/sw/siw/siw_main.c
index 9093e6a80b260..f853f3c23540a 100644
--- a/drivers/infiniband/sw/siw/siw_main.c
+++ b/drivers/infiniband/sw/siw/siw_main.c
@@ -437,9 +437,6 @@ static int siw_netdev_event(struct notifier_block *nb, unsigned long event,
dev_dbg(&netdev->dev, "siw: event %lu\n", event);
- if (dev_net(netdev) != &init_net)
- return NOTIFY_OK;
-
base_dev = ib_device_get_by_netdev(netdev, RDMA_DRIVER_SIW);
if (!base_dev)
return NOTIFY_OK;
--
2.39.2
^ permalink raw reply related [flat|nested] 391+ messages in thread
* [PATCH 5.15 308/371] clk: qcom: gcc-sm6115: Mark RCGs shared where applicable
2023-05-08 9:43 [PATCH 5.15 000/371] 5.15.111-rc1 review Greg Kroah-Hartman
` (306 preceding siblings ...)
2023-05-08 9:48 ` [PATCH 5.15 307/371] RDMA/siw: Remove namespace check from siw_netdev_event() Greg Kroah-Hartman
@ 2023-05-08 9:48 ` Greg Kroah-Hartman
2023-05-08 9:48 ` [PATCH 5.15 309/371] RDMA/cm: Trace icm_send_rej event before the cm state is reset Greg Kroah-Hartman
` (66 subsequent siblings)
374 siblings, 0 replies; 391+ messages in thread
From: Greg Kroah-Hartman @ 2023-05-08 9:48 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Konrad Dybcio, Bjorn Andersson, Sasha Levin
From: Konrad Dybcio <konrad.dybcio@linaro.org>
[ Upstream commit 996c32b745a15a637e8244a25f06b74acce98976 ]
The vast majority of shared RCGs were not marked as such. Fix it.
Fixes: cbe63bfdc54f ("clk: qcom: Add Global Clock controller (GCC) driver for SM6115")
Signed-off-by: Konrad Dybcio <konrad.dybcio@linaro.org>
Signed-off-by: Bjorn Andersson <andersson@kernel.org>
Link: https://lore.kernel.org/r/20230404224719.909746-1-konrad.dybcio@linaro.org
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/clk/qcom/gcc-sm6115.c | 50 +++++++++++++++++------------------
1 file changed, 25 insertions(+), 25 deletions(-)
diff --git a/drivers/clk/qcom/gcc-sm6115.c b/drivers/clk/qcom/gcc-sm6115.c
index e24a977c25806..1c3be4e07d5bc 100644
--- a/drivers/clk/qcom/gcc-sm6115.c
+++ b/drivers/clk/qcom/gcc-sm6115.c
@@ -720,7 +720,7 @@ static struct clk_rcg2 gcc_camss_axi_clk_src = {
.parent_data = gcc_parents_7,
.num_parents = ARRAY_SIZE(gcc_parents_7),
.flags = CLK_SET_RATE_PARENT,
- .ops = &clk_rcg2_ops,
+ .ops = &clk_rcg2_shared_ops,
},
};
@@ -741,7 +741,7 @@ static struct clk_rcg2 gcc_camss_cci_clk_src = {
.parent_data = gcc_parents_9,
.num_parents = ARRAY_SIZE(gcc_parents_9),
.flags = CLK_SET_RATE_PARENT | CLK_OPS_PARENT_ENABLE,
- .ops = &clk_rcg2_ops,
+ .ops = &clk_rcg2_shared_ops,
},
};
@@ -764,7 +764,7 @@ static struct clk_rcg2 gcc_camss_csi0phytimer_clk_src = {
.parent_data = gcc_parents_4,
.num_parents = ARRAY_SIZE(gcc_parents_4),
.flags = CLK_SET_RATE_PARENT | CLK_OPS_PARENT_ENABLE,
- .ops = &clk_rcg2_ops,
+ .ops = &clk_rcg2_shared_ops,
},
};
@@ -779,7 +779,7 @@ static struct clk_rcg2 gcc_camss_csi1phytimer_clk_src = {
.parent_data = gcc_parents_4,
.num_parents = ARRAY_SIZE(gcc_parents_4),
.flags = CLK_SET_RATE_PARENT | CLK_OPS_PARENT_ENABLE,
- .ops = &clk_rcg2_ops,
+ .ops = &clk_rcg2_shared_ops,
},
};
@@ -794,7 +794,7 @@ static struct clk_rcg2 gcc_camss_csi2phytimer_clk_src = {
.parent_data = gcc_parents_4,
.num_parents = ARRAY_SIZE(gcc_parents_4),
.flags = CLK_SET_RATE_PARENT | CLK_OPS_PARENT_ENABLE,
- .ops = &clk_rcg2_ops,
+ .ops = &clk_rcg2_shared_ops,
},
};
@@ -816,7 +816,7 @@ static struct clk_rcg2 gcc_camss_mclk0_clk_src = {
.parent_data = gcc_parents_3,
.num_parents = ARRAY_SIZE(gcc_parents_3),
.flags = CLK_SET_RATE_PARENT | CLK_OPS_PARENT_ENABLE,
- .ops = &clk_rcg2_ops,
+ .ops = &clk_rcg2_shared_ops,
},
};
@@ -831,7 +831,7 @@ static struct clk_rcg2 gcc_camss_mclk1_clk_src = {
.parent_data = gcc_parents_3,
.num_parents = ARRAY_SIZE(gcc_parents_3),
.flags = CLK_SET_RATE_PARENT | CLK_OPS_PARENT_ENABLE,
- .ops = &clk_rcg2_ops,
+ .ops = &clk_rcg2_shared_ops,
},
};
@@ -846,7 +846,7 @@ static struct clk_rcg2 gcc_camss_mclk2_clk_src = {
.parent_data = gcc_parents_3,
.num_parents = ARRAY_SIZE(gcc_parents_3),
.flags = CLK_SET_RATE_PARENT | CLK_OPS_PARENT_ENABLE,
- .ops = &clk_rcg2_ops,
+ .ops = &clk_rcg2_shared_ops,
},
};
@@ -861,7 +861,7 @@ static struct clk_rcg2 gcc_camss_mclk3_clk_src = {
.parent_data = gcc_parents_3,
.num_parents = ARRAY_SIZE(gcc_parents_3),
.flags = CLK_SET_RATE_PARENT | CLK_OPS_PARENT_ENABLE,
- .ops = &clk_rcg2_ops,
+ .ops = &clk_rcg2_shared_ops,
},
};
@@ -883,7 +883,7 @@ static struct clk_rcg2 gcc_camss_ope_ahb_clk_src = {
.parent_data = gcc_parents_8,
.num_parents = ARRAY_SIZE(gcc_parents_8),
.flags = CLK_SET_RATE_PARENT,
- .ops = &clk_rcg2_ops,
+ .ops = &clk_rcg2_shared_ops,
},
};
@@ -907,7 +907,7 @@ static struct clk_rcg2 gcc_camss_ope_clk_src = {
.parent_data = gcc_parents_8,
.num_parents = ARRAY_SIZE(gcc_parents_8),
.flags = CLK_SET_RATE_PARENT,
- .ops = &clk_rcg2_ops,
+ .ops = &clk_rcg2_shared_ops,
},
};
@@ -942,7 +942,7 @@ static struct clk_rcg2 gcc_camss_tfe_0_clk_src = {
.parent_data = gcc_parents_5,
.num_parents = ARRAY_SIZE(gcc_parents_5),
.flags = CLK_SET_RATE_PARENT,
- .ops = &clk_rcg2_ops,
+ .ops = &clk_rcg2_shared_ops,
},
};
@@ -967,7 +967,7 @@ static struct clk_rcg2 gcc_camss_tfe_0_csid_clk_src = {
.parent_data = gcc_parents_6,
.num_parents = ARRAY_SIZE(gcc_parents_6),
.flags = CLK_SET_RATE_PARENT,
- .ops = &clk_rcg2_ops,
+ .ops = &clk_rcg2_shared_ops,
},
};
@@ -982,7 +982,7 @@ static struct clk_rcg2 gcc_camss_tfe_1_clk_src = {
.parent_data = gcc_parents_5,
.num_parents = ARRAY_SIZE(gcc_parents_5),
.flags = CLK_SET_RATE_PARENT,
- .ops = &clk_rcg2_ops,
+ .ops = &clk_rcg2_shared_ops,
},
};
@@ -997,7 +997,7 @@ static struct clk_rcg2 gcc_camss_tfe_1_csid_clk_src = {
.parent_data = gcc_parents_6,
.num_parents = ARRAY_SIZE(gcc_parents_6),
.flags = CLK_SET_RATE_PARENT,
- .ops = &clk_rcg2_ops,
+ .ops = &clk_rcg2_shared_ops,
},
};
@@ -1012,7 +1012,7 @@ static struct clk_rcg2 gcc_camss_tfe_2_clk_src = {
.parent_data = gcc_parents_5,
.num_parents = ARRAY_SIZE(gcc_parents_5),
.flags = CLK_SET_RATE_PARENT,
- .ops = &clk_rcg2_ops,
+ .ops = &clk_rcg2_shared_ops,
},
};
@@ -1027,7 +1027,7 @@ static struct clk_rcg2 gcc_camss_tfe_2_csid_clk_src = {
.parent_data = gcc_parents_6,
.num_parents = ARRAY_SIZE(gcc_parents_6),
.flags = CLK_SET_RATE_PARENT,
- .ops = &clk_rcg2_ops,
+ .ops = &clk_rcg2_shared_ops,
},
};
@@ -1050,7 +1050,7 @@ static struct clk_rcg2 gcc_camss_tfe_cphy_rx_clk_src = {
.parent_data = gcc_parents_10,
.num_parents = ARRAY_SIZE(gcc_parents_10),
.flags = CLK_SET_RATE_PARENT | CLK_OPS_PARENT_ENABLE,
- .ops = &clk_rcg2_ops,
+ .ops = &clk_rcg2_shared_ops,
},
};
@@ -1072,7 +1072,7 @@ static struct clk_rcg2 gcc_camss_top_ahb_clk_src = {
.parent_data = gcc_parents_7,
.num_parents = ARRAY_SIZE(gcc_parents_7),
.flags = CLK_SET_RATE_PARENT | CLK_OPS_PARENT_ENABLE,
- .ops = &clk_rcg2_ops,
+ .ops = &clk_rcg2_shared_ops,
},
};
@@ -1142,7 +1142,7 @@ static struct clk_rcg2 gcc_pdm2_clk_src = {
.name = "gcc_pdm2_clk_src",
.parent_data = gcc_parents_0,
.num_parents = ARRAY_SIZE(gcc_parents_0),
- .ops = &clk_rcg2_ops,
+ .ops = &clk_rcg2_shared_ops,
},
};
@@ -1355,7 +1355,7 @@ static struct clk_rcg2 gcc_ufs_phy_axi_clk_src = {
.name = "gcc_ufs_phy_axi_clk_src",
.parent_data = gcc_parents_0,
.num_parents = ARRAY_SIZE(gcc_parents_0),
- .ops = &clk_rcg2_ops,
+ .ops = &clk_rcg2_shared_ops,
},
};
@@ -1377,7 +1377,7 @@ static struct clk_rcg2 gcc_ufs_phy_ice_core_clk_src = {
.name = "gcc_ufs_phy_ice_core_clk_src",
.parent_data = gcc_parents_0,
.num_parents = ARRAY_SIZE(gcc_parents_0),
- .ops = &clk_rcg2_ops,
+ .ops = &clk_rcg2_shared_ops,
},
};
@@ -1418,7 +1418,7 @@ static struct clk_rcg2 gcc_ufs_phy_unipro_core_clk_src = {
.name = "gcc_ufs_phy_unipro_core_clk_src",
.parent_data = gcc_parents_0,
.num_parents = ARRAY_SIZE(gcc_parents_0),
- .ops = &clk_rcg2_ops,
+ .ops = &clk_rcg2_shared_ops,
},
};
@@ -1440,7 +1440,7 @@ static struct clk_rcg2 gcc_usb30_prim_master_clk_src = {
.name = "gcc_usb30_prim_master_clk_src",
.parent_data = gcc_parents_0,
.num_parents = ARRAY_SIZE(gcc_parents_0),
- .ops = &clk_rcg2_ops,
+ .ops = &clk_rcg2_shared_ops,
},
};
@@ -1509,7 +1509,7 @@ static struct clk_rcg2 gcc_video_venus_clk_src = {
.parent_data = gcc_parents_13,
.num_parents = ARRAY_SIZE(gcc_parents_13),
.flags = CLK_SET_RATE_PARENT,
- .ops = &clk_rcg2_ops,
+ .ops = &clk_rcg2_shared_ops,
},
};
--
2.39.2
^ permalink raw reply related [flat|nested] 391+ messages in thread
* [PATCH 5.15 309/371] RDMA/cm: Trace icm_send_rej event before the cm state is reset
2023-05-08 9:43 [PATCH 5.15 000/371] 5.15.111-rc1 review Greg Kroah-Hartman
` (307 preceding siblings ...)
2023-05-08 9:48 ` [PATCH 5.15 308/371] clk: qcom: gcc-sm6115: Mark RCGs shared where applicable Greg Kroah-Hartman
@ 2023-05-08 9:48 ` Greg Kroah-Hartman
2023-05-08 9:48 ` [PATCH 5.15 310/371] RDMA/srpt: Add a check for valid mad_agent pointer Greg Kroah-Hartman
` (65 subsequent siblings)
374 siblings, 0 replies; 391+ messages in thread
From: Greg Kroah-Hartman @ 2023-05-08 9:48 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Mark Zhang, Leon Romanovsky, Sasha Levin
From: Mark Zhang <markzhang@nvidia.com>
[ Upstream commit bd9de1badac7e4ff6780365d4aa38983f5e2a436 ]
Trace icm_send_rej event before the cm state is reset to idle, so that
correct cm state will be logged. For example when an incoming request is
rejected, the old trace log was:
icm_send_rej: local_id=961102742 remote_id=3829151631 state=IDLE reason=REJ_CONSUMER_DEFINED
With this patch:
icm_send_rej: local_id=312971016 remote_id=3778819983 state=MRA_REQ_SENT reason=REJ_CONSUMER_DEFINED
Fixes: 8dc105befe16 ("RDMA/cm: Add tracepoints to track MAD send operations")
Signed-off-by: Mark Zhang <markzhang@nvidia.com>
Link: https://lore.kernel.org/r/20230330072351.481200-1-markzhang@nvidia.com
Signed-off-by: Leon Romanovsky <leon@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/infiniband/core/cm.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/drivers/infiniband/core/cm.c b/drivers/infiniband/core/cm.c
index 5c910f5c01b35..680c3ac8cd4c0 100644
--- a/drivers/infiniband/core/cm.c
+++ b/drivers/infiniband/core/cm.c
@@ -2914,6 +2914,8 @@ static int cm_send_rej_locked(struct cm_id_private *cm_id_priv,
(ari && ari_length > IB_CM_REJ_ARI_LENGTH))
return -EINVAL;
+ trace_icm_send_rej(&cm_id_priv->id, reason);
+
switch (state) {
case IB_CM_REQ_SENT:
case IB_CM_MRA_REQ_RCVD:
@@ -2944,7 +2946,6 @@ static int cm_send_rej_locked(struct cm_id_private *cm_id_priv,
return -EINVAL;
}
- trace_icm_send_rej(&cm_id_priv->id, reason);
ret = ib_post_send_mad(msg, NULL);
if (ret) {
cm_free_msg(msg);
--
2.39.2
^ permalink raw reply related [flat|nested] 391+ messages in thread
* [PATCH 5.15 310/371] RDMA/srpt: Add a check for valid mad_agent pointer
2023-05-08 9:43 [PATCH 5.15 000/371] 5.15.111-rc1 review Greg Kroah-Hartman
` (308 preceding siblings ...)
2023-05-08 9:48 ` [PATCH 5.15 309/371] RDMA/cm: Trace icm_send_rej event before the cm state is reset Greg Kroah-Hartman
@ 2023-05-08 9:48 ` Greg Kroah-Hartman
2023-05-08 9:48 ` [PATCH 5.15 311/371] IB/hfi1: Fix SDMA mmu_rb_node not being evicted in LRU order Greg Kroah-Hartman
` (64 subsequent siblings)
374 siblings, 0 replies; 391+ messages in thread
From: Greg Kroah-Hartman @ 2023-05-08 9:48 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Selvin Xavier, Kashyap Desai,
Saravanan Vajravel, Bart Van Assche, Leon Romanovsky,
Sasha Levin
From: Saravanan Vajravel <saravanan.vajravel@broadcom.com>
[ Upstream commit eca5cd9474cd26d62f9756f536e2e656d3f62f3a ]
When unregistering MAD agent, srpt module has a non-null check
for 'mad_agent' pointer before invoking ib_unregister_mad_agent().
This check can pass if 'mad_agent' variable holds an error value.
The 'mad_agent' can have an error value for a short window when
srpt_add_one() and srpt_remove_one() is executed simultaneously.
In srpt module, added a valid pointer check for 'sport->mad_agent'
before unregistering MAD agent.
This issue can hit when RoCE driver unregisters ib_device
Stack Trace:
------------
BUG: kernel NULL pointer dereference, address: 000000000000004d
PGD 145003067 P4D 145003067 PUD 2324fe067 PMD 0
Oops: 0002 [#1] PREEMPT SMP NOPTI
CPU: 10 PID: 4459 Comm: kworker/u80:0 Kdump: loaded Tainted: P
Hardware name: Dell Inc. PowerEdge R640/06NR82, BIOS 2.5.4 01/13/2020
Workqueue: bnxt_re bnxt_re_task [bnxt_re]
RIP: 0010:_raw_spin_lock_irqsave+0x19/0x40
Call Trace:
ib_unregister_mad_agent+0x46/0x2f0 [ib_core]
IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready
? __schedule+0x20b/0x560
srpt_unregister_mad_agent+0x93/0xd0 [ib_srpt]
srpt_remove_one+0x20/0x150 [ib_srpt]
remove_client_context+0x88/0xd0 [ib_core]
bond0: (slave p2p1): link status definitely up, 100000 Mbps full duplex
disable_device+0x8a/0x160 [ib_core]
bond0: active interface up!
? kernfs_name_hash+0x12/0x80
(NULL device *): Bonding Info Received: rdev: 000000006c0b8247
__ib_unregister_device+0x42/0xb0 [ib_core]
(NULL device *): Master: mode: 4 num_slaves:2
ib_unregister_device+0x22/0x30 [ib_core]
(NULL device *): Slave: id: 105069936 name:p2p1 link:0 state:0
bnxt_re_stopqps_and_ib_uninit+0x83/0x90 [bnxt_re]
bnxt_re_alloc_lag+0x12e/0x4e0 [bnxt_re]
Fixes: a42d985bd5b2 ("ib_srpt: Initial SRP Target merge for v3.3-rc1")
Reviewed-by: Selvin Xavier <selvin.xavier@broadcom.com>
Reviewed-by: Kashyap Desai <kashyap.desai@broadcom.com>
Signed-off-by: Saravanan Vajravel <saravanan.vajravel@broadcom.com>
Link: https://lore.kernel.org/r/20230406042549.507328-1-saravanan.vajravel@broadcom.com
Reviewed-by: Bart Van Assche <bvanassche@acm.org>
Signed-off-by: Leon Romanovsky <leon@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/infiniband/ulp/srpt/ib_srpt.c | 23 +++++++++++++----------
1 file changed, 13 insertions(+), 10 deletions(-)
diff --git a/drivers/infiniband/ulp/srpt/ib_srpt.c b/drivers/infiniband/ulp/srpt/ib_srpt.c
index 7b69b0c9e48d9..38494943bd748 100644
--- a/drivers/infiniband/ulp/srpt/ib_srpt.c
+++ b/drivers/infiniband/ulp/srpt/ib_srpt.c
@@ -549,6 +549,7 @@ static int srpt_format_guid(char *buf, unsigned int size, const __be64 *guid)
*/
static int srpt_refresh_port(struct srpt_port *sport)
{
+ struct ib_mad_agent *mad_agent;
struct ib_mad_reg_req reg_req;
struct ib_port_modify port_modify;
struct ib_port_attr port_attr;
@@ -593,24 +594,26 @@ static int srpt_refresh_port(struct srpt_port *sport)
set_bit(IB_MGMT_METHOD_GET, reg_req.method_mask);
set_bit(IB_MGMT_METHOD_SET, reg_req.method_mask);
- sport->mad_agent = ib_register_mad_agent(sport->sdev->device,
- sport->port,
- IB_QPT_GSI,
- ®_req, 0,
- srpt_mad_send_handler,
- srpt_mad_recv_handler,
- sport, 0);
- if (IS_ERR(sport->mad_agent)) {
+ mad_agent = ib_register_mad_agent(sport->sdev->device,
+ sport->port,
+ IB_QPT_GSI,
+ ®_req, 0,
+ srpt_mad_send_handler,
+ srpt_mad_recv_handler,
+ sport, 0);
+ if (IS_ERR(mad_agent)) {
pr_err("%s-%d: MAD agent registration failed (%ld). Note: this is expected if SR-IOV is enabled.\n",
dev_name(&sport->sdev->device->dev), sport->port,
- PTR_ERR(sport->mad_agent));
+ PTR_ERR(mad_agent));
sport->mad_agent = NULL;
memset(&port_modify, 0, sizeof(port_modify));
port_modify.clr_port_cap_mask = IB_PORT_DEVICE_MGMT_SUP;
ib_modify_port(sport->sdev->device, sport->port, 0,
&port_modify);
-
+ return 0;
}
+
+ sport->mad_agent = mad_agent;
}
return 0;
--
2.39.2
^ permalink raw reply related [flat|nested] 391+ messages in thread
* [PATCH 5.15 311/371] IB/hfi1: Fix SDMA mmu_rb_node not being evicted in LRU order
2023-05-08 9:43 [PATCH 5.15 000/371] 5.15.111-rc1 review Greg Kroah-Hartman
` (309 preceding siblings ...)
2023-05-08 9:48 ` [PATCH 5.15 310/371] RDMA/srpt: Add a check for valid mad_agent pointer Greg Kroah-Hartman
@ 2023-05-08 9:48 ` Greg Kroah-Hartman
2023-05-08 9:48 ` [PATCH 5.15 312/371] IB/hfi1: Fix bugs with non-PAGE_SIZE-end multi-iovec user SDMA requests Greg Kroah-Hartman
` (63 subsequent siblings)
374 siblings, 0 replies; 391+ messages in thread
From: Greg Kroah-Hartman @ 2023-05-08 9:48 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Brendan Cunningham, Patrick Kelsey,
Dennis Dalessandro, Leon Romanovsky, Sasha Levin
From: Patrick Kelsey <pat.kelsey@cornelisnetworks.com>
[ Upstream commit 9fe8fec5e43d5a80f43cbf61aaada1b047a1eb61 ]
hfi1_mmu_rb_remove_unless_exact() did not move mmu_rb_node objects in
mmu_rb_handler->lru_list after getting a cache hit on an mmu_rb_node.
As a result, hfi1_mmu_rb_evict() was not guaranteed to evict truly
least-recently used nodes.
This could be a performance issue for an application when that
application:
- Uses some long-lived buffers frequently.
- Uses a large number of buffers once.
- Hits the mmu_rb_handler cache size or pinned-page limits, forcing
mmu_rb_handler cache entries to be evicted.
In this case, the one-time use buffers cause the long-lived buffer
entries to eventually filter to the end of the LRU list where
hfi1_mmu_rb_evict() will consider evicting a frequently-used long-lived
entry instead of evicting one of the one-time use entries.
Fix this by inserting new mmu_rb_node at the tail of
mmu_rb_handler->lru_list and move mmu_rb_ndoe to the tail of
mmu_rb_handler->lru_list when the mmu_rb_node is a hit in
hfi1_mmu_rb_remove_unless_exact(). Change hfi1_mmu_rb_evict() to evict
from the head of mmu_rb_handler->lru_list instead of the tail.
Fixes: 0636e9ab8355 ("IB/hfi1: Add cache evict LRU list")
Signed-off-by: Brendan Cunningham <bcunningham@cornelisnetworks.com>
Signed-off-by: Patrick Kelsey <pat.kelsey@cornelisnetworks.com>
Signed-off-by: Dennis Dalessandro <dennis.dalessandro@cornelisnetworks.com>
Link: https://lore.kernel.org/r/168088635931.3027109.10423156330761536044.stgit@252.162.96.66.static.eigbox.net
Signed-off-by: Leon Romanovsky <leon@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/infiniband/hw/hfi1/mmu_rb.c | 13 ++++++-------
1 file changed, 6 insertions(+), 7 deletions(-)
diff --git a/drivers/infiniband/hw/hfi1/mmu_rb.c b/drivers/infiniband/hw/hfi1/mmu_rb.c
index 7333646021bb8..af46ff2033426 100644
--- a/drivers/infiniband/hw/hfi1/mmu_rb.c
+++ b/drivers/infiniband/hw/hfi1/mmu_rb.c
@@ -130,7 +130,7 @@ int hfi1_mmu_rb_insert(struct mmu_rb_handler *handler,
goto unlock;
}
__mmu_int_rb_insert(mnode, &handler->root);
- list_add(&mnode->list, &handler->lru_list);
+ list_add_tail(&mnode->list, &handler->lru_list);
ret = handler->ops->insert(handler->ops_arg, mnode);
if (ret) {
@@ -181,8 +181,10 @@ bool hfi1_mmu_rb_remove_unless_exact(struct mmu_rb_handler *handler,
spin_lock_irqsave(&handler->lock, flags);
node = __mmu_rb_search(handler, addr, len);
if (node) {
- if (node->addr == addr && node->len == len)
+ if (node->addr == addr && node->len == len) {
+ list_move_tail(&node->list, &handler->lru_list);
goto unlock;
+ }
__mmu_int_rb_remove(node, &handler->root);
list_del(&node->list); /* remove from LRU list */
ret = true;
@@ -206,8 +208,7 @@ void hfi1_mmu_rb_evict(struct mmu_rb_handler *handler, void *evict_arg)
INIT_LIST_HEAD(&del_list);
spin_lock_irqsave(&handler->lock, flags);
- list_for_each_entry_safe_reverse(rbnode, ptr, &handler->lru_list,
- list) {
+ list_for_each_entry_safe(rbnode, ptr, &handler->lru_list, list) {
if (handler->ops->evict(handler->ops_arg, rbnode, evict_arg,
&stop)) {
__mmu_int_rb_remove(rbnode, &handler->root);
@@ -219,9 +220,7 @@ void hfi1_mmu_rb_evict(struct mmu_rb_handler *handler, void *evict_arg)
}
spin_unlock_irqrestore(&handler->lock, flags);
- while (!list_empty(&del_list)) {
- rbnode = list_first_entry(&del_list, struct mmu_rb_node, list);
- list_del(&rbnode->list);
+ list_for_each_entry_safe(rbnode, ptr, &del_list, list) {
handler->ops->remove(handler->ops_arg, rbnode);
}
}
--
2.39.2
^ permalink raw reply related [flat|nested] 391+ messages in thread
* [PATCH 5.15 312/371] IB/hfi1: Fix bugs with non-PAGE_SIZE-end multi-iovec user SDMA requests
2023-05-08 9:43 [PATCH 5.15 000/371] 5.15.111-rc1 review Greg Kroah-Hartman
` (310 preceding siblings ...)
2023-05-08 9:48 ` [PATCH 5.15 311/371] IB/hfi1: Fix SDMA mmu_rb_node not being evicted in LRU order Greg Kroah-Hartman
@ 2023-05-08 9:48 ` Greg Kroah-Hartman
2023-05-08 9:48 ` [PATCH 5.15 313/371] NFSv4.1: Always send a RECLAIM_COMPLETE after establishing lease Greg Kroah-Hartman
` (62 subsequent siblings)
374 siblings, 0 replies; 391+ messages in thread
From: Greg Kroah-Hartman @ 2023-05-08 9:48 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Brendan Cunningham, Patrick Kelsey,
Dennis Dalessandro, Leon Romanovsky, Sasha Levin
From: Patrick Kelsey <pat.kelsey@cornelisnetworks.com>
[ Upstream commit 00cbce5cbf88459cd1aa1d60d0f1df15477df127 ]
hfi1 user SDMA request processing has two bugs that can cause data
corruption for user SDMA requests that have multiple payload iovecs
where an iovec other than the tail iovec does not run up to the page
boundary for the buffer pointed to by that iovec.a
Here are the specific bugs:
1. user_sdma_txadd() does not use struct user_sdma_iovec->iov.iov_len.
Rather, user_sdma_txadd() will add up to PAGE_SIZE bytes from iovec
to the packet, even if some of those bytes are past
iovec->iov.iov_len and are thus not intended to be in the packet.
2. user_sdma_txadd() and user_sdma_send_pkts() fail to advance to the
next iovec in user_sdma_request->iovs when the current iovec
is not PAGE_SIZE and does not contain enough data to complete the
packet. The transmitted packet will contain the wrong data from the
iovec pages.
This has not been an issue with SDMA packets from hfi1 Verbs or PSM2
because they only produce iovecs that end short of PAGE_SIZE as the tail
iovec of an SDMA request.
Fixing these bugs exposes other bugs with the SDMA pin cache
(struct mmu_rb_handler) that get in way of supporting user SDMA requests
with multiple payload iovecs whose buffers do not end at PAGE_SIZE. So
this commit fixes those issues as well.
Here are the mmu_rb_handler bugs that non-PAGE_SIZE-end multi-iovec
payload user SDMA requests can hit:
1. Overlapping memory ranges in mmu_rb_handler will result in duplicate
pinnings.
2. When extending an existing mmu_rb_handler entry (struct mmu_rb_node),
the mmu_rb code (1) removes the existing entry under a lock, (2)
releases that lock, pins the new pages, (3) then reacquires the lock
to insert the extended mmu_rb_node.
If someone else comes in and inserts an overlapping entry between (2)
and (3), insert in (3) will fail.
The failure path code in this case unpins _all_ pages in either the
original mmu_rb_node or the new mmu_rb_node that was inserted between
(2) and (3).
3. In hfi1_mmu_rb_remove_unless_exact(), mmu_rb_node->refcount is
incremented outside of mmu_rb_handler->lock. As a result, mmu_rb_node
could be evicted by another thread that gets mmu_rb_handler->lock and
checks mmu_rb_node->refcount before mmu_rb_node->refcount is
incremented.
4. Related to #2 above, SDMA request submission failure path does not
check mmu_rb_node->refcount before freeing mmu_rb_node object.
If there are other SDMA requests in progress whose iovecs have
pointers to the now-freed mmu_rb_node(s), those pointers to the
now-freed mmu_rb nodes will be dereferenced when those SDMA requests
complete.
Fixes: 7be85676f1d1 ("IB/hfi1: Don't remove RB entry when not needed.")
Fixes: 7724105686e7 ("IB/hfi1: add driver files")
Signed-off-by: Brendan Cunningham <bcunningham@cornelisnetworks.com>
Signed-off-by: Patrick Kelsey <pat.kelsey@cornelisnetworks.com>
Signed-off-by: Dennis Dalessandro <dennis.dalessandro@cornelisnetworks.com>
Link: https://lore.kernel.org/r/168088636445.3027109.10054635277810177889.stgit@252.162.96.66.static.eigbox.net
Signed-off-by: Leon Romanovsky <leon@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/infiniband/hw/hfi1/ipoib_tx.c | 1 +
drivers/infiniband/hw/hfi1/mmu_rb.c | 66 +--
drivers/infiniband/hw/hfi1/mmu_rb.h | 8 +-
drivers/infiniband/hw/hfi1/sdma.c | 21 +-
drivers/infiniband/hw/hfi1/sdma.h | 16 +-
drivers/infiniband/hw/hfi1/sdma_txreq.h | 1 +
drivers/infiniband/hw/hfi1/trace_mmu.h | 4 -
drivers/infiniband/hw/hfi1/user_sdma.c | 600 +++++++++++++++---------
drivers/infiniband/hw/hfi1/user_sdma.h | 5 -
drivers/infiniband/hw/hfi1/verbs.c | 4 +-
drivers/infiniband/hw/hfi1/vnic_sdma.c | 1 +
11 files changed, 423 insertions(+), 304 deletions(-)
diff --git a/drivers/infiniband/hw/hfi1/ipoib_tx.c b/drivers/infiniband/hw/hfi1/ipoib_tx.c
index 15b0cb0f363f4..33ffb00c63823 100644
--- a/drivers/infiniband/hw/hfi1/ipoib_tx.c
+++ b/drivers/infiniband/hw/hfi1/ipoib_tx.c
@@ -251,6 +251,7 @@ static int hfi1_ipoib_build_ulp_payload(struct ipoib_txreq *tx,
const skb_frag_t *frag = &skb_shinfo(skb)->frags[i];
ret = sdma_txadd_page(dd,
+ NULL,
txreq,
skb_frag_page(frag),
frag->bv_offset,
diff --git a/drivers/infiniband/hw/hfi1/mmu_rb.c b/drivers/infiniband/hw/hfi1/mmu_rb.c
index af46ff2033426..71b9ac0188875 100644
--- a/drivers/infiniband/hw/hfi1/mmu_rb.c
+++ b/drivers/infiniband/hw/hfi1/mmu_rb.c
@@ -126,7 +126,7 @@ int hfi1_mmu_rb_insert(struct mmu_rb_handler *handler,
spin_lock_irqsave(&handler->lock, flags);
node = __mmu_rb_search(handler, mnode->addr, mnode->len);
if (node) {
- ret = -EINVAL;
+ ret = -EEXIST;
goto unlock;
}
__mmu_int_rb_insert(mnode, &handler->root);
@@ -143,6 +143,19 @@ int hfi1_mmu_rb_insert(struct mmu_rb_handler *handler,
return ret;
}
+/* Caller must hold handler lock */
+struct mmu_rb_node *hfi1_mmu_rb_get_first(struct mmu_rb_handler *handler,
+ unsigned long addr, unsigned long len)
+{
+ struct mmu_rb_node *node;
+
+ trace_hfi1_mmu_rb_search(addr, len);
+ node = __mmu_int_rb_iter_first(&handler->root, addr, (addr + len) - 1);
+ if (node)
+ list_move_tail(&node->list, &handler->lru_list);
+ return node;
+}
+
/* Caller must hold handler lock */
static struct mmu_rb_node *__mmu_rb_search(struct mmu_rb_handler *handler,
unsigned long addr,
@@ -167,34 +180,6 @@ static struct mmu_rb_node *__mmu_rb_search(struct mmu_rb_handler *handler,
return node;
}
-bool hfi1_mmu_rb_remove_unless_exact(struct mmu_rb_handler *handler,
- unsigned long addr, unsigned long len,
- struct mmu_rb_node **rb_node)
-{
- struct mmu_rb_node *node;
- unsigned long flags;
- bool ret = false;
-
- if (current->mm != handler->mn.mm)
- return ret;
-
- spin_lock_irqsave(&handler->lock, flags);
- node = __mmu_rb_search(handler, addr, len);
- if (node) {
- if (node->addr == addr && node->len == len) {
- list_move_tail(&node->list, &handler->lru_list);
- goto unlock;
- }
- __mmu_int_rb_remove(node, &handler->root);
- list_del(&node->list); /* remove from LRU list */
- ret = true;
- }
-unlock:
- spin_unlock_irqrestore(&handler->lock, flags);
- *rb_node = node;
- return ret;
-}
-
void hfi1_mmu_rb_evict(struct mmu_rb_handler *handler, void *evict_arg)
{
struct mmu_rb_node *rbnode, *ptr;
@@ -225,29 +210,6 @@ void hfi1_mmu_rb_evict(struct mmu_rb_handler *handler, void *evict_arg)
}
}
-/*
- * It is up to the caller to ensure that this function does not race with the
- * mmu invalidate notifier which may be calling the users remove callback on
- * 'node'.
- */
-void hfi1_mmu_rb_remove(struct mmu_rb_handler *handler,
- struct mmu_rb_node *node)
-{
- unsigned long flags;
-
- if (current->mm != handler->mn.mm)
- return;
-
- /* Validity of handler and node pointers has been checked by caller. */
- trace_hfi1_mmu_rb_remove(node->addr, node->len);
- spin_lock_irqsave(&handler->lock, flags);
- __mmu_int_rb_remove(node, &handler->root);
- list_del(&node->list); /* remove from LRU list */
- spin_unlock_irqrestore(&handler->lock, flags);
-
- handler->ops->remove(handler->ops_arg, node);
-}
-
static int mmu_notifier_range_start(struct mmu_notifier *mn,
const struct mmu_notifier_range *range)
{
diff --git a/drivers/infiniband/hw/hfi1/mmu_rb.h b/drivers/infiniband/hw/hfi1/mmu_rb.h
index 7417be2b9dc8a..ed75acdb7b839 100644
--- a/drivers/infiniband/hw/hfi1/mmu_rb.h
+++ b/drivers/infiniband/hw/hfi1/mmu_rb.h
@@ -52,10 +52,8 @@ void hfi1_mmu_rb_unregister(struct mmu_rb_handler *handler);
int hfi1_mmu_rb_insert(struct mmu_rb_handler *handler,
struct mmu_rb_node *mnode);
void hfi1_mmu_rb_evict(struct mmu_rb_handler *handler, void *evict_arg);
-void hfi1_mmu_rb_remove(struct mmu_rb_handler *handler,
- struct mmu_rb_node *mnode);
-bool hfi1_mmu_rb_remove_unless_exact(struct mmu_rb_handler *handler,
- unsigned long addr, unsigned long len,
- struct mmu_rb_node **rb_node);
+struct mmu_rb_node *hfi1_mmu_rb_get_first(struct mmu_rb_handler *handler,
+ unsigned long addr,
+ unsigned long len);
#endif /* _HFI1_MMU_RB_H */
diff --git a/drivers/infiniband/hw/hfi1/sdma.c b/drivers/infiniband/hw/hfi1/sdma.c
index 8ed20392e9f0d..bb2552dd29c1e 100644
--- a/drivers/infiniband/hw/hfi1/sdma.c
+++ b/drivers/infiniband/hw/hfi1/sdma.c
@@ -1593,22 +1593,7 @@ static inline void sdma_unmap_desc(
struct hfi1_devdata *dd,
struct sdma_desc *descp)
{
- switch (sdma_mapping_type(descp)) {
- case SDMA_MAP_SINGLE:
- dma_unmap_single(
- &dd->pcidev->dev,
- sdma_mapping_addr(descp),
- sdma_mapping_len(descp),
- DMA_TO_DEVICE);
- break;
- case SDMA_MAP_PAGE:
- dma_unmap_page(
- &dd->pcidev->dev,
- sdma_mapping_addr(descp),
- sdma_mapping_len(descp),
- DMA_TO_DEVICE);
- break;
- }
+ system_descriptor_complete(dd, descp);
}
/*
@@ -3128,7 +3113,7 @@ int ext_coal_sdma_tx_descs(struct hfi1_devdata *dd, struct sdma_txreq *tx,
/* Add descriptor for coalesce buffer */
tx->desc_limit = MAX_DESC;
- return _sdma_txadd_daddr(dd, SDMA_MAP_SINGLE, tx,
+ return _sdma_txadd_daddr(dd, SDMA_MAP_SINGLE, NULL, tx,
addr, tx->tlen);
}
@@ -3167,10 +3152,12 @@ int _pad_sdma_tx_descs(struct hfi1_devdata *dd, struct sdma_txreq *tx)
return rval;
}
}
+
/* finish the one just added */
make_tx_sdma_desc(
tx,
SDMA_MAP_NONE,
+ NULL,
dd->sdma_pad_phys,
sizeof(u32) - (tx->packet_len & (sizeof(u32) - 1)));
tx->num_desc++;
diff --git a/drivers/infiniband/hw/hfi1/sdma.h b/drivers/infiniband/hw/hfi1/sdma.h
index b023fc461bd51..95aaec14c6c28 100644
--- a/drivers/infiniband/hw/hfi1/sdma.h
+++ b/drivers/infiniband/hw/hfi1/sdma.h
@@ -594,6 +594,7 @@ static inline dma_addr_t sdma_mapping_addr(struct sdma_desc *d)
static inline void make_tx_sdma_desc(
struct sdma_txreq *tx,
int type,
+ void *pinning_ctx,
dma_addr_t addr,
size_t len)
{
@@ -612,6 +613,7 @@ static inline void make_tx_sdma_desc(
<< SDMA_DESC0_PHY_ADDR_SHIFT) |
(((u64)len & SDMA_DESC0_BYTE_COUNT_MASK)
<< SDMA_DESC0_BYTE_COUNT_SHIFT);
+ desc->pinning_ctx = pinning_ctx;
}
/* helper to extend txreq */
@@ -643,6 +645,7 @@ static inline void _sdma_close_tx(struct hfi1_devdata *dd,
static inline int _sdma_txadd_daddr(
struct hfi1_devdata *dd,
int type,
+ void *pinning_ctx,
struct sdma_txreq *tx,
dma_addr_t addr,
u16 len)
@@ -652,6 +655,7 @@ static inline int _sdma_txadd_daddr(
make_tx_sdma_desc(
tx,
type,
+ pinning_ctx,
addr, len);
WARN_ON(len > tx->tlen);
tx->num_desc++;
@@ -672,6 +676,7 @@ static inline int _sdma_txadd_daddr(
/**
* sdma_txadd_page() - add a page to the sdma_txreq
* @dd: the device to use for mapping
+ * @pinning_ctx: context to be released at descriptor retirement
* @tx: tx request to which the page is added
* @page: page to map
* @offset: offset within the page
@@ -687,6 +692,7 @@ static inline int _sdma_txadd_daddr(
*/
static inline int sdma_txadd_page(
struct hfi1_devdata *dd,
+ void *pinning_ctx,
struct sdma_txreq *tx,
struct page *page,
unsigned long offset,
@@ -714,8 +720,7 @@ static inline int sdma_txadd_page(
return -ENOSPC;
}
- return _sdma_txadd_daddr(
- dd, SDMA_MAP_PAGE, tx, addr, len);
+ return _sdma_txadd_daddr(dd, SDMA_MAP_PAGE, pinning_ctx, tx, addr, len);
}
/**
@@ -749,7 +754,8 @@ static inline int sdma_txadd_daddr(
return rval;
}
- return _sdma_txadd_daddr(dd, SDMA_MAP_NONE, tx, addr, len);
+ return _sdma_txadd_daddr(dd, SDMA_MAP_NONE, NULL, tx,
+ addr, len);
}
/**
@@ -795,8 +801,7 @@ static inline int sdma_txadd_kvaddr(
return -ENOSPC;
}
- return _sdma_txadd_daddr(
- dd, SDMA_MAP_SINGLE, tx, addr, len);
+ return _sdma_txadd_daddr(dd, SDMA_MAP_SINGLE, NULL, tx, addr, len);
}
struct iowait_work;
@@ -1030,4 +1035,5 @@ extern uint mod_num_sdma;
void sdma_update_lmc(struct hfi1_devdata *dd, u64 mask, u32 lid);
+void system_descriptor_complete(struct hfi1_devdata *dd, struct sdma_desc *descp);
#endif
diff --git a/drivers/infiniband/hw/hfi1/sdma_txreq.h b/drivers/infiniband/hw/hfi1/sdma_txreq.h
index e262fb5c5ec61..fad946cb5e0d8 100644
--- a/drivers/infiniband/hw/hfi1/sdma_txreq.h
+++ b/drivers/infiniband/hw/hfi1/sdma_txreq.h
@@ -19,6 +19,7 @@
struct sdma_desc {
/* private: don't use directly */
u64 qw[2];
+ void *pinning_ctx;
};
/**
diff --git a/drivers/infiniband/hw/hfi1/trace_mmu.h b/drivers/infiniband/hw/hfi1/trace_mmu.h
index 187e9244fe5ed..57900ebb7702e 100644
--- a/drivers/infiniband/hw/hfi1/trace_mmu.h
+++ b/drivers/infiniband/hw/hfi1/trace_mmu.h
@@ -37,10 +37,6 @@ DEFINE_EVENT(hfi1_mmu_rb_template, hfi1_mmu_rb_search,
TP_PROTO(unsigned long addr, unsigned long len),
TP_ARGS(addr, len));
-DEFINE_EVENT(hfi1_mmu_rb_template, hfi1_mmu_rb_remove,
- TP_PROTO(unsigned long addr, unsigned long len),
- TP_ARGS(addr, len));
-
DEFINE_EVENT(hfi1_mmu_rb_template, hfi1_mmu_mem_invalidate,
TP_PROTO(unsigned long addr, unsigned long len),
TP_ARGS(addr, len));
diff --git a/drivers/infiniband/hw/hfi1/user_sdma.c b/drivers/infiniband/hw/hfi1/user_sdma.c
index 5b11c82827445..a932ae1e03af5 100644
--- a/drivers/infiniband/hw/hfi1/user_sdma.c
+++ b/drivers/infiniband/hw/hfi1/user_sdma.c
@@ -24,7 +24,6 @@
#include "hfi.h"
#include "sdma.h"
-#include "mmu_rb.h"
#include "user_sdma.h"
#include "verbs.h" /* for the headers */
#include "common.h" /* for struct hfi1_tid_info */
@@ -39,11 +38,7 @@ static unsigned initial_pkt_count = 8;
static int user_sdma_send_pkts(struct user_sdma_request *req, u16 maxpkts);
static void user_sdma_txreq_cb(struct sdma_txreq *txreq, int status);
static inline void pq_update(struct hfi1_user_sdma_pkt_q *pq);
-static void user_sdma_free_request(struct user_sdma_request *req, bool unpin);
-static int pin_vector_pages(struct user_sdma_request *req,
- struct user_sdma_iovec *iovec);
-static void unpin_vector_pages(struct mm_struct *mm, struct page **pages,
- unsigned start, unsigned npages);
+static void user_sdma_free_request(struct user_sdma_request *req);
static int check_header_template(struct user_sdma_request *req,
struct hfi1_pkt_header *hdr, u32 lrhlen,
u32 datalen);
@@ -81,6 +76,11 @@ static struct mmu_rb_ops sdma_rb_ops = {
.invalidate = sdma_rb_invalidate
};
+static int add_system_pages_to_sdma_packet(struct user_sdma_request *req,
+ struct user_sdma_txreq *tx,
+ struct user_sdma_iovec *iovec,
+ u32 *pkt_remaining);
+
static int defer_packet_queue(
struct sdma_engine *sde,
struct iowait_work *wait,
@@ -412,6 +412,7 @@ int hfi1_user_sdma_process_request(struct hfi1_filedata *fd,
ret = -EINVAL;
goto free_req;
}
+
/* Copy the header from the user buffer */
ret = copy_from_user(&req->hdr, iovec[idx].iov_base + sizeof(info),
sizeof(req->hdr));
@@ -486,9 +487,8 @@ int hfi1_user_sdma_process_request(struct hfi1_filedata *fd,
memcpy(&req->iovs[i].iov,
iovec + idx++,
sizeof(req->iovs[i].iov));
- ret = pin_vector_pages(req, &req->iovs[i]);
- if (ret) {
- req->data_iovs = i;
+ if (req->iovs[i].iov.iov_len == 0) {
+ ret = -EINVAL;
goto free_req;
}
req->data_len += req->iovs[i].iov.iov_len;
@@ -586,7 +586,7 @@ int hfi1_user_sdma_process_request(struct hfi1_filedata *fd,
if (req->seqsubmitted)
wait_event(pq->busy.wait_dma,
(req->seqcomp == req->seqsubmitted - 1));
- user_sdma_free_request(req, true);
+ user_sdma_free_request(req);
pq_update(pq);
set_comp_state(pq, cq, info.comp_idx, ERROR, ret);
}
@@ -698,48 +698,6 @@ static int user_sdma_txadd_ahg(struct user_sdma_request *req,
return ret;
}
-static int user_sdma_txadd(struct user_sdma_request *req,
- struct user_sdma_txreq *tx,
- struct user_sdma_iovec *iovec, u32 datalen,
- u32 *queued_ptr, u32 *data_sent_ptr,
- u64 *iov_offset_ptr)
-{
- int ret;
- unsigned int pageidx, len;
- unsigned long base, offset;
- u64 iov_offset = *iov_offset_ptr;
- u32 queued = *queued_ptr, data_sent = *data_sent_ptr;
- struct hfi1_user_sdma_pkt_q *pq = req->pq;
-
- base = (unsigned long)iovec->iov.iov_base;
- offset = offset_in_page(base + iovec->offset + iov_offset);
- pageidx = (((iovec->offset + iov_offset + base) - (base & PAGE_MASK)) >>
- PAGE_SHIFT);
- len = offset + req->info.fragsize > PAGE_SIZE ?
- PAGE_SIZE - offset : req->info.fragsize;
- len = min((datalen - queued), len);
- ret = sdma_txadd_page(pq->dd, &tx->txreq, iovec->pages[pageidx],
- offset, len);
- if (ret) {
- SDMA_DBG(req, "SDMA txreq add page failed %d\n", ret);
- return ret;
- }
- iov_offset += len;
- queued += len;
- data_sent += len;
- if (unlikely(queued < datalen && pageidx == iovec->npages &&
- req->iov_idx < req->data_iovs - 1)) {
- iovec->offset += iov_offset;
- iovec = &req->iovs[++req->iov_idx];
- iov_offset = 0;
- }
-
- *queued_ptr = queued;
- *data_sent_ptr = data_sent;
- *iov_offset_ptr = iov_offset;
- return ret;
-}
-
static int user_sdma_send_pkts(struct user_sdma_request *req, u16 maxpkts)
{
int ret = 0;
@@ -771,8 +729,7 @@ static int user_sdma_send_pkts(struct user_sdma_request *req, u16 maxpkts)
maxpkts = req->info.npkts - req->seqnum;
while (npkts < maxpkts) {
- u32 datalen = 0, queued = 0, data_sent = 0;
- u64 iov_offset = 0;
+ u32 datalen = 0;
/*
* Check whether any of the completions have come back
@@ -865,27 +822,17 @@ static int user_sdma_send_pkts(struct user_sdma_request *req, u16 maxpkts)
goto free_txreq;
}
- /*
- * If the request contains any data vectors, add up to
- * fragsize bytes to the descriptor.
- */
- while (queued < datalen &&
- (req->sent + data_sent) < req->data_len) {
- ret = user_sdma_txadd(req, tx, iovec, datalen,
- &queued, &data_sent, &iov_offset);
- if (ret)
- goto free_txreq;
- }
- /*
- * The txreq was submitted successfully so we can update
- * the counters.
- */
req->koffset += datalen;
if (req_opcode(req->info.ctrl) == EXPECTED)
req->tidoffset += datalen;
- req->sent += data_sent;
- if (req->data_len)
- iovec->offset += iov_offset;
+ req->sent += datalen;
+ while (datalen) {
+ ret = add_system_pages_to_sdma_packet(req, tx, iovec,
+ &datalen);
+ if (ret)
+ goto free_txreq;
+ iovec = &req->iovs[req->iov_idx];
+ }
list_add_tail(&tx->txreq.list, &req->txps);
/*
* It is important to increment this here as it is used to
@@ -922,133 +869,14 @@ static int user_sdma_send_pkts(struct user_sdma_request *req, u16 maxpkts)
static u32 sdma_cache_evict(struct hfi1_user_sdma_pkt_q *pq, u32 npages)
{
struct evict_data evict_data;
+ struct mmu_rb_handler *handler = pq->handler;
evict_data.cleared = 0;
evict_data.target = npages;
- hfi1_mmu_rb_evict(pq->handler, &evict_data);
+ hfi1_mmu_rb_evict(handler, &evict_data);
return evict_data.cleared;
}
-static int pin_sdma_pages(struct user_sdma_request *req,
- struct user_sdma_iovec *iovec,
- struct sdma_mmu_node *node,
- int npages)
-{
- int pinned, cleared;
- struct page **pages;
- struct hfi1_user_sdma_pkt_q *pq = req->pq;
-
- pages = kcalloc(npages, sizeof(*pages), GFP_KERNEL);
- if (!pages)
- return -ENOMEM;
- memcpy(pages, node->pages, node->npages * sizeof(*pages));
-
- npages -= node->npages;
-retry:
- if (!hfi1_can_pin_pages(pq->dd, current->mm,
- atomic_read(&pq->n_locked), npages)) {
- cleared = sdma_cache_evict(pq, npages);
- if (cleared >= npages)
- goto retry;
- }
- pinned = hfi1_acquire_user_pages(current->mm,
- ((unsigned long)iovec->iov.iov_base +
- (node->npages * PAGE_SIZE)), npages, 0,
- pages + node->npages);
- if (pinned < 0) {
- kfree(pages);
- return pinned;
- }
- if (pinned != npages) {
- unpin_vector_pages(current->mm, pages, node->npages, pinned);
- return -EFAULT;
- }
- kfree(node->pages);
- node->rb.len = iovec->iov.iov_len;
- node->pages = pages;
- atomic_add(pinned, &pq->n_locked);
- return pinned;
-}
-
-static void unpin_sdma_pages(struct sdma_mmu_node *node)
-{
- if (node->npages) {
- unpin_vector_pages(mm_from_sdma_node(node), node->pages, 0,
- node->npages);
- atomic_sub(node->npages, &node->pq->n_locked);
- }
-}
-
-static int pin_vector_pages(struct user_sdma_request *req,
- struct user_sdma_iovec *iovec)
-{
- int ret = 0, pinned, npages;
- struct hfi1_user_sdma_pkt_q *pq = req->pq;
- struct sdma_mmu_node *node = NULL;
- struct mmu_rb_node *rb_node;
- struct iovec *iov;
- bool extracted;
-
- extracted =
- hfi1_mmu_rb_remove_unless_exact(pq->handler,
- (unsigned long)
- iovec->iov.iov_base,
- iovec->iov.iov_len, &rb_node);
- if (rb_node) {
- node = container_of(rb_node, struct sdma_mmu_node, rb);
- if (!extracted) {
- atomic_inc(&node->refcount);
- iovec->pages = node->pages;
- iovec->npages = node->npages;
- iovec->node = node;
- return 0;
- }
- }
-
- if (!node) {
- node = kzalloc(sizeof(*node), GFP_KERNEL);
- if (!node)
- return -ENOMEM;
-
- node->rb.addr = (unsigned long)iovec->iov.iov_base;
- node->pq = pq;
- atomic_set(&node->refcount, 0);
- }
-
- iov = &iovec->iov;
- npages = num_user_pages((unsigned long)iov->iov_base, iov->iov_len);
- if (node->npages < npages) {
- pinned = pin_sdma_pages(req, iovec, node, npages);
- if (pinned < 0) {
- ret = pinned;
- goto bail;
- }
- node->npages += pinned;
- npages = node->npages;
- }
- iovec->pages = node->pages;
- iovec->npages = npages;
- iovec->node = node;
-
- ret = hfi1_mmu_rb_insert(req->pq->handler, &node->rb);
- if (ret) {
- iovec->node = NULL;
- goto bail;
- }
- return 0;
-bail:
- unpin_sdma_pages(node);
- kfree(node);
- return ret;
-}
-
-static void unpin_vector_pages(struct mm_struct *mm, struct page **pages,
- unsigned start, unsigned npages)
-{
- hfi1_release_user_pages(mm, pages + start, npages, false);
- kfree(pages);
-}
-
static int check_header_template(struct user_sdma_request *req,
struct hfi1_pkt_header *hdr, u32 lrhlen,
u32 datalen)
@@ -1390,7 +1218,7 @@ static void user_sdma_txreq_cb(struct sdma_txreq *txreq, int status)
if (req->seqcomp != req->info.npkts - 1)
return;
- user_sdma_free_request(req, false);
+ user_sdma_free_request(req);
set_comp_state(pq, cq, req->info.comp_idx, state, status);
pq_update(pq);
}
@@ -1401,10 +1229,8 @@ static inline void pq_update(struct hfi1_user_sdma_pkt_q *pq)
wake_up(&pq->wait);
}
-static void user_sdma_free_request(struct user_sdma_request *req, bool unpin)
+static void user_sdma_free_request(struct user_sdma_request *req)
{
- int i;
-
if (!list_empty(&req->txps)) {
struct sdma_txreq *t, *p;
@@ -1417,21 +1243,6 @@ static void user_sdma_free_request(struct user_sdma_request *req, bool unpin)
}
}
- for (i = 0; i < req->data_iovs; i++) {
- struct sdma_mmu_node *node = req->iovs[i].node;
-
- if (!node)
- continue;
-
- req->iovs[i].node = NULL;
-
- if (unpin)
- hfi1_mmu_rb_remove(req->pq->handler,
- &node->rb);
- else
- atomic_dec(&node->refcount);
- }
-
kfree(req->tids);
clear_bit(req->info.comp_idx, req->pq->req_in_use);
}
@@ -1449,6 +1260,368 @@ static inline void set_comp_state(struct hfi1_user_sdma_pkt_q *pq,
idx, state, ret);
}
+static void unpin_vector_pages(struct mm_struct *mm, struct page **pages,
+ unsigned int start, unsigned int npages)
+{
+ hfi1_release_user_pages(mm, pages + start, npages, false);
+ kfree(pages);
+}
+
+static void free_system_node(struct sdma_mmu_node *node)
+{
+ if (node->npages) {
+ unpin_vector_pages(mm_from_sdma_node(node), node->pages, 0,
+ node->npages);
+ atomic_sub(node->npages, &node->pq->n_locked);
+ }
+ kfree(node);
+}
+
+static inline void acquire_node(struct sdma_mmu_node *node)
+{
+ atomic_inc(&node->refcount);
+ WARN_ON(atomic_read(&node->refcount) < 0);
+}
+
+static inline void release_node(struct mmu_rb_handler *handler,
+ struct sdma_mmu_node *node)
+{
+ atomic_dec(&node->refcount);
+ WARN_ON(atomic_read(&node->refcount) < 0);
+}
+
+static struct sdma_mmu_node *find_system_node(struct mmu_rb_handler *handler,
+ unsigned long start,
+ unsigned long end)
+{
+ struct mmu_rb_node *rb_node;
+ struct sdma_mmu_node *node;
+ unsigned long flags;
+
+ spin_lock_irqsave(&handler->lock, flags);
+ rb_node = hfi1_mmu_rb_get_first(handler, start, (end - start));
+ if (!rb_node) {
+ spin_unlock_irqrestore(&handler->lock, flags);
+ return NULL;
+ }
+ node = container_of(rb_node, struct sdma_mmu_node, rb);
+ acquire_node(node);
+ spin_unlock_irqrestore(&handler->lock, flags);
+
+ return node;
+}
+
+static int pin_system_pages(struct user_sdma_request *req,
+ uintptr_t start_address, size_t length,
+ struct sdma_mmu_node *node, int npages)
+{
+ struct hfi1_user_sdma_pkt_q *pq = req->pq;
+ int pinned, cleared;
+ struct page **pages;
+
+ pages = kcalloc(npages, sizeof(*pages), GFP_KERNEL);
+ if (!pages)
+ return -ENOMEM;
+
+retry:
+ if (!hfi1_can_pin_pages(pq->dd, current->mm, atomic_read(&pq->n_locked),
+ npages)) {
+ SDMA_DBG(req, "Evicting: nlocked %u npages %u",
+ atomic_read(&pq->n_locked), npages);
+ cleared = sdma_cache_evict(pq, npages);
+ if (cleared >= npages)
+ goto retry;
+ }
+
+ SDMA_DBG(req, "Acquire user pages start_address %lx node->npages %u npages %u",
+ start_address, node->npages, npages);
+ pinned = hfi1_acquire_user_pages(current->mm, start_address, npages, 0,
+ pages);
+
+ if (pinned < 0) {
+ kfree(pages);
+ SDMA_DBG(req, "pinned %d", pinned);
+ return pinned;
+ }
+ if (pinned != npages) {
+ unpin_vector_pages(current->mm, pages, node->npages, pinned);
+ SDMA_DBG(req, "npages %u pinned %d", npages, pinned);
+ return -EFAULT;
+ }
+ node->rb.addr = start_address;
+ node->rb.len = length;
+ node->pages = pages;
+ node->npages = npages;
+ atomic_add(pinned, &pq->n_locked);
+ SDMA_DBG(req, "done. pinned %d", pinned);
+ return 0;
+}
+
+static int add_system_pinning(struct user_sdma_request *req,
+ struct sdma_mmu_node **node_p,
+ unsigned long start, unsigned long len)
+
+{
+ struct hfi1_user_sdma_pkt_q *pq = req->pq;
+ struct sdma_mmu_node *node;
+ int ret;
+
+ node = kzalloc(sizeof(*node), GFP_KERNEL);
+ if (!node)
+ return -ENOMEM;
+
+ node->pq = pq;
+ ret = pin_system_pages(req, start, len, node, PFN_DOWN(len));
+ if (ret == 0) {
+ ret = hfi1_mmu_rb_insert(pq->handler, &node->rb);
+ if (ret)
+ free_system_node(node);
+ else
+ *node_p = node;
+
+ return ret;
+ }
+
+ kfree(node);
+ return ret;
+}
+
+static int get_system_cache_entry(struct user_sdma_request *req,
+ struct sdma_mmu_node **node_p,
+ size_t req_start, size_t req_len)
+{
+ struct hfi1_user_sdma_pkt_q *pq = req->pq;
+ u64 start = ALIGN_DOWN(req_start, PAGE_SIZE);
+ u64 end = PFN_ALIGN(req_start + req_len);
+ struct mmu_rb_handler *handler = pq->handler;
+ int ret;
+
+ if ((end - start) == 0) {
+ SDMA_DBG(req,
+ "Request for empty cache entry req_start %lx req_len %lx start %llx end %llx",
+ req_start, req_len, start, end);
+ return -EINVAL;
+ }
+
+ SDMA_DBG(req, "req_start %lx req_len %lu", req_start, req_len);
+
+ while (1) {
+ struct sdma_mmu_node *node =
+ find_system_node(handler, start, end);
+ u64 prepend_len = 0;
+
+ SDMA_DBG(req, "node %p start %llx end %llu", node, start, end);
+ if (!node) {
+ ret = add_system_pinning(req, node_p, start,
+ end - start);
+ if (ret == -EEXIST) {
+ /*
+ * Another execution context has inserted a
+ * conficting entry first.
+ */
+ continue;
+ }
+ return ret;
+ }
+
+ if (node->rb.addr <= start) {
+ /*
+ * This entry covers at least part of the region. If it doesn't extend
+ * to the end, then this will be called again for the next segment.
+ */
+ *node_p = node;
+ return 0;
+ }
+
+ SDMA_DBG(req, "prepend: node->rb.addr %lx, node->refcount %d",
+ node->rb.addr, atomic_read(&node->refcount));
+ prepend_len = node->rb.addr - start;
+
+ /*
+ * This node will not be returned, instead a new node
+ * will be. So release the reference.
+ */
+ release_node(handler, node);
+
+ /* Prepend a node to cover the beginning of the allocation */
+ ret = add_system_pinning(req, node_p, start, prepend_len);
+ if (ret == -EEXIST) {
+ /* Another execution context has inserted a conficting entry first. */
+ continue;
+ }
+ return ret;
+ }
+}
+
+static int add_mapping_to_sdma_packet(struct user_sdma_request *req,
+ struct user_sdma_txreq *tx,
+ struct sdma_mmu_node *cache_entry,
+ size_t start,
+ size_t from_this_cache_entry)
+{
+ struct hfi1_user_sdma_pkt_q *pq = req->pq;
+ unsigned int page_offset;
+ unsigned int from_this_page;
+ size_t page_index;
+ void *ctx;
+ int ret;
+
+ /*
+ * Because the cache may be more fragmented than the memory that is being accessed,
+ * it's not strictly necessary to have a descriptor per cache entry.
+ */
+
+ while (from_this_cache_entry) {
+ page_index = PFN_DOWN(start - cache_entry->rb.addr);
+
+ if (page_index >= cache_entry->npages) {
+ SDMA_DBG(req,
+ "Request for page_index %zu >= cache_entry->npages %u",
+ page_index, cache_entry->npages);
+ return -EINVAL;
+ }
+
+ page_offset = start - ALIGN_DOWN(start, PAGE_SIZE);
+ from_this_page = PAGE_SIZE - page_offset;
+
+ if (from_this_page < from_this_cache_entry) {
+ ctx = NULL;
+ } else {
+ /*
+ * In the case they are equal the next line has no practical effect,
+ * but it's better to do a register to register copy than a conditional
+ * branch.
+ */
+ from_this_page = from_this_cache_entry;
+ ctx = cache_entry;
+ }
+
+ ret = sdma_txadd_page(pq->dd, ctx, &tx->txreq,
+ cache_entry->pages[page_index],
+ page_offset, from_this_page);
+ if (ret) {
+ /*
+ * When there's a failure, the entire request is freed by
+ * user_sdma_send_pkts().
+ */
+ SDMA_DBG(req,
+ "sdma_txadd_page failed %d page_index %lu page_offset %u from_this_page %u",
+ ret, page_index, page_offset, from_this_page);
+ return ret;
+ }
+ start += from_this_page;
+ from_this_cache_entry -= from_this_page;
+ }
+ return 0;
+}
+
+static int add_system_iovec_to_sdma_packet(struct user_sdma_request *req,
+ struct user_sdma_txreq *tx,
+ struct user_sdma_iovec *iovec,
+ size_t from_this_iovec)
+{
+ struct mmu_rb_handler *handler = req->pq->handler;
+
+ while (from_this_iovec > 0) {
+ struct sdma_mmu_node *cache_entry;
+ size_t from_this_cache_entry;
+ size_t start;
+ int ret;
+
+ start = (uintptr_t)iovec->iov.iov_base + iovec->offset;
+ ret = get_system_cache_entry(req, &cache_entry, start,
+ from_this_iovec);
+ if (ret) {
+ SDMA_DBG(req, "pin system segment failed %d", ret);
+ return ret;
+ }
+
+ from_this_cache_entry = cache_entry->rb.len - (start - cache_entry->rb.addr);
+ if (from_this_cache_entry > from_this_iovec)
+ from_this_cache_entry = from_this_iovec;
+
+ ret = add_mapping_to_sdma_packet(req, tx, cache_entry, start,
+ from_this_cache_entry);
+ if (ret) {
+ /*
+ * We're guaranteed that there will be no descriptor
+ * completion callback that releases this node
+ * because only the last descriptor referencing it
+ * has a context attached, and a failure means the
+ * last descriptor was never added.
+ */
+ release_node(handler, cache_entry);
+ SDMA_DBG(req, "add system segment failed %d", ret);
+ return ret;
+ }
+
+ iovec->offset += from_this_cache_entry;
+ from_this_iovec -= from_this_cache_entry;
+ }
+
+ return 0;
+}
+
+static int add_system_pages_to_sdma_packet(struct user_sdma_request *req,
+ struct user_sdma_txreq *tx,
+ struct user_sdma_iovec *iovec,
+ u32 *pkt_data_remaining)
+{
+ size_t remaining_to_add = *pkt_data_remaining;
+ /*
+ * Walk through iovec entries, ensure the associated pages
+ * are pinned and mapped, add data to the packet until no more
+ * data remains to be added.
+ */
+ while (remaining_to_add > 0) {
+ struct user_sdma_iovec *cur_iovec;
+ size_t from_this_iovec;
+ int ret;
+
+ cur_iovec = iovec;
+ from_this_iovec = iovec->iov.iov_len - iovec->offset;
+
+ if (from_this_iovec > remaining_to_add) {
+ from_this_iovec = remaining_to_add;
+ } else {
+ /* The current iovec entry will be consumed by this pass. */
+ req->iov_idx++;
+ iovec++;
+ }
+
+ ret = add_system_iovec_to_sdma_packet(req, tx, cur_iovec,
+ from_this_iovec);
+ if (ret)
+ return ret;
+
+ remaining_to_add -= from_this_iovec;
+ }
+ *pkt_data_remaining = remaining_to_add;
+
+ return 0;
+}
+
+void system_descriptor_complete(struct hfi1_devdata *dd,
+ struct sdma_desc *descp)
+{
+ switch (sdma_mapping_type(descp)) {
+ case SDMA_MAP_SINGLE:
+ dma_unmap_single(&dd->pcidev->dev, sdma_mapping_addr(descp),
+ sdma_mapping_len(descp), DMA_TO_DEVICE);
+ break;
+ case SDMA_MAP_PAGE:
+ dma_unmap_page(&dd->pcidev->dev, sdma_mapping_addr(descp),
+ sdma_mapping_len(descp), DMA_TO_DEVICE);
+ break;
+ }
+
+ if (descp->pinning_ctx) {
+ struct sdma_mmu_node *node = descp->pinning_ctx;
+
+ release_node(node->rb.handler, node);
+ }
+}
+
static bool sdma_rb_filter(struct mmu_rb_node *node, unsigned long addr,
unsigned long len)
{
@@ -1495,8 +1668,7 @@ static void sdma_rb_remove(void *arg, struct mmu_rb_node *mnode)
struct sdma_mmu_node *node =
container_of(mnode, struct sdma_mmu_node, rb);
- unpin_sdma_pages(node);
- kfree(node);
+ free_system_node(node);
}
static int sdma_rb_invalidate(void *arg, struct mmu_rb_node *mnode)
diff --git a/drivers/infiniband/hw/hfi1/user_sdma.h b/drivers/infiniband/hw/hfi1/user_sdma.h
index ea56eb57e6568..a241836371dc1 100644
--- a/drivers/infiniband/hw/hfi1/user_sdma.h
+++ b/drivers/infiniband/hw/hfi1/user_sdma.h
@@ -112,16 +112,11 @@ struct sdma_mmu_node {
struct user_sdma_iovec {
struct list_head list;
struct iovec iov;
- /* number of pages in this vector */
- unsigned int npages;
- /* array of pinned pages for this vector */
- struct page **pages;
/*
* offset into the virtual address space of the vector at
* which we last left off.
*/
u64 offset;
- struct sdma_mmu_node *node;
};
/* evict operation argument */
diff --git a/drivers/infiniband/hw/hfi1/verbs.c b/drivers/infiniband/hw/hfi1/verbs.c
index ef8e0bdacb516..dcc167dcfc61b 100644
--- a/drivers/infiniband/hw/hfi1/verbs.c
+++ b/drivers/infiniband/hw/hfi1/verbs.c
@@ -778,8 +778,8 @@ static int build_verbs_tx_desc(
/* add icrc, lt byte, and padding to flit */
if (extra_bytes)
- ret = sdma_txadd_daddr(sde->dd, &tx->txreq,
- sde->dd->sdma_pad_phys, extra_bytes);
+ ret = sdma_txadd_daddr(sde->dd, &tx->txreq, sde->dd->sdma_pad_phys,
+ extra_bytes);
bail_txadd:
return ret;
diff --git a/drivers/infiniband/hw/hfi1/vnic_sdma.c b/drivers/infiniband/hw/hfi1/vnic_sdma.c
index c3f0f8d877c37..727eedfba332a 100644
--- a/drivers/infiniband/hw/hfi1/vnic_sdma.c
+++ b/drivers/infiniband/hw/hfi1/vnic_sdma.c
@@ -64,6 +64,7 @@ static noinline int build_vnic_ulp_payload(struct sdma_engine *sde,
/* combine physically continuous fragments later? */
ret = sdma_txadd_page(sde->dd,
+ NULL,
&tx->txreq,
skb_frag_page(frag),
skb_frag_off(frag),
--
2.39.2
^ permalink raw reply related [flat|nested] 391+ messages in thread
* [PATCH 5.15 313/371] NFSv4.1: Always send a RECLAIM_COMPLETE after establishing lease
2023-05-08 9:43 [PATCH 5.15 000/371] 5.15.111-rc1 review Greg Kroah-Hartman
` (311 preceding siblings ...)
2023-05-08 9:48 ` [PATCH 5.15 312/371] IB/hfi1: Fix bugs with non-PAGE_SIZE-end multi-iovec user SDMA requests Greg Kroah-Hartman
@ 2023-05-08 9:48 ` Greg Kroah-Hartman
2023-05-08 9:48 ` [PATCH 5.15 314/371] clk: qcom: regmap: add PHY clock source implementation Greg Kroah-Hartman
` (61 subsequent siblings)
374 siblings, 0 replies; 391+ messages in thread
From: Greg Kroah-Hartman @ 2023-05-08 9:48 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Trond Myklebust, Anna Schumaker,
Sasha Levin
From: Trond Myklebust <trond.myklebust@hammerspace.com>
[ Upstream commit 40882deb83c29d8df4470d4e5e7f137b6acf7ad1 ]
The spec requires that we always at least send a RECLAIM_COMPLETE when
we're done establishing the lease and recovering any state.
Fixes: fce5c838e133 ("nfs41: RECLAIM_COMPLETE functionality")
Signed-off-by: Trond Myklebust <trond.myklebust@hammerspace.com>
Signed-off-by: Anna Schumaker <Anna.Schumaker@Netapp.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
fs/nfs/nfs4state.c | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/fs/nfs/nfs4state.c b/fs/nfs/nfs4state.c
index 7223816bc5d53..15ba6ad1c571f 100644
--- a/fs/nfs/nfs4state.c
+++ b/fs/nfs/nfs4state.c
@@ -67,6 +67,8 @@
#define OPENOWNER_POOL_SIZE 8
+static void nfs4_state_start_reclaim_reboot(struct nfs_client *clp);
+
const nfs4_stateid zero_stateid = {
{ .data = { 0 } },
.type = NFS4_SPECIAL_STATEID_TYPE,
@@ -330,6 +332,8 @@ int nfs41_init_clientid(struct nfs_client *clp, const struct cred *cred)
status = nfs4_proc_create_session(clp, cred);
if (status != 0)
goto out;
+ if (!(clp->cl_exchange_flags & EXCHGID4_FLAG_CONFIRMED_R))
+ nfs4_state_start_reclaim_reboot(clp);
nfs41_finish_session_reset(clp);
nfs_mark_client_ready(clp, NFS_CS_READY);
out:
--
2.39.2
^ permalink raw reply related [flat|nested] 391+ messages in thread
* [PATCH 5.15 314/371] clk: qcom: regmap: add PHY clock source implementation
2023-05-08 9:43 [PATCH 5.15 000/371] 5.15.111-rc1 review Greg Kroah-Hartman
` (312 preceding siblings ...)
2023-05-08 9:48 ` [PATCH 5.15 313/371] NFSv4.1: Always send a RECLAIM_COMPLETE after establishing lease Greg Kroah-Hartman
@ 2023-05-08 9:48 ` Greg Kroah-Hartman
2023-05-08 9:48 ` [PATCH 5.15 315/371] clk: qcom: gcc-sm8350: fix PCIe PIPE clocks handling Greg Kroah-Hartman
` (60 subsequent siblings)
374 siblings, 0 replies; 391+ messages in thread
From: Greg Kroah-Hartman @ 2023-05-08 9:48 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Johan Hovold, kernel test robot,
Dmitry Baryshkov, Stephen Boyd, Bjorn Andersson, Sasha Levin
From: Dmitry Baryshkov <dmitry.baryshkov@linaro.org>
[ Upstream commit 74e4190cdebe5a4aa099185edb4db418fc9883e3 ]
On recent Qualcomm platforms the QMP PIPE clocks feed into a set of
muxes which must be parked to the "safe" source (bi_tcxo) when
corresponding GDSC is turned off and on again. Currently this is
handcoded in the PCIe driver by reparenting the gcc_pipe_N_clk_src
clock. However the same code sequence should be applied in the
pcie-qcom endpoint, USB3 and UFS drivers.
Rather than copying this sequence over and over again, follow the
example of clk_rcg2_shared_ops and implement this parking in the
enable() and disable() clock operations. Supplement the regmap-mux with
the new clk_regmap_phy_mux type, which implements such multiplexers
as a simple gate clocks.
This is possible since each of these multiplexers has just two clock
sources: one coming from the PHY and a reference (XO) one. If the clock
is running off the from-PHY source, report it as enabled. Report it as
disabled otherwise (if it uses reference source).
This way the PHY will disable the pipe clock before turning off the
GDSC, which in turn would lead to disabling corresponding pipe_clk_src
(and thus it being parked to a safe, reference clock source). And vice
versa, after enabling the GDSC the PHY will enable the pipe clock, which
would cause pipe_clk_src to be switched from a safe source to the
working one.
Reviewed-by: Johan Hovold <johan+linaro@kernel.org>
Tested-by: Johan Hovold <johan+linaro@kernel.org>
Reported-by: kernel test robot <lkp@intel.com>
Signed-off-by: Dmitry Baryshkov <dmitry.baryshkov@linaro.org>
Reviewed-by: Stephen Boyd <sboyd@kernel.org>
Signed-off-by: Bjorn Andersson <bjorn.andersson@linaro.org>
Link: https://lore.kernel.org/r/20220608105238.2973600-2-dmitry.baryshkov@linaro.org
Stable-dep-of: 1a500e0bc97b ("clk: qcom: gcc-sm8350: fix PCIe PIPE clocks handling")
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/clk/qcom/Makefile | 1 +
drivers/clk/qcom/clk-regmap-phy-mux.c | 62 +++++++++++++++++++++++++++
drivers/clk/qcom/clk-regmap-phy-mux.h | 33 ++++++++++++++
3 files changed, 96 insertions(+)
create mode 100644 drivers/clk/qcom/clk-regmap-phy-mux.c
create mode 100644 drivers/clk/qcom/clk-regmap-phy-mux.h
diff --git a/drivers/clk/qcom/Makefile b/drivers/clk/qcom/Makefile
index 9825ef843f4a0..63c356ae32f23 100644
--- a/drivers/clk/qcom/Makefile
+++ b/drivers/clk/qcom/Makefile
@@ -11,6 +11,7 @@ clk-qcom-y += clk-branch.o
clk-qcom-y += clk-regmap-divider.o
clk-qcom-y += clk-regmap-mux.o
clk-qcom-y += clk-regmap-mux-div.o
+clk-qcom-y += clk-regmap-phy-mux.o
clk-qcom-$(CONFIG_KRAIT_CLOCKS) += clk-krait.o
clk-qcom-y += clk-hfpll.o
clk-qcom-y += reset.o
diff --git a/drivers/clk/qcom/clk-regmap-phy-mux.c b/drivers/clk/qcom/clk-regmap-phy-mux.c
new file mode 100644
index 0000000000000..7b7243b7107dc
--- /dev/null
+++ b/drivers/clk/qcom/clk-regmap-phy-mux.c
@@ -0,0 +1,62 @@
+// SPDX-License-Identifier: GPL-2.0-only
+/*
+ * Copyright (c) 2022, Linaro Ltd.
+ */
+
+#include <linux/clk-provider.h>
+#include <linux/bitfield.h>
+#include <linux/regmap.h>
+#include <linux/export.h>
+
+#include "clk-regmap.h"
+#include "clk-regmap-phy-mux.h"
+
+#define PHY_MUX_MASK GENMASK(1, 0)
+#define PHY_MUX_PHY_SRC 0
+#define PHY_MUX_REF_SRC 2
+
+static inline struct clk_regmap_phy_mux *to_clk_regmap_phy_mux(struct clk_regmap *clkr)
+{
+ return container_of(clkr, struct clk_regmap_phy_mux, clkr);
+}
+
+static int phy_mux_is_enabled(struct clk_hw *hw)
+{
+ struct clk_regmap *clkr = to_clk_regmap(hw);
+ struct clk_regmap_phy_mux *phy_mux = to_clk_regmap_phy_mux(clkr);
+ unsigned int val;
+
+ regmap_read(clkr->regmap, phy_mux->reg, &val);
+ val = FIELD_GET(PHY_MUX_MASK, val);
+
+ WARN_ON(val != PHY_MUX_PHY_SRC && val != PHY_MUX_REF_SRC);
+
+ return val == PHY_MUX_PHY_SRC;
+}
+
+static int phy_mux_enable(struct clk_hw *hw)
+{
+ struct clk_regmap *clkr = to_clk_regmap(hw);
+ struct clk_regmap_phy_mux *phy_mux = to_clk_regmap_phy_mux(clkr);
+
+ return regmap_update_bits(clkr->regmap, phy_mux->reg,
+ PHY_MUX_MASK,
+ FIELD_PREP(PHY_MUX_MASK, PHY_MUX_PHY_SRC));
+}
+
+static void phy_mux_disable(struct clk_hw *hw)
+{
+ struct clk_regmap *clkr = to_clk_regmap(hw);
+ struct clk_regmap_phy_mux *phy_mux = to_clk_regmap_phy_mux(clkr);
+
+ regmap_update_bits(clkr->regmap, phy_mux->reg,
+ PHY_MUX_MASK,
+ FIELD_PREP(PHY_MUX_MASK, PHY_MUX_REF_SRC));
+}
+
+const struct clk_ops clk_regmap_phy_mux_ops = {
+ .enable = phy_mux_enable,
+ .disable = phy_mux_disable,
+ .is_enabled = phy_mux_is_enabled,
+};
+EXPORT_SYMBOL_GPL(clk_regmap_phy_mux_ops);
diff --git a/drivers/clk/qcom/clk-regmap-phy-mux.h b/drivers/clk/qcom/clk-regmap-phy-mux.h
new file mode 100644
index 0000000000000..614dd384695ca
--- /dev/null
+++ b/drivers/clk/qcom/clk-regmap-phy-mux.h
@@ -0,0 +1,33 @@
+/* SPDX-License-Identifier: GPL-2.0-only */
+/*
+ * Copyright (c) 2022, Linaro Ltd.
+ */
+
+#ifndef __QCOM_CLK_REGMAP_PHY_MUX_H__
+#define __QCOM_CLK_REGMAP_PHY_MUX_H__
+
+#include "clk-regmap.h"
+
+/*
+ * A clock implementation for PHY pipe and symbols clock muxes.
+ *
+ * If the clock is running off the from-PHY source, report it as enabled.
+ * Report it as disabled otherwise (if it uses reference source).
+ *
+ * This way the PHY will disable the pipe clock before turning off the GDSC,
+ * which in turn would lead to disabling corresponding pipe_clk_src (and thus
+ * it being parked to a safe, reference clock source). And vice versa, after
+ * enabling the GDSC the PHY will enable the pipe clock, which would cause
+ * pipe_clk_src to be switched from a safe source to the working one.
+ *
+ * For some platforms this should be used for the UFS symbol_clk_src clocks
+ * too.
+ */
+struct clk_regmap_phy_mux {
+ u32 reg;
+ struct clk_regmap clkr;
+};
+
+extern const struct clk_ops clk_regmap_phy_mux_ops;
+
+#endif
--
2.39.2
^ permalink raw reply related [flat|nested] 391+ messages in thread
* [PATCH 5.15 315/371] clk: qcom: gcc-sm8350: fix PCIe PIPE clocks handling
2023-05-08 9:43 [PATCH 5.15 000/371] 5.15.111-rc1 review Greg Kroah-Hartman
` (313 preceding siblings ...)
2023-05-08 9:48 ` [PATCH 5.15 314/371] clk: qcom: regmap: add PHY clock source implementation Greg Kroah-Hartman
@ 2023-05-08 9:48 ` Greg Kroah-Hartman
2023-05-08 9:48 ` [PATCH 5.15 316/371] Input: raspberrypi-ts - fix refcount leak in rpi_ts_probe Greg Kroah-Hartman
` (59 subsequent siblings)
374 siblings, 0 replies; 391+ messages in thread
From: Greg Kroah-Hartman @ 2023-05-08 9:48 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Dmitry Baryshkov, Bjorn Andersson,
Sasha Levin
From: Dmitry Baryshkov <dmitry.baryshkov@linaro.org>
[ Upstream commit 1a500e0bc97b6cb3c0d9859e81973b8dd07d1b7b ]
On SM8350 platform the PCIe PIPE clocks require additional handling to
function correctly. They are to be switched to the tcxo source before
turning PCIe GDSCs off and should be switched to PHY PIPE source once
they are working. Switch PCIe PHY clocks to use clk_regmap_phy_mux_ops,
which provide support for this dance.
Fixes: 44c20c9ed37f ("clk: qcom: gcc: Add clock driver for SM8350")
Signed-off-by: Dmitry Baryshkov <dmitry.baryshkov@linaro.org>
Signed-off-by: Bjorn Andersson <andersson@kernel.org>
Link: https://lore.kernel.org/r/20230412134829.3686467-1-dmitry.baryshkov@linaro.org
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/clk/qcom/gcc-sm8350.c | 47 ++++++++++-------------------------
1 file changed, 13 insertions(+), 34 deletions(-)
diff --git a/drivers/clk/qcom/gcc-sm8350.c b/drivers/clk/qcom/gcc-sm8350.c
index 6d0a9e2d51041..87d03b1684ed0 100644
--- a/drivers/clk/qcom/gcc-sm8350.c
+++ b/drivers/clk/qcom/gcc-sm8350.c
@@ -16,6 +16,7 @@
#include "clk-regmap.h"
#include "clk-regmap-divider.h"
#include "clk-regmap-mux.h"
+#include "clk-regmap-phy-mux.h"
#include "gdsc.h"
#include "reset.h"
@@ -166,26 +167,6 @@ static const struct clk_parent_data gcc_parent_data_3[] = {
{ .fw_name = "core_bi_pll_test_se" },
};
-static const struct parent_map gcc_parent_map_4[] = {
- { P_PCIE_0_PIPE_CLK, 0 },
- { P_BI_TCXO, 2 },
-};
-
-static const struct clk_parent_data gcc_parent_data_4[] = {
- { .fw_name = "pcie_0_pipe_clk", },
- { .fw_name = "bi_tcxo" },
-};
-
-static const struct parent_map gcc_parent_map_5[] = {
- { P_PCIE_1_PIPE_CLK, 0 },
- { P_BI_TCXO, 2 },
-};
-
-static const struct clk_parent_data gcc_parent_data_5[] = {
- { .fw_name = "pcie_1_pipe_clk" },
- { .fw_name = "bi_tcxo" },
-};
-
static const struct parent_map gcc_parent_map_6[] = {
{ P_BI_TCXO, 0 },
{ P_GCC_GPLL0_OUT_MAIN, 1 },
@@ -288,32 +269,30 @@ static const struct clk_parent_data gcc_parent_data_14[] = {
{ .fw_name = "bi_tcxo" },
};
-static struct clk_regmap_mux gcc_pcie_0_pipe_clk_src = {
+static struct clk_regmap_phy_mux gcc_pcie_0_pipe_clk_src = {
.reg = 0x6b054,
- .shift = 0,
- .width = 2,
- .parent_map = gcc_parent_map_4,
.clkr = {
.hw.init = &(struct clk_init_data){
.name = "gcc_pcie_0_pipe_clk_src",
- .parent_data = gcc_parent_data_4,
- .num_parents = ARRAY_SIZE(gcc_parent_data_4),
- .ops = &clk_regmap_mux_closest_ops,
+ .parent_data = &(const struct clk_parent_data){
+ .fw_name = "pcie_0_pipe_clk",
+ },
+ .num_parents = 1,
+ .ops = &clk_regmap_phy_mux_ops,
},
},
};
-static struct clk_regmap_mux gcc_pcie_1_pipe_clk_src = {
+static struct clk_regmap_phy_mux gcc_pcie_1_pipe_clk_src = {
.reg = 0x8d054,
- .shift = 0,
- .width = 2,
- .parent_map = gcc_parent_map_5,
.clkr = {
.hw.init = &(struct clk_init_data){
.name = "gcc_pcie_1_pipe_clk_src",
- .parent_data = gcc_parent_data_5,
- .num_parents = ARRAY_SIZE(gcc_parent_data_5),
- .ops = &clk_regmap_mux_closest_ops,
+ .parent_data = &(const struct clk_parent_data){
+ .fw_name = "pcie_1_pipe_clk",
+ },
+ .num_parents = 1,
+ .ops = &clk_regmap_phy_mux_ops,
},
},
};
--
2.39.2
^ permalink raw reply related [flat|nested] 391+ messages in thread
* [PATCH 5.15 316/371] Input: raspberrypi-ts - fix refcount leak in rpi_ts_probe
2023-05-08 9:43 [PATCH 5.15 000/371] 5.15.111-rc1 review Greg Kroah-Hartman
` (314 preceding siblings ...)
2023-05-08 9:48 ` [PATCH 5.15 315/371] clk: qcom: gcc-sm8350: fix PCIe PIPE clocks handling Greg Kroah-Hartman
@ 2023-05-08 9:48 ` Greg Kroah-Hartman
2023-05-08 9:48 ` [PATCH 5.15 317/371] RDMA/mlx5: Fix flow counter query via DEVX Greg Kroah-Hartman
` (58 subsequent siblings)
374 siblings, 0 replies; 391+ messages in thread
From: Greg Kroah-Hartman @ 2023-05-08 9:48 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Miaoqian Lin, Mattijs Korpershoek,
Dmitry Torokhov, Sasha Levin
From: Miaoqian Lin <linmq006@gmail.com>
[ Upstream commit 5bca3688bdbc3b58a2894b8671a8e2378efe28bd ]
rpi_firmware_get() take reference, we need to release it in error paths
as well. Use devm_rpi_firmware_get() helper to handling the resources.
Also remove the existing rpi_firmware_put().
Fixes: 0b9f28fed3f7 ("Input: add official Raspberry Pi's touchscreen driver")
Fixes: 3b8ddff780b7 ("input: raspberrypi-ts: Release firmware handle when not needed")
Signed-off-by: Miaoqian Lin <linmq006@gmail.com>
Reviewed-by: Mattijs Korpershoek <mkorpershoek@baylibre.com>
Link: https://lore.kernel.org/r/20221223074657.810346-1-linmq006@gmail.com
Signed-off-by: Dmitry Torokhov <dmitry.torokhov@gmail.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/input/touchscreen/raspberrypi-ts.c | 3 +--
1 file changed, 1 insertion(+), 2 deletions(-)
diff --git a/drivers/input/touchscreen/raspberrypi-ts.c b/drivers/input/touchscreen/raspberrypi-ts.c
index 5000f5fd9ec38..45c575df994e0 100644
--- a/drivers/input/touchscreen/raspberrypi-ts.c
+++ b/drivers/input/touchscreen/raspberrypi-ts.c
@@ -134,7 +134,7 @@ static int rpi_ts_probe(struct platform_device *pdev)
return -ENOENT;
}
- fw = rpi_firmware_get(fw_node);
+ fw = devm_rpi_firmware_get(&pdev->dev, fw_node);
of_node_put(fw_node);
if (!fw)
return -EPROBE_DEFER;
@@ -160,7 +160,6 @@ static int rpi_ts_probe(struct platform_device *pdev)
touchbuf = (u32)ts->fw_regs_phys;
error = rpi_firmware_property(fw, RPI_FIRMWARE_FRAMEBUFFER_SET_TOUCHBUF,
&touchbuf, sizeof(touchbuf));
- rpi_firmware_put(fw);
if (error || touchbuf != 0) {
dev_warn(dev, "Failed to set touchbuf, %d\n", error);
return error;
--
2.39.2
^ permalink raw reply related [flat|nested] 391+ messages in thread
* [PATCH 5.15 317/371] RDMA/mlx5: Fix flow counter query via DEVX
2023-05-08 9:43 [PATCH 5.15 000/371] 5.15.111-rc1 review Greg Kroah-Hartman
` (315 preceding siblings ...)
2023-05-08 9:48 ` [PATCH 5.15 316/371] Input: raspberrypi-ts - fix refcount leak in rpi_ts_probe Greg Kroah-Hartman
@ 2023-05-08 9:48 ` Greg Kroah-Hartman
2023-05-08 9:48 ` [PATCH 5.15 318/371] SUNRPC: remove the maximum number of retries in call_bind_status Greg Kroah-Hartman
` (57 subsequent siblings)
374 siblings, 0 replies; 391+ messages in thread
From: Greg Kroah-Hartman @ 2023-05-08 9:48 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Mark Bloch, Maor Gottlieb,
Leon Romanovsky, Sasha Levin
From: Mark Bloch <mbloch@nvidia.com>
[ Upstream commit 3e358ea8614ddfbc59ca7a3f5dff5dde2b350b2c ]
Commit cited in "fixes" tag added bulk support for flow counters but it
didn't account that's also possible to query a counter using a non-base id
if the counter was allocated as bulk.
When a user performs a query, validate the flow counter id given in the
mailbox is inside the valid range taking bulk value into account.
Fixes: 208d70f562e5 ("IB/mlx5: Support flow counters offset for bulk counters")
Signed-off-by: Mark Bloch <mbloch@nvidia.com>
Reviewed-by: Maor Gottlieb <maorg@nvidia.com>
Link: https://lore.kernel.org/r/79d7fbe291690128e44672418934256254d93115.1681377114.git.leon@kernel.org
Signed-off-by: Leon Romanovsky <leon@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/infiniband/hw/mlx5/devx.c | 31 ++++++++++++++++++++++++++-----
include/linux/mlx5/mlx5_ifc.h | 3 ++-
2 files changed, 28 insertions(+), 6 deletions(-)
diff --git a/drivers/infiniband/hw/mlx5/devx.c b/drivers/infiniband/hw/mlx5/devx.c
index 21beded40066d..104e5cbba066b 100644
--- a/drivers/infiniband/hw/mlx5/devx.c
+++ b/drivers/infiniband/hw/mlx5/devx.c
@@ -666,7 +666,21 @@ static bool devx_is_valid_obj_id(struct uverbs_attr_bundle *attrs,
obj_id;
case MLX5_IB_OBJECT_DEVX_OBJ:
- return ((struct devx_obj *)uobj->object)->obj_id == obj_id;
+ {
+ u16 opcode = MLX5_GET(general_obj_in_cmd_hdr, in, opcode);
+ struct devx_obj *devx_uobj = uobj->object;
+
+ if (opcode == MLX5_CMD_OP_QUERY_FLOW_COUNTER &&
+ devx_uobj->flow_counter_bulk_size) {
+ u64 end;
+
+ end = devx_uobj->obj_id +
+ devx_uobj->flow_counter_bulk_size;
+ return devx_uobj->obj_id <= obj_id && end > obj_id;
+ }
+
+ return devx_uobj->obj_id == obj_id;
+ }
default:
return false;
@@ -1515,10 +1529,17 @@ static int UVERBS_HANDLER(MLX5_IB_METHOD_DEVX_OBJ_CREATE)(
goto obj_free;
if (opcode == MLX5_CMD_OP_ALLOC_FLOW_COUNTER) {
- u8 bulk = MLX5_GET(alloc_flow_counter_in,
- cmd_in,
- flow_counter_bulk);
- obj->flow_counter_bulk_size = 128UL * bulk;
+ u32 bulk = MLX5_GET(alloc_flow_counter_in,
+ cmd_in,
+ flow_counter_bulk_log_size);
+
+ if (bulk)
+ bulk = 1 << bulk;
+ else
+ bulk = 128UL * MLX5_GET(alloc_flow_counter_in,
+ cmd_in,
+ flow_counter_bulk);
+ obj->flow_counter_bulk_size = bulk;
}
uobj->object = obj;
diff --git a/include/linux/mlx5/mlx5_ifc.h b/include/linux/mlx5/mlx5_ifc.h
index 49ea0004109e1..442b6ac8a66c1 100644
--- a/include/linux/mlx5/mlx5_ifc.h
+++ b/include/linux/mlx5/mlx5_ifc.h
@@ -8508,7 +8508,8 @@ struct mlx5_ifc_alloc_flow_counter_in_bits {
u8 reserved_at_20[0x10];
u8 op_mod[0x10];
- u8 reserved_at_40[0x38];
+ u8 reserved_at_40[0x33];
+ u8 flow_counter_bulk_log_size[0x5];
u8 flow_counter_bulk[0x8];
};
--
2.39.2
^ permalink raw reply related [flat|nested] 391+ messages in thread
* [PATCH 5.15 318/371] SUNRPC: remove the maximum number of retries in call_bind_status
2023-05-08 9:43 [PATCH 5.15 000/371] 5.15.111-rc1 review Greg Kroah-Hartman
` (316 preceding siblings ...)
2023-05-08 9:48 ` [PATCH 5.15 317/371] RDMA/mlx5: Fix flow counter query via DEVX Greg Kroah-Hartman
@ 2023-05-08 9:48 ` Greg Kroah-Hartman
2023-05-08 9:48 ` [PATCH 5.15 319/371] RDMA/mlx5: Use correct device num_ports when modify DC Greg Kroah-Hartman
` (56 subsequent siblings)
374 siblings, 0 replies; 391+ messages in thread
From: Greg Kroah-Hartman @ 2023-05-08 9:48 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Helen Chao, Dai Ngo, Jeff Layton,
Anna Schumaker, Sasha Levin
From: Dai Ngo <dai.ngo@oracle.com>
[ Upstream commit 691d0b782066a6eeeecbfceb7910a8f6184e6105 ]
Currently call_bind_status places a hard limit of 3 to the number of
retries on EACCES error. This limit was done to prevent NLM unlock
requests from being hang forever when the server keeps returning garbage.
However this change causes problem for cases when NLM service takes
longer than 9 seconds to register with the port mapper after a restart.
This patch removes this hard coded limit and let the RPC handles
the retry based on the standard hard/soft task semantics.
Fixes: 0b760113a3a1 ("NLM: Don't hang forever on NLM unlock requests")
Reported-by: Helen Chao <helen.chao@oracle.com>
Tested-by: Helen Chao <helen.chao@oracle.com>
Signed-off-by: Dai Ngo <dai.ngo@oracle.com>
Reviewed-by: Jeff Layton <jlayton@kernel.org>
Signed-off-by: Anna Schumaker <Anna.Schumaker@Netapp.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
include/linux/sunrpc/sched.h | 3 +--
net/sunrpc/clnt.c | 3 ---
net/sunrpc/sched.c | 1 -
3 files changed, 1 insertion(+), 6 deletions(-)
diff --git a/include/linux/sunrpc/sched.h b/include/linux/sunrpc/sched.h
index a237b8dbf6086..ba047a145e092 100644
--- a/include/linux/sunrpc/sched.h
+++ b/include/linux/sunrpc/sched.h
@@ -90,8 +90,7 @@ struct rpc_task {
#endif
unsigned char tk_priority : 2,/* Task priority */
tk_garb_retry : 2,
- tk_cred_retry : 2,
- tk_rebind_retry : 2;
+ tk_cred_retry : 2;
};
typedef void (*rpc_action)(struct rpc_task *);
diff --git a/net/sunrpc/clnt.c b/net/sunrpc/clnt.c
index ad3e9a40b0610..b9c54c03c30a6 100644
--- a/net/sunrpc/clnt.c
+++ b/net/sunrpc/clnt.c
@@ -1981,9 +1981,6 @@ call_bind_status(struct rpc_task *task)
status = -EOPNOTSUPP;
break;
}
- if (task->tk_rebind_retry == 0)
- break;
- task->tk_rebind_retry--;
rpc_delay(task, 3*HZ);
goto retry_timeout;
case -ENOBUFS:
diff --git a/net/sunrpc/sched.c b/net/sunrpc/sched.c
index f0f55fbd13752..a00890962e115 100644
--- a/net/sunrpc/sched.c
+++ b/net/sunrpc/sched.c
@@ -796,7 +796,6 @@ rpc_init_task_statistics(struct rpc_task *task)
/* Initialize retry counters */
task->tk_garb_retry = 2;
task->tk_cred_retry = 2;
- task->tk_rebind_retry = 2;
/* starting timestamp */
task->tk_start = ktime_get();
--
2.39.2
^ permalink raw reply related [flat|nested] 391+ messages in thread
* [PATCH 5.15 319/371] RDMA/mlx5: Use correct device num_ports when modify DC
2023-05-08 9:43 [PATCH 5.15 000/371] 5.15.111-rc1 review Greg Kroah-Hartman
` (317 preceding siblings ...)
2023-05-08 9:48 ` [PATCH 5.15 318/371] SUNRPC: remove the maximum number of retries in call_bind_status Greg Kroah-Hartman
@ 2023-05-08 9:48 ` Greg Kroah-Hartman
2023-05-08 9:48 ` [PATCH 5.15 320/371] clocksource/drivers/davinci: Fix memory leak in davinci_timer_register when init fails Greg Kroah-Hartman
` (55 subsequent siblings)
374 siblings, 0 replies; 391+ messages in thread
From: Greg Kroah-Hartman @ 2023-05-08 9:48 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Mark Zhang, Maor Gottlieb,
Jason Gunthorpe, Sasha Levin
From: Mark Zhang <markzhang@nvidia.com>
[ Upstream commit 746aa3c8cb1a650ff2583497ac646e505831b9b9 ]
Just like other QP types, when modify DC, the port_num should be compared
with dev->num_ports, instead of HCA_CAP.num_ports. Otherwise Multi-port
vHCA on DC may not work.
Fixes: 776a3906b692 ("IB/mlx5: Add support for DC target QP")
Link: https://lore.kernel.org/r/20230420013906.1244185-1-markzhang@nvidia.com
Signed-off-by: Mark Zhang <markzhang@nvidia.com>
Reviewed-by: Maor Gottlieb <maorg@nvidia.com>
Signed-off-by: Jason Gunthorpe <jgg@nvidia.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/infiniband/hw/mlx5/qp.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/infiniband/hw/mlx5/qp.c b/drivers/infiniband/hw/mlx5/qp.c
index 55b05a3e31b8e..1080daf3a546f 100644
--- a/drivers/infiniband/hw/mlx5/qp.c
+++ b/drivers/infiniband/hw/mlx5/qp.c
@@ -4406,7 +4406,7 @@ static int mlx5_ib_modify_dct(struct ib_qp *ibqp, struct ib_qp_attr *attr,
return -EINVAL;
if (attr->port_num == 0 ||
- attr->port_num > MLX5_CAP_GEN(dev->mdev, num_ports)) {
+ attr->port_num > dev->num_ports) {
mlx5_ib_dbg(dev, "invalid port number %d. number of ports is %d\n",
attr->port_num, dev->num_ports);
return -EINVAL;
--
2.39.2
^ permalink raw reply related [flat|nested] 391+ messages in thread
* [PATCH 5.15 320/371] clocksource/drivers/davinci: Fix memory leak in davinci_timer_register when init fails
2023-05-08 9:43 [PATCH 5.15 000/371] 5.15.111-rc1 review Greg Kroah-Hartman
` (318 preceding siblings ...)
2023-05-08 9:48 ` [PATCH 5.15 319/371] RDMA/mlx5: Use correct device num_ports when modify DC Greg Kroah-Hartman
@ 2023-05-08 9:48 ` Greg Kroah-Hartman
2023-05-08 9:48 ` [PATCH 5.15 321/371] openrisc: Properly store r31 to pt_regs on unhandled exceptions Greg Kroah-Hartman
` (54 subsequent siblings)
374 siblings, 0 replies; 391+ messages in thread
From: Greg Kroah-Hartman @ 2023-05-08 9:48 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Qinrun Dai, Daniel Lezcano, Sasha Levin
From: Qinrun Dai <flno@hust.edu.cn>
[ Upstream commit fb73556386e074e9bee9fa2d253aeaefe4e063e0 ]
Smatch reports:
drivers/clocksource/timer-davinci.c:332 davinci_timer_register()
warn: 'base' from ioremap() not released on lines: 274.
Fix this and other potential memory leak problems
by adding a set of corresponding exit lables.
Fixes: 721154f972aa ("clocksource/drivers/davinci: Add support for clockevents")
Signed-off-by: Qinrun Dai <flno@hust.edu.cn>
Link: https://lore.kernel.org/r/20230413135037.1505799-1-flno@hust.edu.cn
Signed-off-by: Daniel Lezcano <daniel.lezcano@linaro.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/clocksource/timer-davinci.c | 30 +++++++++++++++++++++++------
1 file changed, 24 insertions(+), 6 deletions(-)
diff --git a/drivers/clocksource/timer-davinci.c b/drivers/clocksource/timer-davinci.c
index 9996c05425200..b1c248498be46 100644
--- a/drivers/clocksource/timer-davinci.c
+++ b/drivers/clocksource/timer-davinci.c
@@ -257,21 +257,25 @@ int __init davinci_timer_register(struct clk *clk,
resource_size(&timer_cfg->reg),
"davinci-timer")) {
pr_err("Unable to request memory region\n");
- return -EBUSY;
+ rv = -EBUSY;
+ goto exit_clk_disable;
}
base = ioremap(timer_cfg->reg.start, resource_size(&timer_cfg->reg));
if (!base) {
pr_err("Unable to map the register range\n");
- return -ENOMEM;
+ rv = -ENOMEM;
+ goto exit_mem_region;
}
davinci_timer_init(base);
tick_rate = clk_get_rate(clk);
clockevent = kzalloc(sizeof(*clockevent), GFP_KERNEL);
- if (!clockevent)
- return -ENOMEM;
+ if (!clockevent) {
+ rv = -ENOMEM;
+ goto exit_iounmap_base;
+ }
clockevent->dev.name = "tim12";
clockevent->dev.features = CLOCK_EVT_FEAT_ONESHOT;
@@ -296,7 +300,7 @@ int __init davinci_timer_register(struct clk *clk,
"clockevent/tim12", clockevent);
if (rv) {
pr_err("Unable to request the clockevent interrupt\n");
- return rv;
+ goto exit_free_clockevent;
}
davinci_clocksource.dev.rating = 300;
@@ -323,13 +327,27 @@ int __init davinci_timer_register(struct clk *clk,
rv = clocksource_register_hz(&davinci_clocksource.dev, tick_rate);
if (rv) {
pr_err("Unable to register clocksource\n");
- return rv;
+ goto exit_free_irq;
}
sched_clock_register(davinci_timer_read_sched_clock,
DAVINCI_TIMER_CLKSRC_BITS, tick_rate);
return 0;
+
+exit_free_irq:
+ free_irq(timer_cfg->irq[DAVINCI_TIMER_CLOCKEVENT_IRQ].start,
+ clockevent);
+exit_free_clockevent:
+ kfree(clockevent);
+exit_iounmap_base:
+ iounmap(base);
+exit_mem_region:
+ release_mem_region(timer_cfg->reg.start,
+ resource_size(&timer_cfg->reg));
+exit_clk_disable:
+ clk_disable_unprepare(clk);
+ return rv;
}
static int __init of_davinci_timer_register(struct device_node *np)
--
2.39.2
^ permalink raw reply related [flat|nested] 391+ messages in thread
* [PATCH 5.15 321/371] openrisc: Properly store r31 to pt_regs on unhandled exceptions
2023-05-08 9:43 [PATCH 5.15 000/371] 5.15.111-rc1 review Greg Kroah-Hartman
` (319 preceding siblings ...)
2023-05-08 9:48 ` [PATCH 5.15 320/371] clocksource/drivers/davinci: Fix memory leak in davinci_timer_register when init fails Greg Kroah-Hartman
@ 2023-05-08 9:48 ` Greg Kroah-Hartman
2023-05-08 9:48 ` [PATCH 5.15 322/371] timekeeping: Fix references to nonexistent ktime_get_fast_ns() Greg Kroah-Hartman
` (53 subsequent siblings)
374 siblings, 0 replies; 391+ messages in thread
From: Greg Kroah-Hartman @ 2023-05-08 9:48 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Stafford Horne, Sasha Levin
From: Stafford Horne <shorne@gmail.com>
[ Upstream commit 812489ac4dd91144a74ce65ecf232252a2e406fb ]
In commit 91993c8c2ed5 ("openrisc: use shadow registers to save regs on
exception") the unhandled exception path was changed to do an early
store of r30 instead of r31. The entry code was not updated and r31 is
not getting stored to pt_regs.
This patch updates the entry handler to store r31 instead of r30. We
also remove some misleading commented out store r30 and r31
instructrions.
I noticed this while working on adding floating point exception
handling, This issue probably would never impact anything since we kill
the process or Oops right away on unhandled exceptions.
Fixes: 91993c8c2ed5 ("openrisc: use shadow registers to save regs on exception")
Signed-off-by: Stafford Horne <shorne@gmail.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/openrisc/kernel/entry.S | 6 ++----
1 file changed, 2 insertions(+), 4 deletions(-)
diff --git a/arch/openrisc/kernel/entry.S b/arch/openrisc/kernel/entry.S
index c68f3349c1741..d32906e89aafd 100644
--- a/arch/openrisc/kernel/entry.S
+++ b/arch/openrisc/kernel/entry.S
@@ -173,7 +173,6 @@ handler: ;\
l.sw PT_GPR28(r1),r28 ;\
l.sw PT_GPR29(r1),r29 ;\
/* r30 already save */ ;\
-/* l.sw PT_GPR30(r1),r30*/ ;\
l.sw PT_GPR31(r1),r31 ;\
TRACE_IRQS_OFF_ENTRY ;\
/* Store -1 in orig_gpr11 for non-syscall exceptions */ ;\
@@ -211,9 +210,8 @@ handler: ;\
l.sw PT_GPR27(r1),r27 ;\
l.sw PT_GPR28(r1),r28 ;\
l.sw PT_GPR29(r1),r29 ;\
- /* r31 already saved */ ;\
- l.sw PT_GPR30(r1),r30 ;\
-/* l.sw PT_GPR31(r1),r31 */ ;\
+ /* r30 already saved */ ;\
+ l.sw PT_GPR31(r1),r31 ;\
/* Store -1 in orig_gpr11 for non-syscall exceptions */ ;\
l.addi r30,r0,-1 ;\
l.sw PT_ORIG_GPR11(r1),r30 ;\
--
2.39.2
^ permalink raw reply related [flat|nested] 391+ messages in thread
* [PATCH 5.15 322/371] timekeeping: Fix references to nonexistent ktime_get_fast_ns()
2023-05-08 9:43 [PATCH 5.15 000/371] 5.15.111-rc1 review Greg Kroah-Hartman
` (320 preceding siblings ...)
2023-05-08 9:48 ` [PATCH 5.15 321/371] openrisc: Properly store r31 to pt_regs on unhandled exceptions Greg Kroah-Hartman
@ 2023-05-08 9:48 ` Greg Kroah-Hartman
2023-05-08 9:48 ` [PATCH 5.15 323/371] SMB3: Add missing locks to protect deferred close file list Greg Kroah-Hartman
` (52 subsequent siblings)
374 siblings, 0 replies; 391+ messages in thread
From: Greg Kroah-Hartman @ 2023-05-08 9:48 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Geert Uytterhoeven, Thomas Gleixner,
John Stultz, Sasha Levin
From: Geert Uytterhoeven <geert+renesas@glider.be>
[ Upstream commit 158009f1b4a33bc0f354b994eea361362bd83226 ]
There was never a function named ktime_get_fast_ns().
Presumably these should refer to ktime_get_mono_fast_ns() instead.
Fixes: c1ce406e80fb15fa ("timekeeping: Fix up function documentation for the NMI safe accessors")
Signed-off-by: Geert Uytterhoeven <geert+renesas@glider.be>
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
Acked-by: John Stultz <jstultz@google.com>
Link: https://lore.kernel.org/r/06df7b3cbd94f016403bbf6cd2b38e4368e7468f.1682516546.git.geert+renesas@glider.be
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
kernel/time/timekeeping.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/kernel/time/timekeeping.c b/kernel/time/timekeeping.c
index d6a0ff68df410..d921c1b256cf5 100644
--- a/kernel/time/timekeeping.c
+++ b/kernel/time/timekeeping.c
@@ -523,7 +523,7 @@ EXPORT_SYMBOL_GPL(ktime_get_raw_fast_ns);
* partially updated. Since the tk->offs_boot update is a rare event, this
* should be a rare occurrence which postprocessing should be able to handle.
*
- * The caveats vs. timestamp ordering as documented for ktime_get_fast_ns()
+ * The caveats vs. timestamp ordering as documented for ktime_get_mono_fast_ns()
* apply as well.
*/
u64 notrace ktime_get_boot_fast_ns(void)
@@ -559,7 +559,7 @@ static __always_inline u64 __ktime_get_real_fast(struct tk_fast *tkf, u64 *mono)
/**
* ktime_get_real_fast_ns: - NMI safe and fast access to clock realtime.
*
- * See ktime_get_fast_ns() for documentation of the time stamp ordering.
+ * See ktime_get_mono_fast_ns() for documentation of the time stamp ordering.
*/
u64 ktime_get_real_fast_ns(void)
{
--
2.39.2
^ permalink raw reply related [flat|nested] 391+ messages in thread
* [PATCH 5.15 323/371] SMB3: Add missing locks to protect deferred close file list
2023-05-08 9:43 [PATCH 5.15 000/371] 5.15.111-rc1 review Greg Kroah-Hartman
` (321 preceding siblings ...)
2023-05-08 9:48 ` [PATCH 5.15 322/371] timekeeping: Fix references to nonexistent ktime_get_fast_ns() Greg Kroah-Hartman
@ 2023-05-08 9:48 ` Greg Kroah-Hartman
2023-05-08 9:48 ` [PATCH 5.15 324/371] SMB3: Close deferred file handles in case of handle lease break Greg Kroah-Hartman
` (51 subsequent siblings)
374 siblings, 0 replies; 391+ messages in thread
From: Greg Kroah-Hartman @ 2023-05-08 9:48 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Bharath SM, Ronnie Sahlberg,
Steve French, Sasha Levin, Paulo Alcantara
From: Bharath SM <bharathsm@microsoft.com>
[ Upstream commit ab9ddc87a9055c4bebd6524d5d761d605d52e557 ]
cifs_del_deferred_close function has a critical section which modifies
the deferred close file list. We must acquire deferred_lock before
calling cifs_del_deferred_close function.
Fixes: ca08d0eac020 ("cifs: Fix memory leak on the deferred close")
Signed-off-by: Bharath SM <bharathsm@microsoft.com>
Acked-off-by: Paulo Alcantara (SUSE) <pc@manguebit.com>
Acked-by: Ronnie Sahlberg <lsahlber@redhat.com>
Signed-off-by: Steve French <stfrench@microsoft.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
fs/cifs/misc.c | 6 ++++++
1 file changed, 6 insertions(+)
diff --git a/fs/cifs/misc.c b/fs/cifs/misc.c
index 300f5f382e43f..15e8ae31ffbc9 100644
--- a/fs/cifs/misc.c
+++ b/fs/cifs/misc.c
@@ -733,7 +733,9 @@ cifs_close_deferred_file(struct cifsInodeInfo *cifs_inode)
list_for_each_entry(cfile, &cifs_inode->openFileList, flist) {
if (delayed_work_pending(&cfile->deferred)) {
if (cancel_delayed_work(&cfile->deferred)) {
+ spin_lock(&cifs_inode->deferred_lock);
cifs_del_deferred_close(cfile);
+ spin_unlock(&cifs_inode->deferred_lock);
tmp_list = kmalloc(sizeof(struct file_list), GFP_ATOMIC);
if (tmp_list == NULL)
@@ -766,7 +768,9 @@ cifs_close_all_deferred_files(struct cifs_tcon *tcon)
cfile = list_entry(tmp, struct cifsFileInfo, tlist);
if (delayed_work_pending(&cfile->deferred)) {
if (cancel_delayed_work(&cfile->deferred)) {
+ spin_lock(&CIFS_I(d_inode(cfile->dentry))->deferred_lock);
cifs_del_deferred_close(cfile);
+ spin_unlock(&CIFS_I(d_inode(cfile->dentry))->deferred_lock);
tmp_list = kmalloc(sizeof(struct file_list), GFP_ATOMIC);
if (tmp_list == NULL)
@@ -803,7 +807,9 @@ cifs_close_deferred_file_under_dentry(struct cifs_tcon *tcon, const char *path)
if (strstr(full_path, path)) {
if (delayed_work_pending(&cfile->deferred)) {
if (cancel_delayed_work(&cfile->deferred)) {
+ spin_lock(&CIFS_I(d_inode(cfile->dentry))->deferred_lock);
cifs_del_deferred_close(cfile);
+ spin_unlock(&CIFS_I(d_inode(cfile->dentry))->deferred_lock);
tmp_list = kmalloc(sizeof(struct file_list), GFP_ATOMIC);
if (tmp_list == NULL)
--
2.39.2
^ permalink raw reply related [flat|nested] 391+ messages in thread
* [PATCH 5.15 324/371] SMB3: Close deferred file handles in case of handle lease break
2023-05-08 9:43 [PATCH 5.15 000/371] 5.15.111-rc1 review Greg Kroah-Hartman
` (322 preceding siblings ...)
2023-05-08 9:48 ` [PATCH 5.15 323/371] SMB3: Add missing locks to protect deferred close file list Greg Kroah-Hartman
@ 2023-05-08 9:48 ` Greg Kroah-Hartman
2023-05-08 9:48 ` [PATCH 5.15 325/371] ext4: fix i_disksize exceeding i_size problem in paritally written case Greg Kroah-Hartman
` (50 subsequent siblings)
374 siblings, 0 replies; 391+ messages in thread
From: Greg Kroah-Hartman @ 2023-05-08 9:48 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Bharath SM, Steve French, Sasha Levin
From: Bharath SM <bharathsm@microsoft.com>
[ Upstream commit d906be3fa571f6fc9381911304a0eca99f1b6951 ]
We should not cache deferred file handles if we dont have
handle lease on a file. And we should immediately close all
deferred handles in case of handle lease break.
Fixes: 9e31678fb403 ("SMB3: fix lease break timeout when multiple deferred close handles for the same file.")
Signed-off-by: Bharath SM <bharathsm@microsoft.com>
Signed-off-by: Steve French <stfrench@microsoft.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
fs/cifs/file.c | 16 ++++++++++++++++
fs/cifs/misc.c | 2 +-
2 files changed, 17 insertions(+), 1 deletion(-)
diff --git a/fs/cifs/file.c b/fs/cifs/file.c
index b3cf9ab50139d..ebf2877dbe76c 100644
--- a/fs/cifs/file.c
+++ b/fs/cifs/file.c
@@ -4870,6 +4870,8 @@ void cifs_oplock_break(struct work_struct *work)
struct TCP_Server_Info *server = tcon->ses->server;
int rc = 0;
bool purge_cache = false;
+ struct cifs_deferred_close *dclose;
+ bool is_deferred = false;
wait_on_bit(&cinode->flags, CIFS_INODE_PENDING_WRITERS,
TASK_UNINTERRUPTIBLE);
@@ -4905,6 +4907,20 @@ void cifs_oplock_break(struct work_struct *work)
cifs_dbg(VFS, "Push locks rc = %d\n", rc);
oplock_break_ack:
+ /*
+ * When oplock break is received and there are no active
+ * file handles but cached, then schedule deferred close immediately.
+ * So, new open will not use cached handle.
+ */
+ spin_lock(&CIFS_I(inode)->deferred_lock);
+ is_deferred = cifs_is_deferred_close(cfile, &dclose);
+ spin_unlock(&CIFS_I(inode)->deferred_lock);
+
+ if (!CIFS_CACHE_HANDLE(cinode) && is_deferred &&
+ cfile->deferred_close_scheduled && delayed_work_pending(&cfile->deferred)) {
+ cifs_close_deferred_file(cinode);
+ }
+
/*
* releasing stale oplock after recent reconnect of smb session using
* a now incorrect file handle is not a data integrity issue but do
diff --git a/fs/cifs/misc.c b/fs/cifs/misc.c
index 15e8ae31ffbc9..5e4dab5dfb7a3 100644
--- a/fs/cifs/misc.c
+++ b/fs/cifs/misc.c
@@ -748,7 +748,7 @@ cifs_close_deferred_file(struct cifsInodeInfo *cifs_inode)
spin_unlock(&cifs_inode->open_file_lock);
list_for_each_entry_safe(tmp_list, tmp_next_list, &file_head, list) {
- _cifsFileInfo_put(tmp_list->cfile, true, false);
+ _cifsFileInfo_put(tmp_list->cfile, false, false);
list_del(&tmp_list->list);
kfree(tmp_list);
}
--
2.39.2
^ permalink raw reply related [flat|nested] 391+ messages in thread
* [PATCH 5.15 325/371] ext4: fix i_disksize exceeding i_size problem in paritally written case
2023-05-08 9:43 [PATCH 5.15 000/371] 5.15.111-rc1 review Greg Kroah-Hartman
` (323 preceding siblings ...)
2023-05-08 9:48 ` [PATCH 5.15 324/371] SMB3: Close deferred file handles in case of handle lease break Greg Kroah-Hartman
@ 2023-05-08 9:48 ` Greg Kroah-Hartman
2023-05-08 9:48 ` [PATCH 5.15 326/371] ext4: fix use-after-free read in ext4_find_extent for bigalloc + inline Greg Kroah-Hartman
` (49 subsequent siblings)
374 siblings, 0 replies; 391+ messages in thread
From: Greg Kroah-Hartman @ 2023-05-08 9:48 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Zhihao Cheng, Jan Kara,
Theodore Tso, Sasha Levin
From: Zhihao Cheng <chengzhihao1@huawei.com>
[ Upstream commit 1dedde690303c05ef732b7c5c8356fdf60a4ade3 ]
It is possible for i_disksize can exceed i_size, triggering a warning.
generic_perform_write
copied = iov_iter_copy_from_user_atomic(len) // copied < len
ext4_da_write_end
| ext4_update_i_disksize
| new_i_size = pos + copied;
| WRITE_ONCE(EXT4_I(inode)->i_disksize, newsize) // update i_disksize
| generic_write_end
| copied = block_write_end(copied, len) // copied = 0
| if (unlikely(copied < len))
| if (!PageUptodate(page))
| copied = 0;
| if (pos + copied > inode->i_size) // return false
if (unlikely(copied == 0))
goto again;
if (unlikely(iov_iter_fault_in_readable(i, bytes))) {
status = -EFAULT;
break;
}
We get i_disksize greater than i_size here, which could trigger WARNING
check 'i_size_read(inode) < EXT4_I(inode)->i_disksize' while doing dio:
ext4_dio_write_iter
iomap_dio_rw
__iomap_dio_rw // return err, length is not aligned to 512
ext4_handle_inode_extension
WARN_ON_ONCE(i_size_read(inode) < EXT4_I(inode)->i_disksize) // Oops
WARNING: CPU: 2 PID: 2609 at fs/ext4/file.c:319
CPU: 2 PID: 2609 Comm: aa Not tainted 6.3.0-rc2
RIP: 0010:ext4_file_write_iter+0xbc7
Call Trace:
vfs_write+0x3b1
ksys_write+0x77
do_syscall_64+0x39
Fix it by updating 'copied' value before updating i_disksize just like
ext4_write_inline_data_end() does.
A reproducer can be found in the buganizer link below.
Link: https://bugzilla.kernel.org/show_bug.cgi?id=217209
Fixes: 64769240bd07 ("ext4: Add delayed allocation support in data=writeback mode")
Signed-off-by: Zhihao Cheng <chengzhihao1@huawei.com>
Reviewed-by: Jan Kara <jack@suse.cz>
Link: https://lore.kernel.org/r/20230321013721.89818-1-chengzhihao1@huawei.com
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
fs/ext4/inode.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/fs/ext4/inode.c b/fs/ext4/inode.c
index 0426f88ba907c..20b446a23e239 100644
--- a/fs/ext4/inode.c
+++ b/fs/ext4/inode.c
@@ -3065,6 +3065,9 @@ static int ext4_da_write_end(struct file *file,
ext4_has_inline_data(inode))
return ext4_write_inline_data_end(inode, pos, len, copied, page);
+ if (unlikely(copied < len) && !PageUptodate(page))
+ copied = 0;
+
start = pos & (PAGE_SIZE - 1);
end = start + copied - 1;
--
2.39.2
^ permalink raw reply related [flat|nested] 391+ messages in thread
* [PATCH 5.15 326/371] ext4: fix use-after-free read in ext4_find_extent for bigalloc + inline
2023-05-08 9:43 [PATCH 5.15 000/371] 5.15.111-rc1 review Greg Kroah-Hartman
` (324 preceding siblings ...)
2023-05-08 9:48 ` [PATCH 5.15 325/371] ext4: fix i_disksize exceeding i_size problem in paritally written case Greg Kroah-Hartman
@ 2023-05-08 9:48 ` Greg Kroah-Hartman
2023-05-08 9:48 ` [PATCH 5.15 327/371] pinctrl: renesas: r8a779a0: Remove incorrect AVB[01] pinmux configuration Greg Kroah-Hartman
` (48 subsequent siblings)
374 siblings, 0 replies; 391+ messages in thread
From: Greg Kroah-Hartman @ 2023-05-08 9:48 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, syzbot+bf4bb7731ef73b83a3b4,
Jan Kara, Ye Bin, Tudor Ambarus, Theodore Tso, Sasha Levin
From: Ye Bin <yebin10@huawei.com>
[ Upstream commit 835659598c67907b98cd2aa57bb951dfaf675c69 ]
Syzbot found the following issue:
loop0: detected capacity change from 0 to 2048
EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 without journal. Quota mode: none.
==================================================================
BUG: KASAN: use-after-free in ext4_ext_binsearch_idx fs/ext4/extents.c:768 [inline]
BUG: KASAN: use-after-free in ext4_find_extent+0x76e/0xd90 fs/ext4/extents.c:931
Read of size 4 at addr ffff888073644750 by task syz-executor420/5067
CPU: 0 PID: 5067 Comm: syz-executor420 Not tainted 6.2.0-rc1-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
Call Trace:
<TASK>
__dump_stack lib/dump_stack.c:88 [inline]
dump_stack_lvl+0x1b1/0x290 lib/dump_stack.c:106
print_address_description+0x74/0x340 mm/kasan/report.c:306
print_report+0x107/0x1f0 mm/kasan/report.c:417
kasan_report+0xcd/0x100 mm/kasan/report.c:517
ext4_ext_binsearch_idx fs/ext4/extents.c:768 [inline]
ext4_find_extent+0x76e/0xd90 fs/ext4/extents.c:931
ext4_clu_mapped+0x117/0x970 fs/ext4/extents.c:5809
ext4_insert_delayed_block fs/ext4/inode.c:1696 [inline]
ext4_da_map_blocks fs/ext4/inode.c:1806 [inline]
ext4_da_get_block_prep+0x9e8/0x13c0 fs/ext4/inode.c:1870
ext4_block_write_begin+0x6a8/0x2290 fs/ext4/inode.c:1098
ext4_da_write_begin+0x539/0x760 fs/ext4/inode.c:3082
generic_perform_write+0x2e4/0x5e0 mm/filemap.c:3772
ext4_buffered_write_iter+0x122/0x3a0 fs/ext4/file.c:285
ext4_file_write_iter+0x1d0/0x18f0
call_write_iter include/linux/fs.h:2186 [inline]
new_sync_write fs/read_write.c:491 [inline]
vfs_write+0x7dc/0xc50 fs/read_write.c:584
ksys_write+0x177/0x2a0 fs/read_write.c:637
do_syscall_x64 arch/x86/entry/common.c:50 [inline]
do_syscall_64+0x3d/0xb0 arch/x86/entry/common.c:80
entry_SYSCALL_64_after_hwframe+0x63/0xcd
RIP: 0033:0x7f4b7a9737b9
RSP: 002b:00007ffc5cac3668 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f4b7a9737b9
RDX: 00000000175d9003 RSI: 0000000020000200 RDI: 0000000000000004
RBP: 00007f4b7a933050 R08: 0000000000000000 R09: 0000000000000000
R10: 000000000000079f R11: 0000000000000246 R12: 00007f4b7a9330e0
R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
</TASK>
Above issue is happens when enable bigalloc and inline data feature. As
commit 131294c35ed6 fixed delayed allocation bug in ext4_clu_mapped for
bigalloc + inline. But it only resolved issue when has inline data, if
inline data has been converted to extent(ext4_da_convert_inline_data_to_extent)
before writepages, there is no EXT4_STATE_MAY_INLINE_DATA flag. However
i_data is still store inline data in this scene. Then will trigger UAF
when find extent.
To resolve above issue, there is need to add judge "ext4_has_inline_data(inode)"
in ext4_clu_mapped().
Fixes: 131294c35ed6 ("ext4: fix delayed allocation bug in ext4_clu_mapped for bigalloc + inline")
Reported-by: syzbot+bf4bb7731ef73b83a3b4@syzkaller.appspotmail.com
Reviewed-by: Jan Kara <jack@suse.cz>
Reviewed-by: Ye Bin <yebin10@huawei.com>
Reviewed-by: Tudor Ambarus <tudor.ambarus@linaro.org>
Tested-by: Tudor Ambarus <tudor.ambarus@linaro.org>
Link: https://lore.kernel.org/r/20230406111627.1916759-1-tudor.ambarus@linaro.org
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
fs/ext4/extents.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/fs/ext4/extents.c b/fs/ext4/extents.c
index 82bcf718b1e61..13497bd4e14bb 100644
--- a/fs/ext4/extents.c
+++ b/fs/ext4/extents.c
@@ -5812,7 +5812,8 @@ int ext4_clu_mapped(struct inode *inode, ext4_lblk_t lclu)
* mapped - no physical clusters have been allocated, and the
* file has no extents
*/
- if (ext4_test_inode_state(inode, EXT4_STATE_MAY_INLINE_DATA))
+ if (ext4_test_inode_state(inode, EXT4_STATE_MAY_INLINE_DATA) ||
+ ext4_has_inline_data(inode))
return 0;
/* search for the extent closest to the first block in the cluster */
--
2.39.2
^ permalink raw reply related [flat|nested] 391+ messages in thread
* [PATCH 5.15 327/371] pinctrl: renesas: r8a779a0: Remove incorrect AVB[01] pinmux configuration
2023-05-08 9:43 [PATCH 5.15 000/371] 5.15.111-rc1 review Greg Kroah-Hartman
` (325 preceding siblings ...)
2023-05-08 9:48 ` [PATCH 5.15 326/371] ext4: fix use-after-free read in ext4_find_extent for bigalloc + inline Greg Kroah-Hartman
@ 2023-05-08 9:48 ` Greg Kroah-Hartman
2023-05-08 9:48 ` [PATCH 5.15 328/371] leds: TI_LMU_COMMON: select REGMAP instead of depending on it Greg Kroah-Hartman
` (47 subsequent siblings)
374 siblings, 0 replies; 391+ messages in thread
From: Greg Kroah-Hartman @ 2023-05-08 9:48 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Hai Pham, LUU HOAI,
Geert Uytterhoeven, Sasha Levin
From: Hai Pham <hai.pham.ud@renesas.com>
[ Upstream commit a145c9a8674ac8fbfa1595276e1b6cbfc5139038 ]
AVB[01]_{MAGIC,MDC,MDIO,TXCREFCLK} are registered as both
PINMUX_SINGLE(fn) and PINMUX_IPSR_GPSR(fn) in the pinmux_data array.
The latter are correct, hence remove the former.
Without this fix, the Ethernet PHY is not operational on the MDIO bus.
Signed-off-by: Hai Pham <hai.pham.ud@renesas.com>
Signed-off-by: LUU HOAI <hoai.luu.ub@renesas.com>
Fixes: 741a7370fc3b8b54 ("pinctrl: renesas: Initial R8A779A0 (V3U) PFC support")
Signed-off-by: Geert Uytterhoeven <geert+renesas@glider.be>
Link: https://lore.kernel.org/r/6fd217b71e83ba9a8157513ed671a1fa218b23b6.1674824958.git.geert+renesas@glider.be
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/pinctrl/renesas/pfc-r8a779a0.c | 8 --------
1 file changed, 8 deletions(-)
diff --git a/drivers/pinctrl/renesas/pfc-r8a779a0.c b/drivers/pinctrl/renesas/pfc-r8a779a0.c
index a480677dd03d1..aa4fd56e0250d 100644
--- a/drivers/pinctrl/renesas/pfc-r8a779a0.c
+++ b/drivers/pinctrl/renesas/pfc-r8a779a0.c
@@ -710,16 +710,8 @@ static const u16 pinmux_data[] = {
PINMUX_SINGLE(PCIE0_CLKREQ_N),
PINMUX_SINGLE(AVB0_PHY_INT),
- PINMUX_SINGLE(AVB0_MAGIC),
- PINMUX_SINGLE(AVB0_MDC),
- PINMUX_SINGLE(AVB0_MDIO),
- PINMUX_SINGLE(AVB0_TXCREFCLK),
PINMUX_SINGLE(AVB1_PHY_INT),
- PINMUX_SINGLE(AVB1_MAGIC),
- PINMUX_SINGLE(AVB1_MDC),
- PINMUX_SINGLE(AVB1_MDIO),
- PINMUX_SINGLE(AVB1_TXCREFCLK),
PINMUX_SINGLE(AVB2_AVTP_PPS),
PINMUX_SINGLE(AVB2_AVTP_CAPTURE),
--
2.39.2
^ permalink raw reply related [flat|nested] 391+ messages in thread
* [PATCH 5.15 328/371] leds: TI_LMU_COMMON: select REGMAP instead of depending on it
2023-05-08 9:43 [PATCH 5.15 000/371] 5.15.111-rc1 review Greg Kroah-Hartman
` (326 preceding siblings ...)
2023-05-08 9:48 ` [PATCH 5.15 327/371] pinctrl: renesas: r8a779a0: Remove incorrect AVB[01] pinmux configuration Greg Kroah-Hartman
@ 2023-05-08 9:48 ` Greg Kroah-Hartman
2023-05-08 9:48 ` [PATCH 5.15 329/371] dmaengine: mv_xor_v2: Fix an error code Greg Kroah-Hartman
` (46 subsequent siblings)
374 siblings, 0 replies; 391+ messages in thread
From: Greg Kroah-Hartman @ 2023-05-08 9:48 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Randy Dunlap, Pavel Machek,
Lee Jones, Sasha Levin
From: Randy Dunlap <rdunlap@infradead.org>
[ Upstream commit a61079efc87888587e463afaed82417b162fbd69 ]
REGMAP is a hidden (not user visible) symbol. Users cannot set it
directly thru "make *config", so drivers should select it instead of
depending on it if they need it.
Consistently using "select" or "depends on" can also help reduce
Kconfig circular dependency issues.
Therefore, change the use of "depends on REGMAP" to "select REGMAP".
Fixes: 3fce8e1eb994 ("leds: TI LMU: Add common code for TI LMU devices")
Signed-off-by: Randy Dunlap <rdunlap@infradead.org>
Acked-by: Pavel Machek <pavel@ucw.cz>
Signed-off-by: Lee Jones <lee@kernel.org>
Link: https://lore.kernel.org/r/20230226053953.4681-5-rdunlap@infradead.org
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/leds/Kconfig | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/leds/Kconfig b/drivers/leds/Kconfig
index ed800f5da7d88..8bf545100fb04 100644
--- a/drivers/leds/Kconfig
+++ b/drivers/leds/Kconfig
@@ -821,7 +821,7 @@ config LEDS_SPI_BYTE
config LEDS_TI_LMU_COMMON
tristate "LED driver for TI LMU"
depends on LEDS_CLASS
- depends on REGMAP
+ select REGMAP
help
Say Y to enable the LED driver for TI LMU devices.
This supports common features between the TI LM3532, LM3631, LM3632,
--
2.39.2
^ permalink raw reply related [flat|nested] 391+ messages in thread
* [PATCH 5.15 329/371] dmaengine: mv_xor_v2: Fix an error code.
2023-05-08 9:43 [PATCH 5.15 000/371] 5.15.111-rc1 review Greg Kroah-Hartman
` (327 preceding siblings ...)
2023-05-08 9:48 ` [PATCH 5.15 328/371] leds: TI_LMU_COMMON: select REGMAP instead of depending on it Greg Kroah-Hartman
@ 2023-05-08 9:48 ` Greg Kroah-Hartman
2023-05-08 9:48 ` [PATCH 5.15 330/371] leds: tca6507: Fix error handling of using fwnode_property_read_string Greg Kroah-Hartman
` (45 subsequent siblings)
374 siblings, 0 replies; 391+ messages in thread
From: Greg Kroah-Hartman @ 2023-05-08 9:48 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Christophe JAILLET, Vinod Koul, Sasha Levin
From: Christophe JAILLET <christophe.jaillet@wanadoo.fr>
[ Upstream commit 827026ae2e56ec05ef1155661079badbbfc0b038 ]
If the probe is deferred, -EPROBE_DEFER should be returned, not
+EPROBE_DEFER.
Fixes: 3cd2c313f1d6 ("dmaengine: mv_xor_v2: Fix clock resource by adding a register clock")
Signed-off-by: Christophe JAILLET <christophe.jaillet@wanadoo.fr>
Link: https://lore.kernel.org/r/201170dff832a3c496d125772e10070cd834ebf2.1679814350.git.christophe.jaillet@wanadoo.fr
Signed-off-by: Vinod Koul <vkoul@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/dma/mv_xor_v2.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/dma/mv_xor_v2.c b/drivers/dma/mv_xor_v2.c
index 4800c596433ad..9f3e011fbd914 100644
--- a/drivers/dma/mv_xor_v2.c
+++ b/drivers/dma/mv_xor_v2.c
@@ -756,7 +756,7 @@ static int mv_xor_v2_probe(struct platform_device *pdev)
xor_dev->clk = devm_clk_get(&pdev->dev, NULL);
if (PTR_ERR(xor_dev->clk) == -EPROBE_DEFER) {
- ret = EPROBE_DEFER;
+ ret = -EPROBE_DEFER;
goto disable_reg_clk;
}
if (!IS_ERR(xor_dev->clk)) {
--
2.39.2
^ permalink raw reply related [flat|nested] 391+ messages in thread
* [PATCH 5.15 330/371] leds: tca6507: Fix error handling of using fwnode_property_read_string
2023-05-08 9:43 [PATCH 5.15 000/371] 5.15.111-rc1 review Greg Kroah-Hartman
` (328 preceding siblings ...)
2023-05-08 9:48 ` [PATCH 5.15 329/371] dmaengine: mv_xor_v2: Fix an error code Greg Kroah-Hartman
@ 2023-05-08 9:48 ` Greg Kroah-Hartman
2023-05-08 9:48 ` [PATCH 5.15 331/371] pwm: mtk-disp: Disable shadow registers before setting backlight values Greg Kroah-Hartman
` (44 subsequent siblings)
374 siblings, 0 replies; 391+ messages in thread
From: Greg Kroah-Hartman @ 2023-05-08 9:48 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, H. Nikolaus Schaller, Pavel Machek,
Marek Behún, Lee Jones, Sasha Levin
From: H. Nikolaus Schaller <hns@goldelico.com>
[ Upstream commit c1087c29e96a48e9080377e168d35dcb52fb068b ]
Commit 96f524105b9c ("leds: tca6507: use fwnode API instead of OF")
changed to fwnode API but did not take into account that a missing property
"linux,default-trigger" now seems to return an error and as a side effect
sets value to -1. This seems to be different from of_get_property() which
always returned NULL in any case of error.
Neglecting this side-effect leads to
[ 11.201965] Unable to handle kernel paging request at virtual address ffffffff when read
in the strcmp() of led_trigger_set_default() if there is no led-trigger
defined in the DTS.
I don't know if this was recently introduced somewhere in the fwnode lib
or if the effect was missed in initial testing. Anyways it seems to be a
bug to ignore the error return value of an optional value here in the
driver.
Fixes: 96f524105b9c ("leds: tca6507: use fwnode API instead of OF")
Signed-off-by: H. Nikolaus Schaller <hns@goldelico.com>
Acked-by: Pavel Machek <pavel@ucw.cz>
Reviewed-by: Marek Behún <kabel@kernel.org>
Signed-off-by: Lee Jones <lee@kernel.org>
Link: https://lore.kernel.org/r/cbae7617db83113de726fcc423a805ebaa1bfca6.1680433978.git.hns@goldelico.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/leds/leds-tca6507.c | 5 +++--
1 file changed, 3 insertions(+), 2 deletions(-)
diff --git a/drivers/leds/leds-tca6507.c b/drivers/leds/leds-tca6507.c
index 225b765830bdc..caad9d3e0eac8 100644
--- a/drivers/leds/leds-tca6507.c
+++ b/drivers/leds/leds-tca6507.c
@@ -696,8 +696,9 @@ tca6507_led_dt_init(struct device *dev)
if (fwnode_property_read_string(child, "label", &led.name))
led.name = fwnode_get_name(child);
- fwnode_property_read_string(child, "linux,default-trigger",
- &led.default_trigger);
+ if (fwnode_property_read_string(child, "linux,default-trigger",
+ &led.default_trigger))
+ led.default_trigger = NULL;
led.flags = 0;
if (fwnode_property_match_string(child, "compatible",
--
2.39.2
^ permalink raw reply related [flat|nested] 391+ messages in thread
* [PATCH 5.15 331/371] pwm: mtk-disp: Disable shadow registers before setting backlight values
2023-05-08 9:43 [PATCH 5.15 000/371] 5.15.111-rc1 review Greg Kroah-Hartman
` (329 preceding siblings ...)
2023-05-08 9:48 ` [PATCH 5.15 330/371] leds: tca6507: Fix error handling of using fwnode_property_read_string Greg Kroah-Hartman
@ 2023-05-08 9:48 ` Greg Kroah-Hartman
2023-05-08 9:48 ` [PATCH 5.15 332/371] pwm: mtk-disp: Configure double buffering before reading in .get_state() Greg Kroah-Hartman
` (43 subsequent siblings)
374 siblings, 0 replies; 391+ messages in thread
From: Greg Kroah-Hartman @ 2023-05-08 9:48 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, AngeloGioacchino Del Regno,
Nícolas F . R . A . Prado, Alexandre Mergnat,
Thierry Reding, Sasha Levin
From: AngeloGioacchino Del Regno <angelogioacchino.delregno@collabora.com>
[ Upstream commit 36dd7f530ae7d9ce9e853ffb8aa337de65c6600b ]
If shadow registers usage is not desired, disable that before performing
any write to CON0/1 registers in the .apply() callback, otherwise we may
lose clkdiv or period/width updates.
Fixes: cd4b45ac449a ("pwm: Add MediaTek MT2701 display PWM driver support")
Signed-off-by: AngeloGioacchino Del Regno <angelogioacchino.delregno@collabora.com>
Reviewed-by: Nícolas F. R. A. Prado <nfraprado@collabora.com>
Tested-by: Nícolas F. R. A. Prado <nfraprado@collabora.com>
Reviewed-by: Alexandre Mergnat <amergnat@baylibre.com>
Tested-by: Alexandre Mergnat <amergnat@baylibre.com>
Signed-off-by: Thierry Reding <thierry.reding@gmail.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/pwm/pwm-mtk-disp.c | 24 +++++++++++++-----------
1 file changed, 13 insertions(+), 11 deletions(-)
diff --git a/drivers/pwm/pwm-mtk-disp.c b/drivers/pwm/pwm-mtk-disp.c
index 3fbb4bae93a4e..9e91a51472493 100644
--- a/drivers/pwm/pwm-mtk-disp.c
+++ b/drivers/pwm/pwm-mtk-disp.c
@@ -138,6 +138,19 @@ static int mtk_disp_pwm_apply(struct pwm_chip *chip, struct pwm_device *pwm,
high_width = mul_u64_u64_div_u64(state->duty_cycle, rate, div);
value = period | (high_width << PWM_HIGH_WIDTH_SHIFT);
+ if (mdp->data->bls_debug && !mdp->data->has_commit) {
+ /*
+ * For MT2701, disable double buffer before writing register
+ * and select manual mode and use PWM_PERIOD/PWM_HIGH_WIDTH.
+ */
+ mtk_disp_pwm_update_bits(mdp, mdp->data->bls_debug,
+ mdp->data->bls_debug_mask,
+ mdp->data->bls_debug_mask);
+ mtk_disp_pwm_update_bits(mdp, mdp->data->con0,
+ mdp->data->con0_sel,
+ mdp->data->con0_sel);
+ }
+
mtk_disp_pwm_update_bits(mdp, mdp->data->con0,
PWM_CLKDIV_MASK,
clk_div << PWM_CLKDIV_SHIFT);
@@ -152,17 +165,6 @@ static int mtk_disp_pwm_apply(struct pwm_chip *chip, struct pwm_device *pwm,
mtk_disp_pwm_update_bits(mdp, mdp->data->commit,
mdp->data->commit_mask,
0x0);
- } else {
- /*
- * For MT2701, disable double buffer before writing register
- * and select manual mode and use PWM_PERIOD/PWM_HIGH_WIDTH.
- */
- mtk_disp_pwm_update_bits(mdp, mdp->data->bls_debug,
- mdp->data->bls_debug_mask,
- mdp->data->bls_debug_mask);
- mtk_disp_pwm_update_bits(mdp, mdp->data->con0,
- mdp->data->con0_sel,
- mdp->data->con0_sel);
}
mtk_disp_pwm_update_bits(mdp, DISP_PWM_EN, mdp->data->enable_mask,
--
2.39.2
^ permalink raw reply related [flat|nested] 391+ messages in thread
* [PATCH 5.15 332/371] pwm: mtk-disp: Configure double buffering before reading in .get_state()
2023-05-08 9:43 [PATCH 5.15 000/371] 5.15.111-rc1 review Greg Kroah-Hartman
` (330 preceding siblings ...)
2023-05-08 9:48 ` [PATCH 5.15 331/371] pwm: mtk-disp: Disable shadow registers before setting backlight values Greg Kroah-Hartman
@ 2023-05-08 9:48 ` Greg Kroah-Hartman
2023-05-08 9:48 ` [PATCH 5.15 333/371] phy: tegra: xusb: Add missing tegra_xusb_port_unregister for usb2_port and ulpi_port Greg Kroah-Hartman
` (42 subsequent siblings)
374 siblings, 0 replies; 391+ messages in thread
From: Greg Kroah-Hartman @ 2023-05-08 9:48 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, AngeloGioacchino Del Regno,
Nícolas F . R . A . Prado, Alexandre Mergnat,
Thierry Reding, Sasha Levin
From: AngeloGioacchino Del Regno <angelogioacchino.delregno@collabora.com>
[ Upstream commit b16c310115f2084b8826a35b77ef42bab6786d9f ]
The DISP_PWM controller's default behavior is to always use register
double buffering: all reads/writes are then performed on shadow
registers instead of working registers and this becomes an issue
in case our chosen configuration in Linux is different from the
default (or from the one that was pre-applied by the bootloader).
An example of broken behavior is when the controller is configured
to use shadow registers, but this driver wants to configure it
otherwise: what happens is that the .get_state() callback is called
right after registering the pwmchip and checks whether the PWM is
enabled by reading the DISP_PWM_EN register;
At this point, if shadow registers are enabled but their content
was not committed before booting Linux, we are *not* reading the
current PWM enablement status, leading to the kernel knowing that
the hardware is actually enabled when, in reality, it's not.
The aforementioned issue emerged since this driver was fixed with
commit 0b5ef3429d8f ("pwm: mtk-disp: Fix the parameters calculated
by the enabled flag of disp_pwm") making it to read the enablement
status from the right register.
Configure the controller in the .get_state() callback to avoid
this desync issue and get the backlight properly working again.
Fixes: 3f2b16734914 ("pwm: mtk-disp: Implement atomic API .get_state()")
Signed-off-by: AngeloGioacchino Del Regno <angelogioacchino.delregno@collabora.com>
Reviewed-by: Nícolas F. R. A. Prado <nfraprado@collabora.com>
Tested-by: Nícolas F. R. A. Prado <nfraprado@collabora.com>
Reviewed-by: Alexandre Mergnat <amergnat@baylibre.com>
Tested-by: Alexandre Mergnat <amergnat@baylibre.com>
Signed-off-by: Thierry Reding <thierry.reding@gmail.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/pwm/pwm-mtk-disp.c | 10 ++++++++++
1 file changed, 10 insertions(+)
diff --git a/drivers/pwm/pwm-mtk-disp.c b/drivers/pwm/pwm-mtk-disp.c
index 9e91a51472493..92ba02cfec92f 100644
--- a/drivers/pwm/pwm-mtk-disp.c
+++ b/drivers/pwm/pwm-mtk-disp.c
@@ -196,6 +196,16 @@ static void mtk_disp_pwm_get_state(struct pwm_chip *chip,
return;
}
+ /*
+ * Apply DISP_PWM_DEBUG settings to choose whether to enable or disable
+ * registers double buffer and manual commit to working register before
+ * performing any read/write operation
+ */
+ if (mdp->data->bls_debug)
+ mtk_disp_pwm_update_bits(mdp, mdp->data->bls_debug,
+ mdp->data->bls_debug_mask,
+ mdp->data->bls_debug_mask);
+
rate = clk_get_rate(mdp->clk_main);
con0 = readl(mdp->base + mdp->data->con0);
con1 = readl(mdp->base + mdp->data->con1);
--
2.39.2
^ permalink raw reply related [flat|nested] 391+ messages in thread
* [PATCH 5.15 333/371] phy: tegra: xusb: Add missing tegra_xusb_port_unregister for usb2_port and ulpi_port
2023-05-08 9:43 [PATCH 5.15 000/371] 5.15.111-rc1 review Greg Kroah-Hartman
` (331 preceding siblings ...)
2023-05-08 9:48 ` [PATCH 5.15 332/371] pwm: mtk-disp: Configure double buffering before reading in .get_state() Greg Kroah-Hartman
@ 2023-05-08 9:48 ` Greg Kroah-Hartman
2023-05-08 9:48 ` [PATCH 5.15 334/371] dma: gpi: remove spurious unlock in gpi_ch_init Greg Kroah-Hartman
` (41 subsequent siblings)
374 siblings, 0 replies; 391+ messages in thread
From: Greg Kroah-Hartman @ 2023-05-08 9:48 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Gaosheng Cui, Thierry Reding,
Vinod Koul, Sasha Levin
From: Gaosheng Cui <cuigaosheng1@huawei.com>
[ Upstream commit e024854048e733391b31fe5a398704b31b9af803 ]
The tegra_xusb_port_unregister should be called when usb2_port
and ulpi_port map fails in tegra_xusb_add_usb2_port() or in
tegra_xusb_add_ulpi_port(), fix it.
Fixes: 53d2a715c240 ("phy: Add Tegra XUSB pad controller support")
Signed-off-by: Gaosheng Cui <cuigaosheng1@huawei.com>
Acked-by: Thierry Reding <treding@nvidia.com>
Link: https://lore.kernel.org/r/20221129111634.1547747-1-cuigaosheng1@huawei.com
Signed-off-by: Vinod Koul <vkoul@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/phy/tegra/xusb.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/drivers/phy/tegra/xusb.c b/drivers/phy/tegra/xusb.c
index 963de5913e505..71271af39ad61 100644
--- a/drivers/phy/tegra/xusb.c
+++ b/drivers/phy/tegra/xusb.c
@@ -781,6 +781,7 @@ static int tegra_xusb_add_usb2_port(struct tegra_xusb_padctl *padctl,
usb2->base.lane = usb2->base.ops->map(&usb2->base);
if (IS_ERR(usb2->base.lane)) {
err = PTR_ERR(usb2->base.lane);
+ tegra_xusb_port_unregister(&usb2->base);
goto out;
}
@@ -847,6 +848,7 @@ static int tegra_xusb_add_ulpi_port(struct tegra_xusb_padctl *padctl,
ulpi->base.lane = ulpi->base.ops->map(&ulpi->base);
if (IS_ERR(ulpi->base.lane)) {
err = PTR_ERR(ulpi->base.lane);
+ tegra_xusb_port_unregister(&ulpi->base);
goto out;
}
--
2.39.2
^ permalink raw reply related [flat|nested] 391+ messages in thread
* [PATCH 5.15 334/371] dma: gpi: remove spurious unlock in gpi_ch_init
2023-05-08 9:43 [PATCH 5.15 000/371] 5.15.111-rc1 review Greg Kroah-Hartman
` (332 preceding siblings ...)
2023-05-08 9:48 ` [PATCH 5.15 333/371] phy: tegra: xusb: Add missing tegra_xusb_port_unregister for usb2_port and ulpi_port Greg Kroah-Hartman
@ 2023-05-08 9:48 ` Greg Kroah-Hartman
2023-05-08 9:48 ` [PATCH 5.15 335/371] dmaengine: dw-edma: Fix to change for continuous transfer Greg Kroah-Hartman
` (40 subsequent siblings)
374 siblings, 0 replies; 391+ messages in thread
From: Greg Kroah-Hartman @ 2023-05-08 9:48 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Dmitry Baryshkov, Vinod Koul, Sasha Levin
From: Dmitry Baryshkov <dmitry.baryshkov@linaro.org>
[ Upstream commit 91d6a468e335571f1e67e046050dea9af5fa4ebe ]
gpi_ch_init() doesn't lock the ctrl_lock mutex, so there is no need to
unlock it too. Instead the mutex is handled by the function
gpi_alloc_chan_resources(), which properly locks and unlocks the mutex.
=====================================
WARNING: bad unlock balance detected!
6.3.0-rc5-00253-g99792582ded1-dirty #15 Not tainted
-------------------------------------
kworker/u16:0/9 is trying to release lock (&gpii->ctrl_lock) at:
[<ffffb99d04e1284c>] gpi_alloc_chan_resources+0x108/0x5bc
but there are no more locks to release!
other info that might help us debug this:
6 locks held by kworker/u16:0/9:
#0: ffff575740010938 ((wq_completion)events_unbound){+.+.}-{0:0}, at: process_one_work+0x220/0x594
#1: ffff80000809bdd0 (deferred_probe_work){+.+.}-{0:0}, at: process_one_work+0x220/0x594
#2: ffff575740f2a0f8 (&dev->mutex){....}-{3:3}, at: __device_attach+0x38/0x188
#3: ffff57574b5570f8 (&dev->mutex){....}-{3:3}, at: __device_attach+0x38/0x188
#4: ffffb99d06a2f180 (of_dma_lock){+.+.}-{3:3}, at: of_dma_request_slave_channel+0x138/0x280
#5: ffffb99d06a2ee20 (dma_list_mutex){+.+.}-{3:3}, at: dma_get_slave_channel+0x28/0x10c
stack backtrace:
CPU: 7 PID: 9 Comm: kworker/u16:0 Not tainted 6.3.0-rc5-00253-g99792582ded1-dirty #15
Hardware name: Google Pixel 3 (DT)
Workqueue: events_unbound deferred_probe_work_func
Call trace:
dump_backtrace+0xa0/0xfc
show_stack+0x18/0x24
dump_stack_lvl+0x60/0xac
dump_stack+0x18/0x24
print_unlock_imbalance_bug+0x130/0x148
lock_release+0x270/0x300
__mutex_unlock_slowpath+0x48/0x2cc
mutex_unlock+0x20/0x2c
gpi_alloc_chan_resources+0x108/0x5bc
dma_chan_get+0x84/0x188
dma_get_slave_channel+0x5c/0x10c
gpi_of_dma_xlate+0x110/0x1a0
of_dma_request_slave_channel+0x174/0x280
dma_request_chan+0x3c/0x2d4
geni_i2c_probe+0x544/0x63c
platform_probe+0x68/0xc4
really_probe+0x148/0x2ac
__driver_probe_device+0x78/0xe0
driver_probe_device+0x3c/0x160
__device_attach_driver+0xb8/0x138
bus_for_each_drv+0x84/0xe0
__device_attach+0x9c/0x188
device_initial_probe+0x14/0x20
bus_probe_device+0xac/0xb0
device_add+0x60c/0x7d8
of_device_add+0x44/0x60
of_platform_device_create_pdata+0x90/0x124
of_platform_bus_create+0x15c/0x3c8
of_platform_populate+0x58/0xf8
devm_of_platform_populate+0x58/0xbc
geni_se_probe+0xf0/0x164
platform_probe+0x68/0xc4
really_probe+0x148/0x2ac
__driver_probe_device+0x78/0xe0
driver_probe_device+0x3c/0x160
__device_attach_driver+0xb8/0x138
bus_for_each_drv+0x84/0xe0
__device_attach+0x9c/0x188
device_initial_probe+0x14/0x20
bus_probe_device+0xac/0xb0
deferred_probe_work_func+0x8c/0xc8
process_one_work+0x2bc/0x594
worker_thread+0x228/0x438
kthread+0x108/0x10c
ret_from_fork+0x10/0x20
Fixes: 5d0c3533a19f ("dmaengine: qcom: Add GPI dma driver")
Signed-off-by: Dmitry Baryshkov <dmitry.baryshkov@linaro.org>
Link: https://lore.kernel.org/r/20230409233355.453741-1-dmitry.baryshkov@linaro.org
Signed-off-by: Vinod Koul <vkoul@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/dma/qcom/gpi.c | 1 -
1 file changed, 1 deletion(-)
diff --git a/drivers/dma/qcom/gpi.c b/drivers/dma/qcom/gpi.c
index 1a1b7d8458c93..1e87fe6c62af2 100644
--- a/drivers/dma/qcom/gpi.c
+++ b/drivers/dma/qcom/gpi.c
@@ -1961,7 +1961,6 @@ static int gpi_ch_init(struct gchan *gchan)
error_config_int:
gpi_free_ring(&gpii->ev_ring, gpii);
exit_gpi_init:
- mutex_unlock(&gpii->ctrl_lock);
return ret;
}
--
2.39.2
^ permalink raw reply related [flat|nested] 391+ messages in thread
* [PATCH 5.15 335/371] dmaengine: dw-edma: Fix to change for continuous transfer
2023-05-08 9:43 [PATCH 5.15 000/371] 5.15.111-rc1 review Greg Kroah-Hartman
` (333 preceding siblings ...)
2023-05-08 9:48 ` [PATCH 5.15 334/371] dma: gpi: remove spurious unlock in gpi_ch_init Greg Kroah-Hartman
@ 2023-05-08 9:48 ` Greg Kroah-Hartman
2023-05-08 9:48 ` [PATCH 5.15 336/371] dmaengine: dw-edma: Fix to enable to issue dma request on DMA processing Greg Kroah-Hartman
` (39 subsequent siblings)
374 siblings, 0 replies; 391+ messages in thread
From: Greg Kroah-Hartman @ 2023-05-08 9:48 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Shunsuke Mie, Vinod Koul, Sasha Levin
From: Shunsuke Mie <mie@igel.co.jp>
[ Upstream commit a251994a441ee0a69ba7062c8cd2d08ead3db379 ]
The dw-edma driver stops after processing a DMA request even if a request
remains in the issued queue, which is not the expected behavior. The DMA
engine API requires continuous processing.
Add a trigger to start after one processing finished if there are requests
remain.
Fixes: e63d79d1ffcd ("dmaengine: Add Synopsys eDMA IP core driver")
Signed-off-by: Shunsuke Mie <mie@igel.co.jp>
Link: https://lore.kernel.org/r/20230411101758.438472-1-mie@igel.co.jp
Signed-off-by: Vinod Koul <vkoul@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/dma/dw-edma/dw-edma-core.c | 20 +++++++++++---------
1 file changed, 11 insertions(+), 9 deletions(-)
diff --git a/drivers/dma/dw-edma/dw-edma-core.c b/drivers/dma/dw-edma/dw-edma-core.c
index 97f5e4e93cfc6..2a434c255b4a2 100644
--- a/drivers/dma/dw-edma/dw-edma-core.c
+++ b/drivers/dma/dw-edma/dw-edma-core.c
@@ -171,7 +171,7 @@ static void vchan_free_desc(struct virt_dma_desc *vdesc)
dw_edma_free_desc(vd2dw_edma_desc(vdesc));
}
-static void dw_edma_start_transfer(struct dw_edma_chan *chan)
+static int dw_edma_start_transfer(struct dw_edma_chan *chan)
{
struct dw_edma_chunk *child;
struct dw_edma_desc *desc;
@@ -179,16 +179,16 @@ static void dw_edma_start_transfer(struct dw_edma_chan *chan)
vd = vchan_next_desc(&chan->vc);
if (!vd)
- return;
+ return 0;
desc = vd2dw_edma_desc(vd);
if (!desc)
- return;
+ return 0;
child = list_first_entry_or_null(&desc->chunk->list,
struct dw_edma_chunk, list);
if (!child)
- return;
+ return 0;
dw_edma_v0_core_start(child, !desc->xfer_sz);
desc->xfer_sz += child->ll_region.sz;
@@ -196,6 +196,8 @@ static void dw_edma_start_transfer(struct dw_edma_chan *chan)
list_del(&child->list);
kfree(child);
desc->chunks_alloc--;
+
+ return 1;
}
static int dw_edma_device_config(struct dma_chan *dchan,
@@ -555,14 +557,14 @@ static void dw_edma_done_interrupt(struct dw_edma_chan *chan)
switch (chan->request) {
case EDMA_REQ_NONE:
desc = vd2dw_edma_desc(vd);
- if (desc->chunks_alloc) {
- chan->status = EDMA_ST_BUSY;
- dw_edma_start_transfer(chan);
- } else {
+ if (!desc->chunks_alloc) {
list_del(&vd->node);
vchan_cookie_complete(vd);
- chan->status = EDMA_ST_IDLE;
}
+
+ /* Continue transferring if there are remaining chunks or issued requests.
+ */
+ chan->status = dw_edma_start_transfer(chan) ? EDMA_ST_BUSY : EDMA_ST_IDLE;
break;
case EDMA_REQ_STOP:
--
2.39.2
^ permalink raw reply related [flat|nested] 391+ messages in thread
* [PATCH 5.15 336/371] dmaengine: dw-edma: Fix to enable to issue dma request on DMA processing
2023-05-08 9:43 [PATCH 5.15 000/371] 5.15.111-rc1 review Greg Kroah-Hartman
` (334 preceding siblings ...)
2023-05-08 9:48 ` [PATCH 5.15 335/371] dmaengine: dw-edma: Fix to change for continuous transfer Greg Kroah-Hartman
@ 2023-05-08 9:48 ` Greg Kroah-Hartman
2023-05-08 9:48 ` [PATCH 5.15 337/371] dmaengine: at_xdmac: Fix concurrency over chans completed_cookie Greg Kroah-Hartman
` (38 subsequent siblings)
374 siblings, 0 replies; 391+ messages in thread
From: Greg Kroah-Hartman @ 2023-05-08 9:48 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Shunsuke Mie, Vinod Koul, Sasha Levin
From: Shunsuke Mie <mie@igel.co.jp>
[ Upstream commit 970b17dfe264a9085ba4e593730ecfd496b950ab ]
The issue_pending request is ignored while driver is processing a DMA
request. Fix to issue the pending requests on any dma channel status.
Fixes: e63d79d1ffcd ("dmaengine: Add Synopsys eDMA IP core driver")
Signed-off-by: Shunsuke Mie <mie@igel.co.jp>
Link: https://lore.kernel.org/r/20230411101758.438472-2-mie@igel.co.jp
Signed-off-by: Vinod Koul <vkoul@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/dma/dw-edma/dw-edma-core.c | 7 +++++--
1 file changed, 5 insertions(+), 2 deletions(-)
diff --git a/drivers/dma/dw-edma/dw-edma-core.c b/drivers/dma/dw-edma/dw-edma-core.c
index 2a434c255b4a2..799ebbaf35be5 100644
--- a/drivers/dma/dw-edma/dw-edma-core.c
+++ b/drivers/dma/dw-edma/dw-edma-core.c
@@ -281,9 +281,12 @@ static void dw_edma_device_issue_pending(struct dma_chan *dchan)
struct dw_edma_chan *chan = dchan2dw_edma_chan(dchan);
unsigned long flags;
+ if (!chan->configured)
+ return;
+
spin_lock_irqsave(&chan->vc.lock, flags);
- if (chan->configured && chan->request == EDMA_REQ_NONE &&
- chan->status == EDMA_ST_IDLE && vchan_issue_pending(&chan->vc)) {
+ if (vchan_issue_pending(&chan->vc) && chan->request == EDMA_REQ_NONE &&
+ chan->status == EDMA_ST_IDLE) {
chan->status = EDMA_ST_BUSY;
dw_edma_start_transfer(chan);
}
--
2.39.2
^ permalink raw reply related [flat|nested] 391+ messages in thread
* [PATCH 5.15 337/371] dmaengine: at_xdmac: Fix concurrency over chans completed_cookie
2023-05-08 9:43 [PATCH 5.15 000/371] 5.15.111-rc1 review Greg Kroah-Hartman
` (335 preceding siblings ...)
2023-05-08 9:48 ` [PATCH 5.15 336/371] dmaengine: dw-edma: Fix to enable to issue dma request on DMA processing Greg Kroah-Hartman
@ 2023-05-08 9:48 ` Greg Kroah-Hartman
2023-05-08 9:48 ` [PATCH 5.15 338/371] dmaengine: at_xdmac: Fix race for the tx desc callback Greg Kroah-Hartman
` (37 subsequent siblings)
374 siblings, 0 replies; 391+ messages in thread
From: Greg Kroah-Hartman @ 2023-05-08 9:48 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Tudor Ambarus, Vinod Koul, Sasha Levin
From: Tudor Ambarus <tudor.ambarus@microchip.com>
[ Upstream commit 506875c30fc5bf92246060bc3b4c38799646266b ]
Caller of dma_cookie_complete is expected to hold a lock to prevent
concurrency over the channel's completed cookie marker. Call
dma_cookie_complete() with the lock held.
Fixes: e1f7c9eee707 ("dmaengine: at_xdmac: creation of the atmel eXtended DMA Controller driver")
Signed-off-by: Tudor Ambarus <tudor.ambarus@microchip.com>
Link: https://lore.kernel.org/r/20211215110115.191749-5-tudor.ambarus@microchip.com
Signed-off-by: Vinod Koul <vkoul@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/dma/at_xdmac.c | 3 +--
1 file changed, 1 insertion(+), 2 deletions(-)
diff --git a/drivers/dma/at_xdmac.c b/drivers/dma/at_xdmac.c
index c5638afe94368..c6b200f0145ba 100644
--- a/drivers/dma/at_xdmac.c
+++ b/drivers/dma/at_xdmac.c
@@ -1710,11 +1710,10 @@ static void at_xdmac_tasklet(struct tasklet_struct *t)
}
txd = &desc->tx_dma_desc;
-
+ dma_cookie_complete(txd);
at_xdmac_remove_xfer(atchan, desc);
spin_unlock_irq(&atchan->lock);
- dma_cookie_complete(txd);
if (txd->flags & DMA_PREP_INTERRUPT)
dmaengine_desc_get_callback_invoke(txd, NULL);
--
2.39.2
^ permalink raw reply related [flat|nested] 391+ messages in thread
* [PATCH 5.15 338/371] dmaengine: at_xdmac: Fix race for the tx desc callback
2023-05-08 9:43 [PATCH 5.15 000/371] 5.15.111-rc1 review Greg Kroah-Hartman
` (336 preceding siblings ...)
2023-05-08 9:48 ` [PATCH 5.15 337/371] dmaengine: at_xdmac: Fix concurrency over chans completed_cookie Greg Kroah-Hartman
@ 2023-05-08 9:48 ` Greg Kroah-Hartman
2023-05-08 9:49 ` [PATCH 5.15 339/371] dmaengine: at_xdmac: do not enable all cyclic channels Greg Kroah-Hartman
` (36 subsequent siblings)
374 siblings, 0 replies; 391+ messages in thread
From: Greg Kroah-Hartman @ 2023-05-08 9:48 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Tudor Ambarus, Vinod Koul, Sasha Levin
From: Tudor Ambarus <tudor.ambarus@microchip.com>
[ Upstream commit b63e5cb94ad6947ab5fe38b5a9417dcfd0bc6122 ]
The transfer descriptors were wrongly moved to the free descriptors list
before calling the tx desc callback. As the DMA engine drivers drop any
locks before calling the callback function, txd could be taken again,
resulting in its callback called prematurely. Fix the race for the tx desc
callback by moving the xfer desc into the free desc list after the
callback is invoked.
Fixes: e1f7c9eee707 ("dmaengine: at_xdmac: creation of the atmel eXtended DMA Controller driver")
Signed-off-by: Tudor Ambarus <tudor.ambarus@microchip.com>
Link: https://lore.kernel.org/r/20211215110115.191749-6-tudor.ambarus@microchip.com
Signed-off-by: Vinod Koul <vkoul@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/dma/at_xdmac.c | 25 ++++++++-----------------
1 file changed, 8 insertions(+), 17 deletions(-)
diff --git a/drivers/dma/at_xdmac.c b/drivers/dma/at_xdmac.c
index c6b200f0145ba..f7b0de4f4667d 100644
--- a/drivers/dma/at_xdmac.c
+++ b/drivers/dma/at_xdmac.c
@@ -1586,20 +1586,6 @@ at_xdmac_tx_status(struct dma_chan *chan, dma_cookie_t cookie,
return ret;
}
-/* Call must be protected by lock. */
-static void at_xdmac_remove_xfer(struct at_xdmac_chan *atchan,
- struct at_xdmac_desc *desc)
-{
- dev_dbg(chan2dev(&atchan->chan), "%s: desc 0x%p\n", __func__, desc);
-
- /*
- * Remove the transfer from the transfer list then move the transfer
- * descriptors into the free descriptors list.
- */
- list_del(&desc->xfer_node);
- list_splice_init(&desc->descs_list, &atchan->free_descs_list);
-}
-
static void at_xdmac_advance_work(struct at_xdmac_chan *atchan)
{
struct at_xdmac_desc *desc;
@@ -1711,7 +1697,8 @@ static void at_xdmac_tasklet(struct tasklet_struct *t)
txd = &desc->tx_dma_desc;
dma_cookie_complete(txd);
- at_xdmac_remove_xfer(atchan, desc);
+ /* Remove the transfer from the transfer list. */
+ list_del(&desc->xfer_node);
spin_unlock_irq(&atchan->lock);
if (txd->flags & DMA_PREP_INTERRUPT)
@@ -1720,6 +1707,8 @@ static void at_xdmac_tasklet(struct tasklet_struct *t)
dma_run_dependencies(txd);
spin_lock_irq(&atchan->lock);
+ /* Move the xfer descriptors into the free descriptors list. */
+ list_splice_init(&desc->descs_list, &atchan->free_descs_list);
at_xdmac_advance_work(atchan);
spin_unlock_irq(&atchan->lock);
}
@@ -1866,8 +1855,10 @@ static int at_xdmac_device_terminate_all(struct dma_chan *chan)
cpu_relax();
/* Cancel all pending transfers. */
- list_for_each_entry_safe(desc, _desc, &atchan->xfers_list, xfer_node)
- at_xdmac_remove_xfer(atchan, desc);
+ list_for_each_entry_safe(desc, _desc, &atchan->xfers_list, xfer_node) {
+ list_del(&desc->xfer_node);
+ list_splice_init(&desc->descs_list, &atchan->free_descs_list);
+ }
clear_bit(AT_XDMAC_CHAN_IS_PAUSED, &atchan->status);
clear_bit(AT_XDMAC_CHAN_IS_CYCLIC, &atchan->status);
--
2.39.2
^ permalink raw reply related [flat|nested] 391+ messages in thread
* [PATCH 5.15 339/371] dmaengine: at_xdmac: do not enable all cyclic channels
2023-05-08 9:43 [PATCH 5.15 000/371] 5.15.111-rc1 review Greg Kroah-Hartman
` (337 preceding siblings ...)
2023-05-08 9:48 ` [PATCH 5.15 338/371] dmaengine: at_xdmac: Fix race for the tx desc callback Greg Kroah-Hartman
@ 2023-05-08 9:49 ` Greg Kroah-Hartman
2023-05-08 9:49 ` [PATCH 5.15 340/371] thermal/drivers/mediatek: Use devm_of_iomap to avoid resource leak in mtk_thermal_probe Greg Kroah-Hartman
` (35 subsequent siblings)
374 siblings, 0 replies; 391+ messages in thread
From: Greg Kroah-Hartman @ 2023-05-08 9:49 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Claudiu Beznea, Vinod Koul, Sasha Levin
From: Claudiu Beznea <claudiu.beznea@microchip.com>
[ Upstream commit f8435befd81dd85b7b610598551fadf675849bc1 ]
Do not global enable all the cyclic channels in at_xdmac_resume(). Instead
save the global status in at_xdmac_suspend() and re-enable the cyclic
channel only if it was active before suspend.
Fixes: e1f7c9eee707 ("dmaengine: at_xdmac: creation of the atmel eXtended DMA Controller driver")
Signed-off-by: Claudiu Beznea <claudiu.beznea@microchip.com>
Link: https://lore.kernel.org/r/20230214151827.1050280-6-claudiu.beznea@microchip.com
Signed-off-by: Vinod Koul <vkoul@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/dma/at_xdmac.c | 5 ++++-
1 file changed, 4 insertions(+), 1 deletion(-)
diff --git a/drivers/dma/at_xdmac.c b/drivers/dma/at_xdmac.c
index f7b0de4f4667d..80c609aa2a91c 100644
--- a/drivers/dma/at_xdmac.c
+++ b/drivers/dma/at_xdmac.c
@@ -243,6 +243,7 @@ struct at_xdmac {
int irq;
struct clk *clk;
u32 save_gim;
+ u32 save_gs;
struct dma_pool *at_xdmac_desc_pool;
const struct at_xdmac_layout *layout;
struct at_xdmac_chan chan[];
@@ -1984,6 +1985,7 @@ static int atmel_xdmac_suspend(struct device *dev)
}
}
atxdmac->save_gim = at_xdmac_read(atxdmac, AT_XDMAC_GIM);
+ atxdmac->save_gs = at_xdmac_read(atxdmac, AT_XDMAC_GS);
at_xdmac_off(atxdmac);
clk_disable_unprepare(atxdmac->clk);
@@ -2023,7 +2025,8 @@ static int atmel_xdmac_resume(struct device *dev)
at_xdmac_chan_write(atchan, AT_XDMAC_CNDC, atchan->save_cndc);
at_xdmac_chan_write(atchan, AT_XDMAC_CIE, atchan->save_cim);
wmb();
- at_xdmac_write(atxdmac, AT_XDMAC_GE, atchan->mask);
+ if (atxdmac->save_gs & atchan->mask)
+ at_xdmac_write(atxdmac, AT_XDMAC_GE, atchan->mask);
}
}
return 0;
--
2.39.2
^ permalink raw reply related [flat|nested] 391+ messages in thread
* [PATCH 5.15 340/371] thermal/drivers/mediatek: Use devm_of_iomap to avoid resource leak in mtk_thermal_probe
2023-05-08 9:43 [PATCH 5.15 000/371] 5.15.111-rc1 review Greg Kroah-Hartman
` (338 preceding siblings ...)
2023-05-08 9:49 ` [PATCH 5.15 339/371] dmaengine: at_xdmac: do not enable all cyclic channels Greg Kroah-Hartman
@ 2023-05-08 9:49 ` Greg Kroah-Hartman
2023-05-08 9:49 ` [PATCH 5.15 341/371] mfd: tqmx86: Do not access I2C_DETECT register through io_base Greg Kroah-Hartman
` (34 subsequent siblings)
374 siblings, 0 replies; 391+ messages in thread
From: Greg Kroah-Hartman @ 2023-05-08 9:49 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Kang Chen, Dongliang Mu,
AngeloGioacchino Del Regno, Daniel Lezcano, Sasha Levin
From: Kang Chen <void0red@hust.edu.cn>
[ Upstream commit f05c7b7d9ea9477fcc388476c6f4ade8c66d2d26 ]
Smatch reports:
1. mtk_thermal_probe() warn: 'apmixed_base' from of_iomap() not released.
2. mtk_thermal_probe() warn: 'auxadc_base' from of_iomap() not released.
The original code forgets to release iomap resource when handling errors,
fix it by switch to devm_of_iomap.
Fixes: 89945047b166 ("thermal: mediatek: Add tsensor support for V2 thermal system")
Signed-off-by: Kang Chen <void0red@hust.edu.cn>
Reviewed-by: Dongliang Mu <dzm91@hust.edu.cn>
Reviewed-by: AngeloGioacchino Del Regno <angelogioacchino.delregno@collabora.com>
Signed-off-by: Daniel Lezcano <daniel.lezcano@linaro.org>
Link: https://lore.kernel.org/r/20230419020749.621257-1-void0red@hust.edu.cn
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/thermal/mtk_thermal.c | 14 ++++++++++++--
1 file changed, 12 insertions(+), 2 deletions(-)
diff --git a/drivers/thermal/mtk_thermal.c b/drivers/thermal/mtk_thermal.c
index ede94eaddddae..9c857fb5d9681 100644
--- a/drivers/thermal/mtk_thermal.c
+++ b/drivers/thermal/mtk_thermal.c
@@ -1028,7 +1028,12 @@ static int mtk_thermal_probe(struct platform_device *pdev)
return -ENODEV;
}
- auxadc_base = of_iomap(auxadc, 0);
+ auxadc_base = devm_of_iomap(&pdev->dev, auxadc, 0, NULL);
+ if (IS_ERR(auxadc_base)) {
+ of_node_put(auxadc);
+ return PTR_ERR(auxadc_base);
+ }
+
auxadc_phys_base = of_get_phys_base(auxadc);
of_node_put(auxadc);
@@ -1044,7 +1049,12 @@ static int mtk_thermal_probe(struct platform_device *pdev)
return -ENODEV;
}
- apmixed_base = of_iomap(apmixedsys, 0);
+ apmixed_base = devm_of_iomap(&pdev->dev, apmixedsys, 0, NULL);
+ if (IS_ERR(apmixed_base)) {
+ of_node_put(apmixedsys);
+ return PTR_ERR(apmixed_base);
+ }
+
apmixed_phys_base = of_get_phys_base(apmixedsys);
of_node_put(apmixedsys);
--
2.39.2
^ permalink raw reply related [flat|nested] 391+ messages in thread
* [PATCH 5.15 341/371] mfd: tqmx86: Do not access I2C_DETECT register through io_base
2023-05-08 9:43 [PATCH 5.15 000/371] 5.15.111-rc1 review Greg Kroah-Hartman
` (339 preceding siblings ...)
2023-05-08 9:49 ` [PATCH 5.15 340/371] thermal/drivers/mediatek: Use devm_of_iomap to avoid resource leak in mtk_thermal_probe Greg Kroah-Hartman
@ 2023-05-08 9:49 ` Greg Kroah-Hartman
2023-05-08 9:49 ` [PATCH 5.15 342/371] mfd: tqmx86: Specify IO port register range more precisely Greg Kroah-Hartman
` (33 subsequent siblings)
374 siblings, 0 replies; 391+ messages in thread
From: Greg Kroah-Hartman @ 2023-05-08 9:49 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Matthias Schiffer, Andrew Lunn,
Lee Jones, Sasha Levin
From: Matthias Schiffer <matthias.schiffer@ew.tq-group.com>
[ Upstream commit 1be1b23696b3d4b0231c694f5e0767b4471d33a9 ]
The I2C_DETECT register is at IO port 0x1a7, which is outside the range
passed to devm_ioport_map() for io_base, and was only working because
there aren't actually any bounds checks for IO port accesses.
Extending the range does not seem like a good solution here, as it would
then conflict with the IO resource assigned to the I2C controller. As
this is just a one-off access during probe, use a simple inb() instead.
While we're at it, drop the unused define TQMX86_REG_I2C_INT_EN.
Fixes: 2f17dd34ffed ("mfd: tqmx86: IO controller with I2C, Wachdog and GPIO")
Signed-off-by: Matthias Schiffer <matthias.schiffer@ew.tq-group.com>
Reviewed-by: Andrew Lunn <andrew@lunn.ch>
Signed-off-by: Lee Jones <lee@kernel.org>
Link: https://lore.kernel.org/r/e8300a30f0791afb67d79db8089fb6004855f378.1676892223.git.matthias.schiffer@ew.tq-group.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/mfd/tqmx86.c | 10 +++++++---
1 file changed, 7 insertions(+), 3 deletions(-)
diff --git a/drivers/mfd/tqmx86.c b/drivers/mfd/tqmx86.c
index 7ae906ff8e353..31d0efb5aacf8 100644
--- a/drivers/mfd/tqmx86.c
+++ b/drivers/mfd/tqmx86.c
@@ -49,9 +49,8 @@
#define TQMX86_REG_IO_EXT_INT_MASK 0x3
#define TQMX86_REG_IO_EXT_INT_GPIO_SHIFT 4
-#define TQMX86_REG_I2C_DETECT 0x47
+#define TQMX86_REG_I2C_DETECT 0x1a7
#define TQMX86_REG_I2C_DETECT_SOFT 0xa5
-#define TQMX86_REG_I2C_INT_EN 0x49
static uint gpio_irq;
module_param(gpio_irq, uint, 0);
@@ -213,7 +212,12 @@ static int tqmx86_probe(struct platform_device *pdev)
"Found %s - Board ID %d, PCB Revision %d, PLD Revision %d\n",
board_name, board_id, rev >> 4, rev & 0xf);
- i2c_det = ioread8(io_base + TQMX86_REG_I2C_DETECT);
+ /*
+ * The I2C_DETECT register is in the range assigned to the I2C driver
+ * later, so we don't extend TQMX86_IOSIZE. Use inb() for this one-off
+ * access instead of ioport_map + unmap.
+ */
+ i2c_det = inb(TQMX86_REG_I2C_DETECT);
if (gpio_irq_cfg) {
io_ext_int_val =
--
2.39.2
^ permalink raw reply related [flat|nested] 391+ messages in thread
* [PATCH 5.15 342/371] mfd: tqmx86: Specify IO port register range more precisely
2023-05-08 9:43 [PATCH 5.15 000/371] 5.15.111-rc1 review Greg Kroah-Hartman
` (340 preceding siblings ...)
2023-05-08 9:49 ` [PATCH 5.15 341/371] mfd: tqmx86: Do not access I2C_DETECT register through io_base Greg Kroah-Hartman
@ 2023-05-08 9:49 ` Greg Kroah-Hartman
2023-05-08 9:49 ` [PATCH 5.15 343/371] mfd: tqmx86: Correct board names for TQMxE39x Greg Kroah-Hartman
` (32 subsequent siblings)
374 siblings, 0 replies; 391+ messages in thread
From: Greg Kroah-Hartman @ 2023-05-08 9:49 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Matthias Schiffer, Andrew Lunn,
Lee Jones, Sasha Levin
From: Matthias Schiffer <matthias.schiffer@ew.tq-group.com>
[ Upstream commit 051c69ff4f607aa114c7bbdd7c41ed881367aeee ]
Registers 0x160..0x17f are unassigned. Use 0x180 as base register and
update offets accordingly.
Also change the size of the range to include 0x19f. While 0x19f is
currently reserved for future extensions, so are several of the previous
registers up to 0x19e, and it is weird to leave out just the last one.
Fixes: 2f17dd34ffed ("mfd: tqmx86: IO controller with I2C, Wachdog and GPIO")
Signed-off-by: Matthias Schiffer <matthias.schiffer@ew.tq-group.com>
Reviewed-by: Andrew Lunn <andrew@lunn.ch>
Signed-off-by: Lee Jones <lee@kernel.org>
Link: https://lore.kernel.org/r/db4677ac318b1283c8956f637f409995a30a31c3.1676892223.git.matthias.schiffer@ew.tq-group.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/mfd/tqmx86.c | 10 +++++-----
1 file changed, 5 insertions(+), 5 deletions(-)
diff --git a/drivers/mfd/tqmx86.c b/drivers/mfd/tqmx86.c
index 31d0efb5aacf8..958334f14eb00 100644
--- a/drivers/mfd/tqmx86.c
+++ b/drivers/mfd/tqmx86.c
@@ -16,8 +16,8 @@
#include <linux/platform_data/i2c-ocores.h>
#include <linux/platform_device.h>
-#define TQMX86_IOBASE 0x160
-#define TQMX86_IOSIZE 0x3f
+#define TQMX86_IOBASE 0x180
+#define TQMX86_IOSIZE 0x20
#define TQMX86_IOBASE_I2C 0x1a0
#define TQMX86_IOSIZE_I2C 0xa
#define TQMX86_IOBASE_WATCHDOG 0x18b
@@ -25,7 +25,7 @@
#define TQMX86_IOBASE_GPIO 0x18d
#define TQMX86_IOSIZE_GPIO 0x4
-#define TQMX86_REG_BOARD_ID 0x20
+#define TQMX86_REG_BOARD_ID 0x00
#define TQMX86_REG_BOARD_ID_E38M 1
#define TQMX86_REG_BOARD_ID_50UC 2
#define TQMX86_REG_BOARD_ID_E38C 3
@@ -40,8 +40,8 @@
#define TQMX86_REG_BOARD_ID_E40S 13
#define TQMX86_REG_BOARD_ID_E40C1 14
#define TQMX86_REG_BOARD_ID_E40C2 15
-#define TQMX86_REG_BOARD_REV 0x21
-#define TQMX86_REG_IO_EXT_INT 0x26
+#define TQMX86_REG_BOARD_REV 0x01
+#define TQMX86_REG_IO_EXT_INT 0x06
#define TQMX86_REG_IO_EXT_INT_NONE 0
#define TQMX86_REG_IO_EXT_INT_7 1
#define TQMX86_REG_IO_EXT_INT_9 2
--
2.39.2
^ permalink raw reply related [flat|nested] 391+ messages in thread
* [PATCH 5.15 343/371] mfd: tqmx86: Correct board names for TQMxE39x
2023-05-08 9:43 [PATCH 5.15 000/371] 5.15.111-rc1 review Greg Kroah-Hartman
` (341 preceding siblings ...)
2023-05-08 9:49 ` [PATCH 5.15 342/371] mfd: tqmx86: Specify IO port register range more precisely Greg Kroah-Hartman
@ 2023-05-08 9:49 ` Greg Kroah-Hartman
2023-05-08 9:49 ` [PATCH 5.15 344/371] afs: Fix updating of i_size with dv jump from server Greg Kroah-Hartman
` (31 subsequent siblings)
374 siblings, 0 replies; 391+ messages in thread
From: Greg Kroah-Hartman @ 2023-05-08 9:49 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Matthias Schiffer, Andrew Lunn,
Lee Jones, Sasha Levin
From: Matthias Schiffer <matthias.schiffer@ew.tq-group.com>
[ Upstream commit f376c479668557bcc2fd9e9fbc0f53e7819a11cd ]
It seems that this driver was developed based on preliminary documentation.
Report the correct names for all TQMxE39x variants, as they are used by
the released hardware revisions:
- Fix names for TQMxE39C1/C2 board IDs
- Distinguish TQMxE39M and TQMxE39S, which use the same board ID
The TQMxE39M/S are distinguished using the SAUC (Sanctioned Alternate
Uses Configuration) register of the GPIO controller. This also prepares
for the correct handling of the differences between the GPIO controllers
of our COMe and SMARC modules.
Fixes: 2f17dd34ffed ("mfd: tqmx86: IO controller with I2C, Wachdog and GPIO")
Signed-off-by: Matthias Schiffer <matthias.schiffer@ew.tq-group.com>
Reviewed-by: Andrew Lunn <andrew@lunn.ch>
Signed-off-by: Lee Jones <lee@kernel.org>
Link: https://lore.kernel.org/r/aca9a7cb42a85181bcb456c437554d2728e708ec.1676892223.git.matthias.schiffer@ew.tq-group.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/mfd/tqmx86.c | 32 +++++++++++++++++---------------
1 file changed, 17 insertions(+), 15 deletions(-)
diff --git a/drivers/mfd/tqmx86.c b/drivers/mfd/tqmx86.c
index 958334f14eb00..fac02875fe7d9 100644
--- a/drivers/mfd/tqmx86.c
+++ b/drivers/mfd/tqmx86.c
@@ -30,9 +30,9 @@
#define TQMX86_REG_BOARD_ID_50UC 2
#define TQMX86_REG_BOARD_ID_E38C 3
#define TQMX86_REG_BOARD_ID_60EB 4
-#define TQMX86_REG_BOARD_ID_E39M 5
-#define TQMX86_REG_BOARD_ID_E39C 6
-#define TQMX86_REG_BOARD_ID_E39x 7
+#define TQMX86_REG_BOARD_ID_E39MS 5
+#define TQMX86_REG_BOARD_ID_E39C1 6
+#define TQMX86_REG_BOARD_ID_E39C2 7
#define TQMX86_REG_BOARD_ID_70EB 8
#define TQMX86_REG_BOARD_ID_80UC 9
#define TQMX86_REG_BOARD_ID_110EB 11
@@ -48,6 +48,7 @@
#define TQMX86_REG_IO_EXT_INT_12 3
#define TQMX86_REG_IO_EXT_INT_MASK 0x3
#define TQMX86_REG_IO_EXT_INT_GPIO_SHIFT 4
+#define TQMX86_REG_SAUC 0x17
#define TQMX86_REG_I2C_DETECT 0x1a7
#define TQMX86_REG_I2C_DETECT_SOFT 0xa5
@@ -110,7 +111,7 @@ static const struct mfd_cell tqmx86_devs[] = {
},
};
-static const char *tqmx86_board_id_to_name(u8 board_id)
+static const char *tqmx86_board_id_to_name(u8 board_id, u8 sauc)
{
switch (board_id) {
case TQMX86_REG_BOARD_ID_E38M:
@@ -121,12 +122,12 @@ static const char *tqmx86_board_id_to_name(u8 board_id)
return "TQMxE38C";
case TQMX86_REG_BOARD_ID_60EB:
return "TQMx60EB";
- case TQMX86_REG_BOARD_ID_E39M:
- return "TQMxE39M";
- case TQMX86_REG_BOARD_ID_E39C:
- return "TQMxE39C";
- case TQMX86_REG_BOARD_ID_E39x:
- return "TQMxE39x";
+ case TQMX86_REG_BOARD_ID_E39MS:
+ return (sauc == 0xff) ? "TQMxE39M" : "TQMxE39S";
+ case TQMX86_REG_BOARD_ID_E39C1:
+ return "TQMxE39C1";
+ case TQMX86_REG_BOARD_ID_E39C2:
+ return "TQMxE39C2";
case TQMX86_REG_BOARD_ID_70EB:
return "TQMx70EB";
case TQMX86_REG_BOARD_ID_80UC:
@@ -159,9 +160,9 @@ static int tqmx86_board_id_to_clk_rate(struct device *dev, u8 board_id)
case TQMX86_REG_BOARD_ID_E40C1:
case TQMX86_REG_BOARD_ID_E40C2:
return 24000;
- case TQMX86_REG_BOARD_ID_E39M:
- case TQMX86_REG_BOARD_ID_E39C:
- case TQMX86_REG_BOARD_ID_E39x:
+ case TQMX86_REG_BOARD_ID_E39MS:
+ case TQMX86_REG_BOARD_ID_E39C1:
+ case TQMX86_REG_BOARD_ID_E39C2:
return 25000;
case TQMX86_REG_BOARD_ID_E38M:
case TQMX86_REG_BOARD_ID_E38C:
@@ -175,7 +176,7 @@ static int tqmx86_board_id_to_clk_rate(struct device *dev, u8 board_id)
static int tqmx86_probe(struct platform_device *pdev)
{
- u8 board_id, rev, i2c_det, io_ext_int_val;
+ u8 board_id, sauc, rev, i2c_det, io_ext_int_val;
struct device *dev = &pdev->dev;
u8 gpio_irq_cfg, readback;
const char *board_name;
@@ -205,7 +206,8 @@ static int tqmx86_probe(struct platform_device *pdev)
return -ENOMEM;
board_id = ioread8(io_base + TQMX86_REG_BOARD_ID);
- board_name = tqmx86_board_id_to_name(board_id);
+ sauc = ioread8(io_base + TQMX86_REG_SAUC);
+ board_name = tqmx86_board_id_to_name(board_id, sauc);
rev = ioread8(io_base + TQMX86_REG_BOARD_REV);
dev_info(dev,
--
2.39.2
^ permalink raw reply related [flat|nested] 391+ messages in thread
* [PATCH 5.15 344/371] afs: Fix updating of i_size with dv jump from server
2023-05-08 9:43 [PATCH 5.15 000/371] 5.15.111-rc1 review Greg Kroah-Hartman
` (342 preceding siblings ...)
2023-05-08 9:49 ` [PATCH 5.15 343/371] mfd: tqmx86: Correct board names for TQMxE39x Greg Kroah-Hartman
@ 2023-05-08 9:49 ` Greg Kroah-Hartman
2023-05-08 9:49 ` [PATCH 5.15 345/371] parisc: Fix argument pointer in real64_call_asm() Greg Kroah-Hartman
` (30 subsequent siblings)
374 siblings, 0 replies; 391+ messages in thread
From: Greg Kroah-Hartman @ 2023-05-08 9:49 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Marc Dionne, David Howells,
linux-afs, Sasha Levin
From: Marc Dionne <marc.dionne@auristor.com>
[ Upstream commit d7f74e9a917503ee78f2b603a456d7227cf38919 ]
If the data version returned from the server is larger than expected,
the local data is invalidated, but we may still want to note the remote
file size.
Since we're setting change_size, we have to also set data_changed
for the i_size to get updated.
Fixes: 3f4aa9818163 ("afs: Fix EOF corruption")
Signed-off-by: Marc Dionne <marc.dionne@auristor.com>
Signed-off-by: David Howells <dhowells@redhat.com>
cc: linux-afs@lists.infradead.org
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
fs/afs/inode.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/fs/afs/inode.c b/fs/afs/inode.c
index 785bacb972da5..91b1f8cabd58f 100644
--- a/fs/afs/inode.c
+++ b/fs/afs/inode.c
@@ -219,6 +219,7 @@ static void afs_apply_status(struct afs_operation *op,
set_bit(AFS_VNODE_ZAP_DATA, &vnode->flags);
}
change_size = true;
+ data_changed = true;
} else if (vnode->status.type == AFS_FTYPE_DIR) {
/* Expected directory change is handled elsewhere so
* that we can locally edit the directory and save on a
--
2.39.2
^ permalink raw reply related [flat|nested] 391+ messages in thread
* [PATCH 5.15 345/371] parisc: Fix argument pointer in real64_call_asm()
2023-05-08 9:43 [PATCH 5.15 000/371] 5.15.111-rc1 review Greg Kroah-Hartman
` (343 preceding siblings ...)
2023-05-08 9:49 ` [PATCH 5.15 344/371] afs: Fix updating of i_size with dv jump from server Greg Kroah-Hartman
@ 2023-05-08 9:49 ` Greg Kroah-Hartman
2023-05-08 9:49 ` [PATCH 5.15 346/371] ALSA: usb-audio: Add quirk for Pioneer DDJ-800 Greg Kroah-Hartman
` (29 subsequent siblings)
374 siblings, 0 replies; 391+ messages in thread
From: Greg Kroah-Hartman @ 2023-05-08 9:49 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Helge Deller
From: Helge Deller <deller@gmx.de>
commit 6e3220ba3323a2c24be834aebf5d6e9f89d0993f upstream.
Fix the argument pointer (ap) to point to real-mode memory
instead of virtual memory.
It's interesting that this issue hasn't shown up earlier, as this could
have happened with any 64-bit PDC ROM code.
I just noticed it because I suddenly faced a HPMC while trying to execute
the 64-bit STI ROM code of an Visualize-FXe graphics card for the STI
text console.
Signed-off-by: Helge Deller <deller@gmx.de>
Cc: <stable@vger.kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
arch/parisc/kernel/real2.S | 5 ++---
1 file changed, 2 insertions(+), 3 deletions(-)
--- a/arch/parisc/kernel/real2.S
+++ b/arch/parisc/kernel/real2.S
@@ -248,9 +248,6 @@ ENTRY_CFI(real64_call_asm)
/* save fn */
copy %arg2, %r31
- /* set up the new ap */
- ldo 64(%arg1), %r29
-
/* load up the arg registers from the saved arg area */
/* 32-bit calling convention passes first 4 args in registers */
ldd 0*REG_SZ(%arg1), %arg0 /* note overwriting arg0 */
@@ -262,7 +259,9 @@ ENTRY_CFI(real64_call_asm)
ldd 7*REG_SZ(%arg1), %r19
ldd 1*REG_SZ(%arg1), %arg1 /* do this one last! */
+ /* set up real-mode stack and real-mode ap */
tophys_r1 %sp
+ ldo -16(%sp), %r29 /* Reference param save area */
b,l rfi_virt2real,%r2
nop
^ permalink raw reply [flat|nested] 391+ messages in thread
* [PATCH 5.15 346/371] ALSA: usb-audio: Add quirk for Pioneer DDJ-800
2023-05-08 9:43 [PATCH 5.15 000/371] 5.15.111-rc1 review Greg Kroah-Hartman
` (344 preceding siblings ...)
2023-05-08 9:49 ` [PATCH 5.15 345/371] parisc: Fix argument pointer in real64_call_asm() Greg Kroah-Hartman
@ 2023-05-08 9:49 ` Greg Kroah-Hartman
2023-05-08 9:49 ` [PATCH 5.15 347/371] nilfs2: do not write dirty data after degenerating to read-only Greg Kroah-Hartman
` (28 subsequent siblings)
374 siblings, 0 replies; 391+ messages in thread
From: Greg Kroah-Hartman @ 2023-05-08 9:49 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Geraldo Nascimento,
Grégory Desor, Takashi Iwai
From: Geraldo Nascimento <geraldogabriel@gmail.com>
commit 7501f472977df233d039d86c6981e0641708e1ca upstream.
One more Pioneer quirk, this time for DDJ-800, which is quite similar like
other DJ DDJ models but with slightly different EPs or channels.
Signed-off-by: Geraldo Nascimento <geraldogabriel@gmail.com>
Tested-by: Grégory Desor <gregory.desor@free.fr>
Cc: <stable@vger.kernel.org>
Link: https://lore.kernel.org/r/ZFLLzgEcsSF5aIHG@geday
Signed-off-by: Takashi Iwai <tiwai@suse.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
sound/usb/quirks-table.h | 58 +++++++++++++++++++++++++++++++++++++++++++++++
1 file changed, 58 insertions(+)
--- a/sound/usb/quirks-table.h
+++ b/sound/usb/quirks-table.h
@@ -3808,6 +3808,64 @@ YAMAHA_DEVICE(0x7010, "UB99"),
}
},
+{
+ /*
+ * PIONEER DJ DDJ-800
+ * PCM is 6 channels out, 6 channels in @ 44.1 fixed
+ * The Feedback for the output is the input
+ */
+ USB_DEVICE_VENDOR_SPEC(0x2b73, 0x0029),
+ .driver_info = (unsigned long) &(const struct snd_usb_audio_quirk) {
+ .ifnum = QUIRK_ANY_INTERFACE,
+ .type = QUIRK_COMPOSITE,
+ .data = (const struct snd_usb_audio_quirk[]) {
+ {
+ .ifnum = 0,
+ .type = QUIRK_AUDIO_FIXED_ENDPOINT,
+ .data = &(const struct audioformat) {
+ .formats = SNDRV_PCM_FMTBIT_S24_3LE,
+ .channels = 6,
+ .iface = 0,
+ .altsetting = 1,
+ .altset_idx = 1,
+ .endpoint = 0x01,
+ .ep_attr = USB_ENDPOINT_XFER_ISOC|
+ USB_ENDPOINT_SYNC_ASYNC,
+ .rates = SNDRV_PCM_RATE_44100,
+ .rate_min = 44100,
+ .rate_max = 44100,
+ .nr_rates = 1,
+ .rate_table = (unsigned int[]) { 44100 }
+ }
+ },
+ {
+ .ifnum = 0,
+ .type = QUIRK_AUDIO_FIXED_ENDPOINT,
+ .data = &(const struct audioformat) {
+ .formats = SNDRV_PCM_FMTBIT_S24_3LE,
+ .channels = 6,
+ .iface = 0,
+ .altsetting = 1,
+ .altset_idx = 1,
+ .endpoint = 0x82,
+ .ep_idx = 1,
+ .ep_attr = USB_ENDPOINT_XFER_ISOC|
+ USB_ENDPOINT_SYNC_ASYNC|
+ USB_ENDPOINT_USAGE_IMPLICIT_FB,
+ .rates = SNDRV_PCM_RATE_44100,
+ .rate_min = 44100,
+ .rate_max = 44100,
+ .nr_rates = 1,
+ .rate_table = (unsigned int[]) { 44100 }
+ }
+ },
+ {
+ .ifnum = -1
+ }
+ }
+ }
+},
+
/*
* MacroSilicon MS2100/MS2106 based AV capture cards
*
^ permalink raw reply [flat|nested] 391+ messages in thread
* [PATCH 5.15 347/371] nilfs2: do not write dirty data after degenerating to read-only
2023-05-08 9:43 [PATCH 5.15 000/371] 5.15.111-rc1 review Greg Kroah-Hartman
` (345 preceding siblings ...)
2023-05-08 9:49 ` [PATCH 5.15 346/371] ALSA: usb-audio: Add quirk for Pioneer DDJ-800 Greg Kroah-Hartman
@ 2023-05-08 9:49 ` Greg Kroah-Hartman
2023-05-08 9:49 ` [PATCH 5.15 348/371] nilfs2: fix infinite loop in nilfs_mdt_get_block() Greg Kroah-Hartman
` (27 subsequent siblings)
374 siblings, 0 replies; 391+ messages in thread
From: Greg Kroah-Hartman @ 2023-05-08 9:49 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Ryusuke Konishi,
syzbot+2af3bc9585be7f23f290, Andrew Morton
From: Ryusuke Konishi <konishi.ryusuke@gmail.com>
commit 28a65b49eb53e172d23567005465019658bfdb4d upstream.
According to syzbot's report, mark_buffer_dirty() called from
nilfs_segctor_do_construct() outputs a warning with some patterns after
nilfs2 detects metadata corruption and degrades to read-only mode.
After such read-only degeneration, page cache data may be cleared through
nilfs_clear_dirty_page() which may also clear the uptodate flag for their
buffer heads. However, even after the degeneration, log writes are still
performed by unmount processing etc., which causes mark_buffer_dirty() to
be called for buffer heads without the "uptodate" flag and causes the
warning.
Since any writes should not be done to a read-only file system in the
first place, this fixes the warning in mark_buffer_dirty() by letting
nilfs_segctor_do_construct() abort early if in read-only mode.
This also changes the retry check of nilfs_segctor_write_out() to avoid
unnecessary log write retries if it detects -EROFS that
nilfs_segctor_do_construct() returned.
Link: https://lkml.kernel.org/r/20230427011526.13457-1-konishi.ryusuke@gmail.com
Signed-off-by: Ryusuke Konishi <konishi.ryusuke@gmail.com>
Tested-by: Ryusuke Konishi <konishi.ryusuke@gmail.com>
Reported-by: syzbot+2af3bc9585be7f23f290@syzkaller.appspotmail.com
Link: https://syzkaller.appspot.com/bug?extid=2af3bc9585be7f23f290
Cc: <stable@vger.kernel.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/nilfs2/segment.c | 5 ++++-
1 file changed, 4 insertions(+), 1 deletion(-)
--- a/fs/nilfs2/segment.c
+++ b/fs/nilfs2/segment.c
@@ -2039,6 +2039,9 @@ static int nilfs_segctor_do_construct(st
struct the_nilfs *nilfs = sci->sc_super->s_fs_info;
int err;
+ if (sb_rdonly(sci->sc_super))
+ return -EROFS;
+
nilfs_sc_cstage_set(sci, NILFS_ST_INIT);
sci->sc_cno = nilfs->ns_cno;
@@ -2724,7 +2727,7 @@ static void nilfs_segctor_write_out(stru
flush_work(&sci->sc_iput_work);
- } while (ret && retrycount-- > 0);
+ } while (ret && ret != -EROFS && retrycount-- > 0);
}
/**
^ permalink raw reply [flat|nested] 391+ messages in thread
* [PATCH 5.15 348/371] nilfs2: fix infinite loop in nilfs_mdt_get_block()
2023-05-08 9:43 [PATCH 5.15 000/371] 5.15.111-rc1 review Greg Kroah-Hartman
` (346 preceding siblings ...)
2023-05-08 9:49 ` [PATCH 5.15 347/371] nilfs2: do not write dirty data after degenerating to read-only Greg Kroah-Hartman
@ 2023-05-08 9:49 ` Greg Kroah-Hartman
2023-05-08 9:49 ` [PATCH 5.15 349/371] md/raid10: fix null-ptr-deref in raid10_sync_request Greg Kroah-Hartman
` (26 subsequent siblings)
374 siblings, 0 replies; 391+ messages in thread
From: Greg Kroah-Hartman @ 2023-05-08 9:49 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Ryusuke Konishi,
syzbot+221d75710bde87fa0e97, Andrew Morton
From: Ryusuke Konishi <konishi.ryusuke@gmail.com>
commit a6a491c048882e7e424d407d32cba0b52d9ef2bf upstream.
If the disk image that nilfs2 mounts is corrupted and a virtual block
address obtained by block lookup for a metadata file is invalid,
nilfs_bmap_lookup_at_level() may return the same internal return code as
-ENOENT, meaning the block does not exist in the metadata file.
This duplication of return codes confuses nilfs_mdt_get_block(), causing
it to read and create a metadata block indefinitely.
In particular, if this happens to the inode metadata file, ifile,
semaphore i_rwsem can be left held, causing task hangs in lock_mount.
Fix this issue by making nilfs_bmap_lookup_at_level() treat virtual block
address translation failures with -ENOENT as metadata corruption instead
of returning the error code.
Link: https://lkml.kernel.org/r/20230430193046.6769-1-konishi.ryusuke@gmail.com
Signed-off-by: Ryusuke Konishi <konishi.ryusuke@gmail.com>
Tested-by: Ryusuke Konishi <konishi.ryusuke@gmail.com>
Reported-by: syzbot+221d75710bde87fa0e97@syzkaller.appspotmail.com
Link: https://syzkaller.appspot.com/bug?extid=221d75710bde87fa0e97
Cc: <stable@vger.kernel.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/nilfs2/bmap.c | 16 ++++++++++++----
1 file changed, 12 insertions(+), 4 deletions(-)
--- a/fs/nilfs2/bmap.c
+++ b/fs/nilfs2/bmap.c
@@ -67,20 +67,28 @@ int nilfs_bmap_lookup_at_level(struct ni
down_read(&bmap->b_sem);
ret = bmap->b_ops->bop_lookup(bmap, key, level, ptrp);
- if (ret < 0) {
- ret = nilfs_bmap_convert_error(bmap, __func__, ret);
+ if (ret < 0)
goto out;
- }
+
if (NILFS_BMAP_USE_VBN(bmap)) {
ret = nilfs_dat_translate(nilfs_bmap_get_dat(bmap), *ptrp,
&blocknr);
if (!ret)
*ptrp = blocknr;
+ else if (ret == -ENOENT) {
+ /*
+ * If there was no valid entry in DAT for the block
+ * address obtained by b_ops->bop_lookup, then pass
+ * internal code -EINVAL to nilfs_bmap_convert_error
+ * to treat it as metadata corruption.
+ */
+ ret = -EINVAL;
+ }
}
out:
up_read(&bmap->b_sem);
- return ret;
+ return nilfs_bmap_convert_error(bmap, __func__, ret);
}
int nilfs_bmap_lookup_contig(struct nilfs_bmap *bmap, __u64 key, __u64 *ptrp,
^ permalink raw reply [flat|nested] 391+ messages in thread
* [PATCH 5.15 349/371] md/raid10: fix null-ptr-deref in raid10_sync_request
2023-05-08 9:43 [PATCH 5.15 000/371] 5.15.111-rc1 review Greg Kroah-Hartman
` (347 preceding siblings ...)
2023-05-08 9:49 ` [PATCH 5.15 348/371] nilfs2: fix infinite loop in nilfs_mdt_get_block() Greg Kroah-Hartman
@ 2023-05-08 9:49 ` Greg Kroah-Hartman
2023-05-08 9:49 ` [PATCH 5.15 350/371] mtd: core: provide unique name for nvmem device, take two Greg Kroah-Hartman
` (25 subsequent siblings)
374 siblings, 0 replies; 391+ messages in thread
From: Greg Kroah-Hartman @ 2023-05-08 9:49 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Li Nan, Song Liu
From: Li Nan <linan122@huawei.com>
commit a405c6f0229526160aa3f177f65e20c86fce84c5 upstream.
init_resync() inits mempool and sets conf->have_replacemnt at the beginning
of sync, close_sync() frees the mempool when sync is completed.
After [1] recovery might be skipped and init_resync() is called but
close_sync() is not. null-ptr-deref occurs with r10bio->dev[i].repl_bio.
The following is one way to reproduce the issue.
1) create a array, wait for resync to complete, mddev->recovery_cp is set
to MaxSector.
2) recovery is woken and it is skipped. conf->have_replacement is set to
0 in init_resync(). close_sync() not called.
3) some io errors and rdev A is set to WantReplacement.
4) a new device is added and set to A's replacement.
5) recovery is woken, A have replacement, but conf->have_replacemnt is
0. r10bio->dev[i].repl_bio will not be alloced and null-ptr-deref
occurs.
Fix it by not calling init_resync() if recovery skipped.
[1] commit 7e83ccbecd60 ("md/raid10: Allow skipping recovery when clean arrays are assembled")
Fixes: 7e83ccbecd60 ("md/raid10: Allow skipping recovery when clean arrays are assembled")
Cc: stable@vger.kernel.org
Signed-off-by: Li Nan <linan122@huawei.com>
Signed-off-by: Song Liu <song@kernel.org>
Link: https://lore.kernel.org/r/20230222041000.3341651-3-linan666@huaweicloud.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/md/raid10.c | 8 ++++----
1 file changed, 4 insertions(+), 4 deletions(-)
--- a/drivers/md/raid10.c
+++ b/drivers/md/raid10.c
@@ -3278,10 +3278,6 @@ static sector_t raid10_sync_request(stru
sector_t chunk_mask = conf->geo.chunk_mask;
int page_idx = 0;
- if (!mempool_initialized(&conf->r10buf_pool))
- if (init_resync(conf))
- return 0;
-
/*
* Allow skipping a full rebuild for incremental assembly
* of a clean array, like RAID1 does.
@@ -3297,6 +3293,10 @@ static sector_t raid10_sync_request(stru
return mddev->dev_sectors - sector_nr;
}
+ if (!mempool_initialized(&conf->r10buf_pool))
+ if (init_resync(conf))
+ return 0;
+
skipped:
max_sector = mddev->dev_sectors;
if (test_bit(MD_RECOVERY_SYNC, &mddev->recovery) ||
^ permalink raw reply [flat|nested] 391+ messages in thread
* [PATCH 5.15 350/371] mtd: core: provide unique name for nvmem device, take two
2023-05-08 9:43 [PATCH 5.15 000/371] 5.15.111-rc1 review Greg Kroah-Hartman
` (348 preceding siblings ...)
2023-05-08 9:49 ` [PATCH 5.15 349/371] md/raid10: fix null-ptr-deref in raid10_sync_request Greg Kroah-Hartman
@ 2023-05-08 9:49 ` Greg Kroah-Hartman
2023-05-08 9:49 ` [PATCH 5.15 351/371] mtd: core: fix nvmem error reporting Greg Kroah-Hartman
` (24 subsequent siblings)
374 siblings, 0 replies; 391+ messages in thread
From: Greg Kroah-Hartman @ 2023-05-08 9:49 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Michael Walle, Miquel Raynal
From: Michael Walle <michael@walle.cc>
commit 1cd9ceaa5282ff10ea20a7fbadde5a476a1cc99e upstream.
Commit c048b60d39e1 ("mtd: core: provide unique name for nvmem device")
tries to give the nvmem device a unique name, but fails badly if the mtd
device doesn't have a "struct device" associated with it, i.e. if
CONFIG_MTD_PARTITIONED_MASTER is not set. This will result in the name
"(null)-user-otp", which is not unique. It seems the best we can do is
to use the compatible name together with a unique identifier added by
the nvmem subsystem by using NVMEM_DEVID_AUTO.
Fixes: c048b60d39e1 ("mtd: core: provide unique name for nvmem device")
Cc: stable@vger.kernel.org
Signed-off-by: Michael Walle <michael@walle.cc>
Signed-off-by: Miquel Raynal <miquel.raynal@bootlin.com>
Link: https://lore.kernel.org/linux-mtd/20230308082021.870459-1-michael@walle.cc
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/mtd/mtdcore.c | 5 ++---
1 file changed, 2 insertions(+), 3 deletions(-)
--- a/drivers/mtd/mtdcore.c
+++ b/drivers/mtd/mtdcore.c
@@ -828,8 +828,8 @@ static struct nvmem_device *mtd_otp_nvme
/* OTP nvmem will be registered on the physical device */
config.dev = mtd->dev.parent;
- config.name = kasprintf(GFP_KERNEL, "%s-%s", dev_name(&mtd->dev), compatible);
- config.id = NVMEM_DEVID_NONE;
+ config.name = compatible;
+ config.id = NVMEM_DEVID_AUTO;
config.owner = THIS_MODULE;
config.type = NVMEM_TYPE_OTP;
config.root_only = true;
@@ -845,7 +845,6 @@ static struct nvmem_device *mtd_otp_nvme
nvmem = NULL;
of_node_put(np);
- kfree(config.name);
return nvmem;
}
^ permalink raw reply [flat|nested] 391+ messages in thread
* [PATCH 5.15 351/371] mtd: core: fix nvmem error reporting
2023-05-08 9:43 [PATCH 5.15 000/371] 5.15.111-rc1 review Greg Kroah-Hartman
` (349 preceding siblings ...)
2023-05-08 9:49 ` [PATCH 5.15 350/371] mtd: core: provide unique name for nvmem device, take two Greg Kroah-Hartman
@ 2023-05-08 9:49 ` Greg Kroah-Hartman
2023-05-08 9:49 ` [PATCH 5.15 352/371] mtd: core: fix error path for nvmem provider Greg Kroah-Hartman
` (23 subsequent siblings)
374 siblings, 0 replies; 391+ messages in thread
From: Greg Kroah-Hartman @ 2023-05-08 9:49 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Michael Walle, Miquel Raynal
From: Michael Walle <michael@walle.cc>
commit 8bd1d24e6ca3c599dd455b0e1b22f77bab8290eb upstream.
The master MTD will only have an associated device if
CONFIG_MTD_PARTITIONED_MASTER is set, thus we cannot use dev_err() on
mtd->dev. Instead use the parent device which is the physical flash
memory.
Fixes: 4b361cfa8624 ("mtd: core: add OTP nvmem provider support")
Cc: stable@vger.kernel.org
Signed-off-by: Michael Walle <michael@walle.cc>
Signed-off-by: Miquel Raynal <miquel.raynal@bootlin.com>
Link: https://lore.kernel.org/linux-mtd/20230308082021.870459-2-michael@walle.cc
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/mtd/mtdcore.c | 5 +++--
1 file changed, 3 insertions(+), 2 deletions(-)
--- a/drivers/mtd/mtdcore.c
+++ b/drivers/mtd/mtdcore.c
@@ -879,6 +879,7 @@ static int mtd_nvmem_fact_otp_reg_read(v
static int mtd_otp_nvmem_add(struct mtd_info *mtd)
{
+ struct device *dev = mtd->dev.parent;
struct nvmem_device *nvmem;
ssize_t size;
int err;
@@ -892,7 +893,7 @@ static int mtd_otp_nvmem_add(struct mtd_
nvmem = mtd_otp_nvmem_register(mtd, "user-otp", size,
mtd_nvmem_user_otp_reg_read);
if (IS_ERR(nvmem)) {
- dev_err(&mtd->dev, "Failed to register OTP NVMEM device\n");
+ dev_err(dev, "Failed to register OTP NVMEM device\n");
return PTR_ERR(nvmem);
}
mtd->otp_user_nvmem = nvmem;
@@ -910,7 +911,7 @@ static int mtd_otp_nvmem_add(struct mtd_
nvmem = mtd_otp_nvmem_register(mtd, "factory-otp", size,
mtd_nvmem_fact_otp_reg_read);
if (IS_ERR(nvmem)) {
- dev_err(&mtd->dev, "Failed to register OTP NVMEM device\n");
+ dev_err(dev, "Failed to register OTP NVMEM device\n");
err = PTR_ERR(nvmem);
goto err;
}
^ permalink raw reply [flat|nested] 391+ messages in thread
* [PATCH 5.15 352/371] mtd: core: fix error path for nvmem provider
2023-05-08 9:43 [PATCH 5.15 000/371] 5.15.111-rc1 review Greg Kroah-Hartman
` (350 preceding siblings ...)
2023-05-08 9:49 ` [PATCH 5.15 351/371] mtd: core: fix nvmem error reporting Greg Kroah-Hartman
@ 2023-05-08 9:49 ` Greg Kroah-Hartman
2023-05-08 9:49 ` [PATCH 5.15 353/371] mailbox: zynqmp: Fix IPI isr handling Greg Kroah-Hartman
` (22 subsequent siblings)
374 siblings, 0 replies; 391+ messages in thread
From: Greg Kroah-Hartman @ 2023-05-08 9:49 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Michael Walle, Miquel Raynal
From: Michael Walle <michael@walle.cc>
commit e0489f6e221f5ddee6cb3bd51b992b790c5fa4b9 upstream.
If mtd_otp_nvmem_add() fails, the partitions won't be removed
because there is simply no call to del_mtd_partitions().
Unfortunately, add_mtd_partitions() will print all partitions to
the kernel console. If mtd_otp_nvmem_add() returns -EPROBE_DEFER
this would print the partitions multiple times to the kernel
console. Instead move mtd_otp_nvmem_add() to the beginning of the
function.
Fixes: 4b361cfa8624 ("mtd: core: add OTP nvmem provider support")
Cc: stable@vger.kernel.org
Signed-off-by: Michael Walle <michael@walle.cc>
Signed-off-by: Miquel Raynal <miquel.raynal@bootlin.com>
Link: https://lore.kernel.org/linux-mtd/20230308082021.870459-3-michael@walle.cc
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/mtd/mtdcore.c | 13 ++++++++++---
1 file changed, 10 insertions(+), 3 deletions(-)
--- a/drivers/mtd/mtdcore.c
+++ b/drivers/mtd/mtdcore.c
@@ -964,10 +964,14 @@ int mtd_device_parse_register(struct mtd
mtd_set_dev_defaults(mtd);
+ ret = mtd_otp_nvmem_add(mtd);
+ if (ret)
+ goto out;
+
if (IS_ENABLED(CONFIG_MTD_PARTITIONED_MASTER)) {
ret = add_mtd_device(mtd);
if (ret)
- return ret;
+ goto out;
}
/* Prefer parsed partitions over driver-provided fallback */
@@ -1002,9 +1006,12 @@ int mtd_device_parse_register(struct mtd
register_reboot_notifier(&mtd->reboot_notifier);
}
- ret = mtd_otp_nvmem_add(mtd);
-
out:
+ if (ret) {
+ nvmem_unregister(mtd->otp_user_nvmem);
+ nvmem_unregister(mtd->otp_factory_nvmem);
+ }
+
if (ret && device_is_registered(&mtd->dev))
del_mtd_device(mtd);
^ permalink raw reply [flat|nested] 391+ messages in thread
* [PATCH 5.15 353/371] mailbox: zynqmp: Fix IPI isr handling
2023-05-08 9:43 [PATCH 5.15 000/371] 5.15.111-rc1 review Greg Kroah-Hartman
` (351 preceding siblings ...)
2023-05-08 9:49 ` [PATCH 5.15 352/371] mtd: core: fix error path for nvmem provider Greg Kroah-Hartman
@ 2023-05-08 9:49 ` Greg Kroah-Hartman
2023-05-08 9:49 ` [PATCH 5.15 354/371] mailbox: zynqmp: Fix typo in IPI documentation Greg Kroah-Hartman
` (21 subsequent siblings)
374 siblings, 0 replies; 391+ messages in thread
From: Greg Kroah-Hartman @ 2023-05-08 9:49 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Tanmay Shah, Michal Simek, Mathieu Poirier
From: Tanmay Shah <tanmay.shah@amd.com>
commit 74ad37a30ffee3643bc34f9ca7225b20a66abaaf upstream.
Multiple IPI channels are mapped to same interrupt handler.
Current isr implementation handles only one channel per isr.
Fix this behavior by checking isr status bit of all child
mailbox nodes.
Fixes: 4981b82ba2ff ("mailbox: ZynqMP IPI mailbox controller")
Signed-off-by: Tanmay Shah <tanmay.shah@amd.com>
Acked-by: Michal Simek <michal.simek@amd.com>
Cc: stable@vger.kernel.org
Link: https://lore.kernel.org/r/20230311012407.1292118-3-tanmay.shah@amd.com
Signed-off-by: Mathieu Poirier <mathieu.poirier@linaro.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/mailbox/zynqmp-ipi-mailbox.c | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
--- a/drivers/mailbox/zynqmp-ipi-mailbox.c
+++ b/drivers/mailbox/zynqmp-ipi-mailbox.c
@@ -152,7 +152,7 @@ static irqreturn_t zynqmp_ipi_interrupt(
struct zynqmp_ipi_message *msg;
u64 arg0, arg3;
struct arm_smccc_res res;
- int ret, i;
+ int ret, i, status = IRQ_NONE;
(void)irq;
arg0 = SMC_IPI_MAILBOX_STATUS_ENQUIRY;
@@ -170,11 +170,11 @@ static irqreturn_t zynqmp_ipi_interrupt(
memcpy_fromio(msg->data, mchan->req_buf,
msg->len);
mbox_chan_received_data(chan, (void *)msg);
- return IRQ_HANDLED;
+ status = IRQ_HANDLED;
}
}
}
- return IRQ_NONE;
+ return status;
}
/**
^ permalink raw reply [flat|nested] 391+ messages in thread
* [PATCH 5.15 354/371] mailbox: zynqmp: Fix typo in IPI documentation
2023-05-08 9:43 [PATCH 5.15 000/371] 5.15.111-rc1 review Greg Kroah-Hartman
` (352 preceding siblings ...)
2023-05-08 9:49 ` [PATCH 5.15 353/371] mailbox: zynqmp: Fix IPI isr handling Greg Kroah-Hartman
@ 2023-05-08 9:49 ` Greg Kroah-Hartman
2023-05-08 9:49 ` [PATCH 5.15 355/371] wifi: rtl8xxxu: RTL8192EU always needs full init Greg Kroah-Hartman
` (20 subsequent siblings)
374 siblings, 0 replies; 391+ messages in thread
From: Greg Kroah-Hartman @ 2023-05-08 9:49 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Tanmay Shah, Michal Simek, Mathieu Poirier
From: Tanmay Shah <tanmay.shah@amd.com>
commit 79963fbfc233759bd8a43462f120d15a1bd4f4fa upstream.
Xilinx IPI message buffers allows 32-byte data transfer.
Fix documentation that says 12 bytes
Fixes: 4981b82ba2ff ("mailbox: ZynqMP IPI mailbox controller")
Signed-off-by: Tanmay Shah <tanmay.shah@amd.com>
Acked-by: Michal Simek <michal.simek@amd.com>
Cc: stable@vger.kernel.org
Link: https://lore.kernel.org/r/20230311012407.1292118-4-tanmay.shah@amd.com
Signed-off-by: Mathieu Poirier <mathieu.poirier@linaro.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
include/linux/mailbox/zynqmp-ipi-message.h | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/include/linux/mailbox/zynqmp-ipi-message.h
+++ b/include/linux/mailbox/zynqmp-ipi-message.h
@@ -9,7 +9,7 @@
* @data: message payload
*
* This is the structure for data used in mbox_send_message
- * the maximum length of data buffer is fixed to 12 bytes.
+ * the maximum length of data buffer is fixed to 32 bytes.
* Client is supposed to be aware of this.
*/
struct zynqmp_ipi_message {
^ permalink raw reply [flat|nested] 391+ messages in thread
* [PATCH 5.15 355/371] wifi: rtl8xxxu: RTL8192EU always needs full init
2023-05-08 9:43 [PATCH 5.15 000/371] 5.15.111-rc1 review Greg Kroah-Hartman
` (353 preceding siblings ...)
2023-05-08 9:49 ` [PATCH 5.15 354/371] mailbox: zynqmp: Fix typo in IPI documentation Greg Kroah-Hartman
@ 2023-05-08 9:49 ` Greg Kroah-Hartman
2023-05-08 9:49 ` [PATCH 5.15 356/371] clk: rockchip: rk3399: allow clk_cifout to force clk_cifout_src to reparent Greg Kroah-Hartman
` (19 subsequent siblings)
374 siblings, 0 replies; 391+ messages in thread
From: Greg Kroah-Hartman @ 2023-05-08 9:49 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Bitterblue Smith, Jes Sorensen, Kalle Valo
From: Bitterblue Smith <rtl8821cerfe2@gmail.com>
commit d46e04ccd40457a0119b76e11ab64a2ad403e138 upstream.
Always run the entire init sequence (rtl8xxxu_init_device()) for
RTL8192EU. It's what the vendor driver does too.
This fixes a bug where the device is unable to connect after
rebooting:
wlp3s0f3u2: send auth to ... (try 1/3)
wlp3s0f3u2: send auth to ... (try 2/3)
wlp3s0f3u2: send auth to ... (try 3/3)
wlp3s0f3u2: authentication with ... timed out
Rebooting leaves the device powered on (partially? at least the
firmware is still running), but not really in a working state.
Cc: stable@vger.kernel.org
Signed-off-by: Bitterblue Smith <rtl8821cerfe2@gmail.com>
Acked-by: Jes Sorensen <jes@trained-monkey.org>
Signed-off-by: Kalle Valo <kvalo@kernel.org>
Link: https://lore.kernel.org/r/4eb111a9-d4c4-37d0-b376-4e202de7153c@gmail.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/net/wireless/realtek/rtl8xxxu/rtl8xxxu_8192e.c | 1 +
1 file changed, 1 insertion(+)
--- a/drivers/net/wireless/realtek/rtl8xxxu/rtl8xxxu_8192e.c
+++ b/drivers/net/wireless/realtek/rtl8xxxu/rtl8xxxu_8192e.c
@@ -1700,6 +1700,7 @@ struct rtl8xxxu_fileops rtl8192eu_fops =
.rx_desc_size = sizeof(struct rtl8xxxu_rxdesc24),
.has_s0s1 = 0,
.gen2_thermal_meter = 1,
+ .needs_full_init = 1,
.adda_1t_init = 0x0fc01616,
.adda_1t_path_on = 0x0fc01616,
.adda_2t_path_on_a = 0x0fc01616,
^ permalink raw reply [flat|nested] 391+ messages in thread
* [PATCH 5.15 356/371] clk: rockchip: rk3399: allow clk_cifout to force clk_cifout_src to reparent
2023-05-08 9:43 [PATCH 5.15 000/371] 5.15.111-rc1 review Greg Kroah-Hartman
` (354 preceding siblings ...)
2023-05-08 9:49 ` [PATCH 5.15 355/371] wifi: rtl8xxxu: RTL8192EU always needs full init Greg Kroah-Hartman
@ 2023-05-08 9:49 ` Greg Kroah-Hartman
2023-05-08 9:49 ` [PATCH 5.15 357/371] scripts/gdb: fix lx-timerlist for Python3 Greg Kroah-Hartman
` (18 subsequent siblings)
374 siblings, 0 replies; 391+ messages in thread
From: Greg Kroah-Hartman @ 2023-05-08 9:49 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Quentin Schulz, Heiko Stuebner
From: Quentin Schulz <quentin.schulz@theobroma-systems.com>
commit 933bf364e152cd60902cf9585c2ba310d593e69f upstream.
clk_cifout is derived from clk_cifout_src through an integer divider
limited to 32. clk_cifout_src is a child of either cpll, gpll or npll
without any possibility of a divider of any sort. The default clock
parent is cpll.
Let's allow clk_cifout to ask its parent clk_cifout_src to reparent in
order to find the real closest possible rate for clk_cifout and not one
derived from cpll only.
Cc: stable@vger.kernel.org # 4.10+
Fixes: fd8bc829336a ("clk: rockchip: fix the rk3399 cifout clock")
Signed-off-by: Quentin Schulz <quentin.schulz@theobroma-systems.com>
Link: https://lore.kernel.org/r/20221117-rk3399-cifout-set-rate-parent-v1-0-432548d04081@theobroma-systems.com
Signed-off-by: Heiko Stuebner <heiko@sntech.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/clk/rockchip/clk-rk3399.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/drivers/clk/rockchip/clk-rk3399.c
+++ b/drivers/clk/rockchip/clk-rk3399.c
@@ -1263,7 +1263,7 @@ static struct rockchip_clk_branch rk3399
RK3399_CLKSEL_CON(56), 6, 2, MFLAGS,
RK3399_CLKGATE_CON(10), 7, GFLAGS),
- COMPOSITE_NOGATE(SCLK_CIF_OUT, "clk_cifout", mux_clk_cif_p, 0,
+ COMPOSITE_NOGATE(SCLK_CIF_OUT, "clk_cifout", mux_clk_cif_p, CLK_SET_RATE_PARENT,
RK3399_CLKSEL_CON(56), 5, 1, MFLAGS, 0, 5, DFLAGS),
/* gic */
^ permalink raw reply [flat|nested] 391+ messages in thread
* [PATCH 5.15 357/371] scripts/gdb: fix lx-timerlist for Python3
2023-05-08 9:43 [PATCH 5.15 000/371] 5.15.111-rc1 review Greg Kroah-Hartman
` (355 preceding siblings ...)
2023-05-08 9:49 ` [PATCH 5.15 356/371] clk: rockchip: rk3399: allow clk_cifout to force clk_cifout_src to reparent Greg Kroah-Hartman
@ 2023-05-08 9:49 ` Greg Kroah-Hartman
2023-05-08 9:49 ` [PATCH 5.15 358/371] btrfs: scrub: reject unsupported scrub flags Greg Kroah-Hartman
` (17 subsequent siblings)
374 siblings, 0 replies; 391+ messages in thread
From: Greg Kroah-Hartman @ 2023-05-08 9:49 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Peng Liu, Jan Kiszka,
Florian Fainelli, Kieran Bingham, Andrew Morton
From: Peng Liu <liupeng17@lenovo.com>
commit 7362042f3556528e9e9b1eb5ce8d7a3a6331476b upstream.
Below incompatibilities between Python2 and Python3 made lx-timerlist fail
to run under Python3.
o xrange() is replaced by range() in Python3
o bytes and str are different types in Python3
o the return value of Inferior.read_memory() is memoryview object in
Python3
akpm: cc stable so that older kernels are properly debuggable under newer
Python.
Link: https://lkml.kernel.org/r/TYCP286MB2146EE1180A4D5176CBA8AB2C6819@TYCP286MB2146.JPNP286.PROD.OUTLOOK.COM
Signed-off-by: Peng Liu <liupeng17@lenovo.com>
Reviewed-by: Jan Kiszka <jan.kiszka@siemens.com>
Cc: Florian Fainelli <f.fainelli@gmail.com>
Cc: Kieran Bingham <kbingham@kernel.org>
Cc: <stable@vger.kernel.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
scripts/gdb/linux/timerlist.py | 4 +++-
scripts/gdb/linux/utils.py | 5 ++++-
2 files changed, 7 insertions(+), 2 deletions(-)
--- a/scripts/gdb/linux/timerlist.py
+++ b/scripts/gdb/linux/timerlist.py
@@ -73,7 +73,7 @@ def print_cpu(hrtimer_bases, cpu, max_cl
ts = cpus.per_cpu(tick_sched_ptr, cpu)
text = "cpu: {}\n".format(cpu)
- for i in xrange(max_clock_bases):
+ for i in range(max_clock_bases):
text += " clock {}:\n".format(i)
text += print_base(cpu_base['clock_base'][i])
@@ -158,6 +158,8 @@ def pr_cpumask(mask):
num_bytes = (nr_cpu_ids + 7) / 8
buf = utils.read_memoryview(inf, bits, num_bytes).tobytes()
buf = binascii.b2a_hex(buf)
+ if type(buf) is not str:
+ buf=buf.decode()
chunks = []
i = num_bytes
--- a/scripts/gdb/linux/utils.py
+++ b/scripts/gdb/linux/utils.py
@@ -88,7 +88,10 @@ def get_target_endianness():
def read_memoryview(inf, start, length):
- return memoryview(inf.read_memory(start, length))
+ m = inf.read_memory(start, length)
+ if type(m) is memoryview:
+ return m
+ return memoryview(m)
def read_u16(buffer, offset):
^ permalink raw reply [flat|nested] 391+ messages in thread
* [PATCH 5.15 358/371] btrfs: scrub: reject unsupported scrub flags
2023-05-08 9:43 [PATCH 5.15 000/371] 5.15.111-rc1 review Greg Kroah-Hartman
` (356 preceding siblings ...)
2023-05-08 9:49 ` [PATCH 5.15 357/371] scripts/gdb: fix lx-timerlist for Python3 Greg Kroah-Hartman
@ 2023-05-08 9:49 ` Greg Kroah-Hartman
2023-05-08 9:49 ` [PATCH 5.15 359/371] s390/dasd: fix hanging blockdevice after request requeue Greg Kroah-Hartman
` (16 subsequent siblings)
374 siblings, 0 replies; 391+ messages in thread
From: Greg Kroah-Hartman @ 2023-05-08 9:49 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Anand Jain, Qu Wenruo, David Sterba
From: Qu Wenruo <wqu@suse.com>
commit 604e6681e114d05a2e384c4d1e8ef81918037ef5 upstream.
Since the introduction of scrub interface, the only flag that we support
is BTRFS_SCRUB_READONLY. Thus there is no sanity checks, if there are
some undefined flags passed in, we just ignore them.
This is problematic if we want to introduce new scrub flags, as we have
no way to determine if such flags are supported.
Address the problem by introducing a check for the flags, and if
unsupported flags are set, return -EOPNOTSUPP to inform the user space.
This check should be backported for all supported kernels before any new
scrub flags are introduced.
CC: stable@vger.kernel.org # 4.14+
Reviewed-by: Anand Jain <anand.jain@oracle.com>
Signed-off-by: Qu Wenruo <wqu@suse.com>
Reviewed-by: David Sterba <dsterba@suse.com>
Signed-off-by: David Sterba <dsterba@suse.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/btrfs/ioctl.c | 5 +++++
include/uapi/linux/btrfs.h | 1 +
2 files changed, 6 insertions(+)
--- a/fs/btrfs/ioctl.c
+++ b/fs/btrfs/ioctl.c
@@ -3715,6 +3715,11 @@ static long btrfs_ioctl_scrub(struct fil
if (IS_ERR(sa))
return PTR_ERR(sa);
+ if (sa->flags & ~BTRFS_SCRUB_SUPPORTED_FLAGS) {
+ ret = -EOPNOTSUPP;
+ goto out;
+ }
+
if (!(sa->flags & BTRFS_SCRUB_READONLY)) {
ret = mnt_want_write_file(file);
if (ret)
--- a/include/uapi/linux/btrfs.h
+++ b/include/uapi/linux/btrfs.h
@@ -181,6 +181,7 @@ struct btrfs_scrub_progress {
};
#define BTRFS_SCRUB_READONLY 1
+#define BTRFS_SCRUB_SUPPORTED_FLAGS (BTRFS_SCRUB_READONLY)
struct btrfs_ioctl_scrub_args {
__u64 devid; /* in */
__u64 start; /* in */
^ permalink raw reply [flat|nested] 391+ messages in thread
* [PATCH 5.15 359/371] s390/dasd: fix hanging blockdevice after request requeue
2023-05-08 9:43 [PATCH 5.15 000/371] 5.15.111-rc1 review Greg Kroah-Hartman
` (357 preceding siblings ...)
2023-05-08 9:49 ` [PATCH 5.15 358/371] btrfs: scrub: reject unsupported scrub flags Greg Kroah-Hartman
@ 2023-05-08 9:49 ` Greg Kroah-Hartman
2023-05-08 9:49 ` [PATCH 5.15 360/371] ia64: fix an addr to taddr in huge_pte_offset() Greg Kroah-Hartman
` (15 subsequent siblings)
374 siblings, 0 replies; 391+ messages in thread
From: Greg Kroah-Hartman @ 2023-05-08 9:49 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Stefan Haberland, Jan Hoeppner,
Halil Pasic, Jens Axboe
From: Stefan Haberland <sth@linux.ibm.com>
commit d8898ee50edecacdf0141f26fd90acf43d7e9cd7 upstream.
The DASD driver does not kick the requeue list when requeuing IO requests
to the blocklayer. This might lead to hanging blockdevice when there is
no other trigger for this.
Fix by automatically kick the requeue list when requeuing DASD requests
to the blocklayer.
Fixes: e443343e509a ("s390/dasd: blk-mq conversion")
CC: stable@vger.kernel.org # 4.14+
Signed-off-by: Stefan Haberland <sth@linux.ibm.com>
Reviewed-by: Jan Hoeppner <hoeppner@linux.ibm.com>
Reviewed-by: Halil Pasic <pasic@linux.ibm.com>
Link: https://lore.kernel.org/r/20230405142017.2446986-8-sth@linux.ibm.com
Signed-off-by: Jens Axboe <axboe@kernel.dk>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/s390/block/dasd.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/drivers/s390/block/dasd.c
+++ b/drivers/s390/block/dasd.c
@@ -2963,7 +2963,7 @@ static int _dasd_requeue_request(struct
return 0;
spin_lock_irq(&cqr->dq->lock);
req = (struct request *) cqr->callback_data;
- blk_mq_requeue_request(req, false);
+ blk_mq_requeue_request(req, true);
spin_unlock_irq(&cqr->dq->lock);
return 0;
^ permalink raw reply [flat|nested] 391+ messages in thread
* [PATCH 5.15 360/371] ia64: fix an addr to taddr in huge_pte_offset()
2023-05-08 9:43 [PATCH 5.15 000/371] 5.15.111-rc1 review Greg Kroah-Hartman
` (358 preceding siblings ...)
2023-05-08 9:49 ` [PATCH 5.15 359/371] s390/dasd: fix hanging blockdevice after request requeue Greg Kroah-Hartman
@ 2023-05-08 9:49 ` Greg Kroah-Hartman
2023-05-08 9:49 ` [PATCH 5.15 361/371] dm verity: fix error handling for check_at_most_once on FEC Greg Kroah-Hartman
` (14 subsequent siblings)
374 siblings, 0 replies; 391+ messages in thread
From: Greg Kroah-Hartman @ 2023-05-08 9:49 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Mike Kravetz, Mike Rapoport (IBM),
Ard Biesheuvel, Andrew Morton
From: Hugh Dickins <hughd@google.com>
commit 3647ebcfbfca384840231fe13fae665453238a61 upstream.
I know nothing of ia64 htlbpage_to_page(), but guess that the p4d
line should be using taddr rather than addr, like everywhere else.
Link: https://lkml.kernel.org/r/732eae88-3beb-246-2c72-281de786740@google.com
Fixes: c03ab9e32a2c ("ia64: add support for folded p4d page tables")
Signed-off-by: Hugh Dickins <hughd@google.com
Acked-by: Mike Kravetz <mike.kravetz@oracle.com>
Acked-by: Mike Rapoport (IBM) <rppt@kernel.org>
Cc: Ard Biesheuvel <ardb@kernel.org>
Cc: <stable@vger.kernel.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
arch/ia64/mm/hugetlbpage.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/arch/ia64/mm/hugetlbpage.c
+++ b/arch/ia64/mm/hugetlbpage.c
@@ -58,7 +58,7 @@ huge_pte_offset (struct mm_struct *mm, u
pgd = pgd_offset(mm, taddr);
if (pgd_present(*pgd)) {
- p4d = p4d_offset(pgd, addr);
+ p4d = p4d_offset(pgd, taddr);
if (p4d_present(*p4d)) {
pud = pud_offset(p4d, taddr);
if (pud_present(*pud)) {
^ permalink raw reply [flat|nested] 391+ messages in thread
* [PATCH 5.15 361/371] dm verity: fix error handling for check_at_most_once on FEC
2023-05-08 9:43 [PATCH 5.15 000/371] 5.15.111-rc1 review Greg Kroah-Hartman
` (359 preceding siblings ...)
2023-05-08 9:49 ` [PATCH 5.15 360/371] ia64: fix an addr to taddr in huge_pte_offset() Greg Kroah-Hartman
@ 2023-05-08 9:49 ` Greg Kroah-Hartman
2023-05-08 9:49 ` [PATCH 5.15 362/371] dm clone: call kmem_cache_destroy() in dm_clone_init() error path Greg Kroah-Hartman
` (13 subsequent siblings)
374 siblings, 0 replies; 391+ messages in thread
From: Greg Kroah-Hartman @ 2023-05-08 9:49 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Sungjong Seo, Yeongjin Gil, Mike Snitzer
From: Yeongjin Gil <youngjin.gil@samsung.com>
commit e8c5d45f82ce0c238a4817739892fe8897a3dcc3 upstream.
In verity_end_io(), if bi_status is not BLK_STS_OK, it can be return
directly. But if FEC configured, it is desired to correct the data page
through verity_verify_io. And the return value will be converted to
blk_status and passed to verity_finish_io().
BTW, when a bit is set in v->validated_blocks, verity_verify_io() skips
verification regardless of I/O error for the corresponding bio. In this
case, the I/O error could not be returned properly, and as a result,
there is a problem that abnormal data could be read for the
corresponding block.
To fix this problem, when an I/O error occurs, do not skip verification
even if the bit related is set in v->validated_blocks.
Fixes: 843f38d382b1 ("dm verity: add 'check_at_most_once' option to only validate hashes once")
Cc: stable@vger.kernel.org
Reviewed-by: Sungjong Seo <sj1557.seo@samsung.com>
Signed-off-by: Yeongjin Gil <youngjin.gil@samsung.com>
Signed-off-by: Mike Snitzer <snitzer@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/md/dm-verity-target.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/drivers/md/dm-verity-target.c
+++ b/drivers/md/dm-verity-target.c
@@ -482,7 +482,7 @@ static int verity_verify_io(struct dm_ve
sector_t cur_block = io->block + b;
struct ahash_request *req = verity_io_hash_req(v, io);
- if (v->validated_blocks &&
+ if (v->validated_blocks && bio->bi_status == BLK_STS_OK &&
likely(test_bit(cur_block, v->validated_blocks))) {
verity_bv_skip_block(v, io, &io->iter);
continue;
^ permalink raw reply [flat|nested] 391+ messages in thread
* [PATCH 5.15 362/371] dm clone: call kmem_cache_destroy() in dm_clone_init() error path
2023-05-08 9:43 [PATCH 5.15 000/371] 5.15.111-rc1 review Greg Kroah-Hartman
` (360 preceding siblings ...)
2023-05-08 9:49 ` [PATCH 5.15 361/371] dm verity: fix error handling for check_at_most_once on FEC Greg Kroah-Hartman
@ 2023-05-08 9:49 ` Greg Kroah-Hartman
2023-05-08 9:49 ` [PATCH 5.15 363/371] dm integrity: call kmem_cache_destroy() in dm_integrity_init() " Greg Kroah-Hartman
` (12 subsequent siblings)
374 siblings, 0 replies; 391+ messages in thread
From: Greg Kroah-Hartman @ 2023-05-08 9:49 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Mike Snitzer
From: Mike Snitzer <snitzer@kernel.org>
commit 6827af4a9a9f5bb664c42abf7c11af4978d72201 upstream.
Otherwise the _hydration_cache will leak if dm_register_target() fails.
Cc: stable@vger.kernel.org
Signed-off-by: Mike Snitzer <snitzer@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/md/dm-clone-target.c | 1 +
1 file changed, 1 insertion(+)
--- a/drivers/md/dm-clone-target.c
+++ b/drivers/md/dm-clone-target.c
@@ -2214,6 +2214,7 @@ static int __init dm_clone_init(void)
r = dm_register_target(&clone_target);
if (r < 0) {
DMERR("Failed to register clone target");
+ kmem_cache_destroy(_hydration_cache);
return r;
}
^ permalink raw reply [flat|nested] 391+ messages in thread
* [PATCH 5.15 363/371] dm integrity: call kmem_cache_destroy() in dm_integrity_init() error path
2023-05-08 9:43 [PATCH 5.15 000/371] 5.15.111-rc1 review Greg Kroah-Hartman
` (361 preceding siblings ...)
2023-05-08 9:49 ` [PATCH 5.15 362/371] dm clone: call kmem_cache_destroy() in dm_clone_init() error path Greg Kroah-Hartman
@ 2023-05-08 9:49 ` Greg Kroah-Hartman
2023-05-08 9:49 ` [PATCH 5.15 364/371] dm flakey: fix a crash with invalid table line Greg Kroah-Hartman
` (11 subsequent siblings)
374 siblings, 0 replies; 391+ messages in thread
From: Greg Kroah-Hartman @ 2023-05-08 9:49 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Mike Snitzer
From: Mike Snitzer <snitzer@kernel.org>
commit 6b79a428c02769f2a11f8ae76bf866226d134887 upstream.
Otherwise the journal_io_cache will leak if dm_register_target() fails.
Cc: stable@vger.kernel.org
Signed-off-by: Mike Snitzer <snitzer@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/md/dm-integrity.c | 8 +++++---
1 file changed, 5 insertions(+), 3 deletions(-)
--- a/drivers/md/dm-integrity.c
+++ b/drivers/md/dm-integrity.c
@@ -4632,11 +4632,13 @@ static int __init dm_integrity_init(void
}
r = dm_register_target(&integrity_target);
-
- if (r < 0)
+ if (r < 0) {
DMERR("register failed %d", r);
+ kmem_cache_destroy(journal_io_cache);
+ return r;
+ }
- return r;
+ return 0;
}
static void __exit dm_integrity_exit(void)
^ permalink raw reply [flat|nested] 391+ messages in thread
* [PATCH 5.15 364/371] dm flakey: fix a crash with invalid table line
2023-05-08 9:43 [PATCH 5.15 000/371] 5.15.111-rc1 review Greg Kroah-Hartman
` (362 preceding siblings ...)
2023-05-08 9:49 ` [PATCH 5.15 363/371] dm integrity: call kmem_cache_destroy() in dm_integrity_init() " Greg Kroah-Hartman
@ 2023-05-08 9:49 ` Greg Kroah-Hartman
2023-05-08 9:49 ` [PATCH 5.15 365/371] dm ioctl: fix nested locking in table_clear() to remove deadlock concern Greg Kroah-Hartman
` (10 subsequent siblings)
374 siblings, 0 replies; 391+ messages in thread
From: Greg Kroah-Hartman @ 2023-05-08 9:49 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Mikulas Patocka, Mike Snitzer
From: Mikulas Patocka <mpatocka@redhat.com>
commit 98dba02d9a93eec11bffbb93c7c51624290702d2 upstream.
This command will crash with NULL pointer dereference:
dmsetup create flakey --table \
"0 `blockdev --getsize /dev/ram0` flakey /dev/ram0 0 0 1 2 corrupt_bio_byte 512"
Fix the crash by checking if arg_name is non-NULL before comparing it.
Cc: stable@vger.kernel.org
Signed-off-by: Mikulas Patocka <mpatocka@redhat.com>
Signed-off-by: Mike Snitzer <snitzer@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/md/dm-flakey.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
--- a/drivers/md/dm-flakey.c
+++ b/drivers/md/dm-flakey.c
@@ -124,9 +124,9 @@ static int parse_features(struct dm_arg_
* Direction r or w?
*/
arg_name = dm_shift_arg(as);
- if (!strcasecmp(arg_name, "w"))
+ if (arg_name && !strcasecmp(arg_name, "w"))
fc->corrupt_bio_rw = WRITE;
- else if (!strcasecmp(arg_name, "r"))
+ else if (arg_name && !strcasecmp(arg_name, "r"))
fc->corrupt_bio_rw = READ;
else {
ti->error = "Invalid corrupt bio direction (r or w)";
^ permalink raw reply [flat|nested] 391+ messages in thread
* [PATCH 5.15 365/371] dm ioctl: fix nested locking in table_clear() to remove deadlock concern
2023-05-08 9:43 [PATCH 5.15 000/371] 5.15.111-rc1 review Greg Kroah-Hartman
` (363 preceding siblings ...)
2023-05-08 9:49 ` [PATCH 5.15 364/371] dm flakey: fix a crash with invalid table line Greg Kroah-Hartman
@ 2023-05-08 9:49 ` Greg Kroah-Hartman
2023-05-08 9:49 ` [PATCH 5.15 366/371] dm: dont lock fs when the map is NULL in process of resume Greg Kroah-Hartman
` (9 subsequent siblings)
374 siblings, 0 replies; 391+ messages in thread
From: Greg Kroah-Hartman @ 2023-05-08 9:49 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Zheng Zhang, Mike Snitzer
From: Mike Snitzer <snitzer@kernel.org>
commit 3d32aaa7e66d5c1479a3c31d6c2c5d45dd0d3b89 upstream.
syzkaller found the following problematic rwsem locking (with write
lock already held):
down_read+0x9d/0x450 kernel/locking/rwsem.c:1509
dm_get_inactive_table+0x2b/0xc0 drivers/md/dm-ioctl.c:773
__dev_status+0x4fd/0x7c0 drivers/md/dm-ioctl.c:844
table_clear+0x197/0x280 drivers/md/dm-ioctl.c:1537
In table_clear, it first acquires a write lock
https://elixir.bootlin.com/linux/v6.2/source/drivers/md/dm-ioctl.c#L1520
down_write(&_hash_lock);
Then before the lock is released at L1539, there is a path shown above:
table_clear -> __dev_status -> dm_get_inactive_table -> down_read
https://elixir.bootlin.com/linux/v6.2/source/drivers/md/dm-ioctl.c#L773
down_read(&_hash_lock);
It tries to acquire the same read lock again, resulting in the deadlock
problem.
Fix this by moving table_clear()'s __dev_status() call to after its
up_write(&_hash_lock);
Cc: stable@vger.kernel.org
Reported-by: Zheng Zhang <zheng.zhang@email.ucr.edu>
Signed-off-by: Mike Snitzer <snitzer@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/md/dm-ioctl.c | 7 ++++---
1 file changed, 4 insertions(+), 3 deletions(-)
--- a/drivers/md/dm-ioctl.c
+++ b/drivers/md/dm-ioctl.c
@@ -1533,11 +1533,12 @@ static int table_clear(struct file *filp
has_new_map = true;
}
- param->flags &= ~DM_INACTIVE_PRESENT_FLAG;
-
- __dev_status(hc->md, param);
md = hc->md;
up_write(&_hash_lock);
+
+ param->flags &= ~DM_INACTIVE_PRESENT_FLAG;
+ __dev_status(md, param);
+
if (old_map) {
dm_sync_table(md);
dm_table_destroy(old_map);
^ permalink raw reply [flat|nested] 391+ messages in thread
* [PATCH 5.15 366/371] dm: dont lock fs when the map is NULL in process of resume
2023-05-08 9:43 [PATCH 5.15 000/371] 5.15.111-rc1 review Greg Kroah-Hartman
` (364 preceding siblings ...)
2023-05-08 9:49 ` [PATCH 5.15 365/371] dm ioctl: fix nested locking in table_clear() to remove deadlock concern Greg Kroah-Hartman
@ 2023-05-08 9:49 ` Greg Kroah-Hartman
2023-05-08 9:49 ` [PATCH 5.15 367/371] perf auxtrace: Fix address filter entire kernel size Greg Kroah-Hartman
` (8 subsequent siblings)
374 siblings, 0 replies; 391+ messages in thread
From: Greg Kroah-Hartman @ 2023-05-08 9:49 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Li Lingfeng, Mike Snitzer
From: Li Lingfeng <lilingfeng3@huawei.com>
commit 38d11da522aacaa05898c734a1cec86f1e611129 upstream.
Commit fa247089de99 ("dm: requeue IO if mapping table not yet available")
added a detection of whether the mapping table is available in the IO
submission process. If the mapping table is unavailable, it returns
BLK_STS_RESOURCE and requeues the IO.
This can lead to the following deadlock problem:
dm create mount
ioctl(DM_DEV_CREATE_CMD)
ioctl(DM_TABLE_LOAD_CMD)
do_mount
vfs_get_tree
ext4_get_tree
get_tree_bdev
sget_fc
alloc_super
// got &s->s_umount
down_write_nested(&s->s_umount, ...);
ext4_fill_super
ext4_load_super
ext4_read_bh
submit_bio
// submit and wait io end
ioctl(DM_DEV_SUSPEND_CMD)
dev_suspend
do_resume
dm_suspend
__dm_suspend
lock_fs
freeze_bdev
get_active_super
grab_super
// wait for &s->s_umount
down_write(&s->s_umount);
dm_swap_table
__bind
// set md->map(can't get here)
IO will be continuously requeued while holding the lock since mapping
table is NULL. At the same time, mapping table won't be set since the
lock is not available.
Like request-based DM, bio-based DM also has the same problem.
It's not proper to just abort IO if the mapping table not available.
So clear DM_SKIP_LOCKFS_FLAG when the mapping table is NULL, this
allows the DM table to be loaded and the IO submitted upon resume.
Fixes: fa247089de99 ("dm: requeue IO if mapping table not yet available")
Cc: stable@vger.kernel.org
Signed-off-by: Li Lingfeng <lilingfeng3@huawei.com>
Signed-off-by: Mike Snitzer <snitzer@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/md/dm-ioctl.c | 5 ++++-
1 file changed, 4 insertions(+), 1 deletion(-)
--- a/drivers/md/dm-ioctl.c
+++ b/drivers/md/dm-ioctl.c
@@ -1145,10 +1145,13 @@ static int do_resume(struct dm_ioctl *pa
/* Do we need to load a new map ? */
if (new_map) {
sector_t old_size, new_size;
+ int srcu_idx;
/* Suspend if it isn't already suspended */
- if (param->flags & DM_SKIP_LOCKFS_FLAG)
+ old_map = dm_get_live_table(md, &srcu_idx);
+ if ((param->flags & DM_SKIP_LOCKFS_FLAG) || !old_map)
suspend_flags &= ~DM_SUSPEND_LOCKFS_FLAG;
+ dm_put_live_table(md, srcu_idx);
if (param->flags & DM_NOFLUSH_FLAG)
suspend_flags |= DM_SUSPEND_NOFLUSH_FLAG;
if (!dm_suspended_md(md))
^ permalink raw reply [flat|nested] 391+ messages in thread
* [PATCH 5.15 367/371] perf auxtrace: Fix address filter entire kernel size
2023-05-08 9:43 [PATCH 5.15 000/371] 5.15.111-rc1 review Greg Kroah-Hartman
` (365 preceding siblings ...)
2023-05-08 9:49 ` [PATCH 5.15 366/371] dm: dont lock fs when the map is NULL in process of resume Greg Kroah-Hartman
@ 2023-05-08 9:49 ` Greg Kroah-Hartman
2023-05-08 9:49 ` [PATCH 5.15 368/371] perf intel-pt: Fix CYC timestamps after standalone CBR Greg Kroah-Hartman
` (7 subsequent siblings)
374 siblings, 0 replies; 391+ messages in thread
From: Greg Kroah-Hartman @ 2023-05-08 9:49 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Adrian Hunter, Ian Rogers,
Jiri Olsa, Namhyung Kim, Arnaldo Carvalho de Melo
From: Adrian Hunter <adrian.hunter@intel.com>
commit 1f9f33ccf0320be21703d9195dd2b36a1c9a07cb upstream.
kallsyms is not completely in address order.
In find_entire_kern_cb(), calculate the kernel end from the maximum
address not the last symbol.
Example:
Before:
$ sudo cat /proc/kallsyms | grep ' [twTw] ' | tail -1
ffffffffc00b8bd0 t bpf_prog_6deef7357e7b4530 [bpf]
$ sudo cat /proc/kallsyms | grep ' [twTw] ' | sort | tail -1
ffffffffc15e0cc0 t iwl_mvm_exit [iwlmvm]
$ perf.d093603a05aa record -v --kcore -e intel_pt// --filter 'filter *' -- uname |& grep filter
Address filter: filter 0xffffffff93200000/0x2ceba000
After:
$ perf.8fb0f7a01f8e record -v --kcore -e intel_pt// --filter 'filter *' -- uname |& grep filter
Address filter: filter 0xffffffff93200000/0x2e3e2000
Fixes: 1b36c03e356936d6 ("perf record: Add support for using symbols in address filters")
Signed-off-by: Adrian Hunter <adrian.hunter@intel.com>
Cc: Adrian Hunter <adrian.hunter@intel.com>
Cc: Ian Rogers <irogers@google.com>
Cc: Jiri Olsa <jolsa@kernel.org>
Cc: Namhyung Kim <namhyung@kernel.org>
Cc: stable@vger.kernel.org
Link: https://lore.kernel.org/r/20230403154831.8651-2-adrian.hunter@intel.com
Signed-off-by: Arnaldo Carvalho de Melo <acme@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
tools/perf/util/auxtrace.c | 5 ++++-
1 file changed, 4 insertions(+), 1 deletion(-)
--- a/tools/perf/util/auxtrace.c
+++ b/tools/perf/util/auxtrace.c
@@ -2378,6 +2378,7 @@ static int find_entire_kern_cb(void *arg
char type, u64 start)
{
struct sym_args *args = arg;
+ u64 size;
if (!kallsyms__is_function(type))
return 0;
@@ -2387,7 +2388,9 @@ static int find_entire_kern_cb(void *arg
args->start = start;
}
/* Don't know exactly where the kernel ends, so we add a page */
- args->size = round_up(start, page_size) + page_size - args->start;
+ size = round_up(start, page_size) + page_size - args->start;
+ if (size > args->size)
+ args->size = size;
return 0;
}
^ permalink raw reply [flat|nested] 391+ messages in thread
* [PATCH 5.15 368/371] perf intel-pt: Fix CYC timestamps after standalone CBR
2023-05-08 9:43 [PATCH 5.15 000/371] 5.15.111-rc1 review Greg Kroah-Hartman
` (366 preceding siblings ...)
2023-05-08 9:49 ` [PATCH 5.15 367/371] perf auxtrace: Fix address filter entire kernel size Greg Kroah-Hartman
@ 2023-05-08 9:49 ` Greg Kroah-Hartman
2023-05-08 9:49 ` [PATCH 5.15 369/371] debugobject: Ensure pool refill (again) Greg Kroah-Hartman
` (6 subsequent siblings)
374 siblings, 0 replies; 391+ messages in thread
From: Greg Kroah-Hartman @ 2023-05-08 9:49 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Adrian Hunter, Ian Rogers,
Jiri Olsa, Namhyung Kim, Arnaldo Carvalho de Melo
From: Adrian Hunter <adrian.hunter@intel.com>
commit 430635a0ef1ce958b7b4311f172694ece2c692b8 upstream.
After a standalone CBR (not associated with TSC), update the cycles
reference timestamp and reset the cycle count, so that CYC timestamps
are calculated relative to that point with the new frequency.
Fixes: cc33618619cefc6d ("perf tools: Add Intel PT support for decoding CYC packets")
Signed-off-by: Adrian Hunter <adrian.hunter@intel.com>
Cc: Adrian Hunter <adrian.hunter@intel.com>
Cc: Ian Rogers <irogers@google.com>
Cc: Jiri Olsa <jolsa@kernel.org>
Cc: Namhyung Kim <namhyung@kernel.org>
Cc: stable@vger.kernel.org
Link: https://lore.kernel.org/r/20230403154831.8651-2-adrian.hunter@intel.com
Signed-off-by: Arnaldo Carvalho de Melo <acme@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
tools/perf/util/intel-pt-decoder/intel-pt-decoder.c | 2 ++
1 file changed, 2 insertions(+)
--- a/tools/perf/util/intel-pt-decoder/intel-pt-decoder.c
+++ b/tools/perf/util/intel-pt-decoder/intel-pt-decoder.c
@@ -1859,6 +1859,8 @@ static void intel_pt_calc_cbr(struct int
decoder->cbr = cbr;
decoder->cbr_cyc_to_tsc = decoder->max_non_turbo_ratio_fp / cbr;
+ decoder->cyc_ref_timestamp = decoder->timestamp;
+ decoder->cycle_cnt = 0;
intel_pt_mtc_cyc_cnt_cbr(decoder);
}
^ permalink raw reply [flat|nested] 391+ messages in thread
* [PATCH 5.15 369/371] debugobject: Ensure pool refill (again)
2023-05-08 9:43 [PATCH 5.15 000/371] 5.15.111-rc1 review Greg Kroah-Hartman
` (367 preceding siblings ...)
2023-05-08 9:49 ` [PATCH 5.15 368/371] perf intel-pt: Fix CYC timestamps after standalone CBR Greg Kroah-Hartman
@ 2023-05-08 9:49 ` Greg Kroah-Hartman
2023-05-08 9:49 ` [PATCH 5.15 370/371] sound/oss/dmasound: fix dmasound_setup defined but not used Greg Kroah-Hartman
` (5 subsequent siblings)
374 siblings, 0 replies; 391+ messages in thread
From: Greg Kroah-Hartman @ 2023-05-08 9:49 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Ido Schimmel, Thomas Gleixner
From: Thomas Gleixner <tglx@linutronix.de>
commit 0af462f19e635ad522f28981238334620881badc upstream.
The recent fix to ensure atomicity of lookup and allocation inadvertently
broke the pool refill mechanism.
Prior to that change debug_objects_activate() and debug_objecs_assert_init()
invoked debug_objecs_init() to set up the tracking object for statically
initialized objects. That's not longer the case and debug_objecs_init() is
now the only place which does pool refills.
Depending on the number of statically initialized objects this can be
enough to actually deplete the pool, which was observed by Ido via a
debugobjects OOM warning.
Restore the old behaviour by adding explicit refill opportunities to
debug_objects_activate() and debug_objecs_assert_init().
Fixes: 63a759694eed ("debugobject: Prevent init race with static objects")
Reported-by: Ido Schimmel <idosch@nvidia.com>
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
Tested-by: Ido Schimmel <idosch@nvidia.com>
Link: https://lore.kernel.org/r/871qk05a9d.ffs@tglx
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
lib/debugobjects.c | 21 +++++++++++++++------
1 file changed, 15 insertions(+), 6 deletions(-)
--- a/lib/debugobjects.c
+++ b/lib/debugobjects.c
@@ -590,6 +590,16 @@ static struct debug_obj *lookup_object_o
return NULL;
}
+static void debug_objects_fill_pool(void)
+{
+ /*
+ * On RT enabled kernels the pool refill must happen in preemptible
+ * context:
+ */
+ if (!IS_ENABLED(CONFIG_PREEMPT_RT) || preemptible())
+ fill_pool();
+}
+
static void
__debug_object_init(void *addr, const struct debug_obj_descr *descr, int onstack)
{
@@ -598,12 +608,7 @@ __debug_object_init(void *addr, const st
struct debug_obj *obj;
unsigned long flags;
- /*
- * On RT enabled kernels the pool refill must happen in preemptible
- * context:
- */
- if (!IS_ENABLED(CONFIG_PREEMPT_RT) || preemptible())
- fill_pool();
+ debug_objects_fill_pool();
db = get_bucket((unsigned long) addr);
@@ -688,6 +693,8 @@ int debug_object_activate(void *addr, co
if (!debug_objects_enabled)
return 0;
+ debug_objects_fill_pool();
+
db = get_bucket((unsigned long) addr);
raw_spin_lock_irqsave(&db->lock, flags);
@@ -897,6 +904,8 @@ void debug_object_assert_init(void *addr
if (!debug_objects_enabled)
return;
+ debug_objects_fill_pool();
+
db = get_bucket((unsigned long) addr);
raw_spin_lock_irqsave(&db->lock, flags);
^ permalink raw reply [flat|nested] 391+ messages in thread
* [PATCH 5.15 370/371] sound/oss/dmasound: fix dmasound_setup defined but not used
2023-05-08 9:43 [PATCH 5.15 000/371] 5.15.111-rc1 review Greg Kroah-Hartman
` (368 preceding siblings ...)
2023-05-08 9:49 ` [PATCH 5.15 369/371] debugobject: Ensure pool refill (again) Greg Kroah-Hartman
@ 2023-05-08 9:49 ` Greg Kroah-Hartman
2023-05-08 9:49 ` [PATCH 5.15 371/371] arm64: dts: qcom: sdm845: correct dynamic power coefficients - again Greg Kroah-Hartman
` (4 subsequent siblings)
374 siblings, 0 replies; 391+ messages in thread
From: Greg Kroah-Hartman @ 2023-05-08 9:49 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Miles Chen, Randy Dunlap, Takashi Iwai
From: Miles Chen <miles.chen@mediatek.com>
commit 357ad4d898286b94aaae0cb7e3f573459e5b98b9 upstream.
We observed: 'dmasound_setup' defined but not used error with
COMPILER=gcc ARCH=m68k DEFCONFIG=allmodconfig build.
Fix it by adding __maybe_unused to dmasound_setup.
Error(s):
sound/oss/dmasound/dmasound_core.c:1431:12: error: 'dmasound_setup' defined but not used [-Werror=unused-function]
Fixes: 9dd7c46346ca ("sound/oss/dmasound: fix build when drivers are mixed =y/=m")
Signed-off-by: Miles Chen <miles.chen@mediatek.com>
Acked-by: Randy Dunlap <rdunlap@infradead.org>
Link: https://lore.kernel.org/r/20220414091940.2216-1-miles.chen@mediatek.com
Signed-off-by: Takashi Iwai <tiwai@suse.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
sound/oss/dmasound/dmasound_core.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/sound/oss/dmasound/dmasound_core.c
+++ b/sound/oss/dmasound/dmasound_core.c
@@ -1428,7 +1428,7 @@ void dmasound_deinit(void)
unregister_sound_dsp(sq_unit);
}
-static int dmasound_setup(char *str)
+static int __maybe_unused dmasound_setup(char *str)
{
int ints[6], size;
^ permalink raw reply [flat|nested] 391+ messages in thread
* [PATCH 5.15 371/371] arm64: dts: qcom: sdm845: correct dynamic power coefficients - again
2023-05-08 9:43 [PATCH 5.15 000/371] 5.15.111-rc1 review Greg Kroah-Hartman
` (369 preceding siblings ...)
2023-05-08 9:49 ` [PATCH 5.15 370/371] sound/oss/dmasound: fix dmasound_setup defined but not used Greg Kroah-Hartman
@ 2023-05-08 9:49 ` Greg Kroah-Hartman
2023-05-08 18:01 ` [PATCH 5.15 000/371] 5.15.111-rc1 review Florian Fainelli
` (3 subsequent siblings)
374 siblings, 0 replies; 391+ messages in thread
From: Greg Kroah-Hartman @ 2023-05-08 9:49 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Vincent Guittot, Bjorn Andersson
From: Vincent Guittot <vincent.guittot@linaro.org>
commit 44750f153699b6e4f851a399287e5c8df208d696 upstream.
While stressing EAS on my dragonboard RB3, I have noticed that LITTLE cores
where never selected as the most energy efficient CPU whatever the
utilization level of waking task.
energy model framework uses its cost field to estimate the energy with
the formula:
nrg = cost of the selected OPP * utilization / CPU's max capacity
which ends up selecting the CPU with lowest cost / max capacity ration
as long as the utilization fits in the OPP's capacity.
If we compare the cost of a little OPP with similar capacity of a big OPP
like :
OPP(kHz) OPP capacity cost max capacity cost/max capacity
LITTLE 1766400 407 351114 407 863
big 1056000 408 520267 1024 508
This can be interpreted as the LITTLE core consumes 70% more than big core
for the same compute capacity.
According to [1], LITTLE consumes 10% less than big core for Coremark
benchmark at those OPPs. If we consider that everything else stays
unchanged, the dynamic-power-coefficient of LITTLE core should be
only 53% of the current value: 290 * 53% = 154
Set the dynamic-power-coefficient of CPU0-3 to 154 to fix the energy model.
[1] https://github.com/kdrag0n/freqbench/tree/master/results/sdm845/main
Fixes: 0e0a8e35d725 ("arm64: dts: qcom: sdm845: correct dynamic power coefficients")
Signed-off-by: Vincent Guittot <vincent.guittot@linaro.org>
Signed-off-by: Bjorn Andersson <andersson@kernel.org>
Link: https://lore.kernel.org/r/20230106164618.1845281-1-vincent.guittot@linaro.org
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
arch/arm64/boot/dts/qcom/sdm845.dtsi | 8 ++++----
1 file changed, 4 insertions(+), 4 deletions(-)
--- a/arch/arm64/boot/dts/qcom/sdm845.dtsi
+++ b/arch/arm64/boot/dts/qcom/sdm845.dtsi
@@ -197,7 +197,7 @@
&LITTLE_CPU_SLEEP_1
&CLUSTER_SLEEP_0>;
capacity-dmips-mhz = <611>;
- dynamic-power-coefficient = <290>;
+ dynamic-power-coefficient = <154>;
qcom,freq-domain = <&cpufreq_hw 0>;
operating-points-v2 = <&cpu0_opp_table>;
interconnects = <&gladiator_noc MASTER_APPSS_PROC 3 &mem_noc SLAVE_EBI1 3>,
@@ -222,7 +222,7 @@
&LITTLE_CPU_SLEEP_1
&CLUSTER_SLEEP_0>;
capacity-dmips-mhz = <611>;
- dynamic-power-coefficient = <290>;
+ dynamic-power-coefficient = <154>;
qcom,freq-domain = <&cpufreq_hw 0>;
operating-points-v2 = <&cpu0_opp_table>;
interconnects = <&gladiator_noc MASTER_APPSS_PROC 3 &mem_noc SLAVE_EBI1 3>,
@@ -244,7 +244,7 @@
&LITTLE_CPU_SLEEP_1
&CLUSTER_SLEEP_0>;
capacity-dmips-mhz = <611>;
- dynamic-power-coefficient = <290>;
+ dynamic-power-coefficient = <154>;
qcom,freq-domain = <&cpufreq_hw 0>;
operating-points-v2 = <&cpu0_opp_table>;
interconnects = <&gladiator_noc MASTER_APPSS_PROC 3 &mem_noc SLAVE_EBI1 3>,
@@ -266,7 +266,7 @@
&LITTLE_CPU_SLEEP_1
&CLUSTER_SLEEP_0>;
capacity-dmips-mhz = <611>;
- dynamic-power-coefficient = <290>;
+ dynamic-power-coefficient = <154>;
qcom,freq-domain = <&cpufreq_hw 0>;
operating-points-v2 = <&cpu0_opp_table>;
interconnects = <&gladiator_noc MASTER_APPSS_PROC 3 &mem_noc SLAVE_EBI1 3>,
^ permalink raw reply [flat|nested] 391+ messages in thread
* Re: [PATCH 5.15 000/371] 5.15.111-rc1 review
2023-05-08 9:43 [PATCH 5.15 000/371] 5.15.111-rc1 review Greg Kroah-Hartman
` (370 preceding siblings ...)
2023-05-08 9:49 ` [PATCH 5.15 371/371] arm64: dts: qcom: sdm845: correct dynamic power coefficients - again Greg Kroah-Hartman
@ 2023-05-08 18:01 ` Florian Fainelli
2023-05-08 21:30 ` Shuah Khan
` (2 subsequent siblings)
374 siblings, 0 replies; 391+ messages in thread
From: Florian Fainelli @ 2023-05-08 18:01 UTC (permalink / raw)
To: Greg Kroah-Hartman, stable
Cc: patches, linux-kernel, torvalds, akpm, linux, shuah, patches,
lkft-triage, pavel, jonathanh, sudipm.mukherjee, srw, rwarsow
On 5/8/23 02:43, Greg Kroah-Hartman wrote:
> This is the start of the stable review cycle for the 5.15.111 release.
> There are 371 patches in this series, all will be posted as a response
> to this one. If anyone has any issues with these being applied, please
> let me know.
>
> Responses should be made by Wed, 10 May 2023 09:47:07 +0000.
> Anything received after that time might be too late.
>
> The whole patch series can be found in one patch at:
> https://www.kernel.org/pub/linux/kernel/v5.x/stable-review/patch-5.15.111-rc1.gz
> or in the git tree and branch at:
> git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-5.15.y
> and the diffstat can be found below.
>
> thanks,
>
> greg k-h
On ARCH_BRCMSTB using 32-bit and 64-bit ARM kernels, build tested on
BMIPS_GENERIC:
Tested-by: Florian Fainelli <f.fainelli@gmail.com>
--
Florian
^ permalink raw reply [flat|nested] 391+ messages in thread
* Re: [PATCH 5.15 000/371] 5.15.111-rc1 review
2023-05-08 9:43 [PATCH 5.15 000/371] 5.15.111-rc1 review Greg Kroah-Hartman
` (371 preceding siblings ...)
2023-05-08 18:01 ` [PATCH 5.15 000/371] 5.15.111-rc1 review Florian Fainelli
@ 2023-05-08 21:30 ` Shuah Khan
2023-05-09 2:07 ` Bagas Sanjaya
2023-05-16 8:21 ` Bagas Sanjaya
374 siblings, 0 replies; 391+ messages in thread
From: Shuah Khan @ 2023-05-08 21:30 UTC (permalink / raw)
To: Greg Kroah-Hartman, stable
Cc: patches, linux-kernel, torvalds, akpm, linux, shuah, patches,
lkft-triage, pavel, jonathanh, f.fainelli, sudipm.mukherjee, srw,
rwarsow, Shuah Khan
On 5/8/23 03:43, Greg Kroah-Hartman wrote:
> This is the start of the stable review cycle for the 5.15.111 release.
> There are 371 patches in this series, all will be posted as a response
> to this one. If anyone has any issues with these being applied, please
> let me know.
>
> Responses should be made by Wed, 10 May 2023 09:47:07 +0000.
> Anything received after that time might be too late.
>
> The whole patch series can be found in one patch at:
> https://www.kernel.org/pub/linux/kernel/v5.x/stable-review/patch-5.15.111-rc1.gz
> or in the git tree and branch at:
> git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-5.15.y
> and the diffstat can be found below.
>
> thanks,
>
> greg k-h
>
Compiled and booted on my test system. No dmesg regressions.
Tested-by: Shuah Khan <skhan@linuxfoundation.org>
thanks,
-- Shuah
^ permalink raw reply [flat|nested] 391+ messages in thread
* Re: [PATCH 5.15 000/371] 5.15.111-rc1 review
2023-05-08 9:43 [PATCH 5.15 000/371] 5.15.111-rc1 review Greg Kroah-Hartman
` (372 preceding siblings ...)
2023-05-08 21:30 ` Shuah Khan
@ 2023-05-09 2:07 ` Bagas Sanjaya
2023-05-16 8:21 ` Bagas Sanjaya
374 siblings, 0 replies; 391+ messages in thread
From: Bagas Sanjaya @ 2023-05-09 2:07 UTC (permalink / raw)
To: Greg Kroah-Hartman, stable
Cc: patches, linux-kernel, torvalds, akpm, linux, shuah, patches,
lkft-triage, pavel, jonathanh, f.fainelli, sudipm.mukherjee, srw,
rwarsow
[-- Attachment #1: Type: text/plain, Size: 556 bytes --]
On Mon, May 08, 2023 at 11:43:21AM +0200, Greg Kroah-Hartman wrote:
> This is the start of the stable review cycle for the 5.15.111 release.
> There are 371 patches in this series, all will be posted as a response
> to this one. If anyone has any issues with these being applied, please
> let me know.
>
Successfully built bindeb-pkgs for my computer (Acer Aspire E15, Intel
Core i3 Haswell) and booted. No noticeable regressions.
Tested-by: Bagas Sanjaya <bagasdotme@gmail.com>
--
An old man doll... just what I always wanted! - Clara
[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 228 bytes --]
^ permalink raw reply [flat|nested] 391+ messages in thread
* Re: [PATCH 5.15 070/371] tpm, tpm_tis: Claim locality before writing interrupt registers
2023-05-08 9:44 ` [PATCH 5.15 070/371] tpm, tpm_tis: Claim locality before writing interrupt registers Greg Kroah-Hartman
@ 2023-05-15 15:37 ` Felix Riemann
2023-05-24 1:07 ` Jarkko Sakkinen
0 siblings, 1 reply; 391+ messages in thread
From: Felix Riemann @ 2023-05-15 15:37 UTC (permalink / raw)
To: gregkh; +Cc: Felix Riemann, jarkko, l.sanfilippo, patches, sashal, stable
Hi!
> [ Upstream commit 15d7aa4e46eba87242a320f39773aa16faddadee ]
>
> In tpm_tis_probe_single_irq() interrupt registers TPM_INT_VECTOR,
> TPM_INT_STATUS and TPM_INT_ENABLE are modified to setup the interrupts.
> Currently these modifications are done without holding a locality thus they
> have no effect. Fix this by claiming the (default) locality before the
> registers are written.
>
> Since now tpm_tis_gen_interrupt() is called with the locality already
> claimed remove locality request and release from this function.
On systems with SPI-connected TPM and the interrupt still configured
(despite it not working before) this may introduce a kernel crash.
The issue is that it will now trigger an SPI transfer (which will wait)
from the IRQ handler:
BUG: scheduling while atomic: systemd-journal/272/0x00010001
Modules linked in: spi_fsl_lpspi
CPU: 0 PID: 272 Comm: systemd-journal Not tainted 5.15.111-06679-g56b9923f2840 #50
Call trace:
dump_backtrace+0x0/0x1e0
show_stack+0x18/0x40
dump_stack_lvl+0x68/0x84
dump_stack+0x18/0x34
__schedule_bug+0x54/0x70
__schedule+0x664/0x760
schedule+0x88/0x100
schedule_timeout+0x80/0xf0
wait_for_completion_timeout+0x80/0x10c
fsl_lpspi_transfer_one+0x25c/0x4ac [spi_fsl_lpspi]
spi_transfer_one_message+0x22c/0x440
__spi_pump_messages+0x330/0x5b4
__spi_sync+0x230/0x264
spi_sync_locked+0x10/0x20
tpm_tis_spi_transfer+0x1ec/0x250
tpm_tis_spi_read_bytes+0x14/0x20
tpm_tis_spi_read32+0x38/0x70
tis_int_handler+0x48/0x15c
*snip*
The immediate error is fixable by also picking 0c7e66e5fd ("tpm, tpm_tis:
Request threaded interrupt handler") from the same patchset[1]. However, as
the driver's IRQ test logic is still faulty it will fail the check and fall
back to the polling behaviour without actually disabling the IRQ in hard-
and software again. For this at least e644b2f498 ("tpm, tpm_tis: Enable
interrupt test") and 0e069265bc ("tpm, tpm_tis: Claim locality in interrupt
handler") are necessary.
At this point 9 of the set's 14 patches are applied and I am not sure
whether it's better to pick the remaining five patches as well or just
revert the initial six patches. Especially considering there were initially
no plans to submit these patches to stable[2] and the IRQ feature was (at
least on SPI) not working before.
Regards,
Felix
[1] https://lore.kernel.org/lkml/20221124135538.31020-1-LinoSanfilippo@gmx.de/
[2] https://lore.kernel.org/lkml/CS48ZBNWI6T9.1CU08I6KDVM65@suppilovahvero/
^ permalink raw reply [flat|nested] 391+ messages in thread
* Re: [PATCH 5.15 000/371] 5.15.111-rc1 review
2023-05-08 9:43 [PATCH 5.15 000/371] 5.15.111-rc1 review Greg Kroah-Hartman
` (373 preceding siblings ...)
2023-05-09 2:07 ` Bagas Sanjaya
@ 2023-05-16 8:21 ` Bagas Sanjaya
374 siblings, 0 replies; 391+ messages in thread
From: Bagas Sanjaya @ 2023-05-16 8:21 UTC (permalink / raw)
To: Greg Kroah-Hartman, stable
Cc: patches, linux-kernel, torvalds, akpm, linux, shuah, patches,
lkft-triage, pavel, jonathanh, f.fainelli, sudipm.mukherjee, srw,
rwarsow
[-- Attachment #1: Type: text/plain, Size: 561 bytes --]
On Mon, May 08, 2023 at 11:43:21AM +0200, Greg Kroah-Hartman wrote:
> This is the start of the stable review cycle for the 5.15.111 release.
> There are 371 patches in this series, all will be posted as a response
> to this one. If anyone has any issues with these being applied, please
> let me know.
>
Successfully compiled and installed bindeb-pkgs on my computer (Acer
Aspire E15, Intel Core i3 Haswell). No noticeable regressions.
Tested-by: Bagas Sanjaya <bagasdotme@gmail.com>
--
An old man doll... just what I always wanted! - Clara
[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 228 bytes --]
^ permalink raw reply [flat|nested] 391+ messages in thread
* Re: [PATCH 5.15 070/371] tpm, tpm_tis: Claim locality before writing interrupt registers
2023-05-15 15:37 ` Felix Riemann
@ 2023-05-24 1:07 ` Jarkko Sakkinen
2023-06-09 9:07 ` Greg KH
0 siblings, 1 reply; 391+ messages in thread
From: Jarkko Sakkinen @ 2023-05-24 1:07 UTC (permalink / raw)
To: Felix Riemann, gregkh; +Cc: l.sanfilippo, patches, sashal, stable
On Mon, 2023-05-15 at 17:37 +0200, Felix Riemann wrote:
> Hi!
>
> > [ Upstream commit 15d7aa4e46eba87242a320f39773aa16faddadee ]
> >
> > In tpm_tis_probe_single_irq() interrupt registers TPM_INT_VECTOR,
> > TPM_INT_STATUS and TPM_INT_ENABLE are modified to setup the interrupts.
> > Currently these modifications are done without holding a locality thus they
> > have no effect. Fix this by claiming the (default) locality before the
> > registers are written.
> >
> > Since now tpm_tis_gen_interrupt() is called with the locality already
> > claimed remove locality request and release from this function.
>
> On systems with SPI-connected TPM and the interrupt still configured
> (despite it not working before) this may introduce a kernel crash.
> The issue is that it will now trigger an SPI transfer (which will wait)
> from the IRQ handler:
>
> BUG: scheduling while atomic: systemd-journal/272/0x00010001
> Modules linked in: spi_fsl_lpspi
> CPU: 0 PID: 272 Comm: systemd-journal Not tainted 5.15.111-06679-g56b9923f2840 #50
> Call trace:
> dump_backtrace+0x0/0x1e0
> show_stack+0x18/0x40
> dump_stack_lvl+0x68/0x84
> dump_stack+0x18/0x34
> __schedule_bug+0x54/0x70
> __schedule+0x664/0x760
> schedule+0x88/0x100
> schedule_timeout+0x80/0xf0
> wait_for_completion_timeout+0x80/0x10c
> fsl_lpspi_transfer_one+0x25c/0x4ac [spi_fsl_lpspi]
> spi_transfer_one_message+0x22c/0x440
> __spi_pump_messages+0x330/0x5b4
> __spi_sync+0x230/0x264
> spi_sync_locked+0x10/0x20
> tpm_tis_spi_transfer+0x1ec/0x250
> tpm_tis_spi_read_bytes+0x14/0x20
> tpm_tis_spi_read32+0x38/0x70
> tis_int_handler+0x48/0x15c
> *snip*
>
> The immediate error is fixable by also picking 0c7e66e5fd ("tpm, tpm_tis:
> Request threaded interrupt handler") from the same patchset[1]. However, as
> the driver's IRQ test logic is still faulty it will fail the check and fall
> back to the polling behaviour without actually disabling the IRQ in hard-
> and software again. For this at least e644b2f498 ("tpm, tpm_tis: Enable
> interrupt test") and 0e069265bc ("tpm, tpm_tis: Claim locality in interrupt
> handler") are necessary.
>
> At this point 9 of the set's 14 patches are applied and I am not sure
> whether it's better to pick the remaining five patches as well or just
> revert the initial six patches. Especially considering there were initially
> no plans to submit these patches to stable[2] and the IRQ feature was (at
> least on SPI) not working before.
I think the right thing to do would be to revert 6 initial patches.
>
> Regards,
>
> Felix
>
> [1] https://lore.kernel.org/lkml/20221124135538.31020-1-LinoSanfilippo@gmx.de/
> [2] https://lore.kernel.org/lkml/CS48ZBNWI6T9.1CU08I6KDVM65@suppilovahvero/
BR, Jarkko
^ permalink raw reply [flat|nested] 391+ messages in thread
* Re: [PATCH 5.15 070/371] tpm, tpm_tis: Claim locality before writing interrupt registers
2023-05-24 1:07 ` Jarkko Sakkinen
@ 2023-06-09 9:07 ` Greg KH
2023-06-09 15:42 ` Lino Sanfilippo
0 siblings, 1 reply; 391+ messages in thread
From: Greg KH @ 2023-06-09 9:07 UTC (permalink / raw)
To: Jarkko Sakkinen; +Cc: Felix Riemann, l.sanfilippo, patches, sashal, stable
On Wed, May 24, 2023 at 04:07:41AM +0300, Jarkko Sakkinen wrote:
> On Mon, 2023-05-15 at 17:37 +0200, Felix Riemann wrote:
> > Hi!
> >
> > > [ Upstream commit 15d7aa4e46eba87242a320f39773aa16faddadee ]
> > >
> > > In tpm_tis_probe_single_irq() interrupt registers TPM_INT_VECTOR,
> > > TPM_INT_STATUS and TPM_INT_ENABLE are modified to setup the interrupts.
> > > Currently these modifications are done without holding a locality thus they
> > > have no effect. Fix this by claiming the (default) locality before the
> > > registers are written.
> > >
> > > Since now tpm_tis_gen_interrupt() is called with the locality already
> > > claimed remove locality request and release from this function.
> >
> > On systems with SPI-connected TPM and the interrupt still configured
> > (despite it not working before) this may introduce a kernel crash.
> > The issue is that it will now trigger an SPI transfer (which will wait)
> > from the IRQ handler:
> >
> > BUG: scheduling while atomic: systemd-journal/272/0x00010001
> > Modules linked in: spi_fsl_lpspi
> > CPU: 0 PID: 272 Comm: systemd-journal Not tainted 5.15.111-06679-g56b9923f2840 #50
> > Call trace:
> > dump_backtrace+0x0/0x1e0
> > show_stack+0x18/0x40
> > dump_stack_lvl+0x68/0x84
> > dump_stack+0x18/0x34
> > __schedule_bug+0x54/0x70
> > __schedule+0x664/0x760
> > schedule+0x88/0x100
> > schedule_timeout+0x80/0xf0
> > wait_for_completion_timeout+0x80/0x10c
> > fsl_lpspi_transfer_one+0x25c/0x4ac [spi_fsl_lpspi]
> > spi_transfer_one_message+0x22c/0x440
> > __spi_pump_messages+0x330/0x5b4
> > __spi_sync+0x230/0x264
> > spi_sync_locked+0x10/0x20
> > tpm_tis_spi_transfer+0x1ec/0x250
> > tpm_tis_spi_read_bytes+0x14/0x20
> > tpm_tis_spi_read32+0x38/0x70
> > tis_int_handler+0x48/0x15c
> > *snip*
> >
> > The immediate error is fixable by also picking 0c7e66e5fd ("tpm, tpm_tis:
> > Request threaded interrupt handler") from the same patchset[1]. However, as
> > the driver's IRQ test logic is still faulty it will fail the check and fall
> > back to the polling behaviour without actually disabling the IRQ in hard-
> > and software again. For this at least e644b2f498 ("tpm, tpm_tis: Enable
> > interrupt test") and 0e069265bc ("tpm, tpm_tis: Claim locality in interrupt
> > handler") are necessary.
> >
> > At this point 9 of the set's 14 patches are applied and I am not sure
> > whether it's better to pick the remaining five patches as well or just
> > revert the initial six patches. Especially considering there were initially
> > no plans to submit these patches to stable[2] and the IRQ feature was (at
> > least on SPI) not working before.
>
> I think the right thing to do would be to revert 6 initial patches.
Ok, I think this isn't needed anymore with the latest 5.15.116 release,
right? If not, please let me know.
thanks,
greg k-h
^ permalink raw reply [flat|nested] 391+ messages in thread
* Re: [PATCH 5.15 070/371] tpm, tpm_tis: Claim locality before writing interrupt registers
2023-06-09 9:07 ` Greg KH
@ 2023-06-09 15:42 ` Lino Sanfilippo
2023-06-12 8:50 ` Felix Riemann
2023-06-21 18:45 ` Greg KH
0 siblings, 2 replies; 391+ messages in thread
From: Lino Sanfilippo @ 2023-06-09 15:42 UTC (permalink / raw)
To: Greg KH, Jarkko Sakkinen; +Cc: Felix Riemann, patches, sashal, stable
Hi,
On 09.06.23 11:07, Greg KH wrote:
>
> On Wed, May 24, 2023 at 04:07:41AM +0300, Jarkko Sakkinen wrote:
>> On Mon, 2023-05-15 at 17:37 +0200, Felix Riemann wrote:
>>> Hi!
>>>
>>>> [ Upstream commit 15d7aa4e46eba87242a320f39773aa16faddadee ]
>>>>
>>>> In tpm_tis_probe_single_irq() interrupt registers TPM_INT_VECTOR,
>>>> TPM_INT_STATUS and TPM_INT_ENABLE are modified to setup the interrupts.
>>>> Currently these modifications are done without holding a locality thus they
>>>> have no effect. Fix this by claiming the (default) locality before the
>>>> registers are written.
>>>>
>>>> Since now tpm_tis_gen_interrupt() is called with the locality already
>>>> claimed remove locality request and release from this function.
>>>
>>> On systems with SPI-connected TPM and the interrupt still configured
>>> (despite it not working before) this may introduce a kernel crash.
>>> The issue is that it will now trigger an SPI transfer (which will wait)
>>> from the IRQ handler:
>>>
>>> BUG: scheduling while atomic: systemd-journal/272/0x00010001
>>> Modules linked in: spi_fsl_lpspi
>>> CPU: 0 PID: 272 Comm: systemd-journal Not tainted 5.15.111-06679-g56b9923f2840 #50
>>> Call trace:
>>> dump_backtrace+0x0/0x1e0
>>> show_stack+0x18/0x40
>>> dump_stack_lvl+0x68/0x84
>>> dump_stack+0x18/0x34
>>> __schedule_bug+0x54/0x70
>>> __schedule+0x664/0x760
>>> schedule+0x88/0x100
>>> schedule_timeout+0x80/0xf0
>>> wait_for_completion_timeout+0x80/0x10c
>>> fsl_lpspi_transfer_one+0x25c/0x4ac [spi_fsl_lpspi]
>>> spi_transfer_one_message+0x22c/0x440
>>> __spi_pump_messages+0x330/0x5b4
>>> __spi_sync+0x230/0x264
>>> spi_sync_locked+0x10/0x20
>>> tpm_tis_spi_transfer+0x1ec/0x250
>>> tpm_tis_spi_read_bytes+0x14/0x20
>>> tpm_tis_spi_read32+0x38/0x70
>>> tis_int_handler+0x48/0x15c
>>> *snip*
>>>
>>> The immediate error is fixable by also picking 0c7e66e5fd ("tpm, tpm_tis:
>>> Request threaded interrupt handler") from the same patchset[1].
>>> However, as
>>> the driver's IRQ test logic is still faulty it will fail the check and fall
>>> back to the polling behaviour without actually disabling the IRQ in hard-
>>> and software again. For this at least e644b2f498 ("tpm, tpm_tis: Enable
>>> interrupt test") and 0e069265bc ("tpm, tpm_tis: Claim locality in interrupt
>>> handler") are necessary.
>>>
>>> At this point 9 of the set's 14 patches are applied and I am not sure
>>> whether it's better to pick the remaining five patches as well or just
>>> revert the initial six patches. Especially considering there were initially
>>> no plans to submit these patches to stable[2] and the IRQ feature was (at
>>> least on SPI) not working before.
>>
>> I think the right thing to do would be to revert 6 initial patches.
>
> Ok, I think this isn't needed anymore with the latest 5.15.116 release,
> right? If not, please let me know.
>
With 0c7e66e5fd ("tpm, tpm_tis: Request threaded interrupt handler") applied the
above bug is fixed in 5.15.y. There is however still the issue that the interrupts may
not be acknowledged properly in the interrupt handler, since the concerning register is written
without the required locality held (Felix mentions this above).
This can be fixed with 0e069265bce5 ("tpm, tpm_tis: Claim locality in interrupt handler").
So instead of reverting the initial patches, I suggest to
1. also apply 0e069265bce5 ("tpm, tpm_tis: Claim locality in interrupt handler")
or
2. revert the commit that enables TPM interrupts in the first place, namely 140735c46d37
("tpm, tpm_tis: Claim locality before writing interrupt registers").
The situation is similar in stable branches 5.10.y, 6.1.y and 6.3.y.
Regards,
Lino
^ permalink raw reply [flat|nested] 391+ messages in thread
* RE: [PATCH 5.15 070/371] tpm, tpm_tis: Claim locality before writing interrupt registers
2023-06-09 15:42 ` Lino Sanfilippo
@ 2023-06-12 8:50 ` Felix Riemann
2023-06-21 18:45 ` Greg KH
1 sibling, 0 replies; 391+ messages in thread
From: Felix Riemann @ 2023-06-12 8:50 UTC (permalink / raw)
To: Lino Sanfilippo, Greg KH, Jarkko Sakkinen; +Cc: patches, sashal, stable
Hi,
> > Ok, I think this isn't needed anymore with the latest 5.15.116
> > release, right? If not, please let me know.
> >
>
>
> With 0c7e66e5fd ("tpm, tpm_tis: Request threaded interrupt handler") applied
> the above bug is fixed in 5.15.y. There is however still the issue that the interrupts
> may not be acknowledged properly in the interrupt handler, since the concerning
> register is written without the required locality held (Felix mentions this above).
> This can be fixed with 0e069265bce5 ("tpm, tpm_tis: Claim locality in interrupt
> handler").
>
> So instead of reverting the initial patches, I suggest to
>
> 1. also apply 0e069265bce5 ("tpm, tpm_tis: Claim locality in interrupt handler")
>
Yes, that one's needed to avoid the IRQ being permanently triggered.
If I remember correctly ( I disabled the IRQ for now) e644b2f498 ("tpm,
tpm_tis: Enable interrupt test") was also necessary to fix the interrupt
testing logic.
Without it the interrupt wouldn't be tested and the driver would poll the TPM
again. But since the test didn't execute, the IRQ would also stay enabled in
both the TPM and the host. So, looking at /proc/interrupts one could see the
TPM's IRQ counter being registered and counting up during use.
That's where I stopped trying because I was unsure if the remaining patches
from Lino's patchset were also necessary. It didn't do anything obviously bad
when I poked the TPM for random numbers or hashes for a quick test. But I
didn't test other (more complex) TPM operations then.
Regards,
Felix
___________________________________________________
SMA Solar Technology AG
Vorsitzender des Aufsichtsrats: Uwe Kleinkauf
Vorstand: Dr.-Ing. Juergen Reinert (Vorstandssprecher), Barbara Gregor
Handelsregister: Amtsgericht Kassel HRB 3972
Sitz der Gesellschaft: 34266 Niestetal
USt-ID-Nr. DE 113 08 59 54
WEEE-Reg.-Nr. DE 95881150
___________________________________________________
^ permalink raw reply [flat|nested] 391+ messages in thread
* Re: [PATCH 5.15 070/371] tpm, tpm_tis: Claim locality before writing interrupt registers
2023-06-09 15:42 ` Lino Sanfilippo
2023-06-12 8:50 ` Felix Riemann
@ 2023-06-21 18:45 ` Greg KH
2023-07-14 17:15 ` Lino Sanfilippo
1 sibling, 1 reply; 391+ messages in thread
From: Greg KH @ 2023-06-21 18:45 UTC (permalink / raw)
To: Lino Sanfilippo; +Cc: Jarkko Sakkinen, Felix Riemann, patches, sashal, stable
On Fri, Jun 09, 2023 at 05:42:20PM +0200, Lino Sanfilippo wrote:
> Hi,
>
> On 09.06.23 11:07, Greg KH wrote:
> >
> > On Wed, May 24, 2023 at 04:07:41AM +0300, Jarkko Sakkinen wrote:
> >> On Mon, 2023-05-15 at 17:37 +0200, Felix Riemann wrote:
> >>> Hi!
> >>>
> >>>> [ Upstream commit 15d7aa4e46eba87242a320f39773aa16faddadee ]
> >>>>
> >>>> In tpm_tis_probe_single_irq() interrupt registers TPM_INT_VECTOR,
> >>>> TPM_INT_STATUS and TPM_INT_ENABLE are modified to setup the interrupts.
> >>>> Currently these modifications are done without holding a locality thus they
> >>>> have no effect. Fix this by claiming the (default) locality before the
> >>>> registers are written.
> >>>>
> >>>> Since now tpm_tis_gen_interrupt() is called with the locality already
> >>>> claimed remove locality request and release from this function.
> >>>
> >>> On systems with SPI-connected TPM and the interrupt still configured
> >>> (despite it not working before) this may introduce a kernel crash.
> >>> The issue is that it will now trigger an SPI transfer (which will wait)
> >>> from the IRQ handler:
> >>>
> >>> BUG: scheduling while atomic: systemd-journal/272/0x00010001
> >>> Modules linked in: spi_fsl_lpspi
> >>> CPU: 0 PID: 272 Comm: systemd-journal Not tainted 5.15.111-06679-g56b9923f2840 #50
> >>> Call trace:
> >>> dump_backtrace+0x0/0x1e0
> >>> show_stack+0x18/0x40
> >>> dump_stack_lvl+0x68/0x84
> >>> dump_stack+0x18/0x34
> >>> __schedule_bug+0x54/0x70
> >>> __schedule+0x664/0x760
> >>> schedule+0x88/0x100
> >>> schedule_timeout+0x80/0xf0
> >>> wait_for_completion_timeout+0x80/0x10c
> >>> fsl_lpspi_transfer_one+0x25c/0x4ac [spi_fsl_lpspi]
> >>> spi_transfer_one_message+0x22c/0x440
> >>> __spi_pump_messages+0x330/0x5b4
> >>> __spi_sync+0x230/0x264
> >>> spi_sync_locked+0x10/0x20
> >>> tpm_tis_spi_transfer+0x1ec/0x250
> >>> tpm_tis_spi_read_bytes+0x14/0x20
> >>> tpm_tis_spi_read32+0x38/0x70
> >>> tis_int_handler+0x48/0x15c
> >>> *snip*
> >>>
> >>> The immediate error is fixable by also picking 0c7e66e5fd ("tpm, tpm_tis:
> >>> Request threaded interrupt handler") from the same patchset[1].
> >>> However, as
> >>> the driver's IRQ test logic is still faulty it will fail the check and fall
> >>> back to the polling behaviour without actually disabling the IRQ in hard-
> >>> and software again. For this at least e644b2f498 ("tpm, tpm_tis: Enable
> >>> interrupt test") and 0e069265bc ("tpm, tpm_tis: Claim locality in interrupt
> >>> handler") are necessary.
> >>>
> >>> At this point 9 of the set's 14 patches are applied and I am not sure
> >>> whether it's better to pick the remaining five patches as well or just
> >>> revert the initial six patches. Especially considering there were initially
> >>> no plans to submit these patches to stable[2] and the IRQ feature was (at
> >>> least on SPI) not working before.
> >>
> >> I think the right thing to do would be to revert 6 initial patches.
> >
> > Ok, I think this isn't needed anymore with the latest 5.15.116 release,
> > right? If not, please let me know.
> >
>
>
> With 0c7e66e5fd ("tpm, tpm_tis: Request threaded interrupt handler") applied the
> above bug is fixed in 5.15.y. There is however still the issue that the interrupts may
> not be acknowledged properly in the interrupt handler, since the concerning register is written
> without the required locality held (Felix mentions this above).
> This can be fixed with 0e069265bce5 ("tpm, tpm_tis: Claim locality in interrupt handler").
>
> So instead of reverting the initial patches, I suggest to
>
> 1. also apply 0e069265bce5 ("tpm, tpm_tis: Claim locality in interrupt handler")
I've now done this, thanks.
greg k-h
^ permalink raw reply [flat|nested] 391+ messages in thread
* Re: [PATCH 5.15 070/371] tpm, tpm_tis: Claim locality before writing interrupt registers
2023-06-21 18:45 ` Greg KH
@ 2023-07-14 17:15 ` Lino Sanfilippo
2023-07-16 15:18 ` Greg KH
0 siblings, 1 reply; 391+ messages in thread
From: Lino Sanfilippo @ 2023-07-14 17:15 UTC (permalink / raw)
To: Greg KH
Cc: Jarkko Sakkinen, Felix Riemann, patches, sashal, stable, Lino Sanfilippo
Hi Greg,
On 21.06.23 20:45, Greg KH wrote:
> On Fri, Jun 09, 2023 at 05:42:20PM +0200, Lino Sanfilippo wrote:
>> Hi,
>>
>> On 09.06.23 11:07, Greg KH wrote:
>>>
>>> On Wed, May 24, 2023 at 04:07:41AM +0300, Jarkko Sakkinen wrote:
>>>> On Mon, 2023-05-15 at 17:37 +0200, Felix Riemann wrote:
>>>>> Hi!
>>>>>
>>>>>> [ Upstream commit 15d7aa4e46eba87242a320f39773aa16faddadee ]
>>>>>>
>>>>>> In tpm_tis_probe_single_irq() interrupt registers TPM_INT_VECTOR,
>>>>>> TPM_INT_STATUS and TPM_INT_ENABLE are modified to setup the interrupts.
>>>>>> Currently these modifications are done without holding a locality thus they
>>>>>> have no effect. Fix this by claiming the (default) locality before the
>>>>>> registers are written.
>>>>>>
>>>>>> Since now tpm_tis_gen_interrupt() is called with the locality already
>>>>>> claimed remove locality request and release from this function.
>>>>>
>>>>> On systems with SPI-connected TPM and the interrupt still configured
>>>>> (despite it not working before) this may introduce a kernel crash.
>>>>> The issue is that it will now trigger an SPI transfer (which will wait)
>>>>> from the IRQ handler:
>>>>>
>>>>> BUG: scheduling while atomic: systemd-journal/272/0x00010001
>>>>> Modules linked in: spi_fsl_lpspi
>>>>> CPU: 0 PID: 272 Comm: systemd-journal Not tainted 5.15.111-06679-g56b9923f2840 #50
>>>>> Call trace:
>>>>> dump_backtrace+0x0/0x1e0
>>>>> show_stack+0x18/0x40
>>>>> dump_stack_lvl+0x68/0x84
>>>>> dump_stack+0x18/0x34
>>>>> __schedule_bug+0x54/0x70
>>>>> __schedule+0x664/0x760
>>>>> schedule+0x88/0x100
>>>>> schedule_timeout+0x80/0xf0
>>>>> wait_for_completion_timeout+0x80/0x10c
>>>>> fsl_lpspi_transfer_one+0x25c/0x4ac [spi_fsl_lpspi]
>>>>> spi_transfer_one_message+0x22c/0x440
>>>>> __spi_pump_messages+0x330/0x5b4
>>>>> __spi_sync+0x230/0x264
>>>>> spi_sync_locked+0x10/0x20
>>>>> tpm_tis_spi_transfer+0x1ec/0x250
>>>>> tpm_tis_spi_read_bytes+0x14/0x20
>>>>> tpm_tis_spi_read32+0x38/0x70
>>>>> tis_int_handler+0x48/0x15c
>>>>> *snip*
>>>>>
>>>>> The immediate error is fixable by also picking 0c7e66e5fd ("tpm, tpm_tis:
>>>>> Request threaded interrupt handler") from the same patchset[1].
>>>>> However, as
>>>>> the driver's IRQ test logic is still faulty it will fail the check and fall
>>>>> back to the polling behaviour without actually disabling the IRQ in hard-
>>>>> and software again. For this at least e644b2f498 ("tpm, tpm_tis: Enable
>>>>> interrupt test") and 0e069265bc ("tpm, tpm_tis: Claim locality in interrupt
>>>>> handler") are necessary.
>>>>>
>>>>> At this point 9 of the set's 14 patches are applied and I am not sure
>>>>> whether it's better to pick the remaining five patches as well or just
>>>>> revert the initial six patches. Especially considering there were initially
>>>>> no plans to submit these patches to stable[2] and the IRQ feature was (at
>>>>> least on SPI) not working before.
>>>>
>>>> I think the right thing to do would be to revert 6 initial patches.
>>>
>>> Ok, I think this isn't needed anymore with the latest 5.15.116 release,
>>> right? If not, please let me know.
>>>
>>
>>
>> With 0c7e66e5fd ("tpm, tpm_tis: Request threaded interrupt handler") applied the
>> above bug is fixed in 5.15.y. There is however still the issue that the interrupts may
>> not be acknowledged properly in the interrupt handler, since the concerning register is written
>> without the required locality held (Felix mentions this above).
>> This can be fixed with 0e069265bce5 ("tpm, tpm_tis: Claim locality in interrupt handler").
>>
>> So instead of reverting the initial patches, I suggest to
>>
>> 1. also apply 0e069265bce5 ("tpm, tpm_tis: Claim locality in interrupt handler")
>
> I've now done this, thanks.
>
> greg k-h
While 5.15.y, 6.1.y and 6.3.y should be fine AFAICS commit
0e069265bc ("tpm, tpm_tis: Claim locality in interrupt handler") is
still missing in 5.10.y. This commit is needed to make sure that TPM interrupts
are properly acknowledge (see text above).
Best regards,
Lino
^ permalink raw reply [flat|nested] 391+ messages in thread
* Re: [PATCH 5.15 070/371] tpm, tpm_tis: Claim locality before writing interrupt registers
2023-07-14 17:15 ` Lino Sanfilippo
@ 2023-07-16 15:18 ` Greg KH
2023-07-16 15:36 ` Lino Sanfilippo
0 siblings, 1 reply; 391+ messages in thread
From: Greg KH @ 2023-07-16 15:18 UTC (permalink / raw)
To: Lino Sanfilippo; +Cc: Jarkko Sakkinen, Felix Riemann, patches, sashal, stable
On Fri, Jul 14, 2023 at 07:15:38PM +0200, Lino Sanfilippo wrote:
> Hi Greg,
>
> On 21.06.23 20:45, Greg KH wrote:
>
> > On Fri, Jun 09, 2023 at 05:42:20PM +0200, Lino Sanfilippo wrote:
> >> Hi,
> >>
> >> On 09.06.23 11:07, Greg KH wrote:
> >>>
> >>> On Wed, May 24, 2023 at 04:07:41AM +0300, Jarkko Sakkinen wrote:
> >>>> On Mon, 2023-05-15 at 17:37 +0200, Felix Riemann wrote:
> >>>>> Hi!
> >>>>>
> >>>>>> [ Upstream commit 15d7aa4e46eba87242a320f39773aa16faddadee ]
> >>>>>>
> >>>>>> In tpm_tis_probe_single_irq() interrupt registers TPM_INT_VECTOR,
> >>>>>> TPM_INT_STATUS and TPM_INT_ENABLE are modified to setup the interrupts.
> >>>>>> Currently these modifications are done without holding a locality thus they
> >>>>>> have no effect. Fix this by claiming the (default) locality before the
> >>>>>> registers are written.
> >>>>>>
> >>>>>> Since now tpm_tis_gen_interrupt() is called with the locality already
> >>>>>> claimed remove locality request and release from this function.
> >>>>>
> >>>>> On systems with SPI-connected TPM and the interrupt still configured
> >>>>> (despite it not working before) this may introduce a kernel crash.
> >>>>> The issue is that it will now trigger an SPI transfer (which will wait)
> >>>>> from the IRQ handler:
> >>>>>
> >>>>> BUG: scheduling while atomic: systemd-journal/272/0x00010001
> >>>>> Modules linked in: spi_fsl_lpspi
> >>>>> CPU: 0 PID: 272 Comm: systemd-journal Not tainted 5.15.111-06679-g56b9923f2840 #50
> >>>>> Call trace:
> >>>>> dump_backtrace+0x0/0x1e0
> >>>>> show_stack+0x18/0x40
> >>>>> dump_stack_lvl+0x68/0x84
> >>>>> dump_stack+0x18/0x34
> >>>>> __schedule_bug+0x54/0x70
> >>>>> __schedule+0x664/0x760
> >>>>> schedule+0x88/0x100
> >>>>> schedule_timeout+0x80/0xf0
> >>>>> wait_for_completion_timeout+0x80/0x10c
> >>>>> fsl_lpspi_transfer_one+0x25c/0x4ac [spi_fsl_lpspi]
> >>>>> spi_transfer_one_message+0x22c/0x440
> >>>>> __spi_pump_messages+0x330/0x5b4
> >>>>> __spi_sync+0x230/0x264
> >>>>> spi_sync_locked+0x10/0x20
> >>>>> tpm_tis_spi_transfer+0x1ec/0x250
> >>>>> tpm_tis_spi_read_bytes+0x14/0x20
> >>>>> tpm_tis_spi_read32+0x38/0x70
> >>>>> tis_int_handler+0x48/0x15c
> >>>>> *snip*
> >>>>>
> >>>>> The immediate error is fixable by also picking 0c7e66e5fd ("tpm, tpm_tis:
> >>>>> Request threaded interrupt handler") from the same patchset[1].
> >>>>> However, as
> >>>>> the driver's IRQ test logic is still faulty it will fail the check and fall
> >>>>> back to the polling behaviour without actually disabling the IRQ in hard-
> >>>>> and software again. For this at least e644b2f498 ("tpm, tpm_tis: Enable
> >>>>> interrupt test") and 0e069265bc ("tpm, tpm_tis: Claim locality in interrupt
> >>>>> handler") are necessary.
> >>>>>
> >>>>> At this point 9 of the set's 14 patches are applied and I am not sure
> >>>>> whether it's better to pick the remaining five patches as well or just
> >>>>> revert the initial six patches. Especially considering there were initially
> >>>>> no plans to submit these patches to stable[2] and the IRQ feature was (at
> >>>>> least on SPI) not working before.
> >>>>
> >>>> I think the right thing to do would be to revert 6 initial patches.
> >>>
> >>> Ok, I think this isn't needed anymore with the latest 5.15.116 release,
> >>> right? If not, please let me know.
> >>>
> >>
> >>
>
>
> >> With 0c7e66e5fd ("tpm, tpm_tis: Request threaded interrupt handler") applied the
> >> above bug is fixed in 5.15.y. There is however still the issue that the interrupts may
> >> not be acknowledged properly in the interrupt handler, since the concerning register is written
> >> without the required locality held (Felix mentions this above).
> >> This can be fixed with 0e069265bce5 ("tpm, tpm_tis: Claim locality in interrupt handler").
> >>
> >> So instead of reverting the initial patches, I suggest to
> >>
> >> 1. also apply 0e069265bce5 ("tpm, tpm_tis: Claim locality in interrupt handler")
> >
> > I've now done this, thanks.
> >
> > greg k-h
>
> While 5.15.y, 6.1.y and 6.3.y should be fine AFAICS commit
> 0e069265bc ("tpm, tpm_tis: Claim locality in interrupt handler") is
> still missing in 5.10.y. This commit is needed to make sure that TPM interrupts
> are properly acknowledge (see text above).
Ok, now queued up, thanks.
greg k-h
^ permalink raw reply [flat|nested] 391+ messages in thread
* Re: [PATCH 5.15 070/371] tpm, tpm_tis: Claim locality before writing interrupt registers
2023-07-16 15:18 ` Greg KH
@ 2023-07-16 15:36 ` Lino Sanfilippo
0 siblings, 0 replies; 391+ messages in thread
From: Lino Sanfilippo @ 2023-07-16 15:36 UTC (permalink / raw)
To: Greg KH; +Cc: Jarkko Sakkinen, Felix Riemann, patches, sashal, stable
On 16.07.23 17:18, Greg KH wrote:
>>
>> While 5.15.y, 6.1.y and 6.3.y should be fine AFAICS commit
>> 0e069265bc ("tpm, tpm_tis: Claim locality in interrupt handler") is
>> still missing in 5.10.y. This commit is needed to make sure that TPM interrupts
>> are properly acknowledge (see text above).
>
> Ok, now queued up, thanks.
>
> greg k-h
Great, thanks a lot!
Regards,
Lino
^ permalink raw reply [flat|nested] 391+ messages in thread
end of thread, other threads:[~2023-07-16 15:36 UTC | newest]
Thread overview: 391+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2023-05-08 9:43 [PATCH 5.15 000/371] 5.15.111-rc1 review Greg Kroah-Hartman
2023-05-08 9:43 ` [PATCH 5.15 001/371] ASOC: Intel: sof_sdw: add quirk for Intel Rooks County NUC M15 Greg Kroah-Hartman
2023-05-08 9:43 ` [PATCH 5.15 002/371] ASoC: soc-pcm: fix hw->formats cleared by soc_pcm_hw_init() for dpcm Greg Kroah-Hartman
2023-05-08 9:43 ` [PATCH 5.15 003/371] x86/hyperv: Block root partition functionality in a Confidential VM Greg Kroah-Hartman
2023-05-08 9:43 ` [PATCH 5.15 004/371] iio: adc: palmas_gpadc: fix NULL dereference on rmmod Greg Kroah-Hartman
2023-05-08 9:43 ` [PATCH 5.15 005/371] ASoC: Intel: bytcr_rt5640: Add quirk for the Acer Iconia One 7 B1-750 Greg Kroah-Hartman
2023-05-08 9:43 ` [PATCH 5.15 006/371] selftests mount: Fix mount_setattr_test builds failed Greg Kroah-Hartman
2023-05-08 9:43 ` [PATCH 5.15 007/371] asm-generic/io.h: suppress endianness warnings for readq() and writeq() Greg Kroah-Hartman
2023-05-08 9:43 ` [PATCH 5.15 008/371] x86/cpu: Add model number for Intel Arrow Lake processor Greg Kroah-Hartman
2023-05-08 9:43 ` [PATCH 5.15 009/371] wireguard: timers: cast enum limits members to int in prints Greg Kroah-Hartman
2023-05-08 9:43 ` [PATCH 5.15 010/371] wifi: mt76: mt7921e: Set memory space enable in PCI_COMMAND if unset Greg Kroah-Hartman
2023-05-08 9:43 ` [PATCH 5.15 011/371] arm64: Always load shadow stack pointer directly from the task struct Greg Kroah-Hartman
2023-05-08 9:43 ` [PATCH 5.15 012/371] arm64: Stash shadow stack pointer in the task struct on interrupt Greg Kroah-Hartman
2023-05-08 9:43 ` [PATCH 5.15 013/371] PCI: pciehp: Fix AB-BA deadlock between reset_lock and device_lock Greg Kroah-Hartman
2023-05-08 9:43 ` [PATCH 5.15 014/371] PCI: qcom: Fix the incorrect register usage in v2.7.0 config Greg Kroah-Hartman
2023-05-08 9:43 ` [PATCH 5.15 015/371] IMA: allow/fix UML builds Greg Kroah-Hartman
2023-05-08 9:43 ` Greg Kroah-Hartman
2023-05-08 9:43 ` [PATCH 5.15 016/371] USB: dwc3: fix runtime pm imbalance on probe errors Greg Kroah-Hartman
2023-05-08 9:43 ` [PATCH 5.15 017/371] USB: dwc3: fix runtime pm imbalance on unbind Greg Kroah-Hartman
2023-05-08 9:43 ` [PATCH 5.15 018/371] hwmon: (k10temp) Check range scale when CUR_TEMP register is read-write Greg Kroah-Hartman
2023-05-08 9:43 ` [PATCH 5.15 019/371] hwmon: (adt7475) Use device_property APIs when configuring polarity Greg Kroah-Hartman
2023-05-08 9:43 ` [PATCH 5.15 020/371] posix-cpu-timers: Implement the missing timer_wait_running callback Greg Kroah-Hartman
2023-05-08 9:43 ` [PATCH 5.15 021/371] blk-mq: release crypto keyslot before reporting I/O complete Greg Kroah-Hartman
2023-05-08 9:43 ` [PATCH 5.15 022/371] blk-crypto: make blk_crypto_evict_key() return void Greg Kroah-Hartman
2023-05-08 9:43 ` [PATCH 5.15 023/371] blk-crypto: make blk_crypto_evict_key() more robust Greg Kroah-Hartman
2023-05-08 9:43 ` [PATCH 5.15 024/371] ext4: use ext4_journal_start/stop for fast commit transactions Greg Kroah-Hartman
2023-05-08 9:43 ` [PATCH 5.15 025/371] staging: iio: resolver: ads1210: fix config mode Greg Kroah-Hartman
2023-05-08 9:43 ` [PATCH 5.15 026/371] tty: Prevent writing chars during tcsetattr TCSADRAIN/FLUSH Greg Kroah-Hartman
2023-05-08 9:43 ` [PATCH 5.15 027/371] xhci: fix debugfs register accesses while suspended Greg Kroah-Hartman
2023-05-08 9:43 ` [PATCH 5.15 028/371] tick/nohz: Fix cpu_is_hotpluggable() by checking with nohz subsystem Greg Kroah-Hartman
2023-05-08 9:43 ` [PATCH 5.15 029/371] MIPS: fw: Allow firmware to pass a empty env Greg Kroah-Hartman
2023-05-08 9:43 ` [PATCH 5.15 030/371] ipmi:ssif: Add send_retries increment Greg Kroah-Hartman
2023-05-08 9:43 ` [PATCH 5.15 031/371] ipmi: fix SSIF not responding under certain cond Greg Kroah-Hartman
2023-05-08 9:43 ` [PATCH 5.15 032/371] kheaders: Use array declaration instead of char Greg Kroah-Hartman
2023-05-08 9:43 ` [PATCH 5.15 033/371] wifi: mt76: add missing locking to protect against concurrent rx/status calls Greg Kroah-Hartman
2023-05-08 9:43 ` [PATCH 5.15 034/371] pwm: meson: Fix axg ao mux parents Greg Kroah-Hartman
2023-05-08 9:43 ` [PATCH 5.15 035/371] pwm: meson: Fix g12a ao clk81 name Greg Kroah-Hartman
2023-05-08 9:43 ` [PATCH 5.15 036/371] soundwire: qcom: correct setting ignore bit on v1.5.1 Greg Kroah-Hartman
2023-05-08 9:43 ` [PATCH 5.15 037/371] pinctrl: qcom: lpass-lpi: set output value before enabling output Greg Kroah-Hartman
2023-05-08 9:43 ` [PATCH 5.15 038/371] ring-buffer: Sync IRQ works before buffer destruction Greg Kroah-Hartman
2023-05-08 9:44 ` [PATCH 5.15 039/371] crypto: api - Demote BUG_ON() in crypto_unregister_alg() to a WARN_ON() Greg Kroah-Hartman
2023-05-08 9:44 ` [PATCH 5.15 040/371] crypto: safexcel - Cleanup ring IRQ workqueues on load failure Greg Kroah-Hartman
2023-05-08 9:44 ` [PATCH 5.15 041/371] rcu: Avoid stack overflow due to __rcu_irq_enter_check_tick() being kprobe-ed Greg Kroah-Hartman
2023-05-08 9:44 ` [PATCH 5.15 042/371] reiserfs: Add security prefix to xattr name in reiserfs_security_write() Greg Kroah-Hartman
2023-05-08 9:44 ` [PATCH 5.15 043/371] KVM: nVMX: Emulate NOPs in L2, and PAUSE if its not intercepted Greg Kroah-Hartman
2023-05-08 9:44 ` [PATCH 5.15 044/371] relayfs: fix out-of-bounds access in relay_file_read Greg Kroah-Hartman
2023-05-08 9:44 ` [PATCH 5.15 045/371] writeback, cgroup: fix null-ptr-deref write in bdi_split_work_to_wbs Greg Kroah-Hartman
2023-05-08 9:44 ` [PATCH 5.15 046/371] ksmbd: call rcu_barrier() in ksmbd_server_exit() Greg Kroah-Hartman
2023-05-08 9:44 ` [PATCH 5.15 047/371] ksmbd: fix NULL pointer dereference in smb2_get_info_filesystem() Greg Kroah-Hartman
2023-05-08 9:44 ` [PATCH 5.15 048/371] ksmbd: fix memleak in session setup Greg Kroah-Hartman
2023-05-08 9:44 ` [PATCH 5.15 049/371] i2c: omap: Fix standard mode false ACK readings Greg Kroah-Hartman
2023-05-08 9:44 ` [PATCH 5.15 050/371] riscv: mm: remove redundant parameter of create_fdt_early_page_table Greg Kroah-Hartman
2023-05-08 9:44 ` [PATCH 5.15 051/371] tracing: Fix permissions for the buffer_percent file Greg Kroah-Hartman
2023-05-08 9:44 ` [PATCH 5.15 052/371] iommu/amd: Fix "Guest Virtual APIC Table Root Pointer" configuration in IRTE Greg Kroah-Hartman
2023-05-08 9:44 ` [PATCH 5.15 053/371] Revert "ubifs: dirty_cow_znode: Fix memleak in error handling path" Greg Kroah-Hartman
2023-05-08 9:44 ` [PATCH 5.15 054/371] ubifs: Fix memleak when insert_old_idx() failed Greg Kroah-Hartman
2023-05-08 9:44 ` [PATCH 5.15 055/371] ubi: Fix return value overwrite issue in try_write_vid_and_data() Greg Kroah-Hartman
2023-05-08 9:44 ` [PATCH 5.15 056/371] ubifs: Free memory for tmpfile name Greg Kroah-Hartman
2023-05-08 9:44 ` [PATCH 5.15 057/371] xfs: dont consider future format versions valid Greg Kroah-Hartman
2023-05-08 9:44 ` [PATCH 5.15 058/371] sound/oss/dmasound: fix build when drivers are mixed =y/=m Greg Kroah-Hartman
2023-05-08 9:44 ` Greg Kroah-Hartman
2023-05-08 9:44 ` [PATCH 5.15 059/371] rcu: Fix missing TICK_DEP_MASK_RCU_EXP dependency check Greg Kroah-Hartman
2023-05-08 9:44 ` [PATCH 5.15 060/371] selftests/resctrl: Return NULL if malloc_and_init_memory() did not alloc mem Greg Kroah-Hartman
2023-05-08 9:44 ` [PATCH 5.15 061/371] selftests/resctrl: Extend CPU vendor detection Greg Kroah-Hartman
2023-05-08 9:44 ` [PATCH 5.15 062/371] selftests/resctrl: Move ->setup() call outside of test specific branches Greg Kroah-Hartman
2023-05-08 9:44 ` [PATCH 5.15 063/371] selftests/resctrl: Allow ->setup() to return errors Greg Kroah-Hartman
2023-05-08 9:44 ` [PATCH 5.15 064/371] selftests/resctrl: Check for return value after write_schemata() Greg Kroah-Hartman
2023-05-08 9:44 ` [PATCH 5.15 065/371] selinux: fix Makefile dependencies of flask.h Greg Kroah-Hartman
2023-05-08 9:44 ` [PATCH 5.15 066/371] selinux: ensure av_permissions.h is built when needed Greg Kroah-Hartman
2023-05-08 9:44 ` [PATCH 5.15 067/371] tpm, tpm_tis: Do not skip reset of original interrupt vector Greg Kroah-Hartman
2023-05-08 9:44 ` [PATCH 5.15 068/371] tpm, tpm_tis: Claim locality before writing TPM_INT_ENABLE register Greg Kroah-Hartman
2023-05-08 9:44 ` [PATCH 5.15 069/371] tpm, tpm_tis: Disable interrupts if tpm_tis_probe_irq() failed Greg Kroah-Hartman
2023-05-08 9:44 ` [PATCH 5.15 070/371] tpm, tpm_tis: Claim locality before writing interrupt registers Greg Kroah-Hartman
2023-05-15 15:37 ` Felix Riemann
2023-05-24 1:07 ` Jarkko Sakkinen
2023-06-09 9:07 ` Greg KH
2023-06-09 15:42 ` Lino Sanfilippo
2023-06-12 8:50 ` Felix Riemann
2023-06-21 18:45 ` Greg KH
2023-07-14 17:15 ` Lino Sanfilippo
2023-07-16 15:18 ` Greg KH
2023-07-16 15:36 ` Lino Sanfilippo
2023-05-08 9:44 ` [PATCH 5.15 071/371] tpm, tpm: Implement usage counter for locality Greg Kroah-Hartman
2023-05-08 9:44 ` [PATCH 5.15 072/371] tpm, tpm_tis: Claim locality when interrupts are reenabled on resume Greg Kroah-Hartman
2023-05-08 9:44 ` [PATCH 5.15 073/371] erofs: stop parsing non-compact HEAD index if clusterofs is invalid Greg Kroah-Hartman
2023-05-08 9:44 ` [PATCH 5.15 074/371] erofs: fix potential overflow calculating xattr_isize Greg Kroah-Hartman
2023-05-08 9:44 ` [PATCH 5.15 075/371] drm/rockchip: Drop unbalanced obj unref Greg Kroah-Hartman
2023-05-08 9:44 ` [PATCH 5.15 076/371] drm/vgem: add missing mutex_destroy Greg Kroah-Hartman
2023-05-08 9:44 ` [PATCH 5.15 077/371] drm/probe-helper: Cancel previous job before starting new one Greg Kroah-Hartman
2023-05-08 9:44 ` [PATCH 5.15 078/371] tools/x86/kcpuid: Fix avx512bw and avx512lvl fields in Fn00000007 Greg Kroah-Hartman
2023-05-08 9:44 ` [PATCH 5.15 079/371] soc: ti: pm33xx: Fix refcount leak in am33xx_pm_probe Greg Kroah-Hartman
2023-05-08 9:44 ` [PATCH 5.15 080/371] arm64: dts: renesas: r8a77990: Remove bogus voltages from OPP table Greg Kroah-Hartman
2023-05-08 9:44 ` [PATCH 5.15 081/371] arm64: dts: renesas: r8a774c0: " Greg Kroah-Hartman
2023-05-08 9:44 ` [PATCH 5.15 082/371] drm/msm/disp/dpu: check for crtc enable rather than crtc active to release shared resources Greg Kroah-Hartman
2023-05-08 9:44 ` [PATCH 5.15 083/371] EDAC/skx: Fix overflows on the DRAM row address mapping arrays Greg Kroah-Hartman
2023-05-08 9:44 ` [PATCH 5.15 084/371] regulator: core: Shorten off-on-delay-us for always-on/boot-on by time since booted Greg Kroah-Hartman
2023-05-08 9:44 ` [PATCH 5.15 085/371] arm64: dts: ti: k3-j721e-main: Remove ti,strobe-sel property Greg Kroah-Hartman
2023-05-08 9:44 ` [PATCH 5.15 086/371] arm64: dts: broadcom: bcm4908: add DT for Netgear RAXE500 Greg Kroah-Hartman
2023-05-08 9:44 ` [PATCH 5.15 087/371] arm64: dts: Add DTS files for bcmbca SoC BCM63158 Greg Kroah-Hartman
2023-05-08 9:44 ` [PATCH 5.15 088/371] arm64: dts: Add DTS files for bcmbca SoC BCM4912 Greg Kroah-Hartman
2023-05-08 9:44 ` [PATCH 5.15 089/371] ARM64: dts: Add DTS files for bcmbca SoC BCM6858 Greg Kroah-Hartman
2023-05-08 9:44 ` [PATCH 5.15 090/371] arm64: dts: Add base DTS file for bcmbca device Asus GT-AX6000 Greg Kroah-Hartman
2023-05-08 9:44 ` [PATCH 5.15 091/371] arm64: dts: Move BCM4908 dts to bcmbca folder Greg Kroah-Hartman
2023-05-08 9:44 ` [PATCH 5.15 092/371] arm64: dts: broadcom: bcmbca: bcm4908: fix NAND interrupt name Greg Kroah-Hartman
2023-05-08 9:44 ` [PATCH 5.15 093/371] arm64: dts: broadcom: bcmbca: bcm4908: fix procmon nodename Greg Kroah-Hartman
2023-05-08 9:44 ` [PATCH 5.15 094/371] arm64: dts: qcom: msm8998: Fix stm-stimulus-base reg name Greg Kroah-Hartman
2023-05-08 9:44 ` [PATCH 5.15 095/371] arm64: dts: qcom: sdm845: correct dynamic power coefficients Greg Kroah-Hartman
2023-05-08 9:44 ` [PATCH 5.15 096/371] arm64: dts: qcom: sdm845: Fix the PCI I/O port range Greg Kroah-Hartman
2023-05-08 9:44 ` [PATCH 5.15 097/371] arm64: dts: qcom: msm8998: " Greg Kroah-Hartman
2023-05-08 9:44 ` [PATCH 5.15 098/371] arm64: dts: qcom: ipq8074: " Greg Kroah-Hartman
2023-05-08 9:45 ` [PATCH 5.15 099/371] arm64: dts: qcom: ipq6018: " Greg Kroah-Hartman
2023-05-08 9:45 ` [PATCH 5.15 100/371] arm64: dts: qcom: msm8996: " Greg Kroah-Hartman
2023-05-08 9:45 ` [PATCH 5.15 101/371] arm64: dts: qcom: sm8250: " Greg Kroah-Hartman
2023-05-08 9:45 ` [PATCH 5.15 102/371] ARM: dts: qcom: ipq4019: " Greg Kroah-Hartman
2023-05-08 9:45 ` [PATCH 5.15 103/371] ARM: dts: qcom: ipq8064: reduce pci IO size to 64K Greg Kroah-Hartman
2023-05-08 9:45 ` [PATCH 5.15 104/371] ARM: dts: qcom: ipq8064: Fix the PCI I/O port range Greg Kroah-Hartman
2023-05-08 9:45 ` [PATCH 5.15 105/371] x86/MCE/AMD: Use an u64 for bank_map Greg Kroah-Hartman
2023-05-08 9:45 ` [PATCH 5.15 106/371] media: bdisp: Add missing check for create_workqueue Greg Kroah-Hartman
2023-05-08 9:45 ` [PATCH 5.15 107/371] media: av7110: prevent underflow in write_ts_to_decoder() Greg Kroah-Hartman
2023-05-08 9:45 ` [PATCH 5.15 108/371] firmware: qcom_scm: Clear download bit during reboot Greg Kroah-Hartman
2023-05-08 9:45 ` [PATCH 5.15 109/371] drm/bridge: adv7533: Fix adv7533_mode_valid for adv7533 and adv7535 Greg Kroah-Hartman
2023-05-08 9:45 ` [PATCH 5.15 110/371] media: max9286: Free control handler Greg Kroah-Hartman
2023-05-08 9:45 ` [PATCH 5.15 111/371] drm/msm/adreno: Defer enabling runpm until hw_init() Greg Kroah-Hartman
2023-05-08 9:45 ` [PATCH 5.15 112/371] drm/msm/adreno: drop bogus pm_runtime_set_active() Greg Kroah-Hartman
2023-05-08 9:45 ` [PATCH 5.15 113/371] drm: msm: adreno: Disable preemption on Adreno 510 Greg Kroah-Hartman
2023-05-08 9:45 ` [PATCH 5.15 114/371] drm/amd/display/dc/dce60/Makefile: Fix previous attempt to silence known override-init warnings Greg Kroah-Hartman
2023-05-08 9:45 ` Greg Kroah-Hartman
2023-05-08 9:45 ` Greg Kroah-Hartman
2023-05-08 9:45 ` [PATCH 5.15 115/371] ACPI: processor: Fix evaluating _PDC method when running as Xen dom0 Greg Kroah-Hartman
2023-05-08 9:45 ` [PATCH 5.15 116/371] mmc: sdhci-of-esdhc: fix quirk to ignore command inhibit for data Greg Kroah-Hartman
2023-05-08 9:45 ` [PATCH 5.15 117/371] drm: rcar-du: Fix a NULL vs IS_ERR() bug Greg Kroah-Hartman
2023-05-08 9:45 ` [PATCH 5.15 118/371] ARM: dts: gta04: fix excess dma channel usage Greg Kroah-Hartman
2023-05-08 9:45 ` [PATCH 5.15 119/371] firmware: arm_scmi: Fix xfers allocation on Rx channel Greg Kroah-Hartman
2023-05-08 9:45 ` [PATCH 5.15 120/371] ACPI: VIOT: Initialize the correct IOMMU fwspec Greg Kroah-Hartman
2023-05-08 9:45 ` [PATCH 5.15 121/371] drm/lima/lima_drv: Add missing unwind goto in lima_pdev_probe() Greg Kroah-Hartman
2023-05-08 9:45 ` [PATCH 5.15 122/371] mailbox: mpfs: switch to txdone_poll Greg Kroah-Hartman
2023-05-08 9:45 ` [PATCH 5.15 123/371] arm64: dts: qcom: sc7180-trogdor-lazor: correct trackpad supply Greg Kroah-Hartman
2023-05-08 9:45 ` [PATCH 5.15 124/371] arm64: dts: qcom: msm8994-kitakami: drop unit address from PMI8994 regulator Greg Kroah-Hartman
2023-05-08 9:45 ` [PATCH 5.15 125/371] arm64: dts: qcom: msm8994-msft-lumia-octagon: " Greg Kroah-Hartman
2023-05-08 9:45 ` [PATCH 5.15 126/371] drm/ttm: optimize pool allocations a bit v2 Greg Kroah-Hartman
2023-05-08 9:45 ` [PATCH 5.15 127/371] drm/ttm/pool: Fix ttm_pool_alloc error path Greg Kroah-Hartman
2023-05-08 9:45 ` Greg Kroah-Hartman
2023-05-08 9:45 ` [PATCH 5.15 128/371] regulator: core: Consistently set mutex_owner when using ww_mutex_lock_slow() Greg Kroah-Hartman
2023-05-08 9:45 ` [PATCH 5.15 129/371] regulator: core: Avoid lockdep reports when resolving supplies Greg Kroah-Hartman
2023-05-08 9:45 ` [PATCH 5.15 130/371] x86/apic: Fix atomic update of offset in reserve_eilvt_offset() Greg Kroah-Hartman
2023-05-08 9:45 ` [PATCH 5.15 131/371] media: rkvdec: fix use after free bug in rkvdec_remove Greg Kroah-Hartman
2023-05-08 9:45 ` [PATCH 5.15 132/371] media: dm1105: Fix use after free bug in dm1105_remove due to race condition Greg Kroah-Hartman
2023-05-08 9:45 ` [PATCH 5.15 133/371] media: saa7134: fix use after free bug in saa7134_finidev " Greg Kroah-Hartman
2023-05-08 9:45 ` [PATCH 5.15 134/371] media: rcar_fdp1: Make use of the helper function devm_platform_ioremap_resource() Greg Kroah-Hartman
2023-05-08 9:45 ` [PATCH 5.15 135/371] media: rcar_fdp1: Fix the correct variable assignments Greg Kroah-Hartman
2023-05-08 9:45 ` [PATCH 5.15 136/371] platform: Provide a remove callback that returns no value Greg Kroah-Hartman
2023-05-08 9:45 ` [PATCH 5.15 137/371] media: rcar_fdp1: Convert to platform remove callback returning void Greg Kroah-Hartman
2023-05-08 9:45 ` [PATCH 5.15 138/371] media: rcar_fdp1: Fix refcount leak in probe and remove function Greg Kroah-Hartman
2023-05-08 9:45 ` [PATCH 5.15 139/371] drm/amd/display: Fix potential null dereference Greg Kroah-Hartman
2023-05-08 9:45 ` [PATCH 5.15 140/371] media: rc: gpio-ir-recv: Fix support for wake-up Greg Kroah-Hartman
2023-05-08 9:45 ` [PATCH 5.15 141/371] media: venus: dec: Fix handling of the start cmd Greg Kroah-Hartman
2023-05-08 9:45 ` [PATCH 5.15 142/371] regulator: stm32-pwr: fix of_iomap leak Greg Kroah-Hartman
2023-05-08 9:45 ` [PATCH 5.15 143/371] x86/ioapic: Dont return 0 from arch_dynirq_lower_bound() Greg Kroah-Hartman
2023-05-08 9:45 ` [PATCH 5.15 144/371] arm64: kgdb: Set PSTATE.SS to 1 to re-enable single-step Greg Kroah-Hartman
2023-05-08 9:45 ` [PATCH 5.15 145/371] debugobject: Prevent init race with static objects Greg Kroah-Hartman
2023-05-08 9:45 ` [PATCH 5.15 146/371] drm/i915: Make intel_get_crtc_new_encoder() less oopsy Greg Kroah-Hartman
2023-05-08 9:45 ` [PATCH 5.15 147/371] tick/common: Align tick period with the HZ tick Greg Kroah-Hartman
2023-05-08 9:45 ` [PATCH 5.15 148/371] cpufreq: use correct unit when verify cur freq Greg Kroah-Hartman
2023-05-08 9:45 ` [PATCH 5.15 149/371] hwmon: (pmbus/fsp-3y) Fix functionality bitmask in FSP-3Y YM-2151E Greg Kroah-Hartman
2023-05-08 9:45 ` [PATCH 5.15 150/371] wifi: ath6kl: minor fix for allocation size Greg Kroah-Hartman
2023-05-08 9:45 ` [PATCH 5.15 151/371] wifi: ath9k: hif_usb: fix memory leak of remain_skbs Greg Kroah-Hartman
2023-05-08 9:45 ` [PATCH 5.15 152/371] wifi: ath5k: fix an off by one check in ath5k_eeprom_read_freq_list() Greg Kroah-Hartman
2023-05-08 9:45 ` [PATCH 5.15 153/371] wifi: brcmfmac: support CQM RSSI notification with older firmware Greg Kroah-Hartman
2023-05-08 9:45 ` [PATCH 5.15 154/371] wifi: ath6kl: reduce WARN to dev_dbg() in callback Greg Kroah-Hartman
2023-05-08 9:45 ` [PATCH 5.15 155/371] tools: bpftool: Remove invalid \ json escape Greg Kroah-Hartman
2023-05-08 9:45 ` [PATCH 5.15 156/371] wifi: rtw88: mac: Return the original error from rtw_pwr_seq_parser() Greg Kroah-Hartman
2023-05-08 9:45 ` [PATCH 5.15 157/371] wifi: rtw88: mac: Return the original error from rtw_mac_power_switch() Greg Kroah-Hartman
2023-05-08 9:45 ` [PATCH 5.15 158/371] bpf: take into account liveness when propagating precision Greg Kroah-Hartman
2023-05-08 9:46 ` [PATCH 5.15 159/371] bpf: fix precision propagation verbose logging Greg Kroah-Hartman
2023-05-08 9:46 ` [PATCH 5.15 160/371] scm: fix MSG_CTRUNC setting condition for SO_PASSSEC Greg Kroah-Hartman
2023-05-08 9:46 ` [PATCH 5.15 161/371] selftests/bpf: Fix a fd leak in an error path in network_helpers.c Greg Kroah-Hartman
2023-05-08 9:46 ` [PATCH 5.15 162/371] bpf: Remove misleading spec_v1 check on var-offset stack read Greg Kroah-Hartman
2023-05-08 9:46 ` [PATCH 5.15 163/371] net: pcs: xpcs: remove double-read of link state when using AN Greg Kroah-Hartman
2023-05-08 9:46 ` [PATCH 5.15 164/371] vlan: partially enable SIOCSHWTSTAMP in container Greg Kroah-Hartman
2023-05-08 9:46 ` [PATCH 5.15 165/371] net/packet: annotate accesses to po->xmit Greg Kroah-Hartman
2023-05-08 9:46 ` [PATCH 5.15 166/371] net/packet: convert po->origdev to an atomic flag Greg Kroah-Hartman
2023-05-08 9:46 ` [PATCH 5.15 167/371] net/packet: convert po->auxdata " Greg Kroah-Hartman
2023-05-08 9:46 ` [PATCH 5.15 168/371] scsi: target: Fix multiple LUN_RESET handling Greg Kroah-Hartman
2023-05-08 9:46 ` [PATCH 5.15 169/371] scsi: target: iscsit: Fix TAS handling during conn cleanup Greg Kroah-Hartman
2023-05-08 9:46 ` [PATCH 5.15 170/371] scsi: megaraid: Fix mega_cmd_done() CMDID_INT_CMDS Greg Kroah-Hartman
2023-05-08 9:46 ` [PATCH 5.15 171/371] f2fs: handle dqget error in f2fs_transfer_project_quota() Greg Kroah-Hartman
2023-05-08 9:46 ` [PATCH 5.15 172/371] f2fs: enforce single zone capacity Greg Kroah-Hartman
2023-05-08 9:46 ` [PATCH 5.15 173/371] f2fs: apply zone capacity to all zone type Greg Kroah-Hartman
2023-05-08 9:46 ` [PATCH 5.15 174/371] f2fs: compress: fix to call f2fs_wait_on_page_writeback() in f2fs_write_raw_pages() Greg Kroah-Hartman
2023-05-08 9:46 ` [PATCH 5.15 175/371] crypto: caam - Clear some memory in instantiate_rng Greg Kroah-Hartman
2023-05-08 9:46 ` [PATCH 5.15 176/371] crypto: sa2ul - Select CRYPTO_DES Greg Kroah-Hartman
2023-05-08 9:46 ` [PATCH 5.15 177/371] wifi: rtlwifi: fix incorrect error codes in rtl_debugfs_set_write_rfreg() Greg Kroah-Hartman
2023-05-08 9:46 ` [PATCH 5.15 178/371] wifi: rtlwifi: fix incorrect error codes in rtl_debugfs_set_write_reg() Greg Kroah-Hartman
2023-05-08 9:46 ` [PATCH 5.15 179/371] wifi: rt2x00: Fix memory leak when handling surveys Greg Kroah-Hartman
2023-05-08 9:46 ` [PATCH 5.15 180/371] net: qrtr: correct types of trace event parameters Greg Kroah-Hartman
2023-05-08 9:46 ` [PATCH 5.15 181/371] selftests: xsk: Disable IPv6 on VETH1 Greg Kroah-Hartman
2023-05-08 9:46 ` [PATCH 5.15 182/371] selftests/bpf: Wait for receive in cg_storage_multi test Greg Kroah-Hartman
2023-05-08 9:46 ` [PATCH 5.15 183/371] bpftool: Fix bug for long instructions in program CFG dumps Greg Kroah-Hartman
2023-05-08 9:46 ` [PATCH 5.15 184/371] crypto: drbg - make drbg_prepare_hrng() handle jent instantiation errors Greg Kroah-Hartman
2023-05-08 9:46 ` [PATCH 5.15 185/371] crypto: drbg - Only fail when jent is unavailable in FIPS mode Greg Kroah-Hartman
2023-05-08 9:46 ` [PATCH 5.15 186/371] xsk: Fix unaligned descriptor validation Greg Kroah-Hartman
2023-05-08 9:46 ` [PATCH 5.15 187/371] f2fs: fix to avoid use-after-free for cached IPU bio Greg Kroah-Hartman
2023-05-08 9:46 ` [PATCH 5.15 188/371] scsi: lpfc: Fix ioremap issues in lpfc_sli4_pci_mem_setup() Greg Kroah-Hartman
2023-05-08 9:46 ` [PATCH 5.15 189/371] net: ethernet: stmmac: dwmac-rk: fix optional phy regulator handling Greg Kroah-Hartman
2023-05-08 9:46 ` [PATCH 5.15 190/371] bpf, sockmap: fix deadlocks in the sockhash and sockmap Greg Kroah-Hartman
2023-05-08 9:46 ` [PATCH 5.15 191/371] nvmet: use i_size_read() to set size for file-ns Greg Kroah-Hartman
2023-05-08 9:46 ` [PATCH 5.15 192/371] nvmet: move the call to nvmet_ns_changed out of nvmet_ns_revalidate Greg Kroah-Hartman
2023-05-08 9:46 ` [PATCH 5.15 193/371] nvmet: fix error handling in nvmet_execute_identify_cns_cs_ns() Greg Kroah-Hartman
2023-05-08 9:46 ` [PATCH 5.15 194/371] nvmet: fix Identify Namespace handling Greg Kroah-Hartman
2023-05-08 9:46 ` [PATCH 5.15 195/371] nvmet: fix Identify Controller handling Greg Kroah-Hartman
2023-05-08 9:46 ` [PATCH 5.15 196/371] nvmet: fix Identify Active Namespace ID list handling Greg Kroah-Hartman
2023-05-08 9:46 ` [PATCH 5.15 197/371] nvmet: fix I/O Command Set specific Identify Controller Greg Kroah-Hartman
2023-05-08 9:46 ` [PATCH 5.15 198/371] nvme: handle the persistent internal error AER Greg Kroah-Hartman
2023-05-08 9:46 ` [PATCH 5.15 199/371] nvme: fix async event trace event Greg Kroah-Hartman
2023-05-08 9:46 ` [PATCH 5.15 200/371] nvme-fcloop: fix "inconsistent {IN-HARDIRQ-W} -> {HARDIRQ-ON-W} usage" Greg Kroah-Hartman
2023-05-08 9:46 ` [PATCH 5.15 201/371] selftests/bpf: Fix leaked bpf_link in get_stackid_cannot_attach Greg Kroah-Hartman
2023-05-08 9:46 ` [PATCH 5.15 202/371] bpf, sockmap: Revert buggy deadlock fix in the sockhash and sockmap Greg Kroah-Hartman
2023-05-08 9:46 ` [PATCH 5.15 203/371] md: drop queue limitation for RAID1 and RAID10 Greg Kroah-Hartman
2023-05-08 9:46 ` [PATCH 5.15 204/371] md: raid10 add nowait support Greg Kroah-Hartman
2023-05-08 9:46 ` [PATCH 5.15 205/371] md/raid10: factor out code from wait_barrier() to stop_waiting_barrier() Greg Kroah-Hartman
2023-05-08 9:46 ` [PATCH 5.15 206/371] md/raid10: fix task hung in raid10d Greg Kroah-Hartman
2023-05-08 9:46 ` [PATCH 5.15 207/371] md/raid10: fix leak of r10bio->remaining for recovery Greg Kroah-Hartman
2023-05-08 9:46 ` [PATCH 5.15 208/371] md/raid10: fix memleak for conf->bio_split Greg Kroah-Hartman
2023-05-08 9:46 ` [PATCH 5.15 209/371] md/raid10: fix memleak of md thread Greg Kroah-Hartman
2023-05-08 9:46 ` [PATCH 5.15 210/371] md/raid10: dont call bio_start_io_acct twice for bio which experienced read error Greg Kroah-Hartman
2023-05-08 9:46 ` [PATCH 5.15 211/371] wifi: iwlwifi: yoyo: skip dump correctly on hw error Greg Kroah-Hartman
2023-05-08 9:46 ` [PATCH 5.15 212/371] wifi: iwlwifi: yoyo: Fix possible division by zero Greg Kroah-Hartman
2023-05-08 9:46 ` [PATCH 5.15 213/371] wifi: iwlwifi: mvm: initialize seq variable Greg Kroah-Hartman
2023-05-08 9:46 ` [PATCH 5.15 214/371] wifi: iwlwifi: fw: move memset before early return Greg Kroah-Hartman
2023-05-08 9:46 ` [PATCH 5.15 215/371] jdb2: Dont refuse invalidation of already invalidated buffers Greg Kroah-Hartman
2023-05-08 9:46 ` [PATCH 5.15 216/371] wifi: iwlwifi: make the loop for card preparation effective Greg Kroah-Hartman
2023-05-08 9:46 ` [PATCH 5.15 217/371] wifi: mt76: handle failure of vzalloc in mt7615_coredump_work Greg Kroah-Hartman
2023-05-08 9:46 ` [PATCH 5.15 218/371] wifi: mt76: add flexible polling wait-interval support Greg Kroah-Hartman
2023-05-08 9:47 ` [PATCH 5.15 219/371] wifi: mt76: mt7921e: fix probe timeout after reboot Greg Kroah-Hartman
2023-05-08 9:47 ` [PATCH 5.15 220/371] wifi: mt76: fix 6GHz high channel not be scanned Greg Kroah-Hartman
2023-05-08 9:47 ` [PATCH 5.15 221/371] wifi: mt76: mt7921e: improve reliability of dma reset Greg Kroah-Hartman
2023-05-08 9:47 ` [PATCH 5.15 222/371] wifi: iwlwifi: mvm: check firmware response size Greg Kroah-Hartman
2023-05-08 9:47 ` [PATCH 5.15 223/371] wifi: iwlwifi: fw: fix memory leak in debugfs Greg Kroah-Hartman
2023-05-08 9:47 ` [PATCH 5.15 224/371] ixgbe: Allow flow hash to be set via ethtool Greg Kroah-Hartman
2023-05-08 9:47 ` [PATCH 5.15 225/371] ixgbe: Enable setting RSS table to default values Greg Kroah-Hartman
2023-05-08 9:47 ` [PATCH 5.15 226/371] net/mlx5: E-switch, Dont destroy indirect table in split rule Greg Kroah-Hartman
2023-05-08 9:47 ` [PATCH 5.15 227/371] net: stmmac:fix system hang when setting up tag_8021q VLAN for DSA ports Greg Kroah-Hartman
2023-05-08 9:47 ` [PATCH 5.15 228/371] bpf: Dont EFAULT for getsockopt with optval=NULL Greg Kroah-Hartman
2023-05-08 9:47 ` [PATCH 5.15 229/371] netfilter: nf_tables: dont write table validation state without mutex Greg Kroah-Hartman
2023-05-08 9:47 ` [PATCH 5.15 230/371] net/sched: sch_fq: fix integer overflow of "credit" Greg Kroah-Hartman
2023-05-08 9:47 ` [PATCH 5.15 231/371] ipv4: Fix potential uninit variable access bug in __ip_make_skb() Greg Kroah-Hartman
2023-05-08 9:47 ` [PATCH 5.15 232/371] Revert "Bluetooth: btsdio: fix use after free bug in btsdio_remove due to unfinished work" Greg Kroah-Hartman
2023-05-08 9:47 ` [PATCH 5.15 233/371] netlink: Use copy_to_user() for optval in netlink_getsockopt() Greg Kroah-Hartman
2023-05-08 9:47 ` [PATCH 5.15 234/371] net: amd: Fix link leak when verifying config failed Greg Kroah-Hartman
2023-05-08 9:47 ` [PATCH 5.15 235/371] tcp/udp: Fix memleaks of sk and zerocopy skbs with TX timestamp Greg Kroah-Hartman
2023-05-08 9:47 ` [PATCH 5.15 236/371] ipmi: ASPEED_BT_IPMI_BMC: select REGMAP_MMIO instead of depending on it Greg Kroah-Hartman
2023-05-08 9:47 ` [PATCH 5.15 237/371] drivers: staging: rtl8723bs: Fix locking in _rtw_join_timeout_handler() Greg Kroah-Hartman
2023-05-08 9:47 ` [PATCH 5.15 238/371] drivers: staging: rtl8723bs: Fix locking in rtw_scan_timeout_handler() Greg Kroah-Hartman
2023-05-08 9:47 ` [PATCH 5.15 239/371] pstore: Revert pmsg_lock back to a normal mutex Greg Kroah-Hartman
2023-05-08 9:47 ` [PATCH 5.15 240/371] usb: host: xhci-rcar: remove leftover quirk handling Greg Kroah-Hartman
2023-05-08 9:47 ` [PATCH 5.15 241/371] usb: dwc3: gadget: Change condition for processing suspend event Greg Kroah-Hartman
2023-05-08 9:47 ` [PATCH 5.15 242/371] serial: stm32: re-introduce an irq flag condition in usart_receive_chars Greg Kroah-Hartman
2023-05-08 9:47 ` [PATCH 5.15 243/371] serial: stm32: Re-assert RTS/DE GPIO in RS485 mode only if more data are transmitted Greg Kroah-Hartman
2023-05-08 9:47 ` [PATCH 5.15 244/371] fpga: bridge: fix kernel-doc parameter description Greg Kroah-Hartman
2023-05-08 9:47 ` [PATCH 5.15 245/371] iio: light: max44009: add missing OF device matching Greg Kroah-Hartman
2023-05-08 9:47 ` [PATCH 5.15 246/371] serial: 8250_bcm7271: Fix arbitration handling Greg Kroah-Hartman
2023-05-08 9:47 ` [PATCH 5.15 247/371] spi: spi-imx: using pm_runtime_resume_and_get instead of pm_runtime_get_sync Greg Kroah-Hartman
2023-05-08 9:47 ` [PATCH 5.15 248/371] spi: imx: Dont skip cleanup in removes error path Greg Kroah-Hartman
2023-05-08 9:47 ` [PATCH 5.15 249/371] usb: gadget: udc: renesas_usb3: Fix use after free bug in renesas_usb3_remove due to race condition Greg Kroah-Hartman
2023-05-08 9:47 ` [PATCH 5.15 250/371] PCI: imx6: Install the fault handler only on compatible match Greg Kroah-Hartman
2023-05-08 9:47 ` [PATCH 5.15 251/371] ASoC: es8316: Handle optional IRQ assignment Greg Kroah-Hartman
2023-05-08 9:47 ` [PATCH 5.15 252/371] linux/vt_buffer.h: allow either builtin or modular for macros Greg Kroah-Hartman
2023-05-08 9:47 ` Greg Kroah-Hartman
2023-05-08 9:47 ` [PATCH 5.15 253/371] spi: qup: Dont skip cleanup in removes error path Greg Kroah-Hartman
2023-05-08 9:47 ` [PATCH 5.15 254/371] spi: fsl-spi: Fix CPM/QE mode Litte Endian Greg Kroah-Hartman
2023-05-08 9:47 ` [PATCH 5.15 255/371] vmci_host: fix a race condition in vmci_host_poll() causing GPF Greg Kroah-Hartman
2023-05-08 9:47 ` [PATCH 5.15 256/371] of: Fix modalias string generation Greg Kroah-Hartman
2023-05-08 9:47 ` [PATCH 5.15 257/371] PCI/EDR: Clear Device Status after EDR error recovery Greg Kroah-Hartman
2023-05-08 9:47 ` [PATCH 5.15 258/371] ia64: mm/contig: fix section mismatch warning/error Greg Kroah-Hartman
2023-05-08 9:47 ` [PATCH 5.15 259/371] ia64: salinfo: placate defined-but-not-used warning Greg Kroah-Hartman
2023-05-08 9:47 ` [PATCH 5.15 260/371] scripts/gdb: bail early if there are no clocks Greg Kroah-Hartman
2023-05-08 9:47 ` [PATCH 5.15 261/371] scripts/gdb: bail early if there are no generic PD Greg Kroah-Hartman
2023-05-08 9:47 ` [PATCH 5.15 262/371] HID: amd_sfh: Add support for shutdown operation Greg Kroah-Hartman
2023-05-08 9:47 ` [PATCH 5.15 263/371] coresight: etm_pmu: Set the module field Greg Kroah-Hartman
2023-05-08 9:47 ` [PATCH 5.15 264/371] ASoC: fsl_mqs: move of_node_put() to the correct location Greg Kroah-Hartman
2023-05-08 9:47 ` [PATCH 5.15 265/371] spi: cadence-quadspi: fix suspend-resume implementations Greg Kroah-Hartman
2023-05-08 9:47 ` [PATCH 5.15 266/371] i2c: cadence: cdns_i2c_master_xfer(): Fix runtime PM leak on error path Greg Kroah-Hartman
2023-05-08 9:47 ` [PATCH 5.15 267/371] scripts/gdb: raise error with reduced debugging information Greg Kroah-Hartman
2023-05-08 9:47 ` [PATCH 5.15 268/371] uapi/linux/const.h: prefer ISO-friendly __typeof__ Greg Kroah-Hartman
2023-05-08 9:47 ` [PATCH 5.15 269/371] sh: sq: Fix incorrect element size for allocating bitmap buffer Greg Kroah-Hartman
2023-05-08 9:47 ` [PATCH 5.15 270/371] usb: gadget: tegra-xudc: Fix crash in vbus_draw Greg Kroah-Hartman
2023-05-08 9:47 ` [PATCH 5.15 271/371] usb: chipidea: fix missing goto in `ci_hdrc_probe` Greg Kroah-Hartman
2023-05-08 9:47 ` [PATCH 5.15 272/371] usb: mtu3: fix kernel panic at qmu transfer done irq handler Greg Kroah-Hartman
2023-05-08 9:47 ` [PATCH 5.15 273/371] firmware: stratix10-svc: Fix an NULL vs IS_ERR() bug in probe Greg Kroah-Hartman
2023-05-08 9:47 ` [PATCH 5.15 274/371] tty: serial: fsl_lpuart: adjust buffer length to the intended size Greg Kroah-Hartman
2023-05-08 9:47 ` [PATCH 5.15 275/371] serial: 8250: Add missing wakeup event reporting Greg Kroah-Hartman
2023-05-08 9:47 ` [PATCH 5.15 276/371] staging: rtl8192e: Fix W_DISABLE# does not work after stop/start Greg Kroah-Hartman
2023-05-08 9:47 ` [PATCH 5.15 277/371] spmi: Add a check for remove callback when removing a SPMI driver Greg Kroah-Hartman
2023-05-08 9:47 ` [PATCH 5.15 278/371] virtio_ring: dont update event idx on get_buf Greg Kroah-Hartman
2023-05-08 9:48 ` [PATCH 5.15 279/371] spi: bcm63xx: remove PM_SLEEP based conditional compilation Greg Kroah-Hartman
2023-05-08 9:48 ` [PATCH 5.15 280/371] macintosh/windfarm_smu_sat: Add missing of_node_put() Greg Kroah-Hartman
2023-05-08 9:48 ` [PATCH 5.15 281/371] powerpc/mpc512x: fix resource printk format warning Greg Kroah-Hartman
2023-05-08 9:48 ` [PATCH 5.15 282/371] powerpc/wii: fix resource printk format warnings Greg Kroah-Hartman
2023-05-08 9:48 ` [PATCH 5.15 283/371] powerpc/sysdev/tsi108: " Greg Kroah-Hartman
2023-05-08 9:48 ` [PATCH 5.15 284/371] macintosh: via-pmu-led: requires ATA to be set Greg Kroah-Hartman
2023-05-08 9:48 ` [PATCH 5.15 285/371] powerpc/rtas: use memmove for potentially overlapping buffer copy Greg Kroah-Hartman
2023-05-08 9:48 ` [PATCH 5.15 286/371] sched/fair: Use __schedstat_set() in set_next_entity() Greg Kroah-Hartman
2023-05-08 9:48 ` [PATCH 5.15 287/371] sched: Make struct sched_statistics independent of fair sched class Greg Kroah-Hartman
2023-05-08 9:48 ` [PATCH 5.15 288/371] sched/fair: Fix inaccurate tally of ttwu_move_affine Greg Kroah-Hartman
2023-05-08 9:48 ` [PATCH 5.15 289/371] perf/core: Fix hardlockup failure caused by perf throttle Greg Kroah-Hartman
2023-05-08 9:48 ` [PATCH 5.15 290/371] Revert "objtool: Support addition to set CFA base" Greg Kroah-Hartman
2023-05-08 9:48 ` [PATCH 5.15 291/371] sched/rt: Fix bad task migration for rt tasks Greg Kroah-Hartman
2023-05-08 9:48 ` [PATCH 5.15 292/371] clk: at91: clk-sam9x60-pll: fix return value check Greg Kroah-Hartman
2023-05-08 9:48 ` [PATCH 5.15 293/371] RDMA/siw: Fix potential page_array out of range access Greg Kroah-Hartman
2023-05-08 9:48 ` [PATCH 5.15 294/371] RDMA/rdmavt: Delete unnecessary NULL check Greg Kroah-Hartman
2023-05-08 9:48 ` [PATCH 5.15 295/371] workqueue: Introduce show_one_worker_pool and show_one_workqueue Greg Kroah-Hartman
2023-05-08 9:48 ` [PATCH 5.15 296/371] workqueue: Fix hung time report of worker pools Greg Kroah-Hartman
2023-05-08 9:48 ` [PATCH 5.15 297/371] rtc: omap: include header for omap_rtc_power_off_program prototype Greg Kroah-Hartman
2023-05-08 9:48 ` [PATCH 5.15 298/371] RDMA/mlx4: Prevent shift wrapping in set_user_sq_size() Greg Kroah-Hartman
2023-05-08 9:48 ` [PATCH 5.15 299/371] rtc: meson-vrtc: Use ktime_get_real_ts64() to get the current time Greg Kroah-Hartman
2023-05-08 9:48 ` [PATCH 5.15 300/371] fs/ntfs3: Fix memory leak if ntfs_read_mft failed Greg Kroah-Hartman
2023-05-08 9:48 ` [PATCH 5.15 301/371] fs/ntfs3: Add check for kmemdup Greg Kroah-Hartman
2023-05-08 9:48 ` [PATCH 5.15 302/371] fs/ntfs3: Fix null-ptr-deref on inode->i_op in ntfs_lookup() Greg Kroah-Hartman
2023-05-08 9:48 ` [PATCH 5.15 303/371] fs/ntfs3: Fix OOB read in indx_insert_into_buffer Greg Kroah-Hartman
2023-05-08 9:48 ` [PATCH 5.15 304/371] fs/ntfs3: Fix slab-out-of-bounds read in hdr_delete_de() Greg Kroah-Hartman
2023-05-08 9:48 ` [PATCH 5.15 305/371] power: supply: generic-adc-battery: fix unit scaling Greg Kroah-Hartman
2023-05-08 9:48 ` [PATCH 5.15 306/371] clk: add missing of_node_put() in "assigned-clocks" property parsing Greg Kroah-Hartman
2023-05-08 9:48 ` [PATCH 5.15 307/371] RDMA/siw: Remove namespace check from siw_netdev_event() Greg Kroah-Hartman
2023-05-08 9:48 ` [PATCH 5.15 308/371] clk: qcom: gcc-sm6115: Mark RCGs shared where applicable Greg Kroah-Hartman
2023-05-08 9:48 ` [PATCH 5.15 309/371] RDMA/cm: Trace icm_send_rej event before the cm state is reset Greg Kroah-Hartman
2023-05-08 9:48 ` [PATCH 5.15 310/371] RDMA/srpt: Add a check for valid mad_agent pointer Greg Kroah-Hartman
2023-05-08 9:48 ` [PATCH 5.15 311/371] IB/hfi1: Fix SDMA mmu_rb_node not being evicted in LRU order Greg Kroah-Hartman
2023-05-08 9:48 ` [PATCH 5.15 312/371] IB/hfi1: Fix bugs with non-PAGE_SIZE-end multi-iovec user SDMA requests Greg Kroah-Hartman
2023-05-08 9:48 ` [PATCH 5.15 313/371] NFSv4.1: Always send a RECLAIM_COMPLETE after establishing lease Greg Kroah-Hartman
2023-05-08 9:48 ` [PATCH 5.15 314/371] clk: qcom: regmap: add PHY clock source implementation Greg Kroah-Hartman
2023-05-08 9:48 ` [PATCH 5.15 315/371] clk: qcom: gcc-sm8350: fix PCIe PIPE clocks handling Greg Kroah-Hartman
2023-05-08 9:48 ` [PATCH 5.15 316/371] Input: raspberrypi-ts - fix refcount leak in rpi_ts_probe Greg Kroah-Hartman
2023-05-08 9:48 ` [PATCH 5.15 317/371] RDMA/mlx5: Fix flow counter query via DEVX Greg Kroah-Hartman
2023-05-08 9:48 ` [PATCH 5.15 318/371] SUNRPC: remove the maximum number of retries in call_bind_status Greg Kroah-Hartman
2023-05-08 9:48 ` [PATCH 5.15 319/371] RDMA/mlx5: Use correct device num_ports when modify DC Greg Kroah-Hartman
2023-05-08 9:48 ` [PATCH 5.15 320/371] clocksource/drivers/davinci: Fix memory leak in davinci_timer_register when init fails Greg Kroah-Hartman
2023-05-08 9:48 ` [PATCH 5.15 321/371] openrisc: Properly store r31 to pt_regs on unhandled exceptions Greg Kroah-Hartman
2023-05-08 9:48 ` [PATCH 5.15 322/371] timekeeping: Fix references to nonexistent ktime_get_fast_ns() Greg Kroah-Hartman
2023-05-08 9:48 ` [PATCH 5.15 323/371] SMB3: Add missing locks to protect deferred close file list Greg Kroah-Hartman
2023-05-08 9:48 ` [PATCH 5.15 324/371] SMB3: Close deferred file handles in case of handle lease break Greg Kroah-Hartman
2023-05-08 9:48 ` [PATCH 5.15 325/371] ext4: fix i_disksize exceeding i_size problem in paritally written case Greg Kroah-Hartman
2023-05-08 9:48 ` [PATCH 5.15 326/371] ext4: fix use-after-free read in ext4_find_extent for bigalloc + inline Greg Kroah-Hartman
2023-05-08 9:48 ` [PATCH 5.15 327/371] pinctrl: renesas: r8a779a0: Remove incorrect AVB[01] pinmux configuration Greg Kroah-Hartman
2023-05-08 9:48 ` [PATCH 5.15 328/371] leds: TI_LMU_COMMON: select REGMAP instead of depending on it Greg Kroah-Hartman
2023-05-08 9:48 ` [PATCH 5.15 329/371] dmaengine: mv_xor_v2: Fix an error code Greg Kroah-Hartman
2023-05-08 9:48 ` [PATCH 5.15 330/371] leds: tca6507: Fix error handling of using fwnode_property_read_string Greg Kroah-Hartman
2023-05-08 9:48 ` [PATCH 5.15 331/371] pwm: mtk-disp: Disable shadow registers before setting backlight values Greg Kroah-Hartman
2023-05-08 9:48 ` [PATCH 5.15 332/371] pwm: mtk-disp: Configure double buffering before reading in .get_state() Greg Kroah-Hartman
2023-05-08 9:48 ` [PATCH 5.15 333/371] phy: tegra: xusb: Add missing tegra_xusb_port_unregister for usb2_port and ulpi_port Greg Kroah-Hartman
2023-05-08 9:48 ` [PATCH 5.15 334/371] dma: gpi: remove spurious unlock in gpi_ch_init Greg Kroah-Hartman
2023-05-08 9:48 ` [PATCH 5.15 335/371] dmaengine: dw-edma: Fix to change for continuous transfer Greg Kroah-Hartman
2023-05-08 9:48 ` [PATCH 5.15 336/371] dmaengine: dw-edma: Fix to enable to issue dma request on DMA processing Greg Kroah-Hartman
2023-05-08 9:48 ` [PATCH 5.15 337/371] dmaengine: at_xdmac: Fix concurrency over chans completed_cookie Greg Kroah-Hartman
2023-05-08 9:48 ` [PATCH 5.15 338/371] dmaengine: at_xdmac: Fix race for the tx desc callback Greg Kroah-Hartman
2023-05-08 9:49 ` [PATCH 5.15 339/371] dmaengine: at_xdmac: do not enable all cyclic channels Greg Kroah-Hartman
2023-05-08 9:49 ` [PATCH 5.15 340/371] thermal/drivers/mediatek: Use devm_of_iomap to avoid resource leak in mtk_thermal_probe Greg Kroah-Hartman
2023-05-08 9:49 ` [PATCH 5.15 341/371] mfd: tqmx86: Do not access I2C_DETECT register through io_base Greg Kroah-Hartman
2023-05-08 9:49 ` [PATCH 5.15 342/371] mfd: tqmx86: Specify IO port register range more precisely Greg Kroah-Hartman
2023-05-08 9:49 ` [PATCH 5.15 343/371] mfd: tqmx86: Correct board names for TQMxE39x Greg Kroah-Hartman
2023-05-08 9:49 ` [PATCH 5.15 344/371] afs: Fix updating of i_size with dv jump from server Greg Kroah-Hartman
2023-05-08 9:49 ` [PATCH 5.15 345/371] parisc: Fix argument pointer in real64_call_asm() Greg Kroah-Hartman
2023-05-08 9:49 ` [PATCH 5.15 346/371] ALSA: usb-audio: Add quirk for Pioneer DDJ-800 Greg Kroah-Hartman
2023-05-08 9:49 ` [PATCH 5.15 347/371] nilfs2: do not write dirty data after degenerating to read-only Greg Kroah-Hartman
2023-05-08 9:49 ` [PATCH 5.15 348/371] nilfs2: fix infinite loop in nilfs_mdt_get_block() Greg Kroah-Hartman
2023-05-08 9:49 ` [PATCH 5.15 349/371] md/raid10: fix null-ptr-deref in raid10_sync_request Greg Kroah-Hartman
2023-05-08 9:49 ` [PATCH 5.15 350/371] mtd: core: provide unique name for nvmem device, take two Greg Kroah-Hartman
2023-05-08 9:49 ` [PATCH 5.15 351/371] mtd: core: fix nvmem error reporting Greg Kroah-Hartman
2023-05-08 9:49 ` [PATCH 5.15 352/371] mtd: core: fix error path for nvmem provider Greg Kroah-Hartman
2023-05-08 9:49 ` [PATCH 5.15 353/371] mailbox: zynqmp: Fix IPI isr handling Greg Kroah-Hartman
2023-05-08 9:49 ` [PATCH 5.15 354/371] mailbox: zynqmp: Fix typo in IPI documentation Greg Kroah-Hartman
2023-05-08 9:49 ` [PATCH 5.15 355/371] wifi: rtl8xxxu: RTL8192EU always needs full init Greg Kroah-Hartman
2023-05-08 9:49 ` [PATCH 5.15 356/371] clk: rockchip: rk3399: allow clk_cifout to force clk_cifout_src to reparent Greg Kroah-Hartman
2023-05-08 9:49 ` [PATCH 5.15 357/371] scripts/gdb: fix lx-timerlist for Python3 Greg Kroah-Hartman
2023-05-08 9:49 ` [PATCH 5.15 358/371] btrfs: scrub: reject unsupported scrub flags Greg Kroah-Hartman
2023-05-08 9:49 ` [PATCH 5.15 359/371] s390/dasd: fix hanging blockdevice after request requeue Greg Kroah-Hartman
2023-05-08 9:49 ` [PATCH 5.15 360/371] ia64: fix an addr to taddr in huge_pte_offset() Greg Kroah-Hartman
2023-05-08 9:49 ` [PATCH 5.15 361/371] dm verity: fix error handling for check_at_most_once on FEC Greg Kroah-Hartman
2023-05-08 9:49 ` [PATCH 5.15 362/371] dm clone: call kmem_cache_destroy() in dm_clone_init() error path Greg Kroah-Hartman
2023-05-08 9:49 ` [PATCH 5.15 363/371] dm integrity: call kmem_cache_destroy() in dm_integrity_init() " Greg Kroah-Hartman
2023-05-08 9:49 ` [PATCH 5.15 364/371] dm flakey: fix a crash with invalid table line Greg Kroah-Hartman
2023-05-08 9:49 ` [PATCH 5.15 365/371] dm ioctl: fix nested locking in table_clear() to remove deadlock concern Greg Kroah-Hartman
2023-05-08 9:49 ` [PATCH 5.15 366/371] dm: dont lock fs when the map is NULL in process of resume Greg Kroah-Hartman
2023-05-08 9:49 ` [PATCH 5.15 367/371] perf auxtrace: Fix address filter entire kernel size Greg Kroah-Hartman
2023-05-08 9:49 ` [PATCH 5.15 368/371] perf intel-pt: Fix CYC timestamps after standalone CBR Greg Kroah-Hartman
2023-05-08 9:49 ` [PATCH 5.15 369/371] debugobject: Ensure pool refill (again) Greg Kroah-Hartman
2023-05-08 9:49 ` [PATCH 5.15 370/371] sound/oss/dmasound: fix dmasound_setup defined but not used Greg Kroah-Hartman
2023-05-08 9:49 ` [PATCH 5.15 371/371] arm64: dts: qcom: sdm845: correct dynamic power coefficients - again Greg Kroah-Hartman
2023-05-08 18:01 ` [PATCH 5.15 000/371] 5.15.111-rc1 review Florian Fainelli
2023-05-08 21:30 ` Shuah Khan
2023-05-09 2:07 ` Bagas Sanjaya
2023-05-16 8:21 ` Bagas Sanjaya
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.