* [PATCH 6.0 000/289] 6.0.11-rc1 review
@ 2022-11-30 18:19 Greg Kroah-Hartman
2022-11-30 18:19 ` [PATCH 6.0 001/289] binder: validate alloc->mm in ->mmap() handler Greg Kroah-Hartman
` (298 more replies)
0 siblings, 299 replies; 305+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-30 18:19 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, linux-kernel, torvalds, akpm, linux,
shuah, patches, lkft-triage, pavel, jonathanh, f.fainelli,
sudipm.mukherjee, srw, rwarsow
This is the start of the stable review cycle for the 6.0.11 release.
There are 289 patches in this series, all will be posted as a response
to this one. If anyone has any issues with these being applied, please
let me know.
Responses should be made by Fri, 02 Dec 2022 18:05:05 +0000.
Anything received after that time might be too late.
The whole patch series can be found in one patch at:
https://www.kernel.org/pub/linux/kernel/v6.x/stable-review/patch-6.0.11-rc1.gz
or in the git tree and branch at:
git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-6.0.y
and the diffstat can be found below.
thanks,
greg k-h
-------------
Pseudo-Shortlog of commits:
Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Linux 6.0.11-rc1
Andrzej Hajda <andrzej.hajda@intel.com>
drm/i915: fix TLB invalidation for Gen12 video and compute engines
Alex Deucher <alexander.deucher@amd.com>
drm/amdgpu: Partially revert "drm/amdgpu: update drm_display_info correctly when the edid is read"
Christian König <christian.koenig@amd.com>
drm/amdgpu: always register an MMU notifier for userptr
Dillon Varone <Dillon.Varone@amd.com>
drm/amd/display: Update soc bounding box for dcn32/dcn321
Jack Xiao <Jack.Xiao@amd.com>
drm/amd/amdgpu: reserve vm invalidation engine for firmware
Ramesh Errabolu <Ramesh.Errabolu@amd.com>
drm/amdgpu: Enable Aldebaran devices to report CU Occupancy
Alex Deucher <alexander.deucher@amd.com>
drm/amdgpu/psp: don't free PSP buffers on suspend
Tsung-hua Lin <Tsung-hua.Lin@amd.com>
drm/amd/display: No display after resume from WB/CB
Lyude Paul <lyude@redhat.com>
drm/amd/dc/dce120: Fix audio register mapping, stop triggering KASAN
Lyude Paul <lyude@redhat.com>
drm/display/dp_mst: Fix drm_dp_mst_add_affected_dsc_crtcs() return code
Matthew Auld <matthew.auld@intel.com>
drm/i915/ttm: never purge busy objects
Filipe Manana <fdmanana@suse.com>
btrfs: do not modify log tree while holding a leaf from fs tree locked
Zhen Lei <thunder.leizhen@huawei.com>
btrfs: sysfs: normalize the error handling branch in btrfs_init_sysfs()
Christoph Hellwig <hch@lst.de>
btrfs: use kvcalloc in btrfs_get_dev_zone_info
Christoph Hellwig <hch@lst.de>
btrfs: zoned: fix missing endianness conversion in sb_write_pointer
Anand Jain <anand.jain@oracle.com>
btrfs: free btrfs_path before copying subvol info to userspace
Anand Jain <anand.jain@oracle.com>
btrfs: free btrfs_path before copying fspath to userspace
Anand Jain <anand.jain@oracle.com>
btrfs: free btrfs_path before copying inodes to userspace
Josef Bacik <josef@toxicpanda.com>
btrfs: free btrfs_path before copying root refs to userspace
Phil Turnbull <philipturnbull@github.com>
wifi: wilc1000: validate number of channels
Phil Turnbull <philipturnbull@github.com>
wifi: wilc1000: validate length of IEEE80211_P2P_ATTR_CHANNEL_LIST attribute
Phil Turnbull <philipturnbull@github.com>
wifi: wilc1000: validate length of IEEE80211_P2P_ATTR_OPER_CHANNEL attribute
Phil Turnbull <philipturnbull@github.com>
wifi: wilc1000: validate pairwise and authentication suite offsets
Miklos Szeredi <mszeredi@redhat.com>
fuse: lock inode unconditionally in fuse_fallocate()
Mikulas Patocka <mpatocka@redhat.com>
dm integrity: clear the journal on suspend
Mikulas Patocka <mpatocka@redhat.com>
dm integrity: flush the journal on suspend
Robin Murphy <robin.murphy@arm.com>
gpu: host1x: Avoid trying to use GART on Tegra20
Zhou Guanghui <zhouguanghui1@huawei.com>
scsi: iscsi: Fix possible memory leak when device_register() failed
Shin'ichiro Kawasaki <shinichiro.kawasaki@wdc.com>
scsi: mpi3mr: Suppress command reply debug prints
Enrico Sau <enrico.sau@gmail.com>
net: usb: qmi_wwan: add Telit 0x103a composition
Keith Busch <kbusch@kernel.org>
dm-log-writes: set dma_alignment limit in io_hints
Keith Busch <kbusch@kernel.org>
dm-integrity: set dma_alignment limit in io_hints
Keith Busch <kbusch@kernel.org>
block: make blk_set_default_limits() private
Gleb Mazovetskiy <glex.spb@gmail.com>
tcp: configurable source port perturb table size
Hans de Goede <hdegoede@redhat.com>
platform/x86: ideapad-laptop: Add module parameters to match DMI quirk tables
Arnav Rawat <arnavr3@illinois.edu>
platform/x86: ideapad-laptop: Fix interrupt storm on fn-lock toggle on some Yoga laptops
Kai-Heng Feng <kai.heng.feng@canonical.com>
platform/x86: hp-wmi: Ignore Smart Experience App event
Maximilian Luz <luzmaximilian@gmail.com>
platform/surface: aggregator_registry: Add support for Surface Laptop 5
Damien Le Moal <damien.lemoal@opensource.wdc.com>
zonefs: fix zone report size in __zonefs_io_error()
Eric Huang <jinhuieric.huang@amd.com>
drm/amdkfd: Fix a memory limit issue
Guchun Chen <guchun.chen@amd.com>
drm/amdgpu: disable BACO support on more cards
Dillon Varone <Dillon.Varone@amd.com>
drm/amd/display: use uclk pstate latency for fw assisted mclk validation dcn32
Maximilian Luz <luzmaximilian@gmail.com>
platform/surface: aggregator_registry: Add support for Surface Pro 9
Hans de Goede <hdegoede@redhat.com>
platform/x86: acer-wmi: Enable SW_TABLET_MODE on Switch V 10 (SW5-017)
Xiongfeng Wang <wangxiongfeng2@huawei.com>
platform/x86: asus-wmi: add missing pci_dev_put() in asus_wmi_set_xusb2pr()
Lennard Gäher <gaeher@mpi-sws.org>
platform/x86: thinkpad_acpi: Enable s2idle quirk for 21A1 machine type
ruanjinjie <ruanjinjie@huawei.com>
xen/platform-pci: add missing free_irq() in error path
Marek Marczykowski-Górecki <marmarek@invisiblethingslab.com>
xen-pciback: Allow setting PCI_MSIX_FLAGS_MASKALL too
Olivier Moysan <olivier.moysan@foss.st.com>
ASoC: stm32: dfsdm: manage cb buffers cleanup
Takashi Iwai <tiwai@suse.de>
Input: i8042 - apply probe defer to more ASUS ZenBook models
Anjana Hari <quic_ahari@quicinc.com>
pinctrl: qcom: sc8280xp: Rectify UFS reset pins
Hans de Goede <hdegoede@redhat.com>
Input: soc_button_array - add Acer Switch V 10 to dmi_use_low_level_irq[]
Hans de Goede <hdegoede@redhat.com>
Input: soc_button_array - add use_low_level_irq module parameter
Zhu Ning <zhuning0077@gmail.com>
ASoC: sof_es8336: reduce pop noise on speaker
Peter Zijlstra <peterz@infradead.org>
bpf: Convert BPF_DISPATCHER to use static_call() (not ftrace)
Hans de Goede <hdegoede@redhat.com>
Input: goodix - try resetting the controller when no config is set
Fedor Pchelkin <pchelkin@ispras.ru>
Revert "tty: n_gsm: replace kicktimer with delayed_work"
Fedor Pchelkin <pchelkin@ispras.ru>
Revert "tty: n_gsm: avoid call of sleeping functions from atomic context"
Lukas Wunner <lukas@wunner.de>
serial: 8250: 8250_omap: Avoid RS485 RTS glitch on ->set_termios()
Kai Vehmanen <kai.vehmanen@linux.intel.com>
ASoC: SOF: ipc3-topology: use old pipeline teardown flow with SOF2.1 and older
Pierre-Louis Bossart <pierre-louis.bossart@linux.intel.com>
ASoC: hda: intel-dsp-config: add ES83x6 quirk for IceLake
Matti Vaittinen <mazziesaccount@gmail.com>
tools: iio: iio_generic_buffer: Fix read size
Pierre-Louis Bossart <pierre-louis.bossart@linux.intel.com>
ASoC: Intel: soc-acpi: add ES83x6 support to IceLake
Hans de Goede <hdegoede@redhat.com>
ASoC: Intel: bytcht_es8316: Add quirk for the Nanote UMPC-01
Brent Mendelsohn <mendiebm@gmail.com>
ASoC: amd: yc: Add Alienware m17 R5 AMD into DMI table
Aman Dhoot <amandhoot12@gmail.com>
Input: synaptics - switch touchpad on HP Laptop 15-da3001TU to RMI mode
Yang Yingliang <yangyingliang@huawei.com>
ASoC: SOF: Intel: hda-codec: fix possible memory leak in hda_codec_device_init()
Yang Yingliang <yangyingliang@huawei.com>
ASoC: Intel: Skylake: fix possible memory leak in skl_codec_device_init()
Gaosheng Cui <cuigaosheng1@huawei.com>
ASoC: Intel: fix unused-variable warning in probe_codec
Cezary Rojewski <cezary.rojewski@intel.com>
ASoC: SOF: Fix compilation when HDA_AUDIO_CODEC config is disabled
Huacai Chen <chenhuacai@kernel.org>
LoongArch: Set _PAGE_DIRTY only if _PAGE_WRITE is set in {pmd,pte}_mkdirty()
Huacai Chen <chenhuacai@kernel.org>
LoongArch: Clear FPU/SIMD thread info flags for kernel thread
Li Liguang <liliguang@baidu.com>
mm: correctly charge compressed memory to its memcg
Qi Zheng <zhengqi.arch@bytedance.com>
mm: fix unexpected changes to {failslab|fail_page_alloc}.attr
Michael Kelley <mikelley@microsoft.com>
x86/ioremap: Fix page aligned size calculation in __ioremap_caller()
Pawan Gupta <pawan.kumar.gupta@linux.intel.com>
x86/pm: Add enumeration check before spec MSRs save/restore setup
Pawan Gupta <pawan.kumar.gupta@linux.intel.com>
x86/tsx: Add a feature bit for TSX control MSR support
David Woodhouse <dwmw@amazon.co.uk>
KVM: Update gfn_to_pfn_cache khva when it moves within the same page
Maxim Levitsky <mlevitsk@redhat.com>
KVM: x86: remove exit_int_info warning in svm_handle_exit
Maxim Levitsky <mlevitsk@redhat.com>
KVM: x86: add kvm_leave_nested
Maxim Levitsky <mlevitsk@redhat.com>
KVM: x86: nSVM: harden svm_free_nested against freeing vmcb02 while still in use
Maxim Levitsky <mlevitsk@redhat.com>
KVM: x86: forcibly leave nested mode on vCPU reset
Maxim Levitsky <mlevitsk@redhat.com>
KVM: x86: nSVM: leave nested mode on vCPU free
Sean Christopherson <seanjc@google.com>
drm/i915/gvt: Get reference to KVM iff attachment to VM is successful
David Woodhouse <dwmw@amazon.co.uk>
KVM: x86/xen: Validate port number in SCHEDOP_poll
David Woodhouse <dwmw@amazon.co.uk>
KVM: x86/xen: Only do in-kernel acceleration of hypercalls for guest CPL0
Kazuki Takiguchi <takiguchi.kazuki171@gmail.com>
KVM: x86/mmu: Fix race condition in direct_page_fault
Russ Weight <russell.h.weight@intel.com>
fpga: m10bmc-sec: Fix kconfig dependencies
Johannes Weiner <hannes@cmpxchg.org>
mm: vmscan: fix extreme overreclaim and swap floods
Aneesh Kumar K.V <aneesh.kumar@linux.ibm.com>
mm/cgroup/reclaim: fix dirty pages throttling on cgroup v1
Mukesh Ojha <quic_mojha@quicinc.com>
gcov: clang: fix the buffer overflow issue
Chen Zhongjin <chenzhongjin@huawei.com>
nilfs2: fix nilfs_sufile_mark_dirty() not set segment usage as dirty
Jens Axboe <axboe@kernel.dk>
io_uring: clear TIF_NOTIFY_SIGNAL if set and task_work not available
Pavel Begunkov <asml.silence@gmail.com>
io_uring: make poll refs more robust
Pavel Begunkov <asml.silence@gmail.com>
io_uring: cmpxchg for poll arm refs release
Thinh Nguyen <Thinh.Nguyen@synopsys.com>
usb: dwc3: gadget: Clear ep descriptor last
Thinh Nguyen <Thinh.Nguyen@synopsys.com>
usb: dwc3: gadget: Return -ESHUTDOWN on ep disable
Michael Grzeschik <m.grzeschik@pengutronix.de>
usb: dwc3: gadget: conditionally remove requests
George Shen <george.shen@amd.com>
drm/amd/display: Fix calculation for cursor CAB allocation
Alvin Lee <Alvin.Lee2@amd.com>
drm/amd/display: Update MALL SS NumWays calculation
Alvin Lee <Alvin.Lee2@amd.com>
drm/amd/display: Add debug option for allocating extra way for cursor
Lee, Alvin <Alvin.Lee2@amd.com>
drm/amd/display: Added debug option for forcing subvp num ways
Jay Cornwall <jay.cornwall@amd.com>
drm/amdkfd: update GFX11 CWSR trap handler
David Belanger <david.belanger@amd.com>
drm/amdgpu: Enable SA software trap.
Randy Dunlap <rdunlap@infradead.org>
nios2: add FORCE for vmlinuz.gz
Chuck Lever <chuck.lever@oracle.com>
NFSD: Fix reads with a non-zero offset that don't end on a page boundary
Alexandre Belloni <alexandre.belloni@bootlin.com>
init/Kconfig: fix CC_HAS_ASM_GOTO_TIED_OUTPUT test with dash
Marc Kleine-Budde <mkl@pengutronix.de>
spi: spi-imx: spi_imx_transfer_one(): check for DMA transfer first
Frieder Schrempf <frieder.schrempf@kontron.de>
spi: spi-imx: Fix spi_bus_clk if requested clock is higher than input clock
Linus Walleij <linus.walleij@linaro.org>
bus: ixp4xx: Don't touch bit 7 on IXP42x
Damien Le Moal <damien.lemoal@opensource.wdc.com>
zonefs: Fix active zone accounting
Wyes Karny <wyes.karny@amd.com>
cpufreq: amd-pstate: cpufreq: amd-pstate: reset MSR_AMD_PERF_CTL register at init
Peter Gonda <pgonda@google.com>
virt/sev-guest: Prevent IV reuse in the SNP guest driver
SeongJae Park <sj@kernel.org>
mm/damon/sysfs-schemes: skip stats update if the scheme directory is removed
Billy Tsai <billy_tsai@aspeedtech.com>
dt-bindings: iio: adc: Remove the property "aspeed,trim-data-valid"
Dong Chenchen <dongchenchen2@huawei.com>
iio: accel: bma400: Fix memory leak in bma400_get_steps_reg()
Chen Zhongjin <chenzhongjin@huawei.com>
iio: core: Fix entry not deleted when iio_register_sw_trigger_type() fails
Alejandro Concepción Rodríguez <asconcepcion@acoro.eu>
iio: light: apds9960: fix wrong register for gesture gain
Billy Tsai <billy_tsai@aspeedtech.com>
iio: adc: aspeed: Remove the trim valid dts property.
Sam James <sam@gentoo.org>
kbuild: fix -Wimplicit-function-declaration in license_is_gpl_compatible
Jakob Unterwurzacher <jakob.unterwurzacher@theobroma-systems.com>
arm64: dts: rockchip: lower rk3399-puma-haikou SD controller clock frequency
Baokun Li <libaokun1@huawei.com>
ext4: fix use-after-free in ext4_ext_shift_extents
Dan Carpenter <dan.carpenter@oracle.com>
cifs: Use after free in debug code
ChenXiaoSong <chenxiaosong2@huawei.com>
cifs: fix missing unlock in cifs_file_copychunk_range()
Jason Ekstrand <jason@jlekstrand.net>
dma-buf: Use dma_fence_unwrap_for_each when importing fences
Pawel Laszczak <pawell@cadence.com>
usb: cdnsp: fix issue with ZLP - added TD_SIZE = 1
Pawel Laszczak <pawell@cadence.com>
usb: cdnsp: Fix issue with Clear Feature Halt Endpoint
Marek Szyprowski <m.szyprowski@samsung.com>
usb: dwc3: exynos: Fix remove() function
Vasanth Sadhasivan <vasanth.sadhasivan@samsara.com>
can: gs_usb: remove dma allocations
Greg Kroah-Hartman <gregkh@linuxfoundation.org>
lib/vdso: use "grep -E" instead of "egrep"
Lin Ma <linma@zju.edu.cn>
io_uring/poll: fix poll_refs race with cancelation
Lin Ma <linma@zju.edu.cn>
io_uring/filetable: fix file reference underflow
Heiko Carstens <hca@linux.ibm.com>
s390/crashdump: fix TOD programmable field size
Yu Liao <liaoyu15@huawei.com>
net: thunderx: Fix the ACPI memory leak
Xiongfeng Wang <wangxiongfeng2@huawei.com>
octeontx2-af: Fix reference count issue in rvu_sdp_init()
Li Zetao <lizetao1@huawei.com>
virtio_net: Fix probe failed when modprobe virtio_net
Hanjun Guo <guohanjun@huawei.com>
net: wwan: t7xx: Fix the ACPI memory leak
Jiasheng Jiang <jiasheng@iscas.ac.cn>
octeontx2-pf: Add check for devm_kcalloc
Vladimir Oltean <vladimir.oltean@nxp.com>
net: enetc: preserve TX ring priority across reconfiguration
Vladimir Oltean <vladimir.oltean@nxp.com>
net: enetc: cache accesses to &priv->si->hw
Zhang Changzhong <zhangchangzhong@huawei.com>
net: marvell: prestera: add missing unregister_netdev() in prestera_port_create()
Martin Faltesek <mfaltesek@google.com>
nfc: st-nci: fix incorrect sizing calculations in EVT_TRANSACTION
Martin Faltesek <mfaltesek@google.com>
nfc: st-nci: fix memory leaks in EVT_TRANSACTION
Martin Faltesek <mfaltesek@google.com>
nfc: st-nci: fix incorrect validating logic in EVT_TRANSACTION
David Howells <dhowells@redhat.com>
fscache: fix OOB Read in __fscache_acquire_volume
Stefan Haberland <sth@linux.ibm.com>
s390/dasd: fix no record found for raw_track_access
Wei Yongjun <weiyongjun1@huawei.com>
s390/ap: fix memory leak in ap_init_qci_info()
Santiago Ruano Rincón <santiago.ruano-rincon@imt-atlantique.fr>
net/cdc_ncm: Fix multicast RX support for CDC NCM devices with ZLP
Yuan Can <yuancan@huawei.com>
net: dm9051: Fix missing dev_kfree_skb() in dm9051_loop_rx()
Wang Hai <wanghai38@huawei.com>
arcnet: fix potential memory leak in com20020_probe()
Ziyang Xuan <william.xuanziyang@huawei.com>
ipv4: Fix error return code in fib_table_insert()
Yan Cangang <nalanzeyu@gmail.com>
net: ethernet: mtk_eth_soc: fix resource leak in error path
Lorenzo Bianconi <lorenzo@kernel.org>
net: ethernet: mtk_eth_soc: move ppe table hash offset to mtk_soc_data structure
Lorenzo Bianconi <lorenzo@kernel.org>
net: ethernet: mtk_eth_soc: move gdma_to_ppe and ppe_base definitions in mtk register map
Ziyang Xuan <william.xuanziyang@huawei.com>
net: ethernet: mtk_eth_soc: fix potential memory leak in mtk_rx_alloc()
Kuniyuki Iwashima <kuniyu@amazon.com>
dccp/tcp: Reset saddr on failure after inet6?_hash_connect().
Li Hua <hucool.lihua@huawei.com>
test_kprobes: fix implicit declaration error of test_kprobes
Christoph Hellwig <hch@lst.de>
blk-mq: fix queue reference leak on blk_mq_alloc_disk_for_queue failure
Svyatoslav Feldsherov <feldsherov@google.com>
fs: do not update freeing inode i_io_list
Felix Fietkau <nbd@nbd.name>
netfilter: flowtable_offload: add missing locking
Jozsef Kadlecsik <kadlec@netfilter.org>
netfilter: ipset: restore allowing 64 clashing elements in hash:net,iface
Perry Yuan <Perry.Yuan@amd.com>
cpufreq: amd-pstate: change amd-pstate driver to be built-in type
Gerhard Engleder <gerhard@engleder-embedded.com>
tsnep: Fix rotten packets
Dawei Li <set_pte_at@outlook.com>
dma-buf: fix racing conflict of dma_heap_add()
Yang Yingliang <yangyingliang@huawei.com>
bnx2x: fix pci device refcount leak in bnx2x_vf_is_pcie_pending()
Andreas Kemnade <andreas@kemnade.info>
regulator: twl6030: re-add TWL6032_SUBCLASS
Liu Shixin <liushixin2@huawei.com>
NFC: nci: fix memory leak in nci_rx_data_packet()
Xin Long <lucien.xin@gmail.com>
net: sched: allow act_ct to be built without NF_NAT
Liu Jian <liujian56@huawei.com>
net: sparx5: fix error handling in sparx5_port_open()
Zhang Changzhong <zhangchangzhong@huawei.com>
sfc: fix potential memleak in __ef100_hard_start_xmit()
Wang ShaoBo <bobo.shaobowang@huawei.com>
net: wwan: iosm: use ACPI_FREE() but not kfree() in ipc_pcie_read_bios_cfg()
Chen Zhongjin <chenzhongjin@huawei.com>
xfrm: Fix ignored return value in xfrm6_init()
Thomas Jarosch <thomas.jarosch@intra2net.com>
xfrm: Fix oops in __xfrm_state_delete()
Zhang Xiaoxu <zhangxiaoxu5@huawei.com>
zonefs: Fix race between modprobe and mount
YueHaibing <yuehaibing@huawei.com>
tipc: check skb_linearize() return value in tipc_disc_rcv()
Xin Long <lucien.xin@gmail.com>
tipc: add an extra conn_get in tipc_conn_alloc
Xin Long <lucien.xin@gmail.com>
tipc: set con sock in tipc_conn_alloc
Wei Yongjun <weiyongjun1@huawei.com>
net: phy: at803x: fix error return code in at803x_probe()
Chris Mi <cmi@nvidia.com>
net/mlx5e: Offload rule only when all encaps are valid
Moshe Shemesh <moshe@nvidia.com>
net/mlx5: Fix sync reset event handler error flow
Roi Dayan <roid@nvidia.com>
net/mlx5: E-Switch, Set correctly vport destination
Moshe Shemesh <moshe@nvidia.com>
net/mlx5: Fix handling of entry refcount when command is not issued to FW
Moshe Shemesh <moshe@nvidia.com>
net/mlx5: cmdif, Print info on any firmware cmd failure to tracepoint
Shay Drory <shayd@nvidia.com>
net/mlx5: SF: Fix probing active SFs during driver probe phase
Moshe Shemesh <moshe@nvidia.com>
net/mlx5: Fix FW tracer timestamp calculation
Roy Novich <royno@nvidia.com>
net/mlx5: Do not query pci info while pci disabled
Vishwanath Pai <vpai@akamai.com>
netfilter: ipset: regression in ip_set_hash_ip.c
Yang Yingliang <yangyingliang@huawei.com>
Drivers: hv: vmbus: fix possible memory leak in vmbus_device_register()
Yang Yingliang <yangyingliang@huawei.com>
Drivers: hv: vmbus: fix double free in the error path of vmbus_add_channel_work()
Imre Deak <imre.deak@intel.com>
drm/i915: Fix warn in intel_display_power_*_domain() functions
YueHaibing <yuehaibing@huawei.com>
macsec: Fix invalid error code set
Hangbin Liu <liuhangbin@gmail.com>
bonding: fix ICMPv6 header handling when receiving IPv6 messages
Jaco Coetzee <jaco.coetzee@corigine.com>
nfp: add port from netdev validation for EEPROM access
Diana Wang <na.wang@corigine.com>
nfp: fill splittable of devlink_port_attrs correctly
Yang Yingliang <yangyingliang@huawei.com>
net: pch_gbe: fix pci device refcount leak while module exiting
Yang Yingliang <yangyingliang@huawei.com>
octeontx2-af: debugsfs: fix pci device refcount leak
Zhang Changzhong <zhangchangzhong@huawei.com>
net/qla3xxx: fix potential memleak in ql3xxx_send()
Hui Tang <tanghui20@huawei.com>
net: mvpp2: fix possible invalid pointer dereference
Peter Kosyh <pkosyh@yandex.ru>
net/mlx4: Check retval of mlx4_bitmap_init
Liu Jian <liujian56@huawei.com>
net: ethernet: mtk_eth_soc: fix error handling in mtk_open()
Fabio Estevam <festevam@denx.de>
ARM: dts: imx6q-prti6q: Fix ref/tcxo-clock-frequency properties
Zheng Yongjun <zhengyongjun3@huawei.com>
ARM: mxs: fix memory leak in mxs_machine_init()
Slawomir Laba <slawomirx.laba@intel.com>
iavf: Fix race condition between iavf_shutdown and iavf_remove
Stefan Assmann <sassmann@kpanic.de>
iavf: remove INITIAL_MAC_SET to allow gARP to work properly
Ivan Vecera <ivecera@redhat.com>
iavf: Do not restart Tx queues after reset task failure
Ivan Vecera <ivecera@redhat.com>
iavf: Fix a crash during reset task
Pablo Neira Ayuso <pablo@netfilter.org>
netfilter: nf_tables: do not set up extensions for end interval
Daniel Xu <dxu@dxuuu.xyz>
netfilter: conntrack: Fix data-races around ct mark
Zhengchao Shao <shaozhengchao@huawei.com>
9p/fd: fix issue of list_del corruption in p9_fd_cancel()
Wang Hai <wanghai38@huawei.com>
net: pch_gbe: fix potential memleak in pch_gbe_tx_queue()
Lin Ma <linma@zju.edu.cn>
nfc/nci: fix race with opening and closing
Vladimir Oltean <vladimir.oltean@nxp.com>
net: dsa: sja1105: disallow C45 transactions on the BASE-TX MDIO bus
David Howells <dhowells@redhat.com>
rxrpc: Fix race between conn bundle lookup and bundle removal [ZDI-CAN-15975]
Mahesh Bandewar <maheshb@google.com>
ipvlan: hold lower dev to avoid possible use-after-free
Thomas Zeitlhofer <thomas.zeitlhofer+lkml@ze-it.at>
net: neigh: decrement the family specific qlen
Leon Romanovsky <leon@kernel.org>
net: liquidio: simplify if expression
Matthieu Baerts <matthieu.baerts@tessares.net>
selftests: mptcp: fix mibit vs mbit mix up
Matthieu Baerts <matthieu.baerts@tessares.net>
selftests: mptcp: run mptcp_sockopt from a new netns
Paolo Abeni <pabeni@redhat.com>
selftests: mptcp: gives slow test-case more time
Michael Grzeschik <m.grzeschik@pengutronix.de>
ARM: dts: at91: sam9g20ek: enable udc vbus gpio pinctrl
Krishna Yarlagadda <kyarlagadda@nvidia.com>
spi: tegra210-quad: Fix duplicate resource error
Yang Yingliang <yangyingliang@huawei.com>
tee: optee: fix possible memory leak in optee_register_device()
Samuel Holland <samuel@sholland.org>
bus: sunxi-rsb: Support atomic transfers
Samuel Holland <samuel@sholland.org>
bus: sunxi-rsb: Remove the shutdown callback
Yang Yingliang <yangyingliang@huawei.com>
regulator: core: fix UAF in destroy_regulator()
Xiongfeng Wang <wangxiongfeng2@huawei.com>
spi: dw-dma: decrease reference count in dw_spi_dma_init_mfld()
Yang Yingliang <yangyingliang@huawei.com>
regulator: rt5759: fix OOB in validate_desc()
Zeng Heng <zengheng4@huawei.com>
regulator: core: fix kobject release warning and memory leak in regulator_register()
Jiasheng Jiang <jiasheng@iscas.ac.cn>
ASoC: max98373: Add checks for devm_kcalloc
Chen-Yu Tsai <wens@csie.org>
arm64: dts: rockchip: Fix Pine64 Quartz4-B PMIC interrupt
Dexuan Cui <decui@microsoft.com>
PCI: hv: Only reuse existing IRTE allocation for Multi-MSI
Michael Kelley <mikelley@microsoft.com>
scsi: storvsc: Fix handling of srb_status and capacity change events
Vitaly Kuznetsov <vkuznets@redhat.com>
x86/hyperv: Restore VP assist page after cpu offlining/onlining
Richard Fitzgerald <rf@opensource.cirrus.com>
ASoC: soc-pcm: Don't zero TDM masks in __soc_pcm_open()
Detlev Casanova <detlev.casanova@collabora.com>
ASoC: sgtl5000: Reset the CHIP_CLK_CTRL reg on remove
Junxiao Chang <junxiao.chang@intel.com>
ASoC: hdac_hda: fix hda pcm buffer overflow issue
Cezary Rojewski <cezary.rojewski@intel.com>
ASoC: Intel: Drop hdac_ext usage for codec device creation
Cezary Rojewski <cezary.rojewski@intel.com>
ASoC: SOF: Intel: Introduce HDA codec init and exit routines
Cezary Rojewski <cezary.rojewski@intel.com>
ASoC: Intel: Skylake: Introduce HDA codec init and exit routines
Dominik Haller <d.haller@phytec.de>
ARM: dts: am335x-pcm-953: Define fixed regulators in root node
Linus Walleij <linus.walleij@linaro.org>
power: supply: ab8500: Defer thermal zone probe
Ondrej Jirman <megi@xff.cz>
power: supply: ip5xxx: Fix integer overflow in current_now calculation
Herbert Xu <herbert@gondor.apana.org.au>
af_key: Fix send_acquire race with pfkey_register
Christian Langrock <christian.langrock@secunet.com>
xfrm: replay: Fix ESN wrap around for GSO
Lev Popov <leo@nabam.net>
arm64: dts: rockchip: fix quartz64-a bluetooth configuration
Eyal Birger <eyal.birger@gmail.com>
xfrm: fix "disable_policy" on ipv4 early demux
Pavel Begunkov <asml.silence@gmail.com>
io_uring/poll: lockdep annote io_poll_req_insert_locked
Jason A. Donenfeld <Jason@zx2c4.com>
MIPS: pic32: treat port as signed integer
Nathan Chancellor <nathan@kernel.org>
RISC-V: vdso: Do not add missing symbols to version section in linker script
Ai Chao <aichao@kylinos.cn>
ALSA: usb-audio: add quirk to fix Hamedal C20 disconnect issue
Hamza Mahfooz <hamza.mahfooz@amd.com>
drm/amd/display: only fill dirty rectangles when PSR is enabled
Philip Yang <Philip.Yang@amd.com>
drm/amdgpu: Drop eviction lock when allocating PT BO
Asher Song <Asher.Song@amd.com>
Revert "drm/amdgpu: Revert "drm/amdgpu: getting fan speed pwm for vega10 properly""
Steve Su <steve.su@amd.com>
drm/amd/display: Fix gpio port mapping issue
Chaitanya Dhere <chaitanya.dhere@amd.com>
drm/amd/display: Fix FCLK deviation and tool compile issues
Aurabindo Pillai <aurabindo.pillai@amd.com>
drm/amd/display: Zeromem mypipe heap struct before using it
M Chetan Kumar <m.chetan.kumar@linux.intel.com>
net: wwan: iosm: fix kernel test robot reported errors
Aleksandr Miloserdov <a.miloserdov@yadro.com>
nvmet: fix memory leak in nvmet_subsys_attr_model_store_locked
Keith Busch <kbusch@kernel.org>
nvme: quiet user passthrough command errors
Kuniyuki Iwashima <kuniyu@amazon.com>
arm64/syscall: Include asm/ptrace.h in syscall_wrapper header.
Heiko Carstens <hca@linux.ibm.com>
s390: always build relocatable kernel
Yu Kuai <yukuai3@huawei.com>
block, bfq: fix null pointer dereference in bfq_bio_bfqg()
Hans de Goede <hdegoede@redhat.com>
drm: panel-orientation-quirks: Add quirk for Acer Switch V 10 (SW5-017)
Hans de Goede <hdegoede@redhat.com>
drm: panel-orientation-quirks: Add quirk for Nanote UMPC-01
Bart Van Assche <bvanassche@acm.org>
scsi: scsi_debug: Make the READ CAPACITY response compliant with ZBC
Brian King <brking@linux.vnet.ibm.com>
scsi: ibmvfc: Avoid path failures during live migration
Ivan Hu <ivan.hu@canonical.com>
platform/x86/intel/hid: Add some ACPI device IDs
David E. Box <david.e.box@linux.intel.com>
platform/x86/intel/pmt: Sapphire Rapids PMT errata fix
Hans de Goede <hdegoede@redhat.com>
platform/x86: touchscreen_dmi: Add info for the RCA Cambio W101 v2 2-in-1
Manyi Li <limanyi@uniontech.com>
platform/x86: ideapad-laptop: Disable touchpad_switch
Hans de Goede <hdegoede@redhat.com>
ACPI: video: Add backlight=native DMI quirk for Dell G15 5515
Sabrina Dubroca <sd@queasysnail.net>
Revert "net: macsec: report real_dev features when HW offloading is enabled"
Adrien Thierry <athierry@redhat.com>
selftests/net: give more time to udpgro bg processes to complete startup
Youlin Li <liulin063@gmail.com>
selftests/bpf: Add verifier test for release_reference()
Sean Nyekjaer <sean@geanix.com>
spi: stm32: fix stm32_spi_prepare_mbr() that halves spi clk for every run
Harald Freudenberger <freude@linux.ibm.com>
s390/zcrypt: fix warning about field-spanning write
Tyler J. Stachecki <stachecki.tyler@gmail.com>
wifi: ath11k: Fix QCN9074 firmware boot on x86
Pavel Begunkov <asml.silence@gmail.com>
selftests/net: don't tests batched TCP io_uring zc
Nicolas Cavallari <nicolas.cavallari@green-communications.fr>
wifi: mac80211: Fix ack frame idr leak when mesh has no route
Jason A. Donenfeld <Jason@zx2c4.com>
wifi: airo: do not assign -1 to unsigned char
Gaosheng Cui <cuigaosheng1@huawei.com>
audit: fix undefined behavior in bit shift for AUDIT_BIT
Emil Renner Berthing <emil.renner.berthing@canonical.com>
riscv: dts: sifive unleashed: Add PWM controlled LEDs
Jon Hunter <jonathanh@nvidia.com>
spi: tegra210-quad: Don't initialise DMA if not supported
Jonas Jelonek <jelonek.jonas@gmail.com>
wifi: mac80211_hwsim: fix debugfs attribute ps with rc table support
Paul Zhang <quic_paulz@quicinc.com>
wifi: cfg80211: Fix bitrates overflow issue
taozhang <taozhang@bestechnic.com>
wifi: mac80211: fix memory free error when registering wiphy fail
Xiubo Li <xiubli@redhat.com>
ceph: fix NULL pointer dereference for req->r_session
Kenneth Lee <klee33@uw.edu>
ceph: Use kcalloc for allocating multiple elements
Carlos Llamas <cmllamas@google.com>
binder: validate alloc->mm in ->mmap() handler
-------------
Diffstat:
.../bindings/iio/adc/aspeed,ast2600-adc.yaml | 7 -
Makefile | 4 +-
arch/arm/boot/dts/am335x-pcm-953.dtsi | 28 ++-
arch/arm/boot/dts/at91sam9g20ek_common.dtsi | 9 +
arch/arm/boot/dts/imx6q-prti6q.dts | 4 +-
arch/arm/mach-mxs/mach-mxs.c | 4 +-
.../arm64/boot/dts/rockchip/rk3399-puma-haikou.dts | 2 +-
arch/arm64/boot/dts/rockchip/rk3566-quartz64-a.dts | 7 +-
arch/arm64/boot/dts/rockchip/rk3566-quartz64-b.dts | 2 +-
arch/arm64/include/asm/syscall_wrapper.h | 2 +-
arch/loongarch/include/asm/pgtable.h | 8 +-
arch/loongarch/kernel/process.c | 9 +-
arch/mips/include/asm/fw/fw.h | 2 +-
arch/mips/pic32/pic32mzda/early_console.c | 13 +-
arch/mips/pic32/pic32mzda/init.c | 2 +-
arch/nios2/boot/Makefile | 2 +-
.../riscv/boot/dts/sifive/hifive-unleashed-a00.dts | 38 ++++
arch/riscv/kernel/vdso/Makefile | 3 +
arch/riscv/kernel/vdso/vdso.lds.S | 2 +
arch/s390/Kconfig | 6 +-
arch/s390/Makefile | 2 -
arch/s390/boot/Makefile | 3 +-
arch/s390/boot/startup.c | 3 +-
arch/s390/kernel/crash_dump.c | 2 +-
arch/x86/hyperv/hv_init.c | 54 +++---
arch/x86/include/asm/cpufeatures.h | 3 +
arch/x86/kernel/cpu/tsx.c | 38 ++--
arch/x86/kvm/mmu/mmu.c | 13 +-
arch/x86/kvm/svm/nested.c | 6 +-
arch/x86/kvm/svm/svm.c | 16 +-
arch/x86/kvm/vmx/nested.c | 3 -
arch/x86/kvm/x86.c | 18 +-
arch/x86/kvm/xen.c | 32 +++-
arch/x86/mm/ioremap.c | 8 +-
arch/x86/power/cpu.c | 23 ++-
block/bfq-cgroup.c | 4 +
block/blk-mq.c | 7 +-
block/blk-settings.c | 1 -
block/blk.h | 1 +
drivers/acpi/video_detect.c | 14 ++
drivers/android/binder_alloc.c | 7 +
drivers/bus/intel-ixp4xx-eb.c | 9 +-
drivers/bus/sunxi-rsb.c | 38 ++--
drivers/cpufreq/Kconfig.x86 | 2 +-
drivers/cpufreq/amd-pstate.c | 21 +-
drivers/dma-buf/dma-buf.c | 23 ++-
drivers/dma-buf/dma-heap.c | 28 +--
drivers/fpga/Kconfig | 4 +-
.../gpu/drm/amd/amdgpu/amdgpu_amdkfd_aldebaran.c | 1 +
drivers/gpu/drm/amd/amdgpu/amdgpu_amdkfd_gpuvm.c | 4 +-
drivers/gpu/drm/amd/amdgpu/amdgpu_connectors.c | 1 -
drivers/gpu/drm/amd/amdgpu/amdgpu_gem.c | 8 +-
drivers/gpu/drm/amd/amdgpu/amdgpu_gmc.c | 6 +
drivers/gpu/drm/amd/amdgpu/amdgpu_psp.c | 16 +-
drivers/gpu/drm/amd/amdgpu/amdgpu_vm.c | 26 ---
drivers/gpu/drm/amd/amdgpu/amdgpu_vm.h | 26 +++
drivers/gpu/drm/amd/amdgpu/amdgpu_vm_pt.c | 2 +
drivers/gpu/drm/amd/amdgpu/mes_v11_0.c | 6 +-
drivers/gpu/drm/amd/amdkfd/cwsr_trap_handler.h | 31 +--
.../gpu/drm/amd/amdkfd/cwsr_trap_handler_gfx10.asm | 27 +++
drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c | 44 ++++-
drivers/gpu/drm/amd/display/dc/dc.h | 3 +
.../drm/amd/display/dc/dce120/dce120_resource.c | 3 +-
drivers/gpu/drm/amd/display/dc/dcn32/dcn32_hwseq.c | 213 ++++++++++-----------
.../gpu/drm/amd/display/dc/dcn32/dcn32_resource.c | 1 +
.../amd/display/dc/dcn32/dcn32_resource_helpers.c | 11 +-
.../drm/amd/display/dc/dcn321/dcn321_resource.c | 1 +
.../gpu/drm/amd/display/dc/dml/dcn32/dcn32_fpu.c | 22 ++-
.../amd/display/dc/dml/dcn32/display_mode_vba_32.c | 1 +
.../dc/dml/dcn32/display_mode_vba_util_32.c | 2 +-
.../dc/dml/dcn32/display_mode_vba_util_32.h | 2 +-
.../gpu/drm/amd/display/dc/dml/dcn321/dcn321_fpu.c | 8 +-
.../amd/display/dc/gpio/dcn32/hw_factory_dcn32.c | 14 ++
drivers/gpu/drm/amd/display/dc/gpio/hw_ddc.c | 9 +-
.../drm/amd/pm/powerplay/hwmgr/vega10_thermal.c | 25 ++-
.../drm/amd/pm/swsmu/smu11/sienna_cichlid_ppt.c | 4 +
drivers/gpu/drm/display/drm_dp_mst_topology.c | 2 +-
drivers/gpu/drm/drm_panel_orientation_quirks.c | 12 ++
drivers/gpu/drm/i915/display/intel_display_power.c | 8 +-
drivers/gpu/drm/i915/gem/i915_gem_ttm.c | 4 +
drivers/gpu/drm/i915/gt/intel_gt.c | 5 +
drivers/gpu/drm/i915/gvt/kvmgt.c | 3 +-
drivers/gpu/drm/tegra/drm.c | 4 +
drivers/gpu/host1x/dev.c | 4 +
drivers/hv/channel_mgmt.c | 6 +-
drivers/hv/vmbus_drv.c | 1 +
drivers/iio/accel/bma400_core.c | 4 +-
drivers/iio/adc/aspeed_adc.c | 11 +-
drivers/iio/industrialio-sw-trigger.c | 6 +-
drivers/iio/light/apds9960.c | 12 +-
drivers/input/misc/soc_button_array.c | 14 +-
drivers/input/mouse/synaptics.c | 1 +
drivers/input/serio/i8042-x86ia64io.h | 8 +-
drivers/input/touchscreen/goodix.c | 11 ++
drivers/md/dm-integrity.c | 21 +-
drivers/md/dm-log-writes.c | 1 +
drivers/net/arcnet/com20020_cs.c | 11 +-
drivers/net/bonding/bond_main.c | 17 +-
drivers/net/can/usb/gs_usb.c | 39 +---
drivers/net/dsa/sja1105/sja1105_mdio.c | 6 +
drivers/net/ethernet/broadcom/bnx2x/bnx2x_sriov.c | 12 +-
drivers/net/ethernet/cavium/liquidio/lio_main.c | 4 +-
drivers/net/ethernet/cavium/thunder/thunder_bgx.c | 4 +-
drivers/net/ethernet/davicom/dm9051.c | 4 +-
drivers/net/ethernet/engleder/tsnep_main.c | 57 +++++-
drivers/net/ethernet/freescale/enetc/enetc.c | 32 ++--
drivers/net/ethernet/freescale/enetc/enetc.h | 10 +-
drivers/net/ethernet/freescale/enetc/enetc_qos.c | 77 ++++----
drivers/net/ethernet/intel/iavf/iavf.h | 1 -
drivers/net/ethernet/intel/iavf/iavf_main.c | 41 ++--
drivers/net/ethernet/marvell/mvpp2/mvpp2_main.c | 8 +-
.../ethernet/marvell/octeontx2/af/rvu_debugfs.c | 3 +
.../net/ethernet/marvell/octeontx2/af/rvu_nix.c | 2 +
.../net/ethernet/marvell/octeontx2/af/rvu_sdp.c | 7 +-
.../net/ethernet/marvell/prestera/prestera_main.c | 1 +
drivers/net/ethernet/mediatek/mtk_eth_soc.c | 31 ++-
drivers/net/ethernet/mediatek/mtk_eth_soc.h | 5 +-
drivers/net/ethernet/mediatek/mtk_ppe.c | 24 ++-
drivers/net/ethernet/mediatek/mtk_ppe.h | 4 +-
drivers/net/ethernet/mellanox/mlx4/qp.c | 3 +-
drivers/net/ethernet/mellanox/mlx5/core/cmd.c | 47 ++---
.../mellanox/mlx5/core/diag/cmd_tracepoint.h | 45 +++++
.../ethernet/mellanox/mlx5/core/diag/fw_tracer.c | 2 +-
.../ethernet/mellanox/mlx5/core/en/tc_tun_encap.c | 16 +-
.../ethernet/mellanox/mlx5/core/en/tc_tun_encap.h | 3 +-
drivers/net/ethernet/mellanox/mlx5/core/en_tc.c | 17 +-
.../ethernet/mellanox/mlx5/core/eswitch_offloads.c | 2 +-
drivers/net/ethernet/mellanox/mlx5/core/fw_reset.c | 9 +-
drivers/net/ethernet/mellanox/mlx5/core/main.c | 9 +-
.../net/ethernet/mellanox/mlx5/core/sf/dev/dev.c | 88 +++++++++
.../net/ethernet/microchip/sparx5/sparx5_netdev.c | 14 +-
drivers/net/ethernet/netronome/nfp/nfp_devlink.c | 2 +-
.../net/ethernet/netronome/nfp/nfp_net_ethtool.c | 3 +
.../net/ethernet/oki-semi/pch_gbe/pch_gbe_main.c | 6 +-
drivers/net/ethernet/qlogic/qla3xxx.c | 1 +
drivers/net/ethernet/sfc/ef100_netdev.c | 1 +
drivers/net/ipvlan/ipvlan.h | 1 +
drivers/net/ipvlan/ipvlan_main.c | 2 +
drivers/net/macsec.c | 28 +--
drivers/net/phy/at803x.c | 4 +-
drivers/net/usb/cdc_ncm.c | 1 +
drivers/net/usb/qmi_wwan.c | 1 +
drivers/net/virtio_net.c | 3 +-
drivers/net/wireless/ath/ath11k/qmi.h | 2 +-
drivers/net/wireless/cisco/airo.c | 18 +-
drivers/net/wireless/mac80211_hwsim.c | 5 +
drivers/net/wireless/microchip/wilc1000/cfg80211.c | 39 +++-
drivers/net/wireless/microchip/wilc1000/hif.c | 21 +-
drivers/net/wwan/iosm/iosm_ipc_coredump.c | 1 +
drivers/net/wwan/iosm/iosm_ipc_devlink.c | 1 +
drivers/net/wwan/iosm/iosm_ipc_pcie.c | 2 +-
drivers/net/wwan/t7xx/t7xx_modem_ops.c | 2 +
drivers/nfc/st-nci/se.c | 49 +++--
drivers/nvme/host/core.c | 3 +-
drivers/nvme/host/pci.c | 2 -
drivers/nvme/target/configfs.c | 7 +-
drivers/pci/controller/pci-hyperv.c | 90 +++++++--
drivers/pinctrl/qcom/pinctrl-sc8280xp.c | 4 +-
.../platform/surface/surface_aggregator_registry.c | 37 ++++
drivers/platform/x86/acer-wmi.c | 9 +
drivers/platform/x86/asus-wmi.c | 2 +
drivers/platform/x86/hp-wmi.c | 3 +
drivers/platform/x86/ideapad-laptop.c | 62 +++++-
drivers/platform/x86/intel/hid.c | 3 +
drivers/platform/x86/intel/pmt/class.c | 31 ++-
drivers/platform/x86/thinkpad_acpi.c | 8 +
drivers/platform/x86/touchscreen_dmi.c | 25 +++
drivers/power/supply/ab8500_btemp.c | 9 +-
drivers/power/supply/ip5xxx_power.c | 2 +-
drivers/regulator/core.c | 8 +-
drivers/regulator/rt5759-regulator.c | 1 +
drivers/regulator/twl6030-regulator.c | 2 +
drivers/s390/block/dasd_eckd.c | 6 +-
drivers/s390/crypto/ap_bus.c | 5 +-
drivers/s390/crypto/zcrypt_msgtype6.c | 21 +-
drivers/scsi/ibmvscsi/ibmvfc.c | 14 +-
drivers/scsi/mpi3mr/mpi3mr_os.c | 3 +-
drivers/scsi/scsi_debug.c | 7 +
drivers/scsi/scsi_transport_iscsi.c | 31 +--
drivers/scsi/storvsc_drv.c | 69 ++++---
drivers/spi/spi-dw-dma.c | 3 +
drivers/spi/spi-imx.c | 13 +-
drivers/spi/spi-stm32.c | 2 +-
drivers/spi/spi-tegra210-quad.c | 9 +-
drivers/tee/optee/device.c | 2 +-
drivers/tty/n_gsm.c | 69 +++----
drivers/tty/serial/8250/8250_omap.c | 7 +-
drivers/usb/cdns3/cdnsp-gadget.c | 12 +-
drivers/usb/cdns3/cdnsp-ring.c | 17 +-
drivers/usb/dwc3/dwc3-exynos.c | 11 +-
drivers/usb/dwc3/gadget.c | 22 +--
drivers/virt/coco/sev-guest/sev-guest.c | 84 ++++++--
drivers/xen/platform-pci.c | 7 +-
drivers/xen/xen-pciback/conf_space_capability.c | 9 +-
fs/btrfs/ioctl.c | 23 ++-
fs/btrfs/sysfs.c | 7 +-
fs/btrfs/tree-log.c | 59 +++++-
fs/btrfs/zoned.c | 9 +-
fs/ceph/caps.c | 50 ++---
fs/cifs/cifsfs.c | 4 +-
fs/cifs/sess.c | 4 +-
fs/ext4/extents.c | 18 +-
fs/fs-writeback.c | 30 +--
fs/fscache/volume.c | 7 +-
fs/fuse/file.c | 37 ++--
fs/nfsd/vfs.c | 7 +-
fs/nilfs2/sufile.c | 8 +
fs/zonefs/super.c | 60 ++++--
fs/zonefs/zonefs.h | 6 +-
include/linux/blkdev.h | 1 -
include/linux/bpf.h | 39 +++-
include/linux/fault-inject.h | 7 +-
include/linux/fscache.h | 2 +-
include/linux/license.h | 2 +
include/linux/mlx5/driver.h | 1 +
include/net/neighbour.h | 2 +-
include/sound/sof/info.h | 4 +
include/uapi/linux/audit.h | 2 +-
init/Kconfig | 2 +-
io_uring/filetable.c | 2 -
io_uring/io_uring.h | 9 +-
io_uring/poll.c | 49 ++++-
kernel/bpf/dispatcher.c | 22 +--
kernel/gcov/clang.c | 2 +
lib/Kconfig.debug | 1 +
lib/fault-inject.c | 13 +-
lib/vdso/Makefile | 2 +-
mm/damon/sysfs.c | 4 +
mm/failslab.c | 12 +-
mm/memcontrol.c | 2 +-
mm/page_alloc.c | 7 +-
mm/vmscan.c | 24 ++-
net/9p/trans_fd.c | 2 +
net/core/flow_dissector.c | 2 +-
net/core/neighbour.c | 58 +++---
net/dccp/ipv4.c | 2 +
net/dccp/ipv6.c | 2 +
net/ipv4/Kconfig | 10 +
net/ipv4/esp4_offload.c | 3 +
net/ipv4/fib_trie.c | 4 +-
net/ipv4/inet_hashtables.c | 10 +-
net/ipv4/ip_input.c | 5 +
net/ipv4/netfilter/ipt_CLUSTERIP.c | 4 +-
net/ipv4/tcp_ipv4.c | 2 +
net/ipv6/esp6_offload.c | 3 +
net/ipv6/tcp_ipv6.c | 2 +
net/ipv6/xfrm6_policy.c | 6 +-
net/key/af_key.c | 34 ++--
net/mac80211/main.c | 8 +-
net/mac80211/mesh_pathtbl.c | 2 +-
net/netfilter/ipset/ip_set_hash_gen.h | 2 +-
net/netfilter/ipset/ip_set_hash_ip.c | 8 +-
net/netfilter/nf_conntrack_core.c | 2 +-
net/netfilter/nf_conntrack_netlink.c | 24 ++-
net/netfilter/nf_conntrack_standalone.c | 2 +-
net/netfilter/nf_flow_table_offload.c | 4 +
net/netfilter/nf_tables_api.c | 6 +-
net/netfilter/nft_ct.c | 6 +-
net/netfilter/xt_connmark.c | 18 +-
net/nfc/nci/core.c | 2 +-
net/nfc/nci/data.c | 4 +-
net/openvswitch/conntrack.c | 8 +-
net/rxrpc/ar-internal.h | 1 +
net/rxrpc/conn_client.c | 38 ++--
net/sched/Kconfig | 2 +-
net/sched/act_connmark.c | 4 +-
net/sched/act_ct.c | 8 +-
net/sched/act_ctinfo.c | 6 +-
net/tipc/discover.c | 5 +-
net/tipc/topsrv.c | 20 +-
net/wireless/util.c | 6 +-
net/xfrm/xfrm_device.c | 15 +-
net/xfrm/xfrm_replay.c | 2 +-
sound/hda/intel-dsp-config.c | 5 +
sound/soc/amd/yc/acp6x-mach.c | 7 +
sound/soc/codecs/hdac_hda.c | 26 +--
sound/soc/codecs/hdac_hda.h | 6 +-
sound/soc/codecs/max98373-i2c.c | 4 +
sound/soc/codecs/sgtl5000.c | 1 +
sound/soc/intel/boards/bytcht_es8316.c | 7 +
sound/soc/intel/boards/hda_dsp_common.c | 2 +-
sound/soc/intel/boards/skl_hda_dsp_generic.c | 2 +-
sound/soc/intel/boards/sof_es8336.c | 60 ++++--
sound/soc/intel/common/soc-acpi-intel-icl-match.c | 13 ++
sound/soc/intel/skylake/skl.c | 49 +++--
sound/soc/soc-pcm.c | 5 -
sound/soc/sof/intel/hda-codec.c | 49 +++--
sound/soc/sof/ipc3-topology.c | 15 +-
sound/soc/stm/stm32_adfsdm.c | 11 ++
sound/usb/endpoint.c | 3 +-
sound/usb/quirks.c | 2 +
sound/usb/usbaudio.h | 3 +
tools/iio/iio_generic_buffer.c | 4 +-
.../testing/selftests/bpf/verifier/ref_tracking.c | 36 ++++
.../testing/selftests/net/io_uring_zerocopy_tx.sh | 2 +-
tools/testing/selftests/net/mptcp/mptcp_join.sh | 6 +-
tools/testing/selftests/net/mptcp/mptcp_sockopt.sh | 9 +-
tools/testing/selftests/net/mptcp/simult_flows.sh | 5 +-
tools/testing/selftests/net/udpgro.sh | 4 +-
tools/testing/selftests/net/udpgro_bench.sh | 2 +-
tools/testing/selftests/net/udpgro_frglist.sh | 2 +-
virt/kvm/pfncache.c | 7 +-
302 files changed, 2720 insertions(+), 1290 deletions(-)
^ permalink raw reply [flat|nested] 305+ messages in thread
* [PATCH 6.0 001/289] binder: validate alloc->mm in ->mmap() handler
2022-11-30 18:19 [PATCH 6.0 000/289] 6.0.11-rc1 review Greg Kroah-Hartman
@ 2022-11-30 18:19 ` Greg Kroah-Hartman
2022-11-30 18:19 ` [PATCH 6.0 002/289] ceph: Use kcalloc for allocating multiple elements Greg Kroah-Hartman
` (297 subsequent siblings)
298 siblings, 0 replies; 305+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-30 18:19 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Jann Horn, Carlos Llamas, Todd Kjos,
Sasha Levin
From: Carlos Llamas <cmllamas@google.com>
[ Upstream commit 3ce00bb7e91cf57d723905371507af57182c37ef ]
Since commit 1da52815d5f1 ("binder: fix alloc->vma_vm_mm null-ptr
dereference") binder caches a pointer to the current->mm during open().
This fixes a null-ptr dereference reported by syzkaller. Unfortunately,
it also opens the door for a process to update its mm after the open(),
(e.g. via execve) making the cached alloc->mm pointer invalid.
Things get worse when the process continues to mmap() a vma. From this
point forward, binder will attempt to find this vma using an obsolete
alloc->mm reference. Such as in binder_update_page_range(), where the
wrong vma is obtained via vma_lookup(), yet binder proceeds to happily
insert new pages into it.
To avoid this issue fail the ->mmap() callback if we detect a mismatch
between the vma->vm_mm and the original alloc->mm pointer. This prevents
alloc->vm_addr from getting set, so that any subsequent vma_lookup()
calls fail as expected.
Fixes: 1da52815d5f1 ("binder: fix alloc->vma_vm_mm null-ptr dereference")
Reported-by: Jann Horn <jannh@google.com>
Cc: <stable@vger.kernel.org> # 5.15+
Signed-off-by: Carlos Llamas <cmllamas@google.com>
Acked-by: Todd Kjos <tkjos@google.com>
Link: https://lore.kernel.org/r/20221104231235.348958-1-cmllamas@google.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/android/binder_alloc.c | 7 +++++++
1 file changed, 7 insertions(+)
diff --git a/drivers/android/binder_alloc.c b/drivers/android/binder_alloc.c
index 9b1778c00610..64999777e0bf 100644
--- a/drivers/android/binder_alloc.c
+++ b/drivers/android/binder_alloc.c
@@ -760,6 +760,12 @@ int binder_alloc_mmap_handler(struct binder_alloc *alloc,
const char *failure_string;
struct binder_buffer *buffer;
+ if (unlikely(vma->vm_mm != alloc->vma_vm_mm)) {
+ ret = -EINVAL;
+ failure_string = "invalid vma->vm_mm";
+ goto err_invalid_mm;
+ }
+
mutex_lock(&binder_alloc_mmap_lock);
if (alloc->buffer_size) {
ret = -EBUSY;
@@ -806,6 +812,7 @@ int binder_alloc_mmap_handler(struct binder_alloc *alloc,
alloc->buffer_size = 0;
err_already_mapped:
mutex_unlock(&binder_alloc_mmap_lock);
+err_invalid_mm:
binder_alloc_debug(BINDER_DEBUG_USER_ERROR,
"%s: %d %lx-%lx %s failed %d\n", __func__,
alloc->pid, vma->vm_start, vma->vm_end,
--
2.35.1
^ permalink raw reply related [flat|nested] 305+ messages in thread
* [PATCH 6.0 002/289] ceph: Use kcalloc for allocating multiple elements
2022-11-30 18:19 [PATCH 6.0 000/289] 6.0.11-rc1 review Greg Kroah-Hartman
2022-11-30 18:19 ` [PATCH 6.0 001/289] binder: validate alloc->mm in ->mmap() handler Greg Kroah-Hartman
@ 2022-11-30 18:19 ` Greg Kroah-Hartman
2022-11-30 18:19 ` [PATCH 6.0 003/289] ceph: fix NULL pointer dereference for req->r_session Greg Kroah-Hartman
` (296 subsequent siblings)
298 siblings, 0 replies; 305+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-30 18:19 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Kenneth Lee, Xiubo Li, Ilya Dryomov,
Sasha Levin
From: Kenneth Lee <klee33@uw.edu>
[ Upstream commit aa1d627207cace003163dee24d1c06fa4e910c6b ]
Prefer using kcalloc(a, b) over kzalloc(a * b) as this improves
semantics since kcalloc is intended for allocating an array of memory.
Signed-off-by: Kenneth Lee <klee33@uw.edu>
Reviewed-by: Xiubo Li <xiubli@redhat.com>
Signed-off-by: Ilya Dryomov <idryomov@gmail.com>
Stable-dep-of: 5bd76b8de5b7 ("ceph: fix NULL pointer dereference for req->r_session")
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
fs/ceph/caps.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/fs/ceph/caps.c b/fs/ceph/caps.c
index 53cfe026b3ea..1eb2ff0f6bd8 100644
--- a/fs/ceph/caps.c
+++ b/fs/ceph/caps.c
@@ -2285,7 +2285,7 @@ static int flush_mdlog_and_wait_inode_unsafe_requests(struct inode *inode)
struct ceph_mds_request *req;
int i;
- sessions = kzalloc(max_sessions * sizeof(s), GFP_KERNEL);
+ sessions = kcalloc(max_sessions, sizeof(s), GFP_KERNEL);
if (!sessions) {
err = -ENOMEM;
goto out;
--
2.35.1
^ permalink raw reply related [flat|nested] 305+ messages in thread
* [PATCH 6.0 003/289] ceph: fix NULL pointer dereference for req->r_session
2022-11-30 18:19 [PATCH 6.0 000/289] 6.0.11-rc1 review Greg Kroah-Hartman
2022-11-30 18:19 ` [PATCH 6.0 001/289] binder: validate alloc->mm in ->mmap() handler Greg Kroah-Hartman
2022-11-30 18:19 ` [PATCH 6.0 002/289] ceph: Use kcalloc for allocating multiple elements Greg Kroah-Hartman
@ 2022-11-30 18:19 ` Greg Kroah-Hartman
2022-11-30 18:19 ` [PATCH 6.0 004/289] wifi: mac80211: fix memory free error when registering wiphy fail Greg Kroah-Hartman
` (295 subsequent siblings)
298 siblings, 0 replies; 305+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-30 18:19 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Xiubo Li, Ilya Dryomov, Sasha Levin
From: Xiubo Li <xiubli@redhat.com>
[ Upstream commit 5bd76b8de5b74fa941a6eafee87728a0fe072267 ]
The request's r_session maybe changed when it was forwarded or
resent. Both the forwarding and resending cases the requests will
be protected by the mdsc->mutex.
Cc: stable@vger.kernel.org
Link: https://bugzilla.redhat.com/show_bug.cgi?id=2137955
Signed-off-by: Xiubo Li <xiubli@redhat.com>
Reviewed-by: Ilya Dryomov <idryomov@gmail.com>
Signed-off-by: Ilya Dryomov <idryomov@gmail.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
fs/ceph/caps.c | 48 ++++++++++++------------------------------------
1 file changed, 12 insertions(+), 36 deletions(-)
diff --git a/fs/ceph/caps.c b/fs/ceph/caps.c
index 1eb2ff0f6bd8..02b5c0ac5654 100644
--- a/fs/ceph/caps.c
+++ b/fs/ceph/caps.c
@@ -2247,7 +2247,6 @@ static int flush_mdlog_and_wait_inode_unsafe_requests(struct inode *inode)
struct ceph_mds_client *mdsc = ceph_sb_to_client(inode->i_sb)->mdsc;
struct ceph_inode_info *ci = ceph_inode(inode);
struct ceph_mds_request *req1 = NULL, *req2 = NULL;
- unsigned int max_sessions;
int ret, err = 0;
spin_lock(&ci->i_unsafe_lock);
@@ -2265,28 +2264,24 @@ static int flush_mdlog_and_wait_inode_unsafe_requests(struct inode *inode)
}
spin_unlock(&ci->i_unsafe_lock);
- /*
- * The mdsc->max_sessions is unlikely to be changed
- * mostly, here we will retry it by reallocating the
- * sessions array memory to get rid of the mdsc->mutex
- * lock.
- */
-retry:
- max_sessions = mdsc->max_sessions;
-
/*
* Trigger to flush the journal logs in all the relevant MDSes
* manually, or in the worst case we must wait at most 5 seconds
* to wait the journal logs to be flushed by the MDSes periodically.
*/
- if ((req1 || req2) && likely(max_sessions)) {
- struct ceph_mds_session **sessions = NULL;
- struct ceph_mds_session *s;
+ if (req1 || req2) {
struct ceph_mds_request *req;
+ struct ceph_mds_session **sessions;
+ struct ceph_mds_session *s;
+ unsigned int max_sessions;
int i;
+ mutex_lock(&mdsc->mutex);
+ max_sessions = mdsc->max_sessions;
+
sessions = kcalloc(max_sessions, sizeof(s), GFP_KERNEL);
if (!sessions) {
+ mutex_unlock(&mdsc->mutex);
err = -ENOMEM;
goto out;
}
@@ -2298,16 +2293,6 @@ static int flush_mdlog_and_wait_inode_unsafe_requests(struct inode *inode)
s = req->r_session;
if (!s)
continue;
- if (unlikely(s->s_mds >= max_sessions)) {
- spin_unlock(&ci->i_unsafe_lock);
- for (i = 0; i < max_sessions; i++) {
- s = sessions[i];
- if (s)
- ceph_put_mds_session(s);
- }
- kfree(sessions);
- goto retry;
- }
if (!sessions[s->s_mds]) {
s = ceph_get_mds_session(s);
sessions[s->s_mds] = s;
@@ -2320,16 +2305,6 @@ static int flush_mdlog_and_wait_inode_unsafe_requests(struct inode *inode)
s = req->r_session;
if (!s)
continue;
- if (unlikely(s->s_mds >= max_sessions)) {
- spin_unlock(&ci->i_unsafe_lock);
- for (i = 0; i < max_sessions; i++) {
- s = sessions[i];
- if (s)
- ceph_put_mds_session(s);
- }
- kfree(sessions);
- goto retry;
- }
if (!sessions[s->s_mds]) {
s = ceph_get_mds_session(s);
sessions[s->s_mds] = s;
@@ -2341,11 +2316,12 @@ static int flush_mdlog_and_wait_inode_unsafe_requests(struct inode *inode)
/* the auth MDS */
spin_lock(&ci->i_ceph_lock);
if (ci->i_auth_cap) {
- s = ci->i_auth_cap->session;
- if (!sessions[s->s_mds])
- sessions[s->s_mds] = ceph_get_mds_session(s);
+ s = ci->i_auth_cap->session;
+ if (!sessions[s->s_mds])
+ sessions[s->s_mds] = ceph_get_mds_session(s);
}
spin_unlock(&ci->i_ceph_lock);
+ mutex_unlock(&mdsc->mutex);
/* send flush mdlog request to MDSes */
for (i = 0; i < max_sessions; i++) {
--
2.35.1
^ permalink raw reply related [flat|nested] 305+ messages in thread
* [PATCH 6.0 004/289] wifi: mac80211: fix memory free error when registering wiphy fail
2022-11-30 18:19 [PATCH 6.0 000/289] 6.0.11-rc1 review Greg Kroah-Hartman
` (2 preceding siblings ...)
2022-11-30 18:19 ` [PATCH 6.0 003/289] ceph: fix NULL pointer dereference for req->r_session Greg Kroah-Hartman
@ 2022-11-30 18:19 ` Greg Kroah-Hartman
2022-11-30 18:19 ` [PATCH 6.0 005/289] wifi: cfg80211: Fix bitrates overflow issue Greg Kroah-Hartman
` (294 subsequent siblings)
298 siblings, 0 replies; 305+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-30 18:19 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, taozhang, Johannes Berg, Sasha Levin
From: taozhang <taozhang@bestechnic.com>
[ Upstream commit 50b2e8711462409cd368c41067405aa446dfa2af ]
ieee80211_register_hw free the allocated cipher suites when
registering wiphy fail, and ieee80211_free_hw will re-free it.
set wiphy_ciphers_allocated to false after freeing allocated
cipher suites.
Signed-off-by: taozhang <taozhang@bestechnic.com>
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
net/mac80211/main.c | 8 ++++++--
1 file changed, 6 insertions(+), 2 deletions(-)
diff --git a/net/mac80211/main.c b/net/mac80211/main.c
index 5b1c47ed0cc0..87e24bba4c67 100644
--- a/net/mac80211/main.c
+++ b/net/mac80211/main.c
@@ -1437,8 +1437,10 @@ int ieee80211_register_hw(struct ieee80211_hw *hw)
ieee80211_led_exit(local);
destroy_workqueue(local->workqueue);
fail_workqueue:
- if (local->wiphy_ciphers_allocated)
+ if (local->wiphy_ciphers_allocated) {
kfree(local->hw.wiphy->cipher_suites);
+ local->wiphy_ciphers_allocated = false;
+ }
kfree(local->int_scan_req);
return result;
}
@@ -1506,8 +1508,10 @@ void ieee80211_free_hw(struct ieee80211_hw *hw)
mutex_destroy(&local->iflist_mtx);
mutex_destroy(&local->mtx);
- if (local->wiphy_ciphers_allocated)
+ if (local->wiphy_ciphers_allocated) {
kfree(local->hw.wiphy->cipher_suites);
+ local->wiphy_ciphers_allocated = false;
+ }
idr_for_each(&local->ack_status_frames,
ieee80211_free_ack_frame, NULL);
--
2.35.1
^ permalink raw reply related [flat|nested] 305+ messages in thread
* [PATCH 6.0 005/289] wifi: cfg80211: Fix bitrates overflow issue
2022-11-30 18:19 [PATCH 6.0 000/289] 6.0.11-rc1 review Greg Kroah-Hartman
` (3 preceding siblings ...)
2022-11-30 18:19 ` [PATCH 6.0 004/289] wifi: mac80211: fix memory free error when registering wiphy fail Greg Kroah-Hartman
@ 2022-11-30 18:19 ` Greg Kroah-Hartman
2022-11-30 18:19 ` [PATCH 6.0 006/289] wifi: mac80211_hwsim: fix debugfs attribute ps with rc table support Greg Kroah-Hartman
` (293 subsequent siblings)
298 siblings, 0 replies; 305+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-30 18:19 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Paul Zhang, Johannes Berg, Sasha Levin
From: Paul Zhang <quic_paulz@quicinc.com>
[ Upstream commit 18429c51c7ff6e6bfd627316c54670230967a7e5 ]
When invoking function cfg80211_calculate_bitrate_eht about
(320 MHz, EHT-MCS 13, EHT-NSS 2, EHT-GI 0), which means the
parameters as flags: 0x80, bw: 7, mcs: 13, eht_gi: 0, nss: 2,
this formula (result * rate->nss) will overflow and causes
the returned bitrate to be 3959 when it should be 57646.
Here is the explanation:
u64 tmp;
u32 result;
…
/* tmp = result = 4 * rates_996[0]
* = 4 * 480388888 = 0x72889c60
*/
tmp = result;
/* tmp = 0x72889c60 * 6144 = 0xabccea90000 */
tmp *= SCALE;
/* tmp = 0xabccea90000 / mcs_divisors[13]
* = 0xabccea90000 / 5120 = 0x8970bba6
*/
do_div(tmp, mcs_divisors[rate->mcs]);
/* result = 0x8970bba6 */
result = tmp;
/* normally (result * rate->nss) = 0x8970bba6 * 2 = 0x112e1774c,
* but since result is u32, (result * rate->nss) = 0x12e1774c,
* overflow happens and it loses the highest bit.
* Then result = 0x12e1774c / 8 = 39595753,
*/
result = (result * rate->nss) / 8;
Signed-off-by: Paul Zhang <quic_paulz@quicinc.com>
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
net/wireless/util.c | 6 ++++--
1 file changed, 4 insertions(+), 2 deletions(-)
diff --git a/net/wireless/util.c b/net/wireless/util.c
index 775836f6785a..450d609b512a 100644
--- a/net/wireless/util.c
+++ b/net/wireless/util.c
@@ -1555,10 +1555,12 @@ static u32 cfg80211_calculate_bitrate_eht(struct rate_info *rate)
tmp = result;
tmp *= SCALE;
do_div(tmp, mcs_divisors[rate->mcs]);
- result = tmp;
/* and take NSS */
- result = (result * rate->nss) / 8;
+ tmp *= rate->nss;
+ do_div(tmp, 8);
+
+ result = tmp;
return result / 10000;
}
--
2.35.1
^ permalink raw reply related [flat|nested] 305+ messages in thread
* [PATCH 6.0 006/289] wifi: mac80211_hwsim: fix debugfs attribute ps with rc table support
2022-11-30 18:19 [PATCH 6.0 000/289] 6.0.11-rc1 review Greg Kroah-Hartman
` (4 preceding siblings ...)
2022-11-30 18:19 ` [PATCH 6.0 005/289] wifi: cfg80211: Fix bitrates overflow issue Greg Kroah-Hartman
@ 2022-11-30 18:19 ` Greg Kroah-Hartman
2022-11-30 18:19 ` [PATCH 6.0 007/289] spi: tegra210-quad: Dont initialise DMA if not supported Greg Kroah-Hartman
` (292 subsequent siblings)
298 siblings, 0 replies; 305+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-30 18:19 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Jonas Jelonek, Johannes Berg, Sasha Levin
From: Jonas Jelonek <jelonek.jonas@gmail.com>
[ Upstream commit 69188df5f6e4cecc6b76b958979ba363cd5240e8 ]
Fixes a warning that occurs when rc table support is enabled
(IEEE80211_HW_SUPPORTS_RC_TABLE) in mac80211_hwsim and the PS mode
is changed via the exported debugfs attribute.
When the PS mode is changed, a packet is broadcasted via
hwsim_send_nullfunc by creating and transmitting a plain skb with only
header initialized. The ieee80211 rate array in the control buffer is
zero-initialized. When ratetbl support is enabled, ieee80211_get_tx_rates
is called for the skb with sta parameter set to NULL and thus no
ratetbl can be used. The final rate array then looks like
[-1,0; 0,0; 0,0; 0,0] which causes the warning in ieee80211_get_tx_rate.
The issue is fixed by setting the count of the first rate with idx '0'
to 1 and hence ieee80211_get_tx_rates won't overwrite it with idx '-1'.
Signed-off-by: Jonas Jelonek <jelonek.jonas@gmail.com>
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/wireless/mac80211_hwsim.c | 5 +++++
1 file changed, 5 insertions(+)
diff --git a/drivers/net/wireless/mac80211_hwsim.c b/drivers/net/wireless/mac80211_hwsim.c
index a074552bcec3..3179682daca7 100644
--- a/drivers/net/wireless/mac80211_hwsim.c
+++ b/drivers/net/wireless/mac80211_hwsim.c
@@ -910,6 +910,7 @@ static void hwsim_send_nullfunc(struct mac80211_hwsim_data *data, u8 *mac,
struct hwsim_vif_priv *vp = (void *)vif->drv_priv;
struct sk_buff *skb;
struct ieee80211_hdr *hdr;
+ struct ieee80211_tx_info *cb;
if (!vp->assoc)
return;
@@ -931,6 +932,10 @@ static void hwsim_send_nullfunc(struct mac80211_hwsim_data *data, u8 *mac,
memcpy(hdr->addr2, mac, ETH_ALEN);
memcpy(hdr->addr3, vp->bssid, ETH_ALEN);
+ cb = IEEE80211_SKB_CB(skb);
+ cb->control.rates[0].count = 1;
+ cb->control.rates[1].idx = -1;
+
rcu_read_lock();
mac80211_hwsim_tx_frame(data->hw, skb,
rcu_dereference(vif->bss_conf.chanctx_conf)->def.chan);
--
2.35.1
^ permalink raw reply related [flat|nested] 305+ messages in thread
* [PATCH 6.0 007/289] spi: tegra210-quad: Dont initialise DMA if not supported
2022-11-30 18:19 [PATCH 6.0 000/289] 6.0.11-rc1 review Greg Kroah-Hartman
` (5 preceding siblings ...)
2022-11-30 18:19 ` [PATCH 6.0 006/289] wifi: mac80211_hwsim: fix debugfs attribute ps with rc table support Greg Kroah-Hartman
@ 2022-11-30 18:19 ` Greg Kroah-Hartman
2022-11-30 18:19 ` [PATCH 6.0 008/289] riscv: dts: sifive unleashed: Add PWM controlled LEDs Greg Kroah-Hartman
` (291 subsequent siblings)
298 siblings, 0 replies; 305+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-30 18:19 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Jon Hunter, Thierry Reding,
Mark Brown, Sasha Levin
From: Jon Hunter <jonathanh@nvidia.com>
[ Upstream commit ae4b3c1252f0fd0951d2f072a02ba46cac8d6c92 ]
The following error messages are observed on boot for Tegra234 ...
ERR KERN tegra-qspi 3270000.spi: cannot use DMA: -19
ERR KERN tegra-qspi 3270000.spi: falling back to PIO
Tegra234 does not support DMA for the QSPI and so initialising the DMA
is expected to fail. The above error messages are misleading for devices
that don't support DMA and so fix this by skipping the DMA
initialisation for devices that don't support DMA.
Signed-off-by: Jon Hunter <jonathanh@nvidia.com>
Acked-by: Thierry Reding <treding@nvidia.com>
Link: https://lore.kernel.org/r/20221026155633.141792-1-jonathanh@nvidia.com
Signed-off-by: Mark Brown <broonie@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/spi/spi-tegra210-quad.c | 6 ++++++
1 file changed, 6 insertions(+)
diff --git a/drivers/spi/spi-tegra210-quad.c b/drivers/spi/spi-tegra210-quad.c
index 904972606bd4..10f0c5a6e0dc 100644
--- a/drivers/spi/spi-tegra210-quad.c
+++ b/drivers/spi/spi-tegra210-quad.c
@@ -720,6 +720,9 @@ static int tegra_qspi_start_cpu_based_transfer(struct tegra_qspi *qspi, struct s
static void tegra_qspi_deinit_dma(struct tegra_qspi *tqspi)
{
+ if (!tqspi->soc_data->has_dma)
+ return;
+
if (tqspi->tx_dma_buf) {
dma_free_coherent(tqspi->dev, tqspi->dma_buf_size,
tqspi->tx_dma_buf, tqspi->tx_dma_phys);
@@ -750,6 +753,9 @@ static int tegra_qspi_init_dma(struct tegra_qspi *tqspi)
u32 *dma_buf;
int err;
+ if (!tqspi->soc_data->has_dma)
+ return 0;
+
dma_chan = dma_request_chan(tqspi->dev, "rx");
if (IS_ERR(dma_chan)) {
err = PTR_ERR(dma_chan);
--
2.35.1
^ permalink raw reply related [flat|nested] 305+ messages in thread
* [PATCH 6.0 008/289] riscv: dts: sifive unleashed: Add PWM controlled LEDs
2022-11-30 18:19 [PATCH 6.0 000/289] 6.0.11-rc1 review Greg Kroah-Hartman
` (6 preceding siblings ...)
2022-11-30 18:19 ` [PATCH 6.0 007/289] spi: tegra210-quad: Dont initialise DMA if not supported Greg Kroah-Hartman
@ 2022-11-30 18:19 ` Greg Kroah-Hartman
2022-11-30 18:19 ` [PATCH 6.0 009/289] audit: fix undefined behavior in bit shift for AUDIT_BIT Greg Kroah-Hartman
` (290 subsequent siblings)
298 siblings, 0 replies; 305+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-30 18:19 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Emil Renner Berthing, Conor Dooley,
Palmer Dabbelt, Sasha Levin
From: Emil Renner Berthing <emil.renner.berthing@canonical.com>
[ Upstream commit 8bc8824d30193eb7755043d5bb65fa7f0d11a595 ]
This adds the 4 PWM controlled green LEDs to the HiFive Unleashed device
tree. The schematic doesn't specify any special function for the LEDs,
so they're added here without any default triggers and named d1, d2, d3
and d4 just like in the schematic.
Signed-off-by: Emil Renner Berthing <emil.renner.berthing@canonical.com>
Reviewed-by: Conor Dooley <conor.dooley@microchip.com>
Tested-by: Conor Dooley <conor.dooley@microchip.com>
Link: https://lore.kernel.org/r/20221012110928.352910-1-emil.renner.berthing@canonical.com
Signed-off-by: Palmer Dabbelt <palmer@rivosinc.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
.../boot/dts/sifive/hifive-unleashed-a00.dts | 38 +++++++++++++++++++
1 file changed, 38 insertions(+)
diff --git a/arch/riscv/boot/dts/sifive/hifive-unleashed-a00.dts b/arch/riscv/boot/dts/sifive/hifive-unleashed-a00.dts
index ced0d4e47938..900a50526d77 100644
--- a/arch/riscv/boot/dts/sifive/hifive-unleashed-a00.dts
+++ b/arch/riscv/boot/dts/sifive/hifive-unleashed-a00.dts
@@ -3,6 +3,8 @@
#include "fu540-c000.dtsi"
#include <dt-bindings/gpio/gpio.h>
+#include <dt-bindings/leds/common.h>
+#include <dt-bindings/pwm/pwm.h>
/* Clock frequency (in Hz) of the PCB crystal for rtcclk */
#define RTCCLK_FREQ 1000000
@@ -42,6 +44,42 @@ gpio-restart {
compatible = "gpio-restart";
gpios = <&gpio 10 GPIO_ACTIVE_LOW>;
};
+
+ led-controller {
+ compatible = "pwm-leds";
+
+ led-d1 {
+ pwms = <&pwm0 0 7812500 PWM_POLARITY_INVERTED>;
+ active-low;
+ color = <LED_COLOR_ID_GREEN>;
+ max-brightness = <255>;
+ label = "d1";
+ };
+
+ led-d2 {
+ pwms = <&pwm0 1 7812500 PWM_POLARITY_INVERTED>;
+ active-low;
+ color = <LED_COLOR_ID_GREEN>;
+ max-brightness = <255>;
+ label = "d2";
+ };
+
+ led-d3 {
+ pwms = <&pwm0 2 7812500 PWM_POLARITY_INVERTED>;
+ active-low;
+ color = <LED_COLOR_ID_GREEN>;
+ max-brightness = <255>;
+ label = "d3";
+ };
+
+ led-d4 {
+ pwms = <&pwm0 3 7812500 PWM_POLARITY_INVERTED>;
+ active-low;
+ color = <LED_COLOR_ID_GREEN>;
+ max-brightness = <255>;
+ label = "d4";
+ };
+ };
};
&uart0 {
--
2.35.1
^ permalink raw reply related [flat|nested] 305+ messages in thread
* [PATCH 6.0 009/289] audit: fix undefined behavior in bit shift for AUDIT_BIT
2022-11-30 18:19 [PATCH 6.0 000/289] 6.0.11-rc1 review Greg Kroah-Hartman
` (7 preceding siblings ...)
2022-11-30 18:19 ` [PATCH 6.0 008/289] riscv: dts: sifive unleashed: Add PWM controlled LEDs Greg Kroah-Hartman
@ 2022-11-30 18:19 ` Greg Kroah-Hartman
2022-11-30 18:19 ` [PATCH 6.0 010/289] wifi: airo: do not assign -1 to unsigned char Greg Kroah-Hartman
` (289 subsequent siblings)
298 siblings, 0 replies; 305+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-30 18:19 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Gaosheng Cui, Paul Moore, Sasha Levin
From: Gaosheng Cui <cuigaosheng1@huawei.com>
[ Upstream commit 986d93f55bdeab1cac858d1e47b41fac10b2d7f6 ]
Shifting signed 32-bit value by 31 bits is undefined, so changing
significant bit to unsigned. The UBSAN warning calltrace like below:
UBSAN: shift-out-of-bounds in kernel/auditfilter.c:179:23
left shift of 1 by 31 places cannot be represented in type 'int'
Call Trace:
<TASK>
dump_stack_lvl+0x7d/0xa5
dump_stack+0x15/0x1b
ubsan_epilogue+0xe/0x4e
__ubsan_handle_shift_out_of_bounds+0x1e7/0x20c
audit_register_class+0x9d/0x137
audit_classes_init+0x4d/0xb8
do_one_initcall+0x76/0x430
kernel_init_freeable+0x3b3/0x422
kernel_init+0x24/0x1e0
ret_from_fork+0x1f/0x30
</TASK>
Signed-off-by: Gaosheng Cui <cuigaosheng1@huawei.com>
[PM: remove bad 'Fixes' tag as issue predates git, added in v2.6.6-rc1]
Signed-off-by: Paul Moore <paul@paul-moore.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
include/uapi/linux/audit.h | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/include/uapi/linux/audit.h b/include/uapi/linux/audit.h
index 7c1dc818b1d5..d676ed2b246e 100644
--- a/include/uapi/linux/audit.h
+++ b/include/uapi/linux/audit.h
@@ -187,7 +187,7 @@
#define AUDIT_MAX_KEY_LEN 256
#define AUDIT_BITMASK_SIZE 64
#define AUDIT_WORD(nr) ((__u32)((nr)/32))
-#define AUDIT_BIT(nr) (1 << ((nr) - AUDIT_WORD(nr)*32))
+#define AUDIT_BIT(nr) (1U << ((nr) - AUDIT_WORD(nr)*32))
#define AUDIT_SYSCALL_CLASSES 16
#define AUDIT_CLASS_DIR_WRITE 0
--
2.35.1
^ permalink raw reply related [flat|nested] 305+ messages in thread
* [PATCH 6.0 010/289] wifi: airo: do not assign -1 to unsigned char
2022-11-30 18:19 [PATCH 6.0 000/289] 6.0.11-rc1 review Greg Kroah-Hartman
` (8 preceding siblings ...)
2022-11-30 18:19 ` [PATCH 6.0 009/289] audit: fix undefined behavior in bit shift for AUDIT_BIT Greg Kroah-Hartman
@ 2022-11-30 18:19 ` Greg Kroah-Hartman
2022-11-30 18:19 ` [PATCH 6.0 011/289] wifi: mac80211: Fix ack frame idr leak when mesh has no route Greg Kroah-Hartman
` (288 subsequent siblings)
298 siblings, 0 replies; 305+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-30 18:19 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Kalle Valo, linux-wireless,
Jason A. Donenfeld, Sasha Levin
From: Jason A. Donenfeld <Jason@zx2c4.com>
[ Upstream commit e6cb8769452e8236b52134e5cb4a18b8f5986932 ]
With char becoming unsigned by default, and with `char` alone being
ambiguous and based on architecture, we get a warning when assigning the
unchecked output of hex_to_bin() to that unsigned char. Mark `key` as a
`u8`, which matches the struct's type, and then check each call to
hex_to_bin() before casting.
Cc: Kalle Valo <kvalo@kernel.org>
Cc: linux-wireless@vger.kernel.org
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
Signed-off-by: Kalle Valo <kvalo@kernel.org>
Link: https://lore.kernel.org/r/20221024162843.535921-1-Jason@zx2c4.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/wireless/cisco/airo.c | 18 ++++++++++++++----
1 file changed, 14 insertions(+), 4 deletions(-)
diff --git a/drivers/net/wireless/cisco/airo.c b/drivers/net/wireless/cisco/airo.c
index 10daef81c355..fb2c35bd73bb 100644
--- a/drivers/net/wireless/cisco/airo.c
+++ b/drivers/net/wireless/cisco/airo.c
@@ -5232,7 +5232,7 @@ static int get_wep_tx_idx(struct airo_info *ai)
return -1;
}
-static int set_wep_key(struct airo_info *ai, u16 index, const char *key,
+static int set_wep_key(struct airo_info *ai, u16 index, const u8 *key,
u16 keylen, int perm, int lock)
{
static const unsigned char macaddr[ETH_ALEN] = { 0x01, 0, 0, 0, 0, 0 };
@@ -5283,7 +5283,7 @@ static void proc_wepkey_on_close(struct inode *inode, struct file *file)
struct net_device *dev = pde_data(inode);
struct airo_info *ai = dev->ml_priv;
int i, rc;
- char key[16];
+ u8 key[16];
u16 index = 0;
int j = 0;
@@ -5311,12 +5311,22 @@ static void proc_wepkey_on_close(struct inode *inode, struct file *file)
}
for (i = 0; i < 16*3 && data->wbuffer[i+j]; i++) {
+ int val;
+
+ if (i % 3 == 2)
+ continue;
+
+ val = hex_to_bin(data->wbuffer[i+j]);
+ if (val < 0) {
+ airo_print_err(ai->dev->name, "WebKey passed invalid key hex");
+ return;
+ }
switch(i%3) {
case 0:
- key[i/3] = hex_to_bin(data->wbuffer[i+j])<<4;
+ key[i/3] = (u8)val << 4;
break;
case 1:
- key[i/3] |= hex_to_bin(data->wbuffer[i+j]);
+ key[i/3] |= (u8)val;
break;
}
}
--
2.35.1
^ permalink raw reply related [flat|nested] 305+ messages in thread
* [PATCH 6.0 011/289] wifi: mac80211: Fix ack frame idr leak when mesh has no route
2022-11-30 18:19 [PATCH 6.0 000/289] 6.0.11-rc1 review Greg Kroah-Hartman
` (9 preceding siblings ...)
2022-11-30 18:19 ` [PATCH 6.0 010/289] wifi: airo: do not assign -1 to unsigned char Greg Kroah-Hartman
@ 2022-11-30 18:19 ` Greg Kroah-Hartman
2022-11-30 18:19 ` [PATCH 6.0 012/289] selftests/net: dont tests batched TCP io_uring zc Greg Kroah-Hartman
` (287 subsequent siblings)
298 siblings, 0 replies; 305+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-30 18:19 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Nicolas Cavallari, Johannes Berg,
Sasha Levin
From: Nicolas Cavallari <nicolas.cavallari@green-communications.fr>
[ Upstream commit 39e7b5de9853bd92ddbfa4b14165babacd7da0ba ]
When trying to transmit an data frame with tx_status to a destination
that have no route in the mesh, then it is dropped without recrediting
the ack_status_frames idr.
Once it is exhausted, wpa_supplicant starts failing to do SAE with
NL80211_CMD_FRAME and logs "nl80211: Frame command failed".
Use ieee80211_free_txskb() instead of kfree_skb() to fix it.
Signed-off-by: Nicolas Cavallari <nicolas.cavallari@green-communications.fr>
Link: https://lore.kernel.org/r/20221027140133.1504-1-nicolas.cavallari@green-communications.fr
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
net/mac80211/mesh_pathtbl.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/net/mac80211/mesh_pathtbl.c b/net/mac80211/mesh_pathtbl.c
index acc1c299f1ae..69d5e1ec6ede 100644
--- a/net/mac80211/mesh_pathtbl.c
+++ b/net/mac80211/mesh_pathtbl.c
@@ -710,7 +710,7 @@ int mesh_path_send_to_gates(struct mesh_path *mpath)
void mesh_path_discard_frame(struct ieee80211_sub_if_data *sdata,
struct sk_buff *skb)
{
- kfree_skb(skb);
+ ieee80211_free_txskb(&sdata->local->hw, skb);
sdata->u.mesh.mshstats.dropped_frames_no_route++;
}
--
2.35.1
^ permalink raw reply related [flat|nested] 305+ messages in thread
* [PATCH 6.0 012/289] selftests/net: dont tests batched TCP io_uring zc
2022-11-30 18:19 [PATCH 6.0 000/289] 6.0.11-rc1 review Greg Kroah-Hartman
` (10 preceding siblings ...)
2022-11-30 18:19 ` [PATCH 6.0 011/289] wifi: mac80211: Fix ack frame idr leak when mesh has no route Greg Kroah-Hartman
@ 2022-11-30 18:19 ` Greg Kroah-Hartman
2022-11-30 18:19 ` [PATCH 6.0 013/289] wifi: ath11k: Fix QCN9074 firmware boot on x86 Greg Kroah-Hartman
` (286 subsequent siblings)
298 siblings, 0 replies; 305+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-30 18:19 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Pavel Begunkov, Jens Axboe, Sasha Levin
From: Pavel Begunkov <asml.silence@gmail.com>
[ Upstream commit 9921d5013a6e51892623bf2f1c5b49eaecda55ac ]
It doesn't make sense batch submitting io_uring requests to a single TCP
socket without linking or some other kind of ordering. Moreover, it
causes spurious -EINTR fails due to interaction with task_work. Disable
it for now and keep queue depth=1.
Signed-off-by: Pavel Begunkov <asml.silence@gmail.com>
Link: https://lore.kernel.org/r/b547698d5938b1b1a898af1c260188d8546ded9a.1666700897.git.asml.silence@gmail.com
Signed-off-by: Jens Axboe <axboe@kernel.dk>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
tools/testing/selftests/net/io_uring_zerocopy_tx.sh | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/tools/testing/selftests/net/io_uring_zerocopy_tx.sh b/tools/testing/selftests/net/io_uring_zerocopy_tx.sh
index 32aa6e9dacc2..9ac4456d48fc 100755
--- a/tools/testing/selftests/net/io_uring_zerocopy_tx.sh
+++ b/tools/testing/selftests/net/io_uring_zerocopy_tx.sh
@@ -29,7 +29,7 @@ if [[ "$#" -eq "0" ]]; then
for IP in "${IPs[@]}"; do
for mode in $(seq 1 3); do
$0 "$IP" udp -m "$mode" -t 1 -n 32
- $0 "$IP" tcp -m "$mode" -t 1 -n 32
+ $0 "$IP" tcp -m "$mode" -t 1 -n 1
done
done
--
2.35.1
^ permalink raw reply related [flat|nested] 305+ messages in thread
* [PATCH 6.0 013/289] wifi: ath11k: Fix QCN9074 firmware boot on x86
2022-11-30 18:19 [PATCH 6.0 000/289] 6.0.11-rc1 review Greg Kroah-Hartman
` (11 preceding siblings ...)
2022-11-30 18:19 ` [PATCH 6.0 012/289] selftests/net: dont tests batched TCP io_uring zc Greg Kroah-Hartman
@ 2022-11-30 18:19 ` Greg Kroah-Hartman
2022-11-30 18:19 ` [PATCH 6.0 014/289] s390/zcrypt: fix warning about field-spanning write Greg Kroah-Hartman
` (285 subsequent siblings)
298 siblings, 0 replies; 305+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-30 18:19 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Tyler J. Stachecki, Kalle Valo, Sasha Levin
From: Tyler J. Stachecki <stachecki.tyler@gmail.com>
[ Upstream commit 3a89b6dec9920026eaa90fe8457f4348d3388a98 ]
The 2.7.0 series of QCN9074's firmware requests 5 segments
of memory instead of 3 (as in the 2.5.0 series).
The first segment (11M) is too large to be kalloc'd in one
go on x86 and requires piecemeal 1MB allocations, as was
the case with the prior public firmware (2.5.0, 15M).
Since f6f92968e1e5, ath11k will break the memory requests,
but only if there were fewer than 3 segments requested by
the firmware. It seems that 5 segments works fine and
allows QCN9074 to boot on x86 with firmware 2.7.0, so
change things accordingly.
Tested-on: QCN9074 hw1.0 PCI WLAN.HK.2.7.0.1-01744-QCAHKSWPL_SILICONZ-1
Tested-on: QCN9074 hw1.0 PCI WLAN.HK.2.5.0.1-01208-QCAHKSWPL_SILICONZ-1
Tested-on: WCN6855 hw2.0 PCI WLAN.HSP.1.1-03125-QCAHSPSWPL_V1_V2_SILICONZ_LITE-3.6510.16
Signed-off-by: Tyler J. Stachecki <stachecki.tyler@gmail.com>
Signed-off-by: Kalle Valo <quic_kvalo@quicinc.com>
Link: https://lore.kernel.org/r/20221022042728.43015-1-stachecki.tyler@gmail.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/wireless/ath/ath11k/qmi.h | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/net/wireless/ath/ath11k/qmi.h b/drivers/net/wireless/ath/ath11k/qmi.h
index 2ec56a34fa81..0909d53cefeb 100644
--- a/drivers/net/wireless/ath/ath11k/qmi.h
+++ b/drivers/net/wireless/ath/ath11k/qmi.h
@@ -27,7 +27,7 @@
#define ATH11K_QMI_WLANFW_MAX_NUM_MEM_SEG_V01 52
#define ATH11K_QMI_CALDB_SIZE 0x480000
#define ATH11K_QMI_BDF_EXT_STR_LENGTH 0x20
-#define ATH11K_QMI_FW_MEM_REQ_SEGMENT_CNT 3
+#define ATH11K_QMI_FW_MEM_REQ_SEGMENT_CNT 5
#define QMI_WLFW_REQUEST_MEM_IND_V01 0x0035
#define QMI_WLFW_FW_MEM_READY_IND_V01 0x0037
--
2.35.1
^ permalink raw reply related [flat|nested] 305+ messages in thread
* [PATCH 6.0 014/289] s390/zcrypt: fix warning about field-spanning write
2022-11-30 18:19 [PATCH 6.0 000/289] 6.0.11-rc1 review Greg Kroah-Hartman
` (12 preceding siblings ...)
2022-11-30 18:19 ` [PATCH 6.0 013/289] wifi: ath11k: Fix QCN9074 firmware boot on x86 Greg Kroah-Hartman
@ 2022-11-30 18:19 ` Greg Kroah-Hartman
2022-11-30 18:20 ` [PATCH 6.0 015/289] spi: stm32: fix stm32_spi_prepare_mbr() that halves spi clk for every run Greg Kroah-Hartman
` (284 subsequent siblings)
298 siblings, 0 replies; 305+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-30 18:19 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Harald Freudenberger,
Jürgen Christ, Vasily Gorbik, Sasha Levin
From: Harald Freudenberger <freude@linux.ibm.com>
[ Upstream commit b43088f30db1a7bff61c8486238c195c77788d6d ]
This patch fixes the warning
memcpy: detected field-spanning write (size 60) of single field "to" at drivers/s390/crypto/zcrypt_api.h:173 (size 2)
WARNING: CPU: 1 PID: 2114 at drivers/s390/crypto/zcrypt_api.h:173 prep_ep11_ap_msg+0x2c6/0x2e0 [zcrypt]
The code has been rewritten to use a union in combination
with a flex array to clearly state which part of the buffer
the payload is to be copied in via z_copy_from_user
function (which may call memcpy() in case of in-kernel calls).
Signed-off-by: Harald Freudenberger <freude@linux.ibm.com>
Suggested-by: Jürgen Christ <jchrist@linux.ibm.com>
Reviewed-by: Jürgen Christ <jchrist@linux.ibm.com>
Signed-off-by: Vasily Gorbik <gor@linux.ibm.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/s390/crypto/zcrypt_msgtype6.c | 21 +++++++++++++++------
1 file changed, 15 insertions(+), 6 deletions(-)
diff --git a/drivers/s390/crypto/zcrypt_msgtype6.c b/drivers/s390/crypto/zcrypt_msgtype6.c
index 8fb34b8eeb18..5ad251477593 100644
--- a/drivers/s390/crypto/zcrypt_msgtype6.c
+++ b/drivers/s390/crypto/zcrypt_msgtype6.c
@@ -342,7 +342,10 @@ static int xcrb_msg_to_type6cprb_msgx(bool userspace, struct ap_message *ap_msg,
};
struct {
struct type6_hdr hdr;
- struct CPRBX cprbx;
+ union {
+ struct CPRBX cprbx;
+ DECLARE_FLEX_ARRAY(u8, userdata);
+ };
} __packed * msg = ap_msg->msg;
int rcblen = CEIL4(xcrb->request_control_blk_length);
@@ -403,7 +406,8 @@ static int xcrb_msg_to_type6cprb_msgx(bool userspace, struct ap_message *ap_msg,
msg->hdr.fromcardlen2 = xcrb->reply_data_length;
/* prepare CPRB */
- if (z_copy_from_user(userspace, &msg->cprbx, xcrb->request_control_blk_addr,
+ if (z_copy_from_user(userspace, msg->userdata,
+ xcrb->request_control_blk_addr,
xcrb->request_control_blk_length))
return -EFAULT;
if (msg->cprbx.cprb_len + sizeof(msg->hdr.function_code) >
@@ -469,9 +473,14 @@ static int xcrb_msg_to_type6_ep11cprb_msgx(bool userspace, struct ap_message *ap
struct {
struct type6_hdr hdr;
- struct ep11_cprb cprbx;
- unsigned char pld_tag; /* fixed value 0x30 */
- unsigned char pld_lenfmt; /* payload length format */
+ union {
+ struct {
+ struct ep11_cprb cprbx;
+ unsigned char pld_tag; /* fixed value 0x30 */
+ unsigned char pld_lenfmt; /* length format */
+ } __packed;
+ DECLARE_FLEX_ARRAY(u8, userdata);
+ };
} __packed * msg = ap_msg->msg;
struct pld_hdr {
@@ -500,7 +509,7 @@ static int xcrb_msg_to_type6_ep11cprb_msgx(bool userspace, struct ap_message *ap
msg->hdr.fromcardlen1 = xcrb->resp_len;
/* Import CPRB data from the ioctl input parameter */
- if (z_copy_from_user(userspace, &msg->cprbx.cprb_len,
+ if (z_copy_from_user(userspace, msg->userdata,
(char __force __user *)xcrb->req, xcrb->req_len)) {
return -EFAULT;
}
--
2.35.1
^ permalink raw reply related [flat|nested] 305+ messages in thread
* [PATCH 6.0 015/289] spi: stm32: fix stm32_spi_prepare_mbr() that halves spi clk for every run
2022-11-30 18:19 [PATCH 6.0 000/289] 6.0.11-rc1 review Greg Kroah-Hartman
` (13 preceding siblings ...)
2022-11-30 18:19 ` [PATCH 6.0 014/289] s390/zcrypt: fix warning about field-spanning write Greg Kroah-Hartman
@ 2022-11-30 18:20 ` Greg Kroah-Hartman
2022-11-30 18:20 ` [PATCH 6.0 016/289] selftests/bpf: Add verifier test for release_reference() Greg Kroah-Hartman
` (283 subsequent siblings)
298 siblings, 0 replies; 305+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-30 18:20 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Sean Nyekjaer, Mark Brown, Sasha Levin
From: Sean Nyekjaer <sean@geanix.com>
[ Upstream commit 62aa1a344b0904549f6de7af958e8a1136fd5228 ]
When this driver is used with a driver that uses preallocated spi_transfer
structs. The speed_hz is halved by every run. This results in:
spi_stm32 44004000.spi: SPI transfer setup failed
ads7846 spi0.0: SPI transfer failed: -22
Example when running with DIV_ROUND_UP():
- First run; speed_hz = 1000000, spi->clk_rate 125000000
div 125 -> mbrdiv = 7, cur_speed = 976562
- Second run; speed_hz = 976562
div 128,00007 (roundup to 129) -> mbrdiv = 8, cur_speed = 488281
- Third run; speed_hz = 488281
div 256,000131072067109 (roundup to 257) and then -EINVAL is returned.
Use DIV_ROUND_CLOSEST to allow to round down and allow us to keep the
set speed.
Signed-off-by: Sean Nyekjaer <sean@geanix.com>
Link: https://lore.kernel.org/r/20221103080043.3033414-1-sean@geanix.com
Signed-off-by: Mark Brown <broonie@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/spi/spi-stm32.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/spi/spi-stm32.c b/drivers/spi/spi-stm32.c
index 3c2fa2e2f94a..def09cf0dc14 100644
--- a/drivers/spi/spi-stm32.c
+++ b/drivers/spi/spi-stm32.c
@@ -434,7 +434,7 @@ static int stm32_spi_prepare_mbr(struct stm32_spi *spi, u32 speed_hz,
u32 div, mbrdiv;
/* Ensure spi->clk_rate is even */
- div = DIV_ROUND_UP(spi->clk_rate & ~0x1, speed_hz);
+ div = DIV_ROUND_CLOSEST(spi->clk_rate & ~0x1, speed_hz);
/*
* SPI framework set xfer->speed_hz to master->max_speed_hz if
--
2.35.1
^ permalink raw reply related [flat|nested] 305+ messages in thread
* [PATCH 6.0 016/289] selftests/bpf: Add verifier test for release_reference()
2022-11-30 18:19 [PATCH 6.0 000/289] 6.0.11-rc1 review Greg Kroah-Hartman
` (14 preceding siblings ...)
2022-11-30 18:20 ` [PATCH 6.0 015/289] spi: stm32: fix stm32_spi_prepare_mbr() that halves spi clk for every run Greg Kroah-Hartman
@ 2022-11-30 18:20 ` Greg Kroah-Hartman
2022-11-30 18:20 ` [PATCH 6.0 017/289] selftests/net: give more time to udpgro bg processes to complete startup Greg Kroah-Hartman
` (282 subsequent siblings)
298 siblings, 0 replies; 305+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-30 18:20 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Youlin Li, Daniel Borkmann, Sasha Levin
From: Youlin Li <liulin063@gmail.com>
[ Upstream commit 475244f5e06beeda7b557d9dde46a5f439bf3379 ]
Add a test case to ensure that released pointer registers will not be
leaked into the map.
Before fix:
./test_verifier 984
984/u reference tracking: try to leak released ptr reg FAIL
Unexpected success to load!
verification time 67 usec
stack depth 4
processed 23 insns (limit 1000000) max_states_per_insn 0 total_states 2
peak_states 2 mark_read 1
984/p reference tracking: try to leak released ptr reg OK
Summary: 1 PASSED, 0 SKIPPED, 1 FAILED
After fix:
./test_verifier 984
984/u reference tracking: try to leak released ptr reg OK
984/p reference tracking: try to leak released ptr reg OK
Summary: 2 PASSED, 0 SKIPPED, 0 FAILED
Signed-off-by: Youlin Li <liulin063@gmail.com>
Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
Link: https://lore.kernel.org/bpf/20221103093440.3161-2-liulin063@gmail.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
.../selftests/bpf/verifier/ref_tracking.c | 36 +++++++++++++++++++
1 file changed, 36 insertions(+)
diff --git a/tools/testing/selftests/bpf/verifier/ref_tracking.c b/tools/testing/selftests/bpf/verifier/ref_tracking.c
index 57a83d763ec1..6dc65b2501ed 100644
--- a/tools/testing/selftests/bpf/verifier/ref_tracking.c
+++ b/tools/testing/selftests/bpf/verifier/ref_tracking.c
@@ -905,3 +905,39 @@
.result_unpriv = REJECT,
.errstr_unpriv = "unknown func",
},
+{
+ "reference tracking: try to leak released ptr reg",
+ .insns = {
+ BPF_MOV64_IMM(BPF_REG_0, 0),
+ BPF_STX_MEM(BPF_W, BPF_REG_10, BPF_REG_0, -4),
+ BPF_MOV64_REG(BPF_REG_2, BPF_REG_10),
+ BPF_ALU64_IMM(BPF_ADD, BPF_REG_2, -4),
+ BPF_LD_MAP_FD(BPF_REG_1, 0),
+ BPF_EMIT_CALL(BPF_FUNC_map_lookup_elem),
+ BPF_JMP_IMM(BPF_JNE, BPF_REG_0, 0, 1),
+ BPF_EXIT_INSN(),
+ BPF_MOV64_REG(BPF_REG_9, BPF_REG_0),
+
+ BPF_MOV64_IMM(BPF_REG_0, 0),
+ BPF_LD_MAP_FD(BPF_REG_1, 0),
+ BPF_MOV64_IMM(BPF_REG_2, 8),
+ BPF_MOV64_IMM(BPF_REG_3, 0),
+ BPF_EMIT_CALL(BPF_FUNC_ringbuf_reserve),
+ BPF_JMP_IMM(BPF_JNE, BPF_REG_0, 0, 1),
+ BPF_EXIT_INSN(),
+ BPF_MOV64_REG(BPF_REG_8, BPF_REG_0),
+
+ BPF_MOV64_REG(BPF_REG_1, BPF_REG_8),
+ BPF_MOV64_IMM(BPF_REG_2, 0),
+ BPF_EMIT_CALL(BPF_FUNC_ringbuf_discard),
+ BPF_MOV64_IMM(BPF_REG_0, 0),
+
+ BPF_STX_MEM(BPF_DW, BPF_REG_9, BPF_REG_8, 0),
+ BPF_EXIT_INSN()
+ },
+ .fixup_map_array_48b = { 4 },
+ .fixup_map_ringbuf = { 11 },
+ .result = ACCEPT,
+ .result_unpriv = REJECT,
+ .errstr_unpriv = "R8 !read_ok"
+},
--
2.35.1
^ permalink raw reply related [flat|nested] 305+ messages in thread
* [PATCH 6.0 017/289] selftests/net: give more time to udpgro bg processes to complete startup
2022-11-30 18:19 [PATCH 6.0 000/289] 6.0.11-rc1 review Greg Kroah-Hartman
` (15 preceding siblings ...)
2022-11-30 18:20 ` [PATCH 6.0 016/289] selftests/bpf: Add verifier test for release_reference() Greg Kroah-Hartman
@ 2022-11-30 18:20 ` Greg Kroah-Hartman
2022-11-30 18:20 ` [PATCH 6.0 018/289] Revert "net: macsec: report real_dev features when HW offloading is enabled" Greg Kroah-Hartman
` (281 subsequent siblings)
298 siblings, 0 replies; 305+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-30 18:20 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Adrien Thierry, David S. Miller,
Sasha Levin
From: Adrien Thierry <athierry@redhat.com>
[ Upstream commit cdb525ca92b196f8916102b62431aa0d9a644ff2 ]
In some conditions, background processes in udpgro don't have enough
time to set up the sockets. When foreground processes start, this
results in the test failing with "./udpgso_bench_tx: sendmsg: Connection
refused". For instance, this happens from time to time on a Qualcomm
SA8540P SoC running CentOS Stream 9.
To fix this, increase the time given to background processes to
complete the startup before foreground processes start.
Signed-off-by: Adrien Thierry <athierry@redhat.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
tools/testing/selftests/net/udpgro.sh | 4 ++--
tools/testing/selftests/net/udpgro_bench.sh | 2 +-
tools/testing/selftests/net/udpgro_frglist.sh | 2 +-
3 files changed, 4 insertions(+), 4 deletions(-)
diff --git a/tools/testing/selftests/net/udpgro.sh b/tools/testing/selftests/net/udpgro.sh
index ebbd0b282432..6a443ca3cd3a 100755
--- a/tools/testing/selftests/net/udpgro.sh
+++ b/tools/testing/selftests/net/udpgro.sh
@@ -50,7 +50,7 @@ run_one() {
echo "failed" &
# Hack: let bg programs complete the startup
- sleep 0.1
+ sleep 0.2
./udpgso_bench_tx ${tx_args}
ret=$?
wait $(jobs -p)
@@ -117,7 +117,7 @@ run_one_2sock() {
echo "failed" &
# Hack: let bg programs complete the startup
- sleep 0.1
+ sleep 0.2
./udpgso_bench_tx ${tx_args} -p 12345
sleep 0.1
# first UDP GSO socket should be closed at this point
diff --git a/tools/testing/selftests/net/udpgro_bench.sh b/tools/testing/selftests/net/udpgro_bench.sh
index fad2d1a71cac..8a1109a545db 100755
--- a/tools/testing/selftests/net/udpgro_bench.sh
+++ b/tools/testing/selftests/net/udpgro_bench.sh
@@ -39,7 +39,7 @@ run_one() {
ip netns exec "${PEER_NS}" ./udpgso_bench_rx -t ${rx_args} -r &
# Hack: let bg programs complete the startup
- sleep 0.1
+ sleep 0.2
./udpgso_bench_tx ${tx_args}
}
diff --git a/tools/testing/selftests/net/udpgro_frglist.sh b/tools/testing/selftests/net/udpgro_frglist.sh
index 832c738cc3c2..7fe85ba51075 100755
--- a/tools/testing/selftests/net/udpgro_frglist.sh
+++ b/tools/testing/selftests/net/udpgro_frglist.sh
@@ -44,7 +44,7 @@ run_one() {
ip netns exec "${PEER_NS}" ./udpgso_bench_rx ${rx_args} -r &
# Hack: let bg programs complete the startup
- sleep 0.1
+ sleep 0.2
./udpgso_bench_tx ${tx_args}
}
--
2.35.1
^ permalink raw reply related [flat|nested] 305+ messages in thread
* [PATCH 6.0 018/289] Revert "net: macsec: report real_dev features when HW offloading is enabled"
2022-11-30 18:19 [PATCH 6.0 000/289] 6.0.11-rc1 review Greg Kroah-Hartman
` (16 preceding siblings ...)
2022-11-30 18:20 ` [PATCH 6.0 017/289] selftests/net: give more time to udpgro bg processes to complete startup Greg Kroah-Hartman
@ 2022-11-30 18:20 ` Greg Kroah-Hartman
2022-11-30 18:20 ` [PATCH 6.0 019/289] ACPI: video: Add backlight=native DMI quirk for Dell G15 5515 Greg Kroah-Hartman
` (280 subsequent siblings)
298 siblings, 0 replies; 305+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-30 18:20 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Sabrina Dubroca, Antoine Tenart,
Leon Romanovsky, David S. Miller, Sasha Levin
From: Sabrina Dubroca <sd@queasysnail.net>
[ Upstream commit 8bcd560ae8784da57c610d857118c5d6576b1a8f ]
This reverts commit c850240b6c4132574a00f2da439277ab94265b66.
That commit tried to improve the performance of macsec offload by
taking advantage of some of the NIC's features, but in doing so, broke
macsec offload when the lower device supports both macsec and ipsec
offload, as the ipsec offload feature flags (mainly NETIF_F_HW_ESP)
were copied from the real device. Since the macsec device doesn't
provide xdo_* ops, the XFRM core rejects the registration of the new
macsec device in xfrm_api_check.
Example perf trace when running
ip link add link eni1np1 type macsec port 4 offload mac
ip 737 [003] 795.477676: probe:xfrm_dev_event__REGISTER name="macsec0" features=0x1c000080014869
xfrm_dev_event+0x3a
notifier_call_chain+0x47
register_netdevice+0x846
macsec_newlink+0x25a
ip 737 [003] 795.477687: probe:xfrm_dev_event__return ret=0x8002 (NOTIFY_BAD)
notifier_call_chain+0x47
register_netdevice+0x846
macsec_newlink+0x25a
dev->features includes NETIF_F_HW_ESP (0x04000000000000), so
xfrm_api_check returns NOTIFY_BAD because we don't have
dev->xfrmdev_ops on the macsec device.
We could probably propagate GSO and a few other features from the
lower device, similar to macvlan. This will be done in a future patch.
Signed-off-by: Sabrina Dubroca <sd@queasysnail.net>
Reviewed-by: Antoine Tenart <atenart@kernel.org>
Reviewed-by: Leon Romanovsky <leonro@nvidia.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/macsec.c | 27 ++++-----------------------
1 file changed, 4 insertions(+), 23 deletions(-)
diff --git a/drivers/net/macsec.c b/drivers/net/macsec.c
index ddfa853ec9b5..d145ad189778 100644
--- a/drivers/net/macsec.c
+++ b/drivers/net/macsec.c
@@ -2685,11 +2685,6 @@ static int macsec_upd_offload(struct sk_buff *skb, struct genl_info *info)
if (ret)
goto rollback;
- /* Force features update, since they are different for SW MACSec and
- * HW offloading cases.
- */
- netdev_update_features(dev);
-
rtnl_unlock();
return 0;
@@ -3457,16 +3452,9 @@ static netdev_tx_t macsec_start_xmit(struct sk_buff *skb,
return ret;
}
-#define SW_MACSEC_FEATURES \
+#define MACSEC_FEATURES \
(NETIF_F_SG | NETIF_F_HIGHDMA | NETIF_F_FRAGLIST)
-/* If h/w offloading is enabled, use real device features save for
- * VLAN_FEATURES - they require additional ops
- * HW_MACSEC - no reason to report it
- */
-#define REAL_DEV_FEATURES(dev) \
- ((dev)->features & ~(NETIF_F_VLAN_FEATURES | NETIF_F_HW_MACSEC))
-
static int macsec_dev_init(struct net_device *dev)
{
struct macsec_dev *macsec = macsec_priv(dev);
@@ -3483,12 +3471,8 @@ static int macsec_dev_init(struct net_device *dev)
return err;
}
- if (macsec_is_offloaded(macsec)) {
- dev->features = REAL_DEV_FEATURES(real_dev);
- } else {
- dev->features = real_dev->features & SW_MACSEC_FEATURES;
- dev->features |= NETIF_F_LLTX | NETIF_F_GSO_SOFTWARE;
- }
+ dev->features = real_dev->features & MACSEC_FEATURES;
+ dev->features |= NETIF_F_LLTX | NETIF_F_GSO_SOFTWARE;
dev->needed_headroom = real_dev->needed_headroom +
MACSEC_NEEDED_HEADROOM;
@@ -3520,10 +3504,7 @@ static netdev_features_t macsec_fix_features(struct net_device *dev,
struct macsec_dev *macsec = macsec_priv(dev);
struct net_device *real_dev = macsec->real_dev;
- if (macsec_is_offloaded(macsec))
- return REAL_DEV_FEATURES(real_dev);
-
- features &= (real_dev->features & SW_MACSEC_FEATURES) |
+ features &= (real_dev->features & MACSEC_FEATURES) |
NETIF_F_GSO_SOFTWARE | NETIF_F_SOFT_FEATURES;
features |= NETIF_F_LLTX;
--
2.35.1
^ permalink raw reply related [flat|nested] 305+ messages in thread
* [PATCH 6.0 019/289] ACPI: video: Add backlight=native DMI quirk for Dell G15 5515
2022-11-30 18:19 [PATCH 6.0 000/289] 6.0.11-rc1 review Greg Kroah-Hartman
` (17 preceding siblings ...)
2022-11-30 18:20 ` [PATCH 6.0 018/289] Revert "net: macsec: report real_dev features when HW offloading is enabled" Greg Kroah-Hartman
@ 2022-11-30 18:20 ` Greg Kroah-Hartman
2022-11-30 18:20 ` [PATCH 6.0 020/289] platform/x86: ideapad-laptop: Disable touchpad_switch Greg Kroah-Hartman
` (279 subsequent siblings)
298 siblings, 0 replies; 305+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-30 18:20 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Iris, Daniel Dadap, Hans de Goede,
Sasha Levin
From: Hans de Goede <hdegoede@redhat.com>
[ Upstream commit f46acc1efd4b5846de9fa05f966e504f328f34a6 ]
The Dell G15 5515 has the WMI interface (and WMI call returns) expected
by the nvidia-wmi-ec-backlight interface. But the backlight class device
registered by the nvidia-wmi-ec-backlight driver does not actually work.
The amdgpu_bl0 native GPU backlight class device does actually work,
add a backlight=native DMI quirk for this.
Reported-by: Iris <pawel.js@protonmail.com>
Reviewed-by: Daniel Dadap <ddadap@nvidia.com>
Signed-off-by: Hans de Goede <hdegoede@redhat.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/acpi/video_detect.c | 14 ++++++++++++++
1 file changed, 14 insertions(+)
diff --git a/drivers/acpi/video_detect.c b/drivers/acpi/video_detect.c
index 68a566f69684..aae9261c424a 100644
--- a/drivers/acpi/video_detect.c
+++ b/drivers/acpi/video_detect.c
@@ -578,6 +578,20 @@ static const struct dmi_system_id video_detect_dmi_table[] = {
DMI_MATCH(DMI_BOARD_NAME, "GMxRGxx"),
},
},
+ /*
+ * Models which have nvidia-ec-wmi support, but should not use it.
+ * Note this indicates a likely firmware bug on these models and should
+ * be revisited if/when Linux gets support for dynamic mux mode.
+ */
+ {
+ .callback = video_detect_force_native,
+ /* Dell G15 5515 */
+ .matches = {
+ DMI_MATCH(DMI_SYS_VENDOR, "Dell Inc."),
+ DMI_MATCH(DMI_PRODUCT_NAME, "Dell G15 5515"),
+ },
+ },
+
/*
* Desktops which falsely report a backlight and which our heuristics
* for this do not catch.
--
2.35.1
^ permalink raw reply related [flat|nested] 305+ messages in thread
* [PATCH 6.0 020/289] platform/x86: ideapad-laptop: Disable touchpad_switch
2022-11-30 18:19 [PATCH 6.0 000/289] 6.0.11-rc1 review Greg Kroah-Hartman
` (18 preceding siblings ...)
2022-11-30 18:20 ` [PATCH 6.0 019/289] ACPI: video: Add backlight=native DMI quirk for Dell G15 5515 Greg Kroah-Hartman
@ 2022-11-30 18:20 ` Greg Kroah-Hartman
2022-11-30 18:20 ` [PATCH 6.0 021/289] platform/x86: touchscreen_dmi: Add info for the RCA Cambio W101 v2 2-in-1 Greg Kroah-Hartman
` (278 subsequent siblings)
298 siblings, 0 replies; 305+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-30 18:20 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Manyi Li, Hans de Goede, Sasha Levin
From: Manyi Li <limanyi@uniontech.com>
[ Upstream commit a231224a601c1924b9df620281ad04472900d75f ]
Ideapads for "Lenovo Yoga 3 Pro 1370" and "ZhaoYang K4e-IML" do not
use EC to switch touchpad.
Reading VPCCMD_R_TOUCHPAD will return zero thus touchpad may be blocked
unexpectedly.
Signed-off-by: Manyi Li <limanyi@uniontech.com>
Link: https://lore.kernel.org/r/20221018095323.14591-1-limanyi@uniontech.com
Reviewed-by: Hans de Goede <hdegoede@redhat.com>
Signed-off-by: Hans de Goede <hdegoede@redhat.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/platform/x86/ideapad-laptop.c | 25 ++++++++++++++++++++++++-
1 file changed, 24 insertions(+), 1 deletion(-)
diff --git a/drivers/platform/x86/ideapad-laptop.c b/drivers/platform/x86/ideapad-laptop.c
index abd0c81d62c4..33b3dfdd1b08 100644
--- a/drivers/platform/x86/ideapad-laptop.c
+++ b/drivers/platform/x86/ideapad-laptop.c
@@ -1533,6 +1533,24 @@ static const struct dmi_system_id hw_rfkill_list[] = {
{}
};
+static const struct dmi_system_id no_touchpad_switch_list[] = {
+ {
+ .ident = "Lenovo Yoga 3 Pro 1370",
+ .matches = {
+ DMI_MATCH(DMI_SYS_VENDOR, "LENOVO"),
+ DMI_MATCH(DMI_PRODUCT_VERSION, "Lenovo YOGA 3"),
+ },
+ },
+ {
+ .ident = "ZhaoYang K4e-IML",
+ .matches = {
+ DMI_MATCH(DMI_SYS_VENDOR, "LENOVO"),
+ DMI_MATCH(DMI_PRODUCT_VERSION, "ZhaoYang K4e-IML"),
+ },
+ },
+ {}
+};
+
static void ideapad_check_features(struct ideapad_private *priv)
{
acpi_handle handle = priv->adev->handle;
@@ -1541,7 +1559,12 @@ static void ideapad_check_features(struct ideapad_private *priv)
priv->features.hw_rfkill_switch = dmi_check_system(hw_rfkill_list);
/* Most ideapads with ELAN0634 touchpad don't use EC touchpad switch */
- priv->features.touchpad_ctrl_via_ec = !acpi_dev_present("ELAN0634", NULL, -1);
+ if (acpi_dev_present("ELAN0634", NULL, -1))
+ priv->features.touchpad_ctrl_via_ec = 0;
+ else if (dmi_check_system(no_touchpad_switch_list))
+ priv->features.touchpad_ctrl_via_ec = 0;
+ else
+ priv->features.touchpad_ctrl_via_ec = 1;
if (!read_ec_data(handle, VPCCMD_R_FAN, &val))
priv->features.fan_mode = true;
--
2.35.1
^ permalink raw reply related [flat|nested] 305+ messages in thread
* [PATCH 6.0 021/289] platform/x86: touchscreen_dmi: Add info for the RCA Cambio W101 v2 2-in-1
2022-11-30 18:19 [PATCH 6.0 000/289] 6.0.11-rc1 review Greg Kroah-Hartman
` (19 preceding siblings ...)
2022-11-30 18:20 ` [PATCH 6.0 020/289] platform/x86: ideapad-laptop: Disable touchpad_switch Greg Kroah-Hartman
@ 2022-11-30 18:20 ` Greg Kroah-Hartman
2022-11-30 18:20 ` [PATCH 6.0 022/289] platform/x86/intel/pmt: Sapphire Rapids PMT errata fix Greg Kroah-Hartman
` (277 subsequent siblings)
298 siblings, 0 replies; 305+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-30 18:20 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Hans de Goede, Sasha Levin
From: Hans de Goede <hdegoede@redhat.com>
[ Upstream commit 0df044b34bf33e7e35c32b3bf6747fde6279c162 ]
Add touchscreen info for the RCA Cambio W101 v2 2-in-1.
Link: https://github.com/onitake/gsl-firmware/discussions/193
Signed-off-by: Hans de Goede <hdegoede@redhat.com>
Link: https://lore.kernel.org/r/20221025141131.509211-1-hdegoede@redhat.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/platform/x86/touchscreen_dmi.c | 25 +++++++++++++++++++++++++
1 file changed, 25 insertions(+)
diff --git a/drivers/platform/x86/touchscreen_dmi.c b/drivers/platform/x86/touchscreen_dmi.c
index bc97bfa8e8a6..baae3120efd0 100644
--- a/drivers/platform/x86/touchscreen_dmi.c
+++ b/drivers/platform/x86/touchscreen_dmi.c
@@ -770,6 +770,22 @@ static const struct ts_dmi_data predia_basic_data = {
.properties = predia_basic_props,
};
+static const struct property_entry rca_cambio_w101_v2_props[] = {
+ PROPERTY_ENTRY_U32("touchscreen-min-x", 4),
+ PROPERTY_ENTRY_U32("touchscreen-min-y", 20),
+ PROPERTY_ENTRY_U32("touchscreen-size-x", 1644),
+ PROPERTY_ENTRY_U32("touchscreen-size-y", 874),
+ PROPERTY_ENTRY_BOOL("touchscreen-swapped-x-y"),
+ PROPERTY_ENTRY_STRING("firmware-name", "gsl1680-rca-cambio-w101-v2.fw"),
+ PROPERTY_ENTRY_U32("silead,max-fingers", 10),
+ { }
+};
+
+static const struct ts_dmi_data rca_cambio_w101_v2_data = {
+ .acpi_name = "MSSL1680:00",
+ .properties = rca_cambio_w101_v2_props,
+};
+
static const struct property_entry rwc_nanote_p8_props[] = {
PROPERTY_ENTRY_U32("touchscreen-min-y", 46),
PROPERTY_ENTRY_U32("touchscreen-size-x", 1728),
@@ -1409,6 +1425,15 @@ const struct dmi_system_id touchscreen_dmi_table[] = {
DMI_EXACT_MATCH(DMI_BOARD_NAME, "0E57"),
},
},
+ {
+ /* RCA Cambio W101 v2 */
+ /* https://github.com/onitake/gsl-firmware/discussions/193 */
+ .driver_data = (void *)&rca_cambio_w101_v2_data,
+ .matches = {
+ DMI_MATCH(DMI_SYS_VENDOR, "RCA"),
+ DMI_MATCH(DMI_PRODUCT_NAME, "W101SA23T1"),
+ },
+ },
{
/* RWC NANOTE P8 */
.driver_data = (void *)&rwc_nanote_p8_data,
--
2.35.1
^ permalink raw reply related [flat|nested] 305+ messages in thread
* [PATCH 6.0 022/289] platform/x86/intel/pmt: Sapphire Rapids PMT errata fix
2022-11-30 18:19 [PATCH 6.0 000/289] 6.0.11-rc1 review Greg Kroah-Hartman
` (20 preceding siblings ...)
2022-11-30 18:20 ` [PATCH 6.0 021/289] platform/x86: touchscreen_dmi: Add info for the RCA Cambio W101 v2 2-in-1 Greg Kroah-Hartman
@ 2022-11-30 18:20 ` Greg Kroah-Hartman
2022-11-30 18:20 ` [PATCH 6.0 023/289] platform/x86/intel/hid: Add some ACPI device IDs Greg Kroah-Hartman
` (276 subsequent siblings)
298 siblings, 0 replies; 305+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-30 18:20 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, David E. Box, Hans de Goede, Sasha Levin
From: David E. Box <david.e.box@linux.intel.com>
[ Upstream commit bcdfa1f77ea7f67368d20384932a9d1e3047ddd2 ]
On Sapphire Rapids, due to a hardware issue affecting the PUNIT telemetry
region, reads that are not done in QWORD quantities and alignment may
return incorrect data. Use a custom 64-bit copy for this region.
Signed-off-by: David E. Box <david.e.box@linux.intel.com>
Link: https://lore.kernel.org/r/20221105034228.1376677-1-david.e.box@linux.intel.com
Reviewed-by: Hans de Goede <hdegoede@redhat.com>
Signed-off-by: Hans de Goede <hdegoede@redhat.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/platform/x86/intel/pmt/class.c | 31 +++++++++++++++++++++++++-
1 file changed, 30 insertions(+), 1 deletion(-)
diff --git a/drivers/platform/x86/intel/pmt/class.c b/drivers/platform/x86/intel/pmt/class.c
index 53d7fd2943b4..46598dcb634a 100644
--- a/drivers/platform/x86/intel/pmt/class.c
+++ b/drivers/platform/x86/intel/pmt/class.c
@@ -9,6 +9,7 @@
*/
#include <linux/kernel.h>
+#include <linux/io-64-nonatomic-lo-hi.h>
#include <linux/module.h>
#include <linux/mm.h>
#include <linux/pci.h>
@@ -19,6 +20,7 @@
#define PMT_XA_START 0
#define PMT_XA_MAX INT_MAX
#define PMT_XA_LIMIT XA_LIMIT(PMT_XA_START, PMT_XA_MAX)
+#define GUID_SPR_PUNIT 0x9956f43f
bool intel_pmt_is_early_client_hw(struct device *dev)
{
@@ -33,6 +35,29 @@ bool intel_pmt_is_early_client_hw(struct device *dev)
}
EXPORT_SYMBOL_GPL(intel_pmt_is_early_client_hw);
+static inline int
+pmt_memcpy64_fromio(void *to, const u64 __iomem *from, size_t count)
+{
+ int i, remain;
+ u64 *buf = to;
+
+ if (!IS_ALIGNED((unsigned long)from, 8))
+ return -EFAULT;
+
+ for (i = 0; i < count/8; i++)
+ buf[i] = readq(&from[i]);
+
+ /* Copy any remaining bytes */
+ remain = count % 8;
+ if (remain) {
+ u64 tmp = readq(&from[i]);
+
+ memcpy(&buf[i], &tmp, remain);
+ }
+
+ return count;
+}
+
/*
* sysfs
*/
@@ -54,7 +79,11 @@ intel_pmt_read(struct file *filp, struct kobject *kobj,
if (count > entry->size - off)
count = entry->size - off;
- memcpy_fromio(buf, entry->base + off, count);
+ if (entry->guid == GUID_SPR_PUNIT)
+ /* PUNIT on SPR only supports aligned 64-bit read */
+ count = pmt_memcpy64_fromio(buf, entry->base + off, count);
+ else
+ memcpy_fromio(buf, entry->base + off, count);
return count;
}
--
2.35.1
^ permalink raw reply related [flat|nested] 305+ messages in thread
* [PATCH 6.0 023/289] platform/x86/intel/hid: Add some ACPI device IDs
2022-11-30 18:19 [PATCH 6.0 000/289] 6.0.11-rc1 review Greg Kroah-Hartman
` (21 preceding siblings ...)
2022-11-30 18:20 ` [PATCH 6.0 022/289] platform/x86/intel/pmt: Sapphire Rapids PMT errata fix Greg Kroah-Hartman
@ 2022-11-30 18:20 ` Greg Kroah-Hartman
2022-11-30 18:20 ` [PATCH 6.0 024/289] scsi: ibmvfc: Avoid path failures during live migration Greg Kroah-Hartman
` (275 subsequent siblings)
298 siblings, 0 replies; 305+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-30 18:20 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Ivan Hu, Hans de Goede, Sasha Levin
From: Ivan Hu <ivan.hu@canonical.com>
[ Upstream commit a977ece5773b6746b814aac410da4776023db239 ]
Add INTC1076 (JasonLake), INTC1077 (MeteorLake) and INTC1078 (RaptorLake)
devices IDs.
Signed-off-by: Ivan Hu <ivan.hu@canonical.com>
Link: https://lore.kernel.org/r/20221102020548.5225-1-ivan.hu@canonical.com
Reviewed-by: Hans de Goede <hdegoede@redhat.com>
Signed-off-by: Hans de Goede <hdegoede@redhat.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/platform/x86/intel/hid.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/drivers/platform/x86/intel/hid.c b/drivers/platform/x86/intel/hid.c
index 79cff1fc675c..b6313ecd190c 100644
--- a/drivers/platform/x86/intel/hid.c
+++ b/drivers/platform/x86/intel/hid.c
@@ -27,6 +27,9 @@ static const struct acpi_device_id intel_hid_ids[] = {
{"INTC1051", 0},
{"INTC1054", 0},
{"INTC1070", 0},
+ {"INTC1076", 0},
+ {"INTC1077", 0},
+ {"INTC1078", 0},
{"", 0},
};
MODULE_DEVICE_TABLE(acpi, intel_hid_ids);
--
2.35.1
^ permalink raw reply related [flat|nested] 305+ messages in thread
* [PATCH 6.0 024/289] scsi: ibmvfc: Avoid path failures during live migration
2022-11-30 18:19 [PATCH 6.0 000/289] 6.0.11-rc1 review Greg Kroah-Hartman
` (22 preceding siblings ...)
2022-11-30 18:20 ` [PATCH 6.0 023/289] platform/x86/intel/hid: Add some ACPI device IDs Greg Kroah-Hartman
@ 2022-11-30 18:20 ` Greg Kroah-Hartman
2022-11-30 18:20 ` [PATCH 6.0 025/289] scsi: scsi_debug: Make the READ CAPACITY response compliant with ZBC Greg Kroah-Hartman
` (274 subsequent siblings)
298 siblings, 0 replies; 305+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-30 18:20 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Brian King, Martin K. Petersen, Sasha Levin
From: Brian King <brking@linux.vnet.ibm.com>
[ Upstream commit 62fa3ce05d5d73c5eccc40b2db493f55fecfc446 ]
Fix an issue reported when performing a live migration when multipath is
configured with a short fast fail timeout of 5 seconds and also to have
no_path_retry set to fail. In this scenario, all paths would go into the
devloss state while the ibmvfc driver went through discovery to log back
in. On a loaded system, the discovery might take longer than 5 seconds,
which was resulting in all paths being marked failed, which then resulted
in a read only filesystem.
This patch changes the migration code in ibmvfc to avoid deleting rports at
all in this scenario, so we avoid losing all paths.
Signed-off-by: Brian King <brking@linux.vnet.ibm.com>
Link: https://lore.kernel.org/r/20221026181356.148517-1-brking@linux.vnet.ibm.com
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/scsi/ibmvscsi/ibmvfc.c | 14 +++++++++++---
1 file changed, 11 insertions(+), 3 deletions(-)
diff --git a/drivers/scsi/ibmvscsi/ibmvfc.c b/drivers/scsi/ibmvscsi/ibmvfc.c
index 00684e11976b..1a0c0b7289d2 100644
--- a/drivers/scsi/ibmvscsi/ibmvfc.c
+++ b/drivers/scsi/ibmvscsi/ibmvfc.c
@@ -708,8 +708,13 @@ static void ibmvfc_init_host(struct ibmvfc_host *vhost)
memset(vhost->async_crq.msgs.async, 0, PAGE_SIZE);
vhost->async_crq.cur = 0;
- list_for_each_entry(tgt, &vhost->targets, queue)
- ibmvfc_del_tgt(tgt);
+ list_for_each_entry(tgt, &vhost->targets, queue) {
+ if (vhost->client_migrated)
+ tgt->need_login = 1;
+ else
+ ibmvfc_del_tgt(tgt);
+ }
+
scsi_block_requests(vhost->host);
ibmvfc_set_host_action(vhost, IBMVFC_HOST_ACTION_INIT);
vhost->job_step = ibmvfc_npiv_login;
@@ -3235,9 +3240,12 @@ static void ibmvfc_handle_crq(struct ibmvfc_crq *crq, struct ibmvfc_host *vhost,
/* We need to re-setup the interpartition connection */
dev_info(vhost->dev, "Partition migrated, Re-enabling adapter\n");
vhost->client_migrated = 1;
+
+ scsi_block_requests(vhost->host);
ibmvfc_purge_requests(vhost, DID_REQUEUE);
- ibmvfc_link_down(vhost, IBMVFC_LINK_DOWN);
+ ibmvfc_set_host_state(vhost, IBMVFC_LINK_DOWN);
ibmvfc_set_host_action(vhost, IBMVFC_HOST_ACTION_REENABLE);
+ wake_up(&vhost->work_wait_q);
} else if (crq->format == IBMVFC_PARTNER_FAILED || crq->format == IBMVFC_PARTNER_DEREGISTER) {
dev_err(vhost->dev, "Host partner adapter deregistered or failed (rc=%d)\n", crq->format);
ibmvfc_purge_requests(vhost, DID_ERROR);
--
2.35.1
^ permalink raw reply related [flat|nested] 305+ messages in thread
* [PATCH 6.0 025/289] scsi: scsi_debug: Make the READ CAPACITY response compliant with ZBC
2022-11-30 18:19 [PATCH 6.0 000/289] 6.0.11-rc1 review Greg Kroah-Hartman
` (23 preceding siblings ...)
2022-11-30 18:20 ` [PATCH 6.0 024/289] scsi: ibmvfc: Avoid path failures during live migration Greg Kroah-Hartman
@ 2022-11-30 18:20 ` Greg Kroah-Hartman
2022-11-30 18:20 ` [PATCH 6.0 026/289] drm: panel-orientation-quirks: Add quirk for Nanote UMPC-01 Greg Kroah-Hartman
` (273 subsequent siblings)
298 siblings, 0 replies; 305+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-30 18:20 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Douglas Gilbert, Damien Le Moal,
Bart Van Assche, Martin K. Petersen, Sasha Levin
From: Bart Van Assche <bvanassche@acm.org>
[ Upstream commit ecb8c2580d37dbb641451049376d80c8afaa387f ]
>From ZBC-1:
- RC BASIS = 0: The RETURNED LOGICAL BLOCK ADDRESS field indicates the
highest LBA of a contiguous range of zones that are not sequential write
required zones starting with the first zone.
- RC BASIS = 1: The RETURNED LOGICAL BLOCK ADDRESS field indicates the LBA
of the last logical block on the logical unit.
The current scsi_debug READ CAPACITY response does not comply with the
above if there are one or more sequential write required zones. SCSI
initiators need a way to retrieve the largest valid LBA from SCSI
devices. Reporting the largest valid LBA if there are one or more
sequential zones requires to set the RC BASIS field in the READ CAPACITY
response to one. Hence this patch.
Cc: Douglas Gilbert <dgilbert@interlog.com>
Cc: Damien Le Moal <damien.lemoal@opensource.wdc.com>
Suggested-by: Damien Le Moal <damien.lemoal@opensource.wdc.com>
Signed-off-by: Bart Van Assche <bvanassche@acm.org>
Link: https://lore.kernel.org/r/20221102193248.3177608-1-bvanassche@acm.org
Reviewed-by: Damien Le Moal <damien.lemoal@opensource.wdc.com>
Acked-by: Douglas Gilbert <dgilbert@interlog.com>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/scsi/scsi_debug.c | 7 +++++++
1 file changed, 7 insertions(+)
diff --git a/drivers/scsi/scsi_debug.c b/drivers/scsi/scsi_debug.c
index 95f940f5c996..7346098c1c68 100644
--- a/drivers/scsi/scsi_debug.c
+++ b/drivers/scsi/scsi_debug.c
@@ -1899,6 +1899,13 @@ static int resp_readcap16(struct scsi_cmnd *scp,
arr[14] |= 0x40;
}
+ /*
+ * Since the scsi_debug READ CAPACITY implementation always reports the
+ * total disk capacity, set RC BASIS = 1 for host-managed ZBC devices.
+ */
+ if (devip->zmodel == BLK_ZONED_HM)
+ arr[12] |= 1 << 4;
+
arr[15] = sdebug_lowest_aligned & 0xff;
if (have_dif_prot) {
--
2.35.1
^ permalink raw reply related [flat|nested] 305+ messages in thread
* [PATCH 6.0 026/289] drm: panel-orientation-quirks: Add quirk for Nanote UMPC-01
2022-11-30 18:19 [PATCH 6.0 000/289] 6.0.11-rc1 review Greg Kroah-Hartman
` (24 preceding siblings ...)
2022-11-30 18:20 ` [PATCH 6.0 025/289] scsi: scsi_debug: Make the READ CAPACITY response compliant with ZBC Greg Kroah-Hartman
@ 2022-11-30 18:20 ` Greg Kroah-Hartman
2022-11-30 18:20 ` [PATCH 6.0 027/289] drm: panel-orientation-quirks: Add quirk for Acer Switch V 10 (SW5-017) Greg Kroah-Hartman
` (272 subsequent siblings)
298 siblings, 0 replies; 305+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-30 18:20 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Hans de Goede, Simon Ser, Sasha Levin
From: Hans de Goede <hdegoede@redhat.com>
[ Upstream commit 308451d9c7fece33d9551230cb8e5eb7f3914988 ]
The Nanote UMPC-01 is a mini laptop with a 1200x1920 portrait screen
mounted in a landscape oriented clamshell case. Add a quirk for this.
Signed-off-by: Hans de Goede <hdegoede@redhat.com>
Acked-by: Simon Ser <contact@emersion.fr>
Link: https://patchwork.freedesktop.org/patch/msgid/20220919133258.711639-1-hdegoede@redhat.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/gpu/drm/drm_panel_orientation_quirks.c | 6 ++++++
1 file changed, 6 insertions(+)
diff --git a/drivers/gpu/drm/drm_panel_orientation_quirks.c b/drivers/gpu/drm/drm_panel_orientation_quirks.c
index 8a0c0e0bb5bd..f0f6fa306521 100644
--- a/drivers/gpu/drm/drm_panel_orientation_quirks.c
+++ b/drivers/gpu/drm/drm_panel_orientation_quirks.c
@@ -319,6 +319,12 @@ static const struct dmi_system_id orientation_data[] = {
DMI_MATCH(DMI_BIOS_VERSION, "BLADE_21"),
},
.driver_data = (void *)&lcd1200x1920_rightside_up,
+ }, { /* Nanote UMPC-01 */
+ .matches = {
+ DMI_MATCH(DMI_SYS_VENDOR, "RWC CO.,LTD"),
+ DMI_MATCH(DMI_PRODUCT_NAME, "UMPC-01"),
+ },
+ .driver_data = (void *)&lcd1200x1920_rightside_up,
}, { /* OneGX1 Pro */
.matches = {
DMI_EXACT_MATCH(DMI_SYS_VENDOR, "SYSTEM_MANUFACTURER"),
--
2.35.1
^ permalink raw reply related [flat|nested] 305+ messages in thread
* [PATCH 6.0 027/289] drm: panel-orientation-quirks: Add quirk for Acer Switch V 10 (SW5-017)
2022-11-30 18:19 [PATCH 6.0 000/289] 6.0.11-rc1 review Greg Kroah-Hartman
` (25 preceding siblings ...)
2022-11-30 18:20 ` [PATCH 6.0 026/289] drm: panel-orientation-quirks: Add quirk for Nanote UMPC-01 Greg Kroah-Hartman
@ 2022-11-30 18:20 ` Greg Kroah-Hartman
2022-11-30 18:20 ` [PATCH 6.0 028/289] block, bfq: fix null pointer dereference in bfq_bio_bfqg() Greg Kroah-Hartman
` (271 subsequent siblings)
298 siblings, 0 replies; 305+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-30 18:20 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Rudolf Polzer, Hans de Goede,
Simon Ser, Sasha Levin
From: Hans de Goede <hdegoede@redhat.com>
[ Upstream commit 653f2d94fcda200b02bd79cea2e0307b26c1b747 ]
Like the Acer Switch One 10 S1003, for which there already is a quirk,
the Acer Switch V 10 (SW5-017) has a 800x1280 portrait screen mounted
in the tablet part of a landscape oriented 2-in-1. Add a quirk for this.
Cc: Rudolf Polzer <rpolzer@google.com>
Signed-off-by: Hans de Goede <hdegoede@redhat.com>
Acked-by: Simon Ser <contact@emersion.fr>
Link: https://patchwork.freedesktop.org/patch/msgid/20221106215052.66995-1-hdegoede@redhat.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/gpu/drm/drm_panel_orientation_quirks.c | 6 ++++++
1 file changed, 6 insertions(+)
diff --git a/drivers/gpu/drm/drm_panel_orientation_quirks.c b/drivers/gpu/drm/drm_panel_orientation_quirks.c
index f0f6fa306521..52d8800a8ab8 100644
--- a/drivers/gpu/drm/drm_panel_orientation_quirks.c
+++ b/drivers/gpu/drm/drm_panel_orientation_quirks.c
@@ -134,6 +134,12 @@ static const struct dmi_system_id orientation_data[] = {
DMI_EXACT_MATCH(DMI_PRODUCT_NAME, "One S1003"),
},
.driver_data = (void *)&lcd800x1280_rightside_up,
+ }, { /* Acer Switch V 10 (SW5-017) */
+ .matches = {
+ DMI_EXACT_MATCH(DMI_SYS_VENDOR, "Acer"),
+ DMI_EXACT_MATCH(DMI_PRODUCT_NAME, "SW5-017"),
+ },
+ .driver_data = (void *)&lcd800x1280_rightside_up,
}, { /* Anbernic Win600 */
.matches = {
DMI_EXACT_MATCH(DMI_BOARD_VENDOR, "Anbernic"),
--
2.35.1
^ permalink raw reply related [flat|nested] 305+ messages in thread
* [PATCH 6.0 028/289] block, bfq: fix null pointer dereference in bfq_bio_bfqg()
2022-11-30 18:19 [PATCH 6.0 000/289] 6.0.11-rc1 review Greg Kroah-Hartman
` (26 preceding siblings ...)
2022-11-30 18:20 ` [PATCH 6.0 027/289] drm: panel-orientation-quirks: Add quirk for Acer Switch V 10 (SW5-017) Greg Kroah-Hartman
@ 2022-11-30 18:20 ` Greg Kroah-Hartman
2022-11-30 18:20 ` [PATCH 6.0 029/289] s390: always build relocatable kernel Greg Kroah-Hartman
` (270 subsequent siblings)
298 siblings, 0 replies; 305+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-30 18:20 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Yu Kuai, Jan Kara, Jens Axboe, Sasha Levin
From: Yu Kuai <yukuai3@huawei.com>
[ Upstream commit f02be9002c480cd3ec0fcf184ad27cf531bd6ece ]
Out test found a following problem in kernel 5.10, and the same problem
should exist in mainline:
BUG: kernel NULL pointer dereference, address: 0000000000000094
PGD 0 P4D 0
Oops: 0000 [#1] SMP
CPU: 7 PID: 155 Comm: kworker/7:1 Not tainted 5.10.0-01932-g19e0ace2ca1d-dirty 4
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS ?-20190727_073836-b4
Workqueue: kthrotld blk_throtl_dispatch_work_fn
RIP: 0010:bfq_bio_bfqg+0x52/0xc0
Code: 94 00 00 00 00 75 2e 48 8b 40 30 48 83 05 35 06 c8 0b 01 48 85 c0 74 3d 4b
RSP: 0018:ffffc90001a1fba0 EFLAGS: 00010002
RAX: ffff888100d60400 RBX: ffff8881132e7000 RCX: 0000000000000000
RDX: 0000000000000017 RSI: ffff888103580a18 RDI: ffff888103580a18
RBP: ffff8881132e7000 R08: 0000000000000000 R09: ffffc90001a1fe10
R10: 0000000000000a20 R11: 0000000000034320 R12: 0000000000000000
R13: ffff888103580a18 R14: ffff888114447000 R15: 0000000000000000
FS: 0000000000000000(0000) GS:ffff88881fdc0000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000000000000094 CR3: 0000000100cdb000 CR4: 00000000000006e0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
bfq_bic_update_cgroup+0x3c/0x350
? ioc_create_icq+0x42/0x270
bfq_init_rq+0xfd/0x1060
bfq_insert_requests+0x20f/0x1cc0
? ioc_create_icq+0x122/0x270
blk_mq_sched_insert_requests+0x86/0x1d0
blk_mq_flush_plug_list+0x193/0x2a0
blk_flush_plug_list+0x127/0x170
blk_finish_plug+0x31/0x50
blk_throtl_dispatch_work_fn+0x151/0x190
process_one_work+0x27c/0x5f0
worker_thread+0x28b/0x6b0
? rescuer_thread+0x590/0x590
kthread+0x153/0x1b0
? kthread_flush_work+0x170/0x170
ret_from_fork+0x1f/0x30
Modules linked in:
CR2: 0000000000000094
---[ end trace e2e59ac014314547 ]---
RIP: 0010:bfq_bio_bfqg+0x52/0xc0
Code: 94 00 00 00 00 75 2e 48 8b 40 30 48 83 05 35 06 c8 0b 01 48 85 c0 74 3d 4b
RSP: 0018:ffffc90001a1fba0 EFLAGS: 00010002
RAX: ffff888100d60400 RBX: ffff8881132e7000 RCX: 0000000000000000
RDX: 0000000000000017 RSI: ffff888103580a18 RDI: ffff888103580a18
RBP: ffff8881132e7000 R08: 0000000000000000 R09: ffffc90001a1fe10
R10: 0000000000000a20 R11: 0000000000034320 R12: 0000000000000000
R13: ffff888103580a18 R14: ffff888114447000 R15: 0000000000000000
FS: 0000000000000000(0000) GS:ffff88881fdc0000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000000000000094 CR3: 0000000100cdb000 CR4: 00000000000006e0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Root cause is quite complex:
1) use bfq elevator for the test device.
2) create a cgroup CG
3) config blk throtl in CG
blkg_conf_prep
blkg_create
4) create a thread T1 and issue async io in CG:
bio_init
bio_associate_blkg
...
submit_bio
submit_bio_noacct
blk_throtl_bio -> io is throttled
// io submit is done
5) switch elevator:
bfq_exit_queue
blkcg_deactivate_policy
list_for_each_entry(blkg, &q->blkg_list, q_node)
blkg->pd[] = NULL
// bfq policy is removed
5) thread t1 exist, then remove the cgroup CG:
blkcg_unpin_online
blkcg_destroy_blkgs
blkg_destroy
list_del_init(&blkg->q_node)
// blkg is removed from queue list
6) switch elevator back to bfq
bfq_init_queue
bfq_create_group_hierarchy
blkcg_activate_policy
list_for_each_entry_reverse(blkg, &q->blkg_list)
// blkg is removed from list, hence bfq policy is still NULL
7) throttled io is dispatched to bfq:
bfq_insert_requests
bfq_init_rq
bfq_bic_update_cgroup
bfq_bio_bfqg
bfqg = blkg_to_bfqg(blkg)
// bfqg is NULL because bfq policy is NULL
The problem is only possible in bfq because only bfq can be deactivated and
activated while queue is online, while others can only be deactivated while
the device is removed.
Fix the problem in bfq by checking if blkg is online before calling
blkg_to_bfqg().
Signed-off-by: Yu Kuai <yukuai3@huawei.com>
Reviewed-by: Jan Kara <jack@suse.cz>
Link: https://lore.kernel.org/r/20221108103434.2853269-1-yukuai1@huaweicloud.com
Signed-off-by: Jens Axboe <axboe@kernel.dk>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
block/bfq-cgroup.c | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/block/bfq-cgroup.c b/block/bfq-cgroup.c
index 30b15a9a47c4..249f489d115f 100644
--- a/block/bfq-cgroup.c
+++ b/block/bfq-cgroup.c
@@ -615,6 +615,10 @@ struct bfq_group *bfq_bio_bfqg(struct bfq_data *bfqd, struct bio *bio)
struct bfq_group *bfqg;
while (blkg) {
+ if (!blkg->online) {
+ blkg = blkg->parent;
+ continue;
+ }
bfqg = blkg_to_bfqg(blkg);
if (bfqg->online) {
bio_associate_blkg_from_css(bio, &blkg->blkcg->css);
--
2.35.1
^ permalink raw reply related [flat|nested] 305+ messages in thread
* [PATCH 6.0 029/289] s390: always build relocatable kernel
2022-11-30 18:19 [PATCH 6.0 000/289] 6.0.11-rc1 review Greg Kroah-Hartman
` (27 preceding siblings ...)
2022-11-30 18:20 ` [PATCH 6.0 028/289] block, bfq: fix null pointer dereference in bfq_bio_bfqg() Greg Kroah-Hartman
@ 2022-11-30 18:20 ` Greg Kroah-Hartman
2022-11-30 18:20 ` [PATCH 6.0 030/289] arm64/syscall: Include asm/ptrace.h in syscall_wrapper header Greg Kroah-Hartman
` (269 subsequent siblings)
298 siblings, 0 replies; 305+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-30 18:20 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Heiko Carstens, Nathan Chancellor,
Alexander Gordeev, Sasha Levin
From: Heiko Carstens <hca@linux.ibm.com>
[ Upstream commit 80ddf5ce1c9291cb175d52ed1227134ad48c47ee ]
Nathan Chancellor reported several link errors on s390 with
CONFIG_RELOCATABLE disabled, after binutils commit 906f69cf65da ("IBM
zSystems: Issue error for *DBL relocs on misaligned symbols"). The binutils
commit reveals potential miscompiles that might have happened already
before with linker script defined symbols at odd addresses.
A similar bug was recently fixed in the kernel with commit c9305b6c1f52
("s390: fix nospec table alignments").
See https://github.com/ClangBuiltLinux/linux/issues/1747 for an analysis
from Ulich Weigand.
Therefore always build a relocatable kernel to avoid this problem. There is
hardly any use-case for non-relocatable kernels, so this shouldn't be
controversial.
Link: https://github.com/ClangBuiltLinux/linux/issues/1747
Signed-off-by: Heiko Carstens <hca@linux.ibm.com>
Reported-by: Nathan Chancellor <nathan@kernel.org>
Tested-by: Nathan Chancellor <nathan@kernel.org>
Link: https://lore.kernel.org/r/20221030182202.2062705-1-hca@linux.ibm.com
Signed-off-by: Alexander Gordeev <agordeev@linux.ibm.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/s390/Kconfig | 6 +++---
arch/s390/Makefile | 2 --
arch/s390/boot/Makefile | 3 +--
arch/s390/boot/startup.c | 3 +--
4 files changed, 5 insertions(+), 9 deletions(-)
diff --git a/arch/s390/Kconfig b/arch/s390/Kconfig
index 318fce77601d..de575af02ffe 100644
--- a/arch/s390/Kconfig
+++ b/arch/s390/Kconfig
@@ -568,8 +568,7 @@ config EXPOLINE_FULL
endchoice
config RELOCATABLE
- bool "Build a relocatable kernel"
- default y
+ def_bool y
help
This builds a kernel image that retains relocation information
so it can be loaded at an arbitrary address.
@@ -578,10 +577,11 @@ config RELOCATABLE
bootup process.
The relocations make the kernel image about 15% larger (compressed
10%), but are discarded at runtime.
+ Note: this option exists only for documentation purposes, please do
+ not remove it.
config RANDOMIZE_BASE
bool "Randomize the address of the kernel image (KASLR)"
- depends on RELOCATABLE
default y
help
In support of Kernel Address Space Layout Randomization (KASLR),
diff --git a/arch/s390/Makefile b/arch/s390/Makefile
index 4cb5d17e7ead..47bec926d6c0 100644
--- a/arch/s390/Makefile
+++ b/arch/s390/Makefile
@@ -14,10 +14,8 @@ KBUILD_AFLAGS_MODULE += -fPIC
KBUILD_CFLAGS_MODULE += -fPIC
KBUILD_AFLAGS += -m64
KBUILD_CFLAGS += -m64
-ifeq ($(CONFIG_RELOCATABLE),y)
KBUILD_CFLAGS += -fPIE
LDFLAGS_vmlinux := -pie
-endif
aflags_dwarf := -Wa,-gdwarf-2
KBUILD_AFLAGS_DECOMPRESSOR := $(CLANG_FLAGS) -m64 -D__ASSEMBLY__
ifndef CONFIG_AS_IS_LLVM
diff --git a/arch/s390/boot/Makefile b/arch/s390/boot/Makefile
index 883357a211a3..d52c3e2e16bc 100644
--- a/arch/s390/boot/Makefile
+++ b/arch/s390/boot/Makefile
@@ -37,9 +37,8 @@ CFLAGS_sclp_early_core.o += -I$(srctree)/drivers/s390/char
obj-y := head.o als.o startup.o mem_detect.o ipl_parm.o ipl_report.o
obj-y += string.o ebcdic.o sclp_early_core.o mem.o ipl_vmparm.o cmdline.o
-obj-y += version.o pgm_check_info.o ctype.o ipl_data.o
+obj-y += version.o pgm_check_info.o ctype.o ipl_data.o machine_kexec_reloc.o
obj-$(findstring y, $(CONFIG_PROTECTED_VIRTUALIZATION_GUEST) $(CONFIG_PGSTE)) += uv.o
-obj-$(CONFIG_RELOCATABLE) += machine_kexec_reloc.o
obj-$(CONFIG_RANDOMIZE_BASE) += kaslr.o
obj-y += $(if $(CONFIG_KERNEL_UNCOMPRESSED),,decompressor.o) info.o
obj-$(CONFIG_KERNEL_ZSTD) += clz_ctz.o
diff --git a/arch/s390/boot/startup.c b/arch/s390/boot/startup.c
index bc48fe82d949..e5026e1d277f 100644
--- a/arch/s390/boot/startup.c
+++ b/arch/s390/boot/startup.c
@@ -285,8 +285,7 @@ void startup_kernel(void)
clear_bss_section();
copy_bootdata();
- if (IS_ENABLED(CONFIG_RELOCATABLE))
- handle_relocs(__kaslr_offset);
+ handle_relocs(__kaslr_offset);
if (__kaslr_offset) {
/*
--
2.35.1
^ permalink raw reply related [flat|nested] 305+ messages in thread
* [PATCH 6.0 030/289] arm64/syscall: Include asm/ptrace.h in syscall_wrapper header.
2022-11-30 18:19 [PATCH 6.0 000/289] 6.0.11-rc1 review Greg Kroah-Hartman
` (28 preceding siblings ...)
2022-11-30 18:20 ` [PATCH 6.0 029/289] s390: always build relocatable kernel Greg Kroah-Hartman
@ 2022-11-30 18:20 ` Greg Kroah-Hartman
2022-11-30 18:20 ` [PATCH 6.0 031/289] nvme: quiet user passthrough command errors Greg Kroah-Hartman
` (268 subsequent siblings)
298 siblings, 0 replies; 305+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-30 18:20 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Kuniyuki Iwashima, Andrii Nakryiko,
Catalin Marinas, Sasha Levin
From: Kuniyuki Iwashima <kuniyu@amazon.com>
[ Upstream commit acfc35cfcee5df419391671ef1a631f43feee4e3 ]
Add the same change for ARM64 as done in the commit 9440c4294160
("x86/syscall: Include asm/ptrace.h in syscall_wrapper header") to
make sure all syscalls see 'struct pt_regs' definition and resulted
BTF for '__arm64_sys_*(struct pt_regs *regs)' functions point to
actual struct.
Without this patch, the BPF verifier refuses to load a tracing prog
which accesses pt_regs.
bpf(BPF_PROG_LOAD, {prog_type=0x1a, ...}, 128) = -1 EACCES
With this patch, we can see the correct error, which saves us time
in debugging the prog.
bpf(BPF_PROG_LOAD, {prog_type=0x1a, ...}, 128) = 4
bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name=NULL, prog_fd=4}}, 128) = -1 ENOTSUPP
Signed-off-by: Kuniyuki Iwashima <kuniyu@amazon.com>
Acked-by: Andrii Nakryiko <andrii@kernel.org>
Link: https://lore.kernel.org/r/20221031215728.50389-1-kuniyu@amazon.com
Signed-off-by: Catalin Marinas <catalin.marinas@arm.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/arm64/include/asm/syscall_wrapper.h | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/arch/arm64/include/asm/syscall_wrapper.h b/arch/arm64/include/asm/syscall_wrapper.h
index b383b4802a7b..d30217c21eff 100644
--- a/arch/arm64/include/asm/syscall_wrapper.h
+++ b/arch/arm64/include/asm/syscall_wrapper.h
@@ -8,7 +8,7 @@
#ifndef __ASM_SYSCALL_WRAPPER_H
#define __ASM_SYSCALL_WRAPPER_H
-struct pt_regs;
+#include <asm/ptrace.h>
#define SC_ARM64_REGS_TO_ARGS(x, ...) \
__MAP(x,__SC_ARGS \
--
2.35.1
^ permalink raw reply related [flat|nested] 305+ messages in thread
* [PATCH 6.0 031/289] nvme: quiet user passthrough command errors
2022-11-30 18:19 [PATCH 6.0 000/289] 6.0.11-rc1 review Greg Kroah-Hartman
` (29 preceding siblings ...)
2022-11-30 18:20 ` [PATCH 6.0 030/289] arm64/syscall: Include asm/ptrace.h in syscall_wrapper header Greg Kroah-Hartman
@ 2022-11-30 18:20 ` Greg Kroah-Hartman
2022-11-30 18:20 ` [PATCH 6.0 032/289] nvmet: fix memory leak in nvmet_subsys_attr_model_store_locked Greg Kroah-Hartman
` (267 subsequent siblings)
298 siblings, 0 replies; 305+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-30 18:20 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Keith Busch, Alan Adamson,
Jens Axboe, Kanchan Joshi, Chaitanya Kulkarni, Daniel Wagner,
Christoph Hellwig, Sasha Levin
From: Keith Busch <kbusch@kernel.org>
[ Upstream commit d7ac8dca938cd60cf7bd9a89a229a173c6bcba87 ]
The driver is spamming the kernel logs for entirely harmless errors from
user space submitting unsupported commands. Just silence the errors.
The application has direct access to command status, so there's no need
to log these.
And since every passthrough command now uses the quiet flag, move the
setting to the common initializer.
Signed-off-by: Keith Busch <kbusch@kernel.org>
Reviewed-by: Alan Adamson <alan.adamson@oracle.com>
Reviewed-by: Jens Axboe <axboe@kernel.dk>
Reviewed-by: Kanchan Joshi <joshi.k@samsung.com>
Reviewed-by: Chaitanya Kulkarni <kch@nvidia.com>
Reviewed-by: Daniel Wagner <dwagner@suse.de>
Tested-by: Alan Adamson <alan.adamson@oracle.com>
Signed-off-by: Christoph Hellwig <hch@lst.de>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/nvme/host/core.c | 3 +--
drivers/nvme/host/pci.c | 2 --
2 files changed, 1 insertion(+), 4 deletions(-)
diff --git a/drivers/nvme/host/core.c b/drivers/nvme/host/core.c
index ed47c256dbd2..01c36284e542 100644
--- a/drivers/nvme/host/core.c
+++ b/drivers/nvme/host/core.c
@@ -675,6 +675,7 @@ void nvme_init_request(struct request *req, struct nvme_command *cmd)
if (req->mq_hctx->type == HCTX_TYPE_POLL)
req->cmd_flags |= REQ_POLLED;
nvme_clear_nvme_request(req);
+ req->rq_flags |= RQF_QUIET;
memcpy(nvme_req(req)->cmd, cmd, sizeof(*cmd));
}
EXPORT_SYMBOL_GPL(nvme_init_request);
@@ -1037,7 +1038,6 @@ int __nvme_submit_sync_cmd(struct request_queue *q, struct nvme_command *cmd,
goto out;
}
- req->rq_flags |= RQF_QUIET;
ret = nvme_execute_rq(req, at_head);
if (result && ret >= 0)
*result = nvme_req(req)->result;
@@ -1225,7 +1225,6 @@ static void nvme_keep_alive_work(struct work_struct *work)
rq->timeout = ctrl->kato * HZ;
rq->end_io = nvme_keep_alive_end_io;
rq->end_io_data = ctrl;
- rq->rq_flags |= RQF_QUIET;
blk_execute_rq_nowait(rq, false);
}
diff --git a/drivers/nvme/host/pci.c b/drivers/nvme/host/pci.c
index 1a6423e94eb3..0f34114c4596 100644
--- a/drivers/nvme/host/pci.c
+++ b/drivers/nvme/host/pci.c
@@ -1438,7 +1438,6 @@ static enum blk_eh_timer_return nvme_timeout(struct request *req)
abort_req->end_io = abort_endio;
abort_req->end_io_data = NULL;
- abort_req->rq_flags |= RQF_QUIET;
blk_execute_rq_nowait(abort_req, false);
/*
@@ -2489,7 +2488,6 @@ static int nvme_delete_queue(struct nvme_queue *nvmeq, u8 opcode)
req->end_io_data = nvmeq;
init_completion(&nvmeq->delete_done);
- req->rq_flags |= RQF_QUIET;
blk_execute_rq_nowait(req, false);
return 0;
}
--
2.35.1
^ permalink raw reply related [flat|nested] 305+ messages in thread
* [PATCH 6.0 032/289] nvmet: fix memory leak in nvmet_subsys_attr_model_store_locked
2022-11-30 18:19 [PATCH 6.0 000/289] 6.0.11-rc1 review Greg Kroah-Hartman
` (30 preceding siblings ...)
2022-11-30 18:20 ` [PATCH 6.0 031/289] nvme: quiet user passthrough command errors Greg Kroah-Hartman
@ 2022-11-30 18:20 ` Greg Kroah-Hartman
2022-11-30 18:20 ` [PATCH 6.0 033/289] net: wwan: iosm: fix kernel test robot reported errors Greg Kroah-Hartman
` (266 subsequent siblings)
298 siblings, 0 replies; 305+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-30 18:20 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Konstantin Shelekhin,
Dmitriy Bogdanov, Aleksandr Miloserdov, Sagi Grimberg,
Christoph Hellwig, Sasha Levin
From: Aleksandr Miloserdov <a.miloserdov@yadro.com>
[ Upstream commit becc4cac309dc867571f0080fde4426a6c2222e0 ]
Since model_number is allocated before it needs to be freed before
kmemdump_nul.
Reviewed-by: Konstantin Shelekhin <k.shelekhin@yadro.com>
Reviewed-by: Dmitriy Bogdanov <d.bogdanov@yadro.com>
Signed-off-by: Aleksandr Miloserdov <a.miloserdov@yadro.com>
Reviewed-by: Sagi Grimberg <sagi@grimberg.me>
Signed-off-by: Christoph Hellwig <hch@lst.de>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/nvme/target/configfs.c | 7 +++++--
1 file changed, 5 insertions(+), 2 deletions(-)
diff --git a/drivers/nvme/target/configfs.c b/drivers/nvme/target/configfs.c
index 7f52d9dac443..a79eadb953de 100644
--- a/drivers/nvme/target/configfs.c
+++ b/drivers/nvme/target/configfs.c
@@ -1215,6 +1215,7 @@ static ssize_t nvmet_subsys_attr_model_store_locked(struct nvmet_subsys *subsys,
const char *page, size_t count)
{
int pos = 0, len;
+ char *val;
if (subsys->subsys_discovered) {
pr_err("Can't set model number. %s is already assigned\n",
@@ -1237,9 +1238,11 @@ static ssize_t nvmet_subsys_attr_model_store_locked(struct nvmet_subsys *subsys,
return -EINVAL;
}
- subsys->model_number = kmemdup_nul(page, len, GFP_KERNEL);
- if (!subsys->model_number)
+ val = kmemdup_nul(page, len, GFP_KERNEL);
+ if (!val)
return -ENOMEM;
+ kfree(subsys->model_number);
+ subsys->model_number = val;
return count;
}
--
2.35.1
^ permalink raw reply related [flat|nested] 305+ messages in thread
* [PATCH 6.0 033/289] net: wwan: iosm: fix kernel test robot reported errors
2022-11-30 18:19 [PATCH 6.0 000/289] 6.0.11-rc1 review Greg Kroah-Hartman
` (31 preceding siblings ...)
2022-11-30 18:20 ` [PATCH 6.0 032/289] nvmet: fix memory leak in nvmet_subsys_attr_model_store_locked Greg Kroah-Hartman
@ 2022-11-30 18:20 ` Greg Kroah-Hartman
2022-11-30 18:20 ` [PATCH 6.0 034/289] drm/amd/display: Zeromem mypipe heap struct before using it Greg Kroah-Hartman
` (265 subsequent siblings)
298 siblings, 0 replies; 305+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-30 18:20 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, kernel test robot, M Chetan Kumar,
David S. Miller, Sasha Levin
From: M Chetan Kumar <m.chetan.kumar@linux.intel.com>
[ Upstream commit 980ec04a88c9f0046c1da65833fb77b2ffa34b04 ]
Include linux/vmalloc.h in iosm_ipc_coredump.c &
iosm_ipc_devlink.c to resolve kernel test robot errors.
Reported-by: kernel test robot <lkp@intel.com>
Signed-off-by: M Chetan Kumar <m.chetan.kumar@linux.intel.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/wwan/iosm/iosm_ipc_coredump.c | 1 +
drivers/net/wwan/iosm/iosm_ipc_devlink.c | 1 +
2 files changed, 2 insertions(+)
diff --git a/drivers/net/wwan/iosm/iosm_ipc_coredump.c b/drivers/net/wwan/iosm/iosm_ipc_coredump.c
index 9acd87724c9d..26ca30476f40 100644
--- a/drivers/net/wwan/iosm/iosm_ipc_coredump.c
+++ b/drivers/net/wwan/iosm/iosm_ipc_coredump.c
@@ -2,6 +2,7 @@
/*
* Copyright (C) 2020-2021 Intel Corporation.
*/
+#include <linux/vmalloc.h>
#include "iosm_ipc_coredump.h"
diff --git a/drivers/net/wwan/iosm/iosm_ipc_devlink.c b/drivers/net/wwan/iosm/iosm_ipc_devlink.c
index 17da85a8f337..2fe724d623c0 100644
--- a/drivers/net/wwan/iosm/iosm_ipc_devlink.c
+++ b/drivers/net/wwan/iosm/iosm_ipc_devlink.c
@@ -2,6 +2,7 @@
/*
* Copyright (C) 2020-2021 Intel Corporation.
*/
+#include <linux/vmalloc.h>
#include "iosm_ipc_chnl_cfg.h"
#include "iosm_ipc_coredump.h"
--
2.35.1
^ permalink raw reply related [flat|nested] 305+ messages in thread
* [PATCH 6.0 034/289] drm/amd/display: Zeromem mypipe heap struct before using it
2022-11-30 18:19 [PATCH 6.0 000/289] 6.0.11-rc1 review Greg Kroah-Hartman
` (32 preceding siblings ...)
2022-11-30 18:20 ` [PATCH 6.0 033/289] net: wwan: iosm: fix kernel test robot reported errors Greg Kroah-Hartman
@ 2022-11-30 18:20 ` Greg Kroah-Hartman
2022-11-30 18:20 ` [PATCH 6.0 035/289] drm/amd/display: Fix FCLK deviation and tool compile issues Greg Kroah-Hartman
` (264 subsequent siblings)
298 siblings, 0 replies; 305+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-30 18:20 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Martin Leung, Alan Liu,
Aurabindo Pillai, Daniel Wheeler, Alex Deucher, Sasha Levin
From: Aurabindo Pillai <aurabindo.pillai@amd.com>
[ Upstream commit ab4b35008db9b7ae747679250e5c26d7c3a90cea ]
[Why&How]
Bug was caused when moving variable from stack to heap because it was reusable
and garbage was left over, so we need to zero mem.
Reviewed-by: Martin Leung <Martin.Leung@amd.com>
Acked-by: Alan Liu <HaoPing.Liu@amd.com>
Signed-off-by: Aurabindo Pillai <aurabindo.pillai@amd.com>
Signed-off-by: Martin Leung <Martin.Leung@amd.com>
Tested-by: Daniel Wheeler <daniel.wheeler@amd.com>
Signed-off-by: Alex Deucher <alexander.deucher@amd.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/gpu/drm/amd/display/dc/dml/dcn32/display_mode_vba_32.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/drivers/gpu/drm/amd/display/dc/dml/dcn32/display_mode_vba_32.c b/drivers/gpu/drm/amd/display/dc/dml/dcn32/display_mode_vba_32.c
index bea380407151..042f9a62c4c5 100644
--- a/drivers/gpu/drm/amd/display/dc/dml/dcn32/display_mode_vba_32.c
+++ b/drivers/gpu/drm/amd/display/dc/dml/dcn32/display_mode_vba_32.c
@@ -3197,6 +3197,7 @@ void dml32_ModeSupportAndSystemConfigurationFull(struct display_mode_lib *mode_l
mode_lib->vba.FCLKChangeLatency, mode_lib->vba.UrgLatency[i],
mode_lib->vba.SREnterPlusExitTime);
+ memset(&v->dummy_vars.dml32_ModeSupportAndSystemConfigurationFull, 0, sizeof(DmlPipe));
v->dummy_vars.dml32_ModeSupportAndSystemConfigurationFull.myPipe.Dppclk = mode_lib->vba.RequiredDPPCLK[i][j][k];
v->dummy_vars.dml32_ModeSupportAndSystemConfigurationFull.myPipe.Dispclk = mode_lib->vba.RequiredDISPCLK[i][j];
v->dummy_vars.dml32_ModeSupportAndSystemConfigurationFull.myPipe.PixelClock = mode_lib->vba.PixelClock[k];
--
2.35.1
^ permalink raw reply related [flat|nested] 305+ messages in thread
* [PATCH 6.0 035/289] drm/amd/display: Fix FCLK deviation and tool compile issues
2022-11-30 18:19 [PATCH 6.0 000/289] 6.0.11-rc1 review Greg Kroah-Hartman
` (33 preceding siblings ...)
2022-11-30 18:20 ` [PATCH 6.0 034/289] drm/amd/display: Zeromem mypipe heap struct before using it Greg Kroah-Hartman
@ 2022-11-30 18:20 ` Greg Kroah-Hartman
2022-11-30 18:20 ` [PATCH 6.0 036/289] drm/amd/display: Fix gpio port mapping issue Greg Kroah-Hartman
` (263 subsequent siblings)
298 siblings, 0 replies; 305+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-30 18:20 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Aurabindo Pillai, Jun Lei, Alan Liu,
Chaitanya Dhere, Daniel Wheeler, Alex Deucher, Sasha Levin
From: Chaitanya Dhere <chaitanya.dhere@amd.com>
[ Upstream commit 0d5c5c210a4d4e655feb93b379647f0b179cdafe ]
[Why]
Recent backports from open source do not have header inclusion pattern
that is consistent with inclusion style in the rest of the file. This
breaks the internal tool builds as well. A recent commit erronously
modified the original DML formula for calculating
ActiveClockChangeLatencyHidingY. This resulted in a FCLK deviation
from the golden values.
[How]
Change the way in which display_mode_vba.h is included so that it is
consistent with the inclusion style in rest of the file which also fixes
the tool build. Restore the DML formula to its original state to fix the
FCLK deviation.
Reviewed-by: Aurabindo Pillai <Aurabindo.Pillai@amd.com>
Reviewed-by: Jun Lei <Jun.Lei@amd.com>
Acked-by: Alan Liu <HaoPing.Liu@amd.com>
Signed-off-by: Chaitanya Dhere <chaitanya.dhere@amd.com>
Tested-by: Daniel Wheeler <daniel.wheeler@amd.com>
Signed-off-by: Alex Deucher <alexander.deucher@amd.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
.../gpu/drm/amd/display/dc/dml/dcn32/display_mode_vba_util_32.c | 2 +-
.../gpu/drm/amd/display/dc/dml/dcn32/display_mode_vba_util_32.h | 2 +-
2 files changed, 2 insertions(+), 2 deletions(-)
diff --git a/drivers/gpu/drm/amd/display/dc/dml/dcn32/display_mode_vba_util_32.c b/drivers/gpu/drm/amd/display/dc/dml/dcn32/display_mode_vba_util_32.c
index 67af8f4df8b8..d9141ef2fefd 100644
--- a/drivers/gpu/drm/amd/display/dc/dml/dcn32/display_mode_vba_util_32.c
+++ b/drivers/gpu/drm/amd/display/dc/dml/dcn32/display_mode_vba_util_32.c
@@ -4396,7 +4396,7 @@ void dml32_CalculateWatermarksMALLUseAndDRAMSpeedChangeSupport(
if (v->NumberOfActiveSurfaces > 1) {
ActiveClockChangeLatencyHidingY = ActiveClockChangeLatencyHidingY
- - (1 - 1 / v->NumberOfActiveSurfaces) * SwathHeightY[k] * v->HTotal[k]
+ - (1.0 - 1.0 / v->NumberOfActiveSurfaces) * SwathHeightY[k] * v->HTotal[k]
/ v->PixelClock[k] / v->VRatio[k];
}
diff --git a/drivers/gpu/drm/amd/display/dc/dml/dcn32/display_mode_vba_util_32.h b/drivers/gpu/drm/amd/display/dc/dml/dcn32/display_mode_vba_util_32.h
index 0b427d89b3c5..f174f5c5ff92 100644
--- a/drivers/gpu/drm/amd/display/dc/dml/dcn32/display_mode_vba_util_32.h
+++ b/drivers/gpu/drm/amd/display/dc/dml/dcn32/display_mode_vba_util_32.h
@@ -30,7 +30,7 @@
#include "os_types.h"
#include "../dc_features.h"
#include "../display_mode_structs.h"
-#include "dml/display_mode_vba.h"
+#include "../display_mode_vba.h"
unsigned int dml32_dscceComputeDelay(
unsigned int bpc,
--
2.35.1
^ permalink raw reply related [flat|nested] 305+ messages in thread
* [PATCH 6.0 036/289] drm/amd/display: Fix gpio port mapping issue
2022-11-30 18:19 [PATCH 6.0 000/289] 6.0.11-rc1 review Greg Kroah-Hartman
` (34 preceding siblings ...)
2022-11-30 18:20 ` [PATCH 6.0 035/289] drm/amd/display: Fix FCLK deviation and tool compile issues Greg Kroah-Hartman
@ 2022-11-30 18:20 ` Greg Kroah-Hartman
2022-11-30 18:20 ` [PATCH 6.0 037/289] Revert "drm/amdgpu: Revert "drm/amdgpu: getting fan speed pwm for vega10 properly"" Greg Kroah-Hartman
` (262 subsequent siblings)
298 siblings, 0 replies; 305+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-30 18:20 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Alvin Lee, Alan Liu, Steve Su,
Daniel Wheeler, Alex Deucher, Sasha Levin
From: Steve Su <steve.su@amd.com>
[ Upstream commit c0b2753f5db281b07013899c79b5f06a614055f9 ]
[Why]
1. Port of gpio has different mapping.
[How]
1. Add a dummy entry in mapping table.
2. Fix incorrect mask bit field access.
Reviewed-by: Alvin Lee <Alvin.Lee2@amd.com>
Acked-by: Alan Liu <HaoPing.Liu@amd.com>
Signed-off-by: Steve Su <steve.su@amd.com>
Tested-by: Daniel Wheeler <daniel.wheeler@amd.com>
Signed-off-by: Alex Deucher <alexander.deucher@amd.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
.../amd/display/dc/gpio/dcn32/hw_factory_dcn32.c | 14 ++++++++++++++
drivers/gpu/drm/amd/display/dc/gpio/hw_ddc.c | 9 ++++++---
2 files changed, 20 insertions(+), 3 deletions(-)
diff --git a/drivers/gpu/drm/amd/display/dc/gpio/dcn32/hw_factory_dcn32.c b/drivers/gpu/drm/amd/display/dc/gpio/dcn32/hw_factory_dcn32.c
index d635b73af46f..0ea52ba5ac82 100644
--- a/drivers/gpu/drm/amd/display/dc/gpio/dcn32/hw_factory_dcn32.c
+++ b/drivers/gpu/drm/amd/display/dc/gpio/dcn32/hw_factory_dcn32.c
@@ -107,6 +107,13 @@ static const struct ddc_registers ddc_data_regs_dcn[] = {
ddc_data_regs_dcn2(3),
ddc_data_regs_dcn2(4),
ddc_data_regs_dcn2(5),
+ {
+ // add a dummy entry for cases no such port
+ {0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,},
+ .ddc_setup = 0,
+ .phy_aux_cntl = 0,
+ .dc_gpio_aux_ctrl_5 = 0
+ },
{
DDC_GPIO_VGA_REG_LIST(DATA),
.ddc_setup = 0,
@@ -121,6 +128,13 @@ static const struct ddc_registers ddc_clk_regs_dcn[] = {
ddc_clk_regs_dcn2(3),
ddc_clk_regs_dcn2(4),
ddc_clk_regs_dcn2(5),
+ {
+ // add a dummy entry for cases no such port
+ {0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,},
+ .ddc_setup = 0,
+ .phy_aux_cntl = 0,
+ .dc_gpio_aux_ctrl_5 = 0
+ },
{
DDC_GPIO_VGA_REG_LIST(CLK),
.ddc_setup = 0,
diff --git a/drivers/gpu/drm/amd/display/dc/gpio/hw_ddc.c b/drivers/gpu/drm/amd/display/dc/gpio/hw_ddc.c
index 6fd38cdd68c0..525bc8881950 100644
--- a/drivers/gpu/drm/amd/display/dc/gpio/hw_ddc.c
+++ b/drivers/gpu/drm/amd/display/dc/gpio/hw_ddc.c
@@ -94,11 +94,14 @@ static enum gpio_result set_config(
* is required for detection of AUX mode */
if (hw_gpio->base.en != GPIO_DDC_LINE_VIP_PAD) {
if (!ddc_data_pd_en || !ddc_clk_pd_en) {
-
- REG_SET_2(gpio.MASK_reg, regval,
+ if (hw_gpio->base.en == GPIO_DDC_LINE_DDC_VGA) {
+ // bit 4 of mask has different usage in some cases
+ REG_SET(gpio.MASK_reg, regval, DC_GPIO_DDC1DATA_PD_EN, 1);
+ } else {
+ REG_SET_2(gpio.MASK_reg, regval,
DC_GPIO_DDC1DATA_PD_EN, 1,
DC_GPIO_DDC1CLK_PD_EN, 1);
-
+ }
if (config_data->type ==
GPIO_CONFIG_TYPE_I2C_AUX_DUAL_MODE)
msleep(3);
--
2.35.1
^ permalink raw reply related [flat|nested] 305+ messages in thread
* [PATCH 6.0 037/289] Revert "drm/amdgpu: Revert "drm/amdgpu: getting fan speed pwm for vega10 properly""
2022-11-30 18:19 [PATCH 6.0 000/289] 6.0.11-rc1 review Greg Kroah-Hartman
` (35 preceding siblings ...)
2022-11-30 18:20 ` [PATCH 6.0 036/289] drm/amd/display: Fix gpio port mapping issue Greg Kroah-Hartman
@ 2022-11-30 18:20 ` Greg Kroah-Hartman
2022-11-30 18:20 ` [PATCH 6.0 038/289] drm/amdgpu: Drop eviction lock when allocating PT BO Greg Kroah-Hartman
` (261 subsequent siblings)
298 siblings, 0 replies; 305+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-30 18:20 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Asher Song, Guchun Chen,
Alex Deucher, Sasha Levin
From: Asher Song <Asher.Song@amd.com>
[ Upstream commit 30b8e7b8ee3be003e0df85c857c5cd0e0bd58b82 ]
This reverts commit 4545ae2ed3f2f7c3f615a53399c9c8460ee5bca7.
The origin patch "drm/amdgpu: getting fan speed pwm for vega10 properly" works fine.
Test failure is caused by test case self.
Signed-off-by: Asher Song <Asher.Song@amd.com>
Reviewed-by: Guchun Chen <guchun.chen@amd.com>
Signed-off-by: Alex Deucher <alexander.deucher@amd.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
.../amd/pm/powerplay/hwmgr/vega10_thermal.c | 25 +++++++++----------
1 file changed, 12 insertions(+), 13 deletions(-)
diff --git a/drivers/gpu/drm/amd/pm/powerplay/hwmgr/vega10_thermal.c b/drivers/gpu/drm/amd/pm/powerplay/hwmgr/vega10_thermal.c
index dad3e3741a4e..190af79f3236 100644
--- a/drivers/gpu/drm/amd/pm/powerplay/hwmgr/vega10_thermal.c
+++ b/drivers/gpu/drm/amd/pm/powerplay/hwmgr/vega10_thermal.c
@@ -67,22 +67,21 @@ int vega10_fan_ctrl_get_fan_speed_info(struct pp_hwmgr *hwmgr,
int vega10_fan_ctrl_get_fan_speed_pwm(struct pp_hwmgr *hwmgr,
uint32_t *speed)
{
- uint32_t current_rpm;
- uint32_t percent = 0;
-
- if (hwmgr->thermal_controller.fanInfo.bNoFan)
- return 0;
+ struct amdgpu_device *adev = hwmgr->adev;
+ uint32_t duty100, duty;
+ uint64_t tmp64;
- if (vega10_get_current_rpm(hwmgr, ¤t_rpm))
- return -1;
+ duty100 = REG_GET_FIELD(RREG32_SOC15(THM, 0, mmCG_FDO_CTRL1),
+ CG_FDO_CTRL1, FMAX_DUTY100);
+ duty = REG_GET_FIELD(RREG32_SOC15(THM, 0, mmCG_THERMAL_STATUS),
+ CG_THERMAL_STATUS, FDO_PWM_DUTY);
- if (hwmgr->thermal_controller.
- advanceFanControlParameters.usMaxFanRPM != 0)
- percent = current_rpm * 255 /
- hwmgr->thermal_controller.
- advanceFanControlParameters.usMaxFanRPM;
+ if (!duty100)
+ return -EINVAL;
- *speed = MIN(percent, 255);
+ tmp64 = (uint64_t)duty * 255;
+ do_div(tmp64, duty100);
+ *speed = MIN((uint32_t)tmp64, 255);
return 0;
}
--
2.35.1
^ permalink raw reply related [flat|nested] 305+ messages in thread
* [PATCH 6.0 038/289] drm/amdgpu: Drop eviction lock when allocating PT BO
2022-11-30 18:19 [PATCH 6.0 000/289] 6.0.11-rc1 review Greg Kroah-Hartman
` (36 preceding siblings ...)
2022-11-30 18:20 ` [PATCH 6.0 037/289] Revert "drm/amdgpu: Revert "drm/amdgpu: getting fan speed pwm for vega10 properly"" Greg Kroah-Hartman
@ 2022-11-30 18:20 ` Greg Kroah-Hartman
2022-11-30 18:20 ` [PATCH 6.0 039/289] drm/amd/display: only fill dirty rectangles when PSR is enabled Greg Kroah-Hartman
` (260 subsequent siblings)
298 siblings, 0 replies; 305+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-30 18:20 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Philip Yang, Christian König,
Alex Deucher, Sasha Levin
From: Philip Yang <Philip.Yang@amd.com>
[ Upstream commit e034a0d9aaee5c9129d5dfdfdfcab988a953412d ]
Re-take the eviction lock immediately again after the allocation is
completed, to fix circular locking warning with drm_buddy allocator.
Move amdgpu_vm_eviction_lock/unlock/trylock to amdgpu_vm.h as they are
called from multiple files.
Signed-off-by: Philip Yang <Philip.Yang@amd.com>
Reviewed-by: Christian König <christian.koenig@amd.com>
Signed-off-by: Alex Deucher <alexander.deucher@amd.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/gpu/drm/amd/amdgpu/amdgpu_vm.c | 26 -----------------------
drivers/gpu/drm/amd/amdgpu/amdgpu_vm.h | 26 +++++++++++++++++++++++
drivers/gpu/drm/amd/amdgpu/amdgpu_vm_pt.c | 2 ++
3 files changed, 28 insertions(+), 26 deletions(-)
diff --git a/drivers/gpu/drm/amd/amdgpu/amdgpu_vm.c b/drivers/gpu/drm/amd/amdgpu/amdgpu_vm.c
index 04130f8813ef..369c0d03e3c6 100644
--- a/drivers/gpu/drm/amd/amdgpu/amdgpu_vm.c
+++ b/drivers/gpu/drm/amd/amdgpu/amdgpu_vm.c
@@ -143,32 +143,6 @@ int amdgpu_vm_set_pasid(struct amdgpu_device *adev, struct amdgpu_vm *vm,
return 0;
}
-/*
- * vm eviction_lock can be taken in MMU notifiers. Make sure no reclaim-FS
- * happens while holding this lock anywhere to prevent deadlocks when
- * an MMU notifier runs in reclaim-FS context.
- */
-static inline void amdgpu_vm_eviction_lock(struct amdgpu_vm *vm)
-{
- mutex_lock(&vm->eviction_lock);
- vm->saved_flags = memalloc_noreclaim_save();
-}
-
-static inline int amdgpu_vm_eviction_trylock(struct amdgpu_vm *vm)
-{
- if (mutex_trylock(&vm->eviction_lock)) {
- vm->saved_flags = memalloc_noreclaim_save();
- return 1;
- }
- return 0;
-}
-
-static inline void amdgpu_vm_eviction_unlock(struct amdgpu_vm *vm)
-{
- memalloc_noreclaim_restore(vm->saved_flags);
- mutex_unlock(&vm->eviction_lock);
-}
-
/**
* amdgpu_vm_bo_evicted - vm_bo is evicted
*
diff --git a/drivers/gpu/drm/amd/amdgpu/amdgpu_vm.h b/drivers/gpu/drm/amd/amdgpu/amdgpu_vm.h
index 278512535b51..39d2898caede 100644
--- a/drivers/gpu/drm/amd/amdgpu/amdgpu_vm.h
+++ b/drivers/gpu/drm/amd/amdgpu/amdgpu_vm.h
@@ -503,4 +503,30 @@ static inline uint64_t amdgpu_vm_tlb_seq(struct amdgpu_vm *vm)
return atomic64_read(&vm->tlb_seq);
}
+/*
+ * vm eviction_lock can be taken in MMU notifiers. Make sure no reclaim-FS
+ * happens while holding this lock anywhere to prevent deadlocks when
+ * an MMU notifier runs in reclaim-FS context.
+ */
+static inline void amdgpu_vm_eviction_lock(struct amdgpu_vm *vm)
+{
+ mutex_lock(&vm->eviction_lock);
+ vm->saved_flags = memalloc_noreclaim_save();
+}
+
+static inline bool amdgpu_vm_eviction_trylock(struct amdgpu_vm *vm)
+{
+ if (mutex_trylock(&vm->eviction_lock)) {
+ vm->saved_flags = memalloc_noreclaim_save();
+ return true;
+ }
+ return false;
+}
+
+static inline void amdgpu_vm_eviction_unlock(struct amdgpu_vm *vm)
+{
+ memalloc_noreclaim_restore(vm->saved_flags);
+ mutex_unlock(&vm->eviction_lock);
+}
+
#endif
diff --git a/drivers/gpu/drm/amd/amdgpu/amdgpu_vm_pt.c b/drivers/gpu/drm/amd/amdgpu/amdgpu_vm_pt.c
index 88de9f0d4728..983899574464 100644
--- a/drivers/gpu/drm/amd/amdgpu/amdgpu_vm_pt.c
+++ b/drivers/gpu/drm/amd/amdgpu/amdgpu_vm_pt.c
@@ -597,7 +597,9 @@ static int amdgpu_vm_pt_alloc(struct amdgpu_device *adev,
if (entry->bo)
return 0;
+ amdgpu_vm_eviction_unlock(vm);
r = amdgpu_vm_pt_create(adev, vm, cursor->level, immediate, &pt);
+ amdgpu_vm_eviction_lock(vm);
if (r)
return r;
--
2.35.1
^ permalink raw reply related [flat|nested] 305+ messages in thread
* [PATCH 6.0 039/289] drm/amd/display: only fill dirty rectangles when PSR is enabled
2022-11-30 18:19 [PATCH 6.0 000/289] 6.0.11-rc1 review Greg Kroah-Hartman
` (37 preceding siblings ...)
2022-11-30 18:20 ` [PATCH 6.0 038/289] drm/amdgpu: Drop eviction lock when allocating PT BO Greg Kroah-Hartman
@ 2022-11-30 18:20 ` Greg Kroah-Hartman
2022-11-30 18:20 ` [PATCH 6.0 040/289] ALSA: usb-audio: add quirk to fix Hamedal C20 disconnect issue Greg Kroah-Hartman
` (259 subsequent siblings)
298 siblings, 0 replies; 305+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-30 18:20 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Leo Li, Hamza Mahfooz, Alex Deucher,
Sasha Levin
From: Hamza Mahfooz <hamza.mahfooz@amd.com>
[ Upstream commit 675d84621a24490e1de3d59a4992a17fa9ff92b5 ]
Currently, we are calling fill_dc_dirty_rects() even if PSR isn't
supported by the relevant link in amdgpu_dm_commit_planes(), this is
undesirable especially because when drm.debug is enabled we are printing
messages in fill_dc_dirty_rects() that are only useful for debugging PSR
(and confusing otherwise). So, we can instead limit the filling of dirty
rectangles to only when PSR is enabled.
Reviewed-by: Leo Li <sunpeng.li@amd.com>
Signed-off-by: Hamza Mahfooz <hamza.mahfooz@amd.com>
Signed-off-by: Alex Deucher <alexander.deucher@amd.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c | 7 ++++---
1 file changed, 4 insertions(+), 3 deletions(-)
diff --git a/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c b/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c
index 7f8eb09b0b7c..9ce100e315c5 100644
--- a/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c
+++ b/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c
@@ -7650,9 +7650,10 @@ static void amdgpu_dm_commit_planes(struct drm_atomic_state *state,
bundle->surface_updates[planes_count].plane_info =
&bundle->plane_infos[planes_count];
- fill_dc_dirty_rects(plane, old_plane_state, new_plane_state,
- new_crtc_state,
- &bundle->flip_addrs[planes_count]);
+ if (acrtc_state->stream->link->psr_settings.psr_feature_enabled)
+ fill_dc_dirty_rects(plane, old_plane_state,
+ new_plane_state, new_crtc_state,
+ &bundle->flip_addrs[planes_count]);
/*
* Only allow immediate flips for fast updates that don't
--
2.35.1
^ permalink raw reply related [flat|nested] 305+ messages in thread
* [PATCH 6.0 040/289] ALSA: usb-audio: add quirk to fix Hamedal C20 disconnect issue
2022-11-30 18:19 [PATCH 6.0 000/289] 6.0.11-rc1 review Greg Kroah-Hartman
` (38 preceding siblings ...)
2022-11-30 18:20 ` [PATCH 6.0 039/289] drm/amd/display: only fill dirty rectangles when PSR is enabled Greg Kroah-Hartman
@ 2022-11-30 18:20 ` Greg Kroah-Hartman
2022-11-30 18:20 ` [PATCH 6.0 041/289] RISC-V: vdso: Do not add missing symbols to version section in linker script Greg Kroah-Hartman
` (258 subsequent siblings)
298 siblings, 0 replies; 305+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-30 18:20 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Ai Chao, Takashi Iwai, Sasha Levin
From: Ai Chao <aichao@kylinos.cn>
[ Upstream commit bf990c10231937c0f51e5da5558e08cf5adc6a78 ]
For Hamedal C20, the current rate is different from the runtime rate,
snd_usb_endpoint stop and close endpoint to resetting rate.
if snd_usb_endpoint close the endpoint, sometimes usb will
disconnect the device.
Signed-off-by: Ai Chao <aichao@kylinos.cn>
Link: https://lore.kernel.org/r/20221110063452.295110-1-aichao@kylinos.cn
Signed-off-by: Takashi Iwai <tiwai@suse.de>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
sound/usb/endpoint.c | 3 ++-
sound/usb/quirks.c | 2 ++
sound/usb/usbaudio.h | 3 +++
3 files changed, 7 insertions(+), 1 deletion(-)
diff --git a/sound/usb/endpoint.c b/sound/usb/endpoint.c
index 2420dc994632..4c9ea13f72d4 100644
--- a/sound/usb/endpoint.c
+++ b/sound/usb/endpoint.c
@@ -923,7 +923,8 @@ void snd_usb_endpoint_close(struct snd_usb_audio *chip,
usb_audio_dbg(chip, "Closing EP 0x%x (count %d)\n",
ep->ep_num, ep->opened);
- if (!--ep->iface_ref->opened)
+ if (!--ep->iface_ref->opened &&
+ !(chip->quirk_flags & QUIRK_FLAG_IFACE_SKIP_CLOSE))
endpoint_set_interface(chip, ep, false);
if (!--ep->opened) {
diff --git a/sound/usb/quirks.c b/sound/usb/quirks.c
index 250bda7cda07..4f914dce6bbf 100644
--- a/sound/usb/quirks.c
+++ b/sound/usb/quirks.c
@@ -2186,6 +2186,8 @@ static const struct usb_audio_quirk_flags_table quirk_flags_table[] = {
QUIRK_FLAG_GENERIC_IMPLICIT_FB),
DEVICE_FLG(0x2b53, 0x0031, /* Fiero SC-01 (firmware v1.1.0) */
QUIRK_FLAG_GENERIC_IMPLICIT_FB),
+ DEVICE_FLG(0x0525, 0xa4ad, /* Hamedal C20 usb camero */
+ QUIRK_FLAG_IFACE_SKIP_CLOSE),
/* Vendor matches */
VENDOR_FLG(0x045e, /* MS Lifecam */
diff --git a/sound/usb/usbaudio.h b/sound/usb/usbaudio.h
index 2c6575029b1c..e97141ef730a 100644
--- a/sound/usb/usbaudio.h
+++ b/sound/usb/usbaudio.h
@@ -170,6 +170,8 @@ extern bool snd_usb_skip_validation;
* Apply the generic implicit feedback sync mode (same as implicit_fb=1 option)
* QUIRK_FLAG_SKIP_IMPLICIT_FB
* Don't apply implicit feedback sync mode
+ * QUIRK_FLAG_IFACE_SKIP_CLOSE
+ * Don't closed interface during setting sample rate
*/
#define QUIRK_FLAG_GET_SAMPLE_RATE (1U << 0)
@@ -191,5 +193,6 @@ extern bool snd_usb_skip_validation;
#define QUIRK_FLAG_SET_IFACE_FIRST (1U << 16)
#define QUIRK_FLAG_GENERIC_IMPLICIT_FB (1U << 17)
#define QUIRK_FLAG_SKIP_IMPLICIT_FB (1U << 18)
+#define QUIRK_FLAG_IFACE_SKIP_CLOSE (1U << 19)
#endif /* __USBAUDIO_H */
--
2.35.1
^ permalink raw reply related [flat|nested] 305+ messages in thread
* [PATCH 6.0 041/289] RISC-V: vdso: Do not add missing symbols to version section in linker script
2022-11-30 18:19 [PATCH 6.0 000/289] 6.0.11-rc1 review Greg Kroah-Hartman
` (39 preceding siblings ...)
2022-11-30 18:20 ` [PATCH 6.0 040/289] ALSA: usb-audio: add quirk to fix Hamedal C20 disconnect issue Greg Kroah-Hartman
@ 2022-11-30 18:20 ` Greg Kroah-Hartman
2022-11-30 18:20 ` [PATCH 6.0 042/289] MIPS: pic32: treat port as signed integer Greg Kroah-Hartman
` (257 subsequent siblings)
298 siblings, 0 replies; 305+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-30 18:20 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Nathan Chancellor, Conor Dooley,
Palmer Dabbelt, Sasha Levin
From: Nathan Chancellor <nathan@kernel.org>
[ Upstream commit fcae44fd36d052e956e69a64642fc03820968d78 ]
Recently, ld.lld moved from '--undefined-version' to
'--no-undefined-version' as the default, which breaks the compat vDSO
build:
ld.lld: error: version script assignment of 'LINUX_4.15' to symbol '__vdso_gettimeofday' failed: symbol not defined
ld.lld: error: version script assignment of 'LINUX_4.15' to symbol '__vdso_clock_gettime' failed: symbol not defined
ld.lld: error: version script assignment of 'LINUX_4.15' to symbol '__vdso_clock_getres' failed: symbol not defined
These symbols are not present in the compat vDSO or the regular vDSO for
32-bit but they are unconditionally included in the version section of
the linker script, which is prohibited with '--no-undefined-version'.
Fix this issue by only including the symbols that are actually exported
in the version section of the linker script.
Link: https://github.com/ClangBuiltLinux/linux/issues/1756
Signed-off-by: Nathan Chancellor <nathan@kernel.org>
Tested-by: Conor Dooley <conor.dooley@microchip.com>
Link: https://lore.kernel.org/r/20221108171324.3377226-1-nathan@kernel.org/
Signed-off-by: Palmer Dabbelt <palmer@rivosinc.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/riscv/kernel/vdso/Makefile | 3 +++
arch/riscv/kernel/vdso/vdso.lds.S | 2 ++
2 files changed, 5 insertions(+)
diff --git a/arch/riscv/kernel/vdso/Makefile b/arch/riscv/kernel/vdso/Makefile
index 84ac0fe612e7..db6548509bb3 100644
--- a/arch/riscv/kernel/vdso/Makefile
+++ b/arch/riscv/kernel/vdso/Makefile
@@ -28,6 +28,9 @@ obj-vdso := $(addprefix $(obj)/, $(obj-vdso))
obj-y += vdso.o
CPPFLAGS_vdso.lds += -P -C -U$(ARCH)
+ifneq ($(filter vgettimeofday, $(vdso-syms)),)
+CPPFLAGS_vdso.lds += -DHAS_VGETTIMEOFDAY
+endif
# Disable -pg to prevent insert call site
CFLAGS_REMOVE_vgettimeofday.o = $(CC_FLAGS_FTRACE)
diff --git a/arch/riscv/kernel/vdso/vdso.lds.S b/arch/riscv/kernel/vdso/vdso.lds.S
index 01d94aae5bf5..150b1a572e61 100644
--- a/arch/riscv/kernel/vdso/vdso.lds.S
+++ b/arch/riscv/kernel/vdso/vdso.lds.S
@@ -68,9 +68,11 @@ VERSION
LINUX_4.15 {
global:
__vdso_rt_sigreturn;
+#ifdef HAS_VGETTIMEOFDAY
__vdso_gettimeofday;
__vdso_clock_gettime;
__vdso_clock_getres;
+#endif
__vdso_getcpu;
__vdso_flush_icache;
local: *;
--
2.35.1
^ permalink raw reply related [flat|nested] 305+ messages in thread
* [PATCH 6.0 042/289] MIPS: pic32: treat port as signed integer
2022-11-30 18:19 [PATCH 6.0 000/289] 6.0.11-rc1 review Greg Kroah-Hartman
` (40 preceding siblings ...)
2022-11-30 18:20 ` [PATCH 6.0 041/289] RISC-V: vdso: Do not add missing symbols to version section in linker script Greg Kroah-Hartman
@ 2022-11-30 18:20 ` Greg Kroah-Hartman
2022-11-30 18:20 ` [PATCH 6.0 043/289] io_uring/poll: lockdep annote io_poll_req_insert_locked Greg Kroah-Hartman
` (256 subsequent siblings)
298 siblings, 0 replies; 305+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-30 18:20 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Thomas Bogendoerfer,
Jason A. Donenfeld, Sasha Levin
From: Jason A. Donenfeld <Jason@zx2c4.com>
[ Upstream commit 648060902aa302331b5d6e4f26d8ee0761d239ab ]
get_port_from_cmdline() returns an int, yet is assigned to a char, which
is wrong in its own right, but also, with char becoming unsigned, this
poses problems, because -1 is used as an error value. Further
complicating things, fw_init_early_console() is only ever called with a
-1 argument. Fix this up by removing the unused argument from
fw_init_early_console() and treating port as a proper signed integer.
Cc: Thomas Bogendoerfer <tsbogend@alpha.franken.de>
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
Signed-off-by: Thomas Bogendoerfer <tsbogend@alpha.franken.de>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/mips/include/asm/fw/fw.h | 2 +-
arch/mips/pic32/pic32mzda/early_console.c | 13 ++++++-------
arch/mips/pic32/pic32mzda/init.c | 2 +-
3 files changed, 8 insertions(+), 9 deletions(-)
diff --git a/arch/mips/include/asm/fw/fw.h b/arch/mips/include/asm/fw/fw.h
index d0ef8b4892bb..d0494ce4b337 100644
--- a/arch/mips/include/asm/fw/fw.h
+++ b/arch/mips/include/asm/fw/fw.h
@@ -26,6 +26,6 @@ extern char *fw_getcmdline(void);
extern void fw_meminit(void);
extern char *fw_getenv(char *name);
extern unsigned long fw_getenvl(char *name);
-extern void fw_init_early_console(char port);
+extern void fw_init_early_console(void);
#endif /* __ASM_FW_H_ */
diff --git a/arch/mips/pic32/pic32mzda/early_console.c b/arch/mips/pic32/pic32mzda/early_console.c
index 25372e62783b..3cd1b408fa1c 100644
--- a/arch/mips/pic32/pic32mzda/early_console.c
+++ b/arch/mips/pic32/pic32mzda/early_console.c
@@ -27,7 +27,7 @@
#define U_BRG(x) (UART_BASE(x) + 0x40)
static void __iomem *uart_base;
-static char console_port = -1;
+static int console_port = -1;
static int __init configure_uart_pins(int port)
{
@@ -47,7 +47,7 @@ static int __init configure_uart_pins(int port)
return 0;
}
-static void __init configure_uart(char port, int baud)
+static void __init configure_uart(int port, int baud)
{
u32 pbclk;
@@ -60,7 +60,7 @@ static void __init configure_uart(char port, int baud)
uart_base + PIC32_SET(U_STA(port)));
}
-static void __init setup_early_console(char port, int baud)
+static void __init setup_early_console(int port, int baud)
{
if (configure_uart_pins(port))
return;
@@ -130,16 +130,15 @@ static int __init get_baud_from_cmdline(char *arch_cmdline)
return baud;
}
-void __init fw_init_early_console(char port)
+void __init fw_init_early_console(void)
{
char *arch_cmdline = pic32_getcmdline();
- int baud = -1;
+ int baud, port;
uart_base = ioremap(PIC32_BASE_UART, 0xc00);
baud = get_baud_from_cmdline(arch_cmdline);
- if (port == -1)
- port = get_port_from_cmdline(arch_cmdline);
+ port = get_port_from_cmdline(arch_cmdline);
if (port == -1)
port = EARLY_CONSOLE_PORT;
diff --git a/arch/mips/pic32/pic32mzda/init.c b/arch/mips/pic32/pic32mzda/init.c
index d9c8c4e46aff..58d8ca730df7 100644
--- a/arch/mips/pic32/pic32mzda/init.c
+++ b/arch/mips/pic32/pic32mzda/init.c
@@ -47,7 +47,7 @@ void __init plat_mem_setup(void)
strlcpy(arcs_cmdline, boot_command_line, COMMAND_LINE_SIZE);
#ifdef CONFIG_EARLY_PRINTK
- fw_init_early_console(-1);
+ fw_init_early_console();
#endif
pic32_config_init();
}
--
2.35.1
^ permalink raw reply related [flat|nested] 305+ messages in thread
* [PATCH 6.0 043/289] io_uring/poll: lockdep annote io_poll_req_insert_locked
2022-11-30 18:19 [PATCH 6.0 000/289] 6.0.11-rc1 review Greg Kroah-Hartman
` (41 preceding siblings ...)
2022-11-30 18:20 ` [PATCH 6.0 042/289] MIPS: pic32: treat port as signed integer Greg Kroah-Hartman
@ 2022-11-30 18:20 ` Greg Kroah-Hartman
2022-11-30 18:20 ` [PATCH 6.0 044/289] xfrm: fix "disable_policy" on ipv4 early demux Greg Kroah-Hartman
` (255 subsequent siblings)
298 siblings, 0 replies; 305+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-30 18:20 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Pavel Begunkov, Jens Axboe, Sasha Levin
From: Pavel Begunkov <asml.silence@gmail.com>
[ Upstream commit 5576035f15dfcc6cb1cec236db40c2c0733b0ba4 ]
Add a lockdep annotation in io_poll_req_insert_locked().
Signed-off-by: Pavel Begunkov <asml.silence@gmail.com>
Link: https://lore.kernel.org/r/8115d8e702733754d0aea119e9b5bb63d1eb8b24.1668184658.git.asml.silence@gmail.com
Signed-off-by: Jens Axboe <axboe@kernel.dk>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
io_uring/poll.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/io_uring/poll.c b/io_uring/poll.c
index ba0f68466930..055632e9092a 100644
--- a/io_uring/poll.c
+++ b/io_uring/poll.c
@@ -116,6 +116,8 @@ static void io_poll_req_insert_locked(struct io_kiocb *req)
struct io_hash_table *table = &req->ctx->cancel_table_locked;
u32 index = hash_long(req->cqe.user_data, table->hash_bits);
+ lockdep_assert_held(&req->ctx->uring_lock);
+
hlist_add_head(&req->hash_node, &table->hbs[index].list);
}
--
2.35.1
^ permalink raw reply related [flat|nested] 305+ messages in thread
* [PATCH 6.0 044/289] xfrm: fix "disable_policy" on ipv4 early demux
2022-11-30 18:19 [PATCH 6.0 000/289] 6.0.11-rc1 review Greg Kroah-Hartman
` (42 preceding siblings ...)
2022-11-30 18:20 ` [PATCH 6.0 043/289] io_uring/poll: lockdep annote io_poll_req_insert_locked Greg Kroah-Hartman
@ 2022-11-30 18:20 ` Greg Kroah-Hartman
2022-11-30 18:20 ` [PATCH 6.0 045/289] arm64: dts: rockchip: fix quartz64-a bluetooth configuration Greg Kroah-Hartman
` (254 subsequent siblings)
298 siblings, 0 replies; 305+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-30 18:20 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Monil Patel, Eyal Birger,
Steffen Klassert, Sasha Levin
From: Eyal Birger <eyal.birger@gmail.com>
[ Upstream commit 3a5913183aa1b14148c723bda030e6102ad73008 ]
The commit in the "Fixes" tag tried to avoid a case where policy check
is ignored due to dst caching in next hops.
However, when the traffic is locally consumed, the dst may be cached
in a local TCP or UDP socket as part of early demux. In this case the
"disable_policy" flag is not checked as ip_route_input_noref() was only
called before caching, and thus, packets after the initial packet in a
flow will be dropped if not matching policies.
Fix by checking the "disable_policy" flag also when a valid dst is
already available.
Link: https://bugzilla.kernel.org/show_bug.cgi?id=216557
Reported-by: Monil Patel <monil191989@gmail.com>
Fixes: e6175a2ed1f1 ("xfrm: fix "disable_policy" flag use when arriving from different devices")
Signed-off-by: Eyal Birger <eyal.birger@gmail.com>
----
v2: use dev instead of skb->dev
Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
net/ipv4/ip_input.c | 5 +++++
1 file changed, 5 insertions(+)
diff --git a/net/ipv4/ip_input.c b/net/ipv4/ip_input.c
index 1b512390b3cf..e880ce77322a 100644
--- a/net/ipv4/ip_input.c
+++ b/net/ipv4/ip_input.c
@@ -366,6 +366,11 @@ static int ip_rcv_finish_core(struct net *net, struct sock *sk,
iph->tos, dev);
if (unlikely(err))
goto drop_error;
+ } else {
+ struct in_device *in_dev = __in_dev_get_rcu(dev);
+
+ if (in_dev && IN_DEV_ORCONF(in_dev, NOPOLICY))
+ IPCB(skb)->flags |= IPSKB_NOPOLICY;
}
#ifdef CONFIG_IP_ROUTE_CLASSID
--
2.35.1
^ permalink raw reply related [flat|nested] 305+ messages in thread
* [PATCH 6.0 045/289] arm64: dts: rockchip: fix quartz64-a bluetooth configuration
2022-11-30 18:19 [PATCH 6.0 000/289] 6.0.11-rc1 review Greg Kroah-Hartman
` (43 preceding siblings ...)
2022-11-30 18:20 ` [PATCH 6.0 044/289] xfrm: fix "disable_policy" on ipv4 early demux Greg Kroah-Hartman
@ 2022-11-30 18:20 ` Greg Kroah-Hartman
2022-11-30 18:20 ` [PATCH 6.0 046/289] xfrm: replay: Fix ESN wrap around for GSO Greg Kroah-Hartman
` (253 subsequent siblings)
298 siblings, 0 replies; 305+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-30 18:20 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Lev Popov, Heiko Stuebner, Sasha Levin
From: Lev Popov <leo@nabam.net>
[ Upstream commit 2dcd7e0c821fe9b663f7d3382b6d2faa8edf2129 ]
For "Quartz64 Model A" add missing RTS line to the UART interface used by
bluetooth and swap bluetooth host-wakeup and device-wakeup gpio pins to
match the boards physical layout. This changes are necessary to make
bluetooth provided by the wireless module work.
Also set max-speed on the bluetooth device as it's not automatically
detected.
Fixes: b33a22a1e7c4 ("arm64: dts: rockchip: add basic dts for Pine64 Quartz64-A")
Signed-off-by: Lev Popov <leo@nabam.net>
Link: https://lore.kernel.org/r/20220926125350.64783-1-leo@nabam.net
Signed-off-by: Heiko Stuebner <heiko@sntech.de>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/arm64/boot/dts/rockchip/rk3566-quartz64-a.dts | 7 ++++---
1 file changed, 4 insertions(+), 3 deletions(-)
diff --git a/arch/arm64/boot/dts/rockchip/rk3566-quartz64-a.dts b/arch/arm64/boot/dts/rockchip/rk3566-quartz64-a.dts
index a05460b92415..25a8c781f4e7 100644
--- a/arch/arm64/boot/dts/rockchip/rk3566-quartz64-a.dts
+++ b/arch/arm64/boot/dts/rockchip/rk3566-quartz64-a.dts
@@ -740,7 +740,7 @@ &uart0 {
&uart1 {
pinctrl-names = "default";
- pinctrl-0 = <&uart1m0_xfer &uart1m0_ctsn>;
+ pinctrl-0 = <&uart1m0_xfer &uart1m0_ctsn &uart1m0_rtsn>;
status = "okay";
uart-has-rtscts;
@@ -748,13 +748,14 @@ bluetooth {
compatible = "brcm,bcm43438-bt";
clocks = <&rk817 1>;
clock-names = "lpo";
- device-wakeup-gpios = <&gpio2 RK_PC1 GPIO_ACTIVE_HIGH>;
- host-wakeup-gpios = <&gpio2 RK_PC0 GPIO_ACTIVE_HIGH>;
+ host-wakeup-gpios = <&gpio2 RK_PC1 GPIO_ACTIVE_HIGH>;
+ device-wakeup-gpios = <&gpio2 RK_PC0 GPIO_ACTIVE_HIGH>;
shutdown-gpios = <&gpio2 RK_PB7 GPIO_ACTIVE_HIGH>;
pinctrl-names = "default";
pinctrl-0 = <&bt_host_wake_l &bt_wake_l &bt_enable_h>;
vbat-supply = <&vcc_sys>;
vddio-supply = <&vcca1v8_pmu>;
+ max-speed = <3000000>;
};
};
--
2.35.1
^ permalink raw reply related [flat|nested] 305+ messages in thread
* [PATCH 6.0 046/289] xfrm: replay: Fix ESN wrap around for GSO
2022-11-30 18:19 [PATCH 6.0 000/289] 6.0.11-rc1 review Greg Kroah-Hartman
` (44 preceding siblings ...)
2022-11-30 18:20 ` [PATCH 6.0 045/289] arm64: dts: rockchip: fix quartz64-a bluetooth configuration Greg Kroah-Hartman
@ 2022-11-30 18:20 ` Greg Kroah-Hartman
2022-11-30 18:20 ` [PATCH 6.0 047/289] af_key: Fix send_acquire race with pfkey_register Greg Kroah-Hartman
` (252 subsequent siblings)
298 siblings, 0 replies; 305+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-30 18:20 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Christian Langrock,
Steffen Klassert, Sasha Levin
From: Christian Langrock <christian.langrock@secunet.com>
[ Upstream commit 4b549ccce941798703f159b227aa28c716aa78fa ]
When using GSO it can happen that the wrong seq_hi is used for the last
packets before the wrap around. This can lead to double usage of a
sequence number. To avoid this, we should serialize this last GSO
packet.
Fixes: d7dbefc45cf5 ("xfrm: Add xfrm_replay_overflow functions for offloading")
Co-developed-by: Steffen Klassert <steffen.klassert@secunet.com>
Signed-off-by: Christian Langrock <christian.langrock@secunet.com>
Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
net/ipv4/esp4_offload.c | 3 +++
net/ipv6/esp6_offload.c | 3 +++
net/xfrm/xfrm_device.c | 15 ++++++++++++++-
net/xfrm/xfrm_replay.c | 2 +-
4 files changed, 21 insertions(+), 2 deletions(-)
diff --git a/net/ipv4/esp4_offload.c b/net/ipv4/esp4_offload.c
index 170152772d33..3969fa805679 100644
--- a/net/ipv4/esp4_offload.c
+++ b/net/ipv4/esp4_offload.c
@@ -314,6 +314,9 @@ static int esp_xmit(struct xfrm_state *x, struct sk_buff *skb, netdev_features_
xo->seq.low += skb_shinfo(skb)->gso_segs;
}
+ if (xo->seq.low < seq)
+ xo->seq.hi++;
+
esp.seqno = cpu_to_be64(seq + ((u64)xo->seq.hi << 32));
ip_hdr(skb)->tot_len = htons(skb->len);
diff --git a/net/ipv6/esp6_offload.c b/net/ipv6/esp6_offload.c
index 79d43548279c..242f4295940e 100644
--- a/net/ipv6/esp6_offload.c
+++ b/net/ipv6/esp6_offload.c
@@ -346,6 +346,9 @@ static int esp6_xmit(struct xfrm_state *x, struct sk_buff *skb, netdev_features
xo->seq.low += skb_shinfo(skb)->gso_segs;
}
+ if (xo->seq.low < seq)
+ xo->seq.hi++;
+
esp.seqno = cpu_to_be64(xo->seq.low + ((u64)xo->seq.hi << 32));
len = skb->len - sizeof(struct ipv6hdr);
diff --git a/net/xfrm/xfrm_device.c b/net/xfrm/xfrm_device.c
index 637ca8838436..9af6bf1652e4 100644
--- a/net/xfrm/xfrm_device.c
+++ b/net/xfrm/xfrm_device.c
@@ -97,6 +97,18 @@ static void xfrm_outer_mode_prep(struct xfrm_state *x, struct sk_buff *skb)
}
}
+static inline bool xmit_xfrm_check_overflow(struct sk_buff *skb)
+{
+ struct xfrm_offload *xo = xfrm_offload(skb);
+ __u32 seq = xo->seq.low;
+
+ seq += skb_shinfo(skb)->gso_segs;
+ if (unlikely(seq < xo->seq.low))
+ return true;
+
+ return false;
+}
+
struct sk_buff *validate_xmit_xfrm(struct sk_buff *skb, netdev_features_t features, bool *again)
{
int err;
@@ -134,7 +146,8 @@ struct sk_buff *validate_xmit_xfrm(struct sk_buff *skb, netdev_features_t featur
return skb;
}
- if (skb_is_gso(skb) && unlikely(x->xso.dev != dev)) {
+ if (skb_is_gso(skb) && (unlikely(x->xso.dev != dev) ||
+ unlikely(xmit_xfrm_check_overflow(skb)))) {
struct sk_buff *segs;
/* Packet got rerouted, fixup features and segment it. */
diff --git a/net/xfrm/xfrm_replay.c b/net/xfrm/xfrm_replay.c
index 9277d81b344c..49dd788859d8 100644
--- a/net/xfrm/xfrm_replay.c
+++ b/net/xfrm/xfrm_replay.c
@@ -714,7 +714,7 @@ static int xfrm_replay_overflow_offload_esn(struct xfrm_state *x, struct sk_buff
oseq += skb_shinfo(skb)->gso_segs;
}
- if (unlikely(oseq < replay_esn->oseq)) {
+ if (unlikely(xo->seq.low < replay_esn->oseq)) {
XFRM_SKB_CB(skb)->seq.output.hi = ++oseq_hi;
xo->seq.hi = oseq_hi;
replay_esn->oseq_hi = oseq_hi;
--
2.35.1
^ permalink raw reply related [flat|nested] 305+ messages in thread
* [PATCH 6.0 047/289] af_key: Fix send_acquire race with pfkey_register
2022-11-30 18:19 [PATCH 6.0 000/289] 6.0.11-rc1 review Greg Kroah-Hartman
` (45 preceding siblings ...)
2022-11-30 18:20 ` [PATCH 6.0 046/289] xfrm: replay: Fix ESN wrap around for GSO Greg Kroah-Hartman
@ 2022-11-30 18:20 ` Greg Kroah-Hartman
2022-11-30 18:20 ` [PATCH 6.0 048/289] power: supply: ip5xxx: Fix integer overflow in current_now calculation Greg Kroah-Hartman
` (251 subsequent siblings)
298 siblings, 0 replies; 305+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-30 18:20 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, syzbot+1e9af9185d8850e2c2fa,
Herbert Xu, Sabrina Dubroca, Eric Dumazet, Steffen Klassert,
Sasha Levin
From: Herbert Xu <herbert@gondor.apana.org.au>
[ Upstream commit 7f57f8165cb6d2c206e2b9ada53b9e2d6d8af42f ]
The function pfkey_send_acquire may race with pfkey_register
(which could even be in a different name space). This may result
in a buffer overrun.
Allocating the maximum amount of memory that could be used prevents
this.
Reported-by: syzbot+1e9af9185d8850e2c2fa@syzkaller.appspotmail.com
Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2")
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Reviewed-by: Sabrina Dubroca <sd@queasysnail.net>
Reviewed-by: Eric Dumazet <edumazet@google.com>
Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
net/key/af_key.c | 32 ++++++++++++++++++++++----------
1 file changed, 22 insertions(+), 10 deletions(-)
diff --git a/net/key/af_key.c b/net/key/af_key.c
index c85df5b958d2..213287814328 100644
--- a/net/key/af_key.c
+++ b/net/key/af_key.c
@@ -2905,7 +2905,7 @@ static int count_ah_combs(const struct xfrm_tmpl *t)
break;
if (!aalg->pfkey_supported)
continue;
- if (aalg_tmpl_set(t, aalg) && aalg->available)
+ if (aalg_tmpl_set(t, aalg))
sz += sizeof(struct sadb_comb);
}
return sz + sizeof(struct sadb_prop);
@@ -2923,7 +2923,7 @@ static int count_esp_combs(const struct xfrm_tmpl *t)
if (!ealg->pfkey_supported)
continue;
- if (!(ealg_tmpl_set(t, ealg) && ealg->available))
+ if (!(ealg_tmpl_set(t, ealg)))
continue;
for (k = 1; ; k++) {
@@ -2934,16 +2934,17 @@ static int count_esp_combs(const struct xfrm_tmpl *t)
if (!aalg->pfkey_supported)
continue;
- if (aalg_tmpl_set(t, aalg) && aalg->available)
+ if (aalg_tmpl_set(t, aalg))
sz += sizeof(struct sadb_comb);
}
}
return sz + sizeof(struct sadb_prop);
}
-static void dump_ah_combs(struct sk_buff *skb, const struct xfrm_tmpl *t)
+static int dump_ah_combs(struct sk_buff *skb, const struct xfrm_tmpl *t)
{
struct sadb_prop *p;
+ int sz = 0;
int i;
p = skb_put(skb, sizeof(struct sadb_prop));
@@ -2971,13 +2972,17 @@ static void dump_ah_combs(struct sk_buff *skb, const struct xfrm_tmpl *t)
c->sadb_comb_soft_addtime = 20*60*60;
c->sadb_comb_hard_usetime = 8*60*60;
c->sadb_comb_soft_usetime = 7*60*60;
+ sz += sizeof(*c);
}
}
+
+ return sz + sizeof(*p);
}
-static void dump_esp_combs(struct sk_buff *skb, const struct xfrm_tmpl *t)
+static int dump_esp_combs(struct sk_buff *skb, const struct xfrm_tmpl *t)
{
struct sadb_prop *p;
+ int sz = 0;
int i, k;
p = skb_put(skb, sizeof(struct sadb_prop));
@@ -3019,8 +3024,11 @@ static void dump_esp_combs(struct sk_buff *skb, const struct xfrm_tmpl *t)
c->sadb_comb_soft_addtime = 20*60*60;
c->sadb_comb_hard_usetime = 8*60*60;
c->sadb_comb_soft_usetime = 7*60*60;
+ sz += sizeof(*c);
}
}
+
+ return sz + sizeof(*p);
}
static int key_notify_policy_expire(struct xfrm_policy *xp, const struct km_event *c)
@@ -3150,6 +3158,7 @@ static int pfkey_send_acquire(struct xfrm_state *x, struct xfrm_tmpl *t, struct
struct sadb_x_sec_ctx *sec_ctx;
struct xfrm_sec_ctx *xfrm_ctx;
int ctx_size = 0;
+ int alg_size = 0;
sockaddr_size = pfkey_sockaddr_size(x->props.family);
if (!sockaddr_size)
@@ -3161,16 +3170,16 @@ static int pfkey_send_acquire(struct xfrm_state *x, struct xfrm_tmpl *t, struct
sizeof(struct sadb_x_policy);
if (x->id.proto == IPPROTO_AH)
- size += count_ah_combs(t);
+ alg_size = count_ah_combs(t);
else if (x->id.proto == IPPROTO_ESP)
- size += count_esp_combs(t);
+ alg_size = count_esp_combs(t);
if ((xfrm_ctx = x->security)) {
ctx_size = PFKEY_ALIGN8(xfrm_ctx->ctx_len);
size += sizeof(struct sadb_x_sec_ctx) + ctx_size;
}
- skb = alloc_skb(size + 16, GFP_ATOMIC);
+ skb = alloc_skb(size + alg_size + 16, GFP_ATOMIC);
if (skb == NULL)
return -ENOMEM;
@@ -3224,10 +3233,13 @@ static int pfkey_send_acquire(struct xfrm_state *x, struct xfrm_tmpl *t, struct
pol->sadb_x_policy_priority = xp->priority;
/* Set sadb_comb's. */
+ alg_size = 0;
if (x->id.proto == IPPROTO_AH)
- dump_ah_combs(skb, t);
+ alg_size = dump_ah_combs(skb, t);
else if (x->id.proto == IPPROTO_ESP)
- dump_esp_combs(skb, t);
+ alg_size = dump_esp_combs(skb, t);
+
+ hdr->sadb_msg_len += alg_size / 8;
/* security context */
if (xfrm_ctx) {
--
2.35.1
^ permalink raw reply related [flat|nested] 305+ messages in thread
* [PATCH 6.0 048/289] power: supply: ip5xxx: Fix integer overflow in current_now calculation
2022-11-30 18:19 [PATCH 6.0 000/289] 6.0.11-rc1 review Greg Kroah-Hartman
` (46 preceding siblings ...)
2022-11-30 18:20 ` [PATCH 6.0 047/289] af_key: Fix send_acquire race with pfkey_register Greg Kroah-Hartman
@ 2022-11-30 18:20 ` Greg Kroah-Hartman
2022-11-30 18:20 ` [PATCH 6.0 049/289] power: supply: ab8500: Defer thermal zone probe Greg Kroah-Hartman
` (250 subsequent siblings)
298 siblings, 0 replies; 305+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-30 18:20 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Ondrej Jirman, Samuel Holland,
Sebastian Reichel, Sasha Levin
From: Ondrej Jirman <megi@xff.cz>
[ Upstream commit f9be5cb6c1f0191f8bcf4413b7e17e58e8dfaaa1 ]
When current is larger than ~2A, the multiplication in current_now
property overflows and the kernel reports invalid negative current
value. Change the numerator and denominator while preserving their
ratio to allow up to +-6A before the overflow.
Fixes: 75853406fa27 ("power: supply: Add a driver for Injoinic power bank ICs")
Signed-off-by: Ondrej Jirman <megi@xff.cz>
Reviewed-by: Samuel Holland <samuel@sholland.org>
[use 149197/200 instead of 261095/350 as suggested by Samuel]
Signed-off-by: Sebastian Reichel <sebastian.reichel@collabora.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/power/supply/ip5xxx_power.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/power/supply/ip5xxx_power.c b/drivers/power/supply/ip5xxx_power.c
index 218e8e689a3f..00221e9c0bfc 100644
--- a/drivers/power/supply/ip5xxx_power.c
+++ b/drivers/power/supply/ip5xxx_power.c
@@ -352,7 +352,7 @@ static int ip5xxx_battery_get_property(struct power_supply *psy,
ret = ip5xxx_battery_read_adc(ip5xxx, IP5XXX_BATIADC_DAT0,
IP5XXX_BATIADC_DAT1, &raw);
- val->intval = DIV_ROUND_CLOSEST(raw * 745985, 1000);
+ val->intval = DIV_ROUND_CLOSEST(raw * 149197, 200);
return 0;
case POWER_SUPPLY_PROP_CONSTANT_CHARGE_CURRENT:
--
2.35.1
^ permalink raw reply related [flat|nested] 305+ messages in thread
* [PATCH 6.0 049/289] power: supply: ab8500: Defer thermal zone probe
2022-11-30 18:19 [PATCH 6.0 000/289] 6.0.11-rc1 review Greg Kroah-Hartman
` (47 preceding siblings ...)
2022-11-30 18:20 ` [PATCH 6.0 048/289] power: supply: ip5xxx: Fix integer overflow in current_now calculation Greg Kroah-Hartman
@ 2022-11-30 18:20 ` Greg Kroah-Hartman
2022-11-30 18:20 ` [PATCH 6.0 050/289] ARM: dts: am335x-pcm-953: Define fixed regulators in root node Greg Kroah-Hartman
` (249 subsequent siblings)
298 siblings, 0 replies; 305+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-30 18:20 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, phone-devel, Linus Walleij,
Sebastian Reichel, Sasha Levin
From: Linus Walleij <linus.walleij@linaro.org>
[ Upstream commit 767e684367e4759d9855b184045b7a9d6b19acd2 ]
The call thermal_zone_get_zone_by_name() used to return the
thermal zone right away, but recent refactorings in the
thermal core has changed this so the thermal zone used by
the battery is probed later, and the call returns -ENODEV.
This was always quite fragile. If we get -ENODEV, then
return a -EPROBE_DEFER and try again later.
Cc: phone-devel@vger.kernel.org
Fixes: 2b0e7ac0841b ("power: supply: ab8500: Integrate thermal zone")
Signed-off-by: Linus Walleij <linus.walleij@linaro.org>
Signed-off-by: Sebastian Reichel <sebastian.reichel@collabora.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/power/supply/ab8500_btemp.c | 9 ++++++++-
1 file changed, 8 insertions(+), 1 deletion(-)
diff --git a/drivers/power/supply/ab8500_btemp.c b/drivers/power/supply/ab8500_btemp.c
index 863fabe05bdc..307ee6f71042 100644
--- a/drivers/power/supply/ab8500_btemp.c
+++ b/drivers/power/supply/ab8500_btemp.c
@@ -725,7 +725,14 @@ static int ab8500_btemp_probe(struct platform_device *pdev)
/* Get thermal zone and ADC */
di->tz = thermal_zone_get_zone_by_name("battery-thermal");
if (IS_ERR(di->tz)) {
- return dev_err_probe(dev, PTR_ERR(di->tz),
+ ret = PTR_ERR(di->tz);
+ /*
+ * This usually just means we are probing before the thermal
+ * zone, so just defer.
+ */
+ if (ret == -ENODEV)
+ ret = -EPROBE_DEFER;
+ return dev_err_probe(dev, ret,
"failed to get battery thermal zone\n");
}
di->bat_ctrl = devm_iio_channel_get(dev, "bat_ctrl");
--
2.35.1
^ permalink raw reply related [flat|nested] 305+ messages in thread
* [PATCH 6.0 050/289] ARM: dts: am335x-pcm-953: Define fixed regulators in root node
2022-11-30 18:19 [PATCH 6.0 000/289] 6.0.11-rc1 review Greg Kroah-Hartman
` (48 preceding siblings ...)
2022-11-30 18:20 ` [PATCH 6.0 049/289] power: supply: ab8500: Defer thermal zone probe Greg Kroah-Hartman
@ 2022-11-30 18:20 ` Greg Kroah-Hartman
2022-11-30 18:20 ` [PATCH 6.0 051/289] ASoC: Intel: Skylake: Introduce HDA codec init and exit routines Greg Kroah-Hartman
` (248 subsequent siblings)
298 siblings, 0 replies; 305+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-30 18:20 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Dominik Haller, Tony Lindgren, Sasha Levin
From: Dominik Haller <d.haller@phytec.de>
[ Upstream commit 8950f345a67d8046d2472dd6ea81fa18ef5b4844 ]
Remove the regulators node and define fixed regulators in the root node.
Prevents the sdhci-omap driver from waiting in probe deferral forever
because of the missing vmmc-supply and keeps am335x-pcm-953 consistent with
the other Phytec AM335 boards.
Fixes: bb07a829ec38 ("ARM: dts: Add support for phyCORE-AM335x PCM-953 carrier board")
Signed-off-by: Dominik Haller <d.haller@phytec.de>
Message-Id: <20221011143115.248003-1-d.haller@phytec.de>
Signed-off-by: Tony Lindgren <tony@atomide.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/arm/boot/dts/am335x-pcm-953.dtsi | 28 +++++++++++++--------------
1 file changed, 13 insertions(+), 15 deletions(-)
diff --git a/arch/arm/boot/dts/am335x-pcm-953.dtsi b/arch/arm/boot/dts/am335x-pcm-953.dtsi
index dae448040a97..947497413977 100644
--- a/arch/arm/boot/dts/am335x-pcm-953.dtsi
+++ b/arch/arm/boot/dts/am335x-pcm-953.dtsi
@@ -12,22 +12,20 @@ / {
compatible = "phytec,am335x-pcm-953", "phytec,am335x-phycore-som", "ti,am33xx";
/* Power */
- regulators {
- vcc3v3: fixedregulator@1 {
- compatible = "regulator-fixed";
- regulator-name = "vcc3v3";
- regulator-min-microvolt = <3300000>;
- regulator-max-microvolt = <3300000>;
- regulator-boot-on;
- };
+ vcc3v3: fixedregulator1 {
+ compatible = "regulator-fixed";
+ regulator-name = "vcc3v3";
+ regulator-min-microvolt = <3300000>;
+ regulator-max-microvolt = <3300000>;
+ regulator-boot-on;
+ };
- vcc1v8: fixedregulator@2 {
- compatible = "regulator-fixed";
- regulator-name = "vcc1v8";
- regulator-min-microvolt = <1800000>;
- regulator-max-microvolt = <1800000>;
- regulator-boot-on;
- };
+ vcc1v8: fixedregulator2 {
+ compatible = "regulator-fixed";
+ regulator-name = "vcc1v8";
+ regulator-min-microvolt = <1800000>;
+ regulator-max-microvolt = <1800000>;
+ regulator-boot-on;
};
/* User IO */
--
2.35.1
^ permalink raw reply related [flat|nested] 305+ messages in thread
* [PATCH 6.0 051/289] ASoC: Intel: Skylake: Introduce HDA codec init and exit routines
2022-11-30 18:19 [PATCH 6.0 000/289] 6.0.11-rc1 review Greg Kroah-Hartman
` (49 preceding siblings ...)
2022-11-30 18:20 ` [PATCH 6.0 050/289] ARM: dts: am335x-pcm-953: Define fixed regulators in root node Greg Kroah-Hartman
@ 2022-11-30 18:20 ` Greg Kroah-Hartman
2022-11-30 18:20 ` [PATCH 6.0 052/289] ASoC: SOF: Intel: " Greg Kroah-Hartman
` (247 subsequent siblings)
298 siblings, 0 replies; 305+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-30 18:20 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Kai Vehmanen, Pierre-Louis Bossart,
Cezary Rojewski, Mark Brown, Takashi Iwai, Sasha Levin
From: Cezary Rojewski <cezary.rojewski@intel.com>
[ Upstream commit e4746d94d00c52918461bc169e009b6784a38e21 ]
Preliminary step in making snd_hda_codec_device_init() the only
constructor for struct hda_codec instances. To do that, existing usage
of hdac_ext equivalents has to be dropped.
Reviewed-by: Kai Vehmanen <kai.vehmanen@linux.intel.com>
Reviewed-by: Pierre-Louis Bossart <pierre-louis.bossart@linux.intel.com>
Signed-off-by: Cezary Rojewski <cezary.rojewski@intel.com>
Acked-by: Mark Brown <broonie@kernel.org>
Link: https://lore.kernel.org/r/20220816111727.3218543-2-cezary.rojewski@intel.com
Signed-off-by: Takashi Iwai <tiwai@suse.de>
Stable-dep-of: 37882100cd06 ("ASoC: hdac_hda: fix hda pcm buffer overflow issue")
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
sound/soc/intel/skylake/skl.c | 29 +++++++++++++++++++++++++++++
1 file changed, 29 insertions(+)
diff --git a/sound/soc/intel/skylake/skl.c b/sound/soc/intel/skylake/skl.c
index aeca58246fc7..33b0ed6b0534 100644
--- a/sound/soc/intel/skylake/skl.c
+++ b/sound/soc/intel/skylake/skl.c
@@ -689,6 +689,35 @@ static void load_codec_module(struct hda_codec *codec)
#endif /* CONFIG_SND_SOC_INTEL_SKYLAKE_HDAUDIO_CODEC */
+static void skl_codec_device_exit(struct device *dev)
+{
+ snd_hdac_device_exit(dev_to_hdac_dev(dev));
+}
+
+static __maybe_unused struct hda_codec *skl_codec_device_init(struct hdac_bus *bus, int addr)
+{
+ struct hda_codec *codec;
+ int ret;
+
+ codec = snd_hda_codec_device_init(to_hda_bus(bus), addr, "ehdaudio%dD%d", bus->idx, addr);
+ if (IS_ERR(codec)) {
+ dev_err(bus->dev, "device init failed for hdac device\n");
+ return codec;
+ }
+
+ codec->core.type = HDA_DEV_ASOC;
+ codec->core.dev.release = skl_codec_device_exit;
+
+ ret = snd_hdac_device_register(&codec->core);
+ if (ret) {
+ dev_err(bus->dev, "failed to register hdac device\n");
+ snd_hdac_device_exit(&codec->core);
+ return ERR_PTR(ret);
+ }
+
+ return codec;
+}
+
/*
* Probe the given codec address
*/
--
2.35.1
^ permalink raw reply related [flat|nested] 305+ messages in thread
* [PATCH 6.0 052/289] ASoC: SOF: Intel: Introduce HDA codec init and exit routines
2022-11-30 18:19 [PATCH 6.0 000/289] 6.0.11-rc1 review Greg Kroah-Hartman
` (50 preceding siblings ...)
2022-11-30 18:20 ` [PATCH 6.0 051/289] ASoC: Intel: Skylake: Introduce HDA codec init and exit routines Greg Kroah-Hartman
@ 2022-11-30 18:20 ` Greg Kroah-Hartman
2022-11-30 18:20 ` [PATCH 6.0 053/289] ASoC: Intel: Drop hdac_ext usage for codec device creation Greg Kroah-Hartman
` (246 subsequent siblings)
298 siblings, 0 replies; 305+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-30 18:20 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Kai Vehmanen, Pierre-Louis Bossart,
Cezary Rojewski, Mark Brown, Takashi Iwai, Sasha Levin
From: Cezary Rojewski <cezary.rojewski@intel.com>
[ Upstream commit 829c67319806009abfe3b0b82b3b8b153a2c5e32 ]
Preliminary step in making snd_hda_codec_device_init() the only
constructor for struct hda_codec instances. To do that, existing usage
of hdac_ext equivalents has to be dropped.
Reviewed-by: Kai Vehmanen <kai.vehmanen@linux.intel.com>
Reviewed-by: Pierre-Louis Bossart <pierre-louis.bossart@linux.intel.com>
Signed-off-by: Cezary Rojewski <cezary.rojewski@intel.com>
Acked-by: Mark Brown <broonie@kernel.org>
Link: https://lore.kernel.org/r/20220816111727.3218543-3-cezary.rojewski@intel.com
Signed-off-by: Takashi Iwai <tiwai@suse.de>
Stable-dep-of: 37882100cd06 ("ASoC: hdac_hda: fix hda pcm buffer overflow issue")
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
sound/soc/sof/intel/hda-codec.c | 30 ++++++++++++++++++++++++++++++
1 file changed, 30 insertions(+)
diff --git a/sound/soc/sof/intel/hda-codec.c b/sound/soc/sof/intel/hda-codec.c
index 2f3f4a733d9e..4c128ba02340 100644
--- a/sound/soc/sof/intel/hda-codec.c
+++ b/sound/soc/sof/intel/hda-codec.c
@@ -109,6 +109,36 @@ EXPORT_SYMBOL_NS(hda_codec_jack_check, SND_SOC_SOF_HDA_AUDIO_CODEC);
#define is_generic_config(x) 0
#endif
+static void hda_codec_device_exit(struct device *dev)
+{
+ snd_hdac_device_exit(dev_to_hdac_dev(dev));
+}
+
+static __maybe_unused struct hda_codec *
+hda_codec_device_init(struct hdac_bus *bus, int addr, int type)
+{
+ struct hda_codec *codec;
+ int ret;
+
+ codec = snd_hda_codec_device_init(to_hda_bus(bus), addr, "ehdaudio%dD%d", bus->idx, addr);
+ if (IS_ERR(codec)) {
+ dev_err(bus->dev, "device init failed for hdac device\n");
+ return codec;
+ }
+
+ codec->core.type = type;
+ codec->core.dev.release = hda_codec_device_exit;
+
+ ret = snd_hdac_device_register(&codec->core);
+ if (ret) {
+ dev_err(bus->dev, "failed to register hdac device\n");
+ snd_hdac_device_exit(&codec->core);
+ return ERR_PTR(ret);
+ }
+
+ return codec;
+}
+
/* probe individual codec */
static int hda_codec_probe(struct snd_sof_dev *sdev, int address,
bool hda_codec_use_common_hdmi)
--
2.35.1
^ permalink raw reply related [flat|nested] 305+ messages in thread
* [PATCH 6.0 053/289] ASoC: Intel: Drop hdac_ext usage for codec device creation
2022-11-30 18:19 [PATCH 6.0 000/289] 6.0.11-rc1 review Greg Kroah-Hartman
` (51 preceding siblings ...)
2022-11-30 18:20 ` [PATCH 6.0 052/289] ASoC: SOF: Intel: " Greg Kroah-Hartman
@ 2022-11-30 18:20 ` Greg Kroah-Hartman
2022-11-30 18:20 ` [PATCH 6.0 054/289] ASoC: hdac_hda: fix hda pcm buffer overflow issue Greg Kroah-Hartman
` (245 subsequent siblings)
298 siblings, 0 replies; 305+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-30 18:20 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Kai Vehmanen, Pierre-Louis Bossart,
Cezary Rojewski, Mark Brown, Takashi Iwai, Sasha Levin
From: Cezary Rojewski <cezary.rojewski@intel.com>
[ Upstream commit 3fd63658caed9494cca1d4789a66d3d2def2a0ab ]
To make snd_hda_codec_device_init() the only constructor for struct
hda_codec instances remaining tasks are:
1) no struct may wrap struct hda_codec as its base type
2) bus drivers (skylake and sof) which are the current hdac_ext users
need to be adjusted to make use of newly added codec init and exit
routines instead
3) as bus drivers (skylake and sof) are to be responsible for creating
codec device and assigning it to hdac_hda_priv->codec,
hdac_hda_dev_probe() has to be freed of that job
To keep git bisect happy, all of these in made in one-go.
Reviewed-by: Kai Vehmanen <kai.vehmanen@linux.intel.com>
Reviewed-by: Pierre-Louis Bossart <pierre-louis.bossart@linux.intel.com>
Signed-off-by: Cezary Rojewski <cezary.rojewski@intel.com>
Acked-by: Mark Brown <broonie@kernel.org>
Link: https://lore.kernel.org/r/20220816111727.3218543-4-cezary.rojewski@intel.com
Signed-off-by: Takashi Iwai <tiwai@suse.de>
Stable-dep-of: 37882100cd06 ("ASoC: hdac_hda: fix hda pcm buffer overflow issue")
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
sound/soc/codecs/hdac_hda.c | 26 +++++++-----------
sound/soc/codecs/hdac_hda.h | 2 +-
sound/soc/intel/boards/hda_dsp_common.c | 2 +-
sound/soc/intel/boards/skl_hda_dsp_generic.c | 2 +-
sound/soc/intel/skylake/skl.c | 26 ++++++++----------
sound/soc/sof/intel/hda-codec.c | 29 ++++++++------------
6 files changed, 36 insertions(+), 51 deletions(-)
diff --git a/sound/soc/codecs/hdac_hda.c b/sound/soc/codecs/hdac_hda.c
index 8debcee59224..77df4c5b274a 100644
--- a/sound/soc/codecs/hdac_hda.c
+++ b/sound/soc/codecs/hdac_hda.c
@@ -246,7 +246,7 @@ static int hdac_hda_dai_hw_free(struct snd_pcm_substream *substream,
return -EINVAL;
hda_stream = &pcm->stream[substream->stream];
- snd_hda_codec_cleanup(&hda_pvt->codec, hda_stream, substream);
+ snd_hda_codec_cleanup(hda_pvt->codec, hda_stream, substream);
return 0;
}
@@ -264,7 +264,7 @@ static int hdac_hda_dai_prepare(struct snd_pcm_substream *substream,
int ret = 0;
hda_pvt = snd_soc_component_get_drvdata(component);
- hdev = &hda_pvt->codec.core;
+ hdev = &hda_pvt->codec->core;
pcm = snd_soc_find_pcm_from_dai(hda_pvt, dai);
if (!pcm)
return -EINVAL;
@@ -274,7 +274,7 @@ static int hdac_hda_dai_prepare(struct snd_pcm_substream *substream,
stream = hda_pvt->pcm[dai->id].stream_tag[substream->stream];
format_val = hda_pvt->pcm[dai->id].format_val[substream->stream];
- ret = snd_hda_codec_prepare(&hda_pvt->codec, hda_stream,
+ ret = snd_hda_codec_prepare(hda_pvt->codec, hda_stream,
stream, format_val, substream);
if (ret < 0)
dev_err(&hdev->dev, "codec prepare failed %d\n", ret);
@@ -299,7 +299,7 @@ static int hdac_hda_dai_open(struct snd_pcm_substream *substream,
hda_stream = &pcm->stream[substream->stream];
- return hda_stream->ops.open(hda_stream, &hda_pvt->codec, substream);
+ return hda_stream->ops.open(hda_stream, hda_pvt->codec, substream);
}
static void hdac_hda_dai_close(struct snd_pcm_substream *substream,
@@ -317,7 +317,7 @@ static void hdac_hda_dai_close(struct snd_pcm_substream *substream,
hda_stream = &pcm->stream[substream->stream];
- hda_stream->ops.close(hda_stream, &hda_pvt->codec, substream);
+ hda_stream->ops.close(hda_stream, hda_pvt->codec, substream);
snd_hda_codec_pcm_put(pcm);
}
@@ -325,7 +325,7 @@ static void hdac_hda_dai_close(struct snd_pcm_substream *substream,
static struct hda_pcm *snd_soc_find_pcm_from_dai(struct hdac_hda_priv *hda_pvt,
struct snd_soc_dai *dai)
{
- struct hda_codec *hcodec = &hda_pvt->codec;
+ struct hda_codec *hcodec = hda_pvt->codec;
struct hda_pcm *cpcm;
const char *pcm_name;
@@ -394,8 +394,8 @@ static int hdac_hda_codec_probe(struct snd_soc_component *component)
snd_soc_component_get_drvdata(component);
struct snd_soc_dapm_context *dapm =
snd_soc_component_get_dapm(component);
- struct hdac_device *hdev = &hda_pvt->codec.core;
- struct hda_codec *hcodec = &hda_pvt->codec;
+ struct hdac_device *hdev = &hda_pvt->codec->core;
+ struct hda_codec *hcodec = hda_pvt->codec;
struct hdac_ext_link *hlink;
hda_codec_patch_t patch;
int ret;
@@ -515,8 +515,8 @@ static void hdac_hda_codec_remove(struct snd_soc_component *component)
{
struct hdac_hda_priv *hda_pvt =
snd_soc_component_get_drvdata(component);
- struct hdac_device *hdev = &hda_pvt->codec.core;
- struct hda_codec *codec = &hda_pvt->codec;
+ struct hdac_device *hdev = &hda_pvt->codec->core;
+ struct hda_codec *codec = hda_pvt->codec;
struct hdac_ext_link *hlink = NULL;
hlink = snd_hdac_ext_bus_get_link(hdev->bus, dev_name(&hdev->dev));
@@ -584,7 +584,6 @@ static const struct snd_soc_component_driver hdac_hda_codec = {
static int hdac_hda_dev_probe(struct hdac_device *hdev)
{
struct hdac_ext_link *hlink;
- struct hdac_hda_priv *hda_pvt;
int ret;
/* hold the ref while we probe */
@@ -595,10 +594,6 @@ static int hdac_hda_dev_probe(struct hdac_device *hdev)
}
snd_hdac_ext_bus_link_get(hdev->bus, hlink);
- hda_pvt = hdac_to_hda_priv(hdev);
- if (!hda_pvt)
- return -ENOMEM;
-
/* ASoC specific initialization */
ret = devm_snd_soc_register_component(&hdev->dev,
&hdac_hda_codec, hdac_hda_dais,
@@ -608,7 +603,6 @@ static int hdac_hda_dev_probe(struct hdac_device *hdev)
return ret;
}
- dev_set_drvdata(&hdev->dev, hda_pvt);
snd_hdac_ext_bus_link_put(hdev->bus, hlink);
return ret;
diff --git a/sound/soc/codecs/hdac_hda.h b/sound/soc/codecs/hdac_hda.h
index d0efc5e254ae..fc19c34ca00e 100644
--- a/sound/soc/codecs/hdac_hda.h
+++ b/sound/soc/codecs/hdac_hda.h
@@ -23,7 +23,7 @@ struct hdac_hda_pcm {
};
struct hdac_hda_priv {
- struct hda_codec codec;
+ struct hda_codec *codec;
struct hdac_hda_pcm pcm[HDAC_LAST_DAI_ID];
bool need_display_power;
};
diff --git a/sound/soc/intel/boards/hda_dsp_common.c b/sound/soc/intel/boards/hda_dsp_common.c
index 83c7dfbccd9d..04b7d4f7f9e2 100644
--- a/sound/soc/intel/boards/hda_dsp_common.c
+++ b/sound/soc/intel/boards/hda_dsp_common.c
@@ -54,7 +54,7 @@ int hda_dsp_hdmi_build_controls(struct snd_soc_card *card,
return -EINVAL;
hda_pvt = snd_soc_component_get_drvdata(comp);
- hcodec = &hda_pvt->codec;
+ hcodec = hda_pvt->codec;
list_for_each_entry(hpcm, &hcodec->pcm_list_head, list) {
spcm = hda_dsp_hdmi_pcm_handle(card, i);
diff --git a/sound/soc/intel/boards/skl_hda_dsp_generic.c b/sound/soc/intel/boards/skl_hda_dsp_generic.c
index 81144efb4b44..879ebba52832 100644
--- a/sound/soc/intel/boards/skl_hda_dsp_generic.c
+++ b/sound/soc/intel/boards/skl_hda_dsp_generic.c
@@ -190,7 +190,7 @@ static void skl_set_hda_codec_autosuspend_delay(struct snd_soc_card *card)
* all codecs are on the same bus, so it's sufficient
* to look up only the first one
*/
- snd_hda_set_power_save(hda_pvt->codec.bus,
+ snd_hda_set_power_save(hda_pvt->codec->bus,
HDA_CODEC_AUTOSUSPEND_DELAY_MS);
break;
}
diff --git a/sound/soc/intel/skylake/skl.c b/sound/soc/intel/skylake/skl.c
index 33b0ed6b0534..c7c1cad2a753 100644
--- a/sound/soc/intel/skylake/skl.c
+++ b/sound/soc/intel/skylake/skl.c
@@ -694,7 +694,7 @@ static void skl_codec_device_exit(struct device *dev)
snd_hdac_device_exit(dev_to_hdac_dev(dev));
}
-static __maybe_unused struct hda_codec *skl_codec_device_init(struct hdac_bus *bus, int addr)
+static struct hda_codec *skl_codec_device_init(struct hdac_bus *bus, int addr)
{
struct hda_codec *codec;
int ret;
@@ -729,9 +729,8 @@ static int probe_codec(struct hdac_bus *bus, int addr)
struct skl_dev *skl = bus_to_skl(bus);
#if IS_ENABLED(CONFIG_SND_SOC_INTEL_SKYLAKE_HDAUDIO_CODEC)
struct hdac_hda_priv *hda_codec;
- int err;
#endif
- struct hdac_device *hdev;
+ struct hda_codec *codec;
mutex_lock(&bus->cmd_mutex);
snd_hdac_bus_send_cmd(bus, cmd);
@@ -747,25 +746,22 @@ static int probe_codec(struct hdac_bus *bus, int addr)
if (!hda_codec)
return -ENOMEM;
- hda_codec->codec.bus = skl_to_hbus(skl);
- hdev = &hda_codec->codec.core;
+ codec = skl_codec_device_init(bus, addr);
+ if (IS_ERR(codec))
+ return PTR_ERR(codec);
- err = snd_hdac_ext_bus_device_init(bus, addr, hdev, HDA_DEV_ASOC);
- if (err < 0)
- return err;
+ hda_codec->codec = codec;
+ dev_set_drvdata(&codec->core.dev, hda_codec);
/* use legacy bus only for HDA codecs, idisp uses ext bus */
if ((res & 0xFFFF0000) != IDISP_INTEL_VENDOR_ID) {
- hdev->type = HDA_DEV_LEGACY;
- load_codec_module(&hda_codec->codec);
+ codec->core.type = HDA_DEV_LEGACY;
+ load_codec_module(hda_codec->codec);
}
return 0;
#else
- hdev = devm_kzalloc(&skl->pci->dev, sizeof(*hdev), GFP_KERNEL);
- if (!hdev)
- return -ENOMEM;
-
- return snd_hdac_ext_bus_device_init(bus, addr, hdev, HDA_DEV_ASOC);
+ codec = skl_codec_device_init(bus, addr);
+ return PTR_ERR_OR_ZERO(codec);
#endif /* CONFIG_SND_SOC_INTEL_SKYLAKE_HDAUDIO_CODEC */
}
diff --git a/sound/soc/sof/intel/hda-codec.c b/sound/soc/sof/intel/hda-codec.c
index 4c128ba02340..73336648cd25 100644
--- a/sound/soc/sof/intel/hda-codec.c
+++ b/sound/soc/sof/intel/hda-codec.c
@@ -114,8 +114,7 @@ static void hda_codec_device_exit(struct device *dev)
snd_hdac_device_exit(dev_to_hdac_dev(dev));
}
-static __maybe_unused struct hda_codec *
-hda_codec_device_init(struct hdac_bus *bus, int addr, int type)
+static struct hda_codec *hda_codec_device_init(struct hdac_bus *bus, int addr, int type)
{
struct hda_codec *codec;
int ret;
@@ -145,11 +144,10 @@ static int hda_codec_probe(struct snd_sof_dev *sdev, int address,
{
#if IS_ENABLED(CONFIG_SND_SOC_SOF_HDA_AUDIO_CODEC)
struct hdac_hda_priv *hda_priv;
- struct hda_codec *codec;
int type = HDA_DEV_LEGACY;
#endif
struct hda_bus *hbus = sof_to_hbus(sdev);
- struct hdac_device *hdev;
+ struct hda_codec *codec;
u32 hda_cmd = (address << 28) | (AC_NODE_ROOT << 20) |
(AC_VERB_PARAMETERS << 8) | AC_PAR_VENDOR_ID;
u32 resp = -1;
@@ -172,20 +170,20 @@ static int hda_codec_probe(struct snd_sof_dev *sdev, int address,
if (!hda_priv)
return -ENOMEM;
- hda_priv->codec.bus = hbus;
- hdev = &hda_priv->codec.core;
- codec = &hda_priv->codec;
-
/* only probe ASoC codec drivers for HDAC-HDMI */
if (!hda_codec_use_common_hdmi && (resp & 0xFFFF0000) == IDISP_VID_INTEL)
type = HDA_DEV_ASOC;
- ret = snd_hdac_ext_bus_device_init(&hbus->core, address, hdev, type);
+ codec = hda_codec_device_init(&hbus->core, address, type);
+ ret = PTR_ERR_OR_ZERO(codec);
if (ret < 0)
return ret;
+ hda_priv->codec = codec;
+ dev_set_drvdata(&codec->core.dev, hda_priv);
+
if ((resp & 0xFFFF0000) == IDISP_VID_INTEL) {
- if (!hdev->bus->audio_component) {
+ if (!hbus->core.audio_component) {
dev_dbg(sdev->dev,
"iDisp hw present but no driver\n");
ret = -ENOENT;
@@ -211,15 +209,12 @@ static int hda_codec_probe(struct snd_sof_dev *sdev, int address,
out:
if (ret < 0) {
- snd_hdac_device_unregister(hdev);
- put_device(&hdev->dev);
+ snd_hdac_device_unregister(&codec->core);
+ put_device(&codec->core.dev);
}
#else
- hdev = devm_kzalloc(sdev->dev, sizeof(*hdev), GFP_KERNEL);
- if (!hdev)
- return -ENOMEM;
-
- ret = snd_hdac_ext_bus_device_init(&hbus->core, address, hdev, HDA_DEV_ASOC);
+ codec = hda_codec_device_init(&hbus->core, address);
+ ret = PTR_ERR_OR_ZERO(codec);
#endif
return ret;
--
2.35.1
^ permalink raw reply related [flat|nested] 305+ messages in thread
* [PATCH 6.0 054/289] ASoC: hdac_hda: fix hda pcm buffer overflow issue
2022-11-30 18:19 [PATCH 6.0 000/289] 6.0.11-rc1 review Greg Kroah-Hartman
` (52 preceding siblings ...)
2022-11-30 18:20 ` [PATCH 6.0 053/289] ASoC: Intel: Drop hdac_ext usage for codec device creation Greg Kroah-Hartman
@ 2022-11-30 18:20 ` Greg Kroah-Hartman
2022-11-30 18:20 ` [PATCH 6.0 055/289] ASoC: sgtl5000: Reset the CHIP_CLK_CTRL reg on remove Greg Kroah-Hartman
` (244 subsequent siblings)
298 siblings, 0 replies; 305+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-30 18:20 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Kai Vehmanen, Pierre-Louis Bossart,
Junxiao Chang, Furong Zhou, Mark Brown, Sasha Levin
From: Junxiao Chang <junxiao.chang@intel.com>
[ Upstream commit 37882100cd0629d830db430a8cee0b724fe1fea3 ]
When KASAN is enabled, below log might be dumped with Intel EHL hardware:
[ 48.583597] ==================================================================
[ 48.585921] BUG: KASAN: slab-out-of-bounds in hdac_hda_dai_hw_params+0x20a/0x22b [snd_soc_hdac_hda]
[ 48.587995] Write of size 4 at addr ffff888103489708 by task pulseaudio/759
[ 48.589237] CPU: 2 PID: 759 Comm: pulseaudio Tainted: G U E 5.15.71-intel-ese-standard-lts #9
[ 48.591272] Hardware name: Intel Corporation Elkhart Lake Embedded Platform/ElkhartLake LPDDR4x T3 CRB, BIOS EHLSFWI1.R00.4251.A01.2206130432 06/13/2022
[ 48.593010] Call Trace:
[ 48.593648] <TASK>
[ 48.593852] dump_stack_lvl+0x34/0x48
[ 48.594404] print_address_description.constprop.0+0x1f/0x140
[ 48.595174] ? hdac_hda_dai_hw_params+0x20a/0x22b [snd_soc_hdac_hda]
[ 48.595868] ? hdac_hda_dai_hw_params+0x20a/0x22b [snd_soc_hdac_hda]
[ 48.596519] kasan_report.cold+0x7f/0x11b
[ 48.597003] ? hdac_hda_dai_hw_params+0x20a/0x22b [snd_soc_hdac_hda]
[ 48.597885] hdac_hda_dai_hw_params+0x20a/0x22b [snd_soc_hdac_hda]
HDAC_LAST_DAI_ID is last index id, pcm buffer array size should
be +1 to avoid out of bound access.
Fixes: 608b8c36c371 ("ASoC: hdac_hda: add support for HDMI/DP as a HDA codec")
Reviewed-by: Kai Vehmanen <kai.vehmanen@linux.intel.com>
Reviewed-by: Pierre-Louis Bossart <pierre-louis.bossart@linux.intel.com>
Signed-off-by: Junxiao Chang <junxiao.chang@intel.com>
Signed-off-by: Furong Zhou <furong.zhou@intel.com>
Link: https://lore.kernel.org/r/20221109234023.3111035-1-junxiao.chang@intel.com
Signed-off-by: Mark Brown <broonie@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
sound/soc/codecs/hdac_hda.h | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/sound/soc/codecs/hdac_hda.h b/sound/soc/codecs/hdac_hda.h
index fc19c34ca00e..b65560981abb 100644
--- a/sound/soc/codecs/hdac_hda.h
+++ b/sound/soc/codecs/hdac_hda.h
@@ -14,7 +14,7 @@ enum {
HDAC_HDMI_1_DAI_ID,
HDAC_HDMI_2_DAI_ID,
HDAC_HDMI_3_DAI_ID,
- HDAC_LAST_DAI_ID = HDAC_HDMI_3_DAI_ID,
+ HDAC_DAI_ID_NUM
};
struct hdac_hda_pcm {
@@ -24,7 +24,7 @@ struct hdac_hda_pcm {
struct hdac_hda_priv {
struct hda_codec *codec;
- struct hdac_hda_pcm pcm[HDAC_LAST_DAI_ID];
+ struct hdac_hda_pcm pcm[HDAC_DAI_ID_NUM];
bool need_display_power;
};
--
2.35.1
^ permalink raw reply related [flat|nested] 305+ messages in thread
* [PATCH 6.0 055/289] ASoC: sgtl5000: Reset the CHIP_CLK_CTRL reg on remove
2022-11-30 18:19 [PATCH 6.0 000/289] 6.0.11-rc1 review Greg Kroah-Hartman
` (53 preceding siblings ...)
2022-11-30 18:20 ` [PATCH 6.0 054/289] ASoC: hdac_hda: fix hda pcm buffer overflow issue Greg Kroah-Hartman
@ 2022-11-30 18:20 ` Greg Kroah-Hartman
2022-11-30 18:20 ` [PATCH 6.0 056/289] ASoC: soc-pcm: Dont zero TDM masks in __soc_pcm_open() Greg Kroah-Hartman
` (243 subsequent siblings)
298 siblings, 0 replies; 305+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-30 18:20 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Detlev Casanova, Fabio Estevam,
Mark Brown, Sasha Levin
From: Detlev Casanova <detlev.casanova@collabora.com>
[ Upstream commit 0bb8e9b36b5b7f2e77892981ff6c27ee831d8026 ]
Since commit bf2aebccddef ("ASoC: sgtl5000: Fix noise on shutdown/remove"),
the device power control registers are reset when the driver is
removed/shutdown.
This is an issue when the device is configured to use the PLL clock. The
device will stop responding if it is still configured to use the PLL
clock but the PLL clock is powered down.
When rebooting linux, the probe function will show:
sgtl5000 0-000a: Error reading chip id -11
Make sure that the CHIP_CLK_CTRL is reset to its default value before
powering down the device.
Fixes: bf2aebccddef ("ASoC: sgtl5000: Fix noise on shutdown/remove")
Signed-off-by: Detlev Casanova <detlev.casanova@collabora.com>
Reviewed-by: Fabio Estevam <festevam@gmail.com>
Link: https://lore.kernel.org/r/20221110190612.1341469-1-detlev.casanova@collabora.com
Signed-off-by: Mark Brown <broonie@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
sound/soc/codecs/sgtl5000.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/sound/soc/codecs/sgtl5000.c b/sound/soc/codecs/sgtl5000.c
index 3fafd9fc5cfd..75a45ad55aa8 100644
--- a/sound/soc/codecs/sgtl5000.c
+++ b/sound/soc/codecs/sgtl5000.c
@@ -1794,6 +1794,7 @@ static int sgtl5000_i2c_remove(struct i2c_client *client)
{
struct sgtl5000_priv *sgtl5000 = i2c_get_clientdata(client);
+ regmap_write(sgtl5000->regmap, SGTL5000_CHIP_CLK_CTRL, SGTL5000_CHIP_CLK_CTRL_DEFAULT);
regmap_write(sgtl5000->regmap, SGTL5000_CHIP_DIG_POWER, SGTL5000_DIG_POWER_DEFAULT);
regmap_write(sgtl5000->regmap, SGTL5000_CHIP_ANA_POWER, SGTL5000_ANA_POWER_DEFAULT);
--
2.35.1
^ permalink raw reply related [flat|nested] 305+ messages in thread
* [PATCH 6.0 056/289] ASoC: soc-pcm: Dont zero TDM masks in __soc_pcm_open()
2022-11-30 18:19 [PATCH 6.0 000/289] 6.0.11-rc1 review Greg Kroah-Hartman
` (54 preceding siblings ...)
2022-11-30 18:20 ` [PATCH 6.0 055/289] ASoC: sgtl5000: Reset the CHIP_CLK_CTRL reg on remove Greg Kroah-Hartman
@ 2022-11-30 18:20 ` Greg Kroah-Hartman
2022-11-30 18:20 ` [PATCH 6.0 057/289] x86/hyperv: Restore VP assist page after cpu offlining/onlining Greg Kroah-Hartman
` (242 subsequent siblings)
298 siblings, 0 replies; 305+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-30 18:20 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Richard Fitzgerald, Mark Brown, Sasha Levin
From: Richard Fitzgerald <rf@opensource.cirrus.com>
[ Upstream commit 39bd801d6908900e9ab0cdc2655150f95ddd4f1a ]
The DAI tx_mask and rx_mask are set by snd_soc_dai_set_tdm_slot()
and used by later code that depends on the TDM settings. So
__soc_pcm_open() should not be obliterating those mask values.
The code in __soc_pcm_hw_params() uses these masks to calculate the
active channels so that only the AIF_IN/AIF_OUT widgets for the
active TDM slots are enabled. The zeroing of the masks in
__soc_pcm_open() disables this functionality so all AIF widgets
were enabled even for channels that are not assigned to a TDM slot.
Signed-off-by: Richard Fitzgerald <rf@opensource.cirrus.com>
Fixes: 2e5894d73789 ("ASoC: pcm: Add support for DAI multicodec")
Link: https://lore.kernel.org/r/20221104132213.121847-1-rf@opensource.cirrus.com
Signed-off-by: Mark Brown <broonie@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
sound/soc/soc-pcm.c | 5 -----
1 file changed, 5 deletions(-)
diff --git a/sound/soc/soc-pcm.c b/sound/soc/soc-pcm.c
index 4d9b91e7e14f..f6a996f0f9c7 100644
--- a/sound/soc/soc-pcm.c
+++ b/sound/soc/soc-pcm.c
@@ -800,11 +800,6 @@ static int __soc_pcm_open(struct snd_soc_pcm_runtime *rtd,
ret = snd_soc_dai_startup(dai, substream);
if (ret < 0)
goto err;
-
- if (substream->stream == SNDRV_PCM_STREAM_PLAYBACK)
- dai->tx_mask = 0;
- else
- dai->rx_mask = 0;
}
/* Dynamic PCM DAI links compat checks use dynamic capabilities */
--
2.35.1
^ permalink raw reply related [flat|nested] 305+ messages in thread
* [PATCH 6.0 057/289] x86/hyperv: Restore VP assist page after cpu offlining/onlining
2022-11-30 18:19 [PATCH 6.0 000/289] 6.0.11-rc1 review Greg Kroah-Hartman
` (55 preceding siblings ...)
2022-11-30 18:20 ` [PATCH 6.0 056/289] ASoC: soc-pcm: Dont zero TDM masks in __soc_pcm_open() Greg Kroah-Hartman
@ 2022-11-30 18:20 ` Greg Kroah-Hartman
2022-11-30 18:20 ` [PATCH 6.0 058/289] scsi: storvsc: Fix handling of srb_status and capacity change events Greg Kroah-Hartman
` (241 subsequent siblings)
298 siblings, 0 replies; 305+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-30 18:20 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Vitaly Kuznetsov, Michael Kelley,
Wei Liu, Sasha Levin
From: Vitaly Kuznetsov <vkuznets@redhat.com>
[ Upstream commit ee6815416380bc069b7dcbdff0682d4c53617527 ]
Commit e5d9b714fe40 ("x86/hyperv: fix root partition faults when writing
to VP assist page MSR") moved 'wrmsrl(HV_X64_MSR_VP_ASSIST_PAGE)' under
'if (*hvp)' condition. This works for root partition as hv_cpu_die()
does memunmap() and sets 'hv_vp_assist_page[cpu]' to NULL but breaks
non-root partitions as hv_cpu_die() doesn't free 'hv_vp_assist_page[cpu]'
for them. This causes VP assist page to remain unset after CPU
offline/online cycle:
$ rdmsr -p 24 0x40000073
10212f001
$ echo 0 > /sys/devices/system/cpu/cpu24/online
$ echo 1 > /sys/devices/system/cpu/cpu24/online
$ rdmsr -p 24 0x40000073
0
Fix the issue by always writing to HV_X64_MSR_VP_ASSIST_PAGE in
hv_cpu_init(). Note, checking 'if (!*hvp)', for root partition is
pointless as hv_cpu_die() always sets 'hv_vp_assist_page[cpu]' to
NULL (and it's also NULL initially).
Note: the fact that 'hv_vp_assist_page[cpu]' is reset to NULL may
present a (potential) issue for KVM. While Hyper-V uses
CPUHP_AP_ONLINE_DYN stage in CPU hotplug, KVM uses CPUHP_AP_KVM_STARTING
which comes earlier in CPU teardown sequence. It is theoretically
possible that Enlightened VMCS is still in use. It is unclear if the
issue is real and if using KVM with Hyper-V root partition is even
possible.
While on it, drop the unneeded smp_processor_id() call from hv_cpu_init().
Fixes: e5d9b714fe40 ("x86/hyperv: fix root partition faults when writing to VP assist page MSR")
Signed-off-by: Vitaly Kuznetsov <vkuznets@redhat.com>
Reviewed-by: Michael Kelley <mikelley@microsoft.com>
Link: https://lore.kernel.org/r/20221103190601.399343-1-vkuznets@redhat.com
Signed-off-by: Wei Liu <wei.liu@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/x86/hyperv/hv_init.c | 54 +++++++++++++++++++--------------------
1 file changed, 26 insertions(+), 28 deletions(-)
diff --git a/arch/x86/hyperv/hv_init.c b/arch/x86/hyperv/hv_init.c
index 3de6d8b53367..a0165df3c4d8 100644
--- a/arch/x86/hyperv/hv_init.c
+++ b/arch/x86/hyperv/hv_init.c
@@ -77,7 +77,7 @@ static int hyperv_init_ghcb(void)
static int hv_cpu_init(unsigned int cpu)
{
union hv_vp_assist_msr_contents msr = { 0 };
- struct hv_vp_assist_page **hvp = &hv_vp_assist_page[smp_processor_id()];
+ struct hv_vp_assist_page **hvp = &hv_vp_assist_page[cpu];
int ret;
ret = hv_common_cpu_init(cpu);
@@ -87,34 +87,32 @@ static int hv_cpu_init(unsigned int cpu)
if (!hv_vp_assist_page)
return 0;
- if (!*hvp) {
- if (hv_root_partition) {
- /*
- * For root partition we get the hypervisor provided VP assist
- * page, instead of allocating a new page.
- */
- rdmsrl(HV_X64_MSR_VP_ASSIST_PAGE, msr.as_uint64);
- *hvp = memremap(msr.pfn <<
- HV_X64_MSR_VP_ASSIST_PAGE_ADDRESS_SHIFT,
- PAGE_SIZE, MEMREMAP_WB);
- } else {
- /*
- * The VP assist page is an "overlay" page (see Hyper-V TLFS's
- * Section 5.2.1 "GPA Overlay Pages"). Here it must be zeroed
- * out to make sure we always write the EOI MSR in
- * hv_apic_eoi_write() *after* the EOI optimization is disabled
- * in hv_cpu_die(), otherwise a CPU may not be stopped in the
- * case of CPU offlining and the VM will hang.
- */
+ if (hv_root_partition) {
+ /*
+ * For root partition we get the hypervisor provided VP assist
+ * page, instead of allocating a new page.
+ */
+ rdmsrl(HV_X64_MSR_VP_ASSIST_PAGE, msr.as_uint64);
+ *hvp = memremap(msr.pfn << HV_X64_MSR_VP_ASSIST_PAGE_ADDRESS_SHIFT,
+ PAGE_SIZE, MEMREMAP_WB);
+ } else {
+ /*
+ * The VP assist page is an "overlay" page (see Hyper-V TLFS's
+ * Section 5.2.1 "GPA Overlay Pages"). Here it must be zeroed
+ * out to make sure we always write the EOI MSR in
+ * hv_apic_eoi_write() *after* the EOI optimization is disabled
+ * in hv_cpu_die(), otherwise a CPU may not be stopped in the
+ * case of CPU offlining and the VM will hang.
+ */
+ if (!*hvp)
*hvp = __vmalloc(PAGE_SIZE, GFP_KERNEL | __GFP_ZERO);
- if (*hvp)
- msr.pfn = vmalloc_to_pfn(*hvp);
- }
- WARN_ON(!(*hvp));
- if (*hvp) {
- msr.enable = 1;
- wrmsrl(HV_X64_MSR_VP_ASSIST_PAGE, msr.as_uint64);
- }
+ if (*hvp)
+ msr.pfn = vmalloc_to_pfn(*hvp);
+
+ }
+ if (!WARN_ON(!(*hvp))) {
+ msr.enable = 1;
+ wrmsrl(HV_X64_MSR_VP_ASSIST_PAGE, msr.as_uint64);
}
return hyperv_init_ghcb();
--
2.35.1
^ permalink raw reply related [flat|nested] 305+ messages in thread
* [PATCH 6.0 058/289] scsi: storvsc: Fix handling of srb_status and capacity change events
2022-11-30 18:19 [PATCH 6.0 000/289] 6.0.11-rc1 review Greg Kroah-Hartman
` (56 preceding siblings ...)
2022-11-30 18:20 ` [PATCH 6.0 057/289] x86/hyperv: Restore VP assist page after cpu offlining/onlining Greg Kroah-Hartman
@ 2022-11-30 18:20 ` Greg Kroah-Hartman
2022-11-30 18:20 ` [PATCH 6.0 059/289] PCI: hv: Only reuse existing IRTE allocation for Multi-MSI Greg Kroah-Hartman
` (240 subsequent siblings)
298 siblings, 0 replies; 305+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-30 18:20 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Juan Tian, Michael Kelley, Wei Liu,
Sasha Levin
From: Michael Kelley <mikelley@microsoft.com>
[ Upstream commit b8a5376c321b4669f7ffabc708fd30c3970f3084 ]
Current handling of the srb_status is incorrect. Commit 52e1b3b3daa9
("scsi: storvsc: Correctly handle multiple flags in srb_status")
is based on srb_status being a set of flags, when in fact only the
2 high order bits are flags and the remaining 6 bits are an integer
status. Because the integer values of interest mostly look like flags,
the code actually works when treated that way.
But in the interest of correctness going forward, fix this by treating
the low 6 bits of srb_status as an integer status code. Add handling
for SRB_STATUS_INVALID_REQUEST, which was the original intent of commit
52e1b3b3daa9. Furthermore, treat the ERROR, ABORTED, and INVALID_REQUEST
srb status codes as essentially equivalent for the cases we care about.
There's no harm in doing so, and it isn't always clear which status code
current or older versions of Hyper-V report for particular conditions.
Treating the srb status codes as equivalent has the additional benefit
of ensuring that capacity change events result in an immediate rescan
so that the new size is known to Linux. Existing code checks SCSI
sense data for capacity change events when the srb status is ABORTED.
But capacity change events are also being observed when Hyper-V reports
the srb status as ERROR. Without the immediate rescan, the new size
isn't known until something else causes a rescan (such as running
fdisk to expand a partition), and in the meantime, tools such as "lsblk"
continue to report the old size.
Fixes: 52e1b3b3daa9 ("scsi: storvsc: Correctly handle multiple flags in srb_status")
Reported-by: Juan Tian <juantian@microsoft.com>
Signed-off-by: Michael Kelley <mikelley@microsoft.com>
Link: https://lore.kernel.org/r/1668019722-1983-1-git-send-email-mikelley@microsoft.com
Signed-off-by: Wei Liu <wei.liu@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/scsi/storvsc_drv.c | 69 +++++++++++++++++++-------------------
1 file changed, 34 insertions(+), 35 deletions(-)
diff --git a/drivers/scsi/storvsc_drv.c b/drivers/scsi/storvsc_drv.c
index 8ced292c4b96..d93604318ecd 100644
--- a/drivers/scsi/storvsc_drv.c
+++ b/drivers/scsi/storvsc_drv.c
@@ -300,16 +300,21 @@ enum storvsc_request_type {
};
/*
- * SRB status codes and masks; a subset of the codes used here.
+ * SRB status codes and masks. In the 8-bit field, the two high order bits
+ * are flags, while the remaining 6 bits are an integer status code. The
+ * definitions here include only the subset of the integer status codes that
+ * are tested for in this driver.
*/
-
#define SRB_STATUS_AUTOSENSE_VALID 0x80
#define SRB_STATUS_QUEUE_FROZEN 0x40
-#define SRB_STATUS_INVALID_LUN 0x20
-#define SRB_STATUS_SUCCESS 0x01
-#define SRB_STATUS_ABORTED 0x02
-#define SRB_STATUS_ERROR 0x04
-#define SRB_STATUS_DATA_OVERRUN 0x12
+
+/* SRB status integer codes */
+#define SRB_STATUS_SUCCESS 0x01
+#define SRB_STATUS_ABORTED 0x02
+#define SRB_STATUS_ERROR 0x04
+#define SRB_STATUS_INVALID_REQUEST 0x06
+#define SRB_STATUS_DATA_OVERRUN 0x12
+#define SRB_STATUS_INVALID_LUN 0x20
#define SRB_STATUS(status) \
(status & ~(SRB_STATUS_AUTOSENSE_VALID | SRB_STATUS_QUEUE_FROZEN))
@@ -966,38 +971,25 @@ static void storvsc_handle_error(struct vmscsi_request *vm_srb,
void (*process_err_fn)(struct work_struct *work);
struct hv_host_device *host_dev = shost_priv(host);
- /*
- * In some situations, Hyper-V sets multiple bits in the
- * srb_status, such as ABORTED and ERROR. So process them
- * individually, with the most specific bits first.
- */
-
- if (vm_srb->srb_status & SRB_STATUS_INVALID_LUN) {
- set_host_byte(scmnd, DID_NO_CONNECT);
- process_err_fn = storvsc_remove_lun;
- goto do_work;
- }
+ switch (SRB_STATUS(vm_srb->srb_status)) {
+ case SRB_STATUS_ERROR:
+ case SRB_STATUS_ABORTED:
+ case SRB_STATUS_INVALID_REQUEST:
+ if (vm_srb->srb_status & SRB_STATUS_AUTOSENSE_VALID) {
+ /* Check for capacity change */
+ if ((asc == 0x2a) && (ascq == 0x9)) {
+ process_err_fn = storvsc_device_scan;
+ /* Retry the I/O that triggered this. */
+ set_host_byte(scmnd, DID_REQUEUE);
+ goto do_work;
+ }
- if (vm_srb->srb_status & SRB_STATUS_ABORTED) {
- if (vm_srb->srb_status & SRB_STATUS_AUTOSENSE_VALID &&
- /* Capacity data has changed */
- (asc == 0x2a) && (ascq == 0x9)) {
- process_err_fn = storvsc_device_scan;
/*
- * Retry the I/O that triggered this.
+ * Otherwise, let upper layer deal with the
+ * error when sense message is present
*/
- set_host_byte(scmnd, DID_REQUEUE);
- goto do_work;
- }
- }
-
- if (vm_srb->srb_status & SRB_STATUS_ERROR) {
- /*
- * Let upper layer deal with error when
- * sense message is present.
- */
- if (vm_srb->srb_status & SRB_STATUS_AUTOSENSE_VALID)
return;
+ }
/*
* If there is an error; offline the device since all
@@ -1020,6 +1012,13 @@ static void storvsc_handle_error(struct vmscsi_request *vm_srb,
default:
set_host_byte(scmnd, DID_ERROR);
}
+ return;
+
+ case SRB_STATUS_INVALID_LUN:
+ set_host_byte(scmnd, DID_NO_CONNECT);
+ process_err_fn = storvsc_remove_lun;
+ goto do_work;
+
}
return;
--
2.35.1
^ permalink raw reply related [flat|nested] 305+ messages in thread
* [PATCH 6.0 059/289] PCI: hv: Only reuse existing IRTE allocation for Multi-MSI
2022-11-30 18:19 [PATCH 6.0 000/289] 6.0.11-rc1 review Greg Kroah-Hartman
` (57 preceding siblings ...)
2022-11-30 18:20 ` [PATCH 6.0 058/289] scsi: storvsc: Fix handling of srb_status and capacity change events Greg Kroah-Hartman
@ 2022-11-30 18:20 ` Greg Kroah-Hartman
2022-11-30 18:20 ` [PATCH 6.0 060/289] arm64: dts: rockchip: Fix Pine64 Quartz4-B PMIC interrupt Greg Kroah-Hartman
` (239 subsequent siblings)
298 siblings, 0 replies; 305+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-30 18:20 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Jeffrey Hugo, Carl Vanderlip,
Dexuan Cui, Michael Kelley, Wei Liu, Sasha Levin
From: Dexuan Cui <decui@microsoft.com>
[ Upstream commit c234ba8042920fa83635808dc5673f36869ca280 ]
Jeffrey added Multi-MSI support to the pci-hyperv driver by the 4 patches:
08e61e861a0e ("PCI: hv: Fix multi-MSI to allow more than one MSI vector")
455880dfe292 ("PCI: hv: Fix hv_arch_irq_unmask() for multi-MSI")
b4b77778ecc5 ("PCI: hv: Reuse existing IRTE allocation in compose_msi_msg()")
a2bad844a67b ("PCI: hv: Fix interrupt mapping for multi-MSI")
It turns out that the third patch (b4b77778ecc5) causes a performance
regression because all the interrupts now happen on 1 physical CPU (or two
pCPUs, if one pCPU doesn't have enough vectors). When a guest has many PCI
devices, it may suffer from soft lockups if the workload is heavy, e.g.,
see https://lwn.net/ml/linux-kernel/20220804025104.15673-1-decui@microsoft.com/
Commit b4b77778ecc5 itself is good. The real issue is that the hypercall in
hv_irq_unmask() -> hv_arch_irq_unmask() ->
hv_do_hypercall(HVCALL_RETARGET_INTERRUPT...) only changes the target
virtual CPU rather than physical CPU; with b4b77778ecc5, the pCPU is
determined only once in hv_compose_msi_msg() where only vCPU0 is specified;
consequently the hypervisor only uses 1 target pCPU for all the interrupts.
Note: before b4b77778ecc5, the pCPU is determined twice, and when the pCPU
is determined the second time, the vCPU in the effective affinity mask is
used (i.e., it isn't always vCPU0), so the hypervisor chooses different
pCPU for each interrupt.
The hypercall will be fixed in future to update the pCPU as well, but
that will take quite a while, so let's restore the old behavior in
hv_compose_msi_msg(), i.e., don't reuse the existing IRTE allocation for
single-MSI and MSI-X; for multi-MSI, we choose the vCPU in a round-robin
manner for each PCI device, so the interrupts of different devices can
happen on different pCPUs, though the interrupts of each device happen on
some single pCPU.
The hypercall fix may not be backported to all old versions of Hyper-V, so
we want to have this guest side change forever (or at least till we're sure
the old affected versions of Hyper-V are no longer supported).
Fixes: b4b77778ecc5 ("PCI: hv: Reuse existing IRTE allocation in compose_msi_msg()")
Co-developed-by: Jeffrey Hugo <quic_jhugo@quicinc.com>
Signed-off-by: Jeffrey Hugo <quic_jhugo@quicinc.com>
Co-developed-by: Carl Vanderlip <quic_carlv@quicinc.com>
Signed-off-by: Carl Vanderlip <quic_carlv@quicinc.com>
Signed-off-by: Dexuan Cui <decui@microsoft.com>
Reviewed-by: Michael Kelley <mikelley@microsoft.com>
Link: https://lore.kernel.org/r/20221104222953.11356-1-decui@microsoft.com
Signed-off-by: Wei Liu <wei.liu@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/pci/controller/pci-hyperv.c | 90 ++++++++++++++++++++++++-----
1 file changed, 75 insertions(+), 15 deletions(-)
diff --git a/drivers/pci/controller/pci-hyperv.c b/drivers/pci/controller/pci-hyperv.c
index ba64284eaf9f..f1ec8931dfbc 100644
--- a/drivers/pci/controller/pci-hyperv.c
+++ b/drivers/pci/controller/pci-hyperv.c
@@ -1613,7 +1613,7 @@ static void hv_pci_compose_compl(void *context, struct pci_response *resp,
}
static u32 hv_compose_msi_req_v1(
- struct pci_create_interrupt *int_pkt, const struct cpumask *affinity,
+ struct pci_create_interrupt *int_pkt,
u32 slot, u8 vector, u16 vector_count)
{
int_pkt->message_type.type = PCI_CREATE_INTERRUPT_MESSAGE;
@@ -1631,6 +1631,35 @@ static u32 hv_compose_msi_req_v1(
return sizeof(*int_pkt);
}
+/*
+ * The vCPU selected by hv_compose_multi_msi_req_get_cpu() and
+ * hv_compose_msi_req_get_cpu() is a "dummy" vCPU because the final vCPU to be
+ * interrupted is specified later in hv_irq_unmask() and communicated to Hyper-V
+ * via the HVCALL_RETARGET_INTERRUPT hypercall. But the choice of dummy vCPU is
+ * not irrelevant because Hyper-V chooses the physical CPU to handle the
+ * interrupts based on the vCPU specified in message sent to the vPCI VSP in
+ * hv_compose_msi_msg(). Hyper-V's choice of pCPU is not visible to the guest,
+ * but assigning too many vPCI device interrupts to the same pCPU can cause a
+ * performance bottleneck. So we spread out the dummy vCPUs to influence Hyper-V
+ * to spread out the pCPUs that it selects.
+ *
+ * For the single-MSI and MSI-X cases, it's OK for hv_compose_msi_req_get_cpu()
+ * to always return the same dummy vCPU, because a second call to
+ * hv_compose_msi_msg() contains the "real" vCPU, causing Hyper-V to choose a
+ * new pCPU for the interrupt. But for the multi-MSI case, the second call to
+ * hv_compose_msi_msg() exits without sending a message to the vPCI VSP, so the
+ * original dummy vCPU is used. This dummy vCPU must be round-robin'ed so that
+ * the pCPUs are spread out. All interrupts for a multi-MSI device end up using
+ * the same pCPU, even though the vCPUs will be spread out by later calls
+ * to hv_irq_unmask(), but that is the best we can do now.
+ *
+ * With Hyper-V in Nov 2022, the HVCALL_RETARGET_INTERRUPT hypercall does *not*
+ * cause Hyper-V to reselect the pCPU based on the specified vCPU. Such an
+ * enhancement is planned for a future version. With that enhancement, the
+ * dummy vCPU selection won't matter, and interrupts for the same multi-MSI
+ * device will be spread across multiple pCPUs.
+ */
+
/*
* Create MSI w/ dummy vCPU set targeting just one vCPU, overwritten
* by subsequent retarget in hv_irq_unmask().
@@ -1640,18 +1669,39 @@ static int hv_compose_msi_req_get_cpu(const struct cpumask *affinity)
return cpumask_first_and(affinity, cpu_online_mask);
}
-static u32 hv_compose_msi_req_v2(
- struct pci_create_interrupt2 *int_pkt, const struct cpumask *affinity,
- u32 slot, u8 vector, u16 vector_count)
+/*
+ * Make sure the dummy vCPU values for multi-MSI don't all point to vCPU0.
+ */
+static int hv_compose_multi_msi_req_get_cpu(void)
{
+ static DEFINE_SPINLOCK(multi_msi_cpu_lock);
+
+ /* -1 means starting with CPU 0 */
+ static int cpu_next = -1;
+
+ unsigned long flags;
int cpu;
+ spin_lock_irqsave(&multi_msi_cpu_lock, flags);
+
+ cpu_next = cpumask_next_wrap(cpu_next, cpu_online_mask, nr_cpu_ids,
+ false);
+ cpu = cpu_next;
+
+ spin_unlock_irqrestore(&multi_msi_cpu_lock, flags);
+
+ return cpu;
+}
+
+static u32 hv_compose_msi_req_v2(
+ struct pci_create_interrupt2 *int_pkt, int cpu,
+ u32 slot, u8 vector, u16 vector_count)
+{
int_pkt->message_type.type = PCI_CREATE_INTERRUPT_MESSAGE2;
int_pkt->wslot.slot = slot;
int_pkt->int_desc.vector = vector;
int_pkt->int_desc.vector_count = vector_count;
int_pkt->int_desc.delivery_mode = DELIVERY_MODE;
- cpu = hv_compose_msi_req_get_cpu(affinity);
int_pkt->int_desc.processor_array[0] =
hv_cpu_number_to_vp_number(cpu);
int_pkt->int_desc.processor_count = 1;
@@ -1660,18 +1710,15 @@ static u32 hv_compose_msi_req_v2(
}
static u32 hv_compose_msi_req_v3(
- struct pci_create_interrupt3 *int_pkt, const struct cpumask *affinity,
+ struct pci_create_interrupt3 *int_pkt, int cpu,
u32 slot, u32 vector, u16 vector_count)
{
- int cpu;
-
int_pkt->message_type.type = PCI_CREATE_INTERRUPT_MESSAGE3;
int_pkt->wslot.slot = slot;
int_pkt->int_desc.vector = vector;
int_pkt->int_desc.reserved = 0;
int_pkt->int_desc.vector_count = vector_count;
int_pkt->int_desc.delivery_mode = DELIVERY_MODE;
- cpu = hv_compose_msi_req_get_cpu(affinity);
int_pkt->int_desc.processor_array[0] =
hv_cpu_number_to_vp_number(cpu);
int_pkt->int_desc.processor_count = 1;
@@ -1715,12 +1762,18 @@ static void hv_compose_msi_msg(struct irq_data *data, struct msi_msg *msg)
struct pci_create_interrupt3 v3;
} int_pkts;
} __packed ctxt;
+ bool multi_msi;
u64 trans_id;
u32 size;
int ret;
+ int cpu;
+
+ msi_desc = irq_data_get_msi_desc(data);
+ multi_msi = !msi_desc->pci.msi_attrib.is_msix &&
+ msi_desc->nvec_used > 1;
/* Reuse the previous allocation */
- if (data->chip_data) {
+ if (data->chip_data && multi_msi) {
int_desc = data->chip_data;
msg->address_hi = int_desc->address >> 32;
msg->address_lo = int_desc->address & 0xffffffff;
@@ -1728,7 +1781,6 @@ static void hv_compose_msi_msg(struct irq_data *data, struct msi_msg *msg)
return;
}
- msi_desc = irq_data_get_msi_desc(data);
pdev = msi_desc_to_pci_dev(msi_desc);
dest = irq_data_get_effective_affinity_mask(data);
pbus = pdev->bus;
@@ -1738,11 +1790,18 @@ static void hv_compose_msi_msg(struct irq_data *data, struct msi_msg *msg)
if (!hpdev)
goto return_null_message;
+ /* Free any previous message that might have already been composed. */
+ if (data->chip_data && !multi_msi) {
+ int_desc = data->chip_data;
+ data->chip_data = NULL;
+ hv_int_desc_free(hpdev, int_desc);
+ }
+
int_desc = kzalloc(sizeof(*int_desc), GFP_ATOMIC);
if (!int_desc)
goto drop_reference;
- if (!msi_desc->pci.msi_attrib.is_msix && msi_desc->nvec_used > 1) {
+ if (multi_msi) {
/*
* If this is not the first MSI of Multi MSI, we already have
* a mapping. Can exit early.
@@ -1767,9 +1826,11 @@ static void hv_compose_msi_msg(struct irq_data *data, struct msi_msg *msg)
*/
vector = 32;
vector_count = msi_desc->nvec_used;
+ cpu = hv_compose_multi_msi_req_get_cpu();
} else {
vector = hv_msi_get_int_vector(data);
vector_count = 1;
+ cpu = hv_compose_msi_req_get_cpu(dest);
}
/*
@@ -1785,7 +1846,6 @@ static void hv_compose_msi_msg(struct irq_data *data, struct msi_msg *msg)
switch (hbus->protocol_version) {
case PCI_PROTOCOL_VERSION_1_1:
size = hv_compose_msi_req_v1(&ctxt.int_pkts.v1,
- dest,
hpdev->desc.win_slot.slot,
(u8)vector,
vector_count);
@@ -1794,7 +1854,7 @@ static void hv_compose_msi_msg(struct irq_data *data, struct msi_msg *msg)
case PCI_PROTOCOL_VERSION_1_2:
case PCI_PROTOCOL_VERSION_1_3:
size = hv_compose_msi_req_v2(&ctxt.int_pkts.v2,
- dest,
+ cpu,
hpdev->desc.win_slot.slot,
(u8)vector,
vector_count);
@@ -1802,7 +1862,7 @@ static void hv_compose_msi_msg(struct irq_data *data, struct msi_msg *msg)
case PCI_PROTOCOL_VERSION_1_4:
size = hv_compose_msi_req_v3(&ctxt.int_pkts.v3,
- dest,
+ cpu,
hpdev->desc.win_slot.slot,
vector,
vector_count);
--
2.35.1
^ permalink raw reply related [flat|nested] 305+ messages in thread
* [PATCH 6.0 060/289] arm64: dts: rockchip: Fix Pine64 Quartz4-B PMIC interrupt
2022-11-30 18:19 [PATCH 6.0 000/289] 6.0.11-rc1 review Greg Kroah-Hartman
` (58 preceding siblings ...)
2022-11-30 18:20 ` [PATCH 6.0 059/289] PCI: hv: Only reuse existing IRTE allocation for Multi-MSI Greg Kroah-Hartman
@ 2022-11-30 18:20 ` Greg Kroah-Hartman
2022-11-30 18:20 ` [PATCH 6.0 061/289] ASoC: max98373: Add checks for devm_kcalloc Greg Kroah-Hartman
` (238 subsequent siblings)
298 siblings, 0 replies; 305+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-30 18:20 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Chen-Yu Tsai, Peter Geis,
Heiko Stuebner, Sasha Levin
From: Chen-Yu Tsai <wens@csie.org>
[ Upstream commit 562105c1b072411c71ac2202410d83ee79297624 ]
Ths PMIC's interrupt line is tied to GPIO0_A3. This is described
correctly for the pinmux setting, but incorrectly for the interrupt.
Correct the interrupt setting so that interrupts from the PMIC get
delivered.
Fixes: dcc8c66bef79 ("arm64: dts: rockchip: add Pine64 Quartz64-B device tree")
Signed-off-by: Chen-Yu Tsai <wens@csie.org>
Reviewed-by: Peter Geis <pgwipeout@gmail.com>
Link: https://lore.kernel.org/r/20221106161513.4140-1-wens@kernel.org
Signed-off-by: Heiko Stuebner <heiko@sntech.de>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/arm64/boot/dts/rockchip/rk3566-quartz64-b.dts | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/arch/arm64/boot/dts/rockchip/rk3566-quartz64-b.dts b/arch/arm64/boot/dts/rockchip/rk3566-quartz64-b.dts
index 528bb4e8ac77..a2d0524e0ec9 100644
--- a/arch/arm64/boot/dts/rockchip/rk3566-quartz64-b.dts
+++ b/arch/arm64/boot/dts/rockchip/rk3566-quartz64-b.dts
@@ -176,7 +176,7 @@ rk809: pmic@20 {
compatible = "rockchip,rk809";
reg = <0x20>;
interrupt-parent = <&gpio0>;
- interrupts = <RK_PA7 IRQ_TYPE_LEVEL_LOW>;
+ interrupts = <RK_PA3 IRQ_TYPE_LEVEL_LOW>;
clock-output-names = "rk808-clkout1", "rk808-clkout2";
pinctrl-names = "default";
--
2.35.1
^ permalink raw reply related [flat|nested] 305+ messages in thread
* [PATCH 6.0 061/289] ASoC: max98373: Add checks for devm_kcalloc
2022-11-30 18:19 [PATCH 6.0 000/289] 6.0.11-rc1 review Greg Kroah-Hartman
` (59 preceding siblings ...)
2022-11-30 18:20 ` [PATCH 6.0 060/289] arm64: dts: rockchip: Fix Pine64 Quartz4-B PMIC interrupt Greg Kroah-Hartman
@ 2022-11-30 18:20 ` Greg Kroah-Hartman
2022-11-30 18:20 ` [PATCH 6.0 062/289] regulator: core: fix kobject release warning and memory leak in regulator_register() Greg Kroah-Hartman
` (237 subsequent siblings)
298 siblings, 0 replies; 305+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-30 18:20 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Jiasheng Jiang, Mark Brown, Sasha Levin
From: Jiasheng Jiang <jiasheng@iscas.ac.cn>
[ Upstream commit 60591bbf6d5eb44f275eb733943b7757325c1b60 ]
As the devm_kcalloc may return NULL pointer,
it should be better to check the return value
in order to avoid NULL poineter dereference.
Fixes: 349dd23931d1 ("ASoC: max98373: don't access volatile registers in bias level off")
Signed-off-by: Jiasheng Jiang <jiasheng@iscas.ac.cn>
Link: https://lore.kernel.org/r/20221116082508.17418-1-jiasheng@iscas.ac.cn
Signed-off-by: Mark Brown <broonie@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
sound/soc/codecs/max98373-i2c.c | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/sound/soc/codecs/max98373-i2c.c b/sound/soc/codecs/max98373-i2c.c
index 3e04c7f0cce4..ec0905df65d1 100644
--- a/sound/soc/codecs/max98373-i2c.c
+++ b/sound/soc/codecs/max98373-i2c.c
@@ -549,6 +549,10 @@ static int max98373_i2c_probe(struct i2c_client *i2c)
max98373->cache = devm_kcalloc(&i2c->dev, max98373->cache_num,
sizeof(*max98373->cache),
GFP_KERNEL);
+ if (!max98373->cache) {
+ ret = -ENOMEM;
+ return ret;
+ }
for (i = 0; i < max98373->cache_num; i++)
max98373->cache[i].reg = max98373_i2c_cache_reg[i];
--
2.35.1
^ permalink raw reply related [flat|nested] 305+ messages in thread
* [PATCH 6.0 062/289] regulator: core: fix kobject release warning and memory leak in regulator_register()
2022-11-30 18:19 [PATCH 6.0 000/289] 6.0.11-rc1 review Greg Kroah-Hartman
` (60 preceding siblings ...)
2022-11-30 18:20 ` [PATCH 6.0 061/289] ASoC: max98373: Add checks for devm_kcalloc Greg Kroah-Hartman
@ 2022-11-30 18:20 ` Greg Kroah-Hartman
2022-11-30 18:20 ` [PATCH 6.0 063/289] regulator: rt5759: fix OOB in validate_desc() Greg Kroah-Hartman
` (236 subsequent siblings)
298 siblings, 0 replies; 305+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-30 18:20 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Zeng Heng, Mark Brown, Sasha Levin
From: Zeng Heng <zengheng4@huawei.com>
[ Upstream commit 5f4b204b6b8153923d5be8002c5f7082985d153f ]
Here is a warning report about lack of registered release()
from kobject lib:
Device '(null)' does not have a release() function, it is broken and must be fixed.
WARNING: CPU: 0 PID: 48430 at drivers/base/core.c:2332 device_release+0x104/0x120
Call Trace:
kobject_put+0xdc/0x180
put_device+0x1b/0x30
regulator_register+0x651/0x1170
devm_regulator_register+0x4f/0xb0
When regulator_register() returns fail and directly goto `clean` symbol,
rdev->dev has not registered release() function yet (which is registered
by regulator_class in the following), so rdev needs to be freed manually.
If rdev->dev.of_node is not NULL, which means the of_node has gotten by
regulator_of_get_init_data(), it needs to call of_node_put() to avoid
refcount leak.
Otherwise, only calling put_device() would lead memory leak of rdev
in further:
unreferenced object 0xffff88810d0b1000 (size 2048):
comm "107-i2c-rtq6752", pid 48430, jiffies 4342258431 (age 1341.780s)
backtrace:
kmalloc_trace+0x22/0x110
regulator_register+0x184/0x1170
devm_regulator_register+0x4f/0xb0
When regulator_register() returns fail and goto `wash` symbol,
rdev->dev has registered release() function, so directly call
put_device() to cleanup everything.
Fixes: d3c731564e09 ("regulator: plug of_node leak in regulator_register()'s error path")
Signed-off-by: Zeng Heng <zengheng4@huawei.com>
Link: https://lore.kernel.org/r/20221116074339.1024240-1-zengheng4@huawei.com
Signed-off-by: Mark Brown <broonie@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/regulator/core.c | 6 +++++-
1 file changed, 5 insertions(+), 1 deletion(-)
diff --git a/drivers/regulator/core.c b/drivers/regulator/core.c
index c3871565fd7d..5f82a996dbea 100644
--- a/drivers/regulator/core.c
+++ b/drivers/regulator/core.c
@@ -5616,11 +5616,15 @@ regulator_register(const struct regulator_desc *regulator_desc,
mutex_lock(®ulator_list_mutex);
regulator_ena_gpio_free(rdev);
mutex_unlock(®ulator_list_mutex);
+ put_device(&rdev->dev);
+ rdev = NULL;
clean:
if (dangling_of_gpiod)
gpiod_put(config->ena_gpiod);
+ if (rdev && rdev->dev.of_node)
+ of_node_put(rdev->dev.of_node);
+ kfree(rdev);
kfree(config);
- put_device(&rdev->dev);
rinse:
if (dangling_cfg_gpiod)
gpiod_put(cfg->ena_gpiod);
--
2.35.1
^ permalink raw reply related [flat|nested] 305+ messages in thread
* [PATCH 6.0 063/289] regulator: rt5759: fix OOB in validate_desc()
2022-11-30 18:19 [PATCH 6.0 000/289] 6.0.11-rc1 review Greg Kroah-Hartman
` (61 preceding siblings ...)
2022-11-30 18:20 ` [PATCH 6.0 062/289] regulator: core: fix kobject release warning and memory leak in regulator_register() Greg Kroah-Hartman
@ 2022-11-30 18:20 ` Greg Kroah-Hartman
2022-11-30 18:20 ` [PATCH 6.0 064/289] spi: dw-dma: decrease reference count in dw_spi_dma_init_mfld() Greg Kroah-Hartman
` (235 subsequent siblings)
298 siblings, 0 replies; 305+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-30 18:20 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Yang Yingliang, Mark Brown, Sasha Levin
From: Yang Yingliang <yangyingliang@huawei.com>
[ Upstream commit 7920e0fbced429ab18ad4402e3914146a6a0921b ]
I got the following OOB report:
BUG: KASAN: slab-out-of-bounds in validate_desc+0xba/0x109
Read of size 8 at addr ffff888107db8ff0 by task python3/253
Call Trace:
<TASK>
dump_stack_lvl+0x67/0x83
print_report+0x178/0x4b0
kasan_report+0x90/0x190
validate_desc+0xba/0x109
gpiod_set_value_cansleep+0x40/0x5a
regulator_ena_gpio_ctrl+0x93/0xfc
_regulator_do_enable.cold.61+0x89/0x163
set_machine_constraints+0x140a/0x159c
regulator_register.cold.73+0x762/0x10cd
devm_regulator_register+0x57/0xb0
rt5759_probe+0x3a0/0x4ac [rt5759_regulator]
The desc used in validate_desc() is passed from 'reg_cfg.ena_gpiod',
which is not initialized. Fix this by initializing 'reg_cfg' to 0.
Fixes: 7b36ddb208bd ("regulator: rt5759: Add support for Richtek RT5759 DCDC converter")
Signed-off-by: Yang Yingliang <yangyingliang@huawei.com>
Link: https://lore.kernel.org/r/20221116092943.1668326-1-yangyingliang@huawei.com
Signed-off-by: Mark Brown <broonie@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/regulator/rt5759-regulator.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/drivers/regulator/rt5759-regulator.c b/drivers/regulator/rt5759-regulator.c
index 6b96899eb27e..8488417f4b2c 100644
--- a/drivers/regulator/rt5759-regulator.c
+++ b/drivers/regulator/rt5759-regulator.c
@@ -243,6 +243,7 @@ static int rt5759_regulator_register(struct rt5759_priv *priv)
if (priv->chip_type == CHIP_TYPE_RT5759A)
reg_desc->uV_step = RT5759A_STEP_UV;
+ memset(®_cfg, 0, sizeof(reg_cfg));
reg_cfg.dev = priv->dev;
reg_cfg.of_node = np;
reg_cfg.init_data = of_get_regulator_init_data(priv->dev, np, reg_desc);
--
2.35.1
^ permalink raw reply related [flat|nested] 305+ messages in thread
* [PATCH 6.0 064/289] spi: dw-dma: decrease reference count in dw_spi_dma_init_mfld()
2022-11-30 18:19 [PATCH 6.0 000/289] 6.0.11-rc1 review Greg Kroah-Hartman
` (62 preceding siblings ...)
2022-11-30 18:20 ` [PATCH 6.0 063/289] regulator: rt5759: fix OOB in validate_desc() Greg Kroah-Hartman
@ 2022-11-30 18:20 ` Greg Kroah-Hartman
2022-11-30 18:20 ` [PATCH 6.0 065/289] regulator: core: fix UAF in destroy_regulator() Greg Kroah-Hartman
` (234 subsequent siblings)
298 siblings, 0 replies; 305+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-30 18:20 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Xiongfeng Wang, Serge Semin,
Mark Brown, Sasha Levin
From: Xiongfeng Wang <wangxiongfeng2@huawei.com>
[ Upstream commit 804313b64e412a81b0b3389a10e7622452004aa6 ]
pci_get_device() will increase the reference count for the returned
pci_dev. Since 'dma_dev' is only used to filter the channel in
dw_spi_dma_chan_filer() after using it we need to call pci_dev_put() to
decrease the reference count. Also add pci_dev_put() for the error case.
Fixes: 7063c0d942a1 ("spi/dw_spi: add DMA support")
Signed-off-by: Xiongfeng Wang <wangxiongfeng2@huawei.com>
Acked-by: Serge Semin <fancer.lancer@gmail.com>
Link: https://lore.kernel.org/r/20221116093204.46700-1-wangxiongfeng2@huawei.com
Signed-off-by: Mark Brown <broonie@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/spi/spi-dw-dma.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/drivers/spi/spi-dw-dma.c b/drivers/spi/spi-dw-dma.c
index 1322b8cce5b7..ababb910b391 100644
--- a/drivers/spi/spi-dw-dma.c
+++ b/drivers/spi/spi-dw-dma.c
@@ -128,12 +128,15 @@ static int dw_spi_dma_init_mfld(struct device *dev, struct dw_spi *dws)
dw_spi_dma_sg_burst_init(dws);
+ pci_dev_put(dma_dev);
+
return 0;
free_rxchan:
dma_release_channel(dws->rxchan);
dws->rxchan = NULL;
err_exit:
+ pci_dev_put(dma_dev);
return -EBUSY;
}
--
2.35.1
^ permalink raw reply related [flat|nested] 305+ messages in thread
* [PATCH 6.0 065/289] regulator: core: fix UAF in destroy_regulator()
2022-11-30 18:19 [PATCH 6.0 000/289] 6.0.11-rc1 review Greg Kroah-Hartman
` (63 preceding siblings ...)
2022-11-30 18:20 ` [PATCH 6.0 064/289] spi: dw-dma: decrease reference count in dw_spi_dma_init_mfld() Greg Kroah-Hartman
@ 2022-11-30 18:20 ` Greg Kroah-Hartman
2022-11-30 18:20 ` [PATCH 6.0 066/289] bus: sunxi-rsb: Remove the shutdown callback Greg Kroah-Hartman
` (233 subsequent siblings)
298 siblings, 0 replies; 305+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-30 18:20 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Yang Yingliang, Mark Brown, Sasha Levin
From: Yang Yingliang <yangyingliang@huawei.com>
[ Upstream commit 1f386d6894d0f1b7de8ef640c41622ddd698e7ab ]
I got a UAF report as following:
==================================================================
BUG: KASAN: use-after-free in __lock_acquire+0x935/0x2060
Read of size 8 at addr ffff88810e838220 by task python3/268
Call Trace:
<TASK>
dump_stack_lvl+0x67/0x83
print_report+0x178/0x4b0
kasan_report+0x90/0x190
__lock_acquire+0x935/0x2060
lock_acquire+0x156/0x400
_raw_spin_lock+0x2a/0x40
lockref_get+0x11/0x30
simple_recursive_removal+0x41/0x440
debugfs_remove.part.12+0x32/0x50
debugfs_remove+0x29/0x30
_regulator_put.cold.54+0x3e/0x27f
regulator_put+0x1f/0x30
release_nodes+0x6a/0xa0
devres_release_all+0xf8/0x150
Allocated by task 37:
kasan_save_stack+0x1c/0x40
kasan_set_track+0x21/0x30
__kasan_slab_alloc+0x5d/0x70
slab_post_alloc_hook+0x62/0x510
kmem_cache_alloc_lru+0x222/0x5a0
__d_alloc+0x31/0x440
d_alloc+0x30/0xf0
d_alloc_parallel+0xc4/0xd20
__lookup_slow+0x15e/0x2f0
lookup_one_len+0x13a/0x150
start_creating+0xea/0x190
debugfs_create_dir+0x1e/0x210
create_regulator+0x254/0x4e0
_regulator_get+0x2a1/0x467
_devm_regulator_get+0x5a/0xb0
regulator_virtual_probe+0xb9/0x1a0
Freed by task 30:
kasan_save_stack+0x1c/0x40
kasan_set_track+0x21/0x30
kasan_save_free_info+0x2a/0x50
__kasan_slab_free+0x102/0x190
kmem_cache_free+0xf6/0x600
rcu_core+0x54c/0x12b0
__do_softirq+0xf2/0x5e3
Last potentially related work creation:
kasan_save_stack+0x1c/0x40
__kasan_record_aux_stack+0x98/0xb0
call_rcu+0x42/0x700
dentry_free+0x6c/0xd0
__dentry_kill+0x23b/0x2d0
dput.part.31+0x431/0x780
simple_recursive_removal+0xa9/0x440
debugfs_remove.part.12+0x32/0x50
debugfs_remove+0x29/0x30
regulator_unregister+0xe3/0x230
release_nodes+0x6a/0xa0
==================================================================
Here is how happened:
processor A processor B
regulator_register()
rdev_init_debugfs()
rdev->debugfs = debugfs_create_dir()
devm_regulator_get()
rdev = regulator_dev_lookup()
create_regulator(rdev)
// using rdev->debugfs as parent
debugfs_create_dir(rdev->debugfs)
mfd_remove_devices_fn()
release_nodes()
regulator_unregister()
// free rdev->debugfs
debugfs_remove_recursive(rdev->debugfs)
release_nodes()
destroy_regulator()
debugfs_remove_recursive() <- causes UAF
In devm_regulator_get(), after getting rdev, the refcount
is get, so fix this by moving debugfs_remove_recursive()
to regulator_dev_release(), then it can be proctected by
the refcount, the 'rdev->debugfs' can not be freed until
the refcount is 0.
Fixes: 5de705194e98 ("regulator: Add basic per consumer debugfs")
Signed-off-by: Yang Yingliang <yangyingliang@huawei.com>
Link: https://lore.kernel.org/r/20221116033706.3595812-1-yangyingliang@huawei.com
Signed-off-by: Mark Brown <broonie@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/regulator/core.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/regulator/core.c b/drivers/regulator/core.c
index 5f82a996dbea..c0f368f1b49f 100644
--- a/drivers/regulator/core.c
+++ b/drivers/regulator/core.c
@@ -5138,6 +5138,7 @@ static void regulator_dev_release(struct device *dev)
{
struct regulator_dev *rdev = dev_get_drvdata(dev);
+ debugfs_remove_recursive(rdev->debugfs);
kfree(rdev->constraints);
of_node_put(rdev->dev.of_node);
kfree(rdev);
@@ -5653,7 +5654,6 @@ void regulator_unregister(struct regulator_dev *rdev)
mutex_lock(®ulator_list_mutex);
- debugfs_remove_recursive(rdev->debugfs);
WARN_ON(rdev->open_count);
regulator_remove_coupling(rdev);
unset_regulator_supplies(rdev);
--
2.35.1
^ permalink raw reply related [flat|nested] 305+ messages in thread
* [PATCH 6.0 066/289] bus: sunxi-rsb: Remove the shutdown callback
2022-11-30 18:19 [PATCH 6.0 000/289] 6.0.11-rc1 review Greg Kroah-Hartman
` (64 preceding siblings ...)
2022-11-30 18:20 ` [PATCH 6.0 065/289] regulator: core: fix UAF in destroy_regulator() Greg Kroah-Hartman
@ 2022-11-30 18:20 ` Greg Kroah-Hartman
2022-11-30 18:20 ` [PATCH 6.0 067/289] bus: sunxi-rsb: Support atomic transfers Greg Kroah-Hartman
` (232 subsequent siblings)
298 siblings, 0 replies; 305+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-30 18:20 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Ivaylo Dimitrov, Jernej Skrabec,
Samuel Holland, Sasha Levin
From: Samuel Holland <samuel@sholland.org>
[ Upstream commit 5f4696ddca4b8a0bbbc36bd46829f97aab5a4552 ]
Shutting down the RSB controller prevents communicating with a PMIC
inside pm_power_off(), since that gets called after device_shutdown(),
so it breaks system poweroff on some boards.
Reported-by: Ivaylo Dimitrov <ivo.g.dimitrov.75@gmail.com>
Tested-by: Ivaylo Dimitrov <ivo.g.dimitrov.75@gmail.com>
Acked-by: Jernej Skrabec <jernej.skrabec@gmail.com>
Fixes: 843107498f91 ("bus: sunxi-rsb: Implement suspend/resume/shutdown callbacks")
Signed-off-by: Samuel Holland <samuel@sholland.org>
Link: https://lore.kernel.org/r/20221114015749.28490-2-samuel@sholland.org
Signed-off-by: Jernej Skrabec <jernej.skrabec@gmail.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/bus/sunxi-rsb.c | 9 ---------
1 file changed, 9 deletions(-)
diff --git a/drivers/bus/sunxi-rsb.c b/drivers/bus/sunxi-rsb.c
index 4cd2e127946e..17343cd75338 100644
--- a/drivers/bus/sunxi-rsb.c
+++ b/drivers/bus/sunxi-rsb.c
@@ -812,14 +812,6 @@ static int sunxi_rsb_remove(struct platform_device *pdev)
return 0;
}
-static void sunxi_rsb_shutdown(struct platform_device *pdev)
-{
- struct sunxi_rsb *rsb = platform_get_drvdata(pdev);
-
- pm_runtime_disable(&pdev->dev);
- sunxi_rsb_hw_exit(rsb);
-}
-
static const struct dev_pm_ops sunxi_rsb_dev_pm_ops = {
SET_RUNTIME_PM_OPS(sunxi_rsb_runtime_suspend,
sunxi_rsb_runtime_resume, NULL)
@@ -835,7 +827,6 @@ MODULE_DEVICE_TABLE(of, sunxi_rsb_of_match_table);
static struct platform_driver sunxi_rsb_driver = {
.probe = sunxi_rsb_probe,
.remove = sunxi_rsb_remove,
- .shutdown = sunxi_rsb_shutdown,
.driver = {
.name = RSB_CTRL_NAME,
.of_match_table = sunxi_rsb_of_match_table,
--
2.35.1
^ permalink raw reply related [flat|nested] 305+ messages in thread
* [PATCH 6.0 067/289] bus: sunxi-rsb: Support atomic transfers
2022-11-30 18:19 [PATCH 6.0 000/289] 6.0.11-rc1 review Greg Kroah-Hartman
` (65 preceding siblings ...)
2022-11-30 18:20 ` [PATCH 6.0 066/289] bus: sunxi-rsb: Remove the shutdown callback Greg Kroah-Hartman
@ 2022-11-30 18:20 ` Greg Kroah-Hartman
2022-11-30 18:20 ` [PATCH 6.0 068/289] tee: optee: fix possible memory leak in optee_register_device() Greg Kroah-Hartman
` (231 subsequent siblings)
298 siblings, 0 replies; 305+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-30 18:20 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Samuel Holland, Jernej Skrabec, Sasha Levin
From: Samuel Holland <samuel@sholland.org>
[ Upstream commit 077686da0e2162c4ea5ae0df205849c2a7a84479 ]
When communicating with a PMIC during system poweroff (pm_power_off()),
IRQs are disabled and we are in a RCU read-side critical section, so we
cannot use wait_for_completion_io_timeout(). Instead, poll the status
register for transfer completion.
Fixes: d787dcdb9c8f ("bus: sunxi-rsb: Add driver for Allwinner Reduced Serial Bus")
Signed-off-by: Samuel Holland <samuel@sholland.org>
Reviewed-by: Jernej Skrabec <jernej.skrabec@gmail.com>
Link: https://lore.kernel.org/r/20221114015749.28490-3-samuel@sholland.org
Signed-off-by: Jernej Skrabec <jernej.skrabec@gmail.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/bus/sunxi-rsb.c | 29 +++++++++++++++++++++--------
1 file changed, 21 insertions(+), 8 deletions(-)
diff --git a/drivers/bus/sunxi-rsb.c b/drivers/bus/sunxi-rsb.c
index 17343cd75338..3aa91aed3bf7 100644
--- a/drivers/bus/sunxi-rsb.c
+++ b/drivers/bus/sunxi-rsb.c
@@ -267,6 +267,9 @@ EXPORT_SYMBOL_GPL(sunxi_rsb_driver_register);
/* common code that starts a transfer */
static int _sunxi_rsb_run_xfer(struct sunxi_rsb *rsb)
{
+ u32 int_mask, status;
+ bool timeout;
+
if (readl(rsb->regs + RSB_CTRL) & RSB_CTRL_START_TRANS) {
dev_dbg(rsb->dev, "RSB transfer still in progress\n");
return -EBUSY;
@@ -274,13 +277,23 @@ static int _sunxi_rsb_run_xfer(struct sunxi_rsb *rsb)
reinit_completion(&rsb->complete);
- writel(RSB_INTS_LOAD_BSY | RSB_INTS_TRANS_ERR | RSB_INTS_TRANS_OVER,
- rsb->regs + RSB_INTE);
+ int_mask = RSB_INTS_LOAD_BSY | RSB_INTS_TRANS_ERR | RSB_INTS_TRANS_OVER;
+ writel(int_mask, rsb->regs + RSB_INTE);
writel(RSB_CTRL_START_TRANS | RSB_CTRL_GLOBAL_INT_ENB,
rsb->regs + RSB_CTRL);
- if (!wait_for_completion_io_timeout(&rsb->complete,
- msecs_to_jiffies(100))) {
+ if (irqs_disabled()) {
+ timeout = readl_poll_timeout_atomic(rsb->regs + RSB_INTS,
+ status, (status & int_mask),
+ 10, 100000);
+ writel(status, rsb->regs + RSB_INTS);
+ } else {
+ timeout = !wait_for_completion_io_timeout(&rsb->complete,
+ msecs_to_jiffies(100));
+ status = rsb->status;
+ }
+
+ if (timeout) {
dev_dbg(rsb->dev, "RSB timeout\n");
/* abort the transfer */
@@ -292,18 +305,18 @@ static int _sunxi_rsb_run_xfer(struct sunxi_rsb *rsb)
return -ETIMEDOUT;
}
- if (rsb->status & RSB_INTS_LOAD_BSY) {
+ if (status & RSB_INTS_LOAD_BSY) {
dev_dbg(rsb->dev, "RSB busy\n");
return -EBUSY;
}
- if (rsb->status & RSB_INTS_TRANS_ERR) {
- if (rsb->status & RSB_INTS_TRANS_ERR_ACK) {
+ if (status & RSB_INTS_TRANS_ERR) {
+ if (status & RSB_INTS_TRANS_ERR_ACK) {
dev_dbg(rsb->dev, "RSB slave nack\n");
return -EINVAL;
}
- if (rsb->status & RSB_INTS_TRANS_ERR_DATA) {
+ if (status & RSB_INTS_TRANS_ERR_DATA) {
dev_dbg(rsb->dev, "RSB transfer data error\n");
return -EIO;
}
--
2.35.1
^ permalink raw reply related [flat|nested] 305+ messages in thread
* [PATCH 6.0 068/289] tee: optee: fix possible memory leak in optee_register_device()
2022-11-30 18:19 [PATCH 6.0 000/289] 6.0.11-rc1 review Greg Kroah-Hartman
` (66 preceding siblings ...)
2022-11-30 18:20 ` [PATCH 6.0 067/289] bus: sunxi-rsb: Support atomic transfers Greg Kroah-Hartman
@ 2022-11-30 18:20 ` Greg Kroah-Hartman
2022-11-30 18:20 ` [PATCH 6.0 069/289] spi: tegra210-quad: Fix duplicate resource error Greg Kroah-Hartman
` (230 subsequent siblings)
298 siblings, 0 replies; 305+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-30 18:20 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Yang Yingliang, Sumit Garg,
Jens Wiklander, Sasha Levin
From: Yang Yingliang <yangyingliang@huawei.com>
[ Upstream commit cce616e012c215d65c15e5d1afa73182dea49389 ]
If device_register() returns error in optee_register_device(),
the name allocated by dev_set_name() need be freed. As comment
of device_register() says, it should use put_device() to give
up the reference in the error path. So fix this by calling
put_device(), then the name can be freed in kobject_cleanup(),
and optee_device is freed in optee_release_device().
Fixes: c3fa24af9244 ("tee: optee: add TEE bus device enumeration support")
Signed-off-by: Yang Yingliang <yangyingliang@huawei.com>
Reviewed-by: Sumit Garg <sumit.garg@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/tee/optee/device.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/tee/optee/device.c b/drivers/tee/optee/device.c
index f3947be13e2e..64f0e047c23d 100644
--- a/drivers/tee/optee/device.c
+++ b/drivers/tee/optee/device.c
@@ -80,7 +80,7 @@ static int optee_register_device(const uuid_t *device_uuid)
rc = device_register(&optee_device->dev);
if (rc) {
pr_err("device registration failed, err: %d\n", rc);
- kfree(optee_device);
+ put_device(&optee_device->dev);
}
return rc;
--
2.35.1
^ permalink raw reply related [flat|nested] 305+ messages in thread
* [PATCH 6.0 069/289] spi: tegra210-quad: Fix duplicate resource error
2022-11-30 18:19 [PATCH 6.0 000/289] 6.0.11-rc1 review Greg Kroah-Hartman
` (67 preceding siblings ...)
2022-11-30 18:20 ` [PATCH 6.0 068/289] tee: optee: fix possible memory leak in optee_register_device() Greg Kroah-Hartman
@ 2022-11-30 18:20 ` Greg Kroah-Hartman
2022-11-30 18:20 ` Greg Kroah-Hartman
` (229 subsequent siblings)
298 siblings, 0 replies; 305+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-30 18:20 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Krishna Yarlagadda, Jon Hunter,
Mark Brown, Sasha Levin
From: Krishna Yarlagadda <kyarlagadda@nvidia.com>
[ Upstream commit 2197aa6b0aa236b9896a09b9d08d6924d18b84f6 ]
controller data alloc is done with client device data causing duplicate
resource error. Allocate memory using controller device when using devm
Fixes: f89d2cc3967a ("spi: tegra210-quad: use devm call for cdata memory")
Signed-off-by: Krishna Yarlagadda <kyarlagadda@nvidia.com>
Reviewed-by: Jon Hunter <jonathanh@nvidia.com>
Tested-by: Jon Hunter <jonathanh@nvidia.com>
Link: https://lore.kernel.org/r/20221117070320.18720-1-kyarlagadda@nvidia.com
Signed-off-by: Mark Brown <broonie@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/spi/spi-tegra210-quad.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/drivers/spi/spi-tegra210-quad.c b/drivers/spi/spi-tegra210-quad.c
index 10f0c5a6e0dc..9f356612ba7e 100644
--- a/drivers/spi/spi-tegra210-quad.c
+++ b/drivers/spi/spi-tegra210-quad.c
@@ -924,8 +924,9 @@ static int tegra_qspi_start_transfer_one(struct spi_device *spi,
static struct tegra_qspi_client_data *tegra_qspi_parse_cdata_dt(struct spi_device *spi)
{
struct tegra_qspi_client_data *cdata;
+ struct tegra_qspi *tqspi = spi_master_get_devdata(spi->master);
- cdata = devm_kzalloc(&spi->dev, sizeof(*cdata), GFP_KERNEL);
+ cdata = devm_kzalloc(tqspi->dev, sizeof(*cdata), GFP_KERNEL);
if (!cdata)
return NULL;
--
2.35.1
^ permalink raw reply related [flat|nested] 305+ messages in thread
* [PATCH 6.0 070/289] ARM: dts: at91: sam9g20ek: enable udc vbus gpio pinctrl
2022-11-30 18:19 [PATCH 6.0 000/289] 6.0.11-rc1 review Greg Kroah-Hartman
@ 2022-11-30 18:20 ` Greg Kroah-Hartman
2022-11-30 18:19 ` [PATCH 6.0 002/289] ceph: Use kcalloc for allocating multiple elements Greg Kroah-Hartman
` (297 subsequent siblings)
298 siblings, 0 replies; 305+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-30 18:20 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, nicolas.ferre, ludovic.desroches,
alexandre.belloni, linux-arm-kernel, kernel, Michael Grzeschik,
Claudiu Beznea, Sasha Levin
From: Michael Grzeschik <m.grzeschik@pengutronix.de>
[ Upstream commit 40a2226e8bfacb79dd154dea68febeead9d847e9 ]
We set the PIOC to GPIO mode. This way the pin becomes an
input signal will be usable by the controller. Without
this change the udc on the 9g20ek does not work.
Cc: nicolas.ferre@microchip.com
Cc: ludovic.desroches@microchip.com
Cc: alexandre.belloni@bootlin.com
Cc: linux-arm-kernel@lists.infradead.org
Cc: kernel@pengutronix.de
Fixes: 5cb4e73575e3 ("ARM: at91: add at91sam9g20ek boards dt support")
Signed-off-by: Michael Grzeschik <m.grzeschik@pengutronix.de>
Signed-off-by: Claudiu Beznea <claudiu.beznea@microchip.com>
Link: https://lore.kernel.org/r/20221114185923.1023249-3-m.grzeschik@pengutronix.de
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/arm/boot/dts/at91sam9g20ek_common.dtsi | 9 +++++++++
1 file changed, 9 insertions(+)
diff --git a/arch/arm/boot/dts/at91sam9g20ek_common.dtsi b/arch/arm/boot/dts/at91sam9g20ek_common.dtsi
index 60d61291f344..024af2db638e 100644
--- a/arch/arm/boot/dts/at91sam9g20ek_common.dtsi
+++ b/arch/arm/boot/dts/at91sam9g20ek_common.dtsi
@@ -39,6 +39,13 @@ pinctrl_pck0_as_mck: pck0_as_mck {
};
+ usb1 {
+ pinctrl_usb1_vbus_gpio: usb1_vbus_gpio {
+ atmel,pins =
+ <AT91_PIOC 5 AT91_PERIPH_GPIO AT91_PINCTRL_DEGLITCH>; /* PC5 GPIO */
+ };
+ };
+
mmc0_slot1 {
pinctrl_board_mmc0_slot1: mmc0_slot1-board {
atmel,pins =
@@ -84,6 +91,8 @@ macb0: ethernet@fffc4000 {
};
usb1: gadget@fffa4000 {
+ pinctrl-0 = <&pinctrl_usb1_vbus_gpio>;
+ pinctrl-names = "default";
atmel,vbus-gpio = <&pioC 5 GPIO_ACTIVE_HIGH>;
status = "okay";
};
--
2.35.1
^ permalink raw reply related [flat|nested] 305+ messages in thread
* [PATCH 6.0 070/289] ARM: dts: at91: sam9g20ek: enable udc vbus gpio pinctrl
@ 2022-11-30 18:20 ` Greg Kroah-Hartman
0 siblings, 0 replies; 305+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-30 18:20 UTC (permalink / raw)
To: stable
Cc: Sasha Levin, alexandre.belloni, Michael Grzeschik,
Greg Kroah-Hartman, patches, ludovic.desroches, kernel,
Claudiu Beznea, linux-arm-kernel
From: Michael Grzeschik <m.grzeschik@pengutronix.de>
[ Upstream commit 40a2226e8bfacb79dd154dea68febeead9d847e9 ]
We set the PIOC to GPIO mode. This way the pin becomes an
input signal will be usable by the controller. Without
this change the udc on the 9g20ek does not work.
Cc: nicolas.ferre@microchip.com
Cc: ludovic.desroches@microchip.com
Cc: alexandre.belloni@bootlin.com
Cc: linux-arm-kernel@lists.infradead.org
Cc: kernel@pengutronix.de
Fixes: 5cb4e73575e3 ("ARM: at91: add at91sam9g20ek boards dt support")
Signed-off-by: Michael Grzeschik <m.grzeschik@pengutronix.de>
Signed-off-by: Claudiu Beznea <claudiu.beznea@microchip.com>
Link: https://lore.kernel.org/r/20221114185923.1023249-3-m.grzeschik@pengutronix.de
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/arm/boot/dts/at91sam9g20ek_common.dtsi | 9 +++++++++
1 file changed, 9 insertions(+)
diff --git a/arch/arm/boot/dts/at91sam9g20ek_common.dtsi b/arch/arm/boot/dts/at91sam9g20ek_common.dtsi
index 60d61291f344..024af2db638e 100644
--- a/arch/arm/boot/dts/at91sam9g20ek_common.dtsi
+++ b/arch/arm/boot/dts/at91sam9g20ek_common.dtsi
@@ -39,6 +39,13 @@ pinctrl_pck0_as_mck: pck0_as_mck {
};
+ usb1 {
+ pinctrl_usb1_vbus_gpio: usb1_vbus_gpio {
+ atmel,pins =
+ <AT91_PIOC 5 AT91_PERIPH_GPIO AT91_PINCTRL_DEGLITCH>; /* PC5 GPIO */
+ };
+ };
+
mmc0_slot1 {
pinctrl_board_mmc0_slot1: mmc0_slot1-board {
atmel,pins =
@@ -84,6 +91,8 @@ macb0: ethernet@fffc4000 {
};
usb1: gadget@fffa4000 {
+ pinctrl-0 = <&pinctrl_usb1_vbus_gpio>;
+ pinctrl-names = "default";
atmel,vbus-gpio = <&pioC 5 GPIO_ACTIVE_HIGH>;
status = "okay";
};
--
2.35.1
_______________________________________________
linux-arm-kernel mailing list
linux-arm-kernel@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/linux-arm-kernel
^ permalink raw reply related [flat|nested] 305+ messages in thread
* [PATCH 6.0 071/289] selftests: mptcp: gives slow test-case more time
2022-11-30 18:19 [PATCH 6.0 000/289] 6.0.11-rc1 review Greg Kroah-Hartman
` (69 preceding siblings ...)
2022-11-30 18:20 ` Greg Kroah-Hartman
@ 2022-11-30 18:20 ` Greg Kroah-Hartman
2022-11-30 18:20 ` [PATCH 6.0 072/289] selftests: mptcp: run mptcp_sockopt from a new netns Greg Kroah-Hartman
` (227 subsequent siblings)
298 siblings, 0 replies; 305+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-30 18:20 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Mat Martineau, Paolo Abeni,
Jakub Kicinski, Sasha Levin
From: Paolo Abeni <pabeni@redhat.com>
[ Upstream commit 22b29557aef3c9d673c887911b504c6d47009de4 ]
On slow or busy VM, some test-cases still fail because the
data transfer completes before the endpoint manipulation
actually took effect.
Address the issue by artificially increasing the runtime for
the relevant test-cases.
Fixes: ef360019db40 ("selftests: mptcp: signal addresses testcases")
Closes: https://github.com/multipath-tcp/mptcp_net-next/issues/309
Reviewed-by: Mat Martineau <mathew.j.martineau@linux.intel.com>
Signed-off-by: Paolo Abeni <pabeni@redhat.com>
Signed-off-by: Mat Martineau <mathew.j.martineau@linux.intel.com>
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
tools/testing/selftests/net/mptcp/mptcp_join.sh | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/tools/testing/selftests/net/mptcp/mptcp_join.sh b/tools/testing/selftests/net/mptcp/mptcp_join.sh
index ff83ef426df5..e52b79440123 100755
--- a/tools/testing/selftests/net/mptcp/mptcp_join.sh
+++ b/tools/testing/selftests/net/mptcp/mptcp_join.sh
@@ -2105,7 +2105,7 @@ remove_tests()
pm_nl_set_limits $ns2 1 3
pm_nl_add_endpoint $ns2 10.0.3.2 flags subflow
pm_nl_add_endpoint $ns2 10.0.4.2 flags subflow
- run_tests $ns1 $ns2 10.0.1.1 0 -1 -2 slow
+ run_tests $ns1 $ns2 10.0.1.1 0 -1 -2 speed_10
chk_join_nr 3 3 3
chk_add_nr 1 1
chk_rm_nr 2 2
@@ -2118,7 +2118,7 @@ remove_tests()
pm_nl_add_endpoint $ns1 10.0.3.1 flags signal
pm_nl_add_endpoint $ns1 10.0.4.1 flags signal
pm_nl_set_limits $ns2 3 3
- run_tests $ns1 $ns2 10.0.1.1 0 -3 0 slow
+ run_tests $ns1 $ns2 10.0.1.1 0 -3 0 speed_10
chk_join_nr 3 3 3
chk_add_nr 3 3
chk_rm_nr 3 3 invert
@@ -2131,7 +2131,7 @@ remove_tests()
pm_nl_add_endpoint $ns1 10.0.3.1 flags signal
pm_nl_add_endpoint $ns1 10.0.14.1 flags signal
pm_nl_set_limits $ns2 3 3
- run_tests $ns1 $ns2 10.0.1.1 0 -3 0 slow
+ run_tests $ns1 $ns2 10.0.1.1 0 -3 0 speed_10
chk_join_nr 1 1 1
chk_add_nr 3 3
chk_rm_nr 3 1 invert
--
2.35.1
^ permalink raw reply related [flat|nested] 305+ messages in thread
* [PATCH 6.0 072/289] selftests: mptcp: run mptcp_sockopt from a new netns
2022-11-30 18:19 [PATCH 6.0 000/289] 6.0.11-rc1 review Greg Kroah-Hartman
` (70 preceding siblings ...)
2022-11-30 18:20 ` [PATCH 6.0 071/289] selftests: mptcp: gives slow test-case more time Greg Kroah-Hartman
@ 2022-11-30 18:20 ` Greg Kroah-Hartman
2022-11-30 18:20 ` [PATCH 6.0 073/289] selftests: mptcp: fix mibit vs mbit mix up Greg Kroah-Hartman
` (226 subsequent siblings)
298 siblings, 0 replies; 305+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-30 18:20 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Mat Martineau, Matthieu Baerts,
Jakub Kicinski, Sasha Levin
From: Matthieu Baerts <matthieu.baerts@tessares.net>
[ Upstream commit 7e68d31020f18f8d695d5f143fc16cdaa96166cb ]
Not running it from a new netns causes issues if some MPTCP settings are
modified, e.g. if MPTCP is disabled from the sysctl knob, if multiple
addresses are available and added to the MPTCP path-manager, etc.
In these cases, the created connection will not behave as expected, e.g.
unable to create an MPTCP socket, more than one subflow is seen, etc.
A new "sandbox" net namespace is now created and used to run
mptcp_sockopt from this controlled environment.
Fixes: ce9979129a0b ("selftests: mptcp: add mptcp getsockopt test cases")
Reviewed-by: Mat Martineau <mathew.j.martineau@linux.intel.com>
Signed-off-by: Matthieu Baerts <matthieu.baerts@tessares.net>
Signed-off-by: Mat Martineau <mathew.j.martineau@linux.intel.com>
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
tools/testing/selftests/net/mptcp/mptcp_sockopt.sh | 9 +++++----
1 file changed, 5 insertions(+), 4 deletions(-)
diff --git a/tools/testing/selftests/net/mptcp/mptcp_sockopt.sh b/tools/testing/selftests/net/mptcp/mptcp_sockopt.sh
index 0879da915014..80d36f7cfee8 100755
--- a/tools/testing/selftests/net/mptcp/mptcp_sockopt.sh
+++ b/tools/testing/selftests/net/mptcp/mptcp_sockopt.sh
@@ -35,8 +35,9 @@ init()
ns1="ns1-$rndh"
ns2="ns2-$rndh"
+ ns_sbox="ns_sbox-$rndh"
- for netns in "$ns1" "$ns2";do
+ for netns in "$ns1" "$ns2" "$ns_sbox";do
ip netns add $netns || exit $ksft_skip
ip -net $netns link set lo up
ip netns exec $netns sysctl -q net.mptcp.enabled=1
@@ -73,7 +74,7 @@ init()
cleanup()
{
- for netns in "$ns1" "$ns2"; do
+ for netns in "$ns1" "$ns2" "$ns_sbox"; do
ip netns del $netns
done
rm -f "$cin" "$cout"
@@ -243,7 +244,7 @@ do_mptcp_sockopt_tests()
{
local lret=0
- ./mptcp_sockopt
+ ip netns exec "$ns_sbox" ./mptcp_sockopt
lret=$?
if [ $lret -ne 0 ]; then
@@ -252,7 +253,7 @@ do_mptcp_sockopt_tests()
return
fi
- ./mptcp_sockopt -6
+ ip netns exec "$ns_sbox" ./mptcp_sockopt -6
lret=$?
if [ $lret -ne 0 ]; then
--
2.35.1
^ permalink raw reply related [flat|nested] 305+ messages in thread
* [PATCH 6.0 073/289] selftests: mptcp: fix mibit vs mbit mix up
2022-11-30 18:19 [PATCH 6.0 000/289] 6.0.11-rc1 review Greg Kroah-Hartman
` (71 preceding siblings ...)
2022-11-30 18:20 ` [PATCH 6.0 072/289] selftests: mptcp: run mptcp_sockopt from a new netns Greg Kroah-Hartman
@ 2022-11-30 18:20 ` Greg Kroah-Hartman
2022-11-30 18:20 ` [PATCH 6.0 074/289] net: liquidio: simplify if expression Greg Kroah-Hartman
` (225 subsequent siblings)
298 siblings, 0 replies; 305+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-30 18:20 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Paolo Abeni, Mat Martineau,
Matthieu Baerts, Jakub Kicinski, Sasha Levin
From: Matthieu Baerts <matthieu.baerts@tessares.net>
[ Upstream commit 3de88b95c4d436d78afc0266a0bed76c35ddeb62 ]
The estimated time was supposing the rate was expressed in mibit
(bit * 1024^2) but it is in mbit (bit * 1000^2).
This makes the threshold higher but in a more realistic way to avoid
false positives reported by CI instances.
Before this patch, the thresholds were at 7561/4005ms and now they are
at 7906/4178ms.
While at it, also fix a typo in the linked comment, spotted by Mat.
Closes: https://github.com/multipath-tcp/mptcp_net-next/issues/310
Fixes: 1a418cb8e888 ("mptcp: simult flow self-tests")
Suggested-by: Paolo Abeni <pabeni@redhat.com>
Reviewed-by: Mat Martineau <mathew.j.martineau@linux.intel.com>
Signed-off-by: Matthieu Baerts <matthieu.baerts@tessares.net>
Signed-off-by: Mat Martineau <mathew.j.martineau@linux.intel.com>
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
tools/testing/selftests/net/mptcp/simult_flows.sh | 5 +++--
1 file changed, 3 insertions(+), 2 deletions(-)
diff --git a/tools/testing/selftests/net/mptcp/simult_flows.sh b/tools/testing/selftests/net/mptcp/simult_flows.sh
index ffa13a957a36..40aeb5a71a2a 100755
--- a/tools/testing/selftests/net/mptcp/simult_flows.sh
+++ b/tools/testing/selftests/net/mptcp/simult_flows.sh
@@ -247,9 +247,10 @@ run_test()
tc -n $ns2 qdisc add dev ns2eth1 root netem rate ${rate1}mbit $delay1
tc -n $ns2 qdisc add dev ns2eth2 root netem rate ${rate2}mbit $delay2
- # time is measured in ms, account for transfer size, affegated link speed
+ # time is measured in ms, account for transfer size, aggregated link speed
# and header overhead (10%)
- local time=$((size * 8 * 1000 * 10 / (( $rate1 + $rate2) * 1024 *1024 * 9) ))
+ # ms byte -> bit 10% mbit -> kbit -> bit 10%
+ local time=$((1000 * size * 8 * 10 / ((rate1 + rate2) * 1000 * 1000 * 9) ))
# mptcp_connect will do some sleeps to allow the mp_join handshake
# completion (see mptcp_connect): 200ms on each side, add some slack
--
2.35.1
^ permalink raw reply related [flat|nested] 305+ messages in thread
* [PATCH 6.0 074/289] net: liquidio: simplify if expression
2022-11-30 18:19 [PATCH 6.0 000/289] 6.0.11-rc1 review Greg Kroah-Hartman
` (72 preceding siblings ...)
2022-11-30 18:20 ` [PATCH 6.0 073/289] selftests: mptcp: fix mibit vs mbit mix up Greg Kroah-Hartman
@ 2022-11-30 18:20 ` Greg Kroah-Hartman
2022-11-30 18:21 ` [PATCH 6.0 075/289] net: neigh: decrement the family specific qlen Greg Kroah-Hartman
` (224 subsequent siblings)
298 siblings, 0 replies; 305+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-30 18:20 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, kernel test robot, Leon Romanovsky,
Saeed Mahameed, David S. Miller, Sasha Levin
From: Leon Romanovsky <leonro@nvidia.com>
[ Upstream commit 733d4bbf9514890eb53ebe75827bf1fb4fd25ebe ]
Fix the warning reported by kbuild:
cocci warnings: (new ones prefixed by >>)
>> drivers/net/ethernet/cavium/liquidio/lio_main.c:1797:54-56: WARNING !A || A && B is equivalent to !A || B
drivers/net/ethernet/cavium/liquidio/lio_main.c:1827:54-56: WARNING !A || A && B is equivalent to !A || B
Fixes: 8979f428a4af ("net: liquidio: release resources when liquidio driver open failed")
Reported-by: kernel test robot <lkp@intel.com>
Signed-off-by: Leon Romanovsky <leonro@nvidia.com>
Reviewed-by: Saeed Mahameed <saeed@kernel.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/ethernet/cavium/liquidio/lio_main.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/drivers/net/ethernet/cavium/liquidio/lio_main.c b/drivers/net/ethernet/cavium/liquidio/lio_main.c
index bf6a72143040..1e5dc0ea0e31 100644
--- a/drivers/net/ethernet/cavium/liquidio/lio_main.c
+++ b/drivers/net/ethernet/cavium/liquidio/lio_main.c
@@ -1799,7 +1799,7 @@ static int liquidio_open(struct net_device *netdev)
ifstate_set(lio, LIO_IFSTATE_RUNNING);
- if (!OCTEON_CN23XX_PF(oct) || (OCTEON_CN23XX_PF(oct) && !oct->msix_on)) {
+ if (!OCTEON_CN23XX_PF(oct) || !oct->msix_on) {
ret = setup_tx_poll_fn(netdev);
if (ret)
goto err_poll;
@@ -1829,7 +1829,7 @@ static int liquidio_open(struct net_device *netdev)
return 0;
err_rx_ctrl:
- if (!OCTEON_CN23XX_PF(oct) || (OCTEON_CN23XX_PF(oct) && !oct->msix_on))
+ if (!OCTEON_CN23XX_PF(oct) || !oct->msix_on)
cleanup_tx_poll_fn(netdev);
err_poll:
if (lio->ptp_clock) {
--
2.35.1
^ permalink raw reply related [flat|nested] 305+ messages in thread
* [PATCH 6.0 075/289] net: neigh: decrement the family specific qlen
2022-11-30 18:19 [PATCH 6.0 000/289] 6.0.11-rc1 review Greg Kroah-Hartman
` (73 preceding siblings ...)
2022-11-30 18:20 ` [PATCH 6.0 074/289] net: liquidio: simplify if expression Greg Kroah-Hartman
@ 2022-11-30 18:21 ` Greg Kroah-Hartman
2022-12-01 15:04 ` Chuck Zmudzinski
2022-11-30 18:21 ` [PATCH 6.0 076/289] ipvlan: hold lower dev to avoid possible use-after-free Greg Kroah-Hartman
` (223 subsequent siblings)
298 siblings, 1 reply; 305+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-30 18:21 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Thomas Zeitlhofer, David S. Miller,
Sasha Levin
From: Thomas Zeitlhofer <thomas.zeitlhofer+lkml@ze-it.at>
[ Upstream commit 8207f253a097fe15c93d85ac15ebb73c5e39e1e1 ]
Commit 0ff4eb3d5ebb ("neighbour: make proxy_queue.qlen limit
per-device") introduced the length counter qlen in struct neigh_parms.
There are separate neigh_parms instances for IPv4/ARP and IPv6/ND, and
while the family specific qlen is incremented in pneigh_enqueue(), the
mentioned commit decrements always the IPv4/ARP specific qlen,
regardless of the currently processed family, in pneigh_queue_purge()
and neigh_proxy_process().
As a result, with IPv6/ND, the family specific qlen is only incremented
(and never decremented) until it exceeds PROXY_QLEN, and then, according
to the check in pneigh_enqueue(), neighbor solicitations are not
answered anymore. As an example, this is noted when using the
subnet-router anycast address to access a Linux router. After a certain
amount of time (in the observed case, qlen exceeded PROXY_QLEN after two
days), the Linux router stops answering neighbor solicitations for its
subnet-router anycast address and effectively becomes unreachable.
Another result with IPv6/ND is that the IPv4/ARP specific qlen is
decremented more often than incremented. This leads to negative qlen
values, as a signed integer has been used for the length counter qlen,
and potentially to an integer overflow.
Fix this by introducing the helper function neigh_parms_qlen_dec(),
which decrements the family specific qlen. Thereby, make use of the
existing helper function neigh_get_dev_parms_rcu(), whose definition
therefore needs to be placed earlier in neighbour.c. Take the family
member from struct neigh_table to determine the currently processed
family and appropriately call neigh_parms_qlen_dec() from
pneigh_queue_purge() and neigh_proxy_process().
Additionally, use an unsigned integer for the length counter qlen.
Fixes: 0ff4eb3d5ebb ("neighbour: make proxy_queue.qlen limit per-device")
Signed-off-by: Thomas Zeitlhofer <thomas.zeitlhofer+lkml@ze-it.at>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
include/net/neighbour.h | 2 +-
net/core/neighbour.c | 58 +++++++++++++++++++++--------------------
2 files changed, 31 insertions(+), 29 deletions(-)
diff --git a/include/net/neighbour.h b/include/net/neighbour.h
index 3827a6b395fd..bce6b228cf56 100644
--- a/include/net/neighbour.h
+++ b/include/net/neighbour.h
@@ -83,7 +83,7 @@ struct neigh_parms {
struct rcu_head rcu_head;
int reachable_time;
- int qlen;
+ u32 qlen;
int data[NEIGH_VAR_DATA_MAX];
DECLARE_BITMAP(data_state, NEIGH_VAR_DATA_MAX);
};
diff --git a/net/core/neighbour.c b/net/core/neighbour.c
index 84755db81e9d..35f5a3125808 100644
--- a/net/core/neighbour.c
+++ b/net/core/neighbour.c
@@ -307,7 +307,31 @@ static int neigh_del_timer(struct neighbour *n)
return 0;
}
-static void pneigh_queue_purge(struct sk_buff_head *list, struct net *net)
+static struct neigh_parms *neigh_get_dev_parms_rcu(struct net_device *dev,
+ int family)
+{
+ switch (family) {
+ case AF_INET:
+ return __in_dev_arp_parms_get_rcu(dev);
+ case AF_INET6:
+ return __in6_dev_nd_parms_get_rcu(dev);
+ }
+ return NULL;
+}
+
+static void neigh_parms_qlen_dec(struct net_device *dev, int family)
+{
+ struct neigh_parms *p;
+
+ rcu_read_lock();
+ p = neigh_get_dev_parms_rcu(dev, family);
+ if (p)
+ p->qlen--;
+ rcu_read_unlock();
+}
+
+static void pneigh_queue_purge(struct sk_buff_head *list, struct net *net,
+ int family)
{
struct sk_buff_head tmp;
unsigned long flags;
@@ -321,13 +345,7 @@ static void pneigh_queue_purge(struct sk_buff_head *list, struct net *net)
struct net_device *dev = skb->dev;
if (net == NULL || net_eq(dev_net(dev), net)) {
- struct in_device *in_dev;
-
- rcu_read_lock();
- in_dev = __in_dev_get_rcu(dev);
- if (in_dev)
- in_dev->arp_parms->qlen--;
- rcu_read_unlock();
+ neigh_parms_qlen_dec(dev, family);
__skb_unlink(skb, list);
__skb_queue_tail(&tmp, skb);
}
@@ -409,7 +427,8 @@ static int __neigh_ifdown(struct neigh_table *tbl, struct net_device *dev,
write_lock_bh(&tbl->lock);
neigh_flush_dev(tbl, dev, skip_perm);
pneigh_ifdown_and_unlock(tbl, dev);
- pneigh_queue_purge(&tbl->proxy_queue, dev ? dev_net(dev) : NULL);
+ pneigh_queue_purge(&tbl->proxy_queue, dev ? dev_net(dev) : NULL,
+ tbl->family);
if (skb_queue_empty_lockless(&tbl->proxy_queue))
del_timer_sync(&tbl->proxy_timer);
return 0;
@@ -1621,13 +1640,8 @@ static void neigh_proxy_process(struct timer_list *t)
if (tdif <= 0) {
struct net_device *dev = skb->dev;
- struct in_device *in_dev;
- rcu_read_lock();
- in_dev = __in_dev_get_rcu(dev);
- if (in_dev)
- in_dev->arp_parms->qlen--;
- rcu_read_unlock();
+ neigh_parms_qlen_dec(dev, tbl->family);
__skb_unlink(skb, &tbl->proxy_queue);
if (tbl->proxy_redo && netif_running(dev)) {
@@ -1821,7 +1835,7 @@ int neigh_table_clear(int index, struct neigh_table *tbl)
cancel_delayed_work_sync(&tbl->managed_work);
cancel_delayed_work_sync(&tbl->gc_work);
del_timer_sync(&tbl->proxy_timer);
- pneigh_queue_purge(&tbl->proxy_queue, NULL);
+ pneigh_queue_purge(&tbl->proxy_queue, NULL, tbl->family);
neigh_ifdown(tbl, NULL);
if (atomic_read(&tbl->entries))
pr_crit("neighbour leakage\n");
@@ -3542,18 +3556,6 @@ static int proc_unres_qlen(struct ctl_table *ctl, int write,
return ret;
}
-static struct neigh_parms *neigh_get_dev_parms_rcu(struct net_device *dev,
- int family)
-{
- switch (family) {
- case AF_INET:
- return __in_dev_arp_parms_get_rcu(dev);
- case AF_INET6:
- return __in6_dev_nd_parms_get_rcu(dev);
- }
- return NULL;
-}
-
static void neigh_copy_dflt_parms(struct net *net, struct neigh_parms *p,
int index)
{
--
2.35.1
^ permalink raw reply related [flat|nested] 305+ messages in thread
* [PATCH 6.0 076/289] ipvlan: hold lower dev to avoid possible use-after-free
2022-11-30 18:19 [PATCH 6.0 000/289] 6.0.11-rc1 review Greg Kroah-Hartman
` (74 preceding siblings ...)
2022-11-30 18:21 ` [PATCH 6.0 075/289] net: neigh: decrement the family specific qlen Greg Kroah-Hartman
@ 2022-11-30 18:21 ` Greg Kroah-Hartman
2022-11-30 18:21 ` [PATCH 6.0 077/289] rxrpc: Fix race between conn bundle lookup and bundle removal [ZDI-CAN-15975] Greg Kroah-Hartman
` (222 subsequent siblings)
298 siblings, 0 replies; 305+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-30 18:21 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Mahesh Bandewar, David S. Miller,
Sasha Levin
From: Mahesh Bandewar <maheshb@google.com>
[ Upstream commit 40b9d1ab63f5c4f3cb69450044d07b45e5af72e1 ]
Recently syzkaller discovered the issue of disappearing lower
device (NETDEV_UNREGISTER) while the virtual device (like
macvlan) is still having it as a lower device. So it's just
a matter of time similar discovery will be made for IPvlan
device setup. So fixing it preemptively. Also while at it,
add a refcount tracker.
Fixes: 2ad7bf363841 ("ipvlan: Initial check-in of the IPVLAN driver.")
Signed-off-by: Mahesh Bandewar <maheshb@google.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/ipvlan/ipvlan.h | 1 +
drivers/net/ipvlan/ipvlan_main.c | 2 ++
2 files changed, 3 insertions(+)
diff --git a/drivers/net/ipvlan/ipvlan.h b/drivers/net/ipvlan/ipvlan.h
index de94921cbef9..025e0c19ec25 100644
--- a/drivers/net/ipvlan/ipvlan.h
+++ b/drivers/net/ipvlan/ipvlan.h
@@ -98,6 +98,7 @@ struct ipvl_port {
struct sk_buff_head backlog;
int count;
struct ida ida;
+ netdevice_tracker dev_tracker;
};
struct ipvl_skb_cb {
diff --git a/drivers/net/ipvlan/ipvlan_main.c b/drivers/net/ipvlan/ipvlan_main.c
index 49ba8a50dfb1..9043bcd1b41d 100644
--- a/drivers/net/ipvlan/ipvlan_main.c
+++ b/drivers/net/ipvlan/ipvlan_main.c
@@ -83,6 +83,7 @@ static int ipvlan_port_create(struct net_device *dev)
if (err)
goto err;
+ netdev_hold(dev, &port->dev_tracker, GFP_KERNEL);
return 0;
err:
@@ -95,6 +96,7 @@ static void ipvlan_port_destroy(struct net_device *dev)
struct ipvl_port *port = ipvlan_port_get_rtnl(dev);
struct sk_buff *skb;
+ netdev_put(dev, &port->dev_tracker);
if (port->mode == IPVLAN_MODE_L3S)
ipvlan_l3s_unregister(port);
netdev_rx_handler_unregister(dev);
--
2.35.1
^ permalink raw reply related [flat|nested] 305+ messages in thread
* [PATCH 6.0 077/289] rxrpc: Fix race between conn bundle lookup and bundle removal [ZDI-CAN-15975]
2022-11-30 18:19 [PATCH 6.0 000/289] 6.0.11-rc1 review Greg Kroah-Hartman
` (75 preceding siblings ...)
2022-11-30 18:21 ` [PATCH 6.0 076/289] ipvlan: hold lower dev to avoid possible use-after-free Greg Kroah-Hartman
@ 2022-11-30 18:21 ` Greg Kroah-Hartman
2022-11-30 18:21 ` [PATCH 6.0 078/289] net: dsa: sja1105: disallow C45 transactions on the BASE-TX MDIO bus Greg Kroah-Hartman
` (221 subsequent siblings)
298 siblings, 0 replies; 305+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-30 18:21 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, David Howells, zdi-disclosures,
Marc Dionne, linux-afs, David S. Miller, Sasha Levin
From: David Howells <dhowells@redhat.com>
[ Upstream commit 3bcd6c7eaa53b56c3f584da46a1f7652e759d0e5 ]
After rxrpc_unbundle_conn() has removed a connection from a bundle, it
checks to see if there are any conns with available channels and, if not,
removes and attempts to destroy the bundle.
Whilst it does check after grabbing client_bundles_lock that there are no
connections attached, this races with rxrpc_look_up_bundle() retrieving the
bundle, but not attaching a connection for the connection to be attached
later.
There is therefore a window in which the bundle can get destroyed before we
manage to attach a new connection to it.
Fix this by adding an "active" counter to struct rxrpc_bundle:
(1) rxrpc_connect_call() obtains an active count by prepping/looking up a
bundle and ditches it before returning.
(2) If, during rxrpc_connect_call(), a connection is added to the bundle,
this obtains an active count, which is held until the connection is
discarded.
(3) rxrpc_deactivate_bundle() is created to drop an active count on a
bundle and destroy it when the active count reaches 0. The active
count is checked inside client_bundles_lock() to prevent a race with
rxrpc_look_up_bundle().
(4) rxrpc_unbundle_conn() then calls rxrpc_deactivate_bundle().
Fixes: 245500d853e9 ("rxrpc: Rewrite the client connection manager")
Reported-by: zdi-disclosures@trendmicro.com # ZDI-CAN-15975
Signed-off-by: David Howells <dhowells@redhat.com>
Tested-by: zdi-disclosures@trendmicro.com
cc: Marc Dionne <marc.dionne@auristor.com>
cc: linux-afs@lists.infradead.org
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
net/rxrpc/ar-internal.h | 1 +
net/rxrpc/conn_client.c | 38 +++++++++++++++++++++++---------------
2 files changed, 24 insertions(+), 15 deletions(-)
diff --git a/net/rxrpc/ar-internal.h b/net/rxrpc/ar-internal.h
index 62c70709d798..e0123efa2a62 100644
--- a/net/rxrpc/ar-internal.h
+++ b/net/rxrpc/ar-internal.h
@@ -399,6 +399,7 @@ enum rxrpc_conn_proto_state {
struct rxrpc_bundle {
struct rxrpc_conn_parameters params;
refcount_t ref;
+ atomic_t active; /* Number of active users */
unsigned int debug_id;
bool try_upgrade; /* True if the bundle is attempting upgrade */
bool alloc_conn; /* True if someone's getting a conn */
diff --git a/net/rxrpc/conn_client.c b/net/rxrpc/conn_client.c
index 3c9eeb5b750c..bdb335cb2d05 100644
--- a/net/rxrpc/conn_client.c
+++ b/net/rxrpc/conn_client.c
@@ -40,6 +40,8 @@ __read_mostly unsigned long rxrpc_conn_idle_client_fast_expiry = 2 * HZ;
DEFINE_IDR(rxrpc_client_conn_ids);
static DEFINE_SPINLOCK(rxrpc_conn_id_lock);
+static void rxrpc_deactivate_bundle(struct rxrpc_bundle *bundle);
+
/*
* Get a connection ID and epoch for a client connection from the global pool.
* The connection struct pointer is then recorded in the idr radix tree. The
@@ -123,6 +125,7 @@ static struct rxrpc_bundle *rxrpc_alloc_bundle(struct rxrpc_conn_parameters *cp,
bundle->params = *cp;
rxrpc_get_peer(bundle->params.peer);
refcount_set(&bundle->ref, 1);
+ atomic_set(&bundle->active, 1);
spin_lock_init(&bundle->channel_lock);
INIT_LIST_HEAD(&bundle->waiting_calls);
}
@@ -149,7 +152,7 @@ void rxrpc_put_bundle(struct rxrpc_bundle *bundle)
dead = __refcount_dec_and_test(&bundle->ref, &r);
- _debug("PUT B=%x %d", d, r);
+ _debug("PUT B=%x %d", d, r - 1);
if (dead)
rxrpc_free_bundle(bundle);
}
@@ -338,6 +341,7 @@ static struct rxrpc_bundle *rxrpc_look_up_bundle(struct rxrpc_conn_parameters *c
rxrpc_free_bundle(candidate);
found_bundle:
rxrpc_get_bundle(bundle);
+ atomic_inc(&bundle->active);
spin_unlock(&local->client_bundles_lock);
_leave(" = %u [found]", bundle->debug_id);
return bundle;
@@ -435,6 +439,7 @@ static void rxrpc_add_conn_to_bundle(struct rxrpc_bundle *bundle, gfp_t gfp)
if (old)
trace_rxrpc_client(old, -1, rxrpc_client_replace);
candidate->bundle_shift = shift;
+ atomic_inc(&bundle->active);
bundle->conns[i] = candidate;
for (j = 0; j < RXRPC_MAXCALLS; j++)
set_bit(shift + j, &bundle->avail_chans);
@@ -725,6 +730,7 @@ int rxrpc_connect_call(struct rxrpc_sock *rx,
smp_rmb();
out_put_bundle:
+ rxrpc_deactivate_bundle(bundle);
rxrpc_put_bundle(bundle);
out:
_leave(" = %d", ret);
@@ -900,9 +906,8 @@ void rxrpc_disconnect_client_call(struct rxrpc_bundle *bundle, struct rxrpc_call
static void rxrpc_unbundle_conn(struct rxrpc_connection *conn)
{
struct rxrpc_bundle *bundle = conn->bundle;
- struct rxrpc_local *local = bundle->params.local;
unsigned int bindex;
- bool need_drop = false, need_put = false;
+ bool need_drop = false;
int i;
_enter("C=%x", conn->debug_id);
@@ -921,15 +926,22 @@ static void rxrpc_unbundle_conn(struct rxrpc_connection *conn)
}
spin_unlock(&bundle->channel_lock);
- /* If there are no more connections, remove the bundle */
- if (!bundle->avail_chans) {
- _debug("maybe unbundle");
- spin_lock(&local->client_bundles_lock);
+ if (need_drop) {
+ rxrpc_deactivate_bundle(bundle);
+ rxrpc_put_connection(conn);
+ }
+}
- for (i = 0; i < ARRAY_SIZE(bundle->conns); i++)
- if (bundle->conns[i])
- break;
- if (i == ARRAY_SIZE(bundle->conns) && !bundle->params.exclusive) {
+/*
+ * Drop the active count on a bundle.
+ */
+static void rxrpc_deactivate_bundle(struct rxrpc_bundle *bundle)
+{
+ struct rxrpc_local *local = bundle->params.local;
+ bool need_put = false;
+
+ if (atomic_dec_and_lock(&bundle->active, &local->client_bundles_lock)) {
+ if (!bundle->params.exclusive) {
_debug("erase bundle");
rb_erase(&bundle->local_node, &local->client_bundles);
need_put = true;
@@ -939,10 +951,6 @@ static void rxrpc_unbundle_conn(struct rxrpc_connection *conn)
if (need_put)
rxrpc_put_bundle(bundle);
}
-
- if (need_drop)
- rxrpc_put_connection(conn);
- _leave("");
}
/*
--
2.35.1
^ permalink raw reply related [flat|nested] 305+ messages in thread
* [PATCH 6.0 078/289] net: dsa: sja1105: disallow C45 transactions on the BASE-TX MDIO bus
2022-11-30 18:19 [PATCH 6.0 000/289] 6.0.11-rc1 review Greg Kroah-Hartman
` (76 preceding siblings ...)
2022-11-30 18:21 ` [PATCH 6.0 077/289] rxrpc: Fix race between conn bundle lookup and bundle removal [ZDI-CAN-15975] Greg Kroah-Hartman
@ 2022-11-30 18:21 ` Greg Kroah-Hartman
2022-11-30 18:21 ` [PATCH 6.0 079/289] nfc/nci: fix race with opening and closing Greg Kroah-Hartman
` (220 subsequent siblings)
298 siblings, 0 replies; 305+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-30 18:21 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Vladimir Oltean, Andrew Lunn,
David S. Miller, Sasha Levin
From: Vladimir Oltean <vladimir.oltean@nxp.com>
[ Upstream commit 24deec6b9e4a051635f75777844ffc184644fec9 ]
You'd think people know that the internal 100BASE-TX PHY on the SJA1110
responds only to clause 22 MDIO transactions, but they don't :)
When a clause 45 transaction is attempted, sja1105_base_tx_mdio_read()
and sja1105_base_tx_mdio_write() don't expect "reg" to contain bit 30
set (MII_ADDR_C45) and pack this value into the SPI transaction buffer.
But the field in the SPI buffer has a width smaller than 30 bits, so we
see this confusing message from the packing() API rather than a proper
rejection of C45 transactions:
Call trace:
dump_stack+0x1c/0x38
sja1105_pack+0xbc/0xc0 [sja1105]
sja1105_xfer+0x114/0x2b0 [sja1105]
sja1105_xfer_u32+0x44/0xf4 [sja1105]
sja1105_base_tx_mdio_read+0x44/0x7c [sja1105]
mdiobus_read+0x44/0x80
get_phy_c45_ids+0x70/0x234
get_phy_device+0x68/0x15c
fwnode_mdiobus_register_phy+0x74/0x240
of_mdiobus_register+0x13c/0x380
sja1105_mdiobus_register+0x368/0x490 [sja1105]
sja1105_setup+0x94/0x119c [sja1105]
Cannot store 401d2405 inside bits 24-4 (would truncate)
Fixes: 5a8f09748ee7 ("net: dsa: sja1105: register the MDIO buses for 100base-T1 and 100base-TX")
Signed-off-by: Vladimir Oltean <vladimir.oltean@nxp.com>
Reviewed-by: Andrew Lunn <andrew@lunn.ch>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/dsa/sja1105/sja1105_mdio.c | 6 ++++++
1 file changed, 6 insertions(+)
diff --git a/drivers/net/dsa/sja1105/sja1105_mdio.c b/drivers/net/dsa/sja1105/sja1105_mdio.c
index 215dd17ca790..4059fcc8c832 100644
--- a/drivers/net/dsa/sja1105/sja1105_mdio.c
+++ b/drivers/net/dsa/sja1105/sja1105_mdio.c
@@ -256,6 +256,9 @@ static int sja1105_base_tx_mdio_read(struct mii_bus *bus, int phy, int reg)
u32 tmp;
int rc;
+ if (reg & MII_ADDR_C45)
+ return -EOPNOTSUPP;
+
rc = sja1105_xfer_u32(priv, SPI_READ, regs->mdio_100base_tx + reg,
&tmp, NULL);
if (rc < 0)
@@ -272,6 +275,9 @@ static int sja1105_base_tx_mdio_write(struct mii_bus *bus, int phy, int reg,
const struct sja1105_regs *regs = priv->info->regs;
u32 tmp = val;
+ if (reg & MII_ADDR_C45)
+ return -EOPNOTSUPP;
+
return sja1105_xfer_u32(priv, SPI_WRITE, regs->mdio_100base_tx + reg,
&tmp, NULL);
}
--
2.35.1
^ permalink raw reply related [flat|nested] 305+ messages in thread
* [PATCH 6.0 079/289] nfc/nci: fix race with opening and closing
2022-11-30 18:19 [PATCH 6.0 000/289] 6.0.11-rc1 review Greg Kroah-Hartman
` (77 preceding siblings ...)
2022-11-30 18:21 ` [PATCH 6.0 078/289] net: dsa: sja1105: disallow C45 transactions on the BASE-TX MDIO bus Greg Kroah-Hartman
@ 2022-11-30 18:21 ` Greg Kroah-Hartman
2022-11-30 18:21 ` [PATCH 6.0 080/289] net: pch_gbe: fix potential memleak in pch_gbe_tx_queue() Greg Kroah-Hartman
` (219 subsequent siblings)
298 siblings, 0 replies; 305+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-30 18:21 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, syzbot+43475bf3cfbd6e41f5b7, Lin Ma,
David S. Miller, Sasha Levin
From: Lin Ma <linma@zju.edu.cn>
[ Upstream commit 0ad6bded175e829c2ca261529c9dce39a32a042d ]
Previously we leverage NCI_UNREG and the lock inside nci_close_device to
prevent the race condition between opening a device and closing a
device. However, it still has problem because a failed opening command
will erase the NCI_UNREG flag and allow another opening command to
bypass the status checking.
This fix corrects that by making sure the NCI_UNREG is held.
Reported-by: syzbot+43475bf3cfbd6e41f5b7@syzkaller.appspotmail.com
Fixes: 48b71a9e66c2 ("NFC: add NCI_UNREG flag to eliminate the race")
Signed-off-by: Lin Ma <linma@zju.edu.cn>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
net/nfc/nci/core.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/net/nfc/nci/core.c b/net/nfc/nci/core.c
index 6a193cce2a75..4ffdf2f45c44 100644
--- a/net/nfc/nci/core.c
+++ b/net/nfc/nci/core.c
@@ -542,7 +542,7 @@ static int nci_open_device(struct nci_dev *ndev)
skb_queue_purge(&ndev->tx_q);
ndev->ops->close(ndev);
- ndev->flags = 0;
+ ndev->flags &= BIT(NCI_UNREG);
}
done:
--
2.35.1
^ permalink raw reply related [flat|nested] 305+ messages in thread
* [PATCH 6.0 080/289] net: pch_gbe: fix potential memleak in pch_gbe_tx_queue()
2022-11-30 18:19 [PATCH 6.0 000/289] 6.0.11-rc1 review Greg Kroah-Hartman
` (78 preceding siblings ...)
2022-11-30 18:21 ` [PATCH 6.0 079/289] nfc/nci: fix race with opening and closing Greg Kroah-Hartman
@ 2022-11-30 18:21 ` Greg Kroah-Hartman
2022-11-30 18:21 ` [PATCH 6.0 081/289] 9p/fd: fix issue of list_del corruption in p9_fd_cancel() Greg Kroah-Hartman
` (218 subsequent siblings)
298 siblings, 0 replies; 305+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-30 18:21 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Wang Hai, David S. Miller, Sasha Levin
From: Wang Hai <wanghai38@huawei.com>
[ Upstream commit 2360f9b8c4e81d242d4cbf99d630a2fffa681fab ]
In pch_gbe_xmit_frame(), NETDEV_TX_OK will be returned whether
pch_gbe_tx_queue() sends data successfully or not, so pch_gbe_tx_queue()
needs to free skb before returning. But pch_gbe_tx_queue() returns without
freeing skb in case of dma_map_single() fails. Add dev_kfree_skb_any()
to fix it.
Fixes: 77555ee72282 ("net: Add Gigabit Ethernet driver of Topcliff PCH")
Signed-off-by: Wang Hai <wanghai38@huawei.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/ethernet/oki-semi/pch_gbe/pch_gbe_main.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/drivers/net/ethernet/oki-semi/pch_gbe/pch_gbe_main.c b/drivers/net/ethernet/oki-semi/pch_gbe/pch_gbe_main.c
index 46da937ad27f..98792907a4c3 100644
--- a/drivers/net/ethernet/oki-semi/pch_gbe/pch_gbe_main.c
+++ b/drivers/net/ethernet/oki-semi/pch_gbe/pch_gbe_main.c
@@ -1143,6 +1143,7 @@ static void pch_gbe_tx_queue(struct pch_gbe_adapter *adapter,
buffer_info->dma = 0;
buffer_info->time_stamp = 0;
tx_ring->next_to_use = ring_num;
+ dev_kfree_skb_any(skb);
return;
}
buffer_info->mapped = true;
--
2.35.1
^ permalink raw reply related [flat|nested] 305+ messages in thread
* [PATCH 6.0 081/289] 9p/fd: fix issue of list_del corruption in p9_fd_cancel()
2022-11-30 18:19 [PATCH 6.0 000/289] 6.0.11-rc1 review Greg Kroah-Hartman
` (79 preceding siblings ...)
2022-11-30 18:21 ` [PATCH 6.0 080/289] net: pch_gbe: fix potential memleak in pch_gbe_tx_queue() Greg Kroah-Hartman
@ 2022-11-30 18:21 ` Greg Kroah-Hartman
2022-11-30 18:21 ` [PATCH 6.0 082/289] netfilter: conntrack: Fix data-races around ct mark Greg Kroah-Hartman
` (217 subsequent siblings)
298 siblings, 0 replies; 305+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-30 18:21 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, syzbot+9b69b8d10ab4a7d88056,
Zhengchao Shao, Dominique Martinet, Sasha Levin
From: Zhengchao Shao <shaozhengchao@huawei.com>
[ Upstream commit 11c10956515b8ec44cf4f2a7b9d8bf8b9dc05ec4 ]
Syz reported the following issue:
kernel BUG at lib/list_debug.c:53!
invalid opcode: 0000 [#1] PREEMPT SMP KASAN
RIP: 0010:__list_del_entry_valid.cold+0x5c/0x72
Call Trace:
<TASK>
p9_fd_cancel+0xb1/0x270
p9_client_rpc+0x8ea/0xba0
p9_client_create+0x9c0/0xed0
v9fs_session_init+0x1e0/0x1620
v9fs_mount+0xba/0xb80
legacy_get_tree+0x103/0x200
vfs_get_tree+0x89/0x2d0
path_mount+0x4c0/0x1ac0
__x64_sys_mount+0x33b/0x430
do_syscall_64+0x35/0x80
entry_SYSCALL_64_after_hwframe+0x46/0xb0
</TASK>
The process is as follows:
Thread A: Thread B:
p9_poll_workfn() p9_client_create()
... ...
p9_conn_cancel() p9_fd_cancel()
list_del() ...
... list_del() //list_del
corruption
There is no lock protection when deleting list in p9_conn_cancel(). After
deleting list in Thread A, thread B will delete the same list again. It
will cause issue of list_del corruption.
Setting req->status to REQ_STATUS_ERROR under lock prevents other
cleanup paths from trying to manipulate req_list.
The other thread can safely check req->status because it still holds a
reference to req at this point.
Link: https://lkml.kernel.org/r/20221110122606.383352-1-shaozhengchao@huawei.com
Fixes: 52f1c45dde91 ("9p: trans_fd/p9_conn_cancel: drop client lock earlier")
Reported-by: syzbot+9b69b8d10ab4a7d88056@syzkaller.appspotmail.com
Signed-off-by: Zhengchao Shao <shaozhengchao@huawei.com>
[Dominique: add description of the fix in commit message]
Signed-off-by: Dominique Martinet <asmadeus@codewreck.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
net/9p/trans_fd.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/net/9p/trans_fd.c b/net/9p/trans_fd.c
index 0191f22d1ec3..8487321c1fc7 100644
--- a/net/9p/trans_fd.c
+++ b/net/9p/trans_fd.c
@@ -202,9 +202,11 @@ static void p9_conn_cancel(struct p9_conn *m, int err)
list_for_each_entry_safe(req, rtmp, &m->req_list, req_list) {
list_move(&req->req_list, &cancel_list);
+ req->status = REQ_STATUS_ERROR;
}
list_for_each_entry_safe(req, rtmp, &m->unsent_req_list, req_list) {
list_move(&req->req_list, &cancel_list);
+ req->status = REQ_STATUS_ERROR;
}
spin_unlock(&m->req_lock);
--
2.35.1
^ permalink raw reply related [flat|nested] 305+ messages in thread
* [PATCH 6.0 082/289] netfilter: conntrack: Fix data-races around ct mark
2022-11-30 18:19 [PATCH 6.0 000/289] 6.0.11-rc1 review Greg Kroah-Hartman
` (80 preceding siblings ...)
2022-11-30 18:21 ` [PATCH 6.0 081/289] 9p/fd: fix issue of list_del corruption in p9_fd_cancel() Greg Kroah-Hartman
@ 2022-11-30 18:21 ` Greg Kroah-Hartman
2022-11-30 18:21 ` [PATCH 6.0 083/289] netfilter: nf_tables: do not set up extensions for end interval Greg Kroah-Hartman
` (216 subsequent siblings)
298 siblings, 0 replies; 305+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-30 18:21 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Daniel Xu, Pablo Neira Ayuso, Sasha Levin
From: Daniel Xu <dxu@dxuuu.xyz>
[ Upstream commit 52d1aa8b8249ff477aaa38b6f74a8ced780d079c ]
nf_conn:mark can be read from and written to in parallel. Use
READ_ONCE()/WRITE_ONCE() for reads and writes to prevent unwanted
compiler optimizations.
Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2")
Signed-off-by: Daniel Xu <dxu@dxuuu.xyz>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
net/core/flow_dissector.c | 2 +-
net/ipv4/netfilter/ipt_CLUSTERIP.c | 4 ++--
net/netfilter/nf_conntrack_core.c | 2 +-
net/netfilter/nf_conntrack_netlink.c | 24 ++++++++++++++----------
net/netfilter/nf_conntrack_standalone.c | 2 +-
net/netfilter/nft_ct.c | 6 +++---
net/netfilter/xt_connmark.c | 18 ++++++++++--------
net/openvswitch/conntrack.c | 8 ++++----
net/sched/act_connmark.c | 4 ++--
net/sched/act_ct.c | 8 ++++----
net/sched/act_ctinfo.c | 6 +++---
11 files changed, 45 insertions(+), 39 deletions(-)
diff --git a/net/core/flow_dissector.c b/net/core/flow_dissector.c
index 7105529abb0f..c433b1fb961a 100644
--- a/net/core/flow_dissector.c
+++ b/net/core/flow_dissector.c
@@ -272,7 +272,7 @@ skb_flow_dissect_ct(const struct sk_buff *skb,
key->ct_zone = ct->zone.id;
#endif
#if IS_ENABLED(CONFIG_NF_CONNTRACK_MARK)
- key->ct_mark = ct->mark;
+ key->ct_mark = READ_ONCE(ct->mark);
#endif
cl = nf_ct_labels_find(ct);
diff --git a/net/ipv4/netfilter/ipt_CLUSTERIP.c b/net/ipv4/netfilter/ipt_CLUSTERIP.c
index f8e176c77d1c..b3cc416ed292 100644
--- a/net/ipv4/netfilter/ipt_CLUSTERIP.c
+++ b/net/ipv4/netfilter/ipt_CLUSTERIP.c
@@ -435,7 +435,7 @@ clusterip_tg(struct sk_buff *skb, const struct xt_action_param *par)
switch (ctinfo) {
case IP_CT_NEW:
- ct->mark = hash;
+ WRITE_ONCE(ct->mark, hash);
break;
case IP_CT_RELATED:
case IP_CT_RELATED_REPLY:
@@ -452,7 +452,7 @@ clusterip_tg(struct sk_buff *skb, const struct xt_action_param *par)
#ifdef DEBUG
nf_ct_dump_tuple_ip(&ct->tuplehash[IP_CT_DIR_ORIGINAL].tuple);
#endif
- pr_debug("hash=%u ct_hash=%u ", hash, ct->mark);
+ pr_debug("hash=%u ct_hash=%u ", hash, READ_ONCE(ct->mark));
if (!clusterip_responsible(cipinfo->config, hash)) {
pr_debug("not responsible\n");
return NF_DROP;
diff --git a/net/netfilter/nf_conntrack_core.c b/net/netfilter/nf_conntrack_core.c
index 8f261cd5b3a5..60289c074eef 100644
--- a/net/netfilter/nf_conntrack_core.c
+++ b/net/netfilter/nf_conntrack_core.c
@@ -1781,7 +1781,7 @@ init_conntrack(struct net *net, struct nf_conn *tmpl,
}
#ifdef CONFIG_NF_CONNTRACK_MARK
- ct->mark = exp->master->mark;
+ ct->mark = READ_ONCE(exp->master->mark);
#endif
#ifdef CONFIG_NF_CONNTRACK_SECMARK
ct->secmark = exp->master->secmark;
diff --git a/net/netfilter/nf_conntrack_netlink.c b/net/netfilter/nf_conntrack_netlink.c
index 7562b215b932..d71150a40fb0 100644
--- a/net/netfilter/nf_conntrack_netlink.c
+++ b/net/netfilter/nf_conntrack_netlink.c
@@ -328,9 +328,9 @@ ctnetlink_dump_timestamp(struct sk_buff *skb, const struct nf_conn *ct)
}
#ifdef CONFIG_NF_CONNTRACK_MARK
-static int ctnetlink_dump_mark(struct sk_buff *skb, const struct nf_conn *ct)
+static int ctnetlink_dump_mark(struct sk_buff *skb, u32 mark)
{
- if (nla_put_be32(skb, CTA_MARK, htonl(ct->mark)))
+ if (nla_put_be32(skb, CTA_MARK, htonl(mark)))
goto nla_put_failure;
return 0;
@@ -543,7 +543,7 @@ static int ctnetlink_dump_extinfo(struct sk_buff *skb,
static int ctnetlink_dump_info(struct sk_buff *skb, struct nf_conn *ct)
{
if (ctnetlink_dump_status(skb, ct) < 0 ||
- ctnetlink_dump_mark(skb, ct) < 0 ||
+ ctnetlink_dump_mark(skb, READ_ONCE(ct->mark)) < 0 ||
ctnetlink_dump_secctx(skb, ct) < 0 ||
ctnetlink_dump_id(skb, ct) < 0 ||
ctnetlink_dump_use(skb, ct) < 0 ||
@@ -722,6 +722,7 @@ ctnetlink_conntrack_event(unsigned int events, const struct nf_ct_event *item)
struct sk_buff *skb;
unsigned int type;
unsigned int flags = 0, group;
+ u32 mark;
int err;
if (events & (1 << IPCT_DESTROY)) {
@@ -826,8 +827,9 @@ ctnetlink_conntrack_event(unsigned int events, const struct nf_ct_event *item)
}
#ifdef CONFIG_NF_CONNTRACK_MARK
- if ((events & (1 << IPCT_MARK) || ct->mark)
- && ctnetlink_dump_mark(skb, ct) < 0)
+ mark = READ_ONCE(ct->mark);
+ if ((events & (1 << IPCT_MARK) || mark) &&
+ ctnetlink_dump_mark(skb, mark) < 0)
goto nla_put_failure;
#endif
nlmsg_end(skb, nlh);
@@ -1154,7 +1156,7 @@ static int ctnetlink_filter_match(struct nf_conn *ct, void *data)
}
#ifdef CONFIG_NF_CONNTRACK_MARK
- if ((ct->mark & filter->mark.mask) != filter->mark.val)
+ if ((READ_ONCE(ct->mark) & filter->mark.mask) != filter->mark.val)
goto ignore_entry;
#endif
status = (u32)READ_ONCE(ct->status);
@@ -2002,9 +2004,9 @@ static void ctnetlink_change_mark(struct nf_conn *ct,
mask = ~ntohl(nla_get_be32(cda[CTA_MARK_MASK]));
mark = ntohl(nla_get_be32(cda[CTA_MARK]));
- newmark = (ct->mark & mask) ^ mark;
- if (newmark != ct->mark)
- ct->mark = newmark;
+ newmark = (READ_ONCE(ct->mark) & mask) ^ mark;
+ if (newmark != READ_ONCE(ct->mark))
+ WRITE_ONCE(ct->mark, newmark);
}
#endif
@@ -2669,6 +2671,7 @@ static int __ctnetlink_glue_build(struct sk_buff *skb, struct nf_conn *ct)
{
const struct nf_conntrack_zone *zone;
struct nlattr *nest_parms;
+ u32 mark;
zone = nf_ct_zone(ct);
@@ -2730,7 +2733,8 @@ static int __ctnetlink_glue_build(struct sk_buff *skb, struct nf_conn *ct)
goto nla_put_failure;
#ifdef CONFIG_NF_CONNTRACK_MARK
- if (ct->mark && ctnetlink_dump_mark(skb, ct) < 0)
+ mark = READ_ONCE(ct->mark);
+ if (mark && ctnetlink_dump_mark(skb, mark) < 0)
goto nla_put_failure;
#endif
if (ctnetlink_dump_labels(skb, ct) < 0)
diff --git a/net/netfilter/nf_conntrack_standalone.c b/net/netfilter/nf_conntrack_standalone.c
index 4ffe84c5a82c..bca839ab1ae8 100644
--- a/net/netfilter/nf_conntrack_standalone.c
+++ b/net/netfilter/nf_conntrack_standalone.c
@@ -366,7 +366,7 @@ static int ct_seq_show(struct seq_file *s, void *v)
goto release;
#if defined(CONFIG_NF_CONNTRACK_MARK)
- seq_printf(s, "mark=%u ", ct->mark);
+ seq_printf(s, "mark=%u ", READ_ONCE(ct->mark));
#endif
ct_show_secctx(s, ct);
diff --git a/net/netfilter/nft_ct.c b/net/netfilter/nft_ct.c
index a3f01f209a53..641dc21f92b4 100644
--- a/net/netfilter/nft_ct.c
+++ b/net/netfilter/nft_ct.c
@@ -98,7 +98,7 @@ static void nft_ct_get_eval(const struct nft_expr *expr,
return;
#ifdef CONFIG_NF_CONNTRACK_MARK
case NFT_CT_MARK:
- *dest = ct->mark;
+ *dest = READ_ONCE(ct->mark);
return;
#endif
#ifdef CONFIG_NF_CONNTRACK_SECMARK
@@ -297,8 +297,8 @@ static void nft_ct_set_eval(const struct nft_expr *expr,
switch (priv->key) {
#ifdef CONFIG_NF_CONNTRACK_MARK
case NFT_CT_MARK:
- if (ct->mark != value) {
- ct->mark = value;
+ if (READ_ONCE(ct->mark) != value) {
+ WRITE_ONCE(ct->mark, value);
nf_conntrack_event_cache(IPCT_MARK, ct);
}
break;
diff --git a/net/netfilter/xt_connmark.c b/net/netfilter/xt_connmark.c
index e5ebc0810675..ad3c033db64e 100644
--- a/net/netfilter/xt_connmark.c
+++ b/net/netfilter/xt_connmark.c
@@ -30,6 +30,7 @@ connmark_tg_shift(struct sk_buff *skb, const struct xt_connmark_tginfo2 *info)
u_int32_t new_targetmark;
struct nf_conn *ct;
u_int32_t newmark;
+ u_int32_t oldmark;
ct = nf_ct_get(skb, &ctinfo);
if (ct == NULL)
@@ -37,14 +38,15 @@ connmark_tg_shift(struct sk_buff *skb, const struct xt_connmark_tginfo2 *info)
switch (info->mode) {
case XT_CONNMARK_SET:
- newmark = (ct->mark & ~info->ctmask) ^ info->ctmark;
+ oldmark = READ_ONCE(ct->mark);
+ newmark = (oldmark & ~info->ctmask) ^ info->ctmark;
if (info->shift_dir == D_SHIFT_RIGHT)
newmark >>= info->shift_bits;
else
newmark <<= info->shift_bits;
- if (ct->mark != newmark) {
- ct->mark = newmark;
+ if (READ_ONCE(ct->mark) != newmark) {
+ WRITE_ONCE(ct->mark, newmark);
nf_conntrack_event_cache(IPCT_MARK, ct);
}
break;
@@ -55,15 +57,15 @@ connmark_tg_shift(struct sk_buff *skb, const struct xt_connmark_tginfo2 *info)
else
new_targetmark <<= info->shift_bits;
- newmark = (ct->mark & ~info->ctmask) ^
+ newmark = (READ_ONCE(ct->mark) & ~info->ctmask) ^
new_targetmark;
- if (ct->mark != newmark) {
- ct->mark = newmark;
+ if (READ_ONCE(ct->mark) != newmark) {
+ WRITE_ONCE(ct->mark, newmark);
nf_conntrack_event_cache(IPCT_MARK, ct);
}
break;
case XT_CONNMARK_RESTORE:
- new_targetmark = (ct->mark & info->ctmask);
+ new_targetmark = (READ_ONCE(ct->mark) & info->ctmask);
if (info->shift_dir == D_SHIFT_RIGHT)
new_targetmark >>= info->shift_bits;
else
@@ -126,7 +128,7 @@ connmark_mt(const struct sk_buff *skb, struct xt_action_param *par)
if (ct == NULL)
return false;
- return ((ct->mark & info->mask) == info->mark) ^ info->invert;
+ return ((READ_ONCE(ct->mark) & info->mask) == info->mark) ^ info->invert;
}
static int connmark_mt_check(const struct xt_mtchk_param *par)
diff --git a/net/openvswitch/conntrack.c b/net/openvswitch/conntrack.c
index 4e70df91d0f2..fc5b374fe568 100644
--- a/net/openvswitch/conntrack.c
+++ b/net/openvswitch/conntrack.c
@@ -152,7 +152,7 @@ static u8 ovs_ct_get_state(enum ip_conntrack_info ctinfo)
static u32 ovs_ct_get_mark(const struct nf_conn *ct)
{
#if IS_ENABLED(CONFIG_NF_CONNTRACK_MARK)
- return ct ? ct->mark : 0;
+ return ct ? READ_ONCE(ct->mark) : 0;
#else
return 0;
#endif
@@ -340,9 +340,9 @@ static int ovs_ct_set_mark(struct nf_conn *ct, struct sw_flow_key *key,
#if IS_ENABLED(CONFIG_NF_CONNTRACK_MARK)
u32 new_mark;
- new_mark = ct_mark | (ct->mark & ~(mask));
- if (ct->mark != new_mark) {
- ct->mark = new_mark;
+ new_mark = ct_mark | (READ_ONCE(ct->mark) & ~(mask));
+ if (READ_ONCE(ct->mark) != new_mark) {
+ WRITE_ONCE(ct->mark, new_mark);
if (nf_ct_is_confirmed(ct))
nf_conntrack_event_cache(IPCT_MARK, ct);
key->ct.mark = new_mark;
diff --git a/net/sched/act_connmark.c b/net/sched/act_connmark.c
index 09e2aafc8943..0deb4e96a6c2 100644
--- a/net/sched/act_connmark.c
+++ b/net/sched/act_connmark.c
@@ -62,7 +62,7 @@ static int tcf_connmark_act(struct sk_buff *skb, const struct tc_action *a,
c = nf_ct_get(skb, &ctinfo);
if (c) {
- skb->mark = c->mark;
+ skb->mark = READ_ONCE(c->mark);
/* using overlimits stats to count how many packets marked */
ca->tcf_qstats.overlimits++;
goto out;
@@ -82,7 +82,7 @@ static int tcf_connmark_act(struct sk_buff *skb, const struct tc_action *a,
c = nf_ct_tuplehash_to_ctrack(thash);
/* using overlimits stats to count how many packets marked */
ca->tcf_qstats.overlimits++;
- skb->mark = c->mark;
+ skb->mark = READ_ONCE(c->mark);
nf_ct_put(c);
out:
diff --git a/net/sched/act_ct.c b/net/sched/act_ct.c
index 5950974ae8f6..a015915e5b72 100644
--- a/net/sched/act_ct.c
+++ b/net/sched/act_ct.c
@@ -178,7 +178,7 @@ static void tcf_ct_flow_table_add_action_meta(struct nf_conn *ct,
entry = tcf_ct_flow_table_flow_action_get_next(action);
entry->id = FLOW_ACTION_CT_METADATA;
#if IS_ENABLED(CONFIG_NF_CONNTRACK_MARK)
- entry->ct_metadata.mark = ct->mark;
+ entry->ct_metadata.mark = READ_ONCE(ct->mark);
#endif
ctinfo = dir == IP_CT_DIR_ORIGINAL ? IP_CT_ESTABLISHED :
IP_CT_ESTABLISHED_REPLY;
@@ -940,9 +940,9 @@ static void tcf_ct_act_set_mark(struct nf_conn *ct, u32 mark, u32 mask)
if (!mask)
return;
- new_mark = mark | (ct->mark & ~(mask));
- if (ct->mark != new_mark) {
- ct->mark = new_mark;
+ new_mark = mark | (READ_ONCE(ct->mark) & ~(mask));
+ if (READ_ONCE(ct->mark) != new_mark) {
+ WRITE_ONCE(ct->mark, new_mark);
if (nf_ct_is_confirmed(ct))
nf_conntrack_event_cache(IPCT_MARK, ct);
}
diff --git a/net/sched/act_ctinfo.c b/net/sched/act_ctinfo.c
index 0281e45987a4..65a20f3c9514 100644
--- a/net/sched/act_ctinfo.c
+++ b/net/sched/act_ctinfo.c
@@ -33,7 +33,7 @@ static void tcf_ctinfo_dscp_set(struct nf_conn *ct, struct tcf_ctinfo *ca,
{
u8 dscp, newdscp;
- newdscp = (((ct->mark & cp->dscpmask) >> cp->dscpmaskshift) << 2) &
+ newdscp = (((READ_ONCE(ct->mark) & cp->dscpmask) >> cp->dscpmaskshift) << 2) &
~INET_ECN_MASK;
switch (proto) {
@@ -73,7 +73,7 @@ static void tcf_ctinfo_cpmark_set(struct nf_conn *ct, struct tcf_ctinfo *ca,
struct sk_buff *skb)
{
ca->stats_cpmark_set++;
- skb->mark = ct->mark & cp->cpmarkmask;
+ skb->mark = READ_ONCE(ct->mark) & cp->cpmarkmask;
}
static int tcf_ctinfo_act(struct sk_buff *skb, const struct tc_action *a,
@@ -131,7 +131,7 @@ static int tcf_ctinfo_act(struct sk_buff *skb, const struct tc_action *a,
}
if (cp->mode & CTINFO_MODE_DSCP)
- if (!cp->dscpstatemask || (ct->mark & cp->dscpstatemask))
+ if (!cp->dscpstatemask || (READ_ONCE(ct->mark) & cp->dscpstatemask))
tcf_ctinfo_dscp_set(ct, ca, cp, skb, wlen, proto);
if (cp->mode & CTINFO_MODE_CPMARK)
--
2.35.1
^ permalink raw reply related [flat|nested] 305+ messages in thread
* [PATCH 6.0 083/289] netfilter: nf_tables: do not set up extensions for end interval
2022-11-30 18:19 [PATCH 6.0 000/289] 6.0.11-rc1 review Greg Kroah-Hartman
` (81 preceding siblings ...)
2022-11-30 18:21 ` [PATCH 6.0 082/289] netfilter: conntrack: Fix data-races around ct mark Greg Kroah-Hartman
@ 2022-11-30 18:21 ` Greg Kroah-Hartman
2022-11-30 18:21 ` [PATCH 6.0 084/289] iavf: Fix a crash during reset task Greg Kroah-Hartman
` (215 subsequent siblings)
298 siblings, 0 replies; 305+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-30 18:21 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Pablo Neira Ayuso, Sasha Levin
From: Pablo Neira Ayuso <pablo@netfilter.org>
[ Upstream commit 33c7aba0b4ffd6d7cdab862a034eb582a5120a38 ]
Elements with an end interval flag set on do not store extensions. The
global set definition is currently setting on the timeout and stateful
expression for end interval elements.
This leads to skipping end interval elements from the set->ops->walk()
path as the expired check bogusly reports true.
Moreover, do not set up stateful expressions for elements with end
interval flag set on since this is never used.
Fixes: 65038428b2c6 ("netfilter: nf_tables: allow to specify stateful expression in set definition")
Fixes: 8d8540c4f5e0 ("netfilter: nft_set_rbtree: add timeout support")
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
net/netfilter/nf_tables_api.c | 6 ++++--
1 file changed, 4 insertions(+), 2 deletions(-)
diff --git a/net/netfilter/nf_tables_api.c b/net/netfilter/nf_tables_api.c
index 42e370575c30..0a6f3c1e9ab7 100644
--- a/net/netfilter/nf_tables_api.c
+++ b/net/netfilter/nf_tables_api.c
@@ -5958,7 +5958,8 @@ static int nft_add_set_elem(struct nft_ctx *ctx, struct nft_set *set,
&timeout);
if (err)
return err;
- } else if (set->flags & NFT_SET_TIMEOUT) {
+ } else if (set->flags & NFT_SET_TIMEOUT &&
+ !(flags & NFT_SET_ELEM_INTERVAL_END)) {
timeout = set->timeout;
}
@@ -6024,7 +6025,8 @@ static int nft_add_set_elem(struct nft_ctx *ctx, struct nft_set *set,
err = -EOPNOTSUPP;
goto err_set_elem_expr;
}
- } else if (set->num_exprs > 0) {
+ } else if (set->num_exprs > 0 &&
+ !(flags & NFT_SET_ELEM_INTERVAL_END)) {
err = nft_set_elem_expr_clone(ctx, set, expr_array);
if (err < 0)
goto err_set_elem_expr_clone;
--
2.35.1
^ permalink raw reply related [flat|nested] 305+ messages in thread
* [PATCH 6.0 084/289] iavf: Fix a crash during reset task
2022-11-30 18:19 [PATCH 6.0 000/289] 6.0.11-rc1 review Greg Kroah-Hartman
` (82 preceding siblings ...)
2022-11-30 18:21 ` [PATCH 6.0 083/289] netfilter: nf_tables: do not set up extensions for end interval Greg Kroah-Hartman
@ 2022-11-30 18:21 ` Greg Kroah-Hartman
2022-11-30 18:21 ` [PATCH 6.0 085/289] iavf: Do not restart Tx queues after reset task failure Greg Kroah-Hartman
` (214 subsequent siblings)
298 siblings, 0 replies; 305+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-30 18:21 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Jacob Keller, Patryk Piotrowski,
SlawomirX Laba, Ivan Vecera, Konrad Jankowski, Tony Nguyen,
Sasha Levin
From: Ivan Vecera <ivecera@redhat.com>
[ Upstream commit c678669d6b13b77de3b99b97526aaf23c3088d0a ]
Recent commit aa626da947e9 ("iavf: Detach device during reset task")
removed netif_tx_stop_all_queues() with an assumption that Tx queues
are already stopped by netif_device_detach() in the beginning of
reset task. This assumption is incorrect because during reset
task a potential link event can start Tx queues again.
Revert this change to fix this issue.
Reproducer:
1. Run some Tx traffic (e.g. iperf3) over iavf interface
2. Switch MTU of this interface in a loop
[root@host ~]# cat repro.sh
IF=enp2s0f0v0
iperf3 -c 192.168.0.1 -t 600 --logfile /dev/null &
sleep 2
while :; do
for i in 1280 1500 2000 900 ; do
ip link set $IF mtu $i
sleep 2
done
done
[root@host ~]# ./repro.sh
Result:
[ 306.199917] iavf 0000:02:02.0 enp2s0f0v0: NIC Link is Up Speed is 40 Gbps Full Duplex
[ 308.205944] iavf 0000:02:02.0 enp2s0f0v0: NIC Link is Up Speed is 40 Gbps Full Duplex
[ 310.103223] BUG: kernel NULL pointer dereference, address: 0000000000000008
[ 310.110179] #PF: supervisor write access in kernel mode
[ 310.115396] #PF: error_code(0x0002) - not-present page
[ 310.120526] PGD 0 P4D 0
[ 310.123057] Oops: 0002 [#1] PREEMPT SMP NOPTI
[ 310.127408] CPU: 24 PID: 183 Comm: kworker/u64:9 Kdump: loaded Not tainted 6.1.0-rc3+ #2
[ 310.135485] Hardware name: Abacus electric, s.r.o. - servis@abacus.cz Super Server/H12SSW-iN, BIOS 2.4 04/13/2022
[ 310.145728] Workqueue: iavf iavf_reset_task [iavf]
[ 310.150520] RIP: 0010:iavf_xmit_frame_ring+0xd1/0xf70 [iavf]
[ 310.156180] Code: d0 0f 86 da 00 00 00 83 e8 01 0f b7 fa 29 f8 01 c8 39 c6 0f 8f a0 08 00 00 48 8b 45 20 48 8d 14 92 bf 01 00 00 00 4c 8d 3c d0 <49> 89 5f 08 8b 43 70 66 41 89 7f 14 41 89 47 10 f6 83 82 00 00 00
[ 310.174918] RSP: 0018:ffffbb5f0082caa0 EFLAGS: 00010293
[ 310.180137] RAX: 0000000000000000 RBX: ffff92345471a6e8 RCX: 0000000000000200
[ 310.187259] RDX: 0000000000000000 RSI: 000000000000000d RDI: 0000000000000001
[ 310.194385] RBP: ffff92341d249000 R08: ffff92434987fcac R09: 0000000000000001
[ 310.201509] R10: 0000000011f683b9 R11: 0000000011f50641 R12: 0000000000000008
[ 310.208631] R13: ffff923447500000 R14: 0000000000000000 R15: 0000000000000000
[ 310.215756] FS: 0000000000000000(0000) GS:ffff92434ee00000(0000) knlGS:0000000000000000
[ 310.223835] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 310.229572] CR2: 0000000000000008 CR3: 0000000fbc210004 CR4: 0000000000770ee0
[ 310.236696] PKRU: 55555554
[ 310.239399] Call Trace:
[ 310.241844] <IRQ>
[ 310.243855] ? dst_alloc+0x5b/0xb0
[ 310.247260] dev_hard_start_xmit+0x9e/0x1f0
[ 310.251439] sch_direct_xmit+0xa0/0x370
[ 310.255276] __qdisc_run+0x13e/0x580
[ 310.258848] __dev_queue_xmit+0x431/0xd00
[ 310.262851] ? selinux_ip_postroute+0x147/0x3f0
[ 310.267377] ip_finish_output2+0x26c/0x540
Fixes: aa626da947e9 ("iavf: Detach device during reset task")
Cc: Jacob Keller <jacob.e.keller@intel.com>
Cc: Patryk Piotrowski <patryk.piotrowski@intel.com>
Cc: SlawomirX Laba <slawomirx.laba@intel.com>
Signed-off-by: Ivan Vecera <ivecera@redhat.com>
Tested-by: Konrad Jankowski <konrad0.jankowski@intel.com>
Signed-off-by: Tony Nguyen <anthony.l.nguyen@intel.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/ethernet/intel/iavf/iavf_main.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/drivers/net/ethernet/intel/iavf/iavf_main.c b/drivers/net/ethernet/intel/iavf/iavf_main.c
index 79fef8c59d65..7d349ca708c7 100644
--- a/drivers/net/ethernet/intel/iavf/iavf_main.c
+++ b/drivers/net/ethernet/intel/iavf/iavf_main.c
@@ -3033,6 +3033,7 @@ static void iavf_reset_task(struct work_struct *work)
if (running) {
netif_carrier_off(netdev);
+ netif_tx_stop_all_queues(netdev);
adapter->link_up = false;
iavf_napi_disable_all(adapter);
}
--
2.35.1
^ permalink raw reply related [flat|nested] 305+ messages in thread
* [PATCH 6.0 085/289] iavf: Do not restart Tx queues after reset task failure
2022-11-30 18:19 [PATCH 6.0 000/289] 6.0.11-rc1 review Greg Kroah-Hartman
` (83 preceding siblings ...)
2022-11-30 18:21 ` [PATCH 6.0 084/289] iavf: Fix a crash during reset task Greg Kroah-Hartman
@ 2022-11-30 18:21 ` Greg Kroah-Hartman
2022-11-30 18:21 ` [PATCH 6.0 086/289] iavf: remove INITIAL_MAC_SET to allow gARP to work properly Greg Kroah-Hartman
` (213 subsequent siblings)
298 siblings, 0 replies; 305+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-30 18:21 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Jacob Keller, Patryk Piotrowski,
SlawomirX Laba, Ivan Vecera, Leon Romanovsky, Konrad Jankowski,
Tony Nguyen, Sasha Levin
From: Ivan Vecera <ivecera@redhat.com>
[ Upstream commit 08f1c147b7265245d67321585c68a27e990e0c4b ]
After commit aa626da947e9 ("iavf: Detach device during reset task")
the device is detached during reset task and re-attached at its end.
The problem occurs when reset task fails because Tx queues are
restarted during device re-attach and this leads later to a crash.
To resolve this issue properly close the net device in cause of
failure in reset task to avoid restarting of tx queues at the end.
Also replace the hacky manipulation with IFF_UP flag by device close
that clears properly both IFF_UP and __LINK_STATE_START flags.
In these case iavf_close() does not do anything because the adapter
state is already __IAVF_DOWN.
Reproducer:
1) Run some Tx traffic (e.g. iperf3) over iavf interface
2) Set VF trusted / untrusted in loop
[root@host ~]# cat repro.sh
PF=enp65s0f0
IF=${PF}v0
ip link set up $IF
ip addr add 192.168.0.2/24 dev $IF
sleep 1
iperf3 -c 192.168.0.1 -t 600 --logfile /dev/null &
sleep 2
while :; do
ip link set $PF vf 0 trust on
ip link set $PF vf 0 trust off
done
[root@host ~]# ./repro.sh
Result:
[ 2006.650969] iavf 0000:41:01.0: Failed to init adminq: -53
[ 2006.675662] ice 0000:41:00.0: VF 0 is now trusted
[ 2006.689997] iavf 0000:41:01.0: Reset task did not complete, VF disabled
[ 2006.696611] iavf 0000:41:01.0: failed to allocate resources during reinit
[ 2006.703209] ice 0000:41:00.0: VF 0 is now untrusted
[ 2006.737011] ice 0000:41:00.0: VF 0 is now trusted
[ 2006.764536] ice 0000:41:00.0: VF 0 is now untrusted
[ 2006.768919] BUG: kernel NULL pointer dereference, address: 0000000000000b4a
[ 2006.776358] #PF: supervisor read access in kernel mode
[ 2006.781488] #PF: error_code(0x0000) - not-present page
[ 2006.786620] PGD 0 P4D 0
[ 2006.789152] Oops: 0000 [#1] PREEMPT SMP NOPTI
[ 2006.792903] ice 0000:41:00.0: VF 0 is now trusted
[ 2006.793501] CPU: 4 PID: 0 Comm: swapper/4 Kdump: loaded Not tainted 6.1.0-rc3+ #2
[ 2006.805668] Hardware name: Abacus electric, s.r.o. - servis@abacus.cz Super Server/H12SSW-iN, BIOS 2.4 04/13/2022
[ 2006.815915] RIP: 0010:iavf_xmit_frame_ring+0x96/0xf70 [iavf]
[ 2006.821028] ice 0000:41:00.0: VF 0 is now untrusted
[ 2006.821572] Code: 48 83 c1 04 48 c1 e1 04 48 01 f9 48 83 c0 10 6b 50 f8 55 c1 ea 14 45 8d 64 14 01 48 39 c8 75 eb 41 83 fc 07 0f 8f e9 08 00 00 <0f> b7 45 4a 0f b7 55 48 41 8d 74 24 05 31 c9 66 39 d0 0f 86 da 00
[ 2006.845181] RSP: 0018:ffffb253004bc9e8 EFLAGS: 00010293
[ 2006.850397] RAX: ffff9d154de45b00 RBX: ffff9d15497d52e8 RCX: ffff9d154de45b00
[ 2006.856327] ice 0000:41:00.0: VF 0 is now trusted
[ 2006.857523] RDX: 0000000000000000 RSI: 00000000000005a8 RDI: ffff9d154de45ac0
[ 2006.857525] RBP: 0000000000000b00 R08: ffff9d159cb010ac R09: 0000000000000001
[ 2006.857526] R10: ffff9d154de45940 R11: 0000000000000000 R12: 0000000000000002
[ 2006.883600] R13: ffff9d1770838dc0 R14: 0000000000000000 R15: ffffffffc07b8380
[ 2006.885840] ice 0000:41:00.0: VF 0 is now untrusted
[ 2006.890725] FS: 0000000000000000(0000) GS:ffff9d248e900000(0000) knlGS:0000000000000000
[ 2006.890727] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 2006.909419] CR2: 0000000000000b4a CR3: 0000000c39c10002 CR4: 0000000000770ee0
[ 2006.916543] PKRU: 55555554
[ 2006.918254] ice 0000:41:00.0: VF 0 is now trusted
[ 2006.919248] Call Trace:
[ 2006.919250] <IRQ>
[ 2006.919252] dev_hard_start_xmit+0x9e/0x1f0
[ 2006.932587] sch_direct_xmit+0xa0/0x370
[ 2006.936424] __dev_queue_xmit+0x7af/0xd00
[ 2006.940429] ip_finish_output2+0x26c/0x540
[ 2006.944519] ip_output+0x71/0x110
[ 2006.947831] ? __ip_finish_output+0x2b0/0x2b0
[ 2006.952180] __ip_queue_xmit+0x16d/0x400
[ 2006.952721] ice 0000:41:00.0: VF 0 is now untrusted
[ 2006.956098] __tcp_transmit_skb+0xa96/0xbf0
[ 2006.965148] __tcp_retransmit_skb+0x174/0x860
[ 2006.969499] ? cubictcp_cwnd_event+0x40/0x40
[ 2006.973769] tcp_retransmit_skb+0x14/0xb0
...
Fixes: aa626da947e9 ("iavf: Detach device during reset task")
Cc: Jacob Keller <jacob.e.keller@intel.com>
Cc: Patryk Piotrowski <patryk.piotrowski@intel.com>
Cc: SlawomirX Laba <slawomirx.laba@intel.com>
Signed-off-by: Ivan Vecera <ivecera@redhat.com>
Reviewed-by: Jacob Keller <jacob.e.keller@intel.com>
Reviewed-by: Leon Romanovsky <leonro@nvidia.com>
Tested-by: Konrad Jankowski <konrad0.jankowski@intel.com>
Signed-off-by: Tony Nguyen <anthony.l.nguyen@intel.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/ethernet/intel/iavf/iavf_main.c | 16 +++++++++++++++-
1 file changed, 15 insertions(+), 1 deletion(-)
diff --git a/drivers/net/ethernet/intel/iavf/iavf_main.c b/drivers/net/ethernet/intel/iavf/iavf_main.c
index 7d349ca708c7..f59b725785eb 100644
--- a/drivers/net/ethernet/intel/iavf/iavf_main.c
+++ b/drivers/net/ethernet/intel/iavf/iavf_main.c
@@ -2921,7 +2921,6 @@ static void iavf_disable_vf(struct iavf_adapter *adapter)
iavf_free_queues(adapter);
memset(adapter->vf_res, 0, IAVF_VIRTCHNL_VF_RESOURCE_SIZE);
iavf_shutdown_adminq(&adapter->hw);
- adapter->netdev->flags &= ~IFF_UP;
adapter->flags &= ~IAVF_FLAG_RESET_PENDING;
iavf_change_state(adapter, __IAVF_DOWN);
wake_up(&adapter->down_waitqueue);
@@ -3021,6 +3020,11 @@ static void iavf_reset_task(struct work_struct *work)
iavf_disable_vf(adapter);
mutex_unlock(&adapter->client_lock);
mutex_unlock(&adapter->crit_lock);
+ if (netif_running(netdev)) {
+ rtnl_lock();
+ dev_close(netdev);
+ rtnl_unlock();
+ }
return; /* Do not attempt to reinit. It's dead, Jim. */
}
@@ -3173,6 +3177,16 @@ static void iavf_reset_task(struct work_struct *work)
mutex_unlock(&adapter->client_lock);
mutex_unlock(&adapter->crit_lock);
+
+ if (netif_running(netdev)) {
+ /* Close device to ensure that Tx queues will not be started
+ * during netif_device_attach() at the end of the reset task.
+ */
+ rtnl_lock();
+ dev_close(netdev);
+ rtnl_unlock();
+ }
+
dev_err(&adapter->pdev->dev, "failed to allocate resources during reinit\n");
reset_finish:
rtnl_lock();
--
2.35.1
^ permalink raw reply related [flat|nested] 305+ messages in thread
* [PATCH 6.0 086/289] iavf: remove INITIAL_MAC_SET to allow gARP to work properly
2022-11-30 18:19 [PATCH 6.0 000/289] 6.0.11-rc1 review Greg Kroah-Hartman
` (84 preceding siblings ...)
2022-11-30 18:21 ` [PATCH 6.0 085/289] iavf: Do not restart Tx queues after reset task failure Greg Kroah-Hartman
@ 2022-11-30 18:21 ` Greg Kroah-Hartman
2022-11-30 18:21 ` [PATCH 6.0 087/289] iavf: Fix race condition between iavf_shutdown and iavf_remove Greg Kroah-Hartman
` (212 subsequent siblings)
298 siblings, 0 replies; 305+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-30 18:21 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Stefan Assmann, Konrad Jankowski,
Tony Nguyen, Sasha Levin
From: Stefan Assmann <sassmann@kpanic.de>
[ Upstream commit bb861c14f1b8cb9cbf03a132db7f22ec4e692b91 ]
IAVF_FLAG_INITIAL_MAC_SET prevents waiting on iavf_is_mac_set_handled()
the first time the MAC is set. This breaks gratuitous ARP because the
MAC address has not been updated yet when the gARP packet is sent out.
Current behaviour:
$ echo 1 > /sys/class/net/ens4f0/device/sriov_numvfs
iavf 0000:88:02.0: MAC address: ee:04:19:14:ec:ea
$ ip addr add 192.168.1.1/24 dev ens4f0v0
$ ip link set dev ens4f0v0 up
$ echo 1 > /proc/sys/net/ipv4/conf/ens4f0v0/arp_notify
$ ip link set ens4f0v0 addr 00:11:22:33:44:55
07:23:41.676611 ee:04:19:14:ec:ea > ff:ff:ff:ff:ff:ff, ethertype ARP (0x0806), length 42: Request who-has 192.168.1.1 tell 192.168.1.1, length 28
With IAVF_FLAG_INITIAL_MAC_SET removed:
$ echo 1 > /sys/class/net/ens4f0/device/sriov_numvfs
iavf 0000:88:02.0: MAC address: 3e:8a:16:a2:37:6d
$ ip addr add 192.168.1.1/24 dev ens4f0v0
$ ip link set dev ens4f0v0 up
$ echo 1 > /proc/sys/net/ipv4/conf/ens4f0v0/arp_notify
$ ip link set ens4f0v0 addr 00:11:22:33:44:55
07:28:01.836608 00:11:22:33:44:55 > ff:ff:ff:ff:ff:ff, ethertype ARP (0x0806), length 42: Request who-has 192.168.1.1 tell 192.168.1.1, length 28
Fixes: 35a2443d0910 ("iavf: Add waiting for response from PF in set mac")
Signed-off-by: Stefan Assmann <sassmann@kpanic.de>
Tested-by: Konrad Jankowski <konrad0.jankowski@intel.com>
Signed-off-by: Tony Nguyen <anthony.l.nguyen@intel.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/ethernet/intel/iavf/iavf.h | 1 -
drivers/net/ethernet/intel/iavf/iavf_main.c | 8 --------
2 files changed, 9 deletions(-)
diff --git a/drivers/net/ethernet/intel/iavf/iavf.h b/drivers/net/ethernet/intel/iavf/iavf.h
index 3f6187c16424..0d1bab4ac1b0 100644
--- a/drivers/net/ethernet/intel/iavf/iavf.h
+++ b/drivers/net/ethernet/intel/iavf/iavf.h
@@ -298,7 +298,6 @@ struct iavf_adapter {
#define IAVF_FLAG_QUEUES_DISABLED BIT(17)
#define IAVF_FLAG_SETUP_NETDEV_FEATURES BIT(18)
#define IAVF_FLAG_REINIT_MSIX_NEEDED BIT(20)
-#define IAVF_FLAG_INITIAL_MAC_SET BIT(23)
/* duplicates for common code */
#define IAVF_FLAG_DCB_ENABLED 0
/* flags for admin queue service task */
diff --git a/drivers/net/ethernet/intel/iavf/iavf_main.c b/drivers/net/ethernet/intel/iavf/iavf_main.c
index f59b725785eb..005bb8378c76 100644
--- a/drivers/net/ethernet/intel/iavf/iavf_main.c
+++ b/drivers/net/ethernet/intel/iavf/iavf_main.c
@@ -1087,12 +1087,6 @@ static int iavf_set_mac(struct net_device *netdev, void *p)
if (ret)
return ret;
- /* If this is an initial set MAC during VF spawn do not wait */
- if (adapter->flags & IAVF_FLAG_INITIAL_MAC_SET) {
- adapter->flags &= ~IAVF_FLAG_INITIAL_MAC_SET;
- return 0;
- }
-
ret = wait_event_interruptible_timeout(adapter->vc_waitqueue,
iavf_is_mac_set_handled(netdev, addr->sa_data),
msecs_to_jiffies(2500));
@@ -2605,8 +2599,6 @@ static void iavf_init_config_adapter(struct iavf_adapter *adapter)
ether_addr_copy(netdev->perm_addr, adapter->hw.mac.addr);
}
- adapter->flags |= IAVF_FLAG_INITIAL_MAC_SET;
-
adapter->tx_desc_count = IAVF_DEFAULT_TXD;
adapter->rx_desc_count = IAVF_DEFAULT_RXD;
err = iavf_init_interrupt_scheme(adapter);
--
2.35.1
^ permalink raw reply related [flat|nested] 305+ messages in thread
* [PATCH 6.0 087/289] iavf: Fix race condition between iavf_shutdown and iavf_remove
2022-11-30 18:19 [PATCH 6.0 000/289] 6.0.11-rc1 review Greg Kroah-Hartman
` (85 preceding siblings ...)
2022-11-30 18:21 ` [PATCH 6.0 086/289] iavf: remove INITIAL_MAC_SET to allow gARP to work properly Greg Kroah-Hartman
@ 2022-11-30 18:21 ` Greg Kroah-Hartman
2022-11-30 18:21 ` [PATCH 6.0 088/289] ARM: mxs: fix memory leak in mxs_machine_init() Greg Kroah-Hartman
` (211 subsequent siblings)
298 siblings, 0 replies; 305+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-30 18:21 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Slawomir Laba, Mateusz Palczewski,
Marek Szlosek, Tony Nguyen, Sasha Levin
From: Slawomir Laba <slawomirx.laba@intel.com>
[ Upstream commit a8417330f8a57275ed934293e832982b6d882713 ]
Fix a deadlock introduced by commit
974578017fc1 ("iavf: Add waiting so the port is initialized in remove")
due to race condition between iavf_shutdown and iavf_remove, where
iavf_remove stucks forever in while loop since iavf_shutdown already
set __IAVF_REMOVE adapter state.
Fix this by checking if the __IAVF_IN_REMOVE_TASK has already been
set and return if so.
Fixes: 974578017fc1 ("iavf: Add waiting so the port is initialized in remove")
Signed-off-by: Slawomir Laba <slawomirx.laba@intel.com>
Signed-off-by: Mateusz Palczewski <mateusz.palczewski@intel.com>
Tested-by: Marek Szlosek <marek.szlosek@intel.com>
Signed-off-by: Tony Nguyen <anthony.l.nguyen@intel.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/ethernet/intel/iavf/iavf_main.c | 16 +++++++---------
1 file changed, 7 insertions(+), 9 deletions(-)
diff --git a/drivers/net/ethernet/intel/iavf/iavf_main.c b/drivers/net/ethernet/intel/iavf/iavf_main.c
index 005bb8378c76..cff03723f4f9 100644
--- a/drivers/net/ethernet/intel/iavf/iavf_main.c
+++ b/drivers/net/ethernet/intel/iavf/iavf_main.c
@@ -5042,23 +5042,21 @@ static int __maybe_unused iavf_resume(struct device *dev_d)
static void iavf_remove(struct pci_dev *pdev)
{
struct iavf_adapter *adapter = iavf_pdev_to_adapter(pdev);
- struct net_device *netdev = adapter->netdev;
struct iavf_fdir_fltr *fdir, *fdirtmp;
struct iavf_vlan_filter *vlf, *vlftmp;
+ struct iavf_cloud_filter *cf, *cftmp;
struct iavf_adv_rss *rss, *rsstmp;
struct iavf_mac_filter *f, *ftmp;
- struct iavf_cloud_filter *cf, *cftmp;
- struct iavf_hw *hw = &adapter->hw;
+ struct net_device *netdev;
+ struct iavf_hw *hw;
int err;
- /* When reboot/shutdown is in progress no need to do anything
- * as the adapter is already REMOVE state that was set during
- * iavf_shutdown() callback.
- */
- if (adapter->state == __IAVF_REMOVE)
+ netdev = adapter->netdev;
+ hw = &adapter->hw;
+
+ if (test_and_set_bit(__IAVF_IN_REMOVE_TASK, &adapter->crit_section))
return;
- set_bit(__IAVF_IN_REMOVE_TASK, &adapter->crit_section);
/* Wait until port initialization is complete.
* There are flows where register/unregister netdev may race.
*/
--
2.35.1
^ permalink raw reply related [flat|nested] 305+ messages in thread
* [PATCH 6.0 088/289] ARM: mxs: fix memory leak in mxs_machine_init()
2022-11-30 18:19 [PATCH 6.0 000/289] 6.0.11-rc1 review Greg Kroah-Hartman
` (86 preceding siblings ...)
2022-11-30 18:21 ` [PATCH 6.0 087/289] iavf: Fix race condition between iavf_shutdown and iavf_remove Greg Kroah-Hartman
@ 2022-11-30 18:21 ` Greg Kroah-Hartman
2022-11-30 18:21 ` [PATCH 6.0 089/289] ARM: dts: imx6q-prti6q: Fix ref/tcxo-clock-frequency properties Greg Kroah-Hartman
` (210 subsequent siblings)
298 siblings, 0 replies; 305+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-30 18:21 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Zheng Yongjun, Marco Felsch,
Shawn Guo, Sasha Levin
From: Zheng Yongjun <zhengyongjun3@huawei.com>
[ Upstream commit f31e3c204d1844b8680a442a48868af5ac3d5481 ]
If of_property_read_string() failed, 'soc_dev_attr' should be
freed before return. Otherwise there is a memory leak.
Fixes: 2046338dcbc6 ("ARM: mxs: Use soc bus infrastructure")
Signed-off-by: Zheng Yongjun <zhengyongjun3@huawei.com>
Reviewed-by: Marco Felsch <m.felsch@pengutronix.de>
Signed-off-by: Shawn Guo <shawnguo@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/arm/mach-mxs/mach-mxs.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/arch/arm/mach-mxs/mach-mxs.c b/arch/arm/mach-mxs/mach-mxs.c
index 25c9d184fa4c..1c57ac401649 100644
--- a/arch/arm/mach-mxs/mach-mxs.c
+++ b/arch/arm/mach-mxs/mach-mxs.c
@@ -393,8 +393,10 @@ static void __init mxs_machine_init(void)
root = of_find_node_by_path("/");
ret = of_property_read_string(root, "model", &soc_dev_attr->machine);
- if (ret)
+ if (ret) {
+ kfree(soc_dev_attr);
return;
+ }
soc_dev_attr->family = "Freescale MXS Family";
soc_dev_attr->soc_id = mxs_get_soc_id();
--
2.35.1
^ permalink raw reply related [flat|nested] 305+ messages in thread
* [PATCH 6.0 089/289] ARM: dts: imx6q-prti6q: Fix ref/tcxo-clock-frequency properties
2022-11-30 18:19 [PATCH 6.0 000/289] 6.0.11-rc1 review Greg Kroah-Hartman
` (87 preceding siblings ...)
2022-11-30 18:21 ` [PATCH 6.0 088/289] ARM: mxs: fix memory leak in mxs_machine_init() Greg Kroah-Hartman
@ 2022-11-30 18:21 ` Greg Kroah-Hartman
2022-11-30 18:21 ` [PATCH 6.0 090/289] net: ethernet: mtk_eth_soc: fix error handling in mtk_open() Greg Kroah-Hartman
` (209 subsequent siblings)
298 siblings, 0 replies; 305+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-30 18:21 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Fabio Estevam, Shawn Guo, Sasha Levin
From: Fabio Estevam <festevam@denx.de>
[ Upstream commit e68be7b39f21d8a9291a5a3019787cd3ca999dd7 ]
make dtbs_check gives the following errors:
ref-clock-frequency: size (9) error for type uint32
tcxo-clock-frequency: size (9) error for type uint32
Fix it by passing the frequencies inside < > as documented in
Documentation/devicetree/bindings/net/wireless/ti,wlcore.yaml.
Signed-off-by: Fabio Estevam <festevam@denx.de>
Fixes: 0d446a505592 ("ARM: dts: add Protonic PRTI6Q board")
Signed-off-by: Shawn Guo <shawnguo@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/arm/boot/dts/imx6q-prti6q.dts | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/arch/arm/boot/dts/imx6q-prti6q.dts b/arch/arm/boot/dts/imx6q-prti6q.dts
index b4605edfd2ab..d8fa83effd63 100644
--- a/arch/arm/boot/dts/imx6q-prti6q.dts
+++ b/arch/arm/boot/dts/imx6q-prti6q.dts
@@ -364,8 +364,8 @@ wifi {
pinctrl-names = "default";
pinctrl-0 = <&pinctrl_wifi>;
interrupts-extended = <&gpio1 30 IRQ_TYPE_LEVEL_HIGH>;
- ref-clock-frequency = "38400000";
- tcxo-clock-frequency = "19200000";
+ ref-clock-frequency = <38400000>;
+ tcxo-clock-frequency = <19200000>;
};
};
--
2.35.1
^ permalink raw reply related [flat|nested] 305+ messages in thread
* [PATCH 6.0 090/289] net: ethernet: mtk_eth_soc: fix error handling in mtk_open()
2022-11-30 18:19 [PATCH 6.0 000/289] 6.0.11-rc1 review Greg Kroah-Hartman
` (88 preceding siblings ...)
2022-11-30 18:21 ` [PATCH 6.0 089/289] ARM: dts: imx6q-prti6q: Fix ref/tcxo-clock-frequency properties Greg Kroah-Hartman
@ 2022-11-30 18:21 ` Greg Kroah-Hartman
2022-11-30 18:21 ` [PATCH 6.0 091/289] net/mlx4: Check retval of mlx4_bitmap_init Greg Kroah-Hartman
` (208 subsequent siblings)
298 siblings, 0 replies; 305+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-30 18:21 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Liu Jian, Russell King (Oracle),
Jakub Kicinski, Sasha Levin
From: Liu Jian <liujian56@huawei.com>
[ Upstream commit f70074140524c59a0935947b06dd6cb6e1ea642d ]
If mtk_start_dma() fails, invoke phylink_disconnect_phy() to perform
cleanup. phylink_disconnect_phy() contains the put_device action. If
phylink_disconnect_phy is not performed, the Kref of netdev will leak.
Fixes: b8fc9f30821e ("net: ethernet: mediatek: Add basic PHYLINK support")
Signed-off-by: Liu Jian <liujian56@huawei.com>
Reviewed-by: Russell King (Oracle) <rmk+kernel@armlinux.org.uk>
Link: https://lore.kernel.org/r/20221117111356.161547-1-liujian56@huawei.com
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/ethernet/mediatek/mtk_eth_soc.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/drivers/net/ethernet/mediatek/mtk_eth_soc.c b/drivers/net/ethernet/mediatek/mtk_eth_soc.c
index 84433f3a3e22..a75f5931f746 100644
--- a/drivers/net/ethernet/mediatek/mtk_eth_soc.c
+++ b/drivers/net/ethernet/mediatek/mtk_eth_soc.c
@@ -2979,8 +2979,10 @@ static int mtk_open(struct net_device *dev)
u32 gdm_config = MTK_GDMA_TO_PDMA;
err = mtk_start_dma(eth);
- if (err)
+ if (err) {
+ phylink_disconnect_phy(mac->phylink);
return err;
+ }
if (eth->soc->offload_version && mtk_ppe_start(eth->ppe) == 0)
gdm_config = MTK_GDMA_TO_PPE;
--
2.35.1
^ permalink raw reply related [flat|nested] 305+ messages in thread
* [PATCH 6.0 091/289] net/mlx4: Check retval of mlx4_bitmap_init
2022-11-30 18:19 [PATCH 6.0 000/289] 6.0.11-rc1 review Greg Kroah-Hartman
` (89 preceding siblings ...)
2022-11-30 18:21 ` [PATCH 6.0 090/289] net: ethernet: mtk_eth_soc: fix error handling in mtk_open() Greg Kroah-Hartman
@ 2022-11-30 18:21 ` Greg Kroah-Hartman
2022-11-30 18:21 ` [PATCH 6.0 092/289] net: mvpp2: fix possible invalid pointer dereference Greg Kroah-Hartman
` (207 subsequent siblings)
298 siblings, 0 replies; 305+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-30 18:21 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Tariq Toukan, Peter Kosyh,
Jakub Kicinski, Sasha Levin
From: Peter Kosyh <pkosyh@yandex.ru>
[ Upstream commit 594c61ffc77de0a197934aa0f1df9285c68801c6 ]
If mlx4_bitmap_init fails, mlx4_bitmap_alloc_range will dereference
the NULL pointer (bitmap->table).
Make sure, that mlx4_bitmap_alloc_range called in no error case.
Found by Linux Verification Center (linuxtesting.org) with SVACE.
Fixes: d57febe1a478 ("net/mlx4: Add A0 hybrid steering")
Reviewed-by: Tariq Toukan <tariqt@nvidia.com>
Signed-off-by: Peter Kosyh <pkosyh@yandex.ru>
Link: https://lore.kernel.org/r/20221117152806.278072-1-pkosyh@yandex.ru
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/ethernet/mellanox/mlx4/qp.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/drivers/net/ethernet/mellanox/mlx4/qp.c b/drivers/net/ethernet/mellanox/mlx4/qp.c
index b149e601f673..48cfaa7eaf50 100644
--- a/drivers/net/ethernet/mellanox/mlx4/qp.c
+++ b/drivers/net/ethernet/mellanox/mlx4/qp.c
@@ -697,7 +697,8 @@ static int mlx4_create_zones(struct mlx4_dev *dev,
err = mlx4_bitmap_init(*bitmap + k, 1,
MLX4_QP_TABLE_RAW_ETH_SIZE - 1, 0,
0);
- mlx4_bitmap_alloc_range(*bitmap + k, 1, 1, 0);
+ if (!err)
+ mlx4_bitmap_alloc_range(*bitmap + k, 1, 1, 0);
}
if (err)
--
2.35.1
^ permalink raw reply related [flat|nested] 305+ messages in thread
* [PATCH 6.0 092/289] net: mvpp2: fix possible invalid pointer dereference
2022-11-30 18:19 [PATCH 6.0 000/289] 6.0.11-rc1 review Greg Kroah-Hartman
` (90 preceding siblings ...)
2022-11-30 18:21 ` [PATCH 6.0 091/289] net/mlx4: Check retval of mlx4_bitmap_init Greg Kroah-Hartman
@ 2022-11-30 18:21 ` Greg Kroah-Hartman
2022-11-30 18:21 ` [PATCH 6.0 093/289] net/qla3xxx: fix potential memleak in ql3xxx_send() Greg Kroah-Hartman
` (206 subsequent siblings)
298 siblings, 0 replies; 305+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-30 18:21 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Hui Tang, Jakub Kicinski, Sasha Levin
From: Hui Tang <tanghui20@huawei.com>
[ Upstream commit cbe867685386af1f0a2648f5279f6e4c74bfd17f ]
It will cause invalid pointer dereference to priv->cm3_base behind,
if PTR_ERR(priv->cm3_base) in mvpp2_get_sram().
Fixes: e54ad1e01c00 ("net: mvpp2: add CM3 SRAM memory map")
Signed-off-by: Hui Tang <tanghui20@huawei.com>
Link: https://lore.kernel.org/r/20221117084032.101144-1-tanghui20@huawei.com
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/ethernet/marvell/mvpp2/mvpp2_main.c | 8 ++++++--
1 file changed, 6 insertions(+), 2 deletions(-)
diff --git a/drivers/net/ethernet/marvell/mvpp2/mvpp2_main.c b/drivers/net/ethernet/marvell/mvpp2/mvpp2_main.c
index eaa51cd7456b..8f86be995092 100644
--- a/drivers/net/ethernet/marvell/mvpp2/mvpp2_main.c
+++ b/drivers/net/ethernet/marvell/mvpp2/mvpp2_main.c
@@ -7352,6 +7352,7 @@ static int mvpp2_get_sram(struct platform_device *pdev,
struct mvpp2 *priv)
{
struct resource *res;
+ void __iomem *base;
res = platform_get_resource(pdev, IORESOURCE_MEM, 2);
if (!res) {
@@ -7362,9 +7363,12 @@ static int mvpp2_get_sram(struct platform_device *pdev,
return 0;
}
- priv->cm3_base = devm_ioremap_resource(&pdev->dev, res);
+ base = devm_ioremap_resource(&pdev->dev, res);
+ if (IS_ERR(base))
+ return PTR_ERR(base);
- return PTR_ERR_OR_ZERO(priv->cm3_base);
+ priv->cm3_base = base;
+ return 0;
}
static int mvpp2_probe(struct platform_device *pdev)
--
2.35.1
^ permalink raw reply related [flat|nested] 305+ messages in thread
* [PATCH 6.0 093/289] net/qla3xxx: fix potential memleak in ql3xxx_send()
2022-11-30 18:19 [PATCH 6.0 000/289] 6.0.11-rc1 review Greg Kroah-Hartman
` (91 preceding siblings ...)
2022-11-30 18:21 ` [PATCH 6.0 092/289] net: mvpp2: fix possible invalid pointer dereference Greg Kroah-Hartman
@ 2022-11-30 18:21 ` Greg Kroah-Hartman
2022-11-30 18:21 ` [PATCH 6.0 094/289] octeontx2-af: debugsfs: fix pci device refcount leak Greg Kroah-Hartman
` (205 subsequent siblings)
298 siblings, 0 replies; 305+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-30 18:21 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Zhang Changzhong, Jakub Kicinski,
Sasha Levin
From: Zhang Changzhong <zhangchangzhong@huawei.com>
[ Upstream commit 62a7311fb96c61d281da9852dbee4712fc8c3277 ]
The ql3xxx_send() returns NETDEV_TX_OK without freeing skb in error
handling case, add dev_kfree_skb_any() to fix it.
Fixes: bd36b0ac5d06 ("qla3xxx: Add support for Qlogic 4032 chip.")
Signed-off-by: Zhang Changzhong <zhangchangzhong@huawei.com>
Link: https://lore.kernel.org/r/1668675039-21138-1-git-send-email-zhangchangzhong@huawei.com
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/ethernet/qlogic/qla3xxx.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/drivers/net/ethernet/qlogic/qla3xxx.c b/drivers/net/ethernet/qlogic/qla3xxx.c
index 06f4d9a9e938..5a2d70a91868 100644
--- a/drivers/net/ethernet/qlogic/qla3xxx.c
+++ b/drivers/net/ethernet/qlogic/qla3xxx.c
@@ -2471,6 +2471,7 @@ static netdev_tx_t ql3xxx_send(struct sk_buff *skb,
skb_shinfo(skb)->nr_frags);
if (tx_cb->seg_count == -1) {
netdev_err(ndev, "%s: invalid segment count!\n", __func__);
+ dev_kfree_skb_any(skb);
return NETDEV_TX_OK;
}
--
2.35.1
^ permalink raw reply related [flat|nested] 305+ messages in thread
* [PATCH 6.0 094/289] octeontx2-af: debugsfs: fix pci device refcount leak
2022-11-30 18:19 [PATCH 6.0 000/289] 6.0.11-rc1 review Greg Kroah-Hartman
` (92 preceding siblings ...)
2022-11-30 18:21 ` [PATCH 6.0 093/289] net/qla3xxx: fix potential memleak in ql3xxx_send() Greg Kroah-Hartman
@ 2022-11-30 18:21 ` Greg Kroah-Hartman
2022-11-30 18:21 ` [PATCH 6.0 095/289] net: pch_gbe: fix pci device refcount leak while module exiting Greg Kroah-Hartman
` (204 subsequent siblings)
298 siblings, 0 replies; 305+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-30 18:21 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Yang Yingliang, Jakub Kicinski, Sasha Levin
From: Yang Yingliang <yangyingliang@huawei.com>
[ Upstream commit d66608803aa2ffb9e475623343f69996305771ae ]
As comment of pci_get_domain_bus_and_slot() says, it returns
a pci device with refcount increment, when finish using it,
the caller must decrement the reference count by calling
pci_dev_put().
So before returning from rvu_dbg_rvu_pf_cgx_map_display() or
cgx_print_dmac_flt(), pci_dev_put() is called to avoid refcount
leak.
Fixes: dbc52debf95f ("octeontx2-af: Debugfs support for DMAC filters")
Fixes: e2fb37303865 ("octeontx2-af: Display CGX, NIX and PF map in debugfs.")
Signed-off-by: Yang Yingliang <yangyingliang@huawei.com>
Link: https://lore.kernel.org/r/20221117124658.162409-1-yangyingliang@huawei.com
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/ethernet/marvell/octeontx2/af/rvu_debugfs.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/drivers/net/ethernet/marvell/octeontx2/af/rvu_debugfs.c b/drivers/net/ethernet/marvell/octeontx2/af/rvu_debugfs.c
index f42a09f04b25..70cda1571324 100644
--- a/drivers/net/ethernet/marvell/octeontx2/af/rvu_debugfs.c
+++ b/drivers/net/ethernet/marvell/octeontx2/af/rvu_debugfs.c
@@ -535,6 +535,8 @@ static int rvu_dbg_rvu_pf_cgx_map_display(struct seq_file *filp, void *unused)
sprintf(lmac, "LMAC%d", lmac_id);
seq_printf(filp, "%s\t0x%x\t\tNIX%d\t\t%s\t%s\n",
dev_name(&pdev->dev), pcifunc, blkid, cgx, lmac);
+
+ pci_dev_put(pdev);
}
return 0;
}
@@ -2221,6 +2223,7 @@ static int cgx_print_dmac_flt(struct seq_file *s, int lmac_id)
}
}
+ pci_dev_put(pdev);
return 0;
}
--
2.35.1
^ permalink raw reply related [flat|nested] 305+ messages in thread
* [PATCH 6.0 095/289] net: pch_gbe: fix pci device refcount leak while module exiting
2022-11-30 18:19 [PATCH 6.0 000/289] 6.0.11-rc1 review Greg Kroah-Hartman
` (93 preceding siblings ...)
2022-11-30 18:21 ` [PATCH 6.0 094/289] octeontx2-af: debugsfs: fix pci device refcount leak Greg Kroah-Hartman
@ 2022-11-30 18:21 ` Greg Kroah-Hartman
2022-11-30 18:21 ` [PATCH 6.0 096/289] nfp: fill splittable of devlink_port_attrs correctly Greg Kroah-Hartman
` (203 subsequent siblings)
298 siblings, 0 replies; 305+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-30 18:21 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Yang Yingliang, Jakub Kicinski, Sasha Levin
From: Yang Yingliang <yangyingliang@huawei.com>
[ Upstream commit 5619537284f1017e9f6c7500b02b859b3830a06d ]
As comment of pci_get_domain_bus_and_slot() says, it returns
a pci device with refcount increment, when finish using it,
the caller must decrement the reference count by calling
pci_dev_put().
In pch_gbe_probe(), pci_get_domain_bus_and_slot() is called,
so in error path in probe() and remove() function, pci_dev_put()
should be called to avoid refcount leak. Compile tested only.
Fixes: 1a0bdadb4e36 ("net/pch_gbe: supports eg20t ptp clock")
Signed-off-by: Yang Yingliang <yangyingliang@huawei.com>
Link: https://lore.kernel.org/r/20221117135148.301014-1-yangyingliang@huawei.com
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/ethernet/oki-semi/pch_gbe/pch_gbe_main.c | 5 ++++-
1 file changed, 4 insertions(+), 1 deletion(-)
diff --git a/drivers/net/ethernet/oki-semi/pch_gbe/pch_gbe_main.c b/drivers/net/ethernet/oki-semi/pch_gbe/pch_gbe_main.c
index 98792907a4c3..63b6b7d86ccb 100644
--- a/drivers/net/ethernet/oki-semi/pch_gbe/pch_gbe_main.c
+++ b/drivers/net/ethernet/oki-semi/pch_gbe/pch_gbe_main.c
@@ -2460,6 +2460,7 @@ static void pch_gbe_remove(struct pci_dev *pdev)
unregister_netdev(netdev);
pch_gbe_phy_hw_reset(&adapter->hw);
+ pci_dev_put(adapter->ptp_pdev);
free_netdev(netdev);
}
@@ -2535,7 +2536,7 @@ static int pch_gbe_probe(struct pci_dev *pdev,
/* setup the private structure */
ret = pch_gbe_sw_init(adapter);
if (ret)
- goto err_free_netdev;
+ goto err_put_dev;
/* Initialize PHY */
ret = pch_gbe_init_phy(adapter);
@@ -2593,6 +2594,8 @@ static int pch_gbe_probe(struct pci_dev *pdev,
err_free_adapter:
pch_gbe_phy_hw_reset(&adapter->hw);
+err_put_dev:
+ pci_dev_put(adapter->ptp_pdev);
err_free_netdev:
free_netdev(netdev);
return ret;
--
2.35.1
^ permalink raw reply related [flat|nested] 305+ messages in thread
* [PATCH 6.0 096/289] nfp: fill splittable of devlink_port_attrs correctly
2022-11-30 18:19 [PATCH 6.0 000/289] 6.0.11-rc1 review Greg Kroah-Hartman
` (94 preceding siblings ...)
2022-11-30 18:21 ` [PATCH 6.0 095/289] net: pch_gbe: fix pci device refcount leak while module exiting Greg Kroah-Hartman
@ 2022-11-30 18:21 ` Greg Kroah-Hartman
2022-11-30 18:21 ` [PATCH 6.0 097/289] nfp: add port from netdev validation for EEPROM access Greg Kroah-Hartman
` (202 subsequent siblings)
298 siblings, 0 replies; 305+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-30 18:21 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Diana Wang, Louis Peens,
Niklas Söderlund, Simon Horman, Jakub Kicinski, Sasha Levin
From: Diana Wang <na.wang@corigine.com>
[ Upstream commit 4abd9600b9d15d3d92a9ac25cf200422a4c415ee ]
The error is reflected in that it shows wrong splittable status of
port when executing "devlink port show".
The reason which leads the error is that the assigned operation of
splittable is just a simple negation operation of split and it does
not consider port lanes quantity. A splittable port should have
several lanes that can be split(lanes quantity > 1).
If without the judgement, it will show wrong message for some
firmware, such as 2x25G, 2x10G.
Fixes: a0f49b548652 ("devlink: Add a new devlink port split ability attribute and pass to netlink")
Signed-off-by: Diana Wang <na.wang@corigine.com>
Reviewed-by: Louis Peens <louis.peens@corigine.com>
Reviewed-by: Niklas Söderlund <niklas.soderlund@corigine.com>
Signed-off-by: Simon Horman <simon.horman@corigine.com>
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/ethernet/netronome/nfp/nfp_devlink.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/net/ethernet/netronome/nfp/nfp_devlink.c b/drivers/net/ethernet/netronome/nfp/nfp_devlink.c
index 405786c00334..cb08d7bf9524 100644
--- a/drivers/net/ethernet/netronome/nfp/nfp_devlink.c
+++ b/drivers/net/ethernet/netronome/nfp/nfp_devlink.c
@@ -341,7 +341,7 @@ int nfp_devlink_port_register(struct nfp_app *app, struct nfp_port *port)
return ret;
attrs.split = eth_port.is_split;
- attrs.splittable = !attrs.split;
+ attrs.splittable = eth_port.port_lanes > 1 && !attrs.split;
attrs.lanes = eth_port.port_lanes;
attrs.flavour = DEVLINK_PORT_FLAVOUR_PHYSICAL;
attrs.phys.port_number = eth_port.label_port;
--
2.35.1
^ permalink raw reply related [flat|nested] 305+ messages in thread
* [PATCH 6.0 097/289] nfp: add port from netdev validation for EEPROM access
2022-11-30 18:19 [PATCH 6.0 000/289] 6.0.11-rc1 review Greg Kroah-Hartman
` (95 preceding siblings ...)
2022-11-30 18:21 ` [PATCH 6.0 096/289] nfp: fill splittable of devlink_port_attrs correctly Greg Kroah-Hartman
@ 2022-11-30 18:21 ` Greg Kroah-Hartman
2022-11-30 18:21 ` [PATCH 6.0 098/289] bonding: fix ICMPv6 header handling when receiving IPv6 messages Greg Kroah-Hartman
` (201 subsequent siblings)
298 siblings, 0 replies; 305+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-30 18:21 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Jaco Coetzee, Louis Peens,
Simon Horman, Jakub Kicinski, Sasha Levin
From: Jaco Coetzee <jaco.coetzee@corigine.com>
[ Upstream commit 0873016d46f6dfafd1bdf4d9b935b3331b226f7c ]
Setting of the port flag `NFP_PORT_CHANGED`, introduced
to ensure the correct reading of EEPROM data, causes a
fatal kernel NULL pointer dereference in cases where
the target netdev type cannot be determined.
Add validation of port struct pointer before attempting
to set the `NFP_PORT_CHANGED` flag. Return that operation
is not supported if the netdev type cannot be determined.
Fixes: 4ae97cae07e1 ("nfp: ethtool: fix the display error of `ethtool -m DEVNAME`")
Signed-off-by: Jaco Coetzee <jaco.coetzee@corigine.com>
Reviewed-by: Louis Peens <louis.peens@corigine.com>
Signed-off-by: Simon Horman <simon.horman@corigine.com>
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/ethernet/netronome/nfp/nfp_net_ethtool.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/drivers/net/ethernet/netronome/nfp/nfp_net_ethtool.c b/drivers/net/ethernet/netronome/nfp/nfp_net_ethtool.c
index b19bff0db1fd..400b22ad6a34 100644
--- a/drivers/net/ethernet/netronome/nfp/nfp_net_ethtool.c
+++ b/drivers/net/ethernet/netronome/nfp/nfp_net_ethtool.c
@@ -1395,6 +1395,9 @@ nfp_port_get_module_info(struct net_device *netdev,
u8 data;
port = nfp_port_from_netdev(netdev);
+ if (!port)
+ return -EOPNOTSUPP;
+
/* update port state to get latest interface */
set_bit(NFP_PORT_CHANGED, &port->flags);
eth_port = nfp_port_get_eth_port(port);
--
2.35.1
^ permalink raw reply related [flat|nested] 305+ messages in thread
* [PATCH 6.0 098/289] bonding: fix ICMPv6 header handling when receiving IPv6 messages
2022-11-30 18:19 [PATCH 6.0 000/289] 6.0.11-rc1 review Greg Kroah-Hartman
` (96 preceding siblings ...)
2022-11-30 18:21 ` [PATCH 6.0 097/289] nfp: add port from netdev validation for EEPROM access Greg Kroah-Hartman
@ 2022-11-30 18:21 ` Greg Kroah-Hartman
2022-11-30 18:21 ` [PATCH 6.0 099/289] macsec: Fix invalid error code set Greg Kroah-Hartman
` (200 subsequent siblings)
298 siblings, 0 replies; 305+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-30 18:21 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Liang Li, Eric Dumazet, Hangbin Liu,
Eric Dumazet, Jay Vosburgh, Jakub Kicinski, Sasha Levin
From: Hangbin Liu <liuhangbin@gmail.com>
[ Upstream commit 4d633d1b468b6eb107a81b2fd10b9debddca3d47 ]
Currently, we get icmp6hdr via function icmp6_hdr(), which needs the skb
transport header to be set first. But there is no rule to ask driver set
transport header before netif_receive_skb() and bond_handle_frame(). So
we will not able to get correct icmp6hdr on some drivers.
Fix this by using skb_header_pointer to get the IPv6 and ICMPV6 headers.
Reported-by: Liang Li <liali@redhat.com>
Fixes: 4e24be018eb9 ("bonding: add new parameter ns_targets")
Suggested-by: Eric Dumazet <eric.dumazet@gmail.com>
Signed-off-by: Hangbin Liu <liuhangbin@gmail.com>
Reviewed-by: Eric Dumazet <edumazet@google.com>
Acked-by: Jay Vosburgh <jay.vosburgh@canonical.com>
Link: https://lore.kernel.org/r/20221118034353.1736727-1-liuhangbin@gmail.com
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/bonding/bond_main.c | 17 ++++++++++++-----
1 file changed, 12 insertions(+), 5 deletions(-)
diff --git a/drivers/net/bonding/bond_main.c b/drivers/net/bonding/bond_main.c
index 86d42306aa5e..76dd5ff1d99d 100644
--- a/drivers/net/bonding/bond_main.c
+++ b/drivers/net/bonding/bond_main.c
@@ -3231,16 +3231,23 @@ static int bond_na_rcv(const struct sk_buff *skb, struct bonding *bond,
struct slave *slave)
{
struct slave *curr_active_slave, *curr_arp_slave;
- struct icmp6hdr *hdr = icmp6_hdr(skb);
struct in6_addr *saddr, *daddr;
+ struct {
+ struct ipv6hdr ip6;
+ struct icmp6hdr icmp6;
+ } *combined, _combined;
if (skb->pkt_type == PACKET_OTHERHOST ||
- skb->pkt_type == PACKET_LOOPBACK ||
- hdr->icmp6_type != NDISC_NEIGHBOUR_ADVERTISEMENT)
+ skb->pkt_type == PACKET_LOOPBACK)
+ goto out;
+
+ combined = skb_header_pointer(skb, 0, sizeof(_combined), &_combined);
+ if (!combined || combined->ip6.nexthdr != NEXTHDR_ICMP ||
+ combined->icmp6.icmp6_type != NDISC_NEIGHBOUR_ADVERTISEMENT)
goto out;
- saddr = &ipv6_hdr(skb)->saddr;
- daddr = &ipv6_hdr(skb)->daddr;
+ saddr = &combined->ip6.saddr;
+ daddr = &combined->ip6.saddr;
slave_dbg(bond->dev, slave->dev, "%s: %s/%d av %d sv %d sip %pI6c tip %pI6c\n",
__func__, slave->dev->name, bond_slave_state(slave),
--
2.35.1
^ permalink raw reply related [flat|nested] 305+ messages in thread
* [PATCH 6.0 099/289] macsec: Fix invalid error code set
2022-11-30 18:19 [PATCH 6.0 000/289] 6.0.11-rc1 review Greg Kroah-Hartman
` (97 preceding siblings ...)
2022-11-30 18:21 ` [PATCH 6.0 098/289] bonding: fix ICMPv6 header handling when receiving IPv6 messages Greg Kroah-Hartman
@ 2022-11-30 18:21 ` Greg Kroah-Hartman
2022-11-30 18:21 ` [PATCH 6.0 100/289] drm/i915: Fix warn in intel_display_power_*_domain() functions Greg Kroah-Hartman
` (199 subsequent siblings)
298 siblings, 0 replies; 305+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-30 18:21 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, YueHaibing, Saeed Mahameed,
Antoine Tenart, Jakub Kicinski, Sasha Levin
From: YueHaibing <yuehaibing@huawei.com>
[ Upstream commit 7cef6b73fba96abef731a53501924fc3c4a0f947 ]
'ret' is defined twice in macsec_changelink(), when it is set in macsec_is_offloaded
case, it will be invalid before return.
Fixes: 3cf3227a21d1 ("net: macsec: hardware offloading infrastructure")
Signed-off-by: YueHaibing <yuehaibing@huawei.com>
Reviewed-by: Saeed Mahameed <saeed@kernel.org>
Reviewed-by: Antoine Tenart <atenart@kernel.org>
Link: https://lore.kernel.org/r/20221118011249.48112-1-yuehaibing@huawei.com
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/macsec.c | 1 -
1 file changed, 1 deletion(-)
diff --git a/drivers/net/macsec.c b/drivers/net/macsec.c
index d145ad189778..104fc564a766 100644
--- a/drivers/net/macsec.c
+++ b/drivers/net/macsec.c
@@ -3855,7 +3855,6 @@ static int macsec_changelink(struct net_device *dev, struct nlattr *tb[],
if (macsec_is_offloaded(macsec)) {
const struct macsec_ops *ops;
struct macsec_context ctx;
- int ret;
ops = macsec_get_ops(netdev_priv(dev), &ctx);
if (!ops) {
--
2.35.1
^ permalink raw reply related [flat|nested] 305+ messages in thread
* [PATCH 6.0 100/289] drm/i915: Fix warn in intel_display_power_*_domain() functions
2022-11-30 18:19 [PATCH 6.0 000/289] 6.0.11-rc1 review Greg Kroah-Hartman
` (98 preceding siblings ...)
2022-11-30 18:21 ` [PATCH 6.0 099/289] macsec: Fix invalid error code set Greg Kroah-Hartman
@ 2022-11-30 18:21 ` Greg Kroah-Hartman
2022-11-30 18:21 ` [PATCH 6.0 101/289] Drivers: hv: vmbus: fix double free in the error path of vmbus_add_channel_work() Greg Kroah-Hartman
` (198 subsequent siblings)
298 siblings, 0 replies; 305+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-30 18:21 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Ville Syrjälä,
Jouni Högander, Imre Deak, Tvrtko Ursulin, Sasha Levin
From: Imre Deak <imre.deak@intel.com>
[ Upstream commit ebbaa4392e36521fb893973d8a0fcb32f3b6d5eb ]
The intel_display_power_*_domain() functions should always warn if a
default domain is returned as a fallback, fix this up. Spotted by Ville.
Fixes: 979e1b32e0e2 ("drm/i915: Sanitize the port -> DDI/AUX power domain mapping for each platform")
Cc: Ville Syrjälä <ville.syrjala@linux.intel.com>
Cc: Jouni Högander <jouni.hogander@intel.com>
Signed-off-by: Imre Deak <imre.deak@intel.com>
Reviewed-by: Ville Syrjälä <ville.syrjala@linux.intel.com>
Link: https://patchwork.freedesktop.org/patch/msgid/20221114122251.21327-2-imre.deak@intel.com
(cherry picked from commit 10b85f0e1d922210ae857afed6d012ec32c4b6cb)
Signed-off-by: Tvrtko Ursulin <tvrtko.ursulin@intel.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/gpu/drm/i915/display/intel_display_power.c | 8 ++++----
1 file changed, 4 insertions(+), 4 deletions(-)
diff --git a/drivers/gpu/drm/i915/display/intel_display_power.c b/drivers/gpu/drm/i915/display/intel_display_power.c
index 589af257edeb..3bb113b42cfa 100644
--- a/drivers/gpu/drm/i915/display/intel_display_power.c
+++ b/drivers/gpu/drm/i915/display/intel_display_power.c
@@ -2427,7 +2427,7 @@ intel_display_power_ddi_io_domain(struct drm_i915_private *i915, enum port port)
{
const struct intel_ddi_port_domains *domains = intel_port_domains_for_port(i915, port);
- if (drm_WARN_ON(&i915->drm, !domains) || domains->ddi_io == POWER_DOMAIN_INVALID)
+ if (drm_WARN_ON(&i915->drm, !domains || domains->ddi_io == POWER_DOMAIN_INVALID))
return POWER_DOMAIN_PORT_DDI_IO_A;
return domains->ddi_io + (int)(port - domains->port_start);
@@ -2438,7 +2438,7 @@ intel_display_power_ddi_lanes_domain(struct drm_i915_private *i915, enum port po
{
const struct intel_ddi_port_domains *domains = intel_port_domains_for_port(i915, port);
- if (drm_WARN_ON(&i915->drm, !domains) || domains->ddi_lanes == POWER_DOMAIN_INVALID)
+ if (drm_WARN_ON(&i915->drm, !domains || domains->ddi_lanes == POWER_DOMAIN_INVALID))
return POWER_DOMAIN_PORT_DDI_LANES_A;
return domains->ddi_lanes + (int)(port - domains->port_start);
@@ -2464,7 +2464,7 @@ intel_display_power_legacy_aux_domain(struct drm_i915_private *i915, enum aux_ch
{
const struct intel_ddi_port_domains *domains = intel_port_domains_for_aux_ch(i915, aux_ch);
- if (drm_WARN_ON(&i915->drm, !domains) || domains->aux_legacy_usbc == POWER_DOMAIN_INVALID)
+ if (drm_WARN_ON(&i915->drm, !domains || domains->aux_legacy_usbc == POWER_DOMAIN_INVALID))
return POWER_DOMAIN_AUX_A;
return domains->aux_legacy_usbc + (int)(aux_ch - domains->aux_ch_start);
@@ -2475,7 +2475,7 @@ intel_display_power_tbt_aux_domain(struct drm_i915_private *i915, enum aux_ch au
{
const struct intel_ddi_port_domains *domains = intel_port_domains_for_aux_ch(i915, aux_ch);
- if (drm_WARN_ON(&i915->drm, !domains) || domains->aux_tbt == POWER_DOMAIN_INVALID)
+ if (drm_WARN_ON(&i915->drm, !domains || domains->aux_tbt == POWER_DOMAIN_INVALID))
return POWER_DOMAIN_AUX_TBT1;
return domains->aux_tbt + (int)(aux_ch - domains->aux_ch_start);
--
2.35.1
^ permalink raw reply related [flat|nested] 305+ messages in thread
* [PATCH 6.0 101/289] Drivers: hv: vmbus: fix double free in the error path of vmbus_add_channel_work()
2022-11-30 18:19 [PATCH 6.0 000/289] 6.0.11-rc1 review Greg Kroah-Hartman
` (99 preceding siblings ...)
2022-11-30 18:21 ` [PATCH 6.0 100/289] drm/i915: Fix warn in intel_display_power_*_domain() functions Greg Kroah-Hartman
@ 2022-11-30 18:21 ` Greg Kroah-Hartman
2022-11-30 18:21 ` [PATCH 6.0 102/289] Drivers: hv: vmbus: fix possible memory leak in vmbus_device_register() Greg Kroah-Hartman
` (197 subsequent siblings)
298 siblings, 0 replies; 305+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-30 18:21 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Michael Kelley, Yang Yingliang,
Wei Liu, Sasha Levin
From: Yang Yingliang <yangyingliang@huawei.com>
[ Upstream commit f92a4b50f0bd7fd52391dc4bb9a309085d278f91 ]
In the error path of vmbus_device_register(), device_unregister()
is called, which calls vmbus_device_release(). The latter frees
the struct hv_device that was passed in to vmbus_device_register().
So remove the kfree() in vmbus_add_channel_work() to avoid a double
free.
Fixes: c2e5df616e1a ("vmbus: add per-channel sysfs info")
Suggested-by: Michael Kelley <mikelley@microsoft.com>
Signed-off-by: Yang Yingliang <yangyingliang@huawei.com>
Reviewed-by: Michael Kelley <mikelley@microsoft.com>
Link: https://lore.kernel.org/r/20221119081135.1564691-2-yangyingliang@huawei.com
Signed-off-by: Wei Liu <wei.liu@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/hv/channel_mgmt.c | 6 +++++-
1 file changed, 5 insertions(+), 1 deletion(-)
diff --git a/drivers/hv/channel_mgmt.c b/drivers/hv/channel_mgmt.c
index 5b120402d405..cc23b90cae02 100644
--- a/drivers/hv/channel_mgmt.c
+++ b/drivers/hv/channel_mgmt.c
@@ -533,13 +533,17 @@ static void vmbus_add_channel_work(struct work_struct *work)
* Add the new device to the bus. This will kick off device-driver
* binding which eventually invokes the device driver's AddDevice()
* method.
+ *
+ * If vmbus_device_register() fails, the 'device_obj' is freed in
+ * vmbus_device_release() as called by device_unregister() in the
+ * error path of vmbus_device_register(). In the outside error
+ * path, there's no need to free it.
*/
ret = vmbus_device_register(newchannel->device_obj);
if (ret != 0) {
pr_err("unable to add child device object (relid %d)\n",
newchannel->offermsg.child_relid);
- kfree(newchannel->device_obj);
goto err_deq_chan;
}
--
2.35.1
^ permalink raw reply related [flat|nested] 305+ messages in thread
* [PATCH 6.0 102/289] Drivers: hv: vmbus: fix possible memory leak in vmbus_device_register()
2022-11-30 18:19 [PATCH 6.0 000/289] 6.0.11-rc1 review Greg Kroah-Hartman
` (100 preceding siblings ...)
2022-11-30 18:21 ` [PATCH 6.0 101/289] Drivers: hv: vmbus: fix double free in the error path of vmbus_add_channel_work() Greg Kroah-Hartman
@ 2022-11-30 18:21 ` Greg Kroah-Hartman
2022-11-30 18:21 ` [PATCH 6.0 103/289] netfilter: ipset: regression in ip_set_hash_ip.c Greg Kroah-Hartman
` (196 subsequent siblings)
298 siblings, 0 replies; 305+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-30 18:21 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Yang Yingliang, Michael Kelley,
Wei Liu, Sasha Levin
From: Yang Yingliang <yangyingliang@huawei.com>
[ Upstream commit 25c94b051592c010abe92c85b0485f1faedc83f3 ]
If device_register() returns error in vmbus_device_register(),
the name allocated by dev_set_name() must be freed. As comment
of device_register() says, it should use put_device() to give
up the reference in the error path. So fix this by calling
put_device(), then the name can be freed in kobject_cleanup().
Fixes: 09d50ff8a233 ("Staging: hv: make the Hyper-V virtual bus code build")
Signed-off-by: Yang Yingliang <yangyingliang@huawei.com>
Reviewed-by: Michael Kelley <mikelley@microsoft.com>
Link: https://lore.kernel.org/r/20221119081135.1564691-3-yangyingliang@huawei.com
Signed-off-by: Wei Liu <wei.liu@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/hv/vmbus_drv.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/drivers/hv/vmbus_drv.c b/drivers/hv/vmbus_drv.c
index 3c833ea60db6..939ccf921e71 100644
--- a/drivers/hv/vmbus_drv.c
+++ b/drivers/hv/vmbus_drv.c
@@ -2083,6 +2083,7 @@ int vmbus_device_register(struct hv_device *child_device_obj)
ret = device_register(&child_device_obj->device);
if (ret) {
pr_err("Unable to register child device\n");
+ put_device(&child_device_obj->device);
return ret;
}
--
2.35.1
^ permalink raw reply related [flat|nested] 305+ messages in thread
* [PATCH 6.0 103/289] netfilter: ipset: regression in ip_set_hash_ip.c
2022-11-30 18:19 [PATCH 6.0 000/289] 6.0.11-rc1 review Greg Kroah-Hartman
` (101 preceding siblings ...)
2022-11-30 18:21 ` [PATCH 6.0 102/289] Drivers: hv: vmbus: fix possible memory leak in vmbus_device_register() Greg Kroah-Hartman
@ 2022-11-30 18:21 ` Greg Kroah-Hartman
2022-11-30 18:21 ` [PATCH 6.0 104/289] net/mlx5: Do not query pci info while pci disabled Greg Kroah-Hartman
` (195 subsequent siblings)
298 siblings, 0 replies; 305+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-30 18:21 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Joshua Hunt, Vishwanath Pai,
Pablo Neira Ayuso, Sasha Levin
From: Vishwanath Pai <vpai@akamai.com>
[ Upstream commit c7aa1a76d4a0a3c401025b60c401412bbb60f8c6 ]
This patch introduced a regression: commit 48596a8ddc46 ("netfilter:
ipset: Fix adding an IPv4 range containing more than 2^31 addresses")
The variable e.ip is passed to adtfn() function which finally adds the
ip address to the set. The patch above refactored the for loop and moved
e.ip = htonl(ip) to the end of the for loop.
What this means is that if the value of "ip" changes between the first
assignement of e.ip and the forloop, then e.ip is pointing to a
different ip address than "ip".
Test case:
$ ipset create jdtest_tmp hash:ip family inet hashsize 2048 maxelem 100000
$ ipset add jdtest_tmp 10.0.1.1/31
ipset v6.21.1: Element cannot be added to the set: it's already added
The value of ip gets updated inside the "else if (tb[IPSET_ATTR_CIDR])"
block but e.ip is still pointing to the old value.
Fixes: 48596a8ddc46 ("netfilter: ipset: Fix adding an IPv4 range containing more than 2^31 addresses")
Reviewed-by: Joshua Hunt <johunt@akamai.com>
Signed-off-by: Vishwanath Pai <vpai@akamai.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
net/netfilter/ipset/ip_set_hash_ip.c | 8 +++-----
1 file changed, 3 insertions(+), 5 deletions(-)
diff --git a/net/netfilter/ipset/ip_set_hash_ip.c b/net/netfilter/ipset/ip_set_hash_ip.c
index dd30c03d5a23..75d556d71652 100644
--- a/net/netfilter/ipset/ip_set_hash_ip.c
+++ b/net/netfilter/ipset/ip_set_hash_ip.c
@@ -151,18 +151,16 @@ hash_ip4_uadt(struct ip_set *set, struct nlattr *tb[],
if (((u64)ip_to - ip + 1) >> (32 - h->netmask) > IPSET_MAX_RANGE)
return -ERANGE;
- if (retried) {
+ if (retried)
ip = ntohl(h->next.ip);
- e.ip = htonl(ip);
- }
for (; ip <= ip_to;) {
+ e.ip = htonl(ip);
ret = adtfn(set, &e, &ext, &ext, flags);
if (ret && !ip_set_eexist(ret, flags))
return ret;
ip += hosts;
- e.ip = htonl(ip);
- if (e.ip == 0)
+ if (ip == 0)
return 0;
ret = 0;
--
2.35.1
^ permalink raw reply related [flat|nested] 305+ messages in thread
* [PATCH 6.0 104/289] net/mlx5: Do not query pci info while pci disabled
2022-11-30 18:19 [PATCH 6.0 000/289] 6.0.11-rc1 review Greg Kroah-Hartman
` (102 preceding siblings ...)
2022-11-30 18:21 ` [PATCH 6.0 103/289] netfilter: ipset: regression in ip_set_hash_ip.c Greg Kroah-Hartman
@ 2022-11-30 18:21 ` Greg Kroah-Hartman
2022-11-30 18:21 ` [PATCH 6.0 105/289] net/mlx5: Fix FW tracer timestamp calculation Greg Kroah-Hartman
` (194 subsequent siblings)
298 siblings, 0 replies; 305+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-30 18:21 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Roy Novich, Moshe Shemesh,
Aya Levin, Saeed Mahameed, Sasha Levin
From: Roy Novich <royno@nvidia.com>
[ Upstream commit 394164f9d5a3020a7fd719d228386d48d544ec67 ]
The driver should not interact with PCI while PCI is disabled. Trying to
do so may result in being unable to get vital signs during PCI reset,
driver gets timed out and fails to recover.
Fixes: fad1783a6d66 ("net/mlx5: Print more info on pci error handlers")
Signed-off-by: Roy Novich <royno@nvidia.com>
Reviewed-by: Moshe Shemesh <moshe@nvidia.com>
Reviewed-by: Aya Levin <ayal@nvidia.com>
Signed-off-by: Saeed Mahameed <saeedm@nvidia.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/ethernet/mellanox/mlx5/core/main.c | 9 ++++++---
1 file changed, 6 insertions(+), 3 deletions(-)
diff --git a/drivers/net/ethernet/mellanox/mlx5/core/main.c b/drivers/net/ethernet/mellanox/mlx5/core/main.c
index e5e32430b6af..ac178796e484 100644
--- a/drivers/net/ethernet/mellanox/mlx5/core/main.c
+++ b/drivers/net/ethernet/mellanox/mlx5/core/main.c
@@ -1759,7 +1759,8 @@ static pci_ers_result_t mlx5_pci_err_detected(struct pci_dev *pdev,
res = state == pci_channel_io_perm_failure ?
PCI_ERS_RESULT_DISCONNECT : PCI_ERS_RESULT_NEED_RESET;
- mlx5_pci_trace(dev, "Exit, result = %d, %s\n", res, result2str(res));
+ mlx5_core_info(dev, "%s Device state = %d pci_status: %d. Exit, result = %d, %s\n",
+ __func__, dev->state, dev->pci_status, res, result2str(res));
return res;
}
@@ -1798,7 +1799,8 @@ static pci_ers_result_t mlx5_pci_slot_reset(struct pci_dev *pdev)
struct mlx5_core_dev *dev = pci_get_drvdata(pdev);
int err;
- mlx5_pci_trace(dev, "Enter\n");
+ mlx5_core_info(dev, "%s Device state = %d pci_status: %d. Enter\n",
+ __func__, dev->state, dev->pci_status);
err = mlx5_pci_enable_device(dev);
if (err) {
@@ -1820,7 +1822,8 @@ static pci_ers_result_t mlx5_pci_slot_reset(struct pci_dev *pdev)
res = PCI_ERS_RESULT_RECOVERED;
out:
- mlx5_pci_trace(dev, "Exit, err = %d, result = %d, %s\n", err, res, result2str(res));
+ mlx5_core_info(dev, "%s Device state = %d pci_status: %d. Exit, err = %d, result = %d, %s\n",
+ __func__, dev->state, dev->pci_status, err, res, result2str(res));
return res;
}
--
2.35.1
^ permalink raw reply related [flat|nested] 305+ messages in thread
* [PATCH 6.0 105/289] net/mlx5: Fix FW tracer timestamp calculation
2022-11-30 18:19 [PATCH 6.0 000/289] 6.0.11-rc1 review Greg Kroah-Hartman
` (103 preceding siblings ...)
2022-11-30 18:21 ` [PATCH 6.0 104/289] net/mlx5: Do not query pci info while pci disabled Greg Kroah-Hartman
@ 2022-11-30 18:21 ` Greg Kroah-Hartman
2022-11-30 18:21 ` [PATCH 6.0 106/289] net/mlx5: SF: Fix probing active SFs during driver probe phase Greg Kroah-Hartman
` (193 subsequent siblings)
298 siblings, 0 replies; 305+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-30 18:21 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Moshe Shemesh, Feras Daoud,
Saeed Mahameed, Sasha Levin
From: Moshe Shemesh <moshe@nvidia.com>
[ Upstream commit 61db3d7b99a367416e489ccf764cc5f9b00d62a1 ]
Fix a bug in calculation of FW tracer timestamp. Decreasing one in the
calculation should effect only bits 52_7 and not effect bits 6_0 of the
timestamp, otherwise bits 6_0 are always set in this calculation.
Fixes: 70dd6fdb8987 ("net/mlx5: FW tracer, parse traces and kernel tracing support")
Signed-off-by: Moshe Shemesh <moshe@nvidia.com>
Reviewed-by: Feras Daoud <ferasda@nvidia.com>
Signed-off-by: Saeed Mahameed <saeedm@nvidia.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/ethernet/mellanox/mlx5/core/diag/fw_tracer.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/net/ethernet/mellanox/mlx5/core/diag/fw_tracer.c b/drivers/net/ethernet/mellanox/mlx5/core/diag/fw_tracer.c
index 978a2bb8e122..21831386b26e 100644
--- a/drivers/net/ethernet/mellanox/mlx5/core/diag/fw_tracer.c
+++ b/drivers/net/ethernet/mellanox/mlx5/core/diag/fw_tracer.c
@@ -638,7 +638,7 @@ static void mlx5_tracer_handle_timestamp_trace(struct mlx5_fw_tracer *tracer,
trace_timestamp = (timestamp_event.timestamp & MASK_52_7) |
(str_frmt->timestamp & MASK_6_0);
else
- trace_timestamp = ((timestamp_event.timestamp & MASK_52_7) - 1) |
+ trace_timestamp = ((timestamp_event.timestamp - 1) & MASK_52_7) |
(str_frmt->timestamp & MASK_6_0);
mlx5_tracer_print_trace(str_frmt, dev, trace_timestamp);
--
2.35.1
^ permalink raw reply related [flat|nested] 305+ messages in thread
* [PATCH 6.0 106/289] net/mlx5: SF: Fix probing active SFs during driver probe phase
2022-11-30 18:19 [PATCH 6.0 000/289] 6.0.11-rc1 review Greg Kroah-Hartman
` (104 preceding siblings ...)
2022-11-30 18:21 ` [PATCH 6.0 105/289] net/mlx5: Fix FW tracer timestamp calculation Greg Kroah-Hartman
@ 2022-11-30 18:21 ` Greg Kroah-Hartman
2022-11-30 18:21 ` [PATCH 6.0 107/289] net/mlx5: cmdif, Print info on any firmware cmd failure to tracepoint Greg Kroah-Hartman
` (192 subsequent siblings)
298 siblings, 0 replies; 305+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-30 18:21 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Shay Drory, Parav Pandit,
Saeed Mahameed, Sasha Levin
From: Shay Drory <shayd@nvidia.com>
[ Upstream commit 4f57332d6a551185ba729617f04455e83fbe4e41 ]
When SF devices and SF port representors are located on different
functions, unloading and reloading of SF parent driver doesn't recreate
the existing SF present in the device.
Fix it by querying SFs and probe active SFs during driver probe phase.
Fixes: 90d010b8634b ("net/mlx5: SF, Add auxiliary device support")
Signed-off-by: Shay Drory <shayd@nvidia.com>
Reviewed-by: Parav Pandit <parav@nvidia.com>
Signed-off-by: Saeed Mahameed <saeedm@nvidia.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
.../ethernet/mellanox/mlx5/core/sf/dev/dev.c | 88 +++++++++++++++++++
1 file changed, 88 insertions(+)
diff --git a/drivers/net/ethernet/mellanox/mlx5/core/sf/dev/dev.c b/drivers/net/ethernet/mellanox/mlx5/core/sf/dev/dev.c
index 7da012ff0d41..8e2abbab05f0 100644
--- a/drivers/net/ethernet/mellanox/mlx5/core/sf/dev/dev.c
+++ b/drivers/net/ethernet/mellanox/mlx5/core/sf/dev/dev.c
@@ -18,6 +18,10 @@ struct mlx5_sf_dev_table {
phys_addr_t base_address;
u64 sf_bar_length;
struct notifier_block nb;
+ struct mutex table_lock; /* Serializes sf life cycle and vhca state change handler */
+ struct workqueue_struct *active_wq;
+ struct work_struct work;
+ u8 stop_active_wq:1;
struct mlx5_core_dev *dev;
};
@@ -168,6 +172,7 @@ mlx5_sf_dev_state_change_handler(struct notifier_block *nb, unsigned long event_
return 0;
sf_index = event->function_id - base_id;
+ mutex_lock(&table->table_lock);
sf_dev = xa_load(&table->devices, sf_index);
switch (event->new_vhca_state) {
case MLX5_VHCA_STATE_INVALID:
@@ -191,6 +196,7 @@ mlx5_sf_dev_state_change_handler(struct notifier_block *nb, unsigned long event_
default:
break;
}
+ mutex_unlock(&table->table_lock);
return 0;
}
@@ -215,6 +221,78 @@ static int mlx5_sf_dev_vhca_arm_all(struct mlx5_sf_dev_table *table)
return 0;
}
+static void mlx5_sf_dev_add_active_work(struct work_struct *work)
+{
+ struct mlx5_sf_dev_table *table = container_of(work, struct mlx5_sf_dev_table, work);
+ u32 out[MLX5_ST_SZ_DW(query_vhca_state_out)] = {};
+ struct mlx5_core_dev *dev = table->dev;
+ u16 max_functions;
+ u16 function_id;
+ u16 sw_func_id;
+ int err = 0;
+ u8 state;
+ int i;
+
+ max_functions = mlx5_sf_max_functions(dev);
+ function_id = MLX5_CAP_GEN(dev, sf_base_id);
+ for (i = 0; i < max_functions; i++, function_id++) {
+ if (table->stop_active_wq)
+ return;
+ err = mlx5_cmd_query_vhca_state(dev, function_id, out, sizeof(out));
+ if (err)
+ /* A failure of specific vhca doesn't mean others will
+ * fail as well.
+ */
+ continue;
+ state = MLX5_GET(query_vhca_state_out, out, vhca_state_context.vhca_state);
+ if (state != MLX5_VHCA_STATE_ACTIVE)
+ continue;
+
+ sw_func_id = MLX5_GET(query_vhca_state_out, out, vhca_state_context.sw_function_id);
+ mutex_lock(&table->table_lock);
+ /* Don't probe device which is already probe */
+ if (!xa_load(&table->devices, i))
+ mlx5_sf_dev_add(dev, i, function_id, sw_func_id);
+ /* There is a race where SF got inactive after the query
+ * above. e.g.: the query returns that the state of the
+ * SF is active, and after that the eswitch manager set it to
+ * inactive.
+ * This case cannot be managed in SW, since the probing of the
+ * SF is on one system, and the inactivation is on a different
+ * system.
+ * If the inactive is done after the SF perform init_hca(),
+ * the SF will fully probe and then removed. If it was
+ * done before init_hca(), the SF probe will fail.
+ */
+ mutex_unlock(&table->table_lock);
+ }
+}
+
+/* In case SFs are generated externally, probe active SFs */
+static int mlx5_sf_dev_queue_active_work(struct mlx5_sf_dev_table *table)
+{
+ if (MLX5_CAP_GEN(table->dev, eswitch_manager))
+ return 0; /* the table is local */
+
+ /* Use a workqueue to probe active SFs, which are in large
+ * quantity and may take up to minutes to probe.
+ */
+ table->active_wq = create_singlethread_workqueue("mlx5_active_sf");
+ if (!table->active_wq)
+ return -ENOMEM;
+ INIT_WORK(&table->work, &mlx5_sf_dev_add_active_work);
+ queue_work(table->active_wq, &table->work);
+ return 0;
+}
+
+static void mlx5_sf_dev_destroy_active_work(struct mlx5_sf_dev_table *table)
+{
+ if (table->active_wq) {
+ table->stop_active_wq = true;
+ destroy_workqueue(table->active_wq);
+ }
+}
+
void mlx5_sf_dev_table_create(struct mlx5_core_dev *dev)
{
struct mlx5_sf_dev_table *table;
@@ -240,11 +318,17 @@ void mlx5_sf_dev_table_create(struct mlx5_core_dev *dev)
table->base_address = pci_resource_start(dev->pdev, 2);
table->max_sfs = max_sfs;
xa_init(&table->devices);
+ mutex_init(&table->table_lock);
dev->priv.sf_dev_table = table;
err = mlx5_vhca_event_notifier_register(dev, &table->nb);
if (err)
goto vhca_err;
+
+ err = mlx5_sf_dev_queue_active_work(table);
+ if (err)
+ goto add_active_err;
+
err = mlx5_sf_dev_vhca_arm_all(table);
if (err)
goto arm_err;
@@ -252,6 +336,8 @@ void mlx5_sf_dev_table_create(struct mlx5_core_dev *dev)
return;
arm_err:
+ mlx5_sf_dev_destroy_active_work(table);
+add_active_err:
mlx5_vhca_event_notifier_unregister(dev, &table->nb);
vhca_err:
table->max_sfs = 0;
@@ -279,7 +365,9 @@ void mlx5_sf_dev_table_destroy(struct mlx5_core_dev *dev)
if (!table)
return;
+ mlx5_sf_dev_destroy_active_work(table);
mlx5_vhca_event_notifier_unregister(dev, &table->nb);
+ mutex_destroy(&table->table_lock);
/* Now that event handler is not running, it is safe to destroy
* the sf device without race.
--
2.35.1
^ permalink raw reply related [flat|nested] 305+ messages in thread
* [PATCH 6.0 107/289] net/mlx5: cmdif, Print info on any firmware cmd failure to tracepoint
2022-11-30 18:19 [PATCH 6.0 000/289] 6.0.11-rc1 review Greg Kroah-Hartman
` (105 preceding siblings ...)
2022-11-30 18:21 ` [PATCH 6.0 106/289] net/mlx5: SF: Fix probing active SFs during driver probe phase Greg Kroah-Hartman
@ 2022-11-30 18:21 ` Greg Kroah-Hartman
2022-11-30 18:21 ` [PATCH 6.0 108/289] net/mlx5: Fix handling of entry refcount when command is not issued to FW Greg Kroah-Hartman
` (191 subsequent siblings)
298 siblings, 0 replies; 305+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-30 18:21 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Moshe Shemesh, Shay Drory,
Maor Gottlieb, Saeed Mahameed, Sasha Levin
From: Moshe Shemesh <moshe@nvidia.com>
[ Upstream commit 870c2481174b839e7159555127bc8b5a5d0699ba ]
While moving to new CMD API (quiet API), some pre-existing flows may call the new API
function that in case of error, returns the error instead of printing it as previously done.
For such flows we bring back the print but to tracepoint this time for sys admins to
have the ability to check for errors especially for commands using the new quiet API.
Tracepoint output example:
devlink-1333 [001] ..... 822.746922: mlx5_cmd: ACCESS_REG(0x805) op_mod(0x0) failed, status bad resource(0x5), syndrome (0xb06e1f), err(-22)
Fixes: f23519e542e5 ("net/mlx5: cmdif, Add new api for command execution")
Signed-off-by: Moshe Shemesh <moshe@nvidia.com>
Reviewed-by: Shay Drory <shayd@nvidia.com>
Reviewed-by: Maor Gottlieb <maorg@nvidia.com>
Signed-off-by: Saeed Mahameed <saeedm@nvidia.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/ethernet/mellanox/mlx5/core/cmd.c | 41 +++++++++--------
.../mellanox/mlx5/core/diag/cmd_tracepoint.h | 45 +++++++++++++++++++
include/linux/mlx5/driver.h | 1 +
3 files changed, 68 insertions(+), 19 deletions(-)
create mode 100644 drivers/net/ethernet/mellanox/mlx5/core/diag/cmd_tracepoint.h
diff --git a/drivers/net/ethernet/mellanox/mlx5/core/cmd.c b/drivers/net/ethernet/mellanox/mlx5/core/cmd.c
index 2e0d59ca62b5..df3e284ca5c6 100644
--- a/drivers/net/ethernet/mellanox/mlx5/core/cmd.c
+++ b/drivers/net/ethernet/mellanox/mlx5/core/cmd.c
@@ -45,6 +45,8 @@
#include "mlx5_core.h"
#include "lib/eq.h"
#include "lib/tout.h"
+#define CREATE_TRACE_POINTS
+#include "diag/cmd_tracepoint.h"
enum {
CMD_IF_REV = 5,
@@ -785,27 +787,14 @@ EXPORT_SYMBOL(mlx5_cmd_out_err);
static void cmd_status_print(struct mlx5_core_dev *dev, void *in, void *out)
{
u16 opcode, op_mod;
- u32 syndrome;
- u8 status;
u16 uid;
- int err;
-
- syndrome = MLX5_GET(mbox_out, out, syndrome);
- status = MLX5_GET(mbox_out, out, status);
opcode = MLX5_GET(mbox_in, in, opcode);
op_mod = MLX5_GET(mbox_in, in, op_mod);
uid = MLX5_GET(mbox_in, in, uid);
- err = cmd_status_to_err(status);
-
if (!uid && opcode != MLX5_CMD_OP_DESTROY_MKEY)
mlx5_cmd_out_err(dev, opcode, op_mod, out);
- else
- mlx5_core_dbg(dev,
- "%s(0x%x) op_mod(0x%x) uid(%d) failed, status %s(0x%x), syndrome (0x%x), err(%d)\n",
- mlx5_command_str(opcode), opcode, op_mod, uid,
- cmd_status_str(status), status, syndrome, err);
}
int mlx5_cmd_check(struct mlx5_core_dev *dev, int err, void *in, void *out)
@@ -1892,6 +1881,16 @@ static int cmd_exec(struct mlx5_core_dev *dev, void *in, int in_size, void *out,
return err;
}
+static void mlx5_cmd_err_trace(struct mlx5_core_dev *dev, u16 opcode, u16 op_mod, void *out)
+{
+ u32 syndrome = MLX5_GET(mbox_out, out, syndrome);
+ u8 status = MLX5_GET(mbox_out, out, status);
+
+ trace_mlx5_cmd(mlx5_command_str(opcode), opcode, op_mod,
+ cmd_status_str(status), status, syndrome,
+ cmd_status_to_err(status));
+}
+
static void cmd_status_log(struct mlx5_core_dev *dev, u16 opcode, u8 status,
u32 syndrome, int err)
{
@@ -1914,7 +1913,7 @@ static void cmd_status_log(struct mlx5_core_dev *dev, u16 opcode, u8 status,
}
/* preserve -EREMOTEIO for outbox.status != OK, otherwise return err as is */
-static int cmd_status_err(struct mlx5_core_dev *dev, int err, u16 opcode, void *out)
+static int cmd_status_err(struct mlx5_core_dev *dev, int err, u16 opcode, u16 op_mod, void *out)
{
u32 syndrome = MLX5_GET(mbox_out, out, syndrome);
u8 status = MLX5_GET(mbox_out, out, status);
@@ -1922,8 +1921,10 @@ static int cmd_status_err(struct mlx5_core_dev *dev, int err, u16 opcode, void *
if (err == -EREMOTEIO) /* -EREMOTEIO is preserved */
err = -EIO;
- if (!err && status != MLX5_CMD_STAT_OK)
+ if (!err && status != MLX5_CMD_STAT_OK) {
err = -EREMOTEIO;
+ mlx5_cmd_err_trace(dev, opcode, op_mod, out);
+ }
cmd_status_log(dev, opcode, status, syndrome, err);
return err;
@@ -1951,9 +1952,9 @@ int mlx5_cmd_do(struct mlx5_core_dev *dev, void *in, int in_size, void *out, int
{
int err = cmd_exec(dev, in, in_size, out, out_size, NULL, NULL, false);
u16 opcode = MLX5_GET(mbox_in, in, opcode);
+ u16 op_mod = MLX5_GET(mbox_in, in, op_mod);
- err = cmd_status_err(dev, err, opcode, out);
- return err;
+ return cmd_status_err(dev, err, opcode, op_mod, out);
}
EXPORT_SYMBOL(mlx5_cmd_do);
@@ -1997,8 +1998,9 @@ int mlx5_cmd_exec_polling(struct mlx5_core_dev *dev, void *in, int in_size,
{
int err = cmd_exec(dev, in, in_size, out, out_size, NULL, NULL, true);
u16 opcode = MLX5_GET(mbox_in, in, opcode);
+ u16 op_mod = MLX5_GET(mbox_in, in, op_mod);
- err = cmd_status_err(dev, err, opcode, out);
+ err = cmd_status_err(dev, err, opcode, op_mod, out);
return mlx5_cmd_check(dev, err, in, out);
}
EXPORT_SYMBOL(mlx5_cmd_exec_polling);
@@ -2034,7 +2036,7 @@ static void mlx5_cmd_exec_cb_handler(int status, void *_work)
struct mlx5_async_ctx *ctx;
ctx = work->ctx;
- status = cmd_status_err(ctx->dev, status, work->opcode, work->out);
+ status = cmd_status_err(ctx->dev, status, work->opcode, work->op_mod, work->out);
work->user_callback(status, work);
if (atomic_dec_and_test(&ctx->num_inflight))
complete(&ctx->inflight_done);
@@ -2049,6 +2051,7 @@ int mlx5_cmd_exec_cb(struct mlx5_async_ctx *ctx, void *in, int in_size,
work->ctx = ctx;
work->user_callback = callback;
work->opcode = MLX5_GET(mbox_in, in, opcode);
+ work->op_mod = MLX5_GET(mbox_in, in, op_mod);
work->out = out;
if (WARN_ON(!atomic_inc_not_zero(&ctx->num_inflight)))
return -EIO;
diff --git a/drivers/net/ethernet/mellanox/mlx5/core/diag/cmd_tracepoint.h b/drivers/net/ethernet/mellanox/mlx5/core/diag/cmd_tracepoint.h
new file mode 100644
index 000000000000..406ebe17405f
--- /dev/null
+++ b/drivers/net/ethernet/mellanox/mlx5/core/diag/cmd_tracepoint.h
@@ -0,0 +1,45 @@
+/* SPDX-License-Identifier: GPL-2.0 OR Linux-OpenIB */
+/* Copyright (c) 2022, NVIDIA CORPORATION & AFFILIATES. All rights reserved. */
+
+#undef TRACE_SYSTEM
+#define TRACE_SYSTEM mlx5
+
+#if !defined(_MLX5_CMD_TP_H_) || defined(TRACE_HEADER_MULTI_READ)
+#define _MLX5_CMD_TP_H_
+
+#include <linux/tracepoint.h>
+#include <linux/trace_seq.h>
+
+TRACE_EVENT(mlx5_cmd,
+ TP_PROTO(const char *command_str, u16 opcode, u16 op_mod,
+ const char *status_str, u8 status, u32 syndrome, int err),
+ TP_ARGS(command_str, opcode, op_mod, status_str, status, syndrome, err),
+ TP_STRUCT__entry(__string(command_str, command_str)
+ __field(u16, opcode)
+ __field(u16, op_mod)
+ __string(status_str, status_str)
+ __field(u8, status)
+ __field(u32, syndrome)
+ __field(int, err)
+ ),
+ TP_fast_assign(__assign_str(command_str, command_str);
+ __entry->opcode = opcode;
+ __entry->op_mod = op_mod;
+ __assign_str(status_str, status_str);
+ __entry->status = status;
+ __entry->syndrome = syndrome;
+ __entry->err = err;
+ ),
+ TP_printk("%s(0x%x) op_mod(0x%x) failed, status %s(0x%x), syndrome (0x%x), err(%d)",
+ __get_str(command_str), __entry->opcode, __entry->op_mod,
+ __get_str(status_str), __entry->status, __entry->syndrome,
+ __entry->err)
+);
+
+#endif /* _MLX5_CMD_TP_H_ */
+
+#undef TRACE_INCLUDE_PATH
+#define TRACE_INCLUDE_PATH ./diag
+#undef TRACE_INCLUDE_FILE
+#define TRACE_INCLUDE_FILE cmd_tracepoint
+#include <trace/define_trace.h>
diff --git a/include/linux/mlx5/driver.h b/include/linux/mlx5/driver.h
index 454dab40baf6..2d56cfe0911d 100644
--- a/include/linux/mlx5/driver.h
+++ b/include/linux/mlx5/driver.h
@@ -984,6 +984,7 @@ struct mlx5_async_work {
struct mlx5_async_ctx *ctx;
mlx5_async_cbk_t user_callback;
u16 opcode; /* cmd opcode */
+ u16 op_mod; /* cmd op_mod */
void *out; /* pointer to the cmd output buffer */
};
--
2.35.1
^ permalink raw reply related [flat|nested] 305+ messages in thread
* [PATCH 6.0 108/289] net/mlx5: Fix handling of entry refcount when command is not issued to FW
2022-11-30 18:19 [PATCH 6.0 000/289] 6.0.11-rc1 review Greg Kroah-Hartman
` (106 preceding siblings ...)
2022-11-30 18:21 ` [PATCH 6.0 107/289] net/mlx5: cmdif, Print info on any firmware cmd failure to tracepoint Greg Kroah-Hartman
@ 2022-11-30 18:21 ` Greg Kroah-Hartman
2022-11-30 18:21 ` [PATCH 6.0 109/289] net/mlx5: E-Switch, Set correctly vport destination Greg Kroah-Hartman
` (190 subsequent siblings)
298 siblings, 0 replies; 305+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-30 18:21 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Eran Ben Elisha, Moshe Shemesh,
Jack Wang, Saeed Mahameed, Sasha Levin
From: Moshe Shemesh <moshe@nvidia.com>
[ Upstream commit aaf2e65cac7f2e1ae729c2fbc849091df9699f96 ]
In case command interface is down, or the command is not allowed, driver
did not increment the entry refcount, but might have decrement as part
of forced completion handling.
Fix that by always increment and decrement the refcount to make it
symmetric for all flows.
Fixes: 50b2412b7e78 ("net/mlx5: Avoid possible free of command entry while timeout comp handler")
Signed-off-by: Eran Ben Elisha <eranbe@nvidia.com>
Signed-off-by: Moshe Shemesh <moshe@nvidia.com>
Reported-by: Jack Wang <jinpu.wang@ionos.com>
Tested-by: Jack Wang <jinpu.wang@ionos.com>
Signed-off-by: Saeed Mahameed <saeedm@nvidia.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/ethernet/mellanox/mlx5/core/cmd.c | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/drivers/net/ethernet/mellanox/mlx5/core/cmd.c b/drivers/net/ethernet/mellanox/mlx5/core/cmd.c
index df3e284ca5c6..74bd05e5dda2 100644
--- a/drivers/net/ethernet/mellanox/mlx5/core/cmd.c
+++ b/drivers/net/ethernet/mellanox/mlx5/core/cmd.c
@@ -1005,6 +1005,7 @@ static void cmd_work_handler(struct work_struct *work)
cmd_ent_get(ent);
set_bit(MLX5_CMD_ENT_STATE_PENDING_COMP, &ent->state);
+ cmd_ent_get(ent); /* for the _real_ FW event on completion */
/* Skip sending command to fw if internal error */
if (mlx5_cmd_is_down(dev) || !opcode_allowed(&dev->cmd, ent->op)) {
ent->ret = -ENXIO;
@@ -1012,7 +1013,6 @@ static void cmd_work_handler(struct work_struct *work)
return;
}
- cmd_ent_get(ent); /* for the _real_ FW event on completion */
/* ring doorbell after the descriptor is valid */
mlx5_core_dbg(dev, "writing 0x%x to command doorbell\n", 1 << ent->idx);
wmb();
@@ -1661,8 +1661,8 @@ static void mlx5_cmd_comp_handler(struct mlx5_core_dev *dev, u64 vec, bool force
cmd_ent_put(ent); /* timeout work was canceled */
if (!forced || /* Real FW completion */
- pci_channel_offline(dev->pdev) || /* FW is inaccessible */
- dev->state == MLX5_DEVICE_STATE_INTERNAL_ERROR)
+ mlx5_cmd_is_down(dev) || /* No real FW completion is expected */
+ !opcode_allowed(cmd, ent->op))
cmd_ent_put(ent);
ent->ts2 = ktime_get_ns();
--
2.35.1
^ permalink raw reply related [flat|nested] 305+ messages in thread
* [PATCH 6.0 109/289] net/mlx5: E-Switch, Set correctly vport destination
2022-11-30 18:19 [PATCH 6.0 000/289] 6.0.11-rc1 review Greg Kroah-Hartman
` (107 preceding siblings ...)
2022-11-30 18:21 ` [PATCH 6.0 108/289] net/mlx5: Fix handling of entry refcount when command is not issued to FW Greg Kroah-Hartman
@ 2022-11-30 18:21 ` Greg Kroah-Hartman
2022-11-30 18:21 ` [PATCH 6.0 110/289] net/mlx5: Fix sync reset event handler error flow Greg Kroah-Hartman
` (189 subsequent siblings)
298 siblings, 0 replies; 305+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-30 18:21 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Roi Dayan, Chris Mi, Saeed Mahameed,
Sasha Levin
From: Roi Dayan <roid@nvidia.com>
[ Upstream commit 6d942e40448931be9371f1ba8cb592778807ce18 ]
The cited commit moved from using reformat_id integer to packet_reformat
pointer which introduced the possibility to null pointer dereference.
When setting packet reformat flag and pkt_reformat pointer must
exists so checking MLX5_ESW_DEST_ENCAP is not enough, we need
to make sure the pkt_reformat is valid and check for MLX5_ESW_DEST_ENCAP_VALID.
If the dest encap valid flag does not exists then pkt_reformat can be
either invalid address or null.
Also, to make sure we don't try to access invalid pkt_reformat set it to
null when invalidated and invalidate it before calling add flow code as
its logically more correct and to be safe.
Fixes: 2b688ea5efde ("net/mlx5: Add flow steering actions to fs_cmd shim layer")
Signed-off-by: Roi Dayan <roid@nvidia.com>
Reviewed-by: Chris Mi <cmi@nvidia.com>
Signed-off-by: Saeed Mahameed <saeedm@nvidia.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
.../net/ethernet/mellanox/mlx5/core/en/tc_tun_encap.c | 10 ++++++----
.../net/ethernet/mellanox/mlx5/core/eswitch_offloads.c | 2 +-
2 files changed, 7 insertions(+), 5 deletions(-)
diff --git a/drivers/net/ethernet/mellanox/mlx5/core/en/tc_tun_encap.c b/drivers/net/ethernet/mellanox/mlx5/core/en/tc_tun_encap.c
index 5aff97914367..5b6a79d2034e 100644
--- a/drivers/net/ethernet/mellanox/mlx5/core/en/tc_tun_encap.c
+++ b/drivers/net/ethernet/mellanox/mlx5/core/en/tc_tun_encap.c
@@ -224,15 +224,16 @@ void mlx5e_tc_encap_flows_del(struct mlx5e_priv *priv,
list_for_each_entry(flow, flow_list, tmp_list) {
if (!mlx5e_is_offloaded_flow(flow) || flow_flag_test(flow, SLOW))
continue;
- spec = &flow->attr->parse_attr->spec;
-
- /* update from encap rule to slow path rule */
- rule = mlx5e_tc_offload_to_slow_path(esw, flow, spec);
attr = mlx5e_tc_get_encap_attr(flow);
esw_attr = attr->esw_attr;
/* mark the flow's encap dest as non-valid */
esw_attr->dests[flow->tmp_entry_index].flags &= ~MLX5_ESW_DEST_ENCAP_VALID;
+ esw_attr->dests[flow->tmp_entry_index].pkt_reformat = NULL;
+
+ /* update from encap rule to slow path rule */
+ spec = &flow->attr->parse_attr->spec;
+ rule = mlx5e_tc_offload_to_slow_path(esw, flow, spec);
if (IS_ERR(rule)) {
err = PTR_ERR(rule);
@@ -251,6 +252,7 @@ void mlx5e_tc_encap_flows_del(struct mlx5e_priv *priv,
/* we know that the encap is valid */
e->flags &= ~MLX5_ENCAP_ENTRY_VALID;
mlx5_packet_reformat_dealloc(priv->mdev, e->pkt_reformat);
+ e->pkt_reformat = NULL;
}
static void mlx5e_take_tmp_flow(struct mlx5e_tc_flow *flow,
diff --git a/drivers/net/ethernet/mellanox/mlx5/core/eswitch_offloads.c b/drivers/net/ethernet/mellanox/mlx5/core/eswitch_offloads.c
index 3c68cac4a9c2..061ac8799354 100644
--- a/drivers/net/ethernet/mellanox/mlx5/core/eswitch_offloads.c
+++ b/drivers/net/ethernet/mellanox/mlx5/core/eswitch_offloads.c
@@ -431,7 +431,7 @@ esw_setup_vport_dest(struct mlx5_flow_destination *dest, struct mlx5_flow_act *f
mlx5_lag_mpesw_is_activated(esw->dev))
dest[dest_idx].type = MLX5_FLOW_DESTINATION_TYPE_UPLINK;
}
- if (esw_attr->dests[attr_idx].flags & MLX5_ESW_DEST_ENCAP) {
+ if (esw_attr->dests[attr_idx].flags & MLX5_ESW_DEST_ENCAP_VALID) {
if (pkt_reformat) {
flow_act->action |= MLX5_FLOW_CONTEXT_ACTION_PACKET_REFORMAT;
flow_act->pkt_reformat = esw_attr->dests[attr_idx].pkt_reformat;
--
2.35.1
^ permalink raw reply related [flat|nested] 305+ messages in thread
* [PATCH 6.0 110/289] net/mlx5: Fix sync reset event handler error flow
2022-11-30 18:19 [PATCH 6.0 000/289] 6.0.11-rc1 review Greg Kroah-Hartman
` (108 preceding siblings ...)
2022-11-30 18:21 ` [PATCH 6.0 109/289] net/mlx5: E-Switch, Set correctly vport destination Greg Kroah-Hartman
@ 2022-11-30 18:21 ` Greg Kroah-Hartman
2022-11-30 18:21 ` [PATCH 6.0 111/289] net/mlx5e: Offload rule only when all encaps are valid Greg Kroah-Hartman
` (188 subsequent siblings)
298 siblings, 0 replies; 305+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-30 18:21 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Moshe Shemesh, Aya Levin,
Saeed Mahameed, Sasha Levin
From: Moshe Shemesh <moshe@nvidia.com>
[ Upstream commit e1ad07b9227f9cbaf4bd2b6ec00b84c303657593 ]
When sync reset now event handling fails on mlx5_pci_link_toggle() then
no reset was done. However, since mlx5_cmd_fast_teardown_hca() was
already done, the firmware function is closed and the driver is left
without firmware functionality.
Fix it by setting device error state and reopen the firmware resources.
Reopening is done by the thread that was called for devlink reload
fw_activate as it already holds the devlink lock.
Fixes: 5ec697446f46 ("net/mlx5: Add support for devlink reload action fw activate")
Signed-off-by: Moshe Shemesh <moshe@nvidia.com>
Reviewed-by: Aya Levin <ayal@nvidia.com>
Signed-off-by: Saeed Mahameed <saeedm@nvidia.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/ethernet/mellanox/mlx5/core/fw_reset.c | 9 +++++++--
1 file changed, 7 insertions(+), 2 deletions(-)
diff --git a/drivers/net/ethernet/mellanox/mlx5/core/fw_reset.c b/drivers/net/ethernet/mellanox/mlx5/core/fw_reset.c
index 9d908a0ccfef..1e46f9afa40e 100644
--- a/drivers/net/ethernet/mellanox/mlx5/core/fw_reset.c
+++ b/drivers/net/ethernet/mellanox/mlx5/core/fw_reset.c
@@ -9,7 +9,8 @@ enum {
MLX5_FW_RESET_FLAGS_RESET_REQUESTED,
MLX5_FW_RESET_FLAGS_NACK_RESET_REQUEST,
MLX5_FW_RESET_FLAGS_PENDING_COMP,
- MLX5_FW_RESET_FLAGS_DROP_NEW_REQUESTS
+ MLX5_FW_RESET_FLAGS_DROP_NEW_REQUESTS,
+ MLX5_FW_RESET_FLAGS_RELOAD_REQUIRED
};
struct mlx5_fw_reset {
@@ -406,7 +407,7 @@ static void mlx5_sync_reset_now_event(struct work_struct *work)
err = mlx5_pci_link_toggle(dev);
if (err) {
mlx5_core_warn(dev, "mlx5_pci_link_toggle failed, no reset done, err %d\n", err);
- goto done;
+ set_bit(MLX5_FW_RESET_FLAGS_RELOAD_REQUIRED, &fw_reset->reset_flags);
}
mlx5_enter_error_state(dev, true);
@@ -482,6 +483,10 @@ int mlx5_fw_reset_wait_reset_done(struct mlx5_core_dev *dev)
goto out;
}
err = fw_reset->ret;
+ if (test_and_clear_bit(MLX5_FW_RESET_FLAGS_RELOAD_REQUIRED, &fw_reset->reset_flags)) {
+ mlx5_unload_one_devl_locked(dev);
+ mlx5_load_one_devl_locked(dev, false);
+ }
out:
clear_bit(MLX5_FW_RESET_FLAGS_PENDING_COMP, &fw_reset->reset_flags);
return err;
--
2.35.1
^ permalink raw reply related [flat|nested] 305+ messages in thread
* [PATCH 6.0 111/289] net/mlx5e: Offload rule only when all encaps are valid
2022-11-30 18:19 [PATCH 6.0 000/289] 6.0.11-rc1 review Greg Kroah-Hartman
` (109 preceding siblings ...)
2022-11-30 18:21 ` [PATCH 6.0 110/289] net/mlx5: Fix sync reset event handler error flow Greg Kroah-Hartman
@ 2022-11-30 18:21 ` Greg Kroah-Hartman
2022-11-30 18:21 ` [PATCH 6.0 112/289] net: phy: at803x: fix error return code in at803x_probe() Greg Kroah-Hartman
` (187 subsequent siblings)
298 siblings, 0 replies; 305+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-30 18:21 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Chris Mi, Roi Dayan, Saeed Mahameed,
Sasha Levin
From: Chris Mi <cmi@nvidia.com>
[ Upstream commit f377422044b2093c835e5f3717f8c8c58da1db1f ]
The cited commit adds a for loop to support multiple encapsulations.
But it only checks if the last encap is valid.
Fix it by setting slow path flag when one of the encap is invalid.
Fixes: f493f15534ec ("net/mlx5e: Move flow attr reformat action bit to per dest flags")
Signed-off-by: Chris Mi <cmi@nvidia.com>
Reviewed-by: Roi Dayan <roid@nvidia.com>
Signed-off-by: Saeed Mahameed <saeedm@nvidia.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
.../mellanox/mlx5/core/en/tc_tun_encap.c | 6 ++----
.../mellanox/mlx5/core/en/tc_tun_encap.h | 3 +--
drivers/net/ethernet/mellanox/mlx5/core/en_tc.c | 17 ++++++-----------
3 files changed, 9 insertions(+), 17 deletions(-)
diff --git a/drivers/net/ethernet/mellanox/mlx5/core/en/tc_tun_encap.c b/drivers/net/ethernet/mellanox/mlx5/core/en/tc_tun_encap.c
index 5b6a79d2034e..ff73d25bc6eb 100644
--- a/drivers/net/ethernet/mellanox/mlx5/core/en/tc_tun_encap.c
+++ b/drivers/net/ethernet/mellanox/mlx5/core/en/tc_tun_encap.c
@@ -764,8 +764,7 @@ int mlx5e_attach_encap(struct mlx5e_priv *priv,
struct net_device *mirred_dev,
int out_index,
struct netlink_ext_ack *extack,
- struct net_device **encap_dev,
- bool *encap_valid)
+ struct net_device **encap_dev)
{
struct mlx5_eswitch *esw = priv->mdev->priv.eswitch;
struct mlx5e_tc_flow_parse_attr *parse_attr;
@@ -880,9 +879,8 @@ int mlx5e_attach_encap(struct mlx5e_priv *priv,
if (e->flags & MLX5_ENCAP_ENTRY_VALID) {
attr->esw_attr->dests[out_index].pkt_reformat = e->pkt_reformat;
attr->esw_attr->dests[out_index].flags |= MLX5_ESW_DEST_ENCAP_VALID;
- *encap_valid = true;
} else {
- *encap_valid = false;
+ flow_flag_set(flow, SLOW);
}
mutex_unlock(&esw->offloads.encap_tbl_lock);
diff --git a/drivers/net/ethernet/mellanox/mlx5/core/en/tc_tun_encap.h b/drivers/net/ethernet/mellanox/mlx5/core/en/tc_tun_encap.h
index d542b8476491..8ad273dde40e 100644
--- a/drivers/net/ethernet/mellanox/mlx5/core/en/tc_tun_encap.h
+++ b/drivers/net/ethernet/mellanox/mlx5/core/en/tc_tun_encap.h
@@ -17,8 +17,7 @@ int mlx5e_attach_encap(struct mlx5e_priv *priv,
struct net_device *mirred_dev,
int out_index,
struct netlink_ext_ack *extack,
- struct net_device **encap_dev,
- bool *encap_valid);
+ struct net_device **encap_dev);
int mlx5e_attach_decap(struct mlx5e_priv *priv,
struct mlx5e_tc_flow *flow,
diff --git a/drivers/net/ethernet/mellanox/mlx5/core/en_tc.c b/drivers/net/ethernet/mellanox/mlx5/core/en_tc.c
index 229c14b1af00..949ef560df78 100644
--- a/drivers/net/ethernet/mellanox/mlx5/core/en_tc.c
+++ b/drivers/net/ethernet/mellanox/mlx5/core/en_tc.c
@@ -1620,7 +1620,6 @@ set_encap_dests(struct mlx5e_priv *priv,
struct mlx5e_tc_flow *flow,
struct mlx5_flow_attr *attr,
struct netlink_ext_ack *extack,
- bool *encap_valid,
bool *vf_tun)
{
struct mlx5e_tc_flow_parse_attr *parse_attr;
@@ -1637,7 +1636,6 @@ set_encap_dests(struct mlx5e_priv *priv,
parse_attr = attr->parse_attr;
esw_attr = attr->esw_attr;
*vf_tun = false;
- *encap_valid = true;
for (out_index = 0; out_index < MLX5_MAX_FLOW_FWD_VPORTS; out_index++) {
struct net_device *out_dev;
@@ -1654,7 +1652,7 @@ set_encap_dests(struct mlx5e_priv *priv,
goto out;
}
err = mlx5e_attach_encap(priv, flow, attr, out_dev, out_index,
- extack, &encap_dev, encap_valid);
+ extack, &encap_dev);
dev_put(out_dev);
if (err)
goto out;
@@ -1718,8 +1716,8 @@ mlx5e_tc_add_fdb_flow(struct mlx5e_priv *priv,
struct mlx5e_tc_flow_parse_attr *parse_attr;
struct mlx5_flow_attr *attr = flow->attr;
struct mlx5_esw_flow_attr *esw_attr;
- bool vf_tun, encap_valid;
u32 max_prio, max_chain;
+ bool vf_tun;
int err = 0;
parse_attr = attr->parse_attr;
@@ -1809,7 +1807,7 @@ mlx5e_tc_add_fdb_flow(struct mlx5e_priv *priv,
esw_attr->int_port = int_port;
}
- err = set_encap_dests(priv, flow, attr, extack, &encap_valid, &vf_tun);
+ err = set_encap_dests(priv, flow, attr, extack, &vf_tun);
if (err)
goto err_out;
@@ -1839,7 +1837,7 @@ mlx5e_tc_add_fdb_flow(struct mlx5e_priv *priv,
* (1) there's no error
* (2) there's an encap action and we don't have valid neigh
*/
- if (!encap_valid || flow_flag_test(flow, SLOW))
+ if (flow_flag_test(flow, SLOW))
flow->rule[0] = mlx5e_tc_offload_to_slow_path(esw, flow, &parse_attr->spec);
else
flow->rule[0] = mlx5e_tc_offload_fdb_rules(esw, flow, &parse_attr->spec, attr);
@@ -3737,7 +3735,7 @@ alloc_flow_post_acts(struct mlx5e_tc_flow *flow, struct netlink_ext_ack *extack)
struct mlx5e_post_act *post_act = get_post_action(flow->priv);
struct mlx5_flow_attr *attr, *next_attr = NULL;
struct mlx5e_post_act_handle *handle;
- bool vf_tun, encap_valid = true;
+ bool vf_tun;
int err;
/* This is going in reverse order as needed.
@@ -3759,13 +3757,10 @@ alloc_flow_post_acts(struct mlx5e_tc_flow *flow, struct netlink_ext_ack *extack)
if (list_is_last(&attr->list, &flow->attrs))
break;
- err = set_encap_dests(flow->priv, flow, attr, extack, &encap_valid, &vf_tun);
+ err = set_encap_dests(flow->priv, flow, attr, extack, &vf_tun);
if (err)
goto out_free;
- if (!encap_valid)
- flow_flag_set(flow, SLOW);
-
err = actions_prepare_mod_hdr_actions(flow->priv, flow, attr, extack);
if (err)
goto out_free;
--
2.35.1
^ permalink raw reply related [flat|nested] 305+ messages in thread
* [PATCH 6.0 112/289] net: phy: at803x: fix error return code in at803x_probe()
2022-11-30 18:19 [PATCH 6.0 000/289] 6.0.11-rc1 review Greg Kroah-Hartman
` (110 preceding siblings ...)
2022-11-30 18:21 ` [PATCH 6.0 111/289] net/mlx5e: Offload rule only when all encaps are valid Greg Kroah-Hartman
@ 2022-11-30 18:21 ` Greg Kroah-Hartman
2022-11-30 18:21 ` [PATCH 6.0 113/289] tipc: set con sock in tipc_conn_alloc Greg Kroah-Hartman
` (186 subsequent siblings)
298 siblings, 0 replies; 305+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-30 18:21 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Wei Yongjun, Andrew Lunn,
Jakub Kicinski, Sasha Levin
From: Wei Yongjun <weiyongjun1@huawei.com>
[ Upstream commit 1f0dd412e34e177621769866bef347f0b22364df ]
Fix to return a negative error code from the ccr read error handling
case instead of 0, as done elsewhere in this function.
Fixes: 3265f4218878 ("net: phy: at803x: add fiber support")
Signed-off-by: Wei Yongjun <weiyongjun1@huawei.com>
Reviewed-by: Andrew Lunn <andrew@lunn.ch>
Link: https://lore.kernel.org/r/20221118103635.254256-1-weiyongjun@huaweicloud.com
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/phy/at803x.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/drivers/net/phy/at803x.c b/drivers/net/phy/at803x.c
index 59fe356942b5..249e7ee4a2bb 100644
--- a/drivers/net/phy/at803x.c
+++ b/drivers/net/phy/at803x.c
@@ -862,8 +862,10 @@ static int at803x_probe(struct phy_device *phydev)
.wolopts = 0,
};
- if (ccr < 0)
+ if (ccr < 0) {
+ ret = ccr;
goto err;
+ }
mode_cfg = ccr & AT803X_MODE_CFG_MASK;
switch (mode_cfg) {
--
2.35.1
^ permalink raw reply related [flat|nested] 305+ messages in thread
* [PATCH 6.0 113/289] tipc: set con sock in tipc_conn_alloc
2022-11-30 18:19 [PATCH 6.0 000/289] 6.0.11-rc1 review Greg Kroah-Hartman
` (111 preceding siblings ...)
2022-11-30 18:21 ` [PATCH 6.0 112/289] net: phy: at803x: fix error return code in at803x_probe() Greg Kroah-Hartman
@ 2022-11-30 18:21 ` Greg Kroah-Hartman
2022-11-30 18:21 ` [PATCH 6.0 114/289] tipc: add an extra conn_get " Greg Kroah-Hartman
` (185 subsequent siblings)
298 siblings, 0 replies; 305+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-30 18:21 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Wei Chen, Xin Long, Jon Maloy,
Jakub Kicinski, Sasha Levin
From: Xin Long <lucien.xin@gmail.com>
[ Upstream commit 0e5d56c64afcd6fd2d132ea972605b66f8a7d3c4 ]
A crash was reported by Wei Chen:
BUG: kernel NULL pointer dereference, address: 0000000000000018
RIP: 0010:tipc_conn_close+0x12/0x100
Call Trace:
tipc_topsrv_exit_net+0x139/0x320
ops_exit_list.isra.9+0x49/0x80
cleanup_net+0x31a/0x540
process_one_work+0x3fa/0x9f0
worker_thread+0x42/0x5c0
It was caused by !con->sock in tipc_conn_close(). In tipc_topsrv_accept(),
con is allocated in conn_idr then its sock is set:
con = tipc_conn_alloc();
... <----[1]
con->sock = newsock;
If tipc_conn_close() is called in anytime of [1], the null-pointer-def
is triggered by con->sock->sk due to con->sock is not yet set.
This patch fixes it by moving the con->sock setting to tipc_conn_alloc()
under s->idr_lock. So that con->sock can never be NULL when getting the
con from s->conn_idr. It will be also safer to move con->server and flag
CF_CONNECTED setting under s->idr_lock, as they should all be set before
tipc_conn_alloc() is called.
Fixes: c5fa7b3cf3cb ("tipc: introduce new TIPC server infrastructure")
Reported-by: Wei Chen <harperchen1110@gmail.com>
Signed-off-by: Xin Long <lucien.xin@gmail.com>
Acked-by: Jon Maloy <jmaloy@redhat.com>
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
net/tipc/topsrv.c | 11 +++++------
1 file changed, 5 insertions(+), 6 deletions(-)
diff --git a/net/tipc/topsrv.c b/net/tipc/topsrv.c
index d92ec92f0b71..b0f9aa521670 100644
--- a/net/tipc/topsrv.c
+++ b/net/tipc/topsrv.c
@@ -176,7 +176,7 @@ static void tipc_conn_close(struct tipc_conn *con)
conn_put(con);
}
-static struct tipc_conn *tipc_conn_alloc(struct tipc_topsrv *s)
+static struct tipc_conn *tipc_conn_alloc(struct tipc_topsrv *s, struct socket *sock)
{
struct tipc_conn *con;
int ret;
@@ -202,10 +202,11 @@ static struct tipc_conn *tipc_conn_alloc(struct tipc_topsrv *s)
}
con->conid = ret;
s->idr_in_use++;
- spin_unlock_bh(&s->idr_lock);
set_bit(CF_CONNECTED, &con->flags);
con->server = s;
+ con->sock = sock;
+ spin_unlock_bh(&s->idr_lock);
return con;
}
@@ -467,7 +468,7 @@ static void tipc_topsrv_accept(struct work_struct *work)
ret = kernel_accept(lsock, &newsock, O_NONBLOCK);
if (ret < 0)
return;
- con = tipc_conn_alloc(srv);
+ con = tipc_conn_alloc(srv, newsock);
if (IS_ERR(con)) {
ret = PTR_ERR(con);
sock_release(newsock);
@@ -479,7 +480,6 @@ static void tipc_topsrv_accept(struct work_struct *work)
newsk->sk_data_ready = tipc_conn_data_ready;
newsk->sk_write_space = tipc_conn_write_space;
newsk->sk_user_data = con;
- con->sock = newsock;
write_unlock_bh(&newsk->sk_callback_lock);
/* Wake up receive process in case of 'SYN+' message */
@@ -577,12 +577,11 @@ bool tipc_topsrv_kern_subscr(struct net *net, u32 port, u32 type, u32 lower,
sub.filter = filter;
*(u64 *)&sub.usr_handle = (u64)port;
- con = tipc_conn_alloc(tipc_topsrv(net));
+ con = tipc_conn_alloc(tipc_topsrv(net), NULL);
if (IS_ERR(con))
return false;
*conid = con->conid;
- con->sock = NULL;
rc = tipc_conn_rcv_sub(tipc_topsrv(net), con, &sub);
if (rc >= 0)
return true;
--
2.35.1
^ permalink raw reply related [flat|nested] 305+ messages in thread
* [PATCH 6.0 114/289] tipc: add an extra conn_get in tipc_conn_alloc
2022-11-30 18:19 [PATCH 6.0 000/289] 6.0.11-rc1 review Greg Kroah-Hartman
` (112 preceding siblings ...)
2022-11-30 18:21 ` [PATCH 6.0 113/289] tipc: set con sock in tipc_conn_alloc Greg Kroah-Hartman
@ 2022-11-30 18:21 ` Greg Kroah-Hartman
2022-11-30 18:21 ` [PATCH 6.0 115/289] tipc: check skb_linearize() return value in tipc_disc_rcv() Greg Kroah-Hartman
` (184 subsequent siblings)
298 siblings, 0 replies; 305+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-30 18:21 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Xin Long, Jon Maloy, Jakub Kicinski,
Sasha Levin
From: Xin Long <lucien.xin@gmail.com>
[ Upstream commit a7b42969d63f47320853a802efd879fbdc4e010e ]
One extra conn_get() is needed in tipc_conn_alloc(), as after
tipc_conn_alloc() is called, tipc_conn_close() may free this
con before deferencing it in tipc_topsrv_accept():
tipc_conn_alloc();
newsk = newsock->sk;
<---- tipc_conn_close();
write_lock_bh(&sk->sk_callback_lock);
newsk->sk_data_ready = tipc_conn_data_ready;
Then an uaf issue can be triggered:
BUG: KASAN: use-after-free in tipc_topsrv_accept+0x1e7/0x370 [tipc]
Call Trace:
<TASK>
dump_stack_lvl+0x33/0x46
print_report+0x178/0x4b0
kasan_report+0x8c/0x100
kasan_check_range+0x179/0x1e0
tipc_topsrv_accept+0x1e7/0x370 [tipc]
process_one_work+0x6a3/0x1030
worker_thread+0x8a/0xdf0
This patch fixes it by holding it in tipc_conn_alloc(), then after
all accessing in tipc_topsrv_accept() releasing it. Note when does
this in tipc_topsrv_kern_subscr(), as tipc_conn_rcv_sub() returns
0 or -1 only, we don't need to check for "> 0".
Fixes: c5fa7b3cf3cb ("tipc: introduce new TIPC server infrastructure")
Signed-off-by: Xin Long <lucien.xin@gmail.com>
Acked-by: Jon Maloy <jmaloy@redhat.com>
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
net/tipc/topsrv.c | 9 ++++++---
1 file changed, 6 insertions(+), 3 deletions(-)
diff --git a/net/tipc/topsrv.c b/net/tipc/topsrv.c
index b0f9aa521670..e3b427a70398 100644
--- a/net/tipc/topsrv.c
+++ b/net/tipc/topsrv.c
@@ -206,6 +206,7 @@ static struct tipc_conn *tipc_conn_alloc(struct tipc_topsrv *s, struct socket *s
set_bit(CF_CONNECTED, &con->flags);
con->server = s;
con->sock = sock;
+ conn_get(con);
spin_unlock_bh(&s->idr_lock);
return con;
@@ -484,6 +485,7 @@ static void tipc_topsrv_accept(struct work_struct *work)
/* Wake up receive process in case of 'SYN+' message */
newsk->sk_data_ready(newsk);
+ conn_put(con);
}
}
@@ -583,10 +585,11 @@ bool tipc_topsrv_kern_subscr(struct net *net, u32 port, u32 type, u32 lower,
*conid = con->conid;
rc = tipc_conn_rcv_sub(tipc_topsrv(net), con, &sub);
- if (rc >= 0)
- return true;
+ if (rc)
+ conn_put(con);
+
conn_put(con);
- return false;
+ return !rc;
}
void tipc_topsrv_kern_unsubscr(struct net *net, int conid)
--
2.35.1
^ permalink raw reply related [flat|nested] 305+ messages in thread
* [PATCH 6.0 115/289] tipc: check skb_linearize() return value in tipc_disc_rcv()
2022-11-30 18:19 [PATCH 6.0 000/289] 6.0.11-rc1 review Greg Kroah-Hartman
` (113 preceding siblings ...)
2022-11-30 18:21 ` [PATCH 6.0 114/289] tipc: add an extra conn_get " Greg Kroah-Hartman
@ 2022-11-30 18:21 ` Greg Kroah-Hartman
2022-11-30 18:21 ` [PATCH 6.0 116/289] zonefs: Fix race between modprobe and mount Greg Kroah-Hartman
` (183 subsequent siblings)
298 siblings, 0 replies; 305+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-30 18:21 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, YueHaibing, Jon Maloy,
Jakub Kicinski, Sasha Levin
From: YueHaibing <yuehaibing@huawei.com>
[ Upstream commit cd0f6421162201e4b22ce757a1966729323185eb ]
If skb_linearize() fails in tipc_disc_rcv(), we need to free the skb instead of
handle it.
Fixes: 25b0b9c4e835 ("tipc: handle collisions of 32-bit node address hash values")
Signed-off-by: YueHaibing <yuehaibing@huawei.com>
Acked-by: Jon Maloy <jmaloy@redhat.com>
Link: https://lore.kernel.org/r/20221119072832.7896-1-yuehaibing@huawei.com
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
net/tipc/discover.c | 5 ++++-
1 file changed, 4 insertions(+), 1 deletion(-)
diff --git a/net/tipc/discover.c b/net/tipc/discover.c
index e8630707901e..e8dcdf267c0c 100644
--- a/net/tipc/discover.c
+++ b/net/tipc/discover.c
@@ -211,7 +211,10 @@ void tipc_disc_rcv(struct net *net, struct sk_buff *skb,
u32 self;
int err;
- skb_linearize(skb);
+ if (skb_linearize(skb)) {
+ kfree_skb(skb);
+ return;
+ }
hdr = buf_msg(skb);
if (caps & TIPC_NODE_ID128)
--
2.35.1
^ permalink raw reply related [flat|nested] 305+ messages in thread
* [PATCH 6.0 116/289] zonefs: Fix race between modprobe and mount
2022-11-30 18:19 [PATCH 6.0 000/289] 6.0.11-rc1 review Greg Kroah-Hartman
` (114 preceding siblings ...)
2022-11-30 18:21 ` [PATCH 6.0 115/289] tipc: check skb_linearize() return value in tipc_disc_rcv() Greg Kroah-Hartman
@ 2022-11-30 18:21 ` Greg Kroah-Hartman
2022-11-30 18:21 ` [PATCH 6.0 117/289] xfrm: Fix oops in __xfrm_state_delete() Greg Kroah-Hartman
` (182 subsequent siblings)
298 siblings, 0 replies; 305+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-30 18:21 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Zhang Xiaoxu, Johannes Thumshirn,
Chaitanya Kulkarni, Damien Le Moal, Sasha Levin
From: Zhang Xiaoxu <zhangxiaoxu5@huawei.com>
[ Upstream commit 4e45886956a20942800259f326a04417292ae314 ]
There is a race between modprobe and mount as below:
modprobe zonefs | mount -t zonefs
--------------------------------|-------------------------
zonefs_init |
register_filesystem [1] |
| zonefs_fill_super [2]
zonefs_sysfs_init [3] |
1. register zonefs suceess, then
2. user can mount the zonefs
3. if sysfs initialize failed, the module initialize failed.
Then the mount process maybe some error happened since the module
initialize failed.
Let's register zonefs after all dependency resource ready. And
reorder the dependency resource release in module exit.
Fixes: 9277a6d4fbd4 ("zonefs: Export open zone resource information through sysfs")
Signed-off-by: Zhang Xiaoxu <zhangxiaoxu5@huawei.com>
Reviewed-by: Johannes Thumshirn <johannes.thumshirn@wdc.com>
Reviewed-by: Chaitanya Kulkarni <kch@nvidia.com>
Signed-off-by: Damien Le Moal <damien.lemoal@opensource.wdc.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
fs/zonefs/super.c | 12 ++++++------
1 file changed, 6 insertions(+), 6 deletions(-)
diff --git a/fs/zonefs/super.c b/fs/zonefs/super.c
index 860f0b1032c6..625749fbedf4 100644
--- a/fs/zonefs/super.c
+++ b/fs/zonefs/super.c
@@ -1905,18 +1905,18 @@ static int __init zonefs_init(void)
if (ret)
return ret;
- ret = register_filesystem(&zonefs_type);
+ ret = zonefs_sysfs_init();
if (ret)
goto destroy_inodecache;
- ret = zonefs_sysfs_init();
+ ret = register_filesystem(&zonefs_type);
if (ret)
- goto unregister_fs;
+ goto sysfs_exit;
return 0;
-unregister_fs:
- unregister_filesystem(&zonefs_type);
+sysfs_exit:
+ zonefs_sysfs_exit();
destroy_inodecache:
zonefs_destroy_inodecache();
@@ -1925,9 +1925,9 @@ static int __init zonefs_init(void)
static void __exit zonefs_exit(void)
{
+ unregister_filesystem(&zonefs_type);
zonefs_sysfs_exit();
zonefs_destroy_inodecache();
- unregister_filesystem(&zonefs_type);
}
MODULE_AUTHOR("Damien Le Moal");
--
2.35.1
^ permalink raw reply related [flat|nested] 305+ messages in thread
* [PATCH 6.0 117/289] xfrm: Fix oops in __xfrm_state_delete()
2022-11-30 18:19 [PATCH 6.0 000/289] 6.0.11-rc1 review Greg Kroah-Hartman
` (115 preceding siblings ...)
2022-11-30 18:21 ` [PATCH 6.0 116/289] zonefs: Fix race between modprobe and mount Greg Kroah-Hartman
@ 2022-11-30 18:21 ` Greg Kroah-Hartman
2022-11-30 18:21 ` [PATCH 6.0 118/289] xfrm: Fix ignored return value in xfrm6_init() Greg Kroah-Hartman
` (181 subsequent siblings)
298 siblings, 0 replies; 305+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-30 18:21 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Roth Mark, Zhihao Chen,
Thomas Jarosch, Antony Antony, Herbert Xu, Steffen Klassert,
Sasha Levin
From: Thomas Jarosch <thomas.jarosch@intra2net.com>
[ Upstream commit b97df039a68b2f3e848e238df5d5d06343ea497b ]
Kernel 5.14 added a new "byseq" index to speed
up xfrm_state lookups by sequence number in commit
fe9f1d8779cb ("xfrm: add state hashtable keyed by seq")
While the patch was thorough, the function pfkey_send_new_mapping()
in net/af_key.c also modifies x->km.seq and never added
the current xfrm_state to the "byseq" index.
This leads to the following kernel Ooops:
BUG: kernel NULL pointer dereference, address: 0000000000000000
..
RIP: 0010:__xfrm_state_delete+0xc9/0x1c0
..
Call Trace:
<TASK>
xfrm_state_delete+0x1e/0x40
xfrm_del_sa+0xb0/0x110 [xfrm_user]
xfrm_user_rcv_msg+0x12d/0x270 [xfrm_user]
? remove_entity_load_avg+0x8a/0xa0
? copy_to_user_state_extra+0x580/0x580 [xfrm_user]
netlink_rcv_skb+0x51/0x100
xfrm_netlink_rcv+0x30/0x50 [xfrm_user]
netlink_unicast+0x1a6/0x270
netlink_sendmsg+0x22a/0x480
__sys_sendto+0x1a6/0x1c0
? __audit_syscall_entry+0xd8/0x130
? __audit_syscall_exit+0x249/0x2b0
__x64_sys_sendto+0x23/0x30
do_syscall_64+0x3a/0x90
entry_SYSCALL_64_after_hwframe+0x61/0xcb
Exact location of the crash in __xfrm_state_delete():
if (x->km.seq)
hlist_del_rcu(&x->byseq);
The hlist_node "byseq" was never populated.
The bug only triggers if a new NAT traversal mapping (changed IP or port)
is detected in esp_input_done2() / esp6_input_done2(), which in turn
indirectly calls pfkey_send_new_mapping() *if* the kernel is compiled
with CONFIG_NET_KEY and "af_key" is active.
The PF_KEYv2 message SADB_X_NAT_T_NEW_MAPPING is not part of RFC 2367.
Various implementations have been examined how they handle
the "sadb_msg_seq" header field:
- racoon (Android): does not process SADB_X_NAT_T_NEW_MAPPING
- strongswan: does not care about sadb_msg_seq
- openswan: does not care about sadb_msg_seq
There is no standard how PF_KEYv2 sadb_msg_seq should be populated
for SADB_X_NAT_T_NEW_MAPPING and it's not used in popular
implementations either. Herbert Xu suggested we should just
use the current km.seq value as is. This fixes the root cause
of the oops since we no longer modify km.seq itself.
The update of "km.seq" looks like a copy'n'paste error
from pfkey_send_acquire(). SADB_ACQUIRE must indeed assign a unique km.seq
number according to RFC 2367. It has been verified that code paths
involving pfkey_send_acquire() don't cause the same Oops.
PF_KEYv2 SADB_X_NAT_T_NEW_MAPPING support was originally added here:
https://git.kernel.org/pub/scm/linux/kernel/git/tglx/history.git
commit cbc3488685b20e7b2a98ad387a1a816aada569d8
Author: Derek Atkins <derek@ihtfp.com>
AuthorDate: Wed Apr 2 13:21:02 2003 -0800
[IPSEC]: Implement UDP Encapsulation framework.
In particular, implement ESPinUDP encapsulation for IPsec
Nat Traversal.
A note on triggering the bug: I was not able to trigger it using VMs.
There is one VPN using a high latency link on our production VPN server
that triggered it like once a day though.
Link: https://github.com/strongswan/strongswan/issues/992
Link: https://lore.kernel.org/netdev/00959f33ee52c4b3b0084d42c430418e502db554.1652340703.git.antony.antony@secunet.com/T/
Link: https://lore.kernel.org/netdev/20221027142455.3975224-1-chenzhihao@meizu.com/T/
Fixes: fe9f1d8779cb ("xfrm: add state hashtable keyed by seq")
Reported-by: Roth Mark <rothm@mail.com>
Reported-by: Zhihao Chen <chenzhihao@meizu.com>
Tested-by: Roth Mark <rothm@mail.com>
Signed-off-by: Thomas Jarosch <thomas.jarosch@intra2net.com>
Acked-by: Antony Antony <antony.antony@secunet.com>
Acked-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
net/key/af_key.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/net/key/af_key.c b/net/key/af_key.c
index 213287814328..95edcbedf6ef 100644
--- a/net/key/af_key.c
+++ b/net/key/af_key.c
@@ -3394,7 +3394,7 @@ static int pfkey_send_new_mapping(struct xfrm_state *x, xfrm_address_t *ipaddr,
hdr->sadb_msg_len = size / sizeof(uint64_t);
hdr->sadb_msg_errno = 0;
hdr->sadb_msg_reserved = 0;
- hdr->sadb_msg_seq = x->km.seq = get_acqseq();
+ hdr->sadb_msg_seq = x->km.seq;
hdr->sadb_msg_pid = 0;
/* SA */
--
2.35.1
^ permalink raw reply related [flat|nested] 305+ messages in thread
* [PATCH 6.0 118/289] xfrm: Fix ignored return value in xfrm6_init()
2022-11-30 18:19 [PATCH 6.0 000/289] 6.0.11-rc1 review Greg Kroah-Hartman
` (116 preceding siblings ...)
2022-11-30 18:21 ` [PATCH 6.0 117/289] xfrm: Fix oops in __xfrm_state_delete() Greg Kroah-Hartman
@ 2022-11-30 18:21 ` Greg Kroah-Hartman
2022-11-30 18:21 ` [PATCH 6.0 119/289] net: wwan: iosm: use ACPI_FREE() but not kfree() in ipc_pcie_read_bios_cfg() Greg Kroah-Hartman
` (180 subsequent siblings)
298 siblings, 0 replies; 305+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-30 18:21 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Chen Zhongjin, Leon Romanovsky,
Steffen Klassert, Sasha Levin
From: Chen Zhongjin <chenzhongjin@huawei.com>
[ Upstream commit 40781bfb836eda57d19c0baa37c7e72590e05fdc ]
When IPv6 module initializing in xfrm6_init(), register_pernet_subsys()
is possible to fail but its return value is ignored.
If IPv6 initialization fails later and xfrm6_fini() is called,
removing uninitialized list in xfrm6_net_ops will cause null-ptr-deref:
KASAN: null-ptr-deref in range [0x0000000000000008-0x000000000000000f]
CPU: 1 PID: 330 Comm: insmod
RIP: 0010:unregister_pernet_operations+0xc9/0x450
Call Trace:
<TASK>
unregister_pernet_subsys+0x31/0x3e
xfrm6_fini+0x16/0x30 [ipv6]
ip6_route_init+0xcd/0x128 [ipv6]
inet6_init+0x29c/0x602 [ipv6]
...
Fix it by catching the error return value of register_pernet_subsys().
Fixes: 8d068875caca ("xfrm: make gc_thresh configurable in all namespaces")
Signed-off-by: Chen Zhongjin <chenzhongjin@huawei.com>
Reviewed-by: Leon Romanovsky <leonro@nvidia.com>
Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
net/ipv6/xfrm6_policy.c | 6 +++++-
1 file changed, 5 insertions(+), 1 deletion(-)
diff --git a/net/ipv6/xfrm6_policy.c b/net/ipv6/xfrm6_policy.c
index 4a4b0e49ec92..ea435eba3053 100644
--- a/net/ipv6/xfrm6_policy.c
+++ b/net/ipv6/xfrm6_policy.c
@@ -287,9 +287,13 @@ int __init xfrm6_init(void)
if (ret)
goto out_state;
- register_pernet_subsys(&xfrm6_net_ops);
+ ret = register_pernet_subsys(&xfrm6_net_ops);
+ if (ret)
+ goto out_protocol;
out:
return ret;
+out_protocol:
+ xfrm6_protocol_fini();
out_state:
xfrm6_state_fini();
out_policy:
--
2.35.1
^ permalink raw reply related [flat|nested] 305+ messages in thread
* [PATCH 6.0 119/289] net: wwan: iosm: use ACPI_FREE() but not kfree() in ipc_pcie_read_bios_cfg()
2022-11-30 18:19 [PATCH 6.0 000/289] 6.0.11-rc1 review Greg Kroah-Hartman
` (117 preceding siblings ...)
2022-11-30 18:21 ` [PATCH 6.0 118/289] xfrm: Fix ignored return value in xfrm6_init() Greg Kroah-Hartman
@ 2022-11-30 18:21 ` Greg Kroah-Hartman
2022-11-30 18:21 ` [PATCH 6.0 120/289] sfc: fix potential memleak in __ef100_hard_start_xmit() Greg Kroah-Hartman
` (179 subsequent siblings)
298 siblings, 0 replies; 305+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-30 18:21 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Wang ShaoBo, Paolo Abeni, Sasha Levin
From: Wang ShaoBo <bobo.shaobowang@huawei.com>
[ Upstream commit e541dd7763fc34aec2f93f652a396cc2e7b92d8d ]
acpi_evaluate_dsm() should be coupled with ACPI_FREE() to free the ACPI
memory, because we need to track the allocation of acpi_object when
ACPI_DBG_TRACK_ALLOCATIONS enabled, so use ACPI_FREE() instead of kfree().
Fixes: d38a648d2d6c ("net: wwan: iosm: fix memory leak in ipc_pcie_read_bios_cfg")
Signed-off-by: Wang ShaoBo <bobo.shaobowang@huawei.com>
Link: https://lore.kernel.org/r/20221118062447.2324881-1-bobo.shaobowang@huawei.com
Signed-off-by: Paolo Abeni <pabeni@redhat.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/wwan/iosm/iosm_ipc_pcie.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/net/wwan/iosm/iosm_ipc_pcie.c b/drivers/net/wwan/iosm/iosm_ipc_pcie.c
index 97cb6846c6ae..f604d4a01e1b 100644
--- a/drivers/net/wwan/iosm/iosm_ipc_pcie.c
+++ b/drivers/net/wwan/iosm/iosm_ipc_pcie.c
@@ -249,7 +249,7 @@ static enum ipc_pcie_sleep_state ipc_pcie_read_bios_cfg(struct device *dev)
if (object->integer.value == 3)
sleep_state = IPC_PCIE_D3L2;
- kfree(object);
+ ACPI_FREE(object);
default_ret:
return sleep_state;
--
2.35.1
^ permalink raw reply related [flat|nested] 305+ messages in thread
* [PATCH 6.0 120/289] sfc: fix potential memleak in __ef100_hard_start_xmit()
2022-11-30 18:19 [PATCH 6.0 000/289] 6.0.11-rc1 review Greg Kroah-Hartman
` (118 preceding siblings ...)
2022-11-30 18:21 ` [PATCH 6.0 119/289] net: wwan: iosm: use ACPI_FREE() but not kfree() in ipc_pcie_read_bios_cfg() Greg Kroah-Hartman
@ 2022-11-30 18:21 ` Greg Kroah-Hartman
2022-11-30 18:21 ` [PATCH 6.0 121/289] net: sparx5: fix error handling in sparx5_port_open() Greg Kroah-Hartman
` (178 subsequent siblings)
298 siblings, 0 replies; 305+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-30 18:21 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Zhang Changzhong, Martin Habets,
Leon Romanovsky, Paolo Abeni, Sasha Levin
From: Zhang Changzhong <zhangchangzhong@huawei.com>
[ Upstream commit aad98abd5cb8133507f22654f56bcb443aaa2d89 ]
The __ef100_hard_start_xmit() returns NETDEV_TX_OK without freeing skb
in error handling case, add dev_kfree_skb_any() to fix it.
Fixes: 51b35a454efd ("sfc: skeleton EF100 PF driver")
Signed-off-by: Zhang Changzhong <zhangchangzhong@huawei.com>
Acked-by: Martin Habets <habetsm.xilinx@gmail.com>
Reviewed-by: Leon Romanovsky <leonro@nvidia.com>
Link: https://lore.kernel.org/r/1668671409-10909-1-git-send-email-zhangchangzhong@huawei.com
Signed-off-by: Paolo Abeni <pabeni@redhat.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/ethernet/sfc/ef100_netdev.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/drivers/net/ethernet/sfc/ef100_netdev.c b/drivers/net/ethernet/sfc/ef100_netdev.c
index 17b9d37218cb..4c33c3b5f32b 100644
--- a/drivers/net/ethernet/sfc/ef100_netdev.c
+++ b/drivers/net/ethernet/sfc/ef100_netdev.c
@@ -217,6 +217,7 @@ netdev_tx_t __ef100_hard_start_xmit(struct sk_buff *skb,
skb->len, skb->data_len, channel->channel);
if (!efx->n_channels || !efx->n_tx_channels || !channel) {
netif_stop_queue(net_dev);
+ dev_kfree_skb_any(skb);
goto err;
}
--
2.35.1
^ permalink raw reply related [flat|nested] 305+ messages in thread
* [PATCH 6.0 121/289] net: sparx5: fix error handling in sparx5_port_open()
2022-11-30 18:19 [PATCH 6.0 000/289] 6.0.11-rc1 review Greg Kroah-Hartman
` (119 preceding siblings ...)
2022-11-30 18:21 ` [PATCH 6.0 120/289] sfc: fix potential memleak in __ef100_hard_start_xmit() Greg Kroah-Hartman
@ 2022-11-30 18:21 ` Greg Kroah-Hartman
2022-11-30 18:21 ` [PATCH 6.0 122/289] net: sched: allow act_ct to be built without NF_NAT Greg Kroah-Hartman
` (177 subsequent siblings)
298 siblings, 0 replies; 305+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-30 18:21 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Liu Jian, Bjarni Jonasson,
Steen Hegelund, Paolo Abeni, Sasha Levin
From: Liu Jian <liujian56@huawei.com>
[ Upstream commit 4305fe232b8aa59af3761adc9fe6b6aa40913960 ]
If phylink_of_phy_connect() fails, the port should be disabled.
If sparx5_serdes_set()/phy_power_on() fails, the port should be
disabled and the phylink should be stopped and disconnected.
Fixes: 946e7fd5053a ("net: sparx5: add port module support")
Fixes: f3cad2611a77 ("net: sparx5: add hostmode with phylink support")
Signed-off-by: Liu Jian <liujian56@huawei.com>
Tested-by: Bjarni Jonasson <bjarni.jonasson@microchip.com>
Reviewed-by: Steen Hegelund <steen.hegelund@microchip.com>
Link: https://lore.kernel.org/r/20221117125918.203997-1-liujian56@huawei.com
Signed-off-by: Paolo Abeni <pabeni@redhat.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
.../net/ethernet/microchip/sparx5/sparx5_netdev.c | 14 ++++++++++++--
1 file changed, 12 insertions(+), 2 deletions(-)
diff --git a/drivers/net/ethernet/microchip/sparx5/sparx5_netdev.c b/drivers/net/ethernet/microchip/sparx5/sparx5_netdev.c
index af4d3e1f1a6d..3f112a897a60 100644
--- a/drivers/net/ethernet/microchip/sparx5/sparx5_netdev.c
+++ b/drivers/net/ethernet/microchip/sparx5/sparx5_netdev.c
@@ -103,7 +103,7 @@ static int sparx5_port_open(struct net_device *ndev)
err = phylink_of_phy_connect(port->phylink, port->of_node, 0);
if (err) {
netdev_err(ndev, "Could not attach to PHY\n");
- return err;
+ goto err_connect;
}
phylink_start(port->phylink);
@@ -115,10 +115,20 @@ static int sparx5_port_open(struct net_device *ndev)
err = sparx5_serdes_set(port->sparx5, port, &port->conf);
else
err = phy_power_on(port->serdes);
- if (err)
+ if (err) {
netdev_err(ndev, "%s failed\n", __func__);
+ goto out_power;
+ }
}
+ return 0;
+
+out_power:
+ phylink_stop(port->phylink);
+ phylink_disconnect_phy(port->phylink);
+err_connect:
+ sparx5_port_enable(port, false);
+
return err;
}
--
2.35.1
^ permalink raw reply related [flat|nested] 305+ messages in thread
* [PATCH 6.0 122/289] net: sched: allow act_ct to be built without NF_NAT
2022-11-30 18:19 [PATCH 6.0 000/289] 6.0.11-rc1 review Greg Kroah-Hartman
` (120 preceding siblings ...)
2022-11-30 18:21 ` [PATCH 6.0 121/289] net: sparx5: fix error handling in sparx5_port_open() Greg Kroah-Hartman
@ 2022-11-30 18:21 ` Greg Kroah-Hartman
2022-11-30 18:21 ` [PATCH 6.0 123/289] NFC: nci: fix memory leak in nci_rx_data_packet() Greg Kroah-Hartman
` (176 subsequent siblings)
298 siblings, 0 replies; 305+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-30 18:21 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Xin Long, Paolo Abeni, Sasha Levin
From: Xin Long <lucien.xin@gmail.com>
[ Upstream commit 8427fd100c7b7793650e212a81e42f1cf124613d ]
In commit f11fe1dae1c4 ("net/sched: Make NET_ACT_CT depends on NF_NAT"),
it fixed the build failure when NF_NAT is m and NET_ACT_CT is y by
adding depends on NF_NAT for NET_ACT_CT. However, it would also cause
NET_ACT_CT cannot be built without NF_NAT, which is not expected. This
patch fixes it by changing to use "(!NF_NAT || NF_NAT)" as the depend.
Fixes: f11fe1dae1c4 ("net/sched: Make NET_ACT_CT depends on NF_NAT")
Signed-off-by: Xin Long <lucien.xin@gmail.com>
Link: https://lore.kernel.org/r/b6386f28d1ba34721795fb776a91cbdabb203447.1668807183.git.lucien.xin@gmail.com
Signed-off-by: Paolo Abeni <pabeni@redhat.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
net/sched/Kconfig | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/net/sched/Kconfig b/net/sched/Kconfig
index 1e8ab4749c6c..4662a6ce8a7e 100644
--- a/net/sched/Kconfig
+++ b/net/sched/Kconfig
@@ -976,7 +976,7 @@ config NET_ACT_TUNNEL_KEY
config NET_ACT_CT
tristate "connection tracking tc action"
- depends on NET_CLS_ACT && NF_CONNTRACK && NF_NAT && NF_FLOW_TABLE
+ depends on NET_CLS_ACT && NF_CONNTRACK && (!NF_NAT || NF_NAT) && NF_FLOW_TABLE
help
Say Y here to allow sending the packets to conntrack module.
--
2.35.1
^ permalink raw reply related [flat|nested] 305+ messages in thread
* [PATCH 6.0 123/289] NFC: nci: fix memory leak in nci_rx_data_packet()
2022-11-30 18:19 [PATCH 6.0 000/289] 6.0.11-rc1 review Greg Kroah-Hartman
` (121 preceding siblings ...)
2022-11-30 18:21 ` [PATCH 6.0 122/289] net: sched: allow act_ct to be built without NF_NAT Greg Kroah-Hartman
@ 2022-11-30 18:21 ` Greg Kroah-Hartman
2022-11-30 18:21 ` [PATCH 6.0 124/289] regulator: twl6030: re-add TWL6032_SUBCLASS Greg Kroah-Hartman
` (175 subsequent siblings)
298 siblings, 0 replies; 305+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-30 18:21 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, syzbot+cdb9a427d1bc08815104,
Liu Shixin, Paolo Abeni, Sasha Levin
From: Liu Shixin <liushixin2@huawei.com>
[ Upstream commit 53270fb0fd77fe786d8c07a0793981d797836b93 ]
Syzbot reported a memory leak about skb:
unreferenced object 0xffff88810e144e00 (size 240):
comm "syz-executor284", pid 3701, jiffies 4294952403 (age 12.620s)
hex dump (first 32 bytes):
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
backtrace:
[<ffffffff83ab79a9>] __alloc_skb+0x1f9/0x270 net/core/skbuff.c:497
[<ffffffff82a5cf64>] alloc_skb include/linux/skbuff.h:1267 [inline]
[<ffffffff82a5cf64>] virtual_ncidev_write+0x24/0xe0 drivers/nfc/virtual_ncidev.c:116
[<ffffffff815f6503>] do_loop_readv_writev fs/read_write.c:759 [inline]
[<ffffffff815f6503>] do_loop_readv_writev fs/read_write.c:743 [inline]
[<ffffffff815f6503>] do_iter_write+0x253/0x300 fs/read_write.c:863
[<ffffffff815f66ed>] vfs_writev+0xdd/0x240 fs/read_write.c:934
[<ffffffff815f68f6>] do_writev+0xa6/0x1c0 fs/read_write.c:977
[<ffffffff848802d5>] do_syscall_x64 arch/x86/entry/common.c:50 [inline]
[<ffffffff848802d5>] do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80
[<ffffffff84a00087>] entry_SYSCALL_64_after_hwframe+0x63/0xcd
In nci_rx_data_packet(), if we don't get a valid conn_info, we will return
directly but forget to release the skb.
Reported-by: syzbot+cdb9a427d1bc08815104@syzkaller.appspotmail.com
Fixes: 4aeee6871e8c ("NFC: nci: Add dynamic logical connections support")
Signed-off-by: Liu Shixin <liushixin2@huawei.com>
Link: https://lore.kernel.org/r/20221118082419.239475-1-liushixin2@huawei.com
Signed-off-by: Paolo Abeni <pabeni@redhat.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
net/nfc/nci/data.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/net/nfc/nci/data.c b/net/nfc/nci/data.c
index aa5e712adf07..3d36ea5701f0 100644
--- a/net/nfc/nci/data.c
+++ b/net/nfc/nci/data.c
@@ -279,8 +279,10 @@ void nci_rx_data_packet(struct nci_dev *ndev, struct sk_buff *skb)
nci_plen(skb->data));
conn_info = nci_get_conn_info_by_conn_id(ndev, nci_conn_id(skb->data));
- if (!conn_info)
+ if (!conn_info) {
+ kfree_skb(skb);
return;
+ }
/* strip the nci data header */
skb_pull(skb, NCI_DATA_HDR_SIZE);
--
2.35.1
^ permalink raw reply related [flat|nested] 305+ messages in thread
* [PATCH 6.0 124/289] regulator: twl6030: re-add TWL6032_SUBCLASS
2022-11-30 18:19 [PATCH 6.0 000/289] 6.0.11-rc1 review Greg Kroah-Hartman
` (122 preceding siblings ...)
2022-11-30 18:21 ` [PATCH 6.0 123/289] NFC: nci: fix memory leak in nci_rx_data_packet() Greg Kroah-Hartman
@ 2022-11-30 18:21 ` Greg Kroah-Hartman
2022-11-30 18:21 ` [PATCH 6.0 125/289] bnx2x: fix pci device refcount leak in bnx2x_vf_is_pcie_pending() Greg Kroah-Hartman
` (174 subsequent siblings)
298 siblings, 0 replies; 305+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-30 18:21 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Andreas Kemnade, Mark Brown, Sasha Levin
From: Andreas Kemnade <andreas@kemnade.info>
[ Upstream commit 3d6c982b26db94cc21bc9f7784f63e8286b7be62 ]
In former times, info->feature was populated via the parent driver
by pdata/regulator_init_data->driver_data for all regulators when
USB_PRODUCT_ID_LSB indicates a TWL6032.
Today, the information is not set, so re-add it at the regulator
definitions.
Fixes: 25d82337705e2 ("regulator: twl: make driver DT only")
Signed-off-by: Andreas Kemnade <andreas@kemnade.info>
Link: https://lore.kernel.org/r/20221120221208.3093727-2-andreas@kemnade.info
Signed-off-by: Mark Brown <broonie@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/regulator/twl6030-regulator.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/drivers/regulator/twl6030-regulator.c b/drivers/regulator/twl6030-regulator.c
index 430265c404d6..7c7e3648ea4b 100644
--- a/drivers/regulator/twl6030-regulator.c
+++ b/drivers/regulator/twl6030-regulator.c
@@ -530,6 +530,7 @@ static const struct twlreg_info TWL6030_INFO_##label = { \
#define TWL6032_ADJUSTABLE_LDO(label, offset) \
static const struct twlreg_info TWL6032_INFO_##label = { \
.base = offset, \
+ .features = TWL6032_SUBCLASS, \
.desc = { \
.name = #label, \
.id = TWL6032_REG_##label, \
@@ -562,6 +563,7 @@ static const struct twlreg_info TWLFIXED_INFO_##label = { \
#define TWL6032_ADJUSTABLE_SMPS(label, offset) \
static const struct twlreg_info TWLSMPS_INFO_##label = { \
.base = offset, \
+ .features = TWL6032_SUBCLASS, \
.desc = { \
.name = #label, \
.id = TWL6032_REG_##label, \
--
2.35.1
^ permalink raw reply related [flat|nested] 305+ messages in thread
* [PATCH 6.0 125/289] bnx2x: fix pci device refcount leak in bnx2x_vf_is_pcie_pending()
2022-11-30 18:19 [PATCH 6.0 000/289] 6.0.11-rc1 review Greg Kroah-Hartman
` (123 preceding siblings ...)
2022-11-30 18:21 ` [PATCH 6.0 124/289] regulator: twl6030: re-add TWL6032_SUBCLASS Greg Kroah-Hartman
@ 2022-11-30 18:21 ` Greg Kroah-Hartman
2022-11-30 18:21 ` [PATCH 6.0 126/289] dma-buf: fix racing conflict of dma_heap_add() Greg Kroah-Hartman
` (173 subsequent siblings)
298 siblings, 0 replies; 305+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-30 18:21 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Jakub Kicinski, Yang Yingliang,
Leon Romanovsky, Paolo Abeni, Sasha Levin
From: Yang Yingliang <yangyingliang@huawei.com>
[ Upstream commit 3637a29ccbb6461b7268c5c5db525935d510afc6 ]
As comment of pci_get_domain_bus_and_slot() says, it returns
a pci device with refcount increment, when finish using it,
the caller must decrement the reference count by calling
pci_dev_put(). Call pci_dev_put() before returning from
bnx2x_vf_is_pcie_pending() to avoid refcount leak.
Fixes: b56e9670ffa4 ("bnx2x: Prepare device and initialize VF database")
Suggested-by: Jakub Kicinski <kuba@kernel.org>
Signed-off-by: Yang Yingliang <yangyingliang@huawei.com>
Reviewed-by: Leon Romanovsky <leonro@nvidia.com>
Link: https://lore.kernel.org/r/20221119070202.1407648-1-yangyingliang@huawei.com
Signed-off-by: Paolo Abeni <pabeni@redhat.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/ethernet/broadcom/bnx2x/bnx2x_sriov.c | 12 ++++++++----
1 file changed, 8 insertions(+), 4 deletions(-)
diff --git a/drivers/net/ethernet/broadcom/bnx2x/bnx2x_sriov.c b/drivers/net/ethernet/broadcom/bnx2x/bnx2x_sriov.c
index 11d15cd03600..77d4cb4ad782 100644
--- a/drivers/net/ethernet/broadcom/bnx2x/bnx2x_sriov.c
+++ b/drivers/net/ethernet/broadcom/bnx2x/bnx2x_sriov.c
@@ -795,16 +795,20 @@ static void bnx2x_vf_enable_traffic(struct bnx2x *bp, struct bnx2x_virtf *vf)
static u8 bnx2x_vf_is_pcie_pending(struct bnx2x *bp, u8 abs_vfid)
{
- struct pci_dev *dev;
struct bnx2x_virtf *vf = bnx2x_vf_by_abs_fid(bp, abs_vfid);
+ struct pci_dev *dev;
+ bool pending;
if (!vf)
return false;
dev = pci_get_domain_bus_and_slot(vf->domain, vf->bus, vf->devfn);
- if (dev)
- return bnx2x_is_pcie_pending(dev);
- return false;
+ if (!dev)
+ return false;
+ pending = bnx2x_is_pcie_pending(dev);
+ pci_dev_put(dev);
+
+ return pending;
}
int bnx2x_vf_flr_clnup_epilog(struct bnx2x *bp, u8 abs_vfid)
--
2.35.1
^ permalink raw reply related [flat|nested] 305+ messages in thread
* [PATCH 6.0 126/289] dma-buf: fix racing conflict of dma_heap_add()
2022-11-30 18:19 [PATCH 6.0 000/289] 6.0.11-rc1 review Greg Kroah-Hartman
` (124 preceding siblings ...)
2022-11-30 18:21 ` [PATCH 6.0 125/289] bnx2x: fix pci device refcount leak in bnx2x_vf_is_pcie_pending() Greg Kroah-Hartman
@ 2022-11-30 18:21 ` Greg Kroah-Hartman
2022-11-30 18:21 ` [PATCH 6.0 127/289] tsnep: Fix rotten packets Greg Kroah-Hartman
` (172 subsequent siblings)
298 siblings, 0 replies; 305+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-30 18:21 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Dawei Li, Andrew Davis,
Christian König, Sumit Semwal, Sasha Levin
From: Dawei Li <set_pte_at@outlook.com>
[ Upstream commit 432e25902b9651622578c6248e549297d03caf66 ]
Racing conflict could be:
task A task B
list_for_each_entry
strcmp(h->name))
list_for_each_entry
strcmp(h->name)
kzalloc kzalloc
...... .....
device_create device_create
list_add
list_add
The root cause is that task B has no idea about the fact someone
else(A) has inserted heap with same name when it calls list_add,
so a potential collision occurs.
Fixes: c02a81fba74f ("dma-buf: Add dma-buf heaps framework")
Signed-off-by: Dawei Li <set_pte_at@outlook.com>
Acked-by: Andrew Davis <afd@ti.com>
Acked-by: Christian König <christian.koenig@amd.com>
Signed-off-by: Sumit Semwal <sumit.semwal@linaro.org>
Link: https://patchwork.freedesktop.org/patch/msgid/TYCP286MB2323873BBDF88020781FB986CA3B9@TYCP286MB2323.JPNP286.PROD.OUTLOOK.COM
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/dma-buf/dma-heap.c | 28 +++++++++++++++-------------
1 file changed, 15 insertions(+), 13 deletions(-)
diff --git a/drivers/dma-buf/dma-heap.c b/drivers/dma-buf/dma-heap.c
index 8f5848aa144f..59d158873f4c 100644
--- a/drivers/dma-buf/dma-heap.c
+++ b/drivers/dma-buf/dma-heap.c
@@ -233,18 +233,6 @@ struct dma_heap *dma_heap_add(const struct dma_heap_export_info *exp_info)
return ERR_PTR(-EINVAL);
}
- /* check the name is unique */
- mutex_lock(&heap_list_lock);
- list_for_each_entry(h, &heap_list, list) {
- if (!strcmp(h->name, exp_info->name)) {
- mutex_unlock(&heap_list_lock);
- pr_err("dma_heap: Already registered heap named %s\n",
- exp_info->name);
- return ERR_PTR(-EINVAL);
- }
- }
- mutex_unlock(&heap_list_lock);
-
heap = kzalloc(sizeof(*heap), GFP_KERNEL);
if (!heap)
return ERR_PTR(-ENOMEM);
@@ -283,13 +271,27 @@ struct dma_heap *dma_heap_add(const struct dma_heap_export_info *exp_info)
err_ret = ERR_CAST(dev_ret);
goto err2;
}
- /* Add heap to the list */
+
mutex_lock(&heap_list_lock);
+ /* check the name is unique */
+ list_for_each_entry(h, &heap_list, list) {
+ if (!strcmp(h->name, exp_info->name)) {
+ mutex_unlock(&heap_list_lock);
+ pr_err("dma_heap: Already registered heap named %s\n",
+ exp_info->name);
+ err_ret = ERR_PTR(-EINVAL);
+ goto err3;
+ }
+ }
+
+ /* Add heap to the list */
list_add(&heap->list, &heap_list);
mutex_unlock(&heap_list_lock);
return heap;
+err3:
+ device_destroy(dma_heap_class, heap->heap_devt);
err2:
cdev_del(&heap->heap_cdev);
err1:
--
2.35.1
^ permalink raw reply related [flat|nested] 305+ messages in thread
* [PATCH 6.0 127/289] tsnep: Fix rotten packets
2022-11-30 18:19 [PATCH 6.0 000/289] 6.0.11-rc1 review Greg Kroah-Hartman
` (125 preceding siblings ...)
2022-11-30 18:21 ` [PATCH 6.0 126/289] dma-buf: fix racing conflict of dma_heap_add() Greg Kroah-Hartman
@ 2022-11-30 18:21 ` Greg Kroah-Hartman
2022-11-30 18:21 ` [PATCH 6.0 128/289] cpufreq: amd-pstate: change amd-pstate driver to be built-in type Greg Kroah-Hartman
` (171 subsequent siblings)
298 siblings, 0 replies; 305+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-30 18:21 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Gerhard Engleder, Paolo Abeni, Sasha Levin
From: Gerhard Engleder <gerhard@engleder-embedded.com>
[ Upstream commit 2dc4ac91f845b690ddf2ad39172c3698b2769fa2 ]
If PTP synchronisation is done every second, then sporadic the interval
is higher than one second:
ptp4l[696.582]: master offset -17 s2 freq -1891 path delay 573
ptp4l[697.582]: master offset -22 s2 freq -1901 path delay 573
ptp4l[699.368]: master offset -1 s2 freq -1887 path delay 573
^^^^^^^ Should be 698.582!
This problem is caused by rotten packets, which are received after
polling but before interrupts are enabled again. This can be fixed by
checking for pending work and rescheduling if necessary after interrupts
has been enabled again.
Fixes: 403f69bbdbad ("tsnep: Add TSN endpoint Ethernet MAC driver")
Signed-off-by: Gerhard Engleder <gerhard@engleder-embedded.com>
Link: https://lore.kernel.org/r/20221119211825.81805-1-gerhard@engleder-embedded.com
Signed-off-by: Paolo Abeni <pabeni@redhat.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/ethernet/engleder/tsnep_main.c | 57 +++++++++++++++++++++-
1 file changed, 56 insertions(+), 1 deletion(-)
diff --git a/drivers/net/ethernet/engleder/tsnep_main.c b/drivers/net/ethernet/engleder/tsnep_main.c
index a5f7152a1716..6a2617cc5490 100644
--- a/drivers/net/ethernet/engleder/tsnep_main.c
+++ b/drivers/net/ethernet/engleder/tsnep_main.c
@@ -504,6 +504,27 @@ static bool tsnep_tx_poll(struct tsnep_tx *tx, int napi_budget)
return (budget != 0);
}
+static bool tsnep_tx_pending(struct tsnep_tx *tx)
+{
+ unsigned long flags;
+ struct tsnep_tx_entry *entry;
+ bool pending = false;
+
+ spin_lock_irqsave(&tx->lock, flags);
+
+ if (tx->read != tx->write) {
+ entry = &tx->entry[tx->read];
+ if ((__le32_to_cpu(entry->desc_wb->properties) &
+ TSNEP_TX_DESC_OWNER_MASK) ==
+ (entry->properties & TSNEP_TX_DESC_OWNER_MASK))
+ pending = true;
+ }
+
+ spin_unlock_irqrestore(&tx->lock, flags);
+
+ return pending;
+}
+
static int tsnep_tx_open(struct tsnep_adapter *adapter, void __iomem *addr,
struct tsnep_tx *tx)
{
@@ -751,6 +772,19 @@ static int tsnep_rx_poll(struct tsnep_rx *rx, struct napi_struct *napi,
return done;
}
+static bool tsnep_rx_pending(struct tsnep_rx *rx)
+{
+ struct tsnep_rx_entry *entry;
+
+ entry = &rx->entry[rx->read];
+ if ((__le32_to_cpu(entry->desc_wb->properties) &
+ TSNEP_DESC_OWNER_COUNTER_MASK) ==
+ (entry->properties & TSNEP_DESC_OWNER_COUNTER_MASK))
+ return true;
+
+ return false;
+}
+
static int tsnep_rx_open(struct tsnep_adapter *adapter, void __iomem *addr,
struct tsnep_rx *rx)
{
@@ -795,6 +829,17 @@ static void tsnep_rx_close(struct tsnep_rx *rx)
tsnep_rx_ring_cleanup(rx);
}
+static bool tsnep_pending(struct tsnep_queue *queue)
+{
+ if (queue->tx && tsnep_tx_pending(queue->tx))
+ return true;
+
+ if (queue->rx && tsnep_rx_pending(queue->rx))
+ return true;
+
+ return false;
+}
+
static int tsnep_poll(struct napi_struct *napi, int budget)
{
struct tsnep_queue *queue = container_of(napi, struct tsnep_queue,
@@ -815,9 +860,19 @@ static int tsnep_poll(struct napi_struct *napi, int budget)
if (!complete)
return budget;
- if (likely(napi_complete_done(napi, done)))
+ if (likely(napi_complete_done(napi, done))) {
tsnep_enable_irq(queue->adapter, queue->irq_mask);
+ /* reschedule if work is already pending, prevent rotten packets
+ * which are transmitted or received after polling but before
+ * interrupt enable
+ */
+ if (tsnep_pending(queue)) {
+ tsnep_disable_irq(queue->adapter, queue->irq_mask);
+ napi_schedule(napi);
+ }
+ }
+
return min(done, budget - 1);
}
--
2.35.1
^ permalink raw reply related [flat|nested] 305+ messages in thread
* [PATCH 6.0 128/289] cpufreq: amd-pstate: change amd-pstate driver to be built-in type
2022-11-30 18:19 [PATCH 6.0 000/289] 6.0.11-rc1 review Greg Kroah-Hartman
` (126 preceding siblings ...)
2022-11-30 18:21 ` [PATCH 6.0 127/289] tsnep: Fix rotten packets Greg Kroah-Hartman
@ 2022-11-30 18:21 ` Greg Kroah-Hartman
2022-11-30 18:21 ` [PATCH 6.0 129/289] netfilter: ipset: restore allowing 64 clashing elements in hash:net,iface Greg Kroah-Hartman
` (170 subsequent siblings)
298 siblings, 0 replies; 305+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-30 18:21 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Huang Rui, Gautham R. Shenoy,
Wyes Karny, Perry Yuan, Rafael J. Wysocki, Sasha Levin
From: Perry Yuan <Perry.Yuan@amd.com>
[ Upstream commit 456ca88d8a5258fc66edc42a10053ac8473de2b1 ]
Currently when the amd-pstate and acpi_cpufreq are both built into
kernel as module driver, amd-pstate will not be loaded by default
in this case.
Change amd-pstate driver as built-in type, it will resolve the loading
sequence problem to allow user to make amd-pstate driver as the default
cpufreq scaling driver.
Acked-by: Huang Rui <ray.huang@amd.com>
Reviewed-by: Gautham R. Shenoy <gautham.shenoy@amd.com>
Tested-by: Wyes Karny <wyes.karny@amd.com>
Signed-off-by: Perry Yuan <Perry.Yuan@amd.com>
Fixes: ec437d71db77 ("cpufreq: amd-pstate: Introduce a new AMD P-State driver to support future processors")
Signed-off-by: Rafael J. Wysocki <rafael.j.wysocki@intel.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/cpufreq/Kconfig.x86 | 2 +-
drivers/cpufreq/amd-pstate.c | 11 +----------
2 files changed, 2 insertions(+), 11 deletions(-)
diff --git a/drivers/cpufreq/Kconfig.x86 b/drivers/cpufreq/Kconfig.x86
index 55516043b656..8184378f67ef 100644
--- a/drivers/cpufreq/Kconfig.x86
+++ b/drivers/cpufreq/Kconfig.x86
@@ -35,7 +35,7 @@ config X86_PCC_CPUFREQ
If in doubt, say N.
config X86_AMD_PSTATE
- tristate "AMD Processor P-State driver"
+ bool "AMD Processor P-State driver"
depends on X86 && ACPI
select ACPI_PROCESSOR
select ACPI_CPPC_LIB if X86_64
diff --git a/drivers/cpufreq/amd-pstate.c b/drivers/cpufreq/amd-pstate.c
index d63a28c5f95a..e808d2b3ef57 100644
--- a/drivers/cpufreq/amd-pstate.c
+++ b/drivers/cpufreq/amd-pstate.c
@@ -718,16 +718,7 @@ static int __init amd_pstate_init(void)
return ret;
}
-
-static void __exit amd_pstate_exit(void)
-{
- cpufreq_unregister_driver(&amd_pstate_driver);
-
- amd_pstate_enable(false);
-}
-
-module_init(amd_pstate_init);
-module_exit(amd_pstate_exit);
+device_initcall(amd_pstate_init);
MODULE_AUTHOR("Huang Rui <ray.huang@amd.com>");
MODULE_DESCRIPTION("AMD Processor P-state Frequency Driver");
--
2.35.1
^ permalink raw reply related [flat|nested] 305+ messages in thread
* [PATCH 6.0 129/289] netfilter: ipset: restore allowing 64 clashing elements in hash:net,iface
2022-11-30 18:19 [PATCH 6.0 000/289] 6.0.11-rc1 review Greg Kroah-Hartman
` (127 preceding siblings ...)
2022-11-30 18:21 ` [PATCH 6.0 128/289] cpufreq: amd-pstate: change amd-pstate driver to be built-in type Greg Kroah-Hartman
@ 2022-11-30 18:21 ` Greg Kroah-Hartman
2022-11-30 18:21 ` [PATCH 6.0 130/289] netfilter: flowtable_offload: add missing locking Greg Kroah-Hartman
` (169 subsequent siblings)
298 siblings, 0 replies; 305+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-30 18:21 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Jozsef Kadlecsik, Pablo Neira Ayuso,
Sasha Levin
From: Jozsef Kadlecsik <kadlec@netfilter.org>
[ Upstream commit 6a66ce44a51bdfc47721f0c591137df2d4b21247 ]
The commit 510841da1fcc ("netfilter: ipset: enforce documented limit to
prevent allocating huge memory") was too strict and prevented to add up to
64 clashing elements to a hash:net,iface type of set. This patch fixes the
issue and now the type behaves as documented.
Fixes: 510841da1fcc ("netfilter: ipset: enforce documented limit to prevent allocating huge memory")
Signed-off-by: Jozsef Kadlecsik <kadlec@netfilter.org>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
net/netfilter/ipset/ip_set_hash_gen.h | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/net/netfilter/ipset/ip_set_hash_gen.h b/net/netfilter/ipset/ip_set_hash_gen.h
index 3adc291d9ce1..7499192af586 100644
--- a/net/netfilter/ipset/ip_set_hash_gen.h
+++ b/net/netfilter/ipset/ip_set_hash_gen.h
@@ -916,7 +916,7 @@ mtype_add(struct ip_set *set, void *value, const struct ip_set_ext *ext,
#ifdef IP_SET_HASH_WITH_MULTI
if (h->bucketsize >= AHASH_MAX_TUNED)
goto set_full;
- else if (h->bucketsize < multi)
+ else if (h->bucketsize <= multi)
h->bucketsize += AHASH_INIT_SIZE;
#endif
if (n->size >= AHASH_MAX(h)) {
--
2.35.1
^ permalink raw reply related [flat|nested] 305+ messages in thread
* [PATCH 6.0 130/289] netfilter: flowtable_offload: add missing locking
2022-11-30 18:19 [PATCH 6.0 000/289] 6.0.11-rc1 review Greg Kroah-Hartman
` (128 preceding siblings ...)
2022-11-30 18:21 ` [PATCH 6.0 129/289] netfilter: ipset: restore allowing 64 clashing elements in hash:net,iface Greg Kroah-Hartman
@ 2022-11-30 18:21 ` Greg Kroah-Hartman
2022-11-30 18:21 ` [PATCH 6.0 131/289] fs: do not update freeing inode i_io_list Greg Kroah-Hartman
` (168 subsequent siblings)
298 siblings, 0 replies; 305+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-30 18:21 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Chad Monroe, Felix Fietkau,
Pablo Neira Ayuso, Sasha Levin
From: Felix Fietkau <nbd@nbd.name>
[ Upstream commit bcd9e3c1656d0f7dd9743598c65c3ae24efb38d0 ]
nf_flow_table_block_setup and the driver TC_SETUP_FT call can modify the flow
block cb list while they are being traversed elsewhere, causing a crash.
Add a write lock around the calls to protect readers
Fixes: c29f74e0df7a ("netfilter: nf_flow_table: hardware offload support")
Reported-by: Chad Monroe <chad.monroe@smartrg.com>
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
net/netfilter/nf_flow_table_offload.c | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/net/netfilter/nf_flow_table_offload.c b/net/netfilter/nf_flow_table_offload.c
index b04645ced89b..00b522890d77 100644
--- a/net/netfilter/nf_flow_table_offload.c
+++ b/net/netfilter/nf_flow_table_offload.c
@@ -1098,6 +1098,7 @@ static int nf_flow_table_block_setup(struct nf_flowtable *flowtable,
struct flow_block_cb *block_cb, *next;
int err = 0;
+ down_write(&flowtable->flow_block_lock);
switch (cmd) {
case FLOW_BLOCK_BIND:
list_splice(&bo->cb_list, &flowtable->flow_block.cb_list);
@@ -1112,6 +1113,7 @@ static int nf_flow_table_block_setup(struct nf_flowtable *flowtable,
WARN_ON_ONCE(1);
err = -EOPNOTSUPP;
}
+ up_write(&flowtable->flow_block_lock);
return err;
}
@@ -1168,7 +1170,9 @@ static int nf_flow_table_offload_cmd(struct flow_block_offload *bo,
nf_flow_table_block_offload_init(bo, dev_net(dev), cmd, flowtable,
extack);
+ down_write(&flowtable->flow_block_lock);
err = dev->netdev_ops->ndo_setup_tc(dev, TC_SETUP_FT, bo);
+ up_write(&flowtable->flow_block_lock);
if (err < 0)
return err;
--
2.35.1
^ permalink raw reply related [flat|nested] 305+ messages in thread
* [PATCH 6.0 131/289] fs: do not update freeing inode i_io_list
2022-11-30 18:19 [PATCH 6.0 000/289] 6.0.11-rc1 review Greg Kroah-Hartman
` (129 preceding siblings ...)
2022-11-30 18:21 ` [PATCH 6.0 130/289] netfilter: flowtable_offload: add missing locking Greg Kroah-Hartman
@ 2022-11-30 18:21 ` Greg Kroah-Hartman
2022-11-30 18:21 ` [PATCH 6.0 132/289] blk-mq: fix queue reference leak on blk_mq_alloc_disk_for_queue failure Greg Kroah-Hartman
` (167 subsequent siblings)
298 siblings, 0 replies; 305+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-30 18:21 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, syzbot+6ba92bd00d5093f7e371,
Jan Kara, Svyatoslav Feldsherov, Theodore Tso, Sasha Levin
From: Svyatoslav Feldsherov <feldsherov@google.com>
[ Upstream commit 4e3c51f4e805291b057d12f5dda5aeb50a538dc4 ]
After commit cbfecb927f42 ("fs: record I_DIRTY_TIME even if inode
already has I_DIRTY_INODE") writeback_single_inode can push inode with
I_DIRTY_TIME set to b_dirty_time list. In case of freeing inode with
I_DIRTY_TIME set this can happen after deletion of inode from i_io_list
at evict. Stack trace is following.
evict
fat_evict_inode
fat_truncate_blocks
fat_flush_inodes
writeback_inode
sync_inode_metadata(inode, sync=0)
writeback_single_inode(inode, wbc) <- wbc->sync_mode == WB_SYNC_NONE
This will lead to use after free in flusher thread.
Similar issue can be triggered if writeback_single_inode in the
stack trace update inode->i_io_list. Add explicit check to avoid it.
Fixes: cbfecb927f42 ("fs: record I_DIRTY_TIME even if inode already has I_DIRTY_INODE")
Reported-by: syzbot+6ba92bd00d5093f7e371@syzkaller.appspotmail.com
Reviewed-by: Jan Kara <jack@suse.cz>
Signed-off-by: Svyatoslav Feldsherov <feldsherov@google.com>
Link: https://lore.kernel.org/r/20221115202001.324188-1-feldsherov@google.com
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
fs/fs-writeback.c | 30 +++++++++++++++++++-----------
1 file changed, 19 insertions(+), 11 deletions(-)
diff --git a/fs/fs-writeback.c b/fs/fs-writeback.c
index 443f83382b9b..9958d4020771 100644
--- a/fs/fs-writeback.c
+++ b/fs/fs-writeback.c
@@ -1712,18 +1712,26 @@ static int writeback_single_inode(struct inode *inode,
wb = inode_to_wb_and_lock_list(inode);
spin_lock(&inode->i_lock);
/*
- * If the inode is now fully clean, then it can be safely removed from
- * its writeback list (if any). Otherwise the flusher threads are
- * responsible for the writeback lists.
+ * If the inode is freeing, its i_io_list shoudn't be updated
+ * as it can be finally deleted at this moment.
*/
- if (!(inode->i_state & I_DIRTY_ALL))
- inode_cgwb_move_to_attached(inode, wb);
- else if (!(inode->i_state & I_SYNC_QUEUED)) {
- if ((inode->i_state & I_DIRTY))
- redirty_tail_locked(inode, wb);
- else if (inode->i_state & I_DIRTY_TIME) {
- inode->dirtied_when = jiffies;
- inode_io_list_move_locked(inode, wb, &wb->b_dirty_time);
+ if (!(inode->i_state & I_FREEING)) {
+ /*
+ * If the inode is now fully clean, then it can be safely
+ * removed from its writeback list (if any). Otherwise the
+ * flusher threads are responsible for the writeback lists.
+ */
+ if (!(inode->i_state & I_DIRTY_ALL))
+ inode_cgwb_move_to_attached(inode, wb);
+ else if (!(inode->i_state & I_SYNC_QUEUED)) {
+ if ((inode->i_state & I_DIRTY))
+ redirty_tail_locked(inode, wb);
+ else if (inode->i_state & I_DIRTY_TIME) {
+ inode->dirtied_when = jiffies;
+ inode_io_list_move_locked(inode,
+ wb,
+ &wb->b_dirty_time);
+ }
}
}
--
2.35.1
^ permalink raw reply related [flat|nested] 305+ messages in thread
* [PATCH 6.0 132/289] blk-mq: fix queue reference leak on blk_mq_alloc_disk_for_queue failure
2022-11-30 18:19 [PATCH 6.0 000/289] 6.0.11-rc1 review Greg Kroah-Hartman
` (130 preceding siblings ...)
2022-11-30 18:21 ` [PATCH 6.0 131/289] fs: do not update freeing inode i_io_list Greg Kroah-Hartman
@ 2022-11-30 18:21 ` Greg Kroah-Hartman
2022-11-30 18:21 ` [PATCH 6.0 133/289] test_kprobes: fix implicit declaration error of test_kprobes Greg Kroah-Hartman
` (166 subsequent siblings)
298 siblings, 0 replies; 305+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-30 18:21 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Al Viro, Christoph Hellwig,
Damien Le Moal, Jens Axboe, Sasha Levin
From: Christoph Hellwig <hch@lst.de>
[ Upstream commit 22c17e279a1b03bad7987e4a4192b289b890f293 ]
Drop the request queue reference just acquired when __alloc_disk_node
failed.
Fixes: 6f8191fdf41d ("block: simplify disk shutdown")
Reported-by: Al Viro <viro@zeniv.linux.org.uk>
Signed-off-by: Christoph Hellwig <hch@lst.de>
Reviewed-by: Damien Le Moal <damien.lemoal@opensource.wdc.com>
Link: https://lore.kernel.org/r/20221122072753.426077-1-hch@lst.de
Signed-off-by: Jens Axboe <axboe@kernel.dk>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
block/blk-mq.c | 7 ++++++-
1 file changed, 6 insertions(+), 1 deletion(-)
diff --git a/block/blk-mq.c b/block/blk-mq.c
index 4402e4ecb8b1..3f1f5e3e0951 100644
--- a/block/blk-mq.c
+++ b/block/blk-mq.c
@@ -3956,9 +3956,14 @@ EXPORT_SYMBOL(__blk_mq_alloc_disk);
struct gendisk *blk_mq_alloc_disk_for_queue(struct request_queue *q,
struct lock_class_key *lkclass)
{
+ struct gendisk *disk;
+
if (!blk_get_queue(q))
return NULL;
- return __alloc_disk_node(q, NUMA_NO_NODE, lkclass);
+ disk = __alloc_disk_node(q, NUMA_NO_NODE, lkclass);
+ if (!disk)
+ blk_put_queue(q);
+ return disk;
}
EXPORT_SYMBOL(blk_mq_alloc_disk_for_queue);
--
2.35.1
^ permalink raw reply related [flat|nested] 305+ messages in thread
* [PATCH 6.0 133/289] test_kprobes: fix implicit declaration error of test_kprobes
2022-11-30 18:19 [PATCH 6.0 000/289] 6.0.11-rc1 review Greg Kroah-Hartman
` (131 preceding siblings ...)
2022-11-30 18:21 ` [PATCH 6.0 132/289] blk-mq: fix queue reference leak on blk_mq_alloc_disk_for_queue failure Greg Kroah-Hartman
@ 2022-11-30 18:21 ` Greg Kroah-Hartman
2022-11-30 18:21 ` [PATCH 6.0 134/289] dccp/tcp: Reset saddr on failure after inet6?_hash_connect() Greg Kroah-Hartman
` (165 subsequent siblings)
298 siblings, 0 replies; 305+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-30 18:21 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Li Hua, Masami Hiramatsu (Google),
Steven Rostedt (VMware),
Andrew Morton, Sasha Levin
From: Li Hua <hucool.lihua@huawei.com>
[ Upstream commit de3db3f883a82c4800f4af0ae2cc3b96a408ee9b ]
If KPROBES_SANITY_TEST and ARCH_CORRECT_STACKTRACE_ON_KRETPROBE is enabled, but
STACKTRACE is not set. Build failed as below:
lib/test_kprobes.c: In function `stacktrace_return_handler':
lib/test_kprobes.c:228:8: error: implicit declaration of function `stack_trace_save'; did you mean `stacktrace_driver'? [-Werror=implicit-function-declaration]
ret = stack_trace_save(stack_buf, STACK_BUF_SIZE, 0);
^~~~~~~~~~~~~~~~
stacktrace_driver
cc1: all warnings being treated as errors
scripts/Makefile.build:250: recipe for target 'lib/test_kprobes.o' failed
make[2]: *** [lib/test_kprobes.o] Error 1
To fix this error, Select STACKTRACE if ARCH_CORRECT_STACKTRACE_ON_KRETPROBE is enabled.
Link: https://lkml.kernel.org/r/20221121030620.63181-1-hucool.lihua@huawei.com
Fixes: 1f6d3a8f5e39 ("kprobes: Add a test case for stacktrace from kretprobe handler")
Signed-off-by: Li Hua <hucool.lihua@huawei.com>
Acked-by: Masami Hiramatsu (Google) <mhiramat@kernel.org>
Cc: Steven Rostedt (VMware) <rostedt@goodmis.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
lib/Kconfig.debug | 1 +
1 file changed, 1 insertion(+)
diff --git a/lib/Kconfig.debug b/lib/Kconfig.debug
index cb131fad117c..997d23641448 100644
--- a/lib/Kconfig.debug
+++ b/lib/Kconfig.debug
@@ -2095,6 +2095,7 @@ config KPROBES_SANITY_TEST
depends on DEBUG_KERNEL
depends on KPROBES
depends on KUNIT
+ select STACKTRACE if ARCH_CORRECT_STACKTRACE_ON_KRETPROBE
default KUNIT_ALL_TESTS
help
This option provides for testing basic kprobes functionality on
--
2.35.1
^ permalink raw reply related [flat|nested] 305+ messages in thread
* [PATCH 6.0 134/289] dccp/tcp: Reset saddr on failure after inet6?_hash_connect().
2022-11-30 18:19 [PATCH 6.0 000/289] 6.0.11-rc1 review Greg Kroah-Hartman
` (132 preceding siblings ...)
2022-11-30 18:21 ` [PATCH 6.0 133/289] test_kprobes: fix implicit declaration error of test_kprobes Greg Kroah-Hartman
@ 2022-11-30 18:21 ` Greg Kroah-Hartman
2022-11-30 18:22 ` [PATCH 6.0 135/289] net: ethernet: mtk_eth_soc: fix potential memory leak in mtk_rx_alloc() Greg Kroah-Hartman
` (164 subsequent siblings)
298 siblings, 0 replies; 305+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-30 18:21 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Kuniyuki Iwashima, Joanne Koong,
Eric Dumazet, Jakub Kicinski, Sasha Levin
From: Kuniyuki Iwashima <kuniyu@amazon.com>
[ Upstream commit 77934dc6db0d2b111a8f2759e9ad2fb67f5cffa5 ]
When connect() is called on a socket bound to the wildcard address,
we change the socket's saddr to a local address. If the socket
fails to connect() to the destination, we have to reset the saddr.
However, when an error occurs after inet_hash6?_connect() in
(dccp|tcp)_v[46]_conect(), we forget to reset saddr and leave
the socket bound to the address.
>From the user's point of view, whether saddr is reset or not varies
with errno. Let's fix this inconsistent behaviour.
Note that after this patch, the repro [0] will trigger the WARN_ON()
in inet_csk_get_port() again, but this patch is not buggy and rather
fixes a bug papering over the bhash2's bug for which we need another
fix.
For the record, the repro causes -EADDRNOTAVAIL in inet_hash6_connect()
by this sequence:
s1 = socket()
s1.setsockopt(SOL_SOCKET, SO_REUSEADDR, 1)
s1.bind(('127.0.0.1', 10000))
s1.sendto(b'hello', MSG_FASTOPEN, (('127.0.0.1', 10000)))
# or s1.connect(('127.0.0.1', 10000))
s2 = socket()
s2.setsockopt(SOL_SOCKET, SO_REUSEADDR, 1)
s2.bind(('0.0.0.0', 10000))
s2.connect(('127.0.0.1', 10000)) # -EADDRNOTAVAIL
s2.listen(32) # WARN_ON(inet_csk(sk)->icsk_bind2_hash != tb2);
[0]: https://syzkaller.appspot.com/bug?extid=015d756bbd1f8b5c8f09
Fixes: 3df80d9320bc ("[DCCP]: Introduce DCCPv6")
Fixes: 7c657876b63c ("[DCCP]: Initial implementation")
Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2")
Signed-off-by: Kuniyuki Iwashima <kuniyu@amazon.com>
Acked-by: Joanne Koong <joannelkoong@gmail.com>
Reviewed-by: Eric Dumazet <edumazet@google.com>
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
net/dccp/ipv4.c | 2 ++
net/dccp/ipv6.c | 2 ++
net/ipv4/tcp_ipv4.c | 2 ++
net/ipv6/tcp_ipv6.c | 2 ++
4 files changed, 8 insertions(+)
diff --git a/net/dccp/ipv4.c b/net/dccp/ipv4.c
index da6e3b20cd75..60379ad7ae06 100644
--- a/net/dccp/ipv4.c
+++ b/net/dccp/ipv4.c
@@ -136,6 +136,8 @@ int dccp_v4_connect(struct sock *sk, struct sockaddr *uaddr, int addr_len)
* This unhashes the socket and releases the local port, if necessary.
*/
dccp_set_state(sk, DCCP_CLOSED);
+ if (!(sk->sk_userlocks & SOCK_BINDADDR_LOCK))
+ inet_reset_saddr(sk);
ip_rt_put(rt);
sk->sk_route_caps = 0;
inet->inet_dport = 0;
diff --git a/net/dccp/ipv6.c b/net/dccp/ipv6.c
index fd44638ec16b..f9ed81a0ddbb 100644
--- a/net/dccp/ipv6.c
+++ b/net/dccp/ipv6.c
@@ -967,6 +967,8 @@ static int dccp_v6_connect(struct sock *sk, struct sockaddr *uaddr,
late_failure:
dccp_set_state(sk, DCCP_CLOSED);
+ if (!(sk->sk_userlocks & SOCK_BINDADDR_LOCK))
+ inet_reset_saddr(sk);
__sk_dst_reset(sk);
failure:
inet->inet_dport = 0;
diff --git a/net/ipv4/tcp_ipv4.c b/net/ipv4/tcp_ipv4.c
index fe9a6022db66..ef8013e2134f 100644
--- a/net/ipv4/tcp_ipv4.c
+++ b/net/ipv4/tcp_ipv4.c
@@ -323,6 +323,8 @@ int tcp_v4_connect(struct sock *sk, struct sockaddr *uaddr, int addr_len)
* if necessary.
*/
tcp_set_state(sk, TCP_CLOSE);
+ if (!(sk->sk_userlocks & SOCK_BINDADDR_LOCK))
+ inet_reset_saddr(sk);
ip_rt_put(rt);
sk->sk_route_caps = 0;
inet->inet_dport = 0;
diff --git a/net/ipv6/tcp_ipv6.c b/net/ipv6/tcp_ipv6.c
index e54eee80ce5f..5516cfb96c48 100644
--- a/net/ipv6/tcp_ipv6.c
+++ b/net/ipv6/tcp_ipv6.c
@@ -340,6 +340,8 @@ static int tcp_v6_connect(struct sock *sk, struct sockaddr *uaddr,
late_failure:
tcp_set_state(sk, TCP_CLOSE);
+ if (!(sk->sk_userlocks & SOCK_BINDADDR_LOCK))
+ inet_reset_saddr(sk);
failure:
inet->inet_dport = 0;
sk->sk_route_caps = 0;
--
2.35.1
^ permalink raw reply related [flat|nested] 305+ messages in thread
* [PATCH 6.0 135/289] net: ethernet: mtk_eth_soc: fix potential memory leak in mtk_rx_alloc()
2022-11-30 18:19 [PATCH 6.0 000/289] 6.0.11-rc1 review Greg Kroah-Hartman
` (133 preceding siblings ...)
2022-11-30 18:21 ` [PATCH 6.0 134/289] dccp/tcp: Reset saddr on failure after inet6?_hash_connect() Greg Kroah-Hartman
@ 2022-11-30 18:22 ` Greg Kroah-Hartman
2022-11-30 18:22 ` [PATCH 6.0 136/289] net: ethernet: mtk_eth_soc: move gdma_to_ppe and ppe_base definitions in mtk register map Greg Kroah-Hartman
` (163 subsequent siblings)
298 siblings, 0 replies; 305+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-30 18:22 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Ziyang Xuan, Lorenzo Bianconi,
Jakub Kicinski, Sasha Levin
From: Ziyang Xuan <william.xuanziyang@huawei.com>
[ Upstream commit 3213f808ae21be3891885de2f3a775afafcda987 ]
When fail to dma_map_single() in mtk_rx_alloc(), it returns directly.
But the memory allocated for local variable data is not freed, and
local variabel data has not been attached to ring->data[i] yet, so the
memory allocated for local variable data will not be freed outside
mtk_rx_alloc() too. Thus memory leak would occur in this scenario.
Add skb_free_frag(data) when dma_map_single() failed.
Fixes: 23233e577ef9 ("net: ethernet: mtk_eth_soc: rely on page_pool for single page buffers")
Signed-off-by: Ziyang Xuan <william.xuanziyang@huawei.com>
Acked-by: Lorenzo Bianconi <lorenzo.bianconi@redhat.com>
Link: https://lore.kernel.org/r/20221120035405.1464341-1-william.xuanziyang@huawei.com
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/ethernet/mediatek/mtk_eth_soc.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/drivers/net/ethernet/mediatek/mtk_eth_soc.c b/drivers/net/ethernet/mediatek/mtk_eth_soc.c
index a75f5931f746..916b570bdbf4 100644
--- a/drivers/net/ethernet/mediatek/mtk_eth_soc.c
+++ b/drivers/net/ethernet/mediatek/mtk_eth_soc.c
@@ -2363,8 +2363,10 @@ static int mtk_rx_alloc(struct mtk_eth *eth, int ring_no, int rx_flag)
data + NET_SKB_PAD + eth->ip_align,
ring->buf_size, DMA_FROM_DEVICE);
if (unlikely(dma_mapping_error(eth->dma_dev,
- dma_addr)))
+ dma_addr))) {
+ skb_free_frag(data);
return -ENOMEM;
+ }
}
rxd->rxd1 = (unsigned int)dma_addr;
ring->data[i] = data;
--
2.35.1
^ permalink raw reply related [flat|nested] 305+ messages in thread
* [PATCH 6.0 136/289] net: ethernet: mtk_eth_soc: move gdma_to_ppe and ppe_base definitions in mtk register map
2022-11-30 18:19 [PATCH 6.0 000/289] 6.0.11-rc1 review Greg Kroah-Hartman
` (134 preceding siblings ...)
2022-11-30 18:22 ` [PATCH 6.0 135/289] net: ethernet: mtk_eth_soc: fix potential memory leak in mtk_rx_alloc() Greg Kroah-Hartman
@ 2022-11-30 18:22 ` Greg Kroah-Hartman
2022-11-30 18:22 ` [PATCH 6.0 137/289] net: ethernet: mtk_eth_soc: move ppe table hash offset to mtk_soc_data structure Greg Kroah-Hartman
` (162 subsequent siblings)
298 siblings, 0 replies; 305+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-30 18:22 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Daniel Golle, Lorenzo Bianconi,
Paolo Abeni, Sasha Levin
From: Lorenzo Bianconi <lorenzo@kernel.org>
[ Upstream commit 329bce5139cfb00dba40f038ec090572b81ff2a9 ]
This is a preliminary patch to introduce mt7986 hw packet engine.
Tested-by: Daniel Golle <daniel@makrotopia.org>
Signed-off-by: Lorenzo Bianconi <lorenzo@kernel.org>
Signed-off-by: Paolo Abeni <pabeni@redhat.com>
Stable-dep-of: 8110437e5961 ("net: ethernet: mtk_eth_soc: fix resource leak in error path")
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/ethernet/mediatek/mtk_eth_soc.c | 15 +++++++++++----
drivers/net/ethernet/mediatek/mtk_eth_soc.h | 3 ++-
drivers/net/ethernet/mediatek/mtk_ppe.h | 2 --
3 files changed, 13 insertions(+), 7 deletions(-)
diff --git a/drivers/net/ethernet/mediatek/mtk_eth_soc.c b/drivers/net/ethernet/mediatek/mtk_eth_soc.c
index 916b570bdbf4..83c636d44142 100644
--- a/drivers/net/ethernet/mediatek/mtk_eth_soc.c
+++ b/drivers/net/ethernet/mediatek/mtk_eth_soc.c
@@ -73,6 +73,8 @@ static const struct mtk_reg_map mtk_reg_map = {
.fq_blen = 0x1b2c,
},
.gdm1_cnt = 0x2400,
+ .gdma_to_ppe = 0x4444,
+ .ppe_base = 0x0c00,
};
static const struct mtk_reg_map mt7628_reg_map = {
@@ -126,6 +128,8 @@ static const struct mtk_reg_map mt7986_reg_map = {
.fq_blen = 0x472c,
},
.gdm1_cnt = 0x1c00,
+ .gdma_to_ppe = 0x3333,
+ .ppe_base = 0x2000,
};
/* strings used by ethtool */
@@ -2978,6 +2982,7 @@ static int mtk_open(struct net_device *dev)
/* we run 2 netdevs on the same dma ring so we only bring it up once */
if (!refcount_read(ð->dma_refcnt)) {
+ const struct mtk_soc_data *soc = eth->soc;
u32 gdm_config = MTK_GDMA_TO_PDMA;
err = mtk_start_dma(eth);
@@ -2986,15 +2991,15 @@ static int mtk_open(struct net_device *dev)
return err;
}
- if (eth->soc->offload_version && mtk_ppe_start(eth->ppe) == 0)
- gdm_config = MTK_GDMA_TO_PPE;
+ if (soc->offload_version && mtk_ppe_start(eth->ppe) == 0)
+ gdm_config = soc->reg_map->gdma_to_ppe;
mtk_gdm_config(eth, gdm_config);
napi_enable(ð->tx_napi);
napi_enable(ð->rx_napi);
mtk_tx_irq_enable(eth, MTK_TX_DONE_INT);
- mtk_rx_irq_enable(eth, eth->soc->txrx.rx_irq_done_mask);
+ mtk_rx_irq_enable(eth, soc->txrx.rx_irq_done_mask);
refcount_set(ð->dma_refcnt, 1);
}
else
@@ -4104,7 +4109,9 @@ static int mtk_probe(struct platform_device *pdev)
}
if (eth->soc->offload_version) {
- eth->ppe = mtk_ppe_init(eth, eth->base + MTK_ETH_PPE_BASE, 2);
+ u32 ppe_addr = eth->soc->reg_map->ppe_base;
+
+ eth->ppe = mtk_ppe_init(eth, eth->base + ppe_addr, 2);
if (!eth->ppe) {
err = -ENOMEM;
goto err_free_dev;
diff --git a/drivers/net/ethernet/mediatek/mtk_eth_soc.h b/drivers/net/ethernet/mediatek/mtk_eth_soc.h
index 0f9668a4079d..511752729f5c 100644
--- a/drivers/net/ethernet/mediatek/mtk_eth_soc.h
+++ b/drivers/net/ethernet/mediatek/mtk_eth_soc.h
@@ -105,7 +105,6 @@
#define MTK_GDMA_TCS_EN BIT(21)
#define MTK_GDMA_UCS_EN BIT(20)
#define MTK_GDMA_TO_PDMA 0x0
-#define MTK_GDMA_TO_PPE 0x4444
#define MTK_GDMA_DROP_ALL 0x7777
/* Unicast Filter MAC Address Register - Low */
@@ -955,6 +954,8 @@ struct mtk_reg_map {
u32 fq_blen; /* fq free page buffer length */
} qdma;
u32 gdm1_cnt;
+ u32 gdma_to_ppe;
+ u32 ppe_base;
};
/* struct mtk_eth_data - This is the structure holding all differences
diff --git a/drivers/net/ethernet/mediatek/mtk_ppe.h b/drivers/net/ethernet/mediatek/mtk_ppe.h
index 69ffce04d630..ceb7dfe281de 100644
--- a/drivers/net/ethernet/mediatek/mtk_ppe.h
+++ b/drivers/net/ethernet/mediatek/mtk_ppe.h
@@ -8,8 +8,6 @@
#include <linux/bitfield.h>
#include <linux/rhashtable.h>
-#define MTK_ETH_PPE_BASE 0xc00
-
#define MTK_PPE_ENTRIES_SHIFT 3
#define MTK_PPE_ENTRIES (1024 << MTK_PPE_ENTRIES_SHIFT)
#define MTK_PPE_HASH_MASK (MTK_PPE_ENTRIES - 1)
--
2.35.1
^ permalink raw reply related [flat|nested] 305+ messages in thread
* [PATCH 6.0 137/289] net: ethernet: mtk_eth_soc: move ppe table hash offset to mtk_soc_data structure
2022-11-30 18:19 [PATCH 6.0 000/289] 6.0.11-rc1 review Greg Kroah-Hartman
` (135 preceding siblings ...)
2022-11-30 18:22 ` [PATCH 6.0 136/289] net: ethernet: mtk_eth_soc: move gdma_to_ppe and ppe_base definitions in mtk register map Greg Kroah-Hartman
@ 2022-11-30 18:22 ` Greg Kroah-Hartman
2022-11-30 18:22 ` [PATCH 6.0 138/289] net: ethernet: mtk_eth_soc: fix resource leak in error path Greg Kroah-Hartman
` (161 subsequent siblings)
298 siblings, 0 replies; 305+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-30 18:22 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Daniel Golle, Bo Jiao, Sujuan Chen,
Lorenzo Bianconi, Paolo Abeni, Sasha Levin
From: Lorenzo Bianconi <lorenzo@kernel.org>
[ Upstream commit ba2fc48c5e1e9e1934939f0d12ff8b985dcc6e5d ]
This is a preliminary patch to introduce mt7986 hw packet engine.
Tested-by: Daniel Golle <daniel@makrotopia.org>
Co-developed-by: Bo Jiao <Bo.Jiao@mediatek.com>
Signed-off-by: Bo Jiao <Bo.Jiao@mediatek.com>
Co-developed-by: Sujuan Chen <sujuan.chen@mediatek.com>
Signed-off-by: Sujuan Chen <sujuan.chen@mediatek.com>
Signed-off-by: Lorenzo Bianconi <lorenzo@kernel.org>
Signed-off-by: Paolo Abeni <pabeni@redhat.com>
Stable-dep-of: 8110437e5961 ("net: ethernet: mtk_eth_soc: fix resource leak in error path")
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/ethernet/mediatek/mtk_eth_soc.c | 4 ++++
drivers/net/ethernet/mediatek/mtk_eth_soc.h | 2 ++
drivers/net/ethernet/mediatek/mtk_ppe.c | 24 +++++++++++++++------
drivers/net/ethernet/mediatek/mtk_ppe.h | 2 +-
4 files changed, 25 insertions(+), 7 deletions(-)
diff --git a/drivers/net/ethernet/mediatek/mtk_eth_soc.c b/drivers/net/ethernet/mediatek/mtk_eth_soc.c
index 83c636d44142..3db24ddd1261 100644
--- a/drivers/net/ethernet/mediatek/mtk_eth_soc.c
+++ b/drivers/net/ethernet/mediatek/mtk_eth_soc.c
@@ -4210,6 +4210,7 @@ static const struct mtk_soc_data mt7621_data = {
.required_clks = MT7621_CLKS_BITMAP,
.required_pctl = false,
.offload_version = 2,
+ .hash_offset = 2,
.txrx = {
.txd_size = sizeof(struct mtk_tx_dma),
.rxd_size = sizeof(struct mtk_rx_dma),
@@ -4228,6 +4229,7 @@ static const struct mtk_soc_data mt7622_data = {
.required_clks = MT7622_CLKS_BITMAP,
.required_pctl = false,
.offload_version = 2,
+ .hash_offset = 2,
.txrx = {
.txd_size = sizeof(struct mtk_tx_dma),
.rxd_size = sizeof(struct mtk_rx_dma),
@@ -4245,6 +4247,7 @@ static const struct mtk_soc_data mt7623_data = {
.required_clks = MT7623_CLKS_BITMAP,
.required_pctl = true,
.offload_version = 2,
+ .hash_offset = 2,
.txrx = {
.txd_size = sizeof(struct mtk_tx_dma),
.rxd_size = sizeof(struct mtk_rx_dma),
@@ -4278,6 +4281,7 @@ static const struct mtk_soc_data mt7986_data = {
.caps = MT7986_CAPS,
.required_clks = MT7986_CLKS_BITMAP,
.required_pctl = false,
+ .hash_offset = 4,
.txrx = {
.txd_size = sizeof(struct mtk_tx_dma_v2),
.rxd_size = sizeof(struct mtk_rx_dma_v2),
diff --git a/drivers/net/ethernet/mediatek/mtk_eth_soc.h b/drivers/net/ethernet/mediatek/mtk_eth_soc.h
index 511752729f5c..26ed1c8b77c3 100644
--- a/drivers/net/ethernet/mediatek/mtk_eth_soc.h
+++ b/drivers/net/ethernet/mediatek/mtk_eth_soc.h
@@ -969,6 +969,7 @@ struct mtk_reg_map {
* the target SoC
* @required_pctl A bool value to show whether the SoC requires
* the extra setup for those pins used by GMAC.
+ * @hash_offset Flow table hash offset.
* @txd_size Tx DMA descriptor size.
* @rxd_size Rx DMA descriptor size.
* @rx_irq_done_mask Rx irq done register mask.
@@ -983,6 +984,7 @@ struct mtk_soc_data {
u32 required_clks;
bool required_pctl;
u8 offload_version;
+ u8 hash_offset;
netdev_features_t hw_features;
struct {
u32 txd_size;
diff --git a/drivers/net/ethernet/mediatek/mtk_ppe.c b/drivers/net/ethernet/mediatek/mtk_ppe.c
index 148ea636ef97..6ecac461fd76 100644
--- a/drivers/net/ethernet/mediatek/mtk_ppe.c
+++ b/drivers/net/ethernet/mediatek/mtk_ppe.c
@@ -88,7 +88,7 @@ static void mtk_ppe_cache_enable(struct mtk_ppe *ppe, bool enable)
enable * MTK_PPE_CACHE_CTL_EN);
}
-static u32 mtk_ppe_hash_entry(struct mtk_foe_entry *e)
+static u32 mtk_ppe_hash_entry(struct mtk_eth *eth, struct mtk_foe_entry *e)
{
u32 hv1, hv2, hv3;
u32 hash;
@@ -122,7 +122,7 @@ static u32 mtk_ppe_hash_entry(struct mtk_foe_entry *e)
hash = (hash >> 24) | ((hash & 0xffffff) << 8);
hash ^= hv1 ^ hv2 ^ hv3;
hash ^= hash >> 16;
- hash <<= 1;
+ hash <<= (ffs(eth->soc->hash_offset) - 1);
hash &= MTK_PPE_ENTRIES - 1;
return hash;
@@ -540,15 +540,16 @@ mtk_foe_entry_commit_l2(struct mtk_ppe *ppe, struct mtk_flow_entry *entry)
int mtk_foe_entry_commit(struct mtk_ppe *ppe, struct mtk_flow_entry *entry)
{
int type = FIELD_GET(MTK_FOE_IB1_PACKET_TYPE, entry->data.ib1);
+ const struct mtk_soc_data *soc = ppe->eth->soc;
u32 hash;
if (type == MTK_PPE_PKT_TYPE_BRIDGE)
return mtk_foe_entry_commit_l2(ppe, entry);
- hash = mtk_ppe_hash_entry(&entry->data);
+ hash = mtk_ppe_hash_entry(ppe->eth, &entry->data);
entry->hash = 0xffff;
spin_lock_bh(&ppe_lock);
- hlist_add_head(&entry->list, &ppe->foe_flow[hash / 2]);
+ hlist_add_head(&entry->list, &ppe->foe_flow[hash / soc->hash_offset]);
spin_unlock_bh(&ppe_lock);
return 0;
@@ -558,6 +559,7 @@ static void
mtk_foe_entry_commit_subflow(struct mtk_ppe *ppe, struct mtk_flow_entry *entry,
u16 hash)
{
+ const struct mtk_soc_data *soc = ppe->eth->soc;
struct mtk_flow_entry *flow_info;
struct mtk_foe_entry foe, *hwe;
struct mtk_foe_mac_info *l2;
@@ -572,7 +574,8 @@ mtk_foe_entry_commit_subflow(struct mtk_ppe *ppe, struct mtk_flow_entry *entry,
flow_info->l2_data.base_flow = entry;
flow_info->type = MTK_FLOW_TYPE_L2_SUBFLOW;
flow_info->hash = hash;
- hlist_add_head(&flow_info->list, &ppe->foe_flow[hash / 2]);
+ hlist_add_head(&flow_info->list,
+ &ppe->foe_flow[hash / soc->hash_offset]);
hlist_add_head(&flow_info->l2_data.list, &entry->l2_flows);
hwe = &ppe->foe_table[hash];
@@ -596,7 +599,8 @@ mtk_foe_entry_commit_subflow(struct mtk_ppe *ppe, struct mtk_flow_entry *entry,
void __mtk_ppe_check_skb(struct mtk_ppe *ppe, struct sk_buff *skb, u16 hash)
{
- struct hlist_head *head = &ppe->foe_flow[hash / 2];
+ const struct mtk_soc_data *soc = ppe->eth->soc;
+ struct hlist_head *head = &ppe->foe_flow[hash / soc->hash_offset];
struct mtk_foe_entry *hwe = &ppe->foe_table[hash];
struct mtk_flow_entry *entry;
struct mtk_foe_bridge key = {};
@@ -680,9 +684,11 @@ int mtk_foe_entry_idle_time(struct mtk_ppe *ppe, struct mtk_flow_entry *entry)
struct mtk_ppe *mtk_ppe_init(struct mtk_eth *eth, void __iomem *base,
int version)
{
+ const struct mtk_soc_data *soc = eth->soc;
struct device *dev = eth->dev;
struct mtk_foe_entry *foe;
struct mtk_ppe *ppe;
+ u32 foe_flow_size;
ppe = devm_kzalloc(dev, sizeof(*ppe), GFP_KERNEL);
if (!ppe)
@@ -705,6 +711,12 @@ struct mtk_ppe *mtk_ppe_init(struct mtk_eth *eth, void __iomem *base,
ppe->foe_table = foe;
+ foe_flow_size = (MTK_PPE_ENTRIES / soc->hash_offset) *
+ sizeof(*ppe->foe_flow);
+ ppe->foe_flow = devm_kzalloc(dev, foe_flow_size, GFP_KERNEL);
+ if (!ppe->foe_flow)
+ return NULL;
+
mtk_ppe_debugfs_init(ppe);
return ppe;
diff --git a/drivers/net/ethernet/mediatek/mtk_ppe.h b/drivers/net/ethernet/mediatek/mtk_ppe.h
index ceb7dfe281de..7a16503690f3 100644
--- a/drivers/net/ethernet/mediatek/mtk_ppe.h
+++ b/drivers/net/ethernet/mediatek/mtk_ppe.h
@@ -270,7 +270,7 @@ struct mtk_ppe {
dma_addr_t foe_phys;
u16 foe_check_time[MTK_PPE_ENTRIES];
- struct hlist_head foe_flow[MTK_PPE_ENTRIES / 2];
+ struct hlist_head *foe_flow;
struct rhashtable l2_flows;
--
2.35.1
^ permalink raw reply related [flat|nested] 305+ messages in thread
* [PATCH 6.0 138/289] net: ethernet: mtk_eth_soc: fix resource leak in error path
2022-11-30 18:19 [PATCH 6.0 000/289] 6.0.11-rc1 review Greg Kroah-Hartman
` (136 preceding siblings ...)
2022-11-30 18:22 ` [PATCH 6.0 137/289] net: ethernet: mtk_eth_soc: move ppe table hash offset to mtk_soc_data structure Greg Kroah-Hartman
@ 2022-11-30 18:22 ` Greg Kroah-Hartman
2022-11-30 18:22 ` [PATCH 6.0 139/289] ipv4: Fix error return code in fib_table_insert() Greg Kroah-Hartman
` (160 subsequent siblings)
298 siblings, 0 replies; 305+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-30 18:22 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Yan Cangang, Leon Romanovsky,
Jakub Kicinski, Sasha Levin
From: Yan Cangang <nalanzeyu@gmail.com>
[ Upstream commit 8110437e59616293228cd781c486d8495a61e36a ]
In mtk_probe(), when mtk_ppe_init() or mtk_eth_offload_init() failed,
mtk_mdio_cleanup() isn't called. Fix it.
Fixes: ba37b7caf1ed ("net: ethernet: mtk_eth_soc: add support for initializing the PPE")
Fixes: 502e84e2382d ("net: ethernet: mtk_eth_soc: add flow offloading support")
Signed-off-by: Yan Cangang <nalanzeyu@gmail.com>
Reviewed-by: Leon Romanovsky <leonro@nvidia.com>
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/ethernet/mediatek/mtk_eth_soc.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/drivers/net/ethernet/mediatek/mtk_eth_soc.c b/drivers/net/ethernet/mediatek/mtk_eth_soc.c
index 3db24ddd1261..aee57b22c496 100644
--- a/drivers/net/ethernet/mediatek/mtk_eth_soc.c
+++ b/drivers/net/ethernet/mediatek/mtk_eth_soc.c
@@ -4114,12 +4114,12 @@ static int mtk_probe(struct platform_device *pdev)
eth->ppe = mtk_ppe_init(eth, eth->base + ppe_addr, 2);
if (!eth->ppe) {
err = -ENOMEM;
- goto err_free_dev;
+ goto err_deinit_mdio;
}
err = mtk_eth_offload_init(eth);
if (err)
- goto err_free_dev;
+ goto err_deinit_mdio;
}
for (i = 0; i < MTK_MAX_DEVS; i++) {
--
2.35.1
^ permalink raw reply related [flat|nested] 305+ messages in thread
* [PATCH 6.0 139/289] ipv4: Fix error return code in fib_table_insert()
2022-11-30 18:19 [PATCH 6.0 000/289] 6.0.11-rc1 review Greg Kroah-Hartman
` (137 preceding siblings ...)
2022-11-30 18:22 ` [PATCH 6.0 138/289] net: ethernet: mtk_eth_soc: fix resource leak in error path Greg Kroah-Hartman
@ 2022-11-30 18:22 ` Greg Kroah-Hartman
2022-11-30 18:22 ` [PATCH 6.0 140/289] arcnet: fix potential memory leak in com20020_probe() Greg Kroah-Hartman
` (159 subsequent siblings)
298 siblings, 0 replies; 305+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-30 18:22 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Ziyang Xuan, Jakub Kicinski, Sasha Levin
From: Ziyang Xuan <william.xuanziyang@huawei.com>
[ Upstream commit 568fe84940ac0e4e0b2cd7751b8b4911f7b9c215 ]
In fib_table_insert(), if the alias was already inserted, but node not
exist, the error code should be set before return from error handling path.
Fixes: a6c76c17df02 ("ipv4: Notify route after insertion to the routing table")
Signed-off-by: Ziyang Xuan <william.xuanziyang@huawei.com>
Link: https://lore.kernel.org/r/20221120072838.2167047-1-william.xuanziyang@huawei.com
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
net/ipv4/fib_trie.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/net/ipv4/fib_trie.c b/net/ipv4/fib_trie.c
index 452ff177e4da..f26d5ac117d6 100644
--- a/net/ipv4/fib_trie.c
+++ b/net/ipv4/fib_trie.c
@@ -1381,8 +1381,10 @@ int fib_table_insert(struct net *net, struct fib_table *tb,
/* The alias was already inserted, so the node must exist. */
l = l ? l : fib_find_node(t, &tp, key);
- if (WARN_ON_ONCE(!l))
+ if (WARN_ON_ONCE(!l)) {
+ err = -ENOENT;
goto out_free_new_fa;
+ }
if (fib_find_alias(&l->leaf, new_fa->fa_slen, 0, 0, tb->tb_id, true) ==
new_fa) {
--
2.35.1
^ permalink raw reply related [flat|nested] 305+ messages in thread
* [PATCH 6.0 140/289] arcnet: fix potential memory leak in com20020_probe()
2022-11-30 18:19 [PATCH 6.0 000/289] 6.0.11-rc1 review Greg Kroah-Hartman
` (138 preceding siblings ...)
2022-11-30 18:22 ` [PATCH 6.0 139/289] ipv4: Fix error return code in fib_table_insert() Greg Kroah-Hartman
@ 2022-11-30 18:22 ` Greg Kroah-Hartman
2022-11-30 18:22 ` [PATCH 6.0 141/289] net: dm9051: Fix missing dev_kfree_skb() in dm9051_loop_rx() Greg Kroah-Hartman
` (158 subsequent siblings)
298 siblings, 0 replies; 305+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-30 18:22 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Wang Hai, David S. Miller, Sasha Levin
From: Wang Hai <wanghai38@huawei.com>
[ Upstream commit 1c40cde6b5171d9c8dfc69be00464fd1c75e210b ]
In com20020_probe(), if com20020_config() fails, dev and info
will not be freed, which will lead to a memory leak.
This patch adds freeing dev and info after com20020_config()
fails to fix this bug.
Compile tested only.
Fixes: 15b99ac17295 ("[PATCH] pcmcia: add return value to _config() functions")
Signed-off-by: Wang Hai <wanghai38@huawei.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/arcnet/com20020_cs.c | 11 +++++++++--
1 file changed, 9 insertions(+), 2 deletions(-)
diff --git a/drivers/net/arcnet/com20020_cs.c b/drivers/net/arcnet/com20020_cs.c
index 24150c933fcb..dc3253b318da 100644
--- a/drivers/net/arcnet/com20020_cs.c
+++ b/drivers/net/arcnet/com20020_cs.c
@@ -113,6 +113,7 @@ static int com20020_probe(struct pcmcia_device *p_dev)
struct com20020_dev *info;
struct net_device *dev;
struct arcnet_local *lp;
+ int ret = -ENOMEM;
dev_dbg(&p_dev->dev, "com20020_attach()\n");
@@ -142,12 +143,18 @@ static int com20020_probe(struct pcmcia_device *p_dev)
info->dev = dev;
p_dev->priv = info;
- return com20020_config(p_dev);
+ ret = com20020_config(p_dev);
+ if (ret)
+ goto fail_config;
+
+ return 0;
+fail_config:
+ free_arcdev(dev);
fail_alloc_dev:
kfree(info);
fail_alloc_info:
- return -ENOMEM;
+ return ret;
} /* com20020_attach */
static void com20020_detach(struct pcmcia_device *link)
--
2.35.1
^ permalink raw reply related [flat|nested] 305+ messages in thread
* [PATCH 6.0 141/289] net: dm9051: Fix missing dev_kfree_skb() in dm9051_loop_rx()
2022-11-30 18:19 [PATCH 6.0 000/289] 6.0.11-rc1 review Greg Kroah-Hartman
` (139 preceding siblings ...)
2022-11-30 18:22 ` [PATCH 6.0 140/289] arcnet: fix potential memory leak in com20020_probe() Greg Kroah-Hartman
@ 2022-11-30 18:22 ` Greg Kroah-Hartman
2022-11-30 18:22 ` [PATCH 6.0 142/289] net/cdc_ncm: Fix multicast RX support for CDC NCM devices with ZLP Greg Kroah-Hartman
` (157 subsequent siblings)
298 siblings, 0 replies; 305+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-30 18:22 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Yuan Can, Maciej Fijalkowski,
David S. Miller, Sasha Levin
From: Yuan Can <yuancan@huawei.com>
[ Upstream commit bac81f40c2c1484a2bd416b3fbf983f6e76488cd ]
The dm9051_loop_rx() returns without release skb when dm9051_stop_mrcmd()
returns error, free the skb to avoid this leak.
Fixes: 2dc95a4d30ed ("net: Add dm9051 driver")
Signed-off-by: Yuan Can <yuancan@huawei.com>
Reviewed-by: Maciej Fijalkowski <maciej.fijalkowski@intel.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/ethernet/davicom/dm9051.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/drivers/net/ethernet/davicom/dm9051.c b/drivers/net/ethernet/davicom/dm9051.c
index a523ddda7609..de7105a84747 100644
--- a/drivers/net/ethernet/davicom/dm9051.c
+++ b/drivers/net/ethernet/davicom/dm9051.c
@@ -798,8 +798,10 @@ static int dm9051_loop_rx(struct board_info *db)
}
ret = dm9051_stop_mrcmd(db);
- if (ret)
+ if (ret) {
+ dev_kfree_skb(skb);
return ret;
+ }
skb->protocol = eth_type_trans(skb, db->ndev);
if (db->ndev->features & NETIF_F_RXCSUM)
--
2.35.1
^ permalink raw reply related [flat|nested] 305+ messages in thread
* [PATCH 6.0 142/289] net/cdc_ncm: Fix multicast RX support for CDC NCM devices with ZLP
2022-11-30 18:19 [PATCH 6.0 000/289] 6.0.11-rc1 review Greg Kroah-Hartman
` (140 preceding siblings ...)
2022-11-30 18:22 ` [PATCH 6.0 141/289] net: dm9051: Fix missing dev_kfree_skb() in dm9051_loop_rx() Greg Kroah-Hartman
@ 2022-11-30 18:22 ` Greg Kroah-Hartman
2022-11-30 18:22 ` [PATCH 6.0 143/289] s390/ap: fix memory leak in ap_init_qci_info() Greg Kroah-Hartman
` (156 subsequent siblings)
298 siblings, 0 replies; 305+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-30 18:22 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Santiago Ruano Rincón,
David S. Miller, Sasha Levin
From: Santiago Ruano Rincón <santiago.ruano-rincon@imt-atlantique.fr>
[ Upstream commit 748064b54c99418f615aabff5755996cd9816969 ]
ZLP for DisplayLink ethernet devices was enabled in 6.0:
266c0190aee3 ("net/cdc_ncm: Enable ZLP for DisplayLink ethernet devices").
The related driver_info should be the "same as cdc_ncm_info, but with
FLAG_SEND_ZLP". However, set_rx_mode that enables handling multicast
traffic was missing in the new cdc_ncm_zlp_info.
usbnet_cdc_update_filter rx mode was introduced in linux 5.9 with:
e10dcb1b6ba7 ("net: cdc_ncm: hook into set_rx_mode to admit multicast
traffic")
Without this hook, multicast, and then IPv6 SLAAC, is broken.
Fixes: 266c0190aee3 ("net/cdc_ncm: Enable ZLP for DisplayLink ethernet devices")
Signed-off-by: Santiago Ruano Rincón <santiago.ruano-rincon@imt-atlantique.fr>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/usb/cdc_ncm.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/drivers/net/usb/cdc_ncm.c b/drivers/net/usb/cdc_ncm.c
index 8d5cbda33f66..0897fdb6254b 100644
--- a/drivers/net/usb/cdc_ncm.c
+++ b/drivers/net/usb/cdc_ncm.c
@@ -1915,6 +1915,7 @@ static const struct driver_info cdc_ncm_zlp_info = {
.status = cdc_ncm_status,
.rx_fixup = cdc_ncm_rx_fixup,
.tx_fixup = cdc_ncm_tx_fixup,
+ .set_rx_mode = usbnet_cdc_update_filter,
};
/* Same as cdc_ncm_info, but with FLAG_WWAN */
--
2.35.1
^ permalink raw reply related [flat|nested] 305+ messages in thread
* [PATCH 6.0 143/289] s390/ap: fix memory leak in ap_init_qci_info()
2022-11-30 18:19 [PATCH 6.0 000/289] 6.0.11-rc1 review Greg Kroah-Hartman
` (141 preceding siblings ...)
2022-11-30 18:22 ` [PATCH 6.0 142/289] net/cdc_ncm: Fix multicast RX support for CDC NCM devices with ZLP Greg Kroah-Hartman
@ 2022-11-30 18:22 ` Greg Kroah-Hartman
2022-11-30 18:22 ` [PATCH 6.0 144/289] s390/dasd: fix no record found for raw_track_access Greg Kroah-Hartman
` (155 subsequent siblings)
298 siblings, 0 replies; 305+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-30 18:22 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Wei Yongjun, Harald Freudenberger,
Alexander Gordeev, Sasha Levin
From: Wei Yongjun <weiyongjun1@huawei.com>
[ Upstream commit 9ac74f0666ceab0b1047e9d59be846a3345e4e98 ]
If kzalloc() for 'ap_qci_info_old' failed, 'ap_qci_info' shold be
freed before return. Otherwise it is a memory leak.
Link: https://lore.kernel.org/r/20221114110830.542246-1-weiyongjun@huaweicloud.com
Fixes: 283915850a44 ("s390/ap: notify drivers on config changed and scan complete callbacks")
Signed-off-by: Wei Yongjun <weiyongjun1@huawei.com>
Signed-off-by: Harald Freudenberger <freude@linux.ibm.com>
Signed-off-by: Alexander Gordeev <agordeev@linux.ibm.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/s390/crypto/ap_bus.c | 5 ++++-
1 file changed, 4 insertions(+), 1 deletion(-)
diff --git a/drivers/s390/crypto/ap_bus.c b/drivers/s390/crypto/ap_bus.c
index 59ac98f2bd27..b02c631f3b71 100644
--- a/drivers/s390/crypto/ap_bus.c
+++ b/drivers/s390/crypto/ap_bus.c
@@ -233,8 +233,11 @@ static void __init ap_init_qci_info(void)
if (!ap_qci_info)
return;
ap_qci_info_old = kzalloc(sizeof(*ap_qci_info_old), GFP_KERNEL);
- if (!ap_qci_info_old)
+ if (!ap_qci_info_old) {
+ kfree(ap_qci_info);
+ ap_qci_info = NULL;
return;
+ }
if (ap_fetch_qci_info(ap_qci_info) != 0) {
kfree(ap_qci_info);
kfree(ap_qci_info_old);
--
2.35.1
^ permalink raw reply related [flat|nested] 305+ messages in thread
* [PATCH 6.0 144/289] s390/dasd: fix no record found for raw_track_access
2022-11-30 18:19 [PATCH 6.0 000/289] 6.0.11-rc1 review Greg Kroah-Hartman
` (142 preceding siblings ...)
2022-11-30 18:22 ` [PATCH 6.0 143/289] s390/ap: fix memory leak in ap_init_qci_info() Greg Kroah-Hartman
@ 2022-11-30 18:22 ` Greg Kroah-Hartman
2022-11-30 18:22 ` [PATCH 6.0 145/289] fscache: fix OOB Read in __fscache_acquire_volume Greg Kroah-Hartman
` (154 subsequent siblings)
298 siblings, 0 replies; 305+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-30 18:22 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Stefan Haberland, Jan Hoeppner,
Jens Axboe, Sasha Levin
From: Stefan Haberland <sth@linux.ibm.com>
[ Upstream commit 590ce6d96d6a224b470a3862c33a483d5022bfdb ]
For DASD devices in raw_track_access mode only full track images are
read and written.
For this purpose it is not necessary to do search operation in the
locate record extended function. The documentation even states that
this might fail if the searched record is not found on a track.
Currently the driver sets a value of 1 in the search field for the first
record after record zero. This is the default for disks not in
raw_track_access mode but record 1 might be missing on a completely
empty track.
There has not been any problem with this on IBM storage servers but it
might lead to errors with DASD devices on other vendors storage servers.
Fix this by setting the search field to 0. Record zero is always available
even on a completely empty track.
Fixes: e4dbb0f2b5dd ("[S390] dasd: Add support for raw ECKD access.")
Signed-off-by: Stefan Haberland <sth@linux.ibm.com>
Reviewed-by: Jan Hoeppner <hoeppner@linux.ibm.com>
Link: https://lore.kernel.org/r/20221123160719.3002694-4-sth@linux.ibm.com
Signed-off-by: Jens Axboe <axboe@kernel.dk>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/s390/block/dasd_eckd.c | 6 ++----
1 file changed, 2 insertions(+), 4 deletions(-)
diff --git a/drivers/s390/block/dasd_eckd.c b/drivers/s390/block/dasd_eckd.c
index 3cc93e2e4e15..2dec81e7e6ab 100644
--- a/drivers/s390/block/dasd_eckd.c
+++ b/drivers/s390/block/dasd_eckd.c
@@ -4681,7 +4681,6 @@ static struct dasd_ccw_req *dasd_eckd_build_cp_raw(struct dasd_device *startdev,
struct dasd_device *basedev;
struct req_iterator iter;
struct dasd_ccw_req *cqr;
- unsigned int first_offs;
unsigned int trkcount;
unsigned long *idaws;
unsigned int size;
@@ -4715,7 +4714,6 @@ static struct dasd_ccw_req *dasd_eckd_build_cp_raw(struct dasd_device *startdev,
last_trk = (blk_rq_pos(req) + blk_rq_sectors(req) - 1) /
DASD_RAW_SECTORS_PER_TRACK;
trkcount = last_trk - first_trk + 1;
- first_offs = 0;
if (rq_data_dir(req) == READ)
cmd = DASD_ECKD_CCW_READ_TRACK;
@@ -4759,13 +4757,13 @@ static struct dasd_ccw_req *dasd_eckd_build_cp_raw(struct dasd_device *startdev,
if (use_prefix) {
prefix_LRE(ccw++, data, first_trk, last_trk, cmd, basedev,
- startdev, 1, first_offs + 1, trkcount, 0, 0);
+ startdev, 1, 0, trkcount, 0, 0);
} else {
define_extent(ccw++, data, first_trk, last_trk, cmd, basedev, 0);
ccw[-1].flags |= CCW_FLAG_CC;
data += sizeof(struct DE_eckd_data);
- locate_record_ext(ccw++, data, first_trk, first_offs + 1,
+ locate_record_ext(ccw++, data, first_trk, 0,
trkcount, cmd, basedev, 0, 0);
}
--
2.35.1
^ permalink raw reply related [flat|nested] 305+ messages in thread
* [PATCH 6.0 145/289] fscache: fix OOB Read in __fscache_acquire_volume
2022-11-30 18:19 [PATCH 6.0 000/289] 6.0.11-rc1 review Greg Kroah-Hartman
` (143 preceding siblings ...)
2022-11-30 18:22 ` [PATCH 6.0 144/289] s390/dasd: fix no record found for raw_track_access Greg Kroah-Hartman
@ 2022-11-30 18:22 ` Greg Kroah-Hartman
2022-11-30 18:22 ` [PATCH 6.0 146/289] nfc: st-nci: fix incorrect validating logic in EVT_TRANSACTION Greg Kroah-Hartman
` (153 subsequent siblings)
298 siblings, 0 replies; 305+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-30 18:22 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, syzbot+a76f6a6e524cf2080aa3,
David Howells, Zhang Peng, Jingbo Xu, Dominique Martinet,
Jeff Layton, v9fs-developer, linux-cachefs, Linus Torvalds,
Sasha Levin
From: David Howells <dhowells@redhat.com>
[ Upstream commit 9f0933ac026f7e54fe096797af9de20724e79097 ]
The type of a->key[0] is char in fscache_volume_same(). If the length
of cache volume key is greater than 127, the value of a->key[0] is less
than 0. In this case, klen becomes much larger than 255 after type
conversion, because the type of klen is size_t. As a result, memcmp()
is read out of bounds.
This causes a slab-out-of-bounds Read in __fscache_acquire_volume(), as
reported by Syzbot.
Fix this by changing the type of the stored key to "u8 *" rather than
"char *" (it isn't a simple string anyway). Also put in a check that
the volume name doesn't exceed NAME_MAX.
BUG: KASAN: slab-out-of-bounds in memcmp+0x16f/0x1c0 lib/string.c:757
Read of size 8 at addr ffff888016f3aa90 by task syz-executor344/3613
Call Trace:
memcmp+0x16f/0x1c0 lib/string.c:757
memcmp include/linux/fortify-string.h:420 [inline]
fscache_volume_same fs/fscache/volume.c:133 [inline]
fscache_hash_volume fs/fscache/volume.c:171 [inline]
__fscache_acquire_volume+0x76c/0x1080 fs/fscache/volume.c:328
fscache_acquire_volume include/linux/fscache.h:204 [inline]
v9fs_cache_session_get_cookie+0x143/0x240 fs/9p/cache.c:34
v9fs_session_init+0x1166/0x1810 fs/9p/v9fs.c:473
v9fs_mount+0xba/0xc90 fs/9p/vfs_super.c:126
legacy_get_tree+0x105/0x220 fs/fs_context.c:610
vfs_get_tree+0x89/0x2f0 fs/super.c:1530
do_new_mount fs/namespace.c:3040 [inline]
path_mount+0x1326/0x1e20 fs/namespace.c:3370
do_mount fs/namespace.c:3383 [inline]
__do_sys_mount fs/namespace.c:3591 [inline]
__se_sys_mount fs/namespace.c:3568 [inline]
__x64_sys_mount+0x27f/0x300 fs/namespace.c:3568
Fixes: 62ab63352350 ("fscache: Implement volume registration")
Reported-by: syzbot+a76f6a6e524cf2080aa3@syzkaller.appspotmail.com
Signed-off-by: David Howells <dhowells@redhat.com>
Reviewed-by: Zhang Peng <zhangpeng362@huawei.com>
Reviewed-by: Jingbo Xu <jefflexu@linux.alibaba.com>
cc: Dominique Martinet <asmadeus@codewreck.org>
cc: Jeff Layton <jlayton@kernel.org>
cc: v9fs-developer@lists.sourceforge.net
cc: linux-cachefs@redhat.com
Link: https://lore.kernel.org/r/Y3OH+Dmi0QIOK18n@codewreck.org/ # Zhang Peng's v1 fix
Link: https://lore.kernel.org/r/20221115140447.2971680-1-zhangpeng362@huawei.com/ # Zhang Peng's v2 fix
Link: https://lore.kernel.org/r/166869954095.3793579.8500020902371015443.stgit@warthog.procyon.org.uk/ # v1
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
fs/fscache/volume.c | 7 +++++--
include/linux/fscache.h | 2 +-
2 files changed, 6 insertions(+), 3 deletions(-)
diff --git a/fs/fscache/volume.c b/fs/fscache/volume.c
index a058e0136bfe..ab8ceddf9efa 100644
--- a/fs/fscache/volume.c
+++ b/fs/fscache/volume.c
@@ -203,7 +203,11 @@ static struct fscache_volume *fscache_alloc_volume(const char *volume_key,
struct fscache_volume *volume;
struct fscache_cache *cache;
size_t klen, hlen;
- char *key;
+ u8 *key;
+
+ klen = strlen(volume_key);
+ if (klen > NAME_MAX)
+ return NULL;
if (!coherency_data)
coherency_len = 0;
@@ -229,7 +233,6 @@ static struct fscache_volume *fscache_alloc_volume(const char *volume_key,
/* Stick the length on the front of the key and pad it out to make
* hashing easier.
*/
- klen = strlen(volume_key);
hlen = round_up(1 + klen + 1, sizeof(__le32));
key = kzalloc(hlen, GFP_KERNEL);
if (!key)
diff --git a/include/linux/fscache.h b/include/linux/fscache.h
index 36e5dd84cf59..8e312c8323a8 100644
--- a/include/linux/fscache.h
+++ b/include/linux/fscache.h
@@ -75,7 +75,7 @@ struct fscache_volume {
atomic_t n_accesses; /* Number of cache accesses in progress */
unsigned int debug_id;
unsigned int key_hash; /* Hash of key string */
- char *key; /* Volume ID, eg. "afs@example.com@1234" */
+ u8 *key; /* Volume ID, eg. "afs@example.com@1234" */
struct list_head proc_link; /* Link in /proc/fs/fscache/volumes */
struct hlist_bl_node hash_link; /* Link in hash table */
struct work_struct work;
--
2.35.1
^ permalink raw reply related [flat|nested] 305+ messages in thread
* [PATCH 6.0 146/289] nfc: st-nci: fix incorrect validating logic in EVT_TRANSACTION
2022-11-30 18:19 [PATCH 6.0 000/289] 6.0.11-rc1 review Greg Kroah-Hartman
` (144 preceding siblings ...)
2022-11-30 18:22 ` [PATCH 6.0 145/289] fscache: fix OOB Read in __fscache_acquire_volume Greg Kroah-Hartman
@ 2022-11-30 18:22 ` Greg Kroah-Hartman
2022-11-30 18:22 ` [PATCH 6.0 147/289] nfc: st-nci: fix memory leaks " Greg Kroah-Hartman
` (152 subsequent siblings)
298 siblings, 0 replies; 305+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-30 18:22 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Denis Efremov, Guenter Roeck,
Martin Faltesek, Krzysztof Kozlowski, Jakub Kicinski,
Sasha Levin
From: Martin Faltesek <mfaltesek@google.com>
[ Upstream commit c60c152230828825c06e62a8f1ce956d4b659266 ]
The first validation check for EVT_TRANSACTION has two different checks
tied together with logical AND. One is a check for minimum packet length,
and the other is for a valid aid_tag. If either condition is true (fails),
then an error should be triggered. The fix is to change && to ||.
Reported-by: Denis Efremov <denis.e.efremov@oracle.com>
Reviewed-by: Guenter Roeck <groeck@google.com>
Fixes: 5d1ceb7f5e56 ("NFC: st21nfcb: Add HCI transaction event support")
Signed-off-by: Martin Faltesek <mfaltesek@google.com>
Reviewed-by: Krzysztof Kozlowski <krzysztof.kozlowski@linaro.org>
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/nfc/st-nci/se.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/nfc/st-nci/se.c b/drivers/nfc/st-nci/se.c
index 7764b1a4c3cf..589e1dec78e7 100644
--- a/drivers/nfc/st-nci/se.c
+++ b/drivers/nfc/st-nci/se.c
@@ -326,7 +326,7 @@ static int st_nci_hci_connectivity_event_received(struct nci_dev *ndev,
* AID 81 5 to 16
* PARAMETERS 82 0 to 255
*/
- if (skb->len < NFC_MIN_AID_LENGTH + 2 &&
+ if (skb->len < NFC_MIN_AID_LENGTH + 2 ||
skb->data[0] != NFC_EVT_TRANSACTION_AID_TAG)
return -EPROTO;
--
2.35.1
^ permalink raw reply related [flat|nested] 305+ messages in thread
* [PATCH 6.0 147/289] nfc: st-nci: fix memory leaks in EVT_TRANSACTION
2022-11-30 18:19 [PATCH 6.0 000/289] 6.0.11-rc1 review Greg Kroah-Hartman
` (145 preceding siblings ...)
2022-11-30 18:22 ` [PATCH 6.0 146/289] nfc: st-nci: fix incorrect validating logic in EVT_TRANSACTION Greg Kroah-Hartman
@ 2022-11-30 18:22 ` Greg Kroah-Hartman
2022-11-30 18:22 ` [PATCH 6.0 148/289] nfc: st-nci: fix incorrect sizing calculations " Greg Kroah-Hartman
` (151 subsequent siblings)
298 siblings, 0 replies; 305+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-30 18:22 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Denis Efremov, Guenter Roeck,
Martin Faltesek, Krzysztof Kozlowski, Jakub Kicinski,
Sasha Levin
From: Martin Faltesek <mfaltesek@google.com>
[ Upstream commit 440f2ae9c9f06e26f5dcea697a53717fc61a318c ]
Error path does not free previously allocated memory. Add devm_kfree() to
the failure path.
Reported-by: Denis Efremov <denis.e.efremov@oracle.com>
Reviewed-by: Guenter Roeck <groeck@google.com>
Fixes: 5d1ceb7f5e56 ("NFC: st21nfcb: Add HCI transaction event support")
Signed-off-by: Martin Faltesek <mfaltesek@google.com>
Reviewed-by: Krzysztof Kozlowski <krzysztof.kozlowski@linaro.org>
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/nfc/st-nci/se.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/drivers/nfc/st-nci/se.c b/drivers/nfc/st-nci/se.c
index 589e1dec78e7..fc59916ae5ae 100644
--- a/drivers/nfc/st-nci/se.c
+++ b/drivers/nfc/st-nci/se.c
@@ -339,8 +339,10 @@ static int st_nci_hci_connectivity_event_received(struct nci_dev *ndev,
/* Check next byte is PARAMETERS tag (82) */
if (skb->data[transaction->aid_len + 2] !=
- NFC_EVT_TRANSACTION_PARAMS_TAG)
+ NFC_EVT_TRANSACTION_PARAMS_TAG) {
+ devm_kfree(dev, transaction);
return -EPROTO;
+ }
transaction->params_len = skb->data[transaction->aid_len + 3];
memcpy(transaction->params, skb->data +
--
2.35.1
^ permalink raw reply related [flat|nested] 305+ messages in thread
* [PATCH 6.0 148/289] nfc: st-nci: fix incorrect sizing calculations in EVT_TRANSACTION
2022-11-30 18:19 [PATCH 6.0 000/289] 6.0.11-rc1 review Greg Kroah-Hartman
` (146 preceding siblings ...)
2022-11-30 18:22 ` [PATCH 6.0 147/289] nfc: st-nci: fix memory leaks " Greg Kroah-Hartman
@ 2022-11-30 18:22 ` Greg Kroah-Hartman
2022-11-30 18:22 ` [PATCH 6.0 149/289] net: marvell: prestera: add missing unregister_netdev() in prestera_port_create() Greg Kroah-Hartman
` (150 subsequent siblings)
298 siblings, 0 replies; 305+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-30 18:22 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Denis Efremov, Guenter Roeck,
Martin Faltesek, Krzysztof Kozlowski, Jakub Kicinski,
Sasha Levin
From: Martin Faltesek <mfaltesek@google.com>
[ Upstream commit 0254f31a7df3bb3b90c2d9dd2d4052f7b95eb287 ]
The transaction buffer is allocated by using the size of the packet buf,
and subtracting two which seems intended to remove the two tags which are
not present in the target structure. This calculation leads to under
counting memory because of differences between the packet contents and the
target structure. The aid_len field is a u8 in the packet, but a u32 in
the structure, resulting in at least 3 bytes always being under counted.
Further, the aid data is a variable length field in the packet, but fixed
in the structure, so if this field is less than the max, the difference is
added to the under counting.
To fix, perform validation checks progressively to safely reach the
next field, to determine the size of both buffers and verify both tags.
Once all validation checks pass, allocate the buffer and copy the data.
This eliminates freeing memory on the error path, as validation checks are
moved ahead of memory allocation.
Reported-by: Denis Efremov <denis.e.efremov@oracle.com>
Reviewed-by: Guenter Roeck <groeck@google.com>
Fixes: 5d1ceb7f5e56 ("NFC: st21nfcb: Add HCI transaction event support")
Signed-off-by: Martin Faltesek <mfaltesek@google.com>
Reviewed-by: Krzysztof Kozlowski <krzysztof.kozlowski@linaro.org>
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/nfc/st-nci/se.c | 51 +++++++++++++++++++++++++++++------------
1 file changed, 36 insertions(+), 15 deletions(-)
diff --git a/drivers/nfc/st-nci/se.c b/drivers/nfc/st-nci/se.c
index fc59916ae5ae..ec87dd21e054 100644
--- a/drivers/nfc/st-nci/se.c
+++ b/drivers/nfc/st-nci/se.c
@@ -312,6 +312,8 @@ static int st_nci_hci_connectivity_event_received(struct nci_dev *ndev,
int r = 0;
struct device *dev = &ndev->nfc_dev->dev;
struct nfc_evt_transaction *transaction;
+ u32 aid_len;
+ u8 params_len;
pr_debug("connectivity gate event: %x\n", event);
@@ -325,28 +327,47 @@ static int st_nci_hci_connectivity_event_received(struct nci_dev *ndev,
* Description Tag Length
* AID 81 5 to 16
* PARAMETERS 82 0 to 255
+ *
+ * The key differences are aid storage length is variably sized
+ * in the packet, but fixed in nfc_evt_transaction, and that
+ * the aid_len is u8 in the packet, but u32 in the structure,
+ * and the tags in the packet are not included in
+ * nfc_evt_transaction.
+ *
+ * size(b): 1 1 5-16 1 1 0-255
+ * offset: 0 1 2 aid_len + 2 aid_len + 3 aid_len + 4
+ * mem name: aid_tag(M) aid_len aid params_tag(M) params_len params
+ * example: 0x81 5-16 X 0x82 0-255 X
*/
- if (skb->len < NFC_MIN_AID_LENGTH + 2 ||
- skb->data[0] != NFC_EVT_TRANSACTION_AID_TAG)
+ if (skb->len < 2 || skb->data[0] != NFC_EVT_TRANSACTION_AID_TAG)
return -EPROTO;
- transaction = devm_kzalloc(dev, skb->len - 2, GFP_KERNEL);
- if (!transaction)
- return -ENOMEM;
+ aid_len = skb->data[1];
- transaction->aid_len = skb->data[1];
- memcpy(transaction->aid, &skb->data[2], transaction->aid_len);
+ if (skb->len < aid_len + 4 ||
+ aid_len > sizeof(transaction->aid))
+ return -EPROTO;
- /* Check next byte is PARAMETERS tag (82) */
- if (skb->data[transaction->aid_len + 2] !=
- NFC_EVT_TRANSACTION_PARAMS_TAG) {
- devm_kfree(dev, transaction);
+ params_len = skb->data[aid_len + 3];
+
+ /* Verify PARAMETERS tag is (82), and final check that there is
+ * enough space in the packet to read everything.
+ */
+ if (skb->data[aid_len + 2] != NFC_EVT_TRANSACTION_PARAMS_TAG ||
+ skb->len < aid_len + 4 + params_len)
return -EPROTO;
- }
- transaction->params_len = skb->data[transaction->aid_len + 3];
- memcpy(transaction->params, skb->data +
- transaction->aid_len + 4, transaction->params_len);
+ transaction = devm_kzalloc(dev, sizeof(*transaction) +
+ params_len, GFP_KERNEL);
+ if (!transaction)
+ return -ENOMEM;
+
+ transaction->aid_len = aid_len;
+ transaction->params_len = params_len;
+
+ memcpy(transaction->aid, &skb->data[2], aid_len);
+ memcpy(transaction->params, &skb->data[aid_len + 4],
+ params_len);
r = nfc_se_transaction(ndev->nfc_dev, host, transaction);
break;
--
2.35.1
^ permalink raw reply related [flat|nested] 305+ messages in thread
* [PATCH 6.0 149/289] net: marvell: prestera: add missing unregister_netdev() in prestera_port_create()
2022-11-30 18:19 [PATCH 6.0 000/289] 6.0.11-rc1 review Greg Kroah-Hartman
` (147 preceding siblings ...)
2022-11-30 18:22 ` [PATCH 6.0 148/289] nfc: st-nci: fix incorrect sizing calculations " Greg Kroah-Hartman
@ 2022-11-30 18:22 ` Greg Kroah-Hartman
2022-11-30 18:22 ` [PATCH 6.0 150/289] net: enetc: cache accesses to &priv->si->hw Greg Kroah-Hartman
` (149 subsequent siblings)
298 siblings, 0 replies; 305+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-30 18:22 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Zhang Changzhong,
Maciej Fijalkowski, Jakub Kicinski, Sasha Levin
From: Zhang Changzhong <zhangchangzhong@huawei.com>
[ Upstream commit 9a234a2a085ab9fd2be8d0c1eedfcd10f74b97eb ]
If prestera_port_sfp_bind() fails, unregister_netdev() should be called
in error handling path.
Compile tested only.
Fixes: 52323ef75414 ("net: marvell: prestera: add phylink support")
Signed-off-by: Zhang Changzhong <zhangchangzhong@huawei.com>
Reviewed-by: Maciej Fijalkowski <maciej.fijalkowski@intel.com>
Link: https://lore.kernel.org/r/1669115432-36841-1-git-send-email-zhangchangzhong@huawei.com
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/ethernet/marvell/prestera/prestera_main.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/drivers/net/ethernet/marvell/prestera/prestera_main.c b/drivers/net/ethernet/marvell/prestera/prestera_main.c
index a0ad0bcbf89f..9f588ecba93e 100644
--- a/drivers/net/ethernet/marvell/prestera/prestera_main.c
+++ b/drivers/net/ethernet/marvell/prestera/prestera_main.c
@@ -730,6 +730,7 @@ static int prestera_port_create(struct prestera_switch *sw, u32 id)
return 0;
err_sfp_bind:
+ unregister_netdev(dev);
err_register_netdev:
prestera_port_list_del(port);
err_port_init:
--
2.35.1
^ permalink raw reply related [flat|nested] 305+ messages in thread
* [PATCH 6.0 150/289] net: enetc: cache accesses to &priv->si->hw
2022-11-30 18:19 [PATCH 6.0 000/289] 6.0.11-rc1 review Greg Kroah-Hartman
` (148 preceding siblings ...)
2022-11-30 18:22 ` [PATCH 6.0 149/289] net: marvell: prestera: add missing unregister_netdev() in prestera_port_create() Greg Kroah-Hartman
@ 2022-11-30 18:22 ` Greg Kroah-Hartman
2022-11-30 18:22 ` [PATCH 6.0 151/289] net: enetc: preserve TX ring priority across reconfiguration Greg Kroah-Hartman
` (148 subsequent siblings)
298 siblings, 0 replies; 305+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-30 18:22 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Vladimir Oltean, Jakub Kicinski,
Sasha Levin
From: Vladimir Oltean <vladimir.oltean@nxp.com>
[ Upstream commit 715bf2610f1d1adf3d4f9b7b3dd729984ec4270a ]
The &priv->si->hw construct dereferences 2 pointers and makes lines
longer than they need to be, in turn making the code harder to read.
Replace &priv->si->hw accesses with a "hw" variable when there are 2 or
more accesses within a function that dereference this. This includes
loops, since &priv->si->hw is a loop invariant.
Signed-off-by: Vladimir Oltean <vladimir.oltean@nxp.com>
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Stable-dep-of: 290b5fe096e7 ("net: enetc: preserve TX ring priority across reconfiguration")
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/ethernet/freescale/enetc/enetc.c | 28 +++++----
drivers/net/ethernet/freescale/enetc/enetc.h | 9 +--
.../net/ethernet/freescale/enetc/enetc_qos.c | 60 +++++++++----------
3 files changed, 49 insertions(+), 48 deletions(-)
diff --git a/drivers/net/ethernet/freescale/enetc/enetc.c b/drivers/net/ethernet/freescale/enetc/enetc.c
index d0fd3045ce11..e6dbc78f490c 100644
--- a/drivers/net/ethernet/freescale/enetc/enetc.c
+++ b/drivers/net/ethernet/freescale/enetc/enetc.c
@@ -2121,13 +2121,14 @@ static void enetc_setup_rxbdr(struct enetc_hw *hw, struct enetc_bdr *rx_ring)
static void enetc_setup_bdrs(struct enetc_ndev_priv *priv)
{
+ struct enetc_hw *hw = &priv->si->hw;
int i;
for (i = 0; i < priv->num_tx_rings; i++)
- enetc_setup_txbdr(&priv->si->hw, priv->tx_ring[i]);
+ enetc_setup_txbdr(hw, priv->tx_ring[i]);
for (i = 0; i < priv->num_rx_rings; i++)
- enetc_setup_rxbdr(&priv->si->hw, priv->rx_ring[i]);
+ enetc_setup_rxbdr(hw, priv->rx_ring[i]);
}
static void enetc_clear_rxbdr(struct enetc_hw *hw, struct enetc_bdr *rx_ring)
@@ -2160,13 +2161,14 @@ static void enetc_clear_txbdr(struct enetc_hw *hw, struct enetc_bdr *tx_ring)
static void enetc_clear_bdrs(struct enetc_ndev_priv *priv)
{
+ struct enetc_hw *hw = &priv->si->hw;
int i;
for (i = 0; i < priv->num_tx_rings; i++)
- enetc_clear_txbdr(&priv->si->hw, priv->tx_ring[i]);
+ enetc_clear_txbdr(hw, priv->tx_ring[i]);
for (i = 0; i < priv->num_rx_rings; i++)
- enetc_clear_rxbdr(&priv->si->hw, priv->rx_ring[i]);
+ enetc_clear_rxbdr(hw, priv->rx_ring[i]);
udelay(1);
}
@@ -2174,13 +2176,13 @@ static void enetc_clear_bdrs(struct enetc_ndev_priv *priv)
static int enetc_setup_irqs(struct enetc_ndev_priv *priv)
{
struct pci_dev *pdev = priv->si->pdev;
+ struct enetc_hw *hw = &priv->si->hw;
int i, j, err;
for (i = 0; i < priv->bdr_int_num; i++) {
int irq = pci_irq_vector(pdev, ENETC_BDR_INT_BASE_IDX + i);
struct enetc_int_vector *v = priv->int_vector[i];
int entry = ENETC_BDR_INT_BASE_IDX + i;
- struct enetc_hw *hw = &priv->si->hw;
snprintf(v->name, sizeof(v->name), "%s-rxtx%d",
priv->ndev->name, i);
@@ -2268,13 +2270,14 @@ static void enetc_setup_interrupts(struct enetc_ndev_priv *priv)
static void enetc_clear_interrupts(struct enetc_ndev_priv *priv)
{
+ struct enetc_hw *hw = &priv->si->hw;
int i;
for (i = 0; i < priv->num_tx_rings; i++)
- enetc_txbdr_wr(&priv->si->hw, i, ENETC_TBIER, 0);
+ enetc_txbdr_wr(hw, i, ENETC_TBIER, 0);
for (i = 0; i < priv->num_rx_rings; i++)
- enetc_rxbdr_wr(&priv->si->hw, i, ENETC_RBIER, 0);
+ enetc_rxbdr_wr(hw, i, ENETC_RBIER, 0);
}
static int enetc_phylink_connect(struct net_device *ndev)
@@ -2441,6 +2444,7 @@ int enetc_setup_tc_mqprio(struct net_device *ndev, void *type_data)
{
struct enetc_ndev_priv *priv = netdev_priv(ndev);
struct tc_mqprio_qopt *mqprio = type_data;
+ struct enetc_hw *hw = &priv->si->hw;
struct enetc_bdr *tx_ring;
int num_stack_tx_queues;
u8 num_tc;
@@ -2457,7 +2461,7 @@ int enetc_setup_tc_mqprio(struct net_device *ndev, void *type_data)
/* Reset all ring priorities to 0 */
for (i = 0; i < priv->num_tx_rings; i++) {
tx_ring = priv->tx_ring[i];
- enetc_set_bdr_prio(&priv->si->hw, tx_ring->index, 0);
+ enetc_set_bdr_prio(hw, tx_ring->index, 0);
}
return 0;
@@ -2476,7 +2480,7 @@ int enetc_setup_tc_mqprio(struct net_device *ndev, void *type_data)
*/
for (i = 0; i < num_tc; i++) {
tx_ring = priv->tx_ring[i];
- enetc_set_bdr_prio(&priv->si->hw, tx_ring->index, i);
+ enetc_set_bdr_prio(hw, tx_ring->index, i);
}
/* Reset the number of netdev queues based on the TC count */
@@ -2589,19 +2593,21 @@ static int enetc_set_rss(struct net_device *ndev, int en)
static void enetc_enable_rxvlan(struct net_device *ndev, bool en)
{
struct enetc_ndev_priv *priv = netdev_priv(ndev);
+ struct enetc_hw *hw = &priv->si->hw;
int i;
for (i = 0; i < priv->num_rx_rings; i++)
- enetc_bdr_enable_rxvlan(&priv->si->hw, i, en);
+ enetc_bdr_enable_rxvlan(hw, i, en);
}
static void enetc_enable_txvlan(struct net_device *ndev, bool en)
{
struct enetc_ndev_priv *priv = netdev_priv(ndev);
+ struct enetc_hw *hw = &priv->si->hw;
int i;
for (i = 0; i < priv->num_tx_rings; i++)
- enetc_bdr_enable_txvlan(&priv->si->hw, i, en);
+ enetc_bdr_enable_txvlan(hw, i, en);
}
void enetc_set_features(struct net_device *ndev, netdev_features_t features)
diff --git a/drivers/net/ethernet/freescale/enetc/enetc.h b/drivers/net/ethernet/freescale/enetc/enetc.h
index 2cfe6944ebd3..748677b2ce1f 100644
--- a/drivers/net/ethernet/freescale/enetc/enetc.h
+++ b/drivers/net/ethernet/freescale/enetc/enetc.h
@@ -467,19 +467,20 @@ int enetc_set_psfp(struct net_device *ndev, bool en);
static inline void enetc_get_max_cap(struct enetc_ndev_priv *priv)
{
+ struct enetc_hw *hw = &priv->si->hw;
u32 reg;
- reg = enetc_port_rd(&priv->si->hw, ENETC_PSIDCAPR);
+ reg = enetc_port_rd(hw, ENETC_PSIDCAPR);
priv->psfp_cap.max_streamid = reg & ENETC_PSIDCAPR_MSK;
/* Port stream filter capability */
- reg = enetc_port_rd(&priv->si->hw, ENETC_PSFCAPR);
+ reg = enetc_port_rd(hw, ENETC_PSFCAPR);
priv->psfp_cap.max_psfp_filter = reg & ENETC_PSFCAPR_MSK;
/* Port stream gate capability */
- reg = enetc_port_rd(&priv->si->hw, ENETC_PSGCAPR);
+ reg = enetc_port_rd(hw, ENETC_PSGCAPR);
priv->psfp_cap.max_psfp_gate = (reg & ENETC_PSGCAPR_SGIT_MSK);
priv->psfp_cap.max_psfp_gatelist = (reg & ENETC_PSGCAPR_GCL_MSK) >> 16;
/* Port flow meter capability */
- reg = enetc_port_rd(&priv->si->hw, ENETC_PFMCAPR);
+ reg = enetc_port_rd(hw, ENETC_PFMCAPR);
priv->psfp_cap.max_psfp_meter = reg & ENETC_PFMCAPR_MSK;
}
diff --git a/drivers/net/ethernet/freescale/enetc/enetc_qos.c b/drivers/net/ethernet/freescale/enetc/enetc_qos.c
index f8a2f02ce22d..2e783ef73690 100644
--- a/drivers/net/ethernet/freescale/enetc/enetc_qos.c
+++ b/drivers/net/ethernet/freescale/enetc/enetc_qos.c
@@ -17,8 +17,9 @@ static u16 enetc_get_max_gcl_len(struct enetc_hw *hw)
void enetc_sched_speed_set(struct enetc_ndev_priv *priv, int speed)
{
+ struct enetc_hw *hw = &priv->si->hw;
u32 old_speed = priv->speed;
- u32 pspeed;
+ u32 pspeed, tmp;
if (speed == old_speed)
return;
@@ -39,16 +40,15 @@ void enetc_sched_speed_set(struct enetc_ndev_priv *priv, int speed)
}
priv->speed = speed;
- enetc_port_wr(&priv->si->hw, ENETC_PMR,
- (enetc_port_rd(&priv->si->hw, ENETC_PMR)
- & (~ENETC_PMR_PSPEED_MASK))
- | pspeed);
+ tmp = enetc_port_rd(hw, ENETC_PMR);
+ enetc_port_wr(hw, ENETC_PMR, (tmp & ~ENETC_PMR_PSPEED_MASK) | pspeed);
}
static int enetc_setup_taprio(struct net_device *ndev,
struct tc_taprio_qopt_offload *admin_conf)
{
struct enetc_ndev_priv *priv = netdev_priv(ndev);
+ struct enetc_hw *hw = &priv->si->hw;
struct enetc_cbd cbd = {.cmd = 0};
struct tgs_gcl_conf *gcl_config;
struct tgs_gcl_data *gcl_data;
@@ -61,15 +61,13 @@ static int enetc_setup_taprio(struct net_device *ndev,
int err;
int i;
- if (admin_conf->num_entries > enetc_get_max_gcl_len(&priv->si->hw))
+ if (admin_conf->num_entries > enetc_get_max_gcl_len(hw))
return -EINVAL;
gcl_len = admin_conf->num_entries;
- tge = enetc_rd(&priv->si->hw, ENETC_QBV_PTGCR_OFFSET);
+ tge = enetc_rd(hw, ENETC_QBV_PTGCR_OFFSET);
if (!admin_conf->enable) {
- enetc_wr(&priv->si->hw,
- ENETC_QBV_PTGCR_OFFSET,
- tge & (~ENETC_QBV_TGE));
+ enetc_wr(hw, ENETC_QBV_PTGCR_OFFSET, tge & ~ENETC_QBV_TGE);
priv->active_offloads &= ~ENETC_F_QBV;
@@ -117,14 +115,11 @@ static int enetc_setup_taprio(struct net_device *ndev,
cbd.cls = BDCR_CMD_PORT_GCL;
cbd.status_flags = 0;
- enetc_wr(&priv->si->hw, ENETC_QBV_PTGCR_OFFSET,
- tge | ENETC_QBV_TGE);
+ enetc_wr(hw, ENETC_QBV_PTGCR_OFFSET, tge | ENETC_QBV_TGE);
err = enetc_send_cmd(priv->si, &cbd);
if (err)
- enetc_wr(&priv->si->hw,
- ENETC_QBV_PTGCR_OFFSET,
- tge & (~ENETC_QBV_TGE));
+ enetc_wr(hw, ENETC_QBV_PTGCR_OFFSET, tge & ~ENETC_QBV_TGE);
enetc_cbd_free_data_mem(priv->si, data_size, tmp, &dma);
@@ -138,6 +133,7 @@ int enetc_setup_tc_taprio(struct net_device *ndev, void *type_data)
{
struct tc_taprio_qopt_offload *taprio = type_data;
struct enetc_ndev_priv *priv = netdev_priv(ndev);
+ struct enetc_hw *hw = &priv->si->hw;
int err;
int i;
@@ -147,16 +143,14 @@ int enetc_setup_tc_taprio(struct net_device *ndev, void *type_data)
return -EBUSY;
for (i = 0; i < priv->num_tx_rings; i++)
- enetc_set_bdr_prio(&priv->si->hw,
- priv->tx_ring[i]->index,
+ enetc_set_bdr_prio(hw, priv->tx_ring[i]->index,
taprio->enable ? i : 0);
err = enetc_setup_taprio(ndev, taprio);
if (err)
for (i = 0; i < priv->num_tx_rings; i++)
- enetc_set_bdr_prio(&priv->si->hw,
- priv->tx_ring[i]->index,
+ enetc_set_bdr_prio(hw, priv->tx_ring[i]->index,
taprio->enable ? 0 : i);
return err;
@@ -178,7 +172,7 @@ int enetc_setup_tc_cbs(struct net_device *ndev, void *type_data)
struct tc_cbs_qopt_offload *cbs = type_data;
u32 port_transmit_rate = priv->speed;
u8 tc_nums = netdev_get_num_tc(ndev);
- struct enetc_si *si = priv->si;
+ struct enetc_hw *hw = &priv->si->hw;
u32 hi_credit_bit, hi_credit_reg;
u32 max_interference_size;
u32 port_frame_max_size;
@@ -199,15 +193,15 @@ int enetc_setup_tc_cbs(struct net_device *ndev, void *type_data)
* lower than this TC have been disabled.
*/
if (tc == prio_top &&
- enetc_get_cbs_enable(&si->hw, prio_next)) {
+ enetc_get_cbs_enable(hw, prio_next)) {
dev_err(&ndev->dev,
"Disable TC%d before disable TC%d\n",
prio_next, tc);
return -EINVAL;
}
- enetc_port_wr(&si->hw, ENETC_PTCCBSR1(tc), 0);
- enetc_port_wr(&si->hw, ENETC_PTCCBSR0(tc), 0);
+ enetc_port_wr(hw, ENETC_PTCCBSR1(tc), 0);
+ enetc_port_wr(hw, ENETC_PTCCBSR0(tc), 0);
return 0;
}
@@ -224,13 +218,13 @@ int enetc_setup_tc_cbs(struct net_device *ndev, void *type_data)
* higher than this TC have been enabled.
*/
if (tc == prio_next) {
- if (!enetc_get_cbs_enable(&si->hw, prio_top)) {
+ if (!enetc_get_cbs_enable(hw, prio_top)) {
dev_err(&ndev->dev,
"Enable TC%d first before enable TC%d\n",
prio_top, prio_next);
return -EINVAL;
}
- bw_sum += enetc_get_cbs_bw(&si->hw, prio_top);
+ bw_sum += enetc_get_cbs_bw(hw, prio_top);
}
if (bw_sum + bw >= 100) {
@@ -239,7 +233,7 @@ int enetc_setup_tc_cbs(struct net_device *ndev, void *type_data)
return -EINVAL;
}
- enetc_port_rd(&si->hw, ENETC_PTCMSDUR(tc));
+ enetc_port_rd(hw, ENETC_PTCMSDUR(tc));
/* For top prio TC, the max_interfrence_size is maxSizedFrame.
*
@@ -259,8 +253,8 @@ int enetc_setup_tc_cbs(struct net_device *ndev, void *type_data)
u32 m0, ma, r0, ra;
m0 = port_frame_max_size * 8;
- ma = enetc_port_rd(&si->hw, ENETC_PTCMSDUR(prio_top)) * 8;
- ra = enetc_get_cbs_bw(&si->hw, prio_top) *
+ ma = enetc_port_rd(hw, ENETC_PTCMSDUR(prio_top)) * 8;
+ ra = enetc_get_cbs_bw(hw, prio_top) *
port_transmit_rate * 10000ULL;
r0 = port_transmit_rate * 1000000ULL;
max_interference_size = m0 + ma +
@@ -280,10 +274,10 @@ int enetc_setup_tc_cbs(struct net_device *ndev, void *type_data)
hi_credit_reg = (u32)div_u64((ENETC_CLK * 100ULL) * hi_credit_bit,
port_transmit_rate * 1000000ULL);
- enetc_port_wr(&si->hw, ENETC_PTCCBSR1(tc), hi_credit_reg);
+ enetc_port_wr(hw, ENETC_PTCCBSR1(tc), hi_credit_reg);
/* Set bw register and enable this traffic class */
- enetc_port_wr(&si->hw, ENETC_PTCCBSR0(tc), bw | ENETC_CBSE);
+ enetc_port_wr(hw, ENETC_PTCCBSR0(tc), bw | ENETC_CBSE);
return 0;
}
@@ -293,6 +287,7 @@ int enetc_setup_tc_txtime(struct net_device *ndev, void *type_data)
struct enetc_ndev_priv *priv = netdev_priv(ndev);
struct tc_etf_qopt_offload *qopt = type_data;
u8 tc_nums = netdev_get_num_tc(ndev);
+ struct enetc_hw *hw = &priv->si->hw;
int tc;
if (!tc_nums)
@@ -304,12 +299,11 @@ int enetc_setup_tc_txtime(struct net_device *ndev, void *type_data)
return -EINVAL;
/* TSD and Qbv are mutually exclusive in hardware */
- if (enetc_rd(&priv->si->hw, ENETC_QBV_PTGCR_OFFSET) & ENETC_QBV_TGE)
+ if (enetc_rd(hw, ENETC_QBV_PTGCR_OFFSET) & ENETC_QBV_TGE)
return -EBUSY;
priv->tx_ring[tc]->tsd_enable = qopt->enable;
- enetc_port_wr(&priv->si->hw, ENETC_PTCTSDR(tc),
- qopt->enable ? ENETC_TSDE : 0);
+ enetc_port_wr(hw, ENETC_PTCTSDR(tc), qopt->enable ? ENETC_TSDE : 0);
return 0;
}
--
2.35.1
^ permalink raw reply related [flat|nested] 305+ messages in thread
* [PATCH 6.0 151/289] net: enetc: preserve TX ring priority across reconfiguration
2022-11-30 18:19 [PATCH 6.0 000/289] 6.0.11-rc1 review Greg Kroah-Hartman
` (149 preceding siblings ...)
2022-11-30 18:22 ` [PATCH 6.0 150/289] net: enetc: cache accesses to &priv->si->hw Greg Kroah-Hartman
@ 2022-11-30 18:22 ` Greg Kroah-Hartman
2022-11-30 18:22 ` [PATCH 6.0 152/289] octeontx2-pf: Add check for devm_kcalloc Greg Kroah-Hartman
` (147 subsequent siblings)
298 siblings, 0 replies; 305+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-30 18:22 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Vladimir Oltean, Alexander Lobakin,
Jakub Kicinski, Sasha Levin
From: Vladimir Oltean <vladimir.oltean@nxp.com>
[ Upstream commit 290b5fe096e7dd0aad730d1af4f7f2d9fea43e11 ]
In the blamed commit, a rudimentary reallocation procedure for RX buffer
descriptors was implemented, for the situation when their format changes
between normal (no PTP) and extended (PTP).
enetc_hwtstamp_set() calls enetc_close() and enetc_open() in a sequence,
and this sequence loses information which was previously configured in
the TX BDR Mode Register, specifically via the enetc_set_bdr_prio() call.
The TX ring priority is configured by tc-mqprio and tc-taprio, and
affects important things for TSN such as the TX time of packets. The
issue manifests itself most visibly by the fact that isochron --txtime
reports premature packet transmissions when PTP is first enabled on an
enetc interface.
Save the TX ring priority in a new field in struct enetc_bdr (occupies a
2 byte hole on arm64) in order to make this survive a ring reconfiguration.
Fixes: 434cebabd3a2 ("enetc: Add dynamic allocation of extended Rx BD rings")
Signed-off-by: Vladimir Oltean <vladimir.oltean@nxp.com>
Reviewed-by: Alexander Lobakin <alexandr.lobakin@intel.com>
Link: https://lore.kernel.org/r/20221122130936.1704151-1-vladimir.oltean@nxp.com
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/ethernet/freescale/enetc/enetc.c | 8 ++++---
drivers/net/ethernet/freescale/enetc/enetc.h | 1 +
.../net/ethernet/freescale/enetc/enetc_qos.c | 21 ++++++++++++-------
3 files changed, 19 insertions(+), 11 deletions(-)
diff --git a/drivers/net/ethernet/freescale/enetc/enetc.c b/drivers/net/ethernet/freescale/enetc/enetc.c
index e6dbc78f490c..1d8ec1b120a1 100644
--- a/drivers/net/ethernet/freescale/enetc/enetc.c
+++ b/drivers/net/ethernet/freescale/enetc/enetc.c
@@ -2058,7 +2058,7 @@ static void enetc_setup_txbdr(struct enetc_hw *hw, struct enetc_bdr *tx_ring)
/* enable Tx ints by setting pkt thr to 1 */
enetc_txbdr_wr(hw, idx, ENETC_TBICR0, ENETC_TBICR0_ICEN | 0x1);
- tbmr = ENETC_TBMR_EN;
+ tbmr = ENETC_TBMR_EN | ENETC_TBMR_SET_PRIO(tx_ring->prio);
if (tx_ring->ndev->features & NETIF_F_HW_VLAN_CTAG_TX)
tbmr |= ENETC_TBMR_VIH;
@@ -2461,7 +2461,8 @@ int enetc_setup_tc_mqprio(struct net_device *ndev, void *type_data)
/* Reset all ring priorities to 0 */
for (i = 0; i < priv->num_tx_rings; i++) {
tx_ring = priv->tx_ring[i];
- enetc_set_bdr_prio(hw, tx_ring->index, 0);
+ tx_ring->prio = 0;
+ enetc_set_bdr_prio(hw, tx_ring->index, tx_ring->prio);
}
return 0;
@@ -2480,7 +2481,8 @@ int enetc_setup_tc_mqprio(struct net_device *ndev, void *type_data)
*/
for (i = 0; i < num_tc; i++) {
tx_ring = priv->tx_ring[i];
- enetc_set_bdr_prio(hw, tx_ring->index, i);
+ tx_ring->prio = i;
+ enetc_set_bdr_prio(hw, tx_ring->index, tx_ring->prio);
}
/* Reset the number of netdev queues based on the TC count */
diff --git a/drivers/net/ethernet/freescale/enetc/enetc.h b/drivers/net/ethernet/freescale/enetc/enetc.h
index 748677b2ce1f..bb1b3b0e40e4 100644
--- a/drivers/net/ethernet/freescale/enetc/enetc.h
+++ b/drivers/net/ethernet/freescale/enetc/enetc.h
@@ -95,6 +95,7 @@ struct enetc_bdr {
void __iomem *rcir;
};
u16 index;
+ u16 prio;
int bd_count; /* # of BDs */
int next_to_use;
int next_to_clean;
diff --git a/drivers/net/ethernet/freescale/enetc/enetc_qos.c b/drivers/net/ethernet/freescale/enetc/enetc_qos.c
index 2e783ef73690..5fcb02b00699 100644
--- a/drivers/net/ethernet/freescale/enetc/enetc_qos.c
+++ b/drivers/net/ethernet/freescale/enetc/enetc_qos.c
@@ -134,6 +134,7 @@ int enetc_setup_tc_taprio(struct net_device *ndev, void *type_data)
struct tc_taprio_qopt_offload *taprio = type_data;
struct enetc_ndev_priv *priv = netdev_priv(ndev);
struct enetc_hw *hw = &priv->si->hw;
+ struct enetc_bdr *tx_ring;
int err;
int i;
@@ -142,16 +143,20 @@ int enetc_setup_tc_taprio(struct net_device *ndev, void *type_data)
if (priv->tx_ring[i]->tsd_enable)
return -EBUSY;
- for (i = 0; i < priv->num_tx_rings; i++)
- enetc_set_bdr_prio(hw, priv->tx_ring[i]->index,
- taprio->enable ? i : 0);
+ for (i = 0; i < priv->num_tx_rings; i++) {
+ tx_ring = priv->tx_ring[i];
+ tx_ring->prio = taprio->enable ? i : 0;
+ enetc_set_bdr_prio(hw, tx_ring->index, tx_ring->prio);
+ }
err = enetc_setup_taprio(ndev, taprio);
-
- if (err)
- for (i = 0; i < priv->num_tx_rings; i++)
- enetc_set_bdr_prio(hw, priv->tx_ring[i]->index,
- taprio->enable ? 0 : i);
+ if (err) {
+ for (i = 0; i < priv->num_tx_rings; i++) {
+ tx_ring = priv->tx_ring[i];
+ tx_ring->prio = taprio->enable ? 0 : i;
+ enetc_set_bdr_prio(hw, tx_ring->index, tx_ring->prio);
+ }
+ }
return err;
}
--
2.35.1
^ permalink raw reply related [flat|nested] 305+ messages in thread
* [PATCH 6.0 152/289] octeontx2-pf: Add check for devm_kcalloc
2022-11-30 18:19 [PATCH 6.0 000/289] 6.0.11-rc1 review Greg Kroah-Hartman
` (150 preceding siblings ...)
2022-11-30 18:22 ` [PATCH 6.0 151/289] net: enetc: preserve TX ring priority across reconfiguration Greg Kroah-Hartman
@ 2022-11-30 18:22 ` Greg Kroah-Hartman
2022-11-30 18:22 ` [PATCH 6.0 153/289] net: wwan: t7xx: Fix the ACPI memory leak Greg Kroah-Hartman
` (146 subsequent siblings)
298 siblings, 0 replies; 305+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-30 18:22 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Jiasheng Jiang, Maciej Fijalkowski,
Paolo Abeni, Sasha Levin
From: Jiasheng Jiang <jiasheng@iscas.ac.cn>
[ Upstream commit cd07eadd5147ffdae11b6fd28b77a3872f2a2484 ]
As the devm_kcalloc may return NULL pointer,
it should be better to add check for the return
value, as same as the others.
Fixes: e8e095b3b370 ("octeontx2-af: cn10k: Bandwidth profiles config support")
Signed-off-by: Jiasheng Jiang <jiasheng@iscas.ac.cn>
Reviewed-by: Maciej Fijalkowski <maciej.fijalkowski@intel.com>
Link: https://lore.kernel.org/r/20221122055449.31247-1-jiasheng@iscas.ac.cn
Signed-off-by: Paolo Abeni <pabeni@redhat.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/ethernet/marvell/octeontx2/af/rvu_nix.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/drivers/net/ethernet/marvell/octeontx2/af/rvu_nix.c b/drivers/net/ethernet/marvell/octeontx2/af/rvu_nix.c
index 0879a48411f3..3dc90060d70d 100644
--- a/drivers/net/ethernet/marvell/octeontx2/af/rvu_nix.c
+++ b/drivers/net/ethernet/marvell/octeontx2/af/rvu_nix.c
@@ -4979,6 +4979,8 @@ static int nix_setup_ipolicers(struct rvu *rvu,
ipolicer->ref_count = devm_kcalloc(rvu->dev,
ipolicer->band_prof.max,
sizeof(u16), GFP_KERNEL);
+ if (!ipolicer->ref_count)
+ return -ENOMEM;
}
/* Set policer timeunit to 2us ie (19 + 1) * 100 nsec = 2us */
--
2.35.1
^ permalink raw reply related [flat|nested] 305+ messages in thread
* [PATCH 6.0 153/289] net: wwan: t7xx: Fix the ACPI memory leak
2022-11-30 18:19 [PATCH 6.0 000/289] 6.0.11-rc1 review Greg Kroah-Hartman
` (151 preceding siblings ...)
2022-11-30 18:22 ` [PATCH 6.0 152/289] octeontx2-pf: Add check for devm_kcalloc Greg Kroah-Hartman
@ 2022-11-30 18:22 ` Greg Kroah-Hartman
2022-11-30 18:22 ` [PATCH 6.0 154/289] virtio_net: Fix probe failed when modprobe virtio_net Greg Kroah-Hartman
` (145 subsequent siblings)
298 siblings, 0 replies; 305+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-30 18:22 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Hanjun Guo, Paolo Abeni, Sasha Levin
From: Hanjun Guo <guohanjun@huawei.com>
[ Upstream commit 08e8a949f684e1fbc4b1efd2337d72ec8f3613d9 ]
The ACPI buffer memory (buffer.pointer) should be freed as the
buffer is not used after acpi_evaluate_object(), free it to
prevent memory leak.
Fixes: 13e920d93e37 ("net: wwan: t7xx: Add core components")
Signed-off-by: Hanjun Guo <guohanjun@huawei.com>
Link: https://lore.kernel.org/r/1669119580-28977-1-git-send-email-guohanjun@huawei.com
Signed-off-by: Paolo Abeni <pabeni@redhat.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/wwan/t7xx/t7xx_modem_ops.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/drivers/net/wwan/t7xx/t7xx_modem_ops.c b/drivers/net/wwan/t7xx/t7xx_modem_ops.c
index 3458af31e864..7d0f5e4f0a78 100644
--- a/drivers/net/wwan/t7xx/t7xx_modem_ops.c
+++ b/drivers/net/wwan/t7xx/t7xx_modem_ops.c
@@ -165,6 +165,8 @@ static int t7xx_acpi_reset(struct t7xx_pci_dev *t7xx_dev, char *fn_name)
return -EFAULT;
}
+ kfree(buffer.pointer);
+
#endif
return 0;
}
--
2.35.1
^ permalink raw reply related [flat|nested] 305+ messages in thread
* [PATCH 6.0 154/289] virtio_net: Fix probe failed when modprobe virtio_net
2022-11-30 18:19 [PATCH 6.0 000/289] 6.0.11-rc1 review Greg Kroah-Hartman
` (152 preceding siblings ...)
2022-11-30 18:22 ` [PATCH 6.0 153/289] net: wwan: t7xx: Fix the ACPI memory leak Greg Kroah-Hartman
@ 2022-11-30 18:22 ` Greg Kroah-Hartman
2022-11-30 18:22 ` [PATCH 6.0 155/289] octeontx2-af: Fix reference count issue in rvu_sdp_init() Greg Kroah-Hartman
` (144 subsequent siblings)
298 siblings, 0 replies; 305+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-30 18:22 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Li Zetao, Michael S. Tsirkin,
Paolo Abeni, Sasha Levin
From: Li Zetao <lizetao1@huawei.com>
[ Upstream commit b0686565946368892c2cdf92f102392e24823588 ]
When doing the following test steps, an error was found:
step 1: modprobe virtio_net succeeded
# modprobe virtio_net <-- OK
step 2: fault injection in register_netdevice()
# modprobe -r virtio_net <-- OK
# ...
FAULT_INJECTION: forcing a failure.
name failslab, interval 1, probability 0, space 0, times 0
CPU: 0 PID: 3521 Comm: modprobe
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996),
Call Trace:
<TASK>
...
should_failslab+0xa/0x20
...
dev_set_name+0xc0/0x100
netdev_register_kobject+0xc2/0x340
register_netdevice+0xbb9/0x1320
virtnet_probe+0x1d72/0x2658 [virtio_net]
...
</TASK>
virtio_net: probe of virtio0 failed with error -22
step 3: modprobe virtio_net failed
# modprobe virtio_net <-- failed
virtio_net: probe of virtio0 failed with error -2
The root cause of the problem is that the queues are not
disable on the error handling path when register_netdevice()
fails in virtnet_probe(), resulting in an error "-ENOENT"
returned in the next modprobe call in setup_vq().
virtio_pci_modern_device uses virtqueues to send or
receive message, and "queue_enable" records whether the
queues are available. In vp_modern_find_vqs(), all queues
will be selected and activated, but once queues are enabled
there is no way to go back except reset.
Fix it by reset virtio device on error handling path. This
makes error handling follow the same order as normal device
cleanup in virtnet_remove() which does: unregister, destroy
failover, then reset. And that flow is better tested than
error handling so we can be reasonably sure it works well.
Fixes: 024655555021 ("virtio_net: fix use after free on allocation failure")
Signed-off-by: Li Zetao <lizetao1@huawei.com>
Acked-by: Michael S. Tsirkin <mst@redhat.com>
Link: https://lore.kernel.org/r/20221122150046.3910638-1-lizetao1@huawei.com
Signed-off-by: Paolo Abeni <pabeni@redhat.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/virtio_net.c | 3 +--
1 file changed, 1 insertion(+), 2 deletions(-)
diff --git a/drivers/net/virtio_net.c b/drivers/net/virtio_net.c
index 9cce7dec7366..f5c88d232b11 100644
--- a/drivers/net/virtio_net.c
+++ b/drivers/net/virtio_net.c
@@ -3933,12 +3933,11 @@ static int virtnet_probe(struct virtio_device *vdev)
return 0;
free_unregister_netdev:
- virtio_reset_device(vdev);
-
unregister_netdev(dev);
free_failover:
net_failover_destroy(vi->failover);
free_vqs:
+ virtio_reset_device(vdev);
cancel_delayed_work_sync(&vi->refill);
free_receive_page_frags(vi);
virtnet_del_vqs(vi);
--
2.35.1
^ permalink raw reply related [flat|nested] 305+ messages in thread
* [PATCH 6.0 155/289] octeontx2-af: Fix reference count issue in rvu_sdp_init()
2022-11-30 18:19 [PATCH 6.0 000/289] 6.0.11-rc1 review Greg Kroah-Hartman
` (153 preceding siblings ...)
2022-11-30 18:22 ` [PATCH 6.0 154/289] virtio_net: Fix probe failed when modprobe virtio_net Greg Kroah-Hartman
@ 2022-11-30 18:22 ` Greg Kroah-Hartman
2022-11-30 18:22 ` [PATCH 6.0 156/289] net: thunderx: Fix the ACPI memory leak Greg Kroah-Hartman
` (143 subsequent siblings)
298 siblings, 0 replies; 305+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-30 18:22 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Xiongfeng Wang, Saeed Mahameed,
Paolo Abeni, Sasha Levin
From: Xiongfeng Wang <wangxiongfeng2@huawei.com>
[ Upstream commit ad17c2a3f11b0f6b122e7842d8f7d9a5fcc7ac63 ]
pci_get_device() will decrease the reference count for the *from*
parameter. So we don't need to call put_device() to decrease the
reference. Let's remove the put_device() in the loop and only decrease
the reference count of the returned 'pdev' for the last loop because it
will not be passed to pci_get_device() as input parameter. We don't need
to check if 'pdev' is NULL because it is already checked inside
pci_dev_put(). Also add pci_dev_put() for the error path.
Fixes: fe1939bb2340 ("octeontx2-af: Add SDP interface support")
Signed-off-by: Xiongfeng Wang <wangxiongfeng2@huawei.com>
Reviewed-by: Saeed Mahameed <saeed@kernel.org>
Link: https://lore.kernel.org/r/20221123065919.31499-1-wangxiongfeng2@huawei.com
Signed-off-by: Paolo Abeni <pabeni@redhat.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/ethernet/marvell/octeontx2/af/rvu_sdp.c | 7 +++++--
1 file changed, 5 insertions(+), 2 deletions(-)
diff --git a/drivers/net/ethernet/marvell/octeontx2/af/rvu_sdp.c b/drivers/net/ethernet/marvell/octeontx2/af/rvu_sdp.c
index b04fb226f708..ae50d56258ec 100644
--- a/drivers/net/ethernet/marvell/octeontx2/af/rvu_sdp.c
+++ b/drivers/net/ethernet/marvell/octeontx2/af/rvu_sdp.c
@@ -62,15 +62,18 @@ int rvu_sdp_init(struct rvu *rvu)
pfvf->sdp_info = devm_kzalloc(rvu->dev,
sizeof(struct sdp_node_info),
GFP_KERNEL);
- if (!pfvf->sdp_info)
+ if (!pfvf->sdp_info) {
+ pci_dev_put(pdev);
return -ENOMEM;
+ }
dev_info(rvu->dev, "SDP PF number:%d\n", sdp_pf_num[i]);
- put_device(&pdev->dev);
i++;
}
+ pci_dev_put(pdev);
+
return 0;
}
--
2.35.1
^ permalink raw reply related [flat|nested] 305+ messages in thread
* [PATCH 6.0 156/289] net: thunderx: Fix the ACPI memory leak
2022-11-30 18:19 [PATCH 6.0 000/289] 6.0.11-rc1 review Greg Kroah-Hartman
` (154 preceding siblings ...)
2022-11-30 18:22 ` [PATCH 6.0 155/289] octeontx2-af: Fix reference count issue in rvu_sdp_init() Greg Kroah-Hartman
@ 2022-11-30 18:22 ` Greg Kroah-Hartman
2022-11-30 18:22 ` [PATCH 6.0 157/289] s390/crashdump: fix TOD programmable field size Greg Kroah-Hartman
` (142 subsequent siblings)
298 siblings, 0 replies; 305+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-30 18:22 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Yu Liao, Paolo Abeni, Sasha Levin
From: Yu Liao <liaoyu15@huawei.com>
[ Upstream commit 661e5ebbafd26d9d2e3c749f5cf591e55c7364f5 ]
The ACPI buffer memory (string.pointer) should be freed as the buffer is
not used after returning from bgx_acpi_match_id(), free it to prevent
memory leak.
Fixes: 46b903a01c05 ("net, thunder, bgx: Add support to get MAC address from ACPI.")
Signed-off-by: Yu Liao <liaoyu15@huawei.com>
Link: https://lore.kernel.org/r/20221123082237.1220521-1-liaoyu15@huawei.com
Signed-off-by: Paolo Abeni <pabeni@redhat.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/ethernet/cavium/thunder/thunder_bgx.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/drivers/net/ethernet/cavium/thunder/thunder_bgx.c b/drivers/net/ethernet/cavium/thunder/thunder_bgx.c
index 2f6484dc186a..7eb2ddbe9bad 100644
--- a/drivers/net/ethernet/cavium/thunder/thunder_bgx.c
+++ b/drivers/net/ethernet/cavium/thunder/thunder_bgx.c
@@ -1436,8 +1436,10 @@ static acpi_status bgx_acpi_match_id(acpi_handle handle, u32 lvl,
return AE_OK;
}
- if (strncmp(string.pointer, bgx_sel, 4))
+ if (strncmp(string.pointer, bgx_sel, 4)) {
+ kfree(string.pointer);
return AE_OK;
+ }
acpi_walk_namespace(ACPI_TYPE_DEVICE, handle, 1,
bgx_acpi_register_phy, NULL, bgx, NULL);
--
2.35.1
^ permalink raw reply related [flat|nested] 305+ messages in thread
* [PATCH 6.0 157/289] s390/crashdump: fix TOD programmable field size
2022-11-30 18:19 [PATCH 6.0 000/289] 6.0.11-rc1 review Greg Kroah-Hartman
` (155 preceding siblings ...)
2022-11-30 18:22 ` [PATCH 6.0 156/289] net: thunderx: Fix the ACPI memory leak Greg Kroah-Hartman
@ 2022-11-30 18:22 ` Greg Kroah-Hartman
2022-11-30 18:22 ` [PATCH 6.0 158/289] io_uring/filetable: fix file reference underflow Greg Kroah-Hartman
` (141 subsequent siblings)
298 siblings, 0 replies; 305+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-30 18:22 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Christian Borntraeger,
Heiko Carstens, Alexander Gordeev, Sasha Levin
From: Heiko Carstens <hca@linux.ibm.com>
[ Upstream commit f44e07a8afdd713ddc1a8832c39372fe5dd86895 ]
The size of the TOD programmable field was incorrectly increased from
four to eight bytes with commit 1a2c5840acf9 ("s390/dump: cleanup CPU
save area handling").
This leads to an elf notes section NT_S390_TODPREG which has a size of
eight instead of four bytes in case of kdump, however even worse is
that the contents is incorrect: it is supposed to contain only the
contents of the TOD programmable field, but in fact contains a mix of
the TOD programmable field (32 bit upper bits) and parts of the CPU
timer register (lower 32 bits).
Fix this by simply changing the size of the todpreg field within the
save area structure. This will implicitly also fix the size of the
corresponding elf notes sections.
This also gets rid of this compile time warning:
in function ‘fortify_memcpy_chk’,
inlined from ‘save_area_add_regs’ at arch/s390/kernel/crash_dump.c:99:2:
./include/linux/fortify-string.h:413:25: error: call to ‘__read_overflow2_field’
declared with attribute warning: detected read beyond size of field
(2nd parameter); maybe use struct_group()? [-Werror=attribute-warning]
413 | __read_overflow2_field(q_size_field, size);
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Fixes: 1a2c5840acf9 ("s390/dump: cleanup CPU save area handling")
Reviewed-by: Christian Borntraeger <borntraeger@linux.ibm.com>
Signed-off-by: Heiko Carstens <hca@linux.ibm.com>
Signed-off-by: Alexander Gordeev <agordeev@linux.ibm.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/s390/kernel/crash_dump.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/arch/s390/kernel/crash_dump.c b/arch/s390/kernel/crash_dump.c
index bad8f47fc5d6..c1b2b0d4af77 100644
--- a/arch/s390/kernel/crash_dump.c
+++ b/arch/s390/kernel/crash_dump.c
@@ -45,7 +45,7 @@ struct save_area {
u64 fprs[16];
u32 fpc;
u32 prefix;
- u64 todpreg;
+ u32 todpreg;
u64 timer;
u64 todcmp;
u64 vxrs_low[16];
--
2.35.1
^ permalink raw reply related [flat|nested] 305+ messages in thread
* [PATCH 6.0 158/289] io_uring/filetable: fix file reference underflow
2022-11-30 18:19 [PATCH 6.0 000/289] 6.0.11-rc1 review Greg Kroah-Hartman
` (156 preceding siblings ...)
2022-11-30 18:22 ` [PATCH 6.0 157/289] s390/crashdump: fix TOD programmable field size Greg Kroah-Hartman
@ 2022-11-30 18:22 ` Greg Kroah-Hartman
2022-11-30 18:22 ` [PATCH 6.0 159/289] io_uring/poll: fix poll_refs race with cancelation Greg Kroah-Hartman
` (140 subsequent siblings)
298 siblings, 0 replies; 305+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-30 18:22 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Lin Ma, Jens Axboe, Sasha Levin
From: Lin Ma <linma@zju.edu.cn>
[ Upstream commit 9d94c04c0db024922e886c9fd429659f22f48ea4 ]
There is an interesting reference bug when -ENOMEM occurs in calling of
io_install_fixed_file(). KASan report like below:
[ 14.057131] ==================================================================
[ 14.059161] BUG: KASAN: use-after-free in unix_get_socket+0x10/0x90
[ 14.060975] Read of size 8 at addr ffff88800b09cf20 by task kworker/u8:2/45
[ 14.062684]
[ 14.062768] CPU: 2 PID: 45 Comm: kworker/u8:2 Not tainted 6.1.0-rc4 #1
[ 14.063099] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.16.0-0-gd239552ce722-prebuilt.qemu.org 04/01/2014
[ 14.063666] Workqueue: events_unbound io_ring_exit_work
[ 14.063936] Call Trace:
[ 14.064065] <TASK>
[ 14.064175] dump_stack_lvl+0x34/0x48
[ 14.064360] print_report+0x172/0x475
[ 14.064547] ? _raw_spin_lock_irq+0x83/0xe0
[ 14.064758] ? __virt_addr_valid+0xef/0x170
[ 14.064975] ? unix_get_socket+0x10/0x90
[ 14.065167] kasan_report+0xad/0x130
[ 14.065353] ? unix_get_socket+0x10/0x90
[ 14.065553] unix_get_socket+0x10/0x90
[ 14.065744] __io_sqe_files_unregister+0x87/0x1e0
[ 14.065989] ? io_rsrc_refs_drop+0x1c/0xd0
[ 14.066199] io_ring_exit_work+0x388/0x6a5
[ 14.066410] ? io_uring_try_cancel_requests+0x5bf/0x5bf
[ 14.066674] ? try_to_wake_up+0xdb/0x910
[ 14.066873] ? virt_to_head_page+0xbe/0xbe
[ 14.067080] ? __schedule+0x574/0xd20
[ 14.067273] ? read_word_at_a_time+0xe/0x20
[ 14.067492] ? strscpy+0xb5/0x190
[ 14.067665] process_one_work+0x423/0x710
[ 14.067879] worker_thread+0x2a2/0x6f0
[ 14.068073] ? process_one_work+0x710/0x710
[ 14.068284] kthread+0x163/0x1a0
[ 14.068454] ? kthread_complete_and_exit+0x20/0x20
[ 14.068697] ret_from_fork+0x22/0x30
[ 14.068886] </TASK>
[ 14.069000]
[ 14.069088] Allocated by task 289:
[ 14.069269] kasan_save_stack+0x1e/0x40
[ 14.069463] kasan_set_track+0x21/0x30
[ 14.069652] __kasan_slab_alloc+0x58/0x70
[ 14.069899] kmem_cache_alloc+0xc5/0x200
[ 14.070100] __alloc_file+0x20/0x160
[ 14.070283] alloc_empty_file+0x3b/0xc0
[ 14.070479] path_openat+0xc3/0x1770
[ 14.070689] do_filp_open+0x150/0x270
[ 14.070888] do_sys_openat2+0x113/0x270
[ 14.071081] __x64_sys_openat+0xc8/0x140
[ 14.071283] do_syscall_64+0x3b/0x90
[ 14.071466] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 14.071791]
[ 14.071874] Freed by task 0:
[ 14.072027] kasan_save_stack+0x1e/0x40
[ 14.072224] kasan_set_track+0x21/0x30
[ 14.072415] kasan_save_free_info+0x2a/0x50
[ 14.072627] __kasan_slab_free+0x106/0x190
[ 14.072858] kmem_cache_free+0x98/0x340
[ 14.073075] rcu_core+0x427/0xe50
[ 14.073249] __do_softirq+0x110/0x3cd
[ 14.073440]
[ 14.073523] Last potentially related work creation:
[ 14.073801] kasan_save_stack+0x1e/0x40
[ 14.074017] __kasan_record_aux_stack+0x97/0xb0
[ 14.074264] call_rcu+0x41/0x550
[ 14.074436] task_work_run+0xf4/0x170
[ 14.074619] exit_to_user_mode_prepare+0x113/0x120
[ 14.074858] syscall_exit_to_user_mode+0x1d/0x40
[ 14.075092] do_syscall_64+0x48/0x90
[ 14.075272] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 14.075529]
[ 14.075612] Second to last potentially related work creation:
[ 14.075900] kasan_save_stack+0x1e/0x40
[ 14.076098] __kasan_record_aux_stack+0x97/0xb0
[ 14.076325] task_work_add+0x72/0x1b0
[ 14.076512] fput+0x65/0xc0
[ 14.076657] filp_close+0x8e/0xa0
[ 14.076825] __x64_sys_close+0x15/0x50
[ 14.077019] do_syscall_64+0x3b/0x90
[ 14.077199] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 14.077448]
[ 14.077530] The buggy address belongs to the object at ffff88800b09cf00
[ 14.077530] which belongs to the cache filp of size 232
[ 14.078105] The buggy address is located 32 bytes inside of
[ 14.078105] 232-byte region [ffff88800b09cf00, ffff88800b09cfe8)
[ 14.078685]
[ 14.078771] The buggy address belongs to the physical page:
[ 14.079046] page:000000001bd520e7 refcount:1 mapcount:0 mapping:0000000000000000 index:0xffff88800b09de00 pfn:0xb09c
[ 14.079575] head:000000001bd520e7 order:1 compound_mapcount:0 compound_pincount:0
[ 14.079946] flags: 0x100000000010200(slab|head|node=0|zone=1)
[ 14.080244] raw: 0100000000010200 0000000000000000 dead000000000001 ffff88800493cc80
[ 14.080629] raw: ffff88800b09de00 0000000080190018 00000001ffffffff 0000000000000000
[ 14.081016] page dumped because: kasan: bad access detected
[ 14.081293]
[ 14.081376] Memory state around the buggy address:
[ 14.081618] ffff88800b09ce00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 14.081974] ffff88800b09ce80: 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc fc
[ 14.082336] >ffff88800b09cf00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 14.082690] ^
[ 14.082909] ffff88800b09cf80: fb fb fb fb fb fb fb fb fb fb fb fb fb fc fc fc
[ 14.083266] ffff88800b09d000: fc fc fc fc fc fc fc fc fa fb fb fb fb fb fb fb
[ 14.083622] ==================================================================
The actual tracing of this bug is shown below:
commit 8c71fe750215 ("io_uring: ensure fput() called correspondingly
when direct install fails") adds an additional fput() in
io_fixed_fd_install() when io_file_bitmap_get() returns error values. In
that case, the routine will never make it to io_install_fixed_file() due
to an early return.
static int io_fixed_fd_install(...)
{
if (alloc_slot) {
...
ret = io_file_bitmap_get(ctx);
if (unlikely(ret < 0)) {
io_ring_submit_unlock(ctx, issue_flags);
fput(file);
return ret;
}
...
}
...
ret = io_install_fixed_file(req, file, issue_flags, file_slot);
...
}
In the above scenario, the reference is okay as io_fixed_fd_install()
ensures the fput() is called when something bad happens, either via
bitmap or via inner io_install_fixed_file().
However, the commit 61c1b44a21d7 ("io_uring: fix deadlock on iowq file
slot alloc") breaks the balance because it places fput() into the common
path for both io_file_bitmap_get() and io_install_fixed_file(). Since
io_install_fixed_file() handles the fput() itself, the reference
underflow come across then.
There are some extra commits make the current code into
io_fixed_fd_install() -> __io_fixed_fd_install() ->
io_install_fixed_file()
However, the fact that there is an extra fput() is called if
io_install_fixed_file() calls fput(). Traversing through the code, I
find that the existing two callers to __io_fixed_fd_install():
io_fixed_fd_install() and io_msg_send_fd() have fput() when handling
error return, this patch simply removes the fput() in
io_install_fixed_file() to fix the bug.
Fixes: 61c1b44a21d7 ("io_uring: fix deadlock on iowq file slot alloc")
Signed-off-by: Lin Ma <linma@zju.edu.cn>
Link: https://lore.kernel.org/r/be4ba4b.5d44.184a0a406a4.Coremail.linma@zju.edu.cn
Signed-off-by: Jens Axboe <axboe@kernel.dk>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
io_uring/filetable.c | 2 --
1 file changed, 2 deletions(-)
diff --git a/io_uring/filetable.c b/io_uring/filetable.c
index 7b473259f3f4..68dfc6936aa7 100644
--- a/io_uring/filetable.c
+++ b/io_uring/filetable.c
@@ -101,8 +101,6 @@ static int io_install_fixed_file(struct io_ring_ctx *ctx, struct file *file,
err:
if (needs_switch)
io_rsrc_node_switch(ctx, ctx->file_data);
- if (ret)
- fput(file);
return ret;
}
--
2.35.1
^ permalink raw reply related [flat|nested] 305+ messages in thread
* [PATCH 6.0 159/289] io_uring/poll: fix poll_refs race with cancelation
2022-11-30 18:19 [PATCH 6.0 000/289] 6.0.11-rc1 review Greg Kroah-Hartman
` (157 preceding siblings ...)
2022-11-30 18:22 ` [PATCH 6.0 158/289] io_uring/filetable: fix file reference underflow Greg Kroah-Hartman
@ 2022-11-30 18:22 ` Greg Kroah-Hartman
2022-11-30 18:22 ` [PATCH 6.0 160/289] lib/vdso: use "grep -E" instead of "egrep" Greg Kroah-Hartman
` (139 subsequent siblings)
298 siblings, 0 replies; 305+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-30 18:22 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Lin Ma, Pavel Begunkov, Jens Axboe,
Sasha Levin
From: Lin Ma <linma@zju.edu.cn>
[ Upstream commit 12ad3d2d6c5b0131a6052de91360849e3e154846 ]
There is an interesting race condition of poll_refs which could result
in a NULL pointer dereference. The crash trace is like:
KASAN: null-ptr-deref in range [0x0000000000000008-0x000000000000000f]
CPU: 0 PID: 30781 Comm: syz-executor.2 Not tainted 6.0.0-g493ffd6605b2 #1
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS
1.13.0-1ubuntu1.1 04/01/2014
RIP: 0010:io_poll_remove_entry io_uring/poll.c:154 [inline]
RIP: 0010:io_poll_remove_entries+0x171/0x5b4 io_uring/poll.c:190
Code: ...
RSP: 0018:ffff88810dfefba0 EFLAGS: 00010202
RAX: 0000000000000001 RBX: 0000000000000000 RCX: 0000000000040000
RDX: ffffc900030c4000 RSI: 000000000003ffff RDI: 0000000000040000
RBP: 0000000000000008 R08: ffffffff9764d3dd R09: fffffbfff3836781
R10: fffffbfff3836781 R11: 0000000000000000 R12: 1ffff11003422d60
R13: ffff88801a116b04 R14: ffff88801a116ac0 R15: dffffc0000000000
FS: 00007f9c07497700(0000) GS:ffff88811a600000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007ffb5c00ea98 CR3: 0000000105680005 CR4: 0000000000770ef0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
PKRU: 55555554
Call Trace:
<TASK>
io_apoll_task_func+0x3f/0xa0 io_uring/poll.c:299
handle_tw_list io_uring/io_uring.c:1037 [inline]
tctx_task_work+0x37e/0x4f0 io_uring/io_uring.c:1090
task_work_run+0x13a/0x1b0 kernel/task_work.c:177
get_signal+0x2402/0x25a0 kernel/signal.c:2635
arch_do_signal_or_restart+0x3b/0x660 arch/x86/kernel/signal.c:869
exit_to_user_mode_loop kernel/entry/common.c:166 [inline]
exit_to_user_mode_prepare+0xc2/0x160 kernel/entry/common.c:201
__syscall_exit_to_user_mode_work kernel/entry/common.c:283 [inline]
syscall_exit_to_user_mode+0x58/0x160 kernel/entry/common.c:294
entry_SYSCALL_64_after_hwframe+0x63/0xcd
The root cause for this is a tiny overlooking in
io_poll_check_events() when cocurrently run with poll cancel routine
io_poll_cancel_req().
The interleaving to trigger use-after-free:
CPU0 | CPU1
|
io_apoll_task_func() | io_poll_cancel_req()
io_poll_check_events() |
// do while first loop |
v = atomic_read(...) |
// v = poll_refs = 1 |
... | io_poll_mark_cancelled()
| atomic_or()
| // poll_refs =
IO_POLL_CANCEL_FLAG | 1
|
atomic_sub_return(...) |
// poll_refs = IO_POLL_CANCEL_FLAG |
// loop continue |
|
| io_poll_execute()
| io_poll_get_ownership()
| // poll_refs =
IO_POLL_CANCEL_FLAG | 1
| // gets the ownership
v = atomic_read(...) |
// poll_refs not change |
|
if (v & IO_POLL_CANCEL_FLAG) |
return -ECANCELED; |
// io_poll_check_events return |
// will go into |
// io_req_complete_failed() free req |
|
| io_apoll_task_func()
| // also go into
io_req_complete_failed()
And the interleaving to trigger the kernel WARNING:
CPU0 | CPU1
|
io_apoll_task_func() | io_poll_cancel_req()
io_poll_check_events() |
// do while first loop |
v = atomic_read(...) |
// v = poll_refs = 1 |
... | io_poll_mark_cancelled()
| atomic_or()
| // poll_refs =
IO_POLL_CANCEL_FLAG | 1
|
atomic_sub_return(...) |
// poll_refs = IO_POLL_CANCEL_FLAG |
// loop continue |
|
v = atomic_read(...) |
// v = IO_POLL_CANCEL_FLAG |
| io_poll_execute()
| io_poll_get_ownership()
| // poll_refs =
IO_POLL_CANCEL_FLAG | 1
| // gets the ownership
|
WARN_ON_ONCE(!(v & IO_POLL_REF_MASK))) |
// v & IO_POLL_REF_MASK = 0 WARN |
|
| io_apoll_task_func()
| // also go into
io_req_complete_failed()
By looking up the source code and communicating with Pavel, the
implementation of this atomic poll refs should continue the loop of
io_poll_check_events() just to avoid somewhere else to grab the
ownership. Therefore, this patch simply adds another AND operation to
make sure the loop will stop if it finds the poll_refs is exactly equal
to IO_POLL_CANCEL_FLAG. Since io_poll_cancel_req() grabs ownership and
will finally make its way to io_req_complete_failed(), the req will
be reclaimed as expected.
Fixes: aa43477b0402 ("io_uring: poll rework")
Signed-off-by: Lin Ma <linma@zju.edu.cn>
Reviewed-by: Pavel Begunkov <asml.silence@gmail.com>
[axboe: tweak description and code style]
Signed-off-by: Jens Axboe <axboe@kernel.dk>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
io_uring/poll.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/io_uring/poll.c b/io_uring/poll.c
index 055632e9092a..0d721f8c4bc4 100644
--- a/io_uring/poll.c
+++ b/io_uring/poll.c
@@ -274,7 +274,8 @@ static int io_poll_check_events(struct io_kiocb *req, bool *locked)
* Release all references, retry if someone tried to restart
* task_work while we were executing it.
*/
- } while (atomic_sub_return(v & IO_POLL_REF_MASK, &req->poll_refs));
+ } while (atomic_sub_return(v & IO_POLL_REF_MASK, &req->poll_refs) &
+ IO_POLL_REF_MASK);
return IOU_POLL_NO_ACTION;
}
--
2.35.1
^ permalink raw reply related [flat|nested] 305+ messages in thread
* [PATCH 6.0 160/289] lib/vdso: use "grep -E" instead of "egrep"
2022-11-30 18:19 [PATCH 6.0 000/289] 6.0.11-rc1 review Greg Kroah-Hartman
` (158 preceding siblings ...)
2022-11-30 18:22 ` [PATCH 6.0 159/289] io_uring/poll: fix poll_refs race with cancelation Greg Kroah-Hartman
@ 2022-11-30 18:22 ` Greg Kroah-Hartman
2022-11-30 18:22 ` [PATCH 6.0 161/289] can: gs_usb: remove dma allocations Greg Kroah-Hartman
` (138 subsequent siblings)
298 siblings, 0 replies; 305+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-30 18:22 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Andy Lutomirski, Thomas Gleixner,
Vincenzo Frascino
From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
commit 8ac3b5cd3e0521d92f9755e90d140382fc292510 upstream.
The latest version of grep claims the egrep is now obsolete so the build
now contains warnings that look like:
egrep: warning: egrep is obsolescent; using grep -E
fix this up by moving the vdso Makefile to use "grep -E" instead.
Cc: Andy Lutomirski <luto@kernel.org>
Cc: Thomas Gleixner <tglx@linutronix.de>
Reviewed-by: Vincenzo Frascino <vincenzo.frascino@arm.com>
Link: https://lore.kernel.org/r/20220920170633.3133829-1-gregkh@linuxfoundation.org
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
lib/vdso/Makefile | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/lib/vdso/Makefile
+++ b/lib/vdso/Makefile
@@ -17,6 +17,6 @@ $(error ARCH_REL_TYPE_ABS is not set)
endif
quiet_cmd_vdso_check = VDSOCHK $@
- cmd_vdso_check = if $(OBJDUMP) -R $@ | egrep -h "$(ARCH_REL_TYPE_ABS)"; \
+ cmd_vdso_check = if $(OBJDUMP) -R $@ | grep -E -h "$(ARCH_REL_TYPE_ABS)"; \
then (echo >&2 "$@: dynamic relocations are not supported"; \
rm -f $@; /bin/false); fi
^ permalink raw reply [flat|nested] 305+ messages in thread
* [PATCH 6.0 161/289] can: gs_usb: remove dma allocations
2022-11-30 18:19 [PATCH 6.0 000/289] 6.0.11-rc1 review Greg Kroah-Hartman
` (159 preceding siblings ...)
2022-11-30 18:22 ` [PATCH 6.0 160/289] lib/vdso: use "grep -E" instead of "egrep" Greg Kroah-Hartman
@ 2022-11-30 18:22 ` Greg Kroah-Hartman
2022-11-30 18:22 ` [PATCH 6.0 162/289] usb: dwc3: exynos: Fix remove() function Greg Kroah-Hartman
` (137 subsequent siblings)
298 siblings, 0 replies; 305+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-30 18:22 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Rhett Aultman, Vasanth Sadhasivan,
Marc Kleine-Budde
From: Vasanth Sadhasivan <vasanth.sadhasivan@samsara.com>
commit 62f102c0d1563ff6a31082f5d83b886ad2ff7ca0 upstream.
DMA allocated buffers are a precious resource. If there is no need for
DMA allocations, then it might be worth to use non-dma allocated
buffers.
After testing the gs_usb driver with and without DMA allocation, there
does not seem to be a significant change in latency or CPU utilization
either way. Therefore, DMA allocation is not necessary and removed.
Internal buffers used within urbs were managed and freed manually.
These buffers are no longer needed to be managed by the driver. The
URB_FREE_BUFFER flag, allows for the buffers in question to be
automatically freed.
Co-developed-by: Rhett Aultman <rhett.aultman@samsara.com>
Signed-off-by: Rhett Aultman <rhett.aultman@samsara.com>
Signed-off-by: Vasanth Sadhasivan <vasanth.sadhasivan@samsara.com>
Link: https://lore.kernel.org/all/20220920154724.861093-2-rhett.aultman@samsara.com
Signed-off-by: Marc Kleine-Budde <mkl@pengutronix.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/net/can/usb/gs_usb.c | 39 ++++++---------------------------------
1 file changed, 6 insertions(+), 33 deletions(-)
--- a/drivers/net/can/usb/gs_usb.c
+++ b/drivers/net/can/usb/gs_usb.c
@@ -268,8 +268,6 @@ struct gs_can {
struct usb_anchor tx_submitted;
atomic_t active_tx_urbs;
- void *rxbuf[GS_MAX_RX_URBS];
- dma_addr_t rxbuf_dma[GS_MAX_RX_URBS];
};
/* usb interface struct */
@@ -587,9 +585,6 @@ static void gs_usb_xmit_callback(struct
if (urb->status)
netdev_info(netdev, "usb xmit fail %u\n", txc->echo_id);
-
- usb_free_coherent(urb->dev, urb->transfer_buffer_length,
- urb->transfer_buffer, urb->transfer_dma);
}
static netdev_tx_t gs_can_start_xmit(struct sk_buff *skb,
@@ -618,8 +613,7 @@ static netdev_tx_t gs_can_start_xmit(str
if (!urb)
goto nomem_urb;
- hf = usb_alloc_coherent(dev->udev, dev->hf_size_tx, GFP_ATOMIC,
- &urb->transfer_dma);
+ hf = kmalloc(dev->hf_size_tx, GFP_ATOMIC);
if (!hf) {
netdev_err(netdev, "No memory left for USB buffer\n");
goto nomem_hf;
@@ -663,7 +657,7 @@ static netdev_tx_t gs_can_start_xmit(str
hf, dev->hf_size_tx,
gs_usb_xmit_callback, txc);
- urb->transfer_flags |= URB_NO_TRANSFER_DMA_MAP;
+ urb->transfer_flags |= URB_FREE_BUFFER;
usb_anchor_urb(urb, &dev->tx_submitted);
can_put_echo_skb(skb, netdev, idx, 0);
@@ -678,8 +672,6 @@ static netdev_tx_t gs_can_start_xmit(str
gs_free_tx_context(txc);
usb_unanchor_urb(urb);
- usb_free_coherent(dev->udev, urb->transfer_buffer_length,
- urb->transfer_buffer, urb->transfer_dma);
if (rc == -ENODEV) {
netif_device_detach(netdev);
@@ -699,8 +691,7 @@ static netdev_tx_t gs_can_start_xmit(str
return NETDEV_TX_OK;
badidx:
- usb_free_coherent(dev->udev, urb->transfer_buffer_length,
- urb->transfer_buffer, urb->transfer_dma);
+ kfree(hf);
nomem_hf:
usb_free_urb(urb);
@@ -744,7 +735,6 @@ static int gs_can_open(struct net_device
for (i = 0; i < GS_MAX_RX_URBS; i++) {
struct urb *urb;
u8 *buf;
- dma_addr_t buf_dma;
/* alloc rx urb */
urb = usb_alloc_urb(0, GFP_KERNEL);
@@ -752,10 +742,8 @@ static int gs_can_open(struct net_device
return -ENOMEM;
/* alloc rx buffer */
- buf = usb_alloc_coherent(dev->udev,
- dev->parent->hf_size_rx,
- GFP_KERNEL,
- &buf_dma);
+ buf = kmalloc(dev->parent->hf_size_rx,
+ GFP_KERNEL);
if (!buf) {
netdev_err(netdev,
"No memory left for USB buffer\n");
@@ -763,8 +751,6 @@ static int gs_can_open(struct net_device
return -ENOMEM;
}
- urb->transfer_dma = buf_dma;
-
/* fill, anchor, and submit rx urb */
usb_fill_bulk_urb(urb,
dev->udev,
@@ -773,7 +759,7 @@ static int gs_can_open(struct net_device
buf,
dev->parent->hf_size_rx,
gs_usb_receive_bulk_callback, parent);
- urb->transfer_flags |= URB_NO_TRANSFER_DMA_MAP;
+ urb->transfer_flags |= URB_FREE_BUFFER;
usb_anchor_urb(urb, &parent->rx_submitted);
@@ -786,17 +772,10 @@ static int gs_can_open(struct net_device
"usb_submit failed (err=%d)\n", rc);
usb_unanchor_urb(urb);
- usb_free_coherent(dev->udev,
- sizeof(struct gs_host_frame),
- buf,
- buf_dma);
usb_free_urb(urb);
break;
}
- dev->rxbuf[i] = buf;
- dev->rxbuf_dma[i] = buf_dma;
-
/* Drop reference,
* USB core will take care of freeing it
*/
@@ -854,7 +833,6 @@ static int gs_can_close(struct net_devic
int rc;
struct gs_can *dev = netdev_priv(netdev);
struct gs_usb *parent = dev->parent;
- unsigned int i;
netif_stop_queue(netdev);
@@ -862,11 +840,6 @@ static int gs_can_close(struct net_devic
parent->active_channels--;
if (!parent->active_channels) {
usb_kill_anchored_urbs(&parent->rx_submitted);
- for (i = 0; i < GS_MAX_RX_URBS; i++)
- usb_free_coherent(dev->udev,
- sizeof(struct gs_host_frame),
- dev->rxbuf[i],
- dev->rxbuf_dma[i]);
}
/* Stop sending URBs */
^ permalink raw reply [flat|nested] 305+ messages in thread
* [PATCH 6.0 162/289] usb: dwc3: exynos: Fix remove() function
2022-11-30 18:19 [PATCH 6.0 000/289] 6.0.11-rc1 review Greg Kroah-Hartman
` (160 preceding siblings ...)
2022-11-30 18:22 ` [PATCH 6.0 161/289] can: gs_usb: remove dma allocations Greg Kroah-Hartman
@ 2022-11-30 18:22 ` Greg Kroah-Hartman
2022-11-30 18:22 ` [PATCH 6.0 163/289] usb: cdnsp: Fix issue with Clear Feature Halt Endpoint Greg Kroah-Hartman
` (136 subsequent siblings)
298 siblings, 0 replies; 305+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-30 18:22 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Marek Szyprowski, Thinh Nguyen,
Sam Protsenko
From: Marek Szyprowski <m.szyprowski@samsung.com>
commit e0481e5b3cc12ea7ccf4552d41518c89d3509004 upstream.
The core DWC3 device node was not properly removed by the custom
dwc3_exynos_remove_child() function. Replace it with generic
of_platform_depopulate() which does that job right.
Fixes: adcf20dcd262 ("usb: dwc3: exynos: Use of_platform API to create dwc3 core pdev")
Signed-off-by: Marek Szyprowski <m.szyprowski@samsung.com>
Acked-by: Thinh Nguyen <Thinh.Nguyen@synopsys.com>
Cc: stable@vger.kernel.org
Reviewed-by: Sam Protsenko <semen.protsenko@linaro.org>
Link: https://lore.kernel.org/r/20221110154131.2577-1-m.szyprowski@samsung.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/usb/dwc3/dwc3-exynos.c | 11 +----------
1 file changed, 1 insertion(+), 10 deletions(-)
--- a/drivers/usb/dwc3/dwc3-exynos.c
+++ b/drivers/usb/dwc3/dwc3-exynos.c
@@ -37,15 +37,6 @@ struct dwc3_exynos {
struct regulator *vdd10;
};
-static int dwc3_exynos_remove_child(struct device *dev, void *unused)
-{
- struct platform_device *pdev = to_platform_device(dev);
-
- platform_device_unregister(pdev);
-
- return 0;
-}
-
static int dwc3_exynos_probe(struct platform_device *pdev)
{
struct dwc3_exynos *exynos;
@@ -142,7 +133,7 @@ static int dwc3_exynos_remove(struct pla
struct dwc3_exynos *exynos = platform_get_drvdata(pdev);
int i;
- device_for_each_child(&pdev->dev, NULL, dwc3_exynos_remove_child);
+ of_platform_depopulate(&pdev->dev);
for (i = exynos->num_clks - 1; i >= 0; i--)
clk_disable_unprepare(exynos->clks[i]);
^ permalink raw reply [flat|nested] 305+ messages in thread
* [PATCH 6.0 163/289] usb: cdnsp: Fix issue with Clear Feature Halt Endpoint
2022-11-30 18:19 [PATCH 6.0 000/289] 6.0.11-rc1 review Greg Kroah-Hartman
` (161 preceding siblings ...)
2022-11-30 18:22 ` [PATCH 6.0 162/289] usb: dwc3: exynos: Fix remove() function Greg Kroah-Hartman
@ 2022-11-30 18:22 ` Greg Kroah-Hartman
2022-11-30 18:22 ` [PATCH 6.0 164/289] usb: cdnsp: fix issue with ZLP - added TD_SIZE = 1 Greg Kroah-Hartman
` (135 subsequent siblings)
298 siblings, 0 replies; 305+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-30 18:22 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Peter Chen, Pawel Laszczak
From: Pawel Laszczak <pawell@cadence.com>
commit b25264f22b498dff3fa5c70c9bea840e83fff0d1 upstream.
During handling Clear Halt Endpoint Feature request, driver invokes
Reset Endpoint command. Because this command has some issue with
transition endpoint from Running to Idle state the driver must
stop the endpoint by using Stop Endpoint command.
cc: <stable@vger.kernel.org>
Fixes: 3d82904559f4 ("usb: cdnsp: cdns3 Add main part of Cadence USBSSP DRD Driver")
Reviewed-by: Peter Chen <peter.chen@kernel.org>
Signed-off-by: Pawel Laszczak <pawell@cadence.com>
Link: https://lore.kernel.org/r/20221110063005.370656-1-pawell@cadence.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/usb/cdns3/cdnsp-gadget.c | 12 ++++--------
drivers/usb/cdns3/cdnsp-ring.c | 3 ++-
2 files changed, 6 insertions(+), 9 deletions(-)
--- a/drivers/usb/cdns3/cdnsp-gadget.c
+++ b/drivers/usb/cdns3/cdnsp-gadget.c
@@ -600,11 +600,11 @@ int cdnsp_halt_endpoint(struct cdnsp_dev
trace_cdnsp_ep_halt(value ? "Set" : "Clear");
- if (value) {
- ret = cdnsp_cmd_stop_ep(pdev, pep);
- if (ret)
- return ret;
+ ret = cdnsp_cmd_stop_ep(pdev, pep);
+ if (ret)
+ return ret;
+ if (value) {
if (GET_EP_CTX_STATE(pep->out_ctx) == EP_STATE_STOPPED) {
cdnsp_queue_halt_endpoint(pdev, pep->idx);
cdnsp_ring_cmd_db(pdev);
@@ -613,10 +613,6 @@ int cdnsp_halt_endpoint(struct cdnsp_dev
pep->ep_state |= EP_HALTED;
} else {
- /*
- * In device mode driver can call reset endpoint command
- * from any endpoint state.
- */
cdnsp_queue_reset_ep(pdev, pep->idx);
cdnsp_ring_cmd_db(pdev);
ret = cdnsp_wait_for_cmd_compl(pdev);
--- a/drivers/usb/cdns3/cdnsp-ring.c
+++ b/drivers/usb/cdns3/cdnsp-ring.c
@@ -2076,7 +2076,8 @@ int cdnsp_cmd_stop_ep(struct cdnsp_devic
u32 ep_state = GET_EP_CTX_STATE(pep->out_ctx);
int ret = 0;
- if (ep_state == EP_STATE_STOPPED || ep_state == EP_STATE_DISABLED) {
+ if (ep_state == EP_STATE_STOPPED || ep_state == EP_STATE_DISABLED ||
+ ep_state == EP_STATE_HALTED) {
trace_cdnsp_ep_stopped_or_disabled(pep->out_ctx);
goto ep_stopped;
}
^ permalink raw reply [flat|nested] 305+ messages in thread
* [PATCH 6.0 164/289] usb: cdnsp: fix issue with ZLP - added TD_SIZE = 1
2022-11-30 18:19 [PATCH 6.0 000/289] 6.0.11-rc1 review Greg Kroah-Hartman
` (162 preceding siblings ...)
2022-11-30 18:22 ` [PATCH 6.0 163/289] usb: cdnsp: Fix issue with Clear Feature Halt Endpoint Greg Kroah-Hartman
@ 2022-11-30 18:22 ` Greg Kroah-Hartman
2022-11-30 18:22 ` [PATCH 6.0 165/289] dma-buf: Use dma_fence_unwrap_for_each when importing fences Greg Kroah-Hartman
` (134 subsequent siblings)
298 siblings, 0 replies; 305+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-30 18:22 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Pawel Laszczak, Peter Chen
From: Pawel Laszczak <pawell@cadence.com>
commit 7a21b27aafa3edead79ed97e6f22236be6b9f447 upstream.
Patch modifies the TD_SIZE in TRB before ZLP TRB.
The TD_SIZE in TRB before ZLP TRB must be set to 1 to force
processing ZLP TRB by controller.
cc: <stable@vger.kernel.org>
Fixes: 3d82904559f4 ("usb: cdnsp: cdns3 Add main part of Cadence USBSSP DRD Driver")
Signed-off-by: Pawel Laszczak <pawell@cadence.com>
Reviewed-by: Peter Chen <peter.chen@kernel.org>
Link: https://lore.kernel.org/r/20221115092218.421267-1-pawell@cadence.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/usb/cdns3/cdnsp-ring.c | 14 ++++++++++----
1 file changed, 10 insertions(+), 4 deletions(-)
--- a/drivers/usb/cdns3/cdnsp-ring.c
+++ b/drivers/usb/cdns3/cdnsp-ring.c
@@ -1763,10 +1763,15 @@ static u32 cdnsp_td_remainder(struct cdn
int trb_buff_len,
unsigned int td_total_len,
struct cdnsp_request *preq,
- bool more_trbs_coming)
+ bool more_trbs_coming,
+ bool zlp)
{
u32 maxp, total_packet_count;
+ /* Before ZLP driver needs set TD_SIZE = 1. */
+ if (zlp)
+ return 1;
+
/* One TRB with a zero-length data packet. */
if (!more_trbs_coming || (transferred == 0 && trb_buff_len == 0) ||
trb_buff_len == td_total_len)
@@ -1960,7 +1965,8 @@ int cdnsp_queue_bulk_tx(struct cdnsp_dev
/* Set the TRB length, TD size, and interrupter fields. */
remainder = cdnsp_td_remainder(pdev, enqd_len, trb_buff_len,
full_len, preq,
- more_trbs_coming);
+ more_trbs_coming,
+ zero_len_trb);
length_field = TRB_LEN(trb_buff_len) | TRB_TD_SIZE(remainder) |
TRB_INTR_TARGET(0);
@@ -2025,7 +2031,7 @@ int cdnsp_queue_ctrl_tx(struct cdnsp_dev
if (preq->request.length > 0) {
remainder = cdnsp_td_remainder(pdev, 0, preq->request.length,
- preq->request.length, preq, 1);
+ preq->request.length, preq, 1, 0);
length_field = TRB_LEN(preq->request.length) |
TRB_TD_SIZE(remainder) | TRB_INTR_TARGET(0);
@@ -2226,7 +2232,7 @@ static int cdnsp_queue_isoc_tx(struct cd
/* Set the TRB length, TD size, & interrupter fields. */
remainder = cdnsp_td_remainder(pdev, running_total,
trb_buff_len, td_len, preq,
- more_trbs_coming);
+ more_trbs_coming, 0);
length_field = TRB_LEN(trb_buff_len) | TRB_INTR_TARGET(0);
^ permalink raw reply [flat|nested] 305+ messages in thread
* [PATCH 6.0 165/289] dma-buf: Use dma_fence_unwrap_for_each when importing fences
2022-11-30 18:19 [PATCH 6.0 000/289] 6.0.11-rc1 review Greg Kroah-Hartman
` (163 preceding siblings ...)
2022-11-30 18:22 ` [PATCH 6.0 164/289] usb: cdnsp: fix issue with ZLP - added TD_SIZE = 1 Greg Kroah-Hartman
@ 2022-11-30 18:22 ` Greg Kroah-Hartman
2022-11-30 18:22 ` [PATCH 6.0 166/289] cifs: fix missing unlock in cifs_file_copychunk_range() Greg Kroah-Hartman
` (133 subsequent siblings)
298 siblings, 0 replies; 305+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-30 18:22 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Jason Ekstrand, Sarah Walker,
Christian König
From: Jason Ekstrand <jason@jlekstrand.net>
commit c19083c72ea72a1c12037bb3d708014632df80e4 upstream.
Ever since 68129f431faa ("dma-buf: warn about containers in dma_resv object"),
dma_resv_add_shared_fence will warn if you attempt to add a container fence.
While most drivers were fine, fences can also be added to a dma_resv via the
recently added DMA_BUF_IOCTL_IMPORT_SYNC_FILE. Use dma_fence_unwrap_for_each
to add each fence one at a time.
Fixes: 594740497e99 ("dma-buf: Add an API for importing sync files (v10)")
Signed-off-by: Jason Ekstrand <jason.ekstrand@collabora.com>
Reported-by: Sarah Walker <Sarah.Walker@imgtec.com>
Reviewed-by: Christian König <christian.koenig@amd.com>
CC: stable@vger.kernel.org
Link: https://patchwork.freedesktop.org/patch/msgid/20220802210158.4162525-1-jason.ekstrand@collabora.com
Signed-off-by: Christian König <christian.koenig@amd.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/dma-buf/dma-buf.c | 23 +++++++++++++++++------
1 file changed, 17 insertions(+), 6 deletions(-)
diff --git a/drivers/dma-buf/dma-buf.c b/drivers/dma-buf/dma-buf.c
index dd0f83ee505b..e6f36c014c4c 100644
--- a/drivers/dma-buf/dma-buf.c
+++ b/drivers/dma-buf/dma-buf.c
@@ -15,6 +15,7 @@
#include <linux/slab.h>
#include <linux/dma-buf.h>
#include <linux/dma-fence.h>
+#include <linux/dma-fence-unwrap.h>
#include <linux/anon_inodes.h>
#include <linux/export.h>
#include <linux/debugfs.h>
@@ -391,8 +392,10 @@ static long dma_buf_import_sync_file(struct dma_buf *dmabuf,
const void __user *user_data)
{
struct dma_buf_import_sync_file arg;
- struct dma_fence *fence;
+ struct dma_fence *fence, *f;
enum dma_resv_usage usage;
+ struct dma_fence_unwrap iter;
+ unsigned int num_fences;
int ret = 0;
if (copy_from_user(&arg, user_data, sizeof(arg)))
@@ -411,13 +414,21 @@ static long dma_buf_import_sync_file(struct dma_buf *dmabuf,
usage = (arg.flags & DMA_BUF_SYNC_WRITE) ? DMA_RESV_USAGE_WRITE :
DMA_RESV_USAGE_READ;
- dma_resv_lock(dmabuf->resv, NULL);
+ num_fences = 0;
+ dma_fence_unwrap_for_each(f, &iter, fence)
+ ++num_fences;
- ret = dma_resv_reserve_fences(dmabuf->resv, 1);
- if (!ret)
- dma_resv_add_fence(dmabuf->resv, fence, usage);
+ if (num_fences > 0) {
+ dma_resv_lock(dmabuf->resv, NULL);
- dma_resv_unlock(dmabuf->resv);
+ ret = dma_resv_reserve_fences(dmabuf->resv, num_fences);
+ if (!ret) {
+ dma_fence_unwrap_for_each(f, &iter, fence)
+ dma_resv_add_fence(dmabuf->resv, f, usage);
+ }
+
+ dma_resv_unlock(dmabuf->resv);
+ }
dma_fence_put(fence);
--
2.38.1
^ permalink raw reply related [flat|nested] 305+ messages in thread
* [PATCH 6.0 166/289] cifs: fix missing unlock in cifs_file_copychunk_range()
2022-11-30 18:19 [PATCH 6.0 000/289] 6.0.11-rc1 review Greg Kroah-Hartman
` (164 preceding siblings ...)
2022-11-30 18:22 ` [PATCH 6.0 165/289] dma-buf: Use dma_fence_unwrap_for_each when importing fences Greg Kroah-Hartman
@ 2022-11-30 18:22 ` Greg Kroah-Hartman
2022-11-30 18:22 ` [PATCH 6.0 167/289] cifs: Use after free in debug code Greg Kroah-Hartman
` (132 subsequent siblings)
298 siblings, 0 replies; 305+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-30 18:22 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Paulo Alcantara (SUSE),
ChenXiaoSong, Steve French
From: ChenXiaoSong <chenxiaosong2@huawei.com>
commit 502487847743018c93d75b401eac2ea4c4973123 upstream.
xfstests generic/013 and generic/476 reported WARNING as follows:
WARNING: lock held when returning to user space!
6.1.0-rc5+ #4 Not tainted
------------------------------------------------
fsstress/504233 is leaving the kernel with locks still held!
2 locks held by fsstress/504233:
#0: ffff888054c38850 (&sb->s_type->i_mutex_key#21){+.+.}-{3:3}, at:
lock_two_nondirectories+0xcf/0xf0
#1: ffff8880b8fec750 (&sb->s_type->i_mutex_key#21/4){+.+.}-{3:3}, at:
lock_two_nondirectories+0xb7/0xf0
This will lead to deadlock and hungtask.
Fix this by releasing locks when failed to write out on a file range in
cifs_file_copychunk_range().
Fixes: 3e3761f1ec7d ("smb3: use filemap_write_and_wait_range instead of filemap_write_and_wait")
Cc: stable@vger.kernel.org # 6.0
Reviewed-by: Paulo Alcantara (SUSE) <pc@cjr.nz>
Signed-off-by: ChenXiaoSong <chenxiaosong2@huawei.com>
Signed-off-by: Steve French <stfrench@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/cifs/cifsfs.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
--- a/fs/cifs/cifsfs.c
+++ b/fs/cifs/cifsfs.c
@@ -1252,7 +1252,7 @@ ssize_t cifs_file_copychunk_range(unsign
rc = filemap_write_and_wait_range(src_inode->i_mapping, off,
off + len - 1);
if (rc)
- goto out;
+ goto unlock;
/* should we flush first and last page first */
truncate_inode_pages(&target_inode->i_data, 0);
@@ -1268,6 +1268,8 @@ ssize_t cifs_file_copychunk_range(unsign
* that target is updated on the server
*/
CIFS_I(target_inode)->time = 0;
+
+unlock:
/* although unlocking in the reverse order from locking is not
* strictly necessary here it is a little cleaner to be consistent
*/
^ permalink raw reply [flat|nested] 305+ messages in thread
* [PATCH 6.0 167/289] cifs: Use after free in debug code
2022-11-30 18:19 [PATCH 6.0 000/289] 6.0.11-rc1 review Greg Kroah-Hartman
` (165 preceding siblings ...)
2022-11-30 18:22 ` [PATCH 6.0 166/289] cifs: fix missing unlock in cifs_file_copychunk_range() Greg Kroah-Hartman
@ 2022-11-30 18:22 ` Greg Kroah-Hartman
2022-11-30 18:22 ` [PATCH 6.0 168/289] ext4: fix use-after-free in ext4_ext_shift_extents Greg Kroah-Hartman
` (131 subsequent siblings)
298 siblings, 0 replies; 305+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-30 18:22 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Paulo Alcantara (SUSE),
Dan Carpenter, Steve French
From: Dan Carpenter <dan.carpenter@oracle.com>
commit f391d6ee002ea022c62dc0b09d0578f3ccce81be upstream.
This debug code dereferences "old_iface" after it was already freed by
the call to release_iface(). Re-order the debugging to avoid this
issue.
Fixes: b54034a73baf ("cifs: during reconnect, update interface if necessary")
Cc: stable@vger.kernel.org # 5.19+
Reviewed-by: Paulo Alcantara (SUSE) <pc@cjr.nz>
Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: Steve French <stfrench@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/cifs/sess.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/fs/cifs/sess.c b/fs/cifs/sess.c
index 92e4278ec35d..9e7d9f0baa18 100644
--- a/fs/cifs/sess.c
+++ b/fs/cifs/sess.c
@@ -302,14 +302,14 @@ cifs_chan_update_iface(struct cifs_ses *ses, struct TCP_Server_Info *server)
/* now drop the ref to the current iface */
if (old_iface && iface) {
- kref_put(&old_iface->refcount, release_iface);
cifs_dbg(FYI, "replacing iface: %pIS with %pIS\n",
&old_iface->sockaddr,
&iface->sockaddr);
- } else if (old_iface) {
kref_put(&old_iface->refcount, release_iface);
+ } else if (old_iface) {
cifs_dbg(FYI, "releasing ref to iface: %pIS\n",
&old_iface->sockaddr);
+ kref_put(&old_iface->refcount, release_iface);
} else {
WARN_ON(!iface);
cifs_dbg(FYI, "adding new iface: %pIS\n", &iface->sockaddr);
--
2.38.1
^ permalink raw reply related [flat|nested] 305+ messages in thread
* [PATCH 6.0 168/289] ext4: fix use-after-free in ext4_ext_shift_extents
2022-11-30 18:19 [PATCH 6.0 000/289] 6.0.11-rc1 review Greg Kroah-Hartman
` (166 preceding siblings ...)
2022-11-30 18:22 ` [PATCH 6.0 167/289] cifs: Use after free in debug code Greg Kroah-Hartman
@ 2022-11-30 18:22 ` Greg Kroah-Hartman
2022-11-30 18:22 ` [PATCH 6.0 169/289] arm64: dts: rockchip: lower rk3399-puma-haikou SD controller clock frequency Greg Kroah-Hartman
` (130 subsequent siblings)
298 siblings, 0 replies; 305+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-30 18:22 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Zhihao Cheng, Baokun Li, Theodore Tso
From: Baokun Li <libaokun1@huawei.com>
commit f6b1a1cf1c3ee430d3f5e47847047ce789a690aa upstream.
If the starting position of our insert range happens to be in the hole
between the two ext4_extent_idx, because the lblk of the ext4_extent in
the previous ext4_extent_idx is always less than the start, which leads
to the "extent" variable access across the boundary, the following UAF is
triggered:
==================================================================
BUG: KASAN: use-after-free in ext4_ext_shift_extents+0x257/0x790
Read of size 4 at addr ffff88819807a008 by task fallocate/8010
CPU: 3 PID: 8010 Comm: fallocate Tainted: G E 5.10.0+ #492
Call Trace:
dump_stack+0x7d/0xa3
print_address_description.constprop.0+0x1e/0x220
kasan_report.cold+0x67/0x7f
ext4_ext_shift_extents+0x257/0x790
ext4_insert_range+0x5b6/0x700
ext4_fallocate+0x39e/0x3d0
vfs_fallocate+0x26f/0x470
ksys_fallocate+0x3a/0x70
__x64_sys_fallocate+0x4f/0x60
do_syscall_64+0x33/0x40
entry_SYSCALL_64_after_hwframe+0x44/0xa9
==================================================================
For right shifts, we can divide them into the following situations:
1. When the first ee_block of ext4_extent_idx is greater than or equal to
start, make right shifts directly from the first ee_block.
1) If it is greater than start, we need to continue searching in the
previous ext4_extent_idx.
2) If it is equal to start, we can exit the loop (iterator=NULL).
2. When the first ee_block of ext4_extent_idx is less than start, then
traverse from the last extent to find the first extent whose ee_block
is less than start.
1) If extent is still the last extent after traversal, it means that
the last ee_block of ext4_extent_idx is less than start, that is,
start is located in the hole between idx and (idx+1), so we can
exit the loop directly (break) without right shifts.
2) Otherwise, make right shifts at the corresponding position of the
found extent, and then exit the loop (iterator=NULL).
Fixes: 331573febb6a ("ext4: Add support FALLOC_FL_INSERT_RANGE for fallocate")
Cc: stable@vger.kernel.org # v4.2+
Signed-off-by: Zhihao Cheng <chengzhihao1@huawei.com>
Signed-off-by: Baokun Li <libaokun1@huawei.com>
Link: https://lore.kernel.org/r/20220922120434.1294789-1-libaokun1@huawei.com
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/ext4/extents.c | 18 +++++++++++++-----
1 file changed, 13 insertions(+), 5 deletions(-)
--- a/fs/ext4/extents.c
+++ b/fs/ext4/extents.c
@@ -5183,6 +5183,7 @@ ext4_ext_shift_extents(struct inode *ino
* and it is decreased till we reach start.
*/
again:
+ ret = 0;
if (SHIFT == SHIFT_LEFT)
iterator = &start;
else
@@ -5226,14 +5227,21 @@ again:
ext4_ext_get_actual_len(extent);
} else {
extent = EXT_FIRST_EXTENT(path[depth].p_hdr);
- if (le32_to_cpu(extent->ee_block) > 0)
+ if (le32_to_cpu(extent->ee_block) > start)
*iterator = le32_to_cpu(extent->ee_block) - 1;
- else
- /* Beginning is reached, end of the loop */
+ else if (le32_to_cpu(extent->ee_block) == start)
iterator = NULL;
- /* Update path extent in case we need to stop */
- while (le32_to_cpu(extent->ee_block) < start)
+ else {
+ extent = EXT_LAST_EXTENT(path[depth].p_hdr);
+ while (le32_to_cpu(extent->ee_block) >= start)
+ extent--;
+
+ if (extent == EXT_LAST_EXTENT(path[depth].p_hdr))
+ break;
+
extent++;
+ iterator = NULL;
+ }
path[depth].p_ext = extent;
}
ret = ext4_ext_shift_path_extents(path, shift, inode,
^ permalink raw reply [flat|nested] 305+ messages in thread
* [PATCH 6.0 169/289] arm64: dts: rockchip: lower rk3399-puma-haikou SD controller clock frequency
2022-11-30 18:19 [PATCH 6.0 000/289] 6.0.11-rc1 review Greg Kroah-Hartman
` (167 preceding siblings ...)
2022-11-30 18:22 ` [PATCH 6.0 168/289] ext4: fix use-after-free in ext4_ext_shift_extents Greg Kroah-Hartman
@ 2022-11-30 18:22 ` Greg Kroah-Hartman
2022-11-30 18:22 ` [PATCH 6.0 170/289] kbuild: fix -Wimplicit-function-declaration in license_is_gpl_compatible Greg Kroah-Hartman
` (129 subsequent siblings)
298 siblings, 0 replies; 305+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-30 18:22 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Jakob Unterwurzacher,
Quentin Schulz, Heiko Stuebner
From: Jakob Unterwurzacher <jakob.unterwurzacher@theobroma-systems.com>
commit 91e8b74fe6381e083f8aa55217bb0562785ab398 upstream.
CRC errors (code -84 EILSEQ) have been observed for some SanDisk
Ultra A1 cards when running at 50MHz.
Waveform analysis suggest that the level shifters that are used on the
RK3399-Q7 module for voltage translation between 3.0 and 3.3V don't
handle clock rates at or above 48MHz properly. Back off to 40MHz for
some safety margin.
Cc: stable@vger.kernel.org
Fixes: 60fd9f72ce8a ("arm64: dts: rockchip: add Haikou baseboard with RK3399-Q7 SoM")
Signed-off-by: Jakob Unterwurzacher <jakob.unterwurzacher@theobroma-systems.com>
Signed-off-by: Quentin Schulz <quentin.schulz@theobroma-systems.com>
Link: https://lore.kernel.org/r/20221019-upstream-puma-sd-40mhz-v1-0-754a76421518@theobroma-systems.com
Signed-off-by: Heiko Stuebner <heiko@sntech.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
arch/arm64/boot/dts/rockchip/rk3399-puma-haikou.dts | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/arch/arm64/boot/dts/rockchip/rk3399-puma-haikou.dts
+++ b/arch/arm64/boot/dts/rockchip/rk3399-puma-haikou.dts
@@ -207,7 +207,7 @@
cap-sd-highspeed;
cd-gpios = <&gpio0 RK_PA7 GPIO_ACTIVE_LOW>;
disable-wp;
- max-frequency = <150000000>;
+ max-frequency = <40000000>;
pinctrl-names = "default";
pinctrl-0 = <&sdmmc_clk &sdmmc_cmd &sdmmc_cd &sdmmc_bus4>;
vmmc-supply = <&vcc3v3_baseboard>;
^ permalink raw reply [flat|nested] 305+ messages in thread
* [PATCH 6.0 170/289] kbuild: fix -Wimplicit-function-declaration in license_is_gpl_compatible
2022-11-30 18:19 [PATCH 6.0 000/289] 6.0.11-rc1 review Greg Kroah-Hartman
` (168 preceding siblings ...)
2022-11-30 18:22 ` [PATCH 6.0 169/289] arm64: dts: rockchip: lower rk3399-puma-haikou SD controller clock frequency Greg Kroah-Hartman
@ 2022-11-30 18:22 ` Greg Kroah-Hartman
2022-11-30 18:22 ` [PATCH 6.0 171/289] iio: adc: aspeed: Remove the trim valid dts property Greg Kroah-Hartman
` (128 subsequent siblings)
298 siblings, 0 replies; 305+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-30 18:22 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Sam James, Andrew Morton
From: Sam James <sam@gentoo.org>
commit 50c697215a8cc22f0e58c88f06f2716c05a26e85 upstream.
Add missing <linux/string.h> include for strcmp.
Clang 16 makes -Wimplicit-function-declaration an error by default.
Unfortunately, out of tree modules may use this in configure scripts,
which means failure might cause silent miscompilation or misconfiguration.
For more information, see LWN.net [0] or LLVM's Discourse [1], gentoo-dev@ [2],
or the (new) c-std-porting mailing list [3].
[0] https://lwn.net/Articles/913505/
[1] https://discourse.llvm.org/t/configure-script-breakage-with-the-new-werror-implicit-function-declaration/65213
[2] https://archives.gentoo.org/gentoo-dev/message/dd9f2d3082b8b6f8dfbccb0639e6e240
[3] hosted at lists.linux.dev.
[akpm@linux-foundation.org: remember "linux/"]
Link: https://lkml.kernel.org/r/20221116182634.2823136-1-sam@gentoo.org
Signed-off-by: Sam James <sam@gentoo.org>
Cc: <stable@vger.kernel.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
include/linux/license.h | 2 ++
1 file changed, 2 insertions(+)
--- a/include/linux/license.h
+++ b/include/linux/license.h
@@ -2,6 +2,8 @@
#ifndef __LICENSE_H
#define __LICENSE_H
+#include <linux/string.h>
+
static inline int license_is_gpl_compatible(const char *license)
{
return (strcmp(license, "GPL") == 0
^ permalink raw reply [flat|nested] 305+ messages in thread
* [PATCH 6.0 171/289] iio: adc: aspeed: Remove the trim valid dts property.
2022-11-30 18:19 [PATCH 6.0 000/289] 6.0.11-rc1 review Greg Kroah-Hartman
` (169 preceding siblings ...)
2022-11-30 18:22 ` [PATCH 6.0 170/289] kbuild: fix -Wimplicit-function-declaration in license_is_gpl_compatible Greg Kroah-Hartman
@ 2022-11-30 18:22 ` Greg Kroah-Hartman
2022-11-30 18:22 ` [PATCH 6.0 172/289] iio: light: apds9960: fix wrong register for gesture gain Greg Kroah-Hartman
` (127 subsequent siblings)
298 siblings, 0 replies; 305+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-30 18:22 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Billy Tsai, Stable, Jonathan Cameron
From: Billy Tsai <billy_tsai@aspeedtech.com>
commit fdd0d6b2eb35c83d6b1226ad20b346a4b45ddfb8 upstream.
The dts property "aspeed,trim-data-valid" is currently used to determine
whether to read trimming data from the OTP register. If this is set on
a device without valid trimming data in the OTP the ADC will not function
correctly. This patch drops the use of this property and instead uses the
default (unprogrammed) OTP value of 0 to detect when a fallback value of
0x8 should be used rather then the value read from the OTP.
Fixes: d0a4c17b4073 ("iio: adc: aspeed: Get and set trimming data.")
Signed-off-by: Billy Tsai <billy_tsai@aspeedtech.com>
Link: https://lore.kernel.org/r/20221114025057.10843-1-billy_tsai@aspeedtech.com
Cc: <Stable@vger.kernel.org>
Signed-off-by: Jonathan Cameron <Jonathan.Cameron@huawei.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/iio/adc/aspeed_adc.c | 11 +++++------
1 file changed, 5 insertions(+), 6 deletions(-)
--- a/drivers/iio/adc/aspeed_adc.c
+++ b/drivers/iio/adc/aspeed_adc.c
@@ -202,6 +202,8 @@ static int aspeed_adc_set_trim_data(stru
((scu_otp) &
(data->model_data->trim_locate->field)) >>
__ffs(data->model_data->trim_locate->field);
+ if (!trimming_val)
+ trimming_val = 0x8;
}
dev_dbg(data->dev,
"trimming val = %d, offset = %08x, fields = %08x\n",
@@ -563,12 +565,9 @@ static int aspeed_adc_probe(struct platf
if (ret)
return ret;
- if (of_find_property(data->dev->of_node, "aspeed,trim-data-valid",
- NULL)) {
- ret = aspeed_adc_set_trim_data(indio_dev);
- if (ret)
- return ret;
- }
+ ret = aspeed_adc_set_trim_data(indio_dev);
+ if (ret)
+ return ret;
if (of_find_property(data->dev->of_node, "aspeed,battery-sensing",
NULL)) {
^ permalink raw reply [flat|nested] 305+ messages in thread
* [PATCH 6.0 172/289] iio: light: apds9960: fix wrong register for gesture gain
2022-11-30 18:19 [PATCH 6.0 000/289] 6.0.11-rc1 review Greg Kroah-Hartman
` (170 preceding siblings ...)
2022-11-30 18:22 ` [PATCH 6.0 171/289] iio: adc: aspeed: Remove the trim valid dts property Greg Kroah-Hartman
@ 2022-11-30 18:22 ` Greg Kroah-Hartman
2022-11-30 18:22 ` [PATCH 6.0 173/289] iio: core: Fix entry not deleted when iio_register_sw_trigger_type() fails Greg Kroah-Hartman
` (126 subsequent siblings)
298 siblings, 0 replies; 305+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-30 18:22 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Alejandro Concepcion-Rodriguez,
Matt Ranostay, Stable, Jonathan Cameron
From: Alejandro Concepción Rodríguez <asconcepcion@acoro.eu>
commit 0aa60ff5d996d4ecdd4a62699c01f6d00f798d59 upstream.
Gesture Gain Control is in REG_GCONF_2 (0xa3), not in REG_CONFIG_2 (0x90).
Fixes: aff268cd532e ("iio: light: add APDS9960 ALS + promixity driver")
Signed-off-by: Alejandro Concepcion-Rodriguez <asconcepcion@acoro.eu>
Acked-by: Matt Ranostay <matt.ranostay@konsulko.com>
Cc: <Stable@vger.kernel.org>
Link: https://lore.kernel.org/r/EaT-NKC-H4DNX5z4Lg9B6IWPD5TrTrYBr5DYB784wfDKQkTmzPXkoYqyUOrOgJH-xvTsEkFLcVkeAPZRUODEFI5dGziaWXwjpfBNLeNGfNc=@acoro.eu
Signed-off-by: Jonathan Cameron <Jonathan.Cameron@huawei.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/iio/light/apds9960.c | 12 ++++++------
1 file changed, 6 insertions(+), 6 deletions(-)
--- a/drivers/iio/light/apds9960.c
+++ b/drivers/iio/light/apds9960.c
@@ -54,9 +54,6 @@
#define APDS9960_REG_CONTROL_PGAIN_MASK_SHIFT 2
#define APDS9960_REG_CONFIG_2 0x90
-#define APDS9960_REG_CONFIG_2_GGAIN_MASK 0x60
-#define APDS9960_REG_CONFIG_2_GGAIN_MASK_SHIFT 5
-
#define APDS9960_REG_ID 0x92
#define APDS9960_REG_STATUS 0x93
@@ -77,6 +74,9 @@
#define APDS9960_REG_GCONF_1_GFIFO_THRES_MASK_SHIFT 6
#define APDS9960_REG_GCONF_2 0xa3
+#define APDS9960_REG_GCONF_2_GGAIN_MASK 0x60
+#define APDS9960_REG_GCONF_2_GGAIN_MASK_SHIFT 5
+
#define APDS9960_REG_GOFFSET_U 0xa4
#define APDS9960_REG_GOFFSET_D 0xa5
#define APDS9960_REG_GPULSE 0xa6
@@ -396,9 +396,9 @@ static int apds9960_set_pxs_gain(struct
}
ret = regmap_update_bits(data->regmap,
- APDS9960_REG_CONFIG_2,
- APDS9960_REG_CONFIG_2_GGAIN_MASK,
- idx << APDS9960_REG_CONFIG_2_GGAIN_MASK_SHIFT);
+ APDS9960_REG_GCONF_2,
+ APDS9960_REG_GCONF_2_GGAIN_MASK,
+ idx << APDS9960_REG_GCONF_2_GGAIN_MASK_SHIFT);
if (!ret)
data->pxs_gain = idx;
mutex_unlock(&data->lock);
^ permalink raw reply [flat|nested] 305+ messages in thread
* [PATCH 6.0 173/289] iio: core: Fix entry not deleted when iio_register_sw_trigger_type() fails
2022-11-30 18:19 [PATCH 6.0 000/289] 6.0.11-rc1 review Greg Kroah-Hartman
` (171 preceding siblings ...)
2022-11-30 18:22 ` [PATCH 6.0 172/289] iio: light: apds9960: fix wrong register for gesture gain Greg Kroah-Hartman
@ 2022-11-30 18:22 ` Greg Kroah-Hartman
2022-11-30 18:22 ` [PATCH 6.0 174/289] iio: accel: bma400: Fix memory leak in bma400_get_steps_reg() Greg Kroah-Hartman
` (125 subsequent siblings)
298 siblings, 0 replies; 305+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-30 18:22 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Chen Zhongjin, Stable, Jonathan Cameron
From: Chen Zhongjin <chenzhongjin@huawei.com>
commit 4ad09d956f8eacff61e67e5b13ba8ebec3232f76 upstream.
In iio_register_sw_trigger_type(), configfs_register_default_group() is
possible to fail, but the entry add to iio_trigger_types_list is not
deleted.
This leaves wild in iio_trigger_types_list, which can cause page fault
when module is loading again. So fix this by list_del(&t->list) in error
path.
BUG: unable to handle page fault for address: fffffbfff81d7400
Call Trace:
<TASK>
iio_register_sw_trigger_type
do_one_initcall
do_init_module
load_module
...
Fixes: b662f809d410 ("iio: core: Introduce IIO software triggers")
Signed-off-by: Chen Zhongjin <chenzhongjin@huawei.com>
Link: https://lore.kernel.org/r/20221108032802.168623-1-chenzhongjin@huawei.com
Cc: <Stable@vger.kernel.org>
Signed-off-by: Jonathan Cameron <Jonathan.Cameron@huawei.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/iio/industrialio-sw-trigger.c | 6 +++++-
1 file changed, 5 insertions(+), 1 deletion(-)
--- a/drivers/iio/industrialio-sw-trigger.c
+++ b/drivers/iio/industrialio-sw-trigger.c
@@ -58,8 +58,12 @@ int iio_register_sw_trigger_type(struct
t->group = configfs_register_default_group(iio_triggers_group, t->name,
&iio_trigger_type_group_type);
- if (IS_ERR(t->group))
+ if (IS_ERR(t->group)) {
+ mutex_lock(&iio_trigger_types_lock);
+ list_del(&t->list);
+ mutex_unlock(&iio_trigger_types_lock);
ret = PTR_ERR(t->group);
+ }
return ret;
}
^ permalink raw reply [flat|nested] 305+ messages in thread
* [PATCH 6.0 174/289] iio: accel: bma400: Fix memory leak in bma400_get_steps_reg()
2022-11-30 18:19 [PATCH 6.0 000/289] 6.0.11-rc1 review Greg Kroah-Hartman
` (172 preceding siblings ...)
2022-11-30 18:22 ` [PATCH 6.0 173/289] iio: core: Fix entry not deleted when iio_register_sw_trigger_type() fails Greg Kroah-Hartman
@ 2022-11-30 18:22 ` Greg Kroah-Hartman
2022-11-30 18:22 ` [PATCH 6.0 175/289] dt-bindings: iio: adc: Remove the property "aspeed,trim-data-valid" Greg Kroah-Hartman
` (124 subsequent siblings)
298 siblings, 0 replies; 305+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-30 18:22 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Dong Chenchen, Jagath Jog J, Stable,
Jonathan Cameron
From: Dong Chenchen <dongchenchen2@huawei.com>
commit 20690cd50e68c0313472c7539460168b8ea6444d upstream.
When regmap_bulk_read() fails, it does not free steps_raw,
which will cause a memory leak issue, this patch fixes it.
Fixes: d221de60eee3 ("iio: accel: bma400: Add separate channel for step counter")
Signed-off-by: Dong Chenchen <dongchenchen2@huawei.com>
Reviewed-by: Jagath Jog J <jagathjog1996@gmail.com>
Link: https://lore.kernel.org/r/20221110010726.235601-1-dongchenchen2@huawei.com
Cc: <Stable@vger.kernel.org>
Signed-off-by: Jonathan Cameron <Jonathan.Cameron@huawei.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/iio/accel/bma400_core.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
--- a/drivers/iio/accel/bma400_core.c
+++ b/drivers/iio/accel/bma400_core.c
@@ -673,8 +673,10 @@ static int bma400_get_steps_reg(struct b
ret = regmap_bulk_read(data->regmap, BMA400_STEP_CNT0_REG,
steps_raw, BMA400_STEP_RAW_LEN);
- if (ret)
+ if (ret) {
+ kfree(steps_raw);
return ret;
+ }
*val = get_unaligned_le24(steps_raw);
kfree(steps_raw);
return IIO_VAL_INT;
^ permalink raw reply [flat|nested] 305+ messages in thread
* [PATCH 6.0 175/289] dt-bindings: iio: adc: Remove the property "aspeed,trim-data-valid"
2022-11-30 18:19 [PATCH 6.0 000/289] 6.0.11-rc1 review Greg Kroah-Hartman
` (173 preceding siblings ...)
2022-11-30 18:22 ` [PATCH 6.0 174/289] iio: accel: bma400: Fix memory leak in bma400_get_steps_reg() Greg Kroah-Hartman
@ 2022-11-30 18:22 ` Greg Kroah-Hartman
2022-11-30 18:22 ` [PATCH 6.0 176/289] mm/damon/sysfs-schemes: skip stats update if the scheme directory is removed Greg Kroah-Hartman
` (123 subsequent siblings)
298 siblings, 0 replies; 305+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-30 18:22 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Billy Tsai, Rob Herring, Stable,
Jonathan Cameron
From: Billy Tsai <billy_tsai@aspeedtech.com>
commit 398e3479874f381cca8726ca5d8a31e1bf35a3cd upstream.
If the property is set on a device without valid trimming data in the OTP
the ADC will not function correctly. Therefore, this patch drops the use
of this property to avoid this scenario.
Fixes: 2bdb2f00a895 ("dt-bindings: iio: adc: Add ast2600-adc bindings")
Signed-off-by: Billy Tsai <billy_tsai@aspeedtech.com>
Acked-by: Rob Herring <robh@kernel.org>
Link: https://lore.kernel.org/r/20221114025057.10843-2-billy_tsai@aspeedtech.com
Cc: <Stable@vger.kernel.org>
Signed-off-by: Jonathan Cameron <Jonathan.Cameron@huawei.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
Documentation/devicetree/bindings/iio/adc/aspeed,ast2600-adc.yaml | 7 -------
1 file changed, 7 deletions(-)
--- a/Documentation/devicetree/bindings/iio/adc/aspeed,ast2600-adc.yaml
+++ b/Documentation/devicetree/bindings/iio/adc/aspeed,ast2600-adc.yaml
@@ -62,13 +62,6 @@ properties:
description:
Inform the driver that last channel will be used to sensor battery.
- aspeed,trim-data-valid:
- type: boolean
- description: |
- The ADC reference voltage can be calibrated to obtain the trimming
- data which will be stored in otp. This property informs the driver that
- the data store in the otp is valid.
-
required:
- compatible
- reg
^ permalink raw reply [flat|nested] 305+ messages in thread
* [PATCH 6.0 176/289] mm/damon/sysfs-schemes: skip stats update if the scheme directory is removed
2022-11-30 18:19 [PATCH 6.0 000/289] 6.0.11-rc1 review Greg Kroah-Hartman
` (174 preceding siblings ...)
2022-11-30 18:22 ` [PATCH 6.0 175/289] dt-bindings: iio: adc: Remove the property "aspeed,trim-data-valid" Greg Kroah-Hartman
@ 2022-11-30 18:22 ` Greg Kroah-Hartman
2022-11-30 18:22 ` [PATCH 6.0 177/289] virt/sev-guest: Prevent IV reuse in the SNP guest driver Greg Kroah-Hartman
` (122 subsequent siblings)
298 siblings, 0 replies; 305+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-30 18:22 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, SeongJae Park, Andrew Morton
From: SeongJae Park <sj@kernel.org>
commit 8468b486612c808c9e337708d66a435498f1735c upstream.
A DAMON sysfs interface user can start DAMON with a scheme, remove the
sysfs directory for the scheme, and then ask update of the scheme's stats.
Because the schemes stats update logic isn't aware of the situation, it
results in an invalid memory access. Fix the bug by checking if the
scheme sysfs directory exists.
Link: https://lkml.kernel.org/r/20221114175552.1951-1-sj@kernel.org
Fixes: 0ac32b8affb5 ("mm/damon/sysfs: support DAMOS stats")
Signed-off-by: SeongJae Park <sj@kernel.org>
Cc: <stable@vger.kernel.org> [v5.18]
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
mm/damon/sysfs.c | 4 ++++
1 file changed, 4 insertions(+)
--- a/mm/damon/sysfs.c
+++ b/mm/damon/sysfs.c
@@ -2342,6 +2342,10 @@ static int damon_sysfs_upd_schemes_stats
damon_for_each_scheme(scheme, ctx) {
struct damon_sysfs_stats *sysfs_stats;
+ /* user could have removed the scheme sysfs dir */
+ if (schemes_idx >= sysfs_schemes->nr)
+ break;
+
sysfs_stats = sysfs_schemes->schemes_arr[schemes_idx++]->stats;
sysfs_stats->nr_tried = scheme->stat.nr_tried;
sysfs_stats->sz_tried = scheme->stat.sz_tried;
^ permalink raw reply [flat|nested] 305+ messages in thread
* [PATCH 6.0 177/289] virt/sev-guest: Prevent IV reuse in the SNP guest driver
2022-11-30 18:19 [PATCH 6.0 000/289] 6.0.11-rc1 review Greg Kroah-Hartman
` (175 preceding siblings ...)
2022-11-30 18:22 ` [PATCH 6.0 176/289] mm/damon/sysfs-schemes: skip stats update if the scheme directory is removed Greg Kroah-Hartman
@ 2022-11-30 18:22 ` Greg Kroah-Hartman
2022-11-30 18:22 ` [PATCH 6.0 178/289] cpufreq: amd-pstate: cpufreq: amd-pstate: reset MSR_AMD_PERF_CTL register at init Greg Kroah-Hartman
` (121 subsequent siblings)
298 siblings, 0 replies; 305+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-30 18:22 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Peter Gonda, Borislav Petkov,
Tom Lendacky, stable
From: Peter Gonda <pgonda@google.com>
commit 47894e0fa6a56a42be6a47c767e79cce8125489d upstream.
The AMD Secure Processor (ASP) and an SNP guest use a series of
AES-GCM keys called VMPCKs to communicate securely with each other.
The IV to this scheme is a sequence number that both the ASP and the
guest track.
Currently, this sequence number in a guest request must exactly match
the sequence number tracked by the ASP. This means that if the guest
sees an error from the host during a request it can only retry that
exact request or disable the VMPCK to prevent an IV reuse. AES-GCM
cannot tolerate IV reuse, see: "Authentication Failures in NIST version
of GCM" - Antoine Joux et al.
In order to address this, make handle_guest_request() delete the VMPCK
on any non successful return. To allow userspace querying the cert_data
length make handle_guest_request() save the number of pages required by
the host, then have handle_guest_request() retry the request without
requesting the extended data, then return the number of pages required
back to userspace.
[ bp: Massage, incorporate Tom's review comments. ]
Fixes: fce96cf044308 ("virt: Add SEV-SNP guest driver")
Reported-by: Peter Gonda <pgonda@google.com>
Signed-off-by: Peter Gonda <pgonda@google.com>
Signed-off-by: Borislav Petkov <bp@suse.de>
Reviewed-by: Tom Lendacky <thomas.lendacky@amd.com>
Cc: stable@kernel.org
Link: https://lore.kernel.org/r/20221116175558.2373112-1-pgonda@google.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/virt/coco/sev-guest/sev-guest.c | 84 ++++++++++++++++++++-----
1 file changed, 70 insertions(+), 14 deletions(-)
diff --git a/drivers/virt/coco/sev-guest/sev-guest.c b/drivers/virt/coco/sev-guest/sev-guest.c
index f422f9c58ba7..1ea6d2e5b218 100644
--- a/drivers/virt/coco/sev-guest/sev-guest.c
+++ b/drivers/virt/coco/sev-guest/sev-guest.c
@@ -67,8 +67,27 @@ static bool is_vmpck_empty(struct snp_guest_dev *snp_dev)
return true;
}
+/*
+ * If an error is received from the host or AMD Secure Processor (ASP) there
+ * are two options. Either retry the exact same encrypted request or discontinue
+ * using the VMPCK.
+ *
+ * This is because in the current encryption scheme GHCB v2 uses AES-GCM to
+ * encrypt the requests. The IV for this scheme is the sequence number. GCM
+ * cannot tolerate IV reuse.
+ *
+ * The ASP FW v1.51 only increments the sequence numbers on a successful
+ * guest<->ASP back and forth and only accepts messages at its exact sequence
+ * number.
+ *
+ * So if the sequence number were to be reused the encryption scheme is
+ * vulnerable. If the sequence number were incremented for a fresh IV the ASP
+ * will reject the request.
+ */
static void snp_disable_vmpck(struct snp_guest_dev *snp_dev)
{
+ dev_alert(snp_dev->dev, "Disabling vmpck_id %d to prevent IV reuse.\n",
+ vmpck_id);
memzero_explicit(snp_dev->vmpck, VMPCK_KEY_LEN);
snp_dev->vmpck = NULL;
}
@@ -321,34 +340,71 @@ static int handle_guest_request(struct snp_guest_dev *snp_dev, u64 exit_code, in
if (rc)
return rc;
- /* Call firmware to process the request */
+ /*
+ * Call firmware to process the request. In this function the encrypted
+ * message enters shared memory with the host. So after this call the
+ * sequence number must be incremented or the VMPCK must be deleted to
+ * prevent reuse of the IV.
+ */
rc = snp_issue_guest_request(exit_code, &snp_dev->input, &err);
+
+ /*
+ * If the extended guest request fails due to having too small of a
+ * certificate data buffer, retry the same guest request without the
+ * extended data request in order to increment the sequence number
+ * and thus avoid IV reuse.
+ */
+ if (exit_code == SVM_VMGEXIT_EXT_GUEST_REQUEST &&
+ err == SNP_GUEST_REQ_INVALID_LEN) {
+ const unsigned int certs_npages = snp_dev->input.data_npages;
+
+ exit_code = SVM_VMGEXIT_GUEST_REQUEST;
+
+ /*
+ * If this call to the firmware succeeds, the sequence number can
+ * be incremented allowing for continued use of the VMPCK. If
+ * there is an error reflected in the return value, this value
+ * is checked further down and the result will be the deletion
+ * of the VMPCK and the error code being propagated back to the
+ * user as an ioctl() return code.
+ */
+ rc = snp_issue_guest_request(exit_code, &snp_dev->input, &err);
+
+ /*
+ * Override the error to inform callers the given extended
+ * request buffer size was too small and give the caller the
+ * required buffer size.
+ */
+ err = SNP_GUEST_REQ_INVALID_LEN;
+ snp_dev->input.data_npages = certs_npages;
+ }
+
if (fw_err)
*fw_err = err;
- if (rc)
- return rc;
+ if (rc) {
+ dev_alert(snp_dev->dev,
+ "Detected error from ASP request. rc: %d, fw_err: %llu\n",
+ rc, *fw_err);
+ goto disable_vmpck;
+ }
- /*
- * The verify_and_dec_payload() will fail only if the hypervisor is
- * actively modifying the message header or corrupting the encrypted payload.
- * This hints that hypervisor is acting in a bad faith. Disable the VMPCK so that
- * the key cannot be used for any communication. The key is disabled to ensure
- * that AES-GCM does not use the same IV while encrypting the request payload.
- */
rc = verify_and_dec_payload(snp_dev, resp_buf, resp_sz);
if (rc) {
dev_alert(snp_dev->dev,
- "Detected unexpected decode failure, disabling the vmpck_id %d\n",
- vmpck_id);
- snp_disable_vmpck(snp_dev);
- return rc;
+ "Detected unexpected decode failure from ASP. rc: %d\n",
+ rc);
+ goto disable_vmpck;
}
/* Increment to new message sequence after payload decryption was successful. */
snp_inc_msg_seqno(snp_dev);
return 0;
+
+disable_vmpck:
+ snp_disable_vmpck(snp_dev);
+ return rc;
}
static int get_report(struct snp_guest_dev *snp_dev, struct snp_guest_request_ioctl *arg)
--
2.38.1
^ permalink raw reply related [flat|nested] 305+ messages in thread
* [PATCH 6.0 178/289] cpufreq: amd-pstate: cpufreq: amd-pstate: reset MSR_AMD_PERF_CTL register at init
2022-11-30 18:19 [PATCH 6.0 000/289] 6.0.11-rc1 review Greg Kroah-Hartman
` (176 preceding siblings ...)
2022-11-30 18:22 ` [PATCH 6.0 177/289] virt/sev-guest: Prevent IV reuse in the SNP guest driver Greg Kroah-Hartman
@ 2022-11-30 18:22 ` Greg Kroah-Hartman
2022-11-30 18:22 ` [PATCH 6.0 179/289] zonefs: Fix active zone accounting Greg Kroah-Hartman
` (120 subsequent siblings)
298 siblings, 0 replies; 305+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-30 18:22 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Huang Rui, Gautham R. Shenoy,
Wyes Karny, Perry Yuan, Rafael J. Wysocki
From: Wyes Karny <wyes.karny@amd.com>
commit 919f4557696939625085435ebde09a539de2349c upstream.
MSR_AMD_PERF_CTL is guaranteed to be 0 on a cold boot. However, on a
kexec boot, for instance, it may have a non-zero value (if the cpu was
in a non-P0 Pstate). In such cases, the cores with non-P0 Pstates at
boot will never be pushed to P0, let alone boost frequencies.
Kexec is a common workflow for reboot on Linux and this creates a
regression in performance. Fix it by explicitly setting the
MSR_AMD_PERF_CTL to 0 during amd_pstate driver init.
Cc: All applicable <stable@vger.kernel.org>
Acked-by: Huang Rui <ray.huang@amd.com>
Reviewed-by: Gautham R. Shenoy <gautham.shenoy@amd.com>
Tested-by: Wyes Karny <wyes.karny@amd.com>
Signed-off-by: Wyes Karny <wyes.karny@amd.com>
Signed-off-by: Perry Yuan <Perry.Yuan@amd.com>
Signed-off-by: Rafael J. Wysocki <rafael.j.wysocki@intel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/cpufreq/amd-pstate.c | 10 ++++++++++
1 file changed, 10 insertions(+)
--- a/drivers/cpufreq/amd-pstate.c
+++ b/drivers/cpufreq/amd-pstate.c
@@ -483,12 +483,22 @@ static void amd_pstate_boost_init(struct
amd_pstate_driver.boost_enabled = true;
}
+static void amd_perf_ctl_reset(unsigned int cpu)
+{
+ wrmsrl_on_cpu(cpu, MSR_AMD_PERF_CTL, 0);
+}
+
static int amd_pstate_cpu_init(struct cpufreq_policy *policy)
{
int min_freq, max_freq, nominal_freq, lowest_nonlinear_freq, ret;
struct device *dev;
struct amd_cpudata *cpudata;
+ /*
+ * Resetting PERF_CTL_MSR will put the CPU in P0 frequency,
+ * which is ideal for initialization process.
+ */
+ amd_perf_ctl_reset(policy->cpu);
dev = get_cpu_device(policy->cpu);
if (!dev)
return -ENODEV;
^ permalink raw reply [flat|nested] 305+ messages in thread
* [PATCH 6.0 179/289] zonefs: Fix active zone accounting
2022-11-30 18:19 [PATCH 6.0 000/289] 6.0.11-rc1 review Greg Kroah-Hartman
` (177 preceding siblings ...)
2022-11-30 18:22 ` [PATCH 6.0 178/289] cpufreq: amd-pstate: cpufreq: amd-pstate: reset MSR_AMD_PERF_CTL register at init Greg Kroah-Hartman
@ 2022-11-30 18:22 ` Greg Kroah-Hartman
2022-11-30 18:22 ` [PATCH 6.0 180/289] bus: ixp4xx: Dont touch bit 7 on IXP42x Greg Kroah-Hartman
` (119 subsequent siblings)
298 siblings, 0 replies; 305+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-30 18:22 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Damien Le Moal, Johannes Thumshirn
From: Damien Le Moal <damien.lemoal@opensource.wdc.com>
commit db58653ce0c7cf4d155727852607106f890005c0 upstream.
If a file zone transitions to the offline or readonly state from an
active state, we must clear the zone active flag and decrement the
active seq file counter. Do so in zonefs_account_active() using the new
zonefs inode flags ZONEFS_ZONE_OFFLINE and ZONEFS_ZONE_READONLY. These
flags are set if necessary in zonefs_check_zone_condition() based on the
result of report zones operation after an IO error.
Fixes: 87c9ce3ffec9 ("zonefs: Add active seq file accounting")
Cc: stable@vger.kernel.org
Signed-off-by: Damien Le Moal <damien.lemoal@opensource.wdc.com>
Reviewed-by: Johannes Thumshirn <johannes.thumshirn@wdc.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/zonefs/super.c | 11 +++++++++++
fs/zonefs/zonefs.h | 6 ++++--
2 files changed, 15 insertions(+), 2 deletions(-)
--- a/fs/zonefs/super.c
+++ b/fs/zonefs/super.c
@@ -41,6 +41,13 @@ static void zonefs_account_active(struct
return;
/*
+ * For zones that transitioned to the offline or readonly condition,
+ * we only need to clear the active state.
+ */
+ if (zi->i_flags & (ZONEFS_ZONE_OFFLINE | ZONEFS_ZONE_READONLY))
+ goto out;
+
+ /*
* If the zone is active, that is, if it is explicitly open or
* partially written, check if it was already accounted as active.
*/
@@ -53,6 +60,7 @@ static void zonefs_account_active(struct
return;
}
+out:
/* The zone is not active. If it was, update the active count */
if (zi->i_flags & ZONEFS_ZONE_ACTIVE) {
zi->i_flags &= ~ZONEFS_ZONE_ACTIVE;
@@ -324,6 +332,7 @@ static loff_t zonefs_check_zone_conditio
inode->i_flags |= S_IMMUTABLE;
inode->i_mode &= ~0777;
zone->wp = zone->start;
+ zi->i_flags |= ZONEFS_ZONE_OFFLINE;
return 0;
case BLK_ZONE_COND_READONLY:
/*
@@ -342,8 +351,10 @@ static loff_t zonefs_check_zone_conditio
zone->cond = BLK_ZONE_COND_OFFLINE;
inode->i_mode &= ~0777;
zone->wp = zone->start;
+ zi->i_flags |= ZONEFS_ZONE_OFFLINE;
return 0;
}
+ zi->i_flags |= ZONEFS_ZONE_READONLY;
inode->i_mode &= ~0222;
return i_size_read(inode);
case BLK_ZONE_COND_FULL:
--- a/fs/zonefs/zonefs.h
+++ b/fs/zonefs/zonefs.h
@@ -39,8 +39,10 @@ static inline enum zonefs_ztype zonefs_z
return ZONEFS_ZTYPE_SEQ;
}
-#define ZONEFS_ZONE_OPEN (1 << 0)
-#define ZONEFS_ZONE_ACTIVE (1 << 1)
+#define ZONEFS_ZONE_OPEN (1U << 0)
+#define ZONEFS_ZONE_ACTIVE (1U << 1)
+#define ZONEFS_ZONE_OFFLINE (1U << 2)
+#define ZONEFS_ZONE_READONLY (1U << 3)
/*
* In-memory inode data.
^ permalink raw reply [flat|nested] 305+ messages in thread
* [PATCH 6.0 180/289] bus: ixp4xx: Dont touch bit 7 on IXP42x
2022-11-30 18:19 [PATCH 6.0 000/289] 6.0.11-rc1 review Greg Kroah-Hartman
` (178 preceding siblings ...)
2022-11-30 18:22 ` [PATCH 6.0 179/289] zonefs: Fix active zone accounting Greg Kroah-Hartman
@ 2022-11-30 18:22 ` Greg Kroah-Hartman
2022-11-30 18:22 ` [PATCH 6.0 181/289] spi: spi-imx: Fix spi_bus_clk if requested clock is higher than input clock Greg Kroah-Hartman
` (118 subsequent siblings)
298 siblings, 0 replies; 305+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-30 18:22 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Linus Walleij, Arnd Bergmann
From: Linus Walleij <linus.walleij@linaro.org>
commit ff5a19909b49fe5c0b01ae197f84b741e0f698dc upstream.
We face some regressions on a few IXP42x systems when
accessing flash, the following unrelated error prints
appear from the PCI driver:
ixp4xx-pci c0000000.pci: PCI: abort_handler addr = 0xff9ffb5f,
isr = 0x0, status = 0x22a0
ixp4xx-pci c0000000.pci: imprecise abort
(...)
It turns out that while bit 7 is masked "reserved" it is
not unused, so masking it off as zero is dangerous, and
breaks flash access on some systems such as the NSLU2.
Be more careful and avoid masking off any of the reserved
bits 7, 8, 9 or 30. Only keep masking EXP_WORD (bit 2)
on IXP43x which is necessary in some setups.
Fixes: 1c953bda90ca ("bus: ixp4xx: Add a driver for IXP4xx expansion bus")
Signed-off-by: Linus Walleij <linus.walleij@linaro.org>
Cc: stable@vger.kernel.org
Link: https://lore.kernel.org/r/20221122134411.2030372-1-linus.walleij@linaro.org
Signed-off-by: Arnd Bergmann <arnd@arndb.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/bus/intel-ixp4xx-eb.c | 9 +++------
1 file changed, 3 insertions(+), 6 deletions(-)
--- a/drivers/bus/intel-ixp4xx-eb.c
+++ b/drivers/bus/intel-ixp4xx-eb.c
@@ -49,7 +49,7 @@
#define IXP4XX_EXP_SIZE_SHIFT 10
#define IXP4XX_EXP_CNFG_0 BIT(9) /* Always zero */
#define IXP43X_EXP_SYNC_INTEL BIT(8) /* Only on IXP43x */
-#define IXP43X_EXP_EXP_CHIP BIT(7) /* Only on IXP43x */
+#define IXP43X_EXP_EXP_CHIP BIT(7) /* Only on IXP43x, dangerous to touch on IXP42x */
#define IXP4XX_EXP_BYTE_RD16 BIT(6)
#define IXP4XX_EXP_HRDY_POL BIT(5) /* Only on IXP42x */
#define IXP4XX_EXP_MUX_EN BIT(4)
@@ -57,8 +57,6 @@
#define IXP4XX_EXP_WORD BIT(2) /* Always zero */
#define IXP4XX_EXP_WR_EN BIT(1)
#define IXP4XX_EXP_BYTE_EN BIT(0)
-#define IXP42X_RESERVED (BIT(30)|IXP4XX_EXP_CNFG_0|BIT(8)|BIT(7)|IXP4XX_EXP_WORD)
-#define IXP43X_RESERVED (BIT(30)|IXP4XX_EXP_CNFG_0|BIT(5)|IXP4XX_EXP_WORD)
#define IXP4XX_EXP_CNFG0 0x20
#define IXP4XX_EXP_CNFG0_MEM_MAP BIT(31)
@@ -252,10 +250,9 @@ static void ixp4xx_exp_setup_chipselect(
cs_cfg |= val << IXP4XX_EXP_CYC_TYPE_SHIFT;
}
- if (eb->is_42x)
- cs_cfg &= ~IXP42X_RESERVED;
if (eb->is_43x) {
- cs_cfg &= ~IXP43X_RESERVED;
+ /* Should always be zero */
+ cs_cfg &= ~IXP4XX_EXP_WORD;
/*
* This bit for Intel strata flash is currently unused, but let's
* report it if we find one.
^ permalink raw reply [flat|nested] 305+ messages in thread
* [PATCH 6.0 181/289] spi: spi-imx: Fix spi_bus_clk if requested clock is higher than input clock
2022-11-30 18:19 [PATCH 6.0 000/289] 6.0.11-rc1 review Greg Kroah-Hartman
` (179 preceding siblings ...)
2022-11-30 18:22 ` [PATCH 6.0 180/289] bus: ixp4xx: Dont touch bit 7 on IXP42x Greg Kroah-Hartman
@ 2022-11-30 18:22 ` Greg Kroah-Hartman
2022-11-30 18:22 ` [PATCH 6.0 182/289] spi: spi-imx: spi_imx_transfer_one(): check for DMA transfer first Greg Kroah-Hartman
` (117 subsequent siblings)
298 siblings, 0 replies; 305+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-30 18:22 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Marc Kleine-Budde, David Jander,
Fabio Estevam, Mark Brown, Marek Vasut, Frieder Schrempf
From: Frieder Schrempf <frieder.schrempf@kontron.de>
commit db2d2dc9a0b58c6faefb6b002fdbed4f0362d1a4 upstream.
In case the requested bus clock is higher than the input clock, the correct
dividers (pre = 0, post = 0) are returned from mx51_ecspi_clkdiv(), but
*fres is left uninitialized and therefore contains an arbitrary value.
This causes trouble for the recently introduced PIO polling feature as the
value in spi_imx->spi_bus_clk is used there to calculate for which
transfers to enable PIO polling.
Fix this by setting *fres even if no clock dividers are in use.
This issue was observed on Kontron BL i.MX8MM with an SPI peripheral clock set
to 50 MHz by default and a requested SPI bus clock of 80 MHz for the SPI NOR
flash.
With the fix applied the debug message from mx51_ecspi_clkdiv() now prints the
following:
spi_imx 30820000.spi: mx51_ecspi_clkdiv: fin: 50000000, fspi: 50000000,
post: 0, pre: 0
Fixes: 6fd8b8503a0d ("spi: spi-imx: Fix out-of-order CS/SCLK operation at low speeds")
Fixes: 07e759387788 ("spi: spi-imx: add PIO polling support")
Cc: Marc Kleine-Budde <mkl@pengutronix.de>
Cc: David Jander <david@protonic.nl>
Cc: Fabio Estevam <festevam@gmail.com>
Cc: Mark Brown <broonie@kernel.org>
Cc: Marek Vasut <marex@denx.de>
Cc: stable@vger.kernel.org
Signed-off-by: Frieder Schrempf <frieder.schrempf@kontron.de>
Tested-by: Fabio Estevam <festevam@gmail.com>
Acked-by: Marek Vasut <marex@denx.de>
Link: https://lore.kernel.org/r/20221115181002.2068270-1-frieder@fris.de
Signed-off-by: Mark Brown <broonie@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/spi/spi-imx.c | 3 +--
1 file changed, 1 insertion(+), 2 deletions(-)
--- a/drivers/spi/spi-imx.c
+++ b/drivers/spi/spi-imx.c
@@ -444,8 +444,7 @@ static unsigned int mx51_ecspi_clkdiv(st
unsigned int pre, post;
unsigned int fin = spi_imx->spi_clk;
- if (unlikely(fspi > fin))
- return 0;
+ fspi = min(fspi, fin);
post = fls(fin) - fls(fspi);
if (fin > fspi << post)
^ permalink raw reply [flat|nested] 305+ messages in thread
* [PATCH 6.0 182/289] spi: spi-imx: spi_imx_transfer_one(): check for DMA transfer first
2022-11-30 18:19 [PATCH 6.0 000/289] 6.0.11-rc1 review Greg Kroah-Hartman
` (180 preceding siblings ...)
2022-11-30 18:22 ` [PATCH 6.0 181/289] spi: spi-imx: Fix spi_bus_clk if requested clock is higher than input clock Greg Kroah-Hartman
@ 2022-11-30 18:22 ` Greg Kroah-Hartman
2022-11-30 18:22 ` [PATCH 6.0 183/289] init/Kconfig: fix CC_HAS_ASM_GOTO_TIED_OUTPUT test with dash Greg Kroah-Hartman
` (116 subsequent siblings)
298 siblings, 0 replies; 305+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-30 18:22 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Frieder Schrempf, Fabio Estevam,
David Jander, Marc Kleine-Budde, Mark Brown
From: Marc Kleine-Budde <mkl@pengutronix.de>
commit e85e9e0d8cb759013d6474011c227f92e442d746 upstream.
The SPI framework checks for each transfer (with the struct
spi_controller::can_dma callback) whether the driver wants to use DMA
for the transfer. If the driver returns true, the SPI framework will
map the transfer's data to the device, start the actual transfer and
map the data back.
In commit 07e759387788 ("spi: spi-imx: add PIO polling support") the
spi-imx driver's spi_imx_transfer_one() function was extended. If the
estimated duration of a transfer does not exceed a configurable
duration, a polling transfer function is used. This check happens
before checking if the driver decided earlier for a DMA transfer.
If spi_imx_can_dma() decided to use a DMA transfer, and the user
configured a big maximum polling duration, a polling transfer will be
used. The DMA unmap after the transfer destroys the transferred data.
To fix this problem check in spi_imx_transfer_one() if the driver
decided for DMA transfer first, then check the limits for a polling
transfer.
Fixes: 07e759387788 ("spi: spi-imx: add PIO polling support")
Link: https://lore.kernel.org/all/20221111003032.82371-1-festevam@gmail.com
Reported-by: Frieder Schrempf <frieder.schrempf@kontron.de>
Reported-by: Fabio Estevam <festevam@gmail.com>
Tested-by: Fabio Estevam <festevam@gmail.com>
Cc: David Jander <david@protonic.nl>
Cc: stable@vger.kernel.org
Signed-off-by: Marc Kleine-Budde <mkl@pengutronix.de>
Tested-by: Frieder Schrempf <frieder.schrempf@kontron.de>
Reviewed-by: Frieder Schrempf <frieder.schrempf@kontron.de>
Link: https://lore.kernel.org/r/20221116164930.855362-1-mkl@pengutronix.de
Signed-off-by: Mark Brown <broonie@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/spi/spi-imx.c | 10 +++++++---
1 file changed, 7 insertions(+), 3 deletions(-)
diff --git a/drivers/spi/spi-imx.c b/drivers/spi/spi-imx.c
index 468ce0a2b282..d209930069cf 100644
--- a/drivers/spi/spi-imx.c
+++ b/drivers/spi/spi-imx.c
@@ -1606,6 +1606,13 @@ static int spi_imx_transfer_one(struct spi_controller *controller,
if (spi_imx->slave_mode)
return spi_imx_pio_transfer_slave(spi, transfer);
+ /*
+ * If we decided in spi_imx_can_dma() that we want to do a DMA
+ * transfer, the SPI transfer has already been mapped, so we
+ * have to do the DMA transfer here.
+ */
+ if (spi_imx->usedma)
+ return spi_imx_dma_transfer(spi_imx, transfer);
/*
* Calculate the estimated time in us the transfer runs. Find
* the number of Hz per byte per polling limit.
@@ -1617,9 +1624,6 @@ static int spi_imx_transfer_one(struct spi_controller *controller,
if (transfer->len < byte_limit)
return spi_imx_poll_transfer(spi, transfer);
- if (spi_imx->usedma)
- return spi_imx_dma_transfer(spi_imx, transfer);
-
return spi_imx_pio_transfer(spi, transfer);
}
--
2.38.1
^ permalink raw reply related [flat|nested] 305+ messages in thread
* [PATCH 6.0 183/289] init/Kconfig: fix CC_HAS_ASM_GOTO_TIED_OUTPUT test with dash
2022-11-30 18:19 [PATCH 6.0 000/289] 6.0.11-rc1 review Greg Kroah-Hartman
` (181 preceding siblings ...)
2022-11-30 18:22 ` [PATCH 6.0 182/289] spi: spi-imx: spi_imx_transfer_one(): check for DMA transfer first Greg Kroah-Hartman
@ 2022-11-30 18:22 ` Greg Kroah-Hartman
2022-11-30 18:22 ` [PATCH 6.0 184/289] NFSD: Fix reads with a non-zero offset that dont end on a page boundary Greg Kroah-Hartman
` (115 subsequent siblings)
298 siblings, 0 replies; 305+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-30 18:22 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Alexandre Belloni,
Sean Christopherson, Masahiro Yamada, Sasha Levin
From: Alexandre Belloni <alexandre.belloni@bootlin.com>
[ Upstream commit 534bd70374d646f17e2cebe0e6e4cdd478ce4f0c ]
When using dash as /bin/sh, the CC_HAS_ASM_GOTO_TIED_OUTPUT test fails
with a syntax error which is not the one we are looking for:
<stdin>: In function ‘foo’:
<stdin>:1:29: warning: missing terminating " character
<stdin>:1:29: error: missing terminating " character
<stdin>:2:5: error: expected ‘:’ before ‘+’ token
<stdin>:2:7: warning: missing terminating " character
<stdin>:2:7: error: missing terminating " character
<stdin>:2:5: error: expected declaration or statement at end of input
Removing '\n' solves this.
Fixes: 1aa0e8b144b6 ("Kconfig: Add option for asm goto w/ tied outputs to workaround clang-13 bug")
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Reviewed-by: Sean Christopherson <seanjc@google.com>
Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
init/Kconfig | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/init/Kconfig b/init/Kconfig
index 532362fcfe31..d1d779d6ba43 100644
--- a/init/Kconfig
+++ b/init/Kconfig
@@ -76,7 +76,7 @@ config CC_HAS_ASM_GOTO_OUTPUT
config CC_HAS_ASM_GOTO_TIED_OUTPUT
depends on CC_HAS_ASM_GOTO_OUTPUT
# Detect buggy gcc and clang, fixed in gcc-11 clang-14.
- def_bool $(success,echo 'int foo(int *x) { asm goto (".long (%l[bar]) - .\n": "+m"(*x) ::: bar); return *x; bar: return 0; }' | $CC -x c - -c -o /dev/null)
+ def_bool $(success,echo 'int foo(int *x) { asm goto (".long (%l[bar]) - .": "+m"(*x) ::: bar); return *x; bar: return 0; }' | $CC -x c - -c -o /dev/null)
config TOOLS_SUPPORT_RELR
def_bool $(success,env "CC=$(CC)" "LD=$(LD)" "NM=$(NM)" "OBJCOPY=$(OBJCOPY)" $(srctree)/scripts/tools-support-relr.sh)
--
2.35.1
^ permalink raw reply related [flat|nested] 305+ messages in thread
* [PATCH 6.0 184/289] NFSD: Fix reads with a non-zero offset that dont end on a page boundary
2022-11-30 18:19 [PATCH 6.0 000/289] 6.0.11-rc1 review Greg Kroah-Hartman
` (182 preceding siblings ...)
2022-11-30 18:22 ` [PATCH 6.0 183/289] init/Kconfig: fix CC_HAS_ASM_GOTO_TIED_OUTPUT test with dash Greg Kroah-Hartman
@ 2022-11-30 18:22 ` Greg Kroah-Hartman
2022-11-30 18:22 ` [PATCH 6.0 185/289] nios2: add FORCE for vmlinuz.gz Greg Kroah-Hartman
` (114 subsequent siblings)
298 siblings, 0 replies; 305+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-30 18:22 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Anders Blomdell, Al Viro,
Chuck Lever, Sasha Levin
From: Chuck Lever <chuck.lever@oracle.com>
[ Upstream commit ac8db824ead0de2e9111337c401409d010fba2f0 ]
This was found when virtual machines with nfs-mounted qcow2 disks
failed to boot properly.
Reported-by: Anders Blomdell <anders.blomdell@control.lth.se>
Suggested-by: Al Viro <viro@zeniv.linux.org.uk>
Link: https://bugzilla.redhat.com/show_bug.cgi?id=2142132
Fixes: bfbfb6182ad1 ("nfsd_splice_actor(): handle compound pages")
Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
fs/nfsd/vfs.c | 7 ++++---
1 file changed, 4 insertions(+), 3 deletions(-)
diff --git a/fs/nfsd/vfs.c b/fs/nfsd/vfs.c
index fc17b0ac8729..f3cd614e1f1e 100644
--- a/fs/nfsd/vfs.c
+++ b/fs/nfsd/vfs.c
@@ -847,10 +847,11 @@ nfsd_splice_actor(struct pipe_inode_info *pipe, struct pipe_buffer *buf,
struct svc_rqst *rqstp = sd->u.data;
struct page *page = buf->page; // may be a compound one
unsigned offset = buf->offset;
+ struct page *last_page;
- page += offset / PAGE_SIZE;
- for (int i = sd->len; i > 0; i -= PAGE_SIZE)
- svc_rqst_replace_page(rqstp, page++);
+ last_page = page + (offset + sd->len - 1) / PAGE_SIZE;
+ for (page += offset / PAGE_SIZE; page <= last_page; page++)
+ svc_rqst_replace_page(rqstp, page);
if (rqstp->rq_res.page_len == 0) // first call
rqstp->rq_res.page_base = offset % PAGE_SIZE;
rqstp->rq_res.page_len += sd->len;
--
2.35.1
^ permalink raw reply related [flat|nested] 305+ messages in thread
* [PATCH 6.0 185/289] nios2: add FORCE for vmlinuz.gz
2022-11-30 18:19 [PATCH 6.0 000/289] 6.0.11-rc1 review Greg Kroah-Hartman
` (183 preceding siblings ...)
2022-11-30 18:22 ` [PATCH 6.0 184/289] NFSD: Fix reads with a non-zero offset that dont end on a page boundary Greg Kroah-Hartman
@ 2022-11-30 18:22 ` Greg Kroah-Hartman
2022-11-30 18:22 ` [PATCH 6.0 186/289] drm/amdgpu: Enable SA software trap Greg Kroah-Hartman
` (113 subsequent siblings)
298 siblings, 0 replies; 305+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-30 18:22 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Randy Dunlap, Masahiro Yamada, Sasha Levin
From: Randy Dunlap <rdunlap@infradead.org>
[ Upstream commit 869e4ae4cd2a23d625aaa14ae62dbebf768cb77d ]
Add FORCE to placate a warning from make:
arch/nios2/boot/Makefile:24: FORCE prerequisite is missing
Fixes: 2fc8483fdcde ("nios2: Build infrastructure")
Signed-off-by: Randy Dunlap <rdunlap@infradead.org>
Reviewed-by: Masahiro Yamada <masahiroy@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/nios2/boot/Makefile | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/arch/nios2/boot/Makefile b/arch/nios2/boot/Makefile
index 8c3ad76602f3..29c11a06b750 100644
--- a/arch/nios2/boot/Makefile
+++ b/arch/nios2/boot/Makefile
@@ -20,7 +20,7 @@ $(obj)/vmlinux.bin: vmlinux FORCE
$(obj)/vmlinux.gz: $(obj)/vmlinux.bin FORCE
$(call if_changed,gzip)
-$(obj)/vmImage: $(obj)/vmlinux.gz
+$(obj)/vmImage: $(obj)/vmlinux.gz FORCE
$(call if_changed,uimage)
@$(kecho) 'Kernel: $@ is ready'
--
2.35.1
^ permalink raw reply related [flat|nested] 305+ messages in thread
* [PATCH 6.0 186/289] drm/amdgpu: Enable SA software trap.
2022-11-30 18:19 [PATCH 6.0 000/289] 6.0.11-rc1 review Greg Kroah-Hartman
` (184 preceding siblings ...)
2022-11-30 18:22 ` [PATCH 6.0 185/289] nios2: add FORCE for vmlinuz.gz Greg Kroah-Hartman
@ 2022-11-30 18:22 ` Greg Kroah-Hartman
2022-11-30 18:22 ` [PATCH 6.0 187/289] drm/amdkfd: update GFX11 CWSR trap handler Greg Kroah-Hartman
` (112 subsequent siblings)
298 siblings, 0 replies; 305+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-30 18:22 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Jay Cornwall, David Belanger,
Felix Kuehling, Alex Deucher, Sasha Levin
From: David Belanger <david.belanger@amd.com>
[ Upstream commit 585a82618bc422508c0c8ae0dfe2f76f22c28361 ]
Enables support for software trap for MES >= 4.
Adapted from implementation from Jay Cornwall.
v2: Add IP version check in conditions.
v3: Remove debugger code changes.
Signed-off-by: Jay Cornwall <Jay.Cornwall@amd.com>
Signed-off-by: David Belanger <david.belanger@amd.com>
Reviewed-by: Felix Kuehling <Felix.Kuehling@amd.com>
Acked-by: Alex Deucher <alexander.deucher@amd.com>
Signed-off-by: Alex Deucher <alexander.deucher@amd.com>
Stable-dep-of: 6640f8e5adb6 ("drm/amdkfd: update GFX11 CWSR trap handler")
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/gpu/drm/amd/amdgpu/mes_v11_0.c | 6 +-
.../gpu/drm/amd/amdkfd/cwsr_trap_handler.h | 771 +++++++++---------
.../amd/amdkfd/cwsr_trap_handler_gfx10.asm | 21 +
3 files changed, 413 insertions(+), 385 deletions(-)
diff --git a/drivers/gpu/drm/amd/amdgpu/mes_v11_0.c b/drivers/gpu/drm/amd/amdgpu/mes_v11_0.c
index 3bff0ae15e64..3175b9c1849d 100644
--- a/drivers/gpu/drm/amd/amdgpu/mes_v11_0.c
+++ b/drivers/gpu/drm/amd/amdgpu/mes_v11_0.c
@@ -190,7 +190,11 @@ static int mes_v11_0_add_hw_queue(struct amdgpu_mes *mes,
mes_add_queue_pkt.trap_handler_addr = input->tba_addr;
mes_add_queue_pkt.tma_addr = input->tma_addr;
mes_add_queue_pkt.is_kfd_process = input->is_kfd_process;
- mes_add_queue_pkt.trap_en = 1;
+
+ if (!(((adev->mes.sched_version & AMDGPU_MES_VERSION_MASK) >= 4) &&
+ (adev->ip_versions[GC_HWIP][0] >= IP_VERSION(11, 0, 0)) &&
+ (adev->ip_versions[GC_HWIP][0] <= IP_VERSION(11, 0, 3))))
+ mes_add_queue_pkt.trap_en = 1;
/* For KFD, gds_size is re-used for queue size (needed in MES for AQL queues) */
mes_add_queue_pkt.is_aql_queue = input->is_aql_queue;
diff --git a/drivers/gpu/drm/amd/amdkfd/cwsr_trap_handler.h b/drivers/gpu/drm/amd/amdkfd/cwsr_trap_handler.h
index 60a81649cf12..c7118843db05 100644
--- a/drivers/gpu/drm/amd/amdkfd/cwsr_trap_handler.h
+++ b/drivers/gpu/drm/amd/amdkfd/cwsr_trap_handler.h
@@ -742,7 +742,7 @@ static const uint32_t cwsr_trap_nv1x_hex[] = {
0xbf88fffe, 0x877aff7f,
0x04000000, 0x8f7a857a,
0x886d7a6d, 0xb97b02dc,
- 0x8f7b997b, 0xb97a2a05,
+ 0x8f7b997b, 0xb97a3a05,
0x807a817a, 0xbf0d997b,
0xbf850002, 0x8f7a897a,
0xbf820001, 0x8f7a8a7a,
@@ -819,7 +819,7 @@ static const uint32_t cwsr_trap_nv1x_hex[] = {
0xbefe037c, 0xbefc0370,
0xf4611c7a, 0xf8000000,
0x80708470, 0xbefc037e,
- 0xb9702a05, 0x80708170,
+ 0xb9703a05, 0x80708170,
0xbf0d9973, 0xbf850002,
0x8f708970, 0xbf820001,
0x8f708a70, 0xb97a1e06,
@@ -1069,7 +1069,7 @@ static const uint32_t cwsr_trap_nv1x_hex[] = {
0xb9f9f816, 0x876f7bff,
0xfffff800, 0x906f8b6f,
0xb9efa2c3, 0xb9f3f801,
- 0xb96e2a05, 0x806e816e,
+ 0xb96e3a05, 0x806e816e,
0xbf0d9972, 0xbf850002,
0x8f6e896e, 0xbf820001,
0x8f6e8a6e, 0xb96f1e06,
@@ -2114,7 +2114,7 @@ static const uint32_t cwsr_trap_gfx10_hex[] = {
0x007a0000, 0x7e000280,
0xbefe037a, 0xbeff037b,
0xb97b02dc, 0x8f7b997b,
- 0xb97a2a05, 0x807a817a,
+ 0xb97a3a05, 0x807a817a,
0xbf0d997b, 0xbf850002,
0x8f7a897a, 0xbf820001,
0x8f7a8a7a, 0xb97b1e06,
@@ -2157,7 +2157,7 @@ static const uint32_t cwsr_trap_gfx10_hex[] = {
0x01000000, 0xe0704100,
0x705d0100, 0xe0704200,
0x705d0200, 0xe0704300,
- 0x705d0300, 0xb9702a05,
+ 0x705d0300, 0xb9703a05,
0x80708170, 0xbf0d9973,
0xbf850002, 0x8f708970,
0xbf820001, 0x8f708a70,
@@ -2189,7 +2189,7 @@ static const uint32_t cwsr_trap_gfx10_hex[] = {
0xbefe03ff, 0x0000ffff,
0xbeff0380, 0xe0704000,
0x705d0200, 0xbefe03c1,
- 0xb9702a05, 0x80708170,
+ 0xb9703a05, 0x80708170,
0xbf0d9973, 0xbf850002,
0x8f708970, 0xbf820001,
0x8f708a70, 0xb97a1e06,
@@ -2475,7 +2475,7 @@ static const uint32_t cwsr_trap_gfx10_hex[] = {
0xb9ef4803, 0x876f7bff,
0xfffff800, 0x906f8b6f,
0xb9efa2c3, 0xb9f3f801,
- 0xb96e2a05, 0x806e816e,
+ 0xb96e3a05, 0x806e816e,
0xbf0d9972, 0xbf850002,
0x8f6e896e, 0xbf820001,
0x8f6e8a6e, 0xb96f1e06,
@@ -2494,438 +2494,441 @@ static const uint32_t cwsr_trap_gfx10_hex[] = {
0xbf9f0000, 0xbf9f0000,
0xbf9f0000, 0x00000000,
};
-
static const uint32_t cwsr_trap_gfx11_hex[] = {
- 0xbfa00001, 0xbfa0021b,
+ 0xbfa00001, 0xbfa0021e,
0xb0804006, 0xb8f8f802,
- 0x91788678, 0xb8fbf803,
- 0x8b6eff78, 0x00002000,
- 0xbfa10009, 0x8b6eff6d,
- 0x00ff0000, 0xbfa2001e,
- 0x8b6eff7b, 0x00000400,
- 0xbfa20041, 0xbf830010,
- 0xb8fbf803, 0xbfa0fffa,
- 0x8b6eff7b, 0x00000900,
- 0xbfa20015, 0x8b6eff7b,
- 0x000071ff, 0xbfa10008,
- 0x8b6fff7b, 0x00007080,
- 0xbfa10001, 0xbeee1287,
- 0xb8eff801, 0x846e8c6e,
- 0x8b6e6f6e, 0xbfa2000a,
+ 0x9178ff78, 0x00020006,
+ 0xb8fbf803, 0xbf0d9f6d,
+ 0xbfa20006, 0x8b6eff78,
+ 0x00002000, 0xbfa10009,
0x8b6eff6d, 0x00ff0000,
- 0xbfa20007, 0xb8eef801,
- 0x8b6eff6e, 0x00000800,
- 0xbfa20003, 0x8b6eff7b,
- 0x00000400, 0xbfa20026,
- 0xbefa4d82, 0xbf89fc07,
- 0x84fa887a, 0xf4005bbd,
- 0xf8000010, 0xbf89fc07,
- 0x846e976e, 0x9177ff77,
- 0x00800000, 0x8c776e77,
- 0xf4045bbd, 0xf8000000,
- 0xbf89fc07, 0xf4045ebd,
- 0xf8000008, 0xbf89fc07,
- 0x8bee6e6e, 0xbfa10001,
- 0xbe80486e, 0x8b6eff6d,
- 0x01ff0000, 0xbfa20005,
- 0x8c78ff78, 0x00002000,
- 0x80ec886c, 0x82ed806d,
- 0xbfa00005, 0x8b6eff6d,
- 0x01000000, 0xbfa20002,
- 0x806c846c, 0x826d806d,
- 0x8b6dff6d, 0x0000ffff,
- 0x8bfe7e7e, 0x8bea6a6a,
- 0xb978f802, 0xbe804a6c,
- 0x8b6dff6d, 0x0000ffff,
- 0xbefa0080, 0xb97a0283,
- 0xbeee007e, 0xbeef007f,
- 0xbefe0180, 0xbefe4d84,
- 0xbf89fc07, 0x8b7aff7f,
- 0x04000000, 0x847a857a,
- 0x8c6d7a6d, 0xbefa007e,
- 0x8b7bff7f, 0x0000ffff,
- 0xbefe00c1, 0xbeff00c1,
- 0xdca6c000, 0x007a0000,
- 0x7e000280, 0xbefe007a,
- 0xbeff007b, 0xb8fb02dc,
- 0x847b997b, 0xb8fa3b05,
- 0x807a817a, 0xbf0d997b,
- 0xbfa20002, 0x847a897a,
- 0xbfa00001, 0x847a8a7a,
- 0xb8fb1e06, 0x847b8a7b,
- 0x807a7b7a, 0x8b7bff7f,
- 0x0000ffff, 0x807aff7a,
- 0x00000200, 0x807a7e7a,
- 0x827b807b, 0xd7610000,
- 0x00010870, 0xd7610000,
- 0x00010a71, 0xd7610000,
- 0x00010c72, 0xd7610000,
- 0x00010e73, 0xd7610000,
- 0x00011074, 0xd7610000,
- 0x00011275, 0xd7610000,
- 0x00011476, 0xd7610000,
- 0x00011677, 0xd7610000,
- 0x00011a79, 0xd7610000,
- 0x00011c7e, 0xd7610000,
- 0x00011e7f, 0xbefe00ff,
- 0x00003fff, 0xbeff0080,
- 0xdca6c040, 0x007a0000,
- 0xd760007a, 0x00011d00,
- 0xd760007b, 0x00011f00,
+ 0xbfa2001e, 0x8b6eff7b,
+ 0x00000400, 0xbfa20041,
+ 0xbf830010, 0xb8fbf803,
+ 0xbfa0fffa, 0x8b6eff7b,
+ 0x00000900, 0xbfa20015,
+ 0x8b6eff7b, 0x000071ff,
+ 0xbfa10008, 0x8b6fff7b,
+ 0x00007080, 0xbfa10001,
+ 0xbeee1287, 0xb8eff801,
+ 0x846e8c6e, 0x8b6e6f6e,
+ 0xbfa2000a, 0x8b6eff6d,
+ 0x00ff0000, 0xbfa20007,
+ 0xb8eef801, 0x8b6eff6e,
+ 0x00000800, 0xbfa20003,
+ 0x8b6eff7b, 0x00000400,
+ 0xbfa20026, 0xbefa4d82,
+ 0xbf89fc07, 0x84fa887a,
+ 0xf4005bbd, 0xf8000010,
+ 0xbf89fc07, 0x846e976e,
+ 0x9177ff77, 0x00800000,
+ 0x8c776e77, 0xf4045bbd,
+ 0xf8000000, 0xbf89fc07,
+ 0xf4045ebd, 0xf8000008,
+ 0xbf89fc07, 0x8bee6e6e,
+ 0xbfa10001, 0xbe80486e,
+ 0x8b6eff6d, 0x01ff0000,
+ 0xbfa20005, 0x8c78ff78,
+ 0x00002000, 0x80ec886c,
+ 0x82ed806d, 0xbfa00005,
+ 0x8b6eff6d, 0x01000000,
+ 0xbfa20002, 0x806c846c,
+ 0x826d806d, 0x8b6dff6d,
+ 0x0000ffff, 0x8bfe7e7e,
+ 0x8bea6a6a, 0xb978f802,
+ 0xbe804a6c, 0x8b6dff6d,
+ 0x0000ffff, 0xbefa0080,
+ 0xb97a0283, 0xbeee007e,
+ 0xbeef007f, 0xbefe0180,
+ 0xbefe4d84, 0xbf89fc07,
+ 0x8b7aff7f, 0x04000000,
+ 0x847a857a, 0x8c6d7a6d,
+ 0xbefa007e, 0x8b7bff7f,
+ 0x0000ffff, 0xbefe00c1,
+ 0xbeff00c1, 0xdca6c000,
+ 0x007a0000, 0x7e000280,
0xbefe007a, 0xbeff007b,
- 0xbef4007e, 0x8b75ff7f,
- 0x0000ffff, 0x8c75ff75,
- 0x00040000, 0xbef60080,
- 0xbef700ff, 0x10807fac,
- 0xbef1007d, 0xbef00080,
- 0xb8f302dc, 0x84739973,
- 0xbefe00c1, 0x857d9973,
- 0x8b7d817d, 0xbf06817d,
- 0xbfa20002, 0xbeff0080,
- 0xbfa00002, 0xbeff00c1,
- 0xbfa00009, 0xbef600ff,
- 0x01000000, 0xe0685080,
- 0x701d0100, 0xe0685100,
- 0x701d0200, 0xe0685180,
- 0x701d0300, 0xbfa00008,
+ 0xb8fb02dc, 0x847b997b,
+ 0xb8fa3b05, 0x807a817a,
+ 0xbf0d997b, 0xbfa20002,
+ 0x847a897a, 0xbfa00001,
+ 0x847a8a7a, 0xb8fb1e06,
+ 0x847b8a7b, 0x807a7b7a,
+ 0x8b7bff7f, 0x0000ffff,
+ 0x807aff7a, 0x00000200,
+ 0x807a7e7a, 0x827b807b,
+ 0xd7610000, 0x00010870,
+ 0xd7610000, 0x00010a71,
+ 0xd7610000, 0x00010c72,
+ 0xd7610000, 0x00010e73,
+ 0xd7610000, 0x00011074,
+ 0xd7610000, 0x00011275,
+ 0xd7610000, 0x00011476,
+ 0xd7610000, 0x00011677,
+ 0xd7610000, 0x00011a79,
+ 0xd7610000, 0x00011c7e,
+ 0xd7610000, 0x00011e7f,
+ 0xbefe00ff, 0x00003fff,
+ 0xbeff0080, 0xdca6c040,
+ 0x007a0000, 0xd760007a,
+ 0x00011d00, 0xd760007b,
+ 0x00011f00, 0xbefe007a,
+ 0xbeff007b, 0xbef4007e,
+ 0x8b75ff7f, 0x0000ffff,
+ 0x8c75ff75, 0x00040000,
+ 0xbef60080, 0xbef700ff,
+ 0x10807fac, 0xbef1007d,
+ 0xbef00080, 0xb8f302dc,
+ 0x84739973, 0xbefe00c1,
+ 0x857d9973, 0x8b7d817d,
+ 0xbf06817d, 0xbfa20002,
+ 0xbeff0080, 0xbfa00002,
+ 0xbeff00c1, 0xbfa00009,
0xbef600ff, 0x01000000,
- 0xe0685100, 0x701d0100,
- 0xe0685200, 0x701d0200,
- 0xe0685300, 0x701d0300,
+ 0xe0685080, 0x701d0100,
+ 0xe0685100, 0x701d0200,
+ 0xe0685180, 0x701d0300,
+ 0xbfa00008, 0xbef600ff,
+ 0x01000000, 0xe0685100,
+ 0x701d0100, 0xe0685200,
+ 0x701d0200, 0xe0685300,
+ 0x701d0300, 0xb8f03b05,
+ 0x80708170, 0xbf0d9973,
+ 0xbfa20002, 0x84708970,
+ 0xbfa00001, 0x84708a70,
+ 0xb8fa1e06, 0x847a8a7a,
+ 0x80707a70, 0x8070ff70,
+ 0x00000200, 0xbef600ff,
+ 0x01000000, 0x7e000280,
+ 0x7e020280, 0x7e040280,
+ 0xbefd0080, 0xd7610002,
+ 0x0000fa71, 0x807d817d,
+ 0xd7610002, 0x0000fa6c,
+ 0x807d817d, 0x917aff6d,
+ 0x80000000, 0xd7610002,
+ 0x0000fa7a, 0x807d817d,
+ 0xd7610002, 0x0000fa6e,
+ 0x807d817d, 0xd7610002,
+ 0x0000fa6f, 0x807d817d,
+ 0xd7610002, 0x0000fa78,
+ 0x807d817d, 0xb8faf803,
+ 0xd7610002, 0x0000fa7a,
+ 0x807d817d, 0xd7610002,
+ 0x0000fa7b, 0x807d817d,
+ 0xb8f1f801, 0xd7610002,
+ 0x0000fa71, 0x807d817d,
+ 0xb8f1f814, 0xd7610002,
+ 0x0000fa71, 0x807d817d,
+ 0xb8f1f815, 0xd7610002,
+ 0x0000fa71, 0x807d817d,
+ 0xbefe00ff, 0x0000ffff,
+ 0xbeff0080, 0xe0685000,
+ 0x701d0200, 0xbefe00c1,
0xb8f03b05, 0x80708170,
0xbf0d9973, 0xbfa20002,
0x84708970, 0xbfa00001,
0x84708a70, 0xb8fa1e06,
0x847a8a7a, 0x80707a70,
- 0x8070ff70, 0x00000200,
0xbef600ff, 0x01000000,
- 0x7e000280, 0x7e020280,
- 0x7e040280, 0xbefd0080,
- 0xd7610002, 0x0000fa71,
- 0x807d817d, 0xd7610002,
- 0x0000fa6c, 0x807d817d,
- 0x917aff6d, 0x80000000,
- 0xd7610002, 0x0000fa7a,
- 0x807d817d, 0xd7610002,
- 0x0000fa6e, 0x807d817d,
- 0xd7610002, 0x0000fa6f,
- 0x807d817d, 0xd7610002,
- 0x0000fa78, 0x807d817d,
- 0xb8faf803, 0xd7610002,
- 0x0000fa7a, 0x807d817d,
- 0xd7610002, 0x0000fa7b,
- 0x807d817d, 0xb8f1f801,
- 0xd7610002, 0x0000fa71,
- 0x807d817d, 0xb8f1f814,
- 0xd7610002, 0x0000fa71,
- 0x807d817d, 0xb8f1f815,
- 0xd7610002, 0x0000fa71,
- 0x807d817d, 0xbefe00ff,
- 0x0000ffff, 0xbeff0080,
- 0xe0685000, 0x701d0200,
- 0xbefe00c1, 0xb8f03b05,
- 0x80708170, 0xbf0d9973,
- 0xbfa20002, 0x84708970,
- 0xbfa00001, 0x84708a70,
- 0xb8fa1e06, 0x847a8a7a,
- 0x80707a70, 0xbef600ff,
- 0x01000000, 0xbef90080,
- 0xbefd0080, 0xbf800000,
- 0xbe804100, 0xbe824102,
- 0xbe844104, 0xbe864106,
- 0xbe884108, 0xbe8a410a,
- 0xbe8c410c, 0xbe8e410e,
- 0xd7610002, 0x0000f200,
- 0x80798179, 0xd7610002,
- 0x0000f201, 0x80798179,
- 0xd7610002, 0x0000f202,
- 0x80798179, 0xd7610002,
- 0x0000f203, 0x80798179,
- 0xd7610002, 0x0000f204,
+ 0xbef90080, 0xbefd0080,
+ 0xbf800000, 0xbe804100,
+ 0xbe824102, 0xbe844104,
+ 0xbe864106, 0xbe884108,
+ 0xbe8a410a, 0xbe8c410c,
+ 0xbe8e410e, 0xd7610002,
+ 0x0000f200, 0x80798179,
+ 0xd7610002, 0x0000f201,
0x80798179, 0xd7610002,
- 0x0000f205, 0x80798179,
- 0xd7610002, 0x0000f206,
+ 0x0000f202, 0x80798179,
+ 0xd7610002, 0x0000f203,
0x80798179, 0xd7610002,
- 0x0000f207, 0x80798179,
- 0xd7610002, 0x0000f208,
+ 0x0000f204, 0x80798179,
+ 0xd7610002, 0x0000f205,
0x80798179, 0xd7610002,
- 0x0000f209, 0x80798179,
- 0xd7610002, 0x0000f20a,
+ 0x0000f206, 0x80798179,
+ 0xd7610002, 0x0000f207,
0x80798179, 0xd7610002,
- 0x0000f20b, 0x80798179,
- 0xd7610002, 0x0000f20c,
+ 0x0000f208, 0x80798179,
+ 0xd7610002, 0x0000f209,
0x80798179, 0xd7610002,
- 0x0000f20d, 0x80798179,
- 0xd7610002, 0x0000f20e,
+ 0x0000f20a, 0x80798179,
+ 0xd7610002, 0x0000f20b,
0x80798179, 0xd7610002,
- 0x0000f20f, 0x80798179,
- 0xbf06a079, 0xbfa10006,
- 0xe0685000, 0x701d0200,
- 0x8070ff70, 0x00000080,
- 0xbef90080, 0x7e040280,
- 0x807d907d, 0xbf0aff7d,
- 0x00000060, 0xbfa2ffbc,
- 0xbe804100, 0xbe824102,
- 0xbe844104, 0xbe864106,
- 0xbe884108, 0xbe8a410a,
- 0xd7610002, 0x0000f200,
+ 0x0000f20c, 0x80798179,
+ 0xd7610002, 0x0000f20d,
0x80798179, 0xd7610002,
- 0x0000f201, 0x80798179,
- 0xd7610002, 0x0000f202,
+ 0x0000f20e, 0x80798179,
+ 0xd7610002, 0x0000f20f,
+ 0x80798179, 0xbf06a079,
+ 0xbfa10006, 0xe0685000,
+ 0x701d0200, 0x8070ff70,
+ 0x00000080, 0xbef90080,
+ 0x7e040280, 0x807d907d,
+ 0xbf0aff7d, 0x00000060,
+ 0xbfa2ffbc, 0xbe804100,
+ 0xbe824102, 0xbe844104,
+ 0xbe864106, 0xbe884108,
+ 0xbe8a410a, 0xd7610002,
+ 0x0000f200, 0x80798179,
+ 0xd7610002, 0x0000f201,
0x80798179, 0xd7610002,
- 0x0000f203, 0x80798179,
- 0xd7610002, 0x0000f204,
+ 0x0000f202, 0x80798179,
+ 0xd7610002, 0x0000f203,
0x80798179, 0xd7610002,
- 0x0000f205, 0x80798179,
- 0xd7610002, 0x0000f206,
+ 0x0000f204, 0x80798179,
+ 0xd7610002, 0x0000f205,
0x80798179, 0xd7610002,
- 0x0000f207, 0x80798179,
- 0xd7610002, 0x0000f208,
+ 0x0000f206, 0x80798179,
+ 0xd7610002, 0x0000f207,
0x80798179, 0xd7610002,
- 0x0000f209, 0x80798179,
- 0xd7610002, 0x0000f20a,
+ 0x0000f208, 0x80798179,
+ 0xd7610002, 0x0000f209,
0x80798179, 0xd7610002,
- 0x0000f20b, 0x80798179,
- 0xe0685000, 0x701d0200,
+ 0x0000f20a, 0x80798179,
+ 0xd7610002, 0x0000f20b,
+ 0x80798179, 0xe0685000,
+ 0x701d0200, 0xbefe00c1,
+ 0x857d9973, 0x8b7d817d,
+ 0xbf06817d, 0xbfa20002,
+ 0xbeff0080, 0xbfa00001,
+ 0xbeff00c1, 0xb8fb4306,
+ 0x8b7bc17b, 0xbfa10044,
+ 0xbfbd0000, 0x8b7aff6d,
+ 0x80000000, 0xbfa10040,
+ 0x847b867b, 0x847b827b,
+ 0xbef6007b, 0xb8f03b05,
+ 0x80708170, 0xbf0d9973,
+ 0xbfa20002, 0x84708970,
+ 0xbfa00001, 0x84708a70,
+ 0xb8fa1e06, 0x847a8a7a,
+ 0x80707a70, 0x8070ff70,
+ 0x00000200, 0x8070ff70,
+ 0x00000080, 0xbef600ff,
+ 0x01000000, 0xd71f0000,
+ 0x000100c1, 0xd7200000,
+ 0x000200c1, 0x16000084,
+ 0x857d9973, 0x8b7d817d,
+ 0xbf06817d, 0xbefd0080,
+ 0xbfa20012, 0xbe8300ff,
+ 0x00000080, 0xbf800000,
+ 0xbf800000, 0xbf800000,
+ 0xd8d80000, 0x01000000,
+ 0xbf890000, 0xe0685000,
+ 0x701d0100, 0x807d037d,
+ 0x80700370, 0xd5250000,
+ 0x0001ff00, 0x00000080,
+ 0xbf0a7b7d, 0xbfa2fff4,
+ 0xbfa00011, 0xbe8300ff,
+ 0x00000100, 0xbf800000,
+ 0xbf800000, 0xbf800000,
+ 0xd8d80000, 0x01000000,
+ 0xbf890000, 0xe0685000,
+ 0x701d0100, 0x807d037d,
+ 0x80700370, 0xd5250000,
+ 0x0001ff00, 0x00000100,
+ 0xbf0a7b7d, 0xbfa2fff4,
0xbefe00c1, 0x857d9973,
0x8b7d817d, 0xbf06817d,
- 0xbfa20002, 0xbeff0080,
- 0xbfa00001, 0xbeff00c1,
- 0xb8fb4306, 0x8b7bc17b,
- 0xbfa10044, 0xbfbd0000,
- 0x8b7aff6d, 0x80000000,
- 0xbfa10040, 0x847b867b,
- 0x847b827b, 0xbef6007b,
- 0xb8f03b05, 0x80708170,
- 0xbf0d9973, 0xbfa20002,
- 0x84708970, 0xbfa00001,
- 0x84708a70, 0xb8fa1e06,
- 0x847a8a7a, 0x80707a70,
- 0x8070ff70, 0x00000200,
- 0x8070ff70, 0x00000080,
- 0xbef600ff, 0x01000000,
- 0xd71f0000, 0x000100c1,
- 0xd7200000, 0x000200c1,
- 0x16000084, 0x857d9973,
+ 0xbfa20004, 0xbef000ff,
+ 0x00000200, 0xbeff0080,
+ 0xbfa00003, 0xbef000ff,
+ 0x00000400, 0xbeff00c1,
+ 0xb8fb3b05, 0x807b817b,
+ 0x847b827b, 0x857d9973,
0x8b7d817d, 0xbf06817d,
- 0xbefd0080, 0xbfa20012,
- 0xbe8300ff, 0x00000080,
- 0xbf800000, 0xbf800000,
- 0xbf800000, 0xd8d80000,
- 0x01000000, 0xbf890000,
- 0xe0685000, 0x701d0100,
- 0x807d037d, 0x80700370,
- 0xd5250000, 0x0001ff00,
- 0x00000080, 0xbf0a7b7d,
- 0xbfa2fff4, 0xbfa00011,
- 0xbe8300ff, 0x00000100,
- 0xbf800000, 0xbf800000,
- 0xbf800000, 0xd8d80000,
- 0x01000000, 0xbf890000,
- 0xe0685000, 0x701d0100,
- 0x807d037d, 0x80700370,
- 0xd5250000, 0x0001ff00,
- 0x00000100, 0xbf0a7b7d,
- 0xbfa2fff4, 0xbefe00c1,
- 0x857d9973, 0x8b7d817d,
- 0xbf06817d, 0xbfa20004,
- 0xbef000ff, 0x00000200,
- 0xbeff0080, 0xbfa00003,
- 0xbef000ff, 0x00000400,
- 0xbeff00c1, 0xb8fb3b05,
- 0x807b817b, 0x847b827b,
- 0x857d9973, 0x8b7d817d,
- 0xbf06817d, 0xbfa20017,
+ 0xbfa20017, 0xbef600ff,
+ 0x01000000, 0xbefd0084,
+ 0xbf0a7b7d, 0xbfa10037,
+ 0x7e008700, 0x7e028701,
+ 0x7e048702, 0x7e068703,
+ 0xe0685000, 0x701d0000,
+ 0xe0685080, 0x701d0100,
+ 0xe0685100, 0x701d0200,
+ 0xe0685180, 0x701d0300,
+ 0x807d847d, 0x8070ff70,
+ 0x00000200, 0xbf0a7b7d,
+ 0xbfa2ffef, 0xbfa00025,
0xbef600ff, 0x01000000,
0xbefd0084, 0xbf0a7b7d,
- 0xbfa10037, 0x7e008700,
+ 0xbfa10011, 0x7e008700,
0x7e028701, 0x7e048702,
0x7e068703, 0xe0685000,
- 0x701d0000, 0xe0685080,
- 0x701d0100, 0xe0685100,
- 0x701d0200, 0xe0685180,
+ 0x701d0000, 0xe0685100,
+ 0x701d0100, 0xe0685200,
+ 0x701d0200, 0xe0685300,
0x701d0300, 0x807d847d,
- 0x8070ff70, 0x00000200,
+ 0x8070ff70, 0x00000400,
0xbf0a7b7d, 0xbfa2ffef,
- 0xbfa00025, 0xbef600ff,
- 0x01000000, 0xbefd0084,
- 0xbf0a7b7d, 0xbfa10011,
- 0x7e008700, 0x7e028701,
- 0x7e048702, 0x7e068703,
+ 0xb8fb1e06, 0x8b7bc17b,
+ 0xbfa1000c, 0x847b837b,
+ 0x807b7d7b, 0xbefe00c1,
+ 0xbeff0080, 0x7e008700,
0xe0685000, 0x701d0000,
- 0xe0685100, 0x701d0100,
- 0xe0685200, 0x701d0200,
- 0xe0685300, 0x701d0300,
- 0x807d847d, 0x8070ff70,
- 0x00000400, 0xbf0a7b7d,
- 0xbfa2ffef, 0xb8fb1e06,
- 0x8b7bc17b, 0xbfa1000c,
- 0x847b837b, 0x807b7d7b,
- 0xbefe00c1, 0xbeff0080,
- 0x7e008700, 0xe0685000,
- 0x701d0000, 0x807d817d,
- 0x8070ff70, 0x00000080,
- 0xbf0a7b7d, 0xbfa2fff8,
- 0xbfa00141, 0xbef4007e,
- 0x8b75ff7f, 0x0000ffff,
- 0x8c75ff75, 0x00040000,
- 0xbef60080, 0xbef700ff,
- 0x10807fac, 0xb8f202dc,
- 0x84729972, 0x8b6eff7f,
- 0x04000000, 0xbfa1003a,
+ 0x807d817d, 0x8070ff70,
+ 0x00000080, 0xbf0a7b7d,
+ 0xbfa2fff8, 0xbfa00146,
+ 0xbef4007e, 0x8b75ff7f,
+ 0x0000ffff, 0x8c75ff75,
+ 0x00040000, 0xbef60080,
+ 0xbef700ff, 0x10807fac,
+ 0xb8f202dc, 0x84729972,
+ 0x8b6eff7f, 0x04000000,
+ 0xbfa1003a, 0xbefe00c1,
+ 0x857d9972, 0x8b7d817d,
+ 0xbf06817d, 0xbfa20002,
+ 0xbeff0080, 0xbfa00001,
+ 0xbeff00c1, 0xb8ef4306,
+ 0x8b6fc16f, 0xbfa1002f,
+ 0x846f866f, 0x846f826f,
+ 0xbef6006f, 0xb8f83b05,
+ 0x80788178, 0xbf0d9972,
+ 0xbfa20002, 0x84788978,
+ 0xbfa00001, 0x84788a78,
+ 0xb8ee1e06, 0x846e8a6e,
+ 0x80786e78, 0x8078ff78,
+ 0x00000200, 0x8078ff78,
+ 0x00000080, 0xbef600ff,
+ 0x01000000, 0x857d9972,
+ 0x8b7d817d, 0xbf06817d,
+ 0xbefd0080, 0xbfa2000c,
+ 0xe0500000, 0x781d0000,
+ 0xbf8903f7, 0xdac00000,
+ 0x00000000, 0x807dff7d,
+ 0x00000080, 0x8078ff78,
+ 0x00000080, 0xbf0a6f7d,
+ 0xbfa2fff5, 0xbfa0000b,
+ 0xe0500000, 0x781d0000,
+ 0xbf8903f7, 0xdac00000,
+ 0x00000000, 0x807dff7d,
+ 0x00000100, 0x8078ff78,
+ 0x00000100, 0xbf0a6f7d,
+ 0xbfa2fff5, 0xbef80080,
0xbefe00c1, 0x857d9972,
0x8b7d817d, 0xbf06817d,
0xbfa20002, 0xbeff0080,
0xbfa00001, 0xbeff00c1,
- 0xb8ef4306, 0x8b6fc16f,
- 0xbfa1002f, 0x846f866f,
- 0x846f826f, 0xbef6006f,
- 0xb8f83b05, 0x80788178,
- 0xbf0d9972, 0xbfa20002,
- 0x84788978, 0xbfa00001,
- 0x84788a78, 0xb8ee1e06,
- 0x846e8a6e, 0x80786e78,
+ 0xb8ef3b05, 0x806f816f,
+ 0x846f826f, 0x857d9972,
+ 0x8b7d817d, 0xbf06817d,
+ 0xbfa20024, 0xbef600ff,
+ 0x01000000, 0xbeee0078,
0x8078ff78, 0x00000200,
- 0x8078ff78, 0x00000080,
- 0xbef600ff, 0x01000000,
- 0x857d9972, 0x8b7d817d,
- 0xbf06817d, 0xbefd0080,
- 0xbfa2000c, 0xe0500000,
- 0x781d0000, 0xbf8903f7,
- 0xdac00000, 0x00000000,
- 0x807dff7d, 0x00000080,
- 0x8078ff78, 0x00000080,
- 0xbf0a6f7d, 0xbfa2fff5,
- 0xbfa0000b, 0xe0500000,
- 0x781d0000, 0xbf8903f7,
- 0xdac00000, 0x00000000,
- 0x807dff7d, 0x00000100,
- 0x8078ff78, 0x00000100,
- 0xbf0a6f7d, 0xbfa2fff5,
- 0xbef80080, 0xbefe00c1,
- 0x857d9972, 0x8b7d817d,
- 0xbf06817d, 0xbfa20002,
- 0xbeff0080, 0xbfa00001,
- 0xbeff00c1, 0xb8ef3b05,
- 0x806f816f, 0x846f826f,
- 0x857d9972, 0x8b7d817d,
- 0xbf06817d, 0xbfa20024,
- 0xbef600ff, 0x01000000,
- 0xbeee0078, 0x8078ff78,
- 0x00000200, 0xbefd0084,
- 0xbf0a6f7d, 0xbfa10050,
+ 0xbefd0084, 0xbf0a6f7d,
+ 0xbfa10050, 0xe0505000,
+ 0x781d0000, 0xe0505080,
+ 0x781d0100, 0xe0505100,
+ 0x781d0200, 0xe0505180,
+ 0x781d0300, 0xbf8903f7,
+ 0x7e008500, 0x7e028501,
+ 0x7e048502, 0x7e068503,
+ 0x807d847d, 0x8078ff78,
+ 0x00000200, 0xbf0a6f7d,
+ 0xbfa2ffee, 0xe0505000,
+ 0x6e1d0000, 0xe0505080,
+ 0x6e1d0100, 0xe0505100,
+ 0x6e1d0200, 0xe0505180,
+ 0x6e1d0300, 0xbf8903f7,
+ 0xbfa00034, 0xbef600ff,
+ 0x01000000, 0xbeee0078,
+ 0x8078ff78, 0x00000400,
+ 0xbefd0084, 0xbf0a6f7d,
+ 0xbfa10012, 0xe0505000,
+ 0x781d0000, 0xe0505100,
+ 0x781d0100, 0xe0505200,
+ 0x781d0200, 0xe0505300,
+ 0x781d0300, 0xbf8903f7,
+ 0x7e008500, 0x7e028501,
+ 0x7e048502, 0x7e068503,
+ 0x807d847d, 0x8078ff78,
+ 0x00000400, 0xbf0a6f7d,
+ 0xbfa2ffee, 0xb8ef1e06,
+ 0x8b6fc16f, 0xbfa1000e,
+ 0x846f836f, 0x806f7d6f,
+ 0xbefe00c1, 0xbeff0080,
0xe0505000, 0x781d0000,
- 0xe0505080, 0x781d0100,
- 0xe0505100, 0x781d0200,
- 0xe0505180, 0x781d0300,
0xbf8903f7, 0x7e008500,
- 0x7e028501, 0x7e048502,
- 0x7e068503, 0x807d847d,
- 0x8078ff78, 0x00000200,
- 0xbf0a6f7d, 0xbfa2ffee,
+ 0x807d817d, 0x8078ff78,
+ 0x00000080, 0xbf0a6f7d,
+ 0xbfa2fff7, 0xbeff00c1,
0xe0505000, 0x6e1d0000,
- 0xe0505080, 0x6e1d0100,
- 0xe0505100, 0x6e1d0200,
- 0xe0505180, 0x6e1d0300,
- 0xbf8903f7, 0xbfa00034,
- 0xbef600ff, 0x01000000,
- 0xbeee0078, 0x8078ff78,
- 0x00000400, 0xbefd0084,
- 0xbf0a6f7d, 0xbfa10012,
- 0xe0505000, 0x781d0000,
- 0xe0505100, 0x781d0100,
- 0xe0505200, 0x781d0200,
- 0xe0505300, 0x781d0300,
- 0xbf8903f7, 0x7e008500,
- 0x7e028501, 0x7e048502,
- 0x7e068503, 0x807d847d,
- 0x8078ff78, 0x00000400,
- 0xbf0a6f7d, 0xbfa2ffee,
- 0xb8ef1e06, 0x8b6fc16f,
- 0xbfa1000e, 0x846f836f,
- 0x806f7d6f, 0xbefe00c1,
- 0xbeff0080, 0xe0505000,
- 0x781d0000, 0xbf8903f7,
- 0x7e008500, 0x807d817d,
- 0x8078ff78, 0x00000080,
- 0xbf0a6f7d, 0xbfa2fff7,
- 0xbeff00c1, 0xe0505000,
- 0x6e1d0000, 0xe0505100,
- 0x6e1d0100, 0xe0505200,
- 0x6e1d0200, 0xe0505300,
- 0x6e1d0300, 0xbf8903f7,
+ 0xe0505100, 0x6e1d0100,
+ 0xe0505200, 0x6e1d0200,
+ 0xe0505300, 0x6e1d0300,
+ 0xbf8903f7, 0xb8f83b05,
+ 0x80788178, 0xbf0d9972,
+ 0xbfa20002, 0x84788978,
+ 0xbfa00001, 0x84788a78,
+ 0xb8ee1e06, 0x846e8a6e,
+ 0x80786e78, 0x8078ff78,
+ 0x00000200, 0x80f8ff78,
+ 0x00000050, 0xbef600ff,
+ 0x01000000, 0xbefd00ff,
+ 0x0000006c, 0x80f89078,
+ 0xf428403a, 0xf0000000,
+ 0xbf89fc07, 0x80fd847d,
+ 0xbf800000, 0xbe804300,
+ 0xbe824302, 0x80f8a078,
+ 0xf42c403a, 0xf0000000,
+ 0xbf89fc07, 0x80fd887d,
+ 0xbf800000, 0xbe804300,
+ 0xbe824302, 0xbe844304,
+ 0xbe864306, 0x80f8c078,
+ 0xf430403a, 0xf0000000,
+ 0xbf89fc07, 0x80fd907d,
+ 0xbf800000, 0xbe804300,
+ 0xbe824302, 0xbe844304,
+ 0xbe864306, 0xbe884308,
+ 0xbe8a430a, 0xbe8c430c,
+ 0xbe8e430e, 0xbf06807d,
+ 0xbfa1fff0, 0xb980f801,
+ 0x00000000, 0xbfbd0000,
0xb8f83b05, 0x80788178,
0xbf0d9972, 0xbfa20002,
0x84788978, 0xbfa00001,
0x84788a78, 0xb8ee1e06,
0x846e8a6e, 0x80786e78,
0x8078ff78, 0x00000200,
- 0x80f8ff78, 0x00000050,
0xbef600ff, 0x01000000,
- 0xbefd00ff, 0x0000006c,
- 0x80f89078, 0xf428403a,
- 0xf0000000, 0xbf89fc07,
- 0x80fd847d, 0xbf800000,
- 0xbe804300, 0xbe824302,
- 0x80f8a078, 0xf42c403a,
- 0xf0000000, 0xbf89fc07,
- 0x80fd887d, 0xbf800000,
- 0xbe804300, 0xbe824302,
- 0xbe844304, 0xbe864306,
- 0x80f8c078, 0xf430403a,
- 0xf0000000, 0xbf89fc07,
- 0x80fd907d, 0xbf800000,
- 0xbe804300, 0xbe824302,
- 0xbe844304, 0xbe864306,
- 0xbe884308, 0xbe8a430a,
- 0xbe8c430c, 0xbe8e430e,
- 0xbf06807d, 0xbfa1fff0,
- 0xb980f801, 0x00000000,
- 0xbfbd0000, 0xb8f83b05,
- 0x80788178, 0xbf0d9972,
- 0xbfa20002, 0x84788978,
- 0xbfa00001, 0x84788a78,
- 0xb8ee1e06, 0x846e8a6e,
- 0x80786e78, 0x8078ff78,
- 0x00000200, 0xbef600ff,
- 0x01000000, 0xf4205bfa,
+ 0xf4205bfa, 0xf0000000,
+ 0x80788478, 0xf4205b3a,
0xf0000000, 0x80788478,
- 0xf4205b3a, 0xf0000000,
- 0x80788478, 0xf4205b7a,
+ 0xf4205b7a, 0xf0000000,
+ 0x80788478, 0xf4205c3a,
0xf0000000, 0x80788478,
- 0xf4205c3a, 0xf0000000,
- 0x80788478, 0xf4205c7a,
+ 0xf4205c7a, 0xf0000000,
+ 0x80788478, 0xf4205eba,
0xf0000000, 0x80788478,
- 0xf4205eba, 0xf0000000,
- 0x80788478, 0xf4205efa,
+ 0xf4205efa, 0xf0000000,
+ 0x80788478, 0xf4205e7a,
0xf0000000, 0x80788478,
- 0xf4205e7a, 0xf0000000,
- 0x80788478, 0xf4205cfa,
+ 0xf4205cfa, 0xf0000000,
+ 0x80788478, 0xf4205bba,
0xf0000000, 0x80788478,
+ 0xbf89fc07, 0xb96ef814,
0xf4205bba, 0xf0000000,
0x80788478, 0xbf89fc07,
- 0xb96ef814, 0xf4205bba,
- 0xf0000000, 0x80788478,
- 0xbf89fc07, 0xb96ef815,
- 0xbefd006f, 0xbefe0070,
- 0xbeff0071, 0x8b6f7bff,
- 0x000003ff, 0xb96f4803,
- 0x8b6f7bff, 0xfffff800,
- 0x856f8b6f, 0xb96fa2c3,
- 0xb973f801, 0xb8ee3b05,
- 0x806e816e, 0xbf0d9972,
- 0xbfa20002, 0x846e896e,
- 0xbfa00001, 0x846e8a6e,
- 0xb8ef1e06, 0x846f8a6f,
- 0x806e6f6e, 0x806eff6e,
- 0x00000200, 0x806e746e,
- 0x826f8075, 0x8b6fff6f,
- 0x0000ffff, 0xf4085c37,
- 0xf8000050, 0xf4085d37,
- 0xf8000060, 0xf4005e77,
- 0xf8000074, 0xbf89fc07,
- 0x8b6dff6d, 0x0000ffff,
- 0x8bfe7e7e, 0x8bea6a6a,
+ 0xb96ef815, 0xbefd006f,
+ 0xbefe0070, 0xbeff0071,
+ 0x8b6f7bff, 0x000003ff,
+ 0xb96f4803, 0x8b6f7bff,
+ 0xfffff800, 0x856f8b6f,
+ 0xb96fa2c3, 0xb973f801,
+ 0xb8ee3b05, 0x806e816e,
+ 0xbf0d9972, 0xbfa20002,
+ 0x846e896e, 0xbfa00001,
+ 0x846e8a6e, 0xb8ef1e06,
+ 0x846f8a6f, 0x806e6f6e,
+ 0x806eff6e, 0x00000200,
+ 0x806e746e, 0x826f8075,
+ 0x8b6fff6f, 0x0000ffff,
+ 0xf4085c37, 0xf8000050,
+ 0xf4085d37, 0xf8000060,
+ 0xf4005e77, 0xf8000074,
+ 0xbf89fc07, 0x8b6dff6d,
+ 0x0000ffff, 0x8bfe7e7e,
+ 0x8bea6a6a, 0xb8eef802,
+ 0xbf0d866e, 0xbfa20002,
+ 0xb97af802, 0xbe80486c,
0xb97af802, 0xbe804a6c,
0xbfb00000, 0xbf9f0000,
0xbf9f0000, 0xbf9f0000,
diff --git a/drivers/gpu/drm/amd/amdkfd/cwsr_trap_handler_gfx10.asm b/drivers/gpu/drm/amd/amdkfd/cwsr_trap_handler_gfx10.asm
index 250ab007399b..0f81670f6f9c 100644
--- a/drivers/gpu/drm/amd/amdkfd/cwsr_trap_handler_gfx10.asm
+++ b/drivers/gpu/drm/amd/amdkfd/cwsr_trap_handler_gfx10.asm
@@ -43,12 +43,14 @@
#define HAVE_XNACK (ASIC_FAMILY < CHIP_SIENNA_CICHLID)
#define HAVE_SENDMSG_RTN (ASIC_FAMILY >= CHIP_PLUM_BONITO)
#define HAVE_BUFFER_LDS_LOAD (ASIC_FAMILY < CHIP_PLUM_BONITO)
+#define SW_SA_TRAP (ASIC_FAMILY >= CHIP_PLUM_BONITO)
var SINGLE_STEP_MISSED_WORKAROUND = 1 //workaround for lost MODE.DEBUG_EN exception when SAVECTX raised
var SQ_WAVE_STATUS_SPI_PRIO_MASK = 0x00000006
var SQ_WAVE_STATUS_HALT_MASK = 0x2000
var SQ_WAVE_STATUS_ECC_ERR_MASK = 0x20000
+var SQ_WAVE_STATUS_TRAP_EN_SHIFT = 6
var SQ_WAVE_LDS_ALLOC_LDS_SIZE_SHIFT = 12
var SQ_WAVE_LDS_ALLOC_LDS_SIZE_SIZE = 9
@@ -183,6 +185,13 @@ L_SKIP_RESTORE:
s_getreg_b32 s_save_trapsts, hwreg(HW_REG_TRAPSTS)
+#if SW_SA_TRAP
+ // If ttmp1[31] is set then trap may occur early.
+ // Spin wait until SAVECTX exception is raised.
+ s_bitcmp1_b32 s_save_pc_hi, 31
+ s_cbranch_scc1 L_CHECK_SAVE
+#endif
+
s_and_b32 ttmp2, s_save_status, SQ_WAVE_STATUS_HALT_MASK
s_cbranch_scc0 L_NOT_HALTED
@@ -1061,8 +1070,20 @@ L_RESTORE_HWREG:
s_and_b32 s_restore_pc_hi, s_restore_pc_hi, 0x0000ffff //pc[47:32] //Do it here in order not to affect STATUS
s_and_b64 exec, exec, exec // Restore STATUS.EXECZ, not writable by s_setreg_b32
s_and_b64 vcc, vcc, vcc // Restore STATUS.VCCZ, not writable by s_setreg_b32
+
+#if SW_SA_TRAP
+ // If traps are enabled then return to the shader with PRIV=0.
+ // Otherwise retain PRIV=1 for subsequent context save requests.
+ s_getreg_b32 s_restore_tmp, hwreg(HW_REG_STATUS)
+ s_bitcmp1_b32 s_restore_tmp, SQ_WAVE_STATUS_TRAP_EN_SHIFT
+ s_cbranch_scc1 L_RETURN_WITHOUT_PRIV
+
s_setreg_b32 hwreg(HW_REG_STATUS), s_restore_status // SCC is included, which is changed by previous salu
+ s_setpc_b64 [s_restore_pc_lo, s_restore_pc_hi]
+L_RETURN_WITHOUT_PRIV:
+#endif
+ s_setreg_b32 hwreg(HW_REG_STATUS), s_restore_status // SCC is included, which is changed by previous salu
s_rfe_b64 s_restore_pc_lo //Return to the main shader program and resume execution
L_END_PGM:
--
2.35.1
^ permalink raw reply related [flat|nested] 305+ messages in thread
* [PATCH 6.0 187/289] drm/amdkfd: update GFX11 CWSR trap handler
2022-11-30 18:19 [PATCH 6.0 000/289] 6.0.11-rc1 review Greg Kroah-Hartman
` (185 preceding siblings ...)
2022-11-30 18:22 ` [PATCH 6.0 186/289] drm/amdgpu: Enable SA software trap Greg Kroah-Hartman
@ 2022-11-30 18:22 ` Greg Kroah-Hartman
2022-11-30 18:22 ` [PATCH 6.0 188/289] drm/amd/display: Added debug option for forcing subvp num ways Greg Kroah-Hartman
` (111 subsequent siblings)
298 siblings, 0 replies; 305+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-30 18:22 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Jay Cornwall, Graham Sider,
Harish Kasiviswanathan, Felix Kuehling, Alex Deucher,
Sasha Levin
From: Jay Cornwall <jay.cornwall@amd.com>
[ Upstream commit 6640f8e5adb69a0550fe1d224d3ac64c10f00eef ]
With corresponding FW change fixes issue where triggering CWSR on a
workgroup with waves in s_barrier wouldn't lead to a back-off and
therefore cause a hang.
Signed-off-by: Jay Cornwall <jay.cornwall@amd.com>
Tested-by: Graham Sider <Graham.Sider@amd.com>
Acked-by: Harish Kasiviswanathan <Harish.Kasiviswanathan@amd.com>
Acked-by: Felix Kuehling <Felix.Kuehling@amd.com>
Reviewed-by: Graham Sider <Graham.Sider@amd.com>
Signed-off-by: Alex Deucher <alexander.deucher@amd.com>
Cc: stable@vger.kernel.org # 6.0.x
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
.../gpu/drm/amd/amdkfd/cwsr_trap_handler.h | 764 +++++++++---------
.../amd/amdkfd/cwsr_trap_handler_gfx10.asm | 6 +
2 files changed, 389 insertions(+), 381 deletions(-)
diff --git a/drivers/gpu/drm/amd/amdkfd/cwsr_trap_handler.h b/drivers/gpu/drm/amd/amdkfd/cwsr_trap_handler.h
index c7118843db05..0c4c5499bb5c 100644
--- a/drivers/gpu/drm/amd/amdkfd/cwsr_trap_handler.h
+++ b/drivers/gpu/drm/amd/amdkfd/cwsr_trap_handler.h
@@ -2495,442 +2495,444 @@ static const uint32_t cwsr_trap_gfx10_hex[] = {
0xbf9f0000, 0x00000000,
};
static const uint32_t cwsr_trap_gfx11_hex[] = {
- 0xbfa00001, 0xbfa0021e,
+ 0xbfa00001, 0xbfa00221,
0xb0804006, 0xb8f8f802,
0x9178ff78, 0x00020006,
- 0xb8fbf803, 0xbf0d9f6d,
- 0xbfa20006, 0x8b6eff78,
- 0x00002000, 0xbfa10009,
- 0x8b6eff6d, 0x00ff0000,
- 0xbfa2001e, 0x8b6eff7b,
- 0x00000400, 0xbfa20041,
- 0xbf830010, 0xb8fbf803,
- 0xbfa0fffa, 0x8b6eff7b,
- 0x00000900, 0xbfa20015,
- 0x8b6eff7b, 0x000071ff,
- 0xbfa10008, 0x8b6fff7b,
- 0x00007080, 0xbfa10001,
- 0xbeee1287, 0xb8eff801,
- 0x846e8c6e, 0x8b6e6f6e,
- 0xbfa2000a, 0x8b6eff6d,
- 0x00ff0000, 0xbfa20007,
- 0xb8eef801, 0x8b6eff6e,
- 0x00000800, 0xbfa20003,
+ 0xb8fbf803, 0xbf0d9e6d,
+ 0xbfa10001, 0xbfbd0000,
+ 0xbf0d9f6d, 0xbfa20006,
+ 0x8b6eff78, 0x00002000,
+ 0xbfa10009, 0x8b6eff6d,
+ 0x00ff0000, 0xbfa2001e,
0x8b6eff7b, 0x00000400,
- 0xbfa20026, 0xbefa4d82,
- 0xbf89fc07, 0x84fa887a,
- 0xf4005bbd, 0xf8000010,
- 0xbf89fc07, 0x846e976e,
- 0x9177ff77, 0x00800000,
- 0x8c776e77, 0xf4045bbd,
- 0xf8000000, 0xbf89fc07,
- 0xf4045ebd, 0xf8000008,
- 0xbf89fc07, 0x8bee6e6e,
- 0xbfa10001, 0xbe80486e,
- 0x8b6eff6d, 0x01ff0000,
- 0xbfa20005, 0x8c78ff78,
- 0x00002000, 0x80ec886c,
- 0x82ed806d, 0xbfa00005,
- 0x8b6eff6d, 0x01000000,
- 0xbfa20002, 0x806c846c,
- 0x826d806d, 0x8b6dff6d,
- 0x0000ffff, 0x8bfe7e7e,
- 0x8bea6a6a, 0xb978f802,
- 0xbe804a6c, 0x8b6dff6d,
- 0x0000ffff, 0xbefa0080,
- 0xb97a0283, 0xbeee007e,
- 0xbeef007f, 0xbefe0180,
- 0xbefe4d84, 0xbf89fc07,
- 0x8b7aff7f, 0x04000000,
- 0x847a857a, 0x8c6d7a6d,
- 0xbefa007e, 0x8b7bff7f,
- 0x0000ffff, 0xbefe00c1,
- 0xbeff00c1, 0xdca6c000,
- 0x007a0000, 0x7e000280,
- 0xbefe007a, 0xbeff007b,
- 0xb8fb02dc, 0x847b997b,
- 0xb8fa3b05, 0x807a817a,
- 0xbf0d997b, 0xbfa20002,
- 0x847a897a, 0xbfa00001,
- 0x847a8a7a, 0xb8fb1e06,
- 0x847b8a7b, 0x807a7b7a,
+ 0xbfa20041, 0xbf830010,
+ 0xb8fbf803, 0xbfa0fffa,
+ 0x8b6eff7b, 0x00000900,
+ 0xbfa20015, 0x8b6eff7b,
+ 0x000071ff, 0xbfa10008,
+ 0x8b6fff7b, 0x00007080,
+ 0xbfa10001, 0xbeee1287,
+ 0xb8eff801, 0x846e8c6e,
+ 0x8b6e6f6e, 0xbfa2000a,
+ 0x8b6eff6d, 0x00ff0000,
+ 0xbfa20007, 0xb8eef801,
+ 0x8b6eff6e, 0x00000800,
+ 0xbfa20003, 0x8b6eff7b,
+ 0x00000400, 0xbfa20026,
+ 0xbefa4d82, 0xbf89fc07,
+ 0x84fa887a, 0xf4005bbd,
+ 0xf8000010, 0xbf89fc07,
+ 0x846e976e, 0x9177ff77,
+ 0x00800000, 0x8c776e77,
+ 0xf4045bbd, 0xf8000000,
+ 0xbf89fc07, 0xf4045ebd,
+ 0xf8000008, 0xbf89fc07,
+ 0x8bee6e6e, 0xbfa10001,
+ 0xbe80486e, 0x8b6eff6d,
+ 0x01ff0000, 0xbfa20005,
+ 0x8c78ff78, 0x00002000,
+ 0x80ec886c, 0x82ed806d,
+ 0xbfa00005, 0x8b6eff6d,
+ 0x01000000, 0xbfa20002,
+ 0x806c846c, 0x826d806d,
+ 0x8b6dff6d, 0x0000ffff,
+ 0x8bfe7e7e, 0x8bea6a6a,
+ 0xb978f802, 0xbe804a6c,
+ 0x8b6dff6d, 0x0000ffff,
+ 0xbefa0080, 0xb97a0283,
+ 0xbeee007e, 0xbeef007f,
+ 0xbefe0180, 0xbefe4d84,
+ 0xbf89fc07, 0x8b7aff7f,
+ 0x04000000, 0x847a857a,
+ 0x8c6d7a6d, 0xbefa007e,
0x8b7bff7f, 0x0000ffff,
- 0x807aff7a, 0x00000200,
- 0x807a7e7a, 0x827b807b,
- 0xd7610000, 0x00010870,
- 0xd7610000, 0x00010a71,
- 0xd7610000, 0x00010c72,
- 0xd7610000, 0x00010e73,
- 0xd7610000, 0x00011074,
- 0xd7610000, 0x00011275,
- 0xd7610000, 0x00011476,
- 0xd7610000, 0x00011677,
- 0xd7610000, 0x00011a79,
- 0xd7610000, 0x00011c7e,
- 0xd7610000, 0x00011e7f,
- 0xbefe00ff, 0x00003fff,
- 0xbeff0080, 0xdca6c040,
- 0x007a0000, 0xd760007a,
- 0x00011d00, 0xd760007b,
- 0x00011f00, 0xbefe007a,
- 0xbeff007b, 0xbef4007e,
- 0x8b75ff7f, 0x0000ffff,
- 0x8c75ff75, 0x00040000,
- 0xbef60080, 0xbef700ff,
- 0x10807fac, 0xbef1007d,
- 0xbef00080, 0xb8f302dc,
- 0x84739973, 0xbefe00c1,
- 0x857d9973, 0x8b7d817d,
- 0xbf06817d, 0xbfa20002,
- 0xbeff0080, 0xbfa00002,
- 0xbeff00c1, 0xbfa00009,
+ 0xbefe00c1, 0xbeff00c1,
+ 0xdca6c000, 0x007a0000,
+ 0x7e000280, 0xbefe007a,
+ 0xbeff007b, 0xb8fb02dc,
+ 0x847b997b, 0xb8fa3b05,
+ 0x807a817a, 0xbf0d997b,
+ 0xbfa20002, 0x847a897a,
+ 0xbfa00001, 0x847a8a7a,
+ 0xb8fb1e06, 0x847b8a7b,
+ 0x807a7b7a, 0x8b7bff7f,
+ 0x0000ffff, 0x807aff7a,
+ 0x00000200, 0x807a7e7a,
+ 0x827b807b, 0xd7610000,
+ 0x00010870, 0xd7610000,
+ 0x00010a71, 0xd7610000,
+ 0x00010c72, 0xd7610000,
+ 0x00010e73, 0xd7610000,
+ 0x00011074, 0xd7610000,
+ 0x00011275, 0xd7610000,
+ 0x00011476, 0xd7610000,
+ 0x00011677, 0xd7610000,
+ 0x00011a79, 0xd7610000,
+ 0x00011c7e, 0xd7610000,
+ 0x00011e7f, 0xbefe00ff,
+ 0x00003fff, 0xbeff0080,
+ 0xdca6c040, 0x007a0000,
+ 0xd760007a, 0x00011d00,
+ 0xd760007b, 0x00011f00,
+ 0xbefe007a, 0xbeff007b,
+ 0xbef4007e, 0x8b75ff7f,
+ 0x0000ffff, 0x8c75ff75,
+ 0x00040000, 0xbef60080,
+ 0xbef700ff, 0x10807fac,
+ 0xbef1007d, 0xbef00080,
+ 0xb8f302dc, 0x84739973,
+ 0xbefe00c1, 0x857d9973,
+ 0x8b7d817d, 0xbf06817d,
+ 0xbfa20002, 0xbeff0080,
+ 0xbfa00002, 0xbeff00c1,
+ 0xbfa00009, 0xbef600ff,
+ 0x01000000, 0xe0685080,
+ 0x701d0100, 0xe0685100,
+ 0x701d0200, 0xe0685180,
+ 0x701d0300, 0xbfa00008,
0xbef600ff, 0x01000000,
- 0xe0685080, 0x701d0100,
- 0xe0685100, 0x701d0200,
- 0xe0685180, 0x701d0300,
- 0xbfa00008, 0xbef600ff,
- 0x01000000, 0xe0685100,
- 0x701d0100, 0xe0685200,
- 0x701d0200, 0xe0685300,
- 0x701d0300, 0xb8f03b05,
- 0x80708170, 0xbf0d9973,
- 0xbfa20002, 0x84708970,
- 0xbfa00001, 0x84708a70,
- 0xb8fa1e06, 0x847a8a7a,
- 0x80707a70, 0x8070ff70,
- 0x00000200, 0xbef600ff,
- 0x01000000, 0x7e000280,
- 0x7e020280, 0x7e040280,
- 0xbefd0080, 0xd7610002,
- 0x0000fa71, 0x807d817d,
- 0xd7610002, 0x0000fa6c,
- 0x807d817d, 0x917aff6d,
- 0x80000000, 0xd7610002,
- 0x0000fa7a, 0x807d817d,
- 0xd7610002, 0x0000fa6e,
- 0x807d817d, 0xd7610002,
- 0x0000fa6f, 0x807d817d,
- 0xd7610002, 0x0000fa78,
- 0x807d817d, 0xb8faf803,
- 0xd7610002, 0x0000fa7a,
- 0x807d817d, 0xd7610002,
- 0x0000fa7b, 0x807d817d,
- 0xb8f1f801, 0xd7610002,
- 0x0000fa71, 0x807d817d,
- 0xb8f1f814, 0xd7610002,
- 0x0000fa71, 0x807d817d,
- 0xb8f1f815, 0xd7610002,
- 0x0000fa71, 0x807d817d,
- 0xbefe00ff, 0x0000ffff,
- 0xbeff0080, 0xe0685000,
- 0x701d0200, 0xbefe00c1,
+ 0xe0685100, 0x701d0100,
+ 0xe0685200, 0x701d0200,
+ 0xe0685300, 0x701d0300,
0xb8f03b05, 0x80708170,
0xbf0d9973, 0xbfa20002,
0x84708970, 0xbfa00001,
0x84708a70, 0xb8fa1e06,
0x847a8a7a, 0x80707a70,
+ 0x8070ff70, 0x00000200,
0xbef600ff, 0x01000000,
- 0xbef90080, 0xbefd0080,
- 0xbf800000, 0xbe804100,
- 0xbe824102, 0xbe844104,
- 0xbe864106, 0xbe884108,
- 0xbe8a410a, 0xbe8c410c,
- 0xbe8e410e, 0xd7610002,
- 0x0000f200, 0x80798179,
- 0xd7610002, 0x0000f201,
+ 0x7e000280, 0x7e020280,
+ 0x7e040280, 0xbefd0080,
+ 0xd7610002, 0x0000fa71,
+ 0x807d817d, 0xd7610002,
+ 0x0000fa6c, 0x807d817d,
+ 0x917aff6d, 0x80000000,
+ 0xd7610002, 0x0000fa7a,
+ 0x807d817d, 0xd7610002,
+ 0x0000fa6e, 0x807d817d,
+ 0xd7610002, 0x0000fa6f,
+ 0x807d817d, 0xd7610002,
+ 0x0000fa78, 0x807d817d,
+ 0xb8faf803, 0xd7610002,
+ 0x0000fa7a, 0x807d817d,
+ 0xd7610002, 0x0000fa7b,
+ 0x807d817d, 0xb8f1f801,
+ 0xd7610002, 0x0000fa71,
+ 0x807d817d, 0xb8f1f814,
+ 0xd7610002, 0x0000fa71,
+ 0x807d817d, 0xb8f1f815,
+ 0xd7610002, 0x0000fa71,
+ 0x807d817d, 0xbefe00ff,
+ 0x0000ffff, 0xbeff0080,
+ 0xe0685000, 0x701d0200,
+ 0xbefe00c1, 0xb8f03b05,
+ 0x80708170, 0xbf0d9973,
+ 0xbfa20002, 0x84708970,
+ 0xbfa00001, 0x84708a70,
+ 0xb8fa1e06, 0x847a8a7a,
+ 0x80707a70, 0xbef600ff,
+ 0x01000000, 0xbef90080,
+ 0xbefd0080, 0xbf800000,
+ 0xbe804100, 0xbe824102,
+ 0xbe844104, 0xbe864106,
+ 0xbe884108, 0xbe8a410a,
+ 0xbe8c410c, 0xbe8e410e,
+ 0xd7610002, 0x0000f200,
0x80798179, 0xd7610002,
- 0x0000f202, 0x80798179,
- 0xd7610002, 0x0000f203,
+ 0x0000f201, 0x80798179,
+ 0xd7610002, 0x0000f202,
0x80798179, 0xd7610002,
- 0x0000f204, 0x80798179,
- 0xd7610002, 0x0000f205,
+ 0x0000f203, 0x80798179,
+ 0xd7610002, 0x0000f204,
0x80798179, 0xd7610002,
- 0x0000f206, 0x80798179,
- 0xd7610002, 0x0000f207,
+ 0x0000f205, 0x80798179,
+ 0xd7610002, 0x0000f206,
0x80798179, 0xd7610002,
- 0x0000f208, 0x80798179,
- 0xd7610002, 0x0000f209,
+ 0x0000f207, 0x80798179,
+ 0xd7610002, 0x0000f208,
0x80798179, 0xd7610002,
- 0x0000f20a, 0x80798179,
- 0xd7610002, 0x0000f20b,
+ 0x0000f209, 0x80798179,
+ 0xd7610002, 0x0000f20a,
0x80798179, 0xd7610002,
- 0x0000f20c, 0x80798179,
- 0xd7610002, 0x0000f20d,
+ 0x0000f20b, 0x80798179,
+ 0xd7610002, 0x0000f20c,
0x80798179, 0xd7610002,
- 0x0000f20e, 0x80798179,
- 0xd7610002, 0x0000f20f,
- 0x80798179, 0xbf06a079,
- 0xbfa10006, 0xe0685000,
- 0x701d0200, 0x8070ff70,
- 0x00000080, 0xbef90080,
- 0x7e040280, 0x807d907d,
- 0xbf0aff7d, 0x00000060,
- 0xbfa2ffbc, 0xbe804100,
- 0xbe824102, 0xbe844104,
- 0xbe864106, 0xbe884108,
- 0xbe8a410a, 0xd7610002,
- 0x0000f200, 0x80798179,
- 0xd7610002, 0x0000f201,
+ 0x0000f20d, 0x80798179,
+ 0xd7610002, 0x0000f20e,
0x80798179, 0xd7610002,
- 0x0000f202, 0x80798179,
- 0xd7610002, 0x0000f203,
+ 0x0000f20f, 0x80798179,
+ 0xbf06a079, 0xbfa10006,
+ 0xe0685000, 0x701d0200,
+ 0x8070ff70, 0x00000080,
+ 0xbef90080, 0x7e040280,
+ 0x807d907d, 0xbf0aff7d,
+ 0x00000060, 0xbfa2ffbc,
+ 0xbe804100, 0xbe824102,
+ 0xbe844104, 0xbe864106,
+ 0xbe884108, 0xbe8a410a,
+ 0xd7610002, 0x0000f200,
0x80798179, 0xd7610002,
- 0x0000f204, 0x80798179,
- 0xd7610002, 0x0000f205,
+ 0x0000f201, 0x80798179,
+ 0xd7610002, 0x0000f202,
0x80798179, 0xd7610002,
- 0x0000f206, 0x80798179,
- 0xd7610002, 0x0000f207,
+ 0x0000f203, 0x80798179,
+ 0xd7610002, 0x0000f204,
0x80798179, 0xd7610002,
- 0x0000f208, 0x80798179,
- 0xd7610002, 0x0000f209,
+ 0x0000f205, 0x80798179,
+ 0xd7610002, 0x0000f206,
0x80798179, 0xd7610002,
- 0x0000f20a, 0x80798179,
- 0xd7610002, 0x0000f20b,
- 0x80798179, 0xe0685000,
- 0x701d0200, 0xbefe00c1,
- 0x857d9973, 0x8b7d817d,
- 0xbf06817d, 0xbfa20002,
- 0xbeff0080, 0xbfa00001,
- 0xbeff00c1, 0xb8fb4306,
- 0x8b7bc17b, 0xbfa10044,
- 0xbfbd0000, 0x8b7aff6d,
- 0x80000000, 0xbfa10040,
- 0x847b867b, 0x847b827b,
- 0xbef6007b, 0xb8f03b05,
- 0x80708170, 0xbf0d9973,
- 0xbfa20002, 0x84708970,
- 0xbfa00001, 0x84708a70,
- 0xb8fa1e06, 0x847a8a7a,
- 0x80707a70, 0x8070ff70,
- 0x00000200, 0x8070ff70,
- 0x00000080, 0xbef600ff,
- 0x01000000, 0xd71f0000,
- 0x000100c1, 0xd7200000,
- 0x000200c1, 0x16000084,
- 0x857d9973, 0x8b7d817d,
- 0xbf06817d, 0xbefd0080,
- 0xbfa20012, 0xbe8300ff,
- 0x00000080, 0xbf800000,
- 0xbf800000, 0xbf800000,
- 0xd8d80000, 0x01000000,
- 0xbf890000, 0xe0685000,
- 0x701d0100, 0x807d037d,
- 0x80700370, 0xd5250000,
- 0x0001ff00, 0x00000080,
- 0xbf0a7b7d, 0xbfa2fff4,
- 0xbfa00011, 0xbe8300ff,
- 0x00000100, 0xbf800000,
- 0xbf800000, 0xbf800000,
- 0xd8d80000, 0x01000000,
- 0xbf890000, 0xe0685000,
- 0x701d0100, 0x807d037d,
- 0x80700370, 0xd5250000,
- 0x0001ff00, 0x00000100,
- 0xbf0a7b7d, 0xbfa2fff4,
+ 0x0000f207, 0x80798179,
+ 0xd7610002, 0x0000f208,
+ 0x80798179, 0xd7610002,
+ 0x0000f209, 0x80798179,
+ 0xd7610002, 0x0000f20a,
+ 0x80798179, 0xd7610002,
+ 0x0000f20b, 0x80798179,
+ 0xe0685000, 0x701d0200,
0xbefe00c1, 0x857d9973,
0x8b7d817d, 0xbf06817d,
- 0xbfa20004, 0xbef000ff,
- 0x00000200, 0xbeff0080,
- 0xbfa00003, 0xbef000ff,
- 0x00000400, 0xbeff00c1,
- 0xb8fb3b05, 0x807b817b,
- 0x847b827b, 0x857d9973,
+ 0xbfa20002, 0xbeff0080,
+ 0xbfa00001, 0xbeff00c1,
+ 0xb8fb4306, 0x8b7bc17b,
+ 0xbfa10044, 0xbfbd0000,
+ 0x8b7aff6d, 0x80000000,
+ 0xbfa10040, 0x847b867b,
+ 0x847b827b, 0xbef6007b,
+ 0xb8f03b05, 0x80708170,
+ 0xbf0d9973, 0xbfa20002,
+ 0x84708970, 0xbfa00001,
+ 0x84708a70, 0xb8fa1e06,
+ 0x847a8a7a, 0x80707a70,
+ 0x8070ff70, 0x00000200,
+ 0x8070ff70, 0x00000080,
+ 0xbef600ff, 0x01000000,
+ 0xd71f0000, 0x000100c1,
+ 0xd7200000, 0x000200c1,
+ 0x16000084, 0x857d9973,
0x8b7d817d, 0xbf06817d,
- 0xbfa20017, 0xbef600ff,
- 0x01000000, 0xbefd0084,
- 0xbf0a7b7d, 0xbfa10037,
- 0x7e008700, 0x7e028701,
- 0x7e048702, 0x7e068703,
- 0xe0685000, 0x701d0000,
- 0xe0685080, 0x701d0100,
- 0xe0685100, 0x701d0200,
- 0xe0685180, 0x701d0300,
- 0x807d847d, 0x8070ff70,
- 0x00000200, 0xbf0a7b7d,
- 0xbfa2ffef, 0xbfa00025,
+ 0xbefd0080, 0xbfa20012,
+ 0xbe8300ff, 0x00000080,
+ 0xbf800000, 0xbf800000,
+ 0xbf800000, 0xd8d80000,
+ 0x01000000, 0xbf890000,
+ 0xe0685000, 0x701d0100,
+ 0x807d037d, 0x80700370,
+ 0xd5250000, 0x0001ff00,
+ 0x00000080, 0xbf0a7b7d,
+ 0xbfa2fff4, 0xbfa00011,
+ 0xbe8300ff, 0x00000100,
+ 0xbf800000, 0xbf800000,
+ 0xbf800000, 0xd8d80000,
+ 0x01000000, 0xbf890000,
+ 0xe0685000, 0x701d0100,
+ 0x807d037d, 0x80700370,
+ 0xd5250000, 0x0001ff00,
+ 0x00000100, 0xbf0a7b7d,
+ 0xbfa2fff4, 0xbefe00c1,
+ 0x857d9973, 0x8b7d817d,
+ 0xbf06817d, 0xbfa20004,
+ 0xbef000ff, 0x00000200,
+ 0xbeff0080, 0xbfa00003,
+ 0xbef000ff, 0x00000400,
+ 0xbeff00c1, 0xb8fb3b05,
+ 0x807b817b, 0x847b827b,
+ 0x857d9973, 0x8b7d817d,
+ 0xbf06817d, 0xbfa20017,
0xbef600ff, 0x01000000,
0xbefd0084, 0xbf0a7b7d,
- 0xbfa10011, 0x7e008700,
+ 0xbfa10037, 0x7e008700,
0x7e028701, 0x7e048702,
0x7e068703, 0xe0685000,
- 0x701d0000, 0xe0685100,
- 0x701d0100, 0xe0685200,
- 0x701d0200, 0xe0685300,
+ 0x701d0000, 0xe0685080,
+ 0x701d0100, 0xe0685100,
+ 0x701d0200, 0xe0685180,
0x701d0300, 0x807d847d,
- 0x8070ff70, 0x00000400,
+ 0x8070ff70, 0x00000200,
0xbf0a7b7d, 0xbfa2ffef,
- 0xb8fb1e06, 0x8b7bc17b,
- 0xbfa1000c, 0x847b837b,
- 0x807b7d7b, 0xbefe00c1,
- 0xbeff0080, 0x7e008700,
+ 0xbfa00025, 0xbef600ff,
+ 0x01000000, 0xbefd0084,
+ 0xbf0a7b7d, 0xbfa10011,
+ 0x7e008700, 0x7e028701,
+ 0x7e048702, 0x7e068703,
0xe0685000, 0x701d0000,
- 0x807d817d, 0x8070ff70,
- 0x00000080, 0xbf0a7b7d,
- 0xbfa2fff8, 0xbfa00146,
- 0xbef4007e, 0x8b75ff7f,
- 0x0000ffff, 0x8c75ff75,
- 0x00040000, 0xbef60080,
- 0xbef700ff, 0x10807fac,
- 0xb8f202dc, 0x84729972,
- 0x8b6eff7f, 0x04000000,
- 0xbfa1003a, 0xbefe00c1,
- 0x857d9972, 0x8b7d817d,
- 0xbf06817d, 0xbfa20002,
- 0xbeff0080, 0xbfa00001,
- 0xbeff00c1, 0xb8ef4306,
- 0x8b6fc16f, 0xbfa1002f,
- 0x846f866f, 0x846f826f,
- 0xbef6006f, 0xb8f83b05,
- 0x80788178, 0xbf0d9972,
- 0xbfa20002, 0x84788978,
- 0xbfa00001, 0x84788a78,
- 0xb8ee1e06, 0x846e8a6e,
- 0x80786e78, 0x8078ff78,
- 0x00000200, 0x8078ff78,
- 0x00000080, 0xbef600ff,
- 0x01000000, 0x857d9972,
- 0x8b7d817d, 0xbf06817d,
- 0xbefd0080, 0xbfa2000c,
- 0xe0500000, 0x781d0000,
- 0xbf8903f7, 0xdac00000,
- 0x00000000, 0x807dff7d,
- 0x00000080, 0x8078ff78,
- 0x00000080, 0xbf0a6f7d,
- 0xbfa2fff5, 0xbfa0000b,
- 0xe0500000, 0x781d0000,
- 0xbf8903f7, 0xdac00000,
- 0x00000000, 0x807dff7d,
- 0x00000100, 0x8078ff78,
- 0x00000100, 0xbf0a6f7d,
- 0xbfa2fff5, 0xbef80080,
+ 0xe0685100, 0x701d0100,
+ 0xe0685200, 0x701d0200,
+ 0xe0685300, 0x701d0300,
+ 0x807d847d, 0x8070ff70,
+ 0x00000400, 0xbf0a7b7d,
+ 0xbfa2ffef, 0xb8fb1e06,
+ 0x8b7bc17b, 0xbfa1000c,
+ 0x847b837b, 0x807b7d7b,
+ 0xbefe00c1, 0xbeff0080,
+ 0x7e008700, 0xe0685000,
+ 0x701d0000, 0x807d817d,
+ 0x8070ff70, 0x00000080,
+ 0xbf0a7b7d, 0xbfa2fff8,
+ 0xbfa00146, 0xbef4007e,
+ 0x8b75ff7f, 0x0000ffff,
+ 0x8c75ff75, 0x00040000,
+ 0xbef60080, 0xbef700ff,
+ 0x10807fac, 0xb8f202dc,
+ 0x84729972, 0x8b6eff7f,
+ 0x04000000, 0xbfa1003a,
0xbefe00c1, 0x857d9972,
0x8b7d817d, 0xbf06817d,
0xbfa20002, 0xbeff0080,
0xbfa00001, 0xbeff00c1,
- 0xb8ef3b05, 0x806f816f,
- 0x846f826f, 0x857d9972,
- 0x8b7d817d, 0xbf06817d,
- 0xbfa20024, 0xbef600ff,
- 0x01000000, 0xbeee0078,
+ 0xb8ef4306, 0x8b6fc16f,
+ 0xbfa1002f, 0x846f866f,
+ 0x846f826f, 0xbef6006f,
+ 0xb8f83b05, 0x80788178,
+ 0xbf0d9972, 0xbfa20002,
+ 0x84788978, 0xbfa00001,
+ 0x84788a78, 0xb8ee1e06,
+ 0x846e8a6e, 0x80786e78,
0x8078ff78, 0x00000200,
- 0xbefd0084, 0xbf0a6f7d,
- 0xbfa10050, 0xe0505000,
- 0x781d0000, 0xe0505080,
- 0x781d0100, 0xe0505100,
- 0x781d0200, 0xe0505180,
- 0x781d0300, 0xbf8903f7,
- 0x7e008500, 0x7e028501,
- 0x7e048502, 0x7e068503,
- 0x807d847d, 0x8078ff78,
- 0x00000200, 0xbf0a6f7d,
- 0xbfa2ffee, 0xe0505000,
- 0x6e1d0000, 0xe0505080,
- 0x6e1d0100, 0xe0505100,
- 0x6e1d0200, 0xe0505180,
- 0x6e1d0300, 0xbf8903f7,
- 0xbfa00034, 0xbef600ff,
- 0x01000000, 0xbeee0078,
- 0x8078ff78, 0x00000400,
- 0xbefd0084, 0xbf0a6f7d,
- 0xbfa10012, 0xe0505000,
- 0x781d0000, 0xe0505100,
- 0x781d0100, 0xe0505200,
- 0x781d0200, 0xe0505300,
- 0x781d0300, 0xbf8903f7,
- 0x7e008500, 0x7e028501,
- 0x7e048502, 0x7e068503,
- 0x807d847d, 0x8078ff78,
- 0x00000400, 0xbf0a6f7d,
- 0xbfa2ffee, 0xb8ef1e06,
- 0x8b6fc16f, 0xbfa1000e,
- 0x846f836f, 0x806f7d6f,
- 0xbefe00c1, 0xbeff0080,
+ 0x8078ff78, 0x00000080,
+ 0xbef600ff, 0x01000000,
+ 0x857d9972, 0x8b7d817d,
+ 0xbf06817d, 0xbefd0080,
+ 0xbfa2000c, 0xe0500000,
+ 0x781d0000, 0xbf8903f7,
+ 0xdac00000, 0x00000000,
+ 0x807dff7d, 0x00000080,
+ 0x8078ff78, 0x00000080,
+ 0xbf0a6f7d, 0xbfa2fff5,
+ 0xbfa0000b, 0xe0500000,
+ 0x781d0000, 0xbf8903f7,
+ 0xdac00000, 0x00000000,
+ 0x807dff7d, 0x00000100,
+ 0x8078ff78, 0x00000100,
+ 0xbf0a6f7d, 0xbfa2fff5,
+ 0xbef80080, 0xbefe00c1,
+ 0x857d9972, 0x8b7d817d,
+ 0xbf06817d, 0xbfa20002,
+ 0xbeff0080, 0xbfa00001,
+ 0xbeff00c1, 0xb8ef3b05,
+ 0x806f816f, 0x846f826f,
+ 0x857d9972, 0x8b7d817d,
+ 0xbf06817d, 0xbfa20024,
+ 0xbef600ff, 0x01000000,
+ 0xbeee0078, 0x8078ff78,
+ 0x00000200, 0xbefd0084,
+ 0xbf0a6f7d, 0xbfa10050,
0xe0505000, 0x781d0000,
+ 0xe0505080, 0x781d0100,
+ 0xe0505100, 0x781d0200,
+ 0xe0505180, 0x781d0300,
0xbf8903f7, 0x7e008500,
- 0x807d817d, 0x8078ff78,
- 0x00000080, 0xbf0a6f7d,
- 0xbfa2fff7, 0xbeff00c1,
+ 0x7e028501, 0x7e048502,
+ 0x7e068503, 0x807d847d,
+ 0x8078ff78, 0x00000200,
+ 0xbf0a6f7d, 0xbfa2ffee,
0xe0505000, 0x6e1d0000,
- 0xe0505100, 0x6e1d0100,
- 0xe0505200, 0x6e1d0200,
- 0xe0505300, 0x6e1d0300,
- 0xbf8903f7, 0xb8f83b05,
- 0x80788178, 0xbf0d9972,
- 0xbfa20002, 0x84788978,
- 0xbfa00001, 0x84788a78,
- 0xb8ee1e06, 0x846e8a6e,
- 0x80786e78, 0x8078ff78,
- 0x00000200, 0x80f8ff78,
- 0x00000050, 0xbef600ff,
- 0x01000000, 0xbefd00ff,
- 0x0000006c, 0x80f89078,
- 0xf428403a, 0xf0000000,
- 0xbf89fc07, 0x80fd847d,
- 0xbf800000, 0xbe804300,
- 0xbe824302, 0x80f8a078,
- 0xf42c403a, 0xf0000000,
- 0xbf89fc07, 0x80fd887d,
- 0xbf800000, 0xbe804300,
- 0xbe824302, 0xbe844304,
- 0xbe864306, 0x80f8c078,
- 0xf430403a, 0xf0000000,
- 0xbf89fc07, 0x80fd907d,
- 0xbf800000, 0xbe804300,
- 0xbe824302, 0xbe844304,
- 0xbe864306, 0xbe884308,
- 0xbe8a430a, 0xbe8c430c,
- 0xbe8e430e, 0xbf06807d,
- 0xbfa1fff0, 0xb980f801,
- 0x00000000, 0xbfbd0000,
+ 0xe0505080, 0x6e1d0100,
+ 0xe0505100, 0x6e1d0200,
+ 0xe0505180, 0x6e1d0300,
+ 0xbf8903f7, 0xbfa00034,
+ 0xbef600ff, 0x01000000,
+ 0xbeee0078, 0x8078ff78,
+ 0x00000400, 0xbefd0084,
+ 0xbf0a6f7d, 0xbfa10012,
+ 0xe0505000, 0x781d0000,
+ 0xe0505100, 0x781d0100,
+ 0xe0505200, 0x781d0200,
+ 0xe0505300, 0x781d0300,
+ 0xbf8903f7, 0x7e008500,
+ 0x7e028501, 0x7e048502,
+ 0x7e068503, 0x807d847d,
+ 0x8078ff78, 0x00000400,
+ 0xbf0a6f7d, 0xbfa2ffee,
+ 0xb8ef1e06, 0x8b6fc16f,
+ 0xbfa1000e, 0x846f836f,
+ 0x806f7d6f, 0xbefe00c1,
+ 0xbeff0080, 0xe0505000,
+ 0x781d0000, 0xbf8903f7,
+ 0x7e008500, 0x807d817d,
+ 0x8078ff78, 0x00000080,
+ 0xbf0a6f7d, 0xbfa2fff7,
+ 0xbeff00c1, 0xe0505000,
+ 0x6e1d0000, 0xe0505100,
+ 0x6e1d0100, 0xe0505200,
+ 0x6e1d0200, 0xe0505300,
+ 0x6e1d0300, 0xbf8903f7,
0xb8f83b05, 0x80788178,
0xbf0d9972, 0xbfa20002,
0x84788978, 0xbfa00001,
0x84788a78, 0xb8ee1e06,
0x846e8a6e, 0x80786e78,
0x8078ff78, 0x00000200,
+ 0x80f8ff78, 0x00000050,
0xbef600ff, 0x01000000,
- 0xf4205bfa, 0xf0000000,
- 0x80788478, 0xf4205b3a,
+ 0xbefd00ff, 0x0000006c,
+ 0x80f89078, 0xf428403a,
+ 0xf0000000, 0xbf89fc07,
+ 0x80fd847d, 0xbf800000,
+ 0xbe804300, 0xbe824302,
+ 0x80f8a078, 0xf42c403a,
+ 0xf0000000, 0xbf89fc07,
+ 0x80fd887d, 0xbf800000,
+ 0xbe804300, 0xbe824302,
+ 0xbe844304, 0xbe864306,
+ 0x80f8c078, 0xf430403a,
+ 0xf0000000, 0xbf89fc07,
+ 0x80fd907d, 0xbf800000,
+ 0xbe804300, 0xbe824302,
+ 0xbe844304, 0xbe864306,
+ 0xbe884308, 0xbe8a430a,
+ 0xbe8c430c, 0xbe8e430e,
+ 0xbf06807d, 0xbfa1fff0,
+ 0xb980f801, 0x00000000,
+ 0xbfbd0000, 0xb8f83b05,
+ 0x80788178, 0xbf0d9972,
+ 0xbfa20002, 0x84788978,
+ 0xbfa00001, 0x84788a78,
+ 0xb8ee1e06, 0x846e8a6e,
+ 0x80786e78, 0x8078ff78,
+ 0x00000200, 0xbef600ff,
+ 0x01000000, 0xf4205bfa,
0xf0000000, 0x80788478,
- 0xf4205b7a, 0xf0000000,
- 0x80788478, 0xf4205c3a,
+ 0xf4205b3a, 0xf0000000,
+ 0x80788478, 0xf4205b7a,
0xf0000000, 0x80788478,
- 0xf4205c7a, 0xf0000000,
- 0x80788478, 0xf4205eba,
+ 0xf4205c3a, 0xf0000000,
+ 0x80788478, 0xf4205c7a,
0xf0000000, 0x80788478,
- 0xf4205efa, 0xf0000000,
- 0x80788478, 0xf4205e7a,
+ 0xf4205eba, 0xf0000000,
+ 0x80788478, 0xf4205efa,
0xf0000000, 0x80788478,
- 0xf4205cfa, 0xf0000000,
- 0x80788478, 0xf4205bba,
+ 0xf4205e7a, 0xf0000000,
+ 0x80788478, 0xf4205cfa,
0xf0000000, 0x80788478,
- 0xbf89fc07, 0xb96ef814,
0xf4205bba, 0xf0000000,
0x80788478, 0xbf89fc07,
- 0xb96ef815, 0xbefd006f,
- 0xbefe0070, 0xbeff0071,
- 0x8b6f7bff, 0x000003ff,
- 0xb96f4803, 0x8b6f7bff,
- 0xfffff800, 0x856f8b6f,
- 0xb96fa2c3, 0xb973f801,
- 0xb8ee3b05, 0x806e816e,
- 0xbf0d9972, 0xbfa20002,
- 0x846e896e, 0xbfa00001,
- 0x846e8a6e, 0xb8ef1e06,
- 0x846f8a6f, 0x806e6f6e,
- 0x806eff6e, 0x00000200,
- 0x806e746e, 0x826f8075,
- 0x8b6fff6f, 0x0000ffff,
- 0xf4085c37, 0xf8000050,
- 0xf4085d37, 0xf8000060,
- 0xf4005e77, 0xf8000074,
- 0xbf89fc07, 0x8b6dff6d,
- 0x0000ffff, 0x8bfe7e7e,
- 0x8bea6a6a, 0xb8eef802,
- 0xbf0d866e, 0xbfa20002,
- 0xb97af802, 0xbe80486c,
- 0xb97af802, 0xbe804a6c,
- 0xbfb00000, 0xbf9f0000,
+ 0xb96ef814, 0xf4205bba,
+ 0xf0000000, 0x80788478,
+ 0xbf89fc07, 0xb96ef815,
+ 0xbefd006f, 0xbefe0070,
+ 0xbeff0071, 0x8b6f7bff,
+ 0x000003ff, 0xb96f4803,
+ 0x8b6f7bff, 0xfffff800,
+ 0x856f8b6f, 0xb96fa2c3,
+ 0xb973f801, 0xb8ee3b05,
+ 0x806e816e, 0xbf0d9972,
+ 0xbfa20002, 0x846e896e,
+ 0xbfa00001, 0x846e8a6e,
+ 0xb8ef1e06, 0x846f8a6f,
+ 0x806e6f6e, 0x806eff6e,
+ 0x00000200, 0x806e746e,
+ 0x826f8075, 0x8b6fff6f,
+ 0x0000ffff, 0xf4085c37,
+ 0xf8000050, 0xf4085d37,
+ 0xf8000060, 0xf4005e77,
+ 0xf8000074, 0xbf89fc07,
+ 0x8b6dff6d, 0x0000ffff,
+ 0x8bfe7e7e, 0x8bea6a6a,
+ 0xb8eef802, 0xbf0d866e,
+ 0xbfa20002, 0xb97af802,
+ 0xbe80486c, 0xb97af802,
+ 0xbe804a6c, 0xbfb00000,
0xbf9f0000, 0xbf9f0000,
0xbf9f0000, 0xbf9f0000,
+ 0xbf9f0000, 0x00000000,
};
diff --git a/drivers/gpu/drm/amd/amdkfd/cwsr_trap_handler_gfx10.asm b/drivers/gpu/drm/amd/amdkfd/cwsr_trap_handler_gfx10.asm
index 0f81670f6f9c..8b92c33c2a7c 100644
--- a/drivers/gpu/drm/amd/amdkfd/cwsr_trap_handler_gfx10.asm
+++ b/drivers/gpu/drm/amd/amdkfd/cwsr_trap_handler_gfx10.asm
@@ -186,6 +186,12 @@ L_SKIP_RESTORE:
s_getreg_b32 s_save_trapsts, hwreg(HW_REG_TRAPSTS)
#if SW_SA_TRAP
+ // If ttmp1[30] is set then issue s_barrier to unblock dependent waves.
+ s_bitcmp1_b32 s_save_pc_hi, 30
+ s_cbranch_scc0 L_TRAP_NO_BARRIER
+ s_barrier
+
+L_TRAP_NO_BARRIER:
// If ttmp1[31] is set then trap may occur early.
// Spin wait until SAVECTX exception is raised.
s_bitcmp1_b32 s_save_pc_hi, 31
--
2.35.1
^ permalink raw reply related [flat|nested] 305+ messages in thread
* [PATCH 6.0 188/289] drm/amd/display: Added debug option for forcing subvp num ways
2022-11-30 18:19 [PATCH 6.0 000/289] 6.0.11-rc1 review Greg Kroah-Hartman
` (186 preceding siblings ...)
2022-11-30 18:22 ` [PATCH 6.0 187/289] drm/amdkfd: update GFX11 CWSR trap handler Greg Kroah-Hartman
@ 2022-11-30 18:22 ` Greg Kroah-Hartman
2022-11-30 18:22 ` [PATCH 6.0 189/289] drm/amd/display: Add debug option for allocating extra way for cursor Greg Kroah-Hartman
` (110 subsequent siblings)
298 siblings, 0 replies; 305+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-30 18:22 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Daniel Wheeler, Jun Lei,
Pavle Kotarac, Alvin Lee, Alex Deucher, Sasha Levin
From: Lee, Alvin <Alvin.Lee2@amd.com>
[ Upstream commit 5c1a431aaf52bbba8b6e2c4e9b4037a09509c0e3 ]
[Description]
Regkey option for forcing num ways for subvp for debug purposes
Tested-by: Daniel Wheeler <daniel.wheeler@amd.com>
Reviewed-by: Jun Lei <Jun.Lei@amd.com>
Acked-by: Pavle Kotarac <Pavle.Kotarac@amd.com>
Signed-off-by: Alvin Lee <Alvin.Lee2@amd.com>
Signed-off-by: Alex Deucher <alexander.deucher@amd.com>
Stable-dep-of: 4d2852412306 ("drm/amd/display: Fix calculation for cursor CAB allocation")
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/gpu/drm/amd/display/dc/dc.h | 1 +
.../drm/amd/display/dc/dcn32/dcn32_resource_helpers.c | 11 ++++++++---
2 files changed, 9 insertions(+), 3 deletions(-)
diff --git a/drivers/gpu/drm/amd/display/dc/dc.h b/drivers/gpu/drm/amd/display/dc/dc.h
index dbf8158b832e..a652dec5d02f 100644
--- a/drivers/gpu/drm/amd/display/dc/dc.h
+++ b/drivers/gpu/drm/amd/display/dc/dc.h
@@ -746,6 +746,7 @@ struct dc_debug_options {
bool force_disable_subvp;
bool force_subvp_mclk_switch;
bool allow_sw_cursor_fallback;
+ unsigned int force_subvp_num_ways;
bool force_usr_allow;
/* uses value at boot and disables switch */
bool disable_dtb_ref_clk_switch;
diff --git a/drivers/gpu/drm/amd/display/dc/dcn32/dcn32_resource_helpers.c b/drivers/gpu/drm/amd/display/dc/dcn32/dcn32_resource_helpers.c
index 13cd1f2e50ca..7c37575d69c7 100644
--- a/drivers/gpu/drm/amd/display/dc/dcn32/dcn32_resource_helpers.c
+++ b/drivers/gpu/drm/amd/display/dc/dcn32/dcn32_resource_helpers.c
@@ -54,13 +54,14 @@ uint32_t dcn32_helper_calculate_num_ways_for_subvp(struct dc *dc, struct dc_stat
uint32_t num_mblks = 0;
uint32_t cache_lines_per_plane = 0;
uint32_t i = 0, j = 0;
- uint32_t mblk_width = 0;
- uint32_t mblk_height = 0;
+ uint16_t mblk_width = 0;
+ uint16_t mblk_height = 0;
uint32_t full_vp_width_blk_aligned = 0;
uint32_t full_vp_height_blk_aligned = 0;
uint32_t mall_alloc_width_blk_aligned = 0;
uint32_t mall_alloc_height_blk_aligned = 0;
- uint32_t full_vp_height = 0;
+ uint16_t full_vp_height = 0;
+ bool subvp_in_use = false;
for (i = 0; i < dc->res_pool->pipe_count; i++) {
struct pipe_ctx *pipe = &context->res_ctx.pipe_ctx[i];
@@ -70,6 +71,7 @@ uint32_t dcn32_helper_calculate_num_ways_for_subvp(struct dc *dc, struct dc_stat
pipe->stream->mall_stream_config.type == SUBVP_PHANTOM) {
struct pipe_ctx *main_pipe = NULL;
+ subvp_in_use = true;
/* Get full viewport height from main pipe (required for MBLK calculation) */
for (j = 0; j < dc->res_pool->pipe_count; j++) {
main_pipe = &context->res_ctx.pipe_ctx[j];
@@ -129,6 +131,9 @@ uint32_t dcn32_helper_calculate_num_ways_for_subvp(struct dc *dc, struct dc_stat
if (cache_lines_used % lines_per_way > 0)
num_ways++;
+ if (subvp_in_use && dc->debug.force_subvp_num_ways > 0)
+ num_ways = dc->debug.force_subvp_num_ways;
+
return num_ways;
}
--
2.35.1
^ permalink raw reply related [flat|nested] 305+ messages in thread
* [PATCH 6.0 189/289] drm/amd/display: Add debug option for allocating extra way for cursor
2022-11-30 18:19 [PATCH 6.0 000/289] 6.0.11-rc1 review Greg Kroah-Hartman
` (187 preceding siblings ...)
2022-11-30 18:22 ` [PATCH 6.0 188/289] drm/amd/display: Added debug option for forcing subvp num ways Greg Kroah-Hartman
@ 2022-11-30 18:22 ` Greg Kroah-Hartman
2022-11-30 18:22 ` [PATCH 6.0 190/289] drm/amd/display: Update MALL SS NumWays calculation Greg Kroah-Hartman
` (109 subsequent siblings)
298 siblings, 0 replies; 305+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-30 18:22 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Aurabindo Pillai, Wayne Lin,
Alvin Lee, Daniel Wheeler, Alex Deucher, Sasha Levin
From: Alvin Lee <Alvin.Lee2@amd.com>
[ Upstream commit 6eef37460584269b240f45aa47ebb61aae848082 ]
[Why and How]
- Add a debug option for allocating extra way for cursor
- Remove usage of cache_cursor_addr since it's not gaurenteed
to be populated
- Include cursor size in MALL calculation if it exceeds the
DCN cursor buffer size (and don't need extra way for cursor)
Reviewed-by: Aurabindo Pillai <Aurabindo.Pillai@amd.com>
Acked-by: Wayne Lin <wayne.lin@amd.com>
Signed-off-by: Alvin Lee <Alvin.Lee2@amd.com>
Tested-by: Daniel Wheeler <daniel.wheeler@amd.com>
Signed-off-by: Alex Deucher <alexander.deucher@amd.com>
Stable-dep-of: 4d2852412306 ("drm/amd/display: Fix calculation for cursor CAB allocation")
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/gpu/drm/amd/display/dc/dc.h | 1 +
drivers/gpu/drm/amd/display/dc/dcn32/dcn32_hwseq.c | 10 ++++++----
drivers/gpu/drm/amd/display/dc/dcn32/dcn32_resource.c | 1 +
.../gpu/drm/amd/display/dc/dcn321/dcn321_resource.c | 1 +
4 files changed, 9 insertions(+), 4 deletions(-)
diff --git a/drivers/gpu/drm/amd/display/dc/dc.h b/drivers/gpu/drm/amd/display/dc/dc.h
index a652dec5d02f..0d4340f0f688 100644
--- a/drivers/gpu/drm/amd/display/dc/dc.h
+++ b/drivers/gpu/drm/amd/display/dc/dc.h
@@ -747,6 +747,7 @@ struct dc_debug_options {
bool force_subvp_mclk_switch;
bool allow_sw_cursor_fallback;
unsigned int force_subvp_num_ways;
+ bool alloc_extra_way_for_cursor;
bool force_usr_allow;
/* uses value at boot and disables switch */
bool disable_dtb_ref_clk_switch;
diff --git a/drivers/gpu/drm/amd/display/dc/dcn32/dcn32_hwseq.c b/drivers/gpu/drm/amd/display/dc/dcn32/dcn32_hwseq.c
index c72166e096ba..0751e1202c95 100644
--- a/drivers/gpu/drm/amd/display/dc/dcn32/dcn32_hwseq.c
+++ b/drivers/gpu/drm/amd/display/dc/dcn32/dcn32_hwseq.c
@@ -304,7 +304,8 @@ static uint32_t dcn32_calculate_cab_allocation(struct dc *dc, struct dc_state *c
* using the max for calculation
*/
if (hubp->curs_attr.width > 0) {
- cursor_size = hubp->curs_attr.width * hubp->curs_attr.height;
+ // Round cursor width to next multiple of 64
+ cursor_size = (((hubp->curs_attr.width + 63) / 64) * 64) * hubp->curs_attr.height;
break;
}
}
@@ -325,7 +326,8 @@ static uint32_t dcn32_calculate_cab_allocation(struct dc *dc, struct dc_state *c
break;
}
- if (stream->cursor_position.enable && plane->address.grph.cursor_cache_addr.quad_part) {
+ if (stream->cursor_position.enable && !dc->debug.alloc_extra_way_for_cursor &&
+ cursor_size > 16384) {
cache_lines_used += dcn32_cache_lines_for_surface(dc, cursor_size,
plane->address.grph.cursor_cache_addr.quad_part);
}
@@ -345,8 +347,8 @@ static uint32_t dcn32_calculate_cab_allocation(struct dc *dc, struct dc_state *c
plane = ctx->stream_status[i].plane_states[j];
if (stream->cursor_position.enable && plane &&
- !plane->address.grph.cursor_cache_addr.quad_part &&
- cursor_size > 16384) {
+ dc->debug.alloc_extra_way_for_cursor &&
+ cursor_size > 16384) {
/* Cursor caching is not supported since it won't be on the same line.
* So we need an extra line to accommodate it. With large cursors and a single 4k monitor
* this case triggers corruption. If we're at the edge, then dont trigger display refresh
diff --git a/drivers/gpu/drm/amd/display/dc/dcn32/dcn32_resource.c b/drivers/gpu/drm/amd/display/dc/dcn32/dcn32_resource.c
index c3b783cea8a0..6f1bcb45a3b2 100644
--- a/drivers/gpu/drm/amd/display/dc/dcn32/dcn32_resource.c
+++ b/drivers/gpu/drm/amd/display/dc/dcn32/dcn32_resource.c
@@ -872,6 +872,7 @@ static const struct dc_debug_options debug_defaults_drv = {
.enable_single_display_2to1_odm_policy = true,
.enable_dp_dig_pixel_rate_div_policy = 1,
.allow_sw_cursor_fallback = false,
+ .alloc_extra_way_for_cursor = true,
};
static const struct dc_debug_options debug_defaults_diags = {
diff --git a/drivers/gpu/drm/amd/display/dc/dcn321/dcn321_resource.c b/drivers/gpu/drm/amd/display/dc/dcn321/dcn321_resource.c
index 7309eed33a61..d074716dc197 100644
--- a/drivers/gpu/drm/amd/display/dc/dcn321/dcn321_resource.c
+++ b/drivers/gpu/drm/amd/display/dc/dcn321/dcn321_resource.c
@@ -873,6 +873,7 @@ static const struct dc_debug_options debug_defaults_drv = {
.enable_single_display_2to1_odm_policy = true,
.enable_dp_dig_pixel_rate_div_policy = 1,
.allow_sw_cursor_fallback = false,
+ .alloc_extra_way_for_cursor = true,
};
static const struct dc_debug_options debug_defaults_diags = {
--
2.35.1
^ permalink raw reply related [flat|nested] 305+ messages in thread
* [PATCH 6.0 190/289] drm/amd/display: Update MALL SS NumWays calculation
2022-11-30 18:19 [PATCH 6.0 000/289] 6.0.11-rc1 review Greg Kroah-Hartman
` (188 preceding siblings ...)
2022-11-30 18:22 ` [PATCH 6.0 189/289] drm/amd/display: Add debug option for allocating extra way for cursor Greg Kroah-Hartman
@ 2022-11-30 18:22 ` Greg Kroah-Hartman
2022-11-30 18:22 ` [PATCH 6.0 191/289] drm/amd/display: Fix calculation for cursor CAB allocation Greg Kroah-Hartman
` (108 subsequent siblings)
298 siblings, 0 replies; 305+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-30 18:22 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Jun Lei, Jasdeep Dhillon, Alvin Lee,
Daniel Wheeler, Alex Deucher, Sasha Levin
From: Alvin Lee <Alvin.Lee2@amd.com>
[ Upstream commit 525a65c77db51cf5d6c6d8e3f8d07efeb2270416 ]
[Description]
Update MALL SS NumWays calculation according
to programming guide.
Reviewed-by: Jun Lei <Jun.Lei@amd.com>
Acked-by: Jasdeep Dhillon <jdhillon@amd.com>
Signed-off-by: Alvin Lee <Alvin.Lee2@amd.com>
Tested-by: Daniel Wheeler <daniel.wheeler@amd.com>
Signed-off-by: Alex Deucher <alexander.deucher@amd.com>
Stable-dep-of: 4d2852412306 ("drm/amd/display: Fix calculation for cursor CAB allocation")
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/gpu/drm/amd/display/dc/dc.h | 1 +
.../drm/amd/display/dc/dcn32/dcn32_hwseq.c | 207 ++++++++----------
2 files changed, 98 insertions(+), 110 deletions(-)
diff --git a/drivers/gpu/drm/amd/display/dc/dc.h b/drivers/gpu/drm/amd/display/dc/dc.h
index 0d4340f0f688..fcddf60d3c10 100644
--- a/drivers/gpu/drm/amd/display/dc/dc.h
+++ b/drivers/gpu/drm/amd/display/dc/dc.h
@@ -747,6 +747,7 @@ struct dc_debug_options {
bool force_subvp_mclk_switch;
bool allow_sw_cursor_fallback;
unsigned int force_subvp_num_ways;
+ unsigned int force_mall_ss_num_ways;
bool alloc_extra_way_for_cursor;
bool force_usr_allow;
/* uses value at boot and disables switch */
diff --git a/drivers/gpu/drm/amd/display/dc/dcn32/dcn32_hwseq.c b/drivers/gpu/drm/amd/display/dc/dcn32/dcn32_hwseq.c
index 0751e1202c95..84a20ce9bd36 100644
--- a/drivers/gpu/drm/amd/display/dc/dcn32/dcn32_hwseq.c
+++ b/drivers/gpu/drm/amd/display/dc/dcn32/dcn32_hwseq.c
@@ -49,6 +49,7 @@
#include "dcn20/dcn20_optc.h"
#include "dmub_subvp_state.h"
#include "dce/dmub_hw_lock_mgr.h"
+#include "dcn32_resource.h"
#include "dc_link_dp.h"
#include "dmub/inc/dmub_subvp_state.h"
@@ -198,42 +199,6 @@ static bool dcn32_check_no_memory_request_for_cab(struct dc *dc)
return false;
}
-/* This function takes in the start address and surface size to be cached in CAB
- * and calculates the total number of cache lines required to store the surface.
- * The number of cache lines used for each surface is calculated independently of
- * one another. For example, if there is a primary surface(1), meta surface(2), and
- * cursor(3), this function should be called 3 times to calculate the number of cache
- * lines used for each of those surfaces.
- */
-static uint32_t dcn32_cache_lines_for_surface(struct dc *dc, uint32_t surface_size, uint64_t start_address)
-{
- uint32_t lines_used = 1;
- uint32_t num_cached_bytes = 0;
- uint32_t remaining_size = 0;
- uint32_t cache_line_size = dc->caps.cache_line_size;
- uint32_t remainder = 0;
-
- /* 1. Calculate surface size minus the number of bytes stored
- * in the first cache line (all bytes in first cache line might
- * not be fully used).
- */
- div_u64_rem(start_address, cache_line_size, &remainder);
- num_cached_bytes = cache_line_size - remainder;
- remaining_size = surface_size - num_cached_bytes;
-
- /* 2. Calculate number of cache lines that will be fully used with
- * the remaining number of bytes to be stored.
- */
- lines_used += (remaining_size / cache_line_size);
-
- /* 3. Check if we need an extra line due to the remaining size not being
- * a multiple of CACHE_LINE_SIZE.
- */
- if (remaining_size % cache_line_size > 0)
- lines_used++;
-
- return lines_used;
-}
/* This function loops through every surface that needs to be cached in CAB for SS,
* and calculates the total number of ways required to store all surfaces (primary,
@@ -241,96 +206,116 @@ static uint32_t dcn32_cache_lines_for_surface(struct dc *dc, uint32_t surface_si
*/
static uint32_t dcn32_calculate_cab_allocation(struct dc *dc, struct dc_state *ctx)
{
- uint8_t i, j;
+ uint8_t i;
+ int j;
struct dc_stream_state *stream = NULL;
struct dc_plane_state *plane = NULL;
- uint32_t surface_size = 0;
uint32_t cursor_size = 0;
- uint32_t cache_lines_used = 0;
uint32_t total_lines = 0;
uint32_t lines_per_way = 0;
- uint32_t num_ways = 0;
- uint32_t prev_addr_low = 0;
+ uint8_t num_ways = 0;
+ uint8_t bytes_per_pixel = 0;
+ uint8_t cursor_bpp = 0;
+ uint16_t mblk_width = 0;
+ uint16_t mblk_height = 0;
+ uint16_t mall_alloc_width_blk_aligned = 0;
+ uint16_t mall_alloc_height_blk_aligned = 0;
+ uint16_t num_mblks = 0;
+ uint32_t bytes_in_mall = 0;
+ uint32_t cache_lines_used = 0;
+ uint32_t cache_lines_per_plane = 0;
- for (i = 0; i < ctx->stream_count; i++) {
- stream = ctx->streams[i];
+ for (i = 0; i < dc->res_pool->pipe_count; i++) {
+ struct pipe_ctx *pipe = &dc->current_state->res_ctx.pipe_ctx[i];
- // Don't include PSR surface in the total surface size for CAB allocation
- if (stream->link->psr_settings.psr_version != DC_PSR_VERSION_UNSUPPORTED)
+ if (!pipe->stream || !pipe->plane_state ||
+ pipe->stream->link->psr_settings.psr_version != DC_PSR_VERSION_UNSUPPORTED ||
+ pipe->stream->mall_stream_config.type == SUBVP_PHANTOM)
continue;
- if (ctx->stream_status[i].plane_count == 0)
- continue;
+ bytes_per_pixel = pipe->plane_state->format >= SURFACE_PIXEL_FORMAT_GRPH_ARGB16161616 ? 8 : 4;
+ mblk_width = DCN3_2_MBLK_WIDTH;
+ mblk_height = bytes_per_pixel == 4 ? DCN3_2_MBLK_HEIGHT_4BPE : DCN3_2_MBLK_HEIGHT_8BPE;
- // For each stream, loop through each plane to calculate the number of cache
- // lines required to store the surface in CAB
- for (j = 0; j < ctx->stream_status[i].plane_count; j++) {
- plane = ctx->stream_status[i].plane_states[j];
+ /* full_vp_width_blk_aligned = FLOOR(vp_x_start + full_vp_width + blk_width - 1, blk_width) -
+ * FLOOR(vp_x_start, blk_width)
+ *
+ * mall_alloc_width_blk_aligned_l/c = full_vp_width_blk_aligned_l/c
+ */
+ mall_alloc_width_blk_aligned = ((pipe->plane_res.scl_data.viewport.x +
+ pipe->plane_res.scl_data.viewport.width + mblk_width - 1) / mblk_width * mblk_width) +
+ (pipe->plane_res.scl_data.viewport.x / mblk_width * mblk_width);
+
+ /* full_vp_height_blk_aligned = FLOOR(vp_y_start + full_vp_height + blk_height - 1, blk_height) -
+ * FLOOR(vp_y_start, blk_height)
+ *
+ * mall_alloc_height_blk_aligned_l/c = full_vp_height_blk_aligned_l/c
+ */
+ mall_alloc_height_blk_aligned = ((pipe->plane_res.scl_data.viewport.y +
+ pipe->plane_res.scl_data.viewport.height + mblk_height - 1) / mblk_height * mblk_height) +
+ (pipe->plane_res.scl_data.viewport.y / mblk_height * mblk_height);
- // Calculate total surface size
- if (prev_addr_low != plane->address.grph.addr.u.low_part) {
- /* if plane address are different from prev FB, then userspace allocated separate FBs*/
- surface_size += plane->plane_size.surface_pitch *
- plane->plane_size.surface_size.height *
- (plane->format >= SURFACE_PIXEL_FORMAT_GRPH_ARGB16161616 ? 8 : 4);
+ num_mblks = ((mall_alloc_width_blk_aligned + mblk_width - 1) / mblk_width) *
+ ((mall_alloc_height_blk_aligned + mblk_height - 1) / mblk_height);
- prev_addr_low = plane->address.grph.addr.u.low_part;
- } else {
- /* We have the same fb for all the planes.
- * Xorg always creates one giant fb that holds all surfaces,
- * so allocating it once is sufficient.
- * */
- continue;
- }
- // Convert surface size + starting address to number of cache lines required
- // (alignment accounted for)
- cache_lines_used += dcn32_cache_lines_for_surface(dc, surface_size,
- plane->address.grph.addr.quad_part);
-
- if (plane->address.grph.meta_addr.quad_part) {
- // Meta surface
- cache_lines_used += dcn32_cache_lines_for_surface(dc, surface_size,
- plane->address.grph.meta_addr.quad_part);
- }
- }
+ /* For DCC:
+ * meta_num_mblk = CEILING(full_mblk_width_ub_l*full_mblk_height_ub_l*Bpe/256/mblk_bytes, 1)
+ */
+ if (pipe->plane_state->dcc.enable)
+ num_mblks += (mall_alloc_width_blk_aligned * mall_alloc_width_blk_aligned * bytes_per_pixel +
+ (256 * DCN3_2_MALL_MBLK_SIZE_BYTES) - 1) / (256 * DCN3_2_MALL_MBLK_SIZE_BYTES);
- // Include cursor size for CAB allocation
- for (j = 0; j < dc->res_pool->pipe_count; j++) {
- struct pipe_ctx *pipe = &ctx->res_ctx.pipe_ctx[j];
- struct hubp *hubp = pipe->plane_res.hubp;
+ bytes_in_mall = num_mblks * DCN3_2_MALL_MBLK_SIZE_BYTES;
- if (pipe->stream && pipe->plane_state && hubp)
- /* Find the cursor plane and use the exact size instead of
- * using the max for calculation
- */
- if (hubp->curs_attr.width > 0) {
- // Round cursor width to next multiple of 64
- cursor_size = (((hubp->curs_attr.width + 63) / 64) * 64) * hubp->curs_attr.height;
- break;
- }
- }
+ /* (cache lines used is total bytes / cache_line size. Add +2 for worst case alignment
+ * (MALL is 64-byte aligned)
+ */
+ cache_lines_per_plane = bytes_in_mall / dc->caps.cache_line_size + 2;
+ cache_lines_used += cache_lines_per_plane;
+ }
- switch (stream->cursor_attributes.color_format) {
- case CURSOR_MODE_MONO:
- cursor_size /= 2;
- break;
- case CURSOR_MODE_COLOR_1BIT_AND:
- case CURSOR_MODE_COLOR_PRE_MULTIPLIED_ALPHA:
- case CURSOR_MODE_COLOR_UN_PRE_MULTIPLIED_ALPHA:
- cursor_size *= 4;
- break;
+ // Include cursor size for CAB allocation
+ for (j = 0; j < dc->res_pool->pipe_count; j++) {
+ struct pipe_ctx *pipe = &ctx->res_ctx.pipe_ctx[j];
+ struct hubp *hubp = pipe->plane_res.hubp;
- case CURSOR_MODE_COLOR_64BIT_FP_PRE_MULTIPLIED:
- case CURSOR_MODE_COLOR_64BIT_FP_UN_PRE_MULTIPLIED:
- cursor_size *= 8;
- break;
- }
+ if (pipe->stream && pipe->plane_state && hubp)
+ /* Find the cursor plane and use the exact size instead of
+ using the max for calculation */
- if (stream->cursor_position.enable && !dc->debug.alloc_extra_way_for_cursor &&
- cursor_size > 16384) {
- cache_lines_used += dcn32_cache_lines_for_surface(dc, cursor_size,
- plane->address.grph.cursor_cache_addr.quad_part);
- }
+ if (hubp->curs_attr.width > 0) {
+ // Round cursor width to next multiple of 64
+ cursor_size = (((hubp->curs_attr.width + 63) / 64) * 64) * hubp->curs_attr.height;
+
+ switch (pipe->stream->cursor_attributes.color_format) {
+ case CURSOR_MODE_MONO:
+ cursor_size /= 2;
+ cursor_bpp = 4;
+ break;
+ case CURSOR_MODE_COLOR_1BIT_AND:
+ case CURSOR_MODE_COLOR_PRE_MULTIPLIED_ALPHA:
+ case CURSOR_MODE_COLOR_UN_PRE_MULTIPLIED_ALPHA:
+ cursor_size *= 4;
+ cursor_bpp = 4;
+ break;
+
+ case CURSOR_MODE_COLOR_64BIT_FP_PRE_MULTIPLIED:
+ case CURSOR_MODE_COLOR_64BIT_FP_UN_PRE_MULTIPLIED:
+ cursor_size *= 8;
+ cursor_bpp = 8;
+ break;
+ }
+
+ if (pipe->stream->cursor_position.enable && !dc->debug.alloc_extra_way_for_cursor &&
+ cursor_size > 16384) {
+ /* cursor_num_mblk = CEILING(num_cursors*cursor_width*cursor_width*cursor_Bpe/mblk_bytes, 1)
+ */
+ cache_lines_used += (((hubp->curs_attr.width * hubp->curs_attr.height * cursor_bpp +
+ DCN3_2_MALL_MBLK_SIZE_BYTES - 1) / DCN3_2_MALL_MBLK_SIZE_BYTES) *
+ DCN3_2_MALL_MBLK_SIZE_BYTES) / dc->caps.cache_line_size + 2;
+ }
+ break;
+ }
}
// Convert number of cache lines required to number of ways
@@ -360,7 +345,9 @@ static uint32_t dcn32_calculate_cab_allocation(struct dc *dc, struct dc_state *c
}
}
}
-
+ if (dc->debug.force_mall_ss_num_ways > 0) {
+ num_ways = dc->debug.force_mall_ss_num_ways;
+ }
return num_ways;
}
--
2.35.1
^ permalink raw reply related [flat|nested] 305+ messages in thread
* [PATCH 6.0 191/289] drm/amd/display: Fix calculation for cursor CAB allocation
2022-11-30 18:19 [PATCH 6.0 000/289] 6.0.11-rc1 review Greg Kroah-Hartman
` (189 preceding siblings ...)
2022-11-30 18:22 ` [PATCH 6.0 190/289] drm/amd/display: Update MALL SS NumWays calculation Greg Kroah-Hartman
@ 2022-11-30 18:22 ` Greg Kroah-Hartman
2022-11-30 18:22 ` [PATCH 6.0 192/289] usb: dwc3: gadget: conditionally remove requests Greg Kroah-Hartman
` (107 subsequent siblings)
298 siblings, 0 replies; 305+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-30 18:22 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Alvin Lee, Tom Chung, George Shen,
Daniel Wheeler, Alex Deucher, Sasha Levin
From: George Shen <george.shen@amd.com>
[ Upstream commit 4d285241230676ba8b888701b89684b4e0360fcc ]
[Why]
The cursor size (in memory) is currently incorrectly calculated,
resulting not enough CAB being allocated for static screen cursor
in MALL refresh. This results in cursor image corruption.
[How]
Use cursor pitch instead of cursor width when calculating cursor size.
Update num cache lines calculation to use the result of the cursor size
calculation instead of manually recalculating again.
Reviewed-by: Alvin Lee <Alvin.Lee2@amd.com>
Acked-by: Tom Chung <chiahsuan.chung@amd.com>
Signed-off-by: George Shen <george.shen@amd.com>
Tested-by: Daniel Wheeler <daniel.wheeler@amd.com>
Signed-off-by: Alex Deucher <alexander.deucher@amd.com>
Cc: stable@vger.kernel.org # 6.0.x
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/gpu/drm/amd/display/dc/dcn32/dcn32_hwseq.c | 14 +++++---------
1 file changed, 5 insertions(+), 9 deletions(-)
diff --git a/drivers/gpu/drm/amd/display/dc/dcn32/dcn32_hwseq.c b/drivers/gpu/drm/amd/display/dc/dcn32/dcn32_hwseq.c
index 84a20ce9bd36..bbc0bfbec6c4 100644
--- a/drivers/gpu/drm/amd/display/dc/dcn32/dcn32_hwseq.c
+++ b/drivers/gpu/drm/amd/display/dc/dcn32/dcn32_hwseq.c
@@ -284,8 +284,7 @@ static uint32_t dcn32_calculate_cab_allocation(struct dc *dc, struct dc_state *c
using the max for calculation */
if (hubp->curs_attr.width > 0) {
- // Round cursor width to next multiple of 64
- cursor_size = (((hubp->curs_attr.width + 63) / 64) * 64) * hubp->curs_attr.height;
+ cursor_size = hubp->curs_attr.pitch * hubp->curs_attr.height;
switch (pipe->stream->cursor_attributes.color_format) {
case CURSOR_MODE_MONO:
@@ -310,9 +309,9 @@ static uint32_t dcn32_calculate_cab_allocation(struct dc *dc, struct dc_state *c
cursor_size > 16384) {
/* cursor_num_mblk = CEILING(num_cursors*cursor_width*cursor_width*cursor_Bpe/mblk_bytes, 1)
*/
- cache_lines_used += (((hubp->curs_attr.width * hubp->curs_attr.height * cursor_bpp +
- DCN3_2_MALL_MBLK_SIZE_BYTES - 1) / DCN3_2_MALL_MBLK_SIZE_BYTES) *
- DCN3_2_MALL_MBLK_SIZE_BYTES) / dc->caps.cache_line_size + 2;
+ cache_lines_used += (((cursor_size + DCN3_2_MALL_MBLK_SIZE_BYTES - 1) /
+ DCN3_2_MALL_MBLK_SIZE_BYTES) * DCN3_2_MALL_MBLK_SIZE_BYTES) /
+ dc->caps.cache_line_size + 2;
}
break;
}
@@ -730,10 +729,7 @@ void dcn32_update_mall_sel(struct dc *dc, struct dc_state *context)
struct hubp *hubp = pipe->plane_res.hubp;
if (pipe->stream && pipe->plane_state && hubp && hubp->funcs->hubp_update_mall_sel) {
- //Round cursor width up to next multiple of 64
- int cursor_width = ((hubp->curs_attr.width + 63) / 64) * 64;
- int cursor_height = hubp->curs_attr.height;
- int cursor_size = cursor_width * cursor_height;
+ int cursor_size = hubp->curs_attr.pitch * hubp->curs_attr.height;
switch (hubp->curs_attr.color_format) {
case CURSOR_MODE_MONO:
--
2.35.1
^ permalink raw reply related [flat|nested] 305+ messages in thread
* [PATCH 6.0 192/289] usb: dwc3: gadget: conditionally remove requests
2022-11-30 18:19 [PATCH 6.0 000/289] 6.0.11-rc1 review Greg Kroah-Hartman
` (190 preceding siblings ...)
2022-11-30 18:22 ` [PATCH 6.0 191/289] drm/amd/display: Fix calculation for cursor CAB allocation Greg Kroah-Hartman
@ 2022-11-30 18:22 ` Greg Kroah-Hartman
2022-11-30 18:22 ` [PATCH 6.0 193/289] usb: dwc3: gadget: Return -ESHUTDOWN on ep disable Greg Kroah-Hartman
` (106 subsequent siblings)
298 siblings, 0 replies; 305+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-30 18:22 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Michael Grzeschik, Sasha Levin
From: Michael Grzeschik <m.grzeschik@pengutronix.de>
[ Upstream commit b44c0e7fef51ee7e8ca8c6efbf706f5613787100 ]
The functions stop_active_transfers and ep_disable are both calling
remove_requests. This functions in both cases will giveback the requests
with status ESHUTDOWN, which also represents an physical disconnection.
For ep_disable this is not true. This patch adds the status parameter to
remove_requests and sets the status to ECONNRESET on ep_disable.
Signed-off-by: Michael Grzeschik <m.grzeschik@pengutronix.de>
Link: https://lore.kernel.org/r/20220720213523.1055897-1-m.grzeschik@pengutronix.de
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Stable-dep-of: f90f5afd5083 ("usb: dwc3: gadget: Clear ep descriptor last")
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/usb/dwc3/gadget.c | 12 ++++++------
1 file changed, 6 insertions(+), 6 deletions(-)
diff --git a/drivers/usb/dwc3/gadget.c b/drivers/usb/dwc3/gadget.c
index 0ed9826a4c47..ffff6f41d2ac 100644
--- a/drivers/usb/dwc3/gadget.c
+++ b/drivers/usb/dwc3/gadget.c
@@ -965,7 +965,7 @@ static int __dwc3_gadget_ep_enable(struct dwc3_ep *dep, unsigned int action)
return 0;
}
-static void dwc3_remove_requests(struct dwc3 *dwc, struct dwc3_ep *dep)
+static void dwc3_remove_requests(struct dwc3 *dwc, struct dwc3_ep *dep, int status)
{
struct dwc3_request *req;
@@ -975,19 +975,19 @@ static void dwc3_remove_requests(struct dwc3 *dwc, struct dwc3_ep *dep)
while (!list_empty(&dep->started_list)) {
req = next_request(&dep->started_list);
- dwc3_gadget_giveback(dep, req, -ESHUTDOWN);
+ dwc3_gadget_giveback(dep, req, status);
}
while (!list_empty(&dep->pending_list)) {
req = next_request(&dep->pending_list);
- dwc3_gadget_giveback(dep, req, -ESHUTDOWN);
+ dwc3_gadget_giveback(dep, req, status);
}
while (!list_empty(&dep->cancelled_list)) {
req = next_request(&dep->cancelled_list);
- dwc3_gadget_giveback(dep, req, -ESHUTDOWN);
+ dwc3_gadget_giveback(dep, req, status);
}
}
@@ -1022,7 +1022,7 @@ static int __dwc3_gadget_ep_disable(struct dwc3_ep *dep)
dep->endpoint.desc = NULL;
}
- dwc3_remove_requests(dwc, dep);
+ dwc3_remove_requests(dwc, dep, -ECONNRESET);
dep->stream_capable = false;
dep->type = 0;
@@ -2350,7 +2350,7 @@ static void dwc3_stop_active_transfers(struct dwc3 *dwc)
if (!dep)
continue;
- dwc3_remove_requests(dwc, dep);
+ dwc3_remove_requests(dwc, dep, -ESHUTDOWN);
}
}
--
2.35.1
^ permalink raw reply related [flat|nested] 305+ messages in thread
* [PATCH 6.0 193/289] usb: dwc3: gadget: Return -ESHUTDOWN on ep disable
2022-11-30 18:19 [PATCH 6.0 000/289] 6.0.11-rc1 review Greg Kroah-Hartman
` (191 preceding siblings ...)
2022-11-30 18:22 ` [PATCH 6.0 192/289] usb: dwc3: gadget: conditionally remove requests Greg Kroah-Hartman
@ 2022-11-30 18:22 ` Greg Kroah-Hartman
2022-11-30 18:22 ` [PATCH 6.0 194/289] usb: dwc3: gadget: Clear ep descriptor last Greg Kroah-Hartman
` (105 subsequent siblings)
298 siblings, 0 replies; 305+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-30 18:22 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Thinh Nguyen, Sasha Levin
From: Thinh Nguyen <Thinh.Nguyen@synopsys.com>
[ Upstream commit ffb9da4a04c69567bad717707b6fdfbc4c216ef4 ]
The usb_request API clearly noted that removed requests due to disabled
endpoint should have -ESHUTDOWN status returned. Don't change this
behavior.
Fixes: b44c0e7fef51 ("usb: dwc3: gadget: conditionally remove requests")
Signed-off-by: Thinh Nguyen <Thinh.Nguyen@synopsys.com>
Link: https://lore.kernel.org/r/3421859485cb32d77e2068549679a6c07a7797bc.1667875427.git.Thinh.Nguyen@synopsys.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Stable-dep-of: f90f5afd5083 ("usb: dwc3: gadget: Clear ep descriptor last")
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/usb/dwc3/gadget.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/usb/dwc3/gadget.c b/drivers/usb/dwc3/gadget.c
index ffff6f41d2ac..448c8e6bc99d 100644
--- a/drivers/usb/dwc3/gadget.c
+++ b/drivers/usb/dwc3/gadget.c
@@ -1022,7 +1022,7 @@ static int __dwc3_gadget_ep_disable(struct dwc3_ep *dep)
dep->endpoint.desc = NULL;
}
- dwc3_remove_requests(dwc, dep, -ECONNRESET);
+ dwc3_remove_requests(dwc, dep, -ESHUTDOWN);
dep->stream_capable = false;
dep->type = 0;
--
2.35.1
^ permalink raw reply related [flat|nested] 305+ messages in thread
* [PATCH 6.0 194/289] usb: dwc3: gadget: Clear ep descriptor last
2022-11-30 18:19 [PATCH 6.0 000/289] 6.0.11-rc1 review Greg Kroah-Hartman
` (192 preceding siblings ...)
2022-11-30 18:22 ` [PATCH 6.0 193/289] usb: dwc3: gadget: Return -ESHUTDOWN on ep disable Greg Kroah-Hartman
@ 2022-11-30 18:22 ` Greg Kroah-Hartman
2022-11-30 18:23 ` [PATCH 6.0 195/289] io_uring: cmpxchg for poll arm refs release Greg Kroah-Hartman
` (104 subsequent siblings)
298 siblings, 0 replies; 305+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-30 18:22 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Thinh Nguyen, Sasha Levin
From: Thinh Nguyen <Thinh.Nguyen@synopsys.com>
[ Upstream commit f90f5afd5083a7cb4aee13bd4cc0ae600bd381ca ]
Until the endpoint is disabled, its descriptors should remain valid.
When its requests are removed from ep disable, the request completion
routine may attempt to access the endpoint's descriptor. Don't clear the
descriptors before that.
Fixes: f09ddcfcb8c5 ("usb: dwc3: gadget: Prevent EP queuing while stopping transfers")
Cc: stable@vger.kernel.org
Signed-off-by: Thinh Nguyen <Thinh.Nguyen@synopsys.com>
Link: https://lore.kernel.org/r/45db7c83b209259115bf652af210f8b2b3b1a383.1668561364.git.Thinh.Nguyen@synopsys.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/usb/dwc3/gadget.c | 12 ++++++------
1 file changed, 6 insertions(+), 6 deletions(-)
diff --git a/drivers/usb/dwc3/gadget.c b/drivers/usb/dwc3/gadget.c
index 448c8e6bc99d..6f61a288073b 100644
--- a/drivers/usb/dwc3/gadget.c
+++ b/drivers/usb/dwc3/gadget.c
@@ -1016,18 +1016,18 @@ static int __dwc3_gadget_ep_disable(struct dwc3_ep *dep)
reg &= ~DWC3_DALEPENA_EP(dep->number);
dwc3_writel(dwc->regs, DWC3_DALEPENA, reg);
- /* Clear out the ep descriptors for non-ep0 */
- if (dep->number > 1) {
- dep->endpoint.comp_desc = NULL;
- dep->endpoint.desc = NULL;
- }
-
dwc3_remove_requests(dwc, dep, -ESHUTDOWN);
dep->stream_capable = false;
dep->type = 0;
dep->flags &= DWC3_EP_TXFIFO_RESIZED;
+ /* Clear out the ep descriptors for non-ep0 */
+ if (dep->number > 1) {
+ dep->endpoint.comp_desc = NULL;
+ dep->endpoint.desc = NULL;
+ }
+
return 0;
}
--
2.35.1
^ permalink raw reply related [flat|nested] 305+ messages in thread
* [PATCH 6.0 195/289] io_uring: cmpxchg for poll arm refs release
2022-11-30 18:19 [PATCH 6.0 000/289] 6.0.11-rc1 review Greg Kroah-Hartman
` (193 preceding siblings ...)
2022-11-30 18:22 ` [PATCH 6.0 194/289] usb: dwc3: gadget: Clear ep descriptor last Greg Kroah-Hartman
@ 2022-11-30 18:23 ` Greg Kroah-Hartman
2022-11-30 18:23 ` [PATCH 6.0 196/289] io_uring: make poll refs more robust Greg Kroah-Hartman
` (103 subsequent siblings)
298 siblings, 0 replies; 305+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-30 18:23 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Pavel Begunkov, Jens Axboe
From: Pavel Begunkov <asml.silence@gmail.com>
commit 2f3893437a4ebf2e892ca172e9e122841319d675 upstream.
Replace atomically substracting the ownership reference at the end of
arming a poll with a cmpxchg. We try to release ownership by setting 0
assuming that poll_refs didn't change while we were arming. If it did
change, we keep the ownership and use it to queue a tw, which is fully
capable to process all events and (even tolerates spurious wake ups).
It's a bit more elegant as we reduce races b/w setting the cancellation
flag and getting refs with this release, and with that we don't have to
worry about any kinds of underflows. It's not the fastest path for
polling. The performance difference b/w cmpxchg and atomic dec is
usually negligible and it's not the fastest path.
Cc: stable@vger.kernel.org
Fixes: aa43477b04025 ("io_uring: poll rework")
Signed-off-by: Pavel Begunkov <asml.silence@gmail.com>
Link: https://lore.kernel.org/r/0c95251624397ea6def568ff040cad2d7926fd51.1668963050.git.asml.silence@gmail.com
Signed-off-by: Jens Axboe <axboe@kernel.dk>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
io_uring/poll.c | 8 +++-----
1 file changed, 3 insertions(+), 5 deletions(-)
--- a/io_uring/poll.c
+++ b/io_uring/poll.c
@@ -519,7 +519,6 @@ static int __io_arm_poll_handler(struct
unsigned issue_flags)
{
struct io_ring_ctx *ctx = req->ctx;
- int v;
INIT_HLIST_NODE(&req->hash_node);
req->work.cancel_seq = atomic_read(&ctx->cancel_seq);
@@ -587,11 +586,10 @@ static int __io_arm_poll_handler(struct
if (ipt->owning) {
/*
- * Release ownership. If someone tried to queue a tw while it was
- * locked, kick it off for them.
+ * Try to release ownership. If we see a change of state, e.g.
+ * poll was waken up, queue up a tw, it'll deal with it.
*/
- v = atomic_dec_return(&req->poll_refs);
- if (unlikely(v & IO_POLL_REF_MASK))
+ if (atomic_cmpxchg(&req->poll_refs, 1, 0) != 1)
__io_poll_execute(req, 0);
}
return 0;
^ permalink raw reply [flat|nested] 305+ messages in thread
* [PATCH 6.0 196/289] io_uring: make poll refs more robust
2022-11-30 18:19 [PATCH 6.0 000/289] 6.0.11-rc1 review Greg Kroah-Hartman
` (194 preceding siblings ...)
2022-11-30 18:23 ` [PATCH 6.0 195/289] io_uring: cmpxchg for poll arm refs release Greg Kroah-Hartman
@ 2022-11-30 18:23 ` Greg Kroah-Hartman
2022-11-30 18:23 ` [PATCH 6.0 197/289] io_uring: clear TIF_NOTIFY_SIGNAL if set and task_work not available Greg Kroah-Hartman
` (102 subsequent siblings)
298 siblings, 0 replies; 305+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-30 18:23 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Lin Ma, Pavel Begunkov, Jens Axboe
From: Pavel Begunkov <asml.silence@gmail.com>
commit a26a35e9019fd70bf3cf647dcfdae87abc7bacea upstream.
poll_refs carry two functions, the first is ownership over the request.
The second is notifying the io_poll_check_events() that there was an
event but wake up couldn't grab the ownership, so io_poll_check_events()
should retry.
We want to make poll_refs more robust against overflows. Instead of
always incrementing it, which covers two purposes with one atomic, check
if poll_refs is elevated enough and if so set a retry flag without
attempts to grab ownership. The gap between the bias check and following
atomics may seem racy, but we don't need it to be strict. Moreover there
might only be maximum 4 parallel updates: by the first and the second
poll entries, __io_arm_poll_handler() and cancellation. From those four,
only poll wake ups may be executed multiple times, but they're protected
by a spin.
Cc: stable@vger.kernel.org
Reported-by: Lin Ma <linma@zju.edu.cn>
Fixes: aa43477b04025 ("io_uring: poll rework")
Signed-off-by: Pavel Begunkov <asml.silence@gmail.com>
Link: https://lore.kernel.org/r/c762bc31f8683b3270f3587691348a7119ef9c9d.1668963050.git.asml.silence@gmail.com
Signed-off-by: Jens Axboe <axboe@kernel.dk>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
io_uring/poll.c | 36 +++++++++++++++++++++++++++++++++++-
1 file changed, 35 insertions(+), 1 deletion(-)
--- a/io_uring/poll.c
+++ b/io_uring/poll.c
@@ -40,7 +40,14 @@ struct io_poll_table {
};
#define IO_POLL_CANCEL_FLAG BIT(31)
-#define IO_POLL_REF_MASK GENMASK(30, 0)
+#define IO_POLL_RETRY_FLAG BIT(30)
+#define IO_POLL_REF_MASK GENMASK(29, 0)
+
+/*
+ * We usually have 1-2 refs taken, 128 is more than enough and we want to
+ * maximise the margin between this amount and the moment when it overflows.
+ */
+#define IO_POLL_REF_BIAS 128
#define IO_WQE_F_DOUBLE 1
@@ -58,6 +65,21 @@ static inline bool wqe_is_double(struct
return priv & IO_WQE_F_DOUBLE;
}
+static bool io_poll_get_ownership_slowpath(struct io_kiocb *req)
+{
+ int v;
+
+ /*
+ * poll_refs are already elevated and we don't have much hope for
+ * grabbing the ownership. Instead of incrementing set a retry flag
+ * to notify the loop that there might have been some change.
+ */
+ v = atomic_fetch_or(IO_POLL_RETRY_FLAG, &req->poll_refs);
+ if (v & IO_POLL_REF_MASK)
+ return false;
+ return !(atomic_fetch_inc(&req->poll_refs) & IO_POLL_REF_MASK);
+}
+
/*
* If refs part of ->poll_refs (see IO_POLL_REF_MASK) is 0, it's free. We can
* bump it and acquire ownership. It's disallowed to modify requests while not
@@ -66,6 +88,8 @@ static inline bool wqe_is_double(struct
*/
static inline bool io_poll_get_ownership(struct io_kiocb *req)
{
+ if (unlikely(atomic_read(&req->poll_refs) >= IO_POLL_REF_BIAS))
+ return io_poll_get_ownership_slowpath(req);
return !(atomic_fetch_inc(&req->poll_refs) & IO_POLL_REF_MASK);
}
@@ -235,6 +259,16 @@ static int io_poll_check_events(struct i
*/
if ((v & IO_POLL_REF_MASK) != 1)
req->cqe.res = 0;
+ if (v & IO_POLL_RETRY_FLAG) {
+ req->cqe.res = 0;
+ /*
+ * We won't find new events that came in between
+ * vfs_poll and the ref put unless we clear the flag
+ * in advance.
+ */
+ atomic_andnot(IO_POLL_RETRY_FLAG, &req->poll_refs);
+ v &= ~IO_POLL_RETRY_FLAG;
+ }
/* the mask was stashed in __io_poll_execute */
if (!req->cqe.res) {
^ permalink raw reply [flat|nested] 305+ messages in thread
* [PATCH 6.0 197/289] io_uring: clear TIF_NOTIFY_SIGNAL if set and task_work not available
2022-11-30 18:19 [PATCH 6.0 000/289] 6.0.11-rc1 review Greg Kroah-Hartman
` (195 preceding siblings ...)
2022-11-30 18:23 ` [PATCH 6.0 196/289] io_uring: make poll refs more robust Greg Kroah-Hartman
@ 2022-11-30 18:23 ` Greg Kroah-Hartman
2022-11-30 18:23 ` [PATCH 6.0 198/289] nilfs2: fix nilfs_sufile_mark_dirty() not set segment usage as dirty Greg Kroah-Hartman
` (101 subsequent siblings)
298 siblings, 0 replies; 305+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-30 18:23 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Jens Axboe
From: Jens Axboe <axboe@kernel.dk>
commit 7cfe7a09489c1cefee7181e07b5f2bcbaebd9f41 upstream.
With how task_work is added and signaled, we can have TIF_NOTIFY_SIGNAL
set and no task_work pending as it got run in a previous loop. Treat
TIF_NOTIFY_SIGNAL like get_signal(), always clear it if set regardless
of whether or not task_work is pending to run.
Cc: stable@vger.kernel.org
Fixes: 46a525e199e4 ("io_uring: don't gate task_work run on TIF_NOTIFY_SIGNAL")
Signed-off-by: Jens Axboe <axboe@kernel.dk>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
io_uring/io_uring.h | 9 +++++++--
1 file changed, 7 insertions(+), 2 deletions(-)
--- a/io_uring/io_uring.h
+++ b/io_uring/io_uring.h
@@ -229,9 +229,14 @@ static inline unsigned int io_sqring_ent
static inline bool io_run_task_work(void)
{
+ /*
+ * Always check-and-clear the task_work notification signal. With how
+ * signaling works for task_work, we can find it set with nothing to
+ * run. We need to clear it for that case, like get_signal() does.
+ */
+ if (test_thread_flag(TIF_NOTIFY_SIGNAL))
+ clear_notify_signal();
if (task_work_pending(current)) {
- if (test_thread_flag(TIF_NOTIFY_SIGNAL))
- clear_notify_signal();
__set_current_state(TASK_RUNNING);
task_work_run();
return 1;
^ permalink raw reply [flat|nested] 305+ messages in thread
* [PATCH 6.0 198/289] nilfs2: fix nilfs_sufile_mark_dirty() not set segment usage as dirty
2022-11-30 18:19 [PATCH 6.0 000/289] 6.0.11-rc1 review Greg Kroah-Hartman
` (196 preceding siblings ...)
2022-11-30 18:23 ` [PATCH 6.0 197/289] io_uring: clear TIF_NOTIFY_SIGNAL if set and task_work not available Greg Kroah-Hartman
@ 2022-11-30 18:23 ` Greg Kroah-Hartman
2022-11-30 18:23 ` [PATCH 6.0 199/289] gcov: clang: fix the buffer overflow issue Greg Kroah-Hartman
` (100 subsequent siblings)
298 siblings, 0 replies; 305+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-30 18:23 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Chen Zhongjin, syzbot+77e4f0...,
Liu Shixin, Ryusuke Konishi, Andrew Morton
From: Chen Zhongjin <chenzhongjin@huawei.com>
commit 512c5ca01a3610ab14ff6309db363de51f1c13a6 upstream.
When extending segments, nilfs_sufile_alloc() is called to get an
unassigned segment, then mark it as dirty to avoid accidentally allocating
the same segment in the future.
But for some special cases such as a corrupted image it can be unreliable.
If such corruption of the dirty state of the segment occurs, nilfs2 may
reallocate a segment that is in use and pick the same segment for writing
twice at the same time.
This will cause the problem reported by syzkaller:
https://syzkaller.appspot.com/bug?id=c7c4748e11ffcc367cef04f76e02e931833cbd24
This case started with segbuf1.segnum = 3, nextnum = 4 when constructed.
It supposed segment 4 has already been allocated and marked as dirty.
However the dirty state was corrupted and segment 4 usage was not dirty.
For the first time nilfs_segctor_extend_segments() segment 4 was allocated
again, which made segbuf2 and next segbuf3 had same segment 4.
sb_getblk() will get same bh for segbuf2 and segbuf3, and this bh is added
to both buffer lists of two segbuf. It makes the lists broken which
causes NULL pointer dereference.
Fix the problem by setting usage as dirty every time in
nilfs_sufile_mark_dirty(), which is called during constructing current
segment to be written out and before allocating next segment.
[chenzhongjin@huawei.com: add lock protection per Ryusuke]
Link: https://lkml.kernel.org/r/20221121091141.214703-1-chenzhongjin@huawei.com
Link: https://lkml.kernel.org/r/20221118063304.140187-1-chenzhongjin@huawei.com
Fixes: 9ff05123e3bf ("nilfs2: segment constructor")
Signed-off-by: Chen Zhongjin <chenzhongjin@huawei.com>
Reported-by: <syzbot+77e4f0...@syzkaller.appspotmail.com>
Reported-by: Liu Shixin <liushixin2@huawei.com>
Acked-by: Ryusuke Konishi <konishi.ryusuke@gmail.com>
Tested-by: Ryusuke Konishi <konishi.ryusuke@gmail.com>
Cc: <stable@vger.kernel.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/nilfs2/sufile.c | 8 ++++++++
1 file changed, 8 insertions(+)
--- a/fs/nilfs2/sufile.c
+++ b/fs/nilfs2/sufile.c
@@ -495,14 +495,22 @@ void nilfs_sufile_do_free(struct inode *
int nilfs_sufile_mark_dirty(struct inode *sufile, __u64 segnum)
{
struct buffer_head *bh;
+ void *kaddr;
+ struct nilfs_segment_usage *su;
int ret;
+ down_write(&NILFS_MDT(sufile)->mi_sem);
ret = nilfs_sufile_get_segment_usage_block(sufile, segnum, 0, &bh);
if (!ret) {
mark_buffer_dirty(bh);
nilfs_mdt_mark_dirty(sufile);
+ kaddr = kmap_atomic(bh->b_page);
+ su = nilfs_sufile_block_get_segment_usage(sufile, segnum, bh, kaddr);
+ nilfs_segment_usage_set_dirty(su);
+ kunmap_atomic(kaddr);
brelse(bh);
}
+ up_write(&NILFS_MDT(sufile)->mi_sem);
return ret;
}
^ permalink raw reply [flat|nested] 305+ messages in thread
* [PATCH 6.0 199/289] gcov: clang: fix the buffer overflow issue
2022-11-30 18:19 [PATCH 6.0 000/289] 6.0.11-rc1 review Greg Kroah-Hartman
` (197 preceding siblings ...)
2022-11-30 18:23 ` [PATCH 6.0 198/289] nilfs2: fix nilfs_sufile_mark_dirty() not set segment usage as dirty Greg Kroah-Hartman
@ 2022-11-30 18:23 ` Greg Kroah-Hartman
2022-11-30 18:23 ` [PATCH 6.0 200/289] mm/cgroup/reclaim: fix dirty pages throttling on cgroup v1 Greg Kroah-Hartman
` (99 subsequent siblings)
298 siblings, 0 replies; 305+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-30 18:23 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Mukesh Ojha, Peter Oberparleiter,
Nathan Chancellor, Nick Desaulniers, Tom Rix, Andrew Morton
From: Mukesh Ojha <quic_mojha@quicinc.com>
commit a6f810efabfd789d3bbafeacb4502958ec56c5ce upstream.
Currently, in clang version of gcov code when module is getting removed
gcov_info_add() incorrectly adds the sfn_ptr->counter to all the
dst->functions and it result in the kernel panic in below crash report.
Fix this by properly handling it.
[ 8.899094][ T599] Unable to handle kernel write to read-only memory at virtual address ffffff80461cc000
[ 8.899100][ T599] Mem abort info:
[ 8.899102][ T599] ESR = 0x9600004f
[ 8.899103][ T599] EC = 0x25: DABT (current EL), IL = 32 bits
[ 8.899105][ T599] SET = 0, FnV = 0
[ 8.899107][ T599] EA = 0, S1PTW = 0
[ 8.899108][ T599] FSC = 0x0f: level 3 permission fault
[ 8.899110][ T599] Data abort info:
[ 8.899111][ T599] ISV = 0, ISS = 0x0000004f
[ 8.899113][ T599] CM = 0, WnR = 1
[ 8.899114][ T599] swapper pgtable: 4k pages, 39-bit VAs, pgdp=00000000ab8de000
[ 8.899116][ T599] [ffffff80461cc000] pgd=18000009ffcde003, p4d=18000009ffcde003, pud=18000009ffcde003, pmd=18000009ffcad003, pte=00600000c61cc787
[ 8.899124][ T599] Internal error: Oops: 9600004f [#1] PREEMPT SMP
[ 8.899265][ T599] Skip md ftrace buffer dump for: 0x1609e0
....
..,
[ 8.899544][ T599] CPU: 7 PID: 599 Comm: modprobe Tainted: G S OE 5.15.41-android13-8-g38e9b1af6bce #1
[ 8.899547][ T599] Hardware name: XXX (DT)
[ 8.899549][ T599] pstate: 82400005 (Nzcv daif +PAN -UAO +TCO -DIT -SSBS BTYPE=--)
[ 8.899551][ T599] pc : gcov_info_add+0x9c/0xb8
[ 8.899557][ T599] lr : gcov_event+0x28c/0x6b8
[ 8.899559][ T599] sp : ffffffc00e733b00
[ 8.899560][ T599] x29: ffffffc00e733b00 x28: ffffffc00e733d30 x27: ffffffe8dc297470
[ 8.899563][ T599] x26: ffffffe8dc297000 x25: ffffffe8dc297000 x24: ffffffe8dc297000
[ 8.899566][ T599] x23: ffffffe8dc0a6200 x22: ffffff880f68bf20 x21: 0000000000000000
[ 8.899569][ T599] x20: ffffff880f68bf00 x19: ffffff8801babc00 x18: ffffffc00d7f9058
[ 8.899572][ T599] x17: 0000000000088793 x16: ffffff80461cbe00 x15: 9100052952800785
[ 8.899575][ T599] x14: 0000000000000200 x13: 0000000000000041 x12: 9100052952800785
[ 8.899577][ T599] x11: ffffffe8dc297000 x10: ffffffe8dc297000 x9 : ffffff80461cbc80
[ 8.899580][ T599] x8 : ffffff8801babe80 x7 : ffffffe8dc2ec000 x6 : ffffffe8dc2ed000
[ 8.899583][ T599] x5 : 000000008020001f x4 : fffffffe2006eae0 x3 : 000000008020001f
[ 8.899586][ T599] x2 : ffffff8027c49200 x1 : ffffff8801babc20 x0 : ffffff80461cb3a0
[ 8.899589][ T599] Call trace:
[ 8.899590][ T599] gcov_info_add+0x9c/0xb8
[ 8.899592][ T599] gcov_module_notifier+0xbc/0x120
[ 8.899595][ T599] blocking_notifier_call_chain+0xa0/0x11c
[ 8.899598][ T599] do_init_module+0x2a8/0x33c
[ 8.899600][ T599] load_module+0x23cc/0x261c
[ 8.899602][ T599] __arm64_sys_finit_module+0x158/0x194
[ 8.899604][ T599] invoke_syscall+0x94/0x2bc
[ 8.899607][ T599] el0_svc_common+0x1d8/0x34c
[ 8.899609][ T599] do_el0_svc+0x40/0x54
[ 8.899611][ T599] el0_svc+0x94/0x2f0
[ 8.899613][ T599] el0t_64_sync_handler+0x88/0xec
[ 8.899615][ T599] el0t_64_sync+0x1b4/0x1b8
[ 8.899618][ T599] Code: f905f56c f86e69ec f86e6a0f 8b0c01ec (f82e6a0c)
[ 8.899620][ T599] ---[ end trace ed5218e9e5b6e2e6 ]---
Link: https://lkml.kernel.org/r/1668020497-13142-1-git-send-email-quic_mojha@quicinc.com
Fixes: e178a5beb369 ("gcov: clang support")
Signed-off-by: Mukesh Ojha <quic_mojha@quicinc.com>
Reviewed-by: Peter Oberparleiter <oberpar@linux.ibm.com>
Tested-by: Peter Oberparleiter <oberpar@linux.ibm.com>
Cc: Nathan Chancellor <nathan@kernel.org>
Cc: Nick Desaulniers <ndesaulniers@google.com>
Cc: Tom Rix <trix@redhat.com>
Cc: <stable@vger.kernel.org> [5.2+]
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
kernel/gcov/clang.c | 2 ++
1 file changed, 2 insertions(+)
--- a/kernel/gcov/clang.c
+++ b/kernel/gcov/clang.c
@@ -280,6 +280,8 @@ void gcov_info_add(struct gcov_info *dst
for (i = 0; i < sfn_ptr->num_counters; i++)
dfn_ptr->counters[i] += sfn_ptr->counters[i];
+
+ sfn_ptr = list_next_entry(sfn_ptr, head);
}
}
^ permalink raw reply [flat|nested] 305+ messages in thread
* [PATCH 6.0 200/289] mm/cgroup/reclaim: fix dirty pages throttling on cgroup v1
2022-11-30 18:19 [PATCH 6.0 000/289] 6.0.11-rc1 review Greg Kroah-Hartman
` (198 preceding siblings ...)
2022-11-30 18:23 ` [PATCH 6.0 199/289] gcov: clang: fix the buffer overflow issue Greg Kroah-Hartman
@ 2022-11-30 18:23 ` Greg Kroah-Hartman
2022-11-30 18:23 ` [PATCH 6.0 201/289] mm: vmscan: fix extreme overreclaim and swap floods Greg Kroah-Hartman
` (98 subsequent siblings)
298 siblings, 0 replies; 305+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-30 18:23 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Aneesh Kumar K.V, Johannes Weiner,
Tejun Heo, zefan li, Andrew Morton
From: Aneesh Kumar K.V <aneesh.kumar@linux.ibm.com>
commit 81a70c21d9170de67a45843bdd627f4cce9c4215 upstream.
balance_dirty_pages doesn't do the required dirty throttling on cgroupv1.
See commit 9badce000e2c ("cgroup, writeback: don't enable cgroup writeback
on traditional hierarchies"). Instead, the kernel depends on writeback
throttling in shrink_folio_list to achieve the same goal. With large
memory systems, the flusher may not be able to writeback quickly enough
such that we will start finding pages in the shrink_folio_list already in
writeback. Hence for cgroupv1 let's do a reclaim throttle after waking up
the flusher.
The below test which used to fail on a 256GB system completes till the the
file system is full with this change.
root@lp2:/sys/fs/cgroup/memory# mkdir test
root@lp2:/sys/fs/cgroup/memory# cd test/
root@lp2:/sys/fs/cgroup/memory/test# echo 120M > memory.limit_in_bytes
root@lp2:/sys/fs/cgroup/memory/test# echo $$ > tasks
root@lp2:/sys/fs/cgroup/memory/test# dd if=/dev/zero of=/home/kvaneesh/test bs=1M
Killed
Link: https://lkml.kernel.org/r/20221118070603.84081-1-aneesh.kumar@linux.ibm.com
Signed-off-by: Aneesh Kumar K.V <aneesh.kumar@linux.ibm.com>
Suggested-by: Johannes Weiner <hannes@cmpxchg.org>
Acked-by: Johannes Weiner <hannes@cmpxchg.org>
Cc: Tejun Heo <tj@kernel.org>
Cc: zefan li <lizefan.x@bytedance.com>
Cc: <stable@vger.kernel.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
mm/vmscan.c | 14 +++++++++++++-
1 file changed, 13 insertions(+), 1 deletion(-)
--- a/mm/vmscan.c
+++ b/mm/vmscan.c
@@ -2472,8 +2472,20 @@ shrink_inactive_list(unsigned long nr_to
* the flushers simply cannot keep up with the allocation
* rate. Nudge the flusher threads in case they are asleep.
*/
- if (stat.nr_unqueued_dirty == nr_taken)
+ if (stat.nr_unqueued_dirty == nr_taken) {
wakeup_flusher_threads(WB_REASON_VMSCAN);
+ /*
+ * For cgroupv1 dirty throttling is achieved by waking up
+ * the kernel flusher here and later waiting on folios
+ * which are in writeback to finish (see shrink_folio_list()).
+ *
+ * Flusher may not be able to issue writeback quickly
+ * enough for cgroupv1 writeback throttling to work
+ * on a large system.
+ */
+ if (!writeback_throttling_sane(sc))
+ reclaim_throttle(pgdat, VMSCAN_THROTTLE_WRITEBACK);
+ }
sc->nr.dirty += stat.nr_dirty;
sc->nr.congested += stat.nr_congested;
^ permalink raw reply [flat|nested] 305+ messages in thread
* [PATCH 6.0 201/289] mm: vmscan: fix extreme overreclaim and swap floods
2022-11-30 18:19 [PATCH 6.0 000/289] 6.0.11-rc1 review Greg Kroah-Hartman
` (199 preceding siblings ...)
2022-11-30 18:23 ` [PATCH 6.0 200/289] mm/cgroup/reclaim: fix dirty pages throttling on cgroup v1 Greg Kroah-Hartman
@ 2022-11-30 18:23 ` Greg Kroah-Hartman
2022-11-30 18:23 ` [PATCH 6.0 202/289] fpga: m10bmc-sec: Fix kconfig dependencies Greg Kroah-Hartman
` (97 subsequent siblings)
298 siblings, 0 replies; 305+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-30 18:23 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Johannes Weiner, Rik van Riel,
Mel Gorman, Hugh Dickins, Joonsoo Kim, Andrew Morton
From: Johannes Weiner <hannes@cmpxchg.org>
commit f53af4285d775cd9a9a146fc438bd0a1bee1838a upstream.
During proactive reclaim, we sometimes observe severe overreclaim, with
several thousand times more pages reclaimed than requested.
This trace was obtained from shrink_lruvec() during such an instance:
prio:0 anon_cost:1141521 file_cost:7767
nr_reclaimed:4387406 nr_to_reclaim:1047 (or_factor:4190)
nr=[7161123 345 578 1111]
While he reclaimer requested 4M, vmscan reclaimed close to 16G, most of it
by swapping. These requests take over a minute, during which the write()
to memory.reclaim is unkillably stuck inside the kernel.
Digging into the source, this is caused by the proportional reclaim
bailout logic. This code tries to resolve a fundamental conflict: to
reclaim roughly what was requested, while also aging all LRUs fairly and
in accordance to their size, swappiness, refault rates etc. The way it
attempts fairness is that once the reclaim goal has been reached, it stops
scanning the LRUs with the smaller remaining scan targets, and adjusts the
remainder of the bigger LRUs according to how much of the smaller LRUs was
scanned. It then finishes scanning that remainder regardless of the
reclaim goal.
This works fine if priority levels are low and the LRU lists are
comparable in size. However, in this instance, the cgroup that is
targeted by proactive reclaim has almost no files left - they've already
been squeezed out by proactive reclaim earlier - and the remaining anon
pages are hot. Anon rotations cause the priority level to drop to 0,
which results in reclaim targeting all of anon (a lot) and all of file
(almost nothing). By the time reclaim decides to bail, it has scanned
most or all of the file target, and therefor must also scan most or all of
the enormous anon target. This target is thousands of times larger than
the reclaim goal, thus causing the overreclaim.
The bailout code hasn't changed in years, why is this failing now? The
most likely explanations are two other recent changes in anon reclaim:
1. Before the series starting with commit 5df741963d52 ("mm: fix LRU
balancing effect of new transparent huge pages"), the VM was
overall relatively reluctant to swap at all, even if swap was
configured. This means the LRU balancing code didn't come into play
as often as it does now, and mostly in high pressure situations
where pronounced swap activity wouldn't be as surprising.
2. For historic reasons, shrink_lruvec() loops on the scan targets of
all LRU lists except the active anon one, meaning it would bail if
the only remaining pages to scan were active anon - even if there
were a lot of them.
Before the series starting with commit ccc5dc67340c ("mm/vmscan:
make active/inactive ratio as 1:1 for anon lru"), most anon pages
would live on the active LRU; the inactive one would contain only a
handful of preselected reclaim candidates. After the series, anon
gets aged similarly to file, and the inactive list is the default
for new anon pages as well, making it often the much bigger list.
As a result, the VM is now more likely to actually finish large
anon targets than before.
Change the code such that only one SWAP_CLUSTER_MAX-sized nudge toward the
larger LRU lists is made before bailing out on a met reclaim goal.
This fixes the extreme overreclaim problem.
Fairness is more subtle and harder to evaluate. No obvious misbehavior
was observed on the test workload, in any case. Conceptually, fairness
should primarily be a cumulative effect from regular, lower priority
scans. Once the VM is in trouble and needs to escalate scan targets to
make forward progress, fairness needs to take a backseat. This is also
acknowledged by the myriad exceptions in get_scan_count(). This patch
makes fairness decrease gradually, as it keeps fairness work static over
increasing priority levels with growing scan targets. This should make
more sense - although we may have to re-visit the exact values.
Link: https://lkml.kernel.org/r/20220802162811.39216-1-hannes@cmpxchg.org
Signed-off-by: Johannes Weiner <hannes@cmpxchg.org>
Reviewed-by: Rik van Riel <riel@surriel.com>
Acked-by: Mel Gorman <mgorman@techsingularity.net>
Cc: Hugh Dickins <hughd@google.com>
Cc: Joonsoo Kim <iamjoonsoo.kim@lge.com>
Cc: <stable@vger.kernel.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
mm/vmscan.c | 10 ++++------
1 file changed, 4 insertions(+), 6 deletions(-)
--- a/mm/vmscan.c
+++ b/mm/vmscan.c
@@ -2967,8 +2967,8 @@ static void shrink_lruvec(struct lruvec
enum lru_list lru;
unsigned long nr_reclaimed = 0;
unsigned long nr_to_reclaim = sc->nr_to_reclaim;
+ bool proportional_reclaim;
struct blk_plug plug;
- bool scan_adjusted;
get_scan_count(lruvec, sc, nr);
@@ -2986,8 +2986,8 @@ static void shrink_lruvec(struct lruvec
* abort proportional reclaim if either the file or anon lru has already
* dropped to zero at the first pass.
*/
- scan_adjusted = (!cgroup_reclaim(sc) && !current_is_kswapd() &&
- sc->priority == DEF_PRIORITY);
+ proportional_reclaim = (!cgroup_reclaim(sc) && !current_is_kswapd() &&
+ sc->priority == DEF_PRIORITY);
blk_start_plug(&plug);
while (nr[LRU_INACTIVE_ANON] || nr[LRU_ACTIVE_FILE] ||
@@ -3007,7 +3007,7 @@ static void shrink_lruvec(struct lruvec
cond_resched();
- if (nr_reclaimed < nr_to_reclaim || scan_adjusted)
+ if (nr_reclaimed < nr_to_reclaim || proportional_reclaim)
continue;
/*
@@ -3058,8 +3058,6 @@ static void shrink_lruvec(struct lruvec
nr_scanned = targets[lru] - nr[lru];
nr[lru] = targets[lru] * (100 - percentage) / 100;
nr[lru] -= min(nr[lru], nr_scanned);
-
- scan_adjusted = true;
}
blk_finish_plug(&plug);
sc->nr_reclaimed += nr_reclaimed;
^ permalink raw reply [flat|nested] 305+ messages in thread
* [PATCH 6.0 202/289] fpga: m10bmc-sec: Fix kconfig dependencies
2022-11-30 18:19 [PATCH 6.0 000/289] 6.0.11-rc1 review Greg Kroah-Hartman
` (200 preceding siblings ...)
2022-11-30 18:23 ` [PATCH 6.0 201/289] mm: vmscan: fix extreme overreclaim and swap floods Greg Kroah-Hartman
@ 2022-11-30 18:23 ` Greg Kroah-Hartman
2022-11-30 18:23 ` [PATCH 6.0 203/289] KVM: x86/mmu: Fix race condition in direct_page_fault Greg Kroah-Hartman
` (96 subsequent siblings)
298 siblings, 0 replies; 305+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-30 18:23 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, kernel test robot, Russ Weight,
Randy Dunlap, Xu Yilun
From: Russ Weight <russell.h.weight@intel.com>
commit dfd10332596ef11ceafd29c4e21b4117be423fc4 upstream.
The secure update driver depends on the firmware-upload functionality of
the firmware-loader. The firmware-loader is carried in the firmware-class
driver which is enabled with the tristate CONFIG_FW_LOADER option. The
firmware-upload functionality is included in the firmware-class driver if
the bool FW_UPLOAD config is set.
The current dependency statement, "depends on FW_UPLOAD", is not adequate
because it does not implicitly turn on FW_LOADER. Instead of adding a
dependency, follow the convention used by drivers that require the
FW_LOADER_USER_HELPER functionality of the firmware-loader by using
select for both FW_LOADER and FW_UPLOAD.
Fixes: bdf86d0e6ca3 ("fpga: m10bmc-sec: create max10 bmc secure update")
Reported-by: kernel test robot <lkp@intel.com>
Cc: stable@vger.kernel.org
Signed-off-by: Russ Weight <russell.h.weight@intel.com>
Acked-by: Randy Dunlap <rdunlap@infradead.org>
Acked-by: Xu Yilun <yilun.xu@intel.com>
Link: https://lore.kernel.org/r/20221115001127.289890-1-russell.h.weight@intel.com
Signed-off-by: Xu Yilun <yilun.xu@intel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/fpga/Kconfig | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/drivers/fpga/Kconfig b/drivers/fpga/Kconfig
index 6c416955da53..bbe0a7cabb75 100644
--- a/drivers/fpga/Kconfig
+++ b/drivers/fpga/Kconfig
@@ -246,7 +246,9 @@ config FPGA_MGR_VERSAL_FPGA
config FPGA_M10_BMC_SEC_UPDATE
tristate "Intel MAX10 BMC Secure Update driver"
- depends on MFD_INTEL_M10_BMC && FW_UPLOAD
+ depends on MFD_INTEL_M10_BMC
+ select FW_LOADER
+ select FW_UPLOAD
help
Secure update support for the Intel MAX10 board management
controller.
--
2.38.1
^ permalink raw reply related [flat|nested] 305+ messages in thread
* [PATCH 6.0 203/289] KVM: x86/mmu: Fix race condition in direct_page_fault
2022-11-30 18:19 [PATCH 6.0 000/289] 6.0.11-rc1 review Greg Kroah-Hartman
` (201 preceding siblings ...)
2022-11-30 18:23 ` [PATCH 6.0 202/289] fpga: m10bmc-sec: Fix kconfig dependencies Greg Kroah-Hartman
@ 2022-11-30 18:23 ` Greg Kroah-Hartman
2022-11-30 18:23 ` [PATCH 6.0 204/289] KVM: x86/xen: Only do in-kernel acceleration of hypercalls for guest CPL0 Greg Kroah-Hartman
` (95 subsequent siblings)
298 siblings, 0 replies; 305+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-30 18:23 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Kazuki Takiguchi, Paolo Bonzini
From: Kazuki Takiguchi <takiguchi.kazuki171@gmail.com>
commit 47b0c2e4c220f2251fd8dcfbb44479819c715e15 upstream.
make_mmu_pages_available() must be called with mmu_lock held for write.
However, if the TDP MMU is used, it will be called with mmu_lock held for
read.
This function does nothing unless shadow pages are used, so there is no
race unless nested TDP is used.
Since nested TDP uses shadow pages, old shadow pages may be zapped by this
function even when the TDP MMU is enabled.
Since shadow pages are never allocated by kvm_tdp_mmu_map(), a race
condition can be avoided by not calling make_mmu_pages_available() if the
TDP MMU is currently in use.
I encountered this when repeatedly starting and stopping nested VM.
It can be artificially caused by allocating a large number of nested TDP
SPTEs.
For example, the following BUG and general protection fault are caused in
the host kernel.
pte_list_remove: 00000000cd54fc10 many->many
------------[ cut here ]------------
kernel BUG at arch/x86/kvm/mmu/mmu.c:963!
invalid opcode: 0000 [#1] PREEMPT SMP NOPTI
RIP: 0010:pte_list_remove.cold+0x16/0x48 [kvm]
Call Trace:
<TASK>
drop_spte+0xe0/0x180 [kvm]
mmu_page_zap_pte+0x4f/0x140 [kvm]
__kvm_mmu_prepare_zap_page+0x62/0x3e0 [kvm]
kvm_mmu_zap_oldest_mmu_pages+0x7d/0xf0 [kvm]
direct_page_fault+0x3cb/0x9b0 [kvm]
kvm_tdp_page_fault+0x2c/0xa0 [kvm]
kvm_mmu_page_fault+0x207/0x930 [kvm]
npf_interception+0x47/0xb0 [kvm_amd]
svm_invoke_exit_handler+0x13c/0x1a0 [kvm_amd]
svm_handle_exit+0xfc/0x2c0 [kvm_amd]
kvm_arch_vcpu_ioctl_run+0xa79/0x1780 [kvm]
kvm_vcpu_ioctl+0x29b/0x6f0 [kvm]
__x64_sys_ioctl+0x95/0xd0
do_syscall_64+0x5c/0x90
general protection fault, probably for non-canonical address
0xdead000000000122: 0000 [#1] PREEMPT SMP NOPTI
RIP: 0010:kvm_mmu_commit_zap_page.part.0+0x4b/0xe0 [kvm]
Call Trace:
<TASK>
kvm_mmu_zap_oldest_mmu_pages+0xae/0xf0 [kvm]
direct_page_fault+0x3cb/0x9b0 [kvm]
kvm_tdp_page_fault+0x2c/0xa0 [kvm]
kvm_mmu_page_fault+0x207/0x930 [kvm]
npf_interception+0x47/0xb0 [kvm_amd]
CVE: CVE-2022-45869
Fixes: a2855afc7ee8 ("KVM: x86/mmu: Allow parallel page faults for the TDP MMU")
Signed-off-by: Kazuki Takiguchi <takiguchi.kazuki171@gmail.com>
Cc: stable@vger.kernel.org
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
arch/x86/kvm/mmu/mmu.c | 13 +++++++------
1 file changed, 7 insertions(+), 6 deletions(-)
--- a/arch/x86/kvm/mmu/mmu.c
+++ b/arch/x86/kvm/mmu/mmu.c
@@ -2431,6 +2431,7 @@ static bool __kvm_mmu_prepare_zap_page(s
{
bool list_unstable, zapped_root = false;
+ lockdep_assert_held_write(&kvm->mmu_lock);
trace_kvm_mmu_prepare_zap_page(sp);
++kvm->stat.mmu_shadow_zapped;
*nr_zapped = mmu_zap_unsync_children(kvm, sp, invalid_list);
@@ -4250,14 +4251,14 @@ static int direct_page_fault(struct kvm_
if (is_page_fault_stale(vcpu, fault, mmu_seq))
goto out_unlock;
- r = make_mmu_pages_available(vcpu);
- if (r)
- goto out_unlock;
-
- if (is_tdp_mmu_fault)
+ if (is_tdp_mmu_fault) {
r = kvm_tdp_mmu_map(vcpu, fault);
- else
+ } else {
+ r = make_mmu_pages_available(vcpu);
+ if (r)
+ goto out_unlock;
r = __direct_map(vcpu, fault);
+ }
out_unlock:
if (is_tdp_mmu_fault)
^ permalink raw reply [flat|nested] 305+ messages in thread
* [PATCH 6.0 204/289] KVM: x86/xen: Only do in-kernel acceleration of hypercalls for guest CPL0
2022-11-30 18:19 [PATCH 6.0 000/289] 6.0.11-rc1 review Greg Kroah-Hartman
` (202 preceding siblings ...)
2022-11-30 18:23 ` [PATCH 6.0 203/289] KVM: x86/mmu: Fix race condition in direct_page_fault Greg Kroah-Hartman
@ 2022-11-30 18:23 ` Greg Kroah-Hartman
2022-11-30 18:23 ` [PATCH 6.0 205/289] KVM: x86/xen: Validate port number in SCHEDOP_poll Greg Kroah-Hartman
` (94 subsequent siblings)
298 siblings, 0 replies; 305+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-30 18:23 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Michal Luczaj, David Woodhouse,
Sean Christopherson, stable, Paolo Bonzini
From: David Woodhouse <dwmw@amazon.co.uk>
commit c2b8cdfaf3a6721afe0c8c060a631b1c67a7f1ee upstream.
There are almost no hypercalls which are valid from CPL > 0, and definitely
none which are handled by the kernel.
Fixes: 2fd6df2f2b47 ("KVM: x86/xen: intercept EVTCHNOP_send from guests")
Reported-by: Michal Luczaj <mhal@rbox.co>
Signed-off-by: David Woodhouse <dwmw@amazon.co.uk>
Reviewed-by: Sean Christopherson <seanjc@google.com>
Cc: stable@kernel.org
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
arch/x86/kvm/xen.c | 12 +++++++++++-
1 file changed, 11 insertions(+), 1 deletion(-)
--- a/arch/x86/kvm/xen.c
+++ b/arch/x86/kvm/xen.c
@@ -1216,6 +1216,7 @@ int kvm_xen_hypercall(struct kvm_vcpu *v
bool longmode;
u64 input, params[6], r = -ENOSYS;
bool handled = false;
+ u8 cpl;
input = (u64)kvm_register_read(vcpu, VCPU_REGS_RAX);
@@ -1243,9 +1244,17 @@ int kvm_xen_hypercall(struct kvm_vcpu *v
params[5] = (u64)kvm_r9_read(vcpu);
}
#endif
+ cpl = static_call(kvm_x86_get_cpl)(vcpu);
trace_kvm_xen_hypercall(input, params[0], params[1], params[2],
params[3], params[4], params[5]);
+ /*
+ * Only allow hypercall acceleration for CPL0. The rare hypercalls that
+ * are permitted in guest userspace can be handled by the VMM.
+ */
+ if (unlikely(cpl > 0))
+ goto handle_in_userspace;
+
switch (input) {
case __HYPERVISOR_xen_version:
if (params[0] == XENVER_version && vcpu->kvm->arch.xen.xen_version) {
@@ -1280,10 +1289,11 @@ int kvm_xen_hypercall(struct kvm_vcpu *v
if (handled)
return kvm_xen_hypercall_set_result(vcpu, r);
+handle_in_userspace:
vcpu->run->exit_reason = KVM_EXIT_XEN;
vcpu->run->xen.type = KVM_EXIT_XEN_HCALL;
vcpu->run->xen.u.hcall.longmode = longmode;
- vcpu->run->xen.u.hcall.cpl = static_call(kvm_x86_get_cpl)(vcpu);
+ vcpu->run->xen.u.hcall.cpl = cpl;
vcpu->run->xen.u.hcall.input = input;
vcpu->run->xen.u.hcall.params[0] = params[0];
vcpu->run->xen.u.hcall.params[1] = params[1];
^ permalink raw reply [flat|nested] 305+ messages in thread
* [PATCH 6.0 205/289] KVM: x86/xen: Validate port number in SCHEDOP_poll
2022-11-30 18:19 [PATCH 6.0 000/289] 6.0.11-rc1 review Greg Kroah-Hartman
` (203 preceding siblings ...)
2022-11-30 18:23 ` [PATCH 6.0 204/289] KVM: x86/xen: Only do in-kernel acceleration of hypercalls for guest CPL0 Greg Kroah-Hartman
@ 2022-11-30 18:23 ` Greg Kroah-Hartman
2022-11-30 18:23 ` [PATCH 6.0 206/289] drm/i915/gvt: Get reference to KVM iff attachment to VM is successful Greg Kroah-Hartman
` (93 subsequent siblings)
298 siblings, 0 replies; 305+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-30 18:23 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Michal Luczaj, David Woodhouse,
Sean Christopherson, stable, Paolo Bonzini
From: David Woodhouse <dwmw@amazon.co.uk>
commit 4ea9439fd537313f3381f0af4ebbf05e3f51a58c upstream.
We shouldn't allow guests to poll on arbitrary port numbers off the end
of the event channel table.
Fixes: 1a65105a5aba ("KVM: x86/xen: handle PV spinlocks slowpath")
[dwmw2: my bug though; the original version did check the validity as a
side-effect of an idr_find() which I ripped out in refactoring.]
Reported-by: Michal Luczaj <mhal@rbox.co>
Signed-off-by: David Woodhouse <dwmw@amazon.co.uk>
Reviewed-by: Sean Christopherson <seanjc@google.com>
Cc: stable@kernel.org
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
arch/x86/kvm/xen.c | 20 ++++++++++++--------
1 file changed, 12 insertions(+), 8 deletions(-)
--- a/arch/x86/kvm/xen.c
+++ b/arch/x86/kvm/xen.c
@@ -954,6 +954,14 @@ static int kvm_xen_hypercall_complete_us
return kvm_xen_hypercall_set_result(vcpu, run->xen.u.hcall.result);
}
+static inline int max_evtchn_port(struct kvm *kvm)
+{
+ if (IS_ENABLED(CONFIG_64BIT) && kvm->arch.xen.long_mode)
+ return EVTCHN_2L_NR_CHANNELS;
+ else
+ return COMPAT_EVTCHN_2L_NR_CHANNELS;
+}
+
static bool wait_pending_event(struct kvm_vcpu *vcpu, int nr_ports,
evtchn_port_t *ports)
{
@@ -1042,6 +1050,10 @@ static bool kvm_xen_schedop_poll(struct
*r = -EFAULT;
goto out;
}
+ if (ports[i] >= max_evtchn_port(vcpu->kvm)) {
+ *r = -EINVAL;
+ goto out;
+ }
}
if (sched_poll.nr_ports == 1)
@@ -1308,14 +1320,6 @@ handle_in_userspace:
return 0;
}
-static inline int max_evtchn_port(struct kvm *kvm)
-{
- if (IS_ENABLED(CONFIG_64BIT) && kvm->arch.xen.long_mode)
- return EVTCHN_2L_NR_CHANNELS;
- else
- return COMPAT_EVTCHN_2L_NR_CHANNELS;
-}
-
static void kvm_xen_check_poller(struct kvm_vcpu *vcpu, int port)
{
int poll_evtchn = vcpu->arch.xen.poll_evtchn;
^ permalink raw reply [flat|nested] 305+ messages in thread
* [PATCH 6.0 206/289] drm/i915/gvt: Get reference to KVM iff attachment to VM is successful
2022-11-30 18:19 [PATCH 6.0 000/289] 6.0.11-rc1 review Greg Kroah-Hartman
` (204 preceding siblings ...)
2022-11-30 18:23 ` [PATCH 6.0 205/289] KVM: x86/xen: Validate port number in SCHEDOP_poll Greg Kroah-Hartman
@ 2022-11-30 18:23 ` Greg Kroah-Hartman
2022-11-30 18:23 ` [PATCH 6.0 207/289] KVM: x86: nSVM: leave nested mode on vCPU free Greg Kroah-Hartman
` (92 subsequent siblings)
298 siblings, 0 replies; 305+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-30 18:23 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Kevin Tian, Sean Christopherson,
Zhenyu Wang
From: Sean Christopherson <seanjc@google.com>
commit 9ed1fdee9ee324f3505ff066287ee53143caaaa2 upstream.
Get a reference to KVM if and only if a vGPU is successfully attached to
the VM to avoid leaking a reference if there's no available vGPU. On
open_device() failure, vfio_device_open() doesn't invoke close_device().
Fixes: 421cfe6596f6 ("vfio: remove VFIO_GROUP_NOTIFY_SET_KVM")
Cc: stable@vger.kernel.org
Reviewed-by: Kevin Tian <kevin.tian@intel.com>
Signed-off-by: Sean Christopherson <seanjc@google.com>
Signed-off-by: Zhenyu Wang <zhenyuw@linux.intel.com>
Link: http://patchwork.freedesktop.org/patch/msgid/20221111002225.2418386-2-seanjc@google.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/gpu/drm/i915/gvt/kvmgt.c | 3 +--
1 file changed, 1 insertion(+), 2 deletions(-)
--- a/drivers/gpu/drm/i915/gvt/kvmgt.c
+++ b/drivers/gpu/drm/i915/gvt/kvmgt.c
@@ -765,8 +765,6 @@ static int intel_vgpu_open_device(struct
return -ESRCH;
}
- kvm_get_kvm(vgpu->vfio_device.kvm);
-
if (__kvmgt_vgpu_exist(vgpu))
return -EEXIST;
@@ -777,6 +775,7 @@ static int intel_vgpu_open_device(struct
vgpu->track_node.track_write = kvmgt_page_track_write;
vgpu->track_node.track_flush_slot = kvmgt_page_track_flush_slot;
+ kvm_get_kvm(vgpu->vfio_device.kvm);
kvm_page_track_register_notifier(vgpu->vfio_device.kvm,
&vgpu->track_node);
^ permalink raw reply [flat|nested] 305+ messages in thread
* [PATCH 6.0 207/289] KVM: x86: nSVM: leave nested mode on vCPU free
2022-11-30 18:19 [PATCH 6.0 000/289] 6.0.11-rc1 review Greg Kroah-Hartman
` (205 preceding siblings ...)
2022-11-30 18:23 ` [PATCH 6.0 206/289] drm/i915/gvt: Get reference to KVM iff attachment to VM is successful Greg Kroah-Hartman
@ 2022-11-30 18:23 ` Greg Kroah-Hartman
2022-11-30 18:23 ` [PATCH 6.0 208/289] KVM: x86: forcibly leave nested mode on vCPU reset Greg Kroah-Hartman
` (91 subsequent siblings)
298 siblings, 0 replies; 305+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-30 18:23 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Maxim Levitsky, Paolo Bonzini
From: Maxim Levitsky <mlevitsk@redhat.com>
commit 917401f26a6af5756d89b550a8e1bd50cf42b07e upstream.
If the VM was terminated while nested, we free the nested state
while the vCPU still is in nested mode.
Soon a warning will be added for this condition.
Cc: stable@vger.kernel.org
Signed-off-by: Maxim Levitsky <mlevitsk@redhat.com>
Message-Id: <20221103141351.50662-2-mlevitsk@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
arch/x86/kvm/svm/svm.c | 1 +
1 file changed, 1 insertion(+)
--- a/arch/x86/kvm/svm/svm.c
+++ b/arch/x86/kvm/svm/svm.c
@@ -1440,6 +1440,7 @@ static void svm_vcpu_free(struct kvm_vcp
*/
svm_clear_current_vmcb(svm->vmcb);
+ svm_leave_nested(vcpu);
svm_free_nested(svm);
sev_free_vcpu(vcpu);
^ permalink raw reply [flat|nested] 305+ messages in thread
* [PATCH 6.0 208/289] KVM: x86: forcibly leave nested mode on vCPU reset
2022-11-30 18:19 [PATCH 6.0 000/289] 6.0.11-rc1 review Greg Kroah-Hartman
` (206 preceding siblings ...)
2022-11-30 18:23 ` [PATCH 6.0 207/289] KVM: x86: nSVM: leave nested mode on vCPU free Greg Kroah-Hartman
@ 2022-11-30 18:23 ` Greg Kroah-Hartman
2022-11-30 18:23 ` [PATCH 6.0 209/289] KVM: x86: nSVM: harden svm_free_nested against freeing vmcb02 while still in use Greg Kroah-Hartman
` (90 subsequent siblings)
298 siblings, 0 replies; 305+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-30 18:23 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Maxim Levitsky, Paolo Bonzini
From: Maxim Levitsky <mlevitsk@redhat.com>
commit ed129ec9057f89d615ba0c81a4984a90345a1684 upstream.
While not obivous, kvm_vcpu_reset() leaves the nested mode by clearing
'vcpu->arch.hflags' but it does so without all the required housekeeping.
On SVM, it is possible to have a vCPU reset while in guest mode because
unlike VMX, on SVM, INIT's are not latched in SVM non root mode and in
addition to that L1 doesn't have to intercept triple fault, which should
also trigger L1's reset if happens in L2 while L1 didn't intercept it.
If one of the above conditions happen, KVM will continue to use vmcb02
while not having in the guest mode.
Later the IA32_EFER will be cleared which will lead to freeing of the
nested guest state which will (correctly) free the vmcb02, but since
KVM still uses it (incorrectly) this will lead to a use after free
and kernel crash.
This issue is assigned CVE-2022-3344
Cc: stable@vger.kernel.org
Signed-off-by: Maxim Levitsky <mlevitsk@redhat.com>
Message-Id: <20221103141351.50662-5-mlevitsk@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
arch/x86/kvm/x86.c | 10 ++++++++++
1 file changed, 10 insertions(+)
--- a/arch/x86/kvm/x86.c
+++ b/arch/x86/kvm/x86.c
@@ -11789,8 +11789,18 @@ void kvm_vcpu_reset(struct kvm_vcpu *vcp
WARN_ON_ONCE(!init_event &&
(old_cr0 || kvm_read_cr3(vcpu) || kvm_read_cr4(vcpu)));
+ /*
+ * SVM doesn't unconditionally VM-Exit on INIT and SHUTDOWN, thus it's
+ * possible to INIT the vCPU while L2 is active. Force the vCPU back
+ * into L1 as EFER.SVME is cleared on INIT (along with all other EFER
+ * bits), i.e. virtualization is disabled.
+ */
+ if (is_guest_mode(vcpu))
+ kvm_leave_nested(vcpu);
+
kvm_lapic_reset(vcpu, init_event);
+ WARN_ON_ONCE(is_guest_mode(vcpu) || is_smm(vcpu));
vcpu->arch.hflags = 0;
vcpu->arch.smi_pending = 0;
^ permalink raw reply [flat|nested] 305+ messages in thread
* [PATCH 6.0 209/289] KVM: x86: nSVM: harden svm_free_nested against freeing vmcb02 while still in use
2022-11-30 18:19 [PATCH 6.0 000/289] 6.0.11-rc1 review Greg Kroah-Hartman
` (207 preceding siblings ...)
2022-11-30 18:23 ` [PATCH 6.0 208/289] KVM: x86: forcibly leave nested mode on vCPU reset Greg Kroah-Hartman
@ 2022-11-30 18:23 ` Greg Kroah-Hartman
2022-11-30 18:23 ` [PATCH 6.0 210/289] KVM: x86: add kvm_leave_nested Greg Kroah-Hartman
` (89 subsequent siblings)
298 siblings, 0 replies; 305+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-30 18:23 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Maxim Levitsky, Paolo Bonzini
From: Maxim Levitsky <mlevitsk@redhat.com>
commit 16ae56d7e0528559bf8dc9070e3bfd8ba3de80df upstream.
Make sure that KVM uses vmcb01 before freeing nested state, and warn if
that is not the case.
This is a minimal fix for CVE-2022-3344 making the kernel print a warning
instead of a kernel panic.
Cc: stable@vger.kernel.org
Signed-off-by: Maxim Levitsky <mlevitsk@redhat.com>
Message-Id: <20221103141351.50662-3-mlevitsk@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
arch/x86/kvm/svm/nested.c | 3 +++
1 file changed, 3 insertions(+)
--- a/arch/x86/kvm/svm/nested.c
+++ b/arch/x86/kvm/svm/nested.c
@@ -1143,6 +1143,9 @@ void svm_free_nested(struct vcpu_svm *sv
if (!svm->nested.initialized)
return;
+ if (WARN_ON_ONCE(svm->vmcb != svm->vmcb01.ptr))
+ svm_switch_vmcb(svm, &svm->vmcb01);
+
svm_vcpu_free_msrpm(svm->nested.msrpm);
svm->nested.msrpm = NULL;
^ permalink raw reply [flat|nested] 305+ messages in thread
* [PATCH 6.0 210/289] KVM: x86: add kvm_leave_nested
2022-11-30 18:19 [PATCH 6.0 000/289] 6.0.11-rc1 review Greg Kroah-Hartman
` (208 preceding siblings ...)
2022-11-30 18:23 ` [PATCH 6.0 209/289] KVM: x86: nSVM: harden svm_free_nested against freeing vmcb02 while still in use Greg Kroah-Hartman
@ 2022-11-30 18:23 ` Greg Kroah-Hartman
2022-11-30 18:23 ` [PATCH 6.0 211/289] KVM: x86: remove exit_int_info warning in svm_handle_exit Greg Kroah-Hartman
` (88 subsequent siblings)
298 siblings, 0 replies; 305+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-30 18:23 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Maxim Levitsky, Paolo Bonzini
From: Maxim Levitsky <mlevitsk@redhat.com>
commit f9697df251438b0798780900e8b43bdb12a56d64 upstream.
add kvm_leave_nested which wraps a call to nested_ops->leave_nested
into a function.
Cc: stable@vger.kernel.org
Signed-off-by: Maxim Levitsky <mlevitsk@redhat.com>
Message-Id: <20221103141351.50662-4-mlevitsk@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
arch/x86/kvm/svm/nested.c | 3 ---
arch/x86/kvm/vmx/nested.c | 3 ---
arch/x86/kvm/x86.c | 8 +++++++-
3 files changed, 7 insertions(+), 7 deletions(-)
--- a/arch/x86/kvm/svm/nested.c
+++ b/arch/x86/kvm/svm/nested.c
@@ -1164,9 +1164,6 @@ void svm_free_nested(struct vcpu_svm *sv
svm->nested.initialized = false;
}
-/*
- * Forcibly leave nested mode in order to be able to reset the VCPU later on.
- */
void svm_leave_nested(struct kvm_vcpu *vcpu)
{
struct vcpu_svm *svm = to_svm(vcpu);
--- a/arch/x86/kvm/vmx/nested.c
+++ b/arch/x86/kvm/vmx/nested.c
@@ -6294,9 +6294,6 @@ out:
return kvm_state.size;
}
-/*
- * Forcibly leave nested mode in order to be able to reset the VCPU later on.
- */
void vmx_leave_nested(struct kvm_vcpu *vcpu)
{
if (is_guest_mode(vcpu)) {
--- a/arch/x86/kvm/x86.c
+++ b/arch/x86/kvm/x86.c
@@ -611,6 +611,12 @@ void kvm_deliver_exception_payload(struc
}
EXPORT_SYMBOL_GPL(kvm_deliver_exception_payload);
+/* Forcibly leave the nested mode in cases like a vCPU reset */
+static void kvm_leave_nested(struct kvm_vcpu *vcpu)
+{
+ kvm_x86_ops.nested_ops->leave_nested(vcpu);
+}
+
static void kvm_multiple_exception(struct kvm_vcpu *vcpu,
unsigned nr, bool has_error, u32 error_code,
bool has_payload, unsigned long payload, bool reinject)
@@ -5154,7 +5160,7 @@ static int kvm_vcpu_ioctl_x86_set_vcpu_e
if (events->flags & KVM_VCPUEVENT_VALID_SMM) {
if (!!(vcpu->arch.hflags & HF_SMM_MASK) != events->smi.smm) {
- kvm_x86_ops.nested_ops->leave_nested(vcpu);
+ kvm_leave_nested(vcpu);
kvm_smm_changed(vcpu, events->smi.smm);
}
^ permalink raw reply [flat|nested] 305+ messages in thread
* [PATCH 6.0 211/289] KVM: x86: remove exit_int_info warning in svm_handle_exit
2022-11-30 18:19 [PATCH 6.0 000/289] 6.0.11-rc1 review Greg Kroah-Hartman
` (209 preceding siblings ...)
2022-11-30 18:23 ` [PATCH 6.0 210/289] KVM: x86: add kvm_leave_nested Greg Kroah-Hartman
@ 2022-11-30 18:23 ` Greg Kroah-Hartman
2022-11-30 18:23 ` [PATCH 6.0 212/289] KVM: Update gfn_to_pfn_cache khva when it moves within the same page Greg Kroah-Hartman
` (87 subsequent siblings)
298 siblings, 0 replies; 305+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-30 18:23 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Maxim Levitsky, Paolo Bonzini
From: Maxim Levitsky <mlevitsk@redhat.com>
commit 05311ce954aebe75935d9ae7d38ac82b5b796e33 upstream.
It is valid to receive external interrupt and have broken IDT entry,
which will lead to #GP with exit_int_into that will contain the index of
the IDT entry (e.g any value).
Other exceptions can happen as well, like #NP or #SS
(if stack switch fails).
Thus this warning can be user triggred and has very little value.
Cc: stable@vger.kernel.org
Signed-off-by: Maxim Levitsky <mlevitsk@redhat.com>
Message-Id: <20221103141351.50662-10-mlevitsk@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
arch/x86/kvm/svm/svm.c | 15 ---------------
1 file changed, 15 deletions(-)
--- a/arch/x86/kvm/svm/svm.c
+++ b/arch/x86/kvm/svm/svm.c
@@ -346,12 +346,6 @@ int svm_set_efer(struct kvm_vcpu *vcpu,
return 0;
}
-static int is_external_interrupt(u32 info)
-{
- info &= SVM_EVTINJ_TYPE_MASK | SVM_EVTINJ_VALID;
- return info == (SVM_EVTINJ_VALID | SVM_EVTINJ_TYPE_INTR);
-}
-
static u32 svm_get_interrupt_shadow(struct kvm_vcpu *vcpu)
{
struct vcpu_svm *svm = to_svm(vcpu);
@@ -3427,15 +3421,6 @@ static int svm_handle_exit(struct kvm_vc
return 0;
}
- if (is_external_interrupt(svm->vmcb->control.exit_int_info) &&
- exit_code != SVM_EXIT_EXCP_BASE + PF_VECTOR &&
- exit_code != SVM_EXIT_NPF && exit_code != SVM_EXIT_TASK_SWITCH &&
- exit_code != SVM_EXIT_INTR && exit_code != SVM_EXIT_NMI)
- printk(KERN_ERR "%s: unexpected exit_int_info 0x%x "
- "exit_code 0x%x\n",
- __func__, svm->vmcb->control.exit_int_info,
- exit_code);
-
if (exit_fastpath != EXIT_FASTPATH_NONE)
return 1;
^ permalink raw reply [flat|nested] 305+ messages in thread
* [PATCH 6.0 212/289] KVM: Update gfn_to_pfn_cache khva when it moves within the same page
2022-11-30 18:19 [PATCH 6.0 000/289] 6.0.11-rc1 review Greg Kroah-Hartman
` (210 preceding siblings ...)
2022-11-30 18:23 ` [PATCH 6.0 211/289] KVM: x86: remove exit_int_info warning in svm_handle_exit Greg Kroah-Hartman
@ 2022-11-30 18:23 ` Greg Kroah-Hartman
2022-11-30 18:23 ` [PATCH 6.0 213/289] x86/tsx: Add a feature bit for TSX control MSR support Greg Kroah-Hartman
` (86 subsequent siblings)
298 siblings, 0 replies; 305+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-30 18:23 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, David Woodhouse, Paul Durrant,
Sean Christopherson, stable, Paolo Bonzini
From: David Woodhouse <dwmw@amazon.co.uk>
commit 8332f0ed4f187c7b700831bd7cc83ce180a944b9 upstream.
In the case where a GPC is refreshed to a different location within the
same page, we didn't bother to update it. Mostly we don't need to, but
since the ->khva field also includes the offset within the page, that
does have to be updated.
Fixes: 3ba2c95ea180 ("KVM: Do not incorporate page offset into gfn=>pfn cache user address")
Signed-off-by: David Woodhouse <dwmw@amazon.co.uk>
Reviewed-by: Paul Durrant <paul@xen.org>
Reviewed-by: Sean Christopherson <seanjc@google.com>
Cc: stable@kernel.org
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
virt/kvm/pfncache.c | 7 ++++++-
1 file changed, 6 insertions(+), 1 deletion(-)
--- a/virt/kvm/pfncache.c
+++ b/virt/kvm/pfncache.c
@@ -297,7 +297,12 @@ int kvm_gfn_to_pfn_cache_refresh(struct
if (!gpc->valid || old_uhva != gpc->uhva) {
ret = hva_to_pfn_retry(kvm, gpc);
} else {
- /* If the HVA→PFN mapping was already valid, don't unmap it. */
+ /*
+ * If the HVA→PFN mapping was already valid, don't unmap it.
+ * But do update gpc->khva because the offset within the page
+ * may have changed.
+ */
+ gpc->khva = old_khva + page_offset;
old_pfn = KVM_PFN_ERR_FAULT;
old_khva = NULL;
ret = 0;
^ permalink raw reply [flat|nested] 305+ messages in thread
* [PATCH 6.0 213/289] x86/tsx: Add a feature bit for TSX control MSR support
2022-11-30 18:19 [PATCH 6.0 000/289] 6.0.11-rc1 review Greg Kroah-Hartman
` (211 preceding siblings ...)
2022-11-30 18:23 ` [PATCH 6.0 212/289] KVM: Update gfn_to_pfn_cache khva when it moves within the same page Greg Kroah-Hartman
@ 2022-11-30 18:23 ` Greg Kroah-Hartman
2022-11-30 18:23 ` [PATCH 6.0 214/289] x86/pm: Add enumeration check before spec MSRs save/restore setup Greg Kroah-Hartman
` (85 subsequent siblings)
298 siblings, 0 replies; 305+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-30 18:23 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Andrew Cooper, Pawan Gupta,
Borislav Petkov, Dave Hansen, stable
From: Pawan Gupta <pawan.kumar.gupta@linux.intel.com>
commit aaa65d17eec372c6a9756833f3964ba05b05ea14 upstream.
Support for the TSX control MSR is enumerated in MSR_IA32_ARCH_CAPABILITIES.
This is different from how other CPU features are enumerated i.e. via
CPUID. Currently, a call to tsx_ctrl_is_supported() is required for
enumerating the feature. In the absence of a feature bit for TSX control,
any code that relies on checking feature bits directly will not work.
In preparation for adding a feature bit check in MSR save/restore
during suspend/resume, set a new feature bit X86_FEATURE_TSX_CTRL when
MSR_IA32_TSX_CTRL is present. Also make tsx_ctrl_is_supported() use the
new feature bit to avoid any overhead of reading the MSR.
[ bp: Remove tsx_ctrl_is_supported(), add room for two more feature
bits in word 11 which are coming up in the next merge window. ]
Suggested-by: Andrew Cooper <andrew.cooper3@citrix.com>
Signed-off-by: Pawan Gupta <pawan.kumar.gupta@linux.intel.com>
Signed-off-by: Borislav Petkov <bp@suse.de>
Reviewed-by: Dave Hansen <dave.hansen@linux.intel.com>
Cc: <stable@kernel.org>
Link: https://lore.kernel.org/r/de619764e1d98afbb7a5fa58424f1278ede37b45.1668539735.git.pawan.kumar.gupta@linux.intel.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
arch/x86/include/asm/cpufeatures.h | 3 ++
arch/x86/kernel/cpu/tsx.c | 38 ++++++++++++++++---------------------
2 files changed, 20 insertions(+), 21 deletions(-)
--- a/arch/x86/include/asm/cpufeatures.h
+++ b/arch/x86/include/asm/cpufeatures.h
@@ -305,6 +305,9 @@
#define X86_FEATURE_USE_IBPB_FW (11*32+16) /* "" Use IBPB during runtime firmware calls */
#define X86_FEATURE_RSB_VMEXIT_LITE (11*32+17) /* "" Fill RSB on VM exit when EIBRS is enabled */
+
+#define X86_FEATURE_MSR_TSX_CTRL (11*32+20) /* "" MSR IA32_TSX_CTRL (Intel) implemented */
+
/* Intel-defined CPU features, CPUID level 0x00000007:1 (EAX), word 12 */
#define X86_FEATURE_AVX_VNNI (12*32+ 4) /* AVX VNNI instructions */
#define X86_FEATURE_AVX512_BF16 (12*32+ 5) /* AVX512 BFLOAT16 instructions */
--- a/arch/x86/kernel/cpu/tsx.c
+++ b/arch/x86/kernel/cpu/tsx.c
@@ -58,24 +58,6 @@ static void tsx_enable(void)
wrmsrl(MSR_IA32_TSX_CTRL, tsx);
}
-static bool tsx_ctrl_is_supported(void)
-{
- u64 ia32_cap = x86_read_arch_cap_msr();
-
- /*
- * TSX is controlled via MSR_IA32_TSX_CTRL. However, support for this
- * MSR is enumerated by ARCH_CAP_TSX_MSR bit in MSR_IA32_ARCH_CAPABILITIES.
- *
- * TSX control (aka MSR_IA32_TSX_CTRL) is only available after a
- * microcode update on CPUs that have their MSR_IA32_ARCH_CAPABILITIES
- * bit MDS_NO=1. CPUs with MDS_NO=0 are not planned to get
- * MSR_IA32_TSX_CTRL support even after a microcode update. Thus,
- * tsx= cmdline requests will do nothing on CPUs without
- * MSR_IA32_TSX_CTRL support.
- */
- return !!(ia32_cap & ARCH_CAP_TSX_CTRL_MSR);
-}
-
static enum tsx_ctrl_states x86_get_tsx_auto_mode(void)
{
if (boot_cpu_has_bug(X86_BUG_TAA))
@@ -135,7 +117,7 @@ static void tsx_clear_cpuid(void)
rdmsrl(MSR_TSX_FORCE_ABORT, msr);
msr |= MSR_TFA_TSX_CPUID_CLEAR;
wrmsrl(MSR_TSX_FORCE_ABORT, msr);
- } else if (tsx_ctrl_is_supported()) {
+ } else if (cpu_feature_enabled(X86_FEATURE_MSR_TSX_CTRL)) {
rdmsrl(MSR_IA32_TSX_CTRL, msr);
msr |= TSX_CTRL_CPUID_CLEAR;
wrmsrl(MSR_IA32_TSX_CTRL, msr);
@@ -158,7 +140,8 @@ static void tsx_dev_mode_disable(void)
u64 mcu_opt_ctrl;
/* Check if RTM_ALLOW exists */
- if (!boot_cpu_has_bug(X86_BUG_TAA) || !tsx_ctrl_is_supported() ||
+ if (!boot_cpu_has_bug(X86_BUG_TAA) ||
+ !cpu_feature_enabled(X86_FEATURE_MSR_TSX_CTRL) ||
!cpu_feature_enabled(X86_FEATURE_SRBDS_CTRL))
return;
@@ -191,7 +174,20 @@ void __init tsx_init(void)
return;
}
- if (!tsx_ctrl_is_supported()) {
+ /*
+ * TSX is controlled via MSR_IA32_TSX_CTRL. However, support for this
+ * MSR is enumerated by ARCH_CAP_TSX_MSR bit in MSR_IA32_ARCH_CAPABILITIES.
+ *
+ * TSX control (aka MSR_IA32_TSX_CTRL) is only available after a
+ * microcode update on CPUs that have their MSR_IA32_ARCH_CAPABILITIES
+ * bit MDS_NO=1. CPUs with MDS_NO=0 are not planned to get
+ * MSR_IA32_TSX_CTRL support even after a microcode update. Thus,
+ * tsx= cmdline requests will do nothing on CPUs without
+ * MSR_IA32_TSX_CTRL support.
+ */
+ if (x86_read_arch_cap_msr() & ARCH_CAP_TSX_CTRL_MSR) {
+ setup_force_cpu_cap(X86_FEATURE_MSR_TSX_CTRL);
+ } else {
tsx_ctrl_state = TSX_CTRL_NOT_SUPPORTED;
return;
}
^ permalink raw reply [flat|nested] 305+ messages in thread
* [PATCH 6.0 214/289] x86/pm: Add enumeration check before spec MSRs save/restore setup
2022-11-30 18:19 [PATCH 6.0 000/289] 6.0.11-rc1 review Greg Kroah-Hartman
` (212 preceding siblings ...)
2022-11-30 18:23 ` [PATCH 6.0 213/289] x86/tsx: Add a feature bit for TSX control MSR support Greg Kroah-Hartman
@ 2022-11-30 18:23 ` Greg Kroah-Hartman
2022-11-30 18:23 ` [PATCH 6.0 215/289] x86/ioremap: Fix page aligned size calculation in __ioremap_caller() Greg Kroah-Hartman
` (84 subsequent siblings)
298 siblings, 0 replies; 305+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-30 18:23 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Hans de Goede, Pawan Gupta,
Borislav Petkov, Dave Hansen, Rafael J. Wysocki, stable
From: Pawan Gupta <pawan.kumar.gupta@linux.intel.com>
commit 50bcceb7724e471d9b591803889df45dcbb584bc upstream.
pm_save_spec_msr() keeps a list of all the MSRs which _might_ need
to be saved and restored at hibernate and resume. However, it has
zero awareness of CPU support for these MSRs. It mostly works by
unconditionally attempting to manipulate these MSRs and relying on
rdmsrl_safe() being able to handle a #GP on CPUs where the support is
unavailable.
However, it's possible for reads (RDMSR) to be supported for a given MSR
while writes (WRMSR) are not. In this case, msr_build_context() sees
a successful read (RDMSR) and marks the MSR as valid. Then, later, a
write (WRMSR) fails, producing a nasty (but harmless) error message.
This causes restore_processor_state() to try and restore it, but writing
this MSR is not allowed on the Intel Atom N2600 leading to:
unchecked MSR access error: WRMSR to 0x122 (tried to write 0x0000000000000002) \
at rIP: 0xffffffff8b07a574 (native_write_msr+0x4/0x20)
Call Trace:
<TASK>
restore_processor_state
x86_acpi_suspend_lowlevel
acpi_suspend_enter
suspend_devices_and_enter
pm_suspend.cold
state_store
kernfs_fop_write_iter
vfs_write
ksys_write
do_syscall_64
? do_syscall_64
? up_read
? lock_is_held_type
? asm_exc_page_fault
? lockdep_hardirqs_on
entry_SYSCALL_64_after_hwframe
To fix this, add the corresponding X86_FEATURE bit for each MSR. Avoid
trying to manipulate the MSR when the feature bit is clear. This
required adding a X86_FEATURE bit for MSRs that do not have one already,
but it's a small price to pay.
[ bp: Move struct msr_enumeration inside the only function that uses it. ]
Fixes: 73924ec4d560 ("x86/pm: Save the MSR validity status at context setup")
Reported-by: Hans de Goede <hdegoede@redhat.com>
Signed-off-by: Pawan Gupta <pawan.kumar.gupta@linux.intel.com>
Signed-off-by: Borislav Petkov <bp@suse.de>
Reviewed-by: Dave Hansen <dave.hansen@linux.intel.com>
Acked-by: Rafael J. Wysocki <rafael.j.wysocki@intel.com>
Cc: <stable@kernel.org>
Link: https://lore.kernel.org/r/c24db75d69df6e66c0465e13676ad3f2837a2ed8.1668539735.git.pawan.kumar.gupta@linux.intel.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
arch/x86/power/cpu.c | 23 +++++++++++++++--------
1 file changed, 15 insertions(+), 8 deletions(-)
--- a/arch/x86/power/cpu.c
+++ b/arch/x86/power/cpu.c
@@ -513,16 +513,23 @@ static int pm_cpu_check(const struct x86
static void pm_save_spec_msr(void)
{
- u32 spec_msr_id[] = {
- MSR_IA32_SPEC_CTRL,
- MSR_IA32_TSX_CTRL,
- MSR_TSX_FORCE_ABORT,
- MSR_IA32_MCU_OPT_CTRL,
- MSR_AMD64_LS_CFG,
- MSR_AMD64_DE_CFG,
+ struct msr_enumeration {
+ u32 msr_no;
+ u32 feature;
+ } msr_enum[] = {
+ { MSR_IA32_SPEC_CTRL, X86_FEATURE_MSR_SPEC_CTRL },
+ { MSR_IA32_TSX_CTRL, X86_FEATURE_MSR_TSX_CTRL },
+ { MSR_TSX_FORCE_ABORT, X86_FEATURE_TSX_FORCE_ABORT },
+ { MSR_IA32_MCU_OPT_CTRL, X86_FEATURE_SRBDS_CTRL },
+ { MSR_AMD64_LS_CFG, X86_FEATURE_LS_CFG_SSBD },
+ { MSR_AMD64_DE_CFG, X86_FEATURE_LFENCE_RDTSC },
};
+ int i;
- msr_build_context(spec_msr_id, ARRAY_SIZE(spec_msr_id));
+ for (i = 0; i < ARRAY_SIZE(msr_enum); i++) {
+ if (boot_cpu_has(msr_enum[i].feature))
+ msr_build_context(&msr_enum[i].msr_no, 1);
+ }
}
static int pm_check_save_msr(void)
^ permalink raw reply [flat|nested] 305+ messages in thread
* [PATCH 6.0 215/289] x86/ioremap: Fix page aligned size calculation in __ioremap_caller()
2022-11-30 18:19 [PATCH 6.0 000/289] 6.0.11-rc1 review Greg Kroah-Hartman
` (213 preceding siblings ...)
2022-11-30 18:23 ` [PATCH 6.0 214/289] x86/pm: Add enumeration check before spec MSRs save/restore setup Greg Kroah-Hartman
@ 2022-11-30 18:23 ` Greg Kroah-Hartman
2022-11-30 18:23 ` [PATCH 6.0 216/289] mm: fix unexpected changes to {failslab|fail_page_alloc}.attr Greg Kroah-Hartman
` (83 subsequent siblings)
298 siblings, 0 replies; 305+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-30 18:23 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Michael Kelley, Borislav Petkov,
Dave Hansen, stable
From: Michael Kelley <mikelley@microsoft.com>
commit 4dbd6a3e90e03130973688fd79e19425f720d999 upstream.
Current code re-calculates the size after aligning the starting and
ending physical addresses on a page boundary. But the re-calculation
also embeds the masking of high order bits that exceed the size of
the physical address space (via PHYSICAL_PAGE_MASK). If the masking
removes any high order bits, the size calculation results in a huge
value that is likely to immediately fail.
Fix this by re-calculating the page-aligned size first. Then mask any
high order bits using PHYSICAL_PAGE_MASK.
Fixes: ffa71f33a820 ("x86, ioremap: Fix incorrect physical address handling in PAE mode")
Signed-off-by: Michael Kelley <mikelley@microsoft.com>
Signed-off-by: Borislav Petkov <bp@suse.de>
Acked-by: Dave Hansen <dave.hansen@linux.intel.com>
Cc: <stable@kernel.org>
Link: https://lore.kernel.org/r/1668624097-14884-2-git-send-email-mikelley@microsoft.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
arch/x86/mm/ioremap.c | 8 +++++++-
1 file changed, 7 insertions(+), 1 deletion(-)
--- a/arch/x86/mm/ioremap.c
+++ b/arch/x86/mm/ioremap.c
@@ -216,9 +216,15 @@ __ioremap_caller(resource_size_t phys_ad
* Mappings have to be page-aligned
*/
offset = phys_addr & ~PAGE_MASK;
- phys_addr &= PHYSICAL_PAGE_MASK;
+ phys_addr &= PAGE_MASK;
size = PAGE_ALIGN(last_addr+1) - phys_addr;
+ /*
+ * Mask out any bits not part of the actual physical
+ * address, like memory encryption bits.
+ */
+ phys_addr &= PHYSICAL_PAGE_MASK;
+
retval = memtype_reserve(phys_addr, (u64)phys_addr + size,
pcm, &new_pcm);
if (retval) {
^ permalink raw reply [flat|nested] 305+ messages in thread
* [PATCH 6.0 216/289] mm: fix unexpected changes to {failslab|fail_page_alloc}.attr
2022-11-30 18:19 [PATCH 6.0 000/289] 6.0.11-rc1 review Greg Kroah-Hartman
` (214 preceding siblings ...)
2022-11-30 18:23 ` [PATCH 6.0 215/289] x86/ioremap: Fix page aligned size calculation in __ioremap_caller() Greg Kroah-Hartman
@ 2022-11-30 18:23 ` Greg Kroah-Hartman
2022-11-30 18:23 ` [PATCH 6.0 217/289] mm: correctly charge compressed memory to its memcg Greg Kroah-Hartman
` (82 subsequent siblings)
298 siblings, 0 replies; 305+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-30 18:23 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Qi Zheng, Dmitry Vyukov,
Akinobu Mita, Jason Gunthorpe, Matthew Wilcox, Andrew Morton
From: Qi Zheng <zhengqi.arch@bytedance.com>
commit ea4452de2ae987342fadbdd2c044034e6480daad upstream.
When we specify __GFP_NOWARN, we only expect that no warnings will be
issued for current caller. But in the __should_failslab() and
__should_fail_alloc_page(), the local GFP flags alter the global
{failslab|fail_page_alloc}.attr, which is persistent and shared by all
tasks. This is not what we expected, let's fix it.
[akpm@linux-foundation.org: unexport should_fail_ex()]
Link: https://lkml.kernel.org/r/20221118100011.2634-1-zhengqi.arch@bytedance.com
Fixes: 3f913fc5f974 ("mm: fix missing handler for __GFP_NOWARN")
Signed-off-by: Qi Zheng <zhengqi.arch@bytedance.com>
Reported-by: Dmitry Vyukov <dvyukov@google.com>
Reviewed-by: Akinobu Mita <akinobu.mita@gmail.com>
Reviewed-by: Jason Gunthorpe <jgg@nvidia.com>
Cc: Akinobu Mita <akinobu.mita@gmail.com>
Cc: Matthew Wilcox <willy@infradead.org>
Cc: <stable@vger.kernel.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
include/linux/fault-inject.h | 7 +++++--
lib/fault-inject.c | 13 ++++++++-----
mm/failslab.c | 12 ++++++++++--
mm/page_alloc.c | 7 +++++--
4 files changed, 28 insertions(+), 11 deletions(-)
--- a/include/linux/fault-inject.h
+++ b/include/linux/fault-inject.h
@@ -20,7 +20,6 @@ struct fault_attr {
atomic_t space;
unsigned long verbose;
bool task_filter;
- bool no_warn;
unsigned long stacktrace_depth;
unsigned long require_start;
unsigned long require_end;
@@ -32,6 +31,10 @@ struct fault_attr {
struct dentry *dname;
};
+enum fault_flags {
+ FAULT_NOWARN = 1 << 0,
+};
+
#define FAULT_ATTR_INITIALIZER { \
.interval = 1, \
.times = ATOMIC_INIT(1), \
@@ -40,11 +43,11 @@ struct fault_attr {
.ratelimit_state = RATELIMIT_STATE_INIT_DISABLED, \
.verbose = 2, \
.dname = NULL, \
- .no_warn = false, \
}
#define DECLARE_FAULT_ATTR(name) struct fault_attr name = FAULT_ATTR_INITIALIZER
int setup_fault_attr(struct fault_attr *attr, char *str);
+bool should_fail_ex(struct fault_attr *attr, ssize_t size, int flags);
bool should_fail(struct fault_attr *attr, ssize_t size);
#ifdef CONFIG_FAULT_INJECTION_DEBUG_FS
--- a/lib/fault-inject.c
+++ b/lib/fault-inject.c
@@ -41,9 +41,6 @@ EXPORT_SYMBOL_GPL(setup_fault_attr);
static void fail_dump(struct fault_attr *attr)
{
- if (attr->no_warn)
- return;
-
if (attr->verbose > 0 && __ratelimit(&attr->ratelimit_state)) {
printk(KERN_NOTICE "FAULT_INJECTION: forcing a failure.\n"
"name %pd, interval %lu, probability %lu, "
@@ -103,7 +100,7 @@ static inline bool fail_stacktrace(struc
* http://www.nongnu.org/failmalloc/
*/
-bool should_fail(struct fault_attr *attr, ssize_t size)
+bool should_fail_ex(struct fault_attr *attr, ssize_t size, int flags)
{
if (in_task()) {
unsigned int fail_nth = READ_ONCE(current->fail_nth);
@@ -146,13 +143,19 @@ bool should_fail(struct fault_attr *attr
return false;
fail:
- fail_dump(attr);
+ if (!(flags & FAULT_NOWARN))
+ fail_dump(attr);
if (atomic_read(&attr->times) != -1)
atomic_dec_not_zero(&attr->times);
return true;
}
+
+bool should_fail(struct fault_attr *attr, ssize_t size)
+{
+ return should_fail_ex(attr, size, 0);
+}
EXPORT_SYMBOL_GPL(should_fail);
#ifdef CONFIG_FAULT_INJECTION_DEBUG_FS
--- a/mm/failslab.c
+++ b/mm/failslab.c
@@ -16,6 +16,8 @@ static struct {
bool __should_failslab(struct kmem_cache *s, gfp_t gfpflags)
{
+ int flags = 0;
+
/* No fault-injection for bootstrap cache */
if (unlikely(s == kmem_cache))
return false;
@@ -30,10 +32,16 @@ bool __should_failslab(struct kmem_cache
if (failslab.cache_filter && !(s->flags & SLAB_FAILSLAB))
return false;
+ /*
+ * In some cases, it expects to specify __GFP_NOWARN
+ * to avoid printing any information(not just a warning),
+ * thus avoiding deadlocks. See commit 6b9dbedbe349 for
+ * details.
+ */
if (gfpflags & __GFP_NOWARN)
- failslab.attr.no_warn = true;
+ flags |= FAULT_NOWARN;
- return should_fail(&failslab.attr, s->object_size);
+ return should_fail_ex(&failslab.attr, s->object_size, flags);
}
static int __init setup_failslab(char *str)
--- a/mm/page_alloc.c
+++ b/mm/page_alloc.c
@@ -3883,6 +3883,8 @@ __setup("fail_page_alloc=", setup_fail_p
static bool __should_fail_alloc_page(gfp_t gfp_mask, unsigned int order)
{
+ int flags = 0;
+
if (order < fail_page_alloc.min_order)
return false;
if (gfp_mask & __GFP_NOFAIL)
@@ -3893,10 +3895,11 @@ static bool __should_fail_alloc_page(gfp
(gfp_mask & __GFP_DIRECT_RECLAIM))
return false;
+ /* See comment in __should_failslab() */
if (gfp_mask & __GFP_NOWARN)
- fail_page_alloc.attr.no_warn = true;
+ flags |= FAULT_NOWARN;
- return should_fail(&fail_page_alloc.attr, 1 << order);
+ return should_fail_ex(&fail_page_alloc.attr, 1 << order, flags);
}
#ifdef CONFIG_FAULT_INJECTION_DEBUG_FS
^ permalink raw reply [flat|nested] 305+ messages in thread
* [PATCH 6.0 217/289] mm: correctly charge compressed memory to its memcg
2022-11-30 18:19 [PATCH 6.0 000/289] 6.0.11-rc1 review Greg Kroah-Hartman
` (215 preceding siblings ...)
2022-11-30 18:23 ` [PATCH 6.0 216/289] mm: fix unexpected changes to {failslab|fail_page_alloc}.attr Greg Kroah-Hartman
@ 2022-11-30 18:23 ` Greg Kroah-Hartman
2022-11-30 18:23 ` [PATCH 6.0 218/289] LoongArch: Clear FPU/SIMD thread info flags for kernel thread Greg Kroah-Hartman
` (81 subsequent siblings)
298 siblings, 0 replies; 305+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-30 18:23 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Li Liguang, Johannes Weiner,
Shakeel Butt, Muchun Song, Michal Hocko, Roman Gushchin,
Andrew Morton
From: Li Liguang <liliguang@baidu.com>
commit cd08d80ecdac577bad2e8d6805c7a3859fdefb8d upstream.
Kswapd will reclaim memory when memory pressure is high, the annonymous
memory will be compressed and stored in the zpool if zswap is enabled.
The memcg_kmem_bypass() in get_obj_cgroup_from_page() will bypass the
kernel thread and cause the compressed memory not be charged to its memory
cgroup.
Remove the memcg_kmem_bypass() call and properly charge compressed memory
to its corresponding memory cgroup.
Link: https://lore.kernel.org/linux-mm/CALvZod4nnn8BHYqAM4xtcR0Ddo2-Wr8uKm9h_CHWUaXw7g_DCg@mail.gmail.com/
Link: https://lkml.kernel.org/r/20221114194828.100822-1-hannes@cmpxchg.org
Fixes: f4840ccfca25 ("zswap: memcg accounting")
Signed-off-by: Li Liguang <liliguang@baidu.com>
Signed-off-by: Johannes Weiner <hannes@cmpxchg.org>
Acked-by: Shakeel Butt <shakeelb@google.com>
Reviewed-by: Muchun Song <songmuchun@bytedance.com>
Cc: Michal Hocko <mhocko@suse.com>
Cc: Roman Gushchin <roman.gushchin@linux.dev>
Cc: <stable@vger.kernel.org> [5.19+]
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
mm/memcontrol.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/mm/memcontrol.c
+++ b/mm/memcontrol.c
@@ -2971,7 +2971,7 @@ struct obj_cgroup *get_obj_cgroup_from_p
{
struct obj_cgroup *objcg;
- if (!memcg_kmem_enabled() || memcg_kmem_bypass())
+ if (!memcg_kmem_enabled())
return NULL;
if (PageMemcgKmem(page)) {
^ permalink raw reply [flat|nested] 305+ messages in thread
* [PATCH 6.0 218/289] LoongArch: Clear FPU/SIMD thread info flags for kernel thread
2022-11-30 18:19 [PATCH 6.0 000/289] 6.0.11-rc1 review Greg Kroah-Hartman
` (216 preceding siblings ...)
2022-11-30 18:23 ` [PATCH 6.0 217/289] mm: correctly charge compressed memory to its memcg Greg Kroah-Hartman
@ 2022-11-30 18:23 ` Greg Kroah-Hartman
2022-11-30 18:23 ` [PATCH 6.0 219/289] LoongArch: Set _PAGE_DIRTY only if _PAGE_WRITE is set in {pmd,pte}_mkdirty() Greg Kroah-Hartman
` (80 subsequent siblings)
298 siblings, 0 replies; 305+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-30 18:23 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Qi Hu, Huacai Chen
From: Huacai Chen <chenhuacai@loongson.cn>
commit e428e9613531d1ef6bd0d91352899712b29134fb upstream.
If a kernel thread is created by a user thread, it may carry FPU/SIMD
thread info flags (TIF_USEDFPU, TIF_USEDSIMD, etc.). Then it will be
considered as a fpu owner and kernel try to save its FPU/SIMD context
and cause such errors:
[ 41.518931] do_fpu invoked from kernel context![#1]:
[ 41.523933] CPU: 1 PID: 395 Comm: iou-wrk-394 Not tainted 6.1.0-rc5+ #217
[ 41.530757] Hardware name: Loongson Loongson-3A5000-7A1000-1w-CRB/Loongson-LS3A5000-7A1000-1w-CRB, BIOS vUDK2018-LoongArch-V2.0.pre-beta8 08/18/2022
[ 41.544064] $ 0 : 0000000000000000 90000000011e9468 9000000106c7c000 9000000106c7fcf0
[ 41.552101] $ 4 : 9000000106305d40 9000000106689800 9000000106c7fd08 0000000003995818
[ 41.560138] $ 8 : 0000000000000001 90000000009a72e4 0000000000000020 fffffffffffffffc
[ 41.568174] $12 : 0000000000000000 0000000000000000 0000000000000020 00000009aab7e130
[ 41.576211] $16 : 00000000000001ff 0000000000000407 0000000000000001 0000000000000000
[ 41.584247] $20 : 0000000000000000 0000000000000001 9000000106c7fd70 90000001002f0400
[ 41.592284] $24 : 0000000000000000 900000000178f740 90000000011e9834 90000001063057c0
[ 41.600320] $28 : 0000000000000000 0000000000000001 9000000006826b40 9000000106305140
[ 41.608356] era : 9000000000228848 _save_fp+0x0/0xd8
[ 41.613542] ra : 90000000011e9468 __schedule+0x568/0x8d0
[ 41.619160] CSR crmd: 000000b0
[ 41.619163] CSR prmd: 00000000
[ 41.622359] CSR euen: 00000000
[ 41.625558] CSR ecfg: 00071c1c
[ 41.628756] CSR estat: 000f0000
[ 41.635239] ExcCode : f (SubCode 0)
[ 41.638783] PrId : 0014c010 (Loongson-64bit)
[ 41.643191] Modules linked in: acpi_ipmi vfat fat ipmi_si ipmi_devintf cfg80211 ipmi_msghandler rfkill fuse efivarfs
[ 41.653734] Process iou-wrk-394 (pid: 395, threadinfo=0000000004ebe913, task=00000000636fa1be)
[ 41.662375] Stack : 00000000ffff0875 9000000006800ec0 9000000006800ec0 90000000002d57e0
[ 41.670412] 0000000000000001 0000000000000000 9000000106535880 0000000000000001
[ 41.678450] 9000000105291800 0000000000000000 9000000105291838 900000000178e000
[ 41.686487] 9000000106c7fd90 9000000106305140 0000000000000001 90000000011e9834
[ 41.694523] 00000000ffff0875 90000000011f034c 9000000105291838 9000000105291830
[ 41.702561] 0000000000000000 9000000006801440 00000000ffff0875 90000000002d48c0
[ 41.710597] 9000000128800001 9000000106305140 9000000105291838 9000000105291838
[ 41.718634] 9000000105291830 9000000107811740 9000000105291848 90000000009bf1e0
[ 41.726672] 9000000105291830 9000000107811748 2d6b72772d756f69 0000000000343933
[ 41.734708] 0000000000000000 0000000000000000 0000000000000000 0000000000000000
[ 41.742745] ...
[ 41.745252] Call Trace:
[ 42.197868] [<9000000000228848>] _save_fp+0x0/0xd8
[ 42.205214] [<90000000011ed468>] __schedule+0x568/0x8d0
[ 42.210485] [<90000000011ed834>] schedule+0x64/0xd4
[ 42.215411] [<90000000011f434c>] schedule_timeout+0x88/0x188
[ 42.221115] [<90000000009c36d0>] io_wqe_worker+0x184/0x350
[ 42.226645] [<9000000000221cf0>] ret_from_kernel_thread+0xc/0x9c
This can be easily triggered by ltp testcase syscalls/io_uring02 and it
can also be easily fixed by clearing the FPU/SIMD thread info flags for
kernel threads in copy_thread().
Cc: stable@vger.kernel.org
Reported-by: Qi Hu <huqi@loongson.cn>
Signed-off-by: Huacai Chen <chenhuacai@loongson.cn>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
arch/loongarch/kernel/process.c | 9 +++++----
1 file changed, 5 insertions(+), 4 deletions(-)
--- a/arch/loongarch/kernel/process.c
+++ b/arch/loongarch/kernel/process.c
@@ -152,7 +152,7 @@ int copy_thread(struct task_struct *p, c
childregs->csr_crmd = p->thread.csr_crmd;
childregs->csr_prmd = p->thread.csr_prmd;
childregs->csr_ecfg = p->thread.csr_ecfg;
- return 0;
+ goto out;
}
/* user thread */
@@ -171,14 +171,15 @@ int copy_thread(struct task_struct *p, c
*/
childregs->csr_euen = 0;
+ if (clone_flags & CLONE_SETTLS)
+ childregs->regs[2] = tls;
+
+out:
clear_tsk_thread_flag(p, TIF_USEDFPU);
clear_tsk_thread_flag(p, TIF_USEDSIMD);
clear_tsk_thread_flag(p, TIF_LSX_CTX_LIVE);
clear_tsk_thread_flag(p, TIF_LASX_CTX_LIVE);
- if (clone_flags & CLONE_SETTLS)
- childregs->regs[2] = tls;
-
return 0;
}
^ permalink raw reply [flat|nested] 305+ messages in thread
* [PATCH 6.0 219/289] LoongArch: Set _PAGE_DIRTY only if _PAGE_WRITE is set in {pmd,pte}_mkdirty()
2022-11-30 18:19 [PATCH 6.0 000/289] 6.0.11-rc1 review Greg Kroah-Hartman
` (217 preceding siblings ...)
2022-11-30 18:23 ` [PATCH 6.0 218/289] LoongArch: Clear FPU/SIMD thread info flags for kernel thread Greg Kroah-Hartman
@ 2022-11-30 18:23 ` Greg Kroah-Hartman
2022-11-30 18:23 ` [PATCH 6.0 220/289] ASoC: SOF: Fix compilation when HDA_AUDIO_CODEC config is disabled Greg Kroah-Hartman
` (79 subsequent siblings)
298 siblings, 0 replies; 305+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-30 18:23 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Peter Xu, Huacai Chen
From: Huacai Chen <chenhuacai@loongson.cn>
commit bf2f34a506e66e2979de6b17c337c5d4b25b4d2c upstream.
Now {pmd,pte}_mkdirty() set _PAGE_DIRTY bit unconditionally, this causes
random segmentation fault after commit 0ccf7f168e17bb7e ("mm/thp: carry
over dirty bit when thp splits on pmd").
The reason is: when fork(), parent process use pmd_wrprotect() to clear
huge page's _PAGE_WRITE and _PAGE_DIRTY (for COW); then pte_mkdirty() set
_PAGE_DIRTY as well as _PAGE_MODIFIED while splitting dirty huge pages;
once _PAGE_DIRTY is set, there will be no tlb modify exception so the COW
machanism fails; and at last memory corruption occurred between parent
and child processes.
So, we should set _PAGE_DIRTY only when _PAGE_WRITE is set in {pmd,pte}_
mkdirty().
Cc: stable@vger.kernel.org
Cc: Peter Xu <peterx@redhat.com>
Signed-off-by: Huacai Chen <chenhuacai@loongson.cn>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
arch/loongarch/include/asm/pgtable.h | 8 ++++++--
1 file changed, 6 insertions(+), 2 deletions(-)
--- a/arch/loongarch/include/asm/pgtable.h
+++ b/arch/loongarch/include/asm/pgtable.h
@@ -349,7 +349,9 @@ static inline pte_t pte_mkclean(pte_t pt
static inline pte_t pte_mkdirty(pte_t pte)
{
- pte_val(pte) |= (_PAGE_DIRTY | _PAGE_MODIFIED);
+ pte_val(pte) |= _PAGE_MODIFIED;
+ if (pte_val(pte) & _PAGE_WRITE)
+ pte_val(pte) |= _PAGE_DIRTY;
return pte;
}
@@ -475,7 +477,9 @@ static inline pmd_t pmd_mkclean(pmd_t pm
static inline pmd_t pmd_mkdirty(pmd_t pmd)
{
- pmd_val(pmd) |= (_PAGE_DIRTY | _PAGE_MODIFIED);
+ pmd_val(pmd) |= _PAGE_MODIFIED;
+ if (pmd_val(pmd) & _PAGE_WRITE)
+ pmd_val(pmd) |= _PAGE_DIRTY;
return pmd;
}
^ permalink raw reply [flat|nested] 305+ messages in thread
* [PATCH 6.0 220/289] ASoC: SOF: Fix compilation when HDA_AUDIO_CODEC config is disabled
2022-11-30 18:19 [PATCH 6.0 000/289] 6.0.11-rc1 review Greg Kroah-Hartman
` (218 preceding siblings ...)
2022-11-30 18:23 ` [PATCH 6.0 219/289] LoongArch: Set _PAGE_DIRTY only if _PAGE_WRITE is set in {pmd,pte}_mkdirty() Greg Kroah-Hartman
@ 2022-11-30 18:23 ` Greg Kroah-Hartman
2022-11-30 18:23 ` [PATCH 6.0 221/289] ASoC: Intel: fix unused-variable warning in probe_codec Greg Kroah-Hartman
` (78 subsequent siblings)
298 siblings, 0 replies; 305+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-30 18:23 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, kernel test robot, Cezary Rojewski,
Mark Brown, Takashi Iwai
From: Cezary Rojewski <cezary.rojewski@intel.com>
commit 1cda83e42bf66beb06bf61c7a78951ec0c028898 upstream.
hda_codec_device_init() expects three parameters, not two.
Fixes: 3fd63658caed ("ASoC: Intel: Drop hdac_ext usage for codec device creation")
Reported-by: kernel test robot <lkp@intel.com>
Signed-off-by: Cezary Rojewski <cezary.rojewski@intel.com>
Acked-by: Mark Brown <broonie@kernel.org>
Link: https://lore.kernel.org/r/20220819124740.3564862-1-cezary.rojewski@intel.com
Signed-off-by: Takashi Iwai <tiwai@suse.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
sound/soc/sof/intel/hda-codec.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/sound/soc/sof/intel/hda-codec.c
+++ b/sound/soc/sof/intel/hda-codec.c
@@ -213,7 +213,7 @@ out:
put_device(&codec->core.dev);
}
#else
- codec = hda_codec_device_init(&hbus->core, address);
+ codec = hda_codec_device_init(&hbus->core, address, HDA_DEV_ASOC);
ret = PTR_ERR_OR_ZERO(codec);
#endif
^ permalink raw reply [flat|nested] 305+ messages in thread
* [PATCH 6.0 221/289] ASoC: Intel: fix unused-variable warning in probe_codec
2022-11-30 18:19 [PATCH 6.0 000/289] 6.0.11-rc1 review Greg Kroah-Hartman
` (219 preceding siblings ...)
2022-11-30 18:23 ` [PATCH 6.0 220/289] ASoC: SOF: Fix compilation when HDA_AUDIO_CODEC config is disabled Greg Kroah-Hartman
@ 2022-11-30 18:23 ` Greg Kroah-Hartman
2022-11-30 18:23 ` [PATCH 6.0 222/289] ASoC: Intel: Skylake: fix possible memory leak in skl_codec_device_init() Greg Kroah-Hartman
` (77 subsequent siblings)
298 siblings, 0 replies; 305+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-30 18:23 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Gaosheng Cui, Cezary Rojewski, Mark Brown
From: Gaosheng Cui <cuigaosheng1@huawei.com>
commit 515626a33a194c4caaf2879dbf9e00e882582af0 upstream.
In configurations with CONFIG_SND_SOC_INTEL_SKYLAKE_HDAUDIO_CODEC=n,
gcc warns about an unused variable:
sound/soc/intel/skylake/skl.c: In function ‘probe_codec’:
sound/soc/intel/skylake/skl.c:729:18: error: unused variable ‘skl’ [-Werror=unused-variable]
struct skl_dev *skl = bus_to_skl(bus);
^~~
cc1: all warnings being treated as errors
Fixes: 3fd63658caed9 ("ASoC: Intel: Drop hdac_ext usage for codec device creation")
Signed-off-by: Gaosheng Cui <cuigaosheng1@huawei.com>
Acked-by: Cezary Rojewski <cezary.rojewski@intel.com>
Link: https://lore.kernel.org/r/20220822035133.2147381-1-cuigaosheng1@huawei.com
Signed-off-by: Mark Brown <broonie@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
sound/soc/intel/skylake/skl.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/sound/soc/intel/skylake/skl.c
+++ b/sound/soc/intel/skylake/skl.c
@@ -726,8 +726,8 @@ static int probe_codec(struct hdac_bus *
unsigned int cmd = (addr << 28) | (AC_NODE_ROOT << 20) |
(AC_VERB_PARAMETERS << 8) | AC_PAR_VENDOR_ID;
unsigned int res = -1;
- struct skl_dev *skl = bus_to_skl(bus);
#if IS_ENABLED(CONFIG_SND_SOC_INTEL_SKYLAKE_HDAUDIO_CODEC)
+ struct skl_dev *skl = bus_to_skl(bus);
struct hdac_hda_priv *hda_codec;
#endif
struct hda_codec *codec;
^ permalink raw reply [flat|nested] 305+ messages in thread
* [PATCH 6.0 222/289] ASoC: Intel: Skylake: fix possible memory leak in skl_codec_device_init()
2022-11-30 18:19 [PATCH 6.0 000/289] 6.0.11-rc1 review Greg Kroah-Hartman
` (220 preceding siblings ...)
2022-11-30 18:23 ` [PATCH 6.0 221/289] ASoC: Intel: fix unused-variable warning in probe_codec Greg Kroah-Hartman
@ 2022-11-30 18:23 ` Greg Kroah-Hartman
2022-11-30 18:23 ` [PATCH 6.0 223/289] ASoC: SOF: Intel: hda-codec: fix possible memory leak in hda_codec_device_init() Greg Kroah-Hartman
` (76 subsequent siblings)
298 siblings, 0 replies; 305+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-30 18:23 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Yang Yingliang, Cezary Rojewski, Mark Brown
From: Yang Yingliang <yangyingliang@huawei.com>
commit 0e213813df02da048ffd22a2c4fac041768ca327 upstream.
If snd_hdac_device_register() fails, 'codec' and name allocated in
dev_set_name() called in snd_hdac_device_init() are leaked. Fix this
by calling put_device(), so they can be freed in snd_hda_codec_dev_release()
and kobject_cleanup().
Fixes: e4746d94d00c ("ASoC: Intel: Skylake: Introduce HDA codec init and exit routines")
Signed-off-by: Yang Yingliang <yangyingliang@huawei.com>
Suggested-by: Cezary Rojewski <cezary.rojewski@intel.com>
Link: https://lore.kernel.org/r/20221020105937.1448951-1-yangyingliang@huawei.com
Signed-off-by: Mark Brown <broonie@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
sound/soc/intel/skylake/skl.c | 8 +-------
1 file changed, 1 insertion(+), 7 deletions(-)
--- a/sound/soc/intel/skylake/skl.c
+++ b/sound/soc/intel/skylake/skl.c
@@ -689,11 +689,6 @@ static void load_codec_module(struct hda
#endif /* CONFIG_SND_SOC_INTEL_SKYLAKE_HDAUDIO_CODEC */
-static void skl_codec_device_exit(struct device *dev)
-{
- snd_hdac_device_exit(dev_to_hdac_dev(dev));
-}
-
static struct hda_codec *skl_codec_device_init(struct hdac_bus *bus, int addr)
{
struct hda_codec *codec;
@@ -706,12 +701,11 @@ static struct hda_codec *skl_codec_devic
}
codec->core.type = HDA_DEV_ASOC;
- codec->core.dev.release = skl_codec_device_exit;
ret = snd_hdac_device_register(&codec->core);
if (ret) {
dev_err(bus->dev, "failed to register hdac device\n");
- snd_hdac_device_exit(&codec->core);
+ put_device(&codec->core.dev);
return ERR_PTR(ret);
}
^ permalink raw reply [flat|nested] 305+ messages in thread
* [PATCH 6.0 223/289] ASoC: SOF: Intel: hda-codec: fix possible memory leak in hda_codec_device_init()
2022-11-30 18:19 [PATCH 6.0 000/289] 6.0.11-rc1 review Greg Kroah-Hartman
` (221 preceding siblings ...)
2022-11-30 18:23 ` [PATCH 6.0 222/289] ASoC: Intel: Skylake: fix possible memory leak in skl_codec_device_init() Greg Kroah-Hartman
@ 2022-11-30 18:23 ` Greg Kroah-Hartman
2022-11-30 18:23 ` [PATCH 6.0 224/289] Input: synaptics - switch touchpad on HP Laptop 15-da3001TU to RMI mode Greg Kroah-Hartman
` (75 subsequent siblings)
298 siblings, 0 replies; 305+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-30 18:23 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Yang Yingliang, Kai Vehmanen, Mark Brown
From: Yang Yingliang <yangyingliang@huawei.com>
commit e9441675edc1bb8dbfadacf68aafacca60d65a25 upstream.
If snd_hdac_device_register() fails, 'codec' and name allocated in
dev_set_name() called in snd_hdac_device_init() are leaked. Fix this
by calling put_device(), so they can be freed in snd_hda_codec_dev_release()
and kobject_cleanup().
Fixes: 829c67319806 ("ASoC: SOF: Intel: Introduce HDA codec init and exit routines")
Fixes: dfe66a18780d ("ALSA: hdac_ext: add extended HDA bus")
Signed-off-by: Yang Yingliang <yangyingliang@huawei.com>
Reviewed-by: Kai Vehmanen <kai.vehmanen@linux.intel.com>
Link: https://lore.kernel.org/r/20221020110157.1450191-1-yangyingliang@huawei.com
Signed-off-by: Mark Brown <broonie@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
sound/soc/sof/intel/hda-codec.c | 8 +-------
1 file changed, 1 insertion(+), 7 deletions(-)
--- a/sound/soc/sof/intel/hda-codec.c
+++ b/sound/soc/sof/intel/hda-codec.c
@@ -109,11 +109,6 @@ EXPORT_SYMBOL_NS(hda_codec_jack_check, S
#define is_generic_config(x) 0
#endif
-static void hda_codec_device_exit(struct device *dev)
-{
- snd_hdac_device_exit(dev_to_hdac_dev(dev));
-}
-
static struct hda_codec *hda_codec_device_init(struct hdac_bus *bus, int addr, int type)
{
struct hda_codec *codec;
@@ -126,12 +121,11 @@ static struct hda_codec *hda_codec_devic
}
codec->core.type = type;
- codec->core.dev.release = hda_codec_device_exit;
ret = snd_hdac_device_register(&codec->core);
if (ret) {
dev_err(bus->dev, "failed to register hdac device\n");
- snd_hdac_device_exit(&codec->core);
+ put_device(&codec->core.dev);
return ERR_PTR(ret);
}
^ permalink raw reply [flat|nested] 305+ messages in thread
* [PATCH 6.0 224/289] Input: synaptics - switch touchpad on HP Laptop 15-da3001TU to RMI mode
2022-11-30 18:19 [PATCH 6.0 000/289] 6.0.11-rc1 review Greg Kroah-Hartman
` (222 preceding siblings ...)
2022-11-30 18:23 ` [PATCH 6.0 223/289] ASoC: SOF: Intel: hda-codec: fix possible memory leak in hda_codec_device_init() Greg Kroah-Hartman
@ 2022-11-30 18:23 ` Greg Kroah-Hartman
2022-11-30 18:23 ` [PATCH 6.0 225/289] ASoC: amd: yc: Add Alienware m17 R5 AMD into DMI table Greg Kroah-Hartman
` (74 subsequent siblings)
298 siblings, 0 replies; 305+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-30 18:23 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Aman Dhoot, Dmitry Torokhov, Sasha Levin
From: Aman Dhoot <amandhoot12@gmail.com>
[ Upstream commit ac5408991ea6b06e29129b4d4861097c4c3e0d59 ]
The device works fine in native RMI mode, there is no reason to use legacy
PS/2 mode with it.
Signed-off-by: Aman Dhoot <amandhoot12@gmail.com>
Signed-off-by: Dmitry Torokhov <dmitry.torokhov@gmail.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/input/mouse/synaptics.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/drivers/input/mouse/synaptics.c b/drivers/input/mouse/synaptics.c
index ffad142801b3..973a4c1d5d09 100644
--- a/drivers/input/mouse/synaptics.c
+++ b/drivers/input/mouse/synaptics.c
@@ -191,6 +191,7 @@ static const char * const smbus_pnp_ids[] = {
"SYN3221", /* HP 15-ay000 */
"SYN323d", /* HP Spectre X360 13-w013dx */
"SYN3257", /* HP Envy 13-ad105ng */
+ "SYN3286", /* HP Laptop 15-da3001TU */
NULL
};
--
2.35.1
^ permalink raw reply related [flat|nested] 305+ messages in thread
* [PATCH 6.0 225/289] ASoC: amd: yc: Add Alienware m17 R5 AMD into DMI table
2022-11-30 18:19 [PATCH 6.0 000/289] 6.0.11-rc1 review Greg Kroah-Hartman
` (223 preceding siblings ...)
2022-11-30 18:23 ` [PATCH 6.0 224/289] Input: synaptics - switch touchpad on HP Laptop 15-da3001TU to RMI mode Greg Kroah-Hartman
@ 2022-11-30 18:23 ` Greg Kroah-Hartman
2022-11-30 18:23 ` [PATCH 6.0 226/289] ASoC: Intel: bytcht_es8316: Add quirk for the Nanote UMPC-01 Greg Kroah-Hartman
` (73 subsequent siblings)
298 siblings, 0 replies; 305+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-30 18:23 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Brent Mendelsohn, Mario Limonciello,
Mark Brown, Sasha Levin
From: Brent Mendelsohn <mendiebm@gmail.com>
[ Upstream commit d40b6529c6269cd5afddb1116a383cab9f126694 ]
This model requires an additional detection quirk to enable the
internal microphone - BIOS doesn't seem to support AcpDmicConnected
(nothing in acpidump output).
Link: https://bugzilla.kernel.org/show_bug.cgi?id=216590
Signed-off-by: Brent Mendelsohn <mendiebm@gmail.com>
Reviewed-by: Mario Limonciello <mario.limonciello@amd.com>
Link: https://lore.kernel.org/r/20221024174227.4160-1-mendiebm@gmail.com
Signed-off-by: Mark Brown <broonie@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
sound/soc/amd/yc/acp6x-mach.c | 7 +++++++
1 file changed, 7 insertions(+)
diff --git a/sound/soc/amd/yc/acp6x-mach.c b/sound/soc/amd/yc/acp6x-mach.c
index 6c0f1de10429..d9715bea965e 100644
--- a/sound/soc/amd/yc/acp6x-mach.c
+++ b/sound/soc/amd/yc/acp6x-mach.c
@@ -206,6 +206,13 @@ static const struct dmi_system_id yc_acp_quirk_table[] = {
DMI_MATCH(DMI_PRODUCT_NAME, "UM5302TA"),
}
},
+ {
+ .driver_data = &acp6x_card,
+ .matches = {
+ DMI_MATCH(DMI_BOARD_VENDOR, "Alienware"),
+ DMI_MATCH(DMI_PRODUCT_NAME, "Alienware m17 R5 AMD"),
+ }
+ },
{}
};
--
2.35.1
^ permalink raw reply related [flat|nested] 305+ messages in thread
* [PATCH 6.0 226/289] ASoC: Intel: bytcht_es8316: Add quirk for the Nanote UMPC-01
2022-11-30 18:19 [PATCH 6.0 000/289] 6.0.11-rc1 review Greg Kroah-Hartman
` (224 preceding siblings ...)
2022-11-30 18:23 ` [PATCH 6.0 225/289] ASoC: amd: yc: Add Alienware m17 R5 AMD into DMI table Greg Kroah-Hartman
@ 2022-11-30 18:23 ` Greg Kroah-Hartman
2022-11-30 18:23 ` [PATCH 6.0 227/289] ASoC: Intel: soc-acpi: add ES83x6 support to IceLake Greg Kroah-Hartman
` (72 subsequent siblings)
298 siblings, 0 replies; 305+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-30 18:23 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Hans de Goede, Pierre-Louis Bossart,
Mark Brown, Sasha Levin
From: Hans de Goede <hdegoede@redhat.com>
[ Upstream commit 8bb0ac0e6f64ebdf15d963c26b028de391c9bcf9 ]
The Nanote UMPC-01 mini laptop has stereo speakers, while the default
bytcht_es8316 settings assume a mono speaker setup. Add a quirk for this.
Signed-off-by: Hans de Goede <hdegoede@redhat.com>
Acked-by: Pierre-Louis Bossart <pierre-louis.bossart@linux.intel.com>
Link: https://lore.kernel.org/r/20221025140942.509066-1-hdegoede@redhat.com
Signed-off-by: Mark Brown <broonie@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
sound/soc/intel/boards/bytcht_es8316.c | 7 +++++++
1 file changed, 7 insertions(+)
diff --git a/sound/soc/intel/boards/bytcht_es8316.c b/sound/soc/intel/boards/bytcht_es8316.c
index 6432b83f616f..a935c5fd9edb 100644
--- a/sound/soc/intel/boards/bytcht_es8316.c
+++ b/sound/soc/intel/boards/bytcht_es8316.c
@@ -443,6 +443,13 @@ static const struct dmi_system_id byt_cht_es8316_quirk_table[] = {
| BYT_CHT_ES8316_INTMIC_IN2_MAP
| BYT_CHT_ES8316_JD_INVERTED),
},
+ { /* Nanote UMPC-01 */
+ .matches = {
+ DMI_MATCH(DMI_SYS_VENDOR, "RWC CO.,LTD"),
+ DMI_MATCH(DMI_PRODUCT_NAME, "UMPC-01"),
+ },
+ .driver_data = (void *)BYT_CHT_ES8316_INTMIC_IN1_MAP,
+ },
{ /* Teclast X98 Plus II */
.matches = {
DMI_MATCH(DMI_SYS_VENDOR, "TECLAST"),
--
2.35.1
^ permalink raw reply related [flat|nested] 305+ messages in thread
* [PATCH 6.0 227/289] ASoC: Intel: soc-acpi: add ES83x6 support to IceLake
2022-11-30 18:19 [PATCH 6.0 000/289] 6.0.11-rc1 review Greg Kroah-Hartman
` (225 preceding siblings ...)
2022-11-30 18:23 ` [PATCH 6.0 226/289] ASoC: Intel: bytcht_es8316: Add quirk for the Nanote UMPC-01 Greg Kroah-Hartman
@ 2022-11-30 18:23 ` Greg Kroah-Hartman
2022-11-30 18:23 ` [PATCH 6.0 228/289] tools: iio: iio_generic_buffer: Fix read size Greg Kroah-Hartman
` (71 subsequent siblings)
298 siblings, 0 replies; 305+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-30 18:23 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Pierre-Louis Bossart, Bard Liao,
Mark Brown, Sasha Levin
From: Pierre-Louis Bossart <pierre-louis.bossart@linux.intel.com>
[ Upstream commit 9a1d248bb4beaf1b43d17ba12481ee0629fa29b9 ]
Missing entry to find a machine driver for ES83x6-based platforms.
Link: https://github.com/thesofproject/linux/issues/3873
Signed-off-by: Pierre-Louis Bossart <pierre-louis.bossart@linux.intel.com>
Reviewed-by: Bard Liao <yung-chuan.liao@linux.intel.com>
Link: https://lore.kernel.org/r/20221031195836.250193-1-pierre-louis.bossart@linux.intel.com
Signed-off-by: Mark Brown <broonie@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
sound/soc/intel/common/soc-acpi-intel-icl-match.c | 13 +++++++++++++
1 file changed, 13 insertions(+)
diff --git a/sound/soc/intel/common/soc-acpi-intel-icl-match.c b/sound/soc/intel/common/soc-acpi-intel-icl-match.c
index b032bc07de8b..d0062f2cd256 100644
--- a/sound/soc/intel/common/soc-acpi-intel-icl-match.c
+++ b/sound/soc/intel/common/soc-acpi-intel-icl-match.c
@@ -10,6 +10,11 @@
#include <sound/soc-acpi-intel-match.h>
#include "../skylake/skl.h"
+static const struct snd_soc_acpi_codecs essx_83x6 = {
+ .num_codecs = 3,
+ .codecs = { "ESSX8316", "ESSX8326", "ESSX8336"},
+};
+
static struct skl_machine_pdata icl_pdata = {
.use_tplg_pcm = true,
};
@@ -27,6 +32,14 @@ struct snd_soc_acpi_mach snd_soc_acpi_intel_icl_machines[] = {
.drv_name = "sof_rt5682",
.sof_tplg_filename = "sof-icl-rt5682.tplg",
},
+ {
+ .comp_ids = &essx_83x6,
+ .drv_name = "sof-essx8336",
+ .sof_tplg_filename = "sof-icl-es8336", /* the tplg suffix is added at run time */
+ .tplg_quirk_mask = SND_SOC_ACPI_TPLG_INTEL_SSP_NUMBER |
+ SND_SOC_ACPI_TPLG_INTEL_SSP_MSB |
+ SND_SOC_ACPI_TPLG_INTEL_DMIC_NUMBER,
+ },
{},
};
EXPORT_SYMBOL_GPL(snd_soc_acpi_intel_icl_machines);
--
2.35.1
^ permalink raw reply related [flat|nested] 305+ messages in thread
* [PATCH 6.0 228/289] tools: iio: iio_generic_buffer: Fix read size
2022-11-30 18:19 [PATCH 6.0 000/289] 6.0.11-rc1 review Greg Kroah-Hartman
` (226 preceding siblings ...)
2022-11-30 18:23 ` [PATCH 6.0 227/289] ASoC: Intel: soc-acpi: add ES83x6 support to IceLake Greg Kroah-Hartman
@ 2022-11-30 18:23 ` Greg Kroah-Hartman
2022-11-30 18:23 ` [PATCH 6.0 229/289] ASoC: hda: intel-dsp-config: add ES83x6 quirk for IceLake Greg Kroah-Hartman
` (70 subsequent siblings)
298 siblings, 0 replies; 305+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-30 18:23 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Matti Vaittinen, Jonathan Cameron,
Sasha Levin
From: Matti Vaittinen <mazziesaccount@gmail.com>
[ Upstream commit 7c919b619bcc68158921b1bd968f0e704549bbb6 ]
When noevents is true and small buffer is used the allocated memory for
holding the data may be smaller than the hard-coded 64 bytes. This can
cause the iio_generic_buffer to crash.
Following was recorded on beagle bone black with v6.0 kernel and the
digit fix patch:
https://lore.kernel.org/all/Y0f+tKCz+ZAIoroQ@dc75zzyyyyyyyyyyyyycy-3.rev.dnainternet.fi/
using valgrind;
==339== Using Valgrind-3.18.1 and LibVEX; rerun with -h for copyright info
==339== Command: /iio_generic_buffer -n kx022-accel -T0 -e -l 10 -a -w 2000000
==339== Parent PID: 307
==339==
==339== Syscall param read(buf) points to unaddressable byte(s)
==339== at 0x496BFA4: read (read.c:26)
==339== by 0x11699: main (iio_generic_buffer.c:724)
==339== Address 0x4ab3518 is 0 bytes after a block of size 160 alloc'd
==339== at 0x4864B70: malloc (vg_replace_malloc.c:381)
==339== by 0x115BB: main (iio_generic_buffer.c:677)
Fix this by always using the same size for reading as was used for
data storage allocation.
Signed-off-by: Matti Vaittinen <mazziesaccount@gmail.com>
Link: https://lore.kernel.org/r/Y0kMh0t5qUXJw3nQ@dc75zzyyyyyyyyyyyyycy-3.rev.dnainternet.fi
Signed-off-by: Jonathan Cameron <Jonathan.Cameron@huawei.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
tools/iio/iio_generic_buffer.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/tools/iio/iio_generic_buffer.c b/tools/iio/iio_generic_buffer.c
index 2491c54a5e4f..f8deae4e26a1 100644
--- a/tools/iio/iio_generic_buffer.c
+++ b/tools/iio/iio_generic_buffer.c
@@ -715,12 +715,12 @@ int main(int argc, char **argv)
continue;
}
- toread = buf_len;
} else {
usleep(timedelay);
- toread = 64;
}
+ toread = buf_len;
+
read_size = read(buf_fd, data, toread * scan_size);
if (read_size < 0) {
if (errno == EAGAIN) {
--
2.35.1
^ permalink raw reply related [flat|nested] 305+ messages in thread
* [PATCH 6.0 229/289] ASoC: hda: intel-dsp-config: add ES83x6 quirk for IceLake
2022-11-30 18:19 [PATCH 6.0 000/289] 6.0.11-rc1 review Greg Kroah-Hartman
` (227 preceding siblings ...)
2022-11-30 18:23 ` [PATCH 6.0 228/289] tools: iio: iio_generic_buffer: Fix read size Greg Kroah-Hartman
@ 2022-11-30 18:23 ` Greg Kroah-Hartman
2022-11-30 18:23 ` [PATCH 6.0 230/289] ASoC: SOF: ipc3-topology: use old pipeline teardown flow with SOF2.1 and older Greg Kroah-Hartman
` (69 subsequent siblings)
298 siblings, 0 replies; 305+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-30 18:23 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Pierre-Louis Bossart, Bard Liao,
Takashi Iwai, Mark Brown, Sasha Levin
From: Pierre-Louis Bossart <pierre-louis.bossart@linux.intel.com>
[ Upstream commit 5d73263f9e7c54ccb20814dc50809b9deb9e2bc7 ]
Yet another hardware variant we need to handle.
Link: https://github.com/thesofproject/linux/issues/3873
Signed-off-by: Pierre-Louis Bossart <pierre-louis.bossart@linux.intel.com>
Reviewed-by: Bard Liao <yung-chuan.liao@linux.intel.com>
Reviewed-by: Takashi Iwai <tiwai@suse.de>
Link: https://lore.kernel.org/r/20221031195639.250062-1-pierre-louis.bossart@linux.intel.com
Signed-off-by: Mark Brown <broonie@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
sound/hda/intel-dsp-config.c | 5 +++++
1 file changed, 5 insertions(+)
diff --git a/sound/hda/intel-dsp-config.c b/sound/hda/intel-dsp-config.c
index b9eb3208f288..ae31bb127594 100644
--- a/sound/hda/intel-dsp-config.c
+++ b/sound/hda/intel-dsp-config.c
@@ -320,6 +320,11 @@ static const struct config_entry config_table[] = {
{}
}
},
+ {
+ .flags = FLAG_SOF,
+ .device = 0x34c8,
+ .codec_hid = &essx_83x6,
+ },
{
.flags = FLAG_SOF | FLAG_SOF_ONLY_IF_DMIC_OR_SOUNDWIRE,
.device = 0x34c8,
--
2.35.1
^ permalink raw reply related [flat|nested] 305+ messages in thread
* [PATCH 6.0 230/289] ASoC: SOF: ipc3-topology: use old pipeline teardown flow with SOF2.1 and older
2022-11-30 18:19 [PATCH 6.0 000/289] 6.0.11-rc1 review Greg Kroah-Hartman
` (228 preceding siblings ...)
2022-11-30 18:23 ` [PATCH 6.0 229/289] ASoC: hda: intel-dsp-config: add ES83x6 quirk for IceLake Greg Kroah-Hartman
@ 2022-11-30 18:23 ` Greg Kroah-Hartman
2022-11-30 18:23 ` [PATCH 6.0 231/289] serial: 8250: 8250_omap: Avoid RS485 RTS glitch on ->set_termios() Greg Kroah-Hartman
` (68 subsequent siblings)
298 siblings, 0 replies; 305+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-30 18:23 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Kai Vehmanen, Pierre-Louis Bossart,
Ranjani Sridharan, Péter Ujfalusi, Mark Brown, Sasha Levin
From: Kai Vehmanen <kai.vehmanen@linux.intel.com>
[ Upstream commit 003b786b678919e072c2b12ffa73901ef840963e ]
Originally in commit b2ebcf42a48f ("ASoC: SOF: free widgets in
sof_tear_down_pipelines() for static pipelines"), freeing of pipeline
components at suspend was only done with recent FW as there were known
limitations in older firmware versions.
Tests show that if static pipelines are used, i.e. all pipelines are
setup whenever firmware is powered up, the reverse action of freeing all
components at power down, leads to firmware failures with also SOF2.0
and SOF2.1 based firmware.
The problems can be specific to certain topologies with e.g. components
not prepared to be freed at suspend (as this did not happen with older
SOF kernels).
To avoid hitting these problems when kernel is upgraded and used with an
older firmware, bump the firmware requirement to SOF2.2 or newer. If an
older firmware is used, and pipeline is a static one, do not free the
components at suspend. This ensures the suspend flow remains backwards
compatible with older firmware versions. This limitation does not apply
if the product configuration is updated to dynamic pipelines.
The limitation is not linked to firmware ABI, as the interface to free
pipeline components has been available already before ABI3.19. The
problem is in the implementation, so firmware version should be used to
decide whether it is safe to use the newer flow or not. This patch adds
a new SOF_FW_VER() macro to compare SOF firmware release versions.
Link: https://github.com/thesofproject/sof/issues/6475
Signed-off-by: Kai Vehmanen <kai.vehmanen@linux.intel.com>
Reviewed-by: Pierre-Louis Bossart <pierre-louis.bossart@linux.intel.com>
Reviewed-by: Ranjani Sridharan <ranjani.sridharan@linux.intel.com>
Reviewed-by: Péter Ujfalusi <peter.ujfalusi@linux.intel.com>
Link: https://lore.kernel.org/r/20221101114913.1292671-1-kai.vehmanen@linux.intel.com
Signed-off-by: Mark Brown <broonie@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
include/sound/sof/info.h | 4 ++++
sound/soc/sof/ipc3-topology.c | 15 ++++++++++-----
2 files changed, 14 insertions(+), 5 deletions(-)
diff --git a/include/sound/sof/info.h b/include/sound/sof/info.h
index 65e86e4e9fd8..75193850ead0 100644
--- a/include/sound/sof/info.h
+++ b/include/sound/sof/info.h
@@ -36,6 +36,10 @@ enum sof_ipc_ext_data {
SOF_IPC_EXT_USER_ABI_INFO = 4,
};
+/* Build u32 number in format MMmmmppp */
+#define SOF_FW_VER(MAJOR, MINOR, PATCH) ((uint32_t)( \
+ ((MAJOR) << 24) | ((MINOR) << 12) | (PATCH)))
+
/* FW version - SOF_IPC_GLB_VERSION */
struct sof_ipc_fw_version {
struct sof_ipc_hdr hdr;
diff --git a/sound/soc/sof/ipc3-topology.c b/sound/soc/sof/ipc3-topology.c
index a39b43850f0e..bf8a46463cec 100644
--- a/sound/soc/sof/ipc3-topology.c
+++ b/sound/soc/sof/ipc3-topology.c
@@ -2242,6 +2242,7 @@ static int sof_ipc3_tear_down_all_pipelines(struct snd_sof_dev *sdev, bool verif
struct sof_ipc_fw_version *v = &sdev->fw_ready.version;
struct snd_sof_widget *swidget;
struct snd_sof_route *sroute;
+ bool dyn_widgets = false;
int ret;
/*
@@ -2251,12 +2252,14 @@ static int sof_ipc3_tear_down_all_pipelines(struct snd_sof_dev *sdev, bool verif
* topology loading the sound card unavailable to open PCMs.
*/
list_for_each_entry(swidget, &sdev->widget_list, list) {
- if (swidget->dynamic_pipeline_widget)
+ if (swidget->dynamic_pipeline_widget) {
+ dyn_widgets = true;
continue;
+ }
- /* Do not free widgets for static pipelines with FW ABI older than 3.19 */
+ /* Do not free widgets for static pipelines with FW older than SOF2.2 */
if (!verify && !swidget->dynamic_pipeline_widget &&
- v->abi_version < SOF_ABI_VER(3, 19, 0)) {
+ SOF_FW_VER(v->major, v->minor, v->micro) < SOF_FW_VER(2, 2, 0)) {
swidget->use_count = 0;
swidget->complete = 0;
continue;
@@ -2270,9 +2273,11 @@ static int sof_ipc3_tear_down_all_pipelines(struct snd_sof_dev *sdev, bool verif
/*
* Tear down all pipelines associated with PCMs that did not get suspended
* and unset the prepare flag so that they can be set up again during resume.
- * Skip this step for older firmware.
+ * Skip this step for older firmware unless topology has any
+ * dynamic pipeline (in which case the step is mandatory).
*/
- if (!verify && v->abi_version >= SOF_ABI_VER(3, 19, 0)) {
+ if (!verify && (dyn_widgets || SOF_FW_VER(v->major, v->minor, v->micro) >=
+ SOF_FW_VER(2, 2, 0))) {
ret = sof_tear_down_left_over_pipelines(sdev);
if (ret < 0) {
dev_err(sdev->dev, "failed to tear down paused pipelines\n");
--
2.35.1
^ permalink raw reply related [flat|nested] 305+ messages in thread
* [PATCH 6.0 231/289] serial: 8250: 8250_omap: Avoid RS485 RTS glitch on ->set_termios()
2022-11-30 18:19 [PATCH 6.0 000/289] 6.0.11-rc1 review Greg Kroah-Hartman
` (229 preceding siblings ...)
2022-11-30 18:23 ` [PATCH 6.0 230/289] ASoC: SOF: ipc3-topology: use old pipeline teardown flow with SOF2.1 and older Greg Kroah-Hartman
@ 2022-11-30 18:23 ` Greg Kroah-Hartman
2022-11-30 18:23 ` [PATCH 6.0 232/289] Revert "tty: n_gsm: avoid call of sleeping functions from atomic context" Greg Kroah-Hartman
` (67 subsequent siblings)
298 siblings, 0 replies; 305+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-30 18:23 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Jan Kiszka, Su Bao Cheng,
Matthias Schiffer, Lukas Wunner, Sasha Levin
From: Lukas Wunner <lukas@wunner.de>
[ Upstream commit 038ee49fef18710bedd38b531d173ccd746b2d8d ]
RS485-enabled UART ports on TI Sitara SoCs with active-low polarity
exhibit a Transmit Enable glitch on ->set_termios():
omap8250_restore_regs(), which is called from omap_8250_set_termios(),
sets the TCRTLR bit in the MCR register and clears all other bits,
including RTS. If RTS uses active-low polarity, it is now asserted
for no reason.
The TCRTLR bit is subsequently cleared by writing up->mcr to the MCR
register. That variable is always zero, so the RTS bit is still cleared
(incorrectly so if RTS is active-high).
(up->mcr is not, as one might think, a cache of the MCR register's
current value. Rather, it only caches a single bit of that register,
the AFE bit. And it only does so if the UART supports the AFE bit,
which OMAP does not. For details see serial8250_do_set_termios() and
serial8250_do_set_mctrl().)
Finally at the end of omap8250_restore_regs(), the MCR register is
restored (and RTS deasserted) by a call to up->port.ops->set_mctrl()
(which equals serial8250_set_mctrl()) and serial8250_em485_stop_tx().
So there's an RTS glitch between setting TCRTLR and calling
serial8250_em485_stop_tx(). Avoid by using a read-modify-write
when setting TCRTLR.
While at it, drop a redundant initialization of up->mcr. As explained
above, the variable isn't used by the driver and it is already
initialized to zero because it is part of the static struct
serial8250_ports[] declared in 8250_core.c. (Static structs are
initialized to zero per section 6.7.8 nr. 10 of the C99 standard.)
Cc: Jan Kiszka <jan.kiszka@siemens.com>
Cc: Su Bao Cheng <baocheng.su@siemens.com>
Tested-by: Matthias Schiffer <matthias.schiffer@ew.tq-group.com>
Signed-off-by: Lukas Wunner <lukas@wunner.de>
Link: https://lore.kernel.org/r/6554b0241a2c7fd50f32576fdbafed96709e11e8.1664278942.git.lukas@wunner.de
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/tty/serial/8250/8250_omap.c | 7 ++++---
1 file changed, 4 insertions(+), 3 deletions(-)
diff --git a/drivers/tty/serial/8250/8250_omap.c b/drivers/tty/serial/8250/8250_omap.c
index b96fbf8d31df..2ad735dd6c05 100644
--- a/drivers/tty/serial/8250/8250_omap.c
+++ b/drivers/tty/serial/8250/8250_omap.c
@@ -293,6 +293,7 @@ static void omap8250_restore_regs(struct uart_8250_port *up)
{
struct omap8250_priv *priv = up->port.private_data;
struct uart_8250_dma *dma = up->dma;
+ u8 mcr = serial8250_in_MCR(up);
if (dma && dma->tx_running) {
/*
@@ -309,7 +310,7 @@ static void omap8250_restore_regs(struct uart_8250_port *up)
serial_out(up, UART_EFR, UART_EFR_ECB);
serial_out(up, UART_LCR, UART_LCR_CONF_MODE_A);
- serial8250_out_MCR(up, UART_MCR_TCRTLR);
+ serial8250_out_MCR(up, mcr | UART_MCR_TCRTLR);
serial_out(up, UART_FCR, up->fcr);
omap8250_update_scr(up, priv);
@@ -325,7 +326,8 @@ static void omap8250_restore_regs(struct uart_8250_port *up)
serial_out(up, UART_LCR, 0);
/* drop TCR + TLR access, we setup XON/XOFF later */
- serial8250_out_MCR(up, up->mcr);
+ serial8250_out_MCR(up, mcr);
+
serial_out(up, UART_IER, up->ier);
serial_out(up, UART_LCR, UART_LCR_CONF_MODE_B);
@@ -670,7 +672,6 @@ static int omap_8250_startup(struct uart_port *port)
pm_runtime_get_sync(port->dev);
- up->mcr = 0;
serial_out(up, UART_FCR, UART_FCR_CLEAR_RCVR | UART_FCR_CLEAR_XMIT);
serial_out(up, UART_LCR, UART_LCR_WLEN8);
--
2.35.1
^ permalink raw reply related [flat|nested] 305+ messages in thread
* [PATCH 6.0 232/289] Revert "tty: n_gsm: avoid call of sleeping functions from atomic context"
2022-11-30 18:19 [PATCH 6.0 000/289] 6.0.11-rc1 review Greg Kroah-Hartman
` (230 preceding siblings ...)
2022-11-30 18:23 ` [PATCH 6.0 231/289] serial: 8250: 8250_omap: Avoid RS485 RTS glitch on ->set_termios() Greg Kroah-Hartman
@ 2022-11-30 18:23 ` Greg Kroah-Hartman
2022-11-30 18:23 ` [PATCH 6.0 233/289] Revert "tty: n_gsm: replace kicktimer with delayed_work" Greg Kroah-Hartman
` (66 subsequent siblings)
298 siblings, 0 replies; 305+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-30 18:23 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Fedor Pchelkin, Alexey Khoroshilov,
Daniel Starke, Sasha Levin
From: Fedor Pchelkin <pchelkin@ispras.ru>
[ Upstream commit acdab4cb4ba7e5f94d2b422ebd7bf4bf68178fb2 ]
This reverts commit 902e02ea9385373ce4b142576eef41c642703955.
The above commit is reverted as the usage of tx_mutex seems not to solve
the problem described in 902e02ea9385 ("tty: n_gsm: avoid call of sleeping
functions from atomic context") and just moves the bug to another place.
Signed-off-by: Fedor Pchelkin <pchelkin@ispras.ru>
Signed-off-by: Alexey Khoroshilov <khoroshilov@ispras.ru>
Reviewed-by: Daniel Starke <daniel.starke@siemens.com>
Link: https://lore.kernel.org/r/20221008110221.13645-2-pchelkin@ispras.ru
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/tty/n_gsm.c | 53 +++++++++++++++++++++++++--------------------
1 file changed, 29 insertions(+), 24 deletions(-)
diff --git a/drivers/tty/n_gsm.c b/drivers/tty/n_gsm.c
index 2a0de70e0be4..3cd6a2c55d9c 100644
--- a/drivers/tty/n_gsm.c
+++ b/drivers/tty/n_gsm.c
@@ -248,7 +248,7 @@ struct gsm_mux {
bool constipated; /* Asked by remote to shut up */
bool has_devices; /* Devices were registered */
- struct mutex tx_mutex;
+ spinlock_t tx_lock;
unsigned int tx_bytes; /* TX data outstanding */
#define TX_THRESH_HI 8192
#define TX_THRESH_LO 2048
@@ -680,6 +680,7 @@ static int gsm_send(struct gsm_mux *gsm, int addr, int cr, int control)
struct gsm_msg *msg;
u8 *dp;
int ocr;
+ unsigned long flags;
msg = gsm_data_alloc(gsm, addr, 0, control);
if (!msg)
@@ -701,10 +702,10 @@ static int gsm_send(struct gsm_mux *gsm, int addr, int cr, int control)
gsm_print_packet("Q->", addr, cr, control, NULL, 0);
- mutex_lock(&gsm->tx_mutex);
+ spin_lock_irqsave(&gsm->tx_lock, flags);
list_add_tail(&msg->list, &gsm->tx_ctrl_list);
gsm->tx_bytes += msg->len;
- mutex_unlock(&gsm->tx_mutex);
+ spin_unlock_irqrestore(&gsm->tx_lock, flags);
gsmld_write_trigger(gsm);
return 0;
@@ -729,7 +730,7 @@ static void gsm_dlci_clear_queues(struct gsm_mux *gsm, struct gsm_dlci *dlci)
spin_unlock_irqrestore(&dlci->lock, flags);
/* Clear data packets in MUX write queue */
- mutex_lock(&gsm->tx_mutex);
+ spin_lock_irqsave(&gsm->tx_lock, flags);
list_for_each_entry_safe(msg, nmsg, &gsm->tx_data_list, list) {
if (msg->addr != addr)
continue;
@@ -737,7 +738,7 @@ static void gsm_dlci_clear_queues(struct gsm_mux *gsm, struct gsm_dlci *dlci)
list_del(&msg->list);
kfree(msg);
}
- mutex_unlock(&gsm->tx_mutex);
+ spin_unlock_irqrestore(&gsm->tx_lock, flags);
}
/**
@@ -1023,9 +1024,10 @@ static void __gsm_data_queue(struct gsm_dlci *dlci, struct gsm_msg *msg)
static void gsm_data_queue(struct gsm_dlci *dlci, struct gsm_msg *msg)
{
- mutex_lock(&dlci->gsm->tx_mutex);
+ unsigned long flags;
+ spin_lock_irqsave(&dlci->gsm->tx_lock, flags);
__gsm_data_queue(dlci, msg);
- mutex_unlock(&dlci->gsm->tx_mutex);
+ spin_unlock_irqrestore(&dlci->gsm->tx_lock, flags);
}
/**
@@ -1037,7 +1039,7 @@ static void gsm_data_queue(struct gsm_dlci *dlci, struct gsm_msg *msg)
* is data. Keep to the MRU of the mux. This path handles the usual tty
* interface which is a byte stream with optional modem data.
*
- * Caller must hold the tx_mutex of the mux.
+ * Caller must hold the tx_lock of the mux.
*/
static int gsm_dlci_data_output(struct gsm_mux *gsm, struct gsm_dlci *dlci)
@@ -1097,7 +1099,7 @@ static int gsm_dlci_data_output(struct gsm_mux *gsm, struct gsm_dlci *dlci)
* is data. Keep to the MRU of the mux. This path handles framed data
* queued as skbuffs to the DLCI.
*
- * Caller must hold the tx_mutex of the mux.
+ * Caller must hold the tx_lock of the mux.
*/
static int gsm_dlci_data_output_framed(struct gsm_mux *gsm,
@@ -1113,7 +1115,7 @@ static int gsm_dlci_data_output_framed(struct gsm_mux *gsm,
if (dlci->adaption == 4)
overhead = 1;
- /* dlci->skb is locked by tx_mutex */
+ /* dlci->skb is locked by tx_lock */
if (dlci->skb == NULL) {
dlci->skb = skb_dequeue_tail(&dlci->skb_list);
if (dlci->skb == NULL)
@@ -1167,7 +1169,7 @@ static int gsm_dlci_data_output_framed(struct gsm_mux *gsm,
* Push an empty frame in to the transmit queue to update the modem status
* bits and to transmit an optional break.
*
- * Caller must hold the tx_mutex of the mux.
+ * Caller must hold the tx_lock of the mux.
*/
static int gsm_dlci_modem_output(struct gsm_mux *gsm, struct gsm_dlci *dlci,
@@ -1281,12 +1283,13 @@ static int gsm_dlci_data_sweep(struct gsm_mux *gsm)
static void gsm_dlci_data_kick(struct gsm_dlci *dlci)
{
+ unsigned long flags;
int sweep;
if (dlci->constipated)
return;
- mutex_lock(&dlci->gsm->tx_mutex);
+ spin_lock_irqsave(&dlci->gsm->tx_lock, flags);
/* If we have nothing running then we need to fire up */
sweep = (dlci->gsm->tx_bytes < TX_THRESH_LO);
if (dlci->gsm->tx_bytes == 0) {
@@ -1297,7 +1300,7 @@ static void gsm_dlci_data_kick(struct gsm_dlci *dlci)
}
if (sweep)
gsm_dlci_data_sweep(dlci->gsm);
- mutex_unlock(&dlci->gsm->tx_mutex);
+ spin_unlock_irqrestore(&dlci->gsm->tx_lock, flags);
}
/*
@@ -1991,13 +1994,14 @@ static void gsm_dlci_command(struct gsm_dlci *dlci, const u8 *data, int len)
static void gsm_kick_timeout(struct work_struct *work)
{
struct gsm_mux *gsm = container_of(work, struct gsm_mux, kick_timeout.work);
+ unsigned long flags;
int sent = 0;
- mutex_lock(&gsm->tx_mutex);
+ spin_lock_irqsave(&gsm->tx_lock, flags);
/* If we have nothing running then we need to fire up */
if (gsm->tx_bytes < TX_THRESH_LO)
sent = gsm_dlci_data_sweep(gsm);
- mutex_unlock(&gsm->tx_mutex);
+ spin_unlock_irqrestore(&gsm->tx_lock, flags);
if (sent && debug & 4)
pr_info("%s TX queue stalled\n", __func__);
@@ -2527,7 +2531,6 @@ static void gsm_free_mux(struct gsm_mux *gsm)
break;
}
}
- mutex_destroy(&gsm->tx_mutex);
mutex_destroy(&gsm->mutex);
kfree(gsm->txframe);
kfree(gsm->buf);
@@ -2599,7 +2602,6 @@ static struct gsm_mux *gsm_alloc_mux(void)
}
spin_lock_init(&gsm->lock);
mutex_init(&gsm->mutex);
- mutex_init(&gsm->tx_mutex);
kref_init(&gsm->ref);
INIT_LIST_HEAD(&gsm->tx_ctrl_list);
INIT_LIST_HEAD(&gsm->tx_data_list);
@@ -2608,6 +2610,7 @@ static struct gsm_mux *gsm_alloc_mux(void)
INIT_WORK(&gsm->tx_work, gsmld_write_task);
init_waitqueue_head(&gsm->event);
spin_lock_init(&gsm->control_lock);
+ spin_lock_init(&gsm->tx_lock);
gsm->t1 = T1;
gsm->t2 = T2;
@@ -2632,7 +2635,6 @@ static struct gsm_mux *gsm_alloc_mux(void)
}
spin_unlock(&gsm_mux_lock);
if (i == MAX_MUX) {
- mutex_destroy(&gsm->tx_mutex);
mutex_destroy(&gsm->mutex);
kfree(gsm->txframe);
kfree(gsm->buf);
@@ -2788,16 +2790,17 @@ static void gsmld_write_trigger(struct gsm_mux *gsm)
static void gsmld_write_task(struct work_struct *work)
{
struct gsm_mux *gsm = container_of(work, struct gsm_mux, tx_work);
+ unsigned long flags;
int i, ret;
/* All outstanding control channel and control messages and one data
* frame is sent.
*/
ret = -ENODEV;
- mutex_lock(&gsm->tx_mutex);
+ spin_lock_irqsave(&gsm->tx_lock, flags);
if (gsm->tty)
ret = gsm_data_kick(gsm);
- mutex_unlock(&gsm->tx_mutex);
+ spin_unlock_irqrestore(&gsm->tx_lock, flags);
if (ret >= 0)
for (i = 0; i < NUM_DLCI; i++)
@@ -3005,6 +3008,7 @@ static ssize_t gsmld_write(struct tty_struct *tty, struct file *file,
const unsigned char *buf, size_t nr)
{
struct gsm_mux *gsm = tty->disc_data;
+ unsigned long flags;
int space;
int ret;
@@ -3012,13 +3016,13 @@ static ssize_t gsmld_write(struct tty_struct *tty, struct file *file,
return -ENODEV;
ret = -ENOBUFS;
- mutex_lock(&gsm->tx_mutex);
+ spin_lock_irqsave(&gsm->tx_lock, flags);
space = tty_write_room(tty);
if (space >= nr)
ret = tty->ops->write(tty, buf, nr);
else
set_bit(TTY_DO_WRITE_WAKEUP, &tty->flags);
- mutex_unlock(&gsm->tx_mutex);
+ spin_unlock_irqrestore(&gsm->tx_lock, flags);
return ret;
}
@@ -3315,13 +3319,14 @@ static struct tty_ldisc_ops tty_ldisc_packet = {
static void gsm_modem_upd_via_data(struct gsm_dlci *dlci, u8 brk)
{
struct gsm_mux *gsm = dlci->gsm;
+ unsigned long flags;
if (dlci->state != DLCI_OPEN || dlci->adaption != 2)
return;
- mutex_lock(&gsm->tx_mutex);
+ spin_lock_irqsave(&gsm->tx_lock, flags);
gsm_dlci_modem_output(gsm, dlci, brk);
- mutex_unlock(&gsm->tx_mutex);
+ spin_unlock_irqrestore(&gsm->tx_lock, flags);
}
/**
--
2.35.1
^ permalink raw reply related [flat|nested] 305+ messages in thread
* [PATCH 6.0 233/289] Revert "tty: n_gsm: replace kicktimer with delayed_work"
2022-11-30 18:19 [PATCH 6.0 000/289] 6.0.11-rc1 review Greg Kroah-Hartman
` (231 preceding siblings ...)
2022-11-30 18:23 ` [PATCH 6.0 232/289] Revert "tty: n_gsm: avoid call of sleeping functions from atomic context" Greg Kroah-Hartman
@ 2022-11-30 18:23 ` Greg Kroah-Hartman
2022-11-30 18:23 ` [PATCH 6.0 234/289] Input: goodix - try resetting the controller when no config is set Greg Kroah-Hartman
` (65 subsequent siblings)
298 siblings, 0 replies; 305+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-30 18:23 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Fedor Pchelkin, Alexey Khoroshilov,
Daniel Starke, Sasha Levin
From: Fedor Pchelkin <pchelkin@ispras.ru>
[ Upstream commit 15743ae50e04aa907131e3ae8d66e9a2964ea232 ]
This reverts commit c9ab053e56ce13a949977398c8edc12e6c02fc95.
The above commit is reverted as it was a prerequisite for tx_mutex
introduction and tx_mutex has been removed as it does not correctly
work in order to protect tx data.
Signed-off-by: Fedor Pchelkin <pchelkin@ispras.ru>
Signed-off-by: Alexey Khoroshilov <khoroshilov@ispras.ru>
Reviewed-by: Daniel Starke <daniel.starke@siemens.com>
Link: https://lore.kernel.org/r/20221008110221.13645-3-pchelkin@ispras.ru
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/tty/n_gsm.c | 16 ++++++++--------
1 file changed, 8 insertions(+), 8 deletions(-)
diff --git a/drivers/tty/n_gsm.c b/drivers/tty/n_gsm.c
index 3cd6a2c55d9c..ae02aed6bd0c 100644
--- a/drivers/tty/n_gsm.c
+++ b/drivers/tty/n_gsm.c
@@ -256,7 +256,7 @@ struct gsm_mux {
struct list_head tx_data_list; /* Pending data packets */
/* Control messages */
- struct delayed_work kick_timeout; /* Kick TX queuing on timeout */
+ struct timer_list kick_timer; /* Kick TX queuing on timeout */
struct timer_list t2_timer; /* Retransmit timer for commands */
int cretries; /* Command retry counter */
struct gsm_control *pending_cmd;/* Our current pending command */
@@ -1009,7 +1009,7 @@ static void __gsm_data_queue(struct gsm_dlci *dlci, struct gsm_msg *msg)
gsm->tx_bytes += msg->len;
gsmld_write_trigger(gsm);
- schedule_delayed_work(&gsm->kick_timeout, 10 * gsm->t1 * HZ / 100);
+ mod_timer(&gsm->kick_timer, jiffies + 10 * gsm->t1 * HZ / 100);
}
/**
@@ -1984,16 +1984,16 @@ static void gsm_dlci_command(struct gsm_dlci *dlci, const u8 *data, int len)
}
/**
- * gsm_kick_timeout - transmit if possible
- * @work: work contained in our gsm object
+ * gsm_kick_timer - transmit if possible
+ * @t: timer contained in our gsm object
*
* Transmit data from DLCIs if the queue is empty. We can't rely on
* a tty wakeup except when we filled the pipe so we need to fire off
* new data ourselves in other cases.
*/
-static void gsm_kick_timeout(struct work_struct *work)
+static void gsm_kick_timer(struct timer_list *t)
{
- struct gsm_mux *gsm = container_of(work, struct gsm_mux, kick_timeout.work);
+ struct gsm_mux *gsm = from_timer(gsm, t, kick_timer);
unsigned long flags;
int sent = 0;
@@ -2458,7 +2458,7 @@ static void gsm_cleanup_mux(struct gsm_mux *gsm, bool disc)
}
/* Finish outstanding timers, making sure they are done */
- cancel_delayed_work_sync(&gsm->kick_timeout);
+ del_timer_sync(&gsm->kick_timer);
del_timer_sync(&gsm->t2_timer);
/* Finish writing to ldisc */
@@ -2605,7 +2605,7 @@ static struct gsm_mux *gsm_alloc_mux(void)
kref_init(&gsm->ref);
INIT_LIST_HEAD(&gsm->tx_ctrl_list);
INIT_LIST_HEAD(&gsm->tx_data_list);
- INIT_DELAYED_WORK(&gsm->kick_timeout, gsm_kick_timeout);
+ timer_setup(&gsm->kick_timer, gsm_kick_timer, 0);
timer_setup(&gsm->t2_timer, gsm_control_retransmit, 0);
INIT_WORK(&gsm->tx_work, gsmld_write_task);
init_waitqueue_head(&gsm->event);
--
2.35.1
^ permalink raw reply related [flat|nested] 305+ messages in thread
* [PATCH 6.0 234/289] Input: goodix - try resetting the controller when no config is set
2022-11-30 18:19 [PATCH 6.0 000/289] 6.0.11-rc1 review Greg Kroah-Hartman
` (232 preceding siblings ...)
2022-11-30 18:23 ` [PATCH 6.0 233/289] Revert "tty: n_gsm: replace kicktimer with delayed_work" Greg Kroah-Hartman
@ 2022-11-30 18:23 ` Greg Kroah-Hartman
2022-11-30 18:23 ` [PATCH 6.0 235/289] bpf: Convert BPF_DISPATCHER to use static_call() (not ftrace) Greg Kroah-Hartman
` (64 subsequent siblings)
298 siblings, 0 replies; 305+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-30 18:23 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Hans de Goede, Bastien Nocera,
Dmitry Torokhov, Sasha Levin
From: Hans de Goede <hdegoede@redhat.com>
[ Upstream commit c7e37cc6240767f794678d11704935d49cc81d59 ]
On ACPI systems (irq_pin_access_method == IRQ_PIN_ACCESS_ACPI_*) the driver
does not reset the controller at probe time, because sometimes the system
firmware loads a config and resetting might loose this config.
On the Nanote UMPC-01 device OTOH the config is in flash of the controller,
the controller needs a reset to load this; and the system firmware does not
reset the controller on a cold boot.
To fix the Nanote UMPC-01 touchscreen not working on a cold boot, try
resetting the controller and then re-reading the config when encountering
a config with 0 width/height/max_touch_num value and the controller has
not already been reset by goodix_ts_probe().
This should be safe to do in general because normally we should never
encounter a config with 0 width/height/max_touch_num. Doing this in
general not only avoids the need for a DMI quirk, but also might help
other systems.
Signed-off-by: Hans de Goede <hdegoede@redhat.com>
Reviewed-by: Bastien Nocera <hadess@hadess.net>
Link: https://lore.kernel.org/r/20221025122930.421377-2-hdegoede@redhat.com
Signed-off-by: Dmitry Torokhov <dmitry.torokhov@gmail.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/input/touchscreen/goodix.c | 11 +++++++++++
1 file changed, 11 insertions(+)
diff --git a/drivers/input/touchscreen/goodix.c b/drivers/input/touchscreen/goodix.c
index 21c0dddbe41d..25e6ba132bbc 100644
--- a/drivers/input/touchscreen/goodix.c
+++ b/drivers/input/touchscreen/goodix.c
@@ -1158,6 +1158,7 @@ static int goodix_configure_dev(struct goodix_ts_data *ts)
input_set_abs_params(ts->input_dev, ABS_MT_WIDTH_MAJOR, 0, 255, 0, 0);
input_set_abs_params(ts->input_dev, ABS_MT_TOUCH_MAJOR, 0, 255, 0, 0);
+retry_read_config:
/* Read configuration and apply touchscreen parameters */
goodix_read_config(ts);
@@ -1165,6 +1166,16 @@ static int goodix_configure_dev(struct goodix_ts_data *ts)
touchscreen_parse_properties(ts->input_dev, true, &ts->prop);
if (!ts->prop.max_x || !ts->prop.max_y || !ts->max_touch_num) {
+ if (!ts->reset_controller_at_probe &&
+ ts->irq_pin_access_method != IRQ_PIN_ACCESS_NONE) {
+ dev_info(&ts->client->dev, "Config not set, resetting controller\n");
+ /* Retry after a controller reset */
+ ts->reset_controller_at_probe = true;
+ error = goodix_reset(ts);
+ if (error)
+ return error;
+ goto retry_read_config;
+ }
dev_err(&ts->client->dev,
"Invalid config (%d, %d, %d), using defaults\n",
ts->prop.max_x, ts->prop.max_y, ts->max_touch_num);
--
2.35.1
^ permalink raw reply related [flat|nested] 305+ messages in thread
* [PATCH 6.0 235/289] bpf: Convert BPF_DISPATCHER to use static_call() (not ftrace)
2022-11-30 18:19 [PATCH 6.0 000/289] 6.0.11-rc1 review Greg Kroah-Hartman
` (233 preceding siblings ...)
2022-11-30 18:23 ` [PATCH 6.0 234/289] Input: goodix - try resetting the controller when no config is set Greg Kroah-Hartman
@ 2022-11-30 18:23 ` Greg Kroah-Hartman
2022-11-30 18:23 ` [PATCH 6.0 236/289] ASoC: sof_es8336: reduce pop noise on speaker Greg Kroah-Hartman
` (63 subsequent siblings)
298 siblings, 0 replies; 305+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-30 18:23 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Peter Zijlstra (Intel),
Daniel Borkmann, Björn Töpel, Jiri Olsa, Sasha Levin
From: Peter Zijlstra <peterz@infradead.org>
[ Upstream commit c86df29d11dfba27c0a1f5039cd6fe387fbf4239 ]
The dispatcher function is currently abusing the ftrace __fentry__
call location for its own purposes -- this obviously gives trouble
when the dispatcher and ftrace are both in use.
A previous solution tried using __attribute__((patchable_function_entry()))
which works, except it is GCC-8+ only, breaking the build on the
earlier still supported compilers. Instead use static_call() -- which
has its own annotations and does not conflict with ftrace -- to
rewrite the dispatch function.
By using: return static_call()(ctx, insni, bpf_func) you get a perfect
forwarding tail call as function body (iow a single jmp instruction).
By having the default static_call() target be bpf_dispatcher_nop_func()
it retains the default behaviour (an indirect call to the argument
function). Only once a dispatcher program is attached is the target
rewritten to directly call the JIT'ed image.
Signed-off-by: Peter Zijlstra (Intel) <peterz@infradead.org>
Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
Tested-by: Björn Töpel <bjorn@kernel.org>
Tested-by: Jiri Olsa <jolsa@kernel.org>
Acked-by: Björn Töpel <bjorn@kernel.org>
Acked-by: Jiri Olsa <jolsa@kernel.org>
Link: https://lkml.kernel.org/r/Y1/oBlK0yFk5c/Im@hirez.programming.kicks-ass.net
Link: https://lore.kernel.org/bpf/20221103120647.796772565@infradead.org
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
include/linux/bpf.h | 39 ++++++++++++++++++++++++++++++++++++++-
kernel/bpf/dispatcher.c | 22 ++++++++--------------
2 files changed, 46 insertions(+), 15 deletions(-)
diff --git a/include/linux/bpf.h b/include/linux/bpf.h
index 73662fbabd78..e811e2f99a61 100644
--- a/include/linux/bpf.h
+++ b/include/linux/bpf.h
@@ -27,6 +27,7 @@
#include <linux/bpfptr.h>
#include <linux/btf.h>
#include <linux/rcupdate_trace.h>
+#include <linux/static_call.h>
struct bpf_verifier_env;
struct bpf_verifier_log;
@@ -894,6 +895,10 @@ struct bpf_dispatcher {
void *rw_image;
u32 image_off;
struct bpf_ksym ksym;
+#ifdef CONFIG_HAVE_STATIC_CALL
+ struct static_call_key *sc_key;
+ void *sc_tramp;
+#endif
};
static __always_inline __nocfi unsigned int bpf_dispatcher_nop_func(
@@ -911,6 +916,34 @@ struct bpf_trampoline *bpf_trampoline_get(u64 key,
struct bpf_attach_target_info *tgt_info);
void bpf_trampoline_put(struct bpf_trampoline *tr);
int arch_prepare_bpf_dispatcher(void *image, void *buf, s64 *funcs, int num_funcs);
+
+/*
+ * When the architecture supports STATIC_CALL replace the bpf_dispatcher_fn
+ * indirection with a direct call to the bpf program. If the architecture does
+ * not have STATIC_CALL, avoid a double-indirection.
+ */
+#ifdef CONFIG_HAVE_STATIC_CALL
+
+#define __BPF_DISPATCHER_SC_INIT(_name) \
+ .sc_key = &STATIC_CALL_KEY(_name), \
+ .sc_tramp = STATIC_CALL_TRAMP_ADDR(_name),
+
+#define __BPF_DISPATCHER_SC(name) \
+ DEFINE_STATIC_CALL(bpf_dispatcher_##name##_call, bpf_dispatcher_nop_func)
+
+#define __BPF_DISPATCHER_CALL(name) \
+ static_call(bpf_dispatcher_##name##_call)(ctx, insnsi, bpf_func)
+
+#define __BPF_DISPATCHER_UPDATE(_d, _new) \
+ __static_call_update((_d)->sc_key, (_d)->sc_tramp, (_new))
+
+#else
+#define __BPF_DISPATCHER_SC_INIT(name)
+#define __BPF_DISPATCHER_SC(name)
+#define __BPF_DISPATCHER_CALL(name) bpf_func(ctx, insnsi)
+#define __BPF_DISPATCHER_UPDATE(_d, _new)
+#endif
+
#define BPF_DISPATCHER_INIT(_name) { \
.mutex = __MUTEX_INITIALIZER(_name.mutex), \
.func = &_name##_func, \
@@ -922,25 +955,29 @@ int arch_prepare_bpf_dispatcher(void *image, void *buf, s64 *funcs, int num_func
.name = #_name, \
.lnode = LIST_HEAD_INIT(_name.ksym.lnode), \
}, \
+ __BPF_DISPATCHER_SC_INIT(_name##_call) \
}
#define DEFINE_BPF_DISPATCHER(name) \
+ __BPF_DISPATCHER_SC(name); \
noinline __nocfi unsigned int bpf_dispatcher_##name##_func( \
const void *ctx, \
const struct bpf_insn *insnsi, \
bpf_func_t bpf_func) \
{ \
- return bpf_func(ctx, insnsi); \
+ return __BPF_DISPATCHER_CALL(name); \
} \
EXPORT_SYMBOL(bpf_dispatcher_##name##_func); \
struct bpf_dispatcher bpf_dispatcher_##name = \
BPF_DISPATCHER_INIT(bpf_dispatcher_##name);
+
#define DECLARE_BPF_DISPATCHER(name) \
unsigned int bpf_dispatcher_##name##_func( \
const void *ctx, \
const struct bpf_insn *insnsi, \
bpf_func_t bpf_func); \
extern struct bpf_dispatcher bpf_dispatcher_##name;
+
#define BPF_DISPATCHER_FUNC(name) bpf_dispatcher_##name##_func
#define BPF_DISPATCHER_PTR(name) (&bpf_dispatcher_##name)
void bpf_dispatcher_change_prog(struct bpf_dispatcher *d, struct bpf_prog *from,
diff --git a/kernel/bpf/dispatcher.c b/kernel/bpf/dispatcher.c
index fa64b80b8bca..7dfb8d0d5202 100644
--- a/kernel/bpf/dispatcher.c
+++ b/kernel/bpf/dispatcher.c
@@ -4,6 +4,7 @@
#include <linux/hash.h>
#include <linux/bpf.h>
#include <linux/filter.h>
+#include <linux/static_call.h>
/* The BPF dispatcher is a multiway branch code generator. The
* dispatcher is a mechanism to avoid the performance penalty of an
@@ -104,17 +105,11 @@ static int bpf_dispatcher_prepare(struct bpf_dispatcher *d, void *image, void *b
static void bpf_dispatcher_update(struct bpf_dispatcher *d, int prev_num_progs)
{
- void *old, *new, *tmp;
- u32 noff;
- int err;
-
- if (!prev_num_progs) {
- old = NULL;
- noff = 0;
- } else {
- old = d->image + d->image_off;
+ void *new, *tmp;
+ u32 noff = 0;
+
+ if (prev_num_progs)
noff = d->image_off ^ (PAGE_SIZE / 2);
- }
new = d->num_progs ? d->image + noff : NULL;
tmp = d->num_progs ? d->rw_image + noff : NULL;
@@ -128,11 +123,10 @@ static void bpf_dispatcher_update(struct bpf_dispatcher *d, int prev_num_progs)
return;
}
- err = bpf_arch_text_poke(d->func, BPF_MOD_JUMP, old, new);
- if (err || !new)
- return;
+ __BPF_DISPATCHER_UPDATE(d, new ?: &bpf_dispatcher_nop_func);
- d->image_off = noff;
+ if (new)
+ d->image_off = noff;
}
void bpf_dispatcher_change_prog(struct bpf_dispatcher *d, struct bpf_prog *from,
--
2.35.1
^ permalink raw reply related [flat|nested] 305+ messages in thread
* [PATCH 6.0 236/289] ASoC: sof_es8336: reduce pop noise on speaker
2022-11-30 18:19 [PATCH 6.0 000/289] 6.0.11-rc1 review Greg Kroah-Hartman
` (234 preceding siblings ...)
2022-11-30 18:23 ` [PATCH 6.0 235/289] bpf: Convert BPF_DISPATCHER to use static_call() (not ftrace) Greg Kroah-Hartman
@ 2022-11-30 18:23 ` Greg Kroah-Hartman
2022-11-30 18:23 ` [PATCH 6.0 237/289] Input: soc_button_array - add use_low_level_irq module parameter Greg Kroah-Hartman
` (62 subsequent siblings)
298 siblings, 0 replies; 305+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-30 18:23 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Zhu Ning, Mark Brown, Sasha Levin
From: Zhu Ning <zhuning0077@gmail.com>
[ Upstream commit 89cdb224f2abe37ec4ac21ba0d9ddeb5a6a9cf68 ]
The Speaker GPIO needs to be turned on slightly behind the codec turned on.
It also need to be turned off slightly before the codec turned down.
Current code uses delay in DAPM_EVENT to do it but the mdelay delays the
DAPM itself and thus has no effect. A delayed_work is added to turn on the
speaker.
The Speaker is turned off in .trigger since trigger is called slightly
before the DAPM events.
Signed-off-by: Zhu Ning <zhuning@everest-semi.com>
------------
v1: cancel delayed work while disabling speaker.
Link: https://lore.kernel.org/r/20221028020456.90286-1-zhuning0077@gmail.com
Signed-off-by: Mark Brown <broonie@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
sound/soc/intel/boards/sof_es8336.c | 60 ++++++++++++++++++++++-------
1 file changed, 46 insertions(+), 14 deletions(-)
diff --git a/sound/soc/intel/boards/sof_es8336.c b/sound/soc/intel/boards/sof_es8336.c
index 606cc3242a60..5c218a39ca20 100644
--- a/sound/soc/intel/boards/sof_es8336.c
+++ b/sound/soc/intel/boards/sof_es8336.c
@@ -63,6 +63,7 @@ struct sof_es8336_private {
struct snd_soc_jack jack;
struct list_head hdmi_pcm_list;
bool speaker_en;
+ struct delayed_work pcm_pop_work;
};
struct sof_hdmi_pcm {
@@ -111,6 +112,46 @@ static void log_quirks(struct device *dev)
dev_info(dev, "quirk headset at mic1 port enabled\n");
}
+static void pcm_pop_work_events(struct work_struct *work)
+{
+ struct sof_es8336_private *priv =
+ container_of(work, struct sof_es8336_private, pcm_pop_work.work);
+
+ gpiod_set_value_cansleep(priv->gpio_speakers, priv->speaker_en);
+
+ if (quirk & SOF_ES8336_HEADPHONE_GPIO)
+ gpiod_set_value_cansleep(priv->gpio_headphone, priv->speaker_en);
+
+}
+
+static int sof_8336_trigger(struct snd_pcm_substream *substream, int cmd)
+{
+ struct snd_soc_pcm_runtime *rtd = asoc_substream_to_rtd(substream);
+ struct snd_soc_card *card = rtd->card;
+ struct sof_es8336_private *priv = snd_soc_card_get_drvdata(card);
+
+ switch (cmd) {
+ case SNDRV_PCM_TRIGGER_START:
+ case SNDRV_PCM_TRIGGER_PAUSE_RELEASE:
+ case SNDRV_PCM_TRIGGER_RESUME:
+ break;
+
+ case SNDRV_PCM_TRIGGER_PAUSE_PUSH:
+ case SNDRV_PCM_TRIGGER_SUSPEND:
+ case SNDRV_PCM_TRIGGER_STOP:
+ if (priv->speaker_en == false)
+ if (substream->stream == 0) {
+ cancel_delayed_work(&priv->pcm_pop_work);
+ gpiod_set_value_cansleep(priv->gpio_speakers, true);
+ }
+ break;
+ default:
+ return -EINVAL;
+ }
+
+ return 0;
+}
+
static int sof_es8316_speaker_power_event(struct snd_soc_dapm_widget *w,
struct snd_kcontrol *kcontrol, int event)
{
@@ -122,19 +163,7 @@ static int sof_es8316_speaker_power_event(struct snd_soc_dapm_widget *w,
priv->speaker_en = !SND_SOC_DAPM_EVENT_ON(event);
- if (SND_SOC_DAPM_EVENT_ON(event))
- msleep(70);
-
- gpiod_set_value_cansleep(priv->gpio_speakers, priv->speaker_en);
-
- if (!(quirk & SOF_ES8336_HEADPHONE_GPIO))
- return 0;
-
- if (SND_SOC_DAPM_EVENT_ON(event))
- msleep(70);
-
- gpiod_set_value_cansleep(priv->gpio_headphone, priv->speaker_en);
-
+ queue_delayed_work(system_wq, &priv->pcm_pop_work, msecs_to_jiffies(70));
return 0;
}
@@ -344,6 +373,7 @@ static int sof_es8336_hw_params(struct snd_pcm_substream *substream,
/* machine stream operations */
static struct snd_soc_ops sof_es8336_ops = {
.hw_params = sof_es8336_hw_params,
+ .trigger = sof_8336_trigger,
};
static struct snd_soc_dai_link_component platform_component[] = {
@@ -722,7 +752,8 @@ static int sof_es8336_probe(struct platform_device *pdev)
}
INIT_LIST_HEAD(&priv->hdmi_pcm_list);
-
+ INIT_DELAYED_WORK(&priv->pcm_pop_work,
+ pcm_pop_work_events);
snd_soc_card_set_drvdata(card, priv);
if (mach->mach_params.dmic_num > 0) {
@@ -751,6 +782,7 @@ static int sof_es8336_remove(struct platform_device *pdev)
struct snd_soc_card *card = platform_get_drvdata(pdev);
struct sof_es8336_private *priv = snd_soc_card_get_drvdata(card);
+ cancel_delayed_work(&priv->pcm_pop_work);
gpiod_put(priv->gpio_speakers);
device_remove_software_node(priv->codec_dev);
put_device(priv->codec_dev);
--
2.35.1
^ permalink raw reply related [flat|nested] 305+ messages in thread
* [PATCH 6.0 237/289] Input: soc_button_array - add use_low_level_irq module parameter
2022-11-30 18:19 [PATCH 6.0 000/289] 6.0.11-rc1 review Greg Kroah-Hartman
` (235 preceding siblings ...)
2022-11-30 18:23 ` [PATCH 6.0 236/289] ASoC: sof_es8336: reduce pop noise on speaker Greg Kroah-Hartman
@ 2022-11-30 18:23 ` Greg Kroah-Hartman
2022-11-30 18:23 ` [PATCH 6.0 238/289] Input: soc_button_array - add Acer Switch V 10 to dmi_use_low_level_irq[] Greg Kroah-Hartman
` (61 subsequent siblings)
298 siblings, 0 replies; 305+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-30 18:23 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Hans de Goede, Dmitry Torokhov, Sasha Levin
From: Hans de Goede <hdegoede@redhat.com>
[ Upstream commit 8e9ada1d0e72b4737df400fe1bba48dc42a68df7 ]
It seems that the Windows drivers for the ACPI0011 soc_button_array
device use low level triggered IRQs rather then using edge triggering.
Some ACPI tables depend on this, directly poking the GPIO controller's
registers to clear the trigger type when closing a laptop's/2-in-1's lid
and re-instating the trigger when opening the lid again.
Linux sets the edge/level on which to trigger to both low+high since
it is using edge type IRQs, the ACPI tables then ends up also setting
the bit for level IRQs and since both low and high level have been
selected by Linux we get an IRQ storm leading to soft lockups.
As a workaround for this the soc_button_array already contains
a DMI quirk table with device models known to have this issue.
Add a module parameter for this so that users can easily test if their
device is affected too and so that they can use the module parameter
as a workaround.
Signed-off-by: Hans de Goede <hdegoede@redhat.com>
Link: https://lore.kernel.org/r/20221106215320.67109-1-hdegoede@redhat.com
Signed-off-by: Dmitry Torokhov <dmitry.torokhov@gmail.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/input/misc/soc_button_array.c | 7 ++++++-
1 file changed, 6 insertions(+), 1 deletion(-)
diff --git a/drivers/input/misc/soc_button_array.c b/drivers/input/misc/soc_button_array.c
index 480476121c01..50497dd05027 100644
--- a/drivers/input/misc/soc_button_array.c
+++ b/drivers/input/misc/soc_button_array.c
@@ -18,6 +18,10 @@
#include <linux/gpio.h>
#include <linux/platform_device.h>
+static bool use_low_level_irq;
+module_param(use_low_level_irq, bool, 0444);
+MODULE_PARM_DESC(use_low_level_irq, "Use low-level triggered IRQ instead of edge triggered");
+
struct soc_button_info {
const char *name;
int acpi_index;
@@ -164,7 +168,8 @@ soc_button_device_create(struct platform_device *pdev,
}
/* See dmi_use_low_level_irq[] comment */
- if (!autorepeat && dmi_check_system(dmi_use_low_level_irq)) {
+ if (!autorepeat && (use_low_level_irq ||
+ dmi_check_system(dmi_use_low_level_irq))) {
irq_set_irq_type(irq, IRQ_TYPE_LEVEL_LOW);
gpio_keys[n_buttons].irq = irq;
gpio_keys[n_buttons].gpio = -ENOENT;
--
2.35.1
^ permalink raw reply related [flat|nested] 305+ messages in thread
* [PATCH 6.0 238/289] Input: soc_button_array - add Acer Switch V 10 to dmi_use_low_level_irq[]
2022-11-30 18:19 [PATCH 6.0 000/289] 6.0.11-rc1 review Greg Kroah-Hartman
` (236 preceding siblings ...)
2022-11-30 18:23 ` [PATCH 6.0 237/289] Input: soc_button_array - add use_low_level_irq module parameter Greg Kroah-Hartman
@ 2022-11-30 18:23 ` Greg Kroah-Hartman
2022-11-30 18:23 ` [PATCH 6.0 239/289] pinctrl: qcom: sc8280xp: Rectify UFS reset pins Greg Kroah-Hartman
` (60 subsequent siblings)
298 siblings, 0 replies; 305+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-30 18:23 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Hans de Goede, Dmitry Torokhov, Sasha Levin
From: Hans de Goede <hdegoede@redhat.com>
[ Upstream commit e13757f52496444b994a7ac67b6e517a15d89bbc ]
Like on the Acer Switch 10 SW5-012, the Acer Switch V 10 SW5-017's _LID
method messes with home- and power-button GPIO IRQ settings, causing an
IRQ storm.
Add a quirk entry for the Acer Switch V 10 to the dmi_use_low_level_irq[]
DMI quirk list, to use low-level IRQs on this model, fixing the IRQ storm.
Signed-off-by: Hans de Goede <hdegoede@redhat.com>
Link: https://lore.kernel.org/r/20221106215320.67109-2-hdegoede@redhat.com
Signed-off-by: Dmitry Torokhov <dmitry.torokhov@gmail.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/input/misc/soc_button_array.c | 7 +++++++
1 file changed, 7 insertions(+)
diff --git a/drivers/input/misc/soc_button_array.c b/drivers/input/misc/soc_button_array.c
index 50497dd05027..09489380afda 100644
--- a/drivers/input/misc/soc_button_array.c
+++ b/drivers/input/misc/soc_button_array.c
@@ -77,6 +77,13 @@ static const struct dmi_system_id dmi_use_low_level_irq[] = {
DMI_MATCH(DMI_PRODUCT_NAME, "Aspire SW5-012"),
},
},
+ {
+ /* Acer Switch V 10 SW5-017, same issue as Acer Switch 10 SW5-012. */
+ .matches = {
+ DMI_MATCH(DMI_SYS_VENDOR, "Acer"),
+ DMI_MATCH(DMI_PRODUCT_NAME, "SW5-017"),
+ },
+ },
{
/*
* Acer One S1003. _LID method messes with power-button GPIO
--
2.35.1
^ permalink raw reply related [flat|nested] 305+ messages in thread
* [PATCH 6.0 239/289] pinctrl: qcom: sc8280xp: Rectify UFS reset pins
2022-11-30 18:19 [PATCH 6.0 000/289] 6.0.11-rc1 review Greg Kroah-Hartman
` (237 preceding siblings ...)
2022-11-30 18:23 ` [PATCH 6.0 238/289] Input: soc_button_array - add Acer Switch V 10 to dmi_use_low_level_irq[] Greg Kroah-Hartman
@ 2022-11-30 18:23 ` Greg Kroah-Hartman
2022-11-30 18:23 ` [PATCH 6.0 240/289] Input: i8042 - apply probe defer to more ASUS ZenBook models Greg Kroah-Hartman
` (59 subsequent siblings)
298 siblings, 0 replies; 305+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-30 18:23 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Anjana Hari, Bjorn Andersson,
Andrew Halaney, Linus Walleij, Sasha Levin
From: Anjana Hari <quic_ahari@quicinc.com>
[ Upstream commit f04a2862f9c3f64962b8709c75d788efba6df26b ]
UFS reset pin offsets are wrongly configured for SC8280XP,
correcting the same for both UFS instances here.
Signed-off-by: Anjana Hari <quic_ahari@quicinc.com>
Signed-off-by: Bjorn Andersson <quic_bjorande@quicinc.com>
Reviewed-by: Andrew Halaney <ahalaney@redhat.com>
Tested-by: Andrew Halaney <ahalaney@redhat.com> # QDrive3
Link: https://lore.kernel.org/r/20221103181051.26912-1-quic_bjorande@quicinc.com
Signed-off-by: Linus Walleij <linus.walleij@linaro.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/pinctrl/qcom/pinctrl-sc8280xp.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/drivers/pinctrl/qcom/pinctrl-sc8280xp.c b/drivers/pinctrl/qcom/pinctrl-sc8280xp.c
index aa2075390f3e..e96c00686a25 100644
--- a/drivers/pinctrl/qcom/pinctrl-sc8280xp.c
+++ b/drivers/pinctrl/qcom/pinctrl-sc8280xp.c
@@ -1873,8 +1873,8 @@ static const struct msm_pingroup sc8280xp_groups[] = {
[225] = PINGROUP(225, hs3_mi2s, phase_flag, _, _, _, _, egpio),
[226] = PINGROUP(226, hs3_mi2s, phase_flag, _, _, _, _, egpio),
[227] = PINGROUP(227, hs3_mi2s, phase_flag, _, _, _, _, egpio),
- [228] = UFS_RESET(ufs_reset, 0xf1004),
- [229] = UFS_RESET(ufs1_reset, 0xf3004),
+ [228] = UFS_RESET(ufs_reset, 0xf1000),
+ [229] = UFS_RESET(ufs1_reset, 0xf3000),
[230] = SDC_QDSD_PINGROUP(sdc2_clk, 0xe8000, 14, 6),
[231] = SDC_QDSD_PINGROUP(sdc2_cmd, 0xe8000, 11, 3),
[232] = SDC_QDSD_PINGROUP(sdc2_data, 0xe8000, 9, 0),
--
2.35.1
^ permalink raw reply related [flat|nested] 305+ messages in thread
* [PATCH 6.0 240/289] Input: i8042 - apply probe defer to more ASUS ZenBook models
2022-11-30 18:19 [PATCH 6.0 000/289] 6.0.11-rc1 review Greg Kroah-Hartman
` (238 preceding siblings ...)
2022-11-30 18:23 ` [PATCH 6.0 239/289] pinctrl: qcom: sc8280xp: Rectify UFS reset pins Greg Kroah-Hartman
@ 2022-11-30 18:23 ` Greg Kroah-Hartman
2022-11-30 18:23 ` [PATCH 6.0 241/289] ASoC: stm32: dfsdm: manage cb buffers cleanup Greg Kroah-Hartman
` (58 subsequent siblings)
298 siblings, 0 replies; 305+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-30 18:23 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Takashi Iwai, Dmitry Torokhov, Sasha Levin
From: Takashi Iwai <tiwai@suse.de>
[ Upstream commit 26c263bf1847d4dadba016a0457c4c5f446407bf ]
There are yet a few more ASUS ZenBook models that require the deferred
probe. At least, there are different ZenBook UX325x and UX425x
models. Let's extend the DMI matching table entries for adapting
those missing models.
Signed-off-by: Takashi Iwai <tiwai@suse.de>
Link: https://lore.kernel.org/r/20221108142027.28480-1-tiwai@suse.de
Signed-off-by: Dmitry Torokhov <dmitry.torokhov@gmail.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/input/serio/i8042-x86ia64io.h | 8 ++++----
1 file changed, 4 insertions(+), 4 deletions(-)
diff --git a/drivers/input/serio/i8042-x86ia64io.h b/drivers/input/serio/i8042-x86ia64io.h
index 4fbec7bbecca..5043dc7b8fb3 100644
--- a/drivers/input/serio/i8042-x86ia64io.h
+++ b/drivers/input/serio/i8042-x86ia64io.h
@@ -114,18 +114,18 @@ static const struct dmi_system_id i8042_dmi_quirk_table[] __initconst = {
.driver_data = (void *)(SERIO_QUIRK_NOMUX | SERIO_QUIRK_RESET_NEVER)
},
{
- /* ASUS ZenBook UX425UA */
+ /* ASUS ZenBook UX425UA/QA */
.matches = {
DMI_MATCH(DMI_SYS_VENDOR, "ASUSTeK COMPUTER INC."),
- DMI_MATCH(DMI_PRODUCT_NAME, "ZenBook UX425UA"),
+ DMI_MATCH(DMI_PRODUCT_NAME, "ZenBook UX425"),
},
.driver_data = (void *)(SERIO_QUIRK_PROBE_DEFER | SERIO_QUIRK_RESET_NEVER)
},
{
- /* ASUS ZenBook UM325UA */
+ /* ASUS ZenBook UM325UA/QA */
.matches = {
DMI_MATCH(DMI_SYS_VENDOR, "ASUSTeK COMPUTER INC."),
- DMI_MATCH(DMI_PRODUCT_NAME, "ZenBook UX325UA_UM325UA"),
+ DMI_MATCH(DMI_PRODUCT_NAME, "ZenBook UX325"),
},
.driver_data = (void *)(SERIO_QUIRK_PROBE_DEFER | SERIO_QUIRK_RESET_NEVER)
},
--
2.35.1
^ permalink raw reply related [flat|nested] 305+ messages in thread
* [PATCH 6.0 241/289] ASoC: stm32: dfsdm: manage cb buffers cleanup
2022-11-30 18:19 [PATCH 6.0 000/289] 6.0.11-rc1 review Greg Kroah-Hartman
` (239 preceding siblings ...)
2022-11-30 18:23 ` [PATCH 6.0 240/289] Input: i8042 - apply probe defer to more ASUS ZenBook models Greg Kroah-Hartman
@ 2022-11-30 18:23 ` Greg Kroah-Hartman
2022-11-30 18:23 ` [PATCH 6.0 242/289] xen-pciback: Allow setting PCI_MSIX_FLAGS_MASKALL too Greg Kroah-Hartman
` (57 subsequent siblings)
298 siblings, 0 replies; 305+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-30 18:23 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Olivier Moysan, Mark Brown, Sasha Levin
From: Olivier Moysan <olivier.moysan@foss.st.com>
[ Upstream commit 7d945b046be3d2605dbb1806e73095aadd7ae129 ]
Ensure that resources allocated by iio_channel_get_all_cb()
are released on driver unbind.
Signed-off-by: Olivier Moysan <olivier.moysan@foss.st.com>
Link: https://lore.kernel.org/r/20221109170849.273719-1-olivier.moysan@foss.st.com
Signed-off-by: Mark Brown <broonie@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
sound/soc/stm/stm32_adfsdm.c | 11 +++++++++++
1 file changed, 11 insertions(+)
diff --git a/sound/soc/stm/stm32_adfsdm.c b/sound/soc/stm/stm32_adfsdm.c
index 643fc8a17018..837c1848d9bf 100644
--- a/sound/soc/stm/stm32_adfsdm.c
+++ b/sound/soc/stm/stm32_adfsdm.c
@@ -304,6 +304,11 @@ static int stm32_adfsdm_dummy_cb(const void *data, void *private)
return 0;
}
+static void stm32_adfsdm_cleanup(void *data)
+{
+ iio_channel_release_all_cb(data);
+}
+
static struct snd_soc_component_driver stm32_adfsdm_soc_platform = {
.open = stm32_adfsdm_pcm_open,
.close = stm32_adfsdm_pcm_close,
@@ -350,6 +355,12 @@ static int stm32_adfsdm_probe(struct platform_device *pdev)
if (IS_ERR(priv->iio_cb))
return PTR_ERR(priv->iio_cb);
+ ret = devm_add_action_or_reset(&pdev->dev, stm32_adfsdm_cleanup, priv->iio_cb);
+ if (ret < 0) {
+ dev_err(&pdev->dev, "Unable to add action\n");
+ return ret;
+ }
+
component = devm_kzalloc(&pdev->dev, sizeof(*component), GFP_KERNEL);
if (!component)
return -ENOMEM;
--
2.35.1
^ permalink raw reply related [flat|nested] 305+ messages in thread
* [PATCH 6.0 242/289] xen-pciback: Allow setting PCI_MSIX_FLAGS_MASKALL too
2022-11-30 18:19 [PATCH 6.0 000/289] 6.0.11-rc1 review Greg Kroah-Hartman
` (240 preceding siblings ...)
2022-11-30 18:23 ` [PATCH 6.0 241/289] ASoC: stm32: dfsdm: manage cb buffers cleanup Greg Kroah-Hartman
@ 2022-11-30 18:23 ` Greg Kroah-Hartman
2022-11-30 18:23 ` [PATCH 6.0 243/289] xen/platform-pci: add missing free_irq() in error path Greg Kroah-Hartman
` (56 subsequent siblings)
298 siblings, 0 replies; 305+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-30 18:23 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Marek Marczykowski-Górecki,
Jan Beulich, Juergen Gross, Sasha Levin
From: Marek Marczykowski-Górecki <marmarek@invisiblethingslab.com>
[ Upstream commit 5e29500eba2aa19e1323df46f64dafcd4a327092 ]
When Xen domain configures MSI-X, the usual approach is to enable MSI-X
together with masking all of them via the config space, then fill the
table and only then clear PCI_MSIX_FLAGS_MASKALL. Allow doing this via
QEMU running in a stub domain.
Previously, when changing PCI_MSIX_FLAGS_MASKALL was not allowed, the
whole write was aborted, preventing change to the PCI_MSIX_FLAGS_ENABLE
bit too.
Note the Xen hypervisor intercepts this write anyway, and may keep the
PCI_MSIX_FLAGS_MASKALL bit set if it wishes to. It will store the
guest-requested state and will apply it eventually.
Signed-off-by: Marek Marczykowski-Górecki <marmarek@invisiblethingslab.com>
Reviewed-by: Jan Beulich <jbeulich@suse.com>
Link: https://lore.kernel.org/r/20221114103110.1519413-1-marmarek@invisiblethingslab.com
Signed-off-by: Juergen Gross <jgross@suse.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/xen/xen-pciback/conf_space_capability.c | 9 ++++++---
1 file changed, 6 insertions(+), 3 deletions(-)
diff --git a/drivers/xen/xen-pciback/conf_space_capability.c b/drivers/xen/xen-pciback/conf_space_capability.c
index 5e53b4817f16..097316a74126 100644
--- a/drivers/xen/xen-pciback/conf_space_capability.c
+++ b/drivers/xen/xen-pciback/conf_space_capability.c
@@ -190,13 +190,16 @@ static const struct config_field caplist_pm[] = {
};
static struct msi_msix_field_config {
- u16 enable_bit; /* bit for enabling MSI/MSI-X */
- unsigned int int_type; /* interrupt type for exclusiveness check */
+ u16 enable_bit; /* bit for enabling MSI/MSI-X */
+ u16 allowed_bits; /* bits allowed to be changed */
+ unsigned int int_type; /* interrupt type for exclusiveness check */
} msi_field_config = {
.enable_bit = PCI_MSI_FLAGS_ENABLE,
+ .allowed_bits = PCI_MSI_FLAGS_ENABLE,
.int_type = INTERRUPT_TYPE_MSI,
}, msix_field_config = {
.enable_bit = PCI_MSIX_FLAGS_ENABLE,
+ .allowed_bits = PCI_MSIX_FLAGS_ENABLE | PCI_MSIX_FLAGS_MASKALL,
.int_type = INTERRUPT_TYPE_MSIX,
};
@@ -229,7 +232,7 @@ static int msi_msix_flags_write(struct pci_dev *dev, int offset, u16 new_value,
return 0;
if (!dev_data->allow_interrupt_control ||
- (new_value ^ old_value) & ~field_config->enable_bit)
+ (new_value ^ old_value) & ~field_config->allowed_bits)
return PCIBIOS_SET_FAILED;
if (new_value & field_config->enable_bit) {
--
2.35.1
^ permalink raw reply related [flat|nested] 305+ messages in thread
* [PATCH 6.0 243/289] xen/platform-pci: add missing free_irq() in error path
2022-11-30 18:19 [PATCH 6.0 000/289] 6.0.11-rc1 review Greg Kroah-Hartman
` (241 preceding siblings ...)
2022-11-30 18:23 ` [PATCH 6.0 242/289] xen-pciback: Allow setting PCI_MSIX_FLAGS_MASKALL too Greg Kroah-Hartman
@ 2022-11-30 18:23 ` Greg Kroah-Hartman
2022-11-30 18:23 ` [PATCH 6.0 244/289] platform/x86: thinkpad_acpi: Enable s2idle quirk for 21A1 machine type Greg Kroah-Hartman
` (55 subsequent siblings)
298 siblings, 0 replies; 305+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-30 18:23 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, ruanjinjie, Oleksandr Tyshchenko,
Juergen Gross, Sasha Levin
From: ruanjinjie <ruanjinjie@huawei.com>
[ Upstream commit c53717e1e3f0d0f9129b2e0dbc6dcc5e0a8132e9 ]
free_irq() is missing in case of error in platform_pci_probe(), fix that.
Signed-off-by: ruanjinjie <ruanjinjie@huawei.com>
Reviewed-by: Oleksandr Tyshchenko <oleksandr_tyshchenko@epam.com>
Link: https://lore.kernel.org/r/20221114112124.1965611-1-ruanjinjie@huawei.com
Signed-off-by: Juergen Gross <jgross@suse.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/xen/platform-pci.c | 7 +++++--
1 file changed, 5 insertions(+), 2 deletions(-)
diff --git a/drivers/xen/platform-pci.c b/drivers/xen/platform-pci.c
index 18f0ed8b1f93..6ebd819338ec 100644
--- a/drivers/xen/platform-pci.c
+++ b/drivers/xen/platform-pci.c
@@ -144,7 +144,7 @@ static int platform_pci_probe(struct pci_dev *pdev,
if (ret) {
dev_warn(&pdev->dev, "Unable to set the evtchn callback "
"err=%d\n", ret);
- goto out;
+ goto irq_out;
}
}
@@ -152,13 +152,16 @@ static int platform_pci_probe(struct pci_dev *pdev,
grant_frames = alloc_xen_mmio(PAGE_SIZE * max_nr_gframes);
ret = gnttab_setup_auto_xlat_frames(grant_frames);
if (ret)
- goto out;
+ goto irq_out;
ret = gnttab_init();
if (ret)
goto grant_out;
return 0;
grant_out:
gnttab_free_auto_xlat_frames();
+irq_out:
+ if (!xen_have_vector_callback)
+ free_irq(pdev->irq, pdev);
out:
pci_release_region(pdev, 0);
mem_out:
--
2.35.1
^ permalink raw reply related [flat|nested] 305+ messages in thread
* [PATCH 6.0 244/289] platform/x86: thinkpad_acpi: Enable s2idle quirk for 21A1 machine type
2022-11-30 18:19 [PATCH 6.0 000/289] 6.0.11-rc1 review Greg Kroah-Hartman
` (242 preceding siblings ...)
2022-11-30 18:23 ` [PATCH 6.0 243/289] xen/platform-pci: add missing free_irq() in error path Greg Kroah-Hartman
@ 2022-11-30 18:23 ` Greg Kroah-Hartman
2022-11-30 18:23 ` [PATCH 6.0 245/289] platform/x86: asus-wmi: add missing pci_dev_put() in asus_wmi_set_xusb2pr() Greg Kroah-Hartman
` (54 subsequent siblings)
298 siblings, 0 replies; 305+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-30 18:23 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Lennard Gäher,
Mario Limonciello, Hans de Goede, Sasha Levin
From: Lennard Gäher <gaeher@mpi-sws.org>
[ Upstream commit 53e16a6e3e69425081f8352e13e9fd23bf1abfca ]
Previously, the s2idle quirk was only active for the 21A0 machine type
of the P14s Gen2a product. This also enables it for the second 21A1 type,
thus reducing wake-up times from s2idle.
Signed-off-by: Lennard Gäher <gaeher@mpi-sws.org>
Suggested-by: Mario Limonciello <mario.limonciello@amd.com>
Reviewed-by: Mario Limonciello <mario.limonciello@amd.com>
Link: https://gitlab.freedesktop.org/drm/amd/-/issues/2181
Link: https://lore.kernel.org/r/20221108072023.17069-1-gaeher@mpi-sws.org
Reviewed-by: Hans de Goede <hdegoede@redhat.com>
Signed-off-by: Hans de Goede <hdegoede@redhat.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/platform/x86/thinkpad_acpi.c | 8 ++++++++
1 file changed, 8 insertions(+)
diff --git a/drivers/platform/x86/thinkpad_acpi.c b/drivers/platform/x86/thinkpad_acpi.c
index 353507d18e11..67dc335fca0c 100644
--- a/drivers/platform/x86/thinkpad_acpi.c
+++ b/drivers/platform/x86/thinkpad_acpi.c
@@ -4497,6 +4497,14 @@ static const struct dmi_system_id fwbug_list[] __initconst = {
DMI_MATCH(DMI_PRODUCT_NAME, "21A0"),
}
},
+ {
+ .ident = "P14s Gen2 AMD",
+ .driver_data = &quirk_s2idle_bug,
+ .matches = {
+ DMI_MATCH(DMI_BOARD_VENDOR, "LENOVO"),
+ DMI_MATCH(DMI_PRODUCT_NAME, "21A1"),
+ }
+ },
{}
};
--
2.35.1
^ permalink raw reply related [flat|nested] 305+ messages in thread
* [PATCH 6.0 245/289] platform/x86: asus-wmi: add missing pci_dev_put() in asus_wmi_set_xusb2pr()
2022-11-30 18:19 [PATCH 6.0 000/289] 6.0.11-rc1 review Greg Kroah-Hartman
` (243 preceding siblings ...)
2022-11-30 18:23 ` [PATCH 6.0 244/289] platform/x86: thinkpad_acpi: Enable s2idle quirk for 21A1 machine type Greg Kroah-Hartman
@ 2022-11-30 18:23 ` Greg Kroah-Hartman
2022-11-30 18:23 ` [PATCH 6.0 246/289] platform/x86: acer-wmi: Enable SW_TABLET_MODE on Switch V 10 (SW5-017) Greg Kroah-Hartman
` (53 subsequent siblings)
298 siblings, 0 replies; 305+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-30 18:23 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Xiongfeng Wang, Hans de Goede, Sasha Levin
From: Xiongfeng Wang <wangxiongfeng2@huawei.com>
[ Upstream commit d0cdd85046b15089df71a50548617ac1025300d0 ]
pci_get_device() will increase the reference count for the returned
pci_dev. We need to use pci_dev_put() to decrease the reference count
before asus_wmi_set_xusb2pr() returns.
Signed-off-by: Xiongfeng Wang <wangxiongfeng2@huawei.com>
Link: https://lore.kernel.org/r/20221111100752.134311-1-wangxiongfeng2@huawei.com
Reviewed-by: Hans de Goede <hdegoede@redhat.com>
Signed-off-by: Hans de Goede <hdegoede@redhat.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/platform/x86/asus-wmi.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/drivers/platform/x86/asus-wmi.c b/drivers/platform/x86/asus-wmi.c
index eec7d0ed7cf2..8e1979b477a7 100644
--- a/drivers/platform/x86/asus-wmi.c
+++ b/drivers/platform/x86/asus-wmi.c
@@ -1656,6 +1656,8 @@ static void asus_wmi_set_xusb2pr(struct asus_wmi *asus)
pci_write_config_dword(xhci_pdev, USB_INTEL_XUSB2PR,
cpu_to_le32(ports_available));
+ pci_dev_put(xhci_pdev);
+
pr_info("set USB_INTEL_XUSB2PR old: 0x%04x, new: 0x%04x\n",
orig_ports_available, ports_available);
}
--
2.35.1
^ permalink raw reply related [flat|nested] 305+ messages in thread
* [PATCH 6.0 246/289] platform/x86: acer-wmi: Enable SW_TABLET_MODE on Switch V 10 (SW5-017)
2022-11-30 18:19 [PATCH 6.0 000/289] 6.0.11-rc1 review Greg Kroah-Hartman
` (244 preceding siblings ...)
2022-11-30 18:23 ` [PATCH 6.0 245/289] platform/x86: asus-wmi: add missing pci_dev_put() in asus_wmi_set_xusb2pr() Greg Kroah-Hartman
@ 2022-11-30 18:23 ` Greg Kroah-Hartman
2022-11-30 18:23 ` [PATCH 6.0 247/289] platform/surface: aggregator_registry: Add support for Surface Pro 9 Greg Kroah-Hartman
` (52 subsequent siblings)
298 siblings, 0 replies; 305+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-30 18:23 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Rudolf Polzer, Hans de Goede, Sasha Levin
From: Hans de Goede <hdegoede@redhat.com>
[ Upstream commit 1e817b889c7d8c14e7005258e15fec62edafe03c ]
Like the Acer Switch 10 (SW5-012) and Acer Switch 10 (S1003) models
the Acer Switch V 10 (SW5-017) supports reporting SW_TABLET_MODE
through acer-wmi.
Add a DMI quirk for the SW5-017 setting force_caps to ACER_CAP_KBD_DOCK
(these devices have no other acer-wmi based functionality).
Cc: Rudolf Polzer <rpolzer@google.com>
Signed-off-by: Hans de Goede <hdegoede@redhat.com>
Link: https://lore.kernel.org/r/20221111111639.35730-1-hdegoede@redhat.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/platform/x86/acer-wmi.c | 9 +++++++++
1 file changed, 9 insertions(+)
diff --git a/drivers/platform/x86/acer-wmi.c b/drivers/platform/x86/acer-wmi.c
index f1259d81d86d..df4c1f08f0c6 100644
--- a/drivers/platform/x86/acer-wmi.c
+++ b/drivers/platform/x86/acer-wmi.c
@@ -564,6 +564,15 @@ static const struct dmi_system_id acer_quirks[] __initconst = {
},
.driver_data = (void *)ACER_CAP_KBD_DOCK,
},
+ {
+ .callback = set_force_caps,
+ .ident = "Acer Aspire Switch V 10 SW5-017",
+ .matches = {
+ DMI_EXACT_MATCH(DMI_SYS_VENDOR, "Acer"),
+ DMI_EXACT_MATCH(DMI_PRODUCT_NAME, "SW5-017"),
+ },
+ .driver_data = (void *)ACER_CAP_KBD_DOCK,
+ },
{
.callback = set_force_caps,
.ident = "Acer One 10 (S1003)",
--
2.35.1
^ permalink raw reply related [flat|nested] 305+ messages in thread
* [PATCH 6.0 247/289] platform/surface: aggregator_registry: Add support for Surface Pro 9
2022-11-30 18:19 [PATCH 6.0 000/289] 6.0.11-rc1 review Greg Kroah-Hartman
` (245 preceding siblings ...)
2022-11-30 18:23 ` [PATCH 6.0 246/289] platform/x86: acer-wmi: Enable SW_TABLET_MODE on Switch V 10 (SW5-017) Greg Kroah-Hartman
@ 2022-11-30 18:23 ` Greg Kroah-Hartman
2022-11-30 18:23 ` [PATCH 6.0 248/289] drm/amd/display: use uclk pstate latency for fw assisted mclk validation dcn32 Greg Kroah-Hartman
` (51 subsequent siblings)
298 siblings, 0 replies; 305+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-30 18:23 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Maximilian Luz, Hans de Goede, Sasha Levin
From: Maximilian Luz <luzmaximilian@gmail.com>
[ Upstream commit d076f30957b1d026e9f6340691624926db0d369d ]
Add device nodes to enable support for battery and charger status, the
ACPI platform profile, as well as internal and type-cover HID devices
(including sensors, touchpad, keyboard, and other miscellaneous devices)
on the Surface Pro 9.
This does not include support for a tablet-mode switch yet, as that is
now handled via the POS subsystem (unlike the Surface Pro 8, where it is
handled via the KIP subsystem) and therefore needs further changes.
While we're at it, also add the missing comment for the Surface Pro 8.
Signed-off-by: Maximilian Luz <luzmaximilian@gmail.com>
Link: https://lore.kernel.org/r/20221113185951.224759-2-luzmaximilian@gmail.com
Reviewed-by: Hans de Goede <hdegoede@redhat.com>
Signed-off-by: Hans de Goede <hdegoede@redhat.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
.../surface/surface_aggregator_registry.c | 21 +++++++++++++++++++
1 file changed, 21 insertions(+)
diff --git a/drivers/platform/surface/surface_aggregator_registry.c b/drivers/platform/surface/surface_aggregator_registry.c
index 585911020cea..db82c2a7c567 100644
--- a/drivers/platform/surface/surface_aggregator_registry.c
+++ b/drivers/platform/surface/surface_aggregator_registry.c
@@ -268,6 +268,7 @@ static const struct software_node *ssam_node_group_sp7[] = {
NULL,
};
+/* Devices for Surface Pro 8 */
static const struct software_node *ssam_node_group_sp8[] = {
&ssam_node_root,
&ssam_node_hub_kip,
@@ -284,6 +285,23 @@ static const struct software_node *ssam_node_group_sp8[] = {
NULL,
};
+/* Devices for Surface Pro 9 */
+static const struct software_node *ssam_node_group_sp9[] = {
+ &ssam_node_root,
+ &ssam_node_hub_kip,
+ &ssam_node_bat_ac,
+ &ssam_node_bat_main,
+ &ssam_node_tmp_pprof,
+ /* TODO: Tablet mode switch (via POS subsystem) */
+ &ssam_node_hid_kip_keyboard,
+ &ssam_node_hid_kip_penstash,
+ &ssam_node_hid_kip_touchpad,
+ &ssam_node_hid_kip_fwupd,
+ &ssam_node_hid_sam_sensors,
+ &ssam_node_hid_sam_ucm_ucsi,
+ NULL,
+};
+
/* -- SSAM platform/meta-hub driver. ---------------------------------------- */
@@ -303,6 +321,9 @@ static const struct acpi_device_id ssam_platform_hub_match[] = {
/* Surface Pro 8 */
{ "MSHW0263", (unsigned long)ssam_node_group_sp8 },
+ /* Surface Pro 9 */
+ { "MSHW0343", (unsigned long)ssam_node_group_sp9 },
+
/* Surface Book 2 */
{ "MSHW0107", (unsigned long)ssam_node_group_gen5 },
--
2.35.1
^ permalink raw reply related [flat|nested] 305+ messages in thread
* [PATCH 6.0 248/289] drm/amd/display: use uclk pstate latency for fw assisted mclk validation dcn32
2022-11-30 18:19 [PATCH 6.0 000/289] 6.0.11-rc1 review Greg Kroah-Hartman
` (246 preceding siblings ...)
2022-11-30 18:23 ` [PATCH 6.0 247/289] platform/surface: aggregator_registry: Add support for Surface Pro 9 Greg Kroah-Hartman
@ 2022-11-30 18:23 ` Greg Kroah-Hartman
2022-11-30 18:23 ` [PATCH 6.0 249/289] drm/amdgpu: disable BACO support on more cards Greg Kroah-Hartman
` (50 subsequent siblings)
298 siblings, 0 replies; 305+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-30 18:23 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Jun Lei, Tom Chung, Dillon Varone,
Daniel Wheeler, Alex Deucher, Sasha Levin
From: Dillon Varone <Dillon.Varone@amd.com>
[ Upstream commit c149947b188c651b943c1d8ca1494d1a98a3e27f ]
[WHY?]
DCN32 uses fclk pstate watermarks for dummy pstate, and must always be
supported.
[HOW?]
Validation needs to be run with fclk pstate latency set
as the dummy pstate latency to get correct prefetch and bandwidth outputs.
Reviewed-by: Jun Lei <Jun.Lei@amd.com>
Acked-by: Tom Chung <chiahsuan.chung@amd.com>
Signed-off-by: Dillon Varone <Dillon.Varone@amd.com>
Tested-by: Daniel Wheeler <daniel.wheeler@amd.com>
Signed-off-by: Alex Deucher <alexander.deucher@amd.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
.../gpu/drm/amd/display/dc/dml/dcn32/dcn32_fpu.c | 16 +++++++++++++++-
1 file changed, 15 insertions(+), 1 deletion(-)
diff --git a/drivers/gpu/drm/amd/display/dc/dml/dcn32/dcn32_fpu.c b/drivers/gpu/drm/amd/display/dc/dml/dcn32/dcn32_fpu.c
index b9d3a4000c3d..6ed76e194423 100644
--- a/drivers/gpu/drm/amd/display/dc/dml/dcn32/dcn32_fpu.c
+++ b/drivers/gpu/drm/amd/display/dc/dml/dcn32/dcn32_fpu.c
@@ -1700,6 +1700,12 @@ void dcn32_calculate_wm_and_dlg_fpu(struct dc *dc, struct dc_state *context,
*/
context->bw_ctx.dml.soc.dram_clock_change_latency_us =
dc->clk_mgr->bw_params->wm_table.nv_entries[WM_A].dml_input.pstate_latency_us;
+ /* For DCN32/321 need to validate with fclk pstate change latency equal to dummy so
+ * prefetch is scheduled correctly to account for dummy pstate.
+ */
+ if (dummy_latency_index == 0)
+ context->bw_ctx.dml.soc.fclk_change_latency_us =
+ dc->clk_mgr->bw_params->dummy_pstate_table[dummy_latency_index].dummy_pstate_latency_us;
dcn32_internal_validate_bw(dc, context, pipes, &pipe_cnt, &vlevel, false);
maxMpcComb = context->bw_ctx.dml.vba.maxMpcComb;
dcfclk = context->bw_ctx.dml.vba.DCFCLKState[vlevel][context->bw_ctx.dml.vba.maxMpcComb];
@@ -1879,6 +1885,10 @@ void dcn32_calculate_wm_and_dlg_fpu(struct dc *dc, struct dc_state *context,
context->perf_params.stutter_period_us = context->bw_ctx.dml.vba.StutterPeriod;
+ if (context->bw_ctx.bw.dcn.clk.fw_based_mclk_switching && dummy_latency_index == 0)
+ context->bw_ctx.dml.soc.fclk_change_latency_us =
+ dc->clk_mgr->bw_params->dummy_pstate_table[dummy_latency_index].dummy_pstate_latency_us;
+
dcn32_calculate_dlg_params(dc, context, pipes, pipe_cnt, vlevel);
if (!pstate_en)
@@ -1886,8 +1896,12 @@ void dcn32_calculate_wm_and_dlg_fpu(struct dc *dc, struct dc_state *context,
context->bw_ctx.dml.soc.dram_clock_change_latency_us =
dc->clk_mgr->bw_params->wm_table.nv_entries[WM_A].dml_input.pstate_latency_us;
- if (context->bw_ctx.bw.dcn.clk.fw_based_mclk_switching)
+ if (context->bw_ctx.bw.dcn.clk.fw_based_mclk_switching) {
dcn30_setup_mclk_switch_using_fw_based_vblank_stretch(dc, context);
+ if (dummy_latency_index == 0)
+ context->bw_ctx.dml.soc.fclk_change_latency_us =
+ dc->clk_mgr->bw_params->wm_table.nv_entries[WM_A].dml_input.fclk_change_latency_us;
+ }
}
static void dcn32_get_optimal_dcfclk_fclk_for_uclk(unsigned int uclk_mts,
--
2.35.1
^ permalink raw reply related [flat|nested] 305+ messages in thread
* [PATCH 6.0 249/289] drm/amdgpu: disable BACO support on more cards
2022-11-30 18:19 [PATCH 6.0 000/289] 6.0.11-rc1 review Greg Kroah-Hartman
` (247 preceding siblings ...)
2022-11-30 18:23 ` [PATCH 6.0 248/289] drm/amd/display: use uclk pstate latency for fw assisted mclk validation dcn32 Greg Kroah-Hartman
@ 2022-11-30 18:23 ` Greg Kroah-Hartman
2022-11-30 18:23 ` [PATCH 6.0 250/289] drm/amdkfd: Fix a memory limit issue Greg Kroah-Hartman
` (49 subsequent siblings)
298 siblings, 0 replies; 305+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-30 18:23 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Guchun Chen, Alex Deucher, Sasha Levin
From: Guchun Chen <guchun.chen@amd.com>
[ Upstream commit 192039f12233c9063d040266e7c98188c7c89dec ]
Otherwise, some unexpected PCIE AER errors will be observed
in runtime suspend/resume cycle.
Signed-off-by: Guchun Chen <guchun.chen@amd.com>
Acked-by: Alex Deucher <alexander.deucher@amd.com>
Signed-off-by: Alex Deucher <alexander.deucher@amd.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/gpu/drm/amd/pm/swsmu/smu11/sienna_cichlid_ppt.c | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/drivers/gpu/drm/amd/pm/swsmu/smu11/sienna_cichlid_ppt.c b/drivers/gpu/drm/amd/pm/swsmu/smu11/sienna_cichlid_ppt.c
index 8292839bc42a..9ce0dcc5bb90 100644
--- a/drivers/gpu/drm/amd/pm/swsmu/smu11/sienna_cichlid_ppt.c
+++ b/drivers/gpu/drm/amd/pm/swsmu/smu11/sienna_cichlid_ppt.c
@@ -378,6 +378,10 @@ static void sienna_cichlid_check_bxco_support(struct smu_context *smu)
((adev->pdev->device == 0x73BF) &&
(adev->pdev->revision == 0xCF)) ||
((adev->pdev->device == 0x7422) &&
+ (adev->pdev->revision == 0x00)) ||
+ ((adev->pdev->device == 0x73A3) &&
+ (adev->pdev->revision == 0x00)) ||
+ ((adev->pdev->device == 0x73E3) &&
(adev->pdev->revision == 0x00)))
smu_baco->platform_support = false;
--
2.35.1
^ permalink raw reply related [flat|nested] 305+ messages in thread
* [PATCH 6.0 250/289] drm/amdkfd: Fix a memory limit issue
2022-11-30 18:19 [PATCH 6.0 000/289] 6.0.11-rc1 review Greg Kroah-Hartman
` (248 preceding siblings ...)
2022-11-30 18:23 ` [PATCH 6.0 249/289] drm/amdgpu: disable BACO support on more cards Greg Kroah-Hartman
@ 2022-11-30 18:23 ` Greg Kroah-Hartman
2022-11-30 18:23 ` [PATCH 6.0 251/289] zonefs: fix zone report size in __zonefs_io_error() Greg Kroah-Hartman
` (48 subsequent siblings)
298 siblings, 0 replies; 305+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-30 18:23 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Eric Huang, Felix Kuehling,
Alex Deucher, Sasha Levin
From: Eric Huang <jinhuieric.huang@amd.com>
[ Upstream commit 6f9eea4392a178af19360694b1db64f985d0b459 ]
It is to resolve a regression, which fails to allocate
VRAM due to no free memory in application, the reason
is we add check of vram_pin_size for memory limit, and
application is pinning the memory for Peerdirect, KFD
should not count it in memory limit. So removing
vram_pin_size will resolve it.
Signed-off-by: Eric Huang <jinhuieric.huang@amd.com>
Reviewed-by: Felix Kuehling <Felix.Kuehling@amd.com>
Signed-off-by: Alex Deucher <alexander.deucher@amd.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/gpu/drm/amd/amdgpu/amdgpu_amdkfd_gpuvm.c | 4 +---
1 file changed, 1 insertion(+), 3 deletions(-)
diff --git a/drivers/gpu/drm/amd/amdgpu/amdgpu_amdkfd_gpuvm.c b/drivers/gpu/drm/amd/amdgpu/amdgpu_amdkfd_gpuvm.c
index 93ad00453f4b..7db4aef9c45c 100644
--- a/drivers/gpu/drm/amd/amdgpu/amdgpu_amdkfd_gpuvm.c
+++ b/drivers/gpu/drm/amd/amdgpu/amdgpu_amdkfd_gpuvm.c
@@ -170,9 +170,7 @@ int amdgpu_amdkfd_reserve_mem_limit(struct amdgpu_device *adev,
(kfd_mem_limit.ttm_mem_used + ttm_mem_needed >
kfd_mem_limit.max_ttm_mem_limit) ||
(adev && adev->kfd.vram_used + vram_needed >
- adev->gmc.real_vram_size -
- atomic64_read(&adev->vram_pin_size) -
- reserved_for_pt)) {
+ adev->gmc.real_vram_size - reserved_for_pt)) {
ret = -ENOMEM;
goto release;
}
--
2.35.1
^ permalink raw reply related [flat|nested] 305+ messages in thread
* [PATCH 6.0 251/289] zonefs: fix zone report size in __zonefs_io_error()
2022-11-30 18:19 [PATCH 6.0 000/289] 6.0.11-rc1 review Greg Kroah-Hartman
` (249 preceding siblings ...)
2022-11-30 18:23 ` [PATCH 6.0 250/289] drm/amdkfd: Fix a memory limit issue Greg Kroah-Hartman
@ 2022-11-30 18:23 ` Greg Kroah-Hartman
2022-11-30 18:23 ` [PATCH 6.0 252/289] platform/surface: aggregator_registry: Add support for Surface Laptop 5 Greg Kroah-Hartman
` (47 subsequent siblings)
298 siblings, 0 replies; 305+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-30 18:23 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Johannes Thumshirn, Damien Le Moal,
Sasha Levin
From: Damien Le Moal <damien.lemoal@opensource.wdc.com>
[ Upstream commit 7dd12d65ac646046a3fe0bbf9a4e86f4514207b3 ]
When an IO error occurs, the function __zonefs_io_error() is used to
issue a zone report to obtain the latest zone information from the
device. This function gets a zone report for all zones used as storage
for a file, which is always 1 zone except for files representing
aggregated conventional zones.
The number of zones of a zone report for a file is calculated in
__zonefs_io_error() by doing a bit-shift of the inode i_zone_size field,
which is equal to or larger than the device zone size. However, this
calculation does not take into account that the last zone of a zoned
device may be smaller than the zone size reported by bdev_zone_sectors()
(which is used to set the bit shift size). As a result, if an error
occurs for an IO targetting such last smaller zone, the zone report will
ask for 0 zones, leading to an invalid zone report.
Fix this by using the fact that all files require a 1 zone report,
except if the inode i_zone_size field indicates a zone size larger than
the device zone size. This exception case corresponds to a mount with
aggregated conventional zones.
A check for this exception is added to the file inode initialization
during mount. If an invalid setup is detected, emit an error and fail
the mount (check contributed by Johannes Thumshirn).
Signed-off-by: Johannes Thumshirn <johannes.thumshirn@wdc.com>
Signed-off-by: Damien Le Moal <damien.lemoal@opensource.wdc.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
fs/zonefs/super.c | 37 +++++++++++++++++++++++++++----------
1 file changed, 27 insertions(+), 10 deletions(-)
diff --git a/fs/zonefs/super.c b/fs/zonefs/super.c
index dfe7d410d1e4..2c53fbb8d918 100644
--- a/fs/zonefs/super.c
+++ b/fs/zonefs/super.c
@@ -489,14 +489,22 @@ static void __zonefs_io_error(struct inode *inode, bool write)
struct super_block *sb = inode->i_sb;
struct zonefs_sb_info *sbi = ZONEFS_SB(sb);
unsigned int noio_flag;
- unsigned int nr_zones =
- zi->i_zone_size >> (sbi->s_zone_sectors_shift + SECTOR_SHIFT);
+ unsigned int nr_zones = 1;
struct zonefs_ioerr_data err = {
.inode = inode,
.write = write,
};
int ret;
+ /*
+ * The only files that have more than one zone are conventional zone
+ * files with aggregated conventional zones, for which the inode zone
+ * size is always larger than the device zone size.
+ */
+ if (zi->i_zone_size > bdev_zone_sectors(sb->s_bdev))
+ nr_zones = zi->i_zone_size >>
+ (sbi->s_zone_sectors_shift + SECTOR_SHIFT);
+
/*
* Memory allocations in blkdev_report_zones() can trigger a memory
* reclaim which may in turn cause a recursion into zonefs as well as
@@ -1418,6 +1426,14 @@ static int zonefs_init_file_inode(struct inode *inode, struct blk_zone *zone,
zi->i_ztype = type;
zi->i_zsector = zone->start;
zi->i_zone_size = zone->len << SECTOR_SHIFT;
+ if (zi->i_zone_size > bdev_zone_sectors(sb->s_bdev) << SECTOR_SHIFT &&
+ !(sbi->s_features & ZONEFS_F_AGGRCNV)) {
+ zonefs_err(sb,
+ "zone size %llu doesn't match device's zone sectors %llu\n",
+ zi->i_zone_size,
+ bdev_zone_sectors(sb->s_bdev) << SECTOR_SHIFT);
+ return -EINVAL;
+ }
zi->i_max_size = min_t(loff_t, MAX_LFS_FILESIZE,
zone->capacity << SECTOR_SHIFT);
@@ -1467,11 +1483,11 @@ static struct dentry *zonefs_create_inode(struct dentry *parent,
struct inode *dir = d_inode(parent);
struct dentry *dentry;
struct inode *inode;
- int ret;
+ int ret = -ENOMEM;
dentry = d_alloc_name(parent, name);
if (!dentry)
- return NULL;
+ return ERR_PTR(ret);
inode = new_inode(parent->d_sb);
if (!inode)
@@ -1496,7 +1512,7 @@ static struct dentry *zonefs_create_inode(struct dentry *parent,
dput:
dput(dentry);
- return NULL;
+ return ERR_PTR(ret);
}
struct zonefs_zone_data {
@@ -1516,7 +1532,7 @@ static int zonefs_create_zgroup(struct zonefs_zone_data *zd,
struct blk_zone *zone, *next, *end;
const char *zgroup_name;
char *file_name;
- struct dentry *dir;
+ struct dentry *dir, *dent;
unsigned int n = 0;
int ret;
@@ -1534,8 +1550,8 @@ static int zonefs_create_zgroup(struct zonefs_zone_data *zd,
zgroup_name = "seq";
dir = zonefs_create_inode(sb->s_root, zgroup_name, NULL, type);
- if (!dir) {
- ret = -ENOMEM;
+ if (IS_ERR(dir)) {
+ ret = PTR_ERR(dir);
goto free;
}
@@ -1581,8 +1597,9 @@ static int zonefs_create_zgroup(struct zonefs_zone_data *zd,
* Use the file number within its group as file name.
*/
snprintf(file_name, ZONEFS_NAME_MAX - 1, "%u", n);
- if (!zonefs_create_inode(dir, file_name, zone, type)) {
- ret = -ENOMEM;
+ dent = zonefs_create_inode(dir, file_name, zone, type);
+ if (IS_ERR(dent)) {
+ ret = PTR_ERR(dent);
goto free;
}
--
2.35.1
^ permalink raw reply related [flat|nested] 305+ messages in thread
* [PATCH 6.0 252/289] platform/surface: aggregator_registry: Add support for Surface Laptop 5
2022-11-30 18:19 [PATCH 6.0 000/289] 6.0.11-rc1 review Greg Kroah-Hartman
` (250 preceding siblings ...)
2022-11-30 18:23 ` [PATCH 6.0 251/289] zonefs: fix zone report size in __zonefs_io_error() Greg Kroah-Hartman
@ 2022-11-30 18:23 ` Greg Kroah-Hartman
2022-11-30 18:23 ` [PATCH 6.0 253/289] platform/x86: hp-wmi: Ignore Smart Experience App event Greg Kroah-Hartman
` (46 subsequent siblings)
298 siblings, 0 replies; 305+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-30 18:23 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Maximilian Luz, Hans de Goede, Sasha Levin
From: Maximilian Luz <luzmaximilian@gmail.com>
[ Upstream commit 4a567d164d0e0c57e7b694b988db86361f130cb7 ]
Add device nodes to enable support for battery and charger status, the
ACPI platform profile, as well as internal HID devices (including
touchpad and keyboard) on the Surface Laptop 5.
Signed-off-by: Maximilian Luz <luzmaximilian@gmail.com>
Link: https://lore.kernel.org/r/20221115231440.1338142-1-luzmaximilian@gmail.com
Signed-off-by: Hans de Goede <hdegoede@redhat.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
.../surface/surface_aggregator_registry.c | 16 ++++++++++++++++
1 file changed, 16 insertions(+)
diff --git a/drivers/platform/surface/surface_aggregator_registry.c b/drivers/platform/surface/surface_aggregator_registry.c
index db82c2a7c567..023f126121d7 100644
--- a/drivers/platform/surface/surface_aggregator_registry.c
+++ b/drivers/platform/surface/surface_aggregator_registry.c
@@ -234,6 +234,19 @@ static const struct software_node *ssam_node_group_sl3[] = {
NULL,
};
+/* Devices for Surface Laptop 5. */
+static const struct software_node *ssam_node_group_sl5[] = {
+ &ssam_node_root,
+ &ssam_node_bat_ac,
+ &ssam_node_bat_main,
+ &ssam_node_tmp_pprof,
+ &ssam_node_hid_main_keyboard,
+ &ssam_node_hid_main_touchpad,
+ &ssam_node_hid_main_iid5,
+ &ssam_node_hid_sam_ucm_ucsi,
+ NULL,
+};
+
/* Devices for Surface Laptop Studio. */
static const struct software_node *ssam_node_group_sls[] = {
&ssam_node_root,
@@ -345,6 +358,9 @@ static const struct acpi_device_id ssam_platform_hub_match[] = {
/* Surface Laptop 4 (13", Intel) */
{ "MSHW0250", (unsigned long)ssam_node_group_sl3 },
+ /* Surface Laptop 5 */
+ { "MSHW0350", (unsigned long)ssam_node_group_sl5 },
+
/* Surface Laptop Go 1 */
{ "MSHW0118", (unsigned long)ssam_node_group_slg1 },
--
2.35.1
^ permalink raw reply related [flat|nested] 305+ messages in thread
* [PATCH 6.0 253/289] platform/x86: hp-wmi: Ignore Smart Experience App event
2022-11-30 18:19 [PATCH 6.0 000/289] 6.0.11-rc1 review Greg Kroah-Hartman
` (251 preceding siblings ...)
2022-11-30 18:23 ` [PATCH 6.0 252/289] platform/surface: aggregator_registry: Add support for Surface Laptop 5 Greg Kroah-Hartman
@ 2022-11-30 18:23 ` Greg Kroah-Hartman
2022-11-30 18:23 ` [PATCH 6.0 254/289] platform/x86: ideapad-laptop: Fix interrupt storm on fn-lock toggle on some Yoga laptops Greg Kroah-Hartman
` (45 subsequent siblings)
298 siblings, 0 replies; 305+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-30 18:23 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Kai-Heng Feng, Hans de Goede, Sasha Levin
From: Kai-Heng Feng <kai.heng.feng@canonical.com>
[ Upstream commit 8b9b6a044b408283b086702b1d9e3cf4ba45b426 ]
Sometimes hp-wmi driver complains on system resume:
[ 483.116451] hp_wmi: Unknown event_id - 33 - 0x0
According to HP it's a feature called "HP Smart Experience App" and it's
safe to be ignored.
Signed-off-by: Kai-Heng Feng <kai.heng.feng@canonical.com>
Link: https://lore.kernel.org/r/20221114073842.205392-1-kai.heng.feng@canonical.com
Reviewed-by: Hans de Goede <hdegoede@redhat.com>
Signed-off-by: Hans de Goede <hdegoede@redhat.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/platform/x86/hp-wmi.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/drivers/platform/x86/hp-wmi.c b/drivers/platform/x86/hp-wmi.c
index 4fbe91769c91..788381e4c6a6 100644
--- a/drivers/platform/x86/hp-wmi.c
+++ b/drivers/platform/x86/hp-wmi.c
@@ -90,6 +90,7 @@ enum hp_wmi_event_ids {
HPWMI_PEAKSHIFT_PERIOD = 0x0F,
HPWMI_BATTERY_CHARGE_PERIOD = 0x10,
HPWMI_SANITIZATION_MODE = 0x17,
+ HPWMI_SMART_EXPERIENCE_APP = 0x21,
};
/*
@@ -857,6 +858,8 @@ static void hp_wmi_notify(u32 value, void *context)
break;
case HPWMI_SANITIZATION_MODE:
break;
+ case HPWMI_SMART_EXPERIENCE_APP:
+ break;
default:
pr_info("Unknown event_id - %d - 0x%x\n", event_id, event_data);
break;
--
2.35.1
^ permalink raw reply related [flat|nested] 305+ messages in thread
* [PATCH 6.0 254/289] platform/x86: ideapad-laptop: Fix interrupt storm on fn-lock toggle on some Yoga laptops
2022-11-30 18:19 [PATCH 6.0 000/289] 6.0.11-rc1 review Greg Kroah-Hartman
` (252 preceding siblings ...)
2022-11-30 18:23 ` [PATCH 6.0 253/289] platform/x86: hp-wmi: Ignore Smart Experience App event Greg Kroah-Hartman
@ 2022-11-30 18:23 ` Greg Kroah-Hartman
2022-11-30 18:24 ` [PATCH 6.0 255/289] platform/x86: ideapad-laptop: Add module parameters to match DMI quirk tables Greg Kroah-Hartman
` (44 subsequent siblings)
298 siblings, 0 replies; 305+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-30 18:23 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Meng Dong, Arnav Rawat,
Hans de Goede, Sasha Levin
From: Arnav Rawat <arnavr3@illinois.edu>
[ Upstream commit 81a5603a0f50fd7cf17ff21d106052215eaf2028 ]
Commit 3ae86d2d4704 ("platform/x86: ideapad-laptop: Fix Legion 5 Fn lock
LED") uses the WMI event-id for the fn-lock event on some Legion 5 laptops
to manually toggle the fn-lock LED because the EC does not do it itself.
However, the same WMI ID is also sent on some Yoga laptops. Here, setting
the fn-lock state is not valid behavior, and causes the EC to spam
interrupts until the laptop is rebooted.
Add a set_fn_lock_led_list[] DMI-id list and only enable the workaround to
manually set the LED on models on this list.
Link: https://bugzilla.kernel.org/show_bug.cgi?id=212671
Cc: Meng Dong <whenov@gmail.com>
Signed-off-by: Arnav Rawat <arnavr3@illinois.edu>
Link: https://lore.kernel.org/r/12093851.O9o76ZdvQC@fedora
[hdegoede@redhat.com: Check DMI-id list only once and store the result]
Signed-off-by: Hans de Goede <hdegoede@redhat.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/platform/x86/ideapad-laptop.c | 17 +++++++++++++++++
1 file changed, 17 insertions(+)
diff --git a/drivers/platform/x86/ideapad-laptop.c b/drivers/platform/x86/ideapad-laptop.c
index 33b3dfdd1b08..6c460cdc05bb 100644
--- a/drivers/platform/x86/ideapad-laptop.c
+++ b/drivers/platform/x86/ideapad-laptop.c
@@ -136,6 +136,7 @@ struct ideapad_private {
bool dytc : 1;
bool fan_mode : 1;
bool fn_lock : 1;
+ bool set_fn_lock_led : 1;
bool hw_rfkill_switch : 1;
bool kbd_bl : 1;
bool touchpad_ctrl_via_ec : 1;
@@ -1501,6 +1502,9 @@ static void ideapad_wmi_notify(u32 value, void *context)
ideapad_input_report(priv, value);
break;
case 208:
+ if (!priv->features.set_fn_lock_led)
+ break;
+
if (!eval_hals(priv->adev->handle, &result)) {
bool state = test_bit(HALS_FNLOCK_STATE_BIT, &result);
@@ -1514,6 +1518,18 @@ static void ideapad_wmi_notify(u32 value, void *context)
}
#endif
+/* On some models we need to call exec_sals(SALS_FNLOCK_ON/OFF) to set the LED */
+static const struct dmi_system_id set_fn_lock_led_list[] = {
+ {
+ /* https://bugzilla.kernel.org/show_bug.cgi?id=212671 */
+ .matches = {
+ DMI_MATCH(DMI_SYS_VENDOR, "LENOVO"),
+ DMI_MATCH(DMI_PRODUCT_VERSION, "Lenovo Legion R7000P2020H"),
+ }
+ },
+ {}
+};
+
/*
* Some ideapads have a hardware rfkill switch, but most do not have one.
* Reading VPCCMD_R_RF always results in 0 on models without a hardware rfkill,
@@ -1556,6 +1572,7 @@ static void ideapad_check_features(struct ideapad_private *priv)
acpi_handle handle = priv->adev->handle;
unsigned long val;
+ priv->features.set_fn_lock_led = dmi_check_system(set_fn_lock_led_list);
priv->features.hw_rfkill_switch = dmi_check_system(hw_rfkill_list);
/* Most ideapads with ELAN0634 touchpad don't use EC touchpad switch */
--
2.35.1
^ permalink raw reply related [flat|nested] 305+ messages in thread
* [PATCH 6.0 255/289] platform/x86: ideapad-laptop: Add module parameters to match DMI quirk tables
2022-11-30 18:19 [PATCH 6.0 000/289] 6.0.11-rc1 review Greg Kroah-Hartman
` (253 preceding siblings ...)
2022-11-30 18:23 ` [PATCH 6.0 254/289] platform/x86: ideapad-laptop: Fix interrupt storm on fn-lock toggle on some Yoga laptops Greg Kroah-Hartman
@ 2022-11-30 18:24 ` Greg Kroah-Hartman
2022-11-30 18:24 ` [PATCH 6.0 256/289] tcp: configurable source port perturb table size Greg Kroah-Hartman
` (43 subsequent siblings)
298 siblings, 0 replies; 305+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-30 18:24 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Hans de Goede, Sasha Levin
From: Hans de Goede <hdegoede@redhat.com>
[ Upstream commit b44fd994e45112b58b6c1dec4451d9a925784589 ]
Add module parameters to allow setting the hw_rfkill_switch and
set_fn_lock_led feature flags for testing these on laptops which are not
on the DMI-id based allow lists for these 2 flags.
Signed-off-by: Hans de Goede <hdegoede@redhat.com>
Link: https://lore.kernel.org/r/20221115193400.376159-1-hdegoede@redhat.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/platform/x86/ideapad-laptop.c | 22 +++++++++++++++++++---
1 file changed, 19 insertions(+), 3 deletions(-)
diff --git a/drivers/platform/x86/ideapad-laptop.c b/drivers/platform/x86/ideapad-laptop.c
index 6c460cdc05bb..3ea8fc6a9ca3 100644
--- a/drivers/platform/x86/ideapad-laptop.c
+++ b/drivers/platform/x86/ideapad-laptop.c
@@ -155,7 +155,21 @@ MODULE_PARM_DESC(no_bt_rfkill, "No rfkill for bluetooth.");
static bool allow_v4_dytc;
module_param(allow_v4_dytc, bool, 0444);
-MODULE_PARM_DESC(allow_v4_dytc, "Enable DYTC version 4 platform-profile support.");
+MODULE_PARM_DESC(allow_v4_dytc,
+ "Enable DYTC version 4 platform-profile support. "
+ "If you need this please report this to: platform-driver-x86@vger.kernel.org");
+
+static bool hw_rfkill_switch;
+module_param(hw_rfkill_switch, bool, 0444);
+MODULE_PARM_DESC(hw_rfkill_switch,
+ "Enable rfkill support for laptops with a hw on/off wifi switch/slider. "
+ "If you need this please report this to: platform-driver-x86@vger.kernel.org");
+
+static bool set_fn_lock_led;
+module_param(set_fn_lock_led, bool, 0444);
+MODULE_PARM_DESC(set_fn_lock_led,
+ "Enable driver based updates of the fn-lock LED on fn-lock changes. "
+ "If you need this please report this to: platform-driver-x86@vger.kernel.org");
/*
* ACPI Helpers
@@ -1572,8 +1586,10 @@ static void ideapad_check_features(struct ideapad_private *priv)
acpi_handle handle = priv->adev->handle;
unsigned long val;
- priv->features.set_fn_lock_led = dmi_check_system(set_fn_lock_led_list);
- priv->features.hw_rfkill_switch = dmi_check_system(hw_rfkill_list);
+ priv->features.set_fn_lock_led =
+ set_fn_lock_led || dmi_check_system(set_fn_lock_led_list);
+ priv->features.hw_rfkill_switch =
+ hw_rfkill_switch || dmi_check_system(hw_rfkill_list);
/* Most ideapads with ELAN0634 touchpad don't use EC touchpad switch */
if (acpi_dev_present("ELAN0634", NULL, -1))
--
2.35.1
^ permalink raw reply related [flat|nested] 305+ messages in thread
* [PATCH 6.0 256/289] tcp: configurable source port perturb table size
2022-11-30 18:19 [PATCH 6.0 000/289] 6.0.11-rc1 review Greg Kroah-Hartman
` (254 preceding siblings ...)
2022-11-30 18:24 ` [PATCH 6.0 255/289] platform/x86: ideapad-laptop: Add module parameters to match DMI quirk tables Greg Kroah-Hartman
@ 2022-11-30 18:24 ` Greg Kroah-Hartman
2022-11-30 18:24 ` [PATCH 6.0 257/289] block: make blk_set_default_limits() private Greg Kroah-Hartman
` (42 subsequent siblings)
298 siblings, 0 replies; 305+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-30 18:24 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Gleb Mazovetskiy, Kuniyuki Iwashima,
David S. Miller, Sasha Levin
From: Gleb Mazovetskiy <glex.spb@gmail.com>
[ Upstream commit aeac4ec8f46d610a10adbaeff5e2edf6a88ffc62 ]
On embedded systems with little memory and no relevant
security concerns, it is beneficial to reduce the size
of the table.
Reducing the size from 2^16 to 2^8 saves 255 KiB
of kernel RAM.
Makes the table size configurable as an expert option.
The size was previously increased from 2^8 to 2^16
in commit 4c2c8f03a5ab ("tcp: increase source port perturb table to
2^16").
Signed-off-by: Gleb Mazovetskiy <glex.spb@gmail.com>
Reviewed-by: Kuniyuki Iwashima <kuniyu@amazon.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
net/ipv4/Kconfig | 10 ++++++++++
net/ipv4/inet_hashtables.c | 10 +++++-----
2 files changed, 15 insertions(+), 5 deletions(-)
diff --git a/net/ipv4/Kconfig b/net/ipv4/Kconfig
index e983bb0c5012..2dfb12230f08 100644
--- a/net/ipv4/Kconfig
+++ b/net/ipv4/Kconfig
@@ -402,6 +402,16 @@ config INET_IPCOMP
If unsure, say Y.
+config INET_TABLE_PERTURB_ORDER
+ int "INET: Source port perturbation table size (as power of 2)" if EXPERT
+ default 16
+ help
+ Source port perturbation table size (as power of 2) for
+ RFC 6056 3.3.4. Algorithm 4: Double-Hash Port Selection Algorithm.
+
+ The default is almost always what you want.
+ Only change this if you know what you are doing.
+
config INET_XFRM_TUNNEL
tristate
select INET_TUNNEL
diff --git a/net/ipv4/inet_hashtables.c b/net/ipv4/inet_hashtables.c
index f5950a7172d6..1e45fe6276f7 100644
--- a/net/ipv4/inet_hashtables.c
+++ b/net/ipv4/inet_hashtables.c
@@ -679,13 +679,13 @@ EXPORT_SYMBOL_GPL(inet_unhash);
* Note that we use 32bit integers (vs RFC 'short integers')
* because 2^16 is not a multiple of num_ephemeral and this
* property might be used by clever attacker.
+ *
* RFC claims using TABLE_LENGTH=10 buckets gives an improvement, though
- * attacks were since demonstrated, thus we use 65536 instead to really
- * give more isolation and privacy, at the expense of 256kB of kernel
- * memory.
+ * attacks were since demonstrated, thus we use 65536 by default instead
+ * to really give more isolation and privacy, at the expense of 256kB
+ * of kernel memory.
*/
-#define INET_TABLE_PERTURB_SHIFT 16
-#define INET_TABLE_PERTURB_SIZE (1 << INET_TABLE_PERTURB_SHIFT)
+#define INET_TABLE_PERTURB_SIZE (1 << CONFIG_INET_TABLE_PERTURB_ORDER)
static u32 *table_perturb;
int __inet_hash_connect(struct inet_timewait_death_row *death_row,
--
2.35.1
^ permalink raw reply related [flat|nested] 305+ messages in thread
* [PATCH 6.0 257/289] block: make blk_set_default_limits() private
2022-11-30 18:19 [PATCH 6.0 000/289] 6.0.11-rc1 review Greg Kroah-Hartman
` (255 preceding siblings ...)
2022-11-30 18:24 ` [PATCH 6.0 256/289] tcp: configurable source port perturb table size Greg Kroah-Hartman
@ 2022-11-30 18:24 ` Greg Kroah-Hartman
2022-11-30 18:24 ` [PATCH 6.0 258/289] dm-integrity: set dma_alignment limit in io_hints Greg Kroah-Hartman
` (41 subsequent siblings)
298 siblings, 0 replies; 305+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-30 18:24 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Keith Busch, Christoph Hellwig,
Jens Axboe, Sasha Levin
From: Keith Busch <kbusch@kernel.org>
[ Upstream commit b3228254bb6e91e57f920227f72a1a7d81925d81 ]
There are no external users of this function.
Signed-off-by: Keith Busch <kbusch@kernel.org>
Reviewed-by: Christoph Hellwig <hch@lst.de>
Link: https://lore.kernel.org/r/20221110184501.2451620-4-kbusch@meta.com
Signed-off-by: Jens Axboe <axboe@kernel.dk>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
block/blk-settings.c | 1 -
block/blk.h | 1 +
include/linux/blkdev.h | 1 -
3 files changed, 1 insertion(+), 2 deletions(-)
diff --git a/block/blk-settings.c b/block/blk-settings.c
index 4949ed3ce7c9..8ac1038d0c79 100644
--- a/block/blk-settings.c
+++ b/block/blk-settings.c
@@ -59,7 +59,6 @@ void blk_set_default_limits(struct queue_limits *lim)
lim->zone_write_granularity = 0;
lim->dma_alignment = 511;
}
-EXPORT_SYMBOL(blk_set_default_limits);
/**
* blk_set_stacking_limits - set default limits for stacking devices
diff --git a/block/blk.h b/block/blk.h
index 52432eab621e..ff0bec16f0fa 100644
--- a/block/blk.h
+++ b/block/blk.h
@@ -324,6 +324,7 @@ void blk_rq_set_mixed_merge(struct request *rq);
bool blk_rq_merge_ok(struct request *rq, struct bio *bio);
enum elv_merge blk_try_merge(struct request *rq, struct bio *bio);
+void blk_set_default_limits(struct queue_limits *lim);
int blk_dev_init(void);
/*
diff --git a/include/linux/blkdev.h b/include/linux/blkdev.h
index 79624711fda7..e6bf06dc0770 100644
--- a/include/linux/blkdev.h
+++ b/include/linux/blkdev.h
@@ -946,7 +946,6 @@ extern void blk_queue_io_min(struct request_queue *q, unsigned int min);
extern void blk_limits_io_opt(struct queue_limits *limits, unsigned int opt);
extern void blk_queue_io_opt(struct request_queue *q, unsigned int opt);
extern void blk_set_queue_depth(struct request_queue *q, unsigned int depth);
-extern void blk_set_default_limits(struct queue_limits *lim);
extern void blk_set_stacking_limits(struct queue_limits *lim);
extern int blk_stack_limits(struct queue_limits *t, struct queue_limits *b,
sector_t offset);
--
2.35.1
^ permalink raw reply related [flat|nested] 305+ messages in thread
* [PATCH 6.0 258/289] dm-integrity: set dma_alignment limit in io_hints
2022-11-30 18:19 [PATCH 6.0 000/289] 6.0.11-rc1 review Greg Kroah-Hartman
` (256 preceding siblings ...)
2022-11-30 18:24 ` [PATCH 6.0 257/289] block: make blk_set_default_limits() private Greg Kroah-Hartman
@ 2022-11-30 18:24 ` Greg Kroah-Hartman
2022-11-30 18:24 ` [PATCH 6.0 259/289] dm-log-writes: " Greg Kroah-Hartman
` (40 subsequent siblings)
298 siblings, 0 replies; 305+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-30 18:24 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Keith Busch, Mike Snitzer,
Jens Axboe, Sasha Levin
From: Keith Busch <kbusch@kernel.org>
[ Upstream commit 29aa778bb66795e6a78b1c99beadc83887827868 ]
This device mapper needs bio vectors to be sized and memory aligned to
the logical block size. Set the minimum required queue limit
accordingly.
Signed-off-by: Keith Busch <kbusch@kernel.org>
Reviewed-by: Mike Snitzer <snitzer@kernel.org>
Link: https://lore.kernel.org/r/20221110184501.2451620-5-kbusch@meta.com
Signed-off-by: Jens Axboe <axboe@kernel.dk>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/md/dm-integrity.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/drivers/md/dm-integrity.c b/drivers/md/dm-integrity.c
index aaf2472df6e5..e1e7b205573f 100644
--- a/drivers/md/dm-integrity.c
+++ b/drivers/md/dm-integrity.c
@@ -3370,6 +3370,7 @@ static void dm_integrity_io_hints(struct dm_target *ti, struct queue_limits *lim
limits->logical_block_size = ic->sectors_per_block << SECTOR_SHIFT;
limits->physical_block_size = ic->sectors_per_block << SECTOR_SHIFT;
blk_limits_io_min(limits, ic->sectors_per_block << SECTOR_SHIFT);
+ limits->dma_alignment = limits->logical_block_size - 1;
}
}
--
2.35.1
^ permalink raw reply related [flat|nested] 305+ messages in thread
* [PATCH 6.0 259/289] dm-log-writes: set dma_alignment limit in io_hints
2022-11-30 18:19 [PATCH 6.0 000/289] 6.0.11-rc1 review Greg Kroah-Hartman
` (257 preceding siblings ...)
2022-11-30 18:24 ` [PATCH 6.0 258/289] dm-integrity: set dma_alignment limit in io_hints Greg Kroah-Hartman
@ 2022-11-30 18:24 ` Greg Kroah-Hartman
2022-11-30 18:24 ` [PATCH 6.0 260/289] net: usb: qmi_wwan: add Telit 0x103a composition Greg Kroah-Hartman
` (39 subsequent siblings)
298 siblings, 0 replies; 305+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-30 18:24 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Keith Busch, Mike Snitzer,
Jens Axboe, Sasha Levin
From: Keith Busch <kbusch@kernel.org>
[ Upstream commit 50a893359cd2643ee1afc96eedc9e7084cab49fa ]
This device mapper needs bio vectors to be sized and memory aligned to
the logical block size. Set the minimum required queue limit
accordingly.
Signed-off-by: Keith Busch <kbusch@kernel.org>
Reviewed-by: Mike Snitzer <snitzer@kernel.org>
Link: https://lore.kernel.org/r/20221110184501.2451620-6-kbusch@meta.com
Signed-off-by: Jens Axboe <axboe@kernel.dk>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/md/dm-log-writes.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/drivers/md/dm-log-writes.c b/drivers/md/dm-log-writes.c
index 20fd688f72e7..178e13a5b059 100644
--- a/drivers/md/dm-log-writes.c
+++ b/drivers/md/dm-log-writes.c
@@ -875,6 +875,7 @@ static void log_writes_io_hints(struct dm_target *ti, struct queue_limits *limit
limits->logical_block_size = bdev_logical_block_size(lc->dev->bdev);
limits->physical_block_size = bdev_physical_block_size(lc->dev->bdev);
limits->io_min = limits->physical_block_size;
+ limits->dma_alignment = limits->logical_block_size - 1;
}
#if IS_ENABLED(CONFIG_FS_DAX)
--
2.35.1
^ permalink raw reply related [flat|nested] 305+ messages in thread
* [PATCH 6.0 260/289] net: usb: qmi_wwan: add Telit 0x103a composition
2022-11-30 18:19 [PATCH 6.0 000/289] 6.0.11-rc1 review Greg Kroah-Hartman
` (258 preceding siblings ...)
2022-11-30 18:24 ` [PATCH 6.0 259/289] dm-log-writes: " Greg Kroah-Hartman
@ 2022-11-30 18:24 ` Greg Kroah-Hartman
2022-11-30 18:24 ` [PATCH 6.0 261/289] scsi: mpi3mr: Suppress command reply debug prints Greg Kroah-Hartman
` (38 subsequent siblings)
298 siblings, 0 replies; 305+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-30 18:24 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Enrico Sau, Bjørn Mork,
Paolo Abeni, Sasha Levin
From: Enrico Sau <enrico.sau@gmail.com>
[ Upstream commit e103ba33998d0f25653cc8ebe745b68d1ee10cda ]
Add the following Telit LE910C4-WWX composition:
0x103a: rmnet
Signed-off-by: Enrico Sau <enrico.sau@gmail.com>
Acked-by: Bjørn Mork <bjorn@mork.no>
Link: https://lore.kernel.org/r/20221115105859.14324-1-enrico.sau@gmail.com
Signed-off-by: Paolo Abeni <pabeni@redhat.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/usb/qmi_wwan.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/drivers/net/usb/qmi_wwan.c b/drivers/net/usb/qmi_wwan.c
index 26c34a7c21bd..afd6faa4c2ec 100644
--- a/drivers/net/usb/qmi_wwan.c
+++ b/drivers/net/usb/qmi_wwan.c
@@ -1357,6 +1357,7 @@ static const struct usb_device_id products[] = {
{QMI_FIXED_INTF(0x2357, 0x0201, 4)}, /* TP-LINK HSUPA Modem MA180 */
{QMI_FIXED_INTF(0x2357, 0x9000, 4)}, /* TP-LINK MA260 */
{QMI_QUIRK_SET_DTR(0x1bc7, 0x1031, 3)}, /* Telit LE910C1-EUX */
+ {QMI_QUIRK_SET_DTR(0x1bc7, 0x103a, 0)}, /* Telit LE910C4-WWX */
{QMI_QUIRK_SET_DTR(0x1bc7, 0x1040, 2)}, /* Telit LE922A */
{QMI_QUIRK_SET_DTR(0x1bc7, 0x1050, 2)}, /* Telit FN980 */
{QMI_QUIRK_SET_DTR(0x1bc7, 0x1057, 2)}, /* Telit FN980 */
--
2.35.1
^ permalink raw reply related [flat|nested] 305+ messages in thread
* [PATCH 6.0 261/289] scsi: mpi3mr: Suppress command reply debug prints
2022-11-30 18:19 [PATCH 6.0 000/289] 6.0.11-rc1 review Greg Kroah-Hartman
` (259 preceding siblings ...)
2022-11-30 18:24 ` [PATCH 6.0 260/289] net: usb: qmi_wwan: add Telit 0x103a composition Greg Kroah-Hartman
@ 2022-11-30 18:24 ` Greg Kroah-Hartman
2022-11-30 18:24 ` [PATCH 6.0 262/289] scsi: iscsi: Fix possible memory leak when device_register() failed Greg Kroah-Hartman
` (37 subsequent siblings)
298 siblings, 0 replies; 305+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-30 18:24 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Shinichiro Kawasaki, Damien Le Moal,
Martin K. Petersen, Sasha Levin
From: Shin'ichiro Kawasaki <shinichiro.kawasaki@wdc.com>
[ Upstream commit 7d21fcfb409500dc9b114567f0ef8d30b3190dee ]
After it receives command reply, mpi3mr driver checks command result. If
the result is not zero, it prints out command information. This debug
information is confusing since they are printed even when the non-zero
result is expected. "Power-on or device reset occurred" is printed for Test
Unit Ready command at drive detection. Inquiry failure for unsupported VPD
page header is also printed. They are harmless but look like failures.
To avoid the confusion, print the command reply debug information only when
the module parameter logging_level has value MPI3_DEBUG_SCSI_ERROR= 64, in
same manner as mpt3sas driver.
Signed-off-by: Shin'ichiro Kawasaki <shinichiro.kawasaki@wdc.com>
Link: https://lore.kernel.org/r/20221111014449.1649968-1-shinichiro.kawasaki@wdc.com
Reviewed-by: Damien Le Moal <damien.lemoal@opensource.wdc.com>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/scsi/mpi3mr/mpi3mr_os.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/drivers/scsi/mpi3mr/mpi3mr_os.c b/drivers/scsi/mpi3mr/mpi3mr_os.c
index bfa1165e23b6..1b4d1e562de8 100644
--- a/drivers/scsi/mpi3mr/mpi3mr_os.c
+++ b/drivers/scsi/mpi3mr/mpi3mr_os.c
@@ -2930,7 +2930,8 @@ void mpi3mr_process_op_reply_desc(struct mpi3mr_ioc *mrioc,
}
if (scmd->result != (DID_OK << 16) && (scmd->cmnd[0] != ATA_12) &&
- (scmd->cmnd[0] != ATA_16)) {
+ (scmd->cmnd[0] != ATA_16) &&
+ mrioc->logging_level & MPI3_DEBUG_SCSI_ERROR) {
ioc_info(mrioc, "%s :scmd->result 0x%x\n", __func__,
scmd->result);
scsi_print_command(scmd);
--
2.35.1
^ permalink raw reply related [flat|nested] 305+ messages in thread
* [PATCH 6.0 262/289] scsi: iscsi: Fix possible memory leak when device_register() failed
2022-11-30 18:19 [PATCH 6.0 000/289] 6.0.11-rc1 review Greg Kroah-Hartman
` (260 preceding siblings ...)
2022-11-30 18:24 ` [PATCH 6.0 261/289] scsi: mpi3mr: Suppress command reply debug prints Greg Kroah-Hartman
@ 2022-11-30 18:24 ` Greg Kroah-Hartman
2022-11-30 18:24 ` [PATCH 6.0 263/289] gpu: host1x: Avoid trying to use GART on Tegra20 Greg Kroah-Hartman
` (36 subsequent siblings)
298 siblings, 0 replies; 305+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-30 18:24 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Zhou Guanghui, Mike Christie,
Martin K. Petersen, Sasha Levin
From: Zhou Guanghui <zhouguanghui1@huawei.com>
[ Upstream commit f014165faa7b953b81dcbf18835936e5f8d01f2a ]
If device_register() returns error, the name allocated by the
dev_set_name() need be freed. As described in the comment of
device_register(), we should use put_device() to give up the reference in
the error path.
Fix this by calling put_device(), the name will be freed in the
kobject_cleanup(), and this patch modified resources will be released by
calling the corresponding callback function in the device_release().
Signed-off-by: Zhou Guanghui <zhouguanghui1@huawei.com>
Link: https://lore.kernel.org/r/20221110033729.1555-1-zhouguanghui1@huawei.com
Reviewed-by: Mike Christie <michael.christie@oracle.com>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/scsi/scsi_transport_iscsi.c | 31 +++++++++++++++--------------
1 file changed, 16 insertions(+), 15 deletions(-)
diff --git a/drivers/scsi/scsi_transport_iscsi.c b/drivers/scsi/scsi_transport_iscsi.c
index cd3db9684e52..f473c002fa4d 100644
--- a/drivers/scsi/scsi_transport_iscsi.c
+++ b/drivers/scsi/scsi_transport_iscsi.c
@@ -231,7 +231,7 @@ iscsi_create_endpoint(int dd_size)
dev_set_name(&ep->dev, "ep-%d", id);
err = device_register(&ep->dev);
if (err)
- goto free_id;
+ goto put_dev;
err = sysfs_create_group(&ep->dev.kobj, &iscsi_endpoint_group);
if (err)
@@ -245,10 +245,12 @@ iscsi_create_endpoint(int dd_size)
device_unregister(&ep->dev);
return NULL;
-free_id:
+put_dev:
mutex_lock(&iscsi_ep_idr_mutex);
idr_remove(&iscsi_ep_idr, id);
mutex_unlock(&iscsi_ep_idr_mutex);
+ put_device(&ep->dev);
+ return NULL;
free_ep:
kfree(ep);
return NULL;
@@ -766,7 +768,7 @@ iscsi_create_iface(struct Scsi_Host *shost, struct iscsi_transport *transport,
err = device_register(&iface->dev);
if (err)
- goto free_iface;
+ goto put_dev;
err = sysfs_create_group(&iface->dev.kobj, &iscsi_iface_group);
if (err)
@@ -780,9 +782,8 @@ iscsi_create_iface(struct Scsi_Host *shost, struct iscsi_transport *transport,
device_unregister(&iface->dev);
return NULL;
-free_iface:
- put_device(iface->dev.parent);
- kfree(iface);
+put_dev:
+ put_device(&iface->dev);
return NULL;
}
EXPORT_SYMBOL_GPL(iscsi_create_iface);
@@ -1251,15 +1252,15 @@ iscsi_create_flashnode_sess(struct Scsi_Host *shost, int index,
err = device_register(&fnode_sess->dev);
if (err)
- goto free_fnode_sess;
+ goto put_dev;
if (dd_size)
fnode_sess->dd_data = &fnode_sess[1];
return fnode_sess;
-free_fnode_sess:
- kfree(fnode_sess);
+put_dev:
+ put_device(&fnode_sess->dev);
return NULL;
}
EXPORT_SYMBOL_GPL(iscsi_create_flashnode_sess);
@@ -1299,15 +1300,15 @@ iscsi_create_flashnode_conn(struct Scsi_Host *shost,
err = device_register(&fnode_conn->dev);
if (err)
- goto free_fnode_conn;
+ goto put_dev;
if (dd_size)
fnode_conn->dd_data = &fnode_conn[1];
return fnode_conn;
-free_fnode_conn:
- kfree(fnode_conn);
+put_dev:
+ put_device(&fnode_conn->dev);
return NULL;
}
EXPORT_SYMBOL_GPL(iscsi_create_flashnode_conn);
@@ -4815,7 +4816,7 @@ iscsi_register_transport(struct iscsi_transport *tt)
dev_set_name(&priv->dev, "%s", tt->name);
err = device_register(&priv->dev);
if (err)
- goto free_priv;
+ goto put_dev;
err = sysfs_create_group(&priv->dev.kobj, &iscsi_transport_group);
if (err)
@@ -4850,8 +4851,8 @@ iscsi_register_transport(struct iscsi_transport *tt)
unregister_dev:
device_unregister(&priv->dev);
return NULL;
-free_priv:
- kfree(priv);
+put_dev:
+ put_device(&priv->dev);
return NULL;
}
EXPORT_SYMBOL_GPL(iscsi_register_transport);
--
2.35.1
^ permalink raw reply related [flat|nested] 305+ messages in thread
* [PATCH 6.0 263/289] gpu: host1x: Avoid trying to use GART on Tegra20
2022-11-30 18:19 [PATCH 6.0 000/289] 6.0.11-rc1 review Greg Kroah-Hartman
` (261 preceding siblings ...)
2022-11-30 18:24 ` [PATCH 6.0 262/289] scsi: iscsi: Fix possible memory leak when device_register() failed Greg Kroah-Hartman
@ 2022-11-30 18:24 ` Greg Kroah-Hartman
2022-11-30 18:24 ` [PATCH 6.0 264/289] dm integrity: flush the journal on suspend Greg Kroah-Hartman
` (35 subsequent siblings)
298 siblings, 0 replies; 305+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-30 18:24 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Jon Hunter, Dmitry Osipenko,
Robin Murphy, Thierry Reding, Sasha Levin
From: Robin Murphy <robin.murphy@arm.com>
[ Upstream commit c2418f911a31a266af4fbaca998dc73d3676475a ]
Since commit c7e3ca515e78 ("iommu/tegra: gart: Do not register with
bus") quite some time ago, the GART driver has effectively disabled
itself to avoid issues with the GPU driver expecting it to work in ways
that it doesn't. As of commit 57365a04c921 ("iommu: Move bus setup to
IOMMU device registration") that bodge no longer works, but really the
GPU driver should be responsible for its own behaviour anyway. Make the
workaround explicit.
Reported-by: Jon Hunter <jonathanh@nvidia.com>
Suggested-by: Dmitry Osipenko <digetx@gmail.com>
Signed-off-by: Robin Murphy <robin.murphy@arm.com>
Tested-by: Jon Hunter <jonathanh@nvidia.com>
Signed-off-by: Thierry Reding <treding@nvidia.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/gpu/drm/tegra/drm.c | 4 ++++
drivers/gpu/host1x/dev.c | 4 ++++
2 files changed, 8 insertions(+)
diff --git a/drivers/gpu/drm/tegra/drm.c b/drivers/gpu/drm/tegra/drm.c
index 6748ec1e0005..a1f909dac89a 100644
--- a/drivers/gpu/drm/tegra/drm.c
+++ b/drivers/gpu/drm/tegra/drm.c
@@ -1093,6 +1093,10 @@ static bool host1x_drm_wants_iommu(struct host1x_device *dev)
struct host1x *host1x = dev_get_drvdata(dev->dev.parent);
struct iommu_domain *domain;
+ /* Our IOMMU usage policy doesn't currently play well with GART */
+ if (of_machine_is_compatible("nvidia,tegra20"))
+ return false;
+
/*
* If the Tegra DRM clients are backed by an IOMMU, push buffers are
* likely to be allocated beyond the 32-bit boundary if sufficient
diff --git a/drivers/gpu/host1x/dev.c b/drivers/gpu/host1x/dev.c
index 0cd3f97e7e49..f60ea24db0ec 100644
--- a/drivers/gpu/host1x/dev.c
+++ b/drivers/gpu/host1x/dev.c
@@ -292,6 +292,10 @@ static void host1x_setup_virtualization_tables(struct host1x *host)
static bool host1x_wants_iommu(struct host1x *host1x)
{
+ /* Our IOMMU usage policy doesn't currently play well with GART */
+ if (of_machine_is_compatible("nvidia,tegra20"))
+ return false;
+
/*
* If we support addressing a maximum of 32 bits of physical memory
* and if the host1x firewall is enabled, there's no need to enable
--
2.35.1
^ permalink raw reply related [flat|nested] 305+ messages in thread
* [PATCH 6.0 264/289] dm integrity: flush the journal on suspend
2022-11-30 18:19 [PATCH 6.0 000/289] 6.0.11-rc1 review Greg Kroah-Hartman
` (262 preceding siblings ...)
2022-11-30 18:24 ` [PATCH 6.0 263/289] gpu: host1x: Avoid trying to use GART on Tegra20 Greg Kroah-Hartman
@ 2022-11-30 18:24 ` Greg Kroah-Hartman
2022-11-30 18:24 ` [PATCH 6.0 265/289] dm integrity: clear " Greg Kroah-Hartman
` (34 subsequent siblings)
298 siblings, 0 replies; 305+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-30 18:24 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Mikulas Patocka, Mike Snitzer, Sasha Levin
From: Mikulas Patocka <mpatocka@redhat.com>
[ Upstream commit 5e5dab5ec763d600fe0a67837dd9155bdc42f961 ]
This commit flushes the journal on suspend. It is prerequisite for the
next commit that enables activating dm integrity devices in read-only mode.
Note that we deliberately didn't flush the journal on suspend, so that the
journal replay code would be tested. However, the dm-integrity code is 5
years old now, so that journal replay is well-tested, and we can make this
change now.
Signed-off-by: Mikulas Patocka <mpatocka@redhat.com>
Signed-off-by: Mike Snitzer <snitzer@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/md/dm-integrity.c | 7 +------
1 file changed, 1 insertion(+), 6 deletions(-)
diff --git a/drivers/md/dm-integrity.c b/drivers/md/dm-integrity.c
index e1e7b205573f..f26a6cd09e0c 100644
--- a/drivers/md/dm-integrity.c
+++ b/drivers/md/dm-integrity.c
@@ -2591,10 +2591,6 @@ static void integrity_writer(struct work_struct *w)
unsigned prev_free_sectors;
- /* the following test is not needed, but it tests the replay code */
- if (unlikely(dm_post_suspending(ic->ti)) && !ic->meta_dev)
- return;
-
spin_lock_irq(&ic->endio_wait.lock);
write_start = ic->committed_section;
write_sections = ic->n_committed_sections;
@@ -3101,8 +3097,7 @@ static void dm_integrity_postsuspend(struct dm_target *ti)
drain_workqueue(ic->commit_wq);
if (ic->mode == 'J') {
- if (ic->meta_dev)
- queue_work(ic->writer_wq, &ic->writer_work);
+ queue_work(ic->writer_wq, &ic->writer_work);
drain_workqueue(ic->writer_wq);
dm_integrity_flush_buffers(ic, true);
}
--
2.35.1
^ permalink raw reply related [flat|nested] 305+ messages in thread
* [PATCH 6.0 265/289] dm integrity: clear the journal on suspend
2022-11-30 18:19 [PATCH 6.0 000/289] 6.0.11-rc1 review Greg Kroah-Hartman
` (263 preceding siblings ...)
2022-11-30 18:24 ` [PATCH 6.0 264/289] dm integrity: flush the journal on suspend Greg Kroah-Hartman
@ 2022-11-30 18:24 ` Greg Kroah-Hartman
2022-11-30 18:24 ` [PATCH 6.0 266/289] fuse: lock inode unconditionally in fuse_fallocate() Greg Kroah-Hartman
` (33 subsequent siblings)
298 siblings, 0 replies; 305+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-30 18:24 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Mikulas Patocka, Mike Snitzer, Sasha Levin
From: Mikulas Patocka <mpatocka@redhat.com>
[ Upstream commit 984bf2cc531e778e49298fdf6730e0396166aa21 ]
There was a problem that a user burned a dm-integrity image on CDROM
and could not activate it because it had a non-empty journal.
Fix this problem by flushing the journal (done by the previous commit)
and clearing the journal (done by this commit). Once the journal is
cleared, dm-integrity won't attempt to replay it on the next
activation.
Signed-off-by: Mikulas Patocka <mpatocka@redhat.com>
Signed-off-by: Mike Snitzer <snitzer@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/md/dm-integrity.c | 13 +++++++++++++
1 file changed, 13 insertions(+)
diff --git a/drivers/md/dm-integrity.c b/drivers/md/dm-integrity.c
index f26a6cd09e0c..e97e9f97456d 100644
--- a/drivers/md/dm-integrity.c
+++ b/drivers/md/dm-integrity.c
@@ -263,6 +263,7 @@ struct dm_integrity_c {
struct completion crypto_backoff;
+ bool wrote_to_journal;
bool journal_uptodate;
bool just_formatted;
bool recalculate_flag;
@@ -2375,6 +2376,8 @@ static void integrity_commit(struct work_struct *w)
if (!commit_sections)
goto release_flush_bios;
+ ic->wrote_to_journal = true;
+
i = commit_start;
for (n = 0; n < commit_sections; n++) {
for (j = 0; j < ic->journal_section_entries; j++) {
@@ -3100,6 +3103,14 @@ static void dm_integrity_postsuspend(struct dm_target *ti)
queue_work(ic->writer_wq, &ic->writer_work);
drain_workqueue(ic->writer_wq);
dm_integrity_flush_buffers(ic, true);
+ if (ic->wrote_to_journal) {
+ init_journal(ic, ic->free_section,
+ ic->journal_sections - ic->free_section, ic->commit_seq);
+ if (ic->free_section) {
+ init_journal(ic, 0, ic->free_section,
+ next_commit_seq(ic->commit_seq));
+ }
+ }
}
if (ic->mode == 'B') {
@@ -3127,6 +3138,8 @@ static void dm_integrity_resume(struct dm_target *ti)
DEBUG_print("resume\n");
+ ic->wrote_to_journal = false;
+
if (ic->provided_data_sectors != old_provided_data_sectors) {
if (ic->provided_data_sectors > old_provided_data_sectors &&
ic->mode == 'B' &&
--
2.35.1
^ permalink raw reply related [flat|nested] 305+ messages in thread
* [PATCH 6.0 266/289] fuse: lock inode unconditionally in fuse_fallocate()
2022-11-30 18:19 [PATCH 6.0 000/289] 6.0.11-rc1 review Greg Kroah-Hartman
` (264 preceding siblings ...)
2022-11-30 18:24 ` [PATCH 6.0 265/289] dm integrity: clear " Greg Kroah-Hartman
@ 2022-11-30 18:24 ` Greg Kroah-Hartman
2022-11-30 18:24 ` [PATCH 6.0 267/289] wifi: wilc1000: validate pairwise and authentication suite offsets Greg Kroah-Hartman
` (32 subsequent siblings)
298 siblings, 0 replies; 305+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-30 18:24 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Pengfei Xu, Miklos Szeredi,
syzbot+462da39f0667b357c4b6
From: Miklos Szeredi <mszeredi@redhat.com>
commit 44361e8cf9ddb23f17bdcc40ca944abf32e83e79 upstream.
file_modified() must be called with inode lock held. fuse_fallocate()
didn't lock the inode in case of just FALLOC_KEEP_SIZE flags value, which
resulted in a kernel Warning in notify_change().
Lock the inode unconditionally, like all other fallocate implementations
do.
Reported-by: Pengfei Xu <pengfei.xu@intel.com>
Reported-and-tested-by: syzbot+462da39f0667b357c4b6@syzkaller.appspotmail.com
Fixes: 4a6f278d4827 ("fuse: add file_modified() to fallocate")
Signed-off-by: Miklos Szeredi <mszeredi@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/fuse/file.c | 41 ++++++++++++++++++-----------------------
1 file changed, 18 insertions(+), 23 deletions(-)
--- a/fs/fuse/file.c
+++ b/fs/fuse/file.c
@@ -2963,11 +2963,9 @@ static long fuse_file_fallocate(struct f
.mode = mode
};
int err;
- bool lock_inode = !(mode & FALLOC_FL_KEEP_SIZE) ||
- (mode & (FALLOC_FL_PUNCH_HOLE |
- FALLOC_FL_ZERO_RANGE));
-
- bool block_faults = FUSE_IS_DAX(inode) && lock_inode;
+ bool block_faults = FUSE_IS_DAX(inode) &&
+ (!(mode & FALLOC_FL_KEEP_SIZE) ||
+ (mode & (FALLOC_FL_PUNCH_HOLE | FALLOC_FL_ZERO_RANGE)));
if (mode & ~(FALLOC_FL_KEEP_SIZE | FALLOC_FL_PUNCH_HOLE |
FALLOC_FL_ZERO_RANGE))
@@ -2976,22 +2974,20 @@ static long fuse_file_fallocate(struct f
if (fm->fc->no_fallocate)
return -EOPNOTSUPP;
- if (lock_inode) {
- inode_lock(inode);
- if (block_faults) {
- filemap_invalidate_lock(inode->i_mapping);
- err = fuse_dax_break_layouts(inode, 0, 0);
- if (err)
- goto out;
- }
-
- if (mode & (FALLOC_FL_PUNCH_HOLE | FALLOC_FL_ZERO_RANGE)) {
- loff_t endbyte = offset + length - 1;
-
- err = fuse_writeback_range(inode, offset, endbyte);
- if (err)
- goto out;
- }
+ inode_lock(inode);
+ if (block_faults) {
+ filemap_invalidate_lock(inode->i_mapping);
+ err = fuse_dax_break_layouts(inode, 0, 0);
+ if (err)
+ goto out;
+ }
+
+ if (mode & (FALLOC_FL_PUNCH_HOLE | FALLOC_FL_ZERO_RANGE)) {
+ loff_t endbyte = offset + length - 1;
+
+ err = fuse_writeback_range(inode, offset, endbyte);
+ if (err)
+ goto out;
}
if (!(mode & FALLOC_FL_KEEP_SIZE) &&
@@ -3039,8 +3035,7 @@ out:
if (block_faults)
filemap_invalidate_unlock(inode->i_mapping);
- if (lock_inode)
- inode_unlock(inode);
+ inode_unlock(inode);
fuse_flush_time_update(inode);
^ permalink raw reply [flat|nested] 305+ messages in thread
* [PATCH 6.0 267/289] wifi: wilc1000: validate pairwise and authentication suite offsets
2022-11-30 18:19 [PATCH 6.0 000/289] 6.0.11-rc1 review Greg Kroah-Hartman
` (265 preceding siblings ...)
2022-11-30 18:24 ` [PATCH 6.0 266/289] fuse: lock inode unconditionally in fuse_fallocate() Greg Kroah-Hartman
@ 2022-11-30 18:24 ` Greg Kroah-Hartman
2022-11-30 18:24 ` [PATCH 6.0 268/289] wifi: wilc1000: validate length of IEEE80211_P2P_ATTR_OPER_CHANNEL attribute Greg Kroah-Hartman
` (31 subsequent siblings)
298 siblings, 0 replies; 305+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-30 18:24 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Phil Turnbull, Ajay Kathat, Kalle Valo
From: Phil Turnbull <philipturnbull@github.com>
commit cd21d99e595ec1d8721e1058dcdd4f1f7de1d793 upstream.
There is no validation of 'offset' which can trigger an out-of-bounds
read when extracting RSN capabilities.
Signed-off-by: Phil Turnbull <philipturnbull@github.com>
Tested-by: Ajay Kathat <ajay.kathat@microchip.com>
Acked-by: Ajay Kathat <ajay.kathat@microchip.com>
Signed-off-by: Kalle Valo <kvalo@kernel.org>
Link: https://lore.kernel.org/r/20221123153543.8568-2-philipturnbull@github.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/net/wireless/microchip/wilc1000/hif.c | 21 ++++++++++++++++-----
1 file changed, 16 insertions(+), 5 deletions(-)
--- a/drivers/net/wireless/microchip/wilc1000/hif.c
+++ b/drivers/net/wireless/microchip/wilc1000/hif.c
@@ -482,14 +482,25 @@ void *wilc_parse_join_bss_param(struct c
rsn_ie = cfg80211_find_ie(WLAN_EID_RSN, ies->data, ies->len);
if (rsn_ie) {
+ int rsn_ie_len = sizeof(struct element) + rsn_ie[1];
int offset = 8;
- param->mode_802_11i = 2;
- param->rsn_found = true;
/* extract RSN capabilities */
- offset += (rsn_ie[offset] * 4) + 2;
- offset += (rsn_ie[offset] * 4) + 2;
- memcpy(param->rsn_cap, &rsn_ie[offset], 2);
+ if (offset < rsn_ie_len) {
+ /* skip over pairwise suites */
+ offset += (rsn_ie[offset] * 4) + 2;
+
+ if (offset < rsn_ie_len) {
+ /* skip over authentication suites */
+ offset += (rsn_ie[offset] * 4) + 2;
+
+ if (offset + 1 < rsn_ie_len) {
+ param->mode_802_11i = 2;
+ param->rsn_found = true;
+ memcpy(param->rsn_cap, &rsn_ie[offset], 2);
+ }
+ }
+ }
}
if (param->rsn_found) {
^ permalink raw reply [flat|nested] 305+ messages in thread
* [PATCH 6.0 268/289] wifi: wilc1000: validate length of IEEE80211_P2P_ATTR_OPER_CHANNEL attribute
2022-11-30 18:19 [PATCH 6.0 000/289] 6.0.11-rc1 review Greg Kroah-Hartman
` (266 preceding siblings ...)
2022-11-30 18:24 ` [PATCH 6.0 267/289] wifi: wilc1000: validate pairwise and authentication suite offsets Greg Kroah-Hartman
@ 2022-11-30 18:24 ` Greg Kroah-Hartman
2022-11-30 18:24 ` [PATCH 6.0 269/289] wifi: wilc1000: validate length of IEEE80211_P2P_ATTR_CHANNEL_LIST attribute Greg Kroah-Hartman
` (30 subsequent siblings)
298 siblings, 0 replies; 305+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-30 18:24 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Phil Turnbull, Ajay Kathat, Kalle Valo
From: Phil Turnbull <philipturnbull@github.com>
commit 051ae669e4505abbe05165bebf6be7922de11f41 upstream.
Validate that the IEEE80211_P2P_ATTR_OPER_CHANNEL attribute contains
enough space for a 'struct struct wilc_attr_oper_ch'. If the attribute is
too small then it triggers an out-of-bounds write later in the function.
Signed-off-by: Phil Turnbull <philipturnbull@github.com>
Tested-by: Ajay Kathat <ajay.kathat@microchip.com>
Acked-by: Ajay Kathat <ajay.kathat@microchip.com>
Signed-off-by: Kalle Valo <kvalo@kernel.org>
Link: https://lore.kernel.org/r/20221123153543.8568-3-philipturnbull@github.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/net/wireless/microchip/wilc1000/cfg80211.c | 14 ++++++++++++--
1 file changed, 12 insertions(+), 2 deletions(-)
--- a/drivers/net/wireless/microchip/wilc1000/cfg80211.c
+++ b/drivers/net/wireless/microchip/wilc1000/cfg80211.c
@@ -956,14 +956,24 @@ static inline void wilc_wfi_cfg_parse_ch
return;
while (index + sizeof(*e) <= len) {
+ u16 attr_size;
+
e = (struct wilc_attr_entry *)&buf[index];
+ attr_size = le16_to_cpu(e->attr_len);
+
+ if (index + sizeof(*e) + attr_size > len)
+ return;
+
if (e->attr_type == IEEE80211_P2P_ATTR_CHANNEL_LIST)
ch_list_idx = index;
- else if (e->attr_type == IEEE80211_P2P_ATTR_OPER_CHANNEL)
+ else if (e->attr_type == IEEE80211_P2P_ATTR_OPER_CHANNEL &&
+ attr_size == (sizeof(struct wilc_attr_oper_ch) - sizeof(*e)))
op_ch_idx = index;
+
if (ch_list_idx && op_ch_idx)
break;
- index += le16_to_cpu(e->attr_len) + sizeof(*e);
+
+ index += sizeof(*e) + attr_size;
}
if (ch_list_idx) {
^ permalink raw reply [flat|nested] 305+ messages in thread
* [PATCH 6.0 269/289] wifi: wilc1000: validate length of IEEE80211_P2P_ATTR_CHANNEL_LIST attribute
2022-11-30 18:19 [PATCH 6.0 000/289] 6.0.11-rc1 review Greg Kroah-Hartman
` (267 preceding siblings ...)
2022-11-30 18:24 ` [PATCH 6.0 268/289] wifi: wilc1000: validate length of IEEE80211_P2P_ATTR_OPER_CHANNEL attribute Greg Kroah-Hartman
@ 2022-11-30 18:24 ` Greg Kroah-Hartman
2022-11-30 18:24 ` [PATCH 6.0 270/289] wifi: wilc1000: validate number of channels Greg Kroah-Hartman
` (29 subsequent siblings)
298 siblings, 0 replies; 305+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-30 18:24 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Phil Turnbull, Ajay Kathat, Kalle Valo
From: Phil Turnbull <philipturnbull@github.com>
commit f9b62f9843c7b0afdaecabbcebf1dbba18599408 upstream.
Validate that the IEEE80211_P2P_ATTR_CHANNEL_LIST attribute contains
enough space for a 'struct wilc_attr_oper_ch'. If the attribute is too
small then it can trigger an out-of-bounds write later in the function.
'struct wilc_attr_oper_ch' is variable sized so also check 'attr_len'
does not extend beyond the end of 'buf'.
Signed-off-by: Phil Turnbull <philipturnbull@github.com>
Tested-by: Ajay Kathat <ajay.kathat@microchip.com>
Acked-by: Ajay Kathat <ajay.kathat@microchip.com>
Signed-off-by: Kalle Valo <kvalo@kernel.org>
Link: https://lore.kernel.org/r/20221123153543.8568-4-philipturnbull@github.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/net/wireless/microchip/wilc1000/cfg80211.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
--- a/drivers/net/wireless/microchip/wilc1000/cfg80211.c
+++ b/drivers/net/wireless/microchip/wilc1000/cfg80211.c
@@ -964,7 +964,8 @@ static inline void wilc_wfi_cfg_parse_ch
if (index + sizeof(*e) + attr_size > len)
return;
- if (e->attr_type == IEEE80211_P2P_ATTR_CHANNEL_LIST)
+ if (e->attr_type == IEEE80211_P2P_ATTR_CHANNEL_LIST &&
+ attr_size >= (sizeof(struct wilc_attr_ch_list) - sizeof(*e)))
ch_list_idx = index;
else if (e->attr_type == IEEE80211_P2P_ATTR_OPER_CHANNEL &&
attr_size == (sizeof(struct wilc_attr_oper_ch) - sizeof(*e)))
^ permalink raw reply [flat|nested] 305+ messages in thread
* [PATCH 6.0 270/289] wifi: wilc1000: validate number of channels
2022-11-30 18:19 [PATCH 6.0 000/289] 6.0.11-rc1 review Greg Kroah-Hartman
` (268 preceding siblings ...)
2022-11-30 18:24 ` [PATCH 6.0 269/289] wifi: wilc1000: validate length of IEEE80211_P2P_ATTR_CHANNEL_LIST attribute Greg Kroah-Hartman
@ 2022-11-30 18:24 ` Greg Kroah-Hartman
2022-11-30 18:24 ` [PATCH 6.0 271/289] btrfs: free btrfs_path before copying root refs to userspace Greg Kroah-Hartman
` (28 subsequent siblings)
298 siblings, 0 replies; 305+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-30 18:24 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Phil Turnbull, Ajay Kathat, Kalle Valo
From: Phil Turnbull <philipturnbull@github.com>
commit 0cdfa9e6f0915e3d243e2393bfa8a22e12d553b0 upstream.
There is no validation of 'e->no_of_channels' which can trigger an
out-of-bounds write in the following 'memset' call. Validate that the
number of channels does not extends beyond the size of the channel list
element.
Signed-off-by: Phil Turnbull <philipturnbull@github.com>
Tested-by: Ajay Kathat <ajay.kathat@microchip.com>
Acked-by: Ajay Kathat <ajay.kathat@microchip.com>
Signed-off-by: Kalle Valo <kvalo@kernel.org>
Link: https://lore.kernel.org/r/20221123153543.8568-5-philipturnbull@github.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/net/wireless/microchip/wilc1000/cfg80211.c | 22 +++++++++++++++------
1 file changed, 16 insertions(+), 6 deletions(-)
--- a/drivers/net/wireless/microchip/wilc1000/cfg80211.c
+++ b/drivers/net/wireless/microchip/wilc1000/cfg80211.c
@@ -978,19 +978,29 @@ static inline void wilc_wfi_cfg_parse_ch
}
if (ch_list_idx) {
- u16 attr_size;
- struct wilc_ch_list_elem *e;
- int i;
+ u16 elem_size;
ch_list = (struct wilc_attr_ch_list *)&buf[ch_list_idx];
- attr_size = le16_to_cpu(ch_list->attr_len);
- for (i = 0; i < attr_size;) {
+ /* the number of bytes following the final 'elem' member */
+ elem_size = le16_to_cpu(ch_list->attr_len) -
+ (sizeof(*ch_list) - sizeof(struct wilc_attr_entry));
+ for (unsigned int i = 0; i < elem_size;) {
+ struct wilc_ch_list_elem *e;
+
e = (struct wilc_ch_list_elem *)(ch_list->elem + i);
+
+ i += sizeof(*e);
+ if (i > elem_size)
+ break;
+
+ i += e->no_of_channels;
+ if (i > elem_size)
+ break;
+
if (e->op_class == WILC_WLAN_OPERATING_CLASS_2_4GHZ) {
memset(e->ch_list, sta_ch, e->no_of_channels);
break;
}
- i += e->no_of_channels;
}
}
^ permalink raw reply [flat|nested] 305+ messages in thread
* [PATCH 6.0 271/289] btrfs: free btrfs_path before copying root refs to userspace
2022-11-30 18:19 [PATCH 6.0 000/289] 6.0.11-rc1 review Greg Kroah-Hartman
` (269 preceding siblings ...)
2022-11-30 18:24 ` [PATCH 6.0 270/289] wifi: wilc1000: validate number of channels Greg Kroah-Hartman
@ 2022-11-30 18:24 ` Greg Kroah-Hartman
2022-11-30 18:24 ` [PATCH 6.0 272/289] btrfs: free btrfs_path before copying inodes " Greg Kroah-Hartman
` (27 subsequent siblings)
298 siblings, 0 replies; 305+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-30 18:24 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, syzbot+4ef9e52e464c6ff47d9d,
Anand Jain, Josef Bacik, David Sterba
From: Josef Bacik <josef@toxicpanda.com>
commit b740d806166979488e798e41743aaec051f2443f upstream.
Syzbot reported the following lockdep splat
======================================================
WARNING: possible circular locking dependency detected
6.0.0-rc7-syzkaller-18095-gbbed346d5a96 #0 Not tainted
------------------------------------------------------
syz-executor307/3029 is trying to acquire lock:
ffff0000c02525d8 (&mm->mmap_lock){++++}-{3:3}, at: __might_fault+0x54/0xb4 mm/memory.c:5576
but task is already holding lock:
ffff0000c958a608 (btrfs-root-00){++++}-{3:3}, at: __btrfs_tree_read_lock fs/btrfs/locking.c:134 [inline]
ffff0000c958a608 (btrfs-root-00){++++}-{3:3}, at: btrfs_tree_read_lock fs/btrfs/locking.c:140 [inline]
ffff0000c958a608 (btrfs-root-00){++++}-{3:3}, at: btrfs_read_lock_root_node+0x13c/0x1c0 fs/btrfs/locking.c:279
which lock already depends on the new lock.
the existing dependency chain (in reverse order) is:
-> #3 (btrfs-root-00){++++}-{3:3}:
down_read_nested+0x64/0x84 kernel/locking/rwsem.c:1624
__btrfs_tree_read_lock fs/btrfs/locking.c:134 [inline]
btrfs_tree_read_lock fs/btrfs/locking.c:140 [inline]
btrfs_read_lock_root_node+0x13c/0x1c0 fs/btrfs/locking.c:279
btrfs_search_slot_get_root+0x74/0x338 fs/btrfs/ctree.c:1637
btrfs_search_slot+0x1b0/0xfd8 fs/btrfs/ctree.c:1944
btrfs_update_root+0x6c/0x5a0 fs/btrfs/root-tree.c:132
commit_fs_roots+0x1f0/0x33c fs/btrfs/transaction.c:1459
btrfs_commit_transaction+0x89c/0x12d8 fs/btrfs/transaction.c:2343
flush_space+0x66c/0x738 fs/btrfs/space-info.c:786
btrfs_async_reclaim_metadata_space+0x43c/0x4e0 fs/btrfs/space-info.c:1059
process_one_work+0x2d8/0x504 kernel/workqueue.c:2289
worker_thread+0x340/0x610 kernel/workqueue.c:2436
kthread+0x12c/0x158 kernel/kthread.c:376
ret_from_fork+0x10/0x20 arch/arm64/kernel/entry.S:860
-> #2 (&fs_info->reloc_mutex){+.+.}-{3:3}:
__mutex_lock_common+0xd4/0xca8 kernel/locking/mutex.c:603
__mutex_lock kernel/locking/mutex.c:747 [inline]
mutex_lock_nested+0x38/0x44 kernel/locking/mutex.c:799
btrfs_record_root_in_trans fs/btrfs/transaction.c:516 [inline]
start_transaction+0x248/0x944 fs/btrfs/transaction.c:752
btrfs_start_transaction+0x34/0x44 fs/btrfs/transaction.c:781
btrfs_create_common+0xf0/0x1b4 fs/btrfs/inode.c:6651
btrfs_create+0x8c/0xb0 fs/btrfs/inode.c:6697
lookup_open fs/namei.c:3413 [inline]
open_last_lookups fs/namei.c:3481 [inline]
path_openat+0x804/0x11c4 fs/namei.c:3688
do_filp_open+0xdc/0x1b8 fs/namei.c:3718
do_sys_openat2+0xb8/0x22c fs/open.c:1313
do_sys_open fs/open.c:1329 [inline]
__do_sys_openat fs/open.c:1345 [inline]
__se_sys_openat fs/open.c:1340 [inline]
__arm64_sys_openat+0xb0/0xe0 fs/open.c:1340
__invoke_syscall arch/arm64/kernel/syscall.c:38 [inline]
invoke_syscall arch/arm64/kernel/syscall.c:52 [inline]
el0_svc_common+0x138/0x220 arch/arm64/kernel/syscall.c:142
do_el0_svc+0x48/0x164 arch/arm64/kernel/syscall.c:206
el0_svc+0x58/0x150 arch/arm64/kernel/entry-common.c:636
el0t_64_sync_handler+0x84/0xf0 arch/arm64/kernel/entry-common.c:654
el0t_64_sync+0x18c/0x190 arch/arm64/kernel/entry.S:581
-> #1 (sb_internal#2){.+.+}-{0:0}:
percpu_down_read include/linux/percpu-rwsem.h:51 [inline]
__sb_start_write include/linux/fs.h:1826 [inline]
sb_start_intwrite include/linux/fs.h:1948 [inline]
start_transaction+0x360/0x944 fs/btrfs/transaction.c:683
btrfs_join_transaction+0x30/0x40 fs/btrfs/transaction.c:795
btrfs_dirty_inode+0x50/0x140 fs/btrfs/inode.c:6103
btrfs_update_time+0x1c0/0x1e8 fs/btrfs/inode.c:6145
inode_update_time fs/inode.c:1872 [inline]
touch_atime+0x1f0/0x4a8 fs/inode.c:1945
file_accessed include/linux/fs.h:2516 [inline]
btrfs_file_mmap+0x50/0x88 fs/btrfs/file.c:2407
call_mmap include/linux/fs.h:2192 [inline]
mmap_region+0x7fc/0xc14 mm/mmap.c:1752
do_mmap+0x644/0x97c mm/mmap.c:1540
vm_mmap_pgoff+0xe8/0x1d0 mm/util.c:552
ksys_mmap_pgoff+0x1cc/0x278 mm/mmap.c:1586
__do_sys_mmap arch/arm64/kernel/sys.c:28 [inline]
__se_sys_mmap arch/arm64/kernel/sys.c:21 [inline]
__arm64_sys_mmap+0x58/0x6c arch/arm64/kernel/sys.c:21
__invoke_syscall arch/arm64/kernel/syscall.c:38 [inline]
invoke_syscall arch/arm64/kernel/syscall.c:52 [inline]
el0_svc_common+0x138/0x220 arch/arm64/kernel/syscall.c:142
do_el0_svc+0x48/0x164 arch/arm64/kernel/syscall.c:206
el0_svc+0x58/0x150 arch/arm64/kernel/entry-common.c:636
el0t_64_sync_handler+0x84/0xf0 arch/arm64/kernel/entry-common.c:654
el0t_64_sync+0x18c/0x190 arch/arm64/kernel/entry.S:581
-> #0 (&mm->mmap_lock){++++}-{3:3}:
check_prev_add kernel/locking/lockdep.c:3095 [inline]
check_prevs_add kernel/locking/lockdep.c:3214 [inline]
validate_chain kernel/locking/lockdep.c:3829 [inline]
__lock_acquire+0x1530/0x30a4 kernel/locking/lockdep.c:5053
lock_acquire+0x100/0x1f8 kernel/locking/lockdep.c:5666
__might_fault+0x7c/0xb4 mm/memory.c:5577
_copy_to_user include/linux/uaccess.h:134 [inline]
copy_to_user include/linux/uaccess.h:160 [inline]
btrfs_ioctl_get_subvol_rootref+0x3a8/0x4bc fs/btrfs/ioctl.c:3203
btrfs_ioctl+0xa08/0xa64 fs/btrfs/ioctl.c:5556
vfs_ioctl fs/ioctl.c:51 [inline]
__do_sys_ioctl fs/ioctl.c:870 [inline]
__se_sys_ioctl fs/ioctl.c:856 [inline]
__arm64_sys_ioctl+0xd0/0x140 fs/ioctl.c:856
__invoke_syscall arch/arm64/kernel/syscall.c:38 [inline]
invoke_syscall arch/arm64/kernel/syscall.c:52 [inline]
el0_svc_common+0x138/0x220 arch/arm64/kernel/syscall.c:142
do_el0_svc+0x48/0x164 arch/arm64/kernel/syscall.c:206
el0_svc+0x58/0x150 arch/arm64/kernel/entry-common.c:636
el0t_64_sync_handler+0x84/0xf0 arch/arm64/kernel/entry-common.c:654
el0t_64_sync+0x18c/0x190 arch/arm64/kernel/entry.S:581
other info that might help us debug this:
Chain exists of:
&mm->mmap_lock --> &fs_info->reloc_mutex --> btrfs-root-00
Possible unsafe locking scenario:
CPU0 CPU1
---- ----
lock(btrfs-root-00);
lock(&fs_info->reloc_mutex);
lock(btrfs-root-00);
lock(&mm->mmap_lock);
*** DEADLOCK ***
1 lock held by syz-executor307/3029:
#0: ffff0000c958a608 (btrfs-root-00){++++}-{3:3}, at: __btrfs_tree_read_lock fs/btrfs/locking.c:134 [inline]
#0: ffff0000c958a608 (btrfs-root-00){++++}-{3:3}, at: btrfs_tree_read_lock fs/btrfs/locking.c:140 [inline]
#0: ffff0000c958a608 (btrfs-root-00){++++}-{3:3}, at: btrfs_read_lock_root_node+0x13c/0x1c0 fs/btrfs/locking.c:279
stack backtrace:
CPU: 0 PID: 3029 Comm: syz-executor307 Not tainted 6.0.0-rc7-syzkaller-18095-gbbed346d5a96 #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/30/2022
Call trace:
dump_backtrace+0x1c4/0x1f0 arch/arm64/kernel/stacktrace.c:156
show_stack+0x2c/0x54 arch/arm64/kernel/stacktrace.c:163
__dump_stack lib/dump_stack.c:88 [inline]
dump_stack_lvl+0x104/0x16c lib/dump_stack.c:106
dump_stack+0x1c/0x58 lib/dump_stack.c:113
print_circular_bug+0x2c4/0x2c8 kernel/locking/lockdep.c:2053
check_noncircular+0x14c/0x154 kernel/locking/lockdep.c:2175
check_prev_add kernel/locking/lockdep.c:3095 [inline]
check_prevs_add kernel/locking/lockdep.c:3214 [inline]
validate_chain kernel/locking/lockdep.c:3829 [inline]
__lock_acquire+0x1530/0x30a4 kernel/locking/lockdep.c:5053
lock_acquire+0x100/0x1f8 kernel/locking/lockdep.c:5666
__might_fault+0x7c/0xb4 mm/memory.c:5577
_copy_to_user include/linux/uaccess.h:134 [inline]
copy_to_user include/linux/uaccess.h:160 [inline]
btrfs_ioctl_get_subvol_rootref+0x3a8/0x4bc fs/btrfs/ioctl.c:3203
btrfs_ioctl+0xa08/0xa64 fs/btrfs/ioctl.c:5556
vfs_ioctl fs/ioctl.c:51 [inline]
__do_sys_ioctl fs/ioctl.c:870 [inline]
__se_sys_ioctl fs/ioctl.c:856 [inline]
__arm64_sys_ioctl+0xd0/0x140 fs/ioctl.c:856
__invoke_syscall arch/arm64/kernel/syscall.c:38 [inline]
invoke_syscall arch/arm64/kernel/syscall.c:52 [inline]
el0_svc_common+0x138/0x220 arch/arm64/kernel/syscall.c:142
do_el0_svc+0x48/0x164 arch/arm64/kernel/syscall.c:206
el0_svc+0x58/0x150 arch/arm64/kernel/entry-common.c:636
el0t_64_sync_handler+0x84/0xf0 arch/arm64/kernel/entry-common.c:654
el0t_64_sync+0x18c/0x190 arch/arm64/kernel/entry.S:581
We do generally the right thing here, copying the references into a
temporary buffer, however we are still holding the path when we do
copy_to_user from the temporary buffer. Fix this by freeing the path
before we copy to user space.
Reported-by: syzbot+4ef9e52e464c6ff47d9d@syzkaller.appspotmail.com
CC: stable@vger.kernel.org # 4.19+
Reviewed-by: Anand Jain <anand.jain@oracle.com>
Signed-off-by: Josef Bacik <josef@toxicpanda.com>
Reviewed-by: David Sterba <dsterba@suse.com>
Signed-off-by: David Sterba <dsterba@suse.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/btrfs/ioctl.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
--- a/fs/btrfs/ioctl.c
+++ b/fs/btrfs/ioctl.c
@@ -3194,6 +3194,8 @@ static int btrfs_ioctl_get_subvol_rootre
}
out:
+ btrfs_free_path(path);
+
if (!ret || ret == -EOVERFLOW) {
rootrefs->num_items = found;
/* update min_treeid for next search */
@@ -3205,7 +3207,6 @@ out:
}
kfree(rootrefs);
- btrfs_free_path(path);
return ret;
}
^ permalink raw reply [flat|nested] 305+ messages in thread
* [PATCH 6.0 272/289] btrfs: free btrfs_path before copying inodes to userspace
2022-11-30 18:19 [PATCH 6.0 000/289] 6.0.11-rc1 review Greg Kroah-Hartman
` (270 preceding siblings ...)
2022-11-30 18:24 ` [PATCH 6.0 271/289] btrfs: free btrfs_path before copying root refs to userspace Greg Kroah-Hartman
@ 2022-11-30 18:24 ` Greg Kroah-Hartman
2022-11-30 18:24 ` [PATCH 6.0 273/289] btrfs: free btrfs_path before copying fspath " Greg Kroah-Hartman
` (26 subsequent siblings)
298 siblings, 0 replies; 305+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-30 18:24 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Anand Jain, David Sterba
From: Anand Jain <anand.jain@oracle.com>
commit 418ffb9e3cf6c4e2574d3a732b724916684bd133 upstream.
btrfs_ioctl_logical_to_ino() frees the search path after the userspace
copy from the temp buffer @inodes. Which potentially can lead to a lock
splat.
Fix this by freeing the path before we copy @inodes to userspace.
CC: stable@vger.kernel.org # 4.19+
Signed-off-by: Anand Jain <anand.jain@oracle.com>
Reviewed-by: David Sterba <dsterba@suse.com>
Signed-off-by: David Sterba <dsterba@suse.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/btrfs/ioctl.c | 16 +++++++---------
1 file changed, 7 insertions(+), 9 deletions(-)
--- a/fs/btrfs/ioctl.c
+++ b/fs/btrfs/ioctl.c
@@ -4282,21 +4282,20 @@ static long btrfs_ioctl_logical_to_ino(s
size = min_t(u32, loi->size, SZ_16M);
}
- path = btrfs_alloc_path();
- if (!path) {
- ret = -ENOMEM;
- goto out;
- }
-
inodes = init_data_container(size);
if (IS_ERR(inodes)) {
ret = PTR_ERR(inodes);
- inodes = NULL;
- goto out;
+ goto out_loi;
}
+ path = btrfs_alloc_path();
+ if (!path) {
+ ret = -ENOMEM;
+ goto out;
+ }
ret = iterate_inodes_from_logical(loi->logical, fs_info, path,
inodes, ignore_offset);
+ btrfs_free_path(path);
if (ret == -EINVAL)
ret = -ENOENT;
if (ret < 0)
@@ -4308,7 +4307,6 @@ static long btrfs_ioctl_logical_to_ino(s
ret = -EFAULT;
out:
- btrfs_free_path(path);
kvfree(inodes);
out_loi:
kfree(loi);
^ permalink raw reply [flat|nested] 305+ messages in thread
* [PATCH 6.0 273/289] btrfs: free btrfs_path before copying fspath to userspace
2022-11-30 18:19 [PATCH 6.0 000/289] 6.0.11-rc1 review Greg Kroah-Hartman
` (271 preceding siblings ...)
2022-11-30 18:24 ` [PATCH 6.0 272/289] btrfs: free btrfs_path before copying inodes " Greg Kroah-Hartman
@ 2022-11-30 18:24 ` Greg Kroah-Hartman
2022-11-30 18:24 ` [PATCH 6.0 274/289] btrfs: free btrfs_path before copying subvol info " Greg Kroah-Hartman
` (25 subsequent siblings)
298 siblings, 0 replies; 305+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-30 18:24 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Anand Jain, David Sterba
From: Anand Jain <anand.jain@oracle.com>
commit 8cf96b409d9b3946ece58ced13f92d0f775b0442 upstream.
btrfs_ioctl_ino_to_path() frees the search path after the userspace copy
from the temp buffer @ipath->fspath. Which potentially can lead to a lock
splat warning.
Fix this by freeing the path before we copy it to userspace.
CC: stable@vger.kernel.org # 4.19+
Signed-off-by: Anand Jain <anand.jain@oracle.com>
Reviewed-by: David Sterba <dsterba@suse.com>
Signed-off-by: David Sterba <dsterba@suse.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/btrfs/ioctl.c | 2 ++
1 file changed, 2 insertions(+)
--- a/fs/btrfs/ioctl.c
+++ b/fs/btrfs/ioctl.c
@@ -4232,6 +4232,8 @@ static long btrfs_ioctl_ino_to_path(stru
ipath->fspath->val[i] = rel_ptr;
}
+ btrfs_free_path(path);
+ path = NULL;
ret = copy_to_user((void __user *)(unsigned long)ipa->fspath,
ipath->fspath, size);
if (ret) {
^ permalink raw reply [flat|nested] 305+ messages in thread
* [PATCH 6.0 274/289] btrfs: free btrfs_path before copying subvol info to userspace
2022-11-30 18:19 [PATCH 6.0 000/289] 6.0.11-rc1 review Greg Kroah-Hartman
` (272 preceding siblings ...)
2022-11-30 18:24 ` [PATCH 6.0 273/289] btrfs: free btrfs_path before copying fspath " Greg Kroah-Hartman
@ 2022-11-30 18:24 ` Greg Kroah-Hartman
2022-11-30 18:24 ` [PATCH 6.0 275/289] btrfs: zoned: fix missing endianness conversion in sb_write_pointer Greg Kroah-Hartman
` (24 subsequent siblings)
298 siblings, 0 replies; 305+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-30 18:24 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Anand Jain, David Sterba
From: Anand Jain <anand.jain@oracle.com>
commit 013c1c5585ebcfb19c88efe79063d0463b1b6159 upstream.
btrfs_ioctl_get_subvol_info() frees the search path after the userspace
copy from the temp buffer @subvol_info. This can lead to a lock splat
warning.
Fix this by freeing the path before we copy it to userspace.
CC: stable@vger.kernel.org # 4.19+
Signed-off-by: Anand Jain <anand.jain@oracle.com>
Reviewed-by: David Sterba <dsterba@suse.com>
Signed-off-by: David Sterba <dsterba@suse.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/btrfs/ioctl.c | 2 ++
1 file changed, 2 insertions(+)
--- a/fs/btrfs/ioctl.c
+++ b/fs/btrfs/ioctl.c
@@ -3105,6 +3105,8 @@ static int btrfs_ioctl_get_subvol_info(s
}
}
+ btrfs_free_path(path);
+ path = NULL;
if (copy_to_user(argp, subvol_info, sizeof(*subvol_info)))
ret = -EFAULT;
^ permalink raw reply [flat|nested] 305+ messages in thread
* [PATCH 6.0 275/289] btrfs: zoned: fix missing endianness conversion in sb_write_pointer
2022-11-30 18:19 [PATCH 6.0 000/289] 6.0.11-rc1 review Greg Kroah-Hartman
` (273 preceding siblings ...)
2022-11-30 18:24 ` [PATCH 6.0 274/289] btrfs: free btrfs_path before copying subvol info " Greg Kroah-Hartman
@ 2022-11-30 18:24 ` Greg Kroah-Hartman
2022-11-30 18:24 ` [PATCH 6.0 276/289] btrfs: use kvcalloc in btrfs_get_dev_zone_info Greg Kroah-Hartman
` (23 subsequent siblings)
298 siblings, 0 replies; 305+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-30 18:24 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Johannes Thumshirn, Qu Wenruo,
Christoph Hellwig, David Sterba
From: Christoph Hellwig <hch@lst.de>
commit c51f0e6a1254b3ac2d308e1c6fd8fb936992b455 upstream.
generation is an on-disk __le64 value, so use btrfs_super_generation to
convert it to host endian before comparing it.
Fixes: 12659251ca5d ("btrfs: implement log-structured superblock for ZONED mode")
CC: stable@vger.kernel.org # 5.15+
Reviewed-by: Johannes Thumshirn <johannes.thumshirn@wdc.com>
Reviewed-by: Qu Wenruo <wqu@suse.com>
Signed-off-by: Christoph Hellwig <hch@lst.de>
Reviewed-by: David Sterba <dsterba@suse.com>
Signed-off-by: David Sterba <dsterba@suse.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/btrfs/zoned.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
--- a/fs/btrfs/zoned.c
+++ b/fs/btrfs/zoned.c
@@ -134,7 +134,8 @@ static int sb_write_pointer(struct block
super[i] = page_address(page[i]);
}
- if (super[0]->generation > super[1]->generation)
+ if (btrfs_super_generation(super[0]) >
+ btrfs_super_generation(super[1]))
sector = zones[1].start;
else
sector = zones[0].start;
^ permalink raw reply [flat|nested] 305+ messages in thread
* [PATCH 6.0 276/289] btrfs: use kvcalloc in btrfs_get_dev_zone_info
2022-11-30 18:19 [PATCH 6.0 000/289] 6.0.11-rc1 review Greg Kroah-Hartman
` (274 preceding siblings ...)
2022-11-30 18:24 ` [PATCH 6.0 275/289] btrfs: zoned: fix missing endianness conversion in sb_write_pointer Greg Kroah-Hartman
@ 2022-11-30 18:24 ` Greg Kroah-Hartman
2022-11-30 18:24 ` [PATCH 6.0 277/289] btrfs: sysfs: normalize the error handling branch in btrfs_init_sysfs() Greg Kroah-Hartman
` (22 subsequent siblings)
298 siblings, 0 replies; 305+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-30 18:24 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Damien Le Moal, Johannes Thumshirn,
Christoph Hellwig, David Sterba
From: Christoph Hellwig <hch@lst.de>
commit 8fe97d47b52ae1ad130470b1780f0ded4ba609a4 upstream.
Otherwise the kernel memory allocator seems to be unhappy about failing
order 6 allocations for the zones array, that cause 100% reproducible
mount failures in my qemu setup:
[26.078981] mount: page allocation failure: order:6, mode:0x40dc0(GFP_KERNEL|__GFP_COMP|__GFP_ZERO), nodemask=(null)
[26.079741] CPU: 0 PID: 2965 Comm: mount Not tainted 6.1.0-rc5+ #185
[26.080181] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.14.0-0-g155821a1990b-prebuilt.qemu.org 04/01/2014
[26.080950] Call Trace:
[26.081132] <TASK>
[26.081291] dump_stack_lvl+0x56/0x6f
[26.081554] warn_alloc+0x117/0x140
[26.081808] ? __alloc_pages_direct_compact+0x1b5/0x300
[26.082174] __alloc_pages_slowpath.constprop.0+0xd0e/0xde0
[26.082569] __alloc_pages+0x32a/0x340
[26.082836] __kmalloc_large_node+0x4d/0xa0
[26.083133] ? trace_kmalloc+0x29/0xd0
[26.083399] kmalloc_large+0x14/0x60
[26.083654] btrfs_get_dev_zone_info+0x1b9/0xc00
[26.083980] ? _raw_spin_unlock_irqrestore+0x28/0x50
[26.084328] btrfs_get_dev_zone_info_all_devices+0x54/0x80
[26.084708] open_ctree+0xed4/0x1654
[26.084974] btrfs_mount_root.cold+0x12/0xde
[26.085288] ? lock_is_held_type+0xe2/0x140
[26.085603] legacy_get_tree+0x28/0x50
[26.085876] vfs_get_tree+0x1d/0xb0
[26.086139] vfs_kern_mount.part.0+0x6c/0xb0
[26.086456] btrfs_mount+0x118/0x3a0
[26.086728] ? lock_is_held_type+0xe2/0x140
[26.087043] legacy_get_tree+0x28/0x50
[26.087323] vfs_get_tree+0x1d/0xb0
[26.087587] path_mount+0x2ba/0xbe0
[26.087850] ? _raw_spin_unlock_irqrestore+0x38/0x50
[26.088217] __x64_sys_mount+0xfe/0x140
[26.088506] do_syscall_64+0x35/0x80
[26.088776] entry_SYSCALL_64_after_hwframe+0x63/0xcd
Fixes: 5b316468983d ("btrfs: get zone information of zoned block devices")
CC: stable@vger.kernel.org # 5.15+
Reviewed-by: Damien Le Moal <damien.lemoal@opensource.wdc.com>
Reviewed-by: Johannes Thumshirn <johannes.thumshirn@wdc.com>
Signed-off-by: Christoph Hellwig <hch@lst.de>
Reviewed-by: David Sterba <dsterba@suse.com>
Signed-off-by: David Sterba <dsterba@suse.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/btrfs/zoned.c | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
--- a/fs/btrfs/zoned.c
+++ b/fs/btrfs/zoned.c
@@ -467,7 +467,7 @@ int btrfs_get_dev_zone_info(struct btrfs
goto out;
}
- zones = kcalloc(BTRFS_REPORT_NR_ZONES, sizeof(struct blk_zone), GFP_KERNEL);
+ zones = kvcalloc(BTRFS_REPORT_NR_ZONES, sizeof(struct blk_zone), GFP_KERNEL);
if (!zones) {
ret = -ENOMEM;
goto out;
@@ -586,7 +586,7 @@ int btrfs_get_dev_zone_info(struct btrfs
}
- kfree(zones);
+ kvfree(zones);
switch (bdev_zoned_model(bdev)) {
case BLK_ZONED_HM:
@@ -618,7 +618,7 @@ int btrfs_get_dev_zone_info(struct btrfs
return 0;
out:
- kfree(zones);
+ kvfree(zones);
out_free_zone_info:
btrfs_destroy_dev_zone_info(device);
^ permalink raw reply [flat|nested] 305+ messages in thread
* [PATCH 6.0 277/289] btrfs: sysfs: normalize the error handling branch in btrfs_init_sysfs()
2022-11-30 18:19 [PATCH 6.0 000/289] 6.0.11-rc1 review Greg Kroah-Hartman
` (275 preceding siblings ...)
2022-11-30 18:24 ` [PATCH 6.0 276/289] btrfs: use kvcalloc in btrfs_get_dev_zone_info Greg Kroah-Hartman
@ 2022-11-30 18:24 ` Greg Kroah-Hartman
2022-11-30 18:24 ` [PATCH 6.0 278/289] btrfs: do not modify log tree while holding a leaf from fs tree locked Greg Kroah-Hartman
` (21 subsequent siblings)
298 siblings, 0 replies; 305+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-30 18:24 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Qu Wenruo, Zhen Lei, David Sterba
From: Zhen Lei <thunder.leizhen@huawei.com>
commit ffdbb44f2f23f963b8f5672e35c3a26088177a62 upstream.
Although kset_unregister() can eventually remove all attribute files,
explicitly rolling back with the matching function makes the code logic
look clearer.
CC: stable@vger.kernel.org # 5.4+
Reviewed-by: Qu Wenruo <wqu@suse.com>
Signed-off-by: Zhen Lei <thunder.leizhen@huawei.com>
Reviewed-by: David Sterba <dsterba@suse.com>
Signed-off-by: David Sterba <dsterba@suse.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/btrfs/sysfs.c | 7 +++++--
1 file changed, 5 insertions(+), 2 deletions(-)
--- a/fs/btrfs/sysfs.c
+++ b/fs/btrfs/sysfs.c
@@ -2251,8 +2251,11 @@ int __init btrfs_init_sysfs(void)
#ifdef CONFIG_BTRFS_DEBUG
ret = sysfs_create_group(&btrfs_kset->kobj, &btrfs_debug_feature_attr_group);
- if (ret)
- goto out2;
+ if (ret) {
+ sysfs_unmerge_group(&btrfs_kset->kobj,
+ &btrfs_static_feature_attr_group);
+ goto out_remove_group;
+ }
#endif
return 0;
^ permalink raw reply [flat|nested] 305+ messages in thread
* [PATCH 6.0 278/289] btrfs: do not modify log tree while holding a leaf from fs tree locked
2022-11-30 18:19 [PATCH 6.0 000/289] 6.0.11-rc1 review Greg Kroah-Hartman
` (276 preceding siblings ...)
2022-11-30 18:24 ` [PATCH 6.0 277/289] btrfs: sysfs: normalize the error handling branch in btrfs_init_sysfs() Greg Kroah-Hartman
@ 2022-11-30 18:24 ` Greg Kroah-Hartman
2022-11-30 18:24 ` [PATCH 6.0 279/289] drm/i915/ttm: never purge busy objects Greg Kroah-Hartman
` (20 subsequent siblings)
298 siblings, 0 replies; 305+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-30 18:24 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, syzbot+9b7c21f486f5e7f8d029,
Josef Bacik, Filipe Manana, David Sterba
From: Filipe Manana <fdmanana@suse.com>
commit 796787c978efbbdb50e245718c784eb94f59eac4 upstream.
When logging an inode in full mode, or when logging xattrs or when logging
the dir index items of a directory, we are modifying the log tree while
holding a read lock on a leaf from the fs/subvolume tree. This can lead to
a deadlock in rare circumstances, but it is a real possibility, and it was
recently reported by syzbot with the following trace from lockdep:
WARNING: possible circular locking dependency detected
6.1.0-rc5-next-20221116-syzkaller #0 Not tainted
------------------------------------------------------
syz-executor.1/16154 is trying to acquire lock:
ffff88807e3084a0 (&delayed_node->mutex){+.+.}-{3:3}, at: __btrfs_release_delayed_node.part.0+0xa1/0xf30 fs/btrfs/delayed-inode.c:256
but task is already holding lock:
ffff88807df33078 (btrfs-log-00){++++}-{3:3}, at: __btrfs_tree_lock+0x32/0x3d0 fs/btrfs/locking.c:197
which lock already depends on the new lock.
the existing dependency chain (in reverse order) is:
-> #2 (btrfs-log-00){++++}-{3:3}:
down_read_nested+0x9e/0x450 kernel/locking/rwsem.c:1634
__btrfs_tree_read_lock+0x32/0x350 fs/btrfs/locking.c:135
btrfs_tree_read_lock fs/btrfs/locking.c:141 [inline]
btrfs_read_lock_root_node+0x82/0x3a0 fs/btrfs/locking.c:280
btrfs_search_slot_get_root fs/btrfs/ctree.c:1678 [inline]
btrfs_search_slot+0x3ca/0x2c70 fs/btrfs/ctree.c:1998
btrfs_lookup_csum+0x116/0x3f0 fs/btrfs/file-item.c:209
btrfs_csum_file_blocks+0x40e/0x1370 fs/btrfs/file-item.c:1021
log_csums.isra.0+0x244/0x2d0 fs/btrfs/tree-log.c:4258
copy_items.isra.0+0xbfb/0xed0 fs/btrfs/tree-log.c:4403
copy_inode_items_to_log+0x13d6/0x1d90 fs/btrfs/tree-log.c:5873
btrfs_log_inode+0xb19/0x4680 fs/btrfs/tree-log.c:6495
btrfs_log_inode_parent+0x890/0x2a20 fs/btrfs/tree-log.c:6982
btrfs_log_dentry_safe+0x59/0x80 fs/btrfs/tree-log.c:7083
btrfs_sync_file+0xa41/0x13c0 fs/btrfs/file.c:1921
vfs_fsync_range+0x13e/0x230 fs/sync.c:188
generic_write_sync include/linux/fs.h:2856 [inline]
iomap_dio_complete+0x73a/0x920 fs/iomap/direct-io.c:128
btrfs_direct_write fs/btrfs/file.c:1536 [inline]
btrfs_do_write_iter+0xba2/0x1470 fs/btrfs/file.c:1668
call_write_iter include/linux/fs.h:2160 [inline]
do_iter_readv_writev+0x20b/0x3b0 fs/read_write.c:735
do_iter_write+0x182/0x700 fs/read_write.c:861
vfs_iter_write+0x74/0xa0 fs/read_write.c:902
iter_file_splice_write+0x745/0xc90 fs/splice.c:686
do_splice_from fs/splice.c:764 [inline]
direct_splice_actor+0x114/0x180 fs/splice.c:931
splice_direct_to_actor+0x335/0x8a0 fs/splice.c:886
do_splice_direct+0x1ab/0x280 fs/splice.c:974
do_sendfile+0xb19/0x1270 fs/read_write.c:1255
__do_sys_sendfile64 fs/read_write.c:1323 [inline]
__se_sys_sendfile64 fs/read_write.c:1309 [inline]
__x64_sys_sendfile64+0x259/0x2c0 fs/read_write.c:1309
do_syscall_x64 arch/x86/entry/common.c:50 [inline]
do_syscall_64+0x39/0xb0 arch/x86/entry/common.c:80
entry_SYSCALL_64_after_hwframe+0x63/0xcd
-> #1 (btrfs-tree-00){++++}-{3:3}:
__lock_release kernel/locking/lockdep.c:5382 [inline]
lock_release+0x371/0x810 kernel/locking/lockdep.c:5688
up_write+0x2a/0x520 kernel/locking/rwsem.c:1614
btrfs_tree_unlock_rw fs/btrfs/locking.h:189 [inline]
btrfs_unlock_up_safe+0x1e3/0x290 fs/btrfs/locking.c:238
search_leaf fs/btrfs/ctree.c:1832 [inline]
btrfs_search_slot+0x265e/0x2c70 fs/btrfs/ctree.c:2074
btrfs_insert_empty_items+0xbd/0x1c0 fs/btrfs/ctree.c:4133
btrfs_insert_delayed_item+0x826/0xfa0 fs/btrfs/delayed-inode.c:746
btrfs_insert_delayed_items fs/btrfs/delayed-inode.c:824 [inline]
__btrfs_commit_inode_delayed_items fs/btrfs/delayed-inode.c:1111 [inline]
__btrfs_run_delayed_items+0x280/0x590 fs/btrfs/delayed-inode.c:1153
flush_space+0x147/0xe90 fs/btrfs/space-info.c:728
btrfs_async_reclaim_metadata_space+0x541/0xc10 fs/btrfs/space-info.c:1086
process_one_work+0x9bf/0x1710 kernel/workqueue.c:2289
worker_thread+0x669/0x1090 kernel/workqueue.c:2436
kthread+0x2e8/0x3a0 kernel/kthread.c:376
ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:308
-> #0 (&delayed_node->mutex){+.+.}-{3:3}:
check_prev_add kernel/locking/lockdep.c:3097 [inline]
check_prevs_add kernel/locking/lockdep.c:3216 [inline]
validate_chain kernel/locking/lockdep.c:3831 [inline]
__lock_acquire+0x2a43/0x56d0 kernel/locking/lockdep.c:5055
lock_acquire kernel/locking/lockdep.c:5668 [inline]
lock_acquire+0x1e3/0x630 kernel/locking/lockdep.c:5633
__mutex_lock_common kernel/locking/mutex.c:603 [inline]
__mutex_lock+0x12f/0x1360 kernel/locking/mutex.c:747
__btrfs_release_delayed_node.part.0+0xa1/0xf30 fs/btrfs/delayed-inode.c:256
__btrfs_release_delayed_node fs/btrfs/delayed-inode.c:251 [inline]
btrfs_release_delayed_node fs/btrfs/delayed-inode.c:281 [inline]
btrfs_remove_delayed_node+0x52/0x60 fs/btrfs/delayed-inode.c:1285
btrfs_evict_inode+0x511/0xf30 fs/btrfs/inode.c:5554
evict+0x2ed/0x6b0 fs/inode.c:664
dispose_list+0x117/0x1e0 fs/inode.c:697
prune_icache_sb+0xeb/0x150 fs/inode.c:896
super_cache_scan+0x391/0x590 fs/super.c:106
do_shrink_slab+0x464/0xce0 mm/vmscan.c:843
shrink_slab_memcg mm/vmscan.c:912 [inline]
shrink_slab+0x388/0x660 mm/vmscan.c:991
shrink_node_memcgs mm/vmscan.c:6088 [inline]
shrink_node+0x93d/0x1f30 mm/vmscan.c:6117
shrink_zones mm/vmscan.c:6355 [inline]
do_try_to_free_pages+0x3b4/0x17a0 mm/vmscan.c:6417
try_to_free_mem_cgroup_pages+0x3a4/0xa70 mm/vmscan.c:6732
reclaim_high.constprop.0+0x182/0x230 mm/memcontrol.c:2393
mem_cgroup_handle_over_high+0x190/0x520 mm/memcontrol.c:2578
try_charge_memcg+0xe0c/0x12f0 mm/memcontrol.c:2816
try_charge mm/memcontrol.c:2827 [inline]
charge_memcg+0x90/0x3b0 mm/memcontrol.c:6889
__mem_cgroup_charge+0x2b/0x90 mm/memcontrol.c:6910
mem_cgroup_charge include/linux/memcontrol.h:667 [inline]
__filemap_add_folio+0x615/0xf80 mm/filemap.c:852
filemap_add_folio+0xaf/0x1e0 mm/filemap.c:934
__filemap_get_folio+0x389/0xd80 mm/filemap.c:1976
pagecache_get_page+0x2e/0x280 mm/folio-compat.c:104
find_or_create_page include/linux/pagemap.h:612 [inline]
alloc_extent_buffer+0x2b9/0x1580 fs/btrfs/extent_io.c:4588
btrfs_init_new_buffer fs/btrfs/extent-tree.c:4869 [inline]
btrfs_alloc_tree_block+0x2e1/0x1320 fs/btrfs/extent-tree.c:4988
__btrfs_cow_block+0x3b2/0x1420 fs/btrfs/ctree.c:440
btrfs_cow_block+0x2fa/0x950 fs/btrfs/ctree.c:595
btrfs_search_slot+0x11b0/0x2c70 fs/btrfs/ctree.c:2038
btrfs_update_root+0xdb/0x630 fs/btrfs/root-tree.c:137
update_log_root fs/btrfs/tree-log.c:2841 [inline]
btrfs_sync_log+0xbfb/0x2870 fs/btrfs/tree-log.c:3064
btrfs_sync_file+0xdb9/0x13c0 fs/btrfs/file.c:1947
vfs_fsync_range+0x13e/0x230 fs/sync.c:188
generic_write_sync include/linux/fs.h:2856 [inline]
iomap_dio_complete+0x73a/0x920 fs/iomap/direct-io.c:128
btrfs_direct_write fs/btrfs/file.c:1536 [inline]
btrfs_do_write_iter+0xba2/0x1470 fs/btrfs/file.c:1668
call_write_iter include/linux/fs.h:2160 [inline]
do_iter_readv_writev+0x20b/0x3b0 fs/read_write.c:735
do_iter_write+0x182/0x700 fs/read_write.c:861
vfs_iter_write+0x74/0xa0 fs/read_write.c:902
iter_file_splice_write+0x745/0xc90 fs/splice.c:686
do_splice_from fs/splice.c:764 [inline]
direct_splice_actor+0x114/0x180 fs/splice.c:931
splice_direct_to_actor+0x335/0x8a0 fs/splice.c:886
do_splice_direct+0x1ab/0x280 fs/splice.c:974
do_sendfile+0xb19/0x1270 fs/read_write.c:1255
__do_sys_sendfile64 fs/read_write.c:1323 [inline]
__se_sys_sendfile64 fs/read_write.c:1309 [inline]
__x64_sys_sendfile64+0x259/0x2c0 fs/read_write.c:1309
do_syscall_x64 arch/x86/entry/common.c:50 [inline]
do_syscall_64+0x39/0xb0 arch/x86/entry/common.c:80
entry_SYSCALL_64_after_hwframe+0x63/0xcd
other info that might help us debug this:
Chain exists of:
&delayed_node->mutex --> btrfs-tree-00 --> btrfs-log-00
Possible unsafe locking scenario:
CPU0 CPU1
---- ----
lock(btrfs-log-00);
lock(btrfs-tree-00);
lock(btrfs-log-00);
lock(&delayed_node->mutex);
Holding a read lock on a leaf from a fs/subvolume tree creates a nasty
lock dependency when we are COWing extent buffers for the log tree and we
have two tasks modifying the log tree, with each one in one of the
following 2 scenarios:
1) Modifying the log tree triggers an extent buffer allocation while
holding a write lock on a parent extent buffer from the log tree.
Allocating the pages for an extent buffer, or the extent buffer
struct, can trigger inode eviction and finally the inode eviction
will trigger a release/remove of a delayed node, which requires
taking the delayed node's mutex;
2) Allocating a metadata extent for a log tree can trigger the async
reclaim thread and make us wait for it to release enough space and
unblock our reservation ticket. The reclaim thread can start flushing
delayed items, and that in turn results in the need to lock delayed
node mutexes and in the need to write lock extent buffers of a
subvolume tree - all this while holding a write lock on the parent
extent buffer in the log tree.
So one task in scenario 1) running in parallel with another task in
scenario 2) could lead to a deadlock, one wanting to lock a delayed node
mutex while having a read lock on a leaf from the subvolume, while the
other is holding the delayed node's mutex and wants to write lock the same
subvolume leaf for flushing delayed items.
Fix this by cloning the leaf of the fs/subvolume tree, release/unlock the
fs/subvolume leaf and use the clone leaf instead.
Reported-by: syzbot+9b7c21f486f5e7f8d029@syzkaller.appspotmail.com
Link: https://lore.kernel.org/linux-btrfs/000000000000ccc93c05edc4d8cf@google.com/
CC: stable@vger.kernel.org # 6.0+
Reviewed-by: Josef Bacik <josef@toxicpanda.com>
Signed-off-by: Filipe Manana <fdmanana@suse.com>
Signed-off-by: David Sterba <dsterba@suse.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/btrfs/tree-log.c | 59 ++++++++++++++++++++++++++++++++++++++++++++++++----
1 file changed, 55 insertions(+), 4 deletions(-)
--- a/fs/btrfs/tree-log.c
+++ b/fs/btrfs/tree-log.c
@@ -3834,15 +3834,29 @@ static int process_dir_items_leaf(struct
u64 *last_old_dentry_offset)
{
struct btrfs_root *log = inode->root->log_root;
- struct extent_buffer *src = path->nodes[0];
- const int nritems = btrfs_header_nritems(src);
+ struct extent_buffer *src;
+ const int nritems = btrfs_header_nritems(path->nodes[0]);
const u64 ino = btrfs_ino(inode);
bool last_found = false;
int batch_start = 0;
int batch_size = 0;
int i;
- for (i = path->slots[0]; i < nritems; i++) {
+ /*
+ * We need to clone the leaf, release the read lock on it, and use the
+ * clone before modifying the log tree. See the comment at copy_items()
+ * about why we need to do this.
+ */
+ src = btrfs_clone_extent_buffer(path->nodes[0]);
+ if (!src)
+ return -ENOMEM;
+
+ i = path->slots[0];
+ btrfs_release_path(path);
+ path->nodes[0] = src;
+ path->slots[0] = i;
+
+ for (; i < nritems; i++) {
struct btrfs_dir_item *di;
struct btrfs_key key;
int ret;
@@ -4414,7 +4428,7 @@ static noinline int copy_items(struct bt
{
struct btrfs_root *log = inode->root->log_root;
struct btrfs_file_extent_item *extent;
- struct extent_buffer *src = src_path->nodes[0];
+ struct extent_buffer *src;
int ret = 0;
struct btrfs_key *ins_keys;
u32 *ins_sizes;
@@ -4425,6 +4439,43 @@ static noinline int copy_items(struct bt
const bool skip_csum = (inode->flags & BTRFS_INODE_NODATASUM);
const u64 i_size = i_size_read(&inode->vfs_inode);
+ /*
+ * To keep lockdep happy and avoid deadlocks, clone the source leaf and
+ * use the clone. This is because otherwise we would be changing the log
+ * tree, to insert items from the subvolume tree or insert csum items,
+ * while holding a read lock on a leaf from the subvolume tree, which
+ * creates a nasty lock dependency when COWing log tree nodes/leaves:
+ *
+ * 1) Modifying the log tree triggers an extent buffer allocation while
+ * holding a write lock on a parent extent buffer from the log tree.
+ * Allocating the pages for an extent buffer, or the extent buffer
+ * struct, can trigger inode eviction and finally the inode eviction
+ * will trigger a release/remove of a delayed node, which requires
+ * taking the delayed node's mutex;
+ *
+ * 2) Allocating a metadata extent for a log tree can trigger the async
+ * reclaim thread and make us wait for it to release enough space and
+ * unblock our reservation ticket. The reclaim thread can start
+ * flushing delayed items, and that in turn results in the need to
+ * lock delayed node mutexes and in the need to write lock extent
+ * buffers of a subvolume tree - all this while holding a write lock
+ * on the parent extent buffer in the log tree.
+ *
+ * So one task in scenario 1) running in parallel with another task in
+ * scenario 2) could lead to a deadlock, one wanting to lock a delayed
+ * node mutex while having a read lock on a leaf from the subvolume,
+ * while the other is holding the delayed node's mutex and wants to
+ * write lock the same subvolume leaf for flushing delayed items.
+ */
+ src = btrfs_clone_extent_buffer(src_path->nodes[0]);
+ if (!src)
+ return -ENOMEM;
+
+ i = src_path->slots[0];
+ btrfs_release_path(src_path);
+ src_path->nodes[0] = src;
+ src_path->slots[0] = i;
+
ins_data = kmalloc(nr * sizeof(struct btrfs_key) +
nr * sizeof(u32), GFP_NOFS);
if (!ins_data)
^ permalink raw reply [flat|nested] 305+ messages in thread
* [PATCH 6.0 279/289] drm/i915/ttm: never purge busy objects
2022-11-30 18:19 [PATCH 6.0 000/289] 6.0.11-rc1 review Greg Kroah-Hartman
` (277 preceding siblings ...)
2022-11-30 18:24 ` [PATCH 6.0 278/289] btrfs: do not modify log tree while holding a leaf from fs tree locked Greg Kroah-Hartman
@ 2022-11-30 18:24 ` Greg Kroah-Hartman
2022-11-30 18:24 ` [PATCH 6.0 280/289] drm/display/dp_mst: Fix drm_dp_mst_add_affected_dsc_crtcs() return code Greg Kroah-Hartman
` (19 subsequent siblings)
298 siblings, 0 replies; 305+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-30 18:24 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Niranjana Vishwanathapura,
Matthew Auld, Andrzej Hajda, Nirmoy Das, Nirmoy Das,
Tvrtko Ursulin
From: Matthew Auld <matthew.auld@intel.com>
commit 00a6c36cca760d0b659f894dee728555b193c5e1 upstream.
In i915_gem_madvise_ioctl() we immediately purge the object is not
currently used, like when the mm.pages are NULL. With shmem the pages
might still be hanging around or are perhaps swapped out. Similarly with
ttm we might still have the pages hanging around on the ttm resource,
like with lmem or shmem, but here we need to be extra careful since
async unbinds are possible as well as in-progress kernel moves. In
i915_ttm_purge() we expect the pipeline-gutting to nuke the ttm resource
for us, however if it's busy the memory is only moved to a ghost object,
which then leads to broken behaviour when for example clearing the
i915_tt->filp, since the actual ttm_tt is still alive and populated,
even though it's been moved to the ghost object. When we later destroy
the ghost object we hit the following, since the filp is now NULL:
[ +0.006982] #PF: supervisor read access in kernel mode
[ +0.005149] #PF: error_code(0x0000) - not-present page
[ +0.005147] PGD 11631d067 P4D 11631d067 PUD 115972067 PMD 0
[ +0.005676] Oops: 0000 [#1] PREEMPT SMP NOPTI
[ +0.012962] Workqueue: events ttm_device_delayed_workqueue [ttm]
[ +0.006022] RIP: 0010:i915_ttm_tt_unpopulate+0x3a/0x70 [i915]
[ +0.005879] Code: 89 fb 48 85 f6 74 11 8b 55 4c 48 8b 7d 30 45 31 c0 31 c9 e8 18 6a e5 e0 80 7d 60 00 74 20 48 8b 45 68
8b 55 08 4c 89 e7 5b 5d <48> 8b 40 20 83 e2 01 41 5c 89 d1 48 8b 70
30 e9 42 b2 ff ff 4c 89
[ +0.018782] RSP: 0000:ffffc9000bf6fd70 EFLAGS: 00010202
[ +0.005244] RAX: 0000000000000000 RBX: ffff8883e12ae380 RCX: 0000000000000000
[ +0.007150] RDX: 000000008000000e RSI: ffffffff823559b4 RDI: ffff8883e12ae3c0
[ +0.007142] RBP: ffff888103b65d48 R08: 0000000000000001 R09: 0000000000000001
[ +0.007144] R10: 0000000000000001 R11: ffff88829c2c8040 R12: ffff8883e12ae3c0
[ +0.007148] R13: 0000000000000001 R14: ffff888115184140 R15: ffff888115184248
[ +0.007154] FS: 0000000000000000(0000) GS:ffff88844db00000(0000) knlGS:0000000000000000
[ +0.008108] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ +0.005763] CR2: 0000000000000020 CR3: 000000013fdb4004 CR4: 00000000003706e0
[ +0.007152] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ +0.007145] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ +0.007154] Call Trace:
[ +0.002459] <TASK>
[ +0.002126] ttm_tt_unpopulate.part.0+0x17/0x70 [ttm]
[ +0.005068] ttm_bo_tt_destroy+0x1c/0x50 [ttm]
[ +0.004464] ttm_bo_cleanup_memtype_use+0x25/0x40 [ttm]
[ +0.005244] ttm_bo_cleanup_refs+0x90/0x2c0 [ttm]
[ +0.004721] ttm_bo_delayed_delete+0x235/0x250 [ttm]
[ +0.004981] ttm_device_delayed_workqueue+0x13/0x40 [ttm]
[ +0.005422] process_one_work+0x248/0x560
[ +0.004028] worker_thread+0x4b/0x390
[ +0.003682] ? process_one_work+0x560/0x560
[ +0.004199] kthread+0xeb/0x120
[ +0.003163] ? kthread_complete_and_exit+0x20/0x20
[ +0.004815] ret_from_fork+0x1f/0x30
v2:
- Just use ttm_bo_wait() directly (Niranjana)
- Add testcase reference
Testcase: igt@gem_madvise@dontneed-evict-race
Fixes: 213d50927763 ("drm/i915/ttm: Introduce a TTM i915 gem object backend")
Reported-by: Niranjana Vishwanathapura <niranjana.vishwanathapura@intel.com>
Signed-off-by: Matthew Auld <matthew.auld@intel.com>
Cc: Andrzej Hajda <andrzej.hajda@intel.com>
Cc: Nirmoy Das <nirmoy.das@intel.com>
Cc: <stable@vger.kernel.org> # v5.15+
Reviewed-by: Niranjana Vishwanathapura <niranjana.vishwanathapura@intel.com>
Acked-by: Nirmoy Das <Nirmoy.Das@intel.com>
Reviewed-by: Andrzej Hajda <andrzej.hajda@intel.com>
Link: https://patchwork.freedesktop.org/patch/msgid/20221115104620.120432-1-matthew.auld@intel.com
(cherry picked from commit 5524b5e52e08f675116a93296fe5bee60bc43c03)
Signed-off-by: Tvrtko Ursulin <tvrtko.ursulin@intel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/gpu/drm/i915/gem/i915_gem_ttm.c | 4 ++++
1 file changed, 4 insertions(+)
--- a/drivers/gpu/drm/i915/gem/i915_gem_ttm.c
+++ b/drivers/gpu/drm/i915/gem/i915_gem_ttm.c
@@ -642,6 +642,10 @@ static int i915_ttm_truncate(struct drm_
WARN_ON_ONCE(obj->mm.madv == I915_MADV_WILLNEED);
+ err = ttm_bo_wait(bo, true, false);
+ if (err)
+ return err;
+
err = i915_ttm_move_notify(bo);
if (err)
return err;
^ permalink raw reply [flat|nested] 305+ messages in thread
* [PATCH 6.0 280/289] drm/display/dp_mst: Fix drm_dp_mst_add_affected_dsc_crtcs() return code
2022-11-30 18:19 [PATCH 6.0 000/289] 6.0.11-rc1 review Greg Kroah-Hartman
` (278 preceding siblings ...)
2022-11-30 18:24 ` [PATCH 6.0 279/289] drm/i915/ttm: never purge busy objects Greg Kroah-Hartman
@ 2022-11-30 18:24 ` Greg Kroah-Hartman
2022-11-30 18:24 ` [PATCH 6.0 281/289] drm/amd/dc/dce120: Fix audio register mapping, stop triggering KASAN Greg Kroah-Hartman
` (18 subsequent siblings)
298 siblings, 0 replies; 305+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-30 18:24 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Lyude Paul, Wayne Lin, Alex Deucher
From: Lyude Paul <lyude@redhat.com>
commit 2f3a1273862cb82cca227630cc7f04ce0c94b6bb upstream.
Looks like that we're accidentally dropping a pretty important return code
here. For some reason, we just return -EINVAL if we fail to get the MST
topology state. This is wrong: error codes are important and should never
be squashed without being handled, which here seems to have the potential
to cause a deadlock.
Signed-off-by: Lyude Paul <lyude@redhat.com>
Reviewed-by: Wayne Lin <Wayne.Lin@amd.com>
Fixes: 8ec046716ca8 ("drm/dp_mst: Add helper to trigger modeset on affected DSC MST CRTCs")
Cc: <stable@vger.kernel.org> # v5.6+
Signed-off-by: Alex Deucher <alexander.deucher@amd.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/gpu/drm/display/drm_dp_mst_topology.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/drivers/gpu/drm/display/drm_dp_mst_topology.c
+++ b/drivers/gpu/drm/display/drm_dp_mst_topology.c
@@ -5293,7 +5293,7 @@ int drm_dp_mst_add_affected_dsc_crtcs(st
mst_state = drm_atomic_get_mst_topology_state(state, mgr);
if (IS_ERR(mst_state))
- return -EINVAL;
+ return PTR_ERR(mst_state);
list_for_each_entry(pos, &mst_state->vcpis, next) {
^ permalink raw reply [flat|nested] 305+ messages in thread
* [PATCH 6.0 281/289] drm/amd/dc/dce120: Fix audio register mapping, stop triggering KASAN
2022-11-30 18:19 [PATCH 6.0 000/289] 6.0.11-rc1 review Greg Kroah-Hartman
` (279 preceding siblings ...)
2022-11-30 18:24 ` [PATCH 6.0 280/289] drm/display/dp_mst: Fix drm_dp_mst_add_affected_dsc_crtcs() return code Greg Kroah-Hartman
@ 2022-11-30 18:24 ` Greg Kroah-Hartman
2022-11-30 18:24 ` [PATCH 6.0 282/289] drm/amd/display: No display after resume from WB/CB Greg Kroah-Hartman
` (17 subsequent siblings)
298 siblings, 0 replies; 305+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-30 18:24 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Lyude Paul, Alex Deucher
From: Lyude Paul <lyude@redhat.com>
commit 44035ec2fde1114254ee465f9ba3bb246b0b6283 upstream.
There's been a very long running bug that seems to have been neglected for
a while, where amdgpu consistently triggers a KASAN error at start:
BUG: KASAN: global-out-of-bounds in read_indirect_azalia_reg+0x1d4/0x2a0 [amdgpu]
Read of size 4 at addr ffffffffc2274b28 by task modprobe/1889
After digging through amd's rather creative method for accessing registers,
I eventually discovered the problem likely has to do with the fact that on
my dce120 GPU there are supposedly 7 sets of audio registers. But we only
define a register mapping for 6 sets.
So, fix this and fix the KASAN warning finally.
Signed-off-by: Lyude Paul <lyude@redhat.com>
Cc: stable@vger.kernel.org
Reviewed-by: Alex Deucher <alexander.deucher@amd.com>
Signed-off-by: Alex Deucher <alexander.deucher@amd.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/gpu/drm/amd/display/dc/dce120/dce120_resource.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
--- a/drivers/gpu/drm/amd/display/dc/dce120/dce120_resource.c
+++ b/drivers/gpu/drm/amd/display/dc/dce120/dce120_resource.c
@@ -359,7 +359,8 @@ static const struct dce_audio_registers
audio_regs(2),
audio_regs(3),
audio_regs(4),
- audio_regs(5)
+ audio_regs(5),
+ audio_regs(6),
};
#define DCE120_AUD_COMMON_MASK_SH_LIST(mask_sh)\
^ permalink raw reply [flat|nested] 305+ messages in thread
* [PATCH 6.0 282/289] drm/amd/display: No display after resume from WB/CB
2022-11-30 18:19 [PATCH 6.0 000/289] 6.0.11-rc1 review Greg Kroah-Hartman
` (280 preceding siblings ...)
2022-11-30 18:24 ` [PATCH 6.0 281/289] drm/amd/dc/dce120: Fix audio register mapping, stop triggering KASAN Greg Kroah-Hartman
@ 2022-11-30 18:24 ` Greg Kroah-Hartman
2022-11-30 18:24 ` [PATCH 6.0 283/289] drm/amdgpu/psp: dont free PSP buffers on suspend Greg Kroah-Hartman
` (16 subsequent siblings)
298 siblings, 0 replies; 305+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-30 18:24 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Jerry Zuo, Brian Chang,
Tsung-hua Lin, Daniel Wheeler, Alex Deucher
From: Tsung-hua Lin <Tsung-hua.Lin@amd.com>
commit a6e1775da04ab042bc9e2e42399fa25714c253da upstream.
[why]
First MST sideband message returns AUX_RET_ERROR_HPD_DISCON
on certain intel platform. Aux transaction considered failure
if HPD unexpected pulled low. The actual aux transaction success
in such case, hence do not return error.
[how]
Not returning error when AUX_RET_ERROR_HPD_DISCON detected
on the first sideband message.
v2: squash in fix (Alex)
Reviewed-by: Jerry Zuo <Jerry.Zuo@amd.com>
Acked-by: Brian Chang <Brian.Chang@amd.com>
Signed-off-by: Tsung-hua Lin <Tsung-hua.Lin@amd.com>
Tested-by: Daniel Wheeler <daniel.wheeler@amd.com>
Signed-off-by: Alex Deucher <alexander.deucher@amd.com>
Cc: stable@vger.kernel.org
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c | 37 ++++++++++++++++++++++
1 file changed, 37 insertions(+)
--- a/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c
+++ b/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c
@@ -1371,7 +1371,44 @@ static const struct dmi_system_id hpd_di
DMI_MATCH(DMI_PRODUCT_NAME, "Precision 3460"),
},
},
+ {
+ .matches = {
+ DMI_MATCH(DMI_SYS_VENDOR, "Dell Inc."),
+ DMI_MATCH(DMI_PRODUCT_NAME, "OptiPlex Tower Plus 7010"),
+ },
+ },
+ {
+ .matches = {
+ DMI_MATCH(DMI_SYS_VENDOR, "Dell Inc."),
+ DMI_MATCH(DMI_PRODUCT_NAME, "OptiPlex Tower 7010"),
+ },
+ },
+ {
+ .matches = {
+ DMI_MATCH(DMI_SYS_VENDOR, "Dell Inc."),
+ DMI_MATCH(DMI_PRODUCT_NAME, "OptiPlex SFF Plus 7010"),
+ },
+ },
+ {
+ .matches = {
+ DMI_MATCH(DMI_SYS_VENDOR, "Dell Inc."),
+ DMI_MATCH(DMI_PRODUCT_NAME, "OptiPlex SFF 7010"),
+ },
+ },
+ {
+ .matches = {
+ DMI_MATCH(DMI_SYS_VENDOR, "Dell Inc."),
+ DMI_MATCH(DMI_PRODUCT_NAME, "OptiPlex Micro Plus 7010"),
+ },
+ },
+ {
+ .matches = {
+ DMI_MATCH(DMI_SYS_VENDOR, "Dell Inc."),
+ DMI_MATCH(DMI_PRODUCT_NAME, "OptiPlex Micro 7010"),
+ },
+ },
{}
+ /* TODO: refactor this from a fixed table to a dynamic option */
};
static void retrieve_dmi_info(struct amdgpu_display_manager *dm)
^ permalink raw reply [flat|nested] 305+ messages in thread
* [PATCH 6.0 283/289] drm/amdgpu/psp: dont free PSP buffers on suspend
2022-11-30 18:19 [PATCH 6.0 000/289] 6.0.11-rc1 review Greg Kroah-Hartman
` (281 preceding siblings ...)
2022-11-30 18:24 ` [PATCH 6.0 282/289] drm/amd/display: No display after resume from WB/CB Greg Kroah-Hartman
@ 2022-11-30 18:24 ` Greg Kroah-Hartman
2022-11-30 18:24 ` [PATCH 6.0 284/289] drm/amdgpu: Enable Aldebaran devices to report CU Occupancy Greg Kroah-Hartman
` (15 subsequent siblings)
298 siblings, 0 replies; 305+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-30 18:24 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Christian König,
Guilherme G. Piccoli, Alex Deucher
From: Alex Deucher <alexander.deucher@amd.com>
commit 4f2bea62cf3874c5a58e987b0b472f9fb57117a2 upstream.
We can reuse the same buffers on resume.
v2: squash in S4 fix from Shikai
Bug: https://gitlab.freedesktop.org/drm/amd/-/issues/2213
Reviewed-by: Christian König <christian.koenig@amd.com>
Tested-by: Guilherme G. Piccoli <gpiccoli@igalia.com>
Signed-off-by: Alex Deucher <alexander.deucher@amd.com>
Cc: stable@vger.kernel.org
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/gpu/drm/amd/amdgpu/amdgpu_psp.c | 16 +++++++++-------
1 file changed, 9 insertions(+), 7 deletions(-)
--- a/drivers/gpu/drm/amd/amdgpu/amdgpu_psp.c
+++ b/drivers/gpu/drm/amd/amdgpu/amdgpu_psp.c
@@ -171,6 +171,7 @@ void psp_ta_free_shared_buf(struct ta_me
{
amdgpu_bo_free_kernel(&mem_ctx->shared_bo, &mem_ctx->shared_mc_addr,
&mem_ctx->shared_buf);
+ mem_ctx->shared_bo = NULL;
}
static void psp_free_shared_bufs(struct psp_context *psp)
@@ -181,6 +182,7 @@ static void psp_free_shared_bufs(struct
/* free TMR memory buffer */
pptr = amdgpu_sriov_vf(psp->adev) ? &tmr_buf : NULL;
amdgpu_bo_free_kernel(&psp->tmr_bo, &psp->tmr_mc_addr, pptr);
+ psp->tmr_bo = NULL;
/* free xgmi shared memory */
psp_ta_free_shared_buf(&psp->xgmi_context.context.mem_context);
@@ -728,7 +730,7 @@ static int psp_load_toc(struct psp_conte
/* Set up Trusted Memory Region */
static int psp_tmr_init(struct psp_context *psp)
{
- int ret;
+ int ret = 0;
int tmr_size;
void *tmr_buf;
void **pptr;
@@ -755,10 +757,12 @@ static int psp_tmr_init(struct psp_conte
}
}
- pptr = amdgpu_sriov_vf(psp->adev) ? &tmr_buf : NULL;
- ret = amdgpu_bo_create_kernel(psp->adev, tmr_size, PSP_TMR_ALIGNMENT,
- AMDGPU_GEM_DOMAIN_VRAM,
- &psp->tmr_bo, &psp->tmr_mc_addr, pptr);
+ if (!psp->tmr_bo) {
+ pptr = amdgpu_sriov_vf(psp->adev) ? &tmr_buf : NULL;
+ ret = amdgpu_bo_create_kernel(psp->adev, tmr_size, PSP_TMR_ALIGNMENT,
+ AMDGPU_GEM_DOMAIN_VRAM,
+ &psp->tmr_bo, &psp->tmr_mc_addr, pptr);
+ }
return ret;
}
@@ -2720,8 +2724,6 @@ static int psp_suspend(void *handle)
}
out:
- psp_free_shared_bufs(psp);
-
return ret;
}
^ permalink raw reply [flat|nested] 305+ messages in thread
* [PATCH 6.0 284/289] drm/amdgpu: Enable Aldebaran devices to report CU Occupancy
2022-11-30 18:19 [PATCH 6.0 000/289] 6.0.11-rc1 review Greg Kroah-Hartman
` (282 preceding siblings ...)
2022-11-30 18:24 ` [PATCH 6.0 283/289] drm/amdgpu/psp: dont free PSP buffers on suspend Greg Kroah-Hartman
@ 2022-11-30 18:24 ` Greg Kroah-Hartman
2022-11-30 18:24 ` [PATCH 6.0 285/289] drm/amd/amdgpu: reserve vm invalidation engine for firmware Greg Kroah-Hartman
` (14 subsequent siblings)
298 siblings, 0 replies; 305+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-30 18:24 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Ramesh Errabolu, Felix Kuehling,
Alex Deucher
From: Ramesh Errabolu <Ramesh.Errabolu@amd.com>
commit b9ab82da8804ec22c7e91ffd9d56c7a3abff0c8e upstream.
Allow user to know number of compute units (CU) that are in use at any
given moment. Enable access to the method kgd_gfx_v9_get_cu_occupancy
that computes CU occupancy.
Signed-off-by: Ramesh Errabolu <Ramesh.Errabolu@amd.com>
Reviewed-by: Felix Kuehling <Felix.Kuehling@amd.com>
Signed-off-by: Alex Deucher <alexander.deucher@amd.com>
Cc: stable@vger.kernel.org
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/gpu/drm/amd/amdgpu/amdgpu_amdkfd_aldebaran.c | 1 +
1 file changed, 1 insertion(+)
--- a/drivers/gpu/drm/amd/amdgpu/amdgpu_amdkfd_aldebaran.c
+++ b/drivers/gpu/drm/amd/amdgpu/amdgpu_amdkfd_aldebaran.c
@@ -41,5 +41,6 @@ const struct kfd2kgd_calls aldebaran_kfd
.get_atc_vmid_pasid_mapping_info =
kgd_gfx_v9_get_atc_vmid_pasid_mapping_info,
.set_vm_context_page_table_base = kgd_gfx_v9_set_vm_context_page_table_base,
+ .get_cu_occupancy = kgd_gfx_v9_get_cu_occupancy,
.program_trap_handler_settings = kgd_gfx_v9_program_trap_handler_settings
};
^ permalink raw reply [flat|nested] 305+ messages in thread
* [PATCH 6.0 285/289] drm/amd/amdgpu: reserve vm invalidation engine for firmware
2022-11-30 18:19 [PATCH 6.0 000/289] 6.0.11-rc1 review Greg Kroah-Hartman
` (283 preceding siblings ...)
2022-11-30 18:24 ` [PATCH 6.0 284/289] drm/amdgpu: Enable Aldebaran devices to report CU Occupancy Greg Kroah-Hartman
@ 2022-11-30 18:24 ` Greg Kroah-Hartman
2022-11-30 18:24 ` [PATCH 6.0 286/289] drm/amd/display: Update soc bounding box for dcn32/dcn321 Greg Kroah-Hartman
` (13 subsequent siblings)
298 siblings, 0 replies; 305+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-30 18:24 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Jack Xiao, Christian König,
Alex Deucher
From: Jack Xiao <Jack.Xiao@amd.com>
commit 91abf28a636291135ea5cab9af40f017cff6afce upstream.
If mes enabled, reserve VM invalidation engine 5 for firmware.
Signed-off-by: Jack Xiao <Jack.Xiao@amd.com>
Reviewed-by: Christian König <christian.koenig@amd.com>
Signed-off-by: Alex Deucher <alexander.deucher@amd.com>
Cc: stable@vger.kernel.org # 6.0.x
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/gpu/drm/amd/amdgpu/amdgpu_gmc.c | 6 ++++++
1 file changed, 6 insertions(+)
--- a/drivers/gpu/drm/amd/amdgpu/amdgpu_gmc.c
+++ b/drivers/gpu/drm/amd/amdgpu/amdgpu_gmc.c
@@ -479,6 +479,12 @@ int amdgpu_gmc_allocate_vm_inv_eng(struc
unsigned i;
unsigned vmhub, inv_eng;
+ if (adev->enable_mes) {
+ /* reserve engine 5 for firmware */
+ for (vmhub = 0; vmhub < AMDGPU_MAX_VMHUBS; vmhub++)
+ vm_inv_engs[vmhub] &= ~(1 << 5);
+ }
+
for (i = 0; i < adev->num_rings; ++i) {
ring = adev->rings[i];
vmhub = ring->funcs->vmhub;
^ permalink raw reply [flat|nested] 305+ messages in thread
* [PATCH 6.0 286/289] drm/amd/display: Update soc bounding box for dcn32/dcn321
2022-11-30 18:19 [PATCH 6.0 000/289] 6.0.11-rc1 review Greg Kroah-Hartman
` (284 preceding siblings ...)
2022-11-30 18:24 ` [PATCH 6.0 285/289] drm/amd/amdgpu: reserve vm invalidation engine for firmware Greg Kroah-Hartman
@ 2022-11-30 18:24 ` Greg Kroah-Hartman
2022-11-30 18:24 ` [PATCH 6.0 287/289] drm/amdgpu: always register an MMU notifier for userptr Greg Kroah-Hartman
` (12 subsequent siblings)
298 siblings, 0 replies; 305+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-30 18:24 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Jun Lei, Brian Chang, Dillon Varone,
Daniel Wheeler, Alex Deucher
From: Dillon Varone <Dillon.Varone@amd.com>
commit 5d82c82f1dbee264f7a94587adbbfee607706902 upstream.
[Description]
New values for soc bounding box and dummy pstate.
Reviewed-by: Jun Lei <Jun.Lei@amd.com>
Acked-by: Brian Chang <Brian.Chang@amd.com>
Signed-off-by: Dillon Varone <Dillon.Varone@amd.com>
Tested-by: Daniel Wheeler <daniel.wheeler@amd.com>
Signed-off-by: Alex Deucher <alexander.deucher@amd.com>
Cc: stable@vger.kernel.org # 6.0.x
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/gpu/drm/amd/display/dc/dml/dcn32/dcn32_fpu.c | 6 +++---
drivers/gpu/drm/amd/display/dc/dml/dcn321/dcn321_fpu.c | 8 ++++----
2 files changed, 7 insertions(+), 7 deletions(-)
--- a/drivers/gpu/drm/amd/display/dc/dml/dcn32/dcn32_fpu.c
+++ b/drivers/gpu/drm/amd/display/dc/dml/dcn32/dcn32_fpu.c
@@ -157,7 +157,7 @@ struct _vcs_dpi_soc_bounding_box_st dcn3
.dispclk_dppclk_vco_speed_mhz = 4300.0,
.do_urgent_latency_adjustment = true,
.urgent_latency_adjustment_fabric_clock_component_us = 1.0,
- .urgent_latency_adjustment_fabric_clock_reference_mhz = 1000,
+ .urgent_latency_adjustment_fabric_clock_reference_mhz = 3000,
};
void dcn32_build_wm_range_table_fpu(struct clk_mgr_internal *clk_mgr)
@@ -211,7 +211,7 @@ void dcn32_build_wm_range_table_fpu(stru
/* 'DalDummyClockChangeLatencyNs' registry key option set to 0x7FFFFFFF can be used to disable Set C for dummy p-state */
if (clk_mgr->base.ctx->dc->bb_overrides.dummy_clock_change_latency_ns != 0x7FFFFFFF) {
clk_mgr->base.bw_params->wm_table.nv_entries[WM_C].valid = true;
- clk_mgr->base.bw_params->wm_table.nv_entries[WM_C].dml_input.pstate_latency_us = 38;
+ clk_mgr->base.bw_params->wm_table.nv_entries[WM_C].dml_input.pstate_latency_us = 50;
clk_mgr->base.bw_params->wm_table.nv_entries[WM_C].dml_input.fclk_change_latency_us = fclk_change_latency_us;
clk_mgr->base.bw_params->wm_table.nv_entries[WM_C].dml_input.sr_exit_time_us = sr_exit_time_us;
clk_mgr->base.bw_params->wm_table.nv_entries[WM_C].dml_input.sr_enter_plus_exit_time_us = sr_enter_plus_exit_time_us;
@@ -221,7 +221,7 @@ void dcn32_build_wm_range_table_fpu(stru
clk_mgr->base.bw_params->wm_table.nv_entries[WM_C].pmfw_breakdown.min_uclk = min_uclk_mhz;
clk_mgr->base.bw_params->wm_table.nv_entries[WM_C].pmfw_breakdown.max_uclk = 0xFFFF;
clk_mgr->base.bw_params->dummy_pstate_table[0].dram_speed_mts = clk_mgr->base.bw_params->clk_table.entries[0].memclk_mhz * 16;
- clk_mgr->base.bw_params->dummy_pstate_table[0].dummy_pstate_latency_us = 38;
+ clk_mgr->base.bw_params->dummy_pstate_table[0].dummy_pstate_latency_us = 50;
clk_mgr->base.bw_params->dummy_pstate_table[1].dram_speed_mts = clk_mgr->base.bw_params->clk_table.entries[1].memclk_mhz * 16;
clk_mgr->base.bw_params->dummy_pstate_table[1].dummy_pstate_latency_us = 9;
clk_mgr->base.bw_params->dummy_pstate_table[2].dram_speed_mts = clk_mgr->base.bw_params->clk_table.entries[2].memclk_mhz * 16;
--- a/drivers/gpu/drm/amd/display/dc/dml/dcn321/dcn321_fpu.c
+++ b/drivers/gpu/drm/amd/display/dc/dml/dcn321/dcn321_fpu.c
@@ -125,9 +125,9 @@ struct _vcs_dpi_soc_bounding_box_st dcn3
.sr_enter_plus_exit_z8_time_us = 320,
.writeback_latency_us = 12.0,
.round_trip_ping_latency_dcfclk_cycles = 263,
- .urgent_latency_pixel_data_only_us = 9.35,
- .urgent_latency_pixel_mixed_with_vm_data_us = 9.35,
- .urgent_latency_vm_data_only_us = 9.35,
+ .urgent_latency_pixel_data_only_us = 4,
+ .urgent_latency_pixel_mixed_with_vm_data_us = 4,
+ .urgent_latency_vm_data_only_us = 4,
.fclk_change_latency_us = 20,
.usr_retraining_latency_us = 2,
.smn_latency_us = 2,
@@ -155,7 +155,7 @@ struct _vcs_dpi_soc_bounding_box_st dcn3
.dispclk_dppclk_vco_speed_mhz = 4300.0,
.do_urgent_latency_adjustment = true,
.urgent_latency_adjustment_fabric_clock_component_us = 1.0,
- .urgent_latency_adjustment_fabric_clock_reference_mhz = 1000,
+ .urgent_latency_adjustment_fabric_clock_reference_mhz = 3000,
};
static void get_optimal_ntuple(struct _vcs_dpi_voltage_scaling_st *entry)
^ permalink raw reply [flat|nested] 305+ messages in thread
* [PATCH 6.0 287/289] drm/amdgpu: always register an MMU notifier for userptr
2022-11-30 18:19 [PATCH 6.0 000/289] 6.0.11-rc1 review Greg Kroah-Hartman
` (285 preceding siblings ...)
2022-11-30 18:24 ` [PATCH 6.0 286/289] drm/amd/display: Update soc bounding box for dcn32/dcn321 Greg Kroah-Hartman
@ 2022-11-30 18:24 ` Greg Kroah-Hartman
2022-11-30 18:24 ` [PATCH 6.0 288/289] drm/amdgpu: Partially revert "drm/amdgpu: update drm_display_info correctly when the edid is read" Greg Kroah-Hartman
` (11 subsequent siblings)
298 siblings, 0 replies; 305+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-30 18:24 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Christian König, Alex Deucher,
Felix Kuehling
From: Christian König <christian.koenig@amd.com>
commit b39df63b16b64a3af42695acb9bc567aad144776 upstream.
Since switching to HMM we always need that because we no longer grab
references to the pages.
Signed-off-by: Christian König <christian.koenig@amd.com>
Reviewed-by: Alex Deucher <alexander.deucher@amd.com>
Acked-by: Felix Kuehling <Felix.Kuehling@amd.com>
CC: stable@vger.kernel.org
Signed-off-by: Alex Deucher <alexander.deucher@amd.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/gpu/drm/amd/amdgpu/amdgpu_gem.c | 8 +++-----
1 file changed, 3 insertions(+), 5 deletions(-)
--- a/drivers/gpu/drm/amd/amdgpu/amdgpu_gem.c
+++ b/drivers/gpu/drm/amd/amdgpu/amdgpu_gem.c
@@ -413,11 +413,9 @@ int amdgpu_gem_userptr_ioctl(struct drm_
if (r)
goto release_object;
- if (args->flags & AMDGPU_GEM_USERPTR_REGISTER) {
- r = amdgpu_mn_register(bo, args->addr);
- if (r)
- goto release_object;
- }
+ r = amdgpu_mn_register(bo, args->addr);
+ if (r)
+ goto release_object;
if (args->flags & AMDGPU_GEM_USERPTR_VALIDATE) {
r = amdgpu_ttm_tt_get_user_pages(bo, bo->tbo.ttm->pages);
^ permalink raw reply [flat|nested] 305+ messages in thread
* [PATCH 6.0 288/289] drm/amdgpu: Partially revert "drm/amdgpu: update drm_display_info correctly when the edid is read"
2022-11-30 18:19 [PATCH 6.0 000/289] 6.0.11-rc1 review Greg Kroah-Hartman
` (286 preceding siblings ...)
2022-11-30 18:24 ` [PATCH 6.0 287/289] drm/amdgpu: always register an MMU notifier for userptr Greg Kroah-Hartman
@ 2022-11-30 18:24 ` Greg Kroah-Hartman
2022-11-30 18:24 ` [PATCH 6.0 289/289] drm/i915: fix TLB invalidation for Gen12 video and compute engines Greg Kroah-Hartman
` (10 subsequent siblings)
298 siblings, 0 replies; 305+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-30 18:24 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Claudio Suarez, Luben Tuikov, Alex Deucher
From: Alex Deucher <alexander.deucher@amd.com>
commit 602ad43c3cd8f15cbb25ce9bb494129edb2024ed upstream.
This partially reverts 20543be93ca45968f344261c1a997177e51bd7e1.
Calling drm_connector_update_edid_property() in
amdgpu_connector_free_edid() causes a noticeable pause in
the system every 10 seconds on polled outputs so revert this
part of the change.
Bug: https://gitlab.freedesktop.org/drm/amd/-/issues/2257
Cc: Claudio Suarez <cssk@net-c.es>
Acked-by: Luben Tuikov <luben.tuikov@amd.com>
Signed-off-by: Alex Deucher <alexander.deucher@amd.com>
Cc: stable@vger.kernel.org
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/gpu/drm/amd/amdgpu/amdgpu_connectors.c | 1 -
1 file changed, 1 deletion(-)
--- a/drivers/gpu/drm/amd/amdgpu/amdgpu_connectors.c
+++ b/drivers/gpu/drm/amd/amdgpu/amdgpu_connectors.c
@@ -328,7 +328,6 @@ static void amdgpu_connector_free_edid(s
kfree(amdgpu_connector->edid);
amdgpu_connector->edid = NULL;
- drm_connector_update_edid_property(connector, NULL);
}
static int amdgpu_connector_ddc_get_modes(struct drm_connector *connector)
^ permalink raw reply [flat|nested] 305+ messages in thread
* [PATCH 6.0 289/289] drm/i915: fix TLB invalidation for Gen12 video and compute engines
2022-11-30 18:19 [PATCH 6.0 000/289] 6.0.11-rc1 review Greg Kroah-Hartman
` (287 preceding siblings ...)
2022-11-30 18:24 ` [PATCH 6.0 288/289] drm/amdgpu: Partially revert "drm/amdgpu: update drm_display_info correctly when the edid is read" Greg Kroah-Hartman
@ 2022-11-30 18:24 ` Greg Kroah-Hartman
2022-11-30 20:35 ` [PATCH 6.0 000/289] 6.0.11-rc1 review Florian Fainelli
` (9 subsequent siblings)
298 siblings, 0 replies; 305+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-30 18:24 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Chris Wilson, Andrzej Hajda,
Daniel Vetter, Linus Torvalds
From: Andrzej Hajda <andrzej.hajda@intel.com>
commit 04aa64375f48a5d430b5550d9271f8428883e550 upstream.
In case of Gen12 video and compute engines, TLB_INV registers are masked -
to modify one bit, corresponding bit in upper half of the register must
be enabled, otherwise nothing happens.
CVE: CVE-2022-4139
Suggested-by: Chris Wilson <chris.p.wilson@intel.com>
Signed-off-by: Andrzej Hajda <andrzej.hajda@intel.com>
Acked-by: Daniel Vetter <daniel.vetter@ffwll.ch>
Fixes: 7938d61591d3 ("drm/i915: Flush TLBs before releasing backing store")
Cc: stable@vger.kernel.org
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/gpu/drm/i915/gt/intel_gt.c | 5 +++++
1 file changed, 5 insertions(+)
--- a/drivers/gpu/drm/i915/gt/intel_gt.c
+++ b/drivers/gpu/drm/i915/gt/intel_gt.c
@@ -961,6 +961,11 @@ static void mmio_invalidate_full(struct
if (!i915_mmio_reg_offset(rb.reg))
continue;
+ if (GRAPHICS_VER(i915) == 12 && (engine->class == VIDEO_DECODE_CLASS ||
+ engine->class == VIDEO_ENHANCEMENT_CLASS ||
+ engine->class == COMPUTE_CLASS))
+ rb.bit = _MASKED_BIT_ENABLE(rb.bit);
+
intel_uncore_write_fw(uncore, rb.reg, rb.bit);
awake |= engine->mask;
}
^ permalink raw reply [flat|nested] 305+ messages in thread
* Re: [PATCH 6.0 000/289] 6.0.11-rc1 review
2022-11-30 18:19 [PATCH 6.0 000/289] 6.0.11-rc1 review Greg Kroah-Hartman
` (288 preceding siblings ...)
2022-11-30 18:24 ` [PATCH 6.0 289/289] drm/i915: fix TLB invalidation for Gen12 video and compute engines Greg Kroah-Hartman
@ 2022-11-30 20:35 ` Florian Fainelli
2022-12-01 0:59 ` Shuah Khan
` (8 subsequent siblings)
298 siblings, 0 replies; 305+ messages in thread
From: Florian Fainelli @ 2022-11-30 20:35 UTC (permalink / raw)
To: Greg Kroah-Hartman, stable
Cc: patches, linux-kernel, torvalds, akpm, linux, shuah, patches,
lkft-triage, pavel, jonathanh, sudipm.mukherjee, srw, rwarsow
On 11/30/22 10:19, Greg Kroah-Hartman wrote:
> This is the start of the stable review cycle for the 6.0.11 release.
> There are 289 patches in this series, all will be posted as a response
> to this one. If anyone has any issues with these being applied, please
> let me know.
>
> Responses should be made by Fri, 02 Dec 2022 18:05:05 +0000.
> Anything received after that time might be too late.
>
> The whole patch series can be found in one patch at:
> https://www.kernel.org/pub/linux/kernel/v6.x/stable-review/patch-6.0.11-rc1.gz
> or in the git tree and branch at:
> git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-6.0.y
> and the diffstat can be found below.
>
> thanks,
>
> greg k-h
On ARCH_BRCMSTB using 32-bit and 64-bit ARM kernels, build tested on
BMIPS_GENERIC:
Tested-by: Florian Fainelli <f.fainelli@gmail.com>
--
Florian
^ permalink raw reply [flat|nested] 305+ messages in thread
* Re: [PATCH 6.0 000/289] 6.0.11-rc1 review
2022-11-30 18:19 [PATCH 6.0 000/289] 6.0.11-rc1 review Greg Kroah-Hartman
` (289 preceding siblings ...)
2022-11-30 20:35 ` [PATCH 6.0 000/289] 6.0.11-rc1 review Florian Fainelli
@ 2022-12-01 0:59 ` Shuah Khan
2022-12-01 2:19 ` Zan Aziz
` (7 subsequent siblings)
298 siblings, 0 replies; 305+ messages in thread
From: Shuah Khan @ 2022-12-01 0:59 UTC (permalink / raw)
To: Greg Kroah-Hartman, stable
Cc: patches, linux-kernel, torvalds, akpm, linux, shuah, patches,
lkft-triage, pavel, jonathanh, f.fainelli, sudipm.mukherjee, srw,
rwarsow, Shuah Khan
On 11/30/22 11:19, Greg Kroah-Hartman wrote:
> This is the start of the stable review cycle for the 6.0.11 release.
> There are 289 patches in this series, all will be posted as a response
> to this one. If anyone has any issues with these being applied, please
> let me know.
>
> Responses should be made by Fri, 02 Dec 2022 18:05:05 +0000.
> Anything received after that time might be too late.
>
> The whole patch series can be found in one patch at:
> https://www.kernel.org/pub/linux/kernel/v6.x/stable-review/patch-6.0.11-rc1.gz
> or in the git tree and branch at:
> git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-6.0.y
> and the diffstat can be found below.
>
> thanks,
>
> greg k-h
>
Compiled and booted on my test system. No dmesg regressions.
Tested-by: Shuah Khan <skhan@linuxfoundation.org>
thanks,
-- Shuah
^ permalink raw reply [flat|nested] 305+ messages in thread
* Re: [PATCH 6.0 000/289] 6.0.11-rc1 review
2022-11-30 18:19 [PATCH 6.0 000/289] 6.0.11-rc1 review Greg Kroah-Hartman
` (290 preceding siblings ...)
2022-12-01 0:59 ` Shuah Khan
@ 2022-12-01 2:19 ` Zan Aziz
2022-12-01 6:14 ` Naresh Kamboju
` (6 subsequent siblings)
298 siblings, 0 replies; 305+ messages in thread
From: Zan Aziz @ 2022-12-01 2:19 UTC (permalink / raw)
To: Greg Kroah-Hartman
Cc: stable, patches, linux-kernel, torvalds, akpm, linux, shuah,
patches, lkft-triage, pavel, jonathanh, f.fainelli,
sudipm.mukherjee, srw, rwarsow
On Wed, Nov 30, 2022 at 3:16 PM Greg Kroah-Hartman
<gregkh@linuxfoundation.org> wrote:
>
> This is the start of the stable review cycle for the 6.0.11 release.
> There are 289 patches in this series, all will be posted as a response
> to this one. If anyone has any issues with these being applied, please
> let me know.
>
> Responses should be made by Fri, 02 Dec 2022 18:05:05 +0000.
> Anything received after that time might be too late.
>
> The whole patch series can be found in one patch at:
> https://www.kernel.org/pub/linux/kernel/v6.x/stable-review/patch-6.0.11-rc1.gz
> or in the git tree and branch at:
> git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-6.0.y
> and the diffstat can be found below.
>
> thanks,
>
> greg k-h
Hi Greg,
Compiled and booted on my test system Lenovo P50s: Intel Core i7
No emergency and critical messages in the dmesg
./perf bench sched all
# Running sched/messaging benchmark...
# 20 sender and receiver processes per group
# 10 groups == 400 processes run
Total time: 0.710 [sec]
# Running sched/pipe benchmark...
# Executed 1000000 pipe operations between two processes
Total time: 9.551 [sec]
9.551475 usecs/op
104695 ops/sec
Tested-by: Zan Aziz <zanaziz313@gmail.com>
Thanks
-Zan
^ permalink raw reply [flat|nested] 305+ messages in thread
* Re: [PATCH 6.0 000/289] 6.0.11-rc1 review
2022-11-30 18:19 [PATCH 6.0 000/289] 6.0.11-rc1 review Greg Kroah-Hartman
` (291 preceding siblings ...)
2022-12-01 2:19 ` Zan Aziz
@ 2022-12-01 6:14 ` Naresh Kamboju
2022-12-01 6:57 ` Nathan Chancellor
2022-12-01 7:27 ` Ron Economos
` (5 subsequent siblings)
298 siblings, 1 reply; 305+ messages in thread
From: Naresh Kamboju @ 2022-12-01 6:14 UTC (permalink / raw)
To: Greg Kroah-Hartman, Peter Zijlstra, Daniel Borkmann
Cc: stable, patches, linux-kernel, torvalds, akpm, linux, shuah,
patches, lkft-triage, pavel, jonathanh, f.fainelli,
sudipm.mukherjee, srw, rwarsow, bpf, llvm, Nathan Chancellor
On Thu, 1 Dec 2022 at 00:13, Greg Kroah-Hartman
<gregkh@linuxfoundation.org> wrote:
>
> This is the start of the stable review cycle for the 6.0.11 release.
> There are 289 patches in this series, all will be posted as a response
> to this one. If anyone has any issues with these being applied, please
> let me know.
>
> Responses should be made by Fri, 02 Dec 2022 18:05:05 +0000.
> Anything received after that time might be too late.
>
> The whole patch series can be found in one patch at:
> https://www.kernel.org/pub/linux/kernel/v6.x/stable-review/patch-6.0.11-rc1.gz
> or in the git tree and branch at:
> git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-6.0.y
> and the diffstat can be found below.
>
> thanks,
>
> greg k-h
Results from Linaro's test farm.
Regressions found on x86_64:
- build-clang-15-allmodconfig-x86_64
- build-clang-nightly-allmodconfig-x86_64
Reported-by: Linux Kernel Functional Testing <lkft@linaro.org>
bpf: Convert BPF_DISPATCHER to use static_call() (not ftrace)
[ Upstream commit c86df29d11dfba27c0a1f5039cd6fe387fbf4239 ]
Causing the following build warnings / errors with clang-15 allmodconfig
on x86_64,
Build error:
make --silent --keep-going --jobs=8
O=/home/tuxbuild/.cache/tuxmake/builds/1/build LLVM=1 LLVM_IAS=1
ARCH=x86_64 SRCARCH=x86 CROSS_COMPILE=x86_64-linux-gnu-
'HOSTCC=sccache clang' 'CC=sccache clang'
kernel/bpf/dispatcher.c:126:33: error: pointer type mismatch ('void *'
and 'unsigned int (*)(const void *, const struct bpf_insn *,
bpf_func_t)' (aka 'unsigned int (*)(const void *, const struct
bpf_insn *, unsigned int (*)(const void *, const struct bpf_insn
*))')) [-Werror,-Wpointer-type-mismatch]
__BPF_DISPATCHER_UPDATE(d, new ?: &bpf_dispatcher_nop_func);
~~~ ^ ~~~~~~~~~~~~~~~~~~~~~~~~
include/linux/bpf.h:938:54: note: expanded from macro '__BPF_DISPATCHER_UPDATE'
__static_call_update((_d)->sc_key, (_d)->sc_tramp, (_new))
^~~~
1 error generated.
Build logs:
- https://builds.tuxbuild.com/2IHYTj6JN108YShWQ8K8Fd0HyVW/
--
Linaro LKFT
https://lkft.linaro.org
^ permalink raw reply [flat|nested] 305+ messages in thread
* Re: [PATCH 6.0 000/289] 6.0.11-rc1 review
2022-12-01 6:14 ` Naresh Kamboju
@ 2022-12-01 6:57 ` Nathan Chancellor
2022-12-01 7:56 ` Greg Kroah-Hartman
0 siblings, 1 reply; 305+ messages in thread
From: Nathan Chancellor @ 2022-12-01 6:57 UTC (permalink / raw)
To: Naresh Kamboju
Cc: Greg Kroah-Hartman, Peter Zijlstra, Daniel Borkmann, stable,
patches, linux-kernel, torvalds, akpm, linux, shuah, patches,
lkft-triage, pavel, jonathanh, f.fainelli, sudipm.mukherjee, srw,
rwarsow, bpf, llvm
On Thu, Dec 01, 2022 at 11:44:53AM +0530, Naresh Kamboju wrote:
> On Thu, 1 Dec 2022 at 00:13, Greg Kroah-Hartman
> <gregkh@linuxfoundation.org> wrote:
> >
> > This is the start of the stable review cycle for the 6.0.11 release.
> > There are 289 patches in this series, all will be posted as a response
> > to this one. If anyone has any issues with these being applied, please
> > let me know.
> >
> > Responses should be made by Fri, 02 Dec 2022 18:05:05 +0000.
> > Anything received after that time might be too late.
> >
> > The whole patch series can be found in one patch at:
> > https://www.kernel.org/pub/linux/kernel/v6.x/stable-review/patch-6.0.11-rc1.gz
> > or in the git tree and branch at:
> > git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-6.0.y
> > and the diffstat can be found below.
> >
> > thanks,
> >
> > greg k-h
>
> Results from Linaro's test farm.
> Regressions found on x86_64:
>
> - build-clang-15-allmodconfig-x86_64
> - build-clang-nightly-allmodconfig-x86_64
>
> Reported-by: Linux Kernel Functional Testing <lkft@linaro.org>
>
> bpf: Convert BPF_DISPATCHER to use static_call() (not ftrace)
> [ Upstream commit c86df29d11dfba27c0a1f5039cd6fe387fbf4239 ]
>
> Causing the following build warnings / errors with clang-15 allmodconfig
> on x86_64,
>
> Build error:
> make --silent --keep-going --jobs=8
> O=/home/tuxbuild/.cache/tuxmake/builds/1/build LLVM=1 LLVM_IAS=1
> ARCH=x86_64 SRCARCH=x86 CROSS_COMPILE=x86_64-linux-gnu-
> 'HOSTCC=sccache clang' 'CC=sccache clang'
> kernel/bpf/dispatcher.c:126:33: error: pointer type mismatch ('void *'
> and 'unsigned int (*)(const void *, const struct bpf_insn *,
> bpf_func_t)' (aka 'unsigned int (*)(const void *, const struct
> bpf_insn *, unsigned int (*)(const void *, const struct bpf_insn
> *))')) [-Werror,-Wpointer-type-mismatch]
> __BPF_DISPATCHER_UPDATE(d, new ?: &bpf_dispatcher_nop_func);
> ~~~ ^ ~~~~~~~~~~~~~~~~~~~~~~~~
> include/linux/bpf.h:938:54: note: expanded from macro '__BPF_DISPATCHER_UPDATE'
> __static_call_update((_d)->sc_key, (_d)->sc_tramp, (_new))
> ^~~~
> 1 error generated.
Thanks for the report! This is fixed with upstream commit a679120edfcf
("bpf: Add explicit cast to 'void *' for __BPF_DISPATCHER_UPDATE()"),
which was marked as a fix for c86df29d11df.
Cheers,
Nathan
^ permalink raw reply [flat|nested] 305+ messages in thread
* Re: [PATCH 6.0 000/289] 6.0.11-rc1 review
2022-11-30 18:19 [PATCH 6.0 000/289] 6.0.11-rc1 review Greg Kroah-Hartman
` (292 preceding siblings ...)
2022-12-01 6:14 ` Naresh Kamboju
@ 2022-12-01 7:27 ` Ron Economos
2022-12-01 8:18 ` Naresh Kamboju
` (4 subsequent siblings)
298 siblings, 0 replies; 305+ messages in thread
From: Ron Economos @ 2022-12-01 7:27 UTC (permalink / raw)
To: Greg Kroah-Hartman, stable
Cc: patches, linux-kernel, torvalds, akpm, linux, shuah, patches,
lkft-triage, pavel, jonathanh, f.fainelli, sudipm.mukherjee, srw,
rwarsow
On 11/30/22 10:19 AM, Greg Kroah-Hartman wrote:
> This is the start of the stable review cycle for the 6.0.11 release.
> There are 289 patches in this series, all will be posted as a response
> to this one. If anyone has any issues with these being applied, please
> let me know.
>
> Responses should be made by Fri, 02 Dec 2022 18:05:05 +0000.
> Anything received after that time might be too late.
>
> The whole patch series can be found in one patch at:
> https://www.kernel.org/pub/linux/kernel/v6.x/stable-review/patch-6.0.11-rc1.gz
> or in the git tree and branch at:
> git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-6.0.y
> and the diffstat can be found below.
>
> thanks,
>
> greg k-h
Built and booted successfully on RISC-V RV64 (HiFive Unmatched).
Tested-by: Ron Economos <re@w6rz.net>
^ permalink raw reply [flat|nested] 305+ messages in thread
* Re: [PATCH 6.0 000/289] 6.0.11-rc1 review
2022-12-01 6:57 ` Nathan Chancellor
@ 2022-12-01 7:56 ` Greg Kroah-Hartman
0 siblings, 0 replies; 305+ messages in thread
From: Greg Kroah-Hartman @ 2022-12-01 7:56 UTC (permalink / raw)
To: Nathan Chancellor
Cc: Naresh Kamboju, Peter Zijlstra, Daniel Borkmann, stable, patches,
linux-kernel, torvalds, akpm, linux, shuah, patches, lkft-triage,
pavel, jonathanh, f.fainelli, sudipm.mukherjee, srw, rwarsow,
bpf, llvm
On Wed, Nov 30, 2022 at 11:57:24PM -0700, Nathan Chancellor wrote:
> On Thu, Dec 01, 2022 at 11:44:53AM +0530, Naresh Kamboju wrote:
> > On Thu, 1 Dec 2022 at 00:13, Greg Kroah-Hartman
> > <gregkh@linuxfoundation.org> wrote:
> > >
> > > This is the start of the stable review cycle for the 6.0.11 release.
> > > There are 289 patches in this series, all will be posted as a response
> > > to this one. If anyone has any issues with these being applied, please
> > > let me know.
> > >
> > > Responses should be made by Fri, 02 Dec 2022 18:05:05 +0000.
> > > Anything received after that time might be too late.
> > >
> > > The whole patch series can be found in one patch at:
> > > https://www.kernel.org/pub/linux/kernel/v6.x/stable-review/patch-6.0.11-rc1.gz
> > > or in the git tree and branch at:
> > > git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-6.0.y
> > > and the diffstat can be found below.
> > >
> > > thanks,
> > >
> > > greg k-h
> >
> > Results from Linaro's test farm.
> > Regressions found on x86_64:
> >
> > - build-clang-15-allmodconfig-x86_64
> > - build-clang-nightly-allmodconfig-x86_64
> >
> > Reported-by: Linux Kernel Functional Testing <lkft@linaro.org>
> >
> > bpf: Convert BPF_DISPATCHER to use static_call() (not ftrace)
> > [ Upstream commit c86df29d11dfba27c0a1f5039cd6fe387fbf4239 ]
> >
> > Causing the following build warnings / errors with clang-15 allmodconfig
> > on x86_64,
> >
> > Build error:
> > make --silent --keep-going --jobs=8
> > O=/home/tuxbuild/.cache/tuxmake/builds/1/build LLVM=1 LLVM_IAS=1
> > ARCH=x86_64 SRCARCH=x86 CROSS_COMPILE=x86_64-linux-gnu-
> > 'HOSTCC=sccache clang' 'CC=sccache clang'
> > kernel/bpf/dispatcher.c:126:33: error: pointer type mismatch ('void *'
> > and 'unsigned int (*)(const void *, const struct bpf_insn *,
> > bpf_func_t)' (aka 'unsigned int (*)(const void *, const struct
> > bpf_insn *, unsigned int (*)(const void *, const struct bpf_insn
> > *))')) [-Werror,-Wpointer-type-mismatch]
> > __BPF_DISPATCHER_UPDATE(d, new ?: &bpf_dispatcher_nop_func);
> > ~~~ ^ ~~~~~~~~~~~~~~~~~~~~~~~~
> > include/linux/bpf.h:938:54: note: expanded from macro '__BPF_DISPATCHER_UPDATE'
> > __static_call_update((_d)->sc_key, (_d)->sc_tramp, (_new))
> > ^~~~
> > 1 error generated.
>
> Thanks for the report! This is fixed with upstream commit a679120edfcf
> ("bpf: Add explicit cast to 'void *' for __BPF_DISPATCHER_UPDATE()"),
> which was marked as a fix for c86df29d11df.
Now queued up. I forgot to run my "do we need fixes for the fixes"
script on the queues, sorry about that.
greg k-h
^ permalink raw reply [flat|nested] 305+ messages in thread
* Re: [PATCH 6.0 000/289] 6.0.11-rc1 review
2022-11-30 18:19 [PATCH 6.0 000/289] 6.0.11-rc1 review Greg Kroah-Hartman
` (293 preceding siblings ...)
2022-12-01 7:27 ` Ron Economos
@ 2022-12-01 8:18 ` Naresh Kamboju
2022-12-01 9:45 ` Bagas Sanjaya
` (3 subsequent siblings)
298 siblings, 0 replies; 305+ messages in thread
From: Naresh Kamboju @ 2022-12-01 8:18 UTC (permalink / raw)
To: Greg Kroah-Hartman
Cc: stable, patches, linux-kernel, torvalds, akpm, linux, shuah,
patches, lkft-triage, pavel, jonathanh, f.fainelli,
sudipm.mukherjee, srw, rwarsow, Praneeth Bajjuri
[-- Attachment #1: Type: text/plain, Size: 1463 bytes --]
On Thu, 1 Dec 2022 at 00:13, Greg Kroah-Hartman
<gregkh@linuxfoundation.org> wrote:
>
> This is the start of the stable review cycle for the 6.0.11 release.
> There are 289 patches in this series, all will be posted as a response
> to this one. If anyone has any issues with these being applied, please
> let me know.
>
> Responses should be made by Fri, 02 Dec 2022 18:05:05 +0000.
> Anything received after that time might be too late.
>
> The whole patch series can be found in one patch at:
> https://www.kernel.org/pub/linux/kernel/v6.x/stable-review/patch-6.0.11-rc1.gz
> or in the git tree and branch at:
> git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-6.0.y
> and the diffstat can be found below.
>
> thanks,
>
> greg k-h
Results from Linaro's test farm.
On the arm32bit TI Beagleboard X15 the intermittent Internal error: noticed on
stable-rc 6.0.11-rc1 attached boot log. I have re-tested multiple on stable-rc
6.0.11-rc1 but not reproduced.
Old report that was reported on Linux next-20220526 tag.
Internal error: Oops: 5 [#1] SMP ARM: PC is at l3_interrupt_handler
https://lore.kernel.org/all/CA+G9fYtNLnFs-RWeSkLDq9imwout7px4O13OqAgGxK1O6fGEBA@mail.gmail.com/
The stable-rc 6.0.11-rc1 x15 crash log details,
https://qa-reports.linaro.org/lkft/linux-stable-rc-linux-6.0.y/build/v6.0.9-604-g57e2fc7c0112/testrun/13332986/suite/log-parser-test/tests/
--
Linaro LKFT
https://lkft.linaro.org
[-- Attachment #2: x15-internal-error-kernel-panic.txt --]
[-- Type: text/plain, Size: 42186 bytes --]
Starting kernel ...
[ 0.000000] Booting Linux on physical CPU 0x0
[ 0.000000] Linux version 6.0.11-rc1 (tuxmake@tuxmake) (arm-linux-gnueabihf-gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2) #1 SMP @1669834074
[ 0.000000] CPU: ARMv7 Processor [412fc0f2] revision 2 (ARMv7), cr=10c5387d
[ 0.000000] CPU: div instructions available: patching division code
[ 0.000000] CPU: PIPT / VIPT nonaliasing data cache, PIPT instruction cache
[ 0.000000] OF: fdt: Machine model: TI AM5728 BeagleBoard-X15
[ 0.000000] Memory policy: Data cache writealloc
[ 0.000000] efi: UEFI not found.
[ 0.000000] Reserved memory: created CMA memory pool at 0x95800000, size 56 MiB
[ 0.000000] OF: reserved mem: initialized node ipu2-memory@95800000, compatible id shared-dma-pool
[ 0.000000] Reserved memory: created CMA memory pool at 0x99000000, size 64 MiB
[ 0.000000] OF: reserved mem: initialized node dsp1-memory@99000000, compatible id shared-dma-pool
[ 0.000000] Reserved memory: created CMA memory pool at 0x9d000000, size 32 MiB
[ 0.000000] OF: reserved mem: initialized node ipu1-memory@9d000000, compatible id shared-dma-pool
[ 0.000000] Reserved memory: created CMA memory pool at 0x9f000000, size 8 MiB
[ 0.000000] OF: reserved mem: initialized node dsp2-memory@9f000000, compatible id shared-dma-pool
[ 0.000000] cma: Reserved 64 MiB at 0xfb800000
[ 0.000000] OMAP4: Map 0xafe00000 to (ptrval) for dram barrier
[ 0.000000] Zone ranges:
[ 0.000000] DMA [mem 0x0000000080000000-0x00000000afdfffff]
[ 0.000000] Normal empty
[ 0.000000] HighMem [mem 0x00000000afe00000-0x00000000ffffefff]
[ 0.000000] Movable zone start for each node
[ 0.000000] Early memory node ranges
[ 0.000000] node 0: [mem 0x0000000080000000-0x00000000afdfffff]
[ 0.000000] node 0: [mem 0x00000000b0000000-0x00000000ffffefff]
[ 0.000000] Initmem setup node 0 [mem 0x0000000080000000-0x00000000ffffefff]
[ 0.000000] On node 0, zone HighMem: 512 pages in unavailable ranges
[ 0.000000] DRA752 ES2.0
[ 0.000000] percpu: Embedded 16 pages/cpu s35156 r8192 d22188 u65536
[ 0.000000] Built 1 zonelists, mobility grouping on. Total pages: 522051
[ 0.000000] Kernel command line: console=ttyS2,115200n8 root=PARTUUID=21674ce0-3b3d-d74e-a1fb-cb0f72855b64 rw rootfstype=ext4 rootwait
[ 0.000000] Dentry cache hash table entries: 131072 (order: 7, 524288 bytes, linear)
[ 0.000000] Inode-cache hash table entries: 65536 (order: 6, 262144 bytes, linear)
[ 0.000000] mem auto-init: stack:off, heap alloc:off, heap free:off
[ 0.000000] Memory: 1812560K/2095100K available (17408K kernel code, 2688K rwdata, 8948K rodata, 2048K init, 505K bss, 53164K reserved, 229376K cma-reserved, 1245180K highmem)
[ 0.000000] SLUB: HWalign=64, Order=0-3, MinObjects=0, CPUs=2, Nodes=1
[ 0.000000] ftrace: allocating 60953 entries in 179 pages
[ 0.000000] ftrace: allocated 179 pages with 5 groups
[ 0.000000] trace event string verifier disabled
[ 0.000000] rcu: Hierarchical RCU implementation.
[ 0.000000] rcu: RCU event tracing is enabled.
[ 0.000000] rcu: RCU restricting CPUs from NR_CPUS=16 to nr_cpu_ids=2.
[ 0.000000] Rude variant of Tasks RCU enabled.
[ 0.000000] rcu: RCU calculated value of scheduler-enlistment delay is 10 jiffies.
[ 0.000000] rcu: Adjusting geometry for rcu_fanout_leaf=16, nr_cpu_ids=2
[ 0.000000] NR_IRQS: 16, nr_irqs: 16, preallocated irqs: 16
[ 0.000000] GIC: Using split EOI/Deactivate mode
[ 0.000000] rcu: srcu_init: Setting srcu_struct sizes based on contention.
[ 0.000000] OMAP clocksource: 32k_counter at 32768 Hz
[ 0.000000] clocksource: 32k_counter: mask: 0xffffffff max_cycles: 0xffffffff, max_idle_ns: 58327039986419 ns
[ 0.000000] sched_clock: 32 bits at 33kHz, resolution 30517ns, wraps every 65535999984741ns
[ 0.002593] TI gptimer clockevent: always-on 32786 Hz at /ocp/interconnect@4ae00000/segment@10000/target-module@8000
[ 0.007171] TI gptimer percpu-dmtimer: 20000000 Hz at /ocp/interconnect@48800000/segment@0/target-module@2c000
[ 0.007385] TI gptimer percpu-dmtimer: 20000000 Hz at /ocp/interconnect@48800000/segment@0/target-module@2e000
[ 0.010711] Console: colour dummy device 80x30
[ 0.010742] Calibrating delay loop... 1993.93 BogoMIPS (lpj=9969664)
[ 0.063232] pid_max: default: 32768 minimum: 301
[ 0.063385] Mount-cache hash table entries: 2048 (order: 1, 8192 bytes, linear)
[ 0.063415] Mountpoint-cache hash table entries: 2048 (order: 1, 8192 bytes, linear)
[ 0.063995] CPU: Testing write buffer coherency: ok
[ 0.064025] CPU0: Spectre v2: using ICIALLU workaround
[ 0.064056] CPU0: Spectre BHB: enabling loop workaround for all CPUs
[ 0.064270] /cpus/cpu@0 missing clock-frequency property
[ 0.064300] /cpus/cpu@1 missing clock-frequency property
[ 0.064331] CPU0: thread -1, cpu 0, socket 0, mpidr 80000000
[ 0.065093] cblist_init_generic: Setting adjustable number of callback queues.
[ 0.065093] cblist_init_generic: Setting shift to 1 and lim to 1.
[ 0.065185] Setting up static identity map for 0x80300000 - 0x803000ac
[ 0.068511] rcu: Hierarchical SRCU implementation.
[ 0.068511] rcu: Max phase no-delay instances is 1000.
[ 0.077545] EFI services will not be available.
[ 0.078155] smp: Bringing up secondary CPUs ...
[ 0.138305] CPU1: thread -1, cpu 1, socket 0, mpidr 80000001
[ 0.138336] CPU1: Spectre v2: using ICIALLU workaround
[ 0.138458] smp: Brought up 1 node, 2 CPUs
[ 0.138458] SMP: Total of 2 processors activated (3994.41 BogoMIPS).
[ 0.138488] CPU: All CPU(s) started in HYP mode.
[ 0.138488] CPU: Virtualization extensions available.
[ 0.138946] devtmpfs: initialized
[ 0.160430] VFP support v0.3: implementor 41 architecture 4 part 30 variant f rev 0
[ 0.160583] clocksource: jiffies: mask: 0xffffffff max_cycles: 0xffffffff, max_idle_ns: 19112604462750000 ns
[ 0.160614] futex hash table entries: 512 (order: 3, 32768 bytes, linear)
[ 0.164062] pinctrl core: initialized pinctrl subsystem
[ 0.169921] DMI not present or invalid.
[ 0.170410] NET: Registered PF_NETLINK/PF_ROUTE protocol family
[ 0.172851] DMA: preallocated 256 KiB pool for atomic coherent allocations
[ 0.176788] thermal_sys: Registered thermal governor 'step_wise'
[ 0.177856] cpuidle: using governor menu
[ 0.219360] platform encoder: Fixing up cyclic dependency with connector
[ 0.219940] No ATAGs?
[ 0.220031] hw-breakpoint: found 5 (+1 reserved) breakpoint and 4 watchpoint registers.
[ 0.220031] hw-breakpoint: maximum watchpoint size is 8 bytes.
[ 0.227783] Serial: AMBA PL011 UART driver
[ 0.240203] kprobes: kprobe jump-optimization is enabled. All kprobes are optimized if possible.
[ 0.249786] cryptd: max_cpu_qlen set to 1000
[ 0.256072] iommu: Default domain type: Translated
[ 0.256072] iommu: DMA domain TLB invalidation policy: strict mode
[ 0.256622] SCSI subsystem initialized
[ 0.257019] usbcore: registered new interface driver usbfs
[ 0.257049] usbcore: registered new interface driver hub
[ 0.257080] usbcore: registered new device driver usb
[ 0.258148] mc: Linux media interface: v0.10
[ 0.258178] videodev: Linux video capture interface: v2.00
[ 0.258239] pps_core: LinuxPPS API ver. 1 registered
[ 0.258270] pps_core: Software ver. 5.3.6 - Copyright 2005-2007 Rodolfo Giometti <giometti@linux.it>
[ 0.258270] PTP clock support registered
[ 0.258422] EDAC MC: Ver: 3.0.0
[ 1.034301] vgaarb: loaded
[ 1.034576] clocksource: Switched to clocksource 32k_counter
[ 1.091918] NET: Registered PF_INET protocol family
[ 1.092132] IP idents hash table entries: 16384 (order: 5, 131072 bytes, linear)
[ 1.093261] tcp_listen_portaddr_hash hash table entries: 512 (order: 0, 4096 bytes, linear)
[ 1.093292] Table-perturb hash table entries: 65536 (order: 6, 262144 bytes, linear)
[ 1.093322] TCP established hash table entries: 8192 (order: 3, 32768 bytes, linear)
[ 1.093383] TCP bind hash table entries: 8192 (order: 4, 65536 bytes, linear)
[ 1.093505] TCP: Hash tables configured (established 8192 bind 8192)
[ 1.093627] MPTCP token hash table entries: 1024 (order: 2, 16384 bytes, linear)
[ 1.093658] UDP hash table entries: 512 (order: 2, 16384 bytes, linear)
[ 1.093688] UDP-Lite hash table entries: 512 (order: 2, 16384 bytes, linear)
[ 1.093841] NET: Registered PF_UNIX/PF_LOCAL protocol family
[ 1.094360] RPC: Registered named UNIX socket transport module.
[ 1.094360] RPC: Registered udp transport module.
[ 1.094360] RPC: Registered tcp transport module.
[ 1.094390] RPC: Registered tcp NFSv4.1 backchannel transport module.
[ 1.094390] PCI: CLS 0 bytes, default 64
[ 1.094879] armv7-pmu pmu: hw perfevents: no interrupt-affinity property, guessing.
[ 1.095092] hw perfevents: enabled with armv7_cortex_a15 PMU driver, 7 counters available
[ 1.096038] Initialise system trusted keyrings
[ 1.096252] workingset: timestamp_bits=14 max_order=19 bucket_order=5
[ 1.102630] squashfs: version 4.0 (2009/01/31) Phillip Lougher
[ 1.103332] NFS: Registering the id_resolver key type
[ 1.103363] Key type id_resolver registered
[ 1.103393] Key type id_legacy registered
[ 1.103454] nfs4filelayout_init: NFSv4 File Layout Driver Registering...
[ 1.103454] nfs4flexfilelayout_init: NFSv4 Flexfile Layout Driver Registering...
[ 1.103485] ntfs: driver 2.1.32 [Flags: R/O].
[ 1.104888] jitterentropy: Initialization failed with host not compliant with requirements: 2
[ 1.104888] NET: Registered PF_ALG protocol family
[ 1.104919] Key type asymmetric registered
[ 1.104919] Asymmetric key parser 'x509' registered
[ 1.105072] bounce: pool size: 64 pages
[ 1.105163] Block layer SCSI generic (bsg) driver version 0.4 loaded (major 246)
[ 1.105163] io scheduler mq-deadline registered
[ 1.105163] io scheduler kyber registered
[ 1.188262] Serial: 8250/16550 driver, 5 ports, IRQ sharing enabled
[ 1.191528] SuperH (H)SCI(F) driver initialized
[ 1.192230] msm_serial: driver initialized
[ 1.192230] STMicroelectronics ASC driver initialized
[ 1.193847] STM32 USART driver initialized
[ 1.206268] brd: module loaded
[ 1.210998] loop: module loaded
[ 1.221221] CAN device driver interface
[ 1.222045] bgmac_bcma: Broadcom 47xx GBit MAC driver loaded
[ 1.222839] e1000e: Intel(R) PRO/1000 Network Driver
[ 1.222839] e1000e: Copyright(c) 1999 - 2015 Intel Corporation.
[ 1.222869] igb: Intel(R) Gigabit Ethernet Network Driver
[ 1.222900] igb: Copyright (c) 2007-2014 Intel Corporation.
[ 1.223358] QLogic FastLinQ 4xxxx Core Module qed
[ 1.223358] qede init: QLogic FastLinQ 4xxxx Ethernet Driver qede
[ 1.226135] pegasus: Pegasus/Pegasus II USB Ethernet driver
[ 1.226165] usbcore: registered new interface driver pegasus
[ 1.226196] usbcore: registered new interface driver asix
[ 1.226226] usbcore: registered new interface driver ax88179_178a
[ 1.226257] usbcore: registered new interface driver cdc_ether
[ 1.226287] usbcore: registered new interface driver smsc75xx
[ 1.226348] usbcore: registered new interface driver smsc95xx
[ 1.226379] usbcore: registered new interface driver net1080
[ 1.226409] usbcore: registered new interface driver cdc_subset
[ 1.226440] usbcore: registered new interface driver zaurus
[ 1.226501] usbcore: registered new interface driver cdc_ncm
[ 1.228302] ehci_hcd: USB 2.0 'Enhanced' Host Controller (EHCI) Driver
[ 1.228302] ehci-pci: EHCI PCI platform driver
[ 1.228332] ehci-platform: EHCI generic platform driver
[ 1.228485] ehci-omap: OMAP-EHCI Host Controller driver
[ 1.228576] ehci-orion: EHCI orion driver
[ 1.228698] SPEAr-ehci: EHCI SPEAr driver
[ 1.228820] ehci-st: EHCI STMicroelectronics driver
[ 1.228912] ehci-atmel: EHCI Atmel driver
[ 1.229034] ohci_hcd: USB 1.1 'Open' Host Controller (OHCI) Driver
[ 1.229034] ohci-pci: OHCI PCI platform driver
[ 1.229064] ohci-platform: OHCI generic platform driver
[ 1.229187] SPEAr-ohci: OHCI SPEAr driver
[ 1.229309] ohci-st: OHCI STMicroelectronics driver
[ 1.229400] ohci-atmel: OHCI Atmel driver
[ 1.229797] usbcore: registered new interface driver usb-storage
[ 1.233703] i2c_dev: i2c /dev entries driver
[ 1.245147] cpu cpu0: Failed to set OPP config
[ 1.246704] sdhci: Secure Digital Host Controller Interface driver
[ 1.246734] sdhci: Copyright(c) Pierre Ossman
[ 1.248138] Synopsys Designware Multimedia Card Interface Driver
[ 1.249420] sdhci-pltfm: SDHCI platform and OF driver helper
[ 1.251770] ledtrig-cpu: registered to indicate activity on CPUs
[ 1.255645] usbcore: registered new interface driver usbhid
[ 1.255645] usbhid: USB HID core driver
[ 1.258544] cs_system_cfg: CoreSight Configuration manager initialised
[ 1.262573] NET: Registered PF_INET6 protocol family
[ 1.263549] Segment Routing with IPv6
[ 1.263580] In-situ OAM (IOAM) with IPv6
[ 1.263641] sit: IPv6, IPv4 and MPLS over IPv4 tunneling driver
[ 1.264129] NET: Registered PF_PACKET protocol family
[ 1.264129] can: controller area network core
[ 1.264190] NET: Registered PF_CAN protocol family
[ 1.264190] can: raw protocol
[ 1.264221] can: broadcast manager protocol
[ 1.264221] can: netlink gateway - max_hops=1
[ 1.264495] Key type dns_resolver registered
[ 1.264556] ThumbEE CPU extension supported.
[ 1.264617] Registering SWP/SWPB emulation handler
[ 1.264984] omap_voltage_late_init: Voltage driver support not added
[ 1.265014] Power Management for TI OMAP4+ devices.
[ 1.265869] registered taskstats version 1
[ 1.265869] Loading compiled-in X.509 certificates
[ 1.331085] pinctrl-single 4a003400.pinmux: 282 pins, size 1128
[ 1.391998] omap-dma-engine 4a056000.dma-controller: OMAP DMA engine driver (LinkedList1/2/3 supported)
[ 1.411712] ahci 4a140000.sata: supply ahci not found, using dummy regulator
[ 1.411804] ahci 4a140000.sata: supply phy not found, using dummy regulator
[ 1.411926] ahci 4a140000.sata: supply target not found, using dummy regulator
[ 1.412292] ahci 4a140000.sata: forcing port_map 0x0 -> 0x1
[ 1.412322] ahci 4a140000.sata: AHCI 0001.0300 32 slots 1 ports 3 Gbps 0x1 impl platform mode
[ 1.412322] ahci 4a140000.sata: flags: 64bit ncq sntf pm led clo only pmp pio slum part ccc apst
[ 1.413635] scsi host0: ahci
[ 1.413879] ata1: SATA max UDMA/133 mmio [mem 0x4a140000-0x4a1410ff] port 0x100 irq 98
[ 1.428741] gpio gpiochip0: (gpio-0-31): not an immutable chip, please consider fixing it!
[ 1.429138] OMAP GPIO hardware version 0.1
[ 1.434173] ti-sysc: probe of 4ae18000.target-module failed with error -16
[ 1.449310] printk: console [ttyS2] disabled
[ 1.449401] 48020000.serial: ttyS2 at MMIO 0x48020000 (irq = 101, base_baud = 3000000) is a 8250
[ 1.746398] ata1: SATA link down (SStatus 0 SControl 300)
[ 2.787048] printk: console [ttyS2] enabled
[ 2.806579] gpio gpiochip1: (gpio-32-63): not an immutable chip, please consider fixing it!
[ 2.817199] gpio gpiochip2: (gpio-64-95): not an immutable chip, please consider fixing it!
[ 2.827697] gpio gpiochip3: (gpio-96-127): not an immutable chip, please consider fixing it!
[ 2.838256] gpio gpiochip4: (gpio-128-159): not an immutable chip, please consider fixing it!
[ 2.848907] gpio gpiochip5: (gpio-160-191): not an immutable chip, please consider fixing it!
[ 2.859527] gpio gpiochip6: (gpio-192-223): not an immutable chip, please consider fixing it!
[ 2.870239] gpio gpiochip7: (gpio-224-255): not an immutable chip, please consider fixing it!
[ 2.882171] omap_i2c 48060000.i2c: bus 2 rev0.12 at 400 kHz
[ 2.897308] palmas 0-0058: Irq flag is 0x00000008
[ 2.928894] palmas 0-0058: Muxing GPIO 2f, PWM 0, LED 0
[ 2.977050] at24 0-0050: supply vcc not found, using dummy regulator
[ 2.983856] at24 0-0050: 4096 byte 24c32 EEPROM, writable, 1 bytes/write
[ 2.990753] omap_i2c 48070000.i2c: bus 0 rev0.12 at 400 kHz
[ 3.010711] omap_rng 48090000.rng: Random Number Generator ver. 20
[ 3.010955] random: crng init done
[ 3.025238] omap_gpio 4805d000.gpio: Could not set line 27 debounce to 200000 microseconds (-22)
[ 3.034057] sdhci-omap 4809c000.mmc: Got CD GPIO
[ 3.039031] sdhci-omap 4809c000.mmc: supply vqmmc not found, using dummy regulator
[ 3.070953] sdhci-omap 4809c000.mmc: no pinctrl state for ddr_3_3v mode
[ 3.104827] mmc0: SDHCI controller on 4809c000.mmc [4809c000.mmc] using ADMA
[ 3.124603] davinci_mdio 48485000.mdio: davinci mdio revision 1.6, bus freq 1000000
[ 3.135528] davinci_mdio 48485000.mdio: phy[1]: device 48485000.mdio:01, driver Micrel KSZ9031 Gigabit PHY
[ 3.145263] davinci_mdio 48485000.mdio: phy[2]: device 48485000.mdio:02, driver Micrel KSZ9031 Gigabit PHY
[ 3.155578] cpsw-switch 48484000.switch: initialized cpsw ale version 1.4
[ 3.162414] cpsw-switch 48484000.switch: ALE Table size 1024
[ 3.168182] cpsw-switch 48484000.switch: cpts: overflow check period 500 (jiffies)
[ 3.175842] cpsw-switch 48484000.switch: CPTS: ref_clk_freq:266000000 calc_mult:4036623398 calc_shift:30 error:-1 nsec/sec
[ 3.187011] cpsw-switch 48484000.switch: Detected MACID = f8:30:02:cf:6e:e6
[ 3.194030] cpsw-switch 48484000.switch: Detected MACID = f8:30:02:cf:6e:e7
[ 3.202789] cpsw-switch 48484000.switch: initialized (regs 0x48484000, pool size 256) hw_ver:0019010F 1.15 (0)
[ 3.237701] ti-sysc: probe of 4882c000.target-module failed with error -16
[ 3.247070] ti-sysc: probe of 4882e000.target-module failed with error -16
[ 3.290252] dra7-pcie 51000000.pcie: host bridge /ocp/target-module@51000000/pcie@51000000 ranges:
[ 3.299346] dra7-pcie 51000000.pcie: IO 0x0020003000..0x0020012fff -> 0x0000000000
[ 3.307556] dra7-pcie 51000000.pcie: MEM 0x0020013000..0x002fffffff -> 0x0020013000
[ 3.315795] dra7-pcie 51000000.pcie: iATU unroll: disabled
[ 3.321319] dra7-pcie 51000000.pcie: iATU regions: 16 ob, 4 ib, align 4K, limit 4G
[ 4.329772] dra7-pcie 51000000.pcie: Phy link never came up
[ 4.335540] dra7-pcie 51000000.pcie: PCI host bridge to bus 0000:00
[ 4.341857] pci_bus 0000:00: root bus resource [bus 00-ff]
[ 4.347412] pci_bus 0000:00: root bus resource [io 0x0000-0xffff]
[ 4.353607] pci_bus 0000:00: root bus resource [mem 0x20013000-0x2fffffff]
[ 4.360565] pci 0000:00:00.0: [104c:8888] type 01 class 0x060400
[ 4.366638] pci 0000:00:00.0: reg 0x10: [mem 0x00000000-0x000fffff]
[ 4.372955] pci 0000:00:00.0: reg 0x14: [mem 0x00000000-0x0000ffff]
[ 4.379364] pci 0000:00:00.0: supports D1
[ 4.383392] pci 0000:00:00.0: PME# supported from D0 D1 D3hot
[ 4.396392] PCI: bus0: Fast back to back transfers disabled
[ 4.402313] PCI: bus1: Fast back to back transfers enabled
[ 4.407867] pci 0000:00:00.0: BAR 0: assigned [mem 0x20100000-0x201fffff]
[ 4.414703] pci 0000:00:00.0: BAR 1: assigned [mem 0x20020000-0x2002ffff]
[ 4.421539] pci 0000:00:00.0: PCI bridge to [bus 01-ff]
[ 4.427215] pcieport 0000:00:00.0: PME: Signaling with IRQ 135
[ 4.442047] edma 43300000.dma: memcpy is disabled
[ 4.449768] edma 43300000.dma: TI EDMA DMA engine driver
[ 4.484130] ti_abb 4ae07e30.regulator-abb-dspeve: can't request region for resource [mem 0x4ae06010-0x4ae06013]
[ 4.494293] ti_abb: probe of 4ae07e30.regulator-abb-dspeve failed with error -16
[ 4.503906] ti_abb 4ae07de4.regulator-abb-gpu: can't request region for resource [mem 0x4ae06010-0x4ae06013]
[ 4.513824] ti_abb: probe of 4ae07de4.regulator-abb-gpu failed with error -16
[ 4.547515] ti_opp_supply: probe of 4a003b20.opp-supply failed with error 1
[ 4.606109] rtc-ds1307 2-006f: registered as rtc0
[ 4.611145] rtc-ds1307 2-006f: hctosys: unable to read the hardware clock
[ 4.622070] palmas-rtc 48070000.i2c:tps659038@58:tps659038_rtc: registered as rtc1
[ 4.635375] sdhci-omap 480b4000.mmc: supply pbias not found, using dummy regulator
[ 4.644439] xhci-hcd xhci-hcd.1.auto: xHCI Host Controller
[ 4.649993] xhci-hcd xhci-hcd.1.auto: new USB bus registered, assigned bus number 1
[ 4.658325] xhci-hcd xhci-hcd.1.auto: hcc params 0x0220f04c hci version 0x100 quirks 0x0000000002010010
[ 4.667816] xhci-hcd xhci-hcd.1.auto: irq 142, io mem 0x48890000
[ 4.673980] xhci-hcd xhci-hcd.1.auto: xHCI Host Controller
[ 4.679504] xhci-hcd xhci-hcd.1.auto: new USB bus registered, assigned bus number 2
[ 4.683502] mmc1: SDHCI controller on 480b4000.mmc [480b4000.mmc] using ADMA
[ 4.687225] xhci-hcd xhci-hcd.1.auto: Host supports USB 3.0 SuperSpeed
[ 4.701568] hub 1-0:1.0: USB hub found
[ 4.705383] hub 1-0:1.0: 1 port detected
[ 4.709716] usb usb2: We don't know the algorithms for LPM for this host, disabling LPM.
[ 4.718475] hub 2-0:1.0: USB hub found
[ 4.722381] hub 2-0:1.0: 1 port detected
[ 4.732055] Waiting for root device PARTUUID=21674ce0-3b3d-d74e-a1fb-cb0f72855b64...
[ 4.771789] mmc1: new DDR MMC card at address 0001
[ 4.777160] mmcblk1: mmc1:0001 M62704 3.53 GiB
[ 4.786254] mmcblk1: p1 p2 p3 p4 p5 p6 p7 p8 p9 p10 p11 p12 p13 p14
[ 4.794189] mmcblk1boot0: mmc1:0001 M62704 2.00 MiB
[ 4.800140] mmcblk1boot1: mmc1:0001 M62704 2.00 MiB
[ 4.806060] mmcblk1rpmb: mmc1:0001 M62704 512 KiB, chardev (235:0)
[ 5.034576] usb 1-1: new high-speed USB device number 2 using xhci-hcd
[ 5.080200] EXT4-fs (mmcblk1p12): mounted filesystem with ordered data mode. Quota mode: disabled.
[ 5.093444] VFS: Mounted root (ext4 filesystem) on device 179:12.
[ 5.100830] devtmpfs: mounted
[ 5.114898] Freeing unused kernel image (initmem) memory: 2048K
[ 5.121093] Run /sbin/init as init process
[ 5.241271] systemd[1]: System time before build time, advancing clock.
[ 5.260406] systemd[1]: systemd 250.5+ running in system mode (-PAM -AUDIT -SELINUX -APPARMOR +IMA -SMACK +SECCOMP -GCRYPT -GNUTLS -OPENSSL +ACL +BLKID -CURL -ELFUTILS -FIDO2 -IDN2 -IDN -IPTC +KMOD -LIBCRYPTSETUP +LIBFDISK -PCRE2 -PWQUALITY -P11KIT -QRENCODE -BZIP2 -LZ4 -XZ -ZLIB +ZSTD -BPF_FRAMEWORK +XKBCOMMON +UTMP +SYSVINIT default-hierarchy=hybrid)
[ 5.277526] hub 1-1:1.0: USB hub found
[ 5.292297] systemd[1]: Detected architecture arm.
[ 5.295684] hub 1-1:1.0: 4 ports detected
[ 5.374694] usb 2-1: new SuperSpeed USB device number 2 using xhci-hcd
Welcome to Linux-Kernel-Functional-Testing nodistro.0!
[ 5.415313] systemd[1]: Hostname set to <am57xx-evm>.
[ 5.424713] systemd[1]: Initializing machine ID from random generator.
[ 5.453491] hub 2-1:1.0: USB hub found
[ 5.457489] hub 2-1:1.0: 4 ports detected
[ 5.744598] ata1: SATA link up 3.0 Gbps (SStatus 123 SControl 300)
[ 5.754943] ata1.00: ATA-9: SanDisk SSD PLUS 120GB, UE5000RL, max UDMA/133
[ 5.761871] ata1.00: 234455040 sectors, multi 1: LBA48 NCQ (depth 32)
[ 5.769134] ata1.00: Features: Dev-Sleep
[ 5.778015] ata1.00: configured for UDMA/133
[ 5.782501] scsi 0:0:0:0: Direct-Access ATA SanDisk SSD PLUS 00RL PQ: 0 ANSI: 5
[ 5.791534] sd 0:0:0:0: [sda] 234455040 512-byte logical blocks: (120 GB/112 GiB)
[ 5.804595] sd 0:0:0:0: [sda] Write Protect is off
[ 5.809478] sd 0:0:0:0: [sda] Write cache: enabled, read cache: enabled, doesn't support DPO or FUA
[ 5.818695] sd 0:0:0:0: [sda] Preferred minimum I/O size 512 bytes
[ 5.826110] sd 0:0:0:0: [sda] Attached SCSI disk
[ 6.182128] systemd[1]: Queued start job for default target Multi-User System.
[ 6.263397] systemd[1]: Created slice Slice /system/getty.
[ OK ] Created slice Slice /system/getty.
[ 6.306396] systemd[1]: Created slice Slice /system/modprobe.
[ OK ] Created slice Slice /system/modprobe.
[ 6.346130] systemd[1]: Created slice Slice /system/serial-getty.
[ OK ] Created slice Slice /system/serial-getty.
[ 6.385833] systemd[1]: Created slice User and Session Slice.
[ OK ] Created slice User and Session Slice.
[ 6.425415] systemd[1]: Started Dispatch Password Requests to Console Directory Watch.
[ OK ] Started Dispatch Password …ts to Console Directory Watch.
[ 6.464904] systemd[1]: Started Forward Password Requests to Wall Directory Watch.
[ OK ] Started Forward Password R…uests to Wall Directory Watch.
[ 6.505645] systemd[1]: Reached target Path Units.
[ OK ] Reached target Path Units.
[ 6.544769] systemd[1]: Reached target Remote File Systems.
[ OK ] Reached target Remote File Systems.
[ 6.585113] systemd[1]: Reached target Slice Units.
[ OK ] Reached target Slice Units.
[ 6.624786] systemd[1]: Reached target Swaps.
[ OK ] Reached target Swaps.
[ 6.656433] systemd[1]: Listening on RPCbind Server Activation Socket.
[ OK ] Listening on RPCbind Server Activation Socket.
[ 6.694763] systemd[1]: Reached target RPC Port Mapper.
[ OK ] Reached target RPC Port Mapper.
[ 6.736267] systemd[1]: Listening on Syslog Socket.
[ OK ] Listening on Syslog Socket.
[ 6.774932] systemd[1]: Listening on initctl Compatibility Named Pipe.
[ OK ] Listening on initctl Compatibility Named Pipe.
[ 6.836822] systemd[1]: Journal Audit Socket was skipped because of a failed condition check (ConditionSecurity=audit).
[ 6.848266] systemd[1]: Listening on Journal Socket (/dev/log).
[ OK ] Listening on Journal Socket (/dev/log).
[ 6.885162] systemd[1]: Listening on Journal Socket.
[ OK ] Listening on Journal Socket.
[ 6.926025] systemd[1]: Listening on Network Service Netlink Socket.
[ OK ] Listening on Network Service Netlink Socket.
[ 6.965209] systemd[1]: Listening on udev Control Socket.
[ OK ] Listening on udev Control Socket.
[ 7.005126] systemd[1]: Listening on udev Kernel Socket.
[ OK ] Listening on udev Kernel Socket.
[ 7.045745] systemd[1]: Listening on User Database Manager Socket.
[ OK ] Listening on User Database Manager Socket.
[ 7.085815] systemd[1]: Huge Pages File System was skipped because of a failed condition check (ConditionPathExists=/sys/kernel/mm/hugepages).
[ 7.145019] systemd[1]: Mounting POSIX Message Queue File System...
Mounting POSIX Message Queue File System...
[ 7.188415] systemd[1]: Mounting Kernel Debug File System...
Mounting Kernel Debug File System...
[ 7.228271] systemd[1]: Mounting Kernel Trace File System...
Mounting Kernel Trace File System...
[ 7.315032] systemd[1]: Mounting Temporary Directory /tmp...
Mounting Temporary Directory /tmp...
[ 7.348327] systemd[1]: Starting Create List of Static Device Nodes...
Starting Create List of Static Device Nodes...
[ 7.389221] systemd[1]: Starting Load Kernel Module configfs...
Starting Load Kernel Module configfs...
[ 7.439117] systemd[1]: Starting Load Kernel Module drm...
Starting Load Kernel Module drm...
[ 7.525238] systemd[1]: Starting Load Kernel Module fuse...
Starting Load Kernel Module fuse...
[ 7.557830] systemd[1]: Starting Start psplash boot splash screen...
Starting Start psplash boot splash screen...
[ 7.598632] systemd[1]: Starting RPC Bind...
Starting RPC Bind...
[ 7.634887] systemd[1]: File System Check on Root Device was skipped because of a failed condition check (ConditionPathIsReadWrite=!/).
[ 7.648071] systemd[1]: systemd-journald.service: unit configures an IP firewall, but the local system does not support BPF/cgroup firewalling.
[ 7.661041] systemd[1]: (This warning is only shown for the first unit using IP firewalling.)
[ 7.705169] systemd[1]: Starting Journal Service...
Starting Journal Service...
[ 7.739410] systemd[1]: Starting Load Kernel Modules...
Starting Load Kernel Modules...
[ 7.777160] systemd[1]: Starting Generate network units from Kernel command line...
Starting Generate network …ts from Kernel command line...
[ 7.856719] systemd[1]: Starting Remount Root and Kernel File Systems...
Starting Remount Root and Kernel File Systems[ 7.879089] EXT4-fs (mmcblk1p12): re-mounted. Quota mode: disabled.
...
[ 7.918670] systemd[1]: Starting Coldplug All udev Devices...
Starting Coldplug All udev Devices...
[ 7.970916] systemd[1]: Started RPC Bind.
[ OK ] Started RPC Bind.
[ 8.015502] systemd[1]: Started Journal Service.
[ OK ] Started Journal Service.
[ OK ] Mounted POSIX Message Queue File System.
[ OK ] Mounted Kernel Debug File System.
[ OK ] Mounted Kernel Trace File System.
[ OK ] Mounted Temporary Directory /tmp.
[ OK ] Finished Create List of Static Device Nodes.
[ OK ] Finished Load Kernel Module configfs.
[ OK ] Finished Load Kernel Module drm.
[ OK ] Finished Load Kernel Module fuse.
[FAILED] Failed to start Start psplash boot splash screen.
See 'systemctl status psplash-start.service' for details.
[DEPEND] Dependency failed for Star…progress communication helper.
[ OK ] Finished Load Kernel Modules.
[ OK ] Finished Generate network units from Kernel command line.
[ OK ] Finished Remount Root and Kernel File Systems.
Mounting Kernel Configuration File System...
Starting Flush Journal to Persistent Storage...
[ 8.640930] systemd-journald[235]: Received client request to flush runtime journal.
Starting Apply Kernel Variables...
Starting Create System Users...
[ OK ] Mounted Kernel Configuration File System.
[ OK ] Finished Flush Journal to Persistent Storage.
[ OK ] Finished Apply Kernel Variables.
[ OK ] Finished Create System Users.
Starting Create Static Device Nodes in /dev...
[ OK ] Finished Create Static Device Nodes in /dev.
[ OK ] Reached target Preparation for Local File Systems.
Mounting /var/volatile...
Starting Rule-based Manage…for Device Events and Files...
[ OK ] Mounted /var/volatile.
Starting Load/Save Random Seed...
[ OK ] Reached target Local File Systems.
Starting Rebuild Dynamic Linker Cache...
Starting Create Volatile Files and Directories...
[ OK ] Started Rule-based Manager for Device Events and Files.
[ OK ] Finished Coldplug All udev Devices.
[ OK ] Finished Load/Save Random Seed.
[ OK ] Finished Create Volatile Files and Directories.
Starting Rebuild Journal Catalog...
Starting Network Time Synchronization...
Starting Wait for udev To …plete Device Initialization...
Starting Record System Boot/Shutdown in UTMP...
[ OK ] Finished Rebuild Dynamic Linker Cache.
[ OK ] Finished Rebuild Journal Catalog.
[ OK ] Started Network Time Synchronization.
[ OK ] Finished Record System Boot/Shutdown in UTMP.
[ OK ] Reached target System Time Set.
Starting Update is Completed...
[ OK ] Finished Update is Completed.
[ 11.174957] usbcore: registered new device driver onboard-usb-hub
[ 11.477539] etnaviv etnaviv: bound 59000000.gpu (ops gpu_ops [etnaviv])
[ 11.484313] etnaviv-gpu 59000000.gpu: model: GC320, revision: 5301
[ 11.505157] [drm] Initialized etnaviv 1.3.0 20151214 for etnaviv on minor 0
[ 11.617126] hub 1-1:1.0: USB hub found
[ 11.622070] hub 1-1:1.0: 4 ports detected
[ OK ] Listening on Load/Save RF …itch Status /dev/rfkill Watch.
[ 11.777160] hub 1-1:1.0: USB hub found
[ 11.780975] hub 1-1:1.0: 4 ports detected
[ 12.033996] hub 2-1:1.0: USB hub found
[ 12.037841] hub 2-1:1.0: 4 ports detected
[ 12.113342] hub 2-1:1.0: USB hub found
[ 12.117187] hub 2-1:1.0: 4 ports detected
[ OK ] Finished Wait for udev To Complete Device Initialization.
[ OK ] Started Hardware RNG Entropy Gatherer Daemon.
[ OK ] Reached target System Initialization.
[ OK ] Started Daily rotation of log files.
[ OK ] Started Daily Cleanup of Temporary Directories.
[ OK ] Reached target Timer Units.
[ OK ] Listening on Avahi mDNS/DNS-SD Stack Activation Socket.
[ OK ] Listening on D-Bus System Message Bus Socket.
Starting sshd.socket...
[ OK ] Listening on sshd.socket.
[ OK ] Reached target Socket Units.
[ OK ] Reached target Basic System.
[ OK ] Started Kernel Logging Service.
[ OK ] Started System Logging Service.
[ OK ] Started Periodic Command Scheduler.
Starting D-Bus System Message Bus...
[ OK ] Started Getty on tty1.
Starting IPv6 Packet Filtering Framework...
Starting IPv4 Packet Filtering Framework...
Starting Telephony service...
[ OK ] Started Serial Getty on ttyS2.
[ OK ] Reached target Login Prompts.
[ 13.546081] Bluetooth: Core ver 2.22
[ 13.555175] NET: Registered PF_BLUETOOTH protocol family
[ 13.560516] Bluetooth: HCI device and connection manager initialized
[ 13.566925] Bluetooth: HCI socket layer initialized
[ 13.571838] Bluetooth: L2CAP socket layer initialized
[ 13.576965] Bluetooth: SCO socket layer initialized
Starting Resets System Activity Logs...
Starting User Login Management...
Starting OpenSSH Key Generation...
[ OK ] Started D-Bus System Message Bus.
[ OK ] Finished IPv6 Packet Filtering Framework.
[ OK ] Finished IPv4 Packet Filtering Framework.
[ OK ] Finished Resets System Activity Logs.
[ OK ] Reached target Preparation for Network.
Starting Network Configuration...
[ OK ] Started Telephony service.
[ OK ] Started User Login Management.
[ 14.176635] cfg80211: Loading compiled-in X.509 certificates for regulatory database
[ 14.256225] cfg80211: Loaded X.509 cert 'sforshee: 00b28ddf47aef9cea7'
[ OK ] Started Network Configuration.
[ 14.356201] cpsw-switch 48484000.switch: starting ndev. mode: dual_mac
Starting Network Name Resolution...
[ 14.504577] Micrel KSZ9031 Gigabit PHY 48485000.mdio:02: attached PHY driver (mii_bus:phy_addr=48485000.mdio:02, irq=POLL)
[ 14.559631] cpsw-switch 48484000.switch: starting ndev. mode: dual_mac
[ 14.675628] Micrel KSZ9031 Gigabit PHY 48485000.mdio:01: attached PHY driver (mii_bus:phy_addr=48485000.mdio:01, irq=POLL)
[ OK ] Started Network Name Resolution.
[ OK ] Reached target Network.
[ OK ] Reached target Host and Network Name Lookups.
Starting Avahi mDNS/DNS-SD Stack...
[ OK ] Started Avahi mDNS/DNS-SD Stack.
[ OK ] Reached target Multi-User System.
Starting Record Runlevel Change in UTMP...
[ OK ] Finished Record Runlevel Change in UTMP.
[ 16.656158] cpsw-switch 48484000.switch eth1: Link is Up - 100Mbps/Full - flow control off
[ 16.664489] IPv6: ADDRCONF(NETDEV_CHANGE): eth1: link becomes ready
[ 18.896118] cpsw-switch 48484000.switch eth0: Link is Up - 1Gbps/Full - flow control off
[ 18.904296] IPv6: ADDRCONF(NETDEV_CHANGE): eth0: link becomes ready
Linux-Kernel-Functional-Testing nodistro.0 am57xx-evm ttyS2
am57xx-evm login: root
root
7[r[999;999H[6n[ 21.618377] platform 488c0000.omap_dwc3_2: deferred probe pending
[ 21.624511] platform sound0: deferred probe pending
root@am57xx-evm:~#
root@am57xx-evm:~# #
#
root@am57xx-evm:~# export SHELL=/bin/sh
export SHELL=/bin/sh
root@am57xx-evm:~# . /lava-5900484/environment
. /lava-5900484/environment
root@am57xx-evm:~# /lava-5900484/bin/lava-test-runner /lava-5900484/0
/lava-5900484/bin/lava-test-runner /lava-5900484/0
+ export TESTRUN_ID=0_prep-tmp-disk
+ TESTRUN_ID=0_prep-tmp-disk
+ cd /lava-5900484/0/tests/0_prep-tmp-disk
++ cat uuid
+ UUID=5900484_2.1.4.1
+ set +x
<LAVA_SIGNAL_STARTRUN 0_prep-tmp-disk 5900484_2.1.4.1>
++ lava-target-storage SATA
+ export STORAGE_DEV=/dev/disk/by-id/ata-SanDisk_SSD_PLUS_120GB_190703A00329
+ STORAGE_DEV=/dev/disk/by-id/ata-SanDisk_SSD_PLUS_120GB_190703A00329
+ test -n /dev/disk/by-id/ata-SanDisk_SSD_PLUS_120GB_190703A00329
+ echo y
+ mkfs.ext4 /dev/disk/by-id/ata-SanDisk_SSD_PLUS_120GB_190703A00329
mke2fs 1.46.5 (30-Dec-2021)
Discarding device blocks: 0/29306880 1048576/29306880 7864320/29306880[ 30.527496] 8<--- cut here ---
[ 30.530578] Unable to handle kernel paging request at virtual address f880350c
[ 30.537841] [f880350c] *pgd=00000000
[ 30.541442] Internal error: Oops: 5 [#1] SMP ARM
[ 30.546081] Modules linked in: cfg80211 bluetooth etnaviv snd_soc_simple_card snd_soc_simple_card_utils gpu_sched onboard_usb_hub snd_soc_davinci_mcasp snd_soc_ti_udma snd_soc_ti_edma snd_soc_ti_sdma snd_soc_core ac97_bus snd_pcm_dmaengine snd_pcm snd_timer snd soundcore display_connector
[ 30.571807] CPU: 0 PID: 287 Comm: rngd Not tainted 6.0.11-rc1 #1
[ 30.577850] Hardware name: Generic DRA74X (Flattened Device Tree)
[ 30.583984] PC is at l3_interrupt_handler+0x70/0x384
[ 30.588958] LR is at 0x3
[ 30.591522] pc : [<c089019c>] lr : [<00000003>] psr: 200d0193
[ 30.597808] sp : f0001eb8 ip : 0000000c fp : 00000000
[ 30.603057] r10: 00000060 r9 : c226a320 r8 : 00000060
[ 30.608306] r7 : f8000000 r6 : c39d4940 r5 : c210c8c0 r4 : c39e4200
[ 30.614868] r3 : 00000000 r2 : f880350c r1 : c210c64c r0 : c39d4948
[ 30.621429] Flags: nzCv IRQs off FIQs on Mode SVC_32 ISA ARM Segment none
[ 30.628692] Control: 10c5387d Table: 84f3406a DAC: 00000051
[ 30.634460] Register r0 information: slab kmalloc-128 start c39d4900 pointer offset 72 size 128
[ 30.643218] Register r1 information: non-slab/vmalloc memory
[ 30.648895] Register r2 information: non-paged memory
[ 30.653991] Register r3 information: NULL pointer
[ 30.658721] Register r4 information: slab kmalloc-64 start c39e4200 pointer offset 0 size 64
[ 30.667205] Register r5 information: non-slab/vmalloc memory
[ 30.672912] Register r6 information: slab kmalloc-128 start c39d4900 pointer offset 64 size 128
[ 30.681640] Register r7 information: 0-page vmalloc region starting at 0xf8000000 allocated at iotable_init+0x0/0xf4
[ 30.692230] Register r8 information: non-paged memory
[ 30.697326] Register r9 information: non-slab/vmalloc memory
[ 30.703002] Register r10 information: non-paged memory
[ 30.708160] Register r11 information: NULL pointer
[ 30.712982] Register r12 information: non-paged memory
[ 30.718139] Process rngd (pid: 287, stack limit = 0x49af5199)
[ 30.723937] Stack: (0xf0001eb8 to 0xf0002000)
[ 30.728302] 1ea0: 00000008 f0001f10
[ 30.736511] 1ec0: c2f43480 00000003 00000406 c087457c c3b82024 00000001 00000000 00000001
[ 30.744750] 1ee0: c2f43480 00000000 00000000 8b7f63d6 c3b80200 c3b82024 00000001 c2f43480
[ 30.752960] 1f00: c2d3b800 00000100 c2003080 c0796ab0 00000000 8b7f63d6 00000000 c49e0e00
[ 30.761169] 1f20: 00000000 00000000 c3b82000 c0bf797c c49e0ea8 00000000 c2f43480 c49e0e00
[ 30.769378] 1f40: c226a320 8b7f63d6 c49e0ea8 c39e4200 c2013a68 00000000 c39d3700 c226a340
[ 30.777618] 1f60: c226a320 00000060 c2f43480 c03b85e8 c2003094 00000000 c2009f50 c2269993
[ 30.785827] 1f80: c226a320 c39d3700 c2013a68 c39d376c c1f97510 fa21200c f0001fd0 9e97da7a
[ 30.794036] 1fa0: f12adfa8 c03b87d8 c39d3700 c2013a68 fa212000 c03bd2e0 c200aa08 c210a274
[ 30.802276] 1fc0: fa212000 c03b7d8c c200aa08 c0301804 c1f97504 f12adfb0 00000000 c2f43480
[ 30.810485] 1fe0: c1f91044 6ad6d48f 9e97da7a c130b0d8 b6f22d36 800d0030 ffffffff c08597bc
[ 30.818695] l3_interrupt_handler from __handle_irq_event_percpu+0xa0/0x1fc
[ 30.825714] __handle_irq_event_percpu from handle_irq_event+0x4c/0x94
[ 30.832275] handle_irq_event from handle_fasteoi_irq+0xa0/0x194
[ 30.838317] handle_fasteoi_irq from generic_handle_domain_irq+0x30/0x40
[ 30.845031] generic_handle_domain_irq from gic_handle_irq+0x90/0xb0
[ 30.851440] gic_handle_irq from generic_handle_arch_irq+0x34/0x44
[ 30.857666] generic_handle_arch_irq from call_with_stack+0x18/0x20
[ 30.863952] call_with_stack from __irq_usr+0x7c/0xa0
[ 30.869049] Exception stack(0xf12adfb0 to 0xf12adff8)
[ 30.874114] dfa0: 9e97da7a 6ad6d48f 9e97da7a 6ad6d48f
[ 30.882324] dfc0: 00000002 00000000 00000000 b6b9e8e8 9e97da78 6ad6d48f 9e97da7a 6ad6d48f
[ 30.890563] dfe0: 00000000 b6b9e8e8 b6f23701 b6f22d36 800d0030 ffffffff
[ 30.897186] Code: e4907004 e5952000 e08c2002 e0872002 (e5924000)
[ 30.903320] ---[ end trace 0000000000000000 ]---
[ 30.907958] Kernel panic - not syncing: Fatal exception in interrupt
[ 30.914367] CPU1: stopping
[ 30.917083] CPU: 1 PID: 291 Comm: rngd Tainted: G D 6.0.11-rc1 #1
[ 30.924591] Hardware name: Generic DRA74X (Flattened Device Tree)
[ 30.930725] unwind_backtrace from show_stack+0x18/0x1c
[ 30.935974] show_stack from dump_stack_lvl+0x58/0x70
[ 30.941070] dump_stack_lvl from do_handle_IPI+0x2e0/0x318
[ 30.946594] do_handle_IPI from ipi_handler+0x20/0x28
[ 30.951660] ipi_handler from handle_percpu_devid_irq+0x94/0x1e8
[ 30.957702] handle_percpu_devid_irq from generic_handle_domain_irq+0x30/0x40
[ 30.964874] generic_handle_domain_irq from gic_handle_irq+0x90/0xb0
[ 30.971282] gic_handle_irq from generic_handle_arch_irq+0x34/0x44
[ 30.977478] generic_handle_arch_irq from call_with_stack+0x18/0x20
[ 30.983795] call_with_stack from __irq_svc+0x9c/0xb8
[ 30.988861] Exception stack(0xf12a5ef8 to 0xf12a5f40)
[ 30.993927] 5ee0: 0011baa7 00000000
[ 31.002166] 5f00: 626ad21a 0000270a 00000000 c22c9480 f12a5f80 00001706 c03002f0 c2f47380
[ 31.010375] 5f20: 00000193 becec000 f12a5f24 f12a5f48 c03e98b8 c03e98bc 600f0013 ffffffff
[ 31.018585] __irq_svc from ktime_get_real_ts64+0x58/0x174
[ 31.024108] ktime_get_real_ts64 from posix_get_realtime_timespec+0x14/0x1c
[ 31.031127] posix_get_realtime_timespec from sys_clock_gettime+0x64/0xc8
[ 31.037933] sys_clock_gettime from __sys_trace_return+0x0/0x10
[ 31.043884] Exception stack(0xf12a5fa8 to 0xf12a5ff0)
[ 31.048980] 5fa0: 00000000 b61fea18 00000000 b61fea18 00000000 00000000
[ 31.057189] 5fc0: 00000000 b61fea18 b61feacc 00000193 000172a0 00000000 b59ff000 becec000
[ 31.065399] 5fe0: becec020 b61fe9c0 beced55c beced6b8
[ 31.070465] ---[ end Kernel panic - not syncing: Fatal exception in interrupt ]---
^ permalink raw reply [flat|nested] 305+ messages in thread
* Re: [PATCH 6.0 000/289] 6.0.11-rc1 review
2022-11-30 18:19 [PATCH 6.0 000/289] 6.0.11-rc1 review Greg Kroah-Hartman
` (294 preceding siblings ...)
2022-12-01 8:18 ` Naresh Kamboju
@ 2022-12-01 9:45 ` Bagas Sanjaya
2022-12-01 11:14 ` Sudip Mukherjee
` (2 subsequent siblings)
298 siblings, 0 replies; 305+ messages in thread
From: Bagas Sanjaya @ 2022-12-01 9:45 UTC (permalink / raw)
To: Greg Kroah-Hartman
Cc: stable, patches, linux-kernel, torvalds, akpm, linux, shuah,
patches, lkft-triage, pavel, jonathanh, f.fainelli,
sudipm.mukherjee, srw, rwarsow
[-- Attachment #1: Type: text/plain, Size: 538 bytes --]
On Wed, Nov 30, 2022 at 07:19:45PM +0100, Greg Kroah-Hartman wrote:
> This is the start of the stable review cycle for the 6.0.11 release.
> There are 289 patches in this series, all will be posted as a response
> to this one. If anyone has any issues with these being applied, please
> let me know.
>
Successfully cross-compiled for arm64 (bcm2711_defconfig, GCC 10.2.0) and
powerpc (ps3_defconfig, GCC 12.2.0).
Tested-by: Bagas Sanjaya <bagasdotme@gmail.com>
--
An old man doll... just what I always wanted! - Clara
[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 228 bytes --]
^ permalink raw reply [flat|nested] 305+ messages in thread
* Re: [PATCH 6.0 000/289] 6.0.11-rc1 review
2022-11-30 18:19 [PATCH 6.0 000/289] 6.0.11-rc1 review Greg Kroah-Hartman
` (295 preceding siblings ...)
2022-12-01 9:45 ` Bagas Sanjaya
@ 2022-12-01 11:14 ` Sudip Mukherjee
2022-12-01 14:54 ` Fenil Jain
2022-12-01 16:48 ` Justin Forbes
298 siblings, 0 replies; 305+ messages in thread
From: Sudip Mukherjee @ 2022-12-01 11:14 UTC (permalink / raw)
To: Greg Kroah-Hartman
Cc: stable, patches, linux-kernel, torvalds, akpm, linux, shuah,
patches, lkft-triage, pavel, jonathanh, f.fainelli, srw, rwarsow
Hi Greg,
On Wed, Nov 30, 2022 at 07:19:45PM +0100, Greg Kroah-Hartman wrote:
> This is the start of the stable review cycle for the 6.0.11 release.
> There are 289 patches in this series, all will be posted as a response
> to this one. If anyone has any issues with these being applied, please
> let me know.
>
> Responses should be made by Fri, 02 Dec 2022 18:05:05 +0000.
> Anything received after that time might be too late.
Build test (gcc version 12.2.1 20221127):
mips: 52 configs -> no failure
arm: 100 configs -> no failure
arm64: 3 configs -> no failure
x86_64: 4 configs -> no failure
alpha allmodconfig -> no failure
csky allmodconfig -> no failure
powerpc allmodconfig -> no failure
riscv allmodconfig -> no failure
s390 allmodconfig -> no failure
xtensa allmodconfig -> no failure
Boot test:
x86_64: Booted on my test laptop. No regression.
x86_64: Booted on qemu. No regression. [1]
mips: Booted on ci20 board. No regression. [2]
[1]. https://openqa.qa.codethink.co.uk/tests/2253
[2]. https://openqa.qa.codethink.co.uk/tests/2258
Tested-by: Sudip Mukherjee <sudip.mukherjee@codethink.co.uk>
--
Regards
Sudip
^ permalink raw reply [flat|nested] 305+ messages in thread
* Re: [PATCH 6.0 000/289] 6.0.11-rc1 review
2022-11-30 18:19 [PATCH 6.0 000/289] 6.0.11-rc1 review Greg Kroah-Hartman
` (296 preceding siblings ...)
2022-12-01 11:14 ` Sudip Mukherjee
@ 2022-12-01 14:54 ` Fenil Jain
2022-12-01 16:48 ` Justin Forbes
298 siblings, 0 replies; 305+ messages in thread
From: Fenil Jain @ 2022-12-01 14:54 UTC (permalink / raw)
To: Greg Kroah-Hartman; +Cc: stable
Hey Greg,
Ran tests and boot tested on my system, no regressions found
Tested-by: Fenil Jain <fkjainco@gmail.com>
^ permalink raw reply [flat|nested] 305+ messages in thread
* Re: [PATCH 6.0 075/289] net: neigh: decrement the family specific qlen
2022-11-30 18:21 ` [PATCH 6.0 075/289] net: neigh: decrement the family specific qlen Greg Kroah-Hartman
@ 2022-12-01 15:04 ` Chuck Zmudzinski
0 siblings, 0 replies; 305+ messages in thread
From: Chuck Zmudzinski @ 2022-12-01 15:04 UTC (permalink / raw)
To: Greg Kroah-Hartman, stable
Cc: patches, Thomas Zeitlhofer, David S. Miller, Sasha Levin
On 11/30/22 1:21 PM, Greg Kroah-Hartman wrote:
> From: Thomas Zeitlhofer <thomas.zeitlhofer+lkml@ze-it.at>
>
> [ Upstream commit 8207f253a097fe15c93d85ac15ebb73c5e39e1e1 ]
>
> Commit 0ff4eb3d5ebb ("neighbour: make proxy_queue.qlen limit
> per-device") introduced the length counter qlen in struct neigh_parms.
> There are separate neigh_parms instances for IPv4/ARP and IPv6/ND, and
> while the family specific qlen is incremented in pneigh_enqueue(), the
> mentioned commit decrements always the IPv4/ARP specific qlen,
> regardless of the currently processed family, in pneigh_queue_purge()
> and neigh_proxy_process().
>
> As a result, with IPv6/ND, the family specific qlen is only incremented
> (and never decremented) until it exceeds PROXY_QLEN, and then, according
> to the check in pneigh_enqueue(), neighbor solicitations are not
> answered anymore. As an example, this is noted when using the
> subnet-router anycast address to access a Linux router. After a certain
> amount of time (in the observed case, qlen exceeded PROXY_QLEN after two
> days), the Linux router stops answering neighbor solicitations for its
> subnet-router anycast address and effectively becomes unreachable.
In my environment, without this patch to 6.0.y, IPv6 proxy
neighbours lose connectivity after two or three hours at most
because at that point qlen > PROXY_QLEN in my router.
>
> Another result with IPv6/ND is that the IPv4/ARP specific qlen is
> decremented more often than incremented. This leads to negative qlen
> values, as a signed integer has been used for the length counter qlen,
> and potentially to an integer overflow.
>
> Fix this by introducing the helper function neigh_parms_qlen_dec(),
> which decrements the family specific qlen. Thereby, make use of the
> existing helper function neigh_get_dev_parms_rcu(), whose definition
> therefore needs to be placed earlier in neighbour.c. Take the family
> member from struct neigh_table to determine the currently processed
> family and appropriately call neigh_parms_qlen_dec() from
> pneigh_queue_purge() and neigh_proxy_process().
>
> Additionally, use an unsigned integer for the length counter qlen.
>
> Fixes: 0ff4eb3d5ebb ("neighbour: make proxy_queue.qlen limit per-device")
> Signed-off-by: Thomas Zeitlhofer <thomas.zeitlhofer+lkml@ze-it.at>
> Signed-off-by: David S. Miller <davem@davemloft.net>
> Signed-off-by: Sasha Levin <sashal@kernel.org>
> ---
> include/net/neighbour.h | 2 +-
> net/core/neighbour.c | 58 +++++++++++++++++++++--------------------
> 2 files changed, 31 insertions(+), 29 deletions(-)
>
> diff --git a/include/net/neighbour.h b/include/net/neighbour.h
> index 3827a6b395fd..bce6b228cf56 100644
> --- a/include/net/neighbour.h
> +++ b/include/net/neighbour.h
> @@ -83,7 +83,7 @@ struct neigh_parms {
> struct rcu_head rcu_head;
>
> int reachable_time;
> - int qlen;
> + u32 qlen;
> int data[NEIGH_VAR_DATA_MAX];
> DECLARE_BITMAP(data_state, NEIGH_VAR_DATA_MAX);
> };
> diff --git a/net/core/neighbour.c b/net/core/neighbour.c
> index 84755db81e9d..35f5a3125808 100644
> --- a/net/core/neighbour.c
> +++ b/net/core/neighbour.c
> @@ -307,7 +307,31 @@ static int neigh_del_timer(struct neighbour *n)
> return 0;
> }
>
> -static void pneigh_queue_purge(struct sk_buff_head *list, struct net *net)
> +static struct neigh_parms *neigh_get_dev_parms_rcu(struct net_device *dev,
> + int family)
> +{
> + switch (family) {
> + case AF_INET:
> + return __in_dev_arp_parms_get_rcu(dev);
> + case AF_INET6:
> + return __in6_dev_nd_parms_get_rcu(dev);
> + }
> + return NULL;
> +}
> +
> +static void neigh_parms_qlen_dec(struct net_device *dev, int family)
> +{
> + struct neigh_parms *p;
> +
> + rcu_read_lock();
> + p = neigh_get_dev_parms_rcu(dev, family);
> + if (p)
> + p->qlen--;
> + rcu_read_unlock();
> +}
> +
> +static void pneigh_queue_purge(struct sk_buff_head *list, struct net *net,
> + int family)
> {
> struct sk_buff_head tmp;
> unsigned long flags;
> @@ -321,13 +345,7 @@ static void pneigh_queue_purge(struct sk_buff_head *list, struct net *net)
> struct net_device *dev = skb->dev;
>
> if (net == NULL || net_eq(dev_net(dev), net)) {
> - struct in_device *in_dev;
> -
> - rcu_read_lock();
> - in_dev = __in_dev_get_rcu(dev);
> - if (in_dev)
> - in_dev->arp_parms->qlen--;
> - rcu_read_unlock();
> + neigh_parms_qlen_dec(dev, family);
> __skb_unlink(skb, list);
> __skb_queue_tail(&tmp, skb);
> }
> @@ -409,7 +427,8 @@ static int __neigh_ifdown(struct neigh_table *tbl, struct net_device *dev,
> write_lock_bh(&tbl->lock);
> neigh_flush_dev(tbl, dev, skip_perm);
> pneigh_ifdown_and_unlock(tbl, dev);
> - pneigh_queue_purge(&tbl->proxy_queue, dev ? dev_net(dev) : NULL);
> + pneigh_queue_purge(&tbl->proxy_queue, dev ? dev_net(dev) : NULL,
> + tbl->family);
> if (skb_queue_empty_lockless(&tbl->proxy_queue))
> del_timer_sync(&tbl->proxy_timer);
> return 0;
> @@ -1621,13 +1640,8 @@ static void neigh_proxy_process(struct timer_list *t)
>
> if (tdif <= 0) {
> struct net_device *dev = skb->dev;
> - struct in_device *in_dev;
>
> - rcu_read_lock();
> - in_dev = __in_dev_get_rcu(dev);
> - if (in_dev)
> - in_dev->arp_parms->qlen--;
> - rcu_read_unlock();
> + neigh_parms_qlen_dec(dev, tbl->family);
> __skb_unlink(skb, &tbl->proxy_queue);
>
> if (tbl->proxy_redo && netif_running(dev)) {
> @@ -1821,7 +1835,7 @@ int neigh_table_clear(int index, struct neigh_table *tbl)
> cancel_delayed_work_sync(&tbl->managed_work);
> cancel_delayed_work_sync(&tbl->gc_work);
> del_timer_sync(&tbl->proxy_timer);
> - pneigh_queue_purge(&tbl->proxy_queue, NULL);
> + pneigh_queue_purge(&tbl->proxy_queue, NULL, tbl->family);
> neigh_ifdown(tbl, NULL);
> if (atomic_read(&tbl->entries))
> pr_crit("neighbour leakage\n");
> @@ -3542,18 +3556,6 @@ static int proc_unres_qlen(struct ctl_table *ctl, int write,
> return ret;
> }
>
> -static struct neigh_parms *neigh_get_dev_parms_rcu(struct net_device *dev,
> - int family)
> -{
> - switch (family) {
> - case AF_INET:
> - return __in_dev_arp_parms_get_rcu(dev);
> - case AF_INET6:
> - return __in6_dev_nd_parms_get_rcu(dev);
> - }
> - return NULL;
> -}
> -
> static void neigh_copy_dflt_parms(struct net *net, struct neigh_parms *p,
> int index)
> {
Hi Greg,
I tested this patch on my IPv6 router. Given that without this patch,
connectivity of IPv6 proxy neighbours is lost after 2-3 hours in my
environment, a successful test requires:
- connectivity of IPv6 proxy neighbours must last at least six hours
- connectivity of IPv6 proxy neighbours must persist until router reboot
- no other observed bugs or regressions
I tested three kernels:
- Official Fedora 37 6.0.9 kernel plus this patch
- Official Fedora 37 6.0.10 kernel which includes this patch
- 6.0.11-rc1 kernel
All three kernels passed the test, with the longest test before
rebooting the router of 12 hours for the 6.0.11-rc1 kernel.
On the Debian bug tracker, there is also a report of a successful
test of this patch which resulted in 24 hours of continued IPv6
connectivity for IPv6 proxy neighbours (see the Link tag below).
AFAICS, 6.0.11-rc1 works great on my IPv6 router.
Thanks to all who worked on this for the quick fix.
Best regards,
Chuck Zmudzinski
Link: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1024070#44
Tested-by: Chuck Zmudzinski <brchuckz@aol.com>
^ permalink raw reply [flat|nested] 305+ messages in thread
* Re: [PATCH 6.0 000/289] 6.0.11-rc1 review
2022-11-30 18:19 [PATCH 6.0 000/289] 6.0.11-rc1 review Greg Kroah-Hartman
` (297 preceding siblings ...)
2022-12-01 14:54 ` Fenil Jain
@ 2022-12-01 16:48 ` Justin Forbes
298 siblings, 0 replies; 305+ messages in thread
From: Justin Forbes @ 2022-12-01 16:48 UTC (permalink / raw)
To: Greg Kroah-Hartman
Cc: stable, patches, linux-kernel, torvalds, akpm, linux, shuah,
patches, lkft-triage, pavel, jonathanh, f.fainelli,
sudipm.mukherjee, srw, rwarsow
On Wed, Nov 30, 2022 at 07:19:45PM +0100, Greg Kroah-Hartman wrote:
> This is the start of the stable review cycle for the 6.0.11 release.
> There are 289 patches in this series, all will be posted as a response
> to this one. If anyone has any issues with these being applied, please
> let me know.
>
> Responses should be made by Fri, 02 Dec 2022 18:05:05 +0000.
> Anything received after that time might be too late.
>
> The whole patch series can be found in one patch at:
> https://www.kernel.org/pub/linux/kernel/v6.x/stable-review/patch-6.0.11-rc1.gz
> or in the git tree and branch at:
> git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-6.0.y
> and the diffstat can be found below.
>
> thanks,
>
> greg k-h
Tested rc1 against the Fedora build system (aarch64, armv7, ppc64le,
s390x, x86_64), and boot tested x86_64. No regressions noted.
Tested-by: Justin M. Forbes <jforbes@fedoraproject.org>
^ permalink raw reply [flat|nested] 305+ messages in thread
* Re: [PATCH 6.0 000/289] 6.0.11-rc1 review
@ 2022-11-30 19:21 Ronald Warsow
0 siblings, 0 replies; 305+ messages in thread
From: Ronald Warsow @ 2022-11-30 19:21 UTC (permalink / raw)
To: linux-kernel; +Cc: stable
Hi Greg
6.0.11-rc1
compiles, boots and runs here on x86_64
(Intel i5-11400, Fedora 37)
Thanks
Tested-by: Ronald Warsow <rwarsow@gmx.de>
^ permalink raw reply [flat|nested] 305+ messages in thread
end of thread, other threads:[~2022-12-01 16:48 UTC | newest]
Thread overview: 305+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2022-11-30 18:19 [PATCH 6.0 000/289] 6.0.11-rc1 review Greg Kroah-Hartman
2022-11-30 18:19 ` [PATCH 6.0 001/289] binder: validate alloc->mm in ->mmap() handler Greg Kroah-Hartman
2022-11-30 18:19 ` [PATCH 6.0 002/289] ceph: Use kcalloc for allocating multiple elements Greg Kroah-Hartman
2022-11-30 18:19 ` [PATCH 6.0 003/289] ceph: fix NULL pointer dereference for req->r_session Greg Kroah-Hartman
2022-11-30 18:19 ` [PATCH 6.0 004/289] wifi: mac80211: fix memory free error when registering wiphy fail Greg Kroah-Hartman
2022-11-30 18:19 ` [PATCH 6.0 005/289] wifi: cfg80211: Fix bitrates overflow issue Greg Kroah-Hartman
2022-11-30 18:19 ` [PATCH 6.0 006/289] wifi: mac80211_hwsim: fix debugfs attribute ps with rc table support Greg Kroah-Hartman
2022-11-30 18:19 ` [PATCH 6.0 007/289] spi: tegra210-quad: Dont initialise DMA if not supported Greg Kroah-Hartman
2022-11-30 18:19 ` [PATCH 6.0 008/289] riscv: dts: sifive unleashed: Add PWM controlled LEDs Greg Kroah-Hartman
2022-11-30 18:19 ` [PATCH 6.0 009/289] audit: fix undefined behavior in bit shift for AUDIT_BIT Greg Kroah-Hartman
2022-11-30 18:19 ` [PATCH 6.0 010/289] wifi: airo: do not assign -1 to unsigned char Greg Kroah-Hartman
2022-11-30 18:19 ` [PATCH 6.0 011/289] wifi: mac80211: Fix ack frame idr leak when mesh has no route Greg Kroah-Hartman
2022-11-30 18:19 ` [PATCH 6.0 012/289] selftests/net: dont tests batched TCP io_uring zc Greg Kroah-Hartman
2022-11-30 18:19 ` [PATCH 6.0 013/289] wifi: ath11k: Fix QCN9074 firmware boot on x86 Greg Kroah-Hartman
2022-11-30 18:19 ` [PATCH 6.0 014/289] s390/zcrypt: fix warning about field-spanning write Greg Kroah-Hartman
2022-11-30 18:20 ` [PATCH 6.0 015/289] spi: stm32: fix stm32_spi_prepare_mbr() that halves spi clk for every run Greg Kroah-Hartman
2022-11-30 18:20 ` [PATCH 6.0 016/289] selftests/bpf: Add verifier test for release_reference() Greg Kroah-Hartman
2022-11-30 18:20 ` [PATCH 6.0 017/289] selftests/net: give more time to udpgro bg processes to complete startup Greg Kroah-Hartman
2022-11-30 18:20 ` [PATCH 6.0 018/289] Revert "net: macsec: report real_dev features when HW offloading is enabled" Greg Kroah-Hartman
2022-11-30 18:20 ` [PATCH 6.0 019/289] ACPI: video: Add backlight=native DMI quirk for Dell G15 5515 Greg Kroah-Hartman
2022-11-30 18:20 ` [PATCH 6.0 020/289] platform/x86: ideapad-laptop: Disable touchpad_switch Greg Kroah-Hartman
2022-11-30 18:20 ` [PATCH 6.0 021/289] platform/x86: touchscreen_dmi: Add info for the RCA Cambio W101 v2 2-in-1 Greg Kroah-Hartman
2022-11-30 18:20 ` [PATCH 6.0 022/289] platform/x86/intel/pmt: Sapphire Rapids PMT errata fix Greg Kroah-Hartman
2022-11-30 18:20 ` [PATCH 6.0 023/289] platform/x86/intel/hid: Add some ACPI device IDs Greg Kroah-Hartman
2022-11-30 18:20 ` [PATCH 6.0 024/289] scsi: ibmvfc: Avoid path failures during live migration Greg Kroah-Hartman
2022-11-30 18:20 ` [PATCH 6.0 025/289] scsi: scsi_debug: Make the READ CAPACITY response compliant with ZBC Greg Kroah-Hartman
2022-11-30 18:20 ` [PATCH 6.0 026/289] drm: panel-orientation-quirks: Add quirk for Nanote UMPC-01 Greg Kroah-Hartman
2022-11-30 18:20 ` [PATCH 6.0 027/289] drm: panel-orientation-quirks: Add quirk for Acer Switch V 10 (SW5-017) Greg Kroah-Hartman
2022-11-30 18:20 ` [PATCH 6.0 028/289] block, bfq: fix null pointer dereference in bfq_bio_bfqg() Greg Kroah-Hartman
2022-11-30 18:20 ` [PATCH 6.0 029/289] s390: always build relocatable kernel Greg Kroah-Hartman
2022-11-30 18:20 ` [PATCH 6.0 030/289] arm64/syscall: Include asm/ptrace.h in syscall_wrapper header Greg Kroah-Hartman
2022-11-30 18:20 ` [PATCH 6.0 031/289] nvme: quiet user passthrough command errors Greg Kroah-Hartman
2022-11-30 18:20 ` [PATCH 6.0 032/289] nvmet: fix memory leak in nvmet_subsys_attr_model_store_locked Greg Kroah-Hartman
2022-11-30 18:20 ` [PATCH 6.0 033/289] net: wwan: iosm: fix kernel test robot reported errors Greg Kroah-Hartman
2022-11-30 18:20 ` [PATCH 6.0 034/289] drm/amd/display: Zeromem mypipe heap struct before using it Greg Kroah-Hartman
2022-11-30 18:20 ` [PATCH 6.0 035/289] drm/amd/display: Fix FCLK deviation and tool compile issues Greg Kroah-Hartman
2022-11-30 18:20 ` [PATCH 6.0 036/289] drm/amd/display: Fix gpio port mapping issue Greg Kroah-Hartman
2022-11-30 18:20 ` [PATCH 6.0 037/289] Revert "drm/amdgpu: Revert "drm/amdgpu: getting fan speed pwm for vega10 properly"" Greg Kroah-Hartman
2022-11-30 18:20 ` [PATCH 6.0 038/289] drm/amdgpu: Drop eviction lock when allocating PT BO Greg Kroah-Hartman
2022-11-30 18:20 ` [PATCH 6.0 039/289] drm/amd/display: only fill dirty rectangles when PSR is enabled Greg Kroah-Hartman
2022-11-30 18:20 ` [PATCH 6.0 040/289] ALSA: usb-audio: add quirk to fix Hamedal C20 disconnect issue Greg Kroah-Hartman
2022-11-30 18:20 ` [PATCH 6.0 041/289] RISC-V: vdso: Do not add missing symbols to version section in linker script Greg Kroah-Hartman
2022-11-30 18:20 ` [PATCH 6.0 042/289] MIPS: pic32: treat port as signed integer Greg Kroah-Hartman
2022-11-30 18:20 ` [PATCH 6.0 043/289] io_uring/poll: lockdep annote io_poll_req_insert_locked Greg Kroah-Hartman
2022-11-30 18:20 ` [PATCH 6.0 044/289] xfrm: fix "disable_policy" on ipv4 early demux Greg Kroah-Hartman
2022-11-30 18:20 ` [PATCH 6.0 045/289] arm64: dts: rockchip: fix quartz64-a bluetooth configuration Greg Kroah-Hartman
2022-11-30 18:20 ` [PATCH 6.0 046/289] xfrm: replay: Fix ESN wrap around for GSO Greg Kroah-Hartman
2022-11-30 18:20 ` [PATCH 6.0 047/289] af_key: Fix send_acquire race with pfkey_register Greg Kroah-Hartman
2022-11-30 18:20 ` [PATCH 6.0 048/289] power: supply: ip5xxx: Fix integer overflow in current_now calculation Greg Kroah-Hartman
2022-11-30 18:20 ` [PATCH 6.0 049/289] power: supply: ab8500: Defer thermal zone probe Greg Kroah-Hartman
2022-11-30 18:20 ` [PATCH 6.0 050/289] ARM: dts: am335x-pcm-953: Define fixed regulators in root node Greg Kroah-Hartman
2022-11-30 18:20 ` [PATCH 6.0 051/289] ASoC: Intel: Skylake: Introduce HDA codec init and exit routines Greg Kroah-Hartman
2022-11-30 18:20 ` [PATCH 6.0 052/289] ASoC: SOF: Intel: " Greg Kroah-Hartman
2022-11-30 18:20 ` [PATCH 6.0 053/289] ASoC: Intel: Drop hdac_ext usage for codec device creation Greg Kroah-Hartman
2022-11-30 18:20 ` [PATCH 6.0 054/289] ASoC: hdac_hda: fix hda pcm buffer overflow issue Greg Kroah-Hartman
2022-11-30 18:20 ` [PATCH 6.0 055/289] ASoC: sgtl5000: Reset the CHIP_CLK_CTRL reg on remove Greg Kroah-Hartman
2022-11-30 18:20 ` [PATCH 6.0 056/289] ASoC: soc-pcm: Dont zero TDM masks in __soc_pcm_open() Greg Kroah-Hartman
2022-11-30 18:20 ` [PATCH 6.0 057/289] x86/hyperv: Restore VP assist page after cpu offlining/onlining Greg Kroah-Hartman
2022-11-30 18:20 ` [PATCH 6.0 058/289] scsi: storvsc: Fix handling of srb_status and capacity change events Greg Kroah-Hartman
2022-11-30 18:20 ` [PATCH 6.0 059/289] PCI: hv: Only reuse existing IRTE allocation for Multi-MSI Greg Kroah-Hartman
2022-11-30 18:20 ` [PATCH 6.0 060/289] arm64: dts: rockchip: Fix Pine64 Quartz4-B PMIC interrupt Greg Kroah-Hartman
2022-11-30 18:20 ` [PATCH 6.0 061/289] ASoC: max98373: Add checks for devm_kcalloc Greg Kroah-Hartman
2022-11-30 18:20 ` [PATCH 6.0 062/289] regulator: core: fix kobject release warning and memory leak in regulator_register() Greg Kroah-Hartman
2022-11-30 18:20 ` [PATCH 6.0 063/289] regulator: rt5759: fix OOB in validate_desc() Greg Kroah-Hartman
2022-11-30 18:20 ` [PATCH 6.0 064/289] spi: dw-dma: decrease reference count in dw_spi_dma_init_mfld() Greg Kroah-Hartman
2022-11-30 18:20 ` [PATCH 6.0 065/289] regulator: core: fix UAF in destroy_regulator() Greg Kroah-Hartman
2022-11-30 18:20 ` [PATCH 6.0 066/289] bus: sunxi-rsb: Remove the shutdown callback Greg Kroah-Hartman
2022-11-30 18:20 ` [PATCH 6.0 067/289] bus: sunxi-rsb: Support atomic transfers Greg Kroah-Hartman
2022-11-30 18:20 ` [PATCH 6.0 068/289] tee: optee: fix possible memory leak in optee_register_device() Greg Kroah-Hartman
2022-11-30 18:20 ` [PATCH 6.0 069/289] spi: tegra210-quad: Fix duplicate resource error Greg Kroah-Hartman
2022-11-30 18:20 ` [PATCH 6.0 070/289] ARM: dts: at91: sam9g20ek: enable udc vbus gpio pinctrl Greg Kroah-Hartman
2022-11-30 18:20 ` Greg Kroah-Hartman
2022-11-30 18:20 ` [PATCH 6.0 071/289] selftests: mptcp: gives slow test-case more time Greg Kroah-Hartman
2022-11-30 18:20 ` [PATCH 6.0 072/289] selftests: mptcp: run mptcp_sockopt from a new netns Greg Kroah-Hartman
2022-11-30 18:20 ` [PATCH 6.0 073/289] selftests: mptcp: fix mibit vs mbit mix up Greg Kroah-Hartman
2022-11-30 18:20 ` [PATCH 6.0 074/289] net: liquidio: simplify if expression Greg Kroah-Hartman
2022-11-30 18:21 ` [PATCH 6.0 075/289] net: neigh: decrement the family specific qlen Greg Kroah-Hartman
2022-12-01 15:04 ` Chuck Zmudzinski
2022-11-30 18:21 ` [PATCH 6.0 076/289] ipvlan: hold lower dev to avoid possible use-after-free Greg Kroah-Hartman
2022-11-30 18:21 ` [PATCH 6.0 077/289] rxrpc: Fix race between conn bundle lookup and bundle removal [ZDI-CAN-15975] Greg Kroah-Hartman
2022-11-30 18:21 ` [PATCH 6.0 078/289] net: dsa: sja1105: disallow C45 transactions on the BASE-TX MDIO bus Greg Kroah-Hartman
2022-11-30 18:21 ` [PATCH 6.0 079/289] nfc/nci: fix race with opening and closing Greg Kroah-Hartman
2022-11-30 18:21 ` [PATCH 6.0 080/289] net: pch_gbe: fix potential memleak in pch_gbe_tx_queue() Greg Kroah-Hartman
2022-11-30 18:21 ` [PATCH 6.0 081/289] 9p/fd: fix issue of list_del corruption in p9_fd_cancel() Greg Kroah-Hartman
2022-11-30 18:21 ` [PATCH 6.0 082/289] netfilter: conntrack: Fix data-races around ct mark Greg Kroah-Hartman
2022-11-30 18:21 ` [PATCH 6.0 083/289] netfilter: nf_tables: do not set up extensions for end interval Greg Kroah-Hartman
2022-11-30 18:21 ` [PATCH 6.0 084/289] iavf: Fix a crash during reset task Greg Kroah-Hartman
2022-11-30 18:21 ` [PATCH 6.0 085/289] iavf: Do not restart Tx queues after reset task failure Greg Kroah-Hartman
2022-11-30 18:21 ` [PATCH 6.0 086/289] iavf: remove INITIAL_MAC_SET to allow gARP to work properly Greg Kroah-Hartman
2022-11-30 18:21 ` [PATCH 6.0 087/289] iavf: Fix race condition between iavf_shutdown and iavf_remove Greg Kroah-Hartman
2022-11-30 18:21 ` [PATCH 6.0 088/289] ARM: mxs: fix memory leak in mxs_machine_init() Greg Kroah-Hartman
2022-11-30 18:21 ` [PATCH 6.0 089/289] ARM: dts: imx6q-prti6q: Fix ref/tcxo-clock-frequency properties Greg Kroah-Hartman
2022-11-30 18:21 ` [PATCH 6.0 090/289] net: ethernet: mtk_eth_soc: fix error handling in mtk_open() Greg Kroah-Hartman
2022-11-30 18:21 ` [PATCH 6.0 091/289] net/mlx4: Check retval of mlx4_bitmap_init Greg Kroah-Hartman
2022-11-30 18:21 ` [PATCH 6.0 092/289] net: mvpp2: fix possible invalid pointer dereference Greg Kroah-Hartman
2022-11-30 18:21 ` [PATCH 6.0 093/289] net/qla3xxx: fix potential memleak in ql3xxx_send() Greg Kroah-Hartman
2022-11-30 18:21 ` [PATCH 6.0 094/289] octeontx2-af: debugsfs: fix pci device refcount leak Greg Kroah-Hartman
2022-11-30 18:21 ` [PATCH 6.0 095/289] net: pch_gbe: fix pci device refcount leak while module exiting Greg Kroah-Hartman
2022-11-30 18:21 ` [PATCH 6.0 096/289] nfp: fill splittable of devlink_port_attrs correctly Greg Kroah-Hartman
2022-11-30 18:21 ` [PATCH 6.0 097/289] nfp: add port from netdev validation for EEPROM access Greg Kroah-Hartman
2022-11-30 18:21 ` [PATCH 6.0 098/289] bonding: fix ICMPv6 header handling when receiving IPv6 messages Greg Kroah-Hartman
2022-11-30 18:21 ` [PATCH 6.0 099/289] macsec: Fix invalid error code set Greg Kroah-Hartman
2022-11-30 18:21 ` [PATCH 6.0 100/289] drm/i915: Fix warn in intel_display_power_*_domain() functions Greg Kroah-Hartman
2022-11-30 18:21 ` [PATCH 6.0 101/289] Drivers: hv: vmbus: fix double free in the error path of vmbus_add_channel_work() Greg Kroah-Hartman
2022-11-30 18:21 ` [PATCH 6.0 102/289] Drivers: hv: vmbus: fix possible memory leak in vmbus_device_register() Greg Kroah-Hartman
2022-11-30 18:21 ` [PATCH 6.0 103/289] netfilter: ipset: regression in ip_set_hash_ip.c Greg Kroah-Hartman
2022-11-30 18:21 ` [PATCH 6.0 104/289] net/mlx5: Do not query pci info while pci disabled Greg Kroah-Hartman
2022-11-30 18:21 ` [PATCH 6.0 105/289] net/mlx5: Fix FW tracer timestamp calculation Greg Kroah-Hartman
2022-11-30 18:21 ` [PATCH 6.0 106/289] net/mlx5: SF: Fix probing active SFs during driver probe phase Greg Kroah-Hartman
2022-11-30 18:21 ` [PATCH 6.0 107/289] net/mlx5: cmdif, Print info on any firmware cmd failure to tracepoint Greg Kroah-Hartman
2022-11-30 18:21 ` [PATCH 6.0 108/289] net/mlx5: Fix handling of entry refcount when command is not issued to FW Greg Kroah-Hartman
2022-11-30 18:21 ` [PATCH 6.0 109/289] net/mlx5: E-Switch, Set correctly vport destination Greg Kroah-Hartman
2022-11-30 18:21 ` [PATCH 6.0 110/289] net/mlx5: Fix sync reset event handler error flow Greg Kroah-Hartman
2022-11-30 18:21 ` [PATCH 6.0 111/289] net/mlx5e: Offload rule only when all encaps are valid Greg Kroah-Hartman
2022-11-30 18:21 ` [PATCH 6.0 112/289] net: phy: at803x: fix error return code in at803x_probe() Greg Kroah-Hartman
2022-11-30 18:21 ` [PATCH 6.0 113/289] tipc: set con sock in tipc_conn_alloc Greg Kroah-Hartman
2022-11-30 18:21 ` [PATCH 6.0 114/289] tipc: add an extra conn_get " Greg Kroah-Hartman
2022-11-30 18:21 ` [PATCH 6.0 115/289] tipc: check skb_linearize() return value in tipc_disc_rcv() Greg Kroah-Hartman
2022-11-30 18:21 ` [PATCH 6.0 116/289] zonefs: Fix race between modprobe and mount Greg Kroah-Hartman
2022-11-30 18:21 ` [PATCH 6.0 117/289] xfrm: Fix oops in __xfrm_state_delete() Greg Kroah-Hartman
2022-11-30 18:21 ` [PATCH 6.0 118/289] xfrm: Fix ignored return value in xfrm6_init() Greg Kroah-Hartman
2022-11-30 18:21 ` [PATCH 6.0 119/289] net: wwan: iosm: use ACPI_FREE() but not kfree() in ipc_pcie_read_bios_cfg() Greg Kroah-Hartman
2022-11-30 18:21 ` [PATCH 6.0 120/289] sfc: fix potential memleak in __ef100_hard_start_xmit() Greg Kroah-Hartman
2022-11-30 18:21 ` [PATCH 6.0 121/289] net: sparx5: fix error handling in sparx5_port_open() Greg Kroah-Hartman
2022-11-30 18:21 ` [PATCH 6.0 122/289] net: sched: allow act_ct to be built without NF_NAT Greg Kroah-Hartman
2022-11-30 18:21 ` [PATCH 6.0 123/289] NFC: nci: fix memory leak in nci_rx_data_packet() Greg Kroah-Hartman
2022-11-30 18:21 ` [PATCH 6.0 124/289] regulator: twl6030: re-add TWL6032_SUBCLASS Greg Kroah-Hartman
2022-11-30 18:21 ` [PATCH 6.0 125/289] bnx2x: fix pci device refcount leak in bnx2x_vf_is_pcie_pending() Greg Kroah-Hartman
2022-11-30 18:21 ` [PATCH 6.0 126/289] dma-buf: fix racing conflict of dma_heap_add() Greg Kroah-Hartman
2022-11-30 18:21 ` [PATCH 6.0 127/289] tsnep: Fix rotten packets Greg Kroah-Hartman
2022-11-30 18:21 ` [PATCH 6.0 128/289] cpufreq: amd-pstate: change amd-pstate driver to be built-in type Greg Kroah-Hartman
2022-11-30 18:21 ` [PATCH 6.0 129/289] netfilter: ipset: restore allowing 64 clashing elements in hash:net,iface Greg Kroah-Hartman
2022-11-30 18:21 ` [PATCH 6.0 130/289] netfilter: flowtable_offload: add missing locking Greg Kroah-Hartman
2022-11-30 18:21 ` [PATCH 6.0 131/289] fs: do not update freeing inode i_io_list Greg Kroah-Hartman
2022-11-30 18:21 ` [PATCH 6.0 132/289] blk-mq: fix queue reference leak on blk_mq_alloc_disk_for_queue failure Greg Kroah-Hartman
2022-11-30 18:21 ` [PATCH 6.0 133/289] test_kprobes: fix implicit declaration error of test_kprobes Greg Kroah-Hartman
2022-11-30 18:21 ` [PATCH 6.0 134/289] dccp/tcp: Reset saddr on failure after inet6?_hash_connect() Greg Kroah-Hartman
2022-11-30 18:22 ` [PATCH 6.0 135/289] net: ethernet: mtk_eth_soc: fix potential memory leak in mtk_rx_alloc() Greg Kroah-Hartman
2022-11-30 18:22 ` [PATCH 6.0 136/289] net: ethernet: mtk_eth_soc: move gdma_to_ppe and ppe_base definitions in mtk register map Greg Kroah-Hartman
2022-11-30 18:22 ` [PATCH 6.0 137/289] net: ethernet: mtk_eth_soc: move ppe table hash offset to mtk_soc_data structure Greg Kroah-Hartman
2022-11-30 18:22 ` [PATCH 6.0 138/289] net: ethernet: mtk_eth_soc: fix resource leak in error path Greg Kroah-Hartman
2022-11-30 18:22 ` [PATCH 6.0 139/289] ipv4: Fix error return code in fib_table_insert() Greg Kroah-Hartman
2022-11-30 18:22 ` [PATCH 6.0 140/289] arcnet: fix potential memory leak in com20020_probe() Greg Kroah-Hartman
2022-11-30 18:22 ` [PATCH 6.0 141/289] net: dm9051: Fix missing dev_kfree_skb() in dm9051_loop_rx() Greg Kroah-Hartman
2022-11-30 18:22 ` [PATCH 6.0 142/289] net/cdc_ncm: Fix multicast RX support for CDC NCM devices with ZLP Greg Kroah-Hartman
2022-11-30 18:22 ` [PATCH 6.0 143/289] s390/ap: fix memory leak in ap_init_qci_info() Greg Kroah-Hartman
2022-11-30 18:22 ` [PATCH 6.0 144/289] s390/dasd: fix no record found for raw_track_access Greg Kroah-Hartman
2022-11-30 18:22 ` [PATCH 6.0 145/289] fscache: fix OOB Read in __fscache_acquire_volume Greg Kroah-Hartman
2022-11-30 18:22 ` [PATCH 6.0 146/289] nfc: st-nci: fix incorrect validating logic in EVT_TRANSACTION Greg Kroah-Hartman
2022-11-30 18:22 ` [PATCH 6.0 147/289] nfc: st-nci: fix memory leaks " Greg Kroah-Hartman
2022-11-30 18:22 ` [PATCH 6.0 148/289] nfc: st-nci: fix incorrect sizing calculations " Greg Kroah-Hartman
2022-11-30 18:22 ` [PATCH 6.0 149/289] net: marvell: prestera: add missing unregister_netdev() in prestera_port_create() Greg Kroah-Hartman
2022-11-30 18:22 ` [PATCH 6.0 150/289] net: enetc: cache accesses to &priv->si->hw Greg Kroah-Hartman
2022-11-30 18:22 ` [PATCH 6.0 151/289] net: enetc: preserve TX ring priority across reconfiguration Greg Kroah-Hartman
2022-11-30 18:22 ` [PATCH 6.0 152/289] octeontx2-pf: Add check for devm_kcalloc Greg Kroah-Hartman
2022-11-30 18:22 ` [PATCH 6.0 153/289] net: wwan: t7xx: Fix the ACPI memory leak Greg Kroah-Hartman
2022-11-30 18:22 ` [PATCH 6.0 154/289] virtio_net: Fix probe failed when modprobe virtio_net Greg Kroah-Hartman
2022-11-30 18:22 ` [PATCH 6.0 155/289] octeontx2-af: Fix reference count issue in rvu_sdp_init() Greg Kroah-Hartman
2022-11-30 18:22 ` [PATCH 6.0 156/289] net: thunderx: Fix the ACPI memory leak Greg Kroah-Hartman
2022-11-30 18:22 ` [PATCH 6.0 157/289] s390/crashdump: fix TOD programmable field size Greg Kroah-Hartman
2022-11-30 18:22 ` [PATCH 6.0 158/289] io_uring/filetable: fix file reference underflow Greg Kroah-Hartman
2022-11-30 18:22 ` [PATCH 6.0 159/289] io_uring/poll: fix poll_refs race with cancelation Greg Kroah-Hartman
2022-11-30 18:22 ` [PATCH 6.0 160/289] lib/vdso: use "grep -E" instead of "egrep" Greg Kroah-Hartman
2022-11-30 18:22 ` [PATCH 6.0 161/289] can: gs_usb: remove dma allocations Greg Kroah-Hartman
2022-11-30 18:22 ` [PATCH 6.0 162/289] usb: dwc3: exynos: Fix remove() function Greg Kroah-Hartman
2022-11-30 18:22 ` [PATCH 6.0 163/289] usb: cdnsp: Fix issue with Clear Feature Halt Endpoint Greg Kroah-Hartman
2022-11-30 18:22 ` [PATCH 6.0 164/289] usb: cdnsp: fix issue with ZLP - added TD_SIZE = 1 Greg Kroah-Hartman
2022-11-30 18:22 ` [PATCH 6.0 165/289] dma-buf: Use dma_fence_unwrap_for_each when importing fences Greg Kroah-Hartman
2022-11-30 18:22 ` [PATCH 6.0 166/289] cifs: fix missing unlock in cifs_file_copychunk_range() Greg Kroah-Hartman
2022-11-30 18:22 ` [PATCH 6.0 167/289] cifs: Use after free in debug code Greg Kroah-Hartman
2022-11-30 18:22 ` [PATCH 6.0 168/289] ext4: fix use-after-free in ext4_ext_shift_extents Greg Kroah-Hartman
2022-11-30 18:22 ` [PATCH 6.0 169/289] arm64: dts: rockchip: lower rk3399-puma-haikou SD controller clock frequency Greg Kroah-Hartman
2022-11-30 18:22 ` [PATCH 6.0 170/289] kbuild: fix -Wimplicit-function-declaration in license_is_gpl_compatible Greg Kroah-Hartman
2022-11-30 18:22 ` [PATCH 6.0 171/289] iio: adc: aspeed: Remove the trim valid dts property Greg Kroah-Hartman
2022-11-30 18:22 ` [PATCH 6.0 172/289] iio: light: apds9960: fix wrong register for gesture gain Greg Kroah-Hartman
2022-11-30 18:22 ` [PATCH 6.0 173/289] iio: core: Fix entry not deleted when iio_register_sw_trigger_type() fails Greg Kroah-Hartman
2022-11-30 18:22 ` [PATCH 6.0 174/289] iio: accel: bma400: Fix memory leak in bma400_get_steps_reg() Greg Kroah-Hartman
2022-11-30 18:22 ` [PATCH 6.0 175/289] dt-bindings: iio: adc: Remove the property "aspeed,trim-data-valid" Greg Kroah-Hartman
2022-11-30 18:22 ` [PATCH 6.0 176/289] mm/damon/sysfs-schemes: skip stats update if the scheme directory is removed Greg Kroah-Hartman
2022-11-30 18:22 ` [PATCH 6.0 177/289] virt/sev-guest: Prevent IV reuse in the SNP guest driver Greg Kroah-Hartman
2022-11-30 18:22 ` [PATCH 6.0 178/289] cpufreq: amd-pstate: cpufreq: amd-pstate: reset MSR_AMD_PERF_CTL register at init Greg Kroah-Hartman
2022-11-30 18:22 ` [PATCH 6.0 179/289] zonefs: Fix active zone accounting Greg Kroah-Hartman
2022-11-30 18:22 ` [PATCH 6.0 180/289] bus: ixp4xx: Dont touch bit 7 on IXP42x Greg Kroah-Hartman
2022-11-30 18:22 ` [PATCH 6.0 181/289] spi: spi-imx: Fix spi_bus_clk if requested clock is higher than input clock Greg Kroah-Hartman
2022-11-30 18:22 ` [PATCH 6.0 182/289] spi: spi-imx: spi_imx_transfer_one(): check for DMA transfer first Greg Kroah-Hartman
2022-11-30 18:22 ` [PATCH 6.0 183/289] init/Kconfig: fix CC_HAS_ASM_GOTO_TIED_OUTPUT test with dash Greg Kroah-Hartman
2022-11-30 18:22 ` [PATCH 6.0 184/289] NFSD: Fix reads with a non-zero offset that dont end on a page boundary Greg Kroah-Hartman
2022-11-30 18:22 ` [PATCH 6.0 185/289] nios2: add FORCE for vmlinuz.gz Greg Kroah-Hartman
2022-11-30 18:22 ` [PATCH 6.0 186/289] drm/amdgpu: Enable SA software trap Greg Kroah-Hartman
2022-11-30 18:22 ` [PATCH 6.0 187/289] drm/amdkfd: update GFX11 CWSR trap handler Greg Kroah-Hartman
2022-11-30 18:22 ` [PATCH 6.0 188/289] drm/amd/display: Added debug option for forcing subvp num ways Greg Kroah-Hartman
2022-11-30 18:22 ` [PATCH 6.0 189/289] drm/amd/display: Add debug option for allocating extra way for cursor Greg Kroah-Hartman
2022-11-30 18:22 ` [PATCH 6.0 190/289] drm/amd/display: Update MALL SS NumWays calculation Greg Kroah-Hartman
2022-11-30 18:22 ` [PATCH 6.0 191/289] drm/amd/display: Fix calculation for cursor CAB allocation Greg Kroah-Hartman
2022-11-30 18:22 ` [PATCH 6.0 192/289] usb: dwc3: gadget: conditionally remove requests Greg Kroah-Hartman
2022-11-30 18:22 ` [PATCH 6.0 193/289] usb: dwc3: gadget: Return -ESHUTDOWN on ep disable Greg Kroah-Hartman
2022-11-30 18:22 ` [PATCH 6.0 194/289] usb: dwc3: gadget: Clear ep descriptor last Greg Kroah-Hartman
2022-11-30 18:23 ` [PATCH 6.0 195/289] io_uring: cmpxchg for poll arm refs release Greg Kroah-Hartman
2022-11-30 18:23 ` [PATCH 6.0 196/289] io_uring: make poll refs more robust Greg Kroah-Hartman
2022-11-30 18:23 ` [PATCH 6.0 197/289] io_uring: clear TIF_NOTIFY_SIGNAL if set and task_work not available Greg Kroah-Hartman
2022-11-30 18:23 ` [PATCH 6.0 198/289] nilfs2: fix nilfs_sufile_mark_dirty() not set segment usage as dirty Greg Kroah-Hartman
2022-11-30 18:23 ` [PATCH 6.0 199/289] gcov: clang: fix the buffer overflow issue Greg Kroah-Hartman
2022-11-30 18:23 ` [PATCH 6.0 200/289] mm/cgroup/reclaim: fix dirty pages throttling on cgroup v1 Greg Kroah-Hartman
2022-11-30 18:23 ` [PATCH 6.0 201/289] mm: vmscan: fix extreme overreclaim and swap floods Greg Kroah-Hartman
2022-11-30 18:23 ` [PATCH 6.0 202/289] fpga: m10bmc-sec: Fix kconfig dependencies Greg Kroah-Hartman
2022-11-30 18:23 ` [PATCH 6.0 203/289] KVM: x86/mmu: Fix race condition in direct_page_fault Greg Kroah-Hartman
2022-11-30 18:23 ` [PATCH 6.0 204/289] KVM: x86/xen: Only do in-kernel acceleration of hypercalls for guest CPL0 Greg Kroah-Hartman
2022-11-30 18:23 ` [PATCH 6.0 205/289] KVM: x86/xen: Validate port number in SCHEDOP_poll Greg Kroah-Hartman
2022-11-30 18:23 ` [PATCH 6.0 206/289] drm/i915/gvt: Get reference to KVM iff attachment to VM is successful Greg Kroah-Hartman
2022-11-30 18:23 ` [PATCH 6.0 207/289] KVM: x86: nSVM: leave nested mode on vCPU free Greg Kroah-Hartman
2022-11-30 18:23 ` [PATCH 6.0 208/289] KVM: x86: forcibly leave nested mode on vCPU reset Greg Kroah-Hartman
2022-11-30 18:23 ` [PATCH 6.0 209/289] KVM: x86: nSVM: harden svm_free_nested against freeing vmcb02 while still in use Greg Kroah-Hartman
2022-11-30 18:23 ` [PATCH 6.0 210/289] KVM: x86: add kvm_leave_nested Greg Kroah-Hartman
2022-11-30 18:23 ` [PATCH 6.0 211/289] KVM: x86: remove exit_int_info warning in svm_handle_exit Greg Kroah-Hartman
2022-11-30 18:23 ` [PATCH 6.0 212/289] KVM: Update gfn_to_pfn_cache khva when it moves within the same page Greg Kroah-Hartman
2022-11-30 18:23 ` [PATCH 6.0 213/289] x86/tsx: Add a feature bit for TSX control MSR support Greg Kroah-Hartman
2022-11-30 18:23 ` [PATCH 6.0 214/289] x86/pm: Add enumeration check before spec MSRs save/restore setup Greg Kroah-Hartman
2022-11-30 18:23 ` [PATCH 6.0 215/289] x86/ioremap: Fix page aligned size calculation in __ioremap_caller() Greg Kroah-Hartman
2022-11-30 18:23 ` [PATCH 6.0 216/289] mm: fix unexpected changes to {failslab|fail_page_alloc}.attr Greg Kroah-Hartman
2022-11-30 18:23 ` [PATCH 6.0 217/289] mm: correctly charge compressed memory to its memcg Greg Kroah-Hartman
2022-11-30 18:23 ` [PATCH 6.0 218/289] LoongArch: Clear FPU/SIMD thread info flags for kernel thread Greg Kroah-Hartman
2022-11-30 18:23 ` [PATCH 6.0 219/289] LoongArch: Set _PAGE_DIRTY only if _PAGE_WRITE is set in {pmd,pte}_mkdirty() Greg Kroah-Hartman
2022-11-30 18:23 ` [PATCH 6.0 220/289] ASoC: SOF: Fix compilation when HDA_AUDIO_CODEC config is disabled Greg Kroah-Hartman
2022-11-30 18:23 ` [PATCH 6.0 221/289] ASoC: Intel: fix unused-variable warning in probe_codec Greg Kroah-Hartman
2022-11-30 18:23 ` [PATCH 6.0 222/289] ASoC: Intel: Skylake: fix possible memory leak in skl_codec_device_init() Greg Kroah-Hartman
2022-11-30 18:23 ` [PATCH 6.0 223/289] ASoC: SOF: Intel: hda-codec: fix possible memory leak in hda_codec_device_init() Greg Kroah-Hartman
2022-11-30 18:23 ` [PATCH 6.0 224/289] Input: synaptics - switch touchpad on HP Laptop 15-da3001TU to RMI mode Greg Kroah-Hartman
2022-11-30 18:23 ` [PATCH 6.0 225/289] ASoC: amd: yc: Add Alienware m17 R5 AMD into DMI table Greg Kroah-Hartman
2022-11-30 18:23 ` [PATCH 6.0 226/289] ASoC: Intel: bytcht_es8316: Add quirk for the Nanote UMPC-01 Greg Kroah-Hartman
2022-11-30 18:23 ` [PATCH 6.0 227/289] ASoC: Intel: soc-acpi: add ES83x6 support to IceLake Greg Kroah-Hartman
2022-11-30 18:23 ` [PATCH 6.0 228/289] tools: iio: iio_generic_buffer: Fix read size Greg Kroah-Hartman
2022-11-30 18:23 ` [PATCH 6.0 229/289] ASoC: hda: intel-dsp-config: add ES83x6 quirk for IceLake Greg Kroah-Hartman
2022-11-30 18:23 ` [PATCH 6.0 230/289] ASoC: SOF: ipc3-topology: use old pipeline teardown flow with SOF2.1 and older Greg Kroah-Hartman
2022-11-30 18:23 ` [PATCH 6.0 231/289] serial: 8250: 8250_omap: Avoid RS485 RTS glitch on ->set_termios() Greg Kroah-Hartman
2022-11-30 18:23 ` [PATCH 6.0 232/289] Revert "tty: n_gsm: avoid call of sleeping functions from atomic context" Greg Kroah-Hartman
2022-11-30 18:23 ` [PATCH 6.0 233/289] Revert "tty: n_gsm: replace kicktimer with delayed_work" Greg Kroah-Hartman
2022-11-30 18:23 ` [PATCH 6.0 234/289] Input: goodix - try resetting the controller when no config is set Greg Kroah-Hartman
2022-11-30 18:23 ` [PATCH 6.0 235/289] bpf: Convert BPF_DISPATCHER to use static_call() (not ftrace) Greg Kroah-Hartman
2022-11-30 18:23 ` [PATCH 6.0 236/289] ASoC: sof_es8336: reduce pop noise on speaker Greg Kroah-Hartman
2022-11-30 18:23 ` [PATCH 6.0 237/289] Input: soc_button_array - add use_low_level_irq module parameter Greg Kroah-Hartman
2022-11-30 18:23 ` [PATCH 6.0 238/289] Input: soc_button_array - add Acer Switch V 10 to dmi_use_low_level_irq[] Greg Kroah-Hartman
2022-11-30 18:23 ` [PATCH 6.0 239/289] pinctrl: qcom: sc8280xp: Rectify UFS reset pins Greg Kroah-Hartman
2022-11-30 18:23 ` [PATCH 6.0 240/289] Input: i8042 - apply probe defer to more ASUS ZenBook models Greg Kroah-Hartman
2022-11-30 18:23 ` [PATCH 6.0 241/289] ASoC: stm32: dfsdm: manage cb buffers cleanup Greg Kroah-Hartman
2022-11-30 18:23 ` [PATCH 6.0 242/289] xen-pciback: Allow setting PCI_MSIX_FLAGS_MASKALL too Greg Kroah-Hartman
2022-11-30 18:23 ` [PATCH 6.0 243/289] xen/platform-pci: add missing free_irq() in error path Greg Kroah-Hartman
2022-11-30 18:23 ` [PATCH 6.0 244/289] platform/x86: thinkpad_acpi: Enable s2idle quirk for 21A1 machine type Greg Kroah-Hartman
2022-11-30 18:23 ` [PATCH 6.0 245/289] platform/x86: asus-wmi: add missing pci_dev_put() in asus_wmi_set_xusb2pr() Greg Kroah-Hartman
2022-11-30 18:23 ` [PATCH 6.0 246/289] platform/x86: acer-wmi: Enable SW_TABLET_MODE on Switch V 10 (SW5-017) Greg Kroah-Hartman
2022-11-30 18:23 ` [PATCH 6.0 247/289] platform/surface: aggregator_registry: Add support for Surface Pro 9 Greg Kroah-Hartman
2022-11-30 18:23 ` [PATCH 6.0 248/289] drm/amd/display: use uclk pstate latency for fw assisted mclk validation dcn32 Greg Kroah-Hartman
2022-11-30 18:23 ` [PATCH 6.0 249/289] drm/amdgpu: disable BACO support on more cards Greg Kroah-Hartman
2022-11-30 18:23 ` [PATCH 6.0 250/289] drm/amdkfd: Fix a memory limit issue Greg Kroah-Hartman
2022-11-30 18:23 ` [PATCH 6.0 251/289] zonefs: fix zone report size in __zonefs_io_error() Greg Kroah-Hartman
2022-11-30 18:23 ` [PATCH 6.0 252/289] platform/surface: aggregator_registry: Add support for Surface Laptop 5 Greg Kroah-Hartman
2022-11-30 18:23 ` [PATCH 6.0 253/289] platform/x86: hp-wmi: Ignore Smart Experience App event Greg Kroah-Hartman
2022-11-30 18:23 ` [PATCH 6.0 254/289] platform/x86: ideapad-laptop: Fix interrupt storm on fn-lock toggle on some Yoga laptops Greg Kroah-Hartman
2022-11-30 18:24 ` [PATCH 6.0 255/289] platform/x86: ideapad-laptop: Add module parameters to match DMI quirk tables Greg Kroah-Hartman
2022-11-30 18:24 ` [PATCH 6.0 256/289] tcp: configurable source port perturb table size Greg Kroah-Hartman
2022-11-30 18:24 ` [PATCH 6.0 257/289] block: make blk_set_default_limits() private Greg Kroah-Hartman
2022-11-30 18:24 ` [PATCH 6.0 258/289] dm-integrity: set dma_alignment limit in io_hints Greg Kroah-Hartman
2022-11-30 18:24 ` [PATCH 6.0 259/289] dm-log-writes: " Greg Kroah-Hartman
2022-11-30 18:24 ` [PATCH 6.0 260/289] net: usb: qmi_wwan: add Telit 0x103a composition Greg Kroah-Hartman
2022-11-30 18:24 ` [PATCH 6.0 261/289] scsi: mpi3mr: Suppress command reply debug prints Greg Kroah-Hartman
2022-11-30 18:24 ` [PATCH 6.0 262/289] scsi: iscsi: Fix possible memory leak when device_register() failed Greg Kroah-Hartman
2022-11-30 18:24 ` [PATCH 6.0 263/289] gpu: host1x: Avoid trying to use GART on Tegra20 Greg Kroah-Hartman
2022-11-30 18:24 ` [PATCH 6.0 264/289] dm integrity: flush the journal on suspend Greg Kroah-Hartman
2022-11-30 18:24 ` [PATCH 6.0 265/289] dm integrity: clear " Greg Kroah-Hartman
2022-11-30 18:24 ` [PATCH 6.0 266/289] fuse: lock inode unconditionally in fuse_fallocate() Greg Kroah-Hartman
2022-11-30 18:24 ` [PATCH 6.0 267/289] wifi: wilc1000: validate pairwise and authentication suite offsets Greg Kroah-Hartman
2022-11-30 18:24 ` [PATCH 6.0 268/289] wifi: wilc1000: validate length of IEEE80211_P2P_ATTR_OPER_CHANNEL attribute Greg Kroah-Hartman
2022-11-30 18:24 ` [PATCH 6.0 269/289] wifi: wilc1000: validate length of IEEE80211_P2P_ATTR_CHANNEL_LIST attribute Greg Kroah-Hartman
2022-11-30 18:24 ` [PATCH 6.0 270/289] wifi: wilc1000: validate number of channels Greg Kroah-Hartman
2022-11-30 18:24 ` [PATCH 6.0 271/289] btrfs: free btrfs_path before copying root refs to userspace Greg Kroah-Hartman
2022-11-30 18:24 ` [PATCH 6.0 272/289] btrfs: free btrfs_path before copying inodes " Greg Kroah-Hartman
2022-11-30 18:24 ` [PATCH 6.0 273/289] btrfs: free btrfs_path before copying fspath " Greg Kroah-Hartman
2022-11-30 18:24 ` [PATCH 6.0 274/289] btrfs: free btrfs_path before copying subvol info " Greg Kroah-Hartman
2022-11-30 18:24 ` [PATCH 6.0 275/289] btrfs: zoned: fix missing endianness conversion in sb_write_pointer Greg Kroah-Hartman
2022-11-30 18:24 ` [PATCH 6.0 276/289] btrfs: use kvcalloc in btrfs_get_dev_zone_info Greg Kroah-Hartman
2022-11-30 18:24 ` [PATCH 6.0 277/289] btrfs: sysfs: normalize the error handling branch in btrfs_init_sysfs() Greg Kroah-Hartman
2022-11-30 18:24 ` [PATCH 6.0 278/289] btrfs: do not modify log tree while holding a leaf from fs tree locked Greg Kroah-Hartman
2022-11-30 18:24 ` [PATCH 6.0 279/289] drm/i915/ttm: never purge busy objects Greg Kroah-Hartman
2022-11-30 18:24 ` [PATCH 6.0 280/289] drm/display/dp_mst: Fix drm_dp_mst_add_affected_dsc_crtcs() return code Greg Kroah-Hartman
2022-11-30 18:24 ` [PATCH 6.0 281/289] drm/amd/dc/dce120: Fix audio register mapping, stop triggering KASAN Greg Kroah-Hartman
2022-11-30 18:24 ` [PATCH 6.0 282/289] drm/amd/display: No display after resume from WB/CB Greg Kroah-Hartman
2022-11-30 18:24 ` [PATCH 6.0 283/289] drm/amdgpu/psp: dont free PSP buffers on suspend Greg Kroah-Hartman
2022-11-30 18:24 ` [PATCH 6.0 284/289] drm/amdgpu: Enable Aldebaran devices to report CU Occupancy Greg Kroah-Hartman
2022-11-30 18:24 ` [PATCH 6.0 285/289] drm/amd/amdgpu: reserve vm invalidation engine for firmware Greg Kroah-Hartman
2022-11-30 18:24 ` [PATCH 6.0 286/289] drm/amd/display: Update soc bounding box for dcn32/dcn321 Greg Kroah-Hartman
2022-11-30 18:24 ` [PATCH 6.0 287/289] drm/amdgpu: always register an MMU notifier for userptr Greg Kroah-Hartman
2022-11-30 18:24 ` [PATCH 6.0 288/289] drm/amdgpu: Partially revert "drm/amdgpu: update drm_display_info correctly when the edid is read" Greg Kroah-Hartman
2022-11-30 18:24 ` [PATCH 6.0 289/289] drm/i915: fix TLB invalidation for Gen12 video and compute engines Greg Kroah-Hartman
2022-11-30 20:35 ` [PATCH 6.0 000/289] 6.0.11-rc1 review Florian Fainelli
2022-12-01 0:59 ` Shuah Khan
2022-12-01 2:19 ` Zan Aziz
2022-12-01 6:14 ` Naresh Kamboju
2022-12-01 6:57 ` Nathan Chancellor
2022-12-01 7:56 ` Greg Kroah-Hartman
2022-12-01 7:27 ` Ron Economos
2022-12-01 8:18 ` Naresh Kamboju
2022-12-01 9:45 ` Bagas Sanjaya
2022-12-01 11:14 ` Sudip Mukherjee
2022-12-01 14:54 ` Fenil Jain
2022-12-01 16:48 ` Justin Forbes
2022-11-30 19:21 Ronald Warsow
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.