* [PATCH 4.19 000/521] 4.19.270-rc1 review
@ 2023-01-16 15:44 Greg Kroah-Hartman
2023-01-16 15:44 ` [PATCH 4.19 001/521] mm/khugepaged: fix GUP-fast interaction by sending IPI Greg Kroah-Hartman
` (524 more replies)
0 siblings, 525 replies; 529+ messages in thread
From: Greg Kroah-Hartman @ 2023-01-16 15:44 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, linux-kernel, torvalds, akpm, linux,
shuah, patches, lkft-triage, pavel, jonathanh, f.fainelli,
sudipm.mukherjee, srw, rwarsow
This is the start of the stable review cycle for the 4.19.270 release.
There are 521 patches in this series, all will be posted as a response
to this one. If anyone has any issues with these being applied, please
let me know.
Responses should be made by Wed, 18 Jan 2023 15:47:28 +0000.
Anything received after that time might be too late.
The whole patch series can be found in one patch at:
https://www.kernel.org/pub/linux/kernel/v4.x/stable-review/patch-4.19.270-rc1.gz
or in the git tree and branch at:
git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-4.19.y
and the diffstat can be found below.
thanks,
greg k-h
-------------
Pseudo-Shortlog of commits:
Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Linux 4.19.270-rc1
Jon Hunter <jonathanh@nvidia.com>
serial: tegra: Only print FIFO error message when an error occurs
Frederic Barrat <fbarrat@linux.ibm.com>
powerpc/powernv/eeh: Fix oops when probing cxl devices
Kailang Yang <kailang@realtek.com>
ALSA: hda/realtek - Fixed one of HP ALC671 platform Headset Mic supported
Takashi Iwai <tiwai@suse.de>
ALSA: hda/realtek - Fix inverted bass GPIO pin on Acer 8951G
Mahesh Salgaonkar <mahesh@linux.ibm.com>
pseries/eeh: Fix the kdump kernel crash during eeh_pseries_init
Dmitry Osipenko <digetx@gmail.com>
tty: serial: tegra: Handle RX transfer in PIO mode if DMA wasn't started
Ferry Toth <ftoth@exalondelft.nl>
Revert "usb: ulpi: defer ulpi_register on ulpi_read_id timeout"
Johan Hovold <johan+linaro@kernel.org>
efi: fix NULL-deref in init error path
Mark Rutland <mark.rutland@arm.com>
arm64: cmpxchg_double*: hazard against entire exchange variable
Rob Clark <robdclark@chromium.org>
drm/virtio: Fix GEM handle creation UAF
Peter Newman <peternewman@google.com>
x86/resctrl: Fix task CLOSID/RMID update race
Reinette Chatre <reinette.chatre@intel.com>
x86/resctrl: Use task_curr() instead of task_struct->on_cpu to prevent unnecessary IPI
Christophe JAILLET <christophe.jaillet@wanadoo.fr>
iommu/mediatek-v1: Fix an error handling path in mtk_iommu_v1_probe()
Yong Wu <yong.wu@mediatek.com>
iommu/mediatek-v1: Add error handle for mtk_iommu_probe
Rahul Rameshbabu <rrameshbabu@nvidia.com>
net/mlx5: Fix ptp max frequency adjustment range
Eran Ben Elisha <eranbe@mellanox.com>
net/mlx5: Rename ptp clock info
Minsuk Kang <linuxlovemin@yonsei.ac.kr>
nfc: pn533: Wait for out_urb's completion in pn533_usb_send_frame()
Roger Pau Monne <roger.pau@citrix.com>
hvc/xen: lock console list traversal
Ricardo Ribalda <ribalda@chromium.org>
regulator: da9211: Use irq handler when ready
Eliav Farber <farbere@amazon.com>
EDAC/device: Fix period calculation in edac_device_reset_delay_period()
Peter Zijlstra <peterz@infradead.org>
x86/boot: Avoid using Intel mnemonics in AT&T syntax asm
Gavrilov Ilia <Ilia.Gavrilov@infotecs.ru>
netfilter: ipset: Fix overflow before widen in the bitmap_ip_create() function.
Eric Whitney <enwlinux@gmail.com>
ext4: fix delayed allocation bug in ext4_clu_mapped for bigalloc + inline
Eric Whitney <enwlinux@gmail.com>
ext4: fix reserved cluster accounting at delayed write time
Eric Whitney <enwlinux@gmail.com>
ext4: add new pending reservation mechanism
Eric Whitney <enwlinux@gmail.com>
ext4: generalize extents status tree search functions
Ye Bin <yebin10@huawei.com>
ext4: fix uninititialized value in 'ext4_evict_inode'
Baokun Li <libaokun1@huawei.com>
ext4: fix use-after-free in ext4_orphan_cleanup
zhengliang <zhengliang6@huawei.com>
ext4: lost matching-pair of trace in ext4_truncate
Baokun Li <libaokun1@huawei.com>
ext4: fix bug_on in __es_tree_search caused by bad quota inode
Jan Kara <jack@suse.cz>
quota: Factor out setup of quota inode
Ferry Toth <ftoth@exalondelft.nl>
usb: ulpi: defer ulpi_register on ulpi_read_id timeout
Steven Rostedt <rostedt@goodmis.org>
kest.pl: Fix grub2 menu handling for rebooting
Libo Chen <libo.chen@oracle.com>
ktest.pl: Fix incorrect reboot for grub2bls
Masayoshi Mizuma <m.mizuma@jp.fujitsu.com>
ktest: introduce grub2bls REBOOT_TYPE option
Masayoshi Mizuma <m.mizuma@jp.fujitsu.com>
ktest: cleanup get_grub_index
Masayoshi Mizuma <m.mizuma@jp.fujitsu.com>
ktest: introduce _get_grub_index
Masayoshi Mizuma <m.mizuma@jp.fujitsu.com>
ktest: Add support for meta characters in GRUB_MENU
Edward Pacman <edward@edward-p.xyz>
ALSA: hda/realtek: Add quirk for Lenovo TianYi510Pro-14IOB
Kailang Yang <kailang@realtek.com>
ALSA: hda/realtek - ALC897 headset MIC no sound
Kailang Yang <kailang@realtek.com>
ALSA: hda/realtek - Add headset Mic support for Lenovo ALC897 platform
Hui Wang <hui.wang@canonical.com>
ALSA: hda/realtek: Fix the mic type detection issue for ASUS G551JW
Jeremy Szu <jeremy.szu@canonical.com>
ALSA: hda/realtek - The front Mic on a HP machine doesn't work
Jian-Hong Pan <jian-hong@endlessm.com>
ALSA: hda/realtek - Enable the headset of Acer N50-600 with ALC662
Jian-Hong Pan <jian-hong@endlessm.com>
ALSA: hda/realtek - Enable headset mic of Acer X2660G with ALC662
Kailang Yang <kailang@realtek.com>
ALSA: hda/realtek - Add Headset Mic supported for HP cPC
Takashi Iwai <tiwai@suse.de>
ALSA: hda/realtek - More constifications
Sergey Bostandzhyan <jin@mediatomb.cc>
Add Acer Aspire Ethos 8951G model quirk
Kai Vehmanen <kai.vehmanen@linux.intel.com>
ALSA: hda/hdmi: fix failures at PCM open on Intel ICL and later
Michael Walle <michael@walle.cc>
wifi: wilc1000: sdio: fix module autoloading
Herbert Xu <herbert@gondor.apana.org.au>
ipv6: raw: Deduct extension header length in rawv6_push_pending_frames
Hans de Goede <hdegoede@redhat.com>
platform/x86: sony-laptop: Don't turn off 0x153 keyboard backlight during probe
Volker Lendecke <vl@samba.org>
cifs: Fix uninitialized memory read for smb311 posix symlink create
Clement Lecigne <clecigne@google.com>
ALSA: pcm: Move rwsem lock inside snd_ctl_elem_read to prevent UAF
Paolo Abeni <pabeni@redhat.com>
net/ulp: prevent ULP without clone op from entering the LISTEN status
Heiko Carstens <hca@linux.ibm.com>
s390/percpu: add READ_ONCE() to arch_this_cpu_to_op_simple()
Adrian Hunter <adrian.hunter@intel.com>
perf auxtrace: Fix address filter duplicate symbol selection
Jonathan Corbet <corbet@lwn.net>
docs: Fix the docs build with Sphinx 6.0
Frederick Lawler <fred@cloudflare.com>
net: sched: disallow noqueue for qdisc classes
Isaac J. Manjarres <isaacmanjarres@google.com>
driver core: Fix bus_type.match() error handling in __driver_attach()
Helge Deller <deller@gmx.de>
parisc: Align parisc MADV_XXX constants with all other architectures
Jan Kara <jack@suse.cz>
mbcache: Avoid nesting of cache->c_list_lock under bit locks
Linus Torvalds <torvalds@linux-foundation.org>
hfs/hfsplus: avoid WARN_ON() for sanity check, use proper error handling
Arnd Bergmann <arnd@arndb.de>
hfs/hfsplus: use WARN_ON for sanity check
Eric Biggers <ebiggers@google.com>
ext4: don't allow journal inode to have encrypt flag
Ben Dooks <ben-linux@fluff.org>
riscv: uaccess: fix type of 0 variable on error in get_user()
Jeff Layton <jlayton@kernel.org>
nfsd: fix handling of readdir in v4root vs. mount upcall timeout
Rodrigo Branco <bsdaemon@google.com>
x86/bugs: Flush IBP in ib_prctl_set()
Hans de Goede <hdegoede@redhat.com>
ASoC: Intel: bytcr_rt5640: Add quirk for the Advantech MICA-071 tablet
Jan Kara <jack@suse.cz>
udf: Fix extension of the last extent in the file
Zhengchao Shao <shaozhengchao@huawei.com>
caif: fix memory leak in cfctrl_linkup_request()
Szymon Heidrich <szymon.heidrich@gmail.com>
usb: rndis_host: Secure rndis_query check against int overflow
Jamal Hadi Salim <jhs@mojatatu.com>
net: sched: atm: dont intepret cls results when asked to drop
Maor Gottlieb <maorg@nvidia.com>
RDMA/mlx5: Fix validation of max_rd_atomic caps for DC
Miaoqian Lin <linmq006@gmail.com>
net: phy: xgmiitorgmii: Fix refcount leak in xgmiitorgmii_probe
Jiguang Xiao <jiguang.xiao@windriver.com>
net: amd-xgbe: add missed tasklet_kill
Miaoqian Lin <linmq006@gmail.com>
nfc: Fix potential resource leaks
Daniil Tatianin <d-tatianin@yandex-team.ru>
qlcnic: prevent ->dcb use-after-free on qlcnic_dcb_enable() failure
Jakub Kicinski <kuba@kernel.org>
bpf: pull before calling skb_postpull_rcsum()
minoura makoto <minoura@valinux.co.jp>
SUNRPC: ensure the matching upcall is in-flight upon downcall
Jan Kara <jack@suse.cz>
ext4: fix deadlock due to mbcache entry corruption
Jan Kara <jack@suse.cz>
mbcache: automatically delete entries from cache on freeing
Jan Kara <jack@suse.cz>
ext4: fix race when reusing xattr blocks
Jan Kara <jack@suse.cz>
ext4: unindent codeblock in ext4_xattr_block_set()
Jan Kara <jack@suse.cz>
ext4: remove EA inode entry from mbcache on inode eviction
Jan Kara <jack@suse.cz>
mbcache: add functions to delete entry if unused
Jan Kara <jack@suse.cz>
mbcache: don't reclaim used entries
Shuqi Zhang <zhangshuqi3@huawei.com>
ext4: use kmemdup() to replace kmalloc + memcpy
Baokun Li <libaokun1@huawei.com>
ext4: correct inconsistent error msg in nojournal mode
Jason Yan <yanaijie@huawei.com>
ext4: goto right label 'failed_mount3a'
John Stultz <john.stultz@linaro.org>
driver core: Set deferred_probe_timeout to a longer default if CONFIG_MODULES is set
Guo Ren <guoren@linux.alibaba.com>
riscv: stacktrace: Fixup ftrace_graph_ret_addr retp argument
Chen Huang <chenhuang5@huawei.com>
riscv/stacktrace: Fix stack output without ra on the stack top
Christoph Hellwig <hch@lst.de>
riscv: remove unreachable !HAVE_FUNCTION_GRAPH_RET_ADDR_PTR code
Biju Das <biju.das.jz@bp.renesas.com>
ravb: Fix "failed to switch device to config mode" message during unbind
Masami Hiramatsu (Google) <mhiramat@kernel.org>
perf probe: Fix to get the DW_AT_decl_file and DW_AT_call_file as unsinged data
Masami Hiramatsu (Google) <mhiramat@kernel.org>
perf probe: Use dwarf_attr_integrate as generic DWARF attr accessor
Luo Meng <luomeng12@huawei.com>
dm thin: resume even if in FAIL mode
Smitha T Murthy <smitha.t@samsung.com>
media: s5p-mfc: Fix in register read and write for H264
Smitha T Murthy <smitha.t@samsung.com>
media: s5p-mfc: Clear workbit to handle error condition
Smitha T Murthy <smitha.t@samsung.com>
media: s5p-mfc: Fix to handle reference queue during finishing
Sasha Levin <sashal@kernel.org>
btrfs: replace strncpy() with strscpy()
Filipe Manana <fdmanana@suse.com>
btrfs: send: avoid unnecessary backref lookups when finding clone source
Alex Deucher <alexander.deucher@amd.com>
drm/amdgpu: make display pinning more flexible (v2)
Ye Bin <yebin10@huawei.com>
ext4: allocate extended attribute value in vmalloc area
Jan Kara <jack@suse.cz>
ext4: avoid unaccounted block allocation when expanding inode
Jan Kara <jack@suse.cz>
ext4: initialize quota before expanding inode in setproject ioctl
Ye Bin <yebin10@huawei.com>
ext4: fix inode leak in ext4_xattr_inode_create() on an error path
Jan Kara <jack@suse.cz>
ext4: avoid BUG_ON when creating xattrs
Luís Henriques <lhenriques@suse.de>
ext4: fix error code return to user-space in ext4_get_branch()
Baokun Li <libaokun1@huawei.com>
ext4: fix corruption when online resizing a 1K bigalloc fs
Ye Bin <yebin10@huawei.com>
ext4: init quota for 'old.inode' in 'ext4_rename'
Baokun Li <libaokun1@huawei.com>
ext4: fix bug_on in __es_tree_search caused by bad boot loader inode
Baokun Li <libaokun1@huawei.com>
ext4: add helper to check quota inums
Gaosheng Cui <cuigaosheng1@huawei.com>
ext4: fix undefined behavior in bit shift for ext4_check_flag_values
Baokun Li <libaokun1@huawei.com>
ext4: add inode table check in __ext4_get_inode_loc to aovid possible infinite loop
Zack Rusin <zackr@vmware.com>
drm/vmwgfx: Validate the box size for the snooped cursor
Simon Ser <contact@emersion.fr>
drm/connector: send hotplug uevent on connector cleanup
Wang Weiyang <wangweiyang2@huawei.com>
device_cgroup: Roll back to original exceptions after copy failure
Shang XiaoJing <shangxiaojing@huawei.com>
parisc: led: Fix potential null-ptr-deref in start_task()
Kim Phillips <kim.phillips@amd.com>
iommu/amd: Fix ivrs_acpihid cmdline parsing code
Corentin Labbe <clabbe@baylibre.com>
crypto: n2 - add missing hash statesize
Sascha Hauer <s.hauer@pengutronix.de>
PCI/sysfs: Fix double free in error path
Michael S. Tsirkin <mst@redhat.com>
PCI: Fix pci_device_is_present() for VFs by checking PF
Dan Carpenter <error27@gmail.com>
ipmi: fix use after free in _ipmi_destroy_user()
Huaxin Lu <luhuaxin1@huawei.com>
ima: Fix a potential NULL pointer access in ima_restore_measurement_list
Zhang Yuchen <zhangyuchen.lcr@bytedance.com>
ipmi: fix long wait in unload when IPMI disconnect
Florian-Ewald Mueller <florian-ewald.mueller@ionos.com>
md/bitmap: Fix bitmap chunk size overflow issues
Paulo Alcantara <pc@cjr.nz>
cifs: fix confusing debug message
Takashi Iwai <tiwai@suse.de>
media: dvb-core: Fix UAF due to refcount races at releasing
Keita Suzuki <keitasuzuki.park@sslab.ics.keio.ac.jp>
media: dvb-core: Fix double free in dvb_register_device()
Nick Desaulniers <ndesaulniers@google.com>
ARM: 9256/1: NWFPE: avoid compiler-generated __aeabi_uldivmod
Yang Jihong <yangjihong1@huawei.com>
tracing: Fix infinite loop in tracing_read_pipe on overflowed print_trace_line
Ashok Raj <ashok.raj@intel.com>
x86/microcode/intel: Do not retry microcode reloading on the APs
Mike Snitzer <snitzer@kernel.org>
dm cache: set needs_check flag after aborting metadata
Luo Meng <luomeng12@huawei.com>
dm cache: Fix UAF in destroy()
Luo Meng <luomeng12@huawei.com>
dm thin: Fix UAF in run_timer_softirq()
Zhihao Cheng <chengzhihao1@huawei.com>
dm thin: Use last transaction's pmd->root when commit failed
Mike Snitzer <snitzer@kernel.org>
dm cache: Fix ABBA deadlock between shrink_slab and dm_cache_metadata_abort
Wang Yufen <wangyufen@huawei.com>
binfmt: Fix error return code in load_elf_fdpic_binary()
Eric W. Biederman <ebiederm@xmission.com>
binfmt: Move install_exec_creds after setup_new_exec to match binfmt_elf
Mickaël Salaün <mic@digikod.net>
selftests: Use optional USERCFLAGS and USERLDFLAGS
Jason A. Donenfeld <Jason@zx2c4.com>
ARM: ux500: do not directly dereference __iomem
Steven Rostedt <rostedt@goodmis.org>
ktest.pl minconfig: Unset configs instead of just removing them
Manivannan Sadhasivam <manivannan.sadhasivam@linaro.org>
soc: qcom: Select REMAP_MMIO for LLCC driver
Jason A. Donenfeld <Jason@zx2c4.com>
media: stv0288: use explicitly signed char
Chuck Lever <chuck.lever@oracle.com>
SUNRPC: Don't leak netobj memory when gss_read_proxy_verf() fails
Hanjun Guo <guohanjun@huawei.com>
tpm: tpm_tis: Add the missed acpi_put_table() to fix memory leak
Hanjun Guo <guohanjun@huawei.com>
tpm: tpm_crb: Add the missed acpi_put_table() to fix memory leak
Deren Wu <deren.wu@mediatek.com>
mmc: vub300: fix warning - do not call blocking ops when !TASK_RUNNING
Mikulas Patocka <mpatocka@redhat.com>
md: fix a crash in mempool_free
Christian Brauner <brauner@kernel.org>
pnode: terminate at peers of source
Artem Egorkine <arteme@gmail.com>
ALSA: line6: fix stack overflow in line6_midi_transmit
Artem Egorkine <arteme@gmail.com>
ALSA: line6: correct midi status byte when receiving data from podxt
Zhang Tianci <zhangtianci.1997@bytedance.com>
ovl: Use ovl mounter's fsuid and fsgid in ovl_link()
Aditya Garg <gargaditya08@live.com>
hfsplus: fix bug causing custom uid and gid being unable to be assigned with mount
Terry Junge <linuxhid@cosmicgizmosystems.com>
HID: plantronics: Additional PIDs for double volume key presses quirk
Nathan Lynch <nathanl@linux.ibm.com>
powerpc/rtas: avoid scheduling in rtas_os_term()
Nathan Lynch <nathanl@linux.ibm.com>
powerpc/rtas: avoid device tree lookups in rtas_os_term()
Adam Vodopjan <grozzly@protonmail.com>
ata: ahci: Fix PCS quirk application for suspend
Lin Ma <linma@zju.edu.cn>
media: dvbdev: fix refcnt bug
Lin Ma <linma@zju.edu.cn>
media: dvbdev: fix build warning due to comments
Rickard x Andersson <rickaran@axis.com>
gcov: add support for checksum field
Nuno Sá <nuno.sa@analog.com>
iio: adc: ad_sigma_delta: do not use internal iio_dev lock
Roberto Sassu <roberto.sassu@huawei.com>
reiserfs: Add missing calls to reiserfs_security_free()
Jason Gerecke <killertofu@gmail.com>
HID: wacom: Ensure bootloader PID is usable in hidraw mode
Ferry Toth <ftoth@exalondelft.nl>
usb: dwc3: core: defer probe on ulpi_read_id timeout
John Stultz <jstultz@google.com>
pstore: Make sure CONFIG_PSTORE_PMSG selects CONFIG_RT_MUTEXES
Yang Jihong <yangjihong1@huawei.com>
perf debug: Set debug_peo_args and redirect_to_stderr variable to correct values in perf_quiet_option()
John Stultz <jstultz@google.com>
pstore: Switch pmsg_lock to an rt_mutex to avoid priority inversion
Hans de Goede <hdegoede@redhat.com>
ASoC: rt5670: Remove unbalanced pm_runtime_put()
Wang Jingjin <wangjingjin1@huawei.com>
ASoC: rockchip: spdif: Add missing clk_disable_unprepare() in rk_spdif_runtime_resume()
Marek Szyprowski <m.szyprowski@samsung.com>
ASoC: wm8994: Fix potential deadlock
Wang Jingjin <wangjingjin1@huawei.com>
ASoC: rockchip: pdm: Add missing clk_disable_unprepare() in rockchip_pdm_runtime_resume()
Wang Yufen <wangyufen@huawei.com>
ASoC: mediatek: mt8173-rt5650-rt5514: fix refcount leak in mt8173_rt5650_rt5514_dev_probe()
Zhang Xiaoxu <zhangxiaoxu5@huawei.com>
orangefs: Fix kmemleak in orangefs_prepare_debugfs_help_string()
Nathan Chancellor <nathan@kernel.org>
drm/sti: Fix return type of sti_{dvo,hda,hdmi}_connector_mode_valid()
Nathan Chancellor <nathan@kernel.org>
drm/fsl-dcu: Fix return type of fsl_dcu_drm_connector_mode_valid()
Xiu Jianfeng <xiujianfeng@huawei.com>
clk: st: Fix memory leak in st_of_quadfs_setup()
Shigeru Yoshida <syoshida@redhat.com>
media: si470x: Fix use-after-free in si470x_int_in_callback()
Kunihiko Hayashi <hayashi.kunihiko@socionext.com>
mmc: f-sdh30: Add quirks for broken timeout clock capability
Rui Zhang <zr.zhang@vivo.com>
regulator: core: fix use_count leakage when handling boot-on
Ye Bin <yebin10@huawei.com>
blk-mq: fix possible memleak when register 'hctx' failed
Mazin Al Haddad <mazinalhaddad05@gmail.com>
media: dvb-usb: fix memory leak in dvb_usb_adapter_init()
Lin Ma <linma@zju.edu.cn>
media: dvbdev: adopts refcnt to avoid UAF
Yan Lei <yan_lei@dahuatech.com>
media: dvb-frontends: fix leak of memory fw
Stanislav Fomichev <sdf@google.com>
ppp: associate skb with a device at tx
Schspa Shi <schspa@gmail.com>
mrp: introduce active flags to prevent UAF when applicant uninit
Jiang Li <jiang.li@ugreen.com>
md/raid1: stop mdx_raid1 thread when raid1 array run failed
Li Zhong <floridsleeves@gmail.com>
drivers/md/md-bitmap: check the return value of md_bitmap_get_counter()
Ville Syrjälä <ville.syrjala@linux.intel.com>
drm/sti: Use drm_mode_copy()
Nathan Chancellor <nathan@kernel.org>
s390/lcs: Fix return type of lcs_start_xmit()
Nathan Chancellor <nathan@kernel.org>
s390/netiucv: Fix return type of netiucv_tx()
Nathan Chancellor <nathan@kernel.org>
s390/ctcm: Fix return type of ctc{mp,}m_tx()
Nathan Chancellor <nathan@kernel.org>
drm/amdgpu: Fix type of second parameter in trans_msg() callback
Kees Cook <keescook@chromium.org>
igb: Do not free q_vector unless new one was allocated
Minsuk Kang <linuxlovemin@yonsei.ac.kr>
wifi: brcmfmac: Fix potential shift-out-of-bounds in brcmf_fw_alloc_request()
Nathan Chancellor <nathan@kernel.org>
hamradio: baycom_epp: Fix return type of baycom_send_packet()
Nathan Chancellor <nathan@kernel.org>
net: ethernet: ti: Fix return type of netcp_ndo_start_xmit()
Stanislav Fomichev <sdf@google.com>
bpf: make sure skb->len != 0 when redirecting to a tunneling device
Zhang Yuchen <zhangyuchen.lcr@bytedance.com>
ipmi: fix memleak when unload ipmi driver
Amadeusz Sławiński <amadeuszx.slawinski@linux.intel.com>
ASoC: codecs: rt298: Add quirk for KBL-R RVP platform
Shigeru Yoshida <syoshida@redhat.com>
wifi: ar5523: Fix use-after-free on ar5523_cmd() timed out
Fedor Pchelkin <pchelkin@ispras.ru>
wifi: ath9k: verify the expected usb_endpoints are present
ZhangPeng <zhangpeng362@huawei.com>
hfs: fix OOB Read in __hfs_brec_find
Zheng Yejian <zhengyejian1@huawei.com>
acct: fix potential integer overflow in encode_comp_t()
Ryusuke Konishi <konishi.ryusuke@gmail.com>
nilfs2: fix shift-out-of-bounds/overflow in nilfs_sb2_bad_offset()
Rafael J. Wysocki <rafael.j.wysocki@intel.com>
ACPICA: Fix error code path in acpi_ds_call_control_method()
Hoi Pok Wu <wuhoipok@gmail.com>
fs: jfs: fix shift-out-of-bounds in dbDiscardAG
Shigeru Yoshida <syoshida@redhat.com>
udf: Avoid double brelse() in udf_rename()
Dongliang Mu <mudongliangabcd@gmail.com>
fs: jfs: fix shift-out-of-bounds in dbAllocAG
Liu Shixin <liushixin2@huawei.com>
binfmt_misc: fix shift-out-of-bounds in check_special_flags
Eric Dumazet <edumazet@google.com>
net: stream: purge sk_error_queue in sk_stream_kill_queues()
Christophe JAILLET <christophe.jaillet@wanadoo.fr>
myri10ge: Fix an error handling path in myri10ge_probe()
David Howells <dhowells@redhat.com>
rxrpc: Fix missing unlock in rxrpc_do_sendmsg()
Cong Wang <cong.wang@bytedance.com>
net_sched: reject TCF_EM_SIMPLE case for complex ematch module
Subash Abhinov Kasiviswanathan <quic_subashab@quicinc.com>
skbuff: Account for tail adjustment during pull operations
Eelco Chaudron <echaudro@redhat.com>
openvswitch: Fix flow lookup to use unmasked key
GUO Zihua <guozihua@huawei.com>
rtc: mxc_v2: Add missing clk_disable_unprepare()
Li Zetao <lizetao1@huawei.com>
r6040: Fix kmemleak in probe and remove
Minsuk Kang <linuxlovemin@yonsei.ac.kr>
nfc: pn533: Clear nfc_target before being used
Yang Yingliang <yangyingliang@huawei.com>
mISDN: hfcmulti: don't call dev_kfree_skb/kfree_skb() under spin_lock_irqsave()
Yang Yingliang <yangyingliang@huawei.com>
mISDN: hfcpci: don't call dev_kfree_skb/kfree_skb() under spin_lock_irqsave()
Yang Yingliang <yangyingliang@huawei.com>
mISDN: hfcsusb: don't call dev_kfree_skb/kfree_skb() under spin_lock_irqsave()
Dan Aloni <dan.aloni@vastdata.com>
nfsd: under NFSv4.1, fix double svc_xprt_put on rpc_create failure
Gaosheng Cui <cuigaosheng1@huawei.com>
rtc: st-lpc: Add missing clk_disable_unprepare in st_rtc_probe()
Nathan Lynch <nathanl@linux.ibm.com>
powerpc/pseries/eeh: use correct API for error log size
Haowen Bai <baihaowen@meizu.com>
powerpc/eeh: Drop redundant spinlock initialization
Oliver O'Halloran <oohall@gmail.com>
powerpc/pseries: Stop using eeh_ops->init()
Wen Xiong <wenxiong@linux.vnet.ibm.com>
powerpc/pseries: PCIE PHB reset
Sam Bobroff <sbobroff@linux.ibm.com>
powerpc/eeh: Fix pseries_eeh_configure_bridge()
Sam Bobroff <sbobroff@linux.ibm.com>
powerpc/eeh: EEH for pSeries hot plug
Sam Bobroff <sbobroff@linux.ibm.com>
powerpc/eeh: Improve debug messages around device addition
Yuan Can <yuancan@huawei.com>
remoteproc: qcom_q6v5_pas: Fix missing of_node_put() in adsp_alloc_memory_region()
Bjorn Andersson <bjorn.andersson@linaro.org>
remoteproc: qcom: Rename Hexagon v5 PAS driver
Miaoqian Lin <linmq006@gmail.com>
selftests/powerpc: Fix resource leaks
Kajol Jain <kjain@linux.ibm.com>
powerpc/hv-gpci: Fix hv_gpci event list
Yang Yingliang <yangyingliang@huawei.com>
powerpc/83xx/mpc832x_rdb: call platform_device_put() in error case in of_fsl_spi_probe()
Nicholas Piggin <npiggin@gmail.com>
powerpc/perf: callchain validate kernel stack pointer bounds
Yang Yingliang <yangyingliang@huawei.com>
powerpc/xive: add missing iounmap() in error path in xive_spapr_populate_irq_data()
Miaoqian Lin <linmq006@gmail.com>
cxl: Fix refcount leak in cxl_calc_capp_routing
Christophe JAILLET <christophe.jaillet@wanadoo.fr>
powerpc/52xx: Fix a resource leak in an error handling path
Xie Shaowen <studentxswpy@163.com>
macintosh/macio-adb: check the return value of ioremap()
Yang Yingliang <yangyingliang@huawei.com>
macintosh: fix possible memory leak in macio_add_one_device()
Yuan Can <yuancan@huawei.com>
iommu/fsl_pamu: Fix resource leak in fsl_pamu_probe()
Yang Yingliang <yangyingliang@huawei.com>
iommu/amd: Fix pci device refcount leak in ppr_notifier()
Stefan Eichenberger <stefan.eichenberger@toradex.com>
rtc: snvs: Allow a time difference on clock register read
Rafael J. Wysocki <rafael.j.wysocki@intel.com>
rtc: cmos: Disable ACPI RTC event on removal
Rafael J. Wysocki <rafael.j.wysocki@intel.com>
rtc: cmos: Rename ACPI-related functions
Rafael J. Wysocki <rafael.j.wysocki@intel.com>
rtc: cmos: Eliminate forward declarations of some functions
Rafael J. Wysocki <rafael.j.wysocki@intel.com>
rtc: cmos: Call rtc_wake_setup() from cmos_do_probe()
Rafael J. Wysocki <rafael.j.wysocki@intel.com>
rtc: cmos: Call cmos_wake_setup() from cmos_do_probe()
Alexandre Belloni <alexandre.belloni@bootlin.com>
rtc: cmos: fix build on non-ACPI platforms
Rafael J. Wysocki <rafael.j.wysocki@intel.com>
rtc: cmos: Fix wake alarm breakage
Rafael J. Wysocki <rafael.j.wysocki@intel.com>
rtc: cmos: Fix event handler registration ordering issue
Rafael J. Wysocki <rafael.j.wysocki@intel.com>
rtc: rtc-cmos: Do not check ACPI_FADT_LOW_POWER_S0
Andy Shevchenko <andriy.shevchenko@linux.intel.com>
rtc: cmos: Refactor code by using the new dmi_get_bios_year() helper
Matt Redfearn <matt.redfearn@mips.com>
include/uapi/linux/swab: Fix potentially missing __always_inline
Yuan Can <yuancan@huawei.com>
HSI: omap_ssi_core: Fix error handling in ssi_init()
Ajay Kaher <akaher@vmware.com>
perf symbol: correction while adjusting symbol
Zeng Heng <zengheng4@huawei.com>
power: supply: fix residue sysfs file in error handle route of __power_supply_register()
Yang Yingliang <yangyingliang@huawei.com>
HSI: omap_ssi_core: fix possible memory leak in ssi_probe()
Yang Yingliang <yangyingliang@huawei.com>
HSI: omap_ssi_core: fix unbalanced pm_runtime_disable()
Christophe JAILLET <christophe.jaillet@wanadoo.fr>
fbdev: uvesafb: Fixes an error handling path in uvesafb_probe()
Xiongfeng Wang <wangxiongfeng2@huawei.com>
fbdev: vermilion: decrease reference count in error path
Shang XiaoJing <shangxiaojing@huawei.com>
fbdev: via: Fix error in via_core_init()
Yang Yingliang <yangyingliang@huawei.com>
fbdev: pm2fb: fix missing pci_disable_device()
Andy Shevchenko <andriy.shevchenko@linux.intel.com>
fbdev: ssd1307fb: Drop optional dependency
Shang XiaoJing <shangxiaojing@huawei.com>
samples: vfio-mdev: Fix missing pci_disable_device() in mdpy_fb_probe()
Zheng Yejian <zhengyejian1@huawei.com>
tracing/hist: Fix issue of losting command info in error_log
Jiasheng Jiang <jiasheng@iscas.ac.cn>
usb: storage: Add check for kcalloc
Zheyu Ma <zheyuma97@gmail.com>
i2c: ismt: Fix an out-of-bounds bug in ismt_access()
Yang Yingliang <yangyingliang@huawei.com>
i2c: mux: reg: check return value after calling platform_get_resource()
Dejin Zheng <zhengdejin5@gmail.com>
drivers: provide devm_platform_get_and_ioremap_resource()
Bartosz Golaszewski <bgolaszewski@baylibre.com>
drivers: provide devm_platform_ioremap_resource()
Chen Zhongjin <chenzhongjin@huawei.com>
vme: Fix error not catched in fake_init()
YueHaibing <yuehaibing@huawei.com>
staging: rtl8192e: Fix potential use-after-free in rtllib_rx_Monitor()
Dan Carpenter <error27@gmail.com>
staging: rtl8192u: Fix use after free in ieee80211_rx()
Hui Tang <tanghui20@huawei.com>
i2c: pxa-pci: fix missing pci_disable_device() on error in ce4100_i2c_probe
Yang Yingliang <yangyingliang@huawei.com>
chardev: fix error handling in cdev_device_add()
Yang Yingliang <yangyingliang@huawei.com>
mcb: mcb-parse: fix error handing in chameleon_parse_gdd()
Zhengchao Shao <shaozhengchao@huawei.com>
drivers: mcb: fix resource leak in mcb_probe()
John Keeping <john@metanate.com>
usb: gadget: f_hid: fix refcount leak on error path
John Keeping <john@metanate.com>
usb: gadget: f_hid: fix f_hidg lifetime vs cdev
Maxim Devaev <mdevaev@gmail.com>
usb: gadget: f_hid: optional SETUP/SET_REPORT mode
Yang Yingliang <yangyingliang@huawei.com>
cxl: fix possible null-ptr-deref in cxl_pci_init_afu|adapter()
Yang Yingliang <yangyingliang@huawei.com>
cxl: fix possible null-ptr-deref in cxl_guest_init_afu|adapter()
Zheng Wang <zyytlz.wz@163.com>
misc: sgi-gru: fix use-after-free error in gru_set_context_option, gru_fault and gru_handle_user_call_os
ruanjinjie <ruanjinjie@huawei.com>
misc: tifm: fix possible memory leak in tifm_7xx1_switch_media()
Zhengchao Shao <shaozhengchao@huawei.com>
test_firmware: fix memory leak in test_firmware_init()
Yuan Can <yuancan@huawei.com>
serial: sunsab: Fix error handling in sunsab_init()
Gabriel Somlo <gsomlo@gmail.com>
serial: altera_uart: fix locking in polling mode
Jiri Slaby <jslaby@suse.cz>
tty: serial: altera_uart_{r,t}x_chars() need only uart_port
Jiri Slaby <jslaby@suse.cz>
tty: serial: clean up stop-tx part in altera_uart_tx_chars()
Xiongfeng Wang <wangxiongfeng2@huawei.com>
serial: pch: Fix PCI device refcount leak in pch_request_dma()
delisun <delisun@pateo.com.cn>
serial: pl011: Do not clear RX FIFO & RX interrupt in unthrottle.
Jiamei Xie <jiamei.xie@arm.com>
serial: amba-pl011: avoid SBSA UART accessing DMACR register
Sven Peter <sven@svenpeter.dev>
usb: typec: Check for ops->exit instead of ops->enter in altmode_exit
Gaosheng Cui <cuigaosheng1@huawei.com>
staging: vme_user: Fix possible UAF in tsi148_dma_list_add
Linus Walleij <linus.walleij@linaro.org>
usb: fotg210-udc: Fix ages old endianness issues
Rafael Mendonca <rafaelmendsr@gmail.com>
uio: uio_dmem_genirq: Fix deadlock between irq config and handling
Rafael Mendonca <rafaelmendsr@gmail.com>
uio: uio_dmem_genirq: Fix missing unlock in irq configuration
Rafael Mendonca <rafaelmendsr@gmail.com>
vfio: platform: Do not pass return buffer to ACPI _RST method
Yang Yingliang <yangyingliang@huawei.com>
class: fix possible memory leak in __class_register()
Kartik <kkartik@nvidia.com>
serial: tegra: Read DMA status before terminating
Dmitry Osipenko <digetx@gmail.com>
tty: serial: tegra: Activate RX DMA transfer by request
Krishna Yarlagadda <kyarlagadda@nvidia.com>
serial: tegra: Add PIO mode support
Krishna Yarlagadda <kyarlagadda@nvidia.com>
serial: tegra: report clk rate errors
Krishna Yarlagadda <kyarlagadda@nvidia.com>
serial: tegra: add support to adjust baud rate
Krishna Yarlagadda <kyarlagadda@nvidia.com>
serial: tegra: add support to use 8 bytes trigger
Krishna Yarlagadda <kyarlagadda@nvidia.com>
serial: tegra: set maximum num of uart ports to 8
Krishna Yarlagadda <kyarlagadda@nvidia.com>
serial: tegra: check for FIFO mode enabled status
Ahung Cheng <ahcheng@nvidia.com>
serial: tegra: avoid reg access when clk disabled
Yang Yingliang <yangyingliang@huawei.com>
drivers: dio: fix possible memory leak in dio_init()
Dragos Tatulea <dtatulea@nvidia.com>
IB/IPoIB: Fix queue count inconsistency for PKEY child interfaces
Xiongfeng Wang <wangxiongfeng2@huawei.com>
hwrng: geode - Fix PCI device refcount leak
Xiongfeng Wang <wangxiongfeng2@huawei.com>
hwrng: amd - Fix PCI device refcount leak
Gaosheng Cui <cuigaosheng1@huawei.com>
crypto: img-hash - Fix variable dereferenced before check 'hdev->req'
Zhang Xiaoxu <zhangxiaoxu5@huawei.com>
orangefs: Fix sysfs not cleanup when dev init failed
Wang Yufen <wangyufen@huawei.com>
RDMA/hfi1: Fix error return code in parse_platform_config()
Gaosheng Cui <cuigaosheng1@huawei.com>
scsi: snic: Fix possible UAF in snic_tgt_create()
Chen Zhongjin <chenzhongjin@huawei.com>
scsi: fcoe: Fix transport not deattached when fcoe_if_init() fails
Shang XiaoJing <shangxiaojing@huawei.com>
scsi: ipr: Fix WARNING in ipr_init()
Yang Yingliang <yangyingliang@huawei.com>
scsi: fcoe: Fix possible name leak when device_register() fails
Yang Yingliang <yangyingliang@huawei.com>
scsi: hpsa: Fix possible memory leak in hpsa_add_sas_device()
Yang Yingliang <yangyingliang@huawei.com>
scsi: hpsa: Fix error handling in hpsa_add_sas_host()
Yang Yingliang <yangyingliang@huawei.com>
scsi: mpt3sas: Fix possible resource leaks in mpt3sas_transport_port_add()
Joe Perches <joe@perches.com>
scsi: mpt3sas: Convert uses of pr_<level> with MPT3SAS_FMT to ioc_<level>
Joe Perches <joe@perches.com>
scsi: mpt3sas: Add ioc_<level> logging macros
Zhang Yiqun <zhangyiqun@phytium.com.cn>
crypto: tcrypt - Fix multibuffer skcipher speed test mem leak
Yuan Can <yuancan@huawei.com>
scsi: hpsa: Fix possible memory leak in hpsa_init_one()
Don Brace <don.brace@microsemi.com>
scsi: hpsa: use local workqueues instead of system workqueues
Zhang Xiaoxu <zhangxiaoxu5@huawei.com>
RDMA/rxe: Fix NULL-ptr-deref in rxe_qp_do_cleanup() when socket create failed
Uwe Kleine-König <u.kleine-koenig@pengutronix.de>
crypto: ccree - Make cc_debugfs_global_fini() available for module init function
Xiongfeng Wang <wangxiongfeng2@huawei.com>
RDMA/hfi: Decrease PCI device reference count in error path
Zeng Heng <zengheng4@huawei.com>
PCI: Check for alloc failure in pci_request_irq()
Harshit Mogalapalli <harshit.m.mogalapalli@oracle.com>
scsi: scsi_debug: Fix a warning in resp_write_scat()
Mark Zhang <markzhang@nvidia.com>
RDMA/nldev: Return "-EAGAIN" if the cm_id isn't from expected port
Dongdong Zhang <zhangdongdong1@oppo.com>
f2fs: fix normal discard process
John Johansen <john.johansen@canonical.com>
apparmor: Fix abi check to include v8 abi
John Johansen <john.johansen@canonical.com>
apparmor: fix lockdep warning when removing a namespace
Gaosheng Cui <cuigaosheng1@huawei.com>
apparmor: fix a memleak in multi_transaction_new()
Piergiorgio Beruto <piergiorgio.beruto@gmail.com>
stmmac: fix potential division by 0
Yang Yingliang <yangyingliang@huawei.com>
Bluetooth: RFCOMM: don't call kfree_skb() under spin_lock_irqsave()
Yang Yingliang <yangyingliang@huawei.com>
Bluetooth: hci_core: don't call kfree_skb() under spin_lock_irqsave()
Yang Yingliang <yangyingliang@huawei.com>
Bluetooth: hci_bcsp: don't call kfree_skb() under spin_lock_irqsave()
Yang Yingliang <yangyingliang@huawei.com>
Bluetooth: hci_h5: don't call kfree_skb() under spin_lock_irqsave()
Yang Yingliang <yangyingliang@huawei.com>
Bluetooth: hci_qca: don't call kfree_skb() under spin_lock_irqsave()
Yang Yingliang <yangyingliang@huawei.com>
Bluetooth: btusb: don't call kfree_skb() under spin_lock_irqsave()
Eric Pilmore <epilmore@gigaio.com>
ntb_netdev: Use dev_kfree_skb_any() in interrupt context
Jerry Ray <jerry.ray@microchip.com>
net: lan9303: Fix read error execution path
Tom Lendacky <thomas.lendacky@amd.com>
net: amd-xgbe: Check only the minimum speed for active/passive cables
Tom Lendacky <thomas.lendacky@amd.com>
net: amd-xgbe: Fix logic around active and passive cables
Yang Yingliang <yangyingliang@huawei.com>
net: amd: lance: don't call dev_kfree_skb() under spin_lock_irqsave()
Yang Yingliang <yangyingliang@huawei.com>
hamradio: don't call dev_kfree_skb() under spin_lock_irqsave()
Yang Yingliang <yangyingliang@huawei.com>
net: ethernet: dnet: don't call dev_kfree_skb() under spin_lock_irqsave()
Yang Yingliang <yangyingliang@huawei.com>
net: emaclite: don't call dev_kfree_skb() under spin_lock_irqsave()
Yang Yingliang <yangyingliang@huawei.com>
net: apple: bmac: don't call dev_kfree_skb() under spin_lock_irqsave()
Yang Yingliang <yangyingliang@huawei.com>
net: apple: mace: don't call dev_kfree_skb() under spin_lock_irqsave()
Hangbin Liu <liuhangbin@gmail.com>
net/tunnel: wait until all sk_user_data reader finish before releasing the sock
Li Zetao <lizetao1@huawei.com>
net: farsync: Fix kmemleak when rmmods farsync
Yang Yingliang <yangyingliang@huawei.com>
ethernet: s2io: don't call dev_kfree_skb() under spin_lock_irqsave()
Yuan Can <yuancan@huawei.com>
drivers: net: qlcnic: Fix potential memory leak in qlcnic_sriov_init()
Yongqiang Liu <liuyongqiang13@huawei.com>
net: defxx: Fix missing err handling in dfx_init()
Artem Chernyshev <artem.chernyshev@red-soft.ru>
net: vmw_vsock: vmci: Check memcpy_from_msg()
Dinh Nguyen <dinguyen@kernel.org>
clk: socfpga: use clk_hw_register for a5/c5
Lee Jones <lee.jones@linaro.org>
clk: socfpga: clk-pll: Remove unused variable 'rc'
Yang Jihong <yangjihong1@huawei.com>
blktrace: Fix output non-blktrace event when blk_classic option enabled
Wang Yufen <wangyufen@huawei.com>
wifi: brcmfmac: Fix error return code in brcmf_sdio_download_firmware()
Chris Chiu <chiu@endlessm.com>
rtl8xxxu: add enumeration for channel bandwidth
Bitterblue Smith <rtl8821cerfe2@gmail.com>
wifi: rtl8xxxu: Add __packed to struct rtl8723bu_c2h
Xiu Jianfeng <xiujianfeng@huawei.com>
clk: samsung: Fix memory leak in _samsung_clk_register_pll()
Jiasheng Jiang <jiasheng@iscas.ac.cn>
media: coda: Add check for kmalloc
Jiasheng Jiang <jiasheng@iscas.ac.cn>
media: coda: Add check for dcoda_iram_alloc
Liang He <windhl@126.com>
media: c8sectpfe: Add of_node_put() when breaking out of loop
Yang Yingliang <yangyingliang@huawei.com>
mmc: mmci: fix return value check of mmc_add_host()
Yang Yingliang <yangyingliang@huawei.com>
mmc: wbsd: fix return value check of mmc_add_host()
Yang Yingliang <yangyingliang@huawei.com>
mmc: via-sdmmc: fix return value check of mmc_add_host()
Yang Yingliang <yangyingliang@huawei.com>
mmc: meson-gx: fix return value check of mmc_add_host()
Yang Yingliang <yangyingliang@huawei.com>
mmc: atmel-mci: fix return value check of mmc_add_host()
Yang Yingliang <yangyingliang@huawei.com>
mmc: wmt-sdmmc: fix return value check of mmc_add_host()
Yang Yingliang <yangyingliang@huawei.com>
mmc: vub300: fix return value check of mmc_add_host()
Yang Yingliang <yangyingliang@huawei.com>
mmc: toshsd: fix return value check of mmc_add_host()
Yang Yingliang <yangyingliang@huawei.com>
mmc: rtsx_usb_sdmmc: fix return value check of mmc_add_host()
Yang Yingliang <yangyingliang@huawei.com>
mmc: mxcmmc: fix return value check of mmc_add_host()
Yang Yingliang <yangyingliang@huawei.com>
mmc: moxart: fix return value check of mmc_add_host()
Trond Myklebust <trond.myklebust@hammerspace.com>
NFSv4.x: Fail client initialisation if state manager thread can't run
Wang ShaoBo <bobo.shaobowang@huawei.com>
SUNRPC: Fix missing release socket in rpc_sockname()
Gaosheng Cui <cuigaosheng1@huawei.com>
ALSA: mts64: fix possible null-ptr-defer in snd_mts64_interrupt
Liu Shixin <liushixin2@huawei.com>
media: saa7164: fix missing pci_disable_device()
Yang Yingliang <yangyingliang@huawei.com>
regulator: core: fix module refcount leak in set_supply()
Chen Zhongjin <chenzhongjin@huawei.com>
wifi: cfg80211: Fix not unregister reg_pdev when load_builtin_regdb_keys() fails
Zhengchao Shao <shaozhengchao@huawei.com>
wifi: mac80211: fix memory leak in ieee80211_if_add()
Dan Carpenter <error27@gmail.com>
bonding: uninitialized variable in bond_miimon_inspect()
Zhang Qilong <zhangqilong3@huawei.com>
ASoC: pcm512x: Fix PM disable depth imbalance in pcm512x_probe
Xiongfeng Wang <wangxiongfeng2@huawei.com>
drm/amdgpu: Fix PCI device refcount leak in amdgpu_atrm_get_bios()
Xiongfeng Wang <wangxiongfeng2@huawei.com>
drm/radeon: Fix PCI device refcount leak in radeon_atrm_get_bios()
Liu Shixin <liushixin2@huawei.com>
ALSA: asihpi: fix missing pci_disable_device()
Trond Myklebust <trond.myklebust@hammerspace.com>
NFSv4: Fix a deadlock between nfs4_open_recover_helper() and delegreturn
Trond Myklebust <trond.myklebust@hammerspace.com>
NFSv4.2: Fix a memory stomp in decode_attr_security_label
Zhang Zekun <zhangzekun11@huawei.com>
drm/tegra: Add missing clk_disable_unprepare() in tegra_dc_probe()
Aakarsh Jain <aakarsh.jain@samsung.com>
media: s5p-mfc: Add variant data for MFC v7 hardware for Exynos 3250 SoC
Baisong Zhong <zhongbaisong@huawei.com>
media: dvb-usb: az6027: fix null-ptr-deref in az6027_i2c_xfer()
Chen Zhongjin <chenzhongjin@huawei.com>
media: dvb-core: Fix ignored return value in dvb_register_frontend()
ZhangPeng <zhangpeng362@huawei.com>
pinctrl: pinconf-generic: add missing of_node_put()
Gautam Menghani <gautammenghani201@gmail.com>
media: imon: fix a race condition in send_packet()
Wang ShaoBo <bobo.shaobowang@huawei.com>
drbd: remove call to memset before free device/resource/connection
Zheng Yongjun <zhengyongjun3@huawei.com>
mtd: maps: pxa2xx-flash: fix memory leak in probe
Maor Gottlieb <maorg@mellanox.com>
bonding: Export skip slave logic to function
Xiu Jianfeng <xiujianfeng@huawei.com>
clk: rockchip: Fix memory leak in rockchip_clk_register_pll()
Baisong Zhong <zhongbaisong@huawei.com>
ALSA: seq: fix undefined behavior in bit shift for SNDRV_SEQ_FILTER_USE_EVENT
Marcus Folkesson <marcus.folkesson@gmail.com>
HID: hid-sensor-custom: set fixed size for custom attributes
Yuan Can <yuancan@huawei.com>
media: platform: exynos4-is: Fix error handling in fimc_md_init()
Yang Yingliang <yangyingliang@huawei.com>
media: solo6x10: fix possible memory leak in solo_sysfs_init()
Douglas Anderson <dianders@chromium.org>
Input: elants_i2c - properly handle the reset GPIO when power is off
Hui Tang <tanghui20@huawei.com>
mtd: lpddr2_nvm: Fix possible null-ptr-deref
Xiu Jianfeng <xiujianfeng@huawei.com>
wifi: ath10k: Fix return value in ath10k_pci_init()
Xiu Jianfeng <xiujianfeng@huawei.com>
ima: Fix misuse of dereference of pointer in template_desc_init_fields()
Yang Yingliang <yangyingliang@huawei.com>
regulator: core: fix unbalanced of node refcount in regulator_dev_lookup()
Zeng Heng <zengheng4@huawei.com>
ASoC: pxa: fix null-pointer dereference in filter()
Hanjun Guo <guohanjun@huawei.com>
drm/radeon: Add the missed acpi_put_table() to fix memory leak
David Howells <dhowells@redhat.com>
net, proc: Provide PROC_FS=n fallback for proc_create_net_single_write()
Vladimir Zapolskiy <vladimir.zapolskiy@linaro.org>
media: camss: Clean up received buffers on failed start of streaming
Marek Vasut <marex@denx.de>
wifi: rsi: Fix handling of 802.3 EAPOL frames sent via control port
Zhang Xiaoxu <zhangxiaoxu5@huawei.com>
mtd: Fix device name leak when register device failed in add_mtd_device()
Liu Shixin <liushixin2@huawei.com>
media: vivid: fix compose size exceed boundary
Jonathan Neuschäfer <j.neuschaefer@gmx.net>
spi: Update reference to struct spi_controller
Jimmy Assarsson <extja@kvaser.com>
can: kvaser_usb: Compare requested bittiming parameters with actual parameters in do_set_{,data}_bittiming
Jimmy Assarsson <extja@kvaser.com>
can: kvaser_usb: Add struct kvaser_usb_busparams
Anssi Hannula <anssi.hannula@bitwise.fi>
can: kvaser_usb_leaf: Fix bogus restart events
Anssi Hannula <anssi.hannula@bitwise.fi>
can: kvaser_usb_leaf: Fix wrong CAN state after stopping
Anssi Hannula <anssi.hannula@bitwise.fi>
can: kvaser_usb_leaf: Fix improved state not being reported
Anssi Hannula <anssi.hannula@bitwise.fi>
can: kvaser_usb_leaf: Set Warning state even without bus errors
Jimmy Assarsson <extja@kvaser.com>
can: kvaser_usb: kvaser_usb_leaf: Handle CMD_ERROR_EVENT
Jimmy Assarsson <extja@kvaser.com>
can: kvaser_usb: kvaser_usb_leaf: Rename {leaf,usbcan}_cmd_error_event to {leaf,usbcan}_cmd_can_error_event
Jimmy Assarsson <extja@kvaser.com>
can: kvaser_usb: kvaser_usb_leaf: Get capabilities from device
Vincent Mailhol <mailhol.vincent@wanadoo.fr>
can: kvaser_usb: do not increase tx statistics when sending error message frames
Ricardo Ribalda <ribalda@chromium.org>
media: i2c: ad5820: Fix error path
Junlin Yang <yangjunlin@yulong.com>
pata_ipx4xx_cf: Fix unsigned comparison with less than zero
Bitterblue Smith <rtl8821cerfe2@gmail.com>
wifi: rtl8xxxu: Fix reading the vendor of combo chips
Fedor Pchelkin <pchelkin@ispras.ru>
wifi: ath9k: hif_usb: Fix use-after-free in ath9k_hif_usb_reg_in_cb()
Fedor Pchelkin <pchelkin@ispras.ru>
wifi: ath9k: hif_usb: fix memory leak of urbs in ath9k_hif_usb_dealloc_tx_urbs()
Cai Xinchen <caixinchen1@huawei.com>
rapidio: devices: fix missing put_device in mport_cdev_open
ZhangPeng <zhangpeng362@huawei.com>
hfs: Fix OOB Write in hfs_asc2mac
Gavrilov Ilia <Ilia.Gavrilov@infotecs.ru>
relay: fix type mismatch when allocating memory in relay_create_buf()
Zhang Qilong <zhangqilong3@huawei.com>
eventfd: change int to __u64 in eventfd_signal() ifndef CONFIG_EVENTFD
Wang Weiyang <wangweiyang2@huawei.com>
rapidio: fix possible UAF when kfifo_alloc() fails
Chen Zhongjin <chenzhongjin@huawei.com>
fs: sysv: Fix sysv_nblocks() returns wrong value
Anastasia Belova <abelova@astralinux.ru>
MIPS: BCM63xx: Add check for NULL for clk in clk_enable
Yu Liao <liaoyu15@huawei.com>
platform/x86: mxm-wmi: fix memleak in mxm_wmi_call_mx[ds|mx]()
Rafael J. Wysocki <rafael.j.wysocki@intel.com>
PM: runtime: Do not call __rpm_callback() from rpm_idle()
Ulf Hansson <ulf.hansson@linaro.org>
PM: runtime: Improve path in rpm_idle() when no callback
Harshit Mogalapalli <harshit.m.mogalapalli@oracle.com>
xen/privcmd: Fix a possible warning in privcmd_ioctl_mmap_resource()
Xiu Jianfeng <xiujianfeng@huawei.com>
x86/xen: Fix memory leak in xen_init_lock_cpu()
Xiu Jianfeng <xiujianfeng@huawei.com>
x86/xen: Fix memory leak in xen_smp_intr_init{_pv}()
Juergen Gross <jgross@suse.com>
xen/events: only register debug interrupt for 2-level events
Oleg Nesterov <oleg@redhat.com>
uprobes/x86: Allow to probe a NOP instruction with 0x66 prefix
Li Zetao <lizetao1@huawei.com>
ACPICA: Fix use-after-free in acpi_ut_copy_ipackage_to_ipackage()
Geert Uytterhoeven <geert+renesas@glider.be>
clocksource/drivers/sh_cmt: Make sure channel clock supply is enabled
Yang Yingliang <yangyingliang@huawei.com>
rapidio: rio: fix possible name leak in rio_register_mport()
Yang Yingliang <yangyingliang@huawei.com>
rapidio: fix possible name leaks when rio_add_device() fails
Akinobu Mita <akinobu.mita@gmail.com>
debugfs: fix error when writing negative value to atomic_t debugfs file
Akinobu Mita <akinobu.mita@gmail.com>
lib/notifier-error-inject: fix error when writing -errno to debugfs file
Akinobu Mita <akinobu.mita@gmail.com>
libfs: add DEFINE_SIMPLE_ATTRIBUTE_SIGNED for signed value
Xiongfeng Wang <wangxiongfeng2@huawei.com>
cpufreq: amd_freq_sensitivity: Add missing pci_dev_put()
Shang XiaoJing <shangxiaojing@huawei.com>
irqchip: gic-pm: Use pm_runtime_resume_and_get() in gic_probe()
Xiongfeng Wang <wangxiongfeng2@huawei.com>
perf/x86/intel/uncore: Fix reference count leak in hswep_has_limit_sbox()
Yang Yingliang <yangyingliang@huawei.com>
PNP: fix name memory leak in pnp_alloc_dev()
Yang Yingliang <yangyingliang@huawei.com>
MIPS: vpe-cmp: fix possible memory leak while module exiting
Yang Yingliang <yangyingliang@huawei.com>
MIPS: vpe-mt: fix possible memory leak while module exiting
Shang XiaoJing <shangxiaojing@huawei.com>
ocfs2: fix memory leak in ocfs2_stack_glue_init()
Alexey Dobriyan <adobriyan@gmail.com>
proc: fixup uptime selftest
Barnabás Pőcze <pobrn@protonmail.com>
timerqueue: Use rb_entry_safe() in timerqueue_getnext()
Chen Zhongjin <chenzhongjin@huawei.com>
perf: Fix possible memleak in pmu_dev_alloc()
Yipeng Zou <zouyipeng@huawei.com>
selftests/ftrace: event_triggers: wait longer for test_event_enable
Ondrej Mosnacek <omosnace@redhat.com>
fs: don't audit the capability check in simple_xattr_list()
Al Viro <viro@zeniv.linux.org.uk>
alpha: fix syscall entry in !AUDUT_SYSCALL case
Ulf Hansson <ulf.hansson@linaro.org>
cpuidle: dt: Return the correct numbers of parsed idle states
Michael Kelley <mikelley@microsoft.com>
tpm/tpm_crb: Fix error message in __crb_relinquish_locality()
Stephen Boyd <swboyd@chromium.org>
pstore: Avoid kcore oops by vmap()ing with VM_IOREMAP
Doug Brown <doug@schmorgal.com>
ARM: mmp: fix timer_read delay
Wang Yufen <wangyufen@huawei.com>
pstore/ram: Fix error return code in ramoops_probe()
Pali Rohár <pali@kernel.org>
ARM: dts: turris-omnia: Add switch port 6 node
Pali Rohár <pali@kernel.org>
ARM: dts: turris-omnia: Add ethernet aliases
Pali Rohár <pali@kernel.org>
ARM: dts: armada-39x: Fix assigned-addresses for every PCIe Root Port
Pali Rohár <pali@kernel.org>
ARM: dts: armada-38x: Fix assigned-addresses for every PCIe Root Port
Pali Rohár <pali@kernel.org>
ARM: dts: armada-375: Fix assigned-addresses for every PCIe Root Port
Pali Rohár <pali@kernel.org>
ARM: dts: armada-xp: Fix assigned-addresses for every PCIe Root Port
Pali Rohár <pali@kernel.org>
ARM: dts: armada-370: Fix assigned-addresses for every PCIe Root Port
Pali Rohár <pali@kernel.org>
ARM: dts: dove: Fix assigned-addresses for every PCIe Root Port
AngeloGioacchino Del Regno <angelogioacchino.delregno@collabora.com>
arm64: dts: mediatek: mt6797: Fix 26M oscillator unit name
AngeloGioacchino Del Regno <angelogioacchino.delregno@collabora.com>
arm64: dts: mt2712-evb: Fix vproc fixed regulators unit names
AngeloGioacchino Del Regno <angelogioacchino.delregno@collabora.com>
arm64: dts: mt2712e: Fix unit address for pinctrl node
AngeloGioacchino Del Regno <angelogioacchino.delregno@collabora.com>
arm64: dts: mt2712e: Fix unit_address_vs_reg warning for oscillators
Yuan Can <yuancan@huawei.com>
perf: arm_dsu: Fix hotplug callback leak in dsu_pmu_init()
Zhang Qilong <zhangqilong3@huawei.com>
soc: ti: smartreflex: Fix PM disable depth imbalance in omap_sr_probe
Kory Maincent <kory.maincent@bootlin.com>
arm: dts: spear600: Fix clcd interrupt
Chen Jiahao <chenjiahao16@huawei.com>
drivers: soc: ti: knav_qmss_queue: Mark knav_acc_firmwares as static
Luca Weiss <luca@z3ntu.xyz>
ARM: dts: qcom: apq8064: fix coresight compatible
Ivaylo Dimitrov <ivo.g.dimitrov.75@gmail.com>
usb: musb: remove extra check in musb_gadget_vbus_draw
Rasmus Villemoes <linux@rasmusvillemoes.dk>
net: loopback: use NET_NAME_PREDICTABLE for name_assign_type
Sungwoo Kim <iam@sung-woo.kim>
Bluetooth: L2CAP: Fix u8 overflow
Tony Nguyen <anthony.l.nguyen@intel.com>
igb: Initialize mailbox message for VF reset
Johan Hovold <johan@kernel.org>
USB: serial: f81534: fix division by zero on line-speed change
Bruno Thomsen <bruno.thomsen@gmail.com>
USB: serial: cp210x: add Kamstrup RF sniffer PIDs
Duke Xin <duke_xinanwen@163.com>
USB: serial: option: add Quectel EM05-G modem
Szymon Heidrich <szymon.heidrich@gmail.com>
usb: gadget: uvc: Prevent buffer overflow in setup handler
Jan Kara <jack@suse.cz>
udf: Fix extending file within last block
Jan Kara <jack@suse.cz>
udf: Do not bother looking for prealloc extents if i_lenExtents matches i_size
Jan Kara <jack@suse.cz>
udf: Fix preallocation discarding at indirect extent boundary
Jan Kara <jack@suse.cz>
udf: Discard preallocation before extending file with a hole
Tony Jones <tonyj@suse.de>
perf script python: Remove explicit shebang from tests/attr.c
Charles Keepax <ckeepax@opensource.cirrus.com>
ASoC: ops: Correct bounds check for second channel on SX controls
Yasushi SHOJI <yasushi.shoji@gmail.com>
can: mcba_usb: Fix termination command argument
Heiko Schocher <hs@denx.de>
can: sja1000: fix size of OCR_MODE_MASK define
Ricardo Ribalda <ribalda@chromium.org>
pinctrl: meditatek: Startup with the IRQs disabled
Mark Brown <broonie@kernel.org>
ASoC: ops: Check bounds for second channel in snd_soc_put_volsw_sx()
Jialiang Wang <wangjialiang0806@163.com>
nfp: fix use-after-free in area_cache_get()
Ming Lei <ming.lei@redhat.com>
block: unhash blkdev part inode when the part is deleted
Jann Horn <jannh@google.com>
mm/khugepaged: invoke MMU notifiers in shmem/file collapse paths
Jann Horn <jannh@google.com>
mm/khugepaged: fix GUP-fast interaction by sending IPI
-------------
Diffstat:
Documentation/driver-api/spi.rst | 4 +-
Documentation/fault-injection/fault-injection.txt | 4 +-
Documentation/sphinx/load_config.py | 6 +-
Makefile | 4 +-
arch/alpha/kernel/entry.S | 4 +-
arch/arm/boot/dts/armada-370.dtsi | 2 +-
arch/arm/boot/dts/armada-375.dtsi | 2 +-
arch/arm/boot/dts/armada-380.dtsi | 4 +-
arch/arm/boot/dts/armada-385-turris-omnia.dts | 18 +-
arch/arm/boot/dts/armada-385.dtsi | 6 +-
arch/arm/boot/dts/armada-39x.dtsi | 6 +-
arch/arm/boot/dts/armada-xp-mv78230.dtsi | 8 +-
arch/arm/boot/dts/armada-xp-mv78260.dtsi | 16 +-
arch/arm/boot/dts/dove.dtsi | 2 +-
arch/arm/boot/dts/qcom-apq8064.dtsi | 2 +-
arch/arm/boot/dts/spear600.dtsi | 2 +-
arch/arm/mach-mmp/time.c | 11 +-
arch/arm/nwfpe/Makefile | 6 +
arch/arm64/boot/dts/mediatek/mt2712-evb.dts | 4 +-
arch/arm64/boot/dts/mediatek/mt2712e.dtsi | 22 +-
arch/arm64/boot/dts/mediatek/mt6797.dtsi | 2 +-
arch/arm64/include/asm/atomic_ll_sc.h | 2 +-
arch/arm64/include/asm/atomic_lse.h | 2 +-
arch/mips/bcm63xx/clk.c | 2 +
arch/mips/kernel/vpe-cmp.c | 4 +-
arch/mips/kernel/vpe-mt.c | 4 +-
arch/parisc/include/uapi/asm/mman.h | 17 +-
arch/parisc/kernel/sys_parisc.c | 27 +
arch/parisc/kernel/syscall_table.S | 2 +-
arch/powerpc/kernel/eeh.c | 6 +-
arch/powerpc/kernel/rtas.c | 20 +-
arch/powerpc/perf/callchain.c | 1 +
arch/powerpc/perf/hv-gpci-requests.h | 4 +
arch/powerpc/perf/hv-gpci.c | 33 +-
arch/powerpc/perf/hv-gpci.h | 1 +
arch/powerpc/perf/req-gen/perf.h | 20 +
arch/powerpc/platforms/52xx/mpc52xx_lpbfifo.c | 1 +
arch/powerpc/platforms/83xx/mpc832x_rdb.c | 2 +-
arch/powerpc/platforms/powernv/eeh-powernv.c | 53 +-
arch/powerpc/platforms/pseries/eeh_pseries.c | 398 ++++--
arch/powerpc/sysdev/xive/spapr.c | 1 +
arch/riscv/include/asm/uaccess.h | 2 +-
arch/riscv/kernel/stacktrace.c | 16 +-
arch/s390/include/asm/percpu.h | 2 +-
arch/x86/boot/bioscall.S | 4 +-
arch/x86/events/intel/uncore_snbep.c | 1 +
arch/x86/ia32/ia32_aout.c | 3 +-
arch/x86/kernel/cpu/bugs.c | 2 +
arch/x86/kernel/cpu/intel_rdt_rdtgroup.c | 26 +-
arch/x86/kernel/cpu/microcode/intel.c | 8 +-
arch/x86/kernel/uprobes.c | 4 +-
arch/x86/xen/smp.c | 41 +-
arch/x86/xen/smp_pv.c | 12 +-
arch/x86/xen/spinlock.c | 6 +-
arch/x86/xen/xen-ops.h | 2 +
block/blk-mq-sysfs.c | 11 +-
block/partition-generic.c | 7 +
crypto/tcrypt.c | 9 -
drivers/acpi/acpica/dsmethod.c | 10 +-
drivers/acpi/acpica/utcopy.c | 7 -
drivers/ata/ahci.c | 32 +-
drivers/ata/pata_ixp4xx_cf.c | 2 +-
drivers/base/class.c | 5 +
drivers/base/dd.c | 17 +-
drivers/base/platform.c | 40 +
drivers/base/power/runtime.c | 18 +-
drivers/block/drbd/drbd_main.c | 3 -
drivers/bluetooth/btusb.c | 6 +-
drivers/bluetooth/hci_bcsp.c | 2 +-
drivers/bluetooth/hci_h5.c | 2 +-
drivers/bluetooth/hci_qca.c | 2 +-
drivers/char/hw_random/amd-rng.c | 18 +-
drivers/char/hw_random/geode-rng.c | 36 +-
drivers/char/ipmi/ipmi_msghandler.c | 12 +-
drivers/char/ipmi/ipmi_si_intf.c | 27 +-
drivers/char/tpm/tpm_crb.c | 31 +-
drivers/char/tpm/tpm_tis.c | 9 +-
drivers/clk/rockchip/clk-pll.c | 1 +
drivers/clk/samsung/clk-pll.c | 1 +
drivers/clk/socfpga/clk-gate.c | 11 +-
drivers/clk/socfpga/clk-periph.c | 8 +-
drivers/clk/socfpga/clk-pll.c | 17 +-
drivers/clk/st/clkgen-fsyn.c | 5 +-
drivers/clocksource/sh_cmt.c | 16 +-
drivers/cpufreq/amd_freq_sensitivity.c | 2 +
drivers/cpuidle/dt_idle_states.c | 2 +-
drivers/crypto/ccree/cc_debugfs.c | 2 +-
drivers/crypto/img-hash.c | 8 +-
drivers/crypto/n2_core.c | 6 +
drivers/dio/dio.c | 8 +
drivers/edac/edac_device.c | 17 +-
drivers/edac/edac_module.h | 2 +-
drivers/firmware/efi/efi.c | 9 +-
drivers/gpu/drm/amd/amdgpu/amdgpu_bios.c | 1 +
drivers/gpu/drm/amd/amdgpu/amdgpu_object.c | 3 +-
drivers/gpu/drm/amd/amdgpu/amdgpu_virt.h | 5 +-
drivers/gpu/drm/drm_connector.c | 3 +
drivers/gpu/drm/fsl-dcu/fsl_dcu_drm_rgb.c | 5 +-
drivers/gpu/drm/radeon/radeon_bios.c | 19 +-
drivers/gpu/drm/sti/sti_dvo.c | 7 +-
drivers/gpu/drm/sti/sti_hda.c | 7 +-
drivers/gpu/drm/sti/sti_hdmi.c | 7 +-
drivers/gpu/drm/tegra/dc.c | 4 +-
drivers/gpu/drm/virtio/virtgpu_ioctl.c | 10 +-
drivers/gpu/drm/vmwgfx/vmwgfx_kms.c | 3 +-
drivers/hid/hid-ids.h | 3 +
drivers/hid/hid-plantronics.c | 9 +
drivers/hid/hid-sensor-custom.c | 2 +-
drivers/hid/wacom_sys.c | 8 +
drivers/hid/wacom_wac.c | 4 +
drivers/hid/wacom_wac.h | 1 +
drivers/hsi/controllers/omap_ssi_core.c | 14 +-
drivers/i2c/busses/i2c-ismt.c | 3 +
drivers/i2c/busses/i2c-pxa-pci.c | 10 +-
drivers/i2c/muxes/i2c-mux-reg.c | 5 +-
drivers/iio/adc/ad_sigma_delta.c | 8 +-
drivers/infiniband/core/nldev.c | 2 +-
drivers/infiniband/hw/hfi1/affinity.c | 2 +
drivers/infiniband/hw/hfi1/firmware.c | 6 +
drivers/infiniband/hw/mlx5/qp.c | 49 +-
drivers/infiniband/sw/rxe/rxe_qp.c | 6 +-
drivers/infiniband/ulp/ipoib/ipoib_netlink.c | 7 +
drivers/input/touchscreen/elants_i2c.c | 9 +-
drivers/iommu/amd_iommu_init.c | 7 +
drivers/iommu/amd_iommu_v2.c | 1 +
drivers/iommu/fsl_pamu.c | 2 +-
drivers/iommu/mtk_iommu_v1.c | 26 +-
drivers/irqchip/irq-gic-pm.c | 2 +-
drivers/isdn/hardware/mISDN/hfcmulti.c | 19 +-
drivers/isdn/hardware/mISDN/hfcpci.c | 13 +-
drivers/isdn/hardware/mISDN/hfcsusb.c | 12 +-
drivers/macintosh/macio-adb.c | 4 +
drivers/macintosh/macio_asic.c | 2 +-
drivers/mcb/mcb-core.c | 4 +-
drivers/mcb/mcb-parse.c | 2 +-
drivers/md/dm-cache-metadata.c | 54 +-
drivers/md/dm-cache-target.c | 11 +-
drivers/md/dm-thin-metadata.c | 9 +
drivers/md/dm-thin.c | 18 +-
drivers/md/md-bitmap.c | 47 +-
drivers/md/md.c | 9 +-
drivers/md/raid1.c | 1 +
drivers/media/dvb-core/dmxdev.c | 8 +
drivers/media/dvb-core/dvb_ca_en50221.c | 2 +-
drivers/media/dvb-core/dvb_frontend.c | 10 +-
drivers/media/dvb-core/dvbdev.c | 33 +-
drivers/media/dvb-frontends/bcm3510.c | 1 +
drivers/media/dvb-frontends/stv0288.c | 5 +-
drivers/media/i2c/ad5820.c | 10 +-
drivers/media/pci/saa7164/saa7164-core.c | 4 +-
drivers/media/pci/solo6x10/solo6x10-core.c | 1 +
drivers/media/platform/coda/coda-bit.c | 14 +-
drivers/media/platform/exynos4-is/fimc-core.c | 2 +-
drivers/media/platform/exynos4-is/media-dev.c | 6 +-
drivers/media/platform/qcom/camss/camss-video.c | 3 +-
drivers/media/platform/s5p-mfc/s5p_mfc.c | 17 +-
drivers/media/platform/s5p-mfc/s5p_mfc_ctrl.c | 4 +-
drivers/media/platform/s5p-mfc/s5p_mfc_enc.c | 12 +-
drivers/media/platform/s5p-mfc/s5p_mfc_opr_v6.c | 14 +-
.../media/platform/sti/c8sectpfe/c8sectpfe-core.c | 1 +
drivers/media/platform/vivid/vivid-vid-cap.c | 1 +
drivers/media/radio/si470x/radio-si470x-usb.c | 4 +-
drivers/media/rc/imon.c | 6 +-
drivers/media/usb/dvb-usb/az6027.c | 4 +
drivers/media/usb/dvb-usb/dvb-usb-init.c | 4 +-
drivers/misc/cxl/guest.c | 24 +-
drivers/misc/cxl/pci.c | 21 +-
drivers/misc/sgi-gru/grufault.c | 13 +-
drivers/misc/sgi-gru/grumain.c | 22 +-
drivers/misc/sgi-gru/grutables.h | 2 +-
drivers/misc/tifm_7xx1.c | 2 +-
drivers/mmc/host/atmel-mci.c | 9 +-
drivers/mmc/host/meson-gx-mmc.c | 4 +-
drivers/mmc/host/mmci.c | 4 +-
drivers/mmc/host/moxart-mmc.c | 4 +-
drivers/mmc/host/mxcmmc.c | 4 +-
drivers/mmc/host/rtsx_usb_sdmmc.c | 11 +-
drivers/mmc/host/sdhci_f_sdh30.c | 3 +
drivers/mmc/host/toshsd.c | 6 +-
drivers/mmc/host/via-sdmmc.c | 4 +-
drivers/mmc/host/vub300.c | 13 +-
drivers/mmc/host/wbsd.c | 12 +-
drivers/mmc/host/wmt-sdmmc.c | 6 +-
drivers/mtd/lpddr/lpddr2_nvm.c | 2 +
drivers/mtd/maps/pxa2xx-flash.c | 2 +
drivers/mtd/mtdcore.c | 4 +-
drivers/net/bonding/bond_main.c | 49 +-
drivers/net/can/usb/kvaser_usb/kvaser_usb.h | 30 +-
drivers/net/can/usb/kvaser_usb/kvaser_usb_core.c | 115 +-
drivers/net/can/usb/kvaser_usb/kvaser_usb_hydra.c | 167 ++-
drivers/net/can/usb/kvaser_usb/kvaser_usb_leaf.c | 437 +++++-
drivers/net/can/usb/mcba_usb.c | 10 +-
drivers/net/dsa/lan9303-core.c | 4 +-
drivers/net/ethernet/amd/atarilance.c | 2 +-
drivers/net/ethernet/amd/lance.c | 2 +-
drivers/net/ethernet/amd/xgbe/xgbe-drv.c | 3 +
drivers/net/ethernet/amd/xgbe/xgbe-i2c.c | 4 +-
drivers/net/ethernet/amd/xgbe/xgbe-mdio.c | 4 +-
drivers/net/ethernet/amd/xgbe/xgbe-phy-v2.c | 23 +-
drivers/net/ethernet/apple/bmac.c | 2 +-
drivers/net/ethernet/apple/mace.c | 2 +-
drivers/net/ethernet/dnet.c | 4 +-
drivers/net/ethernet/intel/igb/igb_main.c | 10 +-
.../net/ethernet/mellanox/mlx5/core/lib/clock.c | 4 +-
drivers/net/ethernet/myricom/myri10ge/myri10ge.c | 1 +
drivers/net/ethernet/neterion/s2io.c | 2 +-
.../ethernet/netronome/nfp/nfpcore/nfp_cppcore.c | 3 +-
.../net/ethernet/qlogic/qlcnic/qlcnic_83xx_init.c | 8 +-
drivers/net/ethernet/qlogic/qlcnic/qlcnic_dcb.h | 10 +-
drivers/net/ethernet/qlogic/qlcnic/qlcnic_main.c | 8 +-
.../ethernet/qlogic/qlcnic/qlcnic_sriov_common.c | 2 +
drivers/net/ethernet/rdc/r6040.c | 5 +-
drivers/net/ethernet/renesas/ravb_main.c | 2 +-
.../net/ethernet/stmicro/stmmac/stmmac_hwtstamp.c | 3 +-
drivers/net/ethernet/stmicro/stmmac/stmmac_ptp.h | 2 +-
drivers/net/ethernet/ti/netcp_core.c | 2 +-
drivers/net/ethernet/xilinx/xilinx_emaclite.c | 2 +-
drivers/net/fddi/defxx.c | 22 +-
drivers/net/hamradio/baycom_epp.c | 2 +-
drivers/net/hamradio/scc.c | 6 +-
drivers/net/loopback.c | 2 +-
drivers/net/ntb_netdev.c | 4 +-
drivers/net/phy/xilinx_gmii2rgmii.c | 1 +
drivers/net/ppp/ppp_generic.c | 2 +
drivers/net/usb/rndis_host.c | 3 +-
drivers/net/wan/farsync.c | 2 +
drivers/net/wireless/ath/ar5523/ar5523.c | 6 +
drivers/net/wireless/ath/ath10k/pci.c | 20 +-
drivers/net/wireless/ath/ath9k/hif_usb.c | 46 +-
.../broadcom/brcm80211/brcmfmac/firmware.c | 5 +
.../wireless/broadcom/brcm80211/brcmfmac/pcie.c | 2 +-
.../wireless/broadcom/brcm80211/brcmfmac/sdio.c | 1 +
drivers/net/wireless/realtek/rtl8xxxu/rtl8xxxu.h | 11 +-
.../net/wireless/realtek/rtl8xxxu/rtl8xxxu_core.c | 18 +-
drivers/net/wireless/rsi/rsi_91x_core.c | 4 +-
drivers/net/wireless/rsi/rsi_91x_hal.c | 6 +-
drivers/nfc/pn533/pn533.c | 4 +
drivers/nfc/pn533/usb.c | 44 +-
drivers/parisc/led.c | 3 +
drivers/pci/irq.c | 2 +
drivers/pci/pci-sysfs.c | 13 +-
drivers/pci/pci.c | 2 +
drivers/perf/arm_dsu_pmu.c | 6 +-
drivers/pinctrl/mediatek/mtk-eint.c | 9 +-
drivers/pinctrl/pinconf-generic.c | 4 +-
drivers/platform/x86/mxm-wmi.c | 8 +-
drivers/platform/x86/sony-laptop.c | 21 +-
drivers/pnp/core.c | 4 +-
drivers/power/avs/smartreflex.c | 1 +
drivers/power/supply/power_supply_core.c | 2 +-
drivers/rapidio/devices/rio_mport_cdev.c | 15 +-
drivers/rapidio/rio-scan.c | 8 +-
drivers/rapidio/rio.c | 9 +-
drivers/regulator/core.c | 10 +-
drivers/regulator/da9211-regulator.c | 11 +-
drivers/remoteproc/Kconfig | 27 +-
drivers/remoteproc/Makefile | 2 +-
.../{qcom_adsp_pil.c => qcom_q6v5_pas.c} | 5 +-
drivers/rtc/rtc-cmos.c | 366 ++---
drivers/rtc/rtc-mxc_v2.c | 4 +-
drivers/rtc/rtc-snvs.c | 16 +-
drivers/rtc/rtc-st-lpc.c | 1 +
drivers/s390/net/ctcm_main.c | 11 +-
drivers/s390/net/lcs.c | 8 +-
drivers/s390/net/netiucv.c | 9 +-
drivers/scsi/fcoe/fcoe.c | 1 +
drivers/scsi/fcoe/fcoe_sysfs.c | 19 +-
drivers/scsi/hpsa.c | 31 +-
drivers/scsi/hpsa.h | 1 +
drivers/scsi/ipr.c | 10 +-
drivers/scsi/mpt3sas/mpt3sas_base.c | 1065 +++++++--------
drivers/scsi/mpt3sas/mpt3sas_base.h | 9 +
drivers/scsi/mpt3sas/mpt3sas_config.c | 48 +-
drivers/scsi/mpt3sas/mpt3sas_ctl.c | 493 +++----
drivers/scsi/mpt3sas/mpt3sas_scsih.c | 1425 +++++++++-----------
drivers/scsi/mpt3sas/mpt3sas_transport.c | 315 ++---
drivers/scsi/mpt3sas/mpt3sas_trigger_diag.c | 101 +-
drivers/scsi/mpt3sas/mpt3sas_warpdrive.c | 70 +-
drivers/scsi/scsi_debug.c | 2 +-
drivers/scsi/snic/snic_disc.c | 3 +
drivers/soc/qcom/Kconfig | 1 +
drivers/soc/ti/knav_qmss_queue.c | 2 +-
drivers/soc/ux500/ux500-soc-id.c | 10 +-
drivers/staging/rtl8192e/rtllib_rx.c | 2 +-
drivers/staging/rtl8192u/ieee80211/ieee80211_rx.c | 4 +-
drivers/staging/wilc1000/wilc_sdio.c | 1 +
drivers/tty/hvc/hvc_xen.c | 46 +-
drivers/tty/serial/altera_uart.c | 21 +-
drivers/tty/serial/amba-pl011.c | 14 +-
drivers/tty/serial/pch_uart.c | 4 +
drivers/tty/serial/serial-tegra.c | 388 +++++-
drivers/tty/serial/sunsab.c | 8 +-
drivers/uio/uio_dmem_genirq.c | 13 +-
drivers/usb/dwc3/core.c | 7 +-
drivers/usb/gadget/function/f_hid.c | 271 +++-
drivers/usb/gadget/function/f_uvc.c | 5 +-
drivers/usb/gadget/function/u_hid.h | 1 +
drivers/usb/gadget/udc/fotg210-udc.c | 12 +-
drivers/usb/musb/musb_gadget.c | 2 -
drivers/usb/serial/cp210x.c | 2 +
drivers/usb/serial/f81534.c | 12 +-
drivers/usb/serial/option.c | 3 +
drivers/usb/storage/alauda.c | 2 +
drivers/usb/typec/bus.c | 2 +-
drivers/vfio/platform/vfio_platform_common.c | 3 +-
drivers/video/fbdev/Kconfig | 1 -
drivers/video/fbdev/pm2fb.c | 9 +-
drivers/video/fbdev/uvesafb.c | 1 +
drivers/video/fbdev/vermilion/vermilion.c | 4 +-
drivers/video/fbdev/via/via-core.c | 9 +-
drivers/vme/bridges/vme_fake.c | 2 +
drivers/vme/bridges/vme_tsi148.c | 1 +
drivers/xen/events/events_base.c | 10 +-
drivers/xen/privcmd.c | 2 +-
fs/binfmt_aout.c | 2 +-
fs/binfmt_elf_fdpic.c | 7 +-
fs/binfmt_flat.c | 3 +-
fs/binfmt_misc.c | 8 +-
fs/btrfs/ioctl.c | 9 +-
fs/btrfs/rcu-string.h | 6 +-
fs/btrfs/send.c | 11 +-
fs/char_dev.c | 2 +-
fs/cifs/connect.c | 4 +-
fs/cifs/link.c | 1 +
fs/debugfs/file.c | 28 +-
fs/ext4/ext4.h | 10 +-
fs/ext4/extents.c | 139 +-
fs/ext4/extents_status.c | 389 +++++-
fs/ext4/extents_status.h | 76 +-
fs/ext4/indirect.c | 9 +-
fs/ext4/inode.c | 132 +-
fs/ext4/ioctl.c | 10 +-
fs/ext4/namei.c | 3 +
fs/ext4/resize.c | 6 +-
fs/ext4/super.c | 58 +-
fs/ext4/xattr.c | 182 +--
fs/ext4/xattr.h | 1 +
fs/f2fs/segment.c | 2 +-
fs/hfs/inode.c | 13 +-
fs/hfs/trans.c | 2 +-
fs/hfsplus/hfsplus_fs.h | 2 +
fs/hfsplus/inode.c | 16 +-
fs/hfsplus/options.c | 4 +
fs/jfs/jfs_dmap.c | 27 +-
fs/libfs.c | 22 +-
fs/mbcache.c | 121 +-
fs/nfs/nfs4proc.c | 19 +-
fs/nfs/nfs4state.c | 2 +
fs/nfs/nfs4xdr.c | 10 +-
fs/nfsd/nfs4callback.c | 4 +-
fs/nfsd/nfs4xdr.c | 11 +
fs/nilfs2/the_nilfs.c | 31 +-
fs/ocfs2/stackglue.c | 8 +-
fs/orangefs/orangefs-debugfs.c | 3 +
fs/orangefs/orangefs-mod.c | 8 +-
fs/overlayfs/dir.c | 46 +-
fs/pnode.c | 2 +-
fs/pstore/Kconfig | 1 +
fs/pstore/pmsg.c | 7 +-
fs/pstore/ram.c | 2 +
fs/pstore/ram_core.c | 6 +-
fs/quota/dquot.c | 110 +-
fs/reiserfs/namei.c | 4 +
fs/reiserfs/xattr_security.c | 2 +-
fs/sysv/itree.c | 2 +-
fs/udf/inode.c | 76 +-
fs/udf/namei.c | 8 +-
fs/udf/truncate.c | 48 +-
fs/xattr.c | 2 +-
include/asm-generic/tlb.h | 6 +
include/linux/can/platform/sja1000.h | 2 +-
include/linux/debugfs.h | 19 +-
include/linux/eventfd.h | 2 +-
include/linux/fs.h | 12 +-
include/linux/mbcache.h | 41 +-
include/linux/platform_device.h | 6 +
include/linux/proc_fs.h | 2 +
include/linux/quotaops.h | 2 +
include/linux/sunrpc/rpc_pipe_fs.h | 5 +
include/linux/timerqueue.h | 2 +-
include/media/dvbdev.h | 32 +-
include/net/mrp.h | 1 +
include/trace/events/ext4.h | 39 +-
include/uapi/linux/swab.h | 2 +-
include/uapi/sound/asequencer.h | 8 +-
kernel/acct.c | 2 +
kernel/events/core.c | 8 +-
kernel/gcov/gcc_4_7.c | 5 +
kernel/relay.c | 4 +-
kernel/trace/blktrace.c | 3 +-
kernel/trace/trace.c | 15 +-
kernel/trace/trace_events_hist.c | 2 +-
lib/notifier-error-inject.c | 2 +-
lib/test_firmware.c | 1 +
mm/khugepaged.c | 24 +-
mm/memory.c | 5 +
net/802/mrp.c | 18 +-
net/bluetooth/hci_core.c | 2 +-
net/bluetooth/l2cap_core.c | 3 +-
net/bluetooth/rfcomm/core.c | 2 +-
net/caif/cfctrl.c | 6 +-
net/core/filter.c | 11 +-
net/core/skbuff.c | 3 +
net/core/stream.c | 6 +
net/ipv4/inet_connection_sock.c | 16 +-
net/ipv4/udp_tunnel.c | 1 +
net/ipv6/raw.c | 4 +
net/mac80211/iface.c | 1 +
net/netfilter/ipset/ip_set_bitmap_ip.c | 4 +-
net/nfc/netlink.c | 52 +-
net/openvswitch/datapath.c | 25 +-
net/rxrpc/sendmsg.c | 2 +-
net/sched/ematch.c | 2 +
net/sched/sch_api.c | 8 +-
net/sched/sch_atm.c | 5 +-
net/sunrpc/auth_gss/auth_gss.c | 19 +-
net/sunrpc/auth_gss/svcauth_gss.c | 9 +-
net/sunrpc/clnt.c | 2 +-
net/vmw_vsock/vmci_transport.c | 6 +-
net/wireless/reg.c | 4 +-
samples/vfio-mdev/mdpy-fb.c | 8 +-
security/apparmor/apparmorfs.c | 4 +-
security/apparmor/policy.c | 2 +-
security/apparmor/policy_unpack.c | 2 +-
security/device_cgroup.c | 33 +-
security/integrity/ima/ima_template.c | 9 +-
sound/core/control_compat.c | 4 +
sound/drivers/mts64.c | 3 +
sound/pci/asihpi/hpioctl.c | 2 +-
sound/pci/hda/patch_hdmi.c | 36 +-
sound/pci/hda/patch_realtek.c | 350 ++++-
sound/soc/codecs/pcm512x.c | 8 +-
sound/soc/codecs/rt298.c | 7 +
sound/soc/codecs/rt5670.c | 2 -
sound/soc/codecs/wm8994.c | 5 +
sound/soc/intel/boards/bytcr_rt5640.c | 15 +
sound/soc/mediatek/mt8173/mt8173-rt5650-rt5514.c | 7 +-
sound/soc/pxa/mmp-pcm.c | 2 +-
sound/soc/rockchip/rockchip_pdm.c | 1 +
sound/soc/rockchip/rockchip_spdif.c | 1 +
sound/soc/soc-ops.c | 9 +-
sound/usb/line6/driver.c | 3 +-
sound/usb/line6/midi.c | 6 +-
sound/usb/line6/midibuf.c | 25 +-
sound/usb/line6/midibuf.h | 5 +-
sound/usb/line6/pod.c | 3 +-
tools/arch/parisc/include/uapi/asm/mman.h | 12 +-
tools/perf/bench/bench.h | 12 -
tools/perf/tests/attr.py | 1 -
tools/perf/util/auxtrace.c | 2 +-
tools/perf/util/debug.c | 4 +
tools/perf/util/dwarf-aux.c | 23 +-
tools/perf/util/symbol-elf.c | 2 +-
tools/testing/ktest/ktest.pl | 102 +-
.../ftrace/test.d/ftrace/func_event_triggers.tc | 15 +-
tools/testing/selftests/lib.mk | 5 +
.../selftests/powerpc/dscr/dscr_sysfs_test.c | 5 +-
tools/testing/selftests/proc/proc-uptime-002.c | 3 +-
458 files changed, 7143 insertions(+), 4041 deletions(-)
^ permalink raw reply [flat|nested] 529+ messages in thread
* [PATCH 4.19 001/521] mm/khugepaged: fix GUP-fast interaction by sending IPI
2023-01-16 15:44 [PATCH 4.19 000/521] 4.19.270-rc1 review Greg Kroah-Hartman
@ 2023-01-16 15:44 ` Greg Kroah-Hartman
2023-01-16 15:44 ` [PATCH 4.19 002/521] mm/khugepaged: invoke MMU notifiers in shmem/file collapse paths Greg Kroah-Hartman
` (523 subsequent siblings)
524 siblings, 0 replies; 529+ messages in thread
From: Greg Kroah-Hartman @ 2023-01-16 15:44 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Jann Horn, Yang Shi,
David Hildenbrand, John Hubbard, Peter Xu, Andrew Morton
From: Jann Horn <jannh@google.com>
commit 2ba99c5e08812494bc57f319fb562f527d9bacd8 upstream.
Since commit 70cbc3cc78a99 ("mm: gup: fix the fast GUP race against THP
collapse"), the lockless_pages_from_mm() fastpath rechecks the pmd_t to
ensure that the page table was not removed by khugepaged in between.
However, lockless_pages_from_mm() still requires that the page table is
not concurrently freed. Fix it by sending IPIs (if the architecture uses
semi-RCU-style page table freeing) before freeing/reusing page tables.
Link: https://lkml.kernel.org/r/20221129154730.2274278-2-jannh@google.com
Link: https://lkml.kernel.org/r/20221128180252.1684965-2-jannh@google.com
Link: https://lkml.kernel.org/r/20221125213714.4115729-2-jannh@google.com
Fixes: ba76149f47d8 ("thp: khugepaged")
Signed-off-by: Jann Horn <jannh@google.com>
Reviewed-by: Yang Shi <shy828301@gmail.com>
Acked-by: David Hildenbrand <david@redhat.com>
Cc: John Hubbard <jhubbard@nvidia.com>
Cc: Peter Xu <peterx@redhat.com>
Cc: <stable@vger.kernel.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
[manual backport: two of the three places in khugepaged that can free
ptes were refactored into a common helper between 5.15 and 6.0;
TLB flushing was refactored between 5.4 and 5.10;
TLB flushing was refactored between 4.19 and 5.4;
pmd collapse for PTE-mapped THP was only added in 5.4;
ugly hack needed in <=4.19 for s390 and arm]
Signed-off-by: Jann Horn <jannh@google.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
include/asm-generic/tlb.h | 6 ++++++
mm/khugepaged.c | 15 +++++++++++++++
mm/memory.c | 5 +++++
3 files changed, 26 insertions(+)
--- a/include/asm-generic/tlb.h
+++ b/include/asm-generic/tlb.h
@@ -61,6 +61,12 @@ struct mmu_table_batch {
extern void tlb_table_flush(struct mmu_gather *tlb);
extern void tlb_remove_table(struct mmu_gather *tlb, void *table);
+void tlb_remove_table_sync_one(void);
+
+#else
+
+static inline void tlb_remove_table_sync_one(void) { }
+
#endif
/*
--- a/mm/khugepaged.c
+++ b/mm/khugepaged.c
@@ -23,6 +23,19 @@
#include <asm/pgalloc.h>
#include "internal.h"
+/* gross hack for <=4.19 stable */
+#if defined(CONFIG_S390) || defined(CONFIG_ARM)
+static void tlb_remove_table_smp_sync(void *arg)
+{
+ /* Simply deliver the interrupt */
+}
+
+static void tlb_remove_table_sync_one(void)
+{
+ smp_call_function(tlb_remove_table_smp_sync, NULL, 1);
+}
+#endif
+
enum scan_result {
SCAN_FAIL,
SCAN_SUCCEED,
@@ -1045,6 +1058,7 @@ static void collapse_huge_page(struct mm
_pmd = pmdp_collapse_flush(vma, address, pmd);
spin_unlock(pmd_ptl);
mmu_notifier_invalidate_range_end(mm, mmun_start, mmun_end);
+ tlb_remove_table_sync_one();
spin_lock(pte_ptl);
isolated = __collapse_huge_page_isolate(vma, address, pte);
@@ -1294,6 +1308,7 @@ static void retract_page_tables(struct a
_pmd = pmdp_collapse_flush(vma, addr, pmd);
spin_unlock(ptl);
mm_dec_nr_ptes(mm);
+ tlb_remove_table_sync_one();
pte_free(mm, pmd_pgtable(_pmd));
}
up_write(&mm->mmap_sem);
--- a/mm/memory.c
+++ b/mm/memory.c
@@ -362,6 +362,11 @@ static void tlb_remove_table_smp_sync(vo
/* Simply deliver the interrupt */
}
+void tlb_remove_table_sync_one(void)
+{
+ smp_call_function(tlb_remove_table_smp_sync, NULL, 1);
+}
+
static void tlb_remove_table_one(void *table)
{
/*
^ permalink raw reply [flat|nested] 529+ messages in thread
* [PATCH 4.19 002/521] mm/khugepaged: invoke MMU notifiers in shmem/file collapse paths
2023-01-16 15:44 [PATCH 4.19 000/521] 4.19.270-rc1 review Greg Kroah-Hartman
2023-01-16 15:44 ` [PATCH 4.19 001/521] mm/khugepaged: fix GUP-fast interaction by sending IPI Greg Kroah-Hartman
@ 2023-01-16 15:44 ` Greg Kroah-Hartman
2023-01-16 15:44 ` [PATCH 4.19 003/521] block: unhash blkdev part inode when the part is deleted Greg Kroah-Hartman
` (522 subsequent siblings)
524 siblings, 0 replies; 529+ messages in thread
From: Greg Kroah-Hartman @ 2023-01-16 15:44 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Jann Horn, David Hildenbrand,
Yang Shi, John Hubbard, Peter Xu, Andrew Morton
From: Jann Horn <jannh@google.com>
commit f268f6cf875f3220afc77bdd0bf1bb136eb54db9 upstream.
Any codepath that zaps page table entries must invoke MMU notifiers to
ensure that secondary MMUs (like KVM) don't keep accessing pages which
aren't mapped anymore. Secondary MMUs don't hold their own references to
pages that are mirrored over, so failing to notify them can lead to page
use-after-free.
I'm marking this as addressing an issue introduced in commit f3f0e1d2150b
("khugepaged: add support of collapse for tmpfs/shmem pages"), but most of
the security impact of this only came in commit 27e1f8273113 ("khugepaged:
enable collapse pmd for pte-mapped THP"), which actually omitted flushes
for the removal of present PTEs, not just for the removal of empty page
tables.
Link: https://lkml.kernel.org/r/20221129154730.2274278-3-jannh@google.com
Link: https://lkml.kernel.org/r/20221128180252.1684965-3-jannh@google.com
Link: https://lkml.kernel.org/r/20221125213714.4115729-3-jannh@google.com
Fixes: f3f0e1d2150b ("khugepaged: add support of collapse for tmpfs/shmem pages")
Signed-off-by: Jann Horn <jannh@google.com>
Acked-by: David Hildenbrand <david@redhat.com>
Reviewed-by: Yang Shi <shy828301@gmail.com>
Cc: John Hubbard <jhubbard@nvidia.com>
Cc: Peter Xu <peterx@redhat.com>
Cc: <stable@vger.kernel.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
[manual backport: this code was refactored from two copies into a common
helper between 5.15 and 6.0;
pmd collapse for PTE-mapped THP was only added in 5.4;
MMU notifier API changed between 4.19 and 5.4]
Signed-off-by: Jann Horn <jannh@google.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
mm/khugepaged.c | 9 ++++++++-
1 file changed, 8 insertions(+), 1 deletion(-)
--- a/mm/khugepaged.c
+++ b/mm/khugepaged.c
@@ -1303,13 +1303,20 @@ static void retract_page_tables(struct a
*/
if (down_write_trylock(&mm->mmap_sem)) {
if (!khugepaged_test_exit(mm)) {
- spinlock_t *ptl = pmd_lock(mm, pmd);
+ spinlock_t *ptl;
+ unsigned long end = addr + HPAGE_PMD_SIZE;
+
+ mmu_notifier_invalidate_range_start(mm, addr,
+ end);
+ ptl = pmd_lock(mm, pmd);
/* assume page table is clear */
_pmd = pmdp_collapse_flush(vma, addr, pmd);
spin_unlock(ptl);
mm_dec_nr_ptes(mm);
tlb_remove_table_sync_one();
pte_free(mm, pmd_pgtable(_pmd));
+ mmu_notifier_invalidate_range_end(mm, addr,
+ end);
}
up_write(&mm->mmap_sem);
}
^ permalink raw reply [flat|nested] 529+ messages in thread
* [PATCH 4.19 003/521] block: unhash blkdev part inode when the part is deleted
2023-01-16 15:44 [PATCH 4.19 000/521] 4.19.270-rc1 review Greg Kroah-Hartman
2023-01-16 15:44 ` [PATCH 4.19 001/521] mm/khugepaged: fix GUP-fast interaction by sending IPI Greg Kroah-Hartman
2023-01-16 15:44 ` [PATCH 4.19 002/521] mm/khugepaged: invoke MMU notifiers in shmem/file collapse paths Greg Kroah-Hartman
@ 2023-01-16 15:44 ` Greg Kroah-Hartman
2023-01-16 15:44 ` [PATCH 4.19 004/521] nfp: fix use-after-free in area_cache_get() Greg Kroah-Hartman
` (521 subsequent siblings)
524 siblings, 0 replies; 529+ messages in thread
From: Greg Kroah-Hartman @ 2023-01-16 15:44 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Shiwei Cui, Christoph Hellwig,
Jan Kara, Ming Lei
From: Ming Lei <ming.lei@redhat.com>
v5.11 changes the blkdev lookup mechanism completely since commit
22ae8ce8b892 ("block: simplify bdev/disk lookup in blkdev_get"),
and small part of the change is to unhash part bdev inode when
deleting partition. Turns out this kind of change does fix one
nasty issue in case of BLOCK_EXT_MAJOR:
1) when one partition is deleted & closed, disk_put_part() is always
called before bdput(bdev), see blkdev_put(); so the part's devt can
be freed & re-used before the inode is dropped
2) then new partition with same devt can be created just before the
inode in 1) is dropped, then the old inode/bdev structurein 1) is
re-used for this new partition, this way causes use-after-free and
kernel panic.
It isn't possible to backport the whole big patchset of "merge struct
block_device and struct hd_struct v4" for addressing this issue.
https://lore.kernel.org/linux-block/20201128161510.347752-1-hch@lst.de/
So fixes it by unhashing part bdev in delete_partition(), and this way
is actually aligned with v5.11+'s behavior.
Backported from the following 5.10.y commit:
5f2f77560591 ("block: unhash blkdev part inode when the part is deleted")
Reported-by: Shiwei Cui <cuishw@inspur.com>
Tested-by: Shiwei Cui <cuishw@inspur.com>
Cc: Christoph Hellwig <hch@lst.de>
Cc: Jan Kara <jack@suse.cz>
Signed-off-by: Ming Lei <ming.lei@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
block/partition-generic.c | 7 +++++++
1 file changed, 7 insertions(+)
--- a/block/partition-generic.c
+++ b/block/partition-generic.c
@@ -276,6 +276,7 @@ void delete_partition(struct gendisk *di
struct disk_part_tbl *ptbl =
rcu_dereference_protected(disk->part_tbl, 1);
struct hd_struct *part;
+ struct block_device *bdev;
if (partno >= ptbl->len)
return;
@@ -296,6 +297,12 @@ void delete_partition(struct gendisk *di
* "in-use" until we really free the gendisk.
*/
blk_invalidate_devt(part_devt(part));
+
+ bdev = bdget(part_devt(part));
+ if (bdev) {
+ remove_inode_hash(bdev->bd_inode);
+ bdput(bdev);
+ }
hd_struct_kill(part);
}
^ permalink raw reply [flat|nested] 529+ messages in thread
* [PATCH 4.19 004/521] nfp: fix use-after-free in area_cache_get()
2023-01-16 15:44 [PATCH 4.19 000/521] 4.19.270-rc1 review Greg Kroah-Hartman
` (2 preceding siblings ...)
2023-01-16 15:44 ` [PATCH 4.19 003/521] block: unhash blkdev part inode when the part is deleted Greg Kroah-Hartman
@ 2023-01-16 15:44 ` Greg Kroah-Hartman
2023-01-16 15:44 ` [PATCH 4.19 005/521] ASoC: ops: Check bounds for second channel in snd_soc_put_volsw_sx() Greg Kroah-Hartman
` (520 subsequent siblings)
524 siblings, 0 replies; 529+ messages in thread
From: Greg Kroah-Hartman @ 2023-01-16 15:44 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Jialiang Wang, Yinjun Zhang,
Simon Horman, Jakub Kicinski
From: Jialiang Wang <wangjialiang0806@163.com>
commit 02e1a114fdb71e59ee6770294166c30d437bf86a upstream.
area_cache_get() is used to distribute cache->area and set cache->id,
and if cache->id is not 0 and cache->area->kref refcount is 0, it will
release the cache->area by nfp_cpp_area_release(). area_cache_get()
set cache->id before cpp->op->area_init() and nfp_cpp_area_acquire().
But if area_init() or nfp_cpp_area_acquire() fails, the cache->id is
is already set but the refcount is not increased as expected. At this
time, calling the nfp_cpp_area_release() will cause use-after-free.
To avoid the use-after-free, set cache->id after area_init() and
nfp_cpp_area_acquire() complete successfully.
Note: This vulnerability is triggerable by providing emulated device
equipped with specified configuration.
BUG: KASAN: use-after-free in nfp6000_area_init (drivers/net/ethernet/netronome/nfp/nfpcore/nfp6000_pcie.c:760)
Write of size 4 at addr ffff888005b7f4a0 by task swapper/0/1
Call Trace:
<TASK>
nfp6000_area_init (drivers/net/ethernet/netronome/nfp/nfpcore/nfp6000_pcie.c:760)
area_cache_get.constprop.8 (drivers/net/ethernet/netronome/nfp/nfpcore/nfp_cppcore.c:884)
Allocated by task 1:
nfp_cpp_area_alloc_with_name (drivers/net/ethernet/netronome/nfp/nfpcore/nfp_cppcore.c:303)
nfp_cpp_area_cache_add (drivers/net/ethernet/netronome/nfp/nfpcore/nfp_cppcore.c:802)
nfp6000_init (drivers/net/ethernet/netronome/nfp/nfpcore/nfp6000_pcie.c:1230)
nfp_cpp_from_operations (drivers/net/ethernet/netronome/nfp/nfpcore/nfp_cppcore.c:1215)
nfp_pci_probe (drivers/net/ethernet/netronome/nfp/nfp_main.c:744)
Freed by task 1:
kfree (mm/slub.c:4562)
area_cache_get.constprop.8 (drivers/net/ethernet/netronome/nfp/nfpcore/nfp_cppcore.c:873)
nfp_cpp_read (drivers/net/ethernet/netronome/nfp/nfpcore/nfp_cppcore.c:924 drivers/net/ethernet/netronome/nfp/nfpcore/nfp_cppcore.c:973)
nfp_cpp_readl (drivers/net/ethernet/netronome/nfp/nfpcore/nfp_cpplib.c:48)
Signed-off-by: Jialiang Wang <wangjialiang0806@163.com>
Reviewed-by: Yinjun Zhang <yinjun.zhang@corigine.com>
Acked-by: Simon Horman <simon.horman@corigine.com>
Link: https://lore.kernel.org/r/20220810073057.4032-1-wangjialiang0806@163.com
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/net/ethernet/netronome/nfp/nfpcore/nfp_cppcore.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
--- a/drivers/net/ethernet/netronome/nfp/nfpcore/nfp_cppcore.c
+++ b/drivers/net/ethernet/netronome/nfp/nfpcore/nfp_cppcore.c
@@ -874,7 +874,6 @@ area_cache_get(struct nfp_cpp *cpp, u32
}
/* Adjust the start address to be cache size aligned */
- cache->id = id;
cache->addr = addr & ~(u64)(cache->size - 1);
/* Re-init to the new ID and address */
@@ -894,6 +893,8 @@ area_cache_get(struct nfp_cpp *cpp, u32
return NULL;
}
+ cache->id = id;
+
exit:
/* Adjust offset */
*offset = addr - cache->addr;
^ permalink raw reply [flat|nested] 529+ messages in thread
* [PATCH 4.19 005/521] ASoC: ops: Check bounds for second channel in snd_soc_put_volsw_sx()
2023-01-16 15:44 [PATCH 4.19 000/521] 4.19.270-rc1 review Greg Kroah-Hartman
` (3 preceding siblings ...)
2023-01-16 15:44 ` [PATCH 4.19 004/521] nfp: fix use-after-free in area_cache_get() Greg Kroah-Hartman
@ 2023-01-16 15:44 ` Greg Kroah-Hartman
2023-01-16 15:44 ` [PATCH 4.19 006/521] pinctrl: meditatek: Startup with the IRQs disabled Greg Kroah-Hartman
` (519 subsequent siblings)
524 siblings, 0 replies; 529+ messages in thread
From: Greg Kroah-Hartman @ 2023-01-16 15:44 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Mark Brown, Sasha Levin
From: Mark Brown <broonie@kernel.org>
[ Upstream commit 97eea946b93961fffd29448dcda7398d0d51c4b2 ]
The bounds checks in snd_soc_put_volsw_sx() are only being applied to the
first channel, meaning it is possible to write out of bounds values to the
second channel in stereo controls. Add appropriate checks.
Signed-off-by: Mark Brown <broonie@kernel.org>
Link: https://lore.kernel.org/r/20220511134137.169575-2-broonie@kernel.org
Signed-off-by: Mark Brown <broonie@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
sound/soc/soc-ops.c | 6 ++++++
1 file changed, 6 insertions(+)
diff --git a/sound/soc/soc-ops.c b/sound/soc/soc-ops.c
index 2faf95d4bb75..fbd46a737652 100644
--- a/sound/soc/soc-ops.c
+++ b/sound/soc/soc-ops.c
@@ -460,6 +460,12 @@ int snd_soc_put_volsw_sx(struct snd_kcontrol *kcontrol,
if (snd_soc_volsw_is_stereo(mc)) {
val_mask = mask << rshift;
val2 = (ucontrol->value.integer.value[1] + min) & mask;
+
+ if (mc->platform_max && val2 > mc->platform_max)
+ return -EINVAL;
+ if (val2 > max)
+ return -EINVAL;
+
val2 = val2 << rshift;
err = snd_soc_component_update_bits(component, reg2, val_mask,
--
2.35.1
^ permalink raw reply related [flat|nested] 529+ messages in thread
* [PATCH 4.19 006/521] pinctrl: meditatek: Startup with the IRQs disabled
2023-01-16 15:44 [PATCH 4.19 000/521] 4.19.270-rc1 review Greg Kroah-Hartman
` (4 preceding siblings ...)
2023-01-16 15:44 ` [PATCH 4.19 005/521] ASoC: ops: Check bounds for second channel in snd_soc_put_volsw_sx() Greg Kroah-Hartman
@ 2023-01-16 15:44 ` Greg Kroah-Hartman
2023-01-16 15:44 ` [PATCH 4.19 007/521] can: sja1000: fix size of OCR_MODE_MASK define Greg Kroah-Hartman
` (518 subsequent siblings)
524 siblings, 0 replies; 529+ messages in thread
From: Greg Kroah-Hartman @ 2023-01-16 15:44 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Ricardo Ribalda,
AngeloGioacchino Del Regno, Matthias Brugger, Linus Walleij,
Sasha Levin
From: Ricardo Ribalda <ribalda@chromium.org>
[ Upstream commit 11780e37565db4dd064d3243ca68f755c13f65b4 ]
If the system is restarted via kexec(), the peripherals do not start
with a known state.
If the previous system had enabled an IRQs we will receive unexected
IRQs that can lock the system.
[ 28.109251] watchdog: BUG: soft lockup - CPU#0 stuck for 26s!
[swapper/0:0]
[ 28.109263] Modules linked in:
[ 28.109273] CPU: 0 PID: 0 Comm: swapper/0 Not tainted
5.15.79-14458-g4b9edf7b1ac6 #1 9f2e76613148af94acccd64c609a552fb4b4354b
[ 28.109284] Hardware name: Google Elm (DT)
[ 28.109290] pstate: 40400005 (nZcv daif +PAN -UAO -TCO -DIT -SSBS
BTYPE=--)
[ 28.109298] pc : __do_softirq+0xa0/0x388
[ 28.109309] lr : __do_softirq+0x70/0x388
[ 28.109316] sp : ffffffc008003ee0
[ 28.109321] x29: ffffffc008003f00 x28: 000000000000000a x27:
0000000000000080
[ 28.109334] x26: 0000000000000001 x25: ffffffefa7b350c0 x24:
ffffffefa7b47480
[ 28.109346] x23: ffffffefa7b3d000 x22: 0000000000000000 x21:
ffffffefa7b0fa40
[ 28.109358] x20: ffffffefa7b005b0 x19: ffffffefa7b47480 x18:
0000000000065b6b
[ 28.109370] x17: ffffffefa749c8b0 x16: 000000000000018c x15:
00000000000001b8
[ 28.109382] x14: 00000000000d3b6b x13: 0000000000000006 x12:
0000000000057e91
[ 28.109394] x11: 0000000000000000 x10: 0000000000000000 x9 :
ffffffefa7b47480
[ 28.109406] x8 : 00000000000000e0 x7 : 000000000f424000 x6 :
0000000000000000
[ 28.109418] x5 : ffffffefa7dfaca0 x4 : ffffffefa7dfadf0 x3 :
000000000000000f
[ 28.109429] x2 : 0000000000000000 x1 : 0000000000000100 x0 :
0000000001ac65c5
[ 28.109441] Call trace:
[ 28.109447] __do_softirq+0xa0/0x388
[ 28.109454] irq_exit+0xc0/0xe0
[ 28.109464] handle_domain_irq+0x68/0x90
[ 28.109473] gic_handle_irq+0xac/0xf0
[ 28.109480] call_on_irq_stack+0x28/0x50
[ 28.109488] do_interrupt_handler+0x44/0x58
[ 28.109496] el1_interrupt+0x30/0x58
[ 28.109506] el1h_64_irq_handler+0x18/0x24
[ 28.109512] el1h_64_irq+0x7c/0x80
[ 28.109519] arch_local_irq_enable+0xc/0x18
[ 28.109529] default_idle_call+0x40/0x140
[ 28.109539] do_idle+0x108/0x290
[ 28.109547] cpu_startup_entry+0x2c/0x30
[ 28.109554] rest_init+0xe8/0xf8
[ 28.109562] arch_call_rest_init+0x18/0x24
[ 28.109571] start_kernel+0x338/0x42c
[ 28.109578] __primary_switched+0xbc/0xc4
[ 28.109588] Kernel panic - not syncing: softlockup: hung tasks
Signed-off-by: Ricardo Ribalda <ribalda@chromium.org>
Link: https://lore.kernel.org/r/20221122-mtk-pinctrl-v1-1-bedf5655a3d2@chromium.org
Reviewed-by: AngeloGioacchino Del Regno <angelogioacchino.delregno@collabora.com>
Reviewed-by: Matthias Brugger <matthias.bgg@gmail.com>
Signed-off-by: Linus Walleij <linus.walleij@linaro.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/pinctrl/mediatek/mtk-eint.c | 9 ++++++---
1 file changed, 6 insertions(+), 3 deletions(-)
diff --git a/drivers/pinctrl/mediatek/mtk-eint.c b/drivers/pinctrl/mediatek/mtk-eint.c
index 564cfaee129d..55e3305ede81 100644
--- a/drivers/pinctrl/mediatek/mtk-eint.c
+++ b/drivers/pinctrl/mediatek/mtk-eint.c
@@ -277,12 +277,15 @@ static struct irq_chip mtk_eint_irq_chip = {
static unsigned int mtk_eint_hw_init(struct mtk_eint *eint)
{
- void __iomem *reg = eint->base + eint->regs->dom_en;
+ void __iomem *dom_en = eint->base + eint->regs->dom_en;
+ void __iomem *mask_set = eint->base + eint->regs->mask_set;
unsigned int i;
for (i = 0; i < eint->hw->ap_num; i += 32) {
- writel(0xffffffff, reg);
- reg += 4;
+ writel(0xffffffff, dom_en);
+ writel(0xffffffff, mask_set);
+ dom_en += 4;
+ mask_set += 4;
}
return 0;
--
2.35.1
^ permalink raw reply related [flat|nested] 529+ messages in thread
* [PATCH 4.19 007/521] can: sja1000: fix size of OCR_MODE_MASK define
2023-01-16 15:44 [PATCH 4.19 000/521] 4.19.270-rc1 review Greg Kroah-Hartman
` (5 preceding siblings ...)
2023-01-16 15:44 ` [PATCH 4.19 006/521] pinctrl: meditatek: Startup with the IRQs disabled Greg Kroah-Hartman
@ 2023-01-16 15:44 ` Greg Kroah-Hartman
2023-01-16 15:44 ` [PATCH 4.19 008/521] can: mcba_usb: Fix termination command argument Greg Kroah-Hartman
` (517 subsequent siblings)
524 siblings, 0 replies; 529+ messages in thread
From: Greg Kroah-Hartman @ 2023-01-16 15:44 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Heiko Schocher, Marc Kleine-Budde,
Sasha Levin
From: Heiko Schocher <hs@denx.de>
[ Upstream commit 26e8f6a75248247982458e8237b98c9fb2ffcf9d ]
bitfield mode in ocr register has only 2 bits not 3, so correct
the OCR_MODE_MASK define.
Signed-off-by: Heiko Schocher <hs@denx.de>
Link: https://lore.kernel.org/all/20221123071636.2407823-1-hs@denx.de
Signed-off-by: Marc Kleine-Budde <mkl@pengutronix.de>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
include/linux/can/platform/sja1000.h | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/include/linux/can/platform/sja1000.h b/include/linux/can/platform/sja1000.h
index 5755ae5a4712..6a869682c120 100644
--- a/include/linux/can/platform/sja1000.h
+++ b/include/linux/can/platform/sja1000.h
@@ -14,7 +14,7 @@
#define OCR_MODE_TEST 0x01
#define OCR_MODE_NORMAL 0x02
#define OCR_MODE_CLOCK 0x03
-#define OCR_MODE_MASK 0x07
+#define OCR_MODE_MASK 0x03
#define OCR_TX0_INVERT 0x04
#define OCR_TX0_PULLDOWN 0x08
#define OCR_TX0_PULLUP 0x10
--
2.35.1
^ permalink raw reply related [flat|nested] 529+ messages in thread
* [PATCH 4.19 008/521] can: mcba_usb: Fix termination command argument
2023-01-16 15:44 [PATCH 4.19 000/521] 4.19.270-rc1 review Greg Kroah-Hartman
` (6 preceding siblings ...)
2023-01-16 15:44 ` [PATCH 4.19 007/521] can: sja1000: fix size of OCR_MODE_MASK define Greg Kroah-Hartman
@ 2023-01-16 15:44 ` Greg Kroah-Hartman
2023-01-16 15:44 ` [PATCH 4.19 009/521] ASoC: ops: Correct bounds check for second channel on SX controls Greg Kroah-Hartman
` (516 subsequent siblings)
524 siblings, 0 replies; 529+ messages in thread
From: Greg Kroah-Hartman @ 2023-01-16 15:44 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Yasushi SHOJI, Marc Kleine-Budde,
Sasha Levin
From: Yasushi SHOJI <yasushi.shoji@gmail.com>
[ Upstream commit 1a8e3bd25f1e789c8154e11ea24dc3ec5a4c1da0 ]
Microchip USB Analyzer can activate the internal termination resistors
by setting the "termination" option ON, or OFF to to deactivate them.
As I've observed, both with my oscilloscope and captured USB packets
below, you must send "0" to turn it ON, and "1" to turn it OFF.
>From the schematics in the user's guide, I can confirm that you must
drive the CAN_RES signal LOW "0" to activate the resistors.
Reverse the argument value of usb_msg.termination to fix this.
These are the two commands sequence, ON then OFF.
> No. Time Source Destination Protocol Length Info
> 1 0.000000 host 1.3.1 USB 46 URB_BULK out
>
> Frame 1: 46 bytes on wire (368 bits), 46 bytes captured (368 bits)
> USB URB
> Leftover Capture Data: a80000000000000000000000000000000000a8
>
> No. Time Source Destination Protocol Length Info
> 2 4.372547 host 1.3.1 USB 46 URB_BULK out
>
> Frame 2: 46 bytes on wire (368 bits), 46 bytes captured (368 bits)
> USB URB
> Leftover Capture Data: a80100000000000000000000000000000000a9
Signed-off-by: Yasushi SHOJI <yashi@spacecubics.com>
Link: https://lore.kernel.org/all/20221124152504.125994-1-yashi@spacecubics.com
Signed-off-by: Marc Kleine-Budde <mkl@pengutronix.de>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/can/usb/mcba_usb.c | 10 +++++++---
1 file changed, 7 insertions(+), 3 deletions(-)
diff --git a/drivers/net/can/usb/mcba_usb.c b/drivers/net/can/usb/mcba_usb.c
index ea1de06009d6..093458fbde68 100644
--- a/drivers/net/can/usb/mcba_usb.c
+++ b/drivers/net/can/usb/mcba_usb.c
@@ -58,6 +58,10 @@
#define MCBA_VER_REQ_USB 1
#define MCBA_VER_REQ_CAN 2
+/* Drive the CAN_RES signal LOW "0" to activate R24 and R25 */
+#define MCBA_VER_TERMINATION_ON 0
+#define MCBA_VER_TERMINATION_OFF 1
+
#define MCBA_SIDL_EXID_MASK 0x8
#define MCBA_DLC_MASK 0xf
#define MCBA_DLC_RTR_MASK 0x40
@@ -480,7 +484,7 @@ static void mcba_usb_process_ka_usb(struct mcba_priv *priv,
priv->usb_ka_first_pass = false;
}
- if (msg->termination_state)
+ if (msg->termination_state == MCBA_VER_TERMINATION_ON)
priv->can.termination = MCBA_TERMINATION_ENABLED;
else
priv->can.termination = MCBA_TERMINATION_DISABLED;
@@ -800,9 +804,9 @@ static int mcba_set_termination(struct net_device *netdev, u16 term)
};
if (term == MCBA_TERMINATION_ENABLED)
- usb_msg.termination = 1;
+ usb_msg.termination = MCBA_VER_TERMINATION_ON;
else
- usb_msg.termination = 0;
+ usb_msg.termination = MCBA_VER_TERMINATION_OFF;
mcba_usb_xmit_cmd(priv, (struct mcba_usb_msg *)&usb_msg);
--
2.35.1
^ permalink raw reply related [flat|nested] 529+ messages in thread
* [PATCH 4.19 009/521] ASoC: ops: Correct bounds check for second channel on SX controls
2023-01-16 15:44 [PATCH 4.19 000/521] 4.19.270-rc1 review Greg Kroah-Hartman
` (7 preceding siblings ...)
2023-01-16 15:44 ` [PATCH 4.19 008/521] can: mcba_usb: Fix termination command argument Greg Kroah-Hartman
@ 2023-01-16 15:44 ` Greg Kroah-Hartman
2023-01-16 15:44 ` [PATCH 4.19 010/521] perf script python: Remove explicit shebang from tests/attr.c Greg Kroah-Hartman
` (515 subsequent siblings)
524 siblings, 0 replies; 529+ messages in thread
From: Greg Kroah-Hartman @ 2023-01-16 15:44 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Charles Keepax, Mark Brown
From: Charles Keepax <ckeepax@opensource.cirrus.com>
commit f33bcc506050f89433a52a3052054d4ebd37b1c1 upstream.
Currently the check against the max value for the control is being
applied after the value has had the minimum applied and been masked. But
the max value simply indicates the number of volume levels on an SX
control, and as such should just be applied on the raw value.
Fixes: 97eea946b939 ("ASoC: ops: Check bounds for second channel in snd_soc_put_volsw_sx()")
Signed-off-by: Charles Keepax <ckeepax@opensource.cirrus.com>
Link: https://lore.kernel.org/r/20221125162348.1288005-1-ckeepax@opensource.cirrus.com
Signed-off-by: Mark Brown <broonie@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
sound/soc/soc-ops.c | 5 +++--
1 file changed, 3 insertions(+), 2 deletions(-)
--- a/sound/soc/soc-ops.c
+++ b/sound/soc/soc-ops.c
@@ -458,14 +458,15 @@ int snd_soc_put_volsw_sx(struct snd_kcon
return err;
if (snd_soc_volsw_is_stereo(mc)) {
- val_mask = mask << rshift;
- val2 = (ucontrol->value.integer.value[1] + min) & mask;
+ val2 = ucontrol->value.integer.value[1];
if (mc->platform_max && val2 > mc->platform_max)
return -EINVAL;
if (val2 > max)
return -EINVAL;
+ val_mask = mask << rshift;
+ val2 = (val2 + min) & mask;
val2 = val2 << rshift;
err = snd_soc_component_update_bits(component, reg2, val_mask,
^ permalink raw reply [flat|nested] 529+ messages in thread
* [PATCH 4.19 010/521] perf script python: Remove explicit shebang from tests/attr.c
2023-01-16 15:44 [PATCH 4.19 000/521] 4.19.270-rc1 review Greg Kroah-Hartman
` (8 preceding siblings ...)
2023-01-16 15:44 ` [PATCH 4.19 009/521] ASoC: ops: Correct bounds check for second channel on SX controls Greg Kroah-Hartman
@ 2023-01-16 15:44 ` Greg Kroah-Hartman
2023-01-16 15:44 ` [PATCH 4.19 011/521] udf: Discard preallocation before extending file with a hole Greg Kroah-Hartman
` (514 subsequent siblings)
524 siblings, 0 replies; 529+ messages in thread
From: Greg Kroah-Hartman @ 2023-01-16 15:44 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Tony Jones, Jiri Olsa,
Jonathan Corbet, Ravi Bangoria, Seeteena Thoufeek,
Arnaldo Carvalho de Melo, Christophe Leroy
From: Tony Jones <tonyj@suse.de>
commit d72eadbc1d2866fc047edd4535ffb0298fe240be upstream.
tests/attr.c invokes attr.py via an explicit invocation of Python
($PYTHON) so there is therefore no need for an explicit shebang.
Also most distros follow pep-0394 which recommends that /usr/bin/python
refer only to v2 and so may not exist on the system (if PYTHON=python3).
Signed-off-by: Tony Jones <tonyj@suse.de>
Acked-by: Jiri Olsa <jolsa@kernel.org>
Cc: Jonathan Corbet <corbet@lwn.net>
Cc: Ravi Bangoria <ravi.bangoria@linux.ibm.com>
Cc: Seeteena Thoufeek <s1seetee@linux.vnet.ibm.com>
Link: http://lkml.kernel.org/r/20190124005229.16146-5-tonyj@suse.de
Signed-off-by: Arnaldo Carvalho de Melo <acme@redhat.com>
Signed-off-by: Christophe Leroy <christophe.leroy@csgroup.eu>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
tools/perf/tests/attr.py | 1 -
1 file changed, 1 deletion(-)
--- a/tools/perf/tests/attr.py
+++ b/tools/perf/tests/attr.py
@@ -1,4 +1,3 @@
-#! /usr/bin/python
# SPDX-License-Identifier: GPL-2.0
import os
^ permalink raw reply [flat|nested] 529+ messages in thread
* [PATCH 4.19 011/521] udf: Discard preallocation before extending file with a hole
2023-01-16 15:44 [PATCH 4.19 000/521] 4.19.270-rc1 review Greg Kroah-Hartman
` (9 preceding siblings ...)
2023-01-16 15:44 ` [PATCH 4.19 010/521] perf script python: Remove explicit shebang from tests/attr.c Greg Kroah-Hartman
@ 2023-01-16 15:44 ` Greg Kroah-Hartman
2023-01-16 15:44 ` [PATCH 4.19 012/521] udf: Fix preallocation discarding at indirect extent boundary Greg Kroah-Hartman
` (513 subsequent siblings)
524 siblings, 0 replies; 529+ messages in thread
From: Greg Kroah-Hartman @ 2023-01-16 15:44 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Jan Kara
From: Jan Kara <jack@suse.cz>
commit 16d0556568148bdcaa45d077cac9f8f7077cf70a upstream.
When extending file with a hole, we tried to preserve existing
preallocation for the file. However that is not very useful and
complicates code because the previous extent may need to be rounded to
block boundary as well (which we forgot to do thus causing data
corruption for sequence like:
xfs_io -f -c "pwrite 0x75e63 11008" -c "truncate 0x7b24b" \
-c "truncate 0xabaa3" -c "pwrite 0xac70b 22954" \
-c "pwrite 0x93a43 11358" -c "pwrite 0xb8e65 52211" file
with 512-byte block size. Just discard preallocation before extending
file to simplify things and also fix this data corruption.
CC: stable@vger.kernel.org
Signed-off-by: Jan Kara <jack@suse.cz>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/udf/inode.c | 46 ++++++++++++++++++----------------------------
1 file changed, 18 insertions(+), 28 deletions(-)
--- a/fs/udf/inode.c
+++ b/fs/udf/inode.c
@@ -434,6 +434,12 @@ static int udf_get_block(struct inode *i
iinfo->i_next_alloc_goal++;
}
+ /*
+ * Block beyond EOF and prealloc extents? Just discard preallocation
+ * as it is not useful and complicates things.
+ */
+ if (((loff_t)block) << inode->i_blkbits > iinfo->i_lenExtents)
+ udf_discard_prealloc(inode);
udf_clear_extent_cache(inode);
phys = inode_getblk(inode, block, &err, &new);
if (!phys)
@@ -483,8 +489,6 @@ static int udf_do_extend_file(struct ino
uint32_t add;
int count = 0, fake = !(last_ext->extLength & UDF_EXTENT_LENGTH_MASK);
struct super_block *sb = inode->i_sb;
- struct kernel_lb_addr prealloc_loc = {};
- uint32_t prealloc_len = 0;
struct udf_inode_info *iinfo;
int err;
@@ -505,19 +509,6 @@ static int udf_do_extend_file(struct ino
~(sb->s_blocksize - 1);
}
- /* Last extent are just preallocated blocks? */
- if ((last_ext->extLength & UDF_EXTENT_FLAG_MASK) ==
- EXT_NOT_RECORDED_ALLOCATED) {
- /* Save the extent so that we can reattach it to the end */
- prealloc_loc = last_ext->extLocation;
- prealloc_len = last_ext->extLength;
- /* Mark the extent as a hole */
- last_ext->extLength = EXT_NOT_RECORDED_NOT_ALLOCATED |
- (last_ext->extLength & UDF_EXTENT_LENGTH_MASK);
- last_ext->extLocation.logicalBlockNum = 0;
- last_ext->extLocation.partitionReferenceNum = 0;
- }
-
/* Can we merge with the previous extent? */
if ((last_ext->extLength & UDF_EXTENT_FLAG_MASK) ==
EXT_NOT_RECORDED_NOT_ALLOCATED) {
@@ -545,7 +536,7 @@ static int udf_do_extend_file(struct ino
* more extents, we may need to enter possible following
* empty indirect extent.
*/
- if (new_block_bytes || prealloc_len)
+ if (new_block_bytes)
udf_next_aext(inode, last_pos, &tmploc, &tmplen, 0);
}
@@ -579,17 +570,6 @@ static int udf_do_extend_file(struct ino
}
out:
- /* Do we have some preallocated blocks saved? */
- if (prealloc_len) {
- err = udf_add_aext(inode, last_pos, &prealloc_loc,
- prealloc_len, 1);
- if (err)
- return err;
- last_ext->extLocation = prealloc_loc;
- last_ext->extLength = prealloc_len;
- count++;
- }
-
/* last_pos should point to the last written extent... */
if (iinfo->i_alloc_type == ICBTAG_FLAG_AD_SHORT)
last_pos->offset -= sizeof(struct short_ad);
@@ -642,8 +622,17 @@ static int udf_extend_file(struct inode
else
BUG();
+ /*
+ * When creating hole in file, just don't bother with preserving
+ * preallocation. It likely won't be very useful anyway.
+ */
+ udf_discard_prealloc(inode);
+
etype = inode_bmap(inode, first_block, &epos, &eloc, &elen, &offset);
within_final_block = (etype != -1);
+ /* We don't expect extents past EOF... */
+ WARN_ON_ONCE(etype != -1 &&
+ elen > ((loff_t)offset + 1) << inode->i_blkbits);
if ((!epos.bh && epos.offset == udf_file_entry_alloc_offset(inode)) ||
(epos.bh && epos.offset == sizeof(struct allocExtDesc))) {
@@ -772,10 +761,11 @@ static sector_t inode_getblk(struct inod
goto out_free;
}
- /* Are we beyond EOF? */
+ /* Are we beyond EOF and preallocated extent? */
if (etype == -1) {
int ret;
loff_t hole_len;
+
isBeyondEOF = true;
if (count) {
if (c)
^ permalink raw reply [flat|nested] 529+ messages in thread
* [PATCH 4.19 012/521] udf: Fix preallocation discarding at indirect extent boundary
2023-01-16 15:44 [PATCH 4.19 000/521] 4.19.270-rc1 review Greg Kroah-Hartman
` (10 preceding siblings ...)
2023-01-16 15:44 ` [PATCH 4.19 011/521] udf: Discard preallocation before extending file with a hole Greg Kroah-Hartman
@ 2023-01-16 15:44 ` Greg Kroah-Hartman
2023-01-16 15:44 ` [PATCH 4.19 013/521] udf: Do not bother looking for prealloc extents if i_lenExtents matches i_size Greg Kroah-Hartman
` (512 subsequent siblings)
524 siblings, 0 replies; 529+ messages in thread
From: Greg Kroah-Hartman @ 2023-01-16 15:44 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Jan Kara
From: Jan Kara <jack@suse.cz>
commit cfe4c1b25dd6d2f056afc00b7c98bcb3dd0b1fc3 upstream.
When preallocation extent is the first one in the extent block, the
code would corrupt extent tree header instead. Fix the problem and use
udf_delete_aext() for deleting extent to avoid some code duplication.
CC: stable@vger.kernel.org
Signed-off-by: Jan Kara <jack@suse.cz>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/udf/truncate.c | 45 +++++++++++++--------------------------------
1 file changed, 13 insertions(+), 32 deletions(-)
--- a/fs/udf/truncate.c
+++ b/fs/udf/truncate.c
@@ -120,60 +120,41 @@ void udf_truncate_tail_extent(struct ino
void udf_discard_prealloc(struct inode *inode)
{
- struct extent_position epos = { NULL, 0, {0, 0} };
+ struct extent_position epos = {};
+ struct extent_position prev_epos = {};
struct kernel_lb_addr eloc;
uint32_t elen;
uint64_t lbcount = 0;
int8_t etype = -1, netype;
- int adsize;
struct udf_inode_info *iinfo = UDF_I(inode);
if (iinfo->i_alloc_type == ICBTAG_FLAG_AD_IN_ICB ||
inode->i_size == iinfo->i_lenExtents)
return;
- if (iinfo->i_alloc_type == ICBTAG_FLAG_AD_SHORT)
- adsize = sizeof(struct short_ad);
- else if (iinfo->i_alloc_type == ICBTAG_FLAG_AD_LONG)
- adsize = sizeof(struct long_ad);
- else
- adsize = 0;
-
epos.block = iinfo->i_location;
/* Find the last extent in the file */
- while ((netype = udf_next_aext(inode, &epos, &eloc, &elen, 1)) != -1) {
- etype = netype;
+ while ((netype = udf_next_aext(inode, &epos, &eloc, &elen, 0)) != -1) {
+ brelse(prev_epos.bh);
+ prev_epos = epos;
+ if (prev_epos.bh)
+ get_bh(prev_epos.bh);
+
+ etype = udf_next_aext(inode, &epos, &eloc, &elen, 1);
lbcount += elen;
}
if (etype == (EXT_NOT_RECORDED_ALLOCATED >> 30)) {
- epos.offset -= adsize;
lbcount -= elen;
- extent_trunc(inode, &epos, &eloc, etype, elen, 0);
- if (!epos.bh) {
- iinfo->i_lenAlloc =
- epos.offset -
- udf_file_entry_alloc_offset(inode);
- mark_inode_dirty(inode);
- } else {
- struct allocExtDesc *aed =
- (struct allocExtDesc *)(epos.bh->b_data);
- aed->lengthAllocDescs =
- cpu_to_le32(epos.offset -
- sizeof(struct allocExtDesc));
- if (!UDF_QUERY_FLAG(inode->i_sb, UDF_FLAG_STRICT) ||
- UDF_SB(inode->i_sb)->s_udfrev >= 0x0201)
- udf_update_tag(epos.bh->b_data, epos.offset);
- else
- udf_update_tag(epos.bh->b_data,
- sizeof(struct allocExtDesc));
- mark_buffer_dirty_inode(epos.bh, inode);
- }
+ udf_delete_aext(inode, prev_epos);
+ udf_free_blocks(inode->i_sb, inode, &eloc, 0,
+ DIV_ROUND_UP(elen, 1 << inode->i_blkbits));
}
/* This inode entry is in-memory only and thus we don't have to mark
* the inode dirty */
iinfo->i_lenExtents = lbcount;
brelse(epos.bh);
+ brelse(prev_epos.bh);
}
static void udf_update_alloc_ext_desc(struct inode *inode,
^ permalink raw reply [flat|nested] 529+ messages in thread
* [PATCH 4.19 013/521] udf: Do not bother looking for prealloc extents if i_lenExtents matches i_size
2023-01-16 15:44 [PATCH 4.19 000/521] 4.19.270-rc1 review Greg Kroah-Hartman
` (11 preceding siblings ...)
2023-01-16 15:44 ` [PATCH 4.19 012/521] udf: Fix preallocation discarding at indirect extent boundary Greg Kroah-Hartman
@ 2023-01-16 15:44 ` Greg Kroah-Hartman
2023-01-16 15:44 ` [PATCH 4.19 014/521] udf: Fix extending file within last block Greg Kroah-Hartman
` (511 subsequent siblings)
524 siblings, 0 replies; 529+ messages in thread
From: Greg Kroah-Hartman @ 2023-01-16 15:44 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Jan Kara
From: Jan Kara <jack@suse.cz>
commit 6ad53f0f71c52871202a7bf096feb2c59db33fc5 upstream.
If rounded block-rounded i_lenExtents matches block rounded i_size,
there are no preallocation extents. Do not bother walking extent linked
list.
CC: stable@vger.kernel.org
Signed-off-by: Jan Kara <jack@suse.cz>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/udf/truncate.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
--- a/fs/udf/truncate.c
+++ b/fs/udf/truncate.c
@@ -127,9 +127,10 @@ void udf_discard_prealloc(struct inode *
uint64_t lbcount = 0;
int8_t etype = -1, netype;
struct udf_inode_info *iinfo = UDF_I(inode);
+ int bsize = 1 << inode->i_blkbits;
if (iinfo->i_alloc_type == ICBTAG_FLAG_AD_IN_ICB ||
- inode->i_size == iinfo->i_lenExtents)
+ ALIGN(inode->i_size, bsize) == ALIGN(iinfo->i_lenExtents, bsize))
return;
epos.block = iinfo->i_location;
^ permalink raw reply [flat|nested] 529+ messages in thread
* [PATCH 4.19 014/521] udf: Fix extending file within last block
2023-01-16 15:44 [PATCH 4.19 000/521] 4.19.270-rc1 review Greg Kroah-Hartman
` (12 preceding siblings ...)
2023-01-16 15:44 ` [PATCH 4.19 013/521] udf: Do not bother looking for prealloc extents if i_lenExtents matches i_size Greg Kroah-Hartman
@ 2023-01-16 15:44 ` Greg Kroah-Hartman
2023-01-16 15:44 ` [PATCH 4.19 015/521] usb: gadget: uvc: Prevent buffer overflow in setup handler Greg Kroah-Hartman
` (510 subsequent siblings)
524 siblings, 0 replies; 529+ messages in thread
From: Greg Kroah-Hartman @ 2023-01-16 15:44 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Jan Kara
From: Jan Kara <jack@suse.cz>
commit 1f3868f06855c97a4954c99b36f3fc9eb8f60326 upstream.
When extending file within last block it can happen that the extent is
already rounded to the blocksize and thus contains the offset we want to
grow up to. In such case we would mistakenly expand the last extent and
make it one block longer than it should be, exposing unallocated block
in a file and causing data corruption. Fix the problem by properly
detecting this case and bailing out.
CC: stable@vger.kernel.org
Signed-off-by: Jan Kara <jack@suse.cz>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/udf/inode.c | 32 +++++++++++++++++---------------
1 file changed, 17 insertions(+), 15 deletions(-)
--- a/fs/udf/inode.c
+++ b/fs/udf/inode.c
@@ -585,13 +585,17 @@ out:
static void udf_do_extend_final_block(struct inode *inode,
struct extent_position *last_pos,
struct kernel_long_ad *last_ext,
- uint32_t final_block_len)
+ uint32_t new_elen)
{
- struct super_block *sb = inode->i_sb;
uint32_t added_bytes;
- added_bytes = final_block_len -
- (last_ext->extLength & (sb->s_blocksize - 1));
+ /*
+ * Extent already large enough? It may be already rounded up to block
+ * size...
+ */
+ if (new_elen <= (last_ext->extLength & UDF_EXTENT_LENGTH_MASK))
+ return;
+ added_bytes = (last_ext->extLength & UDF_EXTENT_LENGTH_MASK) - new_elen;
last_ext->extLength += added_bytes;
UDF_I(inode)->i_lenExtents += added_bytes;
@@ -608,12 +612,12 @@ static int udf_extend_file(struct inode
int8_t etype;
struct super_block *sb = inode->i_sb;
sector_t first_block = newsize >> sb->s_blocksize_bits, offset;
- unsigned long partial_final_block;
+ loff_t new_elen;
int adsize;
struct udf_inode_info *iinfo = UDF_I(inode);
struct kernel_long_ad extent;
int err = 0;
- int within_final_block;
+ bool within_last_ext;
if (iinfo->i_alloc_type == ICBTAG_FLAG_AD_SHORT)
adsize = sizeof(struct short_ad);
@@ -629,9 +633,9 @@ static int udf_extend_file(struct inode
udf_discard_prealloc(inode);
etype = inode_bmap(inode, first_block, &epos, &eloc, &elen, &offset);
- within_final_block = (etype != -1);
+ within_last_ext = (etype != -1);
/* We don't expect extents past EOF... */
- WARN_ON_ONCE(etype != -1 &&
+ WARN_ON_ONCE(within_last_ext &&
elen > ((loff_t)offset + 1) << inode->i_blkbits);
if ((!epos.bh && epos.offset == udf_file_entry_alloc_offset(inode)) ||
@@ -648,19 +652,17 @@ static int udf_extend_file(struct inode
extent.extLength |= etype << 30;
}
- partial_final_block = newsize & (sb->s_blocksize - 1);
+ new_elen = ((loff_t)offset << inode->i_blkbits) |
+ (newsize & (sb->s_blocksize - 1));
/* File has extent covering the new size (could happen when extending
* inside a block)?
*/
- if (within_final_block) {
+ if (within_last_ext) {
/* Extending file within the last file block */
- udf_do_extend_final_block(inode, &epos, &extent,
- partial_final_block);
+ udf_do_extend_final_block(inode, &epos, &extent, new_elen);
} else {
- loff_t add = ((loff_t)offset << sb->s_blocksize_bits) |
- partial_final_block;
- err = udf_do_extend_file(inode, &epos, &extent, add);
+ err = udf_do_extend_file(inode, &epos, &extent, new_elen);
}
if (err < 0)
^ permalink raw reply [flat|nested] 529+ messages in thread
* [PATCH 4.19 015/521] usb: gadget: uvc: Prevent buffer overflow in setup handler
2023-01-16 15:44 [PATCH 4.19 000/521] 4.19.270-rc1 review Greg Kroah-Hartman
` (13 preceding siblings ...)
2023-01-16 15:44 ` [PATCH 4.19 014/521] udf: Fix extending file within last block Greg Kroah-Hartman
@ 2023-01-16 15:44 ` Greg Kroah-Hartman
2023-01-16 15:44 ` [PATCH 4.19 016/521] USB: serial: option: add Quectel EM05-G modem Greg Kroah-Hartman
` (509 subsequent siblings)
524 siblings, 0 replies; 529+ messages in thread
From: Greg Kroah-Hartman @ 2023-01-16 15:44 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, stable, Laurent Pinchart,
Daniel Scally, Szymon Heidrich
From: Szymon Heidrich <szymon.heidrich@gmail.com>
commit 4c92670b16727365699fe4b19ed32013bab2c107 upstream.
Setup function uvc_function_setup permits control transfer
requests with up to 64 bytes of payload (UVC_MAX_REQUEST_SIZE),
data stage handler for OUT transfer uses memcpy to copy req->actual
bytes to uvc_event->data.data array of size 60. This may result
in an overflow of 4 bytes.
Fixes: cdda479f15cd ("USB gadget: video class function driver")
Cc: stable <stable@kernel.org>
Reviewed-by: Laurent Pinchart <laurent.pinchart@ideasonboard.com>
Reviewed-by: Daniel Scally <dan.scally@ideasonboard.com>
Signed-off-by: Szymon Heidrich <szymon.heidrich@gmail.com>
Link: https://lore.kernel.org/r/20221206141301.51305-1-szymon.heidrich@gmail.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/usb/gadget/function/f_uvc.c | 5 +++--
1 file changed, 3 insertions(+), 2 deletions(-)
--- a/drivers/usb/gadget/function/f_uvc.c
+++ b/drivers/usb/gadget/function/f_uvc.c
@@ -219,8 +219,9 @@ uvc_function_ep0_complete(struct usb_ep
memset(&v4l2_event, 0, sizeof(v4l2_event));
v4l2_event.type = UVC_EVENT_DATA;
- uvc_event->data.length = req->actual;
- memcpy(&uvc_event->data.data, req->buf, req->actual);
+ uvc_event->data.length = min_t(unsigned int, req->actual,
+ sizeof(uvc_event->data.data));
+ memcpy(&uvc_event->data.data, req->buf, uvc_event->data.length);
v4l2_event_queue(&uvc->vdev, &v4l2_event);
}
}
^ permalink raw reply [flat|nested] 529+ messages in thread
* [PATCH 4.19 016/521] USB: serial: option: add Quectel EM05-G modem
2023-01-16 15:44 [PATCH 4.19 000/521] 4.19.270-rc1 review Greg Kroah-Hartman
` (14 preceding siblings ...)
2023-01-16 15:44 ` [PATCH 4.19 015/521] usb: gadget: uvc: Prevent buffer overflow in setup handler Greg Kroah-Hartman
@ 2023-01-16 15:44 ` Greg Kroah-Hartman
2023-01-16 15:44 ` [PATCH 4.19 017/521] USB: serial: cp210x: add Kamstrup RF sniffer PIDs Greg Kroah-Hartman
` (508 subsequent siblings)
524 siblings, 0 replies; 529+ messages in thread
From: Greg Kroah-Hartman @ 2023-01-16 15:44 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Duke Xin, Johan Hovold
From: Duke Xin <duke_xinanwen@163.com>
commit f0052d7a1edb3d8921b4e154aa8c46c4845b3714 upstream.
The EM05-G modem has 2 USB configurations that are configurable via the AT
command AT+QCFG="usbnet",[ 0 | 2 ] which make the modem enumerate with
the following interfaces, respectively:
"RMNET" : AT + DIAG + NMEA + Modem + QMI
"MBIM" : MBIM + AT + DIAG + NMEA + Modem
The detailed description of the USB configuration for each mode as follows:
RMNET Mode
--------------
T: Bus=01 Lev=01 Prnt=01 Port=00 Cnt=01 Dev#= 21 Spd=480 MxCh= 0
D: Ver= 2.00 Cls=ef(misc ) Sub=02 Prot=01 MxPS=64 #Cfgs= 1
P: Vendor=2c7c ProdID=0311 Rev= 3.18
S: Manufacturer=Quectel
S: Product=Quectel EM05-G
C:* #Ifs= 5 Cfg#= 1 Atr=a0 MxPwr=500mA
I:* If#= 3 Alt= 0 #EPs= 2 Cls=ff(vend.) Sub=ff Prot=ff Driver=option
E: Ad=81(I) Atr=02(Bulk) MxPS= 512 Ivl=0ms
E: Ad=01(O) Atr=02(Bulk) MxPS= 512 Ivl=0ms
I:* If#= 4 Alt= 0 #EPs= 3 Cls=ff(vend.) Sub=00 Prot=00 Driver=option
E: Ad=83(I) Atr=03(Int.) MxPS= 10 Ivl=32ms
E: Ad=82(I) Atr=02(Bulk) MxPS= 512 Ivl=0ms
E: Ad=02(O) Atr=02(Bulk) MxPS= 512 Ivl=0ms
I:* If#= 2 Alt= 0 #EPs= 3 Cls=ff(vend.) Sub=00 Prot=00 Driver=option
E: Ad=85(I) Atr=03(Int.) MxPS= 10 Ivl=32ms
E: Ad=84(I) Atr=02(Bulk) MxPS= 512 Ivl=0ms
E: Ad=03(O) Atr=02(Bulk) MxPS= 512 Ivl=0ms
I:* If#= 5 Alt= 0 #EPs= 3 Cls=ff(vend.) Sub=00 Prot=00 Driver=option
E: Ad=87(I) Atr=03(Int.) MxPS= 10 Ivl=32ms
E: Ad=86(I) Atr=02(Bulk) MxPS= 512 Ivl=0ms
E: Ad=04(O) Atr=02(Bulk) MxPS= 512 Ivl=0ms
I:* If#= 6 Alt= 0 #EPs= 3 Cls=ff(vend.) Sub=ff Prot=ff Driver=(none)
E: Ad=89(I) Atr=03(Int.) MxPS= 8 Ivl=32ms
E: Ad=88(I) Atr=02(Bulk) MxPS= 512 Ivl=0ms
E: Ad=05(O) Atr=02(Bulk) MxPS= 512 Ivl=0ms
MBIM Mode
--------------
T: Bus=01 Lev=01 Prnt=01 Port=00 Cnt=01 Dev#= 16 Spd=480 MxCh= 0
D: Ver= 2.00 Cls=ef(misc ) Sub=02 Prot=01 MxPS=64 #Cfgs= 1
P: Vendor=2c7c ProdID=0311 Rev= 3.18
S: Manufacturer=Quectel
S: Product=Quectel EM05-G
C:* #Ifs= 6 Cfg#= 1 Atr=a0 MxPwr=500mA
A: FirstIf#= 0 IfCount= 2 Cls=02(comm.) Sub=0e Prot=00
I:* If#= 3 Alt= 0 #EPs= 2 Cls=ff(vend.) Sub=ff Prot=ff Driver=option
E: Ad=81(I) Atr=02(Bulk) MxPS= 512 Ivl=0ms
E: Ad=01(O) Atr=02(Bulk) MxPS= 512 Ivl=0ms
I:* If#= 4 Alt= 0 #EPs= 3 Cls=ff(vend.) Sub=00 Prot=00 Driver=option
E: Ad=83(I) Atr=03(Int.) MxPS= 10 Ivl=32ms
E: Ad=82(I) Atr=02(Bulk) MxPS= 512 Ivl=0ms
E: Ad=02(O) Atr=02(Bulk) MxPS= 512 Ivl=0ms
I:* If#= 2 Alt= 0 #EPs= 3 Cls=ff(vend.) Sub=00 Prot=00 Driver=option
E: Ad=85(I) Atr=03(Int.) MxPS= 10 Ivl=32ms
E: Ad=84(I) Atr=02(Bulk) MxPS= 512 Ivl=0ms
E: Ad=03(O) Atr=02(Bulk) MxPS= 512 Ivl=0ms
I:* If#= 5 Alt= 0 #EPs= 3 Cls=ff(vend.) Sub=00 Prot=00 Driver=option
E: Ad=87(I) Atr=03(Int.) MxPS= 10 Ivl=32ms
E: Ad=86(I) Atr=02(Bulk) MxPS= 512 Ivl=0ms
E: Ad=04(O) Atr=02(Bulk) MxPS= 512 Ivl=0ms
I:* If#= 0 Alt= 0 #EPs= 1 Cls=02(comm.) Sub=0e Prot=00 Driver=cdc_mbim
E: Ad=89(I) Atr=03(Int.) MxPS= 64 Ivl=32ms
I: If#= 1 Alt= 0 #EPs= 0 Cls=0a(data ) Sub=00 Prot=02 Driver=cdc_mbim
I:* If#= 1 Alt= 1 #EPs= 2 Cls=0a(data ) Sub=00 Prot=02 Driver=cdc_mbim
E: Ad=88(I) Atr=02(Bulk) MxPS= 512 Ivl=0ms
E: Ad=05(O) Atr=02(Bulk) MxPS= 512 Ivl=0ms
Signed-off-by: Duke Xin <duke_xinanwen@163.com>
Cc: stable@vger.kernel.org
Signed-off-by: Johan Hovold <johan@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/usb/serial/option.c | 3 +++
1 file changed, 3 insertions(+)
--- a/drivers/usb/serial/option.c
+++ b/drivers/usb/serial/option.c
@@ -255,6 +255,7 @@ static void option_instat_callback(struc
#define QUECTEL_PRODUCT_EP06 0x0306
#define QUECTEL_PRODUCT_EM05G 0x030a
#define QUECTEL_PRODUCT_EM060K 0x030b
+#define QUECTEL_PRODUCT_EM05G_SG 0x0311
#define QUECTEL_PRODUCT_EM12 0x0512
#define QUECTEL_PRODUCT_RM500Q 0x0800
#define QUECTEL_PRODUCT_RM520N 0x0801
@@ -1160,6 +1161,8 @@ static const struct usb_device_id option
{ USB_DEVICE_AND_INTERFACE_INFO(QUECTEL_VENDOR_ID, QUECTEL_PRODUCT_EP06, 0xff, 0, 0) },
{ USB_DEVICE_INTERFACE_CLASS(QUECTEL_VENDOR_ID, QUECTEL_PRODUCT_EM05G, 0xff),
.driver_info = RSVD(6) | ZLP },
+ { USB_DEVICE_INTERFACE_CLASS(QUECTEL_VENDOR_ID, QUECTEL_PRODUCT_EM05G_SG, 0xff),
+ .driver_info = RSVD(6) | ZLP },
{ USB_DEVICE_AND_INTERFACE_INFO(QUECTEL_VENDOR_ID, QUECTEL_PRODUCT_EM060K, 0xff, 0x00, 0x40) },
{ USB_DEVICE_AND_INTERFACE_INFO(QUECTEL_VENDOR_ID, QUECTEL_PRODUCT_EM060K, 0xff, 0xff, 0x30) },
{ USB_DEVICE_AND_INTERFACE_INFO(QUECTEL_VENDOR_ID, QUECTEL_PRODUCT_EM060K, 0xff, 0xff, 0x40) },
^ permalink raw reply [flat|nested] 529+ messages in thread
* [PATCH 4.19 017/521] USB: serial: cp210x: add Kamstrup RF sniffer PIDs
2023-01-16 15:44 [PATCH 4.19 000/521] 4.19.270-rc1 review Greg Kroah-Hartman
` (15 preceding siblings ...)
2023-01-16 15:44 ` [PATCH 4.19 016/521] USB: serial: option: add Quectel EM05-G modem Greg Kroah-Hartman
@ 2023-01-16 15:44 ` Greg Kroah-Hartman
2023-01-16 15:44 ` [PATCH 4.19 018/521] USB: serial: f81534: fix division by zero on line-speed change Greg Kroah-Hartman
` (507 subsequent siblings)
524 siblings, 0 replies; 529+ messages in thread
From: Greg Kroah-Hartman @ 2023-01-16 15:44 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Bruno Thomsen, Johan Hovold
From: Bruno Thomsen <bruno.thomsen@gmail.com>
commit e88906b169ebcb8046e8f0ad76edd09ab41cfdfe upstream.
The RF sniffers are based on cp210x where the RF frontends
are based on a different USB stack.
RF sniffers can analyze packets meta data including power level
and perform packet injection.
Can be used to perform RF frontend self-test when connected to
a concentrator, ex. arch/arm/boot/dts/imx7d-flex-concentrator.dts
Signed-off-by: Bruno Thomsen <bruno.thomsen@gmail.com>
Cc: stable@vger.kernel.org
Signed-off-by: Johan Hovold <johan@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/usb/serial/cp210x.c | 2 ++
1 file changed, 2 insertions(+)
--- a/drivers/usb/serial/cp210x.c
+++ b/drivers/usb/serial/cp210x.c
@@ -196,6 +196,8 @@ static const struct usb_device_id id_tab
{ USB_DEVICE(0x16DC, 0x0015) }, /* W-IE-NE-R Plein & Baus GmbH CML Control, Monitoring and Data Logger */
{ USB_DEVICE(0x17A8, 0x0001) }, /* Kamstrup Optical Eye/3-wire */
{ USB_DEVICE(0x17A8, 0x0005) }, /* Kamstrup M-Bus Master MultiPort 250D */
+ { USB_DEVICE(0x17A8, 0x0011) }, /* Kamstrup 444 MHz RF sniffer */
+ { USB_DEVICE(0x17A8, 0x0013) }, /* Kamstrup 870 MHz RF sniffer */
{ USB_DEVICE(0x17A8, 0x0101) }, /* Kamstrup 868 MHz wM-Bus C-Mode Meter Reader (Int Ant) */
{ USB_DEVICE(0x17A8, 0x0102) }, /* Kamstrup 868 MHz wM-Bus C-Mode Meter Reader (Ext Ant) */
{ USB_DEVICE(0x17F4, 0xAAAA) }, /* Wavesense Jazz blood glucose meter */
^ permalink raw reply [flat|nested] 529+ messages in thread
* [PATCH 4.19 018/521] USB: serial: f81534: fix division by zero on line-speed change
2023-01-16 15:44 [PATCH 4.19 000/521] 4.19.270-rc1 review Greg Kroah-Hartman
` (16 preceding siblings ...)
2023-01-16 15:44 ` [PATCH 4.19 017/521] USB: serial: cp210x: add Kamstrup RF sniffer PIDs Greg Kroah-Hartman
@ 2023-01-16 15:44 ` Greg Kroah-Hartman
2023-01-16 15:44 ` [PATCH 4.19 019/521] igb: Initialize mailbox message for VF reset Greg Kroah-Hartman
` (506 subsequent siblings)
524 siblings, 0 replies; 529+ messages in thread
From: Greg Kroah-Hartman @ 2023-01-16 15:44 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Ji-Ze Hong (Peter Hong), Johan Hovold
From: Johan Hovold <johan@kernel.org>
commit 188c9c2e0c7f4ae864113f80c40bafb394062271 upstream.
The driver leaves the line speed unchanged in case a requested speed is
not supported. Make sure to handle the case where the current speed is
B0 (hangup) without dividing by zero when determining the clock source.
Fixes: 3aacac02f385 ("USB: serial: f81534: add high baud rate support")
Cc: stable@vger.kernel.org # 4.16
Cc: Ji-Ze Hong (Peter Hong) <hpeter@gmail.com>
Reviewed-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Johan Hovold <johan@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/usb/serial/f81534.c | 12 +++++++-----
1 file changed, 7 insertions(+), 5 deletions(-)
--- a/drivers/usb/serial/f81534.c
+++ b/drivers/usb/serial/f81534.c
@@ -538,9 +538,6 @@ static int f81534_submit_writer(struct u
static u32 f81534_calc_baud_divisor(u32 baudrate, u32 clockrate)
{
- if (!baudrate)
- return 0;
-
/* Round to nearest divisor */
return DIV_ROUND_CLOSEST(clockrate, baudrate);
}
@@ -570,9 +567,14 @@ static int f81534_set_port_config(struct
u32 baud_list[] = {baudrate, old_baudrate, F81534_DEFAULT_BAUD_RATE};
for (i = 0; i < ARRAY_SIZE(baud_list); ++i) {
- idx = f81534_find_clk(baud_list[i]);
+ baudrate = baud_list[i];
+ if (baudrate == 0) {
+ tty_encode_baud_rate(tty, 0, 0);
+ return 0;
+ }
+
+ idx = f81534_find_clk(baudrate);
if (idx >= 0) {
- baudrate = baud_list[i];
tty_encode_baud_rate(tty, baudrate, baudrate);
break;
}
^ permalink raw reply [flat|nested] 529+ messages in thread
* [PATCH 4.19 019/521] igb: Initialize mailbox message for VF reset
2023-01-16 15:44 [PATCH 4.19 000/521] 4.19.270-rc1 review Greg Kroah-Hartman
` (17 preceding siblings ...)
2023-01-16 15:44 ` [PATCH 4.19 018/521] USB: serial: f81534: fix division by zero on line-speed change Greg Kroah-Hartman
@ 2023-01-16 15:44 ` Greg Kroah-Hartman
2023-01-16 15:44 ` [PATCH 4.19 020/521] Bluetooth: L2CAP: Fix u8 overflow Greg Kroah-Hartman
` (505 subsequent siblings)
524 siblings, 0 replies; 529+ messages in thread
From: Greg Kroah-Hartman @ 2023-01-16 15:44 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Akihiko Odaki, Tony Nguyen,
Leon Romanovsky, Jakub Kicinski
From: Tony Nguyen <anthony.l.nguyen@intel.com>
commit de5dc44370fbd6b46bd7f1a1e00369be54a041c8 upstream.
When a MAC address is not assigned to the VF, that portion of the message
sent to the VF is not set. The memory, however, is allocated from the
stack meaning that information may be leaked to the VM. Initialize the
message buffer to 0 so that no information is passed to the VM in this
case.
Fixes: 6ddbc4cf1f4d ("igb: Indicate failure on vf reset for empty mac address")
Reported-by: Akihiko Odaki <akihiko.odaki@daynix.com>
Signed-off-by: Tony Nguyen <anthony.l.nguyen@intel.com>
Reviewed-by: Akihiko Odaki <akihiko.odaki@daynix.com>
Reviewed-by: Leon Romanovsky <leonro@nvidia.com>
Link: https://lore.kernel.org/r/20221212190031.3983342-1-anthony.l.nguyen@intel.com
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/net/ethernet/intel/igb/igb_main.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/drivers/net/ethernet/intel/igb/igb_main.c
+++ b/drivers/net/ethernet/intel/igb/igb_main.c
@@ -7165,7 +7165,7 @@ static void igb_vf_reset_msg(struct igb_
{
struct e1000_hw *hw = &adapter->hw;
unsigned char *vf_mac = adapter->vf_data[vf].vf_mac_addresses;
- u32 reg, msgbuf[3];
+ u32 reg, msgbuf[3] = {};
u8 *addr = (u8 *)(&msgbuf[1]);
/* process all the same items cleared in a function level reset */
^ permalink raw reply [flat|nested] 529+ messages in thread
* [PATCH 4.19 020/521] Bluetooth: L2CAP: Fix u8 overflow
2023-01-16 15:44 [PATCH 4.19 000/521] 4.19.270-rc1 review Greg Kroah-Hartman
` (18 preceding siblings ...)
2023-01-16 15:44 ` [PATCH 4.19 019/521] igb: Initialize mailbox message for VF reset Greg Kroah-Hartman
@ 2023-01-16 15:44 ` Greg Kroah-Hartman
2023-01-16 15:44 ` [PATCH 4.19 021/521] net: loopback: use NET_NAME_PREDICTABLE for name_assign_type Greg Kroah-Hartman
` (504 subsequent siblings)
524 siblings, 0 replies; 529+ messages in thread
From: Greg Kroah-Hartman @ 2023-01-16 15:44 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Sungwoo Kim, Luiz Augusto von Dentz,
Sasha Levin
From: Sungwoo Kim <iam@sung-woo.kim>
[ Upstream commit bcd70260ef56e0aee8a4fc6cd214a419900b0765 ]
By keep sending L2CAP_CONF_REQ packets, chan->num_conf_rsp increases
multiple times and eventually it will wrap around the maximum number
(i.e., 255).
This patch prevents this by adding a boundary check with
L2CAP_MAX_CONF_RSP
Btmon log:
Bluetooth monitor ver 5.64
= Note: Linux version 6.1.0-rc2 (x86_64) 0.264594
= Note: Bluetooth subsystem version 2.22 0.264636
@ MGMT Open: btmon (privileged) version 1.22 {0x0001} 0.272191
= New Index: 00:00:00:00:00:00 (Primary,Virtual,hci0) [hci0] 13.877604
@ RAW Open: 9496 (privileged) version 2.22 {0x0002} 13.890741
= Open Index: 00:00:00:00:00:00 [hci0] 13.900426
(...)
> ACL Data RX: Handle 200 flags 0x00 dlen 1033 #32 [hci0] 14.273106
invalid packet size (12 != 1033)
08 00 01 00 02 01 04 00 01 10 ff ff ............
> ACL Data RX: Handle 200 flags 0x00 dlen 1547 #33 [hci0] 14.273561
invalid packet size (14 != 1547)
0a 00 01 00 04 01 06 00 40 00 00 00 00 00 ........@.....
> ACL Data RX: Handle 200 flags 0x00 dlen 2061 #34 [hci0] 14.274390
invalid packet size (16 != 2061)
0c 00 01 00 04 01 08 00 40 00 00 00 00 00 00 04 ........@.......
> ACL Data RX: Handle 200 flags 0x00 dlen 2061 #35 [hci0] 14.274932
invalid packet size (16 != 2061)
0c 00 01 00 04 01 08 00 40 00 00 00 07 00 03 00 ........@.......
= bluetoothd: Bluetooth daemon 5.43 14.401828
> ACL Data RX: Handle 200 flags 0x00 dlen 1033 #36 [hci0] 14.275753
invalid packet size (12 != 1033)
08 00 01 00 04 01 04 00 40 00 00 00 ........@...
Signed-off-by: Sungwoo Kim <iam@sung-woo.kim>
Signed-off-by: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
net/bluetooth/l2cap_core.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/net/bluetooth/l2cap_core.c b/net/bluetooth/l2cap_core.c
index fd6cd47a6c5a..fd95631205a6 100644
--- a/net/bluetooth/l2cap_core.c
+++ b/net/bluetooth/l2cap_core.c
@@ -4193,7 +4193,8 @@ static inline int l2cap_config_req(struct l2cap_conn *conn,
chan->ident = cmd->ident;
l2cap_send_cmd(conn, cmd->ident, L2CAP_CONF_RSP, len, rsp);
- chan->num_conf_rsp++;
+ if (chan->num_conf_rsp < L2CAP_CONF_MAX_CONF_RSP)
+ chan->num_conf_rsp++;
/* Reset config buffer. */
chan->conf_len = 0;
--
2.35.1
^ permalink raw reply related [flat|nested] 529+ messages in thread
* [PATCH 4.19 021/521] net: loopback: use NET_NAME_PREDICTABLE for name_assign_type
2023-01-16 15:44 [PATCH 4.19 000/521] 4.19.270-rc1 review Greg Kroah-Hartman
` (19 preceding siblings ...)
2023-01-16 15:44 ` [PATCH 4.19 020/521] Bluetooth: L2CAP: Fix u8 overflow Greg Kroah-Hartman
@ 2023-01-16 15:44 ` Greg Kroah-Hartman
2023-01-16 15:44 ` [PATCH 4.19 022/521] usb: musb: remove extra check in musb_gadget_vbus_draw Greg Kroah-Hartman
` (503 subsequent siblings)
524 siblings, 0 replies; 529+ messages in thread
From: Greg Kroah-Hartman @ 2023-01-16 15:44 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Rasmus Villemoes, Jacob Keller,
David S. Miller, Sasha Levin
From: Rasmus Villemoes <linux@rasmusvillemoes.dk>
[ Upstream commit 31d929de5a112ee1b977a89c57de74710894bbbf ]
When the name_assign_type attribute was introduced (commit
685343fc3ba6, "net: add name_assign_type netdev attribute"), the
loopback device was explicitly mentioned as one which would make use
of NET_NAME_PREDICTABLE:
The name_assign_type attribute gives hints where the interface name of a
given net-device comes from. These values are currently defined:
...
NET_NAME_PREDICTABLE:
The ifname has been assigned by the kernel in a predictable way
that is guaranteed to avoid reuse and always be the same for a
given device. Examples include statically created devices like
the loopback device [...]
Switch to that so that reading /sys/class/net/lo/name_assign_type
produces something sensible instead of returning -EINVAL.
Signed-off-by: Rasmus Villemoes <linux@rasmusvillemoes.dk>
Reviewed-by: Jacob Keller <jacob.e.keller@intel.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/loopback.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/net/loopback.c b/drivers/net/loopback.c
index d192936b76cf..7863918592db 100644
--- a/drivers/net/loopback.c
+++ b/drivers/net/loopback.c
@@ -210,7 +210,7 @@ static __net_init int loopback_net_init(struct net *net)
int err;
err = -ENOMEM;
- dev = alloc_netdev(0, "lo", NET_NAME_UNKNOWN, loopback_setup);
+ dev = alloc_netdev(0, "lo", NET_NAME_PREDICTABLE, loopback_setup);
if (!dev)
goto out;
--
2.35.1
^ permalink raw reply related [flat|nested] 529+ messages in thread
* [PATCH 4.19 022/521] usb: musb: remove extra check in musb_gadget_vbus_draw
2023-01-16 15:44 [PATCH 4.19 000/521] 4.19.270-rc1 review Greg Kroah-Hartman
` (20 preceding siblings ...)
2023-01-16 15:44 ` [PATCH 4.19 021/521] net: loopback: use NET_NAME_PREDICTABLE for name_assign_type Greg Kroah-Hartman
@ 2023-01-16 15:44 ` Greg Kroah-Hartman
2023-01-16 15:44 ` [PATCH 4.19 023/521] ARM: dts: qcom: apq8064: fix coresight compatible Greg Kroah-Hartman
` (502 subsequent siblings)
524 siblings, 0 replies; 529+ messages in thread
From: Greg Kroah-Hartman @ 2023-01-16 15:44 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, stable, Ivaylo Dimitrov, Sasha Levin
From: Ivaylo Dimitrov <ivo.g.dimitrov.75@gmail.com>
[ Upstream commit ecec4b20d29c3d6922dafe7d2555254a454272d2 ]
The checks for musb->xceiv and musb->xceiv->set_power duplicate those in
usb_phy_set_power(), so there is no need of them. Moreover, not calling
usb_phy_set_power() results in usb_phy_set_charger_current() not being
called, so current USB config max current is not propagated through USB
charger framework and charger drivers may try to draw more current than
allowed or possible.
Fix that by removing those extra checks and calling usb_phy_set_power()
directly.
Tested on Motorola Droid4 and Nokia N900
Fixes: a9081a008f84 ("usb: phy: Add USB charger support")
Cc: stable <stable@kernel.org>
Signed-off-by: Ivaylo Dimitrov <ivo.g.dimitrov.75@gmail.com>
Link: https://lore.kernel.org/r/1669400475-4762-1-git-send-email-ivo.g.dimitrov.75@gmail.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/usb/musb/musb_gadget.c | 2 --
1 file changed, 2 deletions(-)
diff --git a/drivers/usb/musb/musb_gadget.c b/drivers/usb/musb/musb_gadget.c
index 8e83995fc3bd..b8fc818c154a 100644
--- a/drivers/usb/musb/musb_gadget.c
+++ b/drivers/usb/musb/musb_gadget.c
@@ -1629,8 +1629,6 @@ static int musb_gadget_vbus_draw(struct usb_gadget *gadget, unsigned mA)
{
struct musb *musb = gadget_to_musb(gadget);
- if (!musb->xceiv->set_power)
- return -EOPNOTSUPP;
return usb_phy_set_power(musb->xceiv, mA);
}
--
2.35.1
^ permalink raw reply related [flat|nested] 529+ messages in thread
* [PATCH 4.19 023/521] ARM: dts: qcom: apq8064: fix coresight compatible
2023-01-16 15:44 [PATCH 4.19 000/521] 4.19.270-rc1 review Greg Kroah-Hartman
` (21 preceding siblings ...)
2023-01-16 15:44 ` [PATCH 4.19 022/521] usb: musb: remove extra check in musb_gadget_vbus_draw Greg Kroah-Hartman
@ 2023-01-16 15:44 ` Greg Kroah-Hartman
2023-01-16 15:44 ` [PATCH 4.19 024/521] drivers: soc: ti: knav_qmss_queue: Mark knav_acc_firmwares as static Greg Kroah-Hartman
` (501 subsequent siblings)
524 siblings, 0 replies; 529+ messages in thread
From: Greg Kroah-Hartman @ 2023-01-16 15:44 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Luca Weiss, Krzysztof Kozlowski,
Konrad Dybcio, Bjorn Andersson, Sasha Levin
From: Luca Weiss <luca@z3ntu.xyz>
[ Upstream commit a42b1ee868361f1cb0492f1bdaefb43e0751e468 ]
There's a typo missing the arm, prefix of arm,coresight-etb10. Fix it to
make devicetree validation happier.
Signed-off-by: Luca Weiss <luca@z3ntu.xyz>
Fixes: 7a5c275fd821 ("ARM: dts: qcom: Add apq8064 CoreSight components")
Reviewed-by: Krzysztof Kozlowski <krzysztof.kozlowski@linaro.org>
Reviewed-by: Konrad Dybcio <konrad.dybcio@somainline.org>
Signed-off-by: Bjorn Andersson <andersson@kernel.org>
Link: https://lore.kernel.org/r/20221013190657.48499-3-luca@z3ntu.xyz
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/arm/boot/dts/qcom-apq8064.dtsi | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/arch/arm/boot/dts/qcom-apq8064.dtsi b/arch/arm/boot/dts/qcom-apq8064.dtsi
index 00daa844bf8c..3b9d70eadeb9 100644
--- a/arch/arm/boot/dts/qcom-apq8064.dtsi
+++ b/arch/arm/boot/dts/qcom-apq8064.dtsi
@@ -1604,7 +1604,7 @@ wifi {
};
etb@1a01000 {
- compatible = "coresight-etb10", "arm,primecell";
+ compatible = "arm,coresight-etb10", "arm,primecell";
reg = <0x1a01000 0x1000>;
clocks = <&rpmcc RPM_QDSS_CLK>;
--
2.35.1
^ permalink raw reply related [flat|nested] 529+ messages in thread
* [PATCH 4.19 024/521] drivers: soc: ti: knav_qmss_queue: Mark knav_acc_firmwares as static
2023-01-16 15:44 [PATCH 4.19 000/521] 4.19.270-rc1 review Greg Kroah-Hartman
` (22 preceding siblings ...)
2023-01-16 15:44 ` [PATCH 4.19 023/521] ARM: dts: qcom: apq8064: fix coresight compatible Greg Kroah-Hartman
@ 2023-01-16 15:44 ` Greg Kroah-Hartman
2023-01-16 15:44 ` [PATCH 4.19 025/521] arm: dts: spear600: Fix clcd interrupt Greg Kroah-Hartman
` (500 subsequent siblings)
524 siblings, 0 replies; 529+ messages in thread
From: Greg Kroah-Hartman @ 2023-01-16 15:44 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Chen Jiahao, Nishanth Menon, Sasha Levin
From: Chen Jiahao <chenjiahao16@huawei.com>
[ Upstream commit adf85adc2a7199b41e7a4da083bd17274a3d6969 ]
There is a sparse warning shown below:
drivers/soc/ti/knav_qmss_queue.c:70:12: warning: symbol
'knav_acc_firmwares' was not declared. Should it be static?
Since 'knav_acc_firmwares' is only called within knav_qmss_queue.c,
mark it as static to fix the warning.
Fixes: 96ee19becc3b ("soc: ti: add firmware file name as part of the driver")
Signed-off-by: Chen Jiahao <chenjiahao16@huawei.com>
Signed-off-by: Nishanth Menon <nm@ti.com>
Link: https://lore.kernel.org/r/20221019153212.72350-1-chenjiahao16@huawei.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/soc/ti/knav_qmss_queue.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/soc/ti/knav_qmss_queue.c b/drivers/soc/ti/knav_qmss_queue.c
index 9f5ce52e6c16..b264c36b2c0e 100644
--- a/drivers/soc/ti/knav_qmss_queue.c
+++ b/drivers/soc/ti/knav_qmss_queue.c
@@ -72,7 +72,7 @@ static DEFINE_MUTEX(knav_dev_lock);
* Newest followed by older ones. Search is done from start of the array
* until a firmware file is found.
*/
-const char *knav_acc_firmwares[] = {"ks2_qmss_pdsp_acc48.bin"};
+static const char * const knav_acc_firmwares[] = {"ks2_qmss_pdsp_acc48.bin"};
static bool device_ready;
bool knav_qmss_device_ready(void)
--
2.35.1
^ permalink raw reply related [flat|nested] 529+ messages in thread
* [PATCH 4.19 025/521] arm: dts: spear600: Fix clcd interrupt
2023-01-16 15:44 [PATCH 4.19 000/521] 4.19.270-rc1 review Greg Kroah-Hartman
` (23 preceding siblings ...)
2023-01-16 15:44 ` [PATCH 4.19 024/521] drivers: soc: ti: knav_qmss_queue: Mark knav_acc_firmwares as static Greg Kroah-Hartman
@ 2023-01-16 15:44 ` Greg Kroah-Hartman
2023-01-16 15:44 ` [PATCH 4.19 026/521] soc: ti: smartreflex: Fix PM disable depth imbalance in omap_sr_probe Greg Kroah-Hartman
` (499 subsequent siblings)
524 siblings, 0 replies; 529+ messages in thread
From: Greg Kroah-Hartman @ 2023-01-16 15:44 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Kory Maincent, Viresh Kumar,
Arnd Bergmann, Sasha Levin
From: Kory Maincent <kory.maincent@bootlin.com>
[ Upstream commit 0336e2ce34e7a89832b6c214f924eb7bc58940be ]
Interrupt 12 of the Interrupt controller belongs to the SMI controller,
the right one for the display controller is the interrupt 13.
Fixes: 8113ba917dfa ("ARM: SPEAr: DT: Update device nodes")
Signed-off-by: Kory Maincent <kory.maincent@bootlin.com>
Acked-by: Viresh Kumar <viresh.kumar@linaro.org>
Signed-off-by: Arnd Bergmann <arnd@arndb.de>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/arm/boot/dts/spear600.dtsi | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/arch/arm/boot/dts/spear600.dtsi b/arch/arm/boot/dts/spear600.dtsi
index 00166eb9be86..ca07e73e1f27 100644
--- a/arch/arm/boot/dts/spear600.dtsi
+++ b/arch/arm/boot/dts/spear600.dtsi
@@ -53,7 +53,7 @@ clcd: clcd@fc200000 {
compatible = "arm,pl110", "arm,primecell";
reg = <0xfc200000 0x1000>;
interrupt-parent = <&vic1>;
- interrupts = <12>;
+ interrupts = <13>;
status = "disabled";
};
--
2.35.1
^ permalink raw reply related [flat|nested] 529+ messages in thread
* [PATCH 4.19 026/521] soc: ti: smartreflex: Fix PM disable depth imbalance in omap_sr_probe
2023-01-16 15:44 [PATCH 4.19 000/521] 4.19.270-rc1 review Greg Kroah-Hartman
` (24 preceding siblings ...)
2023-01-16 15:44 ` [PATCH 4.19 025/521] arm: dts: spear600: Fix clcd interrupt Greg Kroah-Hartman
@ 2023-01-16 15:44 ` Greg Kroah-Hartman
2023-01-16 15:44 ` [PATCH 4.19 027/521] perf: arm_dsu: Fix hotplug callback leak in dsu_pmu_init() Greg Kroah-Hartman
` (498 subsequent siblings)
524 siblings, 0 replies; 529+ messages in thread
From: Greg Kroah-Hartman @ 2023-01-16 15:44 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Zhang Qilong, Nishanth Menon, Sasha Levin
From: Zhang Qilong <zhangqilong3@huawei.com>
[ Upstream commit 69460e68eb662064ab4188d4e129ff31c1f23ed9 ]
The pm_runtime_enable will increase power disable depth. Thus
a pairing decrement is needed on the error handling path to
keep it balanced according to context.
Fixes: 984aa6dbf4ca ("OMAP3: PM: Adding smartreflex driver support.")
Signed-off-by: Zhang Qilong <zhangqilong3@huawei.com>
Signed-off-by: Nishanth Menon <nm@ti.com>
Link: https://lore.kernel.org/r/20221108080322.52268-3-zhangqilong3@huawei.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/power/avs/smartreflex.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/drivers/power/avs/smartreflex.c b/drivers/power/avs/smartreflex.c
index 8760477d0e8a..5ac122cd25b8 100644
--- a/drivers/power/avs/smartreflex.c
+++ b/drivers/power/avs/smartreflex.c
@@ -984,6 +984,7 @@ static int omap_sr_probe(struct platform_device *pdev)
err_debugfs:
debugfs_remove_recursive(sr_info->dbg_dir);
err_list_del:
+ pm_runtime_disable(&pdev->dev);
list_del(&sr_info->node);
pm_runtime_put_sync(&pdev->dev);
--
2.35.1
^ permalink raw reply related [flat|nested] 529+ messages in thread
* [PATCH 4.19 027/521] perf: arm_dsu: Fix hotplug callback leak in dsu_pmu_init()
2023-01-16 15:44 [PATCH 4.19 000/521] 4.19.270-rc1 review Greg Kroah-Hartman
` (25 preceding siblings ...)
2023-01-16 15:44 ` [PATCH 4.19 026/521] soc: ti: smartreflex: Fix PM disable depth imbalance in omap_sr_probe Greg Kroah-Hartman
@ 2023-01-16 15:44 ` Greg Kroah-Hartman
2023-01-16 15:44 ` [PATCH 4.19 028/521] arm64: dts: mt2712e: Fix unit_address_vs_reg warning for oscillators Greg Kroah-Hartman
` (497 subsequent siblings)
524 siblings, 0 replies; 529+ messages in thread
From: Greg Kroah-Hartman @ 2023-01-16 15:44 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Yuan Can, Suzuki K Poulose,
Will Deacon, Sasha Levin
From: Yuan Can <yuancan@huawei.com>
[ Upstream commit facafab7611f7b872c6b9eeaff53461ef11f482e ]
dsu_pmu_init() won't remove the callback added by cpuhp_setup_state_multi()
when platform_driver_register() failed. Remove the callback by
cpuhp_remove_multi_state() in fail path.
Similar to the handling of arm_ccn_init() in commit 26242b330093 ("bus:
arm-ccn: Prevent hotplug callback leak")
Fixes: 7520fa99246d ("perf: ARM DynamIQ Shared Unit PMU support")
Signed-off-by: Yuan Can <yuancan@huawei.com>
Acked-by: Suzuki K Poulose <suzuki.poulose@arm.com>
Link: https://lore.kernel.org/r/20221115070207.32634-2-yuancan@huawei.com
Signed-off-by: Will Deacon <will@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/perf/arm_dsu_pmu.c | 6 +++++-
1 file changed, 5 insertions(+), 1 deletion(-)
diff --git a/drivers/perf/arm_dsu_pmu.c b/drivers/perf/arm_dsu_pmu.c
index 660cb8ac886a..961533ba33e7 100644
--- a/drivers/perf/arm_dsu_pmu.c
+++ b/drivers/perf/arm_dsu_pmu.c
@@ -823,7 +823,11 @@ static int __init dsu_pmu_init(void)
if (ret < 0)
return ret;
dsu_pmu_cpuhp_state = ret;
- return platform_driver_register(&dsu_pmu_driver);
+ ret = platform_driver_register(&dsu_pmu_driver);
+ if (ret)
+ cpuhp_remove_multi_state(dsu_pmu_cpuhp_state);
+
+ return ret;
}
static void __exit dsu_pmu_exit(void)
--
2.35.1
^ permalink raw reply related [flat|nested] 529+ messages in thread
* [PATCH 4.19 028/521] arm64: dts: mt2712e: Fix unit_address_vs_reg warning for oscillators
2023-01-16 15:44 [PATCH 4.19 000/521] 4.19.270-rc1 review Greg Kroah-Hartman
` (26 preceding siblings ...)
2023-01-16 15:44 ` [PATCH 4.19 027/521] perf: arm_dsu: Fix hotplug callback leak in dsu_pmu_init() Greg Kroah-Hartman
@ 2023-01-16 15:44 ` Greg Kroah-Hartman
2023-01-16 15:44 ` [PATCH 4.19 029/521] arm64: dts: mt2712e: Fix unit address for pinctrl node Greg Kroah-Hartman
` (496 subsequent siblings)
524 siblings, 0 replies; 529+ messages in thread
From: Greg Kroah-Hartman @ 2023-01-16 15:44 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, AngeloGioacchino Del Regno,
Matthias Brugger, Sasha Levin
From: AngeloGioacchino Del Regno <angelogioacchino.delregno@collabora.com>
[ Upstream commit e4495a0a8b3d84816c9a46edf3ce060bbf267475 ]
Rename the fixed-clock oscillators to remove the unit address.
This solves unit_address_vs_reg warnings.
Fixes: 5d4839709c8e ("arm64: dts: mt2712: Add clock controller device nodes")
Signed-off-by: AngeloGioacchino Del Regno <angelogioacchino.delregno@collabora.com>
Link: https://lore.kernel.org/r/20221013152212.416661-4-angelogioacchino.delregno@collabora.com
Signed-off-by: Matthias Brugger <matthias.bgg@gmail.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/arm64/boot/dts/mediatek/mt2712e.dtsi | 20 ++++++++++----------
1 file changed, 10 insertions(+), 10 deletions(-)
diff --git a/arch/arm64/boot/dts/mediatek/mt2712e.dtsi b/arch/arm64/boot/dts/mediatek/mt2712e.dtsi
index 75cc0f7cc088..b002bfd85be0 100644
--- a/arch/arm64/boot/dts/mediatek/mt2712e.dtsi
+++ b/arch/arm64/boot/dts/mediatek/mt2712e.dtsi
@@ -158,70 +158,70 @@ sys_clk: dummyclk {
#clock-cells = <0>;
};
- clk26m: oscillator@0 {
+ clk26m: oscillator-26m {
compatible = "fixed-clock";
#clock-cells = <0>;
clock-frequency = <26000000>;
clock-output-names = "clk26m";
};
- clk32k: oscillator@1 {
+ clk32k: oscillator-32k {
compatible = "fixed-clock";
#clock-cells = <0>;
clock-frequency = <32768>;
clock-output-names = "clk32k";
};
- clkfpc: oscillator@2 {
+ clkfpc: oscillator-50m {
compatible = "fixed-clock";
#clock-cells = <0>;
clock-frequency = <50000000>;
clock-output-names = "clkfpc";
};
- clkaud_ext_i_0: oscillator@3 {
+ clkaud_ext_i_0: oscillator-aud0 {
compatible = "fixed-clock";
#clock-cells = <0>;
clock-frequency = <6500000>;
clock-output-names = "clkaud_ext_i_0";
};
- clkaud_ext_i_1: oscillator@4 {
+ clkaud_ext_i_1: oscillator-aud1 {
compatible = "fixed-clock";
#clock-cells = <0>;
clock-frequency = <196608000>;
clock-output-names = "clkaud_ext_i_1";
};
- clkaud_ext_i_2: oscillator@5 {
+ clkaud_ext_i_2: oscillator-aud2 {
compatible = "fixed-clock";
#clock-cells = <0>;
clock-frequency = <180633600>;
clock-output-names = "clkaud_ext_i_2";
};
- clki2si0_mck_i: oscillator@6 {
+ clki2si0_mck_i: oscillator-i2s0 {
compatible = "fixed-clock";
#clock-cells = <0>;
clock-frequency = <30000000>;
clock-output-names = "clki2si0_mck_i";
};
- clki2si1_mck_i: oscillator@7 {
+ clki2si1_mck_i: oscillator-i2s1 {
compatible = "fixed-clock";
#clock-cells = <0>;
clock-frequency = <30000000>;
clock-output-names = "clki2si1_mck_i";
};
- clki2si2_mck_i: oscillator@8 {
+ clki2si2_mck_i: oscillator-i2s2 {
compatible = "fixed-clock";
#clock-cells = <0>;
clock-frequency = <30000000>;
clock-output-names = "clki2si2_mck_i";
};
- clktdmin_mclk_i: oscillator@9 {
+ clktdmin_mclk_i: oscillator-mclk {
compatible = "fixed-clock";
#clock-cells = <0>;
clock-frequency = <30000000>;
--
2.35.1
^ permalink raw reply related [flat|nested] 529+ messages in thread
* [PATCH 4.19 029/521] arm64: dts: mt2712e: Fix unit address for pinctrl node
2023-01-16 15:44 [PATCH 4.19 000/521] 4.19.270-rc1 review Greg Kroah-Hartman
` (27 preceding siblings ...)
2023-01-16 15:44 ` [PATCH 4.19 028/521] arm64: dts: mt2712e: Fix unit_address_vs_reg warning for oscillators Greg Kroah-Hartman
@ 2023-01-16 15:44 ` Greg Kroah-Hartman
2023-01-16 15:44 ` [PATCH 4.19 030/521] arm64: dts: mt2712-evb: Fix vproc fixed regulators unit names Greg Kroah-Hartman
` (495 subsequent siblings)
524 siblings, 0 replies; 529+ messages in thread
From: Greg Kroah-Hartman @ 2023-01-16 15:44 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, AngeloGioacchino Del Regno,
Matthias Brugger, Sasha Levin
From: AngeloGioacchino Del Regno <angelogioacchino.delregno@collabora.com>
[ Upstream commit 1d4516f53a611b362db7ba7a8889923d469f57e1 ]
The unit address for the pinctrl node is (0x)1000b000 and not
(0x)10005000, which is the syscfg_pctl_a address instead.
This fixes the following warning:
arch/arm64/boot/dts/mediatek/mt2712e.dtsi:264.40-267.4: Warning
(unique_unit_address): /syscfg_pctl_a@10005000: duplicate
unit-address (also used in node /pinctrl@10005000)
Fixes: f0c64340b748 ("arm64: dts: mt2712: add pintcrl device node.")
Signed-off-by: AngeloGioacchino Del Regno <angelogioacchino.delregno@collabora.com>
Link: https://lore.kernel.org/r/20221013152212.416661-5-angelogioacchino.delregno@collabora.com
Signed-off-by: Matthias Brugger <matthias.bgg@gmail.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/arm64/boot/dts/mediatek/mt2712e.dtsi | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/arch/arm64/boot/dts/mediatek/mt2712e.dtsi b/arch/arm64/boot/dts/mediatek/mt2712e.dtsi
index b002bfd85be0..9acbd82fb44b 100644
--- a/arch/arm64/boot/dts/mediatek/mt2712e.dtsi
+++ b/arch/arm64/boot/dts/mediatek/mt2712e.dtsi
@@ -264,7 +264,7 @@ syscfg_pctl_a: syscfg_pctl_a@10005000 {
reg = <0 0x10005000 0 0x1000>;
};
- pio: pinctrl@10005000 {
+ pio: pinctrl@1000b000 {
compatible = "mediatek,mt2712-pinctrl";
reg = <0 0x1000b000 0 0x1000>;
mediatek,pctl-regmap = <&syscfg_pctl_a>;
--
2.35.1
^ permalink raw reply related [flat|nested] 529+ messages in thread
* [PATCH 4.19 030/521] arm64: dts: mt2712-evb: Fix vproc fixed regulators unit names
2023-01-16 15:44 [PATCH 4.19 000/521] 4.19.270-rc1 review Greg Kroah-Hartman
` (28 preceding siblings ...)
2023-01-16 15:44 ` [PATCH 4.19 029/521] arm64: dts: mt2712e: Fix unit address for pinctrl node Greg Kroah-Hartman
@ 2023-01-16 15:44 ` Greg Kroah-Hartman
2023-01-16 15:44 ` [PATCH 4.19 031/521] arm64: dts: mediatek: mt6797: Fix 26M oscillator unit name Greg Kroah-Hartman
` (494 subsequent siblings)
524 siblings, 0 replies; 529+ messages in thread
From: Greg Kroah-Hartman @ 2023-01-16 15:44 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, AngeloGioacchino Del Regno,
Matthias Brugger, Sasha Levin
From: AngeloGioacchino Del Regno <angelogioacchino.delregno@collabora.com>
[ Upstream commit 377063156893bf6c088309ac799fe5c6dce2822d ]
Update the names to regulator-vproc-buck{0,1} to fix unit_addres_vs_reg
warnings for those.
Fixes: f75dd8bdd344 ("arm64: dts: mediatek: add mt2712 cpufreq related device nodes")
Signed-off-by: AngeloGioacchino Del Regno <angelogioacchino.delregno@collabora.com>
Link: https://lore.kernel.org/r/20221013152212.416661-6-angelogioacchino.delregno@collabora.com
Signed-off-by: Matthias Brugger <matthias.bgg@gmail.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/arm64/boot/dts/mediatek/mt2712-evb.dts | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/arch/arm64/boot/dts/mediatek/mt2712-evb.dts b/arch/arm64/boot/dts/mediatek/mt2712-evb.dts
index 4ce9d6ca0bf7..424c22a266c4 100644
--- a/arch/arm64/boot/dts/mediatek/mt2712-evb.dts
+++ b/arch/arm64/boot/dts/mediatek/mt2712-evb.dts
@@ -25,14 +25,14 @@ chosen {
stdout-path = "serial0:921600n8";
};
- cpus_fixed_vproc0: fixedregulator@0 {
+ cpus_fixed_vproc0: regulator-vproc-buck0 {
compatible = "regulator-fixed";
regulator-name = "vproc_buck0";
regulator-min-microvolt = <1000000>;
regulator-max-microvolt = <1000000>;
};
- cpus_fixed_vproc1: fixedregulator@1 {
+ cpus_fixed_vproc1: regulator-vproc-buck1 {
compatible = "regulator-fixed";
regulator-name = "vproc_buck1";
regulator-min-microvolt = <1000000>;
--
2.35.1
^ permalink raw reply related [flat|nested] 529+ messages in thread
* [PATCH 4.19 031/521] arm64: dts: mediatek: mt6797: Fix 26M oscillator unit name
2023-01-16 15:44 [PATCH 4.19 000/521] 4.19.270-rc1 review Greg Kroah-Hartman
` (29 preceding siblings ...)
2023-01-16 15:44 ` [PATCH 4.19 030/521] arm64: dts: mt2712-evb: Fix vproc fixed regulators unit names Greg Kroah-Hartman
@ 2023-01-16 15:44 ` Greg Kroah-Hartman
2023-01-16 15:44 ` [PATCH 4.19 032/521] ARM: dts: dove: Fix assigned-addresses for every PCIe Root Port Greg Kroah-Hartman
` (493 subsequent siblings)
524 siblings, 0 replies; 529+ messages in thread
From: Greg Kroah-Hartman @ 2023-01-16 15:44 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, AngeloGioacchino Del Regno,
Matthias Brugger, Sasha Levin
From: AngeloGioacchino Del Regno <angelogioacchino.delregno@collabora.com>
[ Upstream commit 5f535cc583759c9c60d4cc9b8d221762e2d75387 ]
Update its unit name to oscillator-26m and remove the unneeded unit
address to fix a unit_address_vs_reg warning.
Fixes: 464c510f60c6 ("arm64: dts: mediatek: add mt6797 support")
Signed-off-by: AngeloGioacchino Del Regno <angelogioacchino.delregno@collabora.com>
Link: https://lore.kernel.org/r/20221013152212.416661-9-angelogioacchino.delregno@collabora.com
Signed-off-by: Matthias Brugger <matthias.bgg@gmail.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/arm64/boot/dts/mediatek/mt6797.dtsi | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/arch/arm64/boot/dts/mediatek/mt6797.dtsi b/arch/arm64/boot/dts/mediatek/mt6797.dtsi
index 4beaa71107d7..ebe1b5343966 100644
--- a/arch/arm64/boot/dts/mediatek/mt6797.dtsi
+++ b/arch/arm64/boot/dts/mediatek/mt6797.dtsi
@@ -101,7 +101,7 @@ cpu9: cpu@201 {
};
};
- clk26m: oscillator@0 {
+ clk26m: oscillator-26m {
compatible = "fixed-clock";
#clock-cells = <0>;
clock-frequency = <26000000>;
--
2.35.1
^ permalink raw reply related [flat|nested] 529+ messages in thread
* [PATCH 4.19 032/521] ARM: dts: dove: Fix assigned-addresses for every PCIe Root Port
2023-01-16 15:44 [PATCH 4.19 000/521] 4.19.270-rc1 review Greg Kroah-Hartman
` (30 preceding siblings ...)
2023-01-16 15:44 ` [PATCH 4.19 031/521] arm64: dts: mediatek: mt6797: Fix 26M oscillator unit name Greg Kroah-Hartman
@ 2023-01-16 15:44 ` Greg Kroah-Hartman
2023-01-16 15:44 ` [PATCH 4.19 033/521] ARM: dts: armada-370: " Greg Kroah-Hartman
` (492 subsequent siblings)
524 siblings, 0 replies; 529+ messages in thread
From: Greg Kroah-Hartman @ 2023-01-16 15:44 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Pali Rohár, Gregory CLEMENT,
Sasha Levin
From: Pali Rohár <pali@kernel.org>
[ Upstream commit dcc7d8c72b64a479b8017e4332d99179deb8802d ]
BDF of resource in DT assigned-addresses property of Marvell PCIe Root Port
(PCI-to-PCI bridge) should match BDF in address part in that DT node name
as specified resource belongs to Marvell PCIe Root Port itself.
Fixes: 74ecaa403a74 ("ARM: dove: add PCIe controllers to SoC DT")
Signed-off-by: Pali Rohár <pali@kernel.org>
Signed-off-by: Gregory CLEMENT <gregory.clement@bootlin.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/arm/boot/dts/dove.dtsi | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/arch/arm/boot/dts/dove.dtsi b/arch/arm/boot/dts/dove.dtsi
index 250ad0535e8c..c677d1a74a90 100644
--- a/arch/arm/boot/dts/dove.dtsi
+++ b/arch/arm/boot/dts/dove.dtsi
@@ -129,7 +129,7 @@ pcie0: pcie@1 {
pcie1: pcie@2 {
device_type = "pci";
status = "disabled";
- assigned-addresses = <0x82002800 0 0x80000 0 0x2000>;
+ assigned-addresses = <0x82001000 0 0x80000 0 0x2000>;
reg = <0x1000 0 0 0 0>;
clocks = <&gate_clk 5>;
marvell,pcie-port = <1>;
--
2.35.1
^ permalink raw reply related [flat|nested] 529+ messages in thread
* [PATCH 4.19 033/521] ARM: dts: armada-370: Fix assigned-addresses for every PCIe Root Port
2023-01-16 15:44 [PATCH 4.19 000/521] 4.19.270-rc1 review Greg Kroah-Hartman
` (31 preceding siblings ...)
2023-01-16 15:44 ` [PATCH 4.19 032/521] ARM: dts: dove: Fix assigned-addresses for every PCIe Root Port Greg Kroah-Hartman
@ 2023-01-16 15:44 ` Greg Kroah-Hartman
2023-01-16 15:44 ` [PATCH 4.19 034/521] ARM: dts: armada-xp: " Greg Kroah-Hartman
` (491 subsequent siblings)
524 siblings, 0 replies; 529+ messages in thread
From: Greg Kroah-Hartman @ 2023-01-16 15:44 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Pali Rohár, Gregory CLEMENT,
Sasha Levin
From: Pali Rohár <pali@kernel.org>
[ Upstream commit d9208b0fa2e803d16b28d91bf1d46b7ee9ea13c6 ]
BDF of resource in DT assigned-addresses property of Marvell PCIe Root Port
(PCI-to-PCI bridge) should match BDF in address part in that DT node name
as specified resource belongs to Marvell PCIe Root Port itself.
Fixes: a09a0b7c6ff1 ("arm: mvebu: add PCIe Device Tree informations for Armada 370")
Signed-off-by: Pali Rohár <pali@kernel.org>
Signed-off-by: Gregory CLEMENT <gregory.clement@bootlin.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/arm/boot/dts/armada-370.dtsi | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/arch/arm/boot/dts/armada-370.dtsi b/arch/arm/boot/dts/armada-370.dtsi
index 46e6d3ed8f35..c042c416a94a 100644
--- a/arch/arm/boot/dts/armada-370.dtsi
+++ b/arch/arm/boot/dts/armada-370.dtsi
@@ -74,7 +74,7 @@ pcie0: pcie@1,0 {
pcie2: pcie@2,0 {
device_type = "pci";
- assigned-addresses = <0x82002800 0 0x80000 0 0x2000>;
+ assigned-addresses = <0x82001000 0 0x80000 0 0x2000>;
reg = <0x1000 0 0 0 0>;
#address-cells = <3>;
#size-cells = <2>;
--
2.35.1
^ permalink raw reply related [flat|nested] 529+ messages in thread
* [PATCH 4.19 034/521] ARM: dts: armada-xp: Fix assigned-addresses for every PCIe Root Port
2023-01-16 15:44 [PATCH 4.19 000/521] 4.19.270-rc1 review Greg Kroah-Hartman
` (32 preceding siblings ...)
2023-01-16 15:44 ` [PATCH 4.19 033/521] ARM: dts: armada-370: " Greg Kroah-Hartman
@ 2023-01-16 15:44 ` Greg Kroah-Hartman
2023-01-16 15:44 ` [PATCH 4.19 035/521] ARM: dts: armada-375: " Greg Kroah-Hartman
` (490 subsequent siblings)
524 siblings, 0 replies; 529+ messages in thread
From: Greg Kroah-Hartman @ 2023-01-16 15:44 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Pali Rohár, Gregory CLEMENT,
Sasha Levin
From: Pali Rohár <pali@kernel.org>
[ Upstream commit eab276787f456cbea89fabea110fe0728673d308 ]
BDF of resource in DT assigned-addresses property of Marvell PCIe Root Port
(PCI-to-PCI bridge) should match BDF in address part in that DT node name
as specified resource belongs to Marvell PCIe Root Port itself.
Fixes: 9d8f44f02d4a ("arm: mvebu: add PCIe Device Tree informations for Armada XP")
Fixes: 12b69a599745 ("ARM: mvebu: second PCIe unit of Armada XP mv78230 is only x1 capable")
Fixes: 2163e61c92d9 ("ARM: mvebu: fix second and third PCIe unit of Armada XP mv78260")
Signed-off-by: Pali Rohár <pali@kernel.org>
Signed-off-by: Gregory CLEMENT <gregory.clement@bootlin.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/arm/boot/dts/armada-xp-mv78230.dtsi | 8 ++++----
arch/arm/boot/dts/armada-xp-mv78260.dtsi | 16 ++++++++--------
2 files changed, 12 insertions(+), 12 deletions(-)
diff --git a/arch/arm/boot/dts/armada-xp-mv78230.dtsi b/arch/arm/boot/dts/armada-xp-mv78230.dtsi
index 8558bf6bb54c..d55fe162fc7f 100644
--- a/arch/arm/boot/dts/armada-xp-mv78230.dtsi
+++ b/arch/arm/boot/dts/armada-xp-mv78230.dtsi
@@ -97,7 +97,7 @@ pcie1: pcie@1,0 {
pcie2: pcie@2,0 {
device_type = "pci";
- assigned-addresses = <0x82000800 0 0x44000 0 0x2000>;
+ assigned-addresses = <0x82001000 0 0x44000 0 0x2000>;
reg = <0x1000 0 0 0 0>;
#address-cells = <3>;
#size-cells = <2>;
@@ -115,7 +115,7 @@ pcie2: pcie@2,0 {
pcie3: pcie@3,0 {
device_type = "pci";
- assigned-addresses = <0x82000800 0 0x48000 0 0x2000>;
+ assigned-addresses = <0x82001800 0 0x48000 0 0x2000>;
reg = <0x1800 0 0 0 0>;
#address-cells = <3>;
#size-cells = <2>;
@@ -133,7 +133,7 @@ pcie3: pcie@3,0 {
pcie4: pcie@4,0 {
device_type = "pci";
- assigned-addresses = <0x82000800 0 0x4c000 0 0x2000>;
+ assigned-addresses = <0x82002000 0 0x4c000 0 0x2000>;
reg = <0x2000 0 0 0 0>;
#address-cells = <3>;
#size-cells = <2>;
@@ -151,7 +151,7 @@ pcie4: pcie@4,0 {
pcie5: pcie@5,0 {
device_type = "pci";
- assigned-addresses = <0x82000800 0 0x80000 0 0x2000>;
+ assigned-addresses = <0x82002800 0 0x80000 0 0x2000>;
reg = <0x2800 0 0 0 0>;
#address-cells = <3>;
#size-cells = <2>;
diff --git a/arch/arm/boot/dts/armada-xp-mv78260.dtsi b/arch/arm/boot/dts/armada-xp-mv78260.dtsi
index 2d85fe8ac327..fdcc81819940 100644
--- a/arch/arm/boot/dts/armada-xp-mv78260.dtsi
+++ b/arch/arm/boot/dts/armada-xp-mv78260.dtsi
@@ -112,7 +112,7 @@ pcie1: pcie@1,0 {
pcie2: pcie@2,0 {
device_type = "pci";
- assigned-addresses = <0x82000800 0 0x44000 0 0x2000>;
+ assigned-addresses = <0x82001000 0 0x44000 0 0x2000>;
reg = <0x1000 0 0 0 0>;
#address-cells = <3>;
#size-cells = <2>;
@@ -130,7 +130,7 @@ pcie2: pcie@2,0 {
pcie3: pcie@3,0 {
device_type = "pci";
- assigned-addresses = <0x82000800 0 0x48000 0 0x2000>;
+ assigned-addresses = <0x82001800 0 0x48000 0 0x2000>;
reg = <0x1800 0 0 0 0>;
#address-cells = <3>;
#size-cells = <2>;
@@ -148,7 +148,7 @@ pcie3: pcie@3,0 {
pcie4: pcie@4,0 {
device_type = "pci";
- assigned-addresses = <0x82000800 0 0x4c000 0 0x2000>;
+ assigned-addresses = <0x82002000 0 0x4c000 0 0x2000>;
reg = <0x2000 0 0 0 0>;
#address-cells = <3>;
#size-cells = <2>;
@@ -166,7 +166,7 @@ pcie4: pcie@4,0 {
pcie5: pcie@5,0 {
device_type = "pci";
- assigned-addresses = <0x82000800 0 0x80000 0 0x2000>;
+ assigned-addresses = <0x82002800 0 0x80000 0 0x2000>;
reg = <0x2800 0 0 0 0>;
#address-cells = <3>;
#size-cells = <2>;
@@ -184,7 +184,7 @@ pcie5: pcie@5,0 {
pcie6: pcie@6,0 {
device_type = "pci";
- assigned-addresses = <0x82000800 0 0x84000 0 0x2000>;
+ assigned-addresses = <0x82003000 0 0x84000 0 0x2000>;
reg = <0x3000 0 0 0 0>;
#address-cells = <3>;
#size-cells = <2>;
@@ -202,7 +202,7 @@ pcie6: pcie@6,0 {
pcie7: pcie@7,0 {
device_type = "pci";
- assigned-addresses = <0x82000800 0 0x88000 0 0x2000>;
+ assigned-addresses = <0x82003800 0 0x88000 0 0x2000>;
reg = <0x3800 0 0 0 0>;
#address-cells = <3>;
#size-cells = <2>;
@@ -220,7 +220,7 @@ pcie7: pcie@7,0 {
pcie8: pcie@8,0 {
device_type = "pci";
- assigned-addresses = <0x82000800 0 0x8c000 0 0x2000>;
+ assigned-addresses = <0x82004000 0 0x8c000 0 0x2000>;
reg = <0x4000 0 0 0 0>;
#address-cells = <3>;
#size-cells = <2>;
@@ -238,7 +238,7 @@ pcie8: pcie@8,0 {
pcie9: pcie@9,0 {
device_type = "pci";
- assigned-addresses = <0x82000800 0 0x42000 0 0x2000>;
+ assigned-addresses = <0x82004800 0 0x42000 0 0x2000>;
reg = <0x4800 0 0 0 0>;
#address-cells = <3>;
#size-cells = <2>;
--
2.35.1
^ permalink raw reply related [flat|nested] 529+ messages in thread
* [PATCH 4.19 035/521] ARM: dts: armada-375: Fix assigned-addresses for every PCIe Root Port
2023-01-16 15:44 [PATCH 4.19 000/521] 4.19.270-rc1 review Greg Kroah-Hartman
` (33 preceding siblings ...)
2023-01-16 15:44 ` [PATCH 4.19 034/521] ARM: dts: armada-xp: " Greg Kroah-Hartman
@ 2023-01-16 15:44 ` Greg Kroah-Hartman
2023-01-16 15:44 ` [PATCH 4.19 036/521] ARM: dts: armada-38x: " Greg Kroah-Hartman
` (489 subsequent siblings)
524 siblings, 0 replies; 529+ messages in thread
From: Greg Kroah-Hartman @ 2023-01-16 15:44 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Pali Rohár, Gregory CLEMENT,
Sasha Levin
From: Pali Rohár <pali@kernel.org>
[ Upstream commit 823956d2436f70ced74c0fe8ab99facd8abfc060 ]
BDF of resource in DT assigned-addresses property of Marvell PCIe Root Port
(PCI-to-PCI bridge) should match BDF in address part in that DT node name
as specified resource belongs to Marvell PCIe Root Port itself.
Fixes: 4de59085091f ("ARM: mvebu: add Device Tree description of the Armada 375 SoC")
Signed-off-by: Pali Rohár <pali@kernel.org>
Signed-off-by: Gregory CLEMENT <gregory.clement@bootlin.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/arm/boot/dts/armada-375.dtsi | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/arch/arm/boot/dts/armada-375.dtsi b/arch/arm/boot/dts/armada-375.dtsi
index 2932a29ae272..230f6dd876a2 100644
--- a/arch/arm/boot/dts/armada-375.dtsi
+++ b/arch/arm/boot/dts/armada-375.dtsi
@@ -584,7 +584,7 @@ pcie0: pcie@1,0 {
pcie1: pcie@2,0 {
device_type = "pci";
- assigned-addresses = <0x82000800 0 0x44000 0 0x2000>;
+ assigned-addresses = <0x82001000 0 0x44000 0 0x2000>;
reg = <0x1000 0 0 0 0>;
#address-cells = <3>;
#size-cells = <2>;
--
2.35.1
^ permalink raw reply related [flat|nested] 529+ messages in thread
* [PATCH 4.19 036/521] ARM: dts: armada-38x: Fix assigned-addresses for every PCIe Root Port
2023-01-16 15:44 [PATCH 4.19 000/521] 4.19.270-rc1 review Greg Kroah-Hartman
` (34 preceding siblings ...)
2023-01-16 15:44 ` [PATCH 4.19 035/521] ARM: dts: armada-375: " Greg Kroah-Hartman
@ 2023-01-16 15:44 ` Greg Kroah-Hartman
2023-01-16 15:44 ` [PATCH 4.19 037/521] ARM: dts: armada-39x: " Greg Kroah-Hartman
` (488 subsequent siblings)
524 siblings, 0 replies; 529+ messages in thread
From: Greg Kroah-Hartman @ 2023-01-16 15:44 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Pali Rohár, Gregory CLEMENT,
Sasha Levin
From: Pali Rohár <pali@kernel.org>
[ Upstream commit 44f47b7a8fa4678ce4c38ea74837e4996b9df6d6 ]
BDF of resource in DT assigned-addresses property of Marvell PCIe Root Port
(PCI-to-PCI bridge) should match BDF in address part in that DT node name
as specified resource belongs to Marvell PCIe Root Port itself.
Fixes: 0d3d96ab0059 ("ARM: mvebu: add Device Tree description of the Armada 380/385 SoCs")
Signed-off-by: Pali Rohár <pali@kernel.org>
Signed-off-by: Gregory CLEMENT <gregory.clement@bootlin.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/arm/boot/dts/armada-380.dtsi | 4 ++--
arch/arm/boot/dts/armada-385.dtsi | 6 +++---
2 files changed, 5 insertions(+), 5 deletions(-)
diff --git a/arch/arm/boot/dts/armada-380.dtsi b/arch/arm/boot/dts/armada-380.dtsi
index cff1269f3fbf..7146cc8f082a 100644
--- a/arch/arm/boot/dts/armada-380.dtsi
+++ b/arch/arm/boot/dts/armada-380.dtsi
@@ -79,7 +79,7 @@ pcie@1,0 {
/* x1 port */
pcie@2,0 {
device_type = "pci";
- assigned-addresses = <0x82000800 0 0x40000 0 0x2000>;
+ assigned-addresses = <0x82001000 0 0x40000 0 0x2000>;
reg = <0x1000 0 0 0 0>;
#address-cells = <3>;
#size-cells = <2>;
@@ -98,7 +98,7 @@ pcie@2,0 {
/* x1 port */
pcie@3,0 {
device_type = "pci";
- assigned-addresses = <0x82000800 0 0x44000 0 0x2000>;
+ assigned-addresses = <0x82001800 0 0x44000 0 0x2000>;
reg = <0x1800 0 0 0 0>;
#address-cells = <3>;
#size-cells = <2>;
diff --git a/arch/arm/boot/dts/armada-385.dtsi b/arch/arm/boot/dts/armada-385.dtsi
index f0022d10c715..f081f7cb66e5 100644
--- a/arch/arm/boot/dts/armada-385.dtsi
+++ b/arch/arm/boot/dts/armada-385.dtsi
@@ -84,7 +84,7 @@ pcie1: pcie@1,0 {
/* x1 port */
pcie2: pcie@2,0 {
device_type = "pci";
- assigned-addresses = <0x82000800 0 0x40000 0 0x2000>;
+ assigned-addresses = <0x82001000 0 0x40000 0 0x2000>;
reg = <0x1000 0 0 0 0>;
#address-cells = <3>;
#size-cells = <2>;
@@ -103,7 +103,7 @@ pcie2: pcie@2,0 {
/* x1 port */
pcie3: pcie@3,0 {
device_type = "pci";
- assigned-addresses = <0x82000800 0 0x44000 0 0x2000>;
+ assigned-addresses = <0x82001800 0 0x44000 0 0x2000>;
reg = <0x1800 0 0 0 0>;
#address-cells = <3>;
#size-cells = <2>;
@@ -125,7 +125,7 @@ pcie3: pcie@3,0 {
*/
pcie4: pcie@4,0 {
device_type = "pci";
- assigned-addresses = <0x82000800 0 0x48000 0 0x2000>;
+ assigned-addresses = <0x82002000 0 0x48000 0 0x2000>;
reg = <0x2000 0 0 0 0>;
#address-cells = <3>;
#size-cells = <2>;
--
2.35.1
^ permalink raw reply related [flat|nested] 529+ messages in thread
* [PATCH 4.19 037/521] ARM: dts: armada-39x: Fix assigned-addresses for every PCIe Root Port
2023-01-16 15:44 [PATCH 4.19 000/521] 4.19.270-rc1 review Greg Kroah-Hartman
` (35 preceding siblings ...)
2023-01-16 15:44 ` [PATCH 4.19 036/521] ARM: dts: armada-38x: " Greg Kroah-Hartman
@ 2023-01-16 15:44 ` Greg Kroah-Hartman
2023-01-16 15:45 ` [PATCH 4.19 038/521] ARM: dts: turris-omnia: Add ethernet aliases Greg Kroah-Hartman
` (487 subsequent siblings)
524 siblings, 0 replies; 529+ messages in thread
From: Greg Kroah-Hartman @ 2023-01-16 15:44 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Pali Rohár, Gregory CLEMENT,
Sasha Levin
From: Pali Rohár <pali@kernel.org>
[ Upstream commit 69236d2391b4d7324b11c3252921571577892e7b ]
BDF of resource in DT assigned-addresses property of Marvell PCIe Root Port
(PCI-to-PCI bridge) should match BDF in address part in that DT node name
as specified resource belongs to Marvell PCIe Root Port itself.
Fixes: 538da83ddbea ("ARM: mvebu: add Device Tree files for Armada 39x SoC and board")
Signed-off-by: Pali Rohár <pali@kernel.org>
Signed-off-by: Gregory CLEMENT <gregory.clement@bootlin.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/arm/boot/dts/armada-39x.dtsi | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/arch/arm/boot/dts/armada-39x.dtsi b/arch/arm/boot/dts/armada-39x.dtsi
index f0c949831efb..f589112e7697 100644
--- a/arch/arm/boot/dts/armada-39x.dtsi
+++ b/arch/arm/boot/dts/armada-39x.dtsi
@@ -456,7 +456,7 @@ pcie@1,0 {
/* x1 port */
pcie@2,0 {
device_type = "pci";
- assigned-addresses = <0x82000800 0 0x40000 0 0x2000>;
+ assigned-addresses = <0x82001000 0 0x40000 0 0x2000>;
reg = <0x1000 0 0 0 0>;
#address-cells = <3>;
#size-cells = <2>;
@@ -475,7 +475,7 @@ pcie@2,0 {
/* x1 port */
pcie@3,0 {
device_type = "pci";
- assigned-addresses = <0x82000800 0 0x44000 0 0x2000>;
+ assigned-addresses = <0x82001800 0 0x44000 0 0x2000>;
reg = <0x1800 0 0 0 0>;
#address-cells = <3>;
#size-cells = <2>;
@@ -497,7 +497,7 @@ pcie@3,0 {
*/
pcie@4,0 {
device_type = "pci";
- assigned-addresses = <0x82000800 0 0x48000 0 0x2000>;
+ assigned-addresses = <0x82002000 0 0x48000 0 0x2000>;
reg = <0x2000 0 0 0 0>;
#address-cells = <3>;
#size-cells = <2>;
--
2.35.1
^ permalink raw reply related [flat|nested] 529+ messages in thread
* [PATCH 4.19 038/521] ARM: dts: turris-omnia: Add ethernet aliases
2023-01-16 15:44 [PATCH 4.19 000/521] 4.19.270-rc1 review Greg Kroah-Hartman
` (36 preceding siblings ...)
2023-01-16 15:44 ` [PATCH 4.19 037/521] ARM: dts: armada-39x: " Greg Kroah-Hartman
@ 2023-01-16 15:45 ` Greg Kroah-Hartman
2023-01-16 15:45 ` [PATCH 4.19 039/521] ARM: dts: turris-omnia: Add switch port 6 node Greg Kroah-Hartman
` (486 subsequent siblings)
524 siblings, 0 replies; 529+ messages in thread
From: Greg Kroah-Hartman @ 2023-01-16 15:45 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Pali Rohár, Gregory CLEMENT,
Sasha Levin
From: Pali Rohár <pali@kernel.org>
[ Upstream commit f1f3e530c59a7e8c5f06172f4c28b945a6b4bfb8 ]
This allows bootloader to correctly pass MAC addresses used by bootloader
to individual interfaces into kernel device tree.
Signed-off-by: Pali Rohár <pali@kernel.org>
Fixes: 26ca8b52d6e1 ("ARM: dts: add support for Turris Omnia")
Signed-off-by: Gregory CLEMENT <gregory.clement@bootlin.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/arm/boot/dts/armada-385-turris-omnia.dts | 6 ++++++
1 file changed, 6 insertions(+)
diff --git a/arch/arm/boot/dts/armada-385-turris-omnia.dts b/arch/arm/boot/dts/armada-385-turris-omnia.dts
index 92e08486ec81..c0a026ac7be8 100644
--- a/arch/arm/boot/dts/armada-385-turris-omnia.dts
+++ b/arch/arm/boot/dts/armada-385-turris-omnia.dts
@@ -22,6 +22,12 @@ chosen {
stdout-path = &uart0;
};
+ aliases {
+ ethernet0 = ð0;
+ ethernet1 = ð1;
+ ethernet2 = ð2;
+ };
+
memory {
device_type = "memory";
reg = <0x00000000 0x40000000>; /* 1024 MB */
--
2.35.1
^ permalink raw reply related [flat|nested] 529+ messages in thread
* [PATCH 4.19 039/521] ARM: dts: turris-omnia: Add switch port 6 node
2023-01-16 15:44 [PATCH 4.19 000/521] 4.19.270-rc1 review Greg Kroah-Hartman
` (37 preceding siblings ...)
2023-01-16 15:45 ` [PATCH 4.19 038/521] ARM: dts: turris-omnia: Add ethernet aliases Greg Kroah-Hartman
@ 2023-01-16 15:45 ` Greg Kroah-Hartman
2023-01-16 15:45 ` [PATCH 4.19 040/521] pstore/ram: Fix error return code in ramoops_probe() Greg Kroah-Hartman
` (485 subsequent siblings)
524 siblings, 0 replies; 529+ messages in thread
From: Greg Kroah-Hartman @ 2023-01-16 15:45 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Pali Rohár, Andrew Lunn,
Gregory CLEMENT, Sasha Levin
From: Pali Rohár <pali@kernel.org>
[ Upstream commit f87db2005f73876602211af0ee156817019b6bda ]
Switch port 6 is connected to eth0, so add appropriate device tree node for it.
Fixes: 26ca8b52d6e1 ("ARM: dts: add support for Turris Omnia")
Signed-off-by: Pali Rohár <pali@kernel.org>
Reviewed-by: Andrew Lunn <andrew@lunn.ch>
Signed-off-by: Gregory CLEMENT <gregory.clement@bootlin.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/arm/boot/dts/armada-385-turris-omnia.dts | 12 +++++++++++-
1 file changed, 11 insertions(+), 1 deletion(-)
diff --git a/arch/arm/boot/dts/armada-385-turris-omnia.dts b/arch/arm/boot/dts/armada-385-turris-omnia.dts
index c0a026ac7be8..320c759b4090 100644
--- a/arch/arm/boot/dts/armada-385-turris-omnia.dts
+++ b/arch/arm/boot/dts/armada-385-turris-omnia.dts
@@ -297,7 +297,17 @@ fixed-link {
};
};
- /* port 6 is connected to eth0 */
+ ports@6 {
+ reg = <6>;
+ label = "cpu";
+ ethernet = <ð0>;
+ phy-mode = "rgmii-id";
+
+ fixed-link {
+ speed = <1000>;
+ full-duplex;
+ };
+ };
};
};
};
--
2.35.1
^ permalink raw reply related [flat|nested] 529+ messages in thread
* [PATCH 4.19 040/521] pstore/ram: Fix error return code in ramoops_probe()
2023-01-16 15:44 [PATCH 4.19 000/521] 4.19.270-rc1 review Greg Kroah-Hartman
` (38 preceding siblings ...)
2023-01-16 15:45 ` [PATCH 4.19 039/521] ARM: dts: turris-omnia: Add switch port 6 node Greg Kroah-Hartman
@ 2023-01-16 15:45 ` Greg Kroah-Hartman
2023-01-16 15:45 ` [PATCH 4.19 041/521] ARM: mmp: fix timer_read delay Greg Kroah-Hartman
` (484 subsequent siblings)
524 siblings, 0 replies; 529+ messages in thread
From: Greg Kroah-Hartman @ 2023-01-16 15:45 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Wang Yufen, Kees Cook, Sasha Levin
From: Wang Yufen <wangyufen@huawei.com>
[ Upstream commit e1fce564900f8734edf15b87f028c57e14f6e28d ]
In the if (dev_of_node(dev) && !pdata) path, the "err" may be assigned a
value of 0, so the error return code -EINVAL may be incorrectly set
to 0. To fix set valid return code before calling to goto.
Fixes: 35da60941e44 ("pstore/ram: add Device Tree bindings")
Signed-off-by: Wang Yufen <wangyufen@huawei.com>
Signed-off-by: Kees Cook <keescook@chromium.org>
Link: https://lore.kernel.org/r/1669969374-46582-1-git-send-email-wangyufen@huawei.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
fs/pstore/ram.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/fs/pstore/ram.c b/fs/pstore/ram.c
index bafbab2dd039..33294dee7d7f 100644
--- a/fs/pstore/ram.c
+++ b/fs/pstore/ram.c
@@ -753,6 +753,7 @@ static int ramoops_probe(struct platform_device *pdev)
/* Make sure we didn't get bogus platform data pointer. */
if (!pdata) {
pr_err("NULL platform data\n");
+ err = -EINVAL;
goto fail_out;
}
@@ -760,6 +761,7 @@ static int ramoops_probe(struct platform_device *pdev)
!pdata->ftrace_size && !pdata->pmsg_size)) {
pr_err("The memory size and the record/console size must be "
"non-zero\n");
+ err = -EINVAL;
goto fail_out;
}
--
2.35.1
^ permalink raw reply related [flat|nested] 529+ messages in thread
* [PATCH 4.19 041/521] ARM: mmp: fix timer_read delay
2023-01-16 15:44 [PATCH 4.19 000/521] 4.19.270-rc1 review Greg Kroah-Hartman
` (39 preceding siblings ...)
2023-01-16 15:45 ` [PATCH 4.19 040/521] pstore/ram: Fix error return code in ramoops_probe() Greg Kroah-Hartman
@ 2023-01-16 15:45 ` Greg Kroah-Hartman
2023-01-16 15:45 ` [PATCH 4.19 042/521] pstore: Avoid kcore oops by vmap()ing with VM_IOREMAP Greg Kroah-Hartman
` (483 subsequent siblings)
524 siblings, 0 replies; 529+ messages in thread
From: Greg Kroah-Hartman @ 2023-01-16 15:45 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Doug Brown, Arnd Bergmann, Sasha Levin
From: Doug Brown <doug@schmorgal.com>
[ Upstream commit e348b4014c31041e13ff370669ba3348c4d385e3 ]
timer_read() was using an empty 100-iteration loop to wait for the
TMR_CVWR register to capture the latest timer counter value. The delay
wasn't long enough. This resulted in CPU idle time being extremely
underreported on PXA168 with CONFIG_NO_HZ_IDLE=y.
Switch to the approach used in the vendor kernel, which implements the
capture delay by reading TMR_CVWR a few times instead.
Fixes: 49cbe78637eb ("[ARM] pxa: add base support for Marvell's PXA168 processor line")
Signed-off-by: Doug Brown <doug@schmorgal.com>
Link: https://lore.kernel.org/r/20221204005117.53452-3-doug@schmorgal.com
Signed-off-by: Arnd Bergmann <arnd@arndb.de>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/arm/mach-mmp/time.c | 11 +++++++----
1 file changed, 7 insertions(+), 4 deletions(-)
diff --git a/arch/arm/mach-mmp/time.c b/arch/arm/mach-mmp/time.c
index 96ad1db0b04b..edd280e75546 100644
--- a/arch/arm/mach-mmp/time.c
+++ b/arch/arm/mach-mmp/time.c
@@ -52,18 +52,21 @@
static void __iomem *mmp_timer_base = TIMERS_VIRT_BASE;
/*
- * FIXME: the timer needs some delay to stablize the counter capture
+ * Read the timer through the CVWR register. Delay is required after requesting
+ * a read. The CR register cannot be directly read due to metastability issues
+ * documented in the PXA168 software manual.
*/
static inline uint32_t timer_read(void)
{
- int delay = 100;
+ uint32_t val;
+ int delay = 3;
__raw_writel(1, mmp_timer_base + TMR_CVWR(1));
while (delay--)
- cpu_relax();
+ val = __raw_readl(mmp_timer_base + TMR_CVWR(1));
- return __raw_readl(mmp_timer_base + TMR_CVWR(1));
+ return val;
}
static u64 notrace mmp_read_sched_clock(void)
--
2.35.1
^ permalink raw reply related [flat|nested] 529+ messages in thread
* [PATCH 4.19 042/521] pstore: Avoid kcore oops by vmap()ing with VM_IOREMAP
2023-01-16 15:44 [PATCH 4.19 000/521] 4.19.270-rc1 review Greg Kroah-Hartman
` (40 preceding siblings ...)
2023-01-16 15:45 ` [PATCH 4.19 041/521] ARM: mmp: fix timer_read delay Greg Kroah-Hartman
@ 2023-01-16 15:45 ` Greg Kroah-Hartman
2023-01-16 15:45 ` [PATCH 4.19 043/521] tpm/tpm_crb: Fix error message in __crb_relinquish_locality() Greg Kroah-Hartman
` (482 subsequent siblings)
524 siblings, 0 replies; 529+ messages in thread
From: Greg Kroah-Hartman @ 2023-01-16 15:45 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Brian Geffon, Mike Rapoport,
Andrew Morton, Stephen Boyd, Kees Cook, Sasha Levin
From: Stephen Boyd <swboyd@chromium.org>
[ Upstream commit e6b842741b4f39007215fd7e545cb55aa3d358a2 ]
An oops can be induced by running 'cat /proc/kcore > /dev/null' on
devices using pstore with the ram backend because kmap_atomic() assumes
lowmem pages are accessible with __va().
Unable to handle kernel paging request at virtual address ffffff807ff2b000
Mem abort info:
ESR = 0x96000006
EC = 0x25: DABT (current EL), IL = 32 bits
SET = 0, FnV = 0
EA = 0, S1PTW = 0
FSC = 0x06: level 2 translation fault
Data abort info:
ISV = 0, ISS = 0x00000006
CM = 0, WnR = 0
swapper pgtable: 4k pages, 39-bit VAs, pgdp=0000000081d87000
[ffffff807ff2b000] pgd=180000017fe18003, p4d=180000017fe18003, pud=180000017fe18003, pmd=0000000000000000
Internal error: Oops: 96000006 [#1] PREEMPT SMP
Modules linked in: dm_integrity
CPU: 7 PID: 21179 Comm: perf Not tainted 5.15.67-10882-ge4eb2eb988cd #1 baa443fb8e8477896a370b31a821eb2009f9bfba
Hardware name: Google Lazor (rev3 - 8) (DT)
pstate: a0400009 (NzCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)
pc : __memcpy+0x110/0x260
lr : vread+0x194/0x294
sp : ffffffc013ee39d0
x29: ffffffc013ee39f0 x28: 0000000000001000 x27: ffffff807ff2b000
x26: 0000000000001000 x25: ffffffc0085a2000 x24: ffffff802d4b3000
x23: ffffff80f8a60000 x22: ffffff802d4b3000 x21: ffffffc0085a2000
x20: ffffff8080b7bc68 x19: 0000000000001000 x18: 0000000000000000
x17: 0000000000000000 x16: 0000000000000000 x15: ffffffd3073f2e60
x14: ffffffffad588000 x13: 0000000000000000 x12: 0000000000000001
x11: 00000000000001a2 x10: 00680000fff2bf0b x9 : 03fffffff807ff2b
x8 : 0000000000000001 x7 : 0000000000000000 x6 : 0000000000000000
x5 : ffffff802d4b4000 x4 : ffffff807ff2c000 x3 : ffffffc013ee3a78
x2 : 0000000000001000 x1 : ffffff807ff2b000 x0 : ffffff802d4b3000
Call trace:
__memcpy+0x110/0x260
read_kcore+0x584/0x778
proc_reg_read+0xb4/0xe4
During early boot, memblock reserves the pages for the ramoops reserved
memory node in DT that would otherwise be part of the direct lowmem
mapping. Pstore's ram backend reuses those reserved pages to change the
memory type (writeback or non-cached) by passing the pages to vmap()
(see pfn_to_page() usage in persistent_ram_vmap() for more details) with
specific flags. When read_kcore() starts iterating over the vmalloc
region, it runs over the virtual address that vmap() returned for
ramoops. In aligned_vread() the virtual address is passed to
vmalloc_to_page() which returns the page struct for the reserved lowmem
area. That lowmem page is passed to kmap_atomic(), which effectively
calls page_to_virt() that assumes a lowmem page struct must be directly
accessible with __va() and friends. These pages are mapped via vmap()
though, and the lowmem mapping was never made, so accessing them via the
lowmem virtual address oopses like above.
Let's side-step this problem by passing VM_IOREMAP to vmap(). This will
tell vread() to not include the ramoops region in the kcore. Instead the
area will look like a bunch of zeros. The alternative is to teach kmap()
about vmalloc areas that intersect with lowmem. Presumably such a change
isn't a one-liner, and there isn't much interest in inspecting the
ramoops region in kcore files anyway, so the most expedient route is
taken for now.
Cc: Brian Geffon <bgeffon@google.com>
Cc: Mike Rapoport <rppt@kernel.org>
Cc: Andrew Morton <akpm@linux-foundation.org>
Fixes: 404a6043385d ("staging: android: persistent_ram: handle reserving and mapping memory")
Signed-off-by: Stephen Boyd <swboyd@chromium.org>
Signed-off-by: Kees Cook <keescook@chromium.org>
Link: https://lore.kernel.org/r/20221205233136.3420802-1-swboyd@chromium.org
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
fs/pstore/ram_core.c | 6 +++++-
1 file changed, 5 insertions(+), 1 deletion(-)
diff --git a/fs/pstore/ram_core.c b/fs/pstore/ram_core.c
index 3c777ec80d47..60dff7180412 100644
--- a/fs/pstore/ram_core.c
+++ b/fs/pstore/ram_core.c
@@ -426,7 +426,11 @@ static void *persistent_ram_vmap(phys_addr_t start, size_t size,
phys_addr_t addr = page_start + i * PAGE_SIZE;
pages[i] = pfn_to_page(addr >> PAGE_SHIFT);
}
- vaddr = vmap(pages, page_count, VM_MAP, prot);
+ /*
+ * VM_IOREMAP used here to bypass this region during vread()
+ * and kmap_atomic() (i.e. kcore) to avoid __va() failures.
+ */
+ vaddr = vmap(pages, page_count, VM_MAP | VM_IOREMAP, prot);
kfree(pages);
/*
--
2.35.1
^ permalink raw reply related [flat|nested] 529+ messages in thread
* [PATCH 4.19 043/521] tpm/tpm_crb: Fix error message in __crb_relinquish_locality()
2023-01-16 15:44 [PATCH 4.19 000/521] 4.19.270-rc1 review Greg Kroah-Hartman
` (41 preceding siblings ...)
2023-01-16 15:45 ` [PATCH 4.19 042/521] pstore: Avoid kcore oops by vmap()ing with VM_IOREMAP Greg Kroah-Hartman
@ 2023-01-16 15:45 ` Greg Kroah-Hartman
2023-01-16 15:45 ` [PATCH 4.19 044/521] cpuidle: dt: Return the correct numbers of parsed idle states Greg Kroah-Hartman
` (481 subsequent siblings)
524 siblings, 0 replies; 529+ messages in thread
From: Greg Kroah-Hartman @ 2023-01-16 15:45 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Michael Kelley, Tomas Winkler,
Jarkko Sakkinen, Sasha Levin
From: Michael Kelley <mikelley@microsoft.com>
[ Upstream commit f5264068071964b56dc02c9dab3d11574aaca6ff ]
The error message in __crb_relinquish_locality() mentions requestAccess
instead of Relinquish. Fix it.
Fixes: 888d867df441 ("tpm: cmd_ready command can be issued only after granting locality")
Signed-off-by: Michael Kelley <mikelley@microsoft.com>
Acked-by: Tomas Winkler <tomas.winkler@intel.com>
Reviewed-by: Jarkko Sakkinen <jarkko@kernel.org>
Signed-off-by: Jarkko Sakkinen <jarkko@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/char/tpm/tpm_crb.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/char/tpm/tpm_crb.c b/drivers/char/tpm/tpm_crb.c
index 20f27100708b..101c71c78e2f 100644
--- a/drivers/char/tpm/tpm_crb.c
+++ b/drivers/char/tpm/tpm_crb.c
@@ -256,7 +256,7 @@ static int __crb_relinquish_locality(struct device *dev,
iowrite32(CRB_LOC_CTRL_RELINQUISH, &priv->regs_h->loc_ctrl);
if (!crb_wait_for_reg_32(&priv->regs_h->loc_state, mask, value,
TPM2_TIMEOUT_C)) {
- dev_warn(dev, "TPM_LOC_STATE_x.requestAccess timed out\n");
+ dev_warn(dev, "TPM_LOC_STATE_x.Relinquish timed out\n");
return -ETIME;
}
--
2.35.1
^ permalink raw reply related [flat|nested] 529+ messages in thread
* [PATCH 4.19 044/521] cpuidle: dt: Return the correct numbers of parsed idle states
2023-01-16 15:44 [PATCH 4.19 000/521] 4.19.270-rc1 review Greg Kroah-Hartman
` (42 preceding siblings ...)
2023-01-16 15:45 ` [PATCH 4.19 043/521] tpm/tpm_crb: Fix error message in __crb_relinquish_locality() Greg Kroah-Hartman
@ 2023-01-16 15:45 ` Greg Kroah-Hartman
2023-01-16 15:45 ` [PATCH 4.19 045/521] alpha: fix syscall entry in !AUDUT_SYSCALL case Greg Kroah-Hartman
` (480 subsequent siblings)
524 siblings, 0 replies; 529+ messages in thread
From: Greg Kroah-Hartman @ 2023-01-16 15:45 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Ulf Hansson, Sudeep Holla,
Rafael J. Wysocki, Sasha Levin
From: Ulf Hansson <ulf.hansson@linaro.org>
[ Upstream commit ee3c2c8ad6ba6785f14a60e4081d7c82e88162a2 ]
While we correctly skips to initialize an idle state from a disabled idle
state node in DT, the returned value from dt_init_idle_driver() don't get
adjusted accordingly. Instead the number of found idle state nodes are
returned, while the callers are expecting the number of successfully
initialized idle states from DT.
This leads to cpuidle drivers unnecessarily continues to initialize their
idle state specific data. Moreover, in the case when all idle states have
been disabled in DT, we would end up registering a cpuidle driver, rather
than relying on the default arch specific idle call.
Fixes: 9f14da345599 ("drivers: cpuidle: implement DT based idle states infrastructure")
Signed-off-by: Ulf Hansson <ulf.hansson@linaro.org>
Reviewed-by: Sudeep Holla <sudeep.holla@arm.com>
Signed-off-by: Rafael J. Wysocki <rafael.j.wysocki@intel.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/cpuidle/dt_idle_states.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/cpuidle/dt_idle_states.c b/drivers/cpuidle/dt_idle_states.c
index 53342b7f1010..ea3c59d3fdad 100644
--- a/drivers/cpuidle/dt_idle_states.c
+++ b/drivers/cpuidle/dt_idle_states.c
@@ -224,6 +224,6 @@ int dt_init_idle_driver(struct cpuidle_driver *drv,
* also be 0 on platforms with missing DT idle states or legacy DT
* configuration predating the DT idle states bindings.
*/
- return i;
+ return state_idx - start_idx;
}
EXPORT_SYMBOL_GPL(dt_init_idle_driver);
--
2.35.1
^ permalink raw reply related [flat|nested] 529+ messages in thread
* [PATCH 4.19 045/521] alpha: fix syscall entry in !AUDUT_SYSCALL case
2023-01-16 15:44 [PATCH 4.19 000/521] 4.19.270-rc1 review Greg Kroah-Hartman
` (43 preceding siblings ...)
2023-01-16 15:45 ` [PATCH 4.19 044/521] cpuidle: dt: Return the correct numbers of parsed idle states Greg Kroah-Hartman
@ 2023-01-16 15:45 ` Greg Kroah-Hartman
2023-01-16 15:45 ` [PATCH 4.19 046/521] fs: dont audit the capability check in simple_xattr_list() Greg Kroah-Hartman
` (479 subsequent siblings)
524 siblings, 0 replies; 529+ messages in thread
From: Greg Kroah-Hartman @ 2023-01-16 15:45 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Al Viro, Sasha Levin
From: Al Viro <viro@zeniv.linux.org.uk>
[ Upstream commit f7b2431a6d22f7a91c567708e071dfcd6d66db14 ]
We only want to take the slow path if SYSCALL_TRACE or SYSCALL_AUDIT is
set; on !AUDIT_SYSCALL configs the current tree hits it whenever _any_
thread flag (including NEED_RESCHED, NOTIFY_SIGNAL, etc.) happens to
be set.
Fixes: a9302e843944 "alpha: Enable system-call auditing support"
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/alpha/kernel/entry.S | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/arch/alpha/kernel/entry.S b/arch/alpha/kernel/entry.S
index c64806a2daf5..ebe52200a9dc 100644
--- a/arch/alpha/kernel/entry.S
+++ b/arch/alpha/kernel/entry.S
@@ -469,8 +469,10 @@ entSys:
#ifdef CONFIG_AUDITSYSCALL
lda $6, _TIF_SYSCALL_TRACE | _TIF_SYSCALL_AUDIT
and $3, $6, $3
-#endif
bne $3, strace
+#else
+ blbs $3, strace /* check for SYSCALL_TRACE in disguise */
+#endif
beq $4, 1f
ldq $27, 0($5)
1: jsr $26, ($27), alpha_ni_syscall
--
2.35.1
^ permalink raw reply related [flat|nested] 529+ messages in thread
* [PATCH 4.19 046/521] fs: dont audit the capability check in simple_xattr_list()
2023-01-16 15:44 [PATCH 4.19 000/521] 4.19.270-rc1 review Greg Kroah-Hartman
` (44 preceding siblings ...)
2023-01-16 15:45 ` [PATCH 4.19 045/521] alpha: fix syscall entry in !AUDUT_SYSCALL case Greg Kroah-Hartman
@ 2023-01-16 15:45 ` Greg Kroah-Hartman
2023-01-16 15:45 ` [PATCH 4.19 047/521] selftests/ftrace: event_triggers: wait longer for test_event_enable Greg Kroah-Hartman
` (478 subsequent siblings)
524 siblings, 0 replies; 529+ messages in thread
From: Greg Kroah-Hartman @ 2023-01-16 15:45 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Martin Pitt,
Christian Brauner (Microsoft),
Ondrej Mosnacek, Paul Moore, Sasha Levin
From: Ondrej Mosnacek <omosnace@redhat.com>
[ Upstream commit e7eda157c4071cd1e69f4b1687b0fbe1ae5e6f46 ]
The check being unconditional may lead to unwanted denials reported by
LSMs when a process has the capability granted by DAC, but denied by an
LSM. In the case of SELinux such denials are a problem, since they can't
be effectively filtered out via the policy and when not silenced, they
produce noise that may hide a true problem or an attack.
Checking for the capability only if any trusted xattr is actually
present wouldn't really address the issue, since calling listxattr(2) on
such node on its own doesn't indicate an explicit attempt to see the
trusted xattrs. Additionally, it could potentially leak the presence of
trusted xattrs to an unprivileged user if they can check for the denials
(e.g. through dmesg).
Therefore, it's best (and simplest) to keep the check unconditional and
instead use ns_capable_noaudit() that will silence any associated LSM
denials.
Fixes: 38f38657444d ("xattr: extract simple_xattr code from tmpfs")
Reported-by: Martin Pitt <mpitt@redhat.com>
Suggested-by: Christian Brauner (Microsoft) <brauner@kernel.org>
Signed-off-by: Ondrej Mosnacek <omosnace@redhat.com>
Reviewed-by: Christian Brauner (Microsoft) <brauner@kernel.org>
Reviewed-by: Paul Moore <paul@paul-moore.com>
Signed-off-by: Christian Brauner (Microsoft) <brauner@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
fs/xattr.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/fs/xattr.c b/fs/xattr.c
index 470ee0af3200..5c3407e18e15 100644
--- a/fs/xattr.c
+++ b/fs/xattr.c
@@ -1012,7 +1012,7 @@ static int xattr_list_one(char **buffer, ssize_t *remaining_size,
ssize_t simple_xattr_list(struct inode *inode, struct simple_xattrs *xattrs,
char *buffer, size_t size)
{
- bool trusted = capable(CAP_SYS_ADMIN);
+ bool trusted = ns_capable_noaudit(&init_user_ns, CAP_SYS_ADMIN);
struct simple_xattr *xattr;
ssize_t remaining_size = size;
int err = 0;
--
2.35.1
^ permalink raw reply related [flat|nested] 529+ messages in thread
* [PATCH 4.19 047/521] selftests/ftrace: event_triggers: wait longer for test_event_enable
2023-01-16 15:44 [PATCH 4.19 000/521] 4.19.270-rc1 review Greg Kroah-Hartman
` (45 preceding siblings ...)
2023-01-16 15:45 ` [PATCH 4.19 046/521] fs: dont audit the capability check in simple_xattr_list() Greg Kroah-Hartman
@ 2023-01-16 15:45 ` Greg Kroah-Hartman
2023-01-16 15:45 ` [PATCH 4.19 048/521] perf: Fix possible memleak in pmu_dev_alloc() Greg Kroah-Hartman
` (477 subsequent siblings)
524 siblings, 0 replies; 529+ messages in thread
From: Greg Kroah-Hartman @ 2023-01-16 15:45 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Yipeng Zou,
Masami Hiramatsu (Google), Steven Rostedt (Google),
Shuah Khan, Sasha Levin
From: Yipeng Zou <zouyipeng@huawei.com>
[ Upstream commit a1d6cd88c8973cfb08ee85722488b1d6d5d16327 ]
In some platform, the schedule event may came slowly, delay 100ms can't
cover it.
I was notice that on my board which running in low cpu_freq,and this
selftests allways gose fail.
So maybe we can check more times here to wait longer.
Fixes: 43bb45da82f9 ("selftests: ftrace: Add a selftest to test event enable/disable func trigger")
Signed-off-by: Yipeng Zou <zouyipeng@huawei.com>
Acked-by: Masami Hiramatsu (Google) <mhiramat@kernel.org>
Acked-by: Steven Rostedt (Google) <rostedt@goodmis.org>
Signed-off-by: Shuah Khan <skhan@linuxfoundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
.../ftrace/test.d/ftrace/func_event_triggers.tc | 15 +++++++++++----
1 file changed, 11 insertions(+), 4 deletions(-)
diff --git a/tools/testing/selftests/ftrace/test.d/ftrace/func_event_triggers.tc b/tools/testing/selftests/ftrace/test.d/ftrace/func_event_triggers.tc
index 6fed4cf2db81..79d614f1fe8e 100644
--- a/tools/testing/selftests/ftrace/test.d/ftrace/func_event_triggers.tc
+++ b/tools/testing/selftests/ftrace/test.d/ftrace/func_event_triggers.tc
@@ -45,11 +45,18 @@ cnt_trace() {
test_event_enabled() {
val=$1
+ check_times=10 # wait for 10 * SLEEP_TIME at most
- e=`cat $EVENT_ENABLE`
- if [ "$e" != $val ]; then
- fail "Expected $val but found $e"
- fi
+ while [ $check_times -ne 0 ]; do
+ e=`cat $EVENT_ENABLE`
+ if [ "$e" == $val ]; then
+ return 0
+ fi
+ sleep $SLEEP_TIME
+ check_times=$((check_times - 1))
+ done
+
+ fail "Expected $val but found $e"
}
run_enable_disable() {
--
2.35.1
^ permalink raw reply related [flat|nested] 529+ messages in thread
* [PATCH 4.19 048/521] perf: Fix possible memleak in pmu_dev_alloc()
2023-01-16 15:44 [PATCH 4.19 000/521] 4.19.270-rc1 review Greg Kroah-Hartman
` (46 preceding siblings ...)
2023-01-16 15:45 ` [PATCH 4.19 047/521] selftests/ftrace: event_triggers: wait longer for test_event_enable Greg Kroah-Hartman
@ 2023-01-16 15:45 ` Greg Kroah-Hartman
2023-01-16 15:45 ` [PATCH 4.19 049/521] timerqueue: Use rb_entry_safe() in timerqueue_getnext() Greg Kroah-Hartman
` (476 subsequent siblings)
524 siblings, 0 replies; 529+ messages in thread
From: Greg Kroah-Hartman @ 2023-01-16 15:45 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Chen Zhongjin,
Peter Zijlstra (Intel),
Sasha Levin
From: Chen Zhongjin <chenzhongjin@huawei.com>
[ Upstream commit e8d7a90c08ce963c592fb49845f2ccc606a2ac21 ]
In pmu_dev_alloc(), when dev_set_name() failed, it will goto free_dev
and call put_device(pmu->dev) to release it.
However pmu->dev->release is assigned after this, which makes warning
and memleak.
Call dev_set_name() after pmu->dev->release = pmu_dev_release to fix it.
Device '(null)' does not have a release() function...
WARNING: CPU: 2 PID: 441 at drivers/base/core.c:2332 device_release+0x1b9/0x240
...
Call Trace:
<TASK>
kobject_put+0x17f/0x460
put_device+0x20/0x30
pmu_dev_alloc+0x152/0x400
perf_pmu_register+0x96b/0xee0
...
kmemleak: 1 new suspected memory leaks (see /sys/kernel/debug/kmemleak)
unreferenced object 0xffff888014759000 (size 2048):
comm "modprobe", pid 441, jiffies 4294931444 (age 38.332s)
backtrace:
[<0000000005aed3b4>] kmalloc_trace+0x27/0x110
[<000000006b38f9b8>] pmu_dev_alloc+0x50/0x400
[<00000000735f17be>] perf_pmu_register+0x96b/0xee0
[<00000000e38477f1>] 0xffffffffc0ad8603
[<000000004e162216>] do_one_initcall+0xd0/0x4e0
...
Fixes: abe43400579d ("perf: Sysfs enumeration")
Signed-off-by: Chen Zhongjin <chenzhongjin@huawei.com>
Signed-off-by: Peter Zijlstra (Intel) <peterz@infradead.org>
Link: https://lkml.kernel.org/r/20221111103653.91058-1-chenzhongjin@huawei.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
kernel/events/core.c | 8 +++++---
1 file changed, 5 insertions(+), 3 deletions(-)
diff --git a/kernel/events/core.c b/kernel/events/core.c
index ba66ea3ca705..668e5492e4c4 100644
--- a/kernel/events/core.c
+++ b/kernel/events/core.c
@@ -9682,13 +9682,15 @@ static int pmu_dev_alloc(struct pmu *pmu)
pmu->dev->groups = pmu->attr_groups;
device_initialize(pmu->dev);
- ret = dev_set_name(pmu->dev, "%s", pmu->name);
- if (ret)
- goto free_dev;
dev_set_drvdata(pmu->dev, pmu);
pmu->dev->bus = &pmu_bus;
pmu->dev->release = pmu_dev_release;
+
+ ret = dev_set_name(pmu->dev, "%s", pmu->name);
+ if (ret)
+ goto free_dev;
+
ret = device_add(pmu->dev);
if (ret)
goto free_dev;
--
2.35.1
^ permalink raw reply related [flat|nested] 529+ messages in thread
* [PATCH 4.19 049/521] timerqueue: Use rb_entry_safe() in timerqueue_getnext()
2023-01-16 15:44 [PATCH 4.19 000/521] 4.19.270-rc1 review Greg Kroah-Hartman
` (47 preceding siblings ...)
2023-01-16 15:45 ` [PATCH 4.19 048/521] perf: Fix possible memleak in pmu_dev_alloc() Greg Kroah-Hartman
@ 2023-01-16 15:45 ` Greg Kroah-Hartman
2023-01-16 15:45 ` [PATCH 4.19 050/521] proc: fixup uptime selftest Greg Kroah-Hartman
` (475 subsequent siblings)
524 siblings, 0 replies; 529+ messages in thread
From: Greg Kroah-Hartman @ 2023-01-16 15:45 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Barnabás Pőcze,
Thomas Gleixner, Sasha Levin
From: Barnabás Pőcze <pobrn@protonmail.com>
[ Upstream commit 2f117484329b233455ee278f2d9b0a4356835060 ]
When `timerqueue_getnext()` is called on an empty timer queue, it will
use `rb_entry()` on a NULL pointer, which is invalid. Fix that by using
`rb_entry_safe()` which handles NULL pointers.
This has not caused any issues so far because the offset of the `rb_node`
member in `timerqueue_node` is 0, so `rb_entry()` is essentially a no-op.
Fixes: 511885d7061e ("lib/timerqueue: Rely on rbtree semantics for next timer")
Signed-off-by: Barnabás Pőcze <pobrn@protonmail.com>
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
Link: https://lore.kernel.org/r/20221114195421.342929-1-pobrn@protonmail.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
include/linux/timerqueue.h | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/include/linux/timerqueue.h b/include/linux/timerqueue.h
index aff122f1062a..e1a843cb16d4 100644
--- a/include/linux/timerqueue.h
+++ b/include/linux/timerqueue.h
@@ -35,7 +35,7 @@ struct timerqueue_node *timerqueue_getnext(struct timerqueue_head *head)
{
struct rb_node *leftmost = rb_first_cached(&head->rb_root);
- return rb_entry(leftmost, struct timerqueue_node, node);
+ return rb_entry_safe(leftmost, struct timerqueue_node, node);
}
static inline void timerqueue_init(struct timerqueue_node *node)
--
2.35.1
^ permalink raw reply related [flat|nested] 529+ messages in thread
* [PATCH 4.19 050/521] proc: fixup uptime selftest
2023-01-16 15:44 [PATCH 4.19 000/521] 4.19.270-rc1 review Greg Kroah-Hartman
` (48 preceding siblings ...)
2023-01-16 15:45 ` [PATCH 4.19 049/521] timerqueue: Use rb_entry_safe() in timerqueue_getnext() Greg Kroah-Hartman
@ 2023-01-16 15:45 ` Greg Kroah-Hartman
2023-01-16 15:45 ` [PATCH 4.19 051/521] ocfs2: fix memory leak in ocfs2_stack_glue_init() Greg Kroah-Hartman
` (474 subsequent siblings)
524 siblings, 0 replies; 529+ messages in thread
From: Greg Kroah-Hartman @ 2023-01-16 15:45 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Alexey Dobriyan, Andrew Morton, Sasha Levin
From: Alexey Dobriyan <adobriyan@gmail.com>
[ Upstream commit 5cc81d5c81af0dee54da9a67a3ebe4be076a13db ]
syscall(3) returns -1 and sets errno on error, unlike "syscall"
instruction.
Systems which have <= 32/64 CPUs are unaffected. Test won't bounce
to all CPUs before completing if there are more of them.
Link: https://lkml.kernel.org/r/Y1bUiT7VRXlXPQa1@p183
Fixes: 1f5bd0547654 ("proc: selftests: test /proc/uptime")
Signed-off-by: Alexey Dobriyan <adobriyan@gmail.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
tools/testing/selftests/proc/proc-uptime-002.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/tools/testing/selftests/proc/proc-uptime-002.c b/tools/testing/selftests/proc/proc-uptime-002.c
index e7ceabed7f51..7d0aa22bdc12 100644
--- a/tools/testing/selftests/proc/proc-uptime-002.c
+++ b/tools/testing/selftests/proc/proc-uptime-002.c
@@ -17,6 +17,7 @@
// while shifting across CPUs.
#undef NDEBUG
#include <assert.h>
+#include <errno.h>
#include <unistd.h>
#include <sys/syscall.h>
#include <stdlib.h>
@@ -54,7 +55,7 @@ int main(void)
len += sizeof(unsigned long);
free(m);
m = malloc(len);
- } while (sys_sched_getaffinity(0, len, m) == -EINVAL);
+ } while (sys_sched_getaffinity(0, len, m) == -1 && errno == EINVAL);
fd = open("/proc/uptime", O_RDONLY);
assert(fd >= 0);
--
2.35.1
^ permalink raw reply related [flat|nested] 529+ messages in thread
* [PATCH 4.19 051/521] ocfs2: fix memory leak in ocfs2_stack_glue_init()
2023-01-16 15:44 [PATCH 4.19 000/521] 4.19.270-rc1 review Greg Kroah-Hartman
` (49 preceding siblings ...)
2023-01-16 15:45 ` [PATCH 4.19 050/521] proc: fixup uptime selftest Greg Kroah-Hartman
@ 2023-01-16 15:45 ` Greg Kroah-Hartman
2023-01-16 15:45 ` [PATCH 4.19 052/521] MIPS: vpe-mt: fix possible memory leak while module exiting Greg Kroah-Hartman
` (473 subsequent siblings)
524 siblings, 0 replies; 529+ messages in thread
From: Greg Kroah-Hartman @ 2023-01-16 15:45 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Shang XiaoJing, Joseph Qi,
Mark Fasheh, Joel Becker, Junxiao Bi, Changwei Ge, Gang He,
Jun Piao, Andrew Morton, Sasha Levin
From: Shang XiaoJing <shangxiaojing@huawei.com>
[ Upstream commit 13b6269dd022aaa69ca8d1df374ab327504121cf ]
ocfs2_table_header should be free in ocfs2_stack_glue_init() if
ocfs2_sysfs_init() failed, otherwise kmemleak will report memleak.
BUG: memory leak
unreferenced object 0xffff88810eeb5800 (size 128):
comm "modprobe", pid 4507, jiffies 4296182506 (age 55.888s)
hex dump (first 32 bytes):
c0 40 14 a0 ff ff ff ff 00 00 00 00 01 00 00 00 .@..............
01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
backtrace:
[<000000001e59e1cd>] __register_sysctl_table+0xca/0xef0
[<00000000c04f70f7>] 0xffffffffa0050037
[<000000001bd12912>] do_one_initcall+0xdb/0x480
[<0000000064f766c9>] do_init_module+0x1cf/0x680
[<000000002ba52db0>] load_module+0x6441/0x6f20
[<000000009772580d>] __do_sys_finit_module+0x12f/0x1c0
[<00000000380c1f22>] do_syscall_64+0x3f/0x90
[<000000004cf473bc>] entry_SYSCALL_64_after_hwframe+0x63/0xcd
Link: https://lkml.kernel.org/r/41651ca1-432a-db34-eb97-d35744559de1@linux.alibaba.com
Fixes: 3878f110f71a ("ocfs2: Move the hb_ctl_path sysctl into the stack glue.")
Signed-off-by: Shang XiaoJing <shangxiaojing@huawei.com>
Reviewed-by: Joseph Qi <joseph.qi@linux.alibaba.com>
Cc: Mark Fasheh <mark@fasheh.com>
Cc: Joel Becker <jlbec@evilplan.org>
Cc: Junxiao Bi <junxiao.bi@oracle.com>
Cc: Changwei Ge <gechangwei@live.cn>
Cc: Gang He <ghe@suse.com>
Cc: Jun Piao <piaojun@huawei.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
fs/ocfs2/stackglue.c | 8 +++++++-
1 file changed, 7 insertions(+), 1 deletion(-)
diff --git a/fs/ocfs2/stackglue.c b/fs/ocfs2/stackglue.c
index e7eb08ac4215..10d691530d83 100644
--- a/fs/ocfs2/stackglue.c
+++ b/fs/ocfs2/stackglue.c
@@ -715,6 +715,8 @@ static struct ctl_table_header *ocfs2_table_header;
static int __init ocfs2_stack_glue_init(void)
{
+ int ret;
+
strcpy(cluster_stack_name, OCFS2_STACK_PLUGIN_O2CB);
ocfs2_table_header = register_sysctl_table(ocfs2_root_table);
@@ -724,7 +726,11 @@ static int __init ocfs2_stack_glue_init(void)
return -ENOMEM; /* or something. */
}
- return ocfs2_sysfs_init();
+ ret = ocfs2_sysfs_init();
+ if (ret)
+ unregister_sysctl_table(ocfs2_table_header);
+
+ return ret;
}
static void __exit ocfs2_stack_glue_exit(void)
--
2.35.1
^ permalink raw reply related [flat|nested] 529+ messages in thread
* [PATCH 4.19 052/521] MIPS: vpe-mt: fix possible memory leak while module exiting
2023-01-16 15:44 [PATCH 4.19 000/521] 4.19.270-rc1 review Greg Kroah-Hartman
` (50 preceding siblings ...)
2023-01-16 15:45 ` [PATCH 4.19 051/521] ocfs2: fix memory leak in ocfs2_stack_glue_init() Greg Kroah-Hartman
@ 2023-01-16 15:45 ` Greg Kroah-Hartman
2023-01-16 15:45 ` [PATCH 4.19 053/521] MIPS: vpe-cmp: " Greg Kroah-Hartman
` (472 subsequent siblings)
524 siblings, 0 replies; 529+ messages in thread
From: Greg Kroah-Hartman @ 2023-01-16 15:45 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Yang Yingliang, Thomas Bogendoerfer,
Sasha Levin
From: Yang Yingliang <yangyingliang@huawei.com>
[ Upstream commit 5822e8cc84ee37338ab0bdc3124f6eec04dc232d ]
Afer commit 1fa5ae857bb1 ("driver core: get rid of struct device's
bus_id string array"), the name of device is allocated dynamically,
it need be freed when module exiting, call put_device() to give up
reference, so that it can be freed in kobject_cleanup() when the
refcount hit to 0. The vpe_device is static, so remove kfree() from
vpe_device_release().
Fixes: 1fa5ae857bb1 ("driver core: get rid of struct device's bus_id string array")
Signed-off-by: Yang Yingliang <yangyingliang@huawei.com>
Signed-off-by: Thomas Bogendoerfer <tsbogend@alpha.franken.de>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/mips/kernel/vpe-mt.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/arch/mips/kernel/vpe-mt.c b/arch/mips/kernel/vpe-mt.c
index 2e003b11a098..9fd7cd48ea1d 100644
--- a/arch/mips/kernel/vpe-mt.c
+++ b/arch/mips/kernel/vpe-mt.c
@@ -313,7 +313,6 @@ ATTRIBUTE_GROUPS(vpe);
static void vpe_device_release(struct device *cd)
{
- kfree(cd);
}
static struct class vpe_class = {
@@ -497,6 +496,7 @@ int __init vpe_module_init(void)
device_del(&vpe_device);
out_class:
+ put_device(&vpe_device);
class_unregister(&vpe_class);
out_chrdev:
@@ -509,7 +509,7 @@ void __exit vpe_module_exit(void)
{
struct vpe *v, *n;
- device_del(&vpe_device);
+ device_unregister(&vpe_device);
class_unregister(&vpe_class);
unregister_chrdev(major, VPE_MODULE_NAME);
--
2.35.1
^ permalink raw reply related [flat|nested] 529+ messages in thread
* [PATCH 4.19 053/521] MIPS: vpe-cmp: fix possible memory leak while module exiting
2023-01-16 15:44 [PATCH 4.19 000/521] 4.19.270-rc1 review Greg Kroah-Hartman
` (51 preceding siblings ...)
2023-01-16 15:45 ` [PATCH 4.19 052/521] MIPS: vpe-mt: fix possible memory leak while module exiting Greg Kroah-Hartman
@ 2023-01-16 15:45 ` Greg Kroah-Hartman
2023-01-16 15:45 ` [PATCH 4.19 054/521] PNP: fix name memory leak in pnp_alloc_dev() Greg Kroah-Hartman
` (471 subsequent siblings)
524 siblings, 0 replies; 529+ messages in thread
From: Greg Kroah-Hartman @ 2023-01-16 15:45 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Yang Yingliang, Thomas Bogendoerfer,
Sasha Levin
From: Yang Yingliang <yangyingliang@huawei.com>
[ Upstream commit c5ed1fe0801f0c66b0fbce2785239a5664629057 ]
dev_set_name() allocates memory for name, it need be freed
when module exiting, call put_device() to give up reference,
so that it can be freed in kobject_cleanup() when the refcount
hit to 0. The vpe_device is static, so remove kfree() from
vpe_device_release().
Fixes: 17a1d523aa58 ("MIPS: APRP: Add VPE loader support for CMP platforms.")
Signed-off-by: Yang Yingliang <yangyingliang@huawei.com>
Signed-off-by: Thomas Bogendoerfer <tsbogend@alpha.franken.de>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/mips/kernel/vpe-cmp.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/arch/mips/kernel/vpe-cmp.c b/arch/mips/kernel/vpe-cmp.c
index 9268ebc0f61e..903c07bdc92d 100644
--- a/arch/mips/kernel/vpe-cmp.c
+++ b/arch/mips/kernel/vpe-cmp.c
@@ -75,7 +75,6 @@ ATTRIBUTE_GROUPS(vpe);
static void vpe_device_release(struct device *cd)
{
- kfree(cd);
}
static struct class vpe_class = {
@@ -157,6 +156,7 @@ int __init vpe_module_init(void)
device_del(&vpe_device);
out_class:
+ put_device(&vpe_device);
class_unregister(&vpe_class);
out_chrdev:
@@ -169,7 +169,7 @@ void __exit vpe_module_exit(void)
{
struct vpe *v, *n;
- device_del(&vpe_device);
+ device_unregister(&vpe_device);
class_unregister(&vpe_class);
unregister_chrdev(major, VPE_MODULE_NAME);
--
2.35.1
^ permalink raw reply related [flat|nested] 529+ messages in thread
* [PATCH 4.19 054/521] PNP: fix name memory leak in pnp_alloc_dev()
2023-01-16 15:44 [PATCH 4.19 000/521] 4.19.270-rc1 review Greg Kroah-Hartman
` (52 preceding siblings ...)
2023-01-16 15:45 ` [PATCH 4.19 053/521] MIPS: vpe-cmp: " Greg Kroah-Hartman
@ 2023-01-16 15:45 ` Greg Kroah-Hartman
2023-01-16 15:45 ` [PATCH 4.19 055/521] perf/x86/intel/uncore: Fix reference count leak in hswep_has_limit_sbox() Greg Kroah-Hartman
` (470 subsequent siblings)
524 siblings, 0 replies; 529+ messages in thread
From: Greg Kroah-Hartman @ 2023-01-16 15:45 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Yang Yingliang, Hanjun Guo,
Rafael J. Wysocki, Sasha Levin
From: Yang Yingliang <yangyingliang@huawei.com>
[ Upstream commit 110d7b0325c55ff3620073ba4201845f59e22ebf ]
After commit 1fa5ae857bb1 ("driver core: get rid of struct device's
bus_id string array"), the name of device is allocated dynamically,
move dev_set_name() after pnp_add_id() to avoid memory leak.
Fixes: 1fa5ae857bb1 ("driver core: get rid of struct device's bus_id string array")
Signed-off-by: Yang Yingliang <yangyingliang@huawei.com>
Reviewed-by: Hanjun Guo <guohanjun@huawei.com>
Signed-off-by: Rafael J. Wysocki <rafael.j.wysocki@intel.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/pnp/core.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/drivers/pnp/core.c b/drivers/pnp/core.c
index 3bf18d718975..131b925b820d 100644
--- a/drivers/pnp/core.c
+++ b/drivers/pnp/core.c
@@ -160,14 +160,14 @@ struct pnp_dev *pnp_alloc_dev(struct pnp_protocol *protocol, int id,
dev->dev.coherent_dma_mask = dev->dma_mask;
dev->dev.release = &pnp_release_device;
- dev_set_name(&dev->dev, "%02x:%02x", dev->protocol->number, dev->number);
-
dev_id = pnp_add_id(dev, pnpid);
if (!dev_id) {
kfree(dev);
return NULL;
}
+ dev_set_name(&dev->dev, "%02x:%02x", dev->protocol->number, dev->number);
+
return dev;
}
--
2.35.1
^ permalink raw reply related [flat|nested] 529+ messages in thread
* [PATCH 4.19 055/521] perf/x86/intel/uncore: Fix reference count leak in hswep_has_limit_sbox()
2023-01-16 15:44 [PATCH 4.19 000/521] 4.19.270-rc1 review Greg Kroah-Hartman
` (53 preceding siblings ...)
2023-01-16 15:45 ` [PATCH 4.19 054/521] PNP: fix name memory leak in pnp_alloc_dev() Greg Kroah-Hartman
@ 2023-01-16 15:45 ` Greg Kroah-Hartman
2023-01-16 15:45 ` [PATCH 4.19 056/521] irqchip: gic-pm: Use pm_runtime_resume_and_get() in gic_probe() Greg Kroah-Hartman
` (469 subsequent siblings)
524 siblings, 0 replies; 529+ messages in thread
From: Greg Kroah-Hartman @ 2023-01-16 15:45 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Xiongfeng Wang,
Peter Zijlstra (Intel),
Kan Liang, Sasha Levin
From: Xiongfeng Wang <wangxiongfeng2@huawei.com>
[ Upstream commit 1ff9dd6e7071a561f803135c1d684b13c7a7d01d ]
pci_get_device() will increase the reference count for the returned
'dev'. We need to call pci_dev_put() to decrease the reference count.
Since 'dev' is only used in pci_read_config_dword(), let's add
pci_dev_put() right after it.
Fixes: 9d480158ee86 ("perf/x86/intel/uncore: Remove uncore extra PCI dev HSWEP_PCI_PCU_3")
Signed-off-by: Xiongfeng Wang <wangxiongfeng2@huawei.com>
Signed-off-by: Peter Zijlstra (Intel) <peterz@infradead.org>
Reviewed-by: Kan Liang <kan.liang@linux.intel.com>
Link: https://lore.kernel.org/r/20221118063137.121512-3-wangxiongfeng2@huawei.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/x86/events/intel/uncore_snbep.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/arch/x86/events/intel/uncore_snbep.c b/arch/x86/events/intel/uncore_snbep.c
index 2bf1170f7afd..34da6d27d839 100644
--- a/arch/x86/events/intel/uncore_snbep.c
+++ b/arch/x86/events/intel/uncore_snbep.c
@@ -2699,6 +2699,7 @@ static bool hswep_has_limit_sbox(unsigned int device)
return false;
pci_read_config_dword(dev, HSWEP_PCU_CAPID4_OFFET, &capid4);
+ pci_dev_put(dev);
if (!hswep_get_chop(capid4))
return true;
--
2.35.1
^ permalink raw reply related [flat|nested] 529+ messages in thread
* [PATCH 4.19 056/521] irqchip: gic-pm: Use pm_runtime_resume_and_get() in gic_probe()
2023-01-16 15:44 [PATCH 4.19 000/521] 4.19.270-rc1 review Greg Kroah-Hartman
` (54 preceding siblings ...)
2023-01-16 15:45 ` [PATCH 4.19 055/521] perf/x86/intel/uncore: Fix reference count leak in hswep_has_limit_sbox() Greg Kroah-Hartman
@ 2023-01-16 15:45 ` Greg Kroah-Hartman
2023-01-16 15:45 ` [PATCH 4.19 057/521] cpufreq: amd_freq_sensitivity: Add missing pci_dev_put() Greg Kroah-Hartman
` (468 subsequent siblings)
524 siblings, 0 replies; 529+ messages in thread
From: Greg Kroah-Hartman @ 2023-01-16 15:45 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Shang XiaoJing, Marc Zyngier, Sasha Levin
From: Shang XiaoJing <shangxiaojing@huawei.com>
[ Upstream commit f9ee20c85b3a3ba0afd3672630ec4f93d339f015 ]
gic_probe() calls pm_runtime_get_sync() and added fail path as
rpm_put to put usage_counter. However, pm_runtime_get_sync()
will increment usage_counter even it failed. Fix it by replacing it with
pm_runtime_resume_and_get() to keep usage counter balanced.
Fixes: 9c8edddfc992 ("irqchip/gic: Add platform driver for non-root GICs that require RPM")
Signed-off-by: Shang XiaoJing <shangxiaojing@huawei.com>
Signed-off-by: Marc Zyngier <maz@kernel.org>
Link: https://lore.kernel.org/r/20221124065150.22809-1-shangxiaojing@huawei.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/irqchip/irq-gic-pm.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/irqchip/irq-gic-pm.c b/drivers/irqchip/irq-gic-pm.c
index ecafd295c31c..21c5decfc55b 100644
--- a/drivers/irqchip/irq-gic-pm.c
+++ b/drivers/irqchip/irq-gic-pm.c
@@ -112,7 +112,7 @@ static int gic_probe(struct platform_device *pdev)
pm_runtime_enable(dev);
- ret = pm_runtime_get_sync(dev);
+ ret = pm_runtime_resume_and_get(dev);
if (ret < 0)
goto rpm_disable;
--
2.35.1
^ permalink raw reply related [flat|nested] 529+ messages in thread
* [PATCH 4.19 057/521] cpufreq: amd_freq_sensitivity: Add missing pci_dev_put()
2023-01-16 15:44 [PATCH 4.19 000/521] 4.19.270-rc1 review Greg Kroah-Hartman
` (55 preceding siblings ...)
2023-01-16 15:45 ` [PATCH 4.19 056/521] irqchip: gic-pm: Use pm_runtime_resume_and_get() in gic_probe() Greg Kroah-Hartman
@ 2023-01-16 15:45 ` Greg Kroah-Hartman
2023-01-16 15:45 ` [PATCH 4.19 058/521] libfs: add DEFINE_SIMPLE_ATTRIBUTE_SIGNED for signed value Greg Kroah-Hartman
` (467 subsequent siblings)
524 siblings, 0 replies; 529+ messages in thread
From: Greg Kroah-Hartman @ 2023-01-16 15:45 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Xiongfeng Wang, Rafael J. Wysocki,
Sasha Levin
From: Xiongfeng Wang <wangxiongfeng2@huawei.com>
[ Upstream commit 91fda1f88c0968f1491ab150bb01690525af150a ]
pci_get_device() will increase the reference count for the returned
pci_dev. We need to use pci_dev_put() to decrease the reference count
after using pci_get_device(). Let's add it.
Fixes: 59a3b3a8db16 ("cpufreq: AMD: Ignore the check for ProcFeedback in ST/CZ")
Signed-off-by: Xiongfeng Wang <wangxiongfeng2@huawei.com>
Signed-off-by: Rafael J. Wysocki <rafael.j.wysocki@intel.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/cpufreq/amd_freq_sensitivity.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/drivers/cpufreq/amd_freq_sensitivity.c b/drivers/cpufreq/amd_freq_sensitivity.c
index 4b4f128c3488..cacd4c67d9be 100644
--- a/drivers/cpufreq/amd_freq_sensitivity.c
+++ b/drivers/cpufreq/amd_freq_sensitivity.c
@@ -122,6 +122,8 @@ static int __init amd_freq_sensitivity_init(void)
if (!pcidev) {
if (!static_cpu_has(X86_FEATURE_PROC_FEEDBACK))
return -ENODEV;
+ } else {
+ pci_dev_put(pcidev);
}
if (rdmsrl_safe(MSR_AMD64_FREQ_SENSITIVITY_ACTUAL, &val))
--
2.35.1
^ permalink raw reply related [flat|nested] 529+ messages in thread
* [PATCH 4.19 058/521] libfs: add DEFINE_SIMPLE_ATTRIBUTE_SIGNED for signed value
2023-01-16 15:44 [PATCH 4.19 000/521] 4.19.270-rc1 review Greg Kroah-Hartman
` (56 preceding siblings ...)
2023-01-16 15:45 ` [PATCH 4.19 057/521] cpufreq: amd_freq_sensitivity: Add missing pci_dev_put() Greg Kroah-Hartman
@ 2023-01-16 15:45 ` Greg Kroah-Hartman
2023-01-16 15:45 ` [PATCH 4.19 059/521] lib/notifier-error-inject: fix error when writing -errno to debugfs file Greg Kroah-Hartman
` (466 subsequent siblings)
524 siblings, 0 replies; 529+ messages in thread
From: Greg Kroah-Hartman @ 2023-01-16 15:45 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Akinobu Mita, Zhao Gongyi,
David Hildenbrand, Alexander Viro, Jonathan Corbet,
Oscar Salvador, Rafael J. Wysocki, Shuah Khan, Wei Yongjun,
Yicong Yang, Andrew Morton, Sasha Levin
From: Akinobu Mita <akinobu.mita@gmail.com>
[ Upstream commit 2e41f274f9aa71cdcc69dc1f26a3f9304a651804 ]
Patch series "fix error when writing negative value to simple attribute
files".
The simple attribute files do not accept a negative value since the commit
488dac0c9237 ("libfs: fix error cast of negative value in
simple_attr_write()"), but some attribute files want to accept a negative
value.
This patch (of 3):
The simple attribute files do not accept a negative value since the commit
488dac0c9237 ("libfs: fix error cast of negative value in
simple_attr_write()"), so we have to use a 64-bit value to write a
negative value.
This adds DEFINE_SIMPLE_ATTRIBUTE_SIGNED for a signed value.
Link: https://lkml.kernel.org/r/20220919172418.45257-1-akinobu.mita@gmail.com
Link: https://lkml.kernel.org/r/20220919172418.45257-2-akinobu.mita@gmail.com
Fixes: 488dac0c9237 ("libfs: fix error cast of negative value in simple_attr_write()")
Signed-off-by: Akinobu Mita <akinobu.mita@gmail.com>
Reported-by: Zhao Gongyi <zhaogongyi@huawei.com>
Reviewed-by: David Hildenbrand <david@redhat.com>
Reviewed-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Cc: Alexander Viro <viro@zeniv.linux.org.uk>
Cc: Jonathan Corbet <corbet@lwn.net>
Cc: Oscar Salvador <osalvador@suse.de>
Cc: Rafael J. Wysocki <rafael@kernel.org>
Cc: Shuah Khan <shuah@kernel.org>
Cc: Wei Yongjun <weiyongjun1@huawei.com>
Cc: Yicong Yang <yangyicong@hisilicon.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
fs/libfs.c | 22 +++++++++++++++++++---
include/linux/fs.h | 12 ++++++++++--
2 files changed, 29 insertions(+), 5 deletions(-)
diff --git a/fs/libfs.c b/fs/libfs.c
index be57e64834e5..fd5f6c106059 100644
--- a/fs/libfs.c
+++ b/fs/libfs.c
@@ -864,8 +864,8 @@ ssize_t simple_attr_read(struct file *file, char __user *buf,
EXPORT_SYMBOL_GPL(simple_attr_read);
/* interpret the buffer as a number to call the set function with */
-ssize_t simple_attr_write(struct file *file, const char __user *buf,
- size_t len, loff_t *ppos)
+static ssize_t simple_attr_write_xsigned(struct file *file, const char __user *buf,
+ size_t len, loff_t *ppos, bool is_signed)
{
struct simple_attr *attr;
unsigned long long val;
@@ -886,7 +886,10 @@ ssize_t simple_attr_write(struct file *file, const char __user *buf,
goto out;
attr->set_buf[size] = '\0';
- ret = kstrtoull(attr->set_buf, 0, &val);
+ if (is_signed)
+ ret = kstrtoll(attr->set_buf, 0, &val);
+ else
+ ret = kstrtoull(attr->set_buf, 0, &val);
if (ret)
goto out;
ret = attr->set(attr->data, val);
@@ -896,8 +899,21 @@ ssize_t simple_attr_write(struct file *file, const char __user *buf,
mutex_unlock(&attr->mutex);
return ret;
}
+
+ssize_t simple_attr_write(struct file *file, const char __user *buf,
+ size_t len, loff_t *ppos)
+{
+ return simple_attr_write_xsigned(file, buf, len, ppos, false);
+}
EXPORT_SYMBOL_GPL(simple_attr_write);
+ssize_t simple_attr_write_signed(struct file *file, const char __user *buf,
+ size_t len, loff_t *ppos)
+{
+ return simple_attr_write_xsigned(file, buf, len, ppos, true);
+}
+EXPORT_SYMBOL_GPL(simple_attr_write_signed);
+
/**
* generic_fh_to_dentry - generic helper for the fh_to_dentry export operation
* @sb: filesystem to do the file handle conversion on
diff --git a/include/linux/fs.h b/include/linux/fs.h
index 86f884e78b6b..95b8ef09b76c 100644
--- a/include/linux/fs.h
+++ b/include/linux/fs.h
@@ -3353,7 +3353,7 @@ void simple_transaction_set(struct file *file, size_t n);
* All attributes contain a text representation of a numeric value
* that are accessed with the get() and set() functions.
*/
-#define DEFINE_SIMPLE_ATTRIBUTE(__fops, __get, __set, __fmt) \
+#define DEFINE_SIMPLE_ATTRIBUTE_XSIGNED(__fops, __get, __set, __fmt, __is_signed) \
static int __fops ## _open(struct inode *inode, struct file *file) \
{ \
__simple_attr_check_format(__fmt, 0ull); \
@@ -3364,10 +3364,16 @@ static const struct file_operations __fops = { \
.open = __fops ## _open, \
.release = simple_attr_release, \
.read = simple_attr_read, \
- .write = simple_attr_write, \
+ .write = (__is_signed) ? simple_attr_write_signed : simple_attr_write, \
.llseek = generic_file_llseek, \
}
+#define DEFINE_SIMPLE_ATTRIBUTE(__fops, __get, __set, __fmt) \
+ DEFINE_SIMPLE_ATTRIBUTE_XSIGNED(__fops, __get, __set, __fmt, false)
+
+#define DEFINE_SIMPLE_ATTRIBUTE_SIGNED(__fops, __get, __set, __fmt) \
+ DEFINE_SIMPLE_ATTRIBUTE_XSIGNED(__fops, __get, __set, __fmt, true)
+
static inline __printf(1, 2)
void __simple_attr_check_format(const char *fmt, ...)
{
@@ -3382,6 +3388,8 @@ ssize_t simple_attr_read(struct file *file, char __user *buf,
size_t len, loff_t *ppos);
ssize_t simple_attr_write(struct file *file, const char __user *buf,
size_t len, loff_t *ppos);
+ssize_t simple_attr_write_signed(struct file *file, const char __user *buf,
+ size_t len, loff_t *ppos);
struct ctl_table;
int proc_nr_files(struct ctl_table *table, int write,
--
2.35.1
^ permalink raw reply related [flat|nested] 529+ messages in thread
* [PATCH 4.19 059/521] lib/notifier-error-inject: fix error when writing -errno to debugfs file
2023-01-16 15:44 [PATCH 4.19 000/521] 4.19.270-rc1 review Greg Kroah-Hartman
` (57 preceding siblings ...)
2023-01-16 15:45 ` [PATCH 4.19 058/521] libfs: add DEFINE_SIMPLE_ATTRIBUTE_SIGNED for signed value Greg Kroah-Hartman
@ 2023-01-16 15:45 ` Greg Kroah-Hartman
2023-01-16 15:45 ` [PATCH 4.19 060/521] debugfs: fix error when writing negative value to atomic_t " Greg Kroah-Hartman
` (465 subsequent siblings)
524 siblings, 0 replies; 529+ messages in thread
From: Greg Kroah-Hartman @ 2023-01-16 15:45 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Akinobu Mita, Zhao Gongyi,
David Hildenbrand, Alexander Viro, Jonathan Corbet,
Oscar Salvador, Rafael J. Wysocki, Shuah Khan, Wei Yongjun,
Yicong Yang, Andrew Morton, Sasha Levin
From: Akinobu Mita <akinobu.mita@gmail.com>
[ Upstream commit f883c3edd2c432a2931ec8773c70a570115a50fe ]
The simple attribute files do not accept a negative value since the commit
488dac0c9237 ("libfs: fix error cast of negative value in
simple_attr_write()").
This restores the previous behaviour by using newly introduced
DEFINE_SIMPLE_ATTRIBUTE_SIGNED instead of DEFINE_SIMPLE_ATTRIBUTE.
Link: https://lkml.kernel.org/r/20220919172418.45257-3-akinobu.mita@gmail.com
Fixes: 488dac0c9237 ("libfs: fix error cast of negative value in simple_attr_write()")
Signed-off-by: Akinobu Mita <akinobu.mita@gmail.com>
Reported-by: Zhao Gongyi <zhaogongyi@huawei.com>
Reviewed-by: David Hildenbrand <david@redhat.com>
Reviewed-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Cc: Alexander Viro <viro@zeniv.linux.org.uk>
Cc: Jonathan Corbet <corbet@lwn.net>
Cc: Oscar Salvador <osalvador@suse.de>
Cc: Rafael J. Wysocki <rafael@kernel.org>
Cc: Shuah Khan <shuah@kernel.org>
Cc: Wei Yongjun <weiyongjun1@huawei.com>
Cc: Yicong Yang <yangyicong@hisilicon.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
lib/notifier-error-inject.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/lib/notifier-error-inject.c b/lib/notifier-error-inject.c
index eb4a04afea80..125ea8ce23a4 100644
--- a/lib/notifier-error-inject.c
+++ b/lib/notifier-error-inject.c
@@ -14,7 +14,7 @@ static int debugfs_errno_get(void *data, u64 *val)
return 0;
}
-DEFINE_SIMPLE_ATTRIBUTE(fops_errno, debugfs_errno_get, debugfs_errno_set,
+DEFINE_SIMPLE_ATTRIBUTE_SIGNED(fops_errno, debugfs_errno_get, debugfs_errno_set,
"%lld\n");
static struct dentry *debugfs_create_errno(const char *name, umode_t mode,
--
2.35.1
^ permalink raw reply related [flat|nested] 529+ messages in thread
* [PATCH 4.19 060/521] debugfs: fix error when writing negative value to atomic_t debugfs file
2023-01-16 15:44 [PATCH 4.19 000/521] 4.19.270-rc1 review Greg Kroah-Hartman
` (58 preceding siblings ...)
2023-01-16 15:45 ` [PATCH 4.19 059/521] lib/notifier-error-inject: fix error when writing -errno to debugfs file Greg Kroah-Hartman
@ 2023-01-16 15:45 ` Greg Kroah-Hartman
2023-01-16 15:45 ` [PATCH 4.19 061/521] rapidio: fix possible name leaks when rio_add_device() fails Greg Kroah-Hartman
` (464 subsequent siblings)
524 siblings, 0 replies; 529+ messages in thread
From: Greg Kroah-Hartman @ 2023-01-16 15:45 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Akinobu Mita, Zhao Gongyi,
David Hildenbrand, Alexander Viro, Jonathan Corbet,
Oscar Salvador, Rafael J. Wysocki, Shuah Khan, Wei Yongjun,
Yicong Yang, Andrew Morton, Sasha Levin
From: Akinobu Mita <akinobu.mita@gmail.com>
[ Upstream commit d472cf797c4e268613dbce5ec9b95d0bcae19ecb ]
The simple attribute files do not accept a negative value since the commit
488dac0c9237 ("libfs: fix error cast of negative value in
simple_attr_write()"), so we have to use a 64-bit value to write a
negative value for a debugfs file created by debugfs_create_atomic_t().
This restores the previous behaviour by introducing
DEFINE_DEBUGFS_ATTRIBUTE_SIGNED for a signed value.
Link: https://lkml.kernel.org/r/20220919172418.45257-4-akinobu.mita@gmail.com
Fixes: 488dac0c9237 ("libfs: fix error cast of negative value in simple_attr_write()")
Signed-off-by: Akinobu Mita <akinobu.mita@gmail.com>
Reported-by: Zhao Gongyi <zhaogongyi@huawei.com>
Reviewed-by: David Hildenbrand <david@redhat.com>
Reviewed-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Cc: Alexander Viro <viro@zeniv.linux.org.uk>
Cc: Jonathan Corbet <corbet@lwn.net>
Cc: Oscar Salvador <osalvador@suse.de>
Cc: Rafael J. Wysocki <rafael@kernel.org>
Cc: Shuah Khan <shuah@kernel.org>
Cc: Wei Yongjun <weiyongjun1@huawei.com>
Cc: Yicong Yang <yangyicong@hisilicon.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
.../fault-injection/fault-injection.txt | 4 +--
fs/debugfs/file.c | 28 +++++++++++++++----
include/linux/debugfs.h | 19 +++++++++++--
3 files changed, 41 insertions(+), 10 deletions(-)
diff --git a/Documentation/fault-injection/fault-injection.txt b/Documentation/fault-injection/fault-injection.txt
index 4d1b7b4ccfaf..b2b86147bafe 100644
--- a/Documentation/fault-injection/fault-injection.txt
+++ b/Documentation/fault-injection/fault-injection.txt
@@ -71,8 +71,8 @@ configuration of fault-injection capabilities.
- /sys/kernel/debug/fail*/times:
- specifies how many times failures may happen at most.
- A value of -1 means "no limit".
+ specifies how many times failures may happen at most. A value of -1
+ means "no limit".
- /sys/kernel/debug/fail*/space:
diff --git a/fs/debugfs/file.c b/fs/debugfs/file.c
index 4fce1da7db23..a57d080d2ba5 100644
--- a/fs/debugfs/file.c
+++ b/fs/debugfs/file.c
@@ -330,8 +330,8 @@ ssize_t debugfs_attr_read(struct file *file, char __user *buf,
}
EXPORT_SYMBOL_GPL(debugfs_attr_read);
-ssize_t debugfs_attr_write(struct file *file, const char __user *buf,
- size_t len, loff_t *ppos)
+static ssize_t debugfs_attr_write_xsigned(struct file *file, const char __user *buf,
+ size_t len, loff_t *ppos, bool is_signed)
{
struct dentry *dentry = F_DENTRY(file);
ssize_t ret;
@@ -339,12 +339,28 @@ ssize_t debugfs_attr_write(struct file *file, const char __user *buf,
ret = debugfs_file_get(dentry);
if (unlikely(ret))
return ret;
- ret = simple_attr_write(file, buf, len, ppos);
+ if (is_signed)
+ ret = simple_attr_write_signed(file, buf, len, ppos);
+ else
+ ret = simple_attr_write(file, buf, len, ppos);
debugfs_file_put(dentry);
return ret;
}
+
+ssize_t debugfs_attr_write(struct file *file, const char __user *buf,
+ size_t len, loff_t *ppos)
+{
+ return debugfs_attr_write_xsigned(file, buf, len, ppos, false);
+}
EXPORT_SYMBOL_GPL(debugfs_attr_write);
+ssize_t debugfs_attr_write_signed(struct file *file, const char __user *buf,
+ size_t len, loff_t *ppos)
+{
+ return debugfs_attr_write_xsigned(file, buf, len, ppos, true);
+}
+EXPORT_SYMBOL_GPL(debugfs_attr_write_signed);
+
static struct dentry *debugfs_create_mode_unsafe(const char *name, umode_t mode,
struct dentry *parent, void *value,
const struct file_operations *fops,
@@ -742,11 +758,11 @@ static int debugfs_atomic_t_get(void *data, u64 *val)
*val = atomic_read((atomic_t *)data);
return 0;
}
-DEFINE_DEBUGFS_ATTRIBUTE(fops_atomic_t, debugfs_atomic_t_get,
+DEFINE_DEBUGFS_ATTRIBUTE_SIGNED(fops_atomic_t, debugfs_atomic_t_get,
debugfs_atomic_t_set, "%lld\n");
-DEFINE_DEBUGFS_ATTRIBUTE(fops_atomic_t_ro, debugfs_atomic_t_get, NULL,
+DEFINE_DEBUGFS_ATTRIBUTE_SIGNED(fops_atomic_t_ro, debugfs_atomic_t_get, NULL,
"%lld\n");
-DEFINE_DEBUGFS_ATTRIBUTE(fops_atomic_t_wo, NULL, debugfs_atomic_t_set,
+DEFINE_DEBUGFS_ATTRIBUTE_SIGNED(fops_atomic_t_wo, NULL, debugfs_atomic_t_set,
"%lld\n");
/**
diff --git a/include/linux/debugfs.h b/include/linux/debugfs.h
index 2a4638bb4033..6ebc269e48ac 100644
--- a/include/linux/debugfs.h
+++ b/include/linux/debugfs.h
@@ -39,7 +39,7 @@ struct debugfs_regset32 {
extern struct dentry *arch_debugfs_dir;
-#define DEFINE_DEBUGFS_ATTRIBUTE(__fops, __get, __set, __fmt) \
+#define DEFINE_DEBUGFS_ATTRIBUTE_XSIGNED(__fops, __get, __set, __fmt, __is_signed) \
static int __fops ## _open(struct inode *inode, struct file *file) \
{ \
__simple_attr_check_format(__fmt, 0ull); \
@@ -50,10 +50,16 @@ static const struct file_operations __fops = { \
.open = __fops ## _open, \
.release = simple_attr_release, \
.read = debugfs_attr_read, \
- .write = debugfs_attr_write, \
+ .write = (__is_signed) ? debugfs_attr_write_signed : debugfs_attr_write, \
.llseek = no_llseek, \
}
+#define DEFINE_DEBUGFS_ATTRIBUTE(__fops, __get, __set, __fmt) \
+ DEFINE_DEBUGFS_ATTRIBUTE_XSIGNED(__fops, __get, __set, __fmt, false)
+
+#define DEFINE_DEBUGFS_ATTRIBUTE_SIGNED(__fops, __get, __set, __fmt) \
+ DEFINE_DEBUGFS_ATTRIBUTE_XSIGNED(__fops, __get, __set, __fmt, true)
+
typedef struct vfsmount *(*debugfs_automount_t)(struct dentry *, void *);
#if defined(CONFIG_DEBUG_FS)
@@ -96,6 +102,8 @@ ssize_t debugfs_attr_read(struct file *file, char __user *buf,
size_t len, loff_t *ppos);
ssize_t debugfs_attr_write(struct file *file, const char __user *buf,
size_t len, loff_t *ppos);
+ssize_t debugfs_attr_write_signed(struct file *file, const char __user *buf,
+ size_t len, loff_t *ppos);
struct dentry *debugfs_rename(struct dentry *old_dir, struct dentry *old_dentry,
struct dentry *new_dir, const char *new_name);
@@ -246,6 +254,13 @@ static inline ssize_t debugfs_attr_write(struct file *file,
return -ENODEV;
}
+static inline ssize_t debugfs_attr_write_signed(struct file *file,
+ const char __user *buf,
+ size_t len, loff_t *ppos)
+{
+ return -ENODEV;
+}
+
static inline struct dentry *debugfs_rename(struct dentry *old_dir, struct dentry *old_dentry,
struct dentry *new_dir, char *new_name)
{
--
2.35.1
^ permalink raw reply related [flat|nested] 529+ messages in thread
* [PATCH 4.19 061/521] rapidio: fix possible name leaks when rio_add_device() fails
2023-01-16 15:44 [PATCH 4.19 000/521] 4.19.270-rc1 review Greg Kroah-Hartman
` (59 preceding siblings ...)
2023-01-16 15:45 ` [PATCH 4.19 060/521] debugfs: fix error when writing negative value to atomic_t " Greg Kroah-Hartman
@ 2023-01-16 15:45 ` Greg Kroah-Hartman
2023-01-16 15:45 ` [PATCH 4.19 062/521] rapidio: rio: fix possible name leak in rio_register_mport() Greg Kroah-Hartman
` (463 subsequent siblings)
524 siblings, 0 replies; 529+ messages in thread
From: Greg Kroah-Hartman @ 2023-01-16 15:45 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Yang Yingliang, Alexandre Bounine,
Matt Porter, Andrew Morton, Sasha Levin
From: Yang Yingliang <yangyingliang@huawei.com>
[ Upstream commit f9574cd48679926e2a569e1957a5a1bcc8a719ac ]
Patch series "rapidio: fix three possible memory leaks".
This patchset fixes three name leaks in error handling.
- patch #1 fixes two name leaks while rio_add_device() fails.
- patch #2 fixes a name leak while rio_register_mport() fails.
This patch (of 2):
If rio_add_device() returns error, the name allocated by dev_set_name()
need be freed. It should use put_device() to give up the reference in the
error path, so that the name can be freed in kobject_cleanup(), and the
'rdev' can be freed in rio_release_dev().
Link: https://lkml.kernel.org/r/20221114152636.2939035-1-yangyingliang@huawei.com
Link: https://lkml.kernel.org/r/20221114152636.2939035-2-yangyingliang@huawei.com
Fixes: e8de370188d0 ("rapidio: add mport char device driver")
Fixes: 1fa5ae857bb1 ("driver core: get rid of struct device's bus_id string array")
Signed-off-by: Yang Yingliang <yangyingliang@huawei.com>
Cc: Alexandre Bounine <alex.bou9@gmail.com>
Cc: Matt Porter <mporter@kernel.crashing.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/rapidio/devices/rio_mport_cdev.c | 7 +++++--
drivers/rapidio/rio-scan.c | 8 ++++++--
2 files changed, 11 insertions(+), 4 deletions(-)
diff --git a/drivers/rapidio/devices/rio_mport_cdev.c b/drivers/rapidio/devices/rio_mport_cdev.c
index a136a7ae7714..01eb1a594ce6 100644
--- a/drivers/rapidio/devices/rio_mport_cdev.c
+++ b/drivers/rapidio/devices/rio_mport_cdev.c
@@ -1809,8 +1809,11 @@ static int rio_mport_add_riodev(struct mport_cdev_priv *priv,
rio_init_dbell_res(&rdev->riores[RIO_DOORBELL_RESOURCE],
0, 0xffff);
err = rio_add_device(rdev);
- if (err)
- goto cleanup;
+ if (err) {
+ put_device(&rdev->dev);
+ return err;
+ }
+
rio_dev_get(rdev);
return 0;
diff --git a/drivers/rapidio/rio-scan.c b/drivers/rapidio/rio-scan.c
index fd7b517132ac..d2ddc173c5bd 100644
--- a/drivers/rapidio/rio-scan.c
+++ b/drivers/rapidio/rio-scan.c
@@ -460,8 +460,12 @@ static struct rio_dev *rio_setup_device(struct rio_net *net,
0, 0xffff);
ret = rio_add_device(rdev);
- if (ret)
- goto cleanup;
+ if (ret) {
+ if (rswitch)
+ kfree(rswitch->route_table);
+ put_device(&rdev->dev);
+ return NULL;
+ }
rio_dev_get(rdev);
--
2.35.1
^ permalink raw reply related [flat|nested] 529+ messages in thread
* [PATCH 4.19 062/521] rapidio: rio: fix possible name leak in rio_register_mport()
2023-01-16 15:44 [PATCH 4.19 000/521] 4.19.270-rc1 review Greg Kroah-Hartman
` (60 preceding siblings ...)
2023-01-16 15:45 ` [PATCH 4.19 061/521] rapidio: fix possible name leaks when rio_add_device() fails Greg Kroah-Hartman
@ 2023-01-16 15:45 ` Greg Kroah-Hartman
2023-01-16 15:45 ` [PATCH 4.19 063/521] clocksource/drivers/sh_cmt: Make sure channel clock supply is enabled Greg Kroah-Hartman
` (462 subsequent siblings)
524 siblings, 0 replies; 529+ messages in thread
From: Greg Kroah-Hartman @ 2023-01-16 15:45 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Yang Yingliang, Alexandre Bounine,
Matt Porter, Andrew Morton, Sasha Levin
From: Yang Yingliang <yangyingliang@huawei.com>
[ Upstream commit e92a216d16bde65d21a3227e0fb2aa0794576525 ]
If device_register() returns error, the name allocated by dev_set_name()
need be freed. It should use put_device() to give up the reference in the
error path, so that the name can be freed in kobject_cleanup(), and
list_del() is called to delete the port from rio_mports.
Link: https://lkml.kernel.org/r/20221114152636.2939035-3-yangyingliang@huawei.com
Fixes: 2aaf308b95b2 ("rapidio: rework device hierarchy and introduce mport class of devices")
Signed-off-by: Yang Yingliang <yangyingliang@huawei.com>
Cc: Alexandre Bounine <alex.bou9@gmail.com>
Cc: Matt Porter <mporter@kernel.crashing.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/rapidio/rio.c | 9 +++++++--
1 file changed, 7 insertions(+), 2 deletions(-)
diff --git a/drivers/rapidio/rio.c b/drivers/rapidio/rio.c
index 83406696c7aa..4304142d8700 100644
--- a/drivers/rapidio/rio.c
+++ b/drivers/rapidio/rio.c
@@ -2271,11 +2271,16 @@ int rio_register_mport(struct rio_mport *port)
atomic_set(&port->state, RIO_DEVICE_RUNNING);
res = device_register(&port->dev);
- if (res)
+ if (res) {
dev_err(&port->dev, "RIO: mport%d registration failed ERR=%d\n",
port->id, res);
- else
+ mutex_lock(&rio_mport_list_lock);
+ list_del(&port->node);
+ mutex_unlock(&rio_mport_list_lock);
+ put_device(&port->dev);
+ } else {
dev_dbg(&port->dev, "RIO: registered mport%d\n", port->id);
+ }
return res;
}
--
2.35.1
^ permalink raw reply related [flat|nested] 529+ messages in thread
* [PATCH 4.19 063/521] clocksource/drivers/sh_cmt: Make sure channel clock supply is enabled
2023-01-16 15:44 [PATCH 4.19 000/521] 4.19.270-rc1 review Greg Kroah-Hartman
` (61 preceding siblings ...)
2023-01-16 15:45 ` [PATCH 4.19 062/521] rapidio: rio: fix possible name leak in rio_register_mport() Greg Kroah-Hartman
@ 2023-01-16 15:45 ` Greg Kroah-Hartman
2023-01-16 15:45 ` [PATCH 4.19 064/521] ACPICA: Fix use-after-free in acpi_ut_copy_ipackage_to_ipackage() Greg Kroah-Hartman
` (461 subsequent siblings)
524 siblings, 0 replies; 529+ messages in thread
From: Greg Kroah-Hartman @ 2023-01-16 15:45 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Geert Uytterhoeven,
Niklas Söderlund, Daniel Lezcano, Sasha Levin
From: Geert Uytterhoeven <geert+renesas@glider.be>
[ Upstream commit 2a97d55333e4299f32c98cca6dc5c4db1c5855fc ]
The Renesas Compare Match Timer 0 and 1 (CMT0/1) variants have a
register to control the clock supply to the individual channels.
Currently the driver does not touch this register, and relies on the
documented initial value, which has the clock supply enabled for all
channels present.
However, when Linux starts on the APE6-EVM development board, only the
clock supply to the first CMT1 channel is enabled. Hence the first
channel (used as a clockevent) works, while the second channel (used as
a clocksource) does not. Note that the default system clocksource is
the Cortex-A15 architectured timer, and the user needs to manually
switch to the CMT1 clocksource to trigger the broken behavior.
Fix this by removing the fragile dependency on implicit reset and/or
boot loader state, and by enabling the clock supply explicitly for all
channels used instead. This requires postponing the clk_disable() call,
else the timer's registers cannot be accessed in sh_cmt_setup_channel().
Signed-off-by: Geert Uytterhoeven <geert+renesas@glider.be>
Reviewed-by: Niklas Söderlund <niklas.soderlund+renesas@ragnatech.se>
Signed-off-by: Daniel Lezcano <daniel.lezcano@linaro.org>
Link: https://lore.kernel.org/r/20201210194648.2901899-1-geert+renesas@glider.be
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/clocksource/sh_cmt.c | 16 +++++++++++++---
1 file changed, 13 insertions(+), 3 deletions(-)
diff --git a/drivers/clocksource/sh_cmt.c b/drivers/clocksource/sh_cmt.c
index 7a6d4c4c0feb..0ca8819acc4d 100644
--- a/drivers/clocksource/sh_cmt.c
+++ b/drivers/clocksource/sh_cmt.c
@@ -239,6 +239,8 @@ static const struct sh_cmt_info sh_cmt_info[] = {
#define CMCNT 1 /* channel register */
#define CMCOR 2 /* channel register */
+#define CMCLKE 0x1000 /* CLK Enable Register (R-Car Gen2) */
+
static inline u32 sh_cmt_read_cmstr(struct sh_cmt_channel *ch)
{
if (ch->iostart)
@@ -856,6 +858,7 @@ static int sh_cmt_setup_channel(struct sh_cmt_channel *ch, unsigned int index,
unsigned int hwidx, bool clockevent,
bool clocksource, struct sh_cmt_device *cmt)
{
+ u32 value;
int ret;
/* Skip unused channels. */
@@ -885,6 +888,11 @@ static int sh_cmt_setup_channel(struct sh_cmt_channel *ch, unsigned int index,
ch->iostart = cmt->mapbase + ch->hwidx * 0x100;
ch->ioctrl = ch->iostart + 0x10;
ch->timer_bit = 0;
+
+ /* Enable the clock supply to the channel */
+ value = ioread32(cmt->mapbase + CMCLKE);
+ value |= BIT(hwidx);
+ iowrite32(value, cmt->mapbase + CMCLKE);
break;
}
@@ -991,12 +999,10 @@ static int sh_cmt_setup(struct sh_cmt_device *cmt, struct platform_device *pdev)
else
cmt->rate = clk_get_rate(cmt->clk) / 8;
- clk_disable(cmt->clk);
-
/* Map the memory resource(s). */
ret = sh_cmt_map_memory(cmt);
if (ret < 0)
- goto err_clk_unprepare;
+ goto err_clk_disable;
/* Allocate and setup the channels. */
cmt->num_channels = hweight8(cmt->hw_channels);
@@ -1024,6 +1030,8 @@ static int sh_cmt_setup(struct sh_cmt_device *cmt, struct platform_device *pdev)
mask &= ~(1 << hwidx);
}
+ clk_disable(cmt->clk);
+
platform_set_drvdata(pdev, cmt);
return 0;
@@ -1031,6 +1039,8 @@ static int sh_cmt_setup(struct sh_cmt_device *cmt, struct platform_device *pdev)
err_unmap:
kfree(cmt->channels);
iounmap(cmt->mapbase);
+err_clk_disable:
+ clk_disable(cmt->clk);
err_clk_unprepare:
clk_unprepare(cmt->clk);
err_clk_put:
--
2.35.1
^ permalink raw reply related [flat|nested] 529+ messages in thread
* [PATCH 4.19 064/521] ACPICA: Fix use-after-free in acpi_ut_copy_ipackage_to_ipackage()
2023-01-16 15:44 [PATCH 4.19 000/521] 4.19.270-rc1 review Greg Kroah-Hartman
` (62 preceding siblings ...)
2023-01-16 15:45 ` [PATCH 4.19 063/521] clocksource/drivers/sh_cmt: Make sure channel clock supply is enabled Greg Kroah-Hartman
@ 2023-01-16 15:45 ` Greg Kroah-Hartman
2023-01-16 15:45 ` [PATCH 4.19 065/521] uprobes/x86: Allow to probe a NOP instruction with 0x66 prefix Greg Kroah-Hartman
` (460 subsequent siblings)
524 siblings, 0 replies; 529+ messages in thread
From: Greg Kroah-Hartman @ 2023-01-16 15:45 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Li Zetao, Rafael J. Wysocki, Sasha Levin
From: Li Zetao <lizetao1@huawei.com>
[ Upstream commit 470188b09e92d83c5a997f25f0e8fb8cd2bc3469 ]
There is an use-after-free reported by KASAN:
BUG: KASAN: use-after-free in acpi_ut_remove_reference+0x3b/0x82
Read of size 1 at addr ffff888112afc460 by task modprobe/2111
CPU: 0 PID: 2111 Comm: modprobe Not tainted 6.1.0-rc7-dirty
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996),
Call Trace:
<TASK>
kasan_report+0xae/0xe0
acpi_ut_remove_reference+0x3b/0x82
acpi_ut_copy_iobject_to_iobject+0x3be/0x3d5
acpi_ds_store_object_to_local+0x15d/0x3a0
acpi_ex_store+0x78d/0x7fd
acpi_ex_opcode_1A_1T_1R+0xbe4/0xf9b
acpi_ps_parse_aml+0x217/0x8d5
...
</TASK>
The root cause of the problem is that the acpi_operand_object
is freed when acpi_ut_walk_package_tree() fails in
acpi_ut_copy_ipackage_to_ipackage(), lead to repeated release in
acpi_ut_copy_iobject_to_iobject(). The problem was introduced
by "8aa5e56eeb61" commit, this commit is to fix memory leak in
acpi_ut_copy_iobject_to_iobject(), repeatedly adding remove
operation, lead to "acpi_operand_object" used after free.
Fix it by removing acpi_ut_remove_reference() in
acpi_ut_copy_ipackage_to_ipackage(). acpi_ut_copy_ipackage_to_ipackage()
is called to copy an internal package object into another internal
package object, when it fails, the memory of acpi_operand_object
should be freed by the caller.
Fixes: 8aa5e56eeb61 ("ACPICA: Utilities: Fix memory leak in acpi_ut_copy_iobject_to_iobject")
Signed-off-by: Li Zetao <lizetao1@huawei.com>
Signed-off-by: Rafael J. Wysocki <rafael.j.wysocki@intel.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/acpi/acpica/utcopy.c | 7 -------
1 file changed, 7 deletions(-)
diff --git a/drivers/acpi/acpica/utcopy.c b/drivers/acpi/acpica/utcopy.c
index a872ed7879ca..056c1741c1e3 100644
--- a/drivers/acpi/acpica/utcopy.c
+++ b/drivers/acpi/acpica/utcopy.c
@@ -916,13 +916,6 @@ acpi_ut_copy_ipackage_to_ipackage(union acpi_operand_object *source_obj,
status = acpi_ut_walk_package_tree(source_obj, dest_obj,
acpi_ut_copy_ielement_to_ielement,
walk_state);
- if (ACPI_FAILURE(status)) {
-
- /* On failure, delete the destination package object */
-
- acpi_ut_remove_reference(dest_obj);
- }
-
return_ACPI_STATUS(status);
}
--
2.35.1
^ permalink raw reply related [flat|nested] 529+ messages in thread
* [PATCH 4.19 065/521] uprobes/x86: Allow to probe a NOP instruction with 0x66 prefix
2023-01-16 15:44 [PATCH 4.19 000/521] 4.19.270-rc1 review Greg Kroah-Hartman
` (63 preceding siblings ...)
2023-01-16 15:45 ` [PATCH 4.19 064/521] ACPICA: Fix use-after-free in acpi_ut_copy_ipackage_to_ipackage() Greg Kroah-Hartman
@ 2023-01-16 15:45 ` Greg Kroah-Hartman
2023-01-16 15:45 ` [PATCH 4.19 066/521] xen/events: only register debug interrupt for 2-level events Greg Kroah-Hartman
` (459 subsequent siblings)
524 siblings, 0 replies; 529+ messages in thread
From: Greg Kroah-Hartman @ 2023-01-16 15:45 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Seiji Nishikawa, Denys Vlasenko,
Oleg Nesterov, Thomas Gleixner, Masami Hiramatsu (Google),
Sasha Levin
From: Oleg Nesterov <oleg@redhat.com>
[ Upstream commit cefa72129e45313655d53a065b8055aaeb01a0c9 ]
Intel ICC -hotpatch inserts 2-byte "0x66 0x90" NOP at the start of each
function to reserve extra space for hot-patching, and currently it is not
possible to probe these functions because branch_setup_xol_ops() wrongly
rejects NOP with REP prefix as it treats them like word-sized branch
instructions.
Fixes: 250bbd12c2fe ("uprobes/x86: Refuse to attach uprobe to "word-sized" branch insns")
Reported-by: Seiji Nishikawa <snishika@redhat.com>
Suggested-by: Denys Vlasenko <dvlasenk@redhat.com>
Signed-off-by: Oleg Nesterov <oleg@redhat.com>
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
Acked-by: Masami Hiramatsu (Google) <mhiramat@kernel.org>
Link: https://lore.kernel.org/r/20221204173933.GA31544@redhat.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/x86/kernel/uprobes.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/arch/x86/kernel/uprobes.c b/arch/x86/kernel/uprobes.c
index ae9e806a11de..3b87bca027b4 100644
--- a/arch/x86/kernel/uprobes.c
+++ b/arch/x86/kernel/uprobes.c
@@ -735,8 +735,9 @@ static int branch_setup_xol_ops(struct arch_uprobe *auprobe, struct insn *insn)
switch (opc1) {
case 0xeb: /* jmp 8 */
case 0xe9: /* jmp 32 */
- case 0x90: /* prefix* + nop; same as jmp with .offs = 0 */
break;
+ case 0x90: /* prefix* + nop; same as jmp with .offs = 0 */
+ goto setup;
case 0xe8: /* call relative */
branch_clear_offset(auprobe, insn);
@@ -765,6 +766,7 @@ static int branch_setup_xol_ops(struct arch_uprobe *auprobe, struct insn *insn)
return -ENOTSUPP;
}
+setup:
auprobe->branch.opc1 = opc1;
auprobe->branch.ilen = insn->length;
auprobe->branch.offs = insn->immediate.value;
--
2.35.1
^ permalink raw reply related [flat|nested] 529+ messages in thread
* [PATCH 4.19 066/521] xen/events: only register debug interrupt for 2-level events
2023-01-16 15:44 [PATCH 4.19 000/521] 4.19.270-rc1 review Greg Kroah-Hartman
` (64 preceding siblings ...)
2023-01-16 15:45 ` [PATCH 4.19 065/521] uprobes/x86: Allow to probe a NOP instruction with 0x66 prefix Greg Kroah-Hartman
@ 2023-01-16 15:45 ` Greg Kroah-Hartman
2023-01-16 15:45 ` [PATCH 4.19 067/521] x86/xen: Fix memory leak in xen_smp_intr_init{_pv}() Greg Kroah-Hartman
` (458 subsequent siblings)
524 siblings, 0 replies; 529+ messages in thread
From: Greg Kroah-Hartman @ 2023-01-16 15:45 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Juergen Gross, Jan Beulich,
Boris Ostrovsky, Sasha Levin
From: Juergen Gross <jgross@suse.com>
[ Upstream commit d04b1ae5a9b0c868dda8b4b34175ef08f3cb9e93 ]
xen_debug_interrupt() is specific to 2-level event handling. So don't
register it with fifo event handling being active.
Signed-off-by: Juergen Gross <jgross@suse.com>
Reviewed-by: Jan Beulich <jbeulich@suse.com>
Link: https://lore.kernel.org/r/20201022094907.28560-4-jgross@suse.com
Signed-off-by: Boris Ostrovsky <boris.ostrovsky@oracle.com>
Stable-dep-of: 69143f60868b ("x86/xen: Fix memory leak in xen_smp_intr_init{_pv}()")
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/x86/xen/smp.c | 19 +++++++++++--------
arch/x86/xen/xen-ops.h | 2 ++
drivers/xen/events/events_base.c | 10 ++++++----
3 files changed, 19 insertions(+), 12 deletions(-)
diff --git a/arch/x86/xen/smp.c b/arch/x86/xen/smp.c
index 7a43b2ae19f1..63a3605b2225 100644
--- a/arch/x86/xen/smp.c
+++ b/arch/x86/xen/smp.c
@@ -88,14 +88,17 @@ int xen_smp_intr_init(unsigned int cpu)
per_cpu(xen_callfunc_irq, cpu).irq = rc;
per_cpu(xen_callfunc_irq, cpu).name = callfunc_name;
- debug_name = kasprintf(GFP_KERNEL, "debug%d", cpu);
- rc = bind_virq_to_irqhandler(VIRQ_DEBUG, cpu, xen_debug_interrupt,
- IRQF_PERCPU | IRQF_NOBALANCING,
- debug_name, NULL);
- if (rc < 0)
- goto fail;
- per_cpu(xen_debug_irq, cpu).irq = rc;
- per_cpu(xen_debug_irq, cpu).name = debug_name;
+ if (!xen_fifo_events) {
+ debug_name = kasprintf(GFP_KERNEL, "debug%d", cpu);
+ rc = bind_virq_to_irqhandler(VIRQ_DEBUG, cpu,
+ xen_debug_interrupt,
+ IRQF_PERCPU | IRQF_NOBALANCING,
+ debug_name, NULL);
+ if (rc < 0)
+ goto fail;
+ per_cpu(xen_debug_irq, cpu).irq = rc;
+ per_cpu(xen_debug_irq, cpu).name = debug_name;
+ }
callfunc_name = kasprintf(GFP_KERNEL, "callfuncsingle%d", cpu);
rc = bind_ipi_to_irqhandler(XEN_CALL_FUNCTION_SINGLE_VECTOR,
diff --git a/arch/x86/xen/xen-ops.h b/arch/x86/xen/xen-ops.h
index 2f111f47ba98..9faec8543237 100644
--- a/arch/x86/xen/xen-ops.h
+++ b/arch/x86/xen/xen-ops.h
@@ -30,6 +30,8 @@ extern struct start_info *xen_start_info;
extern struct shared_info xen_dummy_shared_info;
extern struct shared_info *HYPERVISOR_shared_info;
+extern bool xen_fifo_events;
+
void xen_setup_mfn_list_list(void);
void xen_build_mfn_list_list(void);
void xen_setup_machphys_mapping(void);
diff --git a/drivers/xen/events/events_base.c b/drivers/xen/events/events_base.c
index d138027034fd..b6b3131cb079 100644
--- a/drivers/xen/events/events_base.c
+++ b/drivers/xen/events/events_base.c
@@ -2100,8 +2100,8 @@ void xen_callback_vector(void)
void xen_callback_vector(void) {}
#endif
-static bool fifo_events = true;
-module_param(fifo_events, bool, 0);
+bool xen_fifo_events = true;
+module_param_named(fifo_events, xen_fifo_events, bool, 0);
static int xen_evtchn_cpu_prepare(unsigned int cpu)
{
@@ -2130,10 +2130,12 @@ void __init xen_init_IRQ(void)
int ret = -EINVAL;
unsigned int evtchn;
- if (fifo_events)
+ if (xen_fifo_events)
ret = xen_evtchn_fifo_init();
- if (ret < 0)
+ if (ret < 0) {
xen_evtchn_2l_init();
+ xen_fifo_events = false;
+ }
xen_cpu_init_eoi(smp_processor_id());
--
2.35.1
^ permalink raw reply related [flat|nested] 529+ messages in thread
* [PATCH 4.19 067/521] x86/xen: Fix memory leak in xen_smp_intr_init{_pv}()
2023-01-16 15:44 [PATCH 4.19 000/521] 4.19.270-rc1 review Greg Kroah-Hartman
` (65 preceding siblings ...)
2023-01-16 15:45 ` [PATCH 4.19 066/521] xen/events: only register debug interrupt for 2-level events Greg Kroah-Hartman
@ 2023-01-16 15:45 ` Greg Kroah-Hartman
2023-01-16 15:45 ` [PATCH 4.19 068/521] x86/xen: Fix memory leak in xen_init_lock_cpu() Greg Kroah-Hartman
` (457 subsequent siblings)
524 siblings, 0 replies; 529+ messages in thread
From: Greg Kroah-Hartman @ 2023-01-16 15:45 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Xiu Jianfeng, Juergen Gross, Sasha Levin
From: Xiu Jianfeng <xiujianfeng@huawei.com>
[ Upstream commit 69143f60868b3939ddc89289b29db593b647295e ]
These local variables @{resched|pmu|callfunc...}_name saves the new
string allocated by kasprintf(), and when bind_{v}ipi_to_irqhandler()
fails, it goes to the @fail tag, and calls xen_smp_intr_free{_pv}() to
free resource, however the new string is not saved, which cause a memory
leak issue. fix it.
Fixes: 9702785a747a ("i386: move xen")
Signed-off-by: Xiu Jianfeng <xiujianfeng@huawei.com>
Reviewed-by: Juergen Gross <jgross@suse.com>
Link: https://lore.kernel.org/r/20221123155858.11382-2-xiujianfeng@huawei.com
Signed-off-by: Juergen Gross <jgross@suse.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/x86/xen/smp.c | 24 ++++++++++++------------
arch/x86/xen/smp_pv.c | 12 ++++++------
2 files changed, 18 insertions(+), 18 deletions(-)
diff --git a/arch/x86/xen/smp.c b/arch/x86/xen/smp.c
index 63a3605b2225..a1cc855c539c 100644
--- a/arch/x86/xen/smp.c
+++ b/arch/x86/xen/smp.c
@@ -32,30 +32,30 @@ static irqreturn_t xen_reschedule_interrupt(int irq, void *dev_id)
void xen_smp_intr_free(unsigned int cpu)
{
+ kfree(per_cpu(xen_resched_irq, cpu).name);
+ per_cpu(xen_resched_irq, cpu).name = NULL;
if (per_cpu(xen_resched_irq, cpu).irq >= 0) {
unbind_from_irqhandler(per_cpu(xen_resched_irq, cpu).irq, NULL);
per_cpu(xen_resched_irq, cpu).irq = -1;
- kfree(per_cpu(xen_resched_irq, cpu).name);
- per_cpu(xen_resched_irq, cpu).name = NULL;
}
+ kfree(per_cpu(xen_callfunc_irq, cpu).name);
+ per_cpu(xen_callfunc_irq, cpu).name = NULL;
if (per_cpu(xen_callfunc_irq, cpu).irq >= 0) {
unbind_from_irqhandler(per_cpu(xen_callfunc_irq, cpu).irq, NULL);
per_cpu(xen_callfunc_irq, cpu).irq = -1;
- kfree(per_cpu(xen_callfunc_irq, cpu).name);
- per_cpu(xen_callfunc_irq, cpu).name = NULL;
}
+ kfree(per_cpu(xen_debug_irq, cpu).name);
+ per_cpu(xen_debug_irq, cpu).name = NULL;
if (per_cpu(xen_debug_irq, cpu).irq >= 0) {
unbind_from_irqhandler(per_cpu(xen_debug_irq, cpu).irq, NULL);
per_cpu(xen_debug_irq, cpu).irq = -1;
- kfree(per_cpu(xen_debug_irq, cpu).name);
- per_cpu(xen_debug_irq, cpu).name = NULL;
}
+ kfree(per_cpu(xen_callfuncsingle_irq, cpu).name);
+ per_cpu(xen_callfuncsingle_irq, cpu).name = NULL;
if (per_cpu(xen_callfuncsingle_irq, cpu).irq >= 0) {
unbind_from_irqhandler(per_cpu(xen_callfuncsingle_irq, cpu).irq,
NULL);
per_cpu(xen_callfuncsingle_irq, cpu).irq = -1;
- kfree(per_cpu(xen_callfuncsingle_irq, cpu).name);
- per_cpu(xen_callfuncsingle_irq, cpu).name = NULL;
}
}
@@ -65,6 +65,7 @@ int xen_smp_intr_init(unsigned int cpu)
char *resched_name, *callfunc_name, *debug_name;
resched_name = kasprintf(GFP_KERNEL, "resched%d", cpu);
+ per_cpu(xen_resched_irq, cpu).name = resched_name;
rc = bind_ipi_to_irqhandler(XEN_RESCHEDULE_VECTOR,
cpu,
xen_reschedule_interrupt,
@@ -74,9 +75,9 @@ int xen_smp_intr_init(unsigned int cpu)
if (rc < 0)
goto fail;
per_cpu(xen_resched_irq, cpu).irq = rc;
- per_cpu(xen_resched_irq, cpu).name = resched_name;
callfunc_name = kasprintf(GFP_KERNEL, "callfunc%d", cpu);
+ per_cpu(xen_callfunc_irq, cpu).name = callfunc_name;
rc = bind_ipi_to_irqhandler(XEN_CALL_FUNCTION_VECTOR,
cpu,
xen_call_function_interrupt,
@@ -86,10 +87,10 @@ int xen_smp_intr_init(unsigned int cpu)
if (rc < 0)
goto fail;
per_cpu(xen_callfunc_irq, cpu).irq = rc;
- per_cpu(xen_callfunc_irq, cpu).name = callfunc_name;
if (!xen_fifo_events) {
debug_name = kasprintf(GFP_KERNEL, "debug%d", cpu);
+ per_cpu(xen_debug_irq, cpu).name = debug_name;
rc = bind_virq_to_irqhandler(VIRQ_DEBUG, cpu,
xen_debug_interrupt,
IRQF_PERCPU | IRQF_NOBALANCING,
@@ -97,10 +98,10 @@ int xen_smp_intr_init(unsigned int cpu)
if (rc < 0)
goto fail;
per_cpu(xen_debug_irq, cpu).irq = rc;
- per_cpu(xen_debug_irq, cpu).name = debug_name;
}
callfunc_name = kasprintf(GFP_KERNEL, "callfuncsingle%d", cpu);
+ per_cpu(xen_callfuncsingle_irq, cpu).name = callfunc_name;
rc = bind_ipi_to_irqhandler(XEN_CALL_FUNCTION_SINGLE_VECTOR,
cpu,
xen_call_function_single_interrupt,
@@ -110,7 +111,6 @@ int xen_smp_intr_init(unsigned int cpu)
if (rc < 0)
goto fail;
per_cpu(xen_callfuncsingle_irq, cpu).irq = rc;
- per_cpu(xen_callfuncsingle_irq, cpu).name = callfunc_name;
return 0;
diff --git a/arch/x86/xen/smp_pv.c b/arch/x86/xen/smp_pv.c
index e8248e8a04ca..75807c2a1e17 100644
--- a/arch/x86/xen/smp_pv.c
+++ b/arch/x86/xen/smp_pv.c
@@ -94,18 +94,18 @@ asmlinkage __visible void cpu_bringup_and_idle(void)
void xen_smp_intr_free_pv(unsigned int cpu)
{
+ kfree(per_cpu(xen_irq_work, cpu).name);
+ per_cpu(xen_irq_work, cpu).name = NULL;
if (per_cpu(xen_irq_work, cpu).irq >= 0) {
unbind_from_irqhandler(per_cpu(xen_irq_work, cpu).irq, NULL);
per_cpu(xen_irq_work, cpu).irq = -1;
- kfree(per_cpu(xen_irq_work, cpu).name);
- per_cpu(xen_irq_work, cpu).name = NULL;
}
+ kfree(per_cpu(xen_pmu_irq, cpu).name);
+ per_cpu(xen_pmu_irq, cpu).name = NULL;
if (per_cpu(xen_pmu_irq, cpu).irq >= 0) {
unbind_from_irqhandler(per_cpu(xen_pmu_irq, cpu).irq, NULL);
per_cpu(xen_pmu_irq, cpu).irq = -1;
- kfree(per_cpu(xen_pmu_irq, cpu).name);
- per_cpu(xen_pmu_irq, cpu).name = NULL;
}
}
@@ -115,6 +115,7 @@ int xen_smp_intr_init_pv(unsigned int cpu)
char *callfunc_name, *pmu_name;
callfunc_name = kasprintf(GFP_KERNEL, "irqwork%d", cpu);
+ per_cpu(xen_irq_work, cpu).name = callfunc_name;
rc = bind_ipi_to_irqhandler(XEN_IRQ_WORK_VECTOR,
cpu,
xen_irq_work_interrupt,
@@ -124,10 +125,10 @@ int xen_smp_intr_init_pv(unsigned int cpu)
if (rc < 0)
goto fail;
per_cpu(xen_irq_work, cpu).irq = rc;
- per_cpu(xen_irq_work, cpu).name = callfunc_name;
if (is_xen_pmu) {
pmu_name = kasprintf(GFP_KERNEL, "pmu%d", cpu);
+ per_cpu(xen_pmu_irq, cpu).name = pmu_name;
rc = bind_virq_to_irqhandler(VIRQ_XENPMU, cpu,
xen_pmu_irq_handler,
IRQF_PERCPU|IRQF_NOBALANCING,
@@ -135,7 +136,6 @@ int xen_smp_intr_init_pv(unsigned int cpu)
if (rc < 0)
goto fail;
per_cpu(xen_pmu_irq, cpu).irq = rc;
- per_cpu(xen_pmu_irq, cpu).name = pmu_name;
}
return 0;
--
2.35.1
^ permalink raw reply related [flat|nested] 529+ messages in thread
* [PATCH 4.19 068/521] x86/xen: Fix memory leak in xen_init_lock_cpu()
2023-01-16 15:44 [PATCH 4.19 000/521] 4.19.270-rc1 review Greg Kroah-Hartman
` (66 preceding siblings ...)
2023-01-16 15:45 ` [PATCH 4.19 067/521] x86/xen: Fix memory leak in xen_smp_intr_init{_pv}() Greg Kroah-Hartman
@ 2023-01-16 15:45 ` Greg Kroah-Hartman
2023-01-16 15:45 ` [PATCH 4.19 069/521] xen/privcmd: Fix a possible warning in privcmd_ioctl_mmap_resource() Greg Kroah-Hartman
` (456 subsequent siblings)
524 siblings, 0 replies; 529+ messages in thread
From: Greg Kroah-Hartman @ 2023-01-16 15:45 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Xiu Jianfeng, Juergen Gross, Sasha Levin
From: Xiu Jianfeng <xiujianfeng@huawei.com>
[ Upstream commit ca84ce153d887b1dc8b118029976cc9faf2a9b40 ]
In xen_init_lock_cpu(), the @name has allocated new string by kasprintf(),
if bind_ipi_to_irqhandler() fails, it should be freed, otherwise may lead
to a memory leak issue, fix it.
Fixes: 2d9e1e2f58b5 ("xen: implement Xen-specific spinlocks")
Signed-off-by: Xiu Jianfeng <xiujianfeng@huawei.com>
Reviewed-by: Juergen Gross <jgross@suse.com>
Link: https://lore.kernel.org/r/20221123155858.11382-3-xiujianfeng@huawei.com
Signed-off-by: Juergen Gross <jgross@suse.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/x86/xen/spinlock.c | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/arch/x86/xen/spinlock.c b/arch/x86/xen/spinlock.c
index 6fffb86a32ad..e6cf1b430fd0 100644
--- a/arch/x86/xen/spinlock.c
+++ b/arch/x86/xen/spinlock.c
@@ -83,6 +83,7 @@ void xen_init_lock_cpu(int cpu)
cpu, per_cpu(lock_kicker_irq, cpu));
name = kasprintf(GFP_KERNEL, "spinlock%d", cpu);
+ per_cpu(irq_name, cpu) = name;
irq = bind_ipi_to_irqhandler(XEN_SPIN_UNLOCK_VECTOR,
cpu,
dummy_handler,
@@ -93,7 +94,6 @@ void xen_init_lock_cpu(int cpu)
if (irq >= 0) {
disable_irq(irq); /* make sure it's never delivered */
per_cpu(lock_kicker_irq, cpu) = irq;
- per_cpu(irq_name, cpu) = name;
}
printk("cpu %d spinlock event irq %d\n", cpu, irq);
@@ -106,6 +106,8 @@ void xen_uninit_lock_cpu(int cpu)
if (!xen_pvspin)
return;
+ kfree(per_cpu(irq_name, cpu));
+ per_cpu(irq_name, cpu) = NULL;
/*
* When booting the kernel with 'mitigations=auto,nosmt', the secondary
* CPUs are not activated, and lock_kicker_irq is not initialized.
@@ -116,8 +118,6 @@ void xen_uninit_lock_cpu(int cpu)
unbind_from_irqhandler(irq, NULL);
per_cpu(lock_kicker_irq, cpu) = -1;
- kfree(per_cpu(irq_name, cpu));
- per_cpu(irq_name, cpu) = NULL;
}
PV_CALLEE_SAVE_REGS_THUNK(xen_vcpu_stolen);
--
2.35.1
^ permalink raw reply related [flat|nested] 529+ messages in thread
* [PATCH 4.19 069/521] xen/privcmd: Fix a possible warning in privcmd_ioctl_mmap_resource()
2023-01-16 15:44 [PATCH 4.19 000/521] 4.19.270-rc1 review Greg Kroah-Hartman
` (67 preceding siblings ...)
2023-01-16 15:45 ` [PATCH 4.19 068/521] x86/xen: Fix memory leak in xen_init_lock_cpu() Greg Kroah-Hartman
@ 2023-01-16 15:45 ` Greg Kroah-Hartman
2023-01-16 15:45 ` [PATCH 4.19 070/521] PM: runtime: Improve path in rpm_idle() when no callback Greg Kroah-Hartman
` (455 subsequent siblings)
524 siblings, 0 replies; 529+ messages in thread
From: Greg Kroah-Hartman @ 2023-01-16 15:45 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Harshit Mogalapalli, Juergen Gross,
Sasha Levin
From: Harshit Mogalapalli <harshit.m.mogalapalli@oracle.com>
[ Upstream commit 8b997b2bb2c53b76a6db6c195930e9ab8e4b0c79 ]
As 'kdata.num' is user-controlled data, if user tries to allocate
memory larger than(>=) MAX_ORDER, then kcalloc() will fail, it
creates a stack trace and messes up dmesg with a warning.
Call trace:
-> privcmd_ioctl
--> privcmd_ioctl_mmap_resource
Add __GFP_NOWARN in order to avoid too large allocation warning.
This is detected by static analysis using smatch.
Fixes: 3ad0876554ca ("xen/privcmd: add IOCTL_PRIVCMD_MMAP_RESOURCE")
Signed-off-by: Harshit Mogalapalli <harshit.m.mogalapalli@oracle.com>
Reviewed-by: Juergen Gross <jgross@suse.com>
Link: https://lore.kernel.org/r/20221126050745.778967-1-harshit.m.mogalapalli@oracle.com
Signed-off-by: Juergen Gross <jgross@suse.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/xen/privcmd.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/xen/privcmd.c b/drivers/xen/privcmd.c
index 74ff28fda64d..15ece1041d17 100644
--- a/drivers/xen/privcmd.c
+++ b/drivers/xen/privcmd.c
@@ -785,7 +785,7 @@ static long privcmd_ioctl_mmap_resource(struct file *file,
goto out;
}
- pfns = kcalloc(kdata.num, sizeof(*pfns), GFP_KERNEL);
+ pfns = kcalloc(kdata.num, sizeof(*pfns), GFP_KERNEL | __GFP_NOWARN);
if (!pfns) {
rc = -ENOMEM;
goto out;
--
2.35.1
^ permalink raw reply related [flat|nested] 529+ messages in thread
* [PATCH 4.19 070/521] PM: runtime: Improve path in rpm_idle() when no callback
2023-01-16 15:44 [PATCH 4.19 000/521] 4.19.270-rc1 review Greg Kroah-Hartman
` (68 preceding siblings ...)
2023-01-16 15:45 ` [PATCH 4.19 069/521] xen/privcmd: Fix a possible warning in privcmd_ioctl_mmap_resource() Greg Kroah-Hartman
@ 2023-01-16 15:45 ` Greg Kroah-Hartman
2023-01-16 15:45 ` [PATCH 4.19 071/521] PM: runtime: Do not call __rpm_callback() from rpm_idle() Greg Kroah-Hartman
` (454 subsequent siblings)
524 siblings, 0 replies; 529+ messages in thread
From: Greg Kroah-Hartman @ 2023-01-16 15:45 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Ulf Hansson, Alan Stern,
Rafael J. Wysocki, Sasha Levin
From: Ulf Hansson <ulf.hansson@linaro.org>
[ Upstream commit 5a2bd1b1c64e1ac5627db3767ac465f18606315c ]
When pm_runtime_no_callbacks() has been called for a struct device to set
the dev->power.no_callbacks flag for it, it enables rpm_idle() to take a
slightly quicker path by assuming that a ->runtime_idle() callback would
have returned 0 to indicate success.
A device that does not have the dev->power.no_callbacks flag set for it,
may still be missing a corresponding ->runtime_idle() callback, in which
case the slower path in rpm_idle() is taken. Let's improve the behaviour
for this case, by aligning code to the quicker path.
Signed-off-by: Ulf Hansson <ulf.hansson@linaro.org>
Acked-by: Alan Stern <stern@rowland.harvard.edu>
Signed-off-by: Rafael J. Wysocki <rafael.j.wysocki@intel.com>
Stable-dep-of: bc80c2e438dc ("PM: runtime: Do not call __rpm_callback() from rpm_idle()")
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/base/power/runtime.c | 10 +++++-----
1 file changed, 5 insertions(+), 5 deletions(-)
diff --git a/drivers/base/power/runtime.c b/drivers/base/power/runtime.c
index eaae4adf9ce4..8a018e6d7976 100644
--- a/drivers/base/power/runtime.c
+++ b/drivers/base/power/runtime.c
@@ -403,7 +403,10 @@ static int rpm_idle(struct device *dev, int rpmflags)
/* Pending requests need to be canceled. */
dev->power.request = RPM_REQ_NONE;
- if (dev->power.no_callbacks)
+ callback = RPM_GET_CALLBACK(dev, runtime_idle);
+
+ /* If no callback assume success. */
+ if (!callback || dev->power.no_callbacks)
goto out;
/* Carry out an asynchronous or a synchronous idle notification. */
@@ -419,10 +422,7 @@ static int rpm_idle(struct device *dev, int rpmflags)
dev->power.idle_notification = true;
- callback = RPM_GET_CALLBACK(dev, runtime_idle);
-
- if (callback)
- retval = __rpm_callback(callback, dev);
+ retval = __rpm_callback(callback, dev);
dev->power.idle_notification = false;
wake_up_all(&dev->power.wait_queue);
--
2.35.1
^ permalink raw reply related [flat|nested] 529+ messages in thread
* [PATCH 4.19 071/521] PM: runtime: Do not call __rpm_callback() from rpm_idle()
2023-01-16 15:44 [PATCH 4.19 000/521] 4.19.270-rc1 review Greg Kroah-Hartman
` (69 preceding siblings ...)
2023-01-16 15:45 ` [PATCH 4.19 070/521] PM: runtime: Improve path in rpm_idle() when no callback Greg Kroah-Hartman
@ 2023-01-16 15:45 ` Greg Kroah-Hartman
2023-01-16 15:45 ` [PATCH 4.19 072/521] platform/x86: mxm-wmi: fix memleak in mxm_wmi_call_mx[ds|mx]() Greg Kroah-Hartman
` (453 subsequent siblings)
524 siblings, 0 replies; 529+ messages in thread
From: Greg Kroah-Hartman @ 2023-01-16 15:45 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Rafael J. Wysocki, Adrian Hunter,
Sasha Levin
From: Rafael J. Wysocki <rafael.j.wysocki@intel.com>
[ Upstream commit bc80c2e438dcbfcf748452ec0f7ad5b79ff3ad88 ]
Calling __rpm_callback() from rpm_idle() after adding device links
support to the former is a clear mistake.
Not only it causes rpm_idle() to carry out unnecessary actions, but it
is also against the assumption regarding the stability of PM-runtime
status across __rpm_callback() invocations, because rpm_suspend() and
rpm_resume() may run in parallel with __rpm_callback() when it is called
by rpm_idle() and the device's PM-runtime status can be updated by any
of them.
Fixes: 21d5c57b3726 ("PM / runtime: Use device links")
Link: https://lore.kernel.org/linux-pm/36aed941-a73e-d937-2721-4f0decd61ce0@quicinc.com
Signed-off-by: Rafael J. Wysocki <rafael.j.wysocki@intel.com>
Reviewed-by: Adrian Hunter <adrian.hunter@intel.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/base/power/runtime.c | 12 +++++++++++-
1 file changed, 11 insertions(+), 1 deletion(-)
diff --git a/drivers/base/power/runtime.c b/drivers/base/power/runtime.c
index 8a018e6d7976..911bb8a4bf6d 100644
--- a/drivers/base/power/runtime.c
+++ b/drivers/base/power/runtime.c
@@ -422,7 +422,17 @@ static int rpm_idle(struct device *dev, int rpmflags)
dev->power.idle_notification = true;
- retval = __rpm_callback(callback, dev);
+ if (dev->power.irq_safe)
+ spin_unlock(&dev->power.lock);
+ else
+ spin_unlock_irq(&dev->power.lock);
+
+ retval = callback(dev);
+
+ if (dev->power.irq_safe)
+ spin_lock(&dev->power.lock);
+ else
+ spin_lock_irq(&dev->power.lock);
dev->power.idle_notification = false;
wake_up_all(&dev->power.wait_queue);
--
2.35.1
^ permalink raw reply related [flat|nested] 529+ messages in thread
* [PATCH 4.19 072/521] platform/x86: mxm-wmi: fix memleak in mxm_wmi_call_mx[ds|mx]()
2023-01-16 15:44 [PATCH 4.19 000/521] 4.19.270-rc1 review Greg Kroah-Hartman
` (70 preceding siblings ...)
2023-01-16 15:45 ` [PATCH 4.19 071/521] PM: runtime: Do not call __rpm_callback() from rpm_idle() Greg Kroah-Hartman
@ 2023-01-16 15:45 ` Greg Kroah-Hartman
2023-01-16 15:45 ` [PATCH 4.19 073/521] MIPS: BCM63xx: Add check for NULL for clk in clk_enable Greg Kroah-Hartman
` (452 subsequent siblings)
524 siblings, 0 replies; 529+ messages in thread
From: Greg Kroah-Hartman @ 2023-01-16 15:45 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Yu Liao, Hans de Goede, Sasha Levin
From: Yu Liao <liaoyu15@huawei.com>
[ Upstream commit 727cc0147f5066e359aca65cc6cc5e6d64cc15d8 ]
The ACPI buffer memory (out.pointer) returned by wmi_evaluate_method()
is not freed after the call, so it leads to memory leak.
The method results in ACPI buffer is not used, so just pass NULL to
wmi_evaluate_method() which fixes the memory leak.
Fixes: 99b38b4acc0d ("platform/x86: add MXM WMI driver.")
Signed-off-by: Yu Liao <liaoyu15@huawei.com>
Link: https://lore.kernel.org/r/20221129011101.2042315-1-liaoyu15@huawei.com
Reviewed-by: Hans de Goede <hdegoede@redhat.com>
Signed-off-by: Hans de Goede <hdegoede@redhat.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/platform/x86/mxm-wmi.c | 8 ++------
1 file changed, 2 insertions(+), 6 deletions(-)
diff --git a/drivers/platform/x86/mxm-wmi.c b/drivers/platform/x86/mxm-wmi.c
index 35d8b9a939f9..9c1893a703e6 100644
--- a/drivers/platform/x86/mxm-wmi.c
+++ b/drivers/platform/x86/mxm-wmi.c
@@ -48,13 +48,11 @@ int mxm_wmi_call_mxds(int adapter)
.xarg = 1,
};
struct acpi_buffer input = { (acpi_size)sizeof(args), &args };
- struct acpi_buffer output = { ACPI_ALLOCATE_BUFFER, NULL };
acpi_status status;
printk("calling mux switch %d\n", adapter);
- status = wmi_evaluate_method(MXM_WMMX_GUID, 0x0, adapter, &input,
- &output);
+ status = wmi_evaluate_method(MXM_WMMX_GUID, 0x0, adapter, &input, NULL);
if (ACPI_FAILURE(status))
return status;
@@ -73,13 +71,11 @@ int mxm_wmi_call_mxmx(int adapter)
.xarg = 1,
};
struct acpi_buffer input = { (acpi_size)sizeof(args), &args };
- struct acpi_buffer output = { ACPI_ALLOCATE_BUFFER, NULL };
acpi_status status;
printk("calling mux switch %d\n", adapter);
- status = wmi_evaluate_method(MXM_WMMX_GUID, 0x0, adapter, &input,
- &output);
+ status = wmi_evaluate_method(MXM_WMMX_GUID, 0x0, adapter, &input, NULL);
if (ACPI_FAILURE(status))
return status;
--
2.35.1
^ permalink raw reply related [flat|nested] 529+ messages in thread
* [PATCH 4.19 073/521] MIPS: BCM63xx: Add check for NULL for clk in clk_enable
2023-01-16 15:44 [PATCH 4.19 000/521] 4.19.270-rc1 review Greg Kroah-Hartman
` (71 preceding siblings ...)
2023-01-16 15:45 ` [PATCH 4.19 072/521] platform/x86: mxm-wmi: fix memleak in mxm_wmi_call_mx[ds|mx]() Greg Kroah-Hartman
@ 2023-01-16 15:45 ` Greg Kroah-Hartman
2023-01-16 15:45 ` [PATCH 4.19 074/521] fs: sysv: Fix sysv_nblocks() returns wrong value Greg Kroah-Hartman
` (451 subsequent siblings)
524 siblings, 0 replies; 529+ messages in thread
From: Greg Kroah-Hartman @ 2023-01-16 15:45 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Anastasia Belova,
Philippe Mathieu-Daudé,
Florian Fainelli, Thomas Bogendoerfer, Sasha Levin
From: Anastasia Belova <abelova@astralinux.ru>
[ Upstream commit ee9ef11bd2a59c2fefaa0959e5efcdf040d7c654 ]
Check clk for NULL before calling clk_enable_unlocked where clk
is dereferenced. There is such check in other implementations
of clk_enable.
Found by Linux Verification Center (linuxtesting.org) with SVACE.
Fixes: e7300d04bd08 ("MIPS: BCM63xx: Add support for the Broadcom BCM63xx family of SOCs.")
Signed-off-by: Anastasia Belova <abelova@astralinux.ru>
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Acked-by: Florian Fainelli <f.fainelli@gmail.com>
Signed-off-by: Thomas Bogendoerfer <tsbogend@alpha.franken.de>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/mips/bcm63xx/clk.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/arch/mips/bcm63xx/clk.c b/arch/mips/bcm63xx/clk.c
index dcfa0ea912fe..f183c45503ce 100644
--- a/arch/mips/bcm63xx/clk.c
+++ b/arch/mips/bcm63xx/clk.c
@@ -361,6 +361,8 @@ static struct clk clk_periph = {
*/
int clk_enable(struct clk *clk)
{
+ if (!clk)
+ return 0;
mutex_lock(&clocks_mutex);
clk_enable_unlocked(clk);
mutex_unlock(&clocks_mutex);
--
2.35.1
^ permalink raw reply related [flat|nested] 529+ messages in thread
* [PATCH 4.19 074/521] fs: sysv: Fix sysv_nblocks() returns wrong value
2023-01-16 15:44 [PATCH 4.19 000/521] 4.19.270-rc1 review Greg Kroah-Hartman
` (72 preceding siblings ...)
2023-01-16 15:45 ` [PATCH 4.19 073/521] MIPS: BCM63xx: Add check for NULL for clk in clk_enable Greg Kroah-Hartman
@ 2023-01-16 15:45 ` Greg Kroah-Hartman
2023-01-16 15:45 ` [PATCH 4.19 075/521] rapidio: fix possible UAF when kfifo_alloc() fails Greg Kroah-Hartman
` (450 subsequent siblings)
524 siblings, 0 replies; 529+ messages in thread
From: Greg Kroah-Hartman @ 2023-01-16 15:45 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Chen Zhongjin, Al Viro, Sasha Levin
From: Chen Zhongjin <chenzhongjin@huawei.com>
[ Upstream commit e0c49bd2b4d3cd1751491eb2d940bce968ac65e9 ]
sysv_nblocks() returns 'blocks' rather than 'res', which only counting
the number of triple-indirect blocks and causing sysv_getattr() gets a
wrong result.
[AV: this is actually a sysv counterpart of minixfs fix -
0fcd426de9d0 "[PATCH] minix block usage counting fix" in
historical tree; mea culpa, should've thought to check
fs/sysv back then...]
Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2")
Signed-off-by: Chen Zhongjin <chenzhongjin@huawei.com>
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
fs/sysv/itree.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/fs/sysv/itree.c b/fs/sysv/itree.c
index bcb67b0cabe7..31f66053e239 100644
--- a/fs/sysv/itree.c
+++ b/fs/sysv/itree.c
@@ -438,7 +438,7 @@ static unsigned sysv_nblocks(struct super_block *s, loff_t size)
res += blocks;
direct = 1;
}
- return blocks;
+ return res;
}
int sysv_getattr(const struct path *path, struct kstat *stat,
--
2.35.1
^ permalink raw reply related [flat|nested] 529+ messages in thread
* [PATCH 4.19 075/521] rapidio: fix possible UAF when kfifo_alloc() fails
2023-01-16 15:44 [PATCH 4.19 000/521] 4.19.270-rc1 review Greg Kroah-Hartman
` (73 preceding siblings ...)
2023-01-16 15:45 ` [PATCH 4.19 074/521] fs: sysv: Fix sysv_nblocks() returns wrong value Greg Kroah-Hartman
@ 2023-01-16 15:45 ` Greg Kroah-Hartman
2023-01-16 15:45 ` [PATCH 4.19 076/521] eventfd: change int to __u64 in eventfd_signal() ifndef CONFIG_EVENTFD Greg Kroah-Hartman
` (449 subsequent siblings)
524 siblings, 0 replies; 529+ messages in thread
From: Greg Kroah-Hartman @ 2023-01-16 15:45 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Wang Weiyang, Alexandre Bounine,
Dan Carpenter, Jakob Koschel, John Hubbard, Matt Porter,
Yang Yingliang, Andrew Morton, Sasha Levin
From: Wang Weiyang <wangweiyang2@huawei.com>
[ Upstream commit 02d7d89f816951e0862147d751b1150d67aaebdd ]
If kfifo_alloc() fails in mport_cdev_open(), goto err_fifo and just free
priv. But priv is still in the chdev->file_list, then list traversal
may cause UAF. This fixes the following smatch warning:
drivers/rapidio/devices/rio_mport_cdev.c:1930 mport_cdev_open() warn: '&priv->list' not removed from list
Link: https://lkml.kernel.org/r/20221123095147.52408-1-wangweiyang2@huawei.com
Fixes: e8de370188d0 ("rapidio: add mport char device driver")
Signed-off-by: Wang Weiyang <wangweiyang2@huawei.com>
Cc: Alexandre Bounine <alex.bou9@gmail.com>
Cc: Dan Carpenter <error27@gmail.com>
Cc: Jakob Koschel <jakobkoschel@gmail.com>
Cc: John Hubbard <jhubbard@nvidia.com>
Cc: Matt Porter <mporter@kernel.crashing.org>
Cc: Yang Yingliang <yangyingliang@huawei.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/rapidio/devices/rio_mport_cdev.c | 7 +++----
1 file changed, 3 insertions(+), 4 deletions(-)
diff --git a/drivers/rapidio/devices/rio_mport_cdev.c b/drivers/rapidio/devices/rio_mport_cdev.c
index 01eb1a594ce6..1f4114b23f5a 100644
--- a/drivers/rapidio/devices/rio_mport_cdev.c
+++ b/drivers/rapidio/devices/rio_mport_cdev.c
@@ -1909,10 +1909,6 @@ static int mport_cdev_open(struct inode *inode, struct file *filp)
priv->md = chdev;
- mutex_lock(&chdev->file_mutex);
- list_add_tail(&priv->list, &chdev->file_list);
- mutex_unlock(&chdev->file_mutex);
-
INIT_LIST_HEAD(&priv->db_filters);
INIT_LIST_HEAD(&priv->pw_filters);
spin_lock_init(&priv->fifo_lock);
@@ -1931,6 +1927,9 @@ static int mport_cdev_open(struct inode *inode, struct file *filp)
spin_lock_init(&priv->req_lock);
mutex_init(&priv->dma_lock);
#endif
+ mutex_lock(&chdev->file_mutex);
+ list_add_tail(&priv->list, &chdev->file_list);
+ mutex_unlock(&chdev->file_mutex);
filp->private_data = priv;
goto out;
--
2.35.1
^ permalink raw reply related [flat|nested] 529+ messages in thread
* [PATCH 4.19 076/521] eventfd: change int to __u64 in eventfd_signal() ifndef CONFIG_EVENTFD
2023-01-16 15:44 [PATCH 4.19 000/521] 4.19.270-rc1 review Greg Kroah-Hartman
` (74 preceding siblings ...)
2023-01-16 15:45 ` [PATCH 4.19 075/521] rapidio: fix possible UAF when kfifo_alloc() fails Greg Kroah-Hartman
@ 2023-01-16 15:45 ` Greg Kroah-Hartman
2023-01-16 15:45 ` [PATCH 4.19 077/521] relay: fix type mismatch when allocating memory in relay_create_buf() Greg Kroah-Hartman
` (448 subsequent siblings)
524 siblings, 0 replies; 529+ messages in thread
From: Greg Kroah-Hartman @ 2023-01-16 15:45 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Zhang Qilong, Dylan Yudaken,
Jens Axboe, Sha Zhengju, Andrew Morton, Sasha Levin
From: Zhang Qilong <zhangqilong3@huawei.com>
[ Upstream commit fd4e60bf0ef8eb9edcfa12dda39e8b6ee9060492 ]
Commit ee62c6b2dc93 ("eventfd: change int to __u64 in eventfd_signal()")
forgot to change int to __u64 in the CONFIG_EVENTFD=n stub function.
Link: https://lkml.kernel.org/r/20221124140154.104680-1-zhangqilong3@huawei.com
Fixes: ee62c6b2dc93 ("eventfd: change int to __u64 in eventfd_signal()")
Signed-off-by: Zhang Qilong <zhangqilong3@huawei.com>
Cc: Dylan Yudaken <dylany@fb.com>
Cc: Jens Axboe <axboe@kernel.dk>
Cc: Sha Zhengju <handai.szj@taobao.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
include/linux/eventfd.h | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/include/linux/eventfd.h b/include/linux/eventfd.h
index dc4fd8a6644d..3482f9365a4d 100644
--- a/include/linux/eventfd.h
+++ b/include/linux/eventfd.h
@@ -61,7 +61,7 @@ static inline struct eventfd_ctx *eventfd_ctx_fdget(int fd)
return ERR_PTR(-ENOSYS);
}
-static inline int eventfd_signal(struct eventfd_ctx *ctx, int n)
+static inline int eventfd_signal(struct eventfd_ctx *ctx, __u64 n)
{
return -ENOSYS;
}
--
2.35.1
^ permalink raw reply related [flat|nested] 529+ messages in thread
* [PATCH 4.19 077/521] relay: fix type mismatch when allocating memory in relay_create_buf()
2023-01-16 15:44 [PATCH 4.19 000/521] 4.19.270-rc1 review Greg Kroah-Hartman
` (75 preceding siblings ...)
2023-01-16 15:45 ` [PATCH 4.19 076/521] eventfd: change int to __u64 in eventfd_signal() ifndef CONFIG_EVENTFD Greg Kroah-Hartman
@ 2023-01-16 15:45 ` Greg Kroah-Hartman
2023-01-16 15:45 ` [PATCH 4.19 078/521] hfs: Fix OOB Write in hfs_asc2mac Greg Kroah-Hartman
` (447 subsequent siblings)
524 siblings, 0 replies; 529+ messages in thread
From: Greg Kroah-Hartman @ 2023-01-16 15:45 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Ilia.Gavrilov, Colin Ian King,
Jens Axboe, wuchi, Andrew Morton, Sasha Levin
From: Gavrilov Ilia <Ilia.Gavrilov@infotecs.ru>
[ Upstream commit 4d8586e04602fe42f0a782d2005956f8b6302678 ]
The 'padding' field of the 'rchan_buf' structure is an array of 'size_t'
elements, but the memory is allocated for an array of 'size_t *' elements.
Found by Linux Verification Center (linuxtesting.org) with SVACE.
Link: https://lkml.kernel.org/r/20221129092002.3538384-1-Ilia.Gavrilov@infotecs.ru
Fixes: b86ff981a825 ("[PATCH] relay: migrate from relayfs to a generic relay API")
Signed-off-by: Ilia.Gavrilov <Ilia.Gavrilov@infotecs.ru>
Cc: Colin Ian King <colin.i.king@gmail.com>
Cc: Jens Axboe <axboe@kernel.dk>
Cc: wuchi <wuchi.zero@gmail.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
kernel/relay.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/kernel/relay.c b/kernel/relay.c
index 735cb208f023..b7aa7df43955 100644
--- a/kernel/relay.c
+++ b/kernel/relay.c
@@ -163,13 +163,13 @@ static struct rchan_buf *relay_create_buf(struct rchan *chan)
{
struct rchan_buf *buf;
- if (chan->n_subbufs > KMALLOC_MAX_SIZE / sizeof(size_t *))
+ if (chan->n_subbufs > KMALLOC_MAX_SIZE / sizeof(size_t))
return NULL;
buf = kzalloc(sizeof(struct rchan_buf), GFP_KERNEL);
if (!buf)
return NULL;
- buf->padding = kmalloc_array(chan->n_subbufs, sizeof(size_t *),
+ buf->padding = kmalloc_array(chan->n_subbufs, sizeof(size_t),
GFP_KERNEL);
if (!buf->padding)
goto free_buf;
--
2.35.1
^ permalink raw reply related [flat|nested] 529+ messages in thread
* [PATCH 4.19 078/521] hfs: Fix OOB Write in hfs_asc2mac
2023-01-16 15:44 [PATCH 4.19 000/521] 4.19.270-rc1 review Greg Kroah-Hartman
` (76 preceding siblings ...)
2023-01-16 15:45 ` [PATCH 4.19 077/521] relay: fix type mismatch when allocating memory in relay_create_buf() Greg Kroah-Hartman
@ 2023-01-16 15:45 ` Greg Kroah-Hartman
2023-01-16 15:45 ` [PATCH 4.19 079/521] rapidio: devices: fix missing put_device in mport_cdev_open Greg Kroah-Hartman
` (446 subsequent siblings)
524 siblings, 0 replies; 529+ messages in thread
From: Greg Kroah-Hartman @ 2023-01-16 15:45 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, ZhangPeng, Viacheslav Dubeyko,
syzbot+dc3b1cf9111ab5fe98e7, Andrew Morton, Sasha Levin
From: ZhangPeng <zhangpeng362@huawei.com>
[ Upstream commit c53ed55cb275344086e32a7080a6b19cb183650b ]
Syzbot reported a OOB Write bug:
loop0: detected capacity change from 0 to 64
==================================================================
BUG: KASAN: slab-out-of-bounds in hfs_asc2mac+0x467/0x9a0
fs/hfs/trans.c:133
Write of size 1 at addr ffff88801848314e by task syz-executor391/3632
Call Trace:
<TASK>
__dump_stack lib/dump_stack.c:88 [inline]
dump_stack_lvl+0x1b1/0x28e lib/dump_stack.c:106
print_address_description+0x74/0x340 mm/kasan/report.c:284
print_report+0x107/0x1f0 mm/kasan/report.c:395
kasan_report+0xcd/0x100 mm/kasan/report.c:495
hfs_asc2mac+0x467/0x9a0 fs/hfs/trans.c:133
hfs_cat_build_key+0x92/0x170 fs/hfs/catalog.c:28
hfs_lookup+0x1ab/0x2c0 fs/hfs/dir.c:31
lookup_open fs/namei.c:3391 [inline]
open_last_lookups fs/namei.c:3481 [inline]
path_openat+0x10e6/0x2df0 fs/namei.c:3710
do_filp_open+0x264/0x4f0 fs/namei.c:3740
If in->len is much larger than HFS_NAMELEN(31) which is the maximum
length of an HFS filename, a OOB write could occur in hfs_asc2mac(). In
that case, when the dst reaches the boundary, the srclen is still
greater than 0, which causes a OOB write.
Fix this by adding a check on dstlen in while() before writing to dst
address.
Link: https://lkml.kernel.org/r/20221202030038.1391945-1-zhangpeng362@huawei.com
Fixes: 328b92278650 ("[PATCH] hfs: NLS support")
Signed-off-by: ZhangPeng <zhangpeng362@huawei.com>
Reviewed-by: Viacheslav Dubeyko <slava@dubeyko.com>
Reported-by: <syzbot+dc3b1cf9111ab5fe98e7@syzkaller.appspotmail.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
fs/hfs/trans.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/fs/hfs/trans.c b/fs/hfs/trans.c
index 39f5e343bf4d..fdb0edb8a607 100644
--- a/fs/hfs/trans.c
+++ b/fs/hfs/trans.c
@@ -109,7 +109,7 @@ void hfs_asc2mac(struct super_block *sb, struct hfs_name *out, const struct qstr
if (nls_io) {
wchar_t ch;
- while (srclen > 0) {
+ while (srclen > 0 && dstlen > 0) {
size = nls_io->char2uni(src, srclen, &ch);
if (size < 0) {
ch = '?';
--
2.35.1
^ permalink raw reply related [flat|nested] 529+ messages in thread
* [PATCH 4.19 079/521] rapidio: devices: fix missing put_device in mport_cdev_open
2023-01-16 15:44 [PATCH 4.19 000/521] 4.19.270-rc1 review Greg Kroah-Hartman
` (77 preceding siblings ...)
2023-01-16 15:45 ` [PATCH 4.19 078/521] hfs: Fix OOB Write in hfs_asc2mac Greg Kroah-Hartman
@ 2023-01-16 15:45 ` Greg Kroah-Hartman
2023-01-16 15:45 ` [PATCH 4.19 080/521] wifi: ath9k: hif_usb: fix memory leak of urbs in ath9k_hif_usb_dealloc_tx_urbs() Greg Kroah-Hartman
` (445 subsequent siblings)
524 siblings, 0 replies; 529+ messages in thread
From: Greg Kroah-Hartman @ 2023-01-16 15:45 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Cai Xinchen, Alexandre Bounine,
Dan Carpenter, Jakob Koschel, John Hubbard, Matt Porter,
Wang Weiyang, Yang Yingliang, Andrew Morton, Sasha Levin
From: Cai Xinchen <caixinchen1@huawei.com>
[ Upstream commit d5b6e6eba3af11cb2a2791fa36a2524990fcde1a ]
When kfifo_alloc fails, the refcount of chdev->dev is left incremental.
We should use put_device(&chdev->dev) to decrease the ref count of
chdev->dev to avoid refcount leak.
Link: https://lkml.kernel.org/r/20221203085721.13146-1-caixinchen1@huawei.com
Fixes: e8de370188d0 ("rapidio: add mport char device driver")
Signed-off-by: Cai Xinchen <caixinchen1@huawei.com>
Cc: Alexandre Bounine <alex.bou9@gmail.com>
Cc: Dan Carpenter <error27@gmail.com>
Cc: Jakob Koschel <jakobkoschel@gmail.com>
Cc: John Hubbard <jhubbard@nvidia.com>
Cc: Matt Porter <mporter@kernel.crashing.org>
Cc: Wang Weiyang <wangweiyang2@huawei.com>
Cc: Yang Yingliang <yangyingliang@huawei.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/rapidio/devices/rio_mport_cdev.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/drivers/rapidio/devices/rio_mport_cdev.c b/drivers/rapidio/devices/rio_mport_cdev.c
index 1f4114b23f5a..ee19c511adce 100644
--- a/drivers/rapidio/devices/rio_mport_cdev.c
+++ b/drivers/rapidio/devices/rio_mport_cdev.c
@@ -1917,6 +1917,7 @@ static int mport_cdev_open(struct inode *inode, struct file *filp)
sizeof(struct rio_event) * MPORT_EVENT_DEPTH,
GFP_KERNEL);
if (ret < 0) {
+ put_device(&chdev->dev);
dev_err(&chdev->dev, DRV_NAME ": kfifo_alloc failed\n");
ret = -ENOMEM;
goto err_fifo;
--
2.35.1
^ permalink raw reply related [flat|nested] 529+ messages in thread
* [PATCH 4.19 080/521] wifi: ath9k: hif_usb: fix memory leak of urbs in ath9k_hif_usb_dealloc_tx_urbs()
2023-01-16 15:44 [PATCH 4.19 000/521] 4.19.270-rc1 review Greg Kroah-Hartman
` (78 preceding siblings ...)
2023-01-16 15:45 ` [PATCH 4.19 079/521] rapidio: devices: fix missing put_device in mport_cdev_open Greg Kroah-Hartman
@ 2023-01-16 15:45 ` Greg Kroah-Hartman
2023-01-16 15:45 ` [PATCH 4.19 081/521] wifi: ath9k: hif_usb: Fix use-after-free in ath9k_hif_usb_reg_in_cb() Greg Kroah-Hartman
` (444 subsequent siblings)
524 siblings, 0 replies; 529+ messages in thread
From: Greg Kroah-Hartman @ 2023-01-16 15:45 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Fedor Pchelkin, Alexey Khoroshilov,
Toke Høiland-Jørgensen, Kalle Valo, Sasha Levin
From: Fedor Pchelkin <pchelkin@ispras.ru>
[ Upstream commit c2a94de38c74e86f49124ac14f093d6a5c377a90 ]
Syzkaller reports a long-known leak of urbs in
ath9k_hif_usb_dealloc_tx_urbs().
The cause of the leak is that usb_get_urb() is called but usb_free_urb()
(or usb_put_urb()) is not called inside usb_kill_urb() as urb->dev or
urb->ep fields have not been initialized and usb_kill_urb() returns
immediately.
The patch removes trying to kill urbs located in hif_dev->tx.tx_buf
because hif_dev->tx.tx_buf is not supposed to contain urbs which are in
pending state (the pending urbs are stored in hif_dev->tx.tx_pending).
The tx.tx_lock is acquired so there should not be any changes in the list.
Found by Linux Verification Center (linuxtesting.org) with Syzkaller.
Fixes: 03fb92a432ea ("ath9k: hif_usb: fix race condition between usb_get_urb() and usb_kill_anchored_urbs()")
Signed-off-by: Fedor Pchelkin <pchelkin@ispras.ru>
Signed-off-by: Alexey Khoroshilov <khoroshilov@ispras.ru>
Acked-by: Toke Høiland-Jørgensen <toke@toke.dk>
Signed-off-by: Kalle Valo <quic_kvalo@quicinc.com>
Link: https://lore.kernel.org/r/20220725151359.283704-1-pchelkin@ispras.ru
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/wireless/ath/ath9k/hif_usb.c | 4 ----
1 file changed, 4 deletions(-)
diff --git a/drivers/net/wireless/ath/ath9k/hif_usb.c b/drivers/net/wireless/ath/ath9k/hif_usb.c
index c8c7afe0e343..4290753a2002 100644
--- a/drivers/net/wireless/ath/ath9k/hif_usb.c
+++ b/drivers/net/wireless/ath/ath9k/hif_usb.c
@@ -781,14 +781,10 @@ static void ath9k_hif_usb_dealloc_tx_urbs(struct hif_device_usb *hif_dev)
spin_lock_irqsave(&hif_dev->tx.tx_lock, flags);
list_for_each_entry_safe(tx_buf, tx_buf_tmp,
&hif_dev->tx.tx_buf, list) {
- usb_get_urb(tx_buf->urb);
- spin_unlock_irqrestore(&hif_dev->tx.tx_lock, flags);
- usb_kill_urb(tx_buf->urb);
list_del(&tx_buf->list);
usb_free_urb(tx_buf->urb);
kfree(tx_buf->buf);
kfree(tx_buf);
- spin_lock_irqsave(&hif_dev->tx.tx_lock, flags);
}
spin_unlock_irqrestore(&hif_dev->tx.tx_lock, flags);
--
2.35.1
^ permalink raw reply related [flat|nested] 529+ messages in thread
* [PATCH 4.19 081/521] wifi: ath9k: hif_usb: Fix use-after-free in ath9k_hif_usb_reg_in_cb()
2023-01-16 15:44 [PATCH 4.19 000/521] 4.19.270-rc1 review Greg Kroah-Hartman
` (79 preceding siblings ...)
2023-01-16 15:45 ` [PATCH 4.19 080/521] wifi: ath9k: hif_usb: fix memory leak of urbs in ath9k_hif_usb_dealloc_tx_urbs() Greg Kroah-Hartman
@ 2023-01-16 15:45 ` Greg Kroah-Hartman
2023-01-16 15:45 ` [PATCH 4.19 082/521] wifi: rtl8xxxu: Fix reading the vendor of combo chips Greg Kroah-Hartman
` (443 subsequent siblings)
524 siblings, 0 replies; 529+ messages in thread
From: Greg Kroah-Hartman @ 2023-01-16 15:45 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Fedor Pchelkin, Alexey Khoroshilov,
Toke Høiland-Jørgensen, Kalle Valo, Sasha Levin
From: Fedor Pchelkin <pchelkin@ispras.ru>
[ Upstream commit dd95f2239fc846795fc926787c3ae0ca701c9840 ]
It is possible that skb is freed in ath9k_htc_rx_msg(), then
usb_submit_urb() fails and we try to free skb again. It causes
use-after-free bug. Moreover, if alloc_skb() fails, urb->context becomes
NULL but rx_buf is not freed and there can be a memory leak.
The patch removes unnecessary nskb and makes skb processing more clear: it
is supposed that ath9k_htc_rx_msg() either frees old skb or passes its
managing to another callback function.
Found by Linux Verification Center (linuxtesting.org) with Syzkaller.
Fixes: 3deff76095c4 ("ath9k_htc: Increase URB count for REG_IN pipe")
Signed-off-by: Fedor Pchelkin <pchelkin@ispras.ru>
Signed-off-by: Alexey Khoroshilov <khoroshilov@ispras.ru>
Acked-by: Toke Høiland-Jørgensen <toke@toke.dk>
Signed-off-by: Kalle Valo <quic_kvalo@quicinc.com>
Link: https://lore.kernel.org/r/20221008114917.21404-1-pchelkin@ispras.ru
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/wireless/ath/ath9k/hif_usb.c | 28 +++++++++++++-----------
1 file changed, 15 insertions(+), 13 deletions(-)
diff --git a/drivers/net/wireless/ath/ath9k/hif_usb.c b/drivers/net/wireless/ath/ath9k/hif_usb.c
index 4290753a2002..d872459c51cc 100644
--- a/drivers/net/wireless/ath/ath9k/hif_usb.c
+++ b/drivers/net/wireless/ath/ath9k/hif_usb.c
@@ -709,14 +709,13 @@ static void ath9k_hif_usb_reg_in_cb(struct urb *urb)
struct rx_buf *rx_buf = (struct rx_buf *)urb->context;
struct hif_device_usb *hif_dev = rx_buf->hif_dev;
struct sk_buff *skb = rx_buf->skb;
- struct sk_buff *nskb;
int ret;
if (!skb)
return;
if (!hif_dev)
- goto free;
+ goto free_skb;
switch (urb->status) {
case 0:
@@ -725,7 +724,7 @@ static void ath9k_hif_usb_reg_in_cb(struct urb *urb)
case -ECONNRESET:
case -ENODEV:
case -ESHUTDOWN:
- goto free;
+ goto free_skb;
default:
skb_reset_tail_pointer(skb);
skb_trim(skb, 0);
@@ -736,25 +735,27 @@ static void ath9k_hif_usb_reg_in_cb(struct urb *urb)
if (likely(urb->actual_length != 0)) {
skb_put(skb, urb->actual_length);
- /* Process the command first */
+ /*
+ * Process the command first.
+ * skb is either freed here or passed to be
+ * managed to another callback function.
+ */
ath9k_htc_rx_msg(hif_dev->htc_handle, skb,
skb->len, USB_REG_IN_PIPE);
-
- nskb = alloc_skb(MAX_REG_IN_BUF_SIZE, GFP_ATOMIC);
- if (!nskb) {
+ skb = alloc_skb(MAX_REG_IN_BUF_SIZE, GFP_ATOMIC);
+ if (!skb) {
dev_err(&hif_dev->udev->dev,
"ath9k_htc: REG_IN memory allocation failure\n");
- urb->context = NULL;
- return;
+ goto free_rx_buf;
}
- rx_buf->skb = nskb;
+ rx_buf->skb = skb;
usb_fill_int_urb(urb, hif_dev->udev,
usb_rcvintpipe(hif_dev->udev,
USB_REG_IN_PIPE),
- nskb->data, MAX_REG_IN_BUF_SIZE,
+ skb->data, MAX_REG_IN_BUF_SIZE,
ath9k_hif_usb_reg_in_cb, rx_buf, 1);
}
@@ -763,12 +764,13 @@ static void ath9k_hif_usb_reg_in_cb(struct urb *urb)
ret = usb_submit_urb(urb, GFP_ATOMIC);
if (ret) {
usb_unanchor_urb(urb);
- goto free;
+ goto free_skb;
}
return;
-free:
+free_skb:
kfree_skb(skb);
+free_rx_buf:
kfree(rx_buf);
urb->context = NULL;
}
--
2.35.1
^ permalink raw reply related [flat|nested] 529+ messages in thread
* [PATCH 4.19 082/521] wifi: rtl8xxxu: Fix reading the vendor of combo chips
2023-01-16 15:44 [PATCH 4.19 000/521] 4.19.270-rc1 review Greg Kroah-Hartman
` (80 preceding siblings ...)
2023-01-16 15:45 ` [PATCH 4.19 081/521] wifi: ath9k: hif_usb: Fix use-after-free in ath9k_hif_usb_reg_in_cb() Greg Kroah-Hartman
@ 2023-01-16 15:45 ` Greg Kroah-Hartman
2023-01-16 15:45 ` [PATCH 4.19 083/521] pata_ipx4xx_cf: Fix unsigned comparison with less than zero Greg Kroah-Hartman
` (442 subsequent siblings)
524 siblings, 0 replies; 529+ messages in thread
From: Greg Kroah-Hartman @ 2023-01-16 15:45 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Bitterblue Smith, Kalle Valo, Sasha Levin
From: Bitterblue Smith <rtl8821cerfe2@gmail.com>
[ Upstream commit 6f103aeb5e985ac08f3a4a049a2c17294f40cff9 ]
The wifi + bluetooth combo chips (RTL8723AU and RTL8723BU) read the
chip vendor from the wrong register because the val32 variable gets
overwritten. Add one more variable to avoid this.
This had no real effect on RTL8723BU. It may have had an effect on
RTL8723AU.
Fixes: 26f1fad29ad9 ("New driver: rtl8xxxu (mac80211)")
Signed-off-by: Bitterblue Smith <rtl8821cerfe2@gmail.com>
Signed-off-by: Kalle Valo <kvalo@kernel.org>
Link: https://lore.kernel.org/r/24af8024-2f07-552b-93d8-38823d8e3cb0@gmail.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
.../wireless/realtek/rtl8xxxu/rtl8xxxu_core.c | 16 ++++++++--------
1 file changed, 8 insertions(+), 8 deletions(-)
diff --git a/drivers/net/wireless/realtek/rtl8xxxu/rtl8xxxu_core.c b/drivers/net/wireless/realtek/rtl8xxxu/rtl8xxxu_core.c
index 38f06ee98b35..fb8545f79fa6 100644
--- a/drivers/net/wireless/realtek/rtl8xxxu/rtl8xxxu_core.c
+++ b/drivers/net/wireless/realtek/rtl8xxxu/rtl8xxxu_core.c
@@ -1614,18 +1614,18 @@ static void rtl8xxxu_print_chipinfo(struct rtl8xxxu_priv *priv)
static int rtl8xxxu_identify_chip(struct rtl8xxxu_priv *priv)
{
struct device *dev = &priv->udev->dev;
- u32 val32, bonding;
+ u32 val32, bonding, sys_cfg;
u16 val16;
- val32 = rtl8xxxu_read32(priv, REG_SYS_CFG);
- priv->chip_cut = (val32 & SYS_CFG_CHIP_VERSION_MASK) >>
+ sys_cfg = rtl8xxxu_read32(priv, REG_SYS_CFG);
+ priv->chip_cut = (sys_cfg & SYS_CFG_CHIP_VERSION_MASK) >>
SYS_CFG_CHIP_VERSION_SHIFT;
- if (val32 & SYS_CFG_TRP_VAUX_EN) {
+ if (sys_cfg & SYS_CFG_TRP_VAUX_EN) {
dev_info(dev, "Unsupported test chip\n");
return -ENOTSUPP;
}
- if (val32 & SYS_CFG_BT_FUNC) {
+ if (sys_cfg & SYS_CFG_BT_FUNC) {
if (priv->chip_cut >= 3) {
sprintf(priv->chip_name, "8723BU");
priv->rtl_chip = RTL8723B;
@@ -1647,7 +1647,7 @@ static int rtl8xxxu_identify_chip(struct rtl8xxxu_priv *priv)
if (val32 & MULTI_GPS_FUNC_EN)
priv->has_gps = 1;
priv->is_multi_func = 1;
- } else if (val32 & SYS_CFG_TYPE_ID) {
+ } else if (sys_cfg & SYS_CFG_TYPE_ID) {
bonding = rtl8xxxu_read32(priv, REG_HPON_FSM);
bonding &= HPON_FSM_BONDING_MASK;
if (priv->fops->tx_desc_size ==
@@ -1695,7 +1695,7 @@ static int rtl8xxxu_identify_chip(struct rtl8xxxu_priv *priv)
case RTL8188E:
case RTL8192E:
case RTL8723B:
- switch (val32 & SYS_CFG_VENDOR_EXT_MASK) {
+ switch (sys_cfg & SYS_CFG_VENDOR_EXT_MASK) {
case SYS_CFG_VENDOR_ID_TSMC:
sprintf(priv->chip_vendor, "TSMC");
break;
@@ -1712,7 +1712,7 @@ static int rtl8xxxu_identify_chip(struct rtl8xxxu_priv *priv)
}
break;
default:
- if (val32 & SYS_CFG_VENDOR_ID) {
+ if (sys_cfg & SYS_CFG_VENDOR_ID) {
sprintf(priv->chip_vendor, "UMC");
priv->vendor_umc = 1;
} else {
--
2.35.1
^ permalink raw reply related [flat|nested] 529+ messages in thread
* [PATCH 4.19 083/521] pata_ipx4xx_cf: Fix unsigned comparison with less than zero
2023-01-16 15:44 [PATCH 4.19 000/521] 4.19.270-rc1 review Greg Kroah-Hartman
` (81 preceding siblings ...)
2023-01-16 15:45 ` [PATCH 4.19 082/521] wifi: rtl8xxxu: Fix reading the vendor of combo chips Greg Kroah-Hartman
@ 2023-01-16 15:45 ` Greg Kroah-Hartman
2023-01-16 15:45 ` [PATCH 4.19 084/521] media: i2c: ad5820: Fix error path Greg Kroah-Hartman
` (441 subsequent siblings)
524 siblings, 0 replies; 529+ messages in thread
From: Greg Kroah-Hartman @ 2023-01-16 15:45 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Junlin Yang, Jens Axboe, Sasha Levin
From: Junlin Yang <yangjunlin@yulong.com>
[ Upstream commit c38ae56ee034623c59e39c0130ca0dec086c1a39 ]
The return from the call to platform_get_irq() is int, it can be
a negative error code, however this is being assigned to an unsigned
int variable 'irq', so making 'irq' an int, and change the position to
keep the code format.
./drivers/ata/pata_ixp4xx_cf.c:168:5-8:
WARNING: Unsigned expression compared with zero: irq > 0
Signed-off-by: Junlin Yang <yangjunlin@yulong.com>
Link: https://lore.kernel.org/r/20210409135426.1773-1-angkery@163.com
Signed-off-by: Jens Axboe <axboe@kernel.dk>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/ata/pata_ixp4xx_cf.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/ata/pata_ixp4xx_cf.c b/drivers/ata/pata_ixp4xx_cf.c
index 867621f8c387..8c34c64e4d51 100644
--- a/drivers/ata/pata_ixp4xx_cf.c
+++ b/drivers/ata/pata_ixp4xx_cf.c
@@ -139,12 +139,12 @@ static void ixp4xx_setup_port(struct ata_port *ap,
static int ixp4xx_pata_probe(struct platform_device *pdev)
{
- unsigned int irq;
struct resource *cs0, *cs1;
struct ata_host *host;
struct ata_port *ap;
struct ixp4xx_pata_data *data = dev_get_platdata(&pdev->dev);
int ret;
+ int irq;
cs0 = platform_get_resource(pdev, IORESOURCE_MEM, 0);
cs1 = platform_get_resource(pdev, IORESOURCE_MEM, 1);
--
2.35.1
^ permalink raw reply related [flat|nested] 529+ messages in thread
* [PATCH 4.19 084/521] media: i2c: ad5820: Fix error path
2023-01-16 15:44 [PATCH 4.19 000/521] 4.19.270-rc1 review Greg Kroah-Hartman
` (82 preceding siblings ...)
2023-01-16 15:45 ` [PATCH 4.19 083/521] pata_ipx4xx_cf: Fix unsigned comparison with less than zero Greg Kroah-Hartman
@ 2023-01-16 15:45 ` Greg Kroah-Hartman
2023-01-16 15:45 ` [PATCH 4.19 085/521] can: kvaser_usb: do not increase tx statistics when sending error message frames Greg Kroah-Hartman
` (440 subsequent siblings)
524 siblings, 0 replies; 529+ messages in thread
From: Greg Kroah-Hartman @ 2023-01-16 15:45 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Ricardo Ribalda, Sakari Ailus, Sasha Levin
From: Ricardo Ribalda <ribalda@chromium.org>
[ Upstream commit 9fce241660f37d9e95e93c0ae6fba8cfefa5797b ]
Error path seems to be swaped. Fix the order and provide some meaningful
names.
Fixes: bee3d5115611 ("[media] ad5820: Add driver for auto-focus coil")
Signed-off-by: Ricardo Ribalda <ribalda@chromium.org>
Signed-off-by: Sakari Ailus <sakari.ailus@linux.intel.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/media/i2c/ad5820.c | 10 +++++-----
1 file changed, 5 insertions(+), 5 deletions(-)
diff --git a/drivers/media/i2c/ad5820.c b/drivers/media/i2c/ad5820.c
index 034ebf754007..c2a6d1d5217a 100644
--- a/drivers/media/i2c/ad5820.c
+++ b/drivers/media/i2c/ad5820.c
@@ -321,18 +321,18 @@ static int ad5820_probe(struct i2c_client *client,
ret = media_entity_pads_init(&coil->subdev.entity, 0, NULL);
if (ret < 0)
- goto cleanup2;
+ goto clean_mutex;
ret = v4l2_async_register_subdev(&coil->subdev);
if (ret < 0)
- goto cleanup;
+ goto clean_entity;
return ret;
-cleanup2:
- mutex_destroy(&coil->power_lock);
-cleanup:
+clean_entity:
media_entity_cleanup(&coil->subdev.entity);
+clean_mutex:
+ mutex_destroy(&coil->power_lock);
return ret;
}
--
2.35.1
^ permalink raw reply related [flat|nested] 529+ messages in thread
* [PATCH 4.19 085/521] can: kvaser_usb: do not increase tx statistics when sending error message frames
2023-01-16 15:44 [PATCH 4.19 000/521] 4.19.270-rc1 review Greg Kroah-Hartman
` (83 preceding siblings ...)
2023-01-16 15:45 ` [PATCH 4.19 084/521] media: i2c: ad5820: Fix error path Greg Kroah-Hartman
@ 2023-01-16 15:45 ` Greg Kroah-Hartman
2023-01-16 15:45 ` [PATCH 4.19 086/521] can: kvaser_usb: kvaser_usb_leaf: Get capabilities from device Greg Kroah-Hartman
` (439 subsequent siblings)
524 siblings, 0 replies; 529+ messages in thread
From: Greg Kroah-Hartman @ 2023-01-16 15:45 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Jimmy Assarsson, Vincent Mailhol,
Marc Kleine-Budde, Sasha Levin
From: Vincent Mailhol <mailhol.vincent@wanadoo.fr>
[ Upstream commit 0b0ce2c67795672115ac6ca28351a78799cd114b ]
The CAN error message frames (i.e. error skb) are an interface
specific to socket CAN. The payload of the CAN error message frames
does not correspond to any actual data sent on the wire. Only an error
flag and a delimiter are transmitted when an error occurs (c.f. ISO
11898-1 section 10.4.4.2 "Error flag").
For this reason, it makes no sense to increment the tx_packets and
tx_bytes fields of struct net_device_stats when sending an error
message frame because no actual payload will be transmitted on the
wire.
N.B. Sending error message frames is a very specific feature which, at
the moment, is only supported by the Kvaser Hydra hardware. Please
refer to [1] for more details on the topic.
[1] https://lore.kernel.org/linux-can/CAMZ6RqK0rTNg3u3mBpZOoY51jLZ-et-J01tY6-+mWsM4meVw-A@mail.gmail.com/t/#u
Link: https://lore.kernel.org/all/20211207121531.42941-3-mailhol.vincent@wanadoo.fr
Co-developed-by: Jimmy Assarsson <extja@kvaser.com>
Signed-off-by: Jimmy Assarsson <extja@kvaser.com>
Signed-off-by: Vincent Mailhol <mailhol.vincent@wanadoo.fr>
Signed-off-by: Marc Kleine-Budde <mkl@pengutronix.de>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/can/usb/kvaser_usb/kvaser_usb_hydra.c | 7 ++++++-
1 file changed, 6 insertions(+), 1 deletion(-)
diff --git a/drivers/net/can/usb/kvaser_usb/kvaser_usb_hydra.c b/drivers/net/can/usb/kvaser_usb/kvaser_usb_hydra.c
index 45d278724883..9588efbfae71 100644
--- a/drivers/net/can/usb/kvaser_usb/kvaser_usb_hydra.c
+++ b/drivers/net/can/usb/kvaser_usb/kvaser_usb_hydra.c
@@ -293,6 +293,7 @@ struct kvaser_cmd {
#define KVASER_USB_HYDRA_CF_FLAG_OVERRUN BIT(1)
#define KVASER_USB_HYDRA_CF_FLAG_REMOTE_FRAME BIT(4)
#define KVASER_USB_HYDRA_CF_FLAG_EXTENDED_ID BIT(5)
+#define KVASER_USB_HYDRA_CF_FLAG_TX_ACK BIT(6)
/* CAN frame flags. Used in ext_rx_can and ext_tx_can */
#define KVASER_USB_HYDRA_CF_FLAG_OSM_NACK BIT(12)
#define KVASER_USB_HYDRA_CF_FLAG_ABL BIT(13)
@@ -1099,6 +1100,7 @@ static void kvaser_usb_hydra_tx_acknowledge(const struct kvaser_usb *dev,
struct kvaser_usb_net_priv *priv;
unsigned long irq_flags;
bool one_shot_fail = false;
+ bool is_err_frame = false;
u16 transid = kvaser_usb_hydra_get_cmd_transid(cmd);
priv = kvaser_usb_hydra_net_priv_from_cmd(dev, cmd);
@@ -1117,10 +1119,13 @@ static void kvaser_usb_hydra_tx_acknowledge(const struct kvaser_usb *dev,
kvaser_usb_hydra_one_shot_fail(priv, cmd_ext);
one_shot_fail = true;
}
+
+ is_err_frame = flags & KVASER_USB_HYDRA_CF_FLAG_TX_ACK &&
+ flags & KVASER_USB_HYDRA_CF_FLAG_ERROR_FRAME;
}
context = &priv->tx_contexts[transid % dev->max_tx_urbs];
- if (!one_shot_fail) {
+ if (!one_shot_fail && !is_err_frame) {
struct net_device_stats *stats = &priv->netdev->stats;
stats->tx_packets++;
--
2.35.1
^ permalink raw reply related [flat|nested] 529+ messages in thread
* [PATCH 4.19 086/521] can: kvaser_usb: kvaser_usb_leaf: Get capabilities from device
2023-01-16 15:44 [PATCH 4.19 000/521] 4.19.270-rc1 review Greg Kroah-Hartman
` (84 preceding siblings ...)
2023-01-16 15:45 ` [PATCH 4.19 085/521] can: kvaser_usb: do not increase tx statistics when sending error message frames Greg Kroah-Hartman
@ 2023-01-16 15:45 ` Greg Kroah-Hartman
2023-01-16 15:45 ` [PATCH 4.19 087/521] can: kvaser_usb: kvaser_usb_leaf: Rename {leaf,usbcan}_cmd_error_event to {leaf,usbcan}_cmd_can_error_event Greg Kroah-Hartman
` (438 subsequent siblings)
524 siblings, 0 replies; 529+ messages in thread
From: Greg Kroah-Hartman @ 2023-01-16 15:45 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Anssi Hannula, Jimmy Assarsson,
Marc Kleine-Budde, Sasha Levin
From: Jimmy Assarsson <extja@kvaser.com>
[ Upstream commit 35364f5b41a4917fe94a3f393d149b63ec583297 ]
Use the CMD_GET_CAPABILITIES_REQ command to query the device for certain
capabilities. We are only interested in LISTENONLY mode and wither the
device reports CAN error counters.
Fixes: 080f40a6fa28 ("can: kvaser_usb: Add support for Kvaser CAN/USB devices")
Reported-by: Anssi Hannula <anssi.hannula@bitwise.fi>
Tested-by: Anssi Hannula <anssi.hannula@bitwise.fi>
Signed-off-by: Jimmy Assarsson <extja@kvaser.com>
Link: https://lore.kernel.org/all/20221010185237.319219-3-extja@kvaser.com
Signed-off-by: Marc Kleine-Budde <mkl@pengutronix.de>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
.../net/can/usb/kvaser_usb/kvaser_usb_leaf.c | 144 +++++++++++++++++-
1 file changed, 143 insertions(+), 1 deletion(-)
diff --git a/drivers/net/can/usb/kvaser_usb/kvaser_usb_leaf.c b/drivers/net/can/usb/kvaser_usb/kvaser_usb_leaf.c
index 15380cc08ee6..26f32828f905 100644
--- a/drivers/net/can/usb/kvaser_usb/kvaser_usb_leaf.c
+++ b/drivers/net/can/usb/kvaser_usb/kvaser_usb_leaf.c
@@ -73,6 +73,8 @@
#define CMD_TX_ACKNOWLEDGE 50
#define CMD_CAN_ERROR_EVENT 51
#define CMD_FLUSH_QUEUE_REPLY 68
+#define CMD_GET_CAPABILITIES_REQ 95
+#define CMD_GET_CAPABILITIES_RESP 96
#define CMD_LEAF_LOG_MESSAGE 106
@@ -82,6 +84,8 @@
#define KVASER_USB_LEAF_SWOPTION_FREQ_32_MHZ_CLK BIT(5)
#define KVASER_USB_LEAF_SWOPTION_FREQ_24_MHZ_CLK BIT(6)
+#define KVASER_USB_LEAF_SWOPTION_EXT_CAP BIT(12)
+
/* error factors */
#define M16C_EF_ACKE BIT(0)
#define M16C_EF_CRCE BIT(1)
@@ -277,6 +281,28 @@ struct leaf_cmd_log_message {
u8 data[8];
} __packed;
+/* Sub commands for cap_req and cap_res */
+#define KVASER_USB_LEAF_CAP_CMD_LISTEN_MODE 0x02
+#define KVASER_USB_LEAF_CAP_CMD_ERR_REPORT 0x05
+struct kvaser_cmd_cap_req {
+ __le16 padding0;
+ __le16 cap_cmd;
+ __le16 padding1;
+ __le16 channel;
+} __packed;
+
+/* Status codes for cap_res */
+#define KVASER_USB_LEAF_CAP_STAT_OK 0x00
+#define KVASER_USB_LEAF_CAP_STAT_NOT_IMPL 0x01
+#define KVASER_USB_LEAF_CAP_STAT_UNAVAIL 0x02
+struct kvaser_cmd_cap_res {
+ __le16 padding;
+ __le16 cap_cmd;
+ __le16 status;
+ __le32 mask;
+ __le32 value;
+} __packed;
+
struct kvaser_cmd {
u8 len;
u8 id;
@@ -294,6 +320,8 @@ struct kvaser_cmd {
struct leaf_cmd_chip_state_event chip_state_event;
struct leaf_cmd_error_event error_event;
struct leaf_cmd_log_message log_message;
+ struct kvaser_cmd_cap_req cap_req;
+ struct kvaser_cmd_cap_res cap_res;
} __packed leaf;
union {
@@ -323,6 +351,7 @@ static const u8 kvaser_usb_leaf_cmd_sizes_leaf[] = {
[CMD_LEAF_LOG_MESSAGE] = kvaser_fsize(u.leaf.log_message),
[CMD_CHIP_STATE_EVENT] = kvaser_fsize(u.leaf.chip_state_event),
[CMD_CAN_ERROR_EVENT] = kvaser_fsize(u.leaf.error_event),
+ [CMD_GET_CAPABILITIES_RESP] = kvaser_fsize(u.leaf.cap_res),
/* ignored events: */
[CMD_FLUSH_QUEUE_REPLY] = CMD_SIZE_ANY,
};
@@ -607,6 +636,9 @@ static void kvaser_usb_leaf_get_software_info_leaf(struct kvaser_usb *dev,
dev->fw_version = le32_to_cpu(softinfo->fw_version);
dev->max_tx_urbs = le16_to_cpu(softinfo->max_outstanding_tx);
+ if (sw_options & KVASER_USB_LEAF_SWOPTION_EXT_CAP)
+ dev->card_data.capabilities |= KVASER_USB_CAP_EXT_CAP;
+
if (dev->driver_info->quirks & KVASER_USB_QUIRK_IGNORE_CLK_FREQ) {
/* Firmware expects bittiming parameters calculated for 16MHz
* clock, regardless of the actual clock
@@ -694,6 +726,116 @@ static int kvaser_usb_leaf_get_card_info(struct kvaser_usb *dev)
return 0;
}
+static int kvaser_usb_leaf_get_single_capability(struct kvaser_usb *dev,
+ u16 cap_cmd_req, u16 *status)
+{
+ struct kvaser_usb_dev_card_data *card_data = &dev->card_data;
+ struct kvaser_cmd *cmd;
+ u32 value = 0;
+ u32 mask = 0;
+ u16 cap_cmd_res;
+ int err;
+ int i;
+
+ cmd = kzalloc(sizeof(*cmd), GFP_KERNEL);
+ if (!cmd)
+ return -ENOMEM;
+
+ cmd->id = CMD_GET_CAPABILITIES_REQ;
+ cmd->u.leaf.cap_req.cap_cmd = cpu_to_le16(cap_cmd_req);
+ cmd->len = CMD_HEADER_LEN + sizeof(struct kvaser_cmd_cap_req);
+
+ err = kvaser_usb_send_cmd(dev, cmd, cmd->len);
+ if (err)
+ goto end;
+
+ err = kvaser_usb_leaf_wait_cmd(dev, CMD_GET_CAPABILITIES_RESP, cmd);
+ if (err)
+ goto end;
+
+ *status = le16_to_cpu(cmd->u.leaf.cap_res.status);
+
+ if (*status != KVASER_USB_LEAF_CAP_STAT_OK)
+ goto end;
+
+ cap_cmd_res = le16_to_cpu(cmd->u.leaf.cap_res.cap_cmd);
+ switch (cap_cmd_res) {
+ case KVASER_USB_LEAF_CAP_CMD_LISTEN_MODE:
+ case KVASER_USB_LEAF_CAP_CMD_ERR_REPORT:
+ value = le32_to_cpu(cmd->u.leaf.cap_res.value);
+ mask = le32_to_cpu(cmd->u.leaf.cap_res.mask);
+ break;
+ default:
+ dev_warn(&dev->intf->dev, "Unknown capability command %u\n",
+ cap_cmd_res);
+ break;
+ }
+
+ for (i = 0; i < dev->nchannels; i++) {
+ if (BIT(i) & (value & mask)) {
+ switch (cap_cmd_res) {
+ case KVASER_USB_LEAF_CAP_CMD_LISTEN_MODE:
+ card_data->ctrlmode_supported |=
+ CAN_CTRLMODE_LISTENONLY;
+ break;
+ case KVASER_USB_LEAF_CAP_CMD_ERR_REPORT:
+ card_data->capabilities |=
+ KVASER_USB_CAP_BERR_CAP;
+ break;
+ }
+ }
+ }
+
+end:
+ kfree(cmd);
+
+ return err;
+}
+
+static int kvaser_usb_leaf_get_capabilities_leaf(struct kvaser_usb *dev)
+{
+ int err;
+ u16 status;
+
+ if (!(dev->card_data.capabilities & KVASER_USB_CAP_EXT_CAP)) {
+ dev_info(&dev->intf->dev,
+ "No extended capability support. Upgrade device firmware.\n");
+ return 0;
+ }
+
+ err = kvaser_usb_leaf_get_single_capability(dev,
+ KVASER_USB_LEAF_CAP_CMD_LISTEN_MODE,
+ &status);
+ if (err)
+ return err;
+ if (status)
+ dev_info(&dev->intf->dev,
+ "KVASER_USB_LEAF_CAP_CMD_LISTEN_MODE failed %u\n",
+ status);
+
+ err = kvaser_usb_leaf_get_single_capability(dev,
+ KVASER_USB_LEAF_CAP_CMD_ERR_REPORT,
+ &status);
+ if (err)
+ return err;
+ if (status)
+ dev_info(&dev->intf->dev,
+ "KVASER_USB_LEAF_CAP_CMD_ERR_REPORT failed %u\n",
+ status);
+
+ return 0;
+}
+
+static int kvaser_usb_leaf_get_capabilities(struct kvaser_usb *dev)
+{
+ int err = 0;
+
+ if (dev->driver_info->family == KVASER_LEAF)
+ err = kvaser_usb_leaf_get_capabilities_leaf(dev);
+
+ return err;
+}
+
static void kvaser_usb_leaf_tx_acknowledge(const struct kvaser_usb *dev,
const struct kvaser_cmd *cmd)
{
@@ -1490,7 +1632,7 @@ const struct kvaser_usb_dev_ops kvaser_usb_leaf_dev_ops = {
.dev_get_software_info = kvaser_usb_leaf_get_software_info,
.dev_get_software_details = NULL,
.dev_get_card_info = kvaser_usb_leaf_get_card_info,
- .dev_get_capabilities = NULL,
+ .dev_get_capabilities = kvaser_usb_leaf_get_capabilities,
.dev_set_opt_mode = kvaser_usb_leaf_set_opt_mode,
.dev_start_chip = kvaser_usb_leaf_start_chip,
.dev_stop_chip = kvaser_usb_leaf_stop_chip,
--
2.35.1
^ permalink raw reply related [flat|nested] 529+ messages in thread
* [PATCH 4.19 087/521] can: kvaser_usb: kvaser_usb_leaf: Rename {leaf,usbcan}_cmd_error_event to {leaf,usbcan}_cmd_can_error_event
2023-01-16 15:44 [PATCH 4.19 000/521] 4.19.270-rc1 review Greg Kroah-Hartman
` (85 preceding siblings ...)
2023-01-16 15:45 ` [PATCH 4.19 086/521] can: kvaser_usb: kvaser_usb_leaf: Get capabilities from device Greg Kroah-Hartman
@ 2023-01-16 15:45 ` Greg Kroah-Hartman
2023-01-16 15:45 ` [PATCH 4.19 088/521] can: kvaser_usb: kvaser_usb_leaf: Handle CMD_ERROR_EVENT Greg Kroah-Hartman
` (437 subsequent siblings)
524 siblings, 0 replies; 529+ messages in thread
From: Greg Kroah-Hartman @ 2023-01-16 15:45 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Anssi Hannula, Jimmy Assarsson,
Marc Kleine-Budde, Sasha Levin
From: Jimmy Assarsson <extja@kvaser.com>
[ Upstream commit 7ea56128dbf904a3359bcf9289cccdfa3c85c7e8 ]
Prepare for handling CMD_ERROR_EVENT. Rename struct
{leaf,usbcan}_cmd_error_event to {leaf,usbcan}_cmd_can_error_event.
Fixes: 080f40a6fa28 ("can: kvaser_usb: Add support for Kvaser CAN/USB devices")
Reported-by: Anssi Hannula <anssi.hannula@bitwise.fi>
Tested-by: Anssi Hannula <anssi.hannula@bitwise.fi>
Signed-off-by: Jimmy Assarsson <extja@kvaser.com>
Link: https://lore.kernel.org/all/20221010185237.319219-4-extja@kvaser.com
Signed-off-by: Marc Kleine-Budde <mkl@pengutronix.de>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
.../net/can/usb/kvaser_usb/kvaser_usb_leaf.c | 38 +++++++++----------
1 file changed, 19 insertions(+), 19 deletions(-)
diff --git a/drivers/net/can/usb/kvaser_usb/kvaser_usb_leaf.c b/drivers/net/can/usb/kvaser_usb/kvaser_usb_leaf.c
index 26f32828f905..4f3d1150b2b2 100644
--- a/drivers/net/can/usb/kvaser_usb/kvaser_usb_leaf.c
+++ b/drivers/net/can/usb/kvaser_usb/kvaser_usb_leaf.c
@@ -233,7 +233,7 @@ struct kvaser_cmd_tx_acknowledge_header {
u8 tid;
} __packed;
-struct leaf_cmd_error_event {
+struct leaf_cmd_can_error_event {
u8 tid;
u8 flags;
__le16 time[3];
@@ -245,7 +245,7 @@ struct leaf_cmd_error_event {
u8 error_factor;
} __packed;
-struct usbcan_cmd_error_event {
+struct usbcan_cmd_can_error_event {
u8 tid;
u8 padding;
u8 tx_errors_count_ch0;
@@ -318,7 +318,7 @@ struct kvaser_cmd {
struct leaf_cmd_softinfo softinfo;
struct leaf_cmd_rx_can rx_can;
struct leaf_cmd_chip_state_event chip_state_event;
- struct leaf_cmd_error_event error_event;
+ struct leaf_cmd_can_error_event can_error_event;
struct leaf_cmd_log_message log_message;
struct kvaser_cmd_cap_req cap_req;
struct kvaser_cmd_cap_res cap_res;
@@ -328,7 +328,7 @@ struct kvaser_cmd {
struct usbcan_cmd_softinfo softinfo;
struct usbcan_cmd_rx_can rx_can;
struct usbcan_cmd_chip_state_event chip_state_event;
- struct usbcan_cmd_error_event error_event;
+ struct usbcan_cmd_can_error_event can_error_event;
} __packed usbcan;
struct kvaser_cmd_tx_can tx_can;
@@ -350,7 +350,7 @@ static const u8 kvaser_usb_leaf_cmd_sizes_leaf[] = {
[CMD_RX_EXT_MESSAGE] = kvaser_fsize(u.leaf.rx_can),
[CMD_LEAF_LOG_MESSAGE] = kvaser_fsize(u.leaf.log_message),
[CMD_CHIP_STATE_EVENT] = kvaser_fsize(u.leaf.chip_state_event),
- [CMD_CAN_ERROR_EVENT] = kvaser_fsize(u.leaf.error_event),
+ [CMD_CAN_ERROR_EVENT] = kvaser_fsize(u.leaf.can_error_event),
[CMD_GET_CAPABILITIES_RESP] = kvaser_fsize(u.leaf.cap_res),
/* ignored events: */
[CMD_FLUSH_QUEUE_REPLY] = CMD_SIZE_ANY,
@@ -365,7 +365,7 @@ static const u8 kvaser_usb_leaf_cmd_sizes_usbcan[] = {
[CMD_RX_STD_MESSAGE] = kvaser_fsize(u.usbcan.rx_can),
[CMD_RX_EXT_MESSAGE] = kvaser_fsize(u.usbcan.rx_can),
[CMD_CHIP_STATE_EVENT] = kvaser_fsize(u.usbcan.chip_state_event),
- [CMD_CAN_ERROR_EVENT] = kvaser_fsize(u.usbcan.error_event),
+ [CMD_CAN_ERROR_EVENT] = kvaser_fsize(u.usbcan.can_error_event),
/* ignored events: */
[CMD_USBCAN_CLOCK_OVERFLOW_EVENT] = CMD_SIZE_ANY,
};
@@ -1137,11 +1137,11 @@ static void kvaser_usb_leaf_usbcan_rx_error(const struct kvaser_usb *dev,
case CMD_CAN_ERROR_EVENT:
es.channel = 0;
- es.status = cmd->u.usbcan.error_event.status_ch0;
- es.txerr = cmd->u.usbcan.error_event.tx_errors_count_ch0;
- es.rxerr = cmd->u.usbcan.error_event.rx_errors_count_ch0;
+ es.status = cmd->u.usbcan.can_error_event.status_ch0;
+ es.txerr = cmd->u.usbcan.can_error_event.tx_errors_count_ch0;
+ es.rxerr = cmd->u.usbcan.can_error_event.rx_errors_count_ch0;
es.usbcan.other_ch_status =
- cmd->u.usbcan.error_event.status_ch1;
+ cmd->u.usbcan.can_error_event.status_ch1;
kvaser_usb_leaf_usbcan_conditionally_rx_error(dev, &es);
/* The USBCAN firmware supports up to 2 channels.
@@ -1149,13 +1149,13 @@ static void kvaser_usb_leaf_usbcan_rx_error(const struct kvaser_usb *dev,
*/
if (dev->nchannels == MAX_USBCAN_NET_DEVICES) {
es.channel = 1;
- es.status = cmd->u.usbcan.error_event.status_ch1;
+ es.status = cmd->u.usbcan.can_error_event.status_ch1;
es.txerr =
- cmd->u.usbcan.error_event.tx_errors_count_ch1;
+ cmd->u.usbcan.can_error_event.tx_errors_count_ch1;
es.rxerr =
- cmd->u.usbcan.error_event.rx_errors_count_ch1;
+ cmd->u.usbcan.can_error_event.rx_errors_count_ch1;
es.usbcan.other_ch_status =
- cmd->u.usbcan.error_event.status_ch0;
+ cmd->u.usbcan.can_error_event.status_ch0;
kvaser_usb_leaf_usbcan_conditionally_rx_error(dev, &es);
}
break;
@@ -1172,11 +1172,11 @@ static void kvaser_usb_leaf_leaf_rx_error(const struct kvaser_usb *dev,
switch (cmd->id) {
case CMD_CAN_ERROR_EVENT:
- es.channel = cmd->u.leaf.error_event.channel;
- es.status = cmd->u.leaf.error_event.status;
- es.txerr = cmd->u.leaf.error_event.tx_errors_count;
- es.rxerr = cmd->u.leaf.error_event.rx_errors_count;
- es.leaf.error_factor = cmd->u.leaf.error_event.error_factor;
+ es.channel = cmd->u.leaf.can_error_event.channel;
+ es.status = cmd->u.leaf.can_error_event.status;
+ es.txerr = cmd->u.leaf.can_error_event.tx_errors_count;
+ es.rxerr = cmd->u.leaf.can_error_event.rx_errors_count;
+ es.leaf.error_factor = cmd->u.leaf.can_error_event.error_factor;
break;
case CMD_LEAF_LOG_MESSAGE:
es.channel = cmd->u.leaf.log_message.channel;
--
2.35.1
^ permalink raw reply related [flat|nested] 529+ messages in thread
* [PATCH 4.19 088/521] can: kvaser_usb: kvaser_usb_leaf: Handle CMD_ERROR_EVENT
2023-01-16 15:44 [PATCH 4.19 000/521] 4.19.270-rc1 review Greg Kroah-Hartman
` (86 preceding siblings ...)
2023-01-16 15:45 ` [PATCH 4.19 087/521] can: kvaser_usb: kvaser_usb_leaf: Rename {leaf,usbcan}_cmd_error_event to {leaf,usbcan}_cmd_can_error_event Greg Kroah-Hartman
@ 2023-01-16 15:45 ` Greg Kroah-Hartman
2023-01-16 15:45 ` [PATCH 4.19 089/521] can: kvaser_usb_leaf: Set Warning state even without bus errors Greg Kroah-Hartman
` (436 subsequent siblings)
524 siblings, 0 replies; 529+ messages in thread
From: Greg Kroah-Hartman @ 2023-01-16 15:45 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Anssi Hannula, Jimmy Assarsson,
Marc Kleine-Budde, Sasha Levin
From: Jimmy Assarsson <extja@kvaser.com>
[ Upstream commit b24cb2d169e0c9dce664a959e1f2aa9781285dc9 ]
The device will send an error event command, to indicate certain errors.
This indicates a misbehaving driver, and should never occur.
Fixes: 080f40a6fa28 ("can: kvaser_usb: Add support for Kvaser CAN/USB devices")
Tested-by: Anssi Hannula <anssi.hannula@bitwise.fi>
Co-developed-by: Anssi Hannula <anssi.hannula@bitwise.fi>
Signed-off-by: Anssi Hannula <anssi.hannula@bitwise.fi>
Signed-off-by: Jimmy Assarsson <extja@kvaser.com>
Link: https://lore.kernel.org/all/20221010185237.319219-5-extja@kvaser.com
Signed-off-by: Marc Kleine-Budde <mkl@pengutronix.de>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
.../net/can/usb/kvaser_usb/kvaser_usb_leaf.c | 99 +++++++++++++++++++
1 file changed, 99 insertions(+)
diff --git a/drivers/net/can/usb/kvaser_usb/kvaser_usb_leaf.c b/drivers/net/can/usb/kvaser_usb/kvaser_usb_leaf.c
index 4f3d1150b2b2..3c3e78992b55 100644
--- a/drivers/net/can/usb/kvaser_usb/kvaser_usb_leaf.c
+++ b/drivers/net/can/usb/kvaser_usb/kvaser_usb_leaf.c
@@ -69,6 +69,7 @@
#define CMD_GET_CARD_INFO_REPLY 35
#define CMD_GET_SOFTWARE_INFO 38
#define CMD_GET_SOFTWARE_INFO_REPLY 39
+#define CMD_ERROR_EVENT 45
#define CMD_FLUSH_QUEUE 48
#define CMD_TX_ACKNOWLEDGE 50
#define CMD_CAN_ERROR_EVENT 51
@@ -257,6 +258,28 @@ struct usbcan_cmd_can_error_event {
__le16 time;
} __packed;
+/* CMD_ERROR_EVENT error codes */
+#define KVASER_USB_LEAF_ERROR_EVENT_TX_QUEUE_FULL 0x8
+#define KVASER_USB_LEAF_ERROR_EVENT_PARAM 0x9
+
+struct leaf_cmd_error_event {
+ u8 tid;
+ u8 error_code;
+ __le16 timestamp[3];
+ __le16 padding;
+ __le16 info1;
+ __le16 info2;
+} __packed;
+
+struct usbcan_cmd_error_event {
+ u8 tid;
+ u8 error_code;
+ __le16 info1;
+ __le16 info2;
+ __le16 timestamp;
+ __le16 padding;
+} __packed;
+
struct kvaser_cmd_ctrl_mode {
u8 tid;
u8 channel;
@@ -320,6 +343,7 @@ struct kvaser_cmd {
struct leaf_cmd_chip_state_event chip_state_event;
struct leaf_cmd_can_error_event can_error_event;
struct leaf_cmd_log_message log_message;
+ struct leaf_cmd_error_event error_event;
struct kvaser_cmd_cap_req cap_req;
struct kvaser_cmd_cap_res cap_res;
} __packed leaf;
@@ -329,6 +353,7 @@ struct kvaser_cmd {
struct usbcan_cmd_rx_can rx_can;
struct usbcan_cmd_chip_state_event chip_state_event;
struct usbcan_cmd_can_error_event can_error_event;
+ struct usbcan_cmd_error_event error_event;
} __packed usbcan;
struct kvaser_cmd_tx_can tx_can;
@@ -352,6 +377,7 @@ static const u8 kvaser_usb_leaf_cmd_sizes_leaf[] = {
[CMD_CHIP_STATE_EVENT] = kvaser_fsize(u.leaf.chip_state_event),
[CMD_CAN_ERROR_EVENT] = kvaser_fsize(u.leaf.can_error_event),
[CMD_GET_CAPABILITIES_RESP] = kvaser_fsize(u.leaf.cap_res),
+ [CMD_ERROR_EVENT] = kvaser_fsize(u.leaf.error_event),
/* ignored events: */
[CMD_FLUSH_QUEUE_REPLY] = CMD_SIZE_ANY,
};
@@ -366,6 +392,7 @@ static const u8 kvaser_usb_leaf_cmd_sizes_usbcan[] = {
[CMD_RX_EXT_MESSAGE] = kvaser_fsize(u.usbcan.rx_can),
[CMD_CHIP_STATE_EVENT] = kvaser_fsize(u.usbcan.chip_state_event),
[CMD_CAN_ERROR_EVENT] = kvaser_fsize(u.usbcan.can_error_event),
+ [CMD_ERROR_EVENT] = kvaser_fsize(u.usbcan.error_event),
/* ignored events: */
[CMD_USBCAN_CLOCK_OVERFLOW_EVENT] = CMD_SIZE_ANY,
};
@@ -1308,6 +1335,74 @@ static void kvaser_usb_leaf_rx_can_msg(const struct kvaser_usb *dev,
netif_rx(skb);
}
+static void kvaser_usb_leaf_error_event_parameter(const struct kvaser_usb *dev,
+ const struct kvaser_cmd *cmd)
+{
+ u16 info1 = 0;
+
+ switch (dev->driver_info->family) {
+ case KVASER_LEAF:
+ info1 = le16_to_cpu(cmd->u.leaf.error_event.info1);
+ break;
+ case KVASER_USBCAN:
+ info1 = le16_to_cpu(cmd->u.usbcan.error_event.info1);
+ break;
+ }
+
+ /* info1 will contain the offending cmd_no */
+ switch (info1) {
+ case CMD_SET_CTRL_MODE:
+ dev_warn(&dev->intf->dev,
+ "CMD_SET_CTRL_MODE error in parameter\n");
+ break;
+
+ case CMD_SET_BUS_PARAMS:
+ dev_warn(&dev->intf->dev,
+ "CMD_SET_BUS_PARAMS error in parameter\n");
+ break;
+
+ default:
+ dev_warn(&dev->intf->dev,
+ "Unhandled parameter error event cmd_no (%u)\n",
+ info1);
+ break;
+ }
+}
+
+static void kvaser_usb_leaf_error_event(const struct kvaser_usb *dev,
+ const struct kvaser_cmd *cmd)
+{
+ u8 error_code = 0;
+
+ switch (dev->driver_info->family) {
+ case KVASER_LEAF:
+ error_code = cmd->u.leaf.error_event.error_code;
+ break;
+ case KVASER_USBCAN:
+ error_code = cmd->u.usbcan.error_event.error_code;
+ break;
+ }
+
+ switch (error_code) {
+ case KVASER_USB_LEAF_ERROR_EVENT_TX_QUEUE_FULL:
+ /* Received additional CAN message, when firmware TX queue is
+ * already full. Something is wrong with the driver.
+ * This should never happen!
+ */
+ dev_err(&dev->intf->dev,
+ "Received error event TX_QUEUE_FULL\n");
+ break;
+ case KVASER_USB_LEAF_ERROR_EVENT_PARAM:
+ kvaser_usb_leaf_error_event_parameter(dev, cmd);
+ break;
+
+ default:
+ dev_warn(&dev->intf->dev,
+ "Unhandled error event (%d)\n", error_code);
+ break;
+ }
+}
+
static void kvaser_usb_leaf_start_chip_reply(const struct kvaser_usb *dev,
const struct kvaser_cmd *cmd)
{
@@ -1386,6 +1481,10 @@ static void kvaser_usb_leaf_handle_command(const struct kvaser_usb *dev,
kvaser_usb_leaf_tx_acknowledge(dev, cmd);
break;
+ case CMD_ERROR_EVENT:
+ kvaser_usb_leaf_error_event(dev, cmd);
+ break;
+
/* Ignored commands */
case CMD_USBCAN_CLOCK_OVERFLOW_EVENT:
if (dev->driver_info->family != KVASER_USBCAN)
--
2.35.1
^ permalink raw reply related [flat|nested] 529+ messages in thread
* [PATCH 4.19 089/521] can: kvaser_usb_leaf: Set Warning state even without bus errors
2023-01-16 15:44 [PATCH 4.19 000/521] 4.19.270-rc1 review Greg Kroah-Hartman
` (87 preceding siblings ...)
2023-01-16 15:45 ` [PATCH 4.19 088/521] can: kvaser_usb: kvaser_usb_leaf: Handle CMD_ERROR_EVENT Greg Kroah-Hartman
@ 2023-01-16 15:45 ` Greg Kroah-Hartman
2023-01-16 15:45 ` [PATCH 4.19 090/521] can: kvaser_usb_leaf: Fix improved state not being reported Greg Kroah-Hartman
` (435 subsequent siblings)
524 siblings, 0 replies; 529+ messages in thread
From: Greg Kroah-Hartman @ 2023-01-16 15:45 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Jimmy Assarsson, Anssi Hannula,
Marc Kleine-Budde, Sasha Levin
From: Anssi Hannula <anssi.hannula@bitwise.fi>
[ Upstream commit df1b7af2761b935f63b4a53e789d41ed859edf61 ]
kvaser_usb_leaf_rx_error_update_can_state() sets error state according
to error counters when the hardware does not indicate a specific state
directly.
However, this is currently gated behind a check for
M16C_STATE_BUS_ERROR which does not always seem to be set when error
counters are increasing, and may not be set when error counters are
decreasing.
This causes the CAN_STATE_ERROR_WARNING state to not be set in some
cases even when appropriate.
Change the code to set error state from counters even without
M16C_STATE_BUS_ERROR.
The Error-Passive case seems superfluous as it is already set via
M16C_STATE_BUS_PASSIVE flag above, but it is kept for now.
Tested with 0bfd:0124 Kvaser Mini PCI Express 2xHS FW 4.18.778.
Fixes: 080f40a6fa28 ("can: kvaser_usb: Add support for Kvaser CAN/USB devices")
Tested-by: Jimmy Assarsson <extja@kvaser.com>
Signed-off-by: Anssi Hannula <anssi.hannula@bitwise.fi>
Signed-off-by: Jimmy Assarsson <extja@kvaser.com>
Link: https://lore.kernel.org/all/20221010185237.319219-6-extja@kvaser.com
Signed-off-by: Marc Kleine-Budde <mkl@pengutronix.de>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
.../net/can/usb/kvaser_usb/kvaser_usb_leaf.c | 20 ++++++++-----------
1 file changed, 8 insertions(+), 12 deletions(-)
diff --git a/drivers/net/can/usb/kvaser_usb/kvaser_usb_leaf.c b/drivers/net/can/usb/kvaser_usb/kvaser_usb_leaf.c
index 3c3e78992b55..b43631eaccf1 100644
--- a/drivers/net/can/usb/kvaser_usb/kvaser_usb_leaf.c
+++ b/drivers/net/can/usb/kvaser_usb/kvaser_usb_leaf.c
@@ -965,20 +965,16 @@ kvaser_usb_leaf_rx_error_update_can_state(struct kvaser_usb_net_priv *priv,
new_state = CAN_STATE_BUS_OFF;
} else if (es->status & M16C_STATE_BUS_PASSIVE) {
new_state = CAN_STATE_ERROR_PASSIVE;
- } else if (es->status & M16C_STATE_BUS_ERROR) {
+ } else if ((es->status & M16C_STATE_BUS_ERROR) &&
+ cur_state >= CAN_STATE_BUS_OFF) {
/* Guard against spurious error events after a busoff */
- if (cur_state < CAN_STATE_BUS_OFF) {
- if (es->txerr >= 128 || es->rxerr >= 128)
- new_state = CAN_STATE_ERROR_PASSIVE;
- else if (es->txerr >= 96 || es->rxerr >= 96)
- new_state = CAN_STATE_ERROR_WARNING;
- else if (cur_state > CAN_STATE_ERROR_ACTIVE)
- new_state = CAN_STATE_ERROR_ACTIVE;
- }
- }
-
- if (!es->status)
+ } else if (es->txerr >= 128 || es->rxerr >= 128) {
+ new_state = CAN_STATE_ERROR_PASSIVE;
+ } else if (es->txerr >= 96 || es->rxerr >= 96) {
+ new_state = CAN_STATE_ERROR_WARNING;
+ } else {
new_state = CAN_STATE_ERROR_ACTIVE;
+ }
if (new_state != cur_state) {
tx_state = (es->txerr >= es->rxerr) ? new_state : 0;
--
2.35.1
^ permalink raw reply related [flat|nested] 529+ messages in thread
* [PATCH 4.19 090/521] can: kvaser_usb_leaf: Fix improved state not being reported
2023-01-16 15:44 [PATCH 4.19 000/521] 4.19.270-rc1 review Greg Kroah-Hartman
` (88 preceding siblings ...)
2023-01-16 15:45 ` [PATCH 4.19 089/521] can: kvaser_usb_leaf: Set Warning state even without bus errors Greg Kroah-Hartman
@ 2023-01-16 15:45 ` Greg Kroah-Hartman
2023-01-16 15:45 ` [PATCH 4.19 091/521] can: kvaser_usb_leaf: Fix wrong CAN state after stopping Greg Kroah-Hartman
` (434 subsequent siblings)
524 siblings, 0 replies; 529+ messages in thread
From: Greg Kroah-Hartman @ 2023-01-16 15:45 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Jimmy Assarsson, Anssi Hannula,
Marc Kleine-Budde, Sasha Levin
From: Anssi Hannula <anssi.hannula@bitwise.fi>
[ Upstream commit 8d21f5927ae604881f98587fabf6753f88730968 ]
The tested 0bfd:0017 Kvaser Memorator Professional HS/HS FW 2.0.50 and
0bfd:0124 Kvaser Mini PCI Express 2xHS FW 4.18.778 do not seem to send
any unsolicited events when error counters decrease or when the device
transitions from ERROR_PASSIVE to ERROR_ACTIVE (or WARNING).
This causes the interface to e.g. indefinitely stay in the ERROR_PASSIVE
state.
Fix that by asking for chip state (inc. counters) event every 0.5 secs
when error counters are non-zero.
Since there are non-error-counter devices, also always poll in
ERROR_PASSIVE even if the counters show zero.
Fixes: 080f40a6fa28 ("can: kvaser_usb: Add support for Kvaser CAN/USB devices")
Tested-by: Jimmy Assarsson <extja@kvaser.com>
Signed-off-by: Anssi Hannula <anssi.hannula@bitwise.fi>
Signed-off-by: Jimmy Assarsson <extja@kvaser.com>
Link: https://lore.kernel.org/all/20221010185237.319219-7-extja@kvaser.com
Signed-off-by: Marc Kleine-Budde <mkl@pengutronix.de>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/can/usb/kvaser_usb/kvaser_usb.h | 7 +++
.../net/can/usb/kvaser_usb/kvaser_usb_core.c | 19 +++++-
.../net/can/usb/kvaser_usb/kvaser_usb_leaf.c | 58 +++++++++++++++++++
3 files changed, 81 insertions(+), 3 deletions(-)
diff --git a/drivers/net/can/usb/kvaser_usb/kvaser_usb.h b/drivers/net/can/usb/kvaser_usb/kvaser_usb.h
index 62958f04a2f2..1f4583f1dae2 100644
--- a/drivers/net/can/usb/kvaser_usb/kvaser_usb.h
+++ b/drivers/net/can/usb/kvaser_usb/kvaser_usb.h
@@ -104,6 +104,9 @@ struct kvaser_usb_net_priv {
struct can_priv can;
struct can_berr_counter bec;
+ /* subdriver-specific data */
+ void *sub_priv;
+
struct kvaser_usb *dev;
struct net_device *netdev;
int channel;
@@ -125,6 +128,8 @@ struct kvaser_usb_net_priv {
*
* @dev_setup_endpoints: setup USB in and out endpoints
* @dev_init_card: initialize card
+ * @dev_init_channel: initialize channel
+ * @dev_remove_channel: uninitialize channel
* @dev_get_software_info: get software info
* @dev_get_software_details: get software details
* @dev_get_card_info: get card info
@@ -146,6 +151,8 @@ struct kvaser_usb_dev_ops {
struct can_berr_counter *bec);
int (*dev_setup_endpoints)(struct kvaser_usb *dev);
int (*dev_init_card)(struct kvaser_usb *dev);
+ int (*dev_init_channel)(struct kvaser_usb_net_priv *priv);
+ void (*dev_remove_channel)(struct kvaser_usb_net_priv *priv);
int (*dev_get_software_info)(struct kvaser_usb *dev);
int (*dev_get_software_details)(struct kvaser_usb *dev);
int (*dev_get_card_info)(struct kvaser_usb *dev);
diff --git a/drivers/net/can/usb/kvaser_usb/kvaser_usb_core.c b/drivers/net/can/usb/kvaser_usb/kvaser_usb_core.c
index 379df22d5123..e00afb94ec6c 100644
--- a/drivers/net/can/usb/kvaser_usb/kvaser_usb_core.c
+++ b/drivers/net/can/usb/kvaser_usb/kvaser_usb_core.c
@@ -645,6 +645,7 @@ static const struct net_device_ops kvaser_usb_netdev_ops = {
static void kvaser_usb_remove_interfaces(struct kvaser_usb *dev)
{
+ const struct kvaser_usb_dev_ops *ops = dev->driver_info->ops;
int i;
for (i = 0; i < dev->nchannels; i++) {
@@ -660,6 +661,9 @@ static void kvaser_usb_remove_interfaces(struct kvaser_usb *dev)
if (!dev->nets[i])
continue;
+ if (ops->dev_remove_channel)
+ ops->dev_remove_channel(dev->nets[i]);
+
free_candev(dev->nets[i]->netdev);
}
}
@@ -728,17 +732,26 @@ static int kvaser_usb_init_one(struct kvaser_usb *dev, int channel)
dev->nets[channel] = priv;
+ if (ops->dev_init_channel) {
+ err = ops->dev_init_channel(priv);
+ if (err)
+ goto err;
+ }
+
err = register_candev(netdev);
if (err) {
dev_err(&dev->intf->dev, "Failed to register CAN device\n");
- free_candev(netdev);
- dev->nets[channel] = NULL;
- return err;
+ goto err;
}
netdev_dbg(netdev, "device registered\n");
return 0;
+
+err:
+ free_candev(netdev);
+ dev->nets[channel] = NULL;
+ return err;
}
static int kvaser_usb_probe(struct usb_interface *intf,
diff --git a/drivers/net/can/usb/kvaser_usb/kvaser_usb_leaf.c b/drivers/net/can/usb/kvaser_usb/kvaser_usb_leaf.c
index b43631eaccf1..6d45ae6f2a08 100644
--- a/drivers/net/can/usb/kvaser_usb/kvaser_usb_leaf.c
+++ b/drivers/net/can/usb/kvaser_usb/kvaser_usb_leaf.c
@@ -20,6 +20,7 @@
#include <linux/string.h>
#include <linux/types.h>
#include <linux/usb.h>
+#include <linux/workqueue.h>
#include <linux/can.h>
#include <linux/can/dev.h>
@@ -55,6 +56,7 @@
#define CMD_RX_EXT_MESSAGE 14
#define CMD_TX_EXT_MESSAGE 15
#define CMD_SET_BUS_PARAMS 16
+#define CMD_GET_CHIP_STATE 19
#define CMD_CHIP_STATE_EVENT 20
#define CMD_SET_CTRL_MODE 21
#define CMD_RESET_CHIP 24
@@ -420,6 +422,12 @@ struct kvaser_usb_err_summary {
};
};
+struct kvaser_usb_net_leaf_priv {
+ struct kvaser_usb_net_priv *net;
+
+ struct delayed_work chip_state_req_work;
+};
+
static const struct can_bittiming_const kvaser_usb_leaf_m16c_bittiming_const = {
.name = "kvaser_usb_ucii",
.tseg1_min = 4,
@@ -947,6 +955,16 @@ static int kvaser_usb_leaf_simple_cmd_async(struct kvaser_usb_net_priv *priv,
return err;
}
+static void kvaser_usb_leaf_chip_state_req_work(struct work_struct *work)
+{
+ struct kvaser_usb_net_leaf_priv *leaf =
+ container_of(work, struct kvaser_usb_net_leaf_priv,
+ chip_state_req_work.work);
+ struct kvaser_usb_net_priv *priv = leaf->net;
+
+ kvaser_usb_leaf_simple_cmd_async(priv, CMD_GET_CHIP_STATE);
+}
+
static void
kvaser_usb_leaf_rx_error_update_can_state(struct kvaser_usb_net_priv *priv,
const struct kvaser_usb_err_summary *es,
@@ -1018,6 +1036,7 @@ static void kvaser_usb_leaf_rx_error(const struct kvaser_usb *dev,
struct sk_buff *skb;
struct net_device_stats *stats;
struct kvaser_usb_net_priv *priv;
+ struct kvaser_usb_net_leaf_priv *leaf;
enum can_state old_state, new_state;
if (es->channel >= dev->nchannels) {
@@ -1027,6 +1046,7 @@ static void kvaser_usb_leaf_rx_error(const struct kvaser_usb *dev,
}
priv = dev->nets[es->channel];
+ leaf = priv->sub_priv;
stats = &priv->netdev->stats;
/* Update all of the CAN interface's state and error counters before
@@ -1043,6 +1063,14 @@ static void kvaser_usb_leaf_rx_error(const struct kvaser_usb *dev,
kvaser_usb_leaf_rx_error_update_can_state(priv, es, &tmp_cf);
new_state = priv->can.state;
+ /* If there are errors, request status updates periodically as we do
+ * not get automatic notifications of improved state.
+ */
+ if (new_state < CAN_STATE_BUS_OFF &&
+ (es->rxerr || es->txerr || new_state == CAN_STATE_ERROR_PASSIVE))
+ schedule_delayed_work(&leaf->chip_state_req_work,
+ msecs_to_jiffies(500));
+
skb = alloc_can_err_skb(priv->netdev, &cf);
if (!skb) {
stats->rx_dropped++;
@@ -1577,10 +1605,13 @@ static int kvaser_usb_leaf_start_chip(struct kvaser_usb_net_priv *priv)
static int kvaser_usb_leaf_stop_chip(struct kvaser_usb_net_priv *priv)
{
+ struct kvaser_usb_net_leaf_priv *leaf = priv->sub_priv;
int err;
reinit_completion(&priv->stop_comp);
+ cancel_delayed_work(&leaf->chip_state_req_work);
+
err = kvaser_usb_leaf_send_simple_cmd(priv->dev, CMD_STOP_CHIP,
priv->channel);
if (err)
@@ -1627,6 +1658,31 @@ static int kvaser_usb_leaf_init_card(struct kvaser_usb *dev)
return 0;
}
+static int kvaser_usb_leaf_init_channel(struct kvaser_usb_net_priv *priv)
+{
+ struct kvaser_usb_net_leaf_priv *leaf;
+
+ leaf = devm_kzalloc(&priv->dev->intf->dev, sizeof(*leaf), GFP_KERNEL);
+ if (!leaf)
+ return -ENOMEM;
+
+ leaf->net = priv;
+ INIT_DELAYED_WORK(&leaf->chip_state_req_work,
+ kvaser_usb_leaf_chip_state_req_work);
+
+ priv->sub_priv = leaf;
+
+ return 0;
+}
+
+static void kvaser_usb_leaf_remove_channel(struct kvaser_usb_net_priv *priv)
+{
+ struct kvaser_usb_net_leaf_priv *leaf = priv->sub_priv;
+
+ if (leaf)
+ cancel_delayed_work_sync(&leaf->chip_state_req_work);
+}
+
static int kvaser_usb_leaf_set_bittiming(struct net_device *netdev)
{
struct kvaser_usb_net_priv *priv = netdev_priv(netdev);
@@ -1724,6 +1780,8 @@ const struct kvaser_usb_dev_ops kvaser_usb_leaf_dev_ops = {
.dev_get_berr_counter = kvaser_usb_leaf_get_berr_counter,
.dev_setup_endpoints = kvaser_usb_leaf_setup_endpoints,
.dev_init_card = kvaser_usb_leaf_init_card,
+ .dev_init_channel = kvaser_usb_leaf_init_channel,
+ .dev_remove_channel = kvaser_usb_leaf_remove_channel,
.dev_get_software_info = kvaser_usb_leaf_get_software_info,
.dev_get_software_details = NULL,
.dev_get_card_info = kvaser_usb_leaf_get_card_info,
--
2.35.1
^ permalink raw reply related [flat|nested] 529+ messages in thread
* [PATCH 4.19 091/521] can: kvaser_usb_leaf: Fix wrong CAN state after stopping
2023-01-16 15:44 [PATCH 4.19 000/521] 4.19.270-rc1 review Greg Kroah-Hartman
` (89 preceding siblings ...)
2023-01-16 15:45 ` [PATCH 4.19 090/521] can: kvaser_usb_leaf: Fix improved state not being reported Greg Kroah-Hartman
@ 2023-01-16 15:45 ` Greg Kroah-Hartman
2023-01-16 15:45 ` [PATCH 4.19 092/521] can: kvaser_usb_leaf: Fix bogus restart events Greg Kroah-Hartman
` (433 subsequent siblings)
524 siblings, 0 replies; 529+ messages in thread
From: Greg Kroah-Hartman @ 2023-01-16 15:45 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Jimmy Assarsson, Anssi Hannula,
Marc Kleine-Budde, Sasha Levin
From: Anssi Hannula <anssi.hannula@bitwise.fi>
[ Upstream commit a11249acf802341294557895d8e5f6aef080253f ]
0bfd:0124 Kvaser Mini PCI Express 2xHS FW 4.18.778 sends a
CMD_CHIP_STATE_EVENT indicating bus-off after stopping the device,
causing a stopped device to appear as CAN_STATE_BUS_OFF instead of
CAN_STATE_STOPPED.
Fix that by not handling error events on stopped devices.
Fixes: 080f40a6fa28 ("can: kvaser_usb: Add support for Kvaser CAN/USB devices")
Tested-by: Jimmy Assarsson <extja@kvaser.com>
Signed-off-by: Anssi Hannula <anssi.hannula@bitwise.fi>
Signed-off-by: Jimmy Assarsson <extja@kvaser.com>
Link: https://lore.kernel.org/all/20221010185237.319219-8-extja@kvaser.com
Signed-off-by: Marc Kleine-Budde <mkl@pengutronix.de>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/can/usb/kvaser_usb/kvaser_usb_leaf.c | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/drivers/net/can/usb/kvaser_usb/kvaser_usb_leaf.c b/drivers/net/can/usb/kvaser_usb/kvaser_usb_leaf.c
index 6d45ae6f2a08..52ac6446634d 100644
--- a/drivers/net/can/usb/kvaser_usb/kvaser_usb_leaf.c
+++ b/drivers/net/can/usb/kvaser_usb/kvaser_usb_leaf.c
@@ -1049,6 +1049,10 @@ static void kvaser_usb_leaf_rx_error(const struct kvaser_usb *dev,
leaf = priv->sub_priv;
stats = &priv->netdev->stats;
+ /* Ignore e.g. state change to bus-off reported just after stopping */
+ if (!netif_running(priv->netdev))
+ return;
+
/* Update all of the CAN interface's state and error counters before
* trying any memory allocation that can actually fail with -ENOMEM.
*
--
2.35.1
^ permalink raw reply related [flat|nested] 529+ messages in thread
* [PATCH 4.19 092/521] can: kvaser_usb_leaf: Fix bogus restart events
2023-01-16 15:44 [PATCH 4.19 000/521] 4.19.270-rc1 review Greg Kroah-Hartman
` (90 preceding siblings ...)
2023-01-16 15:45 ` [PATCH 4.19 091/521] can: kvaser_usb_leaf: Fix wrong CAN state after stopping Greg Kroah-Hartman
@ 2023-01-16 15:45 ` Greg Kroah-Hartman
2023-01-16 15:45 ` [PATCH 4.19 093/521] can: kvaser_usb: Add struct kvaser_usb_busparams Greg Kroah-Hartman
` (432 subsequent siblings)
524 siblings, 0 replies; 529+ messages in thread
From: Greg Kroah-Hartman @ 2023-01-16 15:45 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Jimmy Assarsson, Anssi Hannula,
Marc Kleine-Budde, Sasha Levin
From: Anssi Hannula <anssi.hannula@bitwise.fi>
[ Upstream commit 90904d326269a38fe5dd895fb2db7c03199654c4 ]
When auto-restart is enabled, the kvaser_usb_leaf driver considers
transition from any state >= CAN_STATE_BUS_OFF as a bus-off recovery
event (restart).
However, these events may occur at interface startup time before
kvaser_usb_open() has set the state to CAN_STATE_ERROR_ACTIVE, causing
restarts counter to increase and CAN_ERR_RESTARTED to be sent despite no
actual restart having occurred.
Fix that by making the auto-restart condition checks more strict so that
they only trigger when the interface was actually in the BUS_OFF state.
Fixes: 080f40a6fa28 ("can: kvaser_usb: Add support for Kvaser CAN/USB devices")
Tested-by: Jimmy Assarsson <extja@kvaser.com>
Signed-off-by: Anssi Hannula <anssi.hannula@bitwise.fi>
Signed-off-by: Jimmy Assarsson <extja@kvaser.com>
Link: https://lore.kernel.org/all/20221010185237.319219-10-extja@kvaser.com
Signed-off-by: Marc Kleine-Budde <mkl@pengutronix.de>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/can/usb/kvaser_usb/kvaser_usb_leaf.c | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/drivers/net/can/usb/kvaser_usb/kvaser_usb_leaf.c b/drivers/net/can/usb/kvaser_usb/kvaser_usb_leaf.c
index 52ac6446634d..d1877ff2ff71 100644
--- a/drivers/net/can/usb/kvaser_usb/kvaser_usb_leaf.c
+++ b/drivers/net/can/usb/kvaser_usb/kvaser_usb_leaf.c
@@ -899,7 +899,7 @@ static void kvaser_usb_leaf_tx_acknowledge(const struct kvaser_usb *dev,
context = &priv->tx_contexts[tid % dev->max_tx_urbs];
/* Sometimes the state change doesn't come after a bus-off event */
- if (priv->can.restart_ms && priv->can.state >= CAN_STATE_BUS_OFF) {
+ if (priv->can.restart_ms && priv->can.state == CAN_STATE_BUS_OFF) {
struct sk_buff *skb;
struct can_frame *cf;
@@ -1002,7 +1002,7 @@ kvaser_usb_leaf_rx_error_update_can_state(struct kvaser_usb_net_priv *priv,
}
if (priv->can.restart_ms &&
- cur_state >= CAN_STATE_BUS_OFF &&
+ cur_state == CAN_STATE_BUS_OFF &&
new_state < CAN_STATE_BUS_OFF)
priv->can.can_stats.restarts++;
@@ -1092,7 +1092,7 @@ static void kvaser_usb_leaf_rx_error(const struct kvaser_usb *dev,
}
if (priv->can.restart_ms &&
- old_state >= CAN_STATE_BUS_OFF &&
+ old_state == CAN_STATE_BUS_OFF &&
new_state < CAN_STATE_BUS_OFF) {
cf->can_id |= CAN_ERR_RESTARTED;
netif_carrier_on(priv->netdev);
--
2.35.1
^ permalink raw reply related [flat|nested] 529+ messages in thread
* [PATCH 4.19 093/521] can: kvaser_usb: Add struct kvaser_usb_busparams
2023-01-16 15:44 [PATCH 4.19 000/521] 4.19.270-rc1 review Greg Kroah-Hartman
` (91 preceding siblings ...)
2023-01-16 15:45 ` [PATCH 4.19 092/521] can: kvaser_usb_leaf: Fix bogus restart events Greg Kroah-Hartman
@ 2023-01-16 15:45 ` Greg Kroah-Hartman
2023-01-16 15:45 ` [PATCH 4.19 094/521] can: kvaser_usb: Compare requested bittiming parameters with actual parameters in do_set_{,data}_bittiming Greg Kroah-Hartman
` (431 subsequent siblings)
524 siblings, 0 replies; 529+ messages in thread
From: Greg Kroah-Hartman @ 2023-01-16 15:45 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Anssi Hannula, Jimmy Assarsson,
Marc Kleine-Budde, Sasha Levin
From: Jimmy Assarsson <extja@kvaser.com>
[ Upstream commit 00e5786177649c1e3110f9454fdd34e336597265 ]
Add struct kvaser_usb_busparams containing the busparameters used in
CMD_{SET,GET}_BUSPARAMS* commands.
Tested-by: Anssi Hannula <anssi.hannula@bitwise.fi>
Signed-off-by: Jimmy Assarsson <extja@kvaser.com>
Link: https://lore.kernel.org/all/20221010185237.319219-11-extja@kvaser.com
Signed-off-by: Marc Kleine-Budde <mkl@pengutronix.de>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/can/usb/kvaser_usb/kvaser_usb.h | 8 +++++
.../net/can/usb/kvaser_usb/kvaser_usb_hydra.c | 32 +++++++------------
.../net/can/usb/kvaser_usb/kvaser_usb_leaf.c | 18 ++++-------
3 files changed, 27 insertions(+), 31 deletions(-)
diff --git a/drivers/net/can/usb/kvaser_usb/kvaser_usb.h b/drivers/net/can/usb/kvaser_usb/kvaser_usb.h
index 1f4583f1dae2..cb8018723748 100644
--- a/drivers/net/can/usb/kvaser_usb/kvaser_usb.h
+++ b/drivers/net/can/usb/kvaser_usb/kvaser_usb.h
@@ -76,6 +76,14 @@ struct kvaser_usb_tx_urb_context {
int dlc;
};
+struct kvaser_usb_busparams {
+ __le32 bitrate;
+ u8 tseg1;
+ u8 tseg2;
+ u8 sjw;
+ u8 nsamples;
+} __packed;
+
struct kvaser_usb {
struct usb_device *udev;
struct usb_interface *intf;
diff --git a/drivers/net/can/usb/kvaser_usb/kvaser_usb_hydra.c b/drivers/net/can/usb/kvaser_usb/kvaser_usb_hydra.c
index 9588efbfae71..72c37dc50b6b 100644
--- a/drivers/net/can/usb/kvaser_usb/kvaser_usb_hydra.c
+++ b/drivers/net/can/usb/kvaser_usb/kvaser_usb_hydra.c
@@ -193,17 +193,9 @@ struct kvaser_cmd_chip_state_event {
#define KVASER_USB_HYDRA_BUS_MODE_CANFD_ISO 0x01
#define KVASER_USB_HYDRA_BUS_MODE_NONISO 0x02
struct kvaser_cmd_set_busparams {
- __le32 bitrate;
- u8 tseg1;
- u8 tseg2;
- u8 sjw;
- u8 nsamples;
+ struct kvaser_usb_busparams busparams_arb;
u8 reserved0[4];
- __le32 bitrate_d;
- u8 tseg1_d;
- u8 tseg2_d;
- u8 sjw_d;
- u8 nsamples_d;
+ struct kvaser_usb_busparams busparams_data;
u8 canfd_mode;
u8 reserved1[7];
} __packed;
@@ -1515,11 +1507,11 @@ static int kvaser_usb_hydra_set_bittiming(struct net_device *netdev)
return -ENOMEM;
cmd->header.cmd_no = CMD_SET_BUSPARAMS_REQ;
- cmd->set_busparams_req.bitrate = cpu_to_le32(bt->bitrate);
- cmd->set_busparams_req.sjw = (u8)sjw;
- cmd->set_busparams_req.tseg1 = (u8)tseg1;
- cmd->set_busparams_req.tseg2 = (u8)tseg2;
- cmd->set_busparams_req.nsamples = 1;
+ cmd->set_busparams_req.busparams_arb.bitrate = cpu_to_le32(bt->bitrate);
+ cmd->set_busparams_req.busparams_arb.sjw = (u8)sjw;
+ cmd->set_busparams_req.busparams_arb.tseg1 = (u8)tseg1;
+ cmd->set_busparams_req.busparams_arb.tseg2 = (u8)tseg2;
+ cmd->set_busparams_req.busparams_arb.nsamples = 1;
kvaser_usb_hydra_set_cmd_dest_he
(cmd, dev->card_data.hydra.channel_to_he[priv->channel]);
@@ -1549,11 +1541,11 @@ static int kvaser_usb_hydra_set_data_bittiming(struct net_device *netdev)
return -ENOMEM;
cmd->header.cmd_no = CMD_SET_BUSPARAMS_FD_REQ;
- cmd->set_busparams_req.bitrate_d = cpu_to_le32(dbt->bitrate);
- cmd->set_busparams_req.sjw_d = (u8)sjw;
- cmd->set_busparams_req.tseg1_d = (u8)tseg1;
- cmd->set_busparams_req.tseg2_d = (u8)tseg2;
- cmd->set_busparams_req.nsamples_d = 1;
+ cmd->set_busparams_req.busparams_data.bitrate = cpu_to_le32(dbt->bitrate);
+ cmd->set_busparams_req.busparams_data.sjw = (u8)sjw;
+ cmd->set_busparams_req.busparams_data.tseg1 = (u8)tseg1;
+ cmd->set_busparams_req.busparams_data.tseg2 = (u8)tseg2;
+ cmd->set_busparams_req.busparams_data.nsamples = 1;
if (priv->can.ctrlmode & CAN_CTRLMODE_FD) {
if (priv->can.ctrlmode & CAN_CTRLMODE_FD_NON_ISO)
diff --git a/drivers/net/can/usb/kvaser_usb/kvaser_usb_leaf.c b/drivers/net/can/usb/kvaser_usb/kvaser_usb_leaf.c
index d1877ff2ff71..1e2f727a1efb 100644
--- a/drivers/net/can/usb/kvaser_usb/kvaser_usb_leaf.c
+++ b/drivers/net/can/usb/kvaser_usb/kvaser_usb_leaf.c
@@ -163,11 +163,7 @@ struct usbcan_cmd_softinfo {
struct kvaser_cmd_busparams {
u8 tid;
u8 channel;
- __le32 bitrate;
- u8 tseg1;
- u8 tseg2;
- u8 sjw;
- u8 no_samp;
+ struct kvaser_usb_busparams busparams;
} __packed;
struct kvaser_cmd_tx_can {
@@ -1703,15 +1699,15 @@ static int kvaser_usb_leaf_set_bittiming(struct net_device *netdev)
cmd->len = CMD_HEADER_LEN + sizeof(struct kvaser_cmd_busparams);
cmd->u.busparams.channel = priv->channel;
cmd->u.busparams.tid = 0xff;
- cmd->u.busparams.bitrate = cpu_to_le32(bt->bitrate);
- cmd->u.busparams.sjw = bt->sjw;
- cmd->u.busparams.tseg1 = bt->prop_seg + bt->phase_seg1;
- cmd->u.busparams.tseg2 = bt->phase_seg2;
+ cmd->u.busparams.busparams.bitrate = cpu_to_le32(bt->bitrate);
+ cmd->u.busparams.busparams.sjw = bt->sjw;
+ cmd->u.busparams.busparams.tseg1 = bt->prop_seg + bt->phase_seg1;
+ cmd->u.busparams.busparams.tseg2 = bt->phase_seg2;
if (priv->can.ctrlmode & CAN_CTRLMODE_3_SAMPLES)
- cmd->u.busparams.no_samp = 3;
+ cmd->u.busparams.busparams.nsamples = 3;
else
- cmd->u.busparams.no_samp = 1;
+ cmd->u.busparams.busparams.nsamples = 1;
rc = kvaser_usb_send_cmd(dev, cmd, cmd->len);
--
2.35.1
^ permalink raw reply related [flat|nested] 529+ messages in thread
* [PATCH 4.19 094/521] can: kvaser_usb: Compare requested bittiming parameters with actual parameters in do_set_{,data}_bittiming
2023-01-16 15:44 [PATCH 4.19 000/521] 4.19.270-rc1 review Greg Kroah-Hartman
` (92 preceding siblings ...)
2023-01-16 15:45 ` [PATCH 4.19 093/521] can: kvaser_usb: Add struct kvaser_usb_busparams Greg Kroah-Hartman
@ 2023-01-16 15:45 ` Greg Kroah-Hartman
2023-01-16 15:45 ` [PATCH 4.19 095/521] spi: Update reference to struct spi_controller Greg Kroah-Hartman
` (430 subsequent siblings)
524 siblings, 0 replies; 529+ messages in thread
From: Greg Kroah-Hartman @ 2023-01-16 15:45 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Anssi Hannula, Jimmy Assarsson,
Marc Kleine-Budde, Sasha Levin
From: Jimmy Assarsson <extja@kvaser.com>
[ Upstream commit 39d3df6b0ea80f9b515c632ca07b39b1c156edee ]
The device will respond with a CMD_ERROR_EVENT command, with error_code
KVASER_USB_{LEAF,HYDRA}_ERROR_EVENT_PARAM, if the CMD_SET_BUSPARAMS_REQ
contains invalid bittiming parameters.
However, this command does not contain any channel reference.
To check if the CMD_SET_BUSPARAMS_REQ was successful, redback and compare
the requested bittiming parameters with the device reported parameters.
Fixes: 080f40a6fa28 ("can: kvaser_usb: Add support for Kvaser CAN/USB devices")
Fixes: aec5fb2268b7 ("can: kvaser_usb: Add support for Kvaser USB hydra family")
Tested-by: Anssi Hannula <anssi.hannula@bitwise.fi>
Co-developed-by: Anssi Hannula <anssi.hannula@bitwise.fi>
Signed-off-by: Anssi Hannula <anssi.hannula@bitwise.fi>
Signed-off-by: Jimmy Assarsson <extja@kvaser.com>
Link: https://lore.kernel.org/all/20221010185237.319219-12-extja@kvaser.com
Signed-off-by: Marc Kleine-Budde <mkl@pengutronix.de>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/can/usb/kvaser_usb/kvaser_usb.h | 15 +-
.../net/can/usb/kvaser_usb/kvaser_usb_core.c | 96 ++++++++++-
.../net/can/usb/kvaser_usb/kvaser_usb_hydra.c | 150 +++++++++++++++---
.../net/can/usb/kvaser_usb/kvaser_usb_leaf.c | 64 ++++++--
4 files changed, 284 insertions(+), 41 deletions(-)
diff --git a/drivers/net/can/usb/kvaser_usb/kvaser_usb.h b/drivers/net/can/usb/kvaser_usb/kvaser_usb.h
index cb8018723748..5699531f8787 100644
--- a/drivers/net/can/usb/kvaser_usb/kvaser_usb.h
+++ b/drivers/net/can/usb/kvaser_usb/kvaser_usb.h
@@ -119,9 +119,12 @@ struct kvaser_usb_net_priv {
struct net_device *netdev;
int channel;
- struct completion start_comp, stop_comp, flush_comp;
+ struct completion start_comp, stop_comp, flush_comp,
+ get_busparams_comp;
struct usb_anchor tx_submitted;
+ struct kvaser_usb_busparams busparams_nominal, busparams_data;
+
spinlock_t tx_contexts_lock; /* lock for active_tx_contexts */
int active_tx_contexts;
struct kvaser_usb_tx_urb_context tx_contexts[];
@@ -131,7 +134,9 @@ struct kvaser_usb_net_priv {
* struct kvaser_usb_dev_ops - Device specific functions
* @dev_set_mode: used for can.do_set_mode
* @dev_set_bittiming: used for can.do_set_bittiming
+ * @dev_get_busparams: readback arbitration busparams
* @dev_set_data_bittiming: used for can.do_set_data_bittiming
+ * @dev_get_data_busparams: readback data busparams
* @dev_get_berr_counter: used for can.do_get_berr_counter
*
* @dev_setup_endpoints: setup USB in and out endpoints
@@ -153,8 +158,12 @@ struct kvaser_usb_net_priv {
*/
struct kvaser_usb_dev_ops {
int (*dev_set_mode)(struct net_device *netdev, enum can_mode mode);
- int (*dev_set_bittiming)(struct net_device *netdev);
- int (*dev_set_data_bittiming)(struct net_device *netdev);
+ int (*dev_set_bittiming)(const struct net_device *netdev,
+ const struct kvaser_usb_busparams *busparams);
+ int (*dev_get_busparams)(struct kvaser_usb_net_priv *priv);
+ int (*dev_set_data_bittiming)(const struct net_device *netdev,
+ const struct kvaser_usb_busparams *busparams);
+ int (*dev_get_data_busparams)(struct kvaser_usb_net_priv *priv);
int (*dev_get_berr_counter)(const struct net_device *netdev,
struct can_berr_counter *bec);
int (*dev_setup_endpoints)(struct kvaser_usb *dev);
diff --git a/drivers/net/can/usb/kvaser_usb/kvaser_usb_core.c b/drivers/net/can/usb/kvaser_usb/kvaser_usb_core.c
index e00afb94ec6c..da449d046905 100644
--- a/drivers/net/can/usb/kvaser_usb/kvaser_usb_core.c
+++ b/drivers/net/can/usb/kvaser_usb/kvaser_usb_core.c
@@ -416,10 +416,6 @@ static int kvaser_usb_open(struct net_device *netdev)
if (err)
return err;
- err = kvaser_usb_setup_rx_urbs(dev);
- if (err)
- goto error;
-
err = ops->dev_set_opt_mode(priv);
if (err)
goto error;
@@ -510,6 +506,93 @@ static int kvaser_usb_close(struct net_device *netdev)
return 0;
}
+static int kvaser_usb_set_bittiming(struct net_device *netdev)
+{
+ struct kvaser_usb_net_priv *priv = netdev_priv(netdev);
+ struct kvaser_usb *dev = priv->dev;
+ const struct kvaser_usb_dev_ops *ops = dev->driver_info->ops;
+ struct can_bittiming *bt = &priv->can.bittiming;
+
+ struct kvaser_usb_busparams busparams;
+ int tseg1 = bt->prop_seg + bt->phase_seg1;
+ int tseg2 = bt->phase_seg2;
+ int sjw = bt->sjw;
+ int err = -EOPNOTSUPP;
+
+ busparams.bitrate = cpu_to_le32(bt->bitrate);
+ busparams.sjw = (u8)sjw;
+ busparams.tseg1 = (u8)tseg1;
+ busparams.tseg2 = (u8)tseg2;
+ if (priv->can.ctrlmode & CAN_CTRLMODE_3_SAMPLES)
+ busparams.nsamples = 3;
+ else
+ busparams.nsamples = 1;
+
+ err = ops->dev_set_bittiming(netdev, &busparams);
+ if (err)
+ return err;
+
+ err = kvaser_usb_setup_rx_urbs(priv->dev);
+ if (err)
+ return err;
+
+ err = ops->dev_get_busparams(priv);
+ if (err) {
+ /* Treat EOPNOTSUPP as success */
+ if (err == -EOPNOTSUPP)
+ err = 0;
+ return err;
+ }
+
+ if (memcmp(&busparams, &priv->busparams_nominal,
+ sizeof(priv->busparams_nominal)) != 0)
+ err = -EINVAL;
+
+ return err;
+}
+
+static int kvaser_usb_set_data_bittiming(struct net_device *netdev)
+{
+ struct kvaser_usb_net_priv *priv = netdev_priv(netdev);
+ struct kvaser_usb *dev = priv->dev;
+ const struct kvaser_usb_dev_ops *ops = dev->driver_info->ops;
+ struct can_bittiming *dbt = &priv->can.data_bittiming;
+
+ struct kvaser_usb_busparams busparams;
+ int tseg1 = dbt->prop_seg + dbt->phase_seg1;
+ int tseg2 = dbt->phase_seg2;
+ int sjw = dbt->sjw;
+ int err;
+
+ if (!ops->dev_set_data_bittiming ||
+ !ops->dev_get_data_busparams)
+ return -EOPNOTSUPP;
+
+ busparams.bitrate = cpu_to_le32(dbt->bitrate);
+ busparams.sjw = (u8)sjw;
+ busparams.tseg1 = (u8)tseg1;
+ busparams.tseg2 = (u8)tseg2;
+ busparams.nsamples = 1;
+
+ err = ops->dev_set_data_bittiming(netdev, &busparams);
+ if (err)
+ return err;
+
+ err = kvaser_usb_setup_rx_urbs(priv->dev);
+ if (err)
+ return err;
+
+ err = ops->dev_get_data_busparams(priv);
+ if (err)
+ return err;
+
+ if (memcmp(&busparams, &priv->busparams_data,
+ sizeof(priv->busparams_data)) != 0)
+ err = -EINVAL;
+
+ return err;
+}
+
static void kvaser_usb_write_bulk_callback(struct urb *urb)
{
struct kvaser_usb_tx_urb_context *context = urb->context;
@@ -696,6 +779,7 @@ static int kvaser_usb_init_one(struct kvaser_usb *dev, int channel)
init_completion(&priv->start_comp);
init_completion(&priv->stop_comp);
init_completion(&priv->flush_comp);
+ init_completion(&priv->get_busparams_comp);
priv->can.ctrlmode_supported = 0;
priv->dev = dev;
@@ -708,7 +792,7 @@ static int kvaser_usb_init_one(struct kvaser_usb *dev, int channel)
priv->can.state = CAN_STATE_STOPPED;
priv->can.clock.freq = dev->cfg->clock.freq;
priv->can.bittiming_const = dev->cfg->bittiming_const;
- priv->can.do_set_bittiming = ops->dev_set_bittiming;
+ priv->can.do_set_bittiming = kvaser_usb_set_bittiming;
priv->can.do_set_mode = ops->dev_set_mode;
if ((driver_info->quirks & KVASER_USB_QUIRK_HAS_TXRX_ERRORS) ||
(priv->dev->card_data.capabilities & KVASER_USB_CAP_BERR_CAP))
@@ -720,7 +804,7 @@ static int kvaser_usb_init_one(struct kvaser_usb *dev, int channel)
if (priv->can.ctrlmode_supported & CAN_CTRLMODE_FD) {
priv->can.data_bittiming_const = dev->cfg->data_bittiming_const;
- priv->can.do_set_data_bittiming = ops->dev_set_data_bittiming;
+ priv->can.do_set_data_bittiming = kvaser_usb_set_data_bittiming;
}
netdev->flags |= IFF_ECHO;
diff --git a/drivers/net/can/usb/kvaser_usb/kvaser_usb_hydra.c b/drivers/net/can/usb/kvaser_usb/kvaser_usb_hydra.c
index 72c37dc50b6b..2764fdd7e84b 100644
--- a/drivers/net/can/usb/kvaser_usb/kvaser_usb_hydra.c
+++ b/drivers/net/can/usb/kvaser_usb/kvaser_usb_hydra.c
@@ -43,6 +43,8 @@ static const struct kvaser_usb_dev_cfg kvaser_usb_hydra_dev_cfg_flexc;
/* Minihydra command IDs */
#define CMD_SET_BUSPARAMS_REQ 16
+#define CMD_GET_BUSPARAMS_REQ 17
+#define CMD_GET_BUSPARAMS_RESP 18
#define CMD_GET_CHIP_STATE_REQ 19
#define CMD_CHIP_STATE_EVENT 20
#define CMD_SET_DRIVERMODE_REQ 21
@@ -193,13 +195,26 @@ struct kvaser_cmd_chip_state_event {
#define KVASER_USB_HYDRA_BUS_MODE_CANFD_ISO 0x01
#define KVASER_USB_HYDRA_BUS_MODE_NONISO 0x02
struct kvaser_cmd_set_busparams {
- struct kvaser_usb_busparams busparams_arb;
+ struct kvaser_usb_busparams busparams_nominal;
u8 reserved0[4];
struct kvaser_usb_busparams busparams_data;
u8 canfd_mode;
u8 reserved1[7];
} __packed;
+/* Busparam type */
+#define KVASER_USB_HYDRA_BUSPARAM_TYPE_CAN 0x00
+#define KVASER_USB_HYDRA_BUSPARAM_TYPE_CANFD 0x01
+struct kvaser_cmd_get_busparams_req {
+ u8 type;
+ u8 reserved[27];
+} __packed;
+
+struct kvaser_cmd_get_busparams_res {
+ struct kvaser_usb_busparams busparams;
+ u8 reserved[20];
+} __packed;
+
/* Ctrl modes */
#define KVASER_USB_HYDRA_CTRLMODE_NORMAL 0x01
#define KVASER_USB_HYDRA_CTRLMODE_LISTEN 0x02
@@ -270,6 +285,8 @@ struct kvaser_cmd {
struct kvaser_cmd_error_event error_event;
struct kvaser_cmd_set_busparams set_busparams_req;
+ struct kvaser_cmd_get_busparams_req get_busparams_req;
+ struct kvaser_cmd_get_busparams_res get_busparams_res;
struct kvaser_cmd_chip_state_event chip_state_event;
@@ -352,6 +369,10 @@ struct kvaser_cmd_ext {
} __packed;
} __packed;
+struct kvaser_usb_net_hydra_priv {
+ int pending_get_busparams_type;
+};
+
static const struct can_bittiming_const kvaser_usb_hydra_kcan_bittiming_c = {
.name = "kvaser_usb_kcan",
.tseg1_min = 1,
@@ -805,6 +826,39 @@ static void kvaser_usb_hydra_flush_queue_reply(const struct kvaser_usb *dev,
complete(&priv->flush_comp);
}
+static void kvaser_usb_hydra_get_busparams_reply(const struct kvaser_usb *dev,
+ const struct kvaser_cmd *cmd)
+{
+ struct kvaser_usb_net_priv *priv;
+ struct kvaser_usb_net_hydra_priv *hydra;
+
+ priv = kvaser_usb_hydra_net_priv_from_cmd(dev, cmd);
+ if (!priv)
+ return;
+
+ hydra = priv->sub_priv;
+ if (!hydra)
+ return;
+
+ switch (hydra->pending_get_busparams_type) {
+ case KVASER_USB_HYDRA_BUSPARAM_TYPE_CAN:
+ memcpy(&priv->busparams_nominal, &cmd->get_busparams_res.busparams,
+ sizeof(priv->busparams_nominal));
+ break;
+ case KVASER_USB_HYDRA_BUSPARAM_TYPE_CANFD:
+ memcpy(&priv->busparams_data, &cmd->get_busparams_res.busparams,
+ sizeof(priv->busparams_nominal));
+ break;
+ default:
+ dev_warn(&dev->intf->dev, "Unknown get_busparams_type %d\n",
+ hydra->pending_get_busparams_type);
+ break;
+ }
+ hydra->pending_get_busparams_type = -1;
+
+ complete(&priv->get_busparams_comp);
+}
+
static void
kvaser_usb_hydra_bus_status_to_can_state(const struct kvaser_usb_net_priv *priv,
u8 bus_status,
@@ -1291,6 +1345,10 @@ static void kvaser_usb_hydra_handle_cmd_std(const struct kvaser_usb *dev,
kvaser_usb_hydra_state_event(dev, cmd);
break;
+ case CMD_GET_BUSPARAMS_RESP:
+ kvaser_usb_hydra_get_busparams_reply(dev, cmd);
+ break;
+
case CMD_ERROR_EVENT:
kvaser_usb_hydra_error_event(dev, cmd);
break;
@@ -1491,15 +1549,58 @@ static int kvaser_usb_hydra_set_mode(struct net_device *netdev,
return err;
}
-static int kvaser_usb_hydra_set_bittiming(struct net_device *netdev)
+static int kvaser_usb_hydra_get_busparams(struct kvaser_usb_net_priv *priv,
+ int busparams_type)
+{
+ struct kvaser_usb *dev = priv->dev;
+ struct kvaser_usb_net_hydra_priv *hydra = priv->sub_priv;
+ struct kvaser_cmd *cmd;
+ int err;
+
+ if (!hydra)
+ return -EINVAL;
+
+ cmd = kcalloc(1, sizeof(struct kvaser_cmd), GFP_KERNEL);
+ if (!cmd)
+ return -ENOMEM;
+
+ cmd->header.cmd_no = CMD_GET_BUSPARAMS_REQ;
+ kvaser_usb_hydra_set_cmd_dest_he
+ (cmd, dev->card_data.hydra.channel_to_he[priv->channel]);
+ kvaser_usb_hydra_set_cmd_transid
+ (cmd, kvaser_usb_hydra_get_next_transid(dev));
+ cmd->get_busparams_req.type = busparams_type;
+ hydra->pending_get_busparams_type = busparams_type;
+
+ reinit_completion(&priv->get_busparams_comp);
+
+ err = kvaser_usb_send_cmd(dev, cmd, kvaser_usb_hydra_cmd_size(cmd));
+ if (err)
+ return err;
+
+ if (!wait_for_completion_timeout(&priv->get_busparams_comp,
+ msecs_to_jiffies(KVASER_USB_TIMEOUT)))
+ return -ETIMEDOUT;
+
+ return err;
+}
+
+static int kvaser_usb_hydra_get_nominal_busparams(struct kvaser_usb_net_priv *priv)
+{
+ return kvaser_usb_hydra_get_busparams(priv, KVASER_USB_HYDRA_BUSPARAM_TYPE_CAN);
+}
+
+static int kvaser_usb_hydra_get_data_busparams(struct kvaser_usb_net_priv *priv)
+{
+ return kvaser_usb_hydra_get_busparams(priv, KVASER_USB_HYDRA_BUSPARAM_TYPE_CANFD);
+}
+
+static int kvaser_usb_hydra_set_bittiming(const struct net_device *netdev,
+ const struct kvaser_usb_busparams *busparams)
{
struct kvaser_cmd *cmd;
struct kvaser_usb_net_priv *priv = netdev_priv(netdev);
- struct can_bittiming *bt = &priv->can.bittiming;
struct kvaser_usb *dev = priv->dev;
- int tseg1 = bt->prop_seg + bt->phase_seg1;
- int tseg2 = bt->phase_seg2;
- int sjw = bt->sjw;
int err;
cmd = kcalloc(1, sizeof(struct kvaser_cmd), GFP_KERNEL);
@@ -1507,11 +1608,8 @@ static int kvaser_usb_hydra_set_bittiming(struct net_device *netdev)
return -ENOMEM;
cmd->header.cmd_no = CMD_SET_BUSPARAMS_REQ;
- cmd->set_busparams_req.busparams_arb.bitrate = cpu_to_le32(bt->bitrate);
- cmd->set_busparams_req.busparams_arb.sjw = (u8)sjw;
- cmd->set_busparams_req.busparams_arb.tseg1 = (u8)tseg1;
- cmd->set_busparams_req.busparams_arb.tseg2 = (u8)tseg2;
- cmd->set_busparams_req.busparams_arb.nsamples = 1;
+ memcpy(&cmd->set_busparams_req.busparams_nominal, busparams,
+ sizeof(cmd->set_busparams_req.busparams_nominal));
kvaser_usb_hydra_set_cmd_dest_he
(cmd, dev->card_data.hydra.channel_to_he[priv->channel]);
@@ -1525,15 +1623,12 @@ static int kvaser_usb_hydra_set_bittiming(struct net_device *netdev)
return err;
}
-static int kvaser_usb_hydra_set_data_bittiming(struct net_device *netdev)
+static int kvaser_usb_hydra_set_data_bittiming(const struct net_device *netdev,
+ const struct kvaser_usb_busparams *busparams)
{
struct kvaser_cmd *cmd;
struct kvaser_usb_net_priv *priv = netdev_priv(netdev);
- struct can_bittiming *dbt = &priv->can.data_bittiming;
struct kvaser_usb *dev = priv->dev;
- int tseg1 = dbt->prop_seg + dbt->phase_seg1;
- int tseg2 = dbt->phase_seg2;
- int sjw = dbt->sjw;
int err;
cmd = kcalloc(1, sizeof(struct kvaser_cmd), GFP_KERNEL);
@@ -1541,11 +1636,8 @@ static int kvaser_usb_hydra_set_data_bittiming(struct net_device *netdev)
return -ENOMEM;
cmd->header.cmd_no = CMD_SET_BUSPARAMS_FD_REQ;
- cmd->set_busparams_req.busparams_data.bitrate = cpu_to_le32(dbt->bitrate);
- cmd->set_busparams_req.busparams_data.sjw = (u8)sjw;
- cmd->set_busparams_req.busparams_data.tseg1 = (u8)tseg1;
- cmd->set_busparams_req.busparams_data.tseg2 = (u8)tseg2;
- cmd->set_busparams_req.busparams_data.nsamples = 1;
+ memcpy(&cmd->set_busparams_req.busparams_data, busparams,
+ sizeof(cmd->set_busparams_req.busparams_data));
if (priv->can.ctrlmode & CAN_CTRLMODE_FD) {
if (priv->can.ctrlmode & CAN_CTRLMODE_FD_NON_ISO)
@@ -1652,6 +1744,19 @@ static int kvaser_usb_hydra_init_card(struct kvaser_usb *dev)
return 0;
}
+static int kvaser_usb_hydra_init_channel(struct kvaser_usb_net_priv *priv)
+{
+ struct kvaser_usb_net_hydra_priv *hydra;
+
+ hydra = devm_kzalloc(&priv->dev->intf->dev, sizeof(*hydra), GFP_KERNEL);
+ if (!hydra)
+ return -ENOMEM;
+
+ priv->sub_priv = hydra;
+
+ return 0;
+}
+
static int kvaser_usb_hydra_get_software_info(struct kvaser_usb *dev)
{
struct kvaser_cmd cmd;
@@ -1994,10 +2099,13 @@ kvaser_usb_hydra_frame_to_cmd(const struct kvaser_usb_net_priv *priv,
const struct kvaser_usb_dev_ops kvaser_usb_hydra_dev_ops = {
.dev_set_mode = kvaser_usb_hydra_set_mode,
.dev_set_bittiming = kvaser_usb_hydra_set_bittiming,
+ .dev_get_busparams = kvaser_usb_hydra_get_nominal_busparams,
.dev_set_data_bittiming = kvaser_usb_hydra_set_data_bittiming,
+ .dev_get_data_busparams = kvaser_usb_hydra_get_data_busparams,
.dev_get_berr_counter = kvaser_usb_hydra_get_berr_counter,
.dev_setup_endpoints = kvaser_usb_hydra_setup_endpoints,
.dev_init_card = kvaser_usb_hydra_init_card,
+ .dev_init_channel = kvaser_usb_hydra_init_channel,
.dev_get_software_info = kvaser_usb_hydra_get_software_info,
.dev_get_software_details = kvaser_usb_hydra_get_software_details,
.dev_get_card_info = kvaser_usb_hydra_get_card_info,
diff --git a/drivers/net/can/usb/kvaser_usb/kvaser_usb_leaf.c b/drivers/net/can/usb/kvaser_usb/kvaser_usb_leaf.c
index 1e2f727a1efb..f06d63db9077 100644
--- a/drivers/net/can/usb/kvaser_usb/kvaser_usb_leaf.c
+++ b/drivers/net/can/usb/kvaser_usb/kvaser_usb_leaf.c
@@ -56,6 +56,8 @@
#define CMD_RX_EXT_MESSAGE 14
#define CMD_TX_EXT_MESSAGE 15
#define CMD_SET_BUS_PARAMS 16
+#define CMD_GET_BUS_PARAMS 17
+#define CMD_GET_BUS_PARAMS_REPLY 18
#define CMD_GET_CHIP_STATE 19
#define CMD_CHIP_STATE_EVENT 20
#define CMD_SET_CTRL_MODE 21
@@ -375,6 +377,7 @@ static const u8 kvaser_usb_leaf_cmd_sizes_leaf[] = {
[CMD_CHIP_STATE_EVENT] = kvaser_fsize(u.leaf.chip_state_event),
[CMD_CAN_ERROR_EVENT] = kvaser_fsize(u.leaf.can_error_event),
[CMD_GET_CAPABILITIES_RESP] = kvaser_fsize(u.leaf.cap_res),
+ [CMD_GET_BUS_PARAMS_REPLY] = kvaser_fsize(u.busparams),
[CMD_ERROR_EVENT] = kvaser_fsize(u.leaf.error_event),
/* ignored events: */
[CMD_FLUSH_QUEUE_REPLY] = CMD_SIZE_ANY,
@@ -1467,6 +1470,25 @@ static void kvaser_usb_leaf_stop_chip_reply(const struct kvaser_usb *dev,
complete(&priv->stop_comp);
}
+static void kvaser_usb_leaf_get_busparams_reply(const struct kvaser_usb *dev,
+ const struct kvaser_cmd *cmd)
+{
+ struct kvaser_usb_net_priv *priv;
+ u8 channel = cmd->u.busparams.channel;
+
+ if (channel >= dev->nchannels) {
+ dev_err(&dev->intf->dev,
+ "Invalid channel number (%d)\n", channel);
+ return;
+ }
+
+ priv = dev->nets[channel];
+ memcpy(&priv->busparams_nominal, &cmd->u.busparams.busparams,
+ sizeof(priv->busparams_nominal));
+
+ complete(&priv->get_busparams_comp);
+}
+
static void kvaser_usb_leaf_handle_command(const struct kvaser_usb *dev,
const struct kvaser_cmd *cmd)
{
@@ -1509,6 +1531,10 @@ static void kvaser_usb_leaf_handle_command(const struct kvaser_usb *dev,
kvaser_usb_leaf_error_event(dev, cmd);
break;
+ case CMD_GET_BUS_PARAMS_REPLY:
+ kvaser_usb_leaf_get_busparams_reply(dev, cmd);
+ break;
+
/* Ignored commands */
case CMD_USBCAN_CLOCK_OVERFLOW_EVENT:
if (dev->driver_info->family != KVASER_USBCAN)
@@ -1683,10 +1709,10 @@ static void kvaser_usb_leaf_remove_channel(struct kvaser_usb_net_priv *priv)
cancel_delayed_work_sync(&leaf->chip_state_req_work);
}
-static int kvaser_usb_leaf_set_bittiming(struct net_device *netdev)
+static int kvaser_usb_leaf_set_bittiming(const struct net_device *netdev,
+ const struct kvaser_usb_busparams *busparams)
{
struct kvaser_usb_net_priv *priv = netdev_priv(netdev);
- struct can_bittiming *bt = &priv->can.bittiming;
struct kvaser_usb *dev = priv->dev;
struct kvaser_cmd *cmd;
int rc;
@@ -1699,15 +1725,8 @@ static int kvaser_usb_leaf_set_bittiming(struct net_device *netdev)
cmd->len = CMD_HEADER_LEN + sizeof(struct kvaser_cmd_busparams);
cmd->u.busparams.channel = priv->channel;
cmd->u.busparams.tid = 0xff;
- cmd->u.busparams.busparams.bitrate = cpu_to_le32(bt->bitrate);
- cmd->u.busparams.busparams.sjw = bt->sjw;
- cmd->u.busparams.busparams.tseg1 = bt->prop_seg + bt->phase_seg1;
- cmd->u.busparams.busparams.tseg2 = bt->phase_seg2;
-
- if (priv->can.ctrlmode & CAN_CTRLMODE_3_SAMPLES)
- cmd->u.busparams.busparams.nsamples = 3;
- else
- cmd->u.busparams.busparams.nsamples = 1;
+ memcpy(&cmd->u.busparams.busparams, busparams,
+ sizeof(cmd->u.busparams.busparams));
rc = kvaser_usb_send_cmd(dev, cmd, cmd->len);
@@ -1715,6 +1734,27 @@ static int kvaser_usb_leaf_set_bittiming(struct net_device *netdev)
return rc;
}
+static int kvaser_usb_leaf_get_busparams(struct kvaser_usb_net_priv *priv)
+{
+ int err;
+
+ if (priv->dev->driver_info->family == KVASER_USBCAN)
+ return -EOPNOTSUPP;
+
+ reinit_completion(&priv->get_busparams_comp);
+
+ err = kvaser_usb_leaf_send_simple_cmd(priv->dev, CMD_GET_BUS_PARAMS,
+ priv->channel);
+ if (err)
+ return err;
+
+ if (!wait_for_completion_timeout(&priv->get_busparams_comp,
+ msecs_to_jiffies(KVASER_USB_TIMEOUT)))
+ return -ETIMEDOUT;
+
+ return 0;
+}
+
static int kvaser_usb_leaf_set_mode(struct net_device *netdev,
enum can_mode mode)
{
@@ -1776,7 +1816,9 @@ static int kvaser_usb_leaf_setup_endpoints(struct kvaser_usb *dev)
const struct kvaser_usb_dev_ops kvaser_usb_leaf_dev_ops = {
.dev_set_mode = kvaser_usb_leaf_set_mode,
.dev_set_bittiming = kvaser_usb_leaf_set_bittiming,
+ .dev_get_busparams = kvaser_usb_leaf_get_busparams,
.dev_set_data_bittiming = NULL,
+ .dev_get_data_busparams = NULL,
.dev_get_berr_counter = kvaser_usb_leaf_get_berr_counter,
.dev_setup_endpoints = kvaser_usb_leaf_setup_endpoints,
.dev_init_card = kvaser_usb_leaf_init_card,
--
2.35.1
^ permalink raw reply related [flat|nested] 529+ messages in thread
* [PATCH 4.19 095/521] spi: Update reference to struct spi_controller
2023-01-16 15:44 [PATCH 4.19 000/521] 4.19.270-rc1 review Greg Kroah-Hartman
` (93 preceding siblings ...)
2023-01-16 15:45 ` [PATCH 4.19 094/521] can: kvaser_usb: Compare requested bittiming parameters with actual parameters in do_set_{,data}_bittiming Greg Kroah-Hartman
@ 2023-01-16 15:45 ` Greg Kroah-Hartman
2023-01-16 15:45 ` [PATCH 4.19 096/521] media: vivid: fix compose size exceed boundary Greg Kroah-Hartman
` (429 subsequent siblings)
524 siblings, 0 replies; 529+ messages in thread
From: Greg Kroah-Hartman @ 2023-01-16 15:45 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Jonathan Neuschäfer,
Mark Brown, Sasha Levin
From: Jonathan Neuschäfer <j.neuschaefer@gmx.net>
[ Upstream commit bf585ccee22faf469d82727cf375868105b362f7 ]
struct spi_master has been renamed to struct spi_controller. Update the
reference in spi.rst to make it clickable again.
Fixes: 8caab75fd2c2 ("spi: Generalize SPI "master" to "controller"")
Signed-off-by: Jonathan Neuschäfer <j.neuschaefer@gmx.net>
Link: https://lore.kernel.org/r/20221101173252.1069294-1-j.neuschaefer@gmx.net
Signed-off-by: Mark Brown <broonie@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
Documentation/driver-api/spi.rst | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/Documentation/driver-api/spi.rst b/Documentation/driver-api/spi.rst
index f64cb666498a..f28887045049 100644
--- a/Documentation/driver-api/spi.rst
+++ b/Documentation/driver-api/spi.rst
@@ -25,8 +25,8 @@ hardware, which may be as simple as a set of GPIO pins or as complex as
a pair of FIFOs connected to dual DMA engines on the other side of the
SPI shift register (maximizing throughput). Such drivers bridge between
whatever bus they sit on (often the platform bus) and SPI, and expose
-the SPI side of their device as a :c:type:`struct spi_master
-<spi_master>`. SPI devices are children of that master,
+the SPI side of their device as a :c:type:`struct spi_controller
+<spi_controller>`. SPI devices are children of that master,
represented as a :c:type:`struct spi_device <spi_device>` and
manufactured from :c:type:`struct spi_board_info
<spi_board_info>` descriptors which are usually provided by
--
2.35.1
^ permalink raw reply related [flat|nested] 529+ messages in thread
* [PATCH 4.19 096/521] media: vivid: fix compose size exceed boundary
2023-01-16 15:44 [PATCH 4.19 000/521] 4.19.270-rc1 review Greg Kroah-Hartman
` (94 preceding siblings ...)
2023-01-16 15:45 ` [PATCH 4.19 095/521] spi: Update reference to struct spi_controller Greg Kroah-Hartman
@ 2023-01-16 15:45 ` Greg Kroah-Hartman
2023-01-16 15:45 ` [PATCH 4.19 097/521] mtd: Fix device name leak when register device failed in add_mtd_device() Greg Kroah-Hartman
` (428 subsequent siblings)
524 siblings, 0 replies; 529+ messages in thread
From: Greg Kroah-Hartman @ 2023-01-16 15:45 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Liu Shixin, Hans Verkuil, Sasha Levin
From: Liu Shixin <liushixin2@huawei.com>
[ Upstream commit 94a7ad9283464b75b12516c5512541d467cefcf8 ]
syzkaller found a bug:
BUG: unable to handle page fault for address: ffffc9000a3b1000
#PF: supervisor write access in kernel mode
#PF: error_code(0x0002) - not-present page
PGD 100000067 P4D 100000067 PUD 10015f067 PMD 1121ca067 PTE 0
Oops: 0002 [#1] PREEMPT SMP
CPU: 0 PID: 23489 Comm: vivid-000-vid-c Not tainted 6.1.0-rc1+ #512
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.13.0-1ubuntu1.1 04/01/2014
RIP: 0010:memcpy_erms+0x6/0x10
[...]
Call Trace:
<TASK>
? tpg_fill_plane_buffer+0x856/0x15b0
vivid_fillbuff+0x8ac/0x1110
vivid_thread_vid_cap_tick+0x361/0xc90
vivid_thread_vid_cap+0x21a/0x3a0
kthread+0x143/0x180
ret_from_fork+0x1f/0x30
</TASK>
This is because we forget to check boundary after adjust compose->height
int V4L2_SEL_TGT_CROP case. Add v4l2_rect_map_inside() to fix this problem
for this case.
Fixes: ef834f7836ec ("[media] vivid: add the video capture and output parts")
Signed-off-by: Liu Shixin <liushixin2@huawei.com>
Signed-off-by: Hans Verkuil <hverkuil-cisco@xs4all.nl>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/media/platform/vivid/vivid-vid-cap.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/drivers/media/platform/vivid/vivid-vid-cap.c b/drivers/media/platform/vivid/vivid-vid-cap.c
index 48f2c9c96fc9..ded48b7ad774 100644
--- a/drivers/media/platform/vivid/vivid-vid-cap.c
+++ b/drivers/media/platform/vivid/vivid-vid-cap.c
@@ -923,6 +923,7 @@ int vivid_vid_cap_s_selection(struct file *file, void *fh, struct v4l2_selection
if (dev->has_compose_cap) {
v4l2_rect_set_min_size(compose, &min_rect);
v4l2_rect_set_max_size(compose, &max_rect);
+ v4l2_rect_map_inside(compose, &fmt);
}
dev->fmt_cap_rect = fmt;
tpg_s_buf_height(&dev->tpg, fmt.height);
--
2.35.1
^ permalink raw reply related [flat|nested] 529+ messages in thread
* [PATCH 4.19 097/521] mtd: Fix device name leak when register device failed in add_mtd_device()
2023-01-16 15:44 [PATCH 4.19 000/521] 4.19.270-rc1 review Greg Kroah-Hartman
` (95 preceding siblings ...)
2023-01-16 15:45 ` [PATCH 4.19 096/521] media: vivid: fix compose size exceed boundary Greg Kroah-Hartman
@ 2023-01-16 15:45 ` Greg Kroah-Hartman
2023-01-16 15:46 ` [PATCH 4.19 098/521] wifi: rsi: Fix handling of 802.3 EAPOL frames sent via control port Greg Kroah-Hartman
` (427 subsequent siblings)
524 siblings, 0 replies; 529+ messages in thread
From: Greg Kroah-Hartman @ 2023-01-16 15:45 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Zhang Xiaoxu, Miquel Raynal, Sasha Levin
From: Zhang Xiaoxu <zhangxiaoxu5@huawei.com>
[ Upstream commit 895d68a39481a75c680aa421546931fb11942fa6 ]
There is a kmemleak when register device failed:
unreferenced object 0xffff888101aab550 (size 8):
comm "insmod", pid 3922, jiffies 4295277753 (age 925.408s)
hex dump (first 8 bytes):
6d 74 64 30 00 88 ff ff mtd0....
backtrace:
[<00000000bde26724>] __kmalloc_node_track_caller+0x4e/0x150
[<000000003c32b416>] kvasprintf+0xb0/0x130
[<000000001f7a8f15>] kobject_set_name_vargs+0x2f/0xb0
[<000000006e781163>] dev_set_name+0xab/0xe0
[<00000000e30d0c78>] add_mtd_device+0x4bb/0x700
[<00000000f3d34de7>] mtd_device_parse_register+0x2ac/0x3f0
[<00000000c0d88488>] 0xffffffffa0238457
[<00000000b40d0922>] 0xffffffffa02a008f
[<0000000023d17b9d>] do_one_initcall+0x87/0x2a0
[<00000000770f6ca6>] do_init_module+0xdf/0x320
[<000000007b6768fe>] load_module+0x2f98/0x3330
[<00000000346bed5a>] __do_sys_finit_module+0x113/0x1b0
[<00000000674c2290>] do_syscall_64+0x35/0x80
[<000000004c6a8d97>] entry_SYSCALL_64_after_hwframe+0x46/0xb0
If register device failed, should call put_device() to give up the
reference.
Fixes: 1f24b5a8ecbb ("[MTD] driver model updates")
Signed-off-by: Zhang Xiaoxu <zhangxiaoxu5@huawei.com>
Signed-off-by: Miquel Raynal <miquel.raynal@bootlin.com>
Link: https://lore.kernel.org/linux-mtd/20221022121352.2534682-1-zhangxiaoxu5@huawei.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/mtd/mtdcore.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/drivers/mtd/mtdcore.c b/drivers/mtd/mtdcore.c
index a0b1a7814e2e..90d9c0e93157 100644
--- a/drivers/mtd/mtdcore.c
+++ b/drivers/mtd/mtdcore.c
@@ -567,8 +567,10 @@ int add_mtd_device(struct mtd_info *mtd)
dev_set_drvdata(&mtd->dev, mtd);
of_node_get(mtd_get_of_node(mtd));
error = device_register(&mtd->dev);
- if (error)
+ if (error) {
+ put_device(&mtd->dev);
goto fail_added;
+ }
if (!IS_ERR_OR_NULL(dfs_dir_mtd)) {
mtd->dbg.dfs_dir = debugfs_create_dir(dev_name(&mtd->dev), dfs_dir_mtd);
--
2.35.1
^ permalink raw reply related [flat|nested] 529+ messages in thread
* [PATCH 4.19 098/521] wifi: rsi: Fix handling of 802.3 EAPOL frames sent via control port
2023-01-16 15:44 [PATCH 4.19 000/521] 4.19.270-rc1 review Greg Kroah-Hartman
` (96 preceding siblings ...)
2023-01-16 15:45 ` [PATCH 4.19 097/521] mtd: Fix device name leak when register device failed in add_mtd_device() Greg Kroah-Hartman
@ 2023-01-16 15:46 ` Greg Kroah-Hartman
2023-01-16 15:46 ` [PATCH 4.19 099/521] media: camss: Clean up received buffers on failed start of streaming Greg Kroah-Hartman
` (426 subsequent siblings)
524 siblings, 0 replies; 529+ messages in thread
From: Greg Kroah-Hartman @ 2023-01-16 15:46 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Marek Vasut, Kalle Valo, Sasha Levin
From: Marek Vasut <marex@denx.de>
[ Upstream commit b8f6efccbb9dc0ff5dee7e20d69a4747298ee603 ]
When using wpa_supplicant v2.10, this driver is no longer able to
associate with any AP and fails in the EAPOL 4-way handshake while
sending the 2/4 message to the AP. The problem is not present in
wpa_supplicant v2.9 or older. The problem stems from HostAP commit
144314eaa ("wpa_supplicant: Send EAPOL frames over nl80211 where available")
which changes the way EAPOL frames are sent, from them being send
at L2 frames to them being sent via nl80211 control port.
An EAPOL frame sent as L2 frame is passed to the WiFi driver with
skb->protocol ETH_P_PAE, while EAPOL frame sent via nl80211 control
port has skb->protocol set to ETH_P_802_3 . The later happens in
ieee80211_tx_control_port(), where the EAPOL frame is encapsulated
into 802.3 frame.
The rsi_91x driver handles ETH_P_PAE EAPOL frames as high-priority
frames and sends them via highest-priority transmit queue, while
the ETH_P_802_3 frames are sent as regular frames. The EAPOL 4-way
handshake frames must be sent as highest-priority, otherwise the
4-way handshake times out.
Therefore, to fix this problem, inspect the skb control flags and
if flag IEEE80211_TX_CTRL_PORT_CTRL_PROTO is set, assume this is
an EAPOL frame and transmit the frame via high-priority queue just
like other ETH_P_PAE frames.
Fixes: 0eb42586cf87 ("rsi: data packet descriptor enhancements")
Signed-off-by: Marek Vasut <marex@denx.de>
Signed-off-by: Kalle Valo <kvalo@kernel.org>
Link: https://lore.kernel.org/r/20221104163339.227432-1-marex@denx.de
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/wireless/rsi/rsi_91x_core.c | 4 +++-
drivers/net/wireless/rsi/rsi_91x_hal.c | 6 +++++-
2 files changed, 8 insertions(+), 2 deletions(-)
diff --git a/drivers/net/wireless/rsi/rsi_91x_core.c b/drivers/net/wireless/rsi/rsi_91x_core.c
index c6c29034b2ea..a939b552a8e4 100644
--- a/drivers/net/wireless/rsi/rsi_91x_core.c
+++ b/drivers/net/wireless/rsi/rsi_91x_core.c
@@ -466,7 +466,9 @@ void rsi_core_xmit(struct rsi_common *common, struct sk_buff *skb)
tid, 0);
}
}
- if (skb->protocol == cpu_to_be16(ETH_P_PAE)) {
+
+ if (IEEE80211_SKB_CB(skb)->control.flags &
+ IEEE80211_TX_CTRL_PORT_CTRL_PROTO) {
q_num = MGMT_SOFT_Q;
skb->priority = q_num;
}
diff --git a/drivers/net/wireless/rsi/rsi_91x_hal.c b/drivers/net/wireless/rsi/rsi_91x_hal.c
index 2cb7cca4ec2d..b445a52fbfbd 100644
--- a/drivers/net/wireless/rsi/rsi_91x_hal.c
+++ b/drivers/net/wireless/rsi/rsi_91x_hal.c
@@ -152,12 +152,16 @@ int rsi_prepare_data_desc(struct rsi_common *common, struct sk_buff *skb)
u8 header_size;
u8 vap_id = 0;
u8 dword_align_bytes;
+ bool tx_eapol;
u16 seq_num;
info = IEEE80211_SKB_CB(skb);
vif = info->control.vif;
tx_params = (struct skb_info *)info->driver_data;
+ tx_eapol = IEEE80211_SKB_CB(skb)->control.flags &
+ IEEE80211_TX_CTRL_PORT_CTRL_PROTO;
+
header_size = FRAME_DESC_SZ + sizeof(struct rsi_xtended_desc);
if (header_size > skb_headroom(skb)) {
rsi_dbg(ERR_ZONE, "%s: Unable to send pkt\n", __func__);
@@ -221,7 +225,7 @@ int rsi_prepare_data_desc(struct rsi_common *common, struct sk_buff *skb)
}
}
- if (skb->protocol == cpu_to_be16(ETH_P_PAE)) {
+ if (tx_eapol) {
rsi_dbg(INFO_ZONE, "*** Tx EAPOL ***\n");
data_desc->frame_info = cpu_to_le16(RATE_INFO_ENABLE);
--
2.35.1
^ permalink raw reply related [flat|nested] 529+ messages in thread
* [PATCH 4.19 099/521] media: camss: Clean up received buffers on failed start of streaming
2023-01-16 15:44 [PATCH 4.19 000/521] 4.19.270-rc1 review Greg Kroah-Hartman
` (97 preceding siblings ...)
2023-01-16 15:46 ` [PATCH 4.19 098/521] wifi: rsi: Fix handling of 802.3 EAPOL frames sent via control port Greg Kroah-Hartman
@ 2023-01-16 15:46 ` Greg Kroah-Hartman
2023-01-16 15:46 ` [PATCH 4.19 100/521] net, proc: Provide PROC_FS=n fallback for proc_create_net_single_write() Greg Kroah-Hartman
` (425 subsequent siblings)
524 siblings, 0 replies; 529+ messages in thread
From: Greg Kroah-Hartman @ 2023-01-16 15:46 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Vladimir Zapolskiy, Robert Foss,
Hans Verkuil, Mauro Carvalho Chehab, Sasha Levin
From: Vladimir Zapolskiy <vladimir.zapolskiy@linaro.org>
[ Upstream commit c8f3582345e6a69da65ab588f7c4c2d1685b0e80 ]
It is required to return the received buffers, if streaming can not be
started. For instance media_pipeline_start() may fail with EPIPE, if
a link validation between entities is not passed, and in such a case
a user gets a kernel warning:
WARNING: CPU: 1 PID: 520 at drivers/media/common/videobuf2/videobuf2-core.c:1592 vb2_start_streaming+0xec/0x160
<snip>
Call trace:
vb2_start_streaming+0xec/0x160
vb2_core_streamon+0x9c/0x1a0
vb2_ioctl_streamon+0x68/0xbc
v4l_streamon+0x30/0x3c
__video_do_ioctl+0x184/0x3e0
video_usercopy+0x37c/0x7b0
video_ioctl2+0x24/0x40
v4l2_ioctl+0x4c/0x70
The fix is to correct the error path in video_start_streaming() of camss.
Fixes: 0ac2586c410f ("media: camss: Add files which handle the video device nodes")
Signed-off-by: Vladimir Zapolskiy <vladimir.zapolskiy@linaro.org>
Reviewed-by: Robert Foss <robert.foss@linaro.org>
Signed-off-by: Hans Verkuil <hverkuil-cisco@xs4all.nl>
Signed-off-by: Mauro Carvalho Chehab <mchehab@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/media/platform/qcom/camss/camss-video.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/drivers/media/platform/qcom/camss/camss-video.c b/drivers/media/platform/qcom/camss/camss-video.c
index e81ebeb0506e..23701ec8d7de 100644
--- a/drivers/media/platform/qcom/camss/camss-video.c
+++ b/drivers/media/platform/qcom/camss/camss-video.c
@@ -438,7 +438,7 @@ static int video_start_streaming(struct vb2_queue *q, unsigned int count)
ret = media_pipeline_start(&vdev->entity, &video->pipe);
if (ret < 0)
- return ret;
+ goto flush_buffers;
ret = video_check_format(video);
if (ret < 0)
@@ -467,6 +467,7 @@ static int video_start_streaming(struct vb2_queue *q, unsigned int count)
error:
media_pipeline_stop(&vdev->entity);
+flush_buffers:
video->ops->flush_buffers(video, VB2_BUF_STATE_QUEUED);
return ret;
--
2.35.1
^ permalink raw reply related [flat|nested] 529+ messages in thread
* [PATCH 4.19 100/521] net, proc: Provide PROC_FS=n fallback for proc_create_net_single_write()
2023-01-16 15:44 [PATCH 4.19 000/521] 4.19.270-rc1 review Greg Kroah-Hartman
` (98 preceding siblings ...)
2023-01-16 15:46 ` [PATCH 4.19 099/521] media: camss: Clean up received buffers on failed start of streaming Greg Kroah-Hartman
@ 2023-01-16 15:46 ` Greg Kroah-Hartman
2023-01-16 15:46 ` [PATCH 4.19 101/521] drm/radeon: Add the missed acpi_put_table() to fix memory leak Greg Kroah-Hartman
` (424 subsequent siblings)
524 siblings, 0 replies; 529+ messages in thread
From: Greg Kroah-Hartman @ 2023-01-16 15:46 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, kernel test robot, David Howells,
Marc Dionne, linux-afs, netdev, Sasha Levin
From: David Howells <dhowells@redhat.com>
[ Upstream commit c3d96f690a790074b508fe183a41e36a00cd7ddd ]
Provide a CONFIG_PROC_FS=n fallback for proc_create_net_single_write().
Also provide a fallback for proc_create_net_data_write().
Fixes: 564def71765c ("proc: Add a way to make network proc files writable")
Reported-by: kernel test robot <lkp@intel.com>
Signed-off-by: David Howells <dhowells@redhat.com>
cc: Marc Dionne <marc.dionne@auristor.com>
cc: linux-afs@lists.infradead.org
cc: netdev@vger.kernel.org
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
include/linux/proc_fs.h | 2 ++
1 file changed, 2 insertions(+)
diff --git a/include/linux/proc_fs.h b/include/linux/proc_fs.h
index 5141657a0f7f..c16352fbbe1f 100644
--- a/include/linux/proc_fs.h
+++ b/include/linux/proc_fs.h
@@ -117,8 +117,10 @@ static inline void proc_remove(struct proc_dir_entry *de) {}
static inline int remove_proc_subtree(const char *name, struct proc_dir_entry *parent) { return 0; }
#define proc_create_net_data(name, mode, parent, ops, state_size, data) ({NULL;})
+#define proc_create_net_data_write(name, mode, parent, ops, write, state_size, data) ({NULL;})
#define proc_create_net(name, mode, parent, state_size, ops) ({NULL;})
#define proc_create_net_single(name, mode, parent, show, data) ({NULL;})
+#define proc_create_net_single_write(name, mode, parent, show, write, data) ({NULL;})
#endif /* CONFIG_PROC_FS */
--
2.35.1
^ permalink raw reply related [flat|nested] 529+ messages in thread
* [PATCH 4.19 101/521] drm/radeon: Add the missed acpi_put_table() to fix memory leak
2023-01-16 15:44 [PATCH 4.19 000/521] 4.19.270-rc1 review Greg Kroah-Hartman
` (99 preceding siblings ...)
2023-01-16 15:46 ` [PATCH 4.19 100/521] net, proc: Provide PROC_FS=n fallback for proc_create_net_single_write() Greg Kroah-Hartman
@ 2023-01-16 15:46 ` Greg Kroah-Hartman
2023-01-16 15:46 ` [PATCH 4.19 102/521] ASoC: pxa: fix null-pointer dereference in filter() Greg Kroah-Hartman
` (423 subsequent siblings)
524 siblings, 0 replies; 529+ messages in thread
From: Greg Kroah-Hartman @ 2023-01-16 15:46 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Hanjun Guo, Alex Deucher, Sasha Levin
From: Hanjun Guo <guohanjun@huawei.com>
[ Upstream commit 10276a20be1115e1f76c189330da2992df980eee ]
When the radeon driver reads the bios information from ACPI
table in radeon_acpi_vfct_bios(), it misses to call acpi_put_table()
to release the ACPI memory after the init, so add acpi_put_table()
properly to fix the memory leak.
v2: fix text formatting (Alex)
Fixes: 268ba0a99f89 ("drm/radeon: implement ACPI VFCT vbios fetch (v3)")
Signed-off-by: Hanjun Guo <guohanjun@huawei.com>
Signed-off-by: Alex Deucher <alexander.deucher@amd.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/gpu/drm/radeon/radeon_bios.c | 18 +++++++++++-------
1 file changed, 11 insertions(+), 7 deletions(-)
diff --git a/drivers/gpu/drm/radeon/radeon_bios.c b/drivers/gpu/drm/radeon/radeon_bios.c
index dd0528cf9818..8154d2d7fe9e 100644
--- a/drivers/gpu/drm/radeon/radeon_bios.c
+++ b/drivers/gpu/drm/radeon/radeon_bios.c
@@ -608,13 +608,14 @@ static bool radeon_acpi_vfct_bios(struct radeon_device *rdev)
acpi_size tbl_size;
UEFI_ACPI_VFCT *vfct;
unsigned offset;
+ bool r = false;
if (!ACPI_SUCCESS(acpi_get_table("VFCT", 1, &hdr)))
return false;
tbl_size = hdr->length;
if (tbl_size < sizeof(UEFI_ACPI_VFCT)) {
DRM_ERROR("ACPI VFCT table present but broken (too short #1)\n");
- return false;
+ goto out;
}
vfct = (UEFI_ACPI_VFCT *)hdr;
@@ -627,13 +628,13 @@ static bool radeon_acpi_vfct_bios(struct radeon_device *rdev)
offset += sizeof(VFCT_IMAGE_HEADER);
if (offset > tbl_size) {
DRM_ERROR("ACPI VFCT image header truncated\n");
- return false;
+ goto out;
}
offset += vhdr->ImageLength;
if (offset > tbl_size) {
DRM_ERROR("ACPI VFCT image truncated\n");
- return false;
+ goto out;
}
if (vhdr->ImageLength &&
@@ -645,15 +646,18 @@ static bool radeon_acpi_vfct_bios(struct radeon_device *rdev)
rdev->bios = kmemdup(&vbios->VbiosContent,
vhdr->ImageLength,
GFP_KERNEL);
+ if (rdev->bios)
+ r = true;
- if (!rdev->bios)
- return false;
- return true;
+ goto out;
}
}
DRM_ERROR("ACPI VFCT table present but broken (too short #2)\n");
- return false;
+
+out:
+ acpi_put_table(hdr);
+ return r;
}
#else
static inline bool radeon_acpi_vfct_bios(struct radeon_device *rdev)
--
2.35.1
^ permalink raw reply related [flat|nested] 529+ messages in thread
* [PATCH 4.19 102/521] ASoC: pxa: fix null-pointer dereference in filter()
2023-01-16 15:44 [PATCH 4.19 000/521] 4.19.270-rc1 review Greg Kroah-Hartman
` (100 preceding siblings ...)
2023-01-16 15:46 ` [PATCH 4.19 101/521] drm/radeon: Add the missed acpi_put_table() to fix memory leak Greg Kroah-Hartman
@ 2023-01-16 15:46 ` Greg Kroah-Hartman
2023-01-16 15:46 ` [PATCH 4.19 103/521] regulator: core: fix unbalanced of node refcount in regulator_dev_lookup() Greg Kroah-Hartman
` (422 subsequent siblings)
524 siblings, 0 replies; 529+ messages in thread
From: Greg Kroah-Hartman @ 2023-01-16 15:46 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Zeng Heng, Mark Brown, Sasha Levin
From: Zeng Heng <zengheng4@huawei.com>
[ Upstream commit ec7bf231aaa1bdbcb69d23bc50c753c80fb22429 ]
kasprintf() would return NULL pointer when kmalloc() fail to allocate.
Need to check the return pointer before calling strcmp().
Fixes: 7a824e214e25 ("ASoC: mmp: add audio dma support")
Signed-off-by: Zeng Heng <zengheng4@huawei.com>
Link: https://lore.kernel.org/r/20221114085629.1910435-1-zengheng4@huawei.com
Signed-off-by: Mark Brown <broonie@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
sound/soc/pxa/mmp-pcm.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/sound/soc/pxa/mmp-pcm.c b/sound/soc/pxa/mmp-pcm.c
index d2d4652de32c..5969aa66410d 100644
--- a/sound/soc/pxa/mmp-pcm.c
+++ b/sound/soc/pxa/mmp-pcm.c
@@ -90,7 +90,7 @@ static bool filter(struct dma_chan *chan, void *param)
devname = kasprintf(GFP_KERNEL, "%s.%d", dma_data->dma_res->name,
dma_data->ssp_id);
- if ((strcmp(dev_name(chan->device->dev), devname) == 0) &&
+ if (devname && (strcmp(dev_name(chan->device->dev), devname) == 0) &&
(chan->chan_id == dma_data->dma_res->start)) {
found = true;
}
--
2.35.1
^ permalink raw reply related [flat|nested] 529+ messages in thread
* [PATCH 4.19 103/521] regulator: core: fix unbalanced of node refcount in regulator_dev_lookup()
2023-01-16 15:44 [PATCH 4.19 000/521] 4.19.270-rc1 review Greg Kroah-Hartman
` (101 preceding siblings ...)
2023-01-16 15:46 ` [PATCH 4.19 102/521] ASoC: pxa: fix null-pointer dereference in filter() Greg Kroah-Hartman
@ 2023-01-16 15:46 ` Greg Kroah-Hartman
2023-01-16 15:46 ` [PATCH 4.19 104/521] ima: Fix misuse of dereference of pointer in template_desc_init_fields() Greg Kroah-Hartman
` (421 subsequent siblings)
524 siblings, 0 replies; 529+ messages in thread
From: Greg Kroah-Hartman @ 2023-01-16 15:46 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Yang Yingliang, Mark Brown, Sasha Levin
From: Yang Yingliang <yangyingliang@huawei.com>
[ Upstream commit f2b41b748c19962b82709d9f23c6b2b0ce9d2f91 ]
I got the the following report:
OF: ERROR: memory leak, expected refcount 1 instead of 2,
of_node_get()/of_node_put() unbalanced - destroy cset entry:
attach overlay node /i2c/pmic@62/regulators/exten
In of_get_regulator(), the node is returned from of_parse_phandle()
with refcount incremented, after using it, of_node_put() need be called.
Fixes: 69511a452e6d ("regulator: map consumer regulator based on device tree")
Signed-off-by: Yang Yingliang <yangyingliang@huawei.com>
Link: https://lore.kernel.org/r/20221115091508.900752-1-yangyingliang@huawei.com
Signed-off-by: Mark Brown <broonie@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/regulator/core.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/drivers/regulator/core.c b/drivers/regulator/core.c
index 045075cd256c..07982143ec18 100644
--- a/drivers/regulator/core.c
+++ b/drivers/regulator/core.c
@@ -1541,6 +1541,7 @@ static struct regulator_dev *regulator_dev_lookup(struct device *dev,
node = of_get_regulator(dev, supply);
if (node) {
r = of_find_regulator_by_node(node);
+ of_node_put(node);
if (r)
return r;
--
2.35.1
^ permalink raw reply related [flat|nested] 529+ messages in thread
* [PATCH 4.19 104/521] ima: Fix misuse of dereference of pointer in template_desc_init_fields()
2023-01-16 15:44 [PATCH 4.19 000/521] 4.19.270-rc1 review Greg Kroah-Hartman
` (102 preceding siblings ...)
2023-01-16 15:46 ` [PATCH 4.19 103/521] regulator: core: fix unbalanced of node refcount in regulator_dev_lookup() Greg Kroah-Hartman
@ 2023-01-16 15:46 ` Greg Kroah-Hartman
2023-01-16 15:46 ` [PATCH 4.19 105/521] wifi: ath10k: Fix return value in ath10k_pci_init() Greg Kroah-Hartman
` (420 subsequent siblings)
524 siblings, 0 replies; 529+ messages in thread
From: Greg Kroah-Hartman @ 2023-01-16 15:46 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Xiu Jianfeng, Roberto Sassu,
Mimi Zohar, Sasha Levin
From: Xiu Jianfeng <xiujianfeng@huawei.com>
[ Upstream commit 25369175ce84813dd99d6604e710dc2491f68523 ]
The input parameter @fields is type of struct ima_template_field ***, so
when allocates array memory for @fields, the size of element should be
sizeof(**field) instead of sizeof(*field).
Actually the original code would not cause any runtime error, but it's
better to make it logically right.
Fixes: adf53a778a0a ("ima: new templates management mechanism")
Signed-off-by: Xiu Jianfeng <xiujianfeng@huawei.com>
Reviewed-by: Roberto Sassu <roberto.sassu@huawei.com>
Signed-off-by: Mimi Zohar <zohar@linux.ibm.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
security/integrity/ima/ima_template.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/security/integrity/ima/ima_template.c b/security/integrity/ima/ima_template.c
index 4dfdccce497b..13567e555130 100644
--- a/security/integrity/ima/ima_template.c
+++ b/security/integrity/ima/ima_template.c
@@ -196,11 +196,11 @@ static int template_desc_init_fields(const char *template_fmt,
}
if (fields && num_fields) {
- *fields = kmalloc_array(i, sizeof(*fields), GFP_KERNEL);
+ *fields = kmalloc_array(i, sizeof(**fields), GFP_KERNEL);
if (*fields == NULL)
return -ENOMEM;
- memcpy(*fields, found_fields, i * sizeof(*fields));
+ memcpy(*fields, found_fields, i * sizeof(**fields));
*num_fields = i;
}
--
2.35.1
^ permalink raw reply related [flat|nested] 529+ messages in thread
* [PATCH 4.19 105/521] wifi: ath10k: Fix return value in ath10k_pci_init()
2023-01-16 15:44 [PATCH 4.19 000/521] 4.19.270-rc1 review Greg Kroah-Hartman
` (103 preceding siblings ...)
2023-01-16 15:46 ` [PATCH 4.19 104/521] ima: Fix misuse of dereference of pointer in template_desc_init_fields() Greg Kroah-Hartman
@ 2023-01-16 15:46 ` Greg Kroah-Hartman
2023-01-16 15:46 ` [PATCH 4.19 106/521] mtd: lpddr2_nvm: Fix possible null-ptr-deref Greg Kroah-Hartman
` (419 subsequent siblings)
524 siblings, 0 replies; 529+ messages in thread
From: Greg Kroah-Hartman @ 2023-01-16 15:46 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Xiu Jianfeng, Jeff Johnson,
Kalle Valo, Sasha Levin
From: Xiu Jianfeng <xiujianfeng@huawei.com>
[ Upstream commit 2af7749047d8d6ad43feff69f555a13a6a6c2831 ]
This driver is attempting to register to support two different buses.
if either of these is successful then ath10k_pci_init() should return 0
so that hardware attached to the successful bus can be probed and
supported. only if both of these are unsuccessful should ath10k_pci_init()
return an errno.
Fixes: 0b523ced9a3c ("ath10k: add basic skeleton to support ahb")
Signed-off-by: Xiu Jianfeng <xiujianfeng@huawei.com>
Reviewed-by: Jeff Johnson <quic_jjohnson@quicinc.com>
Signed-off-by: Kalle Valo <quic_kvalo@quicinc.com>
Link: https://lore.kernel.org/r/20221110061926.18163-1-xiujianfeng@huawei.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/wireless/ath/ath10k/pci.c | 20 ++++++++++++--------
1 file changed, 12 insertions(+), 8 deletions(-)
diff --git a/drivers/net/wireless/ath/ath10k/pci.c b/drivers/net/wireless/ath/ath10k/pci.c
index caece8339a50..92757495c73b 100644
--- a/drivers/net/wireless/ath/ath10k/pci.c
+++ b/drivers/net/wireless/ath/ath10k/pci.c
@@ -3739,18 +3739,22 @@ static struct pci_driver ath10k_pci_driver = {
static int __init ath10k_pci_init(void)
{
- int ret;
+ int ret1, ret2;
- ret = pci_register_driver(&ath10k_pci_driver);
- if (ret)
+ ret1 = pci_register_driver(&ath10k_pci_driver);
+ if (ret1)
printk(KERN_ERR "failed to register ath10k pci driver: %d\n",
- ret);
+ ret1);
- ret = ath10k_ahb_init();
- if (ret)
- printk(KERN_ERR "ahb init failed: %d\n", ret);
+ ret2 = ath10k_ahb_init();
+ if (ret2)
+ printk(KERN_ERR "ahb init failed: %d\n", ret2);
- return ret;
+ if (ret1 && ret2)
+ return ret1;
+
+ /* registered to at least one bus */
+ return 0;
}
module_init(ath10k_pci_init);
--
2.35.1
^ permalink raw reply related [flat|nested] 529+ messages in thread
* [PATCH 4.19 106/521] mtd: lpddr2_nvm: Fix possible null-ptr-deref
2023-01-16 15:44 [PATCH 4.19 000/521] 4.19.270-rc1 review Greg Kroah-Hartman
` (104 preceding siblings ...)
2023-01-16 15:46 ` [PATCH 4.19 105/521] wifi: ath10k: Fix return value in ath10k_pci_init() Greg Kroah-Hartman
@ 2023-01-16 15:46 ` Greg Kroah-Hartman
2023-01-16 15:46 ` [PATCH 4.19 107/521] Input: elants_i2c - properly handle the reset GPIO when power is off Greg Kroah-Hartman
` (418 subsequent siblings)
524 siblings, 0 replies; 529+ messages in thread
From: Greg Kroah-Hartman @ 2023-01-16 15:46 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Hui Tang, Uwe Kleine-König,
Miquel Raynal, Sasha Levin
From: Hui Tang <tanghui20@huawei.com>
[ Upstream commit 6bdd45d795adf9e73b38ced5e7f750cd199499ff ]
It will cause null-ptr-deref when resource_size(add_range) invoked,
if platform_get_resource() returns NULL.
Fixes: 96ba9dd65788 ("mtd: lpddr: add driver for LPDDR2-NVM PCM memories")
Signed-off-by: Hui Tang <tanghui20@huawei.com>
Acked-by: Uwe Kleine-König <u.kleine-koenig@pengutronix.de>
Signed-off-by: Miquel Raynal <miquel.raynal@bootlin.com>
Link: https://lore.kernel.org/linux-mtd/20221114090240.244172-1-tanghui20@huawei.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/mtd/lpddr/lpddr2_nvm.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/drivers/mtd/lpddr/lpddr2_nvm.c b/drivers/mtd/lpddr/lpddr2_nvm.c
index 90e6cb64db69..b004d3213a66 100644
--- a/drivers/mtd/lpddr/lpddr2_nvm.c
+++ b/drivers/mtd/lpddr/lpddr2_nvm.c
@@ -442,6 +442,8 @@ static int lpddr2_nvm_probe(struct platform_device *pdev)
/* lpddr2_nvm address range */
add_range = platform_get_resource(pdev, IORESOURCE_MEM, 0);
+ if (!add_range)
+ return -ENODEV;
/* Populate map_info data structure */
*map = (struct map_info) {
--
2.35.1
^ permalink raw reply related [flat|nested] 529+ messages in thread
* [PATCH 4.19 107/521] Input: elants_i2c - properly handle the reset GPIO when power is off
2023-01-16 15:44 [PATCH 4.19 000/521] 4.19.270-rc1 review Greg Kroah-Hartman
` (105 preceding siblings ...)
2023-01-16 15:46 ` [PATCH 4.19 106/521] mtd: lpddr2_nvm: Fix possible null-ptr-deref Greg Kroah-Hartman
@ 2023-01-16 15:46 ` Greg Kroah-Hartman
2023-01-16 15:46 ` [PATCH 4.19 108/521] media: solo6x10: fix possible memory leak in solo_sysfs_init() Greg Kroah-Hartman
` (417 subsequent siblings)
524 siblings, 0 replies; 529+ messages in thread
From: Greg Kroah-Hartman @ 2023-01-16 15:46 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Douglas Anderson, Dmitry Torokhov,
Sasha Levin
From: Douglas Anderson <dianders@chromium.org>
[ Upstream commit a85fbd6498441694475716a4d5c65f9d3e073faf ]
As can be seen in elants_i2c_power_off(), we want the reset GPIO
asserted when power is off. The reset GPIO is active low so we need
the reset line logic low when power is off to avoid leakage.
We have a problem, though, at probe time. At probe time we haven't
powered the regulators on yet but we have:
devm_gpiod_get(&client->dev, "reset", GPIOD_OUT_LOW);
While that _looks_ right, it turns out that it's not. The
GPIOD_OUT_LOW doesn't mean to init the GPIO to low. It means init the
GPIO to "not asserted". Since this is an active low GPIO that inits it
to be high.
Let's fix this to properly init the GPIO. Now after both probe and
power off the state of the GPIO is consistent (it's "asserted" or
level low).
Once we fix this, we can see that at power on time we no longer to
assert the reset GPIO as the first thing. The reset GPIO is _always_
asserted before powering on. Let's fix powering on to account for
this.
Fixes: afe10358e47a ("Input: elants_i2c - wire up regulator support")
Signed-off-by: Douglas Anderson <dianders@chromium.org>
Link: https://lore.kernel.org/r/20221117123805.1.I9959ac561dd6e1e8e1ce7085e4de6167b27c574f@changeid
Signed-off-by: Dmitry Torokhov <dmitry.torokhov@gmail.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/input/touchscreen/elants_i2c.c | 9 +++------
1 file changed, 3 insertions(+), 6 deletions(-)
diff --git a/drivers/input/touchscreen/elants_i2c.c b/drivers/input/touchscreen/elants_i2c.c
index adfae2d88707..83e9bded87d9 100644
--- a/drivers/input/touchscreen/elants_i2c.c
+++ b/drivers/input/touchscreen/elants_i2c.c
@@ -1082,14 +1082,12 @@ static int elants_i2c_power_on(struct elants_data *ts)
if (IS_ERR_OR_NULL(ts->reset_gpio))
return 0;
- gpiod_set_value_cansleep(ts->reset_gpio, 1);
-
error = regulator_enable(ts->vcc33);
if (error) {
dev_err(&ts->client->dev,
"failed to enable vcc33 regulator: %d\n",
error);
- goto release_reset_gpio;
+ return error;
}
error = regulator_enable(ts->vccio);
@@ -1098,7 +1096,7 @@ static int elants_i2c_power_on(struct elants_data *ts)
"failed to enable vccio regulator: %d\n",
error);
regulator_disable(ts->vcc33);
- goto release_reset_gpio;
+ return error;
}
/*
@@ -1107,7 +1105,6 @@ static int elants_i2c_power_on(struct elants_data *ts)
*/
udelay(ELAN_POWERON_DELAY_USEC);
-release_reset_gpio:
gpiod_set_value_cansleep(ts->reset_gpio, 0);
if (error)
return error;
@@ -1215,7 +1212,7 @@ static int elants_i2c_probe(struct i2c_client *client,
return error;
}
- ts->reset_gpio = devm_gpiod_get(&client->dev, "reset", GPIOD_OUT_LOW);
+ ts->reset_gpio = devm_gpiod_get(&client->dev, "reset", GPIOD_OUT_HIGH);
if (IS_ERR(ts->reset_gpio)) {
error = PTR_ERR(ts->reset_gpio);
--
2.35.1
^ permalink raw reply related [flat|nested] 529+ messages in thread
* [PATCH 4.19 108/521] media: solo6x10: fix possible memory leak in solo_sysfs_init()
2023-01-16 15:44 [PATCH 4.19 000/521] 4.19.270-rc1 review Greg Kroah-Hartman
` (106 preceding siblings ...)
2023-01-16 15:46 ` [PATCH 4.19 107/521] Input: elants_i2c - properly handle the reset GPIO when power is off Greg Kroah-Hartman
@ 2023-01-16 15:46 ` Greg Kroah-Hartman
2023-01-16 15:46 ` [PATCH 4.19 109/521] media: platform: exynos4-is: Fix error handling in fimc_md_init() Greg Kroah-Hartman
` (416 subsequent siblings)
524 siblings, 0 replies; 529+ messages in thread
From: Greg Kroah-Hartman @ 2023-01-16 15:46 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Yang Yingliang, Hans Verkuil, Sasha Levin
From: Yang Yingliang <yangyingliang@huawei.com>
[ Upstream commit 7f5866dd96d95b74e439f6ee17b8abd8195179fb ]
If device_register() returns error in solo_sysfs_init(), the
name allocated by dev_set_name() need be freed. As comment of
device_register() says, it should use put_device() to give up
the reference in the error path. So fix this by calling
put_device(), then the name can be freed in kobject_cleanup().
Fixes: dcae5dacbce5 ("[media] solo6x10: sync to latest code from Bluecherry's git repo")
Signed-off-by: Yang Yingliang <yangyingliang@huawei.com>
Signed-off-by: Hans Verkuil <hverkuil-cisco@xs4all.nl>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/media/pci/solo6x10/solo6x10-core.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/drivers/media/pci/solo6x10/solo6x10-core.c b/drivers/media/pci/solo6x10/solo6x10-core.c
index 19ffd2ed3cc7..d3bca099b78b 100644
--- a/drivers/media/pci/solo6x10/solo6x10-core.c
+++ b/drivers/media/pci/solo6x10/solo6x10-core.c
@@ -429,6 +429,7 @@ static int solo_sysfs_init(struct solo_dev *solo_dev)
solo_dev->nr_chans);
if (device_register(dev)) {
+ put_device(dev);
dev->parent = NULL;
return -ENOMEM;
}
--
2.35.1
^ permalink raw reply related [flat|nested] 529+ messages in thread
* [PATCH 4.19 109/521] media: platform: exynos4-is: Fix error handling in fimc_md_init()
2023-01-16 15:44 [PATCH 4.19 000/521] 4.19.270-rc1 review Greg Kroah-Hartman
` (107 preceding siblings ...)
2023-01-16 15:46 ` [PATCH 4.19 108/521] media: solo6x10: fix possible memory leak in solo_sysfs_init() Greg Kroah-Hartman
@ 2023-01-16 15:46 ` Greg Kroah-Hartman
2023-01-16 15:46 ` [PATCH 4.19 110/521] HID: hid-sensor-custom: set fixed size for custom attributes Greg Kroah-Hartman
` (415 subsequent siblings)
524 siblings, 0 replies; 529+ messages in thread
From: Greg Kroah-Hartman @ 2023-01-16 15:46 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Yuan Can, Hans Verkuil, Sasha Levin
From: Yuan Can <yuancan@huawei.com>
[ Upstream commit b434422c45282a0573d8123239abc41fa72665d4 ]
A problem about modprobe s5p_fimc failed is triggered with the
following log given:
[ 272.075275] Error: Driver 'exynos4-fimc' is already registered, aborting...
modprobe: ERROR: could not insert 's5p_fimc': Device or resource busy
The reason is that fimc_md_init() returns platform_driver_register()
directly without checking its return value, if platform_driver_register()
failed, it returns without unregister fimc_driver, resulting the
s5p_fimc can never be installed later.
A simple call graph is shown as below:
fimc_md_init()
fimc_register_driver() # register fimc_driver
platform_driver_register()
platform_driver_register()
driver_register()
bus_add_driver()
dev = kzalloc(...) # OOM happened
# return without unregister fimc_driver
Fix by unregister fimc_driver when platform_driver_register() returns
error.
Fixes: d3953223b090 ("[media] s5p-fimc: Add the media device driver")
Signed-off-by: Yuan Can <yuancan@huawei.com>
Signed-off-by: Hans Verkuil <hverkuil-cisco@xs4all.nl>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/media/platform/exynos4-is/fimc-core.c | 2 +-
drivers/media/platform/exynos4-is/media-dev.c | 6 +++++-
2 files changed, 6 insertions(+), 2 deletions(-)
diff --git a/drivers/media/platform/exynos4-is/fimc-core.c b/drivers/media/platform/exynos4-is/fimc-core.c
index d8d8c9902b19..cc8bc41b7db7 100644
--- a/drivers/media/platform/exynos4-is/fimc-core.c
+++ b/drivers/media/platform/exynos4-is/fimc-core.c
@@ -1255,7 +1255,7 @@ int __init fimc_register_driver(void)
return platform_driver_register(&fimc_driver);
}
-void __exit fimc_unregister_driver(void)
+void fimc_unregister_driver(void)
{
platform_driver_unregister(&fimc_driver);
}
diff --git a/drivers/media/platform/exynos4-is/media-dev.c b/drivers/media/platform/exynos4-is/media-dev.c
index 3261dc72cc61..03171f2cf296 100644
--- a/drivers/media/platform/exynos4-is/media-dev.c
+++ b/drivers/media/platform/exynos4-is/media-dev.c
@@ -1566,7 +1566,11 @@ static int __init fimc_md_init(void)
if (ret)
return ret;
- return platform_driver_register(&fimc_md_driver);
+ ret = platform_driver_register(&fimc_md_driver);
+ if (ret)
+ fimc_unregister_driver();
+
+ return ret;
}
static void __exit fimc_md_exit(void)
--
2.35.1
^ permalink raw reply related [flat|nested] 529+ messages in thread
* [PATCH 4.19 110/521] HID: hid-sensor-custom: set fixed size for custom attributes
2023-01-16 15:44 [PATCH 4.19 000/521] 4.19.270-rc1 review Greg Kroah-Hartman
` (108 preceding siblings ...)
2023-01-16 15:46 ` [PATCH 4.19 109/521] media: platform: exynos4-is: Fix error handling in fimc_md_init() Greg Kroah-Hartman
@ 2023-01-16 15:46 ` Greg Kroah-Hartman
2023-01-16 15:46 ` [PATCH 4.19 111/521] ALSA: seq: fix undefined behavior in bit shift for SNDRV_SEQ_FILTER_USE_EVENT Greg Kroah-Hartman
` (414 subsequent siblings)
524 siblings, 0 replies; 529+ messages in thread
From: Greg Kroah-Hartman @ 2023-01-16 15:46 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Marcus Folkesson, Jonathan Cameron,
Jiri Kosina, Sasha Levin
From: Marcus Folkesson <marcus.folkesson@gmail.com>
[ Upstream commit 9d013910df22de91333a0acc81d1dbb115bd76f6 ]
This is no bugfix (so no Fixes: tag is necessary) as it is
taken care of in hid_sensor_custom_add_attributes().
The motivation for this patch is that:
hid_sensor_custom_field.attr_name and
hid_sensor_custom_field.attrs
has the size of HID_CUSTOM_TOTAL_ATTRS and used in same context.
We compare against HID_CUSTOM_TOTAL_ATTRS when
looping through hid_custom_attrs.
We will silent the smatch error:
hid_sensor_custom_add_attributes() error: buffer overflow
'hid_custom_attrs' 8 <= 10
Signed-off-by: Marcus Folkesson <marcus.folkesson@gmail.com>
Acked-by: Jonathan Cameron <Jonathan.Cameron@huawei.com>
Signed-off-by: Jiri Kosina <jkosina@suse.cz>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/hid/hid-sensor-custom.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/hid/hid-sensor-custom.c b/drivers/hid/hid-sensor-custom.c
index bb012bc032e0..a0c30863e1e0 100644
--- a/drivers/hid/hid-sensor-custom.c
+++ b/drivers/hid/hid-sensor-custom.c
@@ -67,7 +67,7 @@ struct hid_sensor_sample {
u32 raw_len;
} __packed;
-static struct attribute hid_custom_attrs[] = {
+static struct attribute hid_custom_attrs[HID_CUSTOM_TOTAL_ATTRS] = {
{.name = "name", .mode = S_IRUGO},
{.name = "units", .mode = S_IRUGO},
{.name = "unit-expo", .mode = S_IRUGO},
--
2.35.1
^ permalink raw reply related [flat|nested] 529+ messages in thread
* [PATCH 4.19 111/521] ALSA: seq: fix undefined behavior in bit shift for SNDRV_SEQ_FILTER_USE_EVENT
2023-01-16 15:44 [PATCH 4.19 000/521] 4.19.270-rc1 review Greg Kroah-Hartman
` (109 preceding siblings ...)
2023-01-16 15:46 ` [PATCH 4.19 110/521] HID: hid-sensor-custom: set fixed size for custom attributes Greg Kroah-Hartman
@ 2023-01-16 15:46 ` Greg Kroah-Hartman
2023-01-16 15:46 ` [PATCH 4.19 112/521] clk: rockchip: Fix memory leak in rockchip_clk_register_pll() Greg Kroah-Hartman
` (413 subsequent siblings)
524 siblings, 0 replies; 529+ messages in thread
From: Greg Kroah-Hartman @ 2023-01-16 15:46 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Baisong Zhong, Takashi Iwai, Sasha Levin
From: Baisong Zhong <zhongbaisong@huawei.com>
[ Upstream commit cf59e1e4c79bf741905484cdb13c130b53576a16 ]
Shifting signed 32-bit value by 31 bits is undefined, so changing
significant bit to unsigned. The UBSAN warning calltrace like below:
UBSAN: shift-out-of-bounds in sound/core/seq/seq_clientmgr.c:509:22
left shift of 1 by 31 places cannot be represented in type 'int'
...
Call Trace:
<TASK>
dump_stack_lvl+0x8d/0xcf
ubsan_epilogue+0xa/0x44
__ubsan_handle_shift_out_of_bounds+0x1e7/0x208
snd_seq_deliver_single_event.constprop.21+0x191/0x2f0
snd_seq_deliver_event+0x1a2/0x350
snd_seq_kernel_client_dispatch+0x8b/0xb0
snd_seq_client_notify_subscription+0x72/0xa0
snd_seq_ioctl_subscribe_port+0x128/0x160
snd_seq_kernel_client_ctl+0xce/0xf0
snd_seq_oss_create_client+0x109/0x15b
alsa_seq_oss_init+0x11c/0x1aa
do_one_initcall+0x80/0x440
kernel_init_freeable+0x370/0x3c3
kernel_init+0x1b/0x190
ret_from_fork+0x1f/0x30
</TASK>
Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2")
Signed-off-by: Baisong Zhong <zhongbaisong@huawei.com>
Link: https://lore.kernel.org/r/20221121111630.3119259-1-zhongbaisong@huawei.com
Signed-off-by: Takashi Iwai <tiwai@suse.de>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
include/uapi/sound/asequencer.h | 8 ++++----
1 file changed, 4 insertions(+), 4 deletions(-)
diff --git a/include/uapi/sound/asequencer.h b/include/uapi/sound/asequencer.h
index a75e14edc957..dbd60f48b4b0 100644
--- a/include/uapi/sound/asequencer.h
+++ b/include/uapi/sound/asequencer.h
@@ -344,10 +344,10 @@ typedef int __bitwise snd_seq_client_type_t;
#define KERNEL_CLIENT ((__force snd_seq_client_type_t) 2)
/* event filter flags */
-#define SNDRV_SEQ_FILTER_BROADCAST (1<<0) /* accept broadcast messages */
-#define SNDRV_SEQ_FILTER_MULTICAST (1<<1) /* accept multicast messages */
-#define SNDRV_SEQ_FILTER_BOUNCE (1<<2) /* accept bounce event in error */
-#define SNDRV_SEQ_FILTER_USE_EVENT (1<<31) /* use event filter */
+#define SNDRV_SEQ_FILTER_BROADCAST (1U<<0) /* accept broadcast messages */
+#define SNDRV_SEQ_FILTER_MULTICAST (1U<<1) /* accept multicast messages */
+#define SNDRV_SEQ_FILTER_BOUNCE (1U<<2) /* accept bounce event in error */
+#define SNDRV_SEQ_FILTER_USE_EVENT (1U<<31) /* use event filter */
struct snd_seq_client_info {
int client; /* client number to inquire */
--
2.35.1
^ permalink raw reply related [flat|nested] 529+ messages in thread
* [PATCH 4.19 112/521] clk: rockchip: Fix memory leak in rockchip_clk_register_pll()
2023-01-16 15:44 [PATCH 4.19 000/521] 4.19.270-rc1 review Greg Kroah-Hartman
` (110 preceding siblings ...)
2023-01-16 15:46 ` [PATCH 4.19 111/521] ALSA: seq: fix undefined behavior in bit shift for SNDRV_SEQ_FILTER_USE_EVENT Greg Kroah-Hartman
@ 2023-01-16 15:46 ` Greg Kroah-Hartman
2023-01-16 15:46 ` [PATCH 4.19 113/521] bonding: Export skip slave logic to function Greg Kroah-Hartman
` (412 subsequent siblings)
524 siblings, 0 replies; 529+ messages in thread
From: Greg Kroah-Hartman @ 2023-01-16 15:46 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Xiu Jianfeng, Heiko Stuebner, Sasha Levin
From: Xiu Jianfeng <xiujianfeng@huawei.com>
[ Upstream commit 739a6a6bbdb793bd57938cb24aa5a6df89983546 ]
If clk_register() fails, @pll->rate_table may have allocated memory by
kmemdup(), so it needs to be freed, otherwise will cause memory leak
issue, this patch fixes it.
Fixes: 90c590254051 ("clk: rockchip: add clock type for pll clocks and pll used on rk3066")
Signed-off-by: Xiu Jianfeng <xiujianfeng@huawei.com>
Link: https://lore.kernel.org/r/20221123091201.199819-1-xiujianfeng@huawei.com
Signed-off-by: Heiko Stuebner <heiko@sntech.de>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/clk/rockchip/clk-pll.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/drivers/clk/rockchip/clk-pll.c b/drivers/clk/rockchip/clk-pll.c
index dd0433d4753e..77aff5defac6 100644
--- a/drivers/clk/rockchip/clk-pll.c
+++ b/drivers/clk/rockchip/clk-pll.c
@@ -972,6 +972,7 @@ struct clk *rockchip_clk_register_pll(struct rockchip_clk_provider *ctx,
return mux_clk;
err_pll:
+ kfree(pll->rate_table);
clk_unregister(mux_clk);
mux_clk = pll_clk;
err_mux:
--
2.35.1
^ permalink raw reply related [flat|nested] 529+ messages in thread
* [PATCH 4.19 113/521] bonding: Export skip slave logic to function
2023-01-16 15:44 [PATCH 4.19 000/521] 4.19.270-rc1 review Greg Kroah-Hartman
` (111 preceding siblings ...)
2023-01-16 15:46 ` [PATCH 4.19 112/521] clk: rockchip: Fix memory leak in rockchip_clk_register_pll() Greg Kroah-Hartman
@ 2023-01-16 15:46 ` Greg Kroah-Hartman
2023-01-16 15:46 ` [PATCH 4.19 114/521] mtd: maps: pxa2xx-flash: fix memory leak in probe Greg Kroah-Hartman
` (411 subsequent siblings)
524 siblings, 0 replies; 529+ messages in thread
From: Greg Kroah-Hartman @ 2023-01-16 15:46 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Maor Gottlieb, Jiri Pirko,
Jay Vosburgh, David S. Miller, Saeed Mahameed, Sasha Levin
From: Maor Gottlieb <maorg@mellanox.com>
[ Upstream commit 119d48fd4298594beccf4f2ecd00627826ce2646 ]
As a preparation for following change that add array of
all slaves, extract code that skip slave to function.
Signed-off-by: Maor Gottlieb <maorg@mellanox.com>
Reviewed-by: Jiri Pirko <jiri@mellanox.com>
Reviewed-by: Jay Vosburgh <jay.vosburgh@canonical.com>
Acked-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Saeed Mahameed <saeedm@mellanox.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/bonding/bond_main.c | 47 ++++++++++++++++++---------------
1 file changed, 26 insertions(+), 21 deletions(-)
diff --git a/drivers/net/bonding/bond_main.c b/drivers/net/bonding/bond_main.c
index cab5c1cc9fe9..85efa0e0ee2c 100644
--- a/drivers/net/bonding/bond_main.c
+++ b/drivers/net/bonding/bond_main.c
@@ -3993,6 +3993,29 @@ static void bond_slave_arr_handler(struct work_struct *work)
bond_slave_arr_work_rearm(bond, 1);
}
+static void bond_skip_slave(struct bond_up_slave *slaves,
+ struct slave *skipslave)
+{
+ int idx;
+
+ /* Rare situation where caller has asked to skip a specific
+ * slave but allocation failed (most likely!). BTW this is
+ * only possible when the call is initiated from
+ * __bond_release_one(). In this situation; overwrite the
+ * skipslave entry in the array with the last entry from the
+ * array to avoid a situation where the xmit path may choose
+ * this to-be-skipped slave to send a packet out.
+ */
+ for (idx = 0; slaves && idx < slaves->count; idx++) {
+ if (skipslave == slaves->arr[idx]) {
+ slaves->arr[idx] =
+ slaves->arr[slaves->count - 1];
+ slaves->count--;
+ break;
+ }
+ }
+}
+
/* Build the usable slaves array in control path for modes that use xmit-hash
* to determine the slave interface -
* (a) BOND_MODE_8023AD
@@ -4063,27 +4086,9 @@ int bond_update_slave_arr(struct bonding *bond, struct slave *skipslave)
if (old_arr)
kfree_rcu(old_arr, rcu);
out:
- if (ret != 0 && skipslave) {
- int idx;
-
- /* Rare situation where caller has asked to skip a specific
- * slave but allocation failed (most likely!). BTW this is
- * only possible when the call is initiated from
- * __bond_release_one(). In this situation; overwrite the
- * skipslave entry in the array with the last entry from the
- * array to avoid a situation where the xmit path may choose
- * this to-be-skipped slave to send a packet out.
- */
- old_arr = rtnl_dereference(bond->slave_arr);
- for (idx = 0; old_arr != NULL && idx < old_arr->count; idx++) {
- if (skipslave == old_arr->arr[idx]) {
- old_arr->arr[idx] =
- old_arr->arr[old_arr->count-1];
- old_arr->count--;
- break;
- }
- }
- }
+ if (ret != 0 && skipslave)
+ bond_skip_slave(rtnl_dereference(bond->slave_arr), skipslave);
+
return ret;
}
--
2.35.1
^ permalink raw reply related [flat|nested] 529+ messages in thread
* [PATCH 4.19 114/521] mtd: maps: pxa2xx-flash: fix memory leak in probe
2023-01-16 15:44 [PATCH 4.19 000/521] 4.19.270-rc1 review Greg Kroah-Hartman
` (112 preceding siblings ...)
2023-01-16 15:46 ` [PATCH 4.19 113/521] bonding: Export skip slave logic to function Greg Kroah-Hartman
@ 2023-01-16 15:46 ` Greg Kroah-Hartman
2023-01-16 15:46 ` [PATCH 4.19 115/521] drbd: remove call to memset before free device/resource/connection Greg Kroah-Hartman
` (410 subsequent siblings)
524 siblings, 0 replies; 529+ messages in thread
From: Greg Kroah-Hartman @ 2023-01-16 15:46 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Zheng Yongjun, Miquel Raynal, Sasha Levin
From: Zheng Yongjun <zhengyongjun3@huawei.com>
[ Upstream commit 2399401feee27c639addc5b7e6ba519d3ca341bf ]
Free 'info' upon remapping error to avoid a memory leak.
Fixes: e644f7d62894 ("[MTD] MAPS: Merge Lubbock and Mainstone drivers into common PXA2xx driver")
Signed-off-by: Zheng Yongjun <zhengyongjun3@huawei.com>
[<miquel.raynal@bootlin.com>: Reword the commit log]
Signed-off-by: Miquel Raynal <miquel.raynal@bootlin.com>
Link: https://lore.kernel.org/linux-mtd/20221119073307.22929-1-zhengyongjun3@huawei.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/mtd/maps/pxa2xx-flash.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/drivers/mtd/maps/pxa2xx-flash.c b/drivers/mtd/maps/pxa2xx-flash.c
index 2cde28ed95c9..59d2fe1f46e1 100644
--- a/drivers/mtd/maps/pxa2xx-flash.c
+++ b/drivers/mtd/maps/pxa2xx-flash.c
@@ -69,6 +69,7 @@ static int pxa2xx_flash_probe(struct platform_device *pdev)
if (!info->map.virt) {
printk(KERN_WARNING "Failed to ioremap %s\n",
info->map.name);
+ kfree(info);
return -ENOMEM;
}
info->map.cached =
@@ -91,6 +92,7 @@ static int pxa2xx_flash_probe(struct platform_device *pdev)
iounmap((void *)info->map.virt);
if (info->map.cached)
iounmap(info->map.cached);
+ kfree(info);
return -EIO;
}
info->mtd->dev.parent = &pdev->dev;
--
2.35.1
^ permalink raw reply related [flat|nested] 529+ messages in thread
* [PATCH 4.19 115/521] drbd: remove call to memset before free device/resource/connection
2023-01-16 15:44 [PATCH 4.19 000/521] 4.19.270-rc1 review Greg Kroah-Hartman
` (113 preceding siblings ...)
2023-01-16 15:46 ` [PATCH 4.19 114/521] mtd: maps: pxa2xx-flash: fix memory leak in probe Greg Kroah-Hartman
@ 2023-01-16 15:46 ` Greg Kroah-Hartman
2023-01-16 15:46 ` [PATCH 4.19 116/521] media: imon: fix a race condition in send_packet() Greg Kroah-Hartman
` (409 subsequent siblings)
524 siblings, 0 replies; 529+ messages in thread
From: Greg Kroah-Hartman @ 2023-01-16 15:46 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Wang ShaoBo, Jens Axboe, Sasha Levin
From: Wang ShaoBo <bobo.shaobowang@huawei.com>
[ Upstream commit 6e7b854e4c1b02dba00760dfa79d8dbf6cce561e ]
This revert c2258ffc56f2 ("drbd: poison free'd device, resource and
connection structs"), add memset is odd here for debugging, there are
some methods to accurately show what happened, such as kdump.
Signed-off-by: Wang ShaoBo <bobo.shaobowang@huawei.com>
Link: https://lore.kernel.org/r/20221124015817.2729789-2-bobo.shaobowang@huawei.com
Signed-off-by: Jens Axboe <axboe@kernel.dk>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/block/drbd/drbd_main.c | 3 ---
1 file changed, 3 deletions(-)
diff --git a/drivers/block/drbd/drbd_main.c b/drivers/block/drbd/drbd_main.c
index 3ae718aa6b39..1ff5af6c4f3f 100644
--- a/drivers/block/drbd/drbd_main.c
+++ b/drivers/block/drbd/drbd_main.c
@@ -2258,7 +2258,6 @@ void drbd_destroy_device(struct kref *kref)
kref_put(&peer_device->connection->kref, drbd_destroy_connection);
kfree(peer_device);
}
- memset(device, 0xfd, sizeof(*device));
kfree(device);
kref_put(&resource->kref, drbd_destroy_resource);
}
@@ -2351,7 +2350,6 @@ void drbd_destroy_resource(struct kref *kref)
idr_destroy(&resource->devices);
free_cpumask_var(resource->cpu_mask);
kfree(resource->name);
- memset(resource, 0xf2, sizeof(*resource));
kfree(resource);
}
@@ -2748,7 +2746,6 @@ void drbd_destroy_connection(struct kref *kref)
drbd_free_socket(&connection->data);
kfree(connection->int_dig_in);
kfree(connection->int_dig_vv);
- memset(connection, 0xfc, sizeof(*connection));
kfree(connection);
kref_put(&resource->kref, drbd_destroy_resource);
}
--
2.35.1
^ permalink raw reply related [flat|nested] 529+ messages in thread
* [PATCH 4.19 116/521] media: imon: fix a race condition in send_packet()
2023-01-16 15:44 [PATCH 4.19 000/521] 4.19.270-rc1 review Greg Kroah-Hartman
` (114 preceding siblings ...)
2023-01-16 15:46 ` [PATCH 4.19 115/521] drbd: remove call to memset before free device/resource/connection Greg Kroah-Hartman
@ 2023-01-16 15:46 ` Greg Kroah-Hartman
2023-01-16 15:46 ` [PATCH 4.19 117/521] pinctrl: pinconf-generic: add missing of_node_put() Greg Kroah-Hartman
` (408 subsequent siblings)
524 siblings, 0 replies; 529+ messages in thread
From: Greg Kroah-Hartman @ 2023-01-16 15:46 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, syzbot+0c3cb6dc05fbbdc3ad66,
Gautam Menghani, Sean Young, Mauro Carvalho Chehab, Sasha Levin
From: Gautam Menghani <gautammenghani201@gmail.com>
[ Upstream commit 813ceef062b53d68f296aa3cb944b21a091fabdb ]
The function send_packet() has a race condition as follows:
func send_packet()
{
// do work
call usb_submit_urb()
mutex_unlock()
wait_for_event_interruptible() <-- lock gone
mutex_lock()
}
func vfd_write()
{
mutex_lock()
call send_packet() <- prev call is not completed
mutex_unlock()
}
When the mutex is unlocked and the function send_packet() waits for the
call to complete, vfd_write() can start another call, which leads to the
"URB submitted while active" warning in usb_submit_urb().
Fix this by removing the mutex_unlock() call in send_packet() and using
mutex_lock_interruptible().
Link: https://syzkaller.appspot.com/bug?id=e378e6a51fbe6c5cc43e34f131cc9a315ef0337e
Fixes: 21677cfc562a ("V4L/DVB: ir-core: add imon driver")
Reported-by: syzbot+0c3cb6dc05fbbdc3ad66@syzkaller.appspotmail.com
Signed-off-by: Gautam Menghani <gautammenghani201@gmail.com>
Signed-off-by: Sean Young <sean@mess.org>
Signed-off-by: Mauro Carvalho Chehab <mchehab@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/media/rc/imon.c | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/drivers/media/rc/imon.c b/drivers/media/rc/imon.c
index 6b10363fb6f0..99bb7380ee0e 100644
--- a/drivers/media/rc/imon.c
+++ b/drivers/media/rc/imon.c
@@ -613,15 +613,14 @@ static int send_packet(struct imon_context *ictx)
pr_err_ratelimited("error submitting urb(%d)\n", retval);
} else {
/* Wait for transmission to complete (or abort) */
- mutex_unlock(&ictx->lock);
retval = wait_for_completion_interruptible(
&ictx->tx.finished);
if (retval) {
usb_kill_urb(ictx->tx_urb);
pr_err_ratelimited("task interrupted\n");
}
- mutex_lock(&ictx->lock);
+ ictx->tx.busy = false;
retval = ictx->tx.status;
if (retval)
pr_err_ratelimited("packet tx failed (%d)\n", retval);
@@ -928,7 +927,8 @@ static ssize_t vfd_write(struct file *file, const char __user *buf,
return -ENODEV;
}
- mutex_lock(&ictx->lock);
+ if (mutex_lock_interruptible(&ictx->lock))
+ return -ERESTARTSYS;
if (!ictx->dev_present_intf0) {
pr_err_ratelimited("no iMON device present\n");
--
2.35.1
^ permalink raw reply related [flat|nested] 529+ messages in thread
* [PATCH 4.19 117/521] pinctrl: pinconf-generic: add missing of_node_put()
2023-01-16 15:44 [PATCH 4.19 000/521] 4.19.270-rc1 review Greg Kroah-Hartman
` (115 preceding siblings ...)
2023-01-16 15:46 ` [PATCH 4.19 116/521] media: imon: fix a race condition in send_packet() Greg Kroah-Hartman
@ 2023-01-16 15:46 ` Greg Kroah-Hartman
2023-01-16 15:46 ` [PATCH 4.19 118/521] media: dvb-core: Fix ignored return value in dvb_register_frontend() Greg Kroah-Hartman
` (407 subsequent siblings)
524 siblings, 0 replies; 529+ messages in thread
From: Greg Kroah-Hartman @ 2023-01-16 15:46 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, ZhangPeng, Linus Walleij, Sasha Levin
From: ZhangPeng <zhangpeng362@huawei.com>
[ Upstream commit 5ead93289815a075d43c415e35c8beafafb801c9 ]
of_node_put() needs to be called when jumping out of the loop, since
for_each_available_child_of_node() will increase the refcount of node.
Fixes: c7289500e29d ("pinctrl: pinconf-generic: scan also referenced phandle node")
Signed-off-by: ZhangPeng <zhangpeng362@huawei.com>
Link: https://lore.kernel.org/r/20221125070156.3535855-1-zhangpeng362@huawei.com
Signed-off-by: Linus Walleij <linus.walleij@linaro.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/pinctrl/pinconf-generic.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/drivers/pinctrl/pinconf-generic.c b/drivers/pinctrl/pinconf-generic.c
index 55b56440a5a8..7e946c54681a 100644
--- a/drivers/pinctrl/pinconf-generic.c
+++ b/drivers/pinctrl/pinconf-generic.c
@@ -390,8 +390,10 @@ int pinconf_generic_dt_node_to_map(struct pinctrl_dev *pctldev,
for_each_available_child_of_node(np_config, np) {
ret = pinconf_generic_dt_subnode_to_map(pctldev, np, map,
&reserved_maps, num_maps, type);
- if (ret < 0)
+ if (ret < 0) {
+ of_node_put(np);
goto exit;
+ }
}
return 0;
--
2.35.1
^ permalink raw reply related [flat|nested] 529+ messages in thread
* [PATCH 4.19 118/521] media: dvb-core: Fix ignored return value in dvb_register_frontend()
2023-01-16 15:44 [PATCH 4.19 000/521] 4.19.270-rc1 review Greg Kroah-Hartman
` (116 preceding siblings ...)
2023-01-16 15:46 ` [PATCH 4.19 117/521] pinctrl: pinconf-generic: add missing of_node_put() Greg Kroah-Hartman
@ 2023-01-16 15:46 ` Greg Kroah-Hartman
2023-01-16 15:46 ` [PATCH 4.19 119/521] media: dvb-usb: az6027: fix null-ptr-deref in az6027_i2c_xfer() Greg Kroah-Hartman
` (406 subsequent siblings)
524 siblings, 0 replies; 529+ messages in thread
From: Greg Kroah-Hartman @ 2023-01-16 15:46 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Chen Zhongjin,
Mauro Carvalho Chehab, Sasha Levin
From: Chen Zhongjin <chenzhongjin@huawei.com>
[ Upstream commit a574359e2e71ce16be212df3a082ed60a4bd2c5f ]
In dvb_register_frontend(), dvb_register_device() is possible to fail
but its return value is ignored.
It will cause use-after-free when module is removed, because in
dvb_unregister_frontend() it tries to unregister a not registered
device.
BUG: KASAN: use-after-free in dvb_remove_device+0x18b/0x1f0 [dvb_core]
Read of size 4 at addr ffff88800dff4824 by task rmmod/428
CPU: 3 PID: 428 Comm: rmmod
Call Trace:
<TASK>
...
dvb_remove_device+0x18b/0x1f0 [dvb_core]
dvb_unregister_frontend+0x7b/0x130 [dvb_core]
vidtv_bridge_remove+0x6e/0x160 [dvb_vidtv_bridge]
...
Fix this by catching return value of dvb_register_device().
However the fe->refcount can't be put to zero immediately, because
there are still modules calling dvb_frontend_detach() when
dvb_register_frontend() fails.
Link: https://lore.kernel.org/linux-media/20221108033005.169095-1-chenzhongjin@huawei.com
Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2")
Signed-off-by: Chen Zhongjin <chenzhongjin@huawei.com>
Signed-off-by: Mauro Carvalho Chehab <mchehab@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/media/dvb-core/dvb_frontend.c | 8 +++++++-
1 file changed, 7 insertions(+), 1 deletion(-)
diff --git a/drivers/media/dvb-core/dvb_frontend.c b/drivers/media/dvb-core/dvb_frontend.c
index 8a61150ee249..1768c1b515b3 100644
--- a/drivers/media/dvb-core/dvb_frontend.c
+++ b/drivers/media/dvb-core/dvb_frontend.c
@@ -2956,6 +2956,7 @@ int dvb_register_frontend(struct dvb_adapter *dvb,
.name = fe->ops.info.name,
#endif
};
+ int ret;
dev_dbg(dvb->device, "%s:\n", __func__);
@@ -2989,8 +2990,13 @@ int dvb_register_frontend(struct dvb_adapter *dvb,
"DVB: registering adapter %i frontend %i (%s)...\n",
fe->dvb->num, fe->id, fe->ops.info.name);
- dvb_register_device(fe->dvb, &fepriv->dvbdev, &dvbdev_template,
+ ret = dvb_register_device(fe->dvb, &fepriv->dvbdev, &dvbdev_template,
fe, DVB_DEVICE_FRONTEND, 0);
+ if (ret) {
+ dvb_frontend_put(fe);
+ mutex_unlock(&frontend_mutex);
+ return ret;
+ }
/*
* Initialize the cache to the proper values according with the
--
2.35.1
^ permalink raw reply related [flat|nested] 529+ messages in thread
* [PATCH 4.19 119/521] media: dvb-usb: az6027: fix null-ptr-deref in az6027_i2c_xfer()
2023-01-16 15:44 [PATCH 4.19 000/521] 4.19.270-rc1 review Greg Kroah-Hartman
` (117 preceding siblings ...)
2023-01-16 15:46 ` [PATCH 4.19 118/521] media: dvb-core: Fix ignored return value in dvb_register_frontend() Greg Kroah-Hartman
@ 2023-01-16 15:46 ` Greg Kroah-Hartman
2023-01-16 15:46 ` [PATCH 4.19 120/521] media: s5p-mfc: Add variant data for MFC v7 hardware for Exynos 3250 SoC Greg Kroah-Hartman
` (405 subsequent siblings)
524 siblings, 0 replies; 529+ messages in thread
From: Greg Kroah-Hartman @ 2023-01-16 15:46 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Wei Chen, Baisong Zhong,
Mauro Carvalho Chehab, Sasha Levin
From: Baisong Zhong <zhongbaisong@huawei.com>
[ Upstream commit 0ed554fd769a19ea8464bb83e9ac201002ef74ad ]
Wei Chen reports a kernel bug as blew:
general protection fault, probably for non-canonical address
KASAN: null-ptr-deref in range [0x0000000000000010-0x0000000000000017]
...
Call Trace:
<TASK>
__i2c_transfer+0x77e/0x1930 drivers/i2c/i2c-core-base.c:2109
i2c_transfer+0x1d5/0x3d0 drivers/i2c/i2c-core-base.c:2170
i2cdev_ioctl_rdwr+0x393/0x660 drivers/i2c/i2c-dev.c:297
i2cdev_ioctl+0x75d/0x9f0 drivers/i2c/i2c-dev.c:458
vfs_ioctl fs/ioctl.c:51 [inline]
__do_sys_ioctl fs/ioctl.c:870 [inline]
__se_sys_ioctl+0xfb/0x170 fs/ioctl.c:856
do_syscall_x64 arch/x86/entry/common.c:50 [inline]
do_syscall_64+0x3d/0x90 arch/x86/entry/common.c:80
entry_SYSCALL_64_after_hwframe+0x63/0xcd
RIP: 0033:0x7fd834a8bded
In az6027_i2c_xfer(), if msg[i].addr is 0x99,
a null-ptr-deref will caused when accessing msg[i].buf.
For msg[i].len is 0 and msg[i].buf is null.
Fix this by checking msg[i].len in az6027_i2c_xfer().
Link: https://lore.kernel.org/lkml/CAO4mrfcPHB5aQJO=mpqV+p8mPLNg-Fok0gw8gZ=zemAfMGTzMg@mail.gmail.com/
Link: https://lore.kernel.org/linux-media/20221120065918.2160782-1-zhongbaisong@huawei.com
Fixes: 76f9a820c867 ("V4L/DVB: AZ6027: Initial import of the driver")
Reported-by: Wei Chen <harperchen1110@gmail.com>
Signed-off-by: Baisong Zhong <zhongbaisong@huawei.com>
Signed-off-by: Mauro Carvalho Chehab <mchehab@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/media/usb/dvb-usb/az6027.c | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/drivers/media/usb/dvb-usb/az6027.c b/drivers/media/usb/dvb-usb/az6027.c
index 990719727dc3..7d71ac7811eb 100644
--- a/drivers/media/usb/dvb-usb/az6027.c
+++ b/drivers/media/usb/dvb-usb/az6027.c
@@ -978,6 +978,10 @@ static int az6027_i2c_xfer(struct i2c_adapter *adap, struct i2c_msg msg[], int n
if (msg[i].addr == 0x99) {
req = 0xBE;
index = 0;
+ if (msg[i].len < 1) {
+ i = -EOPNOTSUPP;
+ break;
+ }
value = msg[i].buf[0] & 0x00ff;
length = 1;
az6027_usb_out_op(d, req, value, index, data, length);
--
2.35.1
^ permalink raw reply related [flat|nested] 529+ messages in thread
* [PATCH 4.19 120/521] media: s5p-mfc: Add variant data for MFC v7 hardware for Exynos 3250 SoC
2023-01-16 15:44 [PATCH 4.19 000/521] 4.19.270-rc1 review Greg Kroah-Hartman
` (118 preceding siblings ...)
2023-01-16 15:46 ` [PATCH 4.19 119/521] media: dvb-usb: az6027: fix null-ptr-deref in az6027_i2c_xfer() Greg Kroah-Hartman
@ 2023-01-16 15:46 ` Greg Kroah-Hartman
2023-01-16 15:46 ` [PATCH 4.19 121/521] drm/tegra: Add missing clk_disable_unprepare() in tegra_dc_probe() Greg Kroah-Hartman
` (404 subsequent siblings)
524 siblings, 0 replies; 529+ messages in thread
From: Greg Kroah-Hartman @ 2023-01-16 15:46 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Alim Akhtar, Aakarsh Jain,
Hans Verkuil, Mauro Carvalho Chehab, Sasha Levin
From: Aakarsh Jain <aakarsh.jain@samsung.com>
[ Upstream commit f50ebe10f5d8092c37e2bd430c78e03bf38b1e20 ]
Commit 5441e9dafdfc6dc40 ("[media] s5p-mfc: Core support for MFC v7")
which adds mfc v7 support for Exynos3250 and use the same compatible
string as used by Exynos5240 but both the IPs are a bit different in
terms of IP clock.
Add variant driver data based on the new compatible string
"samsung,exynos3250-mfc" for Exynos3250 SoC.
Suggested-by: Alim Akhtar <alim.akhtar@samsung.com>
Fixes: 5441e9dafdfc ("[media] s5p-mfc: Core support for MFC v7")
Signed-off-by: Aakarsh Jain <aakarsh.jain@samsung.com>
Reviewed-by: Alim Akhtar <alim.akhtar@samsung.com>
Signed-off-by: Hans Verkuil <hverkuil-cisco@xs4all.nl>
Signed-off-by: Mauro Carvalho Chehab <mchehab@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/media/platform/s5p-mfc/s5p_mfc.c | 17 +++++++++++++++--
1 file changed, 15 insertions(+), 2 deletions(-)
diff --git a/drivers/media/platform/s5p-mfc/s5p_mfc.c b/drivers/media/platform/s5p-mfc/s5p_mfc.c
index 0fc101bc58d6..684aa8491a38 100644
--- a/drivers/media/platform/s5p-mfc/s5p_mfc.c
+++ b/drivers/media/platform/s5p-mfc/s5p_mfc.c
@@ -1574,8 +1574,18 @@ static struct s5p_mfc_variant mfc_drvdata_v7 = {
.port_num = MFC_NUM_PORTS_V7,
.buf_size = &buf_size_v7,
.fw_name[0] = "s5p-mfc-v7.fw",
- .clk_names = {"mfc", "sclk_mfc"},
- .num_clocks = 2,
+ .clk_names = {"mfc"},
+ .num_clocks = 1,
+};
+
+static struct s5p_mfc_variant mfc_drvdata_v7_3250 = {
+ .version = MFC_VERSION_V7,
+ .version_bit = MFC_V7_BIT,
+ .port_num = MFC_NUM_PORTS_V7,
+ .buf_size = &buf_size_v7,
+ .fw_name[0] = "s5p-mfc-v7.fw",
+ .clk_names = {"mfc", "sclk_mfc"},
+ .num_clocks = 2,
};
static struct s5p_mfc_buf_size_v6 mfc_buf_size_v8 = {
@@ -1645,6 +1655,9 @@ static const struct of_device_id exynos_mfc_match[] = {
}, {
.compatible = "samsung,mfc-v7",
.data = &mfc_drvdata_v7,
+ }, {
+ .compatible = "samsung,exynos3250-mfc",
+ .data = &mfc_drvdata_v7_3250,
}, {
.compatible = "samsung,mfc-v8",
.data = &mfc_drvdata_v8,
--
2.35.1
^ permalink raw reply related [flat|nested] 529+ messages in thread
* [PATCH 4.19 121/521] drm/tegra: Add missing clk_disable_unprepare() in tegra_dc_probe()
2023-01-16 15:44 [PATCH 4.19 000/521] 4.19.270-rc1 review Greg Kroah-Hartman
` (119 preceding siblings ...)
2023-01-16 15:46 ` [PATCH 4.19 120/521] media: s5p-mfc: Add variant data for MFC v7 hardware for Exynos 3250 SoC Greg Kroah-Hartman
@ 2023-01-16 15:46 ` Greg Kroah-Hartman
2023-01-16 15:46 ` [PATCH 4.19 122/521] NFSv4.2: Fix a memory stomp in decode_attr_security_label Greg Kroah-Hartman
` (403 subsequent siblings)
524 siblings, 0 replies; 529+ messages in thread
From: Greg Kroah-Hartman @ 2023-01-16 15:46 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Zhang Zekun, Thierry Reding, Sasha Levin
From: Zhang Zekun <zhangzekun11@huawei.com>
[ Upstream commit 7ad4384d53c67672a8720cdc2ef638d7d1710ab8 ]
Add the missing clk_disable_unprepare() before return from
tegra_dc_probe() in the error handling path.
Fixes: f68ba6912bd2 ("drm/tegra: dc: Link DC1 to DC0 on Tegra20")
Signed-off-by: Zhang Zekun <zhangzekun11@huawei.com>
Signed-off-by: Thierry Reding <treding@nvidia.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/gpu/drm/tegra/dc.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/drivers/gpu/drm/tegra/dc.c b/drivers/gpu/drm/tegra/dc.c
index 03adb4cf325b..6c8b59a26675 100644
--- a/drivers/gpu/drm/tegra/dc.c
+++ b/drivers/gpu/drm/tegra/dc.c
@@ -2376,8 +2376,10 @@ static int tegra_dc_probe(struct platform_device *pdev)
usleep_range(2000, 4000);
err = reset_control_assert(dc->rst);
- if (err < 0)
+ if (err < 0) {
+ clk_disable_unprepare(dc->clk);
return err;
+ }
usleep_range(2000, 4000);
--
2.35.1
^ permalink raw reply related [flat|nested] 529+ messages in thread
* [PATCH 4.19 122/521] NFSv4.2: Fix a memory stomp in decode_attr_security_label
2023-01-16 15:44 [PATCH 4.19 000/521] 4.19.270-rc1 review Greg Kroah-Hartman
` (120 preceding siblings ...)
2023-01-16 15:46 ` [PATCH 4.19 121/521] drm/tegra: Add missing clk_disable_unprepare() in tegra_dc_probe() Greg Kroah-Hartman
@ 2023-01-16 15:46 ` Greg Kroah-Hartman
2023-01-16 15:46 ` [PATCH 4.19 123/521] NFSv4: Fix a deadlock between nfs4_open_recover_helper() and delegreturn Greg Kroah-Hartman
` (402 subsequent siblings)
524 siblings, 0 replies; 529+ messages in thread
From: Greg Kroah-Hartman @ 2023-01-16 15:46 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Trond Myklebust, Sasha Levin
From: Trond Myklebust <trond.myklebust@hammerspace.com>
[ Upstream commit 43c1031f7110967c240cb6e922adcfc4b8899183 ]
We must not change the value of label->len if it is zero, since that
indicates we stored a label.
Fixes: b4487b935452 ("nfs: Fix getxattr kernel panic and memory overflow")
Signed-off-by: Trond Myklebust <trond.myklebust@hammerspace.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
fs/nfs/nfs4xdr.c | 10 ++++------
1 file changed, 4 insertions(+), 6 deletions(-)
diff --git a/fs/nfs/nfs4xdr.c b/fs/nfs/nfs4xdr.c
index 56e48642c43e..f0021e3b8efd 100644
--- a/fs/nfs/nfs4xdr.c
+++ b/fs/nfs/nfs4xdr.c
@@ -4277,12 +4277,10 @@ static int decode_attr_security_label(struct xdr_stream *xdr, uint32_t *bitmap,
if (unlikely(!p))
goto out_overflow;
if (len < NFS4_MAXLABELLEN) {
- if (label) {
- if (label->len) {
- if (label->len < len)
- return -ERANGE;
- memcpy(label->label, p, len);
- }
+ if (label && label->len) {
+ if (label->len < len)
+ return -ERANGE;
+ memcpy(label->label, p, len);
label->len = len;
label->pi = pi;
label->lfs = lfs;
--
2.35.1
^ permalink raw reply related [flat|nested] 529+ messages in thread
* [PATCH 4.19 123/521] NFSv4: Fix a deadlock between nfs4_open_recover_helper() and delegreturn
2023-01-16 15:44 [PATCH 4.19 000/521] 4.19.270-rc1 review Greg Kroah-Hartman
` (121 preceding siblings ...)
2023-01-16 15:46 ` [PATCH 4.19 122/521] NFSv4.2: Fix a memory stomp in decode_attr_security_label Greg Kroah-Hartman
@ 2023-01-16 15:46 ` Greg Kroah-Hartman
2023-01-16 15:46 ` [PATCH 4.19 124/521] ALSA: asihpi: fix missing pci_disable_device() Greg Kroah-Hartman
` (401 subsequent siblings)
524 siblings, 0 replies; 529+ messages in thread
From: Greg Kroah-Hartman @ 2023-01-16 15:46 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Trond Myklebust, Sasha Levin
From: Trond Myklebust <trond.myklebust@hammerspace.com>
[ Upstream commit 51069e4aef6257b0454057359faed0ab0c9af083 ]
If we're asked to recover open state while a delegation return is
outstanding, then the state manager thread cannot use a cached open, so
if the server returns a delegation, we can end up deadlocked behind the
pending delegreturn.
To avoid this problem, let's just ask the server not to give us a
delegation unless we're explicitly reclaiming one.
Fixes: be36e185bd26 ("NFSv4: nfs4_open_recover_helper() must set share access")
Signed-off-by: Trond Myklebust <trond.myklebust@hammerspace.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
fs/nfs/nfs4proc.c | 19 ++++++++++++-------
1 file changed, 12 insertions(+), 7 deletions(-)
diff --git a/fs/nfs/nfs4proc.c b/fs/nfs/nfs4proc.c
index 9a0f48f7f2b8..250fa88303fa 100644
--- a/fs/nfs/nfs4proc.c
+++ b/fs/nfs/nfs4proc.c
@@ -1980,18 +1980,18 @@ static struct nfs4_opendata *nfs4_open_recoverdata_alloc(struct nfs_open_context
}
static int nfs4_open_recover_helper(struct nfs4_opendata *opendata,
- fmode_t fmode)
+ fmode_t fmode)
{
struct nfs4_state *newstate;
+ struct nfs_server *server = NFS_SB(opendata->dentry->d_sb);
+ int openflags = opendata->o_arg.open_flags;
int ret;
if (!nfs4_mode_match_open_stateid(opendata->state, fmode))
return 0;
- opendata->o_arg.open_flags = 0;
opendata->o_arg.fmode = fmode;
- opendata->o_arg.share_access = nfs4_map_atomic_open_share(
- NFS_SB(opendata->dentry->d_sb),
- fmode, 0);
+ opendata->o_arg.share_access =
+ nfs4_map_atomic_open_share(server, fmode, openflags);
memset(&opendata->o_res, 0, sizeof(opendata->o_res));
memset(&opendata->c_res, 0, sizeof(opendata->c_res));
nfs4_init_opendata_res(opendata);
@@ -2569,10 +2569,15 @@ static int _nfs4_open_expired(struct nfs_open_context *ctx, struct nfs4_state *s
struct nfs4_opendata *opendata;
int ret;
- opendata = nfs4_open_recoverdata_alloc(ctx, state,
- NFS4_OPEN_CLAIM_FH);
+ opendata = nfs4_open_recoverdata_alloc(ctx, state, NFS4_OPEN_CLAIM_FH);
if (IS_ERR(opendata))
return PTR_ERR(opendata);
+ /*
+ * We're not recovering a delegation, so ask for no delegation.
+ * Otherwise the recovery thread could deadlock with an outstanding
+ * delegation return.
+ */
+ opendata->o_arg.open_flags = O_DIRECT;
ret = nfs4_open_recover(opendata, state);
if (ret == -ESTALE)
d_drop(ctx->dentry);
--
2.35.1
^ permalink raw reply related [flat|nested] 529+ messages in thread
* [PATCH 4.19 124/521] ALSA: asihpi: fix missing pci_disable_device()
2023-01-16 15:44 [PATCH 4.19 000/521] 4.19.270-rc1 review Greg Kroah-Hartman
` (122 preceding siblings ...)
2023-01-16 15:46 ` [PATCH 4.19 123/521] NFSv4: Fix a deadlock between nfs4_open_recover_helper() and delegreturn Greg Kroah-Hartman
@ 2023-01-16 15:46 ` Greg Kroah-Hartman
2023-01-16 15:46 ` [PATCH 4.19 125/521] drm/radeon: Fix PCI device refcount leak in radeon_atrm_get_bios() Greg Kroah-Hartman
` (400 subsequent siblings)
524 siblings, 0 replies; 529+ messages in thread
From: Greg Kroah-Hartman @ 2023-01-16 15:46 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Liu Shixin, Takashi Iwai, Sasha Levin
From: Liu Shixin <liushixin2@huawei.com>
[ Upstream commit 9d86515c3d4c0564a0c31a2df87d735353a1971e ]
pci_disable_device() need be called while module exiting, switch to use
pcim_enable(), pci_disable_device() will be called in pcim_release().
Fixes: 3285ea10e9b0 ("ALSA: asihpi - Interrelated HPI tidy up.")
Signed-off-by: Liu Shixin <liushixin2@huawei.com>
Link: https://lore.kernel.org/r/20221126021429.3029562-1-liushixin2@huawei.com
Signed-off-by: Takashi Iwai <tiwai@suse.de>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
sound/pci/asihpi/hpioctl.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/sound/pci/asihpi/hpioctl.c b/sound/pci/asihpi/hpioctl.c
index 3f06986fbecf..d8c244a5dce0 100644
--- a/sound/pci/asihpi/hpioctl.c
+++ b/sound/pci/asihpi/hpioctl.c
@@ -359,7 +359,7 @@ int asihpi_adapter_probe(struct pci_dev *pci_dev,
pci_dev->device, pci_dev->subsystem_vendor,
pci_dev->subsystem_device, pci_dev->devfn);
- if (pci_enable_device(pci_dev) < 0) {
+ if (pcim_enable_device(pci_dev) < 0) {
dev_err(&pci_dev->dev,
"pci_enable_device failed, disabling device\n");
return -EIO;
--
2.35.1
^ permalink raw reply related [flat|nested] 529+ messages in thread
* [PATCH 4.19 125/521] drm/radeon: Fix PCI device refcount leak in radeon_atrm_get_bios()
2023-01-16 15:44 [PATCH 4.19 000/521] 4.19.270-rc1 review Greg Kroah-Hartman
` (123 preceding siblings ...)
2023-01-16 15:46 ` [PATCH 4.19 124/521] ALSA: asihpi: fix missing pci_disable_device() Greg Kroah-Hartman
@ 2023-01-16 15:46 ` Greg Kroah-Hartman
2023-01-16 15:46 ` [PATCH 4.19 126/521] drm/amdgpu: Fix PCI device refcount leak in amdgpu_atrm_get_bios() Greg Kroah-Hartman
` (399 subsequent siblings)
524 siblings, 0 replies; 529+ messages in thread
From: Greg Kroah-Hartman @ 2023-01-16 15:46 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Xiongfeng Wang, Alex Deucher, Sasha Levin
From: Xiongfeng Wang <wangxiongfeng2@huawei.com>
[ Upstream commit 725a521a18734f65de05b8d353b5bd0d3ca4c37a ]
As comment of pci_get_class() says, it returns a pci_device with its
refcount increased and decreased the refcount for the input parameter
@from if it is not NULL.
If we break the loop in radeon_atrm_get_bios() with 'pdev' not NULL, we
need to call pci_dev_put() to decrease the refcount. Add the missing
pci_dev_put() to avoid refcount leak.
Fixes: d8ade3526b2a ("drm/radeon: handle non-VGA class pci devices with ATRM")
Fixes: c61e2775873f ("drm/radeon: split ATRM support out from the ATPX handler (v3)")
Signed-off-by: Xiongfeng Wang <wangxiongfeng2@huawei.com>
Signed-off-by: Alex Deucher <alexander.deucher@amd.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/gpu/drm/radeon/radeon_bios.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/drivers/gpu/drm/radeon/radeon_bios.c b/drivers/gpu/drm/radeon/radeon_bios.c
index 8154d2d7fe9e..0246edecc61f 100644
--- a/drivers/gpu/drm/radeon/radeon_bios.c
+++ b/drivers/gpu/drm/radeon/radeon_bios.c
@@ -223,6 +223,7 @@ static bool radeon_atrm_get_bios(struct radeon_device *rdev)
if (!found)
return false;
+ pci_dev_put(pdev);
rdev->bios = kmalloc(size, GFP_KERNEL);
if (!rdev->bios) {
--
2.35.1
^ permalink raw reply related [flat|nested] 529+ messages in thread
* [PATCH 4.19 126/521] drm/amdgpu: Fix PCI device refcount leak in amdgpu_atrm_get_bios()
2023-01-16 15:44 [PATCH 4.19 000/521] 4.19.270-rc1 review Greg Kroah-Hartman
` (124 preceding siblings ...)
2023-01-16 15:46 ` [PATCH 4.19 125/521] drm/radeon: Fix PCI device refcount leak in radeon_atrm_get_bios() Greg Kroah-Hartman
@ 2023-01-16 15:46 ` Greg Kroah-Hartman
2023-01-16 15:46 ` [PATCH 4.19 127/521] ASoC: pcm512x: Fix PM disable depth imbalance in pcm512x_probe Greg Kroah-Hartman
` (398 subsequent siblings)
524 siblings, 0 replies; 529+ messages in thread
From: Greg Kroah-Hartman @ 2023-01-16 15:46 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Xiongfeng Wang, Alex Deucher, Sasha Levin
From: Xiongfeng Wang <wangxiongfeng2@huawei.com>
[ Upstream commit ca54639c7752edf1304d92ff4d0c049d4efc9ba0 ]
As comment of pci_get_class() says, it returns a pci_device with its
refcount increased and decreased the refcount for the input parameter
@from if it is not NULL.
If we break the loop in amdgpu_atrm_get_bios() with 'pdev' not NULL, we
need to call pci_dev_put() to decrease the refcount. Add the missing
pci_dev_put() to avoid refcount leak.
Fixes: d38ceaf99ed0 ("drm/amdgpu: add core driver (v4)")
Signed-off-by: Xiongfeng Wang <wangxiongfeng2@huawei.com>
Signed-off-by: Alex Deucher <alexander.deucher@amd.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/gpu/drm/amd/amdgpu/amdgpu_bios.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/drivers/gpu/drm/amd/amdgpu/amdgpu_bios.c b/drivers/gpu/drm/amd/amdgpu/amdgpu_bios.c
index 6cf3dd5edffd..c1e2e9912bf0 100644
--- a/drivers/gpu/drm/amd/amdgpu/amdgpu_bios.c
+++ b/drivers/gpu/drm/amd/amdgpu/amdgpu_bios.c
@@ -312,6 +312,7 @@ static bool amdgpu_atrm_get_bios(struct amdgpu_device *adev)
if (!found)
return false;
+ pci_dev_put(pdev);
adev->bios = kmalloc(size, GFP_KERNEL);
if (!adev->bios) {
--
2.35.1
^ permalink raw reply related [flat|nested] 529+ messages in thread
* [PATCH 4.19 127/521] ASoC: pcm512x: Fix PM disable depth imbalance in pcm512x_probe
2023-01-16 15:44 [PATCH 4.19 000/521] 4.19.270-rc1 review Greg Kroah-Hartman
` (125 preceding siblings ...)
2023-01-16 15:46 ` [PATCH 4.19 126/521] drm/amdgpu: Fix PCI device refcount leak in amdgpu_atrm_get_bios() Greg Kroah-Hartman
@ 2023-01-16 15:46 ` Greg Kroah-Hartman
2023-01-16 15:46 ` [PATCH 4.19 128/521] bonding: uninitialized variable in bond_miimon_inspect() Greg Kroah-Hartman
` (397 subsequent siblings)
524 siblings, 0 replies; 529+ messages in thread
From: Greg Kroah-Hartman @ 2023-01-16 15:46 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Zhang Qilong, Mark Brown, Sasha Levin
From: Zhang Qilong <zhangqilong3@huawei.com>
[ Upstream commit 97b801be6f8e53676b9f2b105f54e35c745c1b22 ]
The pm_runtime_enable will increase power disable depth. Thus
a pairing decrement is needed on the error handling path to
keep it balanced according to context. We fix it by going to
err_pm instead of err_clk.
Fixes:f086ba9d5389c ("ASoC: pcm512x: Support mastering BCLK/LRCLK using the PLL")
Signed-off-by: Zhang Qilong <zhangqilong3@huawei.com>
Link: https://lore.kernel.org/r/20220928160402.126140-1-zhangqilong3@huawei.com
Signed-off-by: Mark Brown <broonie@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
sound/soc/codecs/pcm512x.c | 8 ++++----
1 file changed, 4 insertions(+), 4 deletions(-)
diff --git a/sound/soc/codecs/pcm512x.c b/sound/soc/codecs/pcm512x.c
index 5272c81641c1..310cfceab41f 100644
--- a/sound/soc/codecs/pcm512x.c
+++ b/sound/soc/codecs/pcm512x.c
@@ -1471,7 +1471,7 @@ int pcm512x_probe(struct device *dev, struct regmap *regmap)
if (val > 6) {
dev_err(dev, "Invalid pll-in\n");
ret = -EINVAL;
- goto err_clk;
+ goto err_pm;
}
pcm512x->pll_in = val;
}
@@ -1480,7 +1480,7 @@ int pcm512x_probe(struct device *dev, struct regmap *regmap)
if (val > 6) {
dev_err(dev, "Invalid pll-out\n");
ret = -EINVAL;
- goto err_clk;
+ goto err_pm;
}
pcm512x->pll_out = val;
}
@@ -1489,12 +1489,12 @@ int pcm512x_probe(struct device *dev, struct regmap *regmap)
dev_err(dev,
"Error: both pll-in and pll-out, or none\n");
ret = -EINVAL;
- goto err_clk;
+ goto err_pm;
}
if (pcm512x->pll_in && pcm512x->pll_in == pcm512x->pll_out) {
dev_err(dev, "Error: pll-in == pll-out\n");
ret = -EINVAL;
- goto err_clk;
+ goto err_pm;
}
}
#endif
--
2.35.1
^ permalink raw reply related [flat|nested] 529+ messages in thread
* [PATCH 4.19 128/521] bonding: uninitialized variable in bond_miimon_inspect()
2023-01-16 15:44 [PATCH 4.19 000/521] 4.19.270-rc1 review Greg Kroah-Hartman
` (126 preceding siblings ...)
2023-01-16 15:46 ` [PATCH 4.19 127/521] ASoC: pcm512x: Fix PM disable depth imbalance in pcm512x_probe Greg Kroah-Hartman
@ 2023-01-16 15:46 ` Greg Kroah-Hartman
2023-01-16 15:46 ` [PATCH 4.19 129/521] wifi: mac80211: fix memory leak in ieee80211_if_add() Greg Kroah-Hartman
` (396 subsequent siblings)
524 siblings, 0 replies; 529+ messages in thread
From: Greg Kroah-Hartman @ 2023-01-16 15:46 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Dan Carpenter, Pavan Chebbi,
Jay Vosburgh, Paolo Abeni, Sasha Levin
From: Dan Carpenter <error27@gmail.com>
[ Upstream commit e5214f363dabca240446272dac54d404501ad5e5 ]
The "ignore_updelay" variable needs to be initialized to false.
Fixes: f8a65ab2f3ff ("bonding: fix link recovery in mode 2 when updelay is nonzero")
Signed-off-by: Dan Carpenter <error27@gmail.com>
Reviewed-by: Pavan Chebbi <pavan.chebbi@broadcom.com>
Acked-by: Jay Vosburgh <jay.vosburgh@canonical.com>
Link: https://lore.kernel.org/r/Y4SWJlh3ohJ6EPTL@kili
Signed-off-by: Paolo Abeni <pabeni@redhat.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/bonding/bond_main.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/net/bonding/bond_main.c b/drivers/net/bonding/bond_main.c
index 85efa0e0ee2c..4e4adacb5c2c 100644
--- a/drivers/net/bonding/bond_main.c
+++ b/drivers/net/bonding/bond_main.c
@@ -2096,10 +2096,10 @@ static int bond_slave_info_query(struct net_device *bond_dev, struct ifslave *in
/* called with rcu_read_lock() */
static int bond_miimon_inspect(struct bonding *bond)
{
+ bool ignore_updelay = false;
int link_state, commit = 0;
struct list_head *iter;
struct slave *slave;
- bool ignore_updelay;
ignore_updelay = !rcu_dereference(bond->curr_active_slave);
--
2.35.1
^ permalink raw reply related [flat|nested] 529+ messages in thread
* [PATCH 4.19 129/521] wifi: mac80211: fix memory leak in ieee80211_if_add()
2023-01-16 15:44 [PATCH 4.19 000/521] 4.19.270-rc1 review Greg Kroah-Hartman
` (127 preceding siblings ...)
2023-01-16 15:46 ` [PATCH 4.19 128/521] bonding: uninitialized variable in bond_miimon_inspect() Greg Kroah-Hartman
@ 2023-01-16 15:46 ` Greg Kroah-Hartman
2023-01-16 15:46 ` [PATCH 4.19 130/521] wifi: cfg80211: Fix not unregister reg_pdev when load_builtin_regdb_keys() fails Greg Kroah-Hartman
` (395 subsequent siblings)
524 siblings, 0 replies; 529+ messages in thread
From: Greg Kroah-Hartman @ 2023-01-16 15:46 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Zhengchao Shao, Johannes Berg, Sasha Levin
From: Zhengchao Shao <shaozhengchao@huawei.com>
[ Upstream commit 13e5afd3d773c6fc6ca2b89027befaaaa1ea7293 ]
When register_netdevice() failed in ieee80211_if_add(), ndev->tstats
isn't released. Fix it.
Fixes: 5a490510ba5f ("mac80211: use per-CPU TX/RX statistics")
Signed-off-by: Zhengchao Shao <shaozhengchao@huawei.com>
Link: https://lore.kernel.org/r/20221117064500.319983-1-shaozhengchao@huawei.com
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
net/mac80211/iface.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/net/mac80211/iface.c b/net/mac80211/iface.c
index 358028a09ce4..5d252d144cb9 100644
--- a/net/mac80211/iface.c
+++ b/net/mac80211/iface.c
@@ -1888,6 +1888,7 @@ int ieee80211_if_add(struct ieee80211_local *local, const char *name,
ret = register_netdevice(ndev);
if (ret) {
+ ieee80211_if_free(ndev);
free_netdev(ndev);
return ret;
}
--
2.35.1
^ permalink raw reply related [flat|nested] 529+ messages in thread
* [PATCH 4.19 130/521] wifi: cfg80211: Fix not unregister reg_pdev when load_builtin_regdb_keys() fails
2023-01-16 15:44 [PATCH 4.19 000/521] 4.19.270-rc1 review Greg Kroah-Hartman
` (128 preceding siblings ...)
2023-01-16 15:46 ` [PATCH 4.19 129/521] wifi: mac80211: fix memory leak in ieee80211_if_add() Greg Kroah-Hartman
@ 2023-01-16 15:46 ` Greg Kroah-Hartman
2023-01-16 15:46 ` [PATCH 4.19 131/521] regulator: core: fix module refcount leak in set_supply() Greg Kroah-Hartman
` (394 subsequent siblings)
524 siblings, 0 replies; 529+ messages in thread
From: Greg Kroah-Hartman @ 2023-01-16 15:46 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Chen Zhongjin, Johannes Berg, Sasha Levin
From: Chen Zhongjin <chenzhongjin@huawei.com>
[ Upstream commit 833a9fd28c9b7ccb39a334721379e992dc1c0c89 ]
In regulatory_init_db(), when it's going to return a error, reg_pdev
should be unregistered. When load_builtin_regdb_keys() fails it doesn't
do it and makes cfg80211 can't be reload with report:
sysfs: cannot create duplicate filename '/devices/platform/regulatory.0'
...
<TASK>
dump_stack_lvl+0x79/0x9b
sysfs_warn_dup.cold+0x1c/0x29
sysfs_create_dir_ns+0x22d/0x290
kobject_add_internal+0x247/0x800
kobject_add+0x135/0x1b0
device_add+0x389/0x1be0
platform_device_add+0x28f/0x790
platform_device_register_full+0x376/0x4b0
regulatory_init+0x9a/0x4b2 [cfg80211]
cfg80211_init+0x84/0x113 [cfg80211]
...
Fixes: 90a53e4432b1 ("cfg80211: implement regdb signature checking")
Signed-off-by: Chen Zhongjin <chenzhongjin@huawei.com>
Link: https://lore.kernel.org/r/20221109090237.214127-1-chenzhongjin@huawei.com
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
net/wireless/reg.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/net/wireless/reg.c b/net/wireless/reg.c
index 07d053603e3a..beba41f8a178 100644
--- a/net/wireless/reg.c
+++ b/net/wireless/reg.c
@@ -3918,8 +3918,10 @@ static int __init regulatory_init_db(void)
return -EINVAL;
err = load_builtin_regdb_keys();
- if (err)
+ if (err) {
+ platform_device_unregister(reg_pdev);
return err;
+ }
/* We always try to get an update for the static regdomain */
err = regulatory_hint_core(cfg80211_world_regdom->alpha2);
--
2.35.1
^ permalink raw reply related [flat|nested] 529+ messages in thread
* [PATCH 4.19 131/521] regulator: core: fix module refcount leak in set_supply()
2023-01-16 15:44 [PATCH 4.19 000/521] 4.19.270-rc1 review Greg Kroah-Hartman
` (129 preceding siblings ...)
2023-01-16 15:46 ` [PATCH 4.19 130/521] wifi: cfg80211: Fix not unregister reg_pdev when load_builtin_regdb_keys() fails Greg Kroah-Hartman
@ 2023-01-16 15:46 ` Greg Kroah-Hartman
2023-01-16 15:46 ` [PATCH 4.19 132/521] media: saa7164: fix missing pci_disable_device() Greg Kroah-Hartman
` (393 subsequent siblings)
524 siblings, 0 replies; 529+ messages in thread
From: Greg Kroah-Hartman @ 2023-01-16 15:46 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Yang Yingliang, Mark Brown, Sasha Levin
From: Yang Yingliang <yangyingliang@huawei.com>
[ Upstream commit da46ee19cbd8344d6860816b4827a7ce95764867 ]
If create_regulator() fails in set_supply(), the module refcount
needs be put to keep refcount balanced.
Fixes: e2c09ae7a74d ("regulator: core: Increase refcount for regulator supply's module")
Signed-off-by: Yang Yingliang <yangyingliang@huawei.com>
Link: https://lore.kernel.org/r/20221201122706.4055992-2-yangyingliang@huawei.com
Signed-off-by: Mark Brown <broonie@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/regulator/core.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/drivers/regulator/core.c b/drivers/regulator/core.c
index 07982143ec18..9cf438a37eeb 100644
--- a/drivers/regulator/core.c
+++ b/drivers/regulator/core.c
@@ -1241,6 +1241,7 @@ static int set_supply(struct regulator_dev *rdev,
rdev->supply = create_regulator(supply_rdev, &rdev->dev, "SUPPLY");
if (rdev->supply == NULL) {
+ module_put(supply_rdev->owner);
err = -ENOMEM;
return err;
}
--
2.35.1
^ permalink raw reply related [flat|nested] 529+ messages in thread
* [PATCH 4.19 132/521] media: saa7164: fix missing pci_disable_device()
2023-01-16 15:44 [PATCH 4.19 000/521] 4.19.270-rc1 review Greg Kroah-Hartman
` (130 preceding siblings ...)
2023-01-16 15:46 ` [PATCH 4.19 131/521] regulator: core: fix module refcount leak in set_supply() Greg Kroah-Hartman
@ 2023-01-16 15:46 ` Greg Kroah-Hartman
2023-01-16 15:46 ` [PATCH 4.19 133/521] ALSA: mts64: fix possible null-ptr-defer in snd_mts64_interrupt Greg Kroah-Hartman
` (392 subsequent siblings)
524 siblings, 0 replies; 529+ messages in thread
From: Greg Kroah-Hartman @ 2023-01-16 15:46 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Liu Shixin, Hans Verkuil,
Mauro Carvalho Chehab, Sasha Levin
From: Liu Shixin <liushixin2@huawei.com>
[ Upstream commit 57fb35d7542384cac8f198cd1c927540ad38b61a ]
Add missing pci_disable_device() in the error path in saa7164_initdev().
Fixes: 443c1228d505 ("V4L/DVB (12923): SAA7164: Add support for the NXP SAA7164 silicon")
Signed-off-by: Liu Shixin <liushixin2@huawei.com>
Signed-off-by: Hans Verkuil <hverkuil-cisco@xs4all.nl>
Signed-off-by: Mauro Carvalho Chehab <mchehab@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/media/pci/saa7164/saa7164-core.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/drivers/media/pci/saa7164/saa7164-core.c b/drivers/media/pci/saa7164/saa7164-core.c
index 5102519df108..dba9071e8507 100644
--- a/drivers/media/pci/saa7164/saa7164-core.c
+++ b/drivers/media/pci/saa7164/saa7164-core.c
@@ -1237,7 +1237,7 @@ static int saa7164_initdev(struct pci_dev *pci_dev,
if (saa7164_dev_setup(dev) < 0) {
err = -EINVAL;
- goto fail_free;
+ goto fail_dev;
}
/* print pci info */
@@ -1405,6 +1405,8 @@ static int saa7164_initdev(struct pci_dev *pci_dev,
fail_irq:
saa7164_dev_unregister(dev);
+fail_dev:
+ pci_disable_device(pci_dev);
fail_free:
v4l2_device_unregister(&dev->v4l2_dev);
kfree(dev);
--
2.35.1
^ permalink raw reply related [flat|nested] 529+ messages in thread
* [PATCH 4.19 133/521] ALSA: mts64: fix possible null-ptr-defer in snd_mts64_interrupt
2023-01-16 15:44 [PATCH 4.19 000/521] 4.19.270-rc1 review Greg Kroah-Hartman
` (131 preceding siblings ...)
2023-01-16 15:46 ` [PATCH 4.19 132/521] media: saa7164: fix missing pci_disable_device() Greg Kroah-Hartman
@ 2023-01-16 15:46 ` Greg Kroah-Hartman
2023-01-16 15:46 ` [PATCH 4.19 134/521] SUNRPC: Fix missing release socket in rpc_sockname() Greg Kroah-Hartman
` (391 subsequent siblings)
524 siblings, 0 replies; 529+ messages in thread
From: Greg Kroah-Hartman @ 2023-01-16 15:46 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Gaosheng Cui, Takashi Iwai, Sasha Levin
From: Gaosheng Cui <cuigaosheng1@huawei.com>
[ Upstream commit cf2ea3c86ad90d63d1c572b43e1ca9276b0357ad ]
I got a null-ptr-defer error report when I do the following tests
on the qemu platform:
make defconfig and CONFIG_PARPORT=m, CONFIG_PARPORT_PC=m,
CONFIG_SND_MTS64=m
Then making test scripts:
cat>test_mod1.sh<<EOF
modprobe snd-mts64
modprobe snd-mts64
EOF
Executing the script, perhaps several times, we will get a null-ptr-defer
report, as follow:
syzkaller:~# ./test_mod.sh
snd_mts64: probe of snd_mts64.0 failed with error -5
modprobe: ERROR: could not insert 'snd_mts64': No such device
BUG: kernel NULL pointer dereference, address: 0000000000000000
#PF: supervisor write access in kernel mode
#PF: error_code(0x0002) - not-present page
PGD 0 P4D 0
Oops: 0002 [#1] PREEMPT SMP PTI
CPU: 0 PID: 205 Comm: modprobe Not tainted 6.1.0-rc8-00588-g76dcd734eca2 #6
Call Trace:
<IRQ>
snd_mts64_interrupt+0x24/0xa0 [snd_mts64]
parport_irq_handler+0x37/0x50 [parport]
__handle_irq_event_percpu+0x39/0x190
handle_irq_event_percpu+0xa/0x30
handle_irq_event+0x2f/0x50
handle_edge_irq+0x99/0x1b0
__common_interrupt+0x5d/0x100
common_interrupt+0xa0/0xc0
</IRQ>
<TASK>
asm_common_interrupt+0x22/0x40
RIP: 0010:_raw_write_unlock_irqrestore+0x11/0x30
parport_claim+0xbd/0x230 [parport]
snd_mts64_probe+0x14a/0x465 [snd_mts64]
platform_probe+0x3f/0xa0
really_probe+0x129/0x2c0
__driver_probe_device+0x6d/0xc0
driver_probe_device+0x1a/0xa0
__device_attach_driver+0x7a/0xb0
bus_for_each_drv+0x62/0xb0
__device_attach+0xe4/0x180
bus_probe_device+0x82/0xa0
device_add+0x550/0x920
platform_device_add+0x106/0x220
snd_mts64_attach+0x2e/0x80 [snd_mts64]
port_check+0x14/0x20 [parport]
bus_for_each_dev+0x6e/0xc0
__parport_register_driver+0x7c/0xb0 [parport]
snd_mts64_module_init+0x31/0x1000 [snd_mts64]
do_one_initcall+0x3c/0x1f0
do_init_module+0x46/0x1c6
load_module+0x1d8d/0x1e10
__do_sys_finit_module+0xa2/0xf0
do_syscall_64+0x37/0x90
entry_SYSCALL_64_after_hwframe+0x63/0xcd
</TASK>
Kernel panic - not syncing: Fatal exception in interrupt
Rebooting in 1 seconds..
The mts wa not initialized during interrupt, we add check for
mts to fix this bug.
Fixes: 68ab801e32bb ("[ALSA] Add snd-mts64 driver for ESI Miditerminal 4140")
Signed-off-by: Gaosheng Cui <cuigaosheng1@huawei.com>
Link: https://lore.kernel.org/r/20221206061004.1222966-1-cuigaosheng1@huawei.com
Signed-off-by: Takashi Iwai <tiwai@suse.de>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
sound/drivers/mts64.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/sound/drivers/mts64.c b/sound/drivers/mts64.c
index b68e71ca7abd..7dceb1e1c3b4 100644
--- a/sound/drivers/mts64.c
+++ b/sound/drivers/mts64.c
@@ -830,6 +830,9 @@ static void snd_mts64_interrupt(void *private)
u8 status, data;
struct snd_rawmidi_substream *substream;
+ if (!mts)
+ return;
+
spin_lock(&mts->lock);
ret = mts64_read(mts->pardev->port);
data = ret & 0x00ff;
--
2.35.1
^ permalink raw reply related [flat|nested] 529+ messages in thread
* [PATCH 4.19 134/521] SUNRPC: Fix missing release socket in rpc_sockname()
2023-01-16 15:44 [PATCH 4.19 000/521] 4.19.270-rc1 review Greg Kroah-Hartman
` (132 preceding siblings ...)
2023-01-16 15:46 ` [PATCH 4.19 133/521] ALSA: mts64: fix possible null-ptr-defer in snd_mts64_interrupt Greg Kroah-Hartman
@ 2023-01-16 15:46 ` Greg Kroah-Hartman
2023-01-16 15:46 ` [PATCH 4.19 135/521] NFSv4.x: Fail client initialisation if state manager thread cant run Greg Kroah-Hartman
` (390 subsequent siblings)
524 siblings, 0 replies; 529+ messages in thread
From: Greg Kroah-Hartman @ 2023-01-16 15:46 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Wang ShaoBo, Trond Myklebust, Sasha Levin
From: Wang ShaoBo <bobo.shaobowang@huawei.com>
[ Upstream commit 50fa355bc0d75911fe9d5072a5ba52cdb803aff7 ]
socket dynamically created is not released when getting an unintended
address family type in rpc_sockname(), direct to out_release for calling
sock_release().
Fixes: 2e738fdce22f ("SUNRPC: Add API to acquire source address")
Signed-off-by: Wang ShaoBo <bobo.shaobowang@huawei.com>
Signed-off-by: Trond Myklebust <trond.myklebust@hammerspace.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
net/sunrpc/clnt.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/net/sunrpc/clnt.c b/net/sunrpc/clnt.c
index 0d7d149b1b1b..1946bd13d5df 100644
--- a/net/sunrpc/clnt.c
+++ b/net/sunrpc/clnt.c
@@ -1267,7 +1267,7 @@ static int rpc_sockname(struct net *net, struct sockaddr *sap, size_t salen,
break;
default:
err = -EAFNOSUPPORT;
- goto out;
+ goto out_release;
}
if (err < 0) {
dprintk("RPC: can't bind UDP socket (%d)\n", err);
--
2.35.1
^ permalink raw reply related [flat|nested] 529+ messages in thread
* [PATCH 4.19 135/521] NFSv4.x: Fail client initialisation if state manager thread cant run
2023-01-16 15:44 [PATCH 4.19 000/521] 4.19.270-rc1 review Greg Kroah-Hartman
` (133 preceding siblings ...)
2023-01-16 15:46 ` [PATCH 4.19 134/521] SUNRPC: Fix missing release socket in rpc_sockname() Greg Kroah-Hartman
@ 2023-01-16 15:46 ` Greg Kroah-Hartman
2023-01-16 15:46 ` [PATCH 4.19 136/521] mmc: moxart: fix return value check of mmc_add_host() Greg Kroah-Hartman
` (389 subsequent siblings)
524 siblings, 0 replies; 529+ messages in thread
From: Greg Kroah-Hartman @ 2023-01-16 15:46 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, ChenXiaoSong, Trond Myklebust, Sasha Levin
From: Trond Myklebust <trond.myklebust@hammerspace.com>
[ Upstream commit b4e4f66901658fae0614dea5bf91062a5387eda7 ]
If the state manager thread fails to start, then we should just mark the
client initialisation as failed so that other processes or threads don't
get stuck in nfs_wait_client_init_complete().
Reported-by: ChenXiaoSong <chenxiaosong2@huawei.com>
Fixes: 4697bd5e9419 ("NFSv4: Fix a race in the net namespace mount notification")
Signed-off-by: Trond Myklebust <trond.myklebust@hammerspace.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
fs/nfs/nfs4state.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/fs/nfs/nfs4state.c b/fs/nfs/nfs4state.c
index 5ab021f87ecf..b9fbd01ef4cf 100644
--- a/fs/nfs/nfs4state.c
+++ b/fs/nfs/nfs4state.c
@@ -1247,6 +1247,8 @@ void nfs4_schedule_state_manager(struct nfs_client *clp)
if (IS_ERR(task)) {
printk(KERN_ERR "%s: kthread_run: %ld\n",
__func__, PTR_ERR(task));
+ if (!nfs_client_init_is_complete(clp))
+ nfs_mark_client_ready(clp, PTR_ERR(task));
nfs4_clear_state_manager_bit(clp);
nfs_put_client(clp);
module_put(THIS_MODULE);
--
2.35.1
^ permalink raw reply related [flat|nested] 529+ messages in thread
* [PATCH 4.19 136/521] mmc: moxart: fix return value check of mmc_add_host()
2023-01-16 15:44 [PATCH 4.19 000/521] 4.19.270-rc1 review Greg Kroah-Hartman
` (134 preceding siblings ...)
2023-01-16 15:46 ` [PATCH 4.19 135/521] NFSv4.x: Fail client initialisation if state manager thread cant run Greg Kroah-Hartman
@ 2023-01-16 15:46 ` Greg Kroah-Hartman
2023-01-16 15:46 ` [PATCH 4.19 137/521] mmc: mxcmmc: " Greg Kroah-Hartman
` (388 subsequent siblings)
524 siblings, 0 replies; 529+ messages in thread
From: Greg Kroah-Hartman @ 2023-01-16 15:46 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Yang Yingliang, Ulf Hansson, Sasha Levin
From: Yang Yingliang <yangyingliang@huawei.com>
[ Upstream commit 0ca18d09c744fb030ae9bc5836c3e357e0237dea ]
mmc_add_host() may return error, if we ignore its return value, the memory
that allocated in mmc_alloc_host() will be leaked and it will lead a kernel
crash because of deleting not added device in the remove path.
So fix this by checking the return value and goto error path which will call
mmc_free_host().
Fixes: 1b66e94e6b99 ("mmc: moxart: Add MOXA ART SD/MMC driver")
Signed-off-by: Yang Yingliang <yangyingliang@huawei.com>
Link: https://lore.kernel.org/r/20221101063023.1664968-3-yangyingliang@huawei.com
Signed-off-by: Ulf Hansson <ulf.hansson@linaro.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/mmc/host/moxart-mmc.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/drivers/mmc/host/moxart-mmc.c b/drivers/mmc/host/moxart-mmc.c
index 1552d1f09c5c..52307dce08ba 100644
--- a/drivers/mmc/host/moxart-mmc.c
+++ b/drivers/mmc/host/moxart-mmc.c
@@ -660,7 +660,9 @@ static int moxart_probe(struct platform_device *pdev)
goto out;
dev_set_drvdata(dev, mmc);
- mmc_add_host(mmc);
+ ret = mmc_add_host(mmc);
+ if (ret)
+ goto out;
dev_dbg(dev, "IRQ=%d, FIFO is %d bytes\n", irq, host->fifo_width);
--
2.35.1
^ permalink raw reply related [flat|nested] 529+ messages in thread
* [PATCH 4.19 137/521] mmc: mxcmmc: fix return value check of mmc_add_host()
2023-01-16 15:44 [PATCH 4.19 000/521] 4.19.270-rc1 review Greg Kroah-Hartman
` (135 preceding siblings ...)
2023-01-16 15:46 ` [PATCH 4.19 136/521] mmc: moxart: fix return value check of mmc_add_host() Greg Kroah-Hartman
@ 2023-01-16 15:46 ` Greg Kroah-Hartman
2023-01-16 15:46 ` [PATCH 4.19 138/521] mmc: rtsx_usb_sdmmc: " Greg Kroah-Hartman
` (387 subsequent siblings)
524 siblings, 0 replies; 529+ messages in thread
From: Greg Kroah-Hartman @ 2023-01-16 15:46 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Yang Yingliang, Ulf Hansson, Sasha Levin
From: Yang Yingliang <yangyingliang@huawei.com>
[ Upstream commit cde600af7b413c9fe03e85c58c4279df90e91d13 ]
mmc_add_host() may return error, if we ignore its return value, the memory
that allocated in mmc_alloc_host() will be leaked and it will lead a kernel
crash because of deleting not added device in the remove path.
So fix this by checking the return value and goto error path which will call
mmc_free_host().
Fixes: d96be879ff46 ("mmc: Add a MX2/MX3 specific SDHC driver")
Signed-off-by: Yang Yingliang <yangyingliang@huawei.com>
Link: https://lore.kernel.org/r/20221101063023.1664968-4-yangyingliang@huawei.com
Signed-off-by: Ulf Hansson <ulf.hansson@linaro.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/mmc/host/mxcmmc.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/drivers/mmc/host/mxcmmc.c b/drivers/mmc/host/mxcmmc.c
index 2f604b312767..6215feb976e3 100644
--- a/drivers/mmc/host/mxcmmc.c
+++ b/drivers/mmc/host/mxcmmc.c
@@ -1167,7 +1167,9 @@ static int mxcmci_probe(struct platform_device *pdev)
timer_setup(&host->watchdog, mxcmci_watchdog, 0);
- mmc_add_host(mmc);
+ ret = mmc_add_host(mmc);
+ if (ret)
+ goto out_free_dma;
return 0;
--
2.35.1
^ permalink raw reply related [flat|nested] 529+ messages in thread
* [PATCH 4.19 138/521] mmc: rtsx_usb_sdmmc: fix return value check of mmc_add_host()
2023-01-16 15:44 [PATCH 4.19 000/521] 4.19.270-rc1 review Greg Kroah-Hartman
` (136 preceding siblings ...)
2023-01-16 15:46 ` [PATCH 4.19 137/521] mmc: mxcmmc: " Greg Kroah-Hartman
@ 2023-01-16 15:46 ` Greg Kroah-Hartman
2023-01-16 15:46 ` [PATCH 4.19 139/521] mmc: toshsd: " Greg Kroah-Hartman
` (386 subsequent siblings)
524 siblings, 0 replies; 529+ messages in thread
From: Greg Kroah-Hartman @ 2023-01-16 15:46 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Yang Yingliang, Ulf Hansson, Sasha Levin
From: Yang Yingliang <yangyingliang@huawei.com>
[ Upstream commit fc38a5a10e9e5a75eb9189854abeb8405b214cc9 ]
mmc_add_host() may return error, if we ignore its return value, the memory
that allocated in mmc_alloc_host() will be leaked and it will lead a kernel
crash because of deleting not added device in the remove path.
So fix this by checking the return value and calling mmc_free_host() in the
error path, besides, led_classdev_unregister() and pm_runtime_disable() also
need be called.
Fixes: c7f6558d84af ("mmc: Add realtek USB sdmmc host driver")
Signed-off-by: Yang Yingliang <yangyingliang@huawei.com>
Link: https://lore.kernel.org/r/20221101063023.1664968-7-yangyingliang@huawei.com
Signed-off-by: Ulf Hansson <ulf.hansson@linaro.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/mmc/host/rtsx_usb_sdmmc.c | 11 ++++++++++-
1 file changed, 10 insertions(+), 1 deletion(-)
diff --git a/drivers/mmc/host/rtsx_usb_sdmmc.c b/drivers/mmc/host/rtsx_usb_sdmmc.c
index 9a3ff22dd0fe..1e5f54054a53 100644
--- a/drivers/mmc/host/rtsx_usb_sdmmc.c
+++ b/drivers/mmc/host/rtsx_usb_sdmmc.c
@@ -1344,6 +1344,7 @@ static int rtsx_usb_sdmmc_drv_probe(struct platform_device *pdev)
#ifdef RTSX_USB_USE_LEDS_CLASS
int err;
#endif
+ int ret;
ucr = usb_get_intfdata(to_usb_interface(pdev->dev.parent));
if (!ucr)
@@ -1382,7 +1383,15 @@ static int rtsx_usb_sdmmc_drv_probe(struct platform_device *pdev)
INIT_WORK(&host->led_work, rtsx_usb_update_led);
#endif
- mmc_add_host(mmc);
+ ret = mmc_add_host(mmc);
+ if (ret) {
+#ifdef RTSX_USB_USE_LEDS_CLASS
+ led_classdev_unregister(&host->led);
+#endif
+ mmc_free_host(mmc);
+ pm_runtime_disable(&pdev->dev);
+ return ret;
+ }
return 0;
}
--
2.35.1
^ permalink raw reply related [flat|nested] 529+ messages in thread
* [PATCH 4.19 139/521] mmc: toshsd: fix return value check of mmc_add_host()
2023-01-16 15:44 [PATCH 4.19 000/521] 4.19.270-rc1 review Greg Kroah-Hartman
` (137 preceding siblings ...)
2023-01-16 15:46 ` [PATCH 4.19 138/521] mmc: rtsx_usb_sdmmc: " Greg Kroah-Hartman
@ 2023-01-16 15:46 ` Greg Kroah-Hartman
2023-01-16 15:46 ` [PATCH 4.19 140/521] mmc: vub300: " Greg Kroah-Hartman
` (385 subsequent siblings)
524 siblings, 0 replies; 529+ messages in thread
From: Greg Kroah-Hartman @ 2023-01-16 15:46 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Yang Yingliang, Ulf Hansson, Sasha Levin
From: Yang Yingliang <yangyingliang@huawei.com>
[ Upstream commit f670744a316ea983113a65313dcd387b5a992444 ]
mmc_add_host() may return error, if we ignore its return value, the memory
that allocated in mmc_alloc_host() will be leaked and it will lead a kernel
crash because of deleting not added device in the remove path.
So fix this by checking the return value and goto error path which will call
mmc_free_host(), besides, free_irq() also needs be called.
Fixes: a5eb8bbd66cc ("mmc: add Toshiba PCI SD controller driver")
Signed-off-by: Yang Yingliang <yangyingliang@huawei.com>
Link: https://lore.kernel.org/r/20221101063023.1664968-8-yangyingliang@huawei.com
Signed-off-by: Ulf Hansson <ulf.hansson@linaro.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/mmc/host/toshsd.c | 6 +++++-
1 file changed, 5 insertions(+), 1 deletion(-)
diff --git a/drivers/mmc/host/toshsd.c b/drivers/mmc/host/toshsd.c
index dd961c54a6a9..9236965b00fd 100644
--- a/drivers/mmc/host/toshsd.c
+++ b/drivers/mmc/host/toshsd.c
@@ -655,7 +655,9 @@ static int toshsd_probe(struct pci_dev *pdev, const struct pci_device_id *ent)
if (ret)
goto unmap;
- mmc_add_host(mmc);
+ ret = mmc_add_host(mmc);
+ if (ret)
+ goto free_irq;
base = pci_resource_start(pdev, 0);
dev_dbg(&pdev->dev, "MMIO %pa, IRQ %d\n", &base, pdev->irq);
@@ -664,6 +666,8 @@ static int toshsd_probe(struct pci_dev *pdev, const struct pci_device_id *ent)
return 0;
+free_irq:
+ free_irq(pdev->irq, host);
unmap:
pci_iounmap(pdev, host->ioaddr);
release:
--
2.35.1
^ permalink raw reply related [flat|nested] 529+ messages in thread
* [PATCH 4.19 140/521] mmc: vub300: fix return value check of mmc_add_host()
2023-01-16 15:44 [PATCH 4.19 000/521] 4.19.270-rc1 review Greg Kroah-Hartman
` (138 preceding siblings ...)
2023-01-16 15:46 ` [PATCH 4.19 139/521] mmc: toshsd: " Greg Kroah-Hartman
@ 2023-01-16 15:46 ` Greg Kroah-Hartman
2023-01-16 15:46 ` [PATCH 4.19 141/521] mmc: wmt-sdmmc: " Greg Kroah-Hartman
` (384 subsequent siblings)
524 siblings, 0 replies; 529+ messages in thread
From: Greg Kroah-Hartman @ 2023-01-16 15:46 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Yang Yingliang, Ulf Hansson, Sasha Levin
From: Yang Yingliang <yangyingliang@huawei.com>
[ Upstream commit 0613ad2401f88bdeae5594c30afe318e93b14676 ]
mmc_add_host() may return error, if we ignore its return value, the memory
that allocated in mmc_alloc_host() will be leaked and it will lead a kernel
crash because of deleting not added device in the remove path.
So fix this by checking the return value and goto error path which will call
mmc_free_host(), besides, the timer added before mmc_add_host() needs be del.
And this patch fixes another missing call mmc_free_host() if usb_control_msg()
fails.
Fixes: 88095e7b473a ("mmc: Add new VUB300 USB-to-SD/SDIO/MMC driver")
Signed-off-by: Yang Yingliang <yangyingliang@huawei.com>
Link: https://lore.kernel.org/r/20221101063023.1664968-9-yangyingliang@huawei.com
Signed-off-by: Ulf Hansson <ulf.hansson@linaro.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/mmc/host/vub300.c | 11 ++++++++---
1 file changed, 8 insertions(+), 3 deletions(-)
diff --git a/drivers/mmc/host/vub300.c b/drivers/mmc/host/vub300.c
index aa8905753be3..59768cc18ac1 100644
--- a/drivers/mmc/host/vub300.c
+++ b/drivers/mmc/host/vub300.c
@@ -2309,14 +2309,14 @@ static int vub300_probe(struct usb_interface *interface,
0x0000, 0x0000, &vub300->system_port_status,
sizeof(vub300->system_port_status), 1000);
if (retval < 0) {
- goto error4;
+ goto error5;
} else if (sizeof(vub300->system_port_status) == retval) {
vub300->card_present =
(0x0001 & vub300->system_port_status.port_flags) ? 1 : 0;
vub300->read_only =
(0x0010 & vub300->system_port_status.port_flags) ? 1 : 0;
} else {
- goto error4;
+ goto error5;
}
usb_set_intfdata(interface, vub300);
INIT_DELAYED_WORK(&vub300->pollwork, vub300_pollwork_thread);
@@ -2339,8 +2339,13 @@ static int vub300_probe(struct usb_interface *interface,
"USB vub300 remote SDIO host controller[%d]"
"connected with no SD/SDIO card inserted\n",
interface_to_InterfaceNumber(interface));
- mmc_add_host(mmc);
+ retval = mmc_add_host(mmc);
+ if (retval)
+ goto error6;
+
return 0;
+error6:
+ del_timer_sync(&vub300->inactivity_timer);
error5:
mmc_free_host(mmc);
/*
--
2.35.1
^ permalink raw reply related [flat|nested] 529+ messages in thread
* [PATCH 4.19 141/521] mmc: wmt-sdmmc: fix return value check of mmc_add_host()
2023-01-16 15:44 [PATCH 4.19 000/521] 4.19.270-rc1 review Greg Kroah-Hartman
` (139 preceding siblings ...)
2023-01-16 15:46 ` [PATCH 4.19 140/521] mmc: vub300: " Greg Kroah-Hartman
@ 2023-01-16 15:46 ` Greg Kroah-Hartman
2023-01-16 15:46 ` [PATCH 4.19 142/521] mmc: atmel-mci: " Greg Kroah-Hartman
` (383 subsequent siblings)
524 siblings, 0 replies; 529+ messages in thread
From: Greg Kroah-Hartman @ 2023-01-16 15:46 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Yang Yingliang, Ulf Hansson, Sasha Levin
From: Yang Yingliang <yangyingliang@huawei.com>
[ Upstream commit 29276d56f6ed138db0f38cd31aedc0b725c8c76c ]
mmc_add_host() may return error, if we ignore its return value, the memory
that allocated in mmc_alloc_host() will be leaked and it will lead a kernel
crash because of deleting not added device in the remove path.
So fix this by checking the return value and goto error path which will call
mmc_free_host(), besides, clk_disable_unprepare() also needs be called.
Fixes: 3a96dff0f828 ("mmc: SD/MMC Host Controller for Wondermedia WM8505/WM8650")
Signed-off-by: Yang Yingliang <yangyingliang@huawei.com>
Link: https://lore.kernel.org/r/20221101063023.1664968-10-yangyingliang@huawei.com
Signed-off-by: Ulf Hansson <ulf.hansson@linaro.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/mmc/host/wmt-sdmmc.c | 6 +++++-
1 file changed, 5 insertions(+), 1 deletion(-)
diff --git a/drivers/mmc/host/wmt-sdmmc.c b/drivers/mmc/host/wmt-sdmmc.c
index f8b169684693..a132bc822b5c 100644
--- a/drivers/mmc/host/wmt-sdmmc.c
+++ b/drivers/mmc/host/wmt-sdmmc.c
@@ -863,11 +863,15 @@ static int wmt_mci_probe(struct platform_device *pdev)
/* configure the controller to a known 'ready' state */
wmt_reset_hardware(mmc);
- mmc_add_host(mmc);
+ ret = mmc_add_host(mmc);
+ if (ret)
+ goto fail7;
dev_info(&pdev->dev, "WMT SDHC Controller initialized\n");
return 0;
+fail7:
+ clk_disable_unprepare(priv->clk_sdmmc);
fail6:
clk_put(priv->clk_sdmmc);
fail5_and_a_half:
--
2.35.1
^ permalink raw reply related [flat|nested] 529+ messages in thread
* [PATCH 4.19 142/521] mmc: atmel-mci: fix return value check of mmc_add_host()
2023-01-16 15:44 [PATCH 4.19 000/521] 4.19.270-rc1 review Greg Kroah-Hartman
` (140 preceding siblings ...)
2023-01-16 15:46 ` [PATCH 4.19 141/521] mmc: wmt-sdmmc: " Greg Kroah-Hartman
@ 2023-01-16 15:46 ` Greg Kroah-Hartman
2023-01-16 15:46 ` [PATCH 4.19 143/521] mmc: meson-gx: " Greg Kroah-Hartman
` (382 subsequent siblings)
524 siblings, 0 replies; 529+ messages in thread
From: Greg Kroah-Hartman @ 2023-01-16 15:46 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Yang Yingliang, Ulf Hansson, Sasha Levin
From: Yang Yingliang <yangyingliang@huawei.com>
[ Upstream commit 9e6e8c43726673ca2abcaac87640b9215fd72f4c ]
mmc_add_host() may return error, if we ignore its return value,
it will lead two issues:
1. The memory that allocated in mmc_alloc_host() is leaked.
2. In the remove() path, mmc_remove_host() will be called to
delete device, but it's not added yet, it will lead a kernel
crash because of null-ptr-deref in device_del().
So fix this by checking the return value and calling mmc_free_host()
in the error path.
Fixes: 7d2be0749a59 ("atmel-mci: Driver for Atmel on-chip MMC controllers")
Signed-off-by: Yang Yingliang <yangyingliang@huawei.com>
Link: https://lore.kernel.org/r/20221108122819.429975-1-yangyingliang@huawei.com
Signed-off-by: Ulf Hansson <ulf.hansson@linaro.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/mmc/host/atmel-mci.c | 9 ++++++---
1 file changed, 6 insertions(+), 3 deletions(-)
diff --git a/drivers/mmc/host/atmel-mci.c b/drivers/mmc/host/atmel-mci.c
index fbc56ee99682..d40bab3d9f4a 100644
--- a/drivers/mmc/host/atmel-mci.c
+++ b/drivers/mmc/host/atmel-mci.c
@@ -2262,6 +2262,7 @@ static int atmci_init_slot(struct atmel_mci *host,
{
struct mmc_host *mmc;
struct atmel_mci_slot *slot;
+ int ret;
mmc = mmc_alloc_host(sizeof(struct atmel_mci_slot), &host->pdev->dev);
if (!mmc)
@@ -2342,11 +2343,13 @@ static int atmci_init_slot(struct atmel_mci *host,
host->slot[id] = slot;
mmc_regulator_get_supply(mmc);
- mmc_add_host(mmc);
+ ret = mmc_add_host(mmc);
+ if (ret) {
+ mmc_free_host(mmc);
+ return ret;
+ }
if (gpio_is_valid(slot->detect_pin)) {
- int ret;
-
timer_setup(&slot->detect_timer, atmci_detect_change, 0);
ret = request_irq(gpio_to_irq(slot->detect_pin),
--
2.35.1
^ permalink raw reply related [flat|nested] 529+ messages in thread
* [PATCH 4.19 143/521] mmc: meson-gx: fix return value check of mmc_add_host()
2023-01-16 15:44 [PATCH 4.19 000/521] 4.19.270-rc1 review Greg Kroah-Hartman
` (141 preceding siblings ...)
2023-01-16 15:46 ` [PATCH 4.19 142/521] mmc: atmel-mci: " Greg Kroah-Hartman
@ 2023-01-16 15:46 ` Greg Kroah-Hartman
2023-01-16 15:46 ` [PATCH 4.19 144/521] mmc: via-sdmmc: " Greg Kroah-Hartman
` (381 subsequent siblings)
524 siblings, 0 replies; 529+ messages in thread
From: Greg Kroah-Hartman @ 2023-01-16 15:46 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Yang Yingliang, Neil Armstrong,
Ulf Hansson, Sasha Levin
From: Yang Yingliang <yangyingliang@huawei.com>
[ Upstream commit 90935f16f2650ab7416fa2ffbe5c28cb39cf3f1e ]
mmc_add_host() may return error, if we ignore its return value,
it will lead two issues:
1. The memory that allocated in mmc_alloc_host() is leaked.
2. In the remove() path, mmc_remove_host() will be called to
delete device, but it's not added yet, it will lead a kernel
crash because of null-ptr-deref in device_del().
Fix this by checking the return value and goto error path which
will call mmc_free_host().
Fixes: 51c5d8447bd7 ("MMC: meson: initial support for GX platforms")
Signed-off-by: Yang Yingliang <yangyingliang@huawei.com>
Reviewed-by: Neil Armstrong <neil.armstrong@linaro.org>
Link: https://lore.kernel.org/r/20221108123417.479045-1-yangyingliang@huawei.com
Signed-off-by: Ulf Hansson <ulf.hansson@linaro.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/mmc/host/meson-gx-mmc.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/drivers/mmc/host/meson-gx-mmc.c b/drivers/mmc/host/meson-gx-mmc.c
index 72f34a58928c..dba98c2886f2 100644
--- a/drivers/mmc/host/meson-gx-mmc.c
+++ b/drivers/mmc/host/meson-gx-mmc.c
@@ -1370,7 +1370,9 @@ static int meson_mmc_probe(struct platform_device *pdev)
}
mmc->ops = &meson_mmc_ops;
- mmc_add_host(mmc);
+ ret = mmc_add_host(mmc);
+ if (ret)
+ goto err_free_irq;
return 0;
--
2.35.1
^ permalink raw reply related [flat|nested] 529+ messages in thread
* [PATCH 4.19 144/521] mmc: via-sdmmc: fix return value check of mmc_add_host()
2023-01-16 15:44 [PATCH 4.19 000/521] 4.19.270-rc1 review Greg Kroah-Hartman
` (142 preceding siblings ...)
2023-01-16 15:46 ` [PATCH 4.19 143/521] mmc: meson-gx: " Greg Kroah-Hartman
@ 2023-01-16 15:46 ` Greg Kroah-Hartman
2023-01-16 15:46 ` [PATCH 4.19 145/521] mmc: wbsd: " Greg Kroah-Hartman
` (380 subsequent siblings)
524 siblings, 0 replies; 529+ messages in thread
From: Greg Kroah-Hartman @ 2023-01-16 15:46 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Yang Yingliang, Ulf Hansson, Sasha Levin
From: Yang Yingliang <yangyingliang@huawei.com>
[ Upstream commit e4e46fb61e3bb4628170810d3f2b996b709b90d9 ]
mmc_add_host() may return error, if we ignore its return value,
it will lead two issues:
1. The memory that allocated in mmc_alloc_host() is leaked.
2. In the remove() path, mmc_remove_host() will be called to
delete device, but it's not added yet, it will lead a kernel
crash because of null-ptr-deref in device_del().
Fix this by checking the return value and goto error path which
will call mmc_free_host().
Fixes: f0bf7f61b840 ("mmc: Add new via-sdmmc host controller driver")
Signed-off-by: Yang Yingliang <yangyingliang@huawei.com>
Link: https://lore.kernel.org/r/20221108130949.1067699-1-yangyingliang@huawei.com
Signed-off-by: Ulf Hansson <ulf.hansson@linaro.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/mmc/host/via-sdmmc.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/drivers/mmc/host/via-sdmmc.c b/drivers/mmc/host/via-sdmmc.c
index 1b66466d2ed4..b78e96b5289b 100644
--- a/drivers/mmc/host/via-sdmmc.c
+++ b/drivers/mmc/host/via-sdmmc.c
@@ -1166,7 +1166,9 @@ static int via_sd_probe(struct pci_dev *pcidev,
pcidev->subsystem_device == 0x3891)
sdhost->quirks = VIA_CRDR_QUIRK_300MS_PWRDELAY;
- mmc_add_host(mmc);
+ ret = mmc_add_host(mmc);
+ if (ret)
+ goto unmap;
return 0;
--
2.35.1
^ permalink raw reply related [flat|nested] 529+ messages in thread
* [PATCH 4.19 145/521] mmc: wbsd: fix return value check of mmc_add_host()
2023-01-16 15:44 [PATCH 4.19 000/521] 4.19.270-rc1 review Greg Kroah-Hartman
` (143 preceding siblings ...)
2023-01-16 15:46 ` [PATCH 4.19 144/521] mmc: via-sdmmc: " Greg Kroah-Hartman
@ 2023-01-16 15:46 ` Greg Kroah-Hartman
2023-01-16 15:46 ` [PATCH 4.19 146/521] mmc: mmci: " Greg Kroah-Hartman
` (379 subsequent siblings)
524 siblings, 0 replies; 529+ messages in thread
From: Greg Kroah-Hartman @ 2023-01-16 15:46 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Yang Yingliang, Ulf Hansson, Sasha Levin
From: Yang Yingliang <yangyingliang@huawei.com>
[ Upstream commit dc5b9b50fc9d1334407e316e6e29a5097ef833bd ]
mmc_add_host() may return error, if we ignore its return value,
it will lead two issues:
1. The memory that allocated in mmc_alloc_host() is leaked.
2. In the remove() path, mmc_remove_host() will be called to
delete device, but it's not added yet, it will lead a kernel
crash because of null-ptr-deref in device_del().
So fix this by checking the return value and goto error path which
will call mmc_free_host(), besides, other resources also need be
released.
Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2")
Signed-off-by: Yang Yingliang <yangyingliang@huawei.com>
Link: https://lore.kernel.org/r/20221109133237.3273558-1-yangyingliang@huawei.com
Signed-off-by: Ulf Hansson <ulf.hansson@linaro.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/mmc/host/wbsd.c | 12 +++++++++++-
1 file changed, 11 insertions(+), 1 deletion(-)
diff --git a/drivers/mmc/host/wbsd.c b/drivers/mmc/host/wbsd.c
index 1e54bbf13d75..9b15431d961c 100644
--- a/drivers/mmc/host/wbsd.c
+++ b/drivers/mmc/host/wbsd.c
@@ -1706,7 +1706,17 @@ static int wbsd_init(struct device *dev, int base, int irq, int dma,
*/
wbsd_init_device(host);
- mmc_add_host(mmc);
+ ret = mmc_add_host(mmc);
+ if (ret) {
+ if (!pnp)
+ wbsd_chip_poweroff(host);
+
+ wbsd_release_resources(host);
+ wbsd_free_mmc(dev);
+
+ mmc_free_host(mmc);
+ return ret;
+ }
pr_info("%s: W83L51xD", mmc_hostname(mmc));
if (host->chip_id != 0)
--
2.35.1
^ permalink raw reply related [flat|nested] 529+ messages in thread
* [PATCH 4.19 146/521] mmc: mmci: fix return value check of mmc_add_host()
2023-01-16 15:44 [PATCH 4.19 000/521] 4.19.270-rc1 review Greg Kroah-Hartman
` (144 preceding siblings ...)
2023-01-16 15:46 ` [PATCH 4.19 145/521] mmc: wbsd: " Greg Kroah-Hartman
@ 2023-01-16 15:46 ` Greg Kroah-Hartman
2023-01-16 15:46 ` [PATCH 4.19 147/521] media: c8sectpfe: Add of_node_put() when breaking out of loop Greg Kroah-Hartman
` (378 subsequent siblings)
524 siblings, 0 replies; 529+ messages in thread
From: Greg Kroah-Hartman @ 2023-01-16 15:46 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Yang Yingliang, Ulf Hansson, Sasha Levin
From: Yang Yingliang <yangyingliang@huawei.com>
[ Upstream commit b38a20f29a49ae04d23750d104b25400b792b98c ]
mmc_add_host() may return error, if we ignore its return value,
it will lead two issues:
1. The memory that allocated in mmc_alloc_host() is leaked.
2. In the remove() path, mmc_remove_host() will be called to
delete device, but it's not added yet, it will lead a kernel
crash because of null-ptr-deref in device_del().
So fix this by checking the return value and goto error path which
will call mmc_free_host().
Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2")
Signed-off-by: Yang Yingliang <yangyingliang@huawei.com>
Link: https://lore.kernel.org/r/20221109133539.3275664-1-yangyingliang@huawei.com
Signed-off-by: Ulf Hansson <ulf.hansson@linaro.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/mmc/host/mmci.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/drivers/mmc/host/mmci.c b/drivers/mmc/host/mmci.c
index fa6268c0f123..434ba4a39ded 100644
--- a/drivers/mmc/host/mmci.c
+++ b/drivers/mmc/host/mmci.c
@@ -1808,7 +1808,9 @@ static int mmci_probe(struct amba_device *dev,
pm_runtime_set_autosuspend_delay(&dev->dev, 50);
pm_runtime_use_autosuspend(&dev->dev);
- mmc_add_host(mmc);
+ ret = mmc_add_host(mmc);
+ if (ret)
+ goto clk_disable;
pm_runtime_put(&dev->dev);
return 0;
--
2.35.1
^ permalink raw reply related [flat|nested] 529+ messages in thread
* [PATCH 4.19 147/521] media: c8sectpfe: Add of_node_put() when breaking out of loop
2023-01-16 15:44 [PATCH 4.19 000/521] 4.19.270-rc1 review Greg Kroah-Hartman
` (145 preceding siblings ...)
2023-01-16 15:46 ` [PATCH 4.19 146/521] mmc: mmci: " Greg Kroah-Hartman
@ 2023-01-16 15:46 ` Greg Kroah-Hartman
2023-01-16 15:46 ` [PATCH 4.19 148/521] media: coda: Add check for dcoda_iram_alloc Greg Kroah-Hartman
` (377 subsequent siblings)
524 siblings, 0 replies; 529+ messages in thread
From: Greg Kroah-Hartman @ 2023-01-16 15:46 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Liang He, Hans Verkuil, Sasha Levin
From: Liang He <windhl@126.com>
[ Upstream commit 63ff05a1ad242a5a0f897921c87b70d601bda59c ]
In configure_channels(), we should call of_node_put() when breaking
out of for_each_child_of_node() which will automatically increase
and decrease the refcount.
Fixes: c5f5d0f99794 ("[media] c8sectpfe: STiH407/10 Linux DVB demux support")
Signed-off-by: Liang He <windhl@126.com>
Signed-off-by: Hans Verkuil <hverkuil-cisco@xs4all.nl>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/media/platform/sti/c8sectpfe/c8sectpfe-core.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/drivers/media/platform/sti/c8sectpfe/c8sectpfe-core.c b/drivers/media/platform/sti/c8sectpfe/c8sectpfe-core.c
index 3c05b3dc49ec..98c14565bbfd 100644
--- a/drivers/media/platform/sti/c8sectpfe/c8sectpfe-core.c
+++ b/drivers/media/platform/sti/c8sectpfe/c8sectpfe-core.c
@@ -943,6 +943,7 @@ static int configure_channels(struct c8sectpfei *fei)
if (ret) {
dev_err(fei->dev,
"configure_memdma_and_inputblock failed\n");
+ of_node_put(child);
goto err_unmap;
}
index++;
--
2.35.1
^ permalink raw reply related [flat|nested] 529+ messages in thread
* [PATCH 4.19 148/521] media: coda: Add check for dcoda_iram_alloc
2023-01-16 15:44 [PATCH 4.19 000/521] 4.19.270-rc1 review Greg Kroah-Hartman
` (146 preceding siblings ...)
2023-01-16 15:46 ` [PATCH 4.19 147/521] media: c8sectpfe: Add of_node_put() when breaking out of loop Greg Kroah-Hartman
@ 2023-01-16 15:46 ` Greg Kroah-Hartman
2023-01-16 15:46 ` [PATCH 4.19 149/521] media: coda: Add check for kmalloc Greg Kroah-Hartman
` (376 subsequent siblings)
524 siblings, 0 replies; 529+ messages in thread
From: Greg Kroah-Hartman @ 2023-01-16 15:46 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Jiasheng Jiang, Hans Verkuil, Sasha Levin
From: Jiasheng Jiang <jiasheng@iscas.ac.cn>
[ Upstream commit 6b8082238fb8bb20f67e46388123e67a5bbc558d ]
As the coda_iram_alloc may return NULL pointer,
it should be better to check the return value
in order to avoid NULL poineter dereference,
same as the others.
Fixes: b313bcc9a467 ("[media] coda: simplify IRAM setup")
Signed-off-by: Jiasheng Jiang <jiasheng@iscas.ac.cn>
Signed-off-by: Hans Verkuil <hverkuil-cisco@xs4all.nl>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/media/platform/coda/coda-bit.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/drivers/media/platform/coda/coda-bit.c b/drivers/media/platform/coda/coda-bit.c
index c3eaddced721..57b62076b1ba 100644
--- a/drivers/media/platform/coda/coda-bit.c
+++ b/drivers/media/platform/coda/coda-bit.c
@@ -670,7 +670,7 @@ static void coda_setup_iram(struct coda_ctx *ctx)
/* Only H.264BP and H.263P3 are considered */
iram_info->buf_dbk_y_use = coda_iram_alloc(iram_info, w64);
iram_info->buf_dbk_c_use = coda_iram_alloc(iram_info, w64);
- if (!iram_info->buf_dbk_c_use)
+ if (!iram_info->buf_dbk_y_use || !iram_info->buf_dbk_c_use)
goto out;
iram_info->axi_sram_use |= dbk_bits;
@@ -694,7 +694,7 @@ static void coda_setup_iram(struct coda_ctx *ctx)
iram_info->buf_dbk_y_use = coda_iram_alloc(iram_info, w128);
iram_info->buf_dbk_c_use = coda_iram_alloc(iram_info, w128);
- if (!iram_info->buf_dbk_c_use)
+ if (!iram_info->buf_dbk_y_use || !iram_info->buf_dbk_c_use)
goto out;
iram_info->axi_sram_use |= dbk_bits;
--
2.35.1
^ permalink raw reply related [flat|nested] 529+ messages in thread
* [PATCH 4.19 149/521] media: coda: Add check for kmalloc
2023-01-16 15:44 [PATCH 4.19 000/521] 4.19.270-rc1 review Greg Kroah-Hartman
` (147 preceding siblings ...)
2023-01-16 15:46 ` [PATCH 4.19 148/521] media: coda: Add check for dcoda_iram_alloc Greg Kroah-Hartman
@ 2023-01-16 15:46 ` Greg Kroah-Hartman
2023-01-16 15:46 ` [PATCH 4.19 150/521] clk: samsung: Fix memory leak in _samsung_clk_register_pll() Greg Kroah-Hartman
` (375 subsequent siblings)
524 siblings, 0 replies; 529+ messages in thread
From: Greg Kroah-Hartman @ 2023-01-16 15:46 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Jiasheng Jiang, Hans Verkuil, Sasha Levin
From: Jiasheng Jiang <jiasheng@iscas.ac.cn>
[ Upstream commit 6e5e5defdb8b0186312c2f855ace175aee6daf9b ]
As the kmalloc may return NULL pointer,
it should be better to check the return value
in order to avoid NULL poineter dereference,
same as the others.
Fixes: cb1d3a336371 ("[media] coda: add CODA7541 JPEG support")
Signed-off-by: Jiasheng Jiang <jiasheng@iscas.ac.cn>
Signed-off-by: Hans Verkuil <hverkuil-cisco@xs4all.nl>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/media/platform/coda/coda-bit.c | 10 ++++++++--
1 file changed, 8 insertions(+), 2 deletions(-)
diff --git a/drivers/media/platform/coda/coda-bit.c b/drivers/media/platform/coda/coda-bit.c
index 57b62076b1ba..e73bf8e14f33 100644
--- a/drivers/media/platform/coda/coda-bit.c
+++ b/drivers/media/platform/coda/coda-bit.c
@@ -901,10 +901,16 @@ static int coda_start_encoding(struct coda_ctx *ctx)
}
if (dst_fourcc == V4L2_PIX_FMT_JPEG) {
- if (!ctx->params.jpeg_qmat_tab[0])
+ if (!ctx->params.jpeg_qmat_tab[0]) {
ctx->params.jpeg_qmat_tab[0] = kmalloc(64, GFP_KERNEL);
- if (!ctx->params.jpeg_qmat_tab[1])
+ if (!ctx->params.jpeg_qmat_tab[0])
+ return -ENOMEM;
+ }
+ if (!ctx->params.jpeg_qmat_tab[1]) {
ctx->params.jpeg_qmat_tab[1] = kmalloc(64, GFP_KERNEL);
+ if (!ctx->params.jpeg_qmat_tab[1])
+ return -ENOMEM;
+ }
coda_set_jpeg_compression_quality(ctx, ctx->params.jpeg_quality);
}
--
2.35.1
^ permalink raw reply related [flat|nested] 529+ messages in thread
* [PATCH 4.19 150/521] clk: samsung: Fix memory leak in _samsung_clk_register_pll()
2023-01-16 15:44 [PATCH 4.19 000/521] 4.19.270-rc1 review Greg Kroah-Hartman
` (148 preceding siblings ...)
2023-01-16 15:46 ` [PATCH 4.19 149/521] media: coda: Add check for kmalloc Greg Kroah-Hartman
@ 2023-01-16 15:46 ` Greg Kroah-Hartman
2023-01-16 15:46 ` [PATCH 4.19 151/521] wifi: rtl8xxxu: Add __packed to struct rtl8723bu_c2h Greg Kroah-Hartman
` (374 subsequent siblings)
524 siblings, 0 replies; 529+ messages in thread
From: Greg Kroah-Hartman @ 2023-01-16 15:46 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Xiu Jianfeng, Alim Akhtar,
Stephen Boyd, Sasha Levin
From: Xiu Jianfeng <xiujianfeng@huawei.com>
[ Upstream commit 5174e5b0d1b669a489524192b6adcbb3c54ebc72 ]
If clk_register() fails, @pll->rate_table may have allocated memory by
kmemdup(), so it needs to be freed, otherwise will cause memory leak
issue, this patch fixes it.
Fixes: 3ff6e0d8d64d ("clk: samsung: Add support to register rate_table for samsung plls")
Signed-off-by: Xiu Jianfeng <xiujianfeng@huawei.com>
Link: https://lore.kernel.org/r/20221123032015.63980-1-xiujianfeng@huawei.com
Reviewed-by: Alim Akhtar <alim.akhtar@samsung.com>
Signed-off-by: Stephen Boyd <sboyd@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/clk/samsung/clk-pll.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/drivers/clk/samsung/clk-pll.c b/drivers/clk/samsung/clk-pll.c
index 1c4c7a3039f1..8cbf0f2cf196 100644
--- a/drivers/clk/samsung/clk-pll.c
+++ b/drivers/clk/samsung/clk-pll.c
@@ -1392,6 +1392,7 @@ static void __init _samsung_clk_register_pll(struct samsung_clk_provider *ctx,
if (ret) {
pr_err("%s: failed to register pll clock %s : %d\n",
__func__, pll_clk->name, ret);
+ kfree(pll->rate_table);
kfree(pll);
return;
}
--
2.35.1
^ permalink raw reply related [flat|nested] 529+ messages in thread
* [PATCH 4.19 151/521] wifi: rtl8xxxu: Add __packed to struct rtl8723bu_c2h
2023-01-16 15:44 [PATCH 4.19 000/521] 4.19.270-rc1 review Greg Kroah-Hartman
` (149 preceding siblings ...)
2023-01-16 15:46 ` [PATCH 4.19 150/521] clk: samsung: Fix memory leak in _samsung_clk_register_pll() Greg Kroah-Hartman
@ 2023-01-16 15:46 ` Greg Kroah-Hartman
2023-01-16 15:46 ` [PATCH 4.19 152/521] rtl8xxxu: add enumeration for channel bandwidth Greg Kroah-Hartman
` (373 subsequent siblings)
524 siblings, 0 replies; 529+ messages in thread
From: Greg Kroah-Hartman @ 2023-01-16 15:46 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Bitterblue Smith, Ping-Ke Shih,
Kalle Valo, Sasha Levin
From: Bitterblue Smith <rtl8821cerfe2@gmail.com>
[ Upstream commit dd469a754afdb782ba3033cee102147493dc39f4 ]
This struct is used to access a sequence of bytes received from the
wifi chip. It must not have any padding bytes between the members.
This doesn't change anything on my system, possibly because currently
none of the members need more than byte alignment.
Fixes: b2b43b7837ba ("rtl8xxxu: Initial functionality to handle C2H events for 8723bu")
Signed-off-by: Bitterblue Smith <rtl8821cerfe2@gmail.com>
Reviewed-by: Ping-Ke Shih <pkshih@realtek.com>
Signed-off-by: Kalle Valo <kvalo@kernel.org>
Link: https://lore.kernel.org/r/1a270918-da22-ff5f-29fc-7855f740c5ba@gmail.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/wireless/realtek/rtl8xxxu/rtl8xxxu.h | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/net/wireless/realtek/rtl8xxxu/rtl8xxxu.h b/drivers/net/wireless/realtek/rtl8xxxu/rtl8xxxu.h
index bd28deff9b8c..7eef3f7c36ad 100644
--- a/drivers/net/wireless/realtek/rtl8xxxu/rtl8xxxu.h
+++ b/drivers/net/wireless/realtek/rtl8xxxu/rtl8xxxu.h
@@ -1186,7 +1186,7 @@ struct rtl8723bu_c2h {
u8 dummy3_0;
} __packed ra_report;
};
-};
+} __packed;
struct rtl8xxxu_fileops;
--
2.35.1
^ permalink raw reply related [flat|nested] 529+ messages in thread
* [PATCH 4.19 152/521] rtl8xxxu: add enumeration for channel bandwidth
2023-01-16 15:44 [PATCH 4.19 000/521] 4.19.270-rc1 review Greg Kroah-Hartman
` (150 preceding siblings ...)
2023-01-16 15:46 ` [PATCH 4.19 151/521] wifi: rtl8xxxu: Add __packed to struct rtl8723bu_c2h Greg Kroah-Hartman
@ 2023-01-16 15:46 ` Greg Kroah-Hartman
2023-01-16 15:46 ` [PATCH 4.19 153/521] wifi: brcmfmac: Fix error return code in brcmf_sdio_download_firmware() Greg Kroah-Hartman
` (372 subsequent siblings)
524 siblings, 0 replies; 529+ messages in thread
From: Greg Kroah-Hartman @ 2023-01-16 15:46 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Chris Chiu, Kalle Valo, Sasha Levin
From: Chris Chiu <chiu@endlessm.com>
[ Upstream commit a66b8b4108f178f34394681232c7df07e9b0f6be ]
There's a data field in H2C and C2H commands which is used to
carry channel bandwidth information. Add enumeration to make it
more descriptive in code.
Signed-off-by: Chris Chiu <chiu@endlessm.com>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
Link: https://lore.kernel.org/r/20200320063833.1058-2-chiu@endlessm.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/wireless/realtek/rtl8xxxu/rtl8xxxu.h | 9 +++++++++
drivers/net/wireless/realtek/rtl8xxxu/rtl8xxxu_core.c | 2 +-
2 files changed, 10 insertions(+), 1 deletion(-)
diff --git a/drivers/net/wireless/realtek/rtl8xxxu/rtl8xxxu.h b/drivers/net/wireless/realtek/rtl8xxxu/rtl8xxxu.h
index 7eef3f7c36ad..921a226b18f8 100644
--- a/drivers/net/wireless/realtek/rtl8xxxu/rtl8xxxu.h
+++ b/drivers/net/wireless/realtek/rtl8xxxu/rtl8xxxu.h
@@ -1136,6 +1136,15 @@ enum bt_mp_oper_opcode_8723b {
BT_MP_OP_ENABLE_CFO_TRACKING = 0x24,
};
+enum rtl8xxxu_bw_mode {
+ RTL8XXXU_CHANNEL_WIDTH_20 = 0,
+ RTL8XXXU_CHANNEL_WIDTH_40 = 1,
+ RTL8XXXU_CHANNEL_WIDTH_80 = 2,
+ RTL8XXXU_CHANNEL_WIDTH_160 = 3,
+ RTL8XXXU_CHANNEL_WIDTH_80_80 = 4,
+ RTL8XXXU_CHANNEL_WIDTH_MAX = 5,
+};
+
struct rtl8723bu_c2h {
u8 id;
u8 seq;
diff --git a/drivers/net/wireless/realtek/rtl8xxxu/rtl8xxxu_core.c b/drivers/net/wireless/realtek/rtl8xxxu/rtl8xxxu_core.c
index fb8545f79fa6..c3c8382dd0ba 100644
--- a/drivers/net/wireless/realtek/rtl8xxxu/rtl8xxxu_core.c
+++ b/drivers/net/wireless/realtek/rtl8xxxu/rtl8xxxu_core.c
@@ -4333,7 +4333,7 @@ void rtl8xxxu_gen2_update_rate_mask(struct rtl8xxxu_priv *priv,
u32 ramask, int sgi)
{
struct h2c_cmd h2c;
- u8 bw = 0;
+ u8 bw = RTL8XXXU_CHANNEL_WIDTH_20;
memset(&h2c, 0, sizeof(struct h2c_cmd));
--
2.35.1
^ permalink raw reply related [flat|nested] 529+ messages in thread
* [PATCH 4.19 153/521] wifi: brcmfmac: Fix error return code in brcmf_sdio_download_firmware()
2023-01-16 15:44 [PATCH 4.19 000/521] 4.19.270-rc1 review Greg Kroah-Hartman
` (151 preceding siblings ...)
2023-01-16 15:46 ` [PATCH 4.19 152/521] rtl8xxxu: add enumeration for channel bandwidth Greg Kroah-Hartman
@ 2023-01-16 15:46 ` Greg Kroah-Hartman
2023-01-16 15:46 ` [PATCH 4.19 154/521] blktrace: Fix output non-blktrace event when blk_classic option enabled Greg Kroah-Hartman
` (371 subsequent siblings)
524 siblings, 0 replies; 529+ messages in thread
From: Greg Kroah-Hartman @ 2023-01-16 15:46 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Wang Yufen, Arend van Spriel,
Kalle Valo, Sasha Levin
From: Wang Yufen <wangyufen@huawei.com>
[ Upstream commit c2f2924bc7f9ea75ef8d95863e710168f8196256 ]
Fix to return a negative error code instead of 0 when
brcmf_chip_set_active() fails. In addition, change the return
value for brcmf_pcie_exit_download_state() to keep consistent.
Fixes: d380ebc9b6fb ("brcmfmac: rename chip download functions")
Signed-off-by: Wang Yufen <wangyufen@huawei.com>
Reviewed-by: Arend van Spriel <arend.vanspriel@broadcom.com>
Signed-off-by: Kalle Valo <kvalo@kernel.org>
Link: https://lore.kernel.org/r/1669959342-27144-1-git-send-email-wangyufen@huawei.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/wireless/broadcom/brcm80211/brcmfmac/pcie.c | 2 +-
drivers/net/wireless/broadcom/brcm80211/brcmfmac/sdio.c | 1 +
2 files changed, 2 insertions(+), 1 deletion(-)
diff --git a/drivers/net/wireless/broadcom/brcm80211/brcmfmac/pcie.c b/drivers/net/wireless/broadcom/brcm80211/brcmfmac/pcie.c
index a21529d2ccab..6ee04af85e9d 100644
--- a/drivers/net/wireless/broadcom/brcm80211/brcmfmac/pcie.c
+++ b/drivers/net/wireless/broadcom/brcm80211/brcmfmac/pcie.c
@@ -612,7 +612,7 @@ static int brcmf_pcie_exit_download_state(struct brcmf_pciedev_info *devinfo,
}
if (!brcmf_chip_set_active(devinfo->ci, resetintr))
- return -EINVAL;
+ return -EIO;
return 0;
}
diff --git a/drivers/net/wireless/broadcom/brcm80211/brcmfmac/sdio.c b/drivers/net/wireless/broadcom/brcm80211/brcmfmac/sdio.c
index 0a96c1071e5b..6eb1daf51301 100644
--- a/drivers/net/wireless/broadcom/brcm80211/brcmfmac/sdio.c
+++ b/drivers/net/wireless/broadcom/brcm80211/brcmfmac/sdio.c
@@ -3337,6 +3337,7 @@ static int brcmf_sdio_download_firmware(struct brcmf_sdio *bus,
/* Take arm out of reset */
if (!brcmf_chip_set_active(bus->ci, rstvec)) {
brcmf_err("error getting out of ARM core reset\n");
+ bcmerror = -EIO;
goto err;
}
--
2.35.1
^ permalink raw reply related [flat|nested] 529+ messages in thread
* [PATCH 4.19 154/521] blktrace: Fix output non-blktrace event when blk_classic option enabled
2023-01-16 15:44 [PATCH 4.19 000/521] 4.19.270-rc1 review Greg Kroah-Hartman
` (152 preceding siblings ...)
2023-01-16 15:46 ` [PATCH 4.19 153/521] wifi: brcmfmac: Fix error return code in brcmf_sdio_download_firmware() Greg Kroah-Hartman
@ 2023-01-16 15:46 ` Greg Kroah-Hartman
2023-01-16 15:46 ` [PATCH 4.19 155/521] clk: socfpga: clk-pll: Remove unused variable rc Greg Kroah-Hartman
` (370 subsequent siblings)
524 siblings, 0 replies; 529+ messages in thread
From: Greg Kroah-Hartman @ 2023-01-16 15:46 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Yang Jihong, Jens Axboe, Sasha Levin
From: Yang Jihong <yangjihong1@huawei.com>
[ Upstream commit f596da3efaf4130ff61cd029558845808df9bf99 ]
When the blk_classic option is enabled, non-blktrace events must be
filtered out. Otherwise, events of other types are output in the blktrace
classic format, which is unexpected.
The problem can be triggered in the following ways:
# echo 1 > /sys/kernel/debug/tracing/options/blk_classic
# echo 1 > /sys/kernel/debug/tracing/events/enable
# echo blk > /sys/kernel/debug/tracing/current_tracer
# cat /sys/kernel/debug/tracing/trace_pipe
Fixes: c71a89615411 ("blktrace: add ftrace plugin")
Signed-off-by: Yang Jihong <yangjihong1@huawei.com>
Link: https://lore.kernel.org/r/20221122040410.85113-1-yangjihong1@huawei.com
Signed-off-by: Jens Axboe <axboe@kernel.dk>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
kernel/trace/blktrace.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/kernel/trace/blktrace.c b/kernel/trace/blktrace.c
index 75ea1a5be31a..113cbe1a20aa 100644
--- a/kernel/trace/blktrace.c
+++ b/kernel/trace/blktrace.c
@@ -1594,7 +1594,8 @@ blk_trace_event_print_binary(struct trace_iterator *iter, int flags,
static enum print_line_t blk_tracer_print_line(struct trace_iterator *iter)
{
- if (!(blk_tracer_flags.val & TRACE_BLK_OPT_CLASSIC))
+ if ((iter->ent->type != TRACE_BLK) ||
+ !(blk_tracer_flags.val & TRACE_BLK_OPT_CLASSIC))
return TRACE_TYPE_UNHANDLED;
return print_one_line(iter, true);
--
2.35.1
^ permalink raw reply related [flat|nested] 529+ messages in thread
* [PATCH 4.19 155/521] clk: socfpga: clk-pll: Remove unused variable rc
2023-01-16 15:44 [PATCH 4.19 000/521] 4.19.270-rc1 review Greg Kroah-Hartman
` (153 preceding siblings ...)
2023-01-16 15:46 ` [PATCH 4.19 154/521] blktrace: Fix output non-blktrace event when blk_classic option enabled Greg Kroah-Hartman
@ 2023-01-16 15:46 ` Greg Kroah-Hartman
2023-01-16 15:46 ` [PATCH 4.19 156/521] clk: socfpga: use clk_hw_register for a5/c5 Greg Kroah-Hartman
` (369 subsequent siblings)
524 siblings, 0 replies; 529+ messages in thread
From: Greg Kroah-Hartman @ 2023-01-16 15:46 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Dinh Nguyen, Michael Turquette,
Stephen Boyd, linux-clk, Lee Jones, Sasha Levin
From: Lee Jones <lee.jones@linaro.org>
[ Upstream commit 75fddccbca32349570b2d53955982b4117fa5515 ]
Fixes the following W=1 kernel build warning(s):
drivers/clk/socfpga/clk-pll.c: In function ‘__socfpga_pll_init’:
drivers/clk/socfpga/clk-pll.c:83:6: warning: variable ‘rc’ set but not used [-Wunused-but-set-variable]
Cc: Dinh Nguyen <dinguyen@kernel.org>
Cc: Michael Turquette <mturquette@baylibre.com>
Cc: Stephen Boyd <sboyd@kernel.org>
Cc: linux-clk@vger.kernel.org
Signed-off-by: Lee Jones <lee.jones@linaro.org>
Link: https://lore.kernel.org/r/20210120093040.1719407-8-lee.jones@linaro.org
Acked-by: Dinh Nguyen <dinguyen@kernel.org>
Signed-off-by: Stephen Boyd <sboyd@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/clk/socfpga/clk-pll.c | 3 +--
1 file changed, 1 insertion(+), 2 deletions(-)
diff --git a/drivers/clk/socfpga/clk-pll.c b/drivers/clk/socfpga/clk-pll.c
index b4b44e9b5901..973c4713d085 100644
--- a/drivers/clk/socfpga/clk-pll.c
+++ b/drivers/clk/socfpga/clk-pll.c
@@ -90,7 +90,6 @@ static __init struct clk *__socfpga_pll_init(struct device_node *node,
const char *parent_name[SOCFPGA_MAX_PARENTS];
struct clk_init_data init;
struct device_node *clkmgr_np;
- int rc;
of_property_read_u32(node, "reg", ®);
@@ -123,7 +122,7 @@ static __init struct clk *__socfpga_pll_init(struct device_node *node,
kfree(pll_clk);
return NULL;
}
- rc = of_clk_add_provider(node, of_clk_src_simple_get, clk);
+ of_clk_add_provider(node, of_clk_src_simple_get, clk);
return clk;
}
--
2.35.1
^ permalink raw reply related [flat|nested] 529+ messages in thread
* [PATCH 4.19 156/521] clk: socfpga: use clk_hw_register for a5/c5
2023-01-16 15:44 [PATCH 4.19 000/521] 4.19.270-rc1 review Greg Kroah-Hartman
` (154 preceding siblings ...)
2023-01-16 15:46 ` [PATCH 4.19 155/521] clk: socfpga: clk-pll: Remove unused variable rc Greg Kroah-Hartman
@ 2023-01-16 15:46 ` Greg Kroah-Hartman
2023-01-16 15:46 ` [PATCH 4.19 157/521] net: vmw_vsock: vmci: Check memcpy_from_msg() Greg Kroah-Hartman
` (368 subsequent siblings)
524 siblings, 0 replies; 529+ messages in thread
From: Greg Kroah-Hartman @ 2023-01-16 15:46 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Stephen Boyd, Dinh Nguyen, Sasha Levin
From: Dinh Nguyen <dinguyen@kernel.org>
[ Upstream commit 2c2b9c6067170de2a63e7e3d9f5bb205b870de7c ]
As recommended by Stephen Boyd, convert the cyclone5/arria5 clock driver
to use the clk_hw registration method.
Suggested-by: Stephen Boyd <sboyd@kernel.org>
Signed-off-by: Dinh Nguyen <dinguyen@kernel.org>
Link: https://lore.kernel.org/r/20210302214151.1333447-1-dinguyen@kernel.org
Signed-off-by: Stephen Boyd <sboyd@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/clk/socfpga/clk-gate.c | 11 +++++++----
drivers/clk/socfpga/clk-periph.c | 8 ++++----
drivers/clk/socfpga/clk-pll.c | 18 +++++++++++-------
3 files changed, 22 insertions(+), 15 deletions(-)
diff --git a/drivers/clk/socfpga/clk-gate.c b/drivers/clk/socfpga/clk-gate.c
index 14918896811d..139b009eda82 100644
--- a/drivers/clk/socfpga/clk-gate.c
+++ b/drivers/clk/socfpga/clk-gate.c
@@ -183,12 +183,13 @@ static void __init __socfpga_gate_init(struct device_node *node,
u32 div_reg[3];
u32 clk_phase[2];
u32 fixed_div;
- struct clk *clk;
+ struct clk_hw *hw_clk;
struct socfpga_gate_clk *socfpga_clk;
const char *clk_name = node->name;
const char *parent_name[SOCFPGA_MAX_PARENTS];
struct clk_init_data init;
int rc;
+ int err;
socfpga_clk = kzalloc(sizeof(*socfpga_clk), GFP_KERNEL);
if (WARN_ON(!socfpga_clk))
@@ -237,12 +238,14 @@ static void __init __socfpga_gate_init(struct device_node *node,
init.parent_names = parent_name;
socfpga_clk->hw.hw.init = &init;
- clk = clk_register(NULL, &socfpga_clk->hw.hw);
- if (WARN_ON(IS_ERR(clk))) {
+ hw_clk = &socfpga_clk->hw.hw;
+
+ err = clk_hw_register(NULL, hw_clk);
+ if (err) {
kfree(socfpga_clk);
return;
}
- rc = of_clk_add_provider(node, of_clk_src_simple_get, clk);
+ rc = of_clk_add_provider(node, of_clk_src_simple_get, hw_clk);
if (WARN_ON(rc))
return;
}
diff --git a/drivers/clk/socfpga/clk-periph.c b/drivers/clk/socfpga/clk-periph.c
index 52c883ea7706..912c3059cbe4 100644
--- a/drivers/clk/socfpga/clk-periph.c
+++ b/drivers/clk/socfpga/clk-periph.c
@@ -61,7 +61,7 @@ static __init void __socfpga_periph_init(struct device_node *node,
const struct clk_ops *ops)
{
u32 reg;
- struct clk *clk;
+ struct clk_hw *hw_clk;
struct socfpga_periph_clk *periph_clk;
const char *clk_name = node->name;
const char *parent_name[SOCFPGA_MAX_PARENTS];
@@ -104,13 +104,13 @@ static __init void __socfpga_periph_init(struct device_node *node,
init.parent_names = parent_name;
periph_clk->hw.hw.init = &init;
+ hw_clk = &periph_clk->hw.hw;
- clk = clk_register(NULL, &periph_clk->hw.hw);
- if (WARN_ON(IS_ERR(clk))) {
+ if (clk_hw_register(NULL, hw_clk)) {
kfree(periph_clk);
return;
}
- rc = of_clk_add_provider(node, of_clk_src_simple_get, clk);
+ rc = of_clk_add_provider(node, of_clk_src_simple_get, hw_clk);
}
void __init socfpga_periph_init(struct device_node *node)
diff --git a/drivers/clk/socfpga/clk-pll.c b/drivers/clk/socfpga/clk-pll.c
index 973c4713d085..7bde8ca45d4b 100644
--- a/drivers/clk/socfpga/clk-pll.c
+++ b/drivers/clk/socfpga/clk-pll.c
@@ -80,16 +80,18 @@ static struct clk_ops clk_pll_ops = {
.get_parent = clk_pll_get_parent,
};
-static __init struct clk *__socfpga_pll_init(struct device_node *node,
+static __init struct clk_hw *__socfpga_pll_init(struct device_node *node,
const struct clk_ops *ops)
{
u32 reg;
- struct clk *clk;
+ struct clk_hw *hw_clk;
struct socfpga_pll *pll_clk;
const char *clk_name = node->name;
const char *parent_name[SOCFPGA_MAX_PARENTS];
struct clk_init_data init;
struct device_node *clkmgr_np;
+ int rc;
+ int err;
of_property_read_u32(node, "reg", ®);
@@ -117,13 +119,15 @@ static __init struct clk *__socfpga_pll_init(struct device_node *node,
clk_pll_ops.enable = clk_gate_ops.enable;
clk_pll_ops.disable = clk_gate_ops.disable;
- clk = clk_register(NULL, &pll_clk->hw.hw);
- if (WARN_ON(IS_ERR(clk))) {
+ hw_clk = &pll_clk->hw.hw;
+
+ err = clk_hw_register(NULL, hw_clk);
+ if (err) {
kfree(pll_clk);
- return NULL;
+ return ERR_PTR(err);
}
- of_clk_add_provider(node, of_clk_src_simple_get, clk);
- return clk;
+ rc = of_clk_add_provider(node, of_clk_src_simple_get, hw_clk);
+ return hw_clk;
}
void __init socfpga_pll_init(struct device_node *node)
--
2.35.1
^ permalink raw reply related [flat|nested] 529+ messages in thread
* [PATCH 4.19 157/521] net: vmw_vsock: vmci: Check memcpy_from_msg()
2023-01-16 15:44 [PATCH 4.19 000/521] 4.19.270-rc1 review Greg Kroah-Hartman
` (155 preceding siblings ...)
2023-01-16 15:46 ` [PATCH 4.19 156/521] clk: socfpga: use clk_hw_register for a5/c5 Greg Kroah-Hartman
@ 2023-01-16 15:46 ` Greg Kroah-Hartman
2023-01-16 15:47 ` [PATCH 4.19 158/521] net: defxx: Fix missing err handling in dfx_init() Greg Kroah-Hartman
` (367 subsequent siblings)
524 siblings, 0 replies; 529+ messages in thread
From: Greg Kroah-Hartman @ 2023-01-16 15:46 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Artem Chernyshev,
Stefano Garzarella, Vishnu Dasa, David S. Miller, Sasha Levin
From: Artem Chernyshev <artem.chernyshev@red-soft.ru>
[ Upstream commit 44aa5a6dba8283bfda28b1517af4de711c5652a4 ]
vmci_transport_dgram_enqueue() does not check the return value
of memcpy_from_msg(). If memcpy_from_msg() fails, it is possible that
uninitialized memory contents are sent unintentionally instead of user's
message in the datagram to the destination. Return with an error if
memcpy_from_msg() fails.
Found by Linux Verification Center (linuxtesting.org) with SVACE.
Fixes: 0f7db23a07af ("vmci_transport: switch ->enqeue_dgram, ->enqueue_stream and ->dequeue_stream to msghdr")
Signed-off-by: Artem Chernyshev <artem.chernyshev@red-soft.ru>
Reviewed-by: Stefano Garzarella <sgarzare@redhat.com>
Reviewed-by: Vishnu Dasa <vdasa@vmware.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
net/vmw_vsock/vmci_transport.c | 6 +++++-
1 file changed, 5 insertions(+), 1 deletion(-)
diff --git a/net/vmw_vsock/vmci_transport.c b/net/vmw_vsock/vmci_transport.c
index 42ab3e2ac060..2a8127f245e8 100644
--- a/net/vmw_vsock/vmci_transport.c
+++ b/net/vmw_vsock/vmci_transport.c
@@ -1733,7 +1733,11 @@ static int vmci_transport_dgram_enqueue(
if (!dg)
return -ENOMEM;
- memcpy_from_msg(VMCI_DG_PAYLOAD(dg), msg, len);
+ err = memcpy_from_msg(VMCI_DG_PAYLOAD(dg), msg, len);
+ if (err) {
+ kfree(dg);
+ return err;
+ }
dg->dst = vmci_make_handle(remote_addr->svm_cid,
remote_addr->svm_port);
--
2.35.1
^ permalink raw reply related [flat|nested] 529+ messages in thread
* [PATCH 4.19 158/521] net: defxx: Fix missing err handling in dfx_init()
2023-01-16 15:44 [PATCH 4.19 000/521] 4.19.270-rc1 review Greg Kroah-Hartman
` (156 preceding siblings ...)
2023-01-16 15:46 ` [PATCH 4.19 157/521] net: vmw_vsock: vmci: Check memcpy_from_msg() Greg Kroah-Hartman
@ 2023-01-16 15:47 ` Greg Kroah-Hartman
2023-01-16 15:47 ` [PATCH 4.19 159/521] drivers: net: qlcnic: Fix potential memory leak in qlcnic_sriov_init() Greg Kroah-Hartman
` (366 subsequent siblings)
524 siblings, 0 replies; 529+ messages in thread
From: Greg Kroah-Hartman @ 2023-01-16 15:47 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Yongqiang Liu, Jiri Pirko,
David S. Miller, Sasha Levin
From: Yongqiang Liu <liuyongqiang13@huawei.com>
[ Upstream commit ae18dcdff0f8d7e84cd3fd9f496518b5e72d185d ]
When eisa_driver_register() or tc_register_driver() failed,
the modprobe defxx would fail with some err log as follows:
Error: Driver 'defxx' is already registered, aborting...
Fix this issue by adding err hanling in dfx_init().
Fixes: e89a2cfb7d7b5 ("[TC] defxx: TURBOchannel support")
Signed-off-by: Yongqiang Liu <liuyongqiang13@huawei.com>
Reviewed-by: Jiri Pirko <jiri@nvidia.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/fddi/defxx.c | 22 ++++++++++++++++++----
1 file changed, 18 insertions(+), 4 deletions(-)
diff --git a/drivers/net/fddi/defxx.c b/drivers/net/fddi/defxx.c
index 3b48c890540a..7f14aad1c240 100644
--- a/drivers/net/fddi/defxx.c
+++ b/drivers/net/fddi/defxx.c
@@ -3844,10 +3844,24 @@ static int dfx_init(void)
int status;
status = pci_register_driver(&dfx_pci_driver);
- if (!status)
- status = eisa_driver_register(&dfx_eisa_driver);
- if (!status)
- status = tc_register_driver(&dfx_tc_driver);
+ if (status)
+ goto err_pci_register;
+
+ status = eisa_driver_register(&dfx_eisa_driver);
+ if (status)
+ goto err_eisa_register;
+
+ status = tc_register_driver(&dfx_tc_driver);
+ if (status)
+ goto err_tc_register;
+
+ return 0;
+
+err_tc_register:
+ eisa_driver_unregister(&dfx_eisa_driver);
+err_eisa_register:
+ pci_unregister_driver(&dfx_pci_driver);
+err_pci_register:
return status;
}
--
2.35.1
^ permalink raw reply related [flat|nested] 529+ messages in thread
* [PATCH 4.19 159/521] drivers: net: qlcnic: Fix potential memory leak in qlcnic_sriov_init()
2023-01-16 15:44 [PATCH 4.19 000/521] 4.19.270-rc1 review Greg Kroah-Hartman
` (157 preceding siblings ...)
2023-01-16 15:47 ` [PATCH 4.19 158/521] net: defxx: Fix missing err handling in dfx_init() Greg Kroah-Hartman
@ 2023-01-16 15:47 ` Greg Kroah-Hartman
2023-01-16 15:47 ` [PATCH 4.19 160/521] ethernet: s2io: dont call dev_kfree_skb() under spin_lock_irqsave() Greg Kroah-Hartman
` (365 subsequent siblings)
524 siblings, 0 replies; 529+ messages in thread
From: Greg Kroah-Hartman @ 2023-01-16 15:47 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Yuan Can, Leon Romanovsky,
David S. Miller, Sasha Levin
From: Yuan Can <yuancan@huawei.com>
[ Upstream commit 01de1123322e4fe1bbd0fcdf0982511b55519c03 ]
If vp alloc failed in qlcnic_sriov_init(), all previously allocated vp
needs to be freed.
Fixes: f197a7aa6288 ("qlcnic: VF-PF communication channel implementation")
Signed-off-by: Yuan Can <yuancan@huawei.com>
Reviewed-by: Leon Romanovsky <leonro@nvidia.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/ethernet/qlogic/qlcnic/qlcnic_sriov_common.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/drivers/net/ethernet/qlogic/qlcnic/qlcnic_sriov_common.c b/drivers/net/ethernet/qlogic/qlcnic/qlcnic_sriov_common.c
index 98275f18a87b..d28c4436f965 100644
--- a/drivers/net/ethernet/qlogic/qlcnic/qlcnic_sriov_common.c
+++ b/drivers/net/ethernet/qlogic/qlcnic/qlcnic_sriov_common.c
@@ -222,6 +222,8 @@ int qlcnic_sriov_init(struct qlcnic_adapter *adapter, int num_vfs)
return 0;
qlcnic_destroy_async_wq:
+ while (i--)
+ kfree(sriov->vf_info[i].vp);
destroy_workqueue(bc->bc_async_wq);
qlcnic_destroy_trans_wq:
--
2.35.1
^ permalink raw reply related [flat|nested] 529+ messages in thread
* [PATCH 4.19 160/521] ethernet: s2io: dont call dev_kfree_skb() under spin_lock_irqsave()
2023-01-16 15:44 [PATCH 4.19 000/521] 4.19.270-rc1 review Greg Kroah-Hartman
` (158 preceding siblings ...)
2023-01-16 15:47 ` [PATCH 4.19 159/521] drivers: net: qlcnic: Fix potential memory leak in qlcnic_sriov_init() Greg Kroah-Hartman
@ 2023-01-16 15:47 ` Greg Kroah-Hartman
2023-01-16 15:47 ` [PATCH 4.19 161/521] net: farsync: Fix kmemleak when rmmods farsync Greg Kroah-Hartman
` (364 subsequent siblings)
524 siblings, 0 replies; 529+ messages in thread
From: Greg Kroah-Hartman @ 2023-01-16 15:47 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Yang Yingliang, David S. Miller,
Sasha Levin
From: Yang Yingliang <yangyingliang@huawei.com>
[ Upstream commit 6cee96e09df54ae17784c0f38a49e0ed8229b825 ]
It is not allowed to call kfree_skb() or consume_skb() from hardware
interrupt context or with hardware interrupts being disabled.
It should use dev_kfree_skb_irq() or dev_consume_skb_irq() instead.
The difference between them is free reason, dev_kfree_skb_irq() means
the SKB is dropped in error and dev_consume_skb_irq() means the SKB
is consumed in normal.
In this case, dev_kfree_skb() is called in free_tx_buffers() to drop
the SKBs in tx buffers, when the card is down, so replace it with
dev_kfree_skb_irq() here.
Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2")
Signed-off-by: Yang Yingliang <yangyingliang@huawei.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/ethernet/neterion/s2io.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/net/ethernet/neterion/s2io.c b/drivers/net/ethernet/neterion/s2io.c
index 0a8483c615d4..b42f81d0c6f0 100644
--- a/drivers/net/ethernet/neterion/s2io.c
+++ b/drivers/net/ethernet/neterion/s2io.c
@@ -2375,7 +2375,7 @@ static void free_tx_buffers(struct s2io_nic *nic)
skb = s2io_txdl_getskb(&mac_control->fifos[i], txdp, j);
if (skb) {
swstats->mem_freed += skb->truesize;
- dev_kfree_skb(skb);
+ dev_kfree_skb_irq(skb);
cnt++;
}
}
--
2.35.1
^ permalink raw reply related [flat|nested] 529+ messages in thread
* [PATCH 4.19 161/521] net: farsync: Fix kmemleak when rmmods farsync
2023-01-16 15:44 [PATCH 4.19 000/521] 4.19.270-rc1 review Greg Kroah-Hartman
` (159 preceding siblings ...)
2023-01-16 15:47 ` [PATCH 4.19 160/521] ethernet: s2io: dont call dev_kfree_skb() under spin_lock_irqsave() Greg Kroah-Hartman
@ 2023-01-16 15:47 ` Greg Kroah-Hartman
2023-01-16 15:47 ` [PATCH 4.19 162/521] net/tunnel: wait until all sk_user_data reader finish before releasing the sock Greg Kroah-Hartman
` (363 subsequent siblings)
524 siblings, 0 replies; 529+ messages in thread
From: Greg Kroah-Hartman @ 2023-01-16 15:47 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Li Zetao, Jiri Pirko,
David S. Miller, Sasha Levin
From: Li Zetao <lizetao1@huawei.com>
[ Upstream commit 2f623aaf9f31de968dea6169849706a2f9be444c ]
There are two memory leaks reported by kmemleak:
unreferenced object 0xffff888114b20200 (size 128):
comm "modprobe", pid 4846, jiffies 4295146524 (age 401.345s)
hex dump (first 32 bytes):
e0 62 57 09 81 88 ff ff e0 62 57 09 81 88 ff ff .bW......bW.....
01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
backtrace:
[<ffffffff815bcd82>] kmalloc_trace+0x22/0x60
[<ffffffff83d35c78>] __hw_addr_add_ex+0x198/0x6c0
[<ffffffff83d3989d>] dev_addr_init+0x13d/0x230
[<ffffffff83d1063d>] alloc_netdev_mqs+0x10d/0xe50
[<ffffffff82b4a06e>] alloc_hdlcdev+0x2e/0x80
[<ffffffffa016a741>] fst_add_one+0x601/0x10e0 [farsync]
...
unreferenced object 0xffff88810b85b000 (size 1024):
comm "modprobe", pid 4846, jiffies 4295146523 (age 401.346s)
hex dump (first 32 bytes):
00 00 b0 02 00 c9 ff ff 00 70 0a 00 00 c9 ff ff .........p......
00 00 00 f2 00 00 00 f3 0a 00 00 00 02 00 00 00 ................
backtrace:
[<ffffffff815bcd82>] kmalloc_trace+0x22/0x60
[<ffffffffa016a294>] fst_add_one+0x154/0x10e0 [farsync]
[<ffffffff82060e83>] local_pci_probe+0xd3/0x170
...
The root cause is traced to the netdev and fst_card_info are not freed
when removes one fst in fst_remove_one(), which may trigger oom if
repeated insmod and rmmod module.
Fix it by adding free_netdev() and kfree() in fst_remove_one(), just as
the operations on the error handling path in fst_add_one().
Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2")
Signed-off-by: Li Zetao <lizetao1@huawei.com>
Reviewed-by: Jiri Pirko <jiri@nvidia.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/wan/farsync.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/drivers/net/wan/farsync.c b/drivers/net/wan/farsync.c
index 2a3f0f1a2b0a..bc249f81c80d 100644
--- a/drivers/net/wan/farsync.c
+++ b/drivers/net/wan/farsync.c
@@ -2617,6 +2617,7 @@ fst_remove_one(struct pci_dev *pdev)
for (i = 0; i < card->nports; i++) {
struct net_device *dev = port_to_dev(&card->ports[i]);
unregister_hdlc_device(dev);
+ free_netdev(dev);
}
fst_disable_intr(card);
@@ -2637,6 +2638,7 @@ fst_remove_one(struct pci_dev *pdev)
card->tx_dma_handle_card);
}
fst_card_array[card->card_no] = NULL;
+ kfree(card);
}
static struct pci_driver fst_driver = {
--
2.35.1
^ permalink raw reply related [flat|nested] 529+ messages in thread
* [PATCH 4.19 162/521] net/tunnel: wait until all sk_user_data reader finish before releasing the sock
2023-01-16 15:44 [PATCH 4.19 000/521] 4.19.270-rc1 review Greg Kroah-Hartman
` (160 preceding siblings ...)
2023-01-16 15:47 ` [PATCH 4.19 161/521] net: farsync: Fix kmemleak when rmmods farsync Greg Kroah-Hartman
@ 2023-01-16 15:47 ` Greg Kroah-Hartman
2023-01-16 15:47 ` [PATCH 4.19 163/521] net: apple: mace: dont call dev_kfree_skb() under spin_lock_irqsave() Greg Kroah-Hartman
` (362 subsequent siblings)
524 siblings, 0 replies; 529+ messages in thread
From: Greg Kroah-Hartman @ 2023-01-16 15:47 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Jianlin Shi, Jakub Sitnicki,
Hangbin Liu, Jiri Pirko, David S. Miller, Sasha Levin
From: Hangbin Liu <liuhangbin@gmail.com>
[ Upstream commit 3cf7203ca620682165706f70a1b12b5194607dce ]
There is a race condition in vxlan that when deleting a vxlan device
during receiving packets, there is a possibility that the sock is
released after getting vxlan_sock vs from sk_user_data. Then in
later vxlan_ecn_decapsulate(), vxlan_get_sk_family() we will got
NULL pointer dereference. e.g.
#0 [ffffa25ec6978a38] machine_kexec at ffffffff8c669757
#1 [ffffa25ec6978a90] __crash_kexec at ffffffff8c7c0a4d
#2 [ffffa25ec6978b58] crash_kexec at ffffffff8c7c1c48
#3 [ffffa25ec6978b60] oops_end at ffffffff8c627f2b
#4 [ffffa25ec6978b80] page_fault_oops at ffffffff8c678fcb
#5 [ffffa25ec6978bd8] exc_page_fault at ffffffff8d109542
#6 [ffffa25ec6978c00] asm_exc_page_fault at ffffffff8d200b62
[exception RIP: vxlan_ecn_decapsulate+0x3b]
RIP: ffffffffc1014e7b RSP: ffffa25ec6978cb0 RFLAGS: 00010246
RAX: 0000000000000008 RBX: ffff8aa000888000 RCX: 0000000000000000
RDX: 000000000000000e RSI: ffff8a9fc7ab803e RDI: ffff8a9fd1168700
RBP: ffff8a9fc7ab803e R8: 0000000000700000 R9: 00000000000010ae
R10: ffff8a9fcb748980 R11: 0000000000000000 R12: ffff8a9fd1168700
R13: ffff8aa000888000 R14: 00000000002a0000 R15: 00000000000010ae
ORIG_RAX: ffffffffffffffff CS: 0010 SS: 0018
#7 [ffffa25ec6978ce8] vxlan_rcv at ffffffffc10189cd [vxlan]
#8 [ffffa25ec6978d90] udp_queue_rcv_one_skb at ffffffff8cfb6507
#9 [ffffa25ec6978dc0] udp_unicast_rcv_skb at ffffffff8cfb6e45
#10 [ffffa25ec6978dc8] __udp4_lib_rcv at ffffffff8cfb8807
#11 [ffffa25ec6978e20] ip_protocol_deliver_rcu at ffffffff8cf76951
#12 [ffffa25ec6978e48] ip_local_deliver at ffffffff8cf76bde
#13 [ffffa25ec6978ea0] __netif_receive_skb_one_core at ffffffff8cecde9b
#14 [ffffa25ec6978ec8] process_backlog at ffffffff8cece139
#15 [ffffa25ec6978f00] __napi_poll at ffffffff8ceced1a
#16 [ffffa25ec6978f28] net_rx_action at ffffffff8cecf1f3
#17 [ffffa25ec6978fa0] __softirqentry_text_start at ffffffff8d4000ca
#18 [ffffa25ec6978ff0] do_softirq at ffffffff8c6fbdc3
Reproducer: https://github.com/Mellanox/ovs-tests/blob/master/test-ovs-vxlan-remove-tunnel-during-traffic.sh
Fix this by waiting for all sk_user_data reader to finish before
releasing the sock.
Reported-by: Jianlin Shi <jishi@redhat.com>
Suggested-by: Jakub Sitnicki <jakub@cloudflare.com>
Fixes: 6a93cc905274 ("udp-tunnel: Add a few more UDP tunnel APIs")
Signed-off-by: Hangbin Liu <liuhangbin@gmail.com>
Reviewed-by: Jiri Pirko <jiri@nvidia.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
net/ipv4/udp_tunnel.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/net/ipv4/udp_tunnel.c b/net/ipv4/udp_tunnel.c
index 6539ff15e9a3..d03d74388870 100644
--- a/net/ipv4/udp_tunnel.c
+++ b/net/ipv4/udp_tunnel.c
@@ -186,6 +186,7 @@ EXPORT_SYMBOL_GPL(udp_tunnel_xmit_skb);
void udp_tunnel_sock_release(struct socket *sock)
{
rcu_assign_sk_user_data(sock->sk, NULL);
+ synchronize_rcu();
kernel_sock_shutdown(sock, SHUT_RDWR);
sock_release(sock);
}
--
2.35.1
^ permalink raw reply related [flat|nested] 529+ messages in thread
* [PATCH 4.19 163/521] net: apple: mace: dont call dev_kfree_skb() under spin_lock_irqsave()
2023-01-16 15:44 [PATCH 4.19 000/521] 4.19.270-rc1 review Greg Kroah-Hartman
` (161 preceding siblings ...)
2023-01-16 15:47 ` [PATCH 4.19 162/521] net/tunnel: wait until all sk_user_data reader finish before releasing the sock Greg Kroah-Hartman
@ 2023-01-16 15:47 ` Greg Kroah-Hartman
2023-01-16 15:47 ` [PATCH 4.19 164/521] net: apple: bmac: " Greg Kroah-Hartman
` (361 subsequent siblings)
524 siblings, 0 replies; 529+ messages in thread
From: Greg Kroah-Hartman @ 2023-01-16 15:47 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Yang Yingliang, David S. Miller,
Sasha Levin
From: Yang Yingliang <yangyingliang@huawei.com>
[ Upstream commit 3dfe3486c1cd4f82b466b7d307f23777137b8acc ]
It is not allowed to call kfree_skb() or consume_skb() from hardware
interrupt context or with hardware interrupts being disabled.
It should use dev_kfree_skb_irq() or dev_consume_skb_irq() instead.
The difference between them is free reason, dev_kfree_skb_irq() means
the SKB is dropped in error and dev_consume_skb_irq() means the SKB
is consumed in normal.
In this case, dev_kfree_skb() is called in mace_tx_timeout() to drop
the SKB, when tx timeout, so replace it with dev_kfree_skb_irq().
Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2")
Signed-off-by: Yang Yingliang <yangyingliang@huawei.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/ethernet/apple/mace.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/net/ethernet/apple/mace.c b/drivers/net/ethernet/apple/mace.c
index 68b9ee489489..8f5e0cc00ddd 100644
--- a/drivers/net/ethernet/apple/mace.c
+++ b/drivers/net/ethernet/apple/mace.c
@@ -840,7 +840,7 @@ static void mace_tx_timeout(struct timer_list *t)
if (mp->tx_bad_runt) {
mp->tx_bad_runt = 0;
} else if (i != mp->tx_fill) {
- dev_kfree_skb(mp->tx_bufs[i]);
+ dev_kfree_skb_irq(mp->tx_bufs[i]);
if (++i >= N_TX_RING)
i = 0;
mp->tx_empty = i;
--
2.35.1
^ permalink raw reply related [flat|nested] 529+ messages in thread
* [PATCH 4.19 164/521] net: apple: bmac: dont call dev_kfree_skb() under spin_lock_irqsave()
2023-01-16 15:44 [PATCH 4.19 000/521] 4.19.270-rc1 review Greg Kroah-Hartman
` (162 preceding siblings ...)
2023-01-16 15:47 ` [PATCH 4.19 163/521] net: apple: mace: dont call dev_kfree_skb() under spin_lock_irqsave() Greg Kroah-Hartman
@ 2023-01-16 15:47 ` Greg Kroah-Hartman
2023-01-16 15:47 ` [PATCH 4.19 165/521] net: emaclite: " Greg Kroah-Hartman
` (360 subsequent siblings)
524 siblings, 0 replies; 529+ messages in thread
From: Greg Kroah-Hartman @ 2023-01-16 15:47 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Yang Yingliang, David S. Miller,
Sasha Levin
From: Yang Yingliang <yangyingliang@huawei.com>
[ Upstream commit 5fe02e046e6422c4adfdbc50206ec7186077da24 ]
It is not allowed to call kfree_skb() or consume_skb() from hardware
interrupt context or with hardware interrupts being disabled.
It should use dev_kfree_skb_irq() or dev_consume_skb_irq() instead.
The difference between them is free reason, dev_kfree_skb_irq() means
the SKB is dropped in error and dev_consume_skb_irq() means the SKB
is consumed in normal.
In this case, dev_kfree_skb() is called in bmac_tx_timeout() to drop
the SKB, when tx timeout, so replace it with dev_kfree_skb_irq().
Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2")
Signed-off-by: Yang Yingliang <yangyingliang@huawei.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/ethernet/apple/bmac.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/net/ethernet/apple/bmac.c b/drivers/net/ethernet/apple/bmac.c
index ab6ce85540b8..a0ce699903cf 100644
--- a/drivers/net/ethernet/apple/bmac.c
+++ b/drivers/net/ethernet/apple/bmac.c
@@ -1510,7 +1510,7 @@ static void bmac_tx_timeout(struct timer_list *t)
i = bp->tx_empty;
++dev->stats.tx_errors;
if (i != bp->tx_fill) {
- dev_kfree_skb(bp->tx_bufs[i]);
+ dev_kfree_skb_irq(bp->tx_bufs[i]);
bp->tx_bufs[i] = NULL;
if (++i >= N_TX_RING) i = 0;
bp->tx_empty = i;
--
2.35.1
^ permalink raw reply related [flat|nested] 529+ messages in thread
* [PATCH 4.19 165/521] net: emaclite: dont call dev_kfree_skb() under spin_lock_irqsave()
2023-01-16 15:44 [PATCH 4.19 000/521] 4.19.270-rc1 review Greg Kroah-Hartman
` (163 preceding siblings ...)
2023-01-16 15:47 ` [PATCH 4.19 164/521] net: apple: bmac: " Greg Kroah-Hartman
@ 2023-01-16 15:47 ` Greg Kroah-Hartman
2023-01-16 15:47 ` [PATCH 4.19 166/521] net: ethernet: dnet: " Greg Kroah-Hartman
` (359 subsequent siblings)
524 siblings, 0 replies; 529+ messages in thread
From: Greg Kroah-Hartman @ 2023-01-16 15:47 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Yang Yingliang, David S. Miller,
Sasha Levin
From: Yang Yingliang <yangyingliang@huawei.com>
[ Upstream commit d1678bf45f21fa5ae4a456f821858679556ea5f8 ]
It is not allowed to call kfree_skb() or consume_skb() from hardware
interrupt context or with hardware interrupts being disabled.
It should use dev_kfree_skb_irq() or dev_consume_skb_irq() instead.
The difference between them is free reason, dev_kfree_skb_irq() means
the SKB is dropped in error and dev_consume_skb_irq() means the SKB
is consumed in normal.
In this case, dev_kfree_skb() is called in xemaclite_tx_timeout() to
drop the SKB, when tx timeout, so replace it with dev_kfree_skb_irq().
Fixes: bb81b2ddfa19 ("net: add Xilinx emac lite device driver")
Signed-off-by: Yang Yingliang <yangyingliang@huawei.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/ethernet/xilinx/xilinx_emaclite.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/net/ethernet/xilinx/xilinx_emaclite.c b/drivers/net/ethernet/xilinx/xilinx_emaclite.c
index 4e1504587895..e3f0beaa7d55 100644
--- a/drivers/net/ethernet/xilinx/xilinx_emaclite.c
+++ b/drivers/net/ethernet/xilinx/xilinx_emaclite.c
@@ -543,7 +543,7 @@ static void xemaclite_tx_timeout(struct net_device *dev)
xemaclite_enable_interrupts(lp);
if (lp->deferred_skb) {
- dev_kfree_skb(lp->deferred_skb);
+ dev_kfree_skb_irq(lp->deferred_skb);
lp->deferred_skb = NULL;
dev->stats.tx_errors++;
}
--
2.35.1
^ permalink raw reply related [flat|nested] 529+ messages in thread
* [PATCH 4.19 166/521] net: ethernet: dnet: dont call dev_kfree_skb() under spin_lock_irqsave()
2023-01-16 15:44 [PATCH 4.19 000/521] 4.19.270-rc1 review Greg Kroah-Hartman
` (164 preceding siblings ...)
2023-01-16 15:47 ` [PATCH 4.19 165/521] net: emaclite: " Greg Kroah-Hartman
@ 2023-01-16 15:47 ` Greg Kroah-Hartman
2023-01-16 15:47 ` [PATCH 4.19 167/521] hamradio: " Greg Kroah-Hartman
` (358 subsequent siblings)
524 siblings, 0 replies; 529+ messages in thread
From: Greg Kroah-Hartman @ 2023-01-16 15:47 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Yang Yingliang, David S. Miller,
Sasha Levin
From: Yang Yingliang <yangyingliang@huawei.com>
[ Upstream commit f07fadcbee2a5e84caa67c7c445424200bffb60b ]
It is not allowed to call kfree_skb() or consume_skb() from hardware
interrupt context or with hardware interrupts being disabled.
In this case, the lock is used to protected 'bp', so we can move
dev_kfree_skb() after the spin_unlock_irqrestore().
Fixes: 4796417417a6 ("dnet: Dave DNET ethernet controller driver (updated)")
Signed-off-by: Yang Yingliang <yangyingliang@huawei.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/ethernet/dnet.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/drivers/net/ethernet/dnet.c b/drivers/net/ethernet/dnet.c
index 5a847941c46b..f7d126a2617e 100644
--- a/drivers/net/ethernet/dnet.c
+++ b/drivers/net/ethernet/dnet.c
@@ -558,11 +558,11 @@ static netdev_tx_t dnet_start_xmit(struct sk_buff *skb, struct net_device *dev)
skb_tx_timestamp(skb);
+ spin_unlock_irqrestore(&bp->lock, flags);
+
/* free the buffer */
dev_kfree_skb(skb);
- spin_unlock_irqrestore(&bp->lock, flags);
-
return NETDEV_TX_OK;
}
--
2.35.1
^ permalink raw reply related [flat|nested] 529+ messages in thread
* [PATCH 4.19 167/521] hamradio: dont call dev_kfree_skb() under spin_lock_irqsave()
2023-01-16 15:44 [PATCH 4.19 000/521] 4.19.270-rc1 review Greg Kroah-Hartman
` (165 preceding siblings ...)
2023-01-16 15:47 ` [PATCH 4.19 166/521] net: ethernet: dnet: " Greg Kroah-Hartman
@ 2023-01-16 15:47 ` Greg Kroah-Hartman
2023-01-16 15:47 ` [PATCH 4.19 168/521] net: amd: lance: " Greg Kroah-Hartman
` (357 subsequent siblings)
524 siblings, 0 replies; 529+ messages in thread
From: Greg Kroah-Hartman @ 2023-01-16 15:47 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Yang Yingliang, David S. Miller,
Sasha Levin
From: Yang Yingliang <yangyingliang@huawei.com>
[ Upstream commit 3727f742915f04f6fc550b80cf406999bd4e90d0 ]
It is not allowed to call kfree_skb() or consume_skb() from hardware
interrupt context or with hardware interrupts being disabled.
It should use dev_kfree_skb_irq() or dev_consume_skb_irq() instead.
The difference between them is free reason, dev_kfree_skb_irq() means
the SKB is dropped in error and dev_consume_skb_irq() means the SKB
is consumed in normal.
In scc_discard_buffers(), dev_kfree_skb() is called to discard the SKBs,
so replace it with dev_kfree_skb_irq().
In scc_net_tx(), dev_kfree_skb() is called to drop the SKB that exceed
queue length, so replace it with dev_kfree_skb_irq().
Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2")
Signed-off-by: Yang Yingliang <yangyingliang@huawei.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/hamradio/scc.c | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/drivers/net/hamradio/scc.c b/drivers/net/hamradio/scc.c
index 6c03932d8a6b..3dc4eb841aa1 100644
--- a/drivers/net/hamradio/scc.c
+++ b/drivers/net/hamradio/scc.c
@@ -300,12 +300,12 @@ static inline void scc_discard_buffers(struct scc_channel *scc)
spin_lock_irqsave(&scc->lock, flags);
if (scc->tx_buff != NULL)
{
- dev_kfree_skb(scc->tx_buff);
+ dev_kfree_skb_irq(scc->tx_buff);
scc->tx_buff = NULL;
}
while (!skb_queue_empty(&scc->tx_queue))
- dev_kfree_skb(skb_dequeue(&scc->tx_queue));
+ dev_kfree_skb_irq(skb_dequeue(&scc->tx_queue));
spin_unlock_irqrestore(&scc->lock, flags);
}
@@ -1667,7 +1667,7 @@ static netdev_tx_t scc_net_tx(struct sk_buff *skb, struct net_device *dev)
if (skb_queue_len(&scc->tx_queue) > scc->dev->tx_queue_len) {
struct sk_buff *skb_del;
skb_del = skb_dequeue(&scc->tx_queue);
- dev_kfree_skb(skb_del);
+ dev_kfree_skb_irq(skb_del);
}
skb_queue_tail(&scc->tx_queue, skb);
netif_trans_update(dev);
--
2.35.1
^ permalink raw reply related [flat|nested] 529+ messages in thread
* [PATCH 4.19 168/521] net: amd: lance: dont call dev_kfree_skb() under spin_lock_irqsave()
2023-01-16 15:44 [PATCH 4.19 000/521] 4.19.270-rc1 review Greg Kroah-Hartman
` (166 preceding siblings ...)
2023-01-16 15:47 ` [PATCH 4.19 167/521] hamradio: " Greg Kroah-Hartman
@ 2023-01-16 15:47 ` Greg Kroah-Hartman
2023-01-16 15:47 ` [PATCH 4.19 169/521] net: amd-xgbe: Fix logic around active and passive cables Greg Kroah-Hartman
` (356 subsequent siblings)
524 siblings, 0 replies; 529+ messages in thread
From: Greg Kroah-Hartman @ 2023-01-16 15:47 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Yang Yingliang, David S. Miller,
Sasha Levin
From: Yang Yingliang <yangyingliang@huawei.com>
[ Upstream commit 6151d105dfce8c23edf30eed35e97f3d9b96a35c ]
It is not allowed to call kfree_skb() or consume_skb() from hardware
interrupt context or with hardware interrupts being disabled.
It should use dev_kfree_skb_irq() or dev_consume_skb_irq() instead.
The difference between them is free reason, dev_kfree_skb_irq() means
the SKB is dropped in error and dev_consume_skb_irq() means the SKB
is consumed in normal.
In these two cases, dev_kfree_skb() is called consume the xmited SKB,
so replace it with dev_consume_skb_irq().
Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2")
Signed-off-by: Yang Yingliang <yangyingliang@huawei.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/ethernet/amd/atarilance.c | 2 +-
drivers/net/ethernet/amd/lance.c | 2 +-
2 files changed, 2 insertions(+), 2 deletions(-)
diff --git a/drivers/net/ethernet/amd/atarilance.c b/drivers/net/ethernet/amd/atarilance.c
index d3d44e07afbc..414b990827e8 100644
--- a/drivers/net/ethernet/amd/atarilance.c
+++ b/drivers/net/ethernet/amd/atarilance.c
@@ -825,7 +825,7 @@ lance_start_xmit(struct sk_buff *skb, struct net_device *dev)
lp->memcpy_f( PKTBUF_ADDR(head), (void *)skb->data, skb->len );
head->flag = TMD1_OWN_CHIP | TMD1_ENP | TMD1_STP;
dev->stats.tx_bytes += skb->len;
- dev_kfree_skb( skb );
+ dev_consume_skb_irq(skb);
lp->cur_tx++;
while( lp->cur_tx >= TX_RING_SIZE && lp->dirty_tx >= TX_RING_SIZE ) {
lp->cur_tx -= TX_RING_SIZE;
diff --git a/drivers/net/ethernet/amd/lance.c b/drivers/net/ethernet/amd/lance.c
index b56d84c7df46..a21f4f82a9c2 100644
--- a/drivers/net/ethernet/amd/lance.c
+++ b/drivers/net/ethernet/amd/lance.c
@@ -997,7 +997,7 @@ static netdev_tx_t lance_start_xmit(struct sk_buff *skb,
skb_copy_from_linear_data(skb, &lp->tx_bounce_buffs[entry], skb->len);
lp->tx_ring[entry].base =
((u32)isa_virt_to_bus((lp->tx_bounce_buffs + entry)) & 0xffffff) | 0x83000000;
- dev_kfree_skb(skb);
+ dev_consume_skb_irq(skb);
} else {
lp->tx_skbuff[entry] = skb;
lp->tx_ring[entry].base = ((u32)isa_virt_to_bus(skb->data) & 0xffffff) | 0x83000000;
--
2.35.1
^ permalink raw reply related [flat|nested] 529+ messages in thread
* [PATCH 4.19 169/521] net: amd-xgbe: Fix logic around active and passive cables
2023-01-16 15:44 [PATCH 4.19 000/521] 4.19.270-rc1 review Greg Kroah-Hartman
` (167 preceding siblings ...)
2023-01-16 15:47 ` [PATCH 4.19 168/521] net: amd: lance: " Greg Kroah-Hartman
@ 2023-01-16 15:47 ` Greg Kroah-Hartman
2023-01-16 15:47 ` [PATCH 4.19 170/521] net: amd-xgbe: Check only the minimum speed for active/passive cables Greg Kroah-Hartman
` (355 subsequent siblings)
524 siblings, 0 replies; 529+ messages in thread
From: Greg Kroah-Hartman @ 2023-01-16 15:47 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Tom Lendacky, David S. Miller, Sasha Levin
From: Tom Lendacky <thomas.lendacky@amd.com>
[ Upstream commit 4998006c73afe44e2f639d55bd331c6c26eb039f ]
SFP+ active and passive cables are copper cables with fixed SFP+ end
connectors. Due to a misinterpretation of this, SFP+ active cables could
end up not being recognized, causing the driver to fail to establish a
connection.
Introduce a new enum in SFP+ cable types, XGBE_SFP_CABLE_FIBER, that is
the default cable type, and handle active and passive cables when they are
specifically detected.
Fixes: abf0a1c2b26a ("amd-xgbe: Add support for SFP+ modules")
Signed-off-by: Tom Lendacky <thomas.lendacky@amd.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/ethernet/amd/xgbe/xgbe-phy-v2.c | 9 ++++++---
1 file changed, 6 insertions(+), 3 deletions(-)
diff --git a/drivers/net/ethernet/amd/xgbe/xgbe-phy-v2.c b/drivers/net/ethernet/amd/xgbe/xgbe-phy-v2.c
index d54e6e138aaf..098792eb279c 100644
--- a/drivers/net/ethernet/amd/xgbe/xgbe-phy-v2.c
+++ b/drivers/net/ethernet/amd/xgbe/xgbe-phy-v2.c
@@ -188,6 +188,7 @@ enum xgbe_sfp_cable {
XGBE_SFP_CABLE_UNKNOWN = 0,
XGBE_SFP_CABLE_ACTIVE,
XGBE_SFP_CABLE_PASSIVE,
+ XGBE_SFP_CABLE_FIBER,
};
enum xgbe_sfp_base {
@@ -1136,16 +1137,18 @@ static void xgbe_phy_sfp_parse_eeprom(struct xgbe_prv_data *pdata)
phy_data->sfp_tx_fault = xgbe_phy_check_sfp_tx_fault(phy_data);
phy_data->sfp_rx_los = xgbe_phy_check_sfp_rx_los(phy_data);
- /* Assume ACTIVE cable unless told it is PASSIVE */
+ /* Assume FIBER cable unless told otherwise */
if (sfp_base[XGBE_SFP_BASE_CABLE] & XGBE_SFP_BASE_CABLE_PASSIVE) {
phy_data->sfp_cable = XGBE_SFP_CABLE_PASSIVE;
phy_data->sfp_cable_len = sfp_base[XGBE_SFP_BASE_CU_CABLE_LEN];
- } else {
+ } else if (sfp_base[XGBE_SFP_BASE_CABLE] & XGBE_SFP_BASE_CABLE_ACTIVE) {
phy_data->sfp_cable = XGBE_SFP_CABLE_ACTIVE;
+ } else {
+ phy_data->sfp_cable = XGBE_SFP_CABLE_FIBER;
}
/* Determine the type of SFP */
- if (phy_data->sfp_cable == XGBE_SFP_CABLE_PASSIVE &&
+ if (phy_data->sfp_cable != XGBE_SFP_CABLE_FIBER &&
xgbe_phy_sfp_bit_rate(sfp_eeprom, XGBE_SFP_SPEED_10000))
phy_data->sfp_base = XGBE_SFP_BASE_10000_CR;
else if (sfp_base[XGBE_SFP_BASE_10GBE_CC] & XGBE_SFP_BASE_10GBE_CC_SR)
--
2.35.1
^ permalink raw reply related [flat|nested] 529+ messages in thread
* [PATCH 4.19 170/521] net: amd-xgbe: Check only the minimum speed for active/passive cables
2023-01-16 15:44 [PATCH 4.19 000/521] 4.19.270-rc1 review Greg Kroah-Hartman
` (168 preceding siblings ...)
2023-01-16 15:47 ` [PATCH 4.19 169/521] net: amd-xgbe: Fix logic around active and passive cables Greg Kroah-Hartman
@ 2023-01-16 15:47 ` Greg Kroah-Hartman
2023-01-16 15:47 ` [PATCH 4.19 171/521] net: lan9303: Fix read error execution path Greg Kroah-Hartman
` (354 subsequent siblings)
524 siblings, 0 replies; 529+ messages in thread
From: Greg Kroah-Hartman @ 2023-01-16 15:47 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Tom Lendacky, David S. Miller, Sasha Levin
From: Tom Lendacky <thomas.lendacky@amd.com>
[ Upstream commit f8ab263d4d48e6dab752029bf562f20a2ee630ed ]
There are cables that exist that can support speeds in excess of 10GbE.
The driver, however, restricts the EEPROM advertised nominal bitrate to
a specific range, which can prevent usage of cables that can support,
for example, up to 25GbE.
Rather than checking that an active or passive cable supports a specific
range, only check for a minimum supported speed.
Fixes: abf0a1c2b26a ("amd-xgbe: Add support for SFP+ modules")
Signed-off-by: Tom Lendacky <thomas.lendacky@amd.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/ethernet/amd/xgbe/xgbe-phy-v2.c | 14 ++------------
1 file changed, 2 insertions(+), 12 deletions(-)
diff --git a/drivers/net/ethernet/amd/xgbe/xgbe-phy-v2.c b/drivers/net/ethernet/amd/xgbe/xgbe-phy-v2.c
index 098792eb279c..e32649c254cd 100644
--- a/drivers/net/ethernet/amd/xgbe/xgbe-phy-v2.c
+++ b/drivers/net/ethernet/amd/xgbe/xgbe-phy-v2.c
@@ -236,10 +236,7 @@ enum xgbe_sfp_speed {
#define XGBE_SFP_BASE_BR 12
#define XGBE_SFP_BASE_BR_1GBE_MIN 0x0a
-#define XGBE_SFP_BASE_BR_1GBE_MAX 0x0d
#define XGBE_SFP_BASE_BR_10GBE_MIN 0x64
-#define XGBE_SFP_BASE_BR_10GBE_MAX 0x68
-#define XGBE_MOLEX_SFP_BASE_BR_10GBE_MAX 0x78
#define XGBE_SFP_BASE_CU_CABLE_LEN 18
@@ -826,29 +823,22 @@ static void xgbe_phy_sfp_phy_settings(struct xgbe_prv_data *pdata)
static bool xgbe_phy_sfp_bit_rate(struct xgbe_sfp_eeprom *sfp_eeprom,
enum xgbe_sfp_speed sfp_speed)
{
- u8 *sfp_base, min, max;
+ u8 *sfp_base, min;
sfp_base = sfp_eeprom->base;
switch (sfp_speed) {
case XGBE_SFP_SPEED_1000:
min = XGBE_SFP_BASE_BR_1GBE_MIN;
- max = XGBE_SFP_BASE_BR_1GBE_MAX;
break;
case XGBE_SFP_SPEED_10000:
min = XGBE_SFP_BASE_BR_10GBE_MIN;
- if (memcmp(&sfp_eeprom->base[XGBE_SFP_BASE_VENDOR_NAME],
- XGBE_MOLEX_VENDOR, XGBE_SFP_BASE_VENDOR_NAME_LEN) == 0)
- max = XGBE_MOLEX_SFP_BASE_BR_10GBE_MAX;
- else
- max = XGBE_SFP_BASE_BR_10GBE_MAX;
break;
default:
return false;
}
- return ((sfp_base[XGBE_SFP_BASE_BR] >= min) &&
- (sfp_base[XGBE_SFP_BASE_BR] <= max));
+ return sfp_base[XGBE_SFP_BASE_BR] >= min;
}
static void xgbe_phy_free_phy_device(struct xgbe_prv_data *pdata)
--
2.35.1
^ permalink raw reply related [flat|nested] 529+ messages in thread
* [PATCH 4.19 171/521] net: lan9303: Fix read error execution path
2023-01-16 15:44 [PATCH 4.19 000/521] 4.19.270-rc1 review Greg Kroah-Hartman
` (169 preceding siblings ...)
2023-01-16 15:47 ` [PATCH 4.19 170/521] net: amd-xgbe: Check only the minimum speed for active/passive cables Greg Kroah-Hartman
@ 2023-01-16 15:47 ` Greg Kroah-Hartman
2023-01-16 15:47 ` [PATCH 4.19 172/521] ntb_netdev: Use dev_kfree_skb_any() in interrupt context Greg Kroah-Hartman
` (353 subsequent siblings)
524 siblings, 0 replies; 529+ messages in thread
From: Greg Kroah-Hartman @ 2023-01-16 15:47 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Jerry Ray, Vladimir Oltean,
Florian Fainelli, Jakub Kicinski, Sasha Levin
From: Jerry Ray <jerry.ray@microchip.com>
[ Upstream commit 8964916d206071b058c6351f88b1966bd58cbde0 ]
This patch fixes an issue where a read failure of a port statistic counter
will return unknown results. While it is highly unlikely the read will
ever fail, it is much cleaner to return a zero for the stat count.
Fixes: a1292595e006 ("net: dsa: add new DSA switch driver for the SMSC-LAN9303")
Signed-off-by: Jerry Ray <jerry.ray@microchip.com>
Reviewed-by: Vladimir Oltean <olteanv@gmail.com>
Reviewed-by: Florian Fainelli <f.fainelli@gmail.com>
Link: https://lore.kernel.org/r/20221209153502.7429-1-jerry.ray@microchip.com
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/dsa/lan9303-core.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/drivers/net/dsa/lan9303-core.c b/drivers/net/dsa/lan9303-core.c
index 03dc075ff4e8..f976b3d64593 100644
--- a/drivers/net/dsa/lan9303-core.c
+++ b/drivers/net/dsa/lan9303-core.c
@@ -1010,9 +1010,11 @@ static void lan9303_get_ethtool_stats(struct dsa_switch *ds, int port,
ret = lan9303_read_switch_port(
chip, port, lan9303_mib[u].offset, ®);
- if (ret)
+ if (ret) {
dev_warn(chip->dev, "Reading status port %d reg %u failed\n",
port, lan9303_mib[u].offset);
+ reg = 0;
+ }
data[u] = reg;
}
}
--
2.35.1
^ permalink raw reply related [flat|nested] 529+ messages in thread
* [PATCH 4.19 172/521] ntb_netdev: Use dev_kfree_skb_any() in interrupt context
2023-01-16 15:44 [PATCH 4.19 000/521] 4.19.270-rc1 review Greg Kroah-Hartman
` (170 preceding siblings ...)
2023-01-16 15:47 ` [PATCH 4.19 171/521] net: lan9303: Fix read error execution path Greg Kroah-Hartman
@ 2023-01-16 15:47 ` Greg Kroah-Hartman
2023-01-16 15:47 ` [PATCH 4.19 173/521] Bluetooth: btusb: dont call kfree_skb() under spin_lock_irqsave() Greg Kroah-Hartman
` (352 subsequent siblings)
524 siblings, 0 replies; 529+ messages in thread
From: Greg Kroah-Hartman @ 2023-01-16 15:47 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Eric Pilmore, Dave Jiang,
Jakub Kicinski, Sasha Levin
From: Eric Pilmore <epilmore@gigaio.com>
[ Upstream commit 5f7d78b2b12a9d561f48fa00bab29b40f4616dad ]
TX/RX callback handlers (ntb_netdev_tx_handler(),
ntb_netdev_rx_handler()) can be called in interrupt
context via the DMA framework when the respective
DMA operations have completed. As such, any calls
by these routines to free skb's, should use the
interrupt context safe dev_kfree_skb_any() function.
Previously, these callback handlers would call the
interrupt unsafe version of dev_kfree_skb(). This has
not presented an issue on Intel IOAT DMA engines as
that driver utilizes tasklets rather than a hard
interrupt handler, like the AMD PTDMA DMA driver.
On AMD systems, a kernel WARNING message is
encountered, which is being issued from
skb_release_head_state() due to in_hardirq()
being true.
Besides the user visible WARNING from the kernel,
the other symptom of this bug was that TCP/IP performance
across the ntb_netdev interface was very poor, i.e.
approximately an order of magnitude below what was
expected. With the repair to use dev_kfree_skb_any(),
kernel WARNINGs from skb_release_head_state() ceased
and TCP/IP performance, as measured by iperf, was on
par with expected results, approximately 20 Gb/s on
AMD Milan based server. Note that this performance
is comparable with Intel based servers.
Fixes: 765ccc7bc3d91 ("ntb_netdev: correct skb leak")
Fixes: 548c237c0a997 ("net: Add support for NTB virtual ethernet device")
Signed-off-by: Eric Pilmore <epilmore@gigaio.com>
Reviewed-by: Dave Jiang <dave.jiang@intel.com>
Link: https://lore.kernel.org/r/20221209000659.8318-1-epilmore@gigaio.com
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/ntb_netdev.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/drivers/net/ntb_netdev.c b/drivers/net/ntb_netdev.c
index 33974e7519ce..ca0053775d3f 100644
--- a/drivers/net/ntb_netdev.c
+++ b/drivers/net/ntb_netdev.c
@@ -140,7 +140,7 @@ static void ntb_netdev_rx_handler(struct ntb_transport_qp *qp, void *qp_data,
enqueue_again:
rc = ntb_transport_rx_enqueue(qp, skb, skb->data, ndev->mtu + ETH_HLEN);
if (rc) {
- dev_kfree_skb(skb);
+ dev_kfree_skb_any(skb);
ndev->stats.rx_errors++;
ndev->stats.rx_fifo_errors++;
}
@@ -195,7 +195,7 @@ static void ntb_netdev_tx_handler(struct ntb_transport_qp *qp, void *qp_data,
ndev->stats.tx_aborted_errors++;
}
- dev_kfree_skb(skb);
+ dev_kfree_skb_any(skb);
if (ntb_transport_tx_free_entry(dev->qp) >= tx_start) {
/* Make sure anybody stopping the queue after this sees the new
--
2.35.1
^ permalink raw reply related [flat|nested] 529+ messages in thread
* [PATCH 4.19 173/521] Bluetooth: btusb: dont call kfree_skb() under spin_lock_irqsave()
2023-01-16 15:44 [PATCH 4.19 000/521] 4.19.270-rc1 review Greg Kroah-Hartman
` (171 preceding siblings ...)
2023-01-16 15:47 ` [PATCH 4.19 172/521] ntb_netdev: Use dev_kfree_skb_any() in interrupt context Greg Kroah-Hartman
@ 2023-01-16 15:47 ` Greg Kroah-Hartman
2023-01-16 15:47 ` [PATCH 4.19 174/521] Bluetooth: hci_qca: " Greg Kroah-Hartman
` (351 subsequent siblings)
524 siblings, 0 replies; 529+ messages in thread
From: Greg Kroah-Hartman @ 2023-01-16 15:47 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Yang Yingliang,
Luiz Augusto von Dentz, Sasha Levin
From: Yang Yingliang <yangyingliang@huawei.com>
[ Upstream commit b15a6bd3c80c77faec8317319b97f976b1a08332 ]
It is not allowed to call kfree_skb() from hardware interrupt
context or with interrupts being disabled. So replace kfree_skb()
with dev_kfree_skb_irq() under spin_lock_irqsave().
Fixes: 803b58367ffb ("Bluetooth: btusb: Implement driver internal packet reassembly")
Signed-off-by: Yang Yingliang <yangyingliang@huawei.com>
Signed-off-by: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/bluetooth/btusb.c | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/drivers/bluetooth/btusb.c b/drivers/bluetooth/btusb.c
index 7188f0fb2e05..b6eb48e44e6b 100644
--- a/drivers/bluetooth/btusb.c
+++ b/drivers/bluetooth/btusb.c
@@ -501,13 +501,13 @@ static inline void btusb_free_frags(struct btusb_data *data)
spin_lock_irqsave(&data->rxlock, flags);
- kfree_skb(data->evt_skb);
+ dev_kfree_skb_irq(data->evt_skb);
data->evt_skb = NULL;
- kfree_skb(data->acl_skb);
+ dev_kfree_skb_irq(data->acl_skb);
data->acl_skb = NULL;
- kfree_skb(data->sco_skb);
+ dev_kfree_skb_irq(data->sco_skb);
data->sco_skb = NULL;
spin_unlock_irqrestore(&data->rxlock, flags);
--
2.35.1
^ permalink raw reply related [flat|nested] 529+ messages in thread
* [PATCH 4.19 174/521] Bluetooth: hci_qca: dont call kfree_skb() under spin_lock_irqsave()
2023-01-16 15:44 [PATCH 4.19 000/521] 4.19.270-rc1 review Greg Kroah-Hartman
` (172 preceding siblings ...)
2023-01-16 15:47 ` [PATCH 4.19 173/521] Bluetooth: btusb: dont call kfree_skb() under spin_lock_irqsave() Greg Kroah-Hartman
@ 2023-01-16 15:47 ` Greg Kroah-Hartman
2023-01-16 15:47 ` [PATCH 4.19 175/521] Bluetooth: hci_h5: " Greg Kroah-Hartman
` (350 subsequent siblings)
524 siblings, 0 replies; 529+ messages in thread
From: Greg Kroah-Hartman @ 2023-01-16 15:47 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Yang Yingliang,
Luiz Augusto von Dentz, Sasha Levin
From: Yang Yingliang <yangyingliang@huawei.com>
[ Upstream commit df4cfc91208e0a98f078223793f5871b1a82cc54 ]
It is not allowed to call kfree_skb() from hardware interrupt
context or with interrupts being disabled. So replace kfree_skb()
with dev_kfree_skb_irq() under spin_lock_irqsave().
Fixes: 0ff252c1976d ("Bluetooth: hciuart: Add support QCA chipset for UART")
Signed-off-by: Yang Yingliang <yangyingliang@huawei.com>
Signed-off-by: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/bluetooth/hci_qca.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/bluetooth/hci_qca.c b/drivers/bluetooth/hci_qca.c
index f96e58de049b..f8b6823db04a 100644
--- a/drivers/bluetooth/hci_qca.c
+++ b/drivers/bluetooth/hci_qca.c
@@ -810,7 +810,7 @@ static int qca_enqueue(struct hci_uart *hu, struct sk_buff *skb)
default:
BT_ERR("Illegal tx state: %d (losing packet)",
qca->tx_ibs_state);
- kfree_skb(skb);
+ dev_kfree_skb_irq(skb);
break;
}
--
2.35.1
^ permalink raw reply related [flat|nested] 529+ messages in thread
* [PATCH 4.19 175/521] Bluetooth: hci_h5: dont call kfree_skb() under spin_lock_irqsave()
2023-01-16 15:44 [PATCH 4.19 000/521] 4.19.270-rc1 review Greg Kroah-Hartman
` (173 preceding siblings ...)
2023-01-16 15:47 ` [PATCH 4.19 174/521] Bluetooth: hci_qca: " Greg Kroah-Hartman
@ 2023-01-16 15:47 ` Greg Kroah-Hartman
2023-01-16 15:47 ` [PATCH 4.19 176/521] Bluetooth: hci_bcsp: " Greg Kroah-Hartman
` (349 subsequent siblings)
524 siblings, 0 replies; 529+ messages in thread
From: Greg Kroah-Hartman @ 2023-01-16 15:47 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Yang Yingliang,
Luiz Augusto von Dentz, Sasha Levin
From: Yang Yingliang <yangyingliang@huawei.com>
[ Upstream commit 383630cc6758d619874c2e8bb2f68a61f3f9ef6e ]
It is not allowed to call kfree_skb() from hardware interrupt
context or with interrupts being disabled. So replace kfree_skb()
with dev_kfree_skb_irq() under spin_lock_irqsave().
Fixes: 43eb12d78960 ("Bluetooth: Fix/implement Three-wire reliable packet sending")
Signed-off-by: Yang Yingliang <yangyingliang@huawei.com>
Signed-off-by: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/bluetooth/hci_h5.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/bluetooth/hci_h5.c b/drivers/bluetooth/hci_h5.c
index 79b96251de80..29c80e2acb05 100644
--- a/drivers/bluetooth/hci_h5.c
+++ b/drivers/bluetooth/hci_h5.c
@@ -311,7 +311,7 @@ static void h5_pkt_cull(struct h5 *h5)
break;
__skb_unlink(skb, &h5->unack);
- kfree_skb(skb);
+ dev_kfree_skb_irq(skb);
}
if (skb_queue_empty(&h5->unack))
--
2.35.1
^ permalink raw reply related [flat|nested] 529+ messages in thread
* [PATCH 4.19 176/521] Bluetooth: hci_bcsp: dont call kfree_skb() under spin_lock_irqsave()
2023-01-16 15:44 [PATCH 4.19 000/521] 4.19.270-rc1 review Greg Kroah-Hartman
` (174 preceding siblings ...)
2023-01-16 15:47 ` [PATCH 4.19 175/521] Bluetooth: hci_h5: " Greg Kroah-Hartman
@ 2023-01-16 15:47 ` Greg Kroah-Hartman
2023-01-16 15:47 ` [PATCH 4.19 177/521] Bluetooth: hci_core: " Greg Kroah-Hartman
` (348 subsequent siblings)
524 siblings, 0 replies; 529+ messages in thread
From: Greg Kroah-Hartman @ 2023-01-16 15:47 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Yang Yingliang,
Luiz Augusto von Dentz, Sasha Levin
From: Yang Yingliang <yangyingliang@huawei.com>
[ Upstream commit 7b503e339c1a80bf0051ec2d19c3bc777014ac61 ]
It is not allowed to call kfree_skb() from hardware interrupt
context or with interrupts being disabled. So replace kfree_skb()
with dev_kfree_skb_irq() under spin_lock_irqsave().
Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2")
Signed-off-by: Yang Yingliang <yangyingliang@huawei.com>
Signed-off-by: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/bluetooth/hci_bcsp.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/bluetooth/hci_bcsp.c b/drivers/bluetooth/hci_bcsp.c
index 27829273f3c9..f6fa0a40dc37 100644
--- a/drivers/bluetooth/hci_bcsp.c
+++ b/drivers/bluetooth/hci_bcsp.c
@@ -393,7 +393,7 @@ static void bcsp_pkt_cull(struct bcsp_struct *bcsp)
i++;
__skb_unlink(skb, &bcsp->unack);
- kfree_skb(skb);
+ dev_kfree_skb_irq(skb);
}
if (skb_queue_empty(&bcsp->unack))
--
2.35.1
^ permalink raw reply related [flat|nested] 529+ messages in thread
* [PATCH 4.19 177/521] Bluetooth: hci_core: dont call kfree_skb() under spin_lock_irqsave()
2023-01-16 15:44 [PATCH 4.19 000/521] 4.19.270-rc1 review Greg Kroah-Hartman
` (175 preceding siblings ...)
2023-01-16 15:47 ` [PATCH 4.19 176/521] Bluetooth: hci_bcsp: " Greg Kroah-Hartman
@ 2023-01-16 15:47 ` Greg Kroah-Hartman
2023-01-16 15:47 ` [PATCH 4.19 178/521] Bluetooth: RFCOMM: " Greg Kroah-Hartman
` (347 subsequent siblings)
524 siblings, 0 replies; 529+ messages in thread
From: Greg Kroah-Hartman @ 2023-01-16 15:47 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Yang Yingliang,
Luiz Augusto von Dentz, Sasha Levin
From: Yang Yingliang <yangyingliang@huawei.com>
[ Upstream commit 39c1eb6fcbae8ce9bb71b2ac5cb609355a2b181b ]
It is not allowed to call kfree_skb() from hardware interrupt
context or with interrupts being disabled. So replace kfree_skb()
with dev_kfree_skb_irq() under spin_lock_irqsave().
Fixes: 9238f36a5a50 ("Bluetooth: Add request cmd_complete and cmd_status functions")
Signed-off-by: Yang Yingliang <yangyingliang@huawei.com>
Signed-off-by: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
net/bluetooth/hci_core.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/net/bluetooth/hci_core.c b/net/bluetooth/hci_core.c
index 3d780220e2d1..e87777255c47 100644
--- a/net/bluetooth/hci_core.c
+++ b/net/bluetooth/hci_core.c
@@ -4331,7 +4331,7 @@ void hci_req_cmd_complete(struct hci_dev *hdev, u16 opcode, u8 status,
*req_complete_skb = bt_cb(skb)->hci.req_complete_skb;
else
*req_complete = bt_cb(skb)->hci.req_complete;
- kfree_skb(skb);
+ dev_kfree_skb_irq(skb);
}
spin_unlock_irqrestore(&hdev->cmd_q.lock, flags);
}
--
2.35.1
^ permalink raw reply related [flat|nested] 529+ messages in thread
* [PATCH 4.19 178/521] Bluetooth: RFCOMM: dont call kfree_skb() under spin_lock_irqsave()
2023-01-16 15:44 [PATCH 4.19 000/521] 4.19.270-rc1 review Greg Kroah-Hartman
` (176 preceding siblings ...)
2023-01-16 15:47 ` [PATCH 4.19 177/521] Bluetooth: hci_core: " Greg Kroah-Hartman
@ 2023-01-16 15:47 ` Greg Kroah-Hartman
2023-01-16 15:47 ` [PATCH 4.19 179/521] stmmac: fix potential division by 0 Greg Kroah-Hartman
` (346 subsequent siblings)
524 siblings, 0 replies; 529+ messages in thread
From: Greg Kroah-Hartman @ 2023-01-16 15:47 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Yang Yingliang,
Luiz Augusto von Dentz, Sasha Levin
From: Yang Yingliang <yangyingliang@huawei.com>
[ Upstream commit 0ba18967d4544955b2eff2fbc4f2a8750c4df90a ]
It is not allowed to call kfree_skb() from hardware interrupt
context or with interrupts being disabled. So replace kfree_skb()
with dev_kfree_skb_irq() under spin_lock_irqsave().
Fixes: 81be03e026dc ("Bluetooth: RFCOMM: Replace use of memcpy_from_msg with bt_skb_sendmmsg")
Signed-off-by: Yang Yingliang <yangyingliang@huawei.com>
Signed-off-by: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
net/bluetooth/rfcomm/core.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/net/bluetooth/rfcomm/core.c b/net/bluetooth/rfcomm/core.c
index e4eaf5d2acbd..86edf512d497 100644
--- a/net/bluetooth/rfcomm/core.c
+++ b/net/bluetooth/rfcomm/core.c
@@ -593,7 +593,7 @@ int rfcomm_dlc_send(struct rfcomm_dlc *d, struct sk_buff *skb)
ret = rfcomm_dlc_send_frag(d, frag);
if (ret < 0) {
- kfree_skb(frag);
+ dev_kfree_skb_irq(frag);
goto unlock;
}
--
2.35.1
^ permalink raw reply related [flat|nested] 529+ messages in thread
* [PATCH 4.19 179/521] stmmac: fix potential division by 0
2023-01-16 15:44 [PATCH 4.19 000/521] 4.19.270-rc1 review Greg Kroah-Hartman
` (177 preceding siblings ...)
2023-01-16 15:47 ` [PATCH 4.19 178/521] Bluetooth: RFCOMM: " Greg Kroah-Hartman
@ 2023-01-16 15:47 ` Greg Kroah-Hartman
2023-01-16 15:47 ` [PATCH 4.19 180/521] apparmor: fix a memleak in multi_transaction_new() Greg Kroah-Hartman
` (345 subsequent siblings)
524 siblings, 0 replies; 529+ messages in thread
From: Greg Kroah-Hartman @ 2023-01-16 15:47 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Piergiorgio Beruto, Andrew Lunn,
Jakub Kicinski, Sasha Levin
From: Piergiorgio Beruto <piergiorgio.beruto@gmail.com>
[ Upstream commit ede5a389852d3640a28e7187fb32b7f204380901 ]
When the MAC is connected to a 10 Mb/s PHY and the PTP clock is derived
from the MAC reference clock (default), the clk_ptp_rate becomes too
small and the calculated sub second increment becomes 0 when computed by
the stmmac_config_sub_second_increment() function within
stmmac_init_tstamp_counter().
Therefore, the subsequent div_u64 in stmmac_init_tstamp_counter()
operation triggers a divide by 0 exception as shown below.
[ 95.062067] socfpga-dwmac ff700000.ethernet eth0: Register MEM_TYPE_PAGE_POOL RxQ-0
[ 95.076440] socfpga-dwmac ff700000.ethernet eth0: PHY [stmmac-0:08] driver [NCN26000] (irq=49)
[ 95.095964] dwmac1000: Master AXI performs any burst length
[ 95.101588] socfpga-dwmac ff700000.ethernet eth0: No Safety Features support found
[ 95.109428] Division by zero in kernel.
[ 95.113447] CPU: 0 PID: 239 Comm: ifconfig Not tainted 6.1.0-rc7-centurion3-1.0.3.0-01574-gb624218205b7-dirty #77
[ 95.123686] Hardware name: Altera SOCFPGA
[ 95.127695] unwind_backtrace from show_stack+0x10/0x14
[ 95.132938] show_stack from dump_stack_lvl+0x40/0x4c
[ 95.137992] dump_stack_lvl from Ldiv0+0x8/0x10
[ 95.142527] Ldiv0 from __aeabi_uidivmod+0x8/0x18
[ 95.147232] __aeabi_uidivmod from div_u64_rem+0x1c/0x40
[ 95.152552] div_u64_rem from stmmac_init_tstamp_counter+0xd0/0x164
[ 95.158826] stmmac_init_tstamp_counter from stmmac_hw_setup+0x430/0xf00
[ 95.165533] stmmac_hw_setup from __stmmac_open+0x214/0x2d4
[ 95.171117] __stmmac_open from stmmac_open+0x30/0x44
[ 95.176182] stmmac_open from __dev_open+0x11c/0x134
[ 95.181172] __dev_open from __dev_change_flags+0x168/0x17c
[ 95.186750] __dev_change_flags from dev_change_flags+0x14/0x50
[ 95.192662] dev_change_flags from devinet_ioctl+0x2b4/0x604
[ 95.198321] devinet_ioctl from inet_ioctl+0x1ec/0x214
[ 95.203462] inet_ioctl from sock_ioctl+0x14c/0x3c4
[ 95.208354] sock_ioctl from vfs_ioctl+0x20/0x38
[ 95.212984] vfs_ioctl from sys_ioctl+0x250/0x844
[ 95.217691] sys_ioctl from ret_fast_syscall+0x0/0x4c
[ 95.222743] Exception stack(0xd0ee1fa8 to 0xd0ee1ff0)
[ 95.227790] 1fa0: 00574c4f be9aeca4 00000003 00008914 be9aeca4 be9aec50
[ 95.235945] 1fc0: 00574c4f be9aeca4 0059f078 00000036 be9aee8c be9aef7a 00000015 00000000
[ 95.244096] 1fe0: 005a01f0 be9aec38 004d7484 b6e67d74
Signed-off-by: Piergiorgio Beruto <piergiorgio.beruto@gmail.com>
Fixes: 91a2559c1dc5 ("net: stmmac: Fix sub-second increment")
Reviewed-by: Andrew Lunn <andrew@lunn.ch>
Link: https://lore.kernel.org/r/de4c64ccac9084952c56a06a8171d738604c4770.1670678513.git.piergiorgio.beruto@gmail.com
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/ethernet/stmicro/stmmac/stmmac_hwtstamp.c | 3 ++-
drivers/net/ethernet/stmicro/stmmac/stmmac_ptp.h | 2 +-
2 files changed, 3 insertions(+), 2 deletions(-)
diff --git a/drivers/net/ethernet/stmicro/stmmac/stmmac_hwtstamp.c b/drivers/net/ethernet/stmicro/stmmac/stmmac_hwtstamp.c
index 08a058e1bc75..541c0449f31c 100644
--- a/drivers/net/ethernet/stmicro/stmmac/stmmac_hwtstamp.c
+++ b/drivers/net/ethernet/stmicro/stmmac/stmmac_hwtstamp.c
@@ -53,7 +53,8 @@ static void config_sub_second_increment(void __iomem *ioaddr,
if (!(value & PTP_TCR_TSCTRLSSR))
data = (data * 1000) / 465;
- data &= PTP_SSIR_SSINC_MASK;
+ if (data > PTP_SSIR_SSINC_MAX)
+ data = PTP_SSIR_SSINC_MAX;
reg_value = data;
if (gmac4)
diff --git a/drivers/net/ethernet/stmicro/stmmac/stmmac_ptp.h b/drivers/net/ethernet/stmicro/stmmac/stmmac_ptp.h
index ecccf895fd7e..306ebf1a495e 100644
--- a/drivers/net/ethernet/stmicro/stmmac/stmmac_ptp.h
+++ b/drivers/net/ethernet/stmicro/stmmac/stmmac_ptp.h
@@ -66,7 +66,7 @@
#define PTP_TCR_TSENMACADDR BIT(18)
/* SSIR defines */
-#define PTP_SSIR_SSINC_MASK 0xff
+#define PTP_SSIR_SSINC_MAX 0xff
#define GMAC4_PTP_SSIR_SSINC_SHIFT 16
#endif /* __STMMAC_PTP_H__ */
--
2.35.1
^ permalink raw reply related [flat|nested] 529+ messages in thread
* [PATCH 4.19 180/521] apparmor: fix a memleak in multi_transaction_new()
2023-01-16 15:44 [PATCH 4.19 000/521] 4.19.270-rc1 review Greg Kroah-Hartman
` (178 preceding siblings ...)
2023-01-16 15:47 ` [PATCH 4.19 179/521] stmmac: fix potential division by 0 Greg Kroah-Hartman
@ 2023-01-16 15:47 ` Greg Kroah-Hartman
2023-01-16 15:47 ` [PATCH 4.19 181/521] apparmor: fix lockdep warning when removing a namespace Greg Kroah-Hartman
` (344 subsequent siblings)
524 siblings, 0 replies; 529+ messages in thread
From: Greg Kroah-Hartman @ 2023-01-16 15:47 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Gaosheng Cui, John Johansen, Sasha Levin
From: Gaosheng Cui <cuigaosheng1@huawei.com>
[ Upstream commit c73275cf6834787ca090317f1d20dbfa3b7f05aa ]
In multi_transaction_new(), the variable t is not freed or passed out
on the failure of copy_from_user(t->data, buf, size), which could lead
to a memleak.
Fix this bug by adding a put_multi_transaction(t) in the error path.
Fixes: 1dea3b41e84c5 ("apparmor: speed up transactional queries")
Signed-off-by: Gaosheng Cui <cuigaosheng1@huawei.com>
Signed-off-by: John Johansen <john.johansen@canonical.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
security/apparmor/apparmorfs.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/security/apparmor/apparmorfs.c b/security/apparmor/apparmorfs.c
index 8868c475205f..80012d21f038 100644
--- a/security/apparmor/apparmorfs.c
+++ b/security/apparmor/apparmorfs.c
@@ -869,8 +869,10 @@ static struct multi_transaction *multi_transaction_new(struct file *file,
if (!t)
return ERR_PTR(-ENOMEM);
kref_init(&t->count);
- if (copy_from_user(t->data, buf, size))
+ if (copy_from_user(t->data, buf, size)) {
+ put_multi_transaction(t);
return ERR_PTR(-EFAULT);
+ }
return t;
}
--
2.35.1
^ permalink raw reply related [flat|nested] 529+ messages in thread
* [PATCH 4.19 181/521] apparmor: fix lockdep warning when removing a namespace
2023-01-16 15:44 [PATCH 4.19 000/521] 4.19.270-rc1 review Greg Kroah-Hartman
` (179 preceding siblings ...)
2023-01-16 15:47 ` [PATCH 4.19 180/521] apparmor: fix a memleak in multi_transaction_new() Greg Kroah-Hartman
@ 2023-01-16 15:47 ` Greg Kroah-Hartman
2023-01-16 15:47 ` [PATCH 4.19 182/521] apparmor: Fix abi check to include v8 abi Greg Kroah-Hartman
` (343 subsequent siblings)
524 siblings, 0 replies; 529+ messages in thread
From: Greg Kroah-Hartman @ 2023-01-16 15:47 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, John Johansen, Sasha Levin
From: John Johansen <john.johansen@canonical.com>
[ Upstream commit 9c4557efc558a68e4cd973490fd936d6e3414db8 ]
Fix the following lockdep warning
[ 1119.158984] ============================================
[ 1119.158988] WARNING: possible recursive locking detected
[ 1119.158996] 6.0.0-rc1+ #257 Tainted: G E N
[ 1119.158999] --------------------------------------------
[ 1119.159001] bash/80100 is trying to acquire lock:
[ 1119.159007] ffff88803e79b4a0 (&ns->lock/1){+.+.}-{4:4}, at: destroy_ns.part.0+0x43/0x140
[ 1119.159028]
but task is already holding lock:
[ 1119.159030] ffff8881009764a0 (&ns->lock/1){+.+.}-{4:4}, at: aa_remove_profiles+0x3f0/0x640
[ 1119.159040]
other info that might help us debug this:
[ 1119.159042] Possible unsafe locking scenario:
[ 1119.159043] CPU0
[ 1119.159045] ----
[ 1119.159047] lock(&ns->lock/1);
[ 1119.159051] lock(&ns->lock/1);
[ 1119.159055]
*** DEADLOCK ***
Which is caused by an incorrect lockdep nesting notation
Fixes: feb3c766a3ab ("apparmor: fix possible recursive lock warning in __aa_create_ns")
Signed-off-by: John Johansen <john.johansen@canonical.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
security/apparmor/policy.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/security/apparmor/policy.c b/security/apparmor/policy.c
index 3a4293c46ad5..c4b5d5e3a721 100644
--- a/security/apparmor/policy.c
+++ b/security/apparmor/policy.c
@@ -1125,7 +1125,7 @@ ssize_t aa_remove_profiles(struct aa_ns *policy_ns, struct aa_label *subj,
if (!name) {
/* remove namespace - can only happen if fqname[0] == ':' */
- mutex_lock_nested(&ns->parent->lock, ns->level);
+ mutex_lock_nested(&ns->parent->lock, ns->parent->level);
__aa_bump_ns_revision(ns);
__aa_remove_ns(ns);
mutex_unlock(&ns->parent->lock);
--
2.35.1
^ permalink raw reply related [flat|nested] 529+ messages in thread
* [PATCH 4.19 182/521] apparmor: Fix abi check to include v8 abi
2023-01-16 15:44 [PATCH 4.19 000/521] 4.19.270-rc1 review Greg Kroah-Hartman
` (180 preceding siblings ...)
2023-01-16 15:47 ` [PATCH 4.19 181/521] apparmor: fix lockdep warning when removing a namespace Greg Kroah-Hartman
@ 2023-01-16 15:47 ` Greg Kroah-Hartman
2023-01-16 15:47 ` [PATCH 4.19 183/521] f2fs: fix normal discard process Greg Kroah-Hartman
` (342 subsequent siblings)
524 siblings, 0 replies; 529+ messages in thread
From: Greg Kroah-Hartman @ 2023-01-16 15:47 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, John Johansen, Sasha Levin
From: John Johansen <john.johansen@canonical.com>
[ Upstream commit 1b5a6198f5a9d0aa5497da0dc4bcd4fc166ee516 ]
The v8 abi is supported by the kernel but the userspace supported
version check does not allow for it. This was missed when v8 was added
due to a bug in the userspace compiler which was setting an older abi
version for v8 encoding (which is forward compatible except on the
network encoding). However it is possible to detect the network
encoding by checking the policydb network support which the code
does. The end result was that missing the abi flag worked until
userspace was fixed and began correctly checking for the v8 abi
version.
Fixes: 56974a6fcfef ("apparmor: add base infastructure for socket mediation")
Signed-off-by: John Johansen <john.johansen@canonical.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
security/apparmor/policy_unpack.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/security/apparmor/policy_unpack.c b/security/apparmor/policy_unpack.c
index 612f737cee83..41da5ccc3f3e 100644
--- a/security/apparmor/policy_unpack.c
+++ b/security/apparmor/policy_unpack.c
@@ -892,7 +892,7 @@ static int verify_header(struct aa_ext *e, int required, const char **ns)
* if not specified use previous version
* Mask off everything that is not kernel abi version
*/
- if (VERSION_LT(e->version, v5) || VERSION_GT(e->version, v7)) {
+ if (VERSION_LT(e->version, v5) || VERSION_GT(e->version, v8)) {
audit_iface(NULL, NULL, NULL, "unsupported interface version",
e, error);
return error;
--
2.35.1
^ permalink raw reply related [flat|nested] 529+ messages in thread
* [PATCH 4.19 183/521] f2fs: fix normal discard process
2023-01-16 15:44 [PATCH 4.19 000/521] 4.19.270-rc1 review Greg Kroah-Hartman
` (181 preceding siblings ...)
2023-01-16 15:47 ` [PATCH 4.19 182/521] apparmor: Fix abi check to include v8 abi Greg Kroah-Hartman
@ 2023-01-16 15:47 ` Greg Kroah-Hartman
2023-01-16 15:47 ` [PATCH 4.19 184/521] RDMA/nldev: Return "-EAGAIN" if the cm_id isnt from expected port Greg Kroah-Hartman
` (341 subsequent siblings)
524 siblings, 0 replies; 529+ messages in thread
From: Greg Kroah-Hartman @ 2023-01-16 15:47 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Dongdong Zhang, Chao Yu,
Jaegeuk Kim, Sasha Levin
From: Dongdong Zhang <zhangdongdong1@oppo.com>
[ Upstream commit b5f1a218ae5e4339130d6e733f0e63d623e09a2c ]
In the DPOLICY_BG mode, there is a conflict between
the two conditions "i + 1 < dpolicy->granularity" and
"i < DEFAULT_DISCARD_GRANULARITY". If i = 15, the first
condition is false, it will enter the second condition
and dispatch all small granularity discards in function
__issue_discard_cmd_orderly. The restrictive effect
of the first condition to small discards will be
invalidated. These two conditions should align.
Fixes: 20ee4382322c ("f2fs: issue small discard by LBA order")
Signed-off-by: Dongdong Zhang <zhangdongdong1@oppo.com>
Reviewed-by: Chao Yu <chao@kernel.org>
Signed-off-by: Jaegeuk Kim <jaegeuk@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
fs/f2fs/segment.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/fs/f2fs/segment.c b/fs/f2fs/segment.c
index 6fbf0471323e..7596fce92bef 100644
--- a/fs/f2fs/segment.c
+++ b/fs/f2fs/segment.c
@@ -1382,7 +1382,7 @@ static int __issue_discard_cmd(struct f2fs_sb_info *sbi,
if (i + 1 < dpolicy->granularity)
break;
- if (i < DEFAULT_DISCARD_GRANULARITY && dpolicy->ordered)
+ if (i + 1 < DEFAULT_DISCARD_GRANULARITY && dpolicy->ordered)
return __issue_discard_cmd_orderly(sbi, dpolicy);
pend_list = &dcc->pend_list[i];
--
2.35.1
^ permalink raw reply related [flat|nested] 529+ messages in thread
* [PATCH 4.19 184/521] RDMA/nldev: Return "-EAGAIN" if the cm_id isnt from expected port
2023-01-16 15:44 [PATCH 4.19 000/521] 4.19.270-rc1 review Greg Kroah-Hartman
` (182 preceding siblings ...)
2023-01-16 15:47 ` [PATCH 4.19 183/521] f2fs: fix normal discard process Greg Kroah-Hartman
@ 2023-01-16 15:47 ` Greg Kroah-Hartman
2023-01-16 15:47 ` [PATCH 4.19 185/521] scsi: scsi_debug: Fix a warning in resp_write_scat() Greg Kroah-Hartman
` (340 subsequent siblings)
524 siblings, 0 replies; 529+ messages in thread
From: Greg Kroah-Hartman @ 2023-01-16 15:47 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Mark Zhang, Leon Romanovsky, Sasha Levin
From: Mark Zhang <markzhang@nvidia.com>
[ Upstream commit ecacb3751f254572af0009b9501e2cdc83a30b6a ]
When filling a cm_id entry, return "-EAGAIN" instead of 0 if the cm_id
doesn'the have the same port as requested, otherwise an incomplete entry
may be returned, which causes "rdam res show cm_id" to return an error.
For example on a machine with two rdma devices with "rping -C 1 -v -s"
running background, the "rdma" command fails:
$ rdma -V
rdma utility, iproute2-5.19.0
$ rdma res show cm_id
link mlx5_0/- cm-idn 0 state LISTEN ps TCP pid 28056 comm rping src-addr 0.0.0.0:7174
error: Protocol not available
While with this fix it succeeds:
$ rdma res show cm_id
link mlx5_0/- cm-idn 0 state LISTEN ps TCP pid 26395 comm rping src-addr 0.0.0.0:7174
link mlx5_1/- cm-idn 0 state LISTEN ps TCP pid 26395 comm rping src-addr 0.0.0.0:7174
Fixes: 00313983cda6 ("RDMA/nldev: provide detailed CM_ID information")
Signed-off-by: Mark Zhang <markzhang@nvidia.com>
Link: https://lore.kernel.org/r/a08e898cdac5e28428eb749a99d9d981571b8ea7.1667810736.git.leonro@nvidia.com
Signed-off-by: Leon Romanovsky <leon@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/infiniband/core/nldev.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/infiniband/core/nldev.c b/drivers/infiniband/core/nldev.c
index f6fa9b115fda..798bc810b234 100644
--- a/drivers/infiniband/core/nldev.c
+++ b/drivers/infiniband/core/nldev.c
@@ -433,7 +433,7 @@ static int fill_res_cm_id_entry(struct sk_buff *msg,
struct nlattr *entry_attr;
if (port && port != cm_id->port_num)
- return 0;
+ return -EAGAIN;
entry_attr = nla_nest_start(msg, RDMA_NLDEV_ATTR_RES_CM_ID_ENTRY);
if (!entry_attr)
--
2.35.1
^ permalink raw reply related [flat|nested] 529+ messages in thread
* [PATCH 4.19 185/521] scsi: scsi_debug: Fix a warning in resp_write_scat()
2023-01-16 15:44 [PATCH 4.19 000/521] 4.19.270-rc1 review Greg Kroah-Hartman
` (183 preceding siblings ...)
2023-01-16 15:47 ` [PATCH 4.19 184/521] RDMA/nldev: Return "-EAGAIN" if the cm_id isnt from expected port Greg Kroah-Hartman
@ 2023-01-16 15:47 ` Greg Kroah-Hartman
2023-01-16 15:47 ` [PATCH 4.19 186/521] PCI: Check for alloc failure in pci_request_irq() Greg Kroah-Hartman
` (339 subsequent siblings)
524 siblings, 0 replies; 529+ messages in thread
From: Greg Kroah-Hartman @ 2023-01-16 15:47 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Harshit Mogalapalli,
Douglas Gilbert, Martin K. Petersen, Sasha Levin
From: Harshit Mogalapalli <harshit.m.mogalapalli@oracle.com>
[ Upstream commit 216e179724c1d9f57a8ababf8bd7aaabef67f01b ]
As 'lbdof_blen' is coming from user, if the size in kzalloc() is >=
MAX_ORDER then we hit a warning.
Call trace:
sg_ioctl
sg_ioctl_common
scsi_ioctl
sg_scsi_ioctl
blk_execute_rq
blk_mq_sched_insert_request
blk_mq_run_hw_queue
__blk_mq_delay_run_hw_queue
__blk_mq_run_hw_queue
blk_mq_sched_dispatch_requests
__blk_mq_sched_dispatch_requests
blk_mq_dispatch_rq_list
scsi_queue_rq
scsi_dispatch_cmd
scsi_debug_queuecommand
schedule_resp
resp_write_scat
If you try to allocate a memory larger than(>=) MAX_ORDER, then kmalloc()
will definitely fail. It creates a stack trace and messes up dmesg. The
user controls the size here so if they specify a too large size it will
fail.
Add __GFP_NOWARN in order to avoid too large allocation warning. This is
detected by static analysis using smatch.
Fixes: 481b5e5c7949 ("scsi: scsi_debug: add resp_write_scat function")
Signed-off-by: Harshit Mogalapalli <harshit.m.mogalapalli@oracle.com>
Link: https://lore.kernel.org/r/20221111100526.1790533-1-harshit.m.mogalapalli@oracle.com
Acked-by: Douglas Gilbert <dgilbert@interlog.com>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/scsi/scsi_debug.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/scsi/scsi_debug.c b/drivers/scsi/scsi_debug.c
index 4d73a7f67dea..0733ecc9f878 100644
--- a/drivers/scsi/scsi_debug.c
+++ b/drivers/scsi/scsi_debug.c
@@ -3156,7 +3156,7 @@ static int resp_write_scat(struct scsi_cmnd *scp,
mk_sense_buffer(scp, ILLEGAL_REQUEST, INVALID_FIELD_IN_CDB, 0);
return illegal_condition_result;
}
- lrdp = kzalloc(lbdof_blen, GFP_ATOMIC);
+ lrdp = kzalloc(lbdof_blen, GFP_ATOMIC | __GFP_NOWARN);
if (lrdp == NULL)
return SCSI_MLQUEUE_HOST_BUSY;
if (sdebug_verbose)
--
2.35.1
^ permalink raw reply related [flat|nested] 529+ messages in thread
* [PATCH 4.19 186/521] PCI: Check for alloc failure in pci_request_irq()
2023-01-16 15:44 [PATCH 4.19 000/521] 4.19.270-rc1 review Greg Kroah-Hartman
` (184 preceding siblings ...)
2023-01-16 15:47 ` [PATCH 4.19 185/521] scsi: scsi_debug: Fix a warning in resp_write_scat() Greg Kroah-Hartman
@ 2023-01-16 15:47 ` Greg Kroah-Hartman
2023-01-16 15:47 ` [PATCH 4.19 187/521] RDMA/hfi: Decrease PCI device reference count in error path Greg Kroah-Hartman
` (338 subsequent siblings)
524 siblings, 0 replies; 529+ messages in thread
From: Greg Kroah-Hartman @ 2023-01-16 15:47 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Zeng Heng, Bjorn Helgaas,
Christoph Hellwig, Sasha Levin
From: Zeng Heng <zengheng4@huawei.com>
[ Upstream commit 2d9cd957d40c3ac491b358e7cff0515bb07a3a9c ]
When kvasprintf() fails to allocate memory, it returns a NULL pointer.
Return error from pci_request_irq() so we don't dereference it.
[bhelgaas: commit log]
Fixes: 704e8953d3e9 ("PCI/irq: Add pci_request_irq() and pci_free_irq() helpers")
Link: https://lore.kernel.org/r/20221121020029.3759444-1-zengheng4@huawei.com
Signed-off-by: Zeng Heng <zengheng4@huawei.com>
Signed-off-by: Bjorn Helgaas <bhelgaas@google.com>
Reviewed-by: Christoph Hellwig <hch@lst.de>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/pci/irq.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/drivers/pci/irq.c b/drivers/pci/irq.c
index a1de501a2729..3f6a5d520259 100644
--- a/drivers/pci/irq.c
+++ b/drivers/pci/irq.c
@@ -94,6 +94,8 @@ int pci_request_irq(struct pci_dev *dev, unsigned int nr, irq_handler_t handler,
va_start(ap, fmt);
devname = kvasprintf(GFP_KERNEL, fmt, ap);
va_end(ap);
+ if (!devname)
+ return -ENOMEM;
ret = request_threaded_irq(pci_irq_vector(dev, nr), handler, thread_fn,
irqflags, devname, dev_id);
--
2.35.1
^ permalink raw reply related [flat|nested] 529+ messages in thread
* [PATCH 4.19 187/521] RDMA/hfi: Decrease PCI device reference count in error path
2023-01-16 15:44 [PATCH 4.19 000/521] 4.19.270-rc1 review Greg Kroah-Hartman
` (185 preceding siblings ...)
2023-01-16 15:47 ` [PATCH 4.19 186/521] PCI: Check for alloc failure in pci_request_irq() Greg Kroah-Hartman
@ 2023-01-16 15:47 ` Greg Kroah-Hartman
2023-01-16 15:47 ` [PATCH 4.19 188/521] crypto: ccree - Make cc_debugfs_global_fini() available for module init function Greg Kroah-Hartman
` (337 subsequent siblings)
524 siblings, 0 replies; 529+ messages in thread
From: Greg Kroah-Hartman @ 2023-01-16 15:47 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Xiongfeng Wang, Leon Romanovsky,
Sasha Levin
From: Xiongfeng Wang <wangxiongfeng2@huawei.com>
[ Upstream commit 9b51d072da1d27e1193e84708201c48e385ad912 ]
pci_get_device() will increase the reference count for the returned
pci_dev, and also decrease the reference count for the input parameter
*from* if it is not NULL.
If we break out the loop in node_affinity_init() with 'dev' not NULL, we
need to call pci_dev_put() to decrease the reference count. Add missing
pci_dev_put() in error path.
Fixes: c513de490f80 ("IB/hfi1: Invalid NUMA node information can cause a divide by zero")
Signed-off-by: Xiongfeng Wang <wangxiongfeng2@huawei.com>
Link: https://lore.kernel.org/r/20221117131546.113280-1-wangxiongfeng2@huawei.com
Signed-off-by: Leon Romanovsky <leon@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/infiniband/hw/hfi1/affinity.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/drivers/infiniband/hw/hfi1/affinity.c b/drivers/infiniband/hw/hfi1/affinity.c
index 01ed0a667928..bb670249bebf 100644
--- a/drivers/infiniband/hw/hfi1/affinity.c
+++ b/drivers/infiniband/hw/hfi1/affinity.c
@@ -217,6 +217,8 @@ int node_affinity_init(void)
for (node = 0; node < node_affinity.num_possible_nodes; node++)
hfi1_per_node_cntr[node] = 1;
+ pci_dev_put(dev);
+
return 0;
}
--
2.35.1
^ permalink raw reply related [flat|nested] 529+ messages in thread
* [PATCH 4.19 188/521] crypto: ccree - Make cc_debugfs_global_fini() available for module init function
2023-01-16 15:44 [PATCH 4.19 000/521] 4.19.270-rc1 review Greg Kroah-Hartman
` (186 preceding siblings ...)
2023-01-16 15:47 ` [PATCH 4.19 187/521] RDMA/hfi: Decrease PCI device reference count in error path Greg Kroah-Hartman
@ 2023-01-16 15:47 ` Greg Kroah-Hartman
2023-01-16 15:47 ` [PATCH 4.19 189/521] RDMA/rxe: Fix NULL-ptr-deref in rxe_qp_do_cleanup() when socket create failed Greg Kroah-Hartman
` (336 subsequent siblings)
524 siblings, 0 replies; 529+ messages in thread
From: Greg Kroah-Hartman @ 2023-01-16 15:47 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Uwe Kleine-König, Herbert Xu,
Sasha Levin
From: Uwe Kleine-König <u.kleine-koenig@pengutronix.de>
[ Upstream commit 8e96729fc26c8967db45a3fb7a60387619f77a22 ]
ccree_init() calls cc_debugfs_global_fini(), the former is an init
function and the latter an exit function though.
A modular build emits:
WARNING: modpost: drivers/crypto/ccree/ccree.o: section mismatch in reference: init_module (section: .init.text) -> cc_debugfs_global_fini (section: .exit.text)
(with CONFIG_DEBUG_SECTION_MISMATCH=y).
Fixes: 4f1c596df706 ("crypto: ccree - Remove debugfs when platform_driver_register failed")
Signed-off-by: Uwe Kleine-König <u.kleine-koenig@pengutronix.de>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/crypto/ccree/cc_debugfs.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/crypto/ccree/cc_debugfs.c b/drivers/crypto/ccree/cc_debugfs.c
index 5ca184e42483..3879f33fb59e 100644
--- a/drivers/crypto/ccree/cc_debugfs.c
+++ b/drivers/crypto/ccree/cc_debugfs.c
@@ -46,7 +46,7 @@ int __init cc_debugfs_global_init(void)
return !cc_debugfs_dir;
}
-void __exit cc_debugfs_global_fini(void)
+void cc_debugfs_global_fini(void)
{
debugfs_remove(cc_debugfs_dir);
}
--
2.35.1
^ permalink raw reply related [flat|nested] 529+ messages in thread
* [PATCH 4.19 189/521] RDMA/rxe: Fix NULL-ptr-deref in rxe_qp_do_cleanup() when socket create failed
2023-01-16 15:44 [PATCH 4.19 000/521] 4.19.270-rc1 review Greg Kroah-Hartman
` (187 preceding siblings ...)
2023-01-16 15:47 ` [PATCH 4.19 188/521] crypto: ccree - Make cc_debugfs_global_fini() available for module init function Greg Kroah-Hartman
@ 2023-01-16 15:47 ` Greg Kroah-Hartman
2023-01-16 15:47 ` [PATCH 4.19 190/521] scsi: hpsa: use local workqueues instead of system workqueues Greg Kroah-Hartman
` (335 subsequent siblings)
524 siblings, 0 replies; 529+ messages in thread
From: Greg Kroah-Hartman @ 2023-01-16 15:47 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Zhang Xiaoxu, Jason Gunthorpe, Sasha Levin
From: Zhang Xiaoxu <zhangxiaoxu5@huawei.com>
[ Upstream commit f67376d801499f4fa0838c18c1efcad8840e550d ]
There is a null-ptr-deref when mount.cifs over rdma:
BUG: KASAN: null-ptr-deref in rxe_qp_do_cleanup+0x2f3/0x360 [rdma_rxe]
Read of size 8 at addr 0000000000000018 by task mount.cifs/3046
CPU: 2 PID: 3046 Comm: mount.cifs Not tainted 6.1.0-rc5+ #62
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.14.0-1.fc3
Call Trace:
<TASK>
dump_stack_lvl+0x34/0x44
kasan_report+0xad/0x130
rxe_qp_do_cleanup+0x2f3/0x360 [rdma_rxe]
execute_in_process_context+0x25/0x90
__rxe_cleanup+0x101/0x1d0 [rdma_rxe]
rxe_create_qp+0x16a/0x180 [rdma_rxe]
create_qp.part.0+0x27d/0x340
ib_create_qp_kernel+0x73/0x160
rdma_create_qp+0x100/0x230
_smbd_get_connection+0x752/0x20f0
smbd_get_connection+0x21/0x40
cifs_get_tcp_session+0x8ef/0xda0
mount_get_conns+0x60/0x750
cifs_mount+0x103/0xd00
cifs_smb3_do_mount+0x1dd/0xcb0
smb3_get_tree+0x1d5/0x300
vfs_get_tree+0x41/0xf0
path_mount+0x9b3/0xdd0
__x64_sys_mount+0x190/0x1d0
do_syscall_64+0x35/0x80
entry_SYSCALL_64_after_hwframe+0x46/0xb0
The root cause of the issue is the socket create failed in
rxe_qp_init_req().
So move the reset rxe_qp_do_cleanup() after the NULL ptr check.
Fixes: 8700e3e7c485 ("Soft RoCE driver")
Link: https://lore.kernel.org/r/20221122151437.1057671-1-zhangxiaoxu5@huawei.com
Signed-off-by: Zhang Xiaoxu <zhangxiaoxu5@huawei.com>
Signed-off-by: Jason Gunthorpe <jgg@nvidia.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/infiniband/sw/rxe/rxe_qp.c | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/drivers/infiniband/sw/rxe/rxe_qp.c b/drivers/infiniband/sw/rxe/rxe_qp.c
index 6320390f531c..2cae62ae6c64 100644
--- a/drivers/infiniband/sw/rxe/rxe_qp.c
+++ b/drivers/infiniband/sw/rxe/rxe_qp.c
@@ -836,12 +836,12 @@ static void rxe_qp_do_cleanup(struct work_struct *work)
qp->resp.mr = NULL;
}
- if (qp_type(qp) == IB_QPT_RC)
- sk_dst_reset(qp->sk->sk);
-
free_rd_atomic_resources(qp);
if (qp->sk) {
+ if (qp_type(qp) == IB_QPT_RC)
+ sk_dst_reset(qp->sk->sk);
+
kernel_sock_shutdown(qp->sk, SHUT_RDWR);
sock_release(qp->sk);
}
--
2.35.1
^ permalink raw reply related [flat|nested] 529+ messages in thread
* [PATCH 4.19 190/521] scsi: hpsa: use local workqueues instead of system workqueues
2023-01-16 15:44 [PATCH 4.19 000/521] 4.19.270-rc1 review Greg Kroah-Hartman
` (188 preceding siblings ...)
2023-01-16 15:47 ` [PATCH 4.19 189/521] RDMA/rxe: Fix NULL-ptr-deref in rxe_qp_do_cleanup() when socket create failed Greg Kroah-Hartman
@ 2023-01-16 15:47 ` Greg Kroah-Hartman
2023-01-16 15:47 ` [PATCH 4.19 191/521] scsi: hpsa: Fix possible memory leak in hpsa_init_one() Greg Kroah-Hartman
` (334 subsequent siblings)
524 siblings, 0 replies; 529+ messages in thread
From: Greg Kroah-Hartman @ 2023-01-16 15:47 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Justin Lindley, David Carroll,
Scott Teel, Don Brace, Martin K. Petersen, Sasha Levin
From: Don Brace <don.brace@microsemi.com>
[ Upstream commit 0119208885b3faf2459de6d3fcc6d090580b906f ]
Avoid system stalls by switching to local workqueue.
Reviewed-by: Justin Lindley <justin.lindley@microsemi.com>
Reviewed-by: David Carroll <david.carroll@microsemi.com>
Reviewed-by: Scott Teel <scott.teel@microsemi.com>
Signed-off-by: Don Brace <don.brace@microsemi.com>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
Stable-dep-of: 9c9ff300e0de ("scsi: hpsa: Fix possible memory leak in hpsa_init_one()")
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/scsi/hpsa.c | 22 +++++++++++++++++++---
drivers/scsi/hpsa.h | 1 +
2 files changed, 20 insertions(+), 3 deletions(-)
diff --git a/drivers/scsi/hpsa.c b/drivers/scsi/hpsa.c
index 0fe21cbdf0ca..19d9c30be09d 100644
--- a/drivers/scsi/hpsa.c
+++ b/drivers/scsi/hpsa.c
@@ -8133,6 +8133,11 @@ static void hpsa_undo_allocations_after_kdump_soft_reset(struct ctlr_info *h)
destroy_workqueue(h->rescan_ctlr_wq);
h->rescan_ctlr_wq = NULL;
}
+ if (h->monitor_ctlr_wq) {
+ destroy_workqueue(h->monitor_ctlr_wq);
+ h->monitor_ctlr_wq = NULL;
+ }
+
kfree(h); /* init_one 1 */
}
@@ -8481,8 +8486,8 @@ static void hpsa_event_monitor_worker(struct work_struct *work)
spin_lock_irqsave(&h->lock, flags);
if (!h->remove_in_progress)
- schedule_delayed_work(&h->event_monitor_work,
- HPSA_EVENT_MONITOR_INTERVAL);
+ queue_delayed_work(h->monitor_ctlr_wq, &h->event_monitor_work,
+ HPSA_EVENT_MONITOR_INTERVAL);
spin_unlock_irqrestore(&h->lock, flags);
}
@@ -8527,7 +8532,7 @@ static void hpsa_monitor_ctlr_worker(struct work_struct *work)
spin_lock_irqsave(&h->lock, flags);
if (!h->remove_in_progress)
- schedule_delayed_work(&h->monitor_ctlr_work,
+ queue_delayed_work(h->monitor_ctlr_wq, &h->monitor_ctlr_work,
h->heartbeat_sample_interval);
spin_unlock_irqrestore(&h->lock, flags);
}
@@ -8695,6 +8700,12 @@ static int hpsa_init_one(struct pci_dev *pdev, const struct pci_device_id *ent)
goto clean7; /* aer/h */
}
+ h->monitor_ctlr_wq = hpsa_create_controller_wq(h, "monitor");
+ if (!h->monitor_ctlr_wq) {
+ rc = -ENOMEM;
+ goto clean7;
+ }
+
/*
* At this point, the controller is ready to take commands.
* Now, if reset_devices and the hard reset didn't work, try
@@ -8826,6 +8837,10 @@ static int hpsa_init_one(struct pci_dev *pdev, const struct pci_device_id *ent)
destroy_workqueue(h->rescan_ctlr_wq);
h->rescan_ctlr_wq = NULL;
}
+ if (h->monitor_ctlr_wq) {
+ destroy_workqueue(h->monitor_ctlr_wq);
+ h->monitor_ctlr_wq = NULL;
+ }
kfree(h);
return rc;
}
@@ -8973,6 +8988,7 @@ static void hpsa_remove_one(struct pci_dev *pdev)
cancel_delayed_work_sync(&h->event_monitor_work);
destroy_workqueue(h->rescan_ctlr_wq);
destroy_workqueue(h->resubmit_wq);
+ destroy_workqueue(h->monitor_ctlr_wq);
hpsa_delete_sas_host(h);
diff --git a/drivers/scsi/hpsa.h b/drivers/scsi/hpsa.h
index 59e023696fff..7aa7378f70dd 100644
--- a/drivers/scsi/hpsa.h
+++ b/drivers/scsi/hpsa.h
@@ -300,6 +300,7 @@ struct ctlr_info {
int needs_abort_tags_swizzled;
struct workqueue_struct *resubmit_wq;
struct workqueue_struct *rescan_ctlr_wq;
+ struct workqueue_struct *monitor_ctlr_wq;
atomic_t abort_cmds_available;
wait_queue_head_t event_sync_wait_queue;
struct mutex reset_mutex;
--
2.35.1
^ permalink raw reply related [flat|nested] 529+ messages in thread
* [PATCH 4.19 191/521] scsi: hpsa: Fix possible memory leak in hpsa_init_one()
2023-01-16 15:44 [PATCH 4.19 000/521] 4.19.270-rc1 review Greg Kroah-Hartman
` (189 preceding siblings ...)
2023-01-16 15:47 ` [PATCH 4.19 190/521] scsi: hpsa: use local workqueues instead of system workqueues Greg Kroah-Hartman
@ 2023-01-16 15:47 ` Greg Kroah-Hartman
2023-01-16 15:47 ` [PATCH 4.19 192/521] crypto: tcrypt - Fix multibuffer skcipher speed test mem leak Greg Kroah-Hartman
` (333 subsequent siblings)
524 siblings, 0 replies; 529+ messages in thread
From: Greg Kroah-Hartman @ 2023-01-16 15:47 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Yuan Can, Ming Lei,
Martin K. Petersen, Sasha Levin
From: Yuan Can <yuancan@huawei.com>
[ Upstream commit 9c9ff300e0de07475796495d86f449340d454a0c ]
The hpda_alloc_ctlr_info() allocates h and its field reply_map. However, in
hpsa_init_one(), if alloc_percpu() failed, the hpsa_init_one() jumps to
clean1 directly, which frees h and leaks the h->reply_map.
Fix by calling hpda_free_ctlr_info() to release h->replay_map and h instead
free h directly.
Fixes: 8b834bff1b73 ("scsi: hpsa: fix selection of reply queue")
Signed-off-by: Yuan Can <yuancan@huawei.com>
Link: https://lore.kernel.org/r/20221122015751.87284-1-yuancan@huawei.com
Reviewed-by: Ming Lei <ming.lei@redhat.com>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/scsi/hpsa.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/scsi/hpsa.c b/drivers/scsi/hpsa.c
index 19d9c30be09d..1a4fc8b8a9cd 100644
--- a/drivers/scsi/hpsa.c
+++ b/drivers/scsi/hpsa.c
@@ -8841,7 +8841,7 @@ static int hpsa_init_one(struct pci_dev *pdev, const struct pci_device_id *ent)
destroy_workqueue(h->monitor_ctlr_wq);
h->monitor_ctlr_wq = NULL;
}
- kfree(h);
+ hpda_free_ctlr_info(h);
return rc;
}
--
2.35.1
^ permalink raw reply related [flat|nested] 529+ messages in thread
* [PATCH 4.19 192/521] crypto: tcrypt - Fix multibuffer skcipher speed test mem leak
2023-01-16 15:44 [PATCH 4.19 000/521] 4.19.270-rc1 review Greg Kroah-Hartman
` (190 preceding siblings ...)
2023-01-16 15:47 ` [PATCH 4.19 191/521] scsi: hpsa: Fix possible memory leak in hpsa_init_one() Greg Kroah-Hartman
@ 2023-01-16 15:47 ` Greg Kroah-Hartman
2023-01-16 15:47 ` [PATCH 4.19 193/521] scsi: mpt3sas: Add ioc_<level> logging macros Greg Kroah-Hartman
` (332 subsequent siblings)
524 siblings, 0 replies; 529+ messages in thread
From: Greg Kroah-Hartman @ 2023-01-16 15:47 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Zhang Yiqun, Herbert Xu, Sasha Levin
From: Zhang Yiqun <zhangyiqun@phytium.com.cn>
[ Upstream commit 1aa33fc8d4032227253ceb736f47c52b859d9683 ]
In the past, the data for mb-skcipher test has been allocated
twice, that means the first allcated memory area is without
free, which may cause a potential memory leakage. So this
patch is to remove one allocation to fix this error.
Fixes: e161c5930c15 ("crypto: tcrypt - add multibuf skcipher...")
Signed-off-by: Zhang Yiqun <zhangyiqun@phytium.com.cn>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
crypto/tcrypt.c | 9 ---------
1 file changed, 9 deletions(-)
diff --git a/crypto/tcrypt.c b/crypto/tcrypt.c
index bf797c613ba2..366f4510acbe 100644
--- a/crypto/tcrypt.c
+++ b/crypto/tcrypt.c
@@ -1285,15 +1285,6 @@ static void test_mb_skcipher_speed(const char *algo, int enc, int secs,
goto out_free_tfm;
}
-
- for (i = 0; i < num_mb; ++i)
- if (testmgr_alloc_buf(data[i].xbuf)) {
- while (i--)
- testmgr_free_buf(data[i].xbuf);
- goto out_free_tfm;
- }
-
-
for (i = 0; i < num_mb; ++i) {
data[i].req = skcipher_request_alloc(tfm, GFP_KERNEL);
if (!data[i].req) {
--
2.35.1
^ permalink raw reply related [flat|nested] 529+ messages in thread
* [PATCH 4.19 193/521] scsi: mpt3sas: Add ioc_<level> logging macros
2023-01-16 15:44 [PATCH 4.19 000/521] 4.19.270-rc1 review Greg Kroah-Hartman
` (191 preceding siblings ...)
2023-01-16 15:47 ` [PATCH 4.19 192/521] crypto: tcrypt - Fix multibuffer skcipher speed test mem leak Greg Kroah-Hartman
@ 2023-01-16 15:47 ` Greg Kroah-Hartman
2023-01-16 15:47 ` [PATCH 4.19 194/521] scsi: mpt3sas: Convert uses of pr_<level> with MPT3SAS_FMT to ioc_<level> Greg Kroah-Hartman
` (331 subsequent siblings)
524 siblings, 0 replies; 529+ messages in thread
From: Greg Kroah-Hartman @ 2023-01-16 15:47 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Joe Perches, Suganath Prabu,
Martin K. Petersen, Sasha Levin
From: Joe Perches <joe@perches.com>
[ Upstream commit 645a20c6821cd1ab58af8a1f99659e619c216efd ]
These macros can help identify specific logging uses and eventually perhaps
reduce object sizes.
Signed-off-by: Joe Perches <joe@perches.com>
Acked-by: Suganath Prabu <suganath-prabu.subramani@broadcom.com>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
Stable-dep-of: 78316e9dfc24 ("scsi: mpt3sas: Fix possible resource leaks in mpt3sas_transport_port_add()")
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/scsi/mpt3sas/mpt3sas_base.h | 9 +++++++++
1 file changed, 9 insertions(+)
diff --git a/drivers/scsi/mpt3sas/mpt3sas_base.h b/drivers/scsi/mpt3sas/mpt3sas_base.h
index 96dc15e90bd8..941a4faf20be 100644
--- a/drivers/scsi/mpt3sas/mpt3sas_base.h
+++ b/drivers/scsi/mpt3sas/mpt3sas_base.h
@@ -160,6 +160,15 @@ struct mpt3sas_nvme_cmd {
*/
#define MPT3SAS_FMT "%s: "
+#define ioc_err(ioc, fmt, ...) \
+ pr_err("%s: " fmt, (ioc)->name, ##__VA_ARGS__)
+#define ioc_notice(ioc, fmt, ...) \
+ pr_notice("%s: " fmt, (ioc)->name, ##__VA_ARGS__)
+#define ioc_warn(ioc, fmt, ...) \
+ pr_warn("%s: " fmt, (ioc)->name, ##__VA_ARGS__)
+#define ioc_info(ioc, fmt, ...) \
+ pr_info("%s: " fmt, (ioc)->name, ##__VA_ARGS__)
+
/*
* WarpDrive Specific Log codes
*/
--
2.35.1
^ permalink raw reply related [flat|nested] 529+ messages in thread
* [PATCH 4.19 194/521] scsi: mpt3sas: Convert uses of pr_<level> with MPT3SAS_FMT to ioc_<level>
2023-01-16 15:44 [PATCH 4.19 000/521] 4.19.270-rc1 review Greg Kroah-Hartman
` (192 preceding siblings ...)
2023-01-16 15:47 ` [PATCH 4.19 193/521] scsi: mpt3sas: Add ioc_<level> logging macros Greg Kroah-Hartman
@ 2023-01-16 15:47 ` Greg Kroah-Hartman
2023-01-16 15:47 ` [PATCH 4.19 195/521] scsi: mpt3sas: Fix possible resource leaks in mpt3sas_transport_port_add() Greg Kroah-Hartman
` (330 subsequent siblings)
524 siblings, 0 replies; 529+ messages in thread
From: Greg Kroah-Hartman @ 2023-01-16 15:47 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Joe Perches, Suganath Prabu,
Martin K. Petersen, Sasha Levin
From: Joe Perches <joe@perches.com>
[ Upstream commit 919d8a3f3fef9910fda7e0549004cbd4243cf744 ]
Use a more common logging style.
Done using the perl script below and some typing
$ git grep --name-only -w MPT3SAS_FMT -- "*.c" | \
xargs perl -i -e 'local $/; while (<>) { s/\bpr_(info|err|notice|warn)\s*\(\s*MPT3SAS_FMT\s*("[^"]+"(?:\s*\\?\s*"[^"]+"\s*){0,5}\s*),\s*ioc->name\s*/ioc_\1(ioc, \2/g; print;}'
Miscellanea for these conversions:
o Coalesce formats
o Realign arguments
o Remove unnecessary parentheses
o Use casts to u64 instead of unsigned long long where appropriate
o Convert broken pr_info uses to pr_cont
o Fix broken format string concatenation with line continuations and
excess whitespace
Signed-off-by: Joe Perches <joe@perches.com>
Acked-by: Suganath Prabu <suganath-prabu.subramani@broadcom.com>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
Stable-dep-of: 78316e9dfc24 ("scsi: mpt3sas: Fix possible resource leaks in mpt3sas_transport_port_add()")
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/scsi/mpt3sas/mpt3sas_base.c | 1065 ++++++--------
drivers/scsi/mpt3sas/mpt3sas_config.c | 48 +-
drivers/scsi/mpt3sas/mpt3sas_ctl.c | 493 +++----
drivers/scsi/mpt3sas/mpt3sas_scsih.c | 1425 ++++++++-----------
drivers/scsi/mpt3sas/mpt3sas_transport.c | 313 ++--
drivers/scsi/mpt3sas/mpt3sas_trigger_diag.c | 101 +-
drivers/scsi/mpt3sas/mpt3sas_warpdrive.c | 70 +-
7 files changed, 1533 insertions(+), 1982 deletions(-)
diff --git a/drivers/scsi/mpt3sas/mpt3sas_base.c b/drivers/scsi/mpt3sas/mpt3sas_base.c
index 447ac667f4b2..27ddc128af99 100644
--- a/drivers/scsi/mpt3sas/mpt3sas_base.c
+++ b/drivers/scsi/mpt3sas/mpt3sas_base.c
@@ -122,8 +122,8 @@ mpt3sas_base_check_cmd_timeout(struct MPT3SAS_ADAPTER *ioc,
if (!(status & MPT3_CMD_RESET))
issue_reset = 1;
- pr_err(MPT3SAS_FMT "Command %s\n", ioc->name,
- ((issue_reset == 0) ? "terminated due to Host Reset" : "Timeout"));
+ ioc_err(ioc, "Command %s\n",
+ issue_reset == 0 ? "terminated due to Host Reset" : "Timeout");
_debug_dump_mf(mpi_request, sz);
return issue_reset;
@@ -336,9 +336,7 @@ _base_get_chain_buffer_dma_to_chain_buffer(struct MPT3SAS_ADAPTER *ioc,
return ct->chain_buffer;
}
}
- pr_info(MPT3SAS_FMT
- "Provided chain_buffer_dma address is not in the lookup list\n",
- ioc->name);
+ ioc_info(ioc, "Provided chain_buffer_dma address is not in the lookup list\n");
return NULL;
}
@@ -394,7 +392,7 @@ static void _clone_sg_entries(struct MPT3SAS_ADAPTER *ioc,
/* Get scsi_cmd using smid */
scmd = mpt3sas_scsih_scsi_lookup_get(ioc, smid);
if (scmd == NULL) {
- pr_err(MPT3SAS_FMT "scmd is NULL\n", ioc->name);
+ ioc_err(ioc, "scmd is NULL\n");
return;
}
@@ -566,8 +564,7 @@ _base_fault_reset_work(struct work_struct *work)
doorbell = mpt3sas_base_get_iocstate(ioc, 0);
if ((doorbell & MPI2_IOC_STATE_MASK) == MPI2_IOC_STATE_MASK) {
- pr_err(MPT3SAS_FMT "SAS host is non-operational !!!!\n",
- ioc->name);
+ ioc_err(ioc, "SAS host is non-operational !!!!\n");
/* It may be possible that EEH recovery can resolve some of
* pci bus failure issues rather removing the dead ioc function
@@ -600,13 +597,11 @@ _base_fault_reset_work(struct work_struct *work)
p = kthread_run(mpt3sas_remove_dead_ioc_func, ioc,
"%s_dead_ioc_%d", ioc->driver_name, ioc->id);
if (IS_ERR(p))
- pr_err(MPT3SAS_FMT
- "%s: Running mpt3sas_dead_ioc thread failed !!!!\n",
- ioc->name, __func__);
+ ioc_err(ioc, "%s: Running mpt3sas_dead_ioc thread failed !!!!\n",
+ __func__);
else
- pr_err(MPT3SAS_FMT
- "%s: Running mpt3sas_dead_ioc thread success !!!!\n",
- ioc->name, __func__);
+ ioc_err(ioc, "%s: Running mpt3sas_dead_ioc thread success !!!!\n",
+ __func__);
return; /* don't rearm timer */
}
@@ -614,8 +609,8 @@ _base_fault_reset_work(struct work_struct *work)
if ((doorbell & MPI2_IOC_STATE_MASK) != MPI2_IOC_STATE_OPERATIONAL) {
rc = mpt3sas_base_hard_reset_handler(ioc, FORCE_BIG_HAMMER);
- pr_warn(MPT3SAS_FMT "%s: hard reset: %s\n", ioc->name,
- __func__, (rc == 0) ? "success" : "failed");
+ ioc_warn(ioc, "%s: hard reset: %s\n",
+ __func__, rc == 0 ? "success" : "failed");
doorbell = mpt3sas_base_get_iocstate(ioc, 0);
if ((doorbell & MPI2_IOC_STATE_MASK) == MPI2_IOC_STATE_FAULT)
mpt3sas_base_fault_info(ioc, doorbell &
@@ -657,8 +652,7 @@ mpt3sas_base_start_watchdog(struct MPT3SAS_ADAPTER *ioc)
ioc->fault_reset_work_q =
create_singlethread_workqueue(ioc->fault_reset_work_q_name);
if (!ioc->fault_reset_work_q) {
- pr_err(MPT3SAS_FMT "%s: failed (line=%d)\n",
- ioc->name, __func__, __LINE__);
+ ioc_err(ioc, "%s: failed (line=%d)\n", __func__, __LINE__);
return;
}
spin_lock_irqsave(&ioc->ioc_reset_in_progress_lock, flags);
@@ -700,8 +694,7 @@ mpt3sas_base_stop_watchdog(struct MPT3SAS_ADAPTER *ioc)
void
mpt3sas_base_fault_info(struct MPT3SAS_ADAPTER *ioc , u16 fault_code)
{
- pr_err(MPT3SAS_FMT "fault_state(0x%04x)!\n",
- ioc->name, fault_code);
+ ioc_err(ioc, "fault_state(0x%04x)!\n", fault_code);
}
/**
@@ -728,8 +721,7 @@ mpt3sas_halt_firmware(struct MPT3SAS_ADAPTER *ioc)
mpt3sas_base_fault_info(ioc , doorbell);
else {
writel(0xC0FFEE00, &ioc->chip->Doorbell);
- pr_err(MPT3SAS_FMT "Firmware is halted due to command timeout\n",
- ioc->name);
+ ioc_err(ioc, "Firmware is halted due to command timeout\n");
}
if (ioc->fwfault_debug == 2)
@@ -956,8 +948,8 @@ _base_sas_ioc_info(struct MPT3SAS_ADAPTER *ioc, MPI2DefaultReply_t *mpi_reply,
break;
}
- pr_warn(MPT3SAS_FMT "ioc_status: %s(0x%04x), request(0x%p),(%s)\n",
- ioc->name, desc, ioc_status, request_hdr, func_str);
+ ioc_warn(ioc, "ioc_status: %s(0x%04x), request(0x%p),(%s)\n",
+ desc, ioc_status, request_hdr, func_str);
_debug_dump_mf(request_hdr, frame_sz/4);
}
@@ -1003,9 +995,9 @@ _base_display_event_data(struct MPT3SAS_ADAPTER *ioc,
{
Mpi2EventDataSasDiscovery_t *event_data =
(Mpi2EventDataSasDiscovery_t *)mpi_reply->EventData;
- pr_info(MPT3SAS_FMT "Discovery: (%s)", ioc->name,
- (event_data->ReasonCode == MPI2_EVENT_SAS_DISC_RC_STARTED) ?
- "start" : "stop");
+ ioc_info(ioc, "Discovery: (%s)",
+ event_data->ReasonCode == MPI2_EVENT_SAS_DISC_RC_STARTED ?
+ "start" : "stop");
if (event_data->DiscoveryStatus)
pr_cont(" discovery_status(0x%08x)",
le32_to_cpu(event_data->DiscoveryStatus));
@@ -1059,14 +1051,13 @@ _base_display_event_data(struct MPT3SAS_ADAPTER *ioc,
{
Mpi26EventDataPCIeEnumeration_t *event_data =
(Mpi26EventDataPCIeEnumeration_t *)mpi_reply->EventData;
- pr_info(MPT3SAS_FMT "PCIE Enumeration: (%s)", ioc->name,
- (event_data->ReasonCode ==
- MPI26_EVENT_PCIE_ENUM_RC_STARTED) ?
- "start" : "stop");
+ ioc_info(ioc, "PCIE Enumeration: (%s)",
+ event_data->ReasonCode == MPI26_EVENT_PCIE_ENUM_RC_STARTED ?
+ "start" : "stop");
if (event_data->EnumerationStatus)
- pr_info("enumeration_status(0x%08x)",
- le32_to_cpu(event_data->EnumerationStatus));
- pr_info("\n");
+ pr_cont("enumeration_status(0x%08x)",
+ le32_to_cpu(event_data->EnumerationStatus));
+ pr_cont("\n");
return;
}
case MPI2_EVENT_PCIE_TOPOLOGY_CHANGE_LIST:
@@ -1077,7 +1068,7 @@ _base_display_event_data(struct MPT3SAS_ADAPTER *ioc,
if (!desc)
return;
- pr_info(MPT3SAS_FMT "%s\n", ioc->name, desc);
+ ioc_info(ioc, "%s\n", desc);
}
/**
@@ -1128,11 +1119,9 @@ _base_sas_log_info(struct MPT3SAS_ADAPTER *ioc , u32 log_info)
break;
}
- pr_warn(MPT3SAS_FMT
- "log_info(0x%08x): originator(%s), code(0x%02x), sub_code(0x%04x)\n",
- ioc->name, log_info,
- originator_str, sas_loginfo.dw.code,
- sas_loginfo.dw.subcode);
+ ioc_warn(ioc, "log_info(0x%08x): originator(%s), code(0x%02x), sub_code(0x%04x)\n",
+ log_info,
+ originator_str, sas_loginfo.dw.code, sas_loginfo.dw.subcode);
}
/**
@@ -1152,8 +1141,8 @@ _base_display_reply_info(struct MPT3SAS_ADAPTER *ioc, u16 smid, u8 msix_index,
mpi_reply = mpt3sas_base_get_reply_virt_addr(ioc, reply);
if (unlikely(!mpi_reply)) {
- pr_err(MPT3SAS_FMT "mpi_reply not valid at %s:%d/%s()!\n",
- ioc->name, __FILE__, __LINE__, __func__);
+ ioc_err(ioc, "mpi_reply not valid at %s:%d/%s()!\n",
+ __FILE__, __LINE__, __func__);
return;
}
ioc_status = le16_to_cpu(mpi_reply->IOCStatus);
@@ -1249,9 +1238,9 @@ _base_async_event(struct MPT3SAS_ADAPTER *ioc, u8 msix_index, u32 reply)
delayed_event_ack->EventContext = mpi_reply->EventContext;
list_add_tail(&delayed_event_ack->list,
&ioc->delayed_event_ack_list);
- dewtprintk(ioc, pr_info(MPT3SAS_FMT
- "DELAYED: EVENT ACK: event (0x%04x)\n",
- ioc->name, le16_to_cpu(mpi_reply->Event)));
+ dewtprintk(ioc,
+ ioc_info(ioc, "DELAYED: EVENT ACK: event (0x%04x)\n",
+ le16_to_cpu(mpi_reply->Event)));
goto out;
}
@@ -2600,9 +2589,8 @@ _base_config_dma_addressing(struct MPT3SAS_ADAPTER *ioc, struct pci_dev *pdev)
out:
si_meminfo(&s);
- pr_info(MPT3SAS_FMT
- "%d BIT PCI BUS DMA ADDRESSING SUPPORTED, total mem (%ld kB)\n",
- ioc->name, ioc->dma_mask, convert_to_kb(s.totalram));
+ ioc_info(ioc, "%d BIT PCI BUS DMA ADDRESSING SUPPORTED, total mem (%ld kB)\n",
+ ioc->dma_mask, convert_to_kb(s.totalram));
return 0;
}
@@ -2641,8 +2629,7 @@ _base_check_enable_msix(struct MPT3SAS_ADAPTER *ioc)
base = pci_find_capability(ioc->pdev, PCI_CAP_ID_MSIX);
if (!base) {
- dfailprintk(ioc, pr_info(MPT3SAS_FMT "msix not supported\n",
- ioc->name));
+ dfailprintk(ioc, ioc_info(ioc, "msix not supported\n"));
return -EINVAL;
}
@@ -2660,9 +2647,8 @@ _base_check_enable_msix(struct MPT3SAS_ADAPTER *ioc)
pci_read_config_word(ioc->pdev, base + 2, &message_control);
ioc->msix_vector_count = (message_control & 0x3FF) + 1;
}
- dinitprintk(ioc, pr_info(MPT3SAS_FMT
- "msix is supported, vector_count(%d)\n",
- ioc->name, ioc->msix_vector_count));
+ dinitprintk(ioc, ioc_info(ioc, "msix is supported, vector_count(%d)\n",
+ ioc->msix_vector_count));
return 0;
}
@@ -2704,8 +2690,8 @@ _base_request_irq(struct MPT3SAS_ADAPTER *ioc, u8 index)
reply_q = kzalloc(sizeof(struct adapter_reply_queue), GFP_KERNEL);
if (!reply_q) {
- pr_err(MPT3SAS_FMT "unable to allocate memory %d!\n",
- ioc->name, (int)sizeof(struct adapter_reply_queue));
+ ioc_err(ioc, "unable to allocate memory %zu!\n",
+ sizeof(struct adapter_reply_queue));
return -ENOMEM;
}
reply_q->ioc = ioc;
@@ -2763,8 +2749,8 @@ _base_assign_reply_queues(struct MPT3SAS_ADAPTER *ioc)
const cpumask_t *mask = pci_irq_get_affinity(ioc->pdev,
reply_q->msix_index);
if (!mask) {
- pr_warn(MPT3SAS_FMT "no affinity for msi %x\n",
- ioc->name, reply_q->msix_index);
+ ioc_warn(ioc, "no affinity for msi %x\n",
+ reply_q->msix_index);
continue;
}
@@ -2859,9 +2845,9 @@ _base_enable_msix(struct MPT3SAS_ADAPTER *ioc)
r = pci_alloc_irq_vectors(ioc->pdev, 1, ioc->reply_queue_count,
irq_flags);
if (r < 0) {
- dfailprintk(ioc, pr_info(MPT3SAS_FMT
- "pci_alloc_irq_vectors failed (r=%d) !!!\n",
- ioc->name, r));
+ dfailprintk(ioc,
+ ioc_info(ioc, "pci_alloc_irq_vectors failed (r=%d) !!!\n",
+ r));
goto try_ioapic;
}
@@ -2884,9 +2870,9 @@ _base_enable_msix(struct MPT3SAS_ADAPTER *ioc)
ioc->reply_queue_count = 1;
r = pci_alloc_irq_vectors(ioc->pdev, 1, 1, PCI_IRQ_LEGACY);
if (r < 0) {
- dfailprintk(ioc, pr_info(MPT3SAS_FMT
- "pci_alloc_irq_vector(legacy) failed (r=%d) !!!\n",
- ioc->name, r));
+ dfailprintk(ioc,
+ ioc_info(ioc, "pci_alloc_irq_vector(legacy) failed (r=%d) !!!\n",
+ r));
} else
r = _base_request_irq(ioc, 0);
@@ -2941,13 +2927,11 @@ mpt3sas_base_map_resources(struct MPT3SAS_ADAPTER *ioc)
phys_addr_t chip_phys = 0;
struct adapter_reply_queue *reply_q;
- dinitprintk(ioc, pr_info(MPT3SAS_FMT "%s\n",
- ioc->name, __func__));
+ dinitprintk(ioc, ioc_info(ioc, "%s\n", __func__));
ioc->bars = pci_select_bars(pdev, IORESOURCE_MEM);
if (pci_enable_device_mem(pdev)) {
- pr_warn(MPT3SAS_FMT "pci_enable_device_mem: failed\n",
- ioc->name);
+ ioc_warn(ioc, "pci_enable_device_mem: failed\n");
ioc->bars = 0;
return -ENODEV;
}
@@ -2955,8 +2939,7 @@ mpt3sas_base_map_resources(struct MPT3SAS_ADAPTER *ioc)
if (pci_request_selected_regions(pdev, ioc->bars,
ioc->driver_name)) {
- pr_warn(MPT3SAS_FMT "pci_request_selected_regions: failed\n",
- ioc->name);
+ ioc_warn(ioc, "pci_request_selected_regions: failed\n");
ioc->bars = 0;
r = -ENODEV;
goto out_fail;
@@ -2969,8 +2952,7 @@ mpt3sas_base_map_resources(struct MPT3SAS_ADAPTER *ioc)
if (_base_config_dma_addressing(ioc, pdev) != 0) {
- pr_warn(MPT3SAS_FMT "no suitable DMA mask for %s\n",
- ioc->name, pci_name(pdev));
+ ioc_warn(ioc, "no suitable DMA mask for %s\n", pci_name(pdev));
r = -ENODEV;
goto out_fail;
}
@@ -2993,8 +2975,7 @@ mpt3sas_base_map_resources(struct MPT3SAS_ADAPTER *ioc)
}
if (ioc->chip == NULL) {
- pr_err(MPT3SAS_FMT "unable to map adapter memory! "
- " or resource not found\n", ioc->name);
+ ioc_err(ioc, "unable to map adapter memory! or resource not found\n");
r = -EINVAL;
goto out_fail;
}
@@ -3060,10 +3041,10 @@ mpt3sas_base_map_resources(struct MPT3SAS_ADAPTER *ioc)
"IO-APIC enabled"),
pci_irq_vector(ioc->pdev, reply_q->msix_index));
- pr_info(MPT3SAS_FMT "iomem(%pap), mapped(0x%p), size(%d)\n",
- ioc->name, &chip_phys, ioc->chip, memap_sz);
- pr_info(MPT3SAS_FMT "ioport(0x%016llx), size(%d)\n",
- ioc->name, (unsigned long long)pio_chip, pio_sz);
+ ioc_info(ioc, "iomem(%pap), mapped(0x%p), size(%d)\n",
+ &chip_phys, ioc->chip, memap_sz);
+ ioc_info(ioc, "ioport(0x%016llx), size(%d)\n",
+ (unsigned long long)pio_chip, pio_sz);
/* Save PCI configuration state for recovery from PCI AER/EEH errors */
pci_save_state(pdev);
@@ -3178,8 +3159,7 @@ mpt3sas_base_get_smid(struct MPT3SAS_ADAPTER *ioc, u8 cb_idx)
spin_lock_irqsave(&ioc->scsi_lookup_lock, flags);
if (list_empty(&ioc->internal_free_list)) {
spin_unlock_irqrestore(&ioc->scsi_lookup_lock, flags);
- pr_err(MPT3SAS_FMT "%s: smid not available\n",
- ioc->name, __func__);
+ ioc_err(ioc, "%s: smid not available\n", __func__);
return 0;
}
@@ -3554,89 +3534,85 @@ _base_display_OEMs_branding(struct MPT3SAS_ADAPTER *ioc)
case MPI2_MFGPAGE_DEVID_SAS2008:
switch (ioc->pdev->subsystem_device) {
case MPT2SAS_INTEL_RMS2LL080_SSDID:
- pr_info(MPT3SAS_FMT "%s\n", ioc->name,
- MPT2SAS_INTEL_RMS2LL080_BRANDING);
+ ioc_info(ioc, "%s\n",
+ MPT2SAS_INTEL_RMS2LL080_BRANDING);
break;
case MPT2SAS_INTEL_RMS2LL040_SSDID:
- pr_info(MPT3SAS_FMT "%s\n", ioc->name,
- MPT2SAS_INTEL_RMS2LL040_BRANDING);
+ ioc_info(ioc, "%s\n",
+ MPT2SAS_INTEL_RMS2LL040_BRANDING);
break;
case MPT2SAS_INTEL_SSD910_SSDID:
- pr_info(MPT3SAS_FMT "%s\n", ioc->name,
- MPT2SAS_INTEL_SSD910_BRANDING);
+ ioc_info(ioc, "%s\n",
+ MPT2SAS_INTEL_SSD910_BRANDING);
break;
default:
- pr_info(MPT3SAS_FMT
- "Intel(R) Controller: Subsystem ID: 0x%X\n",
- ioc->name, ioc->pdev->subsystem_device);
+ ioc_info(ioc, "Intel(R) Controller: Subsystem ID: 0x%X\n",
+ ioc->pdev->subsystem_device);
break;
}
case MPI2_MFGPAGE_DEVID_SAS2308_2:
switch (ioc->pdev->subsystem_device) {
case MPT2SAS_INTEL_RS25GB008_SSDID:
- pr_info(MPT3SAS_FMT "%s\n", ioc->name,
- MPT2SAS_INTEL_RS25GB008_BRANDING);
+ ioc_info(ioc, "%s\n",
+ MPT2SAS_INTEL_RS25GB008_BRANDING);
break;
case MPT2SAS_INTEL_RMS25JB080_SSDID:
- pr_info(MPT3SAS_FMT "%s\n", ioc->name,
- MPT2SAS_INTEL_RMS25JB080_BRANDING);
+ ioc_info(ioc, "%s\n",
+ MPT2SAS_INTEL_RMS25JB080_BRANDING);
break;
case MPT2SAS_INTEL_RMS25JB040_SSDID:
- pr_info(MPT3SAS_FMT "%s\n", ioc->name,
- MPT2SAS_INTEL_RMS25JB040_BRANDING);
+ ioc_info(ioc, "%s\n",
+ MPT2SAS_INTEL_RMS25JB040_BRANDING);
break;
case MPT2SAS_INTEL_RMS25KB080_SSDID:
- pr_info(MPT3SAS_FMT "%s\n", ioc->name,
- MPT2SAS_INTEL_RMS25KB080_BRANDING);
+ ioc_info(ioc, "%s\n",
+ MPT2SAS_INTEL_RMS25KB080_BRANDING);
break;
case MPT2SAS_INTEL_RMS25KB040_SSDID:
- pr_info(MPT3SAS_FMT "%s\n", ioc->name,
- MPT2SAS_INTEL_RMS25KB040_BRANDING);
+ ioc_info(ioc, "%s\n",
+ MPT2SAS_INTEL_RMS25KB040_BRANDING);
break;
case MPT2SAS_INTEL_RMS25LB040_SSDID:
- pr_info(MPT3SAS_FMT "%s\n", ioc->name,
- MPT2SAS_INTEL_RMS25LB040_BRANDING);
+ ioc_info(ioc, "%s\n",
+ MPT2SAS_INTEL_RMS25LB040_BRANDING);
break;
case MPT2SAS_INTEL_RMS25LB080_SSDID:
- pr_info(MPT3SAS_FMT "%s\n", ioc->name,
- MPT2SAS_INTEL_RMS25LB080_BRANDING);
+ ioc_info(ioc, "%s\n",
+ MPT2SAS_INTEL_RMS25LB080_BRANDING);
break;
default:
- pr_info(MPT3SAS_FMT
- "Intel(R) Controller: Subsystem ID: 0x%X\n",
- ioc->name, ioc->pdev->subsystem_device);
+ ioc_info(ioc, "Intel(R) Controller: Subsystem ID: 0x%X\n",
+ ioc->pdev->subsystem_device);
break;
}
case MPI25_MFGPAGE_DEVID_SAS3008:
switch (ioc->pdev->subsystem_device) {
case MPT3SAS_INTEL_RMS3JC080_SSDID:
- pr_info(MPT3SAS_FMT "%s\n", ioc->name,
- MPT3SAS_INTEL_RMS3JC080_BRANDING);
+ ioc_info(ioc, "%s\n",
+ MPT3SAS_INTEL_RMS3JC080_BRANDING);
break;
case MPT3SAS_INTEL_RS3GC008_SSDID:
- pr_info(MPT3SAS_FMT "%s\n", ioc->name,
- MPT3SAS_INTEL_RS3GC008_BRANDING);
+ ioc_info(ioc, "%s\n",
+ MPT3SAS_INTEL_RS3GC008_BRANDING);
break;
case MPT3SAS_INTEL_RS3FC044_SSDID:
- pr_info(MPT3SAS_FMT "%s\n", ioc->name,
- MPT3SAS_INTEL_RS3FC044_BRANDING);
+ ioc_info(ioc, "%s\n",
+ MPT3SAS_INTEL_RS3FC044_BRANDING);
break;
case MPT3SAS_INTEL_RS3UC080_SSDID:
- pr_info(MPT3SAS_FMT "%s\n", ioc->name,
- MPT3SAS_INTEL_RS3UC080_BRANDING);
+ ioc_info(ioc, "%s\n",
+ MPT3SAS_INTEL_RS3UC080_BRANDING);
break;
default:
- pr_info(MPT3SAS_FMT
- "Intel(R) Controller: Subsystem ID: 0x%X\n",
- ioc->name, ioc->pdev->subsystem_device);
+ ioc_info(ioc, "Intel(R) Controller: Subsystem ID: 0x%X\n",
+ ioc->pdev->subsystem_device);
break;
}
break;
default:
- pr_info(MPT3SAS_FMT
- "Intel(R) Controller: Subsystem ID: 0x%X\n",
- ioc->name, ioc->pdev->subsystem_device);
+ ioc_info(ioc, "Intel(R) Controller: Subsystem ID: 0x%X\n",
+ ioc->pdev->subsystem_device);
break;
}
break;
@@ -3645,57 +3621,54 @@ _base_display_OEMs_branding(struct MPT3SAS_ADAPTER *ioc)
case MPI2_MFGPAGE_DEVID_SAS2008:
switch (ioc->pdev->subsystem_device) {
case MPT2SAS_DELL_6GBPS_SAS_HBA_SSDID:
- pr_info(MPT3SAS_FMT "%s\n", ioc->name,
- MPT2SAS_DELL_6GBPS_SAS_HBA_BRANDING);
+ ioc_info(ioc, "%s\n",
+ MPT2SAS_DELL_6GBPS_SAS_HBA_BRANDING);
break;
case MPT2SAS_DELL_PERC_H200_ADAPTER_SSDID:
- pr_info(MPT3SAS_FMT "%s\n", ioc->name,
- MPT2SAS_DELL_PERC_H200_ADAPTER_BRANDING);
+ ioc_info(ioc, "%s\n",
+ MPT2SAS_DELL_PERC_H200_ADAPTER_BRANDING);
break;
case MPT2SAS_DELL_PERC_H200_INTEGRATED_SSDID:
- pr_info(MPT3SAS_FMT "%s\n", ioc->name,
- MPT2SAS_DELL_PERC_H200_INTEGRATED_BRANDING);
+ ioc_info(ioc, "%s\n",
+ MPT2SAS_DELL_PERC_H200_INTEGRATED_BRANDING);
break;
case MPT2SAS_DELL_PERC_H200_MODULAR_SSDID:
- pr_info(MPT3SAS_FMT "%s\n", ioc->name,
- MPT2SAS_DELL_PERC_H200_MODULAR_BRANDING);
+ ioc_info(ioc, "%s\n",
+ MPT2SAS_DELL_PERC_H200_MODULAR_BRANDING);
break;
case MPT2SAS_DELL_PERC_H200_EMBEDDED_SSDID:
- pr_info(MPT3SAS_FMT "%s\n", ioc->name,
- MPT2SAS_DELL_PERC_H200_EMBEDDED_BRANDING);
+ ioc_info(ioc, "%s\n",
+ MPT2SAS_DELL_PERC_H200_EMBEDDED_BRANDING);
break;
case MPT2SAS_DELL_PERC_H200_SSDID:
- pr_info(MPT3SAS_FMT "%s\n", ioc->name,
- MPT2SAS_DELL_PERC_H200_BRANDING);
+ ioc_info(ioc, "%s\n",
+ MPT2SAS_DELL_PERC_H200_BRANDING);
break;
case MPT2SAS_DELL_6GBPS_SAS_SSDID:
- pr_info(MPT3SAS_FMT "%s\n", ioc->name,
- MPT2SAS_DELL_6GBPS_SAS_BRANDING);
+ ioc_info(ioc, "%s\n",
+ MPT2SAS_DELL_6GBPS_SAS_BRANDING);
break;
default:
- pr_info(MPT3SAS_FMT
- "Dell 6Gbps HBA: Subsystem ID: 0x%X\n",
- ioc->name, ioc->pdev->subsystem_device);
+ ioc_info(ioc, "Dell 6Gbps HBA: Subsystem ID: 0x%X\n",
+ ioc->pdev->subsystem_device);
break;
}
break;
case MPI25_MFGPAGE_DEVID_SAS3008:
switch (ioc->pdev->subsystem_device) {
case MPT3SAS_DELL_12G_HBA_SSDID:
- pr_info(MPT3SAS_FMT "%s\n", ioc->name,
- MPT3SAS_DELL_12G_HBA_BRANDING);
+ ioc_info(ioc, "%s\n",
+ MPT3SAS_DELL_12G_HBA_BRANDING);
break;
default:
- pr_info(MPT3SAS_FMT
- "Dell 12Gbps HBA: Subsystem ID: 0x%X\n",
- ioc->name, ioc->pdev->subsystem_device);
+ ioc_info(ioc, "Dell 12Gbps HBA: Subsystem ID: 0x%X\n",
+ ioc->pdev->subsystem_device);
break;
}
break;
default:
- pr_info(MPT3SAS_FMT
- "Dell HBA: Subsystem ID: 0x%X\n", ioc->name,
- ioc->pdev->subsystem_device);
+ ioc_info(ioc, "Dell HBA: Subsystem ID: 0x%X\n",
+ ioc->pdev->subsystem_device);
break;
}
break;
@@ -3704,46 +3677,42 @@ _base_display_OEMs_branding(struct MPT3SAS_ADAPTER *ioc)
case MPI25_MFGPAGE_DEVID_SAS3008:
switch (ioc->pdev->subsystem_device) {
case MPT3SAS_CISCO_12G_8E_HBA_SSDID:
- pr_info(MPT3SAS_FMT "%s\n", ioc->name,
- MPT3SAS_CISCO_12G_8E_HBA_BRANDING);
+ ioc_info(ioc, "%s\n",
+ MPT3SAS_CISCO_12G_8E_HBA_BRANDING);
break;
case MPT3SAS_CISCO_12G_8I_HBA_SSDID:
- pr_info(MPT3SAS_FMT "%s\n", ioc->name,
- MPT3SAS_CISCO_12G_8I_HBA_BRANDING);
+ ioc_info(ioc, "%s\n",
+ MPT3SAS_CISCO_12G_8I_HBA_BRANDING);
break;
case MPT3SAS_CISCO_12G_AVILA_HBA_SSDID:
- pr_info(MPT3SAS_FMT "%s\n", ioc->name,
- MPT3SAS_CISCO_12G_AVILA_HBA_BRANDING);
+ ioc_info(ioc, "%s\n",
+ MPT3SAS_CISCO_12G_AVILA_HBA_BRANDING);
break;
default:
- pr_info(MPT3SAS_FMT
- "Cisco 12Gbps SAS HBA: Subsystem ID: 0x%X\n",
- ioc->name, ioc->pdev->subsystem_device);
+ ioc_info(ioc, "Cisco 12Gbps SAS HBA: Subsystem ID: 0x%X\n",
+ ioc->pdev->subsystem_device);
break;
}
break;
case MPI25_MFGPAGE_DEVID_SAS3108_1:
switch (ioc->pdev->subsystem_device) {
case MPT3SAS_CISCO_12G_AVILA_HBA_SSDID:
- pr_info(MPT3SAS_FMT "%s\n", ioc->name,
- MPT3SAS_CISCO_12G_AVILA_HBA_BRANDING);
+ ioc_info(ioc, "%s\n",
+ MPT3SAS_CISCO_12G_AVILA_HBA_BRANDING);
break;
case MPT3SAS_CISCO_12G_COLUSA_MEZZANINE_HBA_SSDID:
- pr_info(MPT3SAS_FMT "%s\n", ioc->name,
- MPT3SAS_CISCO_12G_COLUSA_MEZZANINE_HBA_BRANDING
- );
+ ioc_info(ioc, "%s\n",
+ MPT3SAS_CISCO_12G_COLUSA_MEZZANINE_HBA_BRANDING);
break;
default:
- pr_info(MPT3SAS_FMT
- "Cisco 12Gbps SAS HBA: Subsystem ID: 0x%X\n",
- ioc->name, ioc->pdev->subsystem_device);
+ ioc_info(ioc, "Cisco 12Gbps SAS HBA: Subsystem ID: 0x%X\n",
+ ioc->pdev->subsystem_device);
break;
}
break;
default:
- pr_info(MPT3SAS_FMT
- "Cisco SAS HBA: Subsystem ID: 0x%X\n",
- ioc->name, ioc->pdev->subsystem_device);
+ ioc_info(ioc, "Cisco SAS HBA: Subsystem ID: 0x%X\n",
+ ioc->pdev->subsystem_device);
break;
}
break;
@@ -3752,43 +3721,40 @@ _base_display_OEMs_branding(struct MPT3SAS_ADAPTER *ioc)
case MPI2_MFGPAGE_DEVID_SAS2004:
switch (ioc->pdev->subsystem_device) {
case MPT2SAS_HP_DAUGHTER_2_4_INTERNAL_SSDID:
- pr_info(MPT3SAS_FMT "%s\n", ioc->name,
- MPT2SAS_HP_DAUGHTER_2_4_INTERNAL_BRANDING);
+ ioc_info(ioc, "%s\n",
+ MPT2SAS_HP_DAUGHTER_2_4_INTERNAL_BRANDING);
break;
default:
- pr_info(MPT3SAS_FMT
- "HP 6Gbps SAS HBA: Subsystem ID: 0x%X\n",
- ioc->name, ioc->pdev->subsystem_device);
+ ioc_info(ioc, "HP 6Gbps SAS HBA: Subsystem ID: 0x%X\n",
+ ioc->pdev->subsystem_device);
break;
}
case MPI2_MFGPAGE_DEVID_SAS2308_2:
switch (ioc->pdev->subsystem_device) {
case MPT2SAS_HP_2_4_INTERNAL_SSDID:
- pr_info(MPT3SAS_FMT "%s\n", ioc->name,
- MPT2SAS_HP_2_4_INTERNAL_BRANDING);
+ ioc_info(ioc, "%s\n",
+ MPT2SAS_HP_2_4_INTERNAL_BRANDING);
break;
case MPT2SAS_HP_2_4_EXTERNAL_SSDID:
- pr_info(MPT3SAS_FMT "%s\n", ioc->name,
- MPT2SAS_HP_2_4_EXTERNAL_BRANDING);
+ ioc_info(ioc, "%s\n",
+ MPT2SAS_HP_2_4_EXTERNAL_BRANDING);
break;
case MPT2SAS_HP_1_4_INTERNAL_1_4_EXTERNAL_SSDID:
- pr_info(MPT3SAS_FMT "%s\n", ioc->name,
- MPT2SAS_HP_1_4_INTERNAL_1_4_EXTERNAL_BRANDING);
+ ioc_info(ioc, "%s\n",
+ MPT2SAS_HP_1_4_INTERNAL_1_4_EXTERNAL_BRANDING);
break;
case MPT2SAS_HP_EMBEDDED_2_4_INTERNAL_SSDID:
- pr_info(MPT3SAS_FMT "%s\n", ioc->name,
- MPT2SAS_HP_EMBEDDED_2_4_INTERNAL_BRANDING);
+ ioc_info(ioc, "%s\n",
+ MPT2SAS_HP_EMBEDDED_2_4_INTERNAL_BRANDING);
break;
default:
- pr_info(MPT3SAS_FMT
- "HP 6Gbps SAS HBA: Subsystem ID: 0x%X\n",
- ioc->name, ioc->pdev->subsystem_device);
+ ioc_info(ioc, "HP 6Gbps SAS HBA: Subsystem ID: 0x%X\n",
+ ioc->pdev->subsystem_device);
break;
}
default:
- pr_info(MPT3SAS_FMT
- "HP SAS HBA: Subsystem ID: 0x%X\n",
- ioc->name, ioc->pdev->subsystem_device);
+ ioc_info(ioc, "HP SAS HBA: Subsystem ID: 0x%X\n",
+ ioc->pdev->subsystem_device);
break;
}
default:
@@ -3815,12 +3781,10 @@ _base_display_fwpkg_version(struct MPT3SAS_ADAPTER *ioc)
u16 smid, ioc_status;
size_t data_length;
- dinitprintk(ioc, pr_info(MPT3SAS_FMT "%s\n", ioc->name,
- __func__));
+ dinitprintk(ioc, ioc_info(ioc, "%s\n", __func__));
if (ioc->base_cmds.status & MPT3_CMD_PENDING) {
- pr_err(MPT3SAS_FMT "%s: internal command already in use\n",
- ioc->name, __func__);
+ ioc_err(ioc, "%s: internal command already in use\n", __func__);
return -EAGAIN;
}
@@ -3828,15 +3792,14 @@ _base_display_fwpkg_version(struct MPT3SAS_ADAPTER *ioc)
fwpkg_data = pci_alloc_consistent(ioc->pdev, data_length,
&fwpkg_data_dma);
if (!fwpkg_data) {
- pr_err(MPT3SAS_FMT "failure at %s:%d/%s()!\n",
- ioc->name, __FILE__, __LINE__, __func__);
+ ioc_err(ioc, "failure at %s:%d/%s()!\n",
+ __FILE__, __LINE__, __func__);
return -ENOMEM;
}
smid = mpt3sas_base_get_smid(ioc, ioc->base_cb_idx);
if (!smid) {
- pr_err(MPT3SAS_FMT "%s: failed obtaining a smid\n",
- ioc->name, __func__);
+ ioc_err(ioc, "%s: failed obtaining a smid\n", __func__);
r = -EAGAIN;
goto out;
}
@@ -3855,11 +3818,9 @@ _base_display_fwpkg_version(struct MPT3SAS_ADAPTER *ioc)
/* Wait for 15 seconds */
wait_for_completion_timeout(&ioc->base_cmds.done,
FW_IMG_HDR_READ_TIMEOUT*HZ);
- pr_info(MPT3SAS_FMT "%s: complete\n",
- ioc->name, __func__);
+ ioc_info(ioc, "%s: complete\n", __func__);
if (!(ioc->base_cmds.status & MPT3_CMD_COMPLETE)) {
- pr_err(MPT3SAS_FMT "%s: timeout\n",
- ioc->name, __func__);
+ ioc_err(ioc, "%s: timeout\n", __func__);
_debug_dump_mf(mpi_request,
sizeof(Mpi25FWUploadRequest_t)/4);
r = -ETIME;
@@ -3873,13 +3834,11 @@ _base_display_fwpkg_version(struct MPT3SAS_ADAPTER *ioc)
if (ioc_status == MPI2_IOCSTATUS_SUCCESS) {
FWImgHdr = (Mpi2FWImageHeader_t *)fwpkg_data;
if (FWImgHdr->PackageVersion.Word) {
- pr_info(MPT3SAS_FMT "FW Package Version"
- "(%02d.%02d.%02d.%02d)\n",
- ioc->name,
- FWImgHdr->PackageVersion.Struct.Major,
- FWImgHdr->PackageVersion.Struct.Minor,
- FWImgHdr->PackageVersion.Struct.Unit,
- FWImgHdr->PackageVersion.Struct.Dev);
+ ioc_info(ioc, "FW Package Version (%02d.%02d.%02d.%02d)\n",
+ FWImgHdr->PackageVersion.Struct.Major,
+ FWImgHdr->PackageVersion.Struct.Minor,
+ FWImgHdr->PackageVersion.Struct.Unit,
+ FWImgHdr->PackageVersion.Struct.Dev);
}
} else {
_debug_dump_mf(&mpi_reply,
@@ -3909,18 +3868,17 @@ _base_display_ioc_capabilities(struct MPT3SAS_ADAPTER *ioc)
bios_version = le32_to_cpu(ioc->bios_pg3.BiosVersion);
strncpy(desc, ioc->manu_pg0.ChipName, 16);
- pr_info(MPT3SAS_FMT "%s: FWVersion(%02d.%02d.%02d.%02d), "\
- "ChipRevision(0x%02x), BiosVersion(%02d.%02d.%02d.%02d)\n",
- ioc->name, desc,
- (ioc->facts.FWVersion.Word & 0xFF000000) >> 24,
- (ioc->facts.FWVersion.Word & 0x00FF0000) >> 16,
- (ioc->facts.FWVersion.Word & 0x0000FF00) >> 8,
- ioc->facts.FWVersion.Word & 0x000000FF,
- ioc->pdev->revision,
- (bios_version & 0xFF000000) >> 24,
- (bios_version & 0x00FF0000) >> 16,
- (bios_version & 0x0000FF00) >> 8,
- bios_version & 0x000000FF);
+ ioc_info(ioc, "%s: FWVersion(%02d.%02d.%02d.%02d), ChipRevision(0x%02x), BiosVersion(%02d.%02d.%02d.%02d)\n",
+ desc,
+ (ioc->facts.FWVersion.Word & 0xFF000000) >> 24,
+ (ioc->facts.FWVersion.Word & 0x00FF0000) >> 16,
+ (ioc->facts.FWVersion.Word & 0x0000FF00) >> 8,
+ ioc->facts.FWVersion.Word & 0x000000FF,
+ ioc->pdev->revision,
+ (bios_version & 0xFF000000) >> 24,
+ (bios_version & 0x00FF0000) >> 16,
+ (bios_version & 0x0000FF00) >> 8,
+ bios_version & 0x000000FF);
_base_display_OEMs_branding(ioc);
@@ -3929,82 +3887,81 @@ _base_display_ioc_capabilities(struct MPT3SAS_ADAPTER *ioc)
i++;
}
- pr_info(MPT3SAS_FMT "Protocol=(", ioc->name);
+ ioc_info(ioc, "Protocol=(");
if (ioc->facts.ProtocolFlags & MPI2_IOCFACTS_PROTOCOL_SCSI_INITIATOR) {
- pr_info("Initiator");
+ pr_cont("Initiator");
i++;
}
if (ioc->facts.ProtocolFlags & MPI2_IOCFACTS_PROTOCOL_SCSI_TARGET) {
- pr_info("%sTarget", i ? "," : "");
+ pr_cont("%sTarget", i ? "," : "");
i++;
}
i = 0;
- pr_info("), ");
- pr_info("Capabilities=(");
+ pr_cont("), Capabilities=(");
if (!ioc->hide_ir_msg) {
if (ioc->facts.IOCCapabilities &
MPI2_IOCFACTS_CAPABILITY_INTEGRATED_RAID) {
- pr_info("Raid");
+ pr_cont("Raid");
i++;
}
}
if (ioc->facts.IOCCapabilities & MPI2_IOCFACTS_CAPABILITY_TLR) {
- pr_info("%sTLR", i ? "," : "");
+ pr_cont("%sTLR", i ? "," : "");
i++;
}
if (ioc->facts.IOCCapabilities & MPI2_IOCFACTS_CAPABILITY_MULTICAST) {
- pr_info("%sMulticast", i ? "," : "");
+ pr_cont("%sMulticast", i ? "," : "");
i++;
}
if (ioc->facts.IOCCapabilities &
MPI2_IOCFACTS_CAPABILITY_BIDIRECTIONAL_TARGET) {
- pr_info("%sBIDI Target", i ? "," : "");
+ pr_cont("%sBIDI Target", i ? "," : "");
i++;
}
if (ioc->facts.IOCCapabilities & MPI2_IOCFACTS_CAPABILITY_EEDP) {
- pr_info("%sEEDP", i ? "," : "");
+ pr_cont("%sEEDP", i ? "," : "");
i++;
}
if (ioc->facts.IOCCapabilities &
MPI2_IOCFACTS_CAPABILITY_SNAPSHOT_BUFFER) {
- pr_info("%sSnapshot Buffer", i ? "," : "");
+ pr_cont("%sSnapshot Buffer", i ? "," : "");
i++;
}
if (ioc->facts.IOCCapabilities &
MPI2_IOCFACTS_CAPABILITY_DIAG_TRACE_BUFFER) {
- pr_info("%sDiag Trace Buffer", i ? "," : "");
+ pr_cont("%sDiag Trace Buffer", i ? "," : "");
i++;
}
if (ioc->facts.IOCCapabilities &
MPI2_IOCFACTS_CAPABILITY_EXTENDED_BUFFER) {
- pr_info("%sDiag Extended Buffer", i ? "," : "");
+ pr_cont("%sDiag Extended Buffer", i ? "," : "");
i++;
}
if (ioc->facts.IOCCapabilities &
MPI2_IOCFACTS_CAPABILITY_TASK_SET_FULL_HANDLING) {
- pr_info("%sTask Set Full", i ? "," : "");
+ pr_cont("%sTask Set Full", i ? "," : "");
i++;
}
iounit_pg1_flags = le32_to_cpu(ioc->iounit_pg1.Flags);
if (!(iounit_pg1_flags & MPI2_IOUNITPAGE1_NATIVE_COMMAND_Q_DISABLE)) {
- pr_info("%sNCQ", i ? "," : "");
+ pr_cont("%sNCQ", i ? "," : "");
i++;
}
- pr_info(")\n");
+ pr_cont(")\n");
}
/**
@@ -4037,21 +3994,21 @@ mpt3sas_base_update_missing_delay(struct MPT3SAS_ADAPTER *ioc,
sizeof(Mpi2SasIOUnit1PhyData_t));
sas_iounit_pg1 = kzalloc(sz, GFP_KERNEL);
if (!sas_iounit_pg1) {
- pr_err(MPT3SAS_FMT "failure at %s:%d/%s()!\n",
- ioc->name, __FILE__, __LINE__, __func__);
+ ioc_err(ioc, "failure at %s:%d/%s()!\n",
+ __FILE__, __LINE__, __func__);
goto out;
}
if ((mpt3sas_config_get_sas_iounit_pg1(ioc, &mpi_reply,
sas_iounit_pg1, sz))) {
- pr_err(MPT3SAS_FMT "failure at %s:%d/%s()!\n",
- ioc->name, __FILE__, __LINE__, __func__);
+ ioc_err(ioc, "failure at %s:%d/%s()!\n",
+ __FILE__, __LINE__, __func__);
goto out;
}
ioc_status = le16_to_cpu(mpi_reply.IOCStatus) &
MPI2_IOCSTATUS_MASK;
if (ioc_status != MPI2_IOCSTATUS_SUCCESS) {
- pr_err(MPT3SAS_FMT "failure at %s:%d/%s()!\n",
- ioc->name, __FILE__, __LINE__, __func__);
+ ioc_err(ioc, "failure at %s:%d/%s()!\n",
+ __FILE__, __LINE__, __func__);
goto out;
}
@@ -4083,11 +4040,11 @@ mpt3sas_base_update_missing_delay(struct MPT3SAS_ADAPTER *ioc,
else
dmd_new =
dmd & MPI2_SASIOUNIT1_REPORT_MISSING_TIMEOUT_MASK;
- pr_info(MPT3SAS_FMT "device_missing_delay: old(%d), new(%d)\n",
- ioc->name, dmd_orignal, dmd_new);
- pr_info(MPT3SAS_FMT "ioc_missing_delay: old(%d), new(%d)\n",
- ioc->name, io_missing_delay_original,
- io_missing_delay);
+ ioc_info(ioc, "device_missing_delay: old(%d), new(%d)\n",
+ dmd_orignal, dmd_new);
+ ioc_info(ioc, "ioc_missing_delay: old(%d), new(%d)\n",
+ io_missing_delay_original,
+ io_missing_delay);
ioc->device_missing_delay = dmd_new;
ioc->io_missing_delay = io_missing_delay;
}
@@ -4198,33 +4155,32 @@ _base_release_memory_pools(struct MPT3SAS_ADAPTER *ioc)
struct chain_tracker *ct;
struct reply_post_struct *rps;
- dexitprintk(ioc, pr_info(MPT3SAS_FMT "%s\n", ioc->name,
- __func__));
+ dexitprintk(ioc, ioc_info(ioc, "%s\n", __func__));
if (ioc->request) {
pci_free_consistent(ioc->pdev, ioc->request_dma_sz,
ioc->request, ioc->request_dma);
- dexitprintk(ioc, pr_info(MPT3SAS_FMT
- "request_pool(0x%p): free\n",
- ioc->name, ioc->request));
+ dexitprintk(ioc,
+ ioc_info(ioc, "request_pool(0x%p): free\n",
+ ioc->request));
ioc->request = NULL;
}
if (ioc->sense) {
dma_pool_free(ioc->sense_dma_pool, ioc->sense, ioc->sense_dma);
dma_pool_destroy(ioc->sense_dma_pool);
- dexitprintk(ioc, pr_info(MPT3SAS_FMT
- "sense_pool(0x%p): free\n",
- ioc->name, ioc->sense));
+ dexitprintk(ioc,
+ ioc_info(ioc, "sense_pool(0x%p): free\n",
+ ioc->sense));
ioc->sense = NULL;
}
if (ioc->reply) {
dma_pool_free(ioc->reply_dma_pool, ioc->reply, ioc->reply_dma);
dma_pool_destroy(ioc->reply_dma_pool);
- dexitprintk(ioc, pr_info(MPT3SAS_FMT
- "reply_pool(0x%p): free\n",
- ioc->name, ioc->reply));
+ dexitprintk(ioc,
+ ioc_info(ioc, "reply_pool(0x%p): free\n",
+ ioc->reply));
ioc->reply = NULL;
}
@@ -4232,9 +4188,9 @@ _base_release_memory_pools(struct MPT3SAS_ADAPTER *ioc)
dma_pool_free(ioc->reply_free_dma_pool, ioc->reply_free,
ioc->reply_free_dma);
dma_pool_destroy(ioc->reply_free_dma_pool);
- dexitprintk(ioc, pr_info(MPT3SAS_FMT
- "reply_free_pool(0x%p): free\n",
- ioc->name, ioc->reply_free));
+ dexitprintk(ioc,
+ ioc_info(ioc, "reply_free_pool(0x%p): free\n",
+ ioc->reply_free));
ioc->reply_free = NULL;
}
@@ -4246,9 +4202,9 @@ _base_release_memory_pools(struct MPT3SAS_ADAPTER *ioc)
ioc->reply_post_free_dma_pool,
rps->reply_post_free,
rps->reply_post_free_dma);
- dexitprintk(ioc, pr_info(MPT3SAS_FMT
- "reply_post_free_pool(0x%p): free\n",
- ioc->name, rps->reply_post_free));
+ dexitprintk(ioc,
+ ioc_info(ioc, "reply_post_free_pool(0x%p): free\n",
+ rps->reply_post_free));
rps->reply_post_free = NULL;
}
} while (ioc->rdpq_array_enable &&
@@ -4276,9 +4232,9 @@ _base_release_memory_pools(struct MPT3SAS_ADAPTER *ioc)
}
if (ioc->config_page) {
- dexitprintk(ioc, pr_info(MPT3SAS_FMT
- "config_page(0x%p): free\n", ioc->name,
- ioc->config_page));
+ dexitprintk(ioc,
+ ioc_info(ioc, "config_page(0x%p): free\n",
+ ioc->config_page));
pci_free_consistent(ioc->pdev, ioc->config_page_sz,
ioc->config_page, ioc->config_page_dma);
}
@@ -4349,8 +4305,7 @@ _base_allocate_memory_pools(struct MPT3SAS_ADAPTER *ioc)
int i, j;
struct chain_tracker *ct;
- dinitprintk(ioc, pr_info(MPT3SAS_FMT "%s\n", ioc->name,
- __func__));
+ dinitprintk(ioc, ioc_info(ioc, "%s\n", __func__));
retry_sz = 0;
@@ -4379,10 +4334,8 @@ _base_allocate_memory_pools(struct MPT3SAS_ADAPTER *ioc)
else if (sg_tablesize > MPT_MAX_PHYS_SEGMENTS) {
sg_tablesize = min_t(unsigned short, sg_tablesize,
SG_MAX_SEGMENTS);
- pr_warn(MPT3SAS_FMT
- "sg_tablesize(%u) is bigger than kernel "
- "defined SG_CHUNK_SIZE(%u)\n", ioc->name,
- sg_tablesize, MPT_MAX_PHYS_SEGMENTS);
+ ioc_warn(ioc, "sg_tablesize(%u) is bigger than kernel defined SG_CHUNK_SIZE(%u)\n",
+ sg_tablesize, MPT_MAX_PHYS_SEGMENTS);
}
ioc->shost->sg_tablesize = sg_tablesize;
}
@@ -4392,9 +4345,8 @@ _base_allocate_memory_pools(struct MPT3SAS_ADAPTER *ioc)
if (ioc->internal_depth < INTERNAL_CMDS_COUNT) {
if (facts->RequestCredit <= (INTERNAL_CMDS_COUNT +
INTERNAL_SCSIIO_CMDS_COUNT)) {
- pr_err(MPT3SAS_FMT "IOC doesn't have enough Request \
- Credits, it has just %d number of credits\n",
- ioc->name, facts->RequestCredit);
+ ioc_err(ioc, "IOC doesn't have enough Request Credits, it has just %d number of credits\n",
+ facts->RequestCredit);
return -ENOMEM;
}
ioc->internal_depth = 10;
@@ -4493,11 +4445,12 @@ _base_allocate_memory_pools(struct MPT3SAS_ADAPTER *ioc)
ioc->reply_free_queue_depth = ioc->hba_queue_depth + 64;
}
- dinitprintk(ioc, pr_info(MPT3SAS_FMT "scatter gather: " \
- "sge_in_main_msg(%d), sge_per_chain(%d), sge_per_io(%d), "
- "chains_per_io(%d)\n", ioc->name, ioc->max_sges_in_main_message,
- ioc->max_sges_in_chain_message, ioc->shost->sg_tablesize,
- ioc->chains_needed_per_io));
+ dinitprintk(ioc,
+ ioc_info(ioc, "scatter gather: sge_in_main_msg(%d), sge_per_chain(%d), sge_per_io(%d), chains_per_io(%d)\n",
+ ioc->max_sges_in_main_message,
+ ioc->max_sges_in_chain_message,
+ ioc->shost->sg_tablesize,
+ ioc->chains_needed_per_io));
/* reply post queue, 16 byte align */
reply_post_free_sz = ioc->reply_post_queue_depth *
@@ -4512,16 +4465,13 @@ _base_allocate_memory_pools(struct MPT3SAS_ADAPTER *ioc)
sizeof(struct reply_post_struct), GFP_KERNEL);
if (!ioc->reply_post) {
- pr_err(MPT3SAS_FMT "reply_post_free pool: kcalloc failed\n",
- ioc->name);
+ ioc_err(ioc, "reply_post_free pool: kcalloc failed\n");
goto out;
}
ioc->reply_post_free_dma_pool = dma_pool_create("reply_post_free pool",
&ioc->pdev->dev, sz, 16, 0);
if (!ioc->reply_post_free_dma_pool) {
- pr_err(MPT3SAS_FMT
- "reply_post_free pool: dma_pool_create failed\n",
- ioc->name);
+ ioc_err(ioc, "reply_post_free pool: dma_pool_create failed\n");
goto out;
}
i = 0;
@@ -4531,29 +4481,25 @@ _base_allocate_memory_pools(struct MPT3SAS_ADAPTER *ioc)
GFP_KERNEL,
&ioc->reply_post[i].reply_post_free_dma);
if (!ioc->reply_post[i].reply_post_free) {
- pr_err(MPT3SAS_FMT
- "reply_post_free pool: dma_pool_alloc failed\n",
- ioc->name);
+ ioc_err(ioc, "reply_post_free pool: dma_pool_alloc failed\n");
goto out;
}
memset(ioc->reply_post[i].reply_post_free, 0, sz);
- dinitprintk(ioc, pr_info(MPT3SAS_FMT
- "reply post free pool (0x%p): depth(%d),"
- "element_size(%d), pool_size(%d kB)\n", ioc->name,
- ioc->reply_post[i].reply_post_free,
- ioc->reply_post_queue_depth, 8, sz/1024));
- dinitprintk(ioc, pr_info(MPT3SAS_FMT
- "reply_post_free_dma = (0x%llx)\n", ioc->name,
- (unsigned long long)
- ioc->reply_post[i].reply_post_free_dma));
+ dinitprintk(ioc,
+ ioc_info(ioc, "reply post free pool (0x%p): depth(%d), element_size(%d), pool_size(%d kB)\n",
+ ioc->reply_post[i].reply_post_free,
+ ioc->reply_post_queue_depth,
+ 8, sz / 1024));
+ dinitprintk(ioc,
+ ioc_info(ioc, "reply_post_free_dma = (0x%llx)\n",
+ (u64)ioc->reply_post[i].reply_post_free_dma));
total_sz += sz;
} while (ioc->rdpq_array_enable && (++i < ioc->reply_queue_count));
if (ioc->dma_mask > 32) {
if (_base_change_consistent_dma_mask(ioc, ioc->pdev) != 0) {
- pr_warn(MPT3SAS_FMT
- "no suitable consistent DMA mask for %s\n",
- ioc->name, pci_name(ioc->pdev));
+ ioc_warn(ioc, "no suitable consistent DMA mask for %s\n",
+ pci_name(ioc->pdev));
goto out;
}
}
@@ -4565,9 +4511,9 @@ _base_allocate_memory_pools(struct MPT3SAS_ADAPTER *ioc)
* with some internal commands that could be outstanding
*/
ioc->shost->can_queue = ioc->scsiio_depth - INTERNAL_SCSIIO_CMDS_COUNT;
- dinitprintk(ioc, pr_info(MPT3SAS_FMT
- "scsi host: can_queue depth (%d)\n",
- ioc->name, ioc->shost->can_queue));
+ dinitprintk(ioc,
+ ioc_info(ioc, "scsi host: can_queue depth (%d)\n",
+ ioc->shost->can_queue));
/* contiguous pool for request and chains, 16 byte align, one extra "
@@ -4585,10 +4531,9 @@ _base_allocate_memory_pools(struct MPT3SAS_ADAPTER *ioc)
ioc->request_dma_sz = sz;
ioc->request = pci_alloc_consistent(ioc->pdev, sz, &ioc->request_dma);
if (!ioc->request) {
- pr_err(MPT3SAS_FMT "request pool: pci_alloc_consistent " \
- "failed: hba_depth(%d), chains_per_io(%d), frame_sz(%d), "
- "total(%d kB)\n", ioc->name, ioc->hba_queue_depth,
- ioc->chains_needed_per_io, ioc->request_sz, sz/1024);
+ ioc_err(ioc, "request pool: pci_alloc_consistent failed: hba_depth(%d), chains_per_io(%d), frame_sz(%d), total(%d kB)\n",
+ ioc->hba_queue_depth, ioc->chains_needed_per_io,
+ ioc->request_sz, sz / 1024);
if (ioc->scsiio_depth < MPT3SAS_SAS_QUEUE_DEPTH)
goto out;
retry_sz = 64;
@@ -4598,10 +4543,9 @@ _base_allocate_memory_pools(struct MPT3SAS_ADAPTER *ioc)
}
if (retry_sz)
- pr_err(MPT3SAS_FMT "request pool: pci_alloc_consistent " \
- "succeed: hba_depth(%d), chains_per_io(%d), frame_sz(%d), "
- "total(%d kb)\n", ioc->name, ioc->hba_queue_depth,
- ioc->chains_needed_per_io, ioc->request_sz, sz/1024);
+ ioc_err(ioc, "request pool: pci_alloc_consistent succeed: hba_depth(%d), chains_per_io(%d), frame_sz(%d), total(%d kb)\n",
+ ioc->hba_queue_depth, ioc->chains_needed_per_io,
+ ioc->request_sz, sz / 1024);
/* hi-priority queue */
ioc->hi_priority = ioc->request + ((ioc->scsiio_depth + 1) *
@@ -4615,24 +4559,26 @@ _base_allocate_memory_pools(struct MPT3SAS_ADAPTER *ioc)
ioc->internal_dma = ioc->hi_priority_dma + (ioc->hi_priority_depth *
ioc->request_sz);
- dinitprintk(ioc, pr_info(MPT3SAS_FMT
- "request pool(0x%p): depth(%d), frame_size(%d), pool_size(%d kB)\n",
- ioc->name, ioc->request, ioc->hba_queue_depth, ioc->request_sz,
- (ioc->hba_queue_depth * ioc->request_sz)/1024));
+ dinitprintk(ioc,
+ ioc_info(ioc, "request pool(0x%p): depth(%d), frame_size(%d), pool_size(%d kB)\n",
+ ioc->request, ioc->hba_queue_depth,
+ ioc->request_sz,
+ (ioc->hba_queue_depth * ioc->request_sz) / 1024));
- dinitprintk(ioc, pr_info(MPT3SAS_FMT "request pool: dma(0x%llx)\n",
- ioc->name, (unsigned long long) ioc->request_dma));
+ dinitprintk(ioc,
+ ioc_info(ioc, "request pool: dma(0x%llx)\n",
+ (unsigned long long)ioc->request_dma));
total_sz += sz;
- dinitprintk(ioc, pr_info(MPT3SAS_FMT "scsiio(0x%p): depth(%d)\n",
- ioc->name, ioc->request, ioc->scsiio_depth));
+ dinitprintk(ioc,
+ ioc_info(ioc, "scsiio(0x%p): depth(%d)\n",
+ ioc->request, ioc->scsiio_depth));
ioc->chain_depth = min_t(u32, ioc->chain_depth, MAX_CHAIN_DEPTH);
sz = ioc->scsiio_depth * sizeof(struct chain_lookup);
ioc->chain_lookup = kzalloc(sz, GFP_KERNEL);
if (!ioc->chain_lookup) {
- pr_err(MPT3SAS_FMT "chain_lookup: __get_free_pages "
- "failed\n", ioc->name);
+ ioc_err(ioc, "chain_lookup: __get_free_pages failed\n");
goto out;
}
@@ -4640,8 +4586,7 @@ _base_allocate_memory_pools(struct MPT3SAS_ADAPTER *ioc)
for (i = 0; i < ioc->scsiio_depth; i++) {
ioc->chain_lookup[i].chains_per_smid = kzalloc(sz, GFP_KERNEL);
if (!ioc->chain_lookup[i].chains_per_smid) {
- pr_err(MPT3SAS_FMT "chain_lookup: "
- " kzalloc failed\n", ioc->name);
+ ioc_err(ioc, "chain_lookup: kzalloc failed\n");
goto out;
}
}
@@ -4650,29 +4595,27 @@ _base_allocate_memory_pools(struct MPT3SAS_ADAPTER *ioc)
ioc->hpr_lookup = kcalloc(ioc->hi_priority_depth,
sizeof(struct request_tracker), GFP_KERNEL);
if (!ioc->hpr_lookup) {
- pr_err(MPT3SAS_FMT "hpr_lookup: kcalloc failed\n",
- ioc->name);
+ ioc_err(ioc, "hpr_lookup: kcalloc failed\n");
goto out;
}
ioc->hi_priority_smid = ioc->scsiio_depth + 1;
- dinitprintk(ioc, pr_info(MPT3SAS_FMT
- "hi_priority(0x%p): depth(%d), start smid(%d)\n",
- ioc->name, ioc->hi_priority,
- ioc->hi_priority_depth, ioc->hi_priority_smid));
+ dinitprintk(ioc,
+ ioc_info(ioc, "hi_priority(0x%p): depth(%d), start smid(%d)\n",
+ ioc->hi_priority,
+ ioc->hi_priority_depth, ioc->hi_priority_smid));
/* initialize internal queue smid's */
ioc->internal_lookup = kcalloc(ioc->internal_depth,
sizeof(struct request_tracker), GFP_KERNEL);
if (!ioc->internal_lookup) {
- pr_err(MPT3SAS_FMT "internal_lookup: kcalloc failed\n",
- ioc->name);
+ ioc_err(ioc, "internal_lookup: kcalloc failed\n");
goto out;
}
ioc->internal_smid = ioc->hi_priority_smid + ioc->hi_priority_depth;
- dinitprintk(ioc, pr_info(MPT3SAS_FMT
- "internal(0x%p): depth(%d), start smid(%d)\n",
- ioc->name, ioc->internal,
- ioc->internal_depth, ioc->internal_smid));
+ dinitprintk(ioc,
+ ioc_info(ioc, "internal(0x%p): depth(%d), start smid(%d)\n",
+ ioc->internal,
+ ioc->internal_depth, ioc->internal_smid));
/*
* The number of NVMe page sized blocks needed is:
* (((sg_tablesize * 8) - 1) / (page_size - 8)) + 1
@@ -4696,17 +4639,14 @@ _base_allocate_memory_pools(struct MPT3SAS_ADAPTER *ioc)
sz = sizeof(struct pcie_sg_list) * ioc->scsiio_depth;
ioc->pcie_sg_lookup = kzalloc(sz, GFP_KERNEL);
if (!ioc->pcie_sg_lookup) {
- pr_info(MPT3SAS_FMT
- "PCIe SGL lookup: kzalloc failed\n", ioc->name);
+ ioc_info(ioc, "PCIe SGL lookup: kzalloc failed\n");
goto out;
}
sz = nvme_blocks_needed * ioc->page_size;
ioc->pcie_sgl_dma_pool =
dma_pool_create("PCIe SGL pool", &ioc->pdev->dev, sz, 16, 0);
if (!ioc->pcie_sgl_dma_pool) {
- pr_info(MPT3SAS_FMT
- "PCIe SGL pool: dma_pool_create failed\n",
- ioc->name);
+ ioc_info(ioc, "PCIe SGL pool: dma_pool_create failed\n");
goto out;
}
@@ -4719,9 +4659,7 @@ _base_allocate_memory_pools(struct MPT3SAS_ADAPTER *ioc)
ioc->pcie_sgl_dma_pool, GFP_KERNEL,
&ioc->pcie_sg_lookup[i].pcie_sgl_dma);
if (!ioc->pcie_sg_lookup[i].pcie_sgl) {
- pr_info(MPT3SAS_FMT
- "PCIe SGL pool: dma_pool_alloc failed\n",
- ioc->name);
+ ioc_info(ioc, "PCIe SGL pool: dma_pool_alloc failed\n");
goto out;
}
for (j = 0; j < ioc->chains_per_prp_buffer; j++) {
@@ -4735,20 +4673,20 @@ _base_allocate_memory_pools(struct MPT3SAS_ADAPTER *ioc)
}
}
- dinitprintk(ioc, pr_info(MPT3SAS_FMT "PCIe sgl pool depth(%d), "
- "element_size(%d), pool_size(%d kB)\n", ioc->name,
- ioc->scsiio_depth, sz, (sz * ioc->scsiio_depth)/1024));
- dinitprintk(ioc, pr_info(MPT3SAS_FMT "Number of chains can "
- "fit in a PRP page(%d)\n", ioc->name,
- ioc->chains_per_prp_buffer));
+ dinitprintk(ioc,
+ ioc_info(ioc, "PCIe sgl pool depth(%d), element_size(%d), pool_size(%d kB)\n",
+ ioc->scsiio_depth, sz,
+ (sz * ioc->scsiio_depth) / 1024));
+ dinitprintk(ioc,
+ ioc_info(ioc, "Number of chains can fit in a PRP page(%d)\n",
+ ioc->chains_per_prp_buffer));
total_sz += sz * ioc->scsiio_depth;
}
ioc->chain_dma_pool = dma_pool_create("chain pool", &ioc->pdev->dev,
ioc->chain_segment_sz, 16, 0);
if (!ioc->chain_dma_pool) {
- pr_err(MPT3SAS_FMT "chain_dma_pool: dma_pool_create failed\n",
- ioc->name);
+ ioc_err(ioc, "chain_dma_pool: dma_pool_create failed\n");
goto out;
}
for (i = 0; i < ioc->scsiio_depth; i++) {
@@ -4759,8 +4697,7 @@ _base_allocate_memory_pools(struct MPT3SAS_ADAPTER *ioc)
ioc->chain_dma_pool, GFP_KERNEL,
&ct->chain_buffer_dma);
if (!ct->chain_buffer) {
- pr_err(MPT3SAS_FMT "chain_lookup: "
- " pci_pool_alloc failed\n", ioc->name);
+ ioc_err(ioc, "chain_lookup: pci_pool_alloc failed\n");
_base_release_memory_pools(ioc);
goto out;
}
@@ -4768,25 +4705,23 @@ _base_allocate_memory_pools(struct MPT3SAS_ADAPTER *ioc)
total_sz += ioc->chain_segment_sz;
}
- dinitprintk(ioc, pr_info(MPT3SAS_FMT
- "chain pool depth(%d), frame_size(%d), pool_size(%d kB)\n",
- ioc->name, ioc->chain_depth, ioc->chain_segment_sz,
- ((ioc->chain_depth * ioc->chain_segment_sz))/1024));
+ dinitprintk(ioc,
+ ioc_info(ioc, "chain pool depth(%d), frame_size(%d), pool_size(%d kB)\n",
+ ioc->chain_depth, ioc->chain_segment_sz,
+ (ioc->chain_depth * ioc->chain_segment_sz) / 1024));
/* sense buffers, 4 byte align */
sz = ioc->scsiio_depth * SCSI_SENSE_BUFFERSIZE;
ioc->sense_dma_pool = dma_pool_create("sense pool", &ioc->pdev->dev, sz,
4, 0);
if (!ioc->sense_dma_pool) {
- pr_err(MPT3SAS_FMT "sense pool: dma_pool_create failed\n",
- ioc->name);
+ ioc_err(ioc, "sense pool: dma_pool_create failed\n");
goto out;
}
ioc->sense = dma_pool_alloc(ioc->sense_dma_pool, GFP_KERNEL,
&ioc->sense_dma);
if (!ioc->sense) {
- pr_err(MPT3SAS_FMT "sense pool: dma_pool_alloc failed\n",
- ioc->name);
+ ioc_err(ioc, "sense pool: dma_pool_alloc failed\n");
goto out;
}
/* sense buffer requires to be in same 4 gb region.
@@ -4808,24 +4743,23 @@ _base_allocate_memory_pools(struct MPT3SAS_ADAPTER *ioc)
dma_pool_create("sense pool", &ioc->pdev->dev, sz,
roundup_pow_of_two(sz), 0);
if (!ioc->sense_dma_pool) {
- pr_err(MPT3SAS_FMT "sense pool: pci_pool_create failed\n",
- ioc->name);
+ ioc_err(ioc, "sense pool: pci_pool_create failed\n");
goto out;
}
ioc->sense = dma_pool_alloc(ioc->sense_dma_pool, GFP_KERNEL,
&ioc->sense_dma);
if (!ioc->sense) {
- pr_err(MPT3SAS_FMT "sense pool: pci_pool_alloc failed\n",
- ioc->name);
+ ioc_err(ioc, "sense pool: pci_pool_alloc failed\n");
goto out;
}
}
- dinitprintk(ioc, pr_info(MPT3SAS_FMT
- "sense pool(0x%p): depth(%d), element_size(%d), pool_size"
- "(%d kB)\n", ioc->name, ioc->sense, ioc->scsiio_depth,
- SCSI_SENSE_BUFFERSIZE, sz/1024));
- dinitprintk(ioc, pr_info(MPT3SAS_FMT "sense_dma(0x%llx)\n",
- ioc->name, (unsigned long long)ioc->sense_dma));
+ dinitprintk(ioc,
+ ioc_info(ioc, "sense pool(0x%p): depth(%d), element_size(%d), pool_size(%d kB)\n",
+ ioc->sense, ioc->scsiio_depth,
+ SCSI_SENSE_BUFFERSIZE, sz / 1024));
+ dinitprintk(ioc,
+ ioc_info(ioc, "sense_dma(0x%llx)\n",
+ (unsigned long long)ioc->sense_dma));
total_sz += sz;
/* reply pool, 4 byte align */
@@ -4833,25 +4767,24 @@ _base_allocate_memory_pools(struct MPT3SAS_ADAPTER *ioc)
ioc->reply_dma_pool = dma_pool_create("reply pool", &ioc->pdev->dev, sz,
4, 0);
if (!ioc->reply_dma_pool) {
- pr_err(MPT3SAS_FMT "reply pool: dma_pool_create failed\n",
- ioc->name);
+ ioc_err(ioc, "reply pool: dma_pool_create failed\n");
goto out;
}
ioc->reply = dma_pool_alloc(ioc->reply_dma_pool, GFP_KERNEL,
&ioc->reply_dma);
if (!ioc->reply) {
- pr_err(MPT3SAS_FMT "reply pool: dma_pool_alloc failed\n",
- ioc->name);
+ ioc_err(ioc, "reply pool: dma_pool_alloc failed\n");
goto out;
}
ioc->reply_dma_min_address = (u32)(ioc->reply_dma);
ioc->reply_dma_max_address = (u32)(ioc->reply_dma) + sz;
- dinitprintk(ioc, pr_info(MPT3SAS_FMT
- "reply pool(0x%p): depth(%d), frame_size(%d), pool_size(%d kB)\n",
- ioc->name, ioc->reply,
- ioc->reply_free_queue_depth, ioc->reply_sz, sz/1024));
- dinitprintk(ioc, pr_info(MPT3SAS_FMT "reply_dma(0x%llx)\n",
- ioc->name, (unsigned long long)ioc->reply_dma));
+ dinitprintk(ioc,
+ ioc_info(ioc, "reply pool(0x%p): depth(%d), frame_size(%d), pool_size(%d kB)\n",
+ ioc->reply, ioc->reply_free_queue_depth,
+ ioc->reply_sz, sz / 1024));
+ dinitprintk(ioc,
+ ioc_info(ioc, "reply_dma(0x%llx)\n",
+ (unsigned long long)ioc->reply_dma));
total_sz += sz;
/* reply free queue, 16 byte align */
@@ -4859,24 +4792,23 @@ _base_allocate_memory_pools(struct MPT3SAS_ADAPTER *ioc)
ioc->reply_free_dma_pool = dma_pool_create("reply_free pool",
&ioc->pdev->dev, sz, 16, 0);
if (!ioc->reply_free_dma_pool) {
- pr_err(MPT3SAS_FMT "reply_free pool: dma_pool_create failed\n",
- ioc->name);
+ ioc_err(ioc, "reply_free pool: dma_pool_create failed\n");
goto out;
}
ioc->reply_free = dma_pool_alloc(ioc->reply_free_dma_pool, GFP_KERNEL,
&ioc->reply_free_dma);
if (!ioc->reply_free) {
- pr_err(MPT3SAS_FMT "reply_free pool: dma_pool_alloc failed\n",
- ioc->name);
+ ioc_err(ioc, "reply_free pool: dma_pool_alloc failed\n");
goto out;
}
memset(ioc->reply_free, 0, sz);
- dinitprintk(ioc, pr_info(MPT3SAS_FMT "reply_free pool(0x%p): " \
- "depth(%d), element_size(%d), pool_size(%d kB)\n", ioc->name,
- ioc->reply_free, ioc->reply_free_queue_depth, 4, sz/1024));
- dinitprintk(ioc, pr_info(MPT3SAS_FMT
- "reply_free_dma (0x%llx)\n",
- ioc->name, (unsigned long long)ioc->reply_free_dma));
+ dinitprintk(ioc,
+ ioc_info(ioc, "reply_free pool(0x%p): depth(%d), element_size(%d), pool_size(%d kB)\n",
+ ioc->reply_free, ioc->reply_free_queue_depth,
+ 4, sz / 1024));
+ dinitprintk(ioc,
+ ioc_info(ioc, "reply_free_dma (0x%llx)\n",
+ (unsigned long long)ioc->reply_free_dma));
total_sz += sz;
if (ioc->rdpq_array_enable) {
@@ -4887,8 +4819,7 @@ _base_allocate_memory_pools(struct MPT3SAS_ADAPTER *ioc)
&ioc->pdev->dev, reply_post_free_array_sz, 16, 0);
if (!ioc->reply_post_free_array_dma_pool) {
dinitprintk(ioc,
- pr_info(MPT3SAS_FMT "reply_post_free_array pool: "
- "dma_pool_create failed\n", ioc->name));
+ ioc_info(ioc, "reply_post_free_array pool: dma_pool_create failed\n"));
goto out;
}
ioc->reply_post_free_array =
@@ -4896,8 +4827,7 @@ _base_allocate_memory_pools(struct MPT3SAS_ADAPTER *ioc)
GFP_KERNEL, &ioc->reply_post_free_array_dma);
if (!ioc->reply_post_free_array) {
dinitprintk(ioc,
- pr_info(MPT3SAS_FMT "reply_post_free_array pool: "
- "dma_pool_alloc failed\n", ioc->name));
+ ioc_info(ioc, "reply_post_free_array pool: dma_pool_alloc failed\n"));
goto out;
}
}
@@ -4905,25 +4835,23 @@ _base_allocate_memory_pools(struct MPT3SAS_ADAPTER *ioc)
ioc->config_page = pci_alloc_consistent(ioc->pdev,
ioc->config_page_sz, &ioc->config_page_dma);
if (!ioc->config_page) {
- pr_err(MPT3SAS_FMT
- "config page: dma_pool_alloc failed\n",
- ioc->name);
+ ioc_err(ioc, "config page: dma_pool_alloc failed\n");
goto out;
}
- dinitprintk(ioc, pr_info(MPT3SAS_FMT
- "config page(0x%p): size(%d)\n",
- ioc->name, ioc->config_page, ioc->config_page_sz));
- dinitprintk(ioc, pr_info(MPT3SAS_FMT "config_page_dma(0x%llx)\n",
- ioc->name, (unsigned long long)ioc->config_page_dma));
+ dinitprintk(ioc,
+ ioc_info(ioc, "config page(0x%p): size(%d)\n",
+ ioc->config_page, ioc->config_page_sz));
+ dinitprintk(ioc,
+ ioc_info(ioc, "config_page_dma(0x%llx)\n",
+ (unsigned long long)ioc->config_page_dma));
total_sz += ioc->config_page_sz;
- pr_info(MPT3SAS_FMT "Allocated physical memory: size(%d kB)\n",
- ioc->name, total_sz/1024);
- pr_info(MPT3SAS_FMT
- "Current Controller Queue Depth(%d),Max Controller Queue Depth(%d)\n",
- ioc->name, ioc->shost->can_queue, facts->RequestCredit);
- pr_info(MPT3SAS_FMT "Scatter Gather Elements per IO(%d)\n",
- ioc->name, ioc->shost->sg_tablesize);
+ ioc_info(ioc, "Allocated physical memory: size(%d kB)\n",
+ total_sz / 1024);
+ ioc_info(ioc, "Current Controller Queue Depth(%d),Max Controller Queue Depth(%d)\n",
+ ioc->shost->can_queue, facts->RequestCredit);
+ ioc_info(ioc, "Scatter Gather Elements per IO(%d)\n",
+ ioc->shost->sg_tablesize);
return 0;
out:
@@ -5001,9 +4929,9 @@ _base_wait_for_doorbell_int(struct MPT3SAS_ADAPTER *ioc, int timeout)
do {
int_status = readl(&ioc->chip->HostInterruptStatus);
if (int_status & MPI2_HIS_IOC2SYS_DB_STATUS) {
- dhsprintk(ioc, pr_info(MPT3SAS_FMT
- "%s: successful count(%d), timeout(%d)\n",
- ioc->name, __func__, count, timeout));
+ dhsprintk(ioc,
+ ioc_info(ioc, "%s: successful count(%d), timeout(%d)\n",
+ __func__, count, timeout));
return 0;
}
@@ -5011,9 +4939,8 @@ _base_wait_for_doorbell_int(struct MPT3SAS_ADAPTER *ioc, int timeout)
count++;
} while (--cntdn);
- pr_err(MPT3SAS_FMT
- "%s: failed due to timeout count(%d), int_status(%x)!\n",
- ioc->name, __func__, count, int_status);
+ ioc_err(ioc, "%s: failed due to timeout count(%d), int_status(%x)!\n",
+ __func__, count, int_status);
return -EFAULT;
}
@@ -5028,9 +4955,9 @@ _base_spin_on_doorbell_int(struct MPT3SAS_ADAPTER *ioc, int timeout)
do {
int_status = readl(&ioc->chip->HostInterruptStatus);
if (int_status & MPI2_HIS_IOC2SYS_DB_STATUS) {
- dhsprintk(ioc, pr_info(MPT3SAS_FMT
- "%s: successful count(%d), timeout(%d)\n",
- ioc->name, __func__, count, timeout));
+ dhsprintk(ioc,
+ ioc_info(ioc, "%s: successful count(%d), timeout(%d)\n",
+ __func__, count, timeout));
return 0;
}
@@ -5038,9 +4965,8 @@ _base_spin_on_doorbell_int(struct MPT3SAS_ADAPTER *ioc, int timeout)
count++;
} while (--cntdn);
- pr_err(MPT3SAS_FMT
- "%s: failed due to timeout count(%d), int_status(%x)!\n",
- ioc->name, __func__, count, int_status);
+ ioc_err(ioc, "%s: failed due to timeout count(%d), int_status(%x)!\n",
+ __func__, count, int_status);
return -EFAULT;
}
@@ -5067,9 +4993,9 @@ _base_wait_for_doorbell_ack(struct MPT3SAS_ADAPTER *ioc, int timeout)
do {
int_status = readl(&ioc->chip->HostInterruptStatus);
if (!(int_status & MPI2_HIS_SYS2IOC_DB_STATUS)) {
- dhsprintk(ioc, pr_info(MPT3SAS_FMT
- "%s: successful count(%d), timeout(%d)\n",
- ioc->name, __func__, count, timeout));
+ dhsprintk(ioc,
+ ioc_info(ioc, "%s: successful count(%d), timeout(%d)\n",
+ __func__, count, timeout));
return 0;
} else if (int_status & MPI2_HIS_IOC2SYS_DB_STATUS) {
doorbell = readl(&ioc->chip->Doorbell);
@@ -5086,9 +5012,8 @@ _base_wait_for_doorbell_ack(struct MPT3SAS_ADAPTER *ioc, int timeout)
} while (--cntdn);
out:
- pr_err(MPT3SAS_FMT
- "%s: failed due to timeout count(%d), int_status(%x)!\n",
- ioc->name, __func__, count, int_status);
+ ioc_err(ioc, "%s: failed due to timeout count(%d), int_status(%x)!\n",
+ __func__, count, int_status);
return -EFAULT;
}
@@ -5110,9 +5035,9 @@ _base_wait_for_doorbell_not_used(struct MPT3SAS_ADAPTER *ioc, int timeout)
do {
doorbell_reg = readl(&ioc->chip->Doorbell);
if (!(doorbell_reg & MPI2_DOORBELL_USED)) {
- dhsprintk(ioc, pr_info(MPT3SAS_FMT
- "%s: successful count(%d), timeout(%d)\n",
- ioc->name, __func__, count, timeout));
+ dhsprintk(ioc,
+ ioc_info(ioc, "%s: successful count(%d), timeout(%d)\n",
+ __func__, count, timeout));
return 0;
}
@@ -5120,9 +5045,8 @@ _base_wait_for_doorbell_not_used(struct MPT3SAS_ADAPTER *ioc, int timeout)
count++;
} while (--cntdn);
- pr_err(MPT3SAS_FMT
- "%s: failed due to timeout count(%d), doorbell_reg(%x)!\n",
- ioc->name, __func__, count, doorbell_reg);
+ ioc_err(ioc, "%s: failed due to timeout count(%d), doorbell_reg(%x)!\n",
+ __func__, count, doorbell_reg);
return -EFAULT;
}
@@ -5141,8 +5065,7 @@ _base_send_ioc_reset(struct MPT3SAS_ADAPTER *ioc, u8 reset_type, int timeout)
int r = 0;
if (reset_type != MPI2_FUNCTION_IOC_MESSAGE_UNIT_RESET) {
- pr_err(MPT3SAS_FMT "%s: unknown reset_type\n",
- ioc->name, __func__);
+ ioc_err(ioc, "%s: unknown reset_type\n", __func__);
return -EFAULT;
}
@@ -5150,7 +5073,7 @@ _base_send_ioc_reset(struct MPT3SAS_ADAPTER *ioc, u8 reset_type, int timeout)
MPI2_IOCFACTS_CAPABILITY_EVENT_REPLAY))
return -EFAULT;
- pr_info(MPT3SAS_FMT "sending message unit reset !!\n", ioc->name);
+ ioc_info(ioc, "sending message unit reset !!\n");
writel(reset_type << MPI2_DOORBELL_FUNCTION_SHIFT,
&ioc->chip->Doorbell);
@@ -5160,15 +5083,14 @@ _base_send_ioc_reset(struct MPT3SAS_ADAPTER *ioc, u8 reset_type, int timeout)
}
ioc_state = _base_wait_on_iocstate(ioc, MPI2_IOC_STATE_READY, timeout);
if (ioc_state) {
- pr_err(MPT3SAS_FMT
- "%s: failed going to ready state (ioc_state=0x%x)\n",
- ioc->name, __func__, ioc_state);
+ ioc_err(ioc, "%s: failed going to ready state (ioc_state=0x%x)\n",
+ __func__, ioc_state);
r = -EFAULT;
goto out;
}
out:
- pr_info(MPT3SAS_FMT "message unit reset: %s\n",
- ioc->name, ((r == 0) ? "SUCCESS" : "FAILED"));
+ ioc_info(ioc, "message unit reset: %s\n",
+ r == 0 ? "SUCCESS" : "FAILED");
return r;
}
@@ -5194,9 +5116,7 @@ _base_handshake_req_reply_wait(struct MPT3SAS_ADAPTER *ioc, int request_bytes,
/* make sure doorbell is not in use */
if ((readl(&ioc->chip->Doorbell) & MPI2_DOORBELL_USED)) {
- pr_err(MPT3SAS_FMT
- "doorbell is in use (line=%d)\n",
- ioc->name, __LINE__);
+ ioc_err(ioc, "doorbell is in use (line=%d)\n", __LINE__);
return -EFAULT;
}
@@ -5211,17 +5131,15 @@ _base_handshake_req_reply_wait(struct MPT3SAS_ADAPTER *ioc, int request_bytes,
&ioc->chip->Doorbell);
if ((_base_spin_on_doorbell_int(ioc, 5))) {
- pr_err(MPT3SAS_FMT
- "doorbell handshake int failed (line=%d)\n",
- ioc->name, __LINE__);
+ ioc_err(ioc, "doorbell handshake int failed (line=%d)\n",
+ __LINE__);
return -EFAULT;
}
writel(0, &ioc->chip->HostInterruptStatus);
if ((_base_wait_for_doorbell_ack(ioc, 5))) {
- pr_err(MPT3SAS_FMT
- "doorbell handshake ack failed (line=%d)\n",
- ioc->name, __LINE__);
+ ioc_err(ioc, "doorbell handshake ack failed (line=%d)\n",
+ __LINE__);
return -EFAULT;
}
@@ -5233,17 +5151,15 @@ _base_handshake_req_reply_wait(struct MPT3SAS_ADAPTER *ioc, int request_bytes,
}
if (failed) {
- pr_err(MPT3SAS_FMT
- "doorbell handshake sending request failed (line=%d)\n",
- ioc->name, __LINE__);
+ ioc_err(ioc, "doorbell handshake sending request failed (line=%d)\n",
+ __LINE__);
return -EFAULT;
}
/* now wait for the reply */
if ((_base_wait_for_doorbell_int(ioc, timeout))) {
- pr_err(MPT3SAS_FMT
- "doorbell handshake int failed (line=%d)\n",
- ioc->name, __LINE__);
+ ioc_err(ioc, "doorbell handshake int failed (line=%d)\n",
+ __LINE__);
return -EFAULT;
}
@@ -5252,9 +5168,8 @@ _base_handshake_req_reply_wait(struct MPT3SAS_ADAPTER *ioc, int request_bytes,
& MPI2_DOORBELL_DATA_MASK);
writel(0, &ioc->chip->HostInterruptStatus);
if ((_base_wait_for_doorbell_int(ioc, 5))) {
- pr_err(MPT3SAS_FMT
- "doorbell handshake int failed (line=%d)\n",
- ioc->name, __LINE__);
+ ioc_err(ioc, "doorbell handshake int failed (line=%d)\n",
+ __LINE__);
return -EFAULT;
}
reply[1] = le16_to_cpu(readl(&ioc->chip->Doorbell)
@@ -5263,9 +5178,8 @@ _base_handshake_req_reply_wait(struct MPT3SAS_ADAPTER *ioc, int request_bytes,
for (i = 2; i < default_reply->MsgLength * 2; i++) {
if ((_base_wait_for_doorbell_int(ioc, 5))) {
- pr_err(MPT3SAS_FMT
- "doorbell handshake int failed (line=%d)\n",
- ioc->name, __LINE__);
+ ioc_err(ioc, "doorbell handshake int failed (line=%d)\n",
+ __LINE__);
return -EFAULT;
}
if (i >= reply_bytes/2) /* overflow case */
@@ -5278,8 +5192,9 @@ _base_handshake_req_reply_wait(struct MPT3SAS_ADAPTER *ioc, int request_bytes,
_base_wait_for_doorbell_int(ioc, 5);
if (_base_wait_for_doorbell_not_used(ioc, 5) != 0) {
- dhsprintk(ioc, pr_info(MPT3SAS_FMT
- "doorbell is in use (line=%d)\n", ioc->name, __LINE__));
+ dhsprintk(ioc,
+ ioc_info(ioc, "doorbell is in use (line=%d)\n",
+ __LINE__));
}
writel(0, &ioc->chip->HostInterruptStatus);
@@ -5319,14 +5234,12 @@ mpt3sas_base_sas_iounit_control(struct MPT3SAS_ADAPTER *ioc,
void *request;
u16 wait_state_count;
- dinitprintk(ioc, pr_info(MPT3SAS_FMT "%s\n", ioc->name,
- __func__));
+ dinitprintk(ioc, ioc_info(ioc, "%s\n", __func__));
mutex_lock(&ioc->base_cmds.mutex);
if (ioc->base_cmds.status != MPT3_CMD_NOT_USED) {
- pr_err(MPT3SAS_FMT "%s: base_cmd in use\n",
- ioc->name, __func__);
+ ioc_err(ioc, "%s: base_cmd in use\n", __func__);
rc = -EAGAIN;
goto out;
}
@@ -5335,23 +5248,20 @@ mpt3sas_base_sas_iounit_control(struct MPT3SAS_ADAPTER *ioc,
ioc_state = mpt3sas_base_get_iocstate(ioc, 1);
while (ioc_state != MPI2_IOC_STATE_OPERATIONAL) {
if (wait_state_count++ == 10) {
- pr_err(MPT3SAS_FMT
- "%s: failed due to ioc not operational\n",
- ioc->name, __func__);
+ ioc_err(ioc, "%s: failed due to ioc not operational\n",
+ __func__);
rc = -EFAULT;
goto out;
}
ssleep(1);
ioc_state = mpt3sas_base_get_iocstate(ioc, 1);
- pr_info(MPT3SAS_FMT
- "%s: waiting for operational state(count=%d)\n",
- ioc->name, __func__, wait_state_count);
+ ioc_info(ioc, "%s: waiting for operational state(count=%d)\n",
+ __func__, wait_state_count);
}
smid = mpt3sas_base_get_smid(ioc, ioc->base_cb_idx);
if (!smid) {
- pr_err(MPT3SAS_FMT "%s: failed obtaining a smid\n",
- ioc->name, __func__);
+ ioc_err(ioc, "%s: failed obtaining a smid\n", __func__);
rc = -EAGAIN;
goto out;
}
@@ -5419,14 +5329,12 @@ mpt3sas_base_scsi_enclosure_processor(struct MPT3SAS_ADAPTER *ioc,
void *request;
u16 wait_state_count;
- dinitprintk(ioc, pr_info(MPT3SAS_FMT "%s\n", ioc->name,
- __func__));
+ dinitprintk(ioc, ioc_info(ioc, "%s\n", __func__));
mutex_lock(&ioc->base_cmds.mutex);
if (ioc->base_cmds.status != MPT3_CMD_NOT_USED) {
- pr_err(MPT3SAS_FMT "%s: base_cmd in use\n",
- ioc->name, __func__);
+ ioc_err(ioc, "%s: base_cmd in use\n", __func__);
rc = -EAGAIN;
goto out;
}
@@ -5435,24 +5343,20 @@ mpt3sas_base_scsi_enclosure_processor(struct MPT3SAS_ADAPTER *ioc,
ioc_state = mpt3sas_base_get_iocstate(ioc, 1);
while (ioc_state != MPI2_IOC_STATE_OPERATIONAL) {
if (wait_state_count++ == 10) {
- pr_err(MPT3SAS_FMT
- "%s: failed due to ioc not operational\n",
- ioc->name, __func__);
+ ioc_err(ioc, "%s: failed due to ioc not operational\n",
+ __func__);
rc = -EFAULT;
goto out;
}
ssleep(1);
ioc_state = mpt3sas_base_get_iocstate(ioc, 1);
- pr_info(MPT3SAS_FMT
- "%s: waiting for operational state(count=%d)\n",
- ioc->name,
- __func__, wait_state_count);
+ ioc_info(ioc, "%s: waiting for operational state(count=%d)\n",
+ __func__, wait_state_count);
}
smid = mpt3sas_base_get_smid(ioc, ioc->base_cb_idx);
if (!smid) {
- pr_err(MPT3SAS_FMT "%s: failed obtaining a smid\n",
- ioc->name, __func__);
+ ioc_err(ioc, "%s: failed obtaining a smid\n", __func__);
rc = -EAGAIN;
goto out;
}
@@ -5506,8 +5410,7 @@ _base_get_port_facts(struct MPT3SAS_ADAPTER *ioc, int port)
struct mpt3sas_port_facts *pfacts;
int mpi_reply_sz, mpi_request_sz, r;
- dinitprintk(ioc, pr_info(MPT3SAS_FMT "%s\n", ioc->name,
- __func__));
+ dinitprintk(ioc, ioc_info(ioc, "%s\n", __func__));
mpi_reply_sz = sizeof(Mpi2PortFactsReply_t);
mpi_request_sz = sizeof(Mpi2PortFactsRequest_t);
@@ -5518,8 +5421,7 @@ _base_get_port_facts(struct MPT3SAS_ADAPTER *ioc, int port)
(u32 *)&mpi_request, mpi_reply_sz, (u16 *)&mpi_reply, 5);
if (r != 0) {
- pr_err(MPT3SAS_FMT "%s: handshake failed (r=%d)\n",
- ioc->name, __func__, r);
+ ioc_err(ioc, "%s: handshake failed (r=%d)\n", __func__, r);
return r;
}
@@ -5603,8 +5505,7 @@ _base_get_ioc_facts(struct MPT3SAS_ADAPTER *ioc)
struct mpt3sas_facts *facts;
int mpi_reply_sz, mpi_request_sz, r;
- dinitprintk(ioc, pr_info(MPT3SAS_FMT "%s\n", ioc->name,
- __func__));
+ dinitprintk(ioc, ioc_info(ioc, "%s\n", __func__));
r = _base_wait_for_iocstate(ioc, 10);
if (r) {
@@ -5621,8 +5522,7 @@ _base_get_ioc_facts(struct MPT3SAS_ADAPTER *ioc)
(u32 *)&mpi_request, mpi_reply_sz, (u16 *)&mpi_reply, 5);
if (r != 0) {
- pr_err(MPT3SAS_FMT "%s: handshake failed (r=%d)\n",
- ioc->name, __func__, r);
+ ioc_err(ioc, "%s: handshake failed (r=%d)\n", __func__, r);
return r;
}
@@ -5674,20 +5574,20 @@ _base_get_ioc_facts(struct MPT3SAS_ADAPTER *ioc)
*/
ioc->page_size = 1 << facts->CurrentHostPageSize;
if (ioc->page_size == 1) {
- pr_info(MPT3SAS_FMT "CurrentHostPageSize is 0: Setting "
- "default host page size to 4k\n", ioc->name);
+ ioc_info(ioc, "CurrentHostPageSize is 0: Setting default host page size to 4k\n");
ioc->page_size = 1 << MPT3SAS_HOST_PAGE_SIZE_4K;
}
- dinitprintk(ioc, pr_info(MPT3SAS_FMT "CurrentHostPageSize(%d)\n",
- ioc->name, facts->CurrentHostPageSize));
-
- dinitprintk(ioc, pr_info(MPT3SAS_FMT
- "hba queue depth(%d), max chains per io(%d)\n",
- ioc->name, facts->RequestCredit,
- facts->MaxChainDepth));
- dinitprintk(ioc, pr_info(MPT3SAS_FMT
- "request frame size(%d), reply frame size(%d)\n", ioc->name,
- facts->IOCRequestFrameSize * 4, facts->ReplyFrameSize * 4));
+ dinitprintk(ioc,
+ ioc_info(ioc, "CurrentHostPageSize(%d)\n",
+ facts->CurrentHostPageSize));
+
+ dinitprintk(ioc,
+ ioc_info(ioc, "hba queue depth(%d), max chains per io(%d)\n",
+ facts->RequestCredit, facts->MaxChainDepth));
+ dinitprintk(ioc,
+ ioc_info(ioc, "request frame size(%d), reply frame size(%d)\n",
+ facts->IOCRequestFrameSize * 4,
+ facts->ReplyFrameSize * 4));
return 0;
}
@@ -5707,8 +5607,7 @@ _base_send_ioc_init(struct MPT3SAS_ADAPTER *ioc)
u16 ioc_status;
u32 reply_post_free_array_sz = 0;
- dinitprintk(ioc, pr_info(MPT3SAS_FMT "%s\n", ioc->name,
- __func__));
+ dinitprintk(ioc, ioc_info(ioc, "%s\n", __func__));
memset(&mpi_request, 0, sizeof(Mpi2IOCInitRequest_t));
mpi_request.Function = MPI2_FUNCTION_IOC_INIT;
@@ -5774,15 +5673,14 @@ _base_send_ioc_init(struct MPT3SAS_ADAPTER *ioc)
sizeof(Mpi2IOCInitReply_t), (u16 *)&mpi_reply, 30);
if (r != 0) {
- pr_err(MPT3SAS_FMT "%s: handshake failed (r=%d)\n",
- ioc->name, __func__, r);
+ ioc_err(ioc, "%s: handshake failed (r=%d)\n", __func__, r);
return r;
}
ioc_status = le16_to_cpu(mpi_reply.IOCStatus) & MPI2_IOCSTATUS_MASK;
if (ioc_status != MPI2_IOCSTATUS_SUCCESS ||
mpi_reply.IOCLogInfo) {
- pr_err(MPT3SAS_FMT "%s: failed\n", ioc->name, __func__);
+ ioc_err(ioc, "%s: failed\n", __func__);
r = -EIO;
}
@@ -5853,18 +5751,16 @@ _base_send_port_enable(struct MPT3SAS_ADAPTER *ioc)
u16 smid;
u16 ioc_status;
- pr_info(MPT3SAS_FMT "sending port enable !!\n", ioc->name);
+ ioc_info(ioc, "sending port enable !!\n");
if (ioc->port_enable_cmds.status & MPT3_CMD_PENDING) {
- pr_err(MPT3SAS_FMT "%s: internal command already in use\n",
- ioc->name, __func__);
+ ioc_err(ioc, "%s: internal command already in use\n", __func__);
return -EAGAIN;
}
smid = mpt3sas_base_get_smid(ioc, ioc->port_enable_cb_idx);
if (!smid) {
- pr_err(MPT3SAS_FMT "%s: failed obtaining a smid\n",
- ioc->name, __func__);
+ ioc_err(ioc, "%s: failed obtaining a smid\n", __func__);
return -EAGAIN;
}
@@ -5878,8 +5774,7 @@ _base_send_port_enable(struct MPT3SAS_ADAPTER *ioc)
mpt3sas_base_put_smid_default(ioc, smid);
wait_for_completion_timeout(&ioc->port_enable_cmds.done, 300*HZ);
if (!(ioc->port_enable_cmds.status & MPT3_CMD_COMPLETE)) {
- pr_err(MPT3SAS_FMT "%s: timeout\n",
- ioc->name, __func__);
+ ioc_err(ioc, "%s: timeout\n", __func__);
_debug_dump_mf(mpi_request,
sizeof(Mpi2PortEnableRequest_t)/4);
if (ioc->port_enable_cmds.status & MPT3_CMD_RESET)
@@ -5892,16 +5787,15 @@ _base_send_port_enable(struct MPT3SAS_ADAPTER *ioc)
mpi_reply = ioc->port_enable_cmds.reply;
ioc_status = le16_to_cpu(mpi_reply->IOCStatus) & MPI2_IOCSTATUS_MASK;
if (ioc_status != MPI2_IOCSTATUS_SUCCESS) {
- pr_err(MPT3SAS_FMT "%s: failed with (ioc_status=0x%08x)\n",
- ioc->name, __func__, ioc_status);
+ ioc_err(ioc, "%s: failed with (ioc_status=0x%08x)\n",
+ __func__, ioc_status);
r = -EFAULT;
goto out;
}
out:
ioc->port_enable_cmds.status = MPT3_CMD_NOT_USED;
- pr_info(MPT3SAS_FMT "port enable: %s\n", ioc->name, ((r == 0) ?
- "SUCCESS" : "FAILED"));
+ ioc_info(ioc, "port enable: %s\n", r == 0 ? "SUCCESS" : "FAILED");
return r;
}
@@ -5917,18 +5811,16 @@ mpt3sas_port_enable(struct MPT3SAS_ADAPTER *ioc)
Mpi2PortEnableRequest_t *mpi_request;
u16 smid;
- pr_info(MPT3SAS_FMT "sending port enable !!\n", ioc->name);
+ ioc_info(ioc, "sending port enable !!\n");
if (ioc->port_enable_cmds.status & MPT3_CMD_PENDING) {
- pr_err(MPT3SAS_FMT "%s: internal command already in use\n",
- ioc->name, __func__);
+ ioc_err(ioc, "%s: internal command already in use\n", __func__);
return -EAGAIN;
}
smid = mpt3sas_base_get_smid(ioc, ioc->port_enable_cb_idx);
if (!smid) {
- pr_err(MPT3SAS_FMT "%s: failed obtaining a smid\n",
- ioc->name, __func__);
+ ioc_err(ioc, "%s: failed obtaining a smid\n", __func__);
return -EAGAIN;
}
@@ -6031,19 +5923,16 @@ _base_event_notification(struct MPT3SAS_ADAPTER *ioc)
int r = 0;
int i;
- dinitprintk(ioc, pr_info(MPT3SAS_FMT "%s\n", ioc->name,
- __func__));
+ dinitprintk(ioc, ioc_info(ioc, "%s\n", __func__));
if (ioc->base_cmds.status & MPT3_CMD_PENDING) {
- pr_err(MPT3SAS_FMT "%s: internal command already in use\n",
- ioc->name, __func__);
+ ioc_err(ioc, "%s: internal command already in use\n", __func__);
return -EAGAIN;
}
smid = mpt3sas_base_get_smid(ioc, ioc->base_cb_idx);
if (!smid) {
- pr_err(MPT3SAS_FMT "%s: failed obtaining a smid\n",
- ioc->name, __func__);
+ ioc_err(ioc, "%s: failed obtaining a smid\n", __func__);
return -EAGAIN;
}
ioc->base_cmds.status = MPT3_CMD_PENDING;
@@ -6060,8 +5949,7 @@ _base_event_notification(struct MPT3SAS_ADAPTER *ioc)
mpt3sas_base_put_smid_default(ioc, smid);
wait_for_completion_timeout(&ioc->base_cmds.done, 30*HZ);
if (!(ioc->base_cmds.status & MPT3_CMD_COMPLETE)) {
- pr_err(MPT3SAS_FMT "%s: timeout\n",
- ioc->name, __func__);
+ ioc_err(ioc, "%s: timeout\n", __func__);
_debug_dump_mf(mpi_request,
sizeof(Mpi2EventNotificationRequest_t)/4);
if (ioc->base_cmds.status & MPT3_CMD_RESET)
@@ -6069,8 +5957,7 @@ _base_event_notification(struct MPT3SAS_ADAPTER *ioc)
else
r = -ETIME;
} else
- dinitprintk(ioc, pr_info(MPT3SAS_FMT "%s: complete\n",
- ioc->name, __func__));
+ dinitprintk(ioc, ioc_info(ioc, "%s: complete\n", __func__));
ioc->base_cmds.status = MPT3_CMD_NOT_USED;
return r;
}
@@ -6126,18 +6013,16 @@ _base_diag_reset(struct MPT3SAS_ADAPTER *ioc)
u32 count;
u32 hcb_size;
- pr_info(MPT3SAS_FMT "sending diag reset !!\n", ioc->name);
+ ioc_info(ioc, "sending diag reset !!\n");
- drsprintk(ioc, pr_info(MPT3SAS_FMT "clear interrupts\n",
- ioc->name));
+ drsprintk(ioc, ioc_info(ioc, "clear interrupts\n"));
count = 0;
do {
/* Write magic sequence to WriteSequence register
* Loop until in diagnostic mode
*/
- drsprintk(ioc, pr_info(MPT3SAS_FMT
- "write magic sequence\n", ioc->name));
+ drsprintk(ioc, ioc_info(ioc, "write magic sequence\n"));
writel(MPI2_WRSEQ_FLUSH_KEY_VALUE, &ioc->chip->WriteSequence);
writel(MPI2_WRSEQ_1ST_KEY_VALUE, &ioc->chip->WriteSequence);
writel(MPI2_WRSEQ_2ND_KEY_VALUE, &ioc->chip->WriteSequence);
@@ -6153,16 +6038,15 @@ _base_diag_reset(struct MPT3SAS_ADAPTER *ioc)
goto out;
host_diagnostic = readl(&ioc->chip->HostDiagnostic);
- drsprintk(ioc, pr_info(MPT3SAS_FMT
- "wrote magic sequence: count(%d), host_diagnostic(0x%08x)\n",
- ioc->name, count, host_diagnostic));
+ drsprintk(ioc,
+ ioc_info(ioc, "wrote magic sequence: count(%d), host_diagnostic(0x%08x)\n",
+ count, host_diagnostic));
} while ((host_diagnostic & MPI2_DIAG_DIAG_WRITE_ENABLE) == 0);
hcb_size = readl(&ioc->chip->HCBSize);
- drsprintk(ioc, pr_info(MPT3SAS_FMT "diag reset: issued\n",
- ioc->name));
+ drsprintk(ioc, ioc_info(ioc, "diag reset: issued\n"));
writel(host_diagnostic | MPI2_DIAG_RESET_ADAPTER,
&ioc->chip->HostDiagnostic);
@@ -6185,43 +6069,38 @@ _base_diag_reset(struct MPT3SAS_ADAPTER *ioc)
if (host_diagnostic & MPI2_DIAG_HCB_MODE) {
- drsprintk(ioc, pr_info(MPT3SAS_FMT
- "restart the adapter assuming the HCB Address points to good F/W\n",
- ioc->name));
+ drsprintk(ioc,
+ ioc_info(ioc, "restart the adapter assuming the HCB Address points to good F/W\n"));
host_diagnostic &= ~MPI2_DIAG_BOOT_DEVICE_SELECT_MASK;
host_diagnostic |= MPI2_DIAG_BOOT_DEVICE_SELECT_HCDW;
writel(host_diagnostic, &ioc->chip->HostDiagnostic);
- drsprintk(ioc, pr_info(MPT3SAS_FMT
- "re-enable the HCDW\n", ioc->name));
+ drsprintk(ioc, ioc_info(ioc, "re-enable the HCDW\n"));
writel(hcb_size | MPI2_HCB_SIZE_HCB_ENABLE,
&ioc->chip->HCBSize);
}
- drsprintk(ioc, pr_info(MPT3SAS_FMT "restart the adapter\n",
- ioc->name));
+ drsprintk(ioc, ioc_info(ioc, "restart the adapter\n"));
writel(host_diagnostic & ~MPI2_DIAG_HOLD_IOC_RESET,
&ioc->chip->HostDiagnostic);
- drsprintk(ioc, pr_info(MPT3SAS_FMT
- "disable writes to the diagnostic register\n", ioc->name));
+ drsprintk(ioc,
+ ioc_info(ioc, "disable writes to the diagnostic register\n"));
writel(MPI2_WRSEQ_FLUSH_KEY_VALUE, &ioc->chip->WriteSequence);
- drsprintk(ioc, pr_info(MPT3SAS_FMT
- "Wait for FW to go to the READY state\n", ioc->name));
+ drsprintk(ioc, ioc_info(ioc, "Wait for FW to go to the READY state\n"));
ioc_state = _base_wait_on_iocstate(ioc, MPI2_IOC_STATE_READY, 20);
if (ioc_state) {
- pr_err(MPT3SAS_FMT
- "%s: failed going to ready state (ioc_state=0x%x)\n",
- ioc->name, __func__, ioc_state);
+ ioc_err(ioc, "%s: failed going to ready state (ioc_state=0x%x)\n",
+ __func__, ioc_state);
goto out;
}
- pr_info(MPT3SAS_FMT "diag reset: SUCCESS\n", ioc->name);
+ ioc_info(ioc, "diag reset: SUCCESS\n");
return 0;
out:
- pr_err(MPT3SAS_FMT "diag reset: FAILED\n", ioc->name);
+ ioc_err(ioc, "diag reset: FAILED\n");
return -EFAULT;
}
@@ -6239,15 +6118,15 @@ _base_make_ioc_ready(struct MPT3SAS_ADAPTER *ioc, enum reset_type type)
int rc;
int count;
- dinitprintk(ioc, pr_info(MPT3SAS_FMT "%s\n", ioc->name,
- __func__));
+ dinitprintk(ioc, ioc_info(ioc, "%s\n", __func__));
if (ioc->pci_error_recovery)
return 0;
ioc_state = mpt3sas_base_get_iocstate(ioc, 0);
- dhsprintk(ioc, pr_info(MPT3SAS_FMT "%s: ioc_state(0x%08x)\n",
- ioc->name, __func__, ioc_state));
+ dhsprintk(ioc,
+ ioc_info(ioc, "%s: ioc_state(0x%08x)\n",
+ __func__, ioc_state));
/* if in RESET state, it should move to READY state shortly */
count = 0;
@@ -6255,9 +6134,8 @@ _base_make_ioc_ready(struct MPT3SAS_ADAPTER *ioc, enum reset_type type)
while ((ioc_state & MPI2_IOC_STATE_MASK) !=
MPI2_IOC_STATE_READY) {
if (count++ == 10) {
- pr_err(MPT3SAS_FMT
- "%s: failed going to ready state (ioc_state=0x%x)\n",
- ioc->name, __func__, ioc_state);
+ ioc_err(ioc, "%s: failed going to ready state (ioc_state=0x%x)\n",
+ __func__, ioc_state);
return -EFAULT;
}
ssleep(1);
@@ -6269,9 +6147,7 @@ _base_make_ioc_ready(struct MPT3SAS_ADAPTER *ioc, enum reset_type type)
return 0;
if (ioc_state & MPI2_DOORBELL_USED) {
- dhsprintk(ioc, pr_info(MPT3SAS_FMT
- "unexpected doorbell active!\n",
- ioc->name));
+ dhsprintk(ioc, ioc_info(ioc, "unexpected doorbell active!\n"));
goto issue_diag_reset;
}
@@ -6315,8 +6191,7 @@ _base_make_ioc_operational(struct MPT3SAS_ADAPTER *ioc)
struct adapter_reply_queue *reply_q;
Mpi2ReplyDescriptorsUnion_t *reply_post_free_contig;
- dinitprintk(ioc, pr_info(MPT3SAS_FMT "%s\n", ioc->name,
- __func__));
+ dinitprintk(ioc, ioc_info(ioc, "%s\n", __func__));
/* clean the delayed target reset list */
list_for_each_entry_safe(delayed_tr, delayed_tr_next,
@@ -6476,8 +6351,7 @@ _base_make_ioc_operational(struct MPT3SAS_ADAPTER *ioc)
void
mpt3sas_base_free_resources(struct MPT3SAS_ADAPTER *ioc)
{
- dexitprintk(ioc, pr_info(MPT3SAS_FMT "%s\n", ioc->name,
- __func__));
+ dexitprintk(ioc, ioc_info(ioc, "%s\n", __func__));
/* synchronizing freeing resource with pci_access_mutex lock */
mutex_lock(&ioc->pci_access_mutex);
@@ -6505,8 +6379,7 @@ mpt3sas_base_attach(struct MPT3SAS_ADAPTER *ioc)
int r, i;
int cpu_id, last_cpu_id = 0;
- dinitprintk(ioc, pr_info(MPT3SAS_FMT "%s\n", ioc->name,
- __func__));
+ dinitprintk(ioc, ioc_info(ioc, "%s\n", __func__));
/* setup cpu_msix_table */
ioc->cpu_count = num_online_cpus();
@@ -6516,9 +6389,8 @@ mpt3sas_base_attach(struct MPT3SAS_ADAPTER *ioc)
ioc->cpu_msix_table = kzalloc(ioc->cpu_msix_table_sz, GFP_KERNEL);
ioc->reply_queue_count = 1;
if (!ioc->cpu_msix_table) {
- dfailprintk(ioc, pr_info(MPT3SAS_FMT
- "allocation for cpu_msix_table failed!!!\n",
- ioc->name));
+ dfailprintk(ioc,
+ ioc_info(ioc, "allocation for cpu_msix_table failed!!!\n"));
r = -ENOMEM;
goto out_free_resources;
}
@@ -6527,9 +6399,8 @@ mpt3sas_base_attach(struct MPT3SAS_ADAPTER *ioc)
ioc->reply_post_host_index = kcalloc(ioc->cpu_msix_table_sz,
sizeof(resource_size_t *), GFP_KERNEL);
if (!ioc->reply_post_host_index) {
- dfailprintk(ioc, pr_info(MPT3SAS_FMT "allocation "
- "for reply_post_host_index failed!!!\n",
- ioc->name));
+ dfailprintk(ioc,
+ ioc_info(ioc, "allocation for reply_post_host_index failed!!!\n"));
r = -ENOMEM;
goto out_free_resources;
}
@@ -6762,8 +6633,7 @@ mpt3sas_base_attach(struct MPT3SAS_ADAPTER *ioc)
void
mpt3sas_base_detach(struct MPT3SAS_ADAPTER *ioc)
{
- dexitprintk(ioc, pr_info(MPT3SAS_FMT "%s\n", ioc->name,
- __func__));
+ dexitprintk(ioc, ioc_info(ioc, "%s\n", __func__));
mpt3sas_base_stop_watchdog(ioc);
mpt3sas_base_free_resources(ioc);
@@ -6796,8 +6666,7 @@ static void _base_pre_reset_handler(struct MPT3SAS_ADAPTER *ioc)
{
mpt3sas_scsih_pre_reset_handler(ioc);
mpt3sas_ctl_pre_reset_handler(ioc);
- dtmprintk(ioc, pr_info(MPT3SAS_FMT
- "%s: MPT3_IOC_PRE_RESET\n", ioc->name, __func__));
+ dtmprintk(ioc, ioc_info(ioc, "%s: MPT3_IOC_PRE_RESET\n", __func__));
}
/**
@@ -6808,8 +6677,7 @@ static void _base_after_reset_handler(struct MPT3SAS_ADAPTER *ioc)
{
mpt3sas_scsih_after_reset_handler(ioc);
mpt3sas_ctl_after_reset_handler(ioc);
- dtmprintk(ioc, pr_info(MPT3SAS_FMT
- "%s: MPT3_IOC_AFTER_RESET\n", ioc->name, __func__));
+ dtmprintk(ioc, ioc_info(ioc, "%s: MPT3_IOC_AFTER_RESET\n", __func__));
if (ioc->transport_cmds.status & MPT3_CMD_PENDING) {
ioc->transport_cmds.status |= MPT3_CMD_RESET;
mpt3sas_base_free_smid(ioc, ioc->transport_cmds.smid);
@@ -6850,8 +6718,7 @@ static void _base_reset_done_handler(struct MPT3SAS_ADAPTER *ioc)
{
mpt3sas_scsih_reset_done_handler(ioc);
mpt3sas_ctl_reset_done_handler(ioc);
- dtmprintk(ioc, pr_info(MPT3SAS_FMT
- "%s: MPT3_IOC_DONE_RESET\n", ioc->name, __func__));
+ dtmprintk(ioc, ioc_info(ioc, "%s: MPT3_IOC_DONE_RESET\n", __func__));
}
/**
@@ -6898,12 +6765,10 @@ mpt3sas_base_hard_reset_handler(struct MPT3SAS_ADAPTER *ioc,
u32 ioc_state;
u8 is_fault = 0, is_trigger = 0;
- dtmprintk(ioc, pr_info(MPT3SAS_FMT "%s: enter\n", ioc->name,
- __func__));
+ dtmprintk(ioc, ioc_info(ioc, "%s: enter\n", __func__));
if (ioc->pci_error_recovery) {
- pr_err(MPT3SAS_FMT "%s: pci error recovery reset\n",
- ioc->name, __func__);
+ ioc_err(ioc, "%s: pci error recovery reset\n", __func__);
r = 0;
goto out_unlocked;
}
@@ -6957,8 +6822,9 @@ mpt3sas_base_hard_reset_handler(struct MPT3SAS_ADAPTER *ioc,
_base_reset_done_handler(ioc);
out:
- dtmprintk(ioc, pr_info(MPT3SAS_FMT "%s: %s\n",
- ioc->name, __func__, ((r == 0) ? "SUCCESS" : "FAILED")));
+ dtmprintk(ioc,
+ ioc_info(ioc, "%s: %s\n",
+ __func__, r == 0 ? "SUCCESS" : "FAILED"));
spin_lock_irqsave(&ioc->ioc_reset_in_progress_lock, flags);
ioc->shost_recovery = 0;
@@ -6974,7 +6840,6 @@ mpt3sas_base_hard_reset_handler(struct MPT3SAS_ADAPTER *ioc,
mpt3sas_trigger_master(ioc,
MASTER_TRIGGER_ADAPTER_RESET);
}
- dtmprintk(ioc, pr_info(MPT3SAS_FMT "%s: exit\n", ioc->name,
- __func__));
+ dtmprintk(ioc, ioc_info(ioc, "%s: exit\n", __func__));
return r;
}
diff --git a/drivers/scsi/mpt3sas/mpt3sas_config.c b/drivers/scsi/mpt3sas/mpt3sas_config.c
index 9b01c5a7aebd..fff7d5cd266d 100644
--- a/drivers/scsi/mpt3sas/mpt3sas_config.c
+++ b/drivers/scsi/mpt3sas/mpt3sas_config.c
@@ -175,20 +175,18 @@ _config_display_some_debug(struct MPT3SAS_ADAPTER *ioc, u16 smid,
if (!desc)
return;
- pr_info(MPT3SAS_FMT
- "%s: %s(%d), action(%d), form(0x%08x), smid(%d)\n",
- ioc->name, calling_function_name, desc,
- mpi_request->Header.PageNumber, mpi_request->Action,
- le32_to_cpu(mpi_request->PageAddress), smid);
+ ioc_info(ioc, "%s: %s(%d), action(%d), form(0x%08x), smid(%d)\n",
+ calling_function_name, desc,
+ mpi_request->Header.PageNumber, mpi_request->Action,
+ le32_to_cpu(mpi_request->PageAddress), smid);
if (!mpi_reply)
return;
if (mpi_reply->IOCStatus || mpi_reply->IOCLogInfo)
- pr_info(MPT3SAS_FMT
- "\tiocstatus(0x%04x), loginfo(0x%08x)\n",
- ioc->name, le16_to_cpu(mpi_reply->IOCStatus),
- le32_to_cpu(mpi_reply->IOCLogInfo));
+ ioc_info(ioc, "\tiocstatus(0x%04x), loginfo(0x%08x)\n",
+ le16_to_cpu(mpi_reply->IOCStatus),
+ le32_to_cpu(mpi_reply->IOCLogInfo));
}
/**
@@ -210,9 +208,8 @@ _config_alloc_config_dma_memory(struct MPT3SAS_ADAPTER *ioc,
mem->page = dma_alloc_coherent(&ioc->pdev->dev, mem->sz,
&mem->page_dma, GFP_KERNEL);
if (!mem->page) {
- pr_err(MPT3SAS_FMT
- "%s: dma_alloc_coherent failed asking for (%d) bytes!!\n",
- ioc->name, __func__, mem->sz);
+ ioc_err(ioc, "%s: dma_alloc_coherent failed asking for (%d) bytes!!\n",
+ __func__, mem->sz);
r = -ENOMEM;
}
} else { /* use tmp buffer if less than 512 bytes */
@@ -313,8 +310,7 @@ _config_request(struct MPT3SAS_ADAPTER *ioc, Mpi2ConfigRequest_t
mutex_lock(&ioc->config_cmds.mutex);
if (ioc->config_cmds.status != MPT3_CMD_NOT_USED) {
- pr_err(MPT3SAS_FMT "%s: config_cmd in use\n",
- ioc->name, __func__);
+ ioc_err(ioc, "%s: config_cmd in use\n", __func__);
mutex_unlock(&ioc->config_cmds.mutex);
return -EAGAIN;
}
@@ -362,34 +358,30 @@ _config_request(struct MPT3SAS_ADAPTER *ioc, Mpi2ConfigRequest_t
r = -EFAULT;
goto free_mem;
}
- pr_info(MPT3SAS_FMT "%s: attempting retry (%d)\n",
- ioc->name, __func__, retry_count);
+ ioc_info(ioc, "%s: attempting retry (%d)\n",
+ __func__, retry_count);
}
wait_state_count = 0;
ioc_state = mpt3sas_base_get_iocstate(ioc, 1);
while (ioc_state != MPI2_IOC_STATE_OPERATIONAL) {
if (wait_state_count++ == MPT3_CONFIG_PAGE_DEFAULT_TIMEOUT) {
- pr_err(MPT3SAS_FMT
- "%s: failed due to ioc not operational\n",
- ioc->name, __func__);
+ ioc_err(ioc, "%s: failed due to ioc not operational\n",
+ __func__);
ioc->config_cmds.status = MPT3_CMD_NOT_USED;
r = -EFAULT;
goto free_mem;
}
ssleep(1);
ioc_state = mpt3sas_base_get_iocstate(ioc, 1);
- pr_info(MPT3SAS_FMT
- "%s: waiting for operational state(count=%d)\n",
- ioc->name, __func__, wait_state_count);
+ ioc_info(ioc, "%s: waiting for operational state(count=%d)\n",
+ __func__, wait_state_count);
}
if (wait_state_count)
- pr_info(MPT3SAS_FMT "%s: ioc is operational\n",
- ioc->name, __func__);
+ ioc_info(ioc, "%s: ioc is operational\n", __func__);
smid = mpt3sas_base_get_smid(ioc, ioc->config_cb_idx);
if (!smid) {
- pr_err(MPT3SAS_FMT "%s: failed obtaining a smid\n",
- ioc->name, __func__);
+ ioc_err(ioc, "%s: failed obtaining a smid\n", __func__);
ioc->config_cmds.status = MPT3_CMD_NOT_USED;
r = -EAGAIN;
goto free_mem;
@@ -453,8 +445,8 @@ _config_request(struct MPT3SAS_ADAPTER *ioc, Mpi2ConfigRequest_t
}
if (retry_count)
- pr_info(MPT3SAS_FMT "%s: retry (%d) completed!!\n", \
- ioc->name, __func__, retry_count);
+ ioc_info(ioc, "%s: retry (%d) completed!!\n",
+ __func__, retry_count);
if ((ioc_status == MPI2_IOCSTATUS_SUCCESS) &&
config_page && mpi_request->Action ==
diff --git a/drivers/scsi/mpt3sas/mpt3sas_ctl.c b/drivers/scsi/mpt3sas/mpt3sas_ctl.c
index 8cfb4f12c68c..af7f705ebecf 100644
--- a/drivers/scsi/mpt3sas/mpt3sas_ctl.c
+++ b/drivers/scsi/mpt3sas/mpt3sas_ctl.c
@@ -185,17 +185,15 @@ _ctl_display_some_debug(struct MPT3SAS_ADAPTER *ioc, u16 smid,
if (!desc)
return;
- pr_info(MPT3SAS_FMT "%s: %s, smid(%d)\n",
- ioc->name, calling_function_name, desc, smid);
+ ioc_info(ioc, "%s: %s, smid(%d)\n", calling_function_name, desc, smid);
if (!mpi_reply)
return;
if (mpi_reply->IOCStatus || mpi_reply->IOCLogInfo)
- pr_info(MPT3SAS_FMT
- "\tiocstatus(0x%04x), loginfo(0x%08x)\n",
- ioc->name, le16_to_cpu(mpi_reply->IOCStatus),
- le32_to_cpu(mpi_reply->IOCLogInfo));
+ ioc_info(ioc, "\tiocstatus(0x%04x), loginfo(0x%08x)\n",
+ le16_to_cpu(mpi_reply->IOCStatus),
+ le32_to_cpu(mpi_reply->IOCLogInfo));
if (mpi_request->Function == MPI2_FUNCTION_SCSI_IO_REQUEST ||
mpi_request->Function ==
@@ -208,38 +206,32 @@ _ctl_display_some_debug(struct MPT3SAS_ADAPTER *ioc, u16 smid,
sas_device = mpt3sas_get_sdev_by_handle(ioc,
le16_to_cpu(scsi_reply->DevHandle));
if (sas_device) {
- pr_warn(MPT3SAS_FMT "\tsas_address(0x%016llx), phy(%d)\n",
- ioc->name, (unsigned long long)
- sas_device->sas_address, sas_device->phy);
- pr_warn(MPT3SAS_FMT
- "\tenclosure_logical_id(0x%016llx), slot(%d)\n",
- ioc->name, (unsigned long long)
- sas_device->enclosure_logical_id, sas_device->slot);
+ ioc_warn(ioc, "\tsas_address(0x%016llx), phy(%d)\n",
+ (u64)sas_device->sas_address,
+ sas_device->phy);
+ ioc_warn(ioc, "\tenclosure_logical_id(0x%016llx), slot(%d)\n",
+ (u64)sas_device->enclosure_logical_id,
+ sas_device->slot);
sas_device_put(sas_device);
}
if (!sas_device) {
pcie_device = mpt3sas_get_pdev_by_handle(ioc,
le16_to_cpu(scsi_reply->DevHandle));
if (pcie_device) {
- pr_warn(MPT3SAS_FMT
- "\tWWID(0x%016llx), port(%d)\n", ioc->name,
- (unsigned long long)pcie_device->wwid,
- pcie_device->port_num);
+ ioc_warn(ioc, "\tWWID(0x%016llx), port(%d)\n",
+ (unsigned long long)pcie_device->wwid,
+ pcie_device->port_num);
if (pcie_device->enclosure_handle != 0)
- pr_warn(MPT3SAS_FMT
- "\tenclosure_logical_id(0x%016llx), slot(%d)\n",
- ioc->name, (unsigned long long)
- pcie_device->enclosure_logical_id,
- pcie_device->slot);
+ ioc_warn(ioc, "\tenclosure_logical_id(0x%016llx), slot(%d)\n",
+ (u64)pcie_device->enclosure_logical_id,
+ pcie_device->slot);
pcie_device_put(pcie_device);
}
}
if (scsi_reply->SCSIState || scsi_reply->SCSIStatus)
- pr_info(MPT3SAS_FMT
- "\tscsi_state(0x%02x), scsi_status"
- "(0x%02x)\n", ioc->name,
- scsi_reply->SCSIState,
- scsi_reply->SCSIStatus);
+ ioc_info(ioc, "\tscsi_state(0x%02x), scsi_status(0x%02x)\n",
+ scsi_reply->SCSIState,
+ scsi_reply->SCSIStatus);
}
}
@@ -466,8 +458,7 @@ void mpt3sas_ctl_pre_reset_handler(struct MPT3SAS_ADAPTER *ioc)
int i;
u8 issue_reset;
- dtmprintk(ioc, pr_info(MPT3SAS_FMT
- "%s: MPT3_IOC_PRE_RESET\n", ioc->name, __func__));
+ dtmprintk(ioc, ioc_info(ioc, "%s: MPT3_IOC_PRE_RESET\n", __func__));
for (i = 0; i < MPI2_DIAG_BUF_TYPE_COUNT; i++) {
if (!(ioc->diag_buffer_status[i] &
MPT3_DIAG_BUFFER_IS_REGISTERED))
@@ -487,8 +478,7 @@ void mpt3sas_ctl_pre_reset_handler(struct MPT3SAS_ADAPTER *ioc)
*/
void mpt3sas_ctl_after_reset_handler(struct MPT3SAS_ADAPTER *ioc)
{
- dtmprintk(ioc, pr_info(MPT3SAS_FMT
- "%s: MPT3_IOC_AFTER_RESET\n", ioc->name, __func__));
+ dtmprintk(ioc, ioc_info(ioc, "%s: MPT3_IOC_AFTER_RESET\n", __func__));
if (ioc->ctl_cmds.status & MPT3_CMD_PENDING) {
ioc->ctl_cmds.status |= MPT3_CMD_RESET;
mpt3sas_base_free_smid(ioc, ioc->ctl_cmds.smid);
@@ -506,8 +496,7 @@ void mpt3sas_ctl_reset_done_handler(struct MPT3SAS_ADAPTER *ioc)
{
int i;
- dtmprintk(ioc, pr_info(MPT3SAS_FMT
- "%s: MPT3_IOC_DONE_RESET\n", ioc->name, __func__));
+ dtmprintk(ioc, ioc_info(ioc, "%s: MPT3_IOC_DONE_RESET\n", __func__));
for (i = 0; i < MPI2_DIAG_BUF_TYPE_COUNT; i++) {
if (!(ioc->diag_buffer_status[i] &
@@ -612,10 +601,10 @@ _ctl_set_task_mid(struct MPT3SAS_ADAPTER *ioc, struct mpt3_ioctl_command *karg,
}
if (!found) {
- dctlprintk(ioc, pr_info(MPT3SAS_FMT
- "%s: handle(0x%04x), lun(%d), no active mid!!\n",
- ioc->name,
- desc, le16_to_cpu(tm_request->DevHandle), lun));
+ dctlprintk(ioc,
+ ioc_info(ioc, "%s: handle(0x%04x), lun(%d), no active mid!!\n",
+ desc, le16_to_cpu(tm_request->DevHandle),
+ lun));
tm_reply = ioc->ctl_cmds.reply;
tm_reply->DevHandle = tm_request->DevHandle;
tm_reply->Function = MPI2_FUNCTION_SCSI_TASK_MGMT;
@@ -631,10 +620,10 @@ _ctl_set_task_mid(struct MPT3SAS_ADAPTER *ioc, struct mpt3_ioctl_command *karg,
return 1;
}
- dctlprintk(ioc, pr_info(MPT3SAS_FMT
- "%s: handle(0x%04x), lun(%d), task_mid(%d)\n", ioc->name,
- desc, le16_to_cpu(tm_request->DevHandle), lun,
- le16_to_cpu(tm_request->TaskMID)));
+ dctlprintk(ioc,
+ ioc_info(ioc, "%s: handle(0x%04x), lun(%d), task_mid(%d)\n",
+ desc, le16_to_cpu(tm_request->DevHandle), lun,
+ le16_to_cpu(tm_request->TaskMID)));
return 0;
}
@@ -672,8 +661,7 @@ _ctl_do_mpt_command(struct MPT3SAS_ADAPTER *ioc, struct mpt3_ioctl_command karg,
issue_reset = 0;
if (ioc->ctl_cmds.status != MPT3_CMD_NOT_USED) {
- pr_err(MPT3SAS_FMT "%s: ctl_cmd in use\n",
- ioc->name, __func__);
+ ioc_err(ioc, "%s: ctl_cmd in use\n", __func__);
ret = -EAGAIN;
goto out;
}
@@ -682,28 +670,23 @@ _ctl_do_mpt_command(struct MPT3SAS_ADAPTER *ioc, struct mpt3_ioctl_command karg,
ioc_state = mpt3sas_base_get_iocstate(ioc, 1);
while (ioc_state != MPI2_IOC_STATE_OPERATIONAL) {
if (wait_state_count++ == 10) {
- pr_err(MPT3SAS_FMT
- "%s: failed due to ioc not operational\n",
- ioc->name, __func__);
+ ioc_err(ioc, "%s: failed due to ioc not operational\n",
+ __func__);
ret = -EFAULT;
goto out;
}
ssleep(1);
ioc_state = mpt3sas_base_get_iocstate(ioc, 1);
- pr_info(MPT3SAS_FMT
- "%s: waiting for operational state(count=%d)\n",
- ioc->name,
- __func__, wait_state_count);
+ ioc_info(ioc, "%s: waiting for operational state(count=%d)\n",
+ __func__, wait_state_count);
}
if (wait_state_count)
- pr_info(MPT3SAS_FMT "%s: ioc is operational\n",
- ioc->name, __func__);
+ ioc_info(ioc, "%s: ioc is operational\n", __func__);
mpi_request = kzalloc(ioc->request_sz, GFP_KERNEL);
if (!mpi_request) {
- pr_err(MPT3SAS_FMT
- "%s: failed obtaining a memory for mpi_request\n",
- ioc->name, __func__);
+ ioc_err(ioc, "%s: failed obtaining a memory for mpi_request\n",
+ __func__);
ret = -ENOMEM;
goto out;
}
@@ -726,8 +709,7 @@ _ctl_do_mpt_command(struct MPT3SAS_ADAPTER *ioc, struct mpt3_ioctl_command karg,
if (mpi_request->Function == MPI2_FUNCTION_SCSI_TASK_MGMT) {
smid = mpt3sas_base_get_smid_hpr(ioc, ioc->ctl_cb_idx);
if (!smid) {
- pr_err(MPT3SAS_FMT "%s: failed obtaining a smid\n",
- ioc->name, __func__);
+ ioc_err(ioc, "%s: failed obtaining a smid\n", __func__);
ret = -EAGAIN;
goto out;
}
@@ -823,9 +805,9 @@ _ctl_do_mpt_command(struct MPT3SAS_ADAPTER *ioc, struct mpt3_ioctl_command karg,
ioc->build_nvme_prp(ioc, smid, nvme_encap_request,
data_out_dma, data_out_sz, data_in_dma, data_in_sz);
if (test_bit(device_handle, ioc->device_remove_in_progress)) {
- dtmprintk(ioc, pr_info(MPT3SAS_FMT "handle(0x%04x) :"
- "ioctl failed due to device removal in progress\n",
- ioc->name, device_handle));
+ dtmprintk(ioc,
+ ioc_info(ioc, "handle(0x%04x): ioctl failed due to device removal in progress\n",
+ device_handle));
mpt3sas_base_free_smid(ioc, smid);
ret = -EINVAL;
goto out;
@@ -843,9 +825,9 @@ _ctl_do_mpt_command(struct MPT3SAS_ADAPTER *ioc, struct mpt3_ioctl_command karg,
mpt3sas_base_get_sense_buffer_dma(ioc, smid);
memset(ioc->ctl_cmds.sense, 0, SCSI_SENSE_BUFFERSIZE);
if (test_bit(device_handle, ioc->device_remove_in_progress)) {
- dtmprintk(ioc, pr_info(MPT3SAS_FMT
- "handle(0x%04x) :ioctl failed due to device removal in progress\n",
- ioc->name, device_handle));
+ dtmprintk(ioc,
+ ioc_info(ioc, "handle(0x%04x) :ioctl failed due to device removal in progress\n",
+ device_handle));
mpt3sas_base_free_smid(ioc, smid);
ret = -EINVAL;
goto out;
@@ -863,10 +845,10 @@ _ctl_do_mpt_command(struct MPT3SAS_ADAPTER *ioc, struct mpt3_ioctl_command karg,
Mpi2SCSITaskManagementRequest_t *tm_request =
(Mpi2SCSITaskManagementRequest_t *)request;
- dtmprintk(ioc, pr_info(MPT3SAS_FMT
- "TASK_MGMT: handle(0x%04x), task_type(0x%02x)\n",
- ioc->name,
- le16_to_cpu(tm_request->DevHandle), tm_request->TaskType));
+ dtmprintk(ioc,
+ ioc_info(ioc, "TASK_MGMT: handle(0x%04x), task_type(0x%02x)\n",
+ le16_to_cpu(tm_request->DevHandle),
+ tm_request->TaskType));
ioc->got_task_abort_from_ioctl = 1;
if (tm_request->TaskType ==
MPI2_SCSITASKMGMT_TASKTYPE_ABORT_TASK ||
@@ -881,9 +863,9 @@ _ctl_do_mpt_command(struct MPT3SAS_ADAPTER *ioc, struct mpt3_ioctl_command karg,
ioc->got_task_abort_from_ioctl = 0;
if (test_bit(device_handle, ioc->device_remove_in_progress)) {
- dtmprintk(ioc, pr_info(MPT3SAS_FMT
- "handle(0x%04x) :ioctl failed due to device removal in progress\n",
- ioc->name, device_handle));
+ dtmprintk(ioc,
+ ioc_info(ioc, "handle(0x%04x) :ioctl failed due to device removal in progress\n",
+ device_handle));
mpt3sas_base_free_smid(ioc, smid);
ret = -EINVAL;
goto out;
@@ -929,9 +911,9 @@ _ctl_do_mpt_command(struct MPT3SAS_ADAPTER *ioc, struct mpt3_ioctl_command karg,
case MPI2_FUNCTION_SATA_PASSTHROUGH:
{
if (test_bit(device_handle, ioc->device_remove_in_progress)) {
- dtmprintk(ioc, pr_info(MPT3SAS_FMT
- "handle(0x%04x) :ioctl failed due to device removal in progress\n",
- ioc->name, device_handle));
+ dtmprintk(ioc,
+ ioc_info(ioc, "handle(0x%04x) :ioctl failed due to device removal in progress\n",
+ device_handle));
mpt3sas_base_free_smid(ioc, smid);
ret = -EINVAL;
goto out;
@@ -1017,12 +999,10 @@ _ctl_do_mpt_command(struct MPT3SAS_ADAPTER *ioc, struct mpt3_ioctl_command karg,
Mpi2SCSITaskManagementReply_t *tm_reply =
(Mpi2SCSITaskManagementReply_t *)mpi_reply;
- pr_info(MPT3SAS_FMT "TASK_MGMT: " \
- "IOCStatus(0x%04x), IOCLogInfo(0x%08x), "
- "TerminationCount(0x%08x)\n", ioc->name,
- le16_to_cpu(tm_reply->IOCStatus),
- le32_to_cpu(tm_reply->IOCLogInfo),
- le32_to_cpu(tm_reply->TerminationCount));
+ ioc_info(ioc, "TASK_MGMT: IOCStatus(0x%04x), IOCLogInfo(0x%08x), TerminationCount(0x%08x)\n",
+ le16_to_cpu(tm_reply->IOCStatus),
+ le32_to_cpu(tm_reply->IOCLogInfo),
+ le32_to_cpu(tm_reply->TerminationCount));
}
/* copy out xdata to user */
@@ -1054,9 +1034,7 @@ _ctl_do_mpt_command(struct MPT3SAS_ADAPTER *ioc, struct mpt3_ioctl_command karg,
MPI2_FUNCTION_RAID_SCSI_IO_PASSTHROUGH || mpi_request->Function ==
MPI2_FUNCTION_NVME_ENCAPSULATED)) {
if (karg.sense_data_ptr == NULL) {
- pr_info(MPT3SAS_FMT "Response buffer provided"
- " by application is NULL; Response data will"
- " not be returned.\n", ioc->name);
+ ioc_info(ioc, "Response buffer provided by application is NULL; Response data will not be returned\n");
goto out;
}
sz_arg = (mpi_request->Function ==
@@ -1079,9 +1057,8 @@ _ctl_do_mpt_command(struct MPT3SAS_ADAPTER *ioc, struct mpt3_ioctl_command karg,
mpi_request->Function ==
MPI2_FUNCTION_RAID_SCSI_IO_PASSTHROUGH ||
mpi_request->Function == MPI2_FUNCTION_SATA_PASSTHROUGH)) {
- pr_info(MPT3SAS_FMT "issue target reset: handle = (0x%04x)\n",
- ioc->name,
- le16_to_cpu(mpi_request->FunctionDependent1));
+ ioc_info(ioc, "issue target reset: handle = (0x%04x)\n",
+ le16_to_cpu(mpi_request->FunctionDependent1));
mpt3sas_halt_firmware(ioc);
pcie_device = mpt3sas_get_pdev_by_handle(ioc,
le16_to_cpu(mpi_request->FunctionDependent1));
@@ -1128,8 +1105,8 @@ _ctl_getiocinfo(struct MPT3SAS_ADAPTER *ioc, void __user *arg)
{
struct mpt3_ioctl_iocinfo karg;
- dctlprintk(ioc, pr_info(MPT3SAS_FMT "%s: enter\n", ioc->name,
- __func__));
+ dctlprintk(ioc, ioc_info(ioc, "%s: enter\n",
+ __func__));
memset(&karg, 0 , sizeof(karg));
if (ioc->pfacts)
@@ -1188,8 +1165,8 @@ _ctl_eventquery(struct MPT3SAS_ADAPTER *ioc, void __user *arg)
return -EFAULT;
}
- dctlprintk(ioc, pr_info(MPT3SAS_FMT "%s: enter\n", ioc->name,
- __func__));
+ dctlprintk(ioc, ioc_info(ioc, "%s: enter\n",
+ __func__));
karg.event_entries = MPT3SAS_CTL_EVENT_LOG_SIZE;
memcpy(karg.event_types, ioc->event_type,
@@ -1219,8 +1196,8 @@ _ctl_eventenable(struct MPT3SAS_ADAPTER *ioc, void __user *arg)
return -EFAULT;
}
- dctlprintk(ioc, pr_info(MPT3SAS_FMT "%s: enter\n", ioc->name,
- __func__));
+ dctlprintk(ioc, ioc_info(ioc, "%s: enter\n",
+ __func__));
memcpy(ioc->event_type, karg.event_types,
MPI2_EVENT_NOTIFY_EVENTMASK_WORDS * sizeof(u32));
@@ -1259,8 +1236,8 @@ _ctl_eventreport(struct MPT3SAS_ADAPTER *ioc, void __user *arg)
return -EFAULT;
}
- dctlprintk(ioc, pr_info(MPT3SAS_FMT "%s: enter\n", ioc->name,
- __func__));
+ dctlprintk(ioc, ioc_info(ioc, "%s: enter\n",
+ __func__));
number_bytes = karg.hdr.max_data_size -
sizeof(struct mpt3_ioctl_header);
@@ -1306,12 +1283,11 @@ _ctl_do_reset(struct MPT3SAS_ADAPTER *ioc, void __user *arg)
ioc->is_driver_loading)
return -EAGAIN;
- dctlprintk(ioc, pr_info(MPT3SAS_FMT "%s: enter\n", ioc->name,
- __func__));
+ dctlprintk(ioc, ioc_info(ioc, "%s: enter\n",
+ __func__));
retval = mpt3sas_base_hard_reset_handler(ioc, FORCE_BIG_HAMMER);
- pr_info(MPT3SAS_FMT "host reset: %s\n",
- ioc->name, ((!retval) ? "SUCCESS" : "FAILED"));
+ ioc_info(ioc, "host reset: %s\n", ((!retval) ? "SUCCESS" : "FAILED"));
return 0;
}
@@ -1440,8 +1416,8 @@ _ctl_btdh_mapping(struct MPT3SAS_ADAPTER *ioc, void __user *arg)
return -EFAULT;
}
- dctlprintk(ioc, pr_info(MPT3SAS_FMT "%s\n", ioc->name,
- __func__));
+ dctlprintk(ioc, ioc_info(ioc, "%s\n",
+ __func__));
rc = _ctl_btdh_search_sas_device(ioc, &karg);
if (!rc)
@@ -1512,53 +1488,46 @@ _ctl_diag_register_2(struct MPT3SAS_ADAPTER *ioc,
u32 ioc_state;
u8 issue_reset = 0;
- dctlprintk(ioc, pr_info(MPT3SAS_FMT "%s\n", ioc->name,
- __func__));
+ dctlprintk(ioc, ioc_info(ioc, "%s\n",
+ __func__));
ioc_state = mpt3sas_base_get_iocstate(ioc, 1);
if (ioc_state != MPI2_IOC_STATE_OPERATIONAL) {
- pr_err(MPT3SAS_FMT
- "%s: failed due to ioc not operational\n",
- ioc->name, __func__);
+ ioc_err(ioc, "%s: failed due to ioc not operational\n",
+ __func__);
rc = -EAGAIN;
goto out;
}
if (ioc->ctl_cmds.status != MPT3_CMD_NOT_USED) {
- pr_err(MPT3SAS_FMT "%s: ctl_cmd in use\n",
- ioc->name, __func__);
+ ioc_err(ioc, "%s: ctl_cmd in use\n", __func__);
rc = -EAGAIN;
goto out;
}
buffer_type = diag_register->buffer_type;
if (!_ctl_diag_capability(ioc, buffer_type)) {
- pr_err(MPT3SAS_FMT
- "%s: doesn't have capability for buffer_type(0x%02x)\n",
- ioc->name, __func__, buffer_type);
+ ioc_err(ioc, "%s: doesn't have capability for buffer_type(0x%02x)\n",
+ __func__, buffer_type);
return -EPERM;
}
if (ioc->diag_buffer_status[buffer_type] &
MPT3_DIAG_BUFFER_IS_REGISTERED) {
- pr_err(MPT3SAS_FMT
- "%s: already has a registered buffer for buffer_type(0x%02x)\n",
- ioc->name, __func__,
- buffer_type);
+ ioc_err(ioc, "%s: already has a registered buffer for buffer_type(0x%02x)\n",
+ __func__, buffer_type);
return -EINVAL;
}
if (diag_register->requested_buffer_size % 4) {
- pr_err(MPT3SAS_FMT
- "%s: the requested_buffer_size is not 4 byte aligned\n",
- ioc->name, __func__);
+ ioc_err(ioc, "%s: the requested_buffer_size is not 4 byte aligned\n",
+ __func__);
return -EINVAL;
}
smid = mpt3sas_base_get_smid(ioc, ioc->ctl_cb_idx);
if (!smid) {
- pr_err(MPT3SAS_FMT "%s: failed obtaining a smid\n",
- ioc->name, __func__);
+ ioc_err(ioc, "%s: failed obtaining a smid\n", __func__);
rc = -EAGAIN;
goto out;
}
@@ -1593,9 +1562,8 @@ _ctl_diag_register_2(struct MPT3SAS_ADAPTER *ioc,
request_data = pci_alloc_consistent(
ioc->pdev, request_data_sz, &request_data_dma);
if (request_data == NULL) {
- pr_err(MPT3SAS_FMT "%s: failed allocating memory" \
- " for diag buffers, requested size(%d)\n",
- ioc->name, __func__, request_data_sz);
+ ioc_err(ioc, "%s: failed allocating memory for diag buffers, requested size(%d)\n",
+ __func__, request_data_sz);
mpt3sas_base_free_smid(ioc, smid);
rc = -ENOMEM;
goto out;
@@ -1613,11 +1581,11 @@ _ctl_diag_register_2(struct MPT3SAS_ADAPTER *ioc,
mpi_request->VF_ID = 0; /* TODO */
mpi_request->VP_ID = 0;
- dctlprintk(ioc, pr_info(MPT3SAS_FMT
- "%s: diag_buffer(0x%p), dma(0x%llx), sz(%d)\n",
- ioc->name, __func__, request_data,
- (unsigned long long)request_data_dma,
- le32_to_cpu(mpi_request->BufferLength)));
+ dctlprintk(ioc,
+ ioc_info(ioc, "%s: diag_buffer(0x%p), dma(0x%llx), sz(%d)\n",
+ __func__, request_data,
+ (unsigned long long)request_data_dma,
+ le32_to_cpu(mpi_request->BufferLength)));
for (i = 0; i < MPT3_PRODUCT_SPECIFIC_DWORDS; i++)
mpi_request->ProductSpecific[i] =
@@ -1638,8 +1606,7 @@ _ctl_diag_register_2(struct MPT3SAS_ADAPTER *ioc,
/* process the completed Reply Message Frame */
if ((ioc->ctl_cmds.status & MPT3_CMD_REPLY_VALID) == 0) {
- pr_err(MPT3SAS_FMT "%s: no reply message\n",
- ioc->name, __func__);
+ ioc_err(ioc, "%s: no reply message\n", __func__);
rc = -EFAULT;
goto out;
}
@@ -1650,13 +1617,11 @@ _ctl_diag_register_2(struct MPT3SAS_ADAPTER *ioc,
if (ioc_status == MPI2_IOCSTATUS_SUCCESS) {
ioc->diag_buffer_status[buffer_type] |=
MPT3_DIAG_BUFFER_IS_REGISTERED;
- dctlprintk(ioc, pr_info(MPT3SAS_FMT "%s: success\n",
- ioc->name, __func__));
+ dctlprintk(ioc, ioc_info(ioc, "%s: success\n", __func__));
} else {
- pr_info(MPT3SAS_FMT
- "%s: ioc_status(0x%04x) log_info(0x%08x)\n",
- ioc->name, __func__,
- ioc_status, le32_to_cpu(mpi_reply->IOCLogInfo));
+ ioc_info(ioc, "%s: ioc_status(0x%04x) log_info(0x%08x)\n",
+ __func__,
+ ioc_status, le32_to_cpu(mpi_reply->IOCLogInfo));
rc = -EFAULT;
}
@@ -1690,8 +1655,7 @@ mpt3sas_enable_diag_buffer(struct MPT3SAS_ADAPTER *ioc, u8 bits_to_register)
memset(&diag_register, 0, sizeof(struct mpt3_diag_register));
if (bits_to_register & 1) {
- pr_info(MPT3SAS_FMT "registering trace buffer support\n",
- ioc->name);
+ ioc_info(ioc, "registering trace buffer support\n");
ioc->diag_trigger_master.MasterData =
(MASTER_TRIGGER_FW_FAULT + MASTER_TRIGGER_ADAPTER_RESET);
diag_register.buffer_type = MPI2_DIAG_BUF_TYPE_TRACE;
@@ -1702,8 +1666,7 @@ mpt3sas_enable_diag_buffer(struct MPT3SAS_ADAPTER *ioc, u8 bits_to_register)
}
if (bits_to_register & 2) {
- pr_info(MPT3SAS_FMT "registering snapshot buffer support\n",
- ioc->name);
+ ioc_info(ioc, "registering snapshot buffer support\n");
diag_register.buffer_type = MPI2_DIAG_BUF_TYPE_SNAPSHOT;
/* register for 2MB buffers */
diag_register.requested_buffer_size = 2 * (1024 * 1024);
@@ -1712,8 +1675,7 @@ mpt3sas_enable_diag_buffer(struct MPT3SAS_ADAPTER *ioc, u8 bits_to_register)
}
if (bits_to_register & 4) {
- pr_info(MPT3SAS_FMT "registering extended buffer support\n",
- ioc->name);
+ ioc_info(ioc, "registering extended buffer support\n");
diag_register.buffer_type = MPI2_DIAG_BUF_TYPE_EXTENDED;
/* register for 2MB buffers */
diag_register.requested_buffer_size = 2 * (1024 * 1024);
@@ -1769,44 +1731,39 @@ _ctl_diag_unregister(struct MPT3SAS_ADAPTER *ioc, void __user *arg)
return -EFAULT;
}
- dctlprintk(ioc, pr_info(MPT3SAS_FMT "%s\n", ioc->name,
- __func__));
+ dctlprintk(ioc, ioc_info(ioc, "%s\n",
+ __func__));
buffer_type = karg.unique_id & 0x000000ff;
if (!_ctl_diag_capability(ioc, buffer_type)) {
- pr_err(MPT3SAS_FMT
- "%s: doesn't have capability for buffer_type(0x%02x)\n",
- ioc->name, __func__, buffer_type);
+ ioc_err(ioc, "%s: doesn't have capability for buffer_type(0x%02x)\n",
+ __func__, buffer_type);
return -EPERM;
}
if ((ioc->diag_buffer_status[buffer_type] &
MPT3_DIAG_BUFFER_IS_REGISTERED) == 0) {
- pr_err(MPT3SAS_FMT
- "%s: buffer_type(0x%02x) is not registered\n",
- ioc->name, __func__, buffer_type);
+ ioc_err(ioc, "%s: buffer_type(0x%02x) is not registered\n",
+ __func__, buffer_type);
return -EINVAL;
}
if ((ioc->diag_buffer_status[buffer_type] &
MPT3_DIAG_BUFFER_IS_RELEASED) == 0) {
- pr_err(MPT3SAS_FMT
- "%s: buffer_type(0x%02x) has not been released\n",
- ioc->name, __func__, buffer_type);
+ ioc_err(ioc, "%s: buffer_type(0x%02x) has not been released\n",
+ __func__, buffer_type);
return -EINVAL;
}
if (karg.unique_id != ioc->unique_id[buffer_type]) {
- pr_err(MPT3SAS_FMT
- "%s: unique_id(0x%08x) is not registered\n",
- ioc->name, __func__, karg.unique_id);
+ ioc_err(ioc, "%s: unique_id(0x%08x) is not registered\n",
+ __func__, karg.unique_id);
return -EINVAL;
}
request_data = ioc->diag_buffer[buffer_type];
if (!request_data) {
- pr_err(MPT3SAS_FMT
- "%s: doesn't have memory allocated for buffer_type(0x%02x)\n",
- ioc->name, __func__, buffer_type);
+ ioc_err(ioc, "%s: doesn't have memory allocated for buffer_type(0x%02x)\n",
+ __func__, buffer_type);
return -ENOMEM;
}
@@ -1842,41 +1799,37 @@ _ctl_diag_query(struct MPT3SAS_ADAPTER *ioc, void __user *arg)
return -EFAULT;
}
- dctlprintk(ioc, pr_info(MPT3SAS_FMT "%s\n", ioc->name,
- __func__));
+ dctlprintk(ioc, ioc_info(ioc, "%s\n",
+ __func__));
karg.application_flags = 0;
buffer_type = karg.buffer_type;
if (!_ctl_diag_capability(ioc, buffer_type)) {
- pr_err(MPT3SAS_FMT
- "%s: doesn't have capability for buffer_type(0x%02x)\n",
- ioc->name, __func__, buffer_type);
+ ioc_err(ioc, "%s: doesn't have capability for buffer_type(0x%02x)\n",
+ __func__, buffer_type);
return -EPERM;
}
if ((ioc->diag_buffer_status[buffer_type] &
MPT3_DIAG_BUFFER_IS_REGISTERED) == 0) {
- pr_err(MPT3SAS_FMT
- "%s: buffer_type(0x%02x) is not registered\n",
- ioc->name, __func__, buffer_type);
+ ioc_err(ioc, "%s: buffer_type(0x%02x) is not registered\n",
+ __func__, buffer_type);
return -EINVAL;
}
if (karg.unique_id & 0xffffff00) {
if (karg.unique_id != ioc->unique_id[buffer_type]) {
- pr_err(MPT3SAS_FMT
- "%s: unique_id(0x%08x) is not registered\n",
- ioc->name, __func__, karg.unique_id);
+ ioc_err(ioc, "%s: unique_id(0x%08x) is not registered\n",
+ __func__, karg.unique_id);
return -EINVAL;
}
}
request_data = ioc->diag_buffer[buffer_type];
if (!request_data) {
- pr_err(MPT3SAS_FMT
- "%s: doesn't have buffer for buffer_type(0x%02x)\n",
- ioc->name, __func__, buffer_type);
+ ioc_err(ioc, "%s: doesn't have buffer for buffer_type(0x%02x)\n",
+ __func__, buffer_type);
return -ENOMEM;
}
@@ -1898,9 +1851,8 @@ _ctl_diag_query(struct MPT3SAS_ADAPTER *ioc, void __user *arg)
karg.diagnostic_flags = ioc->diagnostic_flags[buffer_type];
if (copy_to_user(arg, &karg, sizeof(struct mpt3_diag_query))) {
- pr_err(MPT3SAS_FMT
- "%s: unable to write mpt3_diag_query data @ %p\n",
- ioc->name, __func__, arg);
+ ioc_err(ioc, "%s: unable to write mpt3_diag_query data @ %p\n",
+ __func__, arg);
return -EFAULT;
}
return 0;
@@ -1924,8 +1876,8 @@ mpt3sas_send_diag_release(struct MPT3SAS_ADAPTER *ioc, u8 buffer_type,
u32 ioc_state;
int rc;
- dctlprintk(ioc, pr_info(MPT3SAS_FMT "%s\n", ioc->name,
- __func__));
+ dctlprintk(ioc, ioc_info(ioc, "%s\n",
+ __func__));
rc = 0;
*issue_reset = 0;
@@ -1936,24 +1888,22 @@ mpt3sas_send_diag_release(struct MPT3SAS_ADAPTER *ioc, u8 buffer_type,
MPT3_DIAG_BUFFER_IS_REGISTERED)
ioc->diag_buffer_status[buffer_type] |=
MPT3_DIAG_BUFFER_IS_RELEASED;
- dctlprintk(ioc, pr_info(MPT3SAS_FMT
- "%s: skipping due to FAULT state\n", ioc->name,
- __func__));
+ dctlprintk(ioc,
+ ioc_info(ioc, "%s: skipping due to FAULT state\n",
+ __func__));
rc = -EAGAIN;
goto out;
}
if (ioc->ctl_cmds.status != MPT3_CMD_NOT_USED) {
- pr_err(MPT3SAS_FMT "%s: ctl_cmd in use\n",
- ioc->name, __func__);
+ ioc_err(ioc, "%s: ctl_cmd in use\n", __func__);
rc = -EAGAIN;
goto out;
}
smid = mpt3sas_base_get_smid(ioc, ioc->ctl_cb_idx);
if (!smid) {
- pr_err(MPT3SAS_FMT "%s: failed obtaining a smid\n",
- ioc->name, __func__);
+ ioc_err(ioc, "%s: failed obtaining a smid\n", __func__);
rc = -EAGAIN;
goto out;
}
@@ -1983,8 +1933,7 @@ mpt3sas_send_diag_release(struct MPT3SAS_ADAPTER *ioc, u8 buffer_type,
/* process the completed Reply Message Frame */
if ((ioc->ctl_cmds.status & MPT3_CMD_REPLY_VALID) == 0) {
- pr_err(MPT3SAS_FMT "%s: no reply message\n",
- ioc->name, __func__);
+ ioc_err(ioc, "%s: no reply message\n", __func__);
rc = -EFAULT;
goto out;
}
@@ -1995,13 +1944,11 @@ mpt3sas_send_diag_release(struct MPT3SAS_ADAPTER *ioc, u8 buffer_type,
if (ioc_status == MPI2_IOCSTATUS_SUCCESS) {
ioc->diag_buffer_status[buffer_type] |=
MPT3_DIAG_BUFFER_IS_RELEASED;
- dctlprintk(ioc, pr_info(MPT3SAS_FMT "%s: success\n",
- ioc->name, __func__));
+ dctlprintk(ioc, ioc_info(ioc, "%s: success\n", __func__));
} else {
- pr_info(MPT3SAS_FMT
- "%s: ioc_status(0x%04x) log_info(0x%08x)\n",
- ioc->name, __func__,
- ioc_status, le32_to_cpu(mpi_reply->IOCLogInfo));
+ ioc_info(ioc, "%s: ioc_status(0x%04x) log_info(0x%08x)\n",
+ __func__,
+ ioc_status, le32_to_cpu(mpi_reply->IOCLogInfo));
rc = -EFAULT;
}
@@ -2034,47 +1981,41 @@ _ctl_diag_release(struct MPT3SAS_ADAPTER *ioc, void __user *arg)
return -EFAULT;
}
- dctlprintk(ioc, pr_info(MPT3SAS_FMT "%s\n", ioc->name,
- __func__));
+ dctlprintk(ioc, ioc_info(ioc, "%s\n",
+ __func__));
buffer_type = karg.unique_id & 0x000000ff;
if (!_ctl_diag_capability(ioc, buffer_type)) {
- pr_err(MPT3SAS_FMT
- "%s: doesn't have capability for buffer_type(0x%02x)\n",
- ioc->name, __func__, buffer_type);
+ ioc_err(ioc, "%s: doesn't have capability for buffer_type(0x%02x)\n",
+ __func__, buffer_type);
return -EPERM;
}
if ((ioc->diag_buffer_status[buffer_type] &
MPT3_DIAG_BUFFER_IS_REGISTERED) == 0) {
- pr_err(MPT3SAS_FMT
- "%s: buffer_type(0x%02x) is not registered\n",
- ioc->name, __func__, buffer_type);
+ ioc_err(ioc, "%s: buffer_type(0x%02x) is not registered\n",
+ __func__, buffer_type);
return -EINVAL;
}
if (karg.unique_id != ioc->unique_id[buffer_type]) {
- pr_err(MPT3SAS_FMT
- "%s: unique_id(0x%08x) is not registered\n",
- ioc->name, __func__, karg.unique_id);
+ ioc_err(ioc, "%s: unique_id(0x%08x) is not registered\n",
+ __func__, karg.unique_id);
return -EINVAL;
}
if (ioc->diag_buffer_status[buffer_type] &
MPT3_DIAG_BUFFER_IS_RELEASED) {
- pr_err(MPT3SAS_FMT
- "%s: buffer_type(0x%02x) is already released\n",
- ioc->name, __func__,
- buffer_type);
+ ioc_err(ioc, "%s: buffer_type(0x%02x) is already released\n",
+ __func__, buffer_type);
return 0;
}
request_data = ioc->diag_buffer[buffer_type];
if (!request_data) {
- pr_err(MPT3SAS_FMT
- "%s: doesn't have memory allocated for buffer_type(0x%02x)\n",
- ioc->name, __func__, buffer_type);
+ ioc_err(ioc, "%s: doesn't have memory allocated for buffer_type(0x%02x)\n",
+ __func__, buffer_type);
return -ENOMEM;
}
@@ -2085,9 +2026,8 @@ _ctl_diag_release(struct MPT3SAS_ADAPTER *ioc, void __user *arg)
MPT3_DIAG_BUFFER_IS_RELEASED;
ioc->diag_buffer_status[buffer_type] &=
~MPT3_DIAG_BUFFER_IS_DIAG_RESET;
- pr_err(MPT3SAS_FMT
- "%s: buffer_type(0x%02x) was released due to host reset\n",
- ioc->name, __func__, buffer_type);
+ ioc_err(ioc, "%s: buffer_type(0x%02x) was released due to host reset\n",
+ __func__, buffer_type);
return 0;
}
@@ -2125,38 +2065,34 @@ _ctl_diag_read_buffer(struct MPT3SAS_ADAPTER *ioc, void __user *arg)
return -EFAULT;
}
- dctlprintk(ioc, pr_info(MPT3SAS_FMT "%s\n", ioc->name,
- __func__));
+ dctlprintk(ioc, ioc_info(ioc, "%s\n",
+ __func__));
buffer_type = karg.unique_id & 0x000000ff;
if (!_ctl_diag_capability(ioc, buffer_type)) {
- pr_err(MPT3SAS_FMT
- "%s: doesn't have capability for buffer_type(0x%02x)\n",
- ioc->name, __func__, buffer_type);
+ ioc_err(ioc, "%s: doesn't have capability for buffer_type(0x%02x)\n",
+ __func__, buffer_type);
return -EPERM;
}
if (karg.unique_id != ioc->unique_id[buffer_type]) {
- pr_err(MPT3SAS_FMT
- "%s: unique_id(0x%08x) is not registered\n",
- ioc->name, __func__, karg.unique_id);
+ ioc_err(ioc, "%s: unique_id(0x%08x) is not registered\n",
+ __func__, karg.unique_id);
return -EINVAL;
}
request_data = ioc->diag_buffer[buffer_type];
if (!request_data) {
- pr_err(MPT3SAS_FMT
- "%s: doesn't have buffer for buffer_type(0x%02x)\n",
- ioc->name, __func__, buffer_type);
+ ioc_err(ioc, "%s: doesn't have buffer for buffer_type(0x%02x)\n",
+ __func__, buffer_type);
return -ENOMEM;
}
request_size = ioc->diag_buffer_sz[buffer_type];
if ((karg.starting_offset % 4) || (karg.bytes_to_read % 4)) {
- pr_err(MPT3SAS_FMT "%s: either the starting_offset " \
- "or bytes_to_read are not 4 byte aligned\n", ioc->name,
- __func__);
+ ioc_err(ioc, "%s: either the starting_offset or bytes_to_read are not 4 byte aligned\n",
+ __func__);
return -EINVAL;
}
@@ -2164,10 +2100,10 @@ _ctl_diag_read_buffer(struct MPT3SAS_ADAPTER *ioc, void __user *arg)
return -EINVAL;
diag_data = (void *)(request_data + karg.starting_offset);
- dctlprintk(ioc, pr_info(MPT3SAS_FMT
- "%s: diag_buffer(%p), offset(%d), sz(%d)\n",
- ioc->name, __func__,
- diag_data, karg.starting_offset, karg.bytes_to_read));
+ dctlprintk(ioc,
+ ioc_info(ioc, "%s: diag_buffer(%p), offset(%d), sz(%d)\n",
+ __func__, diag_data, karg.starting_offset,
+ karg.bytes_to_read));
/* Truncate data on requests that are too large */
if ((diag_data + karg.bytes_to_read < diag_data) ||
@@ -2178,39 +2114,36 @@ _ctl_diag_read_buffer(struct MPT3SAS_ADAPTER *ioc, void __user *arg)
if (copy_to_user((void __user *)uarg->diagnostic_data,
diag_data, copy_size)) {
- pr_err(MPT3SAS_FMT
- "%s: Unable to write mpt_diag_read_buffer_t data @ %p\n",
- ioc->name, __func__, diag_data);
+ ioc_err(ioc, "%s: Unable to write mpt_diag_read_buffer_t data @ %p\n",
+ __func__, diag_data);
return -EFAULT;
}
if ((karg.flags & MPT3_FLAGS_REREGISTER) == 0)
return 0;
- dctlprintk(ioc, pr_info(MPT3SAS_FMT
- "%s: Reregister buffer_type(0x%02x)\n",
- ioc->name, __func__, buffer_type));
+ dctlprintk(ioc,
+ ioc_info(ioc, "%s: Reregister buffer_type(0x%02x)\n",
+ __func__, buffer_type));
if ((ioc->diag_buffer_status[buffer_type] &
MPT3_DIAG_BUFFER_IS_RELEASED) == 0) {
- dctlprintk(ioc, pr_info(MPT3SAS_FMT
- "%s: buffer_type(0x%02x) is still registered\n",
- ioc->name, __func__, buffer_type));
+ dctlprintk(ioc,
+ ioc_info(ioc, "%s: buffer_type(0x%02x) is still registered\n",
+ __func__, buffer_type));
return 0;
}
/* Get a free request frame and save the message context.
*/
if (ioc->ctl_cmds.status != MPT3_CMD_NOT_USED) {
- pr_err(MPT3SAS_FMT "%s: ctl_cmd in use\n",
- ioc->name, __func__);
+ ioc_err(ioc, "%s: ctl_cmd in use\n", __func__);
rc = -EAGAIN;
goto out;
}
smid = mpt3sas_base_get_smid(ioc, ioc->ctl_cb_idx);
if (!smid) {
- pr_err(MPT3SAS_FMT "%s: failed obtaining a smid\n",
- ioc->name, __func__);
+ ioc_err(ioc, "%s: failed obtaining a smid\n", __func__);
rc = -EAGAIN;
goto out;
}
@@ -2248,8 +2181,7 @@ _ctl_diag_read_buffer(struct MPT3SAS_ADAPTER *ioc, void __user *arg)
/* process the completed Reply Message Frame */
if ((ioc->ctl_cmds.status & MPT3_CMD_REPLY_VALID) == 0) {
- pr_err(MPT3SAS_FMT "%s: no reply message\n",
- ioc->name, __func__);
+ ioc_err(ioc, "%s: no reply message\n", __func__);
rc = -EFAULT;
goto out;
}
@@ -2260,13 +2192,11 @@ _ctl_diag_read_buffer(struct MPT3SAS_ADAPTER *ioc, void __user *arg)
if (ioc_status == MPI2_IOCSTATUS_SUCCESS) {
ioc->diag_buffer_status[buffer_type] |=
MPT3_DIAG_BUFFER_IS_REGISTERED;
- dctlprintk(ioc, pr_info(MPT3SAS_FMT "%s: success\n",
- ioc->name, __func__));
+ dctlprintk(ioc, ioc_info(ioc, "%s: success\n", __func__));
} else {
- pr_info(MPT3SAS_FMT
- "%s: ioc_status(0x%04x) log_info(0x%08x)\n",
- ioc->name, __func__,
- ioc_status, le32_to_cpu(mpi_reply->IOCLogInfo));
+ ioc_info(ioc, "%s: ioc_status(0x%04x) log_info(0x%08x)\n",
+ __func__, ioc_status,
+ le32_to_cpu(mpi_reply->IOCLogInfo));
rc = -EFAULT;
}
@@ -2451,8 +2381,9 @@ _ctl_ioctl_main(struct file *file, unsigned int cmd, void __user *arg,
ret = _ctl_diag_read_buffer(ioc, arg);
break;
default:
- dctlprintk(ioc, pr_info(MPT3SAS_FMT
- "unsupported ioctl opcode(0x%08x)\n", ioc->name, cmd));
+ dctlprintk(ioc,
+ ioc_info(ioc, "unsupported ioctl opcode(0x%08x)\n",
+ cmd));
break;
}
@@ -2841,8 +2772,8 @@ _ctl_logging_level_store(struct device *cdev, struct device_attribute *attr,
return -EINVAL;
ioc->logging_level = val;
- pr_info(MPT3SAS_FMT "logging_level=%08xh\n", ioc->name,
- ioc->logging_level);
+ ioc_info(ioc, "logging_level=%08xh\n",
+ ioc->logging_level);
return strlen(buf);
}
static DEVICE_ATTR(logging_level, S_IRUGO | S_IWUSR, _ctl_logging_level_show,
@@ -2878,8 +2809,8 @@ _ctl_fwfault_debug_store(struct device *cdev, struct device_attribute *attr,
return -EINVAL;
ioc->fwfault_debug = val;
- pr_info(MPT3SAS_FMT "fwfault_debug=%d\n", ioc->name,
- ioc->fwfault_debug);
+ ioc_info(ioc, "fwfault_debug=%d\n",
+ ioc->fwfault_debug);
return strlen(buf);
}
static DEVICE_ATTR(fwfault_debug, S_IRUGO | S_IWUSR,
@@ -2959,8 +2890,8 @@ _ctl_BRM_status_show(struct device *cdev, struct device_attribute *attr,
ssize_t rc = 0;
if (!ioc->is_warpdrive) {
- pr_err(MPT3SAS_FMT "%s: BRM attribute is only for"
- " warpdrive\n", ioc->name, __func__);
+ ioc_err(ioc, "%s: BRM attribute is only for warpdrive\n",
+ __func__);
goto out;
}
/* pci_access_mutex lock acquired by sysfs show path */
@@ -2974,30 +2905,28 @@ _ctl_BRM_status_show(struct device *cdev, struct device_attribute *attr,
sz = offsetof(Mpi2IOUnitPage3_t, GPIOVal) + (sizeof(u16) * 36);
io_unit_pg3 = kzalloc(sz, GFP_KERNEL);
if (!io_unit_pg3) {
- pr_err(MPT3SAS_FMT "%s: failed allocating memory "
- "for iounit_pg3: (%d) bytes\n", ioc->name, __func__, sz);
+ ioc_err(ioc, "%s: failed allocating memory for iounit_pg3: (%d) bytes\n",
+ __func__, sz);
goto out;
}
if (mpt3sas_config_get_iounit_pg3(ioc, &mpi_reply, io_unit_pg3, sz) !=
0) {
- pr_err(MPT3SAS_FMT
- "%s: failed reading iounit_pg3\n", ioc->name,
- __func__);
+ ioc_err(ioc, "%s: failed reading iounit_pg3\n",
+ __func__);
goto out;
}
ioc_status = le16_to_cpu(mpi_reply.IOCStatus) & MPI2_IOCSTATUS_MASK;
if (ioc_status != MPI2_IOCSTATUS_SUCCESS) {
- pr_err(MPT3SAS_FMT "%s: iounit_pg3 failed with "
- "ioc_status(0x%04x)\n", ioc->name, __func__, ioc_status);
+ ioc_err(ioc, "%s: iounit_pg3 failed with ioc_status(0x%04x)\n",
+ __func__, ioc_status);
goto out;
}
if (io_unit_pg3->GPIOCount < 25) {
- pr_err(MPT3SAS_FMT "%s: iounit_pg3->GPIOCount less than "
- "25 entries, detected (%d) entries\n", ioc->name, __func__,
- io_unit_pg3->GPIOCount);
+ ioc_err(ioc, "%s: iounit_pg3->GPIOCount less than 25 entries, detected (%d) entries\n",
+ __func__, io_unit_pg3->GPIOCount);
goto out;
}
@@ -3040,17 +2969,15 @@ _ctl_host_trace_buffer_size_show(struct device *cdev,
struct DIAG_BUFFER_START *request_data;
if (!ioc->diag_buffer[MPI2_DIAG_BUF_TYPE_TRACE]) {
- pr_err(MPT3SAS_FMT
- "%s: host_trace_buffer is not registered\n",
- ioc->name, __func__);
+ ioc_err(ioc, "%s: host_trace_buffer is not registered\n",
+ __func__);
return 0;
}
if ((ioc->diag_buffer_status[MPI2_DIAG_BUF_TYPE_TRACE] &
MPT3_DIAG_BUFFER_IS_REGISTERED) == 0) {
- pr_err(MPT3SAS_FMT
- "%s: host_trace_buffer is not registered\n",
- ioc->name, __func__);
+ ioc_err(ioc, "%s: host_trace_buffer is not registered\n",
+ __func__);
return 0;
}
@@ -3090,17 +3017,15 @@ _ctl_host_trace_buffer_show(struct device *cdev, struct device_attribute *attr,
u32 size;
if (!ioc->diag_buffer[MPI2_DIAG_BUF_TYPE_TRACE]) {
- pr_err(MPT3SAS_FMT
- "%s: host_trace_buffer is not registered\n",
- ioc->name, __func__);
+ ioc_err(ioc, "%s: host_trace_buffer is not registered\n",
+ __func__);
return 0;
}
if ((ioc->diag_buffer_status[MPI2_DIAG_BUF_TYPE_TRACE] &
MPT3_DIAG_BUFFER_IS_REGISTERED) == 0) {
- pr_err(MPT3SAS_FMT
- "%s: host_trace_buffer is not registered\n",
- ioc->name, __func__);
+ ioc_err(ioc, "%s: host_trace_buffer is not registered\n",
+ __func__);
return 0;
}
@@ -3189,8 +3114,7 @@ _ctl_host_trace_buffer_enable_store(struct device *cdev,
MPT3_DIAG_BUFFER_IS_RELEASED) == 0))
goto out;
memset(&diag_register, 0, sizeof(struct mpt3_diag_register));
- pr_info(MPT3SAS_FMT "posting host trace buffers\n",
- ioc->name);
+ ioc_info(ioc, "posting host trace buffers\n");
diag_register.buffer_type = MPI2_DIAG_BUF_TYPE_TRACE;
diag_register.requested_buffer_size = (1024 * 1024);
diag_register.unique_id = 0x7075900;
@@ -3206,8 +3130,7 @@ _ctl_host_trace_buffer_enable_store(struct device *cdev,
if ((ioc->diag_buffer_status[MPI2_DIAG_BUF_TYPE_TRACE] &
MPT3_DIAG_BUFFER_IS_RELEASED))
goto out;
- pr_info(MPT3SAS_FMT "releasing host trace buffer\n",
- ioc->name);
+ ioc_info(ioc, "releasing host trace buffer\n");
mpt3sas_send_diag_release(ioc, MPI2_DIAG_BUF_TYPE_TRACE,
&issue_reset);
}
diff --git a/drivers/scsi/mpt3sas/mpt3sas_scsih.c b/drivers/scsi/mpt3sas/mpt3sas_scsih.c
index c8d97dc2ca63..8ec997b4ee34 100644
--- a/drivers/scsi/mpt3sas/mpt3sas_scsih.c
+++ b/drivers/scsi/mpt3sas/mpt3sas_scsih.c
@@ -418,8 +418,8 @@ _scsih_get_sas_address(struct MPT3SAS_ADAPTER *ioc, u16 handle,
if ((mpt3sas_config_get_sas_device_pg0(ioc, &mpi_reply, &sas_device_pg0,
MPI2_SAS_DEVICE_PGAD_FORM_HANDLE, handle))) {
- pr_err(MPT3SAS_FMT "failure at %s:%d/%s()!\n", ioc->name,
- __FILE__, __LINE__, __func__);
+ ioc_err(ioc, "failure at %s:%d/%s()!\n",
+ __FILE__, __LINE__, __func__);
return -ENXIO;
}
@@ -442,10 +442,8 @@ _scsih_get_sas_address(struct MPT3SAS_ADAPTER *ioc, u16 handle,
return -ENXIO;
/* else error case */
- pr_err(MPT3SAS_FMT
- "handle(0x%04x), ioc_status(0x%04x), failure at %s:%d/%s()!\n",
- ioc->name, handle, ioc_status,
- __FILE__, __LINE__, __func__);
+ ioc_err(ioc, "handle(0x%04x), ioc_status(0x%04x), failure at %s:%d/%s()!\n",
+ handle, ioc_status, __FILE__, __LINE__, __func__);
return -EIO;
}
@@ -508,10 +506,9 @@ _scsih_determine_boot_device(struct MPT3SAS_ADAPTER *ioc, void *device,
(ioc->bios_pg2.ReqBootDeviceForm &
MPI2_BIOSPAGE2_FORM_MASK),
&ioc->bios_pg2.RequestedBootDevice)) {
- dinitprintk(ioc, pr_info(MPT3SAS_FMT
- "%s: req_boot_device(0x%016llx)\n",
- ioc->name, __func__,
- (unsigned long long)sas_address));
+ dinitprintk(ioc,
+ ioc_info(ioc, "%s: req_boot_device(0x%016llx)\n",
+ __func__, (u64)sas_address));
ioc->req_boot_device.device = device;
ioc->req_boot_device.channel = channel;
}
@@ -523,10 +520,9 @@ _scsih_determine_boot_device(struct MPT3SAS_ADAPTER *ioc, void *device,
(ioc->bios_pg2.ReqAltBootDeviceForm &
MPI2_BIOSPAGE2_FORM_MASK),
&ioc->bios_pg2.RequestedAltBootDevice)) {
- dinitprintk(ioc, pr_info(MPT3SAS_FMT
- "%s: req_alt_boot_device(0x%016llx)\n",
- ioc->name, __func__,
- (unsigned long long)sas_address));
+ dinitprintk(ioc,
+ ioc_info(ioc, "%s: req_alt_boot_device(0x%016llx)\n",
+ __func__, (u64)sas_address));
ioc->req_alt_boot_device.device = device;
ioc->req_alt_boot_device.channel = channel;
}
@@ -538,10 +534,9 @@ _scsih_determine_boot_device(struct MPT3SAS_ADAPTER *ioc, void *device,
(ioc->bios_pg2.CurrentBootDeviceForm &
MPI2_BIOSPAGE2_FORM_MASK),
&ioc->bios_pg2.CurrentBootDevice)) {
- dinitprintk(ioc, pr_info(MPT3SAS_FMT
- "%s: current_boot_device(0x%016llx)\n",
- ioc->name, __func__,
- (unsigned long long)sas_address));
+ dinitprintk(ioc,
+ ioc_info(ioc, "%s: current_boot_device(0x%016llx)\n",
+ __func__, (u64)sas_address));
ioc->current_boot_device.device = device;
ioc->current_boot_device.channel = channel;
}
@@ -752,19 +747,16 @@ _scsih_display_enclosure_chassis_info(struct MPT3SAS_ADAPTER *ioc,
sas_device->chassis_slot);
} else {
if (sas_device->enclosure_handle != 0)
- pr_info(MPT3SAS_FMT
- "enclosure logical id(0x%016llx), slot(%d) \n",
- ioc->name, (unsigned long long)
- sas_device->enclosure_logical_id,
- sas_device->slot);
+ ioc_info(ioc, "enclosure logical id(0x%016llx), slot(%d)\n",
+ (u64)sas_device->enclosure_logical_id,
+ sas_device->slot);
if (sas_device->connector_name[0] != '\0')
- pr_info(MPT3SAS_FMT
- "enclosure level(0x%04x), connector name( %s)\n",
- ioc->name, sas_device->enclosure_level,
- sas_device->connector_name);
+ ioc_info(ioc, "enclosure level(0x%04x), connector name( %s)\n",
+ sas_device->enclosure_level,
+ sas_device->connector_name);
if (sas_device->is_chassis_slot_valid)
- pr_info(MPT3SAS_FMT "chassis slot(0x%04x)\n",
- ioc->name, sas_device->chassis_slot);
+ ioc_info(ioc, "chassis slot(0x%04x)\n",
+ sas_device->chassis_slot);
}
}
@@ -784,10 +776,8 @@ _scsih_sas_device_remove(struct MPT3SAS_ADAPTER *ioc,
if (!sas_device)
return;
- pr_info(MPT3SAS_FMT
- "removing handle(0x%04x), sas_addr(0x%016llx)\n",
- ioc->name, sas_device->handle,
- (unsigned long long) sas_device->sas_address);
+ ioc_info(ioc, "removing handle(0x%04x), sas_addr(0x%016llx)\n",
+ sas_device->handle, (u64)sas_device->sas_address);
_scsih_display_enclosure_chassis_info(ioc, sas_device, NULL, NULL);
@@ -872,10 +862,10 @@ _scsih_sas_device_add(struct MPT3SAS_ADAPTER *ioc,
{
unsigned long flags;
- dewtprintk(ioc, pr_info(MPT3SAS_FMT
- "%s: handle(0x%04x), sas_addr(0x%016llx)\n",
- ioc->name, __func__, sas_device->handle,
- (unsigned long long)sas_device->sas_address));
+ dewtprintk(ioc,
+ ioc_info(ioc, "%s: handle(0x%04x), sas_addr(0x%016llx)\n",
+ __func__, sas_device->handle,
+ (u64)sas_device->sas_address));
dewtprintk(ioc, _scsih_display_enclosure_chassis_info(ioc, sas_device,
NULL, NULL));
@@ -923,10 +913,10 @@ _scsih_sas_device_init_add(struct MPT3SAS_ADAPTER *ioc,
{
unsigned long flags;
- dewtprintk(ioc, pr_info(MPT3SAS_FMT
- "%s: handle(0x%04x), sas_addr(0x%016llx)\n", ioc->name,
- __func__, sas_device->handle,
- (unsigned long long)sas_device->sas_address));
+ dewtprintk(ioc,
+ ioc_info(ioc, "%s: handle(0x%04x), sas_addr(0x%016llx)\n",
+ __func__, sas_device->handle,
+ (u64)sas_device->sas_address));
dewtprintk(ioc, _scsih_display_enclosure_chassis_info(ioc, sas_device,
NULL, NULL));
@@ -1073,21 +1063,16 @@ _scsih_pcie_device_remove(struct MPT3SAS_ADAPTER *ioc,
if (!pcie_device)
return;
- pr_info(MPT3SAS_FMT
- "removing handle(0x%04x), wwid(0x%016llx)\n",
- ioc->name, pcie_device->handle,
- (unsigned long long) pcie_device->wwid);
+ ioc_info(ioc, "removing handle(0x%04x), wwid(0x%016llx)\n",
+ pcie_device->handle, (u64)pcie_device->wwid);
if (pcie_device->enclosure_handle != 0)
- pr_info(MPT3SAS_FMT
- "removing enclosure logical id(0x%016llx), slot(%d)\n",
- ioc->name,
- (unsigned long long)pcie_device->enclosure_logical_id,
- pcie_device->slot);
+ ioc_info(ioc, "removing enclosure logical id(0x%016llx), slot(%d)\n",
+ (u64)pcie_device->enclosure_logical_id,
+ pcie_device->slot);
if (pcie_device->connector_name[0] != '\0')
- pr_info(MPT3SAS_FMT
- "removing enclosure level(0x%04x), connector name( %s)\n",
- ioc->name, pcie_device->enclosure_level,
- pcie_device->connector_name);
+ ioc_info(ioc, "removing enclosure level(0x%04x), connector name( %s)\n",
+ pcie_device->enclosure_level,
+ pcie_device->connector_name);
spin_lock_irqsave(&ioc->pcie_device_lock, flags);
if (!list_empty(&pcie_device->list)) {
@@ -1146,20 +1131,21 @@ _scsih_pcie_device_add(struct MPT3SAS_ADAPTER *ioc,
{
unsigned long flags;
- dewtprintk(ioc, pr_info(MPT3SAS_FMT
- "%s: handle (0x%04x), wwid(0x%016llx)\n", ioc->name, __func__,
- pcie_device->handle, (unsigned long long)pcie_device->wwid));
+ dewtprintk(ioc,
+ ioc_info(ioc, "%s: handle (0x%04x), wwid(0x%016llx)\n",
+ __func__,
+ pcie_device->handle, (u64)pcie_device->wwid));
if (pcie_device->enclosure_handle != 0)
- dewtprintk(ioc, pr_info(MPT3SAS_FMT
- "%s: enclosure logical id(0x%016llx), slot( %d)\n",
- ioc->name, __func__,
- (unsigned long long)pcie_device->enclosure_logical_id,
- pcie_device->slot));
+ dewtprintk(ioc,
+ ioc_info(ioc, "%s: enclosure logical id(0x%016llx), slot( %d)\n",
+ __func__,
+ (u64)pcie_device->enclosure_logical_id,
+ pcie_device->slot));
if (pcie_device->connector_name[0] != '\0')
- dewtprintk(ioc, pr_info(MPT3SAS_FMT
- "%s: enclosure level(0x%04x), connector name( %s)\n",
- ioc->name, __func__, pcie_device->enclosure_level,
- pcie_device->connector_name));
+ dewtprintk(ioc,
+ ioc_info(ioc, "%s: enclosure level(0x%04x), connector name( %s)\n",
+ __func__, pcie_device->enclosure_level,
+ pcie_device->connector_name));
spin_lock_irqsave(&ioc->pcie_device_lock, flags);
pcie_device_get(pcie_device);
@@ -1191,20 +1177,21 @@ _scsih_pcie_device_init_add(struct MPT3SAS_ADAPTER *ioc,
{
unsigned long flags;
- dewtprintk(ioc, pr_info(MPT3SAS_FMT
- "%s: handle (0x%04x), wwid(0x%016llx)\n", ioc->name, __func__,
- pcie_device->handle, (unsigned long long)pcie_device->wwid));
+ dewtprintk(ioc,
+ ioc_info(ioc, "%s: handle (0x%04x), wwid(0x%016llx)\n",
+ __func__,
+ pcie_device->handle, (u64)pcie_device->wwid));
if (pcie_device->enclosure_handle != 0)
- dewtprintk(ioc, pr_info(MPT3SAS_FMT
- "%s: enclosure logical id(0x%016llx), slot( %d)\n",
- ioc->name, __func__,
- (unsigned long long)pcie_device->enclosure_logical_id,
- pcie_device->slot));
+ dewtprintk(ioc,
+ ioc_info(ioc, "%s: enclosure logical id(0x%016llx), slot( %d)\n",
+ __func__,
+ (u64)pcie_device->enclosure_logical_id,
+ pcie_device->slot));
if (pcie_device->connector_name[0] != '\0')
- dewtprintk(ioc, pr_info(MPT3SAS_FMT
- "%s: enclosure level(0x%04x), connector name( %s)\n",
- ioc->name, __func__, pcie_device->enclosure_level,
- pcie_device->connector_name));
+ dewtprintk(ioc,
+ ioc_info(ioc, "%s: enclosure level(0x%04x), connector name( %s)\n",
+ __func__, pcie_device->enclosure_level,
+ pcie_device->connector_name));
spin_lock_irqsave(&ioc->pcie_device_lock, flags);
pcie_device_get(pcie_device);
@@ -1304,9 +1291,10 @@ _scsih_raid_device_add(struct MPT3SAS_ADAPTER *ioc,
{
unsigned long flags;
- dewtprintk(ioc, pr_info(MPT3SAS_FMT
- "%s: handle(0x%04x), wwid(0x%016llx)\n", ioc->name, __func__,
- raid_device->handle, (unsigned long long)raid_device->wwid));
+ dewtprintk(ioc,
+ ioc_info(ioc, "%s: handle(0x%04x), wwid(0x%016llx)\n",
+ __func__,
+ raid_device->handle, (u64)raid_device->wwid));
spin_lock_irqsave(&ioc->raid_device_lock, flags);
list_add_tail(&raid_device->list, &ioc->raid_device_list);
@@ -1869,16 +1857,16 @@ _scsih_display_sata_capabilities(struct MPT3SAS_ADAPTER *ioc,
if ((mpt3sas_config_get_sas_device_pg0(ioc, &mpi_reply, &sas_device_pg0,
MPI2_SAS_DEVICE_PGAD_FORM_HANDLE, handle))) {
- pr_err(MPT3SAS_FMT "failure at %s:%d/%s()!\n",
- ioc->name, __FILE__, __LINE__, __func__);
+ ioc_err(ioc, "failure at %s:%d/%s()!\n",
+ __FILE__, __LINE__, __func__);
return;
}
ioc_status = le16_to_cpu(mpi_reply.IOCStatus) &
MPI2_IOCSTATUS_MASK;
if (ioc_status != MPI2_IOCSTATUS_SUCCESS) {
- pr_err(MPT3SAS_FMT "failure at %s:%d/%s()!\n",
- ioc->name, __FILE__, __LINE__, __func__);
+ ioc_err(ioc, "failure at %s:%d/%s()!\n",
+ __FILE__, __LINE__, __func__);
return;
}
@@ -1964,8 +1952,8 @@ scsih_get_resync(struct device *dev)
if (mpt3sas_config_get_raid_volume_pg0(ioc, &mpi_reply, &vol_pg0,
MPI2_RAID_VOLUME_PGAD_FORM_HANDLE, handle,
sizeof(Mpi2RaidVolPage0_t))) {
- pr_err(MPT3SAS_FMT "failure at %s:%d/%s()!\n",
- ioc->name, __FILE__, __LINE__, __func__);
+ ioc_err(ioc, "failure at %s:%d/%s()!\n",
+ __FILE__, __LINE__, __func__);
percent_complete = 0;
goto out;
}
@@ -2018,8 +2006,8 @@ scsih_get_state(struct device *dev)
if (mpt3sas_config_get_raid_volume_pg0(ioc, &mpi_reply, &vol_pg0,
MPI2_RAID_VOLUME_PGAD_FORM_HANDLE, handle,
sizeof(Mpi2RaidVolPage0_t))) {
- pr_err(MPT3SAS_FMT "failure at %s:%d/%s()!\n",
- ioc->name, __FILE__, __LINE__, __func__);
+ ioc_err(ioc, "failure at %s:%d/%s()!\n",
+ __FILE__, __LINE__, __func__);
goto out;
}
@@ -2115,9 +2103,9 @@ _scsih_get_volume_capabilities(struct MPT3SAS_ADAPTER *ioc,
if ((mpt3sas_config_get_number_pds(ioc, raid_device->handle,
&num_pds)) || !num_pds) {
- dfailprintk(ioc, pr_warn(MPT3SAS_FMT
- "failure at %s:%d/%s()!\n", ioc->name, __FILE__, __LINE__,
- __func__));
+ dfailprintk(ioc,
+ ioc_warn(ioc, "failure at %s:%d/%s()!\n",
+ __FILE__, __LINE__, __func__));
return 1;
}
@@ -2126,17 +2114,17 @@ _scsih_get_volume_capabilities(struct MPT3SAS_ADAPTER *ioc,
sizeof(Mpi2RaidVol0PhysDisk_t));
vol_pg0 = kzalloc(sz, GFP_KERNEL);
if (!vol_pg0) {
- dfailprintk(ioc, pr_warn(MPT3SAS_FMT
- "failure at %s:%d/%s()!\n", ioc->name, __FILE__, __LINE__,
- __func__));
+ dfailprintk(ioc,
+ ioc_warn(ioc, "failure at %s:%d/%s()!\n",
+ __FILE__, __LINE__, __func__));
return 1;
}
if ((mpt3sas_config_get_raid_volume_pg0(ioc, &mpi_reply, vol_pg0,
MPI2_RAID_VOLUME_PGAD_FORM_HANDLE, raid_device->handle, sz))) {
- dfailprintk(ioc, pr_warn(MPT3SAS_FMT
- "failure at %s:%d/%s()!\n", ioc->name, __FILE__, __LINE__,
- __func__));
+ dfailprintk(ioc,
+ ioc_warn(ioc, "failure at %s:%d/%s()!\n",
+ __FILE__, __LINE__, __func__));
kfree(vol_pg0);
return 1;
}
@@ -2227,16 +2215,16 @@ scsih_slave_configure(struct scsi_device *sdev)
raid_device = mpt3sas_raid_device_find_by_handle(ioc, handle);
spin_unlock_irqrestore(&ioc->raid_device_lock, flags);
if (!raid_device) {
- dfailprintk(ioc, pr_warn(MPT3SAS_FMT
- "failure at %s:%d/%s()!\n", ioc->name, __FILE__,
- __LINE__, __func__));
+ dfailprintk(ioc,
+ ioc_warn(ioc, "failure at %s:%d/%s()!\n",
+ __FILE__, __LINE__, __func__));
return 1;
}
if (_scsih_get_volume_capabilities(ioc, raid_device)) {
- dfailprintk(ioc, pr_warn(MPT3SAS_FMT
- "failure at %s:%d/%s()!\n", ioc->name, __FILE__,
- __LINE__, __func__));
+ dfailprintk(ioc,
+ ioc_warn(ioc, "failure at %s:%d/%s()!\n",
+ __FILE__, __LINE__, __func__));
return 1;
}
@@ -2320,16 +2308,16 @@ scsih_slave_configure(struct scsi_device *sdev)
if (sas_target_priv_data->flags & MPT_TARGET_FLAGS_RAID_COMPONENT) {
if (mpt3sas_config_get_volume_handle(ioc, handle,
&volume_handle)) {
- dfailprintk(ioc, pr_warn(MPT3SAS_FMT
- "failure at %s:%d/%s()!\n", ioc->name,
- __FILE__, __LINE__, __func__));
+ dfailprintk(ioc,
+ ioc_warn(ioc, "failure at %s:%d/%s()!\n",
+ __FILE__, __LINE__, __func__));
return 1;
}
if (volume_handle && mpt3sas_config_get_volume_wwid(ioc,
volume_handle, &volume_wwid)) {
- dfailprintk(ioc, pr_warn(MPT3SAS_FMT
- "failure at %s:%d/%s()!\n", ioc->name,
- __FILE__, __LINE__, __func__));
+ dfailprintk(ioc,
+ ioc_warn(ioc, "failure at %s:%d/%s()!\n",
+ __FILE__, __LINE__, __func__));
return 1;
}
}
@@ -2341,9 +2329,9 @@ scsih_slave_configure(struct scsi_device *sdev)
sas_device_priv_data->sas_target->sas_address);
if (!pcie_device) {
spin_unlock_irqrestore(&ioc->pcie_device_lock, flags);
- dfailprintk(ioc, pr_warn(MPT3SAS_FMT
- "failure at %s:%d/%s()!\n", ioc->name, __FILE__,
- __LINE__, __func__));
+ dfailprintk(ioc,
+ ioc_warn(ioc, "failure at %s:%d/%s()!\n",
+ __FILE__, __LINE__, __func__));
return 1;
}
@@ -2389,9 +2377,9 @@ scsih_slave_configure(struct scsi_device *sdev)
sas_device_priv_data->sas_target->sas_address);
if (!sas_device) {
spin_unlock_irqrestore(&ioc->sas_device_lock, flags);
- dfailprintk(ioc, pr_warn(MPT3SAS_FMT
- "failure at %s:%d/%s()!\n", ioc->name, __FILE__, __LINE__,
- __func__));
+ dfailprintk(ioc,
+ ioc_warn(ioc, "failure at %s:%d/%s()!\n",
+ __FILE__, __LINE__, __func__));
return 1;
}
@@ -2527,8 +2515,7 @@ _scsih_response_code(struct MPT3SAS_ADAPTER *ioc, u8 response_code)
desc = "unknown";
break;
}
- pr_warn(MPT3SAS_FMT "response_code(0x%01x): %s\n",
- ioc->name, response_code, desc);
+ ioc_warn(ioc, "response_code(0x%01x): %s\n", response_code, desc);
}
/**
@@ -2666,8 +2653,7 @@ mpt3sas_scsih_issue_tm(struct MPT3SAS_ADAPTER *ioc, u16 handle, u64 lun,
ioc_state = mpt3sas_base_get_iocstate(ioc, 0);
if (ioc_state & MPI2_DOORBELL_USED) {
- dhsprintk(ioc, pr_info(MPT3SAS_FMT
- "unexpected doorbell active!\n", ioc->name));
+ dhsprintk(ioc, ioc_info(ioc, "unexpected doorbell active!\n"));
rc = mpt3sas_base_hard_reset_handler(ioc, FORCE_BIG_HAMMER);
return (!rc) ? SUCCESS : FAILED;
}
@@ -2681,14 +2667,13 @@ mpt3sas_scsih_issue_tm(struct MPT3SAS_ADAPTER *ioc, u16 handle, u64 lun,
smid = mpt3sas_base_get_smid_hpr(ioc, ioc->tm_cb_idx);
if (!smid) {
- pr_err(MPT3SAS_FMT "%s: failed obtaining a smid\n",
- ioc->name, __func__);
+ ioc_err(ioc, "%s: failed obtaining a smid\n", __func__);
return FAILED;
}
- dtmprintk(ioc, pr_info(MPT3SAS_FMT
- "sending tm: handle(0x%04x), task_type(0x%02x), smid(%d), timeout(%d), tr_method(0x%x)\n",
- ioc->name, handle, type, smid_task, timeout, tr_method));
+ dtmprintk(ioc,
+ ioc_info(ioc, "sending tm: handle(0x%04x), task_type(0x%02x), smid(%d), timeout(%d), tr_method(0x%x)\n",
+ handle, type, smid_task, timeout, tr_method));
ioc->tm_cmds.status = MPT3_CMD_PENDING;
mpi_request = mpt3sas_base_get_msg_frame(ioc, smid);
ioc->tm_cmds.smid = smid;
@@ -2721,11 +2706,11 @@ mpt3sas_scsih_issue_tm(struct MPT3SAS_ADAPTER *ioc, u16 handle, u64 lun,
if (ioc->tm_cmds.status & MPT3_CMD_REPLY_VALID) {
mpt3sas_trigger_master(ioc, MASTER_TRIGGER_TASK_MANAGMENT);
mpi_reply = ioc->tm_cmds.reply;
- dtmprintk(ioc, pr_info(MPT3SAS_FMT "complete tm: " \
- "ioc_status(0x%04x), loginfo(0x%08x), term_count(0x%08x)\n",
- ioc->name, le16_to_cpu(mpi_reply->IOCStatus),
- le32_to_cpu(mpi_reply->IOCLogInfo),
- le32_to_cpu(mpi_reply->TerminationCount)));
+ dtmprintk(ioc,
+ ioc_info(ioc, "complete tm: ioc_status(0x%04x), loginfo(0x%08x), term_count(0x%08x)\n",
+ le16_to_cpu(mpi_reply->IOCStatus),
+ le32_to_cpu(mpi_reply->IOCLogInfo),
+ le32_to_cpu(mpi_reply->TerminationCount)));
if (ioc->logging_level & MPT_DEBUG_TM) {
_scsih_response_code(ioc, mpi_reply->ResponseCode);
if (mpi_reply->IOCStatus)
@@ -3072,13 +3057,11 @@ scsih_host_reset(struct scsi_cmnd *scmd)
struct MPT3SAS_ADAPTER *ioc = shost_priv(scmd->device->host);
int r, retval;
- pr_info(MPT3SAS_FMT "attempting host reset! scmd(%p)\n",
- ioc->name, scmd);
+ ioc_info(ioc, "attempting host reset! scmd(%p)\n", scmd);
scsi_print_command(scmd);
if (ioc->is_driver_loading || ioc->remove_host) {
- pr_info(MPT3SAS_FMT "Blocking the host reset\n",
- ioc->name);
+ ioc_info(ioc, "Blocking the host reset\n");
r = FAILED;
goto out;
}
@@ -3086,8 +3069,8 @@ scsih_host_reset(struct scsi_cmnd *scmd)
retval = mpt3sas_base_hard_reset_handler(ioc, FORCE_BIG_HAMMER);
r = (retval < 0) ? FAILED : SUCCESS;
out:
- pr_info(MPT3SAS_FMT "host reset: %s scmd(%p)\n",
- ioc->name, ((r == SUCCESS) ? "SUCCESS" : "FAILED"), scmd);
+ ioc_info(ioc, "host reset: %s scmd(%p)\n",
+ r == SUCCESS ? "SUCCESS" : "FAILED", scmd);
return r;
}
@@ -3626,39 +3609,31 @@ _scsih_tm_tr_send(struct MPT3SAS_ADAPTER *ioc, u16 handle)
tr_method = MPI2_SCSITASKMGMT_MSGFLAGS_LINK_RESET;
}
if (sas_target_priv_data) {
- dewtprintk(ioc, pr_info(MPT3SAS_FMT
- "setting delete flag: handle(0x%04x), sas_addr(0x%016llx)\n",
- ioc->name, handle,
- (unsigned long long)sas_address));
+ dewtprintk(ioc,
+ ioc_info(ioc, "setting delete flag: handle(0x%04x), sas_addr(0x%016llx)\n",
+ handle, (u64)sas_address));
if (sas_device) {
if (sas_device->enclosure_handle != 0)
- dewtprintk(ioc, pr_info(MPT3SAS_FMT
- "setting delete flag:enclosure logical "
- "id(0x%016llx), slot(%d)\n", ioc->name,
- (unsigned long long)
- sas_device->enclosure_logical_id,
- sas_device->slot));
+ dewtprintk(ioc,
+ ioc_info(ioc, "setting delete flag:enclosure logical id(0x%016llx), slot(%d)\n",
+ (u64)sas_device->enclosure_logical_id,
+ sas_device->slot));
if (sas_device->connector_name[0] != '\0')
- dewtprintk(ioc, pr_info(MPT3SAS_FMT
- "setting delete flag: enclosure "
- "level(0x%04x), connector name( %s)\n",
- ioc->name, sas_device->enclosure_level,
- sas_device->connector_name));
+ dewtprintk(ioc,
+ ioc_info(ioc, "setting delete flag: enclosure level(0x%04x), connector name( %s)\n",
+ sas_device->enclosure_level,
+ sas_device->connector_name));
} else if (pcie_device) {
if (pcie_device->enclosure_handle != 0)
- dewtprintk(ioc, pr_info(MPT3SAS_FMT
- "setting delete flag: logical "
- "id(0x%016llx), slot(%d)\n", ioc->name,
- (unsigned long long)
- pcie_device->enclosure_logical_id,
- pcie_device->slot));
+ dewtprintk(ioc,
+ ioc_info(ioc, "setting delete flag: logical id(0x%016llx), slot(%d)\n",
+ (u64)pcie_device->enclosure_logical_id,
+ pcie_device->slot));
if (pcie_device->connector_name[0] != '\0')
- dewtprintk(ioc, pr_info(MPT3SAS_FMT
- "setting delete flag:, enclosure "
- "level(0x%04x), "
- "connector name( %s)\n", ioc->name,
- pcie_device->enclosure_level,
- pcie_device->connector_name));
+ dewtprintk(ioc,
+ ioc_info(ioc, "setting delete flag:, enclosure level(0x%04x), connector name( %s)\n",
+ pcie_device->enclosure_level,
+ pcie_device->connector_name));
}
_scsih_ublock_io_device(ioc, sas_address);
sas_target_priv_data->handle = MPT3SAS_INVALID_DEVICE_HANDLE;
@@ -3672,16 +3647,15 @@ _scsih_tm_tr_send(struct MPT3SAS_ADAPTER *ioc, u16 handle)
INIT_LIST_HEAD(&delayed_tr->list);
delayed_tr->handle = handle;
list_add_tail(&delayed_tr->list, &ioc->delayed_tr_list);
- dewtprintk(ioc, pr_info(MPT3SAS_FMT
- "DELAYED:tr:handle(0x%04x), (open)\n",
- ioc->name, handle));
+ dewtprintk(ioc,
+ ioc_info(ioc, "DELAYED:tr:handle(0x%04x), (open)\n",
+ handle));
goto out;
}
- dewtprintk(ioc, pr_info(MPT3SAS_FMT
- "tr_send:handle(0x%04x), (open), smid(%d), cb(%d)\n",
- ioc->name, handle, smid,
- ioc->tm_tr_cb_idx));
+ dewtprintk(ioc,
+ ioc_info(ioc, "tr_send:handle(0x%04x), (open), smid(%d), cb(%d)\n",
+ handle, smid, ioc->tm_tr_cb_idx));
mpi_request = mpt3sas_base_get_msg_frame(ioc, smid);
memset(mpi_request, 0, sizeof(Mpi2SCSITaskManagementRequest_t));
mpi_request->Function = MPI2_FUNCTION_SCSI_TASK_MGMT;
@@ -3729,39 +3703,39 @@ _scsih_tm_tr_complete(struct MPT3SAS_ADAPTER *ioc, u16 smid, u8 msix_index,
struct _sc_list *delayed_sc;
if (ioc->pci_error_recovery) {
- dewtprintk(ioc, pr_info(MPT3SAS_FMT
- "%s: host in pci error recovery\n", __func__,
- ioc->name));
+ dewtprintk(ioc,
+ ioc_info(ioc, "%s: host in pci error recovery\n",
+ __func__));
return 1;
}
ioc_state = mpt3sas_base_get_iocstate(ioc, 1);
if (ioc_state != MPI2_IOC_STATE_OPERATIONAL) {
- dewtprintk(ioc, pr_info(MPT3SAS_FMT
- "%s: host is not operational\n", __func__, ioc->name));
+ dewtprintk(ioc,
+ ioc_info(ioc, "%s: host is not operational\n",
+ __func__));
return 1;
}
if (unlikely(!mpi_reply)) {
- pr_err(MPT3SAS_FMT "mpi_reply not valid at %s:%d/%s()!\n",
- ioc->name, __FILE__, __LINE__, __func__);
+ ioc_err(ioc, "mpi_reply not valid at %s:%d/%s()!\n",
+ __FILE__, __LINE__, __func__);
return 1;
}
mpi_request_tm = mpt3sas_base_get_msg_frame(ioc, smid);
handle = le16_to_cpu(mpi_request_tm->DevHandle);
if (handle != le16_to_cpu(mpi_reply->DevHandle)) {
- dewtprintk(ioc, pr_err(MPT3SAS_FMT
- "spurious interrupt: handle(0x%04x:0x%04x), smid(%d)!!!\n",
- ioc->name, handle,
- le16_to_cpu(mpi_reply->DevHandle), smid));
+ dewtprintk(ioc,
+ ioc_err(ioc, "spurious interrupt: handle(0x%04x:0x%04x), smid(%d)!!!\n",
+ handle,
+ le16_to_cpu(mpi_reply->DevHandle), smid));
return 0;
}
mpt3sas_trigger_master(ioc, MASTER_TRIGGER_TASK_MANAGMENT);
- dewtprintk(ioc, pr_info(MPT3SAS_FMT
- "tr_complete:handle(0x%04x), (open) smid(%d), ioc_status(0x%04x), "
- "loginfo(0x%08x), completed(%d)\n", ioc->name,
- handle, smid, le16_to_cpu(mpi_reply->IOCStatus),
- le32_to_cpu(mpi_reply->IOCLogInfo),
- le32_to_cpu(mpi_reply->TerminationCount)));
+ dewtprintk(ioc,
+ ioc_info(ioc, "tr_complete:handle(0x%04x), (open) smid(%d), ioc_status(0x%04x), loginfo(0x%08x), completed(%d)\n",
+ handle, smid, le16_to_cpu(mpi_reply->IOCStatus),
+ le32_to_cpu(mpi_reply->IOCLogInfo),
+ le32_to_cpu(mpi_reply->TerminationCount)));
smid_sas_ctrl = mpt3sas_base_get_smid(ioc, ioc->tm_sas_control_cb_idx);
if (!smid_sas_ctrl) {
@@ -3771,16 +3745,15 @@ _scsih_tm_tr_complete(struct MPT3SAS_ADAPTER *ioc, u16 smid, u8 msix_index,
INIT_LIST_HEAD(&delayed_sc->list);
delayed_sc->handle = le16_to_cpu(mpi_request_tm->DevHandle);
list_add_tail(&delayed_sc->list, &ioc->delayed_sc_list);
- dewtprintk(ioc, pr_info(MPT3SAS_FMT
- "DELAYED:sc:handle(0x%04x), (open)\n",
- ioc->name, handle));
+ dewtprintk(ioc,
+ ioc_info(ioc, "DELAYED:sc:handle(0x%04x), (open)\n",
+ handle));
return _scsih_check_for_pending_tm(ioc, smid);
}
- dewtprintk(ioc, pr_info(MPT3SAS_FMT
- "sc_send:handle(0x%04x), (open), smid(%d), cb(%d)\n",
- ioc->name, handle, smid_sas_ctrl,
- ioc->tm_sas_control_cb_idx));
+ dewtprintk(ioc,
+ ioc_info(ioc, "sc_send:handle(0x%04x), (open), smid(%d), cb(%d)\n",
+ handle, smid_sas_ctrl, ioc->tm_sas_control_cb_idx));
mpi_request = mpt3sas_base_get_msg_frame(ioc, smid_sas_ctrl);
memset(mpi_request, 0, sizeof(Mpi2SasIoUnitControlRequest_t));
mpi_request->Function = MPI2_FUNCTION_SAS_IO_UNIT_CONTROL;
@@ -3849,20 +3822,19 @@ _scsih_sas_control_complete(struct MPT3SAS_ADAPTER *ioc, u16 smid,
mpt3sas_base_get_reply_virt_addr(ioc, reply);
if (likely(mpi_reply)) {
- dewtprintk(ioc, pr_info(MPT3SAS_FMT
- "sc_complete:handle(0x%04x), (open) "
- "smid(%d), ioc_status(0x%04x), loginfo(0x%08x)\n",
- ioc->name, le16_to_cpu(mpi_reply->DevHandle), smid,
- le16_to_cpu(mpi_reply->IOCStatus),
- le32_to_cpu(mpi_reply->IOCLogInfo)));
+ dewtprintk(ioc,
+ ioc_info(ioc, "sc_complete:handle(0x%04x), (open) smid(%d), ioc_status(0x%04x), loginfo(0x%08x)\n",
+ le16_to_cpu(mpi_reply->DevHandle), smid,
+ le16_to_cpu(mpi_reply->IOCStatus),
+ le32_to_cpu(mpi_reply->IOCLogInfo)));
if (le16_to_cpu(mpi_reply->IOCStatus) ==
MPI2_IOCSTATUS_SUCCESS) {
clear_bit(le16_to_cpu(mpi_reply->DevHandle),
ioc->device_remove_in_progress);
}
} else {
- pr_err(MPT3SAS_FMT "mpi_reply not valid at %s:%d/%s()!\n",
- ioc->name, __FILE__, __LINE__, __func__);
+ ioc_err(ioc, "mpi_reply not valid at %s:%d/%s()!\n",
+ __FILE__, __LINE__, __func__);
}
return mpt3sas_check_for_pending_internal_cmds(ioc, smid);
}
@@ -3899,16 +3871,15 @@ _scsih_tm_tr_volume_send(struct MPT3SAS_ADAPTER *ioc, u16 handle)
INIT_LIST_HEAD(&delayed_tr->list);
delayed_tr->handle = handle;
list_add_tail(&delayed_tr->list, &ioc->delayed_tr_volume_list);
- dewtprintk(ioc, pr_info(MPT3SAS_FMT
- "DELAYED:tr:handle(0x%04x), (open)\n",
- ioc->name, handle));
+ dewtprintk(ioc,
+ ioc_info(ioc, "DELAYED:tr:handle(0x%04x), (open)\n",
+ handle));
return;
}
- dewtprintk(ioc, pr_info(MPT3SAS_FMT
- "tr_send:handle(0x%04x), (open), smid(%d), cb(%d)\n",
- ioc->name, handle, smid,
- ioc->tm_tr_volume_cb_idx));
+ dewtprintk(ioc,
+ ioc_info(ioc, "tr_send:handle(0x%04x), (open), smid(%d), cb(%d)\n",
+ handle, smid, ioc->tm_tr_volume_cb_idx));
mpi_request = mpt3sas_base_get_msg_frame(ioc, smid);
memset(mpi_request, 0, sizeof(Mpi2SCSITaskManagementRequest_t));
mpi_request->Function = MPI2_FUNCTION_SCSI_TASK_MGMT;
@@ -3944,27 +3915,26 @@ _scsih_tm_volume_tr_complete(struct MPT3SAS_ADAPTER *ioc, u16 smid,
return 1;
}
if (unlikely(!mpi_reply)) {
- pr_err(MPT3SAS_FMT "mpi_reply not valid at %s:%d/%s()!\n",
- ioc->name, __FILE__, __LINE__, __func__);
+ ioc_err(ioc, "mpi_reply not valid at %s:%d/%s()!\n",
+ __FILE__, __LINE__, __func__);
return 1;
}
mpi_request_tm = mpt3sas_base_get_msg_frame(ioc, smid);
handle = le16_to_cpu(mpi_request_tm->DevHandle);
if (handle != le16_to_cpu(mpi_reply->DevHandle)) {
- dewtprintk(ioc, pr_err(MPT3SAS_FMT
- "spurious interrupt: handle(0x%04x:0x%04x), smid(%d)!!!\n",
- ioc->name, handle,
- le16_to_cpu(mpi_reply->DevHandle), smid));
+ dewtprintk(ioc,
+ ioc_err(ioc, "spurious interrupt: handle(0x%04x:0x%04x), smid(%d)!!!\n",
+ handle, le16_to_cpu(mpi_reply->DevHandle),
+ smid));
return 0;
}
- dewtprintk(ioc, pr_info(MPT3SAS_FMT
- "tr_complete:handle(0x%04x), (open) smid(%d), ioc_status(0x%04x), "
- "loginfo(0x%08x), completed(%d)\n", ioc->name,
- handle, smid, le16_to_cpu(mpi_reply->IOCStatus),
- le32_to_cpu(mpi_reply->IOCLogInfo),
- le32_to_cpu(mpi_reply->TerminationCount)));
+ dewtprintk(ioc,
+ ioc_info(ioc, "tr_complete:handle(0x%04x), (open) smid(%d), ioc_status(0x%04x), loginfo(0x%08x), completed(%d)\n",
+ handle, smid, le16_to_cpu(mpi_reply->IOCStatus),
+ le32_to_cpu(mpi_reply->IOCLogInfo),
+ le32_to_cpu(mpi_reply->TerminationCount)));
return _scsih_check_for_pending_tm(ioc, smid);
}
@@ -3994,10 +3964,9 @@ _scsih_issue_delayed_event_ack(struct MPT3SAS_ADAPTER *ioc, u16 smid, U16 event,
ioc->internal_lookup[i].cb_idx = ioc->base_cb_idx;
spin_unlock_irqrestore(&ioc->scsi_lookup_lock, flags);
- dewtprintk(ioc, pr_info(MPT3SAS_FMT
- "EVENT ACK: event(0x%04x), smid(%d), cb(%d)\n",
- ioc->name, le16_to_cpu(event), smid,
- ioc->base_cb_idx));
+ dewtprintk(ioc,
+ ioc_info(ioc, "EVENT ACK: event(0x%04x), smid(%d), cb(%d)\n",
+ le16_to_cpu(event), smid, ioc->base_cb_idx));
ack_request = mpt3sas_base_get_msg_frame(ioc, smid);
memset(ack_request, 0, sizeof(Mpi2EventAckRequest_t));
ack_request->Function = MPI2_FUNCTION_EVENT_ACK;
@@ -4053,10 +4022,9 @@ _scsih_issue_delayed_sas_io_unit_ctrl(struct MPT3SAS_ADAPTER *ioc,
ioc->internal_lookup[i].cb_idx = ioc->tm_sas_control_cb_idx;
spin_unlock_irqrestore(&ioc->scsi_lookup_lock, flags);
- dewtprintk(ioc, pr_info(MPT3SAS_FMT
- "sc_send:handle(0x%04x), (open), smid(%d), cb(%d)\n",
- ioc->name, handle, smid,
- ioc->tm_sas_control_cb_idx));
+ dewtprintk(ioc,
+ ioc_info(ioc, "sc_send:handle(0x%04x), (open), smid(%d), cb(%d)\n",
+ handle, smid, ioc->tm_sas_control_cb_idx));
mpi_request = mpt3sas_base_get_msg_frame(ioc, smid);
memset(mpi_request, 0, sizeof(Mpi2SasIoUnitControlRequest_t));
mpi_request->Function = MPI2_FUNCTION_SAS_IO_UNIT_CONTROL;
@@ -4217,8 +4185,8 @@ _scsih_check_topo_delete_events(struct MPT3SAS_ADAPTER *ioc,
MPI2_EVENT_SAS_TOPO_ES_RESPONDING) {
if (le16_to_cpu(local_event_data->ExpanderDevHandle) ==
expander_handle) {
- dewtprintk(ioc, pr_info(MPT3SAS_FMT
- "setting ignoring flag\n", ioc->name));
+ dewtprintk(ioc,
+ ioc_info(ioc, "setting ignoring flag\n"));
fw_event->ignore = 1;
}
}
@@ -4289,9 +4257,8 @@ _scsih_check_pcie_topo_remove_events(struct MPT3SAS_ADAPTER *ioc,
MPI2_EVENT_SAS_TOPO_ES_RESPONDING) {
if (le16_to_cpu(local_event_data->SwitchDevHandle) ==
switch_handle) {
- dewtprintk(ioc, pr_info(MPT3SAS_FMT
- "setting ignoring flag for switch event\n",
- ioc->name));
+ dewtprintk(ioc,
+ ioc_info(ioc, "setting ignoring flag for switch event\n"));
fw_event->ignore = 1;
}
}
@@ -4320,10 +4287,9 @@ _scsih_set_volume_delete_flag(struct MPT3SAS_ADAPTER *ioc, u16 handle)
sas_target_priv_data =
raid_device->starget->hostdata;
sas_target_priv_data->deleted = 1;
- dewtprintk(ioc, pr_info(MPT3SAS_FMT
- "setting delete flag: handle(0x%04x), "
- "wwid(0x%016llx)\n", ioc->name, handle,
- (unsigned long long) raid_device->wwid));
+ dewtprintk(ioc,
+ ioc_info(ioc, "setting delete flag: handle(0x%04x), wwid(0x%016llx)\n",
+ handle, (u64)raid_device->wwid));
}
spin_unlock_irqrestore(&ioc->raid_device_lock, flags);
}
@@ -4425,9 +4391,9 @@ _scsih_check_ir_config_unhide_events(struct MPT3SAS_ADAPTER *ioc,
INIT_LIST_HEAD(&delayed_tr->list);
delayed_tr->handle = handle;
list_add_tail(&delayed_tr->list, &ioc->delayed_tr_list);
- dewtprintk(ioc, pr_info(MPT3SAS_FMT
- "DELAYED:tr:handle(0x%04x), (open)\n", ioc->name,
- handle));
+ dewtprintk(ioc,
+ ioc_info(ioc, "DELAYED:tr:handle(0x%04x), (open)\n",
+ handle));
} else
_scsih_tm_tr_send(ioc, handle);
}
@@ -4470,15 +4436,14 @@ _scsih_temp_threshold_events(struct MPT3SAS_ADAPTER *ioc,
Mpi2EventDataTemperature_t *event_data)
{
if (ioc->temp_sensors_count >= event_data->SensorNum) {
- pr_err(MPT3SAS_FMT "Temperature Threshold flags %s%s%s%s"
- " exceeded for Sensor: %d !!!\n", ioc->name,
- ((le16_to_cpu(event_data->Status) & 0x1) == 1) ? "0 " : " ",
- ((le16_to_cpu(event_data->Status) & 0x2) == 2) ? "1 " : " ",
- ((le16_to_cpu(event_data->Status) & 0x4) == 4) ? "2 " : " ",
- ((le16_to_cpu(event_data->Status) & 0x8) == 8) ? "3 " : " ",
- event_data->SensorNum);
- pr_err(MPT3SAS_FMT "Current Temp In Celsius: %d\n",
- ioc->name, event_data->CurrentTemperature);
+ ioc_err(ioc, "Temperature Threshold flags %s%s%s%s exceeded for Sensor: %d !!!\n",
+ le16_to_cpu(event_data->Status) & 0x1 ? "0 " : " ",
+ le16_to_cpu(event_data->Status) & 0x2 ? "1 " : " ",
+ le16_to_cpu(event_data->Status) & 0x4 ? "2 " : " ",
+ le16_to_cpu(event_data->Status) & 0x8 ? "3 " : " ",
+ event_data->SensorNum);
+ ioc_err(ioc, "Current Temp In Celsius: %d\n",
+ event_data->CurrentTemperature);
}
}
@@ -4526,8 +4491,7 @@ _scsih_flush_running_cmds(struct MPT3SAS_ADAPTER *ioc)
scmd->result = DID_RESET << 16;
scmd->scsi_done(scmd);
}
- dtmprintk(ioc, pr_info(MPT3SAS_FMT "completing %d cmds\n",
- ioc->name, count));
+ dtmprintk(ioc, ioc_info(ioc, "completing %d cmds\n", count));
}
/**
@@ -4726,8 +4690,7 @@ scsih_qcmd(struct Scsi_Host *shost, struct scsi_cmnd *scmd)
smid = mpt3sas_base_get_smid_scsiio(ioc, ioc->scsi_io_cb_idx, scmd);
if (!smid) {
- pr_err(MPT3SAS_FMT "%s: failed obtaining a smid\n",
- ioc->name, __func__);
+ ioc_err(ioc, "%s: failed obtaining a smid\n", __func__);
_scsih_set_satl_pending(scmd, false);
goto out;
}
@@ -4965,37 +4928,28 @@ _scsih_scsi_ioc_info(struct MPT3SAS_ADAPTER *ioc, struct scsi_cmnd *scmd,
scsi_print_command(scmd);
if (priv_target->flags & MPT_TARGET_FLAGS_VOLUME) {
- pr_warn(MPT3SAS_FMT "\t%s wwid(0x%016llx)\n", ioc->name,
- device_str, (unsigned long long)priv_target->sas_address);
+ ioc_warn(ioc, "\t%s wwid(0x%016llx)\n",
+ device_str, (u64)priv_target->sas_address);
} else if (priv_target->flags & MPT_TARGET_FLAGS_PCIE_DEVICE) {
pcie_device = mpt3sas_get_pdev_from_target(ioc, priv_target);
if (pcie_device) {
- pr_info(MPT3SAS_FMT "\twwid(0x%016llx), port(%d)\n",
- ioc->name,
- (unsigned long long)pcie_device->wwid,
- pcie_device->port_num);
+ ioc_info(ioc, "\twwid(0x%016llx), port(%d)\n",
+ (u64)pcie_device->wwid, pcie_device->port_num);
if (pcie_device->enclosure_handle != 0)
- pr_info(MPT3SAS_FMT
- "\tenclosure logical id(0x%016llx), "
- "slot(%d)\n", ioc->name,
- (unsigned long long)
- pcie_device->enclosure_logical_id,
- pcie_device->slot);
+ ioc_info(ioc, "\tenclosure logical id(0x%016llx), slot(%d)\n",
+ (u64)pcie_device->enclosure_logical_id,
+ pcie_device->slot);
if (pcie_device->connector_name[0])
- pr_info(MPT3SAS_FMT
- "\tenclosure level(0x%04x),"
- "connector name( %s)\n",
- ioc->name, pcie_device->enclosure_level,
- pcie_device->connector_name);
+ ioc_info(ioc, "\tenclosure level(0x%04x), connector name( %s)\n",
+ pcie_device->enclosure_level,
+ pcie_device->connector_name);
pcie_device_put(pcie_device);
}
} else {
sas_device = mpt3sas_get_sdev_from_target(ioc, priv_target);
if (sas_device) {
- pr_warn(MPT3SAS_FMT
- "\tsas_address(0x%016llx), phy(%d)\n",
- ioc->name, (unsigned long long)
- sas_device->sas_address, sas_device->phy);
+ ioc_warn(ioc, "\tsas_address(0x%016llx), phy(%d)\n",
+ (u64)sas_device->sas_address, sas_device->phy);
_scsih_display_enclosure_chassis_info(ioc, sas_device,
NULL, NULL);
@@ -5004,30 +4958,23 @@ _scsih_scsi_ioc_info(struct MPT3SAS_ADAPTER *ioc, struct scsi_cmnd *scmd,
}
}
- pr_warn(MPT3SAS_FMT
- "\thandle(0x%04x), ioc_status(%s)(0x%04x), smid(%d)\n",
- ioc->name, le16_to_cpu(mpi_reply->DevHandle),
- desc_ioc_state, ioc_status, smid);
- pr_warn(MPT3SAS_FMT
- "\trequest_len(%d), underflow(%d), resid(%d)\n",
- ioc->name, scsi_bufflen(scmd), scmd->underflow,
- scsi_get_resid(scmd));
- pr_warn(MPT3SAS_FMT
- "\ttag(%d), transfer_count(%d), sc->result(0x%08x)\n",
- ioc->name, le16_to_cpu(mpi_reply->TaskTag),
- le32_to_cpu(mpi_reply->TransferCount), scmd->result);
- pr_warn(MPT3SAS_FMT
- "\tscsi_status(%s)(0x%02x), scsi_state(%s)(0x%02x)\n",
- ioc->name, desc_scsi_status,
- scsi_status, desc_scsi_state, scsi_state);
+ ioc_warn(ioc, "\thandle(0x%04x), ioc_status(%s)(0x%04x), smid(%d)\n",
+ le16_to_cpu(mpi_reply->DevHandle),
+ desc_ioc_state, ioc_status, smid);
+ ioc_warn(ioc, "\trequest_len(%d), underflow(%d), resid(%d)\n",
+ scsi_bufflen(scmd), scmd->underflow, scsi_get_resid(scmd));
+ ioc_warn(ioc, "\ttag(%d), transfer_count(%d), sc->result(0x%08x)\n",
+ le16_to_cpu(mpi_reply->TaskTag),
+ le32_to_cpu(mpi_reply->TransferCount), scmd->result);
+ ioc_warn(ioc, "\tscsi_status(%s)(0x%02x), scsi_state(%s)(0x%02x)\n",
+ desc_scsi_status, scsi_status, desc_scsi_state, scsi_state);
if (scsi_state & MPI2_SCSI_STATE_AUTOSENSE_VALID) {
struct sense_info data;
_scsih_normalize_sense(scmd->sense_buffer, &data);
- pr_warn(MPT3SAS_FMT
- "\t[sense_key,asc,ascq]: [0x%02x,0x%02x,0x%02x], count(%d)\n",
- ioc->name, data.skey,
- data.asc, data.ascq, le32_to_cpu(mpi_reply->SenseCount));
+ ioc_warn(ioc, "\t[sense_key,asc,ascq]: [0x%02x,0x%02x,0x%02x], count(%d)\n",
+ data.skey, data.asc, data.ascq,
+ le32_to_cpu(mpi_reply->SenseCount));
}
if (scsi_state & MPI2_SCSI_STATE_RESPONSE_INFO_VALID) {
response_info = le32_to_cpu(mpi_reply->ResponseInfo);
@@ -5062,17 +5009,17 @@ _scsih_turn_on_pfa_led(struct MPT3SAS_ADAPTER *ioc, u16 handle)
mpi_request.Flags = MPI2_SEP_REQ_FLAGS_DEVHANDLE_ADDRESS;
if ((mpt3sas_base_scsi_enclosure_processor(ioc, &mpi_reply,
&mpi_request)) != 0) {
- pr_err(MPT3SAS_FMT "failure at %s:%d/%s()!\n", ioc->name,
- __FILE__, __LINE__, __func__);
+ ioc_err(ioc, "failure at %s:%d/%s()!\n",
+ __FILE__, __LINE__, __func__);
goto out;
}
sas_device->pfa_led_on = 1;
if (mpi_reply.IOCStatus || mpi_reply.IOCLogInfo) {
- dewtprintk(ioc, pr_info(MPT3SAS_FMT
- "enclosure_processor: ioc_status (0x%04x), loginfo(0x%08x)\n",
- ioc->name, le16_to_cpu(mpi_reply.IOCStatus),
- le32_to_cpu(mpi_reply.IOCLogInfo)));
+ dewtprintk(ioc,
+ ioc_info(ioc, "enclosure_processor: ioc_status (0x%04x), loginfo(0x%08x)\n",
+ le16_to_cpu(mpi_reply.IOCStatus),
+ le32_to_cpu(mpi_reply.IOCLogInfo)));
goto out;
}
out:
@@ -5179,8 +5126,8 @@ _scsih_smart_predicted_fault(struct MPT3SAS_ADAPTER *ioc, u16 handle)
sizeof(Mpi2EventDataSasDeviceStatusChange_t);
event_reply = kzalloc(sz, GFP_KERNEL);
if (!event_reply) {
- pr_err(MPT3SAS_FMT "failure at %s:%d/%s()!\n",
- ioc->name, __FILE__, __LINE__, __func__);
+ ioc_err(ioc, "failure at %s:%d/%s()!\n",
+ __FILE__, __LINE__, __func__);
goto out;
}
@@ -5470,16 +5417,16 @@ _scsih_sas_host_refresh(struct MPT3SAS_ADAPTER *ioc)
u16 attached_handle;
u8 link_rate;
- dtmprintk(ioc, pr_info(MPT3SAS_FMT
- "updating handles for sas_host(0x%016llx)\n",
- ioc->name, (unsigned long long)ioc->sas_hba.sas_address));
+ dtmprintk(ioc,
+ ioc_info(ioc, "updating handles for sas_host(0x%016llx)\n",
+ (u64)ioc->sas_hba.sas_address));
sz = offsetof(Mpi2SasIOUnitPage0_t, PhyData) + (ioc->sas_hba.num_phys
* sizeof(Mpi2SasIOUnit0PhyData_t));
sas_iounit_pg0 = kzalloc(sz, GFP_KERNEL);
if (!sas_iounit_pg0) {
- pr_err(MPT3SAS_FMT "failure at %s:%d/%s()!\n",
- ioc->name, __FILE__, __LINE__, __func__);
+ ioc_err(ioc, "failure at %s:%d/%s()!\n",
+ __FILE__, __LINE__, __func__);
return;
}
@@ -5529,15 +5476,15 @@ _scsih_sas_host_add(struct MPT3SAS_ADAPTER *ioc)
mpt3sas_config_get_number_hba_phys(ioc, &num_phys);
if (!num_phys) {
- pr_err(MPT3SAS_FMT "failure at %s:%d/%s()!\n",
- ioc->name, __FILE__, __LINE__, __func__);
+ ioc_err(ioc, "failure at %s:%d/%s()!\n",
+ __FILE__, __LINE__, __func__);
return;
}
ioc->sas_hba.phy = kcalloc(num_phys,
sizeof(struct _sas_phy), GFP_KERNEL);
if (!ioc->sas_hba.phy) {
- pr_err(MPT3SAS_FMT "failure at %s:%d/%s()!\n",
- ioc->name, __FILE__, __LINE__, __func__);
+ ioc_err(ioc, "failure at %s:%d/%s()!\n",
+ __FILE__, __LINE__, __func__);
goto out;
}
ioc->sas_hba.num_phys = num_phys;
@@ -5547,21 +5494,21 @@ _scsih_sas_host_add(struct MPT3SAS_ADAPTER *ioc)
sizeof(Mpi2SasIOUnit0PhyData_t));
sas_iounit_pg0 = kzalloc(sz, GFP_KERNEL);
if (!sas_iounit_pg0) {
- pr_err(MPT3SAS_FMT "failure at %s:%d/%s()!\n",
- ioc->name, __FILE__, __LINE__, __func__);
+ ioc_err(ioc, "failure at %s:%d/%s()!\n",
+ __FILE__, __LINE__, __func__);
return;
}
if ((mpt3sas_config_get_sas_iounit_pg0(ioc, &mpi_reply,
sas_iounit_pg0, sz))) {
- pr_err(MPT3SAS_FMT "failure at %s:%d/%s()!\n",
- ioc->name, __FILE__, __LINE__, __func__);
+ ioc_err(ioc, "failure at %s:%d/%s()!\n",
+ __FILE__, __LINE__, __func__);
goto out;
}
ioc_status = le16_to_cpu(mpi_reply.IOCStatus) &
MPI2_IOCSTATUS_MASK;
if (ioc_status != MPI2_IOCSTATUS_SUCCESS) {
- pr_err(MPT3SAS_FMT "failure at %s:%d/%s()!\n",
- ioc->name, __FILE__, __LINE__, __func__);
+ ioc_err(ioc, "failure at %s:%d/%s()!\n",
+ __FILE__, __LINE__, __func__);
goto out;
}
@@ -5570,21 +5517,21 @@ _scsih_sas_host_add(struct MPT3SAS_ADAPTER *ioc)
sizeof(Mpi2SasIOUnit1PhyData_t));
sas_iounit_pg1 = kzalloc(sz, GFP_KERNEL);
if (!sas_iounit_pg1) {
- pr_err(MPT3SAS_FMT "failure at %s:%d/%s()!\n",
- ioc->name, __FILE__, __LINE__, __func__);
+ ioc_err(ioc, "failure at %s:%d/%s()!\n",
+ __FILE__, __LINE__, __func__);
goto out;
}
if ((mpt3sas_config_get_sas_iounit_pg1(ioc, &mpi_reply,
sas_iounit_pg1, sz))) {
- pr_err(MPT3SAS_FMT "failure at %s:%d/%s()!\n",
- ioc->name, __FILE__, __LINE__, __func__);
+ ioc_err(ioc, "failure at %s:%d/%s()!\n",
+ __FILE__, __LINE__, __func__);
goto out;
}
ioc_status = le16_to_cpu(mpi_reply.IOCStatus) &
MPI2_IOCSTATUS_MASK;
if (ioc_status != MPI2_IOCSTATUS_SUCCESS) {
- pr_err(MPT3SAS_FMT "failure at %s:%d/%s()!\n",
- ioc->name, __FILE__, __LINE__, __func__);
+ ioc_err(ioc, "failure at %s:%d/%s()!\n",
+ __FILE__, __LINE__, __func__);
goto out;
}
@@ -5603,15 +5550,15 @@ _scsih_sas_host_add(struct MPT3SAS_ADAPTER *ioc)
for (i = 0; i < ioc->sas_hba.num_phys ; i++) {
if ((mpt3sas_config_get_phy_pg0(ioc, &mpi_reply, &phy_pg0,
i))) {
- pr_err(MPT3SAS_FMT "failure at %s:%d/%s()!\n",
- ioc->name, __FILE__, __LINE__, __func__);
+ ioc_err(ioc, "failure at %s:%d/%s()!\n",
+ __FILE__, __LINE__, __func__);
goto out;
}
ioc_status = le16_to_cpu(mpi_reply.IOCStatus) &
MPI2_IOCSTATUS_MASK;
if (ioc_status != MPI2_IOCSTATUS_SUCCESS) {
- pr_err(MPT3SAS_FMT "failure at %s:%d/%s()!\n",
- ioc->name, __FILE__, __LINE__, __func__);
+ ioc_err(ioc, "failure at %s:%d/%s()!\n",
+ __FILE__, __LINE__, __func__);
goto out;
}
@@ -5625,18 +5572,17 @@ _scsih_sas_host_add(struct MPT3SAS_ADAPTER *ioc)
}
if ((mpt3sas_config_get_sas_device_pg0(ioc, &mpi_reply, &sas_device_pg0,
MPI2_SAS_DEVICE_PGAD_FORM_HANDLE, ioc->sas_hba.handle))) {
- pr_err(MPT3SAS_FMT "failure at %s:%d/%s()!\n",
- ioc->name, __FILE__, __LINE__, __func__);
+ ioc_err(ioc, "failure at %s:%d/%s()!\n",
+ __FILE__, __LINE__, __func__);
goto out;
}
ioc->sas_hba.enclosure_handle =
le16_to_cpu(sas_device_pg0.EnclosureHandle);
ioc->sas_hba.sas_address = le64_to_cpu(sas_device_pg0.SASAddress);
- pr_info(MPT3SAS_FMT
- "host_add: handle(0x%04x), sas_addr(0x%016llx), phys(%d)\n",
- ioc->name, ioc->sas_hba.handle,
- (unsigned long long) ioc->sas_hba.sas_address,
- ioc->sas_hba.num_phys) ;
+ ioc_info(ioc, "host_add: handle(0x%04x), sas_addr(0x%016llx), phys(%d)\n",
+ ioc->sas_hba.handle,
+ (u64)ioc->sas_hba.sas_address,
+ ioc->sas_hba.num_phys);
if (ioc->sas_hba.enclosure_handle) {
if (!(mpt3sas_config_get_enclosure_pg0(ioc, &mpi_reply,
@@ -5685,16 +5631,16 @@ _scsih_expander_add(struct MPT3SAS_ADAPTER *ioc, u16 handle)
if ((mpt3sas_config_get_expander_pg0(ioc, &mpi_reply, &expander_pg0,
MPI2_SAS_EXPAND_PGAD_FORM_HNDL, handle))) {
- pr_err(MPT3SAS_FMT "failure at %s:%d/%s()!\n",
- ioc->name, __FILE__, __LINE__, __func__);
+ ioc_err(ioc, "failure at %s:%d/%s()!\n",
+ __FILE__, __LINE__, __func__);
return -1;
}
ioc_status = le16_to_cpu(mpi_reply.IOCStatus) &
MPI2_IOCSTATUS_MASK;
if (ioc_status != MPI2_IOCSTATUS_SUCCESS) {
- pr_err(MPT3SAS_FMT "failure at %s:%d/%s()!\n",
- ioc->name, __FILE__, __LINE__, __func__);
+ ioc_err(ioc, "failure at %s:%d/%s()!\n",
+ __FILE__, __LINE__, __func__);
return -1;
}
@@ -5702,8 +5648,8 @@ _scsih_expander_add(struct MPT3SAS_ADAPTER *ioc, u16 handle)
parent_handle = le16_to_cpu(expander_pg0.ParentDevHandle);
if (_scsih_get_sas_address(ioc, parent_handle, &sas_address_parent)
!= 0) {
- pr_err(MPT3SAS_FMT "failure at %s:%d/%s()!\n",
- ioc->name, __FILE__, __LINE__, __func__);
+ ioc_err(ioc, "failure at %s:%d/%s()!\n",
+ __FILE__, __LINE__, __func__);
return -1;
}
if (sas_address_parent != ioc->sas_hba.sas_address) {
@@ -5730,8 +5676,8 @@ _scsih_expander_add(struct MPT3SAS_ADAPTER *ioc, u16 handle)
sas_expander = kzalloc(sizeof(struct _sas_node),
GFP_KERNEL);
if (!sas_expander) {
- pr_err(MPT3SAS_FMT "failure at %s:%d/%s()!\n",
- ioc->name, __FILE__, __LINE__, __func__);
+ ioc_err(ioc, "failure at %s:%d/%s()!\n",
+ __FILE__, __LINE__, __func__);
return -1;
}
@@ -5740,10 +5686,9 @@ _scsih_expander_add(struct MPT3SAS_ADAPTER *ioc, u16 handle)
sas_expander->sas_address_parent = sas_address_parent;
sas_expander->sas_address = sas_address;
- pr_info(MPT3SAS_FMT "expander_add: handle(0x%04x)," \
- " parent(0x%04x), sas_addr(0x%016llx), phys(%d)\n", ioc->name,
- handle, parent_handle, (unsigned long long)
- sas_expander->sas_address, sas_expander->num_phys);
+ ioc_info(ioc, "expander_add: handle(0x%04x), parent(0x%04x), sas_addr(0x%016llx), phys(%d)\n",
+ handle, parent_handle,
+ (u64)sas_expander->sas_address, sas_expander->num_phys);
if (!sas_expander->num_phys) {
rc = -1;
@@ -5752,8 +5697,8 @@ _scsih_expander_add(struct MPT3SAS_ADAPTER *ioc, u16 handle)
sas_expander->phy = kcalloc(sas_expander->num_phys,
sizeof(struct _sas_phy), GFP_KERNEL);
if (!sas_expander->phy) {
- pr_err(MPT3SAS_FMT "failure at %s:%d/%s()!\n",
- ioc->name, __FILE__, __LINE__, __func__);
+ ioc_err(ioc, "failure at %s:%d/%s()!\n",
+ __FILE__, __LINE__, __func__);
rc = -1;
goto out_fail;
}
@@ -5762,8 +5707,8 @@ _scsih_expander_add(struct MPT3SAS_ADAPTER *ioc, u16 handle)
mpt3sas_port = mpt3sas_transport_port_add(ioc, handle,
sas_address_parent);
if (!mpt3sas_port) {
- pr_err(MPT3SAS_FMT "failure at %s:%d/%s()!\n",
- ioc->name, __FILE__, __LINE__, __func__);
+ ioc_err(ioc, "failure at %s:%d/%s()!\n",
+ __FILE__, __LINE__, __func__);
rc = -1;
goto out_fail;
}
@@ -5772,8 +5717,8 @@ _scsih_expander_add(struct MPT3SAS_ADAPTER *ioc, u16 handle)
for (i = 0 ; i < sas_expander->num_phys ; i++) {
if ((mpt3sas_config_get_expander_pg1(ioc, &mpi_reply,
&expander_pg1, i, handle))) {
- pr_err(MPT3SAS_FMT "failure at %s:%d/%s()!\n",
- ioc->name, __FILE__, __LINE__, __func__);
+ ioc_err(ioc, "failure at %s:%d/%s()!\n",
+ __FILE__, __LINE__, __func__);
rc = -1;
goto out_fail;
}
@@ -5783,8 +5728,8 @@ _scsih_expander_add(struct MPT3SAS_ADAPTER *ioc, u16 handle)
if ((mpt3sas_transport_add_expander_phy(ioc,
&sas_expander->phy[i], expander_pg1,
sas_expander->parent_dev))) {
- pr_err(MPT3SAS_FMT "failure at %s:%d/%s()!\n",
- ioc->name, __FILE__, __LINE__, __func__);
+ ioc_err(ioc, "failure at %s:%d/%s()!\n",
+ __FILE__, __LINE__, __func__);
rc = -1;
goto out_fail;
}
@@ -5931,9 +5876,8 @@ _scsih_check_access_status(struct MPT3SAS_ADAPTER *ioc, u64 sas_address,
if (!rc)
return 0;
- pr_err(MPT3SAS_FMT
- "discovery errors(%s): sas_address(0x%016llx), handle(0x%04x)\n",
- ioc->name, desc, (unsigned long long)sas_address, handle);
+ ioc_err(ioc, "discovery errors(%s): sas_address(0x%016llx), handle(0x%04x)\n",
+ desc, (u64)sas_address, handle);
return rc;
}
@@ -6027,9 +5971,8 @@ _scsih_check_device(struct MPT3SAS_ADAPTER *ioc,
/* check if device is present */
if (!(le16_to_cpu(sas_device_pg0.Flags) &
MPI2_SAS_DEVICE0_FLAGS_DEVICE_PRESENT)) {
- pr_err(MPT3SAS_FMT
- "device is not present handle(0x%04x), flags!!!\n",
- ioc->name, handle);
+ ioc_err(ioc, "device is not present handle(0x%04x), flags!!!\n",
+ handle);
goto out_unlock;
}
@@ -6076,16 +6019,16 @@ _scsih_add_device(struct MPT3SAS_ADAPTER *ioc, u16 handle, u8 phy_num,
if ((mpt3sas_config_get_sas_device_pg0(ioc, &mpi_reply, &sas_device_pg0,
MPI2_SAS_DEVICE_PGAD_FORM_HANDLE, handle))) {
- pr_err(MPT3SAS_FMT "failure at %s:%d/%s()!\n",
- ioc->name, __FILE__, __LINE__, __func__);
+ ioc_err(ioc, "failure at %s:%d/%s()!\n",
+ __FILE__, __LINE__, __func__);
return -1;
}
ioc_status = le16_to_cpu(mpi_reply.IOCStatus) &
MPI2_IOCSTATUS_MASK;
if (ioc_status != MPI2_IOCSTATUS_SUCCESS) {
- pr_err(MPT3SAS_FMT "failure at %s:%d/%s()!\n",
- ioc->name, __FILE__, __LINE__, __func__);
+ ioc_err(ioc, "failure at %s:%d/%s()!\n",
+ __FILE__, __LINE__, __func__);
return -1;
}
@@ -6099,8 +6042,8 @@ _scsih_add_device(struct MPT3SAS_ADAPTER *ioc, u16 handle, u8 phy_num,
/* check if device is present */
if (!(le16_to_cpu(sas_device_pg0.Flags) &
MPI2_SAS_DEVICE0_FLAGS_DEVICE_PRESENT)) {
- pr_err(MPT3SAS_FMT "device is not present handle(0x04%x)!!!\n",
- ioc->name, handle);
+ ioc_err(ioc, "device is not present handle(0x04%x)!!!\n",
+ handle);
return -1;
}
@@ -6122,16 +6065,15 @@ _scsih_add_device(struct MPT3SAS_ADAPTER *ioc, u16 handle, u8 phy_num,
mpt3sas_scsih_enclosure_find_by_handle(ioc,
le16_to_cpu(sas_device_pg0.EnclosureHandle));
if (enclosure_dev == NULL)
- pr_info(MPT3SAS_FMT "Enclosure handle(0x%04x)"
- "doesn't match with enclosure device!\n",
- ioc->name, sas_device_pg0.EnclosureHandle);
+ ioc_info(ioc, "Enclosure handle(0x%04x) doesn't match with enclosure device!\n",
+ sas_device_pg0.EnclosureHandle);
}
sas_device = kzalloc(sizeof(struct _sas_device),
GFP_KERNEL);
if (!sas_device) {
- pr_err(MPT3SAS_FMT "failure at %s:%d/%s()!\n",
- ioc->name, __FILE__, __LINE__, __func__);
+ ioc_err(ioc, "failure at %s:%d/%s()!\n",
+ __FILE__, __LINE__, __func__);
return 0;
}
@@ -6140,8 +6082,8 @@ _scsih_add_device(struct MPT3SAS_ADAPTER *ioc, u16 handle, u8 phy_num,
if (_scsih_get_sas_address(ioc,
le16_to_cpu(sas_device_pg0.ParentDevHandle),
&sas_device->sas_address_parent) != 0)
- pr_err(MPT3SAS_FMT "failure at %s:%d/%s()!\n",
- ioc->name, __FILE__, __LINE__, __func__);
+ ioc_err(ioc, "failure at %s:%d/%s()!\n",
+ __FILE__, __LINE__, __func__);
sas_device->enclosure_handle =
le16_to_cpu(sas_device_pg0.EnclosureHandle);
if (sas_device->enclosure_handle != 0)
@@ -6206,11 +6148,10 @@ _scsih_remove_device(struct MPT3SAS_ADAPTER *ioc,
sas_device->pfa_led_on = 0;
}
- dewtprintk(ioc, pr_info(MPT3SAS_FMT
- "%s: enter: handle(0x%04x), sas_addr(0x%016llx)\n",
- ioc->name, __func__,
- sas_device->handle, (unsigned long long)
- sas_device->sas_address));
+ dewtprintk(ioc,
+ ioc_info(ioc, "%s: enter: handle(0x%04x), sas_addr(0x%016llx)\n",
+ __func__,
+ sas_device->handle, (u64)sas_device->sas_address));
dewtprintk(ioc, _scsih_display_enclosure_chassis_info(ioc, sas_device,
NULL, NULL));
@@ -6228,18 +6169,15 @@ _scsih_remove_device(struct MPT3SAS_ADAPTER *ioc,
sas_device->sas_address,
sas_device->sas_address_parent);
- pr_info(MPT3SAS_FMT
- "removing handle(0x%04x), sas_addr(0x%016llx)\n",
- ioc->name, sas_device->handle,
- (unsigned long long) sas_device->sas_address);
+ ioc_info(ioc, "removing handle(0x%04x), sas_addr(0x%016llx)\n",
+ sas_device->handle, (u64)sas_device->sas_address);
_scsih_display_enclosure_chassis_info(ioc, sas_device, NULL, NULL);
- dewtprintk(ioc, pr_info(MPT3SAS_FMT
- "%s: exit: handle(0x%04x), sas_addr(0x%016llx)\n",
- ioc->name, __func__,
- sas_device->handle, (unsigned long long)
- sas_device->sas_address));
+ dewtprintk(ioc,
+ ioc_info(ioc, "%s: exit: handle(0x%04x), sas_addr(0x%016llx)\n",
+ __func__,
+ sas_device->handle, (u64)sas_device->sas_address));
dewtprintk(ioc, _scsih_display_enclosure_chassis_info(ioc, sas_device,
NULL, NULL));
}
@@ -6279,8 +6217,7 @@ _scsih_sas_topology_change_event_debug(struct MPT3SAS_ADAPTER *ioc,
status_str = "unknown status";
break;
}
- pr_info(MPT3SAS_FMT "sas topology change: (%s)\n",
- ioc->name, status_str);
+ ioc_info(ioc, "sas topology change: (%s)\n", status_str);
pr_info("\thandle(0x%04x), enclosure_handle(0x%04x) " \
"start_phy(%02d), count(%d)\n",
le16_to_cpu(event_data->ExpanderDevHandle),
@@ -6357,8 +6294,7 @@ _scsih_sas_topology_change_event(struct MPT3SAS_ADAPTER *ioc,
_scsih_sas_host_refresh(ioc);
if (fw_event->ignore) {
- dewtprintk(ioc, pr_info(MPT3SAS_FMT
- "ignoring expander event\n", ioc->name));
+ dewtprintk(ioc, ioc_info(ioc, "ignoring expander event\n"));
return 0;
}
@@ -6387,8 +6323,8 @@ _scsih_sas_topology_change_event(struct MPT3SAS_ADAPTER *ioc,
/* handle siblings events */
for (i = 0; i < event_data->NumEntries; i++) {
if (fw_event->ignore) {
- dewtprintk(ioc, pr_info(MPT3SAS_FMT
- "ignoring expander event\n", ioc->name));
+ dewtprintk(ioc,
+ ioc_info(ioc, "ignoring expander event\n"));
return 0;
}
if (ioc->remove_host || ioc->pci_error_recovery)
@@ -6512,15 +6448,14 @@ _scsih_sas_device_status_change_event_debug(struct MPT3SAS_ADAPTER *ioc,
reason_str = "unknown reason";
break;
}
- pr_info(MPT3SAS_FMT "device status change: (%s)\n"
- "\thandle(0x%04x), sas address(0x%016llx), tag(%d)",
- ioc->name, reason_str, le16_to_cpu(event_data->DevHandle),
- (unsigned long long)le64_to_cpu(event_data->SASAddress),
- le16_to_cpu(event_data->TaskTag));
+ ioc_info(ioc, "device status change: (%s)\thandle(0x%04x), sas address(0x%016llx), tag(%d)",
+ reason_str, le16_to_cpu(event_data->DevHandle),
+ (u64)le64_to_cpu(event_data->SASAddress),
+ le16_to_cpu(event_data->TaskTag));
if (event_data->ReasonCode == MPI2_EVENT_SAS_DEV_STAT_RC_SMART_DATA)
- pr_info(MPT3SAS_FMT ", ASC(0x%x), ASCQ(0x%x)\n", ioc->name,
- event_data->ASC, event_data->ASCQ);
- pr_info("\n");
+ pr_cont(", ASC(0x%x), ASCQ(0x%x)\n",
+ event_data->ASC, event_data->ASCQ);
+ pr_cont("\n");
}
/**
@@ -6653,20 +6588,16 @@ _scsih_check_pcie_access_status(struct MPT3SAS_ADAPTER *ioc, u64 wwid,
desc = "nvme failure status";
break;
default:
- pr_err(MPT3SAS_FMT
- " NVMe discovery error(0x%02x): wwid(0x%016llx),"
- "handle(0x%04x)\n", ioc->name, access_status,
- (unsigned long long)wwid, handle);
+ ioc_err(ioc, "NVMe discovery error(0x%02x): wwid(0x%016llx), handle(0x%04x)\n",
+ access_status, (u64)wwid, handle);
return rc;
}
if (!rc)
return rc;
- pr_info(MPT3SAS_FMT
- "NVMe discovery error(%s): wwid(0x%016llx), handle(0x%04x)\n",
- ioc->name, desc,
- (unsigned long long)wwid, handle);
+ ioc_info(ioc, "NVMe discovery error(%s): wwid(0x%016llx), handle(0x%04x)\n",
+ desc, (u64)wwid, handle);
return rc;
}
@@ -6682,22 +6613,22 @@ _scsih_pcie_device_remove_from_sml(struct MPT3SAS_ADAPTER *ioc,
{
struct MPT3SAS_TARGET *sas_target_priv_data;
- dewtprintk(ioc, pr_info(MPT3SAS_FMT
- "%s: enter: handle(0x%04x), wwid(0x%016llx)\n", ioc->name, __func__,
- pcie_device->handle, (unsigned long long)
- pcie_device->wwid));
+ dewtprintk(ioc,
+ ioc_info(ioc, "%s: enter: handle(0x%04x), wwid(0x%016llx)\n",
+ __func__,
+ pcie_device->handle, (u64)pcie_device->wwid));
if (pcie_device->enclosure_handle != 0)
- dewtprintk(ioc, pr_info(MPT3SAS_FMT
- "%s: enter: enclosure logical id(0x%016llx), slot(%d)\n",
- ioc->name, __func__,
- (unsigned long long)pcie_device->enclosure_logical_id,
- pcie_device->slot));
+ dewtprintk(ioc,
+ ioc_info(ioc, "%s: enter: enclosure logical id(0x%016llx), slot(%d)\n",
+ __func__,
+ (u64)pcie_device->enclosure_logical_id,
+ pcie_device->slot));
if (pcie_device->connector_name[0] != '\0')
- dewtprintk(ioc, pr_info(MPT3SAS_FMT
- "%s: enter: enclosure level(0x%04x), connector name( %s)\n",
- ioc->name, __func__,
- pcie_device->enclosure_level,
- pcie_device->connector_name));
+ dewtprintk(ioc,
+ ioc_info(ioc, "%s: enter: enclosure level(0x%04x), connector name(%s)\n",
+ __func__,
+ pcie_device->enclosure_level,
+ pcie_device->connector_name));
if (pcie_device->starget && pcie_device->starget->hostdata) {
sas_target_priv_data = pcie_device->starget->hostdata;
@@ -6706,39 +6637,35 @@ _scsih_pcie_device_remove_from_sml(struct MPT3SAS_ADAPTER *ioc,
sas_target_priv_data->handle = MPT3SAS_INVALID_DEVICE_HANDLE;
}
- pr_info(MPT3SAS_FMT
- "removing handle(0x%04x), wwid (0x%016llx)\n",
- ioc->name, pcie_device->handle,
- (unsigned long long) pcie_device->wwid);
+ ioc_info(ioc, "removing handle(0x%04x), wwid(0x%016llx)\n",
+ pcie_device->handle, (u64)pcie_device->wwid);
if (pcie_device->enclosure_handle != 0)
- pr_info(MPT3SAS_FMT
- "removing : enclosure logical id(0x%016llx), slot(%d)\n",
- ioc->name,
- (unsigned long long)pcie_device->enclosure_logical_id,
- pcie_device->slot);
+ ioc_info(ioc, "removing : enclosure logical id(0x%016llx), slot(%d)\n",
+ (u64)pcie_device->enclosure_logical_id,
+ pcie_device->slot);
if (pcie_device->connector_name[0] != '\0')
- pr_info(MPT3SAS_FMT
- "removing: enclosure level(0x%04x), connector name( %s)\n",
- ioc->name, pcie_device->enclosure_level,
- pcie_device->connector_name);
+ ioc_info(ioc, "removing: enclosure level(0x%04x), connector name( %s)\n",
+ pcie_device->enclosure_level,
+ pcie_device->connector_name);
if (pcie_device->starget)
scsi_remove_target(&pcie_device->starget->dev);
- dewtprintk(ioc, pr_info(MPT3SAS_FMT
- "%s: exit: handle(0x%04x), wwid(0x%016llx)\n", ioc->name, __func__,
- pcie_device->handle, (unsigned long long)
- pcie_device->wwid));
+ dewtprintk(ioc,
+ ioc_info(ioc, "%s: exit: handle(0x%04x), wwid(0x%016llx)\n",
+ __func__,
+ pcie_device->handle, (u64)pcie_device->wwid));
if (pcie_device->enclosure_handle != 0)
- dewtprintk(ioc, pr_info(MPT3SAS_FMT
- "%s: exit: enclosure logical id(0x%016llx), slot(%d)\n",
- ioc->name, __func__,
- (unsigned long long)pcie_device->enclosure_logical_id,
- pcie_device->slot));
+ dewtprintk(ioc,
+ ioc_info(ioc, "%s: exit: enclosure logical id(0x%016llx), slot(%d)\n",
+ __func__,
+ (u64)pcie_device->enclosure_logical_id,
+ pcie_device->slot));
if (pcie_device->connector_name[0] != '\0')
- dewtprintk(ioc, pr_info(MPT3SAS_FMT
- "%s: exit: enclosure level(0x%04x), connector name( %s)\n",
- ioc->name, __func__, pcie_device->enclosure_level,
- pcie_device->connector_name));
+ dewtprintk(ioc,
+ ioc_info(ioc, "%s: exit: enclosure level(0x%04x), connector name( %s)\n",
+ __func__,
+ pcie_device->enclosure_level,
+ pcie_device->connector_name));
kfree(pcie_device->serial_number);
}
@@ -6808,9 +6735,8 @@ _scsih_pcie_check_device(struct MPT3SAS_ADAPTER *ioc, u16 handle)
/* check if device is present */
if (!(le32_to_cpu(pcie_device_pg0.Flags) &
MPI26_PCIEDEV0_FLAGS_DEVICE_PRESENT)) {
- pr_info(MPT3SAS_FMT
- "device is not present handle(0x%04x), flags!!!\n",
- ioc->name, handle);
+ ioc_info(ioc, "device is not present handle(0x%04x), flags!!!\n",
+ handle);
spin_unlock_irqrestore(&ioc->pcie_device_lock, flags);
pcie_device_put(pcie_device);
return;
@@ -6854,16 +6780,15 @@ _scsih_pcie_add_device(struct MPT3SAS_ADAPTER *ioc, u16 handle)
if ((mpt3sas_config_get_pcie_device_pg0(ioc, &mpi_reply,
&pcie_device_pg0, MPI26_PCIE_DEVICE_PGAD_FORM_HANDLE, handle))) {
- pr_err(MPT3SAS_FMT "failure at %s:%d/%s()!\n",
- ioc->name, __FILE__, __LINE__, __func__);
+ ioc_err(ioc, "failure at %s:%d/%s()!\n",
+ __FILE__, __LINE__, __func__);
return 0;
}
ioc_status = le16_to_cpu(mpi_reply.IOCStatus) &
MPI2_IOCSTATUS_MASK;
if (ioc_status != MPI2_IOCSTATUS_SUCCESS) {
- pr_err(MPT3SAS_FMT
- "failure at %s:%d/%s()!\n",
- ioc->name, __FILE__, __LINE__, __func__);
+ ioc_err(ioc, "failure at %s:%d/%s()!\n",
+ __FILE__, __LINE__, __func__);
return 0;
}
@@ -6873,9 +6798,8 @@ _scsih_pcie_add_device(struct MPT3SAS_ADAPTER *ioc, u16 handle)
/* check if device is present */
if (!(le32_to_cpu(pcie_device_pg0.Flags) &
MPI26_PCIEDEV0_FLAGS_DEVICE_PRESENT)) {
- pr_err(MPT3SAS_FMT
- "device is not present handle(0x04%x)!!!\n",
- ioc->name, handle);
+ ioc_err(ioc, "device is not present handle(0x04%x)!!!\n",
+ handle);
return 0;
}
@@ -6896,8 +6820,8 @@ _scsih_pcie_add_device(struct MPT3SAS_ADAPTER *ioc, u16 handle)
pcie_device = kzalloc(sizeof(struct _pcie_device), GFP_KERNEL);
if (!pcie_device) {
- pr_err(MPT3SAS_FMT "failure at %s:%d/%s()!\n",
- ioc->name, __FILE__, __LINE__, __func__);
+ ioc_err(ioc, "failure at %s:%d/%s()!\n",
+ __FILE__, __LINE__, __func__);
return 0;
}
@@ -6938,16 +6862,16 @@ _scsih_pcie_add_device(struct MPT3SAS_ADAPTER *ioc, u16 handle)
/* TODO -- Add device name once FW supports it */
if (mpt3sas_config_get_pcie_device_pg2(ioc, &mpi_reply,
&pcie_device_pg2, MPI2_SAS_DEVICE_PGAD_FORM_HANDLE, handle)) {
- pr_err(MPT3SAS_FMT "failure at %s:%d/%s()!\n",
- ioc->name, __FILE__, __LINE__, __func__);
+ ioc_err(ioc, "failure at %s:%d/%s()!\n",
+ __FILE__, __LINE__, __func__);
kfree(pcie_device);
return 0;
}
ioc_status = le16_to_cpu(mpi_reply.IOCStatus) & MPI2_IOCSTATUS_MASK;
if (ioc_status != MPI2_IOCSTATUS_SUCCESS) {
- pr_err(MPT3SAS_FMT "failure at %s:%d/%s()!\n",
- ioc->name, __FILE__, __LINE__, __func__);
+ ioc_err(ioc, "failure at %s:%d/%s()!\n",
+ __FILE__, __LINE__, __func__);
kfree(pcie_device);
return 0;
}
@@ -7004,8 +6928,7 @@ _scsih_pcie_topology_change_event_debug(struct MPT3SAS_ADAPTER *ioc,
status_str = "unknown status";
break;
}
- pr_info(MPT3SAS_FMT "pcie topology change: (%s)\n",
- ioc->name, status_str);
+ ioc_info(ioc, "pcie topology change: (%s)\n", status_str);
pr_info("\tswitch_handle(0x%04x), enclosure_handle(0x%04x)"
"start_port(%02d), count(%d)\n",
le16_to_cpu(event_data->SwitchDevHandle),
@@ -7078,16 +7001,15 @@ _scsih_pcie_topology_change_event(struct MPT3SAS_ADAPTER *ioc,
return;
if (fw_event->ignore) {
- dewtprintk(ioc, pr_info(MPT3SAS_FMT "ignoring switch event\n",
- ioc->name));
+ dewtprintk(ioc, ioc_info(ioc, "ignoring switch event\n"));
return;
}
/* handle siblings events */
for (i = 0; i < event_data->NumEntries; i++) {
if (fw_event->ignore) {
- dewtprintk(ioc, pr_info(MPT3SAS_FMT
- "ignoring switch event\n", ioc->name));
+ dewtprintk(ioc,
+ ioc_info(ioc, "ignoring switch event\n"));
return;
}
if (ioc->remove_host || ioc->pci_error_recovery)
@@ -7132,9 +7054,9 @@ _scsih_pcie_topology_change_event(struct MPT3SAS_ADAPTER *ioc,
if (!test_bit(handle, ioc->pend_os_device_add))
break;
- dewtprintk(ioc, pr_info(MPT3SAS_FMT
- "handle(0x%04x) device not found: convert "
- "event to a device add\n", ioc->name, handle));
+ dewtprintk(ioc,
+ ioc_info(ioc, "handle(0x%04x) device not found: convert event to a device add\n",
+ handle));
event_data->PortEntry[i].PortStatus &= 0xF0;
event_data->PortEntry[i].PortStatus |=
MPI26_EVENT_PCIE_TOPO_PS_DEV_ADDED;
@@ -7217,15 +7139,15 @@ _scsih_pcie_device_status_change_event_debug(struct MPT3SAS_ADAPTER *ioc,
break;
}
- pr_info(MPT3SAS_FMT "PCIE device status change: (%s)\n"
- "\thandle(0x%04x), WWID(0x%016llx), tag(%d)",
- ioc->name, reason_str, le16_to_cpu(event_data->DevHandle),
- (unsigned long long)le64_to_cpu(event_data->WWID),
- le16_to_cpu(event_data->TaskTag));
+ ioc_info(ioc, "PCIE device status change: (%s)\n"
+ "\thandle(0x%04x), WWID(0x%016llx), tag(%d)",
+ reason_str, le16_to_cpu(event_data->DevHandle),
+ (u64)le64_to_cpu(event_data->WWID),
+ le16_to_cpu(event_data->TaskTag));
if (event_data->ReasonCode == MPI26_EVENT_PCIDEV_STAT_RC_SMART_DATA)
- pr_info(MPT3SAS_FMT ", ASC(0x%x), ASCQ(0x%x)\n", ioc->name,
+ pr_cont(", ASC(0x%x), ASCQ(0x%x)\n",
event_data->ASC, event_data->ASCQ);
- pr_info("\n");
+ pr_cont("\n");
}
/**
@@ -7303,12 +7225,12 @@ _scsih_sas_enclosure_dev_status_change_event_debug(struct MPT3SAS_ADAPTER *ioc,
break;
}
- pr_info(MPT3SAS_FMT "enclosure status change: (%s)\n"
- "\thandle(0x%04x), enclosure logical id(0x%016llx)"
- " number slots(%d)\n", ioc->name, reason_str,
- le16_to_cpu(event_data->EnclosureHandle),
- (unsigned long long)le64_to_cpu(event_data->EnclosureLogicalID),
- le16_to_cpu(event_data->StartSlot));
+ ioc_info(ioc, "enclosure status change: (%s)\n"
+ "\thandle(0x%04x), enclosure logical id(0x%016llx) number slots(%d)\n",
+ reason_str,
+ le16_to_cpu(event_data->EnclosureHandle),
+ (u64)le64_to_cpu(event_data->EnclosureLogicalID),
+ le16_to_cpu(event_data->StartSlot));
}
/**
@@ -7346,9 +7268,8 @@ _scsih_sas_enclosure_dev_status_change_event(struct MPT3SAS_ADAPTER *ioc,
kzalloc(sizeof(struct _enclosure_node),
GFP_KERNEL);
if (!enclosure_dev) {
- pr_info(MPT3SAS_FMT
- "failure at %s:%d/%s()!\n", ioc->name,
- __FILE__, __LINE__, __func__);
+ ioc_info(ioc, "failure at %s:%d/%s()!\n",
+ __FILE__, __LINE__, __func__);
return;
}
rc = mpt3sas_config_get_enclosure_pg0(ioc, &mpi_reply,
@@ -7406,10 +7327,8 @@ _scsih_sas_broadcast_primitive_event(struct MPT3SAS_ADAPTER *ioc,
u8 task_abort_retries;
mutex_lock(&ioc->tm_cmds.mutex);
- pr_info(MPT3SAS_FMT
- "%s: enter: phy number(%d), width(%d)\n",
- ioc->name, __func__, event_data->PhyNum,
- event_data->PortWidth);
+ ioc_info(ioc, "%s: enter: phy number(%d), width(%d)\n",
+ __func__, event_data->PhyNum, event_data->PortWidth);
_scsih_block_io_all_device(ioc);
@@ -7419,12 +7338,12 @@ _scsih_sas_broadcast_primitive_event(struct MPT3SAS_ADAPTER *ioc,
/* sanity checks for retrying this loop */
if (max_retries++ == 5) {
- dewtprintk(ioc, pr_info(MPT3SAS_FMT "%s: giving up\n",
- ioc->name, __func__));
+ dewtprintk(ioc, ioc_info(ioc, "%s: giving up\n", __func__));
goto out;
} else if (max_retries > 1)
- dewtprintk(ioc, pr_info(MPT3SAS_FMT "%s: %d retry\n",
- ioc->name, __func__, max_retries - 1));
+ dewtprintk(ioc,
+ ioc_info(ioc, "%s: %d retry\n",
+ __func__, max_retries - 1));
termination_count = 0;
query_count = 0;
@@ -7491,9 +7410,9 @@ _scsih_sas_broadcast_primitive_event(struct MPT3SAS_ADAPTER *ioc,
task_abort_retries = 0;
tm_retry:
if (task_abort_retries++ == 60) {
- dewtprintk(ioc, pr_info(MPT3SAS_FMT
- "%s: ABORT_TASK: giving up\n", ioc->name,
- __func__));
+ dewtprintk(ioc,
+ ioc_info(ioc, "%s: ABORT_TASK: giving up\n",
+ __func__));
spin_lock_irqsave(&ioc->scsi_lookup_lock, flags);
goto broadcast_aen_retry;
}
@@ -7522,9 +7441,10 @@ _scsih_sas_broadcast_primitive_event(struct MPT3SAS_ADAPTER *ioc,
}
if (ioc->broadcast_aen_pending) {
- dewtprintk(ioc, pr_info(MPT3SAS_FMT
- "%s: loop back due to pending AEN\n",
- ioc->name, __func__));
+ dewtprintk(ioc,
+ ioc_info(ioc,
+ "%s: loop back due to pending AEN\n",
+ __func__));
ioc->broadcast_aen_pending = 0;
goto broadcast_aen_retry;
}
@@ -7533,9 +7453,9 @@ _scsih_sas_broadcast_primitive_event(struct MPT3SAS_ADAPTER *ioc,
spin_unlock_irqrestore(&ioc->scsi_lookup_lock, flags);
out_no_lock:
- dewtprintk(ioc, pr_info(MPT3SAS_FMT
- "%s - exit, query_count = %d termination_count = %d\n",
- ioc->name, __func__, query_count, termination_count));
+ dewtprintk(ioc,
+ ioc_info(ioc, "%s - exit, query_count = %d termination_count = %d\n",
+ __func__, query_count, termination_count));
ioc->broadcast_aen_busy = 0;
if (!ioc->shost_recovery)
@@ -7557,13 +7477,13 @@ _scsih_sas_discovery_event(struct MPT3SAS_ADAPTER *ioc,
(Mpi2EventDataSasDiscovery_t *) fw_event->event_data;
if (ioc->logging_level & MPT_DEBUG_EVENT_WORK_TASK) {
- pr_info(MPT3SAS_FMT "discovery event: (%s)", ioc->name,
- (event_data->ReasonCode == MPI2_EVENT_SAS_DISC_RC_STARTED) ?
- "start" : "stop");
+ ioc_info(ioc, "discovery event: (%s)",
+ event_data->ReasonCode == MPI2_EVENT_SAS_DISC_RC_STARTED ?
+ "start" : "stop");
if (event_data->DiscoveryStatus)
- pr_info("discovery_status(0x%08x)",
- le32_to_cpu(event_data->DiscoveryStatus));
- pr_info("\n");
+ pr_cont("discovery_status(0x%08x)",
+ le32_to_cpu(event_data->DiscoveryStatus));
+ pr_cont("\n");
}
if (event_data->ReasonCode == MPI2_EVENT_SAS_DISC_RC_STARTED &&
@@ -7593,20 +7513,16 @@ _scsih_sas_device_discovery_error_event(struct MPT3SAS_ADAPTER *ioc,
switch (event_data->ReasonCode) {
case MPI25_EVENT_SAS_DISC_ERR_SMP_FAILED:
- pr_warn(MPT3SAS_FMT "SMP command sent to the expander"
- "(handle:0x%04x, sas_address:0x%016llx,"
- "physical_port:0x%02x) has failed",
- ioc->name, le16_to_cpu(event_data->DevHandle),
- (unsigned long long)le64_to_cpu(event_data->SASAddress),
- event_data->PhysicalPort);
+ ioc_warn(ioc, "SMP command sent to the expander (handle:0x%04x, sas_address:0x%016llx, physical_port:0x%02x) has failed\n",
+ le16_to_cpu(event_data->DevHandle),
+ (u64)le64_to_cpu(event_data->SASAddress),
+ event_data->PhysicalPort);
break;
case MPI25_EVENT_SAS_DISC_ERR_SMP_TIMEOUT:
- pr_warn(MPT3SAS_FMT "SMP command sent to the expander"
- "(handle:0x%04x, sas_address:0x%016llx,"
- "physical_port:0x%02x) has timed out",
- ioc->name, le16_to_cpu(event_data->DevHandle),
- (unsigned long long)le64_to_cpu(event_data->SASAddress),
- event_data->PhysicalPort);
+ ioc_warn(ioc, "SMP command sent to the expander (handle:0x%04x, sas_address:0x%016llx, physical_port:0x%02x) has timed out\n",
+ le16_to_cpu(event_data->DevHandle),
+ (u64)le64_to_cpu(event_data->SASAddress),
+ event_data->PhysicalPort);
break;
default:
break;
@@ -7629,11 +7545,10 @@ _scsih_pcie_enumeration_event(struct MPT3SAS_ADAPTER *ioc,
if (!(ioc->logging_level & MPT_DEBUG_EVENT_WORK_TASK))
return;
- pr_info(MPT3SAS_FMT "pcie enumeration event: (%s) Flag 0x%02x",
- ioc->name,
- (event_data->ReasonCode == MPI26_EVENT_PCIE_ENUM_RC_STARTED) ?
- "started" : "completed",
- event_data->Flags);
+ ioc_info(ioc, "pcie enumeration event: (%s) Flag 0x%02x",
+ (event_data->ReasonCode == MPI26_EVENT_PCIE_ENUM_RC_STARTED) ?
+ "started" : "completed",
+ event_data->Flags);
if (event_data->EnumerationStatus)
pr_cont("enumeration_status(0x%08x)",
le32_to_cpu(event_data->EnumerationStatus));
@@ -7665,8 +7580,7 @@ _scsih_ir_fastpath(struct MPT3SAS_ADAPTER *ioc, u16 handle, u8 phys_disk_num)
mutex_lock(&ioc->scsih_cmds.mutex);
if (ioc->scsih_cmds.status != MPT3_CMD_NOT_USED) {
- pr_err(MPT3SAS_FMT "%s: scsih_cmd in use\n",
- ioc->name, __func__);
+ ioc_err(ioc, "%s: scsih_cmd in use\n", __func__);
rc = -EAGAIN;
goto out;
}
@@ -7674,8 +7588,7 @@ _scsih_ir_fastpath(struct MPT3SAS_ADAPTER *ioc, u16 handle, u8 phys_disk_num)
smid = mpt3sas_base_get_smid(ioc, ioc->scsih_cb_idx);
if (!smid) {
- pr_err(MPT3SAS_FMT "%s: failed obtaining a smid\n",
- ioc->name, __func__);
+ ioc_err(ioc, "%s: failed obtaining a smid\n", __func__);
ioc->scsih_cmds.status = MPT3_CMD_NOT_USED;
rc = -EAGAIN;
goto out;
@@ -7689,9 +7602,9 @@ _scsih_ir_fastpath(struct MPT3SAS_ADAPTER *ioc, u16 handle, u8 phys_disk_num)
mpi_request->Action = MPI2_RAID_ACTION_PHYSDISK_HIDDEN;
mpi_request->PhysDiskNum = phys_disk_num;
- dewtprintk(ioc, pr_info(MPT3SAS_FMT "IR RAID_ACTION: turning fast "\
- "path on for handle(0x%04x), phys_disk_num (0x%02x)\n", ioc->name,
- handle, phys_disk_num));
+ dewtprintk(ioc,
+ ioc_info(ioc, "IR RAID_ACTION: turning fast path on for handle(0x%04x), phys_disk_num (0x%02x)\n",
+ handle, phys_disk_num));
init_completion(&ioc->scsih_cmds.done);
mpt3sas_base_put_smid_default(ioc, smid);
@@ -7716,15 +7629,13 @@ _scsih_ir_fastpath(struct MPT3SAS_ADAPTER *ioc, u16 handle, u8 phys_disk_num)
log_info = 0;
ioc_status &= MPI2_IOCSTATUS_MASK;
if (ioc_status != MPI2_IOCSTATUS_SUCCESS) {
- dewtprintk(ioc, pr_info(MPT3SAS_FMT
- "IR RAID_ACTION: failed: ioc_status(0x%04x), "
- "loginfo(0x%08x)!!!\n", ioc->name, ioc_status,
- log_info));
+ dewtprintk(ioc,
+ ioc_info(ioc, "IR RAID_ACTION: failed: ioc_status(0x%04x), loginfo(0x%08x)!!!\n",
+ ioc_status, log_info));
rc = -EFAULT;
} else
- dewtprintk(ioc, pr_info(MPT3SAS_FMT
- "IR RAID_ACTION: completed successfully\n",
- ioc->name));
+ dewtprintk(ioc,
+ ioc_info(ioc, "IR RAID_ACTION: completed successfully\n"));
}
out:
@@ -7769,9 +7680,8 @@ _scsih_sas_volume_add(struct MPT3SAS_ADAPTER *ioc,
mpt3sas_config_get_volume_wwid(ioc, handle, &wwid);
if (!wwid) {
- pr_err(MPT3SAS_FMT
- "failure at %s:%d/%s()!\n", ioc->name,
- __FILE__, __LINE__, __func__);
+ ioc_err(ioc, "failure at %s:%d/%s()!\n",
+ __FILE__, __LINE__, __func__);
return;
}
@@ -7784,9 +7694,8 @@ _scsih_sas_volume_add(struct MPT3SAS_ADAPTER *ioc,
raid_device = kzalloc(sizeof(struct _raid_device), GFP_KERNEL);
if (!raid_device) {
- pr_err(MPT3SAS_FMT
- "failure at %s:%d/%s()!\n", ioc->name,
- __FILE__, __LINE__, __func__);
+ ioc_err(ioc, "failure at %s:%d/%s()!\n",
+ __FILE__, __LINE__, __func__);
return;
}
@@ -7829,9 +7738,8 @@ _scsih_sas_volume_delete(struct MPT3SAS_ADAPTER *ioc, u16 handle)
sas_target_priv_data = starget->hostdata;
sas_target_priv_data->deleted = 1;
}
- pr_info(MPT3SAS_FMT "removing handle(0x%04x), wwid(0x%016llx)\n",
- ioc->name, raid_device->handle,
- (unsigned long long) raid_device->wwid);
+ ioc_info(ioc, "removing handle(0x%04x), wwid(0x%016llx)\n",
+ raid_device->handle, (u64)raid_device->wwid);
list_del(&raid_device->list);
kfree(raid_device);
}
@@ -7973,16 +7881,16 @@ _scsih_sas_pd_add(struct MPT3SAS_ADAPTER *ioc,
if ((mpt3sas_config_get_sas_device_pg0(ioc, &mpi_reply, &sas_device_pg0,
MPI2_SAS_DEVICE_PGAD_FORM_HANDLE, handle))) {
- pr_err(MPT3SAS_FMT "failure at %s:%d/%s()!\n",
- ioc->name, __FILE__, __LINE__, __func__);
+ ioc_err(ioc, "failure at %s:%d/%s()!\n",
+ __FILE__, __LINE__, __func__);
return;
}
ioc_status = le16_to_cpu(mpi_reply.IOCStatus) &
MPI2_IOCSTATUS_MASK;
if (ioc_status != MPI2_IOCSTATUS_SUCCESS) {
- pr_err(MPT3SAS_FMT "failure at %s:%d/%s()!\n",
- ioc->name, __FILE__, __LINE__, __func__);
+ ioc_err(ioc, "failure at %s:%d/%s()!\n",
+ __FILE__, __LINE__, __func__);
return;
}
@@ -8012,10 +7920,10 @@ _scsih_sas_ir_config_change_event_debug(struct MPT3SAS_ADAPTER *ioc,
element = (Mpi2EventIrConfigElement_t *)&event_data->ConfigElement[0];
- pr_info(MPT3SAS_FMT "raid config change: (%s), elements(%d)\n",
- ioc->name, (le32_to_cpu(event_data->Flags) &
- MPI2_EVENT_IR_CHANGE_FLAGS_FOREIGN_CONFIG) ?
- "foreign" : "native", event_data->NumElements);
+ ioc_info(ioc, "raid config change: (%s), elements(%d)\n",
+ le32_to_cpu(event_data->Flags) & MPI2_EVENT_IR_CHANGE_FLAGS_FOREIGN_CONFIG ?
+ "foreign" : "native",
+ event_data->NumElements);
for (i = 0; i < event_data->NumElements; i++, element++) {
switch (element->ReasonCode) {
case MPI2_EVENT_IR_CHANGE_RC_ADDED:
@@ -8171,10 +8079,11 @@ _scsih_sas_ir_volume_event(struct MPT3SAS_ADAPTER *ioc,
handle = le16_to_cpu(event_data->VolDevHandle);
state = le32_to_cpu(event_data->NewValue);
if (!ioc->hide_ir_msg)
- dewtprintk(ioc, pr_info(MPT3SAS_FMT
- "%s: handle(0x%04x), old(0x%08x), new(0x%08x)\n",
- ioc->name, __func__, handle,
- le32_to_cpu(event_data->PreviousValue), state));
+ dewtprintk(ioc,
+ ioc_info(ioc, "%s: handle(0x%04x), old(0x%08x), new(0x%08x)\n",
+ __func__, handle,
+ le32_to_cpu(event_data->PreviousValue),
+ state));
switch (state) {
case MPI2_RAID_VOL_STATE_MISSING:
case MPI2_RAID_VOL_STATE_FAILED:
@@ -8194,17 +8103,15 @@ _scsih_sas_ir_volume_event(struct MPT3SAS_ADAPTER *ioc,
mpt3sas_config_get_volume_wwid(ioc, handle, &wwid);
if (!wwid) {
- pr_err(MPT3SAS_FMT
- "failure at %s:%d/%s()!\n", ioc->name,
- __FILE__, __LINE__, __func__);
+ ioc_err(ioc, "failure at %s:%d/%s()!\n",
+ __FILE__, __LINE__, __func__);
break;
}
raid_device = kzalloc(sizeof(struct _raid_device), GFP_KERNEL);
if (!raid_device) {
- pr_err(MPT3SAS_FMT
- "failure at %s:%d/%s()!\n", ioc->name,
- __FILE__, __LINE__, __func__);
+ ioc_err(ioc, "failure at %s:%d/%s()!\n",
+ __FILE__, __LINE__, __func__);
break;
}
@@ -8255,10 +8162,11 @@ _scsih_sas_ir_physical_disk_event(struct MPT3SAS_ADAPTER *ioc,
state = le32_to_cpu(event_data->NewValue);
if (!ioc->hide_ir_msg)
- dewtprintk(ioc, pr_info(MPT3SAS_FMT
- "%s: handle(0x%04x), old(0x%08x), new(0x%08x)\n",
- ioc->name, __func__, handle,
- le32_to_cpu(event_data->PreviousValue), state));
+ dewtprintk(ioc,
+ ioc_info(ioc, "%s: handle(0x%04x), old(0x%08x), new(0x%08x)\n",
+ __func__, handle,
+ le32_to_cpu(event_data->PreviousValue),
+ state));
switch (state) {
case MPI2_RAID_PD_STATE_ONLINE:
@@ -8279,16 +8187,16 @@ _scsih_sas_ir_physical_disk_event(struct MPT3SAS_ADAPTER *ioc,
if ((mpt3sas_config_get_sas_device_pg0(ioc, &mpi_reply,
&sas_device_pg0, MPI2_SAS_DEVICE_PGAD_FORM_HANDLE,
handle))) {
- pr_err(MPT3SAS_FMT "failure at %s:%d/%s()!\n",
- ioc->name, __FILE__, __LINE__, __func__);
+ ioc_err(ioc, "failure at %s:%d/%s()!\n",
+ __FILE__, __LINE__, __func__);
return;
}
ioc_status = le16_to_cpu(mpi_reply.IOCStatus) &
MPI2_IOCSTATUS_MASK;
if (ioc_status != MPI2_IOCSTATUS_SUCCESS) {
- pr_err(MPT3SAS_FMT "failure at %s:%d/%s()!\n",
- ioc->name, __FILE__, __LINE__, __func__);
+ ioc_err(ioc, "failure at %s:%d/%s()!\n",
+ __FILE__, __LINE__, __func__);
return;
}
@@ -8342,11 +8250,10 @@ _scsih_sas_ir_operation_status_event_debug(struct MPT3SAS_ADAPTER *ioc,
if (!reason_str)
return;
- pr_info(MPT3SAS_FMT "raid operational status: (%s)" \
- "\thandle(0x%04x), percent complete(%d)\n",
- ioc->name, reason_str,
- le16_to_cpu(event_data->VolDevHandle),
- event_data->PercentComplete);
+ ioc_info(ioc, "raid operational status: (%s)\thandle(0x%04x), percent complete(%d)\n",
+ reason_str,
+ le16_to_cpu(event_data->VolDevHandle),
+ event_data->PercentComplete);
}
/**
@@ -8427,9 +8334,8 @@ Mpi2SasDevicePage0_t *sas_device_pg0)
mpt3sas_scsih_enclosure_find_by_handle(ioc,
le16_to_cpu(sas_device_pg0->EnclosureHandle));
if (enclosure_dev == NULL)
- pr_info(MPT3SAS_FMT "Enclosure handle(0x%04x)"
- "doesn't match with enclosure device!\n",
- ioc->name, sas_device_pg0->EnclosureHandle);
+ ioc_info(ioc, "Enclosure handle(0x%04x) doesn't match with enclosure device!\n",
+ sas_device_pg0->EnclosureHandle);
}
spin_lock_irqsave(&ioc->sas_device_lock, flags);
list_for_each_entry(sas_device, &ioc->sas_device_list, list) {
@@ -8523,8 +8429,7 @@ _scsih_create_enclosure_list_after_reset(struct MPT3SAS_ADAPTER *ioc)
enclosure_dev =
kzalloc(sizeof(struct _enclosure_node), GFP_KERNEL);
if (!enclosure_dev) {
- pr_err(MPT3SAS_FMT
- "failure at %s:%d/%s()!\n", ioc->name,
+ ioc_err(ioc, "failure at %s:%d/%s()!\n",
__FILE__, __LINE__, __func__);
return;
}
@@ -8561,7 +8466,7 @@ _scsih_search_responding_sas_devices(struct MPT3SAS_ADAPTER *ioc)
u16 handle;
u32 device_info;
- pr_info(MPT3SAS_FMT "search for end-devices: start\n", ioc->name);
+ ioc_info(ioc, "search for end-devices: start\n");
if (list_empty(&ioc->sas_device_list))
goto out;
@@ -8582,8 +8487,7 @@ _scsih_search_responding_sas_devices(struct MPT3SAS_ADAPTER *ioc)
}
out:
- pr_info(MPT3SAS_FMT "search for end-devices: complete\n",
- ioc->name);
+ ioc_info(ioc, "search for end-devices: complete\n");
}
/**
@@ -8676,7 +8580,7 @@ _scsih_search_responding_pcie_devices(struct MPT3SAS_ADAPTER *ioc)
u16 handle;
u32 device_info;
- pr_info(MPT3SAS_FMT "search for end-devices: start\n", ioc->name);
+ ioc_info(ioc, "search for end-devices: start\n");
if (list_empty(&ioc->pcie_device_list))
goto out;
@@ -8688,10 +8592,9 @@ _scsih_search_responding_pcie_devices(struct MPT3SAS_ADAPTER *ioc)
ioc_status = le16_to_cpu(mpi_reply.IOCStatus) &
MPI2_IOCSTATUS_MASK;
if (ioc_status != MPI2_IOCSTATUS_SUCCESS) {
- pr_info(MPT3SAS_FMT "\tbreak from %s: "
- "ioc_status(0x%04x), loginfo(0x%08x)\n", ioc->name,
- __func__, ioc_status,
- le32_to_cpu(mpi_reply.IOCLogInfo));
+ ioc_info(ioc, "\tbreak from %s: ioc_status(0x%04x), loginfo(0x%08x)\n",
+ __func__, ioc_status,
+ le32_to_cpu(mpi_reply.IOCLogInfo));
break;
}
handle = le16_to_cpu(pcie_device_pg0.DevHandle);
@@ -8701,8 +8604,7 @@ _scsih_search_responding_pcie_devices(struct MPT3SAS_ADAPTER *ioc)
_scsih_mark_responding_pcie_device(ioc, &pcie_device_pg0);
}
out:
- pr_info(MPT3SAS_FMT "search for PCIe end-devices: complete\n",
- ioc->name);
+ ioc_info(ioc, "search for PCIe end-devices: complete\n");
}
/**
@@ -8783,8 +8685,7 @@ _scsih_search_responding_raid_devices(struct MPT3SAS_ADAPTER *ioc)
if (!ioc->ir_firmware)
return;
- pr_info(MPT3SAS_FMT "search for raid volumes: start\n",
- ioc->name);
+ ioc_info(ioc, "search for raid volumes: start\n");
if (list_empty(&ioc->raid_device_list))
goto out;
@@ -8827,8 +8728,7 @@ _scsih_search_responding_raid_devices(struct MPT3SAS_ADAPTER *ioc)
}
}
out:
- pr_info(MPT3SAS_FMT "search for responding raid volumes: complete\n",
- ioc->name);
+ ioc_info(ioc, "search for responding raid volumes: complete\n");
}
/**
@@ -8900,7 +8800,7 @@ _scsih_search_responding_expanders(struct MPT3SAS_ADAPTER *ioc)
u64 sas_address;
u16 handle;
- pr_info(MPT3SAS_FMT "search for expanders: start\n", ioc->name);
+ ioc_info(ioc, "search for expanders: start\n");
if (list_empty(&ioc->sas_expander_list))
goto out;
@@ -8923,7 +8823,7 @@ _scsih_search_responding_expanders(struct MPT3SAS_ADAPTER *ioc)
}
out:
- pr_info(MPT3SAS_FMT "search for expanders: complete\n", ioc->name);
+ ioc_info(ioc, "search for expanders: complete\n");
}
/**
@@ -8941,12 +8841,10 @@ _scsih_remove_unresponding_devices(struct MPT3SAS_ADAPTER *ioc)
unsigned long flags;
LIST_HEAD(head);
- pr_info(MPT3SAS_FMT "removing unresponding devices: start\n",
- ioc->name);
+ ioc_info(ioc, "removing unresponding devices: start\n");
/* removing unresponding end devices */
- pr_info(MPT3SAS_FMT "removing unresponding devices: end-devices\n",
- ioc->name);
+ ioc_info(ioc, "removing unresponding devices: end-devices\n");
/*
* Iterate, pulling off devices marked as non-responding. We become the
* owner for the reference the list had on any object we prune.
@@ -8970,9 +8868,7 @@ _scsih_remove_unresponding_devices(struct MPT3SAS_ADAPTER *ioc)
sas_device_put(sas_device);
}
- pr_info(MPT3SAS_FMT
- " Removing unresponding devices: pcie end-devices\n"
- , ioc->name);
+ ioc_info(ioc, "Removing unresponding devices: pcie end-devices\n");
INIT_LIST_HEAD(&head);
spin_lock_irqsave(&ioc->pcie_device_lock, flags);
list_for_each_entry_safe(pcie_device, pcie_device_next,
@@ -8992,8 +8888,7 @@ _scsih_remove_unresponding_devices(struct MPT3SAS_ADAPTER *ioc)
/* removing unresponding volumes */
if (ioc->ir_firmware) {
- pr_info(MPT3SAS_FMT "removing unresponding devices: volumes\n",
- ioc->name);
+ ioc_info(ioc, "removing unresponding devices: volumes\n");
list_for_each_entry_safe(raid_device, raid_device_next,
&ioc->raid_device_list, list) {
if (!raid_device->responding)
@@ -9005,8 +8900,7 @@ _scsih_remove_unresponding_devices(struct MPT3SAS_ADAPTER *ioc)
}
/* removing unresponding expanders */
- pr_info(MPT3SAS_FMT "removing unresponding devices: expanders\n",
- ioc->name);
+ ioc_info(ioc, "removing unresponding devices: expanders\n");
spin_lock_irqsave(&ioc->sas_node_lock, flags);
INIT_LIST_HEAD(&tmp_list);
list_for_each_entry_safe(sas_expander, sas_expander_next,
@@ -9022,8 +8916,7 @@ _scsih_remove_unresponding_devices(struct MPT3SAS_ADAPTER *ioc)
_scsih_expander_node_remove(ioc, sas_expander);
}
- pr_info(MPT3SAS_FMT "removing unresponding devices: complete\n",
- ioc->name);
+ ioc_info(ioc, "removing unresponding devices: complete\n");
/* unblock devices */
_scsih_ublock_io_all_device(ioc);
@@ -9040,8 +8933,8 @@ _scsih_refresh_expander_links(struct MPT3SAS_ADAPTER *ioc,
for (i = 0 ; i < sas_expander->num_phys ; i++) {
if ((mpt3sas_config_get_expander_pg1(ioc, &mpi_reply,
&expander_pg1, i, handle))) {
- pr_err(MPT3SAS_FMT "failure at %s:%d/%s()!\n",
- ioc->name, __FILE__, __LINE__, __func__);
+ ioc_err(ioc, "failure at %s:%d/%s()!\n",
+ __FILE__, __LINE__, __func__);
return;
}
@@ -9077,11 +8970,11 @@ _scsih_scan_for_devices_after_reset(struct MPT3SAS_ADAPTER *ioc)
u8 retry_count;
unsigned long flags;
- pr_info(MPT3SAS_FMT "scan devices: start\n", ioc->name);
+ ioc_info(ioc, "scan devices: start\n");
_scsih_sas_host_refresh(ioc);
- pr_info(MPT3SAS_FMT "\tscan devices: expanders start\n", ioc->name);
+ ioc_info(ioc, "\tscan devices: expanders start\n");
/* expanders */
handle = 0xFFFF;
@@ -9090,10 +8983,8 @@ _scsih_scan_for_devices_after_reset(struct MPT3SAS_ADAPTER *ioc)
ioc_status = le16_to_cpu(mpi_reply.IOCStatus) &
MPI2_IOCSTATUS_MASK;
if (ioc_status != MPI2_IOCSTATUS_SUCCESS) {
- pr_info(MPT3SAS_FMT "\tbreak from expander scan: " \
- "ioc_status(0x%04x), loginfo(0x%08x)\n",
- ioc->name, ioc_status,
- le32_to_cpu(mpi_reply.IOCLogInfo));
+ ioc_info(ioc, "\tbreak from expander scan: ioc_status(0x%04x), loginfo(0x%08x)\n",
+ ioc_status, le32_to_cpu(mpi_reply.IOCLogInfo));
break;
}
handle = le16_to_cpu(expander_pg0.DevHandle);
@@ -9105,25 +8996,22 @@ _scsih_scan_for_devices_after_reset(struct MPT3SAS_ADAPTER *ioc)
_scsih_refresh_expander_links(ioc, expander_device,
handle);
else {
- pr_info(MPT3SAS_FMT "\tBEFORE adding expander: " \
- "handle (0x%04x), sas_addr(0x%016llx)\n", ioc->name,
- handle, (unsigned long long)
- le64_to_cpu(expander_pg0.SASAddress));
+ ioc_info(ioc, "\tBEFORE adding expander: handle (0x%04x), sas_addr(0x%016llx)\n",
+ handle,
+ (u64)le64_to_cpu(expander_pg0.SASAddress));
_scsih_expander_add(ioc, handle);
- pr_info(MPT3SAS_FMT "\tAFTER adding expander: " \
- "handle (0x%04x), sas_addr(0x%016llx)\n", ioc->name,
- handle, (unsigned long long)
- le64_to_cpu(expander_pg0.SASAddress));
+ ioc_info(ioc, "\tAFTER adding expander: handle (0x%04x), sas_addr(0x%016llx)\n",
+ handle,
+ (u64)le64_to_cpu(expander_pg0.SASAddress));
}
}
- pr_info(MPT3SAS_FMT "\tscan devices: expanders complete\n",
- ioc->name);
+ ioc_info(ioc, "\tscan devices: expanders complete\n");
if (!ioc->ir_firmware)
goto skip_to_sas;
- pr_info(MPT3SAS_FMT "\tscan devices: phys disk start\n", ioc->name);
+ ioc_info(ioc, "\tscan devices: phys disk start\n");
/* phys disk */
phys_disk_num = 0xFF;
@@ -9133,10 +9021,8 @@ _scsih_scan_for_devices_after_reset(struct MPT3SAS_ADAPTER *ioc)
ioc_status = le16_to_cpu(mpi_reply.IOCStatus) &
MPI2_IOCSTATUS_MASK;
if (ioc_status != MPI2_IOCSTATUS_SUCCESS) {
- pr_info(MPT3SAS_FMT "\tbreak from phys disk scan: "\
- "ioc_status(0x%04x), loginfo(0x%08x)\n",
- ioc->name, ioc_status,
- le32_to_cpu(mpi_reply.IOCLogInfo));
+ ioc_info(ioc, "\tbreak from phys disk scan: ioc_status(0x%04x), loginfo(0x%08x)\n",
+ ioc_status, le32_to_cpu(mpi_reply.IOCLogInfo));
break;
}
phys_disk_num = pd_pg0.PhysDiskNum;
@@ -9153,19 +9039,16 @@ _scsih_scan_for_devices_after_reset(struct MPT3SAS_ADAPTER *ioc)
ioc_status = le16_to_cpu(mpi_reply.IOCStatus) &
MPI2_IOCSTATUS_MASK;
if (ioc_status != MPI2_IOCSTATUS_SUCCESS) {
- pr_info(MPT3SAS_FMT "\tbreak from phys disk scan " \
- "ioc_status(0x%04x), loginfo(0x%08x)\n",
- ioc->name, ioc_status,
- le32_to_cpu(mpi_reply.IOCLogInfo));
+ ioc_info(ioc, "\tbreak from phys disk scan ioc_status(0x%04x), loginfo(0x%08x)\n",
+ ioc_status, le32_to_cpu(mpi_reply.IOCLogInfo));
break;
}
parent_handle = le16_to_cpu(sas_device_pg0.ParentDevHandle);
if (!_scsih_get_sas_address(ioc, parent_handle,
&sas_address)) {
- pr_info(MPT3SAS_FMT "\tBEFORE adding phys disk: " \
- " handle (0x%04x), sas_addr(0x%016llx)\n",
- ioc->name, handle, (unsigned long long)
- le64_to_cpu(sas_device_pg0.SASAddress));
+ ioc_info(ioc, "\tBEFORE adding phys disk: handle (0x%04x), sas_addr(0x%016llx)\n",
+ handle,
+ (u64)le64_to_cpu(sas_device_pg0.SASAddress));
mpt3sas_transport_update_links(ioc, sas_address,
handle, sas_device_pg0.PhyNum,
MPI2_SAS_NEG_LINK_RATE_1_5);
@@ -9179,17 +9062,15 @@ _scsih_scan_for_devices_after_reset(struct MPT3SAS_ADAPTER *ioc)
1)) {
ssleep(1);
}
- pr_info(MPT3SAS_FMT "\tAFTER adding phys disk: " \
- " handle (0x%04x), sas_addr(0x%016llx)\n",
- ioc->name, handle, (unsigned long long)
- le64_to_cpu(sas_device_pg0.SASAddress));
+ ioc_info(ioc, "\tAFTER adding phys disk: handle (0x%04x), sas_addr(0x%016llx)\n",
+ handle,
+ (u64)le64_to_cpu(sas_device_pg0.SASAddress));
}
}
- pr_info(MPT3SAS_FMT "\tscan devices: phys disk complete\n",
- ioc->name);
+ ioc_info(ioc, "\tscan devices: phys disk complete\n");
- pr_info(MPT3SAS_FMT "\tscan devices: volumes start\n", ioc->name);
+ ioc_info(ioc, "\tscan devices: volumes start\n");
/* volumes */
handle = 0xFFFF;
@@ -9198,10 +9079,8 @@ _scsih_scan_for_devices_after_reset(struct MPT3SAS_ADAPTER *ioc)
ioc_status = le16_to_cpu(mpi_reply.IOCStatus) &
MPI2_IOCSTATUS_MASK;
if (ioc_status != MPI2_IOCSTATUS_SUCCESS) {
- pr_info(MPT3SAS_FMT "\tbreak from volume scan: " \
- "ioc_status(0x%04x), loginfo(0x%08x)\n",
- ioc->name, ioc_status,
- le32_to_cpu(mpi_reply.IOCLogInfo));
+ ioc_info(ioc, "\tbreak from volume scan: ioc_status(0x%04x), loginfo(0x%08x)\n",
+ ioc_status, le32_to_cpu(mpi_reply.IOCLogInfo));
break;
}
handle = le16_to_cpu(volume_pg1.DevHandle);
@@ -9218,10 +9097,8 @@ _scsih_scan_for_devices_after_reset(struct MPT3SAS_ADAPTER *ioc)
ioc_status = le16_to_cpu(mpi_reply.IOCStatus) &
MPI2_IOCSTATUS_MASK;
if (ioc_status != MPI2_IOCSTATUS_SUCCESS) {
- pr_info(MPT3SAS_FMT "\tbreak from volume scan: " \
- "ioc_status(0x%04x), loginfo(0x%08x)\n",
- ioc->name, ioc_status,
- le32_to_cpu(mpi_reply.IOCLogInfo));
+ ioc_info(ioc, "\tbreak from volume scan: ioc_status(0x%04x), loginfo(0x%08x)\n",
+ ioc_status, le32_to_cpu(mpi_reply.IOCLogInfo));
break;
}
if (volume_pg0.VolumeState == MPI2_RAID_VOL_STATE_OPTIMAL ||
@@ -9230,23 +9107,19 @@ _scsih_scan_for_devices_after_reset(struct MPT3SAS_ADAPTER *ioc)
memset(&element, 0, sizeof(Mpi2EventIrConfigElement_t));
element.ReasonCode = MPI2_EVENT_IR_CHANGE_RC_ADDED;
element.VolDevHandle = volume_pg1.DevHandle;
- pr_info(MPT3SAS_FMT
- "\tBEFORE adding volume: handle (0x%04x)\n",
- ioc->name, volume_pg1.DevHandle);
+ ioc_info(ioc, "\tBEFORE adding volume: handle (0x%04x)\n",
+ volume_pg1.DevHandle);
_scsih_sas_volume_add(ioc, &element);
- pr_info(MPT3SAS_FMT
- "\tAFTER adding volume: handle (0x%04x)\n",
- ioc->name, volume_pg1.DevHandle);
+ ioc_info(ioc, "\tAFTER adding volume: handle (0x%04x)\n",
+ volume_pg1.DevHandle);
}
}
- pr_info(MPT3SAS_FMT "\tscan devices: volumes complete\n",
- ioc->name);
+ ioc_info(ioc, "\tscan devices: volumes complete\n");
skip_to_sas:
- pr_info(MPT3SAS_FMT "\tscan devices: end devices start\n",
- ioc->name);
+ ioc_info(ioc, "\tscan devices: end devices start\n");
/* sas devices */
handle = 0xFFFF;
@@ -9256,10 +9129,8 @@ _scsih_scan_for_devices_after_reset(struct MPT3SAS_ADAPTER *ioc)
ioc_status = le16_to_cpu(mpi_reply.IOCStatus) &
MPI2_IOCSTATUS_MASK;
if (ioc_status != MPI2_IOCSTATUS_SUCCESS) {
- pr_info(MPT3SAS_FMT "\tbreak from end device scan:"\
- " ioc_status(0x%04x), loginfo(0x%08x)\n",
- ioc->name, ioc_status,
- le32_to_cpu(mpi_reply.IOCLogInfo));
+ ioc_info(ioc, "\tbreak from end device scan: ioc_status(0x%04x), loginfo(0x%08x)\n",
+ ioc_status, le32_to_cpu(mpi_reply.IOCLogInfo));
break;
}
handle = le16_to_cpu(sas_device_pg0.DevHandle);
@@ -9274,10 +9145,9 @@ _scsih_scan_for_devices_after_reset(struct MPT3SAS_ADAPTER *ioc)
}
parent_handle = le16_to_cpu(sas_device_pg0.ParentDevHandle);
if (!_scsih_get_sas_address(ioc, parent_handle, &sas_address)) {
- pr_info(MPT3SAS_FMT "\tBEFORE adding end device: " \
- "handle (0x%04x), sas_addr(0x%016llx)\n", ioc->name,
- handle, (unsigned long long)
- le64_to_cpu(sas_device_pg0.SASAddress));
+ ioc_info(ioc, "\tBEFORE adding end device: handle (0x%04x), sas_addr(0x%016llx)\n",
+ handle,
+ (u64)le64_to_cpu(sas_device_pg0.SASAddress));
mpt3sas_transport_update_links(ioc, sas_address, handle,
sas_device_pg0.PhyNum, MPI2_SAS_NEG_LINK_RATE_1_5);
retry_count = 0;
@@ -9289,16 +9159,13 @@ _scsih_scan_for_devices_after_reset(struct MPT3SAS_ADAPTER *ioc)
0)) {
ssleep(1);
}
- pr_info(MPT3SAS_FMT "\tAFTER adding end device: " \
- "handle (0x%04x), sas_addr(0x%016llx)\n", ioc->name,
- handle, (unsigned long long)
- le64_to_cpu(sas_device_pg0.SASAddress));
+ ioc_info(ioc, "\tAFTER adding end device: handle (0x%04x), sas_addr(0x%016llx)\n",
+ handle,
+ (u64)le64_to_cpu(sas_device_pg0.SASAddress));
}
}
- pr_info(MPT3SAS_FMT "\tscan devices: end devices complete\n",
- ioc->name);
- pr_info(MPT3SAS_FMT "\tscan devices: pcie end devices start\n",
- ioc->name);
+ ioc_info(ioc, "\tscan devices: end devices complete\n");
+ ioc_info(ioc, "\tscan devices: pcie end devices start\n");
/* pcie devices */
handle = 0xFFFF;
@@ -9308,10 +9175,8 @@ _scsih_scan_for_devices_after_reset(struct MPT3SAS_ADAPTER *ioc)
ioc_status = le16_to_cpu(mpi_reply.IOCStatus)
& MPI2_IOCSTATUS_MASK;
if (ioc_status != MPI2_IOCSTATUS_SUCCESS) {
- pr_info(MPT3SAS_FMT "\tbreak from pcie end device"
- " scan: ioc_status(0x%04x), loginfo(0x%08x)\n",
- ioc->name, ioc_status,
- le32_to_cpu(mpi_reply.IOCLogInfo));
+ ioc_info(ioc, "\tbreak from pcie end device scan: ioc_status(0x%04x), loginfo(0x%08x)\n",
+ ioc_status, le32_to_cpu(mpi_reply.IOCLogInfo));
break;
}
handle = le16_to_cpu(pcie_device_pg0.DevHandle);
@@ -9328,14 +9193,11 @@ _scsih_scan_for_devices_after_reset(struct MPT3SAS_ADAPTER *ioc)
parent_handle = le16_to_cpu(pcie_device_pg0.ParentDevHandle);
_scsih_pcie_add_device(ioc, handle);
- pr_info(MPT3SAS_FMT "\tAFTER adding pcie end device: "
- "handle (0x%04x), wwid(0x%016llx)\n", ioc->name,
- handle,
- (unsigned long long) le64_to_cpu(pcie_device_pg0.WWID));
+ ioc_info(ioc, "\tAFTER adding pcie end device: handle (0x%04x), wwid(0x%016llx)\n",
+ handle, (u64)le64_to_cpu(pcie_device_pg0.WWID));
}
- pr_info(MPT3SAS_FMT "\tpcie devices: pcie end devices complete\n",
- ioc->name);
- pr_info(MPT3SAS_FMT "scan devices: complete\n", ioc->name);
+ ioc_info(ioc, "\tpcie devices: pcie end devices complete\n");
+ ioc_info(ioc, "scan devices: complete\n");
}
/**
@@ -9346,8 +9208,7 @@ _scsih_scan_for_devices_after_reset(struct MPT3SAS_ADAPTER *ioc)
*/
void mpt3sas_scsih_pre_reset_handler(struct MPT3SAS_ADAPTER *ioc)
{
- dtmprintk(ioc, pr_info(MPT3SAS_FMT
- "%s: MPT3_IOC_PRE_RESET\n", ioc->name, __func__));
+ dtmprintk(ioc, ioc_info(ioc, "%s: MPT3_IOC_PRE_RESET\n", __func__));
}
/**
@@ -9359,8 +9220,7 @@ void mpt3sas_scsih_pre_reset_handler(struct MPT3SAS_ADAPTER *ioc)
void
mpt3sas_scsih_after_reset_handler(struct MPT3SAS_ADAPTER *ioc)
{
- dtmprintk(ioc, pr_info(MPT3SAS_FMT
- "%s: MPT3_IOC_AFTER_RESET\n", ioc->name, __func__));
+ dtmprintk(ioc, ioc_info(ioc, "%s: MPT3_IOC_AFTER_RESET\n", __func__));
if (ioc->scsih_cmds.status & MPT3_CMD_PENDING) {
ioc->scsih_cmds.status |= MPT3_CMD_RESET;
mpt3sas_base_free_smid(ioc, ioc->scsih_cmds.smid);
@@ -9388,8 +9248,7 @@ mpt3sas_scsih_after_reset_handler(struct MPT3SAS_ADAPTER *ioc)
void
mpt3sas_scsih_reset_done_handler(struct MPT3SAS_ADAPTER *ioc)
{
- dtmprintk(ioc, pr_info(MPT3SAS_FMT
- "%s: MPT3_IOC_DONE_RESET\n", ioc->name, __func__));
+ dtmprintk(ioc, ioc_info(ioc, "%s: MPT3_IOC_DONE_RESET\n", __func__));
if ((!ioc->is_driver_loading) && !(disable_discovery > 0 &&
!ioc->sas_hba.num_phys)) {
_scsih_prep_device_scan(ioc);
@@ -9444,9 +9303,8 @@ _mpt3sas_fw_work(struct MPT3SAS_ADAPTER *ioc, struct fw_event_work *fw_event)
if (missing_delay[0] != -1 && missing_delay[1] != -1)
mpt3sas_base_update_missing_delay(ioc, missing_delay[0],
missing_delay[1]);
- dewtprintk(ioc, pr_info(MPT3SAS_FMT
- "port enable: complete from worker thread\n",
- ioc->name));
+ dewtprintk(ioc,
+ ioc_info(ioc, "port enable: complete from worker thread\n"));
break;
case MPT3SAS_TURN_ON_PFA_LED:
_scsih_turn_on_pfa_led(ioc, fw_event->device_handle);
@@ -9544,8 +9402,8 @@ mpt3sas_scsih_event_callback(struct MPT3SAS_ADAPTER *ioc, u8 msix_index,
mpi_reply = mpt3sas_base_get_reply_virt_addr(ioc, reply);
if (unlikely(!mpi_reply)) {
- pr_err(MPT3SAS_FMT "mpi_reply not valid at %s:%d/%s()!\n",
- ioc->name, __FILE__, __LINE__, __func__);
+ ioc_err(ioc, "mpi_reply not valid at %s:%d/%s()!\n",
+ __FILE__, __LINE__, __func__);
return 1;
}
@@ -9612,30 +9470,16 @@ mpt3sas_scsih_event_callback(struct MPT3SAS_ADAPTER *ioc, u8 msix_index,
switch (le32_to_cpu(*log_code)) {
case MPT2_WARPDRIVE_LC_SSDT:
- pr_warn(MPT3SAS_FMT "WarpDrive Warning: "
- "IO Throttling has occurred in the WarpDrive "
- "subsystem. Check WarpDrive documentation for "
- "additional details.\n", ioc->name);
+ ioc_warn(ioc, "WarpDrive Warning: IO Throttling has occurred in the WarpDrive subsystem. Check WarpDrive documentation for additional details.\n");
break;
case MPT2_WARPDRIVE_LC_SSDLW:
- pr_warn(MPT3SAS_FMT "WarpDrive Warning: "
- "Program/Erase Cycles for the WarpDrive subsystem "
- "in degraded range. Check WarpDrive documentation "
- "for additional details.\n", ioc->name);
+ ioc_warn(ioc, "WarpDrive Warning: Program/Erase Cycles for the WarpDrive subsystem in degraded range. Check WarpDrive documentation for additional details.\n");
break;
case MPT2_WARPDRIVE_LC_SSDLF:
- pr_err(MPT3SAS_FMT "WarpDrive Fatal Error: "
- "There are no Program/Erase Cycles for the "
- "WarpDrive subsystem. The storage device will be "
- "in read-only mode. Check WarpDrive documentation "
- "for additional details.\n", ioc->name);
+ ioc_err(ioc, "WarpDrive Fatal Error: There are no Program/Erase Cycles for the WarpDrive subsystem. The storage device will be in read-only mode. Check WarpDrive documentation for additional details.\n");
break;
case MPT2_WARPDRIVE_LC_BRMF:
- pr_err(MPT3SAS_FMT "WarpDrive Fatal Error: "
- "The Backup Rail Monitor has failed on the "
- "WarpDrive subsystem. Check WarpDrive "
- "documentation for additional details.\n",
- ioc->name);
+ ioc_err(ioc, "WarpDrive Fatal Error: The Backup Rail Monitor has failed on the WarpDrive subsystem. Check WarpDrive documentation for additional details.\n");
break;
}
@@ -9661,9 +9505,8 @@ mpt3sas_scsih_event_callback(struct MPT3SAS_ADAPTER *ioc, u8 msix_index,
(Mpi26EventDataActiveCableExcept_t *) mpi_reply->EventData;
switch (ActiveCableEventData->ReasonCode) {
case MPI26_EVENT_ACTIVE_CABLE_INSUFFICIENT_POWER:
- pr_notice(MPT3SAS_FMT
- "Currently an active cable with ReceptacleID %d\n",
- ioc->name, ActiveCableEventData->ReceptacleID);
+ ioc_notice(ioc, "Currently an active cable with ReceptacleID %d\n",
+ ActiveCableEventData->ReceptacleID);
pr_notice("cannot be powered and devices connected\n");
pr_notice("to this active cable will not be seen\n");
pr_notice("This active cable requires %d mW of power\n",
@@ -9671,9 +9514,8 @@ mpt3sas_scsih_event_callback(struct MPT3SAS_ADAPTER *ioc, u8 msix_index,
break;
case MPI26_EVENT_ACTIVE_CABLE_DEGRADED:
- pr_notice(MPT3SAS_FMT
- "Currently a cable with ReceptacleID %d\n",
- ioc->name, ActiveCableEventData->ReceptacleID);
+ ioc_notice(ioc, "Currently a cable with ReceptacleID %d\n",
+ ActiveCableEventData->ReceptacleID);
pr_notice(
"is not running at optimal speed(12 Gb/s rate)\n");
break;
@@ -9688,8 +9530,8 @@ mpt3sas_scsih_event_callback(struct MPT3SAS_ADAPTER *ioc, u8 msix_index,
sz = le16_to_cpu(mpi_reply->EventDataLength) * 4;
fw_event = alloc_fw_event_work(sz);
if (!fw_event) {
- pr_err(MPT3SAS_FMT "failure at %s:%d/%s()!\n",
- ioc->name, __FILE__, __LINE__, __func__);
+ ioc_err(ioc, "failure at %s:%d/%s()!\n",
+ __FILE__, __LINE__, __func__);
return 1;
}
@@ -9738,11 +9580,9 @@ _scsih_expander_node_remove(struct MPT3SAS_ADAPTER *ioc,
mpt3sas_transport_port_remove(ioc, sas_expander->sas_address,
sas_expander->sas_address_parent);
- pr_info(MPT3SAS_FMT
- "expander_remove: handle(0x%04x), sas_addr(0x%016llx)\n",
- ioc->name,
- sas_expander->handle, (unsigned long long)
- sas_expander->sas_address);
+ ioc_info(ioc, "expander_remove: handle(0x%04x), sas_addr(0x%016llx)\n",
+ sas_expander->handle, (unsigned long long)
+ sas_expander->sas_address);
spin_lock_irqsave(&ioc->sas_node_lock, flags);
list_del(&sas_expander->list);
@@ -9777,16 +9617,14 @@ _scsih_ir_shutdown(struct MPT3SAS_ADAPTER *ioc)
mutex_lock(&ioc->scsih_cmds.mutex);
if (ioc->scsih_cmds.status != MPT3_CMD_NOT_USED) {
- pr_err(MPT3SAS_FMT "%s: scsih_cmd in use\n",
- ioc->name, __func__);
+ ioc_err(ioc, "%s: scsih_cmd in use\n", __func__);
goto out;
}
ioc->scsih_cmds.status = MPT3_CMD_PENDING;
smid = mpt3sas_base_get_smid(ioc, ioc->scsih_cb_idx);
if (!smid) {
- pr_err(MPT3SAS_FMT "%s: failed obtaining a smid\n",
- ioc->name, __func__);
+ ioc_err(ioc, "%s: failed obtaining a smid\n", __func__);
ioc->scsih_cmds.status = MPT3_CMD_NOT_USED;
goto out;
}
@@ -9799,24 +9637,22 @@ _scsih_ir_shutdown(struct MPT3SAS_ADAPTER *ioc)
mpi_request->Action = MPI2_RAID_ACTION_SYSTEM_SHUTDOWN_INITIATED;
if (!ioc->hide_ir_msg)
- pr_info(MPT3SAS_FMT "IR shutdown (sending)\n", ioc->name);
+ ioc_info(ioc, "IR shutdown (sending)\n");
init_completion(&ioc->scsih_cmds.done);
mpt3sas_base_put_smid_default(ioc, smid);
wait_for_completion_timeout(&ioc->scsih_cmds.done, 10*HZ);
if (!(ioc->scsih_cmds.status & MPT3_CMD_COMPLETE)) {
- pr_err(MPT3SAS_FMT "%s: timeout\n",
- ioc->name, __func__);
+ ioc_err(ioc, "%s: timeout\n", __func__);
goto out;
}
if (ioc->scsih_cmds.status & MPT3_CMD_REPLY_VALID) {
mpi_reply = ioc->scsih_cmds.reply;
if (!ioc->hide_ir_msg)
- pr_info(MPT3SAS_FMT "IR shutdown "
- "(complete): ioc_status(0x%04x), loginfo(0x%08x)\n",
- ioc->name, le16_to_cpu(mpi_reply->IOCStatus),
- le32_to_cpu(mpi_reply->IOCLogInfo));
+ ioc_info(ioc, "IR shutdown (complete): ioc_status(0x%04x), loginfo(0x%08x)\n",
+ le16_to_cpu(mpi_reply->IOCStatus),
+ le32_to_cpu(mpi_reply->IOCLogInfo));
}
out:
@@ -9866,9 +9702,8 @@ static void scsih_remove(struct pci_dev *pdev)
sas_target_priv_data->deleted = 1;
scsi_remove_target(&raid_device->starget->dev);
}
- pr_info(MPT3SAS_FMT "removing handle(0x%04x), wwid(0x%016llx)\n",
- ioc->name, raid_device->handle,
- (unsigned long long) raid_device->wwid);
+ ioc_info(ioc, "removing handle(0x%04x), wwid(0x%016llx)\n",
+ raid_device->handle, (u64)raid_device->wwid);
_scsih_raid_device_remove(ioc, raid_device);
}
list_for_each_entry_safe(pcie_device, pcienext, &ioc->pcie_device_list,
@@ -10278,7 +10113,7 @@ scsih_scan_start(struct Scsi_Host *shost)
rc = mpt3sas_port_enable(ioc);
if (rc != 0)
- pr_info(MPT3SAS_FMT "port enable: FAILED\n", ioc->name);
+ ioc_info(ioc, "port enable: FAILED\n");
}
/**
@@ -10303,9 +10138,7 @@ scsih_scan_finished(struct Scsi_Host *shost, unsigned long time)
if (time >= (300 * HZ)) {
ioc->port_enable_cmds.status = MPT3_CMD_NOT_USED;
- pr_info(MPT3SAS_FMT
- "port enable: FAILED with timeout (timeout=300s)\n",
- ioc->name);
+ ioc_info(ioc, "port enable: FAILED with timeout (timeout=300s)\n");
ioc->is_driver_loading = 0;
return 1;
}
@@ -10314,16 +10147,15 @@ scsih_scan_finished(struct Scsi_Host *shost, unsigned long time)
return 0;
if (ioc->start_scan_failed) {
- pr_info(MPT3SAS_FMT
- "port enable: FAILED with (ioc_status=0x%08x)\n",
- ioc->name, ioc->start_scan_failed);
+ ioc_info(ioc, "port enable: FAILED with (ioc_status=0x%08x)\n",
+ ioc->start_scan_failed);
ioc->is_driver_loading = 0;
ioc->wait_for_discovery_to_complete = 0;
ioc->remove_host = 1;
return 1;
}
- pr_info(MPT3SAS_FMT "port enable: SUCCESS\n", ioc->name);
+ ioc_info(ioc, "port enable: SUCCESS\n");
ioc->port_enable_cmds.status = MPT3_CMD_NOT_USED;
if (ioc->wait_for_discovery_to_complete) {
@@ -10634,28 +10466,22 @@ _scsih_probe(struct pci_dev *pdev, const struct pci_device_id *id)
if (ioc->is_mcpu_endpoint) {
/* mCPU MPI support 64K max IO */
shost->max_sectors = 128;
- pr_info(MPT3SAS_FMT
- "The max_sectors value is set to %d\n",
- ioc->name, shost->max_sectors);
+ ioc_info(ioc, "The max_sectors value is set to %d\n",
+ shost->max_sectors);
} else {
if (max_sectors != 0xFFFF) {
if (max_sectors < 64) {
shost->max_sectors = 64;
- pr_warn(MPT3SAS_FMT "Invalid value %d passed " \
- "for max_sectors, range is 64 to 32767. " \
- "Assigning value of 64.\n", \
- ioc->name, max_sectors);
+ ioc_warn(ioc, "Invalid value %d passed for max_sectors, range is 64 to 32767. Assigning value of 64.\n",
+ max_sectors);
} else if (max_sectors > 32767) {
shost->max_sectors = 32767;
- pr_warn(MPT3SAS_FMT "Invalid value %d passed " \
- "for max_sectors, range is 64 to 32767." \
- "Assigning default value of 32767.\n", \
- ioc->name, max_sectors);
+ ioc_warn(ioc, "Invalid value %d passed for max_sectors, range is 64 to 32767.Assigning default value of 32767.\n",
+ max_sectors);
} else {
shost->max_sectors = max_sectors & 0xFFFE;
- pr_info(MPT3SAS_FMT
- "The max_sectors value is set to %d\n",
- ioc->name, shost->max_sectors);
+ ioc_info(ioc, "The max_sectors value is set to %d\n",
+ shost->max_sectors);
}
}
}
@@ -10675,16 +10501,16 @@ _scsih_probe(struct pci_dev *pdev, const struct pci_device_id *id)
ioc->firmware_event_thread = alloc_ordered_workqueue(
ioc->firmware_event_name, 0);
if (!ioc->firmware_event_thread) {
- pr_err(MPT3SAS_FMT "failure at %s:%d/%s()!\n",
- ioc->name, __FILE__, __LINE__, __func__);
+ ioc_err(ioc, "failure at %s:%d/%s()!\n",
+ __FILE__, __LINE__, __func__);
rv = -ENODEV;
goto out_thread_fail;
}
ioc->is_driver_loading = 1;
if ((mpt3sas_base_attach(ioc))) {
- pr_err(MPT3SAS_FMT "failure at %s:%d/%s()!\n",
- ioc->name, __FILE__, __LINE__, __func__);
+ ioc_err(ioc, "failure at %s:%d/%s()!\n",
+ __FILE__, __LINE__, __func__);
rv = -ENODEV;
goto out_attach_fail;
}
@@ -10705,8 +10531,8 @@ _scsih_probe(struct pci_dev *pdev, const struct pci_device_id *id)
rv = scsi_add_host(shost, &pdev->dev);
if (rv) {
- pr_err(MPT3SAS_FMT "failure at %s:%d/%s()!\n",
- ioc->name, __FILE__, __LINE__, __func__);
+ ioc_err(ioc, "failure at %s:%d/%s()!\n",
+ __FILE__, __LINE__, __func__);
goto out_add_shost_fail;
}
@@ -10743,9 +10569,8 @@ scsih_suspend(struct pci_dev *pdev, pm_message_t state)
flush_scheduled_work();
scsi_block_requests(shost);
device_state = pci_choose_state(pdev, state);
- pr_info(MPT3SAS_FMT
- "pdev=0x%p, slot=%s, entering operating state [D%d]\n",
- ioc->name, pdev, pci_name(pdev), device_state);
+ ioc_info(ioc, "pdev=0x%p, slot=%s, entering operating state [D%d]\n",
+ pdev, pci_name(pdev), device_state);
pci_save_state(pdev);
mpt3sas_base_free_resources(ioc);
@@ -10767,9 +10592,8 @@ scsih_resume(struct pci_dev *pdev)
pci_power_t device_state = pdev->current_state;
int r;
- pr_info(MPT3SAS_FMT
- "pdev=0x%p, slot=%s, previous operating state [D%d]\n",
- ioc->name, pdev, pci_name(pdev), device_state);
+ ioc_info(ioc, "pdev=0x%p, slot=%s, previous operating state [D%d]\n",
+ pdev, pci_name(pdev), device_state);
pci_set_power_state(pdev, PCI_D0);
pci_enable_wake(pdev, PCI_D0, 0);
@@ -10801,8 +10625,7 @@ scsih_pci_error_detected(struct pci_dev *pdev, pci_channel_state_t state)
struct Scsi_Host *shost = pci_get_drvdata(pdev);
struct MPT3SAS_ADAPTER *ioc = shost_priv(shost);
- pr_info(MPT3SAS_FMT "PCI error: detected callback, state(%d)!!\n",
- ioc->name, state);
+ ioc_info(ioc, "PCI error: detected callback, state(%d)!!\n", state);
switch (state) {
case pci_channel_io_normal:
@@ -10839,8 +10662,7 @@ scsih_pci_slot_reset(struct pci_dev *pdev)
struct MPT3SAS_ADAPTER *ioc = shost_priv(shost);
int rc;
- pr_info(MPT3SAS_FMT "PCI error: slot reset callback!!\n",
- ioc->name);
+ ioc_info(ioc, "PCI error: slot reset callback!!\n");
ioc->pci_error_recovery = 0;
ioc->pdev = pdev;
@@ -10851,8 +10673,8 @@ scsih_pci_slot_reset(struct pci_dev *pdev)
rc = mpt3sas_base_hard_reset_handler(ioc, FORCE_BIG_HAMMER);
- pr_warn(MPT3SAS_FMT "hard reset: %s\n", ioc->name,
- (rc == 0) ? "success" : "failed");
+ ioc_warn(ioc, "hard reset: %s\n",
+ (rc == 0) ? "success" : "failed");
if (!rc)
return PCI_ERS_RESULT_RECOVERED;
@@ -10874,7 +10696,7 @@ scsih_pci_resume(struct pci_dev *pdev)
struct Scsi_Host *shost = pci_get_drvdata(pdev);
struct MPT3SAS_ADAPTER *ioc = shost_priv(shost);
- pr_info(MPT3SAS_FMT "PCI error: resume callback!!\n", ioc->name);
+ ioc_info(ioc, "PCI error: resume callback!!\n");
pci_cleanup_aer_uncorrect_error_status(pdev);
mpt3sas_base_start_watchdog(ioc);
@@ -10891,8 +10713,7 @@ scsih_pci_mmio_enabled(struct pci_dev *pdev)
struct Scsi_Host *shost = pci_get_drvdata(pdev);
struct MPT3SAS_ADAPTER *ioc = shost_priv(shost);
- pr_info(MPT3SAS_FMT "PCI error: mmio enabled callback!!\n",
- ioc->name);
+ ioc_info(ioc, "PCI error: mmio enabled callback!!\n");
/* TODO - dump whatever for debugging purposes */
diff --git a/drivers/scsi/mpt3sas/mpt3sas_transport.c b/drivers/scsi/mpt3sas/mpt3sas_transport.c
index 20d36061c217..9fd89e85227a 100644
--- a/drivers/scsi/mpt3sas/mpt3sas_transport.c
+++ b/drivers/scsi/mpt3sas/mpt3sas_transport.c
@@ -153,18 +153,16 @@ _transport_set_identify(struct MPT3SAS_ADAPTER *ioc, u16 handle,
if ((mpt3sas_config_get_sas_device_pg0(ioc, &mpi_reply, &sas_device_pg0,
MPI2_SAS_DEVICE_PGAD_FORM_HANDLE, handle))) {
- pr_err(MPT3SAS_FMT "failure at %s:%d/%s()!\n",
- ioc->name, __FILE__, __LINE__, __func__);
+ ioc_err(ioc, "failure at %s:%d/%s()!\n",
+ __FILE__, __LINE__, __func__);
return -ENXIO;
}
ioc_status = le16_to_cpu(mpi_reply.IOCStatus) &
MPI2_IOCSTATUS_MASK;
if (ioc_status != MPI2_IOCSTATUS_SUCCESS) {
- pr_err(MPT3SAS_FMT
- "handle(0x%04x), ioc_status(0x%04x)\nfailure at %s:%d/%s()!\n",
- ioc->name, handle, ioc_status,
- __FILE__, __LINE__, __func__);
+ ioc_err(ioc, "handle(0x%04x), ioc_status(0x%04x) failure at %s:%d/%s()!\n",
+ handle, ioc_status, __FILE__, __LINE__, __func__);
return -EIO;
}
@@ -318,8 +316,7 @@ _transport_expander_report_manufacture(struct MPT3SAS_ADAPTER *ioc,
mutex_lock(&ioc->transport_cmds.mutex);
if (ioc->transport_cmds.status != MPT3_CMD_NOT_USED) {
- pr_err(MPT3SAS_FMT "%s: transport_cmds in use\n",
- ioc->name, __func__);
+ ioc_err(ioc, "%s: transport_cmds in use\n", __func__);
rc = -EAGAIN;
goto out;
}
@@ -329,26 +326,22 @@ _transport_expander_report_manufacture(struct MPT3SAS_ADAPTER *ioc,
ioc_state = mpt3sas_base_get_iocstate(ioc, 1);
while (ioc_state != MPI2_IOC_STATE_OPERATIONAL) {
if (wait_state_count++ == 10) {
- pr_err(MPT3SAS_FMT
- "%s: failed due to ioc not operational\n",
- ioc->name, __func__);
+ ioc_err(ioc, "%s: failed due to ioc not operational\n",
+ __func__);
rc = -EFAULT;
goto out;
}
ssleep(1);
ioc_state = mpt3sas_base_get_iocstate(ioc, 1);
- pr_info(MPT3SAS_FMT
- "%s: waiting for operational state(count=%d)\n",
- ioc->name, __func__, wait_state_count);
+ ioc_info(ioc, "%s: waiting for operational state(count=%d)\n",
+ __func__, wait_state_count);
}
if (wait_state_count)
- pr_info(MPT3SAS_FMT "%s: ioc is operational\n",
- ioc->name, __func__);
+ ioc_info(ioc, "%s: ioc is operational\n", __func__);
smid = mpt3sas_base_get_smid(ioc, ioc->transport_cb_idx);
if (!smid) {
- pr_err(MPT3SAS_FMT "%s: failed obtaining a smid\n",
- ioc->name, __func__);
+ ioc_err(ioc, "%s: failed obtaining a smid\n", __func__);
rc = -EAGAIN;
goto out;
}
@@ -388,16 +381,15 @@ _transport_expander_report_manufacture(struct MPT3SAS_ADAPTER *ioc,
ioc->build_sg(ioc, psge, data_out_dma, data_out_sz, data_in_dma,
data_in_sz);
- dtransportprintk(ioc, pr_info(MPT3SAS_FMT
- "report_manufacture - send to sas_addr(0x%016llx)\n",
- ioc->name, (unsigned long long)sas_address));
+ dtransportprintk(ioc,
+ ioc_info(ioc, "report_manufacture - send to sas_addr(0x%016llx)\n",
+ (u64)sas_address));
init_completion(&ioc->transport_cmds.done);
mpt3sas_base_put_smid_default(ioc, smid);
wait_for_completion_timeout(&ioc->transport_cmds.done, 10*HZ);
if (!(ioc->transport_cmds.status & MPT3_CMD_COMPLETE)) {
- pr_err(MPT3SAS_FMT "%s: timeout\n",
- ioc->name, __func__);
+ ioc_err(ioc, "%s: timeout\n", __func__);
_debug_dump_mf(mpi_request,
sizeof(Mpi2SmpPassthroughRequest_t)/4);
if (!(ioc->transport_cmds.status & MPT3_CMD_RESET))
@@ -405,17 +397,16 @@ _transport_expander_report_manufacture(struct MPT3SAS_ADAPTER *ioc,
goto issue_host_reset;
}
- dtransportprintk(ioc, pr_info(MPT3SAS_FMT
- "report_manufacture - complete\n", ioc->name));
+ dtransportprintk(ioc, ioc_info(ioc, "report_manufacture - complete\n"));
if (ioc->transport_cmds.status & MPT3_CMD_REPLY_VALID) {
u8 *tmp;
mpi_reply = ioc->transport_cmds.reply;
- dtransportprintk(ioc, pr_info(MPT3SAS_FMT
- "report_manufacture - reply data transfer size(%d)\n",
- ioc->name, le16_to_cpu(mpi_reply->ResponseDataLength)));
+ dtransportprintk(ioc,
+ ioc_info(ioc, "report_manufacture - reply data transfer size(%d)\n",
+ le16_to_cpu(mpi_reply->ResponseDataLength)));
if (le16_to_cpu(mpi_reply->ResponseDataLength) !=
sizeof(struct rep_manu_reply))
@@ -439,8 +430,8 @@ _transport_expander_report_manufacture(struct MPT3SAS_ADAPTER *ioc,
manufacture_reply->component_revision_id;
}
} else
- dtransportprintk(ioc, pr_info(MPT3SAS_FMT
- "report_manufacture - no reply\n", ioc->name));
+ dtransportprintk(ioc,
+ ioc_info(ioc, "report_manufacture - no reply\n"));
issue_host_reset:
if (issue_reset)
@@ -643,8 +634,8 @@ mpt3sas_transport_port_add(struct MPT3SAS_ADAPTER *ioc, u16 handle,
mpt3sas_port = kzalloc(sizeof(struct _sas_port),
GFP_KERNEL);
if (!mpt3sas_port) {
- pr_err(MPT3SAS_FMT "failure at %s:%d/%s()!\n",
- ioc->name, __FILE__, __LINE__, __func__);
+ ioc_err(ioc, "failure at %s:%d/%s()!\n",
+ __FILE__, __LINE__, __func__);
return NULL;
}
@@ -655,22 +646,21 @@ mpt3sas_transport_port_add(struct MPT3SAS_ADAPTER *ioc, u16 handle,
spin_unlock_irqrestore(&ioc->sas_node_lock, flags);
if (!sas_node) {
- pr_err(MPT3SAS_FMT
- "%s: Could not find parent sas_address(0x%016llx)!\n",
- ioc->name, __func__, (unsigned long long)sas_address);
+ ioc_err(ioc, "%s: Could not find parent sas_address(0x%016llx)!\n",
+ __func__, (u64)sas_address);
goto out_fail;
}
if ((_transport_set_identify(ioc, handle,
&mpt3sas_port->remote_identify))) {
- pr_err(MPT3SAS_FMT "failure at %s:%d/%s()!\n",
- ioc->name, __FILE__, __LINE__, __func__);
+ ioc_err(ioc, "failure at %s:%d/%s()!\n",
+ __FILE__, __LINE__, __func__);
goto out_fail;
}
if (mpt3sas_port->remote_identify.device_type == SAS_PHY_UNUSED) {
- pr_err(MPT3SAS_FMT "failure at %s:%d/%s()!\n",
- ioc->name, __FILE__, __LINE__, __func__);
+ ioc_err(ioc, "failure at %s:%d/%s()!\n",
+ __FILE__, __LINE__, __func__);
goto out_fail;
}
@@ -687,20 +677,20 @@ mpt3sas_transport_port_add(struct MPT3SAS_ADAPTER *ioc, u16 handle,
}
if (!mpt3sas_port->num_phys) {
- pr_err(MPT3SAS_FMT "failure at %s:%d/%s()!\n",
- ioc->name, __FILE__, __LINE__, __func__);
+ ioc_err(ioc, "failure at %s:%d/%s()!\n",
+ __FILE__, __LINE__, __func__);
goto out_fail;
}
if (!sas_node->parent_dev) {
- pr_err(MPT3SAS_FMT "failure at %s:%d/%s()!\n",
- ioc->name, __FILE__, __LINE__, __func__);
+ ioc_err(ioc, "failure at %s:%d/%s()!\n",
+ __FILE__, __LINE__, __func__);
goto out_fail;
}
port = sas_port_alloc_num(sas_node->parent_dev);
if ((sas_port_add(port))) {
- pr_err(MPT3SAS_FMT "failure at %s:%d/%s()!\n",
- ioc->name, __FILE__, __LINE__, __func__);
+ ioc_err(ioc, "failure at %s:%d/%s()!\n",
+ __FILE__, __LINE__, __func__);
goto out_fail;
}
@@ -738,8 +728,8 @@ mpt3sas_transport_port_add(struct MPT3SAS_ADAPTER *ioc, u16 handle,
}
if ((sas_rphy_add(rphy))) {
- pr_err(MPT3SAS_FMT "failure at %s:%d/%s()!\n",
- ioc->name, __FILE__, __LINE__, __func__);
+ ioc_err(ioc, "failure at %s:%d/%s()!\n",
+ __FILE__, __LINE__, __func__);
}
if (mpt3sas_port->remote_identify.device_type == SAS_END_DEVICE) {
@@ -864,14 +854,14 @@ mpt3sas_transport_add_host_phy(struct MPT3SAS_ADAPTER *ioc, struct _sas_phy
INIT_LIST_HEAD(&mpt3sas_phy->port_siblings);
phy = sas_phy_alloc(parent_dev, phy_index);
if (!phy) {
- pr_err(MPT3SAS_FMT "failure at %s:%d/%s()!\n",
- ioc->name, __FILE__, __LINE__, __func__);
+ ioc_err(ioc, "failure at %s:%d/%s()!\n",
+ __FILE__, __LINE__, __func__);
return -1;
}
if ((_transport_set_identify(ioc, mpt3sas_phy->handle,
&mpt3sas_phy->identify))) {
- pr_err(MPT3SAS_FMT "failure at %s:%d/%s()!\n",
- ioc->name, __FILE__, __LINE__, __func__);
+ ioc_err(ioc, "failure at %s:%d/%s()!\n",
+ __FILE__, __LINE__, __func__);
sas_phy_free(phy);
return -1;
}
@@ -893,8 +883,8 @@ mpt3sas_transport_add_host_phy(struct MPT3SAS_ADAPTER *ioc, struct _sas_phy
phy_pg0.ProgrammedLinkRate >> 4);
if ((sas_phy_add(phy))) {
- pr_err(MPT3SAS_FMT "failure at %s:%d/%s()!\n",
- ioc->name, __FILE__, __LINE__, __func__);
+ ioc_err(ioc, "failure at %s:%d/%s()!\n",
+ __FILE__, __LINE__, __func__);
sas_phy_free(phy);
return -1;
}
@@ -932,14 +922,14 @@ mpt3sas_transport_add_expander_phy(struct MPT3SAS_ADAPTER *ioc, struct _sas_phy
INIT_LIST_HEAD(&mpt3sas_phy->port_siblings);
phy = sas_phy_alloc(parent_dev, phy_index);
if (!phy) {
- pr_err(MPT3SAS_FMT "failure at %s:%d/%s()!\n",
- ioc->name, __FILE__, __LINE__, __func__);
+ ioc_err(ioc, "failure at %s:%d/%s()!\n",
+ __FILE__, __LINE__, __func__);
return -1;
}
if ((_transport_set_identify(ioc, mpt3sas_phy->handle,
&mpt3sas_phy->identify))) {
- pr_err(MPT3SAS_FMT "failure at %s:%d/%s()!\n",
- ioc->name, __FILE__, __LINE__, __func__);
+ ioc_err(ioc, "failure at %s:%d/%s()!\n",
+ __FILE__, __LINE__, __func__);
sas_phy_free(phy);
return -1;
}
@@ -963,8 +953,8 @@ mpt3sas_transport_add_expander_phy(struct MPT3SAS_ADAPTER *ioc, struct _sas_phy
expander_pg1.ProgrammedLinkRate >> 4);
if ((sas_phy_add(phy))) {
- pr_err(MPT3SAS_FMT "failure at %s:%d/%s()!\n",
- ioc->name, __FILE__, __LINE__, __func__);
+ ioc_err(ioc, "failure at %s:%d/%s()!\n",
+ __FILE__, __LINE__, __func__);
sas_phy_free(phy);
return -1;
}
@@ -1109,8 +1099,7 @@ _transport_get_expander_phy_error_log(struct MPT3SAS_ADAPTER *ioc,
mutex_lock(&ioc->transport_cmds.mutex);
if (ioc->transport_cmds.status != MPT3_CMD_NOT_USED) {
- pr_err(MPT3SAS_FMT "%s: transport_cmds in use\n",
- ioc->name, __func__);
+ ioc_err(ioc, "%s: transport_cmds in use\n", __func__);
rc = -EAGAIN;
goto out;
}
@@ -1120,26 +1109,22 @@ _transport_get_expander_phy_error_log(struct MPT3SAS_ADAPTER *ioc,
ioc_state = mpt3sas_base_get_iocstate(ioc, 1);
while (ioc_state != MPI2_IOC_STATE_OPERATIONAL) {
if (wait_state_count++ == 10) {
- pr_err(MPT3SAS_FMT
- "%s: failed due to ioc not operational\n",
- ioc->name, __func__);
+ ioc_err(ioc, "%s: failed due to ioc not operational\n",
+ __func__);
rc = -EFAULT;
goto out;
}
ssleep(1);
ioc_state = mpt3sas_base_get_iocstate(ioc, 1);
- pr_info(MPT3SAS_FMT
- "%s: waiting for operational state(count=%d)\n",
- ioc->name, __func__, wait_state_count);
+ ioc_info(ioc, "%s: waiting for operational state(count=%d)\n",
+ __func__, wait_state_count);
}
if (wait_state_count)
- pr_info(MPT3SAS_FMT "%s: ioc is operational\n",
- ioc->name, __func__);
+ ioc_info(ioc, "%s: ioc is operational\n", __func__);
smid = mpt3sas_base_get_smid(ioc, ioc->transport_cb_idx);
if (!smid) {
- pr_err(MPT3SAS_FMT "%s: failed obtaining a smid\n",
- ioc->name, __func__);
+ ioc_err(ioc, "%s: failed obtaining a smid\n", __func__);
rc = -EAGAIN;
goto out;
}
@@ -1182,17 +1167,16 @@ _transport_get_expander_phy_error_log(struct MPT3SAS_ADAPTER *ioc,
data_out_dma + sizeof(struct phy_error_log_request),
sizeof(struct phy_error_log_reply));
- dtransportprintk(ioc, pr_info(MPT3SAS_FMT
- "phy_error_log - send to sas_addr(0x%016llx), phy(%d)\n",
- ioc->name, (unsigned long long)phy->identify.sas_address,
- phy->number));
+ dtransportprintk(ioc,
+ ioc_info(ioc, "phy_error_log - send to sas_addr(0x%016llx), phy(%d)\n",
+ (u64)phy->identify.sas_address,
+ phy->number));
init_completion(&ioc->transport_cmds.done);
mpt3sas_base_put_smid_default(ioc, smid);
wait_for_completion_timeout(&ioc->transport_cmds.done, 10*HZ);
if (!(ioc->transport_cmds.status & MPT3_CMD_COMPLETE)) {
- pr_err(MPT3SAS_FMT "%s: timeout\n",
- ioc->name, __func__);
+ ioc_err(ioc, "%s: timeout\n", __func__);
_debug_dump_mf(mpi_request,
sizeof(Mpi2SmpPassthroughRequest_t)/4);
if (!(ioc->transport_cmds.status & MPT3_CMD_RESET))
@@ -1200,16 +1184,15 @@ _transport_get_expander_phy_error_log(struct MPT3SAS_ADAPTER *ioc,
goto issue_host_reset;
}
- dtransportprintk(ioc, pr_info(MPT3SAS_FMT
- "phy_error_log - complete\n", ioc->name));
+ dtransportprintk(ioc, ioc_info(ioc, "phy_error_log - complete\n"));
if (ioc->transport_cmds.status & MPT3_CMD_REPLY_VALID) {
mpi_reply = ioc->transport_cmds.reply;
- dtransportprintk(ioc, pr_info(MPT3SAS_FMT
- "phy_error_log - reply data transfer size(%d)\n",
- ioc->name, le16_to_cpu(mpi_reply->ResponseDataLength)));
+ dtransportprintk(ioc,
+ ioc_info(ioc, "phy_error_log - reply data transfer size(%d)\n",
+ le16_to_cpu(mpi_reply->ResponseDataLength)));
if (le16_to_cpu(mpi_reply->ResponseDataLength) !=
sizeof(struct phy_error_log_reply))
@@ -1218,9 +1201,9 @@ _transport_get_expander_phy_error_log(struct MPT3SAS_ADAPTER *ioc,
phy_error_log_reply = data_out +
sizeof(struct phy_error_log_request);
- dtransportprintk(ioc, pr_info(MPT3SAS_FMT
- "phy_error_log - function_result(%d)\n",
- ioc->name, phy_error_log_reply->function_result));
+ dtransportprintk(ioc,
+ ioc_info(ioc, "phy_error_log - function_result(%d)\n",
+ phy_error_log_reply->function_result));
phy->invalid_dword_count =
be32_to_cpu(phy_error_log_reply->invalid_dword);
@@ -1232,8 +1215,8 @@ _transport_get_expander_phy_error_log(struct MPT3SAS_ADAPTER *ioc,
be32_to_cpu(phy_error_log_reply->phy_reset_problem);
rc = 0;
} else
- dtransportprintk(ioc, pr_info(MPT3SAS_FMT
- "phy_error_log - no reply\n", ioc->name));
+ dtransportprintk(ioc,
+ ioc_info(ioc, "phy_error_log - no reply\n"));
issue_host_reset:
if (issue_reset)
@@ -1276,17 +1259,16 @@ _transport_get_linkerrors(struct sas_phy *phy)
/* get hba phy error logs */
if ((mpt3sas_config_get_phy_pg1(ioc, &mpi_reply, &phy_pg1,
phy->number))) {
- pr_err(MPT3SAS_FMT "failure at %s:%d/%s()!\n",
- ioc->name, __FILE__, __LINE__, __func__);
+ ioc_err(ioc, "failure at %s:%d/%s()!\n",
+ __FILE__, __LINE__, __func__);
return -ENXIO;
}
if (mpi_reply.IOCStatus || mpi_reply.IOCLogInfo)
- pr_info(MPT3SAS_FMT
- "phy(%d), ioc_status (0x%04x), loginfo(0x%08x)\n",
- ioc->name, phy->number,
- le16_to_cpu(mpi_reply.IOCStatus),
- le32_to_cpu(mpi_reply.IOCLogInfo));
+ ioc_info(ioc, "phy(%d), ioc_status (0x%04x), loginfo(0x%08x)\n",
+ phy->number,
+ le16_to_cpu(mpi_reply.IOCStatus),
+ le32_to_cpu(mpi_reply.IOCLogInfo));
phy->invalid_dword_count = le32_to_cpu(phy_pg1.InvalidDwordCount);
phy->running_disparity_error_count =
@@ -1422,8 +1404,7 @@ _transport_expander_phy_control(struct MPT3SAS_ADAPTER *ioc,
mutex_lock(&ioc->transport_cmds.mutex);
if (ioc->transport_cmds.status != MPT3_CMD_NOT_USED) {
- pr_err(MPT3SAS_FMT "%s: transport_cmds in use\n",
- ioc->name, __func__);
+ ioc_err(ioc, "%s: transport_cmds in use\n", __func__);
rc = -EAGAIN;
goto out;
}
@@ -1433,26 +1414,22 @@ _transport_expander_phy_control(struct MPT3SAS_ADAPTER *ioc,
ioc_state = mpt3sas_base_get_iocstate(ioc, 1);
while (ioc_state != MPI2_IOC_STATE_OPERATIONAL) {
if (wait_state_count++ == 10) {
- pr_err(MPT3SAS_FMT
- "%s: failed due to ioc not operational\n",
- ioc->name, __func__);
+ ioc_err(ioc, "%s: failed due to ioc not operational\n",
+ __func__);
rc = -EFAULT;
goto out;
}
ssleep(1);
ioc_state = mpt3sas_base_get_iocstate(ioc, 1);
- pr_info(MPT3SAS_FMT
- "%s: waiting for operational state(count=%d)\n",
- ioc->name, __func__, wait_state_count);
+ ioc_info(ioc, "%s: waiting for operational state(count=%d)\n",
+ __func__, wait_state_count);
}
if (wait_state_count)
- pr_info(MPT3SAS_FMT "%s: ioc is operational\n",
- ioc->name, __func__);
+ ioc_info(ioc, "%s: ioc is operational\n", __func__);
smid = mpt3sas_base_get_smid(ioc, ioc->transport_cb_idx);
if (!smid) {
- pr_err(MPT3SAS_FMT "%s: failed obtaining a smid\n",
- ioc->name, __func__);
+ ioc_err(ioc, "%s: failed obtaining a smid\n", __func__);
rc = -EAGAIN;
goto out;
}
@@ -1500,17 +1477,16 @@ _transport_expander_phy_control(struct MPT3SAS_ADAPTER *ioc,
data_out_dma + sizeof(struct phy_control_request),
sizeof(struct phy_control_reply));
- dtransportprintk(ioc, pr_info(MPT3SAS_FMT
- "phy_control - send to sas_addr(0x%016llx), phy(%d), opcode(%d)\n",
- ioc->name, (unsigned long long)phy->identify.sas_address,
- phy->number, phy_operation));
+ dtransportprintk(ioc,
+ ioc_info(ioc, "phy_control - send to sas_addr(0x%016llx), phy(%d), opcode(%d)\n",
+ (u64)phy->identify.sas_address,
+ phy->number, phy_operation));
init_completion(&ioc->transport_cmds.done);
mpt3sas_base_put_smid_default(ioc, smid);
wait_for_completion_timeout(&ioc->transport_cmds.done, 10*HZ);
if (!(ioc->transport_cmds.status & MPT3_CMD_COMPLETE)) {
- pr_err(MPT3SAS_FMT "%s: timeout\n",
- ioc->name, __func__);
+ ioc_err(ioc, "%s: timeout\n", __func__);
_debug_dump_mf(mpi_request,
sizeof(Mpi2SmpPassthroughRequest_t)/4);
if (!(ioc->transport_cmds.status & MPT3_CMD_RESET))
@@ -1518,16 +1494,15 @@ _transport_expander_phy_control(struct MPT3SAS_ADAPTER *ioc,
goto issue_host_reset;
}
- dtransportprintk(ioc, pr_info(MPT3SAS_FMT
- "phy_control - complete\n", ioc->name));
+ dtransportprintk(ioc, ioc_info(ioc, "phy_control - complete\n"));
if (ioc->transport_cmds.status & MPT3_CMD_REPLY_VALID) {
mpi_reply = ioc->transport_cmds.reply;
- dtransportprintk(ioc, pr_info(MPT3SAS_FMT
- "phy_control - reply data transfer size(%d)\n",
- ioc->name, le16_to_cpu(mpi_reply->ResponseDataLength)));
+ dtransportprintk(ioc,
+ ioc_info(ioc, "phy_control - reply data transfer size(%d)\n",
+ le16_to_cpu(mpi_reply->ResponseDataLength)));
if (le16_to_cpu(mpi_reply->ResponseDataLength) !=
sizeof(struct phy_control_reply))
@@ -1536,14 +1511,14 @@ _transport_expander_phy_control(struct MPT3SAS_ADAPTER *ioc,
phy_control_reply = data_out +
sizeof(struct phy_control_request);
- dtransportprintk(ioc, pr_info(MPT3SAS_FMT
- "phy_control - function_result(%d)\n",
- ioc->name, phy_control_reply->function_result));
+ dtransportprintk(ioc,
+ ioc_info(ioc, "phy_control - function_result(%d)\n",
+ phy_control_reply->function_result));
rc = 0;
} else
- dtransportprintk(ioc, pr_info(MPT3SAS_FMT
- "phy_control - no reply\n", ioc->name));
+ dtransportprintk(ioc,
+ ioc_info(ioc, "phy_control - no reply\n"));
issue_host_reset:
if (issue_reset)
@@ -1594,16 +1569,15 @@ _transport_phy_reset(struct sas_phy *phy, int hard_reset)
mpi_request.PhyNum = phy->number;
if ((mpt3sas_base_sas_iounit_control(ioc, &mpi_reply, &mpi_request))) {
- pr_err(MPT3SAS_FMT "failure at %s:%d/%s()!\n",
- ioc->name, __FILE__, __LINE__, __func__);
+ ioc_err(ioc, "failure at %s:%d/%s()!\n",
+ __FILE__, __LINE__, __func__);
return -ENXIO;
}
if (mpi_reply.IOCStatus || mpi_reply.IOCLogInfo)
- pr_info(MPT3SAS_FMT
- "phy(%d), ioc_status(0x%04x), loginfo(0x%08x)\n",
- ioc->name, phy->number, le16_to_cpu(mpi_reply.IOCStatus),
- le32_to_cpu(mpi_reply.IOCLogInfo));
+ ioc_info(ioc, "phy(%d), ioc_status(0x%04x), loginfo(0x%08x)\n",
+ phy->number, le16_to_cpu(mpi_reply.IOCStatus),
+ le32_to_cpu(mpi_reply.IOCLogInfo));
return 0;
}
@@ -1650,23 +1624,23 @@ _transport_phy_enable(struct sas_phy *phy, int enable)
sizeof(Mpi2SasIOUnit0PhyData_t));
sas_iounit_pg0 = kzalloc(sz, GFP_KERNEL);
if (!sas_iounit_pg0) {
- pr_err(MPT3SAS_FMT "failure at %s:%d/%s()!\n",
- ioc->name, __FILE__, __LINE__, __func__);
+ ioc_err(ioc, "failure at %s:%d/%s()!\n",
+ __FILE__, __LINE__, __func__);
rc = -ENOMEM;
goto out;
}
if ((mpt3sas_config_get_sas_iounit_pg0(ioc, &mpi_reply,
sas_iounit_pg0, sz))) {
- pr_err(MPT3SAS_FMT "failure at %s:%d/%s()!\n",
- ioc->name, __FILE__, __LINE__, __func__);
+ ioc_err(ioc, "failure at %s:%d/%s()!\n",
+ __FILE__, __LINE__, __func__);
rc = -ENXIO;
goto out;
}
ioc_status = le16_to_cpu(mpi_reply.IOCStatus) &
MPI2_IOCSTATUS_MASK;
if (ioc_status != MPI2_IOCSTATUS_SUCCESS) {
- pr_err(MPT3SAS_FMT "failure at %s:%d/%s()!\n",
- ioc->name, __FILE__, __LINE__, __func__);
+ ioc_err(ioc, "failure at %s:%d/%s()!\n",
+ __FILE__, __LINE__, __func__);
rc = -EIO;
goto out;
}
@@ -1675,10 +1649,8 @@ _transport_phy_enable(struct sas_phy *phy, int enable)
for (i = 0, discovery_active = 0; i < ioc->sas_hba.num_phys ; i++) {
if (sas_iounit_pg0->PhyData[i].PortFlags &
MPI2_SASIOUNIT0_PORTFLAGS_DISCOVERY_IN_PROGRESS) {
- pr_err(MPT3SAS_FMT "discovery is active on " \
- "port = %d, phy = %d: unable to enable/disable "
- "phys, try again later!\n", ioc->name,
- sas_iounit_pg0->PhyData[i].Port, i);
+ ioc_err(ioc, "discovery is active on port = %d, phy = %d: unable to enable/disable phys, try again later!\n",
+ sas_iounit_pg0->PhyData[i].Port, i);
discovery_active = 1;
}
}
@@ -1693,23 +1665,23 @@ _transport_phy_enable(struct sas_phy *phy, int enable)
sizeof(Mpi2SasIOUnit1PhyData_t));
sas_iounit_pg1 = kzalloc(sz, GFP_KERNEL);
if (!sas_iounit_pg1) {
- pr_err(MPT3SAS_FMT "failure at %s:%d/%s()!\n",
- ioc->name, __FILE__, __LINE__, __func__);
+ ioc_err(ioc, "failure at %s:%d/%s()!\n",
+ __FILE__, __LINE__, __func__);
rc = -ENOMEM;
goto out;
}
if ((mpt3sas_config_get_sas_iounit_pg1(ioc, &mpi_reply,
sas_iounit_pg1, sz))) {
- pr_err(MPT3SAS_FMT "failure at %s:%d/%s()!\n",
- ioc->name, __FILE__, __LINE__, __func__);
+ ioc_err(ioc, "failure at %s:%d/%s()!\n",
+ __FILE__, __LINE__, __func__);
rc = -ENXIO;
goto out;
}
ioc_status = le16_to_cpu(mpi_reply.IOCStatus) &
MPI2_IOCSTATUS_MASK;
if (ioc_status != MPI2_IOCSTATUS_SUCCESS) {
- pr_err(MPT3SAS_FMT "failure at %s:%d/%s()!\n",
- ioc->name, __FILE__, __LINE__, __func__);
+ ioc_err(ioc, "failure at %s:%d/%s()!\n",
+ __FILE__, __LINE__, __func__);
rc = -EIO;
goto out;
}
@@ -1801,23 +1773,23 @@ _transport_phy_speed(struct sas_phy *phy, struct sas_phy_linkrates *rates)
sizeof(Mpi2SasIOUnit1PhyData_t));
sas_iounit_pg1 = kzalloc(sz, GFP_KERNEL);
if (!sas_iounit_pg1) {
- pr_err(MPT3SAS_FMT "failure at %s:%d/%s()!\n",
- ioc->name, __FILE__, __LINE__, __func__);
+ ioc_err(ioc, "failure at %s:%d/%s()!\n",
+ __FILE__, __LINE__, __func__);
rc = -ENOMEM;
goto out;
}
if ((mpt3sas_config_get_sas_iounit_pg1(ioc, &mpi_reply,
sas_iounit_pg1, sz))) {
- pr_err(MPT3SAS_FMT "failure at %s:%d/%s()!\n",
- ioc->name, __FILE__, __LINE__, __func__);
+ ioc_err(ioc, "failure at %s:%d/%s()!\n",
+ __FILE__, __LINE__, __func__);
rc = -ENXIO;
goto out;
}
ioc_status = le16_to_cpu(mpi_reply.IOCStatus) &
MPI2_IOCSTATUS_MASK;
if (ioc_status != MPI2_IOCSTATUS_SUCCESS) {
- pr_err(MPT3SAS_FMT "failure at %s:%d/%s()!\n",
- ioc->name, __FILE__, __LINE__, __func__);
+ ioc_err(ioc, "failure at %s:%d/%s()!\n",
+ __FILE__, __LINE__, __func__);
rc = -EIO;
goto out;
}
@@ -1836,8 +1808,8 @@ _transport_phy_speed(struct sas_phy *phy, struct sas_phy_linkrates *rates)
if (mpt3sas_config_set_sas_iounit_pg1(ioc, &mpi_reply, sas_iounit_pg1,
sz)) {
- pr_err(MPT3SAS_FMT "failure at %s:%d/%s()!\n",
- ioc->name, __FILE__, __LINE__, __func__);
+ ioc_err(ioc, "failure at %s:%d/%s()!\n",
+ __FILE__, __LINE__, __func__);
rc = -ENXIO;
goto out;
}
@@ -1936,8 +1908,8 @@ _transport_smp_handler(struct bsg_job *job, struct Scsi_Host *shost,
goto job_done;
if (ioc->transport_cmds.status != MPT3_CMD_NOT_USED) {
- pr_err(MPT3SAS_FMT "%s: transport_cmds in use\n", ioc->name,
- __func__);
+ ioc_err(ioc, "%s: transport_cmds in use\n",
+ __func__);
rc = -EAGAIN;
goto out;
}
@@ -1962,26 +1934,22 @@ _transport_smp_handler(struct bsg_job *job, struct Scsi_Host *shost,
ioc_state = mpt3sas_base_get_iocstate(ioc, 1);
while (ioc_state != MPI2_IOC_STATE_OPERATIONAL) {
if (wait_state_count++ == 10) {
- pr_err(MPT3SAS_FMT
- "%s: failed due to ioc not operational\n",
- ioc->name, __func__);
+ ioc_err(ioc, "%s: failed due to ioc not operational\n",
+ __func__);
rc = -EFAULT;
goto unmap_in;
}
ssleep(1);
ioc_state = mpt3sas_base_get_iocstate(ioc, 1);
- pr_info(MPT3SAS_FMT
- "%s: waiting for operational state(count=%d)\n",
- ioc->name, __func__, wait_state_count);
+ ioc_info(ioc, "%s: waiting for operational state(count=%d)\n",
+ __func__, wait_state_count);
}
if (wait_state_count)
- pr_info(MPT3SAS_FMT "%s: ioc is operational\n",
- ioc->name, __func__);
+ ioc_info(ioc, "%s: ioc is operational\n", __func__);
smid = mpt3sas_base_get_smid(ioc, ioc->transport_cb_idx);
if (!smid) {
- pr_err(MPT3SAS_FMT "%s: failed obtaining a smid\n",
- ioc->name, __func__);
+ ioc_err(ioc, "%s: failed obtaining a smid\n", __func__);
rc = -EAGAIN;
goto unmap_in;
}
@@ -2002,8 +1970,8 @@ _transport_smp_handler(struct bsg_job *job, struct Scsi_Host *shost,
ioc->build_sg(ioc, psge, dma_addr_out, dma_len_out - 4, dma_addr_in,
dma_len_in - 4);
- dtransportprintk(ioc, pr_info(MPT3SAS_FMT
- "%s - sending smp request\n", ioc->name, __func__));
+ dtransportprintk(ioc,
+ ioc_info(ioc, "%s: sending smp request\n", __func__));
init_completion(&ioc->transport_cmds.done);
mpt3sas_base_put_smid_default(ioc, smid);
@@ -2021,12 +1989,11 @@ _transport_smp_handler(struct bsg_job *job, struct Scsi_Host *shost,
}
}
- dtransportprintk(ioc, pr_info(MPT3SAS_FMT
- "%s - complete\n", ioc->name, __func__));
+ dtransportprintk(ioc, ioc_info(ioc, "%s - complete\n", __func__));
if (!(ioc->transport_cmds.status & MPT3_CMD_REPLY_VALID)) {
- dtransportprintk(ioc, pr_info(MPT3SAS_FMT
- "%s - no reply\n", ioc->name, __func__));
+ dtransportprintk(ioc,
+ ioc_info(ioc, "%s: no reply\n", __func__));
rc = -ENXIO;
goto unmap_in;
}
@@ -2034,9 +2001,9 @@ _transport_smp_handler(struct bsg_job *job, struct Scsi_Host *shost,
mpi_reply = ioc->transport_cmds.reply;
dtransportprintk(ioc,
- pr_info(MPT3SAS_FMT "%s - reply data transfer size(%d)\n",
- ioc->name, __func__,
- le16_to_cpu(mpi_reply->ResponseDataLength)));
+ ioc_info(ioc, "%s: reply data transfer size(%d)\n",
+ __func__,
+ le16_to_cpu(mpi_reply->ResponseDataLength)));
memcpy(job->reply, mpi_reply, sizeof(*mpi_reply));
job->reply_len = sizeof(*mpi_reply);
diff --git a/drivers/scsi/mpt3sas/mpt3sas_trigger_diag.c b/drivers/scsi/mpt3sas/mpt3sas_trigger_diag.c
index cae7c1eaef34..6ac453fd5937 100644
--- a/drivers/scsi/mpt3sas/mpt3sas_trigger_diag.c
+++ b/drivers/scsi/mpt3sas/mpt3sas_trigger_diag.c
@@ -72,8 +72,7 @@ _mpt3sas_raise_sigio(struct MPT3SAS_ADAPTER *ioc,
u16 sz, event_data_sz;
unsigned long flags;
- dTriggerDiagPrintk(ioc, pr_info(MPT3SAS_FMT "%s: enter\n",
- ioc->name, __func__));
+ dTriggerDiagPrintk(ioc, ioc_info(ioc, "%s: enter\n", __func__));
sz = offsetof(Mpi2EventNotificationReply_t, EventData) +
sizeof(struct SL_WH_TRIGGERS_EVENT_DATA_T) + 4;
@@ -85,23 +84,23 @@ _mpt3sas_raise_sigio(struct MPT3SAS_ADAPTER *ioc,
mpi_reply->EventDataLength = cpu_to_le16(event_data_sz);
memcpy(&mpi_reply->EventData, event_data,
sizeof(struct SL_WH_TRIGGERS_EVENT_DATA_T));
- dTriggerDiagPrintk(ioc, pr_info(MPT3SAS_FMT
- "%s: add to driver event log\n",
- ioc->name, __func__));
+ dTriggerDiagPrintk(ioc,
+ ioc_info(ioc, "%s: add to driver event log\n",
+ __func__));
mpt3sas_ctl_add_to_event_log(ioc, mpi_reply);
kfree(mpi_reply);
out:
/* clearing the diag_trigger_active flag */
spin_lock_irqsave(&ioc->diag_trigger_lock, flags);
- dTriggerDiagPrintk(ioc, pr_info(MPT3SAS_FMT
- "%s: clearing diag_trigger_active flag\n",
- ioc->name, __func__));
+ dTriggerDiagPrintk(ioc,
+ ioc_info(ioc, "%s: clearing diag_trigger_active flag\n",
+ __func__));
ioc->diag_trigger_active = 0;
spin_unlock_irqrestore(&ioc->diag_trigger_lock, flags);
- dTriggerDiagPrintk(ioc, pr_info(MPT3SAS_FMT "%s: exit\n", ioc->name,
- __func__));
+ dTriggerDiagPrintk(ioc, ioc_info(ioc, "%s: exit\n",
+ __func__));
}
/**
@@ -115,22 +114,22 @@ mpt3sas_process_trigger_data(struct MPT3SAS_ADAPTER *ioc,
{
u8 issue_reset = 0;
- dTriggerDiagPrintk(ioc, pr_info(MPT3SAS_FMT "%s: enter\n",
- ioc->name, __func__));
+ dTriggerDiagPrintk(ioc, ioc_info(ioc, "%s: enter\n", __func__));
/* release the diag buffer trace */
if ((ioc->diag_buffer_status[MPI2_DIAG_BUF_TYPE_TRACE] &
MPT3_DIAG_BUFFER_IS_RELEASED) == 0) {
- dTriggerDiagPrintk(ioc, pr_info(MPT3SAS_FMT
- "%s: release trace diag buffer\n", ioc->name, __func__));
+ dTriggerDiagPrintk(ioc,
+ ioc_info(ioc, "%s: release trace diag buffer\n",
+ __func__));
mpt3sas_send_diag_release(ioc, MPI2_DIAG_BUF_TYPE_TRACE,
&issue_reset);
}
_mpt3sas_raise_sigio(ioc, event_data);
- dTriggerDiagPrintk(ioc, pr_info(MPT3SAS_FMT "%s: exit\n", ioc->name,
- __func__));
+ dTriggerDiagPrintk(ioc, ioc_info(ioc, "%s: exit\n",
+ __func__));
}
/**
@@ -168,9 +167,9 @@ mpt3sas_trigger_master(struct MPT3SAS_ADAPTER *ioc, u32 trigger_bitmask)
by_pass_checks:
- dTriggerDiagPrintk(ioc, pr_info(MPT3SAS_FMT
- "%s: enter - trigger_bitmask = 0x%08x\n",
- ioc->name, __func__, trigger_bitmask));
+ dTriggerDiagPrintk(ioc,
+ ioc_info(ioc, "%s: enter - trigger_bitmask = 0x%08x\n",
+ __func__, trigger_bitmask));
/* don't send trigger if an trigger is currently active */
if (ioc->diag_trigger_active) {
@@ -182,9 +181,9 @@ mpt3sas_trigger_master(struct MPT3SAS_ADAPTER *ioc, u32 trigger_bitmask)
if (ioc->diag_trigger_master.MasterData & trigger_bitmask) {
found_match = 1;
ioc->diag_trigger_active = 1;
- dTriggerDiagPrintk(ioc, pr_info(MPT3SAS_FMT
- "%s: setting diag_trigger_active flag\n",
- ioc->name, __func__));
+ dTriggerDiagPrintk(ioc,
+ ioc_info(ioc, "%s: setting diag_trigger_active flag\n",
+ __func__));
}
spin_unlock_irqrestore(&ioc->diag_trigger_lock, flags);
@@ -202,8 +201,8 @@ mpt3sas_trigger_master(struct MPT3SAS_ADAPTER *ioc, u32 trigger_bitmask)
mpt3sas_send_trigger_data_event(ioc, &event_data);
out:
- dTriggerDiagPrintk(ioc, pr_info(MPT3SAS_FMT "%s: exit\n", ioc->name,
- __func__));
+ dTriggerDiagPrintk(ioc, ioc_info(ioc, "%s: exit\n",
+ __func__));
}
/**
@@ -239,9 +238,9 @@ mpt3sas_trigger_event(struct MPT3SAS_ADAPTER *ioc, u16 event,
return;
}
- dTriggerDiagPrintk(ioc, pr_info(MPT3SAS_FMT
- "%s: enter - event = 0x%04x, log_entry_qualifier = 0x%04x\n",
- ioc->name, __func__, event, log_entry_qualifier));
+ dTriggerDiagPrintk(ioc,
+ ioc_info(ioc, "%s: enter - event = 0x%04x, log_entry_qualifier = 0x%04x\n",
+ __func__, event, log_entry_qualifier));
/* don't send trigger if an trigger is currently active */
if (ioc->diag_trigger_active) {
@@ -263,26 +262,26 @@ mpt3sas_trigger_event(struct MPT3SAS_ADAPTER *ioc, u16 event,
}
found_match = 1;
ioc->diag_trigger_active = 1;
- dTriggerDiagPrintk(ioc, pr_info(MPT3SAS_FMT
- "%s: setting diag_trigger_active flag\n",
- ioc->name, __func__));
+ dTriggerDiagPrintk(ioc,
+ ioc_info(ioc, "%s: setting diag_trigger_active flag\n",
+ __func__));
}
spin_unlock_irqrestore(&ioc->diag_trigger_lock, flags);
if (!found_match)
goto out;
- dTriggerDiagPrintk(ioc, pr_info(MPT3SAS_FMT
- "%s: setting diag_trigger_active flag\n",
- ioc->name, __func__));
+ dTriggerDiagPrintk(ioc,
+ ioc_info(ioc, "%s: setting diag_trigger_active flag\n",
+ __func__));
memset(&event_data, 0, sizeof(struct SL_WH_TRIGGERS_EVENT_DATA_T));
event_data.trigger_type = MPT3SAS_TRIGGER_EVENT;
event_data.u.event.EventValue = event;
event_data.u.event.LogEntryQualifier = log_entry_qualifier;
mpt3sas_send_trigger_data_event(ioc, &event_data);
out:
- dTriggerDiagPrintk(ioc, pr_info(MPT3SAS_FMT "%s: exit\n", ioc->name,
- __func__));
+ dTriggerDiagPrintk(ioc, ioc_info(ioc, "%s: exit\n",
+ __func__));
}
/**
@@ -319,9 +318,9 @@ mpt3sas_trigger_scsi(struct MPT3SAS_ADAPTER *ioc, u8 sense_key, u8 asc,
return;
}
- dTriggerDiagPrintk(ioc, pr_info(MPT3SAS_FMT
- "%s: enter - sense_key = 0x%02x, asc = 0x%02x, ascq = 0x%02x\n",
- ioc->name, __func__, sense_key, asc, ascq));
+ dTriggerDiagPrintk(ioc,
+ ioc_info(ioc, "%s: enter - sense_key = 0x%02x, asc = 0x%02x, ascq = 0x%02x\n",
+ __func__, sense_key, asc, ascq));
/* don't send trigger if an trigger is currently active */
if (ioc->diag_trigger_active) {
@@ -347,9 +346,9 @@ mpt3sas_trigger_scsi(struct MPT3SAS_ADAPTER *ioc, u8 sense_key, u8 asc,
if (!found_match)
goto out;
- dTriggerDiagPrintk(ioc, pr_info(MPT3SAS_FMT
- "%s: setting diag_trigger_active flag\n",
- ioc->name, __func__));
+ dTriggerDiagPrintk(ioc,
+ ioc_info(ioc, "%s: setting diag_trigger_active flag\n",
+ __func__));
memset(&event_data, 0, sizeof(struct SL_WH_TRIGGERS_EVENT_DATA_T));
event_data.trigger_type = MPT3SAS_TRIGGER_SCSI;
event_data.u.scsi.SenseKey = sense_key;
@@ -357,8 +356,8 @@ mpt3sas_trigger_scsi(struct MPT3SAS_ADAPTER *ioc, u8 sense_key, u8 asc,
event_data.u.scsi.ASCQ = ascq;
mpt3sas_send_trigger_data_event(ioc, &event_data);
out:
- dTriggerDiagPrintk(ioc, pr_info(MPT3SAS_FMT "%s: exit\n", ioc->name,
- __func__));
+ dTriggerDiagPrintk(ioc, ioc_info(ioc, "%s: exit\n",
+ __func__));
}
/**
@@ -393,9 +392,9 @@ mpt3sas_trigger_mpi(struct MPT3SAS_ADAPTER *ioc, u16 ioc_status, u32 loginfo)
return;
}
- dTriggerDiagPrintk(ioc, pr_info(MPT3SAS_FMT
- "%s: enter - ioc_status = 0x%04x, loginfo = 0x%08x\n",
- ioc->name, __func__, ioc_status, loginfo));
+ dTriggerDiagPrintk(ioc,
+ ioc_info(ioc, "%s: enter - ioc_status = 0x%04x, loginfo = 0x%08x\n",
+ __func__, ioc_status, loginfo));
/* don't send trigger if an trigger is currently active */
if (ioc->diag_trigger_active) {
@@ -420,15 +419,15 @@ mpt3sas_trigger_mpi(struct MPT3SAS_ADAPTER *ioc, u16 ioc_status, u32 loginfo)
if (!found_match)
goto out;
- dTriggerDiagPrintk(ioc, pr_info(MPT3SAS_FMT
- "%s: setting diag_trigger_active flag\n",
- ioc->name, __func__));
+ dTriggerDiagPrintk(ioc,
+ ioc_info(ioc, "%s: setting diag_trigger_active flag\n",
+ __func__));
memset(&event_data, 0, sizeof(struct SL_WH_TRIGGERS_EVENT_DATA_T));
event_data.trigger_type = MPT3SAS_TRIGGER_MPI;
event_data.u.mpi.IOCStatus = ioc_status;
event_data.u.mpi.IocLogInfo = loginfo;
mpt3sas_send_trigger_data_event(ioc, &event_data);
out:
- dTriggerDiagPrintk(ioc, pr_info(MPT3SAS_FMT "%s: exit\n", ioc->name,
- __func__));
+ dTriggerDiagPrintk(ioc, ioc_info(ioc, "%s: exit\n",
+ __func__));
}
diff --git a/drivers/scsi/mpt3sas/mpt3sas_warpdrive.c b/drivers/scsi/mpt3sas/mpt3sas_warpdrive.c
index b4927f2b7677..cc07ba41f507 100644
--- a/drivers/scsi/mpt3sas/mpt3sas_warpdrive.c
+++ b/drivers/scsi/mpt3sas/mpt3sas_warpdrive.c
@@ -127,20 +127,17 @@ mpt3sas_init_warpdrive_properties(struct MPT3SAS_ADAPTER *ioc,
return;
if (ioc->mfg_pg10_hide_flag == MFG_PAGE10_EXPOSE_ALL_DISKS) {
- pr_info(MPT3SAS_FMT "WarpDrive : Direct IO is disabled "
- "globally as drives are exposed\n", ioc->name);
+ ioc_info(ioc, "WarpDrive : Direct IO is disabled globally as drives are exposed\n");
return;
}
if (mpt3sas_get_num_volumes(ioc) > 1) {
_warpdrive_disable_ddio(ioc);
- pr_info(MPT3SAS_FMT "WarpDrive : Direct IO is disabled "
- "globally as number of drives > 1\n", ioc->name);
+ ioc_info(ioc, "WarpDrive : Direct IO is disabled globally as number of drives > 1\n");
return;
}
if ((mpt3sas_config_get_number_pds(ioc, raid_device->handle,
&num_pds)) || !num_pds) {
- pr_info(MPT3SAS_FMT "WarpDrive : Direct IO is disabled "
- "Failure in computing number of drives\n", ioc->name);
+ ioc_info(ioc, "WarpDrive : Direct IO is disabled Failure in computing number of drives\n");
return;
}
@@ -148,15 +145,13 @@ mpt3sas_init_warpdrive_properties(struct MPT3SAS_ADAPTER *ioc,
sizeof(Mpi2RaidVol0PhysDisk_t));
vol_pg0 = kzalloc(sz, GFP_KERNEL);
if (!vol_pg0) {
- pr_info(MPT3SAS_FMT "WarpDrive : Direct IO is disabled "
- "Memory allocation failure for RVPG0\n", ioc->name);
+ ioc_info(ioc, "WarpDrive : Direct IO is disabled Memory allocation failure for RVPG0\n");
return;
}
if ((mpt3sas_config_get_raid_volume_pg0(ioc, &mpi_reply, vol_pg0,
MPI2_RAID_VOLUME_PGAD_FORM_HANDLE, raid_device->handle, sz))) {
- pr_info(MPT3SAS_FMT "WarpDrive : Direct IO is disabled "
- "Failure in retrieving RVPG0\n", ioc->name);
+ ioc_info(ioc, "WarpDrive : Direct IO is disabled Failure in retrieving RVPG0\n");
kfree(vol_pg0);
return;
}
@@ -166,10 +161,8 @@ mpt3sas_init_warpdrive_properties(struct MPT3SAS_ADAPTER *ioc,
* assumed for WARPDRIVE, disable direct I/O
*/
if (num_pds > MPT_MAX_WARPDRIVE_PDS) {
- pr_warn(MPT3SAS_FMT "WarpDrive : Direct IO is disabled "
- "for the drive with handle(0x%04x): num_mem=%d, "
- "max_mem_allowed=%d\n", ioc->name, raid_device->handle,
- num_pds, MPT_MAX_WARPDRIVE_PDS);
+ ioc_warn(ioc, "WarpDrive : Direct IO is disabled for the drive with handle(0x%04x): num_mem=%d, max_mem_allowed=%d\n",
+ raid_device->handle, num_pds, MPT_MAX_WARPDRIVE_PDS);
kfree(vol_pg0);
return;
}
@@ -179,22 +172,18 @@ mpt3sas_init_warpdrive_properties(struct MPT3SAS_ADAPTER *ioc,
vol_pg0->PhysDisk[count].PhysDiskNum) ||
le16_to_cpu(pd_pg0.DevHandle) ==
MPT3SAS_INVALID_DEVICE_HANDLE) {
- pr_info(MPT3SAS_FMT "WarpDrive : Direct IO is "
- "disabled for the drive with handle(0x%04x) member"
- "handle retrieval failed for member number=%d\n",
- ioc->name, raid_device->handle,
- vol_pg0->PhysDisk[count].PhysDiskNum);
+ ioc_info(ioc, "WarpDrive : Direct IO is disabled for the drive with handle(0x%04x) member handle retrieval failed for member number=%d\n",
+ raid_device->handle,
+ vol_pg0->PhysDisk[count].PhysDiskNum);
goto out_error;
}
/* Disable direct I/O if member drive lba exceeds 4 bytes */
dev_max_lba = le64_to_cpu(pd_pg0.DeviceMaxLBA);
if (dev_max_lba >> 32) {
- pr_info(MPT3SAS_FMT "WarpDrive : Direct IO is "
- "disabled for the drive with handle(0x%04x) member"
- " handle (0x%04x) unsupported max lba 0x%016llx\n",
- ioc->name, raid_device->handle,
- le16_to_cpu(pd_pg0.DevHandle),
- (unsigned long long)dev_max_lba);
+ ioc_info(ioc, "WarpDrive : Direct IO is disabled for the drive with handle(0x%04x) member handle (0x%04x) unsupported max lba 0x%016llx\n",
+ raid_device->handle,
+ le16_to_cpu(pd_pg0.DevHandle),
+ (u64)dev_max_lba);
goto out_error;
}
@@ -206,41 +195,36 @@ mpt3sas_init_warpdrive_properties(struct MPT3SAS_ADAPTER *ioc,
* not RAID0
*/
if (raid_device->volume_type != MPI2_RAID_VOL_TYPE_RAID0) {
- pr_info(MPT3SAS_FMT "WarpDrive : Direct IO is disabled "
- "for the drive with handle(0x%04x): type=%d, "
- "s_sz=%uK, blk_size=%u\n", ioc->name,
- raid_device->handle, raid_device->volume_type,
- (le32_to_cpu(vol_pg0->StripeSize) *
- le16_to_cpu(vol_pg0->BlockSize)) / 1024,
- le16_to_cpu(vol_pg0->BlockSize));
+ ioc_info(ioc, "WarpDrive : Direct IO is disabled for the drive with handle(0x%04x): type=%d, s_sz=%uK, blk_size=%u\n",
+ raid_device->handle, raid_device->volume_type,
+ (le32_to_cpu(vol_pg0->StripeSize) *
+ le16_to_cpu(vol_pg0->BlockSize)) / 1024,
+ le16_to_cpu(vol_pg0->BlockSize));
goto out_error;
}
stripe_sz = le32_to_cpu(vol_pg0->StripeSize);
stripe_exp = find_first_bit(&stripe_sz, 32);
if (stripe_exp == 32) {
- pr_info(MPT3SAS_FMT "WarpDrive : Direct IO is disabled "
- "for the drive with handle(0x%04x) invalid stripe sz %uK\n",
- ioc->name, raid_device->handle,
- (le32_to_cpu(vol_pg0->StripeSize) *
- le16_to_cpu(vol_pg0->BlockSize)) / 1024);
+ ioc_info(ioc, "WarpDrive : Direct IO is disabled for the drive with handle(0x%04x) invalid stripe sz %uK\n",
+ raid_device->handle,
+ (le32_to_cpu(vol_pg0->StripeSize) *
+ le16_to_cpu(vol_pg0->BlockSize)) / 1024);
goto out_error;
}
raid_device->stripe_exponent = stripe_exp;
block_sz = le16_to_cpu(vol_pg0->BlockSize);
block_exp = find_first_bit(&block_sz, 16);
if (block_exp == 16) {
- pr_info(MPT3SAS_FMT "WarpDrive : Direct IO is disabled "
- "for the drive with handle(0x%04x) invalid block sz %u\n",
- ioc->name, raid_device->handle,
- le16_to_cpu(vol_pg0->BlockSize));
+ ioc_info(ioc, "WarpDrive : Direct IO is disabled for the drive with handle(0x%04x) invalid block sz %u\n",
+ raid_device->handle, le16_to_cpu(vol_pg0->BlockSize));
goto out_error;
}
raid_device->block_exponent = block_exp;
raid_device->direct_io_enabled = 1;
- pr_info(MPT3SAS_FMT "WarpDrive : Direct IO is Enabled for the drive"
- " with handle(0x%04x)\n", ioc->name, raid_device->handle);
+ ioc_info(ioc, "WarpDrive : Direct IO is Enabled for the drive with handle(0x%04x)\n",
+ raid_device->handle);
/*
* WARPDRIVE: Though the following fields are not used for direct IO,
* stored for future purpose:
--
2.35.1
^ permalink raw reply related [flat|nested] 529+ messages in thread
* [PATCH 4.19 195/521] scsi: mpt3sas: Fix possible resource leaks in mpt3sas_transport_port_add()
2023-01-16 15:44 [PATCH 4.19 000/521] 4.19.270-rc1 review Greg Kroah-Hartman
` (193 preceding siblings ...)
2023-01-16 15:47 ` [PATCH 4.19 194/521] scsi: mpt3sas: Convert uses of pr_<level> with MPT3SAS_FMT to ioc_<level> Greg Kroah-Hartman
@ 2023-01-16 15:47 ` Greg Kroah-Hartman
2023-01-16 15:47 ` [PATCH 4.19 196/521] scsi: hpsa: Fix error handling in hpsa_add_sas_host() Greg Kroah-Hartman
` (329 subsequent siblings)
524 siblings, 0 replies; 529+ messages in thread
From: Greg Kroah-Hartman @ 2023-01-16 15:47 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Yang Yingliang, Martin K. Petersen,
Sasha Levin
From: Yang Yingliang <yangyingliang@huawei.com>
[ Upstream commit 78316e9dfc24906dd474630928ed1d3c562b568e ]
In mpt3sas_transport_port_add(), if sas_rphy_add() returns error,
sas_rphy_free() needs be called to free the resource allocated in
sas_end_device_alloc(). Otherwise a kernel crash will happen:
Unable to handle kernel NULL pointer dereference at virtual address 0000000000000108
CPU: 45 PID: 37020 Comm: bash Kdump: loaded Tainted: G W 6.1.0-rc1+ #189
pstate: 60000005 (nZCv daif -PAN -UAO -TCO -DIT -SSBS BTYPE=--)
pc : device_del+0x54/0x3d0
lr : device_del+0x37c/0x3d0
Call trace:
device_del+0x54/0x3d0
attribute_container_class_device_del+0x28/0x38
transport_remove_classdev+0x6c/0x80
attribute_container_device_trigger+0x108/0x110
transport_remove_device+0x28/0x38
sas_rphy_remove+0x50/0x78 [scsi_transport_sas]
sas_port_delete+0x30/0x148 [scsi_transport_sas]
do_sas_phy_delete+0x78/0x80 [scsi_transport_sas]
device_for_each_child+0x68/0xb0
sas_remove_children+0x30/0x50 [scsi_transport_sas]
sas_rphy_remove+0x38/0x78 [scsi_transport_sas]
sas_port_delete+0x30/0x148 [scsi_transport_sas]
do_sas_phy_delete+0x78/0x80 [scsi_transport_sas]
device_for_each_child+0x68/0xb0
sas_remove_children+0x30/0x50 [scsi_transport_sas]
sas_remove_host+0x20/0x38 [scsi_transport_sas]
scsih_remove+0xd8/0x420 [mpt3sas]
Because transport_add_device() is not called when sas_rphy_add() fails, the
device is not added. When sas_rphy_remove() is subsequently called to
remove the device in the remove() path, a NULL pointer dereference happens.
Fixes: f92363d12359 ("[SCSI] mpt3sas: add new driver supporting 12GB SAS")
Signed-off-by: Yang Yingliang <yangyingliang@huawei.com>
Link: https://lore.kernel.org/r/20221109032403.1636422-1-yangyingliang@huawei.com
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/scsi/mpt3sas/mpt3sas_transport.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/drivers/scsi/mpt3sas/mpt3sas_transport.c b/drivers/scsi/mpt3sas/mpt3sas_transport.c
index 9fd89e85227a..f2b072831747 100644
--- a/drivers/scsi/mpt3sas/mpt3sas_transport.c
+++ b/drivers/scsi/mpt3sas/mpt3sas_transport.c
@@ -730,6 +730,8 @@ mpt3sas_transport_port_add(struct MPT3SAS_ADAPTER *ioc, u16 handle,
if ((sas_rphy_add(rphy))) {
ioc_err(ioc, "failure at %s:%d/%s()!\n",
__FILE__, __LINE__, __func__);
+ sas_rphy_free(rphy);
+ rphy = NULL;
}
if (mpt3sas_port->remote_identify.device_type == SAS_END_DEVICE) {
--
2.35.1
^ permalink raw reply related [flat|nested] 529+ messages in thread
* [PATCH 4.19 196/521] scsi: hpsa: Fix error handling in hpsa_add_sas_host()
2023-01-16 15:44 [PATCH 4.19 000/521] 4.19.270-rc1 review Greg Kroah-Hartman
` (194 preceding siblings ...)
2023-01-16 15:47 ` [PATCH 4.19 195/521] scsi: mpt3sas: Fix possible resource leaks in mpt3sas_transport_port_add() Greg Kroah-Hartman
@ 2023-01-16 15:47 ` Greg Kroah-Hartman
2023-01-16 15:47 ` [PATCH 4.19 197/521] scsi: hpsa: Fix possible memory leak in hpsa_add_sas_device() Greg Kroah-Hartman
` (328 subsequent siblings)
524 siblings, 0 replies; 529+ messages in thread
From: Greg Kroah-Hartman @ 2023-01-16 15:47 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Yang Yingliang, Martin K. Petersen,
Sasha Levin
From: Yang Yingliang <yangyingliang@huawei.com>
[ Upstream commit 4ef174a3ad9b5d73c1b6573e244ebba2b0d86eac ]
hpsa_sas_port_add_phy() does:
...
sas_phy_add() -> may return error here
sas_port_add_phy()
...
Whereas hpsa_free_sas_phy() does:
...
sas_port_delete_phy()
sas_phy_delete()
...
If hpsa_sas_port_add_phy() returns an error, hpsa_free_sas_phy() can not be
called to free the memory because the port and the phy have not been added
yet.
Replace hpsa_free_sas_phy() with sas_phy_free() and kfree() to avoid kernel
crash in this case.
Fixes: d04e62b9d63a ("hpsa: add in sas transport class")
Signed-off-by: Yang Yingliang <yangyingliang@huawei.com>
Link: https://lore.kernel.org/r/20221110151129.394389-1-yangyingliang@huawei.com
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/scsi/hpsa.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/drivers/scsi/hpsa.c b/drivers/scsi/hpsa.c
index 1a4fc8b8a9cd..392dfc8f3cbb 100644
--- a/drivers/scsi/hpsa.c
+++ b/drivers/scsi/hpsa.c
@@ -9700,7 +9700,8 @@ static int hpsa_add_sas_host(struct ctlr_info *h)
return 0;
free_sas_phy:
- hpsa_free_sas_phy(hpsa_sas_phy);
+ sas_phy_free(hpsa_sas_phy->phy);
+ kfree(hpsa_sas_phy);
free_sas_port:
hpsa_free_sas_port(hpsa_sas_port);
free_sas_node:
--
2.35.1
^ permalink raw reply related [flat|nested] 529+ messages in thread
* [PATCH 4.19 197/521] scsi: hpsa: Fix possible memory leak in hpsa_add_sas_device()
2023-01-16 15:44 [PATCH 4.19 000/521] 4.19.270-rc1 review Greg Kroah-Hartman
` (195 preceding siblings ...)
2023-01-16 15:47 ` [PATCH 4.19 196/521] scsi: hpsa: Fix error handling in hpsa_add_sas_host() Greg Kroah-Hartman
@ 2023-01-16 15:47 ` Greg Kroah-Hartman
2023-01-16 15:47 ` [PATCH 4.19 198/521] scsi: fcoe: Fix possible name leak when device_register() fails Greg Kroah-Hartman
` (327 subsequent siblings)
524 siblings, 0 replies; 529+ messages in thread
From: Greg Kroah-Hartman @ 2023-01-16 15:47 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Yang Yingliang, Martin K. Petersen,
Sasha Levin
From: Yang Yingliang <yangyingliang@huawei.com>
[ Upstream commit fda34a5d304d0b98cc967e8763b52221b66dc202 ]
If hpsa_sas_port_add_rphy() returns an error, the 'rphy' allocated in
sas_end_device_alloc() needs to be freed. Address this by calling
sas_rphy_free() in the error path.
Fixes: d04e62b9d63a ("hpsa: add in sas transport class")
Signed-off-by: Yang Yingliang <yangyingliang@huawei.com>
Link: https://lore.kernel.org/r/20221111043012.1074466-1-yangyingliang@huawei.com
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/scsi/hpsa.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/drivers/scsi/hpsa.c b/drivers/scsi/hpsa.c
index 392dfc8f3cbb..13931c5c0eff 100644
--- a/drivers/scsi/hpsa.c
+++ b/drivers/scsi/hpsa.c
@@ -9737,10 +9737,12 @@ static int hpsa_add_sas_device(struct hpsa_sas_node *hpsa_sas_node,
rc = hpsa_sas_port_add_rphy(hpsa_sas_port, rphy);
if (rc)
- goto free_sas_port;
+ goto free_sas_rphy;
return 0;
+free_sas_rphy:
+ sas_rphy_free(rphy);
free_sas_port:
hpsa_free_sas_port(hpsa_sas_port);
device->sas_port = NULL;
--
2.35.1
^ permalink raw reply related [flat|nested] 529+ messages in thread
* [PATCH 4.19 198/521] scsi: fcoe: Fix possible name leak when device_register() fails
2023-01-16 15:44 [PATCH 4.19 000/521] 4.19.270-rc1 review Greg Kroah-Hartman
` (196 preceding siblings ...)
2023-01-16 15:47 ` [PATCH 4.19 197/521] scsi: hpsa: Fix possible memory leak in hpsa_add_sas_device() Greg Kroah-Hartman
@ 2023-01-16 15:47 ` Greg Kroah-Hartman
2023-01-16 15:47 ` [PATCH 4.19 199/521] scsi: ipr: Fix WARNING in ipr_init() Greg Kroah-Hartman
` (326 subsequent siblings)
524 siblings, 0 replies; 529+ messages in thread
From: Greg Kroah-Hartman @ 2023-01-16 15:47 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Yang Yingliang, Martin K. Petersen,
Sasha Levin
From: Yang Yingliang <yangyingliang@huawei.com>
[ Upstream commit 47b6a122c7b69a876c7ee2fc064a26b09627de9d ]
If device_register() returns an error, the name allocated by dev_set_name()
needs to be freed. As the comment of device_register() says, one should use
put_device() to give up the reference in the error path. Fix this by
calling put_device(), then the name can be freed in kobject_cleanup().
The 'fcf' is freed in fcoe_fcf_device_release(), so the kfree() in the
error path can be removed.
The 'ctlr' is freed in fcoe_ctlr_device_release(), so don't use the error
label, just return NULL after calling put_device().
Fixes: 9a74e884ee71 ("[SCSI] libfcoe: Add fcoe_sysfs")
Signed-off-by: Yang Yingliang <yangyingliang@huawei.com>
Link: https://lore.kernel.org/r/20221112094310.3633291-1-yangyingliang@huawei.com
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/scsi/fcoe/fcoe_sysfs.c | 19 ++++++++++---------
1 file changed, 10 insertions(+), 9 deletions(-)
diff --git a/drivers/scsi/fcoe/fcoe_sysfs.c b/drivers/scsi/fcoe/fcoe_sysfs.c
index 5c8310bade61..dab025e3ed27 100644
--- a/drivers/scsi/fcoe/fcoe_sysfs.c
+++ b/drivers/scsi/fcoe/fcoe_sysfs.c
@@ -831,14 +831,15 @@ struct fcoe_ctlr_device *fcoe_ctlr_device_add(struct device *parent,
dev_set_name(&ctlr->dev, "ctlr_%d", ctlr->id);
error = device_register(&ctlr->dev);
- if (error)
- goto out_del_q2;
+ if (error) {
+ destroy_workqueue(ctlr->devloss_work_q);
+ destroy_workqueue(ctlr->work_q);
+ put_device(&ctlr->dev);
+ return NULL;
+ }
return ctlr;
-out_del_q2:
- destroy_workqueue(ctlr->devloss_work_q);
- ctlr->devloss_work_q = NULL;
out_del_q:
destroy_workqueue(ctlr->work_q);
ctlr->work_q = NULL;
@@ -1037,16 +1038,16 @@ struct fcoe_fcf_device *fcoe_fcf_device_add(struct fcoe_ctlr_device *ctlr,
fcf->selected = new_fcf->selected;
error = device_register(&fcf->dev);
- if (error)
- goto out_del;
+ if (error) {
+ put_device(&fcf->dev);
+ goto out;
+ }
fcf->state = FCOE_FCF_STATE_CONNECTED;
list_add_tail(&fcf->peers, &ctlr->fcfs);
return fcf;
-out_del:
- kfree(fcf);
out:
return NULL;
}
--
2.35.1
^ permalink raw reply related [flat|nested] 529+ messages in thread
* [PATCH 4.19 199/521] scsi: ipr: Fix WARNING in ipr_init()
2023-01-16 15:44 [PATCH 4.19 000/521] 4.19.270-rc1 review Greg Kroah-Hartman
` (197 preceding siblings ...)
2023-01-16 15:47 ` [PATCH 4.19 198/521] scsi: fcoe: Fix possible name leak when device_register() fails Greg Kroah-Hartman
@ 2023-01-16 15:47 ` Greg Kroah-Hartman
2023-01-16 15:47 ` [PATCH 4.19 200/521] scsi: fcoe: Fix transport not deattached when fcoe_if_init() fails Greg Kroah-Hartman
` (325 subsequent siblings)
524 siblings, 0 replies; 529+ messages in thread
From: Greg Kroah-Hartman @ 2023-01-16 15:47 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Shang XiaoJing, Martin K. Petersen,
Sasha Levin
From: Shang XiaoJing <shangxiaojing@huawei.com>
[ Upstream commit e6f108bffc3708ddcff72324f7d40dfcd0204894 ]
ipr_init() will not call unregister_reboot_notifier() when
pci_register_driver() fails, which causes a WARNING. Call
unregister_reboot_notifier() when pci_register_driver() fails.
notifier callback ipr_halt [ipr] already registered
WARNING: CPU: 3 PID: 299 at kernel/notifier.c:29
notifier_chain_register+0x16d/0x230
Modules linked in: ipr(+) xhci_pci_renesas xhci_hcd ehci_hcd usbcore
led_class gpu_sched drm_buddy video wmi drm_ttm_helper ttm
drm_display_helper drm_kms_helper drm drm_panel_orientation_quirks
agpgart cfbft
CPU: 3 PID: 299 Comm: modprobe Tainted: G W
6.1.0-rc1-00190-g39508d23b672-dirty #332
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS
rel-1.15.0-0-g2dd4b9b3f840-prebuilt.qemu.org 04/01/2014
RIP: 0010:notifier_chain_register+0x16d/0x230
Call Trace:
<TASK>
__blocking_notifier_chain_register+0x73/0xb0
ipr_init+0x30/0x1000 [ipr]
do_one_initcall+0xdb/0x480
do_init_module+0x1cf/0x680
load_module+0x6a50/0x70a0
__do_sys_finit_module+0x12f/0x1c0
do_syscall_64+0x3f/0x90
entry_SYSCALL_64_after_hwframe+0x63/0xcd
Fixes: f72919ec2bbb ("[SCSI] ipr: implement shutdown changes and remove obsolete write cache parameter")
Signed-off-by: Shang XiaoJing <shangxiaojing@huawei.com>
Link: https://lore.kernel.org/r/20221113064513.14028-1-shangxiaojing@huawei.com
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/scsi/ipr.c | 10 +++++++++-
1 file changed, 9 insertions(+), 1 deletion(-)
diff --git a/drivers/scsi/ipr.c b/drivers/scsi/ipr.c
index c6cde552b995..5989c868bfe0 100644
--- a/drivers/scsi/ipr.c
+++ b/drivers/scsi/ipr.c
@@ -10854,11 +10854,19 @@ static struct notifier_block ipr_notifier = {
**/
static int __init ipr_init(void)
{
+ int rc;
+
ipr_info("IBM Power RAID SCSI Device Driver version: %s %s\n",
IPR_DRIVER_VERSION, IPR_DRIVER_DATE);
register_reboot_notifier(&ipr_notifier);
- return pci_register_driver(&ipr_driver);
+ rc = pci_register_driver(&ipr_driver);
+ if (rc) {
+ unregister_reboot_notifier(&ipr_notifier);
+ return rc;
+ }
+
+ return 0;
}
/**
--
2.35.1
^ permalink raw reply related [flat|nested] 529+ messages in thread
* [PATCH 4.19 200/521] scsi: fcoe: Fix transport not deattached when fcoe_if_init() fails
2023-01-16 15:44 [PATCH 4.19 000/521] 4.19.270-rc1 review Greg Kroah-Hartman
` (198 preceding siblings ...)
2023-01-16 15:47 ` [PATCH 4.19 199/521] scsi: ipr: Fix WARNING in ipr_init() Greg Kroah-Hartman
@ 2023-01-16 15:47 ` Greg Kroah-Hartman
2023-01-16 15:47 ` [PATCH 4.19 201/521] scsi: snic: Fix possible UAF in snic_tgt_create() Greg Kroah-Hartman
` (324 subsequent siblings)
524 siblings, 0 replies; 529+ messages in thread
From: Greg Kroah-Hartman @ 2023-01-16 15:47 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Chen Zhongjin, Martin K. Petersen,
Sasha Levin
From: Chen Zhongjin <chenzhongjin@huawei.com>
[ Upstream commit 4155658cee394b22b24c6d64e49247bf26d95b92 ]
fcoe_init() calls fcoe_transport_attach(&fcoe_sw_transport), but when
fcoe_if_init() fails, &fcoe_sw_transport is not detached and leaves freed
&fcoe_sw_transport on fcoe_transports list. This causes panic when
reinserting module.
BUG: unable to handle page fault for address: fffffbfff82e2213
RIP: 0010:fcoe_transport_attach+0xe1/0x230 [libfcoe]
Call Trace:
<TASK>
do_one_initcall+0xd0/0x4e0
load_module+0x5eee/0x7210
...
Fixes: 78a582463c1e ("[SCSI] fcoe: convert fcoe.ko to become an fcoe transport provider driver")
Signed-off-by: Chen Zhongjin <chenzhongjin@huawei.com>
Link: https://lore.kernel.org/r/20221115092442.133088-1-chenzhongjin@huawei.com
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/scsi/fcoe/fcoe.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/drivers/scsi/fcoe/fcoe.c b/drivers/scsi/fcoe/fcoe.c
index 6768b2e8148a..c5c4805435f6 100644
--- a/drivers/scsi/fcoe/fcoe.c
+++ b/drivers/scsi/fcoe/fcoe.c
@@ -2519,6 +2519,7 @@ static int __init fcoe_init(void)
out_free:
mutex_unlock(&fcoe_config_mutex);
+ fcoe_transport_detach(&fcoe_sw_transport);
out_destroy:
destroy_workqueue(fcoe_wq);
return rc;
--
2.35.1
^ permalink raw reply related [flat|nested] 529+ messages in thread
* [PATCH 4.19 201/521] scsi: snic: Fix possible UAF in snic_tgt_create()
2023-01-16 15:44 [PATCH 4.19 000/521] 4.19.270-rc1 review Greg Kroah-Hartman
` (199 preceding siblings ...)
2023-01-16 15:47 ` [PATCH 4.19 200/521] scsi: fcoe: Fix transport not deattached when fcoe_if_init() fails Greg Kroah-Hartman
@ 2023-01-16 15:47 ` Greg Kroah-Hartman
2023-01-16 15:47 ` [PATCH 4.19 202/521] RDMA/hfi1: Fix error return code in parse_platform_config() Greg Kroah-Hartman
` (323 subsequent siblings)
524 siblings, 0 replies; 529+ messages in thread
From: Greg Kroah-Hartman @ 2023-01-16 15:47 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Gaosheng Cui, Narsimhulu Musini,
Martin K. Petersen, Sasha Levin
From: Gaosheng Cui <cuigaosheng1@huawei.com>
[ Upstream commit e118df492320176af94deec000ae034cc92be754 ]
Smatch reports a warning as follows:
drivers/scsi/snic/snic_disc.c:307 snic_tgt_create() warn:
'&tgt->list' not removed from list
If device_add() fails in snic_tgt_create(), tgt will be freed, but
tgt->list will not be removed from snic->disc.tgt_list, then list traversal
may cause UAF.
Remove from snic->disc.tgt_list before free().
Fixes: c8806b6c9e82 ("snic: driver for Cisco SCSI HBA")
Signed-off-by: Gaosheng Cui <cuigaosheng1@huawei.com>
Link: https://lore.kernel.org/r/20221117035100.2944812-1-cuigaosheng1@huawei.com
Acked-by: Narsimhulu Musini <nmusini@cisco.com>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/scsi/snic/snic_disc.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/drivers/scsi/snic/snic_disc.c b/drivers/scsi/snic/snic_disc.c
index b106596cc0cf..69c5e26a9d5b 100644
--- a/drivers/scsi/snic/snic_disc.c
+++ b/drivers/scsi/snic/snic_disc.c
@@ -317,6 +317,9 @@ snic_tgt_create(struct snic *snic, struct snic_tgt_id *tgtid)
ret);
put_device(&snic->shost->shost_gendev);
+ spin_lock_irqsave(snic->shost->host_lock, flags);
+ list_del(&tgt->list);
+ spin_unlock_irqrestore(snic->shost->host_lock, flags);
kfree(tgt);
tgt = NULL;
--
2.35.1
^ permalink raw reply related [flat|nested] 529+ messages in thread
* [PATCH 4.19 202/521] RDMA/hfi1: Fix error return code in parse_platform_config()
2023-01-16 15:44 [PATCH 4.19 000/521] 4.19.270-rc1 review Greg Kroah-Hartman
` (200 preceding siblings ...)
2023-01-16 15:47 ` [PATCH 4.19 201/521] scsi: snic: Fix possible UAF in snic_tgt_create() Greg Kroah-Hartman
@ 2023-01-16 15:47 ` Greg Kroah-Hartman
2023-01-16 15:47 ` [PATCH 4.19 203/521] orangefs: Fix sysfs not cleanup when dev init failed Greg Kroah-Hartman
` (322 subsequent siblings)
524 siblings, 0 replies; 529+ messages in thread
From: Greg Kroah-Hartman @ 2023-01-16 15:47 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Wang Yufen, Leon Romanovsky, Sasha Levin
From: Wang Yufen <wangyufen@huawei.com>
[ Upstream commit 725349f8ba1e78a146c6ff8f3ee5e2712e517106 ]
In the previous iteration of the while loop, the "ret" may have been
assigned a value of 0, so the error return code -EINVAL may have been
incorrectly set to 0. To fix set valid return code before calling to
goto.
Fixes: 97167e813415 ("staging/rdma/hfi1: Tune for unknown channel if configuration file is absent")
Signed-off-by: Wang Yufen <wangyufen@huawei.com>
Link: https://lore.kernel.org/r/1669953638-11747-1-git-send-email-wangyufen@huawei.com
Signed-off-by: Leon Romanovsky <leon@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/infiniband/hw/hfi1/firmware.c | 6 ++++++
1 file changed, 6 insertions(+)
diff --git a/drivers/infiniband/hw/hfi1/firmware.c b/drivers/infiniband/hw/hfi1/firmware.c
index c09080712485..747ec08dec0d 100644
--- a/drivers/infiniband/hw/hfi1/firmware.c
+++ b/drivers/infiniband/hw/hfi1/firmware.c
@@ -1786,6 +1786,7 @@ int parse_platform_config(struct hfi1_devdata *dd)
if (!dd->platform_config.data) {
dd_dev_err(dd, "%s: Missing config file\n", __func__);
+ ret = -EINVAL;
goto bail;
}
ptr = (u32 *)dd->platform_config.data;
@@ -1794,6 +1795,7 @@ int parse_platform_config(struct hfi1_devdata *dd)
ptr++;
if (magic_num != PLATFORM_CONFIG_MAGIC_NUM) {
dd_dev_err(dd, "%s: Bad config file\n", __func__);
+ ret = -EINVAL;
goto bail;
}
@@ -1817,6 +1819,7 @@ int parse_platform_config(struct hfi1_devdata *dd)
if (file_length > dd->platform_config.size) {
dd_dev_info(dd, "%s:File claims to be larger than read size\n",
__func__);
+ ret = -EINVAL;
goto bail;
} else if (file_length < dd->platform_config.size) {
dd_dev_info(dd,
@@ -1837,6 +1840,7 @@ int parse_platform_config(struct hfi1_devdata *dd)
dd_dev_err(dd, "%s: Failed validation at offset %ld\n",
__func__, (ptr - (u32 *)
dd->platform_config.data));
+ ret = -EINVAL;
goto bail;
}
@@ -1883,6 +1887,7 @@ int parse_platform_config(struct hfi1_devdata *dd)
__func__, table_type,
(ptr - (u32 *)
dd->platform_config.data));
+ ret = -EINVAL;
goto bail; /* We don't trust this file now */
}
pcfgcache->config_tables[table_type].table = ptr;
@@ -1907,6 +1912,7 @@ int parse_platform_config(struct hfi1_devdata *dd)
__func__, table_type,
(ptr -
(u32 *)dd->platform_config.data));
+ ret = -EINVAL;
goto bail; /* We don't trust this file now */
}
pcfgcache->config_tables[table_type].table_metadata =
--
2.35.1
^ permalink raw reply related [flat|nested] 529+ messages in thread
* [PATCH 4.19 203/521] orangefs: Fix sysfs not cleanup when dev init failed
2023-01-16 15:44 [PATCH 4.19 000/521] 4.19.270-rc1 review Greg Kroah-Hartman
` (201 preceding siblings ...)
2023-01-16 15:47 ` [PATCH 4.19 202/521] RDMA/hfi1: Fix error return code in parse_platform_config() Greg Kroah-Hartman
@ 2023-01-16 15:47 ` Greg Kroah-Hartman
2023-01-16 15:47 ` [PATCH 4.19 204/521] crypto: img-hash - Fix variable dereferenced before check hdev->req Greg Kroah-Hartman
` (321 subsequent siblings)
524 siblings, 0 replies; 529+ messages in thread
From: Greg Kroah-Hartman @ 2023-01-16 15:47 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Zhang Xiaoxu, Mike Marshall, Sasha Levin
From: Zhang Xiaoxu <zhangxiaoxu5@huawei.com>
[ Upstream commit ea60a4ad0cf88b411cde6888b8c890935686ecd7 ]
When the dev init failed, should cleanup the sysfs, otherwise, the
module will never be loaded since can not create duplicate sysfs
directory:
sysfs: cannot create duplicate filename '/fs/orangefs'
CPU: 1 PID: 6549 Comm: insmod Tainted: G W 6.0.0+ #44
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.14.0-1.fc33 04/01/2014
Call Trace:
<TASK>
dump_stack_lvl+0x34/0x44
sysfs_warn_dup.cold+0x17/0x24
sysfs_create_dir_ns+0x16d/0x180
kobject_add_internal+0x156/0x3a0
kobject_init_and_add+0xcf/0x120
orangefs_sysfs_init+0x7e/0x3a0 [orangefs]
orangefs_init+0xfe/0x1000 [orangefs]
do_one_initcall+0x87/0x2a0
do_init_module+0xdf/0x320
load_module+0x2f98/0x3330
__do_sys_finit_module+0x113/0x1b0
do_syscall_64+0x35/0x80
entry_SYSCALL_64_after_hwframe+0x46/0xb0
kobject_add_internal failed for orangefs with -EEXIST, don't try to register things with the same name in the same directory.
Fixes: 2f83ace37181 ("orangefs: put register_chrdev immediately before register_filesystem")
Signed-off-by: Zhang Xiaoxu <zhangxiaoxu5@huawei.com>
Signed-off-by: Mike Marshall <hubcap@omnibond.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
fs/orangefs/orangefs-mod.c | 8 ++++----
1 file changed, 4 insertions(+), 4 deletions(-)
diff --git a/fs/orangefs/orangefs-mod.c b/fs/orangefs/orangefs-mod.c
index 85ef87245a87..c8818163e392 100644
--- a/fs/orangefs/orangefs-mod.c
+++ b/fs/orangefs/orangefs-mod.c
@@ -141,7 +141,7 @@ static int __init orangefs_init(void)
gossip_err("%s: could not initialize device subsystem %d!\n",
__func__,
ret);
- goto cleanup_device;
+ goto cleanup_sysfs;
}
ret = register_filesystem(&orangefs_fs_type);
@@ -153,11 +153,11 @@ static int __init orangefs_init(void)
goto out;
}
- orangefs_sysfs_exit();
-
-cleanup_device:
orangefs_dev_cleanup();
+cleanup_sysfs:
+ orangefs_sysfs_exit();
+
sysfs_init_failed:
debugfs_init_failed:
--
2.35.1
^ permalink raw reply related [flat|nested] 529+ messages in thread
* [PATCH 4.19 204/521] crypto: img-hash - Fix variable dereferenced before check hdev->req
2023-01-16 15:44 [PATCH 4.19 000/521] 4.19.270-rc1 review Greg Kroah-Hartman
` (202 preceding siblings ...)
2023-01-16 15:47 ` [PATCH 4.19 203/521] orangefs: Fix sysfs not cleanup when dev init failed Greg Kroah-Hartman
@ 2023-01-16 15:47 ` Greg Kroah-Hartman
2023-01-16 15:47 ` [PATCH 4.19 205/521] hwrng: amd - Fix PCI device refcount leak Greg Kroah-Hartman
` (320 subsequent siblings)
524 siblings, 0 replies; 529+ messages in thread
From: Greg Kroah-Hartman @ 2023-01-16 15:47 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Gaosheng Cui, Herbert Xu, Sasha Levin
From: Gaosheng Cui <cuigaosheng1@huawei.com>
[ Upstream commit 04ba54e5af8f8f0137b08cb51a0b3a2e1ea46c94 ]
Smatch report warning as follows:
drivers/crypto/img-hash.c:366 img_hash_dma_task() warn: variable
dereferenced before check 'hdev->req'
Variable dereferenced should be done after check 'hdev->req',
fix it.
Fixes: d358f1abbf71 ("crypto: img-hash - Add Imagination Technologies hw hash accelerator")
Fixes: 10badea259fa ("crypto: img-hash - Fix null pointer exception")
Signed-off-by: Gaosheng Cui <cuigaosheng1@huawei.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/crypto/img-hash.c | 8 ++++++--
1 file changed, 6 insertions(+), 2 deletions(-)
diff --git a/drivers/crypto/img-hash.c b/drivers/crypto/img-hash.c
index b87000a0a01c..f70923643a97 100644
--- a/drivers/crypto/img-hash.c
+++ b/drivers/crypto/img-hash.c
@@ -359,12 +359,16 @@ static int img_hash_dma_init(struct img_hash_dev *hdev)
static void img_hash_dma_task(unsigned long d)
{
struct img_hash_dev *hdev = (struct img_hash_dev *)d;
- struct img_hash_request_ctx *ctx = ahash_request_ctx(hdev->req);
+ struct img_hash_request_ctx *ctx;
u8 *addr;
size_t nbytes, bleft, wsend, len, tbc;
struct scatterlist tsg;
- if (!hdev->req || !ctx->sg)
+ if (!hdev->req)
+ return;
+
+ ctx = ahash_request_ctx(hdev->req);
+ if (!ctx->sg)
return;
addr = sg_virt(ctx->sg);
--
2.35.1
^ permalink raw reply related [flat|nested] 529+ messages in thread
* [PATCH 4.19 205/521] hwrng: amd - Fix PCI device refcount leak
2023-01-16 15:44 [PATCH 4.19 000/521] 4.19.270-rc1 review Greg Kroah-Hartman
` (203 preceding siblings ...)
2023-01-16 15:47 ` [PATCH 4.19 204/521] crypto: img-hash - Fix variable dereferenced before check hdev->req Greg Kroah-Hartman
@ 2023-01-16 15:47 ` Greg Kroah-Hartman
2023-01-16 15:47 ` [PATCH 4.19 206/521] hwrng: geode " Greg Kroah-Hartman
` (319 subsequent siblings)
524 siblings, 0 replies; 529+ messages in thread
From: Greg Kroah-Hartman @ 2023-01-16 15:47 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Xiongfeng Wang, Herbert Xu, Sasha Levin
From: Xiongfeng Wang <wangxiongfeng2@huawei.com>
[ Upstream commit ecadb5b0111ea19fc7c240bb25d424a94471eb7d ]
for_each_pci_dev() is implemented by pci_get_device(). The comment of
pci_get_device() says that it will increase the reference count for the
returned pci_dev and also decrease the reference count for the input
pci_dev @from if it is not NULL.
If we break for_each_pci_dev() loop with pdev not NULL, we need to call
pci_dev_put() to decrease the reference count. Add the missing
pci_dev_put() for the normal and error path.
Fixes: 96d63c0297cc ("[PATCH] Add AMD HW RNG driver")
Signed-off-by: Xiongfeng Wang <wangxiongfeng2@huawei.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/char/hw_random/amd-rng.c | 18 +++++++++++++-----
1 file changed, 13 insertions(+), 5 deletions(-)
diff --git a/drivers/char/hw_random/amd-rng.c b/drivers/char/hw_random/amd-rng.c
index 9959c762da2f..db3dd467194c 100644
--- a/drivers/char/hw_random/amd-rng.c
+++ b/drivers/char/hw_random/amd-rng.c
@@ -143,15 +143,19 @@ static int __init mod_init(void)
found:
err = pci_read_config_dword(pdev, 0x58, &pmbase);
if (err)
- return err;
+ goto put_dev;
pmbase &= 0x0000FF00;
- if (pmbase == 0)
- return -EIO;
+ if (pmbase == 0) {
+ err = -EIO;
+ goto put_dev;
+ }
priv = kzalloc(sizeof(*priv), GFP_KERNEL);
- if (!priv)
- return -ENOMEM;
+ if (!priv) {
+ err = -ENOMEM;
+ goto put_dev;
+ }
if (!request_region(pmbase + PMBASE_OFFSET, PMBASE_SIZE, DRV_NAME)) {
dev_err(&pdev->dev, DRV_NAME " region 0x%x already in use!\n",
@@ -185,6 +189,8 @@ static int __init mod_init(void)
release_region(pmbase + PMBASE_OFFSET, PMBASE_SIZE);
out:
kfree(priv);
+put_dev:
+ pci_dev_put(pdev);
return err;
}
@@ -200,6 +206,8 @@ static void __exit mod_exit(void)
release_region(priv->pmbase + PMBASE_OFFSET, PMBASE_SIZE);
+ pci_dev_put(priv->pcidev);
+
kfree(priv);
}
--
2.35.1
^ permalink raw reply related [flat|nested] 529+ messages in thread
* [PATCH 4.19 206/521] hwrng: geode - Fix PCI device refcount leak
2023-01-16 15:44 [PATCH 4.19 000/521] 4.19.270-rc1 review Greg Kroah-Hartman
` (204 preceding siblings ...)
2023-01-16 15:47 ` [PATCH 4.19 205/521] hwrng: amd - Fix PCI device refcount leak Greg Kroah-Hartman
@ 2023-01-16 15:47 ` Greg Kroah-Hartman
2023-01-16 15:47 ` [PATCH 4.19 207/521] IB/IPoIB: Fix queue count inconsistency for PKEY child interfaces Greg Kroah-Hartman
` (318 subsequent siblings)
524 siblings, 0 replies; 529+ messages in thread
From: Greg Kroah-Hartman @ 2023-01-16 15:47 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Xiongfeng Wang, Herbert Xu, Sasha Levin
From: Xiongfeng Wang <wangxiongfeng2@huawei.com>
[ Upstream commit 9f6ec8dc574efb7f4f3d7ee9cd59ae307e78f445 ]
for_each_pci_dev() is implemented by pci_get_device(). The comment of
pci_get_device() says that it will increase the reference count for the
returned pci_dev and also decrease the reference count for the input
pci_dev @from if it is not NULL.
If we break for_each_pci_dev() loop with pdev not NULL, we need to call
pci_dev_put() to decrease the reference count. We add a new struct
'amd_geode_priv' to record pointer of the pci_dev and membase, and then
add missing pci_dev_put() for the normal and error path.
Fixes: ef5d862734b8 ("[PATCH] Add Geode HW RNG driver")
Signed-off-by: Xiongfeng Wang <wangxiongfeng2@huawei.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/char/hw_random/geode-rng.c | 36 +++++++++++++++++++++++-------
1 file changed, 28 insertions(+), 8 deletions(-)
diff --git a/drivers/char/hw_random/geode-rng.c b/drivers/char/hw_random/geode-rng.c
index e1d421a36a13..207272979f23 100644
--- a/drivers/char/hw_random/geode-rng.c
+++ b/drivers/char/hw_random/geode-rng.c
@@ -51,6 +51,10 @@ static const struct pci_device_id pci_tbl[] = {
};
MODULE_DEVICE_TABLE(pci, pci_tbl);
+struct amd_geode_priv {
+ struct pci_dev *pcidev;
+ void __iomem *membase;
+};
static int geode_rng_data_read(struct hwrng *rng, u32 *data)
{
@@ -90,6 +94,7 @@ static int __init mod_init(void)
const struct pci_device_id *ent;
void __iomem *mem;
unsigned long rng_base;
+ struct amd_geode_priv *priv;
for_each_pci_dev(pdev) {
ent = pci_match_id(pci_tbl, pdev);
@@ -97,17 +102,26 @@ static int __init mod_init(void)
goto found;
}
/* Device not found. */
- goto out;
+ return err;
found:
+ priv = kzalloc(sizeof(*priv), GFP_KERNEL);
+ if (!priv) {
+ err = -ENOMEM;
+ goto put_dev;
+ }
+
rng_base = pci_resource_start(pdev, 0);
if (rng_base == 0)
- goto out;
+ goto free_priv;
err = -ENOMEM;
mem = ioremap(rng_base, 0x58);
if (!mem)
- goto out;
- geode_rng.priv = (unsigned long)mem;
+ goto free_priv;
+
+ geode_rng.priv = (unsigned long)priv;
+ priv->membase = mem;
+ priv->pcidev = pdev;
pr_info("AMD Geode RNG detected\n");
err = hwrng_register(&geode_rng);
@@ -116,20 +130,26 @@ static int __init mod_init(void)
err);
goto err_unmap;
}
-out:
return err;
err_unmap:
iounmap(mem);
- goto out;
+free_priv:
+ kfree(priv);
+put_dev:
+ pci_dev_put(pdev);
+ return err;
}
static void __exit mod_exit(void)
{
- void __iomem *mem = (void __iomem *)geode_rng.priv;
+ struct amd_geode_priv *priv;
+ priv = (struct amd_geode_priv *)geode_rng.priv;
hwrng_unregister(&geode_rng);
- iounmap(mem);
+ iounmap(priv->membase);
+ pci_dev_put(priv->pcidev);
+ kfree(priv);
}
module_init(mod_init);
--
2.35.1
^ permalink raw reply related [flat|nested] 529+ messages in thread
* [PATCH 4.19 207/521] IB/IPoIB: Fix queue count inconsistency for PKEY child interfaces
2023-01-16 15:44 [PATCH 4.19 000/521] 4.19.270-rc1 review Greg Kroah-Hartman
` (205 preceding siblings ...)
2023-01-16 15:47 ` [PATCH 4.19 206/521] hwrng: geode " Greg Kroah-Hartman
@ 2023-01-16 15:47 ` Greg Kroah-Hartman
2023-01-16 15:47 ` [PATCH 4.19 208/521] drivers: dio: fix possible memory leak in dio_init() Greg Kroah-Hartman
` (317 subsequent siblings)
524 siblings, 0 replies; 529+ messages in thread
From: Greg Kroah-Hartman @ 2023-01-16 15:47 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Dragos Tatulea, Leon Romanovsky,
Sasha Levin
From: Dragos Tatulea <dtatulea@nvidia.com>
[ Upstream commit dbc94a0fb81771a38733c0e8f2ea8c4fa6934dc1 ]
There are 2 ways to create IPoIB PKEY child interfaces:
1) Writing a PKEY to /sys/class/net/<ib parent interface>/create_child.
2) Using netlink with iproute.
While with sysfs the child interface has the same number of tx and
rx queues as the parent, with netlink there will always be 1 tx
and 1 rx queue for the child interface. That's because the
get_num_tx/rx_queues() netlink ops are missing and the default value
of 1 is taken for the number of queues (in rtnl_create_link()).
This change adds the get_num_tx/rx_queues() ops which allows for
interfaces with multiple queues to be created over netlink. This
constant only represents the max number of tx and rx queues on that
net device.
Fixes: 9baa0b036410 ("IB/ipoib: Add rtnl_link_ops support")
Signed-off-by: Dragos Tatulea <dtatulea@nvidia.com>
Link: https://lore.kernel.org/r/f4a42c8aa43c02d5ae5559a60c3e5e0f18c82531.1670485816.git.leonro@nvidia.com
Signed-off-by: Leon Romanovsky <leon@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/infiniband/ulp/ipoib/ipoib_netlink.c | 7 +++++++
1 file changed, 7 insertions(+)
diff --git a/drivers/infiniband/ulp/ipoib/ipoib_netlink.c b/drivers/infiniband/ulp/ipoib/ipoib_netlink.c
index d4d553a51fa9..285cb28bf14a 100644
--- a/drivers/infiniband/ulp/ipoib/ipoib_netlink.c
+++ b/drivers/infiniband/ulp/ipoib/ipoib_netlink.c
@@ -42,6 +42,11 @@ static const struct nla_policy ipoib_policy[IFLA_IPOIB_MAX + 1] = {
[IFLA_IPOIB_UMCAST] = { .type = NLA_U16 },
};
+static unsigned int ipoib_get_max_num_queues(void)
+{
+ return min_t(unsigned int, num_possible_cpus(), 128);
+}
+
static int ipoib_fill_info(struct sk_buff *skb, const struct net_device *dev)
{
struct ipoib_dev_priv *priv = ipoib_priv(dev);
@@ -147,6 +152,8 @@ static struct rtnl_link_ops ipoib_link_ops __read_mostly = {
.changelink = ipoib_changelink,
.get_size = ipoib_get_size,
.fill_info = ipoib_fill_info,
+ .get_num_rx_queues = ipoib_get_max_num_queues,
+ .get_num_tx_queues = ipoib_get_max_num_queues,
};
int __init ipoib_netlink_init(void)
--
2.35.1
^ permalink raw reply related [flat|nested] 529+ messages in thread
* [PATCH 4.19 208/521] drivers: dio: fix possible memory leak in dio_init()
2023-01-16 15:44 [PATCH 4.19 000/521] 4.19.270-rc1 review Greg Kroah-Hartman
` (206 preceding siblings ...)
2023-01-16 15:47 ` [PATCH 4.19 207/521] IB/IPoIB: Fix queue count inconsistency for PKEY child interfaces Greg Kroah-Hartman
@ 2023-01-16 15:47 ` Greg Kroah-Hartman
2023-01-16 15:47 ` [PATCH 4.19 209/521] serial: tegra: avoid reg access when clk disabled Greg Kroah-Hartman
` (316 subsequent siblings)
524 siblings, 0 replies; 529+ messages in thread
From: Greg Kroah-Hartman @ 2023-01-16 15:47 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Yang Yingliang, Sasha Levin
From: Yang Yingliang <yangyingliang@huawei.com>
[ Upstream commit e63e99397b2613d50a5f4f02ed07307e67a190f1 ]
If device_register() returns error, the 'dev' and name needs be
freed. Add a release function, and then call put_device() in the
error path, so the name is freed in kobject_cleanup() and to the
'dev' is freed in release function.
Fixes: 2e4c77bea3d8 ("m68k: dio - Kill warn_unused_result warnings")
Fixes: 1fa5ae857bb1 ("driver core: get rid of struct device's bus_id string array")
Signed-off-by: Yang Yingliang <yangyingliang@huawei.com>
Link: https://lore.kernel.org/r/20221109064036.1835346-1-yangyingliang@huawei.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/dio/dio.c | 8 ++++++++
1 file changed, 8 insertions(+)
diff --git a/drivers/dio/dio.c b/drivers/dio/dio.c
index 92e78d16b476..fcde602f4902 100644
--- a/drivers/dio/dio.c
+++ b/drivers/dio/dio.c
@@ -110,6 +110,12 @@ static char dio_no_name[] = { 0 };
#endif /* CONFIG_DIO_CONSTANTS */
+static void dio_dev_release(struct device *dev)
+{
+ struct dio_dev *ddev = container_of(dev, typeof(struct dio_dev), dev);
+ kfree(ddev);
+}
+
int __init dio_find(int deviceid)
{
/* Called to find a DIO device before the full bus scan has run.
@@ -222,6 +228,7 @@ static int __init dio_init(void)
dev->bus = &dio_bus;
dev->dev.parent = &dio_bus.dev;
dev->dev.bus = &dio_bus_type;
+ dev->dev.release = dio_dev_release;
dev->scode = scode;
dev->resource.start = pa;
dev->resource.end = pa + DIO_SIZE(scode, va);
@@ -249,6 +256,7 @@ static int __init dio_init(void)
if (error) {
pr_err("DIO: Error registering device %s\n",
dev->name);
+ put_device(&dev->dev);
continue;
}
error = dio_create_sysfs_dev_files(dev);
--
2.35.1
^ permalink raw reply related [flat|nested] 529+ messages in thread
* [PATCH 4.19 209/521] serial: tegra: avoid reg access when clk disabled
2023-01-16 15:44 [PATCH 4.19 000/521] 4.19.270-rc1 review Greg Kroah-Hartman
` (207 preceding siblings ...)
2023-01-16 15:47 ` [PATCH 4.19 208/521] drivers: dio: fix possible memory leak in dio_init() Greg Kroah-Hartman
@ 2023-01-16 15:47 ` Greg Kroah-Hartman
2023-01-16 15:47 ` [PATCH 4.19 210/521] serial: tegra: check for FIFO mode enabled status Greg Kroah-Hartman
` (315 subsequent siblings)
524 siblings, 0 replies; 529+ messages in thread
From: Greg Kroah-Hartman @ 2023-01-16 15:47 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Ahung Cheng, Shardar Mohammed,
Krishna Yarlagadda, Sasha Levin
From: Ahung Cheng <ahcheng@nvidia.com>
[ Upstream commit 494f79bd2365703e4093efa0ecf4b139d83aba97 ]
This avoids two race conditions from the UART shutdown sequence both
leading to 'Machine check error in AXI2APB' and kernel oops.
One was that the clock was disabled before the DMA was terminated making
it possible for the DMA callbacks to be called after the clock was
disabled. These callbacks could write to the UART registers causing
timeout.
The second was that the clock was disabled before the UART was
completely flagged as closed. This is done after the shutdown is called
and a new write could be started after the clock was disabled.
tegra_uart_start_pio_tx could be called causing timeout.
Given that the baud rate is reset at the end of shutdown sequence, this
fix is to examine the baud rate to avoid register access from both race
conditions.
Besides, terminate the DMA before disabling the clock.
Signed-off-by: Ahung Cheng <ahcheng@nvidia.com>
Signed-off-by: Shardar Mohammed <smohammed@nvidia.com>
Signed-off-by: Krishna Yarlagadda <kyarlagadda@nvidia.com>
Link: https://lore.kernel.org/r/1567572187-29820-3-git-send-email-kyarlagadda@nvidia.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Stable-dep-of: 109a951a9f1f ("serial: tegra: Read DMA status before terminating")
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/tty/serial/serial-tegra.c | 17 +++++++++++------
1 file changed, 11 insertions(+), 6 deletions(-)
diff --git a/drivers/tty/serial/serial-tegra.c b/drivers/tty/serial/serial-tegra.c
index ee480a1480e8..c113a0b1ece1 100644
--- a/drivers/tty/serial/serial-tegra.c
+++ b/drivers/tty/serial/serial-tegra.c
@@ -126,6 +126,8 @@ struct tegra_uart_port {
static void tegra_uart_start_next_tx(struct tegra_uart_port *tup);
static int tegra_uart_start_rx_dma(struct tegra_uart_port *tup);
+static void tegra_uart_dma_channel_free(struct tegra_uart_port *tup,
+ bool dma_to_memory);
static inline unsigned long tegra_uart_read(struct tegra_uart_port *tup,
unsigned long reg)
@@ -440,6 +442,9 @@ static void tegra_uart_start_next_tx(struct tegra_uart_port *tup)
unsigned long count;
struct circ_buf *xmit = &tup->uport.state->xmit;
+ if (!tup->current_baud)
+ return;
+
tail = (unsigned long)&xmit->buf[xmit->tail];
count = CIRC_CNT_TO_END(xmit->head, xmit->tail, UART_XMIT_SIZE);
if (!count)
@@ -803,6 +808,12 @@ static void tegra_uart_hw_deinit(struct tegra_uart_port *tup)
tup->current_baud = 0;
spin_unlock_irqrestore(&tup->uport.lock, flags);
+ tup->rx_in_progress = 0;
+ tup->tx_in_progress = 0;
+
+ tegra_uart_dma_channel_free(tup, true);
+ tegra_uart_dma_channel_free(tup, false);
+
clk_disable_unprepare(tup->uart_clk);
}
@@ -1040,12 +1051,6 @@ static void tegra_uart_shutdown(struct uart_port *u)
struct tegra_uart_port *tup = to_tegra_uport(u);
tegra_uart_hw_deinit(tup);
-
- tup->rx_in_progress = 0;
- tup->tx_in_progress = 0;
-
- tegra_uart_dma_channel_free(tup, true);
- tegra_uart_dma_channel_free(tup, false);
free_irq(u->irq, tup);
}
--
2.35.1
^ permalink raw reply related [flat|nested] 529+ messages in thread
* [PATCH 4.19 210/521] serial: tegra: check for FIFO mode enabled status
2023-01-16 15:44 [PATCH 4.19 000/521] 4.19.270-rc1 review Greg Kroah-Hartman
` (208 preceding siblings ...)
2023-01-16 15:47 ` [PATCH 4.19 209/521] serial: tegra: avoid reg access when clk disabled Greg Kroah-Hartman
@ 2023-01-16 15:47 ` Greg Kroah-Hartman
2023-01-16 15:47 ` [PATCH 4.19 211/521] serial: tegra: set maximum num of uart ports to 8 Greg Kroah-Hartman
` (314 subsequent siblings)
524 siblings, 0 replies; 529+ messages in thread
From: Greg Kroah-Hartman @ 2023-01-16 15:47 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Shardar Shariff Md,
Krishna Yarlagadda, Sasha Levin
From: Krishna Yarlagadda <kyarlagadda@nvidia.com>
[ Upstream commit 222dcdff3405a31803aecd3bf66f62d46b8bda98 ]
Chips prior to Tegra186 needed delay of 3 UART clock cycles to avoid
data loss. This issue is fixed in Tegra186 and a new flag is added to
check if FIFO mode is enabled. chip data updated to check if this flag
is available for a chip. Tegra186 has new compatible to enable this
flag.
Signed-off-by: Shardar Shariff Md <smohammed@nvidia.com>
Signed-off-by: Krishna Yarlagadda <kyarlagadda@nvidia.com>
Link: https://lore.kernel.org/r/1567572187-29820-7-git-send-email-kyarlagadda@nvidia.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Stable-dep-of: 109a951a9f1f ("serial: tegra: Read DMA status before terminating")
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/tty/serial/serial-tegra.c | 52 +++++++++++++++++++++++++++----
1 file changed, 46 insertions(+), 6 deletions(-)
diff --git a/drivers/tty/serial/serial-tegra.c b/drivers/tty/serial/serial-tegra.c
index c113a0b1ece1..5408486be834 100644
--- a/drivers/tty/serial/serial-tegra.c
+++ b/drivers/tty/serial/serial-tegra.c
@@ -72,6 +72,8 @@
#define TEGRA_TX_PIO 1
#define TEGRA_TX_DMA 2
+#define TEGRA_UART_FCR_IIR_FIFO_EN 0x40
+
/**
* tegra_uart_chip_data: SOC specific data.
*
@@ -84,6 +86,7 @@ struct tegra_uart_chip_data {
bool tx_fifo_full_status;
bool allow_txfifo_reset_fifo_mode;
bool support_clk_src_div;
+ bool fifo_mode_enable_status;
};
struct tegra_uart_port {
@@ -245,6 +248,21 @@ static void tegra_uart_wait_sym_time(struct tegra_uart_port *tup,
tup->current_baud));
}
+static int tegra_uart_wait_fifo_mode_enabled(struct tegra_uart_port *tup)
+{
+ unsigned long iir;
+ unsigned int tmout = 100;
+
+ do {
+ iir = tegra_uart_read(tup, UART_IIR);
+ if (iir & TEGRA_UART_FCR_IIR_FIFO_EN)
+ return 0;
+ udelay(1);
+ } while (--tmout);
+
+ return -ETIMEDOUT;
+}
+
static void tegra_uart_fifo_reset(struct tegra_uart_port *tup, u8 fcr_bits)
{
unsigned long fcr = tup->fcr_shadow;
@@ -260,6 +278,8 @@ static void tegra_uart_fifo_reset(struct tegra_uart_port *tup, u8 fcr_bits)
tegra_uart_write(tup, fcr, UART_FCR);
fcr |= UART_FCR_ENABLE_FIFO;
tegra_uart_write(tup, fcr, UART_FCR);
+ if (tup->cdata->fifo_mode_enable_status)
+ tegra_uart_wait_fifo_mode_enabled(tup);
}
/* Dummy read to ensure the write is posted */
@@ -863,12 +883,20 @@ static int tegra_uart_hw_init(struct tegra_uart_port *tup)
/* Dummy read to ensure the write is posted */
tegra_uart_read(tup, UART_SCR);
- /*
- * For all tegra devices (up to t210), there is a hardware issue that
- * requires software to wait for 3 UART clock periods after enabling
- * the TX fifo, otherwise data could be lost.
- */
- tegra_uart_wait_cycle_time(tup, 3);
+ if (tup->cdata->fifo_mode_enable_status) {
+ ret = tegra_uart_wait_fifo_mode_enabled(tup);
+ dev_err(tup->uport.dev, "FIFO mode not enabled\n");
+ if (ret < 0)
+ return ret;
+ } else {
+ /*
+ * For all tegra devices (up to t210), there is a hardware
+ * issue that requires software to wait for 3 UART clock
+ * periods after enabling the TX fifo, otherwise data could
+ * be lost.
+ */
+ tegra_uart_wait_cycle_time(tup, 3);
+ }
/*
* Initialize the UART with default configuration
@@ -1232,12 +1260,21 @@ static struct tegra_uart_chip_data tegra20_uart_chip_data = {
.tx_fifo_full_status = false,
.allow_txfifo_reset_fifo_mode = true,
.support_clk_src_div = false,
+ .fifo_mode_enable_status = false,
};
static struct tegra_uart_chip_data tegra30_uart_chip_data = {
.tx_fifo_full_status = true,
.allow_txfifo_reset_fifo_mode = false,
.support_clk_src_div = true,
+ .fifo_mode_enable_status = false,
+};
+
+static struct tegra_uart_chip_data tegra186_uart_chip_data = {
+ .tx_fifo_full_status = true,
+ .allow_txfifo_reset_fifo_mode = false,
+ .support_clk_src_div = true,
+ .fifo_mode_enable_status = true,
};
static const struct of_device_id tegra_uart_of_match[] = {
@@ -1247,6 +1284,9 @@ static const struct of_device_id tegra_uart_of_match[] = {
}, {
.compatible = "nvidia,tegra20-hsuart",
.data = &tegra20_uart_chip_data,
+ }, {
+ .compatible = "nvidia,tegra186-hsuart",
+ .data = &tegra186_uart_chip_data,
}, {
},
};
--
2.35.1
^ permalink raw reply related [flat|nested] 529+ messages in thread
* [PATCH 4.19 211/521] serial: tegra: set maximum num of uart ports to 8
2023-01-16 15:44 [PATCH 4.19 000/521] 4.19.270-rc1 review Greg Kroah-Hartman
` (209 preceding siblings ...)
2023-01-16 15:47 ` [PATCH 4.19 210/521] serial: tegra: check for FIFO mode enabled status Greg Kroah-Hartman
@ 2023-01-16 15:47 ` Greg Kroah-Hartman
2023-01-16 15:47 ` [PATCH 4.19 212/521] serial: tegra: add support to use 8 bytes trigger Greg Kroah-Hartman
` (313 subsequent siblings)
524 siblings, 0 replies; 529+ messages in thread
From: Greg Kroah-Hartman @ 2023-01-16 15:47 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Shardar Shariff Md,
Krishna Yarlagadda, Sasha Levin
From: Krishna Yarlagadda <kyarlagadda@nvidia.com>
[ Upstream commit 53d0a062cb771d62cd205d9e2845fe26c9989142 ]
Set maximum number of UART ports to 8 as older chips have 5 ports and
Tergra186 and later chips will have 8 ports. Add this info to chip
data. Read device tree compatible of this driver and register uart
driver with max ports of matching chip data.
Signed-off-by: Shardar Shariff Md <smohammed@nvidia.com>
Signed-off-by: Krishna Yarlagadda <kyarlagadda@nvidia.com>
Link: https://lore.kernel.org/r/1567572187-29820-8-git-send-email-kyarlagadda@nvidia.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Stable-dep-of: 109a951a9f1f ("serial: tegra: Read DMA status before terminating")
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/tty/serial/serial-tegra.c | 19 +++++++++++++++++--
1 file changed, 17 insertions(+), 2 deletions(-)
diff --git a/drivers/tty/serial/serial-tegra.c b/drivers/tty/serial/serial-tegra.c
index 5408486be834..55415a12d3cc 100644
--- a/drivers/tty/serial/serial-tegra.c
+++ b/drivers/tty/serial/serial-tegra.c
@@ -62,7 +62,7 @@
#define TEGRA_UART_TX_TRIG_4B 0x20
#define TEGRA_UART_TX_TRIG_1B 0x30
-#define TEGRA_UART_MAXIMUM 5
+#define TEGRA_UART_MAXIMUM 8
/* Default UART setting when started: 115200 no parity, stop, 8 data bits */
#define TEGRA_UART_DEFAULT_BAUD 115200
@@ -87,6 +87,7 @@ struct tegra_uart_chip_data {
bool allow_txfifo_reset_fifo_mode;
bool support_clk_src_div;
bool fifo_mode_enable_status;
+ int uart_max_port;
};
struct tegra_uart_port {
@@ -1261,6 +1262,7 @@ static struct tegra_uart_chip_data tegra20_uart_chip_data = {
.allow_txfifo_reset_fifo_mode = true,
.support_clk_src_div = false,
.fifo_mode_enable_status = false,
+ .uart_max_port = 5,
};
static struct tegra_uart_chip_data tegra30_uart_chip_data = {
@@ -1268,6 +1270,7 @@ static struct tegra_uart_chip_data tegra30_uart_chip_data = {
.allow_txfifo_reset_fifo_mode = false,
.support_clk_src_div = true,
.fifo_mode_enable_status = false,
+ .uart_max_port = 5,
};
static struct tegra_uart_chip_data tegra186_uart_chip_data = {
@@ -1275,6 +1278,7 @@ static struct tegra_uart_chip_data tegra186_uart_chip_data = {
.allow_txfifo_reset_fifo_mode = false,
.support_clk_src_div = true,
.fifo_mode_enable_status = true,
+ .uart_max_port = 8,
};
static const struct of_device_id tegra_uart_of_match[] = {
@@ -1409,11 +1413,22 @@ static struct platform_driver tegra_uart_platform_driver = {
static int __init tegra_uart_init(void)
{
int ret;
+ struct device_node *node;
+ const struct of_device_id *match = NULL;
+ const struct tegra_uart_chip_data *cdata = NULL;
+
+ node = of_find_matching_node(NULL, tegra_uart_of_match);
+ if (node)
+ match = of_match_node(tegra_uart_of_match, node);
+ if (match)
+ cdata = match->data;
+ if (cdata)
+ tegra_uart_driver.nr = cdata->uart_max_port;
ret = uart_register_driver(&tegra_uart_driver);
if (ret < 0) {
pr_err("Could not register %s driver\n",
- tegra_uart_driver.driver_name);
+ tegra_uart_driver.driver_name);
return ret;
}
--
2.35.1
^ permalink raw reply related [flat|nested] 529+ messages in thread
* [PATCH 4.19 212/521] serial: tegra: add support to use 8 bytes trigger
2023-01-16 15:44 [PATCH 4.19 000/521] 4.19.270-rc1 review Greg Kroah-Hartman
` (210 preceding siblings ...)
2023-01-16 15:47 ` [PATCH 4.19 211/521] serial: tegra: set maximum num of uart ports to 8 Greg Kroah-Hartman
@ 2023-01-16 15:47 ` Greg Kroah-Hartman
2023-01-16 15:47 ` [PATCH 4.19 213/521] serial: tegra: add support to adjust baud rate Greg Kroah-Hartman
` (312 subsequent siblings)
524 siblings, 0 replies; 529+ messages in thread
From: Greg Kroah-Hartman @ 2023-01-16 15:47 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Shardar Shariff Md,
Krishna Yarlagadda, Sasha Levin
From: Krishna Yarlagadda <kyarlagadda@nvidia.com>
[ Upstream commit 7799a3aa81279637031abad19e56e4bbf1481d4e ]
Add support to use 8 bytes trigger for Tegra186 SOC.
Signed-off-by: Shardar Shariff Md <smohammed@nvidia.com>
Signed-off-by: Krishna Yarlagadda <kyarlagadda@nvidia.com>
Link: https://lore.kernel.org/r/1567572187-29820-9-git-send-email-kyarlagadda@nvidia.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Stable-dep-of: 109a951a9f1f ("serial: tegra: Read DMA status before terminating")
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/tty/serial/serial-tegra.c | 13 +++++++++++--
1 file changed, 11 insertions(+), 2 deletions(-)
diff --git a/drivers/tty/serial/serial-tegra.c b/drivers/tty/serial/serial-tegra.c
index 55415a12d3cc..6a3c6bf5b964 100644
--- a/drivers/tty/serial/serial-tegra.c
+++ b/drivers/tty/serial/serial-tegra.c
@@ -88,6 +88,7 @@ struct tegra_uart_chip_data {
bool support_clk_src_div;
bool fifo_mode_enable_status;
int uart_max_port;
+ int max_dma_burst_bytes;
};
struct tegra_uart_port {
@@ -877,7 +878,12 @@ static int tegra_uart_hw_init(struct tegra_uart_port *tup)
* programmed in the DMA registers.
*/
tup->fcr_shadow = UART_FCR_ENABLE_FIFO;
- tup->fcr_shadow |= UART_FCR_R_TRIG_01;
+
+ if (tup->cdata->max_dma_burst_bytes == 8)
+ tup->fcr_shadow |= UART_FCR_R_TRIG_10;
+ else
+ tup->fcr_shadow |= UART_FCR_R_TRIG_01;
+
tup->fcr_shadow |= TEGRA_UART_TX_TRIG_16B;
tegra_uart_write(tup, tup->fcr_shadow, UART_FCR);
@@ -991,7 +997,7 @@ static int tegra_uart_dma_channel_allocate(struct tegra_uart_port *tup,
}
dma_sconfig.src_addr = tup->uport.mapbase;
dma_sconfig.src_addr_width = DMA_SLAVE_BUSWIDTH_1_BYTE;
- dma_sconfig.src_maxburst = 4;
+ dma_sconfig.src_maxburst = tup->cdata->max_dma_burst_bytes;
tup->rx_dma_chan = dma_chan;
tup->rx_dma_buf_virt = dma_buf;
tup->rx_dma_buf_phys = dma_phys;
@@ -1263,6 +1269,7 @@ static struct tegra_uart_chip_data tegra20_uart_chip_data = {
.support_clk_src_div = false,
.fifo_mode_enable_status = false,
.uart_max_port = 5,
+ .max_dma_burst_bytes = 4,
};
static struct tegra_uart_chip_data tegra30_uart_chip_data = {
@@ -1271,6 +1278,7 @@ static struct tegra_uart_chip_data tegra30_uart_chip_data = {
.support_clk_src_div = true,
.fifo_mode_enable_status = false,
.uart_max_port = 5,
+ .max_dma_burst_bytes = 4,
};
static struct tegra_uart_chip_data tegra186_uart_chip_data = {
@@ -1279,6 +1287,7 @@ static struct tegra_uart_chip_data tegra186_uart_chip_data = {
.support_clk_src_div = true,
.fifo_mode_enable_status = true,
.uart_max_port = 8,
+ .max_dma_burst_bytes = 8,
};
static const struct of_device_id tegra_uart_of_match[] = {
--
2.35.1
^ permalink raw reply related [flat|nested] 529+ messages in thread
* [PATCH 4.19 213/521] serial: tegra: add support to adjust baud rate
2023-01-16 15:44 [PATCH 4.19 000/521] 4.19.270-rc1 review Greg Kroah-Hartman
` (211 preceding siblings ...)
2023-01-16 15:47 ` [PATCH 4.19 212/521] serial: tegra: add support to use 8 bytes trigger Greg Kroah-Hartman
@ 2023-01-16 15:47 ` Greg Kroah-Hartman
2023-01-16 15:47 ` [PATCH 4.19 214/521] serial: tegra: report clk rate errors Greg Kroah-Hartman
` (311 subsequent siblings)
524 siblings, 0 replies; 529+ messages in thread
From: Greg Kroah-Hartman @ 2023-01-16 15:47 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Shardar Shariff Md,
Krishna Yarlagadda, Sasha Levin
From: Krishna Yarlagadda <kyarlagadda@nvidia.com>
[ Upstream commit f04a3cc8d4550463e0c15be59d91177a5def1ca5 ]
Add support to adjust baud rates to fall under supported tolerance
range through DT.
Tegra186 chip has a hardware issue resulting in frame errors when
tolerance level for baud rate is negative. Provided entries to adjust
baud rate to be within acceptable range and work with devices that
can send negative baud rate. Also report error when baud rate set is
out of tolerance range of controller updated in device tree.
Signed-off-by: Shardar Shariff Md <smohammed@nvidia.com>
Signed-off-by: Krishna Yarlagadda <kyarlagadda@nvidia.com>
Link: https://lore.kernel.org/r/1567572187-29820-11-git-send-email-kyarlagadda@nvidia.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Stable-dep-of: 109a951a9f1f ("serial: tegra: Read DMA status before terminating")
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/tty/serial/serial-tegra.c | 68 +++++++++++++++++++++++++++++++
1 file changed, 68 insertions(+)
diff --git a/drivers/tty/serial/serial-tegra.c b/drivers/tty/serial/serial-tegra.c
index 6a3c6bf5b964..aae4c167f529 100644
--- a/drivers/tty/serial/serial-tegra.c
+++ b/drivers/tty/serial/serial-tegra.c
@@ -91,6 +91,12 @@ struct tegra_uart_chip_data {
int max_dma_burst_bytes;
};
+struct tegra_baud_tolerance {
+ u32 lower_range_baud;
+ u32 upper_range_baud;
+ s32 tolerance;
+};
+
struct tegra_uart_port {
struct uart_port uport;
const struct tegra_uart_chip_data *cdata;
@@ -127,6 +133,8 @@ struct tegra_uart_port {
dma_cookie_t rx_cookie;
unsigned int tx_bytes_requested;
unsigned int rx_bytes_requested;
+ struct tegra_baud_tolerance *baud_tolerance;
+ int n_adjustable_baud_rates;
};
static void tegra_uart_start_next_tx(struct tegra_uart_port *tup);
@@ -295,6 +303,21 @@ static void tegra_uart_fifo_reset(struct tegra_uart_port *tup, u8 fcr_bits)
tegra_uart_wait_cycle_time(tup, 32);
}
+static long tegra_get_tolerance_rate(struct tegra_uart_port *tup,
+ unsigned int baud, long rate)
+{
+ int i;
+
+ for (i = 0; i < tup->n_adjustable_baud_rates; ++i) {
+ if (baud >= tup->baud_tolerance[i].lower_range_baud &&
+ baud <= tup->baud_tolerance[i].upper_range_baud)
+ return (rate + (rate *
+ tup->baud_tolerance[i].tolerance) / 10000);
+ }
+
+ return rate;
+}
+
static int tegra_set_baudrate(struct tegra_uart_port *tup, unsigned int baud)
{
unsigned long rate;
@@ -307,6 +330,9 @@ static int tegra_set_baudrate(struct tegra_uart_port *tup, unsigned int baud)
if (tup->cdata->support_clk_src_div) {
rate = baud * 16;
+ if (tup->n_adjustable_baud_rates)
+ rate = tegra_get_tolerance_rate(tup, baud, rate);
+
ret = clk_set_rate(tup->uart_clk, rate);
if (ret < 0) {
dev_err(tup->uport.dev,
@@ -1250,6 +1276,12 @@ static int tegra_uart_parse_dt(struct platform_device *pdev,
{
struct device_node *np = pdev->dev.of_node;
int port;
+ int ret;
+ int index;
+ u32 pval;
+ int count;
+ int n_entries;
+
port = of_alias_get_id(np, "serial");
if (port < 0) {
@@ -1260,6 +1292,42 @@ static int tegra_uart_parse_dt(struct platform_device *pdev,
tup->enable_modem_interrupt = of_property_read_bool(np,
"nvidia,enable-modem-interrupt");
+ n_entries = of_property_count_u32_elems(np, "nvidia,adjust-baud-rates");
+ if (n_entries > 0) {
+ tup->n_adjustable_baud_rates = n_entries / 3;
+ tup->baud_tolerance =
+ devm_kzalloc(&pdev->dev, (tup->n_adjustable_baud_rates) *
+ sizeof(*tup->baud_tolerance), GFP_KERNEL);
+ if (!tup->baud_tolerance)
+ return -ENOMEM;
+ for (count = 0, index = 0; count < n_entries; count += 3,
+ index++) {
+ ret =
+ of_property_read_u32_index(np,
+ "nvidia,adjust-baud-rates",
+ count, &pval);
+ if (!ret)
+ tup->baud_tolerance[index].lower_range_baud =
+ pval;
+ ret =
+ of_property_read_u32_index(np,
+ "nvidia,adjust-baud-rates",
+ count + 1, &pval);
+ if (!ret)
+ tup->baud_tolerance[index].upper_range_baud =
+ pval;
+ ret =
+ of_property_read_u32_index(np,
+ "nvidia,adjust-baud-rates",
+ count + 2, &pval);
+ if (!ret)
+ tup->baud_tolerance[index].tolerance =
+ (s32)pval;
+ }
+ } else {
+ tup->n_adjustable_baud_rates = 0;
+ }
+
return 0;
}
--
2.35.1
^ permalink raw reply related [flat|nested] 529+ messages in thread
* [PATCH 4.19 214/521] serial: tegra: report clk rate errors
2023-01-16 15:44 [PATCH 4.19 000/521] 4.19.270-rc1 review Greg Kroah-Hartman
` (212 preceding siblings ...)
2023-01-16 15:47 ` [PATCH 4.19 213/521] serial: tegra: add support to adjust baud rate Greg Kroah-Hartman
@ 2023-01-16 15:47 ` Greg Kroah-Hartman
2023-01-16 15:47 ` [PATCH 4.19 215/521] serial: tegra: Add PIO mode support Greg Kroah-Hartman
` (310 subsequent siblings)
524 siblings, 0 replies; 529+ messages in thread
From: Greg Kroah-Hartman @ 2023-01-16 15:47 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Shardar Shariff Md,
Krishna Yarlagadda, Sasha Levin
From: Krishna Yarlagadda <kyarlagadda@nvidia.com>
[ Upstream commit d781ec21bae6ff8f9e07682e8947a654484611f5 ]
Standard UART controllers support +/-4% baud rate error tolerance.
Tegra186 only supports 0% to +4% error tolerance whereas other Tegra
chips support standard +/-4% rate. Add chip data for knowing error
tolerance level for each soc. Creating new compatible for Tegra194
chip as it supports baud rate error tolerance of -2 to +2%, different
from older chips.
Signed-off-by: Shardar Shariff Md <smohammed@nvidia.com>
Signed-off-by: Krishna Yarlagadda <kyarlagadda@nvidia.com>
Link: https://lore.kernel.org/r/1567572187-29820-12-git-send-email-kyarlagadda@nvidia.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Stable-dep-of: 109a951a9f1f ("serial: tegra: Read DMA status before terminating")
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/tty/serial/serial-tegra.c | 59 +++++++++++++++++++++++++++++--
1 file changed, 57 insertions(+), 2 deletions(-)
diff --git a/drivers/tty/serial/serial-tegra.c b/drivers/tty/serial/serial-tegra.c
index aae4c167f529..e11d19742cf6 100644
--- a/drivers/tty/serial/serial-tegra.c
+++ b/drivers/tty/serial/serial-tegra.c
@@ -89,6 +89,8 @@ struct tegra_uart_chip_data {
bool fifo_mode_enable_status;
int uart_max_port;
int max_dma_burst_bytes;
+ int error_tolerance_low_range;
+ int error_tolerance_high_range;
};
struct tegra_baud_tolerance {
@@ -135,6 +137,8 @@ struct tegra_uart_port {
unsigned int rx_bytes_requested;
struct tegra_baud_tolerance *baud_tolerance;
int n_adjustable_baud_rates;
+ int required_rate;
+ int configured_rate;
};
static void tegra_uart_start_next_tx(struct tegra_uart_port *tup);
@@ -318,6 +322,22 @@ static long tegra_get_tolerance_rate(struct tegra_uart_port *tup,
return rate;
}
+static int tegra_check_rate_in_range(struct tegra_uart_port *tup)
+{
+ long diff;
+
+ diff = ((long)(tup->configured_rate - tup->required_rate) * 10000)
+ / tup->required_rate;
+ if (diff < (tup->cdata->error_tolerance_low_range * 100) ||
+ diff > (tup->cdata->error_tolerance_high_range * 100)) {
+ dev_err(tup->uport.dev,
+ "configured baud rate is out of range by %ld", diff);
+ return -EIO;
+ }
+
+ return 0;
+}
+
static int tegra_set_baudrate(struct tegra_uart_port *tup, unsigned int baud)
{
unsigned long rate;
@@ -330,6 +350,8 @@ static int tegra_set_baudrate(struct tegra_uart_port *tup, unsigned int baud)
if (tup->cdata->support_clk_src_div) {
rate = baud * 16;
+ tup->required_rate = rate;
+
if (tup->n_adjustable_baud_rates)
rate = tegra_get_tolerance_rate(tup, baud, rate);
@@ -339,7 +361,11 @@ static int tegra_set_baudrate(struct tegra_uart_port *tup, unsigned int baud)
"clk_set_rate() failed for rate %lu\n", rate);
return ret;
}
+ tup->configured_rate = clk_get_rate(tup->uart_clk);
divisor = 1;
+ ret = tegra_check_rate_in_range(tup);
+ if (ret < 0)
+ return ret;
} else {
rate = clk_get_rate(tup->uart_clk);
divisor = DIV_ROUND_CLOSEST(rate, baud * 16);
@@ -937,7 +963,11 @@ static int tegra_uart_hw_init(struct tegra_uart_port *tup)
* enqueued
*/
tup->lcr_shadow = TEGRA_UART_DEFAULT_LSR;
- tegra_set_baudrate(tup, TEGRA_UART_DEFAULT_BAUD);
+ ret = tegra_set_baudrate(tup, TEGRA_UART_DEFAULT_BAUD);
+ if (ret < 0) {
+ dev_err(tup->uport.dev, "Failed to set baud rate\n");
+ return ret;
+ }
tup->fcr_shadow |= UART_FCR_DMA_SELECT;
tegra_uart_write(tup, tup->fcr_shadow, UART_FCR);
@@ -1136,6 +1166,7 @@ static void tegra_uart_set_termios(struct uart_port *u,
struct clk *parent_clk = clk_get_parent(tup->uart_clk);
unsigned long parent_clk_rate = clk_get_rate(parent_clk);
int max_divider = (tup->cdata->support_clk_src_div) ? 0x7FFF : 0xFFFF;
+ int ret;
max_divider *= 16;
spin_lock_irqsave(&u->lock, flags);
@@ -1208,7 +1239,11 @@ static void tegra_uart_set_termios(struct uart_port *u,
parent_clk_rate/max_divider,
parent_clk_rate/16);
spin_unlock_irqrestore(&u->lock, flags);
- tegra_set_baudrate(tup, baud);
+ ret = tegra_set_baudrate(tup, baud);
+ if (ret < 0) {
+ dev_err(tup->uport.dev, "Failed to set baud rate\n");
+ return;
+ }
if (tty_termios_baud_rate(termios))
tty_termios_encode_baud_rate(termios, baud, baud);
spin_lock_irqsave(&u->lock, flags);
@@ -1338,6 +1373,8 @@ static struct tegra_uart_chip_data tegra20_uart_chip_data = {
.fifo_mode_enable_status = false,
.uart_max_port = 5,
.max_dma_burst_bytes = 4,
+ .error_tolerance_low_range = 0,
+ .error_tolerance_high_range = 4,
};
static struct tegra_uart_chip_data tegra30_uart_chip_data = {
@@ -1347,6 +1384,8 @@ static struct tegra_uart_chip_data tegra30_uart_chip_data = {
.fifo_mode_enable_status = false,
.uart_max_port = 5,
.max_dma_burst_bytes = 4,
+ .error_tolerance_low_range = 0,
+ .error_tolerance_high_range = 4,
};
static struct tegra_uart_chip_data tegra186_uart_chip_data = {
@@ -1356,6 +1395,19 @@ static struct tegra_uart_chip_data tegra186_uart_chip_data = {
.fifo_mode_enable_status = true,
.uart_max_port = 8,
.max_dma_burst_bytes = 8,
+ .error_tolerance_low_range = 0,
+ .error_tolerance_high_range = 4,
+};
+
+static struct tegra_uart_chip_data tegra194_uart_chip_data = {
+ .tx_fifo_full_status = true,
+ .allow_txfifo_reset_fifo_mode = false,
+ .support_clk_src_div = true,
+ .fifo_mode_enable_status = true,
+ .uart_max_port = 8,
+ .max_dma_burst_bytes = 8,
+ .error_tolerance_low_range = -2,
+ .error_tolerance_high_range = 2,
};
static const struct of_device_id tegra_uart_of_match[] = {
@@ -1368,6 +1420,9 @@ static const struct of_device_id tegra_uart_of_match[] = {
}, {
.compatible = "nvidia,tegra186-hsuart",
.data = &tegra186_uart_chip_data,
+ }, {
+ .compatible = "nvidia,tegra194-hsuart",
+ .data = &tegra194_uart_chip_data,
}, {
},
};
--
2.35.1
^ permalink raw reply related [flat|nested] 529+ messages in thread
* [PATCH 4.19 215/521] serial: tegra: Add PIO mode support
2023-01-16 15:44 [PATCH 4.19 000/521] 4.19.270-rc1 review Greg Kroah-Hartman
` (213 preceding siblings ...)
2023-01-16 15:47 ` [PATCH 4.19 214/521] serial: tegra: report clk rate errors Greg Kroah-Hartman
@ 2023-01-16 15:47 ` Greg Kroah-Hartman
2023-01-16 15:47 ` [PATCH 4.19 216/521] tty: serial: tegra: Activate RX DMA transfer by request Greg Kroah-Hartman
` (309 subsequent siblings)
524 siblings, 0 replies; 529+ messages in thread
From: Greg Kroah-Hartman @ 2023-01-16 15:47 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Shardar Shariff Md,
Krishna Yarlagadda, Sasha Levin
From: Krishna Yarlagadda <kyarlagadda@nvidia.com>
[ Upstream commit 1dce2df3ee06e4f10fd9b8919a0f2e90e0ac3188 ]
Add PIO mode support in receive and transmit path with RX interrupt
trigger of 16 bytes for Tegra194 and older chips.
Signed-off-by: Shardar Shariff Md <smohammed@nvidia.com>
Signed-off-by: Krishna Yarlagadda <kyarlagadda@nvidia.com>
Link: https://lore.kernel.org/r/1567572187-29820-13-git-send-email-kyarlagadda@nvidia.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Stable-dep-of: 109a951a9f1f ("serial: tegra: Read DMA status before terminating")
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/tty/serial/serial-tegra.c | 117 ++++++++++++++++++++++--------
1 file changed, 86 insertions(+), 31 deletions(-)
diff --git a/drivers/tty/serial/serial-tegra.c b/drivers/tty/serial/serial-tegra.c
index e11d19742cf6..d6f5d73ba1e8 100644
--- a/drivers/tty/serial/serial-tegra.c
+++ b/drivers/tty/serial/serial-tegra.c
@@ -139,6 +139,8 @@ struct tegra_uart_port {
int n_adjustable_baud_rates;
int required_rate;
int configured_rate;
+ bool use_rx_pio;
+ bool use_tx_pio;
};
static void tegra_uart_start_next_tx(struct tegra_uart_port *tup);
@@ -524,7 +526,7 @@ static void tegra_uart_start_next_tx(struct tegra_uart_port *tup)
if (!count)
return;
- if (count < TEGRA_UART_MIN_DMA)
+ if (tup->use_tx_pio || count < TEGRA_UART_MIN_DMA)
tegra_uart_start_pio_tx(tup, count);
else if (BYTES_TO_ALIGN(tail) > 0)
tegra_uart_start_pio_tx(tup, BYTES_TO_ALIGN(tail));
@@ -746,6 +748,18 @@ static void tegra_uart_handle_modem_signal_change(struct uart_port *u)
uart_handle_cts_change(&tup->uport, msr & UART_MSR_CTS);
}
+static void do_handle_rx_pio(struct tegra_uart_port *tup)
+{
+ struct tty_struct *tty = tty_port_tty_get(&tup->uport.state->port);
+ struct tty_port *port = &tup->uport.state->port;
+
+ tegra_uart_handle_rx_pio(tup, port);
+ if (tty) {
+ tty_flip_buffer_push(port);
+ tty_kref_put(tty);
+ }
+}
+
static irqreturn_t tegra_uart_isr(int irq, void *data)
{
struct tegra_uart_port *tup = data;
@@ -759,7 +773,7 @@ static irqreturn_t tegra_uart_isr(int irq, void *data)
while (1) {
iir = tegra_uart_read(tup, UART_IIR);
if (iir & UART_IIR_NO_INT) {
- if (is_rx_int) {
+ if (!tup->use_rx_pio && is_rx_int) {
tegra_uart_handle_rx_dma(tup);
if (tup->rx_in_progress) {
ier = tup->ier_shadow;
@@ -787,7 +801,7 @@ static irqreturn_t tegra_uart_isr(int irq, void *data)
case 4: /* End of data */
case 6: /* Rx timeout */
case 2: /* Receive */
- if (!is_rx_int) {
+ if (!tup->use_rx_pio && !is_rx_int) {
is_rx_int = true;
/* Disable Rx interrupts */
ier = tup->ier_shadow;
@@ -797,6 +811,8 @@ static irqreturn_t tegra_uart_isr(int irq, void *data)
UART_IER_RTOIE | TEGRA_UART_IER_EORD);
tup->ier_shadow = ier;
tegra_uart_write(tup, ier, UART_IER);
+ } else {
+ do_handle_rx_pio(tup);
}
break;
@@ -815,6 +831,7 @@ static irqreturn_t tegra_uart_isr(int irq, void *data)
static void tegra_uart_stop_rx(struct uart_port *u)
{
struct tegra_uart_port *tup = to_tegra_uport(u);
+ struct tty_port *port = &tup->uport.state->port;
struct dma_tx_state state;
unsigned long ier;
@@ -832,9 +849,13 @@ static void tegra_uart_stop_rx(struct uart_port *u)
tup->ier_shadow = ier;
tegra_uart_write(tup, ier, UART_IER);
tup->rx_in_progress = 0;
- dmaengine_terminate_all(tup->rx_dma_chan);
- dmaengine_tx_status(tup->rx_dma_chan, tup->rx_cookie, &state);
- tegra_uart_rx_buffer_push(tup, state.residue);
+ if (tup->rx_dma_chan && !tup->use_rx_pio) {
+ dmaengine_terminate_all(tup->rx_dma_chan);
+ dmaengine_tx_status(tup->rx_dma_chan, tup->rx_cookie, &state);
+ tegra_uart_rx_buffer_push(tup, state.residue);
+ } else {
+ tegra_uart_handle_rx_pio(tup, port);
+ }
}
static void tegra_uart_hw_deinit(struct tegra_uart_port *tup)
@@ -885,8 +906,10 @@ static void tegra_uart_hw_deinit(struct tegra_uart_port *tup)
tup->rx_in_progress = 0;
tup->tx_in_progress = 0;
- tegra_uart_dma_channel_free(tup, true);
- tegra_uart_dma_channel_free(tup, false);
+ if (!tup->use_rx_pio)
+ tegra_uart_dma_channel_free(tup, true);
+ if (!tup->use_tx_pio)
+ tegra_uart_dma_channel_free(tup, false);
clk_disable_unprepare(tup->uart_clk);
}
@@ -931,10 +954,14 @@ static int tegra_uart_hw_init(struct tegra_uart_port *tup)
*/
tup->fcr_shadow = UART_FCR_ENABLE_FIFO;
- if (tup->cdata->max_dma_burst_bytes == 8)
- tup->fcr_shadow |= UART_FCR_R_TRIG_10;
- else
- tup->fcr_shadow |= UART_FCR_R_TRIG_01;
+ if (tup->use_rx_pio) {
+ tup->fcr_shadow |= UART_FCR_R_TRIG_11;
+ } else {
+ if (tup->cdata->max_dma_burst_bytes == 8)
+ tup->fcr_shadow |= UART_FCR_R_TRIG_10;
+ else
+ tup->fcr_shadow |= UART_FCR_R_TRIG_01;
+ }
tup->fcr_shadow |= TEGRA_UART_TX_TRIG_16B;
tegra_uart_write(tup, tup->fcr_shadow, UART_FCR);
@@ -962,19 +989,23 @@ static int tegra_uart_hw_init(struct tegra_uart_port *tup)
* (115200, N, 8, 1) so that the receive DMA buffer may be
* enqueued
*/
- tup->lcr_shadow = TEGRA_UART_DEFAULT_LSR;
ret = tegra_set_baudrate(tup, TEGRA_UART_DEFAULT_BAUD);
if (ret < 0) {
dev_err(tup->uport.dev, "Failed to set baud rate\n");
return ret;
}
- tup->fcr_shadow |= UART_FCR_DMA_SELECT;
- tegra_uart_write(tup, tup->fcr_shadow, UART_FCR);
+ if (!tup->use_rx_pio) {
+ tup->lcr_shadow = TEGRA_UART_DEFAULT_LSR;
+ tup->fcr_shadow |= UART_FCR_DMA_SELECT;
+ tegra_uart_write(tup, tup->fcr_shadow, UART_FCR);
- ret = tegra_uart_start_rx_dma(tup);
- if (ret < 0) {
- dev_err(tup->uport.dev, "Not able to start Rx DMA\n");
- return ret;
+ ret = tegra_uart_start_rx_dma(tup);
+ if (ret < 0) {
+ dev_err(tup->uport.dev, "Not able to start Rx DMA\n");
+ return ret;
+ }
+ } else {
+ tegra_uart_write(tup, tup->fcr_shadow, UART_FCR);
}
tup->rx_in_progress = 1;
@@ -996,7 +1027,12 @@ static int tegra_uart_hw_init(struct tegra_uart_port *tup)
* both the EORD as well as RX_TIMEOUT - SW sees RX_TIMEOUT first
* then the EORD.
*/
- tup->ier_shadow = UART_IER_RLSI | UART_IER_RTOIE | TEGRA_UART_IER_EORD;
+ if (!tup->use_rx_pio)
+ tup->ier_shadow = UART_IER_RLSI | UART_IER_RTOIE |
+ TEGRA_UART_IER_EORD;
+ else
+ tup->ier_shadow = UART_IER_RLSI | UART_IER_RTOIE | UART_IER_RDI;
+
tegra_uart_write(tup, tup->ier_shadow, UART_IER);
return 0;
}
@@ -1091,16 +1127,22 @@ static int tegra_uart_startup(struct uart_port *u)
struct tegra_uart_port *tup = to_tegra_uport(u);
int ret;
- ret = tegra_uart_dma_channel_allocate(tup, false);
- if (ret < 0) {
- dev_err(u->dev, "Tx Dma allocation failed, err = %d\n", ret);
- return ret;
+ if (!tup->use_tx_pio) {
+ ret = tegra_uart_dma_channel_allocate(tup, false);
+ if (ret < 0) {
+ dev_err(u->dev, "Tx Dma allocation failed, err = %d\n",
+ ret);
+ return ret;
+ }
}
- ret = tegra_uart_dma_channel_allocate(tup, true);
- if (ret < 0) {
- dev_err(u->dev, "Rx Dma allocation failed, err = %d\n", ret);
- goto fail_rx_dma;
+ if (!tup->use_rx_pio) {
+ ret = tegra_uart_dma_channel_allocate(tup, true);
+ if (ret < 0) {
+ dev_err(u->dev, "Rx Dma allocation failed, err = %d\n",
+ ret);
+ goto fail_rx_dma;
+ }
}
ret = tegra_uart_hw_init(tup);
@@ -1118,9 +1160,11 @@ static int tegra_uart_startup(struct uart_port *u)
return 0;
fail_hw_init:
- tegra_uart_dma_channel_free(tup, true);
+ if (!tup->use_rx_pio)
+ tegra_uart_dma_channel_free(tup, true);
fail_rx_dma:
- tegra_uart_dma_channel_free(tup, false);
+ if (!tup->use_tx_pio)
+ tegra_uart_dma_channel_free(tup, false);
return ret;
}
@@ -1317,7 +1361,6 @@ static int tegra_uart_parse_dt(struct platform_device *pdev,
int count;
int n_entries;
-
port = of_alias_get_id(np, "serial");
if (port < 0) {
dev_err(&pdev->dev, "failed to get alias id, errno %d\n", port);
@@ -1327,6 +1370,18 @@ static int tegra_uart_parse_dt(struct platform_device *pdev,
tup->enable_modem_interrupt = of_property_read_bool(np,
"nvidia,enable-modem-interrupt");
+
+ index = of_property_match_string(np, "dma-names", "rx");
+ if (index < 0) {
+ tup->use_rx_pio = true;
+ dev_info(&pdev->dev, "RX in PIO mode\n");
+ }
+ index = of_property_match_string(np, "dma-names", "tx");
+ if (index < 0) {
+ tup->use_tx_pio = true;
+ dev_info(&pdev->dev, "TX in PIO mode\n");
+ }
+
n_entries = of_property_count_u32_elems(np, "nvidia,adjust-baud-rates");
if (n_entries > 0) {
tup->n_adjustable_baud_rates = n_entries / 3;
--
2.35.1
^ permalink raw reply related [flat|nested] 529+ messages in thread
* [PATCH 4.19 216/521] tty: serial: tegra: Activate RX DMA transfer by request
2023-01-16 15:44 [PATCH 4.19 000/521] 4.19.270-rc1 review Greg Kroah-Hartman
` (214 preceding siblings ...)
2023-01-16 15:47 ` [PATCH 4.19 215/521] serial: tegra: Add PIO mode support Greg Kroah-Hartman
@ 2023-01-16 15:47 ` Greg Kroah-Hartman
2023-01-16 15:47 ` [PATCH 4.19 217/521] serial: tegra: Read DMA status before terminating Greg Kroah-Hartman
` (308 subsequent siblings)
524 siblings, 0 replies; 529+ messages in thread
From: Greg Kroah-Hartman @ 2023-01-16 15:47 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Dmitry Osipenko, Sasha Levin
From: Dmitry Osipenko <digetx@gmail.com>
[ Upstream commit d5e3fadb70125c6c41f692cf1c0e626c12e11de1 ]
This allows DMA engine to go into runtime-suspended mode whenever there is
no data to receive, instead of keeping DMA active all the time while TTY
is opened (i.e. permanently active in practice, like in the case of UART
Bluetooth).
Signed-off-by: Dmitry Osipenko <digetx@gmail.com>
Link: https://lore.kernel.org/r/20200112180919.5194-2-digetx@gmail.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Stable-dep-of: 109a951a9f1f ("serial: tegra: Read DMA status before terminating")
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/tty/serial/serial-tegra.c | 78 ++++++++++++++++++-------------
1 file changed, 46 insertions(+), 32 deletions(-)
diff --git a/drivers/tty/serial/serial-tegra.c b/drivers/tty/serial/serial-tegra.c
index d6f5d73ba1e8..1d957144117e 100644
--- a/drivers/tty/serial/serial-tegra.c
+++ b/drivers/tty/serial/serial-tegra.c
@@ -141,6 +141,7 @@ struct tegra_uart_port {
int configured_rate;
bool use_rx_pio;
bool use_tx_pio;
+ bool rx_dma_active;
};
static void tegra_uart_start_next_tx(struct tegra_uart_port *tup);
@@ -677,6 +678,7 @@ static void tegra_uart_rx_dma_complete(void *args)
if (tup->rts_active)
set_rts(tup, false);
+ tup->rx_dma_active = false;
tegra_uart_rx_buffer_push(tup, 0);
tegra_uart_start_rx_dma(tup);
@@ -688,18 +690,27 @@ static void tegra_uart_rx_dma_complete(void *args)
spin_unlock_irqrestore(&u->lock, flags);
}
-static void tegra_uart_handle_rx_dma(struct tegra_uart_port *tup)
+static void tegra_uart_terminate_rx_dma(struct tegra_uart_port *tup)
{
struct dma_tx_state state;
- /* Deactivate flow control to stop sender */
- if (tup->rts_active)
- set_rts(tup, false);
+ if (!tup->rx_dma_active)
+ return;
dmaengine_terminate_all(tup->rx_dma_chan);
dmaengine_tx_status(tup->rx_dma_chan, tup->rx_cookie, &state);
+
tegra_uart_rx_buffer_push(tup, state.residue);
- tegra_uart_start_rx_dma(tup);
+ tup->rx_dma_active = false;
+}
+
+static void tegra_uart_handle_rx_dma(struct tegra_uart_port *tup)
+{
+ /* Deactivate flow control to stop sender */
+ if (tup->rts_active)
+ set_rts(tup, false);
+
+ tegra_uart_terminate_rx_dma(tup);
if (tup->rts_active)
set_rts(tup, true);
@@ -709,6 +720,9 @@ static int tegra_uart_start_rx_dma(struct tegra_uart_port *tup)
{
unsigned int count = TEGRA_UART_RX_DMA_BUFFER_SIZE;
+ if (tup->rx_dma_active)
+ return 0;
+
tup->rx_dma_desc = dmaengine_prep_slave_single(tup->rx_dma_chan,
tup->rx_dma_buf_phys, count, DMA_DEV_TO_MEM,
DMA_PREP_INTERRUPT);
@@ -717,6 +731,7 @@ static int tegra_uart_start_rx_dma(struct tegra_uart_port *tup)
return -EIO;
}
+ tup->rx_dma_active = true;
tup->rx_dma_desc->callback = tegra_uart_rx_dma_complete;
tup->rx_dma_desc->callback_param = tup;
dma_sync_single_for_device(tup->uport.dev, tup->rx_dma_buf_phys,
@@ -766,6 +781,7 @@ static irqreturn_t tegra_uart_isr(int irq, void *data)
struct uart_port *u = &tup->uport;
unsigned long iir;
unsigned long ier;
+ bool is_rx_start = false;
bool is_rx_int = false;
unsigned long flags;
@@ -778,10 +794,12 @@ static irqreturn_t tegra_uart_isr(int irq, void *data)
if (tup->rx_in_progress) {
ier = tup->ier_shadow;
ier |= (UART_IER_RLSI | UART_IER_RTOIE |
- TEGRA_UART_IER_EORD);
+ TEGRA_UART_IER_EORD | UART_IER_RDI);
tup->ier_shadow = ier;
tegra_uart_write(tup, ier, UART_IER);
}
+ } else if (is_rx_start) {
+ tegra_uart_start_rx_dma(tup);
}
spin_unlock_irqrestore(&u->lock, flags);
return IRQ_HANDLED;
@@ -800,17 +818,23 @@ static irqreturn_t tegra_uart_isr(int irq, void *data)
case 4: /* End of data */
case 6: /* Rx timeout */
- case 2: /* Receive */
- if (!tup->use_rx_pio && !is_rx_int) {
- is_rx_int = true;
+ if (!tup->use_rx_pio) {
+ is_rx_int = tup->rx_in_progress;
/* Disable Rx interrupts */
ier = tup->ier_shadow;
- ier |= UART_IER_RDI;
- tegra_uart_write(tup, ier, UART_IER);
ier &= ~(UART_IER_RDI | UART_IER_RLSI |
UART_IER_RTOIE | TEGRA_UART_IER_EORD);
tup->ier_shadow = ier;
tegra_uart_write(tup, ier, UART_IER);
+ break;
+ }
+ /* Fall through */
+ case 2: /* Receive */
+ if (!tup->use_rx_pio) {
+ is_rx_start = tup->rx_in_progress;
+ tup->ier_shadow &= ~UART_IER_RDI;
+ tegra_uart_write(tup, tup->ier_shadow,
+ UART_IER);
} else {
do_handle_rx_pio(tup);
}
@@ -832,7 +856,6 @@ static void tegra_uart_stop_rx(struct uart_port *u)
{
struct tegra_uart_port *tup = to_tegra_uport(u);
struct tty_port *port = &tup->uport.state->port;
- struct dma_tx_state state;
unsigned long ier;
if (tup->rts_active)
@@ -849,13 +872,11 @@ static void tegra_uart_stop_rx(struct uart_port *u)
tup->ier_shadow = ier;
tegra_uart_write(tup, ier, UART_IER);
tup->rx_in_progress = 0;
- if (tup->rx_dma_chan && !tup->use_rx_pio) {
- dmaengine_terminate_all(tup->rx_dma_chan);
- dmaengine_tx_status(tup->rx_dma_chan, tup->rx_cookie, &state);
- tegra_uart_rx_buffer_push(tup, state.residue);
- } else {
+
+ if (!tup->use_rx_pio)
+ tegra_uart_terminate_rx_dma(tup);
+ else
tegra_uart_handle_rx_pio(tup, port);
- }
}
static void tegra_uart_hw_deinit(struct tegra_uart_port *tup)
@@ -998,12 +1019,6 @@ static int tegra_uart_hw_init(struct tegra_uart_port *tup)
tup->lcr_shadow = TEGRA_UART_DEFAULT_LSR;
tup->fcr_shadow |= UART_FCR_DMA_SELECT;
tegra_uart_write(tup, tup->fcr_shadow, UART_FCR);
-
- ret = tegra_uart_start_rx_dma(tup);
- if (ret < 0) {
- dev_err(tup->uport.dev, "Not able to start Rx DMA\n");
- return ret;
- }
} else {
tegra_uart_write(tup, tup->fcr_shadow, UART_FCR);
}
@@ -1013,10 +1028,6 @@ static int tegra_uart_hw_init(struct tegra_uart_port *tup)
* Enable IE_RXS for the receive status interrupts like line errros.
* Enable IE_RX_TIMEOUT to get the bytes which cannot be DMA'd.
*
- * If using DMA mode, enable EORD instead of receive interrupt which
- * will interrupt after the UART is done with the receive instead of
- * the interrupt when the FIFO "threshold" is reached.
- *
* EORD is different interrupt than RX_TIMEOUT - RX_TIMEOUT occurs when
* the DATA is sitting in the FIFO and couldn't be transferred to the
* DMA as the DMA size alignment(4 bytes) is not met. EORD will be
@@ -1027,11 +1038,14 @@ static int tegra_uart_hw_init(struct tegra_uart_port *tup)
* both the EORD as well as RX_TIMEOUT - SW sees RX_TIMEOUT first
* then the EORD.
*/
+ tup->ier_shadow = UART_IER_RLSI | UART_IER_RTOIE | UART_IER_RDI;
+
+ /*
+ * If using DMA mode, enable EORD interrupt to notify about RX
+ * completion.
+ */
if (!tup->use_rx_pio)
- tup->ier_shadow = UART_IER_RLSI | UART_IER_RTOIE |
- TEGRA_UART_IER_EORD;
- else
- tup->ier_shadow = UART_IER_RLSI | UART_IER_RTOIE | UART_IER_RDI;
+ tup->ier_shadow |= TEGRA_UART_IER_EORD;
tegra_uart_write(tup, tup->ier_shadow, UART_IER);
return 0;
--
2.35.1
^ permalink raw reply related [flat|nested] 529+ messages in thread
* [PATCH 4.19 217/521] serial: tegra: Read DMA status before terminating
2023-01-16 15:44 [PATCH 4.19 000/521] 4.19.270-rc1 review Greg Kroah-Hartman
` (215 preceding siblings ...)
2023-01-16 15:47 ` [PATCH 4.19 216/521] tty: serial: tegra: Activate RX DMA transfer by request Greg Kroah-Hartman
@ 2023-01-16 15:47 ` Greg Kroah-Hartman
2023-01-16 15:48 ` [PATCH 4.19 218/521] class: fix possible memory leak in __class_register() Greg Kroah-Hartman
` (307 subsequent siblings)
524 siblings, 0 replies; 529+ messages in thread
From: Greg Kroah-Hartman @ 2023-01-16 15:47 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Jon Hunter, Ilpo Järvinen,
Thierry Reding, Akhil R, Kartik, Sasha Levin
From: Kartik <kkartik@nvidia.com>
[ Upstream commit 109a951a9f1fd8a34ebd1896cbbd5d5cede880a7 ]
Read the DMA status before terminating the DMA, as doing so deletes
the DMA desc.
Also, to get the correct transfer status information, pause the DMA
using dmaengine_pause() before reading the DMA status.
Fixes: e9ea096dd225 ("serial: tegra: add serial driver")
Reviewed-by: Jon Hunter <jonathanh@nvidia.com>
Reviewed-by: Ilpo Järvinen <ilpo.jarvinen@linux.intel.com>
Acked-by: Thierry Reding <treding@nvidia.com>
Signed-off-by: Akhil R <akhilrajeev@nvidia.com>
Signed-off-by: Kartik <kkartik@nvidia.com>
Link: https://lore.kernel.org/r/1666105086-17326-1-git-send-email-kkartik@nvidia.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/tty/serial/serial-tegra.c | 6 ++++--
1 file changed, 4 insertions(+), 2 deletions(-)
diff --git a/drivers/tty/serial/serial-tegra.c b/drivers/tty/serial/serial-tegra.c
index 1d957144117e..cc613240a351 100644
--- a/drivers/tty/serial/serial-tegra.c
+++ b/drivers/tty/serial/serial-tegra.c
@@ -570,8 +570,9 @@ static void tegra_uart_stop_tx(struct uart_port *u)
if (tup->tx_in_progress != TEGRA_UART_TX_DMA)
return;
- dmaengine_terminate_all(tup->tx_dma_chan);
+ dmaengine_pause(tup->tx_dma_chan);
dmaengine_tx_status(tup->tx_dma_chan, tup->tx_cookie, &state);
+ dmaengine_terminate_all(tup->tx_dma_chan);
count = tup->tx_bytes_requested - state.residue;
async_tx_ack(tup->tx_dma_desc);
uart_xmit_advance(&tup->uport, count);
@@ -697,8 +698,9 @@ static void tegra_uart_terminate_rx_dma(struct tegra_uart_port *tup)
if (!tup->rx_dma_active)
return;
- dmaengine_terminate_all(tup->rx_dma_chan);
+ dmaengine_pause(tup->rx_dma_chan);
dmaengine_tx_status(tup->rx_dma_chan, tup->rx_cookie, &state);
+ dmaengine_terminate_all(tup->rx_dma_chan);
tegra_uart_rx_buffer_push(tup, state.residue);
tup->rx_dma_active = false;
--
2.35.1
^ permalink raw reply related [flat|nested] 529+ messages in thread
* [PATCH 4.19 218/521] class: fix possible memory leak in __class_register()
2023-01-16 15:44 [PATCH 4.19 000/521] 4.19.270-rc1 review Greg Kroah-Hartman
` (216 preceding siblings ...)
2023-01-16 15:47 ` [PATCH 4.19 217/521] serial: tegra: Read DMA status before terminating Greg Kroah-Hartman
@ 2023-01-16 15:48 ` Greg Kroah-Hartman
2023-01-16 15:48 ` [PATCH 4.19 219/521] vfio: platform: Do not pass return buffer to ACPI _RST method Greg Kroah-Hartman
` (306 subsequent siblings)
524 siblings, 0 replies; 529+ messages in thread
From: Greg Kroah-Hartman @ 2023-01-16 15:48 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Yang Yingliang, Sasha Levin
From: Yang Yingliang <yangyingliang@huawei.com>
[ Upstream commit 8c3e8a6bdb5253b97ad532570f8b5db5f7a06407 ]
If class_add_groups() returns error, the 'cp->subsys' need be
unregister, and the 'cp' need be freed.
We can not call kset_unregister() here, because the 'cls' will
be freed in callback function class_release() and it's also
freed in caller's error path, it will cause double free.
So fix this by calling kobject_del() and kfree_const(name) to
cleanup kobject. Besides, call kfree() to free the 'cp'.
Fault injection test can trigger this:
unreferenced object 0xffff888102fa8190 (size 8):
comm "modprobe", pid 502, jiffies 4294906074 (age 49.296s)
hex dump (first 8 bytes):
70 6b 74 63 64 76 64 00 pktcdvd.
backtrace:
[<00000000e7c7703d>] __kmalloc_track_caller+0x1ae/0x320
[<000000005e4d70bc>] kstrdup+0x3a/0x70
[<00000000c2e5e85a>] kstrdup_const+0x68/0x80
[<000000000049a8c7>] kvasprintf_const+0x10b/0x190
[<0000000029123163>] kobject_set_name_vargs+0x56/0x150
[<00000000747219c9>] kobject_set_name+0xab/0xe0
[<0000000005f1ea4e>] __class_register+0x15c/0x49a
unreferenced object 0xffff888037274000 (size 1024):
comm "modprobe", pid 502, jiffies 4294906074 (age 49.296s)
hex dump (first 32 bytes):
00 40 27 37 80 88 ff ff 00 40 27 37 80 88 ff ff .@'7.....@'7....
00 00 00 00 ad 4e ad de ff ff ff ff 00 00 00 00 .....N..........
backtrace:
[<00000000151f9600>] kmem_cache_alloc_trace+0x17c/0x2f0
[<00000000ecf3dd95>] __class_register+0x86/0x49a
Fixes: ced6473e7486 ("driver core: class: add class_groups support")
Signed-off-by: Yang Yingliang <yangyingliang@huawei.com>
Link: https://lore.kernel.org/r/20221026082803.3458760-1-yangyingliang@huawei.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/base/class.c | 5 +++++
1 file changed, 5 insertions(+)
diff --git a/drivers/base/class.c b/drivers/base/class.c
index 54def4e02f00..d36cdbeaa2c8 100644
--- a/drivers/base/class.c
+++ b/drivers/base/class.c
@@ -185,6 +185,11 @@ int __class_register(struct class *cls, struct lock_class_key *key)
}
error = class_add_groups(class_get(cls), cls->class_groups);
class_put(cls);
+ if (error) {
+ kobject_del(&cp->subsys.kobj);
+ kfree_const(cp->subsys.kobj.name);
+ kfree(cp);
+ }
return error;
}
EXPORT_SYMBOL_GPL(__class_register);
--
2.35.1
^ permalink raw reply related [flat|nested] 529+ messages in thread
* [PATCH 4.19 219/521] vfio: platform: Do not pass return buffer to ACPI _RST method
2023-01-16 15:44 [PATCH 4.19 000/521] 4.19.270-rc1 review Greg Kroah-Hartman
` (217 preceding siblings ...)
2023-01-16 15:48 ` [PATCH 4.19 218/521] class: fix possible memory leak in __class_register() Greg Kroah-Hartman
@ 2023-01-16 15:48 ` Greg Kroah-Hartman
2023-01-16 15:48 ` [PATCH 4.19 220/521] uio: uio_dmem_genirq: Fix missing unlock in irq configuration Greg Kroah-Hartman
` (305 subsequent siblings)
524 siblings, 0 replies; 529+ messages in thread
From: Greg Kroah-Hartman @ 2023-01-16 15:48 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Rafael Mendonca, Eric Auger,
Alex Williamson, Sasha Levin
From: Rafael Mendonca <rafaelmendsr@gmail.com>
[ Upstream commit e67e070632a665c932d534b8b800477bb3111449 ]
The ACPI _RST method has no return value, there's no need to pass a return
buffer to acpi_evaluate_object().
Fixes: d30daa33ec1d ("vfio: platform: call _RST method when using ACPI")
Signed-off-by: Rafael Mendonca <rafaelmendsr@gmail.com>
Reviewed-by: Eric Auger <eric.auger@redhat.com>
Link: https://lore.kernel.org/r/20221018152825.891032-1-rafaelmendsr@gmail.com
Signed-off-by: Alex Williamson <alex.williamson@redhat.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/vfio/platform/vfio_platform_common.c | 3 +--
1 file changed, 1 insertion(+), 2 deletions(-)
diff --git a/drivers/vfio/platform/vfio_platform_common.c b/drivers/vfio/platform/vfio_platform_common.c
index c29fc6844f84..d8bb6537c688 100644
--- a/drivers/vfio/platform/vfio_platform_common.c
+++ b/drivers/vfio/platform/vfio_platform_common.c
@@ -78,12 +78,11 @@ static int vfio_platform_acpi_call_reset(struct vfio_platform_device *vdev,
const char **extra_dbg)
{
#ifdef CONFIG_ACPI
- struct acpi_buffer buffer = { ACPI_ALLOCATE_BUFFER, NULL };
struct device *dev = vdev->device;
acpi_handle handle = ACPI_HANDLE(dev);
acpi_status acpi_ret;
- acpi_ret = acpi_evaluate_object(handle, "_RST", NULL, &buffer);
+ acpi_ret = acpi_evaluate_object(handle, "_RST", NULL, NULL);
if (ACPI_FAILURE(acpi_ret)) {
if (extra_dbg)
*extra_dbg = acpi_format_exception(acpi_ret);
--
2.35.1
^ permalink raw reply related [flat|nested] 529+ messages in thread
* [PATCH 4.19 220/521] uio: uio_dmem_genirq: Fix missing unlock in irq configuration
2023-01-16 15:44 [PATCH 4.19 000/521] 4.19.270-rc1 review Greg Kroah-Hartman
` (218 preceding siblings ...)
2023-01-16 15:48 ` [PATCH 4.19 219/521] vfio: platform: Do not pass return buffer to ACPI _RST method Greg Kroah-Hartman
@ 2023-01-16 15:48 ` Greg Kroah-Hartman
2023-01-16 15:48 ` [PATCH 4.19 221/521] uio: uio_dmem_genirq: Fix deadlock between irq config and handling Greg Kroah-Hartman
` (304 subsequent siblings)
524 siblings, 0 replies; 529+ messages in thread
From: Greg Kroah-Hartman @ 2023-01-16 15:48 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Rafael Mendonca, Sasha Levin
From: Rafael Mendonca <rafaelmendsr@gmail.com>
[ Upstream commit 9de255c461d1b3f0242b3ad1450c3323a3e00b34 ]
Commit b74351287d4b ("uio: fix a sleep-in-atomic-context bug in
uio_dmem_genirq_irqcontrol()") started calling disable_irq() without
holding the spinlock because it can sleep. However, that fix introduced
another bug: if interrupt is already disabled and a new disable request
comes in, then the spinlock is not unlocked:
root@localhost:~# printf '\x00\x00\x00\x00' > /dev/uio0
root@localhost:~# printf '\x00\x00\x00\x00' > /dev/uio0
root@localhost:~# [ 14.851538] BUG: scheduling while atomic: bash/223/0x00000002
[ 14.851991] Modules linked in: uio_dmem_genirq uio myfpga(OE) bochs drm_vram_helper drm_ttm_helper ttm drm_kms_helper drm snd_pcm ppdev joydev psmouse snd_timer snd e1000fb_sys_fops syscopyarea parport sysfillrect soundcore sysimgblt input_leds pcspkr i2c_piix4 serio_raw floppy evbug qemu_fw_cfg mac_hid pata_acpi ip_tables x_tables autofs4 [last unloaded: parport_pc]
[ 14.854206] CPU: 0 PID: 223 Comm: bash Tainted: G OE 6.0.0-rc7 #21
[ 14.854786] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.16.0-0-gd239552ce722-prebuilt.qemu.org 04/01/2014
[ 14.855664] Call Trace:
[ 14.855861] <TASK>
[ 14.856025] dump_stack_lvl+0x4d/0x67
[ 14.856325] dump_stack+0x14/0x1a
[ 14.856583] __schedule_bug.cold+0x4b/0x5c
[ 14.856915] __schedule+0xe81/0x13d0
[ 14.857199] ? idr_find+0x13/0x20
[ 14.857456] ? get_work_pool+0x2d/0x50
[ 14.857756] ? __flush_work+0x233/0x280
[ 14.858068] ? __schedule+0xa95/0x13d0
[ 14.858307] ? idr_find+0x13/0x20
[ 14.858519] ? get_work_pool+0x2d/0x50
[ 14.858798] schedule+0x6c/0x100
[ 14.859009] schedule_hrtimeout_range_clock+0xff/0x110
[ 14.859335] ? tty_write_room+0x1f/0x30
[ 14.859598] ? n_tty_poll+0x1ec/0x220
[ 14.859830] ? tty_ldisc_deref+0x1a/0x20
[ 14.860090] schedule_hrtimeout_range+0x17/0x20
[ 14.860373] do_select+0x596/0x840
[ 14.860627] ? __kernel_text_address+0x16/0x50
[ 14.860954] ? poll_freewait+0xb0/0xb0
[ 14.861235] ? poll_freewait+0xb0/0xb0
[ 14.861517] ? rpm_resume+0x49d/0x780
[ 14.861798] ? common_interrupt+0x59/0xa0
[ 14.862127] ? asm_common_interrupt+0x2b/0x40
[ 14.862511] ? __uart_start.isra.0+0x61/0x70
[ 14.862902] ? __check_object_size+0x61/0x280
[ 14.863255] core_sys_select+0x1c6/0x400
[ 14.863575] ? vfs_write+0x1c9/0x3d0
[ 14.863853] ? vfs_write+0x1c9/0x3d0
[ 14.864121] ? _copy_from_user+0x45/0x70
[ 14.864526] do_pselect.constprop.0+0xb3/0xf0
[ 14.864893] ? do_syscall_64+0x6d/0x90
[ 14.865228] ? do_syscall_64+0x6d/0x90
[ 14.865556] __x64_sys_pselect6+0x76/0xa0
[ 14.865906] do_syscall_64+0x60/0x90
[ 14.866214] ? syscall_exit_to_user_mode+0x2a/0x50
[ 14.866640] ? do_syscall_64+0x6d/0x90
[ 14.866972] ? do_syscall_64+0x6d/0x90
[ 14.867286] ? do_syscall_64+0x6d/0x90
[ 14.867626] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[...] stripped
[ 14.872959] </TASK>
('myfpga' is a simple 'uio_dmem_genirq' driver I wrote to test this)
The implementation of "uio_dmem_genirq" was based on "uio_pdrv_genirq" and
it is used in a similar manner to the "uio_pdrv_genirq" driver with respect
to interrupt configuration and handling. At the time "uio_dmem_genirq" was
introduced, both had the same implementation of the 'uio_info' handlers
irqcontrol() and handler(). Then commit 34cb27528398 ("UIO: Fix concurrency
issue"), which was only applied to "uio_pdrv_genirq", ended up making them
a little different. That commit, among other things, changed disable_irq()
to disable_irq_nosync() in the implementation of irqcontrol(). The
motivation there was to avoid a deadlock between irqcontrol() and
handler(), since it added a spinlock in the irq handler, and disable_irq()
waits for the completion of the irq handler.
By changing disable_irq() to disable_irq_nosync() in irqcontrol(), we also
avoid the sleeping-while-atomic bug that commit b74351287d4b ("uio: fix a
sleep-in-atomic-context bug in uio_dmem_genirq_irqcontrol()") was trying to
fix. Thus, this fixes the missing unlock in irqcontrol() by importing the
implementation of irqcontrol() handler from the "uio_pdrv_genirq" driver.
In the end, it reverts commit b74351287d4b ("uio: fix a
sleep-in-atomic-context bug in uio_dmem_genirq_irqcontrol()") and change
disable_irq() to disable_irq_nosync().
It is worth noting that this still does not address the concurrency issue
fixed by commit 34cb27528398 ("UIO: Fix concurrency issue"). It will be
addressed separately in the next commits.
Split out from commit 34cb27528398 ("UIO: Fix concurrency issue").
Fixes: b74351287d4b ("uio: fix a sleep-in-atomic-context bug in uio_dmem_genirq_irqcontrol()")
Signed-off-by: Rafael Mendonca <rafaelmendsr@gmail.com>
Link: https://lore.kernel.org/r/20220930224100.816175-2-rafaelmendsr@gmail.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/uio/uio_dmem_genirq.c | 8 +++-----
1 file changed, 3 insertions(+), 5 deletions(-)
diff --git a/drivers/uio/uio_dmem_genirq.c b/drivers/uio/uio_dmem_genirq.c
index a00b4aee6c79..c25a6bcb2d21 100644
--- a/drivers/uio/uio_dmem_genirq.c
+++ b/drivers/uio/uio_dmem_genirq.c
@@ -135,13 +135,11 @@ static int uio_dmem_genirq_irqcontrol(struct uio_info *dev_info, s32 irq_on)
if (irq_on) {
if (test_and_clear_bit(0, &priv->flags))
enable_irq(dev_info->irq);
- spin_unlock_irqrestore(&priv->lock, flags);
} else {
- if (!test_and_set_bit(0, &priv->flags)) {
- spin_unlock_irqrestore(&priv->lock, flags);
- disable_irq(dev_info->irq);
- }
+ if (!test_and_set_bit(0, &priv->flags))
+ disable_irq_nosync(dev_info->irq);
}
+ spin_unlock_irqrestore(&priv->lock, flags);
return 0;
}
--
2.35.1
^ permalink raw reply related [flat|nested] 529+ messages in thread
* [PATCH 4.19 221/521] uio: uio_dmem_genirq: Fix deadlock between irq config and handling
2023-01-16 15:44 [PATCH 4.19 000/521] 4.19.270-rc1 review Greg Kroah-Hartman
` (219 preceding siblings ...)
2023-01-16 15:48 ` [PATCH 4.19 220/521] uio: uio_dmem_genirq: Fix missing unlock in irq configuration Greg Kroah-Hartman
@ 2023-01-16 15:48 ` Greg Kroah-Hartman
2023-01-16 15:48 ` [PATCH 4.19 222/521] usb: fotg210-udc: Fix ages old endianness issues Greg Kroah-Hartman
` (303 subsequent siblings)
524 siblings, 0 replies; 529+ messages in thread
From: Greg Kroah-Hartman @ 2023-01-16 15:48 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Rafael Mendonca, Sasha Levin
From: Rafael Mendonca <rafaelmendsr@gmail.com>
[ Upstream commit 118b918018175d9fcd8db667f905012e986cc2c9 ]
This fixes a concurrency issue addressed in commit 34cb27528398 ("UIO: Fix
concurrency issue"):
"In a SMP case there was a race condition issue between
Uio_pdrv_genirq_irqcontrol() running on one CPU and irq handler on
another CPU. Fix it by spin_locking shared resources access inside irq
handler."
The implementation of "uio_dmem_genirq" was based on "uio_pdrv_genirq" and
it is used in a similar manner to the "uio_pdrv_genirq" driver with respect
to interrupt configuration and handling. At the time "uio_dmem_genirq" was
merged, both had the same implementation of the 'uio_info' handlers
irqcontrol() and handler(), thus, both had the same concurrency issue
mentioned by the above commit. However, the above patch was only applied to
the "uio_pdrv_genirq" driver.
Split out from commit 34cb27528398 ("UIO: Fix concurrency issue").
Fixes: 0a0c3b5a24bd ("Add new uio device for dynamic memory allocation")
Signed-off-by: Rafael Mendonca <rafaelmendsr@gmail.com>
Link: https://lore.kernel.org/r/20220930224100.816175-3-rafaelmendsr@gmail.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/uio/uio_dmem_genirq.c | 5 ++++-
1 file changed, 4 insertions(+), 1 deletion(-)
diff --git a/drivers/uio/uio_dmem_genirq.c b/drivers/uio/uio_dmem_genirq.c
index c25a6bcb2d21..b4b7fa05b29b 100644
--- a/drivers/uio/uio_dmem_genirq.c
+++ b/drivers/uio/uio_dmem_genirq.c
@@ -113,8 +113,10 @@ static irqreturn_t uio_dmem_genirq_handler(int irq, struct uio_info *dev_info)
* remember the state so we can allow user space to enable it later.
*/
+ spin_lock(&priv->lock);
if (!test_and_set_bit(0, &priv->flags))
disable_irq_nosync(irq);
+ spin_unlock(&priv->lock);
return IRQ_HANDLED;
}
@@ -128,7 +130,8 @@ static int uio_dmem_genirq_irqcontrol(struct uio_info *dev_info, s32 irq_on)
* in the interrupt controller, but keep track of the
* state to prevent per-irq depth damage.
*
- * Serialize this operation to support multiple tasks.
+ * Serialize this operation to support multiple tasks and concurrency
+ * with irq handler on SMP systems.
*/
spin_lock_irqsave(&priv->lock, flags);
--
2.35.1
^ permalink raw reply related [flat|nested] 529+ messages in thread
* [PATCH 4.19 222/521] usb: fotg210-udc: Fix ages old endianness issues
2023-01-16 15:44 [PATCH 4.19 000/521] 4.19.270-rc1 review Greg Kroah-Hartman
` (220 preceding siblings ...)
2023-01-16 15:48 ` [PATCH 4.19 221/521] uio: uio_dmem_genirq: Fix deadlock between irq config and handling Greg Kroah-Hartman
@ 2023-01-16 15:48 ` Greg Kroah-Hartman
2023-01-16 15:48 ` [PATCH 4.19 223/521] staging: vme_user: Fix possible UAF in tsi148_dma_list_add Greg Kroah-Hartman
` (302 subsequent siblings)
524 siblings, 0 replies; 529+ messages in thread
From: Greg Kroah-Hartman @ 2023-01-16 15:48 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, kernel test robot, Linus Walleij,
Sasha Levin
From: Linus Walleij <linus.walleij@linaro.org>
[ Upstream commit 46ed6026ca2181c917c8334a82e3eaf40a6234dd ]
The code in the FOTG210 driver isn't entirely endianness-agnostic
as reported by the kernel robot sparse testing. This came to
the surface while moving the files around.
The driver is only used on little-endian systems, so this causes
no real-world regression, but it is nice to be strict and have
some compile coverage also on big endian machines, so fix it
up with the right LE accessors.
Fixes: b84a8dee23fd ("usb: gadget: add Faraday fotg210_udc driver")
Reported-by: kernel test robot <lkp@intel.com>
Link: https://lore.kernel.org/linux-usb/202211110910.0dJ7nZCn-lkp@intel.com/
Signed-off-by: Linus Walleij <linus.walleij@linaro.org>
Link: https://lore.kernel.org/r/20221111090317.94228-1-linus.walleij@linaro.org
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/usb/gadget/udc/fotg210-udc.c | 12 ++++++------
1 file changed, 6 insertions(+), 6 deletions(-)
diff --git a/drivers/usb/gadget/udc/fotg210-udc.c b/drivers/usb/gadget/udc/fotg210-udc.c
index 785822ecc3f1..74c93fa7439c 100644
--- a/drivers/usb/gadget/udc/fotg210-udc.c
+++ b/drivers/usb/gadget/udc/fotg210-udc.c
@@ -633,10 +633,10 @@ static void fotg210_request_error(struct fotg210_udc *fotg210)
static void fotg210_set_address(struct fotg210_udc *fotg210,
struct usb_ctrlrequest *ctrl)
{
- if (ctrl->wValue >= 0x0100) {
+ if (le16_to_cpu(ctrl->wValue) >= 0x0100) {
fotg210_request_error(fotg210);
} else {
- fotg210_set_dev_addr(fotg210, ctrl->wValue);
+ fotg210_set_dev_addr(fotg210, le16_to_cpu(ctrl->wValue));
fotg210_set_cxdone(fotg210);
}
}
@@ -717,17 +717,17 @@ static void fotg210_get_status(struct fotg210_udc *fotg210,
switch (ctrl->bRequestType & USB_RECIP_MASK) {
case USB_RECIP_DEVICE:
- fotg210->ep0_data = 1 << USB_DEVICE_SELF_POWERED;
+ fotg210->ep0_data = cpu_to_le16(1 << USB_DEVICE_SELF_POWERED);
break;
case USB_RECIP_INTERFACE:
- fotg210->ep0_data = 0;
+ fotg210->ep0_data = cpu_to_le16(0);
break;
case USB_RECIP_ENDPOINT:
epnum = ctrl->wIndex & USB_ENDPOINT_NUMBER_MASK;
if (epnum)
fotg210->ep0_data =
- fotg210_is_epnstall(fotg210->ep[epnum])
- << USB_ENDPOINT_HALT;
+ cpu_to_le16(fotg210_is_epnstall(fotg210->ep[epnum])
+ << USB_ENDPOINT_HALT);
else
fotg210_request_error(fotg210);
break;
--
2.35.1
^ permalink raw reply related [flat|nested] 529+ messages in thread
* [PATCH 4.19 223/521] staging: vme_user: Fix possible UAF in tsi148_dma_list_add
2023-01-16 15:44 [PATCH 4.19 000/521] 4.19.270-rc1 review Greg Kroah-Hartman
` (221 preceding siblings ...)
2023-01-16 15:48 ` [PATCH 4.19 222/521] usb: fotg210-udc: Fix ages old endianness issues Greg Kroah-Hartman
@ 2023-01-16 15:48 ` Greg Kroah-Hartman
2023-01-16 15:48 ` [PATCH 4.19 224/521] usb: typec: Check for ops->exit instead of ops->enter in altmode_exit Greg Kroah-Hartman
` (301 subsequent siblings)
524 siblings, 0 replies; 529+ messages in thread
From: Greg Kroah-Hartman @ 2023-01-16 15:48 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Gaosheng Cui, Sasha Levin
From: Gaosheng Cui <cuigaosheng1@huawei.com>
[ Upstream commit 357057ee55d3c99a5de5abe8150f7bca04f8e53b ]
Smatch report warning as follows:
drivers/staging/vme_user/vme_tsi148.c:1757 tsi148_dma_list_add() warn:
'&entry->list' not removed from list
In tsi148_dma_list_add(), the error path "goto err_dma" will not
remove entry->list from list->entries, but entry will be freed,
then list traversal may cause UAF.
Fix by removeing it from list->entries before free().
Fixes: b2383c90a9d6 ("vme: tsi148: fix first DMA item mapping")
Signed-off-by: Gaosheng Cui <cuigaosheng1@huawei.com>
Link: https://lore.kernel.org/r/20221117035914.2954454-1-cuigaosheng1@huawei.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/vme/bridges/vme_tsi148.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/drivers/vme/bridges/vme_tsi148.c b/drivers/vme/bridges/vme_tsi148.c
index 647d231d4422..b1be12dc61eb 100644
--- a/drivers/vme/bridges/vme_tsi148.c
+++ b/drivers/vme/bridges/vme_tsi148.c
@@ -1775,6 +1775,7 @@ static int tsi148_dma_list_add(struct vme_dma_list *list,
return 0;
err_dma:
+ list_del(&entry->list);
err_dest:
err_source:
err_align:
--
2.35.1
^ permalink raw reply related [flat|nested] 529+ messages in thread
* [PATCH 4.19 224/521] usb: typec: Check for ops->exit instead of ops->enter in altmode_exit
2023-01-16 15:44 [PATCH 4.19 000/521] 4.19.270-rc1 review Greg Kroah-Hartman
` (222 preceding siblings ...)
2023-01-16 15:48 ` [PATCH 4.19 223/521] staging: vme_user: Fix possible UAF in tsi148_dma_list_add Greg Kroah-Hartman
@ 2023-01-16 15:48 ` Greg Kroah-Hartman
2023-01-16 15:48 ` [PATCH 4.19 225/521] serial: amba-pl011: avoid SBSA UART accessing DMACR register Greg Kroah-Hartman
` (300 subsequent siblings)
524 siblings, 0 replies; 529+ messages in thread
From: Greg Kroah-Hartman @ 2023-01-16 15:48 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Sven Peter, Heikki Krogerus, Sasha Levin
From: Sven Peter <sven@svenpeter.dev>
[ Upstream commit b6ddd180e3d9f92c1e482b3cdeec7dda086b1341 ]
typec_altmode_exit checks if ops->enter is not NULL but then calls
ops->exit a few lines below. Fix that and check for the function
pointer it's about to call instead.
Fixes: 8a37d87d72f0 ("usb: typec: Bus type for alternate modes")
Signed-off-by: Sven Peter <sven@svenpeter.dev>
Reviewed-by: Heikki Krogerus <heikki.krogerus@linux.intel.com>
Link: https://lore.kernel.org/r/20221114165924.33487-1-sven@svenpeter.dev
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/usb/typec/bus.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/usb/typec/bus.c b/drivers/usb/typec/bus.c
index 76299b6ff06d..7605963f71ed 100644
--- a/drivers/usb/typec/bus.c
+++ b/drivers/usb/typec/bus.c
@@ -126,7 +126,7 @@ int typec_altmode_exit(struct typec_altmode *adev)
if (!adev || !adev->active)
return 0;
- if (!pdev->ops || !pdev->ops->enter)
+ if (!pdev->ops || !pdev->ops->exit)
return -EOPNOTSUPP;
/* Moving to USB Safe State */
--
2.35.1
^ permalink raw reply related [flat|nested] 529+ messages in thread
* [PATCH 4.19 225/521] serial: amba-pl011: avoid SBSA UART accessing DMACR register
2023-01-16 15:44 [PATCH 4.19 000/521] 4.19.270-rc1 review Greg Kroah-Hartman
` (223 preceding siblings ...)
2023-01-16 15:48 ` [PATCH 4.19 224/521] usb: typec: Check for ops->exit instead of ops->enter in altmode_exit Greg Kroah-Hartman
@ 2023-01-16 15:48 ` Greg Kroah-Hartman
2023-01-16 15:48 ` [PATCH 4.19 226/521] serial: pl011: Do not clear RX FIFO & RX interrupt in unthrottle Greg Kroah-Hartman
` (299 subsequent siblings)
524 siblings, 0 replies; 529+ messages in thread
From: Greg Kroah-Hartman @ 2023-01-16 15:48 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Jiamei Xie, Andre Przywara, Sasha Levin
From: Jiamei Xie <jiamei.xie@arm.com>
[ Upstream commit 94cdb9f33698478b0e7062586633c42c6158a786 ]
Chapter "B Generic UART" in "ARM Server Base System Architecture" [1]
documentation describes a generic UART interface. Such generic UART
does not support DMA. In current code, sbsa_uart_pops and
amba_pl011_pops share the same stop_rx operation, which will invoke
pl011_dma_rx_stop, leading to an access of the DMACR register. This
commit adds a using_rx_dma check in pl011_dma_rx_stop to avoid the
access to DMACR register for SBSA UARTs which does not support DMA.
When the kernel enables DMA engine with "CONFIG_DMA_ENGINE=y", Linux
SBSA PL011 driver will access PL011 DMACR register in some functions.
For most real SBSA Pl011 hardware implementations, the DMACR write
behaviour will be ignored. So these DMACR operations will not cause
obvious problems. But for some virtual SBSA PL011 hardware, like Xen
virtual SBSA PL011 (vpl011) device, the behaviour might be different.
Xen vpl011 emulation will inject a data abort to guest, when guest is
accessing an unimplemented UART register. As Xen VPL011 is SBSA
compatible, it will not implement DMACR register. So when Linux SBSA
PL011 driver access DMACR register, it will get an unhandled data abort
fault and the application will get a segmentation fault:
Unhandled fault at 0xffffffc00944d048
Mem abort info:
ESR = 0x96000000
EC = 0x25: DABT (current EL), IL = 32 bits
SET = 0, FnV = 0
EA = 0, S1PTW = 0
FSC = 0x00: ttbr address size fault
Data abort info:
ISV = 0, ISS = 0x00000000
CM = 0, WnR = 0
swapper pgtable: 4k pages, 39-bit VAs, pgdp=0000000020e2e000
[ffffffc00944d048] pgd=100000003ffff803, p4d=100000003ffff803, pud=100000003ffff803, pmd=100000003fffa803, pte=006800009c090f13
Internal error: ttbr address size fault: 96000000 [#1] PREEMPT SMP
...
Call trace:
pl011_stop_rx+0x70/0x80
tty_port_shutdown+0x7c/0xb4
tty_port_close+0x60/0xcc
uart_close+0x34/0x8c
tty_release+0x144/0x4c0
__fput+0x78/0x220
____fput+0x1c/0x30
task_work_run+0x88/0xc0
do_notify_resume+0x8d0/0x123c
el0_svc+0xa8/0xc0
el0t_64_sync_handler+0xa4/0x130
el0t_64_sync+0x1a0/0x1a4
Code: b9000083 b901f001 794038a0 8b000042 (b9000041)
---[ end trace 83dd93df15c3216f ]---
note: bootlogd[132] exited with preempt_count 1
/etc/rcS.d/S07bootlogd: line 47: 132 Segmentation fault start-stop-daemon
This has been discussed in the Xen community, and we think it should fix
this in Linux. See [2] for more information.
[1] https://developer.arm.com/documentation/den0094/c/?lang=en
[2] https://lists.xenproject.org/archives/html/xen-devel/2022-11/msg00543.html
Fixes: 0dd1e247fd39 (drivers: PL011: add support for the ARM SBSA generic UART)
Signed-off-by: Jiamei Xie <jiamei.xie@arm.com>
Reviewed-by: Andre Przywara <andre.przywara@arm.com>
Link: https://lore.kernel.org/r/20221117103237.86856-1-jiamei.xie@arm.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/tty/serial/amba-pl011.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/drivers/tty/serial/amba-pl011.c b/drivers/tty/serial/amba-pl011.c
index 7de4bed1ddba..87d9bfafc82e 100644
--- a/drivers/tty/serial/amba-pl011.c
+++ b/drivers/tty/serial/amba-pl011.c
@@ -1053,6 +1053,9 @@ static void pl011_dma_rx_callback(void *data)
*/
static inline void pl011_dma_rx_stop(struct uart_amba_port *uap)
{
+ if (!uap->using_rx_dma)
+ return;
+
/* FIXME. Just disable the DMA enable */
uap->dmacr &= ~UART011_RXDMAE;
pl011_write(uap->dmacr, uap, REG_DMACR);
--
2.35.1
^ permalink raw reply related [flat|nested] 529+ messages in thread
* [PATCH 4.19 226/521] serial: pl011: Do not clear RX FIFO & RX interrupt in unthrottle.
2023-01-16 15:44 [PATCH 4.19 000/521] 4.19.270-rc1 review Greg Kroah-Hartman
` (224 preceding siblings ...)
2023-01-16 15:48 ` [PATCH 4.19 225/521] serial: amba-pl011: avoid SBSA UART accessing DMACR register Greg Kroah-Hartman
@ 2023-01-16 15:48 ` Greg Kroah-Hartman
2023-01-16 15:48 ` [PATCH 4.19 227/521] serial: pch: Fix PCI device refcount leak in pch_request_dma() Greg Kroah-Hartman
` (298 subsequent siblings)
524 siblings, 0 replies; 529+ messages in thread
From: Greg Kroah-Hartman @ 2023-01-16 15:48 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, delisun, Ilpo Järvinen, Sasha Levin
From: delisun <delisun@pateo.com.cn>
[ Upstream commit 032d5a71ed378ffc6a2d41a187d8488a4f9fe415 ]
Clearing the RX FIFO will cause data loss.
Copy the pl011_enabl_interrupts implementation, and remove the clear
interrupt and FIFO part of the code.
Fixes: 211565b10099 ("serial: pl011: UPSTAT_AUTORTS requires .throttle/unthrottle")
Signed-off-by: delisun <delisun@pateo.com.cn>
Reviewed-by: Ilpo Järvinen <ilpo.jarvinen@linux.intel.com>
Link: https://lore.kernel.org/r/20221110020108.7700-1-delisun@pateo.com.cn
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/tty/serial/amba-pl011.c | 11 ++++++++++-
1 file changed, 10 insertions(+), 1 deletion(-)
diff --git a/drivers/tty/serial/amba-pl011.c b/drivers/tty/serial/amba-pl011.c
index 87d9bfafc82e..d1f4882d9f40 100644
--- a/drivers/tty/serial/amba-pl011.c
+++ b/drivers/tty/serial/amba-pl011.c
@@ -1771,8 +1771,17 @@ static void pl011_enable_interrupts(struct uart_amba_port *uap)
static void pl011_unthrottle_rx(struct uart_port *port)
{
struct uart_amba_port *uap = container_of(port, struct uart_amba_port, port);
+ unsigned long flags;
- pl011_enable_interrupts(uap);
+ spin_lock_irqsave(&uap->port.lock, flags);
+
+ uap->im = UART011_RTIM;
+ if (!pl011_dma_rx_running(uap))
+ uap->im |= UART011_RXIM;
+
+ pl011_write(uap->im, uap, REG_IMSC);
+
+ spin_unlock_irqrestore(&uap->port.lock, flags);
}
static int pl011_startup(struct uart_port *port)
--
2.35.1
^ permalink raw reply related [flat|nested] 529+ messages in thread
* [PATCH 4.19 227/521] serial: pch: Fix PCI device refcount leak in pch_request_dma()
2023-01-16 15:44 [PATCH 4.19 000/521] 4.19.270-rc1 review Greg Kroah-Hartman
` (225 preceding siblings ...)
2023-01-16 15:48 ` [PATCH 4.19 226/521] serial: pl011: Do not clear RX FIFO & RX interrupt in unthrottle Greg Kroah-Hartman
@ 2023-01-16 15:48 ` Greg Kroah-Hartman
2023-01-16 15:48 ` [PATCH 4.19 228/521] tty: serial: clean up stop-tx part in altera_uart_tx_chars() Greg Kroah-Hartman
` (297 subsequent siblings)
524 siblings, 0 replies; 529+ messages in thread
From: Greg Kroah-Hartman @ 2023-01-16 15:48 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Xiongfeng Wang, Sasha Levin
From: Xiongfeng Wang <wangxiongfeng2@huawei.com>
[ Upstream commit 8be3a7bf773700534a6e8f87f6ed2ed111254be5 ]
As comment of pci_get_slot() says, it returns a pci_device with its
refcount increased. The caller must decrement the reference count by
calling pci_dev_put().
Since 'dma_dev' is only used to filter the channel in filter(), we can
call pci_dev_put() before exiting from pch_request_dma(). Add the
missing pci_dev_put() for the normal and error path.
Fixes: 3c6a483275f4 ("Serial: EG20T: add PCH_UART driver")
Signed-off-by: Xiongfeng Wang <wangxiongfeng2@huawei.com>
Link: https://lore.kernel.org/r/20221122114559.27692-1-wangxiongfeng2@huawei.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/tty/serial/pch_uart.c | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/drivers/tty/serial/pch_uart.c b/drivers/tty/serial/pch_uart.c
index e5ff30544bd0..447990006d68 100644
--- a/drivers/tty/serial/pch_uart.c
+++ b/drivers/tty/serial/pch_uart.c
@@ -734,6 +734,7 @@ static void pch_request_dma(struct uart_port *port)
if (!chan) {
dev_err(priv->port.dev, "%s:dma_request_channel FAILS(Tx)\n",
__func__);
+ pci_dev_put(dma_dev);
return;
}
priv->chan_tx = chan;
@@ -750,6 +751,7 @@ static void pch_request_dma(struct uart_port *port)
__func__);
dma_release_channel(priv->chan_tx);
priv->chan_tx = NULL;
+ pci_dev_put(dma_dev);
return;
}
@@ -757,6 +759,8 @@ static void pch_request_dma(struct uart_port *port)
priv->rx_buf_virt = dma_alloc_coherent(port->dev, port->fifosize,
&priv->rx_buf_dma, GFP_KERNEL);
priv->chan_rx = chan;
+
+ pci_dev_put(dma_dev);
}
static void pch_dma_rx_complete(void *arg)
--
2.35.1
^ permalink raw reply related [flat|nested] 529+ messages in thread
* [PATCH 4.19 228/521] tty: serial: clean up stop-tx part in altera_uart_tx_chars()
2023-01-16 15:44 [PATCH 4.19 000/521] 4.19.270-rc1 review Greg Kroah-Hartman
` (226 preceding siblings ...)
2023-01-16 15:48 ` [PATCH 4.19 227/521] serial: pch: Fix PCI device refcount leak in pch_request_dma() Greg Kroah-Hartman
@ 2023-01-16 15:48 ` Greg Kroah-Hartman
2023-01-16 15:48 ` [PATCH 4.19 229/521] tty: serial: altera_uart_{r,t}x_chars() need only uart_port Greg Kroah-Hartman
` (296 subsequent siblings)
524 siblings, 0 replies; 529+ messages in thread
From: Greg Kroah-Hartman @ 2023-01-16 15:48 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Tobias Klauser, Ilpo Järvinen,
Jiri Slaby, Sasha Levin
From: Jiri Slaby <jslaby@suse.cz>
[ Upstream commit d9c128117da41cf4cb0e80ae565b5d3ac79dffac ]
The "stop TX" path in altera_uart_tx_chars() is open-coded, so:
* use uart_circ_empty() to check if the buffer is empty, and
* when true, call altera_uart_stop_tx().
Cc: Tobias Klauser <tklauser@distanz.ch>
Reviewed-by: Ilpo Järvinen <ilpo.jarvinen@linux.intel.com>
Acked-by: Tobias Klauser <tklauser@distanz.ch>
Signed-off-by: Jiri Slaby <jslaby@suse.cz>
Link: https://lore.kernel.org/r/20220920052049.20507-3-jslaby@suse.cz
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Stable-dep-of: 1307c5d33cce ("serial: altera_uart: fix locking in polling mode")
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/tty/serial/altera_uart.c | 6 ++----
1 file changed, 2 insertions(+), 4 deletions(-)
diff --git a/drivers/tty/serial/altera_uart.c b/drivers/tty/serial/altera_uart.c
index 0e487ce091ac..508a3c2b7781 100644
--- a/drivers/tty/serial/altera_uart.c
+++ b/drivers/tty/serial/altera_uart.c
@@ -274,10 +274,8 @@ static void altera_uart_tx_chars(struct altera_uart *pp)
if (uart_circ_chars_pending(xmit) < WAKEUP_CHARS)
uart_write_wakeup(port);
- if (xmit->head == xmit->tail) {
- pp->imr &= ~ALTERA_UART_CONTROL_TRDY_MSK;
- altera_uart_update_ctrl_reg(pp);
- }
+ if (uart_circ_empty(xmit))
+ altera_uart_stop_tx(port);
}
static irqreturn_t altera_uart_interrupt(int irq, void *data)
--
2.35.1
^ permalink raw reply related [flat|nested] 529+ messages in thread
* [PATCH 4.19 229/521] tty: serial: altera_uart_{r,t}x_chars() need only uart_port
2023-01-16 15:44 [PATCH 4.19 000/521] 4.19.270-rc1 review Greg Kroah-Hartman
` (227 preceding siblings ...)
2023-01-16 15:48 ` [PATCH 4.19 228/521] tty: serial: clean up stop-tx part in altera_uart_tx_chars() Greg Kroah-Hartman
@ 2023-01-16 15:48 ` Greg Kroah-Hartman
2023-01-16 15:48 ` [PATCH 4.19 230/521] serial: altera_uart: fix locking in polling mode Greg Kroah-Hartman
` (295 subsequent siblings)
524 siblings, 0 replies; 529+ messages in thread
From: Greg Kroah-Hartman @ 2023-01-16 15:48 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Tobias Klauser, Ilpo Järvinen,
Jiri Slaby, Sasha Levin
From: Jiri Slaby <jslaby@suse.cz>
[ Upstream commit 3af44d9bb0539d5fa27d6159d696fda5f3747bff ]
Both altera_uart_{r,t}x_chars() need only uart_port, not altera_uart. So
pass the former from altera_uart_interrupt() directly.
Apart it maybe saves a dereference, this makes the transition of
altera_uart_tx_chars() easier to follow in the next patch.
Cc: Tobias Klauser <tklauser@distanz.ch>
Reviewed-by: Ilpo Järvinen <ilpo.jarvinen@linux.intel.com>
Acked-by: Tobias Klauser <tklauser@distanz.ch>
Signed-off-by: Jiri Slaby <jslaby@suse.cz>
Link: https://lore.kernel.org/r/20220920052049.20507-4-jslaby@suse.cz
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Stable-dep-of: 1307c5d33cce ("serial: altera_uart: fix locking in polling mode")
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/tty/serial/altera_uart.c | 10 ++++------
1 file changed, 4 insertions(+), 6 deletions(-)
diff --git a/drivers/tty/serial/altera_uart.c b/drivers/tty/serial/altera_uart.c
index 508a3c2b7781..20c610440133 100644
--- a/drivers/tty/serial/altera_uart.c
+++ b/drivers/tty/serial/altera_uart.c
@@ -199,9 +199,8 @@ static void altera_uart_set_termios(struct uart_port *port,
*/
}
-static void altera_uart_rx_chars(struct altera_uart *pp)
+static void altera_uart_rx_chars(struct uart_port *port)
{
- struct uart_port *port = &pp->port;
unsigned char ch, flag;
unsigned short status;
@@ -248,9 +247,8 @@ static void altera_uart_rx_chars(struct altera_uart *pp)
spin_lock(&port->lock);
}
-static void altera_uart_tx_chars(struct altera_uart *pp)
+static void altera_uart_tx_chars(struct uart_port *port)
{
- struct uart_port *port = &pp->port;
struct circ_buf *xmit = &port->state->xmit;
if (port->x_char) {
@@ -288,9 +286,9 @@ static irqreturn_t altera_uart_interrupt(int irq, void *data)
spin_lock(&port->lock);
if (isr & ALTERA_UART_STATUS_RRDY_MSK)
- altera_uart_rx_chars(pp);
+ altera_uart_rx_chars(port);
if (isr & ALTERA_UART_STATUS_TRDY_MSK)
- altera_uart_tx_chars(pp);
+ altera_uart_tx_chars(port);
spin_unlock(&port->lock);
return IRQ_RETVAL(isr);
--
2.35.1
^ permalink raw reply related [flat|nested] 529+ messages in thread
* [PATCH 4.19 230/521] serial: altera_uart: fix locking in polling mode
2023-01-16 15:44 [PATCH 4.19 000/521] 4.19.270-rc1 review Greg Kroah-Hartman
` (228 preceding siblings ...)
2023-01-16 15:48 ` [PATCH 4.19 229/521] tty: serial: altera_uart_{r,t}x_chars() need only uart_port Greg Kroah-Hartman
@ 2023-01-16 15:48 ` Greg Kroah-Hartman
2023-01-16 15:48 ` [PATCH 4.19 231/521] serial: sunsab: Fix error handling in sunsab_init() Greg Kroah-Hartman
` (294 subsequent siblings)
524 siblings, 0 replies; 529+ messages in thread
From: Greg Kroah-Hartman @ 2023-01-16 15:48 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Gabriel Somlo, Sasha Levin
From: Gabriel Somlo <gsomlo@gmail.com>
[ Upstream commit 1307c5d33cce8a41dd77c2571e4df65a5b627feb ]
Since altera_uart_interrupt() may also be called from
a poll timer in "serving_softirq" context, use
spin_[lock_irqsave|unlock_irqrestore] variants, which
are appropriate for both softirq and hardware interrupt
contexts.
Fixes: 2f8b9c15cd88 ("altera_uart: Add support for polling mode (IRQ-less)")
Signed-off-by: Gabriel Somlo <gsomlo@gmail.com>
Link: https://lore.kernel.org/r/20221122200426.888349-1-gsomlo@gmail.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/tty/serial/altera_uart.c | 5 +++--
1 file changed, 3 insertions(+), 2 deletions(-)
diff --git a/drivers/tty/serial/altera_uart.c b/drivers/tty/serial/altera_uart.c
index 20c610440133..d91f76b1d353 100644
--- a/drivers/tty/serial/altera_uart.c
+++ b/drivers/tty/serial/altera_uart.c
@@ -280,16 +280,17 @@ static irqreturn_t altera_uart_interrupt(int irq, void *data)
{
struct uart_port *port = data;
struct altera_uart *pp = container_of(port, struct altera_uart, port);
+ unsigned long flags;
unsigned int isr;
isr = altera_uart_readl(port, ALTERA_UART_STATUS_REG) & pp->imr;
- spin_lock(&port->lock);
+ spin_lock_irqsave(&port->lock, flags);
if (isr & ALTERA_UART_STATUS_RRDY_MSK)
altera_uart_rx_chars(port);
if (isr & ALTERA_UART_STATUS_TRDY_MSK)
altera_uart_tx_chars(port);
- spin_unlock(&port->lock);
+ spin_unlock_irqrestore(&port->lock, flags);
return IRQ_RETVAL(isr);
}
--
2.35.1
^ permalink raw reply related [flat|nested] 529+ messages in thread
* [PATCH 4.19 231/521] serial: sunsab: Fix error handling in sunsab_init()
2023-01-16 15:44 [PATCH 4.19 000/521] 4.19.270-rc1 review Greg Kroah-Hartman
` (229 preceding siblings ...)
2023-01-16 15:48 ` [PATCH 4.19 230/521] serial: altera_uart: fix locking in polling mode Greg Kroah-Hartman
@ 2023-01-16 15:48 ` Greg Kroah-Hartman
2023-01-16 15:48 ` [PATCH 4.19 232/521] test_firmware: fix memory leak in test_firmware_init() Greg Kroah-Hartman
` (293 subsequent siblings)
524 siblings, 0 replies; 529+ messages in thread
From: Greg Kroah-Hartman @ 2023-01-16 15:48 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Yuan Can, Sasha Levin
From: Yuan Can <yuancan@huawei.com>
[ Upstream commit 1a6ec673fb627c26e2267ca0a03849f91dbd9b40 ]
The sunsab_init() returns the platform_driver_register() directly without
checking its return value, if platform_driver_register() failed, the
allocated sunsab_ports is leaked.
Fix by free sunsab_ports and set it to NULL when platform_driver_register()
failed.
Fixes: c4d37215a824 ("[SERIAL] sunsab: Convert to of_driver framework.")
Signed-off-by: Yuan Can <yuancan@huawei.com>
Link: https://lore.kernel.org/r/20221123061212.52593-1-yuancan@huawei.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/tty/serial/sunsab.c | 8 +++++++-
1 file changed, 7 insertions(+), 1 deletion(-)
diff --git a/drivers/tty/serial/sunsab.c b/drivers/tty/serial/sunsab.c
index 72131b5e132e..beca02c30498 100644
--- a/drivers/tty/serial/sunsab.c
+++ b/drivers/tty/serial/sunsab.c
@@ -1140,7 +1140,13 @@ static int __init sunsab_init(void)
}
}
- return platform_driver_register(&sab_driver);
+ err = platform_driver_register(&sab_driver);
+ if (err) {
+ kfree(sunsab_ports);
+ sunsab_ports = NULL;
+ }
+
+ return err;
}
static void __exit sunsab_exit(void)
--
2.35.1
^ permalink raw reply related [flat|nested] 529+ messages in thread
* [PATCH 4.19 232/521] test_firmware: fix memory leak in test_firmware_init()
2023-01-16 15:44 [PATCH 4.19 000/521] 4.19.270-rc1 review Greg Kroah-Hartman
` (230 preceding siblings ...)
2023-01-16 15:48 ` [PATCH 4.19 231/521] serial: sunsab: Fix error handling in sunsab_init() Greg Kroah-Hartman
@ 2023-01-16 15:48 ` Greg Kroah-Hartman
2023-01-16 15:48 ` [PATCH 4.19 233/521] misc: tifm: fix possible memory leak in tifm_7xx1_switch_media() Greg Kroah-Hartman
` (292 subsequent siblings)
524 siblings, 0 replies; 529+ messages in thread
From: Greg Kroah-Hartman @ 2023-01-16 15:48 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Zhengchao Shao, Luis Chamberlain,
Sasha Levin
From: Zhengchao Shao <shaozhengchao@huawei.com>
[ Upstream commit 7610615e8cdb3f6f5bbd9d8e7a5d8a63e3cabf2e ]
When misc_register() failed in test_firmware_init(), the memory pointed
by test_fw_config->name is not released. The memory leak information is
as follows:
unreferenced object 0xffff88810a34cb00 (size 32):
comm "insmod", pid 7952, jiffies 4294948236 (age 49.060s)
hex dump (first 32 bytes):
74 65 73 74 2d 66 69 72 6d 77 61 72 65 2e 62 69 test-firmware.bi
6e 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 n...............
backtrace:
[<ffffffff81b21fcb>] __kmalloc_node_track_caller+0x4b/0xc0
[<ffffffff81affb96>] kstrndup+0x46/0xc0
[<ffffffffa0403a49>] __test_firmware_config_init+0x29/0x380 [test_firmware]
[<ffffffffa040f068>] 0xffffffffa040f068
[<ffffffff81002c41>] do_one_initcall+0x141/0x780
[<ffffffff816a72c3>] do_init_module+0x1c3/0x630
[<ffffffff816adb9e>] load_module+0x623e/0x76a0
[<ffffffff816af471>] __do_sys_finit_module+0x181/0x240
[<ffffffff89978f99>] do_syscall_64+0x39/0xb0
[<ffffffff89a0008b>] entry_SYSCALL_64_after_hwframe+0x63/0xcd
Fixes: c92316bf8e94 ("test_firmware: add batched firmware tests")
Signed-off-by: Zhengchao Shao <shaozhengchao@huawei.com>
Acked-by: Luis Chamberlain <mcgrof@kernel.org>
Link: https://lore.kernel.org/r/20221119035721.18268-1-shaozhengchao@huawei.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
lib/test_firmware.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/lib/test_firmware.c b/lib/test_firmware.c
index a74b1aae7461..f4cc874021da 100644
--- a/lib/test_firmware.c
+++ b/lib/test_firmware.c
@@ -902,6 +902,7 @@ static int __init test_firmware_init(void)
rc = misc_register(&test_fw_misc_device);
if (rc) {
+ __test_firmware_config_free();
kfree(test_fw_config);
pr_err("could not register misc device: %d\n", rc);
return rc;
--
2.35.1
^ permalink raw reply related [flat|nested] 529+ messages in thread
* [PATCH 4.19 233/521] misc: tifm: fix possible memory leak in tifm_7xx1_switch_media()
2023-01-16 15:44 [PATCH 4.19 000/521] 4.19.270-rc1 review Greg Kroah-Hartman
` (231 preceding siblings ...)
2023-01-16 15:48 ` [PATCH 4.19 232/521] test_firmware: fix memory leak in test_firmware_init() Greg Kroah-Hartman
@ 2023-01-16 15:48 ` Greg Kroah-Hartman
2023-01-16 15:48 ` [PATCH 4.19 234/521] misc: sgi-gru: fix use-after-free error in gru_set_context_option, gru_fault and gru_handle_user_call_os Greg Kroah-Hartman
` (291 subsequent siblings)
524 siblings, 0 replies; 529+ messages in thread
From: Greg Kroah-Hartman @ 2023-01-16 15:48 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, ruanjinjie, Sasha Levin
From: ruanjinjie <ruanjinjie@huawei.com>
[ Upstream commit fd2c930cf6a5b9176382c15f9acb1996e76e25ad ]
If device_register() returns error in tifm_7xx1_switch_media(),
name of kobject which is allocated in dev_set_name() called in device_add()
is leaked.
Never directly free @dev after calling device_register(), even
if it returned an error! Always use put_device() to give up the
reference initialized.
Fixes: 2428a8fe2261 ("tifm: move common device management tasks from tifm_7xx1 to tifm_core")
Signed-off-by: ruanjinjie <ruanjinjie@huawei.com>
Link: https://lore.kernel.org/r/20221117064725.3478402-1-ruanjinjie@huawei.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/misc/tifm_7xx1.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/misc/tifm_7xx1.c b/drivers/misc/tifm_7xx1.c
index 9ac95b48ef92..1d33c4facd44 100644
--- a/drivers/misc/tifm_7xx1.c
+++ b/drivers/misc/tifm_7xx1.c
@@ -194,7 +194,7 @@ static void tifm_7xx1_switch_media(struct work_struct *work)
spin_unlock_irqrestore(&fm->lock, flags);
}
if (sock)
- tifm_free_device(&sock->dev);
+ put_device(&sock->dev);
}
spin_lock_irqsave(&fm->lock, flags);
}
--
2.35.1
^ permalink raw reply related [flat|nested] 529+ messages in thread
* [PATCH 4.19 234/521] misc: sgi-gru: fix use-after-free error in gru_set_context_option, gru_fault and gru_handle_user_call_os
2023-01-16 15:44 [PATCH 4.19 000/521] 4.19.270-rc1 review Greg Kroah-Hartman
` (232 preceding siblings ...)
2023-01-16 15:48 ` [PATCH 4.19 233/521] misc: tifm: fix possible memory leak in tifm_7xx1_switch_media() Greg Kroah-Hartman
@ 2023-01-16 15:48 ` Greg Kroah-Hartman
2023-01-16 15:48 ` [PATCH 4.19 235/521] cxl: fix possible null-ptr-deref in cxl_guest_init_afu|adapter() Greg Kroah-Hartman
` (290 subsequent siblings)
524 siblings, 0 replies; 529+ messages in thread
From: Greg Kroah-Hartman @ 2023-01-16 15:48 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Zheng Wang, Dimitri Sivanich, Sasha Levin
From: Zheng Wang <zyytlz.wz@163.com>
[ Upstream commit 643a16a0eb1d6ac23744bb6e90a00fc21148a9dc ]
In some bad situation, the gts may be freed gru_check_chiplet_assignment.
The call chain can be gru_unload_context->gru_free_gru_context->gts_drop
and kfree finally. However, the caller didn't know if the gts is freed
or not and use it afterwards. This will trigger a Use after Free bug.
Fix it by introducing a return value to see if it's in error path or not.
Free the gts in caller if gru_check_chiplet_assignment check failed.
Fixes: 55484c45dbec ("gru: allow users to specify gru chiplet 2")
Signed-off-by: Zheng Wang <zyytlz.wz@163.com>
Acked-by: Dimitri Sivanich <sivanich@hpe.com>
Link: https://lore.kernel.org/r/20221110035033.19498-1-zyytlz.wz@163.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/misc/sgi-gru/grufault.c | 13 +++++++++++--
drivers/misc/sgi-gru/grumain.c | 22 ++++++++++++++++++----
drivers/misc/sgi-gru/grutables.h | 2 +-
3 files changed, 30 insertions(+), 7 deletions(-)
diff --git a/drivers/misc/sgi-gru/grufault.c b/drivers/misc/sgi-gru/grufault.c
index 93be82fc338a..16df731e63c5 100644
--- a/drivers/misc/sgi-gru/grufault.c
+++ b/drivers/misc/sgi-gru/grufault.c
@@ -661,6 +661,7 @@ int gru_handle_user_call_os(unsigned long cb)
if ((cb & (GRU_HANDLE_STRIDE - 1)) || ucbnum >= GRU_NUM_CB)
return -EINVAL;
+again:
gts = gru_find_lock_gts(cb);
if (!gts)
return -EINVAL;
@@ -669,7 +670,11 @@ int gru_handle_user_call_os(unsigned long cb)
if (ucbnum >= gts->ts_cbr_au_count * GRU_CBR_AU_SIZE)
goto exit;
- gru_check_context_placement(gts);
+ if (gru_check_context_placement(gts)) {
+ gru_unlock_gts(gts);
+ gru_unload_context(gts, 1);
+ goto again;
+ }
/*
* CCH may contain stale data if ts_force_cch_reload is set.
@@ -887,7 +892,11 @@ int gru_set_context_option(unsigned long arg)
} else {
gts->ts_user_blade_id = req.val1;
gts->ts_user_chiplet_id = req.val0;
- gru_check_context_placement(gts);
+ if (gru_check_context_placement(gts)) {
+ gru_unlock_gts(gts);
+ gru_unload_context(gts, 1);
+ return ret;
+ }
}
break;
case sco_gseg_owner:
diff --git a/drivers/misc/sgi-gru/grumain.c b/drivers/misc/sgi-gru/grumain.c
index ab174f28e3be..8c3e0317c115 100644
--- a/drivers/misc/sgi-gru/grumain.c
+++ b/drivers/misc/sgi-gru/grumain.c
@@ -729,9 +729,10 @@ static int gru_check_chiplet_assignment(struct gru_state *gru,
* chiplet. Misassignment can occur if the process migrates to a different
* blade or if the user changes the selected blade/chiplet.
*/
-void gru_check_context_placement(struct gru_thread_state *gts)
+int gru_check_context_placement(struct gru_thread_state *gts)
{
struct gru_state *gru;
+ int ret = 0;
/*
* If the current task is the context owner, verify that the
@@ -739,15 +740,23 @@ void gru_check_context_placement(struct gru_thread_state *gts)
* references. Pthread apps use non-owner references to the CBRs.
*/
gru = gts->ts_gru;
+ /*
+ * If gru or gts->ts_tgid_owner isn't initialized properly, return
+ * success to indicate that the caller does not need to unload the
+ * gru context.The caller is responsible for their inspection and
+ * reinitialization if needed.
+ */
if (!gru || gts->ts_tgid_owner != current->tgid)
- return;
+ return ret;
if (!gru_check_chiplet_assignment(gru, gts)) {
STAT(check_context_unload);
- gru_unload_context(gts, 1);
+ ret = -EINVAL;
} else if (gru_retarget_intr(gts)) {
STAT(check_context_retarget_intr);
}
+
+ return ret;
}
@@ -947,7 +956,12 @@ vm_fault_t gru_fault(struct vm_fault *vmf)
mutex_lock(>s->ts_ctxlock);
preempt_disable();
- gru_check_context_placement(gts);
+ if (gru_check_context_placement(gts)) {
+ preempt_enable();
+ mutex_unlock(>s->ts_ctxlock);
+ gru_unload_context(gts, 1);
+ return VM_FAULT_NOPAGE;
+ }
if (!gts->ts_gru) {
STAT(load_user_context);
diff --git a/drivers/misc/sgi-gru/grutables.h b/drivers/misc/sgi-gru/grutables.h
index 3e041b6f7a68..2becf4c3f7ca 100644
--- a/drivers/misc/sgi-gru/grutables.h
+++ b/drivers/misc/sgi-gru/grutables.h
@@ -652,7 +652,7 @@ extern int gru_user_flush_tlb(unsigned long arg);
extern int gru_user_unload_context(unsigned long arg);
extern int gru_get_exception_detail(unsigned long arg);
extern int gru_set_context_option(unsigned long address);
-extern void gru_check_context_placement(struct gru_thread_state *gts);
+extern int gru_check_context_placement(struct gru_thread_state *gts);
extern int gru_cpu_fault_map_id(void);
extern struct vm_area_struct *gru_find_vma(unsigned long vaddr);
extern void gru_flush_all_tlb(struct gru_state *gru);
--
2.35.1
^ permalink raw reply related [flat|nested] 529+ messages in thread
* [PATCH 4.19 235/521] cxl: fix possible null-ptr-deref in cxl_guest_init_afu|adapter()
2023-01-16 15:44 [PATCH 4.19 000/521] 4.19.270-rc1 review Greg Kroah-Hartman
` (233 preceding siblings ...)
2023-01-16 15:48 ` [PATCH 4.19 234/521] misc: sgi-gru: fix use-after-free error in gru_set_context_option, gru_fault and gru_handle_user_call_os Greg Kroah-Hartman
@ 2023-01-16 15:48 ` Greg Kroah-Hartman
2023-01-16 15:48 ` [PATCH 4.19 236/521] cxl: fix possible null-ptr-deref in cxl_pci_init_afu|adapter() Greg Kroah-Hartman
` (289 subsequent siblings)
524 siblings, 0 replies; 529+ messages in thread
From: Greg Kroah-Hartman @ 2023-01-16 15:48 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Yang Yingliang, Andrew Donnellan,
Frederic Barrat, Sasha Levin
From: Yang Yingliang <yangyingliang@huawei.com>
[ Upstream commit 61c80d1c3833e196256fb060382db94f24d3d9a7 ]
If device_register() fails in cxl_register_afu|adapter(), the device
is not added, device_unregister() can not be called in the error path,
otherwise it will cause a null-ptr-deref because of removing not added
device.
As comment of device_register() says, it should use put_device() to give
up the reference in the error path. So split device_unregister() into
device_del() and put_device(), then goes to put dev when register fails.
Fixes: 14baf4d9c739 ("cxl: Add guest-specific code")
Signed-off-by: Yang Yingliang <yangyingliang@huawei.com>
Acked-by: Andrew Donnellan <ajd@linux.ibm.com>
Acked-by: Frederic Barrat <fbarrat@linux.ibm.com>
Link: https://lore.kernel.org/r/20221111145440.2426970-1-yangyingliang@huawei.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/misc/cxl/guest.c | 24 ++++++++++++++----------
1 file changed, 14 insertions(+), 10 deletions(-)
diff --git a/drivers/misc/cxl/guest.c b/drivers/misc/cxl/guest.c
index 08f4a512afad..3153cf1651a2 100644
--- a/drivers/misc/cxl/guest.c
+++ b/drivers/misc/cxl/guest.c
@@ -963,10 +963,10 @@ int cxl_guest_init_afu(struct cxl *adapter, int slice, struct device_node *afu_n
* if it returns an error!
*/
if ((rc = cxl_register_afu(afu)))
- goto err_put1;
+ goto err_put_dev;
if ((rc = cxl_sysfs_afu_add(afu)))
- goto err_put1;
+ goto err_del_dev;
/*
* pHyp doesn't expose the programming models supported by the
@@ -982,7 +982,7 @@ int cxl_guest_init_afu(struct cxl *adapter, int slice, struct device_node *afu_n
afu->modes_supported = CXL_MODE_DIRECTED;
if ((rc = cxl_afu_select_best_mode(afu)))
- goto err_put2;
+ goto err_remove_sysfs;
adapter->afu[afu->slice] = afu;
@@ -1002,10 +1002,12 @@ int cxl_guest_init_afu(struct cxl *adapter, int slice, struct device_node *afu_n
return 0;
-err_put2:
+err_remove_sysfs:
cxl_sysfs_afu_remove(afu);
-err_put1:
- device_unregister(&afu->dev);
+err_del_dev:
+ device_del(&afu->dev);
+err_put_dev:
+ put_device(&afu->dev);
free = false;
guest_release_serr_irq(afu);
err2:
@@ -1139,18 +1141,20 @@ struct cxl *cxl_guest_init_adapter(struct device_node *np, struct platform_devic
* even if it returns an error!
*/
if ((rc = cxl_register_adapter(adapter)))
- goto err_put1;
+ goto err_put_dev;
if ((rc = cxl_sysfs_adapter_add(adapter)))
- goto err_put1;
+ goto err_del_dev;
/* release the context lock as the adapter is configured */
cxl_adapter_context_unlock(adapter);
return adapter;
-err_put1:
- device_unregister(&adapter->dev);
+err_del_dev:
+ device_del(&adapter->dev);
+err_put_dev:
+ put_device(&adapter->dev);
free = false;
cxl_guest_remove_chardev(adapter);
err1:
--
2.35.1
^ permalink raw reply related [flat|nested] 529+ messages in thread
* [PATCH 4.19 236/521] cxl: fix possible null-ptr-deref in cxl_pci_init_afu|adapter()
2023-01-16 15:44 [PATCH 4.19 000/521] 4.19.270-rc1 review Greg Kroah-Hartman
` (234 preceding siblings ...)
2023-01-16 15:48 ` [PATCH 4.19 235/521] cxl: fix possible null-ptr-deref in cxl_guest_init_afu|adapter() Greg Kroah-Hartman
@ 2023-01-16 15:48 ` Greg Kroah-Hartman
2023-01-16 15:48 ` [PATCH 4.19 237/521] usb: gadget: f_hid: optional SETUP/SET_REPORT mode Greg Kroah-Hartman
` (288 subsequent siblings)
524 siblings, 0 replies; 529+ messages in thread
From: Greg Kroah-Hartman @ 2023-01-16 15:48 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Yang Yingliang, Frederic Barrat,
Andrew Donnellan, Sasha Levin
From: Yang Yingliang <yangyingliang@huawei.com>
[ Upstream commit 02cd3032b154fa02fdf90e7467abaeed889330b2 ]
If device_register() fails in cxl_pci_afu|adapter(), the device
is not added, device_unregister() can not be called in the error
path, otherwise it will cause a null-ptr-deref because of removing
not added device.
As comment of device_register() says, it should use put_device() to give
up the reference in the error path. So split device_unregister() into
device_del() and put_device(), then goes to put dev when register fails.
Fixes: f204e0b8cedd ("cxl: Driver code for powernv PCIe based cards for userspace access")
Signed-off-by: Yang Yingliang <yangyingliang@huawei.com>
Acked-by: Frederic Barrat <fbarrat@linux.ibm.com>
Acked-by: Andrew Donnellan <ajd@linux.ibm.com>
Link: https://lore.kernel.org/r/20221111145440.2426970-2-yangyingliang@huawei.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/misc/cxl/pci.c | 20 ++++++++++++--------
1 file changed, 12 insertions(+), 8 deletions(-)
diff --git a/drivers/misc/cxl/pci.c b/drivers/misc/cxl/pci.c
index b9d3c87e9318..acb4a339f5fe 100644
--- a/drivers/misc/cxl/pci.c
+++ b/drivers/misc/cxl/pci.c
@@ -1168,10 +1168,10 @@ static int pci_init_afu(struct cxl *adapter, int slice, struct pci_dev *dev)
* if it returns an error!
*/
if ((rc = cxl_register_afu(afu)))
- goto err_put1;
+ goto err_put_dev;
if ((rc = cxl_sysfs_afu_add(afu)))
- goto err_put1;
+ goto err_del_dev;
adapter->afu[afu->slice] = afu;
@@ -1180,10 +1180,12 @@ static int pci_init_afu(struct cxl *adapter, int slice, struct pci_dev *dev)
return 0;
-err_put1:
+err_del_dev:
+ device_del(&afu->dev);
+err_put_dev:
pci_deconfigure_afu(afu);
cxl_debugfs_afu_remove(afu);
- device_unregister(&afu->dev);
+ put_device(&afu->dev);
return rc;
err_free_native:
@@ -1671,23 +1673,25 @@ static struct cxl *cxl_pci_init_adapter(struct pci_dev *dev)
* even if it returns an error!
*/
if ((rc = cxl_register_adapter(adapter)))
- goto err_put1;
+ goto err_put_dev;
if ((rc = cxl_sysfs_adapter_add(adapter)))
- goto err_put1;
+ goto err_del_dev;
/* Release the context lock as adapter is configured */
cxl_adapter_context_unlock(adapter);
return adapter;
-err_put1:
+err_del_dev:
+ device_del(&adapter->dev);
+err_put_dev:
/* This should mirror cxl_remove_adapter, except without the
* sysfs parts
*/
cxl_debugfs_adapter_remove(adapter);
cxl_deconfigure_adapter(adapter);
- device_unregister(&adapter->dev);
+ put_device(&adapter->dev);
return ERR_PTR(rc);
err_release:
--
2.35.1
^ permalink raw reply related [flat|nested] 529+ messages in thread
* [PATCH 4.19 237/521] usb: gadget: f_hid: optional SETUP/SET_REPORT mode
2023-01-16 15:44 [PATCH 4.19 000/521] 4.19.270-rc1 review Greg Kroah-Hartman
` (235 preceding siblings ...)
2023-01-16 15:48 ` [PATCH 4.19 236/521] cxl: fix possible null-ptr-deref in cxl_pci_init_afu|adapter() Greg Kroah-Hartman
@ 2023-01-16 15:48 ` Greg Kroah-Hartman
2023-01-16 15:48 ` [PATCH 4.19 238/521] usb: gadget: f_hid: fix f_hidg lifetime vs cdev Greg Kroah-Hartman
` (287 subsequent siblings)
524 siblings, 0 replies; 529+ messages in thread
From: Greg Kroah-Hartman @ 2023-01-16 15:48 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Maciej Żenczykowski,
Felipe Balbi, Maxim Devaev, Sasha Levin
From: Maxim Devaev <mdevaev@gmail.com>
[ Upstream commit d7428bc26fc767942c38d74b80299bcd4f01e7cb ]
f_hid provides the OUT Endpoint as only way for receiving reports
from the host. SETUP/SET_REPORT method is not supported, and this causes
a number of compatibility problems with various host drivers, especially
in the case of keyboard emulation using f_hid.
- Some hosts do not support the OUT Endpoint and ignore it,
so it becomes impossible for the gadget to receive a report
from the host. In the case of a keyboard, the gadget loses
the ability to receive the status of the LEDs.
- Some BIOSes/UEFIs can't work with HID devices with the OUT Endpoint
at all. This may be due to their bugs or incomplete implementation
of the HID standard.
For example, absolutely all Apple UEFIs can't handle the OUT Endpoint
if it goes after IN Endpoint in the descriptor and require the reverse
order (OUT, IN) which is a violation of the standard.
Other hosts either do not initialize gadgets with a descriptor
containing the OUT Endpoint completely (like some HP and DELL BIOSes
and embedded firmwares like on KVM switches), or initialize them,
but will not poll the IN Endpoint.
This patch adds configfs option no_out_endpoint=1 to disable
the OUT Endpoint and allows f_hid to receive reports from the host
via SETUP/SET_REPORT.
Previously, there was such a feature in f_hid, but it was replaced
by the OUT Endpoint [1] in the commit 99c515005857 ("usb: gadget: hidg:
register OUT INT endpoint for SET_REPORT"). So this patch actually
returns the removed functionality while making it optional.
For backward compatibility reasons, the OUT Endpoint mode remains
the default behaviour.
- The OUT Endpoint mode provides the report queue and reduces
USB overhead (eliminating SETUP routine) on transmitting a report
from the host.
- If the SETUP/SET_REPORT mode is used, there is no report queue,
so the userspace will only read last report. For classic HID devices
like keyboards this is not a problem, since it's intended to transmit
the status of the LEDs and only the last report is important.
This mode provides better compatibility with strange and buggy
host drivers.
Both modes passed USBCV tests. Checking with the USB protocol analyzer
also confirmed that everything is working as it should and the new mode
ensures operability in all of the described cases.
Link: https://www.spinics.net/lists/linux-usb/msg65494.html [1]
Reviewed-by: Maciej Żenczykowski <zenczykowski@gmail.com>
Acked-by: Felipe Balbi <balbi@kernel.org>
Signed-off-by: Maxim Devaev <mdevaev@gmail.com>
Link: https://lore.kernel.org/r/20210821134004.363217-1-mdevaev@gmail.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Stable-dep-of: 89ff3dfac604 ("usb: gadget: f_hid: fix f_hidg lifetime vs cdev")
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/usb/gadget/function/f_hid.c | 220 +++++++++++++++++++++++-----
drivers/usb/gadget/function/u_hid.h | 1 +
2 files changed, 188 insertions(+), 33 deletions(-)
diff --git a/drivers/usb/gadget/function/f_hid.c b/drivers/usb/gadget/function/f_hid.c
index 1d10d29c115b..0c200f152036 100644
--- a/drivers/usb/gadget/function/f_hid.c
+++ b/drivers/usb/gadget/function/f_hid.c
@@ -45,12 +45,25 @@ struct f_hidg {
unsigned short report_desc_length;
char *report_desc;
unsigned short report_length;
+ /*
+ * use_out_ep - if true, the OUT Endpoint (interrupt out method)
+ * will be used to receive reports from the host
+ * using functions with the "intout" suffix.
+ * Otherwise, the OUT Endpoint will not be configured
+ * and the SETUP/SET_REPORT method ("ssreport" suffix)
+ * will be used to receive reports.
+ */
+ bool use_out_ep;
/* recv report */
- struct list_head completed_out_req;
spinlock_t read_spinlock;
wait_queue_head_t read_queue;
+ /* recv report - interrupt out only (use_out_ep == 1) */
+ struct list_head completed_out_req;
unsigned int qlen;
+ /* recv report - setup set_report only (use_out_ep == 0) */
+ char *set_report_buf;
+ unsigned int set_report_length;
/* send report */
spinlock_t write_spinlock;
@@ -79,7 +92,7 @@ static struct usb_interface_descriptor hidg_interface_desc = {
.bDescriptorType = USB_DT_INTERFACE,
/* .bInterfaceNumber = DYNAMIC */
.bAlternateSetting = 0,
- .bNumEndpoints = 2,
+ /* .bNumEndpoints = DYNAMIC (depends on use_out_ep) */
.bInterfaceClass = USB_CLASS_HID,
/* .bInterfaceSubClass = DYNAMIC */
/* .bInterfaceProtocol = DYNAMIC */
@@ -140,7 +153,7 @@ static struct usb_ss_ep_comp_descriptor hidg_ss_out_comp_desc = {
/* .wBytesPerInterval = DYNAMIC */
};
-static struct usb_descriptor_header *hidg_ss_descriptors[] = {
+static struct usb_descriptor_header *hidg_ss_descriptors_intout[] = {
(struct usb_descriptor_header *)&hidg_interface_desc,
(struct usb_descriptor_header *)&hidg_desc,
(struct usb_descriptor_header *)&hidg_ss_in_ep_desc,
@@ -150,6 +163,14 @@ static struct usb_descriptor_header *hidg_ss_descriptors[] = {
NULL,
};
+static struct usb_descriptor_header *hidg_ss_descriptors_ssreport[] = {
+ (struct usb_descriptor_header *)&hidg_interface_desc,
+ (struct usb_descriptor_header *)&hidg_desc,
+ (struct usb_descriptor_header *)&hidg_ss_in_ep_desc,
+ (struct usb_descriptor_header *)&hidg_ss_in_comp_desc,
+ NULL,
+};
+
/* High-Speed Support */
static struct usb_endpoint_descriptor hidg_hs_in_ep_desc = {
@@ -176,7 +197,7 @@ static struct usb_endpoint_descriptor hidg_hs_out_ep_desc = {
*/
};
-static struct usb_descriptor_header *hidg_hs_descriptors[] = {
+static struct usb_descriptor_header *hidg_hs_descriptors_intout[] = {
(struct usb_descriptor_header *)&hidg_interface_desc,
(struct usb_descriptor_header *)&hidg_desc,
(struct usb_descriptor_header *)&hidg_hs_in_ep_desc,
@@ -184,6 +205,13 @@ static struct usb_descriptor_header *hidg_hs_descriptors[] = {
NULL,
};
+static struct usb_descriptor_header *hidg_hs_descriptors_ssreport[] = {
+ (struct usb_descriptor_header *)&hidg_interface_desc,
+ (struct usb_descriptor_header *)&hidg_desc,
+ (struct usb_descriptor_header *)&hidg_hs_in_ep_desc,
+ NULL,
+};
+
/* Full-Speed Support */
static struct usb_endpoint_descriptor hidg_fs_in_ep_desc = {
@@ -210,7 +238,7 @@ static struct usb_endpoint_descriptor hidg_fs_out_ep_desc = {
*/
};
-static struct usb_descriptor_header *hidg_fs_descriptors[] = {
+static struct usb_descriptor_header *hidg_fs_descriptors_intout[] = {
(struct usb_descriptor_header *)&hidg_interface_desc,
(struct usb_descriptor_header *)&hidg_desc,
(struct usb_descriptor_header *)&hidg_fs_in_ep_desc,
@@ -218,6 +246,13 @@ static struct usb_descriptor_header *hidg_fs_descriptors[] = {
NULL,
};
+static struct usb_descriptor_header *hidg_fs_descriptors_ssreport[] = {
+ (struct usb_descriptor_header *)&hidg_interface_desc,
+ (struct usb_descriptor_header *)&hidg_desc,
+ (struct usb_descriptor_header *)&hidg_fs_in_ep_desc,
+ NULL,
+};
+
/*-------------------------------------------------------------------------*/
/* Strings */
@@ -241,8 +276,8 @@ static struct usb_gadget_strings *ct_func_strings[] = {
/*-------------------------------------------------------------------------*/
/* Char Device */
-static ssize_t f_hidg_read(struct file *file, char __user *buffer,
- size_t count, loff_t *ptr)
+static ssize_t f_hidg_intout_read(struct file *file, char __user *buffer,
+ size_t count, loff_t *ptr)
{
struct f_hidg *hidg = file->private_data;
struct f_hidg_req_list *list;
@@ -258,15 +293,15 @@ static ssize_t f_hidg_read(struct file *file, char __user *buffer,
spin_lock_irqsave(&hidg->read_spinlock, flags);
-#define READ_COND (!list_empty(&hidg->completed_out_req))
+#define READ_COND_INTOUT (!list_empty(&hidg->completed_out_req))
/* wait for at least one buffer to complete */
- while (!READ_COND) {
+ while (!READ_COND_INTOUT) {
spin_unlock_irqrestore(&hidg->read_spinlock, flags);
if (file->f_flags & O_NONBLOCK)
return -EAGAIN;
- if (wait_event_interruptible(hidg->read_queue, READ_COND))
+ if (wait_event_interruptible(hidg->read_queue, READ_COND_INTOUT))
return -ERESTARTSYS;
spin_lock_irqsave(&hidg->read_spinlock, flags);
@@ -316,6 +351,60 @@ static ssize_t f_hidg_read(struct file *file, char __user *buffer,
return count;
}
+#define READ_COND_SSREPORT (hidg->set_report_buf != NULL)
+
+static ssize_t f_hidg_ssreport_read(struct file *file, char __user *buffer,
+ size_t count, loff_t *ptr)
+{
+ struct f_hidg *hidg = file->private_data;
+ char *tmp_buf = NULL;
+ unsigned long flags;
+
+ if (!count)
+ return 0;
+
+ spin_lock_irqsave(&hidg->read_spinlock, flags);
+
+ while (!READ_COND_SSREPORT) {
+ spin_unlock_irqrestore(&hidg->read_spinlock, flags);
+ if (file->f_flags & O_NONBLOCK)
+ return -EAGAIN;
+
+ if (wait_event_interruptible(hidg->read_queue, READ_COND_SSREPORT))
+ return -ERESTARTSYS;
+
+ spin_lock_irqsave(&hidg->read_spinlock, flags);
+ }
+
+ count = min_t(unsigned int, count, hidg->set_report_length);
+ tmp_buf = hidg->set_report_buf;
+ hidg->set_report_buf = NULL;
+
+ spin_unlock_irqrestore(&hidg->read_spinlock, flags);
+
+ if (tmp_buf != NULL) {
+ count -= copy_to_user(buffer, tmp_buf, count);
+ kfree(tmp_buf);
+ } else {
+ count = -ENOMEM;
+ }
+
+ wake_up(&hidg->read_queue);
+
+ return count;
+}
+
+static ssize_t f_hidg_read(struct file *file, char __user *buffer,
+ size_t count, loff_t *ptr)
+{
+ struct f_hidg *hidg = file->private_data;
+
+ if (hidg->use_out_ep)
+ return f_hidg_intout_read(file, buffer, count, ptr);
+ else
+ return f_hidg_ssreport_read(file, buffer, count, ptr);
+}
+
static void f_hidg_req_complete(struct usb_ep *ep, struct usb_request *req)
{
struct f_hidg *hidg = (struct f_hidg *)ep->driver_data;
@@ -439,14 +528,20 @@ static __poll_t f_hidg_poll(struct file *file, poll_table *wait)
if (WRITE_COND)
ret |= EPOLLOUT | EPOLLWRNORM;
- if (READ_COND)
- ret |= EPOLLIN | EPOLLRDNORM;
+ if (hidg->use_out_ep) {
+ if (READ_COND_INTOUT)
+ ret |= EPOLLIN | EPOLLRDNORM;
+ } else {
+ if (READ_COND_SSREPORT)
+ ret |= EPOLLIN | EPOLLRDNORM;
+ }
return ret;
}
#undef WRITE_COND
-#undef READ_COND
+#undef READ_COND_SSREPORT
+#undef READ_COND_INTOUT
static int f_hidg_release(struct inode *inode, struct file *fd)
{
@@ -473,7 +568,7 @@ static inline struct usb_request *hidg_alloc_ep_req(struct usb_ep *ep,
return alloc_ep_req(ep, length);
}
-static void hidg_set_report_complete(struct usb_ep *ep, struct usb_request *req)
+static void hidg_intout_complete(struct usb_ep *ep, struct usb_request *req)
{
struct f_hidg *hidg = (struct f_hidg *) req->context;
struct usb_composite_dev *cdev = hidg->func.config->cdev;
@@ -508,6 +603,37 @@ static void hidg_set_report_complete(struct usb_ep *ep, struct usb_request *req)
}
}
+static void hidg_ssreport_complete(struct usb_ep *ep, struct usb_request *req)
+{
+ struct f_hidg *hidg = (struct f_hidg *)req->context;
+ struct usb_composite_dev *cdev = hidg->func.config->cdev;
+ char *new_buf = NULL;
+ unsigned long flags;
+
+ if (req->status != 0 || req->buf == NULL || req->actual == 0) {
+ ERROR(cdev,
+ "%s FAILED: status=%d, buf=%p, actual=%d\n",
+ __func__, req->status, req->buf, req->actual);
+ return;
+ }
+
+ spin_lock_irqsave(&hidg->read_spinlock, flags);
+
+ new_buf = krealloc(hidg->set_report_buf, req->actual, GFP_ATOMIC);
+ if (new_buf == NULL) {
+ spin_unlock_irqrestore(&hidg->read_spinlock, flags);
+ return;
+ }
+ hidg->set_report_buf = new_buf;
+
+ hidg->set_report_length = req->actual;
+ memcpy(hidg->set_report_buf, req->buf, req->actual);
+
+ spin_unlock_irqrestore(&hidg->read_spinlock, flags);
+
+ wake_up(&hidg->read_queue);
+}
+
static int hidg_setup(struct usb_function *f,
const struct usb_ctrlrequest *ctrl)
{
@@ -555,7 +681,11 @@ static int hidg_setup(struct usb_function *f,
case ((USB_DIR_OUT | USB_TYPE_CLASS | USB_RECIP_INTERFACE) << 8
| HID_REQ_SET_REPORT):
VDBG(cdev, "set_report | wLength=%d\n", ctrl->wLength);
- goto stall;
+ if (hidg->use_out_ep)
+ goto stall;
+ req->complete = hidg_ssreport_complete;
+ req->context = hidg;
+ goto respond;
break;
case ((USB_DIR_OUT | USB_TYPE_CLASS | USB_RECIP_INTERFACE) << 8
@@ -643,15 +773,18 @@ static void hidg_disable(struct usb_function *f)
unsigned long flags;
usb_ep_disable(hidg->in_ep);
- usb_ep_disable(hidg->out_ep);
- spin_lock_irqsave(&hidg->read_spinlock, flags);
- list_for_each_entry_safe(list, next, &hidg->completed_out_req, list) {
- free_ep_req(hidg->out_ep, list->req);
- list_del(&list->list);
- kfree(list);
+ if (hidg->out_ep) {
+ usb_ep_disable(hidg->out_ep);
+
+ spin_lock_irqsave(&hidg->read_spinlock, flags);
+ list_for_each_entry_safe(list, next, &hidg->completed_out_req, list) {
+ free_ep_req(hidg->out_ep, list->req);
+ list_del(&list->list);
+ kfree(list);
+ }
+ spin_unlock_irqrestore(&hidg->read_spinlock, flags);
}
- spin_unlock_irqrestore(&hidg->read_spinlock, flags);
spin_lock_irqsave(&hidg->write_spinlock, flags);
if (!hidg->write_pending) {
@@ -697,8 +830,7 @@ static int hidg_set_alt(struct usb_function *f, unsigned intf, unsigned alt)
}
}
-
- if (hidg->out_ep != NULL) {
+ if (hidg->use_out_ep && hidg->out_ep != NULL) {
/* restart endpoint */
usb_ep_disable(hidg->out_ep);
@@ -723,7 +855,7 @@ static int hidg_set_alt(struct usb_function *f, unsigned intf, unsigned alt)
hidg_alloc_ep_req(hidg->out_ep,
hidg->report_length);
if (req) {
- req->complete = hidg_set_report_complete;
+ req->complete = hidg_intout_complete;
req->context = hidg;
status = usb_ep_queue(hidg->out_ep, req,
GFP_ATOMIC);
@@ -749,7 +881,8 @@ static int hidg_set_alt(struct usb_function *f, unsigned intf, unsigned alt)
}
return 0;
disable_out_ep:
- usb_ep_disable(hidg->out_ep);
+ if (hidg->out_ep)
+ usb_ep_disable(hidg->out_ep);
free_req_in:
if (req_in)
free_ep_req(hidg->in_ep, req_in);
@@ -801,14 +934,21 @@ static int hidg_bind(struct usb_configuration *c, struct usb_function *f)
goto fail;
hidg->in_ep = ep;
- ep = usb_ep_autoconfig(c->cdev->gadget, &hidg_fs_out_ep_desc);
- if (!ep)
- goto fail;
- hidg->out_ep = ep;
+ hidg->out_ep = NULL;
+ if (hidg->use_out_ep) {
+ ep = usb_ep_autoconfig(c->cdev->gadget, &hidg_fs_out_ep_desc);
+ if (!ep)
+ goto fail;
+ hidg->out_ep = ep;
+ }
+
+ /* used only if use_out_ep == 1 */
+ hidg->set_report_buf = NULL;
/* set descriptor dynamic values */
hidg_interface_desc.bInterfaceSubClass = hidg->bInterfaceSubClass;
hidg_interface_desc.bInterfaceProtocol = hidg->bInterfaceProtocol;
+ hidg_interface_desc.bNumEndpoints = hidg->use_out_ep ? 2 : 1;
hidg->protocol = HID_REPORT_PROTOCOL;
hidg->idle = 1;
hidg_ss_in_ep_desc.wMaxPacketSize = cpu_to_le16(hidg->report_length);
@@ -839,9 +979,19 @@ static int hidg_bind(struct usb_configuration *c, struct usb_function *f)
hidg_ss_out_ep_desc.bEndpointAddress =
hidg_fs_out_ep_desc.bEndpointAddress;
- status = usb_assign_descriptors(f, hidg_fs_descriptors,
- hidg_hs_descriptors, hidg_ss_descriptors,
- hidg_ss_descriptors);
+ if (hidg->use_out_ep)
+ status = usb_assign_descriptors(f,
+ hidg_fs_descriptors_intout,
+ hidg_hs_descriptors_intout,
+ hidg_ss_descriptors_intout,
+ hidg_ss_descriptors_intout);
+ else
+ status = usb_assign_descriptors(f,
+ hidg_fs_descriptors_ssreport,
+ hidg_hs_descriptors_ssreport,
+ hidg_ss_descriptors_ssreport,
+ hidg_ss_descriptors_ssreport);
+
if (status)
goto fail;
@@ -956,6 +1106,7 @@ CONFIGFS_ATTR(f_hid_opts_, name)
F_HID_OPT(subclass, 8, 255);
F_HID_OPT(protocol, 8, 255);
+F_HID_OPT(no_out_endpoint, 8, 1);
F_HID_OPT(report_length, 16, 65535);
static ssize_t f_hid_opts_report_desc_show(struct config_item *item, char *page)
@@ -1015,6 +1166,7 @@ CONFIGFS_ATTR_RO(f_hid_opts_, dev);
static struct configfs_attribute *hid_attrs[] = {
&f_hid_opts_attr_subclass,
&f_hid_opts_attr_protocol,
+ &f_hid_opts_attr_no_out_endpoint,
&f_hid_opts_attr_report_length,
&f_hid_opts_attr_report_desc,
&f_hid_opts_attr_dev,
@@ -1099,6 +1251,7 @@ static void hidg_free(struct usb_function *f)
hidg = func_to_hidg(f);
opts = container_of(f->fi, struct f_hid_opts, func_inst);
kfree(hidg->report_desc);
+ kfree(hidg->set_report_buf);
kfree(hidg);
mutex_lock(&opts->lock);
--opts->refcnt;
@@ -1145,6 +1298,7 @@ static struct usb_function *hidg_alloc(struct usb_function_instance *fi)
return ERR_PTR(-ENOMEM);
}
}
+ hidg->use_out_ep = !opts->no_out_endpoint;
mutex_unlock(&opts->lock);
diff --git a/drivers/usb/gadget/function/u_hid.h b/drivers/usb/gadget/function/u_hid.h
index 2f5ca4bfa7ff..c090eb6c9759 100644
--- a/drivers/usb/gadget/function/u_hid.h
+++ b/drivers/usb/gadget/function/u_hid.h
@@ -20,6 +20,7 @@ struct f_hid_opts {
int minor;
unsigned char subclass;
unsigned char protocol;
+ unsigned char no_out_endpoint;
unsigned short report_length;
unsigned short report_desc_length;
unsigned char *report_desc;
--
2.35.1
^ permalink raw reply related [flat|nested] 529+ messages in thread
* [PATCH 4.19 238/521] usb: gadget: f_hid: fix f_hidg lifetime vs cdev
2023-01-16 15:44 [PATCH 4.19 000/521] 4.19.270-rc1 review Greg Kroah-Hartman
` (236 preceding siblings ...)
2023-01-16 15:48 ` [PATCH 4.19 237/521] usb: gadget: f_hid: optional SETUP/SET_REPORT mode Greg Kroah-Hartman
@ 2023-01-16 15:48 ` Greg Kroah-Hartman
2023-01-16 15:48 ` [PATCH 4.19 239/521] usb: gadget: f_hid: fix refcount leak on error path Greg Kroah-Hartman
` (286 subsequent siblings)
524 siblings, 0 replies; 529+ messages in thread
From: Greg Kroah-Hartman @ 2023-01-16 15:48 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Lee Jones, Andrzej Pietrasiewicz,
John Keeping, Sasha Levin
From: John Keeping <john@metanate.com>
[ Upstream commit 89ff3dfac604614287ad5aad9370c3f984ea3f4b ]
The embedded struct cdev does not have its lifetime correctly tied to
the enclosing struct f_hidg, so there is a use-after-free if /dev/hidgN
is held open while the gadget is deleted.
This can readily be replicated with libusbgx's example programs (for
conciseness - operating directly via configfs is equivalent):
gadget-hid
exec 3<> /dev/hidg0
gadget-vid-pid-remove
exec 3<&-
Pull the existing device up in to struct f_hidg and make use of the
cdev_device_{add,del}() helpers. This changes the lifetime of the
device object to match struct f_hidg, but note that it is still added
and deleted at the same time.
Fixes: 71adf1189469 ("USB: gadget: add HID gadget driver")
Tested-by: Lee Jones <lee@kernel.org>
Reviewed-by: Andrzej Pietrasiewicz <andrzej.p@collabora.com>
Reviewed-by: Lee Jones <lee@kernel.org>
Signed-off-by: John Keeping <john@metanate.com>
Link: https://lore.kernel.org/r/20221122123523.3068034-2-john@metanate.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/usb/gadget/function/f_hid.c | 52 ++++++++++++++++-------------
1 file changed, 28 insertions(+), 24 deletions(-)
diff --git a/drivers/usb/gadget/function/f_hid.c b/drivers/usb/gadget/function/f_hid.c
index 0c200f152036..2aaa3ea74e5a 100644
--- a/drivers/usb/gadget/function/f_hid.c
+++ b/drivers/usb/gadget/function/f_hid.c
@@ -71,7 +71,7 @@ struct f_hidg {
wait_queue_head_t write_queue;
struct usb_request *req;
- int minor;
+ struct device dev;
struct cdev cdev;
struct usb_function func;
@@ -84,6 +84,14 @@ static inline struct f_hidg *func_to_hidg(struct usb_function *f)
return container_of(f, struct f_hidg, func);
}
+static void hidg_release(struct device *dev)
+{
+ struct f_hidg *hidg = container_of(dev, struct f_hidg, dev);
+
+ kfree(hidg->set_report_buf);
+ kfree(hidg);
+}
+
/*-------------------------------------------------------------------------*/
/* Static descriptors */
@@ -910,9 +918,7 @@ static int hidg_bind(struct usb_configuration *c, struct usb_function *f)
struct usb_ep *ep;
struct f_hidg *hidg = func_to_hidg(f);
struct usb_string *us;
- struct device *device;
int status;
- dev_t dev;
/* maybe allocate device-global string IDs, and patch descriptors */
us = usb_gstrings_attach(c->cdev, ct_func_strings,
@@ -1005,21 +1011,11 @@ static int hidg_bind(struct usb_configuration *c, struct usb_function *f)
/* create char device */
cdev_init(&hidg->cdev, &f_hidg_fops);
- dev = MKDEV(major, hidg->minor);
- status = cdev_add(&hidg->cdev, dev, 1);
+ status = cdev_device_add(&hidg->cdev, &hidg->dev);
if (status)
goto fail_free_descs;
- device = device_create(hidg_class, NULL, dev, NULL,
- "%s%d", "hidg", hidg->minor);
- if (IS_ERR(device)) {
- status = PTR_ERR(device);
- goto del;
- }
-
return 0;
-del:
- cdev_del(&hidg->cdev);
fail_free_descs:
usb_free_all_descriptors(f);
fail:
@@ -1250,9 +1246,7 @@ static void hidg_free(struct usb_function *f)
hidg = func_to_hidg(f);
opts = container_of(f->fi, struct f_hid_opts, func_inst);
- kfree(hidg->report_desc);
- kfree(hidg->set_report_buf);
- kfree(hidg);
+ put_device(&hidg->dev);
mutex_lock(&opts->lock);
--opts->refcnt;
mutex_unlock(&opts->lock);
@@ -1262,8 +1256,7 @@ static void hidg_unbind(struct usb_configuration *c, struct usb_function *f)
{
struct f_hidg *hidg = func_to_hidg(f);
- device_destroy(hidg_class, MKDEV(major, hidg->minor));
- cdev_del(&hidg->cdev);
+ cdev_device_del(&hidg->cdev, &hidg->dev);
usb_free_all_descriptors(f);
}
@@ -1272,6 +1265,7 @@ static struct usb_function *hidg_alloc(struct usb_function_instance *fi)
{
struct f_hidg *hidg;
struct f_hid_opts *opts;
+ int ret;
/* allocate and initialize one new instance */
hidg = kzalloc(sizeof(*hidg), GFP_KERNEL);
@@ -1283,17 +1277,27 @@ static struct usb_function *hidg_alloc(struct usb_function_instance *fi)
mutex_lock(&opts->lock);
++opts->refcnt;
- hidg->minor = opts->minor;
+ device_initialize(&hidg->dev);
+ hidg->dev.release = hidg_release;
+ hidg->dev.class = hidg_class;
+ hidg->dev.devt = MKDEV(major, opts->minor);
+ ret = dev_set_name(&hidg->dev, "hidg%d", opts->minor);
+ if (ret) {
+ --opts->refcnt;
+ mutex_unlock(&opts->lock);
+ return ERR_PTR(ret);
+ }
+
hidg->bInterfaceSubClass = opts->subclass;
hidg->bInterfaceProtocol = opts->protocol;
hidg->report_length = opts->report_length;
hidg->report_desc_length = opts->report_desc_length;
if (opts->report_desc) {
- hidg->report_desc = kmemdup(opts->report_desc,
- opts->report_desc_length,
- GFP_KERNEL);
+ hidg->report_desc = devm_kmemdup(&hidg->dev, opts->report_desc,
+ opts->report_desc_length,
+ GFP_KERNEL);
if (!hidg->report_desc) {
- kfree(hidg);
+ put_device(&hidg->dev);
mutex_unlock(&opts->lock);
return ERR_PTR(-ENOMEM);
}
--
2.35.1
^ permalink raw reply related [flat|nested] 529+ messages in thread
* [PATCH 4.19 239/521] usb: gadget: f_hid: fix refcount leak on error path
2023-01-16 15:44 [PATCH 4.19 000/521] 4.19.270-rc1 review Greg Kroah-Hartman
` (237 preceding siblings ...)
2023-01-16 15:48 ` [PATCH 4.19 238/521] usb: gadget: f_hid: fix f_hidg lifetime vs cdev Greg Kroah-Hartman
@ 2023-01-16 15:48 ` Greg Kroah-Hartman
2023-01-16 15:48 ` [PATCH 4.19 240/521] drivers: mcb: fix resource leak in mcb_probe() Greg Kroah-Hartman
` (285 subsequent siblings)
524 siblings, 0 replies; 529+ messages in thread
From: Greg Kroah-Hartman @ 2023-01-16 15:48 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Lee Jones, Andrzej Pietrasiewicz,
John Keeping, Sasha Levin
From: John Keeping <john@metanate.com>
[ Upstream commit 70a3288a7586526315105c699b687d78cd32559a ]
When failing to allocate report_desc, opts->refcnt has already been
incremented so it needs to be decremented to avoid leaving the options
structure permanently locked.
Fixes: 21a9476a7ba8 ("usb: gadget: hid: add configfs support")
Tested-by: Lee Jones <lee@kernel.org>
Reviewed-by: Andrzej Pietrasiewicz <andrzej.p@collabora.com>
Reviewed-by: Lee Jones <lee@kernel.org>
Signed-off-by: John Keeping <john@metanate.com>
Link: https://lore.kernel.org/r/20221122123523.3068034-3-john@metanate.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/usb/gadget/function/f_hid.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/drivers/usb/gadget/function/f_hid.c b/drivers/usb/gadget/function/f_hid.c
index 2aaa3ea74e5a..ea877cba0763 100644
--- a/drivers/usb/gadget/function/f_hid.c
+++ b/drivers/usb/gadget/function/f_hid.c
@@ -1298,6 +1298,7 @@ static struct usb_function *hidg_alloc(struct usb_function_instance *fi)
GFP_KERNEL);
if (!hidg->report_desc) {
put_device(&hidg->dev);
+ --opts->refcnt;
mutex_unlock(&opts->lock);
return ERR_PTR(-ENOMEM);
}
--
2.35.1
^ permalink raw reply related [flat|nested] 529+ messages in thread
* [PATCH 4.19 240/521] drivers: mcb: fix resource leak in mcb_probe()
2023-01-16 15:44 [PATCH 4.19 000/521] 4.19.270-rc1 review Greg Kroah-Hartman
` (238 preceding siblings ...)
2023-01-16 15:48 ` [PATCH 4.19 239/521] usb: gadget: f_hid: fix refcount leak on error path Greg Kroah-Hartman
@ 2023-01-16 15:48 ` Greg Kroah-Hartman
2023-01-16 15:48 ` [PATCH 4.19 241/521] mcb: mcb-parse: fix error handing in chameleon_parse_gdd() Greg Kroah-Hartman
` (284 subsequent siblings)
524 siblings, 0 replies; 529+ messages in thread
From: Greg Kroah-Hartman @ 2023-01-16 15:48 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Zhengchao Shao, Johannes Thumshirn,
Sasha Levin
From: Zhengchao Shao <shaozhengchao@huawei.com>
[ Upstream commit d7237462561fcd224fa687c56ccb68629f50fc0d ]
When probe hook function failed in mcb_probe(), it doesn't put the device.
Compiled test only.
Fixes: 7bc364097a89 ("mcb: Acquire reference to device in probe")
Signed-off-by: Zhengchao Shao <shaozhengchao@huawei.com>
Signed-off-by: Johannes Thumshirn <jth@kernel.org>
Link: https://lore.kernel.org/r/9f87de36bfb85158b506cb78c6fc9db3f6a3bad1.1669624063.git.johannes.thumshirn@wdc.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/mcb/mcb-core.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/drivers/mcb/mcb-core.c b/drivers/mcb/mcb-core.c
index 118d27ee31c2..7fd32b0183dc 100644
--- a/drivers/mcb/mcb-core.c
+++ b/drivers/mcb/mcb-core.c
@@ -74,8 +74,10 @@ static int mcb_probe(struct device *dev)
get_device(dev);
ret = mdrv->probe(mdev, found_id);
- if (ret)
+ if (ret) {
module_put(carrier_mod);
+ put_device(dev);
+ }
return ret;
}
--
2.35.1
^ permalink raw reply related [flat|nested] 529+ messages in thread
* [PATCH 4.19 241/521] mcb: mcb-parse: fix error handing in chameleon_parse_gdd()
2023-01-16 15:44 [PATCH 4.19 000/521] 4.19.270-rc1 review Greg Kroah-Hartman
` (239 preceding siblings ...)
2023-01-16 15:48 ` [PATCH 4.19 240/521] drivers: mcb: fix resource leak in mcb_probe() Greg Kroah-Hartman
@ 2023-01-16 15:48 ` Greg Kroah-Hartman
2023-01-16 15:48 ` [PATCH 4.19 242/521] chardev: fix error handling in cdev_device_add() Greg Kroah-Hartman
` (283 subsequent siblings)
524 siblings, 0 replies; 529+ messages in thread
From: Greg Kroah-Hartman @ 2023-01-16 15:48 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Johannes Thumshirn, Yang Yingliang,
Sasha Levin
From: Yang Yingliang <yangyingliang@huawei.com>
[ Upstream commit 728ac3389296caf68638628c987aeae6c8851e2d ]
If mcb_device_register() returns error in chameleon_parse_gdd(), the refcount
of bus and device name are leaked. Fix this by calling put_device() to give up
the reference, so they can be released in mcb_release_dev() and kobject_cleanup().
Fixes: 3764e82e5150 ("drivers: Introduce MEN Chameleon Bus")
Reviewed-by: Johannes Thumshirn <jth@kernel.org>
Signed-off-by: Yang Yingliang <yangyingliang@huawei.com>
Signed-off-by: Johannes Thumshirn <jth@kernel.org>
Link: https://lore.kernel.org/r/ebfb06e39b19272f0197fa9136b5e4b6f34ad732.1669624063.git.johannes.thumshirn@wdc.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/mcb/mcb-parse.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/mcb/mcb-parse.c b/drivers/mcb/mcb-parse.c
index 7369bda3442f..3636349648b4 100644
--- a/drivers/mcb/mcb-parse.c
+++ b/drivers/mcb/mcb-parse.c
@@ -107,7 +107,7 @@ static int chameleon_parse_gdd(struct mcb_bus *bus,
return 0;
err:
- mcb_free_dev(mdev);
+ put_device(&mdev->dev);
return ret;
}
--
2.35.1
^ permalink raw reply related [flat|nested] 529+ messages in thread
* [PATCH 4.19 242/521] chardev: fix error handling in cdev_device_add()
2023-01-16 15:44 [PATCH 4.19 000/521] 4.19.270-rc1 review Greg Kroah-Hartman
` (240 preceding siblings ...)
2023-01-16 15:48 ` [PATCH 4.19 241/521] mcb: mcb-parse: fix error handing in chameleon_parse_gdd() Greg Kroah-Hartman
@ 2023-01-16 15:48 ` Greg Kroah-Hartman
2023-01-16 15:48 ` [PATCH 4.19 243/521] i2c: pxa-pci: fix missing pci_disable_device() on error in ce4100_i2c_probe Greg Kroah-Hartman
` (282 subsequent siblings)
524 siblings, 0 replies; 529+ messages in thread
From: Greg Kroah-Hartman @ 2023-01-16 15:48 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Yang Yingliang, Sasha Levin
From: Yang Yingliang <yangyingliang@huawei.com>
[ Upstream commit 11fa7fefe3d8fac7da56bc9aa3dd5fb3081ca797 ]
While doing fault injection test, I got the following report:
------------[ cut here ]------------
kobject: '(null)' (0000000039956980): is not initialized, yet kobject_put() is being called.
WARNING: CPU: 3 PID: 6306 at kobject_put+0x23d/0x4e0
CPU: 3 PID: 6306 Comm: 283 Tainted: G W 6.1.0-rc2-00005-g307c1086d7c9 #1253
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.13.0-1ubuntu1.1 04/01/2014
RIP: 0010:kobject_put+0x23d/0x4e0
Call Trace:
<TASK>
cdev_device_add+0x15e/0x1b0
__iio_device_register+0x13b4/0x1af0 [industrialio]
__devm_iio_device_register+0x22/0x90 [industrialio]
max517_probe+0x3d8/0x6b4 [max517]
i2c_device_probe+0xa81/0xc00
When device_add() is injected fault and returns error, if dev->devt is not set,
cdev_add() is not called, cdev_del() is not needed. Fix this by checking dev->devt
in error path.
Fixes: 233ed09d7fda ("chardev: add helper function to register char devs with a struct device")
Signed-off-by: Yang Yingliang <yangyingliang@huawei.com>
Link: https://lore.kernel.org/r/20221202030237.520280-1-yangyingliang@huawei.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
fs/char_dev.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/fs/char_dev.c b/fs/char_dev.c
index 5fffd5050fb7..2c3d519b21c2 100644
--- a/fs/char_dev.c
+++ b/fs/char_dev.c
@@ -553,7 +553,7 @@ int cdev_device_add(struct cdev *cdev, struct device *dev)
}
rc = device_add(dev);
- if (rc)
+ if (rc && dev->devt)
cdev_del(cdev);
return rc;
--
2.35.1
^ permalink raw reply related [flat|nested] 529+ messages in thread
* [PATCH 4.19 243/521] i2c: pxa-pci: fix missing pci_disable_device() on error in ce4100_i2c_probe
2023-01-16 15:44 [PATCH 4.19 000/521] 4.19.270-rc1 review Greg Kroah-Hartman
` (241 preceding siblings ...)
2023-01-16 15:48 ` [PATCH 4.19 242/521] chardev: fix error handling in cdev_device_add() Greg Kroah-Hartman
@ 2023-01-16 15:48 ` Greg Kroah-Hartman
2023-01-16 15:48 ` [PATCH 4.19 244/521] staging: rtl8192u: Fix use after free in ieee80211_rx() Greg Kroah-Hartman
` (281 subsequent siblings)
524 siblings, 0 replies; 529+ messages in thread
From: Greg Kroah-Hartman @ 2023-01-16 15:48 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Hui Tang, Wolfram Sang, Sasha Levin
From: Hui Tang <tanghui20@huawei.com>
[ Upstream commit d78a167332e1ca8113268ed922c1212fd71b73ad ]
Using pcim_enable_device() to avoid missing pci_disable_device().
Fixes: 7e94dd154e93 ("i2c-pxa2xx: Add PCI support for PXA I2C controller")
Signed-off-by: Hui Tang <tanghui20@huawei.com>
Signed-off-by: Wolfram Sang <wsa@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/i2c/busses/i2c-pxa-pci.c | 10 +++-------
1 file changed, 3 insertions(+), 7 deletions(-)
diff --git a/drivers/i2c/busses/i2c-pxa-pci.c b/drivers/i2c/busses/i2c-pxa-pci.c
index 72ea8f4c61aa..883937c8408b 100644
--- a/drivers/i2c/busses/i2c-pxa-pci.c
+++ b/drivers/i2c/busses/i2c-pxa-pci.c
@@ -105,7 +105,7 @@ static int ce4100_i2c_probe(struct pci_dev *dev,
int i;
struct ce4100_devices *sds;
- ret = pci_enable_device_mem(dev);
+ ret = pcim_enable_device(dev);
if (ret)
return ret;
@@ -114,10 +114,8 @@ static int ce4100_i2c_probe(struct pci_dev *dev,
return -EINVAL;
}
sds = kzalloc(sizeof(*sds), GFP_KERNEL);
- if (!sds) {
- ret = -ENOMEM;
- goto err_mem;
- }
+ if (!sds)
+ return -ENOMEM;
for (i = 0; i < ARRAY_SIZE(sds->pdev); i++) {
sds->pdev[i] = add_i2c_device(dev, i);
@@ -133,8 +131,6 @@ static int ce4100_i2c_probe(struct pci_dev *dev,
err_dev_add:
kfree(sds);
-err_mem:
- pci_disable_device(dev);
return ret;
}
--
2.35.1
^ permalink raw reply related [flat|nested] 529+ messages in thread
* [PATCH 4.19 244/521] staging: rtl8192u: Fix use after free in ieee80211_rx()
2023-01-16 15:44 [PATCH 4.19 000/521] 4.19.270-rc1 review Greg Kroah-Hartman
` (242 preceding siblings ...)
2023-01-16 15:48 ` [PATCH 4.19 243/521] i2c: pxa-pci: fix missing pci_disable_device() on error in ce4100_i2c_probe Greg Kroah-Hartman
@ 2023-01-16 15:48 ` Greg Kroah-Hartman
2023-01-16 15:48 ` [PATCH 4.19 245/521] staging: rtl8192e: Fix potential use-after-free in rtllib_rx_Monitor() Greg Kroah-Hartman
` (280 subsequent siblings)
524 siblings, 0 replies; 529+ messages in thread
From: Greg Kroah-Hartman @ 2023-01-16 15:48 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Dan Carpenter, Sasha Levin
From: Dan Carpenter <error27@gmail.com>
[ Upstream commit bcc5e2dcf09089b337b76fc1a589f6ff95ca19ac ]
We cannot dereference the "skb" pointer after calling
ieee80211_monitor_rx(), because it is a use after free.
Fixes: 8fc8598e61f6 ("Staging: Added Realtek rtl8192u driver to staging")
Signed-off-by: Dan Carpenter <error27@gmail.com>
Link: https://lore.kernel.org/r/Y33BArx3k/aw6yv/@kili
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/staging/rtl8192u/ieee80211/ieee80211_rx.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/drivers/staging/rtl8192u/ieee80211/ieee80211_rx.c b/drivers/staging/rtl8192u/ieee80211/ieee80211_rx.c
index fb824c517449..14b3daa5f17e 100644
--- a/drivers/staging/rtl8192u/ieee80211/ieee80211_rx.c
+++ b/drivers/staging/rtl8192u/ieee80211/ieee80211_rx.c
@@ -961,9 +961,11 @@ int ieee80211_rx(struct ieee80211_device *ieee, struct sk_buff *skb,
#endif
if (ieee->iw_mode == IW_MODE_MONITOR) {
+ unsigned int len = skb->len;
+
ieee80211_monitor_rx(ieee, skb, rx_stats);
stats->rx_packets++;
- stats->rx_bytes += skb->len;
+ stats->rx_bytes += len;
return 1;
}
--
2.35.1
^ permalink raw reply related [flat|nested] 529+ messages in thread
* [PATCH 4.19 245/521] staging: rtl8192e: Fix potential use-after-free in rtllib_rx_Monitor()
2023-01-16 15:44 [PATCH 4.19 000/521] 4.19.270-rc1 review Greg Kroah-Hartman
` (243 preceding siblings ...)
2023-01-16 15:48 ` [PATCH 4.19 244/521] staging: rtl8192u: Fix use after free in ieee80211_rx() Greg Kroah-Hartman
@ 2023-01-16 15:48 ` Greg Kroah-Hartman
2023-01-16 15:48 ` [PATCH 4.19 246/521] vme: Fix error not catched in fake_init() Greg Kroah-Hartman
` (279 subsequent siblings)
524 siblings, 0 replies; 529+ messages in thread
From: Greg Kroah-Hartman @ 2023-01-16 15:48 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, YueHaibing, Sasha Levin
From: YueHaibing <yuehaibing@huawei.com>
[ Upstream commit d30f4436f364b4ad915ca2c09be07cd0f93ceb44 ]
The skb is delivered to netif_rx() in rtllib_monitor_rx(), which may free it,
after calling this, dereferencing skb may trigger use-after-free.
Found by Smatch.
Fixes: 94a799425eee ("From: wlanfae <wlanfae@realtek.com> [PATCH 1/8] rtl8192e: Import new version of driver from realtek")
Signed-off-by: YueHaibing <yuehaibing@huawei.com>
Link: https://lore.kernel.org/r/20221123081253.22296-1-yuehaibing@huawei.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/staging/rtl8192e/rtllib_rx.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/staging/rtl8192e/rtllib_rx.c b/drivers/staging/rtl8192e/rtllib_rx.c
index 3bfd63fe4ac1..004d89853a68 100644
--- a/drivers/staging/rtl8192e/rtllib_rx.c
+++ b/drivers/staging/rtl8192e/rtllib_rx.c
@@ -1500,9 +1500,9 @@ static int rtllib_rx_Monitor(struct rtllib_device *ieee, struct sk_buff *skb,
hdrlen += 4;
}
- rtllib_monitor_rx(ieee, skb, rx_stats, hdrlen);
ieee->stats.rx_packets++;
ieee->stats.rx_bytes += skb->len;
+ rtllib_monitor_rx(ieee, skb, rx_stats, hdrlen);
return 1;
}
--
2.35.1
^ permalink raw reply related [flat|nested] 529+ messages in thread
* [PATCH 4.19 246/521] vme: Fix error not catched in fake_init()
2023-01-16 15:44 [PATCH 4.19 000/521] 4.19.270-rc1 review Greg Kroah-Hartman
` (244 preceding siblings ...)
2023-01-16 15:48 ` [PATCH 4.19 245/521] staging: rtl8192e: Fix potential use-after-free in rtllib_rx_Monitor() Greg Kroah-Hartman
@ 2023-01-16 15:48 ` Greg Kroah-Hartman
2023-01-16 15:48 ` [PATCH 4.19 247/521] drivers: provide devm_platform_ioremap_resource() Greg Kroah-Hartman
` (278 subsequent siblings)
524 siblings, 0 replies; 529+ messages in thread
From: Greg Kroah-Hartman @ 2023-01-16 15:48 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Chen Zhongjin, Sasha Levin
From: Chen Zhongjin <chenzhongjin@huawei.com>
[ Upstream commit 7bef797d707f1744f71156b21d41e3b8c946631f ]
In fake_init(), __root_device_register() is possible to fail but it's
ignored, which can cause unregistering vme_root fail when exit.
general protection fault,
probably for non-canonical address 0xdffffc000000008c
KASAN: null-ptr-deref in range [0x0000000000000460-0x0000000000000467]
RIP: 0010:root_device_unregister+0x26/0x60
Call Trace:
<TASK>
__x64_sys_delete_module+0x34f/0x540
do_syscall_64+0x38/0x90
entry_SYSCALL_64_after_hwframe+0x63/0xcd
Return error when __root_device_register() fails.
Fixes: 658bcdae9c67 ("vme: Adding Fake VME driver")
Signed-off-by: Chen Zhongjin <chenzhongjin@huawei.com>
Link: https://lore.kernel.org/r/20221205084805.147436-1-chenzhongjin@huawei.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/vme/bridges/vme_fake.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/drivers/vme/bridges/vme_fake.c b/drivers/vme/bridges/vme_fake.c
index 685a43bdc2a1..06bfc7f0e0b6 100644
--- a/drivers/vme/bridges/vme_fake.c
+++ b/drivers/vme/bridges/vme_fake.c
@@ -1077,6 +1077,8 @@ static int __init fake_init(void)
/* We need a fake parent device */
vme_root = __root_device_register("vme", THIS_MODULE);
+ if (IS_ERR(vme_root))
+ return PTR_ERR(vme_root);
/* If we want to support more than one bridge at some point, we need to
* dynamically allocate this so we get one per device.
--
2.35.1
^ permalink raw reply related [flat|nested] 529+ messages in thread
* [PATCH 4.19 247/521] drivers: provide devm_platform_ioremap_resource()
2023-01-16 15:44 [PATCH 4.19 000/521] 4.19.270-rc1 review Greg Kroah-Hartman
` (245 preceding siblings ...)
2023-01-16 15:48 ` [PATCH 4.19 246/521] vme: Fix error not catched in fake_init() Greg Kroah-Hartman
@ 2023-01-16 15:48 ` Greg Kroah-Hartman
2023-01-16 15:48 ` [PATCH 4.19 248/521] drivers: provide devm_platform_get_and_ioremap_resource() Greg Kroah-Hartman
` (277 subsequent siblings)
524 siblings, 0 replies; 529+ messages in thread
From: Greg Kroah-Hartman @ 2023-01-16 15:48 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Bartosz Golaszewski,
Andy Shevchenko, Linus Walleij, Sasha Levin
From: Bartosz Golaszewski <bgolaszewski@baylibre.com>
[ Upstream commit 7945f929f1a77a1c8887a97ca07f87626858ff42 ]
There are currently 1200+ instances of using platform_get_resource()
and devm_ioremap_resource() together in the kernel tree.
This patch wraps these two calls in a single helper. Thanks to that
we don't have to declare a local variable for struct resource * and can
omit the redundant argument for resource type. We also have one
function call less.
Signed-off-by: Bartosz Golaszewski <bgolaszewski@baylibre.com>
Acked-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Reviewed-by: Andy Shevchenko <andriy.shevchenko@linux.intel.com>
Signed-off-by: Linus Walleij <linus.walleij@linaro.org>
Stable-dep-of: 2d47b79d2bd3 ("i2c: mux: reg: check return value after calling platform_get_resource()")
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/base/platform.c | 18 ++++++++++++++++++
include/linux/platform_device.h | 3 +++
2 files changed, 21 insertions(+)
diff --git a/drivers/base/platform.c b/drivers/base/platform.c
index 349c2754eed7..ea83c279b8a3 100644
--- a/drivers/base/platform.c
+++ b/drivers/base/platform.c
@@ -80,6 +80,24 @@ struct resource *platform_get_resource(struct platform_device *dev,
}
EXPORT_SYMBOL_GPL(platform_get_resource);
+/**
+ * devm_platform_ioremap_resource - call devm_ioremap_resource() for a platform
+ * device
+ *
+ * @pdev: platform device to use both for memory resource lookup as well as
+ * resource managemend
+ * @index: resource index
+ */
+void __iomem *devm_platform_ioremap_resource(struct platform_device *pdev,
+ unsigned int index)
+{
+ struct resource *res;
+
+ res = platform_get_resource(pdev, IORESOURCE_MEM, index);
+ return devm_ioremap_resource(&pdev->dev, res);
+}
+EXPORT_SYMBOL_GPL(devm_platform_ioremap_resource);
+
/**
* platform_get_irq - get an IRQ for a device
* @dev: platform device
diff --git a/include/linux/platform_device.h b/include/linux/platform_device.h
index 1a9f38f27f65..9e5c98fcea8c 100644
--- a/include/linux/platform_device.h
+++ b/include/linux/platform_device.h
@@ -51,6 +51,9 @@ extern struct device platform_bus;
extern void arch_setup_pdev_archdata(struct platform_device *);
extern struct resource *platform_get_resource(struct platform_device *,
unsigned int, unsigned int);
+extern void __iomem *
+devm_platform_ioremap_resource(struct platform_device *pdev,
+ unsigned int index);
extern int platform_get_irq(struct platform_device *, unsigned int);
extern int platform_irq_count(struct platform_device *);
extern struct resource *platform_get_resource_byname(struct platform_device *,
--
2.35.1
^ permalink raw reply related [flat|nested] 529+ messages in thread
* [PATCH 4.19 248/521] drivers: provide devm_platform_get_and_ioremap_resource()
2023-01-16 15:44 [PATCH 4.19 000/521] 4.19.270-rc1 review Greg Kroah-Hartman
` (246 preceding siblings ...)
2023-01-16 15:48 ` [PATCH 4.19 247/521] drivers: provide devm_platform_ioremap_resource() Greg Kroah-Hartman
@ 2023-01-16 15:48 ` Greg Kroah-Hartman
2023-01-16 15:48 ` [PATCH 4.19 249/521] i2c: mux: reg: check return value after calling platform_get_resource() Greg Kroah-Hartman
` (276 subsequent siblings)
524 siblings, 0 replies; 529+ messages in thread
From: Greg Kroah-Hartman @ 2023-01-16 15:48 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Geert Uytterhoeven, Sergei Shtylyov,
Geert Uytterhoeven, Dejin Zheng, Sasha Levin
From: Dejin Zheng <zhengdejin5@gmail.com>
[ Upstream commit 890cc39a879906b63912482dfc41944579df2dc6 ]
Since commit "drivers: provide devm_platform_ioremap_resource()",
it was wrap platform_get_resource() and devm_ioremap_resource() as
single helper devm_platform_ioremap_resource(). but now, many drivers
still used platform_get_resource() and devm_ioremap_resource()
together in the kernel tree. The reason can not be replaced is they
still need use the resource variables obtained by platform_get_resource().
so provide this helper.
Suggested-by: Geert Uytterhoeven <geert@linux-m68k.org>
Suggested-by: Sergei Shtylyov <sergei.shtylyov@cogentembedded.com>
Reviewed-by: Geert Uytterhoeven <geert+renesas@glider.be>
Signed-off-by: Dejin Zheng <zhengdejin5@gmail.com>
Link: https://lore.kernel.org/r/20200323160612.17277-2-zhengdejin5@gmail.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Stable-dep-of: 2d47b79d2bd3 ("i2c: mux: reg: check return value after calling platform_get_resource()")
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/base/platform.c | 22 ++++++++++++++++++++++
include/linux/platform_device.h | 3 +++
2 files changed, 25 insertions(+)
diff --git a/drivers/base/platform.c b/drivers/base/platform.c
index ea83c279b8a3..c4e398f3de50 100644
--- a/drivers/base/platform.c
+++ b/drivers/base/platform.c
@@ -80,6 +80,28 @@ struct resource *platform_get_resource(struct platform_device *dev,
}
EXPORT_SYMBOL_GPL(platform_get_resource);
+/**
+ * devm_platform_get_and_ioremap_resource - call devm_ioremap_resource() for a
+ * platform device and get resource
+ *
+ * @pdev: platform device to use both for memory resource lookup as well as
+ * resource management
+ * @index: resource index
+ * @res: optional output parameter to store a pointer to the obtained resource.
+ */
+void __iomem *
+devm_platform_get_and_ioremap_resource(struct platform_device *pdev,
+ unsigned int index, struct resource **res)
+{
+ struct resource *r;
+
+ r = platform_get_resource(pdev, IORESOURCE_MEM, index);
+ if (res)
+ *res = r;
+ return devm_ioremap_resource(&pdev->dev, r);
+}
+EXPORT_SYMBOL_GPL(devm_platform_get_and_ioremap_resource);
+
/**
* devm_platform_ioremap_resource - call devm_ioremap_resource() for a platform
* device
diff --git a/include/linux/platform_device.h b/include/linux/platform_device.h
index 9e5c98fcea8c..1de7ea6efdc9 100644
--- a/include/linux/platform_device.h
+++ b/include/linux/platform_device.h
@@ -52,6 +52,9 @@ extern void arch_setup_pdev_archdata(struct platform_device *);
extern struct resource *platform_get_resource(struct platform_device *,
unsigned int, unsigned int);
extern void __iomem *
+devm_platform_get_and_ioremap_resource(struct platform_device *pdev,
+ unsigned int index, struct resource **res);
+extern void __iomem *
devm_platform_ioremap_resource(struct platform_device *pdev,
unsigned int index);
extern int platform_get_irq(struct platform_device *, unsigned int);
--
2.35.1
^ permalink raw reply related [flat|nested] 529+ messages in thread
* [PATCH 4.19 249/521] i2c: mux: reg: check return value after calling platform_get_resource()
2023-01-16 15:44 [PATCH 4.19 000/521] 4.19.270-rc1 review Greg Kroah-Hartman
` (247 preceding siblings ...)
2023-01-16 15:48 ` [PATCH 4.19 248/521] drivers: provide devm_platform_get_and_ioremap_resource() Greg Kroah-Hartman
@ 2023-01-16 15:48 ` Greg Kroah-Hartman
2023-01-16 15:48 ` [PATCH 4.19 250/521] i2c: ismt: Fix an out-of-bounds bug in ismt_access() Greg Kroah-Hartman
` (275 subsequent siblings)
524 siblings, 0 replies; 529+ messages in thread
From: Greg Kroah-Hartman @ 2023-01-16 15:48 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Yang Yingliang, Wolfram Sang, Sasha Levin
From: Yang Yingliang <yangyingliang@huawei.com>
[ Upstream commit 2d47b79d2bd39cc6369eccf94a06568d84c906ae ]
It will cause null-ptr-deref in resource_size(), if platform_get_resource()
returns NULL, move calling resource_size() after devm_ioremap_resource() that
will check 'res' to avoid null-ptr-deref.
And use devm_platform_get_and_ioremap_resource() to simplify code.
Fixes: b3fdd32799d8 ("i2c: mux: Add register-based mux i2c-mux-reg")
Signed-off-by: Yang Yingliang <yangyingliang@huawei.com>
Signed-off-by: Wolfram Sang <wsa@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/i2c/muxes/i2c-mux-reg.c | 5 ++---
1 file changed, 2 insertions(+), 3 deletions(-)
diff --git a/drivers/i2c/muxes/i2c-mux-reg.c b/drivers/i2c/muxes/i2c-mux-reg.c
index 5653295b01cd..6d5cb40bfc96 100644
--- a/drivers/i2c/muxes/i2c-mux-reg.c
+++ b/drivers/i2c/muxes/i2c-mux-reg.c
@@ -191,13 +191,12 @@ static int i2c_mux_reg_probe(struct platform_device *pdev)
if (!mux->data.reg) {
dev_info(&pdev->dev,
"Register not set, using platform resource\n");
- res = platform_get_resource(pdev, IORESOURCE_MEM, 0);
- mux->data.reg_size = resource_size(res);
- mux->data.reg = devm_ioremap_resource(&pdev->dev, res);
+ mux->data.reg = devm_platform_get_and_ioremap_resource(pdev, 0, &res);
if (IS_ERR(mux->data.reg)) {
ret = PTR_ERR(mux->data.reg);
goto err_put_parent;
}
+ mux->data.reg_size = resource_size(res);
}
if (mux->data.reg_size != 4 && mux->data.reg_size != 2 &&
--
2.35.1
^ permalink raw reply related [flat|nested] 529+ messages in thread
* [PATCH 4.19 250/521] i2c: ismt: Fix an out-of-bounds bug in ismt_access()
2023-01-16 15:44 [PATCH 4.19 000/521] 4.19.270-rc1 review Greg Kroah-Hartman
` (248 preceding siblings ...)
2023-01-16 15:48 ` [PATCH 4.19 249/521] i2c: mux: reg: check return value after calling platform_get_resource() Greg Kroah-Hartman
@ 2023-01-16 15:48 ` Greg Kroah-Hartman
2023-01-16 15:48 ` [PATCH 4.19 251/521] usb: storage: Add check for kcalloc Greg Kroah-Hartman
` (274 subsequent siblings)
524 siblings, 0 replies; 529+ messages in thread
From: Greg Kroah-Hartman @ 2023-01-16 15:48 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Zheyu Ma, Wolfram Sang, Sasha Levin
From: Zheyu Ma <zheyuma97@gmail.com>
[ Upstream commit 39244cc754829bf707dccd12e2ce37510f5b1f8d ]
When the driver does not check the data from the user, the variable
'data->block[0]' may be very large to cause an out-of-bounds bug.
The following log can reveal it:
[ 33.995542] i2c i2c-1: ioctl, cmd=0x720, arg=0x7ffcb3dc3a20
[ 33.995978] ismt_smbus 0000:00:05.0: I2C_SMBUS_BLOCK_DATA: WRITE
[ 33.996475] ==================================================================
[ 33.996995] BUG: KASAN: out-of-bounds in ismt_access.cold+0x374/0x214b
[ 33.997473] Read of size 18446744073709551615 at addr ffff88810efcfdb1 by task ismt_poc/485
[ 33.999450] Call Trace:
[ 34.001849] memcpy+0x20/0x60
[ 34.002077] ismt_access.cold+0x374/0x214b
[ 34.003382] __i2c_smbus_xfer+0x44f/0xfb0
[ 34.004007] i2c_smbus_xfer+0x10a/0x390
[ 34.004291] i2cdev_ioctl_smbus+0x2c8/0x710
[ 34.005196] i2cdev_ioctl+0x5ec/0x74c
Fix this bug by checking the size of 'data->block[0]' first.
Fixes: 13f35ac14cd0 ("i2c: Adding support for Intel iSMT SMBus 2.0 host controller")
Signed-off-by: Zheyu Ma <zheyuma97@gmail.com>
Signed-off-by: Wolfram Sang <wsa@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/i2c/busses/i2c-ismt.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/drivers/i2c/busses/i2c-ismt.c b/drivers/i2c/busses/i2c-ismt.c
index 80796061102f..9f5915d5f7e7 100644
--- a/drivers/i2c/busses/i2c-ismt.c
+++ b/drivers/i2c/busses/i2c-ismt.c
@@ -504,6 +504,9 @@ static int ismt_access(struct i2c_adapter *adap, u16 addr,
if (read_write == I2C_SMBUS_WRITE) {
/* Block Write */
dev_dbg(dev, "I2C_SMBUS_BLOCK_DATA: WRITE\n");
+ if (data->block[0] < 1 || data->block[0] > I2C_SMBUS_BLOCK_MAX)
+ return -EINVAL;
+
dma_size = data->block[0] + 1;
dma_direction = DMA_TO_DEVICE;
desc->wr_len_cmd = dma_size;
--
2.35.1
^ permalink raw reply related [flat|nested] 529+ messages in thread
* [PATCH 4.19 251/521] usb: storage: Add check for kcalloc
2023-01-16 15:44 [PATCH 4.19 000/521] 4.19.270-rc1 review Greg Kroah-Hartman
` (249 preceding siblings ...)
2023-01-16 15:48 ` [PATCH 4.19 250/521] i2c: ismt: Fix an out-of-bounds bug in ismt_access() Greg Kroah-Hartman
@ 2023-01-16 15:48 ` Greg Kroah-Hartman
2023-01-16 15:48 ` [PATCH 4.19 252/521] tracing/hist: Fix issue of losting command info in error_log Greg Kroah-Hartman
` (273 subsequent siblings)
524 siblings, 0 replies; 529+ messages in thread
From: Greg Kroah-Hartman @ 2023-01-16 15:48 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Alan Stern, Jiasheng Jiang, Sasha Levin
From: Jiasheng Jiang <jiasheng@iscas.ac.cn>
[ Upstream commit c35ca10f53c51eeb610d3f8fbc6dd6d511b58a58 ]
As kcalloc may return NULL pointer, the return value should
be checked and return error if fails as same as the ones in
alauda_read_map.
Fixes: e80b0fade09e ("[PATCH] USB Storage: add alauda support")
Acked-by: Alan Stern <stern@rowland.harvard.edu>
Signed-off-by: Jiasheng Jiang <jiasheng@iscas.ac.cn>
Link: https://lore.kernel.org/r/20221208110058.12983-1-jiasheng@iscas.ac.cn
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/usb/storage/alauda.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/drivers/usb/storage/alauda.c b/drivers/usb/storage/alauda.c
index 6b8edf6178df..6fcf5fd2ff98 100644
--- a/drivers/usb/storage/alauda.c
+++ b/drivers/usb/storage/alauda.c
@@ -437,6 +437,8 @@ static int alauda_init_media(struct us_data *us)
+ MEDIA_INFO(us).blockshift + MEDIA_INFO(us).pageshift);
MEDIA_INFO(us).pba_to_lba = kcalloc(num_zones, sizeof(u16*), GFP_NOIO);
MEDIA_INFO(us).lba_to_pba = kcalloc(num_zones, sizeof(u16*), GFP_NOIO);
+ if (MEDIA_INFO(us).pba_to_lba == NULL || MEDIA_INFO(us).lba_to_pba == NULL)
+ return USB_STOR_TRANSPORT_ERROR;
if (alauda_reset_media(us) != USB_STOR_XFER_GOOD)
return USB_STOR_TRANSPORT_ERROR;
--
2.35.1
^ permalink raw reply related [flat|nested] 529+ messages in thread
* [PATCH 4.19 252/521] tracing/hist: Fix issue of losting command info in error_log
2023-01-16 15:44 [PATCH 4.19 000/521] 4.19.270-rc1 review Greg Kroah-Hartman
` (250 preceding siblings ...)
2023-01-16 15:48 ` [PATCH 4.19 251/521] usb: storage: Add check for kcalloc Greg Kroah-Hartman
@ 2023-01-16 15:48 ` Greg Kroah-Hartman
2023-01-16 15:48 ` [PATCH 4.19 253/521] samples: vfio-mdev: Fix missing pci_disable_device() in mdpy_fb_probe() Greg Kroah-Hartman
` (272 subsequent siblings)
524 siblings, 0 replies; 529+ messages in thread
From: Greg Kroah-Hartman @ 2023-01-16 15:48 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, mhiramat, zanussi, Zheng Yejian,
Steven Rostedt (Google),
Sasha Levin
From: Zheng Yejian <zhengyejian1@huawei.com>
[ Upstream commit 608c6ed3337850c767ab0dd6c583477922233e29 ]
When input some constructed invalid 'trigger' command, command info
in 'error_log' are lost [1].
The root cause is that there is a path that event_hist_trigger_parse()
is recursely called once and 'last_cmd' which save origin command is
cleared, then later calling of hist_err() will no longer record origin
command info:
event_hist_trigger_parse() {
last_cmd_set() // <1> 'last_cmd' save origin command here at first
create_actions() {
onmatch_create() {
action_create() {
trace_action_create() {
trace_action_create_field_var() {
create_field_var_hist() {
event_hist_trigger_parse() { // <2> recursely called once
hist_err_clear() // <3> 'last_cmd' is cleared here
}
hist_err() // <4> No longer find origin command!!!
Since 'glob' is empty string while running into the recurse call, we
can trickly check it and bypass the call of hist_err_clear() to solve it.
[1]
# cd /sys/kernel/tracing
# echo "my_synth_event int v1; int v2; int v3;" >> synthetic_events
# echo 'hist:keys=pid' >> events/sched/sched_waking/trigger
# echo "hist:keys=next_pid:onmatch(sched.sched_waking).my_synth_event(\
pid,pid1)" >> events/sched/sched_switch/trigger
# cat error_log
[ 8.405018] hist:sched:sched_switch: error: Couldn't find synthetic event
Command:
hist:keys=next_pid:onmatch(sched.sched_waking).my_synth_event(pid,pid1)
^
[ 8.816902] hist:sched:sched_switch: error: Couldn't find field
Command:
hist:keys=next_pid:onmatch(sched.sched_waking).my_synth_event(pid,pid1)
^
[ 8.816902] hist:sched:sched_switch: error: Couldn't parse field variable
Command:
hist:keys=next_pid:onmatch(sched.sched_waking).my_synth_event(pid,pid1)
^
[ 8.999880] : error: Couldn't find field
Command:
^
[ 8.999880] : error: Couldn't parse field variable
Command:
^
[ 8.999880] : error: Couldn't find field
Command:
^
[ 8.999880] : error: Couldn't create histogram for field
Command:
^
Link: https://lore.kernel.org/linux-trace-kernel/20221207135326.3483216-1-zhengyejian1@huawei.com
Cc: <mhiramat@kernel.org>
Cc: <zanussi@kernel.org>
Fixes: f404da6e1d46 ("tracing: Add 'last error' error facility for hist triggers")
Signed-off-by: Zheng Yejian <zhengyejian1@huawei.com>
Signed-off-by: Steven Rostedt (Google) <rostedt@goodmis.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
kernel/trace/trace_events_hist.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/kernel/trace/trace_events_hist.c b/kernel/trace/trace_events_hist.c
index 48f85dab9ef1..17b15bd97857 100644
--- a/kernel/trace/trace_events_hist.c
+++ b/kernel/trace/trace_events_hist.c
@@ -5807,7 +5807,7 @@ static int event_hist_trigger_func(struct event_command *cmd_ops,
/* Just return zero, not the number of registered triggers */
ret = 0;
out:
- if (ret == 0)
+ if (ret == 0 && glob[0])
hist_err_clear();
return ret;
--
2.35.1
^ permalink raw reply related [flat|nested] 529+ messages in thread
* [PATCH 4.19 253/521] samples: vfio-mdev: Fix missing pci_disable_device() in mdpy_fb_probe()
2023-01-16 15:44 [PATCH 4.19 000/521] 4.19.270-rc1 review Greg Kroah-Hartman
` (251 preceding siblings ...)
2023-01-16 15:48 ` [PATCH 4.19 252/521] tracing/hist: Fix issue of losting command info in error_log Greg Kroah-Hartman
@ 2023-01-16 15:48 ` Greg Kroah-Hartman
2023-01-16 15:48 ` [PATCH 4.19 254/521] fbdev: ssd1307fb: Drop optional dependency Greg Kroah-Hartman
` (271 subsequent siblings)
524 siblings, 0 replies; 529+ messages in thread
From: Greg Kroah-Hartman @ 2023-01-16 15:48 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Shang XiaoJing, Alex Williamson,
Sasha Levin
From: Shang XiaoJing <shangxiaojing@huawei.com>
[ Upstream commit d1f0f50fbbbbca1e3e8157e51934613bf88f6d44 ]
Add missing pci_disable_device() in fail path of mdpy_fb_probe().
Besides, fix missing release functions in mdpy_fb_remove().
Fixes: cacade1946a4 ("sample: vfio mdev display - guest driver")
Signed-off-by: Shang XiaoJing <shangxiaojing@huawei.com>
Link: https://lore.kernel.org/r/20221208013341.3999-1-shangxiaojing@huawei.com
Signed-off-by: Alex Williamson <alex.williamson@redhat.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
samples/vfio-mdev/mdpy-fb.c | 8 +++++++-
1 file changed, 7 insertions(+), 1 deletion(-)
diff --git a/samples/vfio-mdev/mdpy-fb.c b/samples/vfio-mdev/mdpy-fb.c
index a760e130bd0d..8ad1aa13ddd9 100644
--- a/samples/vfio-mdev/mdpy-fb.c
+++ b/samples/vfio-mdev/mdpy-fb.c
@@ -109,7 +109,7 @@ static int mdpy_fb_probe(struct pci_dev *pdev,
ret = pci_request_regions(pdev, "mdpy-fb");
if (ret < 0)
- return ret;
+ goto err_disable_dev;
pci_read_config_dword(pdev, MDPY_FORMAT_OFFSET, &format);
pci_read_config_dword(pdev, MDPY_WIDTH_OFFSET, &width);
@@ -191,6 +191,9 @@ static int mdpy_fb_probe(struct pci_dev *pdev,
err_release_regions:
pci_release_regions(pdev);
+err_disable_dev:
+ pci_disable_device(pdev);
+
return ret;
}
@@ -199,7 +202,10 @@ static void mdpy_fb_remove(struct pci_dev *pdev)
struct fb_info *info = pci_get_drvdata(pdev);
unregister_framebuffer(info);
+ iounmap(info->screen_base);
framebuffer_release(info);
+ pci_release_regions(pdev);
+ pci_disable_device(pdev);
}
static struct pci_device_id mdpy_fb_pci_table[] = {
--
2.35.1
^ permalink raw reply related [flat|nested] 529+ messages in thread
* [PATCH 4.19 254/521] fbdev: ssd1307fb: Drop optional dependency
2023-01-16 15:44 [PATCH 4.19 000/521] 4.19.270-rc1 review Greg Kroah-Hartman
` (252 preceding siblings ...)
2023-01-16 15:48 ` [PATCH 4.19 253/521] samples: vfio-mdev: Fix missing pci_disable_device() in mdpy_fb_probe() Greg Kroah-Hartman
@ 2023-01-16 15:48 ` Greg Kroah-Hartman
2023-01-16 15:48 ` [PATCH 4.19 255/521] fbdev: pm2fb: fix missing pci_disable_device() Greg Kroah-Hartman
` (270 subsequent siblings)
524 siblings, 0 replies; 529+ messages in thread
From: Greg Kroah-Hartman @ 2023-01-16 15:48 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Andy Shevchenko, Helge Deller, Sasha Levin
From: Andy Shevchenko <andriy.shevchenko@linux.intel.com>
[ Upstream commit 025e3b507a3a8e1ee96a3112bb67495c77d6cdb6 ]
Only a single out of three devices need a PWM, so from driver it's
optional. Moreover it's a single driver in the entire kernel that
currently selects PWM. Unfortunately this selection is a root cause
of the circular dependencies when we want to enable optional PWM
for some other drivers that select GPIOLIB.
Fixes: a2ed00da5047 ("drivers/video: add support for the Solomon SSD1307 OLED Controller")
Signed-off-by: Andy Shevchenko <andriy.shevchenko@linux.intel.com>
Signed-off-by: Helge Deller <deller@gmx.de>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/video/fbdev/Kconfig | 1 -
1 file changed, 1 deletion(-)
diff --git a/drivers/video/fbdev/Kconfig b/drivers/video/fbdev/Kconfig
index 97c4319797d5..afb0c9e4d738 100644
--- a/drivers/video/fbdev/Kconfig
+++ b/drivers/video/fbdev/Kconfig
@@ -2316,7 +2316,6 @@ config FB_SSD1307
select FB_SYS_COPYAREA
select FB_SYS_IMAGEBLIT
select FB_DEFERRED_IO
- select PWM
select FB_BACKLIGHT
help
This driver implements support for the Solomon SSD1307
--
2.35.1
^ permalink raw reply related [flat|nested] 529+ messages in thread
* [PATCH 4.19 255/521] fbdev: pm2fb: fix missing pci_disable_device()
2023-01-16 15:44 [PATCH 4.19 000/521] 4.19.270-rc1 review Greg Kroah-Hartman
` (253 preceding siblings ...)
2023-01-16 15:48 ` [PATCH 4.19 254/521] fbdev: ssd1307fb: Drop optional dependency Greg Kroah-Hartman
@ 2023-01-16 15:48 ` Greg Kroah-Hartman
2023-01-16 15:48 ` [PATCH 4.19 256/521] fbdev: via: Fix error in via_core_init() Greg Kroah-Hartman
` (269 subsequent siblings)
524 siblings, 0 replies; 529+ messages in thread
From: Greg Kroah-Hartman @ 2023-01-16 15:48 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Yang Yingliang, Helge Deller, Sasha Levin
From: Yang Yingliang <yangyingliang@huawei.com>
[ Upstream commit ed359a464846b48f76ea6cc5cd8257e545ac97f4 ]
Add missing pci_disable_device() in error path of probe() and remove() path.
Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2")
Signed-off-by: Yang Yingliang <yangyingliang@huawei.com>
Signed-off-by: Helge Deller <deller@gmx.de>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/video/fbdev/pm2fb.c | 9 +++++++--
1 file changed, 7 insertions(+), 2 deletions(-)
diff --git a/drivers/video/fbdev/pm2fb.c b/drivers/video/fbdev/pm2fb.c
index 8ae010f07d7d..0ec4be2f2e8c 100644
--- a/drivers/video/fbdev/pm2fb.c
+++ b/drivers/video/fbdev/pm2fb.c
@@ -1529,8 +1529,10 @@ static int pm2fb_probe(struct pci_dev *pdev, const struct pci_device_id *id)
}
info = framebuffer_alloc(sizeof(struct pm2fb_par), &pdev->dev);
- if (!info)
- return -ENOMEM;
+ if (!info) {
+ err = -ENOMEM;
+ goto err_exit_disable;
+ }
default_par = info->par;
switch (pdev->device) {
@@ -1711,6 +1713,8 @@ static int pm2fb_probe(struct pci_dev *pdev, const struct pci_device_id *id)
release_mem_region(pm2fb_fix.mmio_start, pm2fb_fix.mmio_len);
err_exit_neither:
framebuffer_release(info);
+ err_exit_disable:
+ pci_disable_device(pdev);
return retval;
}
@@ -1737,6 +1741,7 @@ static void pm2fb_remove(struct pci_dev *pdev)
fb_dealloc_cmap(&info->cmap);
kfree(info->pixmap.addr);
framebuffer_release(info);
+ pci_disable_device(pdev);
}
static const struct pci_device_id pm2fb_id_table[] = {
--
2.35.1
^ permalink raw reply related [flat|nested] 529+ messages in thread
* [PATCH 4.19 256/521] fbdev: via: Fix error in via_core_init()
2023-01-16 15:44 [PATCH 4.19 000/521] 4.19.270-rc1 review Greg Kroah-Hartman
` (254 preceding siblings ...)
2023-01-16 15:48 ` [PATCH 4.19 255/521] fbdev: pm2fb: fix missing pci_disable_device() Greg Kroah-Hartman
@ 2023-01-16 15:48 ` Greg Kroah-Hartman
2023-01-16 15:48 ` [PATCH 4.19 257/521] fbdev: vermilion: decrease reference count in error path Greg Kroah-Hartman
` (268 subsequent siblings)
524 siblings, 0 replies; 529+ messages in thread
From: Greg Kroah-Hartman @ 2023-01-16 15:48 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Shang XiaoJing, Helge Deller, Sasha Levin
From: Shang XiaoJing <shangxiaojing@huawei.com>
[ Upstream commit 5886b130de953cfb8826f7771ec8640a79934a7f ]
via_core_init() won't exit the driver when pci_register_driver() failed.
Exit the viafb-i2c and the viafb-gpio in failed path to prevent error.
VIA Graphics Integration Chipset framebuffer 2.4 initializing
Error: Driver 'viafb-i2c' is already registered, aborting...
Error: Driver 'viafb-gpio' is already registered, aborting...
Fixes: 7582eb9be85f ("viafb: Turn GPIO and i2c into proper platform devices")
Signed-off-by: Shang XiaoJing <shangxiaojing@huawei.com>
Signed-off-by: Helge Deller <deller@gmx.de>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/video/fbdev/via/via-core.c | 9 ++++++++-
1 file changed, 8 insertions(+), 1 deletion(-)
diff --git a/drivers/video/fbdev/via/via-core.c b/drivers/video/fbdev/via/via-core.c
index b041eb27a9bf..3f74bc8af7b3 100644
--- a/drivers/video/fbdev/via/via-core.c
+++ b/drivers/video/fbdev/via/via-core.c
@@ -774,7 +774,14 @@ static int __init via_core_init(void)
return ret;
viafb_i2c_init();
viafb_gpio_init();
- return pci_register_driver(&via_driver);
+ ret = pci_register_driver(&via_driver);
+ if (ret) {
+ viafb_gpio_exit();
+ viafb_i2c_exit();
+ return ret;
+ }
+
+ return 0;
}
static void __exit via_core_exit(void)
--
2.35.1
^ permalink raw reply related [flat|nested] 529+ messages in thread
* [PATCH 4.19 257/521] fbdev: vermilion: decrease reference count in error path
2023-01-16 15:44 [PATCH 4.19 000/521] 4.19.270-rc1 review Greg Kroah-Hartman
` (255 preceding siblings ...)
2023-01-16 15:48 ` [PATCH 4.19 256/521] fbdev: via: Fix error in via_core_init() Greg Kroah-Hartman
@ 2023-01-16 15:48 ` Greg Kroah-Hartman
2023-01-16 15:48 ` [PATCH 4.19 258/521] fbdev: uvesafb: Fixes an error handling path in uvesafb_probe() Greg Kroah-Hartman
` (267 subsequent siblings)
524 siblings, 0 replies; 529+ messages in thread
From: Greg Kroah-Hartman @ 2023-01-16 15:48 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Xiongfeng Wang, Helge Deller, Sasha Levin
From: Xiongfeng Wang <wangxiongfeng2@huawei.com>
[ Upstream commit 001f2cdb952a9566c77fb4b5470cc361db5601bb ]
pci_get_device() will increase the reference count for the returned
pci_dev. For the error path, we need to use pci_dev_put() to decrease
the reference count.
Fixes: dbe7e429fedb ("vmlfb: framebuffer driver for Intel Vermilion Range")
Signed-off-by: Xiongfeng Wang <wangxiongfeng2@huawei.com>
Signed-off-by: Helge Deller <deller@gmx.de>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/video/fbdev/vermilion/vermilion.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/drivers/video/fbdev/vermilion/vermilion.c b/drivers/video/fbdev/vermilion/vermilion.c
index 5172fa581147..be5e43be528a 100644
--- a/drivers/video/fbdev/vermilion/vermilion.c
+++ b/drivers/video/fbdev/vermilion/vermilion.c
@@ -291,8 +291,10 @@ static int vmlfb_get_gpu(struct vml_par *par)
mutex_unlock(&vml_mutex);
- if (pci_enable_device(par->gpu) < 0)
+ if (pci_enable_device(par->gpu) < 0) {
+ pci_dev_put(par->gpu);
return -ENODEV;
+ }
return 0;
}
--
2.35.1
^ permalink raw reply related [flat|nested] 529+ messages in thread
* [PATCH 4.19 258/521] fbdev: uvesafb: Fixes an error handling path in uvesafb_probe()
2023-01-16 15:44 [PATCH 4.19 000/521] 4.19.270-rc1 review Greg Kroah-Hartman
` (256 preceding siblings ...)
2023-01-16 15:48 ` [PATCH 4.19 257/521] fbdev: vermilion: decrease reference count in error path Greg Kroah-Hartman
@ 2023-01-16 15:48 ` Greg Kroah-Hartman
2023-01-16 15:48 ` [PATCH 4.19 259/521] HSI: omap_ssi_core: fix unbalanced pm_runtime_disable() Greg Kroah-Hartman
` (266 subsequent siblings)
524 siblings, 0 replies; 529+ messages in thread
From: Greg Kroah-Hartman @ 2023-01-16 15:48 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Christophe JAILLET, Helge Deller,
Sasha Levin
From: Christophe JAILLET <christophe.jaillet@wanadoo.fr>
[ Upstream commit a94371040712031ba129c7e9d8ff04a06a2f8207 ]
If an error occurs after a successful uvesafb_init_mtrr() call, it must be
undone by a corresponding arch_phys_wc_del() call, as already done in the
remove function.
This has been added in the remove function in commit 63e28a7a5ffc
("uvesafb: Clean up MTRR code")
Fixes: 8bdb3a2d7df4 ("uvesafb: the driver core")
Signed-off-by: Christophe JAILLET <christophe.jaillet@wanadoo.fr>
Signed-off-by: Helge Deller <deller@gmx.de>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/video/fbdev/uvesafb.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/drivers/video/fbdev/uvesafb.c b/drivers/video/fbdev/uvesafb.c
index 440a6636d8f0..f6ebca883912 100644
--- a/drivers/video/fbdev/uvesafb.c
+++ b/drivers/video/fbdev/uvesafb.c
@@ -1755,6 +1755,7 @@ static int uvesafb_probe(struct platform_device *dev)
out_unmap:
iounmap(info->screen_base);
out_mem:
+ arch_phys_wc_del(par->mtrr_handle);
release_mem_region(info->fix.smem_start, info->fix.smem_len);
out_reg:
release_region(0x3c0, 32);
--
2.35.1
^ permalink raw reply related [flat|nested] 529+ messages in thread
* [PATCH 4.19 259/521] HSI: omap_ssi_core: fix unbalanced pm_runtime_disable()
2023-01-16 15:44 [PATCH 4.19 000/521] 4.19.270-rc1 review Greg Kroah-Hartman
` (257 preceding siblings ...)
2023-01-16 15:48 ` [PATCH 4.19 258/521] fbdev: uvesafb: Fixes an error handling path in uvesafb_probe() Greg Kroah-Hartman
@ 2023-01-16 15:48 ` Greg Kroah-Hartman
2023-01-16 15:48 ` [PATCH 4.19 260/521] HSI: omap_ssi_core: fix possible memory leak in ssi_probe() Greg Kroah-Hartman
` (265 subsequent siblings)
524 siblings, 0 replies; 529+ messages in thread
From: Greg Kroah-Hartman @ 2023-01-16 15:48 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Yang Yingliang, Sebastian Reichel,
Sasha Levin
From: Yang Yingliang <yangyingliang@huawei.com>
[ Upstream commit f5181c35ed7ba0ceb6e42872aad1334d994b0175 ]
In error label 'out1' path in ssi_probe(), the pm_runtime_enable()
has not been called yet, so pm_runtime_disable() is not needed.
Fixes: b209e047bc74 ("HSI: Introduce OMAP SSI driver")
Signed-off-by: Yang Yingliang <yangyingliang@huawei.com>
Signed-off-by: Sebastian Reichel <sebastian.reichel@collabora.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/hsi/controllers/omap_ssi_core.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/hsi/controllers/omap_ssi_core.c b/drivers/hsi/controllers/omap_ssi_core.c
index 15ecc4bc8de6..b91a6b6c0d7a 100644
--- a/drivers/hsi/controllers/omap_ssi_core.c
+++ b/drivers/hsi/controllers/omap_ssi_core.c
@@ -572,9 +572,9 @@ static int ssi_probe(struct platform_device *pd)
device_for_each_child(&pd->dev, NULL, ssi_remove_ports);
out2:
ssi_remove_controller(ssi);
+ pm_runtime_disable(&pd->dev);
out1:
platform_set_drvdata(pd, NULL);
- pm_runtime_disable(&pd->dev);
return err;
}
--
2.35.1
^ permalink raw reply related [flat|nested] 529+ messages in thread
* [PATCH 4.19 260/521] HSI: omap_ssi_core: fix possible memory leak in ssi_probe()
2023-01-16 15:44 [PATCH 4.19 000/521] 4.19.270-rc1 review Greg Kroah-Hartman
` (258 preceding siblings ...)
2023-01-16 15:48 ` [PATCH 4.19 259/521] HSI: omap_ssi_core: fix unbalanced pm_runtime_disable() Greg Kroah-Hartman
@ 2023-01-16 15:48 ` Greg Kroah-Hartman
2023-01-16 15:48 ` [PATCH 4.19 261/521] power: supply: fix residue sysfs file in error handle route of __power_supply_register() Greg Kroah-Hartman
` (264 subsequent siblings)
524 siblings, 0 replies; 529+ messages in thread
From: Greg Kroah-Hartman @ 2023-01-16 15:48 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Yang Yingliang, Sebastian Reichel,
Sasha Levin
From: Yang Yingliang <yangyingliang@huawei.com>
[ Upstream commit 1aff514e1d2bd47854dbbdf867970b9d463d4c57 ]
If ssi_add_controller() returns error, it should call hsi_put_controller()
to give up the reference that was set in hsi_alloc_controller(), so that
it can call hsi_controller_release() to free controller and ports that
allocated in hsi_alloc_controller().
Fixes: b209e047bc74 ("HSI: Introduce OMAP SSI driver")
Signed-off-by: Yang Yingliang <yangyingliang@huawei.com>
Signed-off-by: Sebastian Reichel <sebastian.reichel@collabora.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/hsi/controllers/omap_ssi_core.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/drivers/hsi/controllers/omap_ssi_core.c b/drivers/hsi/controllers/omap_ssi_core.c
index b91a6b6c0d7a..2f1a576fa8b7 100644
--- a/drivers/hsi/controllers/omap_ssi_core.c
+++ b/drivers/hsi/controllers/omap_ssi_core.c
@@ -538,8 +538,10 @@ static int ssi_probe(struct platform_device *pd)
platform_set_drvdata(pd, ssi);
err = ssi_add_controller(ssi, pd);
- if (err < 0)
+ if (err < 0) {
+ hsi_put_controller(ssi);
goto out1;
+ }
pm_runtime_enable(&pd->dev);
--
2.35.1
^ permalink raw reply related [flat|nested] 529+ messages in thread
* [PATCH 4.19 261/521] power: supply: fix residue sysfs file in error handle route of __power_supply_register()
2023-01-16 15:44 [PATCH 4.19 000/521] 4.19.270-rc1 review Greg Kroah-Hartman
` (259 preceding siblings ...)
2023-01-16 15:48 ` [PATCH 4.19 260/521] HSI: omap_ssi_core: fix possible memory leak in ssi_probe() Greg Kroah-Hartman
@ 2023-01-16 15:48 ` Greg Kroah-Hartman
2023-01-16 15:48 ` [PATCH 4.19 262/521] perf symbol: correction while adjusting symbol Greg Kroah-Hartman
` (263 subsequent siblings)
524 siblings, 0 replies; 529+ messages in thread
From: Greg Kroah-Hartman @ 2023-01-16 15:48 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Zeng Heng, Sebastian Reichel, Sasha Levin
From: Zeng Heng <zengheng4@huawei.com>
[ Upstream commit 5b79480ce1978864ac3f06f2134dfa3b6691fe74 ]
If device_add() succeeds, we should call device_del() when want to
get rid of it, so move it into proper jump symbol.
Otherwise, when __power_supply_register() returns fail and goto
wakeup_init_failed to exit, there is still residue device file in sysfs.
When attempt to probe device again, sysfs would complain as below:
sysfs: cannot create duplicate filename '/devices/platform/i2c/i2c-0/0-001c/power_supply/adp5061'
Call Trace:
dump_stack_lvl+0x68/0x85
sysfs_warn_dup.cold+0x1c/0x29
sysfs_create_dir_ns+0x1b1/0x1d0
kobject_add_internal+0x143/0x390
kobject_add+0x108/0x170
Fixes: 80c6463e2fa3 ("power_supply: Fix Oops from NULL pointer dereference from wakeup_source_activate")
Signed-off-by: Zeng Heng <zengheng4@huawei.com>
Signed-off-by: Sebastian Reichel <sebastian.reichel@collabora.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/power/supply/power_supply_core.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/power/supply/power_supply_core.c b/drivers/power/supply/power_supply_core.c
index e43a7b3b570c..9b98921a3b16 100644
--- a/drivers/power/supply/power_supply_core.c
+++ b/drivers/power/supply/power_supply_core.c
@@ -945,8 +945,8 @@ __power_supply_register(struct device *parent,
register_cooler_failed:
psy_unregister_thermal(psy);
register_thermal_failed:
- device_del(dev);
wakeup_init_failed:
+ device_del(dev);
device_add_failed:
check_supplies_failed:
dev_set_name_failed:
--
2.35.1
^ permalink raw reply related [flat|nested] 529+ messages in thread
* [PATCH 4.19 262/521] perf symbol: correction while adjusting symbol
2023-01-16 15:44 [PATCH 4.19 000/521] 4.19.270-rc1 review Greg Kroah-Hartman
` (260 preceding siblings ...)
2023-01-16 15:48 ` [PATCH 4.19 261/521] power: supply: fix residue sysfs file in error handle route of __power_supply_register() Greg Kroah-Hartman
@ 2023-01-16 15:48 ` Greg Kroah-Hartman
2023-01-16 15:48 ` [PATCH 4.19 263/521] HSI: omap_ssi_core: Fix error handling in ssi_init() Greg Kroah-Hartman
` (262 subsequent siblings)
524 siblings, 0 replies; 529+ messages in thread
From: Greg Kroah-Hartman @ 2023-01-16 15:48 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Ajay Kaher, Alexander Shishkin,
Alexey Makhalov, Jiri Olsa, Leo Yan, Mark Rutland, Namhyung Kim,
Peter Zijlstra, Srivatsa S. Bhat, Steven Rostedt (VMware),
Vasavi Sirnapalli, Arnaldo Carvalho de Melo, Sasha Levin
From: Ajay Kaher <akaher@vmware.com>
[ Upstream commit 6f520ce17920b3cdfbd2479b3ccf27f9706219d0 ]
perf doesn't provide proper symbol information for specially crafted
.debug files.
Sometimes .debug file may not have similar program header as runtime
ELF file. For example if we generate .debug file using objcopy
--only-keep-debug resulting file will not contain .text, .data and
other runtime sections. That means corresponding program headers will
have zero FileSiz and modified Offset.
Example: program header of text section of libxxx.so:
Type Offset VirtAddr PhysAddr
FileSiz MemSiz Flags Align
LOAD 0x00000000003d3000 0x00000000003d3000 0x00000000003d3000
0x000000000055ae80 0x000000000055ae80 R E 0x1000
Same program header after executing:
objcopy --only-keep-debug libxxx.so libxxx.so.debug
LOAD 0x0000000000001000 0x00000000003d3000 0x00000000003d3000
0x0000000000000000 0x000000000055ae80 R E 0x1000
Offset and FileSiz have been changed.
Following formula will not provide correct value, if program header
taken from .debug file (syms_ss):
sym.st_value -= phdr.p_vaddr - phdr.p_offset;
Correct program header information is located inside runtime ELF
file (runtime_ss).
Fixes: 2d86612aacb7805f ("perf symbol: Correct address for bss symbols")
Signed-off-by: Ajay Kaher <akaher@vmware.com>
Cc: Alexander Shishkin <alexander.shishkin@linux.intel.com>
Cc: Alexey Makhalov <amakhalov@vmware.com>
Cc: Jiri Olsa <jolsa@kernel.org>
Cc: Leo Yan <leo.yan@linaro.org>
Cc: Mark Rutland <mark.rutland@arm.com>
Cc: Namhyung Kim <namhyung@kernel.org>
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: Srivatsa S. Bhat <srivatsab@vmware.com>
Cc: Steven Rostedt (VMware) <rostedt@goodmis.org>
Cc: Vasavi Sirnapalli <vsirnapalli@vmware.com>
Link: http://lore.kernel.org/lkml/1669198696-50547-1-git-send-email-akaher@vmware.com
Signed-off-by: Arnaldo Carvalho de Melo <acme@redhat.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
tools/perf/util/symbol-elf.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/tools/perf/util/symbol-elf.c b/tools/perf/util/symbol-elf.c
index 5fba57c10edd..8dde4369fbcd 100644
--- a/tools/perf/util/symbol-elf.c
+++ b/tools/perf/util/symbol-elf.c
@@ -1129,7 +1129,7 @@ int dso__load_sym(struct dso *dso, struct map *map, struct symsrc *syms_ss,
(!used_opd && syms_ss->adjust_symbols)) {
GElf_Phdr phdr;
- if (elf_read_program_header(syms_ss->elf,
+ if (elf_read_program_header(runtime_ss->elf,
(u64)sym.st_value, &phdr)) {
pr_warning("%s: failed to find program header for "
"symbol: %s st_value: %#" PRIx64 "\n",
--
2.35.1
^ permalink raw reply related [flat|nested] 529+ messages in thread
* [PATCH 4.19 263/521] HSI: omap_ssi_core: Fix error handling in ssi_init()
2023-01-16 15:44 [PATCH 4.19 000/521] 4.19.270-rc1 review Greg Kroah-Hartman
` (261 preceding siblings ...)
2023-01-16 15:48 ` [PATCH 4.19 262/521] perf symbol: correction while adjusting symbol Greg Kroah-Hartman
@ 2023-01-16 15:48 ` Greg Kroah-Hartman
2023-01-16 15:48 ` [PATCH 4.19 264/521] include/uapi/linux/swab: Fix potentially missing __always_inline Greg Kroah-Hartman
` (261 subsequent siblings)
524 siblings, 0 replies; 529+ messages in thread
From: Greg Kroah-Hartman @ 2023-01-16 15:48 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Yuan Can, Sebastian Reichel, Sasha Levin
From: Yuan Can <yuancan@huawei.com>
[ Upstream commit 3ffa9f713c39a213a08d9ff13ab983a8aa5d8b5d ]
The ssi_init() returns the platform_driver_register() directly without
checking its return value, if platform_driver_register() failed, the
ssi_pdriver is not unregistered.
Fix by unregister ssi_pdriver when the last platform_driver_register()
failed.
Fixes: 0fae198988b8 ("HSI: omap_ssi: built omap_ssi and omap_ssi_port into one module")
Signed-off-by: Yuan Can <yuancan@huawei.com>
Signed-off-by: Sebastian Reichel <sebastian.reichel@collabora.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/hsi/controllers/omap_ssi_core.c | 8 +++++++-
1 file changed, 7 insertions(+), 1 deletion(-)
diff --git a/drivers/hsi/controllers/omap_ssi_core.c b/drivers/hsi/controllers/omap_ssi_core.c
index 2f1a576fa8b7..6595f34e51aa 100644
--- a/drivers/hsi/controllers/omap_ssi_core.c
+++ b/drivers/hsi/controllers/omap_ssi_core.c
@@ -667,7 +667,13 @@ static int __init ssi_init(void) {
if (ret)
return ret;
- return platform_driver_register(&ssi_port_pdriver);
+ ret = platform_driver_register(&ssi_port_pdriver);
+ if (ret) {
+ platform_driver_unregister(&ssi_pdriver);
+ return ret;
+ }
+
+ return 0;
}
module_init(ssi_init);
--
2.35.1
^ permalink raw reply related [flat|nested] 529+ messages in thread
* [PATCH 4.19 264/521] include/uapi/linux/swab: Fix potentially missing __always_inline
2023-01-16 15:44 [PATCH 4.19 000/521] 4.19.270-rc1 review Greg Kroah-Hartman
` (262 preceding siblings ...)
2023-01-16 15:48 ` [PATCH 4.19 263/521] HSI: omap_ssi_core: Fix error handling in ssi_init() Greg Kroah-Hartman
@ 2023-01-16 15:48 ` Greg Kroah-Hartman
2023-01-16 15:48 ` [PATCH 4.19 265/521] rtc: cmos: Refactor code by using the new dmi_get_bios_year() helper Greg Kroah-Hartman
` (260 subsequent siblings)
524 siblings, 0 replies; 529+ messages in thread
From: Greg Kroah-Hartman @ 2023-01-16 15:48 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Matt Redfearn, Florian Fainelli,
Arnd Bergmann, Nathan Chancellor, Petr Vaněk, Sasha Levin
From: Matt Redfearn <matt.redfearn@mips.com>
[ Upstream commit defbab270d45e32b068e7e73c3567232d745c60f ]
Commit bc27fb68aaad ("include/uapi/linux/byteorder, swab: force inlining
of some byteswap operations") added __always_inline to swab functions
and commit 283d75737837 ("uapi/linux/stddef.h: Provide __always_inline to
userspace headers") added a definition of __always_inline for use in
exported headers when the kernel's compiler.h is not available.
However, since swab.h does not include stddef.h, if the header soup does
not indirectly include it, the definition of __always_inline is missing,
resulting in a compilation failure, which was observed compiling the
perf tool using exported headers containing this commit:
In file included from /usr/include/linux/byteorder/little_endian.h:12:0,
from /usr/include/asm/byteorder.h:14,
from tools/include/uapi/linux/perf_event.h:20,
from perf.h:8,
from builtin-bench.c:18:
/usr/include/linux/swab.h:160:8: error: unknown type name `__always_inline'
static __always_inline __u16 __swab16p(const __u16 *p)
Fix this by replacing the inclusion of linux/compiler.h with
linux/stddef.h to ensure that we pick up that definition if required,
without relying on it's indirect inclusion. compiler.h is then included
indirectly, via stddef.h.
Fixes: 283d75737837 ("uapi/linux/stddef.h: Provide __always_inline to userspace headers")
Signed-off-by: Matt Redfearn <matt.redfearn@mips.com>
Signed-off-by: Florian Fainelli <f.fainelli@gmail.com>
Signed-off-by: Arnd Bergmann <arnd@arndb.de>
Tested-by: Nathan Chancellor <nathan@kernel.org>
Reviewed-by: Petr Vaněk <arkamar@atlas.cz>
Signed-off-by: Arnd Bergmann <arnd@arndb.de>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
include/uapi/linux/swab.h | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/include/uapi/linux/swab.h b/include/uapi/linux/swab.h
index 7272f85d6d6a..3736f2fe1541 100644
--- a/include/uapi/linux/swab.h
+++ b/include/uapi/linux/swab.h
@@ -3,7 +3,7 @@
#define _UAPI_LINUX_SWAB_H
#include <linux/types.h>
-#include <linux/compiler.h>
+#include <linux/stddef.h>
#include <asm/bitsperlong.h>
#include <asm/swab.h>
--
2.35.1
^ permalink raw reply related [flat|nested] 529+ messages in thread
* [PATCH 4.19 265/521] rtc: cmos: Refactor code by using the new dmi_get_bios_year() helper
2023-01-16 15:44 [PATCH 4.19 000/521] 4.19.270-rc1 review Greg Kroah-Hartman
` (263 preceding siblings ...)
2023-01-16 15:48 ` [PATCH 4.19 264/521] include/uapi/linux/swab: Fix potentially missing __always_inline Greg Kroah-Hartman
@ 2023-01-16 15:48 ` Greg Kroah-Hartman
2023-01-16 15:48 ` [PATCH 4.19 266/521] rtc: rtc-cmos: Do not check ACPI_FADT_LOW_POWER_S0 Greg Kroah-Hartman
` (259 subsequent siblings)
524 siblings, 0 replies; 529+ messages in thread
From: Greg Kroah-Hartman @ 2023-01-16 15:48 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Hans de Goede, Andy Shevchenko,
Guilherme G. Piccoli, Alexandre Belloni, Sasha Levin
From: Andy Shevchenko <andriy.shevchenko@linux.intel.com>
[ Upstream commit 604c521259c8051b7607c000eda7938f7a705d92 ]
Refactor code by using the new dmi_get_bios_year() helper instead of
open coding its functionality. This also makes logic slightly clearer.
No changes intended.
Cc: Hans de Goede <hdegoede@redhat.com>
Signed-off-by: Andy Shevchenko <andriy.shevchenko@linux.intel.com>
Tested-by: Guilherme G. Piccoli <gpiccoli@canonical.com>
Reviewed-by: Hans de Goede <hdegoede@redhat.com>
Link: https://lore.kernel.org/r/20200123131437.28157-3-andriy.shevchenko@linux.intel.com
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Stable-dep-of: 83ebb7b3036d ("rtc: cmos: Disable ACPI RTC event on removal")
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/rtc/rtc-cmos.c | 8 ++++----
1 file changed, 4 insertions(+), 4 deletions(-)
diff --git a/drivers/rtc/rtc-cmos.c b/drivers/rtc/rtc-cmos.c
index 8545f0da57fe..58a3104b8a1c 100644
--- a/drivers/rtc/rtc-cmos.c
+++ b/drivers/rtc/rtc-cmos.c
@@ -1204,8 +1204,6 @@ static void rtc_wake_off(struct device *dev)
/* Enable use_acpi_alarm mode for Intel platforms no earlier than 2015 */
static void use_acpi_alarm_quirks(void)
{
- int year;
-
if (boot_cpu_data.x86_vendor != X86_VENDOR_INTEL)
return;
@@ -1215,8 +1213,10 @@ static void use_acpi_alarm_quirks(void)
if (!is_hpet_enabled())
return;
- if (dmi_get_date(DMI_BIOS_DATE, &year, NULL, NULL) && year >= 2015)
- use_acpi_alarm = true;
+ if (dmi_get_bios_year() < 2015)
+ return;
+
+ use_acpi_alarm = true;
}
#else
static inline void use_acpi_alarm_quirks(void) { }
--
2.35.1
^ permalink raw reply related [flat|nested] 529+ messages in thread
* [PATCH 4.19 266/521] rtc: rtc-cmos: Do not check ACPI_FADT_LOW_POWER_S0
2023-01-16 15:44 [PATCH 4.19 000/521] 4.19.270-rc1 review Greg Kroah-Hartman
` (264 preceding siblings ...)
2023-01-16 15:48 ` [PATCH 4.19 265/521] rtc: cmos: Refactor code by using the new dmi_get_bios_year() helper Greg Kroah-Hartman
@ 2023-01-16 15:48 ` Greg Kroah-Hartman
2023-01-16 15:48 ` [PATCH 4.19 267/521] rtc: cmos: Fix event handler registration ordering issue Greg Kroah-Hartman
` (258 subsequent siblings)
524 siblings, 0 replies; 529+ messages in thread
From: Greg Kroah-Hartman @ 2023-01-16 15:48 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Rafael J. Wysocki,
Mario Limonciello, Alexandre Belloni, Sasha Levin
From: Rafael J. Wysocki <rafael.j.wysocki@intel.com>
[ Upstream commit 6492fed7d8c95f53b0b804ef541324d924d95d41 ]
The ACPI_FADT_LOW_POWER_S0 flag merely means that it is better to
use low-power S0 idle on the given platform than S3 (provided that
the latter is supported) and it doesn't preclude using either of
them (which of them will be used depends on the choices made by user
space).
For this reason, there is no benefit from checking that flag in
use_acpi_alarm_quirks().
First off, it cannot be a bug to do S3 with use_acpi_alarm set,
because S3 can be used on systems with ACPI_FADT_LOW_POWER_S0 and it
must work if really supported, so the ACPI_FADT_LOW_POWER_S0 check is
not needed to protect the S3-capable systems from failing.
Second, suspend-to-idle can be carried out on a system with
ACPI_FADT_LOW_POWER_S0 unset and it is expected to work, so if setting
use_acpi_alarm is needed to handle that case correctly, it should be
set regardless of the ACPI_FADT_LOW_POWER_S0 value.
Accordingly, drop the ACPI_FADT_LOW_POWER_S0 check from
use_acpi_alarm_quirks().
Signed-off-by: Rafael J. Wysocki <rafael.j.wysocki@intel.com>
Reviewed-by: Mario Limonciello <mario.limonciello@amd.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Link: https://lore.kernel.org/r/12054246.O9o76ZdvQC@kreacher
Stable-dep-of: 83ebb7b3036d ("rtc: cmos: Disable ACPI RTC event on removal")
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/rtc/rtc-cmos.c | 3 ---
1 file changed, 3 deletions(-)
diff --git a/drivers/rtc/rtc-cmos.c b/drivers/rtc/rtc-cmos.c
index 58a3104b8a1c..c7f6088ef91f 100644
--- a/drivers/rtc/rtc-cmos.c
+++ b/drivers/rtc/rtc-cmos.c
@@ -1207,9 +1207,6 @@ static void use_acpi_alarm_quirks(void)
if (boot_cpu_data.x86_vendor != X86_VENDOR_INTEL)
return;
- if (!(acpi_gbl_FADT.flags & ACPI_FADT_LOW_POWER_S0))
- return;
-
if (!is_hpet_enabled())
return;
--
2.35.1
^ permalink raw reply related [flat|nested] 529+ messages in thread
* [PATCH 4.19 267/521] rtc: cmos: Fix event handler registration ordering issue
2023-01-16 15:44 [PATCH 4.19 000/521] 4.19.270-rc1 review Greg Kroah-Hartman
` (265 preceding siblings ...)
2023-01-16 15:48 ` [PATCH 4.19 266/521] rtc: rtc-cmos: Do not check ACPI_FADT_LOW_POWER_S0 Greg Kroah-Hartman
@ 2023-01-16 15:48 ` Greg Kroah-Hartman
2023-01-16 15:48 ` [PATCH 4.19 268/521] rtc: cmos: Fix wake alarm breakage Greg Kroah-Hartman
` (257 subsequent siblings)
524 siblings, 0 replies; 529+ messages in thread
From: Greg Kroah-Hartman @ 2023-01-16 15:48 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Mel Gorman, Rafael J. Wysocki,
Bjorn Helgaas, Alexandre Belloni, Sasha Levin
From: Rafael J. Wysocki <rafael.j.wysocki@intel.com>
[ Upstream commit 4919d3eb2ec0ee364f7e3cf2d99646c1b224fae8 ]
Because acpi_install_fixed_event_handler() enables the event
automatically on success, it is incorrect to call it before the
handler routine passed to it is ready to handle events.
Unfortunately, the rtc-cmos driver does exactly the incorrect thing
by calling cmos_wake_setup(), which passes rtc_handler() to
acpi_install_fixed_event_handler(), before cmos_do_probe(), because
rtc_handler() uses dev_get_drvdata() to get to the cmos object
pointer and the driver data pointer is only populated in
cmos_do_probe().
This leads to a NULL pointer dereference in rtc_handler() on boot
if the RTC fixed event happens to be active at the init time.
To address this issue, change the initialization ordering of the
driver so that cmos_wake_setup() is always called after a successful
cmos_do_probe() call.
While at it, change cmos_pnp_probe() to call cmos_do_probe() after
the initial if () statement used for computing the IRQ argument to
be passed to cmos_do_probe() which is cleaner than calling it in
each branch of that if () (local variable "irq" can be of type int,
because it is passed to that function as an argument of type int).
Note that commit 6492fed7d8c9 ("rtc: rtc-cmos: Do not check
ACPI_FADT_LOW_POWER_S0") caused this issue to affect a larger number
of systems, because previously it only affected systems with
ACPI_FADT_LOW_POWER_S0 set, but it is present regardless of that
commit.
Fixes: 6492fed7d8c9 ("rtc: rtc-cmos: Do not check ACPI_FADT_LOW_POWER_S0")
Fixes: a474aaedac99 ("rtc-cmos: move wake setup from ACPI glue into RTC driver")
Link: https://lore.kernel.org/linux-acpi/20221010141630.zfzi7mk7zvnmclzy@techsingularity.net/
Reported-by: Mel Gorman <mgorman@techsingularity.net>
Signed-off-by: Rafael J. Wysocki <rafael.j.wysocki@intel.com>
Reviewed-by: Bjorn Helgaas <bhelgaas@google.com>
Tested-by: Mel Gorman <mgorman@techsingularity.net>
Link: https://lore.kernel.org/r/5629262.DvuYhMxLoT@kreacher
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Stable-dep-of: 83ebb7b3036d ("rtc: cmos: Disable ACPI RTC event on removal")
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/rtc/rtc-cmos.c | 29 +++++++++++++++++++----------
1 file changed, 19 insertions(+), 10 deletions(-)
diff --git a/drivers/rtc/rtc-cmos.c b/drivers/rtc/rtc-cmos.c
index c7f6088ef91f..7962cdd933f9 100644
--- a/drivers/rtc/rtc-cmos.c
+++ b/drivers/rtc/rtc-cmos.c
@@ -1299,10 +1299,10 @@ static void cmos_check_acpi_rtc_status(struct device *dev,
static int cmos_pnp_probe(struct pnp_dev *pnp, const struct pnp_device_id *id)
{
- cmos_wake_setup(&pnp->dev);
+ int irq, ret;
if (pnp_port_start(pnp, 0) == 0x70 && !pnp_irq_valid(pnp, 0)) {
- unsigned int irq = 0;
+ irq = 0;
#ifdef CONFIG_X86
/* Some machines contain a PNP entry for the RTC, but
* don't define the IRQ. It should always be safe to
@@ -1311,13 +1311,17 @@ static int cmos_pnp_probe(struct pnp_dev *pnp, const struct pnp_device_id *id)
if (nr_legacy_irqs())
irq = 8;
#endif
- return cmos_do_probe(&pnp->dev,
- pnp_get_resource(pnp, IORESOURCE_IO, 0), irq);
} else {
- return cmos_do_probe(&pnp->dev,
- pnp_get_resource(pnp, IORESOURCE_IO, 0),
- pnp_irq(pnp, 0));
+ irq = pnp_irq(pnp, 0);
}
+
+ ret = cmos_do_probe(&pnp->dev, pnp_get_resource(pnp, IORESOURCE_IO, 0), irq);
+ if (ret)
+ return ret;
+
+ cmos_wake_setup(&pnp->dev);
+
+ return 0;
}
static void cmos_pnp_remove(struct pnp_dev *pnp)
@@ -1401,10 +1405,9 @@ static inline void cmos_of_init(struct platform_device *pdev) {}
static int __init cmos_platform_probe(struct platform_device *pdev)
{
struct resource *resource;
- int irq;
+ int irq, ret;
cmos_of_init(pdev);
- cmos_wake_setup(&pdev->dev);
if (RTC_IOMAPPED)
resource = platform_get_resource(pdev, IORESOURCE_IO, 0);
@@ -1414,7 +1417,13 @@ static int __init cmos_platform_probe(struct platform_device *pdev)
if (irq < 0)
irq = -1;
- return cmos_do_probe(&pdev->dev, resource, irq);
+ ret = cmos_do_probe(&pdev->dev, resource, irq);
+ if (ret)
+ return ret;
+
+ cmos_wake_setup(&pdev->dev);
+
+ return 0;
}
static int cmos_platform_remove(struct platform_device *pdev)
--
2.35.1
^ permalink raw reply related [flat|nested] 529+ messages in thread
* [PATCH 4.19 268/521] rtc: cmos: Fix wake alarm breakage
2023-01-16 15:44 [PATCH 4.19 000/521] 4.19.270-rc1 review Greg Kroah-Hartman
` (266 preceding siblings ...)
2023-01-16 15:48 ` [PATCH 4.19 267/521] rtc: cmos: Fix event handler registration ordering issue Greg Kroah-Hartman
@ 2023-01-16 15:48 ` Greg Kroah-Hartman
2023-01-16 15:48 ` [PATCH 4.19 269/521] rtc: cmos: fix build on non-ACPI platforms Greg Kroah-Hartman
` (256 subsequent siblings)
524 siblings, 0 replies; 529+ messages in thread
From: Greg Kroah-Hartman @ 2023-01-16 15:48 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Zhang Rui, Todd Brandt,
Rafael J. Wysocki, Alexandre Belloni, Sasha Levin
From: Rafael J. Wysocki <rafael.j.wysocki@intel.com>
[ Upstream commit 0782b66ed2fbb035dda76111df0954515e417b24 ]
Commit 4919d3eb2ec0 ("rtc: cmos: Fix event handler registration
ordering issue") overlooked the fact that cmos_do_probe() depended
on the preparations carried out by cmos_wake_setup() and the wake
alarm stopped working after the ordering of them had been changed.
Address this by partially reverting commit 4919d3eb2ec0 so that
cmos_wake_setup() is called before cmos_do_probe() again and moving
the rtc_wake_setup() invocation from cmos_wake_setup() directly to the
callers of cmos_do_probe() where it will happen after a successful
completion of the latter.
Fixes: 4919d3eb2ec0 ("rtc: cmos: Fix event handler registration ordering issue")
Reported-by: Zhang Rui <rui.zhang@intel.com>
Reported-by: Todd Brandt <todd.e.brandt@linux.intel.com>
Signed-off-by: Rafael J. Wysocki <rafael.j.wysocki@intel.com>
Link: https://lore.kernel.org/r/5887691.lOV4Wx5bFT@kreacher
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Stable-dep-of: 83ebb7b3036d ("rtc: cmos: Disable ACPI RTC event on removal")
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/rtc/rtc-cmos.c | 11 ++++++++---
1 file changed, 8 insertions(+), 3 deletions(-)
diff --git a/drivers/rtc/rtc-cmos.c b/drivers/rtc/rtc-cmos.c
index 7962cdd933f9..d8384f7a7381 100644
--- a/drivers/rtc/rtc-cmos.c
+++ b/drivers/rtc/rtc-cmos.c
@@ -1180,6 +1180,9 @@ static u32 rtc_handler(void *context)
static inline void rtc_wake_setup(struct device *dev)
{
+ if (acpi_disabled)
+ return;
+
acpi_install_fixed_event_handler(ACPI_EVENT_RTC, rtc_handler, dev);
/*
* After the RTC handler is installed, the Fixed_RTC event should
@@ -1233,7 +1236,6 @@ static void cmos_wake_setup(struct device *dev)
use_acpi_alarm_quirks();
- rtc_wake_setup(dev);
acpi_rtc_info.wake_on = rtc_wake_on;
acpi_rtc_info.wake_off = rtc_wake_off;
@@ -1301,6 +1303,8 @@ static int cmos_pnp_probe(struct pnp_dev *pnp, const struct pnp_device_id *id)
{
int irq, ret;
+ cmos_wake_setup(&pnp->dev);
+
if (pnp_port_start(pnp, 0) == 0x70 && !pnp_irq_valid(pnp, 0)) {
irq = 0;
#ifdef CONFIG_X86
@@ -1319,7 +1323,7 @@ static int cmos_pnp_probe(struct pnp_dev *pnp, const struct pnp_device_id *id)
if (ret)
return ret;
- cmos_wake_setup(&pnp->dev);
+ rtc_wake_setup(&pnp->dev);
return 0;
}
@@ -1408,6 +1412,7 @@ static int __init cmos_platform_probe(struct platform_device *pdev)
int irq, ret;
cmos_of_init(pdev);
+ cmos_wake_setup(&pdev->dev);
if (RTC_IOMAPPED)
resource = platform_get_resource(pdev, IORESOURCE_IO, 0);
@@ -1421,7 +1426,7 @@ static int __init cmos_platform_probe(struct platform_device *pdev)
if (ret)
return ret;
- cmos_wake_setup(&pdev->dev);
+ rtc_wake_setup(&pdev->dev);
return 0;
}
--
2.35.1
^ permalink raw reply related [flat|nested] 529+ messages in thread
* [PATCH 4.19 269/521] rtc: cmos: fix build on non-ACPI platforms
2023-01-16 15:44 [PATCH 4.19 000/521] 4.19.270-rc1 review Greg Kroah-Hartman
` (267 preceding siblings ...)
2023-01-16 15:48 ` [PATCH 4.19 268/521] rtc: cmos: Fix wake alarm breakage Greg Kroah-Hartman
@ 2023-01-16 15:48 ` Greg Kroah-Hartman
2023-01-16 15:48 ` [PATCH 4.19 270/521] rtc: cmos: Call cmos_wake_setup() from cmos_do_probe() Greg Kroah-Hartman
` (255 subsequent siblings)
524 siblings, 0 replies; 529+ messages in thread
From: Greg Kroah-Hartman @ 2023-01-16 15:48 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, kernel test robot,
Alexandre Belloni, Sasha Levin
From: Alexandre Belloni <alexandre.belloni@bootlin.com>
[ Upstream commit db4e955ae333567dea02822624106c0b96a2f84f ]
Now that rtc_wake_setup is called outside of cmos_wake_setup, it also need
to be defined on non-ACPI platforms.
Reported-by: kernel test robot <lkp@intel.com>
Link: https://lore.kernel.org/r/20221018203512.2532407-1-alexandre.belloni@bootlin.com
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Stable-dep-of: 83ebb7b3036d ("rtc: cmos: Disable ACPI RTC event on removal")
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/rtc/rtc-cmos.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/drivers/rtc/rtc-cmos.c b/drivers/rtc/rtc-cmos.c
index d8384f7a7381..e83b976b9abe 100644
--- a/drivers/rtc/rtc-cmos.c
+++ b/drivers/rtc/rtc-cmos.c
@@ -1293,6 +1293,9 @@ static void cmos_check_acpi_rtc_status(struct device *dev,
{
}
+static void rtc_wake_setup(struct device *dev)
+{
+}
#endif
#ifdef CONFIG_PNP
--
2.35.1
^ permalink raw reply related [flat|nested] 529+ messages in thread
* [PATCH 4.19 270/521] rtc: cmos: Call cmos_wake_setup() from cmos_do_probe()
2023-01-16 15:44 [PATCH 4.19 000/521] 4.19.270-rc1 review Greg Kroah-Hartman
` (268 preceding siblings ...)
2023-01-16 15:48 ` [PATCH 4.19 269/521] rtc: cmos: fix build on non-ACPI platforms Greg Kroah-Hartman
@ 2023-01-16 15:48 ` Greg Kroah-Hartman
2023-01-16 15:48 ` [PATCH 4.19 271/521] rtc: cmos: Call rtc_wake_setup() " Greg Kroah-Hartman
` (254 subsequent siblings)
524 siblings, 0 replies; 529+ messages in thread
From: Greg Kroah-Hartman @ 2023-01-16 15:48 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Rafael J. Wysocki, Zhang Rui,
Andy Shevchenko, Alexandre Belloni, Sasha Levin
From: Rafael J. Wysocki <rafael.j.wysocki@intel.com>
[ Upstream commit 508ccdfb86b21da37ad091003a4d4567709d5dfb ]
Notice that cmos_wake_setup() is the only user of acpi_rtc_info and it
can operate on the cmos_rtc variable directly, so it need not set the
platform_data pointer before cmos_do_probe() is called. Instead, it
can be called by cmos_do_probe() in the case when the platform_data
pointer is not set to implement the default behavior (which is to use
the FADT information as long as ACPI support is enabled).
Modify the code accordingly.
While at it, drop a comment that doesn't really match the code it is
supposed to be describing.
Signed-off-by: Rafael J. Wysocki <rafael.j.wysocki@intel.com>
Reviewed-by: Zhang Rui <rui.zhang@intel.com>
Tested-by: Zhang Rui <rui.zhang@intel.com>
Reviewed-by: Andy Shevchenko <andriy.shevchenko@linux.intel.com>
Link: https://lore.kernel.org/r/4803444.31r3eYUQgx@kreacher
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Stable-dep-of: 83ebb7b3036d ("rtc: cmos: Disable ACPI RTC event on removal")
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/rtc/rtc-cmos.c | 47 ++++++++++++++++++++----------------------
1 file changed, 22 insertions(+), 25 deletions(-)
diff --git a/drivers/rtc/rtc-cmos.c b/drivers/rtc/rtc-cmos.c
index e83b976b9abe..c51f6450daf2 100644
--- a/drivers/rtc/rtc-cmos.c
+++ b/drivers/rtc/rtc-cmos.c
@@ -702,6 +702,8 @@ static irqreturn_t cmos_interrupt(int irq, void *p)
return IRQ_NONE;
}
+static void cmos_wake_setup(struct device *dev);
+
#ifdef CONFIG_PNP
#define INITSECTION
@@ -785,19 +787,27 @@ cmos_do_probe(struct device *dev, struct resource *ports, int rtc_irq)
if (info->address_space)
address_space = info->address_space;
- if (info->rtc_day_alarm && info->rtc_day_alarm < 128)
- cmos_rtc.day_alrm = info->rtc_day_alarm;
- if (info->rtc_mon_alarm && info->rtc_mon_alarm < 128)
- cmos_rtc.mon_alrm = info->rtc_mon_alarm;
- if (info->rtc_century && info->rtc_century < 128)
- cmos_rtc.century = info->rtc_century;
+ cmos_rtc.day_alrm = info->rtc_day_alarm;
+ cmos_rtc.mon_alrm = info->rtc_mon_alarm;
+ cmos_rtc.century = info->rtc_century;
if (info->wake_on && info->wake_off) {
cmos_rtc.wake_on = info->wake_on;
cmos_rtc.wake_off = info->wake_off;
}
+ } else {
+ cmos_wake_setup(dev);
}
+ if (cmos_rtc.day_alrm >= 128)
+ cmos_rtc.day_alrm = 0;
+
+ if (cmos_rtc.mon_alrm >= 128)
+ cmos_rtc.mon_alrm = 0;
+
+ if (cmos_rtc.century >= 128)
+ cmos_rtc.century = 0;
+
cmos_rtc.dev = dev;
dev_set_drvdata(dev, &cmos_rtc);
@@ -1222,13 +1232,6 @@ static void use_acpi_alarm_quirks(void)
static inline void use_acpi_alarm_quirks(void) { }
#endif
-/* Every ACPI platform has a mc146818 compatible "cmos rtc". Here we find
- * its device node and pass extra config data. This helps its driver use
- * capabilities that the now-obsolete mc146818 didn't have, and informs it
- * that this board's RTC is wakeup-capable (per ACPI spec).
- */
-static struct cmos_rtc_board_info acpi_rtc_info;
-
static void cmos_wake_setup(struct device *dev)
{
if (acpi_disabled)
@@ -1236,26 +1239,23 @@ static void cmos_wake_setup(struct device *dev)
use_acpi_alarm_quirks();
- acpi_rtc_info.wake_on = rtc_wake_on;
- acpi_rtc_info.wake_off = rtc_wake_off;
+ cmos_rtc.wake_on = rtc_wake_on;
+ cmos_rtc.wake_off = rtc_wake_off;
- /* workaround bug in some ACPI tables */
+ /* ACPI tables bug workaround. */
if (acpi_gbl_FADT.month_alarm && !acpi_gbl_FADT.day_alarm) {
dev_dbg(dev, "bogus FADT month_alarm (%d)\n",
acpi_gbl_FADT.month_alarm);
acpi_gbl_FADT.month_alarm = 0;
}
- acpi_rtc_info.rtc_day_alarm = acpi_gbl_FADT.day_alarm;
- acpi_rtc_info.rtc_mon_alarm = acpi_gbl_FADT.month_alarm;
- acpi_rtc_info.rtc_century = acpi_gbl_FADT.century;
+ cmos_rtc.day_alrm = acpi_gbl_FADT.day_alarm;
+ cmos_rtc.mon_alrm = acpi_gbl_FADT.month_alarm;
+ cmos_rtc.century = acpi_gbl_FADT.century;
- /* NOTE: S4_RTC_WAKE is NOT currently useful to Linux */
if (acpi_gbl_FADT.flags & ACPI_FADT_S4_RTC_WAKE)
dev_info(dev, "RTC can wake from S4\n");
- dev->platform_data = &acpi_rtc_info;
-
/* RTC always wakes from S1/S2/S3, and often S4/STD */
device_init_wakeup(dev, 1);
}
@@ -1306,8 +1306,6 @@ static int cmos_pnp_probe(struct pnp_dev *pnp, const struct pnp_device_id *id)
{
int irq, ret;
- cmos_wake_setup(&pnp->dev);
-
if (pnp_port_start(pnp, 0) == 0x70 && !pnp_irq_valid(pnp, 0)) {
irq = 0;
#ifdef CONFIG_X86
@@ -1415,7 +1413,6 @@ static int __init cmos_platform_probe(struct platform_device *pdev)
int irq, ret;
cmos_of_init(pdev);
- cmos_wake_setup(&pdev->dev);
if (RTC_IOMAPPED)
resource = platform_get_resource(pdev, IORESOURCE_IO, 0);
--
2.35.1
^ permalink raw reply related [flat|nested] 529+ messages in thread
* [PATCH 4.19 271/521] rtc: cmos: Call rtc_wake_setup() from cmos_do_probe()
2023-01-16 15:44 [PATCH 4.19 000/521] 4.19.270-rc1 review Greg Kroah-Hartman
` (269 preceding siblings ...)
2023-01-16 15:48 ` [PATCH 4.19 270/521] rtc: cmos: Call cmos_wake_setup() from cmos_do_probe() Greg Kroah-Hartman
@ 2023-01-16 15:48 ` Greg Kroah-Hartman
2023-01-16 15:48 ` [PATCH 4.19 272/521] rtc: cmos: Eliminate forward declarations of some functions Greg Kroah-Hartman
` (253 subsequent siblings)
524 siblings, 0 replies; 529+ messages in thread
From: Greg Kroah-Hartman @ 2023-01-16 15:48 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Rafael J. Wysocki, Zhang Rui,
Andy Shevchenko, Alexandre Belloni, Sasha Levin
From: Rafael J. Wysocki <rafael.j.wysocki@intel.com>
[ Upstream commit 375bbba09692fe4c5218eddee8e312dd733fa846 ]
To reduce code duplication, move the invocation of rtc_wake_setup()
into cmos_do_probe() and simplify the callers of the latter.
No intentional functional impact.
Signed-off-by: Rafael J. Wysocki <rafael.j.wysocki@intel.com>
Reviewed-by: Zhang Rui <rui.zhang@intel.com>
Tested-by: Zhang Rui <rui.zhang@intel.com>
Reviewed-by: Andy Shevchenko <andriy.shevchenko@linux.intel.com>
Link: https://lore.kernel.org/r/2143522.irdbgypaU6@kreacher
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Stable-dep-of: 83ebb7b3036d ("rtc: cmos: Disable ACPI RTC event on removal")
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/rtc/rtc-cmos.c | 28 ++++++++++++----------------
1 file changed, 12 insertions(+), 16 deletions(-)
diff --git a/drivers/rtc/rtc-cmos.c b/drivers/rtc/rtc-cmos.c
index c51f6450daf2..91205797bd0f 100644
--- a/drivers/rtc/rtc-cmos.c
+++ b/drivers/rtc/rtc-cmos.c
@@ -702,6 +702,7 @@ static irqreturn_t cmos_interrupt(int irq, void *p)
return IRQ_NONE;
}
+static inline void rtc_wake_setup(struct device *dev);
static void cmos_wake_setup(struct device *dev);
#ifdef CONFIG_PNP
@@ -889,6 +890,13 @@ cmos_do_probe(struct device *dev, struct resource *ports, int rtc_irq)
if (rtc_nvmem_register(cmos_rtc.rtc, &nvmem_cfg))
dev_err(dev, "nvmem registration failed\n");
+ /*
+ * Everything has gone well so far, so by default register a handler for
+ * the ACPI RTC fixed event.
+ */
+ if (!info)
+ rtc_wake_setup(dev);
+
dev_info(dev, "%s%s, %d bytes nvram%s\n",
!is_valid_irq(rtc_irq) ? "no alarms" :
cmos_rtc.mon_alrm ? "alarms up to one year" :
@@ -1304,7 +1312,7 @@ static void rtc_wake_setup(struct device *dev)
static int cmos_pnp_probe(struct pnp_dev *pnp, const struct pnp_device_id *id)
{
- int irq, ret;
+ int irq;
if (pnp_port_start(pnp, 0) == 0x70 && !pnp_irq_valid(pnp, 0)) {
irq = 0;
@@ -1320,13 +1328,7 @@ static int cmos_pnp_probe(struct pnp_dev *pnp, const struct pnp_device_id *id)
irq = pnp_irq(pnp, 0);
}
- ret = cmos_do_probe(&pnp->dev, pnp_get_resource(pnp, IORESOURCE_IO, 0), irq);
- if (ret)
- return ret;
-
- rtc_wake_setup(&pnp->dev);
-
- return 0;
+ return cmos_do_probe(&pnp->dev, pnp_get_resource(pnp, IORESOURCE_IO, 0), irq);
}
static void cmos_pnp_remove(struct pnp_dev *pnp)
@@ -1410,7 +1412,7 @@ static inline void cmos_of_init(struct platform_device *pdev) {}
static int __init cmos_platform_probe(struct platform_device *pdev)
{
struct resource *resource;
- int irq, ret;
+ int irq;
cmos_of_init(pdev);
@@ -1422,13 +1424,7 @@ static int __init cmos_platform_probe(struct platform_device *pdev)
if (irq < 0)
irq = -1;
- ret = cmos_do_probe(&pdev->dev, resource, irq);
- if (ret)
- return ret;
-
- rtc_wake_setup(&pdev->dev);
-
- return 0;
+ return cmos_do_probe(&pdev->dev, resource, irq);
}
static int cmos_platform_remove(struct platform_device *pdev)
--
2.35.1
^ permalink raw reply related [flat|nested] 529+ messages in thread
* [PATCH 4.19 272/521] rtc: cmos: Eliminate forward declarations of some functions
2023-01-16 15:44 [PATCH 4.19 000/521] 4.19.270-rc1 review Greg Kroah-Hartman
` (270 preceding siblings ...)
2023-01-16 15:48 ` [PATCH 4.19 271/521] rtc: cmos: Call rtc_wake_setup() " Greg Kroah-Hartman
@ 2023-01-16 15:48 ` Greg Kroah-Hartman
2023-01-16 15:48 ` [PATCH 4.19 273/521] rtc: cmos: Rename ACPI-related functions Greg Kroah-Hartman
` (252 subsequent siblings)
524 siblings, 0 replies; 529+ messages in thread
From: Greg Kroah-Hartman @ 2023-01-16 15:48 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Rafael J. Wysocki, Zhang Rui,
Andy Shevchenko, Alexandre Belloni, Sasha Levin
From: Rafael J. Wysocki <rafael.j.wysocki@intel.com>
[ Upstream commit dca4d3b71c8a09a16951add656711fbd6f5bfbb0 ]
Reorder the ACPI-related code before cmos_do_probe() so as to eliminate
excessive forward declarations of some functions.
While at it, for consistency, add the inline modifier to the
definitions of empty stub static funtions and remove it from the
corresponding definitions of functions with non-empty bodies.
No intentional functional impact.
Signed-off-by: Rafael J. Wysocki <rafael.j.wysocki@intel.com>
Reviewed-by: Zhang Rui <rui.zhang@intel.com>
Tested-by: Zhang Rui <rui.zhang@intel.com>
Reviewed-by: Andy Shevchenko <andriy.shevchenko@linux.intel.com>
Link: https://lore.kernel.org/r/13157911.uLZWGnKmhe@kreacher
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Stable-dep-of: 83ebb7b3036d ("rtc: cmos: Disable ACPI RTC event on removal")
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/rtc/rtc-cmos.c | 304 ++++++++++++++++++++---------------------
1 file changed, 149 insertions(+), 155 deletions(-)
diff --git a/drivers/rtc/rtc-cmos.c b/drivers/rtc/rtc-cmos.c
index 91205797bd0f..909cb1d4a4d5 100644
--- a/drivers/rtc/rtc-cmos.c
+++ b/drivers/rtc/rtc-cmos.c
@@ -702,8 +702,155 @@ static irqreturn_t cmos_interrupt(int irq, void *p)
return IRQ_NONE;
}
-static inline void rtc_wake_setup(struct device *dev);
-static void cmos_wake_setup(struct device *dev);
+#ifdef CONFIG_ACPI
+
+#include <linux/acpi.h>
+
+static u32 rtc_handler(void *context)
+{
+ struct device *dev = context;
+ struct cmos_rtc *cmos = dev_get_drvdata(dev);
+ unsigned char rtc_control = 0;
+ unsigned char rtc_intr;
+ unsigned long flags;
+
+
+ /*
+ * Always update rtc irq when ACPI is used as RTC Alarm.
+ * Or else, ACPI SCI is enabled during suspend/resume only,
+ * update rtc irq in that case.
+ */
+ if (cmos_use_acpi_alarm())
+ cmos_interrupt(0, (void *)cmos->rtc);
+ else {
+ /* Fix me: can we use cmos_interrupt() here as well? */
+ spin_lock_irqsave(&rtc_lock, flags);
+ if (cmos_rtc.suspend_ctrl)
+ rtc_control = CMOS_READ(RTC_CONTROL);
+ if (rtc_control & RTC_AIE) {
+ cmos_rtc.suspend_ctrl &= ~RTC_AIE;
+ CMOS_WRITE(rtc_control, RTC_CONTROL);
+ rtc_intr = CMOS_READ(RTC_INTR_FLAGS);
+ rtc_update_irq(cmos->rtc, 1, rtc_intr);
+ }
+ spin_unlock_irqrestore(&rtc_lock, flags);
+ }
+
+ pm_wakeup_hard_event(dev);
+ acpi_clear_event(ACPI_EVENT_RTC);
+ acpi_disable_event(ACPI_EVENT_RTC, 0);
+ return ACPI_INTERRUPT_HANDLED;
+}
+
+static void rtc_wake_setup(struct device *dev)
+{
+ if (acpi_disabled)
+ return;
+
+ acpi_install_fixed_event_handler(ACPI_EVENT_RTC, rtc_handler, dev);
+ /*
+ * After the RTC handler is installed, the Fixed_RTC event should
+ * be disabled. Only when the RTC alarm is set will it be enabled.
+ */
+ acpi_clear_event(ACPI_EVENT_RTC);
+ acpi_disable_event(ACPI_EVENT_RTC, 0);
+}
+
+static void rtc_wake_on(struct device *dev)
+{
+ acpi_clear_event(ACPI_EVENT_RTC);
+ acpi_enable_event(ACPI_EVENT_RTC, 0);
+}
+
+static void rtc_wake_off(struct device *dev)
+{
+ acpi_disable_event(ACPI_EVENT_RTC, 0);
+}
+
+#ifdef CONFIG_X86
+/* Enable use_acpi_alarm mode for Intel platforms no earlier than 2015 */
+static void use_acpi_alarm_quirks(void)
+{
+ if (boot_cpu_data.x86_vendor != X86_VENDOR_INTEL)
+ return;
+
+ if (!is_hpet_enabled())
+ return;
+
+ if (dmi_get_bios_year() < 2015)
+ return;
+
+ use_acpi_alarm = true;
+}
+#else
+static inline void use_acpi_alarm_quirks(void) { }
+#endif
+
+static void cmos_wake_setup(struct device *dev)
+{
+ if (acpi_disabled)
+ return;
+
+ use_acpi_alarm_quirks();
+
+ cmos_rtc.wake_on = rtc_wake_on;
+ cmos_rtc.wake_off = rtc_wake_off;
+
+ /* ACPI tables bug workaround. */
+ if (acpi_gbl_FADT.month_alarm && !acpi_gbl_FADT.day_alarm) {
+ dev_dbg(dev, "bogus FADT month_alarm (%d)\n",
+ acpi_gbl_FADT.month_alarm);
+ acpi_gbl_FADT.month_alarm = 0;
+ }
+
+ cmos_rtc.day_alrm = acpi_gbl_FADT.day_alarm;
+ cmos_rtc.mon_alrm = acpi_gbl_FADT.month_alarm;
+ cmos_rtc.century = acpi_gbl_FADT.century;
+
+ if (acpi_gbl_FADT.flags & ACPI_FADT_S4_RTC_WAKE)
+ dev_info(dev, "RTC can wake from S4\n");
+
+ /* RTC always wakes from S1/S2/S3, and often S4/STD */
+ device_init_wakeup(dev, 1);
+}
+
+static void cmos_check_acpi_rtc_status(struct device *dev,
+ unsigned char *rtc_control)
+{
+ struct cmos_rtc *cmos = dev_get_drvdata(dev);
+ acpi_event_status rtc_status;
+ acpi_status status;
+
+ if (acpi_gbl_FADT.flags & ACPI_FADT_FIXED_RTC)
+ return;
+
+ status = acpi_get_event_status(ACPI_EVENT_RTC, &rtc_status);
+ if (ACPI_FAILURE(status)) {
+ dev_err(dev, "Could not get RTC status\n");
+ } else if (rtc_status & ACPI_EVENT_FLAG_SET) {
+ unsigned char mask;
+ *rtc_control &= ~RTC_AIE;
+ CMOS_WRITE(*rtc_control, RTC_CONTROL);
+ mask = CMOS_READ(RTC_INTR_FLAGS);
+ rtc_update_irq(cmos->rtc, 1, mask);
+ }
+}
+
+#else /* !CONFIG_ACPI */
+
+static inline void rtc_wake_setup(struct device *dev)
+{
+}
+
+static inline void cmos_wake_setup(struct device *dev)
+{
+}
+
+static inline void cmos_check_acpi_rtc_status(struct device *dev,
+ unsigned char *rtc_control)
+{
+}
+#endif /* CONFIG_ACPI */
#ifdef CONFIG_PNP
#define INITSECTION
@@ -1087,9 +1234,6 @@ static void cmos_check_wkalrm(struct device *dev)
}
}
-static void cmos_check_acpi_rtc_status(struct device *dev,
- unsigned char *rtc_control);
-
static int __maybe_unused cmos_resume(struct device *dev)
{
struct cmos_rtc *cmos = dev_get_drvdata(dev);
@@ -1156,156 +1300,6 @@ static SIMPLE_DEV_PM_OPS(cmos_pm_ops, cmos_suspend, cmos_resume);
* predate even PNPBIOS should set up platform_bus devices.
*/
-#ifdef CONFIG_ACPI
-
-#include <linux/acpi.h>
-
-static u32 rtc_handler(void *context)
-{
- struct device *dev = context;
- struct cmos_rtc *cmos = dev_get_drvdata(dev);
- unsigned char rtc_control = 0;
- unsigned char rtc_intr;
- unsigned long flags;
-
-
- /*
- * Always update rtc irq when ACPI is used as RTC Alarm.
- * Or else, ACPI SCI is enabled during suspend/resume only,
- * update rtc irq in that case.
- */
- if (cmos_use_acpi_alarm())
- cmos_interrupt(0, (void *)cmos->rtc);
- else {
- /* Fix me: can we use cmos_interrupt() here as well? */
- spin_lock_irqsave(&rtc_lock, flags);
- if (cmos_rtc.suspend_ctrl)
- rtc_control = CMOS_READ(RTC_CONTROL);
- if (rtc_control & RTC_AIE) {
- cmos_rtc.suspend_ctrl &= ~RTC_AIE;
- CMOS_WRITE(rtc_control, RTC_CONTROL);
- rtc_intr = CMOS_READ(RTC_INTR_FLAGS);
- rtc_update_irq(cmos->rtc, 1, rtc_intr);
- }
- spin_unlock_irqrestore(&rtc_lock, flags);
- }
-
- pm_wakeup_hard_event(dev);
- acpi_clear_event(ACPI_EVENT_RTC);
- acpi_disable_event(ACPI_EVENT_RTC, 0);
- return ACPI_INTERRUPT_HANDLED;
-}
-
-static inline void rtc_wake_setup(struct device *dev)
-{
- if (acpi_disabled)
- return;
-
- acpi_install_fixed_event_handler(ACPI_EVENT_RTC, rtc_handler, dev);
- /*
- * After the RTC handler is installed, the Fixed_RTC event should
- * be disabled. Only when the RTC alarm is set will it be enabled.
- */
- acpi_clear_event(ACPI_EVENT_RTC);
- acpi_disable_event(ACPI_EVENT_RTC, 0);
-}
-
-static void rtc_wake_on(struct device *dev)
-{
- acpi_clear_event(ACPI_EVENT_RTC);
- acpi_enable_event(ACPI_EVENT_RTC, 0);
-}
-
-static void rtc_wake_off(struct device *dev)
-{
- acpi_disable_event(ACPI_EVENT_RTC, 0);
-}
-
-#ifdef CONFIG_X86
-/* Enable use_acpi_alarm mode for Intel platforms no earlier than 2015 */
-static void use_acpi_alarm_quirks(void)
-{
- if (boot_cpu_data.x86_vendor != X86_VENDOR_INTEL)
- return;
-
- if (!is_hpet_enabled())
- return;
-
- if (dmi_get_bios_year() < 2015)
- return;
-
- use_acpi_alarm = true;
-}
-#else
-static inline void use_acpi_alarm_quirks(void) { }
-#endif
-
-static void cmos_wake_setup(struct device *dev)
-{
- if (acpi_disabled)
- return;
-
- use_acpi_alarm_quirks();
-
- cmos_rtc.wake_on = rtc_wake_on;
- cmos_rtc.wake_off = rtc_wake_off;
-
- /* ACPI tables bug workaround. */
- if (acpi_gbl_FADT.month_alarm && !acpi_gbl_FADT.day_alarm) {
- dev_dbg(dev, "bogus FADT month_alarm (%d)\n",
- acpi_gbl_FADT.month_alarm);
- acpi_gbl_FADT.month_alarm = 0;
- }
-
- cmos_rtc.day_alrm = acpi_gbl_FADT.day_alarm;
- cmos_rtc.mon_alrm = acpi_gbl_FADT.month_alarm;
- cmos_rtc.century = acpi_gbl_FADT.century;
-
- if (acpi_gbl_FADT.flags & ACPI_FADT_S4_RTC_WAKE)
- dev_info(dev, "RTC can wake from S4\n");
-
- /* RTC always wakes from S1/S2/S3, and often S4/STD */
- device_init_wakeup(dev, 1);
-}
-
-static void cmos_check_acpi_rtc_status(struct device *dev,
- unsigned char *rtc_control)
-{
- struct cmos_rtc *cmos = dev_get_drvdata(dev);
- acpi_event_status rtc_status;
- acpi_status status;
-
- if (acpi_gbl_FADT.flags & ACPI_FADT_FIXED_RTC)
- return;
-
- status = acpi_get_event_status(ACPI_EVENT_RTC, &rtc_status);
- if (ACPI_FAILURE(status)) {
- dev_err(dev, "Could not get RTC status\n");
- } else if (rtc_status & ACPI_EVENT_FLAG_SET) {
- unsigned char mask;
- *rtc_control &= ~RTC_AIE;
- CMOS_WRITE(*rtc_control, RTC_CONTROL);
- mask = CMOS_READ(RTC_INTR_FLAGS);
- rtc_update_irq(cmos->rtc, 1, mask);
- }
-}
-
-#else
-
-static void cmos_wake_setup(struct device *dev)
-{
-}
-
-static void cmos_check_acpi_rtc_status(struct device *dev,
- unsigned char *rtc_control)
-{
-}
-
-static void rtc_wake_setup(struct device *dev)
-{
-}
-#endif
-
#ifdef CONFIG_PNP
#include <linux/pnp.h>
--
2.35.1
^ permalink raw reply related [flat|nested] 529+ messages in thread
* [PATCH 4.19 273/521] rtc: cmos: Rename ACPI-related functions
2023-01-16 15:44 [PATCH 4.19 000/521] 4.19.270-rc1 review Greg Kroah-Hartman
` (271 preceding siblings ...)
2023-01-16 15:48 ` [PATCH 4.19 272/521] rtc: cmos: Eliminate forward declarations of some functions Greg Kroah-Hartman
@ 2023-01-16 15:48 ` Greg Kroah-Hartman
2023-01-16 15:48 ` [PATCH 4.19 274/521] rtc: cmos: Disable ACPI RTC event on removal Greg Kroah-Hartman
` (251 subsequent siblings)
524 siblings, 0 replies; 529+ messages in thread
From: Greg Kroah-Hartman @ 2023-01-16 15:48 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Rafael J. Wysocki, Zhang Rui,
Andy Shevchenko, Alexandre Belloni, Sasha Levin
From: Rafael J. Wysocki <rafael.j.wysocki@intel.com>
[ Upstream commit d13e9ad9f5146f066a5c5a1cc993d09e4fb21ead ]
The names of rtc_wake_setup() and cmos_wake_setup() don't indicate
that these functions are ACPI-related, which is the case, and the
former doesn't really reflect the role of the function.
Rename them to acpi_rtc_event_setup() and acpi_cmos_wake_setup(),
respectively, to address this shortcoming.
No intentional functional impact.
Signed-off-by: Rafael J. Wysocki <rafael.j.wysocki@intel.com>
Reviewed-by: Zhang Rui <rui.zhang@intel.com>
Tested-by: Zhang Rui <rui.zhang@intel.com>
Reviewed-by: Andy Shevchenko <andriy.shevchenko@linux.intel.com>
Link: https://lore.kernel.org/r/3225614.44csPzL39Z@kreacher
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Stable-dep-of: 83ebb7b3036d ("rtc: cmos: Disable ACPI RTC event on removal")
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/rtc/rtc-cmos.c | 12 ++++++------
1 file changed, 6 insertions(+), 6 deletions(-)
diff --git a/drivers/rtc/rtc-cmos.c b/drivers/rtc/rtc-cmos.c
index 909cb1d4a4d5..0c035c5a5ae6 100644
--- a/drivers/rtc/rtc-cmos.c
+++ b/drivers/rtc/rtc-cmos.c
@@ -742,7 +742,7 @@ static u32 rtc_handler(void *context)
return ACPI_INTERRUPT_HANDLED;
}
-static void rtc_wake_setup(struct device *dev)
+static void acpi_rtc_event_setup(struct device *dev)
{
if (acpi_disabled)
return;
@@ -786,7 +786,7 @@ static void use_acpi_alarm_quirks(void)
static inline void use_acpi_alarm_quirks(void) { }
#endif
-static void cmos_wake_setup(struct device *dev)
+static void acpi_cmos_wake_setup(struct device *dev)
{
if (acpi_disabled)
return;
@@ -838,11 +838,11 @@ static void cmos_check_acpi_rtc_status(struct device *dev,
#else /* !CONFIG_ACPI */
-static inline void rtc_wake_setup(struct device *dev)
+static inline void acpi_rtc_event_setup(struct device *dev)
{
}
-static inline void cmos_wake_setup(struct device *dev)
+static inline void acpi_cmos_wake_setup(struct device *dev)
{
}
@@ -944,7 +944,7 @@ cmos_do_probe(struct device *dev, struct resource *ports, int rtc_irq)
cmos_rtc.wake_off = info->wake_off;
}
} else {
- cmos_wake_setup(dev);
+ acpi_cmos_wake_setup(dev);
}
if (cmos_rtc.day_alrm >= 128)
@@ -1042,7 +1042,7 @@ cmos_do_probe(struct device *dev, struct resource *ports, int rtc_irq)
* the ACPI RTC fixed event.
*/
if (!info)
- rtc_wake_setup(dev);
+ acpi_rtc_event_setup(dev);
dev_info(dev, "%s%s, %d bytes nvram%s\n",
!is_valid_irq(rtc_irq) ? "no alarms" :
--
2.35.1
^ permalink raw reply related [flat|nested] 529+ messages in thread
* [PATCH 4.19 274/521] rtc: cmos: Disable ACPI RTC event on removal
2023-01-16 15:44 [PATCH 4.19 000/521] 4.19.270-rc1 review Greg Kroah-Hartman
` (272 preceding siblings ...)
2023-01-16 15:48 ` [PATCH 4.19 273/521] rtc: cmos: Rename ACPI-related functions Greg Kroah-Hartman
@ 2023-01-16 15:48 ` Greg Kroah-Hartman
2023-01-16 15:48 ` [PATCH 4.19 275/521] rtc: snvs: Allow a time difference on clock register read Greg Kroah-Hartman
` (250 subsequent siblings)
524 siblings, 0 replies; 529+ messages in thread
From: Greg Kroah-Hartman @ 2023-01-16 15:48 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Rafael J. Wysocki, Zhang Rui,
Andy Shevchenko, Alexandre Belloni, Sasha Levin
From: Rafael J. Wysocki <rafael.j.wysocki@intel.com>
[ Upstream commit 83ebb7b3036d151ee39a4a752018665648fc3bd4 ]
Make cmos_do_remove() drop the ACPI RTC fixed event handler so as to
prevent it from operating on stale data in case the event triggers
after driver removal.
Fixes: 311ee9c151ad ("rtc: cmos: allow using ACPI for RTC alarm instead of HPET")
Signed-off-by: Rafael J. Wysocki <rafael.j.wysocki@intel.com>
Reviewed-by: Zhang Rui <rui.zhang@intel.com>
Tested-by: Zhang Rui <rui.zhang@intel.com>
Reviewed-by: Andy Shevchenko <andriy.shevchenko@linux.intel.com>
Link: https://lore.kernel.org/r/2224609.iZASKD2KPV@kreacher
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/rtc/rtc-cmos.c | 15 +++++++++++++++
1 file changed, 15 insertions(+)
diff --git a/drivers/rtc/rtc-cmos.c b/drivers/rtc/rtc-cmos.c
index 0c035c5a5ae6..5354c12f6b2a 100644
--- a/drivers/rtc/rtc-cmos.c
+++ b/drivers/rtc/rtc-cmos.c
@@ -756,6 +756,14 @@ static void acpi_rtc_event_setup(struct device *dev)
acpi_disable_event(ACPI_EVENT_RTC, 0);
}
+static void acpi_rtc_event_cleanup(void)
+{
+ if (acpi_disabled)
+ return;
+
+ acpi_remove_fixed_event_handler(ACPI_EVENT_RTC, rtc_handler);
+}
+
static void rtc_wake_on(struct device *dev)
{
acpi_clear_event(ACPI_EVENT_RTC);
@@ -842,6 +850,10 @@ static inline void acpi_rtc_event_setup(struct device *dev)
{
}
+static inline void acpi_rtc_event_cleanup(void)
+{
+}
+
static inline void acpi_cmos_wake_setup(struct device *dev)
{
}
@@ -1089,6 +1101,9 @@ static void cmos_do_remove(struct device *dev)
hpet_unregister_irq_handler(cmos_interrupt);
}
+ if (!dev_get_platdata(dev))
+ acpi_rtc_event_cleanup();
+
cmos->rtc = NULL;
ports = cmos->iomem;
--
2.35.1
^ permalink raw reply related [flat|nested] 529+ messages in thread
* [PATCH 4.19 275/521] rtc: snvs: Allow a time difference on clock register read
2023-01-16 15:44 [PATCH 4.19 000/521] 4.19.270-rc1 review Greg Kroah-Hartman
` (273 preceding siblings ...)
2023-01-16 15:48 ` [PATCH 4.19 274/521] rtc: cmos: Disable ACPI RTC event on removal Greg Kroah-Hartman
@ 2023-01-16 15:48 ` Greg Kroah-Hartman
2023-01-16 15:48 ` [PATCH 4.19 276/521] iommu/amd: Fix pci device refcount leak in ppr_notifier() Greg Kroah-Hartman
` (249 subsequent siblings)
524 siblings, 0 replies; 529+ messages in thread
From: Greg Kroah-Hartman @ 2023-01-16 15:48 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Francesco Dolcini,
Stefan Eichenberger, Francesco Dolcini, Alexandre Belloni,
Sasha Levin
From: Stefan Eichenberger <stefan.eichenberger@toradex.com>
[ Upstream commit 0462681e207ccc44778a77b3297af728b1cf5b9f ]
On an iMX6ULL the following message appears when a wakealarm is set:
echo 0 > /sys/class/rtc/rtc1/wakealarm
rtc rtc1: Timeout trying to get valid LPSRT Counter read
This does not always happen but is reproducible quite often (7 out of 10
times). The problem appears because the iMX6ULL is not able to read the
registers within one 32kHz clock cycle which is the base clock of the
RTC. Therefore, this patch allows a difference of up to 320 cycles
(10ms). 10ms was chosen to be big enough even on systems with less cpu
power (e.g. iMX6ULL). According to the reference manual a difference is
fine:
- If the two consecutive reads are similar, the value is correct.
The values have to be similar, not equal.
Fixes: cd7f3a249dbe ("rtc: snvs: Add timeouts to avoid kernel lockups")
Reviewed-by: Francesco Dolcini <francesco.dolcini@toradex.com>
Signed-off-by: Stefan Eichenberger <stefan.eichenberger@toradex.com>
Signed-off-by: Francesco Dolcini <francesco@dolcini.it>
Link: https://lore.kernel.org/r/20221106115915.7930-1-francesco@dolcini.it
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/rtc/rtc-snvs.c | 16 ++++++++++++++--
1 file changed, 14 insertions(+), 2 deletions(-)
diff --git a/drivers/rtc/rtc-snvs.c b/drivers/rtc/rtc-snvs.c
index 3cf011e12053..b1e13f2877ad 100644
--- a/drivers/rtc/rtc-snvs.c
+++ b/drivers/rtc/rtc-snvs.c
@@ -32,6 +32,14 @@
#define SNVS_LPPGDR_INIT 0x41736166
#define CNTR_TO_SECS_SH 15
+/* The maximum RTC clock cycles that are allowed to pass between two
+ * consecutive clock counter register reads. If the values are corrupted a
+ * bigger difference is expected. The RTC frequency is 32kHz. With 320 cycles
+ * we end at 10ms which should be enough for most cases. If it once takes
+ * longer than expected we do a retry.
+ */
+#define MAX_RTC_READ_DIFF_CYCLES 320
+
struct snvs_rtc_data {
struct rtc_device *rtc;
struct regmap *regmap;
@@ -56,6 +64,7 @@ static u64 rtc_read_lpsrt(struct snvs_rtc_data *data)
static u32 rtc_read_lp_counter(struct snvs_rtc_data *data)
{
u64 read1, read2;
+ s64 diff;
unsigned int timeout = 100;
/* As expected, the registers might update between the read of the LSB
@@ -66,7 +75,8 @@ static u32 rtc_read_lp_counter(struct snvs_rtc_data *data)
do {
read2 = read1;
read1 = rtc_read_lpsrt(data);
- } while (read1 != read2 && --timeout);
+ diff = read1 - read2;
+ } while (((diff < 0) || (diff > MAX_RTC_READ_DIFF_CYCLES)) && --timeout);
if (!timeout)
dev_err(&data->rtc->dev, "Timeout trying to get valid LPSRT Counter read\n");
@@ -78,13 +88,15 @@ static u32 rtc_read_lp_counter(struct snvs_rtc_data *data)
static int rtc_read_lp_counter_lsb(struct snvs_rtc_data *data, u32 *lsb)
{
u32 count1, count2;
+ s32 diff;
unsigned int timeout = 100;
regmap_read(data->regmap, data->offset + SNVS_LPSRTCLR, &count1);
do {
count2 = count1;
regmap_read(data->regmap, data->offset + SNVS_LPSRTCLR, &count1);
- } while (count1 != count2 && --timeout);
+ diff = count1 - count2;
+ } while (((diff < 0) || (diff > MAX_RTC_READ_DIFF_CYCLES)) && --timeout);
if (!timeout) {
dev_err(&data->rtc->dev, "Timeout trying to get valid LPSRT Counter read\n");
return -ETIMEDOUT;
--
2.35.1
^ permalink raw reply related [flat|nested] 529+ messages in thread
* [PATCH 4.19 276/521] iommu/amd: Fix pci device refcount leak in ppr_notifier()
2023-01-16 15:44 [PATCH 4.19 000/521] 4.19.270-rc1 review Greg Kroah-Hartman
` (274 preceding siblings ...)
2023-01-16 15:48 ` [PATCH 4.19 275/521] rtc: snvs: Allow a time difference on clock register read Greg Kroah-Hartman
@ 2023-01-16 15:48 ` Greg Kroah-Hartman
2023-01-16 15:48 ` [PATCH 4.19 277/521] iommu/fsl_pamu: Fix resource leak in fsl_pamu_probe() Greg Kroah-Hartman
` (248 subsequent siblings)
524 siblings, 0 replies; 529+ messages in thread
From: Greg Kroah-Hartman @ 2023-01-16 15:48 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Yang Yingliang, Joerg Roedel, Sasha Levin
From: Yang Yingliang <yangyingliang@huawei.com>
[ Upstream commit 6cf0981c2233f97d56938d9d61845383d6eb227c ]
As comment of pci_get_domain_bus_and_slot() says, it returns
a pci device with refcount increment, when finish using it,
the caller must decrement the reference count by calling
pci_dev_put(). So call it before returning from ppr_notifier()
to avoid refcount leak.
Fixes: daae2d25a477 ("iommu/amd: Don't copy GCR3 table root pointer")
Signed-off-by: Yang Yingliang <yangyingliang@huawei.com>
Link: https://lore.kernel.org/r/20221118093604.216371-1-yangyingliang@huawei.com
Signed-off-by: Joerg Roedel <jroedel@suse.de>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/iommu/amd_iommu_v2.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/drivers/iommu/amd_iommu_v2.c b/drivers/iommu/amd_iommu_v2.c
index 7a59a8ebac10..387b72b7e7b3 100644
--- a/drivers/iommu/amd_iommu_v2.c
+++ b/drivers/iommu/amd_iommu_v2.c
@@ -626,6 +626,7 @@ static int ppr_notifier(struct notifier_block *nb, unsigned long e, void *data)
put_device_state(dev_state);
out:
+ pci_dev_put(pdev);
return ret;
}
--
2.35.1
^ permalink raw reply related [flat|nested] 529+ messages in thread
* [PATCH 4.19 277/521] iommu/fsl_pamu: Fix resource leak in fsl_pamu_probe()
2023-01-16 15:44 [PATCH 4.19 000/521] 4.19.270-rc1 review Greg Kroah-Hartman
` (275 preceding siblings ...)
2023-01-16 15:48 ` [PATCH 4.19 276/521] iommu/amd: Fix pci device refcount leak in ppr_notifier() Greg Kroah-Hartman
@ 2023-01-16 15:48 ` Greg Kroah-Hartman
2023-01-16 15:49 ` [PATCH 4.19 278/521] macintosh: fix possible memory leak in macio_add_one_device() Greg Kroah-Hartman
` (247 subsequent siblings)
524 siblings, 0 replies; 529+ messages in thread
From: Greg Kroah-Hartman @ 2023-01-16 15:48 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Yuan Can, Joerg Roedel, Sasha Levin
From: Yuan Can <yuancan@huawei.com>
[ Upstream commit 73f5fc5f884ad0c5f7d57f66303af64f9f002526 ]
The fsl_pamu_probe() returns directly when create_csd() failed, leaving
irq and memories unreleased.
Fix by jumping to error if create_csd() returns error.
Fixes: 695093e38c3e ("iommu/fsl: Freescale PAMU driver and iommu implementation.")
Signed-off-by: Yuan Can <yuancan@huawei.com>
Link: https://lore.kernel.org/r/20221121082022.19091-1-yuancan@huawei.com
Signed-off-by: Joerg Roedel <jroedel@suse.de>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/iommu/fsl_pamu.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/iommu/fsl_pamu.c b/drivers/iommu/fsl_pamu.c
index 8540625796a1..b6a0c6d3b204 100644
--- a/drivers/iommu/fsl_pamu.c
+++ b/drivers/iommu/fsl_pamu.c
@@ -1134,7 +1134,7 @@ static int fsl_pamu_probe(struct platform_device *pdev)
ret = create_csd(ppaact_phys, mem_size, csd_port_id);
if (ret) {
dev_err(dev, "could not create coherence subdomain\n");
- return ret;
+ goto error;
}
}
--
2.35.1
^ permalink raw reply related [flat|nested] 529+ messages in thread
* [PATCH 4.19 278/521] macintosh: fix possible memory leak in macio_add_one_device()
2023-01-16 15:44 [PATCH 4.19 000/521] 4.19.270-rc1 review Greg Kroah-Hartman
` (276 preceding siblings ...)
2023-01-16 15:48 ` [PATCH 4.19 277/521] iommu/fsl_pamu: Fix resource leak in fsl_pamu_probe() Greg Kroah-Hartman
@ 2023-01-16 15:49 ` Greg Kroah-Hartman
2023-01-16 15:49 ` [PATCH 4.19 279/521] macintosh/macio-adb: check the return value of ioremap() Greg Kroah-Hartman
` (246 subsequent siblings)
524 siblings, 0 replies; 529+ messages in thread
From: Greg Kroah-Hartman @ 2023-01-16 15:49 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Yang Yingliang, Michael Ellerman,
Sasha Levin
From: Yang Yingliang <yangyingliang@huawei.com>
[ Upstream commit 5ca86eae55a2f006e6c1edd2029b2cacb6979515 ]
Afer commit 1fa5ae857bb1 ("driver core: get rid of struct device's
bus_id string array"), the name of device is allocated dynamically. It
needs to be freed when of_device_register() fails. Call put_device() to
give up the reference that's taken in device_initialize(), so that it
can be freed in kobject_cleanup() when the refcount hits 0.
macio device is freed in macio_release_dev(), so the kfree() can be
removed.
Fixes: 1fa5ae857bb1 ("driver core: get rid of struct device's bus_id string array")
Signed-off-by: Yang Yingliang <yangyingliang@huawei.com>
Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>
Link: https://lore.kernel.org/r/20221104032551.1075335-1-yangyingliang@huawei.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/macintosh/macio_asic.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/macintosh/macio_asic.c b/drivers/macintosh/macio_asic.c
index 07074820a167..12c360ebd7e9 100644
--- a/drivers/macintosh/macio_asic.c
+++ b/drivers/macintosh/macio_asic.c
@@ -427,7 +427,7 @@ static struct macio_dev * macio_add_one_device(struct macio_chip *chip,
if (of_device_register(&dev->ofdev) != 0) {
printk(KERN_DEBUG"macio: device registration error for %s!\n",
dev_name(&dev->ofdev.dev));
- kfree(dev);
+ put_device(&dev->ofdev.dev);
return NULL;
}
--
2.35.1
^ permalink raw reply related [flat|nested] 529+ messages in thread
* [PATCH 4.19 279/521] macintosh/macio-adb: check the return value of ioremap()
2023-01-16 15:44 [PATCH 4.19 000/521] 4.19.270-rc1 review Greg Kroah-Hartman
` (277 preceding siblings ...)
2023-01-16 15:49 ` [PATCH 4.19 278/521] macintosh: fix possible memory leak in macio_add_one_device() Greg Kroah-Hartman
@ 2023-01-16 15:49 ` Greg Kroah-Hartman
2023-01-16 15:49 ` [PATCH 4.19 280/521] powerpc/52xx: Fix a resource leak in an error handling path Greg Kroah-Hartman
` (245 subsequent siblings)
524 siblings, 0 replies; 529+ messages in thread
From: Greg Kroah-Hartman @ 2023-01-16 15:49 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Hacash Robot, Xie Shaowen,
Michael Ellerman, Sasha Levin
From: Xie Shaowen <studentxswpy@163.com>
[ Upstream commit dbaa3105736d4d73063ea0a3b01cd7fafce924e6 ]
The function ioremap() in macio_init() can fail, so its return value
should be checked.
Fixes: 36874579dbf4c ("[PATCH] powerpc: macio-adb build fix")
Reported-by: Hacash Robot <hacashRobot@santino.com>
Signed-off-by: Xie Shaowen <studentxswpy@163.com>
Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>
Link: https://lore.kernel.org/r/20220802074148.3213659-1-studentxswpy@163.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/macintosh/macio-adb.c | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/drivers/macintosh/macio-adb.c b/drivers/macintosh/macio-adb.c
index eb3adfb7f88d..172a8b18c579 100644
--- a/drivers/macintosh/macio-adb.c
+++ b/drivers/macintosh/macio-adb.c
@@ -106,6 +106,10 @@ int macio_init(void)
return -ENXIO;
}
adb = ioremap(r.start, sizeof(struct adb_regs));
+ if (!adb) {
+ of_node_put(adbs);
+ return -ENOMEM;
+ }
out_8(&adb->ctrl.r, 0);
out_8(&adb->intr.r, 0);
--
2.35.1
^ permalink raw reply related [flat|nested] 529+ messages in thread
* [PATCH 4.19 280/521] powerpc/52xx: Fix a resource leak in an error handling path
2023-01-16 15:44 [PATCH 4.19 000/521] 4.19.270-rc1 review Greg Kroah-Hartman
` (278 preceding siblings ...)
2023-01-16 15:49 ` [PATCH 4.19 279/521] macintosh/macio-adb: check the return value of ioremap() Greg Kroah-Hartman
@ 2023-01-16 15:49 ` Greg Kroah-Hartman
2023-01-16 15:49 ` [PATCH 4.19 281/521] cxl: Fix refcount leak in cxl_calc_capp_routing Greg Kroah-Hartman
` (244 subsequent siblings)
524 siblings, 0 replies; 529+ messages in thread
From: Greg Kroah-Hartman @ 2023-01-16 15:49 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Christophe JAILLET,
Michael Ellerman, Sasha Levin
From: Christophe JAILLET <christophe.jaillet@wanadoo.fr>
[ Upstream commit 5836947613ef33d311b4eff6a32d019580a214f5 ]
The error handling path of mpc52xx_lpbfifo_probe() has a request_irq()
that is not balanced by a corresponding free_irq().
Add the missing call, as already done in the remove function.
Fixes: 3c9059d79f5e ("powerpc/5200: add LocalPlus bus FIFO device driver")
Signed-off-by: Christophe JAILLET <christophe.jaillet@wanadoo.fr>
Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>
Link: https://lore.kernel.org/r/dec1496d46ccd5311d0f6e9f9ca4238be11bf6a6.1643440531.git.christophe.jaillet@wanadoo.fr
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/powerpc/platforms/52xx/mpc52xx_lpbfifo.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/arch/powerpc/platforms/52xx/mpc52xx_lpbfifo.c b/arch/powerpc/platforms/52xx/mpc52xx_lpbfifo.c
index 7bb42a0100de..caaaaf2bea52 100644
--- a/arch/powerpc/platforms/52xx/mpc52xx_lpbfifo.c
+++ b/arch/powerpc/platforms/52xx/mpc52xx_lpbfifo.c
@@ -531,6 +531,7 @@ static int mpc52xx_lpbfifo_probe(struct platform_device *op)
err_bcom_rx_irq:
bcom_gen_bd_rx_release(lpbfifo.bcom_rx_task);
err_bcom_rx:
+ free_irq(lpbfifo.irq, &lpbfifo);
err_irq:
iounmap(lpbfifo.regs);
lpbfifo.regs = NULL;
--
2.35.1
^ permalink raw reply related [flat|nested] 529+ messages in thread
* [PATCH 4.19 281/521] cxl: Fix refcount leak in cxl_calc_capp_routing
2023-01-16 15:44 [PATCH 4.19 000/521] 4.19.270-rc1 review Greg Kroah-Hartman
` (279 preceding siblings ...)
2023-01-16 15:49 ` [PATCH 4.19 280/521] powerpc/52xx: Fix a resource leak in an error handling path Greg Kroah-Hartman
@ 2023-01-16 15:49 ` Greg Kroah-Hartman
2023-01-16 15:49 ` [PATCH 4.19 282/521] powerpc/xive: add missing iounmap() in error path in xive_spapr_populate_irq_data() Greg Kroah-Hartman
` (243 subsequent siblings)
524 siblings, 0 replies; 529+ messages in thread
From: Greg Kroah-Hartman @ 2023-01-16 15:49 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Miaoqian Lin, Andrew Donnellan,
Frederic Barrat, Michael Ellerman, Sasha Levin
From: Miaoqian Lin <linmq006@gmail.com>
[ Upstream commit 1d09697ff22908ae487fc8c4fbde1811732be523 ]
of_get_next_parent() returns a node pointer with refcount incremented,
we should use of_node_put() on it when not need anymore.
This function only calls of_node_put() in normal path,
missing it in the error path.
Add missing of_node_put() to avoid refcount leak.
Fixes: f24be42aab37 ("cxl: Add psl9 specific code")
Signed-off-by: Miaoqian Lin <linmq006@gmail.com>
Acked-by: Andrew Donnellan <ajd@linux.ibm.com>
Acked-by: Frederic Barrat <fbarrat@linux.ibm.com>
Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>
Link: https://lore.kernel.org/r/20220605060038.62217-1-linmq006@gmail.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/misc/cxl/pci.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/drivers/misc/cxl/pci.c b/drivers/misc/cxl/pci.c
index acb4a339f5fe..8dbb1998c312 100644
--- a/drivers/misc/cxl/pci.c
+++ b/drivers/misc/cxl/pci.c
@@ -391,6 +391,7 @@ int cxl_calc_capp_routing(struct pci_dev *dev, u64 *chipid,
rc = get_phb_index(np, phb_index);
if (rc) {
pr_err("cxl: invalid phb index\n");
+ of_node_put(np);
return rc;
}
--
2.35.1
^ permalink raw reply related [flat|nested] 529+ messages in thread
* [PATCH 4.19 282/521] powerpc/xive: add missing iounmap() in error path in xive_spapr_populate_irq_data()
2023-01-16 15:44 [PATCH 4.19 000/521] 4.19.270-rc1 review Greg Kroah-Hartman
` (280 preceding siblings ...)
2023-01-16 15:49 ` [PATCH 4.19 281/521] cxl: Fix refcount leak in cxl_calc_capp_routing Greg Kroah-Hartman
@ 2023-01-16 15:49 ` Greg Kroah-Hartman
2023-01-16 15:49 ` [PATCH 4.19 283/521] powerpc/perf: callchain validate kernel stack pointer bounds Greg Kroah-Hartman
` (242 subsequent siblings)
524 siblings, 0 replies; 529+ messages in thread
From: Greg Kroah-Hartman @ 2023-01-16 15:49 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Yang Yingliang,
Cédric Le Goater, Michael Ellerman, Sasha Levin
From: Yang Yingliang <yangyingliang@huawei.com>
[ Upstream commit 8b49670f3bb3f10cd4d5a6dca17f5a31b173ecdc ]
If remapping 'data->trig_page' fails, the 'data->eoi_mmio' need be unmapped
before returning from xive_spapr_populate_irq_data().
Fixes: eac1e731b59e ("powerpc/xive: guest exploitation of the XIVE interrupt controller")
Signed-off-by: Yang Yingliang <yangyingliang@huawei.com>
Reviewed-by: Cédric Le Goater <clg@kaod.org>
Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>
Link: https://lore.kernel.org/r/20221017032333.1852406-1-yangyingliang@huawei.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/powerpc/sysdev/xive/spapr.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/arch/powerpc/sysdev/xive/spapr.c b/arch/powerpc/sysdev/xive/spapr.c
index aa705732150c..ac1eb674f9d6 100644
--- a/arch/powerpc/sysdev/xive/spapr.c
+++ b/arch/powerpc/sysdev/xive/spapr.c
@@ -389,6 +389,7 @@ static int xive_spapr_populate_irq_data(u32 hw_irq, struct xive_irq_data *data)
data->trig_mmio = ioremap(data->trig_page, 1u << data->esb_shift);
if (!data->trig_mmio) {
+ iounmap(data->eoi_mmio);
pr_err("Failed to map trigger page for irq 0x%x\n", hw_irq);
return -ENOMEM;
}
--
2.35.1
^ permalink raw reply related [flat|nested] 529+ messages in thread
* [PATCH 4.19 283/521] powerpc/perf: callchain validate kernel stack pointer bounds
2023-01-16 15:44 [PATCH 4.19 000/521] 4.19.270-rc1 review Greg Kroah-Hartman
` (281 preceding siblings ...)
2023-01-16 15:49 ` [PATCH 4.19 282/521] powerpc/xive: add missing iounmap() in error path in xive_spapr_populate_irq_data() Greg Kroah-Hartman
@ 2023-01-16 15:49 ` Greg Kroah-Hartman
2023-01-16 15:49 ` [PATCH 4.19 284/521] powerpc/83xx/mpc832x_rdb: call platform_device_put() in error case in of_fsl_spi_probe() Greg Kroah-Hartman
` (241 subsequent siblings)
524 siblings, 0 replies; 529+ messages in thread
From: Greg Kroah-Hartman @ 2023-01-16 15:49 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Nicholas Piggin, Michael Ellerman,
Sasha Levin
From: Nicholas Piggin <npiggin@gmail.com>
[ Upstream commit 32c5209214bd8d4f8c4e9d9b630ef4c671f58e79 ]
The interrupt frame detection and loads from the hypothetical pt_regs
are not bounds-checked. The next-frame validation only bounds-checks
STACK_FRAME_OVERHEAD, which does not include the pt_regs. Add another
test for this.
The user could set r1 to be equal to the address matching the first
interrupt frame - STACK_INT_FRAME_SIZE, which is in the previous page
due to the kernel redzone, and induce the kernel to load the marker from
there. Possibly this could cause a crash at least. If the user could
induce the previous page to contain a valid marker, then it might be
able to direct perf to read specific memory addresses in a way that
could be transmitted back to the user in the perf data.
Fixes: 20002ded4d93 ("perf_counter: powerpc: Add callchain support")
Signed-off-by: Nicholas Piggin <npiggin@gmail.com>
Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>
Link: https://lore.kernel.org/r/20221127124942.1665522-4-npiggin@gmail.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/powerpc/perf/callchain.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/arch/powerpc/perf/callchain.c b/arch/powerpc/perf/callchain.c
index 0af051a1974e..26a31a3b661e 100644
--- a/arch/powerpc/perf/callchain.c
+++ b/arch/powerpc/perf/callchain.c
@@ -68,6 +68,7 @@ perf_callchain_kernel(struct perf_callchain_entry_ctx *entry, struct pt_regs *re
next_sp = fp[0];
if (next_sp == sp + STACK_INT_FRAME_SIZE &&
+ validate_sp(sp, current, STACK_INT_FRAME_SIZE) &&
fp[STACK_FRAME_MARKER] == STACK_FRAME_REGS_MARKER) {
/*
* This looks like an interrupt frame for an
--
2.35.1
^ permalink raw reply related [flat|nested] 529+ messages in thread
* [PATCH 4.19 284/521] powerpc/83xx/mpc832x_rdb: call platform_device_put() in error case in of_fsl_spi_probe()
2023-01-16 15:44 [PATCH 4.19 000/521] 4.19.270-rc1 review Greg Kroah-Hartman
` (282 preceding siblings ...)
2023-01-16 15:49 ` [PATCH 4.19 283/521] powerpc/perf: callchain validate kernel stack pointer bounds Greg Kroah-Hartman
@ 2023-01-16 15:49 ` Greg Kroah-Hartman
2023-01-16 15:49 ` [PATCH 4.19 285/521] powerpc/hv-gpci: Fix hv_gpci event list Greg Kroah-Hartman
` (240 subsequent siblings)
524 siblings, 0 replies; 529+ messages in thread
From: Greg Kroah-Hartman @ 2023-01-16 15:49 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Yang Yingliang, Michael Ellerman,
Sasha Levin
From: Yang Yingliang <yangyingliang@huawei.com>
[ Upstream commit 4d0eea415216fe3791da2f65eb41399e70c7bedf ]
If platform_device_add() is not called or failed, it can not call
platform_device_del() to clean up memory, it should call
platform_device_put() in error case.
Fixes: 26f6cb999366 ("[POWERPC] fsl_soc: add support for fsl_spi")
Signed-off-by: Yang Yingliang <yangyingliang@huawei.com>
Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>
Link: https://lore.kernel.org/r/20221029111626.429971-1-yangyingliang@huawei.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/powerpc/platforms/83xx/mpc832x_rdb.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/arch/powerpc/platforms/83xx/mpc832x_rdb.c b/arch/powerpc/platforms/83xx/mpc832x_rdb.c
index 438986593873..bfebfc67b23f 100644
--- a/arch/powerpc/platforms/83xx/mpc832x_rdb.c
+++ b/arch/powerpc/platforms/83xx/mpc832x_rdb.c
@@ -111,7 +111,7 @@ static int __init of_fsl_spi_probe(char *type, char *compatible, u32 sysclk,
goto next;
unreg:
- platform_device_del(pdev);
+ platform_device_put(pdev);
err:
pr_err("%pOF: registration failed\n", np);
next:
--
2.35.1
^ permalink raw reply related [flat|nested] 529+ messages in thread
* [PATCH 4.19 285/521] powerpc/hv-gpci: Fix hv_gpci event list
2023-01-16 15:44 [PATCH 4.19 000/521] 4.19.270-rc1 review Greg Kroah-Hartman
` (283 preceding siblings ...)
2023-01-16 15:49 ` [PATCH 4.19 284/521] powerpc/83xx/mpc832x_rdb: call platform_device_put() in error case in of_fsl_spi_probe() Greg Kroah-Hartman
@ 2023-01-16 15:49 ` Greg Kroah-Hartman
2023-01-16 15:49 ` [PATCH 4.19 286/521] selftests/powerpc: Fix resource leaks Greg Kroah-Hartman
` (239 subsequent siblings)
524 siblings, 0 replies; 529+ messages in thread
From: Greg Kroah-Hartman @ 2023-01-16 15:49 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Kajol Jain, Madhavan Srinivasan,
Athira Rajeev, Michael Ellerman, Sasha Levin
From: Kajol Jain <kjain@linux.ibm.com>
[ Upstream commit 03f7c1d2a49acd30e38789cd809d3300721e9b0e ]
Based on getPerfCountInfo v1.018 documentation, some of the
hv_gpci events were deprecated for platform firmware that
supports counter_info_version 0x8 or above.
Fix the hv_gpci event list by adding a new attribute group
called "hv_gpci_event_attrs_v6" and a "ENABLE_EVENTS_COUNTERINFO_V6"
macro to enable these events for platform firmware
that supports counter_info_version 0x6 or below. And assigning
the hv_gpci event list based on output counter info version
of underlying plaform.
Fixes: 97bf2640184f ("powerpc/perf/hv-gpci: add the remaining gpci requests")
Signed-off-by: Kajol Jain <kjain@linux.ibm.com>
Reviewed-by: Madhavan Srinivasan <maddy@linux.ibm.com>
Reviewed-by: Athira Rajeev <atrajeev@linux.vnet.ibm.com>
Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>
Link: https://lore.kernel.org/r/20221130174513.87501-1-kjain@linux.ibm.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/powerpc/perf/hv-gpci-requests.h | 4 ++++
arch/powerpc/perf/hv-gpci.c | 33 +++++++++++++++++++++++++++-
arch/powerpc/perf/hv-gpci.h | 1 +
arch/powerpc/perf/req-gen/perf.h | 20 +++++++++++++++++
4 files changed, 57 insertions(+), 1 deletion(-)
diff --git a/arch/powerpc/perf/hv-gpci-requests.h b/arch/powerpc/perf/hv-gpci-requests.h
index 8965b4463d43..5e86371a20c7 100644
--- a/arch/powerpc/perf/hv-gpci-requests.h
+++ b/arch/powerpc/perf/hv-gpci-requests.h
@@ -79,6 +79,7 @@ REQUEST(__field(0, 8, partition_id)
)
#include I(REQUEST_END)
+#ifdef ENABLE_EVENTS_COUNTERINFO_V6
/*
* Not available for counter_info_version >= 0x8, use
* run_instruction_cycles_by_partition(0x100) instead.
@@ -92,6 +93,7 @@ REQUEST(__field(0, 8, partition_id)
__count(0x10, 8, cycles)
)
#include I(REQUEST_END)
+#endif
#define REQUEST_NAME system_performance_capabilities
#define REQUEST_NUM 0x40
@@ -103,6 +105,7 @@ REQUEST(__field(0, 1, perf_collect_privileged)
)
#include I(REQUEST_END)
+#ifdef ENABLE_EVENTS_COUNTERINFO_V6
#define REQUEST_NAME processor_bus_utilization_abc_links
#define REQUEST_NUM 0x50
#define REQUEST_IDX_KIND "hw_chip_id=?"
@@ -194,6 +197,7 @@ REQUEST(__field(0, 4, phys_processor_idx)
__count(0x28, 8, instructions_completed)
)
#include I(REQUEST_END)
+#endif
/* Processor_core_power_mode (0x95) skipped, no counters */
/* Affinity_domain_information_by_virtual_processor (0xA0) skipped,
diff --git a/arch/powerpc/perf/hv-gpci.c b/arch/powerpc/perf/hv-gpci.c
index 160b86d9d819..126409bb5626 100644
--- a/arch/powerpc/perf/hv-gpci.c
+++ b/arch/powerpc/perf/hv-gpci.c
@@ -74,7 +74,7 @@ static struct attribute_group format_group = {
static struct attribute_group event_group = {
.name = "events",
- .attrs = hv_gpci_event_attrs,
+ /* .attrs is set in init */
};
#define HV_CAPS_ATTR(_name, _format) \
@@ -292,6 +292,7 @@ static int hv_gpci_init(void)
int r;
unsigned long hret;
struct hv_perf_caps caps;
+ struct hv_gpci_request_buffer *arg;
hv_gpci_assert_offsets_correct();
@@ -310,6 +311,36 @@ static int hv_gpci_init(void)
/* sampling not supported */
h_gpci_pmu.capabilities |= PERF_PMU_CAP_NO_INTERRUPT;
+ arg = (void *)get_cpu_var(hv_gpci_reqb);
+ memset(arg, 0, HGPCI_REQ_BUFFER_SIZE);
+
+ /*
+ * hcall H_GET_PERF_COUNTER_INFO populates the output
+ * counter_info_version value based on the system hypervisor.
+ * Pass the counter request 0x10 corresponds to request type
+ * 'Dispatch_timebase_by_processor', to get the supported
+ * counter_info_version.
+ */
+ arg->params.counter_request = cpu_to_be32(0x10);
+
+ r = plpar_hcall_norets(H_GET_PERF_COUNTER_INFO,
+ virt_to_phys(arg), HGPCI_REQ_BUFFER_SIZE);
+ if (r) {
+ pr_devel("hcall failed, can't get supported counter_info_version: 0x%x\n", r);
+ arg->params.counter_info_version_out = 0x8;
+ }
+
+ /*
+ * Use counter_info_version_out value to assign
+ * required hv-gpci event list.
+ */
+ if (arg->params.counter_info_version_out >= 0x8)
+ event_group.attrs = hv_gpci_event_attrs;
+ else
+ event_group.attrs = hv_gpci_event_attrs_v6;
+
+ put_cpu_var(hv_gpci_reqb);
+
r = perf_pmu_register(&h_gpci_pmu, h_gpci_pmu.name, -1);
if (r)
return r;
diff --git a/arch/powerpc/perf/hv-gpci.h b/arch/powerpc/perf/hv-gpci.h
index a3053eda5dcc..060e464d35c6 100644
--- a/arch/powerpc/perf/hv-gpci.h
+++ b/arch/powerpc/perf/hv-gpci.h
@@ -53,6 +53,7 @@ enum {
#define REQUEST_FILE "../hv-gpci-requests.h"
#define NAME_LOWER hv_gpci
#define NAME_UPPER HV_GPCI
+#define ENABLE_EVENTS_COUNTERINFO_V6
#include "req-gen/perf.h"
#undef REQUEST_FILE
#undef NAME_LOWER
diff --git a/arch/powerpc/perf/req-gen/perf.h b/arch/powerpc/perf/req-gen/perf.h
index fa9bc804e67a..6b2a59fefffa 100644
--- a/arch/powerpc/perf/req-gen/perf.h
+++ b/arch/powerpc/perf/req-gen/perf.h
@@ -139,6 +139,26 @@ PMU_EVENT_ATTR_STRING( \
#define REQUEST_(r_name, r_value, r_idx_1, r_fields) \
r_fields
+/* Generate event list for platforms with counter_info_version 0x6 or below */
+static __maybe_unused struct attribute *hv_gpci_event_attrs_v6[] = {
+#include REQUEST_FILE
+ NULL
+};
+
+/*
+ * Based on getPerfCountInfo v1.018 documentation, some of the hv-gpci
+ * events were deprecated for platform firmware that supports
+ * counter_info_version 0x8 or above.
+ * Those deprecated events are still part of platform firmware that
+ * support counter_info_version 0x6 and below. As per the getPerfCountInfo
+ * v1.018 documentation there is no counter_info_version 0x7.
+ * Undefining macro ENABLE_EVENTS_COUNTERINFO_V6, to disable the addition of
+ * deprecated events in "hv_gpci_event_attrs" attribute group, for platforms
+ * that supports counter_info_version 0x8 or above.
+ */
+#undef ENABLE_EVENTS_COUNTERINFO_V6
+
+/* Generate event list for platforms with counter_info_version 0x8 or above*/
static __maybe_unused struct attribute *hv_gpci_event_attrs[] = {
#include REQUEST_FILE
NULL
--
2.35.1
^ permalink raw reply related [flat|nested] 529+ messages in thread
* [PATCH 4.19 286/521] selftests/powerpc: Fix resource leaks
2023-01-16 15:44 [PATCH 4.19 000/521] 4.19.270-rc1 review Greg Kroah-Hartman
` (284 preceding siblings ...)
2023-01-16 15:49 ` [PATCH 4.19 285/521] powerpc/hv-gpci: Fix hv_gpci event list Greg Kroah-Hartman
@ 2023-01-16 15:49 ` Greg Kroah-Hartman
2023-01-16 15:49 ` [PATCH 4.19 287/521] remoteproc: qcom: Rename Hexagon v5 PAS driver Greg Kroah-Hartman
` (238 subsequent siblings)
524 siblings, 0 replies; 529+ messages in thread
From: Greg Kroah-Hartman @ 2023-01-16 15:49 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Miaoqian Lin, Michael Ellerman, Sasha Levin
From: Miaoqian Lin <linmq006@gmail.com>
[ Upstream commit 8f4ab7da904ab7027ccd43ddb4f0094e932a5877 ]
In check_all_cpu_dscr_defaults, opendir() opens the directory stream.
Add missing closedir() in the error path to release it.
In check_cpu_dscr_default, open() creates an open file descriptor.
Add missing close() in the error path to release it.
Fixes: ebd5858c904b ("selftests/powerpc: Add test for all DSCR sysfs interfaces")
Signed-off-by: Miaoqian Lin <linmq006@gmail.com>
Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>
Link: https://lore.kernel.org/r/20221205084429.570654-1-linmq006@gmail.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
tools/testing/selftests/powerpc/dscr/dscr_sysfs_test.c | 5 ++++-
1 file changed, 4 insertions(+), 1 deletion(-)
diff --git a/tools/testing/selftests/powerpc/dscr/dscr_sysfs_test.c b/tools/testing/selftests/powerpc/dscr/dscr_sysfs_test.c
index 1899bd85121f..3f6d5be5bd14 100644
--- a/tools/testing/selftests/powerpc/dscr/dscr_sysfs_test.c
+++ b/tools/testing/selftests/powerpc/dscr/dscr_sysfs_test.c
@@ -27,6 +27,7 @@ static int check_cpu_dscr_default(char *file, unsigned long val)
rc = read(fd, buf, sizeof(buf));
if (rc == -1) {
perror("read() failed");
+ close(fd);
return 1;
}
close(fd);
@@ -68,8 +69,10 @@ static int check_all_cpu_dscr_defaults(unsigned long val)
if (access(file, F_OK))
continue;
- if (check_cpu_dscr_default(file, val))
+ if (check_cpu_dscr_default(file, val)) {
+ closedir(sysfs);
return 1;
+ }
}
closedir(sysfs);
return 0;
--
2.35.1
^ permalink raw reply related [flat|nested] 529+ messages in thread
* [PATCH 4.19 287/521] remoteproc: qcom: Rename Hexagon v5 PAS driver
2023-01-16 15:44 [PATCH 4.19 000/521] 4.19.270-rc1 review Greg Kroah-Hartman
` (285 preceding siblings ...)
2023-01-16 15:49 ` [PATCH 4.19 286/521] selftests/powerpc: Fix resource leaks Greg Kroah-Hartman
@ 2023-01-16 15:49 ` Greg Kroah-Hartman
2023-01-16 15:49 ` [PATCH 4.19 288/521] remoteproc: qcom_q6v5_pas: Fix missing of_node_put() in adsp_alloc_memory_region() Greg Kroah-Hartman
` (237 subsequent siblings)
524 siblings, 0 replies; 529+ messages in thread
From: Greg Kroah-Hartman @ 2023-01-16 15:49 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Rohit kumar, Niklas Cassel,
Bjorn Andersson, Sasha Levin
From: Bjorn Andersson <bjorn.andersson@linaro.org>
[ Upstream commit 9e004f97161d637d2dc82299be494bcfd07043bb ]
The Hexagon v5 ADSP driver is used for more than only the ADSP and
there's an upcoming non-PAS ADSP PIL for SDM845, so rename the driver to
qcom_q6v5_pas in order to better suite this.
Cc: Rohit kumar <rohitkr@codeaurora.org>
Reviewed-by: Niklas Cassel <niklas.cassel@linaro.org>
Signed-off-by: Bjorn Andersson <bjorn.andersson@linaro.org>
Stable-dep-of: 38e7d9c19276 ("remoteproc: qcom_q6v5_pas: Fix missing of_node_put() in adsp_alloc_memory_region()")
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/remoteproc/Kconfig | 27 ++++++++++---------
drivers/remoteproc/Makefile | 2 +-
.../{qcom_adsp_pil.c => qcom_q6v5_pas.c} | 4 +--
3 files changed, 17 insertions(+), 16 deletions(-)
rename drivers/remoteproc/{qcom_adsp_pil.c => qcom_q6v5_pas.c} (98%)
diff --git a/drivers/remoteproc/Kconfig b/drivers/remoteproc/Kconfig
index 052d4dd347f9..425e502c6471 100644
--- a/drivers/remoteproc/Kconfig
+++ b/drivers/remoteproc/Kconfig
@@ -84,8 +84,16 @@ config KEYSTONE_REMOTEPROC
It's safe to say N here if you're not interested in the Keystone
DSPs or just want to use a bare minimum kernel.
-config QCOM_ADSP_PIL
- tristate "Qualcomm ADSP Peripheral Image Loader"
+config QCOM_RPROC_COMMON
+ tristate
+
+config QCOM_Q6V5_COMMON
+ tristate
+ depends on ARCH_QCOM
+ depends on QCOM_SMEM
+
+config QCOM_Q6V5_PAS
+ tristate "Qualcomm Hexagon v5 Peripheral Authentication Service support"
depends on OF && ARCH_QCOM
depends on QCOM_SMEM
depends on RPMSG_QCOM_SMD || (COMPILE_TEST && RPMSG_QCOM_SMD=n)
@@ -98,15 +106,7 @@ config QCOM_ADSP_PIL
select QCOM_SCM
help
Say y here to support the TrustZone based Peripherial Image Loader
- for the Qualcomm ADSP remote processors.
-
-config QCOM_RPROC_COMMON
- tristate
-
-config QCOM_Q6V5_COMMON
- tristate
- depends on ARCH_QCOM
- depends on QCOM_SMEM
+ for the Qualcomm Hexagon v5 based remote processors.
config QCOM_Q6V5_PIL
tristate "Qualcomm Hexagon V5 Peripherial Image Loader"
@@ -120,8 +120,9 @@ config QCOM_Q6V5_PIL
select QCOM_RPROC_COMMON
select QCOM_SCM
help
- Say y here to support the Qualcomm Peripherial Image Loader for the
- Hexagon V5 based remote processors.
+ Say y here to support the TrustZone based Peripherial Image Loader
+ for the Qualcomm Hexagon v5 based remote processors. This is commonly
+ used to control subsystems such as ADSP, Compute and Sensor.
config QCOM_Q6V5_WCSS
tristate "Qualcomm Hexagon based WCSS Peripheral Image Loader"
diff --git a/drivers/remoteproc/Makefile b/drivers/remoteproc/Makefile
index 03332fa7e2ee..eb86c8ba5a87 100644
--- a/drivers/remoteproc/Makefile
+++ b/drivers/remoteproc/Makefile
@@ -14,9 +14,9 @@ obj-$(CONFIG_OMAP_REMOTEPROC) += omap_remoteproc.o
obj-$(CONFIG_WKUP_M3_RPROC) += wkup_m3_rproc.o
obj-$(CONFIG_DA8XX_REMOTEPROC) += da8xx_remoteproc.o
obj-$(CONFIG_KEYSTONE_REMOTEPROC) += keystone_remoteproc.o
-obj-$(CONFIG_QCOM_ADSP_PIL) += qcom_adsp_pil.o
obj-$(CONFIG_QCOM_RPROC_COMMON) += qcom_common.o
obj-$(CONFIG_QCOM_Q6V5_COMMON) += qcom_q6v5.o
+obj-$(CONFIG_QCOM_Q6V5_PAS) += qcom_q6v5_pas.o
obj-$(CONFIG_QCOM_Q6V5_PIL) += qcom_q6v5_pil.o
obj-$(CONFIG_QCOM_Q6V5_WCSS) += qcom_q6v5_wcss.o
obj-$(CONFIG_QCOM_SYSMON) += qcom_sysmon.o
diff --git a/drivers/remoteproc/qcom_adsp_pil.c b/drivers/remoteproc/qcom_q6v5_pas.c
similarity index 98%
rename from drivers/remoteproc/qcom_adsp_pil.c
rename to drivers/remoteproc/qcom_q6v5_pas.c
index d4339a6da616..2478ef3cd519 100644
--- a/drivers/remoteproc/qcom_adsp_pil.c
+++ b/drivers/remoteproc/qcom_q6v5_pas.c
@@ -364,11 +364,11 @@ static struct platform_driver adsp_driver = {
.probe = adsp_probe,
.remove = adsp_remove,
.driver = {
- .name = "qcom_adsp_pil",
+ .name = "qcom_q6v5_pas",
.of_match_table = adsp_of_match,
},
};
module_platform_driver(adsp_driver);
-MODULE_DESCRIPTION("Qualcomm MSM8974/MSM8996 ADSP Peripherial Image Loader");
+MODULE_DESCRIPTION("Qualcomm Hexagon v5 Peripheral Authentication Service driver");
MODULE_LICENSE("GPL v2");
--
2.35.1
^ permalink raw reply related [flat|nested] 529+ messages in thread
* [PATCH 4.19 288/521] remoteproc: qcom_q6v5_pas: Fix missing of_node_put() in adsp_alloc_memory_region()
2023-01-16 15:44 [PATCH 4.19 000/521] 4.19.270-rc1 review Greg Kroah-Hartman
` (286 preceding siblings ...)
2023-01-16 15:49 ` [PATCH 4.19 287/521] remoteproc: qcom: Rename Hexagon v5 PAS driver Greg Kroah-Hartman
@ 2023-01-16 15:49 ` Greg Kroah-Hartman
2023-01-16 15:49 ` [PATCH 4.19 289/521] powerpc/eeh: Improve debug messages around device addition Greg Kroah-Hartman
` (236 subsequent siblings)
524 siblings, 0 replies; 529+ messages in thread
From: Greg Kroah-Hartman @ 2023-01-16 15:49 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Yuan Can, Bjorn Andersson, Sasha Levin
From: Yuan Can <yuancan@huawei.com>
[ Upstream commit 38e7d9c19276832ebb0277f415b9214bf7baeb37 ]
The pointer node is returned by of_parse_phandle() with refcount
incremented. We should use of_node_put() on it when done.
Fixes: b9e718e950c3 ("remoteproc: Introduce Qualcomm ADSP PIL")
Signed-off-by: Yuan Can <yuancan@huawei.com>
Signed-off-by: Bjorn Andersson <andersson@kernel.org>
Link: https://lore.kernel.org/r/20221203070639.15128-1-yuancan@huawei.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/remoteproc/qcom_q6v5_pas.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/drivers/remoteproc/qcom_q6v5_pas.c b/drivers/remoteproc/qcom_q6v5_pas.c
index 2478ef3cd519..d9b0e51ca91f 100644
--- a/drivers/remoteproc/qcom_q6v5_pas.c
+++ b/drivers/remoteproc/qcom_q6v5_pas.c
@@ -238,6 +238,7 @@ static int adsp_alloc_memory_region(struct qcom_adsp *adsp)
}
ret = of_address_to_resource(node, 0, &r);
+ of_node_put(node);
if (ret)
return ret;
--
2.35.1
^ permalink raw reply related [flat|nested] 529+ messages in thread
* [PATCH 4.19 289/521] powerpc/eeh: Improve debug messages around device addition
2023-01-16 15:44 [PATCH 4.19 000/521] 4.19.270-rc1 review Greg Kroah-Hartman
` (287 preceding siblings ...)
2023-01-16 15:49 ` [PATCH 4.19 288/521] remoteproc: qcom_q6v5_pas: Fix missing of_node_put() in adsp_alloc_memory_region() Greg Kroah-Hartman
@ 2023-01-16 15:49 ` Greg Kroah-Hartman
2023-01-16 15:49 ` [PATCH 4.19 290/521] powerpc/eeh: EEH for pSeries hot plug Greg Kroah-Hartman
` (235 subsequent siblings)
524 siblings, 0 replies; 529+ messages in thread
From: Greg Kroah-Hartman @ 2023-01-16 15:49 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Sam Bobroff, Alexey Kardashevskiy,
Michael Ellerman, Sasha Levin
From: Sam Bobroff <sbobroff@linux.ibm.com>
[ Upstream commit 617082a4817a4354fa3de05c80b5f6088e2083b7 ]
Also remove useless comment.
Signed-off-by: Sam Bobroff <sbobroff@linux.ibm.com>
Reviewed-by: Alexey Kardashevskiy <aik@ozlabs.ru>
Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>
Link: https://lore.kernel.org/r/59db84f4bf94718a12f206bc923ac797d47e4cc1.1565930772.git.sbobroff@linux.ibm.com
Stable-dep-of: 9aafbfa5f57a ("powerpc/pseries/eeh: use correct API for error log size")
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/powerpc/kernel/eeh.c | 2 +-
arch/powerpc/platforms/powernv/eeh-powernv.c | 14 ++++++++----
arch/powerpc/platforms/pseries/eeh_pseries.c | 23 +++++++++++++++-----
3 files changed, 28 insertions(+), 11 deletions(-)
diff --git a/arch/powerpc/kernel/eeh.c b/arch/powerpc/kernel/eeh.c
index 44bb522fb4a2..2b81e9a056b5 100644
--- a/arch/powerpc/kernel/eeh.c
+++ b/arch/powerpc/kernel/eeh.c
@@ -1178,7 +1178,7 @@ void eeh_add_device_late(struct pci_dev *dev)
pdn = pci_get_pdn_by_devfn(dev->bus, dev->devfn);
edev = pdn_to_eeh_dev(pdn);
if (edev->pdev == dev) {
- pr_debug("EEH: Already referenced !\n");
+ pr_debug("EEH: Device %s already referenced!\n", pci_name(dev));
return;
}
diff --git a/arch/powerpc/platforms/powernv/eeh-powernv.c b/arch/powerpc/platforms/powernv/eeh-powernv.c
index 9dd5b8909178..4fa601feb860 100644
--- a/arch/powerpc/platforms/powernv/eeh-powernv.c
+++ b/arch/powerpc/platforms/powernv/eeh-powernv.c
@@ -50,10 +50,7 @@ void pnv_pcibios_bus_add_device(struct pci_dev *pdev)
if (!pdev->is_virtfn)
return;
- /*
- * The following operations will fail if VF's sysfs files
- * aren't created or its resources aren't finalized.
- */
+ pr_debug("%s: EEH: Setting up device %s.\n", __func__, pci_name(pdev));
eeh_add_device_early(pdn);
eeh_add_device_late(pdev);
eeh_sysfs_add_device(pdev);
@@ -378,6 +375,10 @@ static void *pnv_eeh_probe(struct pci_dn *pdn, void *data)
int ret;
int config_addr = (pdn->busno << 8) | (pdn->devfn);
+ pr_debug("%s: probing %04x:%02x:%02x.%01x\n",
+ __func__, hose->global_number, pdn->busno,
+ PCI_SLOT(pdn->devfn), PCI_FUNC(pdn->devfn));
+
/*
* When probing the root bridge, which doesn't have any
* subordinate PCI devices. We don't have OF node for
@@ -478,6 +479,11 @@ static void *pnv_eeh_probe(struct pci_dn *pdn, void *data)
/* Save memory bars */
eeh_save_bars(edev);
+ pr_debug("%s: EEH enabled on %02x:%02x.%01x PHB#%x-PE#%x\n",
+ __func__, pdn->busno, PCI_SLOT(pdn->devfn),
+ PCI_FUNC(pdn->devfn), edev->pe->phb->global_number,
+ edev->pe->addr);
+
return NULL;
}
diff --git a/arch/powerpc/platforms/pseries/eeh_pseries.c b/arch/powerpc/platforms/pseries/eeh_pseries.c
index 823cb27efa8b..b4f77bc5f8bf 100644
--- a/arch/powerpc/platforms/pseries/eeh_pseries.c
+++ b/arch/powerpc/platforms/pseries/eeh_pseries.c
@@ -65,6 +65,8 @@ void pseries_pcibios_bus_add_device(struct pci_dev *pdev)
if (!pdev->is_virtfn)
return;
+ pr_debug("%s: EEH: Setting up device %s.\n", __func__, pci_name(pdev));
+
pdn->device_id = pdev->device;
pdn->vendor_id = pdev->vendor;
pdn->class_code = pdev->class;
@@ -251,6 +253,10 @@ static void *pseries_eeh_probe(struct pci_dn *pdn, void *data)
int enable = 0;
int ret;
+ pr_debug("%s: probing %04x:%02x:%02x.%01x\n",
+ __func__, pdn->phb->global_number, pdn->busno,
+ PCI_SLOT(pdn->devfn), PCI_FUNC(pdn->devfn));
+
/* Retrieve OF node and eeh device */
edev = pdn_to_eeh_dev(pdn);
if (!edev || edev->pe)
@@ -294,7 +300,12 @@ static void *pseries_eeh_probe(struct pci_dn *pdn, void *data)
/* Enable EEH on the device */
ret = eeh_ops->set_option(&pe, EEH_OPT_ENABLE);
- if (!ret) {
+ if (ret) {
+ pr_debug("%s: EEH failed to enable on %02x:%02x.%01x PHB#%x-PE#%x (code %d)\n",
+ __func__, pdn->busno, PCI_SLOT(pdn->devfn),
+ PCI_FUNC(pdn->devfn), pe.phb->global_number,
+ pe.addr, ret);
+ } else {
/* Retrieve PE address */
edev->pe_config_addr = eeh_ops->get_pe_addr(&pe);
pe.addr = edev->pe_config_addr;
@@ -310,11 +321,6 @@ static void *pseries_eeh_probe(struct pci_dn *pdn, void *data)
if (enable) {
eeh_add_flag(EEH_ENABLED);
eeh_add_to_parent_pe(edev);
-
- pr_debug("%s: EEH enabled on %02x:%02x.%01x PHB#%x-PE#%x\n",
- __func__, pdn->busno, PCI_SLOT(pdn->devfn),
- PCI_FUNC(pdn->devfn), pe.phb->global_number,
- pe.addr);
} else if (pdn->parent && pdn_to_eeh_dev(pdn->parent) &&
(pdn_to_eeh_dev(pdn->parent))->pe) {
/* This device doesn't support EEH, but it may have an
@@ -323,6 +329,11 @@ static void *pseries_eeh_probe(struct pci_dn *pdn, void *data)
edev->pe_config_addr = pdn_to_eeh_dev(pdn->parent)->pe_config_addr;
eeh_add_to_parent_pe(edev);
}
+ pr_debug("%s: EEH %s on %02x:%02x.%01x PHB#%x-PE#%x (code %d)\n",
+ __func__, (enable ? "enabled" : "unsupported"),
+ pdn->busno, PCI_SLOT(pdn->devfn),
+ PCI_FUNC(pdn->devfn), pe.phb->global_number,
+ pe.addr, ret);
}
/* Save memory bars */
--
2.35.1
^ permalink raw reply related [flat|nested] 529+ messages in thread
* [PATCH 4.19 290/521] powerpc/eeh: EEH for pSeries hot plug
2023-01-16 15:44 [PATCH 4.19 000/521] 4.19.270-rc1 review Greg Kroah-Hartman
` (288 preceding siblings ...)
2023-01-16 15:49 ` [PATCH 4.19 289/521] powerpc/eeh: Improve debug messages around device addition Greg Kroah-Hartman
@ 2023-01-16 15:49 ` Greg Kroah-Hartman
2023-01-16 15:49 ` [PATCH 4.19 291/521] powerpc/eeh: Fix pseries_eeh_configure_bridge() Greg Kroah-Hartman
` (234 subsequent siblings)
524 siblings, 0 replies; 529+ messages in thread
From: Greg Kroah-Hartman @ 2023-01-16 15:49 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Sam Bobroff, Michael Ellerman, Sasha Levin
From: Sam Bobroff <sbobroff@linux.ibm.com>
[ Upstream commit b905f8cdca7725e750a84f7188ea6821750124c3 ]
On PowerNV and pSeries, devices currently acquire EEH support from
several different places: Boot-time devices from eeh_probe_devices()
and eeh_addr_cache_build(), Virtual Function devices from the pcibios
bus add device hooks and hot plugged devices from pci_hp_add_devices()
(with other platforms using other methods as well). Unfortunately,
pSeries machines currently discover hot plugged devices using
pci_rescan_bus(), not pci_hp_add_devices(), and so those devices do
not receive EEH support.
Rather than adding another case for pci_rescan_bus(), this change
widens the scope of the pcibios bus add device hooks so that they can
handle all devices. As a side effect this also supports devices
discovered after manually rescanning via /sys/bus/pci/rescan.
Note that on PowerNV, this change allows the EEH subsystem to become
enabled after boot as long as it has not been forced off, which was
not previously possible (it was already possible on pSeries).
Signed-off-by: Sam Bobroff <sbobroff@linux.ibm.com>
Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>
Link: https://lore.kernel.org/r/72ae8ae9c54097158894a52de23690448de38ea9.1565930772.git.sbobroff@linux.ibm.com
Stable-dep-of: 9aafbfa5f57a ("powerpc/pseries/eeh: use correct API for error log size")
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/powerpc/kernel/eeh.c | 4 +-
arch/powerpc/platforms/powernv/eeh-powernv.c | 39 +++++++++-----
arch/powerpc/platforms/pseries/eeh_pseries.c | 54 ++++++++++----------
3 files changed, 56 insertions(+), 41 deletions(-)
diff --git a/arch/powerpc/kernel/eeh.c b/arch/powerpc/kernel/eeh.c
index 2b81e9a056b5..be475e946306 100644
--- a/arch/powerpc/kernel/eeh.c
+++ b/arch/powerpc/kernel/eeh.c
@@ -1170,7 +1170,7 @@ void eeh_add_device_late(struct pci_dev *dev)
struct pci_dn *pdn;
struct eeh_dev *edev;
- if (!dev || !eeh_enabled())
+ if (!dev)
return;
pr_debug("EEH: Adding device %s\n", pci_name(dev));
@@ -1226,6 +1226,8 @@ void eeh_add_device_tree_late(struct pci_bus *bus)
{
struct pci_dev *dev;
+ if (eeh_has_flag(EEH_FORCE_DISABLED))
+ return;
list_for_each_entry(dev, &bus->devices, bus_list) {
eeh_add_device_late(dev);
if (dev->hdr_type == PCI_HEADER_TYPE_BRIDGE) {
diff --git a/arch/powerpc/platforms/powernv/eeh-powernv.c b/arch/powerpc/platforms/powernv/eeh-powernv.c
index 4fa601feb860..4dab6ffa3f69 100644
--- a/arch/powerpc/platforms/powernv/eeh-powernv.c
+++ b/arch/powerpc/platforms/powernv/eeh-powernv.c
@@ -47,7 +47,7 @@ void pnv_pcibios_bus_add_device(struct pci_dev *pdev)
{
struct pci_dn *pdn = pci_get_pdn(pdev);
- if (!pdev->is_virtfn)
+ if (eeh_has_flag(EEH_FORCE_DISABLED))
return;
pr_debug("%s: EEH: Setting up device %s.\n", __func__, pci_name(pdev));
@@ -202,6 +202,25 @@ PNV_EEH_DBGFS_ENTRY(inbB, 0xE10);
#endif /* CONFIG_DEBUG_FS */
+void pnv_eeh_enable_phbs(void)
+{
+ struct pci_controller *hose;
+ struct pnv_phb *phb;
+
+ list_for_each_entry(hose, &hose_list, list_node) {
+ phb = hose->private_data;
+ /*
+ * If EEH is enabled, we're going to rely on that.
+ * Otherwise, we restore to conventional mechanism
+ * to clear frozen PE during PCI config access.
+ */
+ if (eeh_enabled())
+ phb->flags |= PNV_PHB_FLAG_EEH;
+ else
+ phb->flags &= ~PNV_PHB_FLAG_EEH;
+ }
+}
+
/**
* pnv_eeh_post_init - EEH platform dependent post initialization
*
@@ -248,19 +267,11 @@ int pnv_eeh_post_init(void)
if (!eeh_enabled())
disable_irq(eeh_event_irq);
+ pnv_eeh_enable_phbs();
+
list_for_each_entry(hose, &hose_list, list_node) {
phb = hose->private_data;
- /*
- * If EEH is enabled, we're going to rely on that.
- * Otherwise, we restore to conventional mechanism
- * to clear frozen PE during PCI config access.
- */
- if (eeh_enabled())
- phb->flags |= PNV_PHB_FLAG_EEH;
- else
- phb->flags &= ~PNV_PHB_FLAG_EEH;
-
/* Create debugfs entries */
#ifdef CONFIG_DEBUG_FS
if (phb->has_dbgfs || !phb->dbgfs)
@@ -474,7 +485,11 @@ static void *pnv_eeh_probe(struct pci_dn *pdn, void *data)
* Enable EEH explicitly so that we will do EEH check
* while accessing I/O stuff
*/
- eeh_add_flag(EEH_ENABLED);
+ if (!eeh_has_flag(EEH_ENABLED)) {
+ enable_irq(eeh_event_irq);
+ pnv_eeh_enable_phbs();
+ eeh_add_flag(EEH_ENABLED);
+ }
/* Save memory bars */
eeh_save_bars(edev);
diff --git a/arch/powerpc/platforms/pseries/eeh_pseries.c b/arch/powerpc/platforms/pseries/eeh_pseries.c
index b4f77bc5f8bf..2713d2aa963c 100644
--- a/arch/powerpc/platforms/pseries/eeh_pseries.c
+++ b/arch/powerpc/platforms/pseries/eeh_pseries.c
@@ -55,44 +55,44 @@ static int ibm_get_config_addr_info;
static int ibm_get_config_addr_info2;
static int ibm_configure_pe;
-#ifdef CONFIG_PCI_IOV
void pseries_pcibios_bus_add_device(struct pci_dev *pdev)
{
struct pci_dn *pdn = pci_get_pdn(pdev);
- struct pci_dn *physfn_pdn;
- struct eeh_dev *edev;
- if (!pdev->is_virtfn)
+ if (eeh_has_flag(EEH_FORCE_DISABLED))
return;
pr_debug("%s: EEH: Setting up device %s.\n", __func__, pci_name(pdev));
+#ifdef CONFIG_PCI_IOV
+ if (pdev->is_virtfn) {
+ struct pci_dn *physfn_pdn;
- pdn->device_id = pdev->device;
- pdn->vendor_id = pdev->vendor;
- pdn->class_code = pdev->class;
- /*
- * Last allow unfreeze return code used for retrieval
- * by user space in eeh-sysfs to show the last command
- * completion from platform.
- */
- pdn->last_allow_rc = 0;
- physfn_pdn = pci_get_pdn(pdev->physfn);
- pdn->pe_number = physfn_pdn->pe_num_map[pdn->vf_index];
- edev = pdn_to_eeh_dev(pdn);
-
- /*
- * The following operations will fail if VF's sysfs files
- * aren't created or its resources aren't finalized.
- */
+ pdn->device_id = pdev->device;
+ pdn->vendor_id = pdev->vendor;
+ pdn->class_code = pdev->class;
+ /*
+ * Last allow unfreeze return code used for retrieval
+ * by user space in eeh-sysfs to show the last command
+ * completion from platform.
+ */
+ pdn->last_allow_rc = 0;
+ physfn_pdn = pci_get_pdn(pdev->physfn);
+ pdn->pe_number = physfn_pdn->pe_num_map[pdn->vf_index];
+ }
+#endif
eeh_add_device_early(pdn);
eeh_add_device_late(pdev);
- edev->pe_config_addr = (pdn->busno << 16) | (pdn->devfn << 8);
- eeh_rmv_from_parent_pe(edev); /* Remove as it is adding to bus pe */
- eeh_add_to_parent_pe(edev); /* Add as VF PE type */
- eeh_sysfs_add_device(pdev);
+#ifdef CONFIG_PCI_IOV
+ if (pdev->is_virtfn) {
+ struct eeh_dev *edev = pdn_to_eeh_dev(pdn);
-}
+ edev->pe_config_addr = (pdn->busno << 16) | (pdn->devfn << 8);
+ eeh_rmv_from_parent_pe(edev); /* Remove as it is adding to bus pe */
+ eeh_add_to_parent_pe(edev); /* Add as VF PE type */
+ }
#endif
+ eeh_sysfs_add_device(pdev);
+}
/*
* Buffer for reporting slot-error-detail rtas calls. Its here
@@ -159,10 +159,8 @@ static int pseries_eeh_init(void)
/* Set EEH probe mode */
eeh_add_flag(EEH_PROBE_MODE_DEVTREE | EEH_ENABLE_IO_FOR_LOG);
-#ifdef CONFIG_PCI_IOV
/* Set EEH machine dependent code */
ppc_md.pcibios_bus_add_device = pseries_pcibios_bus_add_device;
-#endif
return 0;
}
--
2.35.1
^ permalink raw reply related [flat|nested] 529+ messages in thread
* [PATCH 4.19 291/521] powerpc/eeh: Fix pseries_eeh_configure_bridge()
2023-01-16 15:44 [PATCH 4.19 000/521] 4.19.270-rc1 review Greg Kroah-Hartman
` (289 preceding siblings ...)
2023-01-16 15:49 ` [PATCH 4.19 290/521] powerpc/eeh: EEH for pSeries hot plug Greg Kroah-Hartman
@ 2023-01-16 15:49 ` Greg Kroah-Hartman
2023-01-16 15:49 ` [PATCH 4.19 292/521] powerpc/pseries: PCIE PHB reset Greg Kroah-Hartman
` (233 subsequent siblings)
524 siblings, 0 replies; 529+ messages in thread
From: Greg Kroah-Hartman @ 2023-01-16 15:49 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Sam Bobroff, Michael Ellerman,
Nathan Lynch, Sasha Levin
From: Sam Bobroff <sbobroff@linux.ibm.com>
[ Upstream commit 6fa13640aea7bb0760846981aa2da4245307bd26 ]
If a device is hot unplgged during EEH recovery, it's possible for the
RTAS call to ibm,configure-pe in pseries_eeh_configure() to return
parameter error (-3), however negative return values are not checked
for and this leads to an infinite loop.
Fix this by correctly bailing out on negative values.
Signed-off-by: Sam Bobroff <sbobroff@linux.ibm.com>
Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>
Reviewed-by: Nathan Lynch <nathanl@linux.ibm.com>
Link: https://lore.kernel.org/r/1b0a6010a647dc915816e44845b64d72066676a7.1588045502.git.sbobroff@linux.ibm.com
Stable-dep-of: 9aafbfa5f57a ("powerpc/pseries/eeh: use correct API for error log size")
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/powerpc/platforms/pseries/eeh_pseries.c | 8 +++++++-
1 file changed, 7 insertions(+), 1 deletion(-)
diff --git a/arch/powerpc/platforms/pseries/eeh_pseries.c b/arch/powerpc/platforms/pseries/eeh_pseries.c
index 2713d2aa963c..0fc93f7e167d 100644
--- a/arch/powerpc/platforms/pseries/eeh_pseries.c
+++ b/arch/powerpc/platforms/pseries/eeh_pseries.c
@@ -684,6 +684,8 @@ static int pseries_eeh_configure_bridge(struct eeh_pe *pe)
if (!ret)
return ret;
+ if (ret < 0)
+ break;
/*
* If RTAS returns a delay value that's above 100ms, cut it
@@ -704,7 +706,11 @@ static int pseries_eeh_configure_bridge(struct eeh_pe *pe)
pr_warn("%s: Unable to configure bridge PHB#%x-PE#%x (%d)\n",
__func__, pe->phb->global_number, pe->addr, ret);
- return ret;
+ /* PAPR defines -3 as "Parameter Error" for this function: */
+ if (ret == -3)
+ return -EINVAL;
+ else
+ return -EIO;
}
/**
--
2.35.1
^ permalink raw reply related [flat|nested] 529+ messages in thread
* [PATCH 4.19 292/521] powerpc/pseries: PCIE PHB reset
2023-01-16 15:44 [PATCH 4.19 000/521] 4.19.270-rc1 review Greg Kroah-Hartman
` (290 preceding siblings ...)
2023-01-16 15:49 ` [PATCH 4.19 291/521] powerpc/eeh: Fix pseries_eeh_configure_bridge() Greg Kroah-Hartman
@ 2023-01-16 15:49 ` Greg Kroah-Hartman
2023-01-16 15:49 ` [PATCH 4.19 293/521] powerpc/pseries: Stop using eeh_ops->init() Greg Kroah-Hartman
` (232 subsequent siblings)
524 siblings, 0 replies; 529+ messages in thread
From: Greg Kroah-Hartman @ 2023-01-16 15:49 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Wen Xiong, Michael Ellerman, Sasha Levin
From: Wen Xiong <wenxiong@linux.vnet.ibm.com>
[ Upstream commit 5a090f7c363fdc09b99222eae679506a58e7cc68 ]
Several device drivers hit EEH(Extended Error handling) when
triggering kdump on Pseries PowerVM. This patch implemented a reset of
the PHBs in pci general code when triggering kdump. PHB reset stop all
PCI transactions from normal kernel. We have tested the patch in
several enviroments:
- direct slot adapters
- adapters under the switch
- a VF adapter in PowerVM
- a VF adapter/adapter in KVM guest.
Signed-off-by: Wen Xiong <wenxiong@linux.vnet.ibm.com>
[mpe: Fix broken whitespace, subject & SOB formatting]
Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>
Link: https://lore.kernel.org/r/1594651173-32166-1-git-send-email-wenxiong@linux.vnet.ibm.com
Stable-dep-of: 9aafbfa5f57a ("powerpc/pseries/eeh: use correct API for error log size")
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/powerpc/platforms/pseries/eeh_pseries.c | 232 ++++++++++++++-----
1 file changed, 169 insertions(+), 63 deletions(-)
diff --git a/arch/powerpc/platforms/pseries/eeh_pseries.c b/arch/powerpc/platforms/pseries/eeh_pseries.c
index 0fc93f7e167d..560d7401496c 100644
--- a/arch/powerpc/platforms/pseries/eeh_pseries.c
+++ b/arch/powerpc/platforms/pseries/eeh_pseries.c
@@ -37,6 +37,7 @@
#include <linux/sched.h>
#include <linux/seq_file.h>
#include <linux/spinlock.h>
+#include <linux/crash_dump.h>
#include <asm/eeh.h>
#include <asm/eeh_event.h>
@@ -94,6 +95,152 @@ void pseries_pcibios_bus_add_device(struct pci_dev *pdev)
eeh_sysfs_add_device(pdev);
}
+
+/**
+ * pseries_eeh_get_config_addr - Retrieve config address
+ *
+ * Retrieve the assocated config address. Actually, there're 2 RTAS
+ * function calls dedicated for the purpose. We need implement
+ * it through the new function and then the old one. Besides,
+ * you should make sure the config address is figured out from
+ * FDT node before calling the function.
+ *
+ * It's notable that zero'ed return value means invalid PE config
+ * address.
+ */
+static int pseries_eeh_get_config_addr(struct pci_controller *phb, int config_addr)
+{
+ int ret = 0;
+ int rets[3];
+
+ if (ibm_get_config_addr_info2 != RTAS_UNKNOWN_SERVICE) {
+ /*
+ * First of all, we need to make sure there has one PE
+ * associated with the device. Otherwise, PE address is
+ * meaningless.
+ */
+ ret = rtas_call(ibm_get_config_addr_info2, 4, 2, rets,
+ config_addr, BUID_HI(phb->buid),
+ BUID_LO(phb->buid), 1);
+ if (ret || (rets[0] == 0))
+ return 0;
+
+ /* Retrieve the associated PE config address */
+ ret = rtas_call(ibm_get_config_addr_info2, 4, 2, rets,
+ config_addr, BUID_HI(phb->buid),
+ BUID_LO(phb->buid), 0);
+ if (ret) {
+ pr_warn("%s: Failed to get address for PHB#%x-PE#%x\n",
+ __func__, phb->global_number, config_addr);
+ return 0;
+ }
+
+ return rets[0];
+ }
+
+ if (ibm_get_config_addr_info != RTAS_UNKNOWN_SERVICE) {
+ ret = rtas_call(ibm_get_config_addr_info, 4, 2, rets,
+ config_addr, BUID_HI(phb->buid),
+ BUID_LO(phb->buid), 0);
+ if (ret) {
+ pr_warn("%s: Failed to get address for PHB#%x-PE#%x\n",
+ __func__, phb->global_number, config_addr);
+ return 0;
+ }
+
+ return rets[0];
+ }
+
+ return ret;
+}
+
+/**
+ * pseries_eeh_phb_reset - Reset the specified PHB
+ * @phb: PCI controller
+ * @config_adddr: the associated config address
+ * @option: reset option
+ *
+ * Reset the specified PHB/PE
+ */
+static int pseries_eeh_phb_reset(struct pci_controller *phb, int config_addr, int option)
+{
+ int ret;
+
+ /* Reset PE through RTAS call */
+ ret = rtas_call(ibm_set_slot_reset, 4, 1, NULL,
+ config_addr, BUID_HI(phb->buid),
+ BUID_LO(phb->buid), option);
+
+ /* If fundamental-reset not supported, try hot-reset */
+ if (option == EEH_RESET_FUNDAMENTAL &&
+ ret == -8) {
+ option = EEH_RESET_HOT;
+ ret = rtas_call(ibm_set_slot_reset, 4, 1, NULL,
+ config_addr, BUID_HI(phb->buid),
+ BUID_LO(phb->buid), option);
+ }
+
+ /* We need reset hold or settlement delay */
+ if (option == EEH_RESET_FUNDAMENTAL ||
+ option == EEH_RESET_HOT)
+ msleep(EEH_PE_RST_HOLD_TIME);
+ else
+ msleep(EEH_PE_RST_SETTLE_TIME);
+
+ return ret;
+}
+
+/**
+ * pseries_eeh_phb_configure_bridge - Configure PCI bridges in the indicated PE
+ * @phb: PCI controller
+ * @config_adddr: the associated config address
+ *
+ * The function will be called to reconfigure the bridges included
+ * in the specified PE so that the mulfunctional PE would be recovered
+ * again.
+ */
+static int pseries_eeh_phb_configure_bridge(struct pci_controller *phb, int config_addr)
+{
+ int ret;
+ /* Waiting 0.2s maximum before skipping configuration */
+ int max_wait = 200;
+
+ while (max_wait > 0) {
+ ret = rtas_call(ibm_configure_pe, 3, 1, NULL,
+ config_addr, BUID_HI(phb->buid),
+ BUID_LO(phb->buid));
+
+ if (!ret)
+ return ret;
+ if (ret < 0)
+ break;
+
+ /*
+ * If RTAS returns a delay value that's above 100ms, cut it
+ * down to 100ms in case firmware made a mistake. For more
+ * on how these delay values work see rtas_busy_delay_time
+ */
+ if (ret > RTAS_EXTENDED_DELAY_MIN+2 &&
+ ret <= RTAS_EXTENDED_DELAY_MAX)
+ ret = RTAS_EXTENDED_DELAY_MIN+2;
+
+ max_wait -= rtas_busy_delay_time(ret);
+
+ if (max_wait < 0)
+ break;
+
+ rtas_busy_delay(ret);
+ }
+
+ pr_warn("%s: Unable to configure bridge PHB#%x-PE#%x (%d)\n",
+ __func__, phb->global_number, config_addr, ret);
+ /* PAPR defines -3 as "Parameter Error" for this function: */
+ if (ret == -3)
+ return -EINVAL;
+ else
+ return -EIO;
+}
+
/*
* Buffer for reporting slot-error-detail rtas calls. Its here
* in BSS, and not dynamically alloced, so that it ends up in
@@ -110,6 +257,10 @@ static int eeh_error_buf_size;
*/
static int pseries_eeh_init(void)
{
+ struct pci_controller *phb;
+ struct pci_dn *pdn;
+ int addr, config_addr;
+
/* figure out EEH RTAS function call tokens */
ibm_set_eeh_option = rtas_token("ibm,set-eeh-option");
ibm_set_slot_reset = rtas_token("ibm,set-slot-reset");
@@ -162,6 +313,22 @@ static int pseries_eeh_init(void)
/* Set EEH machine dependent code */
ppc_md.pcibios_bus_add_device = pseries_pcibios_bus_add_device;
+ if (is_kdump_kernel() || reset_devices) {
+ pr_info("Issue PHB reset ...\n");
+ list_for_each_entry(phb, &hose_list, list_node) {
+ pdn = list_first_entry(&PCI_DN(phb->dn)->child_list, struct pci_dn, list);
+ addr = (pdn->busno << 16) | (pdn->devfn << 8);
+ config_addr = pseries_eeh_get_config_addr(phb, addr);
+ /* invalid PE config addr */
+ if (config_addr == 0)
+ continue;
+
+ pseries_eeh_phb_reset(phb, config_addr, EEH_RESET_FUNDAMENTAL);
+ pseries_eeh_phb_reset(phb, config_addr, EEH_RESET_DEACTIVATE);
+ pseries_eeh_phb_configure_bridge(phb, config_addr);
+ }
+ }
+
return 0;
}
@@ -531,35 +698,13 @@ static int pseries_eeh_get_state(struct eeh_pe *pe, int *state)
static int pseries_eeh_reset(struct eeh_pe *pe, int option)
{
int config_addr;
- int ret;
/* Figure out PE address */
config_addr = pe->config_addr;
if (pe->addr)
config_addr = pe->addr;
- /* Reset PE through RTAS call */
- ret = rtas_call(ibm_set_slot_reset, 4, 1, NULL,
- config_addr, BUID_HI(pe->phb->buid),
- BUID_LO(pe->phb->buid), option);
-
- /* If fundamental-reset not supported, try hot-reset */
- if (option == EEH_RESET_FUNDAMENTAL &&
- ret == -8) {
- option = EEH_RESET_HOT;
- ret = rtas_call(ibm_set_slot_reset, 4, 1, NULL,
- config_addr, BUID_HI(pe->phb->buid),
- BUID_LO(pe->phb->buid), option);
- }
-
- /* We need reset hold or settlement delay */
- if (option == EEH_RESET_FUNDAMENTAL ||
- option == EEH_RESET_HOT)
- msleep(EEH_PE_RST_HOLD_TIME);
- else
- msleep(EEH_PE_RST_SETTLE_TIME);
-
- return ret;
+ return pseries_eeh_phb_reset(pe->phb, config_addr, option);
}
/**
@@ -661,56 +806,17 @@ static int pseries_eeh_get_log(struct eeh_pe *pe, int severity, char *drv_log, u
* pseries_eeh_configure_bridge - Configure PCI bridges in the indicated PE
* @pe: EEH PE
*
- * The function will be called to reconfigure the bridges included
- * in the specified PE so that the mulfunctional PE would be recovered
- * again.
*/
static int pseries_eeh_configure_bridge(struct eeh_pe *pe)
{
int config_addr;
- int ret;
- /* Waiting 0.2s maximum before skipping configuration */
- int max_wait = 200;
/* Figure out the PE address */
config_addr = pe->config_addr;
if (pe->addr)
config_addr = pe->addr;
- while (max_wait > 0) {
- ret = rtas_call(ibm_configure_pe, 3, 1, NULL,
- config_addr, BUID_HI(pe->phb->buid),
- BUID_LO(pe->phb->buid));
-
- if (!ret)
- return ret;
- if (ret < 0)
- break;
-
- /*
- * If RTAS returns a delay value that's above 100ms, cut it
- * down to 100ms in case firmware made a mistake. For more
- * on how these delay values work see rtas_busy_delay_time
- */
- if (ret > RTAS_EXTENDED_DELAY_MIN+2 &&
- ret <= RTAS_EXTENDED_DELAY_MAX)
- ret = RTAS_EXTENDED_DELAY_MIN+2;
-
- max_wait -= rtas_busy_delay_time(ret);
-
- if (max_wait < 0)
- break;
-
- rtas_busy_delay(ret);
- }
-
- pr_warn("%s: Unable to configure bridge PHB#%x-PE#%x (%d)\n",
- __func__, pe->phb->global_number, pe->addr, ret);
- /* PAPR defines -3 as "Parameter Error" for this function: */
- if (ret == -3)
- return -EINVAL;
- else
- return -EIO;
+ return pseries_eeh_phb_configure_bridge(pe->phb, config_addr);
}
/**
--
2.35.1
^ permalink raw reply related [flat|nested] 529+ messages in thread
* [PATCH 4.19 293/521] powerpc/pseries: Stop using eeh_ops->init()
2023-01-16 15:44 [PATCH 4.19 000/521] 4.19.270-rc1 review Greg Kroah-Hartman
` (291 preceding siblings ...)
2023-01-16 15:49 ` [PATCH 4.19 292/521] powerpc/pseries: PCIE PHB reset Greg Kroah-Hartman
@ 2023-01-16 15:49 ` Greg Kroah-Hartman
2023-01-16 15:49 ` [PATCH 4.19 294/521] powerpc/eeh: Drop redundant spinlock initialization Greg Kroah-Hartman
` (231 subsequent siblings)
524 siblings, 0 replies; 529+ messages in thread
From: Greg Kroah-Hartman @ 2023-01-16 15:49 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Oliver OHalloran, Michael Ellerman,
Sasha Levin
From: Oliver O'Halloran <oohall@gmail.com>
[ Upstream commit 1f8fa0cd6a848ff072bffe0ee776554387128f60 ]
Fold pseries_eeh_init() into eeh_pseries_init() rather than having
eeh_init() call it via eeh_ops->init(). It's simpler and it'll let us
delete eeh_ops.init.
Signed-off-by: Oliver O'Halloran <oohall@gmail.com>
Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>
Link: https://lore.kernel.org/r/20200918093050.37344-3-oohall@gmail.com
Stable-dep-of: 9aafbfa5f57a ("powerpc/pseries/eeh: use correct API for error log size")
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/powerpc/platforms/pseries/eeh_pseries.c | 155 +++++++++----------
1 file changed, 71 insertions(+), 84 deletions(-)
diff --git a/arch/powerpc/platforms/pseries/eeh_pseries.c b/arch/powerpc/platforms/pseries/eeh_pseries.c
index 560d7401496c..7a0b9aa09d10 100644
--- a/arch/powerpc/platforms/pseries/eeh_pseries.c
+++ b/arch/powerpc/platforms/pseries/eeh_pseries.c
@@ -250,88 +250,6 @@ static unsigned char slot_errbuf[RTAS_ERROR_LOG_MAX];
static DEFINE_SPINLOCK(slot_errbuf_lock);
static int eeh_error_buf_size;
-/**
- * pseries_eeh_init - EEH platform dependent initialization
- *
- * EEH platform dependent initialization on pseries.
- */
-static int pseries_eeh_init(void)
-{
- struct pci_controller *phb;
- struct pci_dn *pdn;
- int addr, config_addr;
-
- /* figure out EEH RTAS function call tokens */
- ibm_set_eeh_option = rtas_token("ibm,set-eeh-option");
- ibm_set_slot_reset = rtas_token("ibm,set-slot-reset");
- ibm_read_slot_reset_state2 = rtas_token("ibm,read-slot-reset-state2");
- ibm_read_slot_reset_state = rtas_token("ibm,read-slot-reset-state");
- ibm_slot_error_detail = rtas_token("ibm,slot-error-detail");
- ibm_get_config_addr_info2 = rtas_token("ibm,get-config-addr-info2");
- ibm_get_config_addr_info = rtas_token("ibm,get-config-addr-info");
- ibm_configure_pe = rtas_token("ibm,configure-pe");
-
- /*
- * ibm,configure-pe and ibm,configure-bridge have the same semantics,
- * however ibm,configure-pe can be faster. If we can't find
- * ibm,configure-pe then fall back to using ibm,configure-bridge.
- */
- if (ibm_configure_pe == RTAS_UNKNOWN_SERVICE)
- ibm_configure_pe = rtas_token("ibm,configure-bridge");
-
- /*
- * Necessary sanity check. We needn't check "get-config-addr-info"
- * and its variant since the old firmware probably support address
- * of domain/bus/slot/function for EEH RTAS operations.
- */
- if (ibm_set_eeh_option == RTAS_UNKNOWN_SERVICE ||
- ibm_set_slot_reset == RTAS_UNKNOWN_SERVICE ||
- (ibm_read_slot_reset_state2 == RTAS_UNKNOWN_SERVICE &&
- ibm_read_slot_reset_state == RTAS_UNKNOWN_SERVICE) ||
- ibm_slot_error_detail == RTAS_UNKNOWN_SERVICE ||
- ibm_configure_pe == RTAS_UNKNOWN_SERVICE) {
- pr_info("EEH functionality not supported\n");
- return -EINVAL;
- }
-
- /* Initialize error log lock and size */
- spin_lock_init(&slot_errbuf_lock);
- eeh_error_buf_size = rtas_token("rtas-error-log-max");
- if (eeh_error_buf_size == RTAS_UNKNOWN_SERVICE) {
- pr_info("%s: unknown EEH error log size\n",
- __func__);
- eeh_error_buf_size = 1024;
- } else if (eeh_error_buf_size > RTAS_ERROR_LOG_MAX) {
- pr_info("%s: EEH error log size %d exceeds the maximal %d\n",
- __func__, eeh_error_buf_size, RTAS_ERROR_LOG_MAX);
- eeh_error_buf_size = RTAS_ERROR_LOG_MAX;
- }
-
- /* Set EEH probe mode */
- eeh_add_flag(EEH_PROBE_MODE_DEVTREE | EEH_ENABLE_IO_FOR_LOG);
-
- /* Set EEH machine dependent code */
- ppc_md.pcibios_bus_add_device = pseries_pcibios_bus_add_device;
-
- if (is_kdump_kernel() || reset_devices) {
- pr_info("Issue PHB reset ...\n");
- list_for_each_entry(phb, &hose_list, list_node) {
- pdn = list_first_entry(&PCI_DN(phb->dn)->child_list, struct pci_dn, list);
- addr = (pdn->busno << 16) | (pdn->devfn << 8);
- config_addr = pseries_eeh_get_config_addr(phb, addr);
- /* invalid PE config addr */
- if (config_addr == 0)
- continue;
-
- pseries_eeh_phb_reset(phb, config_addr, EEH_RESET_FUNDAMENTAL);
- pseries_eeh_phb_reset(phb, config_addr, EEH_RESET_DEACTIVATE);
- pseries_eeh_phb_configure_bridge(phb, config_addr);
- }
- }
-
- return 0;
-}
-
static int pseries_eeh_cap_start(struct pci_dn *pdn)
{
u32 status;
@@ -964,7 +882,6 @@ static int pseries_notify_resume(struct pci_dn *pdn)
static struct eeh_ops pseries_eeh_ops = {
.name = "pseries",
- .init = pseries_eeh_init,
.probe = pseries_eeh_probe,
.set_option = pseries_eeh_set_option,
.get_pe_addr = pseries_eeh_get_pe_addr,
@@ -991,7 +908,77 @@ static struct eeh_ops pseries_eeh_ops = {
*/
static int __init eeh_pseries_init(void)
{
- int ret;
+ struct pci_controller *phb;
+ struct pci_dn *pdn;
+ int ret, addr, config_addr;
+
+ /* figure out EEH RTAS function call tokens */
+ ibm_set_eeh_option = rtas_token("ibm,set-eeh-option");
+ ibm_set_slot_reset = rtas_token("ibm,set-slot-reset");
+ ibm_read_slot_reset_state2 = rtas_token("ibm,read-slot-reset-state2");
+ ibm_read_slot_reset_state = rtas_token("ibm,read-slot-reset-state");
+ ibm_slot_error_detail = rtas_token("ibm,slot-error-detail");
+ ibm_get_config_addr_info2 = rtas_token("ibm,get-config-addr-info2");
+ ibm_get_config_addr_info = rtas_token("ibm,get-config-addr-info");
+ ibm_configure_pe = rtas_token("ibm,configure-pe");
+
+ /*
+ * ibm,configure-pe and ibm,configure-bridge have the same semantics,
+ * however ibm,configure-pe can be faster. If we can't find
+ * ibm,configure-pe then fall back to using ibm,configure-bridge.
+ */
+ if (ibm_configure_pe == RTAS_UNKNOWN_SERVICE)
+ ibm_configure_pe = rtas_token("ibm,configure-bridge");
+
+ /*
+ * Necessary sanity check. We needn't check "get-config-addr-info"
+ * and its variant since the old firmware probably support address
+ * of domain/bus/slot/function for EEH RTAS operations.
+ */
+ if (ibm_set_eeh_option == RTAS_UNKNOWN_SERVICE ||
+ ibm_set_slot_reset == RTAS_UNKNOWN_SERVICE ||
+ (ibm_read_slot_reset_state2 == RTAS_UNKNOWN_SERVICE &&
+ ibm_read_slot_reset_state == RTAS_UNKNOWN_SERVICE) ||
+ ibm_slot_error_detail == RTAS_UNKNOWN_SERVICE ||
+ ibm_configure_pe == RTAS_UNKNOWN_SERVICE) {
+ pr_info("EEH functionality not supported\n");
+ return -EINVAL;
+ }
+
+ /* Initialize error log lock and size */
+ spin_lock_init(&slot_errbuf_lock);
+ eeh_error_buf_size = rtas_token("rtas-error-log-max");
+ if (eeh_error_buf_size == RTAS_UNKNOWN_SERVICE) {
+ pr_info("%s: unknown EEH error log size\n",
+ __func__);
+ eeh_error_buf_size = 1024;
+ } else if (eeh_error_buf_size > RTAS_ERROR_LOG_MAX) {
+ pr_info("%s: EEH error log size %d exceeds the maximal %d\n",
+ __func__, eeh_error_buf_size, RTAS_ERROR_LOG_MAX);
+ eeh_error_buf_size = RTAS_ERROR_LOG_MAX;
+ }
+
+ /* Set EEH probe mode */
+ eeh_add_flag(EEH_PROBE_MODE_DEVTREE | EEH_ENABLE_IO_FOR_LOG);
+
+ /* Set EEH machine dependent code */
+ ppc_md.pcibios_bus_add_device = pseries_pcibios_bus_add_device;
+
+ if (is_kdump_kernel() || reset_devices) {
+ pr_info("Issue PHB reset ...\n");
+ list_for_each_entry(phb, &hose_list, list_node) {
+ pdn = list_first_entry(&PCI_DN(phb->dn)->child_list, struct pci_dn, list);
+ addr = (pdn->busno << 16) | (pdn->devfn << 8);
+ config_addr = pseries_eeh_get_config_addr(phb, addr);
+ /* invalid PE config addr */
+ if (config_addr == 0)
+ continue;
+
+ pseries_eeh_phb_reset(phb, config_addr, EEH_RESET_FUNDAMENTAL);
+ pseries_eeh_phb_reset(phb, config_addr, EEH_RESET_DEACTIVATE);
+ pseries_eeh_phb_configure_bridge(phb, config_addr);
+ }
+ }
ret = eeh_ops_register(&pseries_eeh_ops);
if (!ret)
--
2.35.1
^ permalink raw reply related [flat|nested] 529+ messages in thread
* [PATCH 4.19 294/521] powerpc/eeh: Drop redundant spinlock initialization
2023-01-16 15:44 [PATCH 4.19 000/521] 4.19.270-rc1 review Greg Kroah-Hartman
` (292 preceding siblings ...)
2023-01-16 15:49 ` [PATCH 4.19 293/521] powerpc/pseries: Stop using eeh_ops->init() Greg Kroah-Hartman
@ 2023-01-16 15:49 ` Greg Kroah-Hartman
2023-01-16 15:49 ` [PATCH 4.19 295/521] powerpc/pseries/eeh: use correct API for error log size Greg Kroah-Hartman
` (230 subsequent siblings)
524 siblings, 0 replies; 529+ messages in thread
From: Greg Kroah-Hartman @ 2023-01-16 15:49 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Haowen Bai, Michael Ellerman, Sasha Levin
From: Haowen Bai <baihaowen@meizu.com>
[ Upstream commit 3def164a5cedad9117859dd4610cae2cc59cb6d2 ]
slot_errbuf_lock has declared and initialized by DEFINE_SPINLOCK,
so we don't need to spin_lock_init again, drop it.
Signed-off-by: Haowen Bai <baihaowen@meizu.com>
Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>
Link: https://lore.kernel.org/r/1652232476-9696-1-git-send-email-baihaowen@meizu.com
Stable-dep-of: 9aafbfa5f57a ("powerpc/pseries/eeh: use correct API for error log size")
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/powerpc/platforms/pseries/eeh_pseries.c | 3 +--
1 file changed, 1 insertion(+), 2 deletions(-)
diff --git a/arch/powerpc/platforms/pseries/eeh_pseries.c b/arch/powerpc/platforms/pseries/eeh_pseries.c
index 7a0b9aa09d10..f56248f19ef3 100644
--- a/arch/powerpc/platforms/pseries/eeh_pseries.c
+++ b/arch/powerpc/platforms/pseries/eeh_pseries.c
@@ -945,8 +945,7 @@ static int __init eeh_pseries_init(void)
return -EINVAL;
}
- /* Initialize error log lock and size */
- spin_lock_init(&slot_errbuf_lock);
+ /* Initialize error log size */
eeh_error_buf_size = rtas_token("rtas-error-log-max");
if (eeh_error_buf_size == RTAS_UNKNOWN_SERVICE) {
pr_info("%s: unknown EEH error log size\n",
--
2.35.1
^ permalink raw reply related [flat|nested] 529+ messages in thread
* [PATCH 4.19 295/521] powerpc/pseries/eeh: use correct API for error log size
2023-01-16 15:44 [PATCH 4.19 000/521] 4.19.270-rc1 review Greg Kroah-Hartman
` (293 preceding siblings ...)
2023-01-16 15:49 ` [PATCH 4.19 294/521] powerpc/eeh: Drop redundant spinlock initialization Greg Kroah-Hartman
@ 2023-01-16 15:49 ` Greg Kroah-Hartman
2023-01-16 15:49 ` [PATCH 4.19 296/521] rtc: st-lpc: Add missing clk_disable_unprepare in st_rtc_probe() Greg Kroah-Hartman
` (229 subsequent siblings)
524 siblings, 0 replies; 529+ messages in thread
From: Greg Kroah-Hartman @ 2023-01-16 15:49 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Nathan Lynch, Michael Ellerman, Sasha Levin
From: Nathan Lynch <nathanl@linux.ibm.com>
[ Upstream commit 9aafbfa5f57a4b75bafd3bed0191e8429c5fa618 ]
rtas-error-log-max is not the name of an RTAS function, so rtas_token()
is not the appropriate API for retrieving its value. We already have
rtas_get_error_log_max() which returns a sensible value if the property
is absent for any reason, so use that instead.
Fixes: 8d633291b4fc ("powerpc/eeh: pseries platform EEH error log retrieval")
Signed-off-by: Nathan Lynch <nathanl@linux.ibm.com>
[mpe: Drop no-longer possible error handling as noticed by ajd]
Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>
Link: https://lore.kernel.org/r/20221118150751.469393-6-nathanl@linux.ibm.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/powerpc/platforms/pseries/eeh_pseries.c | 11 +----------
1 file changed, 1 insertion(+), 10 deletions(-)
diff --git a/arch/powerpc/platforms/pseries/eeh_pseries.c b/arch/powerpc/platforms/pseries/eeh_pseries.c
index f56248f19ef3..b7160120c0bb 100644
--- a/arch/powerpc/platforms/pseries/eeh_pseries.c
+++ b/arch/powerpc/platforms/pseries/eeh_pseries.c
@@ -946,16 +946,7 @@ static int __init eeh_pseries_init(void)
}
/* Initialize error log size */
- eeh_error_buf_size = rtas_token("rtas-error-log-max");
- if (eeh_error_buf_size == RTAS_UNKNOWN_SERVICE) {
- pr_info("%s: unknown EEH error log size\n",
- __func__);
- eeh_error_buf_size = 1024;
- } else if (eeh_error_buf_size > RTAS_ERROR_LOG_MAX) {
- pr_info("%s: EEH error log size %d exceeds the maximal %d\n",
- __func__, eeh_error_buf_size, RTAS_ERROR_LOG_MAX);
- eeh_error_buf_size = RTAS_ERROR_LOG_MAX;
- }
+ eeh_error_buf_size = rtas_get_error_log_max();
/* Set EEH probe mode */
eeh_add_flag(EEH_PROBE_MODE_DEVTREE | EEH_ENABLE_IO_FOR_LOG);
--
2.35.1
^ permalink raw reply related [flat|nested] 529+ messages in thread
* [PATCH 4.19 296/521] rtc: st-lpc: Add missing clk_disable_unprepare in st_rtc_probe()
2023-01-16 15:44 [PATCH 4.19 000/521] 4.19.270-rc1 review Greg Kroah-Hartman
` (294 preceding siblings ...)
2023-01-16 15:49 ` [PATCH 4.19 295/521] powerpc/pseries/eeh: use correct API for error log size Greg Kroah-Hartman
@ 2023-01-16 15:49 ` Greg Kroah-Hartman
2023-01-16 15:49 ` [PATCH 4.19 297/521] nfsd: under NFSv4.1, fix double svc_xprt_put on rpc_create failure Greg Kroah-Hartman
` (228 subsequent siblings)
524 siblings, 0 replies; 529+ messages in thread
From: Greg Kroah-Hartman @ 2023-01-16 15:49 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Gaosheng Cui, Alexandre Belloni,
Sasha Levin
From: Gaosheng Cui <cuigaosheng1@huawei.com>
[ Upstream commit 5fb733d7bd6949e90028efdce8bd528c6ab7cf1e ]
The clk_disable_unprepare() should be called in the error handling
of clk_get_rate(), fix it.
Fixes: b5b2bdfc2893 ("rtc: st: Add new driver for ST's LPC RTC")
Signed-off-by: Gaosheng Cui <cuigaosheng1@huawei.com>
Link: https://lore.kernel.org/r/20221123014805.1993052-1-cuigaosheng1@huawei.com
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/rtc/rtc-st-lpc.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/drivers/rtc/rtc-st-lpc.c b/drivers/rtc/rtc-st-lpc.c
index bee75ca7ff79..e66439b6247a 100644
--- a/drivers/rtc/rtc-st-lpc.c
+++ b/drivers/rtc/rtc-st-lpc.c
@@ -249,6 +249,7 @@ static int st_rtc_probe(struct platform_device *pdev)
rtc->clkrate = clk_get_rate(rtc->clk);
if (!rtc->clkrate) {
+ clk_disable_unprepare(rtc->clk);
dev_err(&pdev->dev, "Unable to fetch clock rate\n");
return -EINVAL;
}
--
2.35.1
^ permalink raw reply related [flat|nested] 529+ messages in thread
* [PATCH 4.19 297/521] nfsd: under NFSv4.1, fix double svc_xprt_put on rpc_create failure
2023-01-16 15:44 [PATCH 4.19 000/521] 4.19.270-rc1 review Greg Kroah-Hartman
` (295 preceding siblings ...)
2023-01-16 15:49 ` [PATCH 4.19 296/521] rtc: st-lpc: Add missing clk_disable_unprepare in st_rtc_probe() Greg Kroah-Hartman
@ 2023-01-16 15:49 ` Greg Kroah-Hartman
2023-01-16 15:49 ` [PATCH 4.19 298/521] mISDN: hfcsusb: dont call dev_kfree_skb/kfree_skb() under spin_lock_irqsave() Greg Kroah-Hartman
` (227 subsequent siblings)
524 siblings, 0 replies; 529+ messages in thread
From: Greg Kroah-Hartman @ 2023-01-16 15:49 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Xiyu Yang, J. Bruce Fields,
Dan Aloni, Jeff Layton, Chuck Lever, Sasha Levin
From: Dan Aloni <dan.aloni@vastdata.com>
[ Upstream commit 3bc8edc98bd43540dbe648e4ef91f443d6d20a24 ]
On error situation `clp->cl_cb_conn.cb_xprt` should not be given
a reference to the xprt otherwise both client cleanup and the
error handling path of the caller call to put it. Better to
delay handing over the reference to a later branch.
[ 72.530665] refcount_t: underflow; use-after-free.
[ 72.531933] WARNING: CPU: 0 PID: 173 at lib/refcount.c:28 refcount_warn_saturate+0xcf/0x120
[ 72.533075] Modules linked in: nfsd(OE) nfsv4(OE) nfsv3(OE) nfs(OE) lockd(OE) compat_nfs_ssc(OE) nfs_acl(OE) rpcsec_gss_krb5(OE) auth_rpcgss(OE) rpcrdma(OE) dns_resolver fscache netfs grace rdma_cm iw_cm ib_cm sunrpc(OE) mlx5_ib mlx5_core mlxfw pci_hyperv_intf ib_uverbs ib_core xt_MASQUERADE nf_conntrack_netlink nft_counter xt_addrtype nft_compat br_netfilter bridge stp llc nft_reject_inet nf_reject_ipv4 nf_reject_ipv6 nft_reject nft_ct nft_chain_nat nf_nat nf_conntrack nf_defrag_ipv6 nf_defrag_ipv4 ip_set overlay nf_tables nfnetlink crct10dif_pclmul crc32_pclmul ghash_clmulni_intel xfs serio_raw virtio_net virtio_blk net_failover failover fuse [last unloaded: sunrpc]
[ 72.540389] CPU: 0 PID: 173 Comm: kworker/u16:5 Tainted: G OE 5.15.82-dan #1
[ 72.541511] Hardware name: Red Hat KVM/RHEL-AV, BIOS 1.16.0-3.module+el8.7.0+1084+97b81f61 04/01/2014
[ 72.542717] Workqueue: nfsd4_callbacks nfsd4_run_cb_work [nfsd]
[ 72.543575] RIP: 0010:refcount_warn_saturate+0xcf/0x120
[ 72.544299] Code: 55 00 0f 0b 5d e9 01 50 98 00 80 3d 75 9e 39 08 00 0f 85 74 ff ff ff 48 c7 c7 e8 d1 60 8e c6 05 61 9e 39 08 01 e8 f6 51 55 00 <0f> 0b 5d e9 d9 4f 98 00 80 3d 4b 9e 39 08 00 0f 85 4c ff ff ff 48
[ 72.546666] RSP: 0018:ffffb3f841157cf0 EFLAGS: 00010286
[ 72.547393] RAX: 0000000000000026 RBX: ffff89ac6231d478 RCX: 0000000000000000
[ 72.548324] RDX: ffff89adb7c2c2c0 RSI: ffff89adb7c205c0 RDI: ffff89adb7c205c0
[ 72.549271] RBP: ffffb3f841157cf0 R08: 0000000000000000 R09: c0000000ffefffff
[ 72.550209] R10: 0000000000000001 R11: ffffb3f841157ad0 R12: ffff89ac6231d180
[ 72.551142] R13: ffff89ac6231d478 R14: ffff89ac40c06180 R15: ffff89ac6231d4b0
[ 72.552089] FS: 0000000000000000(0000) GS:ffff89adb7c00000(0000) knlGS:0000000000000000
[ 72.553175] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 72.553934] CR2: 0000563a310506a8 CR3: 0000000109a66000 CR4: 0000000000350ef0
[ 72.554874] Call Trace:
[ 72.555278] <TASK>
[ 72.555614] svc_xprt_put+0xaf/0xe0 [sunrpc]
[ 72.556276] nfsd4_process_cb_update.isra.11+0xb7/0x410 [nfsd]
[ 72.557087] ? update_load_avg+0x82/0x610
[ 72.557652] ? cpuacct_charge+0x60/0x70
[ 72.558212] ? dequeue_entity+0xdb/0x3e0
[ 72.558765] ? queued_spin_unlock+0x9/0x20
[ 72.559358] nfsd4_run_cb_work+0xfc/0x270 [nfsd]
[ 72.560031] process_one_work+0x1df/0x390
[ 72.560600] worker_thread+0x37/0x3b0
[ 72.561644] ? process_one_work+0x390/0x390
[ 72.562247] kthread+0x12f/0x150
[ 72.562710] ? set_kthread_struct+0x50/0x50
[ 72.563309] ret_from_fork+0x22/0x30
[ 72.563818] </TASK>
[ 72.564189] ---[ end trace 031117b1c72ec616 ]---
[ 72.566019] list_add corruption. next->prev should be prev (ffff89ac4977e538), but was ffff89ac4763e018. (next=ffff89ac4763e018).
[ 72.567647] ------------[ cut here ]------------
Fixes: a4abc6b12eb1 ("nfsd: Fix svc_xprt refcnt leak when setup callback client failed")
Cc: Xiyu Yang <xiyuyang19@fudan.edu.cn>
Cc: J. Bruce Fields <bfields@redhat.com>
Signed-off-by: Dan Aloni <dan.aloni@vastdata.com>
Reviewed-by: Jeff Layton <jlayton@kernel.org>
Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
fs/nfsd/nfs4callback.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/fs/nfsd/nfs4callback.c b/fs/nfsd/nfs4callback.c
index 7ee417b685e9..519d994c0c4c 100644
--- a/fs/nfsd/nfs4callback.c
+++ b/fs/nfsd/nfs4callback.c
@@ -800,7 +800,6 @@ static int setup_callback_client(struct nfs4_client *clp, struct nfs4_cb_conn *c
} else {
if (!conn->cb_xprt)
return -EINVAL;
- clp->cl_cb_conn.cb_xprt = conn->cb_xprt;
clp->cl_cb_session = ses;
args.bc_xprt = conn->cb_xprt;
args.prognumber = clp->cl_cb_session->se_cb_prog;
@@ -820,6 +819,9 @@ static int setup_callback_client(struct nfs4_client *clp, struct nfs4_cb_conn *c
rpc_shutdown_client(client);
return PTR_ERR(cred);
}
+
+ if (clp->cl_minorversion != 0)
+ clp->cl_cb_conn.cb_xprt = conn->cb_xprt;
clp->cl_cb_client = client;
clp->cl_cb_cred = cred;
return 0;
--
2.35.1
^ permalink raw reply related [flat|nested] 529+ messages in thread
* [PATCH 4.19 298/521] mISDN: hfcsusb: dont call dev_kfree_skb/kfree_skb() under spin_lock_irqsave()
2023-01-16 15:44 [PATCH 4.19 000/521] 4.19.270-rc1 review Greg Kroah-Hartman
` (296 preceding siblings ...)
2023-01-16 15:49 ` [PATCH 4.19 297/521] nfsd: under NFSv4.1, fix double svc_xprt_put on rpc_create failure Greg Kroah-Hartman
@ 2023-01-16 15:49 ` Greg Kroah-Hartman
2023-01-16 15:49 ` [PATCH 4.19 299/521] mISDN: hfcpci: " Greg Kroah-Hartman
` (226 subsequent siblings)
524 siblings, 0 replies; 529+ messages in thread
From: Greg Kroah-Hartman @ 2023-01-16 15:49 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Yang Yingliang, Alexander Duyck,
Jakub Kicinski, Sasha Levin
From: Yang Yingliang <yangyingliang@huawei.com>
[ Upstream commit ddc9648db162eee556edd5222d2808fe33730203 ]
It is not allowed to call kfree_skb() or consume_skb() from hardware
interrupt context or with hardware interrupts being disabled.
It should use dev_kfree_skb_irq() or dev_consume_skb_irq() instead.
The difference between them is free reason, dev_kfree_skb_irq() means
the SKB is dropped in error and dev_consume_skb_irq() means the SKB
is consumed in normal.
skb_queue_purge() is called under spin_lock_irqsave() in hfcusb_l2l1D(),
kfree_skb() is called in it, to fix this, use skb_queue_splice_init()
to move the dch->squeue to a free queue, also enqueue the tx_skb and
rx_skb, at last calling __skb_queue_purge() to free the SKBs afer unlock.
In tx_iso_complete(), dev_kfree_skb() is called to consume the transmitted
SKB, so replace it with dev_consume_skb_irq().
Fixes: 69f52adb2d53 ("mISDN: Add HFC USB driver")
Signed-off-by: Yang Yingliang <yangyingliang@huawei.com>
Reviewed-by: Alexander Duyck <alexanderduyck@fb.com>
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/isdn/hardware/mISDN/hfcsusb.c | 12 ++++++++----
1 file changed, 8 insertions(+), 4 deletions(-)
diff --git a/drivers/isdn/hardware/mISDN/hfcsusb.c b/drivers/isdn/hardware/mISDN/hfcsusb.c
index c952002c6301..c49081ed5734 100644
--- a/drivers/isdn/hardware/mISDN/hfcsusb.c
+++ b/drivers/isdn/hardware/mISDN/hfcsusb.c
@@ -337,20 +337,24 @@ hfcusb_l2l1D(struct mISDNchannel *ch, struct sk_buff *skb)
test_and_clear_bit(FLG_L2_ACTIVATED, &dch->Flags);
if (hw->protocol == ISDN_P_NT_S0) {
+ struct sk_buff_head free_queue;
+
+ __skb_queue_head_init(&free_queue);
hfcsusb_ph_command(hw, HFC_L1_DEACTIVATE_NT);
spin_lock_irqsave(&hw->lock, flags);
- skb_queue_purge(&dch->squeue);
+ skb_queue_splice_init(&dch->squeue, &free_queue);
if (dch->tx_skb) {
- dev_kfree_skb(dch->tx_skb);
+ __skb_queue_tail(&free_queue, dch->tx_skb);
dch->tx_skb = NULL;
}
dch->tx_idx = 0;
if (dch->rx_skb) {
- dev_kfree_skb(dch->rx_skb);
+ __skb_queue_tail(&free_queue, dch->rx_skb);
dch->rx_skb = NULL;
}
test_and_clear_bit(FLG_TX_BUSY, &dch->Flags);
spin_unlock_irqrestore(&hw->lock, flags);
+ __skb_queue_purge(&free_queue);
#ifdef FIXME
if (test_and_clear_bit(FLG_L1_BUSY, &dch->Flags))
dchannel_sched_event(&hc->dch, D_CLEARBUSY);
@@ -1344,7 +1348,7 @@ tx_iso_complete(struct urb *urb)
printk("\n");
}
- dev_kfree_skb(tx_skb);
+ dev_consume_skb_irq(tx_skb);
tx_skb = NULL;
if (fifo->dch && get_next_dframe(fifo->dch))
tx_skb = fifo->dch->tx_skb;
--
2.35.1
^ permalink raw reply related [flat|nested] 529+ messages in thread
* [PATCH 4.19 299/521] mISDN: hfcpci: dont call dev_kfree_skb/kfree_skb() under spin_lock_irqsave()
2023-01-16 15:44 [PATCH 4.19 000/521] 4.19.270-rc1 review Greg Kroah-Hartman
` (297 preceding siblings ...)
2023-01-16 15:49 ` [PATCH 4.19 298/521] mISDN: hfcsusb: dont call dev_kfree_skb/kfree_skb() under spin_lock_irqsave() Greg Kroah-Hartman
@ 2023-01-16 15:49 ` Greg Kroah-Hartman
2023-01-16 15:49 ` [PATCH 4.19 300/521] mISDN: hfcmulti: " Greg Kroah-Hartman
` (225 subsequent siblings)
524 siblings, 0 replies; 529+ messages in thread
From: Greg Kroah-Hartman @ 2023-01-16 15:49 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Yang Yingliang, Alexander Duyck,
Jakub Kicinski, Sasha Levin
From: Yang Yingliang <yangyingliang@huawei.com>
[ Upstream commit f0f596bd75a9d573ca9b587abb39cee0b916bb82 ]
It is not allowed to call kfree_skb() or consume_skb() from hardware
interrupt context or with hardware interrupts being disabled.
skb_queue_purge() is called under spin_lock_irqsave() in hfcpci_l2l1D(),
kfree_skb() is called in it, to fix this, use skb_queue_splice_init()
to move the dch->squeue to a free queue, also enqueue the tx_skb and
rx_skb, at last calling __skb_queue_purge() to free the SKBs afer unlock.
Fixes: 1700fe1a10dc ("Add mISDN HFC PCI driver")
Signed-off-by: Yang Yingliang <yangyingliang@huawei.com>
Reviewed-by: Alexander Duyck <alexanderduyck@fb.com>
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/isdn/hardware/mISDN/hfcpci.c | 13 +++++++++----
1 file changed, 9 insertions(+), 4 deletions(-)
diff --git a/drivers/isdn/hardware/mISDN/hfcpci.c b/drivers/isdn/hardware/mISDN/hfcpci.c
index 53349850f866..de98e94711d2 100644
--- a/drivers/isdn/hardware/mISDN/hfcpci.c
+++ b/drivers/isdn/hardware/mISDN/hfcpci.c
@@ -1633,16 +1633,19 @@ hfcpci_l2l1D(struct mISDNchannel *ch, struct sk_buff *skb)
test_and_clear_bit(FLG_L2_ACTIVATED, &dch->Flags);
spin_lock_irqsave(&hc->lock, flags);
if (hc->hw.protocol == ISDN_P_NT_S0) {
+ struct sk_buff_head free_queue;
+
+ __skb_queue_head_init(&free_queue);
/* prepare deactivation */
Write_hfc(hc, HFCPCI_STATES, 0x40);
- skb_queue_purge(&dch->squeue);
+ skb_queue_splice_init(&dch->squeue, &free_queue);
if (dch->tx_skb) {
- dev_kfree_skb(dch->tx_skb);
+ __skb_queue_tail(&free_queue, dch->tx_skb);
dch->tx_skb = NULL;
}
dch->tx_idx = 0;
if (dch->rx_skb) {
- dev_kfree_skb(dch->rx_skb);
+ __skb_queue_tail(&free_queue, dch->rx_skb);
dch->rx_skb = NULL;
}
test_and_clear_bit(FLG_TX_BUSY, &dch->Flags);
@@ -1655,10 +1658,12 @@ hfcpci_l2l1D(struct mISDNchannel *ch, struct sk_buff *skb)
hc->hw.mst_m &= ~HFCPCI_MASTER;
Write_hfc(hc, HFCPCI_MST_MODE, hc->hw.mst_m);
ret = 0;
+ spin_unlock_irqrestore(&hc->lock, flags);
+ __skb_queue_purge(&free_queue);
} else {
ret = l1_event(dch->l1, hh->prim);
+ spin_unlock_irqrestore(&hc->lock, flags);
}
- spin_unlock_irqrestore(&hc->lock, flags);
break;
}
if (!ret)
--
2.35.1
^ permalink raw reply related [flat|nested] 529+ messages in thread
* [PATCH 4.19 300/521] mISDN: hfcmulti: dont call dev_kfree_skb/kfree_skb() under spin_lock_irqsave()
2023-01-16 15:44 [PATCH 4.19 000/521] 4.19.270-rc1 review Greg Kroah-Hartman
` (298 preceding siblings ...)
2023-01-16 15:49 ` [PATCH 4.19 299/521] mISDN: hfcpci: " Greg Kroah-Hartman
@ 2023-01-16 15:49 ` Greg Kroah-Hartman
2023-01-16 15:49 ` [PATCH 4.19 301/521] nfc: pn533: Clear nfc_target before being used Greg Kroah-Hartman
` (224 subsequent siblings)
524 siblings, 0 replies; 529+ messages in thread
From: Greg Kroah-Hartman @ 2023-01-16 15:49 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Yang Yingliang, Alexander Duyck,
Jakub Kicinski, Sasha Levin
From: Yang Yingliang <yangyingliang@huawei.com>
[ Upstream commit 1232946cf522b8de9e398828bde325d7c41f29dd ]
It is not allowed to call kfree_skb() or consume_skb() from hardware
interrupt context or with hardware interrupts being disabled.
skb_queue_purge() is called under spin_lock_irqsave() in handle_dmsg()
and hfcm_l1callback(), kfree_skb() is called in them, to fix this, use
skb_queue_splice_init() to move the dch->squeue to a free queue, also
enqueue the tx_skb and rx_skb, at last calling __skb_queue_purge() to
free the SKBs afer unlock.
Fixes: af69fb3a8ffa ("Add mISDN HFC multiport driver")
Signed-off-by: Yang Yingliang <yangyingliang@huawei.com>
Reviewed-by: Alexander Duyck <alexanderduyck@fb.com>
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/isdn/hardware/mISDN/hfcmulti.c | 19 +++++++++++++------
1 file changed, 13 insertions(+), 6 deletions(-)
diff --git a/drivers/isdn/hardware/mISDN/hfcmulti.c b/drivers/isdn/hardware/mISDN/hfcmulti.c
index 0928fd1f0e0c..60b3a4aabe6b 100644
--- a/drivers/isdn/hardware/mISDN/hfcmulti.c
+++ b/drivers/isdn/hardware/mISDN/hfcmulti.c
@@ -3233,6 +3233,7 @@ static int
hfcm_l1callback(struct dchannel *dch, u_int cmd)
{
struct hfc_multi *hc = dch->hw;
+ struct sk_buff_head free_queue;
u_long flags;
switch (cmd) {
@@ -3261,6 +3262,7 @@ hfcm_l1callback(struct dchannel *dch, u_int cmd)
l1_event(dch->l1, HW_POWERUP_IND);
break;
case HW_DEACT_REQ:
+ __skb_queue_head_init(&free_queue);
/* start deactivation */
spin_lock_irqsave(&hc->lock, flags);
if (hc->ctype == HFC_TYPE_E1) {
@@ -3280,20 +3282,21 @@ hfcm_l1callback(struct dchannel *dch, u_int cmd)
plxsd_checksync(hc, 0);
}
}
- skb_queue_purge(&dch->squeue);
+ skb_queue_splice_init(&dch->squeue, &free_queue);
if (dch->tx_skb) {
- dev_kfree_skb(dch->tx_skb);
+ __skb_queue_tail(&free_queue, dch->tx_skb);
dch->tx_skb = NULL;
}
dch->tx_idx = 0;
if (dch->rx_skb) {
- dev_kfree_skb(dch->rx_skb);
+ __skb_queue_tail(&free_queue, dch->rx_skb);
dch->rx_skb = NULL;
}
test_and_clear_bit(FLG_TX_BUSY, &dch->Flags);
if (test_and_clear_bit(FLG_BUSY_TIMER, &dch->Flags))
del_timer(&dch->timer);
spin_unlock_irqrestore(&hc->lock, flags);
+ __skb_queue_purge(&free_queue);
break;
case HW_POWERUP_REQ:
spin_lock_irqsave(&hc->lock, flags);
@@ -3400,6 +3403,9 @@ handle_dmsg(struct mISDNchannel *ch, struct sk_buff *skb)
case PH_DEACTIVATE_REQ:
test_and_clear_bit(FLG_L2_ACTIVATED, &dch->Flags);
if (dch->dev.D.protocol != ISDN_P_TE_S0) {
+ struct sk_buff_head free_queue;
+
+ __skb_queue_head_init(&free_queue);
spin_lock_irqsave(&hc->lock, flags);
if (debug & DEBUG_HFCMULTI_MSG)
printk(KERN_DEBUG
@@ -3421,14 +3427,14 @@ handle_dmsg(struct mISDNchannel *ch, struct sk_buff *skb)
/* deactivate */
dch->state = 1;
}
- skb_queue_purge(&dch->squeue);
+ skb_queue_splice_init(&dch->squeue, &free_queue);
if (dch->tx_skb) {
- dev_kfree_skb(dch->tx_skb);
+ __skb_queue_tail(&free_queue, dch->tx_skb);
dch->tx_skb = NULL;
}
dch->tx_idx = 0;
if (dch->rx_skb) {
- dev_kfree_skb(dch->rx_skb);
+ __skb_queue_tail(&free_queue, dch->rx_skb);
dch->rx_skb = NULL;
}
test_and_clear_bit(FLG_TX_BUSY, &dch->Flags);
@@ -3440,6 +3446,7 @@ handle_dmsg(struct mISDNchannel *ch, struct sk_buff *skb)
#endif
ret = 0;
spin_unlock_irqrestore(&hc->lock, flags);
+ __skb_queue_purge(&free_queue);
} else
ret = l1_event(dch->l1, hh->prim);
break;
--
2.35.1
^ permalink raw reply related [flat|nested] 529+ messages in thread
* [PATCH 4.19 301/521] nfc: pn533: Clear nfc_target before being used
2023-01-16 15:44 [PATCH 4.19 000/521] 4.19.270-rc1 review Greg Kroah-Hartman
` (299 preceding siblings ...)
2023-01-16 15:49 ` [PATCH 4.19 300/521] mISDN: hfcmulti: " Greg Kroah-Hartman
@ 2023-01-16 15:49 ` Greg Kroah-Hartman
2023-01-16 15:49 ` [PATCH 4.19 302/521] r6040: Fix kmemleak in probe and remove Greg Kroah-Hartman
` (223 subsequent siblings)
524 siblings, 0 replies; 529+ messages in thread
From: Greg Kroah-Hartman @ 2023-01-16 15:49 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Minsuk Kang, Krzysztof Kozlowski,
Jakub Kicinski, Sasha Levin
From: Minsuk Kang <linuxlovemin@yonsei.ac.kr>
[ Upstream commit 9f28157778ede0d4f183f7ab3b46995bb400abbe ]
Fix a slab-out-of-bounds read that occurs in nla_put() called from
nfc_genl_send_target() when target->sensb_res_len, which is duplicated
from an nfc_target in pn533, is too large as the nfc_target is not
properly initialized and retains garbage values. Clear nfc_targets with
memset() before they are used.
Found by a modified version of syzkaller.
BUG: KASAN: slab-out-of-bounds in nla_put
Call Trace:
memcpy
nla_put
nfc_genl_dump_targets
genl_lock_dumpit
netlink_dump
__netlink_dump_start
genl_family_rcv_msg_dumpit
genl_rcv_msg
netlink_rcv_skb
genl_rcv
netlink_unicast
netlink_sendmsg
sock_sendmsg
____sys_sendmsg
___sys_sendmsg
__sys_sendmsg
do_syscall_64
Fixes: 673088fb42d0 ("NFC: pn533: Send ATR_REQ directly for active device detection")
Fixes: 361f3cb7f9cf ("NFC: DEP link hook implementation for pn533")
Signed-off-by: Minsuk Kang <linuxlovemin@yonsei.ac.kr>
Reviewed-by: Krzysztof Kozlowski <krzysztof.kozlowski@linaro.org>
Link: https://lore.kernel.org/r/20221214015139.119673-1-linuxlovemin@yonsei.ac.kr
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/nfc/pn533/pn533.c | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/drivers/nfc/pn533/pn533.c b/drivers/nfc/pn533/pn533.c
index 79bf8e1bd39c..b7f5db3a6aa0 100644
--- a/drivers/nfc/pn533/pn533.c
+++ b/drivers/nfc/pn533/pn533.c
@@ -1305,6 +1305,8 @@ static int pn533_poll_dep_complete(struct pn533 *dev, void *arg,
if (IS_ERR(resp))
return PTR_ERR(resp);
+ memset(&nfc_target, 0, sizeof(struct nfc_target));
+
rsp = (struct pn533_cmd_jump_dep_response *)resp->data;
rc = rsp->status & PN533_CMD_RET_MASK;
@@ -1786,6 +1788,8 @@ static int pn533_in_dep_link_up_complete(struct pn533 *dev, void *arg,
dev_dbg(dev->dev, "Creating new target\n");
+ memset(&nfc_target, 0, sizeof(struct nfc_target));
+
nfc_target.supported_protocols = NFC_PROTO_NFC_DEP_MASK;
nfc_target.nfcid1_len = 10;
memcpy(nfc_target.nfcid1, rsp->nfcid3t, nfc_target.nfcid1_len);
--
2.35.1
^ permalink raw reply related [flat|nested] 529+ messages in thread
* [PATCH 4.19 302/521] r6040: Fix kmemleak in probe and remove
2023-01-16 15:44 [PATCH 4.19 000/521] 4.19.270-rc1 review Greg Kroah-Hartman
` (300 preceding siblings ...)
2023-01-16 15:49 ` [PATCH 4.19 301/521] nfc: pn533: Clear nfc_target before being used Greg Kroah-Hartman
@ 2023-01-16 15:49 ` Greg Kroah-Hartman
2023-01-16 15:49 ` [PATCH 4.19 303/521] rtc: mxc_v2: Add missing clk_disable_unprepare() Greg Kroah-Hartman
` (222 subsequent siblings)
524 siblings, 0 replies; 529+ messages in thread
From: Greg Kroah-Hartman @ 2023-01-16 15:49 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Li Zetao, Leon Romanovsky,
Paolo Abeni, Sasha Levin
From: Li Zetao <lizetao1@huawei.com>
[ Upstream commit 7e43039a49c2da45edc1d9d7c9ede4003ab45a5f ]
There is a memory leaks reported by kmemleak:
unreferenced object 0xffff888116111000 (size 2048):
comm "modprobe", pid 817, jiffies 4294759745 (age 76.502s)
hex dump (first 32 bytes):
00 c4 0a 04 81 88 ff ff 08 10 11 16 81 88 ff ff ................
08 10 11 16 81 88 ff ff 00 00 00 00 00 00 00 00 ................
backtrace:
[<ffffffff815bcd82>] kmalloc_trace+0x22/0x60
[<ffffffff827e20ee>] phy_device_create+0x4e/0x90
[<ffffffff827e6072>] get_phy_device+0xd2/0x220
[<ffffffff827e7844>] mdiobus_scan+0xa4/0x2e0
[<ffffffff827e8be2>] __mdiobus_register+0x482/0x8b0
[<ffffffffa01f5d24>] r6040_init_one+0x714/0xd2c [r6040]
...
The problem occurs in probe process as follows:
r6040_init_one:
mdiobus_register
mdiobus_scan <- alloc and register phy_device,
the reference count of phy_device is 3
r6040_mii_probe
phy_connect <- connect to the first phy_device,
so the reference count of the first
phy_device is 4, others are 3
register_netdev <- fault inject succeeded, goto error handling path
// error handling path
err_out_mdio_unregister:
mdiobus_unregister(lp->mii_bus);
err_out_mdio:
mdiobus_free(lp->mii_bus); <- the reference count of the first
phy_device is 1, it is not released
and other phy_devices are released
// similarly, the remove process also has the same problem
The root cause is traced to the phy_device is not disconnected when
removes one r6040 device in r6040_remove_one() or on error handling path
after r6040_mii probed successfully. In r6040_mii_probe(), a net ethernet
device is connected to the first PHY device of mii_bus, in order to
notify the connected driver when the link status changes, which is the
default behavior of the PHY infrastructure to handle everything.
Therefore the phy_device should be disconnected when removes one r6040
device or on error handling path.
Fix it by adding phy_disconnect() when removes one r6040 device or on
error handling path after r6040_mii probed successfully.
Fixes: 3831861b4ad8 ("r6040: implement phylib")
Signed-off-by: Li Zetao <lizetao1@huawei.com>
Reviewed-by: Leon Romanovsky <leonro@nvidia.com>
Link: https://lore.kernel.org/r/20221213125614.927754-1-lizetao1@huawei.com
Signed-off-by: Paolo Abeni <pabeni@redhat.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/ethernet/rdc/r6040.c | 5 ++++-
1 file changed, 4 insertions(+), 1 deletion(-)
diff --git a/drivers/net/ethernet/rdc/r6040.c b/drivers/net/ethernet/rdc/r6040.c
index 2199bd08f4d6..e377c1f68777 100644
--- a/drivers/net/ethernet/rdc/r6040.c
+++ b/drivers/net/ethernet/rdc/r6040.c
@@ -1184,10 +1184,12 @@ static int r6040_init_one(struct pci_dev *pdev, const struct pci_device_id *ent)
err = register_netdev(dev);
if (err) {
dev_err(&pdev->dev, "Failed to register net device\n");
- goto err_out_mdio_unregister;
+ goto err_out_phy_disconnect;
}
return 0;
+err_out_phy_disconnect:
+ phy_disconnect(dev->phydev);
err_out_mdio_unregister:
mdiobus_unregister(lp->mii_bus);
err_out_mdio:
@@ -1211,6 +1213,7 @@ static void r6040_remove_one(struct pci_dev *pdev)
struct r6040_private *lp = netdev_priv(dev);
unregister_netdev(dev);
+ phy_disconnect(dev->phydev);
mdiobus_unregister(lp->mii_bus);
mdiobus_free(lp->mii_bus);
netif_napi_del(&lp->napi);
--
2.35.1
^ permalink raw reply related [flat|nested] 529+ messages in thread
* [PATCH 4.19 303/521] rtc: mxc_v2: Add missing clk_disable_unprepare()
2023-01-16 15:44 [PATCH 4.19 000/521] 4.19.270-rc1 review Greg Kroah-Hartman
` (301 preceding siblings ...)
2023-01-16 15:49 ` [PATCH 4.19 302/521] r6040: Fix kmemleak in probe and remove Greg Kroah-Hartman
@ 2023-01-16 15:49 ` Greg Kroah-Hartman
2023-01-16 15:49 ` [PATCH 4.19 304/521] openvswitch: Fix flow lookup to use unmasked key Greg Kroah-Hartman
` (221 subsequent siblings)
524 siblings, 0 replies; 529+ messages in thread
From: Greg Kroah-Hartman @ 2023-01-16 15:49 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, GUO Zihua, Alexandre Belloni, Sasha Levin
From: GUO Zihua <guozihua@huawei.com>
[ Upstream commit 55d5a86618d3b1a768bce01882b74cbbd2651975 ]
The call to clk_disable_unprepare() is left out in the error handling of
devm_rtc_allocate_device. Add it back.
Fixes: 5490a1e018a4 ("rtc: mxc_v2: fix possible race condition")
Signed-off-by: GUO Zihua <guozihua@huawei.com>
Link: https://lore.kernel.org/r/20221122085046.21689-1-guozihua@huawei.com
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/rtc/rtc-mxc_v2.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/drivers/rtc/rtc-mxc_v2.c b/drivers/rtc/rtc-mxc_v2.c
index 45c7366b7286..c16aa4a389e9 100644
--- a/drivers/rtc/rtc-mxc_v2.c
+++ b/drivers/rtc/rtc-mxc_v2.c
@@ -335,8 +335,10 @@ static int mxc_rtc_probe(struct platform_device *pdev)
}
pdata->rtc = devm_rtc_allocate_device(&pdev->dev);
- if (IS_ERR(pdata->rtc))
+ if (IS_ERR(pdata->rtc)) {
+ clk_disable_unprepare(pdata->clk);
return PTR_ERR(pdata->rtc);
+ }
pdata->rtc->ops = &mxc_rtc_ops;
pdata->rtc->range_max = U32_MAX;
--
2.35.1
^ permalink raw reply related [flat|nested] 529+ messages in thread
* [PATCH 4.19 304/521] openvswitch: Fix flow lookup to use unmasked key
2023-01-16 15:44 [PATCH 4.19 000/521] 4.19.270-rc1 review Greg Kroah-Hartman
` (302 preceding siblings ...)
2023-01-16 15:49 ` [PATCH 4.19 303/521] rtc: mxc_v2: Add missing clk_disable_unprepare() Greg Kroah-Hartman
@ 2023-01-16 15:49 ` Greg Kroah-Hartman
2023-01-16 15:49 ` [PATCH 4.19 305/521] skbuff: Account for tail adjustment during pull operations Greg Kroah-Hartman
` (220 subsequent siblings)
524 siblings, 0 replies; 529+ messages in thread
From: Greg Kroah-Hartman @ 2023-01-16 15:49 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Eelco Chaudron, David S. Miller,
Sasha Levin
From: Eelco Chaudron <echaudro@redhat.com>
[ Upstream commit 68bb10101e6b0a6bb44e9c908ef795fc4af99eae ]
The commit mentioned below causes the ovs_flow_tbl_lookup() function
to be called with the masked key. However, it's supposed to be called
with the unmasked key. This due to the fact that the datapath supports
installing wider flows, and OVS relies on this behavior. For example
if ipv4(src=1.1.1.1/192.0.0.0, dst=1.1.1.2/192.0.0.0) exists, a wider
flow (smaller mask) of ipv4(src=192.1.1.1/128.0.0.0,dst=192.1.1.2/
128.0.0.0) is allowed to be added.
However, if we try to add a wildcard rule, the installation fails:
$ ovs-appctl dpctl/add-flow system@myDP "in_port(1),eth_type(0x0800), \
ipv4(src=1.1.1.1/192.0.0.0,dst=1.1.1.2/192.0.0.0,frag=no)" 2
$ ovs-appctl dpctl/add-flow system@myDP "in_port(1),eth_type(0x0800), \
ipv4(src=192.1.1.1/0.0.0.0,dst=49.1.1.2/0.0.0.0,frag=no)" 2
ovs-vswitchd: updating flow table (File exists)
The reason is that the key used to determine if the flow is already
present in the system uses the original key ANDed with the mask.
This results in the IP address not being part of the (miniflow) key,
i.e., being substituted with an all-zero value. When doing the actual
lookup, this results in the key wrongfully matching the first flow,
and therefore the flow does not get installed.
This change reverses the commit below, but rather than having the key
on the stack, it's allocated.
Fixes: 190aa3e77880 ("openvswitch: Fix Frame-size larger than 1024 bytes warning.")
Signed-off-by: Eelco Chaudron <echaudro@redhat.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
net/openvswitch/datapath.c | 25 ++++++++++++++++---------
1 file changed, 16 insertions(+), 9 deletions(-)
diff --git a/net/openvswitch/datapath.c b/net/openvswitch/datapath.c
index e9a10a66b4ca..fbc575247268 100644
--- a/net/openvswitch/datapath.c
+++ b/net/openvswitch/datapath.c
@@ -903,6 +903,7 @@ static int ovs_flow_cmd_new(struct sk_buff *skb, struct genl_info *info)
struct sw_flow_mask mask;
struct sk_buff *reply;
struct datapath *dp;
+ struct sw_flow_key *key;
struct sw_flow_actions *acts;
struct sw_flow_match match;
u32 ufid_flags = ovs_nla_get_ufid_flags(a[OVS_FLOW_ATTR_UFID_FLAGS]);
@@ -930,24 +931,26 @@ static int ovs_flow_cmd_new(struct sk_buff *skb, struct genl_info *info)
}
/* Extract key. */
- ovs_match_init(&match, &new_flow->key, false, &mask);
+ key = kzalloc(sizeof(*key), GFP_KERNEL);
+ if (!key) {
+ error = -ENOMEM;
+ goto err_kfree_key;
+ }
+
+ ovs_match_init(&match, key, false, &mask);
error = ovs_nla_get_match(net, &match, a[OVS_FLOW_ATTR_KEY],
a[OVS_FLOW_ATTR_MASK], log);
if (error)
goto err_kfree_flow;
+ ovs_flow_mask_key(&new_flow->key, key, true, &mask);
+
/* Extract flow identifier. */
error = ovs_nla_get_identifier(&new_flow->id, a[OVS_FLOW_ATTR_UFID],
- &new_flow->key, log);
+ key, log);
if (error)
goto err_kfree_flow;
- /* unmasked key is needed to match when ufid is not used. */
- if (ovs_identifier_is_key(&new_flow->id))
- match.key = new_flow->id.unmasked_key;
-
- ovs_flow_mask_key(&new_flow->key, &new_flow->key, true, &mask);
-
/* Validate actions. */
error = ovs_nla_copy_actions(net, a[OVS_FLOW_ATTR_ACTIONS],
&new_flow->key, &acts, log);
@@ -974,7 +977,7 @@ static int ovs_flow_cmd_new(struct sk_buff *skb, struct genl_info *info)
if (ovs_identifier_is_ufid(&new_flow->id))
flow = ovs_flow_tbl_lookup_ufid(&dp->table, &new_flow->id);
if (!flow)
- flow = ovs_flow_tbl_lookup(&dp->table, &new_flow->key);
+ flow = ovs_flow_tbl_lookup(&dp->table, key);
if (likely(!flow)) {
rcu_assign_pointer(new_flow->sf_acts, acts);
@@ -1044,6 +1047,8 @@ static int ovs_flow_cmd_new(struct sk_buff *skb, struct genl_info *info)
if (reply)
ovs_notify(&dp_flow_genl_family, reply, info);
+
+ kfree(key);
return 0;
err_unlock_ovs:
@@ -1053,6 +1058,8 @@ static int ovs_flow_cmd_new(struct sk_buff *skb, struct genl_info *info)
ovs_nla_free_flow_actions(acts);
err_kfree_flow:
ovs_flow_free(new_flow, false);
+err_kfree_key:
+ kfree(key);
error:
return error;
}
--
2.35.1
^ permalink raw reply related [flat|nested] 529+ messages in thread
* [PATCH 4.19 305/521] skbuff: Account for tail adjustment during pull operations
2023-01-16 15:44 [PATCH 4.19 000/521] 4.19.270-rc1 review Greg Kroah-Hartman
` (303 preceding siblings ...)
2023-01-16 15:49 ` [PATCH 4.19 304/521] openvswitch: Fix flow lookup to use unmasked key Greg Kroah-Hartman
@ 2023-01-16 15:49 ` Greg Kroah-Hartman
2023-01-16 15:49 ` [PATCH 4.19 306/521] net_sched: reject TCF_EM_SIMPLE case for complex ematch module Greg Kroah-Hartman
` (219 subsequent siblings)
524 siblings, 0 replies; 529+ messages in thread
From: Greg Kroah-Hartman @ 2023-01-16 15:49 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Sean Tranchetti,
Subash Abhinov Kasiviswanathan, Alexander Duyck, Jakub Kicinski,
Sasha Levin
From: Subash Abhinov Kasiviswanathan <quic_subashab@quicinc.com>
[ Upstream commit 2d7afdcbc9d32423f177ee12b7c93783aea338fb ]
Extending the tail can have some unexpected side effects if a program uses
a helper like BPF_FUNC_skb_pull_data to read partial content beyond the
head skb headlen when all the skbs in the gso frag_list are linear with no
head_frag -
kernel BUG at net/core/skbuff.c:4219!
pc : skb_segment+0xcf4/0xd2c
lr : skb_segment+0x63c/0xd2c
Call trace:
skb_segment+0xcf4/0xd2c
__udp_gso_segment+0xa4/0x544
udp4_ufo_fragment+0x184/0x1c0
inet_gso_segment+0x16c/0x3a4
skb_mac_gso_segment+0xd4/0x1b0
__skb_gso_segment+0xcc/0x12c
udp_rcv_segment+0x54/0x16c
udp_queue_rcv_skb+0x78/0x144
udp_unicast_rcv_skb+0x8c/0xa4
__udp4_lib_rcv+0x490/0x68c
udp_rcv+0x20/0x30
ip_protocol_deliver_rcu+0x1b0/0x33c
ip_local_deliver+0xd8/0x1f0
ip_rcv+0x98/0x1a4
deliver_ptype_list_skb+0x98/0x1ec
__netif_receive_skb_core+0x978/0xc60
Fix this by marking these skbs as GSO_DODGY so segmentation can handle
the tail updates accordingly.
Fixes: 3dcbdb134f32 ("net: gso: Fix skb_segment splat when splitting gso_size mangled skb having linear-headed frag_list")
Signed-off-by: Sean Tranchetti <quic_stranche@quicinc.com>
Signed-off-by: Subash Abhinov Kasiviswanathan <quic_subashab@quicinc.com>
Reviewed-by: Alexander Duyck <alexanderduyck@fb.com>
Link: https://lore.kernel.org/r/1671084718-24796-1-git-send-email-quic_subashab@quicinc.com
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
net/core/skbuff.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/net/core/skbuff.c b/net/core/skbuff.c
index 4178fc28c277..7f501dff4501 100644
--- a/net/core/skbuff.c
+++ b/net/core/skbuff.c
@@ -1953,6 +1953,9 @@ void *__pskb_pull_tail(struct sk_buff *skb, int delta)
insp = list;
} else {
/* Eaten partially. */
+ if (skb_is_gso(skb) && !list->head_frag &&
+ skb_headlen(list))
+ skb_shinfo(skb)->gso_type |= SKB_GSO_DODGY;
if (skb_shared(list)) {
/* Sucks! We need to fork list. :-( */
--
2.35.1
^ permalink raw reply related [flat|nested] 529+ messages in thread
* [PATCH 4.19 306/521] net_sched: reject TCF_EM_SIMPLE case for complex ematch module
2023-01-16 15:44 [PATCH 4.19 000/521] 4.19.270-rc1 review Greg Kroah-Hartman
` (304 preceding siblings ...)
2023-01-16 15:49 ` [PATCH 4.19 305/521] skbuff: Account for tail adjustment during pull operations Greg Kroah-Hartman
@ 2023-01-16 15:49 ` Greg Kroah-Hartman
2023-01-16 15:49 ` [PATCH 4.19 307/521] rxrpc: Fix missing unlock in rxrpc_do_sendmsg() Greg Kroah-Hartman
` (218 subsequent siblings)
524 siblings, 0 replies; 529+ messages in thread
From: Greg Kroah-Hartman @ 2023-01-16 15:49 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Jun Nie, Jamal Hadi Salim,
Paolo Abeni, Cong Wang, David S. Miller, Sasha Levin,
syzbot+4caeae4c7103813598ae
From: Cong Wang <cong.wang@bytedance.com>
[ Upstream commit 9cd3fd2054c3b3055163accbf2f31a4426f10317 ]
When TCF_EM_SIMPLE was introduced, it is supposed to be convenient
for ematch implementation:
https://lore.kernel.org/all/20050105110048.GO26856@postel.suug.ch/
"You don't have to, providing a 32bit data chunk without TCF_EM_SIMPLE
set will simply result in allocating & copy. It's an optimization,
nothing more."
So if an ematch module provides ops->datalen that means it wants a
complex data structure (saved in its em->data) instead of a simple u32
value. We should simply reject such a combination, otherwise this u32
could be misinterpreted as a pointer.
Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2")
Reported-and-tested-by: syzbot+4caeae4c7103813598ae@syzkaller.appspotmail.com
Reported-by: Jun Nie <jun.nie@linaro.org>
Cc: Jamal Hadi Salim <jhs@mojatatu.com>
Cc: Paolo Abeni <pabeni@redhat.com>
Signed-off-by: Cong Wang <cong.wang@bytedance.com>
Acked-by: Paolo Abeni <pabeni@redhat.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
net/sched/ematch.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/net/sched/ematch.c b/net/sched/ematch.c
index 113a133ee544..5ba3548d2eb7 100644
--- a/net/sched/ematch.c
+++ b/net/sched/ematch.c
@@ -259,6 +259,8 @@ static int tcf_em_validate(struct tcf_proto *tp,
* the value carried.
*/
if (em_hdr->flags & TCF_EM_SIMPLE) {
+ if (em->ops->datalen > 0)
+ goto errout;
if (data_len < sizeof(u32))
goto errout;
em->data = *(u32 *) data;
--
2.35.1
^ permalink raw reply related [flat|nested] 529+ messages in thread
* [PATCH 4.19 307/521] rxrpc: Fix missing unlock in rxrpc_do_sendmsg()
2023-01-16 15:44 [PATCH 4.19 000/521] 4.19.270-rc1 review Greg Kroah-Hartman
` (305 preceding siblings ...)
2023-01-16 15:49 ` [PATCH 4.19 306/521] net_sched: reject TCF_EM_SIMPLE case for complex ematch module Greg Kroah-Hartman
@ 2023-01-16 15:49 ` Greg Kroah-Hartman
2023-01-16 15:49 ` [PATCH 4.19 308/521] myri10ge: Fix an error handling path in myri10ge_probe() Greg Kroah-Hartman
` (217 subsequent siblings)
524 siblings, 0 replies; 529+ messages in thread
From: Greg Kroah-Hartman @ 2023-01-16 15:49 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, David Howells, Marc Dionne,
linux-afs, David S. Miller, Sasha Levin
From: David Howells <dhowells@redhat.com>
[ Upstream commit 4feb2c44629e6f9b459b41a5a60491069d346a95 ]
One of the error paths in rxrpc_do_sendmsg() doesn't unlock the call mutex
before returning. Fix it to do this.
Note that this still doesn't get rid of the checker warning:
../net/rxrpc/sendmsg.c:617:5: warning: context imbalance in 'rxrpc_do_sendmsg' - wrong count at exit
I think the interplay between the socket lock and the call's user_mutex may
be too complicated for checker to analyse, especially as
rxrpc_new_client_call_for_sendmsg(), which it calls, returns with the
call's user_mutex if successful but unconditionally drops the socket lock.
Fixes: e754eba685aa ("rxrpc: Provide a cmsg to specify the amount of Tx data for a call")
Signed-off-by: David Howells <dhowells@redhat.com>
cc: Marc Dionne <marc.dionne@auristor.com>
cc: linux-afs@lists.infradead.org
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
net/rxrpc/sendmsg.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/net/rxrpc/sendmsg.c b/net/rxrpc/sendmsg.c
index 0220a2935002..a7a09eb04d93 100644
--- a/net/rxrpc/sendmsg.c
+++ b/net/rxrpc/sendmsg.c
@@ -689,7 +689,7 @@ int rxrpc_do_sendmsg(struct rxrpc_sock *rx, struct msghdr *msg, size_t len)
if (call->tx_total_len != -1 ||
call->tx_pending ||
call->tx_top != 0)
- goto error_put;
+ goto out_put_unlock;
call->tx_total_len = p.call.tx_total_len;
}
}
--
2.35.1
^ permalink raw reply related [flat|nested] 529+ messages in thread
* [PATCH 4.19 308/521] myri10ge: Fix an error handling path in myri10ge_probe()
2023-01-16 15:44 [PATCH 4.19 000/521] 4.19.270-rc1 review Greg Kroah-Hartman
` (306 preceding siblings ...)
2023-01-16 15:49 ` [PATCH 4.19 307/521] rxrpc: Fix missing unlock in rxrpc_do_sendmsg() Greg Kroah-Hartman
@ 2023-01-16 15:49 ` Greg Kroah-Hartman
2023-01-16 15:49 ` [PATCH 4.19 309/521] net: stream: purge sk_error_queue in sk_stream_kill_queues() Greg Kroah-Hartman
` (216 subsequent siblings)
524 siblings, 0 replies; 529+ messages in thread
From: Greg Kroah-Hartman @ 2023-01-16 15:49 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Christophe JAILLET, David S. Miller,
Sasha Levin
From: Christophe JAILLET <christophe.jaillet@wanadoo.fr>
[ Upstream commit d83b950d44d2982c0e62e3d81b0f35ab09431008 ]
Some memory allocated in myri10ge_probe_slices() is not released in the
error handling path of myri10ge_probe().
Add the corresponding kfree(), as already done in the remove function.
Fixes: 0dcffac1a329 ("myri10ge: add multislices support")
Signed-off-by: Christophe JAILLET <christophe.jaillet@wanadoo.fr>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/ethernet/myricom/myri10ge/myri10ge.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/drivers/net/ethernet/myricom/myri10ge/myri10ge.c b/drivers/net/ethernet/myricom/myri10ge/myri10ge.c
index 3bc570c46f81..8296b0aa42a9 100644
--- a/drivers/net/ethernet/myricom/myri10ge/myri10ge.c
+++ b/drivers/net/ethernet/myricom/myri10ge/myri10ge.c
@@ -3960,6 +3960,7 @@ static int myri10ge_probe(struct pci_dev *pdev, const struct pci_device_id *ent)
myri10ge_free_slices(mgp);
abort_with_firmware:
+ kfree(mgp->msix_vectors);
myri10ge_dummy_rdma(mgp, 0);
abort_with_ioremap:
--
2.35.1
^ permalink raw reply related [flat|nested] 529+ messages in thread
* [PATCH 4.19 309/521] net: stream: purge sk_error_queue in sk_stream_kill_queues()
2023-01-16 15:44 [PATCH 4.19 000/521] 4.19.270-rc1 review Greg Kroah-Hartman
` (307 preceding siblings ...)
2023-01-16 15:49 ` [PATCH 4.19 308/521] myri10ge: Fix an error handling path in myri10ge_probe() Greg Kroah-Hartman
@ 2023-01-16 15:49 ` Greg Kroah-Hartman
2023-01-16 15:49 ` [PATCH 4.19 310/521] binfmt_misc: fix shift-out-of-bounds in check_special_flags Greg Kroah-Hartman
` (215 subsequent siblings)
524 siblings, 0 replies; 529+ messages in thread
From: Greg Kroah-Hartman @ 2023-01-16 15:49 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Changheon Lee, Eric Dumazet,
David S. Miller, Sasha Levin
From: Eric Dumazet <edumazet@google.com>
[ Upstream commit e0c8bccd40fc1c19e1d246c39bcf79e357e1ada3 ]
Changheon Lee reported TCP socket leaks, with a nice repro.
It seems we leak TCP sockets with the following sequence:
1) SOF_TIMESTAMPING_TX_ACK is enabled on the socket.
Each ACK will cook an skb put in error queue, from __skb_tstamp_tx().
__skb_tstamp_tx() is using skb_clone(), unless
SOF_TIMESTAMPING_OPT_TSONLY was also requested.
2) If the application is also using MSG_ZEROCOPY, then we put in the
error queue cloned skbs that had a struct ubuf_info attached to them.
Whenever an struct ubuf_info is allocated, sock_zerocopy_alloc()
does a sock_hold().
As long as the cloned skbs are still in sk_error_queue,
socket refcount is kept elevated.
3) Application closes the socket, while error queue is not empty.
Since tcp_close() no longer purges the socket error queue,
we might end up with a TCP socket with at least one skb in
error queue keeping the socket alive forever.
This bug can be (ab)used to consume all kernel memory
and freeze the host.
We need to purge the error queue, with proper synchronization
against concurrent writers.
Fixes: 24bcbe1cc69f ("net: stream: don't purge sk_error_queue in sk_stream_kill_queues()")
Reported-by: Changheon Lee <darklight2357@icloud.com>
Signed-off-by: Eric Dumazet <edumazet@google.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
net/core/stream.c | 6 ++++++
1 file changed, 6 insertions(+)
diff --git a/net/core/stream.c b/net/core/stream.c
index 7b411a91a81c..58755528d39e 100644
--- a/net/core/stream.c
+++ b/net/core/stream.c
@@ -196,6 +196,12 @@ void sk_stream_kill_queues(struct sock *sk)
/* First the read buffer. */
__skb_queue_purge(&sk->sk_receive_queue);
+ /* Next, the error queue.
+ * We need to use queue lock, because other threads might
+ * add packets to the queue without socket lock being held.
+ */
+ skb_queue_purge(&sk->sk_error_queue);
+
/* Next, the write queue. */
WARN_ON(!skb_queue_empty(&sk->sk_write_queue));
--
2.35.1
^ permalink raw reply related [flat|nested] 529+ messages in thread
* [PATCH 4.19 310/521] binfmt_misc: fix shift-out-of-bounds in check_special_flags
2023-01-16 15:44 [PATCH 4.19 000/521] 4.19.270-rc1 review Greg Kroah-Hartman
` (308 preceding siblings ...)
2023-01-16 15:49 ` [PATCH 4.19 309/521] net: stream: purge sk_error_queue in sk_stream_kill_queues() Greg Kroah-Hartman
@ 2023-01-16 15:49 ` Greg Kroah-Hartman
2023-01-16 15:49 ` [PATCH 4.19 311/521] fs: jfs: fix shift-out-of-bounds in dbAllocAG Greg Kroah-Hartman
` (214 subsequent siblings)
524 siblings, 0 replies; 529+ messages in thread
From: Greg Kroah-Hartman @ 2023-01-16 15:49 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Liu Shixin, Kees Cook, Sasha Levin
From: Liu Shixin <liushixin2@huawei.com>
[ Upstream commit 6a46bf558803dd2b959ca7435a5c143efe837217 ]
UBSAN reported a shift-out-of-bounds warning:
left shift of 1 by 31 places cannot be represented in type 'int'
Call Trace:
<TASK>
__dump_stack lib/dump_stack.c:88 [inline]
dump_stack_lvl+0x8d/0xcf lib/dump_stack.c:106
ubsan_epilogue+0xa/0x44 lib/ubsan.c:151
__ubsan_handle_shift_out_of_bounds+0x1e7/0x208 lib/ubsan.c:322
check_special_flags fs/binfmt_misc.c:241 [inline]
create_entry fs/binfmt_misc.c:456 [inline]
bm_register_write+0x9d3/0xa20 fs/binfmt_misc.c:654
vfs_write+0x11e/0x580 fs/read_write.c:582
ksys_write+0xcf/0x120 fs/read_write.c:637
do_syscall_x64 arch/x86/entry/common.c:50 [inline]
do_syscall_64+0x34/0x80 arch/x86/entry/common.c:80
entry_SYSCALL_64_after_hwframe+0x63/0xcd
RIP: 0033:0x4194e1
Since the type of Node's flags is unsigned long, we should define these
macros with same type too.
Signed-off-by: Liu Shixin <liushixin2@huawei.com>
Signed-off-by: Kees Cook <keescook@chromium.org>
Link: https://lore.kernel.org/r/20221102025123.1117184-1-liushixin2@huawei.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
fs/binfmt_misc.c | 8 ++++----
1 file changed, 4 insertions(+), 4 deletions(-)
diff --git a/fs/binfmt_misc.c b/fs/binfmt_misc.c
index 27a04f492541..8fe7edd2b001 100644
--- a/fs/binfmt_misc.c
+++ b/fs/binfmt_misc.c
@@ -42,10 +42,10 @@ static LIST_HEAD(entries);
static int enabled = 1;
enum {Enabled, Magic};
-#define MISC_FMT_PRESERVE_ARGV0 (1 << 31)
-#define MISC_FMT_OPEN_BINARY (1 << 30)
-#define MISC_FMT_CREDENTIALS (1 << 29)
-#define MISC_FMT_OPEN_FILE (1 << 28)
+#define MISC_FMT_PRESERVE_ARGV0 (1UL << 31)
+#define MISC_FMT_OPEN_BINARY (1UL << 30)
+#define MISC_FMT_CREDENTIALS (1UL << 29)
+#define MISC_FMT_OPEN_FILE (1UL << 28)
typedef struct {
struct list_head list;
--
2.35.1
^ permalink raw reply related [flat|nested] 529+ messages in thread
* [PATCH 4.19 311/521] fs: jfs: fix shift-out-of-bounds in dbAllocAG
2023-01-16 15:44 [PATCH 4.19 000/521] 4.19.270-rc1 review Greg Kroah-Hartman
` (309 preceding siblings ...)
2023-01-16 15:49 ` [PATCH 4.19 310/521] binfmt_misc: fix shift-out-of-bounds in check_special_flags Greg Kroah-Hartman
@ 2023-01-16 15:49 ` Greg Kroah-Hartman
2023-01-16 15:49 ` [PATCH 4.19 312/521] udf: Avoid double brelse() in udf_rename() Greg Kroah-Hartman
` (213 subsequent siblings)
524 siblings, 0 replies; 529+ messages in thread
From: Greg Kroah-Hartman @ 2023-01-16 15:49 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, syzbot+15342c1aa6a00fb7a438,
Dongliang Mu, Dave Kleikamp, Sasha Levin
From: Dongliang Mu <mudongliangabcd@gmail.com>
[ Upstream commit 898f706695682b9954f280d95e49fa86ffa55d08 ]
Syzbot found a crash : UBSAN: shift-out-of-bounds in dbAllocAG. The
underlying bug is the missing check of bmp->db_agl2size. The field can
be greater than 64 and trigger the shift-out-of-bounds.
Fix this bug by adding a check of bmp->db_agl2size in dbMount since this
field is used in many following functions. The upper bound for this
field is L2MAXL2SIZE - L2MAXAG, thanks for the help of Dave Kleikamp.
Note that, for maintenance, I reorganized error handling code of dbMount.
Reported-by: syzbot+15342c1aa6a00fb7a438@syzkaller.appspotmail.com
Signed-off-by: Dongliang Mu <mudongliangabcd@gmail.com>
Signed-off-by: Dave Kleikamp <dave.kleikamp@oracle.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
fs/jfs/jfs_dmap.c | 22 ++++++++++++++++------
1 file changed, 16 insertions(+), 6 deletions(-)
diff --git a/fs/jfs/jfs_dmap.c b/fs/jfs/jfs_dmap.c
index 1014f2a24697..4f72f7dee78b 100644
--- a/fs/jfs/jfs_dmap.c
+++ b/fs/jfs/jfs_dmap.c
@@ -168,7 +168,7 @@ int dbMount(struct inode *ipbmap)
struct bmap *bmp;
struct dbmap_disk *dbmp_le;
struct metapage *mp;
- int i;
+ int i, err;
/*
* allocate/initialize the in-memory bmap descriptor
@@ -183,8 +183,8 @@ int dbMount(struct inode *ipbmap)
BMAPBLKNO << JFS_SBI(ipbmap->i_sb)->l2nbperpage,
PSIZE, 0);
if (mp == NULL) {
- kfree(bmp);
- return -EIO;
+ err = -EIO;
+ goto err_kfree_bmp;
}
/* copy the on-disk bmap descriptor to its in-memory version. */
@@ -194,9 +194,8 @@ int dbMount(struct inode *ipbmap)
bmp->db_l2nbperpage = le32_to_cpu(dbmp_le->dn_l2nbperpage);
bmp->db_numag = le32_to_cpu(dbmp_le->dn_numag);
if (!bmp->db_numag) {
- release_metapage(mp);
- kfree(bmp);
- return -EINVAL;
+ err = -EINVAL;
+ goto err_release_metapage;
}
bmp->db_maxlevel = le32_to_cpu(dbmp_le->dn_maxlevel);
@@ -207,6 +206,11 @@ int dbMount(struct inode *ipbmap)
bmp->db_agwidth = le32_to_cpu(dbmp_le->dn_agwidth);
bmp->db_agstart = le32_to_cpu(dbmp_le->dn_agstart);
bmp->db_agl2size = le32_to_cpu(dbmp_le->dn_agl2size);
+ if (bmp->db_agl2size > L2MAXL2SIZE - L2MAXAG) {
+ err = -EINVAL;
+ goto err_release_metapage;
+ }
+
for (i = 0; i < MAXAG; i++)
bmp->db_agfree[i] = le64_to_cpu(dbmp_le->dn_agfree[i]);
bmp->db_agsize = le64_to_cpu(dbmp_le->dn_agsize);
@@ -227,6 +231,12 @@ int dbMount(struct inode *ipbmap)
BMAP_LOCK_INIT(bmp);
return (0);
+
+err_release_metapage:
+ release_metapage(mp);
+err_kfree_bmp:
+ kfree(bmp);
+ return err;
}
--
2.35.1
^ permalink raw reply related [flat|nested] 529+ messages in thread
* [PATCH 4.19 312/521] udf: Avoid double brelse() in udf_rename()
2023-01-16 15:44 [PATCH 4.19 000/521] 4.19.270-rc1 review Greg Kroah-Hartman
` (310 preceding siblings ...)
2023-01-16 15:49 ` [PATCH 4.19 311/521] fs: jfs: fix shift-out-of-bounds in dbAllocAG Greg Kroah-Hartman
@ 2023-01-16 15:49 ` Greg Kroah-Hartman
2023-01-16 15:49 ` [PATCH 4.19 313/521] fs: jfs: fix shift-out-of-bounds in dbDiscardAG Greg Kroah-Hartman
` (212 subsequent siblings)
524 siblings, 0 replies; 529+ messages in thread
From: Greg Kroah-Hartman @ 2023-01-16 15:49 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, syzbot+7902cd7684bc35306224,
Shigeru Yoshida, Jan Kara, Sasha Levin
From: Shigeru Yoshida <syoshida@redhat.com>
[ Upstream commit c791730f2554a9ebb8f18df9368dc27d4ebc38c2 ]
syzbot reported a warning like below [1]:
VFS: brelse: Trying to free free buffer
WARNING: CPU: 2 PID: 7301 at fs/buffer.c:1145 __brelse+0x67/0xa0
...
Call Trace:
<TASK>
invalidate_bh_lru+0x99/0x150
smp_call_function_many_cond+0xe2a/0x10c0
? generic_remap_file_range_prep+0x50/0x50
? __brelse+0xa0/0xa0
? __mutex_lock+0x21c/0x12d0
? smp_call_on_cpu+0x250/0x250
? rcu_read_lock_sched_held+0xb/0x60
? lock_release+0x587/0x810
? __brelse+0xa0/0xa0
? generic_remap_file_range_prep+0x50/0x50
on_each_cpu_cond_mask+0x3c/0x80
blkdev_flush_mapping+0x13a/0x2f0
blkdev_put_whole+0xd3/0xf0
blkdev_put+0x222/0x760
deactivate_locked_super+0x96/0x160
deactivate_super+0xda/0x100
cleanup_mnt+0x222/0x3d0
task_work_run+0x149/0x240
? task_work_cancel+0x30/0x30
do_exit+0xb29/0x2a40
? reacquire_held_locks+0x4a0/0x4a0
? do_raw_spin_lock+0x12a/0x2b0
? mm_update_next_owner+0x7c0/0x7c0
? rwlock_bug.part.0+0x90/0x90
? zap_other_threads+0x234/0x2d0
do_group_exit+0xd0/0x2a0
__x64_sys_exit_group+0x3a/0x50
do_syscall_64+0x34/0xb0
entry_SYSCALL_64_after_hwframe+0x63/0xcd
The cause of the issue is that brelse() is called on both ofibh.sbh
and ofibh.ebh by udf_find_entry() when it returns NULL. However,
brelse() is called by udf_rename(), too. So, b_count on buffer_head
becomes unbalanced.
This patch fixes the issue by not calling brelse() by udf_rename()
when udf_find_entry() returns NULL.
Link: https://syzkaller.appspot.com/bug?id=8297f45698159c6bca8a1f87dc983667c1a1c851 [1]
Reported-by: syzbot+7902cd7684bc35306224@syzkaller.appspotmail.com
Signed-off-by: Shigeru Yoshida <syoshida@redhat.com>
Signed-off-by: Jan Kara <jack@suse.cz>
Link: https://lore.kernel.org/r/20221023095741.271430-1-syoshida@redhat.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
fs/udf/namei.c | 8 ++++----
1 file changed, 4 insertions(+), 4 deletions(-)
diff --git a/fs/udf/namei.c b/fs/udf/namei.c
index d13ded8e2c30..ef251622da13 100644
--- a/fs/udf/namei.c
+++ b/fs/udf/namei.c
@@ -1106,8 +1106,9 @@ static int udf_rename(struct inode *old_dir, struct dentry *old_dentry,
return -EINVAL;
ofi = udf_find_entry(old_dir, &old_dentry->d_name, &ofibh, &ocfi);
- if (IS_ERR(ofi)) {
- retval = PTR_ERR(ofi);
+ if (!ofi || IS_ERR(ofi)) {
+ if (IS_ERR(ofi))
+ retval = PTR_ERR(ofi);
goto end_rename;
}
@@ -1116,8 +1117,7 @@ static int udf_rename(struct inode *old_dir, struct dentry *old_dentry,
brelse(ofibh.sbh);
tloc = lelb_to_cpu(ocfi.icb.extLocation);
- if (!ofi || udf_get_lb_pblock(old_dir->i_sb, &tloc, 0)
- != old_inode->i_ino)
+ if (udf_get_lb_pblock(old_dir->i_sb, &tloc, 0) != old_inode->i_ino)
goto end_rename;
nfi = udf_find_entry(new_dir, &new_dentry->d_name, &nfibh, &ncfi);
--
2.35.1
^ permalink raw reply related [flat|nested] 529+ messages in thread
* [PATCH 4.19 313/521] fs: jfs: fix shift-out-of-bounds in dbDiscardAG
2023-01-16 15:44 [PATCH 4.19 000/521] 4.19.270-rc1 review Greg Kroah-Hartman
` (311 preceding siblings ...)
2023-01-16 15:49 ` [PATCH 4.19 312/521] udf: Avoid double brelse() in udf_rename() Greg Kroah-Hartman
@ 2023-01-16 15:49 ` Greg Kroah-Hartman
2023-01-16 15:49 ` [PATCH 4.19 314/521] ACPICA: Fix error code path in acpi_ds_call_control_method() Greg Kroah-Hartman
` (211 subsequent siblings)
524 siblings, 0 replies; 529+ messages in thread
From: Greg Kroah-Hartman @ 2023-01-16 15:49 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Hoi Pok Wu, Dave Kleikamp, Sasha Levin
From: Hoi Pok Wu <wuhoipok@gmail.com>
[ Upstream commit 25e70c6162f207828dd405b432d8f2a98dbf7082 ]
This should be applied to most URSAN bugs found recently by syzbot,
by guarding the dbMount. As syzbot feeding rubbish into the bmap
descriptor.
Signed-off-by: Hoi Pok Wu <wuhoipok@gmail.com>
Signed-off-by: Dave Kleikamp <dave.kleikamp@oracle.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
fs/jfs/jfs_dmap.c | 5 +++++
1 file changed, 5 insertions(+)
diff --git a/fs/jfs/jfs_dmap.c b/fs/jfs/jfs_dmap.c
index 4f72f7dee78b..f06796cad9aa 100644
--- a/fs/jfs/jfs_dmap.c
+++ b/fs/jfs/jfs_dmap.c
@@ -211,6 +211,11 @@ int dbMount(struct inode *ipbmap)
goto err_release_metapage;
}
+ if (((bmp->db_mapsize - 1) >> bmp->db_agl2size) > MAXAG) {
+ err = -EINVAL;
+ goto err_release_metapage;
+ }
+
for (i = 0; i < MAXAG; i++)
bmp->db_agfree[i] = le64_to_cpu(dbmp_le->dn_agfree[i]);
bmp->db_agsize = le64_to_cpu(dbmp_le->dn_agsize);
--
2.35.1
^ permalink raw reply related [flat|nested] 529+ messages in thread
* [PATCH 4.19 314/521] ACPICA: Fix error code path in acpi_ds_call_control_method()
2023-01-16 15:44 [PATCH 4.19 000/521] 4.19.270-rc1 review Greg Kroah-Hartman
` (312 preceding siblings ...)
2023-01-16 15:49 ` [PATCH 4.19 313/521] fs: jfs: fix shift-out-of-bounds in dbDiscardAG Greg Kroah-Hartman
@ 2023-01-16 15:49 ` Greg Kroah-Hartman
2023-01-16 15:49 ` [PATCH 4.19 315/521] nilfs2: fix shift-out-of-bounds/overflow in nilfs_sb2_bad_offset() Greg Kroah-Hartman
` (210 subsequent siblings)
524 siblings, 0 replies; 529+ messages in thread
From: Greg Kroah-Hartman @ 2023-01-16 15:49 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Chen Zhongjin, Rafael J. Wysocki,
Sasha Levin
From: Rafael J. Wysocki <rafael.j.wysocki@intel.com>
[ Upstream commit 404ec60438add1afadaffaed34bb5fe4ddcadd40 ]
A use-after-free in acpi_ps_parse_aml() after a failing invocaion of
acpi_ds_call_control_method() is reported by KASAN [1] and code
inspection reveals that next_walk_state pushed to the thread by
acpi_ds_create_walk_state() is freed on errors, but it is not popped
from the thread beforehand. Thus acpi_ds_get_current_walk_state()
called by acpi_ps_parse_aml() subsequently returns it as the new
walk state which is incorrect.
To address this, make acpi_ds_call_control_method() call
acpi_ds_pop_walk_state() to pop next_walk_state from the thread before
returning an error.
Link: https://lore.kernel.org/linux-acpi/20221019073443.248215-1-chenzhongjin@huawei.com/ # [1]
Reported-by: Chen Zhongjin <chenzhongjin@huawei.com>
Signed-off-by: Rafael J. Wysocki <rafael.j.wysocki@intel.com>
Reviewed-by: Chen Zhongjin <chenzhongjin@huawei.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/acpi/acpica/dsmethod.c | 10 ++++++++--
1 file changed, 8 insertions(+), 2 deletions(-)
diff --git a/drivers/acpi/acpica/dsmethod.c b/drivers/acpi/acpica/dsmethod.c
index dd4deb678d13..a00516d9538c 100644
--- a/drivers/acpi/acpica/dsmethod.c
+++ b/drivers/acpi/acpica/dsmethod.c
@@ -517,7 +517,7 @@ acpi_ds_call_control_method(struct acpi_thread_state *thread,
info = ACPI_ALLOCATE_ZEROED(sizeof(struct acpi_evaluate_info));
if (!info) {
status = AE_NO_MEMORY;
- goto cleanup;
+ goto pop_walk_state;
}
info->parameters = &this_walk_state->operands[0];
@@ -529,7 +529,7 @@ acpi_ds_call_control_method(struct acpi_thread_state *thread,
ACPI_FREE(info);
if (ACPI_FAILURE(status)) {
- goto cleanup;
+ goto pop_walk_state;
}
/*
@@ -561,6 +561,12 @@ acpi_ds_call_control_method(struct acpi_thread_state *thread,
return_ACPI_STATUS(status);
+pop_walk_state:
+
+ /* On error, pop the walk state to be deleted from thread */
+
+ acpi_ds_pop_walk_state(thread);
+
cleanup:
/* On error, we must terminate the method properly */
--
2.35.1
^ permalink raw reply related [flat|nested] 529+ messages in thread
* [PATCH 4.19 315/521] nilfs2: fix shift-out-of-bounds/overflow in nilfs_sb2_bad_offset()
2023-01-16 15:44 [PATCH 4.19 000/521] 4.19.270-rc1 review Greg Kroah-Hartman
` (313 preceding siblings ...)
2023-01-16 15:49 ` [PATCH 4.19 314/521] ACPICA: Fix error code path in acpi_ds_call_control_method() Greg Kroah-Hartman
@ 2023-01-16 15:49 ` Greg Kroah-Hartman
2023-01-16 15:49 ` [PATCH 4.19 316/521] acct: fix potential integer overflow in encode_comp_t() Greg Kroah-Hartman
` (209 subsequent siblings)
524 siblings, 0 replies; 529+ messages in thread
From: Greg Kroah-Hartman @ 2023-01-16 15:49 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Ryusuke Konishi,
syzbot+e91619dd4c11c4960706, Andrew Morton, Sasha Levin
From: Ryusuke Konishi <konishi.ryusuke@gmail.com>
[ Upstream commit 610a2a3d7d8be3537458a378ec69396a76c385b6 ]
Patch series "nilfs2: fix UBSAN shift-out-of-bounds warnings on mount
time".
The first patch fixes a bug reported by syzbot, and the second one fixes
the remaining bug of the same kind. Although they are triggered by the
same super block data anomaly, I divided it into the above two because the
details of the issues and how to fix it are different.
Both are required to eliminate the shift-out-of-bounds issues at mount
time.
This patch (of 2):
If the block size exponent information written in an on-disk superblock is
corrupted, nilfs_sb2_bad_offset helper function can trigger
shift-out-of-bounds warning followed by a kernel panic (if panic_on_warn
is set):
shift exponent 38983 is too large for 64-bit type 'unsigned long long'
Call Trace:
<TASK>
__dump_stack lib/dump_stack.c:88 [inline]
dump_stack_lvl+0x1b1/0x28e lib/dump_stack.c:106
ubsan_epilogue lib/ubsan.c:151 [inline]
__ubsan_handle_shift_out_of_bounds+0x33d/0x3b0 lib/ubsan.c:322
nilfs_sb2_bad_offset fs/nilfs2/the_nilfs.c:449 [inline]
nilfs_load_super_block+0xdf5/0xe00 fs/nilfs2/the_nilfs.c:523
init_nilfs+0xb7/0x7d0 fs/nilfs2/the_nilfs.c:577
nilfs_fill_super+0xb1/0x5d0 fs/nilfs2/super.c:1047
nilfs_mount+0x613/0x9b0 fs/nilfs2/super.c:1317
...
In addition, since nilfs_sb2_bad_offset() performs multiplication without
considering the upper bound, the computation may overflow if the disk
layout parameters are not normal.
This fixes these issues by inserting preliminary sanity checks for those
parameters and by converting the comparison from one involving
multiplication and left bit-shifting to one using division and right
bit-shifting.
Link: https://lkml.kernel.org/r/20221027044306.42774-1-konishi.ryusuke@gmail.com
Link: https://lkml.kernel.org/r/20221027044306.42774-2-konishi.ryusuke@gmail.com
Signed-off-by: Ryusuke Konishi <konishi.ryusuke@gmail.com>
Reported-by: syzbot+e91619dd4c11c4960706@syzkaller.appspotmail.com
Tested-by: Ryusuke Konishi <konishi.ryusuke@gmail.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
fs/nilfs2/the_nilfs.c | 31 +++++++++++++++++++++++++++----
1 file changed, 27 insertions(+), 4 deletions(-)
diff --git a/fs/nilfs2/the_nilfs.c b/fs/nilfs2/the_nilfs.c
index fb61c33c6004..74ef3d313686 100644
--- a/fs/nilfs2/the_nilfs.c
+++ b/fs/nilfs2/the_nilfs.c
@@ -13,6 +13,7 @@
#include <linux/blkdev.h>
#include <linux/backing-dev.h>
#include <linux/random.h>
+#include <linux/log2.h>
#include <linux/crc32.h>
#include "nilfs.h"
#include "segment.h"
@@ -448,11 +449,33 @@ static int nilfs_valid_sb(struct nilfs_super_block *sbp)
return crc == le32_to_cpu(sbp->s_sum);
}
-static int nilfs_sb2_bad_offset(struct nilfs_super_block *sbp, u64 offset)
+/**
+ * nilfs_sb2_bad_offset - check the location of the second superblock
+ * @sbp: superblock raw data buffer
+ * @offset: byte offset of second superblock calculated from device size
+ *
+ * nilfs_sb2_bad_offset() checks if the position on the second
+ * superblock is valid or not based on the filesystem parameters
+ * stored in @sbp. If @offset points to a location within the segment
+ * area, or if the parameters themselves are not normal, it is
+ * determined to be invalid.
+ *
+ * Return Value: true if invalid, false if valid.
+ */
+static bool nilfs_sb2_bad_offset(struct nilfs_super_block *sbp, u64 offset)
{
- return offset < ((le64_to_cpu(sbp->s_nsegments) *
- le32_to_cpu(sbp->s_blocks_per_segment)) <<
- (le32_to_cpu(sbp->s_log_block_size) + 10));
+ unsigned int shift_bits = le32_to_cpu(sbp->s_log_block_size);
+ u32 blocks_per_segment = le32_to_cpu(sbp->s_blocks_per_segment);
+ u64 nsegments = le64_to_cpu(sbp->s_nsegments);
+ u64 index;
+
+ if (blocks_per_segment < NILFS_SEG_MIN_BLOCKS ||
+ shift_bits > ilog2(NILFS_MAX_BLOCK_SIZE) - BLOCK_SIZE_BITS)
+ return true;
+
+ index = offset >> (shift_bits + BLOCK_SIZE_BITS);
+ do_div(index, blocks_per_segment);
+ return index < nsegments;
}
static void nilfs_release_super_block(struct the_nilfs *nilfs)
--
2.35.1
^ permalink raw reply related [flat|nested] 529+ messages in thread
* [PATCH 4.19 316/521] acct: fix potential integer overflow in encode_comp_t()
2023-01-16 15:44 [PATCH 4.19 000/521] 4.19.270-rc1 review Greg Kroah-Hartman
` (314 preceding siblings ...)
2023-01-16 15:49 ` [PATCH 4.19 315/521] nilfs2: fix shift-out-of-bounds/overflow in nilfs_sb2_bad_offset() Greg Kroah-Hartman
@ 2023-01-16 15:49 ` Greg Kroah-Hartman
2023-01-16 15:49 ` [PATCH 4.19 317/521] hfs: fix OOB Read in __hfs_brec_find Greg Kroah-Hartman
` (208 subsequent siblings)
524 siblings, 0 replies; 529+ messages in thread
From: Greg Kroah-Hartman @ 2023-01-16 15:49 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Zheng Yejian, Hanjun Guo,
Randy Dunlap, Vlastimil Babka, Zhang Jinhao, Andrew Morton,
Sasha Levin
From: Zheng Yejian <zhengyejian1@huawei.com>
[ Upstream commit c5f31c655bcc01b6da53b836ac951c1556245305 ]
The integer overflow is descripted with following codes:
> 317 static comp_t encode_comp_t(u64 value)
> 318 {
> 319 int exp, rnd;
......
> 341 exp <<= MANTSIZE;
> 342 exp += value;
> 343 return exp;
> 344 }
Currently comp_t is defined as type of '__u16', but the variable 'exp' is
type of 'int', so overflow would happen when variable 'exp' in line 343 is
greater than 65535.
Link: https://lkml.kernel.org/r/20210515140631.369106-3-zhengyejian1@huawei.com
Signed-off-by: Zheng Yejian <zhengyejian1@huawei.com>
Cc: Hanjun Guo <guohanjun@huawei.com>
Cc: Randy Dunlap <rdunlap@infradead.org>
Cc: Vlastimil Babka <vbabka@suse.cz>
Cc: Zhang Jinhao <zhangjinhao2@huawei.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
kernel/acct.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/kernel/acct.c b/kernel/acct.c
index 81f9831a7859..6d98aed403ba 100644
--- a/kernel/acct.c
+++ b/kernel/acct.c
@@ -331,6 +331,8 @@ static comp_t encode_comp_t(unsigned long value)
exp++;
}
+ if (exp > (((comp_t) ~0U) >> MANTSIZE))
+ return (comp_t) ~0U;
/*
* Clean it up and polish it off.
*/
--
2.35.1
^ permalink raw reply related [flat|nested] 529+ messages in thread
* [PATCH 4.19 317/521] hfs: fix OOB Read in __hfs_brec_find
2023-01-16 15:44 [PATCH 4.19 000/521] 4.19.270-rc1 review Greg Kroah-Hartman
` (315 preceding siblings ...)
2023-01-16 15:49 ` [PATCH 4.19 316/521] acct: fix potential integer overflow in encode_comp_t() Greg Kroah-Hartman
@ 2023-01-16 15:49 ` Greg Kroah-Hartman
2023-01-16 15:49 ` [PATCH 4.19 318/521] wifi: ath9k: verify the expected usb_endpoints are present Greg Kroah-Hartman
` (207 subsequent siblings)
524 siblings, 0 replies; 529+ messages in thread
From: Greg Kroah-Hartman @ 2023-01-16 15:49 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, ZhangPeng,
syzbot+e836ff7133ac02be825f, Damien Le Moal, Ira Weiny,
Jeff Layton, Kefeng Wang, Matthew Wilcox, Nanyong Sun,
Viacheslav Dubeyko, Andrew Morton, Sasha Levin
From: ZhangPeng <zhangpeng362@huawei.com>
[ Upstream commit 8d824e69d9f3fa3121b2dda25053bae71e2460d2 ]
Syzbot reported a OOB read bug:
==================================================================
BUG: KASAN: slab-out-of-bounds in hfs_strcmp+0x117/0x190
fs/hfs/string.c:84
Read of size 1 at addr ffff88807eb62c4e by task kworker/u4:1/11
CPU: 1 PID: 11 Comm: kworker/u4:1 Not tainted
6.1.0-rc6-syzkaller-00308-g644e9524388a #0
Workqueue: writeback wb_workfn (flush-7:0)
Call Trace:
<TASK>
__dump_stack lib/dump_stack.c:88 [inline]
dump_stack_lvl+0x1b1/0x28e lib/dump_stack.c:106
print_address_description+0x74/0x340 mm/kasan/report.c:284
print_report+0x107/0x1f0 mm/kasan/report.c:395
kasan_report+0xcd/0x100 mm/kasan/report.c:495
hfs_strcmp+0x117/0x190 fs/hfs/string.c:84
__hfs_brec_find+0x213/0x5c0 fs/hfs/bfind.c:75
hfs_brec_find+0x276/0x520 fs/hfs/bfind.c:138
hfs_write_inode+0x34c/0xb40 fs/hfs/inode.c:462
write_inode fs/fs-writeback.c:1440 [inline]
If the input inode of hfs_write_inode() is incorrect:
struct inode
struct hfs_inode_info
struct hfs_cat_key
struct hfs_name
u8 len # len is greater than HFS_NAMELEN(31) which is the
maximum length of an HFS filename
OOB read occurred:
hfs_write_inode()
hfs_brec_find()
__hfs_brec_find()
hfs_cat_keycmp()
hfs_strcmp() # OOB read occurred due to len is too large
Fix this by adding a Check on len in hfs_write_inode() before calling
hfs_brec_find().
Link: https://lkml.kernel.org/r/20221130065959.2168236-1-zhangpeng362@huawei.com
Signed-off-by: ZhangPeng <zhangpeng362@huawei.com>
Reported-by: <syzbot+e836ff7133ac02be825f@syzkaller.appspotmail.com>
Cc: Damien Le Moal <damien.lemoal@opensource.wdc.com>
Cc: Ira Weiny <ira.weiny@intel.com>
Cc: Jeff Layton <jlayton@kernel.org>
Cc: Kefeng Wang <wangkefeng.wang@huawei.com>
Cc: Matthew Wilcox <willy@infradead.org>
Cc: Nanyong Sun <sunnanyong@huawei.com>
Cc: Viacheslav Dubeyko <slava@dubeyko.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
fs/hfs/inode.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/fs/hfs/inode.c b/fs/hfs/inode.c
index da243c84e93b..9c5badc9db00 100644
--- a/fs/hfs/inode.c
+++ b/fs/hfs/inode.c
@@ -453,6 +453,8 @@ int hfs_write_inode(struct inode *inode, struct writeback_control *wbc)
/* panic? */
return -EIO;
+ if (HFS_I(main_inode)->cat_key.CName.len > HFS_NAMELEN)
+ return -EIO;
fd.search_key->cat = HFS_I(main_inode)->cat_key;
if (hfs_brec_find(&fd))
/* panic? */
--
2.35.1
^ permalink raw reply related [flat|nested] 529+ messages in thread
* [PATCH 4.19 318/521] wifi: ath9k: verify the expected usb_endpoints are present
2023-01-16 15:44 [PATCH 4.19 000/521] 4.19.270-rc1 review Greg Kroah-Hartman
` (316 preceding siblings ...)
2023-01-16 15:49 ` [PATCH 4.19 317/521] hfs: fix OOB Read in __hfs_brec_find Greg Kroah-Hartman
@ 2023-01-16 15:49 ` Greg Kroah-Hartman
2023-01-16 15:49 ` [PATCH 4.19 319/521] wifi: ar5523: Fix use-after-free on ar5523_cmd() timed out Greg Kroah-Hartman
` (206 subsequent siblings)
524 siblings, 0 replies; 529+ messages in thread
From: Greg Kroah-Hartman @ 2023-01-16 15:49 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Alan Stern, Fedor Pchelkin,
Alexey Khoroshilov, Toke Høiland-Jørgensen, Kalle Valo,
Sasha Levin
From: Fedor Pchelkin <pchelkin@ispras.ru>
[ Upstream commit 16ef02bad239f11f322df8425d302be62f0443ce ]
The bug arises when a USB device claims to be an ATH9K but doesn't
have the expected endpoints. (In this case there was an interrupt
endpoint where the driver expected a bulk endpoint.) The kernel
needs to be able to handle such devices without getting an internal error.
usb 1-1: BOGUS urb xfer, pipe 3 != type 1
WARNING: CPU: 3 PID: 500 at drivers/usb/core/urb.c:493 usb_submit_urb+0xce2/0x1430 drivers/usb/core/urb.c:493
Modules linked in:
CPU: 3 PID: 500 Comm: kworker/3:2 Not tainted 5.10.135-syzkaller #0
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
Workqueue: events request_firmware_work_func
RIP: 0010:usb_submit_urb+0xce2/0x1430 drivers/usb/core/urb.c:493
Call Trace:
ath9k_hif_usb_alloc_rx_urbs drivers/net/wireless/ath/ath9k/hif_usb.c:908 [inline]
ath9k_hif_usb_alloc_urbs+0x75e/0x1010 drivers/net/wireless/ath/ath9k/hif_usb.c:1019
ath9k_hif_usb_dev_init drivers/net/wireless/ath/ath9k/hif_usb.c:1109 [inline]
ath9k_hif_usb_firmware_cb+0x142/0x530 drivers/net/wireless/ath/ath9k/hif_usb.c:1242
request_firmware_work_func+0x12e/0x240 drivers/base/firmware_loader/main.c:1097
process_one_work+0x9af/0x1600 kernel/workqueue.c:2279
worker_thread+0x61d/0x12f0 kernel/workqueue.c:2425
kthread+0x3b4/0x4a0 kernel/kthread.c:313
ret_from_fork+0x22/0x30 arch/x86/entry/entry_64.S:299
Found by Linux Verification Center (linuxtesting.org) with Syzkaller.
Suggested-by: Alan Stern <stern@rowland.harvard.edu>
Signed-off-by: Fedor Pchelkin <pchelkin@ispras.ru>
Signed-off-by: Alexey Khoroshilov <khoroshilov@ispras.ru>
Acked-by: Toke Høiland-Jørgensen <toke@toke.dk>
Signed-off-by: Kalle Valo <quic_kvalo@quicinc.com>
Link: https://lore.kernel.org/r/20221008211532.74583-1-pchelkin@ispras.ru
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/wireless/ath/ath9k/hif_usb.c | 14 ++++++++++++++
1 file changed, 14 insertions(+)
diff --git a/drivers/net/wireless/ath/ath9k/hif_usb.c b/drivers/net/wireless/ath/ath9k/hif_usb.c
index d872459c51cc..8a18a33b5b59 100644
--- a/drivers/net/wireless/ath/ath9k/hif_usb.c
+++ b/drivers/net/wireless/ath/ath9k/hif_usb.c
@@ -1328,10 +1328,24 @@ static int send_eject_command(struct usb_interface *interface)
static int ath9k_hif_usb_probe(struct usb_interface *interface,
const struct usb_device_id *id)
{
+ struct usb_endpoint_descriptor *bulk_in, *bulk_out, *int_in, *int_out;
struct usb_device *udev = interface_to_usbdev(interface);
+ struct usb_host_interface *alt;
struct hif_device_usb *hif_dev;
int ret = 0;
+ /* Verify the expected endpoints are present */
+ alt = interface->cur_altsetting;
+ if (usb_find_common_endpoints(alt, &bulk_in, &bulk_out, &int_in, &int_out) < 0 ||
+ usb_endpoint_num(bulk_in) != USB_WLAN_RX_PIPE ||
+ usb_endpoint_num(bulk_out) != USB_WLAN_TX_PIPE ||
+ usb_endpoint_num(int_in) != USB_REG_IN_PIPE ||
+ usb_endpoint_num(int_out) != USB_REG_OUT_PIPE) {
+ dev_err(&udev->dev,
+ "ath9k_htc: Device endpoint numbers are not the expected ones\n");
+ return -ENODEV;
+ }
+
if (id->driver_info == STORAGE_DEVICE)
return send_eject_command(interface);
--
2.35.1
^ permalink raw reply related [flat|nested] 529+ messages in thread
* [PATCH 4.19 319/521] wifi: ar5523: Fix use-after-free on ar5523_cmd() timed out
2023-01-16 15:44 [PATCH 4.19 000/521] 4.19.270-rc1 review Greg Kroah-Hartman
` (317 preceding siblings ...)
2023-01-16 15:49 ` [PATCH 4.19 318/521] wifi: ath9k: verify the expected usb_endpoints are present Greg Kroah-Hartman
@ 2023-01-16 15:49 ` Greg Kroah-Hartman
2023-01-16 15:49 ` [PATCH 4.19 320/521] ASoC: codecs: rt298: Add quirk for KBL-R RVP platform Greg Kroah-Hartman
` (205 subsequent siblings)
524 siblings, 0 replies; 529+ messages in thread
From: Greg Kroah-Hartman @ 2023-01-16 15:49 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, syzbot+95001b1fd6dfcc716c29,
Shigeru Yoshida, Kalle Valo, Sasha Levin
From: Shigeru Yoshida <syoshida@redhat.com>
[ Upstream commit b6702a942a069c2a975478d719e98d83cdae1797 ]
syzkaller reported use-after-free with the stack trace like below [1]:
[ 38.960489][ C3] ==================================================================
[ 38.963216][ C3] BUG: KASAN: use-after-free in ar5523_cmd_tx_cb+0x220/0x240
[ 38.964950][ C3] Read of size 8 at addr ffff888048e03450 by task swapper/3/0
[ 38.966363][ C3]
[ 38.967053][ C3] CPU: 3 PID: 0 Comm: swapper/3 Not tainted 6.0.0-09039-ga6afa4199d3d-dirty #18
[ 38.968464][ C3] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.0-1.fc36 04/01/2014
[ 38.969959][ C3] Call Trace:
[ 38.970841][ C3] <IRQ>
[ 38.971663][ C3] dump_stack_lvl+0xfc/0x174
[ 38.972620][ C3] print_report.cold+0x2c3/0x752
[ 38.973626][ C3] ? ar5523_cmd_tx_cb+0x220/0x240
[ 38.974644][ C3] kasan_report+0xb1/0x1d0
[ 38.975720][ C3] ? ar5523_cmd_tx_cb+0x220/0x240
[ 38.976831][ C3] ar5523_cmd_tx_cb+0x220/0x240
[ 38.978412][ C3] __usb_hcd_giveback_urb+0x353/0x5b0
[ 38.979755][ C3] usb_hcd_giveback_urb+0x385/0x430
[ 38.981266][ C3] dummy_timer+0x140c/0x34e0
[ 38.982925][ C3] ? notifier_call_chain+0xb5/0x1e0
[ 38.984761][ C3] ? rcu_read_lock_sched_held+0xb/0x60
[ 38.986242][ C3] ? lock_release+0x51c/0x790
[ 38.987323][ C3] ? _raw_read_unlock_irqrestore+0x37/0x70
[ 38.988483][ C3] ? __wake_up_common_lock+0xde/0x130
[ 38.989621][ C3] ? reacquire_held_locks+0x4a0/0x4a0
[ 38.990777][ C3] ? lock_acquire+0x472/0x550
[ 38.991919][ C3] ? rcu_read_lock_sched_held+0xb/0x60
[ 38.993138][ C3] ? lock_acquire+0x472/0x550
[ 38.994890][ C3] ? dummy_urb_enqueue+0x860/0x860
[ 38.996266][ C3] ? do_raw_spin_unlock+0x16f/0x230
[ 38.997670][ C3] ? dummy_urb_enqueue+0x860/0x860
[ 38.999116][ C3] call_timer_fn+0x1a0/0x6a0
[ 39.000668][ C3] ? add_timer_on+0x4a0/0x4a0
[ 39.002137][ C3] ? reacquire_held_locks+0x4a0/0x4a0
[ 39.003809][ C3] ? __next_timer_interrupt+0x226/0x2a0
[ 39.005509][ C3] __run_timers.part.0+0x69a/0xac0
[ 39.007025][ C3] ? dummy_urb_enqueue+0x860/0x860
[ 39.008716][ C3] ? call_timer_fn+0x6a0/0x6a0
[ 39.010254][ C3] ? cpuacct_percpu_seq_show+0x10/0x10
[ 39.011795][ C3] ? kvm_sched_clock_read+0x14/0x40
[ 39.013277][ C3] ? sched_clock_cpu+0x69/0x2b0
[ 39.014724][ C3] run_timer_softirq+0xb6/0x1d0
[ 39.016196][ C3] __do_softirq+0x1d2/0x9be
[ 39.017616][ C3] __irq_exit_rcu+0xeb/0x190
[ 39.019004][ C3] irq_exit_rcu+0x5/0x20
[ 39.020361][ C3] sysvec_apic_timer_interrupt+0x8f/0xb0
[ 39.021965][ C3] </IRQ>
[ 39.023237][ C3] <TASK>
In ar5523_probe(), ar5523_host_available() calls ar5523_cmd() as below
(there are other functions which finally call ar5523_cmd()):
ar5523_probe()
-> ar5523_host_available()
-> ar5523_cmd_read()
-> ar5523_cmd()
If ar5523_cmd() timed out, then ar5523_host_available() failed and
ar5523_probe() freed the device structure. So, ar5523_cmd_tx_cb()
might touch the freed structure.
This patch fixes this issue by canceling in-flight tx cmd if submitted
urb timed out.
Link: https://syzkaller.appspot.com/bug?id=9e12b2d54300842b71bdd18b54971385ff0d0d3a [1]
Reported-by: syzbot+95001b1fd6dfcc716c29@syzkaller.appspotmail.com
Signed-off-by: Shigeru Yoshida <syoshida@redhat.com>
Signed-off-by: Kalle Valo <quic_kvalo@quicinc.com>
Link: https://lore.kernel.org/r/20221009183223.420015-1-syoshida@redhat.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/wireless/ath/ar5523/ar5523.c | 6 ++++++
1 file changed, 6 insertions(+)
diff --git a/drivers/net/wireless/ath/ar5523/ar5523.c b/drivers/net/wireless/ath/ar5523/ar5523.c
index 58e189ec672f..5d3cf354f6cb 100644
--- a/drivers/net/wireless/ath/ar5523/ar5523.c
+++ b/drivers/net/wireless/ath/ar5523/ar5523.c
@@ -241,6 +241,11 @@ static void ar5523_cmd_tx_cb(struct urb *urb)
}
}
+static void ar5523_cancel_tx_cmd(struct ar5523 *ar)
+{
+ usb_kill_urb(ar->tx_cmd.urb_tx);
+}
+
static int ar5523_cmd(struct ar5523 *ar, u32 code, const void *idata,
int ilen, void *odata, int olen, int flags)
{
@@ -280,6 +285,7 @@ static int ar5523_cmd(struct ar5523 *ar, u32 code, const void *idata,
}
if (!wait_for_completion_timeout(&cmd->done, 2 * HZ)) {
+ ar5523_cancel_tx_cmd(ar);
cmd->odata = NULL;
ar5523_err(ar, "timeout waiting for command %02x reply\n",
code);
--
2.35.1
^ permalink raw reply related [flat|nested] 529+ messages in thread
* [PATCH 4.19 320/521] ASoC: codecs: rt298: Add quirk for KBL-R RVP platform
2023-01-16 15:44 [PATCH 4.19 000/521] 4.19.270-rc1 review Greg Kroah-Hartman
` (318 preceding siblings ...)
2023-01-16 15:49 ` [PATCH 4.19 319/521] wifi: ar5523: Fix use-after-free on ar5523_cmd() timed out Greg Kroah-Hartman
@ 2023-01-16 15:49 ` Greg Kroah-Hartman
2023-01-16 15:49 ` [PATCH 4.19 321/521] ipmi: fix memleak when unload ipmi driver Greg Kroah-Hartman
` (204 subsequent siblings)
524 siblings, 0 replies; 529+ messages in thread
From: Greg Kroah-Hartman @ 2023-01-16 15:49 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Amadeusz Sławiński,
Cezary Rojewski, Mark Brown, Sasha Levin
From: Amadeusz Sławiński <amadeuszx.slawinski@linux.intel.com>
[ Upstream commit 953dbd1cef18ce9ac0d69c1bd735b929fe52a17e ]
KBL-R RVP platforms also use combojack, so we need to enable that
configuration for them.
Signed-off-by: Amadeusz Sławiński <amadeuszx.slawinski@linux.intel.com>
Signed-off-by: Cezary Rojewski <cezary.rojewski@intel.com>
Link: https://lore.kernel.org/r/20221010121955.718168-4-cezary.rojewski@intel.com
Signed-off-by: Mark Brown <broonie@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
sound/soc/codecs/rt298.c | 7 +++++++
1 file changed, 7 insertions(+)
diff --git a/sound/soc/codecs/rt298.c b/sound/soc/codecs/rt298.c
index 06cdba4edfe2..3181b91a025b 100644
--- a/sound/soc/codecs/rt298.c
+++ b/sound/soc/codecs/rt298.c
@@ -1169,6 +1169,13 @@ static const struct dmi_system_id force_combo_jack_table[] = {
DMI_MATCH(DMI_PRODUCT_NAME, "Geminilake")
}
},
+ {
+ .ident = "Intel Kabylake R RVP",
+ .matches = {
+ DMI_MATCH(DMI_SYS_VENDOR, "Intel Corporation"),
+ DMI_MATCH(DMI_PRODUCT_NAME, "Kabylake Client platform")
+ }
+ },
{ }
};
--
2.35.1
^ permalink raw reply related [flat|nested] 529+ messages in thread
* [PATCH 4.19 321/521] ipmi: fix memleak when unload ipmi driver
2023-01-16 15:44 [PATCH 4.19 000/521] 4.19.270-rc1 review Greg Kroah-Hartman
` (319 preceding siblings ...)
2023-01-16 15:49 ` [PATCH 4.19 320/521] ASoC: codecs: rt298: Add quirk for KBL-R RVP platform Greg Kroah-Hartman
@ 2023-01-16 15:49 ` Greg Kroah-Hartman
2023-01-16 15:49 ` [PATCH 4.19 322/521] bpf: make sure skb->len != 0 when redirecting to a tunneling device Greg Kroah-Hartman
` (203 subsequent siblings)
524 siblings, 0 replies; 529+ messages in thread
From: Greg Kroah-Hartman @ 2023-01-16 15:49 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Zhang Yuchen, Corey Minyard, Sasha Levin
From: Zhang Yuchen <zhangyuchen.lcr@bytedance.com>
[ Upstream commit 36992eb6b9b83f7f9cdc8e74fb5799d7b52e83e9 ]
After the IPMI disconnect problem, the memory kept rising and we tried
to unload the driver to free the memory. However, only part of the
free memory is recovered after the driver is uninstalled. Using
ebpf to hook free functions, we find that neither ipmi_user nor
ipmi_smi_msg is free, only ipmi_recv_msg is free.
We find that the deliver_smi_err_response call in clean_smi_msgs does
the destroy processing on each message from the xmit_msg queue without
checking the return value and free ipmi_smi_msg.
deliver_smi_err_response is called only at this location. Adding the
free handling has no effect.
To verify, try using ebpf to trace the free function.
$ bpftrace -e 'kretprobe:ipmi_alloc_recv_msg {printf("alloc rcv
%p\n",retval);} kprobe:free_recv_msg {printf("free recv %p\n",
arg0)} kretprobe:ipmi_alloc_smi_msg {printf("alloc smi %p\n",
retval);} kprobe:free_smi_msg {printf("free smi %p\n",arg0)}'
Signed-off-by: Zhang Yuchen <zhangyuchen.lcr@bytedance.com>
Message-Id: <20221007092617.87597-4-zhangyuchen.lcr@bytedance.com>
[Fixed the comment above handle_one_recv_msg().]
Signed-off-by: Corey Minyard <cminyard@mvista.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/char/ipmi/ipmi_msghandler.c | 8 ++++++--
1 file changed, 6 insertions(+), 2 deletions(-)
diff --git a/drivers/char/ipmi/ipmi_msghandler.c b/drivers/char/ipmi/ipmi_msghandler.c
index 4cf3ef4ddec3..8cfc7e6ab645 100644
--- a/drivers/char/ipmi/ipmi_msghandler.c
+++ b/drivers/char/ipmi/ipmi_msghandler.c
@@ -3461,12 +3461,16 @@ static void deliver_smi_err_response(struct ipmi_smi *intf,
struct ipmi_smi_msg *msg,
unsigned char err)
{
+ int rv;
msg->rsp[0] = msg->data[0] | 4;
msg->rsp[1] = msg->data[1];
msg->rsp[2] = err;
msg->rsp_size = 3;
- /* It's an error, so it will never requeue, no need to check return. */
- handle_one_recv_msg(intf, msg);
+
+ /* This will never requeue, but it may ask us to free the message. */
+ rv = handle_one_recv_msg(intf, msg);
+ if (rv == 0)
+ ipmi_free_smi_msg(msg);
}
static void cleanup_smi_msgs(struct ipmi_smi *intf)
--
2.35.1
^ permalink raw reply related [flat|nested] 529+ messages in thread
* [PATCH 4.19 322/521] bpf: make sure skb->len != 0 when redirecting to a tunneling device
2023-01-16 15:44 [PATCH 4.19 000/521] 4.19.270-rc1 review Greg Kroah-Hartman
` (320 preceding siblings ...)
2023-01-16 15:49 ` [PATCH 4.19 321/521] ipmi: fix memleak when unload ipmi driver Greg Kroah-Hartman
@ 2023-01-16 15:49 ` Greg Kroah-Hartman
2023-01-16 15:49 ` [PATCH 4.19 323/521] net: ethernet: ti: Fix return type of netcp_ndo_start_xmit() Greg Kroah-Hartman
` (202 subsequent siblings)
524 siblings, 0 replies; 529+ messages in thread
From: Greg Kroah-Hartman @ 2023-01-16 15:49 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Eric Dumazet,
syzbot+f635e86ec3fa0a37e019, Stanislav Fomichev,
Martin KaFai Lau, Alexei Starovoitov, Sasha Levin
From: Stanislav Fomichev <sdf@google.com>
[ Upstream commit 07ec7b502800ba9f7b8b15cb01dd6556bb41aaca ]
syzkaller managed to trigger another case where skb->len == 0
when we enter __dev_queue_xmit:
WARNING: CPU: 0 PID: 2470 at include/linux/skbuff.h:2576 skb_assert_len include/linux/skbuff.h:2576 [inline]
WARNING: CPU: 0 PID: 2470 at include/linux/skbuff.h:2576 __dev_queue_xmit+0x2069/0x35e0 net/core/dev.c:4295
Call Trace:
dev_queue_xmit+0x17/0x20 net/core/dev.c:4406
__bpf_tx_skb net/core/filter.c:2115 [inline]
__bpf_redirect_no_mac net/core/filter.c:2140 [inline]
__bpf_redirect+0x5fb/0xda0 net/core/filter.c:2163
____bpf_clone_redirect net/core/filter.c:2447 [inline]
bpf_clone_redirect+0x247/0x390 net/core/filter.c:2419
bpf_prog_48159a89cb4a9a16+0x59/0x5e
bpf_dispatcher_nop_func include/linux/bpf.h:897 [inline]
__bpf_prog_run include/linux/filter.h:596 [inline]
bpf_prog_run include/linux/filter.h:603 [inline]
bpf_test_run+0x46c/0x890 net/bpf/test_run.c:402
bpf_prog_test_run_skb+0xbdc/0x14c0 net/bpf/test_run.c:1170
bpf_prog_test_run+0x345/0x3c0 kernel/bpf/syscall.c:3648
__sys_bpf+0x43a/0x6c0 kernel/bpf/syscall.c:5005
__do_sys_bpf kernel/bpf/syscall.c:5091 [inline]
__se_sys_bpf kernel/bpf/syscall.c:5089 [inline]
__x64_sys_bpf+0x7c/0x90 kernel/bpf/syscall.c:5089
do_syscall_64+0x54/0x70 arch/x86/entry/common.c:48
entry_SYSCALL_64_after_hwframe+0x61/0xc6
The reproducer doesn't really reproduce outside of syzkaller
environment, so I'm taking a guess here. It looks like we
do generate correct ETH_HLEN-sized packet, but we redirect
the packet to the tunneling device. Before we do so, we
__skb_pull l2 header and arrive again at skb->len == 0.
Doesn't seem like we can do anything better than having
an explicit check after __skb_pull?
Cc: Eric Dumazet <edumazet@google.com>
Reported-by: syzbot+f635e86ec3fa0a37e019@syzkaller.appspotmail.com
Signed-off-by: Stanislav Fomichev <sdf@google.com>
Link: https://lore.kernel.org/r/20221027225537.353077-1-sdf@google.com
Signed-off-by: Martin KaFai Lau <martin.lau@kernel.org>
Signed-off-by: Alexei Starovoitov <ast@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
net/core/filter.c | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/net/core/filter.c b/net/core/filter.c
index 5129e89f52bb..aa2e7baa13c4 100644
--- a/net/core/filter.c
+++ b/net/core/filter.c
@@ -2025,6 +2025,10 @@ static int __bpf_redirect_no_mac(struct sk_buff *skb, struct net_device *dev,
if (mlen) {
__skb_pull(skb, mlen);
+ if (unlikely(!skb->len)) {
+ kfree_skb(skb);
+ return -ERANGE;
+ }
/* At ingress, the mac header has already been pulled once.
* At egress, skb_pospull_rcsum has to be done in case that
--
2.35.1
^ permalink raw reply related [flat|nested] 529+ messages in thread
* [PATCH 4.19 323/521] net: ethernet: ti: Fix return type of netcp_ndo_start_xmit()
2023-01-16 15:44 [PATCH 4.19 000/521] 4.19.270-rc1 review Greg Kroah-Hartman
` (321 preceding siblings ...)
2023-01-16 15:49 ` [PATCH 4.19 322/521] bpf: make sure skb->len != 0 when redirecting to a tunneling device Greg Kroah-Hartman
@ 2023-01-16 15:49 ` Greg Kroah-Hartman
2023-01-16 15:49 ` [PATCH 4.19 324/521] hamradio: baycom_epp: Fix return type of baycom_send_packet() Greg Kroah-Hartman
` (201 subsequent siblings)
524 siblings, 0 replies; 529+ messages in thread
From: Greg Kroah-Hartman @ 2023-01-16 15:49 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Nathan Chancellor, Kees Cook,
Jakub Kicinski, Sasha Levin
From: Nathan Chancellor <nathan@kernel.org>
[ Upstream commit 63fe6ff674a96cfcfc0fa8df1051a27aa31c70b4 ]
With clang's kernel control flow integrity (kCFI, CONFIG_CFI_CLANG),
indirect call targets are validated against the expected function
pointer prototype to make sure the call target is valid to help mitigate
ROP attacks. If they are not identical, there is a failure at run time,
which manifests as either a kernel panic or thread getting killed. A
proposed warning in clang aims to catch these at compile time, which
reveals:
drivers/net/ethernet/ti/netcp_core.c:1944:21: error: incompatible function pointer types initializing 'netdev_tx_t (*)(struct sk_buff *, struct net_device *)' (aka 'enum netdev_tx (*)(struct sk_buff *, struct net_device *)') with an expression of type 'int (struct sk_buff *, struct net_device *)' [-Werror,-Wincompatible-function-pointer-types-strict]
.ndo_start_xmit = netcp_ndo_start_xmit,
^~~~~~~~~~~~~~~~~~~~
1 error generated.
->ndo_start_xmit() in 'struct net_device_ops' expects a return type of
'netdev_tx_t', not 'int'. Adjust the return type of
netcp_ndo_start_xmit() to match the prototype's to resolve the warning
and CFI failure.
Link: https://github.com/ClangBuiltLinux/linux/issues/1750
Signed-off-by: Nathan Chancellor <nathan@kernel.org>
Reviewed-by: Kees Cook <keescook@chromium.org>
Link: https://lore.kernel.org/r/20221102160933.1601260-1-nathan@kernel.org
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/ethernet/ti/netcp_core.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/net/ethernet/ti/netcp_core.c b/drivers/net/ethernet/ti/netcp_core.c
index 6099865217f2..7fdbd2ff5573 100644
--- a/drivers/net/ethernet/ti/netcp_core.c
+++ b/drivers/net/ethernet/ti/netcp_core.c
@@ -1276,7 +1276,7 @@ static int netcp_tx_submit_skb(struct netcp_intf *netcp,
}
/* Submit the packet */
-static int netcp_ndo_start_xmit(struct sk_buff *skb, struct net_device *ndev)
+static netdev_tx_t netcp_ndo_start_xmit(struct sk_buff *skb, struct net_device *ndev)
{
struct netcp_intf *netcp = netdev_priv(ndev);
struct netcp_stats *tx_stats = &netcp->stats;
--
2.35.1
^ permalink raw reply related [flat|nested] 529+ messages in thread
* [PATCH 4.19 324/521] hamradio: baycom_epp: Fix return type of baycom_send_packet()
2023-01-16 15:44 [PATCH 4.19 000/521] 4.19.270-rc1 review Greg Kroah-Hartman
` (322 preceding siblings ...)
2023-01-16 15:49 ` [PATCH 4.19 323/521] net: ethernet: ti: Fix return type of netcp_ndo_start_xmit() Greg Kroah-Hartman
@ 2023-01-16 15:49 ` Greg Kroah-Hartman
2023-01-16 15:49 ` [PATCH 4.19 325/521] wifi: brcmfmac: Fix potential shift-out-of-bounds in brcmf_fw_alloc_request() Greg Kroah-Hartman
` (200 subsequent siblings)
524 siblings, 0 replies; 529+ messages in thread
From: Greg Kroah-Hartman @ 2023-01-16 15:49 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Nathan Chancellor, Kees Cook,
Jakub Kicinski, Sasha Levin
From: Nathan Chancellor <nathan@kernel.org>
[ Upstream commit c5733e5b15d91ab679646ec3149e192996a27d5d ]
With clang's kernel control flow integrity (kCFI, CONFIG_CFI_CLANG),
indirect call targets are validated against the expected function
pointer prototype to make sure the call target is valid to help mitigate
ROP attacks. If they are not identical, there is a failure at run time,
which manifests as either a kernel panic or thread getting killed. A
proposed warning in clang aims to catch these at compile time, which
reveals:
drivers/net/hamradio/baycom_epp.c:1119:25: error: incompatible function pointer types initializing 'netdev_tx_t (*)(struct sk_buff *, struct net_device *)' (aka 'enum netdev_tx (*)(struct sk_buff *, struct net_device *)') with an expression of type 'int (struct sk_buff *, struct net_device *)' [-Werror,-Wincompatible-function-pointer-types-strict]
.ndo_start_xmit = baycom_send_packet,
^~~~~~~~~~~~~~~~~~
1 error generated.
->ndo_start_xmit() in 'struct net_device_ops' expects a return type of
'netdev_tx_t', not 'int'. Adjust the return type of baycom_send_packet()
to match the prototype's to resolve the warning and CFI failure.
Link: https://github.com/ClangBuiltLinux/linux/issues/1750
Signed-off-by: Nathan Chancellor <nathan@kernel.org>
Reviewed-by: Kees Cook <keescook@chromium.org>
Link: https://lore.kernel.org/r/20221102160610.1186145-1-nathan@kernel.org
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/hamradio/baycom_epp.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/net/hamradio/baycom_epp.c b/drivers/net/hamradio/baycom_epp.c
index 1e62d00732f2..787eaf3f4f13 100644
--- a/drivers/net/hamradio/baycom_epp.c
+++ b/drivers/net/hamradio/baycom_epp.c
@@ -772,7 +772,7 @@ static void epp_bh(struct work_struct *work)
* ===================== network driver interface =========================
*/
-static int baycom_send_packet(struct sk_buff *skb, struct net_device *dev)
+static netdev_tx_t baycom_send_packet(struct sk_buff *skb, struct net_device *dev)
{
struct baycom_state *bc = netdev_priv(dev);
--
2.35.1
^ permalink raw reply related [flat|nested] 529+ messages in thread
* [PATCH 4.19 325/521] wifi: brcmfmac: Fix potential shift-out-of-bounds in brcmf_fw_alloc_request()
2023-01-16 15:44 [PATCH 4.19 000/521] 4.19.270-rc1 review Greg Kroah-Hartman
` (323 preceding siblings ...)
2023-01-16 15:49 ` [PATCH 4.19 324/521] hamradio: baycom_epp: Fix return type of baycom_send_packet() Greg Kroah-Hartman
@ 2023-01-16 15:49 ` Greg Kroah-Hartman
2023-01-16 15:49 ` [Intel-wired-lan] " Greg Kroah-Hartman
` (199 subsequent siblings)
524 siblings, 0 replies; 529+ messages in thread
From: Greg Kroah-Hartman @ 2023-01-16 15:49 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Dokyung Song, Jisoo Jang,
Minsuk Kang, Kalle Valo, Sasha Levin
From: Minsuk Kang <linuxlovemin@yonsei.ac.kr>
[ Upstream commit 81d17f6f3331f03c8eafdacea68ab773426c1e3c ]
This patch fixes a shift-out-of-bounds in brcmfmac that occurs in
BIT(chiprev) when a 'chiprev' provided by the device is too large.
It should also not be equal to or greater than BITS_PER_TYPE(u32)
as we do bitwise AND with a u32 variable and BIT(chiprev). The patch
adds a check that makes the function return NULL if that is the case.
Note that the NULL case is later handled by the bus-specific caller,
brcmf_usb_probe_cb() or brcmf_usb_reset_resume(), for example.
Found by a modified version of syzkaller.
UBSAN: shift-out-of-bounds in drivers/net/wireless/broadcom/brcm80211/brcmfmac/firmware.c
shift exponent 151055786 is too large for 64-bit type 'long unsigned int'
CPU: 0 PID: 1885 Comm: kworker/0:2 Tainted: G O 5.14.0+ #132
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.12.1-0-ga5cab58e9a3f-prebuilt.qemu.org 04/01/2014
Workqueue: usb_hub_wq hub_event
Call Trace:
dump_stack_lvl+0x57/0x7d
ubsan_epilogue+0x5/0x40
__ubsan_handle_shift_out_of_bounds.cold+0x53/0xdb
? lock_chain_count+0x20/0x20
brcmf_fw_alloc_request.cold+0x19/0x3ea
? brcmf_fw_get_firmwares+0x250/0x250
? brcmf_usb_ioctl_resp_wait+0x1a7/0x1f0
brcmf_usb_get_fwname+0x114/0x1a0
? brcmf_usb_reset_resume+0x120/0x120
? number+0x6c4/0x9a0
brcmf_c_process_clm_blob+0x168/0x590
? put_dec+0x90/0x90
? enable_ptr_key_workfn+0x20/0x20
? brcmf_common_pd_remove+0x50/0x50
? rcu_read_lock_sched_held+0xa1/0xd0
brcmf_c_preinit_dcmds+0x673/0xc40
? brcmf_c_set_joinpref_default+0x100/0x100
? rcu_read_lock_sched_held+0xa1/0xd0
? rcu_read_lock_bh_held+0xb0/0xb0
? lock_acquire+0x19d/0x4e0
? find_held_lock+0x2d/0x110
? brcmf_usb_deq+0x1cc/0x260
? mark_held_locks+0x9f/0xe0
? lockdep_hardirqs_on_prepare+0x273/0x3e0
? _raw_spin_unlock_irqrestore+0x47/0x50
? trace_hardirqs_on+0x1c/0x120
? brcmf_usb_deq+0x1a7/0x260
? brcmf_usb_rx_fill_all+0x5a/0xf0
brcmf_attach+0x246/0xd40
? wiphy_new_nm+0x1476/0x1d50
? kmemdup+0x30/0x40
brcmf_usb_probe+0x12de/0x1690
? brcmf_usbdev_qinit.constprop.0+0x470/0x470
usb_probe_interface+0x25f/0x710
really_probe+0x1be/0xa90
__driver_probe_device+0x2ab/0x460
? usb_match_id.part.0+0x88/0xc0
driver_probe_device+0x49/0x120
__device_attach_driver+0x18a/0x250
? driver_allows_async_probing+0x120/0x120
bus_for_each_drv+0x123/0x1a0
? bus_rescan_devices+0x20/0x20
? lockdep_hardirqs_on_prepare+0x273/0x3e0
? trace_hardirqs_on+0x1c/0x120
__device_attach+0x207/0x330
? device_bind_driver+0xb0/0xb0
? kobject_uevent_env+0x230/0x12c0
bus_probe_device+0x1a2/0x260
device_add+0xa61/0x1ce0
? __mutex_unlock_slowpath+0xe7/0x660
? __fw_devlink_link_to_suppliers+0x550/0x550
usb_set_configuration+0x984/0x1770
? kernfs_create_link+0x175/0x230
usb_generic_driver_probe+0x69/0x90
usb_probe_device+0x9c/0x220
really_probe+0x1be/0xa90
__driver_probe_device+0x2ab/0x460
driver_probe_device+0x49/0x120
__device_attach_driver+0x18a/0x250
? driver_allows_async_probing+0x120/0x120
bus_for_each_drv+0x123/0x1a0
? bus_rescan_devices+0x20/0x20
? lockdep_hardirqs_on_prepare+0x273/0x3e0
? trace_hardirqs_on+0x1c/0x120
__device_attach+0x207/0x330
? device_bind_driver+0xb0/0xb0
? kobject_uevent_env+0x230/0x12c0
bus_probe_device+0x1a2/0x260
device_add+0xa61/0x1ce0
? __fw_devlink_link_to_suppliers+0x550/0x550
usb_new_device.cold+0x463/0xf66
? hub_disconnect+0x400/0x400
? _raw_spin_unlock_irq+0x24/0x30
hub_event+0x10d5/0x3330
? hub_port_debounce+0x280/0x280
? __lock_acquire+0x1671/0x5790
? wq_calc_node_cpumask+0x170/0x2a0
? lock_release+0x640/0x640
? rcu_read_lock_sched_held+0xa1/0xd0
? rcu_read_lock_bh_held+0xb0/0xb0
? lockdep_hardirqs_on_prepare+0x273/0x3e0
process_one_work+0x873/0x13e0
? lock_release+0x640/0x640
? pwq_dec_nr_in_flight+0x320/0x320
? rwlock_bug.part.0+0x90/0x90
worker_thread+0x8b/0xd10
? __kthread_parkme+0xd9/0x1d0
? process_one_work+0x13e0/0x13e0
kthread+0x379/0x450
? _raw_spin_unlock_irq+0x24/0x30
? set_kthread_struct+0x100/0x100
ret_from_fork+0x1f/0x30
Reported-by: Dokyung Song <dokyungs@yonsei.ac.kr>
Reported-by: Jisoo Jang <jisoo.jang@yonsei.ac.kr>
Reported-by: Minsuk Kang <linuxlovemin@yonsei.ac.kr>
Signed-off-by: Minsuk Kang <linuxlovemin@yonsei.ac.kr>
Signed-off-by: Kalle Valo <kvalo@kernel.org>
Link: https://lore.kernel.org/r/20221024071329.504277-1-linuxlovemin@yonsei.ac.kr
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/wireless/broadcom/brcm80211/brcmfmac/firmware.c | 5 +++++
1 file changed, 5 insertions(+)
diff --git a/drivers/net/wireless/broadcom/brcm80211/brcmfmac/firmware.c b/drivers/net/wireless/broadcom/brcm80211/brcmfmac/firmware.c
index 4e5a6c311d1a..d8460835ff00 100644
--- a/drivers/net/wireless/broadcom/brcm80211/brcmfmac/firmware.c
+++ b/drivers/net/wireless/broadcom/brcm80211/brcmfmac/firmware.c
@@ -648,6 +648,11 @@ brcmf_fw_alloc_request(u32 chip, u32 chiprev,
char end = '\0';
size_t reqsz;
+ if (chiprev >= BITS_PER_TYPE(u32)) {
+ brcmf_err("Invalid chip revision %u\n", chiprev);
+ return NULL;
+ }
+
for (i = 0; i < table_size; i++) {
if (mapping_table[i].chipid == chip &&
mapping_table[i].revmask & BIT(chiprev))
--
2.35.1
^ permalink raw reply related [flat|nested] 529+ messages in thread
* [PATCH 4.19 326/521] igb: Do not free q_vector unless new one was allocated
2023-01-16 15:44 [PATCH 4.19 000/521] 4.19.270-rc1 review Greg Kroah-Hartman
@ 2023-01-16 15:49 ` Greg Kroah-Hartman
2023-01-16 15:44 ` [PATCH 4.19 002/521] mm/khugepaged: invoke MMU notifiers in shmem/file collapse paths Greg Kroah-Hartman
` (523 subsequent siblings)
524 siblings, 0 replies; 529+ messages in thread
From: Greg Kroah-Hartman @ 2023-01-16 15:49 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Jesse Brandeburg, Tony Nguyen,
David S. Miller, Eric Dumazet, Jakub Kicinski, Paolo Abeni,
intel-wired-lan, netdev, Kees Cook, Michael J. Ruhl,
Jacob Keller, Sasha Levin, Gurucharan
From: Kees Cook <keescook@chromium.org>
[ Upstream commit 0668716506ca66f90d395f36ccdaebc3e0e84801 ]
Avoid potential use-after-free condition under memory pressure. If the
kzalloc() fails, q_vector will be freed but left in the original
adapter->q_vector[v_idx] array position.
Cc: Jesse Brandeburg <jesse.brandeburg@intel.com>
Cc: Tony Nguyen <anthony.l.nguyen@intel.com>
Cc: "David S. Miller" <davem@davemloft.net>
Cc: Eric Dumazet <edumazet@google.com>
Cc: Jakub Kicinski <kuba@kernel.org>
Cc: Paolo Abeni <pabeni@redhat.com>
Cc: intel-wired-lan@lists.osuosl.org
Cc: netdev@vger.kernel.org
Signed-off-by: Kees Cook <keescook@chromium.org>
Reviewed-by: Michael J. Ruhl <michael.j.ruhl@intel.com>
Reviewed-by: Jacob Keller <jacob.e.keller@intel.com>
Tested-by: Gurucharan <gurucharanx.g@intel.com> (A Contingent worker at Intel)
Signed-off-by: Tony Nguyen <anthony.l.nguyen@intel.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/ethernet/intel/igb/igb_main.c | 8 ++++++--
1 file changed, 6 insertions(+), 2 deletions(-)
diff --git a/drivers/net/ethernet/intel/igb/igb_main.c b/drivers/net/ethernet/intel/igb/igb_main.c
index 3d2dd15859cb..87f98170ac93 100644
--- a/drivers/net/ethernet/intel/igb/igb_main.c
+++ b/drivers/net/ethernet/intel/igb/igb_main.c
@@ -1211,8 +1211,12 @@ static int igb_alloc_q_vector(struct igb_adapter *adapter,
if (!q_vector) {
q_vector = kzalloc(size, GFP_KERNEL);
} else if (size > ksize(q_vector)) {
- kfree_rcu(q_vector, rcu);
- q_vector = kzalloc(size, GFP_KERNEL);
+ struct igb_q_vector *new_q_vector;
+
+ new_q_vector = kzalloc(size, GFP_KERNEL);
+ if (new_q_vector)
+ kfree_rcu(q_vector, rcu);
+ q_vector = new_q_vector;
} else {
memset(q_vector, 0, size);
}
--
2.35.1
^ permalink raw reply related [flat|nested] 529+ messages in thread
* [Intel-wired-lan] [PATCH 4.19 326/521] igb: Do not free q_vector unless new one was allocated
@ 2023-01-16 15:49 ` Greg Kroah-Hartman
0 siblings, 0 replies; 529+ messages in thread
From: Greg Kroah-Hartman @ 2023-01-16 15:49 UTC (permalink / raw)
To: stable
Cc: Sasha Levin, Kees Cook, Greg Kroah-Hartman, patches,
Jesse Brandeburg, Michael J. Ruhl, Eric Dumazet, netdev,
Tony Nguyen, intel-wired-lan, Jakub Kicinski, Paolo Abeni,
David S. Miller
From: Kees Cook <keescook@chromium.org>
[ Upstream commit 0668716506ca66f90d395f36ccdaebc3e0e84801 ]
Avoid potential use-after-free condition under memory pressure. If the
kzalloc() fails, q_vector will be freed but left in the original
adapter->q_vector[v_idx] array position.
Cc: Jesse Brandeburg <jesse.brandeburg@intel.com>
Cc: Tony Nguyen <anthony.l.nguyen@intel.com>
Cc: "David S. Miller" <davem@davemloft.net>
Cc: Eric Dumazet <edumazet@google.com>
Cc: Jakub Kicinski <kuba@kernel.org>
Cc: Paolo Abeni <pabeni@redhat.com>
Cc: intel-wired-lan@lists.osuosl.org
Cc: netdev@vger.kernel.org
Signed-off-by: Kees Cook <keescook@chromium.org>
Reviewed-by: Michael J. Ruhl <michael.j.ruhl@intel.com>
Reviewed-by: Jacob Keller <jacob.e.keller@intel.com>
Tested-by: Gurucharan <gurucharanx.g@intel.com> (A Contingent worker at Intel)
Signed-off-by: Tony Nguyen <anthony.l.nguyen@intel.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/ethernet/intel/igb/igb_main.c | 8 ++++++--
1 file changed, 6 insertions(+), 2 deletions(-)
diff --git a/drivers/net/ethernet/intel/igb/igb_main.c b/drivers/net/ethernet/intel/igb/igb_main.c
index 3d2dd15859cb..87f98170ac93 100644
--- a/drivers/net/ethernet/intel/igb/igb_main.c
+++ b/drivers/net/ethernet/intel/igb/igb_main.c
@@ -1211,8 +1211,12 @@ static int igb_alloc_q_vector(struct igb_adapter *adapter,
if (!q_vector) {
q_vector = kzalloc(size, GFP_KERNEL);
} else if (size > ksize(q_vector)) {
- kfree_rcu(q_vector, rcu);
- q_vector = kzalloc(size, GFP_KERNEL);
+ struct igb_q_vector *new_q_vector;
+
+ new_q_vector = kzalloc(size, GFP_KERNEL);
+ if (new_q_vector)
+ kfree_rcu(q_vector, rcu);
+ q_vector = new_q_vector;
} else {
memset(q_vector, 0, size);
}
--
2.35.1
_______________________________________________
Intel-wired-lan mailing list
Intel-wired-lan@osuosl.org
https://lists.osuosl.org/mailman/listinfo/intel-wired-lan
^ permalink raw reply related [flat|nested] 529+ messages in thread
* [PATCH 4.19 327/521] drm/amdgpu: Fix type of second parameter in trans_msg() callback
2023-01-16 15:44 [PATCH 4.19 000/521] 4.19.270-rc1 review Greg Kroah-Hartman
` (325 preceding siblings ...)
2023-01-16 15:49 ` [Intel-wired-lan] " Greg Kroah-Hartman
@ 2023-01-16 15:49 ` Greg Kroah-Hartman
2023-01-16 15:49 ` [PATCH 4.19 328/521] s390/ctcm: Fix return type of ctc{mp,}m_tx() Greg Kroah-Hartman
` (197 subsequent siblings)
524 siblings, 0 replies; 529+ messages in thread
From: Greg Kroah-Hartman @ 2023-01-16 15:49 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Sami Tolvanen, Kees Cook,
Nathan Chancellor, Alex Deucher, Sasha Levin
From: Nathan Chancellor <nathan@kernel.org>
[ Upstream commit f0d0f1087333714ee683cc134a95afe331d7ddd9 ]
With clang's kernel control flow integrity (kCFI, CONFIG_CFI_CLANG),
indirect call targets are validated against the expected function
pointer prototype to make sure the call target is valid to help mitigate
ROP attacks. If they are not identical, there is a failure at run time,
which manifests as either a kernel panic or thread getting killed. A
proposed warning in clang aims to catch these at compile time, which
reveals:
drivers/gpu/drm/amd/amdgpu/mxgpu_ai.c:412:15: error: incompatible function pointer types initializing 'void (*)(struct amdgpu_device *, u32, u32, u32, u32)' (aka 'void (*)(struct amdgpu_device *, unsigned int, unsigned int, unsigned int, unsigned int)') with an expression of type 'void (struct amdgpu_device *, enum idh_request, u32, u32, u32)' (aka 'void (struct amdgpu_device *, enum idh_request, unsigned int, unsigned int, unsigned int)') [-Werror,-Wincompatible-function-pointer-types-strict]
.trans_msg = xgpu_ai_mailbox_trans_msg,
^~~~~~~~~~~~~~~~~~~~~~~~~
1 error generated.
drivers/gpu/drm/amd/amdgpu/mxgpu_nv.c:435:15: error: incompatible function pointer types initializing 'void (*)(struct amdgpu_device *, u32, u32, u32, u32)' (aka 'void (*)(struct amdgpu_device *, unsigned int, unsigned int, unsigned int, unsigned int)') with an expression of type 'void (struct amdgpu_device *, enum idh_request, u32, u32, u32)' (aka 'void (struct amdgpu_device *, enum idh_request, unsigned int, unsigned int, unsigned int)') [-Werror,-Wincompatible-function-pointer-types-strict]
.trans_msg = xgpu_nv_mailbox_trans_msg,
^~~~~~~~~~~~~~~~~~~~~~~~~
1 error generated.
The type of the second parameter in the prototype should be 'enum
idh_request' instead of 'u32'. Update it to clear up the warnings.
Link: https://github.com/ClangBuiltLinux/linux/issues/1750
Reported-by: Sami Tolvanen <samitolvanen@google.com>
Reviewed-by: Kees Cook <keescook@chromium.org>
Signed-off-by: Nathan Chancellor <nathan@kernel.org>
Signed-off-by: Alex Deucher <alexander.deucher@amd.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/gpu/drm/amd/amdgpu/amdgpu_virt.h | 5 ++++-
1 file changed, 4 insertions(+), 1 deletion(-)
diff --git a/drivers/gpu/drm/amd/amdgpu/amdgpu_virt.h b/drivers/gpu/drm/amd/amdgpu/amdgpu_virt.h
index 880ac113a3a9..d26b6e36be02 100644
--- a/drivers/gpu/drm/amd/amdgpu/amdgpu_virt.h
+++ b/drivers/gpu/drm/amd/amdgpu/amdgpu_virt.h
@@ -48,6 +48,8 @@ struct amdgpu_vf_error_buffer {
uint64_t data[AMDGPU_VF_ERROR_ENTRY_SIZE];
};
+enum idh_request;
+
/**
* struct amdgpu_virt_ops - amdgpu device virt operations
*/
@@ -56,7 +58,8 @@ struct amdgpu_virt_ops {
int (*rel_full_gpu)(struct amdgpu_device *adev, bool init);
int (*reset_gpu)(struct amdgpu_device *adev);
int (*wait_reset)(struct amdgpu_device *adev);
- void (*trans_msg)(struct amdgpu_device *adev, u32 req, u32 data1, u32 data2, u32 data3);
+ void (*trans_msg)(struct amdgpu_device *adev, enum idh_request req,
+ u32 data1, u32 data2, u32 data3);
};
/*
--
2.35.1
^ permalink raw reply related [flat|nested] 529+ messages in thread
* [PATCH 4.19 328/521] s390/ctcm: Fix return type of ctc{mp,}m_tx()
2023-01-16 15:44 [PATCH 4.19 000/521] 4.19.270-rc1 review Greg Kroah-Hartman
` (326 preceding siblings ...)
2023-01-16 15:49 ` [PATCH 4.19 327/521] drm/amdgpu: Fix type of second parameter in trans_msg() callback Greg Kroah-Hartman
@ 2023-01-16 15:49 ` Greg Kroah-Hartman
2023-01-16 15:49 ` [PATCH 4.19 329/521] s390/netiucv: Fix return type of netiucv_tx() Greg Kroah-Hartman
` (196 subsequent siblings)
524 siblings, 0 replies; 529+ messages in thread
From: Greg Kroah-Hartman @ 2023-01-16 15:49 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Alexandra Winter, Kees Cook,
Nathan Chancellor, David S. Miller, Sasha Levin
From: Nathan Chancellor <nathan@kernel.org>
[ Upstream commit aa5bf80c3c067b82b4362cd6e8e2194623bcaca6 ]
With clang's kernel control flow integrity (kCFI, CONFIG_CFI_CLANG),
indirect call targets are validated against the expected function
pointer prototype to make sure the call target is valid to help mitigate
ROP attacks. If they are not identical, there is a failure at run time,
which manifests as either a kernel panic or thread getting killed. A
proposed warning in clang aims to catch these at compile time, which
reveals:
drivers/s390/net/ctcm_main.c:1064:21: error: incompatible function pointer types initializing 'netdev_tx_t (*)(struct sk_buff *, struct net_device *)' (aka 'enum netdev_tx (*)(struct sk_buff *, struct net_device *)') with an expression of type 'int (struct sk_buff *, struct net_device *)' [-Werror,-Wincompatible-function-pointer-types-strict]
.ndo_start_xmit = ctcm_tx,
^~~~~~~
drivers/s390/net/ctcm_main.c:1072:21: error: incompatible function pointer types initializing 'netdev_tx_t (*)(struct sk_buff *, struct net_device *)' (aka 'enum netdev_tx (*)(struct sk_buff *, struct net_device *)') with an expression of type 'int (struct sk_buff *, struct net_device *)' [-Werror,-Wincompatible-function-pointer-types-strict]
.ndo_start_xmit = ctcmpc_tx,
^~~~~~~~~
->ndo_start_xmit() in 'struct net_device_ops' expects a return type of
'netdev_tx_t', not 'int'. Adjust the return type of ctc{mp,}m_tx() to
match the prototype's to resolve the warning and potential CFI failure,
should s390 select ARCH_SUPPORTS_CFI_CLANG in the future.
Additionally, while in the area, remove a comment block that is no
longer relevant.
Link: https://github.com/ClangBuiltLinux/linux/issues/1750
Reviewed-by: Alexandra Winter <wintera@linux.ibm.com>
Reviewed-by: Kees Cook <keescook@chromium.org>
Signed-off-by: Nathan Chancellor <nathan@kernel.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/s390/net/ctcm_main.c | 11 ++---------
1 file changed, 2 insertions(+), 9 deletions(-)
diff --git a/drivers/s390/net/ctcm_main.c b/drivers/s390/net/ctcm_main.c
index f63c5c871d3d..d9fdcdd6760b 100644
--- a/drivers/s390/net/ctcm_main.c
+++ b/drivers/s390/net/ctcm_main.c
@@ -867,16 +867,9 @@ static int ctcmpc_transmit_skb(struct channel *ch, struct sk_buff *skb)
/**
* Start transmission of a packet.
* Called from generic network device layer.
- *
- * skb Pointer to buffer containing the packet.
- * dev Pointer to interface struct.
- *
- * returns 0 if packet consumed, !0 if packet rejected.
- * Note: If we return !0, then the packet is free'd by
- * the generic network layer.
*/
/* first merge version - leaving both functions separated */
-static int ctcm_tx(struct sk_buff *skb, struct net_device *dev)
+static netdev_tx_t ctcm_tx(struct sk_buff *skb, struct net_device *dev)
{
struct ctcm_priv *priv = dev->ml_priv;
@@ -919,7 +912,7 @@ static int ctcm_tx(struct sk_buff *skb, struct net_device *dev)
}
/* unmerged MPC variant of ctcm_tx */
-static int ctcmpc_tx(struct sk_buff *skb, struct net_device *dev)
+static netdev_tx_t ctcmpc_tx(struct sk_buff *skb, struct net_device *dev)
{
int len = 0;
struct ctcm_priv *priv = dev->ml_priv;
--
2.35.1
^ permalink raw reply related [flat|nested] 529+ messages in thread
* [PATCH 4.19 329/521] s390/netiucv: Fix return type of netiucv_tx()
2023-01-16 15:44 [PATCH 4.19 000/521] 4.19.270-rc1 review Greg Kroah-Hartman
` (327 preceding siblings ...)
2023-01-16 15:49 ` [PATCH 4.19 328/521] s390/ctcm: Fix return type of ctc{mp,}m_tx() Greg Kroah-Hartman
@ 2023-01-16 15:49 ` Greg Kroah-Hartman
2023-01-16 15:49 ` [PATCH 4.19 330/521] s390/lcs: Fix return type of lcs_start_xmit() Greg Kroah-Hartman
` (195 subsequent siblings)
524 siblings, 0 replies; 529+ messages in thread
From: Greg Kroah-Hartman @ 2023-01-16 15:49 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Alexandra Winter, Kees Cook,
Nathan Chancellor, David S. Miller, Sasha Levin
From: Nathan Chancellor <nathan@kernel.org>
[ Upstream commit 88d86d18d7cf7e9137c95f9d212bb9fff8a1b4be ]
With clang's kernel control flow integrity (kCFI, CONFIG_CFI_CLANG),
indirect call targets are validated against the expected function
pointer prototype to make sure the call target is valid to help mitigate
ROP attacks. If they are not identical, there is a failure at run time,
which manifests as either a kernel panic or thread getting killed. A
proposed warning in clang aims to catch these at compile time, which
reveals:
drivers/s390/net/netiucv.c:1854:21: error: incompatible function pointer types initializing 'netdev_tx_t (*)(struct sk_buff *, struct net_device *)' (aka 'enum netdev_tx (*)(struct sk_buff *, struct net_device *)') with an expression of type 'int (struct sk_buff *, struct net_device *)' [-Werror,-Wincompatible-function-pointer-types-strict]
.ndo_start_xmit = netiucv_tx,
^~~~~~~~~~
->ndo_start_xmit() in 'struct net_device_ops' expects a return type of
'netdev_tx_t', not 'int'. Adjust the return type of netiucv_tx() to
match the prototype's to resolve the warning and potential CFI failure,
should s390 select ARCH_SUPPORTS_CFI_CLANG in the future.
Additionally, while in the area, remove a comment block that is no
longer relevant.
Link: https://github.com/ClangBuiltLinux/linux/issues/1750
Reviewed-by: Alexandra Winter <wintera@linux.ibm.com>
Reviewed-by: Kees Cook <keescook@chromium.org>
Signed-off-by: Nathan Chancellor <nathan@kernel.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/s390/net/netiucv.c | 9 +--------
1 file changed, 1 insertion(+), 8 deletions(-)
diff --git a/drivers/s390/net/netiucv.c b/drivers/s390/net/netiucv.c
index 5ce2424ca729..e2984b54447b 100644
--- a/drivers/s390/net/netiucv.c
+++ b/drivers/s390/net/netiucv.c
@@ -1344,15 +1344,8 @@ static int netiucv_pm_restore_thaw(struct device *dev)
/**
* Start transmission of a packet.
* Called from generic network device layer.
- *
- * @param skb Pointer to buffer containing the packet.
- * @param dev Pointer to interface struct.
- *
- * @return 0 if packet consumed, !0 if packet rejected.
- * Note: If we return !0, then the packet is free'd by
- * the generic network layer.
*/
-static int netiucv_tx(struct sk_buff *skb, struct net_device *dev)
+static netdev_tx_t netiucv_tx(struct sk_buff *skb, struct net_device *dev)
{
struct netiucv_priv *privptr = netdev_priv(dev);
int rc;
--
2.35.1
^ permalink raw reply related [flat|nested] 529+ messages in thread
* [PATCH 4.19 330/521] s390/lcs: Fix return type of lcs_start_xmit()
2023-01-16 15:44 [PATCH 4.19 000/521] 4.19.270-rc1 review Greg Kroah-Hartman
` (328 preceding siblings ...)
2023-01-16 15:49 ` [PATCH 4.19 329/521] s390/netiucv: Fix return type of netiucv_tx() Greg Kroah-Hartman
@ 2023-01-16 15:49 ` Greg Kroah-Hartman
2023-01-16 15:49 ` [PATCH 4.19 331/521] drm/sti: Use drm_mode_copy() Greg Kroah-Hartman
` (194 subsequent siblings)
524 siblings, 0 replies; 529+ messages in thread
From: Greg Kroah-Hartman @ 2023-01-16 15:49 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Alexandra Winter, Kees Cook,
Nathan Chancellor, David S. Miller, Sasha Levin
From: Nathan Chancellor <nathan@kernel.org>
[ Upstream commit bb16db8393658e0978c3f0d30ae069e878264fa3 ]
With clang's kernel control flow integrity (kCFI, CONFIG_CFI_CLANG),
indirect call targets are validated against the expected function
pointer prototype to make sure the call target is valid to help mitigate
ROP attacks. If they are not identical, there is a failure at run time,
which manifests as either a kernel panic or thread getting killed. A
proposed warning in clang aims to catch these at compile time, which
reveals:
drivers/s390/net/lcs.c:2090:21: error: incompatible function pointer types initializing 'netdev_tx_t (*)(struct sk_buff *, struct net_device *)' (aka 'enum netdev_tx (*)(struct sk_buff *, struct net_device *)') with an expression of type 'int (struct sk_buff *, struct net_device *)' [-Werror,-Wincompatible-function-pointer-types-strict]
.ndo_start_xmit = lcs_start_xmit,
^~~~~~~~~~~~~~
drivers/s390/net/lcs.c:2097:21: error: incompatible function pointer types initializing 'netdev_tx_t (*)(struct sk_buff *, struct net_device *)' (aka 'enum netdev_tx (*)(struct sk_buff *, struct net_device *)') with an expression of type 'int (struct sk_buff *, struct net_device *)' [-Werror,-Wincompatible-function-pointer-types-strict]
.ndo_start_xmit = lcs_start_xmit,
^~~~~~~~~~~~~~
->ndo_start_xmit() in 'struct net_device_ops' expects a return type of
'netdev_tx_t', not 'int'. Adjust the return type of lcs_start_xmit() to
match the prototype's to resolve the warning and potential CFI failure,
should s390 select ARCH_SUPPORTS_CFI_CLANG in the future.
Link: https://github.com/ClangBuiltLinux/linux/issues/1750
Reviewed-by: Alexandra Winter <wintera@linux.ibm.com>
Reviewed-by: Kees Cook <keescook@chromium.org>
Signed-off-by: Nathan Chancellor <nathan@kernel.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/s390/net/lcs.c | 8 +++-----
1 file changed, 3 insertions(+), 5 deletions(-)
diff --git a/drivers/s390/net/lcs.c b/drivers/s390/net/lcs.c
index d8f99ff53a94..09e019d76bdd 100644
--- a/drivers/s390/net/lcs.c
+++ b/drivers/s390/net/lcs.c
@@ -1518,9 +1518,8 @@ lcs_txbuffer_cb(struct lcs_channel *channel, struct lcs_buffer *buffer)
/**
* Packet transmit function called by network stack
*/
-static int
-__lcs_start_xmit(struct lcs_card *card, struct sk_buff *skb,
- struct net_device *dev)
+static netdev_tx_t __lcs_start_xmit(struct lcs_card *card, struct sk_buff *skb,
+ struct net_device *dev)
{
struct lcs_header *header;
int rc = NETDEV_TX_OK;
@@ -1581,8 +1580,7 @@ __lcs_start_xmit(struct lcs_card *card, struct sk_buff *skb,
return rc;
}
-static int
-lcs_start_xmit(struct sk_buff *skb, struct net_device *dev)
+static netdev_tx_t lcs_start_xmit(struct sk_buff *skb, struct net_device *dev)
{
struct lcs_card *card;
int rc;
--
2.35.1
^ permalink raw reply related [flat|nested] 529+ messages in thread
* [PATCH 4.19 331/521] drm/sti: Use drm_mode_copy()
2023-01-16 15:44 [PATCH 4.19 000/521] 4.19.270-rc1 review Greg Kroah-Hartman
` (329 preceding siblings ...)
2023-01-16 15:49 ` [PATCH 4.19 330/521] s390/lcs: Fix return type of lcs_start_xmit() Greg Kroah-Hartman
@ 2023-01-16 15:49 ` Greg Kroah-Hartman
2023-01-16 15:49 ` [PATCH 4.19 332/521] drivers/md/md-bitmap: check the return value of md_bitmap_get_counter() Greg Kroah-Hartman
` (193 subsequent siblings)
524 siblings, 0 replies; 529+ messages in thread
From: Greg Kroah-Hartman @ 2023-01-16 15:49 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Alain Volmat,
Ville Syrjälä,
Daniel Vetter, Sasha Levin
From: Ville Syrjälä <ville.syrjala@linux.intel.com>
[ Upstream commit 442cf8e22ba25a77cb9092d78733fdbac9844e50 ]
struct drm_display_mode embeds a list head, so overwriting
the full struct with another one will corrupt the list
(if the destination mode is on a list). Use drm_mode_copy()
instead which explicitly preserves the list head of
the destination mode.
Even if we know the destination mode is not on any list
using drm_mode_copy() seems decent as it sets a good
example. Bad examples of not using it might eventually
get copied into code where preserving the list head
actually matters.
Obviously one case not covered here is when the mode
itself is embedded in a larger structure and the whole
structure is copied. But if we are careful when copying
into modes embedded in structures I think we can be a
little more reassured that bogus list heads haven't been
propagated in.
@is_mode_copy@
@@
drm_mode_copy(...)
{
...
}
@depends on !is_mode_copy@
struct drm_display_mode *mode;
expression E, S;
@@
(
- *mode = E
+ drm_mode_copy(mode, &E)
|
- memcpy(mode, E, S)
+ drm_mode_copy(mode, E)
)
@depends on !is_mode_copy@
struct drm_display_mode mode;
expression E;
@@
(
- mode = E
+ drm_mode_copy(&mode, &E)
|
- memcpy(&mode, E, S)
+ drm_mode_copy(&mode, E)
)
@@
struct drm_display_mode *mode;
@@
- &*mode
+ mode
Cc: Alain Volmat <alain.volmat@foss.st.com>
Signed-off-by: Ville Syrjälä <ville.syrjala@linux.intel.com>
Link: https://patchwork.freedesktop.org/patch/msgid/20221107192545.9896-8-ville.syrjala@linux.intel.com
Reviewed-by: Daniel Vetter <daniel.vetter@ffwll.ch>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/gpu/drm/sti/sti_dvo.c | 2 +-
drivers/gpu/drm/sti/sti_hda.c | 2 +-
drivers/gpu/drm/sti/sti_hdmi.c | 2 +-
3 files changed, 3 insertions(+), 3 deletions(-)
diff --git a/drivers/gpu/drm/sti/sti_dvo.c b/drivers/gpu/drm/sti/sti_dvo.c
index b08376b7611b..a3f01721c552 100644
--- a/drivers/gpu/drm/sti/sti_dvo.c
+++ b/drivers/gpu/drm/sti/sti_dvo.c
@@ -288,7 +288,7 @@ static void sti_dvo_set_mode(struct drm_bridge *bridge,
DRM_DEBUG_DRIVER("\n");
- memcpy(&dvo->mode, mode, sizeof(struct drm_display_mode));
+ drm_mode_copy(&dvo->mode, mode);
/* According to the path used (main or aux), the dvo clocks should
* have a different parent clock. */
diff --git a/drivers/gpu/drm/sti/sti_hda.c b/drivers/gpu/drm/sti/sti_hda.c
index 19b9b5ed1297..33c9efa06f68 100644
--- a/drivers/gpu/drm/sti/sti_hda.c
+++ b/drivers/gpu/drm/sti/sti_hda.c
@@ -518,7 +518,7 @@ static void sti_hda_set_mode(struct drm_bridge *bridge,
DRM_DEBUG_DRIVER("\n");
- memcpy(&hda->mode, mode, sizeof(struct drm_display_mode));
+ drm_mode_copy(&hda->mode, mode);
if (!hda_get_mode_idx(hda->mode, &mode_idx)) {
DRM_ERROR("Undefined mode\n");
diff --git a/drivers/gpu/drm/sti/sti_hdmi.c b/drivers/gpu/drm/sti/sti_hdmi.c
index ccf718404a1c..3acf044ba366 100644
--- a/drivers/gpu/drm/sti/sti_hdmi.c
+++ b/drivers/gpu/drm/sti/sti_hdmi.c
@@ -926,7 +926,7 @@ static void sti_hdmi_set_mode(struct drm_bridge *bridge,
DRM_DEBUG_DRIVER("\n");
/* Copy the drm display mode in the connector local structure */
- memcpy(&hdmi->mode, mode, sizeof(struct drm_display_mode));
+ drm_mode_copy(&hdmi->mode, mode);
/* Update clock framerate according to the selected mode */
ret = clk_set_rate(hdmi->clk_pix, mode->clock * 1000);
--
2.35.1
^ permalink raw reply related [flat|nested] 529+ messages in thread
* [PATCH 4.19 332/521] drivers/md/md-bitmap: check the return value of md_bitmap_get_counter()
2023-01-16 15:44 [PATCH 4.19 000/521] 4.19.270-rc1 review Greg Kroah-Hartman
` (330 preceding siblings ...)
2023-01-16 15:49 ` [PATCH 4.19 331/521] drm/sti: Use drm_mode_copy() Greg Kroah-Hartman
@ 2023-01-16 15:49 ` Greg Kroah-Hartman
2023-01-16 15:49 ` [PATCH 4.19 333/521] md/raid1: stop mdx_raid1 thread when raid1 array run failed Greg Kroah-Hartman
` (192 subsequent siblings)
524 siblings, 0 replies; 529+ messages in thread
From: Greg Kroah-Hartman @ 2023-01-16 15:49 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Li Zhong, Song Liu, Sasha Levin
From: Li Zhong <floridsleeves@gmail.com>
[ Upstream commit 3bd548e5b819b8c0f2c9085de775c5c7bff9052f ]
Check the return value of md_bitmap_get_counter() in case it returns
NULL pointer, which will result in a null pointer dereference.
v2: update the check to include other dereference
Signed-off-by: Li Zhong <floridsleeves@gmail.com>
Signed-off-by: Song Liu <song@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/md/md-bitmap.c | 27 +++++++++++++++------------
1 file changed, 15 insertions(+), 12 deletions(-)
diff --git a/drivers/md/md-bitmap.c b/drivers/md/md-bitmap.c
index 7cf9d34ce20e..157a1735d7b7 100644
--- a/drivers/md/md-bitmap.c
+++ b/drivers/md/md-bitmap.c
@@ -2191,20 +2191,23 @@ int md_bitmap_resize(struct bitmap *bitmap, sector_t blocks,
if (set) {
bmc_new = md_bitmap_get_counter(&bitmap->counts, block, &new_blocks, 1);
- if (*bmc_new == 0) {
- /* need to set on-disk bits too. */
- sector_t end = block + new_blocks;
- sector_t start = block >> chunkshift;
- start <<= chunkshift;
- while (start < end) {
- md_bitmap_file_set_bit(bitmap, block);
- start += 1 << chunkshift;
+ if (bmc_new) {
+ if (*bmc_new == 0) {
+ /* need to set on-disk bits too. */
+ sector_t end = block + new_blocks;
+ sector_t start = block >> chunkshift;
+
+ start <<= chunkshift;
+ while (start < end) {
+ md_bitmap_file_set_bit(bitmap, block);
+ start += 1 << chunkshift;
+ }
+ *bmc_new = 2;
+ md_bitmap_count_page(&bitmap->counts, block, 1);
+ md_bitmap_set_pending(&bitmap->counts, block);
}
- *bmc_new = 2;
- md_bitmap_count_page(&bitmap->counts, block, 1);
- md_bitmap_set_pending(&bitmap->counts, block);
+ *bmc_new |= NEEDED_MASK;
}
- *bmc_new |= NEEDED_MASK;
if (new_blocks < old_blocks)
old_blocks = new_blocks;
}
--
2.35.1
^ permalink raw reply related [flat|nested] 529+ messages in thread
* [PATCH 4.19 333/521] md/raid1: stop mdx_raid1 thread when raid1 array run failed
2023-01-16 15:44 [PATCH 4.19 000/521] 4.19.270-rc1 review Greg Kroah-Hartman
` (331 preceding siblings ...)
2023-01-16 15:49 ` [PATCH 4.19 332/521] drivers/md/md-bitmap: check the return value of md_bitmap_get_counter() Greg Kroah-Hartman
@ 2023-01-16 15:49 ` Greg Kroah-Hartman
2023-01-16 15:49 ` [PATCH 4.19 334/521] mrp: introduce active flags to prevent UAF when applicant uninit Greg Kroah-Hartman
` (191 subsequent siblings)
524 siblings, 0 replies; 529+ messages in thread
From: Greg Kroah-Hartman @ 2023-01-16 15:49 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Jiang Li, Song Liu, Sasha Levin
From: Jiang Li <jiang.li@ugreen.com>
[ Upstream commit b611ad14006e5be2170d9e8e611bf49dff288911 ]
fail run raid1 array when we assemble array with the inactive disk only,
but the mdx_raid1 thread were not stop, Even if the associated resources
have been released. it will caused a NULL dereference when we do poweroff.
This causes the following Oops:
[ 287.587787] BUG: kernel NULL pointer dereference, address: 0000000000000070
[ 287.594762] #PF: supervisor read access in kernel mode
[ 287.599912] #PF: error_code(0x0000) - not-present page
[ 287.605061] PGD 0 P4D 0
[ 287.607612] Oops: 0000 [#1] SMP NOPTI
[ 287.611287] CPU: 3 PID: 5265 Comm: md0_raid1 Tainted: G U 5.10.146 #0
[ 287.619029] Hardware name: xxxxxxx/To be filled by O.E.M, BIOS 5.19 06/16/2022
[ 287.626775] RIP: 0010:md_check_recovery+0x57/0x500 [md_mod]
[ 287.632357] Code: fe 01 00 00 48 83 bb 10 03 00 00 00 74 08 48 89 ......
[ 287.651118] RSP: 0018:ffffc90000433d78 EFLAGS: 00010202
[ 287.656347] RAX: 0000000000000000 RBX: ffff888105986800 RCX: 0000000000000000
[ 287.663491] RDX: ffffc90000433bb0 RSI: 00000000ffffefff RDI: ffff888105986800
[ 287.670634] RBP: ffffc90000433da0 R08: 0000000000000000 R09: c0000000ffffefff
[ 287.677771] R10: 0000000000000001 R11: ffffc90000433ba8 R12: ffff888105986800
[ 287.684907] R13: 0000000000000000 R14: fffffffffffffe00 R15: ffff888100b6b500
[ 287.692052] FS: 0000000000000000(0000) GS:ffff888277f80000(0000) knlGS:0000000000000000
[ 287.700149] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 287.705897] CR2: 0000000000000070 CR3: 000000000320a000 CR4: 0000000000350ee0
[ 287.713033] Call Trace:
[ 287.715498] raid1d+0x6c/0xbbb [raid1]
[ 287.719256] ? __schedule+0x1ff/0x760
[ 287.722930] ? schedule+0x3b/0xb0
[ 287.726260] ? schedule_timeout+0x1ed/0x290
[ 287.730456] ? __switch_to+0x11f/0x400
[ 287.734219] md_thread+0xe9/0x140 [md_mod]
[ 287.738328] ? md_thread+0xe9/0x140 [md_mod]
[ 287.742601] ? wait_woken+0x80/0x80
[ 287.746097] ? md_register_thread+0xe0/0xe0 [md_mod]
[ 287.751064] kthread+0x11a/0x140
[ 287.754300] ? kthread_park+0x90/0x90
[ 287.757974] ret_from_fork+0x1f/0x30
In fact, when raid1 array run fail, we need to do
md_unregister_thread() before raid1_free().
Signed-off-by: Jiang Li <jiang.li@ugreen.com>
Signed-off-by: Song Liu <song@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/md/raid1.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/drivers/md/raid1.c b/drivers/md/raid1.c
index 876d3e1339d1..0f8b1fb3d051 100644
--- a/drivers/md/raid1.c
+++ b/drivers/md/raid1.c
@@ -3110,6 +3110,7 @@ static int raid1_run(struct mddev *mddev)
* RAID1 needs at least one disk in active
*/
if (conf->raid_disks - mddev->degraded < 1) {
+ md_unregister_thread(&conf->thread);
ret = -EINVAL;
goto abort;
}
--
2.35.1
^ permalink raw reply related [flat|nested] 529+ messages in thread
* [PATCH 4.19 334/521] mrp: introduce active flags to prevent UAF when applicant uninit
2023-01-16 15:44 [PATCH 4.19 000/521] 4.19.270-rc1 review Greg Kroah-Hartman
` (332 preceding siblings ...)
2023-01-16 15:49 ` [PATCH 4.19 333/521] md/raid1: stop mdx_raid1 thread when raid1 array run failed Greg Kroah-Hartman
@ 2023-01-16 15:49 ` Greg Kroah-Hartman
2023-01-16 15:49 ` [PATCH 4.19 335/521] ppp: associate skb with a device at tx Greg Kroah-Hartman
` (190 subsequent siblings)
524 siblings, 0 replies; 529+ messages in thread
From: Greg Kroah-Hartman @ 2023-01-16 15:49 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, syzbot+6fd64001c20aa99e34a4,
Schspa Shi, David S. Miller, Sasha Levin
From: Schspa Shi <schspa@gmail.com>
[ Upstream commit ab0377803dafc58f1e22296708c1c28e309414d6 ]
The caller of del_timer_sync must prevent restarting of the timer, If
we have no this synchronization, there is a small probability that the
cancellation will not be successful.
And syzbot report the fellowing crash:
==================================================================
BUG: KASAN: use-after-free in hlist_add_head include/linux/list.h:929 [inline]
BUG: KASAN: use-after-free in enqueue_timer+0x18/0xa4 kernel/time/timer.c:605
Write at addr f9ff000024df6058 by task syz-fuzzer/2256
Pointer tag: [f9], memory tag: [fe]
CPU: 1 PID: 2256 Comm: syz-fuzzer Not tainted 6.1.0-rc5-syzkaller-00008-
ge01d50cbd6ee #0
Hardware name: linux,dummy-virt (DT)
Call trace:
dump_backtrace.part.0+0xe0/0xf0 arch/arm64/kernel/stacktrace.c:156
dump_backtrace arch/arm64/kernel/stacktrace.c:162 [inline]
show_stack+0x18/0x40 arch/arm64/kernel/stacktrace.c:163
__dump_stack lib/dump_stack.c:88 [inline]
dump_stack_lvl+0x68/0x84 lib/dump_stack.c:106
print_address_description mm/kasan/report.c:284 [inline]
print_report+0x1a8/0x4a0 mm/kasan/report.c:395
kasan_report+0x94/0xb4 mm/kasan/report.c:495
__do_kernel_fault+0x164/0x1e0 arch/arm64/mm/fault.c:320
do_bad_area arch/arm64/mm/fault.c:473 [inline]
do_tag_check_fault+0x78/0x8c arch/arm64/mm/fault.c:749
do_mem_abort+0x44/0x94 arch/arm64/mm/fault.c:825
el1_abort+0x40/0x60 arch/arm64/kernel/entry-common.c:367
el1h_64_sync_handler+0xd8/0xe4 arch/arm64/kernel/entry-common.c:427
el1h_64_sync+0x64/0x68 arch/arm64/kernel/entry.S:576
hlist_add_head include/linux/list.h:929 [inline]
enqueue_timer+0x18/0xa4 kernel/time/timer.c:605
mod_timer+0x14/0x20 kernel/time/timer.c:1161
mrp_periodic_timer_arm net/802/mrp.c:614 [inline]
mrp_periodic_timer+0xa0/0xc0 net/802/mrp.c:627
call_timer_fn.constprop.0+0x24/0x80 kernel/time/timer.c:1474
expire_timers+0x98/0xc4 kernel/time/timer.c:1519
To fix it, we can introduce a new active flags to make sure the timer will
not restart.
Reported-by: syzbot+6fd64001c20aa99e34a4@syzkaller.appspotmail.com
Signed-off-by: Schspa Shi <schspa@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
include/net/mrp.h | 1 +
net/802/mrp.c | 18 +++++++++++++-----
2 files changed, 14 insertions(+), 5 deletions(-)
diff --git a/include/net/mrp.h b/include/net/mrp.h
index ef58b4a07190..c6c53370e390 100644
--- a/include/net/mrp.h
+++ b/include/net/mrp.h
@@ -120,6 +120,7 @@ struct mrp_applicant {
struct sk_buff *pdu;
struct rb_root mad;
struct rcu_head rcu;
+ bool active;
};
struct mrp_port {
diff --git a/net/802/mrp.c b/net/802/mrp.c
index 32f87d458f05..ce6e4774d333 100644
--- a/net/802/mrp.c
+++ b/net/802/mrp.c
@@ -609,7 +609,10 @@ static void mrp_join_timer(struct timer_list *t)
spin_unlock(&app->lock);
mrp_queue_xmit(app);
- mrp_join_timer_arm(app);
+ spin_lock(&app->lock);
+ if (likely(app->active))
+ mrp_join_timer_arm(app);
+ spin_unlock(&app->lock);
}
static void mrp_periodic_timer_arm(struct mrp_applicant *app)
@@ -623,11 +626,12 @@ static void mrp_periodic_timer(struct timer_list *t)
struct mrp_applicant *app = from_timer(app, t, periodic_timer);
spin_lock(&app->lock);
- mrp_mad_event(app, MRP_EVENT_PERIODIC);
- mrp_pdu_queue(app);
+ if (likely(app->active)) {
+ mrp_mad_event(app, MRP_EVENT_PERIODIC);
+ mrp_pdu_queue(app);
+ mrp_periodic_timer_arm(app);
+ }
spin_unlock(&app->lock);
-
- mrp_periodic_timer_arm(app);
}
static int mrp_pdu_parse_end_mark(struct sk_buff *skb, int *offset)
@@ -875,6 +879,7 @@ int mrp_init_applicant(struct net_device *dev, struct mrp_application *appl)
app->dev = dev;
app->app = appl;
app->mad = RB_ROOT;
+ app->active = true;
spin_lock_init(&app->lock);
skb_queue_head_init(&app->queue);
rcu_assign_pointer(dev->mrp_port->applicants[appl->type], app);
@@ -903,6 +908,9 @@ void mrp_uninit_applicant(struct net_device *dev, struct mrp_application *appl)
RCU_INIT_POINTER(port->applicants[appl->type], NULL);
+ spin_lock_bh(&app->lock);
+ app->active = false;
+ spin_unlock_bh(&app->lock);
/* Delete timer and generate a final TX event to flush out
* all pending messages before the applicant is gone.
*/
--
2.35.1
^ permalink raw reply related [flat|nested] 529+ messages in thread
* [PATCH 4.19 335/521] ppp: associate skb with a device at tx
2023-01-16 15:44 [PATCH 4.19 000/521] 4.19.270-rc1 review Greg Kroah-Hartman
` (333 preceding siblings ...)
2023-01-16 15:49 ` [PATCH 4.19 334/521] mrp: introduce active flags to prevent UAF when applicant uninit Greg Kroah-Hartman
@ 2023-01-16 15:49 ` Greg Kroah-Hartman
2023-01-16 15:49 ` [PATCH 4.19 336/521] media: dvb-frontends: fix leak of memory fw Greg Kroah-Hartman
` (189 subsequent siblings)
524 siblings, 0 replies; 529+ messages in thread
From: Greg Kroah-Hartman @ 2023-01-16 15:49 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Paul Mackerras, linux-ppp,
syzbot+41cab52ab62ee99ed24a, Stanislav Fomichev, David S. Miller,
Sasha Levin
From: Stanislav Fomichev <sdf@google.com>
[ Upstream commit 9f225444467b98579cf28d94f4ad053460dfdb84 ]
Syzkaller triggered flow dissector warning with the following:
r0 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000000), 0xc0802, 0x0)
ioctl$PPPIOCNEWUNIT(r0, 0xc004743e, &(0x7f00000000c0))
ioctl$PPPIOCSACTIVE(r0, 0x40107446, &(0x7f0000000240)={0x2, &(0x7f0000000180)=[{0x20, 0x0, 0x0, 0xfffff034}, {0x6}]})
pwritev(r0, &(0x7f0000000040)=[{&(0x7f0000000140)='\x00!', 0x2}], 0x1, 0x0, 0x0)
[ 9.485814] WARNING: CPU: 3 PID: 329 at net/core/flow_dissector.c:1016 __skb_flow_dissect+0x1ee0/0x1fa0
[ 9.485929] skb_get_poff+0x53/0xa0
[ 9.485937] bpf_skb_get_pay_offset+0xe/0x20
[ 9.485944] ? ppp_send_frame+0xc2/0x5b0
[ 9.485949] ? _raw_spin_unlock_irqrestore+0x40/0x60
[ 9.485958] ? __ppp_xmit_process+0x7a/0xe0
[ 9.485968] ? ppp_xmit_process+0x5b/0xb0
[ 9.485974] ? ppp_write+0x12a/0x190
[ 9.485981] ? do_iter_write+0x18e/0x2d0
[ 9.485987] ? __import_iovec+0x30/0x130
[ 9.485997] ? do_pwritev+0x1b6/0x240
[ 9.486016] ? trace_hardirqs_on+0x47/0x50
[ 9.486023] ? __x64_sys_pwritev+0x24/0x30
[ 9.486026] ? do_syscall_64+0x3d/0x80
[ 9.486031] ? entry_SYSCALL_64_after_hwframe+0x63/0xcd
Flow dissector tries to find skb net namespace either via device
or via socket. Neigher is set in ppp_send_frame, so let's manually
use ppp->dev.
Cc: Paul Mackerras <paulus@samba.org>
Cc: linux-ppp@vger.kernel.org
Reported-by: syzbot+41cab52ab62ee99ed24a@syzkaller.appspotmail.com
Signed-off-by: Stanislav Fomichev <sdf@google.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/ppp/ppp_generic.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/drivers/net/ppp/ppp_generic.c b/drivers/net/ppp/ppp_generic.c
index 3f335b57d5cd..220b28711f98 100644
--- a/drivers/net/ppp/ppp_generic.c
+++ b/drivers/net/ppp/ppp_generic.c
@@ -1528,6 +1528,8 @@ ppp_send_frame(struct ppp *ppp, struct sk_buff *skb)
int len;
unsigned char *cp;
+ skb->dev = ppp->dev;
+
if (proto < 0x8000) {
#ifdef CONFIG_PPP_FILTER
/* check if we should pass this packet */
--
2.35.1
^ permalink raw reply related [flat|nested] 529+ messages in thread
* [PATCH 4.19 336/521] media: dvb-frontends: fix leak of memory fw
2023-01-16 15:44 [PATCH 4.19 000/521] 4.19.270-rc1 review Greg Kroah-Hartman
` (334 preceding siblings ...)
2023-01-16 15:49 ` [PATCH 4.19 335/521] ppp: associate skb with a device at tx Greg Kroah-Hartman
@ 2023-01-16 15:49 ` Greg Kroah-Hartman
2023-01-16 15:49 ` [PATCH 4.19 337/521] media: dvbdev: adopts refcnt to avoid UAF Greg Kroah-Hartman
` (188 subsequent siblings)
524 siblings, 0 replies; 529+ messages in thread
From: Greg Kroah-Hartman @ 2023-01-16 15:49 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Yan Lei, Mauro Carvalho Chehab, Sasha Levin
From: Yan Lei <yan_lei@dahuatech.com>
[ Upstream commit a15fe8d9f1bf460a804bcf18a890bfd2cf0d5caa ]
Link: https://lore.kernel.org/linux-media/20220410061925.4107-1-chinayanlei2002@163.com
Signed-off-by: Yan Lei <yan_lei@dahuatech.com>
Signed-off-by: Mauro Carvalho Chehab <mchehab@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/media/dvb-frontends/bcm3510.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/drivers/media/dvb-frontends/bcm3510.c b/drivers/media/dvb-frontends/bcm3510.c
index e92542b92d34..6457b0912d14 100644
--- a/drivers/media/dvb-frontends/bcm3510.c
+++ b/drivers/media/dvb-frontends/bcm3510.c
@@ -649,6 +649,7 @@ static int bcm3510_download_firmware(struct dvb_frontend* fe)
deb_info("firmware chunk, addr: 0x%04x, len: 0x%04x, total length: 0x%04zx\n",addr,len,fw->size);
if ((ret = bcm3510_write_ram(st,addr,&b[i+4],len)) < 0) {
err("firmware download failed: %d\n",ret);
+ release_firmware(fw);
return ret;
}
i += 4 + len;
--
2.35.1
^ permalink raw reply related [flat|nested] 529+ messages in thread
* [PATCH 4.19 337/521] media: dvbdev: adopts refcnt to avoid UAF
2023-01-16 15:44 [PATCH 4.19 000/521] 4.19.270-rc1 review Greg Kroah-Hartman
` (335 preceding siblings ...)
2023-01-16 15:49 ` [PATCH 4.19 336/521] media: dvb-frontends: fix leak of memory fw Greg Kroah-Hartman
@ 2023-01-16 15:49 ` Greg Kroah-Hartman
2023-01-16 15:50 ` [PATCH 4.19 338/521] media: dvb-usb: fix memory leak in dvb_usb_adapter_init() Greg Kroah-Hartman
` (187 subsequent siblings)
524 siblings, 0 replies; 529+ messages in thread
From: Greg Kroah-Hartman @ 2023-01-16 15:49 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Lin Ma, kernel test robot,
Mauro Carvalho Chehab, Sasha Levin
From: Lin Ma <linma@zju.edu.cn>
[ Upstream commit 0fc044b2b5e2d05a1fa1fb0d7f270367a7855d79 ]
dvb_unregister_device() is known that prone to use-after-free.
That is, the cleanup from dvb_unregister_device() releases the dvb_device
even if there are pointers stored in file->private_data still refer to it.
This patch adds a reference counter into struct dvb_device and delays its
deallocation until no pointer refers to the object.
Link: https://lore.kernel.org/linux-media/20220807145952.10368-1-linma@zju.edu.cn
Signed-off-by: Lin Ma <linma@zju.edu.cn>
Reported-by: kernel test robot <lkp@intel.com>
Signed-off-by: Mauro Carvalho Chehab <mchehab@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/media/dvb-core/dvb_ca_en50221.c | 2 +-
drivers/media/dvb-core/dvb_frontend.c | 2 +-
drivers/media/dvb-core/dvbdev.c | 32 +++++++++++++++++++------
include/media/dvbdev.h | 31 +++++++++++++-----------
4 files changed, 44 insertions(+), 23 deletions(-)
diff --git a/drivers/media/dvb-core/dvb_ca_en50221.c b/drivers/media/dvb-core/dvb_ca_en50221.c
index 4d371cea0d5d..36afcea709a7 100644
--- a/drivers/media/dvb-core/dvb_ca_en50221.c
+++ b/drivers/media/dvb-core/dvb_ca_en50221.c
@@ -168,7 +168,7 @@ static void dvb_ca_private_free(struct dvb_ca_private *ca)
{
unsigned int i;
- dvb_free_device(ca->dvbdev);
+ dvb_device_put(ca->dvbdev);
for (i = 0; i < ca->slot_count; i++)
vfree(ca->slot_info[i].rx_buffer.data);
diff --git a/drivers/media/dvb-core/dvb_frontend.c b/drivers/media/dvb-core/dvb_frontend.c
index 1768c1b515b3..e0650bc2df61 100644
--- a/drivers/media/dvb-core/dvb_frontend.c
+++ b/drivers/media/dvb-core/dvb_frontend.c
@@ -147,7 +147,7 @@ static void __dvb_frontend_free(struct dvb_frontend *fe)
struct dvb_frontend_private *fepriv = fe->frontend_priv;
if (fepriv)
- dvb_free_device(fepriv->dvbdev);
+ dvb_device_put(fepriv->dvbdev);
dvb_frontend_invoke_release(fe, fe->ops.release);
diff --git a/drivers/media/dvb-core/dvbdev.c b/drivers/media/dvb-core/dvbdev.c
index d8f19a4d214a..bf527eda6f05 100644
--- a/drivers/media/dvb-core/dvbdev.c
+++ b/drivers/media/dvb-core/dvbdev.c
@@ -107,7 +107,7 @@ static int dvb_device_open(struct inode *inode, struct file *file)
new_fops = fops_get(dvbdev->fops);
if (!new_fops)
goto fail;
- file->private_data = dvbdev;
+ file->private_data = dvb_device_get(dvbdev);
replace_fops(file, new_fops);
if (file->f_op->open)
err = file->f_op->open(inode, file);
@@ -171,6 +171,9 @@ int dvb_generic_release(struct inode *inode, struct file *file)
}
dvbdev->users++;
+
+ dvb_device_put(dvbdev);
+
return 0;
}
EXPORT_SYMBOL(dvb_generic_release);
@@ -487,6 +490,7 @@ int dvb_register_device(struct dvb_adapter *adap, struct dvb_device **pdvbdev,
return -ENOMEM;
}
+ kref_init(&dvbdev->ref);
memcpy(dvbdev, template, sizeof(struct dvb_device));
dvbdev->type = type;
dvbdev->id = id;
@@ -518,7 +522,7 @@ int dvb_register_device(struct dvb_adapter *adap, struct dvb_device **pdvbdev,
#endif
dvbdev->minor = minor;
- dvb_minors[minor] = dvbdev;
+ dvb_minors[minor] = dvb_device_get(dvbdev);
up_write(&minor_rwsem);
ret = dvb_register_media_device(dvbdev, type, minor, demux_sink_pads);
@@ -559,6 +563,7 @@ void dvb_remove_device(struct dvb_device *dvbdev)
down_write(&minor_rwsem);
dvb_minors[dvbdev->minor] = NULL;
+ dvb_device_put(dvbdev);
up_write(&minor_rwsem);
dvb_media_device_free(dvbdev);
@@ -570,21 +575,34 @@ void dvb_remove_device(struct dvb_device *dvbdev)
EXPORT_SYMBOL(dvb_remove_device);
-void dvb_free_device(struct dvb_device *dvbdev)
+static void dvb_free_device(struct kref *ref)
{
- if (!dvbdev)
- return;
+ struct dvb_device *dvbdev = container_of(ref, struct dvb_device, ref);
kfree (dvbdev->fops);
kfree (dvbdev);
}
-EXPORT_SYMBOL(dvb_free_device);
+
+
+struct dvb_device *dvb_device_get(struct dvb_device *dvbdev)
+{
+ kref_get(&dvbdev->ref);
+ return dvbdev;
+}
+EXPORT_SYMBOL(dvb_device_get);
+
+
+void dvb_device_put(struct dvb_device *dvbdev)
+{
+ if (dvbdev)
+ kref_put(&dvbdev->ref, dvb_free_device);
+}
void dvb_unregister_device(struct dvb_device *dvbdev)
{
dvb_remove_device(dvbdev);
- dvb_free_device(dvbdev);
+ dvb_device_put(dvbdev);
}
EXPORT_SYMBOL(dvb_unregister_device);
diff --git a/include/media/dvbdev.h b/include/media/dvbdev.h
index 881ca461b7bb..6a0d22c4c3d8 100644
--- a/include/media/dvbdev.h
+++ b/include/media/dvbdev.h
@@ -156,6 +156,7 @@ struct dvb_adapter {
*/
struct dvb_device {
struct list_head list_head;
+ struct kref ref;
const struct file_operations *fops;
struct dvb_adapter *adapter;
enum dvb_device_type type;
@@ -187,6 +188,20 @@ struct dvb_device {
void *priv;
};
+/**
+ * dvb_device_get - Increase dvb_device reference
+ *
+ * @dvbdev: pointer to struct dvb_device
+ */
+struct dvb_device *dvb_device_get(struct dvb_device *dvbdev);
+
+/**
+ * dvb_device_get - Decrease dvb_device reference
+ *
+ * @dvbdev: pointer to struct dvb_device
+ */
+void dvb_device_put(struct dvb_device *dvbdev);
+
/**
* dvb_register_adapter - Registers a new DVB adapter
*
@@ -231,29 +246,17 @@ int dvb_register_device(struct dvb_adapter *adap,
/**
* dvb_remove_device - Remove a registered DVB device
*
- * This does not free memory. To do that, call dvb_free_device().
+ * This does not free memory. dvb_free_device() will do that when
+ * reference counter is empty
*
* @dvbdev: pointer to struct dvb_device
*/
void dvb_remove_device(struct dvb_device *dvbdev);
-/**
- * dvb_free_device - Free memory occupied by a DVB device.
- *
- * Call dvb_unregister_device() before calling this function.
- *
- * @dvbdev: pointer to struct dvb_device
- */
-void dvb_free_device(struct dvb_device *dvbdev);
/**
* dvb_unregister_device - Unregisters a DVB device
*
- * This is a combination of dvb_remove_device() and dvb_free_device().
- * Using this function is usually a mistake, and is often an indicator
- * for a use-after-free bug (when a userspace process keeps a file
- * handle to a detached device).
- *
* @dvbdev: pointer to struct dvb_device
*/
void dvb_unregister_device(struct dvb_device *dvbdev);
--
2.35.1
^ permalink raw reply related [flat|nested] 529+ messages in thread
* [PATCH 4.19 338/521] media: dvb-usb: fix memory leak in dvb_usb_adapter_init()
2023-01-16 15:44 [PATCH 4.19 000/521] 4.19.270-rc1 review Greg Kroah-Hartman
` (336 preceding siblings ...)
2023-01-16 15:49 ` [PATCH 4.19 337/521] media: dvbdev: adopts refcnt to avoid UAF Greg Kroah-Hartman
@ 2023-01-16 15:50 ` Greg Kroah-Hartman
2023-01-16 15:50 ` [PATCH 4.19 339/521] blk-mq: fix possible memleak when register hctx failed Greg Kroah-Hartman
` (186 subsequent siblings)
524 siblings, 0 replies; 529+ messages in thread
From: Greg Kroah-Hartman @ 2023-01-16 15:50 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Mazin Al Haddad,
Mauro Carvalho Chehab, Sasha Levin, syzbot+f66dd31987e6740657be
From: Mazin Al Haddad <mazinalhaddad05@gmail.com>
[ Upstream commit 94d90fb06b94a90c176270d38861bcba34ce377d ]
Syzbot reports a memory leak in "dvb_usb_adapter_init()".
The leak is due to not accounting for and freeing current iteration's
adapter->priv in case of an error. Currently if an error occurs,
it will exit before incrementing "num_adapters_initalized",
which is used as a reference counter to free all adap->priv
in "dvb_usb_adapter_exit()". There are multiple error paths that
can exit from before incrementing the counter. Including the
error handling paths for "dvb_usb_adapter_stream_init()",
"dvb_usb_adapter_dvb_init()" and "dvb_usb_adapter_frontend_init()"
within "dvb_usb_adapter_init()".
This means that in case of an error in any of these functions the
current iteration is not accounted for and the current iteration's
adap->priv is not freed.
Fix this by freeing the current iteration's adap->priv in the
"stream_init_err:" label in the error path. The rest of the
(accounted for) adap->priv objects are freed in dvb_usb_adapter_exit()
as expected using the num_adapters_initalized variable.
Syzbot report:
BUG: memory leak
unreferenced object 0xffff8881172f1a00 (size 512):
comm "kworker/0:2", pid 139, jiffies 4294994873 (age 10.960s)
hex dump (first 32 bytes):
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
backtrace:
[<ffffffff844af012>] dvb_usb_adapter_init drivers/media/usb/dvb-usb/dvb-usb-init.c:75 [inline]
[<ffffffff844af012>] dvb_usb_init drivers/media/usb/dvb-usb/dvb-usb-init.c:184 [inline]
[<ffffffff844af012>] dvb_usb_device_init.cold+0x4e5/0x79e drivers/media/usb/dvb-usb/dvb-usb-init.c:308
[<ffffffff830db21d>] dib0700_probe+0x8d/0x1b0 drivers/media/usb/dvb-usb/dib0700_core.c:883
[<ffffffff82d3fdc7>] usb_probe_interface+0x177/0x370 drivers/usb/core/driver.c:396
[<ffffffff8274ab37>] call_driver_probe drivers/base/dd.c:542 [inline]
[<ffffffff8274ab37>] really_probe.part.0+0xe7/0x310 drivers/base/dd.c:621
[<ffffffff8274ae6c>] really_probe drivers/base/dd.c:583 [inline]
[<ffffffff8274ae6c>] __driver_probe_device+0x10c/0x1e0 drivers/base/dd.c:752
[<ffffffff8274af6a>] driver_probe_device+0x2a/0x120 drivers/base/dd.c:782
[<ffffffff8274b786>] __device_attach_driver+0xf6/0x140 drivers/base/dd.c:899
[<ffffffff82747c87>] bus_for_each_drv+0xb7/0x100 drivers/base/bus.c:427
[<ffffffff8274b352>] __device_attach+0x122/0x260 drivers/base/dd.c:970
[<ffffffff827498f6>] bus_probe_device+0xc6/0xe0 drivers/base/bus.c:487
[<ffffffff82745cdb>] device_add+0x5fb/0xdf0 drivers/base/core.c:3405
[<ffffffff82d3d202>] usb_set_configuration+0x8f2/0xb80 drivers/usb/core/message.c:2170
[<ffffffff82d4dbfc>] usb_generic_driver_probe+0x8c/0xc0 drivers/usb/core/generic.c:238
[<ffffffff82d3f49c>] usb_probe_device+0x5c/0x140 drivers/usb/core/driver.c:293
[<ffffffff8274ab37>] call_driver_probe drivers/base/dd.c:542 [inline]
[<ffffffff8274ab37>] really_probe.part.0+0xe7/0x310 drivers/base/dd.c:621
[<ffffffff8274ae6c>] really_probe drivers/base/dd.c:583 [inline]
[<ffffffff8274ae6c>] __driver_probe_device+0x10c/0x1e0 drivers/base/dd.c:752
Link: https://syzkaller.appspot.com/bug?extid=f66dd31987e6740657be
Reported-and-tested-by: syzbot+f66dd31987e6740657be@syzkaller.appspotmail.com
Link: https://lore.kernel.org/linux-media/20220824012152.539788-1-mazinalhaddad05@gmail.com
Signed-off-by: Mazin Al Haddad <mazinalhaddad05@gmail.com>
Signed-off-by: Mauro Carvalho Chehab <mchehab@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/media/usb/dvb-usb/dvb-usb-init.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/drivers/media/usb/dvb-usb/dvb-usb-init.c b/drivers/media/usb/dvb-usb/dvb-usb-init.c
index 4b1445d806e5..16be32b19ca1 100644
--- a/drivers/media/usb/dvb-usb/dvb-usb-init.c
+++ b/drivers/media/usb/dvb-usb/dvb-usb-init.c
@@ -84,7 +84,7 @@ static int dvb_usb_adapter_init(struct dvb_usb_device *d, short *adapter_nrs)
ret = dvb_usb_adapter_stream_init(adap);
if (ret)
- return ret;
+ goto stream_init_err;
ret = dvb_usb_adapter_dvb_init(adap, adapter_nrs);
if (ret)
@@ -117,6 +117,8 @@ static int dvb_usb_adapter_init(struct dvb_usb_device *d, short *adapter_nrs)
dvb_usb_adapter_dvb_exit(adap);
dvb_init_err:
dvb_usb_adapter_stream_exit(adap);
+stream_init_err:
+ kfree(adap->priv);
return ret;
}
--
2.35.1
^ permalink raw reply related [flat|nested] 529+ messages in thread
* [PATCH 4.19 339/521] blk-mq: fix possible memleak when register hctx failed
2023-01-16 15:44 [PATCH 4.19 000/521] 4.19.270-rc1 review Greg Kroah-Hartman
` (337 preceding siblings ...)
2023-01-16 15:50 ` [PATCH 4.19 338/521] media: dvb-usb: fix memory leak in dvb_usb_adapter_init() Greg Kroah-Hartman
@ 2023-01-16 15:50 ` Greg Kroah-Hartman
2023-01-16 15:50 ` [PATCH 4.19 340/521] regulator: core: fix use_count leakage when handling boot-on Greg Kroah-Hartman
` (185 subsequent siblings)
524 siblings, 0 replies; 529+ messages in thread
From: Greg Kroah-Hartman @ 2023-01-16 15:50 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Ye Bin, Ming Lei, Jens Axboe, Sasha Levin
From: Ye Bin <yebin10@huawei.com>
[ Upstream commit 4b7a21c57b14fbcd0e1729150189e5933f5088e9 ]
There's issue as follows when do fault injection test:
unreferenced object 0xffff888132a9f400 (size 512):
comm "insmod", pid 308021, jiffies 4324277909 (age 509.733s)
hex dump (first 32 bytes):
00 00 00 00 00 00 00 00 08 f4 a9 32 81 88 ff ff ...........2....
08 f4 a9 32 81 88 ff ff 00 00 00 00 00 00 00 00 ...2............
backtrace:
[<00000000e8952bb4>] kmalloc_node_trace+0x22/0xa0
[<00000000f9980e0f>] blk_mq_alloc_and_init_hctx+0x3f1/0x7e0
[<000000002e719efa>] blk_mq_realloc_hw_ctxs+0x1e6/0x230
[<000000004f1fda40>] blk_mq_init_allocated_queue+0x27e/0x910
[<00000000287123ec>] __blk_mq_alloc_disk+0x67/0xf0
[<00000000a2a34657>] 0xffffffffa2ad310f
[<00000000b173f718>] 0xffffffffa2af824a
[<0000000095a1dabb>] do_one_initcall+0x87/0x2a0
[<00000000f32fdf93>] do_init_module+0xdf/0x320
[<00000000cbe8541e>] load_module+0x3006/0x3390
[<0000000069ed1bdb>] __do_sys_finit_module+0x113/0x1b0
[<00000000a1a29ae8>] do_syscall_64+0x35/0x80
[<000000009cd878b0>] entry_SYSCALL_64_after_hwframe+0x46/0xb0
Fault injection context as follows:
kobject_add
blk_mq_register_hctx
blk_mq_sysfs_register
blk_register_queue
device_add_disk
null_add_dev.part.0 [null_blk]
As 'blk_mq_register_hctx' may already add some objects when failed halfway,
but there isn't do fallback, caller don't know which objects add failed.
To solve above issue just do fallback when add objects failed halfway in
'blk_mq_register_hctx'.
Signed-off-by: Ye Bin <yebin10@huawei.com>
Reviewed-by: Ming Lei <ming.lei@redhat.com>
Link: https://lore.kernel.org/r/20221117022940.873959-1-yebin@huaweicloud.com
Signed-off-by: Jens Axboe <axboe@kernel.dk>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
block/blk-mq-sysfs.c | 11 +++++++++--
1 file changed, 9 insertions(+), 2 deletions(-)
diff --git a/block/blk-mq-sysfs.c b/block/blk-mq-sysfs.c
index 5e4b7ed1e897..ae03e63ffbfd 100644
--- a/block/blk-mq-sysfs.c
+++ b/block/blk-mq-sysfs.c
@@ -241,7 +241,7 @@ static int blk_mq_register_hctx(struct blk_mq_hw_ctx *hctx)
{
struct request_queue *q = hctx->queue;
struct blk_mq_ctx *ctx;
- int i, ret;
+ int i, j, ret;
if (!hctx->nr_ctx)
return 0;
@@ -253,9 +253,16 @@ static int blk_mq_register_hctx(struct blk_mq_hw_ctx *hctx)
hctx_for_each_ctx(hctx, ctx, i) {
ret = kobject_add(&ctx->kobj, &hctx->kobj, "cpu%u", ctx->cpu);
if (ret)
- break;
+ goto out;
}
+ return 0;
+out:
+ hctx_for_each_ctx(hctx, ctx, j) {
+ if (j < i)
+ kobject_del(&ctx->kobj);
+ }
+ kobject_del(&hctx->kobj);
return ret;
}
--
2.35.1
^ permalink raw reply related [flat|nested] 529+ messages in thread
* [PATCH 4.19 340/521] regulator: core: fix use_count leakage when handling boot-on
2023-01-16 15:44 [PATCH 4.19 000/521] 4.19.270-rc1 review Greg Kroah-Hartman
` (338 preceding siblings ...)
2023-01-16 15:50 ` [PATCH 4.19 339/521] blk-mq: fix possible memleak when register hctx failed Greg Kroah-Hartman
@ 2023-01-16 15:50 ` Greg Kroah-Hartman
2023-01-16 15:50 ` [PATCH 4.19 341/521] mmc: f-sdh30: Add quirks for broken timeout clock capability Greg Kroah-Hartman
` (184 subsequent siblings)
524 siblings, 0 replies; 529+ messages in thread
From: Greg Kroah-Hartman @ 2023-01-16 15:50 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Rui Zhang, Mark Brown, Sasha Levin
From: Rui Zhang <zr.zhang@vivo.com>
[ Upstream commit 0591b14ce0398125439c759f889647369aa616a0 ]
I found a use_count leakage towards supply regulator of rdev with
boot-on option.
┌───────────────────┐ ┌───────────────────┐
│ regulator_dev A │ │ regulator_dev B │
│ (boot-on) │ │ (boot-on) │
│ use_count=0 │◀──supply──│ use_count=1 │
│ │ │ │
└───────────────────┘ └───────────────────┘
In case of rdev(A) configured with `regulator-boot-on', the use_count
of supplying regulator(B) will increment inside
regulator_enable(rdev->supply).
Thus, B will acts like always-on, and further balanced
regulator_enable/disable cannot actually disable it anymore.
However, B was also configured with `regulator-boot-on', we wish it
could be disabled afterwards.
Signed-off-by: Rui Zhang <zr.zhang@vivo.com>
Link: https://lore.kernel.org/r/20221201033806.2567812-1-zr.zhang@vivo.com
Signed-off-by: Mark Brown <broonie@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/regulator/core.c | 8 +++++++-
1 file changed, 7 insertions(+), 1 deletion(-)
diff --git a/drivers/regulator/core.c b/drivers/regulator/core.c
index 9cf438a37eeb..11656b383674 100644
--- a/drivers/regulator/core.c
+++ b/drivers/regulator/core.c
@@ -1197,7 +1197,13 @@ static int set_machine_constraints(struct regulator_dev *rdev)
if (rdev->supply_name && !rdev->supply)
return -EPROBE_DEFER;
- if (rdev->supply) {
+ /* If supplying regulator has already been enabled,
+ * it's not intended to have use_count increment
+ * when rdev is only boot-on.
+ */
+ if (rdev->supply &&
+ (rdev->constraints->always_on ||
+ !regulator_is_enabled(rdev->supply))) {
ret = regulator_enable(rdev->supply);
if (ret < 0) {
_regulator_put(rdev->supply);
--
2.35.1
^ permalink raw reply related [flat|nested] 529+ messages in thread
* [PATCH 4.19 341/521] mmc: f-sdh30: Add quirks for broken timeout clock capability
2023-01-16 15:44 [PATCH 4.19 000/521] 4.19.270-rc1 review Greg Kroah-Hartman
` (339 preceding siblings ...)
2023-01-16 15:50 ` [PATCH 4.19 340/521] regulator: core: fix use_count leakage when handling boot-on Greg Kroah-Hartman
@ 2023-01-16 15:50 ` Greg Kroah-Hartman
2023-01-16 15:50 ` [PATCH 4.19 342/521] media: si470x: Fix use-after-free in si470x_int_in_callback() Greg Kroah-Hartman
` (183 subsequent siblings)
524 siblings, 0 replies; 529+ messages in thread
From: Greg Kroah-Hartman @ 2023-01-16 15:50 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Kunihiko Hayashi, Jassi Brar,
Ulf Hansson, Sasha Levin
From: Kunihiko Hayashi <hayashi.kunihiko@socionext.com>
[ Upstream commit aae9d3a440736691b3c1cb09ae2c32c4f1ee2e67 ]
There is a case where the timeout clock is not supplied to the capability.
Add a quirk for that.
Signed-off-by: Kunihiko Hayashi <hayashi.kunihiko@socionext.com>
Acked-by: Jassi Brar <jaswinder.singh@linaro.org>
Link: https://lore.kernel.org/r/20221111081033.3813-7-hayashi.kunihiko@socionext.com
Signed-off-by: Ulf Hansson <ulf.hansson@linaro.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/mmc/host/sdhci_f_sdh30.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/drivers/mmc/host/sdhci_f_sdh30.c b/drivers/mmc/host/sdhci_f_sdh30.c
index 485f7591fae4..ca9e05440da1 100644
--- a/drivers/mmc/host/sdhci_f_sdh30.c
+++ b/drivers/mmc/host/sdhci_f_sdh30.c
@@ -199,6 +199,9 @@ static int sdhci_f_sdh30_probe(struct platform_device *pdev)
if (reg & SDHCI_CAN_DO_8BIT)
priv->vendor_hs200 = F_SDH30_EMMC_HS200;
+ if (!(reg & SDHCI_TIMEOUT_CLK_MASK))
+ host->quirks |= SDHCI_QUIRK_DATA_TIMEOUT_USES_SDCLK;
+
ret = sdhci_add_host(host);
if (ret)
goto err_add_host;
--
2.35.1
^ permalink raw reply related [flat|nested] 529+ messages in thread
* [PATCH 4.19 342/521] media: si470x: Fix use-after-free in si470x_int_in_callback()
2023-01-16 15:44 [PATCH 4.19 000/521] 4.19.270-rc1 review Greg Kroah-Hartman
` (340 preceding siblings ...)
2023-01-16 15:50 ` [PATCH 4.19 341/521] mmc: f-sdh30: Add quirks for broken timeout clock capability Greg Kroah-Hartman
@ 2023-01-16 15:50 ` Greg Kroah-Hartman
2023-01-16 15:50 ` [PATCH 4.19 343/521] clk: st: Fix memory leak in st_of_quadfs_setup() Greg Kroah-Hartman
` (182 subsequent siblings)
524 siblings, 0 replies; 529+ messages in thread
From: Greg Kroah-Hartman @ 2023-01-16 15:50 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, syzbot+9ca7a12fd736d93e0232,
Shigeru Yoshida, Hans Verkuil, Sasha Levin
From: Shigeru Yoshida <syoshida@redhat.com>
[ Upstream commit 7d21e0b1b41b21d628bf2afce777727bd4479aa5 ]
syzbot reported use-after-free in si470x_int_in_callback() [1]. This
indicates that urb->context, which contains struct si470x_device
object, is freed when si470x_int_in_callback() is called.
The cause of this issue is that si470x_int_in_callback() is called for
freed urb.
si470x_usb_driver_probe() calls si470x_start_usb(), which then calls
usb_submit_urb() and si470x_start(). If si470x_start_usb() fails,
si470x_usb_driver_probe() doesn't kill urb, but it just frees struct
si470x_device object, as depicted below:
si470x_usb_driver_probe()
...
si470x_start_usb()
...
usb_submit_urb()
retval = si470x_start()
return retval
if (retval < 0)
free struct si470x_device object, but don't kill urb
This patch fixes this issue by killing urb when si470x_start_usb()
fails and urb is submitted. If si470x_start_usb() fails and urb is
not submitted, i.e. submitting usb fails, it just frees struct
si470x_device object.
Reported-by: syzbot+9ca7a12fd736d93e0232@syzkaller.appspotmail.com
Link: https://syzkaller.appspot.com/bug?id=94ed6dddd5a55e90fd4bab942aa4bb297741d977 [1]
Signed-off-by: Shigeru Yoshida <syoshida@redhat.com>
Signed-off-by: Hans Verkuil <hverkuil-cisco@xs4all.nl>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/media/radio/si470x/radio-si470x-usb.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/drivers/media/radio/si470x/radio-si470x-usb.c b/drivers/media/radio/si470x/radio-si470x-usb.c
index ba43a727c0b9..51b961cfba7c 100644
--- a/drivers/media/radio/si470x/radio-si470x-usb.c
+++ b/drivers/media/radio/si470x/radio-si470x-usb.c
@@ -742,8 +742,10 @@ static int si470x_usb_driver_probe(struct usb_interface *intf,
/* start radio */
retval = si470x_start_usb(radio);
- if (retval < 0)
+ if (retval < 0 && !radio->int_in_running)
goto err_buf;
+ else if (retval < 0) /* in case of radio->int_in_running == 1 */
+ goto err_all;
/* set initial frequency */
si470x_set_freq(radio, 87.5 * FREQ_MUL); /* available in all regions */
--
2.35.1
^ permalink raw reply related [flat|nested] 529+ messages in thread
* [PATCH 4.19 343/521] clk: st: Fix memory leak in st_of_quadfs_setup()
2023-01-16 15:44 [PATCH 4.19 000/521] 4.19.270-rc1 review Greg Kroah-Hartman
` (341 preceding siblings ...)
2023-01-16 15:50 ` [PATCH 4.19 342/521] media: si470x: Fix use-after-free in si470x_int_in_callback() Greg Kroah-Hartman
@ 2023-01-16 15:50 ` Greg Kroah-Hartman
2023-01-16 15:50 ` [PATCH 4.19 344/521] drm/fsl-dcu: Fix return type of fsl_dcu_drm_connector_mode_valid() Greg Kroah-Hartman
` (181 subsequent siblings)
524 siblings, 0 replies; 529+ messages in thread
From: Greg Kroah-Hartman @ 2023-01-16 15:50 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Xiu Jianfeng, Patrice Chotard,
Stephen Boyd, Sasha Levin
From: Xiu Jianfeng <xiujianfeng@huawei.com>
[ Upstream commit cfd3ffb36f0d566846163118651d868e607300ba ]
If st_clk_register_quadfs_pll() fails, @lock should be freed before goto
@err_exit, otherwise will cause meory leak issue, fix it.
Signed-off-by: Xiu Jianfeng <xiujianfeng@huawei.com>
Link: https://lore.kernel.org/r/20221122133614.184910-1-xiujianfeng@huawei.com
Reviewed-by: Patrice Chotard <patrice.chotard@foss.st.com>
Signed-off-by: Stephen Boyd <sboyd@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/clk/st/clkgen-fsyn.c | 5 +++--
1 file changed, 3 insertions(+), 2 deletions(-)
diff --git a/drivers/clk/st/clkgen-fsyn.c b/drivers/clk/st/clkgen-fsyn.c
index a79d81985c4e..bbe113159bc6 100644
--- a/drivers/clk/st/clkgen-fsyn.c
+++ b/drivers/clk/st/clkgen-fsyn.c
@@ -948,9 +948,10 @@ static void __init st_of_quadfs_setup(struct device_node *np,
clk = st_clk_register_quadfs_pll(pll_name, clk_parent_name, data,
reg, lock);
- if (IS_ERR(clk))
+ if (IS_ERR(clk)) {
+ kfree(lock);
goto err_exit;
- else
+ } else
pr_debug("%s: parent %s rate %u\n",
__clk_get_name(clk),
__clk_get_name(clk_get_parent(clk)),
--
2.35.1
^ permalink raw reply related [flat|nested] 529+ messages in thread
* [PATCH 4.19 344/521] drm/fsl-dcu: Fix return type of fsl_dcu_drm_connector_mode_valid()
2023-01-16 15:44 [PATCH 4.19 000/521] 4.19.270-rc1 review Greg Kroah-Hartman
` (342 preceding siblings ...)
2023-01-16 15:50 ` [PATCH 4.19 343/521] clk: st: Fix memory leak in st_of_quadfs_setup() Greg Kroah-Hartman
@ 2023-01-16 15:50 ` Greg Kroah-Hartman
2023-01-16 15:50 ` [PATCH 4.19 345/521] drm/sti: Fix return type of sti_{dvo,hda,hdmi}_connector_mode_valid() Greg Kroah-Hartman
` (180 subsequent siblings)
524 siblings, 0 replies; 529+ messages in thread
From: Greg Kroah-Hartman @ 2023-01-16 15:50 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Sami Tolvanen, Nathan Chancellor,
Kees Cook, Sasha Levin
From: Nathan Chancellor <nathan@kernel.org>
[ Upstream commit 96d845a67b7e406cfed7880a724c8ca6121e022e ]
With clang's kernel control flow integrity (kCFI, CONFIG_CFI_CLANG),
indirect call targets are validated against the expected function
pointer prototype to make sure the call target is valid to help mitigate
ROP attacks. If they are not identical, there is a failure at run time,
which manifests as either a kernel panic or thread getting killed. A
proposed warning in clang aims to catch these at compile time, which
reveals:
drivers/gpu/drm/fsl-dcu/fsl_dcu_drm_rgb.c:74:16: error: incompatible function pointer types initializing 'enum drm_mode_status (*)(struct drm_connector *, struct drm_display_mode *)' with an expression of type 'int (struct drm_connector *, struct drm_display_mode *)' [-Werror,-Wincompatible-function-pointer-types-strict]
.mode_valid = fsl_dcu_drm_connector_mode_valid,
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
1 error generated.
->mode_valid() in 'struct drm_connector_helper_funcs' expects a return
type of 'enum drm_mode_status', not 'int'. Adjust the return type of
fsl_dcu_drm_connector_mode_valid() to match the prototype's to resolve
the warning and CFI failure.
Link: https://github.com/ClangBuiltLinux/linux/issues/1750
Reported-by: Sami Tolvanen <samitolvanen@google.com>
Signed-off-by: Nathan Chancellor <nathan@kernel.org>
Reviewed-by: Kees Cook <keescook@chromium.org>
Signed-off-by: Kees Cook <keescook@chromium.org>
Link: https://lore.kernel.org/r/20221102154215.78059-1-nathan@kernel.org
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/gpu/drm/fsl-dcu/fsl_dcu_drm_rgb.c | 5 +++--
1 file changed, 3 insertions(+), 2 deletions(-)
diff --git a/drivers/gpu/drm/fsl-dcu/fsl_dcu_drm_rgb.c b/drivers/gpu/drm/fsl-dcu/fsl_dcu_drm_rgb.c
index 2298ed2a9e1c..3c8c4a820e95 100644
--- a/drivers/gpu/drm/fsl-dcu/fsl_dcu_drm_rgb.c
+++ b/drivers/gpu/drm/fsl-dcu/fsl_dcu_drm_rgb.c
@@ -83,8 +83,9 @@ static int fsl_dcu_drm_connector_get_modes(struct drm_connector *connector)
return num_modes;
}
-static int fsl_dcu_drm_connector_mode_valid(struct drm_connector *connector,
- struct drm_display_mode *mode)
+static enum drm_mode_status
+fsl_dcu_drm_connector_mode_valid(struct drm_connector *connector,
+ struct drm_display_mode *mode)
{
if (mode->hdisplay & 0xf)
return MODE_ERROR;
--
2.35.1
^ permalink raw reply related [flat|nested] 529+ messages in thread
* [PATCH 4.19 345/521] drm/sti: Fix return type of sti_{dvo,hda,hdmi}_connector_mode_valid()
2023-01-16 15:44 [PATCH 4.19 000/521] 4.19.270-rc1 review Greg Kroah-Hartman
` (343 preceding siblings ...)
2023-01-16 15:50 ` [PATCH 4.19 344/521] drm/fsl-dcu: Fix return type of fsl_dcu_drm_connector_mode_valid() Greg Kroah-Hartman
@ 2023-01-16 15:50 ` Greg Kroah-Hartman
2023-01-16 15:50 ` [PATCH 4.19 346/521] orangefs: Fix kmemleak in orangefs_prepare_debugfs_help_string() Greg Kroah-Hartman
` (179 subsequent siblings)
524 siblings, 0 replies; 529+ messages in thread
From: Greg Kroah-Hartman @ 2023-01-16 15:50 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Nathan Chancellor, Kees Cook, Sasha Levin
From: Nathan Chancellor <nathan@kernel.org>
[ Upstream commit 0ad811cc08a937d875cbad0149c1bab17f84ba05 ]
With clang's kernel control flow integrity (kCFI, CONFIG_CFI_CLANG),
indirect call targets are validated against the expected function
pointer prototype to make sure the call target is valid to help mitigate
ROP attacks. If they are not identical, there is a failure at run time,
which manifests as either a kernel panic or thread getting killed. A
proposed warning in clang aims to catch these at compile time, which
reveals:
drivers/gpu/drm/sti/sti_hda.c:637:16: error: incompatible function pointer types initializing 'enum drm_mode_status (*)(struct drm_connector *, struct drm_display_mode *)' with an expression of type 'int (struct drm_connector *, struct drm_display_mode *)' [-Werror,-Wincompatible-function-pointer-types-strict]
.mode_valid = sti_hda_connector_mode_valid,
^~~~~~~~~~~~~~~~~~~~~~~~~~~~
drivers/gpu/drm/sti/sti_dvo.c:376:16: error: incompatible function pointer types initializing 'enum drm_mode_status (*)(struct drm_connector *, struct drm_display_mode *)' with an expression of type 'int (struct drm_connector *, struct drm_display_mode *)' [-Werror,-Wincompatible-function-pointer-types-strict]
.mode_valid = sti_dvo_connector_mode_valid,
^~~~~~~~~~~~~~~~~~~~~~~~~~~~
drivers/gpu/drm/sti/sti_hdmi.c:1035:16: error: incompatible function pointer types initializing 'enum drm_mode_status (*)(struct drm_connector *, struct drm_display_mode *)' with an expression of type 'int (struct drm_connector *, struct drm_display_mode *)' [-Werror,-Wincompatible-function-pointer-types-strict]
.mode_valid = sti_hdmi_connector_mode_valid,
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~
->mode_valid() in 'struct drm_connector_helper_funcs' expects a return
type of 'enum drm_mode_status', not 'int'. Adjust the return type of
sti_{dvo,hda,hdmi}_connector_mode_valid() to match the prototype's to
resolve the warning and CFI failure.
Link: https://github.com/ClangBuiltLinux/linux/issues/1750
Signed-off-by: Nathan Chancellor <nathan@kernel.org>
Reviewed-by: Kees Cook <keescook@chromium.org>
Signed-off-by: Kees Cook <keescook@chromium.org>
Link: https://lore.kernel.org/r/20221102155623.3042869-1-nathan@kernel.org
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/gpu/drm/sti/sti_dvo.c | 5 +++--
drivers/gpu/drm/sti/sti_hda.c | 5 +++--
drivers/gpu/drm/sti/sti_hdmi.c | 5 +++--
3 files changed, 9 insertions(+), 6 deletions(-)
diff --git a/drivers/gpu/drm/sti/sti_dvo.c b/drivers/gpu/drm/sti/sti_dvo.c
index a3f01721c552..794ac057a55c 100644
--- a/drivers/gpu/drm/sti/sti_dvo.c
+++ b/drivers/gpu/drm/sti/sti_dvo.c
@@ -346,8 +346,9 @@ static int sti_dvo_connector_get_modes(struct drm_connector *connector)
#define CLK_TOLERANCE_HZ 50
-static int sti_dvo_connector_mode_valid(struct drm_connector *connector,
- struct drm_display_mode *mode)
+static enum drm_mode_status
+sti_dvo_connector_mode_valid(struct drm_connector *connector,
+ struct drm_display_mode *mode)
{
int target = mode->clock * 1000;
int target_min = target - CLK_TOLERANCE_HZ;
diff --git a/drivers/gpu/drm/sti/sti_hda.c b/drivers/gpu/drm/sti/sti_hda.c
index 33c9efa06f68..cf5b6dbe86b0 100644
--- a/drivers/gpu/drm/sti/sti_hda.c
+++ b/drivers/gpu/drm/sti/sti_hda.c
@@ -596,8 +596,9 @@ static int sti_hda_connector_get_modes(struct drm_connector *connector)
#define CLK_TOLERANCE_HZ 50
-static int sti_hda_connector_mode_valid(struct drm_connector *connector,
- struct drm_display_mode *mode)
+static enum drm_mode_status
+sti_hda_connector_mode_valid(struct drm_connector *connector,
+ struct drm_display_mode *mode)
{
int target = mode->clock * 1000;
int target_min = target - CLK_TOLERANCE_HZ;
diff --git a/drivers/gpu/drm/sti/sti_hdmi.c b/drivers/gpu/drm/sti/sti_hdmi.c
index 3acf044ba366..c4bc09c9d0b5 100644
--- a/drivers/gpu/drm/sti/sti_hdmi.c
+++ b/drivers/gpu/drm/sti/sti_hdmi.c
@@ -989,8 +989,9 @@ static int sti_hdmi_connector_get_modes(struct drm_connector *connector)
#define CLK_TOLERANCE_HZ 50
-static int sti_hdmi_connector_mode_valid(struct drm_connector *connector,
- struct drm_display_mode *mode)
+static enum drm_mode_status
+sti_hdmi_connector_mode_valid(struct drm_connector *connector,
+ struct drm_display_mode *mode)
{
int target = mode->clock * 1000;
int target_min = target - CLK_TOLERANCE_HZ;
--
2.35.1
^ permalink raw reply related [flat|nested] 529+ messages in thread
* [PATCH 4.19 346/521] orangefs: Fix kmemleak in orangefs_prepare_debugfs_help_string()
2023-01-16 15:44 [PATCH 4.19 000/521] 4.19.270-rc1 review Greg Kroah-Hartman
` (344 preceding siblings ...)
2023-01-16 15:50 ` [PATCH 4.19 345/521] drm/sti: Fix return type of sti_{dvo,hda,hdmi}_connector_mode_valid() Greg Kroah-Hartman
@ 2023-01-16 15:50 ` Greg Kroah-Hartman
2023-01-16 15:50 ` [PATCH 4.19 347/521] ASoC: mediatek: mt8173-rt5650-rt5514: fix refcount leak in mt8173_rt5650_rt5514_dev_probe() Greg Kroah-Hartman
` (178 subsequent siblings)
524 siblings, 0 replies; 529+ messages in thread
From: Greg Kroah-Hartman @ 2023-01-16 15:50 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Zhang Xiaoxu, Mike Marshall, Sasha Levin
From: Zhang Xiaoxu <zhangxiaoxu5@huawei.com>
[ Upstream commit d23417a5bf3a3afc55de5442eb46e1e60458b0a1 ]
When insert and remove the orangefs module, then debug_help_string will
be leaked:
unreferenced object 0xffff8881652ba000 (size 4096):
comm "insmod", pid 1701, jiffies 4294893639 (age 13218.530s)
hex dump (first 32 bytes):
43 6c 69 65 6e 74 20 44 65 62 75 67 20 4b 65 79 Client Debug Key
77 6f 72 64 73 20 61 72 65 20 75 6e 6b 6e 6f 77 words are unknow
backtrace:
[<0000000004e6f8e3>] kmalloc_trace+0x27/0xa0
[<0000000006f75d85>] orangefs_prepare_debugfs_help_string+0x5e/0x480 [orangefs]
[<0000000091270a2a>] _sub_I_65535_1+0x57/0xf70 [crc_itu_t]
[<000000004b1ee1a3>] do_one_initcall+0x87/0x2a0
[<000000001d0614ae>] do_init_module+0xdf/0x320
[<00000000efef068c>] load_module+0x2f98/0x3330
[<000000006533b44d>] __do_sys_finit_module+0x113/0x1b0
[<00000000a0da6f99>] do_syscall_64+0x35/0x80
[<000000007790b19b>] entry_SYSCALL_64_after_hwframe+0x46/0xb0
When remove the module, should always free debug_help_string. Should
always free the allocated buffer when change the free_debug_help_string.
Signed-off-by: Zhang Xiaoxu <zhangxiaoxu5@huawei.com>
Signed-off-by: Mike Marshall <hubcap@omnibond.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
fs/orangefs/orangefs-debugfs.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/fs/orangefs/orangefs-debugfs.c b/fs/orangefs/orangefs-debugfs.c
index e24738c691f6..f79c015fa7cb 100644
--- a/fs/orangefs/orangefs-debugfs.c
+++ b/fs/orangefs/orangefs-debugfs.c
@@ -254,6 +254,8 @@ static int orangefs_kernel_debug_init(void)
void orangefs_debugfs_cleanup(void)
{
debugfs_remove_recursive(debug_dir);
+ kfree(debug_help_string);
+ debug_help_string = NULL;
}
/* open ORANGEFS_KMOD_DEBUG_HELP_FILE */
@@ -709,6 +711,7 @@ int orangefs_prepare_debugfs_help_string(int at_boot)
memset(debug_help_string, 0, DEBUG_HELP_STRING_SIZE);
strlcat(debug_help_string, new, string_size);
mutex_unlock(&orangefs_help_file_lock);
+ kfree(new);
}
rc = 0;
--
2.35.1
^ permalink raw reply related [flat|nested] 529+ messages in thread
* [PATCH 4.19 347/521] ASoC: mediatek: mt8173-rt5650-rt5514: fix refcount leak in mt8173_rt5650_rt5514_dev_probe()
2023-01-16 15:44 [PATCH 4.19 000/521] 4.19.270-rc1 review Greg Kroah-Hartman
` (345 preceding siblings ...)
2023-01-16 15:50 ` [PATCH 4.19 346/521] orangefs: Fix kmemleak in orangefs_prepare_debugfs_help_string() Greg Kroah-Hartman
@ 2023-01-16 15:50 ` Greg Kroah-Hartman
2023-01-16 15:50 ` [PATCH 4.19 348/521] ASoC: rockchip: pdm: Add missing clk_disable_unprepare() in rockchip_pdm_runtime_resume() Greg Kroah-Hartman
` (177 subsequent siblings)
524 siblings, 0 replies; 529+ messages in thread
From: Greg Kroah-Hartman @ 2023-01-16 15:50 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Wang Yufen, Mark Brown, Sasha Levin
From: Wang Yufen <wangyufen@huawei.com>
[ Upstream commit 3327d721114c109ba0575f86f8fda3b525404054 ]
The node returned by of_parse_phandle() with refcount incremented,
of_node_put() needs be called when finish using it. So add it in the
error path in mt8173_rt5650_rt5514_dev_probe().
Fixes: 0d1d7a664288 ("ASoC: mediatek: Refine mt8173 driver and change config option")
Signed-off-by: Wang Yufen <wangyufen@huawei.com>
Link: https://lore.kernel.org/r/1670234664-24246-1-git-send-email-wangyufen@huawei.com
Signed-off-by: Mark Brown <broonie@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
sound/soc/mediatek/mt8173/mt8173-rt5650-rt5514.c | 7 +++++--
1 file changed, 5 insertions(+), 2 deletions(-)
diff --git a/sound/soc/mediatek/mt8173/mt8173-rt5650-rt5514.c b/sound/soc/mediatek/mt8173/mt8173-rt5650-rt5514.c
index cdb394071037..9f8d2a00a1cd 100644
--- a/sound/soc/mediatek/mt8173/mt8173-rt5650-rt5514.c
+++ b/sound/soc/mediatek/mt8173/mt8173-rt5650-rt5514.c
@@ -199,14 +199,16 @@ static int mt8173_rt5650_rt5514_dev_probe(struct platform_device *pdev)
if (!mt8173_rt5650_rt5514_codecs[0].of_node) {
dev_err(&pdev->dev,
"Property 'audio-codec' missing or invalid\n");
- return -EINVAL;
+ ret = -EINVAL;
+ goto out;
}
mt8173_rt5650_rt5514_codecs[1].of_node =
of_parse_phandle(pdev->dev.of_node, "mediatek,audio-codec", 1);
if (!mt8173_rt5650_rt5514_codecs[1].of_node) {
dev_err(&pdev->dev,
"Property 'audio-codec' missing or invalid\n");
- return -EINVAL;
+ ret = -EINVAL;
+ goto out;
}
mt8173_rt5650_rt5514_codec_conf[0].of_node =
mt8173_rt5650_rt5514_codecs[1].of_node;
@@ -218,6 +220,7 @@ static int mt8173_rt5650_rt5514_dev_probe(struct platform_device *pdev)
dev_err(&pdev->dev, "%s snd_soc_register_card fail %d\n",
__func__, ret);
+out:
of_node_put(platform_node);
return ret;
}
--
2.35.1
^ permalink raw reply related [flat|nested] 529+ messages in thread
* [PATCH 4.19 348/521] ASoC: rockchip: pdm: Add missing clk_disable_unprepare() in rockchip_pdm_runtime_resume()
2023-01-16 15:44 [PATCH 4.19 000/521] 4.19.270-rc1 review Greg Kroah-Hartman
` (346 preceding siblings ...)
2023-01-16 15:50 ` [PATCH 4.19 347/521] ASoC: mediatek: mt8173-rt5650-rt5514: fix refcount leak in mt8173_rt5650_rt5514_dev_probe() Greg Kroah-Hartman
@ 2023-01-16 15:50 ` Greg Kroah-Hartman
2023-01-16 15:50 ` [PATCH 4.19 349/521] ASoC: wm8994: Fix potential deadlock Greg Kroah-Hartman
` (176 subsequent siblings)
524 siblings, 0 replies; 529+ messages in thread
From: Greg Kroah-Hartman @ 2023-01-16 15:50 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Wang Jingjin, Mark Brown, Sasha Levin
From: Wang Jingjin <wangjingjin1@huawei.com>
[ Upstream commit ef0a098efb36660326c133af9b5a04a96a00e3ca ]
The clk_disable_unprepare() should be called in the error handling of
rockchip_pdm_runtime_resume().
Fixes: fc05a5b22253 ("ASoC: rockchip: add support for pdm controller")
Signed-off-by: Wang Jingjin <wangjingjin1@huawei.com>
Link: https://lore.kernel.org/r/20221205032802.2422983-1-wangjingjin1@huawei.com
Signed-off-by: Mark Brown <broonie@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
sound/soc/rockchip/rockchip_pdm.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/sound/soc/rockchip/rockchip_pdm.c b/sound/soc/rockchip/rockchip_pdm.c
index ad16c8310dd3..7dfd1e6b2c25 100644
--- a/sound/soc/rockchip/rockchip_pdm.c
+++ b/sound/soc/rockchip/rockchip_pdm.c
@@ -303,6 +303,7 @@ static int rockchip_pdm_runtime_resume(struct device *dev)
ret = clk_prepare_enable(pdm->hclk);
if (ret) {
+ clk_disable_unprepare(pdm->clk);
dev_err(pdm->dev, "hclock enable failed %d\n", ret);
return ret;
}
--
2.35.1
^ permalink raw reply related [flat|nested] 529+ messages in thread
* [PATCH 4.19 349/521] ASoC: wm8994: Fix potential deadlock
2023-01-16 15:44 [PATCH 4.19 000/521] 4.19.270-rc1 review Greg Kroah-Hartman
` (347 preceding siblings ...)
2023-01-16 15:50 ` [PATCH 4.19 348/521] ASoC: rockchip: pdm: Add missing clk_disable_unprepare() in rockchip_pdm_runtime_resume() Greg Kroah-Hartman
@ 2023-01-16 15:50 ` Greg Kroah-Hartman
2023-01-16 15:50 ` [PATCH 4.19 350/521] ASoC: rockchip: spdif: Add missing clk_disable_unprepare() in rk_spdif_runtime_resume() Greg Kroah-Hartman
` (175 subsequent siblings)
524 siblings, 0 replies; 529+ messages in thread
From: Greg Kroah-Hartman @ 2023-01-16 15:50 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Marek Szyprowski, Charles Keepax,
Mark Brown, Sasha Levin
From: Marek Szyprowski <m.szyprowski@samsung.com>
[ Upstream commit 9529dc167ffcdfd201b9f0eda71015f174095f7e ]
Fix this by dropping wm8994->accdet_lock while calling
cancel_delayed_work_sync(&wm8994->mic_work) in wm1811_jackdet_irq().
Fixes: c0cc3f166525 ("ASoC: wm8994: Allow a delay between jack insertion and microphone detect")
Signed-off-by: Marek Szyprowski <m.szyprowski@samsung.com>
Acked-by: Charles Keepax <ckeepax@opensource.cirrus.com>
Link: https://lore.kernel.org/r/20221209091657.1183-1-m.szyprowski@samsung.com
Signed-off-by: Mark Brown <broonie@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
sound/soc/codecs/wm8994.c | 5 +++++
1 file changed, 5 insertions(+)
diff --git a/sound/soc/codecs/wm8994.c b/sound/soc/codecs/wm8994.c
index e3e069277a3f..13ef2bebf6da 100644
--- a/sound/soc/codecs/wm8994.c
+++ b/sound/soc/codecs/wm8994.c
@@ -3715,7 +3715,12 @@ static irqreturn_t wm1811_jackdet_irq(int irq, void *data)
} else {
dev_dbg(component->dev, "Jack not detected\n");
+ /* Release wm8994->accdet_lock to avoid deadlock:
+ * cancel_delayed_work_sync() takes wm8994->mic_work internal
+ * lock and wm1811_mic_work takes wm8994->accdet_lock */
+ mutex_unlock(&wm8994->accdet_lock);
cancel_delayed_work_sync(&wm8994->mic_work);
+ mutex_lock(&wm8994->accdet_lock);
snd_soc_component_update_bits(component, WM8958_MICBIAS2,
WM8958_MICB2_DISCH, WM8958_MICB2_DISCH);
--
2.35.1
^ permalink raw reply related [flat|nested] 529+ messages in thread
* [PATCH 4.19 350/521] ASoC: rockchip: spdif: Add missing clk_disable_unprepare() in rk_spdif_runtime_resume()
2023-01-16 15:44 [PATCH 4.19 000/521] 4.19.270-rc1 review Greg Kroah-Hartman
` (348 preceding siblings ...)
2023-01-16 15:50 ` [PATCH 4.19 349/521] ASoC: wm8994: Fix potential deadlock Greg Kroah-Hartman
@ 2023-01-16 15:50 ` Greg Kroah-Hartman
2023-01-16 15:50 ` [PATCH 4.19 351/521] ASoC: rt5670: Remove unbalanced pm_runtime_put() Greg Kroah-Hartman
` (174 subsequent siblings)
524 siblings, 0 replies; 529+ messages in thread
From: Greg Kroah-Hartman @ 2023-01-16 15:50 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Wang Jingjin, Mark Brown, Sasha Levin
From: Wang Jingjin <wangjingjin1@huawei.com>
[ Upstream commit 6d94d0090527b1763872275a7ccd44df7219b31e ]
rk_spdif_runtime_resume() may have called clk_prepare_enable() before return
from failed branches, add missing clk_disable_unprepare() in this case.
Fixes: f874b80e1571 ("ASoC: rockchip: Add rockchip SPDIF transceiver driver")
Signed-off-by: Wang Jingjin <wangjingjin1@huawei.com>
Link: https://lore.kernel.org/r/20221208063900.4180790-1-wangjingjin1@huawei.com
Signed-off-by: Mark Brown <broonie@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
sound/soc/rockchip/rockchip_spdif.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/sound/soc/rockchip/rockchip_spdif.c b/sound/soc/rockchip/rockchip_spdif.c
index a89fe9b6463b..5ac726da6015 100644
--- a/sound/soc/rockchip/rockchip_spdif.c
+++ b/sound/soc/rockchip/rockchip_spdif.c
@@ -89,6 +89,7 @@ static int __maybe_unused rk_spdif_runtime_resume(struct device *dev)
ret = clk_prepare_enable(spdif->hclk);
if (ret) {
+ clk_disable_unprepare(spdif->mclk);
dev_err(spdif->dev, "hclk clock enable failed %d\n", ret);
return ret;
}
--
2.35.1
^ permalink raw reply related [flat|nested] 529+ messages in thread
* [PATCH 4.19 351/521] ASoC: rt5670: Remove unbalanced pm_runtime_put()
2023-01-16 15:44 [PATCH 4.19 000/521] 4.19.270-rc1 review Greg Kroah-Hartman
` (349 preceding siblings ...)
2023-01-16 15:50 ` [PATCH 4.19 350/521] ASoC: rockchip: spdif: Add missing clk_disable_unprepare() in rk_spdif_runtime_resume() Greg Kroah-Hartman
@ 2023-01-16 15:50 ` Greg Kroah-Hartman
2023-01-16 15:50 ` [PATCH 4.19 352/521] pstore: Switch pmsg_lock to an rt_mutex to avoid priority inversion Greg Kroah-Hartman
` (173 subsequent siblings)
524 siblings, 0 replies; 529+ messages in thread
From: Greg Kroah-Hartman @ 2023-01-16 15:50 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Hans de Goede, Mark Brown, Sasha Levin
From: Hans de Goede <hdegoede@redhat.com>
[ Upstream commit 6c900dcc3f7331a67ed29739d74524e428d137fb ]
For some reason rt5670_i2c_probe() does a pm_runtime_put() at the end
of a successful probe. But it has never done a pm_runtime_get() leading
to the following error being logged into dmesg:
rt5670 i2c-10EC5640:00: Runtime PM usage count underflow!
Fix this by removing the unnecessary pm_runtime_put().
Fixes: 64e89e5f5548 ("ASoC: rt5670: Add runtime PM support")
Signed-off-by: Hans de Goede <hdegoede@redhat.com>
Link: https://lore.kernel.org/r/20221213123319.11285-1-hdegoede@redhat.com
Signed-off-by: Mark Brown <broonie@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
sound/soc/codecs/rt5670.c | 2 --
1 file changed, 2 deletions(-)
diff --git a/sound/soc/codecs/rt5670.c b/sound/soc/codecs/rt5670.c
index 6a2a58e107e3..9dd99d123e44 100644
--- a/sound/soc/codecs/rt5670.c
+++ b/sound/soc/codecs/rt5670.c
@@ -3217,8 +3217,6 @@ static int rt5670_i2c_probe(struct i2c_client *i2c,
if (ret < 0)
goto err;
- pm_runtime_put(&i2c->dev);
-
return 0;
err:
pm_runtime_disable(&i2c->dev);
--
2.35.1
^ permalink raw reply related [flat|nested] 529+ messages in thread
* [PATCH 4.19 352/521] pstore: Switch pmsg_lock to an rt_mutex to avoid priority inversion
2023-01-16 15:44 [PATCH 4.19 000/521] 4.19.270-rc1 review Greg Kroah-Hartman
` (350 preceding siblings ...)
2023-01-16 15:50 ` [PATCH 4.19 351/521] ASoC: rt5670: Remove unbalanced pm_runtime_put() Greg Kroah-Hartman
@ 2023-01-16 15:50 ` Greg Kroah-Hartman
2023-01-16 15:50 ` [PATCH 4.19 353/521] perf debug: Set debug_peo_args and redirect_to_stderr variable to correct values in perf_quiet_option() Greg Kroah-Hartman
` (172 subsequent siblings)
524 siblings, 0 replies; 529+ messages in thread
From: Greg Kroah-Hartman @ 2023-01-16 15:50 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Wei Wang, Midas Chien,
Connor OBrien, Kees Cook, Anton Vorontsov, Colin Cross,
Tony Luck, kernel-team, John Stultz, Sasha Levin
From: John Stultz <jstultz@google.com>
[ Upstream commit 76d62f24db07f22ccf9bc18ca793c27d4ebef721 ]
Wei Wang reported seeing priority inversion caused latencies
caused by contention on pmsg_lock, and suggested it be switched
to a rt_mutex.
I was initially hesitant this would help, as the tasks in that
trace all seemed to be SCHED_NORMAL, so the benefit would be
limited to only nice boosting.
However, another similar issue was raised where the priority
inversion was seen did involve a blocked RT task so it is clear
this would be helpful in that case.
Cc: Wei Wang <wvw@google.com>
Cc: Midas Chien<midaschieh@google.com>
Cc: Connor O'Brien <connoro@google.com>
Cc: Kees Cook <keescook@chromium.org>
Cc: Anton Vorontsov <anton@enomsg.org>
Cc: Colin Cross <ccross@android.com>
Cc: Tony Luck <tony.luck@intel.com>
Cc: kernel-team@android.com
Fixes: 9d5438f462ab ("pstore: Add pmsg - user-space accessible pstore object")
Reported-by: Wei Wang <wvw@google.com>
Signed-off-by: John Stultz <jstultz@google.com>
Signed-off-by: Kees Cook <keescook@chromium.org>
Link: https://lore.kernel.org/r/20221214231834.3711880-1-jstultz@google.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
fs/pstore/pmsg.c | 7 ++++---
1 file changed, 4 insertions(+), 3 deletions(-)
diff --git a/fs/pstore/pmsg.c b/fs/pstore/pmsg.c
index 24db02de1787..ffc13ea196d2 100644
--- a/fs/pstore/pmsg.c
+++ b/fs/pstore/pmsg.c
@@ -15,9 +15,10 @@
#include <linux/device.h>
#include <linux/fs.h>
#include <linux/uaccess.h>
+#include <linux/rtmutex.h>
#include "internal.h"
-static DEFINE_MUTEX(pmsg_lock);
+static DEFINE_RT_MUTEX(pmsg_lock);
static ssize_t write_pmsg(struct file *file, const char __user *buf,
size_t count, loff_t *ppos)
@@ -36,9 +37,9 @@ static ssize_t write_pmsg(struct file *file, const char __user *buf,
if (!access_ok(VERIFY_READ, buf, count))
return -EFAULT;
- mutex_lock(&pmsg_lock);
+ rt_mutex_lock(&pmsg_lock);
ret = psinfo->write_user(&record, buf);
- mutex_unlock(&pmsg_lock);
+ rt_mutex_unlock(&pmsg_lock);
return ret ? ret : count;
}
--
2.35.1
^ permalink raw reply related [flat|nested] 529+ messages in thread
* [PATCH 4.19 353/521] perf debug: Set debug_peo_args and redirect_to_stderr variable to correct values in perf_quiet_option()
2023-01-16 15:44 [PATCH 4.19 000/521] 4.19.270-rc1 review Greg Kroah-Hartman
` (351 preceding siblings ...)
2023-01-16 15:50 ` [PATCH 4.19 352/521] pstore: Switch pmsg_lock to an rt_mutex to avoid priority inversion Greg Kroah-Hartman
@ 2023-01-16 15:50 ` Greg Kroah-Hartman
2023-01-16 15:50 ` [PATCH 4.19 354/521] pstore: Make sure CONFIG_PSTORE_PMSG selects CONFIG_RT_MUTEXES Greg Kroah-Hartman
` (171 subsequent siblings)
524 siblings, 0 replies; 529+ messages in thread
From: Greg Kroah-Hartman @ 2023-01-16 15:50 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Adrian Hunter, Yang Jihong,
Alexander Shishkin, Andi Kleen, Carsten Haitzler, Ian Rogers,
Ingo Molnar, Jiri Olsa, Leo Yan, Mark Rutland, martin.lau,
Masami Hiramatsu, Namhyung Kim, Peter Zijlstra, Ravi Bangoria,
Ravi Bangoria, Arnaldo Carvalho de Melo, Sasha Levin
From: Yang Jihong <yangjihong1@huawei.com>
[ Upstream commit 188ac720d364035008a54d249cf47b4cc100f819 ]
When perf uses quiet mode, perf_quiet_option() sets the 'debug_peo_args'
variable to -1, and display_attr() incorrectly determines the value of
'debug_peo_args'. As a result, unexpected information is displayed.
Before:
# perf record --quiet -- ls > /dev/null
------------------------------------------------------------
perf_event_attr:
size 128
{ sample_period, sample_freq } 4000
sample_type IP|TID|TIME|PERIOD
read_format ID|LOST
disabled 1
inherit 1
mmap 1
comm 1
freq 1
enable_on_exec 1
task 1
precise_ip 3
sample_id_all 1
exclude_guest 1
mmap2 1
comm_exec 1
ksymbol 1
bpf_event 1
------------------------------------------------------------
...
After:
# perf record --quiet -- ls > /dev/null
#
redirect_to_stderr is a similar problem.
Fixes: f78eaef0e0493f60 ("perf tools: Allow to force redirect pr_debug to stderr.")
Fixes: ccd26741f5e6bdf2 ("perf tool: Provide an option to print perf_event_open args and return value")
Suggested-by: Adrian Hunter <adrian.hunter@intel.com>
Reviewed-by: Adrian Hunter <adrian.hunter@intel.com>
Signed-off-by: Yang Jihong <yangjihong1@huawei.com>
Cc: Alexander Shishkin <alexander.shishkin@linux.intel.com>
Cc: Andi Kleen <ak@linux.intel.com>
Cc: Carsten Haitzler <carsten.haitzler@arm.com>
Cc: Ian Rogers <irogers@google.com>
Cc: Ingo Molnar <mingo@redhat.com>
Cc: Jiri Olsa <jolsa@kernel.org>
Cc: Leo Yan <leo.yan@linaro.org>
Cc: Mark Rutland <mark.rutland@arm.com>
Cc: martin.lau@kernel.org
Cc: Masami Hiramatsu <mhiramat@kernel.org>
Cc: Namhyung Kim <namhyung@kernel.org>
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: Ravi Bangoria <ravi.bangoria@amd.com>
Cc: Ravi Bangoria <ravi.bangoria@linux.ibm.com>
Link: https://lore.kernel.org/r/20221220035702.188413-2-yangjihong1@huawei.com
Signed-off-by: Arnaldo Carvalho de Melo <acme@redhat.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
tools/perf/util/debug.c | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/tools/perf/util/debug.c b/tools/perf/util/debug.c
index 3d6459626c2a..9f9875ba2edf 100644
--- a/tools/perf/util/debug.c
+++ b/tools/perf/util/debug.c
@@ -232,6 +232,10 @@ int perf_quiet_option(void)
var++;
}
+ /* For debug variables that are used as bool types, set to 0. */
+ redirect_to_stderr = 0;
+ debug_peo_args = 0;
+
return 0;
}
--
2.35.1
^ permalink raw reply related [flat|nested] 529+ messages in thread
* [PATCH 4.19 354/521] pstore: Make sure CONFIG_PSTORE_PMSG selects CONFIG_RT_MUTEXES
2023-01-16 15:44 [PATCH 4.19 000/521] 4.19.270-rc1 review Greg Kroah-Hartman
` (352 preceding siblings ...)
2023-01-16 15:50 ` [PATCH 4.19 353/521] perf debug: Set debug_peo_args and redirect_to_stderr variable to correct values in perf_quiet_option() Greg Kroah-Hartman
@ 2023-01-16 15:50 ` Greg Kroah-Hartman
2023-01-16 15:50 ` [PATCH 4.19 355/521] usb: dwc3: core: defer probe on ulpi_read_id timeout Greg Kroah-Hartman
` (170 subsequent siblings)
524 siblings, 0 replies; 529+ messages in thread
From: Greg Kroah-Hartman @ 2023-01-16 15:50 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Wei Wang, Midas Chien,
Connor OBrien, Kees Cook, Anton Vorontsov, Colin Cross,
Tony Luck, kernel test robot, kernel-team, John Stultz,
Sasha Levin
From: John Stultz <jstultz@google.com>
[ Upstream commit 2f4fec5943407318b9523f01ce1f5d668c028332 ]
In commit 76d62f24db07 ("pstore: Switch pmsg_lock to an rt_mutex
to avoid priority inversion") I changed a lock to an rt_mutex.
However, its possible that CONFIG_RT_MUTEXES is not enabled,
which then results in a build failure, as the 0day bot detected:
https://lore.kernel.org/linux-mm/202212211244.TwzWZD3H-lkp@intel.com/
Thus this patch changes CONFIG_PSTORE_PMSG to select
CONFIG_RT_MUTEXES, which ensures the build will not fail.
Cc: Wei Wang <wvw@google.com>
Cc: Midas Chien<midaschieh@google.com>
Cc: Connor O'Brien <connoro@google.com>
Cc: Kees Cook <keescook@chromium.org>
Cc: Anton Vorontsov <anton@enomsg.org>
Cc: Colin Cross <ccross@android.com>
Cc: Tony Luck <tony.luck@intel.com>
Cc: kernel test robot <lkp@intel.com>
Cc: kernel-team@android.com
Fixes: 76d62f24db07 ("pstore: Switch pmsg_lock to an rt_mutex to avoid priority inversion")
Reported-by: kernel test robot <lkp@intel.com>
Signed-off-by: John Stultz <jstultz@google.com>
Signed-off-by: Kees Cook <keescook@chromium.org>
Link: https://lore.kernel.org/r/20221221051855.15761-1-jstultz@google.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
fs/pstore/Kconfig | 1 +
1 file changed, 1 insertion(+)
diff --git a/fs/pstore/Kconfig b/fs/pstore/Kconfig
index 503086f7f7c1..d5fb6d95d4d4 100644
--- a/fs/pstore/Kconfig
+++ b/fs/pstore/Kconfig
@@ -117,6 +117,7 @@ config PSTORE_CONSOLE
config PSTORE_PMSG
bool "Log user space messages"
depends on PSTORE
+ select RT_MUTEXES
help
When the option is enabled, pstore will export a character
interface /dev/pmsg0 to log user space messages. On reboot
--
2.35.1
^ permalink raw reply related [flat|nested] 529+ messages in thread
* [PATCH 4.19 355/521] usb: dwc3: core: defer probe on ulpi_read_id timeout
2023-01-16 15:44 [PATCH 4.19 000/521] 4.19.270-rc1 review Greg Kroah-Hartman
` (353 preceding siblings ...)
2023-01-16 15:50 ` [PATCH 4.19 354/521] pstore: Make sure CONFIG_PSTORE_PMSG selects CONFIG_RT_MUTEXES Greg Kroah-Hartman
@ 2023-01-16 15:50 ` Greg Kroah-Hartman
2023-01-16 15:50 ` [PATCH 4.19 356/521] HID: wacom: Ensure bootloader PID is usable in hidraw mode Greg Kroah-Hartman
` (169 subsequent siblings)
524 siblings, 0 replies; 529+ messages in thread
From: Greg Kroah-Hartman @ 2023-01-16 15:50 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Thinh Nguyen, Ferry Toth
From: Ferry Toth <ftoth@exalondelft.nl>
commit 63130462c919ece0ad0d9bb5a1f795ef8d79687e upstream.
Since commit 0f0101719138 ("usb: dwc3: Don't switch OTG -> peripheral
if extcon is present"), Dual Role support on Intel Merrifield platform
broke due to rearranging the call to dwc3_get_extcon().
It appears to be caused by ulpi_read_id() masking the timeout on the first
test write. In the past dwc3 probe continued by calling dwc3_core_soft_reset()
followed by dwc3_get_extcon() which happend to return -EPROBE_DEFER.
On deferred probe ulpi_read_id() finally succeeded. Due to above mentioned
rearranging -EPROBE_DEFER is not returned and probe completes without phy.
On Intel Merrifield the timeout on the first test write issue is reproducible
but it is difficult to find the root cause. Using a mainline kernel and
rootfs with buildroot ulpi_read_id() succeeds. As soon as adding
ftrace / bootconfig to find out why, ulpi_read_id() fails and we can't
analyze the flow. Using another rootfs ulpi_read_id() fails even without
adding ftrace. We suspect the issue is some kind of timing / race, but
merely retrying ulpi_read_id() does not resolve the issue.
As we now changed ulpi_read_id() to return -ETIMEDOUT in this case, we
need to handle the error by calling dwc3_core_soft_reset() and request
-EPROBE_DEFER. On deferred probe ulpi_read_id() is retried and succeeds.
Fixes: ef6a7bcfb01c ("usb: ulpi: Support device discovery via DT")
Cc: stable@vger.kernel.org
Acked-by: Thinh Nguyen <Thinh.Nguyen@synopsys.com>
Signed-off-by: Ferry Toth <ftoth@exalondelft.nl>
Link: https://lore.kernel.org/r/20221205201527.13525-3-ftoth@exalondelft.nl
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/usb/dwc3/core.c | 7 ++++++-
1 file changed, 6 insertions(+), 1 deletion(-)
--- a/drivers/usb/dwc3/core.c
+++ b/drivers/usb/dwc3/core.c
@@ -914,8 +914,13 @@ static int dwc3_core_init(struct dwc3 *d
if (!dwc->ulpi_ready) {
ret = dwc3_core_ulpi_init(dwc);
- if (ret)
+ if (ret) {
+ if (ret == -ETIMEDOUT) {
+ dwc3_core_soft_reset(dwc);
+ ret = -EPROBE_DEFER;
+ }
goto err0;
+ }
dwc->ulpi_ready = true;
}
^ permalink raw reply [flat|nested] 529+ messages in thread
* [PATCH 4.19 356/521] HID: wacom: Ensure bootloader PID is usable in hidraw mode
2023-01-16 15:44 [PATCH 4.19 000/521] 4.19.270-rc1 review Greg Kroah-Hartman
` (354 preceding siblings ...)
2023-01-16 15:50 ` [PATCH 4.19 355/521] usb: dwc3: core: defer probe on ulpi_read_id timeout Greg Kroah-Hartman
@ 2023-01-16 15:50 ` Greg Kroah-Hartman
2023-01-16 15:50 ` [PATCH 4.19 357/521] reiserfs: Add missing calls to reiserfs_security_free() Greg Kroah-Hartman
` (168 subsequent siblings)
524 siblings, 0 replies; 529+ messages in thread
From: Greg Kroah-Hartman @ 2023-01-16 15:50 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Jason Gerecke, Tatsunosuke Tobita,
Jiri Kosina
From: Jason Gerecke <killertofu@gmail.com>
commit 1db1f392591aff13fd643f0ec7c1d5e27391d700 upstream.
Some Wacom devices have a special "bootloader" mode that is used for
firmware flashing. When operating in this mode, the device cannot be
used for input, and the HID descriptor is not able to be processed by
the driver. The driver generates an "Unknown device_type" warning and
then returns an error code from wacom_probe(). This is a problem because
userspace still needs to be able to interact with the device via hidraw
to perform the firmware flash.
This commit adds a non-generic device definition for 056a:0094 which
is used when devices are in "bootloader" mode. It marks the devices
with a special BOOTLOADER type that is recognized by wacom_probe() and
wacom_raw_event(). When we see this type we ensure a hidraw device is
created and otherwise keep our hands off so that userspace is in full
control.
Signed-off-by: Jason Gerecke <jason.gerecke@wacom.com>
Tested-by: Tatsunosuke Tobita <tatsunosuke.tobita@wacom.com>
Cc: <stable@vger.kernel.org>
Signed-off-by: Jiri Kosina <jkosina@suse.cz>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/hid/wacom_sys.c | 8 ++++++++
drivers/hid/wacom_wac.c | 4 ++++
drivers/hid/wacom_wac.h | 1 +
3 files changed, 13 insertions(+)
--- a/drivers/hid/wacom_sys.c
+++ b/drivers/hid/wacom_sys.c
@@ -163,6 +163,9 @@ static int wacom_raw_event(struct hid_de
{
struct wacom *wacom = hid_get_drvdata(hdev);
+ if (wacom->wacom_wac.features.type == BOOTLOADER)
+ return 0;
+
if (size > WACOM_PKGLEN_MAX)
return 1;
@@ -2759,6 +2762,11 @@ static int wacom_probe(struct hid_device
goto fail;
}
+ if (features->type == BOOTLOADER) {
+ hid_warn(hdev, "Using device in hidraw-only mode");
+ return hid_hw_start(hdev, HID_CONNECT_HIDRAW);
+ }
+
error = wacom_parse_and_register(wacom, false);
if (error)
goto fail;
--- a/drivers/hid/wacom_wac.c
+++ b/drivers/hid/wacom_wac.c
@@ -4680,6 +4680,9 @@ static const struct wacom_features wacom
static const struct wacom_features wacom_features_HID_ANY_ID =
{ "Wacom HID", .type = HID_GENERIC, .oVid = HID_ANY_ID, .oPid = HID_ANY_ID };
+static const struct wacom_features wacom_features_0x94 =
+ { "Wacom Bootloader", .type = BOOTLOADER };
+
#define USB_DEVICE_WACOM(prod) \
HID_DEVICE(BUS_USB, HID_GROUP_WACOM, USB_VENDOR_ID_WACOM, prod),\
.driver_data = (kernel_ulong_t)&wacom_features_##prod
@@ -4753,6 +4756,7 @@ const struct hid_device_id wacom_ids[] =
{ USB_DEVICE_WACOM(0x84) },
{ USB_DEVICE_WACOM(0x90) },
{ USB_DEVICE_WACOM(0x93) },
+ { USB_DEVICE_WACOM(0x94) },
{ USB_DEVICE_WACOM(0x97) },
{ USB_DEVICE_WACOM(0x9A) },
{ USB_DEVICE_WACOM(0x9F) },
--- a/drivers/hid/wacom_wac.h
+++ b/drivers/hid/wacom_wac.h
@@ -244,6 +244,7 @@ enum {
MTTPC,
MTTPC_B,
HID_GENERIC,
+ BOOTLOADER,
MAX_TYPE
};
^ permalink raw reply [flat|nested] 529+ messages in thread
* [PATCH 4.19 357/521] reiserfs: Add missing calls to reiserfs_security_free()
2023-01-16 15:44 [PATCH 4.19 000/521] 4.19.270-rc1 review Greg Kroah-Hartman
` (355 preceding siblings ...)
2023-01-16 15:50 ` [PATCH 4.19 356/521] HID: wacom: Ensure bootloader PID is usable in hidraw mode Greg Kroah-Hartman
@ 2023-01-16 15:50 ` Greg Kroah-Hartman
2023-01-16 15:50 ` [PATCH 4.19 358/521] iio: adc: ad_sigma_delta: do not use internal iio_dev lock Greg Kroah-Hartman
` (167 subsequent siblings)
524 siblings, 0 replies; 529+ messages in thread
From: Greg Kroah-Hartman @ 2023-01-16 15:50 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Jeff Mahoney, Tetsuo Handa,
Mimi Zohar, Roberto Sassu, Paul Moore
From: Roberto Sassu <roberto.sassu@huawei.com>
commit 572302af1258459e124437b8f3369357447afac7 upstream.
Commit 57fe60df6241 ("reiserfs: add atomic addition of selinux attributes
during inode creation") defined reiserfs_security_free() to free the name
and value of a security xattr allocated by the active LSM through
security_old_inode_init_security(). However, this function is not called
in the reiserfs code.
Thus, add a call to reiserfs_security_free() whenever
reiserfs_security_init() is called, and initialize value to NULL, to avoid
to call kfree() on an uninitialized pointer.
Finally, remove the kfree() for the xattr name, as it is not allocated
anymore.
Fixes: 57fe60df6241 ("reiserfs: add atomic addition of selinux attributes during inode creation")
Cc: stable@vger.kernel.org
Cc: Jeff Mahoney <jeffm@suse.com>
Cc: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
Reported-by: Mimi Zohar <zohar@linux.ibm.com>
Reported-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
Signed-off-by: Roberto Sassu <roberto.sassu@huawei.com>
Reviewed-by: Mimi Zohar <zohar@linux.ibm.com>
Signed-off-by: Paul Moore <paul@paul-moore.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/reiserfs/namei.c | 4 ++++
fs/reiserfs/xattr_security.c | 2 +-
2 files changed, 5 insertions(+), 1 deletion(-)
--- a/fs/reiserfs/namei.c
+++ b/fs/reiserfs/namei.c
@@ -695,6 +695,7 @@ static int reiserfs_create(struct inode
out_failed:
reiserfs_write_unlock(dir->i_sb);
+ reiserfs_security_free(&security);
return retval;
}
@@ -778,6 +779,7 @@ static int reiserfs_mknod(struct inode *
out_failed:
reiserfs_write_unlock(dir->i_sb);
+ reiserfs_security_free(&security);
return retval;
}
@@ -876,6 +878,7 @@ static int reiserfs_mkdir(struct inode *
retval = journal_end(&th);
out_failed:
reiserfs_write_unlock(dir->i_sb);
+ reiserfs_security_free(&security);
return retval;
}
@@ -1191,6 +1194,7 @@ static int reiserfs_symlink(struct inode
retval = journal_end(&th);
out_failed:
reiserfs_write_unlock(parent_dir->i_sb);
+ reiserfs_security_free(&security);
return retval;
}
--- a/fs/reiserfs/xattr_security.c
+++ b/fs/reiserfs/xattr_security.c
@@ -49,6 +49,7 @@ int reiserfs_security_init(struct inode
int error;
sec->name = NULL;
+ sec->value = NULL;
/* Don't add selinux attributes on xattrs - they'll never get used */
if (IS_PRIVATE(dir))
@@ -94,7 +95,6 @@ int reiserfs_security_write(struct reise
void reiserfs_security_free(struct reiserfs_security_handle *sec)
{
- kfree(sec->name);
kfree(sec->value);
sec->name = NULL;
sec->value = NULL;
^ permalink raw reply [flat|nested] 529+ messages in thread
* [PATCH 4.19 358/521] iio: adc: ad_sigma_delta: do not use internal iio_dev lock
2023-01-16 15:44 [PATCH 4.19 000/521] 4.19.270-rc1 review Greg Kroah-Hartman
` (356 preceding siblings ...)
2023-01-16 15:50 ` [PATCH 4.19 357/521] reiserfs: Add missing calls to reiserfs_security_free() Greg Kroah-Hartman
@ 2023-01-16 15:50 ` Greg Kroah-Hartman
2023-01-16 15:50 ` [PATCH 4.19 359/521] gcov: add support for checksum field Greg Kroah-Hartman
` (166 subsequent siblings)
524 siblings, 0 replies; 529+ messages in thread
From: Greg Kroah-Hartman @ 2023-01-16 15:50 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Nuno Sá,
Miquel Raynal, Jonathan Cameron, Stable
From: Nuno Sá <nuno.sa@analog.com>
commit 20228a1d5a55e7db0c6720840f2c7d2b48c55f69 upstream.
Drop 'mlock' usage by making use of iio_device_claim_direct_mode().
This change actually makes sure we cannot do a single conversion while
buffering is enable. Note there was a potential race in the previous
code since we were only acquiring the lock after checking if the bus is
enabled.
Fixes: af3008485ea0 ("iio:adc: Add common code for ADI Sigma Delta devices")
Signed-off-by: Nuno Sá <nuno.sa@analog.com>
Reviewed-by: Miquel Raynal <miquel.raynal@bootlin.com>
Cc: <Stable@vger.kernel.org> #No rush as race is very old.
Link: https://lore.kernel.org/r/20220920112821.975359-2-nuno.sa@analog.com
Signed-off-by: Jonathan Cameron <Jonathan.Cameron@huawei.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/iio/adc/ad_sigma_delta.c | 8 ++++----
1 file changed, 4 insertions(+), 4 deletions(-)
--- a/drivers/iio/adc/ad_sigma_delta.c
+++ b/drivers/iio/adc/ad_sigma_delta.c
@@ -283,10 +283,10 @@ int ad_sigma_delta_single_conversion(str
unsigned int sample, raw_sample;
int ret = 0;
- if (iio_buffer_enabled(indio_dev))
- return -EBUSY;
+ ret = iio_device_claim_direct_mode(indio_dev);
+ if (ret)
+ return ret;
- mutex_lock(&indio_dev->mlock);
ad_sigma_delta_set_channel(sigma_delta, chan->address);
spi_bus_lock(sigma_delta->spi->master);
@@ -320,7 +320,7 @@ out:
ad_sigma_delta_set_mode(sigma_delta, AD_SD_MODE_IDLE);
sigma_delta->bus_locked = false;
spi_bus_unlock(sigma_delta->spi->master);
- mutex_unlock(&indio_dev->mlock);
+ iio_device_release_direct_mode(indio_dev);
if (ret)
return ret;
^ permalink raw reply [flat|nested] 529+ messages in thread
* [PATCH 4.19 359/521] gcov: add support for checksum field
2023-01-16 15:44 [PATCH 4.19 000/521] 4.19.270-rc1 review Greg Kroah-Hartman
` (357 preceding siblings ...)
2023-01-16 15:50 ` [PATCH 4.19 358/521] iio: adc: ad_sigma_delta: do not use internal iio_dev lock Greg Kroah-Hartman
@ 2023-01-16 15:50 ` Greg Kroah-Hartman
2023-01-16 15:50 ` [PATCH 4.19 360/521] media: dvbdev: fix build warning due to comments Greg Kroah-Hartman
` (165 subsequent siblings)
524 siblings, 0 replies; 529+ messages in thread
From: Greg Kroah-Hartman @ 2023-01-16 15:50 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Rickard x Andersson,
Peter Oberparleiter, Martin Liska, Andrew Morton
From: Rickard x Andersson <rickaran@axis.com>
commit e96b95c2b7a63a454b6498e2df67aac14d046d13 upstream.
In GCC version 12.1 a checksum field was added.
This patch fixes a kernel crash occurring during boot when using
gcov-kernel with GCC version 12.2. The crash occurred on a system running
on i.MX6SX.
Link: https://lkml.kernel.org/r/20221220102318.3418501-1-rickaran@axis.com
Fixes: 977ef30a7d88 ("gcov: support GCC 12.1 and newer compilers")
Signed-off-by: Rickard x Andersson <rickaran@axis.com>
Reviewed-by: Peter Oberparleiter <oberpar@linux.ibm.com>
Tested-by: Peter Oberparleiter <oberpar@linux.ibm.com>
Reviewed-by: Martin Liska <mliska@suse.cz>
Cc: <stable@vger.kernel.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
kernel/gcov/gcc_4_7.c | 5 +++++
1 file changed, 5 insertions(+)
--- a/kernel/gcov/gcc_4_7.c
+++ b/kernel/gcov/gcc_4_7.c
@@ -85,6 +85,7 @@ struct gcov_fn_info {
* @version: gcov version magic indicating the gcc version used for compilation
* @next: list head for a singly-linked list
* @stamp: uniquifying time stamp
+ * @checksum: unique object checksum
* @filename: name of the associated gcov data file
* @merge: merge functions (null for unused counter type)
* @n_functions: number of instrumented functions
@@ -97,6 +98,10 @@ struct gcov_info {
unsigned int version;
struct gcov_info *next;
unsigned int stamp;
+ /* Since GCC 12.1 a checksum field is added. */
+#if (__GNUC__ >= 12)
+ unsigned int checksum;
+#endif
const char *filename;
void (*merge[GCOV_COUNTERS])(gcov_type *, unsigned int);
unsigned int n_functions;
^ permalink raw reply [flat|nested] 529+ messages in thread
* [PATCH 4.19 360/521] media: dvbdev: fix build warning due to comments
2023-01-16 15:44 [PATCH 4.19 000/521] 4.19.270-rc1 review Greg Kroah-Hartman
` (358 preceding siblings ...)
2023-01-16 15:50 ` [PATCH 4.19 359/521] gcov: add support for checksum field Greg Kroah-Hartman
@ 2023-01-16 15:50 ` Greg Kroah-Hartman
2023-01-16 15:50 ` [PATCH 4.19 361/521] media: dvbdev: fix refcnt bug Greg Kroah-Hartman
` (164 subsequent siblings)
524 siblings, 0 replies; 529+ messages in thread
From: Greg Kroah-Hartman @ 2023-01-16 15:50 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Stephen Rothwell, Lin Ma,
Hans Verkuil, Mauro Carvalho Chehab
From: Lin Ma <linma@zju.edu.cn>
commit 3edfd14bb50fa6f94ed1a37bbb17d9f1c2793b57 upstream.
Previous commit that introduces reference counter does not add proper
comments, which will lead to warning when building htmldocs. Fix them.
Reported-by: "Stephen Rothwell" <sfr@canb.auug.org.au>
Fixes: 0fc044b2b5e2 ("media: dvbdev: adopts refcnt to avoid UAF")
Signed-off-by: Lin Ma <linma@zju.edu.cn>
Signed-off-by: Hans Verkuil <hverkuil-cisco@xs4all.nl>
Signed-off-by: Mauro Carvalho Chehab <mchehab@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
include/media/dvbdev.h | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
--- a/include/media/dvbdev.h
+++ b/include/media/dvbdev.h
@@ -126,6 +126,7 @@ struct dvb_adapter {
* struct dvb_device - represents a DVB device node
*
* @list_head: List head with all DVB devices
+ * @ref: reference counter
* @fops: pointer to struct file_operations
* @adapter: pointer to the adapter that holds this device node
* @type: type of the device, as defined by &enum dvb_device_type.
@@ -196,7 +197,7 @@ struct dvb_device {
struct dvb_device *dvb_device_get(struct dvb_device *dvbdev);
/**
- * dvb_device_get - Decrease dvb_device reference
+ * dvb_device_put - Decrease dvb_device reference
*
* @dvbdev: pointer to struct dvb_device
*/
^ permalink raw reply [flat|nested] 529+ messages in thread
* [PATCH 4.19 361/521] media: dvbdev: fix refcnt bug
2023-01-16 15:44 [PATCH 4.19 000/521] 4.19.270-rc1 review Greg Kroah-Hartman
` (359 preceding siblings ...)
2023-01-16 15:50 ` [PATCH 4.19 360/521] media: dvbdev: fix build warning due to comments Greg Kroah-Hartman
@ 2023-01-16 15:50 ` Greg Kroah-Hartman
2023-01-16 15:50 ` [PATCH 4.19 362/521] ata: ahci: Fix PCS quirk application for suspend Greg Kroah-Hartman
` (163 subsequent siblings)
524 siblings, 0 replies; 529+ messages in thread
From: Greg Kroah-Hartman @ 2023-01-16 15:50 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, syzbot+fce48a3dd3368645bd6c, Lin Ma,
Hans Verkuil, Mauro Carvalho Chehab
From: Lin Ma <linma@zju.edu.cn>
commit 3a664569b71b0a52be5ffb9fb87cc4f83d29bd71 upstream.
Previous commit initialize the dvbdev->ref before the template copy,
which will overwrite the reference and cause refcnt bug.
refcount_t: addition on 0; use-after-free.
WARNING: CPU: 0 PID: 1 at lib/refcount.c:25 refcount_warn_saturate+0x17c/0x1f0 lib/refcount.c:25
Modules linked in:
CPU: 0 PID: 1 Comm: swapper/0 Not tainted 6.1.0-rc6-next-20221128-syzkaller #0
...
RIP: 0010:refcount_warn_saturate+0x17c/0x1f0 lib/refcount.c:25
RSP: 0000:ffffc900000678d0 EFLAGS: 00010282
RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000000
RDX: ffff88813ff58000 RSI: ffffffff81660e7c RDI: fffff5200000cf0c
RBP: ffff888022a45010 R08: 0000000000000005 R09: 0000000000000000
R10: 0000000080000000 R11: 0000000000000000 R12: 0000000000000001
R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000001
FS: 0000000000000000(0000) GS:ffff8880b9800000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: ffff88823ffff000 CR3: 000000000c48e000 CR4: 00000000003506f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
<TASK>
__refcount_add include/linux/refcount.h:199 [inline]
__refcount_inc include/linux/refcount.h:250 [inline]
refcount_inc include/linux/refcount.h:267 [inline]
kref_get include/linux/kref.h:45 [inline]
dvb_device_get drivers/media/dvb-core/dvbdev.c:585 [inline]
dvb_register_device+0xe83/0x16e0 drivers/media/dvb-core/dvbdev.c:517
...
Just place the kref_init at correct position.
Reported-by: syzbot+fce48a3dd3368645bd6c@syzkaller.appspotmail.com
Fixes: 0fc044b2b5e2 ("media: dvbdev: adopts refcnt to avoid UAF")
Signed-off-by: Lin Ma <linma@zju.edu.cn>
Signed-off-by: Hans Verkuil <hverkuil-cisco@xs4all.nl>
Signed-off-by: Mauro Carvalho Chehab <mchehab@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/media/dvb-core/dvbdev.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/drivers/media/dvb-core/dvbdev.c
+++ b/drivers/media/dvb-core/dvbdev.c
@@ -490,8 +490,8 @@ int dvb_register_device(struct dvb_adapt
return -ENOMEM;
}
- kref_init(&dvbdev->ref);
memcpy(dvbdev, template, sizeof(struct dvb_device));
+ kref_init(&dvbdev->ref);
dvbdev->type = type;
dvbdev->id = id;
dvbdev->adapter = adap;
^ permalink raw reply [flat|nested] 529+ messages in thread
* [PATCH 4.19 362/521] ata: ahci: Fix PCS quirk application for suspend
2023-01-16 15:44 [PATCH 4.19 000/521] 4.19.270-rc1 review Greg Kroah-Hartman
` (360 preceding siblings ...)
2023-01-16 15:50 ` [PATCH 4.19 361/521] media: dvbdev: fix refcnt bug Greg Kroah-Hartman
@ 2023-01-16 15:50 ` Greg Kroah-Hartman
2023-01-16 15:50 ` [PATCH 4.19 363/521] powerpc/rtas: avoid device tree lookups in rtas_os_term() Greg Kroah-Hartman
` (162 subsequent siblings)
524 siblings, 0 replies; 529+ messages in thread
From: Greg Kroah-Hartman @ 2023-01-16 15:50 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Adam Vodopjan, Damien Le Moal, Sasha Levin
From: Adam Vodopjan <grozzly@protonmail.com>
[ Upstream commit 37e14e4f3715428b809e4df9a9958baa64c77d51 ]
Since kernel 5.3.4 my laptop (ICH8M controller) does not see Kingston
SV300S37A60G SSD disk connected into a SATA connector on wake from
suspend. The problem was introduced in c312ef176399 ("libata/ahci: Drop
PCS quirk for Denverton and beyond"): the quirk is not applied on wake
from suspend as it originally was.
It is worth to mention the commit contained another bug: the quirk is
not applied at all to controllers which require it. The fix commit
09d6ac8dc51a ("libata/ahci: Fix PCS quirk application") landed in 5.3.8.
So testing my patch anywhere between commits c312ef176399 and
09d6ac8dc51a is pointless.
Not all disks trigger the problem. For example nothing bad happens with
Western Digital WD5000LPCX HDD.
Test hardware:
- Acer 5920G with ICH8M SATA controller
- sda: some SATA HDD connnected into the DVD drive IDE port with a
SATA-IDE caddy. It is a boot disk
- sdb: Kingston SV300S37A60G SSD connected into the only SATA port
Sample "dmesg --notime | grep -E '^(sd |ata)'" output on wake:
sd 0:0:0:0: [sda] Starting disk
sd 2:0:0:0: [sdb] Starting disk
ata4: SATA link down (SStatus 4 SControl 300)
ata3: SATA link down (SStatus 4 SControl 300)
ata1.00: ACPI cmd ef/03:0c:00:00:00:a0 (SET FEATURES) filtered out
ata1.00: ACPI cmd ef/03:42:00:00:00:a0 (SET FEATURES) filtered out
ata1: FORCE: cable set to 80c
ata5: SATA link down (SStatus 0 SControl 300)
ata3: SATA link down (SStatus 4 SControl 300)
ata3: SATA link down (SStatus 4 SControl 300)
ata3.00: disabled
sd 2:0:0:0: rejecting I/O to offline device
ata3.00: detaching (SCSI 2:0:0:0)
sd 2:0:0:0: [sdb] Start/Stop Unit failed: Result: hostbyte=DID_NO_CONNECT
driverbyte=DRIVER_OK
sd 2:0:0:0: [sdb] Synchronizing SCSI cache
sd 2:0:0:0: [sdb] Synchronize Cache(10) failed: Result:
hostbyte=DID_BAD_TARGET driverbyte=DRIVER_OK
sd 2:0:0:0: [sdb] Stopping disk
sd 2:0:0:0: [sdb] Start/Stop Unit failed: Result: hostbyte=DID_BAD_TARGET
driverbyte=DRIVER_OK
Commit c312ef176399 dropped ahci_pci_reset_controller() which internally
calls ahci_reset_controller() and applies the PCS quirk if needed after
that. It was called each time a reset was required instead of just
ahci_reset_controller(). This patch puts the function back in place.
Fixes: c312ef176399 ("libata/ahci: Drop PCS quirk for Denverton and beyond")
Signed-off-by: Adam Vodopjan <grozzly@protonmail.com>
Signed-off-by: Damien Le Moal <damien.lemoal@opensource.wdc.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/ata/ahci.c | 32 +++++++++++++++++++++++---------
1 file changed, 23 insertions(+), 9 deletions(-)
diff --git a/drivers/ata/ahci.c b/drivers/ata/ahci.c
index 505920d4530f..13fb983b3413 100644
--- a/drivers/ata/ahci.c
+++ b/drivers/ata/ahci.c
@@ -97,6 +97,7 @@ enum board_ids {
static int ahci_init_one(struct pci_dev *pdev, const struct pci_device_id *ent);
static void ahci_remove_one(struct pci_dev *dev);
static void ahci_shutdown_one(struct pci_dev *dev);
+static void ahci_intel_pcs_quirk(struct pci_dev *pdev, struct ahci_host_priv *hpriv);
static int ahci_vt8251_hardreset(struct ata_link *link, unsigned int *class,
unsigned long deadline);
static int ahci_avn_hardreset(struct ata_link *link, unsigned int *class,
@@ -655,6 +656,25 @@ static void ahci_pci_save_initial_config(struct pci_dev *pdev,
ahci_save_initial_config(&pdev->dev, hpriv);
}
+static int ahci_pci_reset_controller(struct ata_host *host)
+{
+ struct pci_dev *pdev = to_pci_dev(host->dev);
+ struct ahci_host_priv *hpriv = host->private_data;
+ int rc;
+
+ rc = ahci_reset_controller(host);
+ if (rc)
+ return rc;
+
+ /*
+ * If platform firmware failed to enable ports, try to enable
+ * them here.
+ */
+ ahci_intel_pcs_quirk(pdev, hpriv);
+
+ return 0;
+}
+
static void ahci_pci_init_controller(struct ata_host *host)
{
struct ahci_host_priv *hpriv = host->private_data;
@@ -857,7 +877,7 @@ static int ahci_pci_device_runtime_resume(struct device *dev)
struct ata_host *host = pci_get_drvdata(pdev);
int rc;
- rc = ahci_reset_controller(host);
+ rc = ahci_pci_reset_controller(host);
if (rc)
return rc;
ahci_pci_init_controller(host);
@@ -892,7 +912,7 @@ static int ahci_pci_device_resume(struct device *dev)
ahci_mcp89_apple_enable(pdev);
if (pdev->dev.power.power_state.event == PM_EVENT_SUSPEND) {
- rc = ahci_reset_controller(host);
+ rc = ahci_pci_reset_controller(host);
if (rc)
return rc;
@@ -1769,12 +1789,6 @@ static int ahci_init_one(struct pci_dev *pdev, const struct pci_device_id *ent)
/* save initial config */
ahci_pci_save_initial_config(pdev, hpriv);
- /*
- * If platform firmware failed to enable ports, try to enable
- * them here.
- */
- ahci_intel_pcs_quirk(pdev, hpriv);
-
/* prepare host */
if (hpriv->cap & HOST_CAP_NCQ) {
pi.flags |= ATA_FLAG_NCQ;
@@ -1884,7 +1898,7 @@ static int ahci_init_one(struct pci_dev *pdev, const struct pci_device_id *ent)
if (rc)
return rc;
- rc = ahci_reset_controller(host);
+ rc = ahci_pci_reset_controller(host);
if (rc)
return rc;
--
2.35.1
^ permalink raw reply related [flat|nested] 529+ messages in thread
* [PATCH 4.19 363/521] powerpc/rtas: avoid device tree lookups in rtas_os_term()
2023-01-16 15:44 [PATCH 4.19 000/521] 4.19.270-rc1 review Greg Kroah-Hartman
` (361 preceding siblings ...)
2023-01-16 15:50 ` [PATCH 4.19 362/521] ata: ahci: Fix PCS quirk application for suspend Greg Kroah-Hartman
@ 2023-01-16 15:50 ` Greg Kroah-Hartman
2023-01-16 15:50 ` [PATCH 4.19 364/521] powerpc/rtas: avoid scheduling " Greg Kroah-Hartman
` (161 subsequent siblings)
524 siblings, 0 replies; 529+ messages in thread
From: Greg Kroah-Hartman @ 2023-01-16 15:50 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Nathan Lynch, Nicholas Piggin,
Andrew Donnellan, Michael Ellerman, Sasha Levin
From: Nathan Lynch <nathanl@linux.ibm.com>
[ Upstream commit ed2213bfb192ab51f09f12e9b49b5d482c6493f3 ]
rtas_os_term() is called during panic. Its behavior depends on a couple
of conditions in the /rtas node of the device tree, the traversal of
which entails locking and local IRQ state changes. If the kernel panics
while devtree_lock is held, rtas_os_term() as currently written could
hang.
Instead of discovering the relevant characteristics at panic time,
cache them in file-static variables at boot. Note the lookup for
"ibm,extended-os-term" is converted to of_property_read_bool() since it
is a boolean property, not an RTAS function token.
Signed-off-by: Nathan Lynch <nathanl@linux.ibm.com>
Reviewed-by: Nicholas Piggin <npiggin@gmail.com>
Reviewed-by: Andrew Donnellan <ajd@linux.ibm.com>
[mpe: Incorporate suggested change from Nick]
Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>
Link: https://lore.kernel.org/r/20221118150751.469393-4-nathanl@linux.ibm.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/powerpc/kernel/rtas.c | 13 ++++++++++---
1 file changed, 10 insertions(+), 3 deletions(-)
diff --git a/arch/powerpc/kernel/rtas.c b/arch/powerpc/kernel/rtas.c
index b492cb1c36fd..4c9ed28465b3 100644
--- a/arch/powerpc/kernel/rtas.c
+++ b/arch/powerpc/kernel/rtas.c
@@ -717,6 +717,7 @@ void __noreturn rtas_halt(void)
/* Must be in the RMO region, so we place it here */
static char rtas_os_term_buf[2048];
+static s32 ibm_os_term_token = RTAS_UNKNOWN_SERVICE;
void rtas_os_term(char *str)
{
@@ -728,14 +729,13 @@ void rtas_os_term(char *str)
* this property may terminate the partition which we want to avoid
* since it interferes with panic_timeout.
*/
- if (RTAS_UNKNOWN_SERVICE == rtas_token("ibm,os-term") ||
- RTAS_UNKNOWN_SERVICE == rtas_token("ibm,extended-os-term"))
+ if (ibm_os_term_token == RTAS_UNKNOWN_SERVICE)
return;
snprintf(rtas_os_term_buf, 2048, "OS panic: %s", str);
do {
- status = rtas_call(rtas_token("ibm,os-term"), 1, 1, NULL,
+ status = rtas_call(ibm_os_term_token, 1, 1, NULL,
__pa(rtas_os_term_buf));
} while (rtas_busy_delay(status));
@@ -1332,6 +1332,13 @@ void __init rtas_initialize(void)
no_entry = of_property_read_u32(rtas.dev, "linux,rtas-entry", &entry);
rtas.entry = no_entry ? rtas.base : entry;
+ /*
+ * Discover these now to avoid device tree lookups in the
+ * panic path.
+ */
+ if (of_property_read_bool(rtas.dev, "ibm,extended-os-term"))
+ ibm_os_term_token = rtas_token("ibm,os-term");
+
/* If RTAS was found, allocate the RMO buffer for it and look for
* the stop-self token if any
*/
--
2.35.1
^ permalink raw reply related [flat|nested] 529+ messages in thread
* [PATCH 4.19 364/521] powerpc/rtas: avoid scheduling in rtas_os_term()
2023-01-16 15:44 [PATCH 4.19 000/521] 4.19.270-rc1 review Greg Kroah-Hartman
` (362 preceding siblings ...)
2023-01-16 15:50 ` [PATCH 4.19 363/521] powerpc/rtas: avoid device tree lookups in rtas_os_term() Greg Kroah-Hartman
@ 2023-01-16 15:50 ` Greg Kroah-Hartman
2023-01-16 15:50 ` [PATCH 4.19 365/521] HID: plantronics: Additional PIDs for double volume key presses quirk Greg Kroah-Hartman
` (160 subsequent siblings)
524 siblings, 0 replies; 529+ messages in thread
From: Greg Kroah-Hartman @ 2023-01-16 15:50 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Nathan Lynch, Nicholas Piggin,
Andrew Donnellan, Michael Ellerman, Sasha Levin
From: Nathan Lynch <nathanl@linux.ibm.com>
[ Upstream commit 6c606e57eecc37d6b36d732b1ff7e55b7dc32dd4 ]
It's unsafe to use rtas_busy_delay() to handle a busy status from
the ibm,os-term RTAS function in rtas_os_term():
Kernel panic - not syncing: Attempted to kill init! exitcode=0x0000000b
BUG: sleeping function called from invalid context at arch/powerpc/kernel/rtas.c:618
in_atomic(): 1, irqs_disabled(): 1, non_block: 0, pid: 1, name: swapper/0
preempt_count: 2, expected: 0
CPU: 7 PID: 1 Comm: swapper/0 Tainted: G D 6.0.0-rc5-02182-gf8553a572277-dirty #9
Call Trace:
[c000000007b8f000] [c000000001337110] dump_stack_lvl+0xb4/0x110 (unreliable)
[c000000007b8f040] [c0000000002440e4] __might_resched+0x394/0x3c0
[c000000007b8f0e0] [c00000000004f680] rtas_busy_delay+0x120/0x1b0
[c000000007b8f100] [c000000000052d04] rtas_os_term+0xb8/0xf4
[c000000007b8f180] [c0000000001150fc] pseries_panic+0x50/0x68
[c000000007b8f1f0] [c000000000036354] ppc_panic_platform_handler+0x34/0x50
[c000000007b8f210] [c0000000002303c4] notifier_call_chain+0xd4/0x1c0
[c000000007b8f2b0] [c0000000002306cc] atomic_notifier_call_chain+0xac/0x1c0
[c000000007b8f2f0] [c0000000001d62b8] panic+0x228/0x4d0
[c000000007b8f390] [c0000000001e573c] do_exit+0x140c/0x1420
[c000000007b8f480] [c0000000001e586c] make_task_dead+0xdc/0x200
Use rtas_busy_delay_time() instead, which signals without side effects
whether to attempt the ibm,os-term RTAS call again.
Signed-off-by: Nathan Lynch <nathanl@linux.ibm.com>
Reviewed-by: Nicholas Piggin <npiggin@gmail.com>
Reviewed-by: Andrew Donnellan <ajd@linux.ibm.com>
Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>
Link: https://lore.kernel.org/r/20221118150751.469393-5-nathanl@linux.ibm.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/powerpc/kernel/rtas.c | 7 ++++++-
1 file changed, 6 insertions(+), 1 deletion(-)
diff --git a/arch/powerpc/kernel/rtas.c b/arch/powerpc/kernel/rtas.c
index 4c9ed28465b3..a3f08a380c99 100644
--- a/arch/powerpc/kernel/rtas.c
+++ b/arch/powerpc/kernel/rtas.c
@@ -734,10 +734,15 @@ void rtas_os_term(char *str)
snprintf(rtas_os_term_buf, 2048, "OS panic: %s", str);
+ /*
+ * Keep calling as long as RTAS returns a "try again" status,
+ * but don't use rtas_busy_delay(), which potentially
+ * schedules.
+ */
do {
status = rtas_call(ibm_os_term_token, 1, 1, NULL,
__pa(rtas_os_term_buf));
- } while (rtas_busy_delay(status));
+ } while (rtas_busy_delay_time(status));
if (status != 0)
printk(KERN_EMERG "ibm,os-term call failed %d\n", status);
--
2.35.1
^ permalink raw reply related [flat|nested] 529+ messages in thread
* [PATCH 4.19 365/521] HID: plantronics: Additional PIDs for double volume key presses quirk
2023-01-16 15:44 [PATCH 4.19 000/521] 4.19.270-rc1 review Greg Kroah-Hartman
` (363 preceding siblings ...)
2023-01-16 15:50 ` [PATCH 4.19 364/521] powerpc/rtas: avoid scheduling " Greg Kroah-Hartman
@ 2023-01-16 15:50 ` Greg Kroah-Hartman
2023-01-16 15:50 ` [PATCH 4.19 366/521] hfsplus: fix bug causing custom uid and gid being unable to be assigned with mount Greg Kroah-Hartman
` (159 subsequent siblings)
524 siblings, 0 replies; 529+ messages in thread
From: Greg Kroah-Hartman @ 2023-01-16 15:50 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Terry Junge, Jiri Kosina, Sasha Levin
From: Terry Junge <linuxhid@cosmicgizmosystems.com>
[ Upstream commit 3d57f36c89d8ba32b2c312f397a37fd1a2dc7cfc ]
I no longer work for Plantronics (aka Poly, aka HP) and do not have
access to the headsets in order to test. However, as noted by Maxim,
the other 32xx models that share the same base code set as the 3220
would need the same quirk. This patch adds the PIDs for the rest of
the Blackwire 32XX product family that require the quirk.
Plantronics Blackwire 3210 Series (047f:c055)
Plantronics Blackwire 3215 Series (047f:c057)
Plantronics Blackwire 3225 Series (047f:c058)
Quote from previous patch by Maxim Mikityanskiy
Plantronics Blackwire 3220 Series (047f:c056) sends HID reports twice
for each volume key press. This patch adds a quirk to hid-plantronics
for this product ID, which will ignore the second volume key press if
it happens within 5 ms from the last one that was handled.
The patch was tested on the mentioned model only, it shouldn't affect
other models, however, this quirk might be needed for them too.
Auto-repeat (when a key is held pressed) is not affected, because the
rate is about 3 times per second, which is far less frequent than once
in 5 ms.
End quote
Signed-off-by: Terry Junge <linuxhid@cosmicgizmosystems.com>
Signed-off-by: Jiri Kosina <jkosina@suse.cz>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/hid/hid-ids.h | 3 +++
drivers/hid/hid-plantronics.c | 9 +++++++++
2 files changed, 12 insertions(+)
diff --git a/drivers/hid/hid-ids.h b/drivers/hid/hid-ids.h
index 00943ddbe417..2c9597c8ac92 100644
--- a/drivers/hid/hid-ids.h
+++ b/drivers/hid/hid-ids.h
@@ -908,7 +908,10 @@
#define USB_DEVICE_ID_ORTEK_IHOME_IMAC_A210S 0x8003
#define USB_VENDOR_ID_PLANTRONICS 0x047f
+#define USB_DEVICE_ID_PLANTRONICS_BLACKWIRE_3210_SERIES 0xc055
#define USB_DEVICE_ID_PLANTRONICS_BLACKWIRE_3220_SERIES 0xc056
+#define USB_DEVICE_ID_PLANTRONICS_BLACKWIRE_3215_SERIES 0xc057
+#define USB_DEVICE_ID_PLANTRONICS_BLACKWIRE_3225_SERIES 0xc058
#define USB_VENDOR_ID_PANASONIC 0x04da
#define USB_DEVICE_ID_PANABOARD_UBT780 0x1044
diff --git a/drivers/hid/hid-plantronics.c b/drivers/hid/hid-plantronics.c
index 460711c1124a..3b75cadd543f 100644
--- a/drivers/hid/hid-plantronics.c
+++ b/drivers/hid/hid-plantronics.c
@@ -201,9 +201,18 @@ static int plantronics_probe(struct hid_device *hdev,
}
static const struct hid_device_id plantronics_devices[] = {
+ { HID_USB_DEVICE(USB_VENDOR_ID_PLANTRONICS,
+ USB_DEVICE_ID_PLANTRONICS_BLACKWIRE_3210_SERIES),
+ .driver_data = PLT_QUIRK_DOUBLE_VOLUME_KEYS },
{ HID_USB_DEVICE(USB_VENDOR_ID_PLANTRONICS,
USB_DEVICE_ID_PLANTRONICS_BLACKWIRE_3220_SERIES),
.driver_data = PLT_QUIRK_DOUBLE_VOLUME_KEYS },
+ { HID_USB_DEVICE(USB_VENDOR_ID_PLANTRONICS,
+ USB_DEVICE_ID_PLANTRONICS_BLACKWIRE_3215_SERIES),
+ .driver_data = PLT_QUIRK_DOUBLE_VOLUME_KEYS },
+ { HID_USB_DEVICE(USB_VENDOR_ID_PLANTRONICS,
+ USB_DEVICE_ID_PLANTRONICS_BLACKWIRE_3225_SERIES),
+ .driver_data = PLT_QUIRK_DOUBLE_VOLUME_KEYS },
{ HID_USB_DEVICE(USB_VENDOR_ID_PLANTRONICS, HID_ANY_ID) },
{ }
};
--
2.35.1
^ permalink raw reply related [flat|nested] 529+ messages in thread
* [PATCH 4.19 366/521] hfsplus: fix bug causing custom uid and gid being unable to be assigned with mount
2023-01-16 15:44 [PATCH 4.19 000/521] 4.19.270-rc1 review Greg Kroah-Hartman
` (364 preceding siblings ...)
2023-01-16 15:50 ` [PATCH 4.19 365/521] HID: plantronics: Additional PIDs for double volume key presses quirk Greg Kroah-Hartman
@ 2023-01-16 15:50 ` Greg Kroah-Hartman
2023-01-16 15:50 ` [PATCH 4.19 367/521] ovl: Use ovl mounters fsuid and fsgid in ovl_link() Greg Kroah-Hartman
` (158 subsequent siblings)
524 siblings, 0 replies; 529+ messages in thread
From: Greg Kroah-Hartman @ 2023-01-16 15:50 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Aditya Garg, Viacheslav Dubeyko,
Andrew Morton
From: Aditya Garg <gargaditya08@live.com>
commit 9f2b5debc07073e6dfdd774e3594d0224b991927 upstream.
Despite specifying UID and GID in mount command, the specified UID and GID
were not being assigned. This patch fixes this issue.
Link: https://lkml.kernel.org/r/C0264BF5-059C-45CF-B8DA-3A3BD2C803A2@live.com
Signed-off-by: Aditya Garg <gargaditya08@live.com>
Reviewed-by: Viacheslav Dubeyko <slava@dubeyko.com>
Cc: <stable@vger.kernel.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/hfsplus/hfsplus_fs.h | 2 ++
fs/hfsplus/inode.c | 4 ++--
fs/hfsplus/options.c | 4 ++++
3 files changed, 8 insertions(+), 2 deletions(-)
--- a/fs/hfsplus/hfsplus_fs.h
+++ b/fs/hfsplus/hfsplus_fs.h
@@ -198,6 +198,8 @@ struct hfsplus_sb_info {
#define HFSPLUS_SB_HFSX 3
#define HFSPLUS_SB_CASEFOLD 4
#define HFSPLUS_SB_NOBARRIER 5
+#define HFSPLUS_SB_UID 6
+#define HFSPLUS_SB_GID 7
static inline struct hfsplus_sb_info *HFSPLUS_SB(struct super_block *sb)
{
--- a/fs/hfsplus/inode.c
+++ b/fs/hfsplus/inode.c
@@ -187,11 +187,11 @@ static void hfsplus_get_perms(struct ino
mode = be16_to_cpu(perms->mode);
i_uid_write(inode, be32_to_cpu(perms->owner));
- if (!i_uid_read(inode) && !mode)
+ if ((test_bit(HFSPLUS_SB_UID, &sbi->flags)) || (!i_uid_read(inode) && !mode))
inode->i_uid = sbi->uid;
i_gid_write(inode, be32_to_cpu(perms->group));
- if (!i_gid_read(inode) && !mode)
+ if ((test_bit(HFSPLUS_SB_GID, &sbi->flags)) || (!i_gid_read(inode) && !mode))
inode->i_gid = sbi->gid;
if (dir) {
--- a/fs/hfsplus/options.c
+++ b/fs/hfsplus/options.c
@@ -140,6 +140,8 @@ int hfsplus_parse_options(char *input, s
if (!uid_valid(sbi->uid)) {
pr_err("invalid uid specified\n");
return 0;
+ } else {
+ set_bit(HFSPLUS_SB_UID, &sbi->flags);
}
break;
case opt_gid:
@@ -151,6 +153,8 @@ int hfsplus_parse_options(char *input, s
if (!gid_valid(sbi->gid)) {
pr_err("invalid gid specified\n");
return 0;
+ } else {
+ set_bit(HFSPLUS_SB_GID, &sbi->flags);
}
break;
case opt_part:
^ permalink raw reply [flat|nested] 529+ messages in thread
* [PATCH 4.19 367/521] ovl: Use ovl mounters fsuid and fsgid in ovl_link()
2023-01-16 15:44 [PATCH 4.19 000/521] 4.19.270-rc1 review Greg Kroah-Hartman
` (365 preceding siblings ...)
2023-01-16 15:50 ` [PATCH 4.19 366/521] hfsplus: fix bug causing custom uid and gid being unable to be assigned with mount Greg Kroah-Hartman
@ 2023-01-16 15:50 ` Greg Kroah-Hartman
2023-01-16 15:50 ` [PATCH 4.19 368/521] ALSA: line6: correct midi status byte when receiving data from podxt Greg Kroah-Hartman
` (157 subsequent siblings)
524 siblings, 0 replies; 529+ messages in thread
From: Greg Kroah-Hartman @ 2023-01-16 15:50 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Zhang Tianci, Jiachen Zhang,
Christian Brauner (Microsoft),
Miklos Szeredi
From: Zhang Tianci <zhangtianci.1997@bytedance.com>
commit 5b0db51215e895a361bc63132caa7cca36a53d6a upstream.
There is a wrong case of link() on overlay:
$ mkdir /lower /fuse /merge
$ mount -t fuse /fuse
$ mkdir /fuse/upper /fuse/work
$ mount -t overlay /merge -o lowerdir=/lower,upperdir=/fuse/upper,\
workdir=work
$ touch /merge/file
$ chown bin.bin /merge/file // the file's caller becomes "bin"
$ ln /merge/file /merge/lnkfile
Then we will get an error(EACCES) because fuse daemon checks the link()'s
caller is "bin", it denied this request.
In the changing history of ovl_link(), there are two key commits:
The first is commit bb0d2b8ad296 ("ovl: fix sgid on directory") which
overrides the cred's fsuid/fsgid using the new inode. The new inode's
owner is initialized by inode_init_owner(), and inode->fsuid is
assigned to the current user. So the override fsuid becomes the
current user. We know link() is actually modifying the directory, so
the caller must have the MAY_WRITE permission on the directory. The
current caller may should have this permission. This is acceptable
to use the caller's fsuid.
The second is commit 51f7e52dc943 ("ovl: share inode for hard link")
which removed the inode creation in ovl_link(). This commit move
inode_init_owner() into ovl_create_object(), so the ovl_link() just
give the old inode to ovl_create_or_link(). Then the override fsuid
becomes the old inode's fsuid, neither the caller nor the overlay's
mounter! So this is incorrect.
Fix this bug by using ovl mounter's fsuid/fsgid to do underlying
fs's link().
Link: https://lore.kernel.org/all/20220817102952.xnvesg3a7rbv576x@wittgenstein/T
Link: https://lore.kernel.org/lkml/20220825130552.29587-1-zhangtianci.1997@bytedance.com/t
Signed-off-by: Zhang Tianci <zhangtianci.1997@bytedance.com>
Signed-off-by: Jiachen Zhang <zhangjiachen.jaycee@bytedance.com>
Reviewed-by: Christian Brauner (Microsoft) <brauner@kernel.org>
Fixes: 51f7e52dc943 ("ovl: share inode for hard link")
Cc: <stable@vger.kernel.org> # v4.8
Signed-off-by: Miklos Szeredi <mszeredi@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/overlayfs/dir.c | 46 ++++++++++++++++++++++++++++++----------------
1 file changed, 30 insertions(+), 16 deletions(-)
--- a/fs/overlayfs/dir.c
+++ b/fs/overlayfs/dir.c
@@ -561,28 +561,42 @@ static int ovl_create_or_link(struct den
goto out_revert_creds;
}
- err = -ENOMEM;
- override_cred = prepare_creds();
- if (override_cred) {
+ if (!attr->hardlink) {
+ err = -ENOMEM;
+ override_cred = prepare_creds();
+ if (!override_cred)
+ goto out_revert_creds;
+ /*
+ * In the creation cases(create, mkdir, mknod, symlink),
+ * ovl should transfer current's fs{u,g}id to underlying
+ * fs. Because underlying fs want to initialize its new
+ * inode owner using current's fs{u,g}id. And in this
+ * case, the @inode is a new inode that is initialized
+ * in inode_init_owner() to current's fs{u,g}id. So use
+ * the inode's i_{u,g}id to override the cred's fs{u,g}id.
+ *
+ * But in the other hardlink case, ovl_link() does not
+ * create a new inode, so just use the ovl mounter's
+ * fs{u,g}id.
+ */
override_cred->fsuid = inode->i_uid;
override_cred->fsgid = inode->i_gid;
- if (!attr->hardlink) {
- err = security_dentry_create_files_as(dentry,
- attr->mode, &dentry->d_name, old_cred,
- override_cred);
- if (err) {
- put_cred(override_cred);
- goto out_revert_creds;
- }
+ err = security_dentry_create_files_as(dentry,
+ attr->mode, &dentry->d_name, old_cred,
+ override_cred);
+ if (err) {
+ put_cred(override_cred);
+ goto out_revert_creds;
}
put_cred(override_creds(override_cred));
put_cred(override_cred);
-
- if (!ovl_dentry_is_whiteout(dentry))
- err = ovl_create_upper(dentry, inode, attr);
- else
- err = ovl_create_over_whiteout(dentry, inode, attr);
}
+
+ if (!ovl_dentry_is_whiteout(dentry))
+ err = ovl_create_upper(dentry, inode, attr);
+ else
+ err = ovl_create_over_whiteout(dentry, inode, attr);
+
out_revert_creds:
revert_creds(old_cred);
return err;
^ permalink raw reply [flat|nested] 529+ messages in thread
* [PATCH 4.19 368/521] ALSA: line6: correct midi status byte when receiving data from podxt
2023-01-16 15:44 [PATCH 4.19 000/521] 4.19.270-rc1 review Greg Kroah-Hartman
` (366 preceding siblings ...)
2023-01-16 15:50 ` [PATCH 4.19 367/521] ovl: Use ovl mounters fsuid and fsgid in ovl_link() Greg Kroah-Hartman
@ 2023-01-16 15:50 ` Greg Kroah-Hartman
2023-01-16 15:50 ` [PATCH 4.19 369/521] ALSA: line6: fix stack overflow in line6_midi_transmit Greg Kroah-Hartman
` (156 subsequent siblings)
524 siblings, 0 replies; 529+ messages in thread
From: Greg Kroah-Hartman @ 2023-01-16 15:50 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Artem Egorkine, Takashi Iwai
From: Artem Egorkine <arteme@gmail.com>
commit 8508fa2e7472f673edbeedf1b1d2b7a6bb898ecc upstream.
A PODxt device sends 0xb2, 0xc2 or 0xf2 as a status byte for MIDI
messages over USB that should otherwise have a 0xb0, 0xc0 or 0xf0
status byte. This is usually corrected by the driver on other OSes.
This fixes MIDI sysex messages sent by PODxt.
[ tiwai: fixed white spaces ]
Signed-off-by: Artem Egorkine <arteme@gmail.com>
Cc: <stable@vger.kernel.org>
Link: https://lore.kernel.org/r/20221225105728.1153989-1-arteme@gmail.com
Signed-off-by: Takashi Iwai <tiwai@suse.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
sound/usb/line6/driver.c | 3 ++-
sound/usb/line6/midi.c | 3 ++-
sound/usb/line6/midibuf.c | 25 +++++++++++++++++--------
sound/usb/line6/midibuf.h | 5 ++++-
sound/usb/line6/pod.c | 3 ++-
5 files changed, 27 insertions(+), 12 deletions(-)
--- a/sound/usb/line6/driver.c
+++ b/sound/usb/line6/driver.c
@@ -318,7 +318,8 @@ static void line6_data_received(struct u
for (;;) {
done =
line6_midibuf_read(mb, line6->buffer_message,
- LINE6_MIDI_MESSAGE_MAXLEN);
+ LINE6_MIDI_MESSAGE_MAXLEN,
+ LINE6_MIDIBUF_READ_RX);
if (done <= 0)
break;
--- a/sound/usb/line6/midi.c
+++ b/sound/usb/line6/midi.c
@@ -60,7 +60,8 @@ static void line6_midi_transmit(struct s
for (;;) {
done = line6_midibuf_read(mb, chunk,
- LINE6_FALLBACK_MAXPACKETSIZE);
+ LINE6_FALLBACK_MAXPACKETSIZE,
+ LINE6_MIDIBUF_READ_TX);
if (done == 0)
break;
--- a/sound/usb/line6/midibuf.c
+++ b/sound/usb/line6/midibuf.c
@@ -13,6 +13,7 @@
#include "midibuf.h"
+
static int midibuf_message_length(unsigned char code)
{
int message_length;
@@ -24,12 +25,7 @@ static int midibuf_message_length(unsign
message_length = length[(code >> 4) - 8];
} else {
- /*
- Note that according to the MIDI specification 0xf2 is
- the "Song Position Pointer", but this is used by Line 6
- to send sysex messages to the host.
- */
- static const int length[] = { -1, 2, -1, 2, -1, -1, 1, 1, 1, 1,
+ static const int length[] = { -1, 2, 2, 2, -1, -1, 1, 1, 1, -1,
1, 1, 1, -1, 1, 1
};
message_length = length[code & 0x0f];
@@ -129,7 +125,7 @@ int line6_midibuf_write(struct midi_buff
}
int line6_midibuf_read(struct midi_buffer *this, unsigned char *data,
- int length)
+ int length, int read_type)
{
int bytes_used;
int length1, length2;
@@ -152,9 +148,22 @@ int line6_midibuf_read(struct midi_buffe
length1 = this->size - this->pos_read;
- /* check MIDI command length */
command = this->buf[this->pos_read];
+ /*
+ PODxt always has status byte lower nibble set to 0010,
+ when it means to send 0000, so we correct if here so
+ that control/program changes come on channel 1 and
+ sysex message status byte is correct
+ */
+ if (read_type == LINE6_MIDIBUF_READ_RX) {
+ if (command == 0xb2 || command == 0xc2 || command == 0xf2) {
+ unsigned char fixed = command & 0xf0;
+ this->buf[this->pos_read] = fixed;
+ command = fixed;
+ }
+ }
+ /* check MIDI command length */
if (command & 0x80) {
midi_length = midibuf_message_length(command);
this->command_prev = command;
--- a/sound/usb/line6/midibuf.h
+++ b/sound/usb/line6/midibuf.h
@@ -12,6 +12,9 @@
#ifndef MIDIBUF_H
#define MIDIBUF_H
+#define LINE6_MIDIBUF_READ_TX 0
+#define LINE6_MIDIBUF_READ_RX 1
+
struct midi_buffer {
unsigned char *buf;
int size;
@@ -27,7 +30,7 @@ extern void line6_midibuf_destroy(struct
extern int line6_midibuf_ignore(struct midi_buffer *mb, int length);
extern int line6_midibuf_init(struct midi_buffer *mb, int size, int split);
extern int line6_midibuf_read(struct midi_buffer *mb, unsigned char *data,
- int length);
+ int length, int read_type);
extern void line6_midibuf_reset(struct midi_buffer *mb);
extern int line6_midibuf_write(struct midi_buffer *mb, unsigned char *data,
int length);
--- a/sound/usb/line6/pod.c
+++ b/sound/usb/line6/pod.c
@@ -169,8 +169,9 @@ static struct line6_pcm_properties pod_p
.bytes_per_channel = 3 /* SNDRV_PCM_FMTBIT_S24_3LE */
};
+
static const char pod_version_header[] = {
- 0xf2, 0x7e, 0x7f, 0x06, 0x02
+ 0xf0, 0x7e, 0x7f, 0x06, 0x02
};
/* forward declarations: */
^ permalink raw reply [flat|nested] 529+ messages in thread
* [PATCH 4.19 369/521] ALSA: line6: fix stack overflow in line6_midi_transmit
2023-01-16 15:44 [PATCH 4.19 000/521] 4.19.270-rc1 review Greg Kroah-Hartman
` (367 preceding siblings ...)
2023-01-16 15:50 ` [PATCH 4.19 368/521] ALSA: line6: correct midi status byte when receiving data from podxt Greg Kroah-Hartman
@ 2023-01-16 15:50 ` Greg Kroah-Hartman
2023-01-16 15:50 ` [PATCH 4.19 370/521] pnode: terminate at peers of source Greg Kroah-Hartman
` (155 subsequent siblings)
524 siblings, 0 replies; 529+ messages in thread
From: Greg Kroah-Hartman @ 2023-01-16 15:50 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Artem Egorkine, Takashi Iwai
From: Artem Egorkine <arteme@gmail.com>
commit b8800d324abb50160560c636bfafe2c81001b66c upstream.
Correctly calculate available space including the size of the chunk
buffer. This fixes a buffer overflow when multiple MIDI sysex
messages are sent to a PODxt device.
Signed-off-by: Artem Egorkine <arteme@gmail.com>
Cc: <stable@vger.kernel.org>
Link: https://lore.kernel.org/r/20221225105728.1153989-2-arteme@gmail.com
Signed-off-by: Takashi Iwai <tiwai@suse.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
sound/usb/line6/midi.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
--- a/sound/usb/line6/midi.c
+++ b/sound/usb/line6/midi.c
@@ -48,7 +48,8 @@ static void line6_midi_transmit(struct s
int req, done;
for (;;) {
- req = min(line6_midibuf_bytes_free(mb), line6->max_packet_size);
+ req = min3(line6_midibuf_bytes_free(mb), line6->max_packet_size,
+ LINE6_FALLBACK_MAXPACKETSIZE);
done = snd_rawmidi_transmit_peek(substream, chunk, req);
if (done == 0)
^ permalink raw reply [flat|nested] 529+ messages in thread
* [PATCH 4.19 370/521] pnode: terminate at peers of source
2023-01-16 15:44 [PATCH 4.19 000/521] 4.19.270-rc1 review Greg Kroah-Hartman
` (368 preceding siblings ...)
2023-01-16 15:50 ` [PATCH 4.19 369/521] ALSA: line6: fix stack overflow in line6_midi_transmit Greg Kroah-Hartman
@ 2023-01-16 15:50 ` Greg Kroah-Hartman
2023-01-16 15:50 ` [PATCH 4.19 371/521] md: fix a crash in mempool_free Greg Kroah-Hartman
` (154 subsequent siblings)
524 siblings, 0 replies; 529+ messages in thread
From: Greg Kroah-Hartman @ 2023-01-16 15:50 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Ditang Chen,
Seth Forshee (Digital Ocean), Christian Brauner (Microsoft)
From: Christian Brauner <brauner@kernel.org>
commit 11933cf1d91d57da9e5c53822a540bbdc2656c16 upstream.
The propagate_mnt() function handles mount propagation when creating
mounts and propagates the source mount tree @source_mnt to all
applicable nodes of the destination propagation mount tree headed by
@dest_mnt.
Unfortunately it contains a bug where it fails to terminate at peers of
@source_mnt when looking up copies of the source mount that become
masters for copies of the source mount tree mounted on top of slaves in
the destination propagation tree causing a NULL dereference.
Once the mechanics of the bug are understood it's easy to trigger.
Because of unprivileged user namespaces it is available to unprivileged
users.
While fixing this bug we've gotten confused multiple times due to
unclear terminology or missing concepts. So let's start this with some
clarifications:
* The terms "master" or "peer" denote a shared mount. A shared mount
belongs to a peer group.
* A peer group is a set of shared mounts that propagate to each other.
They are identified by a peer group id. The peer group id is available
in @shared_mnt->mnt_group_id.
Shared mounts within the same peer group have the same peer group id.
The peers in a peer group can be reached via @shared_mnt->mnt_share.
* The terms "slave mount" or "dependent mount" denote a mount that
receives propagation from a peer in a peer group. IOW, shared mounts
may have slave mounts and slave mounts have shared mounts as their
master. Slave mounts of a given peer in a peer group are listed on
that peers slave list available at @shared_mnt->mnt_slave_list.
* The term "master mount" denotes a mount in a peer group. IOW, it
denotes a shared mount or a peer mount in a peer group. The term
"master mount" - or "master" for short - is mostly used when talking
in the context of slave mounts that receive propagation from a master
mount. A master mount of a slave identifies the closest peer group a
slave mount receives propagation from. The master mount of a slave can
be identified via @slave_mount->mnt_master. Different slaves may point
to different masters in the same peer group.
* Multiple peers in a peer group can have non-empty ->mnt_slave_lists.
Non-empty ->mnt_slave_lists of peers don't intersect. Consequently, to
ensure all slave mounts of a peer group are visited the
->mnt_slave_lists of all peers in a peer group have to be walked.
* Slave mounts point to a peer in the closest peer group they receive
propagation from via @slave_mnt->mnt_master (see above). Together with
these peers they form a propagation group (see below). The closest
peer group can thus be identified through the peer group id
@slave_mnt->mnt_master->mnt_group_id of the peer/master that a slave
mount receives propagation from.
* A shared-slave mount is a slave mount to a peer group pg1 while also
a peer in another peer group pg2. IOW, a peer group may receive
propagation from another peer group.
If a peer group pg1 is a slave to another peer group pg2 then all
peers in peer group pg1 point to the same peer in peer group pg2 via
->mnt_master. IOW, all peers in peer group pg1 appear on the same
->mnt_slave_list. IOW, they cannot be slaves to different peer groups.
* A pure slave mount is a slave mount that is a slave to a peer group
but is not a peer in another peer group.
* A propagation group denotes the set of mounts consisting of a single
peer group pg1 and all slave mounts and shared-slave mounts that point
to a peer in that peer group via ->mnt_master. IOW, all slave mounts
such that @slave_mnt->mnt_master->mnt_group_id is equal to
@shared_mnt->mnt_group_id.
The concept of a propagation group makes it easier to talk about a
single propagation level in a propagation tree.
For example, in propagate_mnt() the immediate peers of @dest_mnt and
all slaves of @dest_mnt's peer group form a propagation group propg1.
So a shared-slave mount that is a slave in propg1 and that is a peer
in another peer group pg2 forms another propagation group propg2
together with all slaves that point to that shared-slave mount in
their ->mnt_master.
* A propagation tree refers to all mounts that receive propagation
starting from a specific shared mount.
For example, for propagate_mnt() @dest_mnt is the start of a
propagation tree. The propagation tree ecompasses all mounts that
receive propagation from @dest_mnt's peer group down to the leafs.
With that out of the way let's get to the actual algorithm.
We know that @dest_mnt is guaranteed to be a pure shared mount or a
shared-slave mount. This is guaranteed by a check in
attach_recursive_mnt(). So propagate_mnt() will first propagate the
source mount tree to all peers in @dest_mnt's peer group:
for (n = next_peer(dest_mnt); n != dest_mnt; n = next_peer(n)) {
ret = propagate_one(n);
if (ret)
goto out;
}
Notice, that the peer propagation loop of propagate_mnt() doesn't
propagate @dest_mnt itself. @dest_mnt is mounted directly in
attach_recursive_mnt() after we propagated to the destination
propagation tree.
The mount that will be mounted on top of @dest_mnt is @source_mnt. This
copy was created earlier even before we entered attach_recursive_mnt()
and doesn't concern us a lot here.
It's just important to notice that when propagate_mnt() is called
@source_mnt will not yet have been mounted on top of @dest_mnt. Thus,
@source_mnt->mnt_parent will either still point to @source_mnt or - in
the case @source_mnt is moved and thus already attached - still to its
former parent.
For each peer @m in @dest_mnt's peer group propagate_one() will create a
new copy of the source mount tree and mount that copy @child on @m such
that @child->mnt_parent points to @m after propagate_one() returns.
propagate_one() will stash the last destination propagation node @m in
@last_dest and the last copy it created for the source mount tree in
@last_source.
Hence, if we call into propagate_one() again for the next destination
propagation node @m, @last_dest will point to the previous destination
propagation node and @last_source will point to the previous copy of the
source mount tree and mounted on @last_dest.
Each new copy of the source mount tree is created from the previous copy
of the source mount tree. This will become important later.
The peer loop in propagate_mnt() is straightforward. We iterate through
the peers copying and updating @last_source and @last_dest as we go
through them and mount each copy of the source mount tree @child on a
peer @m in @dest_mnt's peer group.
After propagate_mnt() handled the peers in @dest_mnt's peer group
propagate_mnt() will propagate the source mount tree down the
propagation tree that @dest_mnt's peer group propagates to:
for (m = next_group(dest_mnt, dest_mnt); m;
m = next_group(m, dest_mnt)) {
/* everything in that slave group */
n = m;
do {
ret = propagate_one(n);
if (ret)
goto out;
n = next_peer(n);
} while (n != m);
}
The next_group() helper will recursively walk the destination
propagation tree, descending into each propagation group of the
propagation tree.
The important part is that it takes care to propagate the source mount
tree to all peers in the peer group of a propagation group before it
propagates to the slaves to those peers in the propagation group. IOW,
it creates and mounts copies of the source mount tree that become
masters before it creates and mounts copies of the source mount tree
that become slaves to these masters.
It is important to remember that propagating the source mount tree to
each mount @m in the destination propagation tree simply means that we
create and mount new copies @child of the source mount tree on @m such
that @child->mnt_parent points to @m.
Since we know that each node @m in the destination propagation tree
headed by @dest_mnt's peer group will be overmounted with a copy of the
source mount tree and since we know that the propagation properties of
each copy of the source mount tree we create and mount at @m will mostly
mirror the propagation properties of @m. We can use that information to
create and mount the copies of the source mount tree that become masters
before their slaves.
The easy case is always when @m and @last_dest are peers in a peer group
of a given propagation group. In that case we know that we can simply
copy @last_source without having to figure out what the master for the
new copy @child of the source mount tree needs to be as we've done that
in a previous call to propagate_one().
The hard case is when we're dealing with a slave mount or a shared-slave
mount @m in a destination propagation group that we need to create and
mount a copy of the source mount tree on.
For each propagation group in the destination propagation tree we
propagate the source mount tree to we want to make sure that the copies
@child of the source mount tree we create and mount on slaves @m pick an
ealier copy of the source mount tree that we mounted on a master @m of
the destination propagation group as their master. This is a mouthful
but as far as we can tell that's the core of it all.
But, if we keep track of the masters in the destination propagation tree
@m we can use the information to find the correct master for each copy
of the source mount tree we create and mount at the slaves in the
destination propagation tree @m.
Let's walk through the base case as that's still fairly easy to grasp.
If we're dealing with the first slave in the propagation group that
@dest_mnt is in then we don't yet have marked any masters in the
destination propagation tree.
We know the master for the first slave to @dest_mnt's peer group is
simple @dest_mnt. So we expect this algorithm to yield a copy of the
source mount tree that was mounted on a peer in @dest_mnt's peer group
as the master for the copy of the source mount tree we want to mount at
the first slave @m:
for (n = m; ; n = p) {
p = n->mnt_master;
if (p == dest_master || IS_MNT_MARKED(p))
break;
}
For the first slave we walk the destination propagation tree all the way
up to a peer in @dest_mnt's peer group. IOW, the propagation hierarchy
can be walked by walking up the @mnt->mnt_master hierarchy of the
destination propagation tree @m. We will ultimately find a peer in
@dest_mnt's peer group and thus ultimately @dest_mnt->mnt_master.
Btw, here the assumption we listed at the beginning becomes important.
Namely, that peers in a peer group pg1 that are slaves in another peer
group pg2 appear on the same ->mnt_slave_list. IOW, all slaves who are
peers in peer group pg1 point to the same peer in peer group pg2 via
their ->mnt_master. Otherwise the termination condition in the code
above would be wrong and next_group() would be broken too.
So the first iteration sets:
n = m;
p = n->mnt_master;
such that @p now points to a peer or @dest_mnt itself. We walk up one
more level since we don't have any marked mounts. So we end up with:
n = dest_mnt;
p = dest_mnt->mnt_master;
If @dest_mnt's peer group is not slave to another peer group then @p is
now NULL. If @dest_mnt's peer group is a slave to another peer group
then @p now points to @dest_mnt->mnt_master points which is a master
outside the propagation tree we're dealing with.
Now we need to figure out the master for the copy of the source mount
tree we're about to create and mount on the first slave of @dest_mnt's
peer group:
do {
struct mount *parent = last_source->mnt_parent;
if (last_source == first_source)
break;
done = parent->mnt_master == p;
if (done && peers(n, parent))
break;
last_source = last_source->mnt_master;
} while (!done);
We know that @last_source->mnt_parent points to @last_dest and
@last_dest is the last peer in @dest_mnt's peer group we propagated to
in the peer loop in propagate_mnt().
Consequently, @last_source is the last copy we created and mount on that
last peer in @dest_mnt's peer group. So @last_source is the master we
want to pick.
We know that @last_source->mnt_parent->mnt_master points to
@last_dest->mnt_master. We also know that @last_dest->mnt_master is
either NULL or points to a master outside of the destination propagation
tree and so does @p. Hence:
done = parent->mnt_master == p;
is trivially true in the base condition.
We also know that for the first slave mount of @dest_mnt's peer group
that @last_dest either points @dest_mnt itself because it was
initialized to:
last_dest = dest_mnt;
at the beginning of propagate_mnt() or it will point to a peer of
@dest_mnt in its peer group. In both cases it is guaranteed that on the
first iteration @n and @parent are peers (Please note the check for
peers here as that's important.):
if (done && peers(n, parent))
break;
So, as we expected, we select @last_source, which referes to the last
copy of the source mount tree we mounted on the last peer in @dest_mnt's
peer group, as the master of the first slave in @dest_mnt's peer group.
The rest is taken care of by clone_mnt(last_source, ...). We'll skip
over that part otherwise this becomes a blogpost.
At the end of propagate_mnt() we now mark @m->mnt_master as the first
master in the destination propagation tree that is distinct from
@dest_mnt->mnt_master. IOW, we mark @dest_mnt itself as a master.
By marking @dest_mnt or one of it's peers we are able to easily find it
again when we later lookup masters for other copies of the source mount
tree we mount copies of the source mount tree on slaves @m to
@dest_mnt's peer group. This, in turn allows us to find the master we
selected for the copies of the source mount tree we mounted on master in
the destination propagation tree again.
The important part is to realize that the code makes use of the fact
that the last copy of the source mount tree stashed in @last_source was
mounted on top of the previous destination propagation node @last_dest.
What this means is that @last_source allows us to walk the destination
propagation hierarchy the same way each destination propagation node @m
does.
If we take @last_source, which is the copy of @source_mnt we have
mounted on @last_dest in the previous iteration of propagate_one(), then
we know @last_source->mnt_parent points to @last_dest but we also know
that as we walk through the destination propagation tree that
@last_source->mnt_master will point to an earlier copy of the source
mount tree we mounted one an earlier destination propagation node @m.
IOW, @last_source->mnt_parent will be our hook into the destination
propagation tree and each consecutive @last_source->mnt_master will lead
us to an earlier propagation node @m via
@last_source->mnt_master->mnt_parent.
Hence, by walking up @last_source->mnt_master, each of which is mounted
on a node that is a master @m in the destination propagation tree we can
also walk up the destination propagation hierarchy.
So, for each new destination propagation node @m we use the previous
copy of @last_source and the fact it's mounted on the previous
propagation node @last_dest via @last_source->mnt_master->mnt_parent to
determine what the master of the new copy of @last_source needs to be.
The goal is to find the _closest_ master that the new copy of the source
mount tree we are about to create and mount on a slave @m in the
destination propagation tree needs to pick. IOW, we want to find a
suitable master in the propagation group.
As the propagation structure of the source mount propagation tree we
create mirrors the propagation structure of the destination propagation
tree we can find @m's closest master - i.e., a marked master - which is
a peer in the closest peer group that @m receives propagation from. We
store that closest master of @m in @p as before and record the slave to
that master in @n
We then search for this master @p via @last_source by walking up the
master hierarchy starting from the last copy of the source mount tree
stored in @last_source that we created and mounted on the previous
destination propagation node @m.
We will try to find the master by walking @last_source->mnt_master and
by comparing @last_source->mnt_master->mnt_parent->mnt_master to @p. If
we find @p then we can figure out what earlier copy of the source mount
tree needs to be the master for the new copy of the source mount tree
we're about to create and mount at the current destination propagation
node @m.
If @last_source->mnt_master->mnt_parent and @n are peers then we know
that the closest master they receive propagation from is
@last_source->mnt_master->mnt_parent->mnt_master. If not then the
closest immediate peer group that they receive propagation from must be
one level higher up.
This builds on the earlier clarification at the beginning that all peers
in a peer group which are slaves of other peer groups all point to the
same ->mnt_master, i.e., appear on the same ->mnt_slave_list, of the
closest peer group that they receive propagation from.
However, terminating the walk has corner cases.
If the closest marked master for a given destination node @m cannot be
found by walking up the master hierarchy via @last_source->mnt_master
then we need to terminate the walk when we encounter @source_mnt again.
This isn't an arbitrary termination. It simply means that the new copy
of the source mount tree we're about to create has a copy of the source
mount tree we created and mounted on a peer in @dest_mnt's peer group as
its master. IOW, @source_mnt is the peer in the closest peer group that
the new copy of the source mount tree receives propagation from.
We absolutely have to stop @source_mnt because @last_source->mnt_master
either points outside the propagation hierarchy we're dealing with or it
is NULL because @source_mnt isn't a shared-slave.
So continuing the walk past @source_mnt would cause a NULL dereference
via @last_source->mnt_master->mnt_parent. And so we have to stop the
walk when we encounter @source_mnt again.
One scenario where this can happen is when we first handled a series of
slaves of @dest_mnt's peer group and then encounter peers in a new peer
group that is a slave to @dest_mnt's peer group. We handle them and then
we encounter another slave mount to @dest_mnt that is a pure slave to
@dest_mnt's peer group. That pure slave will have a peer in @dest_mnt's
peer group as its master. Consequently, the new copy of the source mount
tree will need to have @source_mnt as it's master. So we walk the
propagation hierarchy all the way up to @source_mnt based on
@last_source->mnt_master.
So terminate on @source_mnt, easy peasy. Except, that the check misses
something that the rest of the algorithm already handles.
If @dest_mnt has peers in it's peer group the peer loop in
propagate_mnt():
for (n = next_peer(dest_mnt); n != dest_mnt; n = next_peer(n)) {
ret = propagate_one(n);
if (ret)
goto out;
}
will consecutively update @last_source with each previous copy of the
source mount tree we created and mounted at the previous peer in
@dest_mnt's peer group. So after that loop terminates @last_source will
point to whatever copy of the source mount tree was created and mounted
on the last peer in @dest_mnt's peer group.
Furthermore, if there is even a single additional peer in @dest_mnt's
peer group then @last_source will __not__ point to @source_mnt anymore.
Because, as we mentioned above, @dest_mnt isn't even handled in this
loop but directly in attach_recursive_mnt(). So it can't even accidently
come last in that peer loop.
So the first time we handle a slave mount @m of @dest_mnt's peer group
the copy of the source mount tree we create will make the __last copy of
the source mount tree we created and mounted on the last peer in
@dest_mnt's peer group the master of the new copy of the source mount
tree we create and mount on the first slave of @dest_mnt's peer group__.
But this means that the termination condition that checks for
@source_mnt is wrong. The @source_mnt cannot be found anymore by
propagate_one(). Instead it will find the last copy of the source mount
tree we created and mounted for the last peer of @dest_mnt's peer group
again. And that is a peer of @source_mnt not @source_mnt itself.
IOW, we fail to terminate the loop correctly and ultimately dereference
@last_source->mnt_master->mnt_parent. When @source_mnt's peer group
isn't slave to another peer group then @last_source->mnt_master is NULL
causing the splat below.
For example, assume @dest_mnt is a pure shared mount and has three peers
in its peer group:
===================================================================================
mount-id mount-parent-id peer-group-id
===================================================================================
(@dest_mnt) mnt_master[216] 309 297 shared:216
\
(@source_mnt) mnt_master[218]: 609 609 shared:218
(1) mnt_master[216]: 607 605 shared:216
\
(P1) mnt_master[218]: 624 607 shared:218
(2) mnt_master[216]: 576 574 shared:216
\
(P2) mnt_master[218]: 625 576 shared:218
(3) mnt_master[216]: 545 543 shared:216
\
(P3) mnt_master[218]: 626 545 shared:218
After this sequence has been processed @last_source will point to (P3),
the copy generated for the third peer in @dest_mnt's peer group we
handled. So the copy of the source mount tree (P4) we create and mount
on the first slave of @dest_mnt's peer group:
===================================================================================
mount-id mount-parent-id peer-group-id
===================================================================================
mnt_master[216] 309 297 shared:216
/
/
(S0) mnt_slave 483 481 master:216
\
\ (P3) mnt_master[218] 626 545 shared:218
\ /
\/
(P4) mnt_slave 627 483 master:218
will pick the last copy of the source mount tree (P3) as master, not (S0).
When walking the propagation hierarchy via @last_source's master
hierarchy we encounter (P3) but not (S0), i.e., @source_mnt.
We can fix this in multiple ways:
(1) By setting @last_source to @source_mnt after we processed the peers
in @dest_mnt's peer group right after the peer loop in
propagate_mnt().
(2) By changing the termination condition that relies on finding exactly
@source_mnt to finding a peer of @source_mnt.
(3) By only moving @last_source when we actually venture into a new peer
group or some clever variant thereof.
The first two options are minimally invasive and what we want as a fix.
The third option is more intrusive but something we'd like to explore in
the near future.
This passes all LTP tests and specifically the mount propagation
testsuite part of it. It also holds up against all known reproducers of
this issues.
Final words.
First, this is a clever but __worringly__ underdocumented algorithm.
There isn't a single detailed comment to be found in next_group(),
propagate_one() or anywhere else in that file for that matter. This has
been a giant pain to understand and work through and a bug like this is
insanely difficult to fix without a detailed understanding of what's
happening. Let's not talk about the amount of time that was sunk into
fixing this.
Second, all the cool kids with access to
unshare --mount --user --map-root --propagation=unchanged
are going to have a lot of fun. IOW, triggerable by unprivileged users
while namespace_lock() lock is held.
[ 115.848393] BUG: kernel NULL pointer dereference, address: 0000000000000010
[ 115.848967] #PF: supervisor read access in kernel mode
[ 115.849386] #PF: error_code(0x0000) - not-present page
[ 115.849803] PGD 0 P4D 0
[ 115.850012] Oops: 0000 [#1] PREEMPT SMP PTI
[ 115.850354] CPU: 0 PID: 15591 Comm: mount Not tainted 6.1.0-rc7 #3
[ 115.850851] Hardware name: innotek GmbH VirtualBox/VirtualBox, BIOS
VirtualBox 12/01/2006
[ 115.851510] RIP: 0010:propagate_one.part.0+0x7f/0x1a0
[ 115.851924] Code: 75 eb 4c 8b 05 c2 25 37 02 4c 89 ca 48 8b 4a 10
49 39 d0 74 1e 48 3b 81 e0 00 00 00 74 26 48 8b 92 e0 00 00 00 be 01
00 00 00 <48> 8b 4a 10 49 39 d0 75 e2 40 84 f6 74 38 4c 89 05 84 25 37
02 4d
[ 115.853441] RSP: 0018:ffffb8d5443d7d50 EFLAGS: 00010282
[ 115.853865] RAX: ffff8e4d87c41c80 RBX: ffff8e4d88ded780 RCX: ffff8e4da4333a00
[ 115.854458] RDX: 0000000000000000 RSI: 0000000000000001 RDI: ffff8e4d88ded780
[ 115.855044] RBP: ffff8e4d88ded780 R08: ffff8e4da4338000 R09: ffff8e4da43388c0
[ 115.855693] R10: 0000000000000002 R11: ffffb8d540158000 R12: ffffb8d5443d7da8
[ 115.856304] R13: ffff8e4d88ded780 R14: 0000000000000000 R15: 0000000000000000
[ 115.856859] FS: 00007f92c90c9800(0000) GS:ffff8e4dfdc00000(0000)
knlGS:0000000000000000
[ 115.857531] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 115.858006] CR2: 0000000000000010 CR3: 0000000022f4c002 CR4: 00000000000706f0
[ 115.858598] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 115.859393] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 115.860099] Call Trace:
[ 115.860358] <TASK>
[ 115.860535] propagate_mnt+0x14d/0x190
[ 115.860848] attach_recursive_mnt+0x274/0x3e0
[ 115.861212] path_mount+0x8c8/0xa60
[ 115.861503] __x64_sys_mount+0xf6/0x140
[ 115.861819] do_syscall_64+0x5b/0x80
[ 115.862117] ? do_faccessat+0x123/0x250
[ 115.862435] ? syscall_exit_to_user_mode+0x17/0x40
[ 115.862826] ? do_syscall_64+0x67/0x80
[ 115.863133] ? syscall_exit_to_user_mode+0x17/0x40
[ 115.863527] ? do_syscall_64+0x67/0x80
[ 115.863835] ? do_syscall_64+0x67/0x80
[ 115.864144] ? do_syscall_64+0x67/0x80
[ 115.864452] ? exc_page_fault+0x70/0x170
[ 115.864775] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 115.865187] RIP: 0033:0x7f92c92b0ebe
[ 115.865480] Code: 48 8b 0d 75 4f 0c 00 f7 d8 64 89 01 48 83 c8 ff
c3 66 2e 0f 1f 84 00 00 00 00 00 90 f3 0f 1e fa 49 89 ca b8 a5 00 00
00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 8b 0d 42 4f 0c 00 f7 d8 64 89
01 48
[ 115.866984] RSP: 002b:00007fff000aa728 EFLAGS: 00000246 ORIG_RAX:
00000000000000a5
[ 115.867607] RAX: ffffffffffffffda RBX: 000055a77888d6b0 RCX: 00007f92c92b0ebe
[ 115.868240] RDX: 000055a77888d8e0 RSI: 000055a77888e6e0 RDI: 000055a77888e620
[ 115.868823] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000001
[ 115.869403] R10: 0000000000001000 R11: 0000000000000246 R12: 000055a77888e620
[ 115.869994] R13: 000055a77888d8e0 R14: 00000000ffffffff R15: 00007f92c93e4076
[ 115.870581] </TASK>
[ 115.870763] Modules linked in: nft_fib_inet nft_fib_ipv4
nft_fib_ipv6 nft_fib nft_reject_inet nf_reject_ipv4 nf_reject_ipv6
nft_reject nft_ct nft_chain_nat nf_nat nf_conntrack nf_defrag_ipv6
nf_defrag_ipv4 ip_set rfkill nf_tables nfnetlink qrtr snd_intel8x0
sunrpc snd_ac97_codec ac97_bus snd_pcm snd_timer intel_rapl_msr
intel_rapl_common snd vboxguest intel_powerclamp video rapl joydev
soundcore i2c_piix4 wmi fuse zram xfs vmwgfx crct10dif_pclmul
crc32_pclmul crc32c_intel polyval_clmulni polyval_generic
drm_ttm_helper ttm e1000 ghash_clmulni_intel serio_raw ata_generic
pata_acpi scsi_dh_rdac scsi_dh_emc scsi_dh_alua dm_multipath
[ 115.875288] CR2: 0000000000000010
[ 115.875641] ---[ end trace 0000000000000000 ]---
[ 115.876135] RIP: 0010:propagate_one.part.0+0x7f/0x1a0
[ 115.876551] Code: 75 eb 4c 8b 05 c2 25 37 02 4c 89 ca 48 8b 4a 10
49 39 d0 74 1e 48 3b 81 e0 00 00 00 74 26 48 8b 92 e0 00 00 00 be 01
00 00 00 <48> 8b 4a 10 49 39 d0 75 e2 40 84 f6 74 38 4c 89 05 84 25 37
02 4d
[ 115.878086] RSP: 0018:ffffb8d5443d7d50 EFLAGS: 00010282
[ 115.878511] RAX: ffff8e4d87c41c80 RBX: ffff8e4d88ded780 RCX: ffff8e4da4333a00
[ 115.879128] RDX: 0000000000000000 RSI: 0000000000000001 RDI: ffff8e4d88ded780
[ 115.879715] RBP: ffff8e4d88ded780 R08: ffff8e4da4338000 R09: ffff8e4da43388c0
[ 115.880359] R10: 0000000000000002 R11: ffffb8d540158000 R12: ffffb8d5443d7da8
[ 115.880962] R13: ffff8e4d88ded780 R14: 0000000000000000 R15: 0000000000000000
[ 115.881548] FS: 00007f92c90c9800(0000) GS:ffff8e4dfdc00000(0000)
knlGS:0000000000000000
[ 115.882234] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 115.882713] CR2: 0000000000000010 CR3: 0000000022f4c002 CR4: 00000000000706f0
[ 115.883314] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 115.883966] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Fixes: f2ebb3a921c1 ("smarter propagate_mnt()")
Fixes: 5ec0811d3037 ("propogate_mnt: Handle the first propogated copy being a slave")
Cc: <stable@vger.kernel.org>
Reported-by: Ditang Chen <ditang.c@gmail.com>
Signed-off-by: Seth Forshee (Digital Ocean) <sforshee@kernel.org>
Signed-off-by: Christian Brauner (Microsoft) <brauner@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
If there are no big objections I'll get this to Linus rather sooner than later.
---
fs/pnode.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/fs/pnode.c
+++ b/fs/pnode.c
@@ -245,7 +245,7 @@ static int propagate_one(struct mount *m
}
do {
struct mount *parent = last_source->mnt_parent;
- if (last_source == first_source)
+ if (peers(last_source, first_source))
break;
done = parent->mnt_master == p;
if (done && peers(n, parent))
^ permalink raw reply [flat|nested] 529+ messages in thread
* [PATCH 4.19 371/521] md: fix a crash in mempool_free
2023-01-16 15:44 [PATCH 4.19 000/521] 4.19.270-rc1 review Greg Kroah-Hartman
` (369 preceding siblings ...)
2023-01-16 15:50 ` [PATCH 4.19 370/521] pnode: terminate at peers of source Greg Kroah-Hartman
@ 2023-01-16 15:50 ` Greg Kroah-Hartman
2023-01-16 15:50 ` [PATCH 4.19 372/521] mmc: vub300: fix warning - do not call blocking ops when !TASK_RUNNING Greg Kroah-Hartman
` (153 subsequent siblings)
524 siblings, 0 replies; 529+ messages in thread
From: Greg Kroah-Hartman @ 2023-01-16 15:50 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Mikulas Patocka, Song Liu
From: Mikulas Patocka <mpatocka@redhat.com>
commit 341097ee53573e06ab9fc675d96a052385b851fa upstream.
There's a crash in mempool_free when running the lvm test
shell/lvchange-rebuild-raid.sh.
The reason for the crash is this:
* super_written calls atomic_dec_and_test(&mddev->pending_writes) and
wake_up(&mddev->sb_wait). Then it calls rdev_dec_pending(rdev, mddev)
and bio_put(bio).
* so, the process that waited on sb_wait and that is woken up is racing
with bio_put(bio).
* if the process wins the race, it calls bioset_exit before bio_put(bio)
is executed.
* bio_put(bio) attempts to free a bio into a destroyed bio set - causing
a crash in mempool_free.
We fix this bug by moving bio_put before atomic_dec_and_test.
We also move rdev_dec_pending before atomic_dec_and_test as suggested by
Neil Brown.
The function md_end_flush has a similar bug - we must call bio_put before
we decrement the number of in-progress bios.
BUG: kernel NULL pointer dereference, address: 0000000000000000
#PF: supervisor write access in kernel mode
#PF: error_code(0x0002) - not-present page
PGD 11557f0067 P4D 11557f0067 PUD 0
Oops: 0002 [#1] PREEMPT SMP
CPU: 0 PID: 73 Comm: kworker/0:1 Not tainted 6.1.0-rc3 #5
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.14.0-2 04/01/2014
Workqueue: kdelayd flush_expired_bios [dm_delay]
RIP: 0010:mempool_free+0x47/0x80
Code: 48 89 ef 5b 5d ff e0 f3 c3 48 89 f7 e8 32 45 3f 00 48 63 53 08 48 89 c6 3b 53 04 7d 2d 48 8b 43 10 8d 4a 01 48 89 df 89 4b 08 <48> 89 2c d0 e8 b0 45 3f 00 48 8d 7b 30 5b 5d 31 c9 ba 01 00 00 00
RSP: 0018:ffff88910036bda8 EFLAGS: 00010093
RAX: 0000000000000000 RBX: ffff8891037b65d8 RCX: 0000000000000001
RDX: 0000000000000000 RSI: 0000000000000202 RDI: ffff8891037b65d8
RBP: ffff8891447ba240 R08: 0000000000012908 R09: 00000000003d0900
R10: 0000000000000000 R11: 0000000000173544 R12: ffff889101a14000
R13: ffff8891562ac300 R14: ffff889102b41440 R15: ffffe8ffffa00d05
FS: 0000000000000000(0000) GS:ffff88942fa00000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000000000000000 CR3: 0000001102e99000 CR4: 00000000000006b0
Call Trace:
<TASK>
clone_endio+0xf4/0x1c0 [dm_mod]
clone_endio+0xf4/0x1c0 [dm_mod]
__submit_bio+0x76/0x120
submit_bio_noacct_nocheck+0xb6/0x2a0
flush_expired_bios+0x28/0x2f [dm_delay]
process_one_work+0x1b4/0x300
worker_thread+0x45/0x3e0
? rescuer_thread+0x380/0x380
kthread+0xc2/0x100
? kthread_complete_and_exit+0x20/0x20
ret_from_fork+0x1f/0x30
</TASK>
Modules linked in: brd dm_delay dm_raid dm_mod af_packet uvesafb cfbfillrect cfbimgblt cn cfbcopyarea fb font fbdev tun autofs4 binfmt_misc configfs ipv6 virtio_rng virtio_balloon rng_core virtio_net pcspkr net_failover failover qemu_fw_cfg button mousedev raid10 raid456 libcrc32c async_raid6_recov async_memcpy async_pq raid6_pq async_xor xor async_tx raid1 raid0 md_mod sd_mod t10_pi crc64_rocksoft crc64 virtio_scsi scsi_mod evdev psmouse bsg scsi_common [last unloaded: brd]
CR2: 0000000000000000
---[ end trace 0000000000000000 ]---
Signed-off-by: Mikulas Patocka <mpatocka@redhat.com>
Cc: stable@vger.kernel.org
Signed-off-by: Song Liu <song@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/md/md.c | 9 ++++++---
1 file changed, 6 insertions(+), 3 deletions(-)
--- a/drivers/md/md.c
+++ b/drivers/md/md.c
@@ -417,13 +417,14 @@ static void md_end_flush(struct bio *bio
struct md_rdev *rdev = bio->bi_private;
struct mddev *mddev = rdev->mddev;
+ bio_put(bio);
+
rdev_dec_pending(rdev, mddev);
if (atomic_dec_and_test(&mddev->flush_pending)) {
/* The pre-request flush has finished */
queue_work(md_wq, &mddev->flush_work);
}
- bio_put(bio);
}
static void md_submit_flush_data(struct work_struct *ws);
@@ -821,10 +822,12 @@ static void super_written(struct bio *bi
} else
clear_bit(LastDev, &rdev->flags);
+ bio_put(bio);
+
+ rdev_dec_pending(rdev, mddev);
+
if (atomic_dec_and_test(&mddev->pending_writes))
wake_up(&mddev->sb_wait);
- rdev_dec_pending(rdev, mddev);
- bio_put(bio);
}
void md_super_write(struct mddev *mddev, struct md_rdev *rdev,
^ permalink raw reply [flat|nested] 529+ messages in thread
* [PATCH 4.19 372/521] mmc: vub300: fix warning - do not call blocking ops when !TASK_RUNNING
2023-01-16 15:44 [PATCH 4.19 000/521] 4.19.270-rc1 review Greg Kroah-Hartman
` (370 preceding siblings ...)
2023-01-16 15:50 ` [PATCH 4.19 371/521] md: fix a crash in mempool_free Greg Kroah-Hartman
@ 2023-01-16 15:50 ` Greg Kroah-Hartman
2023-01-16 15:50 ` [PATCH 4.19 373/521] tpm: tpm_crb: Add the missed acpi_put_table() to fix memory leak Greg Kroah-Hartman
` (152 subsequent siblings)
524 siblings, 0 replies; 529+ messages in thread
From: Greg Kroah-Hartman @ 2023-01-16 15:50 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Deren Wu, Ulf Hansson
From: Deren Wu <deren.wu@mediatek.com>
commit 4a44cd249604e29e7b90ae796d7692f5773dd348 upstream.
vub300_enable_sdio_irq() works with mutex and need TASK_RUNNING here.
Ensure that we mark current as TASK_RUNNING for sleepable context.
[ 77.554641] do not call blocking ops when !TASK_RUNNING; state=1 set at [<ffffffff92a72c1d>] sdio_irq_thread+0x17d/0x5b0
[ 77.554652] WARNING: CPU: 2 PID: 1983 at kernel/sched/core.c:9813 __might_sleep+0x116/0x160
[ 77.554905] CPU: 2 PID: 1983 Comm: ksdioirqd/mmc1 Tainted: G OE 6.1.0-rc5 #1
[ 77.554910] Hardware name: Intel(R) Client Systems NUC8i7BEH/NUC8BEB, BIOS BECFL357.86A.0081.2020.0504.1834 05/04/2020
[ 77.554912] RIP: 0010:__might_sleep+0x116/0x160
[ 77.554920] RSP: 0018:ffff888107b7fdb8 EFLAGS: 00010282
[ 77.554923] RAX: 0000000000000000 RBX: ffff888118c1b740 RCX: 0000000000000000
[ 77.554926] RDX: 0000000000000001 RSI: 0000000000000004 RDI: ffffed1020f6ffa9
[ 77.554928] RBP: ffff888107b7fde0 R08: 0000000000000001 R09: ffffed1043ea60ba
[ 77.554930] R10: ffff88821f5305cb R11: ffffed1043ea60b9 R12: ffffffff93aa3a60
[ 77.554932] R13: 000000000000011b R14: 7fffffffffffffff R15: ffffffffc0558660
[ 77.554934] FS: 0000000000000000(0000) GS:ffff88821f500000(0000) knlGS:0000000000000000
[ 77.554937] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 77.554939] CR2: 00007f8a44010d68 CR3: 000000024421a003 CR4: 00000000003706e0
[ 77.554942] Call Trace:
[ 77.554944] <TASK>
[ 77.554952] mutex_lock+0x78/0xf0
[ 77.554973] vub300_enable_sdio_irq+0x103/0x3c0 [vub300]
[ 77.554981] sdio_irq_thread+0x25c/0x5b0
[ 77.555006] kthread+0x2b8/0x370
[ 77.555017] ret_from_fork+0x1f/0x30
[ 77.555023] </TASK>
[ 77.555025] ---[ end trace 0000000000000000 ]---
Fixes: 88095e7b473a ("mmc: Add new VUB300 USB-to-SD/SDIO/MMC driver")
Signed-off-by: Deren Wu <deren.wu@mediatek.com>
Cc: stable@vger.kernel.org
Link: https://lore.kernel.org/r/87dc45b122d26d63c80532976813c9365d7160b3.1670140888.git.deren.wu@mediatek.com
Signed-off-by: Ulf Hansson <ulf.hansson@linaro.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/mmc/host/vub300.c | 2 ++
1 file changed, 2 insertions(+)
--- a/drivers/mmc/host/vub300.c
+++ b/drivers/mmc/host/vub300.c
@@ -2052,6 +2052,7 @@ static void vub300_enable_sdio_irq(struc
return;
kref_get(&vub300->kref);
if (enable) {
+ set_current_state(TASK_RUNNING);
mutex_lock(&vub300->irq_mutex);
if (vub300->irqs_queued) {
vub300->irqs_queued -= 1;
@@ -2067,6 +2068,7 @@ static void vub300_enable_sdio_irq(struc
vub300_queue_poll_work(vub300, 0);
}
mutex_unlock(&vub300->irq_mutex);
+ set_current_state(TASK_INTERRUPTIBLE);
} else {
vub300->irq_enabled = 0;
}
^ permalink raw reply [flat|nested] 529+ messages in thread
* [PATCH 4.19 373/521] tpm: tpm_crb: Add the missed acpi_put_table() to fix memory leak
2023-01-16 15:44 [PATCH 4.19 000/521] 4.19.270-rc1 review Greg Kroah-Hartman
` (371 preceding siblings ...)
2023-01-16 15:50 ` [PATCH 4.19 372/521] mmc: vub300: fix warning - do not call blocking ops when !TASK_RUNNING Greg Kroah-Hartman
@ 2023-01-16 15:50 ` Greg Kroah-Hartman
2023-01-16 15:50 ` [PATCH 4.19 374/521] tpm: tpm_tis: " Greg Kroah-Hartman
` (151 subsequent siblings)
524 siblings, 0 replies; 529+ messages in thread
From: Greg Kroah-Hartman @ 2023-01-16 15:50 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Hanjun Guo, Jarkko Sakkinen
From: Hanjun Guo <guohanjun@huawei.com>
commit 37e90c374dd11cf4919c51e847c6d6ced0abc555 upstream.
In crb_acpi_add(), we get the TPM2 table to retrieve information
like start method, and then assign them to the priv data, so the
TPM2 table is not used after the init, should be freed, call
acpi_put_table() to fix the memory leak.
Fixes: 30fc8d138e91 ("tpm: TPM 2.0 CRB Interface")
Cc: stable@vger.kernel.org
Signed-off-by: Hanjun Guo <guohanjun@huawei.com>
Reviewed-by: Jarkko Sakkinen <jarkko@kernel.org>
Signed-off-by: Jarkko Sakkinen <jarkko@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/char/tpm/tpm_crb.c | 29 ++++++++++++++++++++---------
1 file changed, 20 insertions(+), 9 deletions(-)
--- a/drivers/char/tpm/tpm_crb.c
+++ b/drivers/char/tpm/tpm_crb.c
@@ -680,12 +680,16 @@ static int crb_acpi_add(struct acpi_devi
/* Should the FIFO driver handle this? */
sm = buf->start_method;
- if (sm == ACPI_TPM2_MEMORY_MAPPED)
- return -ENODEV;
+ if (sm == ACPI_TPM2_MEMORY_MAPPED) {
+ rc = -ENODEV;
+ goto out;
+ }
priv = devm_kzalloc(dev, sizeof(struct crb_priv), GFP_KERNEL);
- if (!priv)
- return -ENOMEM;
+ if (!priv) {
+ rc = -ENOMEM;
+ goto out;
+ }
if (sm == ACPI_TPM2_COMMAND_BUFFER_WITH_ARM_SMC) {
if (buf->header.length < (sizeof(*buf) + sizeof(*crb_smc))) {
@@ -693,7 +697,8 @@ static int crb_acpi_add(struct acpi_devi
FW_BUG "TPM2 ACPI table has wrong size %u for start method type %d\n",
buf->header.length,
ACPI_TPM2_COMMAND_BUFFER_WITH_ARM_SMC);
- return -EINVAL;
+ rc = -EINVAL;
+ goto out;
}
crb_smc = ACPI_ADD_PTR(struct tpm2_crb_smc, buf, sizeof(*buf));
priv->smc_func_id = crb_smc->smc_func_id;
@@ -704,17 +709,23 @@ static int crb_acpi_add(struct acpi_devi
rc = crb_map_io(device, priv, buf);
if (rc)
- return rc;
+ goto out;
chip = tpmm_chip_alloc(dev, &tpm_crb);
- if (IS_ERR(chip))
- return PTR_ERR(chip);
+ if (IS_ERR(chip)) {
+ rc = PTR_ERR(chip);
+ goto out;
+ }
dev_set_drvdata(&chip->dev, priv);
chip->acpi_dev_handle = device->handle;
chip->flags = TPM_CHIP_FLAG_TPM2;
- return tpm_chip_register(chip);
+ rc = tpm_chip_register(chip);
+
+out:
+ acpi_put_table((struct acpi_table_header *)buf);
+ return rc;
}
static int crb_acpi_remove(struct acpi_device *device)
^ permalink raw reply [flat|nested] 529+ messages in thread
* [PATCH 4.19 374/521] tpm: tpm_tis: Add the missed acpi_put_table() to fix memory leak
2023-01-16 15:44 [PATCH 4.19 000/521] 4.19.270-rc1 review Greg Kroah-Hartman
` (372 preceding siblings ...)
2023-01-16 15:50 ` [PATCH 4.19 373/521] tpm: tpm_crb: Add the missed acpi_put_table() to fix memory leak Greg Kroah-Hartman
@ 2023-01-16 15:50 ` Greg Kroah-Hartman
2023-01-16 15:50 ` [PATCH 4.19 375/521] SUNRPC: Dont leak netobj memory when gss_read_proxy_verf() fails Greg Kroah-Hartman
` (150 subsequent siblings)
524 siblings, 0 replies; 529+ messages in thread
From: Greg Kroah-Hartman @ 2023-01-16 15:50 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Hanjun Guo, Jarkko Sakkinen
From: Hanjun Guo <guohanjun@huawei.com>
commit db9622f762104459ff87ecdf885cc42c18053fd9 upstream.
In check_acpi_tpm2(), we get the TPM2 table just to make
sure the table is there, not used after the init, so the
acpi_put_table() should be added to release the ACPI memory.
Fixes: 4cb586a188d4 ("tpm_tis: Consolidate the platform and acpi probe flow")
Cc: stable@vger.kernel.org
Signed-off-by: Hanjun Guo <guohanjun@huawei.com>
Signed-off-by: Jarkko Sakkinen <jarkko@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/char/tpm/tpm_tis.c | 9 +++++----
1 file changed, 5 insertions(+), 4 deletions(-)
--- a/drivers/char/tpm/tpm_tis.c
+++ b/drivers/char/tpm/tpm_tis.c
@@ -129,6 +129,7 @@ static int check_acpi_tpm2(struct device
const struct acpi_device_id *aid = acpi_match_device(tpm_acpi_tbl, dev);
struct acpi_table_tpm2 *tbl;
acpi_status st;
+ int ret = 0;
if (!aid || aid->driver_data != DEVICE_IS_TPM2)
return 0;
@@ -136,8 +137,7 @@ static int check_acpi_tpm2(struct device
/* If the ACPI TPM2 signature is matched then a global ACPI_SIG_TPM2
* table is mandatory
*/
- st =
- acpi_get_table(ACPI_SIG_TPM2, 1, (struct acpi_table_header **)&tbl);
+ st = acpi_get_table(ACPI_SIG_TPM2, 1, (struct acpi_table_header **)&tbl);
if (ACPI_FAILURE(st) || tbl->header.length < sizeof(*tbl)) {
dev_err(dev, FW_BUG "failed to get TPM2 ACPI table\n");
return -EINVAL;
@@ -145,9 +145,10 @@ static int check_acpi_tpm2(struct device
/* The tpm2_crb driver handles this device */
if (tbl->start_method != ACPI_TPM2_MEMORY_MAPPED)
- return -ENODEV;
+ ret = -ENODEV;
- return 0;
+ acpi_put_table((struct acpi_table_header *)tbl);
+ return ret;
}
#else
static int check_acpi_tpm2(struct device *dev)
^ permalink raw reply [flat|nested] 529+ messages in thread
* [PATCH 4.19 375/521] SUNRPC: Dont leak netobj memory when gss_read_proxy_verf() fails
2023-01-16 15:44 [PATCH 4.19 000/521] 4.19.270-rc1 review Greg Kroah-Hartman
` (373 preceding siblings ...)
2023-01-16 15:50 ` [PATCH 4.19 374/521] tpm: tpm_tis: " Greg Kroah-Hartman
@ 2023-01-16 15:50 ` Greg Kroah-Hartman
2023-01-16 15:50 ` [PATCH 4.19 376/521] media: stv0288: use explicitly signed char Greg Kroah-Hartman
` (149 subsequent siblings)
524 siblings, 0 replies; 529+ messages in thread
From: Greg Kroah-Hartman @ 2023-01-16 15:50 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Chuck Lever, Jeff Layton
From: Chuck Lever <chuck.lever@oracle.com>
commit da522b5fe1a5f8b7c20a0023e87b52a150e53bf5 upstream.
Fixes: 030d794bf498 ("SUNRPC: Use gssproxy upcall for server RPCGSS authentication.")
Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
Cc: <stable@vger.kernel.org>
Reviewed-by: Jeff Layton <jlayton@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
net/sunrpc/auth_gss/svcauth_gss.c | 9 +++++++--
1 file changed, 7 insertions(+), 2 deletions(-)
--- a/net/sunrpc/auth_gss/svcauth_gss.c
+++ b/net/sunrpc/auth_gss/svcauth_gss.c
@@ -1088,18 +1088,23 @@ static int gss_read_proxy_verf(struct sv
return res;
inlen = svc_getnl(argv);
- if (inlen > (argv->iov_len + rqstp->rq_arg.page_len))
+ if (inlen > (argv->iov_len + rqstp->rq_arg.page_len)) {
+ kfree(in_handle->data);
return SVC_DENIED;
+ }
pages = DIV_ROUND_UP(inlen, PAGE_SIZE);
in_token->pages = kcalloc(pages, sizeof(struct page *), GFP_KERNEL);
- if (!in_token->pages)
+ if (!in_token->pages) {
+ kfree(in_handle->data);
return SVC_DENIED;
+ }
in_token->page_base = 0;
in_token->page_len = inlen;
for (i = 0; i < pages; i++) {
in_token->pages[i] = alloc_page(GFP_KERNEL);
if (!in_token->pages[i]) {
+ kfree(in_handle->data);
gss_free_in_token_pages(in_token);
return SVC_DENIED;
}
^ permalink raw reply [flat|nested] 529+ messages in thread
* [PATCH 4.19 376/521] media: stv0288: use explicitly signed char
2023-01-16 15:44 [PATCH 4.19 000/521] 4.19.270-rc1 review Greg Kroah-Hartman
` (374 preceding siblings ...)
2023-01-16 15:50 ` [PATCH 4.19 375/521] SUNRPC: Dont leak netobj memory when gss_read_proxy_verf() fails Greg Kroah-Hartman
@ 2023-01-16 15:50 ` Greg Kroah-Hartman
2023-01-16 15:50 ` [PATCH 4.19 377/521] soc: qcom: Select REMAP_MMIO for LLCC driver Greg Kroah-Hartman
` (148 subsequent siblings)
524 siblings, 0 replies; 529+ messages in thread
From: Greg Kroah-Hartman @ 2023-01-16 15:50 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Mauro Carvalho Chehab, linux-media,
Jason A. Donenfeld
From: Jason A. Donenfeld <Jason@zx2c4.com>
commit 7392134428c92a4cb541bd5c8f4f5c8d2e88364d upstream.
With char becoming unsigned by default, and with `char` alone being
ambiguous and based on architecture, signed chars need to be marked
explicitly as such. Use `s8` and `u8` types here, since that's what
surrounding code does. This fixes:
drivers/media/dvb-frontends/stv0288.c:471 stv0288_set_frontend() warn: assigning (-9) to unsigned variable 'tm'
drivers/media/dvb-frontends/stv0288.c:471 stv0288_set_frontend() warn: we never enter this loop
Cc: Mauro Carvalho Chehab <mchehab@kernel.org>
Cc: linux-media@vger.kernel.org
Cc: stable@vger.kernel.org
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/media/dvb-frontends/stv0288.c | 5 ++---
1 file changed, 2 insertions(+), 3 deletions(-)
--- a/drivers/media/dvb-frontends/stv0288.c
+++ b/drivers/media/dvb-frontends/stv0288.c
@@ -452,9 +452,8 @@ static int stv0288_set_frontend(struct d
struct stv0288_state *state = fe->demodulator_priv;
struct dtv_frontend_properties *c = &fe->dtv_property_cache;
- char tm;
- unsigned char tda[3];
- u8 reg, time_out = 0;
+ u8 tda[3], reg, time_out = 0;
+ s8 tm;
dprintk("%s : FE_SET_FRONTEND\n", __func__);
^ permalink raw reply [flat|nested] 529+ messages in thread
* [PATCH 4.19 377/521] soc: qcom: Select REMAP_MMIO for LLCC driver
2023-01-16 15:44 [PATCH 4.19 000/521] 4.19.270-rc1 review Greg Kroah-Hartman
` (375 preceding siblings ...)
2023-01-16 15:50 ` [PATCH 4.19 376/521] media: stv0288: use explicitly signed char Greg Kroah-Hartman
@ 2023-01-16 15:50 ` Greg Kroah-Hartman
2023-01-16 15:50 ` [PATCH 4.19 378/521] ktest.pl minconfig: Unset configs instead of just removing them Greg Kroah-Hartman
` (147 subsequent siblings)
524 siblings, 0 replies; 529+ messages in thread
From: Greg Kroah-Hartman @ 2023-01-16 15:50 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Borislav Petkov,
Manivannan Sadhasivam, Bjorn Andersson
From: Manivannan Sadhasivam <manivannan.sadhasivam@linaro.org>
commit 5d2fe2d7b616b8baa18348ead857b504fc2de336 upstream.
LLCC driver uses REGMAP_MMIO for accessing the hardware registers. So
select the dependency in Kconfig. Without this, there will be errors
while building the driver with COMPILE_TEST only:
ERROR: modpost: "__devm_regmap_init_mmio_clk" [drivers/soc/qcom/llcc-qcom.ko] undefined!
make[1]: *** [scripts/Makefile.modpost:126: Module.symvers] Error 1
make: *** [Makefile:1944: modpost] Error 2
Cc: <stable@vger.kernel.org> # 4.19
Fixes: a3134fb09e0b ("drivers: soc: Add LLCC driver")
Reported-by: Borislav Petkov <bp@alien8.de>
Signed-off-by: Manivannan Sadhasivam <manivannan.sadhasivam@linaro.org>
Signed-off-by: Bjorn Andersson <andersson@kernel.org>
Link: https://lore.kernel.org/r/20221129071201.30024-2-manivannan.sadhasivam@linaro.org
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/soc/qcom/Kconfig | 1 +
1 file changed, 1 insertion(+)
--- a/drivers/soc/qcom/Kconfig
+++ b/drivers/soc/qcom/Kconfig
@@ -16,6 +16,7 @@ config QCOM_COMMAND_DB
config QCOM_GENI_SE
tristate "QCOM GENI Serial Engine Driver"
depends on ARCH_QCOM || COMPILE_TEST
+ select REGMAP_MMIO
help
This driver is used to manage Generic Interface (GENI) firmware based
Qualcomm Technologies, Inc. Universal Peripheral (QUP) Wrapper. This
^ permalink raw reply [flat|nested] 529+ messages in thread
* [PATCH 4.19 378/521] ktest.pl minconfig: Unset configs instead of just removing them
2023-01-16 15:44 [PATCH 4.19 000/521] 4.19.270-rc1 review Greg Kroah-Hartman
` (376 preceding siblings ...)
2023-01-16 15:50 ` [PATCH 4.19 377/521] soc: qcom: Select REMAP_MMIO for LLCC driver Greg Kroah-Hartman
@ 2023-01-16 15:50 ` Greg Kroah-Hartman
2023-01-16 15:50 ` [PATCH 4.19 379/521] ARM: ux500: do not directly dereference __iomem Greg Kroah-Hartman
` (146 subsequent siblings)
524 siblings, 0 replies; 529+ messages in thread
From: Greg Kroah-Hartman @ 2023-01-16 15:50 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, John Warthog9 Hawley (VMware),
Steven Rostedt (Google)
From: Steven Rostedt <rostedt@goodmis.org>
commit ef784eebb56425eed6e9b16e7d47e5c00dcf9c38 upstream.
After a full run of a make_min_config test, I noticed there were a lot of
CONFIGs still enabled that really should not be. Looking at them, I
noticed they were all defined as "default y". The issue is that the test
simple removes the config and re-runs make oldconfig, which enables it
again because it is set to default 'y'. Instead, explicitly disable the
config with writing "# CONFIG_FOO is not set" to the file to keep it from
being set again.
With this change, one of my box's minconfigs went from 768 configs set,
down to 521 configs set.
Link: https://lkml.kernel.org/r/20221202115936.016fce23@gandalf.local.home
Cc: stable@vger.kernel.org
Fixes: 0a05c769a9de5 ("ktest: Added config_bisect test type")
Reviewed-by: John 'Warthog9' Hawley (VMware) <warthog9@eaglescrag.net>
Signed-off-by: Steven Rostedt (Google) <rostedt@goodmis.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
tools/testing/ktest/ktest.pl | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
--- a/tools/testing/ktest/ktest.pl
+++ b/tools/testing/ktest/ktest.pl
@@ -3706,9 +3706,10 @@ sub test_this_config {
# .config to make sure it is missing the config that
# we had before
my %configs = %min_configs;
- delete $configs{$config};
+ $configs{$config} = "# $config is not set";
make_new_config ((values %configs), (values %keep_configs));
make_oldconfig;
+ delete $configs{$config};
undef %configs;
assign_configs \%configs, $output_config;
^ permalink raw reply [flat|nested] 529+ messages in thread
* [PATCH 4.19 379/521] ARM: ux500: do not directly dereference __iomem
2023-01-16 15:44 [PATCH 4.19 000/521] 4.19.270-rc1 review Greg Kroah-Hartman
` (377 preceding siblings ...)
2023-01-16 15:50 ` [PATCH 4.19 378/521] ktest.pl minconfig: Unset configs instead of just removing them Greg Kroah-Hartman
@ 2023-01-16 15:50 ` Greg Kroah-Hartman
2023-01-16 15:50 ` [PATCH 4.19 380/521] selftests: Use optional USERCFLAGS and USERLDFLAGS Greg Kroah-Hartman
` (145 subsequent siblings)
524 siblings, 0 replies; 529+ messages in thread
From: Greg Kroah-Hartman @ 2023-01-16 15:50 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Linus Walleij, kernel test robot,
Jason A. Donenfeld
From: Jason A. Donenfeld <Jason@zx2c4.com>
commit 65b0e307a1a9193571db12910f382f84195a3d29 upstream.
Sparse reports that calling add_device_randomness() on `uid` is a
violation of address spaces. And indeed the next usage uses readl()
properly, but that was left out when passing it toadd_device_
randomness(). So instead copy the whole thing to the stack first.
Fixes: 4040d10a3d44 ("ARM: ux500: add DB serial number to entropy pool")
Cc: Linus Walleij <linus.walleij@linaro.org>
Cc: stable@vger.kernel.org
Link: https://lore.kernel.org/all/202210230819.loF90KDh-lkp@intel.com/
Reported-by: kernel test robot <lkp@intel.com>
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
Link: https://lore.kernel.org/r/20221108123755.207438-1-Jason@zx2c4.com
Signed-off-by: Linus Walleij <linus.walleij@linaro.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/soc/ux500/ux500-soc-id.c | 10 ++++------
1 file changed, 4 insertions(+), 6 deletions(-)
--- a/drivers/soc/ux500/ux500-soc-id.c
+++ b/drivers/soc/ux500/ux500-soc-id.c
@@ -159,20 +159,18 @@ static ssize_t ux500_get_process(struct
static const char *db8500_read_soc_id(struct device_node *backupram)
{
void __iomem *base;
- void __iomem *uid;
const char *retstr;
+ u32 uid[5];
base = of_iomap(backupram, 0);
if (!base)
return NULL;
- uid = base + 0x1fc0;
+ memcpy_fromio(uid, base + 0x1fc0, sizeof(uid));
/* Throw these device-specific numbers into the entropy pool */
- add_device_randomness(uid, 0x14);
+ add_device_randomness(uid, sizeof(uid));
retstr = kasprintf(GFP_KERNEL, "%08x%08x%08x%08x%08x",
- readl((u32 *)uid+0),
- readl((u32 *)uid+1), readl((u32 *)uid+2),
- readl((u32 *)uid+3), readl((u32 *)uid+4));
+ uid[0], uid[1], uid[2], uid[3], uid[4]);
iounmap(base);
return retstr;
}
^ permalink raw reply [flat|nested] 529+ messages in thread
* [PATCH 4.19 380/521] selftests: Use optional USERCFLAGS and USERLDFLAGS
2023-01-16 15:44 [PATCH 4.19 000/521] 4.19.270-rc1 review Greg Kroah-Hartman
` (378 preceding siblings ...)
2023-01-16 15:50 ` [PATCH 4.19 379/521] ARM: ux500: do not directly dereference __iomem Greg Kroah-Hartman
@ 2023-01-16 15:50 ` Greg Kroah-Hartman
2023-01-16 15:50 ` [PATCH 4.19 381/521] binfmt: Move install_exec_creds after setup_new_exec to match binfmt_elf Greg Kroah-Hartman
` (144 subsequent siblings)
524 siblings, 0 replies; 529+ messages in thread
From: Greg Kroah-Hartman @ 2023-01-16 15:50 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Shuah Khan, Mickaël Salaün
From: Mickaël Salaün <mic@digikod.net>
commit de3ee3f63400a23954e7c1ad1cb8c20f29ab6fe3 upstream.
This change enables to extend CFLAGS and LDFLAGS from command line, e.g.
to extend compiler checks: make USERCFLAGS=-Werror USERLDFLAGS=-static
USERCFLAGS and USERLDFLAGS are documented in
Documentation/kbuild/makefiles.rst and Documentation/kbuild/kbuild.rst
This should be backported (down to 5.10) to improve previous kernel
versions testing as well.
Cc: Shuah Khan <skhan@linuxfoundation.org>
Cc: stable@vger.kernel.org
Signed-off-by: Mickaël Salaün <mic@digikod.net>
Link: https://lore.kernel.org/r/20220909103901.1503436-1-mic@digikod.net
Signed-off-by: Shuah Khan <skhan@linuxfoundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
tools/testing/selftests/lib.mk | 5 +++++
1 file changed, 5 insertions(+)
--- a/tools/testing/selftests/lib.mk
+++ b/tools/testing/selftests/lib.mk
@@ -144,6 +144,11 @@ endef
clean:
$(CLEAN)
+# Enables to extend CFLAGS and LDFLAGS from command line, e.g.
+# make USERCFLAGS=-Werror USERLDFLAGS=-static
+CFLAGS += $(USERCFLAGS)
+LDFLAGS += $(USERLDFLAGS)
+
# When make O= with kselftest target from main level
# the following aren't defined.
#
^ permalink raw reply [flat|nested] 529+ messages in thread
* [PATCH 4.19 381/521] binfmt: Move install_exec_creds after setup_new_exec to match binfmt_elf
2023-01-16 15:44 [PATCH 4.19 000/521] 4.19.270-rc1 review Greg Kroah-Hartman
` (379 preceding siblings ...)
2023-01-16 15:50 ` [PATCH 4.19 380/521] selftests: Use optional USERCFLAGS and USERLDFLAGS Greg Kroah-Hartman
@ 2023-01-16 15:50 ` Greg Kroah-Hartman
2023-01-16 15:50 ` [PATCH 4.19 382/521] binfmt: Fix error return code in load_elf_fdpic_binary() Greg Kroah-Hartman
` (143 subsequent siblings)
524 siblings, 0 replies; 529+ messages in thread
From: Greg Kroah-Hartman @ 2023-01-16 15:50 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Greg Ungerer, Kees Cook,
Eric W. Biederman, Sasha Levin
From: Eric W. Biederman <ebiederm@xmission.com>
[ Upstream commit e7f7785449a1f459a4a3ca92f82f56fb054dd2b9 ]
In 2016 Linus moved install_exec_creds immediately after
setup_new_exec, in binfmt_elf as a cleanup and as part of closing a
potential information leak.
Perform the same cleanup for the other binary formats.
Different binary formats doing the same things the same way makes exec
easier to reason about and easier to maintain.
Greg Ungerer reports:
> I tested the the whole series on non-MMU m68k and non-MMU arm
> (exercising binfmt_flat) and it all tested out with no problems,
> so for the binfmt_flat changes:
Tested-by: Greg Ungerer <gerg@linux-m68k.org>
Ref: 9f834ec18def ("binfmt_elf: switch to new creds when switching to new mm")
Reviewed-by: Kees Cook <keescook@chromium.org>
Reviewed-by: Greg Ungerer <gerg@linux-m68k.org>
Signed-off-by: "Eric W. Biederman" <ebiederm@xmission.com>
Stable-dep-of: e7f703ff2507 ("binfmt: Fix error return code in load_elf_fdpic_binary()")
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/x86/ia32/ia32_aout.c | 3 +--
fs/binfmt_aout.c | 2 +-
fs/binfmt_elf_fdpic.c | 2 +-
fs/binfmt_flat.c | 3 +--
4 files changed, 4 insertions(+), 6 deletions(-)
diff --git a/arch/x86/ia32/ia32_aout.c b/arch/x86/ia32/ia32_aout.c
index 3ebd77770f98..4cfda3cfae7f 100644
--- a/arch/x86/ia32/ia32_aout.c
+++ b/arch/x86/ia32/ia32_aout.c
@@ -298,6 +298,7 @@ static int load_aout_binary(struct linux_binprm *bprm)
set_personality_ia32(false);
setup_new_exec(bprm);
+ install_exec_creds(bprm);
regs->cs = __USER32_CS;
regs->r8 = regs->r9 = regs->r10 = regs->r11 = regs->r12 =
@@ -314,8 +315,6 @@ static int load_aout_binary(struct linux_binprm *bprm)
if (retval < 0)
return retval;
- install_exec_creds(bprm);
-
if (N_MAGIC(ex) == OMAGIC) {
unsigned long text_addr, map_size;
diff --git a/fs/binfmt_aout.c b/fs/binfmt_aout.c
index c3deb2e35f20..e7a9e8b56e71 100644
--- a/fs/binfmt_aout.c
+++ b/fs/binfmt_aout.c
@@ -244,6 +244,7 @@ static int load_aout_binary(struct linux_binprm * bprm)
set_personality(PER_LINUX);
#endif
setup_new_exec(bprm);
+ install_exec_creds(bprm);
current->mm->end_code = ex.a_text +
(current->mm->start_code = N_TXTADDR(ex));
@@ -256,7 +257,6 @@ static int load_aout_binary(struct linux_binprm * bprm)
if (retval < 0)
return retval;
- install_exec_creds(bprm);
if (N_MAGIC(ex) == OMAGIC) {
unsigned long text_addr, map_size;
diff --git a/fs/binfmt_elf_fdpic.c b/fs/binfmt_elf_fdpic.c
index b53bb3729ac1..60896c16f103 100644
--- a/fs/binfmt_elf_fdpic.c
+++ b/fs/binfmt_elf_fdpic.c
@@ -357,6 +357,7 @@ static int load_elf_fdpic_binary(struct linux_binprm *bprm)
current->personality |= READ_IMPLIES_EXEC;
setup_new_exec(bprm);
+ install_exec_creds(bprm);
set_binfmt(&elf_fdpic_format);
@@ -438,7 +439,6 @@ static int load_elf_fdpic_binary(struct linux_binprm *bprm)
current->mm->start_stack = current->mm->start_brk + stack_size;
#endif
- install_exec_creds(bprm);
if (create_elf_fdpic_tables(bprm, current->mm,
&exec_params, &interp_params) < 0)
goto error;
diff --git a/fs/binfmt_flat.c b/fs/binfmt_flat.c
index a6f97d86fb80..a909743b1a0e 100644
--- a/fs/binfmt_flat.c
+++ b/fs/binfmt_flat.c
@@ -541,6 +541,7 @@ static int load_flat_file(struct linux_binprm *bprm,
/* OK, This is the point of no return */
set_personality(PER_LINUX_32BIT);
setup_new_exec(bprm);
+ install_exec_creds(bprm);
}
/*
@@ -965,8 +966,6 @@ static int load_flat_binary(struct linux_binprm *bprm)
}
}
- install_exec_creds(bprm);
-
set_binfmt(&flat_format);
#ifdef CONFIG_MMU
--
2.35.1
^ permalink raw reply related [flat|nested] 529+ messages in thread
* [PATCH 4.19 382/521] binfmt: Fix error return code in load_elf_fdpic_binary()
2023-01-16 15:44 [PATCH 4.19 000/521] 4.19.270-rc1 review Greg Kroah-Hartman
` (380 preceding siblings ...)
2023-01-16 15:50 ` [PATCH 4.19 381/521] binfmt: Move install_exec_creds after setup_new_exec to match binfmt_elf Greg Kroah-Hartman
@ 2023-01-16 15:50 ` Greg Kroah-Hartman
2023-01-16 15:50 ` [PATCH 4.19 383/521] dm cache: Fix ABBA deadlock between shrink_slab and dm_cache_metadata_abort Greg Kroah-Hartman
` (142 subsequent siblings)
524 siblings, 0 replies; 529+ messages in thread
From: Greg Kroah-Hartman @ 2023-01-16 15:50 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Wang Yufen, Kees Cook, Sasha Levin
From: Wang Yufen <wangyufen@huawei.com>
[ Upstream commit e7f703ff2507f4e9f496da96cd4b78fd3026120c ]
Fix to return a negative error code from create_elf_fdpic_tables()
instead of 0.
Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2")
Cc: stable@vger.kernel.org
Signed-off-by: Wang Yufen <wangyufen@huawei.com>
Signed-off-by: Kees Cook <keescook@chromium.org>
Link: https://lore.kernel.org/r/1669945261-30271-1-git-send-email-wangyufen@huawei.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
fs/binfmt_elf_fdpic.c | 5 +++--
1 file changed, 3 insertions(+), 2 deletions(-)
diff --git a/fs/binfmt_elf_fdpic.c b/fs/binfmt_elf_fdpic.c
index 60896c16f103..64d0b838085d 100644
--- a/fs/binfmt_elf_fdpic.c
+++ b/fs/binfmt_elf_fdpic.c
@@ -439,8 +439,9 @@ static int load_elf_fdpic_binary(struct linux_binprm *bprm)
current->mm->start_stack = current->mm->start_brk + stack_size;
#endif
- if (create_elf_fdpic_tables(bprm, current->mm,
- &exec_params, &interp_params) < 0)
+ retval = create_elf_fdpic_tables(bprm, current->mm, &exec_params,
+ &interp_params);
+ if (retval < 0)
goto error;
kdebug("- start_code %lx", current->mm->start_code);
--
2.35.1
^ permalink raw reply related [flat|nested] 529+ messages in thread
* [PATCH 4.19 383/521] dm cache: Fix ABBA deadlock between shrink_slab and dm_cache_metadata_abort
2023-01-16 15:44 [PATCH 4.19 000/521] 4.19.270-rc1 review Greg Kroah-Hartman
` (381 preceding siblings ...)
2023-01-16 15:50 ` [PATCH 4.19 382/521] binfmt: Fix error return code in load_elf_fdpic_binary() Greg Kroah-Hartman
@ 2023-01-16 15:50 ` Greg Kroah-Hartman
2023-01-16 15:50 ` [PATCH 4.19 384/521] dm thin: Use last transactions pmd->root when commit failed Greg Kroah-Hartman
` (141 subsequent siblings)
524 siblings, 0 replies; 529+ messages in thread
From: Greg Kroah-Hartman @ 2023-01-16 15:50 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Zhihao Cheng, Mike Snitzer
From: Mike Snitzer <snitzer@kernel.org>
commit 352b837a5541690d4f843819028cf2b8be83d424 upstream.
Same ABBA deadlock pattern fixed in commit 4b60f452ec51 ("dm thin: Fix
ABBA deadlock between shrink_slab and dm_pool_abort_metadata") to
DM-cache's metadata.
Reported-by: Zhihao Cheng <chengzhihao1@huawei.com>
Cc: stable@vger.kernel.org
Fixes: 028ae9f76f29 ("dm cache: add fail io mode and needs_check flag")
Signed-off-by: Mike Snitzer <snitzer@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/md/dm-cache-metadata.c | 54 +++++++++++++++++++++++++++++++++++------
1 file changed, 47 insertions(+), 7 deletions(-)
--- a/drivers/md/dm-cache-metadata.c
+++ b/drivers/md/dm-cache-metadata.c
@@ -551,11 +551,13 @@ static int __create_persistent_data_obje
return r;
}
-static void __destroy_persistent_data_objects(struct dm_cache_metadata *cmd)
+static void __destroy_persistent_data_objects(struct dm_cache_metadata *cmd,
+ bool destroy_bm)
{
dm_sm_destroy(cmd->metadata_sm);
dm_tm_destroy(cmd->tm);
- dm_block_manager_destroy(cmd->bm);
+ if (destroy_bm)
+ dm_block_manager_destroy(cmd->bm);
}
typedef unsigned long (*flags_mutator)(unsigned long);
@@ -826,7 +828,7 @@ static struct dm_cache_metadata *lookup_
cmd2 = lookup(bdev);
if (cmd2) {
mutex_unlock(&table_lock);
- __destroy_persistent_data_objects(cmd);
+ __destroy_persistent_data_objects(cmd, true);
kfree(cmd);
return cmd2;
}
@@ -874,7 +876,7 @@ void dm_cache_metadata_close(struct dm_c
mutex_unlock(&table_lock);
if (!cmd->fail_io)
- __destroy_persistent_data_objects(cmd);
+ __destroy_persistent_data_objects(cmd, true);
kfree(cmd);
}
}
@@ -1808,14 +1810,52 @@ int dm_cache_metadata_needs_check(struct
int dm_cache_metadata_abort(struct dm_cache_metadata *cmd)
{
- int r;
+ int r = -EINVAL;
+ struct dm_block_manager *old_bm = NULL, *new_bm = NULL;
+
+ /* fail_io is double-checked with cmd->root_lock held below */
+ if (unlikely(cmd->fail_io))
+ return r;
+
+ /*
+ * Replacement block manager (new_bm) is created and old_bm destroyed outside of
+ * cmd root_lock to avoid ABBA deadlock that would result (due to life-cycle of
+ * shrinker associated with the block manager's bufio client vs cmd root_lock).
+ * - must take shrinker_rwsem without holding cmd->root_lock
+ */
+ new_bm = dm_block_manager_create(cmd->bdev, DM_CACHE_METADATA_BLOCK_SIZE << SECTOR_SHIFT,
+ CACHE_MAX_CONCURRENT_LOCKS);
WRITE_LOCK(cmd);
- __destroy_persistent_data_objects(cmd);
- r = __create_persistent_data_objects(cmd, false);
+ if (cmd->fail_io) {
+ WRITE_UNLOCK(cmd);
+ goto out;
+ }
+
+ __destroy_persistent_data_objects(cmd, false);
+ old_bm = cmd->bm;
+ if (IS_ERR(new_bm)) {
+ DMERR("could not create block manager during abort");
+ cmd->bm = NULL;
+ r = PTR_ERR(new_bm);
+ goto out_unlock;
+ }
+
+ cmd->bm = new_bm;
+ r = __open_or_format_metadata(cmd, false);
+ if (r) {
+ cmd->bm = NULL;
+ goto out_unlock;
+ }
+ new_bm = NULL;
+out_unlock:
if (r)
cmd->fail_io = true;
WRITE_UNLOCK(cmd);
+ dm_block_manager_destroy(old_bm);
+out:
+ if (new_bm && !IS_ERR(new_bm))
+ dm_block_manager_destroy(new_bm);
return r;
}
^ permalink raw reply [flat|nested] 529+ messages in thread
* [PATCH 4.19 384/521] dm thin: Use last transactions pmd->root when commit failed
2023-01-16 15:44 [PATCH 4.19 000/521] 4.19.270-rc1 review Greg Kroah-Hartman
` (382 preceding siblings ...)
2023-01-16 15:50 ` [PATCH 4.19 383/521] dm cache: Fix ABBA deadlock between shrink_slab and dm_cache_metadata_abort Greg Kroah-Hartman
@ 2023-01-16 15:50 ` Greg Kroah-Hartman
2023-01-16 15:50 ` [PATCH 4.19 385/521] dm thin: Fix UAF in run_timer_softirq() Greg Kroah-Hartman
` (140 subsequent siblings)
524 siblings, 0 replies; 529+ messages in thread
From: Greg Kroah-Hartman @ 2023-01-16 15:50 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Zhihao Cheng, Joe Thornber, Mike Snitzer
From: Zhihao Cheng <chengzhihao1@huawei.com>
commit 7991dbff6849f67e823b7cc0c15e5a90b0549b9f upstream.
Recently we found a softlock up problem in dm thin pool btree lookup
code due to corrupted metadata:
Kernel panic - not syncing: softlockup: hung tasks
CPU: 7 PID: 2669225 Comm: kworker/u16:3
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996)
Workqueue: dm-thin do_worker [dm_thin_pool]
Call Trace:
<IRQ>
dump_stack+0x9c/0xd3
panic+0x35d/0x6b9
watchdog_timer_fn.cold+0x16/0x25
__run_hrtimer+0xa2/0x2d0
</IRQ>
RIP: 0010:__relink_lru+0x102/0x220 [dm_bufio]
__bufio_new+0x11f/0x4f0 [dm_bufio]
new_read+0xa3/0x1e0 [dm_bufio]
dm_bm_read_lock+0x33/0xd0 [dm_persistent_data]
ro_step+0x63/0x100 [dm_persistent_data]
btree_lookup_raw.constprop.0+0x44/0x220 [dm_persistent_data]
dm_btree_lookup+0x16f/0x210 [dm_persistent_data]
dm_thin_find_block+0x12c/0x210 [dm_thin_pool]
__process_bio_read_only+0xc5/0x400 [dm_thin_pool]
process_thin_deferred_bios+0x1a4/0x4a0 [dm_thin_pool]
process_one_work+0x3c5/0x730
Following process may generate a broken btree mixed with fresh and
stale btree nodes, which could get dm thin trapped in an infinite loop
while looking up data block:
Transaction 1: pmd->root = A, A->B->C // One path in btree
pmd->root = X, X->Y->Z // Copy-up
Transaction 2: X,Z is updated on disk, Y write failed.
// Commit failed, dm thin becomes read-only.
process_bio_read_only
dm_thin_find_block
__find_block
dm_btree_lookup(pmd->root)
The pmd->root points to a broken btree, Y may contain stale node
pointing to any block, for example X, which gets dm thin trapped into
a dead loop while looking up Z.
Fix this by setting pmd->root in __open_metadata(), so that dm thin
will use the last transaction's pmd->root if commit failed.
Fetch a reproducer in [Link].
Linke: https://bugzilla.kernel.org/show_bug.cgi?id=216790
Cc: stable@vger.kernel.org
Fixes: 991d9fa02da0 ("dm: add thin provisioning target")
Signed-off-by: Zhihao Cheng <chengzhihao1@huawei.com>
Acked-by: Joe Thornber <ejt@redhat.com>
Signed-off-by: Mike Snitzer <snitzer@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/md/dm-thin-metadata.c | 9 +++++++++
1 file changed, 9 insertions(+)
--- a/drivers/md/dm-thin-metadata.c
+++ b/drivers/md/dm-thin-metadata.c
@@ -660,6 +660,15 @@ static int __open_metadata(struct dm_poo
goto bad_cleanup_data_sm;
}
+ /*
+ * For pool metadata opening process, root setting is redundant
+ * because it will be set again in __begin_transaction(). But dm
+ * pool aborting process really needs to get last transaction's
+ * root to avoid accessing broken btree.
+ */
+ pmd->root = le64_to_cpu(disk_super->data_mapping_root);
+ pmd->details_root = le64_to_cpu(disk_super->device_details_root);
+
__setup_btree_details(pmd);
dm_bm_unlock(sblock);
^ permalink raw reply [flat|nested] 529+ messages in thread
* [PATCH 4.19 385/521] dm thin: Fix UAF in run_timer_softirq()
2023-01-16 15:44 [PATCH 4.19 000/521] 4.19.270-rc1 review Greg Kroah-Hartman
` (383 preceding siblings ...)
2023-01-16 15:50 ` [PATCH 4.19 384/521] dm thin: Use last transactions pmd->root when commit failed Greg Kroah-Hartman
@ 2023-01-16 15:50 ` Greg Kroah-Hartman
2023-01-16 15:50 ` [PATCH 4.19 386/521] dm cache: Fix UAF in destroy() Greg Kroah-Hartman
` (139 subsequent siblings)
524 siblings, 0 replies; 529+ messages in thread
From: Greg Kroah-Hartman @ 2023-01-16 15:50 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Luo Meng, Mike Snitzer
From: Luo Meng <luomeng12@huawei.com>
commit 88430ebcbc0ec637b710b947738839848c20feff upstream.
When dm_resume() and dm_destroy() are concurrent, it will
lead to UAF, as follows:
BUG: KASAN: use-after-free in __run_timers+0x173/0x710
Write of size 8 at addr ffff88816d9490f0 by task swapper/0/0
<snip>
Call Trace:
<IRQ>
dump_stack_lvl+0x73/0x9f
print_report.cold+0x132/0xaa2
_raw_spin_lock_irqsave+0xcd/0x160
__run_timers+0x173/0x710
kasan_report+0xad/0x110
__run_timers+0x173/0x710
__asan_store8+0x9c/0x140
__run_timers+0x173/0x710
call_timer_fn+0x310/0x310
pvclock_clocksource_read+0xfa/0x250
kvm_clock_read+0x2c/0x70
kvm_clock_get_cycles+0xd/0x20
ktime_get+0x5c/0x110
lapic_next_event+0x38/0x50
clockevents_program_event+0xf1/0x1e0
run_timer_softirq+0x49/0x90
__do_softirq+0x16e/0x62c
__irq_exit_rcu+0x1fa/0x270
irq_exit_rcu+0x12/0x20
sysvec_apic_timer_interrupt+0x8e/0xc0
One of the concurrency UAF can be shown as below:
use free
do_resume |
__find_device_hash_cell |
dm_get |
atomic_inc(&md->holders) |
| dm_destroy
| __dm_destroy
| if (!dm_suspended_md(md))
| atomic_read(&md->holders)
| msleep(1)
dm_resume |
__dm_resume |
dm_table_resume_targets |
pool_resume |
do_waker #add delay work |
dm_put |
atomic_dec(&md->holders) |
| dm_table_destroy
| pool_dtr
| __pool_dec
| __pool_destroy
| destroy_workqueue
| kfree(pool) # free pool
time out
__do_softirq
run_timer_softirq # pool has already been freed
This can be easily reproduced using:
1. create thin-pool
2. dmsetup suspend pool
3. dmsetup resume pool
4. dmsetup remove_all # Concurrent with 3
The root cause of this UAF bug is that dm_resume() adds timer after
dm_destroy() skips cancelling the timer because of suspend status.
After timeout, it will call run_timer_softirq(), however pool has
already been freed. The concurrency UAF bug will happen.
Therefore, cancelling timer again in __pool_destroy().
Cc: stable@vger.kernel.org
Fixes: 991d9fa02da0d ("dm: add thin provisioning target")
Signed-off-by: Luo Meng <luomeng12@huawei.com>
Signed-off-by: Mike Snitzer <snitzer@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/md/dm-thin.c | 2 ++
1 file changed, 2 insertions(+)
--- a/drivers/md/dm-thin.c
+++ b/drivers/md/dm-thin.c
@@ -2921,6 +2921,8 @@ static void __pool_destroy(struct pool *
dm_bio_prison_destroy(pool->prison);
dm_kcopyd_client_destroy(pool->copier);
+ cancel_delayed_work_sync(&pool->waker);
+ cancel_delayed_work_sync(&pool->no_space_timeout);
if (pool->wq)
destroy_workqueue(pool->wq);
^ permalink raw reply [flat|nested] 529+ messages in thread
* [PATCH 4.19 386/521] dm cache: Fix UAF in destroy()
2023-01-16 15:44 [PATCH 4.19 000/521] 4.19.270-rc1 review Greg Kroah-Hartman
` (384 preceding siblings ...)
2023-01-16 15:50 ` [PATCH 4.19 385/521] dm thin: Fix UAF in run_timer_softirq() Greg Kroah-Hartman
@ 2023-01-16 15:50 ` Greg Kroah-Hartman
2023-01-16 15:50 ` [PATCH 4.19 387/521] dm cache: set needs_check flag after aborting metadata Greg Kroah-Hartman
` (138 subsequent siblings)
524 siblings, 0 replies; 529+ messages in thread
From: Greg Kroah-Hartman @ 2023-01-16 15:50 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Luo Meng, Mike Snitzer
From: Luo Meng <luomeng12@huawei.com>
commit 6a459d8edbdbe7b24db42a5a9f21e6aa9e00c2aa upstream.
Dm_cache also has the same UAF problem when dm_resume()
and dm_destroy() are concurrent.
Therefore, cancelling timer again in destroy().
Cc: stable@vger.kernel.org
Fixes: c6b4fcbad044e ("dm: add cache target")
Signed-off-by: Luo Meng <luomeng12@huawei.com>
Signed-off-by: Mike Snitzer <snitzer@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/md/dm-cache-target.c | 1 +
1 file changed, 1 insertion(+)
--- a/drivers/md/dm-cache-target.c
+++ b/drivers/md/dm-cache-target.c
@@ -1987,6 +1987,7 @@ static void destroy(struct cache *cache)
if (cache->prison)
dm_bio_prison_destroy_v2(cache->prison);
+ cancel_delayed_work_sync(&cache->waker);
if (cache->wq)
destroy_workqueue(cache->wq);
^ permalink raw reply [flat|nested] 529+ messages in thread
* [PATCH 4.19 387/521] dm cache: set needs_check flag after aborting metadata
2023-01-16 15:44 [PATCH 4.19 000/521] 4.19.270-rc1 review Greg Kroah-Hartman
` (385 preceding siblings ...)
2023-01-16 15:50 ` [PATCH 4.19 386/521] dm cache: Fix UAF in destroy() Greg Kroah-Hartman
@ 2023-01-16 15:50 ` Greg Kroah-Hartman
2023-01-16 15:50 ` [PATCH 4.19 388/521] x86/microcode/intel: Do not retry microcode reloading on the APs Greg Kroah-Hartman
` (137 subsequent siblings)
524 siblings, 0 replies; 529+ messages in thread
From: Greg Kroah-Hartman @ 2023-01-16 15:50 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Mike Snitzer
From: Mike Snitzer <snitzer@kernel.org>
commit 6b9973861cb2e96dcd0bb0f1baddc5c034207c5c upstream.
Otherwise the commit that will be aborted will be associated with the
metadata objects that will be torn down. Must write needs_check flag
to metadata with a reset block manager.
Found through code-inspection (and compared against dm-thin.c).
Cc: stable@vger.kernel.org
Fixes: 028ae9f76f29 ("dm cache: add fail io mode and needs_check flag")
Signed-off-by: Mike Snitzer <snitzer@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/md/dm-cache-target.c | 10 +++++-----
1 file changed, 5 insertions(+), 5 deletions(-)
--- a/drivers/md/dm-cache-target.c
+++ b/drivers/md/dm-cache-target.c
@@ -1010,16 +1010,16 @@ static void abort_transaction(struct cac
if (get_cache_mode(cache) >= CM_READ_ONLY)
return;
- if (dm_cache_metadata_set_needs_check(cache->cmd)) {
- DMERR("%s: failed to set 'needs_check' flag in metadata", dev_name);
- set_cache_mode(cache, CM_FAIL);
- }
-
DMERR_LIMIT("%s: aborting current metadata transaction", dev_name);
if (dm_cache_metadata_abort(cache->cmd)) {
DMERR("%s: failed to abort metadata transaction", dev_name);
set_cache_mode(cache, CM_FAIL);
}
+
+ if (dm_cache_metadata_set_needs_check(cache->cmd)) {
+ DMERR("%s: failed to set 'needs_check' flag in metadata", dev_name);
+ set_cache_mode(cache, CM_FAIL);
+ }
}
static void metadata_operation_failed(struct cache *cache, const char *op, int r)
^ permalink raw reply [flat|nested] 529+ messages in thread
* [PATCH 4.19 388/521] x86/microcode/intel: Do not retry microcode reloading on the APs
2023-01-16 15:44 [PATCH 4.19 000/521] 4.19.270-rc1 review Greg Kroah-Hartman
` (386 preceding siblings ...)
2023-01-16 15:50 ` [PATCH 4.19 387/521] dm cache: set needs_check flag after aborting metadata Greg Kroah-Hartman
@ 2023-01-16 15:50 ` Greg Kroah-Hartman
2023-01-16 15:50 ` [PATCH 4.19 389/521] tracing: Fix infinite loop in tracing_read_pipe on overflowed print_trace_line Greg Kroah-Hartman
` (136 subsequent siblings)
524 siblings, 0 replies; 529+ messages in thread
From: Greg Kroah-Hartman @ 2023-01-16 15:50 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Ashok Raj, Borislav Petkov (AMD),
Thomas Gleixner
From: Ashok Raj <ashok.raj@intel.com>
commit be1b670f61443aa5d0d01782e9b8ea0ee825d018 upstream.
The retries in load_ucode_intel_ap() were in place to support systems
with mixed steppings. Mixed steppings are no longer supported and there is
only one microcode image at a time. Any retries will simply reattempt to
apply the same image over and over without making progress.
[ bp: Zap the circumstantial reasoning from the commit message. ]
Fixes: 06b8534cb728 ("x86/microcode: Rework microcode loading")
Signed-off-by: Ashok Raj <ashok.raj@intel.com>
Signed-off-by: Borislav Petkov (AMD) <bp@alien8.de>
Reviewed-by: Thomas Gleixner <tglx@linutronix.de>
Cc: stable@vger.kernel.org
Link: https://lore.kernel.org/r/20221129210832.107850-3-ashok.raj@intel.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
arch/x86/kernel/cpu/microcode/intel.c | 8 +-------
1 file changed, 1 insertion(+), 7 deletions(-)
--- a/arch/x86/kernel/cpu/microcode/intel.c
+++ b/arch/x86/kernel/cpu/microcode/intel.c
@@ -662,7 +662,6 @@ void load_ucode_intel_ap(void)
else
iup = &intel_ucode_patch;
-reget:
if (!*iup) {
patch = __load_ucode_intel(&uci);
if (!patch)
@@ -673,12 +672,7 @@ reget:
uci.mc = *iup;
- if (apply_microcode_early(&uci, true)) {
- /* Mixed-silicon system? Try to refetch the proper patch: */
- *iup = NULL;
-
- goto reget;
- }
+ apply_microcode_early(&uci, true);
}
static struct microcode_intel *find_patch(struct ucode_cpu_info *uci)
^ permalink raw reply [flat|nested] 529+ messages in thread
* [PATCH 4.19 389/521] tracing: Fix infinite loop in tracing_read_pipe on overflowed print_trace_line
2023-01-16 15:44 [PATCH 4.19 000/521] 4.19.270-rc1 review Greg Kroah-Hartman
` (387 preceding siblings ...)
2023-01-16 15:50 ` [PATCH 4.19 388/521] x86/microcode/intel: Do not retry microcode reloading on the APs Greg Kroah-Hartman
@ 2023-01-16 15:50 ` Greg Kroah-Hartman
2023-01-16 15:50 ` [PATCH 4.19 390/521] ARM: 9256/1: NWFPE: avoid compiler-generated __aeabi_uldivmod Greg Kroah-Hartman
` (135 subsequent siblings)
524 siblings, 0 replies; 529+ messages in thread
From: Greg Kroah-Hartman @ 2023-01-16 15:50 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Masami Hiramatsu, Yang Jihong,
Steven Rostedt (Google)
From: Yang Jihong <yangjihong1@huawei.com>
commit c1ac03af6ed45d05786c219d102f37eb44880f28 upstream.
print_trace_line may overflow seq_file buffer. If the event is not
consumed, the while loop keeps peeking this event, causing a infinite loop.
Link: https://lkml.kernel.org/r/20221129113009.182425-1-yangjihong1@huawei.com
Cc: Masami Hiramatsu <mhiramat@kernel.org>
Cc: stable@vger.kernel.org
Fixes: 088b1e427dbba ("ftrace: pipe fixes")
Signed-off-by: Yang Jihong <yangjihong1@huawei.com>
Signed-off-by: Steven Rostedt (Google) <rostedt@goodmis.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
kernel/trace/trace.c | 15 ++++++++++++++-
1 file changed, 14 insertions(+), 1 deletion(-)
--- a/kernel/trace/trace.c
+++ b/kernel/trace/trace.c
@@ -5803,7 +5803,20 @@ waitagain:
ret = print_trace_line(iter);
if (ret == TRACE_TYPE_PARTIAL_LINE) {
- /* don't print partial lines */
+ /*
+ * If one print_trace_line() fills entire trace_seq in one shot,
+ * trace_seq_to_user() will returns -EBUSY because save_len == 0,
+ * In this case, we need to consume it, otherwise, loop will peek
+ * this event next time, resulting in an infinite loop.
+ */
+ if (save_len == 0) {
+ iter->seq.full = 0;
+ trace_seq_puts(&iter->seq, "[LINE TOO BIG]\n");
+ trace_consume(iter);
+ break;
+ }
+
+ /* In other cases, don't print partial lines */
iter->seq.seq.len = save_len;
break;
}
^ permalink raw reply [flat|nested] 529+ messages in thread
* [PATCH 4.19 390/521] ARM: 9256/1: NWFPE: avoid compiler-generated __aeabi_uldivmod
2023-01-16 15:44 [PATCH 4.19 000/521] 4.19.270-rc1 review Greg Kroah-Hartman
` (388 preceding siblings ...)
2023-01-16 15:50 ` [PATCH 4.19 389/521] tracing: Fix infinite loop in tracing_read_pipe on overflowed print_trace_line Greg Kroah-Hartman
@ 2023-01-16 15:50 ` Greg Kroah-Hartman
2023-01-16 15:50 ` [PATCH 4.19 391/521] media: dvb-core: Fix double free in dvb_register_device() Greg Kroah-Hartman
` (134 subsequent siblings)
524 siblings, 0 replies; 529+ messages in thread
From: Greg Kroah-Hartman @ 2023-01-16 15:50 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Nathan Chancellor, Arnd Bergmann,
Nick Desaulniers, Russell King (Oracle)
From: Nick Desaulniers <ndesaulniers@google.com>
commit 3220022038b9a3845eea762af85f1c5694b9f861 upstream.
clang-15's ability to elide loops completely became more aggressive when
it can deduce how a variable is being updated in a loop. Counting down
one variable by an increment of another can be replaced by a modulo
operation.
For 64b variables on 32b ARM EABI targets, this can result in the
compiler generating calls to __aeabi_uldivmod, which it does for a do
while loop in float64_rem().
For the kernel, we'd generally prefer that developers not open code 64b
division via binary / operators and instead use the more explicit
helpers from div64.h. On arm-linux-gnuabi targets, failure to do so can
result in linkage failures due to undefined references to
__aeabi_uldivmod().
While developers can avoid open coding divisions on 64b variables, the
compiler doesn't know that the Linux kernel has a partial implementation
of a compiler runtime (--rtlib) to enforce this convention.
It's also undecidable for the compiler whether the code in question
would be faster to execute the loop vs elide it and do the 64b division.
While I actively avoid using the internal -mllvm command line flags, I
think we get better code than using barrier() here, which will force
reloads+spills in the loop for all toolchains.
Link: https://github.com/ClangBuiltLinux/linux/issues/1666
Reported-by: Nathan Chancellor <nathan@kernel.org>
Reviewed-by: Arnd Bergmann <arnd@arndb.de>
Signed-off-by: Nick Desaulniers <ndesaulniers@google.com>
Tested-by: Nathan Chancellor <nathan@kernel.org>
Cc: stable@vger.kernel.org
Signed-off-by: Russell King (Oracle) <rmk+kernel@armlinux.org.uk>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
arch/arm/nwfpe/Makefile | 6 ++++++
1 file changed, 6 insertions(+)
--- a/arch/arm/nwfpe/Makefile
+++ b/arch/arm/nwfpe/Makefile
@@ -11,3 +11,9 @@ nwfpe-y += fpa11.o fpa11_cpdo.o fpa11
entry.o
nwfpe-$(CONFIG_FPE_NWFPE_XP) += extended_cpdo.o
+
+# Try really hard to avoid generating calls to __aeabi_uldivmod() from
+# float64_rem() due to loop elision.
+ifdef CONFIG_CC_IS_CLANG
+CFLAGS_softfloat.o += -mllvm -replexitval=never
+endif
^ permalink raw reply [flat|nested] 529+ messages in thread
* [PATCH 4.19 391/521] media: dvb-core: Fix double free in dvb_register_device()
2023-01-16 15:44 [PATCH 4.19 000/521] 4.19.270-rc1 review Greg Kroah-Hartman
` (389 preceding siblings ...)
2023-01-16 15:50 ` [PATCH 4.19 390/521] ARM: 9256/1: NWFPE: avoid compiler-generated __aeabi_uldivmod Greg Kroah-Hartman
@ 2023-01-16 15:50 ` Greg Kroah-Hartman
2023-01-16 15:50 ` [PATCH 4.19 392/521] media: dvb-core: Fix UAF due to refcount races at releasing Greg Kroah-Hartman
` (133 subsequent siblings)
524 siblings, 0 replies; 529+ messages in thread
From: Greg Kroah-Hartman @ 2023-01-16 15:50 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Wenwen Wang, Keita Suzuki,
Mauro Carvalho Chehab
From: Keita Suzuki <keitasuzuki.park@sslab.ics.keio.ac.jp>
commit 6b0d0477fce747d4137aa65856318b55fba72198 upstream.
In function dvb_register_device() -> dvb_register_media_device() ->
dvb_create_media_entity(), dvb->entity is allocated and initialized. If
the initialization fails, it frees the dvb->entity, and return an error
code. The caller takes the error code and handles the error by calling
dvb_media_device_free(), which unregisters the entity and frees the
field again if it is not NULL. As dvb->entity may not NULLed in
dvb_create_media_entity() when the allocation of dvbdev->pad fails, a
double free may occur. This may also cause an Use After free in
media_device_unregister_entity().
Fix this by storing NULL to dvb->entity when it is freed.
Link: https://lore.kernel.org/linux-media/20220426052921.2088416-1-keitasuzuki.park@sslab.ics.keio.ac.jp
Fixes: fcd5ce4b3936 ("media: dvb-core: fix a memory leak bug")
Cc: stable@vger.kernel.org
Cc: Wenwen Wang <wenwen@cs.uga.edu>
Signed-off-by: Keita Suzuki <keitasuzuki.park@sslab.ics.keio.ac.jp>
Signed-off-by: Mauro Carvalho Chehab <mchehab@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/media/dvb-core/dvbdev.c | 1 +
1 file changed, 1 insertion(+)
--- a/drivers/media/dvb-core/dvbdev.c
+++ b/drivers/media/dvb-core/dvbdev.c
@@ -345,6 +345,7 @@ static int dvb_create_media_entity(struc
GFP_KERNEL);
if (!dvbdev->pads) {
kfree(dvbdev->entity);
+ dvbdev->entity = NULL;
return -ENOMEM;
}
}
^ permalink raw reply [flat|nested] 529+ messages in thread
* [PATCH 4.19 392/521] media: dvb-core: Fix UAF due to refcount races at releasing
2023-01-16 15:44 [PATCH 4.19 000/521] 4.19.270-rc1 review Greg Kroah-Hartman
` (390 preceding siblings ...)
2023-01-16 15:50 ` [PATCH 4.19 391/521] media: dvb-core: Fix double free in dvb_register_device() Greg Kroah-Hartman
@ 2023-01-16 15:50 ` Greg Kroah-Hartman
2023-01-16 15:50 ` [PATCH 4.19 393/521] cifs: fix confusing debug message Greg Kroah-Hartman
` (132 subsequent siblings)
524 siblings, 0 replies; 529+ messages in thread
From: Greg Kroah-Hartman @ 2023-01-16 15:50 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Hyunwoo Kim, Takashi Iwai, Hans Verkuil
From: Takashi Iwai <tiwai@suse.de>
commit fd3d91ab1c6ab0628fe642dd570b56302c30a792 upstream.
The dvb-core tries to sync the releases of opened files at
dvb_dmxdev_release() with two refcounts: dvbdev->users and
dvr_dvbdev->users. A problem is present in those two syncs: when yet
another dvb_demux_open() is called during those sync waits,
dvb_demux_open() continues to process even if the device is being
closed. This includes the increment of the former refcount, resulting
in the leftover refcount after the sync of the latter refcount at
dvb_dmxdev_release(). It ends up with use-after-free, since the
function believes that all usages were gone and releases the
resources.
This patch addresses the problem by adding the check of dmxdev->exit
flag at dvb_demux_open(), just like dvb_dvr_open() already does. With
the exit flag check, the second call of dvb_demux_open() fails, hence
the further corruption can be avoided.
Also for avoiding the races of the dmxdev->exit flag reference, this
patch serializes the dmxdev->exit set up and the sync waits with the
dmxdev->mutex lock at dvb_dmxdev_release(). Without the mutex lock,
dvb_demux_open() (or dvb_dvr_open()) may run concurrently with
dvb_dmxdev_release(), which allows to skip the exit flag check and
continue the open process that is being closed.
CVE-2022-41218 is assigned to those bugs above.
Reported-by: Hyunwoo Kim <imv4bel@gmail.com>
Cc: <stable@vger.kernel.org>
Link: https://lore.kernel.org/20220908132754.30532-1-tiwai@suse.de
Signed-off-by: Takashi Iwai <tiwai@suse.de>
Signed-off-by: Hans Verkuil <hverkuil-cisco@xs4all.nl>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/media/dvb-core/dmxdev.c | 8 ++++++++
1 file changed, 8 insertions(+)
--- a/drivers/media/dvb-core/dmxdev.c
+++ b/drivers/media/dvb-core/dmxdev.c
@@ -800,6 +800,11 @@ static int dvb_demux_open(struct inode *
if (mutex_lock_interruptible(&dmxdev->mutex))
return -ERESTARTSYS;
+ if (dmxdev->exit) {
+ mutex_unlock(&dmxdev->mutex);
+ return -ENODEV;
+ }
+
for (i = 0; i < dmxdev->filternum; i++)
if (dmxdev->filter[i].state == DMXDEV_STATE_FREE)
break;
@@ -1457,7 +1462,10 @@ EXPORT_SYMBOL(dvb_dmxdev_init);
void dvb_dmxdev_release(struct dmxdev *dmxdev)
{
+ mutex_lock(&dmxdev->mutex);
dmxdev->exit = 1;
+ mutex_unlock(&dmxdev->mutex);
+
if (dmxdev->dvbdev->users > 1) {
wait_event(dmxdev->dvbdev->wait_queue,
dmxdev->dvbdev->users == 1);
^ permalink raw reply [flat|nested] 529+ messages in thread
* [PATCH 4.19 393/521] cifs: fix confusing debug message
2023-01-16 15:44 [PATCH 4.19 000/521] 4.19.270-rc1 review Greg Kroah-Hartman
` (391 preceding siblings ...)
2023-01-16 15:50 ` [PATCH 4.19 392/521] media: dvb-core: Fix UAF due to refcount races at releasing Greg Kroah-Hartman
@ 2023-01-16 15:50 ` Greg Kroah-Hartman
2023-01-16 15:50 ` [PATCH 4.19 394/521] md/bitmap: Fix bitmap chunk size overflow issues Greg Kroah-Hartman
` (131 subsequent siblings)
524 siblings, 0 replies; 529+ messages in thread
From: Greg Kroah-Hartman @ 2023-01-16 15:50 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Paulo Alcantara (SUSE), Steve French
From: Paulo Alcantara <pc@cjr.nz>
commit a85ceafd41927e41a4103d228a993df7edd8823b upstream.
Since rc was initialised to -ENOMEM in cifs_get_smb_ses(), when an
existing smb session was found, free_xid() would be called and then
print
CIFS: fs/cifs/connect.c: Existing tcp session with server found
CIFS: fs/cifs/connect.c: VFS: in cifs_get_smb_ses as Xid: 44 with uid: 0
CIFS: fs/cifs/connect.c: Existing smb sess found (status=1)
CIFS: fs/cifs/connect.c: VFS: leaving cifs_get_smb_ses (xid = 44) rc = -12
Fix this by initialising rc to 0 and then let free_xid() print this
instead
CIFS: fs/cifs/connect.c: Existing tcp session with server found
CIFS: fs/cifs/connect.c: VFS: in cifs_get_smb_ses as Xid: 14 with uid: 0
CIFS: fs/cifs/connect.c: Existing smb sess found (status=1)
CIFS: fs/cifs/connect.c: VFS: leaving cifs_get_smb_ses (xid = 14) rc = 0
Signed-off-by: Paulo Alcantara (SUSE) <pc@cjr.nz>
Cc: stable@vger.kernel.org
Signed-off-by: Steve French <stfrench@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/cifs/connect.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
--- a/fs/cifs/connect.c
+++ b/fs/cifs/connect.c
@@ -2940,7 +2940,7 @@ cifs_set_cifscreds(struct smb_vol *vol _
static struct cifs_ses *
cifs_get_smb_ses(struct TCP_Server_Info *server, struct smb_vol *volume_info)
{
- int rc = -ENOMEM;
+ int rc = 0;
unsigned int xid;
struct cifs_ses *ses;
struct sockaddr_in *addr = (struct sockaddr_in *)&server->dstaddr;
@@ -2982,6 +2982,8 @@ cifs_get_smb_ses(struct TCP_Server_Info
return ses;
}
+ rc = -ENOMEM;
+
cifs_dbg(FYI, "Existing smb sess not found\n");
ses = sesInfoAlloc();
if (ses == NULL)
^ permalink raw reply [flat|nested] 529+ messages in thread
* [PATCH 4.19 394/521] md/bitmap: Fix bitmap chunk size overflow issues
2023-01-16 15:44 [PATCH 4.19 000/521] 4.19.270-rc1 review Greg Kroah-Hartman
` (392 preceding siblings ...)
2023-01-16 15:50 ` [PATCH 4.19 393/521] cifs: fix confusing debug message Greg Kroah-Hartman
@ 2023-01-16 15:50 ` Greg Kroah-Hartman
2023-01-16 15:50 ` [PATCH 4.19 395/521] ipmi: fix long wait in unload when IPMI disconnect Greg Kroah-Hartman
` (130 subsequent siblings)
524 siblings, 0 replies; 529+ messages in thread
From: Greg Kroah-Hartman @ 2023-01-16 15:50 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Florian-Ewald Mueller, Jack Wang, Song Liu
From: Florian-Ewald Mueller <florian-ewald.mueller@ionos.com>
commit 4555211190798b6b6fa2c37667d175bf67945c78 upstream.
- limit bitmap chunk size internal u64 variable to values not overflowing
the u32 bitmap superblock structure variable stored on persistent media
- assign bitmap chunk size internal u64 variable from unsigned values to
avoid possible sign extension artifacts when assigning from a s32 value
The bug has been there since at least kernel 4.0.
Steps to reproduce it:
1: mdadm -C /dev/mdx -l 1 --bitmap=internal --bitmap-chunk=256M -e 1.2
-n2 /dev/rnbd1 /dev/rnbd2
2 resize member device rnbd1 and rnbd2 to 8 TB
3 mdadm --grow /dev/mdx --size=max
The bitmap_chunksize will overflow without patch.
Cc: stable@vger.kernel.org
Signed-off-by: Florian-Ewald Mueller <florian-ewald.mueller@ionos.com>
Signed-off-by: Jack Wang <jinpu.wang@ionos.com>
Signed-off-by: Song Liu <song@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/md/md-bitmap.c | 20 ++++++++++++--------
1 file changed, 12 insertions(+), 8 deletions(-)
--- a/drivers/md/md-bitmap.c
+++ b/drivers/md/md-bitmap.c
@@ -488,7 +488,7 @@ void md_bitmap_print_sb(struct bitmap *b
sb = kmap_atomic(bitmap->storage.sb_page);
pr_debug("%s: bitmap file superblock:\n", bmname(bitmap));
pr_debug(" magic: %08x\n", le32_to_cpu(sb->magic));
- pr_debug(" version: %d\n", le32_to_cpu(sb->version));
+ pr_debug(" version: %u\n", le32_to_cpu(sb->version));
pr_debug(" uuid: %08x.%08x.%08x.%08x\n",
le32_to_cpu(*(__u32 *)(sb->uuid+0)),
le32_to_cpu(*(__u32 *)(sb->uuid+4)),
@@ -499,11 +499,11 @@ void md_bitmap_print_sb(struct bitmap *b
pr_debug("events cleared: %llu\n",
(unsigned long long) le64_to_cpu(sb->events_cleared));
pr_debug(" state: %08x\n", le32_to_cpu(sb->state));
- pr_debug(" chunksize: %d B\n", le32_to_cpu(sb->chunksize));
- pr_debug(" daemon sleep: %ds\n", le32_to_cpu(sb->daemon_sleep));
+ pr_debug(" chunksize: %u B\n", le32_to_cpu(sb->chunksize));
+ pr_debug(" daemon sleep: %us\n", le32_to_cpu(sb->daemon_sleep));
pr_debug(" sync size: %llu KB\n",
(unsigned long long)le64_to_cpu(sb->sync_size)/2);
- pr_debug("max write behind: %d\n", le32_to_cpu(sb->write_behind));
+ pr_debug("max write behind: %u\n", le32_to_cpu(sb->write_behind));
kunmap_atomic(sb);
}
@@ -2101,7 +2101,8 @@ int md_bitmap_resize(struct bitmap *bitm
bytes = DIV_ROUND_UP(chunks, 8);
if (!bitmap->mddev->bitmap_info.external)
bytes += sizeof(bitmap_super_t);
- } while (bytes > (space << 9));
+ } while (bytes > (space << 9) && (chunkshift + BITMAP_BLOCK_SHIFT) <
+ (BITS_PER_BYTE * sizeof(((bitmap_super_t *)0)->chunksize) - 1));
} else
chunkshift = ffz(~chunksize) - BITMAP_BLOCK_SHIFT;
@@ -2146,7 +2147,7 @@ int md_bitmap_resize(struct bitmap *bitm
bitmap->counts.missing_pages = pages;
bitmap->counts.chunkshift = chunkshift;
bitmap->counts.chunks = chunks;
- bitmap->mddev->bitmap_info.chunksize = 1 << (chunkshift +
+ bitmap->mddev->bitmap_info.chunksize = 1UL << (chunkshift +
BITMAP_BLOCK_SHIFT);
blocks = min(old_counts.chunks << old_counts.chunkshift,
@@ -2172,8 +2173,8 @@ int md_bitmap_resize(struct bitmap *bitm
bitmap->counts.missing_pages = old_counts.pages;
bitmap->counts.chunkshift = old_counts.chunkshift;
bitmap->counts.chunks = old_counts.chunks;
- bitmap->mddev->bitmap_info.chunksize = 1 << (old_counts.chunkshift +
- BITMAP_BLOCK_SHIFT);
+ bitmap->mddev->bitmap_info.chunksize =
+ 1UL << (old_counts.chunkshift + BITMAP_BLOCK_SHIFT);
blocks = old_counts.chunks << old_counts.chunkshift;
pr_warn("Could not pre-allocate in-memory bitmap for cluster raid\n");
break;
@@ -2499,6 +2500,9 @@ chunksize_store(struct mddev *mddev, con
if (csize < 512 ||
!is_power_of_2(csize))
return -EINVAL;
+ if (BITS_PER_LONG > 32 && csize >= (1ULL << (BITS_PER_BYTE *
+ sizeof(((bitmap_super_t *)0)->chunksize))))
+ return -EOVERFLOW;
mddev->bitmap_info.chunksize = csize;
return len;
}
^ permalink raw reply [flat|nested] 529+ messages in thread
* [PATCH 4.19 395/521] ipmi: fix long wait in unload when IPMI disconnect
2023-01-16 15:44 [PATCH 4.19 000/521] 4.19.270-rc1 review Greg Kroah-Hartman
` (393 preceding siblings ...)
2023-01-16 15:50 ` [PATCH 4.19 394/521] md/bitmap: Fix bitmap chunk size overflow issues Greg Kroah-Hartman
@ 2023-01-16 15:50 ` Greg Kroah-Hartman
2023-01-16 15:50 ` [PATCH 4.19 396/521] ima: Fix a potential NULL pointer access in ima_restore_measurement_list Greg Kroah-Hartman
` (129 subsequent siblings)
524 siblings, 0 replies; 529+ messages in thread
From: Greg Kroah-Hartman @ 2023-01-16 15:50 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Zhang Yuchen, Corey Minyard
From: Zhang Yuchen <zhangyuchen.lcr@bytedance.com>
commit f6f1234d98cce69578bfac79df147a1f6660596c upstream.
When fixing the problem mentioned in PATCH1, we also found
the following problem:
If the IPMI is disconnected and in the sending process, the
uninstallation driver will be stuck for a long time.
The main problem is that uninstalling the driver waits for curr_msg to
be sent or HOSED. After stopping tasklet, the only place to trigger the
timeout mechanism is the circular poll in shutdown_smi.
The poll function delays 10us and calls smi_event_handler(smi_info,10).
Smi_event_handler deducts 10us from kcs->ibf_timeout.
But the poll func is followed by schedule_timeout_uninterruptible(1).
The time consumed here is not counted in kcs->ibf_timeout.
So when 10us is deducted from kcs->ibf_timeout, at least 1 jiffies has
actually passed. The waiting time has increased by more than a
hundredfold.
Now instead of calling poll(). call smi_event_handler() directly and
calculate the elapsed time.
For verification, you can directly use ebpf to check the kcs->
ibf_timeout for each call to kcs_event() when IPMI is disconnected.
Decrement at normal rate before unloading. The decrement rate becomes
very slow after unloading.
$ bpftrace -e 'kprobe:kcs_event {printf("kcs->ibftimeout : %d\n",
*(arg0+584));}'
Signed-off-by: Zhang Yuchen <zhangyuchen.lcr@bytedance.com>
Message-Id: <20221007092617.87597-3-zhangyuchen.lcr@bytedance.com>
Signed-off-by: Corey Minyard <cminyard@mvista.com>
Cc: stable@vger.kernel.org
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/char/ipmi/ipmi_si_intf.c | 27 +++++++++++++++++++--------
1 file changed, 19 insertions(+), 8 deletions(-)
--- a/drivers/char/ipmi/ipmi_si_intf.c
+++ b/drivers/char/ipmi/ipmi_si_intf.c
@@ -2187,6 +2187,20 @@ skip_fallback_noirq:
}
module_init(init_ipmi_si);
+static void wait_msg_processed(struct smi_info *smi_info)
+{
+ unsigned long jiffies_now;
+ long time_diff;
+
+ while (smi_info->curr_msg || (smi_info->si_state != SI_NORMAL)) {
+ jiffies_now = jiffies;
+ time_diff = (((long)jiffies_now - (long)smi_info->last_timeout_jiffies)
+ * SI_USEC_PER_JIFFY);
+ smi_event_handler(smi_info, time_diff);
+ schedule_timeout_uninterruptible(1);
+ }
+}
+
static void shutdown_smi(void *send_info)
{
struct smi_info *smi_info = send_info;
@@ -2221,16 +2235,13 @@ static void shutdown_smi(void *send_info
* in the BMC. Note that timers and CPU interrupts are off,
* so no need for locks.
*/
- while (smi_info->curr_msg || (smi_info->si_state != SI_NORMAL)) {
- poll(smi_info);
- schedule_timeout_uninterruptible(1);
- }
+ wait_msg_processed(smi_info);
+
if (smi_info->handlers)
disable_si_irq(smi_info);
- while (smi_info->curr_msg || (smi_info->si_state != SI_NORMAL)) {
- poll(smi_info);
- schedule_timeout_uninterruptible(1);
- }
+
+ wait_msg_processed(smi_info);
+
if (smi_info->handlers)
smi_info->handlers->cleanup(smi_info->si_sm);
^ permalink raw reply [flat|nested] 529+ messages in thread
* [PATCH 4.19 396/521] ima: Fix a potential NULL pointer access in ima_restore_measurement_list
2023-01-16 15:44 [PATCH 4.19 000/521] 4.19.270-rc1 review Greg Kroah-Hartman
` (394 preceding siblings ...)
2023-01-16 15:50 ` [PATCH 4.19 395/521] ipmi: fix long wait in unload when IPMI disconnect Greg Kroah-Hartman
@ 2023-01-16 15:50 ` Greg Kroah-Hartman
2023-01-16 15:50 ` [PATCH 4.19 397/521] ipmi: fix use after free in _ipmi_destroy_user() Greg Kroah-Hartman
` (128 subsequent siblings)
524 siblings, 0 replies; 529+ messages in thread
From: Greg Kroah-Hartman @ 2023-01-16 15:50 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, stable, Jiaming Li, Huaxin Lu,
Stefan Berger, Mimi Zohar
From: Huaxin Lu <luhuaxin1@huawei.com>
commit 11220db412edae8dba58853238f53258268bdb88 upstream.
In restore_template_fmt, when kstrdup fails, a non-NULL value will still be
returned, which causes a NULL pointer access in template_desc_init_fields.
Fixes: c7d09367702e ("ima: support restoring multiple template formats")
Cc: stable@kernel.org
Co-developed-by: Jiaming Li <lijiaming30@huawei.com>
Signed-off-by: Jiaming Li <lijiaming30@huawei.com>
Signed-off-by: Huaxin Lu <luhuaxin1@huawei.com>
Reviewed-by: Stefan Berger <stefanb@linux.ibm.com>
Signed-off-by: Mimi Zohar <zohar@linux.ibm.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
security/integrity/ima/ima_template.c | 5 ++++-
1 file changed, 4 insertions(+), 1 deletion(-)
--- a/security/integrity/ima/ima_template.c
+++ b/security/integrity/ima/ima_template.c
@@ -266,8 +266,11 @@ static struct ima_template_desc *restore
template_desc->name = "";
template_desc->fmt = kstrdup(template_name, GFP_KERNEL);
- if (!template_desc->fmt)
+ if (!template_desc->fmt) {
+ kfree(template_desc);
+ template_desc = NULL;
goto out;
+ }
spin_lock(&template_list);
list_add_tail_rcu(&template_desc->list, &defined_templates);
^ permalink raw reply [flat|nested] 529+ messages in thread
* [PATCH 4.19 397/521] ipmi: fix use after free in _ipmi_destroy_user()
2023-01-16 15:44 [PATCH 4.19 000/521] 4.19.270-rc1 review Greg Kroah-Hartman
` (395 preceding siblings ...)
2023-01-16 15:50 ` [PATCH 4.19 396/521] ima: Fix a potential NULL pointer access in ima_restore_measurement_list Greg Kroah-Hartman
@ 2023-01-16 15:50 ` Greg Kroah-Hartman
2023-01-16 15:51 ` [PATCH 4.19 398/521] PCI: Fix pci_device_is_present() for VFs by checking PF Greg Kroah-Hartman
` (127 subsequent siblings)
524 siblings, 0 replies; 529+ messages in thread
From: Greg Kroah-Hartman @ 2023-01-16 15:50 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Dan Carpenter, Corey Minyard
From: Dan Carpenter <error27@gmail.com>
commit a92ce570c81dc0feaeb12a429b4bc65686d17967 upstream.
The intf_free() function frees the "intf" pointer so we cannot
dereference it again on the next line.
Fixes: cbb79863fc31 ("ipmi: Don't allow device module unload when in use")
Signed-off-by: Dan Carpenter <error27@gmail.com>
Message-Id: <Y3M8xa1drZv4CToE@kili>
Cc: <stable@vger.kernel.org> # 5.5+
Signed-off-by: Corey Minyard <cminyard@mvista.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/char/ipmi/ipmi_msghandler.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
--- a/drivers/char/ipmi/ipmi_msghandler.c
+++ b/drivers/char/ipmi/ipmi_msghandler.c
@@ -1219,6 +1219,7 @@ static void _ipmi_destroy_user(struct ip
unsigned long flags;
struct cmd_rcvr *rcvr;
struct cmd_rcvr *rcvrs = NULL;
+ struct module *owner;
if (!acquire_ipmi_user(user, &i)) {
/*
@@ -1278,8 +1279,9 @@ static void _ipmi_destroy_user(struct ip
kfree(rcvr);
}
+ owner = intf->owner;
kref_put(&intf->refcount, intf_free);
- module_put(intf->owner);
+ module_put(owner);
}
int ipmi_destroy_user(struct ipmi_user *user)
^ permalink raw reply [flat|nested] 529+ messages in thread
* [PATCH 4.19 398/521] PCI: Fix pci_device_is_present() for VFs by checking PF
2023-01-16 15:44 [PATCH 4.19 000/521] 4.19.270-rc1 review Greg Kroah-Hartman
` (396 preceding siblings ...)
2023-01-16 15:50 ` [PATCH 4.19 397/521] ipmi: fix use after free in _ipmi_destroy_user() Greg Kroah-Hartman
@ 2023-01-16 15:51 ` Greg Kroah-Hartman
2023-01-16 15:51 ` [PATCH 4.19 399/521] PCI/sysfs: Fix double free in error path Greg Kroah-Hartman
` (126 subsequent siblings)
524 siblings, 0 replies; 529+ messages in thread
From: Greg Kroah-Hartman @ 2023-01-16 15:51 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Wei Gong, Michael S. Tsirkin, Bjorn Helgaas
From: Michael S. Tsirkin <mst@redhat.com>
commit 98b04dd0b4577894520493d96bc4623387767445 upstream.
pci_device_is_present() previously didn't work for VFs because it reads the
Vendor and Device ID, which are 0xffff for VFs, which looks like they
aren't present. Check the PF instead.
Wei Gong reported that if virtio I/O is in progress when the driver is
unbound or "0" is written to /sys/.../sriov_numvfs, the virtio I/O
operation hangs, which may result in output like this:
task:bash state:D stack: 0 pid: 1773 ppid: 1241 flags:0x00004002
Call Trace:
schedule+0x4f/0xc0
blk_mq_freeze_queue_wait+0x69/0xa0
blk_mq_freeze_queue+0x1b/0x20
blk_cleanup_queue+0x3d/0xd0
virtblk_remove+0x3c/0xb0 [virtio_blk]
virtio_dev_remove+0x4b/0x80
...
device_unregister+0x1b/0x60
unregister_virtio_device+0x18/0x30
virtio_pci_remove+0x41/0x80
pci_device_remove+0x3e/0xb0
This happened because pci_device_is_present(VF) returned "false" in
virtio_pci_remove(), so it called virtio_break_device(). The broken vq
meant that vring_interrupt() skipped the vq.callback() that would have
completed the virtio I/O operation via virtblk_done().
[bhelgaas: commit log, simplify to always use pci_physfn(), add stable tag]
Link: https://lore.kernel.org/r/20221026060912.173250-1-mst@redhat.com
Reported-by: Wei Gong <gongwei833x@gmail.com>
Tested-by: Wei Gong <gongwei833x@gmail.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Bjorn Helgaas <bhelgaas@google.com>
Cc: stable@vger.kernel.org
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/pci/pci.c | 2 ++
1 file changed, 2 insertions(+)
--- a/drivers/pci/pci.c
+++ b/drivers/pci/pci.c
@@ -5815,6 +5815,8 @@ bool pci_device_is_present(struct pci_de
{
u32 v;
+ /* Check PF if pdev is a VF, since VF Vendor/Device IDs are 0xffff */
+ pdev = pci_physfn(pdev);
if (pci_dev_is_disconnected(pdev))
return false;
return pci_bus_read_dev_vendor_id(pdev->bus, pdev->devfn, &v, 0);
^ permalink raw reply [flat|nested] 529+ messages in thread
* [PATCH 4.19 399/521] PCI/sysfs: Fix double free in error path
2023-01-16 15:44 [PATCH 4.19 000/521] 4.19.270-rc1 review Greg Kroah-Hartman
` (397 preceding siblings ...)
2023-01-16 15:51 ` [PATCH 4.19 398/521] PCI: Fix pci_device_is_present() for VFs by checking PF Greg Kroah-Hartman
@ 2023-01-16 15:51 ` Greg Kroah-Hartman
2023-01-16 15:51 ` [PATCH 4.19 400/521] crypto: n2 - add missing hash statesize Greg Kroah-Hartman
` (125 subsequent siblings)
524 siblings, 0 replies; 529+ messages in thread
From: Greg Kroah-Hartman @ 2023-01-16 15:51 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Sascha Hauer, Bjorn Helgaas
From: Sascha Hauer <s.hauer@pengutronix.de>
commit aa382ffa705bea9931ec92b6f3c70e1fdb372195 upstream.
When pci_create_attr() fails, pci_remove_resource_files() is called which
will iterate over the res_attr[_wc] arrays and frees every non NULL entry.
To avoid a double free here set the array entry only after it's clear we
successfully initialized it.
Fixes: b562ec8f74e4 ("PCI: Don't leak memory if sysfs_create_bin_file() fails")
Link: https://lore.kernel.org/r/20221007070735.GX986@pengutronix.de/
Signed-off-by: Sascha Hauer <s.hauer@pengutronix.de>
Signed-off-by: Bjorn Helgaas <bhelgaas@google.com>
Cc: stable@vger.kernel.org
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/pci/pci-sysfs.c | 13 +++++++++----
1 file changed, 9 insertions(+), 4 deletions(-)
--- a/drivers/pci/pci-sysfs.c
+++ b/drivers/pci/pci-sysfs.c
@@ -1289,11 +1289,9 @@ static int pci_create_attr(struct pci_de
sysfs_bin_attr_init(res_attr);
if (write_combine) {
- pdev->res_attr_wc[num] = res_attr;
sprintf(res_attr_name, "resource%d_wc", num);
res_attr->mmap = pci_mmap_resource_wc;
} else {
- pdev->res_attr[num] = res_attr;
sprintf(res_attr_name, "resource%d", num);
if (pci_resource_flags(pdev, num) & IORESOURCE_IO) {
res_attr->read = pci_read_resource_io;
@@ -1309,10 +1307,17 @@ static int pci_create_attr(struct pci_de
res_attr->size = pci_resource_len(pdev, num);
res_attr->private = (void *)(unsigned long)num;
retval = sysfs_create_bin_file(&pdev->dev.kobj, res_attr);
- if (retval)
+ if (retval) {
kfree(res_attr);
+ return retval;
+ }
+
+ if (write_combine)
+ pdev->res_attr_wc[num] = res_attr;
+ else
+ pdev->res_attr[num] = res_attr;
- return retval;
+ return 0;
}
/**
^ permalink raw reply [flat|nested] 529+ messages in thread
* [PATCH 4.19 400/521] crypto: n2 - add missing hash statesize
2023-01-16 15:44 [PATCH 4.19 000/521] 4.19.270-rc1 review Greg Kroah-Hartman
` (398 preceding siblings ...)
2023-01-16 15:51 ` [PATCH 4.19 399/521] PCI/sysfs: Fix double free in error path Greg Kroah-Hartman
@ 2023-01-16 15:51 ` Greg Kroah-Hartman
2023-01-16 15:51 ` [PATCH 4.19 401/521] iommu/amd: Fix ivrs_acpihid cmdline parsing code Greg Kroah-Hartman
` (124 subsequent siblings)
524 siblings, 0 replies; 529+ messages in thread
From: Greg Kroah-Hartman @ 2023-01-16 15:51 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Rolf Eike Beer, Corentin Labbe,
Herbert Xu, stable
From: Corentin Labbe <clabbe@baylibre.com>
commit 76a4e874593543a2dff91d249c95bac728df2774 upstream.
Add missing statesize to hash templates.
This is mandatory otherwise no algorithms can be registered as the core
requires statesize to be set.
CC: stable@kernel.org # 4.3+
Reported-by: Rolf Eike Beer <eike-kernel@sf-tec.de>
Tested-by: Rolf Eike Beer <eike-kernel@sf-tec.de>
Fixes: 0a625fd2abaa ("crypto: n2 - Add Niagara2 crypto driver")
Signed-off-by: Corentin Labbe <clabbe@baylibre.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/crypto/n2_core.c | 6 ++++++
1 file changed, 6 insertions(+)
--- a/drivers/crypto/n2_core.c
+++ b/drivers/crypto/n2_core.c
@@ -1286,6 +1286,7 @@ struct n2_hash_tmpl {
const u32 *hash_init;
u8 hw_op_hashsz;
u8 digest_size;
+ u8 statesize;
u8 block_size;
u8 auth_type;
u8 hmac_type;
@@ -1317,6 +1318,7 @@ static const struct n2_hash_tmpl hash_tm
.hmac_type = AUTH_TYPE_HMAC_MD5,
.hw_op_hashsz = MD5_DIGEST_SIZE,
.digest_size = MD5_DIGEST_SIZE,
+ .statesize = sizeof(struct md5_state),
.block_size = MD5_HMAC_BLOCK_SIZE },
{ .name = "sha1",
.hash_zero = sha1_zero_message_hash,
@@ -1325,6 +1327,7 @@ static const struct n2_hash_tmpl hash_tm
.hmac_type = AUTH_TYPE_HMAC_SHA1,
.hw_op_hashsz = SHA1_DIGEST_SIZE,
.digest_size = SHA1_DIGEST_SIZE,
+ .statesize = sizeof(struct sha1_state),
.block_size = SHA1_BLOCK_SIZE },
{ .name = "sha256",
.hash_zero = sha256_zero_message_hash,
@@ -1333,6 +1336,7 @@ static const struct n2_hash_tmpl hash_tm
.hmac_type = AUTH_TYPE_HMAC_SHA256,
.hw_op_hashsz = SHA256_DIGEST_SIZE,
.digest_size = SHA256_DIGEST_SIZE,
+ .statesize = sizeof(struct sha256_state),
.block_size = SHA256_BLOCK_SIZE },
{ .name = "sha224",
.hash_zero = sha224_zero_message_hash,
@@ -1341,6 +1345,7 @@ static const struct n2_hash_tmpl hash_tm
.hmac_type = AUTH_TYPE_RESERVED,
.hw_op_hashsz = SHA256_DIGEST_SIZE,
.digest_size = SHA224_DIGEST_SIZE,
+ .statesize = sizeof(struct sha256_state),
.block_size = SHA224_BLOCK_SIZE },
};
#define NUM_HASH_TMPLS ARRAY_SIZE(hash_tmpls)
@@ -1482,6 +1487,7 @@ static int __n2_register_one_ahash(const
halg = &ahash->halg;
halg->digestsize = tmpl->digest_size;
+ halg->statesize = tmpl->statesize;
base = &halg->base;
snprintf(base->cra_name, CRYPTO_MAX_ALG_NAME, "%s", tmpl->name);
^ permalink raw reply [flat|nested] 529+ messages in thread
* [PATCH 4.19 401/521] iommu/amd: Fix ivrs_acpihid cmdline parsing code
2023-01-16 15:44 [PATCH 4.19 000/521] 4.19.270-rc1 review Greg Kroah-Hartman
` (399 preceding siblings ...)
2023-01-16 15:51 ` [PATCH 4.19 400/521] crypto: n2 - add missing hash statesize Greg Kroah-Hartman
@ 2023-01-16 15:51 ` Greg Kroah-Hartman
2023-01-16 15:51 ` [PATCH 4.19 402/521] parisc: led: Fix potential null-ptr-deref in start_task() Greg Kroah-Hartman
` (123 subsequent siblings)
524 siblings, 0 replies; 529+ messages in thread
From: Greg Kroah-Hartman @ 2023-01-16 15:51 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Kim Phillips, Suravee Suthikulpanit,
Joerg Roedel
From: Kim Phillips <kim.phillips@amd.com>
commit 5f18e9f8868c6d4eae71678e7ebd4977b7d8c8cf upstream.
The second (UID) strcmp in acpi_dev_hid_uid_match considers
"0" and "00" different, which can prevent device registration.
Have the AMD IOMMU driver's ivrs_acpihid parsing code remove
any leading zeroes to make the UID strcmp succeed. Now users
can safely specify "AMDxxxxx:00" or "AMDxxxxx:0" and expect
the same behaviour.
Fixes: ca3bf5d47cec ("iommu/amd: Introduces ivrs_acpihid kernel parameter")
Signed-off-by: Kim Phillips <kim.phillips@amd.com>
Cc: stable@vger.kernel.org
Cc: Suravee Suthikulpanit <Suravee.Suthikulpanit@amd.com>
Cc: Joerg Roedel <jroedel@suse.de>
Link: https://lore.kernel.org/r/20220919155638.391481-1-kim.phillips@amd.com
Signed-off-by: Joerg Roedel <jroedel@suse.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/iommu/amd_iommu_init.c | 7 +++++++
1 file changed, 7 insertions(+)
--- a/drivers/iommu/amd_iommu_init.c
+++ b/drivers/iommu/amd_iommu_init.c
@@ -2946,6 +2946,13 @@ static int __init parse_ivrs_acpihid(cha
return 1;
}
+ /*
+ * Ignore leading zeroes after ':', so e.g., AMDI0095:00
+ * will match AMDI0095:0 in the second strcmp in acpi_dev_hid_uid_match
+ */
+ while (*uid == '0' && *(uid + 1))
+ uid++;
+
i = early_acpihid_map_size++;
memcpy(early_acpihid_map[i].hid, hid, strlen(hid));
memcpy(early_acpihid_map[i].uid, uid, strlen(uid));
^ permalink raw reply [flat|nested] 529+ messages in thread
* [PATCH 4.19 402/521] parisc: led: Fix potential null-ptr-deref in start_task()
2023-01-16 15:44 [PATCH 4.19 000/521] 4.19.270-rc1 review Greg Kroah-Hartman
` (400 preceding siblings ...)
2023-01-16 15:51 ` [PATCH 4.19 401/521] iommu/amd: Fix ivrs_acpihid cmdline parsing code Greg Kroah-Hartman
@ 2023-01-16 15:51 ` Greg Kroah-Hartman
2023-01-16 15:51 ` [PATCH 4.19 403/521] device_cgroup: Roll back to original exceptions after copy failure Greg Kroah-Hartman
` (122 subsequent siblings)
524 siblings, 0 replies; 529+ messages in thread
From: Greg Kroah-Hartman @ 2023-01-16 15:51 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Shang XiaoJing, Helge Deller
From: Shang XiaoJing <shangxiaojing@huawei.com>
commit 41f563ab3c33698bdfc3403c7c2e6c94e73681e4 upstream.
start_task() calls create_singlethread_workqueue() and not checked the
ret value, which may return NULL. And a null-ptr-deref may happen:
start_task()
create_singlethread_workqueue() # failed, led_wq is NULL
queue_delayed_work()
queue_delayed_work_on()
__queue_delayed_work() # warning here, but continue
__queue_work() # access wq->flags, null-ptr-deref
Check the ret value and return -ENOMEM if it is NULL.
Fixes: 3499495205a6 ("[PARISC] Use work queue in LED/LCD driver instead of tasklet.")
Signed-off-by: Shang XiaoJing <shangxiaojing@huawei.com>
Signed-off-by: Helge Deller <deller@gmx.de>
Cc: <stable@vger.kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/parisc/led.c | 3 +++
1 file changed, 3 insertions(+)
--- a/drivers/parisc/led.c
+++ b/drivers/parisc/led.c
@@ -141,6 +141,9 @@ static int start_task(void)
/* Create the work queue and queue the LED task */
led_wq = create_singlethread_workqueue("led_wq");
+ if (!led_wq)
+ return -ENOMEM;
+
queue_delayed_work(led_wq, &led_task, 0);
return 0;
^ permalink raw reply [flat|nested] 529+ messages in thread
* [PATCH 4.19 403/521] device_cgroup: Roll back to original exceptions after copy failure
2023-01-16 15:44 [PATCH 4.19 000/521] 4.19.270-rc1 review Greg Kroah-Hartman
` (401 preceding siblings ...)
2023-01-16 15:51 ` [PATCH 4.19 402/521] parisc: led: Fix potential null-ptr-deref in start_task() Greg Kroah-Hartman
@ 2023-01-16 15:51 ` Greg Kroah-Hartman
2023-01-16 15:51 ` [PATCH 4.19 404/521] drm/connector: send hotplug uevent on connector cleanup Greg Kroah-Hartman
` (121 subsequent siblings)
524 siblings, 0 replies; 529+ messages in thread
From: Greg Kroah-Hartman @ 2023-01-16 15:51 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Wang Weiyang, Aristeu Rozanski, Paul Moore
From: Wang Weiyang <wangweiyang2@huawei.com>
commit e68bfbd3b3c3a0ec3cf8c230996ad8cabe90322f upstream.
When add the 'a *:* rwm' entry to devcgroup A's whitelist, at first A's
exceptions will be cleaned and A's behavior is changed to
DEVCG_DEFAULT_ALLOW. Then parent's exceptions will be copyed to A's
whitelist. If copy failure occurs, just return leaving A to grant
permissions to all devices. And A may grant more permissions than
parent.
Backup A's whitelist and recover original exceptions after copy
failure.
Cc: stable@vger.kernel.org
Fixes: 4cef7299b478 ("device_cgroup: add proper checking when changing default behavior")
Signed-off-by: Wang Weiyang <wangweiyang2@huawei.com>
Reviewed-by: Aristeu Rozanski <aris@redhat.com>
Signed-off-by: Paul Moore <paul@paul-moore.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
security/device_cgroup.c | 33 +++++++++++++++++++++++++++++----
1 file changed, 29 insertions(+), 4 deletions(-)
--- a/security/device_cgroup.c
+++ b/security/device_cgroup.c
@@ -79,6 +79,17 @@ free_and_exit:
return -ENOMEM;
}
+static void dev_exceptions_move(struct list_head *dest, struct list_head *orig)
+{
+ struct dev_exception_item *ex, *tmp;
+
+ lockdep_assert_held(&devcgroup_mutex);
+
+ list_for_each_entry_safe(ex, tmp, orig, list) {
+ list_move_tail(&ex->list, dest);
+ }
+}
+
/*
* called under devcgroup_mutex
*/
@@ -600,11 +611,13 @@ static int devcgroup_update_access(struc
int count, rc = 0;
struct dev_exception_item ex;
struct dev_cgroup *parent = css_to_devcgroup(devcgroup->css.parent);
+ struct dev_cgroup tmp_devcgrp;
if (!capable(CAP_SYS_ADMIN))
return -EPERM;
memset(&ex, 0, sizeof(ex));
+ memset(&tmp_devcgrp, 0, sizeof(tmp_devcgrp));
b = buffer;
switch (*b) {
@@ -616,15 +629,27 @@ static int devcgroup_update_access(struc
if (!may_allow_all(parent))
return -EPERM;
- dev_exception_clean(devcgroup);
- devcgroup->behavior = DEVCG_DEFAULT_ALLOW;
- if (!parent)
+ if (!parent) {
+ devcgroup->behavior = DEVCG_DEFAULT_ALLOW;
+ dev_exception_clean(devcgroup);
break;
+ }
+ INIT_LIST_HEAD(&tmp_devcgrp.exceptions);
+ rc = dev_exceptions_copy(&tmp_devcgrp.exceptions,
+ &devcgroup->exceptions);
+ if (rc)
+ return rc;
+ dev_exception_clean(devcgroup);
rc = dev_exceptions_copy(&devcgroup->exceptions,
&parent->exceptions);
- if (rc)
+ if (rc) {
+ dev_exceptions_move(&devcgroup->exceptions,
+ &tmp_devcgrp.exceptions);
return rc;
+ }
+ devcgroup->behavior = DEVCG_DEFAULT_ALLOW;
+ dev_exception_clean(&tmp_devcgrp);
break;
case DEVCG_DENY:
if (css_has_online_children(&devcgroup->css))
^ permalink raw reply [flat|nested] 529+ messages in thread
* [PATCH 4.19 404/521] drm/connector: send hotplug uevent on connector cleanup
2023-01-16 15:44 [PATCH 4.19 000/521] 4.19.270-rc1 review Greg Kroah-Hartman
` (402 preceding siblings ...)
2023-01-16 15:51 ` [PATCH 4.19 403/521] device_cgroup: Roll back to original exceptions after copy failure Greg Kroah-Hartman
@ 2023-01-16 15:51 ` Greg Kroah-Hartman
2023-01-16 15:51 ` [PATCH 4.19 405/521] drm/vmwgfx: Validate the box size for the snooped cursor Greg Kroah-Hartman
` (120 subsequent siblings)
524 siblings, 0 replies; 529+ messages in thread
From: Greg Kroah-Hartman @ 2023-01-16 15:51 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Simon Ser, Daniel Vetter,
Lyude Paul, Jonas Ådahl
From: Simon Ser <contact@emersion.fr>
commit 6fdc2d490ea1369d17afd7e6eb66fecc5b7209bc upstream.
A typical DP-MST unplug removes a KMS connector. However care must
be taken to properly synchronize with user-space. The expected
sequence of events is the following:
1. The kernel notices that the DP-MST port is gone.
2. The kernel marks the connector as disconnected, then sends a
uevent to make user-space re-scan the connector list.
3. User-space notices the connector goes from connected to disconnected,
disables it.
4. Kernel handles the IOCTL disabling the connector. On success,
the very last reference to the struct drm_connector is dropped and
drm_connector_cleanup() is called.
5. The connector is removed from the list, and a uevent is sent to tell
user-space that the connector disappeared.
The very last step was missing. As a result, user-space thought the
connector still existed and could try to disable it again. Since the
kernel no longer knows about the connector, that would end up with
EINVAL and confused user-space.
Fix this by sending a hotplug uevent from drm_connector_cleanup().
Signed-off-by: Simon Ser <contact@emersion.fr>
Cc: stable@vger.kernel.org
Cc: Daniel Vetter <daniel.vetter@ffwll.ch>
Cc: Lyude Paul <lyude@redhat.com>
Cc: Jonas Ådahl <jadahl@redhat.com>
Tested-by: Jonas Ådahl <jadahl@redhat.com>
Reviewed-by: Lyude Paul <lyude@redhat.com>
Link: https://patchwork.freedesktop.org/patch/msgid/20221017153150.60675-2-contact@emersion.fr
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/gpu/drm/drm_connector.c | 3 +++
1 file changed, 3 insertions(+)
--- a/drivers/gpu/drm/drm_connector.c
+++ b/drivers/gpu/drm/drm_connector.c
@@ -413,6 +413,9 @@ void drm_connector_cleanup(struct drm_co
mutex_destroy(&connector->mutex);
memset(connector, 0, sizeof(*connector));
+
+ if (dev->registered)
+ drm_sysfs_hotplug_event(dev);
}
EXPORT_SYMBOL(drm_connector_cleanup);
^ permalink raw reply [flat|nested] 529+ messages in thread
* [PATCH 4.19 405/521] drm/vmwgfx: Validate the box size for the snooped cursor
2023-01-16 15:44 [PATCH 4.19 000/521] 4.19.270-rc1 review Greg Kroah-Hartman
` (403 preceding siblings ...)
2023-01-16 15:51 ` [PATCH 4.19 404/521] drm/connector: send hotplug uevent on connector cleanup Greg Kroah-Hartman
@ 2023-01-16 15:51 ` Greg Kroah-Hartman
2023-01-16 15:51 ` [PATCH 4.19 406/521] ext4: add inode table check in __ext4_get_inode_loc to aovid possible infinite loop Greg Kroah-Hartman
` (119 subsequent siblings)
524 siblings, 0 replies; 529+ messages in thread
From: Greg Kroah-Hartman @ 2023-01-16 15:51 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Zack Rusin, Michael Banack, Martin Krastev
From: Zack Rusin <zackr@vmware.com>
commit 4cf949c7fafe21e085a4ee386bb2dade9067316e upstream.
Invalid userspace dma surface copies could potentially overflow
the memcpy from the surface to the snooped image leading to crashes.
To fix it the dimensions of the copybox have to be validated
against the expected size of the snooped cursor.
Signed-off-by: Zack Rusin <zackr@vmware.com>
Fixes: 2ac863719e51 ("vmwgfx: Snoop DMA transfers with non-covering sizes")
Cc: <stable@vger.kernel.org> # v3.2+
Reviewed-by: Michael Banack <banackm@vmware.com>
Reviewed-by: Martin Krastev <krastevm@vmware.com>
Link: https://patchwork.freedesktop.org/patch/msgid/20221026031936.1004280-1-zack@kde.org
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/gpu/drm/vmwgfx/vmwgfx_kms.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
--- a/drivers/gpu/drm/vmwgfx/vmwgfx_kms.c
+++ b/drivers/gpu/drm/vmwgfx/vmwgfx_kms.c
@@ -179,7 +179,8 @@ void vmw_kms_cursor_snoop(struct vmw_sur
if (cmd->dma.guest.ptr.offset % PAGE_SIZE ||
box->x != 0 || box->y != 0 || box->z != 0 ||
box->srcx != 0 || box->srcy != 0 || box->srcz != 0 ||
- box->d != 1 || box_count != 1) {
+ box->d != 1 || box_count != 1 ||
+ box->w > 64 || box->h > 64) {
/* TODO handle none page aligned offsets */
/* TODO handle more dst & src != 0 */
/* TODO handle more then one copy */
^ permalink raw reply [flat|nested] 529+ messages in thread
* [PATCH 4.19 406/521] ext4: add inode table check in __ext4_get_inode_loc to aovid possible infinite loop
2023-01-16 15:44 [PATCH 4.19 000/521] 4.19.270-rc1 review Greg Kroah-Hartman
` (404 preceding siblings ...)
2023-01-16 15:51 ` [PATCH 4.19 405/521] drm/vmwgfx: Validate the box size for the snooped cursor Greg Kroah-Hartman
@ 2023-01-16 15:51 ` Greg Kroah-Hartman
2023-01-16 15:51 ` [PATCH 4.19 407/521] ext4: fix undefined behavior in bit shift for ext4_check_flag_values Greg Kroah-Hartman
` (118 subsequent siblings)
524 siblings, 0 replies; 529+ messages in thread
From: Greg Kroah-Hartman @ 2023-01-16 15:51 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, stable, Baokun Li,
Ritesh Harjani (IBM),
Theodore Tso
From: Baokun Li <libaokun1@huawei.com>
commit eee22187b53611e173161e38f61de1c7ecbeb876 upstream.
In do_writepages, if the value returned by ext4_writepages is "-ENOMEM"
and "wbc->sync_mode == WB_SYNC_ALL", retry until the condition is not met.
In __ext4_get_inode_loc, if the bh returned by sb_getblk is NULL,
the function returns -ENOMEM.
In __getblk_slow, if the return value of grow_buffers is less than 0,
the function returns NULL.
When the three processes are connected in series like the following stack,
an infinite loop may occur:
do_writepages <--- keep retrying
ext4_writepages
mpage_map_and_submit_extent
mpage_map_one_extent
ext4_map_blocks
ext4_ext_map_blocks
ext4_ext_handle_unwritten_extents
ext4_ext_convert_to_initialized
ext4_split_extent
ext4_split_extent_at
__ext4_ext_dirty
__ext4_mark_inode_dirty
ext4_reserve_inode_write
ext4_get_inode_loc
__ext4_get_inode_loc <--- return -ENOMEM
sb_getblk
__getblk_gfp
__getblk_slow <--- return NULL
grow_buffers
grow_dev_page <--- return -ENXIO
ret = (block < end_block) ? 1 : -ENXIO;
In this issue, bg_inode_table_hi is overwritten as an incorrect value.
As a result, `block < end_block` cannot be met in grow_dev_page.
Therefore, __ext4_get_inode_loc always returns '-ENOMEM' and do_writepages
keeps retrying. As a result, the writeback process is in the D state due
to an infinite loop.
Add a check on inode table block in the __ext4_get_inode_loc function by
referring to ext4_read_inode_bitmap to avoid this infinite loop.
Cc: stable@kernel.org
Signed-off-by: Baokun Li <libaokun1@huawei.com>
Reviewed-by: Ritesh Harjani (IBM) <ritesh.list@gmail.com>
Link: https://lore.kernel.org/r/20220817132701.3015912-3-libaokun1@huawei.com
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/ext4/inode.c | 10 +++++++++-
1 file changed, 9 insertions(+), 1 deletion(-)
--- a/fs/ext4/inode.c
+++ b/fs/ext4/inode.c
@@ -4663,9 +4663,17 @@ static int __ext4_get_inode_loc(struct i
inodes_per_block = EXT4_SB(sb)->s_inodes_per_block;
inode_offset = ((inode->i_ino - 1) %
EXT4_INODES_PER_GROUP(sb));
- block = ext4_inode_table(sb, gdp) + (inode_offset / inodes_per_block);
iloc->offset = (inode_offset % inodes_per_block) * EXT4_INODE_SIZE(sb);
+ block = ext4_inode_table(sb, gdp);
+ if ((block <= le32_to_cpu(EXT4_SB(sb)->s_es->s_first_data_block)) ||
+ (block >= ext4_blocks_count(EXT4_SB(sb)->s_es))) {
+ ext4_error(sb, "Invalid inode table block %llu in "
+ "block_group %u", block, iloc->block_group);
+ return -EFSCORRUPTED;
+ }
+ block += (inode_offset / inodes_per_block);
+
bh = sb_getblk(sb, block);
if (unlikely(!bh))
return -ENOMEM;
^ permalink raw reply [flat|nested] 529+ messages in thread
* [PATCH 4.19 407/521] ext4: fix undefined behavior in bit shift for ext4_check_flag_values
2023-01-16 15:44 [PATCH 4.19 000/521] 4.19.270-rc1 review Greg Kroah-Hartman
` (405 preceding siblings ...)
2023-01-16 15:51 ` [PATCH 4.19 406/521] ext4: add inode table check in __ext4_get_inode_loc to aovid possible infinite loop Greg Kroah-Hartman
@ 2023-01-16 15:51 ` Greg Kroah-Hartman
2023-01-16 15:51 ` [PATCH 4.19 408/521] ext4: add helper to check quota inums Greg Kroah-Hartman
` (117 subsequent siblings)
524 siblings, 0 replies; 529+ messages in thread
From: Greg Kroah-Hartman @ 2023-01-16 15:51 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Gaosheng Cui, Theodore Tso, stable
From: Gaosheng Cui <cuigaosheng1@huawei.com>
commit 3bf678a0f9c017c9ba7c581541dbc8453452a7ae upstream.
Shifting signed 32-bit value by 31 bits is undefined, so changing
significant bit to unsigned. The UBSAN warning calltrace like below:
UBSAN: shift-out-of-bounds in fs/ext4/ext4.h:591:2
left shift of 1 by 31 places cannot be represented in type 'int'
Call Trace:
<TASK>
dump_stack_lvl+0x7d/0xa5
dump_stack+0x15/0x1b
ubsan_epilogue+0xe/0x4e
__ubsan_handle_shift_out_of_bounds+0x1e7/0x20c
ext4_init_fs+0x5a/0x277
do_one_initcall+0x76/0x430
kernel_init_freeable+0x3b3/0x422
kernel_init+0x24/0x1e0
ret_from_fork+0x1f/0x30
</TASK>
Fixes: 9a4c80194713 ("ext4: ensure Inode flags consistency are checked at build time")
Signed-off-by: Gaosheng Cui <cuigaosheng1@huawei.com>
Link: https://lore.kernel.org/r/20221031055833.3966222-1-cuigaosheng1@huawei.com
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
Cc: stable@kernel.org
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/ext4/ext4.h | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/fs/ext4/ext4.h
+++ b/fs/ext4/ext4.h
@@ -503,7 +503,7 @@ enum {
*
* It's not paranoia if the Murphy's Law really *is* out to get you. :-)
*/
-#define TEST_FLAG_VALUE(FLAG) (EXT4_##FLAG##_FL == (1 << EXT4_INODE_##FLAG))
+#define TEST_FLAG_VALUE(FLAG) (EXT4_##FLAG##_FL == (1U << EXT4_INODE_##FLAG))
#define CHECK_FLAG_VALUE(FLAG) BUILD_BUG_ON(!TEST_FLAG_VALUE(FLAG))
static inline void ext4_check_flag_values(void)
^ permalink raw reply [flat|nested] 529+ messages in thread
* [PATCH 4.19 408/521] ext4: add helper to check quota inums
2023-01-16 15:44 [PATCH 4.19 000/521] 4.19.270-rc1 review Greg Kroah-Hartman
` (406 preceding siblings ...)
2023-01-16 15:51 ` [PATCH 4.19 407/521] ext4: fix undefined behavior in bit shift for ext4_check_flag_values Greg Kroah-Hartman
@ 2023-01-16 15:51 ` Greg Kroah-Hartman
2023-01-16 15:51 ` [PATCH 4.19 409/521] ext4: fix bug_on in __es_tree_search caused by bad boot loader inode Greg Kroah-Hartman
` (116 subsequent siblings)
524 siblings, 0 replies; 529+ messages in thread
From: Greg Kroah-Hartman @ 2023-01-16 15:51 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Baokun Li, Jason Yan, Jan Kara,
Theodore Tso, stable
From: Baokun Li <libaokun1@huawei.com>
commit 07342ec259df2a35d6a34aebce010567a80a0e15 upstream.
Before quota is enabled, a check on the preset quota inums in
ext4_super_block is added to prevent wrong quota inodes from being loaded.
In addition, when the quota fails to be enabled, the quota type and quota
inum are printed to facilitate fault locating.
Signed-off-by: Baokun Li <libaokun1@huawei.com>
Reviewed-by: Jason Yan <yanaijie@huawei.com>
Reviewed-by: Jan Kara <jack@suse.cz>
Link: https://lore.kernel.org/r/20221026042310.3839669-3-libaokun1@huawei.com
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
Cc: stable@kernel.org
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/ext4/super.c | 28 +++++++++++++++++++++++++---
1 file changed, 25 insertions(+), 3 deletions(-)
--- a/fs/ext4/super.c
+++ b/fs/ext4/super.c
@@ -5839,6 +5839,20 @@ static int ext4_quota_on(struct super_bl
return err;
}
+static inline bool ext4_check_quota_inum(int type, unsigned long qf_inum)
+{
+ switch (type) {
+ case USRQUOTA:
+ return qf_inum == EXT4_USR_QUOTA_INO;
+ case GRPQUOTA:
+ return qf_inum == EXT4_GRP_QUOTA_INO;
+ case PRJQUOTA:
+ return qf_inum >= EXT4_GOOD_OLD_FIRST_INO;
+ default:
+ BUG();
+ }
+}
+
static int ext4_quota_enable(struct super_block *sb, int type, int format_id,
unsigned int flags)
{
@@ -5855,9 +5869,16 @@ static int ext4_quota_enable(struct supe
if (!qf_inums[type])
return -EPERM;
+ if (!ext4_check_quota_inum(type, qf_inums[type])) {
+ ext4_error(sb, "Bad quota inum: %lu, type: %d",
+ qf_inums[type], type);
+ return -EUCLEAN;
+ }
+
qf_inode = ext4_iget(sb, qf_inums[type], EXT4_IGET_SPECIAL);
if (IS_ERR(qf_inode)) {
- ext4_error(sb, "Bad quota inode # %lu", qf_inums[type]);
+ ext4_error(sb, "Bad quota inode: %lu, type: %d",
+ qf_inums[type], type);
return PTR_ERR(qf_inode);
}
@@ -5896,8 +5917,9 @@ static int ext4_enable_quotas(struct sup
if (err) {
ext4_warning(sb,
"Failed to enable quota tracking "
- "(type=%d, err=%d). Please run "
- "e2fsck to fix.", type, err);
+ "(type=%d, err=%d, ino=%lu). "
+ "Please run e2fsck to fix.", type,
+ err, qf_inums[type]);
for (type--; type >= 0; type--) {
struct inode *inode;
^ permalink raw reply [flat|nested] 529+ messages in thread
* [PATCH 4.19 409/521] ext4: fix bug_on in __es_tree_search caused by bad boot loader inode
2023-01-16 15:44 [PATCH 4.19 000/521] 4.19.270-rc1 review Greg Kroah-Hartman
` (407 preceding siblings ...)
2023-01-16 15:51 ` [PATCH 4.19 408/521] ext4: add helper to check quota inums Greg Kroah-Hartman
@ 2023-01-16 15:51 ` Greg Kroah-Hartman
2023-01-16 15:51 ` [PATCH 4.19 410/521] ext4: init quota for old.inode in ext4_rename Greg Kroah-Hartman
` (115 subsequent siblings)
524 siblings, 0 replies; 529+ messages in thread
From: Greg Kroah-Hartman @ 2023-01-16 15:51 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Baokun Li, Jason Yan, Jan Kara,
Theodore Tso, stable
From: Baokun Li <libaokun1@huawei.com>
commit 991ed014de0840c5dc405b679168924afb2952ac upstream.
We got a issue as fllows:
==================================================================
kernel BUG at fs/ext4/extents_status.c:203!
invalid opcode: 0000 [#1] PREEMPT SMP
CPU: 1 PID: 945 Comm: cat Not tainted 6.0.0-next-20221007-dirty #349
RIP: 0010:ext4_es_end.isra.0+0x34/0x42
RSP: 0018:ffffc9000143b768 EFLAGS: 00010203
RAX: 0000000000000000 RBX: ffff8881769cd0b8 RCX: 0000000000000000
RDX: 0000000000000000 RSI: ffffffff8fc27cf7 RDI: 00000000ffffffff
RBP: ffff8881769cd0bc R08: 0000000000000000 R09: ffffc9000143b5f8
R10: 0000000000000001 R11: 0000000000000001 R12: ffff8881769cd0a0
R13: ffff8881768e5668 R14: 00000000768e52f0 R15: 0000000000000000
FS: 00007f359f7f05c0(0000)GS:ffff88842fd00000(0000)knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007f359f5a2000 CR3: 000000017130c000 CR4: 00000000000006e0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
<TASK>
__es_tree_search.isra.0+0x6d/0xf5
ext4_es_cache_extent+0xfa/0x230
ext4_cache_extents+0xd2/0x110
ext4_find_extent+0x5d5/0x8c0
ext4_ext_map_blocks+0x9c/0x1d30
ext4_map_blocks+0x431/0xa50
ext4_mpage_readpages+0x48e/0xe40
ext4_readahead+0x47/0x50
read_pages+0x82/0x530
page_cache_ra_unbounded+0x199/0x2a0
do_page_cache_ra+0x47/0x70
page_cache_ra_order+0x242/0x400
ondemand_readahead+0x1e8/0x4b0
page_cache_sync_ra+0xf4/0x110
filemap_get_pages+0x131/0xb20
filemap_read+0xda/0x4b0
generic_file_read_iter+0x13a/0x250
ext4_file_read_iter+0x59/0x1d0
vfs_read+0x28f/0x460
ksys_read+0x73/0x160
__x64_sys_read+0x1e/0x30
do_syscall_64+0x35/0x80
entry_SYSCALL_64_after_hwframe+0x63/0xcd
</TASK>
==================================================================
In the above issue, ioctl invokes the swap_inode_boot_loader function to
swap inode<5> and inode<12>. However, inode<5> contain incorrect imode and
disordered extents, and i_nlink is set to 1. The extents check for inode in
the ext4_iget function can be bypassed bacause 5 is EXT4_BOOT_LOADER_INO.
While links_count is set to 1, the extents are not initialized in
swap_inode_boot_loader. After the ioctl command is executed successfully,
the extents are swapped to inode<12>, in this case, run the `cat` command
to view inode<12>. And Bug_ON is triggered due to the incorrect extents.
When the boot loader inode is not initialized, its imode can be one of the
following:
1) the imode is a bad type, which is marked as bad_inode in ext4_iget and
set to S_IFREG.
2) the imode is good type but not S_IFREG.
3) the imode is S_IFREG.
The BUG_ON may be triggered by bypassing the check in cases 1 and 2.
Therefore, when the boot loader inode is bad_inode or its imode is not
S_IFREG, initialize the inode to avoid triggering the BUG.
Signed-off-by: Baokun Li <libaokun1@huawei.com>
Reviewed-by: Jason Yan <yanaijie@huawei.com>
Reviewed-by: Jan Kara <jack@suse.cz>
Link: https://lore.kernel.org/r/20221026042310.3839669-5-libaokun1@huawei.com
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
Cc: stable@kernel.org
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/ext4/ioctl.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/fs/ext4/ioctl.c
+++ b/fs/ext4/ioctl.c
@@ -169,7 +169,7 @@ static long swap_inode_boot_loader(struc
/* Protect extent tree against block allocations via delalloc */
ext4_double_down_write_data_sem(inode, inode_bl);
- if (inode_bl->i_nlink == 0) {
+ if (is_bad_inode(inode_bl) || !S_ISREG(inode_bl->i_mode)) {
/* this inode has never been used as a BOOT_LOADER */
set_nlink(inode_bl, 1);
i_uid_write(inode_bl, 0);
^ permalink raw reply [flat|nested] 529+ messages in thread
* [PATCH 4.19 410/521] ext4: init quota for old.inode in ext4_rename
2023-01-16 15:44 [PATCH 4.19 000/521] 4.19.270-rc1 review Greg Kroah-Hartman
` (408 preceding siblings ...)
2023-01-16 15:51 ` [PATCH 4.19 409/521] ext4: fix bug_on in __es_tree_search caused by bad boot loader inode Greg Kroah-Hartman
@ 2023-01-16 15:51 ` Greg Kroah-Hartman
2023-01-16 15:51 ` [PATCH 4.19 411/521] ext4: fix corruption when online resizing a 1K bigalloc fs Greg Kroah-Hartman
` (114 subsequent siblings)
524 siblings, 0 replies; 529+ messages in thread
From: Greg Kroah-Hartman @ 2023-01-16 15:51 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, syzbot+98346927678ac3059c77, Ye Bin,
Jan Kara, Theodore Tso, stable
From: Ye Bin <yebin10@huawei.com>
commit fae381a3d79bb94aa2eb752170d47458d778b797 upstream.
Syzbot found the following issue:
ext4_parse_param: s_want_extra_isize=128
ext4_inode_info_init: s_want_extra_isize=32
ext4_rename: old.inode=ffff88823869a2c8 old.dir=ffff888238699828 new.inode=ffff88823869d7e8 new.dir=ffff888238699828
__ext4_mark_inode_dirty: inode=ffff888238699828 ea_isize=32 want_ea_size=128
__ext4_mark_inode_dirty: inode=ffff88823869a2c8 ea_isize=32 want_ea_size=128
ext4_xattr_block_set: inode=ffff88823869a2c8
------------[ cut here ]------------
WARNING: CPU: 13 PID: 2234 at fs/ext4/xattr.c:2070 ext4_xattr_block_set.cold+0x22/0x980
Modules linked in:
RIP: 0010:ext4_xattr_block_set.cold+0x22/0x980
RSP: 0018:ffff888227d3f3b0 EFLAGS: 00010202
RAX: 0000000000000001 RBX: ffff88823007a000 RCX: 0000000000000000
RDX: 0000000000000a03 RSI: 0000000000000040 RDI: ffff888230078178
RBP: 0000000000000000 R08: 000000000000002c R09: ffffed1075c7df8e
R10: ffff8883ae3efc6b R11: ffffed1075c7df8d R12: 0000000000000000
R13: ffff88823869a2c8 R14: ffff8881012e0460 R15: dffffc0000000000
FS: 00007f350ac1f740(0000) GS:ffff8883ae200000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007f350a6ed6a0 CR3: 0000000237456000 CR4: 00000000000006e0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
<TASK>
? ext4_xattr_set_entry+0x3b7/0x2320
? ext4_xattr_block_set+0x0/0x2020
? ext4_xattr_set_entry+0x0/0x2320
? ext4_xattr_check_entries+0x77/0x310
? ext4_xattr_ibody_set+0x23b/0x340
ext4_xattr_move_to_block+0x594/0x720
ext4_expand_extra_isize_ea+0x59a/0x10f0
__ext4_expand_extra_isize+0x278/0x3f0
__ext4_mark_inode_dirty.cold+0x347/0x410
ext4_rename+0xed3/0x174f
vfs_rename+0x13a7/0x2510
do_renameat2+0x55d/0x920
__x64_sys_rename+0x7d/0xb0
do_syscall_64+0x3b/0xa0
entry_SYSCALL_64_after_hwframe+0x72/0xdc
As 'ext4_rename' will modify 'old.inode' ctime and mark inode dirty,
which may trigger expand 'extra_isize' and allocate block. If inode
didn't init quota will lead to warning. To solve above issue, init
'old.inode' firstly in 'ext4_rename'.
Reported-by: syzbot+98346927678ac3059c77@syzkaller.appspotmail.com
Signed-off-by: Ye Bin <yebin10@huawei.com>
Reviewed-by: Jan Kara <jack@suse.cz>
Link: https://lore.kernel.org/r/20221107015335.2524319-1-yebin@huaweicloud.com
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
Cc: stable@kernel.org
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/ext4/namei.c | 3 +++
1 file changed, 3 insertions(+)
--- a/fs/ext4/namei.c
+++ b/fs/ext4/namei.c
@@ -3870,6 +3870,9 @@ static int ext4_cross_rename(struct inod
retval = dquot_initialize(old.dir);
if (retval)
return retval;
+ retval = dquot_initialize(old.inode);
+ if (retval)
+ return retval;
retval = dquot_initialize(new.dir);
if (retval)
return retval;
^ permalink raw reply [flat|nested] 529+ messages in thread
* [PATCH 4.19 411/521] ext4: fix corruption when online resizing a 1K bigalloc fs
2023-01-16 15:44 [PATCH 4.19 000/521] 4.19.270-rc1 review Greg Kroah-Hartman
` (409 preceding siblings ...)
2023-01-16 15:51 ` [PATCH 4.19 410/521] ext4: init quota for old.inode in ext4_rename Greg Kroah-Hartman
@ 2023-01-16 15:51 ` Greg Kroah-Hartman
2023-01-16 15:51 ` [PATCH 4.19 412/521] ext4: fix error code return to user-space in ext4_get_branch() Greg Kroah-Hartman
` (113 subsequent siblings)
524 siblings, 0 replies; 529+ messages in thread
From: Greg Kroah-Hartman @ 2023-01-16 15:51 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Baokun Li, Jan Kara, stable, Theodore Tso
From: Baokun Li <libaokun1@huawei.com>
commit 0aeaa2559d6d53358fca3e3fce73807367adca74 upstream.
When a backup superblock is updated in update_backups(), the primary
superblock's offset in the group (that is, sbi->s_sbh->b_blocknr) is used
as the backup superblock's offset in its group. However, when the block
size is 1K and bigalloc is enabled, the two offsets are not equal. This
causes the backup group descriptors to be overwritten by the superblock
in update_backups(). Moreover, if meta_bg is enabled, the file system will
be corrupted because this feature uses backup group descriptors.
To solve this issue, we use a more accurate ext4_group_first_block_no() as
the offset of the backup superblock in its group.
Fixes: d77147ff443b ("ext4: add support for online resizing with bigalloc")
Signed-off-by: Baokun Li <libaokun1@huawei.com>
Reviewed-by: Jan Kara <jack@suse.cz>
Cc: stable@kernel.org
Link: https://lore.kernel.org/r/20221117040341.1380702-4-libaokun1@huawei.com
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/ext4/resize.c | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
--- a/fs/ext4/resize.c
+++ b/fs/ext4/resize.c
@@ -1567,8 +1567,8 @@ exit_journal:
int meta_bg = ext4_has_feature_meta_bg(sb);
sector_t old_gdb = 0;
- update_backups(sb, sbi->s_sbh->b_blocknr, (char *)es,
- sizeof(struct ext4_super_block), 0);
+ update_backups(sb, ext4_group_first_block_no(sb, 0),
+ (char *)es, sizeof(struct ext4_super_block), 0);
for (; gdb_num <= gdb_num_end; gdb_num++) {
struct buffer_head *gdb_bh;
@@ -1775,7 +1775,7 @@ errout:
if (test_opt(sb, DEBUG))
printk(KERN_DEBUG "EXT4-fs: extended group to %llu "
"blocks\n", ext4_blocks_count(es));
- update_backups(sb, EXT4_SB(sb)->s_sbh->b_blocknr,
+ update_backups(sb, ext4_group_first_block_no(sb, 0),
(char *)es, sizeof(struct ext4_super_block), 0);
}
return err;
^ permalink raw reply [flat|nested] 529+ messages in thread
* [PATCH 4.19 412/521] ext4: fix error code return to user-space in ext4_get_branch()
2023-01-16 15:44 [PATCH 4.19 000/521] 4.19.270-rc1 review Greg Kroah-Hartman
` (410 preceding siblings ...)
2023-01-16 15:51 ` [PATCH 4.19 411/521] ext4: fix corruption when online resizing a 1K bigalloc fs Greg Kroah-Hartman
@ 2023-01-16 15:51 ` Greg Kroah-Hartman
2023-01-16 15:51 ` [PATCH 4.19 413/521] ext4: avoid BUG_ON when creating xattrs Greg Kroah-Hartman
` (112 subsequent siblings)
524 siblings, 0 replies; 529+ messages in thread
From: Greg Kroah-Hartman @ 2023-01-16 15:51 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Luís Henriques, Theodore Tso, stable
From: Luís Henriques <lhenriques@suse.de>
commit 26d75a16af285a70863ba6a81f85d81e7e65da50 upstream.
If a block is out of range in ext4_get_branch(), -ENOMEM will be returned
to user-space. Obviously, this error code isn't really useful. This
patch fixes it by making sure the right error code (-EFSCORRUPTED) is
propagated to user-space. EUCLEAN is more informative than ENOMEM.
Signed-off-by: Luís Henriques <lhenriques@suse.de>
Link: https://lore.kernel.org/r/20221109181445.17843-1-lhenriques@suse.de
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
Cc: stable@kernel.org
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/ext4/indirect.c | 9 ++++++++-
1 file changed, 8 insertions(+), 1 deletion(-)
--- a/fs/ext4/indirect.c
+++ b/fs/ext4/indirect.c
@@ -148,6 +148,7 @@ static Indirect *ext4_get_branch(struct
struct super_block *sb = inode->i_sb;
Indirect *p = chain;
struct buffer_head *bh;
+ unsigned int key;
int ret = -EIO;
*err = 0;
@@ -156,7 +157,13 @@ static Indirect *ext4_get_branch(struct
if (!p->key)
goto no_block;
while (--depth) {
- bh = sb_getblk(sb, le32_to_cpu(p->key));
+ key = le32_to_cpu(p->key);
+ if (key > ext4_blocks_count(EXT4_SB(sb)->s_es)) {
+ /* the block was out of range */
+ ret = -EFSCORRUPTED;
+ goto failure;
+ }
+ bh = sb_getblk(sb, key);
if (unlikely(!bh)) {
ret = -ENOMEM;
goto failure;
^ permalink raw reply [flat|nested] 529+ messages in thread
* [PATCH 4.19 413/521] ext4: avoid BUG_ON when creating xattrs
2023-01-16 15:44 [PATCH 4.19 000/521] 4.19.270-rc1 review Greg Kroah-Hartman
` (411 preceding siblings ...)
2023-01-16 15:51 ` [PATCH 4.19 412/521] ext4: fix error code return to user-space in ext4_get_branch() Greg Kroah-Hartman
@ 2023-01-16 15:51 ` Greg Kroah-Hartman
2023-01-16 15:51 ` [PATCH 4.19 414/521] ext4: fix inode leak in ext4_xattr_inode_create() on an error path Greg Kroah-Hartman
` (111 subsequent siblings)
524 siblings, 0 replies; 529+ messages in thread
From: Greg Kroah-Hartman @ 2023-01-16 15:51 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Eric Sandeen, Jan Kara,
Theodore Tso, stable
From: Jan Kara <jack@suse.cz>
commit b40ebaf63851b3a401b0dc9263843538f64f5ce6 upstream.
Commit fb0a387dcdcd ("ext4: limit block allocations for indirect-block
files to < 2^32") added code to try to allocate xattr block with 32-bit
block number for indirect block based files on the grounds that these
files cannot use larger block numbers. It also added BUG_ON when
allocated block could not fit into 32 bits. This is however bogus
reasoning because xattr block is stored in inode->i_file_acl and
inode->i_file_acl_hi and as such even indirect block based files can
happily use full 48 bits for xattr block number. The proper handling
seems to be there basically since 64-bit block number support was added.
So remove the bogus limitation and BUG_ON.
Cc: Eric Sandeen <sandeen@redhat.com>
Fixes: fb0a387dcdcd ("ext4: limit block allocations for indirect-block files to < 2^32")
Signed-off-by: Jan Kara <jack@suse.cz>
Link: https://lore.kernel.org/r/20221121130929.32031-1-jack@suse.cz
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
Cc: stable@kernel.org
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/ext4/xattr.c | 8 --------
1 file changed, 8 deletions(-)
--- a/fs/ext4/xattr.c
+++ b/fs/ext4/xattr.c
@@ -2070,19 +2070,11 @@ inserted:
goal = ext4_group_first_block_no(sb,
EXT4_I(inode)->i_block_group);
-
- /* non-extent files can't have physical blocks past 2^32 */
- if (!(ext4_test_inode_flag(inode, EXT4_INODE_EXTENTS)))
- goal = goal & EXT4_MAX_BLOCK_FILE_PHYS;
-
block = ext4_new_meta_blocks(handle, inode, goal, 0,
NULL, &error);
if (error)
goto cleanup;
- if (!(ext4_test_inode_flag(inode, EXT4_INODE_EXTENTS)))
- BUG_ON(block > EXT4_MAX_BLOCK_FILE_PHYS);
-
ea_idebug(inode, "creating block %llu",
(unsigned long long)block);
^ permalink raw reply [flat|nested] 529+ messages in thread
* [PATCH 4.19 414/521] ext4: fix inode leak in ext4_xattr_inode_create() on an error path
2023-01-16 15:44 [PATCH 4.19 000/521] 4.19.270-rc1 review Greg Kroah-Hartman
` (412 preceding siblings ...)
2023-01-16 15:51 ` [PATCH 4.19 413/521] ext4: avoid BUG_ON when creating xattrs Greg Kroah-Hartman
@ 2023-01-16 15:51 ` Greg Kroah-Hartman
2023-01-16 15:51 ` [PATCH 4.19 415/521] ext4: initialize quota before expanding inode in setproject ioctl Greg Kroah-Hartman
` (110 subsequent siblings)
524 siblings, 0 replies; 529+ messages in thread
From: Greg Kroah-Hartman @ 2023-01-16 15:51 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Ye Bin, Jan Kara, Theodore Tso, stable
From: Ye Bin <yebin10@huawei.com>
commit e4db04f7d3dbbe16680e0ded27ea2a65b10f766a upstream.
There is issue as follows when do setxattr with inject fault:
[localhost]# fsck.ext4 -fn /dev/sda
e2fsck 1.46.6-rc1 (12-Sep-2022)
Pass 1: Checking inodes, blocks, and sizes
Pass 2: Checking directory structure
Pass 3: Checking directory connectivity
Pass 4: Checking reference counts
Unattached zero-length inode 15. Clear? no
Unattached inode 15
Connect to /lost+found? no
Pass 5: Checking group summary information
/dev/sda: ********** WARNING: Filesystem still has errors **********
/dev/sda: 15/655360 files (0.0% non-contiguous), 66755/2621440 blocks
This occurs in 'ext4_xattr_inode_create()'. If 'ext4_mark_inode_dirty()'
fails, dropping i_nlink of the inode is needed. Or will lead to inode leak.
Signed-off-by: Ye Bin <yebin10@huawei.com>
Reviewed-by: Jan Kara <jack@suse.cz>
Link: https://lore.kernel.org/r/20221208023233.1231330-5-yebin@huaweicloud.com
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
Cc: stable@kernel.org
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/ext4/xattr.c | 3 +++
1 file changed, 3 insertions(+)
--- a/fs/ext4/xattr.c
+++ b/fs/ext4/xattr.c
@@ -1446,6 +1446,9 @@ static struct inode *ext4_xattr_inode_cr
if (!err)
err = ext4_inode_attach_jinode(ea_inode);
if (err) {
+ if (ext4_xattr_inode_dec_ref(handle, ea_inode))
+ ext4_warning_inode(ea_inode,
+ "cleanup dec ref error %d", err);
iput(ea_inode);
return ERR_PTR(err);
}
^ permalink raw reply [flat|nested] 529+ messages in thread
* [PATCH 4.19 415/521] ext4: initialize quota before expanding inode in setproject ioctl
2023-01-16 15:44 [PATCH 4.19 000/521] 4.19.270-rc1 review Greg Kroah-Hartman
` (413 preceding siblings ...)
2023-01-16 15:51 ` [PATCH 4.19 414/521] ext4: fix inode leak in ext4_xattr_inode_create() on an error path Greg Kroah-Hartman
@ 2023-01-16 15:51 ` Greg Kroah-Hartman
2023-01-16 15:51 ` [PATCH 4.19 416/521] ext4: avoid unaccounted block allocation when expanding inode Greg Kroah-Hartman
` (109 subsequent siblings)
524 siblings, 0 replies; 529+ messages in thread
From: Greg Kroah-Hartman @ 2023-01-16 15:51 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Jan Kara, stable, Theodore Tso
From: Jan Kara <jack@suse.cz>
commit 1485f726c6dec1a1f85438f2962feaa3d585526f upstream.
Make sure we initialize quotas before possibly expanding inode space
(and thus maybe needing to allocate external xattr block) in
ext4_ioctl_setproject(). This prevents not accounting the necessary
block allocation.
Signed-off-by: Jan Kara <jack@suse.cz>
Cc: stable@kernel.org
Link: https://lore.kernel.org/r/20221207115937.26601-1-jack@suse.cz
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/ext4/ioctl.c | 8 ++++----
1 file changed, 4 insertions(+), 4 deletions(-)
--- a/fs/ext4/ioctl.c
+++ b/fs/ext4/ioctl.c
@@ -449,6 +449,10 @@ static int ext4_ioctl_setproject(struct
if (ext4_is_quota_file(inode))
return err;
+ err = dquot_initialize(inode);
+ if (err)
+ return err;
+
err = ext4_get_inode_loc(inode, &iloc);
if (err)
return err;
@@ -464,10 +468,6 @@ static int ext4_ioctl_setproject(struct
brelse(iloc.bh);
}
- err = dquot_initialize(inode);
- if (err)
- return err;
-
handle = ext4_journal_start(inode, EXT4_HT_QUOTA,
EXT4_QUOTA_INIT_BLOCKS(sb) +
EXT4_QUOTA_DEL_BLOCKS(sb) + 3);
^ permalink raw reply [flat|nested] 529+ messages in thread
* [PATCH 4.19 416/521] ext4: avoid unaccounted block allocation when expanding inode
2023-01-16 15:44 [PATCH 4.19 000/521] 4.19.270-rc1 review Greg Kroah-Hartman
` (414 preceding siblings ...)
2023-01-16 15:51 ` [PATCH 4.19 415/521] ext4: initialize quota before expanding inode in setproject ioctl Greg Kroah-Hartman
@ 2023-01-16 15:51 ` Greg Kroah-Hartman
2023-01-16 15:51 ` [PATCH 4.19 417/521] ext4: allocate extended attribute value in vmalloc area Greg Kroah-Hartman
` (108 subsequent siblings)
524 siblings, 0 replies; 529+ messages in thread
From: Greg Kroah-Hartman @ 2023-01-16 15:51 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Pengfei Xu, Jan Kara, stable, Theodore Tso
From: Jan Kara <jack@suse.cz>
commit 8994d11395f8165b3deca1971946f549f0822630 upstream.
When expanding inode space in ext4_expand_extra_isize_ea() we may need
to allocate external xattr block. If quota is not initialized for the
inode, the block allocation will not be accounted into quota usage. Make
sure the quota is initialized before we try to expand inode space.
Reported-by: Pengfei Xu <pengfei.xu@intel.com>
Link: https://lore.kernel.org/all/Y5BT+k6xWqthZc1P@xpf.sh.intel.com
Signed-off-by: Jan Kara <jack@suse.cz>
Cc: stable@kernel.org
Link: https://lore.kernel.org/r/20221207115937.26601-2-jack@suse.cz
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/ext4/inode.c | 8 ++++++++
1 file changed, 8 insertions(+)
--- a/fs/ext4/inode.c
+++ b/fs/ext4/inode.c
@@ -6041,6 +6041,14 @@ static int __ext4_expand_extra_isize(str
return 0;
}
+ /*
+ * We may need to allocate external xattr block so we need quotas
+ * initialized. Here we can be called with various locks held so we
+ * cannot affort to initialize quotas ourselves. So just bail.
+ */
+ if (dquot_initialize_needed(inode))
+ return -EAGAIN;
+
/* try to expand with EAs present */
error = ext4_expand_extra_isize_ea(inode, new_extra_isize,
raw_inode, handle);
^ permalink raw reply [flat|nested] 529+ messages in thread
* [PATCH 4.19 417/521] ext4: allocate extended attribute value in vmalloc area
2023-01-16 15:44 [PATCH 4.19 000/521] 4.19.270-rc1 review Greg Kroah-Hartman
` (415 preceding siblings ...)
2023-01-16 15:51 ` [PATCH 4.19 416/521] ext4: avoid unaccounted block allocation when expanding inode Greg Kroah-Hartman
@ 2023-01-16 15:51 ` Greg Kroah-Hartman
2023-01-16 15:51 ` [PATCH 4.19 418/521] drm/amdgpu: make display pinning more flexible (v2) Greg Kroah-Hartman
` (107 subsequent siblings)
524 siblings, 0 replies; 529+ messages in thread
From: Greg Kroah-Hartman @ 2023-01-16 15:51 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Ye Bin, Jan Kara, Theodore Tso, stable
From: Ye Bin <yebin10@huawei.com>
commit cc12a6f25e07ed05d5825a1664b67a970842b2ca upstream.
Now, extended attribute value maximum length is 64K. The memory
requested here does not need continuous physical addresses, so it is
appropriate to use kvmalloc to request memory. At the same time, it
can also cope with the situation that the extended attribute will
become longer in the future.
Signed-off-by: Ye Bin <yebin10@huawei.com>
Reviewed-by: Jan Kara <jack@suse.cz>
Link: https://lore.kernel.org/r/20221208023233.1231330-3-yebin@huaweicloud.com
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
Cc: stable@kernel.org
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/ext4/xattr.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
--- a/fs/ext4/xattr.c
+++ b/fs/ext4/xattr.c
@@ -2570,7 +2570,7 @@ static int ext4_xattr_move_to_block(hand
is = kzalloc(sizeof(struct ext4_xattr_ibody_find), GFP_NOFS);
bs = kzalloc(sizeof(struct ext4_xattr_block_find), GFP_NOFS);
- buffer = kmalloc(value_size, GFP_NOFS);
+ buffer = kvmalloc(value_size, GFP_NOFS);
b_entry_name = kmalloc(entry->e_name_len + 1, GFP_NOFS);
if (!is || !bs || !buffer || !b_entry_name) {
error = -ENOMEM;
@@ -2622,7 +2622,7 @@ static int ext4_xattr_move_to_block(hand
error = 0;
out:
kfree(b_entry_name);
- kfree(buffer);
+ kvfree(buffer);
if (is)
brelse(is->iloc.bh);
if (bs)
^ permalink raw reply [flat|nested] 529+ messages in thread
* [PATCH 4.19 418/521] drm/amdgpu: make display pinning more flexible (v2)
2023-01-16 15:44 [PATCH 4.19 000/521] 4.19.270-rc1 review Greg Kroah-Hartman
` (416 preceding siblings ...)
2023-01-16 15:51 ` [PATCH 4.19 417/521] ext4: allocate extended attribute value in vmalloc area Greg Kroah-Hartman
@ 2023-01-16 15:51 ` Greg Kroah-Hartman
2023-01-16 15:51 ` [PATCH 4.19 419/521] btrfs: send: avoid unnecessary backref lookups when finding clone source Greg Kroah-Hartman
` (106 subsequent siblings)
524 siblings, 0 replies; 529+ messages in thread
From: Greg Kroah-Hartman @ 2023-01-16 15:51 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Luben Tuikov, Christian König,
Alex Deucher
From: Alex Deucher <alexander.deucher@amd.com>
commit 81d0bcf9900932633d270d5bc4a54ff599c6ebdb upstream.
Only apply the static threshold for Stoney and Carrizo.
This hardware has certain requirements that don't allow
mixing of GTT and VRAM. Newer asics do not have these
requirements so we should be able to be more flexible
with where buffers end up.
Bug: https://gitlab.freedesktop.org/drm/amd/-/issues/2270
Bug: https://gitlab.freedesktop.org/drm/amd/-/issues/2291
Bug: https://gitlab.freedesktop.org/drm/amd/-/issues/2255
Acked-by: Luben Tuikov <luben.tuikov@amd.com>
Reviewed-by: Christian König <christian.koenig@amd.com>
Signed-off-by: Alex Deucher <alexander.deucher@amd.com>
Cc: stable@vger.kernel.org
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/gpu/drm/amd/amdgpu/amdgpu_object.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
--- a/drivers/gpu/drm/amd/amdgpu/amdgpu_object.c
+++ b/drivers/gpu/drm/amd/amdgpu/amdgpu_object.c
@@ -1387,7 +1387,8 @@ u64 amdgpu_bo_gpu_offset(struct amdgpu_b
uint32_t amdgpu_bo_get_preferred_pin_domain(struct amdgpu_device *adev,
uint32_t domain)
{
- if (domain == (AMDGPU_GEM_DOMAIN_VRAM | AMDGPU_GEM_DOMAIN_GTT)) {
+ if ((domain == (AMDGPU_GEM_DOMAIN_VRAM | AMDGPU_GEM_DOMAIN_GTT)) &&
+ ((adev->asic_type == CHIP_CARRIZO) || (adev->asic_type == CHIP_STONEY))) {
domain = AMDGPU_GEM_DOMAIN_VRAM;
if (adev->gmc.real_vram_size <= AMDGPU_SG_THRESHOLD)
domain = AMDGPU_GEM_DOMAIN_GTT;
^ permalink raw reply [flat|nested] 529+ messages in thread
* [PATCH 4.19 419/521] btrfs: send: avoid unnecessary backref lookups when finding clone source
2023-01-16 15:44 [PATCH 4.19 000/521] 4.19.270-rc1 review Greg Kroah-Hartman
` (417 preceding siblings ...)
2023-01-16 15:51 ` [PATCH 4.19 418/521] drm/amdgpu: make display pinning more flexible (v2) Greg Kroah-Hartman
@ 2023-01-16 15:51 ` Greg Kroah-Hartman
2023-01-16 15:51 ` [PATCH 4.19 420/521] btrfs: replace strncpy() with strscpy() Greg Kroah-Hartman
` (105 subsequent siblings)
524 siblings, 0 replies; 529+ messages in thread
From: Greg Kroah-Hartman @ 2023-01-16 15:51 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Filipe Manana, David Sterba, Sasha Levin
From: Filipe Manana <fdmanana@suse.com>
[ Upstream commit 22a3c0ac8ed0043af209a15928ae4c4855b0a4c4 ]
At find_extent_clone(), unless we are given an inline extent, a file
extent item that represents hole or an extent that starts beyond the
i_size, we always do backref walking to look for clone sources, unless
if we have more than SEND_MAX_EXTENT_REFS (64) known references on the
extent.
However if we know we only have one reference in the extent item and only
one clone source (the send root), then it's pointless to do the backref
walking to search for clone sources, as we can't clone from any other
root. So skip the backref walking in that case.
The following test was run on a non-debug kernel (Debian's default kernel
config):
$ cat test.sh
#!/bin/bash
DEV=/dev/sdi
MNT=/mnt/sdi
mkfs.btrfs -f $DEV
mount $DEV $MNT
# Create an extent tree that's not too small and none of the
# extents is shared.
for ((i = 1; i <= 50000; i++)); do
xfs_io -f -c "pwrite 0 4K" $MNT/file_$i > /dev/null
echo -ne "\r$i files created..."
done
echo
btrfs subvolume snapshot -r $MNT $MNT/snap
start=$(date +%s%N)
btrfs send $MNT/snap > /dev/null
end=$(date +%s%N)
dur=$(( (end - start) / 1000000 ))
echo -e "\nsend took $dur milliseconds"
umount $MNT
Before this change:
send took 5389 milliseconds
After this change:
send took 4519 milliseconds (-16.1%)
Signed-off-by: Filipe Manana <fdmanana@suse.com>
Signed-off-by: David Sterba <dsterba@suse.com>
Stable-dep-of: 63d5429f68a3 ("btrfs: replace strncpy() with strscpy()")
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
fs/btrfs/send.c | 11 ++++++++++-
1 file changed, 10 insertions(+), 1 deletion(-)
diff --git a/fs/btrfs/send.c b/fs/btrfs/send.c
index eb2f8e84ffc9..80d248e88761 100644
--- a/fs/btrfs/send.c
+++ b/fs/btrfs/send.c
@@ -1306,6 +1306,7 @@ static int find_extent_clone(struct send_ctx *sctx,
u64 disk_byte;
u64 num_bytes;
u64 extent_item_pos;
+ u64 extent_refs;
u64 flags = 0;
struct btrfs_file_extent_item *fi;
struct extent_buffer *eb = path->nodes[0];
@@ -1373,14 +1374,22 @@ static int find_extent_clone(struct send_ctx *sctx,
ei = btrfs_item_ptr(tmp_path->nodes[0], tmp_path->slots[0],
struct btrfs_extent_item);
+ extent_refs = btrfs_extent_refs(tmp_path->nodes[0], ei);
/*
* Backreference walking (iterate_extent_inodes() below) is currently
* too expensive when an extent has a large number of references, both
* in time spent and used memory. So for now just fallback to write
* operations instead of clone operations when an extent has more than
* a certain amount of references.
+ *
+ * Also, if we have only one reference and only the send root as a clone
+ * source - meaning no clone roots were given in the struct
+ * btrfs_ioctl_send_args passed to the send ioctl - then it's our
+ * reference and there's no point in doing backref walking which is
+ * expensive, so exit early.
*/
- if (btrfs_extent_refs(tmp_path->nodes[0], ei) > SEND_MAX_EXTENT_REFS) {
+ if ((extent_refs == 1 && sctx->clone_roots_cnt == 1) ||
+ extent_refs > SEND_MAX_EXTENT_REFS) {
ret = -ENOENT;
goto out;
}
--
2.35.1
^ permalink raw reply related [flat|nested] 529+ messages in thread
* [PATCH 4.19 420/521] btrfs: replace strncpy() with strscpy()
2023-01-16 15:44 [PATCH 4.19 000/521] 4.19.270-rc1 review Greg Kroah-Hartman
` (418 preceding siblings ...)
2023-01-16 15:51 ` [PATCH 4.19 419/521] btrfs: send: avoid unnecessary backref lookups when finding clone source Greg Kroah-Hartman
@ 2023-01-16 15:51 ` Greg Kroah-Hartman
2023-01-16 15:51 ` [PATCH 4.19 421/521] media: s5p-mfc: Fix to handle reference queue during finishing Greg Kroah-Hartman
` (104 subsequent siblings)
524 siblings, 0 replies; 529+ messages in thread
From: Greg Kroah-Hartman @ 2023-01-16 15:51 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Artem Chernyshev, David Sterba, Sasha Levin
[ Upstream commit 63d5429f68a3d4c4aa27e65a05196c17f86c41d6 ]
Using strncpy() on NUL-terminated strings are deprecated. To avoid
possible forming of non-terminated string strscpy() should be used.
Found by Linux Verification Center (linuxtesting.org) with SVACE.
CC: stable@vger.kernel.org # 4.9+
Signed-off-by: Artem Chernyshev <artem.chernyshev@red-soft.ru>
Reviewed-by: David Sterba <dsterba@suse.com>
Signed-off-by: David Sterba <dsterba@suse.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
fs/btrfs/ioctl.c | 9 +++------
fs/btrfs/rcu-string.h | 6 +++++-
2 files changed, 8 insertions(+), 7 deletions(-)
diff --git a/fs/btrfs/ioctl.c b/fs/btrfs/ioctl.c
index 752b5d265284..4f2513388567 100644
--- a/fs/btrfs/ioctl.c
+++ b/fs/btrfs/ioctl.c
@@ -3234,13 +3234,10 @@ static long btrfs_ioctl_dev_info(struct btrfs_fs_info *fs_info,
di_args->bytes_used = btrfs_device_get_bytes_used(dev);
di_args->total_bytes = btrfs_device_get_total_bytes(dev);
memcpy(di_args->uuid, dev->uuid, sizeof(di_args->uuid));
- if (dev->name) {
- strncpy(di_args->path, rcu_str_deref(dev->name),
- sizeof(di_args->path) - 1);
- di_args->path[sizeof(di_args->path) - 1] = 0;
- } else {
+ if (dev->name)
+ strscpy(di_args->path, rcu_str_deref(dev->name), sizeof(di_args->path));
+ else
di_args->path[0] = '\0';
- }
out:
rcu_read_unlock();
diff --git a/fs/btrfs/rcu-string.h b/fs/btrfs/rcu-string.h
index a97dc74a4d3d..02f15321cecc 100644
--- a/fs/btrfs/rcu-string.h
+++ b/fs/btrfs/rcu-string.h
@@ -18,7 +18,11 @@ static inline struct rcu_string *rcu_string_strdup(const char *src, gfp_t mask)
(len * sizeof(char)), mask);
if (!ret)
return ret;
- strncpy(ret->str, src, len);
+ /* Warn if the source got unexpectedly truncated. */
+ if (WARN_ON(strscpy(ret->str, src, len) < 0)) {
+ kfree(ret);
+ return NULL;
+ }
return ret;
}
--
2.35.1
^ permalink raw reply related [flat|nested] 529+ messages in thread
* [PATCH 4.19 421/521] media: s5p-mfc: Fix to handle reference queue during finishing
2023-01-16 15:44 [PATCH 4.19 000/521] 4.19.270-rc1 review Greg Kroah-Hartman
` (419 preceding siblings ...)
2023-01-16 15:51 ` [PATCH 4.19 420/521] btrfs: replace strncpy() with strscpy() Greg Kroah-Hartman
@ 2023-01-16 15:51 ` Greg Kroah-Hartman
2023-01-16 15:51 ` [PATCH 4.19 422/521] media: s5p-mfc: Clear workbit to handle error condition Greg Kroah-Hartman
` (103 subsequent siblings)
524 siblings, 0 replies; 529+ messages in thread
From: Greg Kroah-Hartman @ 2023-01-16 15:51 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, linux-fsd, Smitha T Murthy,
Hans Verkuil, Sasha Levin
From: Smitha T Murthy <smitha.t@samsung.com>
[ Upstream commit d8a46bc4e1e0446459daa77c4ce14218d32dacf9 ]
On receiving last buffer driver puts MFC to MFCINST_FINISHING state which
in turn skips transferring of frame from SRC to REF queue. This causes
driver to stop MFC encoding and last frame is lost.
This patch guarantees safe handling of frames during MFCINST_FINISHING and
correct clearing of workbit to avoid early stopping of encoding.
Fixes: af9357467810 ("[media] MFC: Add MFC 5.1 V4L2 driver")
Cc: stable@vger.kernel.org
Cc: linux-fsd@tesla.com
Signed-off-by: Smitha T Murthy <smitha.t@samsung.com>
Signed-off-by: Hans Verkuil <hverkuil-cisco@xs4all.nl>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/media/platform/s5p-mfc/s5p_mfc_enc.c | 12 ++++++++++--
1 file changed, 10 insertions(+), 2 deletions(-)
diff --git a/drivers/media/platform/s5p-mfc/s5p_mfc_enc.c b/drivers/media/platform/s5p-mfc/s5p_mfc_enc.c
index 3ad4f5073002..cc8d101eb2b0 100644
--- a/drivers/media/platform/s5p-mfc/s5p_mfc_enc.c
+++ b/drivers/media/platform/s5p-mfc/s5p_mfc_enc.c
@@ -1224,6 +1224,7 @@ static int enc_post_frame_start(struct s5p_mfc_ctx *ctx)
unsigned long mb_y_addr, mb_c_addr;
int slice_type;
unsigned int strm_size;
+ bool src_ready;
slice_type = s5p_mfc_hw_call(dev->mfc_ops, get_enc_slice_type, dev);
strm_size = s5p_mfc_hw_call(dev->mfc_ops, get_enc_strm_size, dev);
@@ -1263,7 +1264,8 @@ static int enc_post_frame_start(struct s5p_mfc_ctx *ctx)
}
}
}
- if ((ctx->src_queue_cnt > 0) && (ctx->state == MFCINST_RUNNING)) {
+ if (ctx->src_queue_cnt > 0 && (ctx->state == MFCINST_RUNNING ||
+ ctx->state == MFCINST_FINISHING)) {
mb_entry = list_entry(ctx->src_queue.next, struct s5p_mfc_buf,
list);
if (mb_entry->flags & MFC_BUF_FLAG_USED) {
@@ -1294,7 +1296,13 @@ static int enc_post_frame_start(struct s5p_mfc_ctx *ctx)
vb2_set_plane_payload(&mb_entry->b->vb2_buf, 0, strm_size);
vb2_buffer_done(&mb_entry->b->vb2_buf, VB2_BUF_STATE_DONE);
}
- if ((ctx->src_queue_cnt == 0) || (ctx->dst_queue_cnt == 0))
+
+ src_ready = true;
+ if (ctx->state == MFCINST_RUNNING && ctx->src_queue_cnt == 0)
+ src_ready = false;
+ if (ctx->state == MFCINST_FINISHING && ctx->ref_queue_cnt == 0)
+ src_ready = false;
+ if (!src_ready || ctx->dst_queue_cnt == 0)
clear_work_bit(ctx);
return 0;
--
2.35.1
^ permalink raw reply related [flat|nested] 529+ messages in thread
* [PATCH 4.19 422/521] media: s5p-mfc: Clear workbit to handle error condition
2023-01-16 15:44 [PATCH 4.19 000/521] 4.19.270-rc1 review Greg Kroah-Hartman
` (420 preceding siblings ...)
2023-01-16 15:51 ` [PATCH 4.19 421/521] media: s5p-mfc: Fix to handle reference queue during finishing Greg Kroah-Hartman
@ 2023-01-16 15:51 ` Greg Kroah-Hartman
2023-01-16 15:51 ` [PATCH 4.19 423/521] media: s5p-mfc: Fix in register read and write for H264 Greg Kroah-Hartman
` (102 subsequent siblings)
524 siblings, 0 replies; 529+ messages in thread
From: Greg Kroah-Hartman @ 2023-01-16 15:51 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, linux-fsd, Smitha T Murthy,
Hans Verkuil, Sasha Levin
From: Smitha T Murthy <smitha.t@samsung.com>
[ Upstream commit d3f3c2fe54e30b0636496d842ffbb5ad3a547f9b ]
During error on CLOSE_INSTANCE command, ctx_work_bits was not getting
cleared. During consequent mfc execution NULL pointer dereferencing of
this context led to kernel panic. This patch fixes this issue by making
sure to clear ctx_work_bits always.
Fixes: 818cd91ab8c6 ("[media] s5p-mfc: Extract open/close MFC instance commands")
Cc: stable@vger.kernel.org
Cc: linux-fsd@tesla.com
Signed-off-by: Smitha T Murthy <smitha.t@samsung.com>
Signed-off-by: Hans Verkuil <hverkuil-cisco@xs4all.nl>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/media/platform/s5p-mfc/s5p_mfc_ctrl.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/drivers/media/platform/s5p-mfc/s5p_mfc_ctrl.c b/drivers/media/platform/s5p-mfc/s5p_mfc_ctrl.c
index ee7b15b335e0..31bbf1cc5388 100644
--- a/drivers/media/platform/s5p-mfc/s5p_mfc_ctrl.c
+++ b/drivers/media/platform/s5p-mfc/s5p_mfc_ctrl.c
@@ -472,8 +472,10 @@ void s5p_mfc_close_mfc_inst(struct s5p_mfc_dev *dev, struct s5p_mfc_ctx *ctx)
s5p_mfc_hw_call(dev->mfc_ops, try_run, dev);
/* Wait until instance is returned or timeout occurred */
if (s5p_mfc_wait_for_done_ctx(ctx,
- S5P_MFC_R2H_CMD_CLOSE_INSTANCE_RET, 0))
+ S5P_MFC_R2H_CMD_CLOSE_INSTANCE_RET, 0)){
+ clear_work_bit_irqsave(ctx);
mfc_err("Err returning instance\n");
+ }
/* Free resources */
s5p_mfc_hw_call(dev->mfc_ops, release_codec_buffers, ctx);
--
2.35.1
^ permalink raw reply related [flat|nested] 529+ messages in thread
* [PATCH 4.19 423/521] media: s5p-mfc: Fix in register read and write for H264
2023-01-16 15:44 [PATCH 4.19 000/521] 4.19.270-rc1 review Greg Kroah-Hartman
` (421 preceding siblings ...)
2023-01-16 15:51 ` [PATCH 4.19 422/521] media: s5p-mfc: Clear workbit to handle error condition Greg Kroah-Hartman
@ 2023-01-16 15:51 ` Greg Kroah-Hartman
2023-01-16 15:51 ` [PATCH 4.19 424/521] dm thin: resume even if in FAIL mode Greg Kroah-Hartman
` (101 subsequent siblings)
524 siblings, 0 replies; 529+ messages in thread
From: Greg Kroah-Hartman @ 2023-01-16 15:51 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, linux-fsd, Smitha T Murthy,
Hans Verkuil, Sasha Levin
From: Smitha T Murthy <smitha.t@samsung.com>
[ Upstream commit 06710cd5d2436135046898d7e4b9408c8bb99446 ]
Few of the H264 encoder registers written were not getting reflected
since the read values were not stored and getting overwritten.
Fixes: 6a9c6f681257 ("[media] s5p-mfc: Add variants to access mfc registers")
Cc: stable@vger.kernel.org
Cc: linux-fsd@tesla.com
Signed-off-by: Smitha T Murthy <smitha.t@samsung.com>
Signed-off-by: Hans Verkuil <hverkuil-cisco@xs4all.nl>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/media/platform/s5p-mfc/s5p_mfc_opr_v6.c | 14 +++++++-------
1 file changed, 7 insertions(+), 7 deletions(-)
diff --git a/drivers/media/platform/s5p-mfc/s5p_mfc_opr_v6.c b/drivers/media/platform/s5p-mfc/s5p_mfc_opr_v6.c
index 7c629be43205..1171b76df036 100644
--- a/drivers/media/platform/s5p-mfc/s5p_mfc_opr_v6.c
+++ b/drivers/media/platform/s5p-mfc/s5p_mfc_opr_v6.c
@@ -1063,7 +1063,7 @@ static int s5p_mfc_set_enc_params_h264(struct s5p_mfc_ctx *ctx)
}
/* aspect ratio VUI */
- readl(mfc_regs->e_h264_options);
+ reg = readl(mfc_regs->e_h264_options);
reg &= ~(0x1 << 5);
reg |= ((p_h264->vui_sar & 0x1) << 5);
writel(reg, mfc_regs->e_h264_options);
@@ -1086,7 +1086,7 @@ static int s5p_mfc_set_enc_params_h264(struct s5p_mfc_ctx *ctx)
/* intra picture period for H.264 open GOP */
/* control */
- readl(mfc_regs->e_h264_options);
+ reg = readl(mfc_regs->e_h264_options);
reg &= ~(0x1 << 4);
reg |= ((p_h264->open_gop & 0x1) << 4);
writel(reg, mfc_regs->e_h264_options);
@@ -1100,23 +1100,23 @@ static int s5p_mfc_set_enc_params_h264(struct s5p_mfc_ctx *ctx)
}
/* 'WEIGHTED_BI_PREDICTION' for B is disable */
- readl(mfc_regs->e_h264_options);
+ reg = readl(mfc_regs->e_h264_options);
reg &= ~(0x3 << 9);
writel(reg, mfc_regs->e_h264_options);
/* 'CONSTRAINED_INTRA_PRED_ENABLE' is disable */
- readl(mfc_regs->e_h264_options);
+ reg = readl(mfc_regs->e_h264_options);
reg &= ~(0x1 << 14);
writel(reg, mfc_regs->e_h264_options);
/* ASO */
- readl(mfc_regs->e_h264_options);
+ reg = readl(mfc_regs->e_h264_options);
reg &= ~(0x1 << 6);
reg |= ((p_h264->aso & 0x1) << 6);
writel(reg, mfc_regs->e_h264_options);
/* hier qp enable */
- readl(mfc_regs->e_h264_options);
+ reg = readl(mfc_regs->e_h264_options);
reg &= ~(0x1 << 8);
reg |= ((p_h264->open_gop & 0x1) << 8);
writel(reg, mfc_regs->e_h264_options);
@@ -1137,7 +1137,7 @@ static int s5p_mfc_set_enc_params_h264(struct s5p_mfc_ctx *ctx)
writel(reg, mfc_regs->e_h264_num_t_layer);
/* frame packing SEI generation */
- readl(mfc_regs->e_h264_options);
+ reg = readl(mfc_regs->e_h264_options);
reg &= ~(0x1 << 25);
reg |= ((p_h264->sei_frame_packing & 0x1) << 25);
writel(reg, mfc_regs->e_h264_options);
--
2.35.1
^ permalink raw reply related [flat|nested] 529+ messages in thread
* [PATCH 4.19 424/521] dm thin: resume even if in FAIL mode
2023-01-16 15:44 [PATCH 4.19 000/521] 4.19.270-rc1 review Greg Kroah-Hartman
` (422 preceding siblings ...)
2023-01-16 15:51 ` [PATCH 4.19 423/521] media: s5p-mfc: Fix in register read and write for H264 Greg Kroah-Hartman
@ 2023-01-16 15:51 ` Greg Kroah-Hartman
2023-01-16 15:51 ` [PATCH 4.19 425/521] perf probe: Use dwarf_attr_integrate as generic DWARF attr accessor Greg Kroah-Hartman
` (100 subsequent siblings)
524 siblings, 0 replies; 529+ messages in thread
From: Greg Kroah-Hartman @ 2023-01-16 15:51 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Luo Meng, Mike Snitzer, Sasha Levin
From: Luo Meng <luomeng12@huawei.com>
[ Upstream commit 19eb1650afeb1aa86151f61900e9e5f1de5d8d02 ]
If a thinpool set fail_io while suspending, resume will fail with:
device-mapper: resume ioctl on vg-thinpool failed: Invalid argument
The thin-pool also can't be removed if an in-flight bio is in the
deferred list.
This can be easily reproduced using:
echo "offline" > /sys/block/sda/device/state
dd if=/dev/zero of=/dev/mapper/thin bs=4K count=1
dmsetup suspend /dev/mapper/pool
mkfs.ext4 /dev/mapper/thin
dmsetup resume /dev/mapper/pool
The root cause is maybe_resize_data_dev() will check fail_io and return
error before called dm_resume.
Fix this by adding FAIL mode check at the end of pool_preresume().
Cc: stable@vger.kernel.org
Fixes: da105ed5fd7e ("dm thin metadata: introduce dm_pool_abort_metadata")
Signed-off-by: Luo Meng <luomeng12@huawei.com>
Signed-off-by: Mike Snitzer <snitzer@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/md/dm-thin.c | 16 ++++++++++++----
1 file changed, 12 insertions(+), 4 deletions(-)
diff --git a/drivers/md/dm-thin.c b/drivers/md/dm-thin.c
index 1916becc20e0..386cb3395378 100644
--- a/drivers/md/dm-thin.c
+++ b/drivers/md/dm-thin.c
@@ -3549,20 +3549,28 @@ static int pool_preresume(struct dm_target *ti)
*/
r = bind_control_target(pool, ti);
if (r)
- return r;
+ goto out;
r = maybe_resize_data_dev(ti, &need_commit1);
if (r)
- return r;
+ goto out;
r = maybe_resize_metadata_dev(ti, &need_commit2);
if (r)
- return r;
+ goto out;
if (need_commit1 || need_commit2)
(void) commit(pool);
+out:
+ /*
+ * When a thin-pool is PM_FAIL, it cannot be rebuilt if
+ * bio is in deferred list. Therefore need to return 0
+ * to allow pool_resume() to flush IO.
+ */
+ if (r && get_pool_mode(pool) == PM_FAIL)
+ r = 0;
- return 0;
+ return r;
}
static void pool_suspend_active_thins(struct pool *pool)
--
2.35.1
^ permalink raw reply related [flat|nested] 529+ messages in thread
* [PATCH 4.19 425/521] perf probe: Use dwarf_attr_integrate as generic DWARF attr accessor
2023-01-16 15:44 [PATCH 4.19 000/521] 4.19.270-rc1 review Greg Kroah-Hartman
` (423 preceding siblings ...)
2023-01-16 15:51 ` [PATCH 4.19 424/521] dm thin: resume even if in FAIL mode Greg Kroah-Hartman
@ 2023-01-16 15:51 ` Greg Kroah-Hartman
2023-01-16 15:51 ` [PATCH 4.19 426/521] perf probe: Fix to get the DW_AT_decl_file and DW_AT_call_file as unsinged data Greg Kroah-Hartman
` (99 subsequent siblings)
524 siblings, 0 replies; 529+ messages in thread
From: Greg Kroah-Hartman @ 2023-01-16 15:51 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Masami Hiramatsu, Namhyung Kim,
Alexander Shishkin, Ingo Molnar, Jiri Olsa, Mark Rutland,
Peter Zijlstra, Steven Rostedt (VMware),
Arnaldo Carvalho de Melo, Sasha Levin
From: Masami Hiramatsu (Google) <mhiramat@kernel.org>
[ Upstream commit f828929ab7f0dc3353e4a617f94f297fa8f3dec3 ]
Use dwarf_attr_integrate() instead of dwarf_attr() for generic attribute
acccessor functions, so that it can find the specified attribute from
abstact origin DIE etc.
Signed-off-by: Masami Hiramatsu <mhiramat@kernel.org>
Acked-by: Namhyung Kim <namhyung@kernel.org>
Cc: Alexander Shishkin <alexander.shishkin@linux.intel.com>
Cc: Ingo Molnar <mingo@redhat.com>
Cc: Jiri Olsa <jolsa@kernel.org>
Cc: Mark Rutland <mark.rutland@arm.com>
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: Steven Rostedt (VMware) <rostedt@goodmis.org>
Link: https://lore.kernel.org/r/166731051988.2100653.13595339994343449770.stgit@devnote3
Signed-off-by: Arnaldo Carvalho de Melo <acme@redhat.com>
Stable-dep-of: a9dfc46c67b5 ("perf probe: Fix to get the DW_AT_decl_file and DW_AT_call_file as unsinged data")
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
tools/perf/util/dwarf-aux.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/tools/perf/util/dwarf-aux.c b/tools/perf/util/dwarf-aux.c
index 230e94bf7775..3b7386527794 100644
--- a/tools/perf/util/dwarf-aux.c
+++ b/tools/perf/util/dwarf-aux.c
@@ -267,7 +267,7 @@ static int die_get_attr_udata(Dwarf_Die *tp_die, unsigned int attr_name,
{
Dwarf_Attribute attr;
- if (dwarf_attr(tp_die, attr_name, &attr) == NULL ||
+ if (dwarf_attr_integrate(tp_die, attr_name, &attr) == NULL ||
dwarf_formudata(&attr, result) != 0)
return -ENOENT;
@@ -280,7 +280,7 @@ static int die_get_attr_sdata(Dwarf_Die *tp_die, unsigned int attr_name,
{
Dwarf_Attribute attr;
- if (dwarf_attr(tp_die, attr_name, &attr) == NULL ||
+ if (dwarf_attr_integrate(tp_die, attr_name, &attr) == NULL ||
dwarf_formsdata(&attr, result) != 0)
return -ENOENT;
--
2.35.1
^ permalink raw reply related [flat|nested] 529+ messages in thread
* [PATCH 4.19 426/521] perf probe: Fix to get the DW_AT_decl_file and DW_AT_call_file as unsinged data
2023-01-16 15:44 [PATCH 4.19 000/521] 4.19.270-rc1 review Greg Kroah-Hartman
` (424 preceding siblings ...)
2023-01-16 15:51 ` [PATCH 4.19 425/521] perf probe: Use dwarf_attr_integrate as generic DWARF attr accessor Greg Kroah-Hartman
@ 2023-01-16 15:51 ` Greg Kroah-Hartman
2023-01-16 15:51 ` [PATCH 4.19 427/521] ravb: Fix "failed to switch device to config mode" message during unbind Greg Kroah-Hartman
` (98 subsequent siblings)
524 siblings, 0 replies; 529+ messages in thread
From: Greg Kroah-Hartman @ 2023-01-16 15:51 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Masami Hiramatsu, Namhyung Kim,
Alexander Shishkin, Ingo Molnar, Jiri Olsa, Mark Rutland,
Masami Hiramatsu, Peter Zijlstra, Steven Rostedt (VMware),
Arnaldo Carvalho de Melo, Sasha Levin
From: Masami Hiramatsu (Google) <mhiramat@kernel.org>
[ Upstream commit a9dfc46c67b52ad43b8e335e28f4cf8002c67793 ]
DWARF version 5 standard Sec 2.14 says that
Any debugging information entry representing the declaration of an object,
module, subprogram or type may have DW_AT_decl_file, DW_AT_decl_line and
DW_AT_decl_column attributes, each of whose value is an unsigned integer
constant.
So it should be an unsigned integer data. Also, even though the standard
doesn't clearly say the DW_AT_call_file is signed or unsigned, the
elfutils (eu-readelf) interprets it as unsigned integer data and it is
natural to handle it as unsigned integer data as same as DW_AT_decl_file.
This changes the DW_AT_call_file as unsigned integer data too.
Fixes: 3f4460a28fb2f73d ("perf probe: Filter out redundant inline-instances")
Signed-off-by: Masami Hiramatsu <mhiramat@kernel.org>
Acked-by: Namhyung Kim <namhyung@kernel.org>
Cc: Alexander Shishkin <alexander.shishkin@linux.intel.com>
Cc: Ingo Molnar <mingo@redhat.com>
Cc: Jiri Olsa <jolsa@kernel.org>
Cc: Mark Rutland <mark.rutland@arm.com>
Cc: Masami Hiramatsu <masami.hiramatsu.pt@hitachi.com>
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: stable@vger.kernel.org
Cc: Steven Rostedt (VMware) <rostedt@goodmis.org>
Link: https://lore.kernel.org/r/166761727445.480106.3738447577082071942.stgit@devnote3
Signed-off-by: Arnaldo Carvalho de Melo <acme@redhat.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
tools/perf/util/dwarf-aux.c | 21 ++++-----------------
1 file changed, 4 insertions(+), 17 deletions(-)
diff --git a/tools/perf/util/dwarf-aux.c b/tools/perf/util/dwarf-aux.c
index 3b7386527794..6de57d9ee7cc 100644
--- a/tools/perf/util/dwarf-aux.c
+++ b/tools/perf/util/dwarf-aux.c
@@ -274,19 +274,6 @@ static int die_get_attr_udata(Dwarf_Die *tp_die, unsigned int attr_name,
return 0;
}
-/* Get attribute and translate it as a sdata */
-static int die_get_attr_sdata(Dwarf_Die *tp_die, unsigned int attr_name,
- Dwarf_Sword *result)
-{
- Dwarf_Attribute attr;
-
- if (dwarf_attr_integrate(tp_die, attr_name, &attr) == NULL ||
- dwarf_formsdata(&attr, result) != 0)
- return -ENOENT;
-
- return 0;
-}
-
/**
* die_is_signed_type - Check whether a type DIE is signed or not
* @tp_die: a DIE of a type
@@ -410,9 +397,9 @@ int die_get_data_member_location(Dwarf_Die *mb_die, Dwarf_Word *offs)
/* Get the call file index number in CU DIE */
static int die_get_call_fileno(Dwarf_Die *in_die)
{
- Dwarf_Sword idx;
+ Dwarf_Word idx;
- if (die_get_attr_sdata(in_die, DW_AT_call_file, &idx) == 0)
+ if (die_get_attr_udata(in_die, DW_AT_call_file, &idx) == 0)
return (int)idx;
else
return -ENOENT;
@@ -421,9 +408,9 @@ static int die_get_call_fileno(Dwarf_Die *in_die)
/* Get the declared file index number in CU DIE */
static int die_get_decl_fileno(Dwarf_Die *pdie)
{
- Dwarf_Sword idx;
+ Dwarf_Word idx;
- if (die_get_attr_sdata(pdie, DW_AT_decl_file, &idx) == 0)
+ if (die_get_attr_udata(pdie, DW_AT_decl_file, &idx) == 0)
return (int)idx;
else
return -ENOENT;
--
2.35.1
^ permalink raw reply related [flat|nested] 529+ messages in thread
* [PATCH 4.19 427/521] ravb: Fix "failed to switch device to config mode" message during unbind
2023-01-16 15:44 [PATCH 4.19 000/521] 4.19.270-rc1 review Greg Kroah-Hartman
` (425 preceding siblings ...)
2023-01-16 15:51 ` [PATCH 4.19 426/521] perf probe: Fix to get the DW_AT_decl_file and DW_AT_call_file as unsinged data Greg Kroah-Hartman
@ 2023-01-16 15:51 ` Greg Kroah-Hartman
2023-01-16 15:51 ` [PATCH 4.19 428/521] riscv: remove unreachable !HAVE_FUNCTION_GRAPH_RET_ADDR_PTR code Greg Kroah-Hartman
` (97 subsequent siblings)
524 siblings, 0 replies; 529+ messages in thread
From: Greg Kroah-Hartman @ 2023-01-16 15:51 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Biju Das, Leon Romanovsky,
Paolo Abeni, Sasha Levin
From: Biju Das <biju.das.jz@bp.renesas.com>
[ Upstream commit c72a7e42592b2e18d862cf120876070947000d7a ]
This patch fixes the error "ravb 11c20000.ethernet eth0: failed to switch
device to config mode" during unbind.
We are doing register access after pm_runtime_put_sync().
We usually do cleanup in reverse order of init. Currently in
remove(), the "pm_runtime_put_sync" is not in reverse order.
Probe
reset_control_deassert(rstc);
pm_runtime_enable(&pdev->dev);
pm_runtime_get_sync(&pdev->dev);
remove
pm_runtime_put_sync(&pdev->dev);
unregister_netdev(ndev);
..
ravb_mdio_release(priv);
pm_runtime_disable(&pdev->dev);
Consider the call to unregister_netdev()
unregister_netdev->unregister_netdevice_queue->rollback_registered_many
that calls the below functions which access the registers after
pm_runtime_put_sync()
1) ravb_get_stats
2) ravb_close
Fixes: c156633f1353 ("Renesas Ethernet AVB driver proper")
Cc: stable@vger.kernel.org
Signed-off-by: Biju Das <biju.das.jz@bp.renesas.com>
Reviewed-by: Leon Romanovsky <leonro@nvidia.com>
Link: https://lore.kernel.org/r/20221214105118.2495313-1-biju.das.jz@bp.renesas.com
Signed-off-by: Paolo Abeni <pabeni@redhat.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/ethernet/renesas/ravb_main.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/net/ethernet/renesas/ravb_main.c b/drivers/net/ethernet/renesas/ravb_main.c
index 9077014f6f40..ff374d0d80a7 100644
--- a/drivers/net/ethernet/renesas/ravb_main.c
+++ b/drivers/net/ethernet/renesas/ravb_main.c
@@ -2199,11 +2199,11 @@ static int ravb_remove(struct platform_device *pdev)
priv->desc_bat_dma);
/* Set reset mode */
ravb_write(ndev, CCC_OPC_RESET, CCC);
- pm_runtime_put_sync(&pdev->dev);
unregister_netdev(ndev);
netif_napi_del(&priv->napi[RAVB_NC]);
netif_napi_del(&priv->napi[RAVB_BE]);
ravb_mdio_release(priv);
+ pm_runtime_put_sync(&pdev->dev);
pm_runtime_disable(&pdev->dev);
free_netdev(ndev);
platform_set_drvdata(pdev, NULL);
--
2.35.1
^ permalink raw reply related [flat|nested] 529+ messages in thread
* [PATCH 4.19 428/521] riscv: remove unreachable !HAVE_FUNCTION_GRAPH_RET_ADDR_PTR code
2023-01-16 15:44 [PATCH 4.19 000/521] 4.19.270-rc1 review Greg Kroah-Hartman
` (426 preceding siblings ...)
2023-01-16 15:51 ` [PATCH 4.19 427/521] ravb: Fix "failed to switch device to config mode" message during unbind Greg Kroah-Hartman
@ 2023-01-16 15:51 ` Greg Kroah-Hartman
2023-01-16 15:51 ` [PATCH 4.19 429/521] riscv/stacktrace: Fix stack output without ra on the stack top Greg Kroah-Hartman
` (96 subsequent siblings)
524 siblings, 0 replies; 529+ messages in thread
From: Greg Kroah-Hartman @ 2023-01-16 15:51 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Christoph Hellwig, Palmer Dabbelt,
Sasha Levin
From: Christoph Hellwig <hch@lst.de>
[ Upstream commit 877425424d6c853b804e6b6a6045a5b4ea97c510 ]
HAVE_FUNCTION_GRAPH_RET_ADDR_PTR is always defined for RISC-V.
Signed-off-by: Christoph Hellwig <hch@lst.de>
Signed-off-by: Palmer Dabbelt <palmer@sifive.com>
Stable-dep-of: 5c3022e4a616 ("riscv: stacktrace: Fixup ftrace_graph_ret_addr retp argument")
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/riscv/kernel/stacktrace.c | 4 ----
1 file changed, 4 deletions(-)
diff --git a/arch/riscv/kernel/stacktrace.c b/arch/riscv/kernel/stacktrace.c
index 74b2168d7298..39cd3cf9f06b 100644
--- a/arch/riscv/kernel/stacktrace.c
+++ b/arch/riscv/kernel/stacktrace.c
@@ -64,12 +64,8 @@ static void notrace walk_stackframe(struct task_struct *task,
frame = (struct stackframe *)fp - 1;
sp = fp;
fp = frame->fp;
-#ifdef HAVE_FUNCTION_GRAPH_RET_ADDR_PTR
pc = ftrace_graph_ret_addr(current, NULL, frame->ra,
(unsigned long *)(fp - 8));
-#else
- pc = frame->ra - 0x4;
-#endif
}
}
--
2.35.1
^ permalink raw reply related [flat|nested] 529+ messages in thread
* [PATCH 4.19 429/521] riscv/stacktrace: Fix stack output without ra on the stack top
2023-01-16 15:44 [PATCH 4.19 000/521] 4.19.270-rc1 review Greg Kroah-Hartman
` (427 preceding siblings ...)
2023-01-16 15:51 ` [PATCH 4.19 428/521] riscv: remove unreachable !HAVE_FUNCTION_GRAPH_RET_ADDR_PTR code Greg Kroah-Hartman
@ 2023-01-16 15:51 ` Greg Kroah-Hartman
2023-01-16 15:51 ` [PATCH 4.19 430/521] riscv: stacktrace: Fixup ftrace_graph_ret_addr retp argument Greg Kroah-Hartman
` (95 subsequent siblings)
524 siblings, 0 replies; 529+ messages in thread
From: Greg Kroah-Hartman @ 2023-01-16 15:51 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Chen Huang, Kefeng Wang,
Palmer Dabbelt, Sasha Levin
From: Chen Huang <chenhuang5@huawei.com>
[ Upstream commit f766f77a74f5784d8d4d3c36b1900731f97d08d0 ]
When a function doesn't have a callee, then it will not
push ra into the stack, such as lkdtm_BUG() function,
addi sp,sp,-16
sd s0,8(sp)
addi s0,sp,16
ebreak
The struct stackframe use {fp,ra} to get information from
stack, if walk_stackframe() with pr_regs, we will obtain
wrong value and bad stacktrace,
[<ffffffe00066c56c>] lkdtm_BUG+0x6/0x8
---[ end trace 18da3fbdf08e25d5 ]---
Correct the next fp and pc, after that, full stacktrace
shown as expects,
[<ffffffe00066c56c>] lkdtm_BUG+0x6/0x8
[<ffffffe0008b24a4>] lkdtm_do_action+0x14/0x1c
[<ffffffe00066c372>] direct_entry+0xc0/0x10a
[<ffffffe000439f86>] full_proxy_write+0x42/0x6a
[<ffffffe000309626>] vfs_write+0x7e/0x214
[<ffffffe00030992a>] ksys_write+0x98/0xc0
[<ffffffe000309960>] sys_write+0xe/0x16
[<ffffffe0002014bc>] ret_from_syscall+0x0/0x2
---[ end trace 61917f3d9a9fadcd ]---
Signed-off-by: Chen Huang <chenhuang5@huawei.com>
Signed-off-by: Kefeng Wang <wangkefeng.wang@huawei.com>
Signed-off-by: Palmer Dabbelt <palmerdabbelt@google.com>
Stable-dep-of: 5c3022e4a616 ("riscv: stacktrace: Fixup ftrace_graph_ret_addr retp argument")
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/riscv/kernel/stacktrace.c | 12 +++++++++---
1 file changed, 9 insertions(+), 3 deletions(-)
diff --git a/arch/riscv/kernel/stacktrace.c b/arch/riscv/kernel/stacktrace.c
index 39cd3cf9f06b..3d1e184e39e9 100644
--- a/arch/riscv/kernel/stacktrace.c
+++ b/arch/riscv/kernel/stacktrace.c
@@ -63,9 +63,15 @@ static void notrace walk_stackframe(struct task_struct *task,
/* Unwind stack frame */
frame = (struct stackframe *)fp - 1;
sp = fp;
- fp = frame->fp;
- pc = ftrace_graph_ret_addr(current, NULL, frame->ra,
- (unsigned long *)(fp - 8));
+ if (regs && (regs->epc == pc) && (frame->fp & 0x7)) {
+ fp = frame->ra;
+ pc = regs->ra;
+ } else {
+ fp = frame->fp;
+ pc = ftrace_graph_ret_addr(current, NULL, frame->ra,
+ (unsigned long *)(fp - 8));
+ }
+
}
}
--
2.35.1
^ permalink raw reply related [flat|nested] 529+ messages in thread
* [PATCH 4.19 430/521] riscv: stacktrace: Fixup ftrace_graph_ret_addr retp argument
2023-01-16 15:44 [PATCH 4.19 000/521] 4.19.270-rc1 review Greg Kroah-Hartman
` (428 preceding siblings ...)
2023-01-16 15:51 ` [PATCH 4.19 429/521] riscv/stacktrace: Fix stack output without ra on the stack top Greg Kroah-Hartman
@ 2023-01-16 15:51 ` Greg Kroah-Hartman
2023-01-16 15:51 ` [PATCH 4.19 431/521] driver core: Set deferred_probe_timeout to a longer default if CONFIG_MODULES is set Greg Kroah-Hartman
` (94 subsequent siblings)
524 siblings, 0 replies; 529+ messages in thread
From: Greg Kroah-Hartman @ 2023-01-16 15:51 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Guo Ren, Guo Ren, Palmer Dabbelt,
Sasha Levin
From: Guo Ren <guoren@linux.alibaba.com>
[ Upstream commit 5c3022e4a616d800cf5f4c3a981d7992179e44a1 ]
The 'retp' is a pointer to the return address on the stack, so we
must pass the current return address pointer as the 'retp'
argument to ftrace_push_return_trace(). Not parent function's
return address on the stack.
Fixes: b785ec129bd9 ("riscv/ftrace: Add HAVE_FUNCTION_GRAPH_RET_ADDR_PTR support")
Signed-off-by: Guo Ren <guoren@linux.alibaba.com>
Signed-off-by: Guo Ren <guoren@kernel.org>
Link: https://lore.kernel.org/r/20221109064937.3643993-2-guoren@kernel.org
Cc: stable@vger.kernel.org
Signed-off-by: Palmer Dabbelt <palmer@rivosinc.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/riscv/kernel/stacktrace.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/arch/riscv/kernel/stacktrace.c b/arch/riscv/kernel/stacktrace.c
index 3d1e184e39e9..75ed5b5b1f9b 100644
--- a/arch/riscv/kernel/stacktrace.c
+++ b/arch/riscv/kernel/stacktrace.c
@@ -69,7 +69,7 @@ static void notrace walk_stackframe(struct task_struct *task,
} else {
fp = frame->fp;
pc = ftrace_graph_ret_addr(current, NULL, frame->ra,
- (unsigned long *)(fp - 8));
+ &frame->ra);
}
}
--
2.35.1
^ permalink raw reply related [flat|nested] 529+ messages in thread
* [PATCH 4.19 431/521] driver core: Set deferred_probe_timeout to a longer default if CONFIG_MODULES is set
2023-01-16 15:44 [PATCH 4.19 000/521] 4.19.270-rc1 review Greg Kroah-Hartman
` (429 preceding siblings ...)
2023-01-16 15:51 ` [PATCH 4.19 430/521] riscv: stacktrace: Fixup ftrace_graph_ret_addr retp argument Greg Kroah-Hartman
@ 2023-01-16 15:51 ` Greg Kroah-Hartman
2023-01-16 15:51 ` [PATCH 4.19 432/521] ext4: goto right label failed_mount3a Greg Kroah-Hartman
` (93 subsequent siblings)
524 siblings, 0 replies; 529+ messages in thread
From: Greg Kroah-Hartman @ 2023-01-16 15:51 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, linux-pm, Linus Walleij,
Thierry Reding, Mark Brown, Liam Girdwood, Bjorn Andersson,
Saravana Kannan, Todd Kjos, Len Brown, Pavel Machek, Ulf Hansson,
Kevin Hilman, Rafael J. Wysocki, Rob Herring, Rafael J. Wysocki,
John Stultz, Sasha Levin
From: John Stultz <john.stultz@linaro.org>
[ Upstream commit e2cec7d6853712295cef5377762165a489b2957f ]
When using modules, its common for the modules not to be loaded
until quite late by userland. With the current code,
driver_deferred_probe_check_state() will stop returning
EPROBE_DEFER after late_initcall, which can cause module
dependency resolution to fail after that.
So allow a longer window of 30 seconds (picked somewhat
arbitrarily, but influenced by the similar regulator core
timeout value) in the case where modules are enabled.
Cc: linux-pm@vger.kernel.org
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Cc: Linus Walleij <linus.walleij@linaro.org>
Cc: Thierry Reding <treding@nvidia.com>
Cc: Mark Brown <broonie@kernel.org>
Cc: Liam Girdwood <lgirdwood@gmail.com>
Cc: Bjorn Andersson <bjorn.andersson@linaro.org>
Cc: Saravana Kannan <saravanak@google.com>
Cc: Todd Kjos <tkjos@google.com>
Cc: Len Brown <len.brown@intel.com>
Cc: Pavel Machek <pavel@ucw.cz>
Cc: Ulf Hansson <ulf.hansson@linaro.org>
Cc: Kevin Hilman <khilman@kernel.org>
Cc: "Rafael J. Wysocki" <rjw@rjwysocki.net>
Cc: Rob Herring <robh@kernel.org>
Reviewed-by: Bjorn Andersson <bjorn.andersson@linaro.org>
Reviewed-by: Rafael J. Wysocki <rafael.j.wysocki@intel.com>
Signed-off-by: John Stultz <john.stultz@linaro.org>
Link: https://lore.kernel.org/r/20200225050828.56458-3-john.stultz@linaro.org
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/base/dd.c | 9 +++++++++
1 file changed, 9 insertions(+)
diff --git a/drivers/base/dd.c b/drivers/base/dd.c
index 63390a416b44..529d324a0f20 100644
--- a/drivers/base/dd.c
+++ b/drivers/base/dd.c
@@ -220,7 +220,16 @@ static int deferred_devs_show(struct seq_file *s, void *data)
}
DEFINE_SHOW_ATTRIBUTE(deferred_devs);
+#ifdef CONFIG_MODULES
+/*
+ * In the case of modules, set the default probe timeout to
+ * 30 seconds to give userland some time to load needed modules
+ */
+static int deferred_probe_timeout = 30;
+#else
+/* In the case of !modules, no probe timeout needed */
static int deferred_probe_timeout = -1;
+#endif
static int __init deferred_probe_timeout_setup(char *str)
{
deferred_probe_timeout = simple_strtol(str, NULL, 10);
--
2.35.1
^ permalink raw reply related [flat|nested] 529+ messages in thread
* [PATCH 4.19 432/521] ext4: goto right label failed_mount3a
2023-01-16 15:44 [PATCH 4.19 000/521] 4.19.270-rc1 review Greg Kroah-Hartman
` (430 preceding siblings ...)
2023-01-16 15:51 ` [PATCH 4.19 431/521] driver core: Set deferred_probe_timeout to a longer default if CONFIG_MODULES is set Greg Kroah-Hartman
@ 2023-01-16 15:51 ` Greg Kroah-Hartman
2023-01-16 15:51 ` [PATCH 4.19 433/521] ext4: correct inconsistent error msg in nojournal mode Greg Kroah-Hartman
` (92 subsequent siblings)
524 siblings, 0 replies; 529+ messages in thread
From: Greg Kroah-Hartman @ 2023-01-16 15:51 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Jason Yan, Jan Kara,
Ritesh Harjani (IBM),
Theodore Tso, Sasha Levin
From: Jason Yan <yanaijie@huawei.com>
[ Upstream commit 43bd6f1b49b61f43de4d4e33661b8dbe8c911f14 ]
Before these two branches neither loaded the journal nor created the
xattr cache. So the right label to goto is 'failed_mount3a'. Although
this did not cause any issues because the error handler validated if the
pointer is null. However this still made me confused when reading
the code. So it's still worth to modify to goto the right label.
Signed-off-by: Jason Yan <yanaijie@huawei.com>
Reviewed-by: Jan Kara <jack@suse.cz>
Reviewed-by: Ritesh Harjani (IBM) <ritesh.list@gmail.com>
Link: https://lore.kernel.org/r/20220916141527.1012715-2-yanaijie@huawei.com
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
Stable-dep-of: 89481b5fa8c0 ("ext4: correct inconsistent error msg in nojournal mode")
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
fs/ext4/super.c | 10 +++++-----
1 file changed, 5 insertions(+), 5 deletions(-)
diff --git a/fs/ext4/super.c b/fs/ext4/super.c
index 796588dc531b..3198c276b434 100644
--- a/fs/ext4/super.c
+++ b/fs/ext4/super.c
@@ -4302,30 +4302,30 @@ static int ext4_fill_super(struct super_block *sb, void *data, int silent)
ext4_has_feature_journal_needs_recovery(sb)) {
ext4_msg(sb, KERN_ERR, "required journal recovery "
"suppressed and not mounted read-only");
- goto failed_mount_wq;
+ goto failed_mount3a;
} else {
/* Nojournal mode, all journal mount options are illegal */
if (test_opt2(sb, EXPLICIT_JOURNAL_CHECKSUM)) {
ext4_msg(sb, KERN_ERR, "can't mount with "
"journal_checksum, fs mounted w/o journal");
- goto failed_mount_wq;
+ goto failed_mount3a;
}
if (test_opt(sb, JOURNAL_ASYNC_COMMIT)) {
ext4_msg(sb, KERN_ERR, "can't mount with "
"journal_async_commit, fs mounted w/o journal");
- goto failed_mount_wq;
+ goto failed_mount3a;
}
if (sbi->s_commit_interval != JBD2_DEFAULT_MAX_COMMIT_AGE*HZ) {
ext4_msg(sb, KERN_ERR, "can't mount with "
"commit=%lu, fs mounted w/o journal",
sbi->s_commit_interval / HZ);
- goto failed_mount_wq;
+ goto failed_mount3a;
}
if (EXT4_MOUNT_DATA_FLAGS &
(sbi->s_mount_opt ^ sbi->s_def_mount_opt)) {
ext4_msg(sb, KERN_ERR, "can't mount with "
"data=, fs mounted w/o journal");
- goto failed_mount_wq;
+ goto failed_mount3a;
}
sbi->s_def_mount_opt &= ~EXT4_MOUNT_JOURNAL_CHECKSUM;
clear_opt(sb, JOURNAL_CHECKSUM);
--
2.35.1
^ permalink raw reply related [flat|nested] 529+ messages in thread
* [PATCH 4.19 433/521] ext4: correct inconsistent error msg in nojournal mode
2023-01-16 15:44 [PATCH 4.19 000/521] 4.19.270-rc1 review Greg Kroah-Hartman
` (431 preceding siblings ...)
2023-01-16 15:51 ` [PATCH 4.19 432/521] ext4: goto right label failed_mount3a Greg Kroah-Hartman
@ 2023-01-16 15:51 ` Greg Kroah-Hartman
2023-01-16 15:51 ` [PATCH 4.19 434/521] ext4: use kmemdup() to replace kmalloc + memcpy Greg Kroah-Hartman
` (91 subsequent siblings)
524 siblings, 0 replies; 529+ messages in thread
From: Greg Kroah-Hartman @ 2023-01-16 15:51 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Baokun Li, Jan Kara, Theodore Tso,
stable, Sasha Levin
From: Baokun Li <libaokun1@huawei.com>
[ Upstream commit 89481b5fa8c0640e62ba84c6020cee895f7ac643 ]
When we used the journal_async_commit mounting option in nojournal mode,
the kernel told me that "can't mount with journal_checksum", was very
confusing. I find that when we mount with journal_async_commit, both the
JOURNAL_ASYNC_COMMIT and EXPLICIT_JOURNAL_CHECKSUM flags are set. However,
in the error branch, CHECKSUM is checked before ASYNC_COMMIT. As a result,
the above inconsistency occurs, and the ASYNC_COMMIT branch becomes dead
code that cannot be executed. Therefore, we exchange the positions of the
two judgments to make the error msg more accurate.
Signed-off-by: Baokun Li <libaokun1@huawei.com>
Reviewed-by: Jan Kara <jack@suse.cz>
Link: https://lore.kernel.org/r/20221109074343.4184862-1-libaokun1@huawei.com
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
Cc: stable@kernel.org
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
fs/ext4/super.c | 9 +++++----
1 file changed, 5 insertions(+), 4 deletions(-)
diff --git a/fs/ext4/super.c b/fs/ext4/super.c
index 3198c276b434..e0d597719133 100644
--- a/fs/ext4/super.c
+++ b/fs/ext4/super.c
@@ -4305,14 +4305,15 @@ static int ext4_fill_super(struct super_block *sb, void *data, int silent)
goto failed_mount3a;
} else {
/* Nojournal mode, all journal mount options are illegal */
- if (test_opt2(sb, EXPLICIT_JOURNAL_CHECKSUM)) {
+ if (test_opt(sb, JOURNAL_ASYNC_COMMIT)) {
ext4_msg(sb, KERN_ERR, "can't mount with "
- "journal_checksum, fs mounted w/o journal");
+ "journal_async_commit, fs mounted w/o journal");
goto failed_mount3a;
}
- if (test_opt(sb, JOURNAL_ASYNC_COMMIT)) {
+
+ if (test_opt2(sb, EXPLICIT_JOURNAL_CHECKSUM)) {
ext4_msg(sb, KERN_ERR, "can't mount with "
- "journal_async_commit, fs mounted w/o journal");
+ "journal_checksum, fs mounted w/o journal");
goto failed_mount3a;
}
if (sbi->s_commit_interval != JBD2_DEFAULT_MAX_COMMIT_AGE*HZ) {
--
2.35.1
^ permalink raw reply related [flat|nested] 529+ messages in thread
* [PATCH 4.19 434/521] ext4: use kmemdup() to replace kmalloc + memcpy
2023-01-16 15:44 [PATCH 4.19 000/521] 4.19.270-rc1 review Greg Kroah-Hartman
` (432 preceding siblings ...)
2023-01-16 15:51 ` [PATCH 4.19 433/521] ext4: correct inconsistent error msg in nojournal mode Greg Kroah-Hartman
@ 2023-01-16 15:51 ` Greg Kroah-Hartman
2023-01-16 15:51 ` [PATCH 4.19 435/521] mbcache: dont reclaim used entries Greg Kroah-Hartman
` (90 subsequent siblings)
524 siblings, 0 replies; 529+ messages in thread
From: Greg Kroah-Hartman @ 2023-01-16 15:51 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Shuqi Zhang, Ritesh Harjani,
Theodore Tso, Sasha Levin
From: Shuqi Zhang <zhangshuqi3@huawei.com>
[ Upstream commit 4efd9f0d120c55b08852ee5605dbb02a77089a5d ]
Replace kmalloc + memcpy with kmemdup()
Signed-off-by: Shuqi Zhang <zhangshuqi3@huawei.com>
Reviewed-by: Ritesh Harjani <ritesh.list@gmail.com>
Link: https://lore.kernel.org/r/20220525030120.803330-1-zhangshuqi3@huawei.com
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
Stable-dep-of: a44e84a9b776 ("ext4: fix deadlock due to mbcache entry corruption")
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
fs/ext4/xattr.c | 3 +--
1 file changed, 1 insertion(+), 2 deletions(-)
diff --git a/fs/ext4/xattr.c b/fs/ext4/xattr.c
index 7195a7ff65a6..959fc3328c3a 100644
--- a/fs/ext4/xattr.c
+++ b/fs/ext4/xattr.c
@@ -1911,11 +1911,10 @@ ext4_xattr_block_set(handle_t *handle, struct inode *inode,
unlock_buffer(bs->bh);
ea_bdebug(bs->bh, "cloning");
- s->base = kmalloc(bs->bh->b_size, GFP_NOFS);
+ s->base = kmemdup(BHDR(bs->bh), bs->bh->b_size, GFP_NOFS);
error = -ENOMEM;
if (s->base == NULL)
goto cleanup;
- memcpy(s->base, BHDR(bs->bh), bs->bh->b_size);
s->first = ENTRY(header(s->base)+1);
header(s->base)->h_refcount = cpu_to_le32(1);
s->here = ENTRY(s->base + offset);
--
2.35.1
^ permalink raw reply related [flat|nested] 529+ messages in thread
* [PATCH 4.19 435/521] mbcache: dont reclaim used entries
2023-01-16 15:44 [PATCH 4.19 000/521] 4.19.270-rc1 review Greg Kroah-Hartman
` (433 preceding siblings ...)
2023-01-16 15:51 ` [PATCH 4.19 434/521] ext4: use kmemdup() to replace kmalloc + memcpy Greg Kroah-Hartman
@ 2023-01-16 15:51 ` Greg Kroah-Hartman
2023-01-16 15:51 ` [PATCH 4.19 436/521] mbcache: add functions to delete entry if unused Greg Kroah-Hartman
` (89 subsequent siblings)
524 siblings, 0 replies; 529+ messages in thread
From: Greg Kroah-Hartman @ 2023-01-16 15:51 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Jan Kara, Theodore Tso, Sasha Levin
From: Jan Kara <jack@suse.cz>
[ Upstream commit 58318914186c157477b978b1739dfe2f1b9dc0fe ]
Do not reclaim entries that are currently used by somebody from a
shrinker. Firstly, these entries are likely useful. Secondly, we will
need to keep such entries to protect pending increment of xattr block
refcount.
CC: stable@vger.kernel.org
Fixes: 82939d7999df ("ext4: convert to mbcache2")
Signed-off-by: Jan Kara <jack@suse.cz>
Link: https://lore.kernel.org/r/20220712105436.32204-1-jack@suse.cz
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
Stable-dep-of: a44e84a9b776 ("ext4: fix deadlock due to mbcache entry corruption")
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
fs/mbcache.c | 10 +++++++++-
1 file changed, 9 insertions(+), 1 deletion(-)
diff --git a/fs/mbcache.c b/fs/mbcache.c
index 081ccf0caee3..12203e5a91e7 100644
--- a/fs/mbcache.c
+++ b/fs/mbcache.c
@@ -287,7 +287,7 @@ static unsigned long mb_cache_shrink(struct mb_cache *cache,
while (nr_to_scan-- && !list_empty(&cache->c_list)) {
entry = list_first_entry(&cache->c_list,
struct mb_cache_entry, e_list);
- if (entry->e_referenced) {
+ if (entry->e_referenced || atomic_read(&entry->e_refcnt) > 2) {
entry->e_referenced = 0;
list_move_tail(&entry->e_list, &cache->c_list);
continue;
@@ -301,6 +301,14 @@ static unsigned long mb_cache_shrink(struct mb_cache *cache,
spin_unlock(&cache->c_list_lock);
head = mb_cache_entry_head(cache, entry->e_key);
hlist_bl_lock(head);
+ /* Now a reliable check if the entry didn't get used... */
+ if (atomic_read(&entry->e_refcnt) > 2) {
+ hlist_bl_unlock(head);
+ spin_lock(&cache->c_list_lock);
+ list_add_tail(&entry->e_list, &cache->c_list);
+ cache->c_entry_count++;
+ continue;
+ }
if (!hlist_bl_unhashed(&entry->e_hash_list)) {
hlist_bl_del_init(&entry->e_hash_list);
atomic_dec(&entry->e_refcnt);
--
2.35.1
^ permalink raw reply related [flat|nested] 529+ messages in thread
* [PATCH 4.19 436/521] mbcache: add functions to delete entry if unused
2023-01-16 15:44 [PATCH 4.19 000/521] 4.19.270-rc1 review Greg Kroah-Hartman
` (434 preceding siblings ...)
2023-01-16 15:51 ` [PATCH 4.19 435/521] mbcache: dont reclaim used entries Greg Kroah-Hartman
@ 2023-01-16 15:51 ` Greg Kroah-Hartman
2023-01-16 15:51 ` [PATCH 4.19 437/521] ext4: remove EA inode entry from mbcache on inode eviction Greg Kroah-Hartman
` (88 subsequent siblings)
524 siblings, 0 replies; 529+ messages in thread
From: Greg Kroah-Hartman @ 2023-01-16 15:51 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Jan Kara, Theodore Tso, Sasha Levin
From: Jan Kara <jack@suse.cz>
[ Upstream commit 3dc96bba65f53daa217f0a8f43edad145286a8f5 ]
Add function mb_cache_entry_delete_or_get() to delete mbcache entry if
it is unused and also add a function to wait for entry to become unused
- mb_cache_entry_wait_unused(). We do not share code between the two
deleting function as one of them will go away soon.
CC: stable@vger.kernel.org
Fixes: 82939d7999df ("ext4: convert to mbcache2")
Signed-off-by: Jan Kara <jack@suse.cz>
Link: https://lore.kernel.org/r/20220712105436.32204-2-jack@suse.cz
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
Stable-dep-of: a44e84a9b776 ("ext4: fix deadlock due to mbcache entry corruption")
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
fs/mbcache.c | 66 +++++++++++++++++++++++++++++++++++++++--
include/linux/mbcache.h | 10 ++++++-
2 files changed, 73 insertions(+), 3 deletions(-)
diff --git a/fs/mbcache.c b/fs/mbcache.c
index 12203e5a91e7..c76030e20d92 100644
--- a/fs/mbcache.c
+++ b/fs/mbcache.c
@@ -10,7 +10,7 @@
/*
* Mbcache is a simple key-value store. Keys need not be unique, however
* key-value pairs are expected to be unique (we use this fact in
- * mb_cache_entry_delete()).
+ * mb_cache_entry_delete_or_get()).
*
* Ext2 and ext4 use this cache for deduplication of extended attribute blocks.
* Ext4 also uses it for deduplication of xattr values stored in inodes.
@@ -124,6 +124,19 @@ void __mb_cache_entry_free(struct mb_cache_entry *entry)
}
EXPORT_SYMBOL(__mb_cache_entry_free);
+/*
+ * mb_cache_entry_wait_unused - wait to be the last user of the entry
+ *
+ * @entry - entry to work on
+ *
+ * Wait to be the last user of the entry.
+ */
+void mb_cache_entry_wait_unused(struct mb_cache_entry *entry)
+{
+ wait_var_event(&entry->e_refcnt, atomic_read(&entry->e_refcnt) <= 3);
+}
+EXPORT_SYMBOL(mb_cache_entry_wait_unused);
+
static struct mb_cache_entry *__entry_find(struct mb_cache *cache,
struct mb_cache_entry *entry,
u32 key)
@@ -216,7 +229,7 @@ struct mb_cache_entry *mb_cache_entry_get(struct mb_cache *cache, u32 key,
}
EXPORT_SYMBOL(mb_cache_entry_get);
-/* mb_cache_entry_delete - remove a cache entry
+/* mb_cache_entry_delete - try to remove a cache entry
* @cache - cache we work with
* @key - key
* @value - value
@@ -253,6 +266,55 @@ void mb_cache_entry_delete(struct mb_cache *cache, u32 key, u64 value)
}
EXPORT_SYMBOL(mb_cache_entry_delete);
+/* mb_cache_entry_delete_or_get - remove a cache entry if it has no users
+ * @cache - cache we work with
+ * @key - key
+ * @value - value
+ *
+ * Remove entry from cache @cache with key @key and value @value. The removal
+ * happens only if the entry is unused. The function returns NULL in case the
+ * entry was successfully removed or there's no entry in cache. Otherwise the
+ * function grabs reference of the entry that we failed to delete because it
+ * still has users and return it.
+ */
+struct mb_cache_entry *mb_cache_entry_delete_or_get(struct mb_cache *cache,
+ u32 key, u64 value)
+{
+ struct hlist_bl_node *node;
+ struct hlist_bl_head *head;
+ struct mb_cache_entry *entry;
+
+ head = mb_cache_entry_head(cache, key);
+ hlist_bl_lock(head);
+ hlist_bl_for_each_entry(entry, node, head, e_hash_list) {
+ if (entry->e_key == key && entry->e_value == value) {
+ if (atomic_read(&entry->e_refcnt) > 2) {
+ atomic_inc(&entry->e_refcnt);
+ hlist_bl_unlock(head);
+ return entry;
+ }
+ /* We keep hash list reference to keep entry alive */
+ hlist_bl_del_init(&entry->e_hash_list);
+ hlist_bl_unlock(head);
+ spin_lock(&cache->c_list_lock);
+ if (!list_empty(&entry->e_list)) {
+ list_del_init(&entry->e_list);
+ if (!WARN_ONCE(cache->c_entry_count == 0,
+ "mbcache: attempt to decrement c_entry_count past zero"))
+ cache->c_entry_count--;
+ atomic_dec(&entry->e_refcnt);
+ }
+ spin_unlock(&cache->c_list_lock);
+ mb_cache_entry_put(cache, entry);
+ return NULL;
+ }
+ }
+ hlist_bl_unlock(head);
+
+ return NULL;
+}
+EXPORT_SYMBOL(mb_cache_entry_delete_or_get);
+
/* mb_cache_entry_touch - cache entry got used
* @cache - cache the entry belongs to
* @entry - entry that got used
diff --git a/include/linux/mbcache.h b/include/linux/mbcache.h
index 20f1e3ff6013..8eca7f25c432 100644
--- a/include/linux/mbcache.h
+++ b/include/linux/mbcache.h
@@ -30,15 +30,23 @@ void mb_cache_destroy(struct mb_cache *cache);
int mb_cache_entry_create(struct mb_cache *cache, gfp_t mask, u32 key,
u64 value, bool reusable);
void __mb_cache_entry_free(struct mb_cache_entry *entry);
+void mb_cache_entry_wait_unused(struct mb_cache_entry *entry);
static inline int mb_cache_entry_put(struct mb_cache *cache,
struct mb_cache_entry *entry)
{
- if (!atomic_dec_and_test(&entry->e_refcnt))
+ unsigned int cnt = atomic_dec_return(&entry->e_refcnt);
+
+ if (cnt > 0) {
+ if (cnt <= 3)
+ wake_up_var(&entry->e_refcnt);
return 0;
+ }
__mb_cache_entry_free(entry);
return 1;
}
+struct mb_cache_entry *mb_cache_entry_delete_or_get(struct mb_cache *cache,
+ u32 key, u64 value);
void mb_cache_entry_delete(struct mb_cache *cache, u32 key, u64 value);
struct mb_cache_entry *mb_cache_entry_get(struct mb_cache *cache, u32 key,
u64 value);
--
2.35.1
^ permalink raw reply related [flat|nested] 529+ messages in thread
* [PATCH 4.19 437/521] ext4: remove EA inode entry from mbcache on inode eviction
2023-01-16 15:44 [PATCH 4.19 000/521] 4.19.270-rc1 review Greg Kroah-Hartman
` (435 preceding siblings ...)
2023-01-16 15:51 ` [PATCH 4.19 436/521] mbcache: add functions to delete entry if unused Greg Kroah-Hartman
@ 2023-01-16 15:51 ` Greg Kroah-Hartman
2023-01-16 15:51 ` [PATCH 4.19 438/521] ext4: unindent codeblock in ext4_xattr_block_set() Greg Kroah-Hartman
` (87 subsequent siblings)
524 siblings, 0 replies; 529+ messages in thread
From: Greg Kroah-Hartman @ 2023-01-16 15:51 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Jan Kara, Theodore Tso, Sasha Levin
From: Jan Kara <jack@suse.cz>
[ Upstream commit 6bc0d63dad7f9f54d381925ee855b402f652fa39 ]
Currently we remove EA inode from mbcache as soon as its xattr refcount
drops to zero. However there can be pending attempts to reuse the inode
and thus refcount handling code has to handle the situation when
refcount increases from zero anyway. So save some work and just keep EA
inode in mbcache until it is getting evicted. At that moment we are sure
following iget() of EA inode will fail anyway (or wait for eviction to
finish and load things from the disk again) and so removing mbcache
entry at that moment is fine and simplifies the code a bit.
CC: stable@vger.kernel.org
Fixes: 82939d7999df ("ext4: convert to mbcache2")
Signed-off-by: Jan Kara <jack@suse.cz>
Link: https://lore.kernel.org/r/20220712105436.32204-3-jack@suse.cz
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
Stable-dep-of: a44e84a9b776 ("ext4: fix deadlock due to mbcache entry corruption")
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
fs/ext4/inode.c | 2 ++
fs/ext4/xattr.c | 24 ++++++++----------------
fs/ext4/xattr.h | 1 +
3 files changed, 11 insertions(+), 16 deletions(-)
diff --git a/fs/ext4/inode.c b/fs/ext4/inode.c
index 2ad0a9540481..b322658ceff1 100644
--- a/fs/ext4/inode.c
+++ b/fs/ext4/inode.c
@@ -207,6 +207,8 @@ void ext4_evict_inode(struct inode *inode)
trace_ext4_evict_inode(inode);
+ if (EXT4_I(inode)->i_flags & EXT4_EA_INODE_FL)
+ ext4_evict_ea_inode(inode);
if (inode->i_nlink) {
/*
* When journalling data dirty buffers are tracked only in the
diff --git a/fs/ext4/xattr.c b/fs/ext4/xattr.c
index 959fc3328c3a..648368b02c79 100644
--- a/fs/ext4/xattr.c
+++ b/fs/ext4/xattr.c
@@ -434,6 +434,14 @@ static int ext4_xattr_inode_iget(struct inode *parent, unsigned long ea_ino,
return err;
}
+/* Remove entry from mbcache when EA inode is getting evicted */
+void ext4_evict_ea_inode(struct inode *inode)
+{
+ if (EA_INODE_CACHE(inode))
+ mb_cache_entry_delete(EA_INODE_CACHE(inode),
+ ext4_xattr_inode_get_hash(inode), inode->i_ino);
+}
+
static int
ext4_xattr_inode_verify_hashes(struct inode *ea_inode,
struct ext4_xattr_entry *entry, void *buffer,
@@ -1019,10 +1027,8 @@ static int ext4_xattr_ensure_credits(handle_t *handle, struct inode *inode,
static int ext4_xattr_inode_update_ref(handle_t *handle, struct inode *ea_inode,
int ref_change)
{
- struct mb_cache *ea_inode_cache = EA_INODE_CACHE(ea_inode);
struct ext4_iloc iloc;
s64 ref_count;
- u32 hash;
int ret;
inode_lock(ea_inode);
@@ -1047,14 +1053,6 @@ static int ext4_xattr_inode_update_ref(handle_t *handle, struct inode *ea_inode,
set_nlink(ea_inode, 1);
ext4_orphan_del(handle, ea_inode);
-
- if (ea_inode_cache) {
- hash = ext4_xattr_inode_get_hash(ea_inode);
- mb_cache_entry_create(ea_inode_cache,
- GFP_NOFS, hash,
- ea_inode->i_ino,
- true /* reusable */);
- }
}
} else {
WARN_ONCE(ref_count < 0, "EA inode %lu ref_count=%lld",
@@ -1067,12 +1065,6 @@ static int ext4_xattr_inode_update_ref(handle_t *handle, struct inode *ea_inode,
clear_nlink(ea_inode);
ext4_orphan_add(handle, ea_inode);
-
- if (ea_inode_cache) {
- hash = ext4_xattr_inode_get_hash(ea_inode);
- mb_cache_entry_delete(ea_inode_cache, hash,
- ea_inode->i_ino);
- }
}
}
diff --git a/fs/ext4/xattr.h b/fs/ext4/xattr.h
index 990084e00374..231ef308d10c 100644
--- a/fs/ext4/xattr.h
+++ b/fs/ext4/xattr.h
@@ -190,6 +190,7 @@ extern void ext4_xattr_inode_array_free(struct ext4_xattr_inode_array *array);
extern int ext4_expand_extra_isize_ea(struct inode *inode, int new_extra_isize,
struct ext4_inode *raw_inode, handle_t *handle);
+extern void ext4_evict_ea_inode(struct inode *inode);
extern const struct xattr_handler *ext4_xattr_handlers[];
--
2.35.1
^ permalink raw reply related [flat|nested] 529+ messages in thread
* [PATCH 4.19 438/521] ext4: unindent codeblock in ext4_xattr_block_set()
2023-01-16 15:44 [PATCH 4.19 000/521] 4.19.270-rc1 review Greg Kroah-Hartman
` (436 preceding siblings ...)
2023-01-16 15:51 ` [PATCH 4.19 437/521] ext4: remove EA inode entry from mbcache on inode eviction Greg Kroah-Hartman
@ 2023-01-16 15:51 ` Greg Kroah-Hartman
2023-01-16 15:51 ` [PATCH 4.19 439/521] ext4: fix race when reusing xattr blocks Greg Kroah-Hartman
` (86 subsequent siblings)
524 siblings, 0 replies; 529+ messages in thread
From: Greg Kroah-Hartman @ 2023-01-16 15:51 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Jan Kara, Theodore Tso, Sasha Levin
From: Jan Kara <jack@suse.cz>
[ Upstream commit fd48e9acdf26d0cbd80051de07d4a735d05d29b2 ]
Remove unnecessary else (and thus indentation level) from a code block
in ext4_xattr_block_set(). It will also make following code changes
easier. No functional changes.
CC: stable@vger.kernel.org
Fixes: 82939d7999df ("ext4: convert to mbcache2")
Signed-off-by: Jan Kara <jack@suse.cz>
Link: https://lore.kernel.org/r/20220712105436.32204-4-jack@suse.cz
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
Stable-dep-of: a44e84a9b776 ("ext4: fix deadlock due to mbcache entry corruption")
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
fs/ext4/xattr.c | 77 ++++++++++++++++++++++++-------------------------
1 file changed, 38 insertions(+), 39 deletions(-)
diff --git a/fs/ext4/xattr.c b/fs/ext4/xattr.c
index 648368b02c79..c23d7d68d7a1 100644
--- a/fs/ext4/xattr.c
+++ b/fs/ext4/xattr.c
@@ -1867,6 +1867,8 @@ ext4_xattr_block_set(handle_t *handle, struct inode *inode,
#define header(x) ((struct ext4_xattr_header *)(x))
if (s->base) {
+ int offset = (char *)s->here - bs->bh->b_data;
+
BUFFER_TRACE(bs->bh, "get_write_access");
error = ext4_journal_get_write_access(handle, bs->bh);
if (error)
@@ -1898,49 +1900,46 @@ ext4_xattr_block_set(handle_t *handle, struct inode *inode,
if (error)
goto cleanup;
goto inserted;
- } else {
- int offset = (char *)s->here - bs->bh->b_data;
+ }
+ unlock_buffer(bs->bh);
+ ea_bdebug(bs->bh, "cloning");
+ s->base = kmemdup(BHDR(bs->bh), bs->bh->b_size, GFP_NOFS);
+ error = -ENOMEM;
+ if (s->base == NULL)
+ goto cleanup;
+ s->first = ENTRY(header(s->base)+1);
+ header(s->base)->h_refcount = cpu_to_le32(1);
+ s->here = ENTRY(s->base + offset);
+ s->end = s->base + bs->bh->b_size;
- unlock_buffer(bs->bh);
- ea_bdebug(bs->bh, "cloning");
- s->base = kmemdup(BHDR(bs->bh), bs->bh->b_size, GFP_NOFS);
- error = -ENOMEM;
- if (s->base == NULL)
+ /*
+ * If existing entry points to an xattr inode, we need
+ * to prevent ext4_xattr_set_entry() from decrementing
+ * ref count on it because the reference belongs to the
+ * original block. In this case, make the entry look
+ * like it has an empty value.
+ */
+ if (!s->not_found && s->here->e_value_inum) {
+ ea_ino = le32_to_cpu(s->here->e_value_inum);
+ error = ext4_xattr_inode_iget(inode, ea_ino,
+ le32_to_cpu(s->here->e_hash),
+ &tmp_inode);
+ if (error)
goto cleanup;
- s->first = ENTRY(header(s->base)+1);
- header(s->base)->h_refcount = cpu_to_le32(1);
- s->here = ENTRY(s->base + offset);
- s->end = s->base + bs->bh->b_size;
- /*
- * If existing entry points to an xattr inode, we need
- * to prevent ext4_xattr_set_entry() from decrementing
- * ref count on it because the reference belongs to the
- * original block. In this case, make the entry look
- * like it has an empty value.
- */
- if (!s->not_found && s->here->e_value_inum) {
- ea_ino = le32_to_cpu(s->here->e_value_inum);
- error = ext4_xattr_inode_iget(inode, ea_ino,
- le32_to_cpu(s->here->e_hash),
- &tmp_inode);
- if (error)
- goto cleanup;
-
- if (!ext4_test_inode_state(tmp_inode,
- EXT4_STATE_LUSTRE_EA_INODE)) {
- /*
- * Defer quota free call for previous
- * inode until success is guaranteed.
- */
- old_ea_inode_quota = le32_to_cpu(
- s->here->e_value_size);
- }
- iput(tmp_inode);
-
- s->here->e_value_inum = 0;
- s->here->e_value_size = 0;
+ if (!ext4_test_inode_state(tmp_inode,
+ EXT4_STATE_LUSTRE_EA_INODE)) {
+ /*
+ * Defer quota free call for previous
+ * inode until success is guaranteed.
+ */
+ old_ea_inode_quota = le32_to_cpu(
+ s->here->e_value_size);
}
+ iput(tmp_inode);
+
+ s->here->e_value_inum = 0;
+ s->here->e_value_size = 0;
}
} else {
/* Allocate a buffer where we construct the new block. */
--
2.35.1
^ permalink raw reply related [flat|nested] 529+ messages in thread
* [PATCH 4.19 439/521] ext4: fix race when reusing xattr blocks
2023-01-16 15:44 [PATCH 4.19 000/521] 4.19.270-rc1 review Greg Kroah-Hartman
` (437 preceding siblings ...)
2023-01-16 15:51 ` [PATCH 4.19 438/521] ext4: unindent codeblock in ext4_xattr_block_set() Greg Kroah-Hartman
@ 2023-01-16 15:51 ` Greg Kroah-Hartman
2023-01-16 15:51 ` [PATCH 4.19 440/521] mbcache: automatically delete entries from cache on freeing Greg Kroah-Hartman
` (85 subsequent siblings)
524 siblings, 0 replies; 529+ messages in thread
From: Greg Kroah-Hartman @ 2023-01-16 15:51 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Jan Kara, Theodore Tso, Sasha Levin,
Ritesh Harjani
From: Jan Kara <jack@suse.cz>
[ Upstream commit 65f8b80053a1b2fd602daa6814e62d6fa90e5e9b ]
When ext4_xattr_block_set() decides to remove xattr block the following
race can happen:
CPU1 CPU2
ext4_xattr_block_set() ext4_xattr_release_block()
new_bh = ext4_xattr_block_cache_find()
lock_buffer(bh);
ref = le32_to_cpu(BHDR(bh)->h_refcount);
if (ref == 1) {
...
mb_cache_entry_delete();
unlock_buffer(bh);
ext4_free_blocks();
...
ext4_forget(..., bh, ...);
jbd2_journal_revoke(..., bh);
ext4_journal_get_write_access(..., new_bh, ...)
do_get_write_access()
jbd2_journal_cancel_revoke(..., new_bh);
Later the code in ext4_xattr_block_set() finds out the block got freed
and cancels reusal of the block but the revoke stays canceled and so in
case of block reuse and journal replay the filesystem can get corrupted.
If the race works out slightly differently, we can also hit assertions
in the jbd2 code.
Fix the problem by making sure that once matching mbcache entry is
found, code dropping the last xattr block reference (or trying to modify
xattr block in place) waits until the mbcache entry reference is
dropped. This way code trying to reuse xattr block is protected from
someone trying to drop the last reference to xattr block.
Reported-and-tested-by: Ritesh Harjani <ritesh.list@gmail.com>
CC: stable@vger.kernel.org
Fixes: 82939d7999df ("ext4: convert to mbcache2")
Signed-off-by: Jan Kara <jack@suse.cz>
Link: https://lore.kernel.org/r/20220712105436.32204-5-jack@suse.cz
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
Stable-dep-of: a44e84a9b776 ("ext4: fix deadlock due to mbcache entry corruption")
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
fs/ext4/xattr.c | 67 +++++++++++++++++++++++++++++++++----------------
1 file changed, 45 insertions(+), 22 deletions(-)
diff --git a/fs/ext4/xattr.c b/fs/ext4/xattr.c
index c23d7d68d7a1..f759ab8c1a68 100644
--- a/fs/ext4/xattr.c
+++ b/fs/ext4/xattr.c
@@ -437,9 +437,16 @@ static int ext4_xattr_inode_iget(struct inode *parent, unsigned long ea_ino,
/* Remove entry from mbcache when EA inode is getting evicted */
void ext4_evict_ea_inode(struct inode *inode)
{
- if (EA_INODE_CACHE(inode))
- mb_cache_entry_delete(EA_INODE_CACHE(inode),
- ext4_xattr_inode_get_hash(inode), inode->i_ino);
+ struct mb_cache_entry *oe;
+
+ if (!EA_INODE_CACHE(inode))
+ return;
+ /* Wait for entry to get unused so that we can remove it */
+ while ((oe = mb_cache_entry_delete_or_get(EA_INODE_CACHE(inode),
+ ext4_xattr_inode_get_hash(inode), inode->i_ino))) {
+ mb_cache_entry_wait_unused(oe);
+ mb_cache_entry_put(EA_INODE_CACHE(inode), oe);
+ }
}
static int
@@ -1245,6 +1252,7 @@ ext4_xattr_release_block(handle_t *handle, struct inode *inode,
if (error)
goto out;
+retry_ref:
lock_buffer(bh);
hash = le32_to_cpu(BHDR(bh)->h_hash);
ref = le32_to_cpu(BHDR(bh)->h_refcount);
@@ -1254,9 +1262,18 @@ ext4_xattr_release_block(handle_t *handle, struct inode *inode,
* This must happen under buffer lock for
* ext4_xattr_block_set() to reliably detect freed block
*/
- if (ea_block_cache)
- mb_cache_entry_delete(ea_block_cache, hash,
- bh->b_blocknr);
+ if (ea_block_cache) {
+ struct mb_cache_entry *oe;
+
+ oe = mb_cache_entry_delete_or_get(ea_block_cache, hash,
+ bh->b_blocknr);
+ if (oe) {
+ unlock_buffer(bh);
+ mb_cache_entry_wait_unused(oe);
+ mb_cache_entry_put(ea_block_cache, oe);
+ goto retry_ref;
+ }
+ }
get_bh(bh);
unlock_buffer(bh);
@@ -1883,9 +1900,20 @@ ext4_xattr_block_set(handle_t *handle, struct inode *inode,
* ext4_xattr_block_set() to reliably detect modified
* block
*/
- if (ea_block_cache)
- mb_cache_entry_delete(ea_block_cache, hash,
- bs->bh->b_blocknr);
+ if (ea_block_cache) {
+ struct mb_cache_entry *oe;
+
+ oe = mb_cache_entry_delete_or_get(ea_block_cache,
+ hash, bs->bh->b_blocknr);
+ if (oe) {
+ /*
+ * Xattr block is getting reused. Leave
+ * it alone.
+ */
+ mb_cache_entry_put(ea_block_cache, oe);
+ goto clone_block;
+ }
+ }
ea_bdebug(bs->bh, "modifying in-place");
error = ext4_xattr_set_entry(i, s, handle, inode,
true /* is_block */);
@@ -1901,6 +1929,7 @@ ext4_xattr_block_set(handle_t *handle, struct inode *inode,
goto cleanup;
goto inserted;
}
+clone_block:
unlock_buffer(bs->bh);
ea_bdebug(bs->bh, "cloning");
s->base = kmemdup(BHDR(bs->bh), bs->bh->b_size, GFP_NOFS);
@@ -2006,18 +2035,13 @@ ext4_xattr_block_set(handle_t *handle, struct inode *inode,
lock_buffer(new_bh);
/*
* We have to be careful about races with
- * freeing, rehashing or adding references to
- * xattr block. Once we hold buffer lock xattr
- * block's state is stable so we can check
- * whether the block got freed / rehashed or
- * not. Since we unhash mbcache entry under
- * buffer lock when freeing / rehashing xattr
- * block, checking whether entry is still
- * hashed is reliable. Same rules hold for
- * e_reusable handling.
+ * adding references to xattr block. Once we
+ * hold buffer lock xattr block's state is
+ * stable so we can check the additional
+ * reference fits.
*/
- if (hlist_bl_unhashed(&ce->e_hash_list) ||
- !ce->e_reusable) {
+ ref = le32_to_cpu(BHDR(new_bh)->h_refcount) + 1;
+ if (ref > EXT4_XATTR_REFCOUNT_MAX) {
/*
* Undo everything and check mbcache
* again.
@@ -2032,9 +2056,8 @@ ext4_xattr_block_set(handle_t *handle, struct inode *inode,
new_bh = NULL;
goto inserted;
}
- ref = le32_to_cpu(BHDR(new_bh)->h_refcount) + 1;
BHDR(new_bh)->h_refcount = cpu_to_le32(ref);
- if (ref >= EXT4_XATTR_REFCOUNT_MAX)
+ if (ref == EXT4_XATTR_REFCOUNT_MAX)
ce->e_reusable = 0;
ea_bdebug(new_bh, "reusing; refcount now=%d",
ref);
--
2.35.1
^ permalink raw reply related [flat|nested] 529+ messages in thread
* [PATCH 4.19 440/521] mbcache: automatically delete entries from cache on freeing
2023-01-16 15:44 [PATCH 4.19 000/521] 4.19.270-rc1 review Greg Kroah-Hartman
` (438 preceding siblings ...)
2023-01-16 15:51 ` [PATCH 4.19 439/521] ext4: fix race when reusing xattr blocks Greg Kroah-Hartman
@ 2023-01-16 15:51 ` Greg Kroah-Hartman
2023-01-16 15:51 ` [PATCH 4.19 441/521] ext4: fix deadlock due to mbcache entry corruption Greg Kroah-Hartman
` (84 subsequent siblings)
524 siblings, 0 replies; 529+ messages in thread
From: Greg Kroah-Hartman @ 2023-01-16 15:51 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Jan Kara, Theodore Tso, Sasha Levin
From: Jan Kara <jack@suse.cz>
[ Upstream commit 307af6c879377c1c63e71cbdd978201f9c7ee8df ]
Use the fact that entries with elevated refcount are not removed from
the hash and just move removal of the entry from the hash to the entry
freeing time. When doing this we also change the generic code to hold
one reference to the cache entry, not two of them, which makes code
somewhat more obvious.
Signed-off-by: Jan Kara <jack@suse.cz>
Link: https://lore.kernel.org/r/20220712105436.32204-10-jack@suse.cz
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
Stable-dep-of: a44e84a9b776 ("ext4: fix deadlock due to mbcache entry corruption")
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
fs/mbcache.c | 108 +++++++++++++++-------------------------
include/linux/mbcache.h | 24 ++++++---
2 files changed, 55 insertions(+), 77 deletions(-)
diff --git a/fs/mbcache.c b/fs/mbcache.c
index c76030e20d92..aa564e79891d 100644
--- a/fs/mbcache.c
+++ b/fs/mbcache.c
@@ -89,7 +89,7 @@ int mb_cache_entry_create(struct mb_cache *cache, gfp_t mask, u32 key,
return -ENOMEM;
INIT_LIST_HEAD(&entry->e_list);
- /* One ref for hash, one ref returned */
+ /* Initial hash reference */
atomic_set(&entry->e_refcnt, 1);
entry->e_key = key;
entry->e_value = value;
@@ -105,21 +105,28 @@ int mb_cache_entry_create(struct mb_cache *cache, gfp_t mask, u32 key,
}
}
hlist_bl_add_head(&entry->e_hash_list, head);
- hlist_bl_unlock(head);
-
+ /*
+ * Add entry to LRU list before it can be found by
+ * mb_cache_entry_delete() to avoid races
+ */
spin_lock(&cache->c_list_lock);
list_add_tail(&entry->e_list, &cache->c_list);
- /* Grab ref for LRU list */
- atomic_inc(&entry->e_refcnt);
cache->c_entry_count++;
spin_unlock(&cache->c_list_lock);
+ hlist_bl_unlock(head);
return 0;
}
EXPORT_SYMBOL(mb_cache_entry_create);
-void __mb_cache_entry_free(struct mb_cache_entry *entry)
+void __mb_cache_entry_free(struct mb_cache *cache, struct mb_cache_entry *entry)
{
+ struct hlist_bl_head *head;
+
+ head = mb_cache_entry_head(cache, entry->e_key);
+ hlist_bl_lock(head);
+ hlist_bl_del(&entry->e_hash_list);
+ hlist_bl_unlock(head);
kmem_cache_free(mb_entry_cache, entry);
}
EXPORT_SYMBOL(__mb_cache_entry_free);
@@ -133,7 +140,7 @@ EXPORT_SYMBOL(__mb_cache_entry_free);
*/
void mb_cache_entry_wait_unused(struct mb_cache_entry *entry)
{
- wait_var_event(&entry->e_refcnt, atomic_read(&entry->e_refcnt) <= 3);
+ wait_var_event(&entry->e_refcnt, atomic_read(&entry->e_refcnt) <= 2);
}
EXPORT_SYMBOL(mb_cache_entry_wait_unused);
@@ -154,10 +161,9 @@ static struct mb_cache_entry *__entry_find(struct mb_cache *cache,
while (node) {
entry = hlist_bl_entry(node, struct mb_cache_entry,
e_hash_list);
- if (entry->e_key == key && entry->e_reusable) {
- atomic_inc(&entry->e_refcnt);
+ if (entry->e_key == key && entry->e_reusable &&
+ atomic_inc_not_zero(&entry->e_refcnt))
goto out;
- }
node = node->next;
}
entry = NULL;
@@ -217,10 +223,9 @@ struct mb_cache_entry *mb_cache_entry_get(struct mb_cache *cache, u32 key,
head = mb_cache_entry_head(cache, key);
hlist_bl_lock(head);
hlist_bl_for_each_entry(entry, node, head, e_hash_list) {
- if (entry->e_key == key && entry->e_value == value) {
- atomic_inc(&entry->e_refcnt);
+ if (entry->e_key == key && entry->e_value == value &&
+ atomic_inc_not_zero(&entry->e_refcnt))
goto out;
- }
}
entry = NULL;
out:
@@ -280,37 +285,25 @@ EXPORT_SYMBOL(mb_cache_entry_delete);
struct mb_cache_entry *mb_cache_entry_delete_or_get(struct mb_cache *cache,
u32 key, u64 value)
{
- struct hlist_bl_node *node;
- struct hlist_bl_head *head;
struct mb_cache_entry *entry;
- head = mb_cache_entry_head(cache, key);
- hlist_bl_lock(head);
- hlist_bl_for_each_entry(entry, node, head, e_hash_list) {
- if (entry->e_key == key && entry->e_value == value) {
- if (atomic_read(&entry->e_refcnt) > 2) {
- atomic_inc(&entry->e_refcnt);
- hlist_bl_unlock(head);
- return entry;
- }
- /* We keep hash list reference to keep entry alive */
- hlist_bl_del_init(&entry->e_hash_list);
- hlist_bl_unlock(head);
- spin_lock(&cache->c_list_lock);
- if (!list_empty(&entry->e_list)) {
- list_del_init(&entry->e_list);
- if (!WARN_ONCE(cache->c_entry_count == 0,
- "mbcache: attempt to decrement c_entry_count past zero"))
- cache->c_entry_count--;
- atomic_dec(&entry->e_refcnt);
- }
- spin_unlock(&cache->c_list_lock);
- mb_cache_entry_put(cache, entry);
- return NULL;
- }
- }
- hlist_bl_unlock(head);
+ entry = mb_cache_entry_get(cache, key, value);
+ if (!entry)
+ return NULL;
+ /*
+ * Drop the ref we got from mb_cache_entry_get() and the initial hash
+ * ref if we are the last user
+ */
+ if (atomic_cmpxchg(&entry->e_refcnt, 2, 0) != 2)
+ return entry;
+
+ spin_lock(&cache->c_list_lock);
+ if (!list_empty(&entry->e_list))
+ list_del_init(&entry->e_list);
+ cache->c_entry_count--;
+ spin_unlock(&cache->c_list_lock);
+ __mb_cache_entry_free(cache, entry);
return NULL;
}
EXPORT_SYMBOL(mb_cache_entry_delete_or_get);
@@ -342,42 +335,24 @@ static unsigned long mb_cache_shrink(struct mb_cache *cache,
unsigned long nr_to_scan)
{
struct mb_cache_entry *entry;
- struct hlist_bl_head *head;
unsigned long shrunk = 0;
spin_lock(&cache->c_list_lock);
while (nr_to_scan-- && !list_empty(&cache->c_list)) {
entry = list_first_entry(&cache->c_list,
struct mb_cache_entry, e_list);
- if (entry->e_referenced || atomic_read(&entry->e_refcnt) > 2) {
+ /* Drop initial hash reference if there is no user */
+ if (entry->e_referenced ||
+ atomic_cmpxchg(&entry->e_refcnt, 1, 0) != 1) {
entry->e_referenced = 0;
list_move_tail(&entry->e_list, &cache->c_list);
continue;
}
list_del_init(&entry->e_list);
cache->c_entry_count--;
- /*
- * We keep LRU list reference so that entry doesn't go away
- * from under us.
- */
spin_unlock(&cache->c_list_lock);
- head = mb_cache_entry_head(cache, entry->e_key);
- hlist_bl_lock(head);
- /* Now a reliable check if the entry didn't get used... */
- if (atomic_read(&entry->e_refcnt) > 2) {
- hlist_bl_unlock(head);
- spin_lock(&cache->c_list_lock);
- list_add_tail(&entry->e_list, &cache->c_list);
- cache->c_entry_count++;
- continue;
- }
- if (!hlist_bl_unhashed(&entry->e_hash_list)) {
- hlist_bl_del_init(&entry->e_hash_list);
- atomic_dec(&entry->e_refcnt);
- }
- hlist_bl_unlock(head);
- if (mb_cache_entry_put(cache, entry))
- shrunk++;
+ __mb_cache_entry_free(cache, entry);
+ shrunk++;
cond_resched();
spin_lock(&cache->c_list_lock);
}
@@ -469,11 +444,6 @@ void mb_cache_destroy(struct mb_cache *cache)
* point.
*/
list_for_each_entry_safe(entry, next, &cache->c_list, e_list) {
- if (!hlist_bl_unhashed(&entry->e_hash_list)) {
- hlist_bl_del_init(&entry->e_hash_list);
- atomic_dec(&entry->e_refcnt);
- } else
- WARN_ON(1);
list_del(&entry->e_list);
WARN_ON(atomic_read(&entry->e_refcnt) != 1);
mb_cache_entry_put(cache, entry);
diff --git a/include/linux/mbcache.h b/include/linux/mbcache.h
index 8eca7f25c432..e9d5ece87794 100644
--- a/include/linux/mbcache.h
+++ b/include/linux/mbcache.h
@@ -13,8 +13,16 @@ struct mb_cache;
struct mb_cache_entry {
/* List of entries in cache - protected by cache->c_list_lock */
struct list_head e_list;
- /* Hash table list - protected by hash chain bitlock */
+ /*
+ * Hash table list - protected by hash chain bitlock. The entry is
+ * guaranteed to be hashed while e_refcnt > 0.
+ */
struct hlist_bl_node e_hash_list;
+ /*
+ * Entry refcount. Once it reaches zero, entry is unhashed and freed.
+ * While refcount > 0, the entry is guaranteed to stay in the hash and
+ * e.g. mb_cache_entry_try_delete() will fail.
+ */
atomic_t e_refcnt;
/* Key in hash - stable during lifetime of the entry */
u32 e_key;
@@ -29,20 +37,20 @@ void mb_cache_destroy(struct mb_cache *cache);
int mb_cache_entry_create(struct mb_cache *cache, gfp_t mask, u32 key,
u64 value, bool reusable);
-void __mb_cache_entry_free(struct mb_cache_entry *entry);
+void __mb_cache_entry_free(struct mb_cache *cache,
+ struct mb_cache_entry *entry);
void mb_cache_entry_wait_unused(struct mb_cache_entry *entry);
-static inline int mb_cache_entry_put(struct mb_cache *cache,
- struct mb_cache_entry *entry)
+static inline void mb_cache_entry_put(struct mb_cache *cache,
+ struct mb_cache_entry *entry)
{
unsigned int cnt = atomic_dec_return(&entry->e_refcnt);
if (cnt > 0) {
- if (cnt <= 3)
+ if (cnt <= 2)
wake_up_var(&entry->e_refcnt);
- return 0;
+ return;
}
- __mb_cache_entry_free(entry);
- return 1;
+ __mb_cache_entry_free(cache, entry);
}
struct mb_cache_entry *mb_cache_entry_delete_or_get(struct mb_cache *cache,
--
2.35.1
^ permalink raw reply related [flat|nested] 529+ messages in thread
* [PATCH 4.19 441/521] ext4: fix deadlock due to mbcache entry corruption
2023-01-16 15:44 [PATCH 4.19 000/521] 4.19.270-rc1 review Greg Kroah-Hartman
` (439 preceding siblings ...)
2023-01-16 15:51 ` [PATCH 4.19 440/521] mbcache: automatically delete entries from cache on freeing Greg Kroah-Hartman
@ 2023-01-16 15:51 ` Greg Kroah-Hartman
2023-01-16 15:51 ` [PATCH 4.19 442/521] SUNRPC: ensure the matching upcall is in-flight upon downcall Greg Kroah-Hartman
` (83 subsequent siblings)
524 siblings, 0 replies; 529+ messages in thread
From: Greg Kroah-Hartman @ 2023-01-16 15:51 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Thilo Fromm, Jan Kara,
Andreas Dilger, Theodore Tso, Sasha Levin, Jeremi Piotrowski
From: Jan Kara <jack@suse.cz>
[ Upstream commit a44e84a9b7764c72896f7241a0ec9ac7e7ef38dd ]
When manipulating xattr blocks, we can deadlock infinitely looping
inside ext4_xattr_block_set() where we constantly keep finding xattr
block for reuse in mbcache but we are unable to reuse it because its
reference count is too big. This happens because cache entry for the
xattr block is marked as reusable (e_reusable set) although its
reference count is too big. When this inconsistency happens, this
inconsistent state is kept indefinitely and so ext4_xattr_block_set()
keeps retrying indefinitely.
The inconsistent state is caused by non-atomic update of e_reusable bit.
e_reusable is part of a bitfield and e_reusable update can race with
update of e_referenced bit in the same bitfield resulting in loss of one
of the updates. Fix the problem by using atomic bitops instead.
This bug has been around for many years, but it became *much* easier
to hit after commit 65f8b80053a1 ("ext4: fix race when reusing xattr
blocks").
Cc: stable@vger.kernel.org
Fixes: 6048c64b2609 ("mbcache: add reusable flag to cache entries")
Fixes: 65f8b80053a1 ("ext4: fix race when reusing xattr blocks")
Reported-and-tested-by: Jeremi Piotrowski <jpiotrowski@linux.microsoft.com>
Reported-by: Thilo Fromm <t-lo@linux.microsoft.com>
Link: https://lore.kernel.org/r/c77bf00f-4618-7149-56f1-b8d1664b9d07@linux.microsoft.com/
Signed-off-by: Jan Kara <jack@suse.cz>
Reviewed-by: Andreas Dilger <adilger@dilger.ca>
Link: https://lore.kernel.org/r/20221123193950.16758-1-jack@suse.cz
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
fs/ext4/xattr.c | 4 ++--
fs/mbcache.c | 14 ++++++++------
include/linux/mbcache.h | 9 +++++++--
3 files changed, 17 insertions(+), 10 deletions(-)
diff --git a/fs/ext4/xattr.c b/fs/ext4/xattr.c
index f759ab8c1a68..0772941bbe92 100644
--- a/fs/ext4/xattr.c
+++ b/fs/ext4/xattr.c
@@ -1297,7 +1297,7 @@ ext4_xattr_release_block(handle_t *handle, struct inode *inode,
ce = mb_cache_entry_get(ea_block_cache, hash,
bh->b_blocknr);
if (ce) {
- ce->e_reusable = 1;
+ set_bit(MBE_REUSABLE_B, &ce->e_flags);
mb_cache_entry_put(ea_block_cache, ce);
}
}
@@ -2058,7 +2058,7 @@ ext4_xattr_block_set(handle_t *handle, struct inode *inode,
}
BHDR(new_bh)->h_refcount = cpu_to_le32(ref);
if (ref == EXT4_XATTR_REFCOUNT_MAX)
- ce->e_reusable = 0;
+ clear_bit(MBE_REUSABLE_B, &ce->e_flags);
ea_bdebug(new_bh, "reusing; refcount now=%d",
ref);
ext4_xattr_block_csum_set(inode, new_bh);
diff --git a/fs/mbcache.c b/fs/mbcache.c
index aa564e79891d..8e9e1888e448 100644
--- a/fs/mbcache.c
+++ b/fs/mbcache.c
@@ -93,8 +93,9 @@ int mb_cache_entry_create(struct mb_cache *cache, gfp_t mask, u32 key,
atomic_set(&entry->e_refcnt, 1);
entry->e_key = key;
entry->e_value = value;
- entry->e_reusable = reusable;
- entry->e_referenced = 0;
+ entry->e_flags = 0;
+ if (reusable)
+ set_bit(MBE_REUSABLE_B, &entry->e_flags);
head = mb_cache_entry_head(cache, key);
hlist_bl_lock(head);
hlist_bl_for_each_entry(dup, dup_node, head, e_hash_list) {
@@ -161,7 +162,8 @@ static struct mb_cache_entry *__entry_find(struct mb_cache *cache,
while (node) {
entry = hlist_bl_entry(node, struct mb_cache_entry,
e_hash_list);
- if (entry->e_key == key && entry->e_reusable &&
+ if (entry->e_key == key &&
+ test_bit(MBE_REUSABLE_B, &entry->e_flags) &&
atomic_inc_not_zero(&entry->e_refcnt))
goto out;
node = node->next;
@@ -317,7 +319,7 @@ EXPORT_SYMBOL(mb_cache_entry_delete_or_get);
void mb_cache_entry_touch(struct mb_cache *cache,
struct mb_cache_entry *entry)
{
- entry->e_referenced = 1;
+ set_bit(MBE_REFERENCED_B, &entry->e_flags);
}
EXPORT_SYMBOL(mb_cache_entry_touch);
@@ -342,9 +344,9 @@ static unsigned long mb_cache_shrink(struct mb_cache *cache,
entry = list_first_entry(&cache->c_list,
struct mb_cache_entry, e_list);
/* Drop initial hash reference if there is no user */
- if (entry->e_referenced ||
+ if (test_bit(MBE_REFERENCED_B, &entry->e_flags) ||
atomic_cmpxchg(&entry->e_refcnt, 1, 0) != 1) {
- entry->e_referenced = 0;
+ clear_bit(MBE_REFERENCED_B, &entry->e_flags);
list_move_tail(&entry->e_list, &cache->c_list);
continue;
}
diff --git a/include/linux/mbcache.h b/include/linux/mbcache.h
index e9d5ece87794..591bc4cefe1d 100644
--- a/include/linux/mbcache.h
+++ b/include/linux/mbcache.h
@@ -10,6 +10,12 @@
struct mb_cache;
+/* Cache entry flags */
+enum {
+ MBE_REFERENCED_B = 0,
+ MBE_REUSABLE_B
+};
+
struct mb_cache_entry {
/* List of entries in cache - protected by cache->c_list_lock */
struct list_head e_list;
@@ -26,8 +32,7 @@ struct mb_cache_entry {
atomic_t e_refcnt;
/* Key in hash - stable during lifetime of the entry */
u32 e_key;
- u32 e_referenced:1;
- u32 e_reusable:1;
+ unsigned long e_flags;
/* User provided value - stable during lifetime of the entry */
u64 e_value;
};
--
2.35.1
^ permalink raw reply related [flat|nested] 529+ messages in thread
* [PATCH 4.19 442/521] SUNRPC: ensure the matching upcall is in-flight upon downcall
2023-01-16 15:44 [PATCH 4.19 000/521] 4.19.270-rc1 review Greg Kroah-Hartman
` (440 preceding siblings ...)
2023-01-16 15:51 ` [PATCH 4.19 441/521] ext4: fix deadlock due to mbcache entry corruption Greg Kroah-Hartman
@ 2023-01-16 15:51 ` Greg Kroah-Hartman
2023-01-16 15:51 ` [PATCH 4.19 443/521] bpf: pull before calling skb_postpull_rcsum() Greg Kroah-Hartman
` (82 subsequent siblings)
524 siblings, 0 replies; 529+ messages in thread
From: Greg Kroah-Hartman @ 2023-01-16 15:51 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, minoura makoto, Hiroshi Shimamoto,
Trond Myklebust, Trond Myklebust, Sasha Levin
From: minoura makoto <minoura@valinux.co.jp>
[ Upstream commit b18cba09e374637a0a3759d856a6bca94c133952 ]
Commit 9130b8dbc6ac ("SUNRPC: allow for upcalls for the same uid
but different gss service") introduced `auth` argument to
__gss_find_upcall(), but in gss_pipe_downcall() it was left as NULL
since it (and auth->service) was not (yet) determined.
When multiple upcalls with the same uid and different service are
ongoing, it could happen that __gss_find_upcall(), which returns the
first match found in the pipe->in_downcall list, could not find the
correct gss_msg corresponding to the downcall we are looking for.
Moreover, it might return a msg which is not sent to rpc.gssd yet.
We could see mount.nfs process hung in D state with multiple mount.nfs
are executed in parallel. The call trace below is of CentOS 7.9
kernel-3.10.0-1160.24.1.el7.x86_64 but we observed the same hang w/
elrepo kernel-ml-6.0.7-1.el7.
PID: 71258 TASK: ffff91ebd4be0000 CPU: 36 COMMAND: "mount.nfs"
#0 [ffff9203ca3234f8] __schedule at ffffffffa3b8899f
#1 [ffff9203ca323580] schedule at ffffffffa3b88eb9
#2 [ffff9203ca323590] gss_cred_init at ffffffffc0355818 [auth_rpcgss]
#3 [ffff9203ca323658] rpcauth_lookup_credcache at ffffffffc0421ebc
[sunrpc]
#4 [ffff9203ca3236d8] gss_lookup_cred at ffffffffc0353633 [auth_rpcgss]
#5 [ffff9203ca3236e8] rpcauth_lookupcred at ffffffffc0421581 [sunrpc]
#6 [ffff9203ca323740] rpcauth_refreshcred at ffffffffc04223d3 [sunrpc]
#7 [ffff9203ca3237a0] call_refresh at ffffffffc04103dc [sunrpc]
#8 [ffff9203ca3237b8] __rpc_execute at ffffffffc041e1c9 [sunrpc]
#9 [ffff9203ca323820] rpc_execute at ffffffffc0420a48 [sunrpc]
The scenario is like this. Let's say there are two upcalls for
services A and B, A -> B in pipe->in_downcall, B -> A in pipe->pipe.
When rpc.gssd reads pipe to get the upcall msg corresponding to
service B from pipe->pipe and then writes the response, in
gss_pipe_downcall the msg corresponding to service A will be picked
because only uid is used to find the msg and it is before the one for
B in pipe->in_downcall. And the process waiting for the msg
corresponding to service A will be woken up.
Actual scheduing of that process might be after rpc.gssd processes the
next msg. In rpc_pipe_generic_upcall it clears msg->errno (for A).
The process is scheduled to see gss_msg->ctx == NULL and
gss_msg->msg.errno == 0, therefore it cannot break the loop in
gss_create_upcall and is never woken up after that.
This patch adds a simple check to ensure that a msg which is not
sent to rpc.gssd yet is not chosen as the matching upcall upon
receiving a downcall.
Signed-off-by: minoura makoto <minoura@valinux.co.jp>
Signed-off-by: Hiroshi Shimamoto <h-shimamoto@nec.com>
Tested-by: Hiroshi Shimamoto <h-shimamoto@nec.com>
Cc: Trond Myklebust <trondmy@hammerspace.com>
Fixes: 9130b8dbc6ac ("SUNRPC: allow for upcalls for same uid but different gss service")
Signed-off-by: Trond Myklebust <trond.myklebust@hammerspace.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
include/linux/sunrpc/rpc_pipe_fs.h | 5 +++++
net/sunrpc/auth_gss/auth_gss.c | 19 +++++++++++++++++--
2 files changed, 22 insertions(+), 2 deletions(-)
diff --git a/include/linux/sunrpc/rpc_pipe_fs.h b/include/linux/sunrpc/rpc_pipe_fs.h
index e90b9bd99ded..396de2ef8767 100644
--- a/include/linux/sunrpc/rpc_pipe_fs.h
+++ b/include/linux/sunrpc/rpc_pipe_fs.h
@@ -94,6 +94,11 @@ extern ssize_t rpc_pipe_generic_upcall(struct file *, struct rpc_pipe_msg *,
char __user *, size_t);
extern int rpc_queue_upcall(struct rpc_pipe *, struct rpc_pipe_msg *);
+/* returns true if the msg is in-flight, i.e., already eaten by the peer */
+static inline bool rpc_msg_is_inflight(const struct rpc_pipe_msg *msg) {
+ return (msg->copied != 0 && list_empty(&msg->list));
+}
+
struct rpc_clnt;
extern struct dentry *rpc_create_client_dir(struct dentry *, const char *, struct rpc_clnt *);
extern int rpc_remove_client_dir(struct rpc_clnt *);
diff --git a/net/sunrpc/auth_gss/auth_gss.c b/net/sunrpc/auth_gss/auth_gss.c
index e61c48c1b37d..c11e68539602 100644
--- a/net/sunrpc/auth_gss/auth_gss.c
+++ b/net/sunrpc/auth_gss/auth_gss.c
@@ -323,7 +323,7 @@ __gss_find_upcall(struct rpc_pipe *pipe, kuid_t uid, const struct gss_auth *auth
list_for_each_entry(pos, &pipe->in_downcall, list) {
if (!uid_eq(pos->uid, uid))
continue;
- if (auth && pos->auth->service != auth->service)
+ if (pos->auth->service != auth->service)
continue;
refcount_inc(&pos->count);
dprintk("RPC: %s found msg %p\n", __func__, pos);
@@ -677,6 +677,21 @@ gss_create_upcall(struct gss_auth *gss_auth, struct gss_cred *gss_cred)
return err;
}
+static struct gss_upcall_msg *
+gss_find_downcall(struct rpc_pipe *pipe, kuid_t uid)
+{
+ struct gss_upcall_msg *pos;
+ list_for_each_entry(pos, &pipe->in_downcall, list) {
+ if (!uid_eq(pos->uid, uid))
+ continue;
+ if (!rpc_msg_is_inflight(&pos->msg))
+ continue;
+ refcount_inc(&pos->count);
+ return pos;
+ }
+ return NULL;
+}
+
#define MSG_BUF_MAXSIZE 1024
static ssize_t
@@ -723,7 +738,7 @@ gss_pipe_downcall(struct file *filp, const char __user *src, size_t mlen)
err = -ENOENT;
/* Find a matching upcall */
spin_lock(&pipe->lock);
- gss_msg = __gss_find_upcall(pipe, uid, NULL);
+ gss_msg = gss_find_downcall(pipe, uid);
if (gss_msg == NULL) {
spin_unlock(&pipe->lock);
goto err_put_ctx;
--
2.35.1
^ permalink raw reply related [flat|nested] 529+ messages in thread
* [PATCH 4.19 443/521] bpf: pull before calling skb_postpull_rcsum()
2023-01-16 15:44 [PATCH 4.19 000/521] 4.19.270-rc1 review Greg Kroah-Hartman
` (441 preceding siblings ...)
2023-01-16 15:51 ` [PATCH 4.19 442/521] SUNRPC: ensure the matching upcall is in-flight upon downcall Greg Kroah-Hartman
@ 2023-01-16 15:51 ` Greg Kroah-Hartman
2023-01-16 15:51 ` [PATCH 4.19 444/521] qlcnic: prevent ->dcb use-after-free on qlcnic_dcb_enable() failure Greg Kroah-Hartman
` (81 subsequent siblings)
524 siblings, 0 replies; 529+ messages in thread
From: Greg Kroah-Hartman @ 2023-01-16 15:51 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Anand Parthasarathy, Jakub Kicinski,
Stanislav Fomichev, Martin KaFai Lau, Sasha Levin
From: Jakub Kicinski <kuba@kernel.org>
[ Upstream commit 54c3f1a81421f85e60ae2eaae7be3727a09916ee ]
Anand hit a BUG() when pulling off headers on egress to a SW tunnel.
We get to skb_checksum_help() with an invalid checksum offset
(commit d7ea0d9df2a6 ("net: remove two BUG() from skb_checksum_help()")
converted those BUGs to WARN_ONs()).
He points out oddness in how skb_postpull_rcsum() gets used.
Indeed looks like we should pull before "postpull", otherwise
the CHECKSUM_PARTIAL fixup from skb_postpull_rcsum() will not
be able to do its job:
if (skb->ip_summed == CHECKSUM_PARTIAL &&
skb_checksum_start_offset(skb) < 0)
skb->ip_summed = CHECKSUM_NONE;
Reported-by: Anand Parthasarathy <anpartha@meta.com>
Fixes: 6578171a7ff0 ("bpf: add bpf_skb_change_proto helper")
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Acked-by: Stanislav Fomichev <sdf@google.com>
Link: https://lore.kernel.org/r/20221220004701.402165-1-kuba@kernel.org
Signed-off-by: Martin KaFai Lau <martin.lau@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
net/core/filter.c | 7 +++++--
1 file changed, 5 insertions(+), 2 deletions(-)
diff --git a/net/core/filter.c b/net/core/filter.c
index aa2e7baa13c4..32d0b8f14aab 100644
--- a/net/core/filter.c
+++ b/net/core/filter.c
@@ -2565,15 +2565,18 @@ static int bpf_skb_generic_push(struct sk_buff *skb, u32 off, u32 len)
static int bpf_skb_generic_pop(struct sk_buff *skb, u32 off, u32 len)
{
+ void *old_data;
+
/* skb_ensure_writable() is not needed here, as we're
* already working on an uncloned skb.
*/
if (unlikely(!pskb_may_pull(skb, off + len)))
return -ENOMEM;
- skb_postpull_rcsum(skb, skb->data + off, len);
- memmove(skb->data + len, skb->data, off);
+ old_data = skb->data;
__skb_pull(skb, len);
+ skb_postpull_rcsum(skb, old_data + off, len);
+ memmove(skb->data, old_data, off);
return 0;
}
--
2.35.1
^ permalink raw reply related [flat|nested] 529+ messages in thread
* [PATCH 4.19 444/521] qlcnic: prevent ->dcb use-after-free on qlcnic_dcb_enable() failure
2023-01-16 15:44 [PATCH 4.19 000/521] 4.19.270-rc1 review Greg Kroah-Hartman
` (442 preceding siblings ...)
2023-01-16 15:51 ` [PATCH 4.19 443/521] bpf: pull before calling skb_postpull_rcsum() Greg Kroah-Hartman
@ 2023-01-16 15:51 ` Greg Kroah-Hartman
2023-01-16 15:51 ` [PATCH 4.19 445/521] nfc: Fix potential resource leaks Greg Kroah-Hartman
` (80 subsequent siblings)
524 siblings, 0 replies; 529+ messages in thread
From: Greg Kroah-Hartman @ 2023-01-16 15:51 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Michal Swiatkowski, Daniil Tatianin,
David S. Miller, Sasha Levin
From: Daniil Tatianin <d-tatianin@yandex-team.ru>
[ Upstream commit 13a7c8964afcd8ca43c0b6001ebb0127baa95362 ]
adapter->dcb would get silently freed inside qlcnic_dcb_enable() in
case qlcnic_dcb_attach() would return an error, which always happens
under OOM conditions. This would lead to use-after-free because both
of the existing callers invoke qlcnic_dcb_get_info() on the obtained
pointer, which is potentially freed at that point.
Propagate errors from qlcnic_dcb_enable(), and instead free the dcb
pointer at callsite using qlcnic_dcb_free(). This also removes the now
unused qlcnic_clear_dcb_ops() helper, which was a simple wrapper around
kfree() also causing memory leaks for partially initialized dcb.
Found by Linux Verification Center (linuxtesting.org) with the SVACE
static analysis tool.
Fixes: 3c44bba1d270 ("qlcnic: Disable DCB operations from SR-IOV VFs")
Reviewed-by: Michal Swiatkowski <michal.swiatkowski@linux.intel.com>
Signed-off-by: Daniil Tatianin <d-tatianin@yandex-team.ru>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/ethernet/qlogic/qlcnic/qlcnic_83xx_init.c | 8 +++++++-
drivers/net/ethernet/qlogic/qlcnic/qlcnic_dcb.h | 10 ++--------
drivers/net/ethernet/qlogic/qlcnic/qlcnic_main.c | 8 +++++++-
3 files changed, 16 insertions(+), 10 deletions(-)
diff --git a/drivers/net/ethernet/qlogic/qlcnic/qlcnic_83xx_init.c b/drivers/net/ethernet/qlogic/qlcnic/qlcnic_83xx_init.c
index 10286215092f..85419b8258b5 100644
--- a/drivers/net/ethernet/qlogic/qlcnic/qlcnic_83xx_init.c
+++ b/drivers/net/ethernet/qlogic/qlcnic/qlcnic_83xx_init.c
@@ -2525,7 +2525,13 @@ int qlcnic_83xx_init(struct qlcnic_adapter *adapter, int pci_using_dac)
goto disable_mbx_intr;
qlcnic_83xx_clear_function_resources(adapter);
- qlcnic_dcb_enable(adapter->dcb);
+
+ err = qlcnic_dcb_enable(adapter->dcb);
+ if (err) {
+ qlcnic_dcb_free(adapter->dcb);
+ goto disable_mbx_intr;
+ }
+
qlcnic_83xx_initialize_nic(adapter, 1);
qlcnic_dcb_get_info(adapter->dcb);
diff --git a/drivers/net/ethernet/qlogic/qlcnic/qlcnic_dcb.h b/drivers/net/ethernet/qlogic/qlcnic/qlcnic_dcb.h
index 0a9d24e86715..eb8000d9b6d0 100644
--- a/drivers/net/ethernet/qlogic/qlcnic/qlcnic_dcb.h
+++ b/drivers/net/ethernet/qlogic/qlcnic/qlcnic_dcb.h
@@ -42,11 +42,6 @@ struct qlcnic_dcb {
unsigned long state;
};
-static inline void qlcnic_clear_dcb_ops(struct qlcnic_dcb *dcb)
-{
- kfree(dcb);
-}
-
static inline int qlcnic_dcb_get_hw_capability(struct qlcnic_dcb *dcb)
{
if (dcb && dcb->ops->get_hw_capability)
@@ -113,9 +108,8 @@ static inline void qlcnic_dcb_init_dcbnl_ops(struct qlcnic_dcb *dcb)
dcb->ops->init_dcbnl_ops(dcb);
}
-static inline void qlcnic_dcb_enable(struct qlcnic_dcb *dcb)
+static inline int qlcnic_dcb_enable(struct qlcnic_dcb *dcb)
{
- if (dcb && qlcnic_dcb_attach(dcb))
- qlcnic_clear_dcb_ops(dcb);
+ return dcb ? qlcnic_dcb_attach(dcb) : 0;
}
#endif
diff --git a/drivers/net/ethernet/qlogic/qlcnic/qlcnic_main.c b/drivers/net/ethernet/qlogic/qlcnic/qlcnic_main.c
index 43920374beae..a0c427f3b180 100644
--- a/drivers/net/ethernet/qlogic/qlcnic/qlcnic_main.c
+++ b/drivers/net/ethernet/qlogic/qlcnic/qlcnic_main.c
@@ -2638,7 +2638,13 @@ qlcnic_probe(struct pci_dev *pdev, const struct pci_device_id *ent)
"Device does not support MSI interrupts\n");
if (qlcnic_82xx_check(adapter)) {
- qlcnic_dcb_enable(adapter->dcb);
+ err = qlcnic_dcb_enable(adapter->dcb);
+ if (err) {
+ qlcnic_dcb_free(adapter->dcb);
+ dev_err(&pdev->dev, "Failed to enable DCB\n");
+ goto err_out_free_hw;
+ }
+
qlcnic_dcb_get_info(adapter->dcb);
err = qlcnic_setup_intr(adapter);
--
2.35.1
^ permalink raw reply related [flat|nested] 529+ messages in thread
* [PATCH 4.19 445/521] nfc: Fix potential resource leaks
2023-01-16 15:44 [PATCH 4.19 000/521] 4.19.270-rc1 review Greg Kroah-Hartman
` (443 preceding siblings ...)
2023-01-16 15:51 ` [PATCH 4.19 444/521] qlcnic: prevent ->dcb use-after-free on qlcnic_dcb_enable() failure Greg Kroah-Hartman
@ 2023-01-16 15:51 ` Greg Kroah-Hartman
2023-01-16 15:51 ` [PATCH 4.19 446/521] net: amd-xgbe: add missed tasklet_kill Greg Kroah-Hartman
` (79 subsequent siblings)
524 siblings, 0 replies; 529+ messages in thread
From: Greg Kroah-Hartman @ 2023-01-16 15:51 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Miaoqian Lin, David S. Miller, Sasha Levin
From: Miaoqian Lin <linmq006@gmail.com>
[ Upstream commit df49908f3c52d211aea5e2a14a93bbe67a2cb3af ]
nfc_get_device() take reference for the device, add missing
nfc_put_device() to release it when not need anymore.
Also fix the style warnning by use error EOPNOTSUPP instead of
ENOTSUPP.
Fixes: 5ce3f32b5264 ("NFC: netlink: SE API implementation")
Fixes: 29e76924cf08 ("nfc: netlink: Add capability to reply to vendor_cmd with data")
Signed-off-by: Miaoqian Lin <linmq006@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
net/nfc/netlink.c | 52 ++++++++++++++++++++++++++++++++++-------------
1 file changed, 38 insertions(+), 14 deletions(-)
diff --git a/net/nfc/netlink.c b/net/nfc/netlink.c
index 39fb01ee9222..8953b03d5a52 100644
--- a/net/nfc/netlink.c
+++ b/net/nfc/netlink.c
@@ -1515,6 +1515,7 @@ static int nfc_genl_se_io(struct sk_buff *skb, struct genl_info *info)
u32 dev_idx, se_idx;
u8 *apdu;
size_t apdu_len;
+ int rc;
if (!info->attrs[NFC_ATTR_DEVICE_INDEX] ||
!info->attrs[NFC_ATTR_SE_INDEX] ||
@@ -1528,25 +1529,37 @@ static int nfc_genl_se_io(struct sk_buff *skb, struct genl_info *info)
if (!dev)
return -ENODEV;
- if (!dev->ops || !dev->ops->se_io)
- return -ENOTSUPP;
+ if (!dev->ops || !dev->ops->se_io) {
+ rc = -EOPNOTSUPP;
+ goto put_dev;
+ }
apdu_len = nla_len(info->attrs[NFC_ATTR_SE_APDU]);
- if (apdu_len == 0)
- return -EINVAL;
+ if (apdu_len == 0) {
+ rc = -EINVAL;
+ goto put_dev;
+ }
apdu = nla_data(info->attrs[NFC_ATTR_SE_APDU]);
- if (!apdu)
- return -EINVAL;
+ if (!apdu) {
+ rc = -EINVAL;
+ goto put_dev;
+ }
ctx = kzalloc(sizeof(struct se_io_ctx), GFP_KERNEL);
- if (!ctx)
- return -ENOMEM;
+ if (!ctx) {
+ rc = -ENOMEM;
+ goto put_dev;
+ }
ctx->dev_idx = dev_idx;
ctx->se_idx = se_idx;
- return nfc_se_io(dev, se_idx, apdu, apdu_len, se_io_cb, ctx);
+ rc = nfc_se_io(dev, se_idx, apdu, apdu_len, se_io_cb, ctx);
+
+put_dev:
+ nfc_put_device(dev);
+ return rc;
}
static int nfc_genl_vendor_cmd(struct sk_buff *skb,
@@ -1569,14 +1582,21 @@ static int nfc_genl_vendor_cmd(struct sk_buff *skb,
subcmd = nla_get_u32(info->attrs[NFC_ATTR_VENDOR_SUBCMD]);
dev = nfc_get_device(dev_idx);
- if (!dev || !dev->vendor_cmds || !dev->n_vendor_cmds)
+ if (!dev)
return -ENODEV;
+ if (!dev->vendor_cmds || !dev->n_vendor_cmds) {
+ err = -ENODEV;
+ goto put_dev;
+ }
+
if (info->attrs[NFC_ATTR_VENDOR_DATA]) {
data = nla_data(info->attrs[NFC_ATTR_VENDOR_DATA]);
data_len = nla_len(info->attrs[NFC_ATTR_VENDOR_DATA]);
- if (data_len == 0)
- return -EINVAL;
+ if (data_len == 0) {
+ err = -EINVAL;
+ goto put_dev;
+ }
} else {
data = NULL;
data_len = 0;
@@ -1591,10 +1611,14 @@ static int nfc_genl_vendor_cmd(struct sk_buff *skb,
dev->cur_cmd_info = info;
err = cmd->doit(dev, data, data_len);
dev->cur_cmd_info = NULL;
- return err;
+ goto put_dev;
}
- return -EOPNOTSUPP;
+ err = -EOPNOTSUPP;
+
+put_dev:
+ nfc_put_device(dev);
+ return err;
}
/* message building helper */
--
2.35.1
^ permalink raw reply related [flat|nested] 529+ messages in thread
* [PATCH 4.19 446/521] net: amd-xgbe: add missed tasklet_kill
2023-01-16 15:44 [PATCH 4.19 000/521] 4.19.270-rc1 review Greg Kroah-Hartman
` (444 preceding siblings ...)
2023-01-16 15:51 ` [PATCH 4.19 445/521] nfc: Fix potential resource leaks Greg Kroah-Hartman
@ 2023-01-16 15:51 ` Greg Kroah-Hartman
2023-01-16 15:51 ` [PATCH 4.19 447/521] net: phy: xgmiitorgmii: Fix refcount leak in xgmiitorgmii_probe Greg Kroah-Hartman
` (78 subsequent siblings)
524 siblings, 0 replies; 529+ messages in thread
From: Greg Kroah-Hartman @ 2023-01-16 15:51 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Jiguang Xiao, David S. Miller, Sasha Levin
From: Jiguang Xiao <jiguang.xiao@windriver.com>
[ Upstream commit d530ece70f16f912e1d1bfeea694246ab78b0a4b ]
The driver does not call tasklet_kill in several places.
Add the calls to fix it.
Fixes: 85b85c853401 ("amd-xgbe: Re-issue interrupt if interrupt status not cleared")
Signed-off-by: Jiguang Xiao <jiguang.xiao@windriver.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/ethernet/amd/xgbe/xgbe-drv.c | 3 +++
drivers/net/ethernet/amd/xgbe/xgbe-i2c.c | 4 +++-
drivers/net/ethernet/amd/xgbe/xgbe-mdio.c | 4 +++-
3 files changed, 9 insertions(+), 2 deletions(-)
diff --git a/drivers/net/ethernet/amd/xgbe/xgbe-drv.c b/drivers/net/ethernet/amd/xgbe/xgbe-drv.c
index 35659f0dbe74..c1fb1e62557c 100644
--- a/drivers/net/ethernet/amd/xgbe/xgbe-drv.c
+++ b/drivers/net/ethernet/amd/xgbe/xgbe-drv.c
@@ -1140,6 +1140,9 @@ static void xgbe_free_irqs(struct xgbe_prv_data *pdata)
devm_free_irq(pdata->dev, pdata->dev_irq, pdata);
+ tasklet_kill(&pdata->tasklet_dev);
+ tasklet_kill(&pdata->tasklet_ecc);
+
if (pdata->vdata->ecc_support && (pdata->dev_irq != pdata->ecc_irq))
devm_free_irq(pdata->dev, pdata->ecc_irq, pdata);
diff --git a/drivers/net/ethernet/amd/xgbe/xgbe-i2c.c b/drivers/net/ethernet/amd/xgbe/xgbe-i2c.c
index 4d9062d35930..530043742a07 100644
--- a/drivers/net/ethernet/amd/xgbe/xgbe-i2c.c
+++ b/drivers/net/ethernet/amd/xgbe/xgbe-i2c.c
@@ -447,8 +447,10 @@ static void xgbe_i2c_stop(struct xgbe_prv_data *pdata)
xgbe_i2c_disable(pdata);
xgbe_i2c_clear_all_interrupts(pdata);
- if (pdata->dev_irq != pdata->i2c_irq)
+ if (pdata->dev_irq != pdata->i2c_irq) {
devm_free_irq(pdata->dev, pdata->i2c_irq, pdata);
+ tasklet_kill(&pdata->tasklet_i2c);
+ }
}
static int xgbe_i2c_start(struct xgbe_prv_data *pdata)
diff --git a/drivers/net/ethernet/amd/xgbe/xgbe-mdio.c b/drivers/net/ethernet/amd/xgbe/xgbe-mdio.c
index 156a0bc8ab01..97167fc9bebe 100644
--- a/drivers/net/ethernet/amd/xgbe/xgbe-mdio.c
+++ b/drivers/net/ethernet/amd/xgbe/xgbe-mdio.c
@@ -1390,8 +1390,10 @@ static void xgbe_phy_stop(struct xgbe_prv_data *pdata)
/* Disable auto-negotiation */
xgbe_an_disable_all(pdata);
- if (pdata->dev_irq != pdata->an_irq)
+ if (pdata->dev_irq != pdata->an_irq) {
devm_free_irq(pdata->dev, pdata->an_irq, pdata);
+ tasklet_kill(&pdata->tasklet_an);
+ }
pdata->phy_if.phy_impl.stop(pdata);
--
2.35.1
^ permalink raw reply related [flat|nested] 529+ messages in thread
* [PATCH 4.19 447/521] net: phy: xgmiitorgmii: Fix refcount leak in xgmiitorgmii_probe
2023-01-16 15:44 [PATCH 4.19 000/521] 4.19.270-rc1 review Greg Kroah-Hartman
` (445 preceding siblings ...)
2023-01-16 15:51 ` [PATCH 4.19 446/521] net: amd-xgbe: add missed tasklet_kill Greg Kroah-Hartman
@ 2023-01-16 15:51 ` Greg Kroah-Hartman
2023-01-16 15:51 ` [PATCH 4.19 448/521] RDMA/mlx5: Fix validation of max_rd_atomic caps for DC Greg Kroah-Hartman
` (77 subsequent siblings)
524 siblings, 0 replies; 529+ messages in thread
From: Greg Kroah-Hartman @ 2023-01-16 15:51 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Miaoqian Lin, David S. Miller, Sasha Levin
From: Miaoqian Lin <linmq006@gmail.com>
[ Upstream commit d039535850ee47079d59527e96be18d8e0daa84b ]
of_phy_find_device() return device node with refcount incremented.
Call put_device() to relese it when not needed anymore.
Fixes: ab4e6ee578e8 ("net: phy: xgmiitorgmii: Check phy_driver ready before accessing")
Signed-off-by: Miaoqian Lin <linmq006@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/phy/xilinx_gmii2rgmii.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/drivers/net/phy/xilinx_gmii2rgmii.c b/drivers/net/phy/xilinx_gmii2rgmii.c
index bd6084e315de..f44dc80ed3e6 100644
--- a/drivers/net/phy/xilinx_gmii2rgmii.c
+++ b/drivers/net/phy/xilinx_gmii2rgmii.c
@@ -91,6 +91,7 @@ static int xgmiitorgmii_probe(struct mdio_device *mdiodev)
if (!priv->phy_dev->drv) {
dev_info(dev, "Attached phy not ready\n");
+ put_device(&priv->phy_dev->mdio.dev);
return -EPROBE_DEFER;
}
--
2.35.1
^ permalink raw reply related [flat|nested] 529+ messages in thread
* [PATCH 4.19 448/521] RDMA/mlx5: Fix validation of max_rd_atomic caps for DC
2023-01-16 15:44 [PATCH 4.19 000/521] 4.19.270-rc1 review Greg Kroah-Hartman
` (446 preceding siblings ...)
2023-01-16 15:51 ` [PATCH 4.19 447/521] net: phy: xgmiitorgmii: Fix refcount leak in xgmiitorgmii_probe Greg Kroah-Hartman
@ 2023-01-16 15:51 ` Greg Kroah-Hartman
2023-01-16 15:51 ` [PATCH 4.19 449/521] net: sched: atm: dont intepret cls results when asked to drop Greg Kroah-Hartman
` (76 subsequent siblings)
524 siblings, 0 replies; 529+ messages in thread
From: Greg Kroah-Hartman @ 2023-01-16 15:51 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Maor Gottlieb, Leon Romanovsky, Sasha Levin
From: Maor Gottlieb <maorg@nvidia.com>
[ Upstream commit 8de8482fe5732fbef4f5af82bc0c0362c804cd1f ]
Currently, when modifying DC, we validate max_rd_atomic user attribute
against the RC cap, validate against DC. RC and DC QP types have different
device limitations.
This can cause userspace created DC QPs to malfunction.
Fixes: c32a4f296e1d ("IB/mlx5: Add support for DC Initiator QP")
Link: https://lore.kernel.org/r/0c5aee72cea188c3bb770f4207cce7abc9b6fc74.1672231736.git.leonro@nvidia.com
Signed-off-by: Maor Gottlieb <maorg@nvidia.com>
Signed-off-by: Leon Romanovsky <leon@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/infiniband/hw/mlx5/qp.c | 49 +++++++++++++++++++++++----------
1 file changed, 35 insertions(+), 14 deletions(-)
diff --git a/drivers/infiniband/hw/mlx5/qp.c b/drivers/infiniband/hw/mlx5/qp.c
index 361b1b859782..1520a3098f7d 100644
--- a/drivers/infiniband/hw/mlx5/qp.c
+++ b/drivers/infiniband/hw/mlx5/qp.c
@@ -3411,6 +3411,40 @@ static int mlx5_ib_modify_dct(struct ib_qp *ibqp, struct ib_qp_attr *attr,
return err;
}
+static int validate_rd_atomic(struct mlx5_ib_dev *dev, struct ib_qp_attr *attr,
+ int attr_mask, enum ib_qp_type qp_type)
+{
+ int log_max_ra_res;
+ int log_max_ra_req;
+
+ if (qp_type == MLX5_IB_QPT_DCI) {
+ log_max_ra_res = 1 << MLX5_CAP_GEN(dev->mdev,
+ log_max_ra_res_dc);
+ log_max_ra_req = 1 << MLX5_CAP_GEN(dev->mdev,
+ log_max_ra_req_dc);
+ } else {
+ log_max_ra_res = 1 << MLX5_CAP_GEN(dev->mdev,
+ log_max_ra_res_qp);
+ log_max_ra_req = 1 << MLX5_CAP_GEN(dev->mdev,
+ log_max_ra_req_qp);
+ }
+
+ if (attr_mask & IB_QP_MAX_QP_RD_ATOMIC &&
+ attr->max_rd_atomic > log_max_ra_res) {
+ mlx5_ib_dbg(dev, "invalid max_rd_atomic value %d\n",
+ attr->max_rd_atomic);
+ return false;
+ }
+
+ if (attr_mask & IB_QP_MAX_DEST_RD_ATOMIC &&
+ attr->max_dest_rd_atomic > log_max_ra_req) {
+ mlx5_ib_dbg(dev, "invalid max_dest_rd_atomic value %d\n",
+ attr->max_dest_rd_atomic);
+ return false;
+ }
+ return true;
+}
+
int mlx5_ib_modify_qp(struct ib_qp *ibqp, struct ib_qp_attr *attr,
int attr_mask, struct ib_udata *udata)
{
@@ -3508,21 +3542,8 @@ int mlx5_ib_modify_qp(struct ib_qp *ibqp, struct ib_qp_attr *attr,
}
}
- if (attr_mask & IB_QP_MAX_QP_RD_ATOMIC &&
- attr->max_rd_atomic >
- (1 << MLX5_CAP_GEN(dev->mdev, log_max_ra_res_qp))) {
- mlx5_ib_dbg(dev, "invalid max_rd_atomic value %d\n",
- attr->max_rd_atomic);
- goto out;
- }
-
- if (attr_mask & IB_QP_MAX_DEST_RD_ATOMIC &&
- attr->max_dest_rd_atomic >
- (1 << MLX5_CAP_GEN(dev->mdev, log_max_ra_req_qp))) {
- mlx5_ib_dbg(dev, "invalid max_dest_rd_atomic value %d\n",
- attr->max_dest_rd_atomic);
+ if (!validate_rd_atomic(dev, attr, attr_mask, qp_type))
goto out;
- }
if (cur_state == new_state && cur_state == IB_QPS_RESET) {
err = 0;
--
2.35.1
^ permalink raw reply related [flat|nested] 529+ messages in thread
* [PATCH 4.19 449/521] net: sched: atm: dont intepret cls results when asked to drop
2023-01-16 15:44 [PATCH 4.19 000/521] 4.19.270-rc1 review Greg Kroah-Hartman
` (447 preceding siblings ...)
2023-01-16 15:51 ` [PATCH 4.19 448/521] RDMA/mlx5: Fix validation of max_rd_atomic caps for DC Greg Kroah-Hartman
@ 2023-01-16 15:51 ` Greg Kroah-Hartman
2023-01-16 15:51 ` [PATCH 4.19 450/521] usb: rndis_host: Secure rndis_query check against int overflow Greg Kroah-Hartman
` (75 subsequent siblings)
524 siblings, 0 replies; 529+ messages in thread
From: Greg Kroah-Hartman @ 2023-01-16 15:51 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Jamal Hadi Salim, David S. Miller,
Sasha Levin
From: Jamal Hadi Salim <jhs@mojatatu.com>
[ Upstream commit a2965c7be0522eaa18808684b7b82b248515511b ]
If asked to drop a packet via TC_ACT_SHOT it is unsafe to assume
res.class contains a valid pointer
Fixes: b0188d4dbe5f ("[NET_SCHED]: sch_atm: Lindent")
Signed-off-by: Jamal Hadi Salim <jhs@mojatatu.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
net/sched/sch_atm.c | 5 ++++-
1 file changed, 4 insertions(+), 1 deletion(-)
diff --git a/net/sched/sch_atm.c b/net/sched/sch_atm.c
index 9a1bfa13a6cd..ff825f40ea04 100644
--- a/net/sched/sch_atm.c
+++ b/net/sched/sch_atm.c
@@ -394,10 +394,13 @@ static int atm_tc_enqueue(struct sk_buff *skb, struct Qdisc *sch,
result = tcf_classify(skb, fl, &res, true);
if (result < 0)
continue;
+ if (result == TC_ACT_SHOT)
+ goto done;
+
flow = (struct atm_flow_data *)res.class;
if (!flow)
flow = lookup_flow(sch, res.classid);
- goto done;
+ goto drop;
}
}
flow = NULL;
--
2.35.1
^ permalink raw reply related [flat|nested] 529+ messages in thread
* [PATCH 4.19 450/521] usb: rndis_host: Secure rndis_query check against int overflow
2023-01-16 15:44 [PATCH 4.19 000/521] 4.19.270-rc1 review Greg Kroah-Hartman
` (448 preceding siblings ...)
2023-01-16 15:51 ` [PATCH 4.19 449/521] net: sched: atm: dont intepret cls results when asked to drop Greg Kroah-Hartman
@ 2023-01-16 15:51 ` Greg Kroah-Hartman
2023-01-16 15:51 ` [PATCH 4.19 451/521] caif: fix memory leak in cfctrl_linkup_request() Greg Kroah-Hartman
` (74 subsequent siblings)
524 siblings, 0 replies; 529+ messages in thread
From: Greg Kroah-Hartman @ 2023-01-16 15:51 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Szymon Heidrich, David S. Miller,
Sasha Levin
From: Szymon Heidrich <szymon.heidrich@gmail.com>
[ Upstream commit c7dd13805f8b8fc1ce3b6d40f6aff47e66b72ad2 ]
Variables off and len typed as uint32 in rndis_query function
are controlled by incoming RNDIS response message thus their
value may be manipulated. Setting off to a unexpectetly large
value will cause the sum with len and 8 to overflow and pass
the implemented validation step. Consequently the response
pointer will be referring to a location past the expected
buffer boundaries allowing information leakage e.g. via
RNDIS_OID_802_3_PERMANENT_ADDRESS OID.
Fixes: ddda08624013 ("USB: rndis_host, various cleanups")
Signed-off-by: Szymon Heidrich <szymon.heidrich@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/usb/rndis_host.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/drivers/net/usb/rndis_host.c b/drivers/net/usb/rndis_host.c
index ab41a63aa4aa..497d6bcdc276 100644
--- a/drivers/net/usb/rndis_host.c
+++ b/drivers/net/usb/rndis_host.c
@@ -267,7 +267,8 @@ static int rndis_query(struct usbnet *dev, struct usb_interface *intf,
off = le32_to_cpu(u.get_c->offset);
len = le32_to_cpu(u.get_c->len);
- if (unlikely((8 + off + len) > CONTROL_BUFFER_SIZE))
+ if (unlikely((off > CONTROL_BUFFER_SIZE - 8) ||
+ (len > CONTROL_BUFFER_SIZE - 8 - off)))
goto response_error;
if (*reply_len != -1 && len != *reply_len)
--
2.35.1
^ permalink raw reply related [flat|nested] 529+ messages in thread
* [PATCH 4.19 451/521] caif: fix memory leak in cfctrl_linkup_request()
2023-01-16 15:44 [PATCH 4.19 000/521] 4.19.270-rc1 review Greg Kroah-Hartman
` (449 preceding siblings ...)
2023-01-16 15:51 ` [PATCH 4.19 450/521] usb: rndis_host: Secure rndis_query check against int overflow Greg Kroah-Hartman
@ 2023-01-16 15:51 ` Greg Kroah-Hartman
2023-01-16 15:51 ` [PATCH 4.19 452/521] udf: Fix extension of the last extent in the file Greg Kroah-Hartman
` (73 subsequent siblings)
524 siblings, 0 replies; 529+ messages in thread
From: Greg Kroah-Hartman @ 2023-01-16 15:51 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Zhengchao Shao, Jiri Pirko,
Paolo Abeni, Sasha Levin
From: Zhengchao Shao <shaozhengchao@huawei.com>
[ Upstream commit fe69230f05897b3de758427b574fc98025dfc907 ]
When linktype is unknown or kzalloc failed in cfctrl_linkup_request(),
pkt is not released. Add release process to error path.
Fixes: b482cd2053e3 ("net-caif: add CAIF core protocol stack")
Fixes: 8d545c8f958f ("caif: Disconnect without waiting for response")
Signed-off-by: Zhengchao Shao <shaozhengchao@huawei.com>
Reviewed-by: Jiri Pirko <jiri@nvidia.com>
Link: https://lore.kernel.org/r/20230104065146.1153009-1-shaozhengchao@huawei.com
Signed-off-by: Paolo Abeni <pabeni@redhat.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
net/caif/cfctrl.c | 6 +++++-
1 file changed, 5 insertions(+), 1 deletion(-)
diff --git a/net/caif/cfctrl.c b/net/caif/cfctrl.c
index a1e85f032108..330cb2b087bb 100644
--- a/net/caif/cfctrl.c
+++ b/net/caif/cfctrl.c
@@ -269,11 +269,15 @@ int cfctrl_linkup_request(struct cflayer *layer,
default:
pr_warn("Request setup of bad link type = %d\n",
param->linktype);
+ cfpkt_destroy(pkt);
return -EINVAL;
}
req = kzalloc(sizeof(*req), GFP_KERNEL);
- if (!req)
+ if (!req) {
+ cfpkt_destroy(pkt);
return -ENOMEM;
+ }
+
req->client_layer = user_layer;
req->cmd = CFCTRL_CMD_LINK_SETUP;
req->param = *param;
--
2.35.1
^ permalink raw reply related [flat|nested] 529+ messages in thread
* [PATCH 4.19 452/521] udf: Fix extension of the last extent in the file
2023-01-16 15:44 [PATCH 4.19 000/521] 4.19.270-rc1 review Greg Kroah-Hartman
` (450 preceding siblings ...)
2023-01-16 15:51 ` [PATCH 4.19 451/521] caif: fix memory leak in cfctrl_linkup_request() Greg Kroah-Hartman
@ 2023-01-16 15:51 ` Greg Kroah-Hartman
2023-01-16 15:51 ` [PATCH 4.19 453/521] ASoC: Intel: bytcr_rt5640: Add quirk for the Advantech MICA-071 tablet Greg Kroah-Hartman
` (72 subsequent siblings)
524 siblings, 0 replies; 529+ messages in thread
From: Greg Kroah-Hartman @ 2023-01-16 15:51 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Jan Kara, Sasha Levin
From: Jan Kara <jack@suse.cz>
[ Upstream commit 83c7423d1eb6806d13c521d1002cc1a012111719 ]
When extending the last extent in the file within the last block, we
wrongly computed the length of the last extent. This is mostly a
cosmetical problem since the extent does not contain any data and the
length will be fixed up by following operations but still.
Fixes: 1f3868f06855 ("udf: Fix extending file within last block")
Signed-off-by: Jan Kara <jack@suse.cz>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
fs/udf/inode.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/fs/udf/inode.c b/fs/udf/inode.c
index 8ff8cd0d2801..55a86120e756 100644
--- a/fs/udf/inode.c
+++ b/fs/udf/inode.c
@@ -595,7 +595,7 @@ static void udf_do_extend_final_block(struct inode *inode,
*/
if (new_elen <= (last_ext->extLength & UDF_EXTENT_LENGTH_MASK))
return;
- added_bytes = (last_ext->extLength & UDF_EXTENT_LENGTH_MASK) - new_elen;
+ added_bytes = new_elen - (last_ext->extLength & UDF_EXTENT_LENGTH_MASK);
last_ext->extLength += added_bytes;
UDF_I(inode)->i_lenExtents += added_bytes;
--
2.35.1
^ permalink raw reply related [flat|nested] 529+ messages in thread
* [PATCH 4.19 453/521] ASoC: Intel: bytcr_rt5640: Add quirk for the Advantech MICA-071 tablet
2023-01-16 15:44 [PATCH 4.19 000/521] 4.19.270-rc1 review Greg Kroah-Hartman
` (451 preceding siblings ...)
2023-01-16 15:51 ` [PATCH 4.19 452/521] udf: Fix extension of the last extent in the file Greg Kroah-Hartman
@ 2023-01-16 15:51 ` Greg Kroah-Hartman
2023-01-16 15:51 ` [PATCH 4.19 454/521] x86/bugs: Flush IBP in ib_prctl_set() Greg Kroah-Hartman
` (71 subsequent siblings)
524 siblings, 0 replies; 529+ messages in thread
From: Greg Kroah-Hartman @ 2023-01-16 15:51 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Hans de Goede, Pierre-Louis Bossart,
Mark Brown, Sasha Levin
From: Hans de Goede <hdegoede@redhat.com>
[ Upstream commit a1dec9d70b6ad97087b60b81d2492134a84208c6 ]
The Advantech MICA-071 tablet deviates from the defaults for
a non CR Bay Trail based tablet in several ways:
1. It uses an analog MIC on IN3 rather then using DMIC1
2. It only has 1 speaker
3. It needs the OVCD current threshold to be set to 1500uA instead of
the default 2000uA to reliable differentiate between headphones vs
headsets
Add a quirk with these settings for this tablet.
Signed-off-by: Hans de Goede <hdegoede@redhat.com>
Acked-by: Pierre-Louis Bossart <pierre-louis.bossart@linux.intel.com>
Link: https://lore.kernel.org/r/20221213123246.11226-1-hdegoede@redhat.com
Signed-off-by: Mark Brown <broonie@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
sound/soc/intel/boards/bytcr_rt5640.c | 15 +++++++++++++++
1 file changed, 15 insertions(+)
diff --git a/sound/soc/intel/boards/bytcr_rt5640.c b/sound/soc/intel/boards/bytcr_rt5640.c
index c4d19b88d17d..2001bc774c64 100644
--- a/sound/soc/intel/boards/bytcr_rt5640.c
+++ b/sound/soc/intel/boards/bytcr_rt5640.c
@@ -437,6 +437,21 @@ static const struct dmi_system_id byt_rt5640_quirk_table[] = {
BYT_RT5640_SSP0_AIF1 |
BYT_RT5640_MCLK_EN),
},
+ {
+ /* Advantech MICA-071 */
+ .matches = {
+ DMI_EXACT_MATCH(DMI_SYS_VENDOR, "Advantech"),
+ DMI_EXACT_MATCH(DMI_PRODUCT_NAME, "MICA-071"),
+ },
+ /* OVCD Th = 1500uA to reliable detect head-phones vs -set */
+ .driver_data = (void *)(BYT_RT5640_IN3_MAP |
+ BYT_RT5640_JD_SRC_JD2_IN4N |
+ BYT_RT5640_OVCD_TH_1500UA |
+ BYT_RT5640_OVCD_SF_0P75 |
+ BYT_RT5640_MONO_SPEAKER |
+ BYT_RT5640_DIFF_MIC |
+ BYT_RT5640_MCLK_EN),
+ },
{
.matches = {
DMI_EXACT_MATCH(DMI_SYS_VENDOR, "ARCHOS"),
--
2.35.1
^ permalink raw reply related [flat|nested] 529+ messages in thread
* [PATCH 4.19 454/521] x86/bugs: Flush IBP in ib_prctl_set()
2023-01-16 15:44 [PATCH 4.19 000/521] 4.19.270-rc1 review Greg Kroah-Hartman
` (452 preceding siblings ...)
2023-01-16 15:51 ` [PATCH 4.19 453/521] ASoC: Intel: bytcr_rt5640: Add quirk for the Advantech MICA-071 tablet Greg Kroah-Hartman
@ 2023-01-16 15:51 ` Greg Kroah-Hartman
2023-01-16 15:51 ` [PATCH 4.19 455/521] nfsd: fix handling of readdir in v4root vs. mount upcall timeout Greg Kroah-Hartman
` (70 subsequent siblings)
524 siblings, 0 replies; 529+ messages in thread
From: Greg Kroah-Hartman @ 2023-01-16 15:51 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Rodrigo Branco,
Borislav Petkov (AMD),
Ingo Molnar
From: Rodrigo Branco <bsdaemon@google.com>
commit a664ec9158eeddd75121d39c9a0758016097fa96 upstream.
We missed the window between the TIF flag update and the next reschedule.
Signed-off-by: Rodrigo Branco <bsdaemon@google.com>
Reviewed-by: Borislav Petkov (AMD) <bp@alien8.de>
Signed-off-by: Ingo Molnar <mingo@kernel.org>
Cc: <stable@vger.kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
arch/x86/kernel/cpu/bugs.c | 2 ++
1 file changed, 2 insertions(+)
--- a/arch/x86/kernel/cpu/bugs.c
+++ b/arch/x86/kernel/cpu/bugs.c
@@ -1778,6 +1778,8 @@ static int ib_prctl_set(struct task_stru
if (ctrl == PR_SPEC_FORCE_DISABLE)
task_set_spec_ib_force_disable(task);
task_update_spec_tif(task);
+ if (task == current)
+ indirect_branch_prediction_barrier();
break;
default:
return -ERANGE;
^ permalink raw reply [flat|nested] 529+ messages in thread
* [PATCH 4.19 455/521] nfsd: fix handling of readdir in v4root vs. mount upcall timeout
2023-01-16 15:44 [PATCH 4.19 000/521] 4.19.270-rc1 review Greg Kroah-Hartman
` (453 preceding siblings ...)
2023-01-16 15:51 ` [PATCH 4.19 454/521] x86/bugs: Flush IBP in ib_prctl_set() Greg Kroah-Hartman
@ 2023-01-16 15:51 ` Greg Kroah-Hartman
2023-01-16 15:51 ` [PATCH 4.19 456/521] riscv: uaccess: fix type of 0 variable on error in get_user() Greg Kroah-Hartman
` (69 subsequent siblings)
524 siblings, 0 replies; 529+ messages in thread
From: Greg Kroah-Hartman @ 2023-01-16 15:51 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Steve Dickson, JianHong Yin,
Jeff Layton, Chuck Lever
From: Jeff Layton <jlayton@kernel.org>
commit cad853374d85fe678d721512cecfabd7636e51f3 upstream.
If v4 READDIR operation hits a mountpoint and gets back an error,
then it will include that entry in the reply and set RDATTR_ERROR for it
to the error.
That's fine for "normal" exported filesystems, but on the v4root, we
need to be more careful to only expose the existence of dentries that
lead to exports.
If the mountd upcall times out while checking to see whether a
mountpoint on the v4root is exported, then we have no recourse other
than to fail the whole operation.
Cc: Steve Dickson <steved@redhat.com>
Link: https://bugzilla.kernel.org/show_bug.cgi?id=216777
Reported-by: JianHong Yin <yin-jianhong@163.com>
Signed-off-by: Jeff Layton <jlayton@kernel.org>
Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
Cc: <stable@vger.kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/nfsd/nfs4xdr.c | 11 +++++++++++
1 file changed, 11 insertions(+)
--- a/fs/nfsd/nfs4xdr.c
+++ b/fs/nfsd/nfs4xdr.c
@@ -3102,6 +3102,17 @@ nfsd4_encode_dirent(void *ccdv, const ch
case nfserr_noent:
xdr_truncate_encode(xdr, start_offset);
goto skip_entry;
+ case nfserr_jukebox:
+ /*
+ * The pseudoroot should only display dentries that lead to
+ * exports. If we get EJUKEBOX here, then we can't tell whether
+ * this entry should be included. Just fail the whole READDIR
+ * with NFS4ERR_DELAY in that case, and hope that the situation
+ * will resolve itself by the client's next attempt.
+ */
+ if (cd->rd_fhp->fh_export->ex_flags & NFSEXP_V4ROOT)
+ goto fail;
+ /* fallthrough */
default:
/*
* If the client requested the RDATTR_ERROR attribute,
^ permalink raw reply [flat|nested] 529+ messages in thread
* [PATCH 4.19 456/521] riscv: uaccess: fix type of 0 variable on error in get_user()
2023-01-16 15:44 [PATCH 4.19 000/521] 4.19.270-rc1 review Greg Kroah-Hartman
` (454 preceding siblings ...)
2023-01-16 15:51 ` [PATCH 4.19 455/521] nfsd: fix handling of readdir in v4root vs. mount upcall timeout Greg Kroah-Hartman
@ 2023-01-16 15:51 ` Greg Kroah-Hartman
2023-01-16 15:51 ` [PATCH 4.19 457/521] ext4: dont allow journal inode to have encrypt flag Greg Kroah-Hartman
` (68 subsequent siblings)
524 siblings, 0 replies; 529+ messages in thread
From: Greg Kroah-Hartman @ 2023-01-16 15:51 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Ben Dooks, Palmer Dabbelt
From: Ben Dooks <ben-linux@fluff.org>
commit b9b916aee6715cd7f3318af6dc360c4729417b94 upstream.
If the get_user(x, ptr) has x as a pointer, then the setting
of (x) = 0 is going to produce the following sparse warning,
so fix this by forcing the type of 'x' when access_ok() fails.
fs/aio.c:2073:21: warning: Using plain integer as NULL pointer
Signed-off-by: Ben Dooks <ben-linux@fluff.org>
Reviewed-by: Palmer Dabbelt <palmer@rivosinc.com>
Link: https://lore.kernel.org/r/20221229170545.718264-1-ben-linux@fluff.org
Cc: stable@vger.kernel.org
Signed-off-by: Palmer Dabbelt <palmer@rivosinc.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
arch/riscv/include/asm/uaccess.h | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/arch/riscv/include/asm/uaccess.h
+++ b/arch/riscv/include/asm/uaccess.h
@@ -260,7 +260,7 @@ do { \
might_fault(); \
access_ok(VERIFY_READ, __p, sizeof(*__p)) ? \
__get_user((x), __p) : \
- ((x) = 0, -EFAULT); \
+ ((x) = (__force __typeof__(x))0, -EFAULT); \
})
#define __put_user_asm(insn, x, ptr, err) \
^ permalink raw reply [flat|nested] 529+ messages in thread
* [PATCH 4.19 457/521] ext4: dont allow journal inode to have encrypt flag
2023-01-16 15:44 [PATCH 4.19 000/521] 4.19.270-rc1 review Greg Kroah-Hartman
` (455 preceding siblings ...)
2023-01-16 15:51 ` [PATCH 4.19 456/521] riscv: uaccess: fix type of 0 variable on error in get_user() Greg Kroah-Hartman
@ 2023-01-16 15:51 ` Greg Kroah-Hartman
2023-01-16 15:52 ` [PATCH 4.19 458/521] hfs/hfsplus: use WARN_ON for sanity check Greg Kroah-Hartman
` (67 subsequent siblings)
524 siblings, 0 replies; 529+ messages in thread
From: Greg Kroah-Hartman @ 2023-01-16 15:51 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, syzbot+ba9dac45bc76c490b7c3,
Eric Biggers, Theodore Tso, stable
From: Eric Biggers <ebiggers@google.com>
commit 105c78e12468413e426625831faa7db4284e1fec upstream.
Mounting a filesystem whose journal inode has the encrypt flag causes a
NULL dereference in fscrypt_limit_io_blocks() when the 'inlinecrypt'
mount option is used.
The problem is that when jbd2_journal_init_inode() calls bmap(), it
eventually finds its way into ext4_iomap_begin(), which calls
fscrypt_limit_io_blocks(). fscrypt_limit_io_blocks() requires that if
the inode is encrypted, then its encryption key must already be set up.
That's not the case here, since the journal inode is never "opened" like
a normal file would be. Hence the crash.
A reproducer is:
mkfs.ext4 -F /dev/vdb
debugfs -w /dev/vdb -R "set_inode_field <8> flags 0x80808"
mount /dev/vdb /mnt -o inlinecrypt
To fix this, make ext4 consider journal inodes with the encrypt flag to
be invalid. (Note, maybe other flags should be rejected on the journal
inode too. For now, this is just the minimal fix for the above issue.)
I've marked this as fixing the commit that introduced the call to
fscrypt_limit_io_blocks(), since that's what made an actual crash start
being possible. But this fix could be applied to any version of ext4
that supports the encrypt feature.
Reported-by: syzbot+ba9dac45bc76c490b7c3@syzkaller.appspotmail.com
Fixes: 38ea50daa7a4 ("ext4: support direct I/O with fscrypt using blk-crypto")
Cc: stable@vger.kernel.org
Signed-off-by: Eric Biggers <ebiggers@google.com>
Link: https://lore.kernel.org/r/20221102053312.189962-1-ebiggers@kernel.org
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
Cc: stable@kernel.org
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/ext4/super.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/fs/ext4/super.c
+++ b/fs/ext4/super.c
@@ -4732,7 +4732,7 @@ static struct inode *ext4_get_journal_in
jbd_debug(2, "Journal inode found at %p: %lld bytes\n",
journal_inode, journal_inode->i_size);
- if (!S_ISREG(journal_inode->i_mode)) {
+ if (!S_ISREG(journal_inode->i_mode) || IS_ENCRYPTED(journal_inode)) {
ext4_msg(sb, KERN_ERR, "invalid journal inode");
iput(journal_inode);
return NULL;
^ permalink raw reply [flat|nested] 529+ messages in thread
* [PATCH 4.19 458/521] hfs/hfsplus: use WARN_ON for sanity check
2023-01-16 15:44 [PATCH 4.19 000/521] 4.19.270-rc1 review Greg Kroah-Hartman
` (456 preceding siblings ...)
2023-01-16 15:51 ` [PATCH 4.19 457/521] ext4: dont allow journal inode to have encrypt flag Greg Kroah-Hartman
@ 2023-01-16 15:52 ` Greg Kroah-Hartman
2023-01-16 15:52 ` [PATCH 4.19 459/521] hfs/hfsplus: avoid WARN_ON() for sanity check, use proper error handling Greg Kroah-Hartman
` (66 subsequent siblings)
524 siblings, 0 replies; 529+ messages in thread
From: Greg Kroah-Hartman @ 2023-01-16 15:52 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Arnd Bergmann, Christian Brauner,
Alexander Viro, Jan Kara, Andrew Morton, Linus Torvalds
From: Arnd Bergmann <arnd@arndb.de>
commit 55d1cbbbb29e6656c662ee8f73ba1fc4777532eb upstream.
gcc warns about a couple of instances in which a sanity check exists but
the author wasn't sure how to react to it failing, which makes it look
like a possible bug:
fs/hfsplus/inode.c: In function 'hfsplus_cat_read_inode':
fs/hfsplus/inode.c:503:37: error: suggest braces around empty body in an 'if' statement [-Werror=empty-body]
503 | /* panic? */;
| ^
fs/hfsplus/inode.c:524:37: error: suggest braces around empty body in an 'if' statement [-Werror=empty-body]
524 | /* panic? */;
| ^
fs/hfsplus/inode.c: In function 'hfsplus_cat_write_inode':
fs/hfsplus/inode.c:582:37: error: suggest braces around empty body in an 'if' statement [-Werror=empty-body]
582 | /* panic? */;
| ^
fs/hfsplus/inode.c:608:37: error: suggest braces around empty body in an 'if' statement [-Werror=empty-body]
608 | /* panic? */;
| ^
fs/hfs/inode.c: In function 'hfs_write_inode':
fs/hfs/inode.c:464:37: error: suggest braces around empty body in an 'if' statement [-Werror=empty-body]
464 | /* panic? */;
| ^
fs/hfs/inode.c:485:37: error: suggest braces around empty body in an 'if' statement [-Werror=empty-body]
485 | /* panic? */;
| ^
panic() is probably not the correct choice here, but a WARN_ON
seems appropriate and avoids the compile-time warning.
Link: https://lkml.kernel.org/r/20210927102149.1809384-1-arnd@kernel.org
Link: https://lore.kernel.org/all/20210322223249.2632268-1-arnd@kernel.org/
Signed-off-by: Arnd Bergmann <arnd@arndb.de>
Reviewed-by: Christian Brauner <christian.brauner@ubuntu.com>
Cc: Alexander Viro <viro@zeniv.linux.org.uk>
Cc: Christian Brauner <christian.brauner@ubuntu.com>
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Cc: Jan Kara <jack@suse.cz>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/hfs/inode.c | 6 ++----
fs/hfsplus/inode.c | 12 ++++--------
2 files changed, 6 insertions(+), 12 deletions(-)
--- a/fs/hfs/inode.c
+++ b/fs/hfs/inode.c
@@ -461,8 +461,7 @@ int hfs_write_inode(struct inode *inode,
goto out;
if (S_ISDIR(main_inode->i_mode)) {
- if (fd.entrylength < sizeof(struct hfs_cat_dir))
- /* panic? */;
+ WARN_ON(fd.entrylength < sizeof(struct hfs_cat_dir));
hfs_bnode_read(fd.bnode, &rec, fd.entryoffset,
sizeof(struct hfs_cat_dir));
if (rec.type != HFS_CDR_DIR ||
@@ -482,8 +481,7 @@ int hfs_write_inode(struct inode *inode,
hfs_bnode_write(fd.bnode, &rec, fd.entryoffset,
sizeof(struct hfs_cat_file));
} else {
- if (fd.entrylength < sizeof(struct hfs_cat_file))
- /* panic? */;
+ WARN_ON(fd.entrylength < sizeof(struct hfs_cat_file));
hfs_bnode_read(fd.bnode, &rec, fd.entryoffset,
sizeof(struct hfs_cat_file));
if (rec.type != HFS_CDR_FIL ||
--- a/fs/hfsplus/inode.c
+++ b/fs/hfsplus/inode.c
@@ -476,8 +476,7 @@ int hfsplus_cat_read_inode(struct inode
if (type == HFSPLUS_FOLDER) {
struct hfsplus_cat_folder *folder = &entry.folder;
- if (fd->entrylength < sizeof(struct hfsplus_cat_folder))
- /* panic? */;
+ WARN_ON(fd->entrylength < sizeof(struct hfsplus_cat_folder));
hfs_bnode_read(fd->bnode, &entry, fd->entryoffset,
sizeof(struct hfsplus_cat_folder));
hfsplus_get_perms(inode, &folder->permissions, 1);
@@ -497,8 +496,7 @@ int hfsplus_cat_read_inode(struct inode
} else if (type == HFSPLUS_FILE) {
struct hfsplus_cat_file *file = &entry.file;
- if (fd->entrylength < sizeof(struct hfsplus_cat_file))
- /* panic? */;
+ WARN_ON(fd->entrylength < sizeof(struct hfsplus_cat_file));
hfs_bnode_read(fd->bnode, &entry, fd->entryoffset,
sizeof(struct hfsplus_cat_file));
@@ -555,8 +553,7 @@ int hfsplus_cat_write_inode(struct inode
if (S_ISDIR(main_inode->i_mode)) {
struct hfsplus_cat_folder *folder = &entry.folder;
- if (fd.entrylength < sizeof(struct hfsplus_cat_folder))
- /* panic? */;
+ WARN_ON(fd.entrylength < sizeof(struct hfsplus_cat_folder));
hfs_bnode_read(fd.bnode, &entry, fd.entryoffset,
sizeof(struct hfsplus_cat_folder));
/* simple node checks? */
@@ -581,8 +578,7 @@ int hfsplus_cat_write_inode(struct inode
} else {
struct hfsplus_cat_file *file = &entry.file;
- if (fd.entrylength < sizeof(struct hfsplus_cat_file))
- /* panic? */;
+ WARN_ON(fd.entrylength < sizeof(struct hfsplus_cat_file));
hfs_bnode_read(fd.bnode, &entry, fd.entryoffset,
sizeof(struct hfsplus_cat_file));
hfsplus_inode_write_fork(inode, &file->data_fork);
^ permalink raw reply [flat|nested] 529+ messages in thread
* [PATCH 4.19 459/521] hfs/hfsplus: avoid WARN_ON() for sanity check, use proper error handling
2023-01-16 15:44 [PATCH 4.19 000/521] 4.19.270-rc1 review Greg Kroah-Hartman
` (457 preceding siblings ...)
2023-01-16 15:52 ` [PATCH 4.19 458/521] hfs/hfsplus: use WARN_ON for sanity check Greg Kroah-Hartman
@ 2023-01-16 15:52 ` Greg Kroah-Hartman
2023-01-16 15:52 ` [PATCH 4.19 460/521] mbcache: Avoid nesting of cache->c_list_lock under bit locks Greg Kroah-Hartman
` (65 subsequent siblings)
524 siblings, 0 replies; 529+ messages in thread
From: Greg Kroah-Hartman @ 2023-01-16 15:52 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, syzbot+7bb7cd3595533513a9e7,
Michael Schmitz, Arnd Bergmann, Matthew Wilcox,
Viacheslav Dubeyko, Linus Torvalds
From: Linus Torvalds <torvalds@linux-foundation.org>
commit cb7a95af78d29442b8294683eca4897544b8ef46 upstream.
Commit 55d1cbbbb29e ("hfs/hfsplus: use WARN_ON for sanity check") fixed
a build warning by turning a comment into a WARN_ON(), but it turns out
that syzbot then complains because it can trigger said warning with a
corrupted hfs image.
The warning actually does warn about a bad situation, but we are much
better off just handling it as the error it is. So rather than warn
about us doing bad things, stop doing the bad things and return -EIO.
While at it, also fix a memory leak that was introduced by an earlier
fix for a similar syzbot warning situation, and add a check for one case
that historically wasn't handled at all (ie neither comment nor
subsequent WARN_ON).
Reported-by: syzbot+7bb7cd3595533513a9e7@syzkaller.appspotmail.com
Fixes: 55d1cbbbb29e ("hfs/hfsplus: use WARN_ON for sanity check")
Fixes: 8d824e69d9f3 ("hfs: fix OOB Read in __hfs_brec_find")
Link: https://lore.kernel.org/lkml/000000000000dbce4e05f170f289@google.com/
Tested-by: Michael Schmitz <schmitzmic@gmail.com>
Cc: Arnd Bergmann <arnd@arndb.de>
Cc: Matthew Wilcox <willy@infradead.org>
Cc: Viacheslav Dubeyko <slava@dubeyko.com>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/hfs/inode.c | 15 ++++++++++-----
1 file changed, 10 insertions(+), 5 deletions(-)
--- a/fs/hfs/inode.c
+++ b/fs/hfs/inode.c
@@ -453,15 +453,16 @@ int hfs_write_inode(struct inode *inode,
/* panic? */
return -EIO;
+ res = -EIO;
if (HFS_I(main_inode)->cat_key.CName.len > HFS_NAMELEN)
- return -EIO;
+ goto out;
fd.search_key->cat = HFS_I(main_inode)->cat_key;
if (hfs_brec_find(&fd))
- /* panic? */
goto out;
if (S_ISDIR(main_inode->i_mode)) {
- WARN_ON(fd.entrylength < sizeof(struct hfs_cat_dir));
+ if (fd.entrylength < sizeof(struct hfs_cat_dir))
+ goto out;
hfs_bnode_read(fd.bnode, &rec, fd.entryoffset,
sizeof(struct hfs_cat_dir));
if (rec.type != HFS_CDR_DIR ||
@@ -474,6 +475,8 @@ int hfs_write_inode(struct inode *inode,
hfs_bnode_write(fd.bnode, &rec, fd.entryoffset,
sizeof(struct hfs_cat_dir));
} else if (HFS_IS_RSRC(inode)) {
+ if (fd.entrylength < sizeof(struct hfs_cat_file))
+ goto out;
hfs_bnode_read(fd.bnode, &rec, fd.entryoffset,
sizeof(struct hfs_cat_file));
hfs_inode_write_fork(inode, rec.file.RExtRec,
@@ -481,7 +484,8 @@ int hfs_write_inode(struct inode *inode,
hfs_bnode_write(fd.bnode, &rec, fd.entryoffset,
sizeof(struct hfs_cat_file));
} else {
- WARN_ON(fd.entrylength < sizeof(struct hfs_cat_file));
+ if (fd.entrylength < sizeof(struct hfs_cat_file))
+ goto out;
hfs_bnode_read(fd.bnode, &rec, fd.entryoffset,
sizeof(struct hfs_cat_file));
if (rec.type != HFS_CDR_FIL ||
@@ -498,9 +502,10 @@ int hfs_write_inode(struct inode *inode,
hfs_bnode_write(fd.bnode, &rec, fd.entryoffset,
sizeof(struct hfs_cat_file));
}
+ res = 0;
out:
hfs_find_exit(&fd);
- return 0;
+ return res;
}
static struct dentry *hfs_file_lookup(struct inode *dir, struct dentry *dentry,
^ permalink raw reply [flat|nested] 529+ messages in thread
* [PATCH 4.19 460/521] mbcache: Avoid nesting of cache->c_list_lock under bit locks
2023-01-16 15:44 [PATCH 4.19 000/521] 4.19.270-rc1 review Greg Kroah-Hartman
` (458 preceding siblings ...)
2023-01-16 15:52 ` [PATCH 4.19 459/521] hfs/hfsplus: avoid WARN_ON() for sanity check, use proper error handling Greg Kroah-Hartman
@ 2023-01-16 15:52 ` Greg Kroah-Hartman
2023-01-16 15:52 ` [PATCH 4.19 461/521] parisc: Align parisc MADV_XXX constants with all other architectures Greg Kroah-Hartman
` (64 subsequent siblings)
524 siblings, 0 replies; 529+ messages in thread
From: Greg Kroah-Hartman @ 2023-01-16 15:52 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, stable, Mike Galbraith, Jan Kara,
Theodore Tso
From: Jan Kara <jack@suse.cz>
commit 5fc4cbd9fde5d4630494fd6ffc884148fb618087 upstream.
Commit 307af6c87937 ("mbcache: automatically delete entries from cache
on freeing") started nesting cache->c_list_lock under the bit locks
protecting hash buckets of the mbcache hash table in
mb_cache_entry_create(). This causes problems for real-time kernels
because there spinlocks are sleeping locks while bitlocks stay atomic.
Luckily the nesting is easy to avoid by holding entry reference until
the entry is added to the LRU list. This makes sure we cannot race with
entry deletion.
Cc: stable@kernel.org
Fixes: 307af6c87937 ("mbcache: automatically delete entries from cache on freeing")
Reported-by: Mike Galbraith <efault@gmx.de>
Signed-off-by: Jan Kara <jack@suse.cz>
Link: https://lore.kernel.org/r/20220908091032.10513-1-jack@suse.cz
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/mbcache.c | 17 ++++++++++-------
1 file changed, 10 insertions(+), 7 deletions(-)
--- a/fs/mbcache.c
+++ b/fs/mbcache.c
@@ -89,8 +89,14 @@ int mb_cache_entry_create(struct mb_cach
return -ENOMEM;
INIT_LIST_HEAD(&entry->e_list);
- /* Initial hash reference */
- atomic_set(&entry->e_refcnt, 1);
+ /*
+ * We create entry with two references. One reference is kept by the
+ * hash table, the other reference is used to protect us from
+ * mb_cache_entry_delete_or_get() until the entry is fully setup. This
+ * avoids nesting of cache->c_list_lock into hash table bit locks which
+ * is problematic for RT.
+ */
+ atomic_set(&entry->e_refcnt, 2);
entry->e_key = key;
entry->e_value = value;
entry->e_flags = 0;
@@ -106,15 +112,12 @@ int mb_cache_entry_create(struct mb_cach
}
}
hlist_bl_add_head(&entry->e_hash_list, head);
- /*
- * Add entry to LRU list before it can be found by
- * mb_cache_entry_delete() to avoid races
- */
+ hlist_bl_unlock(head);
spin_lock(&cache->c_list_lock);
list_add_tail(&entry->e_list, &cache->c_list);
cache->c_entry_count++;
spin_unlock(&cache->c_list_lock);
- hlist_bl_unlock(head);
+ mb_cache_entry_put(cache, entry);
return 0;
}
^ permalink raw reply [flat|nested] 529+ messages in thread
* [PATCH 4.19 461/521] parisc: Align parisc MADV_XXX constants with all other architectures
2023-01-16 15:44 [PATCH 4.19 000/521] 4.19.270-rc1 review Greg Kroah-Hartman
` (459 preceding siblings ...)
2023-01-16 15:52 ` [PATCH 4.19 460/521] mbcache: Avoid nesting of cache->c_list_lock under bit locks Greg Kroah-Hartman
@ 2023-01-16 15:52 ` Greg Kroah-Hartman
2023-01-16 15:52 ` [PATCH 4.19 462/521] driver core: Fix bus_type.match() error handling in __driver_attach() Greg Kroah-Hartman
` (63 subsequent siblings)
524 siblings, 0 replies; 529+ messages in thread
From: Greg Kroah-Hartman @ 2023-01-16 15:52 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Helge Deller
From: Helge Deller <deller@gmx.de>
commit 71bdea6f798b425bc0003780b13e3fdecb16a010 upstream.
Adjust some MADV_XXX constants to be in sync what their values are on
all other platforms. There is currently no reason to have an own
numbering on parisc, but it requires workarounds in many userspace
sources (e.g. glibc, qemu, ...) - which are often forgotten and thus
introduce bugs and different behaviour on parisc.
A wrapper avoids an ABI breakage for existing userspace applications by
translating any old values to the new ones, so this change allows us to
move over all programs to the new ABI over time.
Signed-off-by: Helge Deller <deller@gmx.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
arch/parisc/include/uapi/asm/mman.h | 17 ++++++++---------
arch/parisc/kernel/sys_parisc.c | 27 +++++++++++++++++++++++++++
arch/parisc/kernel/syscall_table.S | 2 +-
tools/arch/parisc/include/uapi/asm/mman.h | 12 ++++++------
tools/perf/bench/bench.h | 12 ------------
5 files changed, 42 insertions(+), 28 deletions(-)
--- a/arch/parisc/include/uapi/asm/mman.h
+++ b/arch/parisc/include/uapi/asm/mman.h
@@ -50,25 +50,24 @@
#define MADV_DONTFORK 10 /* don't inherit across fork */
#define MADV_DOFORK 11 /* do inherit across fork */
-#define MADV_MERGEABLE 65 /* KSM may merge identical pages */
-#define MADV_UNMERGEABLE 66 /* KSM may not merge identical pages */
+#define MADV_MERGEABLE 12 /* KSM may merge identical pages */
+#define MADV_UNMERGEABLE 13 /* KSM may not merge identical pages */
-#define MADV_HUGEPAGE 67 /* Worth backing with hugepages */
-#define MADV_NOHUGEPAGE 68 /* Not worth backing with hugepages */
+#define MADV_HUGEPAGE 14 /* Worth backing with hugepages */
+#define MADV_NOHUGEPAGE 15 /* Not worth backing with hugepages */
-#define MADV_DONTDUMP 69 /* Explicity exclude from the core dump,
+#define MADV_DONTDUMP 16 /* Explicity exclude from the core dump,
overrides the coredump filter bits */
-#define MADV_DODUMP 70 /* Clear the MADV_NODUMP flag */
+#define MADV_DODUMP 17 /* Clear the MADV_NODUMP flag */
-#define MADV_WIPEONFORK 71 /* Zero memory on fork, child only */
-#define MADV_KEEPONFORK 72 /* Undo MADV_WIPEONFORK */
+#define MADV_WIPEONFORK 18 /* Zero memory on fork, child only */
+#define MADV_KEEPONFORK 19 /* Undo MADV_WIPEONFORK */
#define MADV_HWPOISON 100 /* poison a page for testing */
#define MADV_SOFT_OFFLINE 101 /* soft offline page for testing */
/* compatibility flags */
#define MAP_FILE 0
-#define MAP_VARIABLE 0
#define PKEY_DISABLE_ACCESS 0x1
#define PKEY_DISABLE_WRITE 0x2
--- a/arch/parisc/kernel/sys_parisc.c
+++ b/arch/parisc/kernel/sys_parisc.c
@@ -386,3 +386,30 @@ long parisc_personality(unsigned long pe
return err;
}
+
+/*
+ * madvise() wrapper
+ *
+ * Up to kernel v6.1 parisc has different values than all other
+ * platforms for the MADV_xxx flags listed below.
+ * To keep binary compatibility with existing userspace programs
+ * translate the former values to the new values.
+ *
+ * XXX: Remove this wrapper in year 2025 (or later)
+ */
+
+asmlinkage notrace long parisc_madvise(unsigned long start, size_t len_in, int behavior)
+{
+ switch (behavior) {
+ case 65: behavior = MADV_MERGEABLE; break;
+ case 66: behavior = MADV_UNMERGEABLE; break;
+ case 67: behavior = MADV_HUGEPAGE; break;
+ case 68: behavior = MADV_NOHUGEPAGE; break;
+ case 69: behavior = MADV_DONTDUMP; break;
+ case 70: behavior = MADV_DODUMP; break;
+ case 71: behavior = MADV_WIPEONFORK; break;
+ case 72: behavior = MADV_KEEPONFORK; break;
+ }
+
+ return sys_madvise(start, len_in, behavior);
+}
--- a/arch/parisc/kernel/syscall_table.S
+++ b/arch/parisc/kernel/syscall_table.S
@@ -195,7 +195,7 @@
ENTRY_COMP(sysinfo)
ENTRY_SAME(shutdown)
ENTRY_SAME(fsync)
- ENTRY_SAME(madvise)
+ ENTRY_OURS(madvise)
ENTRY_SAME(clone_wrapper) /* 120 */
ENTRY_SAME(setdomainname)
ENTRY_COMP(sendfile)
--- a/tools/arch/parisc/include/uapi/asm/mman.h
+++ b/tools/arch/parisc/include/uapi/asm/mman.h
@@ -1,20 +1,20 @@
/* SPDX-License-Identifier: GPL-2.0 WITH Linux-syscall-note */
#ifndef TOOLS_ARCH_PARISC_UAPI_ASM_MMAN_FIX_H
#define TOOLS_ARCH_PARISC_UAPI_ASM_MMAN_FIX_H
-#define MADV_DODUMP 70
+#define MADV_DODUMP 17
#define MADV_DOFORK 11
-#define MADV_DONTDUMP 69
+#define MADV_DONTDUMP 16
#define MADV_DONTFORK 10
#define MADV_DONTNEED 4
#define MADV_FREE 8
-#define MADV_HUGEPAGE 67
-#define MADV_MERGEABLE 65
-#define MADV_NOHUGEPAGE 68
+#define MADV_HUGEPAGE 14
+#define MADV_MERGEABLE 12
+#define MADV_NOHUGEPAGE 15
#define MADV_NORMAL 0
#define MADV_RANDOM 1
#define MADV_REMOVE 9
#define MADV_SEQUENTIAL 2
-#define MADV_UNMERGEABLE 66
+#define MADV_UNMERGEABLE 13
#define MADV_WILLNEED 3
#define MAP_ANONYMOUS 0x10
#define MAP_DENYWRITE 0x0800
--- a/tools/perf/bench/bench.h
+++ b/tools/perf/bench/bench.h
@@ -10,25 +10,13 @@ extern struct timeval bench__start, benc
* The madvise transparent hugepage constants were added in glibc
* 2.13. For compatibility with older versions of glibc, define these
* tokens if they are not already defined.
- *
- * PA-RISC uses different madvise values from other architectures and
- * needs to be special-cased.
*/
-#ifdef __hppa__
-# ifndef MADV_HUGEPAGE
-# define MADV_HUGEPAGE 67
-# endif
-# ifndef MADV_NOHUGEPAGE
-# define MADV_NOHUGEPAGE 68
-# endif
-#else
# ifndef MADV_HUGEPAGE
# define MADV_HUGEPAGE 14
# endif
# ifndef MADV_NOHUGEPAGE
# define MADV_NOHUGEPAGE 15
# endif
-#endif
int bench_numa(int argc, const char **argv);
int bench_sched_messaging(int argc, const char **argv);
^ permalink raw reply [flat|nested] 529+ messages in thread
* [PATCH 4.19 462/521] driver core: Fix bus_type.match() error handling in __driver_attach()
2023-01-16 15:44 [PATCH 4.19 000/521] 4.19.270-rc1 review Greg Kroah-Hartman
` (460 preceding siblings ...)
2023-01-16 15:52 ` [PATCH 4.19 461/521] parisc: Align parisc MADV_XXX constants with all other architectures Greg Kroah-Hartman
@ 2023-01-16 15:52 ` Greg Kroah-Hartman
2023-01-16 15:52 ` [PATCH 4.19 463/521] net: sched: disallow noqueue for qdisc classes Greg Kroah-Hartman
` (62 subsequent siblings)
524 siblings, 0 replies; 529+ messages in thread
From: Greg Kroah-Hartman @ 2023-01-16 15:52 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Saravana Kannan, Isaac J. Manjarres
From: Isaac J. Manjarres <isaacmanjarres@google.com>
commit 27c0d217340e47ec995557f61423ef415afba987 upstream.
When a driver registers with a bus, it will attempt to match with every
device on the bus through the __driver_attach() function. Currently, if
the bus_type.match() function encounters an error that is not
-EPROBE_DEFER, __driver_attach() will return a negative error code, which
causes the driver registration logic to stop trying to match with the
remaining devices on the bus.
This behavior is not correct; a failure while matching a driver to a
device does not mean that the driver won't be able to match and bind
with other devices on the bus. Update the logic in __driver_attach()
to reflect this.
Fixes: 656b8035b0ee ("ARM: 8524/1: driver cohandle -EPROBE_DEFER from bus_type.match()")
Cc: stable@vger.kernel.org
Cc: Saravana Kannan <saravanak@google.com>
Signed-off-by: Isaac J. Manjarres <isaacmanjarres@google.com>
Link: https://lore.kernel.org/r/20220921001414.4046492-1-isaacmanjarres@google.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/base/dd.c | 8 ++++++--
1 file changed, 6 insertions(+), 2 deletions(-)
--- a/drivers/base/dd.c
+++ b/drivers/base/dd.c
@@ -911,8 +911,12 @@ static int __driver_attach(struct device
*/
return 0;
} else if (ret < 0) {
- dev_dbg(dev, "Bus failed to match device: %d", ret);
- return ret;
+ dev_dbg(dev, "Bus failed to match device: %d\n", ret);
+ /*
+ * Driver could not match with device, but may match with
+ * another device on the bus.
+ */
+ return 0;
} /* ret > 0 means positive match */
if (dev->parent && dev->bus->need_parent_lock)
^ permalink raw reply [flat|nested] 529+ messages in thread
* [PATCH 4.19 463/521] net: sched: disallow noqueue for qdisc classes
2023-01-16 15:44 [PATCH 4.19 000/521] 4.19.270-rc1 review Greg Kroah-Hartman
` (461 preceding siblings ...)
2023-01-16 15:52 ` [PATCH 4.19 462/521] driver core: Fix bus_type.match() error handling in __driver_attach() Greg Kroah-Hartman
@ 2023-01-16 15:52 ` Greg Kroah-Hartman
2023-01-16 15:52 ` [PATCH 4.19 464/521] docs: Fix the docs build with Sphinx 6.0 Greg Kroah-Hartman
` (61 subsequent siblings)
524 siblings, 0 replies; 529+ messages in thread
From: Greg Kroah-Hartman @ 2023-01-16 15:52 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Frederick Lawler, Jakub Sitnicki,
Jakub Kicinski
From: Frederick Lawler <fred@cloudflare.com>
commit 96398560f26aa07e8f2969d73c8197e6a6d10407 upstream.
While experimenting with applying noqueue to a classful queue discipline,
we discovered a NULL pointer dereference in the __dev_queue_xmit()
path that generates a kernel OOPS:
# dev=enp0s5
# tc qdisc replace dev $dev root handle 1: htb default 1
# tc class add dev $dev parent 1: classid 1:1 htb rate 10mbit
# tc qdisc add dev $dev parent 1:1 handle 10: noqueue
# ping -I $dev -w 1 -c 1 1.1.1.1
[ 2.172856] BUG: kernel NULL pointer dereference, address: 0000000000000000
[ 2.173217] #PF: supervisor instruction fetch in kernel mode
...
[ 2.178451] Call Trace:
[ 2.178577] <TASK>
[ 2.178686] htb_enqueue+0x1c8/0x370
[ 2.178880] dev_qdisc_enqueue+0x15/0x90
[ 2.179093] __dev_queue_xmit+0x798/0xd00
[ 2.179305] ? _raw_write_lock_bh+0xe/0x30
[ 2.179522] ? __local_bh_enable_ip+0x32/0x70
[ 2.179759] ? ___neigh_create+0x610/0x840
[ 2.179968] ? eth_header+0x21/0xc0
[ 2.180144] ip_finish_output2+0x15e/0x4f0
[ 2.180348] ? dst_output+0x30/0x30
[ 2.180525] ip_push_pending_frames+0x9d/0xb0
[ 2.180739] raw_sendmsg+0x601/0xcb0
[ 2.180916] ? _raw_spin_trylock+0xe/0x50
[ 2.181112] ? _raw_spin_unlock_irqrestore+0x16/0x30
[ 2.181354] ? get_page_from_freelist+0xcd6/0xdf0
[ 2.181594] ? sock_sendmsg+0x56/0x60
[ 2.181781] sock_sendmsg+0x56/0x60
[ 2.181958] __sys_sendto+0xf7/0x160
[ 2.182139] ? handle_mm_fault+0x6e/0x1d0
[ 2.182366] ? do_user_addr_fault+0x1e1/0x660
[ 2.182627] __x64_sys_sendto+0x1b/0x30
[ 2.182881] do_syscall_64+0x38/0x90
[ 2.183085] entry_SYSCALL_64_after_hwframe+0x63/0xcd
...
[ 2.187402] </TASK>
Previously in commit d66d6c3152e8 ("net: sched: register noqueue
qdisc"), NULL was set for the noqueue discipline on noqueue init
so that __dev_queue_xmit() falls through for the noqueue case. This
also sets a bypass of the enqueue NULL check in the
register_qdisc() function for the struct noqueue_disc_ops.
Classful queue disciplines make it past the NULL check in
__dev_queue_xmit() because the discipline is set to htb (in this case),
and then in the call to __dev_xmit_skb(), it calls into htb_enqueue()
which grabs a leaf node for a class and then calls qdisc_enqueue() by
passing in a queue discipline which assumes ->enqueue() is not set to NULL.
Fix this by not allowing classes to be assigned to the noqueue
discipline. Linux TC Notes states that classes cannot be set to
the noqueue discipline. [1] Let's enforce that here.
Links:
1. https://linux-tc-notes.sourceforge.net/tc/doc/sch_noqueue.txt
Fixes: d66d6c3152e8 ("net: sched: register noqueue qdisc")
Cc: stable@vger.kernel.org
Signed-off-by: Frederick Lawler <fred@cloudflare.com>
Reviewed-by: Jakub Sitnicki <jakub@cloudflare.com>
Link: https://lore.kernel.org/r/20230109163906.706000-1-fred@cloudflare.com
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
net/sched/sch_api.c | 8 ++++++--
1 file changed, 6 insertions(+), 2 deletions(-)
--- a/net/sched/sch_api.c
+++ b/net/sched/sch_api.c
@@ -1031,8 +1031,12 @@ skip:
unsigned long cl = cops->find(parent, classid);
if (cl) {
- err = cops->graft(parent, cl, new, &old,
- extack);
+ if (new && new->ops == &noqueue_qdisc_ops) {
+ NL_SET_ERR_MSG(extack, "Cannot assign noqueue to a class");
+ err = -EINVAL;
+ } else {
+ err = cops->graft(parent, cl, new, &old, extack);
+ }
} else {
NL_SET_ERR_MSG(extack, "Specified class not found");
err = -ENOENT;
^ permalink raw reply [flat|nested] 529+ messages in thread
* [PATCH 4.19 464/521] docs: Fix the docs build with Sphinx 6.0
2023-01-16 15:44 [PATCH 4.19 000/521] 4.19.270-rc1 review Greg Kroah-Hartman
` (462 preceding siblings ...)
2023-01-16 15:52 ` [PATCH 4.19 463/521] net: sched: disallow noqueue for qdisc classes Greg Kroah-Hartman
@ 2023-01-16 15:52 ` Greg Kroah-Hartman
2023-01-16 15:52 ` [PATCH 4.19 465/521] perf auxtrace: Fix address filter duplicate symbol selection Greg Kroah-Hartman
` (60 subsequent siblings)
524 siblings, 0 replies; 529+ messages in thread
From: Greg Kroah-Hartman @ 2023-01-16 15:52 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Martin Liška, Jonathan Corbet
From: Jonathan Corbet <corbet@lwn.net>
commit 0283189e8f3d0917e2ac399688df85211f48447b upstream.
Sphinx 6.0 removed the execfile_() function, which we use as part of the
configuration process. They *did* warn us... Just open-code the
functionality as is done in Sphinx itself.
Tested (using SPHINX_CONF, since this code is only executed with an
alternative config file) on various Sphinx versions from 2.5 through 6.0.
Reported-by: Martin Liška <mliska@suse.cz>
Cc: stable@vger.kernel.org
Signed-off-by: Jonathan Corbet <corbet@lwn.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
Documentation/sphinx/load_config.py | 6 ++++--
1 file changed, 4 insertions(+), 2 deletions(-)
--- a/Documentation/sphinx/load_config.py
+++ b/Documentation/sphinx/load_config.py
@@ -3,7 +3,7 @@
import os
import sys
-from sphinx.util.pycompat import execfile_
+from sphinx.util.osutil import fs_encoding
# ------------------------------------------------------------------------------
def loadConfig(namespace):
@@ -25,7 +25,9 @@ def loadConfig(namespace):
sys.stdout.write("load additional sphinx-config: %s\n" % config_file)
config = namespace.copy()
config['__file__'] = config_file
- execfile_(config_file, config)
+ with open(config_file, 'rb') as f:
+ code = compile(f.read(), fs_encoding, 'exec')
+ exec(code, config)
del config['__file__']
namespace.update(config)
else:
^ permalink raw reply [flat|nested] 529+ messages in thread
* [PATCH 4.19 465/521] perf auxtrace: Fix address filter duplicate symbol selection
2023-01-16 15:44 [PATCH 4.19 000/521] 4.19.270-rc1 review Greg Kroah-Hartman
` (463 preceding siblings ...)
2023-01-16 15:52 ` [PATCH 4.19 464/521] docs: Fix the docs build with Sphinx 6.0 Greg Kroah-Hartman
@ 2023-01-16 15:52 ` Greg Kroah-Hartman
2023-01-16 15:52 ` [PATCH 4.19 466/521] s390/percpu: add READ_ONCE() to arch_this_cpu_to_op_simple() Greg Kroah-Hartman
` (59 subsequent siblings)
524 siblings, 0 replies; 529+ messages in thread
From: Greg Kroah-Hartman @ 2023-01-16 15:52 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Dmitrii Dolgov, Adrian Hunter,
Ian Rogers, Jiri Olsa, Namhyung Kim, Arnaldo Carvalho de Melo
From: Adrian Hunter <adrian.hunter@intel.com>
commit cf129830ee820f7fc90b98df193cd49d49344d09 upstream.
When a match has been made to the nth duplicate symbol, return
success not error.
Example:
Before:
$ cat file.c
cat: file.c: No such file or directory
$ cat file1.c
#include <stdio.h>
static void func(void)
{
printf("First func\n");
}
void other(void);
int main()
{
func();
other();
return 0;
}
$ cat file2.c
#include <stdio.h>
static void func(void)
{
printf("Second func\n");
}
void other(void)
{
func();
}
$ gcc -Wall -Wextra -o test file1.c file2.c
$ perf record -e intel_pt//u --filter 'filter func @ ./test' -- ./test
Multiple symbols with name 'func'
#1 0x1149 l func
which is near main
#2 0x1179 l func
which is near other
Disambiguate symbol name by inserting #n after the name e.g. func #2
Or select a global symbol by inserting #0 or #g or #G
Failed to parse address filter: 'filter func @ ./test'
Filter format is: filter|start|stop|tracestop <start symbol or address> [/ <end symbol or size>] [@<file name>]
Where multiple filters are separated by space or comma.
$ perf record -e intel_pt//u --filter 'filter func #2 @ ./test' -- ./test
Failed to parse address filter: 'filter func #2 @ ./test'
Filter format is: filter|start|stop|tracestop <start symbol or address> [/ <end symbol or size>] [@<file name>]
Where multiple filters are separated by space or comma.
After:
$ perf record -e intel_pt//u --filter 'filter func #2 @ ./test' -- ./test
First func
Second func
[ perf record: Woken up 1 times to write data ]
[ perf record: Captured and wrote 0.016 MB perf.data ]
$ perf script --itrace=b -Ftime,flags,ip,sym,addr --ns
1231062.526977619: tr strt 0 [unknown] => 558495708179 func
1231062.526977619: tr end call 558495708188 func => 558495708050 _init
1231062.526979286: tr strt 0 [unknown] => 55849570818d func
1231062.526979286: tr end return 55849570818f func => 55849570819d other
Fixes: 1b36c03e356936d6 ("perf record: Add support for using symbols in address filters")
Reported-by: Dmitrii Dolgov <9erthalion6@gmail.com>
Signed-off-by: Adrian Hunter <adrian.hunter@intel.com>
Tested-by: Dmitry Dolgov <9erthalion6@gmail.com>
Cc: Adrian Hunter <adrian.hunter@intel.com>
Cc: Ian Rogers <irogers@google.com>
Cc: Jiri Olsa <jolsa@kernel.org>
Cc: Namhyung Kim <namhyung@kernel.org>
Cc: stable@vger.kernel.org
Link: https://lore.kernel.org/r/20230110185659.15979-1-adrian.hunter@intel.com
Signed-off-by: Arnaldo Carvalho de Melo <acme@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
tools/perf/util/auxtrace.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/tools/perf/util/auxtrace.c
+++ b/tools/perf/util/auxtrace.c
@@ -1962,7 +1962,7 @@ static int find_dso_sym(struct dso *dso,
*size = sym->start - *start;
if (idx > 0) {
if (*size)
- return 1;
+ return 0;
} else if (dso_sym_match(sym, sym_name, &cnt, idx)) {
print_duplicate_syms(dso, sym_name);
return -EINVAL;
^ permalink raw reply [flat|nested] 529+ messages in thread
* [PATCH 4.19 466/521] s390/percpu: add READ_ONCE() to arch_this_cpu_to_op_simple()
2023-01-16 15:44 [PATCH 4.19 000/521] 4.19.270-rc1 review Greg Kroah-Hartman
` (464 preceding siblings ...)
2023-01-16 15:52 ` [PATCH 4.19 465/521] perf auxtrace: Fix address filter duplicate symbol selection Greg Kroah-Hartman
@ 2023-01-16 15:52 ` Greg Kroah-Hartman
2023-01-16 15:52 ` [PATCH 4.19 467/521] net/ulp: prevent ULP without clone op from entering the LISTEN status Greg Kroah-Hartman
` (58 subsequent siblings)
524 siblings, 0 replies; 529+ messages in thread
From: Greg Kroah-Hartman @ 2023-01-16 15:52 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Alexander Gordeev, Heiko Carstens
From: Heiko Carstens <hca@linux.ibm.com>
commit e3f360db08d55a14112bd27454e616a24296a8b0 upstream.
Make sure that *ptr__ within arch_this_cpu_to_op_simple() is only
dereferenced once by using READ_ONCE(). Otherwise the compiler could
generate incorrect code.
Cc: <stable@vger.kernel.org>
Reviewed-by: Alexander Gordeev <agordeev@linux.ibm.com>
Signed-off-by: Heiko Carstens <hca@linux.ibm.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
arch/s390/include/asm/percpu.h | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/arch/s390/include/asm/percpu.h
+++ b/arch/s390/include/asm/percpu.h
@@ -31,7 +31,7 @@
pcp_op_T__ *ptr__; \
preempt_disable_notrace(); \
ptr__ = raw_cpu_ptr(&(pcp)); \
- prev__ = *ptr__; \
+ prev__ = READ_ONCE(*ptr__); \
do { \
old__ = prev__; \
new__ = old__ op (val); \
^ permalink raw reply [flat|nested] 529+ messages in thread
* [PATCH 4.19 467/521] net/ulp: prevent ULP without clone op from entering the LISTEN status
2023-01-16 15:44 [PATCH 4.19 000/521] 4.19.270-rc1 review Greg Kroah-Hartman
` (465 preceding siblings ...)
2023-01-16 15:52 ` [PATCH 4.19 466/521] s390/percpu: add READ_ONCE() to arch_this_cpu_to_op_simple() Greg Kroah-Hartman
@ 2023-01-16 15:52 ` Greg Kroah-Hartman
2023-01-16 15:52 ` [PATCH 4.19 468/521] ALSA: pcm: Move rwsem lock inside snd_ctl_elem_read to prevent UAF Greg Kroah-Hartman
` (57 subsequent siblings)
524 siblings, 0 replies; 529+ messages in thread
From: Greg Kroah-Hartman @ 2023-01-16 15:52 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, slipper, Paolo Abeni, Jakub Kicinski
From: Paolo Abeni <pabeni@redhat.com>
commit 2c02d41d71f90a5168391b6a5f2954112ba2307c upstream.
When an ULP-enabled socket enters the LISTEN status, the listener ULP data
pointer is copied inside the child/accepted sockets by sk_clone_lock().
The relevant ULP can take care of de-duplicating the context pointer via
the clone() operation, but only MPTCP and SMC implement such op.
Other ULPs may end-up with a double-free at socket disposal time.
We can't simply clear the ULP data at clone time, as TLS replaces the
socket ops with custom ones assuming a valid TLS ULP context is
available.
Instead completely prevent clone-less ULP sockets from entering the
LISTEN status.
Fixes: 734942cc4ea6 ("tcp: ULP infrastructure")
Reported-by: slipper <slipper.alive@gmail.com>
Signed-off-by: Paolo Abeni <pabeni@redhat.com>
Link: https://lore.kernel.org/r/4b80c3d1dbe3d0ab072f80450c202d9bc88b4b03.1672740602.git.pabeni@redhat.com
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
net/ipv4/inet_connection_sock.c | 16 +++++++++++++++-
1 file changed, 15 insertions(+), 1 deletion(-)
--- a/net/ipv4/inet_connection_sock.c
+++ b/net/ipv4/inet_connection_sock.c
@@ -903,11 +903,25 @@ void inet_csk_prepare_forced_close(struc
}
EXPORT_SYMBOL(inet_csk_prepare_forced_close);
+static int inet_ulp_can_listen(const struct sock *sk)
+{
+ const struct inet_connection_sock *icsk = inet_csk(sk);
+
+ if (icsk->icsk_ulp_ops)
+ return -EINVAL;
+
+ return 0;
+}
+
int inet_csk_listen_start(struct sock *sk, int backlog)
{
struct inet_connection_sock *icsk = inet_csk(sk);
struct inet_sock *inet = inet_sk(sk);
- int err = -EADDRINUSE;
+ int err;
+
+ err = inet_ulp_can_listen(sk);
+ if (unlikely(err))
+ return err;
reqsk_queue_alloc(&icsk->icsk_accept_queue);
^ permalink raw reply [flat|nested] 529+ messages in thread
* [PATCH 4.19 468/521] ALSA: pcm: Move rwsem lock inside snd_ctl_elem_read to prevent UAF
2023-01-16 15:44 [PATCH 4.19 000/521] 4.19.270-rc1 review Greg Kroah-Hartman
` (466 preceding siblings ...)
2023-01-16 15:52 ` [PATCH 4.19 467/521] net/ulp: prevent ULP without clone op from entering the LISTEN status Greg Kroah-Hartman
@ 2023-01-16 15:52 ` Greg Kroah-Hartman
2023-01-16 15:52 ` [PATCH 4.19 469/521] cifs: Fix uninitialized memory read for smb311 posix symlink create Greg Kroah-Hartman
` (56 subsequent siblings)
524 siblings, 0 replies; 529+ messages in thread
From: Greg Kroah-Hartman @ 2023-01-16 15:52 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Clement Lecigne, Takashi Iwai,
Jaroslav Kysela, stable
From: Clement Lecigne <clecigne@google.com>
[ Note: this is a fix that works around the bug equivalently as the
two upstream commits:
1fa4445f9adf ("ALSA: control - introduce snd_ctl_notify_one() helper")
56b88b50565c ("ALSA: pcm: Move rwsem lock inside snd_ctl_elem_read to prevent UAF")
but in a simpler way to fit with older stable trees -- tiwai ]
Add missing locking in ctl_elem_read_user/ctl_elem_write_user which can be
easily triggered and turned into an use-after-free.
Example code paths with SNDRV_CTL_IOCTL_ELEM_READ:
64-bits:
snd_ctl_ioctl
snd_ctl_elem_read_user
[takes controls_rwsem]
snd_ctl_elem_read [lock properly held, all good]
[drops controls_rwsem]
32-bits (compat):
snd_ctl_ioctl_compat
snd_ctl_elem_write_read_compat
ctl_elem_write_read
snd_ctl_elem_read [missing lock, not good]
CVE-2023-0266 was assigned for this issue.
Signed-off-by: Clement Lecigne <clecigne@google.com>
Cc: stable@kernel.org # 5.12 and older
Signed-off-by: Takashi Iwai <tiwai@suse.de>
Reviewed-by: Jaroslav Kysela <perex@perex.cz>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
sound/core/control_compat.c | 4 ++++
1 file changed, 4 insertions(+)
--- a/sound/core/control_compat.c
+++ b/sound/core/control_compat.c
@@ -319,7 +319,9 @@ static int ctl_elem_read_user(struct snd
err = snd_power_wait(card, SNDRV_CTL_POWER_D0);
if (err < 0)
goto error;
+ down_read(&card->controls_rwsem);
err = snd_ctl_elem_read(card, data);
+ up_read(&card->controls_rwsem);
if (err < 0)
goto error;
err = copy_ctl_value_to_user(userdata, valuep, data, type, count);
@@ -347,7 +349,9 @@ static int ctl_elem_write_user(struct sn
err = snd_power_wait(card, SNDRV_CTL_POWER_D0);
if (err < 0)
goto error;
+ down_write(&card->controls_rwsem);
err = snd_ctl_elem_write(card, file, data);
+ up_write(&card->controls_rwsem);
if (err < 0)
goto error;
err = copy_ctl_value_to_user(userdata, valuep, data, type, count);
^ permalink raw reply [flat|nested] 529+ messages in thread
* [PATCH 4.19 469/521] cifs: Fix uninitialized memory read for smb311 posix symlink create
2023-01-16 15:44 [PATCH 4.19 000/521] 4.19.270-rc1 review Greg Kroah-Hartman
` (467 preceding siblings ...)
2023-01-16 15:52 ` [PATCH 4.19 468/521] ALSA: pcm: Move rwsem lock inside snd_ctl_elem_read to prevent UAF Greg Kroah-Hartman
@ 2023-01-16 15:52 ` Greg Kroah-Hartman
2023-01-16 15:52 ` [PATCH 4.19 470/521] platform/x86: sony-laptop: Dont turn off 0x153 keyboard backlight during probe Greg Kroah-Hartman
` (55 subsequent siblings)
524 siblings, 0 replies; 529+ messages in thread
From: Greg Kroah-Hartman @ 2023-01-16 15:52 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Volker Lendecke, Tom Talpey,
Paulo Alcantara (SUSE),
Steve French
From: Volker Lendecke <vl@samba.org>
commit a152d05ae4a71d802d50cf9177dba34e8bb09f68 upstream.
If smb311 posix is enabled, we send the intended mode for file
creation in the posix create context. Instead of using what's there on
the stack, create the mfsymlink file with 0644.
Fixes: ce558b0e17f8a ("smb3: Add posix create context for smb3.11 posix mounts")
Cc: stable@vger.kernel.org
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Tom Talpey <tom@talpey.com>
Reviewed-by: Paulo Alcantara (SUSE) <pc@cjr.nz>
Signed-off-by: Steve French <stfrench@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/cifs/link.c | 1 +
1 file changed, 1 insertion(+)
--- a/fs/cifs/link.c
+++ b/fs/cifs/link.c
@@ -481,6 +481,7 @@ smb3_create_mf_symlink(unsigned int xid,
oparms.disposition = FILE_CREATE;
oparms.fid = &fid;
oparms.reconnect = false;
+ oparms.mode = 0644;
rc = SMB2_open(xid, &oparms, utf16_path, &oplock, NULL, NULL,
NULL);
^ permalink raw reply [flat|nested] 529+ messages in thread
* [PATCH 4.19 470/521] platform/x86: sony-laptop: Dont turn off 0x153 keyboard backlight during probe
2023-01-16 15:44 [PATCH 4.19 000/521] 4.19.270-rc1 review Greg Kroah-Hartman
` (468 preceding siblings ...)
2023-01-16 15:52 ` [PATCH 4.19 469/521] cifs: Fix uninitialized memory read for smb311 posix symlink create Greg Kroah-Hartman
@ 2023-01-16 15:52 ` Greg Kroah-Hartman
2023-01-16 15:52 ` [PATCH 4.19 471/521] ipv6: raw: Deduct extension header length in rawv6_push_pending_frames Greg Kroah-Hartman
` (54 subsequent siblings)
524 siblings, 0 replies; 529+ messages in thread
From: Greg Kroah-Hartman @ 2023-01-16 15:52 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Hans de Goede, Mattia Dongili
From: Hans de Goede <hdegoede@redhat.com>
commit ad75bd85b1db69c97eefea07b375567821f6ef58 upstream.
The 0x153 version of the kbd backlight control SNC handle has no separate
address to probe if the backlight is there.
This turns the probe call into a set keyboard backlight call with a value
of 0 turning off the keyboard backlight.
Skip probing when there is no separate probe address to avoid this.
Link: https://bugzilla.redhat.com/show_bug.cgi?id=1583752
Fixes: 800f20170dcf ("Keyboard backlight control for some Vaio Fit models")
Signed-off-by: Hans de Goede <hdegoede@redhat.com>
Reviewed-by: Mattia Dongili <malattia@linux.it>
Link: https://lore.kernel.org/r/20221213122943.11123-1-hdegoede@redhat.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/platform/x86/sony-laptop.c | 21 ++++++++++++++-------
1 file changed, 14 insertions(+), 7 deletions(-)
--- a/drivers/platform/x86/sony-laptop.c
+++ b/drivers/platform/x86/sony-laptop.c
@@ -1913,14 +1913,21 @@ static int sony_nc_kbd_backlight_setup(s
break;
}
- ret = sony_call_snc_handle(handle, probe_base, &result);
- if (ret)
- return ret;
+ /*
+ * Only probe if there is a separate probe_base, otherwise the probe call
+ * is equivalent to __sony_nc_kbd_backlight_mode_set(0), resulting in
+ * the keyboard backlight being turned off.
+ */
+ if (probe_base) {
+ ret = sony_call_snc_handle(handle, probe_base, &result);
+ if (ret)
+ return ret;
- if ((handle == 0x0137 && !(result & 0x02)) ||
- !(result & 0x01)) {
- dprintk("no backlight keyboard found\n");
- return 0;
+ if ((handle == 0x0137 && !(result & 0x02)) ||
+ !(result & 0x01)) {
+ dprintk("no backlight keyboard found\n");
+ return 0;
+ }
}
kbdbl_ctl = kzalloc(sizeof(*kbdbl_ctl), GFP_KERNEL);
^ permalink raw reply [flat|nested] 529+ messages in thread
* [PATCH 4.19 471/521] ipv6: raw: Deduct extension header length in rawv6_push_pending_frames
2023-01-16 15:44 [PATCH 4.19 000/521] 4.19.270-rc1 review Greg Kroah-Hartman
` (469 preceding siblings ...)
2023-01-16 15:52 ` [PATCH 4.19 470/521] platform/x86: sony-laptop: Dont turn off 0x153 keyboard backlight during probe Greg Kroah-Hartman
@ 2023-01-16 15:52 ` Greg Kroah-Hartman
2023-01-16 15:52 ` [PATCH 4.19 472/521] wifi: wilc1000: sdio: fix module autoloading Greg Kroah-Hartman
` (53 subsequent siblings)
524 siblings, 0 replies; 529+ messages in thread
From: Greg Kroah-Hartman @ 2023-01-16 15:52 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Kyle Zeng, Herbert Xu, David S. Miller
From: Herbert Xu <herbert@gondor.apana.org.au>
commit cb3e9864cdbe35ff6378966660edbcbac955fe17 upstream.
The total cork length created by ip6_append_data includes extension
headers, so we must exclude them when comparing them against the
IPV6_CHECKSUM offset which does not include extension headers.
Reported-by: Kyle Zeng <zengyhkyle@gmail.com>
Fixes: 357b40a18b04 ("[IPV6]: IPV6_CHECKSUM socket option can corrupt kernel memory")
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
net/ipv6/raw.c | 4 ++++
1 file changed, 4 insertions(+)
--- a/net/ipv6/raw.c
+++ b/net/ipv6/raw.c
@@ -544,6 +544,7 @@ csum_copy_err:
static int rawv6_push_pending_frames(struct sock *sk, struct flowi6 *fl6,
struct raw6_sock *rp)
{
+ struct ipv6_txoptions *opt;
struct sk_buff *skb;
int err = 0;
int offset;
@@ -561,6 +562,9 @@ static int rawv6_push_pending_frames(str
offset = rp->offset;
total_len = inet_sk(sk)->cork.base.length;
+ opt = inet6_sk(sk)->cork.opt;
+ total_len -= opt ? opt->opt_flen : 0;
+
if (offset >= total_len - 1) {
err = -EINVAL;
ip6_flush_pending_frames(sk);
^ permalink raw reply [flat|nested] 529+ messages in thread
* [PATCH 4.19 472/521] wifi: wilc1000: sdio: fix module autoloading
2023-01-16 15:44 [PATCH 4.19 000/521] 4.19.270-rc1 review Greg Kroah-Hartman
` (470 preceding siblings ...)
2023-01-16 15:52 ` [PATCH 4.19 471/521] ipv6: raw: Deduct extension header length in rawv6_push_pending_frames Greg Kroah-Hartman
@ 2023-01-16 15:52 ` Greg Kroah-Hartman
2023-01-16 15:52 ` [PATCH 4.19 473/521] ALSA: hda/hdmi: fix failures at PCM open on Intel ICL and later Greg Kroah-Hartman
` (52 subsequent siblings)
524 siblings, 0 replies; 529+ messages in thread
From: Greg Kroah-Hartman @ 2023-01-16 15:52 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Michael Walle, Kalle Valo, Sasha Levin
From: Michael Walle <michael@walle.cc>
[ Upstream commit 57d545b5a3d6ce3a8fb6b093f02bfcbb908973f3 ]
There are no SDIO module aliases included in the driver, therefore,
module autoloading isn't working. Add the proper MODULE_DEVICE_TABLE().
Cc: stable@vger.kernel.org
Signed-off-by: Michael Walle <michael@walle.cc>
Signed-off-by: Kalle Valo <kvalo@kernel.org>
Link: https://lore.kernel.org/r/20221027171221.491937-1-michael@walle.cc
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/staging/wilc1000/wilc_sdio.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/drivers/staging/wilc1000/wilc_sdio.c b/drivers/staging/wilc1000/wilc_sdio.c
index e52c3bdeaf04..b4d456f3fb1b 100644
--- a/drivers/staging/wilc1000/wilc_sdio.c
+++ b/drivers/staging/wilc1000/wilc_sdio.c
@@ -18,6 +18,7 @@ static const struct sdio_device_id wilc_sdio_ids[] = {
{ SDIO_DEVICE(SDIO_VENDOR_ID_WILC, SDIO_DEVICE_ID_WILC) },
{ },
};
+MODULE_DEVICE_TABLE(sdio, wilc_sdio_ids);
#define WILC_SDIO_BLOCK_SIZE 512
--
2.35.1
^ permalink raw reply related [flat|nested] 529+ messages in thread
* [PATCH 4.19 473/521] ALSA: hda/hdmi: fix failures at PCM open on Intel ICL and later
2023-01-16 15:44 [PATCH 4.19 000/521] 4.19.270-rc1 review Greg Kroah-Hartman
` (471 preceding siblings ...)
2023-01-16 15:52 ` [PATCH 4.19 472/521] wifi: wilc1000: sdio: fix module autoloading Greg Kroah-Hartman
@ 2023-01-16 15:52 ` Greg Kroah-Hartman
2023-01-16 15:52 ` [PATCH 4.19 474/521] Add Acer Aspire Ethos 8951G model quirk Greg Kroah-Hartman
` (51 subsequent siblings)
524 siblings, 0 replies; 529+ messages in thread
From: Greg Kroah-Hartman @ 2023-01-16 15:52 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Ranjani Sridharan,
Pierre-Louis Bossart, Kai Vehmanen, Takashi Iwai, Sasha Levin
From: Kai Vehmanen <kai.vehmanen@linux.intel.com>
[ Upstream commit 56275036d8185f92eceac7479d48b858ee3dab84 ]
When HDMI PCM devices are opened in a specific order, with at least one
HDMI/DP receiver connected, ALSA PCM open fails to -EBUSY on the
connected monitor, on recent Intel platforms (ICL/JSL and newer). While
this is not a typical sequence, at least Pulseaudio does this every time
when it is started, to discover the available PCMs.
The rootcause is an invalid assumption in hdmi_add_pin(), where the
total number of converters is assumed to be known at the time the
function is called. On older Intel platforms this held true, but after
ICL/JSL, the order how pins and converters are in the subnode list as
returned by snd_hda_get_sub_nodes(), was changed. As a result,
information for some converters was not stored to per_pin->mux_nids.
And this means some pins cannot be connected to all converters, and
application instead gets -EBUSY instead at open.
The assumption that converters are always before pins in the subnode
list, is not really a valid one. Fix the problem in hdmi_parse_codec()
by introducing separate loops for discovering converters and pins.
BugLink: https://github.com/thesofproject/linux/issues/1978
BugLink: https://github.com/thesofproject/linux/issues/2216
BugLink: https://github.com/thesofproject/linux/issues/2217
Reviewed-by: Ranjani Sridharan <ranjani.sridharan@linux.intel.com>
Reviewed-by: Pierre-Louis Bossart <pierre-louis.bossart@linux.intel.com>
Signed-off-by: Kai Vehmanen <kai.vehmanen@linux.intel.com>
Link: https://lore.kernel.org/r/20200703153818.2808592-1-kai.vehmanen@linux.intel.com
Signed-off-by: Takashi Iwai <tiwai@suse.de>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
sound/pci/hda/patch_hdmi.c | 36 +++++++++++++++++++++++-------------
1 file changed, 23 insertions(+), 13 deletions(-)
diff --git a/sound/pci/hda/patch_hdmi.c b/sound/pci/hda/patch_hdmi.c
index cbd5118570fd..be9f1c4295cd 100644
--- a/sound/pci/hda/patch_hdmi.c
+++ b/sound/pci/hda/patch_hdmi.c
@@ -1804,33 +1804,43 @@ static int hdmi_add_cvt(struct hda_codec *codec, hda_nid_t cvt_nid)
static int hdmi_parse_codec(struct hda_codec *codec)
{
- hda_nid_t nid;
+ hda_nid_t start_nid;
+ unsigned int caps;
int i, nodes;
- nodes = snd_hda_get_sub_nodes(codec, codec->core.afg, &nid);
- if (!nid || nodes < 0) {
+ nodes = snd_hda_get_sub_nodes(codec, codec->core.afg, &start_nid);
+ if (!start_nid || nodes < 0) {
codec_warn(codec, "HDMI: failed to get afg sub nodes\n");
return -EINVAL;
}
- for (i = 0; i < nodes; i++, nid++) {
- unsigned int caps;
- unsigned int type;
+ /*
+ * hdmi_add_pin() assumes total amount of converters to
+ * be known, so first discover all converters
+ */
+ for (i = 0; i < nodes; i++) {
+ hda_nid_t nid = start_nid + i;
caps = get_wcaps(codec, nid);
- type = get_wcaps_type(caps);
if (!(caps & AC_WCAP_DIGITAL))
continue;
- switch (type) {
- case AC_WID_AUD_OUT:
+ if (get_wcaps_type(caps) == AC_WID_AUD_OUT)
hdmi_add_cvt(codec, nid);
- break;
- case AC_WID_PIN:
+ }
+
+ /* discover audio pins */
+ for (i = 0; i < nodes; i++) {
+ hda_nid_t nid = start_nid + i;
+
+ caps = get_wcaps(codec, nid);
+
+ if (!(caps & AC_WCAP_DIGITAL))
+ continue;
+
+ if (get_wcaps_type(caps) == AC_WID_PIN)
hdmi_add_pin(codec, nid);
- break;
- }
}
return 0;
--
2.35.1
^ permalink raw reply related [flat|nested] 529+ messages in thread
* [PATCH 4.19 474/521] Add Acer Aspire Ethos 8951G model quirk
2023-01-16 15:44 [PATCH 4.19 000/521] 4.19.270-rc1 review Greg Kroah-Hartman
` (472 preceding siblings ...)
2023-01-16 15:52 ` [PATCH 4.19 473/521] ALSA: hda/hdmi: fix failures at PCM open on Intel ICL and later Greg Kroah-Hartman
@ 2023-01-16 15:52 ` Greg Kroah-Hartman
2023-01-16 15:52 ` [PATCH 4.19 475/521] ALSA: hda/realtek - More constifications Greg Kroah-Hartman
` (50 subsequent siblings)
524 siblings, 0 replies; 529+ messages in thread
From: Greg Kroah-Hartman @ 2023-01-16 15:52 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Sergey Bostandzhyan, Takashi Iwai,
Sasha Levin
From: Sergey Bostandzhyan <jin@mediatomb.cc>
[ Upstream commit 00066e9733f629e536f6b7957de2ce11a85fe15a ]
This notebook has 6 built in speakers for 5.1 surround support, however
only two got autodetected and have also not been assigned correctly.
This patch enables all speakers and also fixes muting when headphones are
plugged in.
The speaker layout is as follows:
pin 0x15 Front Left / Front Right
pin 0x18 Front Center / Subwoofer
pin 0x1b Rear Left / Rear Right (Surround)
The quirk will be enabled automatically on this hardware, but can also be
activated manually via the model=aspire-ethos module parameter.
Caveat: pin 0x1b is shared between headphones jack and surround speakers.
When headphones are plugged in, the surround speakers get muted
automatically by the hardware, however all other speakers remain
unmuted. Currently it's not possible to make use of the generic automute
function in the driver, because such shared pins are not supported.
If we would change the pin settings to identify the pin as headphones,
the surround channel and thus the ability to select 5.1 profiles would
get lost.
This quirk solves the above problem by monitoring jack state of 0x1b and
by connecting/disconnecting all remaining speaker pins when something
gets plugged in or unplugged from the headphones jack port.
Signed-off-by: Sergey Bostandzhyan <jin@mediatomb.cc>
Link: https://lore.kernel.org/r/20190906093343.GA7640@xn--80adja5bqm.su
Signed-off-by: Takashi Iwai <tiwai@suse.de>
Stable-dep-of: 4bf5bf54476d ("ALSA: hda/realtek: Add quirk for Lenovo TianYi510Pro-14IOB")
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
sound/pci/hda/patch_realtek.c | 71 +++++++++++++++++++++++++++++++++++
1 file changed, 71 insertions(+)
diff --git a/sound/pci/hda/patch_realtek.c b/sound/pci/hda/patch_realtek.c
index 9670db6ad1e1..fe17fb8d7f67 100644
--- a/sound/pci/hda/patch_realtek.c
+++ b/sound/pci/hda/patch_realtek.c
@@ -8510,6 +8510,45 @@ static void alc662_fixup_usi_headset_mic(struct hda_codec *codec,
}
}
+static void alc662_aspire_ethos_mute_speakers(struct hda_codec *codec,
+ struct hda_jack_callback *cb)
+{
+ /* surround speakers at 0x1b already get muted automatically when
+ * headphones are plugged in, but we have to mute/unmute the remaining
+ * channels manually:
+ * 0x15 - front left/front right
+ * 0x18 - front center/ LFE
+ */
+ if (snd_hda_jack_detect_state(codec, 0x1b) == HDA_JACK_PRESENT) {
+ snd_hda_set_pin_ctl_cache(codec, 0x15, 0);
+ snd_hda_set_pin_ctl_cache(codec, 0x18, 0);
+ } else {
+ snd_hda_set_pin_ctl_cache(codec, 0x15, PIN_OUT);
+ snd_hda_set_pin_ctl_cache(codec, 0x18, PIN_OUT);
+ }
+}
+
+static void alc662_fixup_aspire_ethos_hp(struct hda_codec *codec,
+ const struct hda_fixup *fix, int action)
+{
+ /* Pin 0x1b: shared headphones jack and surround speakers */
+ if (!is_jack_detectable(codec, 0x1b))
+ return;
+
+ switch (action) {
+ case HDA_FIXUP_ACT_PRE_PROBE:
+ snd_hda_jack_detect_enable_callback(codec, 0x1b,
+ alc662_aspire_ethos_mute_speakers);
+ break;
+ case HDA_FIXUP_ACT_INIT:
+ /* Make sure to start in a correct state, i.e. if
+ * headphones have been plugged in before powering up the system
+ */
+ alc662_aspire_ethos_mute_speakers(codec, NULL);
+ break;
+ }
+}
+
static struct coef_fw alc668_coefs[] = {
WRITE_COEF(0x01, 0xbebe), WRITE_COEF(0x02, 0xaaaa), WRITE_COEF(0x03, 0x0),
WRITE_COEF(0x04, 0x0180), WRITE_COEF(0x06, 0x0), WRITE_COEF(0x07, 0x0f80),
@@ -8581,6 +8620,9 @@ enum {
ALC662_FIXUP_USI_FUNC,
ALC662_FIXUP_USI_HEADSET_MODE,
ALC662_FIXUP_LENOVO_MULTI_CODECS,
+ ALC669_FIXUP_ACER_ASPIRE_ETHOS,
+ ALC669_FIXUP_ACER_ASPIRE_ETHOS_SUBWOOFER,
+ ALC669_FIXUP_ACER_ASPIRE_ETHOS_HEADSET,
};
static const struct hda_fixup alc662_fixups[] = {
@@ -8907,6 +8949,33 @@ static const struct hda_fixup alc662_fixups[] = {
.type = HDA_FIXUP_FUNC,
.v.func = alc233_alc662_fixup_lenovo_dual_codecs,
},
+ [ALC669_FIXUP_ACER_ASPIRE_ETHOS_HEADSET] = {
+ .type = HDA_FIXUP_FUNC,
+ .v.func = alc662_fixup_aspire_ethos_hp,
+ },
+ [ALC669_FIXUP_ACER_ASPIRE_ETHOS_SUBWOOFER] = {
+ .type = HDA_FIXUP_VERBS,
+ /* subwoofer needs an extra GPIO setting to become audible */
+ .v.verbs = (const struct hda_verb[]) {
+ {0x01, AC_VERB_SET_GPIO_MASK, 0x02},
+ {0x01, AC_VERB_SET_GPIO_DIRECTION, 0x02},
+ {0x01, AC_VERB_SET_GPIO_DATA, 0x00},
+ { }
+ },
+ .chained = true,
+ .chain_id = ALC669_FIXUP_ACER_ASPIRE_ETHOS_HEADSET
+ },
+ [ALC669_FIXUP_ACER_ASPIRE_ETHOS] = {
+ .type = HDA_FIXUP_PINS,
+ .v.pins = (const struct hda_pintbl[]) {
+ { 0x15, 0x92130110 }, /* front speakers */
+ { 0x18, 0x99130111 }, /* center/subwoofer */
+ { 0x1b, 0x11130012 }, /* surround plus jack for HP */
+ { }
+ },
+ .chained = true,
+ .chain_id = ALC669_FIXUP_ACER_ASPIRE_ETHOS_SUBWOOFER
+ },
};
static const struct snd_pci_quirk alc662_fixup_tbl[] = {
@@ -8952,6 +9021,7 @@ static const struct snd_pci_quirk alc662_fixup_tbl[] = {
SND_PCI_QUIRK(0x19da, 0xa130, "Zotac Z68", ALC662_FIXUP_ZOTAC_Z68),
SND_PCI_QUIRK(0x1b0a, 0x01b8, "ACER Veriton", ALC662_FIXUP_ACER_VERITON),
SND_PCI_QUIRK(0x1b35, 0x2206, "CZC P10T", ALC662_FIXUP_CZC_P10T),
+ SND_PCI_QUIRK(0x1025, 0x0566, "Acer Aspire Ethos 8951G", ALC669_FIXUP_ACER_ASPIRE_ETHOS),
#if 0
/* Below is a quirk table taken from the old code.
@@ -9044,6 +9114,7 @@ static const struct hda_model_fixup alc662_fixup_models[] = {
{.id = ALC892_FIXUP_ASROCK_MOBO, .name = "asrock-mobo"},
{.id = ALC662_FIXUP_USI_HEADSET_MODE, .name = "usi-headset"},
{.id = ALC662_FIXUP_LENOVO_MULTI_CODECS, .name = "dual-codecs"},
+ {.id = ALC669_FIXUP_ACER_ASPIRE_ETHOS, .name = "aspire-ethos"},
{}
};
--
2.35.1
^ permalink raw reply related [flat|nested] 529+ messages in thread
* [PATCH 4.19 475/521] ALSA: hda/realtek - More constifications
2023-01-16 15:44 [PATCH 4.19 000/521] 4.19.270-rc1 review Greg Kroah-Hartman
` (473 preceding siblings ...)
2023-01-16 15:52 ` [PATCH 4.19 474/521] Add Acer Aspire Ethos 8951G model quirk Greg Kroah-Hartman
@ 2023-01-16 15:52 ` Greg Kroah-Hartman
2023-01-16 15:52 ` [PATCH 4.19 476/521] ALSA: hda/realtek - Add Headset Mic supported for HP cPC Greg Kroah-Hartman
` (49 subsequent siblings)
524 siblings, 0 replies; 529+ messages in thread
From: Greg Kroah-Hartman @ 2023-01-16 15:52 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Takashi Iwai, Sasha Levin
From: Takashi Iwai <tiwai@suse.de>
[ Upstream commit 6b0f95c49d890440c01a759c767dfe40e2acdbf2 ]
Apply const prefix to each coef table array.
Just for minor optimization and no functional changes.
Link: https://lore.kernel.org/r/20200105144823.29547-4-tiwai@suse.de
Signed-off-by: Takashi Iwai <tiwai@suse.de>
Stable-dep-of: 4bf5bf54476d ("ALSA: hda/realtek: Add quirk for Lenovo TianYi510Pro-14IOB")
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
sound/pci/hda/patch_realtek.c | 118 +++++++++++++++++-----------------
1 file changed, 59 insertions(+), 59 deletions(-)
diff --git a/sound/pci/hda/patch_realtek.c b/sound/pci/hda/patch_realtek.c
index fe17fb8d7f67..3abe30eec49a 100644
--- a/sound/pci/hda/patch_realtek.c
+++ b/sound/pci/hda/patch_realtek.c
@@ -956,7 +956,7 @@ struct alc_codec_rename_pci_table {
const char *name;
};
-static struct alc_codec_rename_table rename_tbl[] = {
+static const struct alc_codec_rename_table rename_tbl[] = {
{ 0x10ec0221, 0xf00f, 0x1003, "ALC231" },
{ 0x10ec0269, 0xfff0, 0x3010, "ALC277" },
{ 0x10ec0269, 0xf0f0, 0x2010, "ALC259" },
@@ -977,7 +977,7 @@ static struct alc_codec_rename_table rename_tbl[] = {
{ } /* terminator */
};
-static struct alc_codec_rename_pci_table rename_pci_tbl[] = {
+static const struct alc_codec_rename_pci_table rename_pci_tbl[] = {
{ 0x10ec0280, 0x1028, 0, "ALC3220" },
{ 0x10ec0282, 0x1028, 0, "ALC3221" },
{ 0x10ec0283, 0x1028, 0, "ALC3223" },
@@ -3115,7 +3115,7 @@ static void alc269_shutup(struct hda_codec *codec)
alc_shutup_pins(codec);
}
-static struct coef_fw alc282_coefs[] = {
+static const struct coef_fw alc282_coefs[] = {
WRITE_COEF(0x03, 0x0002), /* Power Down Control */
UPDATE_COEF(0x05, 0xff3f, 0x0700), /* FIFO and filter clock */
WRITE_COEF(0x07, 0x0200), /* DMIC control */
@@ -3227,7 +3227,7 @@ static void alc282_shutup(struct hda_codec *codec)
alc_write_coef_idx(codec, 0x78, coef78);
}
-static struct coef_fw alc283_coefs[] = {
+static const struct coef_fw alc283_coefs[] = {
WRITE_COEF(0x03, 0x0002), /* Power Down Control */
UPDATE_COEF(0x05, 0xff3f, 0x0700), /* FIFO and filter clock */
WRITE_COEF(0x07, 0x0200), /* DMIC control */
@@ -4234,7 +4234,7 @@ static void alc269_fixup_hp_line1_mic1_led(struct hda_codec *codec,
}
}
-static struct coef_fw alc225_pre_hsmode[] = {
+static const struct coef_fw alc225_pre_hsmode[] = {
UPDATE_COEF(0x4a, 1<<8, 0),
UPDATE_COEFEX(0x57, 0x05, 1<<14, 0),
UPDATE_COEF(0x63, 3<<14, 3<<14),
@@ -4247,7 +4247,7 @@ static struct coef_fw alc225_pre_hsmode[] = {
static void alc_headset_mode_unplugged(struct hda_codec *codec)
{
- static struct coef_fw coef0255[] = {
+ static const struct coef_fw coef0255[] = {
WRITE_COEF(0x1b, 0x0c0b), /* LDO and MISC control */
WRITE_COEF(0x45, 0xd089), /* UAJ function set to menual mode */
UPDATE_COEFEX(0x57, 0x05, 1<<14, 0), /* Direct Drive HP Amp control(Set to verb control)*/
@@ -4255,7 +4255,7 @@ static void alc_headset_mode_unplugged(struct hda_codec *codec)
WRITE_COEFEX(0x57, 0x03, 0x8aa6), /* Direct Drive HP Amp control */
{}
};
- static struct coef_fw coef0256[] = {
+ static const struct coef_fw coef0256[] = {
WRITE_COEF(0x1b, 0x0c4b), /* LDO and MISC control */
WRITE_COEF(0x45, 0xd089), /* UAJ function set to menual mode */
WRITE_COEF(0x06, 0x6104), /* Set MIC2 Vref gate with HP */
@@ -4263,7 +4263,7 @@ static void alc_headset_mode_unplugged(struct hda_codec *codec)
UPDATE_COEFEX(0x57, 0x05, 1<<14, 0), /* Direct Drive HP Amp control(Set to verb control)*/
{}
};
- static struct coef_fw coef0233[] = {
+ static const struct coef_fw coef0233[] = {
WRITE_COEF(0x1b, 0x0c0b),
WRITE_COEF(0x45, 0xc429),
UPDATE_COEF(0x35, 0x4000, 0),
@@ -4273,7 +4273,7 @@ static void alc_headset_mode_unplugged(struct hda_codec *codec)
WRITE_COEF(0x32, 0x42a3),
{}
};
- static struct coef_fw coef0288[] = {
+ static const struct coef_fw coef0288[] = {
UPDATE_COEF(0x4f, 0xfcc0, 0xc400),
UPDATE_COEF(0x50, 0x2000, 0x2000),
UPDATE_COEF(0x56, 0x0006, 0x0006),
@@ -4281,18 +4281,18 @@ static void alc_headset_mode_unplugged(struct hda_codec *codec)
UPDATE_COEF(0x67, 0x2000, 0),
{}
};
- static struct coef_fw coef0298[] = {
+ static const struct coef_fw coef0298[] = {
UPDATE_COEF(0x19, 0x1300, 0x0300),
{}
};
- static struct coef_fw coef0292[] = {
+ static const struct coef_fw coef0292[] = {
WRITE_COEF(0x76, 0x000e),
WRITE_COEF(0x6c, 0x2400),
WRITE_COEF(0x18, 0x7308),
WRITE_COEF(0x6b, 0xc429),
{}
};
- static struct coef_fw coef0293[] = {
+ static const struct coef_fw coef0293[] = {
UPDATE_COEF(0x10, 7<<8, 6<<8), /* SET Line1 JD to 0 */
UPDATE_COEFEX(0x57, 0x05, 1<<15|1<<13, 0x0), /* SET charge pump by verb */
UPDATE_COEFEX(0x57, 0x03, 1<<10, 1<<10), /* SET EN_OSW to 1 */
@@ -4301,16 +4301,16 @@ static void alc_headset_mode_unplugged(struct hda_codec *codec)
UPDATE_COEF(0x4a, 0x000f, 0x000e), /* Combo Jack auto detect */
{}
};
- static struct coef_fw coef0668[] = {
+ static const struct coef_fw coef0668[] = {
WRITE_COEF(0x15, 0x0d40),
WRITE_COEF(0xb7, 0x802b),
{}
};
- static struct coef_fw coef0225[] = {
+ static const struct coef_fw coef0225[] = {
UPDATE_COEF(0x63, 3<<14, 0),
{}
};
- static struct coef_fw coef0274[] = {
+ static const struct coef_fw coef0274[] = {
UPDATE_COEF(0x4a, 0x0100, 0),
UPDATE_COEFEX(0x57, 0x05, 0x4000, 0),
UPDATE_COEF(0x6b, 0xf000, 0x5000),
@@ -4375,25 +4375,25 @@ static void alc_headset_mode_unplugged(struct hda_codec *codec)
static void alc_headset_mode_mic_in(struct hda_codec *codec, hda_nid_t hp_pin,
hda_nid_t mic_pin)
{
- static struct coef_fw coef0255[] = {
+ static const struct coef_fw coef0255[] = {
WRITE_COEFEX(0x57, 0x03, 0x8aa6),
WRITE_COEF(0x06, 0x6100), /* Set MIC2 Vref gate to normal */
{}
};
- static struct coef_fw coef0256[] = {
+ static const struct coef_fw coef0256[] = {
UPDATE_COEFEX(0x57, 0x05, 1<<14, 1<<14), /* Direct Drive HP Amp control(Set to verb control)*/
WRITE_COEFEX(0x57, 0x03, 0x09a3),
WRITE_COEF(0x06, 0x6100), /* Set MIC2 Vref gate to normal */
{}
};
- static struct coef_fw coef0233[] = {
+ static const struct coef_fw coef0233[] = {
UPDATE_COEF(0x35, 0, 1<<14),
WRITE_COEF(0x06, 0x2100),
WRITE_COEF(0x1a, 0x0021),
WRITE_COEF(0x26, 0x008c),
{}
};
- static struct coef_fw coef0288[] = {
+ static const struct coef_fw coef0288[] = {
UPDATE_COEF(0x4f, 0x00c0, 0),
UPDATE_COEF(0x50, 0x2000, 0),
UPDATE_COEF(0x56, 0x0006, 0),
@@ -4402,30 +4402,30 @@ static void alc_headset_mode_mic_in(struct hda_codec *codec, hda_nid_t hp_pin,
UPDATE_COEF(0x67, 0x2000, 0x2000),
{}
};
- static struct coef_fw coef0292[] = {
+ static const struct coef_fw coef0292[] = {
WRITE_COEF(0x19, 0xa208),
WRITE_COEF(0x2e, 0xacf0),
{}
};
- static struct coef_fw coef0293[] = {
+ static const struct coef_fw coef0293[] = {
UPDATE_COEFEX(0x57, 0x05, 0, 1<<15|1<<13), /* SET charge pump by verb */
UPDATE_COEFEX(0x57, 0x03, 1<<10, 0), /* SET EN_OSW to 0 */
UPDATE_COEF(0x1a, 1<<3, 0), /* Combo JD gating without LINE1-VREFO */
{}
};
- static struct coef_fw coef0688[] = {
+ static const struct coef_fw coef0688[] = {
WRITE_COEF(0xb7, 0x802b),
WRITE_COEF(0xb5, 0x1040),
UPDATE_COEF(0xc3, 0, 1<<12),
{}
};
- static struct coef_fw coef0225[] = {
+ static const struct coef_fw coef0225[] = {
UPDATE_COEFEX(0x57, 0x05, 1<<14, 1<<14),
UPDATE_COEF(0x4a, 3<<4, 2<<4),
UPDATE_COEF(0x63, 3<<14, 0),
{}
};
- static struct coef_fw coef0274[] = {
+ static const struct coef_fw coef0274[] = {
UPDATE_COEFEX(0x57, 0x05, 0x4000, 0x4000),
UPDATE_COEF(0x4a, 0x0010, 0),
UPDATE_COEF(0x6b, 0xf000, 0),
@@ -4511,7 +4511,7 @@ static void alc_headset_mode_mic_in(struct hda_codec *codec, hda_nid_t hp_pin,
static void alc_headset_mode_default(struct hda_codec *codec)
{
- static struct coef_fw coef0225[] = {
+ static const struct coef_fw coef0225[] = {
UPDATE_COEF(0x45, 0x3f<<10, 0x30<<10),
UPDATE_COEF(0x45, 0x3f<<10, 0x31<<10),
UPDATE_COEF(0x49, 3<<8, 0<<8),
@@ -4520,14 +4520,14 @@ static void alc_headset_mode_default(struct hda_codec *codec)
UPDATE_COEF(0x67, 0xf000, 0x3000),
{}
};
- static struct coef_fw coef0255[] = {
+ static const struct coef_fw coef0255[] = {
WRITE_COEF(0x45, 0xc089),
WRITE_COEF(0x45, 0xc489),
WRITE_COEFEX(0x57, 0x03, 0x8ea6),
WRITE_COEF(0x49, 0x0049),
{}
};
- static struct coef_fw coef0256[] = {
+ static const struct coef_fw coef0256[] = {
WRITE_COEF(0x45, 0xc489),
WRITE_COEFEX(0x57, 0x03, 0x0da3),
WRITE_COEF(0x49, 0x0049),
@@ -4535,12 +4535,12 @@ static void alc_headset_mode_default(struct hda_codec *codec)
WRITE_COEF(0x06, 0x6100),
{}
};
- static struct coef_fw coef0233[] = {
+ static const struct coef_fw coef0233[] = {
WRITE_COEF(0x06, 0x2100),
WRITE_COEF(0x32, 0x4ea3),
{}
};
- static struct coef_fw coef0288[] = {
+ static const struct coef_fw coef0288[] = {
UPDATE_COEF(0x4f, 0xfcc0, 0xc400), /* Set to TRS type */
UPDATE_COEF(0x50, 0x2000, 0x2000),
UPDATE_COEF(0x56, 0x0006, 0x0006),
@@ -4548,26 +4548,26 @@ static void alc_headset_mode_default(struct hda_codec *codec)
UPDATE_COEF(0x67, 0x2000, 0),
{}
};
- static struct coef_fw coef0292[] = {
+ static const struct coef_fw coef0292[] = {
WRITE_COEF(0x76, 0x000e),
WRITE_COEF(0x6c, 0x2400),
WRITE_COEF(0x6b, 0xc429),
WRITE_COEF(0x18, 0x7308),
{}
};
- static struct coef_fw coef0293[] = {
+ static const struct coef_fw coef0293[] = {
UPDATE_COEF(0x4a, 0x000f, 0x000e), /* Combo Jack auto detect */
WRITE_COEF(0x45, 0xC429), /* Set to TRS type */
UPDATE_COEF(0x1a, 1<<3, 0), /* Combo JD gating without LINE1-VREFO */
{}
};
- static struct coef_fw coef0688[] = {
+ static const struct coef_fw coef0688[] = {
WRITE_COEF(0x11, 0x0041),
WRITE_COEF(0x15, 0x0d40),
WRITE_COEF(0xb7, 0x802b),
{}
};
- static struct coef_fw coef0274[] = {
+ static const struct coef_fw coef0274[] = {
WRITE_COEF(0x45, 0x4289),
UPDATE_COEF(0x4a, 0x0010, 0x0010),
UPDATE_COEF(0x6b, 0x0f00, 0),
@@ -4630,53 +4630,53 @@ static void alc_headset_mode_ctia(struct hda_codec *codec)
{
int val;
- static struct coef_fw coef0255[] = {
+ static const struct coef_fw coef0255[] = {
WRITE_COEF(0x45, 0xd489), /* Set to CTIA type */
WRITE_COEF(0x1b, 0x0c2b),
WRITE_COEFEX(0x57, 0x03, 0x8ea6),
{}
};
- static struct coef_fw coef0256[] = {
+ static const struct coef_fw coef0256[] = {
WRITE_COEF(0x45, 0xd489), /* Set to CTIA type */
WRITE_COEF(0x1b, 0x0e6b),
{}
};
- static struct coef_fw coef0233[] = {
+ static const struct coef_fw coef0233[] = {
WRITE_COEF(0x45, 0xd429),
WRITE_COEF(0x1b, 0x0c2b),
WRITE_COEF(0x32, 0x4ea3),
{}
};
- static struct coef_fw coef0288[] = {
+ static const struct coef_fw coef0288[] = {
UPDATE_COEF(0x50, 0x2000, 0x2000),
UPDATE_COEF(0x56, 0x0006, 0x0006),
UPDATE_COEF(0x66, 0x0008, 0),
UPDATE_COEF(0x67, 0x2000, 0),
{}
};
- static struct coef_fw coef0292[] = {
+ static const struct coef_fw coef0292[] = {
WRITE_COEF(0x6b, 0xd429),
WRITE_COEF(0x76, 0x0008),
WRITE_COEF(0x18, 0x7388),
{}
};
- static struct coef_fw coef0293[] = {
+ static const struct coef_fw coef0293[] = {
WRITE_COEF(0x45, 0xd429), /* Set to ctia type */
UPDATE_COEF(0x10, 7<<8, 7<<8), /* SET Line1 JD to 1 */
{}
};
- static struct coef_fw coef0688[] = {
+ static const struct coef_fw coef0688[] = {
WRITE_COEF(0x11, 0x0001),
WRITE_COEF(0x15, 0x0d60),
WRITE_COEF(0xc3, 0x0000),
{}
};
- static struct coef_fw coef0225_1[] = {
+ static const struct coef_fw coef0225_1[] = {
UPDATE_COEF(0x45, 0x3f<<10, 0x35<<10),
UPDATE_COEF(0x63, 3<<14, 2<<14),
{}
};
- static struct coef_fw coef0225_2[] = {
+ static const struct coef_fw coef0225_2[] = {
UPDATE_COEF(0x45, 0x3f<<10, 0x35<<10),
UPDATE_COEF(0x63, 3<<14, 1<<14),
{}
@@ -4748,48 +4748,48 @@ static void alc_headset_mode_ctia(struct hda_codec *codec)
/* Nokia type */
static void alc_headset_mode_omtp(struct hda_codec *codec)
{
- static struct coef_fw coef0255[] = {
+ static const struct coef_fw coef0255[] = {
WRITE_COEF(0x45, 0xe489), /* Set to OMTP Type */
WRITE_COEF(0x1b, 0x0c2b),
WRITE_COEFEX(0x57, 0x03, 0x8ea6),
{}
};
- static struct coef_fw coef0256[] = {
+ static const struct coef_fw coef0256[] = {
WRITE_COEF(0x45, 0xe489), /* Set to OMTP Type */
WRITE_COEF(0x1b, 0x0e6b),
{}
};
- static struct coef_fw coef0233[] = {
+ static const struct coef_fw coef0233[] = {
WRITE_COEF(0x45, 0xe429),
WRITE_COEF(0x1b, 0x0c2b),
WRITE_COEF(0x32, 0x4ea3),
{}
};
- static struct coef_fw coef0288[] = {
+ static const struct coef_fw coef0288[] = {
UPDATE_COEF(0x50, 0x2000, 0x2000),
UPDATE_COEF(0x56, 0x0006, 0x0006),
UPDATE_COEF(0x66, 0x0008, 0),
UPDATE_COEF(0x67, 0x2000, 0),
{}
};
- static struct coef_fw coef0292[] = {
+ static const struct coef_fw coef0292[] = {
WRITE_COEF(0x6b, 0xe429),
WRITE_COEF(0x76, 0x0008),
WRITE_COEF(0x18, 0x7388),
{}
};
- static struct coef_fw coef0293[] = {
+ static const struct coef_fw coef0293[] = {
WRITE_COEF(0x45, 0xe429), /* Set to omtp type */
UPDATE_COEF(0x10, 7<<8, 7<<8), /* SET Line1 JD to 1 */
{}
};
- static struct coef_fw coef0688[] = {
+ static const struct coef_fw coef0688[] = {
WRITE_COEF(0x11, 0x0001),
WRITE_COEF(0x15, 0x0d50),
WRITE_COEF(0xc3, 0x0000),
{}
};
- static struct coef_fw coef0225[] = {
+ static const struct coef_fw coef0225[] = {
UPDATE_COEF(0x45, 0x3f<<10, 0x39<<10),
UPDATE_COEF(0x63, 3<<14, 2<<14),
{}
@@ -4849,17 +4849,17 @@ static void alc_determine_headset_type(struct hda_codec *codec)
int val;
bool is_ctia = false;
struct alc_spec *spec = codec->spec;
- static struct coef_fw coef0255[] = {
+ static const struct coef_fw coef0255[] = {
WRITE_COEF(0x45, 0xd089), /* combo jack auto switch control(Check type)*/
WRITE_COEF(0x49, 0x0149), /* combo jack auto switch control(Vref
conteol) */
{}
};
- static struct coef_fw coef0288[] = {
+ static const struct coef_fw coef0288[] = {
UPDATE_COEF(0x4f, 0xfcc0, 0xd400), /* Check Type */
{}
};
- static struct coef_fw coef0298[] = {
+ static const struct coef_fw coef0298[] = {
UPDATE_COEF(0x50, 0x2000, 0x2000),
UPDATE_COEF(0x56, 0x0006, 0x0006),
UPDATE_COEF(0x66, 0x0008, 0),
@@ -4867,19 +4867,19 @@ static void alc_determine_headset_type(struct hda_codec *codec)
UPDATE_COEF(0x19, 0x1300, 0x1300),
{}
};
- static struct coef_fw coef0293[] = {
+ static const struct coef_fw coef0293[] = {
UPDATE_COEF(0x4a, 0x000f, 0x0008), /* Combo Jack auto detect */
WRITE_COEF(0x45, 0xD429), /* Set to ctia type */
{}
};
- static struct coef_fw coef0688[] = {
+ static const struct coef_fw coef0688[] = {
WRITE_COEF(0x11, 0x0001),
WRITE_COEF(0xb7, 0x802b),
WRITE_COEF(0x15, 0x0d60),
WRITE_COEF(0xc3, 0x0c00),
{}
};
- static struct coef_fw coef0274[] = {
+ static const struct coef_fw coef0274[] = {
UPDATE_COEF(0x4a, 0x0010, 0),
UPDATE_COEF(0x4a, 0x8000, 0),
WRITE_COEF(0x45, 0xd289),
@@ -5164,7 +5164,7 @@ static void alc_fixup_headset_mode_no_hp_mic(struct hda_codec *codec,
static void alc255_set_default_jack_type(struct hda_codec *codec)
{
/* Set to iphone type */
- static struct coef_fw alc255fw[] = {
+ static const struct coef_fw alc255fw[] = {
WRITE_COEF(0x1b, 0x880b),
WRITE_COEF(0x45, 0xd089),
WRITE_COEF(0x1b, 0x080b),
@@ -5172,7 +5172,7 @@ static void alc255_set_default_jack_type(struct hda_codec *codec)
WRITE_COEF(0x1b, 0x0c0b),
{}
};
- static struct coef_fw alc256fw[] = {
+ static const struct coef_fw alc256fw[] = {
WRITE_COEF(0x1b, 0x884b),
WRITE_COEF(0x45, 0xd089),
WRITE_COEF(0x1b, 0x084b),
@@ -8549,7 +8549,7 @@ static void alc662_fixup_aspire_ethos_hp(struct hda_codec *codec,
}
}
-static struct coef_fw alc668_coefs[] = {
+static const struct coef_fw alc668_coefs[] = {
WRITE_COEF(0x01, 0xbebe), WRITE_COEF(0x02, 0xaaaa), WRITE_COEF(0x03, 0x0),
WRITE_COEF(0x04, 0x0180), WRITE_COEF(0x06, 0x0), WRITE_COEF(0x07, 0x0f80),
WRITE_COEF(0x08, 0x0031), WRITE_COEF(0x0a, 0x0060), WRITE_COEF(0x0b, 0x0),
--
2.35.1
^ permalink raw reply related [flat|nested] 529+ messages in thread
* [PATCH 4.19 476/521] ALSA: hda/realtek - Add Headset Mic supported for HP cPC
2023-01-16 15:44 [PATCH 4.19 000/521] 4.19.270-rc1 review Greg Kroah-Hartman
` (474 preceding siblings ...)
2023-01-16 15:52 ` [PATCH 4.19 475/521] ALSA: hda/realtek - More constifications Greg Kroah-Hartman
@ 2023-01-16 15:52 ` Greg Kroah-Hartman
2023-01-16 15:52 ` [PATCH 4.19 477/521] ALSA: hda/realtek - Enable headset mic of Acer X2660G with ALC662 Greg Kroah-Hartman
` (48 subsequent siblings)
524 siblings, 0 replies; 529+ messages in thread
From: Greg Kroah-Hartman @ 2023-01-16 15:52 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Kailang Yang, Takashi Iwai, Sasha Levin
From: Kailang Yang <kailang@realtek.com>
[ Upstream commit 5af29028fd6db9438b5584ab7179710a0a22569d ]
HP ALC671 need to support Headset Mic.
Signed-off-by: Kailang Yang <kailang@realtek.com>
Link: https://lore.kernel.org/r/06a9d2b176e14706976d6584cbe2d92a@realtek.com
Signed-off-by: Takashi Iwai <tiwai@suse.de>
Stable-dep-of: 4bf5bf54476d ("ALSA: hda/realtek: Add quirk for Lenovo TianYi510Pro-14IOB")
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
sound/pci/hda/patch_realtek.c | 44 +++++++++++++++++++++++++++++++++++
1 file changed, 44 insertions(+)
diff --git a/sound/pci/hda/patch_realtek.c b/sound/pci/hda/patch_realtek.c
index 3abe30eec49a..375493d3807f 100644
--- a/sound/pci/hda/patch_realtek.c
+++ b/sound/pci/hda/patch_realtek.c
@@ -8549,6 +8549,29 @@ static void alc662_fixup_aspire_ethos_hp(struct hda_codec *codec,
}
}
+static void alc671_fixup_hp_headset_mic2(struct hda_codec *codec,
+ const struct hda_fixup *fix, int action)
+{
+ struct alc_spec *spec = codec->spec;
+
+ static const struct hda_pintbl pincfgs[] = {
+ { 0x19, 0x02a11040 }, /* use as headset mic, with its own jack detect */
+ { 0x1b, 0x0181304f },
+ { }
+ };
+
+ switch (action) {
+ case HDA_FIXUP_ACT_PRE_PROBE:
+ spec->gen.mixer_nid = 0;
+ spec->parse_flags |= HDA_PINCFG_HEADSET_MIC;
+ snd_hda_apply_pincfgs(codec, pincfgs);
+ break;
+ case HDA_FIXUP_ACT_INIT:
+ alc_write_coef_idx(codec, 0x19, 0xa054);
+ break;
+ }
+}
+
static const struct coef_fw alc668_coefs[] = {
WRITE_COEF(0x01, 0xbebe), WRITE_COEF(0x02, 0xaaaa), WRITE_COEF(0x03, 0x0),
WRITE_COEF(0x04, 0x0180), WRITE_COEF(0x06, 0x0), WRITE_COEF(0x07, 0x0f80),
@@ -8623,6 +8646,7 @@ enum {
ALC669_FIXUP_ACER_ASPIRE_ETHOS,
ALC669_FIXUP_ACER_ASPIRE_ETHOS_SUBWOOFER,
ALC669_FIXUP_ACER_ASPIRE_ETHOS_HEADSET,
+ ALC671_FIXUP_HP_HEADSET_MIC2,
};
static const struct hda_fixup alc662_fixups[] = {
@@ -8976,6 +9000,10 @@ static const struct hda_fixup alc662_fixups[] = {
.chained = true,
.chain_id = ALC669_FIXUP_ACER_ASPIRE_ETHOS_SUBWOOFER
},
+ [ALC671_FIXUP_HP_HEADSET_MIC2] = {
+ .type = HDA_FIXUP_FUNC,
+ .v.func = alc671_fixup_hp_headset_mic2,
+ },
};
static const struct snd_pci_quirk alc662_fixup_tbl[] = {
@@ -9157,6 +9185,22 @@ static const struct snd_hda_pin_quirk alc662_pin_fixup_tbl[] = {
{0x12, 0x90a60130},
{0x14, 0x90170110},
{0x15, 0x0321101f}),
+ SND_HDA_PIN_QUIRK(0x10ec0671, 0x103c, "HP cPC", ALC671_FIXUP_HP_HEADSET_MIC2,
+ {0x14, 0x01014010},
+ {0x17, 0x90170150},
+ {0x1b, 0x01813030},
+ {0x21, 0x02211020}),
+ SND_HDA_PIN_QUIRK(0x10ec0671, 0x103c, "HP cPC", ALC671_FIXUP_HP_HEADSET_MIC2,
+ {0x14, 0x01014010},
+ {0x18, 0x01a19040},
+ {0x1b, 0x01813030},
+ {0x21, 0x02211020}),
+ SND_HDA_PIN_QUIRK(0x10ec0671, 0x103c, "HP cPC", ALC671_FIXUP_HP_HEADSET_MIC2,
+ {0x14, 0x01014020},
+ {0x17, 0x90170110},
+ {0x18, 0x01a19050},
+ {0x1b, 0x01813040},
+ {0x21, 0x02211030}),
{}
};
--
2.35.1
^ permalink raw reply related [flat|nested] 529+ messages in thread
* [PATCH 4.19 477/521] ALSA: hda/realtek - Enable headset mic of Acer X2660G with ALC662
2023-01-16 15:44 [PATCH 4.19 000/521] 4.19.270-rc1 review Greg Kroah-Hartman
` (475 preceding siblings ...)
2023-01-16 15:52 ` [PATCH 4.19 476/521] ALSA: hda/realtek - Add Headset Mic supported for HP cPC Greg Kroah-Hartman
@ 2023-01-16 15:52 ` Greg Kroah-Hartman
2023-01-16 15:52 ` [PATCH 4.19 478/521] ALSA: hda/realtek - Enable the headset of Acer N50-600 " Greg Kroah-Hartman
` (47 subsequent siblings)
524 siblings, 0 replies; 529+ messages in thread
From: Greg Kroah-Hartman @ 2023-01-16 15:52 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Jian-Hong Pan, Takashi Iwai, Sasha Levin
From: Jian-Hong Pan <jian-hong@endlessm.com>
[ Upstream commit d858c706bdca97698752bd26b60c21ec07ef04f2 ]
The Acer desktop X2660G with ALC662 can't detect the headset microphone
until ALC662_FIXUP_ACER_X2660G_HEADSET_MODE quirk applied.
Signed-off-by: Jian-Hong Pan <jian-hong@endlessm.com>
Cc: <stable@vger.kernel.org>
Link: https://lore.kernel.org/r/20200317082806.73194-2-jian-hong@endlessm.com
Signed-off-by: Takashi Iwai <tiwai@suse.de>
Stable-dep-of: 4bf5bf54476d ("ALSA: hda/realtek: Add quirk for Lenovo TianYi510Pro-14IOB")
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
sound/pci/hda/patch_realtek.c | 11 +++++++++++
1 file changed, 11 insertions(+)
diff --git a/sound/pci/hda/patch_realtek.c b/sound/pci/hda/patch_realtek.c
index 375493d3807f..024a7e473e11 100644
--- a/sound/pci/hda/patch_realtek.c
+++ b/sound/pci/hda/patch_realtek.c
@@ -8647,6 +8647,7 @@ enum {
ALC669_FIXUP_ACER_ASPIRE_ETHOS_SUBWOOFER,
ALC669_FIXUP_ACER_ASPIRE_ETHOS_HEADSET,
ALC671_FIXUP_HP_HEADSET_MIC2,
+ ALC662_FIXUP_ACER_X2660G_HEADSET_MODE,
};
static const struct hda_fixup alc662_fixups[] = {
@@ -9004,6 +9005,15 @@ static const struct hda_fixup alc662_fixups[] = {
.type = HDA_FIXUP_FUNC,
.v.func = alc671_fixup_hp_headset_mic2,
},
+ [ALC662_FIXUP_ACER_X2660G_HEADSET_MODE] = {
+ .type = HDA_FIXUP_PINS,
+ .v.pins = (const struct hda_pintbl[]) {
+ { 0x1a, 0x02a1113c }, /* use as headset mic, without its own jack detect */
+ { }
+ },
+ .chained = true,
+ .chain_id = ALC662_FIXUP_USI_FUNC
+ },
};
static const struct snd_pci_quirk alc662_fixup_tbl[] = {
@@ -9015,6 +9025,7 @@ static const struct snd_pci_quirk alc662_fixup_tbl[] = {
SND_PCI_QUIRK(0x1025, 0x0349, "eMachines eM250", ALC662_FIXUP_INV_DMIC),
SND_PCI_QUIRK(0x1025, 0x034a, "Gateway LT27", ALC662_FIXUP_INV_DMIC),
SND_PCI_QUIRK(0x1025, 0x038b, "Acer Aspire 8943G", ALC662_FIXUP_ASPIRE),
+ SND_PCI_QUIRK(0x1025, 0x124e, "Acer 2660G", ALC662_FIXUP_ACER_X2660G_HEADSET_MODE),
SND_PCI_QUIRK(0x1028, 0x05d8, "Dell", ALC668_FIXUP_DELL_MIC_NO_PRESENCE),
SND_PCI_QUIRK(0x1028, 0x05db, "Dell", ALC668_FIXUP_DELL_MIC_NO_PRESENCE),
SND_PCI_QUIRK(0x1028, 0x05fe, "Dell XPS 15", ALC668_FIXUP_DELL_XPS13),
--
2.35.1
^ permalink raw reply related [flat|nested] 529+ messages in thread
* [PATCH 4.19 478/521] ALSA: hda/realtek - Enable the headset of Acer N50-600 with ALC662
2023-01-16 15:44 [PATCH 4.19 000/521] 4.19.270-rc1 review Greg Kroah-Hartman
` (476 preceding siblings ...)
2023-01-16 15:52 ` [PATCH 4.19 477/521] ALSA: hda/realtek - Enable headset mic of Acer X2660G with ALC662 Greg Kroah-Hartman
@ 2023-01-16 15:52 ` Greg Kroah-Hartman
2023-01-16 15:52 ` [PATCH 4.19 479/521] ALSA: hda/realtek - The front Mic on a HP machine doesnt work Greg Kroah-Hartman
` (46 subsequent siblings)
524 siblings, 0 replies; 529+ messages in thread
From: Greg Kroah-Hartman @ 2023-01-16 15:52 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Jian-Hong Pan, Takashi Iwai, Sasha Levin
From: Jian-Hong Pan <jian-hong@endlessm.com>
[ Upstream commit a124458a127ccd7629e20cd7bae3e1f758ed32aa ]
A headset on the desktop like Acer N50-600 does not work, until quirk
ALC662_FIXUP_ACER_NITRO_HEADSET_MODE is applied.
Signed-off-by: Jian-Hong Pan <jian-hong@endlessm.com>
Cc: <stable@vger.kernel.org>
Link: https://lore.kernel.org/r/20200317082806.73194-3-jian-hong@endlessm.com
Signed-off-by: Takashi Iwai <tiwai@suse.de>
Stable-dep-of: 4bf5bf54476d ("ALSA: hda/realtek: Add quirk for Lenovo TianYi510Pro-14IOB")
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
sound/pci/hda/patch_realtek.c | 12 ++++++++++++
1 file changed, 12 insertions(+)
diff --git a/sound/pci/hda/patch_realtek.c b/sound/pci/hda/patch_realtek.c
index 024a7e473e11..bb0917b9e68f 100644
--- a/sound/pci/hda/patch_realtek.c
+++ b/sound/pci/hda/patch_realtek.c
@@ -8648,6 +8648,7 @@ enum {
ALC669_FIXUP_ACER_ASPIRE_ETHOS_HEADSET,
ALC671_FIXUP_HP_HEADSET_MIC2,
ALC662_FIXUP_ACER_X2660G_HEADSET_MODE,
+ ALC662_FIXUP_ACER_NITRO_HEADSET_MODE,
};
static const struct hda_fixup alc662_fixups[] = {
@@ -9014,6 +9015,16 @@ static const struct hda_fixup alc662_fixups[] = {
.chained = true,
.chain_id = ALC662_FIXUP_USI_FUNC
},
+ [ALC662_FIXUP_ACER_NITRO_HEADSET_MODE] = {
+ .type = HDA_FIXUP_PINS,
+ .v.pins = (const struct hda_pintbl[]) {
+ { 0x1a, 0x01a11140 }, /* use as headset mic, without its own jack detect */
+ { 0x1b, 0x0221144f },
+ { }
+ },
+ .chained = true,
+ .chain_id = ALC662_FIXUP_USI_FUNC
+ },
};
static const struct snd_pci_quirk alc662_fixup_tbl[] = {
@@ -9025,6 +9036,7 @@ static const struct snd_pci_quirk alc662_fixup_tbl[] = {
SND_PCI_QUIRK(0x1025, 0x0349, "eMachines eM250", ALC662_FIXUP_INV_DMIC),
SND_PCI_QUIRK(0x1025, 0x034a, "Gateway LT27", ALC662_FIXUP_INV_DMIC),
SND_PCI_QUIRK(0x1025, 0x038b, "Acer Aspire 8943G", ALC662_FIXUP_ASPIRE),
+ SND_PCI_QUIRK(0x1025, 0x123c, "Acer Nitro N50-600", ALC662_FIXUP_ACER_NITRO_HEADSET_MODE),
SND_PCI_QUIRK(0x1025, 0x124e, "Acer 2660G", ALC662_FIXUP_ACER_X2660G_HEADSET_MODE),
SND_PCI_QUIRK(0x1028, 0x05d8, "Dell", ALC668_FIXUP_DELL_MIC_NO_PRESENCE),
SND_PCI_QUIRK(0x1028, 0x05db, "Dell", ALC668_FIXUP_DELL_MIC_NO_PRESENCE),
--
2.35.1
^ permalink raw reply related [flat|nested] 529+ messages in thread
* [PATCH 4.19 479/521] ALSA: hda/realtek - The front Mic on a HP machine doesnt work
2023-01-16 15:44 [PATCH 4.19 000/521] 4.19.270-rc1 review Greg Kroah-Hartman
` (477 preceding siblings ...)
2023-01-16 15:52 ` [PATCH 4.19 478/521] ALSA: hda/realtek - Enable the headset of Acer N50-600 " Greg Kroah-Hartman
@ 2023-01-16 15:52 ` Greg Kroah-Hartman
2023-01-16 15:52 ` [PATCH 4.19 480/521] ALSA: hda/realtek: Fix the mic type detection issue for ASUS G551JW Greg Kroah-Hartman
` (45 subsequent siblings)
524 siblings, 0 replies; 529+ messages in thread
From: Greg Kroah-Hartman @ 2023-01-16 15:52 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Jeremy Szu, Takashi Iwai, Sasha Levin
From: Jeremy Szu <jeremy.szu@canonical.com>
[ Upstream commit 148ebf548a1af366fc797fcc7d03f0bb92b12a79 ]
On a HP ZCentral, the front Mic could not be detected.
The codec of the HP ZCentrol is alc671 and it needs to override the pin
configuration to enable the headset mic.
Signed-off-by: Jeremy Szu <jeremy.szu@canonical.com>
Cc: <stable@vger.kernel.org>
Link: https://lore.kernel.org/r/20201008105645.65505-1-jeremy.szu@canonical.com
Signed-off-by: Takashi Iwai <tiwai@suse.de>
Stable-dep-of: 4bf5bf54476d ("ALSA: hda/realtek: Add quirk for Lenovo TianYi510Pro-14IOB")
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
sound/pci/hda/patch_realtek.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/sound/pci/hda/patch_realtek.c b/sound/pci/hda/patch_realtek.c
index bb0917b9e68f..a3cc5cc0d668 100644
--- a/sound/pci/hda/patch_realtek.c
+++ b/sound/pci/hda/patch_realtek.c
@@ -9049,6 +9049,7 @@ static const struct snd_pci_quirk alc662_fixup_tbl[] = {
SND_PCI_QUIRK(0x1028, 0x0698, "Dell", ALC668_FIXUP_DELL_MIC_NO_PRESENCE),
SND_PCI_QUIRK(0x1028, 0x069f, "Dell", ALC668_FIXUP_DELL_MIC_NO_PRESENCE),
SND_PCI_QUIRK(0x103c, 0x1632, "HP RP5800", ALC662_FIXUP_HP_RP5800),
+ SND_PCI_QUIRK(0x103c, 0x873e, "HP", ALC671_FIXUP_HP_HEADSET_MIC2),
SND_PCI_QUIRK(0x1043, 0x1080, "Asus UX501VW", ALC668_FIXUP_HEADSET_MODE),
SND_PCI_QUIRK(0x1043, 0x11cd, "Asus N550", ALC662_FIXUP_ASUS_Nx50),
SND_PCI_QUIRK(0x1043, 0x13df, "Asus N550JX", ALC662_FIXUP_BASS_1A),
--
2.35.1
^ permalink raw reply related [flat|nested] 529+ messages in thread
* [PATCH 4.19 480/521] ALSA: hda/realtek: Fix the mic type detection issue for ASUS G551JW
2023-01-16 15:44 [PATCH 4.19 000/521] 4.19.270-rc1 review Greg Kroah-Hartman
` (478 preceding siblings ...)
2023-01-16 15:52 ` [PATCH 4.19 479/521] ALSA: hda/realtek - The front Mic on a HP machine doesnt work Greg Kroah-Hartman
@ 2023-01-16 15:52 ` Greg Kroah-Hartman
2023-01-16 15:52 ` [PATCH 4.19 481/521] ALSA: hda/realtek - Add headset Mic support for Lenovo ALC897 platform Greg Kroah-Hartman
` (44 subsequent siblings)
524 siblings, 0 replies; 529+ messages in thread
From: Greg Kroah-Hartman @ 2023-01-16 15:52 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Hui Wang, Takashi Iwai, Sasha Levin, msd
From: Hui Wang <hui.wang@canonical.com>
[ Upstream commit a3fd1a986e499a06ac5ef95c3a39aa4611e7444c ]
We need to define the codec pin 0x1b to be the mic, but somehow
the mic doesn't support hot plugging detection, and Windows also has
this issue, so we set it to phantom headset-mic.
Also the determine_headset_type() often returns the omtp type by a
mistake when we plug a ctia headset, this makes the mic can't record
sound at all. Because most of the headset are ctia type nowadays and
some machines have the fixed ctia type audio jack, it is possible this
machine has the fixed ctia jack too. Here we set this mic jack to
fixed ctia type, this could avoid the mic type detection mistake and
make the ctia headset work stable.
BugLink: https://bugzilla.kernel.org/show_bug.cgi?id=214537
Reported-and-tested-by: msd <msd.mmq@gmail.com>
Cc: <stable@vger.kernel.org>
Signed-off-by: Hui Wang <hui.wang@canonical.com>
Link: https://lore.kernel.org/r/20211012114748.5238-1-hui.wang@canonical.com
Signed-off-by: Takashi Iwai <tiwai@suse.de>
Stable-dep-of: 4bf5bf54476d ("ALSA: hda/realtek: Add quirk for Lenovo TianYi510Pro-14IOB")
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
sound/pci/hda/patch_realtek.c | 27 +++++++++++++++++++++++++++
1 file changed, 27 insertions(+)
diff --git a/sound/pci/hda/patch_realtek.c b/sound/pci/hda/patch_realtek.c
index a3cc5cc0d668..566d5ea74c62 100644
--- a/sound/pci/hda/patch_realtek.c
+++ b/sound/pci/hda/patch_realtek.c
@@ -8649,6 +8649,9 @@ enum {
ALC671_FIXUP_HP_HEADSET_MIC2,
ALC662_FIXUP_ACER_X2660G_HEADSET_MODE,
ALC662_FIXUP_ACER_NITRO_HEADSET_MODE,
+ ALC668_FIXUP_ASUS_NO_HEADSET_MIC,
+ ALC668_FIXUP_HEADSET_MIC,
+ ALC668_FIXUP_MIC_DET_COEF,
};
static const struct hda_fixup alc662_fixups[] = {
@@ -9025,6 +9028,29 @@ static const struct hda_fixup alc662_fixups[] = {
.chained = true,
.chain_id = ALC662_FIXUP_USI_FUNC
},
+ [ALC668_FIXUP_ASUS_NO_HEADSET_MIC] = {
+ .type = HDA_FIXUP_PINS,
+ .v.pins = (const struct hda_pintbl[]) {
+ { 0x1b, 0x04a1112c },
+ { }
+ },
+ .chained = true,
+ .chain_id = ALC668_FIXUP_HEADSET_MIC
+ },
+ [ALC668_FIXUP_HEADSET_MIC] = {
+ .type = HDA_FIXUP_FUNC,
+ .v.func = alc269_fixup_headset_mic,
+ .chained = true,
+ .chain_id = ALC668_FIXUP_MIC_DET_COEF
+ },
+ [ALC668_FIXUP_MIC_DET_COEF] = {
+ .type = HDA_FIXUP_VERBS,
+ .v.verbs = (const struct hda_verb[]) {
+ { 0x20, AC_VERB_SET_COEF_INDEX, 0x15 },
+ { 0x20, AC_VERB_SET_PROC_COEF, 0x0d60 },
+ {}
+ },
+ },
};
static const struct snd_pci_quirk alc662_fixup_tbl[] = {
@@ -9059,6 +9085,7 @@ static const struct snd_pci_quirk alc662_fixup_tbl[] = {
SND_PCI_QUIRK(0x1043, 0x15a7, "ASUS UX51VZH", ALC662_FIXUP_BASS_16),
SND_PCI_QUIRK(0x1043, 0x177d, "ASUS N551", ALC668_FIXUP_ASUS_Nx51),
SND_PCI_QUIRK(0x1043, 0x17bd, "ASUS N751", ALC668_FIXUP_ASUS_Nx51),
+ SND_PCI_QUIRK(0x1043, 0x185d, "ASUS G551JW", ALC668_FIXUP_ASUS_NO_HEADSET_MIC),
SND_PCI_QUIRK(0x1043, 0x1963, "ASUS X71SL", ALC662_FIXUP_ASUS_MODE8),
SND_PCI_QUIRK(0x1043, 0x1b73, "ASUS N55SF", ALC662_FIXUP_BASS_16),
SND_PCI_QUIRK(0x1043, 0x1bf3, "ASUS N76VZ", ALC662_FIXUP_BASS_MODE4_CHMAP),
--
2.35.1
^ permalink raw reply related [flat|nested] 529+ messages in thread
* [PATCH 4.19 481/521] ALSA: hda/realtek - Add headset Mic support for Lenovo ALC897 platform
2023-01-16 15:44 [PATCH 4.19 000/521] 4.19.270-rc1 review Greg Kroah-Hartman
` (479 preceding siblings ...)
2023-01-16 15:52 ` [PATCH 4.19 480/521] ALSA: hda/realtek: Fix the mic type detection issue for ASUS G551JW Greg Kroah-Hartman
@ 2023-01-16 15:52 ` Greg Kroah-Hartman
2023-01-16 15:52 ` [PATCH 4.19 482/521] ALSA: hda/realtek - ALC897 headset MIC no sound Greg Kroah-Hartman
` (43 subsequent siblings)
524 siblings, 0 replies; 529+ messages in thread
From: Greg Kroah-Hartman @ 2023-01-16 15:52 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Kailang Yang, Takashi Iwai, Sasha Levin
From: Kailang Yang <kailang@realtek.com>
[ Upstream commit d7f32791a9fcf0dae8b073cdea9b79e29098c5f4 ]
Lenovo ALC897 platform had headset Mic.
This patch enable supported headset Mic.
Signed-off-by: Kailang Yang <kailang@realtek.com>
Cc: <stable@vger.kernel.org>
Link: https://lore.kernel.org/r/baab2c2536cb4cc18677a862c6f6d840@realtek.com
Signed-off-by: Takashi Iwai <tiwai@suse.de>
Stable-dep-of: 4bf5bf54476d ("ALSA: hda/realtek: Add quirk for Lenovo TianYi510Pro-14IOB")
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
sound/pci/hda/patch_realtek.c | 40 +++++++++++++++++++++++++++++++++++
1 file changed, 40 insertions(+)
diff --git a/sound/pci/hda/patch_realtek.c b/sound/pci/hda/patch_realtek.c
index 566d5ea74c62..f0cf3e23d355 100644
--- a/sound/pci/hda/patch_realtek.c
+++ b/sound/pci/hda/patch_realtek.c
@@ -8572,6 +8572,27 @@ static void alc671_fixup_hp_headset_mic2(struct hda_codec *codec,
}
}
+static void alc897_hp_automute_hook(struct hda_codec *codec,
+ struct hda_jack_callback *jack)
+{
+ struct alc_spec *spec = codec->spec;
+ int vref;
+
+ snd_hda_gen_hp_automute(codec, jack);
+ vref = spec->gen.hp_jack_present ? (PIN_HP | AC_PINCTL_VREF_100) : PIN_HP;
+ snd_hda_codec_write(codec, 0x1b, 0, AC_VERB_SET_PIN_WIDGET_CONTROL,
+ vref);
+}
+
+static void alc897_fixup_lenovo_headset_mic(struct hda_codec *codec,
+ const struct hda_fixup *fix, int action)
+{
+ struct alc_spec *spec = codec->spec;
+ if (action == HDA_FIXUP_ACT_PRE_PROBE) {
+ spec->gen.hp_automute_hook = alc897_hp_automute_hook;
+ }
+}
+
static const struct coef_fw alc668_coefs[] = {
WRITE_COEF(0x01, 0xbebe), WRITE_COEF(0x02, 0xaaaa), WRITE_COEF(0x03, 0x0),
WRITE_COEF(0x04, 0x0180), WRITE_COEF(0x06, 0x0), WRITE_COEF(0x07, 0x0f80),
@@ -8652,6 +8673,8 @@ enum {
ALC668_FIXUP_ASUS_NO_HEADSET_MIC,
ALC668_FIXUP_HEADSET_MIC,
ALC668_FIXUP_MIC_DET_COEF,
+ ALC897_FIXUP_LENOVO_HEADSET_MIC,
+ ALC897_FIXUP_HEADSET_MIC_PIN,
};
static const struct hda_fixup alc662_fixups[] = {
@@ -9051,6 +9074,19 @@ static const struct hda_fixup alc662_fixups[] = {
{}
},
},
+ [ALC897_FIXUP_LENOVO_HEADSET_MIC] = {
+ .type = HDA_FIXUP_FUNC,
+ .v.func = alc897_fixup_lenovo_headset_mic,
+ },
+ [ALC897_FIXUP_HEADSET_MIC_PIN] = {
+ .type = HDA_FIXUP_PINS,
+ .v.pins = (const struct hda_pintbl[]) {
+ { 0x1a, 0x03a11050 },
+ { }
+ },
+ .chained = true,
+ .chain_id = ALC897_FIXUP_LENOVO_HEADSET_MIC
+ },
};
static const struct snd_pci_quirk alc662_fixup_tbl[] = {
@@ -9094,6 +9130,10 @@ static const struct snd_pci_quirk alc662_fixup_tbl[] = {
SND_PCI_QUIRK(0x144d, 0xc051, "Samsung R720", ALC662_FIXUP_IDEAPAD),
SND_PCI_QUIRK(0x14cd, 0x5003, "USI", ALC662_FIXUP_USI_HEADSET_MODE),
SND_PCI_QUIRK(0x17aa, 0x1036, "Lenovo P520", ALC662_FIXUP_LENOVO_MULTI_CODECS),
+ SND_PCI_QUIRK(0x17aa, 0x32ca, "Lenovo ThinkCentre M80", ALC897_FIXUP_HEADSET_MIC_PIN),
+ SND_PCI_QUIRK(0x17aa, 0x32cb, "Lenovo ThinkCentre M70", ALC897_FIXUP_HEADSET_MIC_PIN),
+ SND_PCI_QUIRK(0x17aa, 0x32cf, "Lenovo ThinkCentre M950", ALC897_FIXUP_HEADSET_MIC_PIN),
+ SND_PCI_QUIRK(0x17aa, 0x32f7, "Lenovo ThinkCentre M90", ALC897_FIXUP_HEADSET_MIC_PIN),
SND_PCI_QUIRK(0x17aa, 0x38af, "Lenovo Ideapad Y550P", ALC662_FIXUP_IDEAPAD),
SND_PCI_QUIRK(0x17aa, 0x3a0d, "Lenovo Ideapad Y550", ALC662_FIXUP_IDEAPAD),
SND_PCI_QUIRK(0x1849, 0x5892, "ASRock B150M", ALC892_FIXUP_ASROCK_MOBO),
--
2.35.1
^ permalink raw reply related [flat|nested] 529+ messages in thread
* [PATCH 4.19 482/521] ALSA: hda/realtek - ALC897 headset MIC no sound
2023-01-16 15:44 [PATCH 4.19 000/521] 4.19.270-rc1 review Greg Kroah-Hartman
` (480 preceding siblings ...)
2023-01-16 15:52 ` [PATCH 4.19 481/521] ALSA: hda/realtek - Add headset Mic support for Lenovo ALC897 platform Greg Kroah-Hartman
@ 2023-01-16 15:52 ` Greg Kroah-Hartman
2023-01-16 15:52 ` [PATCH 4.19 483/521] ALSA: hda/realtek: Add quirk for Lenovo TianYi510Pro-14IOB Greg Kroah-Hartman
` (42 subsequent siblings)
524 siblings, 0 replies; 529+ messages in thread
From: Greg Kroah-Hartman @ 2023-01-16 15:52 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Kailang Yang, Takashi Iwai, Sasha Levin
From: Kailang Yang <kailang@realtek.com>
[ Upstream commit fe6900bd8156467365bd5b976df64928fdebfeb0 ]
There is not have Headset Mic verb table in BIOS default.
So, it will have recording issue from headset MIC.
Add the verb table value without jack detect. It will turn on Headset Mic.
Signed-off-by: Kailang Yang <kailang@realtek.com>
Cc: <stable@vger.kernel.org>
Link: https://lore.kernel.org/r/719133a27d8844a890002cb817001dfa@realtek.com
Signed-off-by: Takashi Iwai <tiwai@suse.de>
Stable-dep-of: 4bf5bf54476d ("ALSA: hda/realtek: Add quirk for Lenovo TianYi510Pro-14IOB")
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
sound/pci/hda/patch_realtek.c | 9 +++++++++
1 file changed, 9 insertions(+)
diff --git a/sound/pci/hda/patch_realtek.c b/sound/pci/hda/patch_realtek.c
index f0cf3e23d355..0a2cf8ca2812 100644
--- a/sound/pci/hda/patch_realtek.c
+++ b/sound/pci/hda/patch_realtek.c
@@ -8675,6 +8675,7 @@ enum {
ALC668_FIXUP_MIC_DET_COEF,
ALC897_FIXUP_LENOVO_HEADSET_MIC,
ALC897_FIXUP_HEADSET_MIC_PIN,
+ ALC897_FIXUP_HP_HSMIC_VERB,
};
static const struct hda_fixup alc662_fixups[] = {
@@ -9087,6 +9088,13 @@ static const struct hda_fixup alc662_fixups[] = {
.chained = true,
.chain_id = ALC897_FIXUP_LENOVO_HEADSET_MIC
},
+ [ALC897_FIXUP_HP_HSMIC_VERB] = {
+ .type = HDA_FIXUP_PINS,
+ .v.pins = (const struct hda_pintbl[]) {
+ { 0x19, 0x01a1913c }, /* use as headset mic, without its own jack detect */
+ { }
+ },
+ },
};
static const struct snd_pci_quirk alc662_fixup_tbl[] = {
@@ -9111,6 +9119,7 @@ static const struct snd_pci_quirk alc662_fixup_tbl[] = {
SND_PCI_QUIRK(0x1028, 0x0698, "Dell", ALC668_FIXUP_DELL_MIC_NO_PRESENCE),
SND_PCI_QUIRK(0x1028, 0x069f, "Dell", ALC668_FIXUP_DELL_MIC_NO_PRESENCE),
SND_PCI_QUIRK(0x103c, 0x1632, "HP RP5800", ALC662_FIXUP_HP_RP5800),
+ SND_PCI_QUIRK(0x103c, 0x8719, "HP", ALC897_FIXUP_HP_HSMIC_VERB),
SND_PCI_QUIRK(0x103c, 0x873e, "HP", ALC671_FIXUP_HP_HEADSET_MIC2),
SND_PCI_QUIRK(0x1043, 0x1080, "Asus UX501VW", ALC668_FIXUP_HEADSET_MODE),
SND_PCI_QUIRK(0x1043, 0x11cd, "Asus N550", ALC662_FIXUP_ASUS_Nx50),
--
2.35.1
^ permalink raw reply related [flat|nested] 529+ messages in thread
* [PATCH 4.19 483/521] ALSA: hda/realtek: Add quirk for Lenovo TianYi510Pro-14IOB
2023-01-16 15:44 [PATCH 4.19 000/521] 4.19.270-rc1 review Greg Kroah-Hartman
` (481 preceding siblings ...)
2023-01-16 15:52 ` [PATCH 4.19 482/521] ALSA: hda/realtek - ALC897 headset MIC no sound Greg Kroah-Hartman
@ 2023-01-16 15:52 ` Greg Kroah-Hartman
2023-01-16 15:52 ` [PATCH 4.19 484/521] ktest: Add support for meta characters in GRUB_MENU Greg Kroah-Hartman
` (41 subsequent siblings)
524 siblings, 0 replies; 529+ messages in thread
From: Greg Kroah-Hartman @ 2023-01-16 15:52 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Edward Pacman, Takashi Iwai, Sasha Levin
From: Edward Pacman <edward@edward-p.xyz>
[ Upstream commit 4bf5bf54476dffe60e6b6d8d539f67309ff599e2 ]
Lenovo TianYi510Pro-14IOB (17aa:3742)
require quirk for enabling headset-mic
Signed-off-by: Edward Pacman <edward@edward-p.xyz>
Cc: <stable@vger.kernel.org>
Link: https://bugzilla.kernel.org/show_bug.cgi?id=216756
Link: https://lore.kernel.org/r/20221207133218.18989-1-edward@edward-p.xyz
Signed-off-by: Takashi Iwai <tiwai@suse.de>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
sound/pci/hda/patch_realtek.c | 27 +++++++++++++++++++++++++++
1 file changed, 27 insertions(+)
diff --git a/sound/pci/hda/patch_realtek.c b/sound/pci/hda/patch_realtek.c
index 0a2cf8ca2812..ed14772a8e6e 100644
--- a/sound/pci/hda/patch_realtek.c
+++ b/sound/pci/hda/patch_realtek.c
@@ -8593,6 +8593,17 @@ static void alc897_fixup_lenovo_headset_mic(struct hda_codec *codec,
}
}
+static void alc897_fixup_lenovo_headset_mode(struct hda_codec *codec,
+ const struct hda_fixup *fix, int action)
+{
+ struct alc_spec *spec = codec->spec;
+
+ if (action == HDA_FIXUP_ACT_PRE_PROBE) {
+ spec->parse_flags |= HDA_PINCFG_HEADSET_MIC;
+ spec->gen.hp_automute_hook = alc897_hp_automute_hook;
+ }
+}
+
static const struct coef_fw alc668_coefs[] = {
WRITE_COEF(0x01, 0xbebe), WRITE_COEF(0x02, 0xaaaa), WRITE_COEF(0x03, 0x0),
WRITE_COEF(0x04, 0x0180), WRITE_COEF(0x06, 0x0), WRITE_COEF(0x07, 0x0f80),
@@ -8676,6 +8687,8 @@ enum {
ALC897_FIXUP_LENOVO_HEADSET_MIC,
ALC897_FIXUP_HEADSET_MIC_PIN,
ALC897_FIXUP_HP_HSMIC_VERB,
+ ALC897_FIXUP_LENOVO_HEADSET_MODE,
+ ALC897_FIXUP_HEADSET_MIC_PIN2,
};
static const struct hda_fixup alc662_fixups[] = {
@@ -9095,6 +9108,19 @@ static const struct hda_fixup alc662_fixups[] = {
{ }
},
},
+ [ALC897_FIXUP_LENOVO_HEADSET_MODE] = {
+ .type = HDA_FIXUP_FUNC,
+ .v.func = alc897_fixup_lenovo_headset_mode,
+ },
+ [ALC897_FIXUP_HEADSET_MIC_PIN2] = {
+ .type = HDA_FIXUP_PINS,
+ .v.pins = (const struct hda_pintbl[]) {
+ { 0x1a, 0x01a11140 }, /* use as headset mic, without its own jack detect */
+ { }
+ },
+ .chained = true,
+ .chain_id = ALC897_FIXUP_LENOVO_HEADSET_MODE
+ },
};
static const struct snd_pci_quirk alc662_fixup_tbl[] = {
@@ -9143,6 +9169,7 @@ static const struct snd_pci_quirk alc662_fixup_tbl[] = {
SND_PCI_QUIRK(0x17aa, 0x32cb, "Lenovo ThinkCentre M70", ALC897_FIXUP_HEADSET_MIC_PIN),
SND_PCI_QUIRK(0x17aa, 0x32cf, "Lenovo ThinkCentre M950", ALC897_FIXUP_HEADSET_MIC_PIN),
SND_PCI_QUIRK(0x17aa, 0x32f7, "Lenovo ThinkCentre M90", ALC897_FIXUP_HEADSET_MIC_PIN),
+ SND_PCI_QUIRK(0x17aa, 0x3742, "Lenovo TianYi510Pro-14IOB", ALC897_FIXUP_HEADSET_MIC_PIN2),
SND_PCI_QUIRK(0x17aa, 0x38af, "Lenovo Ideapad Y550P", ALC662_FIXUP_IDEAPAD),
SND_PCI_QUIRK(0x17aa, 0x3a0d, "Lenovo Ideapad Y550", ALC662_FIXUP_IDEAPAD),
SND_PCI_QUIRK(0x1849, 0x5892, "ASRock B150M", ALC892_FIXUP_ASROCK_MOBO),
--
2.35.1
^ permalink raw reply related [flat|nested] 529+ messages in thread
* [PATCH 4.19 484/521] ktest: Add support for meta characters in GRUB_MENU
2023-01-16 15:44 [PATCH 4.19 000/521] 4.19.270-rc1 review Greg Kroah-Hartman
` (482 preceding siblings ...)
2023-01-16 15:52 ` [PATCH 4.19 483/521] ALSA: hda/realtek: Add quirk for Lenovo TianYi510Pro-14IOB Greg Kroah-Hartman
@ 2023-01-16 15:52 ` Greg Kroah-Hartman
2023-01-16 15:52 ` [PATCH 4.19 485/521] ktest: introduce _get_grub_index Greg Kroah-Hartman
` (40 subsequent siblings)
524 siblings, 0 replies; 529+ messages in thread
From: Greg Kroah-Hartman @ 2023-01-16 15:52 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Masayoshi Mizuma,
Steven Rostedt (VMware),
Sasha Levin
From: Masayoshi Mizuma <m.mizuma@jp.fujitsu.com>
[ Upstream commit 68911069f509ba3bf0f513d9af00309e07932906 ]
ktest fails if meta characters are in GRUB_MENU, for example
GRUB_MENU = 'Fedora (test)'
The failure happens because the meta characters are not escaped,
so the menu doesn't match in any entries in GRUB_FILE.
Use quotemeta() to escape the meta characters.
Link: http://lkml.kernel.org/r/20190417235823.18176-1-msys.mizuma@gmail.com
Signed-off-by: Masayoshi Mizuma <m.mizuma@jp.fujitsu.com>
Signed-off-by: Steven Rostedt (VMware) <rostedt@goodmis.org>
Stable-dep-of: 26df05a8c142 ("kest.pl: Fix grub2 menu handling for rebooting")
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
tools/testing/ktest/ktest.pl | 6 ++++--
1 file changed, 4 insertions(+), 2 deletions(-)
diff --git a/tools/testing/ktest/ktest.pl b/tools/testing/ktest/ktest.pl
index 92663d123be1..635121ecf543 100755
--- a/tools/testing/ktest/ktest.pl
+++ b/tools/testing/ktest/ktest.pl
@@ -1866,9 +1866,10 @@ sub get_grub2_index {
or dodie "unable to get $grub_file";
my $found = 0;
+ my $grub_menu_qt = quotemeta($grub_menu);
while (<IN>) {
- if (/^menuentry.*$grub_menu/) {
+ if (/^menuentry.*$grub_menu_qt/) {
$grub_number++;
$found = 1;
last;
@@ -1909,9 +1910,10 @@ sub get_grub_index {
or dodie "unable to get menu.lst";
my $found = 0;
+ my $grub_menu_qt = quotemeta($grub_menu);
while (<IN>) {
- if (/^\s*title\s+$grub_menu\s*$/) {
+ if (/^\s*title\s+$grub_menu_qt\s*$/) {
$grub_number++;
$found = 1;
last;
--
2.35.1
^ permalink raw reply related [flat|nested] 529+ messages in thread
* [PATCH 4.19 485/521] ktest: introduce _get_grub_index
2023-01-16 15:44 [PATCH 4.19 000/521] 4.19.270-rc1 review Greg Kroah-Hartman
` (483 preceding siblings ...)
2023-01-16 15:52 ` [PATCH 4.19 484/521] ktest: Add support for meta characters in GRUB_MENU Greg Kroah-Hartman
@ 2023-01-16 15:52 ` Greg Kroah-Hartman
2023-01-16 15:52 ` [PATCH 4.19 486/521] ktest: cleanup get_grub_index Greg Kroah-Hartman
` (39 subsequent siblings)
524 siblings, 0 replies; 529+ messages in thread
From: Greg Kroah-Hartman @ 2023-01-16 15:52 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Masayoshi Mizuma,
Steven Rostedt (VMware),
Sasha Levin
From: Masayoshi Mizuma <m.mizuma@jp.fujitsu.com>
[ Upstream commit f824b6866835bc5051c44ffd289134974f214e98 ]
Introduce _get_grub_index() to deal with Boot Loader
Specification (BLS) and cleanup.
Link: http://lkml.kernel.org/r/20190509213647.6276-2-msys.mizuma@gmail.com
Signed-off-by: Masayoshi Mizuma <m.mizuma@jp.fujitsu.com>
Signed-off-by: Steven Rostedt (VMware) <rostedt@goodmis.org>
Stable-dep-of: 26df05a8c142 ("kest.pl: Fix grub2 menu handling for rebooting")
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
tools/testing/ktest/ktest.pl | 37 ++++++++++++++++++++++++++++++++++++
1 file changed, 37 insertions(+)
diff --git a/tools/testing/ktest/ktest.pl b/tools/testing/ktest/ktest.pl
index 635121ecf543..5fa60b3c564f 100755
--- a/tools/testing/ktest/ktest.pl
+++ b/tools/testing/ktest/ktest.pl
@@ -1850,6 +1850,43 @@ sub run_scp_mod {
return run_scp($src, $dst, $cp_scp);
}
+sub _get_grub_index {
+
+ my ($command, $target, $skip) = @_;
+
+ return if (defined($grub_number) && defined($last_grub_menu) &&
+ $last_grub_menu eq $grub_menu && defined($last_machine) &&
+ $last_machine eq $machine);
+
+ doprint "Find $reboot_type menu ... ";
+ $grub_number = -1;
+
+ my $ssh_grub = $ssh_exec;
+ $ssh_grub =~ s,\$SSH_COMMAND,$command,g;
+
+ open(IN, "$ssh_grub |")
+ or dodie "unable to execute $command";
+
+ my $found = 0;
+
+ while (<IN>) {
+ if (/$target/) {
+ $grub_number++;
+ $found = 1;
+ last;
+ } elsif (/$skip/) {
+ $grub_number++;
+ }
+ }
+ close(IN);
+
+ dodie "Could not find '$grub_menu' through $command on $machine"
+ if (!$found);
+ doprint "$grub_number\n";
+ $last_grub_menu = $grub_menu;
+ $last_machine = $machine;
+}
+
sub get_grub2_index {
return if (defined($grub_number) && defined($last_grub_menu) &&
--
2.35.1
^ permalink raw reply related [flat|nested] 529+ messages in thread
* [PATCH 4.19 486/521] ktest: cleanup get_grub_index
2023-01-16 15:44 [PATCH 4.19 000/521] 4.19.270-rc1 review Greg Kroah-Hartman
` (484 preceding siblings ...)
2023-01-16 15:52 ` [PATCH 4.19 485/521] ktest: introduce _get_grub_index Greg Kroah-Hartman
@ 2023-01-16 15:52 ` Greg Kroah-Hartman
2023-01-16 15:52 ` [PATCH 4.19 487/521] ktest: introduce grub2bls REBOOT_TYPE option Greg Kroah-Hartman
` (38 subsequent siblings)
524 siblings, 0 replies; 529+ messages in thread
From: Greg Kroah-Hartman @ 2023-01-16 15:52 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Masayoshi Mizuma,
Steven Rostedt (VMware),
Sasha Levin
From: Masayoshi Mizuma <m.mizuma@jp.fujitsu.com>
[ Upstream commit 38891392916c42d4ba46f474d553c76d1ed329ca ]
Cleanup get_grub_index().
Link: http://lkml.kernel.org/r/20190509213647.6276-3-msys.mizuma@gmail.com
Signed-off-by: Masayoshi Mizuma <m.mizuma@jp.fujitsu.com>
Signed-off-by: Steven Rostedt (VMware) <rostedt@goodmis.org>
Stable-dep-of: 26df05a8c142 ("kest.pl: Fix grub2 menu handling for rebooting")
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
tools/testing/ktest/ktest.pl | 50 ++++++++++++------------------------
1 file changed, 17 insertions(+), 33 deletions(-)
diff --git a/tools/testing/ktest/ktest.pl b/tools/testing/ktest/ktest.pl
index 5fa60b3c564f..a1067469ba0e 100755
--- a/tools/testing/ktest/ktest.pl
+++ b/tools/testing/ktest/ktest.pl
@@ -1925,46 +1925,30 @@ sub get_grub2_index {
sub get_grub_index {
- if ($reboot_type eq "grub2") {
- get_grub2_index;
- return;
- }
+ my $command;
+ my $target;
+ my $skip;
+ my $grub_menu_qt;
- if ($reboot_type ne "grub") {
+ if ($reboot_type !~ /^grub/) {
return;
}
- return if (defined($grub_number) && defined($last_grub_menu) &&
- $last_grub_menu eq $grub_menu && defined($last_machine) &&
- $last_machine eq $machine);
-
- doprint "Find grub menu ... ";
- $grub_number = -1;
- my $ssh_grub = $ssh_exec;
- $ssh_grub =~ s,\$SSH_COMMAND,cat /boot/grub/menu.lst,g;
-
- open(IN, "$ssh_grub |")
- or dodie "unable to get menu.lst";
+ $grub_menu_qt = quotemeta($grub_menu);
- my $found = 0;
- my $grub_menu_qt = quotemeta($grub_menu);
-
- while (<IN>) {
- if (/^\s*title\s+$grub_menu_qt\s*$/) {
- $grub_number++;
- $found = 1;
- last;
- } elsif (/^\s*title\s/) {
- $grub_number++;
- }
+ if ($reboot_type eq "grub") {
+ $command = "cat /boot/grub/menu.lst";
+ $target = '^\s*title\s+' . $grub_menu_qt . '\s*$';
+ $skip = '^\s*title\s';
+ } elsif ($reboot_type eq "grub2") {
+ $command = "cat $grub_file";
+ $target = '^menuentry.*' . $grub_menu_qt;
+ $skip = '^menuentry\s|^submenu\s';
+ } else {
+ return;
}
- close(IN);
- dodie "Could not find '$grub_menu' in /boot/grub/menu on $machine"
- if (!$found);
- doprint "$grub_number\n";
- $last_grub_menu = $grub_menu;
- $last_machine = $machine;
+ _get_grub_index($command, $target, $skip);
}
sub wait_for_input
--
2.35.1
^ permalink raw reply related [flat|nested] 529+ messages in thread
* [PATCH 4.19 487/521] ktest: introduce grub2bls REBOOT_TYPE option
2023-01-16 15:44 [PATCH 4.19 000/521] 4.19.270-rc1 review Greg Kroah-Hartman
` (485 preceding siblings ...)
2023-01-16 15:52 ` [PATCH 4.19 486/521] ktest: cleanup get_grub_index Greg Kroah-Hartman
@ 2023-01-16 15:52 ` Greg Kroah-Hartman
2023-01-16 15:52 ` [PATCH 4.19 488/521] ktest.pl: Fix incorrect reboot for grub2bls Greg Kroah-Hartman
` (37 subsequent siblings)
524 siblings, 0 replies; 529+ messages in thread
From: Greg Kroah-Hartman @ 2023-01-16 15:52 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Masayoshi Mizuma,
Steven Rostedt (VMware),
Sasha Levin
From: Masayoshi Mizuma <m.mizuma@jp.fujitsu.com>
[ Upstream commit ac2466456eaa0ff9b8cf647c4c52832024bc929f ]
Fedora 30 introduces Boot Loader Specification (BLS),
it changes around grub entry configuration.
kernel entries aren't in grub.cfg. We can get the entries
by "grubby --info=ALL" command.
Introduce grub2bls as REBOOT_TYPE option for BLS.
Link: http://lkml.kernel.org/r/20190509213647.6276-4-msys.mizuma@gmail.com
Signed-off-by: Masayoshi Mizuma <m.mizuma@jp.fujitsu.com>
Signed-off-by: Steven Rostedt (VMware) <rostedt@goodmis.org>
Stable-dep-of: 26df05a8c142 ("kest.pl: Fix grub2 menu handling for rebooting")
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
tools/testing/ktest/ktest.pl | 18 +++++++++++++++---
1 file changed, 15 insertions(+), 3 deletions(-)
diff --git a/tools/testing/ktest/ktest.pl b/tools/testing/ktest/ktest.pl
index a1067469ba0e..76468e2d619f 100755
--- a/tools/testing/ktest/ktest.pl
+++ b/tools/testing/ktest/ktest.pl
@@ -63,6 +63,7 @@ my %default = (
"STOP_TEST_AFTER" => 600,
"MAX_MONITOR_WAIT" => 1800,
"GRUB_REBOOT" => "grub2-reboot",
+ "GRUB_BLS_GET" => "grubby --info=ALL",
"SYSLINUX" => "extlinux",
"SYSLINUX_PATH" => "/boot/extlinux",
"CONNECT_TIMEOUT" => 25,
@@ -123,6 +124,7 @@ my $last_grub_menu;
my $grub_file;
my $grub_number;
my $grub_reboot;
+my $grub_bls_get;
my $syslinux;
my $syslinux_path;
my $syslinux_label;
@@ -292,6 +294,7 @@ my %option_map = (
"GRUB_MENU" => \$grub_menu,
"GRUB_FILE" => \$grub_file,
"GRUB_REBOOT" => \$grub_reboot,
+ "GRUB_BLS_GET" => \$grub_bls_get,
"SYSLINUX" => \$syslinux,
"SYSLINUX_PATH" => \$syslinux_path,
"SYSLINUX_LABEL" => \$syslinux_label,
@@ -437,7 +440,7 @@ EOF
;
$config_help{"REBOOT_TYPE"} = << "EOF"
Way to reboot the box to the test kernel.
- Only valid options so far are "grub", "grub2", "syslinux", and "script".
+ Only valid options so far are "grub", "grub2", "grub2bls", "syslinux", and "script".
If you specify grub, it will assume grub version 1
and will search in /boot/grub/menu.lst for the title \$GRUB_MENU
@@ -451,6 +454,8 @@ $config_help{"REBOOT_TYPE"} = << "EOF"
If you specify grub2, then you also need to specify both \$GRUB_MENU
and \$GRUB_FILE.
+ If you specify grub2bls, then you also need to specify \$GRUB_MENU.
+
If you specify syslinux, then you may use SYSLINUX to define the syslinux
command (defaults to extlinux), and SYSLINUX_PATH to specify the path to
the syslinux install (defaults to /boot/extlinux). But you have to specify
@@ -476,6 +481,9 @@ $config_help{"GRUB_MENU"} = << "EOF"
menu must be a non-nested menu. Add the quotes used in the menu
to guarantee your selection, as the first menuentry with the content
of \$GRUB_MENU that is found will be used.
+
+ For grub2bls, \$GRUB_MENU is searched on the result of \$GRUB_BLS_GET
+ command for the lines that begin with "title".
EOF
;
$config_help{"GRUB_FILE"} = << "EOF"
@@ -692,7 +700,7 @@ sub get_mandatory_configs {
}
}
- if ($rtype eq "grub") {
+ if (($rtype eq "grub") or ($rtype eq "grub2bls")) {
get_mandatory_config("GRUB_MENU");
}
@@ -1944,6 +1952,10 @@ sub get_grub_index {
$command = "cat $grub_file";
$target = '^menuentry.*' . $grub_menu_qt;
$skip = '^menuentry\s|^submenu\s';
+ } elsif ($reboot_type eq "grub2bls") {
+ $command = $grub_bls_get;
+ $target = '^title=.*' . $grub_menu_qt;
+ $skip = '^title=';
} else {
return;
}
@@ -4307,7 +4319,7 @@ for (my $i = 1; $i <= $opt{"NUM_TESTS"}; $i++) {
if (!$buildonly) {
$target = "$ssh_user\@$machine";
- if ($reboot_type eq "grub") {
+ if (($reboot_type eq "grub") or ($reboot_type eq "grub2bls")) {
dodie "GRUB_MENU not defined" if (!defined($grub_menu));
} elsif ($reboot_type eq "grub2") {
dodie "GRUB_MENU not defined" if (!defined($grub_menu));
--
2.35.1
^ permalink raw reply related [flat|nested] 529+ messages in thread
* [PATCH 4.19 488/521] ktest.pl: Fix incorrect reboot for grub2bls
2023-01-16 15:44 [PATCH 4.19 000/521] 4.19.270-rc1 review Greg Kroah-Hartman
` (486 preceding siblings ...)
2023-01-16 15:52 ` [PATCH 4.19 487/521] ktest: introduce grub2bls REBOOT_TYPE option Greg Kroah-Hartman
@ 2023-01-16 15:52 ` Greg Kroah-Hartman
2023-01-16 15:52 ` [PATCH 4.19 489/521] kest.pl: Fix grub2 menu handling for rebooting Greg Kroah-Hartman
` (36 subsequent siblings)
524 siblings, 0 replies; 529+ messages in thread
From: Greg Kroah-Hartman @ 2023-01-16 15:52 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Libo Chen, Steven Rostedt (VMware),
Sasha Levin
From: Libo Chen <libo.chen@oracle.com>
[ Upstream commit 271e0c9dce1b02a825b3cc1a7aa1fab7c381d44b ]
This issue was first noticed when I was testing different kernels on
Oracle Linux 8 which as Fedora 30+ adopts BLS as default. Even though a
kernel entry was added successfully and the index of that kernel entry was
retrieved correctly, ktest still wouldn't reboot the system into
user-specified kernel.
The bug was spotted in subroutine reboot_to where the if-statement never
checks for REBOOT_TYPE "grub2bls", therefore the desired entry will not be
set for the next boot.
Add a check for "grub2bls" so that $grub_reboot $grub_number can
be run before a reboot if REBOOT_TYPE is "grub2bls" then we can boot to
the correct kernel.
Link: https://lkml.kernel.org/r/20201121021243.1532477-1-libo.chen@oracle.com
Cc: stable@vger.kernel.org
Fixes: ac2466456eaa ("ktest: introduce grub2bls REBOOT_TYPE option")
Signed-off-by: Libo Chen <libo.chen@oracle.com>
Signed-off-by: Steven Rostedt (VMware) <rostedt@goodmis.org>
Stable-dep-of: 26df05a8c142 ("kest.pl: Fix grub2 menu handling for rebooting")
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
tools/testing/ktest/ktest.pl | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/tools/testing/ktest/ktest.pl b/tools/testing/ktest/ktest.pl
index 76468e2d619f..689fa4fd3d76 100755
--- a/tools/testing/ktest/ktest.pl
+++ b/tools/testing/ktest/ktest.pl
@@ -2023,7 +2023,7 @@ sub reboot_to {
if ($reboot_type eq "grub") {
run_ssh "'(echo \"savedefault --default=$grub_number --once\" | grub --batch)'";
- } elsif ($reboot_type eq "grub2") {
+ } elsif (($reboot_type eq "grub2") or ($reboot_type eq "grub2bls")) {
run_ssh "$grub_reboot $grub_number";
} elsif ($reboot_type eq "syslinux") {
run_ssh "$syslinux --once \\\"$syslinux_label\\\" $syslinux_path";
--
2.35.1
^ permalink raw reply related [flat|nested] 529+ messages in thread
* [PATCH 4.19 489/521] kest.pl: Fix grub2 menu handling for rebooting
2023-01-16 15:44 [PATCH 4.19 000/521] 4.19.270-rc1 review Greg Kroah-Hartman
` (487 preceding siblings ...)
2023-01-16 15:52 ` [PATCH 4.19 488/521] ktest.pl: Fix incorrect reboot for grub2bls Greg Kroah-Hartman
@ 2023-01-16 15:52 ` Greg Kroah-Hartman
2023-01-16 15:52 ` [PATCH 4.19 490/521] usb: ulpi: defer ulpi_register on ulpi_read_id timeout Greg Kroah-Hartman
` (35 subsequent siblings)
524 siblings, 0 replies; 529+ messages in thread
From: Greg Kroah-Hartman @ 2023-01-16 15:52 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, John Warthog9 Hawley (VMware),
Steven Rostedt, Sasha Levin
From: Steven Rostedt <rostedt@goodmis.org>
[ Upstream commit 26df05a8c1420ad3de314fdd407e7fc2058cc7aa ]
grub2 has submenus where to use grub-reboot, it requires:
grub-reboot X>Y
where X is the main index and Y is the submenu. Thus if you have:
menuentry 'Debian GNU/Linux' --class debian --class gnu-linux ...
[...]
}
submenu 'Advanced options for Debian GNU/Linux' $menuentry_id_option ...
menuentry 'Debian GNU/Linux, with Linux 6.0.0-4-amd64' --class debian --class gnu-linux ...
[...]
}
menuentry 'Debian GNU/Linux, with Linux 6.0.0-4-amd64 (recovery mode)' --class debian --class gnu-linux ...
[...]
}
menuentry 'Debian GNU/Linux, with Linux test' --class debian --class gnu-linux ...
[...]
}
And wanted to boot to the "Linux test" kernel, you need to run:
# grub-reboot 1>2
As 1 is the second top menu (the submenu) and 2 is the third of the sub
menu entries.
Have the grub.cfg parsing for grub2 handle such cases.
Cc: stable@vger.kernel.org
Fixes: a15ba91361d46 ("ktest: Add support for grub2")
Reviewed-by: John 'Warthog9' Hawley (VMware) <warthog9@eaglescrag.net>
Signed-off-by: Steven Rostedt <rostedt@goodmis.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
tools/testing/ktest/ktest.pl | 20 +++++++++++++++-----
1 file changed, 15 insertions(+), 5 deletions(-)
diff --git a/tools/testing/ktest/ktest.pl b/tools/testing/ktest/ktest.pl
index 689fa4fd3d76..a0b53309c5d8 100755
--- a/tools/testing/ktest/ktest.pl
+++ b/tools/testing/ktest/ktest.pl
@@ -1860,7 +1860,7 @@ sub run_scp_mod {
sub _get_grub_index {
- my ($command, $target, $skip) = @_;
+ my ($command, $target, $skip, $submenu) = @_;
return if (defined($grub_number) && defined($last_grub_menu) &&
$last_grub_menu eq $grub_menu && defined($last_machine) &&
@@ -1877,11 +1877,16 @@ sub _get_grub_index {
my $found = 0;
+ my $submenu_number = 0;
+
while (<IN>) {
if (/$target/) {
$grub_number++;
$found = 1;
last;
+ } elsif (defined($submenu) && /$submenu/) {
+ $submenu_number++;
+ $grub_number = -1;
} elsif (/$skip/) {
$grub_number++;
}
@@ -1890,6 +1895,9 @@ sub _get_grub_index {
dodie "Could not find '$grub_menu' through $command on $machine"
if (!$found);
+ if ($submenu_number > 0) {
+ $grub_number = "$submenu_number>$grub_number";
+ }
doprint "$grub_number\n";
$last_grub_menu = $grub_menu;
$last_machine = $machine;
@@ -1936,6 +1944,7 @@ sub get_grub_index {
my $command;
my $target;
my $skip;
+ my $submenu;
my $grub_menu_qt;
if ($reboot_type !~ /^grub/) {
@@ -1950,8 +1959,9 @@ sub get_grub_index {
$skip = '^\s*title\s';
} elsif ($reboot_type eq "grub2") {
$command = "cat $grub_file";
- $target = '^menuentry.*' . $grub_menu_qt;
- $skip = '^menuentry\s|^submenu\s';
+ $target = '^\s*menuentry.*' . $grub_menu_qt;
+ $skip = '^\s*menuentry';
+ $submenu = '^\s*submenu\s';
} elsif ($reboot_type eq "grub2bls") {
$command = $grub_bls_get;
$target = '^title=.*' . $grub_menu_qt;
@@ -1960,7 +1970,7 @@ sub get_grub_index {
return;
}
- _get_grub_index($command, $target, $skip);
+ _get_grub_index($command, $target, $skip, $submenu);
}
sub wait_for_input
@@ -2024,7 +2034,7 @@ sub reboot_to {
if ($reboot_type eq "grub") {
run_ssh "'(echo \"savedefault --default=$grub_number --once\" | grub --batch)'";
} elsif (($reboot_type eq "grub2") or ($reboot_type eq "grub2bls")) {
- run_ssh "$grub_reboot $grub_number";
+ run_ssh "$grub_reboot \"'$grub_number'\"";
} elsif ($reboot_type eq "syslinux") {
run_ssh "$syslinux --once \\\"$syslinux_label\\\" $syslinux_path";
} elsif (defined $reboot_script) {
--
2.35.1
^ permalink raw reply related [flat|nested] 529+ messages in thread
* [PATCH 4.19 490/521] usb: ulpi: defer ulpi_register on ulpi_read_id timeout
2023-01-16 15:44 [PATCH 4.19 000/521] 4.19.270-rc1 review Greg Kroah-Hartman
` (488 preceding siblings ...)
2023-01-16 15:52 ` [PATCH 4.19 489/521] kest.pl: Fix grub2 menu handling for rebooting Greg Kroah-Hartman
@ 2023-01-16 15:52 ` Greg Kroah-Hartman
2023-01-16 15:52 ` [PATCH 4.19 491/521] quota: Factor out setup of quota inode Greg Kroah-Hartman
` (34 subsequent siblings)
524 siblings, 0 replies; 529+ messages in thread
From: Greg Kroah-Hartman @ 2023-01-16 15:52 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Heikki Krogerus, Ferry Toth, Sasha Levin
From: Ferry Toth <ftoth@exalondelft.nl>
[ Upstream commit 8a7b31d545d3a15f0e6f5984ae16f0ca4fd76aac ]
Since commit 0f0101719138 ("usb: dwc3: Don't switch OTG -> peripheral
if extcon is present") Dual Role support on Intel Merrifield platform
broke due to rearranging the call to dwc3_get_extcon().
It appears to be caused by ulpi_read_id() on the first test write failing
with -ETIMEDOUT. Currently ulpi_read_id() expects to discover the phy via
DT when the test write fails and returns 0 in that case, even if DT does not
provide the phy. As a result usb probe completes without phy.
Make ulpi_read_id() return -ETIMEDOUT to its user if the first test write
fails. The user should then handle it appropriately. A follow up patch
will make dwc3_core_init() set -EPROBE_DEFER in this case and bail out.
Fixes: ef6a7bcfb01c ("usb: ulpi: Support device discovery via DT")
Cc: stable@vger.kernel.org
Acked-by: Heikki Krogerus <heikki.krogerus@linux.intel.com>
Signed-off-by: Ferry Toth <ftoth@exalondelft.nl>
Link: https://lore.kernel.org/r/20221205201527.13525-2-ftoth@exalondelft.nl
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/usb/common/ulpi.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/usb/common/ulpi.c b/drivers/usb/common/ulpi.c
index c42c152bbc33..94700c1d2f6e 100644
--- a/drivers/usb/common/ulpi.c
+++ b/drivers/usb/common/ulpi.c
@@ -207,7 +207,7 @@ static int ulpi_read_id(struct ulpi *ulpi)
/* Test the interface */
ret = ulpi_write(ulpi, ULPI_SCRATCH, 0xaa);
if (ret < 0)
- goto err;
+ return ret;
ret = ulpi_read(ulpi, ULPI_SCRATCH);
if (ret < 0)
--
2.35.1
^ permalink raw reply related [flat|nested] 529+ messages in thread
* [PATCH 4.19 491/521] quota: Factor out setup of quota inode
2023-01-16 15:44 [PATCH 4.19 000/521] 4.19.270-rc1 review Greg Kroah-Hartman
` (489 preceding siblings ...)
2023-01-16 15:52 ` [PATCH 4.19 490/521] usb: ulpi: defer ulpi_register on ulpi_read_id timeout Greg Kroah-Hartman
@ 2023-01-16 15:52 ` Greg Kroah-Hartman
2023-01-16 15:52 ` [PATCH 4.19 492/521] ext4: fix bug_on in __es_tree_search caused by bad " Greg Kroah-Hartman
` (33 subsequent siblings)
524 siblings, 0 replies; 529+ messages in thread
From: Greg Kroah-Hartman @ 2023-01-16 15:52 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Jan Kara, Sasha Levin
From: Jan Kara <jack@suse.cz>
[ Upstream commit c7d3d28360fdb3ed3a5aa0bab19315e0fdc994a1 ]
Factor out setting up of quota inode and eventual error cleanup from
vfs_load_quota_inode(). This will simplify situation for filesystems
that don't have any quota inodes.
Signed-off-by: Jan Kara <jack@suse.cz>
Stable-dep-of: d32387748476 ("ext4: fix bug_on in __es_tree_search caused by bad quota inode")
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
fs/quota/dquot.c | 108 ++++++++++++++++++++++++---------------
include/linux/quotaops.h | 2 +
2 files changed, 69 insertions(+), 41 deletions(-)
diff --git a/fs/quota/dquot.c b/fs/quota/dquot.c
index ddb379abd919..a1d2aed0d833 100644
--- a/fs/quota/dquot.c
+++ b/fs/quota/dquot.c
@@ -2298,28 +2298,60 @@ EXPORT_SYMBOL(dquot_quota_off);
* Turn quotas on on a device
*/
-/*
- * Helper function to turn quotas on when we already have the inode of
- * quota file and no quota information is loaded.
- */
-static int vfs_load_quota_inode(struct inode *inode, int type, int format_id,
+static int vfs_setup_quota_inode(struct inode *inode, int type)
+{
+ struct super_block *sb = inode->i_sb;
+ struct quota_info *dqopt = sb_dqopt(sb);
+
+ if (!S_ISREG(inode->i_mode))
+ return -EACCES;
+ if (IS_RDONLY(inode))
+ return -EROFS;
+ if (sb_has_quota_loaded(sb, type))
+ return -EBUSY;
+
+ dqopt->files[type] = igrab(inode);
+ if (!dqopt->files[type])
+ return -EIO;
+ if (!(dqopt->flags & DQUOT_QUOTA_SYS_FILE)) {
+ /* We don't want quota and atime on quota files (deadlocks
+ * possible) Also nobody should write to the file - we use
+ * special IO operations which ignore the immutable bit. */
+ inode_lock(inode);
+ inode->i_flags |= S_NOQUOTA;
+ inode_unlock(inode);
+ /*
+ * When S_NOQUOTA is set, remove dquot references as no more
+ * references can be added
+ */
+ __dquot_drop(inode);
+ }
+ return 0;
+}
+
+static void vfs_cleanup_quota_inode(struct super_block *sb, int type)
+{
+ struct quota_info *dqopt = sb_dqopt(sb);
+ struct inode *inode = dqopt->files[type];
+
+ if (!(dqopt->flags & DQUOT_QUOTA_SYS_FILE)) {
+ inode_lock(inode);
+ inode->i_flags &= ~S_NOQUOTA;
+ inode_unlock(inode);
+ }
+ dqopt->files[type] = NULL;
+ iput(inode);
+}
+
+int dquot_load_quota_sb(struct super_block *sb, int type, int format_id,
unsigned int flags)
{
struct quota_format_type *fmt = find_quota_format(format_id);
- struct super_block *sb = inode->i_sb;
struct quota_info *dqopt = sb_dqopt(sb);
int error;
if (!fmt)
return -ESRCH;
- if (!S_ISREG(inode->i_mode)) {
- error = -EACCES;
- goto out_fmt;
- }
- if (IS_RDONLY(inode)) {
- error = -EROFS;
- goto out_fmt;
- }
if (!sb->s_op->quota_write || !sb->s_op->quota_read ||
(type == PRJQUOTA && sb->dq_op->get_projid == NULL)) {
error = -EINVAL;
@@ -2351,27 +2383,9 @@ static int vfs_load_quota_inode(struct inode *inode, int type, int format_id,
invalidate_bdev(sb->s_bdev);
}
- if (!(dqopt->flags & DQUOT_QUOTA_SYS_FILE)) {
- /* We don't want quota and atime on quota files (deadlocks
- * possible) Also nobody should write to the file - we use
- * special IO operations which ignore the immutable bit. */
- inode_lock(inode);
- inode->i_flags |= S_NOQUOTA;
- inode_unlock(inode);
- /*
- * When S_NOQUOTA is set, remove dquot references as no more
- * references can be added
- */
- __dquot_drop(inode);
- }
-
- error = -EIO;
- dqopt->files[type] = igrab(inode);
- if (!dqopt->files[type])
- goto out_file_flags;
error = -EINVAL;
if (!fmt->qf_ops->check_quota_file(sb, type))
- goto out_file_init;
+ goto out_fmt;
dqopt->ops[type] = fmt->qf_ops;
dqopt->info[type].dqi_format = fmt;
@@ -2379,7 +2393,7 @@ static int vfs_load_quota_inode(struct inode *inode, int type, int format_id,
INIT_LIST_HEAD(&dqopt->info[type].dqi_dirty_list);
error = dqopt->ops[type]->read_file_info(sb, type);
if (error < 0)
- goto out_file_init;
+ goto out_fmt;
if (dqopt->flags & DQUOT_QUOTA_SYS_FILE) {
spin_lock(&dq_data_lock);
dqopt->info[type].dqi_flags |= DQF_SYS_FILE;
@@ -2394,18 +2408,30 @@ static int vfs_load_quota_inode(struct inode *inode, int type, int format_id,
dquot_disable(sb, type, flags);
return error;
-out_file_init:
- dqopt->files[type] = NULL;
- iput(inode);
-out_file_flags:
- inode_lock(inode);
- inode->i_flags &= ~S_NOQUOTA;
- inode_unlock(inode);
out_fmt:
put_quota_format(fmt);
return error;
}
+EXPORT_SYMBOL(dquot_load_quota_sb);
+
+/*
+ * Helper function to turn quotas on when we already have the inode of
+ * quota file and no quota information is loaded.
+ */
+static int vfs_load_quota_inode(struct inode *inode, int type, int format_id,
+ unsigned int flags)
+{
+ int err;
+
+ err = vfs_setup_quota_inode(inode, type);
+ if (err < 0)
+ return err;
+ err = dquot_load_quota_sb(inode->i_sb, type, format_id, flags);
+ if (err < 0)
+ vfs_cleanup_quota_inode(inode->i_sb, type);
+ return err;
+}
/* Reenable quotas on remount RW */
int dquot_resume(struct super_block *sb, int type)
diff --git a/include/linux/quotaops.h b/include/linux/quotaops.h
index 91e0b7624053..ec10897f7f60 100644
--- a/include/linux/quotaops.h
+++ b/include/linux/quotaops.h
@@ -99,6 +99,8 @@ int dquot_file_open(struct inode *inode, struct file *file);
int dquot_enable(struct inode *inode, int type, int format_id,
unsigned int flags);
+int dquot_load_quota_sb(struct super_block *sb, int type, int format_id,
+ unsigned int flags);
int dquot_quota_on(struct super_block *sb, int type, int format_id,
const struct path *path);
int dquot_quota_on_mount(struct super_block *sb, char *qf_name,
--
2.35.1
^ permalink raw reply related [flat|nested] 529+ messages in thread
* [PATCH 4.19 492/521] ext4: fix bug_on in __es_tree_search caused by bad quota inode
2023-01-16 15:44 [PATCH 4.19 000/521] 4.19.270-rc1 review Greg Kroah-Hartman
` (490 preceding siblings ...)
2023-01-16 15:52 ` [PATCH 4.19 491/521] quota: Factor out setup of quota inode Greg Kroah-Hartman
@ 2023-01-16 15:52 ` Greg Kroah-Hartman
2023-01-16 15:52 ` [PATCH 4.19 493/521] ext4: lost matching-pair of trace in ext4_truncate Greg Kroah-Hartman
` (32 subsequent siblings)
524 siblings, 0 replies; 529+ messages in thread
From: Greg Kroah-Hartman @ 2023-01-16 15:52 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Baokun Li, Chaitanya Kulkarni,
Jason Yan, Jan Kara, Theodore Tso, stable, Sasha Levin
From: Baokun Li <libaokun1@huawei.com>
[ Upstream commit d323877484765aaacbb2769b06e355c2041ed115 ]
We got a issue as fllows:
==================================================================
kernel BUG at fs/ext4/extents_status.c:202!
invalid opcode: 0000 [#1] PREEMPT SMP
CPU: 1 PID: 810 Comm: mount Not tainted 6.1.0-rc1-next-g9631525255e3 #352
RIP: 0010:__es_tree_search.isra.0+0xb8/0xe0
RSP: 0018:ffffc90001227900 EFLAGS: 00010202
RAX: 0000000000000000 RBX: 0000000077512a0f RCX: 0000000000000000
RDX: 0000000000000002 RSI: 0000000000002a10 RDI: ffff8881004cd0c8
RBP: ffff888177512ac8 R08: 47ffffffffffffff R09: 0000000000000001
R10: 0000000000000001 R11: 00000000000679af R12: 0000000000002a10
R13: ffff888177512d88 R14: 0000000077512a10 R15: 0000000000000000
FS: 00007f4bd76dbc40(0000)GS:ffff88842fd00000(0000)knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00005653bf993cf8 CR3: 000000017bfdf000 CR4: 00000000000006e0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
<TASK>
ext4_es_cache_extent+0xe2/0x210
ext4_cache_extents+0xd2/0x110
ext4_find_extent+0x5d5/0x8c0
ext4_ext_map_blocks+0x9c/0x1d30
ext4_map_blocks+0x431/0xa50
ext4_getblk+0x82/0x340
ext4_bread+0x14/0x110
ext4_quota_read+0xf0/0x180
v2_read_header+0x24/0x90
v2_check_quota_file+0x2f/0xa0
dquot_load_quota_sb+0x26c/0x760
dquot_load_quota_inode+0xa5/0x190
ext4_enable_quotas+0x14c/0x300
__ext4_fill_super+0x31cc/0x32c0
ext4_fill_super+0x115/0x2d0
get_tree_bdev+0x1d2/0x360
ext4_get_tree+0x19/0x30
vfs_get_tree+0x26/0xe0
path_mount+0x81d/0xfc0
do_mount+0x8d/0xc0
__x64_sys_mount+0xc0/0x160
do_syscall_64+0x35/0x80
entry_SYSCALL_64_after_hwframe+0x63/0xcd
</TASK>
==================================================================
Above issue may happen as follows:
-------------------------------------
ext4_fill_super
ext4_orphan_cleanup
ext4_enable_quotas
ext4_quota_enable
ext4_iget --> get error inode <5>
ext4_ext_check_inode --> Wrong imode makes it escape inspection
make_bad_inode(inode) --> EXT4_BOOT_LOADER_INO set imode
dquot_load_quota_inode
vfs_setup_quota_inode --> check pass
dquot_load_quota_sb
v2_check_quota_file
v2_read_header
ext4_quota_read
ext4_bread
ext4_getblk
ext4_map_blocks
ext4_ext_map_blocks
ext4_find_extent
ext4_cache_extents
ext4_es_cache_extent
__es_tree_search.isra.0
ext4_es_end --> Wrong extents trigger BUG_ON
In the above issue, s_usr_quota_inum is set to 5, but inode<5> contains
incorrect imode and disordered extents. Because 5 is EXT4_BOOT_LOADER_INO,
the ext4_ext_check_inode check in the ext4_iget function can be bypassed,
finally, the extents that are not checked trigger the BUG_ON in the
__es_tree_search function. To solve this issue, check whether the inode is
bad_inode in vfs_setup_quota_inode().
Signed-off-by: Baokun Li <libaokun1@huawei.com>
Reviewed-by: Chaitanya Kulkarni <kch@nvidia.com>
Reviewed-by: Jason Yan <yanaijie@huawei.com>
Reviewed-by: Jan Kara <jack@suse.cz>
Link: https://lore.kernel.org/r/20221026042310.3839669-2-libaokun1@huawei.com
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
Cc: stable@kernel.org
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
fs/quota/dquot.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/fs/quota/dquot.c b/fs/quota/dquot.c
index a1d2aed0d833..770a2b143485 100644
--- a/fs/quota/dquot.c
+++ b/fs/quota/dquot.c
@@ -2303,6 +2303,8 @@ static int vfs_setup_quota_inode(struct inode *inode, int type)
struct super_block *sb = inode->i_sb;
struct quota_info *dqopt = sb_dqopt(sb);
+ if (is_bad_inode(inode))
+ return -EUCLEAN;
if (!S_ISREG(inode->i_mode))
return -EACCES;
if (IS_RDONLY(inode))
--
2.35.1
^ permalink raw reply related [flat|nested] 529+ messages in thread
* [PATCH 4.19 493/521] ext4: lost matching-pair of trace in ext4_truncate
2023-01-16 15:44 [PATCH 4.19 000/521] 4.19.270-rc1 review Greg Kroah-Hartman
` (491 preceding siblings ...)
2023-01-16 15:52 ` [PATCH 4.19 492/521] ext4: fix bug_on in __es_tree_search caused by bad " Greg Kroah-Hartman
@ 2023-01-16 15:52 ` Greg Kroah-Hartman
2023-01-16 15:52 ` [PATCH 4.19 494/521] ext4: fix use-after-free in ext4_orphan_cleanup Greg Kroah-Hartman
` (31 subsequent siblings)
524 siblings, 0 replies; 529+ messages in thread
From: Greg Kroah-Hartman @ 2023-01-16 15:52 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, zhengliang, Andreas Dilger,
Ritesh Harjani, Theodore Tso, Sasha Levin
From: zhengliang <zhengliang6@huawei.com>
[ Upstream commit 9a5d265fed014115f35e598022c956e5d2fb863e ]
It should call trace exit in all return path for ext4_truncate.
Signed-off-by: zhengliang <zhengliang6@huawei.com>
Reviewed-by: Andreas Dilger <adilger@dilger.ca>
Reviewed-by: Ritesh Harjani <riteshh@linux.ibm.com>
Link: https://lore.kernel.org/r/20200701083027.45996-1-zhengliang6@huawei.com
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
Stable-dep-of: a71248b1accb ("ext4: fix use-after-free in ext4_orphan_cleanup")
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
fs/ext4/inode.c | 17 +++++++++--------
1 file changed, 9 insertions(+), 8 deletions(-)
diff --git a/fs/ext4/inode.c b/fs/ext4/inode.c
index b322658ceff1..16d2b88bc66d 100644
--- a/fs/ext4/inode.c
+++ b/fs/ext4/inode.c
@@ -4551,7 +4551,7 @@ int ext4_truncate(struct inode *inode)
trace_ext4_truncate_enter(inode);
if (!ext4_can_truncate(inode))
- return 0;
+ goto out_trace;
ext4_clear_inode_flag(inode, EXT4_INODE_EOFBLOCKS);
@@ -4562,16 +4562,14 @@ int ext4_truncate(struct inode *inode)
int has_inline = 1;
err = ext4_inline_data_truncate(inode, &has_inline);
- if (err)
- return err;
- if (has_inline)
- return 0;
+ if (err || has_inline)
+ goto out_trace;
}
/* If we zero-out tail of the page, we have to create jinode for jbd2 */
if (inode->i_size & (inode->i_sb->s_blocksize - 1)) {
if (ext4_inode_attach_jinode(inode) < 0)
- return 0;
+ goto out_trace;
}
if (ext4_test_inode_flag(inode, EXT4_INODE_EXTENTS))
@@ -4580,8 +4578,10 @@ int ext4_truncate(struct inode *inode)
credits = ext4_blocks_for_truncate(inode);
handle = ext4_journal_start(inode, EXT4_HT_TRUNCATE, credits);
- if (IS_ERR(handle))
- return PTR_ERR(handle);
+ if (IS_ERR(handle)) {
+ err = PTR_ERR(handle);
+ goto out_trace;
+ }
if (inode->i_size & (inode->i_sb->s_blocksize - 1))
ext4_block_truncate_page(handle, mapping, inode->i_size);
@@ -4630,6 +4630,7 @@ int ext4_truncate(struct inode *inode)
ext4_mark_inode_dirty(handle, inode);
ext4_journal_stop(handle);
+out_trace:
trace_ext4_truncate_exit(inode);
return err;
}
--
2.35.1
^ permalink raw reply related [flat|nested] 529+ messages in thread
* [PATCH 4.19 494/521] ext4: fix use-after-free in ext4_orphan_cleanup
2023-01-16 15:44 [PATCH 4.19 000/521] 4.19.270-rc1 review Greg Kroah-Hartman
` (492 preceding siblings ...)
2023-01-16 15:52 ` [PATCH 4.19 493/521] ext4: lost matching-pair of trace in ext4_truncate Greg Kroah-Hartman
@ 2023-01-16 15:52 ` Greg Kroah-Hartman
2023-01-16 15:52 ` [PATCH 4.19 495/521] ext4: fix uninititialized value in ext4_evict_inode Greg Kroah-Hartman
` (30 subsequent siblings)
524 siblings, 0 replies; 529+ messages in thread
From: Greg Kroah-Hartman @ 2023-01-16 15:52 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Baokun Li, Jan Kara, Theodore Tso,
stable, Sasha Levin
From: Baokun Li <libaokun1@huawei.com>
[ Upstream commit a71248b1accb2b42e4980afef4fa4a27fa0e36f5 ]
I caught a issue as follows:
==================================================================
BUG: KASAN: use-after-free in __list_add_valid+0x28/0x1a0
Read of size 8 at addr ffff88814b13f378 by task mount/710
CPU: 1 PID: 710 Comm: mount Not tainted 6.1.0-rc3-next #370
Call Trace:
<TASK>
dump_stack_lvl+0x73/0x9f
print_report+0x25d/0x759
kasan_report+0xc0/0x120
__asan_load8+0x99/0x140
__list_add_valid+0x28/0x1a0
ext4_orphan_cleanup+0x564/0x9d0 [ext4]
__ext4_fill_super+0x48e2/0x5300 [ext4]
ext4_fill_super+0x19f/0x3a0 [ext4]
get_tree_bdev+0x27b/0x450
ext4_get_tree+0x19/0x30 [ext4]
vfs_get_tree+0x49/0x150
path_mount+0xaae/0x1350
do_mount+0xe2/0x110
__x64_sys_mount+0xf0/0x190
do_syscall_64+0x35/0x80
entry_SYSCALL_64_after_hwframe+0x63/0xcd
</TASK>
[...]
==================================================================
Above issue may happen as follows:
-------------------------------------
ext4_fill_super
ext4_orphan_cleanup
--- loop1: assume last_orphan is 12 ---
list_add(&EXT4_I(inode)->i_orphan, &EXT4_SB(sb)->s_orphan)
ext4_truncate --> return 0
ext4_inode_attach_jinode --> return -ENOMEM
iput(inode) --> free inode<12>
--- loop2: last_orphan is still 12 ---
list_add(&EXT4_I(inode)->i_orphan, &EXT4_SB(sb)->s_orphan);
// use inode<12> and trigger UAF
To solve this issue, we need to propagate the return value of
ext4_inode_attach_jinode() appropriately.
Signed-off-by: Baokun Li <libaokun1@huawei.com>
Reviewed-by: Jan Kara <jack@suse.cz>
Link: https://lore.kernel.org/r/20221102080633.1630225-1-libaokun1@huawei.com
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
Cc: stable@kernel.org
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
fs/ext4/inode.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/fs/ext4/inode.c b/fs/ext4/inode.c
index 16d2b88bc66d..3c7bbdaa425a 100644
--- a/fs/ext4/inode.c
+++ b/fs/ext4/inode.c
@@ -4568,7 +4568,8 @@ int ext4_truncate(struct inode *inode)
/* If we zero-out tail of the page, we have to create jinode for jbd2 */
if (inode->i_size & (inode->i_sb->s_blocksize - 1)) {
- if (ext4_inode_attach_jinode(inode) < 0)
+ err = ext4_inode_attach_jinode(inode);
+ if (err)
goto out_trace;
}
--
2.35.1
^ permalink raw reply related [flat|nested] 529+ messages in thread
* [PATCH 4.19 495/521] ext4: fix uninititialized value in ext4_evict_inode
2023-01-16 15:44 [PATCH 4.19 000/521] 4.19.270-rc1 review Greg Kroah-Hartman
` (493 preceding siblings ...)
2023-01-16 15:52 ` [PATCH 4.19 494/521] ext4: fix use-after-free in ext4_orphan_cleanup Greg Kroah-Hartman
@ 2023-01-16 15:52 ` Greg Kroah-Hartman
2023-01-16 15:52 ` [PATCH 4.19 496/521] ext4: generalize extents status tree search functions Greg Kroah-Hartman
` (29 subsequent siblings)
524 siblings, 0 replies; 529+ messages in thread
From: Greg Kroah-Hartman @ 2023-01-16 15:52 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, syzbot+57b25da729eb0b88177d, Ye Bin,
Jan Kara, Eric Biggers, Theodore Tso, stable, Sasha Levin
From: Ye Bin <yebin10@huawei.com>
[ Upstream commit 7ea71af94eaaaf6d9aed24bc94a05b977a741cb9 ]
Syzbot found the following issue:
=====================================================
BUG: KMSAN: uninit-value in ext4_evict_inode+0xdd/0x26b0 fs/ext4/inode.c:180
ext4_evict_inode+0xdd/0x26b0 fs/ext4/inode.c:180
evict+0x365/0x9a0 fs/inode.c:664
iput_final fs/inode.c:1747 [inline]
iput+0x985/0xdd0 fs/inode.c:1773
__ext4_new_inode+0xe54/0x7ec0 fs/ext4/ialloc.c:1361
ext4_mknod+0x376/0x840 fs/ext4/namei.c:2844
vfs_mknod+0x79d/0x830 fs/namei.c:3914
do_mknodat+0x47d/0xaa0
__do_sys_mknodat fs/namei.c:3992 [inline]
__se_sys_mknodat fs/namei.c:3989 [inline]
__ia32_sys_mknodat+0xeb/0x150 fs/namei.c:3989
do_syscall_32_irqs_on arch/x86/entry/common.c:112 [inline]
__do_fast_syscall_32+0xa2/0x100 arch/x86/entry/common.c:178
do_fast_syscall_32+0x33/0x70 arch/x86/entry/common.c:203
do_SYSENTER_32+0x1b/0x20 arch/x86/entry/common.c:246
entry_SYSENTER_compat_after_hwframe+0x70/0x82
Uninit was created at:
__alloc_pages+0x9f1/0xe80 mm/page_alloc.c:5578
alloc_pages+0xaae/0xd80 mm/mempolicy.c:2285
alloc_slab_page mm/slub.c:1794 [inline]
allocate_slab+0x1b5/0x1010 mm/slub.c:1939
new_slab mm/slub.c:1992 [inline]
___slab_alloc+0x10c3/0x2d60 mm/slub.c:3180
__slab_alloc mm/slub.c:3279 [inline]
slab_alloc_node mm/slub.c:3364 [inline]
slab_alloc mm/slub.c:3406 [inline]
__kmem_cache_alloc_lru mm/slub.c:3413 [inline]
kmem_cache_alloc_lru+0x6f3/0xb30 mm/slub.c:3429
alloc_inode_sb include/linux/fs.h:3117 [inline]
ext4_alloc_inode+0x5f/0x860 fs/ext4/super.c:1321
alloc_inode+0x83/0x440 fs/inode.c:259
new_inode_pseudo fs/inode.c:1018 [inline]
new_inode+0x3b/0x430 fs/inode.c:1046
__ext4_new_inode+0x2a7/0x7ec0 fs/ext4/ialloc.c:959
ext4_mkdir+0x4d5/0x1560 fs/ext4/namei.c:2992
vfs_mkdir+0x62a/0x870 fs/namei.c:4035
do_mkdirat+0x466/0x7b0 fs/namei.c:4060
__do_sys_mkdirat fs/namei.c:4075 [inline]
__se_sys_mkdirat fs/namei.c:4073 [inline]
__ia32_sys_mkdirat+0xc4/0x120 fs/namei.c:4073
do_syscall_32_irqs_on arch/x86/entry/common.c:112 [inline]
__do_fast_syscall_32+0xa2/0x100 arch/x86/entry/common.c:178
do_fast_syscall_32+0x33/0x70 arch/x86/entry/common.c:203
do_SYSENTER_32+0x1b/0x20 arch/x86/entry/common.c:246
entry_SYSENTER_compat_after_hwframe+0x70/0x82
CPU: 1 PID: 4625 Comm: syz-executor.2 Not tainted 6.1.0-rc4-syzkaller-62821-gcb231e2f67ec #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
=====================================================
Now, 'ext4_alloc_inode()' didn't init 'ei->i_flags'. If new inode failed
before set 'ei->i_flags' in '__ext4_new_inode()', then do 'iput()'. As after
6bc0d63dad7f commit will access 'ei->i_flags' in 'ext4_evict_inode()' which
will lead to access uninit-value.
To solve above issue just init 'ei->i_flags' in 'ext4_alloc_inode()'.
Reported-by: syzbot+57b25da729eb0b88177d@syzkaller.appspotmail.com
Signed-off-by: Ye Bin <yebin10@huawei.com>
Fixes: 6bc0d63dad7f ("ext4: remove EA inode entry from mbcache on inode eviction")
Reviewed-by: Jan Kara <jack@suse.cz>
Reviewed-by: Eric Biggers <ebiggers@google.com>
Link: https://lore.kernel.org/r/20221117073603.2598882-1-yebin@huaweicloud.com
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
Cc: stable@kernel.org
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
fs/ext4/super.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/fs/ext4/super.c b/fs/ext4/super.c
index 85703a3e69e5..e54a5be15636 100644
--- a/fs/ext4/super.c
+++ b/fs/ext4/super.c
@@ -1081,6 +1081,7 @@ static struct inode *ext4_alloc_inode(struct super_block *sb)
return NULL;
inode_set_iversion(&ei->vfs_inode, 1);
+ ei->i_flags = 0;
spin_lock_init(&ei->i_raw_lock);
INIT_LIST_HEAD(&ei->i_prealloc_list);
spin_lock_init(&ei->i_prealloc_lock);
--
2.35.1
^ permalink raw reply related [flat|nested] 529+ messages in thread
* [PATCH 4.19 496/521] ext4: generalize extents status tree search functions
2023-01-16 15:44 [PATCH 4.19 000/521] 4.19.270-rc1 review Greg Kroah-Hartman
` (494 preceding siblings ...)
2023-01-16 15:52 ` [PATCH 4.19 495/521] ext4: fix uninititialized value in ext4_evict_inode Greg Kroah-Hartman
@ 2023-01-16 15:52 ` Greg Kroah-Hartman
2023-01-16 15:52 ` [PATCH 4.19 497/521] ext4: add new pending reservation mechanism Greg Kroah-Hartman
` (28 subsequent siblings)
524 siblings, 0 replies; 529+ messages in thread
From: Greg Kroah-Hartman @ 2023-01-16 15:52 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Eric Whitney, Theodore Tso, Sasha Levin
From: Eric Whitney <enwlinux@gmail.com>
[ Upstream commit ad431025aecda85d3ebef5e4a3aca5c1c681d0c7 ]
Ext4 contains a few functions that are used to search for delayed
extents or blocks in the extents status tree. Rather than duplicate
code to add new functions to search for extents with different status
values, such as written or a combination of delayed and unwritten,
generalize the existing code to search for caller-specified extents
status values. Also, move this code into extents_status.c where it
is better associated with the data structures it operates upon, and
where it can be more readily used to implement new extents status tree
functions that might want a broader scope for i_es_lock.
Three missing static specifiers in RFC version of patch reported and
fixed by Fengguang Wu <fengguang.wu@intel.com>.
Signed-off-by: Eric Whitney <enwlinux@gmail.com>
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
Stable-dep-of: 131294c35ed6 ("ext4: fix delayed allocation bug in ext4_clu_mapped for bigalloc + inline")
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
fs/ext4/ext4.h | 4 -
fs/ext4/extents.c | 52 +++----------
fs/ext4/extents_status.c | 149 +++++++++++++++++++++++++++++++-----
fs/ext4/extents_status.h | 13 +++-
fs/ext4/inode.c | 17 ++--
include/trace/events/ext4.h | 4 +-
6 files changed, 165 insertions(+), 74 deletions(-)
diff --git a/fs/ext4/ext4.h b/fs/ext4/ext4.h
index e58b162ad5d6..24bbfbf9a5aa 100644
--- a/fs/ext4/ext4.h
+++ b/fs/ext4/ext4.h
@@ -3228,10 +3228,6 @@ extern struct ext4_ext_path *ext4_find_extent(struct inode *, ext4_lblk_t,
int flags);
extern void ext4_ext_drop_refs(struct ext4_ext_path *);
extern int ext4_ext_check_inode(struct inode *inode);
-extern int ext4_find_delalloc_range(struct inode *inode,
- ext4_lblk_t lblk_start,
- ext4_lblk_t lblk_end);
-extern int ext4_find_delalloc_cluster(struct inode *inode, ext4_lblk_t lblk);
extern ext4_lblk_t ext4_ext_next_allocated_block(struct ext4_ext_path *path);
extern int ext4_fiemap(struct inode *inode, struct fiemap_extent_info *fieinfo,
__u64 start, __u64 len);
diff --git a/fs/ext4/extents.c b/fs/ext4/extents.c
index 6c492fca60c4..c5c8326f5c25 100644
--- a/fs/ext4/extents.c
+++ b/fs/ext4/extents.c
@@ -2381,8 +2381,8 @@ ext4_ext_put_gap_in_cache(struct inode *inode, ext4_lblk_t hole_start,
{
struct extent_status es;
- ext4_es_find_delayed_extent_range(inode, hole_start,
- hole_start + hole_len - 1, &es);
+ ext4_es_find_extent_range(inode, &ext4_es_is_delayed, hole_start,
+ hole_start + hole_len - 1, &es);
if (es.es_len) {
/* There's delayed extent containing lblock? */
if (es.es_lblk <= hole_start)
@@ -3852,39 +3852,6 @@ static int check_eofblocks_fl(handle_t *handle, struct inode *inode,
return ext4_mark_inode_dirty(handle, inode);
}
-/**
- * ext4_find_delalloc_range: find delayed allocated block in the given range.
- *
- * Return 1 if there is a delalloc block in the range, otherwise 0.
- */
-int ext4_find_delalloc_range(struct inode *inode,
- ext4_lblk_t lblk_start,
- ext4_lblk_t lblk_end)
-{
- struct extent_status es;
-
- ext4_es_find_delayed_extent_range(inode, lblk_start, lblk_end, &es);
- if (es.es_len == 0)
- return 0; /* there is no delay extent in this tree */
- else if (es.es_lblk <= lblk_start &&
- lblk_start < es.es_lblk + es.es_len)
- return 1;
- else if (lblk_start <= es.es_lblk && es.es_lblk <= lblk_end)
- return 1;
- else
- return 0;
-}
-
-int ext4_find_delalloc_cluster(struct inode *inode, ext4_lblk_t lblk)
-{
- struct ext4_sb_info *sbi = EXT4_SB(inode->i_sb);
- ext4_lblk_t lblk_start, lblk_end;
- lblk_start = EXT4_LBLK_CMASK(sbi, lblk);
- lblk_end = lblk_start + sbi->s_cluster_ratio - 1;
-
- return ext4_find_delalloc_range(inode, lblk_start, lblk_end);
-}
-
/**
* Determines how many complete clusters (out of those specified by the 'map')
* are under delalloc and were reserved quota for.
@@ -3943,7 +3910,8 @@ get_reserved_cluster_alloc(struct inode *inode, ext4_lblk_t lblk_start,
lblk_from = EXT4_LBLK_CMASK(sbi, lblk_start);
lblk_to = lblk_from + c_offset - 1;
- if (ext4_find_delalloc_range(inode, lblk_from, lblk_to))
+ if (ext4_es_scan_range(inode, &ext4_es_is_delayed, lblk_from,
+ lblk_to))
allocated_clusters--;
}
@@ -3953,7 +3921,8 @@ get_reserved_cluster_alloc(struct inode *inode, ext4_lblk_t lblk_start,
lblk_from = lblk_start + num_blks;
lblk_to = lblk_from + (sbi->s_cluster_ratio - c_offset) - 1;
- if (ext4_find_delalloc_range(inode, lblk_from, lblk_to))
+ if (ext4_es_scan_range(inode, &ext4_es_is_delayed, lblk_from,
+ lblk_to))
allocated_clusters--;
}
@@ -5108,8 +5077,10 @@ static int ext4_find_delayed_extent(struct inode *inode,
ext4_lblk_t block, next_del;
if (newes->es_pblk == 0) {
- ext4_es_find_delayed_extent_range(inode, newes->es_lblk,
- newes->es_lblk + newes->es_len - 1, &es);
+ ext4_es_find_extent_range(inode, &ext4_es_is_delayed,
+ newes->es_lblk,
+ newes->es_lblk + newes->es_len - 1,
+ &es);
/*
* No extent in extent-tree contains block @newes->es_pblk,
@@ -5130,7 +5101,8 @@ static int ext4_find_delayed_extent(struct inode *inode,
}
block = newes->es_lblk + newes->es_len;
- ext4_es_find_delayed_extent_range(inode, block, EXT_MAX_BLOCKS, &es);
+ ext4_es_find_extent_range(inode, &ext4_es_is_delayed, block,
+ EXT_MAX_BLOCKS, &es);
if (es.es_len == 0)
next_del = EXT_MAX_BLOCKS;
else
diff --git a/fs/ext4/extents_status.c b/fs/ext4/extents_status.c
index 027c3e1b9f61..e7503a3a3299 100644
--- a/fs/ext4/extents_status.c
+++ b/fs/ext4/extents_status.c
@@ -233,30 +233,38 @@ static struct extent_status *__es_tree_search(struct rb_root *root,
}
/*
- * ext4_es_find_delayed_extent_range: find the 1st delayed extent covering
- * @es->lblk if it exists, otherwise, the next extent after @es->lblk.
+ * ext4_es_find_extent_range - find extent with specified status within block
+ * range or next extent following block range in
+ * extents status tree
*
- * @inode: the inode which owns delayed extents
- * @lblk: the offset where we start to search
- * @end: the offset where we stop to search
- * @es: delayed extent that we found
+ * @inode - file containing the range
+ * @matching_fn - pointer to function that matches extents with desired status
+ * @lblk - logical block defining start of range
+ * @end - logical block defining end of range
+ * @es - extent found, if any
+ *
+ * Find the first extent within the block range specified by @lblk and @end
+ * in the extents status tree that satisfies @matching_fn. If a match
+ * is found, it's returned in @es. If not, and a matching extent is found
+ * beyond the block range, it's returned in @es. If no match is found, an
+ * extent is returned in @es whose es_lblk, es_len, and es_pblk components
+ * are 0.
*/
-void ext4_es_find_delayed_extent_range(struct inode *inode,
- ext4_lblk_t lblk, ext4_lblk_t end,
- struct extent_status *es)
+static void __es_find_extent_range(struct inode *inode,
+ int (*matching_fn)(struct extent_status *es),
+ ext4_lblk_t lblk, ext4_lblk_t end,
+ struct extent_status *es)
{
struct ext4_es_tree *tree = NULL;
struct extent_status *es1 = NULL;
struct rb_node *node;
- BUG_ON(es == NULL);
- BUG_ON(end < lblk);
- trace_ext4_es_find_delayed_extent_range_enter(inode, lblk);
+ WARN_ON(es == NULL);
+ WARN_ON(end < lblk);
- read_lock(&EXT4_I(inode)->i_es_lock);
tree = &EXT4_I(inode)->i_es_tree;
- /* find extent in cache firstly */
+ /* see if the extent has been cached */
es->es_lblk = es->es_len = es->es_pblk = 0;
if (tree->cache_es) {
es1 = tree->cache_es;
@@ -271,28 +279,133 @@ void ext4_es_find_delayed_extent_range(struct inode *inode,
es1 = __es_tree_search(&tree->root, lblk);
out:
- if (es1 && !ext4_es_is_delayed(es1)) {
+ if (es1 && !matching_fn(es1)) {
while ((node = rb_next(&es1->rb_node)) != NULL) {
es1 = rb_entry(node, struct extent_status, rb_node);
if (es1->es_lblk > end) {
es1 = NULL;
break;
}
- if (ext4_es_is_delayed(es1))
+ if (matching_fn(es1))
break;
}
}
- if (es1 && ext4_es_is_delayed(es1)) {
+ if (es1 && matching_fn(es1)) {
tree->cache_es = es1;
es->es_lblk = es1->es_lblk;
es->es_len = es1->es_len;
es->es_pblk = es1->es_pblk;
}
+}
+
+/*
+ * Locking for __es_find_extent_range() for external use
+ */
+void ext4_es_find_extent_range(struct inode *inode,
+ int (*matching_fn)(struct extent_status *es),
+ ext4_lblk_t lblk, ext4_lblk_t end,
+ struct extent_status *es)
+{
+ trace_ext4_es_find_extent_range_enter(inode, lblk);
+
+ read_lock(&EXT4_I(inode)->i_es_lock);
+ __es_find_extent_range(inode, matching_fn, lblk, end, es);
+ read_unlock(&EXT4_I(inode)->i_es_lock);
+
+ trace_ext4_es_find_extent_range_exit(inode, es);
+}
+
+/*
+ * __es_scan_range - search block range for block with specified status
+ * in extents status tree
+ *
+ * @inode - file containing the range
+ * @matching_fn - pointer to function that matches extents with desired status
+ * @lblk - logical block defining start of range
+ * @end - logical block defining end of range
+ *
+ * Returns true if at least one block in the specified block range satisfies
+ * the criterion specified by @matching_fn, and false if not. If at least
+ * one extent has the specified status, then there is at least one block
+ * in the cluster with that status. Should only be called by code that has
+ * taken i_es_lock.
+ */
+static bool __es_scan_range(struct inode *inode,
+ int (*matching_fn)(struct extent_status *es),
+ ext4_lblk_t start, ext4_lblk_t end)
+{
+ struct extent_status es;
+
+ __es_find_extent_range(inode, matching_fn, start, end, &es);
+ if (es.es_len == 0)
+ return false; /* no matching extent in the tree */
+ else if (es.es_lblk <= start &&
+ start < es.es_lblk + es.es_len)
+ return true;
+ else if (start <= es.es_lblk && es.es_lblk <= end)
+ return true;
+ else
+ return false;
+}
+/*
+ * Locking for __es_scan_range() for external use
+ */
+bool ext4_es_scan_range(struct inode *inode,
+ int (*matching_fn)(struct extent_status *es),
+ ext4_lblk_t lblk, ext4_lblk_t end)
+{
+ bool ret;
+
+ read_lock(&EXT4_I(inode)->i_es_lock);
+ ret = __es_scan_range(inode, matching_fn, lblk, end);
+ read_unlock(&EXT4_I(inode)->i_es_lock);
+
+ return ret;
+}
+
+/*
+ * __es_scan_clu - search cluster for block with specified status in
+ * extents status tree
+ *
+ * @inode - file containing the cluster
+ * @matching_fn - pointer to function that matches extents with desired status
+ * @lblk - logical block in cluster to be searched
+ *
+ * Returns true if at least one extent in the cluster containing @lblk
+ * satisfies the criterion specified by @matching_fn, and false if not. If at
+ * least one extent has the specified status, then there is at least one block
+ * in the cluster with that status. Should only be called by code that has
+ * taken i_es_lock.
+ */
+static bool __es_scan_clu(struct inode *inode,
+ int (*matching_fn)(struct extent_status *es),
+ ext4_lblk_t lblk)
+{
+ struct ext4_sb_info *sbi = EXT4_SB(inode->i_sb);
+ ext4_lblk_t lblk_start, lblk_end;
+
+ lblk_start = EXT4_LBLK_CMASK(sbi, lblk);
+ lblk_end = lblk_start + sbi->s_cluster_ratio - 1;
+
+ return __es_scan_range(inode, matching_fn, lblk_start, lblk_end);
+}
+
+/*
+ * Locking for __es_scan_clu() for external use
+ */
+bool ext4_es_scan_clu(struct inode *inode,
+ int (*matching_fn)(struct extent_status *es),
+ ext4_lblk_t lblk)
+{
+ bool ret;
+
+ read_lock(&EXT4_I(inode)->i_es_lock);
+ ret = __es_scan_clu(inode, matching_fn, lblk);
read_unlock(&EXT4_I(inode)->i_es_lock);
- trace_ext4_es_find_delayed_extent_range_exit(inode, es);
+ return ret;
}
static void ext4_es_list_add(struct inode *inode)
diff --git a/fs/ext4/extents_status.h b/fs/ext4/extents_status.h
index 8efdeb903d6b..df9628c3ec3b 100644
--- a/fs/ext4/extents_status.h
+++ b/fs/ext4/extents_status.h
@@ -90,11 +90,18 @@ extern void ext4_es_cache_extent(struct inode *inode, ext4_lblk_t lblk,
unsigned int status);
extern int ext4_es_remove_extent(struct inode *inode, ext4_lblk_t lblk,
ext4_lblk_t len);
-extern void ext4_es_find_delayed_extent_range(struct inode *inode,
- ext4_lblk_t lblk, ext4_lblk_t end,
- struct extent_status *es);
+extern void ext4_es_find_extent_range(struct inode *inode,
+ int (*match_fn)(struct extent_status *es),
+ ext4_lblk_t lblk, ext4_lblk_t end,
+ struct extent_status *es);
extern int ext4_es_lookup_extent(struct inode *inode, ext4_lblk_t lblk,
struct extent_status *es);
+extern bool ext4_es_scan_range(struct inode *inode,
+ int (*matching_fn)(struct extent_status *es),
+ ext4_lblk_t lblk, ext4_lblk_t end);
+extern bool ext4_es_scan_clu(struct inode *inode,
+ int (*matching_fn)(struct extent_status *es),
+ ext4_lblk_t lblk);
static inline unsigned int ext4_es_status(struct extent_status *es)
{
diff --git a/fs/ext4/inode.c b/fs/ext4/inode.c
index 3c7bbdaa425a..cba27ba41834 100644
--- a/fs/ext4/inode.c
+++ b/fs/ext4/inode.c
@@ -600,8 +600,8 @@ int ext4_map_blocks(handle_t *handle, struct inode *inode,
EXTENT_STATUS_UNWRITTEN : EXTENT_STATUS_WRITTEN;
if (!(flags & EXT4_GET_BLOCKS_DELALLOC_RESERVE) &&
!(status & EXTENT_STATUS_WRITTEN) &&
- ext4_find_delalloc_range(inode, map->m_lblk,
- map->m_lblk + map->m_len - 1))
+ ext4_es_scan_range(inode, &ext4_es_is_delayed, map->m_lblk,
+ map->m_lblk + map->m_len - 1))
status |= EXTENT_STATUS_DELAYED;
ret = ext4_es_insert_extent(inode, map->m_lblk,
map->m_len, map->m_pblk, status);
@@ -724,8 +724,8 @@ int ext4_map_blocks(handle_t *handle, struct inode *inode,
EXTENT_STATUS_UNWRITTEN : EXTENT_STATUS_WRITTEN;
if (!(flags & EXT4_GET_BLOCKS_DELALLOC_RESERVE) &&
!(status & EXTENT_STATUS_WRITTEN) &&
- ext4_find_delalloc_range(inode, map->m_lblk,
- map->m_lblk + map->m_len - 1))
+ ext4_es_scan_range(inode, &ext4_es_is_delayed, map->m_lblk,
+ map->m_lblk + map->m_len - 1))
status |= EXTENT_STATUS_DELAYED;
ret = ext4_es_insert_extent(inode, map->m_lblk, map->m_len,
map->m_pblk, status);
@@ -1717,7 +1717,7 @@ static void ext4_da_page_release_reservation(struct page *page,
lblk = (page->index << (PAGE_SHIFT - inode->i_blkbits)) +
((num_clusters - 1) << sbi->s_cluster_bits);
if (sbi->s_cluster_ratio == 1 ||
- !ext4_find_delalloc_cluster(inode, lblk))
+ !ext4_es_scan_clu(inode, &ext4_es_is_delayed, lblk))
ext4_da_release_space(inode, 1);
num_clusters--;
@@ -1902,6 +1902,7 @@ static int ext4_da_map_blocks(struct inode *inode, sector_t iblock,
add_delayed:
if (retval == 0) {
int ret;
+
/*
* XXX: __block_prepare_write() unmaps passed block,
* is it OK?
@@ -1912,7 +1913,8 @@ static int ext4_da_map_blocks(struct inode *inode, sector_t iblock,
* to reserve metadata for every block we're going to write.
*/
if (EXT4_SB(inode->i_sb)->s_cluster_ratio == 1 ||
- !ext4_find_delalloc_cluster(inode, map->m_lblk)) {
+ !ext4_es_scan_clu(inode,
+ &ext4_es_is_delayed, map->m_lblk)) {
ret = ext4_da_reserve_space(inode);
if (ret) {
/* not enough space to reserve */
@@ -3519,7 +3521,8 @@ static int ext4_iomap_begin(struct inode *inode, loff_t offset, loff_t length,
ext4_lblk_t end = map.m_lblk + map.m_len - 1;
struct extent_status es;
- ext4_es_find_delayed_extent_range(inode, map.m_lblk, end, &es);
+ ext4_es_find_extent_range(inode, &ext4_es_is_delayed,
+ map.m_lblk, end, &es);
if (!es.es_len || es.es_lblk > end) {
/* entire range is a hole */
diff --git a/include/trace/events/ext4.h b/include/trace/events/ext4.h
index 0dfb174f707e..388dc3666cc7 100644
--- a/include/trace/events/ext4.h
+++ b/include/trace/events/ext4.h
@@ -2290,7 +2290,7 @@ TRACE_EVENT(ext4_es_remove_extent,
__entry->lblk, __entry->len)
);
-TRACE_EVENT(ext4_es_find_delayed_extent_range_enter,
+TRACE_EVENT(ext4_es_find_extent_range_enter,
TP_PROTO(struct inode *inode, ext4_lblk_t lblk),
TP_ARGS(inode, lblk),
@@ -2312,7 +2312,7 @@ TRACE_EVENT(ext4_es_find_delayed_extent_range_enter,
(unsigned long) __entry->ino, __entry->lblk)
);
-TRACE_EVENT(ext4_es_find_delayed_extent_range_exit,
+TRACE_EVENT(ext4_es_find_extent_range_exit,
TP_PROTO(struct inode *inode, struct extent_status *es),
TP_ARGS(inode, es),
--
2.35.1
^ permalink raw reply related [flat|nested] 529+ messages in thread
* [PATCH 4.19 497/521] ext4: add new pending reservation mechanism
2023-01-16 15:44 [PATCH 4.19 000/521] 4.19.270-rc1 review Greg Kroah-Hartman
` (495 preceding siblings ...)
2023-01-16 15:52 ` [PATCH 4.19 496/521] ext4: generalize extents status tree search functions Greg Kroah-Hartman
@ 2023-01-16 15:52 ` Greg Kroah-Hartman
2023-01-16 15:52 ` [PATCH 4.19 498/521] ext4: fix reserved cluster accounting at delayed write time Greg Kroah-Hartman
` (27 subsequent siblings)
524 siblings, 0 replies; 529+ messages in thread
From: Greg Kroah-Hartman @ 2023-01-16 15:52 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Eric Whitney, Theodore Tso, Sasha Levin
From: Eric Whitney <enwlinux@gmail.com>
[ Upstream commit 1dc0aa46e74a3366e12f426b7caaca477853e9c3 ]
Add new pending reservation mechanism to help manage reserved cluster
accounting. Its primary function is to avoid the need to read extents
from the disk when invalidating pages as a result of a truncate, punch
hole, or collapse range operation.
Signed-off-by: Eric Whitney <enwlinux@gmail.com>
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
Stable-dep-of: 131294c35ed6 ("ext4: fix delayed allocation bug in ext4_clu_mapped for bigalloc + inline")
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
fs/ext4/ext4.h | 3 +
fs/ext4/extents_status.c | 187 +++++++++++++++++++++++++++++++++++++++
fs/ext4/extents_status.h | 51 +++++++++++
fs/ext4/super.c | 8 ++
4 files changed, 249 insertions(+)
diff --git a/fs/ext4/ext4.h b/fs/ext4/ext4.h
index 24bbfbf9a5aa..e914a0df209f 100644
--- a/fs/ext4/ext4.h
+++ b/fs/ext4/ext4.h
@@ -1041,6 +1041,9 @@ struct ext4_inode_info {
ext4_lblk_t i_da_metadata_calc_last_lblock;
int i_da_metadata_calc_len;
+ /* pending cluster reservations for bigalloc file systems */
+ struct ext4_pending_tree i_pending_tree;
+
/* on-disk additional length */
__u16 i_extra_isize;
diff --git a/fs/ext4/extents_status.c b/fs/ext4/extents_status.c
index e7503a3a3299..90e473084fd4 100644
--- a/fs/ext4/extents_status.c
+++ b/fs/ext4/extents_status.c
@@ -142,6 +142,7 @@
*/
static struct kmem_cache *ext4_es_cachep;
+static struct kmem_cache *ext4_pending_cachep;
static int __es_insert_extent(struct inode *inode, struct extent_status *newes);
static int __es_remove_extent(struct inode *inode, ext4_lblk_t lblk,
@@ -1363,3 +1364,189 @@ static int es_reclaim_extents(struct ext4_inode_info *ei, int *nr_to_scan)
ei->i_es_tree.cache_es = NULL;
return nr_shrunk;
}
+
+#ifdef ES_DEBUG__
+static void ext4_print_pending_tree(struct inode *inode)
+{
+ struct ext4_pending_tree *tree;
+ struct rb_node *node;
+ struct pending_reservation *pr;
+
+ printk(KERN_DEBUG "pending reservations for inode %lu:", inode->i_ino);
+ tree = &EXT4_I(inode)->i_pending_tree;
+ node = rb_first(&tree->root);
+ while (node) {
+ pr = rb_entry(node, struct pending_reservation, rb_node);
+ printk(KERN_DEBUG " %u", pr->lclu);
+ node = rb_next(node);
+ }
+ printk(KERN_DEBUG "\n");
+}
+#else
+#define ext4_print_pending_tree(inode)
+#endif
+
+int __init ext4_init_pending(void)
+{
+ ext4_pending_cachep = kmem_cache_create("ext4_pending_reservation",
+ sizeof(struct pending_reservation),
+ 0, (SLAB_RECLAIM_ACCOUNT), NULL);
+ if (ext4_pending_cachep == NULL)
+ return -ENOMEM;
+ return 0;
+}
+
+void ext4_exit_pending(void)
+{
+ kmem_cache_destroy(ext4_pending_cachep);
+}
+
+void ext4_init_pending_tree(struct ext4_pending_tree *tree)
+{
+ tree->root = RB_ROOT;
+}
+
+/*
+ * __get_pending - retrieve a pointer to a pending reservation
+ *
+ * @inode - file containing the pending cluster reservation
+ * @lclu - logical cluster of interest
+ *
+ * Returns a pointer to a pending reservation if it's a member of
+ * the set, and NULL if not. Must be called holding i_es_lock.
+ */
+static struct pending_reservation *__get_pending(struct inode *inode,
+ ext4_lblk_t lclu)
+{
+ struct ext4_pending_tree *tree;
+ struct rb_node *node;
+ struct pending_reservation *pr = NULL;
+
+ tree = &EXT4_I(inode)->i_pending_tree;
+ node = (&tree->root)->rb_node;
+
+ while (node) {
+ pr = rb_entry(node, struct pending_reservation, rb_node);
+ if (lclu < pr->lclu)
+ node = node->rb_left;
+ else if (lclu > pr->lclu)
+ node = node->rb_right;
+ else if (lclu == pr->lclu)
+ return pr;
+ }
+ return NULL;
+}
+
+/*
+ * __insert_pending - adds a pending cluster reservation to the set of
+ * pending reservations
+ *
+ * @inode - file containing the cluster
+ * @lblk - logical block in the cluster to be added
+ *
+ * Returns 0 on successful insertion and -ENOMEM on failure. If the
+ * pending reservation is already in the set, returns successfully.
+ */
+static int __insert_pending(struct inode *inode, ext4_lblk_t lblk)
+{
+ struct ext4_sb_info *sbi = EXT4_SB(inode->i_sb);
+ struct ext4_pending_tree *tree = &EXT4_I(inode)->i_pending_tree;
+ struct rb_node **p = &tree->root.rb_node;
+ struct rb_node *parent = NULL;
+ struct pending_reservation *pr;
+ ext4_lblk_t lclu;
+ int ret = 0;
+
+ lclu = EXT4_B2C(sbi, lblk);
+ /* search to find parent for insertion */
+ while (*p) {
+ parent = *p;
+ pr = rb_entry(parent, struct pending_reservation, rb_node);
+
+ if (lclu < pr->lclu) {
+ p = &(*p)->rb_left;
+ } else if (lclu > pr->lclu) {
+ p = &(*p)->rb_right;
+ } else {
+ /* pending reservation already inserted */
+ goto out;
+ }
+ }
+
+ pr = kmem_cache_alloc(ext4_pending_cachep, GFP_ATOMIC);
+ if (pr == NULL) {
+ ret = -ENOMEM;
+ goto out;
+ }
+ pr->lclu = lclu;
+
+ rb_link_node(&pr->rb_node, parent, p);
+ rb_insert_color(&pr->rb_node, &tree->root);
+
+out:
+ return ret;
+}
+
+/*
+ * __remove_pending - removes a pending cluster reservation from the set
+ * of pending reservations
+ *
+ * @inode - file containing the cluster
+ * @lblk - logical block in the pending cluster reservation to be removed
+ *
+ * Returns successfully if pending reservation is not a member of the set.
+ */
+static void __remove_pending(struct inode *inode, ext4_lblk_t lblk)
+{
+ struct ext4_sb_info *sbi = EXT4_SB(inode->i_sb);
+ struct pending_reservation *pr;
+ struct ext4_pending_tree *tree;
+
+ pr = __get_pending(inode, EXT4_B2C(sbi, lblk));
+ if (pr != NULL) {
+ tree = &EXT4_I(inode)->i_pending_tree;
+ rb_erase(&pr->rb_node, &tree->root);
+ kmem_cache_free(ext4_pending_cachep, pr);
+ }
+}
+
+/*
+ * ext4_remove_pending - removes a pending cluster reservation from the set
+ * of pending reservations
+ *
+ * @inode - file containing the cluster
+ * @lblk - logical block in the pending cluster reservation to be removed
+ *
+ * Locking for external use of __remove_pending.
+ */
+void ext4_remove_pending(struct inode *inode, ext4_lblk_t lblk)
+{
+ struct ext4_inode_info *ei = EXT4_I(inode);
+
+ write_lock(&ei->i_es_lock);
+ __remove_pending(inode, lblk);
+ write_unlock(&ei->i_es_lock);
+}
+
+/*
+ * ext4_is_pending - determine whether a cluster has a pending reservation
+ * on it
+ *
+ * @inode - file containing the cluster
+ * @lblk - logical block in the cluster
+ *
+ * Returns true if there's a pending reservation for the cluster in the
+ * set of pending reservations, and false if not.
+ */
+bool ext4_is_pending(struct inode *inode, ext4_lblk_t lblk)
+{
+ struct ext4_sb_info *sbi = EXT4_SB(inode->i_sb);
+ struct ext4_inode_info *ei = EXT4_I(inode);
+ bool ret;
+
+ read_lock(&ei->i_es_lock);
+ ret = (bool)(__get_pending(inode, EXT4_B2C(sbi, lblk)) != NULL);
+ read_unlock(&ei->i_es_lock);
+
+ return ret;
+}
diff --git a/fs/ext4/extents_status.h b/fs/ext4/extents_status.h
index df9628c3ec3b..379b7171c67c 100644
--- a/fs/ext4/extents_status.h
+++ b/fs/ext4/extents_status.h
@@ -78,6 +78,51 @@ struct ext4_es_stats {
struct percpu_counter es_stats_shk_cnt;
};
+/*
+ * Pending cluster reservations for bigalloc file systems
+ *
+ * A cluster with a pending reservation is a logical cluster shared by at
+ * least one extent in the extents status tree with delayed and unwritten
+ * status and at least one other written or unwritten extent. The
+ * reservation is said to be pending because a cluster reservation would
+ * have to be taken in the event all blocks in the cluster shared with
+ * written or unwritten extents were deleted while the delayed and
+ * unwritten blocks remained.
+ *
+ * The set of pending cluster reservations is an auxiliary data structure
+ * used with the extents status tree to implement reserved cluster/block
+ * accounting for bigalloc file systems. The set is kept in memory and
+ * records all pending cluster reservations.
+ *
+ * Its primary function is to avoid the need to read extents from the
+ * disk when invalidating pages as a result of a truncate, punch hole, or
+ * collapse range operation. Page invalidation requires a decrease in the
+ * reserved cluster count if it results in the removal of all delayed
+ * and unwritten extents (blocks) from a cluster that is not shared with a
+ * written or unwritten extent, and no decrease otherwise. Determining
+ * whether the cluster is shared can be done by searching for a pending
+ * reservation on it.
+ *
+ * Secondarily, it provides a potentially faster method for determining
+ * whether the reserved cluster count should be increased when a physical
+ * cluster is deallocated as a result of a truncate, punch hole, or
+ * collapse range operation. The necessary information is also present
+ * in the extents status tree, but might be more rapidly accessed in
+ * the pending reservation set in many cases due to smaller size.
+ *
+ * The pending cluster reservation set is implemented as a red-black tree
+ * with the goal of minimizing per page search time overhead.
+ */
+
+struct pending_reservation {
+ struct rb_node rb_node;
+ ext4_lblk_t lclu;
+};
+
+struct ext4_pending_tree {
+ struct rb_root root;
+};
+
extern int __init ext4_init_es(void);
extern void ext4_exit_es(void);
extern void ext4_es_init_tree(struct ext4_es_tree *tree);
@@ -182,4 +227,10 @@ extern void ext4_es_unregister_shrinker(struct ext4_sb_info *sbi);
extern int ext4_seq_es_shrinker_info_show(struct seq_file *seq, void *v);
+extern int __init ext4_init_pending(void);
+extern void ext4_exit_pending(void);
+extern void ext4_init_pending_tree(struct ext4_pending_tree *tree);
+extern void ext4_remove_pending(struct inode *inode, ext4_lblk_t lblk);
+extern bool ext4_is_pending(struct inode *inode, ext4_lblk_t lblk);
+
#endif /* _EXT4_EXTENTS_STATUS_H */
diff --git a/fs/ext4/super.c b/fs/ext4/super.c
index e54a5be15636..73a431b6e720 100644
--- a/fs/ext4/super.c
+++ b/fs/ext4/super.c
@@ -1095,6 +1095,7 @@ static struct inode *ext4_alloc_inode(struct super_block *sb)
ei->i_da_metadata_calc_len = 0;
ei->i_da_metadata_calc_last_lblock = 0;
spin_lock_init(&(ei->i_block_reservation_lock));
+ ext4_init_pending_tree(&ei->i_pending_tree);
#ifdef CONFIG_QUOTA
ei->i_reserved_quota = 0;
memset(&ei->i_dquot, 0, sizeof(ei->i_dquot));
@@ -6189,6 +6190,10 @@ static int __init ext4_init_fs(void)
if (err)
return err;
+ err = ext4_init_pending();
+ if (err)
+ goto out6;
+
err = ext4_init_pageio();
if (err)
goto out5;
@@ -6227,6 +6232,8 @@ static int __init ext4_init_fs(void)
out4:
ext4_exit_pageio();
out5:
+ ext4_exit_pending();
+out6:
ext4_exit_es();
return err;
@@ -6244,6 +6251,7 @@ static void __exit ext4_exit_fs(void)
ext4_exit_system_zone();
ext4_exit_pageio();
ext4_exit_es();
+ ext4_exit_pending();
}
MODULE_AUTHOR("Remy Card, Stephen Tweedie, Andrew Morton, Andreas Dilger, Theodore Ts'o and others");
--
2.35.1
^ permalink raw reply related [flat|nested] 529+ messages in thread
* [PATCH 4.19 498/521] ext4: fix reserved cluster accounting at delayed write time
2023-01-16 15:44 [PATCH 4.19 000/521] 4.19.270-rc1 review Greg Kroah-Hartman
` (496 preceding siblings ...)
2023-01-16 15:52 ` [PATCH 4.19 497/521] ext4: add new pending reservation mechanism Greg Kroah-Hartman
@ 2023-01-16 15:52 ` Greg Kroah-Hartman
2023-01-16 15:52 ` [PATCH 4.19 499/521] ext4: fix delayed allocation bug in ext4_clu_mapped for bigalloc + inline Greg Kroah-Hartman
` (26 subsequent siblings)
524 siblings, 0 replies; 529+ messages in thread
From: Greg Kroah-Hartman @ 2023-01-16 15:52 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Eric Whitney, Theodore Tso, Sasha Levin
From: Eric Whitney <enwlinux@gmail.com>
[ Upstream commit 0b02f4c0d6d9e2c611dfbdd4317193e9dca740e6 ]
The code in ext4_da_map_blocks sometimes reserves space for more
delayed allocated clusters than it should, resulting in premature
ENOSPC, exceeded quota, and inaccurate free space reporting.
Fix this by checking for written and unwritten blocks shared in the
same cluster with the newly delayed allocated block. A cluster
reservation should not be made for a cluster for which physical space
has already been allocated.
Signed-off-by: Eric Whitney <enwlinux@gmail.com>
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
Stable-dep-of: 131294c35ed6 ("ext4: fix delayed allocation bug in ext4_clu_mapped for bigalloc + inline")
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
fs/ext4/ext4.h | 1 +
fs/ext4/extents.c | 79 +++++++++++++++++++++++++++++++++++++
fs/ext4/extents_status.c | 53 +++++++++++++++++++++++++
fs/ext4/extents_status.h | 12 ++++++
fs/ext4/inode.c | 79 ++++++++++++++++++++++++++++---------
include/trace/events/ext4.h | 35 ++++++++++++++++
6 files changed, 241 insertions(+), 18 deletions(-)
diff --git a/fs/ext4/ext4.h b/fs/ext4/ext4.h
index e914a0df209f..d8068c0e547d 100644
--- a/fs/ext4/ext4.h
+++ b/fs/ext4/ext4.h
@@ -3241,6 +3241,7 @@ extern int ext4_swap_extents(handle_t *handle, struct inode *inode1,
struct inode *inode2, ext4_lblk_t lblk1,
ext4_lblk_t lblk2, ext4_lblk_t count,
int mark_unwritten,int *err);
+extern int ext4_clu_mapped(struct inode *inode, ext4_lblk_t lclu);
/* move_extent.c */
extern void ext4_double_down_write_data_sem(struct inode *first,
diff --git a/fs/ext4/extents.c b/fs/ext4/extents.c
index c5c8326f5c25..0bb772cd7f88 100644
--- a/fs/ext4/extents.c
+++ b/fs/ext4/extents.c
@@ -5963,3 +5963,82 @@ ext4_swap_extents(handle_t *handle, struct inode *inode1,
}
return replaced_count;
}
+
+/*
+ * ext4_clu_mapped - determine whether any block in a logical cluster has
+ * been mapped to a physical cluster
+ *
+ * @inode - file containing the logical cluster
+ * @lclu - logical cluster of interest
+ *
+ * Returns 1 if any block in the logical cluster is mapped, signifying
+ * that a physical cluster has been allocated for it. Otherwise,
+ * returns 0. Can also return negative error codes. Derived from
+ * ext4_ext_map_blocks().
+ */
+int ext4_clu_mapped(struct inode *inode, ext4_lblk_t lclu)
+{
+ struct ext4_sb_info *sbi = EXT4_SB(inode->i_sb);
+ struct ext4_ext_path *path;
+ int depth, mapped = 0, err = 0;
+ struct ext4_extent *extent;
+ ext4_lblk_t first_lblk, first_lclu, last_lclu;
+
+ /* search for the extent closest to the first block in the cluster */
+ path = ext4_find_extent(inode, EXT4_C2B(sbi, lclu), NULL, 0);
+ if (IS_ERR(path)) {
+ err = PTR_ERR(path);
+ path = NULL;
+ goto out;
+ }
+
+ depth = ext_depth(inode);
+
+ /*
+ * A consistent leaf must not be empty. This situation is possible,
+ * though, _during_ tree modification, and it's why an assert can't
+ * be put in ext4_find_extent().
+ */
+ if (unlikely(path[depth].p_ext == NULL && depth != 0)) {
+ EXT4_ERROR_INODE(inode,
+ "bad extent address - lblock: %lu, depth: %d, pblock: %lld",
+ (unsigned long) EXT4_C2B(sbi, lclu),
+ depth, path[depth].p_block);
+ err = -EFSCORRUPTED;
+ goto out;
+ }
+
+ extent = path[depth].p_ext;
+
+ /* can't be mapped if the extent tree is empty */
+ if (extent == NULL)
+ goto out;
+
+ first_lblk = le32_to_cpu(extent->ee_block);
+ first_lclu = EXT4_B2C(sbi, first_lblk);
+
+ /*
+ * Three possible outcomes at this point - found extent spanning
+ * the target cluster, to the left of the target cluster, or to the
+ * right of the target cluster. The first two cases are handled here.
+ * The last case indicates the target cluster is not mapped.
+ */
+ if (lclu >= first_lclu) {
+ last_lclu = EXT4_B2C(sbi, first_lblk +
+ ext4_ext_get_actual_len(extent) - 1);
+ if (lclu <= last_lclu) {
+ mapped = 1;
+ } else {
+ first_lblk = ext4_ext_next_allocated_block(path);
+ first_lclu = EXT4_B2C(sbi, first_lblk);
+ if (lclu == first_lclu)
+ mapped = 1;
+ }
+ }
+
+out:
+ ext4_ext_drop_refs(path);
+ kfree(path);
+
+ return err ? err : mapped;
+}
diff --git a/fs/ext4/extents_status.c b/fs/ext4/extents_status.c
index 90e473084fd4..441ee2e747d3 100644
--- a/fs/ext4/extents_status.c
+++ b/fs/ext4/extents_status.c
@@ -1550,3 +1550,56 @@ bool ext4_is_pending(struct inode *inode, ext4_lblk_t lblk)
return ret;
}
+
+/*
+ * ext4_es_insert_delayed_block - adds a delayed block to the extents status
+ * tree, adding a pending reservation where
+ * needed
+ *
+ * @inode - file containing the newly added block
+ * @lblk - logical block to be added
+ * @allocated - indicates whether a physical cluster has been allocated for
+ * the logical cluster that contains the block
+ *
+ * Returns 0 on success, negative error code on failure.
+ */
+int ext4_es_insert_delayed_block(struct inode *inode, ext4_lblk_t lblk,
+ bool allocated)
+{
+ struct extent_status newes;
+ int err = 0;
+
+ es_debug("add [%u/1) delayed to extent status tree of inode %lu\n",
+ lblk, inode->i_ino);
+
+ newes.es_lblk = lblk;
+ newes.es_len = 1;
+ ext4_es_store_pblock_status(&newes, ~0, EXTENT_STATUS_DELAYED);
+ trace_ext4_es_insert_delayed_block(inode, &newes, allocated);
+
+ ext4_es_insert_extent_check(inode, &newes);
+
+ write_lock(&EXT4_I(inode)->i_es_lock);
+
+ err = __es_remove_extent(inode, lblk, lblk);
+ if (err != 0)
+ goto error;
+retry:
+ err = __es_insert_extent(inode, &newes);
+ if (err == -ENOMEM && __es_shrink(EXT4_SB(inode->i_sb),
+ 128, EXT4_I(inode)))
+ goto retry;
+ if (err != 0)
+ goto error;
+
+ if (allocated)
+ __insert_pending(inode, lblk);
+
+error:
+ write_unlock(&EXT4_I(inode)->i_es_lock);
+
+ ext4_es_print_tree(inode);
+ ext4_print_pending_tree(inode);
+
+ return err;
+}
diff --git a/fs/ext4/extents_status.h b/fs/ext4/extents_status.h
index 379b7171c67c..9d3c676ec623 100644
--- a/fs/ext4/extents_status.h
+++ b/fs/ext4/extents_status.h
@@ -178,6 +178,16 @@ static inline int ext4_es_is_hole(struct extent_status *es)
return (ext4_es_type(es) & EXTENT_STATUS_HOLE) != 0;
}
+static inline int ext4_es_is_mapped(struct extent_status *es)
+{
+ return (ext4_es_is_written(es) || ext4_es_is_unwritten(es));
+}
+
+static inline int ext4_es_is_delonly(struct extent_status *es)
+{
+ return (ext4_es_is_delayed(es) && !ext4_es_is_unwritten(es));
+}
+
static inline void ext4_es_set_referenced(struct extent_status *es)
{
es->es_pblk |= ((ext4_fsblk_t)EXTENT_STATUS_REFERENCED) << ES_SHIFT;
@@ -232,5 +242,7 @@ extern void ext4_exit_pending(void);
extern void ext4_init_pending_tree(struct ext4_pending_tree *tree);
extern void ext4_remove_pending(struct inode *inode, ext4_lblk_t lblk);
extern bool ext4_is_pending(struct inode *inode, ext4_lblk_t lblk);
+extern int ext4_es_insert_delayed_block(struct inode *inode, ext4_lblk_t lblk,
+ bool allocated);
#endif /* _EXT4_EXTENTS_STATUS_H */
diff --git a/fs/ext4/inode.c b/fs/ext4/inode.c
index cba27ba41834..17d120ac2010 100644
--- a/fs/ext4/inode.c
+++ b/fs/ext4/inode.c
@@ -1823,6 +1823,65 @@ static int ext4_bh_delay_or_unwritten(handle_t *handle, struct buffer_head *bh)
return (buffer_delay(bh) || buffer_unwritten(bh)) && buffer_dirty(bh);
}
+/*
+ * ext4_insert_delayed_block - adds a delayed block to the extents status
+ * tree, incrementing the reserved cluster/block
+ * count or making a pending reservation
+ * where needed
+ *
+ * @inode - file containing the newly added block
+ * @lblk - logical block to be added
+ *
+ * Returns 0 on success, negative error code on failure.
+ */
+static int ext4_insert_delayed_block(struct inode *inode, ext4_lblk_t lblk)
+{
+ struct ext4_sb_info *sbi = EXT4_SB(inode->i_sb);
+ int ret;
+ bool allocated = false;
+
+ /*
+ * If the cluster containing lblk is shared with a delayed,
+ * written, or unwritten extent in a bigalloc file system, it's
+ * already been accounted for and does not need to be reserved.
+ * A pending reservation must be made for the cluster if it's
+ * shared with a written or unwritten extent and doesn't already
+ * have one. Written and unwritten extents can be purged from the
+ * extents status tree if the system is under memory pressure, so
+ * it's necessary to examine the extent tree if a search of the
+ * extents status tree doesn't get a match.
+ */
+ if (sbi->s_cluster_ratio == 1) {
+ ret = ext4_da_reserve_space(inode);
+ if (ret != 0) /* ENOSPC */
+ goto errout;
+ } else { /* bigalloc */
+ if (!ext4_es_scan_clu(inode, &ext4_es_is_delonly, lblk)) {
+ if (!ext4_es_scan_clu(inode,
+ &ext4_es_is_mapped, lblk)) {
+ ret = ext4_clu_mapped(inode,
+ EXT4_B2C(sbi, lblk));
+ if (ret < 0)
+ goto errout;
+ if (ret == 0) {
+ ret = ext4_da_reserve_space(inode);
+ if (ret != 0) /* ENOSPC */
+ goto errout;
+ } else {
+ allocated = true;
+ }
+ } else {
+ allocated = true;
+ }
+ }
+ }
+
+ ret = ext4_es_insert_delayed_block(inode, lblk, allocated);
+
+errout:
+ return ret;
+}
+
/*
* This function is grabs code from the very beginning of
* ext4_map_blocks, but assumes that the caller is from delayed write
@@ -1907,25 +1966,9 @@ static int ext4_da_map_blocks(struct inode *inode, sector_t iblock,
* XXX: __block_prepare_write() unmaps passed block,
* is it OK?
*/
- /*
- * If the block was allocated from previously allocated cluster,
- * then we don't need to reserve it again. However we still need
- * to reserve metadata for every block we're going to write.
- */
- if (EXT4_SB(inode->i_sb)->s_cluster_ratio == 1 ||
- !ext4_es_scan_clu(inode,
- &ext4_es_is_delayed, map->m_lblk)) {
- ret = ext4_da_reserve_space(inode);
- if (ret) {
- /* not enough space to reserve */
- retval = ret;
- goto out_unlock;
- }
- }
- ret = ext4_es_insert_extent(inode, map->m_lblk, map->m_len,
- ~0, EXTENT_STATUS_DELAYED);
- if (ret) {
+ ret = ext4_insert_delayed_block(inode, map->m_lblk);
+ if (ret != 0) {
retval = ret;
goto out_unlock;
}
diff --git a/include/trace/events/ext4.h b/include/trace/events/ext4.h
index 388dc3666cc7..20c9b8e77a57 100644
--- a/include/trace/events/ext4.h
+++ b/include/trace/events/ext4.h
@@ -2532,6 +2532,41 @@ TRACE_EVENT(ext4_es_shrink,
__entry->scan_time, __entry->nr_skipped, __entry->retried)
);
+TRACE_EVENT(ext4_es_insert_delayed_block,
+ TP_PROTO(struct inode *inode, struct extent_status *es,
+ bool allocated),
+
+ TP_ARGS(inode, es, allocated),
+
+ TP_STRUCT__entry(
+ __field( dev_t, dev )
+ __field( ino_t, ino )
+ __field( ext4_lblk_t, lblk )
+ __field( ext4_lblk_t, len )
+ __field( ext4_fsblk_t, pblk )
+ __field( char, status )
+ __field( bool, allocated )
+ ),
+
+ TP_fast_assign(
+ __entry->dev = inode->i_sb->s_dev;
+ __entry->ino = inode->i_ino;
+ __entry->lblk = es->es_lblk;
+ __entry->len = es->es_len;
+ __entry->pblk = ext4_es_pblock(es);
+ __entry->status = ext4_es_status(es);
+ __entry->allocated = allocated;
+ ),
+
+ TP_printk("dev %d,%d ino %lu es [%u/%u) mapped %llu status %s "
+ "allocated %d",
+ MAJOR(__entry->dev), MINOR(__entry->dev),
+ (unsigned long) __entry->ino,
+ __entry->lblk, __entry->len,
+ __entry->pblk, show_extent_status(__entry->status),
+ __entry->allocated)
+);
+
/* fsmap traces */
DECLARE_EVENT_CLASS(ext4_fsmap_class,
TP_PROTO(struct super_block *sb, u32 keydev, u32 agno, u64 bno, u64 len,
--
2.35.1
^ permalink raw reply related [flat|nested] 529+ messages in thread
* [PATCH 4.19 499/521] ext4: fix delayed allocation bug in ext4_clu_mapped for bigalloc + inline
2023-01-16 15:44 [PATCH 4.19 000/521] 4.19.270-rc1 review Greg Kroah-Hartman
` (497 preceding siblings ...)
2023-01-16 15:52 ` [PATCH 4.19 498/521] ext4: fix reserved cluster accounting at delayed write time Greg Kroah-Hartman
@ 2023-01-16 15:52 ` Greg Kroah-Hartman
2023-01-19 17:40 ` Eric Whitney
2023-01-16 15:52 ` [PATCH 4.19 500/521] netfilter: ipset: Fix overflow before widen in the bitmap_ip_create() function Greg Kroah-Hartman
` (25 subsequent siblings)
524 siblings, 1 reply; 529+ messages in thread
From: Greg Kroah-Hartman @ 2023-01-16 15:52 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Eric Whitney, Theodore Tso, stable,
Sasha Levin
From: Eric Whitney <enwlinux@gmail.com>
[ Upstream commit 131294c35ed6f777bd4e79d42af13b5c41bf2775 ]
When converting files with inline data to extents, delayed allocations
made on a file system created with both the bigalloc and inline options
can result in invalid extent status cache content, incorrect reserved
cluster counts, kernel memory leaks, and potential kernel panics.
With bigalloc, the code that determines whether a block must be
delayed allocated searches the extent tree to see if that block maps
to a previously allocated cluster. If not, the block is delayed
allocated, and otherwise, it isn't. However, if the inline option is
also used, and if the file containing the block is marked as able to
store data inline, there isn't a valid extent tree associated with
the file. The current code in ext4_clu_mapped() calls
ext4_find_extent() to search the non-existent tree for a previously
allocated cluster anyway, which typically finds nothing, as desired.
However, a side effect of the search can be to cache invalid content
from the non-existent tree (garbage) in the extent status tree,
including bogus entries in the pending reservation tree.
To fix this, avoid searching the extent tree when allocating blocks
for bigalloc + inline files that are being converted from inline to
extent mapped.
Signed-off-by: Eric Whitney <enwlinux@gmail.com>
Link: https://lore.kernel.org/r/20221117152207.2424-1-enwlinux@gmail.com
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
Cc: stable@kernel.org
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
fs/ext4/extents.c | 8 ++++++++
1 file changed, 8 insertions(+)
diff --git a/fs/ext4/extents.c b/fs/ext4/extents.c
index 0bb772cd7f88..1ad4c8eb82c1 100644
--- a/fs/ext4/extents.c
+++ b/fs/ext4/extents.c
@@ -5984,6 +5984,14 @@ int ext4_clu_mapped(struct inode *inode, ext4_lblk_t lclu)
struct ext4_extent *extent;
ext4_lblk_t first_lblk, first_lclu, last_lclu;
+ /*
+ * if data can be stored inline, the logical cluster isn't
+ * mapped - no physical clusters have been allocated, and the
+ * file has no extents
+ */
+ if (ext4_test_inode_state(inode, EXT4_STATE_MAY_INLINE_DATA))
+ return 0;
+
/* search for the extent closest to the first block in the cluster */
path = ext4_find_extent(inode, EXT4_C2B(sbi, lclu), NULL, 0);
if (IS_ERR(path)) {
--
2.35.1
^ permalink raw reply related [flat|nested] 529+ messages in thread
* [PATCH 4.19 500/521] netfilter: ipset: Fix overflow before widen in the bitmap_ip_create() function.
2023-01-16 15:44 [PATCH 4.19 000/521] 4.19.270-rc1 review Greg Kroah-Hartman
` (498 preceding siblings ...)
2023-01-16 15:52 ` [PATCH 4.19 499/521] ext4: fix delayed allocation bug in ext4_clu_mapped for bigalloc + inline Greg Kroah-Hartman
@ 2023-01-16 15:52 ` Greg Kroah-Hartman
2023-01-16 15:52 ` [PATCH 4.19 501/521] x86/boot: Avoid using Intel mnemonics in AT&T syntax asm Greg Kroah-Hartman
` (24 subsequent siblings)
524 siblings, 0 replies; 529+ messages in thread
From: Greg Kroah-Hartman @ 2023-01-16 15:52 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Ilia.Gavrilov, Simon Horman,
Pablo Neira Ayuso
From: Gavrilov Ilia <Ilia.Gavrilov@infotecs.ru>
commit 9ea4b476cea1b7d461d16dda25ca3c7e616e2d15 upstream.
When first_ip is 0, last_ip is 0xFFFFFFFF, and netmask is 31, the value of
an arithmetic expression 2 << (netmask - mask_bits - 1) is subject
to overflow due to a failure casting operands to a larger data type
before performing the arithmetic.
Note that it's harmless since the value will be checked at the next step.
Found by InfoTeCS on behalf of Linux Verification Center
(linuxtesting.org) with SVACE.
Fixes: b9fed748185a ("netfilter: ipset: Check and reject crazy /0 input parameters")
Signed-off-by: Ilia.Gavrilov <Ilia.Gavrilov@infotecs.ru>
Reviewed-by: Simon Horman <simon.horman@corigine.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
net/netfilter/ipset/ip_set_bitmap_ip.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
--- a/net/netfilter/ipset/ip_set_bitmap_ip.c
+++ b/net/netfilter/ipset/ip_set_bitmap_ip.c
@@ -299,8 +299,8 @@ bitmap_ip_create(struct net *net, struct
return -IPSET_ERR_BITMAP_RANGE;
pr_debug("mask_bits %u, netmask %u\n", mask_bits, netmask);
- hosts = 2 << (32 - netmask - 1);
- elements = 2 << (netmask - mask_bits - 1);
+ hosts = 2U << (32 - netmask - 1);
+ elements = 2UL << (netmask - mask_bits - 1);
}
if (elements > IPSET_BITMAP_MAX_RANGE + 1)
return -IPSET_ERR_BITMAP_RANGE_SIZE;
^ permalink raw reply [flat|nested] 529+ messages in thread
* [PATCH 4.19 501/521] x86/boot: Avoid using Intel mnemonics in AT&T syntax asm
2023-01-16 15:44 [PATCH 4.19 000/521] 4.19.270-rc1 review Greg Kroah-Hartman
` (499 preceding siblings ...)
2023-01-16 15:52 ` [PATCH 4.19 500/521] netfilter: ipset: Fix overflow before widen in the bitmap_ip_create() function Greg Kroah-Hartman
@ 2023-01-16 15:52 ` Greg Kroah-Hartman
2023-01-16 15:52 ` [PATCH 4.19 502/521] EDAC/device: Fix period calculation in edac_device_reset_delay_period() Greg Kroah-Hartman
` (23 subsequent siblings)
524 siblings, 0 replies; 529+ messages in thread
From: Greg Kroah-Hartman @ 2023-01-16 15:52 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Peter Zijlstra (Intel),
Ingo Molnar, Borislav Petkov (AMD)
From: Peter Zijlstra <peterz@infradead.org>
commit 7c6dd961d0c8e7e8f9fdc65071fb09ece702e18d upstream.
With 'GNU assembler (GNU Binutils for Debian) 2.39.90.20221231' the
build now reports:
arch/x86/realmode/rm/../../boot/bioscall.S: Assembler messages:
arch/x86/realmode/rm/../../boot/bioscall.S:35: Warning: found `movsd'; assuming `movsl' was meant
arch/x86/realmode/rm/../../boot/bioscall.S:70: Warning: found `movsd'; assuming `movsl' was meant
arch/x86/boot/bioscall.S: Assembler messages:
arch/x86/boot/bioscall.S:35: Warning: found `movsd'; assuming `movsl' was meant
arch/x86/boot/bioscall.S:70: Warning: found `movsd'; assuming `movsl' was meant
Which is due to:
PR gas/29525
Note that with the dropped CMPSD and MOVSD Intel Syntax string insn
templates taking operands, mixed IsString/non-IsString template groups
(with memory operands) cannot occur anymore. With that
maybe_adjust_templates() becomes unnecessary (and is hence being
removed).
More details: https://sourceware.org/bugzilla/show_bug.cgi?id=29525
Borislav Petkov further explains:
" the particular problem here is is that the 'd' suffix is
"conflicting" in the sense that you can have SSE mnemonics like movsD %xmm...
and the same thing also for string ops (which is the case here) so apparently
the agreement in binutils land is to use the always accepted suffixes 'l' or 'q'
and phase out 'd' slowly... "
Fixes: 7a734e7dd93b ("x86, setup: "glove box" BIOS calls -- infrastructure")
Signed-off-by: Peter Zijlstra (Intel) <peterz@infradead.org>
Signed-off-by: Ingo Molnar <mingo@kernel.org>
Acked-by: Borislav Petkov (AMD) <bp@alien8.de>
Link: https://lore.kernel.org/r/Y71I3Ex2pvIxMpsP@hirez.programming.kicks-ass.net
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
arch/x86/boot/bioscall.S | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
--- a/arch/x86/boot/bioscall.S
+++ b/arch/x86/boot/bioscall.S
@@ -35,7 +35,7 @@ intcall:
movw %dx, %si
movw %sp, %di
movw $11, %cx
- rep; movsd
+ rep; movsl
/* Pop full state from the stack */
popal
@@ -70,7 +70,7 @@ intcall:
jz 4f
movw %sp, %si
movw $11, %cx
- rep; movsd
+ rep; movsl
4: addw $44, %sp
/* Restore state and return */
^ permalink raw reply [flat|nested] 529+ messages in thread
* [PATCH 4.19 502/521] EDAC/device: Fix period calculation in edac_device_reset_delay_period()
2023-01-16 15:44 [PATCH 4.19 000/521] 4.19.270-rc1 review Greg Kroah-Hartman
` (500 preceding siblings ...)
2023-01-16 15:52 ` [PATCH 4.19 501/521] x86/boot: Avoid using Intel mnemonics in AT&T syntax asm Greg Kroah-Hartman
@ 2023-01-16 15:52 ` Greg Kroah-Hartman
2023-01-16 15:52 ` [PATCH 4.19 503/521] regulator: da9211: Use irq handler when ready Greg Kroah-Hartman
` (22 subsequent siblings)
524 siblings, 0 replies; 529+ messages in thread
From: Greg Kroah-Hartman @ 2023-01-16 15:52 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Eliav Farber, Borislav Petkov (AMD), stable
From: Eliav Farber <farbere@amazon.com>
commit e84077437902ec99eba0a6b516df772653f142c7 upstream.
Fix period calculation in case user sets a value of 1000. The input of
round_jiffies_relative() should be in jiffies and not in milli-seconds.
[ bp: Use the same code pattern as in edac_device_workq_setup() for
clarity. ]
Fixes: c4cf3b454eca ("EDAC: Rework workqueue handling")
Signed-off-by: Eliav Farber <farbere@amazon.com>
Signed-off-by: Borislav Petkov (AMD) <bp@alien8.de>
Cc: <stable@kernel.org>
Link: https://lore.kernel.org/r/20221020124458.22153-1-farbere@amazon.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/edac/edac_device.c | 17 ++++++++---------
drivers/edac/edac_module.h | 2 +-
2 files changed, 9 insertions(+), 10 deletions(-)
--- a/drivers/edac/edac_device.c
+++ b/drivers/edac/edac_device.c
@@ -424,17 +424,16 @@ static void edac_device_workq_teardown(s
* Then restart the workq on the new delay
*/
void edac_device_reset_delay_period(struct edac_device_ctl_info *edac_dev,
- unsigned long value)
+ unsigned long msec)
{
- unsigned long jiffs = msecs_to_jiffies(value);
+ edac_dev->poll_msec = msec;
+ edac_dev->delay = msecs_to_jiffies(msec);
- if (value == 1000)
- jiffs = round_jiffies_relative(value);
-
- edac_dev->poll_msec = value;
- edac_dev->delay = jiffs;
-
- edac_mod_work(&edac_dev->work, jiffs);
+ /* See comment in edac_device_workq_setup() above */
+ if (edac_dev->poll_msec == 1000)
+ edac_mod_work(&edac_dev->work, round_jiffies_relative(edac_dev->delay));
+ else
+ edac_mod_work(&edac_dev->work, edac_dev->delay);
}
int edac_device_alloc_index(void)
--- a/drivers/edac/edac_module.h
+++ b/drivers/edac/edac_module.h
@@ -57,7 +57,7 @@ bool edac_stop_work(struct delayed_work
bool edac_mod_work(struct delayed_work *work, unsigned long delay);
extern void edac_device_reset_delay_period(struct edac_device_ctl_info
- *edac_dev, unsigned long value);
+ *edac_dev, unsigned long msec);
extern void edac_mc_reset_delay_period(unsigned long value);
extern void *edac_align_ptr(void **p, unsigned size, int n_elems);
^ permalink raw reply [flat|nested] 529+ messages in thread
* [PATCH 4.19 503/521] regulator: da9211: Use irq handler when ready
2023-01-16 15:44 [PATCH 4.19 000/521] 4.19.270-rc1 review Greg Kroah-Hartman
` (501 preceding siblings ...)
2023-01-16 15:52 ` [PATCH 4.19 502/521] EDAC/device: Fix period calculation in edac_device_reset_delay_period() Greg Kroah-Hartman
@ 2023-01-16 15:52 ` Greg Kroah-Hartman
2023-01-16 15:52 ` [PATCH 4.19 504/521] hvc/xen: lock console list traversal Greg Kroah-Hartman
` (21 subsequent siblings)
524 siblings, 0 replies; 529+ messages in thread
From: Greg Kroah-Hartman @ 2023-01-16 15:52 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Ricardo Ribalda, Adam Ward,
Mark Brown, Sasha Levin
From: Ricardo Ribalda <ribalda@chromium.org>
[ Upstream commit 02228f6aa6a64d588bc31e3267d05ff184d772eb ]
If the system does not come from reset (like when it is kexec()), the
regulator might have an IRQ waiting for us.
If we enable the IRQ handler before its structures are ready, we crash.
This patch fixes:
[ 1.141839] Unable to handle kernel read from unreadable memory at virtual address 0000000000000078
[ 1.316096] Call trace:
[ 1.316101] blocking_notifier_call_chain+0x20/0xa8
[ 1.322757] cpu cpu0: dummy supplies not allowed for exclusive requests
[ 1.327823] regulator_notifier_call_chain+0x1c/0x2c
[ 1.327825] da9211_irq_handler+0x68/0xf8
[ 1.327829] irq_thread+0x11c/0x234
[ 1.327833] kthread+0x13c/0x154
Signed-off-by: Ricardo Ribalda <ribalda@chromium.org>
Reviewed-by: Adam Ward <DLG-Adam.Ward.opensource@dm.renesas.com>
Link: https://lore.kernel.org/r/20221124-da9211-v2-0-1779e3c5d491@chromium.org
Signed-off-by: Mark Brown <broonie@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/regulator/da9211-regulator.c | 11 ++++++-----
1 file changed, 6 insertions(+), 5 deletions(-)
diff --git a/drivers/regulator/da9211-regulator.c b/drivers/regulator/da9211-regulator.c
index 6c122b3df5d0..8847d15c2b90 100644
--- a/drivers/regulator/da9211-regulator.c
+++ b/drivers/regulator/da9211-regulator.c
@@ -469,6 +469,12 @@ static int da9211_i2c_probe(struct i2c_client *i2c,
chip->chip_irq = i2c->irq;
+ ret = da9211_regulator_init(chip);
+ if (ret < 0) {
+ dev_err(chip->dev, "Failed to initialize regulator: %d\n", ret);
+ return ret;
+ }
+
if (chip->chip_irq != 0) {
ret = devm_request_threaded_irq(chip->dev, chip->chip_irq, NULL,
da9211_irq_handler,
@@ -483,11 +489,6 @@ static int da9211_i2c_probe(struct i2c_client *i2c,
dev_warn(chip->dev, "No IRQ configured\n");
}
- ret = da9211_regulator_init(chip);
-
- if (ret < 0)
- dev_err(chip->dev, "Failed to initialize regulator: %d\n", ret);
-
return ret;
}
--
2.35.1
^ permalink raw reply related [flat|nested] 529+ messages in thread
* [PATCH 4.19 504/521] hvc/xen: lock console list traversal
2023-01-16 15:44 [PATCH 4.19 000/521] 4.19.270-rc1 review Greg Kroah-Hartman
` (502 preceding siblings ...)
2023-01-16 15:52 ` [PATCH 4.19 503/521] regulator: da9211: Use irq handler when ready Greg Kroah-Hartman
@ 2023-01-16 15:52 ` Greg Kroah-Hartman
2023-01-16 15:52 ` [PATCH 4.19 505/521] nfc: pn533: Wait for out_urbs completion in pn533_usb_send_frame() Greg Kroah-Hartman
` (20 subsequent siblings)
524 siblings, 0 replies; 529+ messages in thread
From: Greg Kroah-Hartman @ 2023-01-16 15:52 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Roger Pau Monné,
Stefano Stabellini, Juergen Gross, Sasha Levin
From: Roger Pau Monne <roger.pau@citrix.com>
[ Upstream commit c0dccad87cf68fc6012aec7567e354353097ec1a ]
The currently lockless access to the xen console list in
vtermno_to_xencons() is incorrect, as additions and removals from the
list can happen anytime, and as such the traversal of the list to get
the private console data for a given termno needs to happen with the
lock held. Note users that modify the list already do so with the
lock taken.
Adjust current lock takers to use the _irq{save,restore} helpers,
since the context in which vtermno_to_xencons() is called can have
interrupts disabled. Use the _irq{save,restore} set of helpers to
switch the current callers to disable interrupts in the locked region.
I haven't checked if existing users could instead use the _irq
variant, as I think it's safer to use _irq{save,restore} upfront.
While there switch from using list_for_each_entry_safe to
list_for_each_entry: the current entry cursor won't be removed as
part of the code in the loop body, so using the _safe variant is
pointless.
Fixes: 02e19f9c7cac ('hvc_xen: implement multiconsole support')
Signed-off-by: Roger Pau Monné <roger.pau@citrix.com>
Reviewed-by: Stefano Stabellini <sstabellini@kernel.org>
Link: https://lore.kernel.org/r/20221130163611.14686-1-roger.pau@citrix.com
Signed-off-by: Juergen Gross <jgross@suse.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/tty/hvc/hvc_xen.c | 46 ++++++++++++++++++++++++---------------
1 file changed, 29 insertions(+), 17 deletions(-)
diff --git a/drivers/tty/hvc/hvc_xen.c b/drivers/tty/hvc/hvc_xen.c
index 080adf7bcae4..47ffb485ff34 100644
--- a/drivers/tty/hvc/hvc_xen.c
+++ b/drivers/tty/hvc/hvc_xen.c
@@ -52,17 +52,22 @@ static DEFINE_SPINLOCK(xencons_lock);
static struct xencons_info *vtermno_to_xencons(int vtermno)
{
- struct xencons_info *entry, *n, *ret = NULL;
+ struct xencons_info *entry, *ret = NULL;
+ unsigned long flags;
- if (list_empty(&xenconsoles))
- return NULL;
+ spin_lock_irqsave(&xencons_lock, flags);
+ if (list_empty(&xenconsoles)) {
+ spin_unlock_irqrestore(&xencons_lock, flags);
+ return NULL;
+ }
- list_for_each_entry_safe(entry, n, &xenconsoles, list) {
+ list_for_each_entry(entry, &xenconsoles, list) {
if (entry->vtermno == vtermno) {
ret = entry;
break;
}
}
+ spin_unlock_irqrestore(&xencons_lock, flags);
return ret;
}
@@ -223,7 +228,7 @@ static int xen_hvm_console_init(void)
{
int r;
uint64_t v = 0;
- unsigned long gfn;
+ unsigned long gfn, flags;
struct xencons_info *info;
if (!xen_hvm_domain())
@@ -258,9 +263,9 @@ static int xen_hvm_console_init(void)
goto err;
info->vtermno = HVC_COOKIE;
- spin_lock(&xencons_lock);
+ spin_lock_irqsave(&xencons_lock, flags);
list_add_tail(&info->list, &xenconsoles);
- spin_unlock(&xencons_lock);
+ spin_unlock_irqrestore(&xencons_lock, flags);
return 0;
err:
@@ -283,6 +288,7 @@ static int xencons_info_pv_init(struct xencons_info *info, int vtermno)
static int xen_pv_console_init(void)
{
struct xencons_info *info;
+ unsigned long flags;
if (!xen_pv_domain())
return -ENODEV;
@@ -299,9 +305,9 @@ static int xen_pv_console_init(void)
/* already configured */
return 0;
}
- spin_lock(&xencons_lock);
+ spin_lock_irqsave(&xencons_lock, flags);
xencons_info_pv_init(info, HVC_COOKIE);
- spin_unlock(&xencons_lock);
+ spin_unlock_irqrestore(&xencons_lock, flags);
return 0;
}
@@ -309,6 +315,7 @@ static int xen_pv_console_init(void)
static int xen_initial_domain_console_init(void)
{
struct xencons_info *info;
+ unsigned long flags;
if (!xen_initial_domain())
return -ENODEV;
@@ -323,9 +330,9 @@ static int xen_initial_domain_console_init(void)
info->irq = bind_virq_to_irq(VIRQ_CONSOLE, 0, false);
info->vtermno = HVC_COOKIE;
- spin_lock(&xencons_lock);
+ spin_lock_irqsave(&xencons_lock, flags);
list_add_tail(&info->list, &xenconsoles);
- spin_unlock(&xencons_lock);
+ spin_unlock_irqrestore(&xencons_lock, flags);
return 0;
}
@@ -380,10 +387,12 @@ static void xencons_free(struct xencons_info *info)
static int xen_console_remove(struct xencons_info *info)
{
+ unsigned long flags;
+
xencons_disconnect_backend(info);
- spin_lock(&xencons_lock);
+ spin_lock_irqsave(&xencons_lock, flags);
list_del(&info->list);
- spin_unlock(&xencons_lock);
+ spin_unlock_irqrestore(&xencons_lock, flags);
if (info->xbdev != NULL)
xencons_free(info);
else {
@@ -464,6 +473,7 @@ static int xencons_probe(struct xenbus_device *dev,
{
int ret, devid;
struct xencons_info *info;
+ unsigned long flags;
devid = dev->nodename[strlen(dev->nodename) - 1] - '0';
if (devid == 0)
@@ -482,9 +492,9 @@ static int xencons_probe(struct xenbus_device *dev,
ret = xencons_connect_backend(dev, info);
if (ret < 0)
goto error;
- spin_lock(&xencons_lock);
+ spin_lock_irqsave(&xencons_lock, flags);
list_add_tail(&info->list, &xenconsoles);
- spin_unlock(&xencons_lock);
+ spin_unlock_irqrestore(&xencons_lock, flags);
return 0;
@@ -583,10 +593,12 @@ static int __init xen_hvc_init(void)
info->hvc = hvc_alloc(HVC_COOKIE, info->irq, ops, 256);
if (IS_ERR(info->hvc)) {
+ unsigned long flags;
+
r = PTR_ERR(info->hvc);
- spin_lock(&xencons_lock);
+ spin_lock_irqsave(&xencons_lock, flags);
list_del(&info->list);
- spin_unlock(&xencons_lock);
+ spin_unlock_irqrestore(&xencons_lock, flags);
if (info->irq)
unbind_from_irqhandler(info->irq, NULL);
kfree(info);
--
2.35.1
^ permalink raw reply related [flat|nested] 529+ messages in thread
* [PATCH 4.19 505/521] nfc: pn533: Wait for out_urbs completion in pn533_usb_send_frame()
2023-01-16 15:44 [PATCH 4.19 000/521] 4.19.270-rc1 review Greg Kroah-Hartman
` (503 preceding siblings ...)
2023-01-16 15:52 ` [PATCH 4.19 504/521] hvc/xen: lock console list traversal Greg Kroah-Hartman
@ 2023-01-16 15:52 ` Greg Kroah-Hartman
2023-01-16 15:52 ` [PATCH 4.19 506/521] net/mlx5: Rename ptp clock info Greg Kroah-Hartman
` (19 subsequent siblings)
524 siblings, 0 replies; 529+ messages in thread
From: Greg Kroah-Hartman @ 2023-01-16 15:52 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Minsuk Kang, David S. Miller, Sasha Levin
From: Minsuk Kang <linuxlovemin@yonsei.ac.kr>
[ Upstream commit 9dab880d675b9d0dd56c6428e4e8352a3339371d ]
Fix a use-after-free that occurs in hcd when in_urb sent from
pn533_usb_send_frame() is completed earlier than out_urb. Its callback
frees the skb data in pn533_send_async_complete() that is used as a
transfer buffer of out_urb. Wait before sending in_urb until the
callback of out_urb is called. To modify the callback of out_urb alone,
separate the complete function of out_urb and ack_urb.
Found by a modified version of syzkaller.
BUG: KASAN: use-after-free in dummy_timer
Call Trace:
memcpy (mm/kasan/shadow.c:65)
dummy_perform_transfer (drivers/usb/gadget/udc/dummy_hcd.c:1352)
transfer (drivers/usb/gadget/udc/dummy_hcd.c:1453)
dummy_timer (drivers/usb/gadget/udc/dummy_hcd.c:1972)
arch_static_branch (arch/x86/include/asm/jump_label.h:27)
static_key_false (include/linux/jump_label.h:207)
timer_expire_exit (include/trace/events/timer.h:127)
call_timer_fn (kernel/time/timer.c:1475)
expire_timers (kernel/time/timer.c:1519)
__run_timers (kernel/time/timer.c:1790)
run_timer_softirq (kernel/time/timer.c:1803)
Fixes: c46ee38620a2 ("NFC: pn533: add NXP pn533 nfc device driver")
Signed-off-by: Minsuk Kang <linuxlovemin@yonsei.ac.kr>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/nfc/pn533/usb.c | 44 ++++++++++++++++++++++++++++++++++++++---
1 file changed, 41 insertions(+), 3 deletions(-)
diff --git a/drivers/nfc/pn533/usb.c b/drivers/nfc/pn533/usb.c
index a2c9b3f3bc23..c7da364b6358 100644
--- a/drivers/nfc/pn533/usb.c
+++ b/drivers/nfc/pn533/usb.c
@@ -165,10 +165,17 @@ static int pn533_usb_send_ack(struct pn533 *dev, gfp_t flags)
return usb_submit_urb(phy->ack_urb, flags);
}
+struct pn533_out_arg {
+ struct pn533_usb_phy *phy;
+ struct completion done;
+};
+
static int pn533_usb_send_frame(struct pn533 *dev,
struct sk_buff *out)
{
struct pn533_usb_phy *phy = dev->phy;
+ struct pn533_out_arg arg;
+ void *cntx;
int rc;
if (phy->priv == NULL)
@@ -180,10 +187,17 @@ static int pn533_usb_send_frame(struct pn533 *dev,
print_hex_dump_debug("PN533 TX: ", DUMP_PREFIX_NONE, 16, 1,
out->data, out->len, false);
+ init_completion(&arg.done);
+ cntx = phy->out_urb->context;
+ phy->out_urb->context = &arg;
+
rc = usb_submit_urb(phy->out_urb, GFP_KERNEL);
if (rc)
return rc;
+ wait_for_completion(&arg.done);
+ phy->out_urb->context = cntx;
+
if (dev->protocol_type == PN533_PROTO_REQ_RESP) {
/* request for response for sent packet directly */
rc = pn533_submit_urb_for_response(phy, GFP_KERNEL);
@@ -424,7 +438,31 @@ static int pn533_acr122_poweron_rdr(struct pn533_usb_phy *phy)
return arg.rc;
}
-static void pn533_send_complete(struct urb *urb)
+static void pn533_out_complete(struct urb *urb)
+{
+ struct pn533_out_arg *arg = urb->context;
+ struct pn533_usb_phy *phy = arg->phy;
+
+ switch (urb->status) {
+ case 0:
+ break; /* success */
+ case -ECONNRESET:
+ case -ENOENT:
+ dev_dbg(&phy->udev->dev,
+ "The urb has been stopped (status %d)\n",
+ urb->status);
+ break;
+ case -ESHUTDOWN:
+ default:
+ nfc_err(&phy->udev->dev,
+ "Urb failure (status %d)\n",
+ urb->status);
+ }
+
+ complete(&arg->done);
+}
+
+static void pn533_ack_complete(struct urb *urb)
{
struct pn533_usb_phy *phy = urb->context;
@@ -512,10 +550,10 @@ static int pn533_usb_probe(struct usb_interface *interface,
usb_fill_bulk_urb(phy->out_urb, phy->udev,
usb_sndbulkpipe(phy->udev, out_endpoint),
- NULL, 0, pn533_send_complete, phy);
+ NULL, 0, pn533_out_complete, phy);
usb_fill_bulk_urb(phy->ack_urb, phy->udev,
usb_sndbulkpipe(phy->udev, out_endpoint),
- NULL, 0, pn533_send_complete, phy);
+ NULL, 0, pn533_ack_complete, phy);
switch (id->driver_info) {
case PN533_DEVICE_STD:
--
2.35.1
^ permalink raw reply related [flat|nested] 529+ messages in thread
* [PATCH 4.19 506/521] net/mlx5: Rename ptp clock info
2023-01-16 15:44 [PATCH 4.19 000/521] 4.19.270-rc1 review Greg Kroah-Hartman
` (504 preceding siblings ...)
2023-01-16 15:52 ` [PATCH 4.19 505/521] nfc: pn533: Wait for out_urbs completion in pn533_usb_send_frame() Greg Kroah-Hartman
@ 2023-01-16 15:52 ` Greg Kroah-Hartman
2023-01-16 15:52 ` [PATCH 4.19 507/521] net/mlx5: Fix ptp max frequency adjustment range Greg Kroah-Hartman
` (18 subsequent siblings)
524 siblings, 0 replies; 529+ messages in thread
From: Greg Kroah-Hartman @ 2023-01-16 15:52 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Eran Ben Elisha, Sasha Levin
From: Eran Ben Elisha <eranbe@mellanox.com>
[ Upstream commit aac2df7f022eccb5d117f07b1e231410db1a863a ]
Fix a typo in ptp_clock_info naming: mlx5_p2p -> mlx5_ptp.
Signed-off-by: Eran Ben Elisha <eranbe@mellanox.com>
Stable-dep-of: fe91d57277ee ("net/mlx5: Fix ptp max frequency adjustment range")
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/ethernet/mellanox/mlx5/core/lib/clock.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/net/ethernet/mellanox/mlx5/core/lib/clock.c b/drivers/net/ethernet/mellanox/mlx5/core/lib/clock.c
index 0fd62510fb27..3ef63103d33f 100644
--- a/drivers/net/ethernet/mellanox/mlx5/core/lib/clock.c
+++ b/drivers/net/ethernet/mellanox/mlx5/core/lib/clock.c
@@ -395,7 +395,7 @@ static int mlx5_ptp_verify(struct ptp_clock_info *ptp, unsigned int pin,
static const struct ptp_clock_info mlx5_ptp_clock_info = {
.owner = THIS_MODULE,
- .name = "mlx5_p2p",
+ .name = "mlx5_ptp",
.max_adj = 100000000,
.n_alarm = 0,
.n_ext_ts = 0,
--
2.35.1
^ permalink raw reply related [flat|nested] 529+ messages in thread
* [PATCH 4.19 507/521] net/mlx5: Fix ptp max frequency adjustment range
2023-01-16 15:44 [PATCH 4.19 000/521] 4.19.270-rc1 review Greg Kroah-Hartman
` (505 preceding siblings ...)
2023-01-16 15:52 ` [PATCH 4.19 506/521] net/mlx5: Rename ptp clock info Greg Kroah-Hartman
@ 2023-01-16 15:52 ` Greg Kroah-Hartman
2023-01-16 15:52 ` [PATCH 4.19 508/521] iommu/mediatek-v1: Add error handle for mtk_iommu_probe Greg Kroah-Hartman
` (17 subsequent siblings)
524 siblings, 0 replies; 529+ messages in thread
From: Greg Kroah-Hartman @ 2023-01-16 15:52 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Rahul Rameshbabu, Gal Pressman,
Tariq Toukan, Saeed Mahameed, Sasha Levin
From: Rahul Rameshbabu <rrameshbabu@nvidia.com>
[ Upstream commit fe91d57277eef8bb4aca05acfa337b4a51d0bba4 ]
.max_adj of ptp_clock_info acts as an absolute value for the amount in ppb
that can be set for a single call of .adjfine. This means that a single
call to .getfine cannot be greater than .max_adj or less than -(.max_adj).
Provides correct value for max frequency adjustment value supported by
devices.
Fixes: 3d8c38af1493 ("net/mlx5e: Add PTP Hardware Clock (PHC) support")
Signed-off-by: Rahul Rameshbabu <rrameshbabu@nvidia.com>
Reviewed-by: Gal Pressman <gal@nvidia.com>
Reviewed-by: Tariq Toukan <tariqt@nvidia.com>
Signed-off-by: Saeed Mahameed <saeedm@nvidia.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/ethernet/mellanox/mlx5/core/lib/clock.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/net/ethernet/mellanox/mlx5/core/lib/clock.c b/drivers/net/ethernet/mellanox/mlx5/core/lib/clock.c
index 3ef63103d33f..dee65443d76b 100644
--- a/drivers/net/ethernet/mellanox/mlx5/core/lib/clock.c
+++ b/drivers/net/ethernet/mellanox/mlx5/core/lib/clock.c
@@ -396,7 +396,7 @@ static int mlx5_ptp_verify(struct ptp_clock_info *ptp, unsigned int pin,
static const struct ptp_clock_info mlx5_ptp_clock_info = {
.owner = THIS_MODULE,
.name = "mlx5_ptp",
- .max_adj = 100000000,
+ .max_adj = 50000000,
.n_alarm = 0,
.n_ext_ts = 0,
.n_per_out = 0,
--
2.35.1
^ permalink raw reply related [flat|nested] 529+ messages in thread
* [PATCH 4.19 508/521] iommu/mediatek-v1: Add error handle for mtk_iommu_probe
2023-01-16 15:44 [PATCH 4.19 000/521] 4.19.270-rc1 review Greg Kroah-Hartman
` (506 preceding siblings ...)
2023-01-16 15:52 ` [PATCH 4.19 507/521] net/mlx5: Fix ptp max frequency adjustment range Greg Kroah-Hartman
@ 2023-01-16 15:52 ` Greg Kroah-Hartman
2023-01-16 15:52 ` [PATCH 4.19 509/521] iommu/mediatek-v1: Fix an error handling path in mtk_iommu_v1_probe() Greg Kroah-Hartman
` (16 subsequent siblings)
524 siblings, 0 replies; 529+ messages in thread
From: Greg Kroah-Hartman @ 2023-01-16 15:52 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Yong Wu, Joerg Roedel, Sasha Levin
From: Yong Wu <yong.wu@mediatek.com>
[ Upstream commit ac304c070c54413efabf29f9e73c54576d329774 ]
In the original code, we lack the error handle. This patch adds them.
Signed-off-by: Yong Wu <yong.wu@mediatek.com>
Link: https://lore.kernel.org/r/20210412064843.11614-2-yong.wu@mediatek.com
Signed-off-by: Joerg Roedel <jroedel@suse.de>
Stable-dep-of: 142e821f68cf ("iommu/mediatek-v1: Fix an error handling path in mtk_iommu_v1_probe()")
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/iommu/mtk_iommu_v1.c | 22 ++++++++++++++++++----
1 file changed, 18 insertions(+), 4 deletions(-)
diff --git a/drivers/iommu/mtk_iommu_v1.c b/drivers/iommu/mtk_iommu_v1.c
index 676c029494e4..1a1f9a05982f 100644
--- a/drivers/iommu/mtk_iommu_v1.c
+++ b/drivers/iommu/mtk_iommu_v1.c
@@ -632,12 +632,26 @@ static int mtk_iommu_probe(struct platform_device *pdev)
ret = iommu_device_register(&data->iommu);
if (ret)
- return ret;
+ goto out_sysfs_remove;
- if (!iommu_present(&platform_bus_type))
- bus_set_iommu(&platform_bus_type, &mtk_iommu_ops);
+ if (!iommu_present(&platform_bus_type)) {
+ ret = bus_set_iommu(&platform_bus_type, &mtk_iommu_ops);
+ if (ret)
+ goto out_dev_unreg;
+ }
- return component_master_add_with_match(dev, &mtk_iommu_com_ops, match);
+ ret = component_master_add_with_match(dev, &mtk_iommu_com_ops, match);
+ if (ret)
+ goto out_bus_set_null;
+ return ret;
+
+out_bus_set_null:
+ bus_set_iommu(&platform_bus_type, NULL);
+out_dev_unreg:
+ iommu_device_unregister(&data->iommu);
+out_sysfs_remove:
+ iommu_device_sysfs_remove(&data->iommu);
+ return ret;
}
static int mtk_iommu_remove(struct platform_device *pdev)
--
2.35.1
^ permalink raw reply related [flat|nested] 529+ messages in thread
* [PATCH 4.19 509/521] iommu/mediatek-v1: Fix an error handling path in mtk_iommu_v1_probe()
2023-01-16 15:44 [PATCH 4.19 000/521] 4.19.270-rc1 review Greg Kroah-Hartman
` (507 preceding siblings ...)
2023-01-16 15:52 ` [PATCH 4.19 508/521] iommu/mediatek-v1: Add error handle for mtk_iommu_probe Greg Kroah-Hartman
@ 2023-01-16 15:52 ` Greg Kroah-Hartman
2023-01-16 15:52 ` [PATCH 4.19 510/521] x86/resctrl: Use task_curr() instead of task_struct->on_cpu to prevent unnecessary IPI Greg Kroah-Hartman
` (15 subsequent siblings)
524 siblings, 0 replies; 529+ messages in thread
From: Greg Kroah-Hartman @ 2023-01-16 15:52 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Christophe JAILLET, Yong Wu,
AngeloGioacchino Del Regno, Matthias Brugger, Joerg Roedel,
Sasha Levin
From: Christophe JAILLET <christophe.jaillet@wanadoo.fr>
[ Upstream commit 142e821f68cf5da79ce722cb9c1323afae30e185 ]
A clk, prepared and enabled in mtk_iommu_v1_hw_init(), is not released in
the error handling path of mtk_iommu_v1_probe().
Add the corresponding clk_disable_unprepare(), as already done in the
remove function.
Fixes: b17336c55d89 ("iommu/mediatek: add support for mtk iommu generation one HW")
Signed-off-by: Christophe JAILLET <christophe.jaillet@wanadoo.fr>
Reviewed-by: Yong Wu <yong.wu@mediatek.com>
Reviewed-by: AngeloGioacchino Del Regno <angelogioacchino.delregno@collabora.com>
Reviewed-by: Matthias Brugger <matthias.bgg@gmail.com>
Link: https://lore.kernel.org/r/593e7b7d97c6e064b29716b091a9d4fd122241fb.1671473163.git.christophe.jaillet@wanadoo.fr
Signed-off-by: Joerg Roedel <jroedel@suse.de>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/iommu/mtk_iommu_v1.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/drivers/iommu/mtk_iommu_v1.c b/drivers/iommu/mtk_iommu_v1.c
index 1a1f9a05982f..94b16cacb80f 100644
--- a/drivers/iommu/mtk_iommu_v1.c
+++ b/drivers/iommu/mtk_iommu_v1.c
@@ -626,7 +626,7 @@ static int mtk_iommu_probe(struct platform_device *pdev)
ret = iommu_device_sysfs_add(&data->iommu, &pdev->dev, NULL,
dev_name(&pdev->dev));
if (ret)
- return ret;
+ goto out_clk_unprepare;
iommu_device_set_ops(&data->iommu, &mtk_iommu_ops);
@@ -651,6 +651,8 @@ static int mtk_iommu_probe(struct platform_device *pdev)
iommu_device_unregister(&data->iommu);
out_sysfs_remove:
iommu_device_sysfs_remove(&data->iommu);
+out_clk_unprepare:
+ clk_disable_unprepare(data->bclk);
return ret;
}
--
2.35.1
^ permalink raw reply related [flat|nested] 529+ messages in thread
* [PATCH 4.19 510/521] x86/resctrl: Use task_curr() instead of task_struct->on_cpu to prevent unnecessary IPI
2023-01-16 15:44 [PATCH 4.19 000/521] 4.19.270-rc1 review Greg Kroah-Hartman
` (508 preceding siblings ...)
2023-01-16 15:52 ` [PATCH 4.19 509/521] iommu/mediatek-v1: Fix an error handling path in mtk_iommu_v1_probe() Greg Kroah-Hartman
@ 2023-01-16 15:52 ` Greg Kroah-Hartman
2023-01-16 15:52 ` [PATCH 4.19 511/521] x86/resctrl: Fix task CLOSID/RMID update race Greg Kroah-Hartman
` (14 subsequent siblings)
524 siblings, 0 replies; 529+ messages in thread
From: Greg Kroah-Hartman @ 2023-01-16 15:52 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, James Morse, Reinette Chatre,
Borislav Petkov, Sasha Levin
From: Reinette Chatre <reinette.chatre@intel.com>
[ Upstream commit e0ad6dc8969f790f14bddcfd7ea284b7e5f88a16 ]
James reported in [1] that there could be two tasks running on the same CPU
with task_struct->on_cpu set. Using task_struct->on_cpu as a test if a task
is running on a CPU may thus match the old task for a CPU while the
scheduler is running and IPI it unnecessarily.
task_curr() is the correct helper to use. While doing so move the #ifdef
check of the CONFIG_SMP symbol to be a C conditional used to determine
if this helper should be used to ensure the code is always checked for
correctness by the compiler.
[1] https://lore.kernel.org/lkml/a782d2f3-d2f6-795f-f4b1-9462205fd581@arm.com
Reported-by: James Morse <james.morse@arm.com>
Signed-off-by: Reinette Chatre <reinette.chatre@intel.com>
Signed-off-by: Borislav Petkov <bp@suse.de>
Link: https://lkml.kernel.org/r/e9e68ce1441a73401e08b641cc3b9a3cf13fe6d4.1608243147.git.reinette.chatre@intel.com
Stable-dep-of: fe1f0714385f ("x86/resctrl: Fix task CLOSID/RMID update race")
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/x86/kernel/cpu/intel_rdt_rdtgroup.c | 14 +++++---------
1 file changed, 5 insertions(+), 9 deletions(-)
diff --git a/arch/x86/kernel/cpu/intel_rdt_rdtgroup.c b/arch/x86/kernel/cpu/intel_rdt_rdtgroup.c
index f406e3b85bdb..8c405149c671 100644
--- a/arch/x86/kernel/cpu/intel_rdt_rdtgroup.c
+++ b/arch/x86/kernel/cpu/intel_rdt_rdtgroup.c
@@ -2140,19 +2140,15 @@ static void rdt_move_group_tasks(struct rdtgroup *from, struct rdtgroup *to,
t->closid = to->closid;
t->rmid = to->mon.rmid;
-#ifdef CONFIG_SMP
/*
- * This is safe on x86 w/o barriers as the ordering
- * of writing to task_cpu() and t->on_cpu is
- * reverse to the reading here. The detection is
- * inaccurate as tasks might move or schedule
- * before the smp function call takes place. In
- * such a case the function call is pointless, but
+ * If the task is on a CPU, set the CPU in the mask.
+ * The detection is inaccurate as tasks might move or
+ * schedule before the smp function call takes place.
+ * In such a case the function call is pointless, but
* there is no other side effect.
*/
- if (mask && t->on_cpu)
+ if (IS_ENABLED(CONFIG_SMP) && mask && task_curr(t))
cpumask_set_cpu(task_cpu(t), mask);
-#endif
}
}
read_unlock(&tasklist_lock);
--
2.35.1
^ permalink raw reply related [flat|nested] 529+ messages in thread
* [PATCH 4.19 511/521] x86/resctrl: Fix task CLOSID/RMID update race
2023-01-16 15:44 [PATCH 4.19 000/521] 4.19.270-rc1 review Greg Kroah-Hartman
` (509 preceding siblings ...)
2023-01-16 15:52 ` [PATCH 4.19 510/521] x86/resctrl: Use task_curr() instead of task_struct->on_cpu to prevent unnecessary IPI Greg Kroah-Hartman
@ 2023-01-16 15:52 ` Greg Kroah-Hartman
2023-01-16 15:52 ` [PATCH 4.19 512/521] drm/virtio: Fix GEM handle creation UAF Greg Kroah-Hartman
` (13 subsequent siblings)
524 siblings, 0 replies; 529+ messages in thread
From: Greg Kroah-Hartman @ 2023-01-16 15:52 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Peter Newman, Borislav Petkov (AMD),
Reinette Chatre, Babu Moger, stable, Sasha Levin
From: Peter Newman <peternewman@google.com>
[ Upstream commit fe1f0714385fbcf76b0cbceb02b7277d842014fc ]
When the user moves a running task to a new rdtgroup using the task's
file interface or by deleting its rdtgroup, the resulting change in
CLOSID/RMID must be immediately propagated to the PQR_ASSOC MSR on the
task(s) CPUs.
x86 allows reordering loads with prior stores, so if the task starts
running between a task_curr() check that the CPU hoisted before the
stores in the CLOSID/RMID update then it can start running with the old
CLOSID/RMID until it is switched again because __rdtgroup_move_task()
failed to determine that it needs to be interrupted to obtain the new
CLOSID/RMID.
Refer to the diagram below:
CPU 0 CPU 1
----- -----
__rdtgroup_move_task():
curr <- t1->cpu->rq->curr
__schedule():
rq->curr <- t1
resctrl_sched_in():
t1->{closid,rmid} -> {1,1}
t1->{closid,rmid} <- {2,2}
if (curr == t1) // false
IPI(t1->cpu)
A similar race impacts rdt_move_group_tasks(), which updates tasks in a
deleted rdtgroup.
In both cases, use smp_mb() to order the task_struct::{closid,rmid}
stores before the loads in task_curr(). In particular, in the
rdt_move_group_tasks() case, simply execute an smp_mb() on every
iteration with a matching task.
It is possible to use a single smp_mb() in rdt_move_group_tasks(), but
this would require two passes and a means of remembering which
task_structs were updated in the first loop. However, benchmarking
results below showed too little performance impact in the simple
approach to justify implementing the two-pass approach.
Times below were collected using `perf stat` to measure the time to
remove a group containing a 1600-task, parallel workload.
CPU: Intel(R) Xeon(R) Platinum P-8136 CPU @ 2.00GHz (112 threads)
# mkdir /sys/fs/resctrl/test
# echo $$ > /sys/fs/resctrl/test/tasks
# perf bench sched messaging -g 40 -l 100000
task-clock time ranges collected using:
# perf stat rmdir /sys/fs/resctrl/test
Baseline: 1.54 - 1.60 ms
smp_mb() every matching task: 1.57 - 1.67 ms
[ bp: Massage commit message. ]
Fixes: ae28d1aae48a ("x86/resctrl: Use an IPI instead of task_work_add() to update PQR_ASSOC MSR")
Fixes: 0efc89be9471 ("x86/intel_rdt: Update task closid immediately on CPU in rmdir and unmount")
Signed-off-by: Peter Newman <peternewman@google.com>
Signed-off-by: Borislav Petkov (AMD) <bp@alien8.de>
Reviewed-by: Reinette Chatre <reinette.chatre@intel.com>
Reviewed-by: Babu Moger <babu.moger@amd.com>
Cc: <stable@kernel.org>
Link: https://lore.kernel.org/r/20221220161123.432120-1-peternewman@google.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/x86/kernel/cpu/intel_rdt_rdtgroup.c | 12 +++++++++++-
1 file changed, 11 insertions(+), 1 deletion(-)
diff --git a/arch/x86/kernel/cpu/intel_rdt_rdtgroup.c b/arch/x86/kernel/cpu/intel_rdt_rdtgroup.c
index 8c405149c671..1125f752f126 100644
--- a/arch/x86/kernel/cpu/intel_rdt_rdtgroup.c
+++ b/arch/x86/kernel/cpu/intel_rdt_rdtgroup.c
@@ -585,8 +585,10 @@ static int __rdtgroup_move_task(struct task_struct *tsk,
/*
* Ensure the task's closid and rmid are written before determining if
* the task is current that will decide if it will be interrupted.
+ * This pairs with the full barrier between the rq->curr update and
+ * resctrl_sched_in() during context switch.
*/
- barrier();
+ smp_mb();
/*
* By now, the task's closid and rmid are set. If the task is current
@@ -2140,6 +2142,14 @@ static void rdt_move_group_tasks(struct rdtgroup *from, struct rdtgroup *to,
t->closid = to->closid;
t->rmid = to->mon.rmid;
+ /*
+ * Order the closid/rmid stores above before the loads
+ * in task_curr(). This pairs with the full barrier
+ * between the rq->curr update and resctrl_sched_in()
+ * during context switch.
+ */
+ smp_mb();
+
/*
* If the task is on a CPU, set the CPU in the mask.
* The detection is inaccurate as tasks might move or
--
2.35.1
^ permalink raw reply related [flat|nested] 529+ messages in thread
* [PATCH 4.19 512/521] drm/virtio: Fix GEM handle creation UAF
2023-01-16 15:44 [PATCH 4.19 000/521] 4.19.270-rc1 review Greg Kroah-Hartman
` (510 preceding siblings ...)
2023-01-16 15:52 ` [PATCH 4.19 511/521] x86/resctrl: Fix task CLOSID/RMID update race Greg Kroah-Hartman
@ 2023-01-16 15:52 ` Greg Kroah-Hartman
2023-01-16 15:52 ` [PATCH 4.19 513/521] arm64: cmpxchg_double*: hazard against entire exchange variable Greg Kroah-Hartman
` (12 subsequent siblings)
524 siblings, 0 replies; 529+ messages in thread
From: Greg Kroah-Hartman @ 2023-01-16 15:52 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Rob Clark, Chia-I Wu,
Dmitry Osipenko, Sasha Levin
From: Rob Clark <robdclark@chromium.org>
[ Upstream commit 52531258318ed59a2dc5a43df2eaf0eb1d65438e ]
Userspace can guess the handle value and try to race GEM object creation
with handle close, resulting in a use-after-free if we dereference the
object after dropping the handle's reference. For that reason, dropping
the handle's reference must be done *after* we are done dereferencing
the object.
Signed-off-by: Rob Clark <robdclark@chromium.org>
Reviewed-by: Chia-I Wu <olvaffe@gmail.com>
Fixes: 62fb7a5e1096 ("virtio-gpu: add 3d/virgl support")
Cc: stable@vger.kernel.org
Signed-off-by: Dmitry Osipenko <dmitry.osipenko@collabora.com>
Link: https://patchwork.freedesktop.org/patch/msgid/20221216233355.542197-2-robdclark@gmail.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/gpu/drm/virtio/virtgpu_ioctl.c | 10 +++++++++-
1 file changed, 9 insertions(+), 1 deletion(-)
diff --git a/drivers/gpu/drm/virtio/virtgpu_ioctl.c b/drivers/gpu/drm/virtio/virtgpu_ioctl.c
index 8d2f5ded86d6..a539843a03ba 100644
--- a/drivers/gpu/drm/virtio/virtgpu_ioctl.c
+++ b/drivers/gpu/drm/virtio/virtgpu_ioctl.c
@@ -309,7 +309,6 @@ static int virtio_gpu_resource_create_ioctl(struct drm_device *dev, void *data,
}
return ret;
}
- drm_gem_object_put_unlocked(obj);
rc->res_handle = res_id; /* similiar to a VM address */
rc->bo_handle = handle;
@@ -318,6 +317,15 @@ static int virtio_gpu_resource_create_ioctl(struct drm_device *dev, void *data,
virtio_gpu_unref_list(&validate_list);
dma_fence_put(&fence->f);
}
+
+ /*
+ * The handle owns the reference now. But we must drop our
+ * remaining reference *after* we no longer need to dereference
+ * the obj. Otherwise userspace could guess the handle and
+ * race closing it from another thread.
+ */
+ drm_gem_object_put_unlocked(obj);
+
return 0;
fail_unref:
if (vgdev->has_virgl_3d) {
--
2.35.1
^ permalink raw reply related [flat|nested] 529+ messages in thread
* [PATCH 4.19 513/521] arm64: cmpxchg_double*: hazard against entire exchange variable
2023-01-16 15:44 [PATCH 4.19 000/521] 4.19.270-rc1 review Greg Kroah-Hartman
` (511 preceding siblings ...)
2023-01-16 15:52 ` [PATCH 4.19 512/521] drm/virtio: Fix GEM handle creation UAF Greg Kroah-Hartman
@ 2023-01-16 15:52 ` Greg Kroah-Hartman
2023-01-16 15:52 ` [PATCH 4.19 514/521] efi: fix NULL-deref in init error path Greg Kroah-Hartman
` (11 subsequent siblings)
524 siblings, 0 replies; 529+ messages in thread
From: Greg Kroah-Hartman @ 2023-01-16 15:52 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Boqun Feng, Peter Zijlstra,
Mark Rutland, Arnd Bergmann, Catalin Marinas, Steve Capper,
Will Deacon, Sasha Levin
From: Mark Rutland <mark.rutland@arm.com>
[ Upstream commit 031af50045ea97ed4386eb3751ca2c134d0fc911 ]
The inline assembly for arm64's cmpxchg_double*() implementations use a
+Q constraint to hazard against other accesses to the memory location
being exchanged. However, the pointer passed to the constraint is a
pointer to unsigned long, and thus the hazard only applies to the first
8 bytes of the location.
GCC can take advantage of this, assuming that other portions of the
location are unchanged, leading to a number of potential problems.
This is similar to what we fixed back in commit:
fee960bed5e857eb ("arm64: xchg: hazard against entire exchange variable")
... but we forgot to adjust cmpxchg_double*() similarly at the same
time.
The same problem applies, as demonstrated with the following test:
| struct big {
| u64 lo, hi;
| } __aligned(128);
|
| unsigned long foo(struct big *b)
| {
| u64 hi_old, hi_new;
|
| hi_old = b->hi;
| cmpxchg_double_local(&b->lo, &b->hi, 0x12, 0x34, 0x56, 0x78);
| hi_new = b->hi;
|
| return hi_old ^ hi_new;
| }
... which GCC 12.1.0 compiles as:
| 0000000000000000 <foo>:
| 0: d503233f paciasp
| 4: aa0003e4 mov x4, x0
| 8: 1400000e b 40 <foo+0x40>
| c: d2800240 mov x0, #0x12 // #18
| 10: d2800681 mov x1, #0x34 // #52
| 14: aa0003e5 mov x5, x0
| 18: aa0103e6 mov x6, x1
| 1c: d2800ac2 mov x2, #0x56 // #86
| 20: d2800f03 mov x3, #0x78 // #120
| 24: 48207c82 casp x0, x1, x2, x3, [x4]
| 28: ca050000 eor x0, x0, x5
| 2c: ca060021 eor x1, x1, x6
| 30: aa010000 orr x0, x0, x1
| 34: d2800000 mov x0, #0x0 // #0 <--- BANG
| 38: d50323bf autiasp
| 3c: d65f03c0 ret
| 40: d2800240 mov x0, #0x12 // #18
| 44: d2800681 mov x1, #0x34 // #52
| 48: d2800ac2 mov x2, #0x56 // #86
| 4c: d2800f03 mov x3, #0x78 // #120
| 50: f9800091 prfm pstl1strm, [x4]
| 54: c87f1885 ldxp x5, x6, [x4]
| 58: ca0000a5 eor x5, x5, x0
| 5c: ca0100c6 eor x6, x6, x1
| 60: aa0600a6 orr x6, x5, x6
| 64: b5000066 cbnz x6, 70 <foo+0x70>
| 68: c8250c82 stxp w5, x2, x3, [x4]
| 6c: 35ffff45 cbnz w5, 54 <foo+0x54>
| 70: d2800000 mov x0, #0x0 // #0 <--- BANG
| 74: d50323bf autiasp
| 78: d65f03c0 ret
Notice that at the lines with "BANG" comments, GCC has assumed that the
higher 8 bytes are unchanged by the cmpxchg_double() call, and that
`hi_old ^ hi_new` can be reduced to a constant zero, for both LSE and
LL/SC versions of cmpxchg_double().
This patch fixes the issue by passing a pointer to __uint128_t into the
+Q constraint, ensuring that the compiler hazards against the entire 16
bytes being modified.
With this change, GCC 12.1.0 compiles the above test as:
| 0000000000000000 <foo>:
| 0: f9400407 ldr x7, [x0, #8]
| 4: d503233f paciasp
| 8: aa0003e4 mov x4, x0
| c: 1400000f b 48 <foo+0x48>
| 10: d2800240 mov x0, #0x12 // #18
| 14: d2800681 mov x1, #0x34 // #52
| 18: aa0003e5 mov x5, x0
| 1c: aa0103e6 mov x6, x1
| 20: d2800ac2 mov x2, #0x56 // #86
| 24: d2800f03 mov x3, #0x78 // #120
| 28: 48207c82 casp x0, x1, x2, x3, [x4]
| 2c: ca050000 eor x0, x0, x5
| 30: ca060021 eor x1, x1, x6
| 34: aa010000 orr x0, x0, x1
| 38: f9400480 ldr x0, [x4, #8]
| 3c: d50323bf autiasp
| 40: ca0000e0 eor x0, x7, x0
| 44: d65f03c0 ret
| 48: d2800240 mov x0, #0x12 // #18
| 4c: d2800681 mov x1, #0x34 // #52
| 50: d2800ac2 mov x2, #0x56 // #86
| 54: d2800f03 mov x3, #0x78 // #120
| 58: f9800091 prfm pstl1strm, [x4]
| 5c: c87f1885 ldxp x5, x6, [x4]
| 60: ca0000a5 eor x5, x5, x0
| 64: ca0100c6 eor x6, x6, x1
| 68: aa0600a6 orr x6, x5, x6
| 6c: b5000066 cbnz x6, 78 <foo+0x78>
| 70: c8250c82 stxp w5, x2, x3, [x4]
| 74: 35ffff45 cbnz w5, 5c <foo+0x5c>
| 78: f9400480 ldr x0, [x4, #8]
| 7c: d50323bf autiasp
| 80: ca0000e0 eor x0, x7, x0
| 84: d65f03c0 ret
... sampling the high 8 bytes before and after the cmpxchg, and
performing an EOR, as we'd expect.
For backporting, I've tested this atop linux-4.9.y with GCC 5.5.0. Note
that linux-4.9.y is oldest currently supported stable release, and
mandates GCC 5.1+. Unfortunately I couldn't get a GCC 5.1 binary to run
on my machines due to library incompatibilities.
I've also used a standalone test to check that we can use a __uint128_t
pointer in a +Q constraint at least as far back as GCC 4.8.5 and LLVM
3.9.1.
Fixes: 5284e1b4bc8a ("arm64: xchg: Implement cmpxchg_double")
Fixes: e9a4b795652f ("arm64: cmpxchg_dbl: patch in lse instructions when supported by the CPU")
Reported-by: Boqun Feng <boqun.feng@gmail.com>
Link: https://lore.kernel.org/lkml/Y6DEfQXymYVgL3oJ@boqun-archlinux/
Reported-by: Peter Zijlstra <peterz@infradead.org>
Link: https://lore.kernel.org/lkml/Y6GXoO4qmH9OIZ5Q@hirez.programming.kicks-ass.net/
Signed-off-by: Mark Rutland <mark.rutland@arm.com>
Cc: stable@vger.kernel.org
Cc: Arnd Bergmann <arnd@arndb.de>
Cc: Catalin Marinas <catalin.marinas@arm.com>
Cc: Steve Capper <steve.capper@arm.com>
Cc: Will Deacon <will@kernel.org>
Link: https://lore.kernel.org/r/20230104151626.3262137-1-mark.rutland@arm.com
Signed-off-by: Will Deacon <will@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/arm64/include/asm/atomic_ll_sc.h | 2 +-
arch/arm64/include/asm/atomic_lse.h | 2 +-
2 files changed, 2 insertions(+), 2 deletions(-)
diff --git a/arch/arm64/include/asm/atomic_ll_sc.h b/arch/arm64/include/asm/atomic_ll_sc.h
index 1cc42441bc67..a9b315dc7e24 100644
--- a/arch/arm64/include/asm/atomic_ll_sc.h
+++ b/arch/arm64/include/asm/atomic_ll_sc.h
@@ -320,7 +320,7 @@ __LL_SC_PREFIX(__cmpxchg_double##name(unsigned long old1, \
" cbnz %w0, 1b\n" \
" " #mb "\n" \
"2:" \
- : "=&r" (tmp), "=&r" (ret), "+Q" (*(unsigned long *)ptr) \
+ : "=&r" (tmp), "=&r" (ret), "+Q" (*(__uint128_t *)ptr) \
: "r" (old1), "r" (old2), "r" (new1), "r" (new2) \
: cl); \
\
diff --git a/arch/arm64/include/asm/atomic_lse.h b/arch/arm64/include/asm/atomic_lse.h
index 80cadc789f1a..393d73797e73 100644
--- a/arch/arm64/include/asm/atomic_lse.h
+++ b/arch/arm64/include/asm/atomic_lse.h
@@ -555,7 +555,7 @@ static inline long __cmpxchg_double##name(unsigned long old1, \
" eor %[old2], %[old2], %[oldval2]\n" \
" orr %[old1], %[old1], %[old2]") \
: [old1] "+&r" (x0), [old2] "+&r" (x1), \
- [v] "+Q" (*(unsigned long *)ptr) \
+ [v] "+Q" (*(__uint128_t *)ptr) \
: [new1] "r" (x2), [new2] "r" (x3), [ptr] "r" (x4), \
[oldval1] "r" (oldval1), [oldval2] "r" (oldval2) \
: __LL_SC_CLOBBERS, ##cl); \
--
2.35.1
^ permalink raw reply related [flat|nested] 529+ messages in thread
* [PATCH 4.19 514/521] efi: fix NULL-deref in init error path
2023-01-16 15:44 [PATCH 4.19 000/521] 4.19.270-rc1 review Greg Kroah-Hartman
` (512 preceding siblings ...)
2023-01-16 15:52 ` [PATCH 4.19 513/521] arm64: cmpxchg_double*: hazard against entire exchange variable Greg Kroah-Hartman
@ 2023-01-16 15:52 ` Greg Kroah-Hartman
2023-01-16 15:52 ` [PATCH 4.19 515/521] Revert "usb: ulpi: defer ulpi_register on ulpi_read_id timeout" Greg Kroah-Hartman
` (10 subsequent siblings)
524 siblings, 0 replies; 529+ messages in thread
From: Greg Kroah-Hartman @ 2023-01-16 15:52 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Li Heng, Johan Hovold,
Ard Biesheuvel, Sasha Levin
From: Johan Hovold <johan+linaro@kernel.org>
[ Upstream commit 703c13fe3c9af557d312f5895ed6a5fda2711104 ]
In cases where runtime services are not supported or have been disabled,
the runtime services workqueue will never have been allocated.
Do not try to destroy the workqueue unconditionally in the unlikely
event that EFI initialisation fails to avoid dereferencing a NULL
pointer.
Fixes: 98086df8b70c ("efi: add missed destroy_workqueue when efisubsys_init fails")
Cc: stable@vger.kernel.org
Cc: Li Heng <liheng40@huawei.com>
Signed-off-by: Johan Hovold <johan+linaro@kernel.org>
Signed-off-by: Ard Biesheuvel <ardb@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/firmware/efi/efi.c | 9 ++++++---
1 file changed, 6 insertions(+), 3 deletions(-)
--- a/drivers/firmware/efi/efi.c
+++ b/drivers/firmware/efi/efi.c
@@ -359,8 +359,8 @@ static int __init efisubsys_init(void)
efi_kobj = kobject_create_and_add("efi", firmware_kobj);
if (!efi_kobj) {
pr_err("efi: Firmware registration failed.\n");
- destroy_workqueue(efi_rts_wq);
- return -ENOMEM;
+ error = -ENOMEM;
+ goto err_destroy_wq;
}
error = generic_ops_register();
@@ -396,7 +396,10 @@ err_unregister:
generic_ops_unregister();
err_put:
kobject_put(efi_kobj);
- destroy_workqueue(efi_rts_wq);
+err_destroy_wq:
+ if (efi_rts_wq)
+ destroy_workqueue(efi_rts_wq);
+
return error;
}
^ permalink raw reply [flat|nested] 529+ messages in thread
* [PATCH 4.19 515/521] Revert "usb: ulpi: defer ulpi_register on ulpi_read_id timeout"
2023-01-16 15:44 [PATCH 4.19 000/521] 4.19.270-rc1 review Greg Kroah-Hartman
` (513 preceding siblings ...)
2023-01-16 15:52 ` [PATCH 4.19 514/521] efi: fix NULL-deref in init error path Greg Kroah-Hartman
@ 2023-01-16 15:52 ` Greg Kroah-Hartman
2023-01-16 15:52 ` [PATCH 4.19 516/521] tty: serial: tegra: Handle RX transfer in PIO mode if DMA wasnt started Greg Kroah-Hartman
` (9 subsequent siblings)
524 siblings, 0 replies; 529+ messages in thread
From: Greg Kroah-Hartman @ 2023-01-16 15:52 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Guenter Roeck, Ferry Toth
From: Ferry Toth <ftoth@exalondelft.nl>
commit b659b613cea2ae39746ca8bd2b69d1985dd9d770 upstream.
This reverts commit 8a7b31d545d3a15f0e6f5984ae16f0ca4fd76aac.
This patch results in some qemu test failures, specifically xilinx-zynq-a9
machine and zynq-zc702 as well as zynq-zed devicetree files, when trying
to boot from USB drive.
Link: https://lore.kernel.org/lkml/20221220194334.GA942039@roeck-us.net/
Fixes: 8a7b31d545d3 ("usb: ulpi: defer ulpi_register on ulpi_read_id timeout")
Cc: stable@vger.kernel.org
Reported-by: Guenter Roeck <linux@roeck-us.net>
Signed-off-by: Ferry Toth <ftoth@exalondelft.nl>
Link: https://lore.kernel.org/r/20221222205302.45761-1-ftoth@exalondelft.nl
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/usb/common/ulpi.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/drivers/usb/common/ulpi.c
+++ b/drivers/usb/common/ulpi.c
@@ -207,7 +207,7 @@ static int ulpi_read_id(struct ulpi *ulp
/* Test the interface */
ret = ulpi_write(ulpi, ULPI_SCRATCH, 0xaa);
if (ret < 0)
- return ret;
+ goto err;
ret = ulpi_read(ulpi, ULPI_SCRATCH);
if (ret < 0)
^ permalink raw reply [flat|nested] 529+ messages in thread
* [PATCH 4.19 516/521] tty: serial: tegra: Handle RX transfer in PIO mode if DMA wasnt started
2023-01-16 15:44 [PATCH 4.19 000/521] 4.19.270-rc1 review Greg Kroah-Hartman
` (514 preceding siblings ...)
2023-01-16 15:52 ` [PATCH 4.19 515/521] Revert "usb: ulpi: defer ulpi_register on ulpi_read_id timeout" Greg Kroah-Hartman
@ 2023-01-16 15:52 ` Greg Kroah-Hartman
2023-01-16 15:52 ` [PATCH 4.19 517/521] pseries/eeh: Fix the kdump kernel crash during eeh_pseries_init Greg Kroah-Hartman
` (8 subsequent siblings)
524 siblings, 0 replies; 529+ messages in thread
From: Greg Kroah-Hartman @ 2023-01-16 15:52 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Dmitry Osipenko
From: Dmitry Osipenko <digetx@gmail.com>
commit 1f69a1273b3f204a9c00dc3bbdcc4afcd0787428 upstream.
It is possible to get an instant RX timeout or end-of-transfer interrupt
before RX DMA was started, if transaction is less than 16 bytes. Transfer
should be handled in PIO mode in this case because DMA can't handle it.
This patch brings back the original behaviour of the driver that was
changed by accident by a previous commit, it fixes occasional Bluetooth HW
initialization failures which I started to notice recently.
Fixes: d5e3fadb7012 ("tty: serial: tegra: Activate RX DMA transfer by request")
Signed-off-by: Dmitry Osipenko <digetx@gmail.com>
Link: https://lore.kernel.org/r/20200209164415.9632-1-digetx@gmail.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/tty/serial/serial-tegra.c | 35 ++++++++++++++++-------------------
1 file changed, 16 insertions(+), 19 deletions(-)
--- a/drivers/tty/serial/serial-tegra.c
+++ b/drivers/tty/serial/serial-tegra.c
@@ -638,11 +638,22 @@ static void tegra_uart_copy_rx_to_tty(st
TEGRA_UART_RX_DMA_BUFFER_SIZE, DMA_TO_DEVICE);
}
+static void do_handle_rx_pio(struct tegra_uart_port *tup)
+{
+ struct tty_struct *tty = tty_port_tty_get(&tup->uport.state->port);
+ struct tty_port *port = &tup->uport.state->port;
+
+ tegra_uart_handle_rx_pio(tup, port);
+ if (tty) {
+ tty_flip_buffer_push(port);
+ tty_kref_put(tty);
+ }
+}
+
static void tegra_uart_rx_buffer_push(struct tegra_uart_port *tup,
unsigned int residue)
{
struct tty_port *port = &tup->uport.state->port;
- struct tty_struct *tty = tty_port_tty_get(port);
unsigned int count;
async_tx_ack(tup->rx_dma_desc);
@@ -651,11 +662,7 @@ static void tegra_uart_rx_buffer_push(st
/* If we are here, DMA is stopped */
tegra_uart_copy_rx_to_tty(tup, port, count);
- tegra_uart_handle_rx_pio(tup, port);
- if (tty) {
- tty_flip_buffer_push(port);
- tty_kref_put(tty);
- }
+ do_handle_rx_pio(tup);
}
static void tegra_uart_rx_dma_complete(void *args)
@@ -695,8 +702,10 @@ static void tegra_uart_terminate_rx_dma(
{
struct dma_tx_state state;
- if (!tup->rx_dma_active)
+ if (!tup->rx_dma_active) {
+ do_handle_rx_pio(tup);
return;
+ }
dmaengine_pause(tup->rx_dma_chan);
dmaengine_tx_status(tup->rx_dma_chan, tup->rx_cookie, &state);
@@ -765,18 +774,6 @@ static void tegra_uart_handle_modem_sign
uart_handle_cts_change(&tup->uport, msr & UART_MSR_CTS);
}
-static void do_handle_rx_pio(struct tegra_uart_port *tup)
-{
- struct tty_struct *tty = tty_port_tty_get(&tup->uport.state->port);
- struct tty_port *port = &tup->uport.state->port;
-
- tegra_uart_handle_rx_pio(tup, port);
- if (tty) {
- tty_flip_buffer_push(port);
- tty_kref_put(tty);
- }
-}
-
static irqreturn_t tegra_uart_isr(int irq, void *data)
{
struct tegra_uart_port *tup = data;
^ permalink raw reply [flat|nested] 529+ messages in thread
* [PATCH 4.19 517/521] pseries/eeh: Fix the kdump kernel crash during eeh_pseries_init
2023-01-16 15:44 [PATCH 4.19 000/521] 4.19.270-rc1 review Greg Kroah-Hartman
` (515 preceding siblings ...)
2023-01-16 15:52 ` [PATCH 4.19 516/521] tty: serial: tegra: Handle RX transfer in PIO mode if DMA wasnt started Greg Kroah-Hartman
@ 2023-01-16 15:52 ` Greg Kroah-Hartman
2023-01-16 15:53 ` [PATCH 4.19 518/521] ALSA: hda/realtek - Fix inverted bass GPIO pin on Acer 8951G Greg Kroah-Hartman
` (7 subsequent siblings)
524 siblings, 0 replies; 529+ messages in thread
From: Greg Kroah-Hartman @ 2023-01-16 15:52 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Mahesh Salgaonkar, Michael Ellerman
From: Mahesh Salgaonkar <mahesh@linux.ibm.com>
commit eb8257a12192f43ffd41bd90932c39dade958042 upstream.
On pseries LPAR when an empty slot is assigned to partition OR in single
LPAR mode, kdump kernel crashes during issuing PHB reset.
In the kdump scenario, we traverse all PHBs and issue reset using the
pe_config_addr of the first child device present under each PHB. However
the code assumes that none of the PHB slots can be empty and uses
list_first_entry() to get the first child device under the PHB. Since
list_first_entry() expects the list to be non-empty, it returns an
invalid pci_dn entry and ends up accessing NULL phb pointer under
pci_dn->phb causing kdump kernel crash.
This patch fixes the below kdump kernel crash by skipping empty slots:
audit: initializing netlink subsys (disabled)
thermal_sys: Registered thermal governor 'fair_share'
thermal_sys: Registered thermal governor 'step_wise'
cpuidle: using governor menu
pstore: Registered nvram as persistent store backend
Issue PHB reset ...
audit: type=2000 audit(1631267818.000:1): state=initialized audit_enabled=0 res=1
BUG: Kernel NULL pointer dereference on read at 0x00000268
Faulting instruction address: 0xc000000008101fb0
Oops: Kernel access of bad area, sig: 7 [#1]
LE PAGE_SIZE=64K MMU=Radix SMP NR_CPUS=2048 NUMA pSeries
Modules linked in:
CPU: 7 PID: 1 Comm: swapper/7 Not tainted 5.14.0 #1
NIP: c000000008101fb0 LR: c000000009284ccc CTR: c000000008029d70
REGS: c00000001161b840 TRAP: 0300 Not tainted (5.14.0)
MSR: 8000000002009033 <SF,VEC,EE,ME,IR,DR,RI,LE> CR: 28000224 XER: 20040002
CFAR: c000000008101f0c DAR: 0000000000000268 DSISR: 00080000 IRQMASK: 0
...
NIP pseries_eeh_get_pe_config_addr+0x100/0x1b0
LR __machine_initcall_pseries_eeh_pseries_init+0x2cc/0x350
Call Trace:
0xc00000001161bb80 (unreliable)
__machine_initcall_pseries_eeh_pseries_init+0x2cc/0x350
do_one_initcall+0x60/0x2d0
kernel_init_freeable+0x350/0x3f8
kernel_init+0x3c/0x17c
ret_from_kernel_thread+0x5c/0x64
Fixes: 5a090f7c363fd ("powerpc/pseries: PCIE PHB reset")
Signed-off-by: Mahesh Salgaonkar <mahesh@linux.ibm.com>
[mpe: Tweak wording and trim oops]
Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>
Link: https://lore.kernel.org/r/163215558252.413351.8600189949820258982.stgit@jupiter
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
arch/powerpc/platforms/pseries/eeh_pseries.c | 4 ++++
1 file changed, 4 insertions(+)
--- a/arch/powerpc/platforms/pseries/eeh_pseries.c
+++ b/arch/powerpc/platforms/pseries/eeh_pseries.c
@@ -957,6 +957,10 @@ static int __init eeh_pseries_init(void)
if (is_kdump_kernel() || reset_devices) {
pr_info("Issue PHB reset ...\n");
list_for_each_entry(phb, &hose_list, list_node) {
+ // Skip if the slot is empty
+ if (list_empty(&PCI_DN(phb->dn)->child_list))
+ continue;
+
pdn = list_first_entry(&PCI_DN(phb->dn)->child_list, struct pci_dn, list);
addr = (pdn->busno << 16) | (pdn->devfn << 8);
config_addr = pseries_eeh_get_config_addr(phb, addr);
^ permalink raw reply [flat|nested] 529+ messages in thread
* [PATCH 4.19 518/521] ALSA: hda/realtek - Fix inverted bass GPIO pin on Acer 8951G
2023-01-16 15:44 [PATCH 4.19 000/521] 4.19.270-rc1 review Greg Kroah-Hartman
` (516 preceding siblings ...)
2023-01-16 15:52 ` [PATCH 4.19 517/521] pseries/eeh: Fix the kdump kernel crash during eeh_pseries_init Greg Kroah-Hartman
@ 2023-01-16 15:53 ` Greg Kroah-Hartman
2023-01-16 15:53 ` [PATCH 4.19 519/521] ALSA: hda/realtek - Fixed one of HP ALC671 platform Headset Mic supported Greg Kroah-Hartman
` (6 subsequent siblings)
524 siblings, 0 replies; 529+ messages in thread
From: Greg Kroah-Hartman @ 2023-01-16 15:53 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Takashi Iwai,
Sergey 'Jin' Bostandzhyan
From: Takashi Iwai <tiwai@suse.de>
commit 336820c4374bc065317f247dc2bb37c0e41b64a6 upstream.
We've added the bass speaker support on Acer 8951G by the commit
00066e9733f6 ("Add Acer Aspire Ethos 8951G model quirk"), but it seems
that the GPIO pin was wrongly set: while the commit turns off the bit
to power up the amp, the actual hardware reacts other way round,
i.e. GPIO bit on = amp on.
So this patch fixes the bug, turning on the GPIO bit 0x02 as default.
Since turning on the GPIO bit can be more easily managed with
alc_setup_gpio() call, we simplify the quirk code by integrating the
GPIO setup into the existing alc662_fixup_aspire_ethos_hp() and
dropping the whole ALC669_FIXUP_ACER_ASPIRE_ETHOS_SUBWOOFER quirk.
Fixes: 00066e9733f6 ("Add Acer Aspire Ethos 8951G model quirk")
Reported-and-tested-by: Sergey 'Jin' Bostandzhyan <jin@mediatomb.cc>
Cc: <stable@vger.kernel.org>
Link: https://lore.kernel.org/r/20191128202630.6626-1-tiwai@suse.de
Signed-off-by: Takashi Iwai <tiwai@suse.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
sound/pci/hda/patch_realtek.c | 17 +++--------------
1 file changed, 3 insertions(+), 14 deletions(-)
--- a/sound/pci/hda/patch_realtek.c
+++ b/sound/pci/hda/patch_realtek.c
@@ -8539,6 +8539,8 @@ static void alc662_fixup_aspire_ethos_hp
case HDA_FIXUP_ACT_PRE_PROBE:
snd_hda_jack_detect_enable_callback(codec, 0x1b,
alc662_aspire_ethos_mute_speakers);
+ /* subwoofer needs an extra GPIO setting to become audible */
+ alc_setup_gpio(codec, 0x02);
break;
case HDA_FIXUP_ACT_INIT:
/* Make sure to start in a correct state, i.e. if
@@ -8676,7 +8678,6 @@ enum {
ALC662_FIXUP_USI_HEADSET_MODE,
ALC662_FIXUP_LENOVO_MULTI_CODECS,
ALC669_FIXUP_ACER_ASPIRE_ETHOS,
- ALC669_FIXUP_ACER_ASPIRE_ETHOS_SUBWOOFER,
ALC669_FIXUP_ACER_ASPIRE_ETHOS_HEADSET,
ALC671_FIXUP_HP_HEADSET_MIC2,
ALC662_FIXUP_ACER_X2660G_HEADSET_MODE,
@@ -9019,18 +9020,6 @@ static const struct hda_fixup alc662_fix
.type = HDA_FIXUP_FUNC,
.v.func = alc662_fixup_aspire_ethos_hp,
},
- [ALC669_FIXUP_ACER_ASPIRE_ETHOS_SUBWOOFER] = {
- .type = HDA_FIXUP_VERBS,
- /* subwoofer needs an extra GPIO setting to become audible */
- .v.verbs = (const struct hda_verb[]) {
- {0x01, AC_VERB_SET_GPIO_MASK, 0x02},
- {0x01, AC_VERB_SET_GPIO_DIRECTION, 0x02},
- {0x01, AC_VERB_SET_GPIO_DATA, 0x00},
- { }
- },
- .chained = true,
- .chain_id = ALC669_FIXUP_ACER_ASPIRE_ETHOS_HEADSET
- },
[ALC669_FIXUP_ACER_ASPIRE_ETHOS] = {
.type = HDA_FIXUP_PINS,
.v.pins = (const struct hda_pintbl[]) {
@@ -9040,7 +9029,7 @@ static const struct hda_fixup alc662_fix
{ }
},
.chained = true,
- .chain_id = ALC669_FIXUP_ACER_ASPIRE_ETHOS_SUBWOOFER
+ .chain_id = ALC669_FIXUP_ACER_ASPIRE_ETHOS_HEADSET
},
[ALC671_FIXUP_HP_HEADSET_MIC2] = {
.type = HDA_FIXUP_FUNC,
^ permalink raw reply [flat|nested] 529+ messages in thread
* [PATCH 4.19 519/521] ALSA: hda/realtek - Fixed one of HP ALC671 platform Headset Mic supported
2023-01-16 15:44 [PATCH 4.19 000/521] 4.19.270-rc1 review Greg Kroah-Hartman
` (517 preceding siblings ...)
2023-01-16 15:53 ` [PATCH 4.19 518/521] ALSA: hda/realtek - Fix inverted bass GPIO pin on Acer 8951G Greg Kroah-Hartman
@ 2023-01-16 15:53 ` Greg Kroah-Hartman
2023-01-16 15:53 ` [PATCH 4.19 520/521] powerpc/powernv/eeh: Fix oops when probing cxl devices Greg Kroah-Hartman
` (5 subsequent siblings)
524 siblings, 0 replies; 529+ messages in thread
From: Greg Kroah-Hartman @ 2023-01-16 15:53 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Kailang Yang, Takashi Iwai
From: Kailang Yang <kailang@realtek.com>
commit f2adbae0cb20c8eaf06914b2187043ea944b0aff upstream.
HP want to keep BIOS verb table for release platform.
So, it need to add 0x19 pin for quirk.
Fixes: 5af29028fd6d ("ALSA: hda/realtek - Add Headset Mic supported for HP cPC")
Signed-off-by: Kailang Yang <kailang@realtek.com>
Link: https://lore.kernel.org/r/74636ccb700a4cbda24c58a99dc430ce@realtek.com
Signed-off-by: Takashi Iwai <tiwai@suse.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
sound/pci/hda/patch_realtek.c | 1 +
1 file changed, 1 insertion(+)
--- a/sound/pci/hda/patch_realtek.c
+++ b/sound/pci/hda/patch_realtek.c
@@ -9304,6 +9304,7 @@ static const struct snd_hda_pin_quirk al
SND_HDA_PIN_QUIRK(0x10ec0671, 0x103c, "HP cPC", ALC671_FIXUP_HP_HEADSET_MIC2,
{0x14, 0x01014010},
{0x17, 0x90170150},
+ {0x19, 0x02a11060},
{0x1b, 0x01813030},
{0x21, 0x02211020}),
SND_HDA_PIN_QUIRK(0x10ec0671, 0x103c, "HP cPC", ALC671_FIXUP_HP_HEADSET_MIC2,
^ permalink raw reply [flat|nested] 529+ messages in thread
* [PATCH 4.19 520/521] powerpc/powernv/eeh: Fix oops when probing cxl devices
2023-01-16 15:44 [PATCH 4.19 000/521] 4.19.270-rc1 review Greg Kroah-Hartman
` (518 preceding siblings ...)
2023-01-16 15:53 ` [PATCH 4.19 519/521] ALSA: hda/realtek - Fixed one of HP ALC671 platform Headset Mic supported Greg Kroah-Hartman
@ 2023-01-16 15:53 ` Greg Kroah-Hartman
2023-01-16 15:53 ` [PATCH 4.19 521/521] serial: tegra: Only print FIFO error message when an error occurs Greg Kroah-Hartman
` (4 subsequent siblings)
524 siblings, 0 replies; 529+ messages in thread
From: Greg Kroah-Hartman @ 2023-01-16 15:53 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Frederic Barrat, Sam Bobroff,
Michael Ellerman
From: Frederic Barrat <fbarrat@linux.ibm.com>
commit a8a30219ba78b1abb92091102b632f8e9bbdbf03 upstream.
Recent cleanup in the way EEH support is added to a device causes a
kernel oops when the cxl driver probes a device and creates virtual
devices discovered on the FPGA:
BUG: Kernel NULL pointer dereference at 0x000000a0
Faulting instruction address: 0xc000000000048070
Oops: Kernel access of bad area, sig: 7 [#1]
...
NIP eeh_add_device_late.part.9+0x50/0x1e0
LR eeh_add_device_late.part.9+0x3c/0x1e0
Call Trace:
_dev_info+0x5c/0x6c (unreliable)
pnv_pcibios_bus_add_device+0x60/0xb0
pcibios_bus_add_device+0x40/0x60
pci_bus_add_device+0x30/0x100
pci_bus_add_devices+0x64/0xd0
cxl_pci_vphb_add+0xe0/0x130 [cxl]
cxl_probe+0x504/0x5b0 [cxl]
local_pci_probe+0x6c/0x110
work_for_cpu_fn+0x38/0x60
The root cause is that those cxl virtual devices don't have a
representation in the device tree and therefore no associated pci_dn
structure. In eeh_add_device_late(), pdn is NULL, so edev is NULL and
we oops.
We never had explicit support for EEH for those virtual devices.
Instead, EEH events are reported to the (real) pci device and handled
by the cxl driver. Which can then forward to the virtual devices and
handle dependencies. The fact that we try adding EEH support for the
virtual devices is new and a side-effect of the recent cleanup.
This patch fixes it by skipping adding EEH support on powernv for
devices which don't have a pci_dn structure.
The cxl driver doesn't create virtual devices on pseries so this patch
doesn't fix it there intentionally.
Fixes: b905f8cdca77 ("powerpc/eeh: EEH for pSeries hot plug")
Signed-off-by: Frederic Barrat <fbarrat@linux.ibm.com>
Reviewed-by: Sam Bobroff <sbobroff@linux.ibm.com>
Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>
Link: https://lore.kernel.org/r/20191016162833.22509-1-fbarrat@linux.ibm.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
arch/powerpc/platforms/powernv/eeh-powernv.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/arch/powerpc/platforms/powernv/eeh-powernv.c
+++ b/arch/powerpc/platforms/powernv/eeh-powernv.c
@@ -47,7 +47,7 @@ void pnv_pcibios_bus_add_device(struct p
{
struct pci_dn *pdn = pci_get_pdn(pdev);
- if (eeh_has_flag(EEH_FORCE_DISABLED))
+ if (!pdn || eeh_has_flag(EEH_FORCE_DISABLED))
return;
pr_debug("%s: EEH: Setting up device %s.\n", __func__, pci_name(pdev));
^ permalink raw reply [flat|nested] 529+ messages in thread
* [PATCH 4.19 521/521] serial: tegra: Only print FIFO error message when an error occurs
2023-01-16 15:44 [PATCH 4.19 000/521] 4.19.270-rc1 review Greg Kroah-Hartman
` (519 preceding siblings ...)
2023-01-16 15:53 ` [PATCH 4.19 520/521] powerpc/powernv/eeh: Fix oops when probing cxl devices Greg Kroah-Hartman
@ 2023-01-16 15:53 ` Greg Kroah-Hartman
2023-01-16 21:35 ` [PATCH 4.19 000/521] 4.19.270-rc1 review Pavel Machek
` (3 subsequent siblings)
524 siblings, 0 replies; 529+ messages in thread
From: Greg Kroah-Hartman @ 2023-01-16 15:53 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Thierry Reding, Jon Hunter
From: Jon Hunter <jonathanh@nvidia.com>
commit cc9ca4d95846cbbece48d9cd385550f8fba6a3c1 upstream.
The Tegra serial driver always prints an error message when enabling the
FIFO for devices that have support for checking the FIFO enable status.
Fix this by displaying the error message, only when an error occurs.
Finally, update the error message to make it clear that enabling the
FIFO failed and display the error code.
Fixes: 222dcdff3405 ("serial: tegra: check for FIFO mode enabled status")
Cc: <stable@vger.kernel.org>
Acked-by: Thierry Reding <treding@nvidia.com>
Signed-off-by: Jon Hunter <jonathanh@nvidia.com>
Link: https://lore.kernel.org/r/20210630125643.264264-1-jonathanh@nvidia.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/tty/serial/serial-tegra.c | 6 ++++--
1 file changed, 4 insertions(+), 2 deletions(-)
--- a/drivers/tty/serial/serial-tegra.c
+++ b/drivers/tty/serial/serial-tegra.c
@@ -991,9 +991,11 @@ static int tegra_uart_hw_init(struct teg
if (tup->cdata->fifo_mode_enable_status) {
ret = tegra_uart_wait_fifo_mode_enabled(tup);
- dev_err(tup->uport.dev, "FIFO mode not enabled\n");
- if (ret < 0)
+ if (ret < 0) {
+ dev_err(tup->uport.dev,
+ "Failed to enable FIFO mode: %d\n", ret);
return ret;
+ }
} else {
/*
* For all tegra devices (up to t210), there is a hardware
^ permalink raw reply [flat|nested] 529+ messages in thread
* Re: [PATCH 4.19 000/521] 4.19.270-rc1 review
2023-01-16 15:44 [PATCH 4.19 000/521] 4.19.270-rc1 review Greg Kroah-Hartman
` (520 preceding siblings ...)
2023-01-16 15:53 ` [PATCH 4.19 521/521] serial: tegra: Only print FIFO error message when an error occurs Greg Kroah-Hartman
@ 2023-01-16 21:35 ` Pavel Machek
2023-01-17 0:01 ` Shuah Khan
` (2 subsequent siblings)
524 siblings, 0 replies; 529+ messages in thread
From: Pavel Machek @ 2023-01-16 21:35 UTC (permalink / raw)
To: Greg Kroah-Hartman
Cc: stable, patches, linux-kernel, torvalds, akpm, linux, shuah,
patches, lkft-triage, pavel, jonathanh, f.fainelli,
sudipm.mukherjee, srw, rwarsow
[-- Attachment #1: Type: text/plain, Size: 666 bytes --]
Hi!
> This is the start of the stable review cycle for the 4.19.270 release.
> There are 521 patches in this series, all will be posted as a response
> to this one. If anyone has any issues with these being applied, please
> let me know.
CIP testing did not find any problems here:
https://gitlab.com/cip-project/cip-testing/linux-stable-rc-ci/-/tree/linux-4.19.y
Tested-by: Pavel Machek (CIP) <pavel@denx.de>
Best regards,
Pavel
--
DENX Software Engineering GmbH, Managing Director: Wolfgang Denk
HRB 165235 Munich, Office: Kirchenstr.5, D-82194 Groebenzell, Germany
[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 195 bytes --]
^ permalink raw reply [flat|nested] 529+ messages in thread
* Re: [PATCH 4.19 000/521] 4.19.270-rc1 review
2023-01-16 15:44 [PATCH 4.19 000/521] 4.19.270-rc1 review Greg Kroah-Hartman
` (521 preceding siblings ...)
2023-01-16 21:35 ` [PATCH 4.19 000/521] 4.19.270-rc1 review Pavel Machek
@ 2023-01-17 0:01 ` Shuah Khan
2023-01-17 11:10 ` Jon Hunter
2023-01-17 12:27 ` Sudip Mukherjee
524 siblings, 0 replies; 529+ messages in thread
From: Shuah Khan @ 2023-01-17 0:01 UTC (permalink / raw)
To: Greg Kroah-Hartman, stable
Cc: patches, linux-kernel, torvalds, akpm, linux, shuah, patches,
lkft-triage, pavel, jonathanh, f.fainelli, sudipm.mukherjee, srw,
rwarsow, Shuah Khan
On 1/16/23 08:44, Greg Kroah-Hartman wrote:
> This is the start of the stable review cycle for the 4.19.270 release.
> There are 521 patches in this series, all will be posted as a response
> to this one. If anyone has any issues with these being applied, please
> let me know.
>
> Responses should be made by Wed, 18 Jan 2023 15:47:28 +0000.
> Anything received after that time might be too late.
>
> The whole patch series can be found in one patch at:
> https://www.kernel.org/pub/linux/kernel/v4.x/stable-review/patch-4.19.270-rc1.gz
> or in the git tree and branch at:
> git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-4.19.y
> and the diffstat can be found below.
>
> thanks,
>
> greg k-h
>
Compiled and booted on my test system. No dmesg regressions.
Tested-by: Shuah Khan <skhan@linuxfoundation.org>
thanks,
-- Shuah
^ permalink raw reply [flat|nested] 529+ messages in thread
* Re: [PATCH 4.19 000/521] 4.19.270-rc1 review
2023-01-16 15:44 [PATCH 4.19 000/521] 4.19.270-rc1 review Greg Kroah-Hartman
` (522 preceding siblings ...)
2023-01-17 0:01 ` Shuah Khan
@ 2023-01-17 11:10 ` Jon Hunter
2023-01-17 12:27 ` Sudip Mukherjee
524 siblings, 0 replies; 529+ messages in thread
From: Jon Hunter @ 2023-01-17 11:10 UTC (permalink / raw)
To: Greg Kroah-Hartman
Cc: Greg Kroah-Hartman, patches, linux-kernel, torvalds, akpm, linux,
shuah, patches, lkft-triage, pavel, jonathanh, f.fainelli,
sudipm.mukherjee, srw, rwarsow, linux-tegra
On Mon, 16 Jan 2023 16:44:22 +0100, Greg Kroah-Hartman wrote:
> This is the start of the stable review cycle for the 4.19.270 release.
> There are 521 patches in this series, all will be posted as a response
> to this one. If anyone has any issues with these being applied, please
> let me know.
>
> Responses should be made by Wed, 18 Jan 2023 15:47:28 +0000.
> Anything received after that time might be too late.
>
> The whole patch series can be found in one patch at:
> https://www.kernel.org/pub/linux/kernel/v4.x/stable-review/patch-4.19.270-rc1.gz
> or in the git tree and branch at:
> git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-4.19.y
> and the diffstat can be found below.
>
> thanks,
>
> greg k-h
All tests passing for Tegra ...
Test results for stable-v4.19:
10 builds: 10 pass, 0 fail
22 boots: 22 pass, 0 fail
40 tests: 40 pass, 0 fail
Linux version: 4.19.270-rc1-gc75d2b5524ab
Boards tested: tegra124-jetson-tk1, tegra186-p2771-0000,
tegra194-p2972-0000, tegra20-ventana,
tegra210-p2371-2180, tegra30-cardhu-a04
Tested-by: Jon Hunter <jonathanh@nvidia.com>
Jon
^ permalink raw reply [flat|nested] 529+ messages in thread
* Re: [PATCH 4.19 000/521] 4.19.270-rc1 review
2023-01-16 15:44 [PATCH 4.19 000/521] 4.19.270-rc1 review Greg Kroah-Hartman
` (523 preceding siblings ...)
2023-01-17 11:10 ` Jon Hunter
@ 2023-01-17 12:27 ` Sudip Mukherjee
524 siblings, 0 replies; 529+ messages in thread
From: Sudip Mukherjee @ 2023-01-17 12:27 UTC (permalink / raw)
To: Greg Kroah-Hartman
Cc: stable, patches, linux-kernel, torvalds, akpm, linux, shuah,
patches, lkft-triage, pavel, jonathanh, f.fainelli, srw, rwarsow
Hi Greg,
On Mon, Jan 16, 2023 at 04:44:22PM +0100, Greg Kroah-Hartman wrote:
> This is the start of the stable review cycle for the 4.19.270 release.
> There are 521 patches in this series, all will be posted as a response
> to this one. If anyone has any issues with these being applied, please
> let me know.
>
> Responses should be made by Wed, 18 Jan 2023 15:47:28 +0000.
> Anything received after that time might be too late.
Build test (gcc version 11.3.1 20221127):
mips: 63 configs -> no failure
arm: 115 configs -> no failure
arm64: 2 configs -> no failure
x86_64: 4 configs -> no failure
alpha allmodconfig -> no failure
powerpc allmodconfig -> no failure
riscv allmodconfig -> fails
s390 allmodconfig -> no failure
xtensa allmodconfig -> no failure
Note:
riscv build fails with the error:
arch/riscv/kernel/stacktrace.c: In function 'walk_stackframe':
arch/riscv/kernel/stacktrace.c:66:36: error: 'struct pt_regs' has no member named 'epc'; did you mean 'sepc'?
66 | if (regs && (regs->epc == pc) && (frame->fp & 0x7)) {
| ^~~
Boot test:
x86_64: Booted on my test laptop. No regression.
x86_64: Booted on qemu. No regression. [1]
[1]. https://openqa.qa.codethink.co.uk/tests/2659
Tested-by: Sudip Mukherjee <sudip.mukherjee@codethink.co.uk>
--
Regards
Sudip
^ permalink raw reply [flat|nested] 529+ messages in thread
* Re: [PATCH 4.19 499/521] ext4: fix delayed allocation bug in ext4_clu_mapped for bigalloc + inline
2023-01-16 15:52 ` [PATCH 4.19 499/521] ext4: fix delayed allocation bug in ext4_clu_mapped for bigalloc + inline Greg Kroah-Hartman
@ 2023-01-19 17:40 ` Eric Whitney
2023-01-22 14:14 ` Greg Kroah-Hartman
0 siblings, 1 reply; 529+ messages in thread
From: Eric Whitney @ 2023-01-19 17:40 UTC (permalink / raw)
To: Greg Kroah-Hartman
Cc: stable, patches, Eric Whitney, Theodore Tso, stable, Sasha Levin
Hi:
I recommend not backporting this patch or the other three patches apparently
intended to support it to 4.19 stable. All these patches are related to
ext4's bigalloc feature, which was experimental as of 4.19 (expressly noted by
contemporary versions of e2fsprogs) and also suffered from a number of bugs.
A significant number of additional patches that were applied to 5.X kernels
over time would have to be backported to 4.19 for the patch below to function
correctly. It's really not worth doing that given bigalloc's experimental
status as of 4.19 and the very rare combination of the bigalloc and inline
features.
Thanks,
Eric
* Greg Kroah-Hartman <gregkh@linuxfoundation.org>:
> From: Eric Whitney <enwlinux@gmail.com>
>
> [ Upstream commit 131294c35ed6f777bd4e79d42af13b5c41bf2775 ]
>
> When converting files with inline data to extents, delayed allocations
> made on a file system created with both the bigalloc and inline options
> can result in invalid extent status cache content, incorrect reserved
> cluster counts, kernel memory leaks, and potential kernel panics.
>
> With bigalloc, the code that determines whether a block must be
> delayed allocated searches the extent tree to see if that block maps
> to a previously allocated cluster. If not, the block is delayed
> allocated, and otherwise, it isn't. However, if the inline option is
> also used, and if the file containing the block is marked as able to
> store data inline, there isn't a valid extent tree associated with
> the file. The current code in ext4_clu_mapped() calls
> ext4_find_extent() to search the non-existent tree for a previously
> allocated cluster anyway, which typically finds nothing, as desired.
> However, a side effect of the search can be to cache invalid content
> from the non-existent tree (garbage) in the extent status tree,
> including bogus entries in the pending reservation tree.
>
> To fix this, avoid searching the extent tree when allocating blocks
> for bigalloc + inline files that are being converted from inline to
> extent mapped.
>
> Signed-off-by: Eric Whitney <enwlinux@gmail.com>
> Link: https://lore.kernel.org/r/20221117152207.2424-1-enwlinux@gmail.com
> Signed-off-by: Theodore Ts'o <tytso@mit.edu>
> Cc: stable@kernel.org
> Signed-off-by: Sasha Levin <sashal@kernel.org>
> ---
> fs/ext4/extents.c | 8 ++++++++
> 1 file changed, 8 insertions(+)
>
> diff --git a/fs/ext4/extents.c b/fs/ext4/extents.c
> index 0bb772cd7f88..1ad4c8eb82c1 100644
> --- a/fs/ext4/extents.c
> +++ b/fs/ext4/extents.c
> @@ -5984,6 +5984,14 @@ int ext4_clu_mapped(struct inode *inode, ext4_lblk_t lclu)
> struct ext4_extent *extent;
> ext4_lblk_t first_lblk, first_lclu, last_lclu;
>
> + /*
> + * if data can be stored inline, the logical cluster isn't
> + * mapped - no physical clusters have been allocated, and the
> + * file has no extents
> + */
> + if (ext4_test_inode_state(inode, EXT4_STATE_MAY_INLINE_DATA))
> + return 0;
> +
> /* search for the extent closest to the first block in the cluster */
> path = ext4_find_extent(inode, EXT4_C2B(sbi, lclu), NULL, 0);
> if (IS_ERR(path)) {
> --
> 2.35.1
>
>
>
^ permalink raw reply [flat|nested] 529+ messages in thread
* Re: [PATCH 4.19 499/521] ext4: fix delayed allocation bug in ext4_clu_mapped for bigalloc + inline
2023-01-19 17:40 ` Eric Whitney
@ 2023-01-22 14:14 ` Greg Kroah-Hartman
0 siblings, 0 replies; 529+ messages in thread
From: Greg Kroah-Hartman @ 2023-01-22 14:14 UTC (permalink / raw)
To: Eric Whitney; +Cc: stable, patches, Theodore Tso, stable, Sasha Levin
On Thu, Jan 19, 2023 at 12:40:11PM -0500, Eric Whitney wrote:
> Hi:
>
> I recommend not backporting this patch or the other three patches apparently
> intended to support it to 4.19 stable. All these patches are related to
> ext4's bigalloc feature, which was experimental as of 4.19 (expressly noted by
> contemporary versions of e2fsprogs) and also suffered from a number of bugs.
> A significant number of additional patches that were applied to 5.X kernels
> over time would have to be backported to 4.19 for the patch below to function
> correctly. It's really not worth doing that given bigalloc's experimental
> status as of 4.19 and the very rare combination of the bigalloc and inline
> features.
All now reverted, thanks!
greg k-h
^ permalink raw reply [flat|nested] 529+ messages in thread
end of thread, other threads:[~2023-01-22 14:14 UTC | newest]
Thread overview: 529+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2023-01-16 15:44 [PATCH 4.19 000/521] 4.19.270-rc1 review Greg Kroah-Hartman
2023-01-16 15:44 ` [PATCH 4.19 001/521] mm/khugepaged: fix GUP-fast interaction by sending IPI Greg Kroah-Hartman
2023-01-16 15:44 ` [PATCH 4.19 002/521] mm/khugepaged: invoke MMU notifiers in shmem/file collapse paths Greg Kroah-Hartman
2023-01-16 15:44 ` [PATCH 4.19 003/521] block: unhash blkdev part inode when the part is deleted Greg Kroah-Hartman
2023-01-16 15:44 ` [PATCH 4.19 004/521] nfp: fix use-after-free in area_cache_get() Greg Kroah-Hartman
2023-01-16 15:44 ` [PATCH 4.19 005/521] ASoC: ops: Check bounds for second channel in snd_soc_put_volsw_sx() Greg Kroah-Hartman
2023-01-16 15:44 ` [PATCH 4.19 006/521] pinctrl: meditatek: Startup with the IRQs disabled Greg Kroah-Hartman
2023-01-16 15:44 ` [PATCH 4.19 007/521] can: sja1000: fix size of OCR_MODE_MASK define Greg Kroah-Hartman
2023-01-16 15:44 ` [PATCH 4.19 008/521] can: mcba_usb: Fix termination command argument Greg Kroah-Hartman
2023-01-16 15:44 ` [PATCH 4.19 009/521] ASoC: ops: Correct bounds check for second channel on SX controls Greg Kroah-Hartman
2023-01-16 15:44 ` [PATCH 4.19 010/521] perf script python: Remove explicit shebang from tests/attr.c Greg Kroah-Hartman
2023-01-16 15:44 ` [PATCH 4.19 011/521] udf: Discard preallocation before extending file with a hole Greg Kroah-Hartman
2023-01-16 15:44 ` [PATCH 4.19 012/521] udf: Fix preallocation discarding at indirect extent boundary Greg Kroah-Hartman
2023-01-16 15:44 ` [PATCH 4.19 013/521] udf: Do not bother looking for prealloc extents if i_lenExtents matches i_size Greg Kroah-Hartman
2023-01-16 15:44 ` [PATCH 4.19 014/521] udf: Fix extending file within last block Greg Kroah-Hartman
2023-01-16 15:44 ` [PATCH 4.19 015/521] usb: gadget: uvc: Prevent buffer overflow in setup handler Greg Kroah-Hartman
2023-01-16 15:44 ` [PATCH 4.19 016/521] USB: serial: option: add Quectel EM05-G modem Greg Kroah-Hartman
2023-01-16 15:44 ` [PATCH 4.19 017/521] USB: serial: cp210x: add Kamstrup RF sniffer PIDs Greg Kroah-Hartman
2023-01-16 15:44 ` [PATCH 4.19 018/521] USB: serial: f81534: fix division by zero on line-speed change Greg Kroah-Hartman
2023-01-16 15:44 ` [PATCH 4.19 019/521] igb: Initialize mailbox message for VF reset Greg Kroah-Hartman
2023-01-16 15:44 ` [PATCH 4.19 020/521] Bluetooth: L2CAP: Fix u8 overflow Greg Kroah-Hartman
2023-01-16 15:44 ` [PATCH 4.19 021/521] net: loopback: use NET_NAME_PREDICTABLE for name_assign_type Greg Kroah-Hartman
2023-01-16 15:44 ` [PATCH 4.19 022/521] usb: musb: remove extra check in musb_gadget_vbus_draw Greg Kroah-Hartman
2023-01-16 15:44 ` [PATCH 4.19 023/521] ARM: dts: qcom: apq8064: fix coresight compatible Greg Kroah-Hartman
2023-01-16 15:44 ` [PATCH 4.19 024/521] drivers: soc: ti: knav_qmss_queue: Mark knav_acc_firmwares as static Greg Kroah-Hartman
2023-01-16 15:44 ` [PATCH 4.19 025/521] arm: dts: spear600: Fix clcd interrupt Greg Kroah-Hartman
2023-01-16 15:44 ` [PATCH 4.19 026/521] soc: ti: smartreflex: Fix PM disable depth imbalance in omap_sr_probe Greg Kroah-Hartman
2023-01-16 15:44 ` [PATCH 4.19 027/521] perf: arm_dsu: Fix hotplug callback leak in dsu_pmu_init() Greg Kroah-Hartman
2023-01-16 15:44 ` [PATCH 4.19 028/521] arm64: dts: mt2712e: Fix unit_address_vs_reg warning for oscillators Greg Kroah-Hartman
2023-01-16 15:44 ` [PATCH 4.19 029/521] arm64: dts: mt2712e: Fix unit address for pinctrl node Greg Kroah-Hartman
2023-01-16 15:44 ` [PATCH 4.19 030/521] arm64: dts: mt2712-evb: Fix vproc fixed regulators unit names Greg Kroah-Hartman
2023-01-16 15:44 ` [PATCH 4.19 031/521] arm64: dts: mediatek: mt6797: Fix 26M oscillator unit name Greg Kroah-Hartman
2023-01-16 15:44 ` [PATCH 4.19 032/521] ARM: dts: dove: Fix assigned-addresses for every PCIe Root Port Greg Kroah-Hartman
2023-01-16 15:44 ` [PATCH 4.19 033/521] ARM: dts: armada-370: " Greg Kroah-Hartman
2023-01-16 15:44 ` [PATCH 4.19 034/521] ARM: dts: armada-xp: " Greg Kroah-Hartman
2023-01-16 15:44 ` [PATCH 4.19 035/521] ARM: dts: armada-375: " Greg Kroah-Hartman
2023-01-16 15:44 ` [PATCH 4.19 036/521] ARM: dts: armada-38x: " Greg Kroah-Hartman
2023-01-16 15:44 ` [PATCH 4.19 037/521] ARM: dts: armada-39x: " Greg Kroah-Hartman
2023-01-16 15:45 ` [PATCH 4.19 038/521] ARM: dts: turris-omnia: Add ethernet aliases Greg Kroah-Hartman
2023-01-16 15:45 ` [PATCH 4.19 039/521] ARM: dts: turris-omnia: Add switch port 6 node Greg Kroah-Hartman
2023-01-16 15:45 ` [PATCH 4.19 040/521] pstore/ram: Fix error return code in ramoops_probe() Greg Kroah-Hartman
2023-01-16 15:45 ` [PATCH 4.19 041/521] ARM: mmp: fix timer_read delay Greg Kroah-Hartman
2023-01-16 15:45 ` [PATCH 4.19 042/521] pstore: Avoid kcore oops by vmap()ing with VM_IOREMAP Greg Kroah-Hartman
2023-01-16 15:45 ` [PATCH 4.19 043/521] tpm/tpm_crb: Fix error message in __crb_relinquish_locality() Greg Kroah-Hartman
2023-01-16 15:45 ` [PATCH 4.19 044/521] cpuidle: dt: Return the correct numbers of parsed idle states Greg Kroah-Hartman
2023-01-16 15:45 ` [PATCH 4.19 045/521] alpha: fix syscall entry in !AUDUT_SYSCALL case Greg Kroah-Hartman
2023-01-16 15:45 ` [PATCH 4.19 046/521] fs: dont audit the capability check in simple_xattr_list() Greg Kroah-Hartman
2023-01-16 15:45 ` [PATCH 4.19 047/521] selftests/ftrace: event_triggers: wait longer for test_event_enable Greg Kroah-Hartman
2023-01-16 15:45 ` [PATCH 4.19 048/521] perf: Fix possible memleak in pmu_dev_alloc() Greg Kroah-Hartman
2023-01-16 15:45 ` [PATCH 4.19 049/521] timerqueue: Use rb_entry_safe() in timerqueue_getnext() Greg Kroah-Hartman
2023-01-16 15:45 ` [PATCH 4.19 050/521] proc: fixup uptime selftest Greg Kroah-Hartman
2023-01-16 15:45 ` [PATCH 4.19 051/521] ocfs2: fix memory leak in ocfs2_stack_glue_init() Greg Kroah-Hartman
2023-01-16 15:45 ` [PATCH 4.19 052/521] MIPS: vpe-mt: fix possible memory leak while module exiting Greg Kroah-Hartman
2023-01-16 15:45 ` [PATCH 4.19 053/521] MIPS: vpe-cmp: " Greg Kroah-Hartman
2023-01-16 15:45 ` [PATCH 4.19 054/521] PNP: fix name memory leak in pnp_alloc_dev() Greg Kroah-Hartman
2023-01-16 15:45 ` [PATCH 4.19 055/521] perf/x86/intel/uncore: Fix reference count leak in hswep_has_limit_sbox() Greg Kroah-Hartman
2023-01-16 15:45 ` [PATCH 4.19 056/521] irqchip: gic-pm: Use pm_runtime_resume_and_get() in gic_probe() Greg Kroah-Hartman
2023-01-16 15:45 ` [PATCH 4.19 057/521] cpufreq: amd_freq_sensitivity: Add missing pci_dev_put() Greg Kroah-Hartman
2023-01-16 15:45 ` [PATCH 4.19 058/521] libfs: add DEFINE_SIMPLE_ATTRIBUTE_SIGNED for signed value Greg Kroah-Hartman
2023-01-16 15:45 ` [PATCH 4.19 059/521] lib/notifier-error-inject: fix error when writing -errno to debugfs file Greg Kroah-Hartman
2023-01-16 15:45 ` [PATCH 4.19 060/521] debugfs: fix error when writing negative value to atomic_t " Greg Kroah-Hartman
2023-01-16 15:45 ` [PATCH 4.19 061/521] rapidio: fix possible name leaks when rio_add_device() fails Greg Kroah-Hartman
2023-01-16 15:45 ` [PATCH 4.19 062/521] rapidio: rio: fix possible name leak in rio_register_mport() Greg Kroah-Hartman
2023-01-16 15:45 ` [PATCH 4.19 063/521] clocksource/drivers/sh_cmt: Make sure channel clock supply is enabled Greg Kroah-Hartman
2023-01-16 15:45 ` [PATCH 4.19 064/521] ACPICA: Fix use-after-free in acpi_ut_copy_ipackage_to_ipackage() Greg Kroah-Hartman
2023-01-16 15:45 ` [PATCH 4.19 065/521] uprobes/x86: Allow to probe a NOP instruction with 0x66 prefix Greg Kroah-Hartman
2023-01-16 15:45 ` [PATCH 4.19 066/521] xen/events: only register debug interrupt for 2-level events Greg Kroah-Hartman
2023-01-16 15:45 ` [PATCH 4.19 067/521] x86/xen: Fix memory leak in xen_smp_intr_init{_pv}() Greg Kroah-Hartman
2023-01-16 15:45 ` [PATCH 4.19 068/521] x86/xen: Fix memory leak in xen_init_lock_cpu() Greg Kroah-Hartman
2023-01-16 15:45 ` [PATCH 4.19 069/521] xen/privcmd: Fix a possible warning in privcmd_ioctl_mmap_resource() Greg Kroah-Hartman
2023-01-16 15:45 ` [PATCH 4.19 070/521] PM: runtime: Improve path in rpm_idle() when no callback Greg Kroah-Hartman
2023-01-16 15:45 ` [PATCH 4.19 071/521] PM: runtime: Do not call __rpm_callback() from rpm_idle() Greg Kroah-Hartman
2023-01-16 15:45 ` [PATCH 4.19 072/521] platform/x86: mxm-wmi: fix memleak in mxm_wmi_call_mx[ds|mx]() Greg Kroah-Hartman
2023-01-16 15:45 ` [PATCH 4.19 073/521] MIPS: BCM63xx: Add check for NULL for clk in clk_enable Greg Kroah-Hartman
2023-01-16 15:45 ` [PATCH 4.19 074/521] fs: sysv: Fix sysv_nblocks() returns wrong value Greg Kroah-Hartman
2023-01-16 15:45 ` [PATCH 4.19 075/521] rapidio: fix possible UAF when kfifo_alloc() fails Greg Kroah-Hartman
2023-01-16 15:45 ` [PATCH 4.19 076/521] eventfd: change int to __u64 in eventfd_signal() ifndef CONFIG_EVENTFD Greg Kroah-Hartman
2023-01-16 15:45 ` [PATCH 4.19 077/521] relay: fix type mismatch when allocating memory in relay_create_buf() Greg Kroah-Hartman
2023-01-16 15:45 ` [PATCH 4.19 078/521] hfs: Fix OOB Write in hfs_asc2mac Greg Kroah-Hartman
2023-01-16 15:45 ` [PATCH 4.19 079/521] rapidio: devices: fix missing put_device in mport_cdev_open Greg Kroah-Hartman
2023-01-16 15:45 ` [PATCH 4.19 080/521] wifi: ath9k: hif_usb: fix memory leak of urbs in ath9k_hif_usb_dealloc_tx_urbs() Greg Kroah-Hartman
2023-01-16 15:45 ` [PATCH 4.19 081/521] wifi: ath9k: hif_usb: Fix use-after-free in ath9k_hif_usb_reg_in_cb() Greg Kroah-Hartman
2023-01-16 15:45 ` [PATCH 4.19 082/521] wifi: rtl8xxxu: Fix reading the vendor of combo chips Greg Kroah-Hartman
2023-01-16 15:45 ` [PATCH 4.19 083/521] pata_ipx4xx_cf: Fix unsigned comparison with less than zero Greg Kroah-Hartman
2023-01-16 15:45 ` [PATCH 4.19 084/521] media: i2c: ad5820: Fix error path Greg Kroah-Hartman
2023-01-16 15:45 ` [PATCH 4.19 085/521] can: kvaser_usb: do not increase tx statistics when sending error message frames Greg Kroah-Hartman
2023-01-16 15:45 ` [PATCH 4.19 086/521] can: kvaser_usb: kvaser_usb_leaf: Get capabilities from device Greg Kroah-Hartman
2023-01-16 15:45 ` [PATCH 4.19 087/521] can: kvaser_usb: kvaser_usb_leaf: Rename {leaf,usbcan}_cmd_error_event to {leaf,usbcan}_cmd_can_error_event Greg Kroah-Hartman
2023-01-16 15:45 ` [PATCH 4.19 088/521] can: kvaser_usb: kvaser_usb_leaf: Handle CMD_ERROR_EVENT Greg Kroah-Hartman
2023-01-16 15:45 ` [PATCH 4.19 089/521] can: kvaser_usb_leaf: Set Warning state even without bus errors Greg Kroah-Hartman
2023-01-16 15:45 ` [PATCH 4.19 090/521] can: kvaser_usb_leaf: Fix improved state not being reported Greg Kroah-Hartman
2023-01-16 15:45 ` [PATCH 4.19 091/521] can: kvaser_usb_leaf: Fix wrong CAN state after stopping Greg Kroah-Hartman
2023-01-16 15:45 ` [PATCH 4.19 092/521] can: kvaser_usb_leaf: Fix bogus restart events Greg Kroah-Hartman
2023-01-16 15:45 ` [PATCH 4.19 093/521] can: kvaser_usb: Add struct kvaser_usb_busparams Greg Kroah-Hartman
2023-01-16 15:45 ` [PATCH 4.19 094/521] can: kvaser_usb: Compare requested bittiming parameters with actual parameters in do_set_{,data}_bittiming Greg Kroah-Hartman
2023-01-16 15:45 ` [PATCH 4.19 095/521] spi: Update reference to struct spi_controller Greg Kroah-Hartman
2023-01-16 15:45 ` [PATCH 4.19 096/521] media: vivid: fix compose size exceed boundary Greg Kroah-Hartman
2023-01-16 15:45 ` [PATCH 4.19 097/521] mtd: Fix device name leak when register device failed in add_mtd_device() Greg Kroah-Hartman
2023-01-16 15:46 ` [PATCH 4.19 098/521] wifi: rsi: Fix handling of 802.3 EAPOL frames sent via control port Greg Kroah-Hartman
2023-01-16 15:46 ` [PATCH 4.19 099/521] media: camss: Clean up received buffers on failed start of streaming Greg Kroah-Hartman
2023-01-16 15:46 ` [PATCH 4.19 100/521] net, proc: Provide PROC_FS=n fallback for proc_create_net_single_write() Greg Kroah-Hartman
2023-01-16 15:46 ` [PATCH 4.19 101/521] drm/radeon: Add the missed acpi_put_table() to fix memory leak Greg Kroah-Hartman
2023-01-16 15:46 ` [PATCH 4.19 102/521] ASoC: pxa: fix null-pointer dereference in filter() Greg Kroah-Hartman
2023-01-16 15:46 ` [PATCH 4.19 103/521] regulator: core: fix unbalanced of node refcount in regulator_dev_lookup() Greg Kroah-Hartman
2023-01-16 15:46 ` [PATCH 4.19 104/521] ima: Fix misuse of dereference of pointer in template_desc_init_fields() Greg Kroah-Hartman
2023-01-16 15:46 ` [PATCH 4.19 105/521] wifi: ath10k: Fix return value in ath10k_pci_init() Greg Kroah-Hartman
2023-01-16 15:46 ` [PATCH 4.19 106/521] mtd: lpddr2_nvm: Fix possible null-ptr-deref Greg Kroah-Hartman
2023-01-16 15:46 ` [PATCH 4.19 107/521] Input: elants_i2c - properly handle the reset GPIO when power is off Greg Kroah-Hartman
2023-01-16 15:46 ` [PATCH 4.19 108/521] media: solo6x10: fix possible memory leak in solo_sysfs_init() Greg Kroah-Hartman
2023-01-16 15:46 ` [PATCH 4.19 109/521] media: platform: exynos4-is: Fix error handling in fimc_md_init() Greg Kroah-Hartman
2023-01-16 15:46 ` [PATCH 4.19 110/521] HID: hid-sensor-custom: set fixed size for custom attributes Greg Kroah-Hartman
2023-01-16 15:46 ` [PATCH 4.19 111/521] ALSA: seq: fix undefined behavior in bit shift for SNDRV_SEQ_FILTER_USE_EVENT Greg Kroah-Hartman
2023-01-16 15:46 ` [PATCH 4.19 112/521] clk: rockchip: Fix memory leak in rockchip_clk_register_pll() Greg Kroah-Hartman
2023-01-16 15:46 ` [PATCH 4.19 113/521] bonding: Export skip slave logic to function Greg Kroah-Hartman
2023-01-16 15:46 ` [PATCH 4.19 114/521] mtd: maps: pxa2xx-flash: fix memory leak in probe Greg Kroah-Hartman
2023-01-16 15:46 ` [PATCH 4.19 115/521] drbd: remove call to memset before free device/resource/connection Greg Kroah-Hartman
2023-01-16 15:46 ` [PATCH 4.19 116/521] media: imon: fix a race condition in send_packet() Greg Kroah-Hartman
2023-01-16 15:46 ` [PATCH 4.19 117/521] pinctrl: pinconf-generic: add missing of_node_put() Greg Kroah-Hartman
2023-01-16 15:46 ` [PATCH 4.19 118/521] media: dvb-core: Fix ignored return value in dvb_register_frontend() Greg Kroah-Hartman
2023-01-16 15:46 ` [PATCH 4.19 119/521] media: dvb-usb: az6027: fix null-ptr-deref in az6027_i2c_xfer() Greg Kroah-Hartman
2023-01-16 15:46 ` [PATCH 4.19 120/521] media: s5p-mfc: Add variant data for MFC v7 hardware for Exynos 3250 SoC Greg Kroah-Hartman
2023-01-16 15:46 ` [PATCH 4.19 121/521] drm/tegra: Add missing clk_disable_unprepare() in tegra_dc_probe() Greg Kroah-Hartman
2023-01-16 15:46 ` [PATCH 4.19 122/521] NFSv4.2: Fix a memory stomp in decode_attr_security_label Greg Kroah-Hartman
2023-01-16 15:46 ` [PATCH 4.19 123/521] NFSv4: Fix a deadlock between nfs4_open_recover_helper() and delegreturn Greg Kroah-Hartman
2023-01-16 15:46 ` [PATCH 4.19 124/521] ALSA: asihpi: fix missing pci_disable_device() Greg Kroah-Hartman
2023-01-16 15:46 ` [PATCH 4.19 125/521] drm/radeon: Fix PCI device refcount leak in radeon_atrm_get_bios() Greg Kroah-Hartman
2023-01-16 15:46 ` [PATCH 4.19 126/521] drm/amdgpu: Fix PCI device refcount leak in amdgpu_atrm_get_bios() Greg Kroah-Hartman
2023-01-16 15:46 ` [PATCH 4.19 127/521] ASoC: pcm512x: Fix PM disable depth imbalance in pcm512x_probe Greg Kroah-Hartman
2023-01-16 15:46 ` [PATCH 4.19 128/521] bonding: uninitialized variable in bond_miimon_inspect() Greg Kroah-Hartman
2023-01-16 15:46 ` [PATCH 4.19 129/521] wifi: mac80211: fix memory leak in ieee80211_if_add() Greg Kroah-Hartman
2023-01-16 15:46 ` [PATCH 4.19 130/521] wifi: cfg80211: Fix not unregister reg_pdev when load_builtin_regdb_keys() fails Greg Kroah-Hartman
2023-01-16 15:46 ` [PATCH 4.19 131/521] regulator: core: fix module refcount leak in set_supply() Greg Kroah-Hartman
2023-01-16 15:46 ` [PATCH 4.19 132/521] media: saa7164: fix missing pci_disable_device() Greg Kroah-Hartman
2023-01-16 15:46 ` [PATCH 4.19 133/521] ALSA: mts64: fix possible null-ptr-defer in snd_mts64_interrupt Greg Kroah-Hartman
2023-01-16 15:46 ` [PATCH 4.19 134/521] SUNRPC: Fix missing release socket in rpc_sockname() Greg Kroah-Hartman
2023-01-16 15:46 ` [PATCH 4.19 135/521] NFSv4.x: Fail client initialisation if state manager thread cant run Greg Kroah-Hartman
2023-01-16 15:46 ` [PATCH 4.19 136/521] mmc: moxart: fix return value check of mmc_add_host() Greg Kroah-Hartman
2023-01-16 15:46 ` [PATCH 4.19 137/521] mmc: mxcmmc: " Greg Kroah-Hartman
2023-01-16 15:46 ` [PATCH 4.19 138/521] mmc: rtsx_usb_sdmmc: " Greg Kroah-Hartman
2023-01-16 15:46 ` [PATCH 4.19 139/521] mmc: toshsd: " Greg Kroah-Hartman
2023-01-16 15:46 ` [PATCH 4.19 140/521] mmc: vub300: " Greg Kroah-Hartman
2023-01-16 15:46 ` [PATCH 4.19 141/521] mmc: wmt-sdmmc: " Greg Kroah-Hartman
2023-01-16 15:46 ` [PATCH 4.19 142/521] mmc: atmel-mci: " Greg Kroah-Hartman
2023-01-16 15:46 ` [PATCH 4.19 143/521] mmc: meson-gx: " Greg Kroah-Hartman
2023-01-16 15:46 ` [PATCH 4.19 144/521] mmc: via-sdmmc: " Greg Kroah-Hartman
2023-01-16 15:46 ` [PATCH 4.19 145/521] mmc: wbsd: " Greg Kroah-Hartman
2023-01-16 15:46 ` [PATCH 4.19 146/521] mmc: mmci: " Greg Kroah-Hartman
2023-01-16 15:46 ` [PATCH 4.19 147/521] media: c8sectpfe: Add of_node_put() when breaking out of loop Greg Kroah-Hartman
2023-01-16 15:46 ` [PATCH 4.19 148/521] media: coda: Add check for dcoda_iram_alloc Greg Kroah-Hartman
2023-01-16 15:46 ` [PATCH 4.19 149/521] media: coda: Add check for kmalloc Greg Kroah-Hartman
2023-01-16 15:46 ` [PATCH 4.19 150/521] clk: samsung: Fix memory leak in _samsung_clk_register_pll() Greg Kroah-Hartman
2023-01-16 15:46 ` [PATCH 4.19 151/521] wifi: rtl8xxxu: Add __packed to struct rtl8723bu_c2h Greg Kroah-Hartman
2023-01-16 15:46 ` [PATCH 4.19 152/521] rtl8xxxu: add enumeration for channel bandwidth Greg Kroah-Hartman
2023-01-16 15:46 ` [PATCH 4.19 153/521] wifi: brcmfmac: Fix error return code in brcmf_sdio_download_firmware() Greg Kroah-Hartman
2023-01-16 15:46 ` [PATCH 4.19 154/521] blktrace: Fix output non-blktrace event when blk_classic option enabled Greg Kroah-Hartman
2023-01-16 15:46 ` [PATCH 4.19 155/521] clk: socfpga: clk-pll: Remove unused variable rc Greg Kroah-Hartman
2023-01-16 15:46 ` [PATCH 4.19 156/521] clk: socfpga: use clk_hw_register for a5/c5 Greg Kroah-Hartman
2023-01-16 15:46 ` [PATCH 4.19 157/521] net: vmw_vsock: vmci: Check memcpy_from_msg() Greg Kroah-Hartman
2023-01-16 15:47 ` [PATCH 4.19 158/521] net: defxx: Fix missing err handling in dfx_init() Greg Kroah-Hartman
2023-01-16 15:47 ` [PATCH 4.19 159/521] drivers: net: qlcnic: Fix potential memory leak in qlcnic_sriov_init() Greg Kroah-Hartman
2023-01-16 15:47 ` [PATCH 4.19 160/521] ethernet: s2io: dont call dev_kfree_skb() under spin_lock_irqsave() Greg Kroah-Hartman
2023-01-16 15:47 ` [PATCH 4.19 161/521] net: farsync: Fix kmemleak when rmmods farsync Greg Kroah-Hartman
2023-01-16 15:47 ` [PATCH 4.19 162/521] net/tunnel: wait until all sk_user_data reader finish before releasing the sock Greg Kroah-Hartman
2023-01-16 15:47 ` [PATCH 4.19 163/521] net: apple: mace: dont call dev_kfree_skb() under spin_lock_irqsave() Greg Kroah-Hartman
2023-01-16 15:47 ` [PATCH 4.19 164/521] net: apple: bmac: " Greg Kroah-Hartman
2023-01-16 15:47 ` [PATCH 4.19 165/521] net: emaclite: " Greg Kroah-Hartman
2023-01-16 15:47 ` [PATCH 4.19 166/521] net: ethernet: dnet: " Greg Kroah-Hartman
2023-01-16 15:47 ` [PATCH 4.19 167/521] hamradio: " Greg Kroah-Hartman
2023-01-16 15:47 ` [PATCH 4.19 168/521] net: amd: lance: " Greg Kroah-Hartman
2023-01-16 15:47 ` [PATCH 4.19 169/521] net: amd-xgbe: Fix logic around active and passive cables Greg Kroah-Hartman
2023-01-16 15:47 ` [PATCH 4.19 170/521] net: amd-xgbe: Check only the minimum speed for active/passive cables Greg Kroah-Hartman
2023-01-16 15:47 ` [PATCH 4.19 171/521] net: lan9303: Fix read error execution path Greg Kroah-Hartman
2023-01-16 15:47 ` [PATCH 4.19 172/521] ntb_netdev: Use dev_kfree_skb_any() in interrupt context Greg Kroah-Hartman
2023-01-16 15:47 ` [PATCH 4.19 173/521] Bluetooth: btusb: dont call kfree_skb() under spin_lock_irqsave() Greg Kroah-Hartman
2023-01-16 15:47 ` [PATCH 4.19 174/521] Bluetooth: hci_qca: " Greg Kroah-Hartman
2023-01-16 15:47 ` [PATCH 4.19 175/521] Bluetooth: hci_h5: " Greg Kroah-Hartman
2023-01-16 15:47 ` [PATCH 4.19 176/521] Bluetooth: hci_bcsp: " Greg Kroah-Hartman
2023-01-16 15:47 ` [PATCH 4.19 177/521] Bluetooth: hci_core: " Greg Kroah-Hartman
2023-01-16 15:47 ` [PATCH 4.19 178/521] Bluetooth: RFCOMM: " Greg Kroah-Hartman
2023-01-16 15:47 ` [PATCH 4.19 179/521] stmmac: fix potential division by 0 Greg Kroah-Hartman
2023-01-16 15:47 ` [PATCH 4.19 180/521] apparmor: fix a memleak in multi_transaction_new() Greg Kroah-Hartman
2023-01-16 15:47 ` [PATCH 4.19 181/521] apparmor: fix lockdep warning when removing a namespace Greg Kroah-Hartman
2023-01-16 15:47 ` [PATCH 4.19 182/521] apparmor: Fix abi check to include v8 abi Greg Kroah-Hartman
2023-01-16 15:47 ` [PATCH 4.19 183/521] f2fs: fix normal discard process Greg Kroah-Hartman
2023-01-16 15:47 ` [PATCH 4.19 184/521] RDMA/nldev: Return "-EAGAIN" if the cm_id isnt from expected port Greg Kroah-Hartman
2023-01-16 15:47 ` [PATCH 4.19 185/521] scsi: scsi_debug: Fix a warning in resp_write_scat() Greg Kroah-Hartman
2023-01-16 15:47 ` [PATCH 4.19 186/521] PCI: Check for alloc failure in pci_request_irq() Greg Kroah-Hartman
2023-01-16 15:47 ` [PATCH 4.19 187/521] RDMA/hfi: Decrease PCI device reference count in error path Greg Kroah-Hartman
2023-01-16 15:47 ` [PATCH 4.19 188/521] crypto: ccree - Make cc_debugfs_global_fini() available for module init function Greg Kroah-Hartman
2023-01-16 15:47 ` [PATCH 4.19 189/521] RDMA/rxe: Fix NULL-ptr-deref in rxe_qp_do_cleanup() when socket create failed Greg Kroah-Hartman
2023-01-16 15:47 ` [PATCH 4.19 190/521] scsi: hpsa: use local workqueues instead of system workqueues Greg Kroah-Hartman
2023-01-16 15:47 ` [PATCH 4.19 191/521] scsi: hpsa: Fix possible memory leak in hpsa_init_one() Greg Kroah-Hartman
2023-01-16 15:47 ` [PATCH 4.19 192/521] crypto: tcrypt - Fix multibuffer skcipher speed test mem leak Greg Kroah-Hartman
2023-01-16 15:47 ` [PATCH 4.19 193/521] scsi: mpt3sas: Add ioc_<level> logging macros Greg Kroah-Hartman
2023-01-16 15:47 ` [PATCH 4.19 194/521] scsi: mpt3sas: Convert uses of pr_<level> with MPT3SAS_FMT to ioc_<level> Greg Kroah-Hartman
2023-01-16 15:47 ` [PATCH 4.19 195/521] scsi: mpt3sas: Fix possible resource leaks in mpt3sas_transport_port_add() Greg Kroah-Hartman
2023-01-16 15:47 ` [PATCH 4.19 196/521] scsi: hpsa: Fix error handling in hpsa_add_sas_host() Greg Kroah-Hartman
2023-01-16 15:47 ` [PATCH 4.19 197/521] scsi: hpsa: Fix possible memory leak in hpsa_add_sas_device() Greg Kroah-Hartman
2023-01-16 15:47 ` [PATCH 4.19 198/521] scsi: fcoe: Fix possible name leak when device_register() fails Greg Kroah-Hartman
2023-01-16 15:47 ` [PATCH 4.19 199/521] scsi: ipr: Fix WARNING in ipr_init() Greg Kroah-Hartman
2023-01-16 15:47 ` [PATCH 4.19 200/521] scsi: fcoe: Fix transport not deattached when fcoe_if_init() fails Greg Kroah-Hartman
2023-01-16 15:47 ` [PATCH 4.19 201/521] scsi: snic: Fix possible UAF in snic_tgt_create() Greg Kroah-Hartman
2023-01-16 15:47 ` [PATCH 4.19 202/521] RDMA/hfi1: Fix error return code in parse_platform_config() Greg Kroah-Hartman
2023-01-16 15:47 ` [PATCH 4.19 203/521] orangefs: Fix sysfs not cleanup when dev init failed Greg Kroah-Hartman
2023-01-16 15:47 ` [PATCH 4.19 204/521] crypto: img-hash - Fix variable dereferenced before check hdev->req Greg Kroah-Hartman
2023-01-16 15:47 ` [PATCH 4.19 205/521] hwrng: amd - Fix PCI device refcount leak Greg Kroah-Hartman
2023-01-16 15:47 ` [PATCH 4.19 206/521] hwrng: geode " Greg Kroah-Hartman
2023-01-16 15:47 ` [PATCH 4.19 207/521] IB/IPoIB: Fix queue count inconsistency for PKEY child interfaces Greg Kroah-Hartman
2023-01-16 15:47 ` [PATCH 4.19 208/521] drivers: dio: fix possible memory leak in dio_init() Greg Kroah-Hartman
2023-01-16 15:47 ` [PATCH 4.19 209/521] serial: tegra: avoid reg access when clk disabled Greg Kroah-Hartman
2023-01-16 15:47 ` [PATCH 4.19 210/521] serial: tegra: check for FIFO mode enabled status Greg Kroah-Hartman
2023-01-16 15:47 ` [PATCH 4.19 211/521] serial: tegra: set maximum num of uart ports to 8 Greg Kroah-Hartman
2023-01-16 15:47 ` [PATCH 4.19 212/521] serial: tegra: add support to use 8 bytes trigger Greg Kroah-Hartman
2023-01-16 15:47 ` [PATCH 4.19 213/521] serial: tegra: add support to adjust baud rate Greg Kroah-Hartman
2023-01-16 15:47 ` [PATCH 4.19 214/521] serial: tegra: report clk rate errors Greg Kroah-Hartman
2023-01-16 15:47 ` [PATCH 4.19 215/521] serial: tegra: Add PIO mode support Greg Kroah-Hartman
2023-01-16 15:47 ` [PATCH 4.19 216/521] tty: serial: tegra: Activate RX DMA transfer by request Greg Kroah-Hartman
2023-01-16 15:47 ` [PATCH 4.19 217/521] serial: tegra: Read DMA status before terminating Greg Kroah-Hartman
2023-01-16 15:48 ` [PATCH 4.19 218/521] class: fix possible memory leak in __class_register() Greg Kroah-Hartman
2023-01-16 15:48 ` [PATCH 4.19 219/521] vfio: platform: Do not pass return buffer to ACPI _RST method Greg Kroah-Hartman
2023-01-16 15:48 ` [PATCH 4.19 220/521] uio: uio_dmem_genirq: Fix missing unlock in irq configuration Greg Kroah-Hartman
2023-01-16 15:48 ` [PATCH 4.19 221/521] uio: uio_dmem_genirq: Fix deadlock between irq config and handling Greg Kroah-Hartman
2023-01-16 15:48 ` [PATCH 4.19 222/521] usb: fotg210-udc: Fix ages old endianness issues Greg Kroah-Hartman
2023-01-16 15:48 ` [PATCH 4.19 223/521] staging: vme_user: Fix possible UAF in tsi148_dma_list_add Greg Kroah-Hartman
2023-01-16 15:48 ` [PATCH 4.19 224/521] usb: typec: Check for ops->exit instead of ops->enter in altmode_exit Greg Kroah-Hartman
2023-01-16 15:48 ` [PATCH 4.19 225/521] serial: amba-pl011: avoid SBSA UART accessing DMACR register Greg Kroah-Hartman
2023-01-16 15:48 ` [PATCH 4.19 226/521] serial: pl011: Do not clear RX FIFO & RX interrupt in unthrottle Greg Kroah-Hartman
2023-01-16 15:48 ` [PATCH 4.19 227/521] serial: pch: Fix PCI device refcount leak in pch_request_dma() Greg Kroah-Hartman
2023-01-16 15:48 ` [PATCH 4.19 228/521] tty: serial: clean up stop-tx part in altera_uart_tx_chars() Greg Kroah-Hartman
2023-01-16 15:48 ` [PATCH 4.19 229/521] tty: serial: altera_uart_{r,t}x_chars() need only uart_port Greg Kroah-Hartman
2023-01-16 15:48 ` [PATCH 4.19 230/521] serial: altera_uart: fix locking in polling mode Greg Kroah-Hartman
2023-01-16 15:48 ` [PATCH 4.19 231/521] serial: sunsab: Fix error handling in sunsab_init() Greg Kroah-Hartman
2023-01-16 15:48 ` [PATCH 4.19 232/521] test_firmware: fix memory leak in test_firmware_init() Greg Kroah-Hartman
2023-01-16 15:48 ` [PATCH 4.19 233/521] misc: tifm: fix possible memory leak in tifm_7xx1_switch_media() Greg Kroah-Hartman
2023-01-16 15:48 ` [PATCH 4.19 234/521] misc: sgi-gru: fix use-after-free error in gru_set_context_option, gru_fault and gru_handle_user_call_os Greg Kroah-Hartman
2023-01-16 15:48 ` [PATCH 4.19 235/521] cxl: fix possible null-ptr-deref in cxl_guest_init_afu|adapter() Greg Kroah-Hartman
2023-01-16 15:48 ` [PATCH 4.19 236/521] cxl: fix possible null-ptr-deref in cxl_pci_init_afu|adapter() Greg Kroah-Hartman
2023-01-16 15:48 ` [PATCH 4.19 237/521] usb: gadget: f_hid: optional SETUP/SET_REPORT mode Greg Kroah-Hartman
2023-01-16 15:48 ` [PATCH 4.19 238/521] usb: gadget: f_hid: fix f_hidg lifetime vs cdev Greg Kroah-Hartman
2023-01-16 15:48 ` [PATCH 4.19 239/521] usb: gadget: f_hid: fix refcount leak on error path Greg Kroah-Hartman
2023-01-16 15:48 ` [PATCH 4.19 240/521] drivers: mcb: fix resource leak in mcb_probe() Greg Kroah-Hartman
2023-01-16 15:48 ` [PATCH 4.19 241/521] mcb: mcb-parse: fix error handing in chameleon_parse_gdd() Greg Kroah-Hartman
2023-01-16 15:48 ` [PATCH 4.19 242/521] chardev: fix error handling in cdev_device_add() Greg Kroah-Hartman
2023-01-16 15:48 ` [PATCH 4.19 243/521] i2c: pxa-pci: fix missing pci_disable_device() on error in ce4100_i2c_probe Greg Kroah-Hartman
2023-01-16 15:48 ` [PATCH 4.19 244/521] staging: rtl8192u: Fix use after free in ieee80211_rx() Greg Kroah-Hartman
2023-01-16 15:48 ` [PATCH 4.19 245/521] staging: rtl8192e: Fix potential use-after-free in rtllib_rx_Monitor() Greg Kroah-Hartman
2023-01-16 15:48 ` [PATCH 4.19 246/521] vme: Fix error not catched in fake_init() Greg Kroah-Hartman
2023-01-16 15:48 ` [PATCH 4.19 247/521] drivers: provide devm_platform_ioremap_resource() Greg Kroah-Hartman
2023-01-16 15:48 ` [PATCH 4.19 248/521] drivers: provide devm_platform_get_and_ioremap_resource() Greg Kroah-Hartman
2023-01-16 15:48 ` [PATCH 4.19 249/521] i2c: mux: reg: check return value after calling platform_get_resource() Greg Kroah-Hartman
2023-01-16 15:48 ` [PATCH 4.19 250/521] i2c: ismt: Fix an out-of-bounds bug in ismt_access() Greg Kroah-Hartman
2023-01-16 15:48 ` [PATCH 4.19 251/521] usb: storage: Add check for kcalloc Greg Kroah-Hartman
2023-01-16 15:48 ` [PATCH 4.19 252/521] tracing/hist: Fix issue of losting command info in error_log Greg Kroah-Hartman
2023-01-16 15:48 ` [PATCH 4.19 253/521] samples: vfio-mdev: Fix missing pci_disable_device() in mdpy_fb_probe() Greg Kroah-Hartman
2023-01-16 15:48 ` [PATCH 4.19 254/521] fbdev: ssd1307fb: Drop optional dependency Greg Kroah-Hartman
2023-01-16 15:48 ` [PATCH 4.19 255/521] fbdev: pm2fb: fix missing pci_disable_device() Greg Kroah-Hartman
2023-01-16 15:48 ` [PATCH 4.19 256/521] fbdev: via: Fix error in via_core_init() Greg Kroah-Hartman
2023-01-16 15:48 ` [PATCH 4.19 257/521] fbdev: vermilion: decrease reference count in error path Greg Kroah-Hartman
2023-01-16 15:48 ` [PATCH 4.19 258/521] fbdev: uvesafb: Fixes an error handling path in uvesafb_probe() Greg Kroah-Hartman
2023-01-16 15:48 ` [PATCH 4.19 259/521] HSI: omap_ssi_core: fix unbalanced pm_runtime_disable() Greg Kroah-Hartman
2023-01-16 15:48 ` [PATCH 4.19 260/521] HSI: omap_ssi_core: fix possible memory leak in ssi_probe() Greg Kroah-Hartman
2023-01-16 15:48 ` [PATCH 4.19 261/521] power: supply: fix residue sysfs file in error handle route of __power_supply_register() Greg Kroah-Hartman
2023-01-16 15:48 ` [PATCH 4.19 262/521] perf symbol: correction while adjusting symbol Greg Kroah-Hartman
2023-01-16 15:48 ` [PATCH 4.19 263/521] HSI: omap_ssi_core: Fix error handling in ssi_init() Greg Kroah-Hartman
2023-01-16 15:48 ` [PATCH 4.19 264/521] include/uapi/linux/swab: Fix potentially missing __always_inline Greg Kroah-Hartman
2023-01-16 15:48 ` [PATCH 4.19 265/521] rtc: cmos: Refactor code by using the new dmi_get_bios_year() helper Greg Kroah-Hartman
2023-01-16 15:48 ` [PATCH 4.19 266/521] rtc: rtc-cmos: Do not check ACPI_FADT_LOW_POWER_S0 Greg Kroah-Hartman
2023-01-16 15:48 ` [PATCH 4.19 267/521] rtc: cmos: Fix event handler registration ordering issue Greg Kroah-Hartman
2023-01-16 15:48 ` [PATCH 4.19 268/521] rtc: cmos: Fix wake alarm breakage Greg Kroah-Hartman
2023-01-16 15:48 ` [PATCH 4.19 269/521] rtc: cmos: fix build on non-ACPI platforms Greg Kroah-Hartman
2023-01-16 15:48 ` [PATCH 4.19 270/521] rtc: cmos: Call cmos_wake_setup() from cmos_do_probe() Greg Kroah-Hartman
2023-01-16 15:48 ` [PATCH 4.19 271/521] rtc: cmos: Call rtc_wake_setup() " Greg Kroah-Hartman
2023-01-16 15:48 ` [PATCH 4.19 272/521] rtc: cmos: Eliminate forward declarations of some functions Greg Kroah-Hartman
2023-01-16 15:48 ` [PATCH 4.19 273/521] rtc: cmos: Rename ACPI-related functions Greg Kroah-Hartman
2023-01-16 15:48 ` [PATCH 4.19 274/521] rtc: cmos: Disable ACPI RTC event on removal Greg Kroah-Hartman
2023-01-16 15:48 ` [PATCH 4.19 275/521] rtc: snvs: Allow a time difference on clock register read Greg Kroah-Hartman
2023-01-16 15:48 ` [PATCH 4.19 276/521] iommu/amd: Fix pci device refcount leak in ppr_notifier() Greg Kroah-Hartman
2023-01-16 15:48 ` [PATCH 4.19 277/521] iommu/fsl_pamu: Fix resource leak in fsl_pamu_probe() Greg Kroah-Hartman
2023-01-16 15:49 ` [PATCH 4.19 278/521] macintosh: fix possible memory leak in macio_add_one_device() Greg Kroah-Hartman
2023-01-16 15:49 ` [PATCH 4.19 279/521] macintosh/macio-adb: check the return value of ioremap() Greg Kroah-Hartman
2023-01-16 15:49 ` [PATCH 4.19 280/521] powerpc/52xx: Fix a resource leak in an error handling path Greg Kroah-Hartman
2023-01-16 15:49 ` [PATCH 4.19 281/521] cxl: Fix refcount leak in cxl_calc_capp_routing Greg Kroah-Hartman
2023-01-16 15:49 ` [PATCH 4.19 282/521] powerpc/xive: add missing iounmap() in error path in xive_spapr_populate_irq_data() Greg Kroah-Hartman
2023-01-16 15:49 ` [PATCH 4.19 283/521] powerpc/perf: callchain validate kernel stack pointer bounds Greg Kroah-Hartman
2023-01-16 15:49 ` [PATCH 4.19 284/521] powerpc/83xx/mpc832x_rdb: call platform_device_put() in error case in of_fsl_spi_probe() Greg Kroah-Hartman
2023-01-16 15:49 ` [PATCH 4.19 285/521] powerpc/hv-gpci: Fix hv_gpci event list Greg Kroah-Hartman
2023-01-16 15:49 ` [PATCH 4.19 286/521] selftests/powerpc: Fix resource leaks Greg Kroah-Hartman
2023-01-16 15:49 ` [PATCH 4.19 287/521] remoteproc: qcom: Rename Hexagon v5 PAS driver Greg Kroah-Hartman
2023-01-16 15:49 ` [PATCH 4.19 288/521] remoteproc: qcom_q6v5_pas: Fix missing of_node_put() in adsp_alloc_memory_region() Greg Kroah-Hartman
2023-01-16 15:49 ` [PATCH 4.19 289/521] powerpc/eeh: Improve debug messages around device addition Greg Kroah-Hartman
2023-01-16 15:49 ` [PATCH 4.19 290/521] powerpc/eeh: EEH for pSeries hot plug Greg Kroah-Hartman
2023-01-16 15:49 ` [PATCH 4.19 291/521] powerpc/eeh: Fix pseries_eeh_configure_bridge() Greg Kroah-Hartman
2023-01-16 15:49 ` [PATCH 4.19 292/521] powerpc/pseries: PCIE PHB reset Greg Kroah-Hartman
2023-01-16 15:49 ` [PATCH 4.19 293/521] powerpc/pseries: Stop using eeh_ops->init() Greg Kroah-Hartman
2023-01-16 15:49 ` [PATCH 4.19 294/521] powerpc/eeh: Drop redundant spinlock initialization Greg Kroah-Hartman
2023-01-16 15:49 ` [PATCH 4.19 295/521] powerpc/pseries/eeh: use correct API for error log size Greg Kroah-Hartman
2023-01-16 15:49 ` [PATCH 4.19 296/521] rtc: st-lpc: Add missing clk_disable_unprepare in st_rtc_probe() Greg Kroah-Hartman
2023-01-16 15:49 ` [PATCH 4.19 297/521] nfsd: under NFSv4.1, fix double svc_xprt_put on rpc_create failure Greg Kroah-Hartman
2023-01-16 15:49 ` [PATCH 4.19 298/521] mISDN: hfcsusb: dont call dev_kfree_skb/kfree_skb() under spin_lock_irqsave() Greg Kroah-Hartman
2023-01-16 15:49 ` [PATCH 4.19 299/521] mISDN: hfcpci: " Greg Kroah-Hartman
2023-01-16 15:49 ` [PATCH 4.19 300/521] mISDN: hfcmulti: " Greg Kroah-Hartman
2023-01-16 15:49 ` [PATCH 4.19 301/521] nfc: pn533: Clear nfc_target before being used Greg Kroah-Hartman
2023-01-16 15:49 ` [PATCH 4.19 302/521] r6040: Fix kmemleak in probe and remove Greg Kroah-Hartman
2023-01-16 15:49 ` [PATCH 4.19 303/521] rtc: mxc_v2: Add missing clk_disable_unprepare() Greg Kroah-Hartman
2023-01-16 15:49 ` [PATCH 4.19 304/521] openvswitch: Fix flow lookup to use unmasked key Greg Kroah-Hartman
2023-01-16 15:49 ` [PATCH 4.19 305/521] skbuff: Account for tail adjustment during pull operations Greg Kroah-Hartman
2023-01-16 15:49 ` [PATCH 4.19 306/521] net_sched: reject TCF_EM_SIMPLE case for complex ematch module Greg Kroah-Hartman
2023-01-16 15:49 ` [PATCH 4.19 307/521] rxrpc: Fix missing unlock in rxrpc_do_sendmsg() Greg Kroah-Hartman
2023-01-16 15:49 ` [PATCH 4.19 308/521] myri10ge: Fix an error handling path in myri10ge_probe() Greg Kroah-Hartman
2023-01-16 15:49 ` [PATCH 4.19 309/521] net: stream: purge sk_error_queue in sk_stream_kill_queues() Greg Kroah-Hartman
2023-01-16 15:49 ` [PATCH 4.19 310/521] binfmt_misc: fix shift-out-of-bounds in check_special_flags Greg Kroah-Hartman
2023-01-16 15:49 ` [PATCH 4.19 311/521] fs: jfs: fix shift-out-of-bounds in dbAllocAG Greg Kroah-Hartman
2023-01-16 15:49 ` [PATCH 4.19 312/521] udf: Avoid double brelse() in udf_rename() Greg Kroah-Hartman
2023-01-16 15:49 ` [PATCH 4.19 313/521] fs: jfs: fix shift-out-of-bounds in dbDiscardAG Greg Kroah-Hartman
2023-01-16 15:49 ` [PATCH 4.19 314/521] ACPICA: Fix error code path in acpi_ds_call_control_method() Greg Kroah-Hartman
2023-01-16 15:49 ` [PATCH 4.19 315/521] nilfs2: fix shift-out-of-bounds/overflow in nilfs_sb2_bad_offset() Greg Kroah-Hartman
2023-01-16 15:49 ` [PATCH 4.19 316/521] acct: fix potential integer overflow in encode_comp_t() Greg Kroah-Hartman
2023-01-16 15:49 ` [PATCH 4.19 317/521] hfs: fix OOB Read in __hfs_brec_find Greg Kroah-Hartman
2023-01-16 15:49 ` [PATCH 4.19 318/521] wifi: ath9k: verify the expected usb_endpoints are present Greg Kroah-Hartman
2023-01-16 15:49 ` [PATCH 4.19 319/521] wifi: ar5523: Fix use-after-free on ar5523_cmd() timed out Greg Kroah-Hartman
2023-01-16 15:49 ` [PATCH 4.19 320/521] ASoC: codecs: rt298: Add quirk for KBL-R RVP platform Greg Kroah-Hartman
2023-01-16 15:49 ` [PATCH 4.19 321/521] ipmi: fix memleak when unload ipmi driver Greg Kroah-Hartman
2023-01-16 15:49 ` [PATCH 4.19 322/521] bpf: make sure skb->len != 0 when redirecting to a tunneling device Greg Kroah-Hartman
2023-01-16 15:49 ` [PATCH 4.19 323/521] net: ethernet: ti: Fix return type of netcp_ndo_start_xmit() Greg Kroah-Hartman
2023-01-16 15:49 ` [PATCH 4.19 324/521] hamradio: baycom_epp: Fix return type of baycom_send_packet() Greg Kroah-Hartman
2023-01-16 15:49 ` [PATCH 4.19 325/521] wifi: brcmfmac: Fix potential shift-out-of-bounds in brcmf_fw_alloc_request() Greg Kroah-Hartman
2023-01-16 15:49 ` [PATCH 4.19 326/521] igb: Do not free q_vector unless new one was allocated Greg Kroah-Hartman
2023-01-16 15:49 ` [Intel-wired-lan] " Greg Kroah-Hartman
2023-01-16 15:49 ` [PATCH 4.19 327/521] drm/amdgpu: Fix type of second parameter in trans_msg() callback Greg Kroah-Hartman
2023-01-16 15:49 ` [PATCH 4.19 328/521] s390/ctcm: Fix return type of ctc{mp,}m_tx() Greg Kroah-Hartman
2023-01-16 15:49 ` [PATCH 4.19 329/521] s390/netiucv: Fix return type of netiucv_tx() Greg Kroah-Hartman
2023-01-16 15:49 ` [PATCH 4.19 330/521] s390/lcs: Fix return type of lcs_start_xmit() Greg Kroah-Hartman
2023-01-16 15:49 ` [PATCH 4.19 331/521] drm/sti: Use drm_mode_copy() Greg Kroah-Hartman
2023-01-16 15:49 ` [PATCH 4.19 332/521] drivers/md/md-bitmap: check the return value of md_bitmap_get_counter() Greg Kroah-Hartman
2023-01-16 15:49 ` [PATCH 4.19 333/521] md/raid1: stop mdx_raid1 thread when raid1 array run failed Greg Kroah-Hartman
2023-01-16 15:49 ` [PATCH 4.19 334/521] mrp: introduce active flags to prevent UAF when applicant uninit Greg Kroah-Hartman
2023-01-16 15:49 ` [PATCH 4.19 335/521] ppp: associate skb with a device at tx Greg Kroah-Hartman
2023-01-16 15:49 ` [PATCH 4.19 336/521] media: dvb-frontends: fix leak of memory fw Greg Kroah-Hartman
2023-01-16 15:49 ` [PATCH 4.19 337/521] media: dvbdev: adopts refcnt to avoid UAF Greg Kroah-Hartman
2023-01-16 15:50 ` [PATCH 4.19 338/521] media: dvb-usb: fix memory leak in dvb_usb_adapter_init() Greg Kroah-Hartman
2023-01-16 15:50 ` [PATCH 4.19 339/521] blk-mq: fix possible memleak when register hctx failed Greg Kroah-Hartman
2023-01-16 15:50 ` [PATCH 4.19 340/521] regulator: core: fix use_count leakage when handling boot-on Greg Kroah-Hartman
2023-01-16 15:50 ` [PATCH 4.19 341/521] mmc: f-sdh30: Add quirks for broken timeout clock capability Greg Kroah-Hartman
2023-01-16 15:50 ` [PATCH 4.19 342/521] media: si470x: Fix use-after-free in si470x_int_in_callback() Greg Kroah-Hartman
2023-01-16 15:50 ` [PATCH 4.19 343/521] clk: st: Fix memory leak in st_of_quadfs_setup() Greg Kroah-Hartman
2023-01-16 15:50 ` [PATCH 4.19 344/521] drm/fsl-dcu: Fix return type of fsl_dcu_drm_connector_mode_valid() Greg Kroah-Hartman
2023-01-16 15:50 ` [PATCH 4.19 345/521] drm/sti: Fix return type of sti_{dvo,hda,hdmi}_connector_mode_valid() Greg Kroah-Hartman
2023-01-16 15:50 ` [PATCH 4.19 346/521] orangefs: Fix kmemleak in orangefs_prepare_debugfs_help_string() Greg Kroah-Hartman
2023-01-16 15:50 ` [PATCH 4.19 347/521] ASoC: mediatek: mt8173-rt5650-rt5514: fix refcount leak in mt8173_rt5650_rt5514_dev_probe() Greg Kroah-Hartman
2023-01-16 15:50 ` [PATCH 4.19 348/521] ASoC: rockchip: pdm: Add missing clk_disable_unprepare() in rockchip_pdm_runtime_resume() Greg Kroah-Hartman
2023-01-16 15:50 ` [PATCH 4.19 349/521] ASoC: wm8994: Fix potential deadlock Greg Kroah-Hartman
2023-01-16 15:50 ` [PATCH 4.19 350/521] ASoC: rockchip: spdif: Add missing clk_disable_unprepare() in rk_spdif_runtime_resume() Greg Kroah-Hartman
2023-01-16 15:50 ` [PATCH 4.19 351/521] ASoC: rt5670: Remove unbalanced pm_runtime_put() Greg Kroah-Hartman
2023-01-16 15:50 ` [PATCH 4.19 352/521] pstore: Switch pmsg_lock to an rt_mutex to avoid priority inversion Greg Kroah-Hartman
2023-01-16 15:50 ` [PATCH 4.19 353/521] perf debug: Set debug_peo_args and redirect_to_stderr variable to correct values in perf_quiet_option() Greg Kroah-Hartman
2023-01-16 15:50 ` [PATCH 4.19 354/521] pstore: Make sure CONFIG_PSTORE_PMSG selects CONFIG_RT_MUTEXES Greg Kroah-Hartman
2023-01-16 15:50 ` [PATCH 4.19 355/521] usb: dwc3: core: defer probe on ulpi_read_id timeout Greg Kroah-Hartman
2023-01-16 15:50 ` [PATCH 4.19 356/521] HID: wacom: Ensure bootloader PID is usable in hidraw mode Greg Kroah-Hartman
2023-01-16 15:50 ` [PATCH 4.19 357/521] reiserfs: Add missing calls to reiserfs_security_free() Greg Kroah-Hartman
2023-01-16 15:50 ` [PATCH 4.19 358/521] iio: adc: ad_sigma_delta: do not use internal iio_dev lock Greg Kroah-Hartman
2023-01-16 15:50 ` [PATCH 4.19 359/521] gcov: add support for checksum field Greg Kroah-Hartman
2023-01-16 15:50 ` [PATCH 4.19 360/521] media: dvbdev: fix build warning due to comments Greg Kroah-Hartman
2023-01-16 15:50 ` [PATCH 4.19 361/521] media: dvbdev: fix refcnt bug Greg Kroah-Hartman
2023-01-16 15:50 ` [PATCH 4.19 362/521] ata: ahci: Fix PCS quirk application for suspend Greg Kroah-Hartman
2023-01-16 15:50 ` [PATCH 4.19 363/521] powerpc/rtas: avoid device tree lookups in rtas_os_term() Greg Kroah-Hartman
2023-01-16 15:50 ` [PATCH 4.19 364/521] powerpc/rtas: avoid scheduling " Greg Kroah-Hartman
2023-01-16 15:50 ` [PATCH 4.19 365/521] HID: plantronics: Additional PIDs for double volume key presses quirk Greg Kroah-Hartman
2023-01-16 15:50 ` [PATCH 4.19 366/521] hfsplus: fix bug causing custom uid and gid being unable to be assigned with mount Greg Kroah-Hartman
2023-01-16 15:50 ` [PATCH 4.19 367/521] ovl: Use ovl mounters fsuid and fsgid in ovl_link() Greg Kroah-Hartman
2023-01-16 15:50 ` [PATCH 4.19 368/521] ALSA: line6: correct midi status byte when receiving data from podxt Greg Kroah-Hartman
2023-01-16 15:50 ` [PATCH 4.19 369/521] ALSA: line6: fix stack overflow in line6_midi_transmit Greg Kroah-Hartman
2023-01-16 15:50 ` [PATCH 4.19 370/521] pnode: terminate at peers of source Greg Kroah-Hartman
2023-01-16 15:50 ` [PATCH 4.19 371/521] md: fix a crash in mempool_free Greg Kroah-Hartman
2023-01-16 15:50 ` [PATCH 4.19 372/521] mmc: vub300: fix warning - do not call blocking ops when !TASK_RUNNING Greg Kroah-Hartman
2023-01-16 15:50 ` [PATCH 4.19 373/521] tpm: tpm_crb: Add the missed acpi_put_table() to fix memory leak Greg Kroah-Hartman
2023-01-16 15:50 ` [PATCH 4.19 374/521] tpm: tpm_tis: " Greg Kroah-Hartman
2023-01-16 15:50 ` [PATCH 4.19 375/521] SUNRPC: Dont leak netobj memory when gss_read_proxy_verf() fails Greg Kroah-Hartman
2023-01-16 15:50 ` [PATCH 4.19 376/521] media: stv0288: use explicitly signed char Greg Kroah-Hartman
2023-01-16 15:50 ` [PATCH 4.19 377/521] soc: qcom: Select REMAP_MMIO for LLCC driver Greg Kroah-Hartman
2023-01-16 15:50 ` [PATCH 4.19 378/521] ktest.pl minconfig: Unset configs instead of just removing them Greg Kroah-Hartman
2023-01-16 15:50 ` [PATCH 4.19 379/521] ARM: ux500: do not directly dereference __iomem Greg Kroah-Hartman
2023-01-16 15:50 ` [PATCH 4.19 380/521] selftests: Use optional USERCFLAGS and USERLDFLAGS Greg Kroah-Hartman
2023-01-16 15:50 ` [PATCH 4.19 381/521] binfmt: Move install_exec_creds after setup_new_exec to match binfmt_elf Greg Kroah-Hartman
2023-01-16 15:50 ` [PATCH 4.19 382/521] binfmt: Fix error return code in load_elf_fdpic_binary() Greg Kroah-Hartman
2023-01-16 15:50 ` [PATCH 4.19 383/521] dm cache: Fix ABBA deadlock between shrink_slab and dm_cache_metadata_abort Greg Kroah-Hartman
2023-01-16 15:50 ` [PATCH 4.19 384/521] dm thin: Use last transactions pmd->root when commit failed Greg Kroah-Hartman
2023-01-16 15:50 ` [PATCH 4.19 385/521] dm thin: Fix UAF in run_timer_softirq() Greg Kroah-Hartman
2023-01-16 15:50 ` [PATCH 4.19 386/521] dm cache: Fix UAF in destroy() Greg Kroah-Hartman
2023-01-16 15:50 ` [PATCH 4.19 387/521] dm cache: set needs_check flag after aborting metadata Greg Kroah-Hartman
2023-01-16 15:50 ` [PATCH 4.19 388/521] x86/microcode/intel: Do not retry microcode reloading on the APs Greg Kroah-Hartman
2023-01-16 15:50 ` [PATCH 4.19 389/521] tracing: Fix infinite loop in tracing_read_pipe on overflowed print_trace_line Greg Kroah-Hartman
2023-01-16 15:50 ` [PATCH 4.19 390/521] ARM: 9256/1: NWFPE: avoid compiler-generated __aeabi_uldivmod Greg Kroah-Hartman
2023-01-16 15:50 ` [PATCH 4.19 391/521] media: dvb-core: Fix double free in dvb_register_device() Greg Kroah-Hartman
2023-01-16 15:50 ` [PATCH 4.19 392/521] media: dvb-core: Fix UAF due to refcount races at releasing Greg Kroah-Hartman
2023-01-16 15:50 ` [PATCH 4.19 393/521] cifs: fix confusing debug message Greg Kroah-Hartman
2023-01-16 15:50 ` [PATCH 4.19 394/521] md/bitmap: Fix bitmap chunk size overflow issues Greg Kroah-Hartman
2023-01-16 15:50 ` [PATCH 4.19 395/521] ipmi: fix long wait in unload when IPMI disconnect Greg Kroah-Hartman
2023-01-16 15:50 ` [PATCH 4.19 396/521] ima: Fix a potential NULL pointer access in ima_restore_measurement_list Greg Kroah-Hartman
2023-01-16 15:50 ` [PATCH 4.19 397/521] ipmi: fix use after free in _ipmi_destroy_user() Greg Kroah-Hartman
2023-01-16 15:51 ` [PATCH 4.19 398/521] PCI: Fix pci_device_is_present() for VFs by checking PF Greg Kroah-Hartman
2023-01-16 15:51 ` [PATCH 4.19 399/521] PCI/sysfs: Fix double free in error path Greg Kroah-Hartman
2023-01-16 15:51 ` [PATCH 4.19 400/521] crypto: n2 - add missing hash statesize Greg Kroah-Hartman
2023-01-16 15:51 ` [PATCH 4.19 401/521] iommu/amd: Fix ivrs_acpihid cmdline parsing code Greg Kroah-Hartman
2023-01-16 15:51 ` [PATCH 4.19 402/521] parisc: led: Fix potential null-ptr-deref in start_task() Greg Kroah-Hartman
2023-01-16 15:51 ` [PATCH 4.19 403/521] device_cgroup: Roll back to original exceptions after copy failure Greg Kroah-Hartman
2023-01-16 15:51 ` [PATCH 4.19 404/521] drm/connector: send hotplug uevent on connector cleanup Greg Kroah-Hartman
2023-01-16 15:51 ` [PATCH 4.19 405/521] drm/vmwgfx: Validate the box size for the snooped cursor Greg Kroah-Hartman
2023-01-16 15:51 ` [PATCH 4.19 406/521] ext4: add inode table check in __ext4_get_inode_loc to aovid possible infinite loop Greg Kroah-Hartman
2023-01-16 15:51 ` [PATCH 4.19 407/521] ext4: fix undefined behavior in bit shift for ext4_check_flag_values Greg Kroah-Hartman
2023-01-16 15:51 ` [PATCH 4.19 408/521] ext4: add helper to check quota inums Greg Kroah-Hartman
2023-01-16 15:51 ` [PATCH 4.19 409/521] ext4: fix bug_on in __es_tree_search caused by bad boot loader inode Greg Kroah-Hartman
2023-01-16 15:51 ` [PATCH 4.19 410/521] ext4: init quota for old.inode in ext4_rename Greg Kroah-Hartman
2023-01-16 15:51 ` [PATCH 4.19 411/521] ext4: fix corruption when online resizing a 1K bigalloc fs Greg Kroah-Hartman
2023-01-16 15:51 ` [PATCH 4.19 412/521] ext4: fix error code return to user-space in ext4_get_branch() Greg Kroah-Hartman
2023-01-16 15:51 ` [PATCH 4.19 413/521] ext4: avoid BUG_ON when creating xattrs Greg Kroah-Hartman
2023-01-16 15:51 ` [PATCH 4.19 414/521] ext4: fix inode leak in ext4_xattr_inode_create() on an error path Greg Kroah-Hartman
2023-01-16 15:51 ` [PATCH 4.19 415/521] ext4: initialize quota before expanding inode in setproject ioctl Greg Kroah-Hartman
2023-01-16 15:51 ` [PATCH 4.19 416/521] ext4: avoid unaccounted block allocation when expanding inode Greg Kroah-Hartman
2023-01-16 15:51 ` [PATCH 4.19 417/521] ext4: allocate extended attribute value in vmalloc area Greg Kroah-Hartman
2023-01-16 15:51 ` [PATCH 4.19 418/521] drm/amdgpu: make display pinning more flexible (v2) Greg Kroah-Hartman
2023-01-16 15:51 ` [PATCH 4.19 419/521] btrfs: send: avoid unnecessary backref lookups when finding clone source Greg Kroah-Hartman
2023-01-16 15:51 ` [PATCH 4.19 420/521] btrfs: replace strncpy() with strscpy() Greg Kroah-Hartman
2023-01-16 15:51 ` [PATCH 4.19 421/521] media: s5p-mfc: Fix to handle reference queue during finishing Greg Kroah-Hartman
2023-01-16 15:51 ` [PATCH 4.19 422/521] media: s5p-mfc: Clear workbit to handle error condition Greg Kroah-Hartman
2023-01-16 15:51 ` [PATCH 4.19 423/521] media: s5p-mfc: Fix in register read and write for H264 Greg Kroah-Hartman
2023-01-16 15:51 ` [PATCH 4.19 424/521] dm thin: resume even if in FAIL mode Greg Kroah-Hartman
2023-01-16 15:51 ` [PATCH 4.19 425/521] perf probe: Use dwarf_attr_integrate as generic DWARF attr accessor Greg Kroah-Hartman
2023-01-16 15:51 ` [PATCH 4.19 426/521] perf probe: Fix to get the DW_AT_decl_file and DW_AT_call_file as unsinged data Greg Kroah-Hartman
2023-01-16 15:51 ` [PATCH 4.19 427/521] ravb: Fix "failed to switch device to config mode" message during unbind Greg Kroah-Hartman
2023-01-16 15:51 ` [PATCH 4.19 428/521] riscv: remove unreachable !HAVE_FUNCTION_GRAPH_RET_ADDR_PTR code Greg Kroah-Hartman
2023-01-16 15:51 ` [PATCH 4.19 429/521] riscv/stacktrace: Fix stack output without ra on the stack top Greg Kroah-Hartman
2023-01-16 15:51 ` [PATCH 4.19 430/521] riscv: stacktrace: Fixup ftrace_graph_ret_addr retp argument Greg Kroah-Hartman
2023-01-16 15:51 ` [PATCH 4.19 431/521] driver core: Set deferred_probe_timeout to a longer default if CONFIG_MODULES is set Greg Kroah-Hartman
2023-01-16 15:51 ` [PATCH 4.19 432/521] ext4: goto right label failed_mount3a Greg Kroah-Hartman
2023-01-16 15:51 ` [PATCH 4.19 433/521] ext4: correct inconsistent error msg in nojournal mode Greg Kroah-Hartman
2023-01-16 15:51 ` [PATCH 4.19 434/521] ext4: use kmemdup() to replace kmalloc + memcpy Greg Kroah-Hartman
2023-01-16 15:51 ` [PATCH 4.19 435/521] mbcache: dont reclaim used entries Greg Kroah-Hartman
2023-01-16 15:51 ` [PATCH 4.19 436/521] mbcache: add functions to delete entry if unused Greg Kroah-Hartman
2023-01-16 15:51 ` [PATCH 4.19 437/521] ext4: remove EA inode entry from mbcache on inode eviction Greg Kroah-Hartman
2023-01-16 15:51 ` [PATCH 4.19 438/521] ext4: unindent codeblock in ext4_xattr_block_set() Greg Kroah-Hartman
2023-01-16 15:51 ` [PATCH 4.19 439/521] ext4: fix race when reusing xattr blocks Greg Kroah-Hartman
2023-01-16 15:51 ` [PATCH 4.19 440/521] mbcache: automatically delete entries from cache on freeing Greg Kroah-Hartman
2023-01-16 15:51 ` [PATCH 4.19 441/521] ext4: fix deadlock due to mbcache entry corruption Greg Kroah-Hartman
2023-01-16 15:51 ` [PATCH 4.19 442/521] SUNRPC: ensure the matching upcall is in-flight upon downcall Greg Kroah-Hartman
2023-01-16 15:51 ` [PATCH 4.19 443/521] bpf: pull before calling skb_postpull_rcsum() Greg Kroah-Hartman
2023-01-16 15:51 ` [PATCH 4.19 444/521] qlcnic: prevent ->dcb use-after-free on qlcnic_dcb_enable() failure Greg Kroah-Hartman
2023-01-16 15:51 ` [PATCH 4.19 445/521] nfc: Fix potential resource leaks Greg Kroah-Hartman
2023-01-16 15:51 ` [PATCH 4.19 446/521] net: amd-xgbe: add missed tasklet_kill Greg Kroah-Hartman
2023-01-16 15:51 ` [PATCH 4.19 447/521] net: phy: xgmiitorgmii: Fix refcount leak in xgmiitorgmii_probe Greg Kroah-Hartman
2023-01-16 15:51 ` [PATCH 4.19 448/521] RDMA/mlx5: Fix validation of max_rd_atomic caps for DC Greg Kroah-Hartman
2023-01-16 15:51 ` [PATCH 4.19 449/521] net: sched: atm: dont intepret cls results when asked to drop Greg Kroah-Hartman
2023-01-16 15:51 ` [PATCH 4.19 450/521] usb: rndis_host: Secure rndis_query check against int overflow Greg Kroah-Hartman
2023-01-16 15:51 ` [PATCH 4.19 451/521] caif: fix memory leak in cfctrl_linkup_request() Greg Kroah-Hartman
2023-01-16 15:51 ` [PATCH 4.19 452/521] udf: Fix extension of the last extent in the file Greg Kroah-Hartman
2023-01-16 15:51 ` [PATCH 4.19 453/521] ASoC: Intel: bytcr_rt5640: Add quirk for the Advantech MICA-071 tablet Greg Kroah-Hartman
2023-01-16 15:51 ` [PATCH 4.19 454/521] x86/bugs: Flush IBP in ib_prctl_set() Greg Kroah-Hartman
2023-01-16 15:51 ` [PATCH 4.19 455/521] nfsd: fix handling of readdir in v4root vs. mount upcall timeout Greg Kroah-Hartman
2023-01-16 15:51 ` [PATCH 4.19 456/521] riscv: uaccess: fix type of 0 variable on error in get_user() Greg Kroah-Hartman
2023-01-16 15:51 ` [PATCH 4.19 457/521] ext4: dont allow journal inode to have encrypt flag Greg Kroah-Hartman
2023-01-16 15:52 ` [PATCH 4.19 458/521] hfs/hfsplus: use WARN_ON for sanity check Greg Kroah-Hartman
2023-01-16 15:52 ` [PATCH 4.19 459/521] hfs/hfsplus: avoid WARN_ON() for sanity check, use proper error handling Greg Kroah-Hartman
2023-01-16 15:52 ` [PATCH 4.19 460/521] mbcache: Avoid nesting of cache->c_list_lock under bit locks Greg Kroah-Hartman
2023-01-16 15:52 ` [PATCH 4.19 461/521] parisc: Align parisc MADV_XXX constants with all other architectures Greg Kroah-Hartman
2023-01-16 15:52 ` [PATCH 4.19 462/521] driver core: Fix bus_type.match() error handling in __driver_attach() Greg Kroah-Hartman
2023-01-16 15:52 ` [PATCH 4.19 463/521] net: sched: disallow noqueue for qdisc classes Greg Kroah-Hartman
2023-01-16 15:52 ` [PATCH 4.19 464/521] docs: Fix the docs build with Sphinx 6.0 Greg Kroah-Hartman
2023-01-16 15:52 ` [PATCH 4.19 465/521] perf auxtrace: Fix address filter duplicate symbol selection Greg Kroah-Hartman
2023-01-16 15:52 ` [PATCH 4.19 466/521] s390/percpu: add READ_ONCE() to arch_this_cpu_to_op_simple() Greg Kroah-Hartman
2023-01-16 15:52 ` [PATCH 4.19 467/521] net/ulp: prevent ULP without clone op from entering the LISTEN status Greg Kroah-Hartman
2023-01-16 15:52 ` [PATCH 4.19 468/521] ALSA: pcm: Move rwsem lock inside snd_ctl_elem_read to prevent UAF Greg Kroah-Hartman
2023-01-16 15:52 ` [PATCH 4.19 469/521] cifs: Fix uninitialized memory read for smb311 posix symlink create Greg Kroah-Hartman
2023-01-16 15:52 ` [PATCH 4.19 470/521] platform/x86: sony-laptop: Dont turn off 0x153 keyboard backlight during probe Greg Kroah-Hartman
2023-01-16 15:52 ` [PATCH 4.19 471/521] ipv6: raw: Deduct extension header length in rawv6_push_pending_frames Greg Kroah-Hartman
2023-01-16 15:52 ` [PATCH 4.19 472/521] wifi: wilc1000: sdio: fix module autoloading Greg Kroah-Hartman
2023-01-16 15:52 ` [PATCH 4.19 473/521] ALSA: hda/hdmi: fix failures at PCM open on Intel ICL and later Greg Kroah-Hartman
2023-01-16 15:52 ` [PATCH 4.19 474/521] Add Acer Aspire Ethos 8951G model quirk Greg Kroah-Hartman
2023-01-16 15:52 ` [PATCH 4.19 475/521] ALSA: hda/realtek - More constifications Greg Kroah-Hartman
2023-01-16 15:52 ` [PATCH 4.19 476/521] ALSA: hda/realtek - Add Headset Mic supported for HP cPC Greg Kroah-Hartman
2023-01-16 15:52 ` [PATCH 4.19 477/521] ALSA: hda/realtek - Enable headset mic of Acer X2660G with ALC662 Greg Kroah-Hartman
2023-01-16 15:52 ` [PATCH 4.19 478/521] ALSA: hda/realtek - Enable the headset of Acer N50-600 " Greg Kroah-Hartman
2023-01-16 15:52 ` [PATCH 4.19 479/521] ALSA: hda/realtek - The front Mic on a HP machine doesnt work Greg Kroah-Hartman
2023-01-16 15:52 ` [PATCH 4.19 480/521] ALSA: hda/realtek: Fix the mic type detection issue for ASUS G551JW Greg Kroah-Hartman
2023-01-16 15:52 ` [PATCH 4.19 481/521] ALSA: hda/realtek - Add headset Mic support for Lenovo ALC897 platform Greg Kroah-Hartman
2023-01-16 15:52 ` [PATCH 4.19 482/521] ALSA: hda/realtek - ALC897 headset MIC no sound Greg Kroah-Hartman
2023-01-16 15:52 ` [PATCH 4.19 483/521] ALSA: hda/realtek: Add quirk for Lenovo TianYi510Pro-14IOB Greg Kroah-Hartman
2023-01-16 15:52 ` [PATCH 4.19 484/521] ktest: Add support for meta characters in GRUB_MENU Greg Kroah-Hartman
2023-01-16 15:52 ` [PATCH 4.19 485/521] ktest: introduce _get_grub_index Greg Kroah-Hartman
2023-01-16 15:52 ` [PATCH 4.19 486/521] ktest: cleanup get_grub_index Greg Kroah-Hartman
2023-01-16 15:52 ` [PATCH 4.19 487/521] ktest: introduce grub2bls REBOOT_TYPE option Greg Kroah-Hartman
2023-01-16 15:52 ` [PATCH 4.19 488/521] ktest.pl: Fix incorrect reboot for grub2bls Greg Kroah-Hartman
2023-01-16 15:52 ` [PATCH 4.19 489/521] kest.pl: Fix grub2 menu handling for rebooting Greg Kroah-Hartman
2023-01-16 15:52 ` [PATCH 4.19 490/521] usb: ulpi: defer ulpi_register on ulpi_read_id timeout Greg Kroah-Hartman
2023-01-16 15:52 ` [PATCH 4.19 491/521] quota: Factor out setup of quota inode Greg Kroah-Hartman
2023-01-16 15:52 ` [PATCH 4.19 492/521] ext4: fix bug_on in __es_tree_search caused by bad " Greg Kroah-Hartman
2023-01-16 15:52 ` [PATCH 4.19 493/521] ext4: lost matching-pair of trace in ext4_truncate Greg Kroah-Hartman
2023-01-16 15:52 ` [PATCH 4.19 494/521] ext4: fix use-after-free in ext4_orphan_cleanup Greg Kroah-Hartman
2023-01-16 15:52 ` [PATCH 4.19 495/521] ext4: fix uninititialized value in ext4_evict_inode Greg Kroah-Hartman
2023-01-16 15:52 ` [PATCH 4.19 496/521] ext4: generalize extents status tree search functions Greg Kroah-Hartman
2023-01-16 15:52 ` [PATCH 4.19 497/521] ext4: add new pending reservation mechanism Greg Kroah-Hartman
2023-01-16 15:52 ` [PATCH 4.19 498/521] ext4: fix reserved cluster accounting at delayed write time Greg Kroah-Hartman
2023-01-16 15:52 ` [PATCH 4.19 499/521] ext4: fix delayed allocation bug in ext4_clu_mapped for bigalloc + inline Greg Kroah-Hartman
2023-01-19 17:40 ` Eric Whitney
2023-01-22 14:14 ` Greg Kroah-Hartman
2023-01-16 15:52 ` [PATCH 4.19 500/521] netfilter: ipset: Fix overflow before widen in the bitmap_ip_create() function Greg Kroah-Hartman
2023-01-16 15:52 ` [PATCH 4.19 501/521] x86/boot: Avoid using Intel mnemonics in AT&T syntax asm Greg Kroah-Hartman
2023-01-16 15:52 ` [PATCH 4.19 502/521] EDAC/device: Fix period calculation in edac_device_reset_delay_period() Greg Kroah-Hartman
2023-01-16 15:52 ` [PATCH 4.19 503/521] regulator: da9211: Use irq handler when ready Greg Kroah-Hartman
2023-01-16 15:52 ` [PATCH 4.19 504/521] hvc/xen: lock console list traversal Greg Kroah-Hartman
2023-01-16 15:52 ` [PATCH 4.19 505/521] nfc: pn533: Wait for out_urbs completion in pn533_usb_send_frame() Greg Kroah-Hartman
2023-01-16 15:52 ` [PATCH 4.19 506/521] net/mlx5: Rename ptp clock info Greg Kroah-Hartman
2023-01-16 15:52 ` [PATCH 4.19 507/521] net/mlx5: Fix ptp max frequency adjustment range Greg Kroah-Hartman
2023-01-16 15:52 ` [PATCH 4.19 508/521] iommu/mediatek-v1: Add error handle for mtk_iommu_probe Greg Kroah-Hartman
2023-01-16 15:52 ` [PATCH 4.19 509/521] iommu/mediatek-v1: Fix an error handling path in mtk_iommu_v1_probe() Greg Kroah-Hartman
2023-01-16 15:52 ` [PATCH 4.19 510/521] x86/resctrl: Use task_curr() instead of task_struct->on_cpu to prevent unnecessary IPI Greg Kroah-Hartman
2023-01-16 15:52 ` [PATCH 4.19 511/521] x86/resctrl: Fix task CLOSID/RMID update race Greg Kroah-Hartman
2023-01-16 15:52 ` [PATCH 4.19 512/521] drm/virtio: Fix GEM handle creation UAF Greg Kroah-Hartman
2023-01-16 15:52 ` [PATCH 4.19 513/521] arm64: cmpxchg_double*: hazard against entire exchange variable Greg Kroah-Hartman
2023-01-16 15:52 ` [PATCH 4.19 514/521] efi: fix NULL-deref in init error path Greg Kroah-Hartman
2023-01-16 15:52 ` [PATCH 4.19 515/521] Revert "usb: ulpi: defer ulpi_register on ulpi_read_id timeout" Greg Kroah-Hartman
2023-01-16 15:52 ` [PATCH 4.19 516/521] tty: serial: tegra: Handle RX transfer in PIO mode if DMA wasnt started Greg Kroah-Hartman
2023-01-16 15:52 ` [PATCH 4.19 517/521] pseries/eeh: Fix the kdump kernel crash during eeh_pseries_init Greg Kroah-Hartman
2023-01-16 15:53 ` [PATCH 4.19 518/521] ALSA: hda/realtek - Fix inverted bass GPIO pin on Acer 8951G Greg Kroah-Hartman
2023-01-16 15:53 ` [PATCH 4.19 519/521] ALSA: hda/realtek - Fixed one of HP ALC671 platform Headset Mic supported Greg Kroah-Hartman
2023-01-16 15:53 ` [PATCH 4.19 520/521] powerpc/powernv/eeh: Fix oops when probing cxl devices Greg Kroah-Hartman
2023-01-16 15:53 ` [PATCH 4.19 521/521] serial: tegra: Only print FIFO error message when an error occurs Greg Kroah-Hartman
2023-01-16 21:35 ` [PATCH 4.19 000/521] 4.19.270-rc1 review Pavel Machek
2023-01-17 0:01 ` Shuah Khan
2023-01-17 11:10 ` Jon Hunter
2023-01-17 12:27 ` Sudip Mukherjee
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.