linux-kernel.vger.kernel.org archive mirror
 help / color / mirror / Atom feed
* [PATCH 5.10 00/96] 5.10.60-rc1 review
@ 2021-08-16 13:01 Greg Kroah-Hartman
  2021-08-16 13:01 ` [PATCH 5.10 01/96] iio: adc: ti-ads7950: Ensure CS is deasserted after reading channels Greg Kroah-Hartman
                   ` (95 more replies)
  0 siblings, 96 replies; 112+ messages in thread
From: Greg Kroah-Hartman @ 2021-08-16 13:01 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, torvalds, akpm, linux, shuah, patches,
	lkft-triage, pavel, jonathanh, f.fainelli, stable

This is the start of the stable review cycle for the 5.10.60 release.
There are 96 patches in this series, all will be posted as a response
to this one.  If anyone has any issues with these being applied, please
let me know.

Responses should be made by Wed, 18 Aug 2021 12:54:12 +0000.
Anything received after that time might be too late.

The whole patch series can be found in one patch at:
	https://www.kernel.org/pub/linux/kernel/v5.x/stable-review/patch-5.10.60-rc1.gz
or in the git tree and branch at:
	git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-5.10.y
and the diffstat can be found below.

thanks,

greg k-h

-------------
Pseudo-Shortlog of commits:

Greg Kroah-Hartman <gregkh@linuxfoundation.org>
    Linux 5.10.60-rc1

Nathan Chancellor <nathan@kernel.org>
    vmlinux.lds.h: Handle clang's module.{c,d}tor sections

Jeff Layton <jlayton@kernel.org>
    ceph: take snap_empty_lock atomically with snaprealm refcount change

Jeff Layton <jlayton@kernel.org>
    ceph: clean up locking annotation for ceph_get_snap_realm and __lookup_snap_realm

Jeff Layton <jlayton@kernel.org>
    ceph: add some lockdep assertions around snaprealm handling

Hans de Goede <hdegoede@redhat.com>
    vboxsf: Add support for the atomic_open directory-inode op

Hans de Goede <hdegoede@redhat.com>
    vboxsf: Add vboxsf_[create|release]_sf_handle() helpers

Sean Christopherson <seanjc@google.com>
    KVM: nVMX: Use vmx_need_pf_intercept() when deciding if L0 wants a #PF

Sean Christopherson <seanjc@google.com>
    KVM: VMX: Use current VMCS to query WAITPKG support for MSR emulation

Ard Biesheuvel <ardb@kernel.org>
    efi/libstub: arm64: Double check image alignment at entry

Christophe Leroy <christophe.leroy@csgroup.eu>
    powerpc/smp: Fix OOPS in topology_init()

Thomas Gleixner <tglx@linutronix.de>
    PCI/MSI: Protect msi_desc::masked for multi-MSI

Thomas Gleixner <tglx@linutronix.de>
    PCI/MSI: Use msi_mask_irq() in pci_msi_shutdown()

Thomas Gleixner <tglx@linutronix.de>
    PCI/MSI: Correct misleading comments

Thomas Gleixner <tglx@linutronix.de>
    PCI/MSI: Do not set invalid bits in MSI mask

Thomas Gleixner <tglx@linutronix.de>
    PCI/MSI: Enforce MSI[X] entry updates to be visible

Thomas Gleixner <tglx@linutronix.de>
    PCI/MSI: Enforce that MSI-X table entry is masked for update

Thomas Gleixner <tglx@linutronix.de>
    PCI/MSI: Mask all unused MSI-X entries

Thomas Gleixner <tglx@linutronix.de>
    PCI/MSI: Enable and mask MSI-X early

Ben Dai <ben.dai@unisoc.com>
    genirq/timings: Prevent potential array overflow in __irq_timings_store()

Bixuan Cui <cuibixuan@huawei.com>
    genirq/msi: Ensure deactivation on teardown

Babu Moger <Babu.Moger@amd.com>
    x86/resctrl: Fix default monitoring groups reporting

Thomas Gleixner <tglx@linutronix.de>
    x86/ioapic: Force affinity setup before startup

Thomas Gleixner <tglx@linutronix.de>
    x86/msi: Force affinity setup before startup

Thomas Gleixner <tglx@linutronix.de>
    genirq: Provide IRQCHIP_AFFINITY_PRE_STARTUP

Randy Dunlap <rdunlap@infradead.org>
    x86/tools: Fix objdump version check again

Pu Lehui <pulehui@huawei.com>
    powerpc/kprobes: Fix kprobe Oops happens in booke

Ard Biesheuvel <ardb@kernel.org>
    efi/libstub: arm64: Relax 2M alignment again for relocatable kernels

Ard Biesheuvel <ardb@kernel.org>
    efi/libstub: arm64: Force Image reallocation if BSS was not reserved

Benjamin Herrenschmidt <benh@kernel.crashing.org>
    arm64: efi: kaslr: Fix occasional random alloc (and boot) failure

Xie Yongji <xieyongji@bytedance.com>
    nbd: Aovid double completion of a request

Longpeng(Mike) <longpeng2@huawei.com>
    vsock/virtio: avoid potential deadlock when vsock device remove

Maximilian Heyne <mheyne@amazon.de>
    xen/events: Fix race in set_evtchn_to_irq

Matt Roper <matthew.d.roper@intel.com>
    drm/i915: Only access SFC_DONE when media domain is not fused off

Eric Dumazet <edumazet@google.com>
    net: igmp: increase size of mr_ifc_count

Neal Cardwell <ncardwell@google.com>
    tcp_bbr: fix u32 wrap bug in round logic if bbr_init() called after 2B packets

Willy Tarreau <w@1wt.eu>
    net: linkwatch: fix failure to restore device state across suspend/resume

Yang Yingliang <yangyingliang@huawei.com>
    net: bridge: fix memleak in br_add_if()

Nikolay Aleksandrov <nikolay@nvidia.com>
    net: bridge: fix flags interpretation for extern learn fdb entries

Vladimir Oltean <vladimir.oltean@nxp.com>
    net: bridge: validate the NUD_PERMANENT bit when adding an extern_learn FDB entry

Vladimir Oltean <vladimir.oltean@nxp.com>
    net: dsa: sja1105: fix broken backpressure in .port_fdb_dump

Vladimir Oltean <vladimir.oltean@nxp.com>
    net: dsa: lantiq: fix broken backpressure in .port_fdb_dump

Vladimir Oltean <vladimir.oltean@nxp.com>
    net: dsa: lan9303: fix broken backpressure in .port_fdb_dump

Eric Dumazet <edumazet@google.com>
    net: igmp: fix data-race in igmp_ifc_timer_expire()

Takeshi Misawa <jeliantsurux@gmail.com>
    net: Fix memory leak in ieee802154_raw_deliver

Ben Hutchings <ben.hutchings@mind.be>
    net: dsa: microchip: ksz8795: Fix VLAN filtering

Ben Hutchings <ben.hutchings@mind.be>
    net: dsa: microchip: Fix ksz_read64()

Christian Hewitt <christianshewitt@gmail.com>
    drm/meson: fix colour distortion from HDR set during vendor u-boot

Aya Levin <ayal@nvidia.com>
    net/mlx5: Fix return value from tracer initialization

Shay Drory <shayd@nvidia.com>
    net/mlx5: Synchronize correct IRQ when destroying CQ

Guillaume Nault <gnault@redhat.com>
    bareudp: Fix invalid read beyond skb's linear data

Roi Dayan <roid@nvidia.com>
    psample: Add a fwd declaration for skbuff

Md Fahad Iqbal Polash <md.fahad.iqbal.polash@intel.com>
    iavf: Set RSS LUT and key in reset handle path

Brett Creeley <brett.creeley@intel.com>
    ice: don't remove netdev->dev_addr from uc sync list

Anirudh Venkataramanan <anirudh.venkataramanan@intel.com>
    ice: Prevent probing virtual functions

Hangbin Liu <liuhangbin@gmail.com>
    net: sched: act_mirred: Reset ct info when mirror/redirect skb

Karsten Graul <kgraul@linux.ibm.com>
    net/smc: fix wait on already cleared link

Pali Rohár <pali@kernel.org>
    ppp: Fix generating ifname when empty IFLA_IFNAME is specified

Ben Hutchings <ben.hutchings@mind.be>
    net: phy: micrel: Fix link detection on ksz87xx switch"

Tatsuhiko Yasumatsu <th.yasumatsu@gmail.com>
    bpf: Fix integer overflow involving bucket_size

Robin Gögge <r.goegge@googlemail.com>
    libbpf: Fix probe for BPF_PROG_TYPE_CGROUP_SOCKOPT

Hans de Goede <hdegoede@redhat.com>
    platform/x86: pcengines-apuv2: Add missing terminating entries to gpio-lookup tables

John Hubbard <jhubbard@nvidia.com>
    net: mvvp2: fix short frame size on s390

DENG Qingfang <dqfext@gmail.com>
    net: dsa: mt7530: add the missing RxUnicast MIB counter

Richard Fitzgerald <rf@opensource.cirrus.com>
    ASoC: cs42l42: Fix LRCLK frame start edge

Andy Shevchenko <andriy.shevchenko@linux.intel.com>
    pinctrl: tigerlake: Fix GPIO mapping for newer version of software

Yajun Deng <yajun.deng@linux.dev>
    netfilter: nf_conntrack_bridge: Fix memory leak when error

Richard Fitzgerald <rf@opensource.cirrus.com>
    ASoC: cs42l42: Remove duplicate control for WNF filter frequency

Richard Fitzgerald <rf@opensource.cirrus.com>
    ASoC: cs42l42: Fix inversion of ADC Notch Switch control

Guennadi Liakhovetski <guennadi.liakhovetski@linux.intel.com>
    ASoC: SOF: Intel: hda-ipc: fix reply size checking

Mike Tipton <mdtipton@codeaurora.org>
    interconnect: qcom: icc-rpmh: Add BCMs to commit list in pre_aggregate

Richard Fitzgerald <rf@opensource.cirrus.com>
    ASoC: cs42l42: Don't allow SND_SOC_DAIFMT_LEFT_J

Richard Fitzgerald <rf@opensource.cirrus.com>
    ASoC: cs42l42: Correct definition of ADC Volume control

Hsin-Yi Wang <hsinyi@chromium.org>
    pinctrl: mediatek: Fix fallback behavior for bias_set_combo

Dongliang Mu <mudongliangabcd@gmail.com>
    ieee802154: hwsim: fix GPF in hwsim_new_edge_nl

Dongliang Mu <mudongliangabcd@gmail.com>
    ieee802154: hwsim: fix GPF in hwsim_set_edge_lqi

Alex Deucher <alexander.deucher@amd.com>
    drm/amdgpu: don't enable baco on boco platforms in runpm

Anson Jacob <Anson.Jacob@amd.com>
    drm/amd/display: use GFP_ATOMIC in amdgpu_dm_irq_schedule_work

Eric Bernstein <eric.bernstein@amd.com>
    drm/amd/display: Remove invalid assert for ODM + MPC case

Dan Williams <dan.j.williams@intel.com>
    libnvdimm/region: Fix label activation vs errors

Dan Williams <dan.j.williams@intel.com>
    ACPI: NFIT: Fix support for virtual SPA ranges

Luis Henriques <lhenriques@suse.de>
    ceph: reduce contention in ceph_check_delayed_caps()

Vineet Gupta <vgupta@synopsys.com>
    ARC: fp: set FPU_STATUS.FWE to enable FPU_STATUS update on context switch

Grygorii Strashko <grygorii.strashko@ti.com>
    net: ethernet: ti: cpsw: fix min eth packet size for non-switch use-cases

Hsuan-Chi Kuo <hsuanchikuo@gmail.com>
    seccomp: Fix setting loaded filter count during TSYNC

Ewan D. Milne <emilne@redhat.com>
    scsi: lpfc: Move initialization of phba->poll_list earlier to avoid crash

Shyam Prasad N <sprasad@microsoft.com>
    cifs: create sd context must be a multiple of 8

Greg Kroah-Hartman <gregkh@linuxfoundation.org>
    i2c: dev: zero out array used for i2c reads from userspace

Takashi Iwai <tiwai@suse.de>
    ASoC: intel: atom: Fix reference to PCM buffer address

Mark Brown <broonie@kernel.org>
    ASoC: tlv320aic31xx: Fix jack detection after suspend

Takashi Iwai <tiwai@suse.de>
    ASoC: uniphier: Fix reference to PCM buffer address

Takashi Iwai <tiwai@suse.de>
    ASoC: xilinx: Fix reference to PCM buffer address

Takashi Iwai <tiwai@suse.de>
    ASoC: amd: Fix reference to PCM buffer address

Colin Ian King <colin.king@canonical.com>
    iio: adc: Fix incorrect exit of for-loop

Chris Lesiak <chris.lesiak@licor.com>
    iio: humidity: hdc100x: Add margin to the conversion time

Antti Keränen <detegr@rbx.email>
    iio: adis: set GPIO reset pin direction

Uwe Kleine-König <u.kleine-koenig@pengutronix.de>
    iio: adc: ti-ads7950: Ensure CS is deasserted after reading channels


-------------

Diffstat:

 Makefile                                           |   4 +-
 arch/arc/kernel/fpu.c                              |   9 +-
 arch/powerpc/kernel/kprobes.c                      |   3 +-
 arch/powerpc/kernel/sysfs.c                        |   2 +-
 arch/x86/kernel/apic/io_apic.c                     |   6 +-
 arch/x86/kernel/apic/msi.c                         |  13 ++-
 arch/x86/kernel/cpu/resctrl/monitor.c              |  27 +++--
 arch/x86/kvm/vmx/nested.c                          |   3 +-
 arch/x86/kvm/vmx/vmx.h                             |   2 +-
 arch/x86/tools/chkobjdump.awk                      |   1 +
 drivers/acpi/nfit/core.c                           |   3 +
 drivers/base/core.c                                |   1 +
 drivers/block/nbd.c                                |  14 ++-
 drivers/firmware/efi/libstub/arm64-stub.c          |  69 ++++++++++--
 drivers/firmware/efi/libstub/randomalloc.c         |   2 +
 drivers/gpu/drm/amd/amdgpu/amdgpu_drv.c            |   2 +
 .../gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_irq.c  |   2 +-
 .../gpu/drm/amd/display/dc/dcn30/dcn30_resource.c  |   1 -
 drivers/gpu/drm/i915/i915_gpu_error.c              |  19 +++-
 drivers/gpu/drm/meson/meson_registers.h            |   5 +
 drivers/gpu/drm/meson/meson_viu.c                  |   7 +-
 drivers/i2c/i2c-dev.c                              |   5 +-
 drivers/iio/adc/palmas_gpadc.c                     |   4 +-
 drivers/iio/adc/ti-ads7950.c                       |   1 -
 drivers/iio/humidity/hdc100x.c                     |   6 +-
 drivers/iio/imu/adis.c                             |   3 +-
 drivers/infiniband/hw/mlx5/cq.c                    |   4 +-
 drivers/infiniband/hw/mlx5/devx.c                  |   3 +-
 drivers/interconnect/qcom/icc-rpmh.c               |  10 +-
 drivers/net/bareudp.c                              |  16 ++-
 drivers/net/dsa/lan9303-core.c                     |  34 +++---
 drivers/net/dsa/lantiq_gswip.c                     |  14 ++-
 drivers/net/dsa/microchip/ksz8795.c                |  11 ++
 drivers/net/dsa/microchip/ksz_common.h             |   8 +-
 drivers/net/dsa/mt7530.c                           |   1 +
 drivers/net/dsa/sja1105/sja1105_main.c             |   4 +-
 drivers/net/ethernet/intel/iavf/iavf_main.c        |  13 ++-
 drivers/net/ethernet/intel/ice/ice_main.c          |  28 +++--
 drivers/net/ethernet/marvell/mvpp2/mvpp2.h         |   2 +-
 drivers/net/ethernet/mellanox/mlx5/core/cq.c       |   1 +
 .../ethernet/mellanox/mlx5/core/diag/fw_tracer.c   |  11 +-
 drivers/net/ethernet/mellanox/mlx5/core/en_main.c  |  13 +--
 drivers/net/ethernet/mellanox/mlx5/core/eq.c       |  20 +++-
 .../net/ethernet/mellanox/mlx5/core/fpga/conn.c    |   4 +-
 drivers/net/ethernet/mellanox/mlx5/core/lib/eq.h   |   2 +
 .../ethernet/mellanox/mlx5/core/steering/dr_send.c |   4 +-
 drivers/net/ethernet/ti/cpsw_new.c                 |   7 +-
 drivers/net/ethernet/ti/cpsw_priv.h                |   4 +-
 drivers/net/ieee802154/mac802154_hwsim.c           |   6 +-
 drivers/net/phy/micrel.c                           |   2 -
 drivers/net/ppp/ppp_generic.c                      |   2 +-
 drivers/nvdimm/namespace_devs.c                    |  17 ++-
 drivers/pci/msi.c                                  | 125 +++++++++++++--------
 drivers/pinctrl/intel/pinctrl-tigerlake.c          |  26 ++---
 drivers/pinctrl/mediatek/pinctrl-mtk-common-v2.c   |   8 +-
 drivers/platform/x86/pcengines-apuv2.c             |   2 +
 drivers/scsi/lpfc/lpfc_init.c                      |   3 +-
 drivers/vdpa/mlx5/net/mlx5_vnet.c                  |   3 +-
 drivers/xen/events/events_base.c                   |  20 +++-
 fs/ceph/caps.c                                     |  17 ++-
 fs/ceph/mds_client.c                               |  25 +++--
 fs/ceph/snap.c                                     |  54 +++++----
 fs/ceph/super.h                                    |   2 +-
 fs/cifs/smb2pdu.c                                  |   2 +-
 fs/vboxsf/dir.c                                    |  48 ++++++++
 fs/vboxsf/file.c                                   |  71 +++++++-----
 fs/vboxsf/vfsmod.h                                 |   7 ++
 include/asm-generic/vmlinux.lds.h                  |   1 +
 include/linux/device.h                             |   1 +
 include/linux/inetdevice.h                         |   2 +-
 include/linux/irq.h                                |   2 +
 include/linux/mlx5/driver.h                        |   3 +-
 include/linux/msi.h                                |   2 +-
 include/net/psample.h                              |   2 +
 include/uapi/linux/neighbour.h                     |   7 +-
 kernel/bpf/hashtab.c                               |   4 +-
 kernel/irq/chip.c                                  |   5 +-
 kernel/irq/msi.c                                   |  13 ++-
 kernel/irq/timings.c                               |   5 +
 kernel/seccomp.c                                   |   2 +-
 net/bridge/br_fdb.c                                |  23 +++-
 net/bridge/br_if.c                                 |   2 +
 net/bridge/netfilter/nf_conntrack_bridge.c         |   6 +
 net/core/link_watch.c                              |   5 +-
 net/ieee802154/socket.c                            |   7 +-
 net/ipv4/igmp.c                                    |  21 ++--
 net/ipv4/tcp_bbr.c                                 |   2 +-
 net/sched/act_mirred.c                             |   3 +
 net/smc/smc_core.h                                 |   2 +
 net/smc/smc_llc.c                                  |  10 +-
 net/smc/smc_tx.c                                   |  18 ++-
 net/smc/smc_wr.c                                   |  10 ++
 net/vmw_vsock/virtio_transport.c                   |   7 +-
 sound/soc/amd/acp-pcm-dma.c                        |   2 +-
 sound/soc/amd/raven/acp3x-pcm-dma.c                |   2 +-
 sound/soc/amd/renoir/acp3x-pdm-dma.c               |   2 +-
 sound/soc/codecs/cs42l42.c                         |  39 +++----
 sound/soc/codecs/tlv320aic31xx.c                   |  10 ++
 sound/soc/intel/atom/sst-mfld-platform-pcm.c       |   3 +-
 sound/soc/sof/intel/hda-ipc.c                      |   4 +-
 sound/soc/uniphier/aio-dma.c                       |   2 +-
 sound/soc/xilinx/xlnx_formatter_pcm.c              |   4 +-
 tools/lib/bpf/libbpf_probes.c                      |   4 +-
 103 files changed, 750 insertions(+), 355 deletions(-)



^ permalink raw reply	[flat|nested] 112+ messages in thread

* [PATCH 5.10 01/96] iio: adc: ti-ads7950: Ensure CS is deasserted after reading channels
  2021-08-16 13:01 [PATCH 5.10 00/96] 5.10.60-rc1 review Greg Kroah-Hartman
@ 2021-08-16 13:01 ` Greg Kroah-Hartman
  2021-08-16 13:01 ` [PATCH 5.10 02/96] iio: adis: set GPIO reset pin direction Greg Kroah-Hartman
                   ` (94 subsequent siblings)
  95 siblings, 0 replies; 112+ messages in thread
From: Greg Kroah-Hartman @ 2021-08-16 13:01 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Uwe Kleine-König, David Lechner,
	Stable, Jonathan Cameron

From: Uwe Kleine-König <u.kleine-koenig@pengutronix.de>

commit 9898cb24e454602beb6e17bacf9f97b26c85c955 upstream.

The ADS7950 requires that CS is deasserted after each SPI word. Before
commit e2540da86ef8 ("iio: adc: ti-ads7950: use SPI_CS_WORD to reduce
CPU usage") the driver used a message with one spi transfer per channel
where each but the last one had .cs_change set to enforce a CS toggle.
This was wrongly translated into a message with a single transfer and
.cs_change set which results in a CS toggle after each word but the
last which corrupts the first adc conversion of all readouts after the
first readout.

Fixes: e2540da86ef8 ("iio: adc: ti-ads7950: use SPI_CS_WORD to reduce CPU usage")
Signed-off-by: Uwe Kleine-König <u.kleine-koenig@pengutronix.de>
Reviewed-by: David Lechner <david@lechnology.com>
Tested-by: David Lechner <david@lechnology.com>
Cc: <Stable@vger.kernel.org>
Link: https://lore.kernel.org/r/20210709101110.1814294-1-u.kleine-koenig@pengutronix.de
Signed-off-by: Jonathan Cameron <Jonathan.Cameron@huawei.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
 drivers/iio/adc/ti-ads7950.c |    1 -
 1 file changed, 1 deletion(-)

--- a/drivers/iio/adc/ti-ads7950.c
+++ b/drivers/iio/adc/ti-ads7950.c
@@ -568,7 +568,6 @@ static int ti_ads7950_probe(struct spi_d
 	st->ring_xfer.tx_buf = &st->tx_buf[0];
 	st->ring_xfer.rx_buf = &st->rx_buf[0];
 	/* len will be set later */
-	st->ring_xfer.cs_change = true;
 
 	spi_message_add_tail(&st->ring_xfer, &st->ring_msg);
 



^ permalink raw reply	[flat|nested] 112+ messages in thread

* [PATCH 5.10 02/96] iio: adis: set GPIO reset pin direction
  2021-08-16 13:01 [PATCH 5.10 00/96] 5.10.60-rc1 review Greg Kroah-Hartman
  2021-08-16 13:01 ` [PATCH 5.10 01/96] iio: adc: ti-ads7950: Ensure CS is deasserted after reading channels Greg Kroah-Hartman
@ 2021-08-16 13:01 ` Greg Kroah-Hartman
  2021-08-16 13:01 ` [PATCH 5.10 03/96] iio: humidity: hdc100x: Add margin to the conversion time Greg Kroah-Hartman
                   ` (93 subsequent siblings)
  95 siblings, 0 replies; 112+ messages in thread
From: Greg Kroah-Hartman @ 2021-08-16 13:01 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Hannu Hartikainen,
	Antti Keränen, Nuno Sá,
	Stable, Jonathan Cameron

From: Antti Keränen <detegr@rbx.email>

commit 7e77ef8b8d600cf8448a2bbd32f682c28884551f upstream.

Set reset pin direction to output as the reset pin needs to be an active
low output pin.

Co-developed-by: Hannu Hartikainen <hannu@hrtk.in>
Signed-off-by: Hannu Hartikainen <hannu@hrtk.in>
Signed-off-by: Antti Keränen <detegr@rbx.email>
Reviewed-by: Nuno Sá <nuno.sa@analog.com>
Fixes: ecb010d44108 ("iio: imu: adis: Refactor adis_initial_startup")
Link: https://lore.kernel.org/r/20210708095425.13295-1-detegr@rbx.email
Cc: <Stable@vger.kernel.org>
Signed-off-by: Jonathan Cameron <Jonathan.Cameron@huawei.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
 drivers/iio/imu/adis.c |    3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

--- a/drivers/iio/imu/adis.c
+++ b/drivers/iio/imu/adis.c
@@ -415,12 +415,11 @@ int __adis_initial_startup(struct adis *
 	int ret;
 
 	/* check if the device has rst pin low */
-	gpio = devm_gpiod_get_optional(&adis->spi->dev, "reset", GPIOD_ASIS);
+	gpio = devm_gpiod_get_optional(&adis->spi->dev, "reset", GPIOD_OUT_HIGH);
 	if (IS_ERR(gpio))
 		return PTR_ERR(gpio);
 
 	if (gpio) {
-		gpiod_set_value_cansleep(gpio, 1);
 		msleep(10);
 		/* bring device out of reset */
 		gpiod_set_value_cansleep(gpio, 0);



^ permalink raw reply	[flat|nested] 112+ messages in thread

* [PATCH 5.10 03/96] iio: humidity: hdc100x: Add margin to the conversion time
  2021-08-16 13:01 [PATCH 5.10 00/96] 5.10.60-rc1 review Greg Kroah-Hartman
  2021-08-16 13:01 ` [PATCH 5.10 01/96] iio: adc: ti-ads7950: Ensure CS is deasserted after reading channels Greg Kroah-Hartman
  2021-08-16 13:01 ` [PATCH 5.10 02/96] iio: adis: set GPIO reset pin direction Greg Kroah-Hartman
@ 2021-08-16 13:01 ` Greg Kroah-Hartman
  2021-08-16 13:01 ` [PATCH 5.10 04/96] iio: adc: Fix incorrect exit of for-loop Greg Kroah-Hartman
                   ` (92 subsequent siblings)
  95 siblings, 0 replies; 112+ messages in thread
From: Greg Kroah-Hartman @ 2021-08-16 13:01 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Chris Lesiak, Matt Ranostay, Stable,
	Jonathan Cameron

From: Chris Lesiak <chris.lesiak@licor.com>

commit 84edec86f449adea9ee0b4912a79ab8d9d65abb7 upstream.

The datasheets have the following note for the conversion time
specification: "This parameter is specified by design and/or
characterization and it is not tested in production."

Parts have been seen that require more time to do 14-bit conversions for
the relative humidity channel.  The result is ENXIO due to the address
phase of a transfer not getting an ACK.

Delay an additional 1 ms per conversion to allow for additional margin.

Fixes: 4839367d99e3 ("iio: humidity: add HDC100x support")
Signed-off-by: Chris Lesiak <chris.lesiak@licor.com>
Acked-by: Matt Ranostay <matt.ranostay@konsulko.com>
Link: https://lore.kernel.org/r/20210614141820.2034827-1-chris.lesiak@licor.com
Cc: <Stable@vger.kernel.org>
Signed-off-by: Jonathan Cameron <Jonathan.Cameron@huawei.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
 drivers/iio/humidity/hdc100x.c |    6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

--- a/drivers/iio/humidity/hdc100x.c
+++ b/drivers/iio/humidity/hdc100x.c
@@ -25,6 +25,8 @@
 #include <linux/iio/trigger_consumer.h>
 #include <linux/iio/triggered_buffer.h>
 
+#include <linux/time.h>
+
 #define HDC100X_REG_TEMP			0x00
 #define HDC100X_REG_HUMIDITY			0x01
 
@@ -166,7 +168,7 @@ static int hdc100x_get_measurement(struc
 				   struct iio_chan_spec const *chan)
 {
 	struct i2c_client *client = data->client;
-	int delay = data->adc_int_us[chan->address];
+	int delay = data->adc_int_us[chan->address] + 1*USEC_PER_MSEC;
 	int ret;
 	__be16 val;
 
@@ -316,7 +318,7 @@ static irqreturn_t hdc100x_trigger_handl
 	struct iio_dev *indio_dev = pf->indio_dev;
 	struct hdc100x_data *data = iio_priv(indio_dev);
 	struct i2c_client *client = data->client;
-	int delay = data->adc_int_us[0] + data->adc_int_us[1];
+	int delay = data->adc_int_us[0] + data->adc_int_us[1] + 2*USEC_PER_MSEC;
 	int ret;
 
 	/* dual read starts at temp register */



^ permalink raw reply	[flat|nested] 112+ messages in thread

* [PATCH 5.10 04/96] iio: adc: Fix incorrect exit of for-loop
  2021-08-16 13:01 [PATCH 5.10 00/96] 5.10.60-rc1 review Greg Kroah-Hartman
                   ` (2 preceding siblings ...)
  2021-08-16 13:01 ` [PATCH 5.10 03/96] iio: humidity: hdc100x: Add margin to the conversion time Greg Kroah-Hartman
@ 2021-08-16 13:01 ` Greg Kroah-Hartman
  2021-08-16 13:01 ` [PATCH 5.10 05/96] ASoC: amd: Fix reference to PCM buffer address Greg Kroah-Hartman
                   ` (91 subsequent siblings)
  95 siblings, 0 replies; 112+ messages in thread
From: Greg Kroah-Hartman @ 2021-08-16 13:01 UTC (permalink / raw)
  To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Colin Ian King, Jonathan Cameron

From: Colin Ian King <colin.king@canonical.com>

commit 5afc1540f13804a31bb704b763308e17688369c5 upstream.

Currently the for-loop that scans for the optimial adc_period iterates
through all the possible adc_period levels because the exit logic in
the loop is inverted. I believe the comparison should be swapped and
the continue replaced with a break to exit the loop at the correct
point.

Addresses-Coverity: ("Continue has no effect")
Fixes: e08e19c331fb ("iio:adc: add iio driver for Palmas (twl6035/7) gpadc")
Signed-off-by: Colin Ian King <colin.king@canonical.com>
Link: https://lore.kernel.org/r/20210730071651.17394-1-colin.king@canonical.com
Cc: <stable@vger.kernel.org>
Signed-off-by: Jonathan Cameron <Jonathan.Cameron@huawei.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
 drivers/iio/adc/palmas_gpadc.c |    4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

--- a/drivers/iio/adc/palmas_gpadc.c
+++ b/drivers/iio/adc/palmas_gpadc.c
@@ -654,8 +654,8 @@ static int palmas_adc_wakeup_configure(s
 
 	adc_period = adc->auto_conversion_period;
 	for (i = 0; i < 16; ++i) {
-		if (((1000 * (1 << i)) / 32) < adc_period)
-			continue;
+		if (((1000 * (1 << i)) / 32) >= adc_period)
+			break;
 	}
 	if (i > 0)
 		i--;



^ permalink raw reply	[flat|nested] 112+ messages in thread

* [PATCH 5.10 05/96] ASoC: amd: Fix reference to PCM buffer address
  2021-08-16 13:01 [PATCH 5.10 00/96] 5.10.60-rc1 review Greg Kroah-Hartman
                   ` (3 preceding siblings ...)
  2021-08-16 13:01 ` [PATCH 5.10 04/96] iio: adc: Fix incorrect exit of for-loop Greg Kroah-Hartman
@ 2021-08-16 13:01 ` Greg Kroah-Hartman
  2021-08-16 13:01 ` [PATCH 5.10 06/96] ASoC: xilinx: " Greg Kroah-Hartman
                   ` (90 subsequent siblings)
  95 siblings, 0 replies; 112+ messages in thread
From: Greg Kroah-Hartman @ 2021-08-16 13:01 UTC (permalink / raw)
  To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Takashi Iwai, Mark Brown

From: Takashi Iwai <tiwai@suse.de>

commit 8b5d95313b6d30f642e4ed0125891984c446604e upstream.

PCM buffers might be allocated dynamically when the buffer
preallocation failed or a larger buffer is requested, and it's not
guaranteed that substream->dma_buffer points to the actually used
buffer.  The driver needs to refer to substream->runtime->dma_addr
instead for the buffer address.

Cc: <stable@vger.kernel.org>
Signed-off-by: Takashi Iwai <tiwai@suse.de>
Link: https://lore.kernel.org/r/20210731084331.32225-1-tiwai@suse.de
Signed-off-by: Mark Brown <broonie@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
 sound/soc/amd/acp-pcm-dma.c          |    2 +-
 sound/soc/amd/raven/acp3x-pcm-dma.c  |    2 +-
 sound/soc/amd/renoir/acp3x-pdm-dma.c |    2 +-
 3 files changed, 3 insertions(+), 3 deletions(-)

--- a/sound/soc/amd/acp-pcm-dma.c
+++ b/sound/soc/amd/acp-pcm-dma.c
@@ -969,7 +969,7 @@ static int acp_dma_hw_params(struct snd_
 
 	acp_set_sram_bank_state(rtd->acp_mmio, 0, true);
 	/* Save for runtime private data */
-	rtd->dma_addr = substream->dma_buffer.addr;
+	rtd->dma_addr = runtime->dma_addr;
 	rtd->order = get_order(size);
 
 	/* Fill the page table entries in ACP SRAM */
--- a/sound/soc/amd/raven/acp3x-pcm-dma.c
+++ b/sound/soc/amd/raven/acp3x-pcm-dma.c
@@ -288,7 +288,7 @@ static int acp3x_dma_hw_params(struct sn
 		pr_err("pinfo failed\n");
 	}
 	size = params_buffer_bytes(params);
-	rtd->dma_addr = substream->dma_buffer.addr;
+	rtd->dma_addr = substream->runtime->dma_addr;
 	rtd->num_pages = (PAGE_ALIGN(size) >> PAGE_SHIFT);
 	config_acp3x_dma(rtd, substream->stream);
 	return 0;
--- a/sound/soc/amd/renoir/acp3x-pdm-dma.c
+++ b/sound/soc/amd/renoir/acp3x-pdm-dma.c
@@ -248,7 +248,7 @@ static int acp_pdm_dma_hw_params(struct
 		return -EINVAL;
 	size = params_buffer_bytes(params);
 	period_bytes = params_period_bytes(params);
-	rtd->dma_addr = substream->dma_buffer.addr;
+	rtd->dma_addr = substream->runtime->dma_addr;
 	rtd->num_pages = (PAGE_ALIGN(size) >> PAGE_SHIFT);
 	config_acp_dma(rtd, substream->stream);
 	init_pdm_ring_buffer(MEM_WINDOW_START, size, period_bytes,



^ permalink raw reply	[flat|nested] 112+ messages in thread

* [PATCH 5.10 06/96] ASoC: xilinx: Fix reference to PCM buffer address
  2021-08-16 13:01 [PATCH 5.10 00/96] 5.10.60-rc1 review Greg Kroah-Hartman
                   ` (4 preceding siblings ...)
  2021-08-16 13:01 ` [PATCH 5.10 05/96] ASoC: amd: Fix reference to PCM buffer address Greg Kroah-Hartman
@ 2021-08-16 13:01 ` Greg Kroah-Hartman
  2021-08-16 13:01 ` [PATCH 5.10 07/96] ASoC: uniphier: " Greg Kroah-Hartman
                   ` (89 subsequent siblings)
  95 siblings, 0 replies; 112+ messages in thread
From: Greg Kroah-Hartman @ 2021-08-16 13:01 UTC (permalink / raw)
  To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Takashi Iwai, Mark Brown

From: Takashi Iwai <tiwai@suse.de>

commit 42bc62c9f1d3d4880bdc27acb5ab4784209bb0b0 upstream.

PCM buffers might be allocated dynamically when the buffer
preallocation failed or a larger buffer is requested, and it's not
guaranteed that substream->dma_buffer points to the actually used
buffer.  The driver needs to refer to substream->runtime->dma_addr
instead for the buffer address.

Cc: <stable@vger.kernel.org>
Signed-off-by: Takashi Iwai <tiwai@suse.de>
Link: https://lore.kernel.org/r/20210728112353.6675-4-tiwai@suse.de
Signed-off-by: Mark Brown <broonie@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
 sound/soc/xilinx/xlnx_formatter_pcm.c |    4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

--- a/sound/soc/xilinx/xlnx_formatter_pcm.c
+++ b/sound/soc/xilinx/xlnx_formatter_pcm.c
@@ -452,8 +452,8 @@ static int xlnx_formatter_pcm_hw_params(
 
 	stream_data->buffer_size = size;
 
-	low = lower_32_bits(substream->dma_buffer.addr);
-	high = upper_32_bits(substream->dma_buffer.addr);
+	low = lower_32_bits(runtime->dma_addr);
+	high = upper_32_bits(runtime->dma_addr);
 	writel(low, stream_data->mmio + XLNX_AUD_BUFF_ADDR_LSB);
 	writel(high, stream_data->mmio + XLNX_AUD_BUFF_ADDR_MSB);
 



^ permalink raw reply	[flat|nested] 112+ messages in thread

* [PATCH 5.10 07/96] ASoC: uniphier: Fix reference to PCM buffer address
  2021-08-16 13:01 [PATCH 5.10 00/96] 5.10.60-rc1 review Greg Kroah-Hartman
                   ` (5 preceding siblings ...)
  2021-08-16 13:01 ` [PATCH 5.10 06/96] ASoC: xilinx: " Greg Kroah-Hartman
@ 2021-08-16 13:01 ` Greg Kroah-Hartman
  2021-08-16 13:01 ` [PATCH 5.10 08/96] ASoC: tlv320aic31xx: Fix jack detection after suspend Greg Kroah-Hartman
                   ` (88 subsequent siblings)
  95 siblings, 0 replies; 112+ messages in thread
From: Greg Kroah-Hartman @ 2021-08-16 13:01 UTC (permalink / raw)
  To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Takashi Iwai, Mark Brown

From: Takashi Iwai <tiwai@suse.de>

commit 827f3164aaa579eee6fd50c6654861d54f282a11 upstream.

Along with the transition to the managed PCM buffers, the driver now
accepts the dynamically allocated buffer, while it still kept the
reference to the old preallocated buffer address.  This patch corrects
to the right reference via runtime->dma_addr.

(Although this might have been already buggy before the cleanup with
the managed buffer, let's put Fixes tag to point that; it's a corner
case, after all.)

Fixes: d55894bc2763 ("ASoC: uniphier: Use managed buffer allocation")
Cc: <stable@vger.kernel.org>
Signed-off-by: Takashi Iwai <tiwai@suse.de>
Link: https://lore.kernel.org/r/20210728112353.6675-5-tiwai@suse.de
Signed-off-by: Mark Brown <broonie@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
 sound/soc/uniphier/aio-dma.c |    2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

--- a/sound/soc/uniphier/aio-dma.c
+++ b/sound/soc/uniphier/aio-dma.c
@@ -198,7 +198,7 @@ static int uniphier_aiodma_mmap(struct s
 	vma->vm_page_prot = pgprot_writecombine(vma->vm_page_prot);
 
 	return remap_pfn_range(vma, vma->vm_start,
-			       substream->dma_buffer.addr >> PAGE_SHIFT,
+			       substream->runtime->dma_addr >> PAGE_SHIFT,
 			       vma->vm_end - vma->vm_start, vma->vm_page_prot);
 }
 



^ permalink raw reply	[flat|nested] 112+ messages in thread

* [PATCH 5.10 08/96] ASoC: tlv320aic31xx: Fix jack detection after suspend
  2021-08-16 13:01 [PATCH 5.10 00/96] 5.10.60-rc1 review Greg Kroah-Hartman
                   ` (6 preceding siblings ...)
  2021-08-16 13:01 ` [PATCH 5.10 07/96] ASoC: uniphier: " Greg Kroah-Hartman
@ 2021-08-16 13:01 ` Greg Kroah-Hartman
  2021-08-16 13:01 ` [PATCH 5.10 09/96] ASoC: intel: atom: Fix reference to PCM buffer address Greg Kroah-Hartman
                   ` (87 subsequent siblings)
  95 siblings, 0 replies; 112+ messages in thread
From: Greg Kroah-Hartman @ 2021-08-16 13:01 UTC (permalink / raw)
  To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Mark Brown

From: Mark Brown <broonie@kernel.org>

commit 2c39ca6885a2ec03e5c9e7c12a4da2aa8926605a upstream.

The tlv320aic31xx driver relies on regcache_sync() to restore the register
contents after going to _BIAS_OFF, for example during system suspend. This
does not work for the jack detection configuration since that is configured
via the same register that status is read back from so the register is
volatile and not cached. This can also cause issues during init if the jack
detection ends up getting set up before the CODEC is initially brought out
of _BIAS_OFF, we will reset the CODEC and resync the cache as part of that
process.

Fix this by explicitly reapplying the jack detection configuration after
resyncing the register cache during power on.

This issue was found by an engineer working off-list on a product
kernel, I just wrote up the upstream fix.

Signed-off-by: Mark Brown <broonie@kernel.org>
Link: https://lore.kernel.org/r/20210723180200.25105-1-broonie@kernel.org
Cc: stable@vger.kernel.org
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
 sound/soc/codecs/tlv320aic31xx.c |   10 ++++++++++
 1 file changed, 10 insertions(+)

--- a/sound/soc/codecs/tlv320aic31xx.c
+++ b/sound/soc/codecs/tlv320aic31xx.c
@@ -35,6 +35,9 @@
 
 #include "tlv320aic31xx.h"
 
+static int aic31xx_set_jack(struct snd_soc_component *component,
+                            struct snd_soc_jack *jack, void *data);
+
 static const struct reg_default aic31xx_reg_defaults[] = {
 	{ AIC31XX_CLKMUX, 0x00 },
 	{ AIC31XX_PLLPR, 0x11 },
@@ -1256,6 +1259,13 @@ static int aic31xx_power_on(struct snd_s
 		return ret;
 	}
 
+	/*
+	 * The jack detection configuration is in the same register
+	 * that is used to report jack detect status so is volatile
+	 * and not covered by the cache sync, restore it separately.
+	 */
+	aic31xx_set_jack(component, aic31xx->jack, NULL);
+
 	return 0;
 }
 



^ permalink raw reply	[flat|nested] 112+ messages in thread

* [PATCH 5.10 09/96] ASoC: intel: atom: Fix reference to PCM buffer address
  2021-08-16 13:01 [PATCH 5.10 00/96] 5.10.60-rc1 review Greg Kroah-Hartman
                   ` (7 preceding siblings ...)
  2021-08-16 13:01 ` [PATCH 5.10 08/96] ASoC: tlv320aic31xx: Fix jack detection after suspend Greg Kroah-Hartman
@ 2021-08-16 13:01 ` Greg Kroah-Hartman
  2021-08-16 13:01 ` [PATCH 5.10 10/96] i2c: dev: zero out array used for i2c reads from userspace Greg Kroah-Hartman
                   ` (86 subsequent siblings)
  95 siblings, 0 replies; 112+ messages in thread
From: Greg Kroah-Hartman @ 2021-08-16 13:01 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Cezary Rojewski,
	Pierre-Louis Bossart, Takashi Iwai, Mark Brown

From: Takashi Iwai <tiwai@suse.de>

commit 2e6b836312a477d647a7920b56810a5a25f6c856 upstream.

PCM buffers might be allocated dynamically when the buffer
preallocation failed or a larger buffer is requested, and it's not
guaranteed that substream->dma_buffer points to the actually used
buffer.  The address should be retrieved from runtime->dma_addr,
instead of substream->dma_buffer (and shouldn't use virt_to_phys).

Also, remove the line overriding runtime->dma_area superfluously,
which was already set up at the PCM buffer allocation.

Cc: Cezary Rojewski <cezary.rojewski@intel.com>
Cc: Pierre-Louis Bossart <pierre-louis.bossart@linux.intel.com>
Cc: <stable@vger.kernel.org>
Signed-off-by: Takashi Iwai <tiwai@suse.de>
Link: https://lore.kernel.org/r/20210728112353.6675-3-tiwai@suse.de
Signed-off-by: Mark Brown <broonie@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
 sound/soc/intel/atom/sst-mfld-platform-pcm.c |    3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

--- a/sound/soc/intel/atom/sst-mfld-platform-pcm.c
+++ b/sound/soc/intel/atom/sst-mfld-platform-pcm.c
@@ -127,7 +127,7 @@ static void sst_fill_alloc_params(struct
 	snd_pcm_uframes_t period_size;
 	ssize_t periodbytes;
 	ssize_t buffer_bytes = snd_pcm_lib_buffer_bytes(substream);
-	u32 buffer_addr = virt_to_phys(substream->dma_buffer.area);
+	u32 buffer_addr = substream->runtime->dma_addr;
 
 	channels = substream->runtime->channels;
 	period_size = substream->runtime->period_size;
@@ -233,7 +233,6 @@ static int sst_platform_alloc_stream(str
 	/* set codec params and inform SST driver the same */
 	sst_fill_pcm_params(substream, &param);
 	sst_fill_alloc_params(substream, &alloc_params);
-	substream->runtime->dma_area = substream->dma_buffer.area;
 	str_params.sparams = param;
 	str_params.aparams = alloc_params;
 	str_params.codec = SST_CODEC_TYPE_PCM;



^ permalink raw reply	[flat|nested] 112+ messages in thread

* [PATCH 5.10 10/96] i2c: dev: zero out array used for i2c reads from userspace
  2021-08-16 13:01 [PATCH 5.10 00/96] 5.10.60-rc1 review Greg Kroah-Hartman
                   ` (8 preceding siblings ...)
  2021-08-16 13:01 ` [PATCH 5.10 09/96] ASoC: intel: atom: Fix reference to PCM buffer address Greg Kroah-Hartman
@ 2021-08-16 13:01 ` Greg Kroah-Hartman
  2021-08-16 13:01 ` [PATCH 5.10 11/96] cifs: create sd context must be a multiple of 8 Greg Kroah-Hartman
                   ` (85 subsequent siblings)
  95 siblings, 0 replies; 112+ messages in thread
From: Greg Kroah-Hartman @ 2021-08-16 13:01 UTC (permalink / raw)
  To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Eric Dumazet, Wolfram Sang

From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

commit 86ff25ed6cd8240d18df58930bd8848b19fce308 upstream.

If an i2c driver happens to not provide the full amount of data that a
user asks for, it is possible that some uninitialized data could be sent
to userspace.  While all in-kernel drivers look to be safe, just be sure
by initializing the buffer to zero before it is passed to the i2c driver
so that any future drivers will not have this issue.

Also properly copy the amount of data recvieved to the userspace buffer,
as pointed out by Dan Carpenter.

Reported-by: Eric Dumazet <edumazet@google.com>
Cc: stable@vger.kernel.org
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Wolfram Sang <wsa@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
 drivers/i2c/i2c-dev.c |    5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

--- a/drivers/i2c/i2c-dev.c
+++ b/drivers/i2c/i2c-dev.c
@@ -141,7 +141,7 @@ static ssize_t i2cdev_read(struct file *
 	if (count > 8192)
 		count = 8192;
 
-	tmp = kmalloc(count, GFP_KERNEL);
+	tmp = kzalloc(count, GFP_KERNEL);
 	if (tmp == NULL)
 		return -ENOMEM;
 
@@ -150,7 +150,8 @@ static ssize_t i2cdev_read(struct file *
 
 	ret = i2c_master_recv(client, tmp, count);
 	if (ret >= 0)
-		ret = copy_to_user(buf, tmp, count) ? -EFAULT : ret;
+		if (copy_to_user(buf, tmp, ret))
+			ret = -EFAULT;
 	kfree(tmp);
 	return ret;
 }



^ permalink raw reply	[flat|nested] 112+ messages in thread

* [PATCH 5.10 11/96] cifs: create sd context must be a multiple of 8
  2021-08-16 13:01 [PATCH 5.10 00/96] 5.10.60-rc1 review Greg Kroah-Hartman
                   ` (9 preceding siblings ...)
  2021-08-16 13:01 ` [PATCH 5.10 10/96] i2c: dev: zero out array used for i2c reads from userspace Greg Kroah-Hartman
@ 2021-08-16 13:01 ` Greg Kroah-Hartman
  2021-08-16 13:01 ` [PATCH 5.10 12/96] scsi: lpfc: Move initialization of phba->poll_list earlier to avoid crash Greg Kroah-Hartman
                   ` (84 subsequent siblings)
  95 siblings, 0 replies; 112+ messages in thread
From: Greg Kroah-Hartman @ 2021-08-16 13:01 UTC (permalink / raw)
  To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Shyam Prasad N, Steve French

From: Shyam Prasad N <sprasad@microsoft.com>

commit 7d3fc01796fc895e5fcce45c994c5a8db8120a8d upstream.

We used to follow the rule earlier that the create SD context
always be a multiple of 8. However, with the change:
cifs: refactor create_sd_buf() and and avoid corrupting the buffer
...we recompute the length, and we failed that rule.
Fixing that with this change.

Cc: <stable@vger.kernel.org> # v5.10+
Signed-off-by: Shyam Prasad N <sprasad@microsoft.com>
Signed-off-by: Steve French <stfrench@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
 fs/cifs/smb2pdu.c |    2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

--- a/fs/cifs/smb2pdu.c
+++ b/fs/cifs/smb2pdu.c
@@ -2367,7 +2367,7 @@ create_sd_buf(umode_t mode, bool set_own
 	memcpy(aclptr, &acl, sizeof(struct cifs_acl));
 
 	buf->ccontext.DataLength = cpu_to_le32(ptr - (__u8 *)&buf->sd);
-	*len = ptr - (__u8 *)buf;
+	*len = roundup(ptr - (__u8 *)buf, 8);
 
 	return buf;
 }



^ permalink raw reply	[flat|nested] 112+ messages in thread

* [PATCH 5.10 12/96] scsi: lpfc: Move initialization of phba->poll_list earlier to avoid crash
  2021-08-16 13:01 [PATCH 5.10 00/96] 5.10.60-rc1 review Greg Kroah-Hartman
                   ` (10 preceding siblings ...)
  2021-08-16 13:01 ` [PATCH 5.10 11/96] cifs: create sd context must be a multiple of 8 Greg Kroah-Hartman
@ 2021-08-16 13:01 ` Greg Kroah-Hartman
  2021-08-16 13:01 ` [PATCH 5.10 13/96] seccomp: Fix setting loaded filter count during TSYNC Greg Kroah-Hartman
                   ` (83 subsequent siblings)
  95 siblings, 0 replies; 112+ messages in thread
From: Greg Kroah-Hartman @ 2021-08-16 13:01 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, James Smart, Ewan D. Milne,
	Martin K. Petersen

From: Ewan D. Milne <emilne@redhat.com>

commit 9977d880f7a3c233db9165a75a3a14defc2a4aee upstream.

The phba->poll_list is traversed in case of an error in
lpfc_sli4_hba_setup(), so it must be initialized earlier in case the error
path is taken.

[  490.030738] lpfc 0000:65:00.0: 0:1413 Failed to init iocb list.
[  490.036661] BUG: unable to handle kernel NULL pointer dereference at 0000000000000000
[  490.044485] PGD 0 P4D 0
[  490.047027] Oops: 0000 [#1] SMP PTI
[  490.050518] CPU: 0 PID: 7 Comm: kworker/0:1 Kdump: loaded Tainted: G          I      --------- -  - 4.18.
[  490.060511] Hardware name: Dell Inc. PowerEdge R440/0WKGTH, BIOS 1.4.8 05/22/2018
[  490.067994] Workqueue: events work_for_cpu_fn
[  490.072371] RIP: 0010:lpfc_sli4_cleanup_poll_list+0x20/0xb0 [lpfc]
[  490.078546] Code: cf e9 04 f7 fe ff 0f 1f 40 00 0f 1f 44 00 00 41 57 49 89 ff 41 56 41 55 41 54 4d 8d a79
[  490.097291] RSP: 0018:ffffbd1a463dbcc8 EFLAGS: 00010246
[  490.102518] RAX: 0000000000008200 RBX: ffff945cdb8c0000 RCX: 0000000000000000
[  490.109649] RDX: 0000000000018200 RSI: ffff9468d0e16818 RDI: 0000000000000000
[  490.116783] RBP: ffff945cdb8c1740 R08: 00000000000015c5 R09: 0000000000000042
[  490.123915] R10: 0000000000000000 R11: ffffbd1a463dbab0 R12: ffff945cdb8c25c0
[  490.131049] R13: 00000000fffffff4 R14: 0000000000001800 R15: ffff945cdb8c0000
[  490.138182] FS:  0000000000000000(0000) GS:ffff9468d0e00000(0000) knlGS:0000000000000000
[  490.146267] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  490.152013] CR2: 0000000000000000 CR3: 000000042ca10002 CR4: 00000000007706f0
[  490.159146] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[  490.166277] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[  490.173409] PKRU: 55555554
[  490.176123] Call Trace:
[  490.178598]  lpfc_sli4_queue_destroy+0x7f/0x3c0 [lpfc]
[  490.183745]  lpfc_sli4_hba_setup+0x1bc7/0x23e0 [lpfc]
[  490.188797]  ? kernfs_activate+0x63/0x80
[  490.192721]  ? kernfs_add_one+0xe7/0x130
[  490.196647]  ? __kernfs_create_file+0x80/0xb0
[  490.201020]  ? lpfc_pci_probe_one_s4.isra.48+0x46f/0x9e0 [lpfc]
[  490.206944]  lpfc_pci_probe_one_s4.isra.48+0x46f/0x9e0 [lpfc]
[  490.212697]  lpfc_pci_probe_one+0x179/0xb70 [lpfc]
[  490.217492]  local_pci_probe+0x41/0x90
[  490.221246]  work_for_cpu_fn+0x16/0x20
[  490.224994]  process_one_work+0x1a7/0x360
[  490.229009]  ? create_worker+0x1a0/0x1a0
[  490.232933]  worker_thread+0x1cf/0x390
[  490.236687]  ? create_worker+0x1a0/0x1a0
[  490.240612]  kthread+0x116/0x130
[  490.243846]  ? kthread_flush_work_fn+0x10/0x10
[  490.248293]  ret_from_fork+0x35/0x40
[  490.251869] Modules linked in: lpfc(+) xt_CHECKSUM ipt_MASQUERADE xt_conntrack ipt_REJECT nf_reject_ipv4i
[  490.332609] CR2: 0000000000000000

Link: https://lore.kernel.org/r/20210809150947.18104-1-emilne@redhat.com
Fixes: 93a4d6f40198 ("scsi: lpfc: Add registration for CPU Offline/Online events")
Cc: stable@vger.kernel.org
Reviewed-by: James Smart <jsmart2021@gmail.com>
Signed-off-by: Ewan D. Milne <emilne@redhat.com>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
 drivers/scsi/lpfc/lpfc_init.c |    3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

--- a/drivers/scsi/lpfc/lpfc_init.c
+++ b/drivers/scsi/lpfc/lpfc_init.c
@@ -13080,6 +13080,8 @@ lpfc_pci_probe_one_s4(struct pci_dev *pd
 	if (!phba)
 		return -ENOMEM;
 
+	INIT_LIST_HEAD(&phba->poll_list);
+
 	/* Perform generic PCI device enabling operation */
 	error = lpfc_enable_pci_dev(phba);
 	if (error)
@@ -13214,7 +13216,6 @@ lpfc_pci_probe_one_s4(struct pci_dev *pd
 	/* Enable RAS FW log support */
 	lpfc_sli4_ras_setup(phba);
 
-	INIT_LIST_HEAD(&phba->poll_list);
 	timer_setup(&phba->cpuhp_poll_timer, lpfc_sli4_poll_hbtimer, 0);
 	cpuhp_state_add_instance_nocalls(lpfc_cpuhp_state, &phba->cpuhp);
 



^ permalink raw reply	[flat|nested] 112+ messages in thread

* [PATCH 5.10 13/96] seccomp: Fix setting loaded filter count during TSYNC
  2021-08-16 13:01 [PATCH 5.10 00/96] 5.10.60-rc1 review Greg Kroah-Hartman
                   ` (11 preceding siblings ...)
  2021-08-16 13:01 ` [PATCH 5.10 12/96] scsi: lpfc: Move initialization of phba->poll_list earlier to avoid crash Greg Kroah-Hartman
@ 2021-08-16 13:01 ` Greg Kroah-Hartman
  2021-08-16 13:01 ` [PATCH 5.10 14/96] net: ethernet: ti: cpsw: fix min eth packet size for non-switch use-cases Greg Kroah-Hartman
                   ` (82 subsequent siblings)
  95 siblings, 0 replies; 112+ messages in thread
From: Greg Kroah-Hartman @ 2021-08-16 13:01 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Hsuan-Chi Kuo, Wiktor Garbacz, Kees Cook

From: Hsuan-Chi Kuo <hsuanchikuo@gmail.com>

commit b4d8a58f8dcfcc890f296696cadb76e77be44b5f upstream.

The desired behavior is to set the caller's filter count to thread's.
This value is reported via /proc, so this fixes the inaccurate count
exposed to userspace; it is not used for reference counting, etc.

Signed-off-by: Hsuan-Chi Kuo <hsuanchikuo@gmail.com>
Link: https://lore.kernel.org/r/20210304233708.420597-1-hsuanchikuo@gmail.com
Co-developed-by: Wiktor Garbacz <wiktorg@google.com>
Signed-off-by: Wiktor Garbacz <wiktorg@google.com>
Link: https://lore.kernel.org/lkml/20210810125158.329849-1-wiktorg@google.com
Signed-off-by: Kees Cook <keescook@chromium.org>
Cc: stable@vger.kernel.org
Fixes: c818c03b661c ("seccomp: Report number of loaded filters in /proc/$pid/status")
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
 kernel/seccomp.c |    2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

--- a/kernel/seccomp.c
+++ b/kernel/seccomp.c
@@ -511,7 +511,7 @@ static inline void seccomp_sync_threads(
 		smp_store_release(&thread->seccomp.filter,
 				  caller->seccomp.filter);
 		atomic_set(&thread->seccomp.filter_count,
-			   atomic_read(&thread->seccomp.filter_count));
+			   atomic_read(&caller->seccomp.filter_count));
 
 		/*
 		 * Don't let an unprivileged task work around



^ permalink raw reply	[flat|nested] 112+ messages in thread

* [PATCH 5.10 14/96] net: ethernet: ti: cpsw: fix min eth packet size for non-switch use-cases
  2021-08-16 13:01 [PATCH 5.10 00/96] 5.10.60-rc1 review Greg Kroah-Hartman
                   ` (12 preceding siblings ...)
  2021-08-16 13:01 ` [PATCH 5.10 13/96] seccomp: Fix setting loaded filter count during TSYNC Greg Kroah-Hartman
@ 2021-08-16 13:01 ` Greg Kroah-Hartman
  2021-08-16 13:01 ` [PATCH 5.10 15/96] ARC: fp: set FPU_STATUS.FWE to enable FPU_STATUS update on context switch Greg Kroah-Hartman
                   ` (81 subsequent siblings)
  95 siblings, 0 replies; 112+ messages in thread
From: Greg Kroah-Hartman @ 2021-08-16 13:01 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Ben Hutchings, Grygorii Strashko,
	David S. Miller

From: Grygorii Strashko <grygorii.strashko@ti.com>

commit acc68b8d2a1196c4db806947606f162dbeed2274 upstream.

The CPSW switchdev driver inherited fix from commit 9421c9015047 ("net:
ethernet: ti: cpsw: fix min eth packet size") which changes min TX packet
size to 64bytes (VLAN_ETH_ZLEN, excluding ETH_FCS). It was done to fix HW
packed drop issue when packets are sent from Host to the port with PVID and
un-tagging enabled. Unfortunately this breaks some other non-switch
specific use-cases, like:
- [1] CPSW port as DSA CPU port with DSA-tag applied at the end of the
packet
- [2] Some industrial protocols, which expects min TX packet size 60Bytes
(excluding FCS).

Fix it by configuring min TX packet size depending on driver mode
 - 60Bytes (ETH_ZLEN) for multi mac (dual-mac) mode
 - 64Bytes (VLAN_ETH_ZLEN) for switch mode
and update it during driver mode change and annotate with
READ_ONCE()/WRITE_ONCE() as it can be read by napi while writing.

[1] https://lore.kernel.org/netdev/20210531124051.GA15218@cephalopod/
[2] https://e2e.ti.com/support/arm/sitara_arm/f/791/t/701669

Cc: stable@vger.kernel.org
Fixes: ed3525eda4c4 ("net: ethernet: ti: introduce cpsw switchdev based driver part 1 - dual-emac")
Reported-by: Ben Hutchings <ben.hutchings@essensium.com>
Signed-off-by: Grygorii Strashko <grygorii.strashko@ti.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
 drivers/net/ethernet/ti/cpsw_new.c  |    7 +++++--
 drivers/net/ethernet/ti/cpsw_priv.h |    4 +++-
 2 files changed, 8 insertions(+), 3 deletions(-)

--- a/drivers/net/ethernet/ti/cpsw_new.c
+++ b/drivers/net/ethernet/ti/cpsw_new.c
@@ -928,7 +928,7 @@ static netdev_tx_t cpsw_ndo_start_xmit(s
 	struct cpdma_chan *txch;
 	int ret, q_idx;
 
-	if (skb_padto(skb, CPSW_MIN_PACKET_SIZE)) {
+	if (skb_put_padto(skb, READ_ONCE(priv->tx_packet_min))) {
 		cpsw_err(priv, tx_err, "packet pad failed\n");
 		ndev->stats.tx_dropped++;
 		return NET_XMIT_DROP;
@@ -1108,7 +1108,7 @@ static int cpsw_ndo_xdp_xmit(struct net_
 
 	for (i = 0; i < n; i++) {
 		xdpf = frames[i];
-		if (xdpf->len < CPSW_MIN_PACKET_SIZE) {
+		if (xdpf->len < READ_ONCE(priv->tx_packet_min)) {
 			xdp_return_frame_rx_napi(xdpf);
 			drops++;
 			continue;
@@ -1402,6 +1402,7 @@ static int cpsw_create_ports(struct cpsw
 		priv->dev  = dev;
 		priv->msg_enable = netif_msg_init(debug_level, CPSW_DEBUG);
 		priv->emac_port = i + 1;
+		priv->tx_packet_min = CPSW_MIN_PACKET_SIZE;
 
 		if (is_valid_ether_addr(slave_data->mac_addr)) {
 			ether_addr_copy(priv->mac_addr, slave_data->mac_addr);
@@ -1699,6 +1700,7 @@ static int cpsw_dl_switch_mode_set(struc
 
 			priv = netdev_priv(sl_ndev);
 			slave->port_vlan = vlan;
+			WRITE_ONCE(priv->tx_packet_min, CPSW_MIN_PACKET_SIZE_VLAN);
 			if (netif_running(sl_ndev))
 				cpsw_port_add_switch_def_ale_entries(priv,
 								     slave);
@@ -1727,6 +1729,7 @@ static int cpsw_dl_switch_mode_set(struc
 
 			priv = netdev_priv(slave->ndev);
 			slave->port_vlan = slave->data->dual_emac_res_vlan;
+			WRITE_ONCE(priv->tx_packet_min, CPSW_MIN_PACKET_SIZE);
 			cpsw_port_add_dual_emac_def_ale_entries(priv, slave);
 		}
 
--- a/drivers/net/ethernet/ti/cpsw_priv.h
+++ b/drivers/net/ethernet/ti/cpsw_priv.h
@@ -89,7 +89,8 @@ do {								\
 
 #define CPSW_POLL_WEIGHT	64
 #define CPSW_RX_VLAN_ENCAP_HDR_SIZE		4
-#define CPSW_MIN_PACKET_SIZE	(VLAN_ETH_ZLEN)
+#define CPSW_MIN_PACKET_SIZE_VLAN	(VLAN_ETH_ZLEN)
+#define CPSW_MIN_PACKET_SIZE	(ETH_ZLEN)
 #define CPSW_MAX_PACKET_SIZE	(VLAN_ETH_FRAME_LEN +\
 				 ETH_FCS_LEN +\
 				 CPSW_RX_VLAN_ENCAP_HDR_SIZE)
@@ -380,6 +381,7 @@ struct cpsw_priv {
 	u32 emac_port;
 	struct cpsw_common *cpsw;
 	int offload_fwd_mark;
+	u32 tx_packet_min;
 };
 
 #define ndev_to_cpsw(ndev) (((struct cpsw_priv *)netdev_priv(ndev))->cpsw)



^ permalink raw reply	[flat|nested] 112+ messages in thread

* [PATCH 5.10 15/96] ARC: fp: set FPU_STATUS.FWE to enable FPU_STATUS update on context switch
  2021-08-16 13:01 [PATCH 5.10 00/96] 5.10.60-rc1 review Greg Kroah-Hartman
                   ` (13 preceding siblings ...)
  2021-08-16 13:01 ` [PATCH 5.10 14/96] net: ethernet: ti: cpsw: fix min eth packet size for non-switch use-cases Greg Kroah-Hartman
@ 2021-08-16 13:01 ` Greg Kroah-Hartman
  2021-08-16 13:01 ` [PATCH 5.10 16/96] ceph: reduce contention in ceph_check_delayed_caps() Greg Kroah-Hartman
                   ` (80 subsequent siblings)
  95 siblings, 0 replies; 112+ messages in thread
From: Greg Kroah-Hartman @ 2021-08-16 13:01 UTC (permalink / raw)
  To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Vineet Gupta

From: Vineet Gupta <vgupta@synopsys.com>

commit 3a715e80400f452b247caa55344f4f60250ffbcf upstream.

FPU_STATUS register contains FP exception flags bits which are updated
by core as side-effect of FP instructions but can also be manually
wiggled such as by glibc C99 functions fe{raise,clear,test}except() etc.
To effect the update, the programming model requires OR'ing FWE
bit (31). This bit is write-only and RAZ, meaning it is effectively
auto-cleared after write and thus needs to be set everytime: which
is how glibc implements this.

However there's another usecase of FPU_STATUS update, at the time of
Linux task switch when incoming task value needs to be programmed into
the register. This was added as part of f45ba2bd6da0dc ("ARCv2:
fpu: preserve userspace fpu state") which missed OR'ing FWE bit,
meaning the new value is effectively not being written at all.
This patch remedies that.

Interestingly, this snafu was not caught in interm glibc testing as the
race window which relies on a specific exception bit to be set/clear is
really small specially when it nvolves context switch.
Fortunately this was caught by glibc's math/test-fenv-tls test which
repeatedly set/clear exception flags in a big loop, concurrently in main
program and also in a thread.

Fixes: https://github.com/foss-for-synopsys-dwc-arc-processors/linux/issues/54
Fixes: f45ba2bd6da0dc ("ARCv2: fpu: preserve userspace fpu state")
Cc: stable@vger.kernel.org	#5.6+
Signed-off-by: Vineet Gupta <vgupta@synopsys.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
 arch/arc/kernel/fpu.c |    9 ++++++---
 1 file changed, 6 insertions(+), 3 deletions(-)

--- a/arch/arc/kernel/fpu.c
+++ b/arch/arc/kernel/fpu.c
@@ -57,23 +57,26 @@ void fpu_save_restore(struct task_struct
 
 void fpu_init_task(struct pt_regs *regs)
 {
+	const unsigned int fwe = 0x80000000;
+
 	/* default rounding mode */
 	write_aux_reg(ARC_REG_FPU_CTRL, 0x100);
 
-	/* set "Write enable" to allow explicit write to exception flags */
-	write_aux_reg(ARC_REG_FPU_STATUS, 0x80000000);
+	/* Initialize to zero: setting requires FWE be set */
+	write_aux_reg(ARC_REG_FPU_STATUS, fwe);
 }
 
 void fpu_save_restore(struct task_struct *prev, struct task_struct *next)
 {
 	struct arc_fpu *save = &prev->thread.fpu;
 	struct arc_fpu *restore = &next->thread.fpu;
+	const unsigned int fwe = 0x80000000;
 
 	save->ctrl = read_aux_reg(ARC_REG_FPU_CTRL);
 	save->status = read_aux_reg(ARC_REG_FPU_STATUS);
 
 	write_aux_reg(ARC_REG_FPU_CTRL, restore->ctrl);
-	write_aux_reg(ARC_REG_FPU_STATUS, restore->status);
+	write_aux_reg(ARC_REG_FPU_STATUS, (fwe | restore->status));
 }
 
 #endif



^ permalink raw reply	[flat|nested] 112+ messages in thread

* [PATCH 5.10 16/96] ceph: reduce contention in ceph_check_delayed_caps()
  2021-08-16 13:01 [PATCH 5.10 00/96] 5.10.60-rc1 review Greg Kroah-Hartman
                   ` (14 preceding siblings ...)
  2021-08-16 13:01 ` [PATCH 5.10 15/96] ARC: fp: set FPU_STATUS.FWE to enable FPU_STATUS update on context switch Greg Kroah-Hartman
@ 2021-08-16 13:01 ` Greg Kroah-Hartman
  2021-08-16 13:01 ` [PATCH 5.10 17/96] ACPI: NFIT: Fix support for virtual SPA ranges Greg Kroah-Hartman
                   ` (79 subsequent siblings)
  95 siblings, 0 replies; 112+ messages in thread
From: Greg Kroah-Hartman @ 2021-08-16 13:01 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Luis Henriques, Jeff Layton, Ilya Dryomov

From: Luis Henriques <lhenriques@suse.de>

commit bf2ba432213fade50dd39f2e348085b758c0726e upstream.

Function ceph_check_delayed_caps() is called from the mdsc->delayed_work
workqueue and it can be kept looping for quite some time if caps keep
being added back to the mdsc->cap_delay_list.  This may result in the
watchdog tainting the kernel with the softlockup flag.

This patch breaks this loop if the caps have been recently (i.e. during
the loop execution).  Any new caps added to the list will be handled in
the next run.

Also, allow schedule_delayed() callers to explicitly set the delay value
instead of defaulting to 5s, so we can ensure that it runs soon
afterward if it looks like there is more work.

Cc: stable@vger.kernel.org
URL: https://tracker.ceph.com/issues/46284
Signed-off-by: Luis Henriques <lhenriques@suse.de>
Reviewed-by: Jeff Layton <jlayton@kernel.org>
Signed-off-by: Ilya Dryomov <idryomov@gmail.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
 fs/ceph/caps.c       |   17 ++++++++++++++++-
 fs/ceph/mds_client.c |   25 ++++++++++++++++---------
 fs/ceph/super.h      |    2 +-
 3 files changed, 33 insertions(+), 11 deletions(-)

--- a/fs/ceph/caps.c
+++ b/fs/ceph/caps.c
@@ -4202,11 +4202,19 @@ bad:
 
 /*
  * Delayed work handler to process end of delayed cap release LRU list.
+ *
+ * If new caps are added to the list while processing it, these won't get
+ * processed in this run.  In this case, the ci->i_hold_caps_max will be
+ * returned so that the work can be scheduled accordingly.
  */
-void ceph_check_delayed_caps(struct ceph_mds_client *mdsc)
+unsigned long ceph_check_delayed_caps(struct ceph_mds_client *mdsc)
 {
 	struct inode *inode;
 	struct ceph_inode_info *ci;
+	struct ceph_mount_options *opt = mdsc->fsc->mount_options;
+	unsigned long delay_max = opt->caps_wanted_delay_max * HZ;
+	unsigned long loop_start = jiffies;
+	unsigned long delay = 0;
 
 	dout("check_delayed_caps\n");
 	spin_lock(&mdsc->cap_delay_lock);
@@ -4214,6 +4222,11 @@ void ceph_check_delayed_caps(struct ceph
 		ci = list_first_entry(&mdsc->cap_delay_list,
 				      struct ceph_inode_info,
 				      i_cap_delay_list);
+		if (time_before(loop_start, ci->i_hold_caps_max - delay_max)) {
+			dout("%s caps added recently.  Exiting loop", __func__);
+			delay = ci->i_hold_caps_max;
+			break;
+		}
 		if ((ci->i_ceph_flags & CEPH_I_FLUSH) == 0 &&
 		    time_before(jiffies, ci->i_hold_caps_max))
 			break;
@@ -4230,6 +4243,8 @@ void ceph_check_delayed_caps(struct ceph
 		}
 	}
 	spin_unlock(&mdsc->cap_delay_lock);
+
+	return delay;
 }
 
 /*
--- a/fs/ceph/mds_client.c
+++ b/fs/ceph/mds_client.c
@@ -4435,22 +4435,29 @@ void inc_session_sequence(struct ceph_md
 }
 
 /*
- * delayed work -- periodically trim expired leases, renew caps with mds
+ * delayed work -- periodically trim expired leases, renew caps with mds.  If
+ * the @delay parameter is set to 0 or if it's more than 5 secs, the default
+ * workqueue delay value of 5 secs will be used.
  */
-static void schedule_delayed(struct ceph_mds_client *mdsc)
+static void schedule_delayed(struct ceph_mds_client *mdsc, unsigned long delay)
 {
-	int delay = 5;
-	unsigned hz = round_jiffies_relative(HZ * delay);
-	schedule_delayed_work(&mdsc->delayed_work, hz);
+	unsigned long max_delay = HZ * 5;
+
+	/* 5 secs default delay */
+	if (!delay || (delay > max_delay))
+		delay = max_delay;
+	schedule_delayed_work(&mdsc->delayed_work,
+			      round_jiffies_relative(delay));
 }
 
 static void delayed_work(struct work_struct *work)
 {
-	int i;
 	struct ceph_mds_client *mdsc =
 		container_of(work, struct ceph_mds_client, delayed_work.work);
+	unsigned long delay;
 	int renew_interval;
 	int renew_caps;
+	int i;
 
 	dout("mdsc delayed_work\n");
 
@@ -4490,7 +4497,7 @@ static void delayed_work(struct work_str
 	}
 	mutex_unlock(&mdsc->mutex);
 
-	ceph_check_delayed_caps(mdsc);
+	delay = ceph_check_delayed_caps(mdsc);
 
 	ceph_queue_cap_reclaim_work(mdsc);
 
@@ -4498,7 +4505,7 @@ static void delayed_work(struct work_str
 
 	maybe_recover_session(mdsc);
 
-	schedule_delayed(mdsc);
+	schedule_delayed(mdsc, delay);
 }
 
 int ceph_mdsc_init(struct ceph_fs_client *fsc)
@@ -4984,7 +4991,7 @@ void ceph_mdsc_handle_mdsmap(struct ceph
 			  mdsc->mdsmap->m_epoch);
 
 	mutex_unlock(&mdsc->mutex);
-	schedule_delayed(mdsc);
+	schedule_delayed(mdsc, 0);
 	return;
 
 bad_unlock:
--- a/fs/ceph/super.h
+++ b/fs/ceph/super.h
@@ -1138,7 +1138,7 @@ extern void ceph_flush_snaps(struct ceph
 extern bool __ceph_should_report_size(struct ceph_inode_info *ci);
 extern void ceph_check_caps(struct ceph_inode_info *ci, int flags,
 			    struct ceph_mds_session *session);
-extern void ceph_check_delayed_caps(struct ceph_mds_client *mdsc);
+extern unsigned long ceph_check_delayed_caps(struct ceph_mds_client *mdsc);
 extern void ceph_flush_dirty_caps(struct ceph_mds_client *mdsc);
 extern int  ceph_drop_caps_for_unlink(struct inode *inode);
 extern int ceph_encode_inode_release(void **p, struct inode *inode,



^ permalink raw reply	[flat|nested] 112+ messages in thread

* [PATCH 5.10 17/96] ACPI: NFIT: Fix support for virtual SPA ranges
  2021-08-16 13:01 [PATCH 5.10 00/96] 5.10.60-rc1 review Greg Kroah-Hartman
                   ` (15 preceding siblings ...)
  2021-08-16 13:01 ` [PATCH 5.10 16/96] ceph: reduce contention in ceph_check_delayed_caps() Greg Kroah-Hartman
@ 2021-08-16 13:01 ` Greg Kroah-Hartman
  2021-08-16 13:01 ` [PATCH 5.10 18/96] libnvdimm/region: Fix label activation vs errors Greg Kroah-Hartman
                   ` (78 subsequent siblings)
  95 siblings, 0 replies; 112+ messages in thread
From: Greg Kroah-Hartman @ 2021-08-16 13:01 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Jacek Zloch, Lukasz Sobieraj, Lee,
	Chun-Yi, Krzysztof Rusocki, Damian Bassa, Jeff Moyer,
	Dan Williams

From: Dan Williams <dan.j.williams@intel.com>

commit b93dfa6bda4d4e88e5386490f2b277a26958f9d3 upstream.

Fix the NFIT parsing code to treat a 0 index in a SPA Range Structure as
a special case and not match Region Mapping Structures that use 0 to
indicate that they are not mapped. Without this fix some platform BIOS
descriptions of "virtual disk" ranges do not result in the pmem driver
attaching to the range.

Details:
In addition to typical persistent memory ranges, the ACPI NFIT may also
convey "virtual" ranges. These ranges are indicated by a UUID in the SPA
Range Structure of UUID_VOLATILE_VIRTUAL_DISK, UUID_VOLATILE_VIRTUAL_CD,
UUID_PERSISTENT_VIRTUAL_DISK, or UUID_PERSISTENT_VIRTUAL_CD. The
critical difference between virtual ranges and UUID_PERSISTENT_MEMORY,
is that virtual do not support associations with Region Mapping
Structures.  For this reason the "index" value of virtual SPA Range
Structures is allowed to be 0. If a platform BIOS decides to represent
NVDIMMs with disconnected "Region Mapping Structures" (range-index ==
0), the kernel may falsely associate them with standalone ranges where
the "SPA Range Structure Index" is also zero. When this happens the
driver may falsely require labels where "virtual disks" are expected to
be label-less. I.e. "label-less" is where the namespace-range ==
region-range and the pmem driver attaches with no user action to create
a namespace.

Cc: Jacek Zloch <jacek.zloch@intel.com>
Cc: Lukasz Sobieraj <lukasz.sobieraj@intel.com>
Cc: "Lee, Chun-Yi" <jlee@suse.com>
Cc: <stable@vger.kernel.org>
Fixes: c2f32acdf848 ("acpi, nfit: treat virtual ramdisk SPA as pmem region")
Reported-by: Krzysztof Rusocki <krzysztof.rusocki@intel.com>
Reported-by: Damian Bassa <damian.bassa@intel.com>
Reviewed-by: Jeff Moyer <jmoyer@redhat.com>
Link: https://lore.kernel.org/r/162870796589.2521182.1240403310175570220.stgit@dwillia2-desk3.amr.corp.intel.com
Signed-off-by: Dan Williams <dan.j.williams@intel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
 drivers/acpi/nfit/core.c |    3 +++
 1 file changed, 3 insertions(+)

--- a/drivers/acpi/nfit/core.c
+++ b/drivers/acpi/nfit/core.c
@@ -3031,6 +3031,9 @@ static int acpi_nfit_register_region(str
 		struct acpi_nfit_memory_map *memdev = nfit_memdev->memdev;
 		struct nd_mapping_desc *mapping;
 
+		/* range index 0 == unmapped in SPA or invalid-SPA */
+		if (memdev->range_index == 0 || spa->range_index == 0)
+			continue;
 		if (memdev->range_index != spa->range_index)
 			continue;
 		if (count >= ND_MAX_MAPPINGS) {



^ permalink raw reply	[flat|nested] 112+ messages in thread

* [PATCH 5.10 18/96] libnvdimm/region: Fix label activation vs errors
  2021-08-16 13:01 [PATCH 5.10 00/96] 5.10.60-rc1 review Greg Kroah-Hartman
                   ` (16 preceding siblings ...)
  2021-08-16 13:01 ` [PATCH 5.10 17/96] ACPI: NFIT: Fix support for virtual SPA ranges Greg Kroah-Hartman
@ 2021-08-16 13:01 ` Greg Kroah-Hartman
  2021-08-16 13:01 ` [PATCH 5.10 19/96] drm/amd/display: Remove invalid assert for ODM + MPC case Greg Kroah-Hartman
                   ` (77 subsequent siblings)
  95 siblings, 0 replies; 112+ messages in thread
From: Greg Kroah-Hartman @ 2021-08-16 13:01 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Krzysztof Kensicki, Jeff Moyer, Dan Williams

From: Dan Williams <dan.j.williams@intel.com>

commit d9cee9f85b22fab88d2b76d2e92b18e3d0e6aa8c upstream.

There are a few scenarios where init_active_labels() can return without
registering deactivate_labels() to run when the region is disabled. In
particular label error injection creates scenarios where a DIMM is
disabled, but labels on other DIMMs in the region become activated.

Arrange for init_active_labels() to always register deactivate_labels().

Reported-by: Krzysztof Kensicki <krzysztof.kensicki@intel.com>
Cc: <stable@vger.kernel.org>
Fixes: bf9bccc14c05 ("libnvdimm: pmem label sets and namespace instantiation.")
Reviewed-by: Jeff Moyer <jmoyer@redhat.com>
Link: https://lore.kernel.org/r/162766356450.3223041.1183118139023841447.stgit@dwillia2-desk3.amr.corp.intel.com
Signed-off-by: Dan Williams <dan.j.williams@intel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
 drivers/nvdimm/namespace_devs.c |   17 +++++++++++------
 1 file changed, 11 insertions(+), 6 deletions(-)

--- a/drivers/nvdimm/namespace_devs.c
+++ b/drivers/nvdimm/namespace_devs.c
@@ -2527,7 +2527,7 @@ static void deactivate_labels(void *regi
 
 static int init_active_labels(struct nd_region *nd_region)
 {
-	int i;
+	int i, rc = 0;
 
 	for (i = 0; i < nd_region->ndr_mappings; i++) {
 		struct nd_mapping *nd_mapping = &nd_region->mapping[i];
@@ -2546,13 +2546,14 @@ static int init_active_labels(struct nd_
 			else if (test_bit(NDD_LABELING, &nvdimm->flags))
 				/* fail, labels needed to disambiguate dpa */;
 			else
-				return 0;
+				continue;
 
 			dev_err(&nd_region->dev, "%s: is %s, failing probe\n",
 					dev_name(&nd_mapping->nvdimm->dev),
 					test_bit(NDD_LOCKED, &nvdimm->flags)
 					? "locked" : "disabled");
-			return -ENXIO;
+			rc = -ENXIO;
+			goto out;
 		}
 		nd_mapping->ndd = ndd;
 		atomic_inc(&nvdimm->busy);
@@ -2586,13 +2587,17 @@ static int init_active_labels(struct nd_
 			break;
 	}
 
-	if (i < nd_region->ndr_mappings) {
+	if (i < nd_region->ndr_mappings)
+		rc = -ENOMEM;
+
+out:
+	if (rc) {
 		deactivate_labels(nd_region);
-		return -ENOMEM;
+		return rc;
 	}
 
 	return devm_add_action_or_reset(&nd_region->dev, deactivate_labels,
-			nd_region);
+					nd_region);
 }
 
 int nd_region_register_namespaces(struct nd_region *nd_region, int *err)



^ permalink raw reply	[flat|nested] 112+ messages in thread

* [PATCH 5.10 19/96] drm/amd/display: Remove invalid assert for ODM + MPC case
  2021-08-16 13:01 [PATCH 5.10 00/96] 5.10.60-rc1 review Greg Kroah-Hartman
                   ` (17 preceding siblings ...)
  2021-08-16 13:01 ` [PATCH 5.10 18/96] libnvdimm/region: Fix label activation vs errors Greg Kroah-Hartman
@ 2021-08-16 13:01 ` Greg Kroah-Hartman
  2021-08-16 13:01 ` [PATCH 5.10 20/96] drm/amd/display: use GFP_ATOMIC in amdgpu_dm_irq_schedule_work Greg Kroah-Hartman
                   ` (76 subsequent siblings)
  95 siblings, 0 replies; 112+ messages in thread
From: Greg Kroah-Hartman @ 2021-08-16 13:01 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Dmytro Laktyushkin, Anson Jacob,
	Eric Bernstein, Daniel Wheeler, Alex Deucher

From: Eric Bernstein <eric.bernstein@amd.com>

commit c90f6263f58a28c3d97b83679d6fd693b33dfd4e upstream.

Reviewed-by: Dmytro Laktyushkin <Dmytro.Laktyushkin@amd.com>
Acked-by: Anson Jacob <Anson.Jacob@amd.com>
Signed-off-by: Eric Bernstein <eric.bernstein@amd.com>
Cc: stable@vger.kernel.org
Tested-by: Daniel Wheeler <daniel.wheeler@amd.com>
Signed-off-by: Alex Deucher <alexander.deucher@amd.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
 drivers/gpu/drm/amd/display/dc/dcn30/dcn30_resource.c |    1 -
 1 file changed, 1 deletion(-)

--- a/drivers/gpu/drm/amd/display/dc/dcn30/dcn30_resource.c
+++ b/drivers/gpu/drm/amd/display/dc/dcn30/dcn30_resource.c
@@ -1875,7 +1875,6 @@ static bool dcn30_split_stream_for_mpc_o
 		}
 		pri_pipe->next_odm_pipe = sec_pipe;
 		sec_pipe->prev_odm_pipe = pri_pipe;
-		ASSERT(sec_pipe->top_pipe == NULL);
 
 		sec_pipe->stream_res.opp = pool->opps[pipe_idx];
 		if (sec_pipe->stream->timing.flags.DSC == 1) {



^ permalink raw reply	[flat|nested] 112+ messages in thread

* [PATCH 5.10 20/96] drm/amd/display: use GFP_ATOMIC in amdgpu_dm_irq_schedule_work
  2021-08-16 13:01 [PATCH 5.10 00/96] 5.10.60-rc1 review Greg Kroah-Hartman
                   ` (18 preceding siblings ...)
  2021-08-16 13:01 ` [PATCH 5.10 19/96] drm/amd/display: Remove invalid assert for ODM + MPC case Greg Kroah-Hartman
@ 2021-08-16 13:01 ` Greg Kroah-Hartman
  2021-08-16 13:01 ` [PATCH 5.10 21/96] drm/amdgpu: dont enable baco on boco platforms in runpm Greg Kroah-Hartman
                   ` (75 subsequent siblings)
  95 siblings, 0 replies; 112+ messages in thread
From: Greg Kroah-Hartman @ 2021-08-16 13:01 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Aurabindo Jayamohanan Pillai,
	Anson Jacob, Daniel Wheeler, Alex Deucher

From: Anson Jacob <Anson.Jacob@amd.com>

commit 0cde63a8fc4d9f9f580c297211fd05f91c0fd66d upstream.

Replace GFP_KERNEL with GFP_ATOMIC as amdgpu_dm_irq_schedule_work
can't sleep.

BUG: sleeping function called from invalid context at include/linux/sched/mm.h:196
in_atomic(): 1, irqs_disabled(): 1, non_block: 0, pid: 253, name: kworker/6:1H
CPU: 6 PID: 253 Comm: kworker/6:1H Tainted: G        W  OE     5.11.0-promotion_2021_06_07-18_36_28_prelim_revert_retrain #8
Hardware name: System manufacturer System Product Name/PRIME X570-PRO, BIOS 3405 02/01/2021
Workqueue: events_highpri dm_irq_work_func [amdgpu]
Call Trace:
 <IRQ>
 dump_stack+0x5e/0x74
 ___might_sleep.cold+0x87/0x98
 __might_sleep+0x4b/0x80
 kmem_cache_alloc_trace+0x390/0x4f0
 amdgpu_dm_irq_handler+0x171/0x230 [amdgpu]
 amdgpu_irq_dispatch+0xc0/0x1e0 [amdgpu]
 amdgpu_ih_process+0x81/0x100 [amdgpu]
 amdgpu_irq_handler+0x26/0xa0 [amdgpu]
 __handle_irq_event_percpu+0x49/0x190
 ? __hrtimer_get_next_event+0x4d/0x80
 handle_irq_event_percpu+0x33/0x80
 handle_irq_event+0x33/0x60
 handle_edge_irq+0x82/0x190
 asm_call_irq_on_stack+0x12/0x20
 </IRQ>
 common_interrupt+0xbb/0x140
 asm_common_interrupt+0x1e/0x40
RIP: 0010:amdgpu_device_rreg.part.0+0x44/0xf0 [amdgpu]
Code: 53 48 89 fb 4c 3b af c8 08 00 00 73 6d 83 e2 02 75 0d f6 87 40 62 01 00 10 0f 85 83 00 00 00 4c 03 ab d0 08 00 00 45 8b 6d 00 <8b> 05 3e b6 52 00 85 c0 7e 62 48 8b 43 08 0f b7 70 3e 65 8b 05 e3
RSP: 0018:ffffae7740fff9e8 EFLAGS: 00000286
RAX: ffffffffc05ee610 RBX: ffff8aaf8f620000 RCX: 0000000000000006
RDX: 0000000000000000 RSI: 0000000000005430 RDI: ffff8aaf8f620000
RBP: ffffae7740fffa08 R08: 0000000000000001 R09: 000000000000000a
R10: 0000000000000001 R11: 0000000000000001 R12: 0000000000005430
R13: 0000000071000000 R14: 0000000000000001 R15: 0000000000005430
 ? amdgpu_cgs_write_register+0x20/0x20 [amdgpu]
 amdgpu_device_rreg+0x17/0x20 [amdgpu]
 amdgpu_cgs_read_register+0x14/0x20 [amdgpu]
 dm_read_reg_func+0x38/0xb0 [amdgpu]
 generic_reg_wait+0x80/0x160 [amdgpu]
 dce_aux_transfer_raw+0x324/0x7c0 [amdgpu]
 dc_link_aux_transfer_raw+0x43/0x50 [amdgpu]
 dm_dp_aux_transfer+0x87/0x110 [amdgpu]
 drm_dp_dpcd_access+0x72/0x110 [drm_kms_helper]
 drm_dp_dpcd_read+0xb7/0xf0 [drm_kms_helper]
 drm_dp_get_one_sb_msg+0x349/0x480 [drm_kms_helper]
 drm_dp_mst_hpd_irq+0xc5/0xe40 [drm_kms_helper]
 ? drm_dp_mst_hpd_irq+0xc5/0xe40 [drm_kms_helper]
 dm_handle_hpd_rx_irq+0x184/0x1a0 [amdgpu]
 ? dm_handle_hpd_rx_irq+0x184/0x1a0 [amdgpu]
 handle_hpd_rx_irq+0x195/0x240 [amdgpu]
 ? __switch_to_asm+0x42/0x70
 ? __switch_to+0x131/0x450
 dm_irq_work_func+0x19/0x20 [amdgpu]
 process_one_work+0x209/0x400
 worker_thread+0x4d/0x3e0
 ? cancel_delayed_work+0xa0/0xa0
 kthread+0x124/0x160
 ? kthread_park+0x90/0x90
 ret_from_fork+0x22/0x30

Reviewed-by: Aurabindo Jayamohanan Pillai <Aurabindo.Pillai@amd.com>
Acked-by: Anson Jacob <Anson.Jacob@amd.com>
Signed-off-by: Anson Jacob <Anson.Jacob@amd.com>
Cc: stable@vger.kernel.org
Tested-by: Daniel Wheeler <daniel.wheeler@amd.com>
Signed-off-by: Alex Deucher <alexander.deucher@amd.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
 drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_irq.c |    2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

--- a/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_irq.c
+++ b/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_irq.c
@@ -531,7 +531,7 @@ static void amdgpu_dm_irq_schedule_work(
 		handler_data = container_of(handler_list->next, struct amdgpu_dm_irq_handler_data, list);
 
 		/*allocate a new amdgpu_dm_irq_handler_data*/
-		handler_data_add = kzalloc(sizeof(*handler_data), GFP_KERNEL);
+		handler_data_add = kzalloc(sizeof(*handler_data), GFP_ATOMIC);
 		if (!handler_data_add) {
 			DRM_ERROR("DM_IRQ: failed to allocate irq handler!\n");
 			return;



^ permalink raw reply	[flat|nested] 112+ messages in thread

* [PATCH 5.10 21/96] drm/amdgpu: dont enable baco on boco platforms in runpm
  2021-08-16 13:01 [PATCH 5.10 00/96] 5.10.60-rc1 review Greg Kroah-Hartman
                   ` (19 preceding siblings ...)
  2021-08-16 13:01 ` [PATCH 5.10 20/96] drm/amd/display: use GFP_ATOMIC in amdgpu_dm_irq_schedule_work Greg Kroah-Hartman
@ 2021-08-16 13:01 ` Greg Kroah-Hartman
  2021-08-16 13:01 ` [PATCH 5.10 22/96] ieee802154: hwsim: fix GPF in hwsim_set_edge_lqi Greg Kroah-Hartman
                   ` (74 subsequent siblings)
  95 siblings, 0 replies; 112+ messages in thread
From: Greg Kroah-Hartman @ 2021-08-16 13:01 UTC (permalink / raw)
  To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Evan Quan, Alex Deucher

From: Alex Deucher <alexander.deucher@amd.com>

commit 202ead5a3c589b0594a75cb99f080174f6851fed upstream.

If the platform uses BOCO, don't use BACO in runtime suspend.
We could end up executing the BACO path if the platform supports
both.

Bug: https://gitlab.freedesktop.org/drm/amd/-/issues/1669
Reviewed-by: Evan Quan <evan.quan@amd.com>
Signed-off-by: Alex Deucher <alexander.deucher@amd.com>
Cc: stable@vger.kernel.org
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
 drivers/gpu/drm/amd/amdgpu/amdgpu_drv.c |    2 ++
 1 file changed, 2 insertions(+)

--- a/drivers/gpu/drm/amd/amdgpu/amdgpu_drv.c
+++ b/drivers/gpu/drm/amd/amdgpu/amdgpu_drv.c
@@ -1344,6 +1344,8 @@ static int amdgpu_pmops_runtime_suspend(
 			pci_set_power_state(pdev, PCI_D3cold);
 		}
 		drm_dev->switch_power_state = DRM_SWITCH_POWER_DYNAMIC_OFF;
+	} else if (amdgpu_device_supports_boco(drm_dev)) {
+		/* nothing to do */
 	} else if (amdgpu_device_supports_baco(drm_dev)) {
 		amdgpu_device_baco_enter(drm_dev);
 	}



^ permalink raw reply	[flat|nested] 112+ messages in thread

* [PATCH 5.10 22/96] ieee802154: hwsim: fix GPF in hwsim_set_edge_lqi
  2021-08-16 13:01 [PATCH 5.10 00/96] 5.10.60-rc1 review Greg Kroah-Hartman
                   ` (20 preceding siblings ...)
  2021-08-16 13:01 ` [PATCH 5.10 21/96] drm/amdgpu: dont enable baco on boco platforms in runpm Greg Kroah-Hartman
@ 2021-08-16 13:01 ` Greg Kroah-Hartman
  2021-08-16 13:01 ` [PATCH 5.10 23/96] ieee802154: hwsim: fix GPF in hwsim_new_edge_nl Greg Kroah-Hartman
                   ` (73 subsequent siblings)
  95 siblings, 0 replies; 112+ messages in thread
From: Greg Kroah-Hartman @ 2021-08-16 13:01 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Dongliang Mu, Alexander Aring,
	Stefan Schmidt, Sasha Levin

From: Dongliang Mu <mudongliangabcd@gmail.com>

[ Upstream commit e9faf53c5a5d01f6f2a09ae28ec63a3bbd6f64fd ]

Both MAC802154_HWSIM_ATTR_RADIO_ID and MAC802154_HWSIM_ATTR_RADIO_EDGE,
MAC802154_HWSIM_EDGE_ATTR_ENDPOINT_ID and MAC802154_HWSIM_EDGE_ATTR_LQI
must be present to fix GPF.

Fixes: f25da51fdc38 ("ieee802154: hwsim: add replacement for fakelb")
Signed-off-by: Dongliang Mu <mudongliangabcd@gmail.com>
Acked-by: Alexander Aring <aahringo@redhat.com>
Link: https://lore.kernel.org/r/20210705131321.217111-1-mudongliangabcd@gmail.com
Signed-off-by: Stefan Schmidt <stefan@datenfreihafen.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 drivers/net/ieee802154/mac802154_hwsim.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/drivers/net/ieee802154/mac802154_hwsim.c b/drivers/net/ieee802154/mac802154_hwsim.c
index 626e1ce817fc..43f389540bba 100644
--- a/drivers/net/ieee802154/mac802154_hwsim.c
+++ b/drivers/net/ieee802154/mac802154_hwsim.c
@@ -528,14 +528,14 @@ static int hwsim_set_edge_lqi(struct sk_buff *msg, struct genl_info *info)
 	u32 v0, v1;
 	u8 lqi;
 
-	if (!info->attrs[MAC802154_HWSIM_ATTR_RADIO_ID] &&
+	if (!info->attrs[MAC802154_HWSIM_ATTR_RADIO_ID] ||
 	    !info->attrs[MAC802154_HWSIM_ATTR_RADIO_EDGE])
 		return -EINVAL;
 
 	if (nla_parse_nested_deprecated(edge_attrs, MAC802154_HWSIM_EDGE_ATTR_MAX, info->attrs[MAC802154_HWSIM_ATTR_RADIO_EDGE], hwsim_edge_policy, NULL))
 		return -EINVAL;
 
-	if (!edge_attrs[MAC802154_HWSIM_EDGE_ATTR_ENDPOINT_ID] &&
+	if (!edge_attrs[MAC802154_HWSIM_EDGE_ATTR_ENDPOINT_ID] ||
 	    !edge_attrs[MAC802154_HWSIM_EDGE_ATTR_LQI])
 		return -EINVAL;
 
-- 
2.30.2




^ permalink raw reply related	[flat|nested] 112+ messages in thread

* [PATCH 5.10 23/96] ieee802154: hwsim: fix GPF in hwsim_new_edge_nl
  2021-08-16 13:01 [PATCH 5.10 00/96] 5.10.60-rc1 review Greg Kroah-Hartman
                   ` (21 preceding siblings ...)
  2021-08-16 13:01 ` [PATCH 5.10 22/96] ieee802154: hwsim: fix GPF in hwsim_set_edge_lqi Greg Kroah-Hartman
@ 2021-08-16 13:01 ` Greg Kroah-Hartman
  2021-08-16 13:01 ` [PATCH 5.10 24/96] pinctrl: mediatek: Fix fallback behavior for bias_set_combo Greg Kroah-Hartman
                   ` (72 subsequent siblings)
  95 siblings, 0 replies; 112+ messages in thread
From: Greg Kroah-Hartman @ 2021-08-16 13:01 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Dongliang Mu, Alexander Aring,
	Stefan Schmidt, Sasha Levin

From: Dongliang Mu <mudongliangabcd@gmail.com>

[ Upstream commit 889d0e7dc68314a273627d89cbb60c09e1cc1c25 ]

Both MAC802154_HWSIM_ATTR_RADIO_ID and MAC802154_HWSIM_ATTR_RADIO_EDGE
must be present to fix GPF.

Fixes: f25da51fdc38 ("ieee802154: hwsim: add replacement for fakelb")
Signed-off-by: Dongliang Mu <mudongliangabcd@gmail.com>
Acked-by: Alexander Aring <aahringo@redhat.com>
Link: https://lore.kernel.org/r/20210707155633.1486603-1-mudongliangabcd@gmail.com
Signed-off-by: Stefan Schmidt <stefan@datenfreihafen.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 drivers/net/ieee802154/mac802154_hwsim.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/drivers/net/ieee802154/mac802154_hwsim.c b/drivers/net/ieee802154/mac802154_hwsim.c
index 43f389540bba..080b15fc0060 100644
--- a/drivers/net/ieee802154/mac802154_hwsim.c
+++ b/drivers/net/ieee802154/mac802154_hwsim.c
@@ -418,7 +418,7 @@ static int hwsim_new_edge_nl(struct sk_buff *msg, struct genl_info *info)
 	struct hwsim_edge *e;
 	u32 v0, v1;
 
-	if (!info->attrs[MAC802154_HWSIM_ATTR_RADIO_ID] &&
+	if (!info->attrs[MAC802154_HWSIM_ATTR_RADIO_ID] ||
 	    !info->attrs[MAC802154_HWSIM_ATTR_RADIO_EDGE])
 		return -EINVAL;
 
-- 
2.30.2




^ permalink raw reply related	[flat|nested] 112+ messages in thread

* [PATCH 5.10 24/96] pinctrl: mediatek: Fix fallback behavior for bias_set_combo
  2021-08-16 13:01 [PATCH 5.10 00/96] 5.10.60-rc1 review Greg Kroah-Hartman
                   ` (22 preceding siblings ...)
  2021-08-16 13:01 ` [PATCH 5.10 23/96] ieee802154: hwsim: fix GPF in hwsim_new_edge_nl Greg Kroah-Hartman
@ 2021-08-16 13:01 ` Greg Kroah-Hartman
  2021-08-16 13:01 ` [PATCH 5.10 25/96] ASoC: cs42l42: Correct definition of ADC Volume control Greg Kroah-Hartman
                   ` (71 subsequent siblings)
  95 siblings, 0 replies; 112+ messages in thread
From: Greg Kroah-Hartman @ 2021-08-16 13:01 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Hsin-Yi Wang, Chen-Yu Tsai,
	Zhiyong Tao, Linus Walleij, Sasha Levin

From: Hsin-Yi Wang <hsinyi@chromium.org>

[ Upstream commit 798a315fc359aa6dbe48e09d802aa59b7e158ffc ]

Some pin doesn't support PUPD register, if it fails and fallbacks with
bias_set_combo case, it will call mtk_pinconf_bias_set_pupd_r1_r0() to
modify the PUPD pin again.

Since the general bias set are either PU/PD or PULLSEL/PULLEN, try
bias_set or bias_set_rev1 for the other fallback case. If the pin
doesn't support neither PU/PD nor PULLSEL/PULLEN, it will return
-ENOTSUPP.

Fixes: 81bd1579b43e ("pinctrl: mediatek: Fix fallback call path")
Signed-off-by: Hsin-Yi Wang <hsinyi@chromium.org>
Reviewed-by: Chen-Yu Tsai <wenst@chromium.org>
Reviewed-by: Zhiyong Tao <zhiyong.tao@mediatek.com>
Link: https://lore.kernel.org/r/20210701080955.2660294-1-hsinyi@chromium.org
Signed-off-by: Linus Walleij <linus.walleij@linaro.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 drivers/pinctrl/mediatek/pinctrl-mtk-common-v2.c | 8 +++-----
 1 file changed, 3 insertions(+), 5 deletions(-)

diff --git a/drivers/pinctrl/mediatek/pinctrl-mtk-common-v2.c b/drivers/pinctrl/mediatek/pinctrl-mtk-common-v2.c
index 7815426e7aea..10002b8497fe 100644
--- a/drivers/pinctrl/mediatek/pinctrl-mtk-common-v2.c
+++ b/drivers/pinctrl/mediatek/pinctrl-mtk-common-v2.c
@@ -926,12 +926,10 @@ int mtk_pinconf_adv_pull_set(struct mtk_pinctrl *hw,
 			err = hw->soc->bias_set(hw, desc, pullup);
 			if (err)
 				return err;
-		} else if (hw->soc->bias_set_combo) {
-			err = hw->soc->bias_set_combo(hw, desc, pullup, arg);
-			if (err)
-				return err;
 		} else {
-			return -ENOTSUPP;
+			err = mtk_pinconf_bias_set_rev1(hw, desc, pullup);
+			if (err)
+				err = mtk_pinconf_bias_set(hw, desc, pullup);
 		}
 	}
 
-- 
2.30.2




^ permalink raw reply related	[flat|nested] 112+ messages in thread

* [PATCH 5.10 25/96] ASoC: cs42l42: Correct definition of ADC Volume control
  2021-08-16 13:01 [PATCH 5.10 00/96] 5.10.60-rc1 review Greg Kroah-Hartman
                   ` (23 preceding siblings ...)
  2021-08-16 13:01 ` [PATCH 5.10 24/96] pinctrl: mediatek: Fix fallback behavior for bias_set_combo Greg Kroah-Hartman
@ 2021-08-16 13:01 ` Greg Kroah-Hartman
  2021-08-16 13:01 ` [PATCH 5.10 26/96] ASoC: cs42l42: Dont allow SND_SOC_DAIFMT_LEFT_J Greg Kroah-Hartman
                   ` (70 subsequent siblings)
  95 siblings, 0 replies; 112+ messages in thread
From: Greg Kroah-Hartman @ 2021-08-16 13:01 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Richard Fitzgerald, Mark Brown, Sasha Levin

From: Richard Fitzgerald <rf@opensource.cirrus.com>

[ Upstream commit ee86f680ff4c9b406d49d4e22ddf10805b8a2137 ]

The ADC volume is a signed 8-bit number with range -97 to +12,
with -97 being mute. Use a SOC_SINGLE_S8_TLV() to define this
and fix the DECLARE_TLV_DB_SCALE() to have the correct start and
mute flag.

Fixes: 2c394ca79604 ("ASoC: Add support for CS42L42 codec")
Signed-off-by: Richard Fitzgerald <rf@opensource.cirrus.com>
Link: https://lore.kernel.org/r/20210729170929.6589-1-rf@opensource.cirrus.com
Signed-off-by: Mark Brown <broonie@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 sound/soc/codecs/cs42l42.c | 5 ++---
 1 file changed, 2 insertions(+), 3 deletions(-)

diff --git a/sound/soc/codecs/cs42l42.c b/sound/soc/codecs/cs42l42.c
index 7c6b10bc0b8c..64e8831e7b8a 100644
--- a/sound/soc/codecs/cs42l42.c
+++ b/sound/soc/codecs/cs42l42.c
@@ -403,7 +403,7 @@ static const struct regmap_config cs42l42_regmap = {
 	.use_single_write = true,
 };
 
-static DECLARE_TLV_DB_SCALE(adc_tlv, -9600, 100, false);
+static DECLARE_TLV_DB_SCALE(adc_tlv, -9700, 100, true);
 static DECLARE_TLV_DB_SCALE(mixer_tlv, -6300, 100, true);
 
 static const char * const cs42l42_hpf_freq_text[] = {
@@ -442,8 +442,7 @@ static const struct snd_kcontrol_new cs42l42_snd_controls[] = {
 				CS42L42_ADC_INV_SHIFT, true, false),
 	SOC_SINGLE("ADC Boost Switch", CS42L42_ADC_CTL,
 				CS42L42_ADC_DIG_BOOST_SHIFT, true, false),
-	SOC_SINGLE_SX_TLV("ADC Volume", CS42L42_ADC_VOLUME,
-				CS42L42_ADC_VOL_SHIFT, 0xA0, 0x6C, adc_tlv),
+	SOC_SINGLE_S8_TLV("ADC Volume", CS42L42_ADC_VOLUME, -97, 12, adc_tlv),
 	SOC_SINGLE("ADC WNF Switch", CS42L42_ADC_WNF_HPF_CTL,
 				CS42L42_ADC_WNF_EN_SHIFT, true, false),
 	SOC_SINGLE("ADC HPF Switch", CS42L42_ADC_WNF_HPF_CTL,
-- 
2.30.2




^ permalink raw reply related	[flat|nested] 112+ messages in thread

* [PATCH 5.10 26/96] ASoC: cs42l42: Dont allow SND_SOC_DAIFMT_LEFT_J
  2021-08-16 13:01 [PATCH 5.10 00/96] 5.10.60-rc1 review Greg Kroah-Hartman
                   ` (24 preceding siblings ...)
  2021-08-16 13:01 ` [PATCH 5.10 25/96] ASoC: cs42l42: Correct definition of ADC Volume control Greg Kroah-Hartman
@ 2021-08-16 13:01 ` Greg Kroah-Hartman
  2021-08-16 13:01 ` [PATCH 5.10 27/96] interconnect: qcom: icc-rpmh: Add BCMs to commit list in pre_aggregate Greg Kroah-Hartman
                   ` (69 subsequent siblings)
  95 siblings, 0 replies; 112+ messages in thread
From: Greg Kroah-Hartman @ 2021-08-16 13:01 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Richard Fitzgerald, Mark Brown, Sasha Levin

From: Richard Fitzgerald <rf@opensource.cirrus.com>

[ Upstream commit 64324bac750b84ca54711fb7d332132fcdb87293 ]

The driver has no support for left-justified protocol so it should
not have been allowing this to be passed to cs42l42_set_dai_fmt().

Signed-off-by: Richard Fitzgerald <rf@opensource.cirrus.com>
Fixes: 2c394ca79604 ("ASoC: Add support for CS42L42 codec")
Link: https://lore.kernel.org/r/20210729170929.6589-2-rf@opensource.cirrus.com
Signed-off-by: Mark Brown <broonie@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 sound/soc/codecs/cs42l42.c | 1 -
 1 file changed, 1 deletion(-)

diff --git a/sound/soc/codecs/cs42l42.c b/sound/soc/codecs/cs42l42.c
index 64e8831e7b8a..9269b7003b31 100644
--- a/sound/soc/codecs/cs42l42.c
+++ b/sound/soc/codecs/cs42l42.c
@@ -772,7 +772,6 @@ static int cs42l42_set_dai_fmt(struct snd_soc_dai *codec_dai, unsigned int fmt)
 	/* interface format */
 	switch (fmt & SND_SOC_DAIFMT_FORMAT_MASK) {
 	case SND_SOC_DAIFMT_I2S:
-	case SND_SOC_DAIFMT_LEFT_J:
 		break;
 	default:
 		return -EINVAL;
-- 
2.30.2




^ permalink raw reply related	[flat|nested] 112+ messages in thread

* [PATCH 5.10 27/96] interconnect: qcom: icc-rpmh: Add BCMs to commit list in pre_aggregate
  2021-08-16 13:01 [PATCH 5.10 00/96] 5.10.60-rc1 review Greg Kroah-Hartman
                   ` (25 preceding siblings ...)
  2021-08-16 13:01 ` [PATCH 5.10 26/96] ASoC: cs42l42: Dont allow SND_SOC_DAIFMT_LEFT_J Greg Kroah-Hartman
@ 2021-08-16 13:01 ` Greg Kroah-Hartman
  2021-08-16 13:01 ` [PATCH 5.10 28/96] ASoC: SOF: Intel: hda-ipc: fix reply size checking Greg Kroah-Hartman
                   ` (68 subsequent siblings)
  95 siblings, 0 replies; 112+ messages in thread
From: Greg Kroah-Hartman @ 2021-08-16 13:01 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Mike Tipton, Georgi Djakov, Sasha Levin

From: Mike Tipton <mdtipton@codeaurora.org>

[ Upstream commit f84f5b6f72e68bbaeb850b58ac167e4a3a47532a ]

We're only adding BCMs to the commit list in aggregate(), but there are
cases where pre_aggregate() is called without subsequently calling
aggregate(). In particular, in icc_sync_state() when a node with initial
BW has zero requests. Since BCMs aren't added to the commit list in
these cases, we don't actually send the zero BW request to HW. So the
resources remain on unnecessarily.

Add BCMs to the commit list in pre_aggregate() instead, which is always
called even when there are no requests.

Fixes: 976daac4a1c5 ("interconnect: qcom: Consolidate interconnect RPMh support")
Signed-off-by: Mike Tipton <mdtipton@codeaurora.org>
Link: https://lore.kernel.org/r/20210721175432.2119-5-mdtipton@codeaurora.org
Signed-off-by: Georgi Djakov <djakov@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 drivers/interconnect/qcom/icc-rpmh.c | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/drivers/interconnect/qcom/icc-rpmh.c b/drivers/interconnect/qcom/icc-rpmh.c
index f6fae64861ce..27cc5f03611c 100644
--- a/drivers/interconnect/qcom/icc-rpmh.c
+++ b/drivers/interconnect/qcom/icc-rpmh.c
@@ -20,13 +20,18 @@ void qcom_icc_pre_aggregate(struct icc_node *node)
 {
 	size_t i;
 	struct qcom_icc_node *qn;
+	struct qcom_icc_provider *qp;
 
 	qn = node->data;
+	qp = to_qcom_provider(node->provider);
 
 	for (i = 0; i < QCOM_ICC_NUM_BUCKETS; i++) {
 		qn->sum_avg[i] = 0;
 		qn->max_peak[i] = 0;
 	}
+
+	for (i = 0; i < qn->num_bcms; i++)
+		qcom_icc_bcm_voter_add(qp->voter, qn->bcms[i]);
 }
 EXPORT_SYMBOL_GPL(qcom_icc_pre_aggregate);
 
@@ -44,10 +49,8 @@ int qcom_icc_aggregate(struct icc_node *node, u32 tag, u32 avg_bw,
 {
 	size_t i;
 	struct qcom_icc_node *qn;
-	struct qcom_icc_provider *qp;
 
 	qn = node->data;
-	qp = to_qcom_provider(node->provider);
 
 	if (!tag)
 		tag = QCOM_ICC_TAG_ALWAYS;
@@ -67,9 +70,6 @@ int qcom_icc_aggregate(struct icc_node *node, u32 tag, u32 avg_bw,
 	*agg_avg += avg_bw;
 	*agg_peak = max_t(u32, *agg_peak, peak_bw);
 
-	for (i = 0; i < qn->num_bcms; i++)
-		qcom_icc_bcm_voter_add(qp->voter, qn->bcms[i]);
-
 	return 0;
 }
 EXPORT_SYMBOL_GPL(qcom_icc_aggregate);
-- 
2.30.2




^ permalink raw reply related	[flat|nested] 112+ messages in thread

* [PATCH 5.10 28/96] ASoC: SOF: Intel: hda-ipc: fix reply size checking
  2021-08-16 13:01 [PATCH 5.10 00/96] 5.10.60-rc1 review Greg Kroah-Hartman
                   ` (26 preceding siblings ...)
  2021-08-16 13:01 ` [PATCH 5.10 27/96] interconnect: qcom: icc-rpmh: Add BCMs to commit list in pre_aggregate Greg Kroah-Hartman
@ 2021-08-16 13:01 ` Greg Kroah-Hartman
  2021-08-16 13:01 ` [PATCH 5.10 29/96] ASoC: cs42l42: Fix inversion of ADC Notch Switch control Greg Kroah-Hartman
                   ` (67 subsequent siblings)
  95 siblings, 0 replies; 112+ messages in thread
From: Greg Kroah-Hartman @ 2021-08-16 13:01 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Ranjani Sridharan,
	Guennadi Liakhovetski, Pierre-Louis Bossart, Mark Brown,
	Sasha Levin

From: Guennadi Liakhovetski <guennadi.liakhovetski@linux.intel.com>

[ Upstream commit 973b393fdf073a4ebd8d82ef6edea99fedc74af9 ]

Checking that two values don't have common bits makes no sense,
strict equality is meant.

Fixes: f3b433e4699f  ("ASoC: SOF: Implement Probe IPC API")
Reviewed-by: Ranjani Sridharan <ranjani.sridharan@linux.intel.com>
Signed-off-by: Guennadi Liakhovetski <guennadi.liakhovetski@linux.intel.com>
Signed-off-by: Pierre-Louis Bossart <pierre-louis.bossart@linux.intel.com>
Link: https://lore.kernel.org/r/20210802151749.15417-1-pierre-louis.bossart@linux.intel.com
Signed-off-by: Mark Brown <broonie@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 sound/soc/sof/intel/hda-ipc.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/sound/soc/sof/intel/hda-ipc.c b/sound/soc/sof/intel/hda-ipc.c
index c91aa951df22..acfeca42604c 100644
--- a/sound/soc/sof/intel/hda-ipc.c
+++ b/sound/soc/sof/intel/hda-ipc.c
@@ -107,8 +107,8 @@ void hda_dsp_ipc_get_reply(struct snd_sof_dev *sdev)
 	} else {
 		/* reply correct size ? */
 		if (reply.hdr.size != msg->reply_size &&
-			/* getter payload is never known upfront */
-			!(reply.hdr.cmd & SOF_IPC_GLB_PROBE)) {
+		    /* getter payload is never known upfront */
+		    ((reply.hdr.cmd & SOF_GLB_TYPE_MASK) != SOF_IPC_GLB_PROBE)) {
 			dev_err(sdev->dev, "error: reply expected %zu got %u bytes\n",
 				msg->reply_size, reply.hdr.size);
 			ret = -EINVAL;
-- 
2.30.2




^ permalink raw reply related	[flat|nested] 112+ messages in thread

* [PATCH 5.10 29/96] ASoC: cs42l42: Fix inversion of ADC Notch Switch control
  2021-08-16 13:01 [PATCH 5.10 00/96] 5.10.60-rc1 review Greg Kroah-Hartman
                   ` (27 preceding siblings ...)
  2021-08-16 13:01 ` [PATCH 5.10 28/96] ASoC: SOF: Intel: hda-ipc: fix reply size checking Greg Kroah-Hartman
@ 2021-08-16 13:01 ` Greg Kroah-Hartman
  2021-08-16 13:01 ` [PATCH 5.10 30/96] ASoC: cs42l42: Remove duplicate control for WNF filter frequency Greg Kroah-Hartman
                   ` (66 subsequent siblings)
  95 siblings, 0 replies; 112+ messages in thread
From: Greg Kroah-Hartman @ 2021-08-16 13:01 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Richard Fitzgerald, Mark Brown, Sasha Levin

From: Richard Fitzgerald <rf@opensource.cirrus.com>

[ Upstream commit 30615bd21b4cc3c3bb5ae8bd70e2a915cc5f75c7 ]

The underlying register field has inverted sense (0 = enabled) so
the control definition must be marked as inverted.

Signed-off-by: Richard Fitzgerald <rf@opensource.cirrus.com>
Fixes: 2c394ca79604 ("ASoC: Add support for CS42L42 codec")
Link: https://lore.kernel.org/r/20210803160834.9005-1-rf@opensource.cirrus.com
Signed-off-by: Mark Brown <broonie@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 sound/soc/codecs/cs42l42.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/sound/soc/codecs/cs42l42.c b/sound/soc/codecs/cs42l42.c
index 9269b7003b31..298354d4ab8d 100644
--- a/sound/soc/codecs/cs42l42.c
+++ b/sound/soc/codecs/cs42l42.c
@@ -435,7 +435,7 @@ static SOC_ENUM_SINGLE_DECL(cs42l42_wnf05_freq_enum, CS42L42_ADC_WNF_HPF_CTL,
 static const struct snd_kcontrol_new cs42l42_snd_controls[] = {
 	/* ADC Volume and Filter Controls */
 	SOC_SINGLE("ADC Notch Switch", CS42L42_ADC_CTL,
-				CS42L42_ADC_NOTCH_DIS_SHIFT, true, false),
+				CS42L42_ADC_NOTCH_DIS_SHIFT, true, true),
 	SOC_SINGLE("ADC Weak Force Switch", CS42L42_ADC_CTL,
 				CS42L42_ADC_FORCE_WEAK_VCM_SHIFT, true, false),
 	SOC_SINGLE("ADC Invert Switch", CS42L42_ADC_CTL,
-- 
2.30.2




^ permalink raw reply related	[flat|nested] 112+ messages in thread

* [PATCH 5.10 30/96] ASoC: cs42l42: Remove duplicate control for WNF filter frequency
  2021-08-16 13:01 [PATCH 5.10 00/96] 5.10.60-rc1 review Greg Kroah-Hartman
                   ` (28 preceding siblings ...)
  2021-08-16 13:01 ` [PATCH 5.10 29/96] ASoC: cs42l42: Fix inversion of ADC Notch Switch control Greg Kroah-Hartman
@ 2021-08-16 13:01 ` Greg Kroah-Hartman
  2021-08-16 13:01 ` [PATCH 5.10 31/96] netfilter: nf_conntrack_bridge: Fix memory leak when error Greg Kroah-Hartman
                   ` (65 subsequent siblings)
  95 siblings, 0 replies; 112+ messages in thread
From: Greg Kroah-Hartman @ 2021-08-16 13:01 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Richard Fitzgerald, Mark Brown, Sasha Levin

From: Richard Fitzgerald <rf@opensource.cirrus.com>

[ Upstream commit 8b353bbeae20e2214c9d9d88bcb2fda4ba145d83 ]

The driver was defining two ALSA controls that both change the same
register field for the wind noise filter corner frequency. The filter
response has two corners, at different frequencies, and the duplicate
controls most likely were an attempt to be able to set the value using
either of the frequencies.

However, having two controls changing the same field can be problematic
and it is unnecessary. Both frequencies are related to each other so
setting one implies exactly what the other would be.

Removing a control affects user-side code, but there is currently no
known use of the removed control so it would be best to remove it now
before it becomes a problem.

Signed-off-by: Richard Fitzgerald <rf@opensource.cirrus.com>
Fixes: 2c394ca79604 ("ASoC: Add support for CS42L42 codec")
Link: https://lore.kernel.org/r/20210803160834.9005-2-rf@opensource.cirrus.com
Signed-off-by: Mark Brown <broonie@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 sound/soc/codecs/cs42l42.c | 10 ----------
 1 file changed, 10 deletions(-)

diff --git a/sound/soc/codecs/cs42l42.c b/sound/soc/codecs/cs42l42.c
index 298354d4ab8d..ab6f89032ea0 100644
--- a/sound/soc/codecs/cs42l42.c
+++ b/sound/soc/codecs/cs42l42.c
@@ -423,15 +423,6 @@ static SOC_ENUM_SINGLE_DECL(cs42l42_wnf3_freq_enum, CS42L42_ADC_WNF_HPF_CTL,
 			    CS42L42_ADC_WNF_CF_SHIFT,
 			    cs42l42_wnf3_freq_text);
 
-static const char * const cs42l42_wnf05_freq_text[] = {
-	"280Hz", "315Hz", "350Hz", "385Hz",
-	"420Hz", "455Hz", "490Hz", "525Hz"
-};
-
-static SOC_ENUM_SINGLE_DECL(cs42l42_wnf05_freq_enum, CS42L42_ADC_WNF_HPF_CTL,
-			    CS42L42_ADC_WNF_CF_SHIFT,
-			    cs42l42_wnf05_freq_text);
-
 static const struct snd_kcontrol_new cs42l42_snd_controls[] = {
 	/* ADC Volume and Filter Controls */
 	SOC_SINGLE("ADC Notch Switch", CS42L42_ADC_CTL,
@@ -449,7 +440,6 @@ static const struct snd_kcontrol_new cs42l42_snd_controls[] = {
 				CS42L42_ADC_HPF_EN_SHIFT, true, false),
 	SOC_ENUM("HPF Corner Freq", cs42l42_hpf_freq_enum),
 	SOC_ENUM("WNF 3dB Freq", cs42l42_wnf3_freq_enum),
-	SOC_ENUM("WNF 05dB Freq", cs42l42_wnf05_freq_enum),
 
 	/* DAC Volume and Filter Controls */
 	SOC_SINGLE("DACA Invert Switch", CS42L42_DAC_CTL1,
-- 
2.30.2




^ permalink raw reply related	[flat|nested] 112+ messages in thread

* [PATCH 5.10 31/96] netfilter: nf_conntrack_bridge: Fix memory leak when error
  2021-08-16 13:01 [PATCH 5.10 00/96] 5.10.60-rc1 review Greg Kroah-Hartman
                   ` (29 preceding siblings ...)
  2021-08-16 13:01 ` [PATCH 5.10 30/96] ASoC: cs42l42: Remove duplicate control for WNF filter frequency Greg Kroah-Hartman
@ 2021-08-16 13:01 ` Greg Kroah-Hartman
  2021-08-16 13:01 ` [PATCH 5.10 32/96] pinctrl: tigerlake: Fix GPIO mapping for newer version of software Greg Kroah-Hartman
                   ` (64 subsequent siblings)
  95 siblings, 0 replies; 112+ messages in thread
From: Greg Kroah-Hartman @ 2021-08-16 13:01 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Yajun Deng, Pablo Neira Ayuso, Sasha Levin

From: Yajun Deng <yajun.deng@linux.dev>

[ Upstream commit 38ea9def5b62f9193f6bad96c5d108e2830ecbde ]

It should be added kfree_skb_list() when err is not equal to zero
in nf_br_ip_fragment().

v2: keep this aligned with IPv6.
v3: modify iter.frag_list to iter.frag.

Fixes: 3c171f496ef5 ("netfilter: bridge: add connection tracking system")
Signed-off-by: Yajun Deng <yajun.deng@linux.dev>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 net/bridge/netfilter/nf_conntrack_bridge.c | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/net/bridge/netfilter/nf_conntrack_bridge.c b/net/bridge/netfilter/nf_conntrack_bridge.c
index 8d033a75a766..fdbed3158555 100644
--- a/net/bridge/netfilter/nf_conntrack_bridge.c
+++ b/net/bridge/netfilter/nf_conntrack_bridge.c
@@ -88,6 +88,12 @@ static int nf_br_ip_fragment(struct net *net, struct sock *sk,
 
 			skb = ip_fraglist_next(&iter);
 		}
+
+		if (!err)
+			return 0;
+
+		kfree_skb_list(iter.frag);
+
 		return err;
 	}
 slow_path:
-- 
2.30.2




^ permalink raw reply related	[flat|nested] 112+ messages in thread

* [PATCH 5.10 32/96] pinctrl: tigerlake: Fix GPIO mapping for newer version of software
  2021-08-16 13:01 [PATCH 5.10 00/96] 5.10.60-rc1 review Greg Kroah-Hartman
                   ` (30 preceding siblings ...)
  2021-08-16 13:01 ` [PATCH 5.10 31/96] netfilter: nf_conntrack_bridge: Fix memory leak when error Greg Kroah-Hartman
@ 2021-08-16 13:01 ` Greg Kroah-Hartman
  2021-08-16 13:01 ` [PATCH 5.10 33/96] ASoC: cs42l42: Fix LRCLK frame start edge Greg Kroah-Hartman
                   ` (63 subsequent siblings)
  95 siblings, 0 replies; 112+ messages in thread
From: Greg Kroah-Hartman @ 2021-08-16 13:01 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Riccardo Mori, Andy Shevchenko,
	Mika Westerberg, Sasha Levin, Kai-Heng Feng, Lovesh

From: Andy Shevchenko <andriy.shevchenko@linux.intel.com>

[ Upstream commit 2f658f7a3953f6d70bab90e117aff8d0ad44e200 ]

The software mapping for GPIO, which initially comes from Microsoft,
is subject to change by respective Windows and firmware developers.
Due to the above the driver had been written and published way ahead
of the schedule, and thus the numbering schema used in it is outdated.

Fix the numbering schema in accordance with the real products on market.

Fixes: 653d96455e1e ("pinctrl: tigerlake: Add support for Tiger Lake-H")
Reported-and-tested-by: Kai-Heng Feng <kai.heng.feng@canonical.com>
Reported-by: Riccardo Mori <patacca@autistici.org>
Reported-and-tested-by: Lovesh <lovesh.bond@gmail.com>
BugLink: https://bugzilla.kernel.org/show_bug.cgi?id=213463
BugLink: https://bugzilla.kernel.org/show_bug.cgi?id=213579
BugLink: https://bugzilla.kernel.org/show_bug.cgi?id=213857
Signed-off-by: Andy Shevchenko <andriy.shevchenko@linux.intel.com>
Acked-by: Mika Westerberg <mika.westerberg@linux.intel.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 drivers/pinctrl/intel/pinctrl-tigerlake.c | 26 +++++++++++------------
 1 file changed, 13 insertions(+), 13 deletions(-)

diff --git a/drivers/pinctrl/intel/pinctrl-tigerlake.c b/drivers/pinctrl/intel/pinctrl-tigerlake.c
index 3e354e02f408..bed769d99b8b 100644
--- a/drivers/pinctrl/intel/pinctrl-tigerlake.c
+++ b/drivers/pinctrl/intel/pinctrl-tigerlake.c
@@ -701,32 +701,32 @@ static const struct pinctrl_pin_desc tglh_pins[] = {
 
 static const struct intel_padgroup tglh_community0_gpps[] = {
 	TGL_GPP(0, 0, 24, 0),				/* GPP_A */
-	TGL_GPP(1, 25, 44, 128),			/* GPP_R */
-	TGL_GPP(2, 45, 70, 32),				/* GPP_B */
-	TGL_GPP(3, 71, 78, INTEL_GPIO_BASE_NOMAP),	/* vGPIO_0 */
+	TGL_GPP(1, 25, 44, 32),				/* GPP_R */
+	TGL_GPP(2, 45, 70, 64),				/* GPP_B */
+	TGL_GPP(3, 71, 78, 96),				/* vGPIO_0 */
 };
 
 static const struct intel_padgroup tglh_community1_gpps[] = {
-	TGL_GPP(0, 79, 104, 96),			/* GPP_D */
-	TGL_GPP(1, 105, 128, 64),			/* GPP_C */
-	TGL_GPP(2, 129, 136, 160),			/* GPP_S */
-	TGL_GPP(3, 137, 153, 192),			/* GPP_G */
-	TGL_GPP(4, 154, 180, 224),			/* vGPIO */
+	TGL_GPP(0, 79, 104, 128),			/* GPP_D */
+	TGL_GPP(1, 105, 128, 160),			/* GPP_C */
+	TGL_GPP(2, 129, 136, 192),			/* GPP_S */
+	TGL_GPP(3, 137, 153, 224),			/* GPP_G */
+	TGL_GPP(4, 154, 180, 256),			/* vGPIO */
 };
 
 static const struct intel_padgroup tglh_community3_gpps[] = {
-	TGL_GPP(0, 181, 193, 256),			/* GPP_E */
-	TGL_GPP(1, 194, 217, 288),			/* GPP_F */
+	TGL_GPP(0, 181, 193, 288),			/* GPP_E */
+	TGL_GPP(1, 194, 217, 320),			/* GPP_F */
 };
 
 static const struct intel_padgroup tglh_community4_gpps[] = {
-	TGL_GPP(0, 218, 241, 320),			/* GPP_H */
+	TGL_GPP(0, 218, 241, 352),			/* GPP_H */
 	TGL_GPP(1, 242, 251, 384),			/* GPP_J */
-	TGL_GPP(2, 252, 266, 352),			/* GPP_K */
+	TGL_GPP(2, 252, 266, 416),			/* GPP_K */
 };
 
 static const struct intel_padgroup tglh_community5_gpps[] = {
-	TGL_GPP(0, 267, 281, 416),			/* GPP_I */
+	TGL_GPP(0, 267, 281, 448),			/* GPP_I */
 	TGL_GPP(1, 282, 290, INTEL_GPIO_BASE_NOMAP),	/* JTAG */
 };
 
-- 
2.30.2




^ permalink raw reply related	[flat|nested] 112+ messages in thread

* [PATCH 5.10 33/96] ASoC: cs42l42: Fix LRCLK frame start edge
  2021-08-16 13:01 [PATCH 5.10 00/96] 5.10.60-rc1 review Greg Kroah-Hartman
                   ` (31 preceding siblings ...)
  2021-08-16 13:01 ` [PATCH 5.10 32/96] pinctrl: tigerlake: Fix GPIO mapping for newer version of software Greg Kroah-Hartman
@ 2021-08-16 13:01 ` Greg Kroah-Hartman
  2021-08-16 13:01 ` [PATCH 5.10 34/96] net: dsa: mt7530: add the missing RxUnicast MIB counter Greg Kroah-Hartman
                   ` (62 subsequent siblings)
  95 siblings, 0 replies; 112+ messages in thread
From: Greg Kroah-Hartman @ 2021-08-16 13:01 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Richard Fitzgerald, Mark Brown, Sasha Levin

From: Richard Fitzgerald <rf@opensource.cirrus.com>

[ Upstream commit 0c2f2ad4f16a58879463d0979a54293f8f296d6f ]

An I2S frame starts on the falling edge of LRCLK so ASP_STP must
be 0.

At the same time, move other format settings in the same register
from cs42l42_pll_config() to cs42l42_set_dai_fmt() where you'd
expect to find them, and merge into a single write.

Signed-off-by: Richard Fitzgerald <rf@opensource.cirrus.com>
Fixes: 2c394ca79604 ("ASoC: Add support for CS42L42 codec")
Link: https://lore.kernel.org/r/20210805161111.10410-2-rf@opensource.cirrus.com
Signed-off-by: Mark Brown <broonie@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 sound/soc/codecs/cs42l42.c | 21 ++++++++++++---------
 1 file changed, 12 insertions(+), 9 deletions(-)

diff --git a/sound/soc/codecs/cs42l42.c b/sound/soc/codecs/cs42l42.c
index ab6f89032ea0..828dc78202e8 100644
--- a/sound/soc/codecs/cs42l42.c
+++ b/sound/soc/codecs/cs42l42.c
@@ -658,15 +658,6 @@ static int cs42l42_pll_config(struct snd_soc_component *component)
 					CS42L42_FSYNC_PULSE_WIDTH_MASK,
 					CS42L42_FRAC1_VAL(fsync - 1) <<
 					CS42L42_FSYNC_PULSE_WIDTH_SHIFT);
-			snd_soc_component_update_bits(component,
-					CS42L42_ASP_FRM_CFG,
-					CS42L42_ASP_5050_MASK,
-					CS42L42_ASP_5050_MASK);
-			/* Set the frame delay to 1.0 SCLK clocks */
-			snd_soc_component_update_bits(component, CS42L42_ASP_FRM_CFG,
-					CS42L42_ASP_FSD_MASK,
-					CS42L42_ASP_FSD_1_0 <<
-					CS42L42_ASP_FSD_SHIFT);
 			/* Set the sample rates (96k or lower) */
 			snd_soc_component_update_bits(component, CS42L42_FS_RATE_EN,
 					CS42L42_FS_EN_MASK,
@@ -762,6 +753,18 @@ static int cs42l42_set_dai_fmt(struct snd_soc_dai *codec_dai, unsigned int fmt)
 	/* interface format */
 	switch (fmt & SND_SOC_DAIFMT_FORMAT_MASK) {
 	case SND_SOC_DAIFMT_I2S:
+		/*
+		 * 5050 mode, frame starts on falling edge of LRCLK,
+		 * frame delayed by 1.0 SCLKs
+		 */
+		snd_soc_component_update_bits(component,
+					      CS42L42_ASP_FRM_CFG,
+					      CS42L42_ASP_STP_MASK |
+					      CS42L42_ASP_5050_MASK |
+					      CS42L42_ASP_FSD_MASK,
+					      CS42L42_ASP_5050_MASK |
+					      (CS42L42_ASP_FSD_1_0 <<
+						CS42L42_ASP_FSD_SHIFT));
 		break;
 	default:
 		return -EINVAL;
-- 
2.30.2




^ permalink raw reply related	[flat|nested] 112+ messages in thread

* [PATCH 5.10 34/96] net: dsa: mt7530: add the missing RxUnicast MIB counter
  2021-08-16 13:01 [PATCH 5.10 00/96] 5.10.60-rc1 review Greg Kroah-Hartman
                   ` (32 preceding siblings ...)
  2021-08-16 13:01 ` [PATCH 5.10 33/96] ASoC: cs42l42: Fix LRCLK frame start edge Greg Kroah-Hartman
@ 2021-08-16 13:01 ` Greg Kroah-Hartman
  2021-08-16 13:01 ` [PATCH 5.10 35/96] net: mvvp2: fix short frame size on s390 Greg Kroah-Hartman
                   ` (61 subsequent siblings)
  95 siblings, 0 replies; 112+ messages in thread
From: Greg Kroah-Hartman @ 2021-08-16 13:01 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, DENG Qingfang, David S. Miller, Sasha Levin

From: DENG Qingfang <dqfext@gmail.com>

[ Upstream commit aff51c5da3208bd164381e1488998667269c6cf4 ]

Add the missing RxUnicast counter.

Fixes: b8f126a8d543 ("net-next: dsa: add dsa support for Mediatek MT7530 switch")
Signed-off-by: DENG Qingfang <dqfext@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 drivers/net/dsa/mt7530.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/drivers/net/dsa/mt7530.c b/drivers/net/dsa/mt7530.c
index 190025a0a98e..3fa2f81c8b47 100644
--- a/drivers/net/dsa/mt7530.c
+++ b/drivers/net/dsa/mt7530.c
@@ -45,6 +45,7 @@ static const struct mt7530_mib_desc mt7530_mib[] = {
 	MIB_DESC(2, 0x48, "TxBytes"),
 	MIB_DESC(1, 0x60, "RxDrop"),
 	MIB_DESC(1, 0x64, "RxFiltering"),
+	MIB_DESC(1, 0x68, "RxUnicast"),
 	MIB_DESC(1, 0x6c, "RxMulticast"),
 	MIB_DESC(1, 0x70, "RxBroadcast"),
 	MIB_DESC(1, 0x74, "RxAlignErr"),
-- 
2.30.2




^ permalink raw reply related	[flat|nested] 112+ messages in thread

* [PATCH 5.10 35/96] net: mvvp2: fix short frame size on s390
  2021-08-16 13:01 [PATCH 5.10 00/96] 5.10.60-rc1 review Greg Kroah-Hartman
                   ` (33 preceding siblings ...)
  2021-08-16 13:01 ` [PATCH 5.10 34/96] net: dsa: mt7530: add the missing RxUnicast MIB counter Greg Kroah-Hartman
@ 2021-08-16 13:01 ` Greg Kroah-Hartman
  2021-08-16 13:01 ` [PATCH 5.10 36/96] platform/x86: pcengines-apuv2: Add missing terminating entries to gpio-lookup tables Greg Kroah-Hartman
                   ` (60 subsequent siblings)
  95 siblings, 0 replies; 112+ messages in thread
From: Greg Kroah-Hartman @ 2021-08-16 13:01 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Sven Auhagen, Matteo Croce,
	David S. Miller, John Hubbard, Sasha Levin

From: John Hubbard <jhubbard@nvidia.com>

[ Upstream commit 704e624f7b3e8a4fc1ce43fb564746d1d07b20c0 ]

On s390, the following build warning occurs:

drivers/net/ethernet/marvell/mvpp2/mvpp2.h:844:2: warning: overflow in
conversion from 'long unsigned int' to 'int' changes value from
'18446744073709551584' to '-32' [-Woverflow]
844 |  ((total_size) - MVPP2_SKB_HEADROOM - MVPP2_SKB_SHINFO_SIZE)

This happens because MVPP2_SKB_SHINFO_SIZE, which is 320 bytes (which is
already 64-byte aligned) on some architectures, actually gets ALIGN'd up
to 512 bytes in the s390 case.

So then, when this is invoked:

    MVPP2_RX_MAX_PKT_SIZE(MVPP2_BM_SHORT_FRAME_SIZE)

...that turns into:

     704 - 224 - 512 == -32

...which is not a good frame size to end up with! The warning above is a
bit lucky: it notices a signed/unsigned bad behavior here, which leads
to the real problem of a frame that is too short for its contents.

Increase MVPP2_BM_SHORT_FRAME_SIZE by 32 (from 704 to 736), which is
just exactly big enough. (The other values can't readily be changed
without causing a lot of other problems.)

Fixes: 07dd0a7aae7f ("mvpp2: add basic XDP support")
Cc: Sven Auhagen <sven.auhagen@voleatech.de>
Cc: Matteo Croce <mcroce@microsoft.com>
Cc: David S. Miller <davem@davemloft.net>
Signed-off-by: John Hubbard <jhubbard@nvidia.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 drivers/net/ethernet/marvell/mvpp2/mvpp2.h | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/drivers/net/ethernet/marvell/mvpp2/mvpp2.h b/drivers/net/ethernet/marvell/mvpp2/mvpp2.h
index a1aefce55e65..d825eb021b22 100644
--- a/drivers/net/ethernet/marvell/mvpp2/mvpp2.h
+++ b/drivers/net/ethernet/marvell/mvpp2/mvpp2.h
@@ -854,7 +854,7 @@ enum mvpp22_ptp_packet_format {
 #define MVPP2_BM_COOKIE_POOL_OFFS	8
 #define MVPP2_BM_COOKIE_CPU_OFFS	24
 
-#define MVPP2_BM_SHORT_FRAME_SIZE	704	/* frame size 128 */
+#define MVPP2_BM_SHORT_FRAME_SIZE	736	/* frame size 128 */
 #define MVPP2_BM_LONG_FRAME_SIZE	2240	/* frame size 1664 */
 #define MVPP2_BM_JUMBO_FRAME_SIZE	10432	/* frame size 9856 */
 /* BM short pool packet size
-- 
2.30.2




^ permalink raw reply related	[flat|nested] 112+ messages in thread

* [PATCH 5.10 36/96] platform/x86: pcengines-apuv2: Add missing terminating entries to gpio-lookup tables
  2021-08-16 13:01 [PATCH 5.10 00/96] 5.10.60-rc1 review Greg Kroah-Hartman
                   ` (34 preceding siblings ...)
  2021-08-16 13:01 ` [PATCH 5.10 35/96] net: mvvp2: fix short frame size on s390 Greg Kroah-Hartman
@ 2021-08-16 13:01 ` Greg Kroah-Hartman
  2021-08-16 13:01 ` [PATCH 5.10 37/96] libbpf: Fix probe for BPF_PROG_TYPE_CGROUP_SOCKOPT Greg Kroah-Hartman
                   ` (59 subsequent siblings)
  95 siblings, 0 replies; 112+ messages in thread
From: Greg Kroah-Hartman @ 2021-08-16 13:01 UTC (permalink / raw)
  To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Hans de Goede, Sasha Levin

From: Hans de Goede <hdegoede@redhat.com>

[ Upstream commit 9d7b132e62e41b7d49bf157aeaf9147c27492e0f ]

The gpiod_lookup_table.table passed to gpiod_add_lookup_table() must
be terminated with an empty entry, add this.

Note we have likely been getting away with this not being present because
the GPIO lookup code first matches on the dev_id, causing most lookups to
skip checking the table and the lookups which do check the table will
find a matching entry before reaching the end. With that said, terminating
these tables properly still is obviously the correct thing to do.

Fixes: f8eb0235f659 ("x86: pcengines apuv2 gpio/leds/keys platform driver")
Signed-off-by: Hans de Goede <hdegoede@redhat.com>
Link: https://lore.kernel.org/r/20210806115515.12184-1-hdegoede@redhat.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 drivers/platform/x86/pcengines-apuv2.c | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/drivers/platform/x86/pcengines-apuv2.c b/drivers/platform/x86/pcengines-apuv2.c
index c37349f97bb8..d063d91db9bc 100644
--- a/drivers/platform/x86/pcengines-apuv2.c
+++ b/drivers/platform/x86/pcengines-apuv2.c
@@ -94,6 +94,7 @@ static struct gpiod_lookup_table gpios_led_table = {
 				NULL, 1, GPIO_ACTIVE_LOW),
 		GPIO_LOOKUP_IDX(AMD_FCH_GPIO_DRIVER_NAME, APU2_GPIO_LINE_LED3,
 				NULL, 2, GPIO_ACTIVE_LOW),
+		{} /* Terminating entry */
 	}
 };
 
@@ -123,6 +124,7 @@ static struct gpiod_lookup_table gpios_key_table = {
 	.table = {
 		GPIO_LOOKUP_IDX(AMD_FCH_GPIO_DRIVER_NAME, APU2_GPIO_LINE_MODESW,
 				NULL, 0, GPIO_ACTIVE_LOW),
+		{} /* Terminating entry */
 	}
 };
 
-- 
2.30.2




^ permalink raw reply related	[flat|nested] 112+ messages in thread

* [PATCH 5.10 37/96] libbpf: Fix probe for BPF_PROG_TYPE_CGROUP_SOCKOPT
  2021-08-16 13:01 [PATCH 5.10 00/96] 5.10.60-rc1 review Greg Kroah-Hartman
                   ` (35 preceding siblings ...)
  2021-08-16 13:01 ` [PATCH 5.10 36/96] platform/x86: pcengines-apuv2: Add missing terminating entries to gpio-lookup tables Greg Kroah-Hartman
@ 2021-08-16 13:01 ` Greg Kroah-Hartman
  2021-08-16 13:01 ` [PATCH 5.10 38/96] bpf: Fix integer overflow involving bucket_size Greg Kroah-Hartman
                   ` (58 subsequent siblings)
  95 siblings, 0 replies; 112+ messages in thread
From: Greg Kroah-Hartman @ 2021-08-16 13:01 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Robin Gögge, Andrii Nakryiko,
	Daniel Borkmann, Quentin Monnet, Sasha Levin

From: Robin Gögge <r.goegge@googlemail.com>

[ Upstream commit 78d14bda861dd2729f15bb438fe355b48514bfe0 ]

This patch fixes the probe for BPF_PROG_TYPE_CGROUP_SOCKOPT,
so the probe reports accurate results when used by e.g.
bpftool.

Fixes: 4cdbfb59c44a ("libbpf: support sockopt hooks")
Signed-off-by: Robin Gögge <r.goegge@gmail.com>
Signed-off-by: Andrii Nakryiko <andrii@kernel.org>
Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
Reviewed-by: Quentin Monnet <quentin@isovalent.com>
Link: https://lore.kernel.org/bpf/20210728225825.2357586-1-r.goegge@gmail.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 tools/lib/bpf/libbpf_probes.c | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/tools/lib/bpf/libbpf_probes.c b/tools/lib/bpf/libbpf_probes.c
index 5482a9b7ae2d..d38284a3aaf0 100644
--- a/tools/lib/bpf/libbpf_probes.c
+++ b/tools/lib/bpf/libbpf_probes.c
@@ -75,6 +75,9 @@ probe_load(enum bpf_prog_type prog_type, const struct bpf_insn *insns,
 	case BPF_PROG_TYPE_CGROUP_SOCK_ADDR:
 		xattr.expected_attach_type = BPF_CGROUP_INET4_CONNECT;
 		break;
+	case BPF_PROG_TYPE_CGROUP_SOCKOPT:
+		xattr.expected_attach_type = BPF_CGROUP_GETSOCKOPT;
+		break;
 	case BPF_PROG_TYPE_SK_LOOKUP:
 		xattr.expected_attach_type = BPF_SK_LOOKUP;
 		break;
@@ -104,7 +107,6 @@ probe_load(enum bpf_prog_type prog_type, const struct bpf_insn *insns,
 	case BPF_PROG_TYPE_SK_REUSEPORT:
 	case BPF_PROG_TYPE_FLOW_DISSECTOR:
 	case BPF_PROG_TYPE_CGROUP_SYSCTL:
-	case BPF_PROG_TYPE_CGROUP_SOCKOPT:
 	case BPF_PROG_TYPE_TRACING:
 	case BPF_PROG_TYPE_STRUCT_OPS:
 	case BPF_PROG_TYPE_EXT:
-- 
2.30.2




^ permalink raw reply related	[flat|nested] 112+ messages in thread

* [PATCH 5.10 38/96] bpf: Fix integer overflow involving bucket_size
  2021-08-16 13:01 [PATCH 5.10 00/96] 5.10.60-rc1 review Greg Kroah-Hartman
                   ` (36 preceding siblings ...)
  2021-08-16 13:01 ` [PATCH 5.10 37/96] libbpf: Fix probe for BPF_PROG_TYPE_CGROUP_SOCKOPT Greg Kroah-Hartman
@ 2021-08-16 13:01 ` Greg Kroah-Hartman
  2021-08-16 13:01 ` [PATCH 5.10 39/96] net: phy: micrel: Fix link detection on ksz87xx switch" Greg Kroah-Hartman
                   ` (57 subsequent siblings)
  95 siblings, 0 replies; 112+ messages in thread
From: Greg Kroah-Hartman @ 2021-08-16 13:01 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Tatsuhiko Yasumatsu, Daniel Borkmann,
	Sasha Levin

From: Tatsuhiko Yasumatsu <th.yasumatsu@gmail.com>

[ Upstream commit c4eb1f403243fc7bbb7de644db8587c03de36da6 ]

In __htab_map_lookup_and_delete_batch(), hash buckets are iterated
over to count the number of elements in each bucket (bucket_size).
If bucket_size is large enough, the multiplication to calculate
kvmalloc() size could overflow, resulting in out-of-bounds write
as reported by KASAN:

  [...]
  [  104.986052] BUG: KASAN: vmalloc-out-of-bounds in __htab_map_lookup_and_delete_batch+0x5ce/0xb60
  [  104.986489] Write of size 4194224 at addr ffffc9010503be70 by task crash/112
  [  104.986889]
  [  104.987193] CPU: 0 PID: 112 Comm: crash Not tainted 5.14.0-rc4 #13
  [  104.987552] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.13.0-1ubuntu1.1 04/01/2014
  [  104.988104] Call Trace:
  [  104.988410]  dump_stack_lvl+0x34/0x44
  [  104.988706]  print_address_description.constprop.0+0x21/0x140
  [  104.988991]  ? __htab_map_lookup_and_delete_batch+0x5ce/0xb60
  [  104.989327]  ? __htab_map_lookup_and_delete_batch+0x5ce/0xb60
  [  104.989622]  kasan_report.cold+0x7f/0x11b
  [  104.989881]  ? __htab_map_lookup_and_delete_batch+0x5ce/0xb60
  [  104.990239]  kasan_check_range+0x17c/0x1e0
  [  104.990467]  memcpy+0x39/0x60
  [  104.990670]  __htab_map_lookup_and_delete_batch+0x5ce/0xb60
  [  104.990982]  ? __wake_up_common+0x4d/0x230
  [  104.991256]  ? htab_of_map_free+0x130/0x130
  [  104.991541]  bpf_map_do_batch+0x1fb/0x220
  [...]

In hashtable, if the elements' keys have the same jhash() value, the
elements will be put into the same bucket. By putting a lot of elements
into a single bucket, the value of bucket_size can be increased to
trigger the integer overflow.

Triggering the overflow is possible for both callers with CAP_SYS_ADMIN
and callers without CAP_SYS_ADMIN.

It will be trivial for a caller with CAP_SYS_ADMIN to intentionally
reach this overflow by enabling BPF_F_ZERO_SEED. As this flag will set
the random seed passed to jhash() to 0, it will be easy for the caller
to prepare keys which will be hashed into the same value, and thus put
all the elements into the same bucket.

If the caller does not have CAP_SYS_ADMIN, BPF_F_ZERO_SEED cannot be
used. However, it will be still technically possible to trigger the
overflow, by guessing the random seed value passed to jhash() (32bit)
and repeating the attempt to trigger the overflow. In this case,
the probability to trigger the overflow will be low and will take
a very long time.

Fix the integer overflow by calling kvmalloc_array() instead of
kvmalloc() to allocate memory.

Fixes: 057996380a42 ("bpf: Add batch ops to all htab bpf map")
Signed-off-by: Tatsuhiko Yasumatsu <th.yasumatsu@gmail.com>
Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
Link: https://lore.kernel.org/bpf/20210806150419.109658-1-th.yasumatsu@gmail.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 kernel/bpf/hashtab.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/kernel/bpf/hashtab.c b/kernel/bpf/hashtab.c
index 1fccba6e88c4..6c444e815406 100644
--- a/kernel/bpf/hashtab.c
+++ b/kernel/bpf/hashtab.c
@@ -1425,8 +1425,8 @@ alloc:
 	/* We cannot do copy_from_user or copy_to_user inside
 	 * the rcu_read_lock. Allocate enough space here.
 	 */
-	keys = kvmalloc(key_size * bucket_size, GFP_USER | __GFP_NOWARN);
-	values = kvmalloc(value_size * bucket_size, GFP_USER | __GFP_NOWARN);
+	keys = kvmalloc_array(key_size, bucket_size, GFP_USER | __GFP_NOWARN);
+	values = kvmalloc_array(value_size, bucket_size, GFP_USER | __GFP_NOWARN);
 	if (!keys || !values) {
 		ret = -ENOMEM;
 		goto after_loop;
-- 
2.30.2




^ permalink raw reply related	[flat|nested] 112+ messages in thread

* [PATCH 5.10 39/96] net: phy: micrel: Fix link detection on ksz87xx switch"
  2021-08-16 13:01 [PATCH 5.10 00/96] 5.10.60-rc1 review Greg Kroah-Hartman
                   ` (37 preceding siblings ...)
  2021-08-16 13:01 ` [PATCH 5.10 38/96] bpf: Fix integer overflow involving bucket_size Greg Kroah-Hartman
@ 2021-08-16 13:01 ` Greg Kroah-Hartman
  2021-08-16 13:01 ` [PATCH 5.10 40/96] ppp: Fix generating ifname when empty IFLA_IFNAME is specified Greg Kroah-Hartman
                   ` (56 subsequent siblings)
  95 siblings, 0 replies; 112+ messages in thread
From: Greg Kroah-Hartman @ 2021-08-16 13:01 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Ben Hutchings, David S. Miller, Sasha Levin

From: Ben Hutchings <ben.hutchings@mind.be>

[ Upstream commit 2383cb9497d113360137a2be308b390faa80632d ]

Commit a5e63c7d38d5 "net: phy: micrel: Fix detection of ksz87xx
switch" broke link detection on the external ports of the KSZ8795.

The previously unused phy_driver structure for these devices specifies
config_aneg and read_status functions that appear to be designed for a
fixed link and do not work with the embedded PHYs in the KSZ8795.

Delete the use of these functions in favour of the generic PHY
implementations which were used previously.

Fixes: a5e63c7d38d5 ("net: phy: micrel: Fix detection of ksz87xx switch")
Signed-off-by: Ben Hutchings <ben.hutchings@mind.be>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 drivers/net/phy/micrel.c | 2 --
 1 file changed, 2 deletions(-)

diff --git a/drivers/net/phy/micrel.c b/drivers/net/phy/micrel.c
index 9a566c5b36a6..69b20a466c61 100644
--- a/drivers/net/phy/micrel.c
+++ b/drivers/net/phy/micrel.c
@@ -1374,8 +1374,6 @@ static struct phy_driver ksphy_driver[] = {
 	.name		= "Micrel KSZ87XX Switch",
 	/* PHY_BASIC_FEATURES */
 	.config_init	= kszphy_config_init,
-	.config_aneg	= ksz8873mll_config_aneg,
-	.read_status	= ksz8873mll_read_status,
 	.match_phy_device = ksz8795_match_phy_device,
 	.suspend	= genphy_suspend,
 	.resume		= genphy_resume,
-- 
2.30.2




^ permalink raw reply related	[flat|nested] 112+ messages in thread

* [PATCH 5.10 40/96] ppp: Fix generating ifname when empty IFLA_IFNAME is specified
  2021-08-16 13:01 [PATCH 5.10 00/96] 5.10.60-rc1 review Greg Kroah-Hartman
                   ` (38 preceding siblings ...)
  2021-08-16 13:01 ` [PATCH 5.10 39/96] net: phy: micrel: Fix link detection on ksz87xx switch" Greg Kroah-Hartman
@ 2021-08-16 13:01 ` Greg Kroah-Hartman
  2021-08-16 13:01 ` [PATCH 5.10 41/96] net/smc: fix wait on already cleared link Greg Kroah-Hartman
                   ` (55 subsequent siblings)
  95 siblings, 0 replies; 112+ messages in thread
From: Greg Kroah-Hartman @ 2021-08-16 13:01 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Pali Rohár, David S. Miller,
	Sasha Levin

From: Pali Rohár <pali@kernel.org>

[ Upstream commit 2459dcb96bcba94c08d6861f8a050185ff301672 ]

IFLA_IFNAME is nul-term string which means that IFLA_IFNAME buffer can be
larger than length of string which contains.

Function __rtnl_newlink() generates new own ifname if either IFLA_IFNAME
was not specified at all or userspace passed empty nul-term string.

It is expected that if userspace does not specify ifname for new ppp netdev
then kernel generates one in format "ppp<id>" where id matches to the ppp
unit id which can be later obtained by PPPIOCGUNIT ioctl.

And it works in this way if IFLA_IFNAME is not specified at all. But it
does not work when IFLA_IFNAME is specified with empty string.

So fix this logic also for empty IFLA_IFNAME in ppp_nl_newlink() function
and correctly generates ifname based on ppp unit identifier if userspace
did not provided preferred ifname.

Without this patch when IFLA_IFNAME was specified with empty string then
kernel created a new ppp interface in format "ppp<id>" but id did not
match ppp unit id returned by PPPIOCGUNIT ioctl. In this case id was some
number generated by __rtnl_newlink() function.

Signed-off-by: Pali Rohár <pali@kernel.org>
Fixes: bb8082f69138 ("ppp: build ifname using unit identifier for rtnl based devices")
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 drivers/net/ppp/ppp_generic.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/drivers/net/ppp/ppp_generic.c b/drivers/net/ppp/ppp_generic.c
index f7a13529e4ad..33b2e0fb68bb 100644
--- a/drivers/net/ppp/ppp_generic.c
+++ b/drivers/net/ppp/ppp_generic.c
@@ -1207,7 +1207,7 @@ static int ppp_nl_newlink(struct net *src_net, struct net_device *dev,
 	 * the PPP unit identifer as suffix (i.e. ppp<unit_id>). This allows
 	 * userspace to infer the device name using to the PPPIOCGUNIT ioctl.
 	 */
-	if (!tb[IFLA_IFNAME])
+	if (!tb[IFLA_IFNAME] || !nla_len(tb[IFLA_IFNAME]) || !*(char *)nla_data(tb[IFLA_IFNAME]))
 		conf.ifname_is_set = false;
 
 	err = ppp_dev_configure(src_net, dev, &conf);
-- 
2.30.2




^ permalink raw reply related	[flat|nested] 112+ messages in thread

* [PATCH 5.10 41/96] net/smc: fix wait on already cleared link
  2021-08-16 13:01 [PATCH 5.10 00/96] 5.10.60-rc1 review Greg Kroah-Hartman
                   ` (39 preceding siblings ...)
  2021-08-16 13:01 ` [PATCH 5.10 40/96] ppp: Fix generating ifname when empty IFLA_IFNAME is specified Greg Kroah-Hartman
@ 2021-08-16 13:01 ` Greg Kroah-Hartman
  2021-08-16 13:01 ` [PATCH 5.10 42/96] net: sched: act_mirred: Reset ct info when mirror/redirect skb Greg Kroah-Hartman
                   ` (54 subsequent siblings)
  95 siblings, 0 replies; 112+ messages in thread
From: Greg Kroah-Hartman @ 2021-08-16 13:01 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Karsten Graul, Guvenc Gulce,
	David S. Miller, Sasha Levin

From: Karsten Graul <kgraul@linux.ibm.com>

[ Upstream commit 8f3d65c166797746455553f4eaf74a5f89f996d4 ]

There can be a race between the waiters for a tx work request buffer
and the link down processing that finally clears the link. Although
all waiters are woken up before the link is cleared there might be
waiters which did not yet get back control and are still waiting.
This results in an access to a cleared wait queue head.

Fix this by introducing atomic reference counting around the wait calls,
and wait with the link clear processing until all waiters have finished.
Move the work request layer related calls into smc_wr.c and set the
link state to INACTIVE before calling smcr_link_clear() in
smc_llc_srv_add_link().

Fixes: 15e1b99aadfb ("net/smc: no WR buffer wait for terminating link group")
Signed-off-by: Karsten Graul <kgraul@linux.ibm.com>
Signed-off-by: Guvenc Gulce <guvenc@linux.ibm.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 net/smc/smc_core.h |  2 ++
 net/smc/smc_llc.c  | 10 ++++------
 net/smc/smc_tx.c   | 18 +++++++++++++++++-
 net/smc/smc_wr.c   | 10 ++++++++++
 4 files changed, 33 insertions(+), 7 deletions(-)

diff --git a/net/smc/smc_core.h b/net/smc/smc_core.h
index f1e867ce2e63..4745a9a5a28f 100644
--- a/net/smc/smc_core.h
+++ b/net/smc/smc_core.h
@@ -94,6 +94,7 @@ struct smc_link {
 	unsigned long		*wr_tx_mask;	/* bit mask of used indexes */
 	u32			wr_tx_cnt;	/* number of WR send buffers */
 	wait_queue_head_t	wr_tx_wait;	/* wait for free WR send buf */
+	atomic_t		wr_tx_refcnt;	/* tx refs to link */
 
 	struct smc_wr_buf	*wr_rx_bufs;	/* WR recv payload buffers */
 	struct ib_recv_wr	*wr_rx_ibs;	/* WR recv meta data */
@@ -106,6 +107,7 @@ struct smc_link {
 
 	struct ib_reg_wr	wr_reg;		/* WR register memory region */
 	wait_queue_head_t	wr_reg_wait;	/* wait for wr_reg result */
+	atomic_t		wr_reg_refcnt;	/* reg refs to link */
 	enum smc_wr_reg_state	wr_reg_state;	/* state of wr_reg request */
 
 	u8			gid[SMC_GID_SIZE];/* gid matching used vlan id*/
diff --git a/net/smc/smc_llc.c b/net/smc/smc_llc.c
index 273eaf1bfe49..2e7560eba981 100644
--- a/net/smc/smc_llc.c
+++ b/net/smc/smc_llc.c
@@ -888,6 +888,7 @@ int smc_llc_cli_add_link(struct smc_link *link, struct smc_llc_qentry *qentry)
 	if (!rc)
 		goto out;
 out_clear_lnk:
+	lnk_new->state = SMC_LNK_INACTIVE;
 	smcr_link_clear(lnk_new, false);
 out_reject:
 	smc_llc_cli_add_link_reject(qentry);
@@ -1184,6 +1185,7 @@ int smc_llc_srv_add_link(struct smc_link *link)
 		goto out_err;
 	return 0;
 out_err:
+	link_new->state = SMC_LNK_INACTIVE;
 	smcr_link_clear(link_new, false);
 	return rc;
 }
@@ -1286,10 +1288,8 @@ static void smc_llc_process_cli_delete_link(struct smc_link_group *lgr)
 	del_llc->reason = 0;
 	smc_llc_send_message(lnk, &qentry->msg); /* response */
 
-	if (smc_link_downing(&lnk_del->state)) {
-		if (smc_switch_conns(lgr, lnk_del, false))
-			smc_wr_tx_wait_no_pending_sends(lnk_del);
-	}
+	if (smc_link_downing(&lnk_del->state))
+		smc_switch_conns(lgr, lnk_del, false);
 	smcr_link_clear(lnk_del, true);
 
 	active_links = smc_llc_active_link_count(lgr);
@@ -1805,8 +1805,6 @@ void smc_llc_link_clear(struct smc_link *link, bool log)
 				    link->smcibdev->ibdev->name, link->ibport);
 	complete(&link->llc_testlink_resp);
 	cancel_delayed_work_sync(&link->llc_testlink_wrk);
-	smc_wr_wakeup_reg_wait(link);
-	smc_wr_wakeup_tx_wait(link);
 }
 
 /* register a new rtoken at the remote peer (for all links) */
diff --git a/net/smc/smc_tx.c b/net/smc/smc_tx.c
index 4532c16bf85e..ff02952b3d03 100644
--- a/net/smc/smc_tx.c
+++ b/net/smc/smc_tx.c
@@ -479,7 +479,7 @@ static int smc_tx_rdma_writes(struct smc_connection *conn,
 /* Wakeup sndbuf consumers from any context (IRQ or process)
  * since there is more data to transmit; usable snd_wnd as max transmit
  */
-static int smcr_tx_sndbuf_nonempty(struct smc_connection *conn)
+static int _smcr_tx_sndbuf_nonempty(struct smc_connection *conn)
 {
 	struct smc_cdc_producer_flags *pflags = &conn->local_tx_ctrl.prod_flags;
 	struct smc_link *link = conn->lnk;
@@ -533,6 +533,22 @@ out_unlock:
 	return rc;
 }
 
+static int smcr_tx_sndbuf_nonempty(struct smc_connection *conn)
+{
+	struct smc_link *link = conn->lnk;
+	int rc = -ENOLINK;
+
+	if (!link)
+		return rc;
+
+	atomic_inc(&link->wr_tx_refcnt);
+	if (smc_link_usable(link))
+		rc = _smcr_tx_sndbuf_nonempty(conn);
+	if (atomic_dec_and_test(&link->wr_tx_refcnt))
+		wake_up_all(&link->wr_tx_wait);
+	return rc;
+}
+
 static int smcd_tx_sndbuf_nonempty(struct smc_connection *conn)
 {
 	struct smc_cdc_producer_flags *pflags = &conn->local_tx_ctrl.prod_flags;
diff --git a/net/smc/smc_wr.c b/net/smc/smc_wr.c
index 1e23cdd41eb1..9dbe4804853e 100644
--- a/net/smc/smc_wr.c
+++ b/net/smc/smc_wr.c
@@ -322,9 +322,12 @@ int smc_wr_reg_send(struct smc_link *link, struct ib_mr *mr)
 	if (rc)
 		return rc;
 
+	atomic_inc(&link->wr_reg_refcnt);
 	rc = wait_event_interruptible_timeout(link->wr_reg_wait,
 					      (link->wr_reg_state != POSTED),
 					      SMC_WR_REG_MR_WAIT_TIME);
+	if (atomic_dec_and_test(&link->wr_reg_refcnt))
+		wake_up_all(&link->wr_reg_wait);
 	if (!rc) {
 		/* timeout - terminate link */
 		smcr_link_down_cond_sched(link);
@@ -566,10 +569,15 @@ void smc_wr_free_link(struct smc_link *lnk)
 		return;
 	ibdev = lnk->smcibdev->ibdev;
 
+	smc_wr_wakeup_reg_wait(lnk);
+	smc_wr_wakeup_tx_wait(lnk);
+
 	if (smc_wr_tx_wait_no_pending_sends(lnk))
 		memset(lnk->wr_tx_mask, 0,
 		       BITS_TO_LONGS(SMC_WR_BUF_CNT) *
 						sizeof(*lnk->wr_tx_mask));
+	wait_event(lnk->wr_reg_wait, (!atomic_read(&lnk->wr_reg_refcnt)));
+	wait_event(lnk->wr_tx_wait, (!atomic_read(&lnk->wr_tx_refcnt)));
 
 	if (lnk->wr_rx_dma_addr) {
 		ib_dma_unmap_single(ibdev, lnk->wr_rx_dma_addr,
@@ -730,7 +738,9 @@ int smc_wr_create_link(struct smc_link *lnk)
 	memset(lnk->wr_tx_mask, 0,
 	       BITS_TO_LONGS(SMC_WR_BUF_CNT) * sizeof(*lnk->wr_tx_mask));
 	init_waitqueue_head(&lnk->wr_tx_wait);
+	atomic_set(&lnk->wr_tx_refcnt, 0);
 	init_waitqueue_head(&lnk->wr_reg_wait);
+	atomic_set(&lnk->wr_reg_refcnt, 0);
 	return rc;
 
 dma_unmap:
-- 
2.30.2




^ permalink raw reply related	[flat|nested] 112+ messages in thread

* [PATCH 5.10 42/96] net: sched: act_mirred: Reset ct info when mirror/redirect skb
  2021-08-16 13:01 [PATCH 5.10 00/96] 5.10.60-rc1 review Greg Kroah-Hartman
                   ` (40 preceding siblings ...)
  2021-08-16 13:01 ` [PATCH 5.10 41/96] net/smc: fix wait on already cleared link Greg Kroah-Hartman
@ 2021-08-16 13:01 ` Greg Kroah-Hartman
  2021-08-16 13:01 ` [PATCH 5.10 43/96] ice: Prevent probing virtual functions Greg Kroah-Hartman
                   ` (53 subsequent siblings)
  95 siblings, 0 replies; 112+ messages in thread
From: Greg Kroah-Hartman @ 2021-08-16 13:01 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Roi Dayan, Hangbin Liu,
	David S. Miller, Sasha Levin

From: Hangbin Liu <liuhangbin@gmail.com>

[ Upstream commit d09c548dbf3b31cb07bba562e0f452edfa01efe3 ]

When mirror/redirect a skb to a different port, the ct info should be reset
for reclassification. Or the pkts will match unexpected rules. For example,
with following topology and commands:

    -----------
              |
       veth0 -+-------
              |
       veth1 -+-------
              |
   ------------

 tc qdisc add dev veth0 clsact
 # The same with "action mirred egress mirror dev veth1" or "action mirred ingress redirect dev veth1"
 tc filter add dev veth0 egress chain 1 protocol ip flower ct_state +trk action mirred ingress mirror dev veth1
 tc filter add dev veth0 egress chain 0 protocol ip flower ct_state -inv action ct commit action goto chain 1
 tc qdisc add dev veth1 clsact
 tc filter add dev veth1 ingress chain 0 protocol ip flower ct_state +trk action drop

 ping <remove ip via veth0> &
 tc -s filter show dev veth1 ingress

With command 'tc -s filter show', we can find the pkts were dropped on
veth1.

Fixes: b57dc7c13ea9 ("net/sched: Introduce action ct")
Signed-off-by: Roi Dayan <roid@nvidia.com>
Signed-off-by: Hangbin Liu <liuhangbin@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 net/sched/act_mirred.c | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/net/sched/act_mirred.c b/net/sched/act_mirred.c
index e24b7e2331cd..0b0eb18919c0 100644
--- a/net/sched/act_mirred.c
+++ b/net/sched/act_mirred.c
@@ -261,6 +261,9 @@ static int tcf_mirred_act(struct sk_buff *skb, const struct tc_action *a,
 			goto out;
 	}
 
+	/* All mirred/redirected skbs should clear previous ct info */
+	nf_reset_ct(skb2);
+
 	want_ingress = tcf_mirred_act_wants_ingress(m_eaction);
 
 	expects_nh = want_ingress || !m_mac_header_xmit;
-- 
2.30.2




^ permalink raw reply related	[flat|nested] 112+ messages in thread

* [PATCH 5.10 43/96] ice: Prevent probing virtual functions
  2021-08-16 13:01 [PATCH 5.10 00/96] 5.10.60-rc1 review Greg Kroah-Hartman
                   ` (41 preceding siblings ...)
  2021-08-16 13:01 ` [PATCH 5.10 42/96] net: sched: act_mirred: Reset ct info when mirror/redirect skb Greg Kroah-Hartman
@ 2021-08-16 13:01 ` Greg Kroah-Hartman
  2021-08-16 13:01 ` [PATCH 5.10 44/96] ice: dont remove netdev->dev_addr from uc sync list Greg Kroah-Hartman
                   ` (52 subsequent siblings)
  95 siblings, 0 replies; 112+ messages in thread
From: Greg Kroah-Hartman @ 2021-08-16 13:01 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Anirudh Venkataramanan, Gurucharan G,
	Konrad Jankowski, Tony Nguyen, Sasha Levin

From: Anirudh Venkataramanan <anirudh.venkataramanan@intel.com>

[ Upstream commit 50ac7479846053ca8054be833c1594e64de496bb ]

The userspace utility "driverctl" can be used to change/override the
system's default driver choices. This is useful in some situations
(buggy driver, old driver missing a device ID, trying a workaround,
etc.) where the user needs to load a different driver.

However, this is also prone to user error, where a driver is mapped
to a device it's not designed to drive. For example, if the ice driver
is mapped to driver iavf devices, the ice driver crashes.

Add a check to return an error if the ice driver is being used to
probe a virtual function.

Fixes: 837f08fdecbe ("ice: Add basic driver framework for Intel(R) E800 Series")
Signed-off-by: Anirudh Venkataramanan <anirudh.venkataramanan@intel.com>
Tested-by: Gurucharan G <gurucharanx.g@intel.com>
Tested-by: Konrad Jankowski <konrad0.jankowski@intel.com>
Signed-off-by: Tony Nguyen <anthony.l.nguyen@intel.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 drivers/net/ethernet/intel/ice/ice_main.c | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/drivers/net/ethernet/intel/ice/ice_main.c b/drivers/net/ethernet/intel/ice/ice_main.c
index 1567ddd4c5b8..6421e9fd69a2 100644
--- a/drivers/net/ethernet/intel/ice/ice_main.c
+++ b/drivers/net/ethernet/intel/ice/ice_main.c
@@ -3991,6 +3991,11 @@ ice_probe(struct pci_dev *pdev, const struct pci_device_id __always_unused *ent)
 	struct ice_hw *hw;
 	int i, err;
 
+	if (pdev->is_virtfn) {
+		dev_err(dev, "can't probe a virtual function\n");
+		return -EINVAL;
+	}
+
 	/* this driver uses devres, see
 	 * Documentation/driver-api/driver-model/devres.rst
 	 */
-- 
2.30.2




^ permalink raw reply related	[flat|nested] 112+ messages in thread

* [PATCH 5.10 44/96] ice: dont remove netdev->dev_addr from uc sync list
  2021-08-16 13:01 [PATCH 5.10 00/96] 5.10.60-rc1 review Greg Kroah-Hartman
                   ` (42 preceding siblings ...)
  2021-08-16 13:01 ` [PATCH 5.10 43/96] ice: Prevent probing virtual functions Greg Kroah-Hartman
@ 2021-08-16 13:01 ` Greg Kroah-Hartman
  2021-08-16 13:01 ` [PATCH 5.10 45/96] iavf: Set RSS LUT and key in reset handle path Greg Kroah-Hartman
                   ` (51 subsequent siblings)
  95 siblings, 0 replies; 112+ messages in thread
From: Greg Kroah-Hartman @ 2021-08-16 13:01 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Brett Creeley, Liang Li,
	Gurucharan G, Tony Nguyen, Sasha Levin

From: Brett Creeley <brett.creeley@intel.com>

[ Upstream commit 3ba7f53f8bf1fb862e36c7f74434ac3aceb60158 ]

In some circumstances, such as with bridging, it's possible that the
stack will add the device's own MAC address to its unicast address list.

If, later, the stack deletes this address, the driver will receive a
request to remove this address.

The driver stores its current MAC address as part of the VSI MAC filter
list instead of separately. So, this causes a problem when the device's
MAC address is deleted unexpectedly, which results in traffic failure in
some cases.

The following configuration steps will reproduce the previously
mentioned problem:

> ip link set eth0 up
> ip link add dev br0 type bridge
> ip link set br0 up
> ip addr flush dev eth0
> ip link set eth0 master br0
> echo 1 > /sys/class/net/br0/bridge/vlan_filtering
> modprobe -r veth
> modprobe -r bridge
> ip addr add 192.168.1.100/24 dev eth0

The following ping command fails due to the netdev->dev_addr being
deleted when removing the bridge module.
> ping <link partner>

Fix this by making sure to not delete the netdev->dev_addr during MAC
address sync. After fixing this issue it was noticed that the
netdev_warn() in .set_mac was overly verbose, so make it at
netdev_dbg().

Also, there is a possibility of a race condition between .set_mac and
.set_rx_mode. Fix this by calling netif_addr_lock_bh() and
netif_addr_unlock_bh() on the device's netdev when the netdev->dev_addr
is going to be updated in .set_mac.

Fixes: e94d44786693 ("ice: Implement filter sync, NDO operations and bump version")
Signed-off-by: Brett Creeley <brett.creeley@intel.com>
Tested-by: Liang Li <liali@redhat.com>
Tested-by: Gurucharan G <gurucharanx.g@intel.com>
Signed-off-by: Tony Nguyen <anthony.l.nguyen@intel.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 drivers/net/ethernet/intel/ice/ice_main.c | 23 +++++++++++++++--------
 1 file changed, 15 insertions(+), 8 deletions(-)

diff --git a/drivers/net/ethernet/intel/ice/ice_main.c b/drivers/net/ethernet/intel/ice/ice_main.c
index 6421e9fd69a2..a46780570cd9 100644
--- a/drivers/net/ethernet/intel/ice/ice_main.c
+++ b/drivers/net/ethernet/intel/ice/ice_main.c
@@ -189,6 +189,14 @@ static int ice_add_mac_to_unsync_list(struct net_device *netdev, const u8 *addr)
 	struct ice_netdev_priv *np = netdev_priv(netdev);
 	struct ice_vsi *vsi = np->vsi;
 
+	/* Under some circumstances, we might receive a request to delete our
+	 * own device address from our uc list. Because we store the device
+	 * address in the VSI's MAC filter list, we need to ignore such
+	 * requests and not delete our device address from this list.
+	 */
+	if (ether_addr_equal(addr, netdev->dev_addr))
+		return 0;
+
 	if (ice_fltr_add_mac_to_list(vsi, &vsi->tmp_unsync_list, addr,
 				     ICE_FWD_TO_VSI))
 		return -EINVAL;
@@ -4881,7 +4889,7 @@ static int ice_set_mac_address(struct net_device *netdev, void *pi)
 		return -EADDRNOTAVAIL;
 
 	if (ether_addr_equal(netdev->dev_addr, mac)) {
-		netdev_warn(netdev, "already using mac %pM\n", mac);
+		netdev_dbg(netdev, "already using mac %pM\n", mac);
 		return 0;
 	}
 
@@ -4892,6 +4900,7 @@ static int ice_set_mac_address(struct net_device *netdev, void *pi)
 		return -EBUSY;
 	}
 
+	netif_addr_lock_bh(netdev);
 	/* Clean up old MAC filter. Not an error if old filter doesn't exist */
 	status = ice_fltr_remove_mac(vsi, netdev->dev_addr, ICE_FWD_TO_VSI);
 	if (status && status != ICE_ERR_DOES_NOT_EXIST) {
@@ -4901,30 +4910,28 @@ static int ice_set_mac_address(struct net_device *netdev, void *pi)
 
 	/* Add filter for new MAC. If filter exists, return success */
 	status = ice_fltr_add_mac(vsi, mac, ICE_FWD_TO_VSI);
-	if (status == ICE_ERR_ALREADY_EXISTS) {
+	if (status == ICE_ERR_ALREADY_EXISTS)
 		/* Although this MAC filter is already present in hardware it's
 		 * possible in some cases (e.g. bonding) that dev_addr was
 		 * modified outside of the driver and needs to be restored back
 		 * to this value.
 		 */
-		memcpy(netdev->dev_addr, mac, netdev->addr_len);
 		netdev_dbg(netdev, "filter for MAC %pM already exists\n", mac);
-		return 0;
-	}
-
-	/* error if the new filter addition failed */
-	if (status)
+	else if (status)
+		/* error if the new filter addition failed */
 		err = -EADDRNOTAVAIL;
 
 err_update_filters:
 	if (err) {
 		netdev_err(netdev, "can't set MAC %pM. filter update failed\n",
 			   mac);
+		netif_addr_unlock_bh(netdev);
 		return err;
 	}
 
 	/* change the netdev's MAC address */
 	memcpy(netdev->dev_addr, mac, netdev->addr_len);
+	netif_addr_unlock_bh(netdev);
 	netdev_dbg(vsi->netdev, "updated MAC address to %pM\n",
 		   netdev->dev_addr);
 
-- 
2.30.2




^ permalink raw reply related	[flat|nested] 112+ messages in thread

* [PATCH 5.10 45/96] iavf: Set RSS LUT and key in reset handle path
  2021-08-16 13:01 [PATCH 5.10 00/96] 5.10.60-rc1 review Greg Kroah-Hartman
                   ` (43 preceding siblings ...)
  2021-08-16 13:01 ` [PATCH 5.10 44/96] ice: dont remove netdev->dev_addr from uc sync list Greg Kroah-Hartman
@ 2021-08-16 13:01 ` Greg Kroah-Hartman
  2021-08-16 13:01 ` [PATCH 5.10 46/96] psample: Add a fwd declaration for skbuff Greg Kroah-Hartman
                   ` (50 subsequent siblings)
  95 siblings, 0 replies; 112+ messages in thread
From: Greg Kroah-Hartman @ 2021-08-16 13:01 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Md Fahad Iqbal Polash,
	Konrad Jankowski, Tony Nguyen, Sasha Levin

From: Md Fahad Iqbal Polash <md.fahad.iqbal.polash@intel.com>

[ Upstream commit a7550f8b1c9712894f9e98d6caf5f49451ebd058 ]

iavf driver should set RSS LUT and key unconditionally in reset
path. Currently, the driver does not do that. This patch fixes
this issue.

Fixes: 2c86ac3c7079 ("i40evf: create a generic config RSS function")
Signed-off-by: Md Fahad Iqbal Polash <md.fahad.iqbal.polash@intel.com>
Tested-by: Konrad Jankowski <konrad0.jankowski@intel.com>
Signed-off-by: Tony Nguyen <anthony.l.nguyen@intel.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 drivers/net/ethernet/intel/iavf/iavf_main.c | 13 ++++++++-----
 1 file changed, 8 insertions(+), 5 deletions(-)

diff --git a/drivers/net/ethernet/intel/iavf/iavf_main.c b/drivers/net/ethernet/intel/iavf/iavf_main.c
index f3caf5eab8d4..c4ec9a91c7c5 100644
--- a/drivers/net/ethernet/intel/iavf/iavf_main.c
+++ b/drivers/net/ethernet/intel/iavf/iavf_main.c
@@ -1489,11 +1489,6 @@ static int iavf_reinit_interrupt_scheme(struct iavf_adapter *adapter)
 	set_bit(__IAVF_VSI_DOWN, adapter->vsi.state);
 
 	iavf_map_rings_to_vectors(adapter);
-
-	if (RSS_AQ(adapter))
-		adapter->aq_required |= IAVF_FLAG_AQ_CONFIGURE_RSS;
-	else
-		err = iavf_init_rss(adapter);
 err:
 	return err;
 }
@@ -2167,6 +2162,14 @@ continue_reset:
 			goto reset_err;
 	}
 
+	if (RSS_AQ(adapter)) {
+		adapter->aq_required |= IAVF_FLAG_AQ_CONFIGURE_RSS;
+	} else {
+		err = iavf_init_rss(adapter);
+		if (err)
+			goto reset_err;
+	}
+
 	adapter->aq_required |= IAVF_FLAG_AQ_GET_CONFIG;
 	adapter->aq_required |= IAVF_FLAG_AQ_MAP_VECTORS;
 
-- 
2.30.2




^ permalink raw reply related	[flat|nested] 112+ messages in thread

* [PATCH 5.10 46/96] psample: Add a fwd declaration for skbuff
  2021-08-16 13:01 [PATCH 5.10 00/96] 5.10.60-rc1 review Greg Kroah-Hartman
                   ` (44 preceding siblings ...)
  2021-08-16 13:01 ` [PATCH 5.10 45/96] iavf: Set RSS LUT and key in reset handle path Greg Kroah-Hartman
@ 2021-08-16 13:01 ` Greg Kroah-Hartman
  2021-08-16 13:01 ` [PATCH 5.10 47/96] bareudp: Fix invalid read beyond skbs linear data Greg Kroah-Hartman
                   ` (49 subsequent siblings)
  95 siblings, 0 replies; 112+ messages in thread
From: Greg Kroah-Hartman @ 2021-08-16 13:01 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Roi Dayan, Jakub Kicinski, Sasha Levin

From: Roi Dayan <roid@nvidia.com>

[ Upstream commit beb7f2de5728b0bd2140a652fa51f6ad85d159f7 ]

Without this there is a warning if source files include psample.h
before skbuff.h or doesn't include it at all.

Fixes: 6ae0a6286171 ("net: Introduce psample, a new genetlink channel for packet sampling")
Signed-off-by: Roi Dayan <roid@nvidia.com>
Link: https://lore.kernel.org/r/20210808065242.1522535-1-roid@nvidia.com
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 include/net/psample.h | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/include/net/psample.h b/include/net/psample.h
index 68ae16bb0a4a..20a17551f790 100644
--- a/include/net/psample.h
+++ b/include/net/psample.h
@@ -18,6 +18,8 @@ struct psample_group *psample_group_get(struct net *net, u32 group_num);
 void psample_group_take(struct psample_group *group);
 void psample_group_put(struct psample_group *group);
 
+struct sk_buff;
+
 #if IS_ENABLED(CONFIG_PSAMPLE)
 
 void psample_sample_packet(struct psample_group *group, struct sk_buff *skb,
-- 
2.30.2




^ permalink raw reply related	[flat|nested] 112+ messages in thread

* [PATCH 5.10 47/96] bareudp: Fix invalid read beyond skbs linear data
  2021-08-16 13:01 [PATCH 5.10 00/96] 5.10.60-rc1 review Greg Kroah-Hartman
                   ` (45 preceding siblings ...)
  2021-08-16 13:01 ` [PATCH 5.10 46/96] psample: Add a fwd declaration for skbuff Greg Kroah-Hartman
@ 2021-08-16 13:01 ` Greg Kroah-Hartman
  2021-08-16 13:01 ` [PATCH 5.10 48/96] net/mlx5: Synchronize correct IRQ when destroying CQ Greg Kroah-Hartman
                   ` (48 subsequent siblings)
  95 siblings, 0 replies; 112+ messages in thread
From: Greg Kroah-Hartman @ 2021-08-16 13:01 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Guillaume Nault, Jakub Kicinski, Sasha Levin

From: Guillaume Nault <gnault@redhat.com>

[ Upstream commit 143a8526ab5fd4f8a0c4fe2a9cb28c181dc5a95f ]

Data beyond the UDP header might not be part of the skb's linear data.
Use skb_copy_bits() instead of direct access to skb->data+X, so that
we read the correct bytes even on a fragmented skb.

Fixes: 4b5f67232d95 ("net: Special handling for IP & MPLS.")
Signed-off-by: Guillaume Nault <gnault@redhat.com>
Link: https://lore.kernel.org/r/7741c46545c6ef02e70c80a9b32814b22d9616b3.1628264975.git.gnault@redhat.com
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 drivers/net/bareudp.c | 16 +++++++++++-----
 1 file changed, 11 insertions(+), 5 deletions(-)

diff --git a/drivers/net/bareudp.c b/drivers/net/bareudp.c
index 59c1724bcd0e..39b128205f25 100644
--- a/drivers/net/bareudp.c
+++ b/drivers/net/bareudp.c
@@ -71,12 +71,18 @@ static int bareudp_udp_encap_recv(struct sock *sk, struct sk_buff *skb)
 		family = AF_INET6;
 
 	if (bareudp->ethertype == htons(ETH_P_IP)) {
-		struct iphdr *iphdr;
+		__u8 ipversion;
 
-		iphdr = (struct iphdr *)(skb->data + BAREUDP_BASE_HLEN);
-		if (iphdr->version == 4) {
-			proto = bareudp->ethertype;
-		} else if (bareudp->multi_proto_mode && (iphdr->version == 6)) {
+		if (skb_copy_bits(skb, BAREUDP_BASE_HLEN, &ipversion,
+				  sizeof(ipversion))) {
+			bareudp->dev->stats.rx_dropped++;
+			goto drop;
+		}
+		ipversion >>= 4;
+
+		if (ipversion == 4) {
+			proto = htons(ETH_P_IP);
+		} else if (ipversion == 6 && bareudp->multi_proto_mode) {
 			proto = htons(ETH_P_IPV6);
 		} else {
 			bareudp->dev->stats.rx_dropped++;
-- 
2.30.2




^ permalink raw reply related	[flat|nested] 112+ messages in thread

* [PATCH 5.10 48/96] net/mlx5: Synchronize correct IRQ when destroying CQ
  2021-08-16 13:01 [PATCH 5.10 00/96] 5.10.60-rc1 review Greg Kroah-Hartman
                   ` (46 preceding siblings ...)
  2021-08-16 13:01 ` [PATCH 5.10 47/96] bareudp: Fix invalid read beyond skbs linear data Greg Kroah-Hartman
@ 2021-08-16 13:01 ` Greg Kroah-Hartman
  2021-08-16 13:01 ` [PATCH 5.10 49/96] net/mlx5: Fix return value from tracer initialization Greg Kroah-Hartman
                   ` (47 subsequent siblings)
  95 siblings, 0 replies; 112+ messages in thread
From: Greg Kroah-Hartman @ 2021-08-16 13:01 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Shay Drory, Tariq Toukan,
	Saeed Mahameed, Sasha Levin

From: Shay Drory <shayd@nvidia.com>

[ Upstream commit 563476ae0c5e48a028cbfa38fa9d2fc0418eb88f ]

The CQ destroy is performed based on the IRQ number that is stored in
cq->irqn. That number wasn't set explicitly during CQ creation and as
expected some of the API users of mlx5_core_create_cq() forgot to update
it.

This caused to wrong synchronization call of the wrong IRQ with a number
0 instead of the real one.

As a fix, set the IRQ number directly in the mlx5_core_create_cq() and
update all users accordingly.

Fixes: 1a86b377aa21 ("vdpa/mlx5: Add VDPA driver for supported mlx5 devices")
Fixes: ef1659ade359 ("IB/mlx5: Add DEVX support for CQ events")
Signed-off-by: Shay Drory <shayd@nvidia.com>
Reviewed-by: Tariq Toukan <tariqt@nvidia.com>
Signed-off-by: Saeed Mahameed <saeedm@nvidia.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 drivers/infiniband/hw/mlx5/cq.c               |  4 +---
 drivers/infiniband/hw/mlx5/devx.c             |  3 +--
 drivers/net/ethernet/mellanox/mlx5/core/cq.c  |  1 +
 .../net/ethernet/mellanox/mlx5/core/en_main.c | 13 ++----------
 drivers/net/ethernet/mellanox/mlx5/core/eq.c  | 20 +++++++++++++++----
 .../ethernet/mellanox/mlx5/core/fpga/conn.c   |  4 +---
 .../net/ethernet/mellanox/mlx5/core/lib/eq.h  |  2 ++
 .../mellanox/mlx5/core/steering/dr_send.c     |  4 +---
 drivers/vdpa/mlx5/net/mlx5_vnet.c             |  3 +--
 include/linux/mlx5/driver.h                   |  3 +--
 10 files changed, 27 insertions(+), 30 deletions(-)

diff --git a/drivers/infiniband/hw/mlx5/cq.c b/drivers/infiniband/hw/mlx5/cq.c
index 372adb7ceb74..74644b6ea0ff 100644
--- a/drivers/infiniband/hw/mlx5/cq.c
+++ b/drivers/infiniband/hw/mlx5/cq.c
@@ -930,7 +930,6 @@ int mlx5_ib_create_cq(struct ib_cq *ibcq, const struct ib_cq_init_attr *attr,
 	u32 *cqb = NULL;
 	void *cqc;
 	int cqe_size;
-	unsigned int irqn;
 	int eqn;
 	int err;
 
@@ -969,7 +968,7 @@ int mlx5_ib_create_cq(struct ib_cq *ibcq, const struct ib_cq_init_attr *attr,
 		INIT_WORK(&cq->notify_work, notify_soft_wc_handler);
 	}
 
-	err = mlx5_vector2eqn(dev->mdev, vector, &eqn, &irqn);
+	err = mlx5_vector2eqn(dev->mdev, vector, &eqn);
 	if (err)
 		goto err_cqb;
 
@@ -992,7 +991,6 @@ int mlx5_ib_create_cq(struct ib_cq *ibcq, const struct ib_cq_init_attr *attr,
 		goto err_cqb;
 
 	mlx5_ib_dbg(dev, "cqn 0x%x\n", cq->mcq.cqn);
-	cq->mcq.irqn = irqn;
 	if (udata)
 		cq->mcq.tasklet_ctx.comp = mlx5_ib_cq_comp;
 	else
diff --git a/drivers/infiniband/hw/mlx5/devx.c b/drivers/infiniband/hw/mlx5/devx.c
index 06a873257619..343e6709d9fc 100644
--- a/drivers/infiniband/hw/mlx5/devx.c
+++ b/drivers/infiniband/hw/mlx5/devx.c
@@ -904,7 +904,6 @@ static int UVERBS_HANDLER(MLX5_IB_METHOD_DEVX_QUERY_EQN)(
 	struct mlx5_ib_dev *dev;
 	int user_vector;
 	int dev_eqn;
-	unsigned int irqn;
 	int err;
 
 	if (uverbs_copy_from(&user_vector, attrs,
@@ -916,7 +915,7 @@ static int UVERBS_HANDLER(MLX5_IB_METHOD_DEVX_QUERY_EQN)(
 		return PTR_ERR(c);
 	dev = to_mdev(c->ibucontext.device);
 
-	err = mlx5_vector2eqn(dev->mdev, user_vector, &dev_eqn, &irqn);
+	err = mlx5_vector2eqn(dev->mdev, user_vector, &dev_eqn);
 	if (err < 0)
 		return err;
 
diff --git a/drivers/net/ethernet/mellanox/mlx5/core/cq.c b/drivers/net/ethernet/mellanox/mlx5/core/cq.c
index df3e4938ecdd..360e093874d4 100644
--- a/drivers/net/ethernet/mellanox/mlx5/core/cq.c
+++ b/drivers/net/ethernet/mellanox/mlx5/core/cq.c
@@ -134,6 +134,7 @@ int mlx5_core_create_cq(struct mlx5_core_dev *dev, struct mlx5_core_cq *cq,
 			      cq->cqn);
 
 	cq->uar = dev->priv.uar;
+	cq->irqn = eq->core.irqn;
 
 	return 0;
 
diff --git a/drivers/net/ethernet/mellanox/mlx5/core/en_main.c b/drivers/net/ethernet/mellanox/mlx5/core/en_main.c
index d81fa8e56199..6b4a3d90c9f7 100644
--- a/drivers/net/ethernet/mellanox/mlx5/core/en_main.c
+++ b/drivers/net/ethernet/mellanox/mlx5/core/en_main.c
@@ -1547,15 +1547,9 @@ static int mlx5e_alloc_cq_common(struct mlx5_core_dev *mdev,
 				 struct mlx5e_cq *cq)
 {
 	struct mlx5_core_cq *mcq = &cq->mcq;
-	int eqn_not_used;
-	unsigned int irqn;
 	int err;
 	u32 i;
 
-	err = mlx5_vector2eqn(mdev, param->eq_ix, &eqn_not_used, &irqn);
-	if (err)
-		return err;
-
 	err = mlx5_cqwq_create(mdev, &param->wq, param->cqc, &cq->wq,
 			       &cq->wq_ctrl);
 	if (err)
@@ -1569,7 +1563,6 @@ static int mlx5e_alloc_cq_common(struct mlx5_core_dev *mdev,
 	mcq->vector     = param->eq_ix;
 	mcq->comp       = mlx5e_completion_event;
 	mcq->event      = mlx5e_cq_error_event;
-	mcq->irqn       = irqn;
 
 	for (i = 0; i < mlx5_cqwq_get_size(&cq->wq); i++) {
 		struct mlx5_cqe64 *cqe = mlx5_cqwq_get_wqe(&cq->wq, i);
@@ -1615,11 +1608,10 @@ static int mlx5e_create_cq(struct mlx5e_cq *cq, struct mlx5e_cq_param *param)
 	void *in;
 	void *cqc;
 	int inlen;
-	unsigned int irqn_not_used;
 	int eqn;
 	int err;
 
-	err = mlx5_vector2eqn(mdev, param->eq_ix, &eqn, &irqn_not_used);
+	err = mlx5_vector2eqn(mdev, param->eq_ix, &eqn);
 	if (err)
 		return err;
 
@@ -1977,9 +1969,8 @@ static int mlx5e_open_channel(struct mlx5e_priv *priv, int ix,
 	struct mlx5e_channel *c;
 	unsigned int irq;
 	int err;
-	int eqn;
 
-	err = mlx5_vector2eqn(priv->mdev, ix, &eqn, &irq);
+	err = mlx5_vector2irqn(priv->mdev, ix, &irq);
 	if (err)
 		return err;
 
diff --git a/drivers/net/ethernet/mellanox/mlx5/core/eq.c b/drivers/net/ethernet/mellanox/mlx5/core/eq.c
index ccd53a7a2b80..4f4f79ca37a8 100644
--- a/drivers/net/ethernet/mellanox/mlx5/core/eq.c
+++ b/drivers/net/ethernet/mellanox/mlx5/core/eq.c
@@ -859,8 +859,8 @@ clean:
 	return err;
 }
 
-int mlx5_vector2eqn(struct mlx5_core_dev *dev, int vector, int *eqn,
-		    unsigned int *irqn)
+static int vector2eqnirqn(struct mlx5_core_dev *dev, int vector, int *eqn,
+			  unsigned int *irqn)
 {
 	struct mlx5_eq_table *table = dev->priv.eq_table;
 	struct mlx5_eq_comp *eq, *n;
@@ -869,8 +869,10 @@ int mlx5_vector2eqn(struct mlx5_core_dev *dev, int vector, int *eqn,
 
 	list_for_each_entry_safe(eq, n, &table->comp_eqs_list, list) {
 		if (i++ == vector) {
-			*eqn = eq->core.eqn;
-			*irqn = eq->core.irqn;
+			if (irqn)
+				*irqn = eq->core.irqn;
+			if (eqn)
+				*eqn = eq->core.eqn;
 			err = 0;
 			break;
 		}
@@ -878,8 +880,18 @@ int mlx5_vector2eqn(struct mlx5_core_dev *dev, int vector, int *eqn,
 
 	return err;
 }
+
+int mlx5_vector2eqn(struct mlx5_core_dev *dev, int vector, int *eqn)
+{
+	return vector2eqnirqn(dev, vector, eqn, NULL);
+}
 EXPORT_SYMBOL(mlx5_vector2eqn);
 
+int mlx5_vector2irqn(struct mlx5_core_dev *dev, int vector, unsigned int *irqn)
+{
+	return vector2eqnirqn(dev, vector, NULL, irqn);
+}
+
 unsigned int mlx5_comp_vectors_count(struct mlx5_core_dev *dev)
 {
 	return dev->priv.eq_table->num_comp_eqs;
diff --git a/drivers/net/ethernet/mellanox/mlx5/core/fpga/conn.c b/drivers/net/ethernet/mellanox/mlx5/core/fpga/conn.c
index 80da50e12915..a42bd493293a 100644
--- a/drivers/net/ethernet/mellanox/mlx5/core/fpga/conn.c
+++ b/drivers/net/ethernet/mellanox/mlx5/core/fpga/conn.c
@@ -417,7 +417,6 @@ static int mlx5_fpga_conn_create_cq(struct mlx5_fpga_conn *conn, int cq_size)
 	struct mlx5_wq_param wqp;
 	struct mlx5_cqe64 *cqe;
 	int inlen, err, eqn;
-	unsigned int irqn;
 	void *cqc, *in;
 	__be64 *pas;
 	u32 i;
@@ -446,7 +445,7 @@ static int mlx5_fpga_conn_create_cq(struct mlx5_fpga_conn *conn, int cq_size)
 		goto err_cqwq;
 	}
 
-	err = mlx5_vector2eqn(mdev, smp_processor_id(), &eqn, &irqn);
+	err = mlx5_vector2eqn(mdev, smp_processor_id(), &eqn);
 	if (err) {
 		kvfree(in);
 		goto err_cqwq;
@@ -476,7 +475,6 @@ static int mlx5_fpga_conn_create_cq(struct mlx5_fpga_conn *conn, int cq_size)
 	*conn->cq.mcq.arm_db    = 0;
 	conn->cq.mcq.vector     = 0;
 	conn->cq.mcq.comp       = mlx5_fpga_conn_cq_complete;
-	conn->cq.mcq.irqn       = irqn;
 	conn->cq.mcq.uar        = fdev->conn_res.uar;
 	tasklet_setup(&conn->cq.tasklet, mlx5_fpga_conn_cq_tasklet);
 
diff --git a/drivers/net/ethernet/mellanox/mlx5/core/lib/eq.h b/drivers/net/ethernet/mellanox/mlx5/core/lib/eq.h
index 81f2cc4ca1da..fa79e6e6a98a 100644
--- a/drivers/net/ethernet/mellanox/mlx5/core/lib/eq.h
+++ b/drivers/net/ethernet/mellanox/mlx5/core/lib/eq.h
@@ -98,4 +98,6 @@ void mlx5_core_eq_free_irqs(struct mlx5_core_dev *dev);
 struct cpu_rmap *mlx5_eq_table_get_rmap(struct mlx5_core_dev *dev);
 #endif
 
+int mlx5_vector2irqn(struct mlx5_core_dev *dev, int vector, unsigned int *irqn);
+
 #endif
diff --git a/drivers/net/ethernet/mellanox/mlx5/core/steering/dr_send.c b/drivers/net/ethernet/mellanox/mlx5/core/steering/dr_send.c
index 24dede1b0a20..ea3c6cf27db4 100644
--- a/drivers/net/ethernet/mellanox/mlx5/core/steering/dr_send.c
+++ b/drivers/net/ethernet/mellanox/mlx5/core/steering/dr_send.c
@@ -711,7 +711,6 @@ static struct mlx5dr_cq *dr_create_cq(struct mlx5_core_dev *mdev,
 	struct mlx5_cqe64 *cqe;
 	struct mlx5dr_cq *cq;
 	int inlen, err, eqn;
-	unsigned int irqn;
 	void *cqc, *in;
 	__be64 *pas;
 	int vector;
@@ -744,7 +743,7 @@ static struct mlx5dr_cq *dr_create_cq(struct mlx5_core_dev *mdev,
 		goto err_cqwq;
 
 	vector = raw_smp_processor_id() % mlx5_comp_vectors_count(mdev);
-	err = mlx5_vector2eqn(mdev, vector, &eqn, &irqn);
+	err = mlx5_vector2eqn(mdev, vector, &eqn);
 	if (err) {
 		kvfree(in);
 		goto err_cqwq;
@@ -780,7 +779,6 @@ static struct mlx5dr_cq *dr_create_cq(struct mlx5_core_dev *mdev,
 	*cq->mcq.arm_db = cpu_to_be32(2 << 28);
 
 	cq->mcq.vector = 0;
-	cq->mcq.irqn = irqn;
 	cq->mcq.uar = uar;
 
 	return cq;
diff --git a/drivers/vdpa/mlx5/net/mlx5_vnet.c b/drivers/vdpa/mlx5/net/mlx5_vnet.c
index fe7ed3212473..fbdc9468818d 100644
--- a/drivers/vdpa/mlx5/net/mlx5_vnet.c
+++ b/drivers/vdpa/mlx5/net/mlx5_vnet.c
@@ -511,7 +511,6 @@ static int cq_create(struct mlx5_vdpa_net *ndev, u16 idx, u32 num_ent)
 	void __iomem *uar_page = ndev->mvdev.res.uar->map;
 	u32 out[MLX5_ST_SZ_DW(create_cq_out)];
 	struct mlx5_vdpa_cq *vcq = &mvq->cq;
-	unsigned int irqn;
 	__be64 *pas;
 	int inlen;
 	void *cqc;
@@ -551,7 +550,7 @@ static int cq_create(struct mlx5_vdpa_net *ndev, u16 idx, u32 num_ent)
 	/* Use vector 0 by default. Consider adding code to choose least used
 	 * vector.
 	 */
-	err = mlx5_vector2eqn(mdev, 0, &eqn, &irqn);
+	err = mlx5_vector2eqn(mdev, 0, &eqn);
 	if (err)
 		goto err_vec;
 
diff --git a/include/linux/mlx5/driver.h b/include/linux/mlx5/driver.h
index add85094f9a5..41fbb4793394 100644
--- a/include/linux/mlx5/driver.h
+++ b/include/linux/mlx5/driver.h
@@ -981,8 +981,7 @@ void mlx5_unregister_debugfs(void);
 void mlx5_fill_page_array(struct mlx5_frag_buf *buf, __be64 *pas);
 void mlx5_fill_page_frag_array_perm(struct mlx5_frag_buf *buf, __be64 *pas, u8 perm);
 void mlx5_fill_page_frag_array(struct mlx5_frag_buf *frag_buf, __be64 *pas);
-int mlx5_vector2eqn(struct mlx5_core_dev *dev, int vector, int *eqn,
-		    unsigned int *irqn);
+int mlx5_vector2eqn(struct mlx5_core_dev *dev, int vector, int *eqn);
 int mlx5_core_attach_mcg(struct mlx5_core_dev *dev, union ib_gid *mgid, u32 qpn);
 int mlx5_core_detach_mcg(struct mlx5_core_dev *dev, union ib_gid *mgid, u32 qpn);
 
-- 
2.30.2




^ permalink raw reply related	[flat|nested] 112+ messages in thread

* [PATCH 5.10 49/96] net/mlx5: Fix return value from tracer initialization
  2021-08-16 13:01 [PATCH 5.10 00/96] 5.10.60-rc1 review Greg Kroah-Hartman
                   ` (47 preceding siblings ...)
  2021-08-16 13:01 ` [PATCH 5.10 48/96] net/mlx5: Synchronize correct IRQ when destroying CQ Greg Kroah-Hartman
@ 2021-08-16 13:01 ` Greg Kroah-Hartman
  2021-08-17 17:51   ` Pavel Machek
  2021-08-16 13:02 ` [PATCH 5.10 50/96] drm/meson: fix colour distortion from HDR set during vendor u-boot Greg Kroah-Hartman
                   ` (46 subsequent siblings)
  95 siblings, 1 reply; 112+ messages in thread
From: Greg Kroah-Hartman @ 2021-08-16 13:01 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Aya Levin, Moshe Shemesh,
	Tariq Toukan, Saeed Mahameed, Sasha Levin

From: Aya Levin <ayal@nvidia.com>

[ Upstream commit bd37c2888ccaa5ceb9895718f6909b247cc372e0 ]

Check return value of mlx5_fw_tracer_start(), set error path and fix
return value of mlx5_fw_tracer_init() accordingly.

Fixes: c71ad41ccb0c ("net/mlx5: FW tracer, events handling")
Signed-off-by: Aya Levin <ayal@nvidia.com>
Reviewed-by: Moshe Shemesh <moshe@nvidia.com>
Reviewed-by: Tariq Toukan <tariqt@nvidia.com>
Signed-off-by: Saeed Mahameed <saeedm@nvidia.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 .../net/ethernet/mellanox/mlx5/core/diag/fw_tracer.c  | 11 +++++++++--
 1 file changed, 9 insertions(+), 2 deletions(-)

diff --git a/drivers/net/ethernet/mellanox/mlx5/core/diag/fw_tracer.c b/drivers/net/ethernet/mellanox/mlx5/core/diag/fw_tracer.c
index 2eb022ad7fd0..3dfcb20e97c6 100644
--- a/drivers/net/ethernet/mellanox/mlx5/core/diag/fw_tracer.c
+++ b/drivers/net/ethernet/mellanox/mlx5/core/diag/fw_tracer.c
@@ -1019,12 +1019,19 @@ int mlx5_fw_tracer_init(struct mlx5_fw_tracer *tracer)
 	MLX5_NB_INIT(&tracer->nb, fw_tracer_event, DEVICE_TRACER);
 	mlx5_eq_notifier_register(dev, &tracer->nb);
 
-	mlx5_fw_tracer_start(tracer);
-
+	err = mlx5_fw_tracer_start(tracer);
+	if (err) {
+		mlx5_core_warn(dev, "FWTracer: Failed to start tracer %d\n", err);
+		goto err_notifier_unregister;
+	}
 	return 0;
 
+err_notifier_unregister:
+	mlx5_eq_notifier_unregister(dev, &tracer->nb);
+	mlx5_core_destroy_mkey(dev, &tracer->buff.mkey);
 err_dealloc_pd:
 	mlx5_core_dealloc_pd(dev, tracer->buff.pdn);
+	cancel_work_sync(&tracer->read_fw_strings_work);
 	return err;
 }
 
-- 
2.30.2




^ permalink raw reply related	[flat|nested] 112+ messages in thread

* [PATCH 5.10 50/96] drm/meson: fix colour distortion from HDR set during vendor u-boot
  2021-08-16 13:01 [PATCH 5.10 00/96] 5.10.60-rc1 review Greg Kroah-Hartman
                   ` (48 preceding siblings ...)
  2021-08-16 13:01 ` [PATCH 5.10 49/96] net/mlx5: Fix return value from tracer initialization Greg Kroah-Hartman
@ 2021-08-16 13:02 ` Greg Kroah-Hartman
  2021-08-16 13:02 ` [PATCH 5.10 51/96] net: dsa: microchip: Fix ksz_read64() Greg Kroah-Hartman
                   ` (45 subsequent siblings)
  95 siblings, 0 replies; 112+ messages in thread
From: Greg Kroah-Hartman @ 2021-08-16 13:02 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Mathias Steiger, Christian Hewitt,
	Neil Armstrong, Philip Milev, Sasha Levin

From: Christian Hewitt <christianshewitt@gmail.com>

[ Upstream commit bf33677a3c394bb8fddd48d3bbc97adf0262e045 ]

Add support for the OSD1 HDR registers so meson DRM can handle the HDR
properties set by Amlogic u-boot on G12A and newer devices which result
in blue/green/pink colour distortion to display output.

This takes the original patch submissions from Mathias [0] and [1] with
corrections for formatting and the missing description and attribution
needed for merge.

[0] https://lore.kernel.org/linux-amlogic/59dfd7e6-fc91-3d61-04c4-94e078a3188c@baylibre.com/T/
[1] https://lore.kernel.org/linux-amlogic/CAOKfEHBx_fboUqkENEMd-OC-NSrf46nto+vDLgvgttzPe99kXg@mail.gmail.com/T/#u

Fixes: 728883948b0d ("drm/meson: Add G12A Support for VIU setup")
Suggested-by: Mathias Steiger <mathias.steiger@googlemail.com>
Signed-off-by: Christian Hewitt <christianshewitt@gmail.com>
Tested-by: Neil Armstrong <narmstrong@baylibre.com>
Tested-by: Philip Milev <milev.philip@gmail.com>
[narmsrong: adding missing space on second tested-by tag]
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
Link: https://patchwork.freedesktop.org/patch/msgid/20210806094005.7136-1-christianshewitt@gmail.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 drivers/gpu/drm/meson/meson_registers.h | 5 +++++
 drivers/gpu/drm/meson/meson_viu.c       | 7 ++++++-
 2 files changed, 11 insertions(+), 1 deletion(-)

diff --git a/drivers/gpu/drm/meson/meson_registers.h b/drivers/gpu/drm/meson/meson_registers.h
index 446e7961da48..0f3cafab8860 100644
--- a/drivers/gpu/drm/meson/meson_registers.h
+++ b/drivers/gpu/drm/meson/meson_registers.h
@@ -634,6 +634,11 @@
 #define VPP_WRAP_OSD3_MATRIX_PRE_OFFSET2 0x3dbc
 #define VPP_WRAP_OSD3_MATRIX_EN_CTRL 0x3dbd
 
+/* osd1 HDR */
+#define OSD1_HDR2_CTRL 0x38a0
+#define OSD1_HDR2_CTRL_VDIN0_HDR2_TOP_EN       BIT(13)
+#define OSD1_HDR2_CTRL_REG_ONLY_MAT            BIT(16)
+
 /* osd2 scaler */
 #define OSD2_VSC_PHASE_STEP 0x3d00
 #define OSD2_VSC_INI_PHASE 0x3d01
diff --git a/drivers/gpu/drm/meson/meson_viu.c b/drivers/gpu/drm/meson/meson_viu.c
index aede0c67a57f..259f3e6bec90 100644
--- a/drivers/gpu/drm/meson/meson_viu.c
+++ b/drivers/gpu/drm/meson/meson_viu.c
@@ -425,9 +425,14 @@ void meson_viu_init(struct meson_drm *priv)
 	if (meson_vpu_is_compatible(priv, VPU_COMPATIBLE_GXM) ||
 	    meson_vpu_is_compatible(priv, VPU_COMPATIBLE_GXL))
 		meson_viu_load_matrix(priv);
-	else if (meson_vpu_is_compatible(priv, VPU_COMPATIBLE_G12A))
+	else if (meson_vpu_is_compatible(priv, VPU_COMPATIBLE_G12A)) {
 		meson_viu_set_g12a_osd1_matrix(priv, RGB709_to_YUV709l_coeff,
 					       true);
+		/* fix green/pink color distortion from vendor u-boot */
+		writel_bits_relaxed(OSD1_HDR2_CTRL_REG_ONLY_MAT |
+				OSD1_HDR2_CTRL_VDIN0_HDR2_TOP_EN, 0,
+				priv->io_base + _REG(OSD1_HDR2_CTRL));
+	}
 
 	/* Initialize OSD1 fifo control register */
 	reg = VIU_OSD_DDR_PRIORITY_URGENT |
-- 
2.30.2




^ permalink raw reply related	[flat|nested] 112+ messages in thread

* [PATCH 5.10 51/96] net: dsa: microchip: Fix ksz_read64()
  2021-08-16 13:01 [PATCH 5.10 00/96] 5.10.60-rc1 review Greg Kroah-Hartman
                   ` (49 preceding siblings ...)
  2021-08-16 13:02 ` [PATCH 5.10 50/96] drm/meson: fix colour distortion from HDR set during vendor u-boot Greg Kroah-Hartman
@ 2021-08-16 13:02 ` Greg Kroah-Hartman
  2021-08-17 17:56   ` Pavel Machek
  2021-08-16 13:02 ` [PATCH 5.10 52/96] net: dsa: microchip: ksz8795: Fix VLAN filtering Greg Kroah-Hartman
                   ` (44 subsequent siblings)
  95 siblings, 1 reply; 112+ messages in thread
From: Greg Kroah-Hartman @ 2021-08-16 13:02 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Ben Hutchings, David S. Miller, Sasha Levin

From: Ben Hutchings <ben.hutchings@mind.be>

[ Upstream commit c34f674c8875235725c3ef86147a627f165d23b4 ]

ksz_read64() currently does some dubious byte-swapping on the two
halves of a 64-bit register, and then only returns the high bits.
Replace this with a straightforward expression.

Fixes: e66f840c08a2 ("net: dsa: ksz: Add Microchip KSZ8795 DSA driver")
Signed-off-by: Ben Hutchings <ben.hutchings@mind.be>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 drivers/net/dsa/microchip/ksz_common.h | 8 ++------
 1 file changed, 2 insertions(+), 6 deletions(-)

diff --git a/drivers/net/dsa/microchip/ksz_common.h b/drivers/net/dsa/microchip/ksz_common.h
index cf866e48ff66..a51c716ec920 100644
--- a/drivers/net/dsa/microchip/ksz_common.h
+++ b/drivers/net/dsa/microchip/ksz_common.h
@@ -210,12 +210,8 @@ static inline int ksz_read64(struct ksz_device *dev, u32 reg, u64 *val)
 	int ret;
 
 	ret = regmap_bulk_read(dev->regmap[2], reg, value, 2);
-	if (!ret) {
-		/* Ick! ToDo: Add 64bit R/W to regmap on 32bit systems */
-		value[0] = swab32(value[0]);
-		value[1] = swab32(value[1]);
-		*val = swab64((u64)*value);
-	}
+	if (!ret)
+		*val = (u64)value[0] << 32 | value[1];
 
 	return ret;
 }
-- 
2.30.2




^ permalink raw reply related	[flat|nested] 112+ messages in thread

* [PATCH 5.10 52/96] net: dsa: microchip: ksz8795: Fix VLAN filtering
  2021-08-16 13:01 [PATCH 5.10 00/96] 5.10.60-rc1 review Greg Kroah-Hartman
                   ` (50 preceding siblings ...)
  2021-08-16 13:02 ` [PATCH 5.10 51/96] net: dsa: microchip: Fix ksz_read64() Greg Kroah-Hartman
@ 2021-08-16 13:02 ` Greg Kroah-Hartman
  2021-08-16 13:28   ` Ben Hutchings
  2021-08-16 13:02 ` [PATCH 5.10 53/96] net: Fix memory leak in ieee802154_raw_deliver Greg Kroah-Hartman
                   ` (43 subsequent siblings)
  95 siblings, 1 reply; 112+ messages in thread
From: Greg Kroah-Hartman @ 2021-08-16 13:02 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Ben Hutchings, David S. Miller, Sasha Levin

From: Ben Hutchings <ben.hutchings@mind.be>

[ Upstream commit 164844135a3f215d3018ee9d6875336beb942413 ]

Currently ksz8_port_vlan_filtering() sets or clears the VLAN Enable
hardware flag.  That controls discarding of packets with a VID that
has not been enabled for any port on the switch.

Since it is a global flag, set the dsa_switch::vlan_filtering_is_global
flag so that the DSA core understands this can't be controlled per
port.

When VLAN filtering is enabled, the switch should also discard packets
with a VID that's not enabled on the ingress port.  Set or clear each
external port's VLAN Ingress Filter flag in ksz8_port_vlan_filtering()
to make that happen.

Fixes: e66f840c08a2 ("net: dsa: ksz: Add Microchip KSZ8795 DSA driver")
Signed-off-by: Ben Hutchings <ben.hutchings@mind.be>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 drivers/net/dsa/microchip/ksz8795.c | 11 +++++++++++
 1 file changed, 11 insertions(+)

diff --git a/drivers/net/dsa/microchip/ksz8795.c b/drivers/net/dsa/microchip/ksz8795.c
index 1e101ab56cea..108a14db1f1a 100644
--- a/drivers/net/dsa/microchip/ksz8795.c
+++ b/drivers/net/dsa/microchip/ksz8795.c
@@ -790,8 +790,14 @@ static int ksz8795_port_vlan_filtering(struct dsa_switch *ds, int port,
 	if (switchdev_trans_ph_prepare(trans))
 		return 0;
 
+	/* Discard packets with VID not enabled on the switch */
 	ksz_cfg(dev, S_MIRROR_CTRL, SW_VLAN_ENABLE, flag);
 
+	/* Discard packets with VID not enabled on the ingress port */
+	for (port = 0; port < dev->phy_port_cnt; ++port)
+		ksz_port_cfg(dev, port, REG_PORT_CTRL_2, PORT_INGRESS_FILTER,
+			     flag);
+
 	return 0;
 }
 
@@ -1266,6 +1272,11 @@ static int ksz8795_switch_init(struct ksz_device *dev)
 	/* set the real number of ports */
 	dev->ds->num_ports = dev->port_cnt + 1;
 
+	/* VLAN filtering is partly controlled by the global VLAN
+	 * Enable flag
+	 */
+	dev->ds->vlan_filtering_is_global = true;
+
 	return 0;
 }
 
-- 
2.30.2




^ permalink raw reply related	[flat|nested] 112+ messages in thread

* [PATCH 5.10 53/96] net: Fix memory leak in ieee802154_raw_deliver
  2021-08-16 13:01 [PATCH 5.10 00/96] 5.10.60-rc1 review Greg Kroah-Hartman
                   ` (51 preceding siblings ...)
  2021-08-16 13:02 ` [PATCH 5.10 52/96] net: dsa: microchip: ksz8795: Fix VLAN filtering Greg Kroah-Hartman
@ 2021-08-16 13:02 ` Greg Kroah-Hartman
  2021-08-16 13:02 ` [PATCH 5.10 54/96] net: igmp: fix data-race in igmp_ifc_timer_expire() Greg Kroah-Hartman
                   ` (42 subsequent siblings)
  95 siblings, 0 replies; 112+ messages in thread
From: Greg Kroah-Hartman @ 2021-08-16 13:02 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Takeshi Misawa, Alexander Aring,
	Stefan Schmidt, Sasha Levin, syzbot+1f68113fa907bf0695a8

From: Takeshi Misawa <jeliantsurux@gmail.com>

[ Upstream commit 1090340f7ee53e824fd4eef66a4855d548110c5b ]

If IEEE-802.15.4-RAW is closed before receive skb, skb is leaked.
Fix this, by freeing sk_receive_queue in sk->sk_destruct().

syzbot report:
BUG: memory leak
unreferenced object 0xffff88810f644600 (size 232):
  comm "softirq", pid 0, jiffies 4294967032 (age 81.270s)
  hex dump (first 32 bytes):
    10 7d 4b 12 81 88 ff ff 10 7d 4b 12 81 88 ff ff  .}K......}K.....
    00 00 00 00 00 00 00 00 40 7c 4b 12 81 88 ff ff  ........@|K.....
  backtrace:
    [<ffffffff83651d4a>] skb_clone+0xaa/0x2b0 net/core/skbuff.c:1496
    [<ffffffff83fe1b80>] ieee802154_raw_deliver net/ieee802154/socket.c:369 [inline]
    [<ffffffff83fe1b80>] ieee802154_rcv+0x100/0x340 net/ieee802154/socket.c:1070
    [<ffffffff8367cc7a>] __netif_receive_skb_one_core+0x6a/0xa0 net/core/dev.c:5384
    [<ffffffff8367cd07>] __netif_receive_skb+0x27/0xa0 net/core/dev.c:5498
    [<ffffffff8367cdd9>] netif_receive_skb_internal net/core/dev.c:5603 [inline]
    [<ffffffff8367cdd9>] netif_receive_skb+0x59/0x260 net/core/dev.c:5662
    [<ffffffff83fe6302>] ieee802154_deliver_skb net/mac802154/rx.c:29 [inline]
    [<ffffffff83fe6302>] ieee802154_subif_frame net/mac802154/rx.c:102 [inline]
    [<ffffffff83fe6302>] __ieee802154_rx_handle_packet net/mac802154/rx.c:212 [inline]
    [<ffffffff83fe6302>] ieee802154_rx+0x612/0x620 net/mac802154/rx.c:284
    [<ffffffff83fe59a6>] ieee802154_tasklet_handler+0x86/0xa0 net/mac802154/main.c:35
    [<ffffffff81232aab>] tasklet_action_common.constprop.0+0x5b/0x100 kernel/softirq.c:557
    [<ffffffff846000bf>] __do_softirq+0xbf/0x2ab kernel/softirq.c:345
    [<ffffffff81232f4c>] do_softirq kernel/softirq.c:248 [inline]
    [<ffffffff81232f4c>] do_softirq+0x5c/0x80 kernel/softirq.c:235
    [<ffffffff81232fc1>] __local_bh_enable_ip+0x51/0x60 kernel/softirq.c:198
    [<ffffffff8367a9a4>] local_bh_enable include/linux/bottom_half.h:32 [inline]
    [<ffffffff8367a9a4>] rcu_read_unlock_bh include/linux/rcupdate.h:745 [inline]
    [<ffffffff8367a9a4>] __dev_queue_xmit+0x7f4/0xf60 net/core/dev.c:4221
    [<ffffffff83fe2db4>] raw_sendmsg+0x1f4/0x2b0 net/ieee802154/socket.c:295
    [<ffffffff8363af16>] sock_sendmsg_nosec net/socket.c:654 [inline]
    [<ffffffff8363af16>] sock_sendmsg+0x56/0x80 net/socket.c:674
    [<ffffffff8363deec>] __sys_sendto+0x15c/0x200 net/socket.c:1977
    [<ffffffff8363dfb6>] __do_sys_sendto net/socket.c:1989 [inline]
    [<ffffffff8363dfb6>] __se_sys_sendto net/socket.c:1985 [inline]
    [<ffffffff8363dfb6>] __x64_sys_sendto+0x26/0x30 net/socket.c:1985

Fixes: 9ec767160357 ("net: add IEEE 802.15.4 socket family implementation")
Reported-and-tested-by: syzbot+1f68113fa907bf0695a8@syzkaller.appspotmail.com
Signed-off-by: Takeshi Misawa <jeliantsurux@gmail.com>
Acked-by: Alexander Aring <aahringo@redhat.com>
Link: https://lore.kernel.org/r/20210805075414.GA15796@DESKTOP
Signed-off-by: Stefan Schmidt <stefan@datenfreihafen.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 net/ieee802154/socket.c | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/net/ieee802154/socket.c b/net/ieee802154/socket.c
index a45a0401adc5..c25f7617770c 100644
--- a/net/ieee802154/socket.c
+++ b/net/ieee802154/socket.c
@@ -984,6 +984,11 @@ static const struct proto_ops ieee802154_dgram_ops = {
 	.sendpage	   = sock_no_sendpage,
 };
 
+static void ieee802154_sock_destruct(struct sock *sk)
+{
+	skb_queue_purge(&sk->sk_receive_queue);
+}
+
 /* Create a socket. Initialise the socket, blank the addresses
  * set the state.
  */
@@ -1024,7 +1029,7 @@ static int ieee802154_create(struct net *net, struct socket *sock,
 	sock->ops = ops;
 
 	sock_init_data(sock, sk);
-	/* FIXME: sk->sk_destruct */
+	sk->sk_destruct = ieee802154_sock_destruct;
 	sk->sk_family = PF_IEEE802154;
 
 	/* Checksums on by default */
-- 
2.30.2




^ permalink raw reply related	[flat|nested] 112+ messages in thread

* [PATCH 5.10 54/96] net: igmp: fix data-race in igmp_ifc_timer_expire()
  2021-08-16 13:01 [PATCH 5.10 00/96] 5.10.60-rc1 review Greg Kroah-Hartman
                   ` (52 preceding siblings ...)
  2021-08-16 13:02 ` [PATCH 5.10 53/96] net: Fix memory leak in ieee802154_raw_deliver Greg Kroah-Hartman
@ 2021-08-16 13:02 ` Greg Kroah-Hartman
  2021-08-16 13:02 ` [PATCH 5.10 55/96] net: dsa: lan9303: fix broken backpressure in .port_fdb_dump Greg Kroah-Hartman
                   ` (41 subsequent siblings)
  95 siblings, 0 replies; 112+ messages in thread
From: Greg Kroah-Hartman @ 2021-08-16 13:02 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Eric Dumazet, syzbot,
	David S. Miller, Sasha Levin

From: Eric Dumazet <edumazet@google.com>

[ Upstream commit 4a2b285e7e103d4d6c6ed3e5052a0ff74a5d7f15 ]

Fix the data-race reported by syzbot [1]
Issue here is that igmp_ifc_timer_expire() can update in_dev->mr_ifc_count
while another change just occured from another context.

in_dev->mr_ifc_count is only 8bit wide, so the race had little
consequences.

[1]
BUG: KCSAN: data-race in igmp_ifc_event / igmp_ifc_timer_expire

write to 0xffff8881051e3062 of 1 bytes by task 12547 on cpu 0:
 igmp_ifc_event+0x1d5/0x290 net/ipv4/igmp.c:821
 igmp_group_added+0x462/0x490 net/ipv4/igmp.c:1356
 ____ip_mc_inc_group+0x3ff/0x500 net/ipv4/igmp.c:1461
 __ip_mc_join_group+0x24d/0x2c0 net/ipv4/igmp.c:2199
 ip_mc_join_group_ssm+0x20/0x30 net/ipv4/igmp.c:2218
 do_ip_setsockopt net/ipv4/ip_sockglue.c:1285 [inline]
 ip_setsockopt+0x1827/0x2a80 net/ipv4/ip_sockglue.c:1423
 tcp_setsockopt+0x8c/0xa0 net/ipv4/tcp.c:3657
 sock_common_setsockopt+0x5d/0x70 net/core/sock.c:3362
 __sys_setsockopt+0x18f/0x200 net/socket.c:2159
 __do_sys_setsockopt net/socket.c:2170 [inline]
 __se_sys_setsockopt net/socket.c:2167 [inline]
 __x64_sys_setsockopt+0x62/0x70 net/socket.c:2167
 do_syscall_x64 arch/x86/entry/common.c:50 [inline]
 do_syscall_64+0x3d/0x90 arch/x86/entry/common.c:80
 entry_SYSCALL_64_after_hwframe+0x44/0xae

read to 0xffff8881051e3062 of 1 bytes by interrupt on cpu 1:
 igmp_ifc_timer_expire+0x706/0xa30 net/ipv4/igmp.c:808
 call_timer_fn+0x2e/0x1d0 kernel/time/timer.c:1419
 expire_timers+0x135/0x250 kernel/time/timer.c:1464
 __run_timers+0x358/0x420 kernel/time/timer.c:1732
 run_timer_softirq+0x19/0x30 kernel/time/timer.c:1745
 __do_softirq+0x12c/0x26e kernel/softirq.c:558
 invoke_softirq kernel/softirq.c:432 [inline]
 __irq_exit_rcu+0x9a/0xb0 kernel/softirq.c:636
 sysvec_apic_timer_interrupt+0x69/0x80 arch/x86/kernel/apic/apic.c:1100
 asm_sysvec_apic_timer_interrupt+0x12/0x20 arch/x86/include/asm/idtentry.h:638
 console_unlock+0x8e8/0xb30 kernel/printk/printk.c:2646
 vprintk_emit+0x125/0x3d0 kernel/printk/printk.c:2174
 vprintk_default+0x22/0x30 kernel/printk/printk.c:2185
 vprintk+0x15a/0x170 kernel/printk/printk_safe.c:392
 printk+0x62/0x87 kernel/printk/printk.c:2216
 selinux_netlink_send+0x399/0x400 security/selinux/hooks.c:6041
 security_netlink_send+0x42/0x90 security/security.c:2070
 netlink_sendmsg+0x59e/0x7c0 net/netlink/af_netlink.c:1919
 sock_sendmsg_nosec net/socket.c:703 [inline]
 sock_sendmsg net/socket.c:723 [inline]
 ____sys_sendmsg+0x360/0x4d0 net/socket.c:2392
 ___sys_sendmsg net/socket.c:2446 [inline]
 __sys_sendmsg+0x1ed/0x270 net/socket.c:2475
 __do_sys_sendmsg net/socket.c:2484 [inline]
 __se_sys_sendmsg net/socket.c:2482 [inline]
 __x64_sys_sendmsg+0x42/0x50 net/socket.c:2482
 do_syscall_x64 arch/x86/entry/common.c:50 [inline]
 do_syscall_64+0x3d/0x90 arch/x86/entry/common.c:80
 entry_SYSCALL_64_after_hwframe+0x44/0xae

value changed: 0x01 -> 0x02

Reported by Kernel Concurrency Sanitizer on:
CPU: 1 PID: 12539 Comm: syz-executor.1 Not tainted 5.14.0-rc4-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011

Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2")
Signed-off-by: Eric Dumazet <edumazet@google.com>
Reported-by: syzbot <syzkaller@googlegroups.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 net/ipv4/igmp.c | 21 ++++++++++++++-------
 1 file changed, 14 insertions(+), 7 deletions(-)

diff --git a/net/ipv4/igmp.c b/net/ipv4/igmp.c
index 6b3c558a4f23..a51360087b19 100644
--- a/net/ipv4/igmp.c
+++ b/net/ipv4/igmp.c
@@ -803,10 +803,17 @@ static void igmp_gq_timer_expire(struct timer_list *t)
 static void igmp_ifc_timer_expire(struct timer_list *t)
 {
 	struct in_device *in_dev = from_timer(in_dev, t, mr_ifc_timer);
+	u8 mr_ifc_count;
 
 	igmpv3_send_cr(in_dev);
-	if (in_dev->mr_ifc_count) {
-		in_dev->mr_ifc_count--;
+restart:
+	mr_ifc_count = READ_ONCE(in_dev->mr_ifc_count);
+
+	if (mr_ifc_count) {
+		if (cmpxchg(&in_dev->mr_ifc_count,
+			    mr_ifc_count,
+			    mr_ifc_count - 1) != mr_ifc_count)
+			goto restart;
 		igmp_ifc_start_timer(in_dev,
 				     unsolicited_report_interval(in_dev));
 	}
@@ -818,7 +825,7 @@ static void igmp_ifc_event(struct in_device *in_dev)
 	struct net *net = dev_net(in_dev->dev);
 	if (IGMP_V1_SEEN(in_dev) || IGMP_V2_SEEN(in_dev))
 		return;
-	in_dev->mr_ifc_count = in_dev->mr_qrv ?: net->ipv4.sysctl_igmp_qrv;
+	WRITE_ONCE(in_dev->mr_ifc_count, in_dev->mr_qrv ?: net->ipv4.sysctl_igmp_qrv);
 	igmp_ifc_start_timer(in_dev, 1);
 }
 
@@ -957,7 +964,7 @@ static bool igmp_heard_query(struct in_device *in_dev, struct sk_buff *skb,
 				in_dev->mr_qri;
 		}
 		/* cancel the interface change timer */
-		in_dev->mr_ifc_count = 0;
+		WRITE_ONCE(in_dev->mr_ifc_count, 0);
 		if (del_timer(&in_dev->mr_ifc_timer))
 			__in_dev_put(in_dev);
 		/* clear deleted report items */
@@ -1724,7 +1731,7 @@ void ip_mc_down(struct in_device *in_dev)
 		igmp_group_dropped(pmc);
 
 #ifdef CONFIG_IP_MULTICAST
-	in_dev->mr_ifc_count = 0;
+	WRITE_ONCE(in_dev->mr_ifc_count, 0);
 	if (del_timer(&in_dev->mr_ifc_timer))
 		__in_dev_put(in_dev);
 	in_dev->mr_gq_running = 0;
@@ -1941,7 +1948,7 @@ static int ip_mc_del_src(struct in_device *in_dev, __be32 *pmca, int sfmode,
 		pmc->sfmode = MCAST_INCLUDE;
 #ifdef CONFIG_IP_MULTICAST
 		pmc->crcount = in_dev->mr_qrv ?: net->ipv4.sysctl_igmp_qrv;
-		in_dev->mr_ifc_count = pmc->crcount;
+		WRITE_ONCE(in_dev->mr_ifc_count, pmc->crcount);
 		for (psf = pmc->sources; psf; psf = psf->sf_next)
 			psf->sf_crcount = 0;
 		igmp_ifc_event(pmc->interface);
@@ -2120,7 +2127,7 @@ static int ip_mc_add_src(struct in_device *in_dev, __be32 *pmca, int sfmode,
 		/* else no filters; keep old mode for reports */
 
 		pmc->crcount = in_dev->mr_qrv ?: net->ipv4.sysctl_igmp_qrv;
-		in_dev->mr_ifc_count = pmc->crcount;
+		WRITE_ONCE(in_dev->mr_ifc_count, pmc->crcount);
 		for (psf = pmc->sources; psf; psf = psf->sf_next)
 			psf->sf_crcount = 0;
 		igmp_ifc_event(in_dev);
-- 
2.30.2




^ permalink raw reply related	[flat|nested] 112+ messages in thread

* [PATCH 5.10 55/96] net: dsa: lan9303: fix broken backpressure in .port_fdb_dump
  2021-08-16 13:01 [PATCH 5.10 00/96] 5.10.60-rc1 review Greg Kroah-Hartman
                   ` (53 preceding siblings ...)
  2021-08-16 13:02 ` [PATCH 5.10 54/96] net: igmp: fix data-race in igmp_ifc_timer_expire() Greg Kroah-Hartman
@ 2021-08-16 13:02 ` Greg Kroah-Hartman
  2021-08-16 13:02 ` [PATCH 5.10 56/96] net: dsa: lantiq: " Greg Kroah-Hartman
                   ` (40 subsequent siblings)
  95 siblings, 0 replies; 112+ messages in thread
From: Greg Kroah-Hartman @ 2021-08-16 13:02 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Vladimir Oltean, David S. Miller,
	Sasha Levin

From: Vladimir Oltean <vladimir.oltean@nxp.com>

[ Upstream commit ada2fee185d8145afb89056558bb59545b9dbdd0 ]

rtnl_fdb_dump() has logic to split a dump of PF_BRIDGE neighbors into
multiple netlink skbs if the buffer provided by user space is too small
(one buffer will typically handle a few hundred FDB entries).

When the current buffer becomes full, nlmsg_put() in
dsa_slave_port_fdb_do_dump() returns -EMSGSIZE and DSA saves the index
of the last dumped FDB entry, returns to rtnl_fdb_dump() up to that
point, and then the dump resumes on the same port with a new skb, and
FDB entries up to the saved index are simply skipped.

Since dsa_slave_port_fdb_do_dump() is pointed to by the "cb" passed to
drivers, then drivers must check for the -EMSGSIZE error code returned
by it. Otherwise, when a netlink skb becomes full, DSA will no longer
save newly dumped FDB entries to it, but the driver will continue
dumping. So FDB entries will be missing from the dump.

Fix the broken backpressure by propagating the "cb" return code and
allow rtnl_fdb_dump() to restart the FDB dump with a new skb.

Fixes: ab335349b852 ("net: dsa: lan9303: Add port_fast_age and port_fdb_dump methods")
Signed-off-by: Vladimir Oltean <vladimir.oltean@nxp.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 drivers/net/dsa/lan9303-core.c | 34 +++++++++++++++++++---------------
 1 file changed, 19 insertions(+), 15 deletions(-)

diff --git a/drivers/net/dsa/lan9303-core.c b/drivers/net/dsa/lan9303-core.c
index aa1142d6a9f5..dcf1fc89451f 100644
--- a/drivers/net/dsa/lan9303-core.c
+++ b/drivers/net/dsa/lan9303-core.c
@@ -557,12 +557,12 @@ static int lan9303_alr_make_entry_raw(struct lan9303 *chip, u32 dat0, u32 dat1)
 	return 0;
 }
 
-typedef void alr_loop_cb_t(struct lan9303 *chip, u32 dat0, u32 dat1,
-			   int portmap, void *ctx);
+typedef int alr_loop_cb_t(struct lan9303 *chip, u32 dat0, u32 dat1,
+			  int portmap, void *ctx);
 
-static void lan9303_alr_loop(struct lan9303 *chip, alr_loop_cb_t *cb, void *ctx)
+static int lan9303_alr_loop(struct lan9303 *chip, alr_loop_cb_t *cb, void *ctx)
 {
-	int i;
+	int ret = 0, i;
 
 	mutex_lock(&chip->alr_mutex);
 	lan9303_write_switch_reg(chip, LAN9303_SWE_ALR_CMD,
@@ -582,13 +582,17 @@ static void lan9303_alr_loop(struct lan9303 *chip, alr_loop_cb_t *cb, void *ctx)
 						LAN9303_ALR_DAT1_PORT_BITOFFS;
 		portmap = alrport_2_portmap[alrport];
 
-		cb(chip, dat0, dat1, portmap, ctx);
+		ret = cb(chip, dat0, dat1, portmap, ctx);
+		if (ret)
+			break;
 
 		lan9303_write_switch_reg(chip, LAN9303_SWE_ALR_CMD,
 					 LAN9303_ALR_CMD_GET_NEXT);
 		lan9303_write_switch_reg(chip, LAN9303_SWE_ALR_CMD, 0);
 	}
 	mutex_unlock(&chip->alr_mutex);
+
+	return ret;
 }
 
 static void alr_reg_to_mac(u32 dat0, u32 dat1, u8 mac[6])
@@ -606,18 +610,20 @@ struct del_port_learned_ctx {
 };
 
 /* Clear learned (non-static) entry on given port */
-static void alr_loop_cb_del_port_learned(struct lan9303 *chip, u32 dat0,
-					 u32 dat1, int portmap, void *ctx)
+static int alr_loop_cb_del_port_learned(struct lan9303 *chip, u32 dat0,
+					u32 dat1, int portmap, void *ctx)
 {
 	struct del_port_learned_ctx *del_ctx = ctx;
 	int port = del_ctx->port;
 
 	if (((BIT(port) & portmap) == 0) || (dat1 & LAN9303_ALR_DAT1_STATIC))
-		return;
+		return 0;
 
 	/* learned entries has only one port, we can just delete */
 	dat1 &= ~LAN9303_ALR_DAT1_VALID; /* delete entry */
 	lan9303_alr_make_entry_raw(chip, dat0, dat1);
+
+	return 0;
 }
 
 struct port_fdb_dump_ctx {
@@ -626,19 +632,19 @@ struct port_fdb_dump_ctx {
 	dsa_fdb_dump_cb_t *cb;
 };
 
-static void alr_loop_cb_fdb_port_dump(struct lan9303 *chip, u32 dat0,
-				      u32 dat1, int portmap, void *ctx)
+static int alr_loop_cb_fdb_port_dump(struct lan9303 *chip, u32 dat0,
+				     u32 dat1, int portmap, void *ctx)
 {
 	struct port_fdb_dump_ctx *dump_ctx = ctx;
 	u8 mac[ETH_ALEN];
 	bool is_static;
 
 	if ((BIT(dump_ctx->port) & portmap) == 0)
-		return;
+		return 0;
 
 	alr_reg_to_mac(dat0, dat1, mac);
 	is_static = !!(dat1 & LAN9303_ALR_DAT1_STATIC);
-	dump_ctx->cb(mac, 0, is_static, dump_ctx->data);
+	return dump_ctx->cb(mac, 0, is_static, dump_ctx->data);
 }
 
 /* Set a static ALR entry. Delete entry if port_map is zero */
@@ -1210,9 +1216,7 @@ static int lan9303_port_fdb_dump(struct dsa_switch *ds, int port,
 	};
 
 	dev_dbg(chip->dev, "%s(%d)\n", __func__, port);
-	lan9303_alr_loop(chip, alr_loop_cb_fdb_port_dump, &dump_ctx);
-
-	return 0;
+	return lan9303_alr_loop(chip, alr_loop_cb_fdb_port_dump, &dump_ctx);
 }
 
 static int lan9303_port_mdb_prepare(struct dsa_switch *ds, int port,
-- 
2.30.2




^ permalink raw reply related	[flat|nested] 112+ messages in thread

* [PATCH 5.10 56/96] net: dsa: lantiq: fix broken backpressure in .port_fdb_dump
  2021-08-16 13:01 [PATCH 5.10 00/96] 5.10.60-rc1 review Greg Kroah-Hartman
                   ` (54 preceding siblings ...)
  2021-08-16 13:02 ` [PATCH 5.10 55/96] net: dsa: lan9303: fix broken backpressure in .port_fdb_dump Greg Kroah-Hartman
@ 2021-08-16 13:02 ` Greg Kroah-Hartman
  2021-08-16 13:02 ` [PATCH 5.10 57/96] net: dsa: sja1105: " Greg Kroah-Hartman
                   ` (39 subsequent siblings)
  95 siblings, 0 replies; 112+ messages in thread
From: Greg Kroah-Hartman @ 2021-08-16 13:02 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Vladimir Oltean, David S. Miller,
	Sasha Levin

From: Vladimir Oltean <vladimir.oltean@nxp.com>

[ Upstream commit 871a73a1c8f55da0a3db234e9dd816ea4fd546f2 ]

rtnl_fdb_dump() has logic to split a dump of PF_BRIDGE neighbors into
multiple netlink skbs if the buffer provided by user space is too small
(one buffer will typically handle a few hundred FDB entries).

When the current buffer becomes full, nlmsg_put() in
dsa_slave_port_fdb_do_dump() returns -EMSGSIZE and DSA saves the index
of the last dumped FDB entry, returns to rtnl_fdb_dump() up to that
point, and then the dump resumes on the same port with a new skb, and
FDB entries up to the saved index are simply skipped.

Since dsa_slave_port_fdb_do_dump() is pointed to by the "cb" passed to
drivers, then drivers must check for the -EMSGSIZE error code returned
by it. Otherwise, when a netlink skb becomes full, DSA will no longer
save newly dumped FDB entries to it, but the driver will continue
dumping. So FDB entries will be missing from the dump.

Fix the broken backpressure by propagating the "cb" return code and
allow rtnl_fdb_dump() to restart the FDB dump with a new skb.

Fixes: 58c59ef9e930 ("net: dsa: lantiq: Add Forwarding Database access")
Signed-off-by: Vladimir Oltean <vladimir.oltean@nxp.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 drivers/net/dsa/lantiq_gswip.c | 14 ++++++++++----
 1 file changed, 10 insertions(+), 4 deletions(-)

diff --git a/drivers/net/dsa/lantiq_gswip.c b/drivers/net/dsa/lantiq_gswip.c
index 93c7fa1fd4cb..a455534740cd 100644
--- a/drivers/net/dsa/lantiq_gswip.c
+++ b/drivers/net/dsa/lantiq_gswip.c
@@ -1416,11 +1416,17 @@ static int gswip_port_fdb_dump(struct dsa_switch *ds, int port,
 		addr[1] = mac_bridge.key[2] & 0xff;
 		addr[0] = (mac_bridge.key[2] >> 8) & 0xff;
 		if (mac_bridge.val[1] & GSWIP_TABLE_MAC_BRIDGE_STATIC) {
-			if (mac_bridge.val[0] & BIT(port))
-				cb(addr, 0, true, data);
+			if (mac_bridge.val[0] & BIT(port)) {
+				err = cb(addr, 0, true, data);
+				if (err)
+					return err;
+			}
 		} else {
-			if (((mac_bridge.val[0] & GENMASK(7, 4)) >> 4) == port)
-				cb(addr, 0, false, data);
+			if (((mac_bridge.val[0] & GENMASK(7, 4)) >> 4) == port) {
+				err = cb(addr, 0, false, data);
+				if (err)
+					return err;
+			}
 		}
 	}
 	return 0;
-- 
2.30.2




^ permalink raw reply related	[flat|nested] 112+ messages in thread

* [PATCH 5.10 57/96] net: dsa: sja1105: fix broken backpressure in .port_fdb_dump
  2021-08-16 13:01 [PATCH 5.10 00/96] 5.10.60-rc1 review Greg Kroah-Hartman
                   ` (55 preceding siblings ...)
  2021-08-16 13:02 ` [PATCH 5.10 56/96] net: dsa: lantiq: " Greg Kroah-Hartman
@ 2021-08-16 13:02 ` Greg Kroah-Hartman
  2021-08-16 13:02 ` [PATCH 5.10 58/96] net: bridge: validate the NUD_PERMANENT bit when adding an extern_learn FDB entry Greg Kroah-Hartman
                   ` (38 subsequent siblings)
  95 siblings, 0 replies; 112+ messages in thread
From: Greg Kroah-Hartman @ 2021-08-16 13:02 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Vladimir Oltean, David S. Miller,
	Sasha Levin

From: Vladimir Oltean <vladimir.oltean@nxp.com>

[ Upstream commit 21b52fed928e96d2f75d2f6aa9eac7a4b0b55d22 ]

rtnl_fdb_dump() has logic to split a dump of PF_BRIDGE neighbors into
multiple netlink skbs if the buffer provided by user space is too small
(one buffer will typically handle a few hundred FDB entries).

When the current buffer becomes full, nlmsg_put() in
dsa_slave_port_fdb_do_dump() returns -EMSGSIZE and DSA saves the index
of the last dumped FDB entry, returns to rtnl_fdb_dump() up to that
point, and then the dump resumes on the same port with a new skb, and
FDB entries up to the saved index are simply skipped.

Since dsa_slave_port_fdb_do_dump() is pointed to by the "cb" passed to
drivers, then drivers must check for the -EMSGSIZE error code returned
by it. Otherwise, when a netlink skb becomes full, DSA will no longer
save newly dumped FDB entries to it, but the driver will continue
dumping. So FDB entries will be missing from the dump.

Fix the broken backpressure by propagating the "cb" return code and
allow rtnl_fdb_dump() to restart the FDB dump with a new skb.

Fixes: 291d1e72b756 ("net: dsa: sja1105: Add support for FDB and MDB management")
Signed-off-by: Vladimir Oltean <vladimir.oltean@nxp.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 drivers/net/dsa/sja1105/sja1105_main.c | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/drivers/net/dsa/sja1105/sja1105_main.c b/drivers/net/dsa/sja1105/sja1105_main.c
index 855371fcbf85..c03d76c10868 100644
--- a/drivers/net/dsa/sja1105/sja1105_main.c
+++ b/drivers/net/dsa/sja1105/sja1105_main.c
@@ -1566,7 +1566,9 @@ static int sja1105_fdb_dump(struct dsa_switch *ds, int port,
 		/* We need to hide the dsa_8021q VLANs from the user. */
 		if (priv->vlan_state == SJA1105_VLAN_UNAWARE)
 			l2_lookup.vlanid = 0;
-		cb(macaddr, l2_lookup.vlanid, l2_lookup.lockeds, data);
+		rc = cb(macaddr, l2_lookup.vlanid, l2_lookup.lockeds, data);
+		if (rc)
+			return rc;
 	}
 	return 0;
 }
-- 
2.30.2




^ permalink raw reply related	[flat|nested] 112+ messages in thread

* [PATCH 5.10 58/96] net: bridge: validate the NUD_PERMANENT bit when adding an extern_learn FDB entry
  2021-08-16 13:01 [PATCH 5.10 00/96] 5.10.60-rc1 review Greg Kroah-Hartman
                   ` (56 preceding siblings ...)
  2021-08-16 13:02 ` [PATCH 5.10 57/96] net: dsa: sja1105: " Greg Kroah-Hartman
@ 2021-08-16 13:02 ` Greg Kroah-Hartman
  2021-08-16 13:02 ` [PATCH 5.10 59/96] net: bridge: fix flags interpretation for extern learn fdb entries Greg Kroah-Hartman
                   ` (37 subsequent siblings)
  95 siblings, 0 replies; 112+ messages in thread
From: Greg Kroah-Hartman @ 2021-08-16 13:02 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, syzbot+9ba1174359adba5a5b7c,
	Vladimir Oltean, Nikolay Aleksandrov, Jakub Kicinski,
	Sasha Levin

From: Vladimir Oltean <vladimir.oltean@nxp.com>

[ Upstream commit 0541a6293298fb52789de389dfb27ef54df81f73 ]

Currently it is possible to add broken extern_learn FDB entries to the
bridge in two ways:

1. Entries pointing towards the bridge device that are not local/permanent:

ip link add br0 type bridge
bridge fdb add 00:01:02:03:04:05 dev br0 self extern_learn static

2. Entries pointing towards the bridge device or towards a port that
are marked as local/permanent, however the bridge does not process the
'permanent' bit in any way, therefore they are recorded as though they
aren't permanent:

ip link add br0 type bridge
bridge fdb add 00:01:02:03:04:05 dev br0 self extern_learn permanent

Since commit 52e4bec15546 ("net: bridge: switchdev: treat local FDBs the
same as entries towards the bridge"), these incorrect FDB entries can
even trigger NULL pointer dereferences inside the kernel.

This is because that commit made the assumption that all FDB entries
that are not local/permanent have a valid destination port. For context,
local / permanent FDB entries either have fdb->dst == NULL, and these
point towards the bridge device and are therefore local and not to be
used for forwarding, or have fdb->dst == a net_bridge_port structure
(but are to be treated in the same way, i.e. not for forwarding).

That assumption _is_ correct as long as things are working correctly in
the bridge driver, i.e. we cannot logically have fdb->dst == NULL under
any circumstance for FDB entries that are not local. However, the
extern_learn code path where FDB entries are managed by a user space
controller show that it is possible for the bridge kernel driver to
misinterpret the NUD flags of an entry transmitted by user space, and
end up having fdb->dst == NULL while not being a local entry. This is
invalid and should be rejected.

Before, the two commands listed above both crashed the kernel in this
check from br_switchdev_fdb_notify:

	struct net_device *dev = info.is_local ? br->dev : dst->dev;

info.is_local == false, dst == NULL.

After this patch, the invalid entry added by the first command is
rejected:

ip link add br0 type bridge && bridge fdb add 00:01:02:03:04:05 dev br0 self extern_learn static; ip link del br0
Error: bridge: FDB entry towards bridge must be permanent.

and the valid entry added by the second command is properly treated as a
local address and does not crash br_switchdev_fdb_notify anymore:

ip link add br0 type bridge && bridge fdb add 00:01:02:03:04:05 dev br0 self extern_learn permanent; ip link del br0

Fixes: eb100e0e24a2 ("net: bridge: allow to add externally learned entries from user-space")
Reported-by: syzbot+9ba1174359adba5a5b7c@syzkaller.appspotmail.com
Signed-off-by: Vladimir Oltean <vladimir.oltean@nxp.com>
Acked-by: Nikolay Aleksandrov <nikolay@nvidia.com>
Link: https://lore.kernel.org/r/20210801231730.7493-1-vladimir.oltean@nxp.com
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 net/bridge/br.c         |  3 ++-
 net/bridge/br_fdb.c     | 30 ++++++++++++++++++++++++------
 net/bridge/br_private.h |  2 +-
 3 files changed, 27 insertions(+), 8 deletions(-)

diff --git a/net/bridge/br.c b/net/bridge/br.c
index 1b169f8e7491..a416b01ee773 100644
--- a/net/bridge/br.c
+++ b/net/bridge/br.c
@@ -166,7 +166,8 @@ static int br_switchdev_event(struct notifier_block *unused,
 	case SWITCHDEV_FDB_ADD_TO_BRIDGE:
 		fdb_info = ptr;
 		err = br_fdb_external_learn_add(br, p, fdb_info->addr,
-						fdb_info->vid, false);
+						fdb_info->vid,
+						fdb_info->is_local, false);
 		if (err) {
 			err = notifier_from_errno(err);
 			break;
diff --git a/net/bridge/br_fdb.c b/net/bridge/br_fdb.c
index 32ac8343b0ba..a729786e0f03 100644
--- a/net/bridge/br_fdb.c
+++ b/net/bridge/br_fdb.c
@@ -950,7 +950,8 @@ static int fdb_add_entry(struct net_bridge *br, struct net_bridge_port *source,
 
 static int __br_fdb_add(struct ndmsg *ndm, struct net_bridge *br,
 			struct net_bridge_port *p, const unsigned char *addr,
-			u16 nlh_flags, u16 vid, struct nlattr *nfea_tb[])
+			u16 nlh_flags, u16 vid, struct nlattr *nfea_tb[],
+			struct netlink_ext_ack *extack)
 {
 	int err = 0;
 
@@ -969,7 +970,15 @@ static int __br_fdb_add(struct ndmsg *ndm, struct net_bridge *br,
 		rcu_read_unlock();
 		local_bh_enable();
 	} else if (ndm->ndm_flags & NTF_EXT_LEARNED) {
-		err = br_fdb_external_learn_add(br, p, addr, vid, true);
+		if (!p && !(ndm->ndm_state & NUD_PERMANENT)) {
+			NL_SET_ERR_MSG_MOD(extack,
+					   "FDB entry towards bridge must be permanent");
+			return -EINVAL;
+		}
+
+		err = br_fdb_external_learn_add(br, p, addr, vid,
+						ndm->ndm_state & NUD_PERMANENT,
+						true);
 	} else {
 		spin_lock_bh(&br->hash_lock);
 		err = fdb_add_entry(br, p, addr, ndm, nlh_flags, vid, nfea_tb);
@@ -1041,9 +1050,11 @@ int br_fdb_add(struct ndmsg *ndm, struct nlattr *tb[],
 		}
 
 		/* VID was specified, so use it. */
-		err = __br_fdb_add(ndm, br, p, addr, nlh_flags, vid, nfea_tb);
+		err = __br_fdb_add(ndm, br, p, addr, nlh_flags, vid, nfea_tb,
+				   extack);
 	} else {
-		err = __br_fdb_add(ndm, br, p, addr, nlh_flags, 0, nfea_tb);
+		err = __br_fdb_add(ndm, br, p, addr, nlh_flags, 0, nfea_tb,
+				   extack);
 		if (err || !vg || !vg->num_vlans)
 			goto out;
 
@@ -1055,7 +1066,7 @@ int br_fdb_add(struct ndmsg *ndm, struct nlattr *tb[],
 			if (!br_vlan_should_use(v))
 				continue;
 			err = __br_fdb_add(ndm, br, p, addr, nlh_flags, v->vid,
-					   nfea_tb);
+					   nfea_tb, extack);
 			if (err)
 				goto out;
 		}
@@ -1195,7 +1206,7 @@ void br_fdb_unsync_static(struct net_bridge *br, struct net_bridge_port *p)
 }
 
 int br_fdb_external_learn_add(struct net_bridge *br, struct net_bridge_port *p,
-			      const unsigned char *addr, u16 vid,
+			      const unsigned char *addr, u16 vid, bool is_local,
 			      bool swdev_notify)
 {
 	struct net_bridge_fdb_entry *fdb;
@@ -1212,6 +1223,10 @@ int br_fdb_external_learn_add(struct net_bridge *br, struct net_bridge_port *p,
 
 		if (swdev_notify)
 			flags |= BIT(BR_FDB_ADDED_BY_USER);
+
+		if (is_local)
+			flags |= BIT(BR_FDB_LOCAL);
+
 		fdb = fdb_create(br, p, addr, vid, flags);
 		if (!fdb) {
 			err = -ENOMEM;
@@ -1238,6 +1253,9 @@ int br_fdb_external_learn_add(struct net_bridge *br, struct net_bridge_port *p,
 		if (swdev_notify)
 			set_bit(BR_FDB_ADDED_BY_USER, &fdb->flags);
 
+		if (is_local)
+			set_bit(BR_FDB_LOCAL, &fdb->flags);
+
 		if (modified)
 			fdb_notify(br, fdb, RTM_NEWNEIGH, swdev_notify);
 	}
diff --git a/net/bridge/br_private.h b/net/bridge/br_private.h
index 5e5726048a1a..26f311b2cc11 100644
--- a/net/bridge/br_private.h
+++ b/net/bridge/br_private.h
@@ -708,7 +708,7 @@ int br_fdb_get(struct sk_buff *skb, struct nlattr *tb[], struct net_device *dev,
 int br_fdb_sync_static(struct net_bridge *br, struct net_bridge_port *p);
 void br_fdb_unsync_static(struct net_bridge *br, struct net_bridge_port *p);
 int br_fdb_external_learn_add(struct net_bridge *br, struct net_bridge_port *p,
-			      const unsigned char *addr, u16 vid,
+			      const unsigned char *addr, u16 vid, bool is_local,
 			      bool swdev_notify);
 int br_fdb_external_learn_del(struct net_bridge *br, struct net_bridge_port *p,
 			      const unsigned char *addr, u16 vid,
-- 
2.30.2




^ permalink raw reply related	[flat|nested] 112+ messages in thread

* [PATCH 5.10 59/96] net: bridge: fix flags interpretation for extern learn fdb entries
  2021-08-16 13:01 [PATCH 5.10 00/96] 5.10.60-rc1 review Greg Kroah-Hartman
                   ` (57 preceding siblings ...)
  2021-08-16 13:02 ` [PATCH 5.10 58/96] net: bridge: validate the NUD_PERMANENT bit when adding an extern_learn FDB entry Greg Kroah-Hartman
@ 2021-08-16 13:02 ` Greg Kroah-Hartman
  2021-08-16 13:02 ` [PATCH 5.10 60/96] net: bridge: fix memleak in br_add_if() Greg Kroah-Hartman
                   ` (36 subsequent siblings)
  95 siblings, 0 replies; 112+ messages in thread
From: Greg Kroah-Hartman @ 2021-08-16 13:02 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Ido Schimmel, Nikolay Aleksandrov,
	Vladimir Oltean, Jakub Kicinski, Sasha Levin

From: Nikolay Aleksandrov <nikolay@nvidia.com>

[ Upstream commit 45a687879b31caae4032abd1c2402e289d2b8083 ]

Ignore fdb flags when adding port extern learn entries and always set
BR_FDB_LOCAL flag when adding bridge extern learn entries. This is
closest to the behaviour we had before and avoids breaking any use cases
which were allowed.

This patch fixes iproute2 calls which assume NUD_PERMANENT and were
allowed before, example:
$ bridge fdb add 00:11:22:33:44:55 dev swp1 extern_learn

Extern learn entries are allowed to roam, but do not expire, so static
or dynamic flags make no sense for them.

Also add a comment for future reference.

Fixes: eb100e0e24a2 ("net: bridge: allow to add externally learned entries from user-space")
Fixes: 0541a6293298 ("net: bridge: validate the NUD_PERMANENT bit when adding an extern_learn FDB entry")
Reviewed-by: Ido Schimmel <idosch@nvidia.com>
Tested-by: Ido Schimmel <idosch@nvidia.com>
Signed-off-by: Nikolay Aleksandrov <nikolay@nvidia.com>
Reviewed-by: Vladimir Oltean <vladimir.oltean@nxp.com>
Link: https://lore.kernel.org/r/20210810110010.43859-1-razor@blackwall.org
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 include/uapi/linux/neighbour.h |  7 +++++--
 net/bridge/br.c                |  3 +--
 net/bridge/br_fdb.c            | 11 ++++-------
 net/bridge/br_private.h        |  2 +-
 4 files changed, 11 insertions(+), 12 deletions(-)

diff --git a/include/uapi/linux/neighbour.h b/include/uapi/linux/neighbour.h
index dc8b72201f6c..00a60695fa53 100644
--- a/include/uapi/linux/neighbour.h
+++ b/include/uapi/linux/neighbour.h
@@ -66,8 +66,11 @@ enum {
 #define NUD_NONE	0x00
 
 /* NUD_NOARP & NUD_PERMANENT are pseudostates, they never change
-   and make no address resolution or NUD.
-   NUD_PERMANENT also cannot be deleted by garbage collectors.
+ * and make no address resolution or NUD.
+ * NUD_PERMANENT also cannot be deleted by garbage collectors.
+ * When NTF_EXT_LEARNED is set for a bridge fdb entry the different cache entry
+ * states don't make sense and thus are ignored. Such entries don't age and
+ * can roam.
  */
 
 struct nda_cacheinfo {
diff --git a/net/bridge/br.c b/net/bridge/br.c
index a416b01ee773..1b169f8e7491 100644
--- a/net/bridge/br.c
+++ b/net/bridge/br.c
@@ -166,8 +166,7 @@ static int br_switchdev_event(struct notifier_block *unused,
 	case SWITCHDEV_FDB_ADD_TO_BRIDGE:
 		fdb_info = ptr;
 		err = br_fdb_external_learn_add(br, p, fdb_info->addr,
-						fdb_info->vid,
-						fdb_info->is_local, false);
+						fdb_info->vid, false);
 		if (err) {
 			err = notifier_from_errno(err);
 			break;
diff --git a/net/bridge/br_fdb.c b/net/bridge/br_fdb.c
index a729786e0f03..8a6470a21702 100644
--- a/net/bridge/br_fdb.c
+++ b/net/bridge/br_fdb.c
@@ -975,10 +975,7 @@ static int __br_fdb_add(struct ndmsg *ndm, struct net_bridge *br,
 					   "FDB entry towards bridge must be permanent");
 			return -EINVAL;
 		}
-
-		err = br_fdb_external_learn_add(br, p, addr, vid,
-						ndm->ndm_state & NUD_PERMANENT,
-						true);
+		err = br_fdb_external_learn_add(br, p, addr, vid, true);
 	} else {
 		spin_lock_bh(&br->hash_lock);
 		err = fdb_add_entry(br, p, addr, ndm, nlh_flags, vid, nfea_tb);
@@ -1206,7 +1203,7 @@ void br_fdb_unsync_static(struct net_bridge *br, struct net_bridge_port *p)
 }
 
 int br_fdb_external_learn_add(struct net_bridge *br, struct net_bridge_port *p,
-			      const unsigned char *addr, u16 vid, bool is_local,
+			      const unsigned char *addr, u16 vid,
 			      bool swdev_notify)
 {
 	struct net_bridge_fdb_entry *fdb;
@@ -1224,7 +1221,7 @@ int br_fdb_external_learn_add(struct net_bridge *br, struct net_bridge_port *p,
 		if (swdev_notify)
 			flags |= BIT(BR_FDB_ADDED_BY_USER);
 
-		if (is_local)
+		if (!p)
 			flags |= BIT(BR_FDB_LOCAL);
 
 		fdb = fdb_create(br, p, addr, vid, flags);
@@ -1253,7 +1250,7 @@ int br_fdb_external_learn_add(struct net_bridge *br, struct net_bridge_port *p,
 		if (swdev_notify)
 			set_bit(BR_FDB_ADDED_BY_USER, &fdb->flags);
 
-		if (is_local)
+		if (!p)
 			set_bit(BR_FDB_LOCAL, &fdb->flags);
 
 		if (modified)
diff --git a/net/bridge/br_private.h b/net/bridge/br_private.h
index 26f311b2cc11..5e5726048a1a 100644
--- a/net/bridge/br_private.h
+++ b/net/bridge/br_private.h
@@ -708,7 +708,7 @@ int br_fdb_get(struct sk_buff *skb, struct nlattr *tb[], struct net_device *dev,
 int br_fdb_sync_static(struct net_bridge *br, struct net_bridge_port *p);
 void br_fdb_unsync_static(struct net_bridge *br, struct net_bridge_port *p);
 int br_fdb_external_learn_add(struct net_bridge *br, struct net_bridge_port *p,
-			      const unsigned char *addr, u16 vid, bool is_local,
+			      const unsigned char *addr, u16 vid,
 			      bool swdev_notify);
 int br_fdb_external_learn_del(struct net_bridge *br, struct net_bridge_port *p,
 			      const unsigned char *addr, u16 vid,
-- 
2.30.2




^ permalink raw reply related	[flat|nested] 112+ messages in thread

* [PATCH 5.10 60/96] net: bridge: fix memleak in br_add_if()
  2021-08-16 13:01 [PATCH 5.10 00/96] 5.10.60-rc1 review Greg Kroah-Hartman
                   ` (58 preceding siblings ...)
  2021-08-16 13:02 ` [PATCH 5.10 59/96] net: bridge: fix flags interpretation for extern learn fdb entries Greg Kroah-Hartman
@ 2021-08-16 13:02 ` Greg Kroah-Hartman
  2021-08-16 13:02 ` [PATCH 5.10 61/96] net: linkwatch: fix failure to restore device state across suspend/resume Greg Kroah-Hartman
                   ` (35 subsequent siblings)
  95 siblings, 0 replies; 112+ messages in thread
From: Greg Kroah-Hartman @ 2021-08-16 13:02 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Hulk Robot, Yang Yingliang,
	Nikolay Aleksandrov, Jakub Kicinski, Sasha Levin

From: Yang Yingliang <yangyingliang@huawei.com>

[ Upstream commit 519133debcc19f5c834e7e28480b60bdc234fe02 ]

I got a memleak report:

BUG: memory leak
unreferenced object 0x607ee521a658 (size 240):
comm "syz-executor.0", pid 955, jiffies 4294780569 (age 16.449s)
hex dump (first 32 bytes, cpu 1):
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
backtrace:
[<00000000d830ea5a>] br_multicast_add_port+0x1c2/0x300 net/bridge/br_multicast.c:1693
[<00000000274d9a71>] new_nbp net/bridge/br_if.c:435 [inline]
[<00000000274d9a71>] br_add_if+0x670/0x1740 net/bridge/br_if.c:611
[<0000000012ce888e>] do_set_master net/core/rtnetlink.c:2513 [inline]
[<0000000012ce888e>] do_set_master+0x1aa/0x210 net/core/rtnetlink.c:2487
[<0000000099d1cafc>] __rtnl_newlink+0x1095/0x13e0 net/core/rtnetlink.c:3457
[<00000000a01facc0>] rtnl_newlink+0x64/0xa0 net/core/rtnetlink.c:3488
[<00000000acc9186c>] rtnetlink_rcv_msg+0x369/0xa10 net/core/rtnetlink.c:5550
[<00000000d4aabb9c>] netlink_rcv_skb+0x134/0x3d0 net/netlink/af_netlink.c:2504
[<00000000bc2e12a3>] netlink_unicast_kernel net/netlink/af_netlink.c:1314 [inline]
[<00000000bc2e12a3>] netlink_unicast+0x4a0/0x6a0 net/netlink/af_netlink.c:1340
[<00000000e4dc2d0e>] netlink_sendmsg+0x789/0xc70 net/netlink/af_netlink.c:1929
[<000000000d22c8b3>] sock_sendmsg_nosec net/socket.c:654 [inline]
[<000000000d22c8b3>] sock_sendmsg+0x139/0x170 net/socket.c:674
[<00000000e281417a>] ____sys_sendmsg+0x658/0x7d0 net/socket.c:2350
[<00000000237aa2ab>] ___sys_sendmsg+0xf8/0x170 net/socket.c:2404
[<000000004f2dc381>] __sys_sendmsg+0xd3/0x190 net/socket.c:2433
[<0000000005feca6c>] do_syscall_64+0x37/0x90 arch/x86/entry/common.c:47
[<000000007304477d>] entry_SYSCALL_64_after_hwframe+0x44/0xae

On error path of br_add_if(), p->mcast_stats allocated in
new_nbp() need be freed, or it will be leaked.

Fixes: 1080ab95e3c7 ("net: bridge: add support for IGMP/MLD stats and export them via netlink")
Reported-by: Hulk Robot <hulkci@huawei.com>
Signed-off-by: Yang Yingliang <yangyingliang@huawei.com>
Acked-by: Nikolay Aleksandrov <nikolay@nvidia.com>
Link: https://lore.kernel.org/r/20210809132023.978546-1-yangyingliang@huawei.com
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 net/bridge/br_if.c | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/net/bridge/br_if.c b/net/bridge/br_if.c
index 857a2c512ca3..1d87bf51f384 100644
--- a/net/bridge/br_if.c
+++ b/net/bridge/br_if.c
@@ -615,6 +615,7 @@ int br_add_if(struct net_bridge *br, struct net_device *dev,
 
 	err = dev_set_allmulti(dev, 1);
 	if (err) {
+		br_multicast_del_port(p);
 		kfree(p);	/* kobject not yet init'd, manually free */
 		goto err1;
 	}
@@ -728,6 +729,7 @@ err4:
 err3:
 	sysfs_remove_link(br->ifobj, p->dev->name);
 err2:
+	br_multicast_del_port(p);
 	kobject_put(&p->kobj);
 	dev_set_allmulti(dev, -1);
 err1:
-- 
2.30.2




^ permalink raw reply related	[flat|nested] 112+ messages in thread

* [PATCH 5.10 61/96] net: linkwatch: fix failure to restore device state across suspend/resume
  2021-08-16 13:01 [PATCH 5.10 00/96] 5.10.60-rc1 review Greg Kroah-Hartman
                   ` (59 preceding siblings ...)
  2021-08-16 13:02 ` [PATCH 5.10 60/96] net: bridge: fix memleak in br_add_if() Greg Kroah-Hartman
@ 2021-08-16 13:02 ` Greg Kroah-Hartman
  2021-08-16 13:02 ` [PATCH 5.10 62/96] tcp_bbr: fix u32 wrap bug in round logic if bbr_init() called after 2B packets Greg Kroah-Hartman
                   ` (34 subsequent siblings)
  95 siblings, 0 replies; 112+ messages in thread
From: Greg Kroah-Hartman @ 2021-08-16 13:02 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Heiner Kallweit, Geert Uytterhoeven,
	Florian Fainelli, Willy Tarreau, Jakub Kicinski, Sasha Levin

From: Willy Tarreau <w@1wt.eu>

[ Upstream commit 6922110d152e56d7569616b45a1f02876cf3eb9f ]

After migrating my laptop from 4.19-LTS to 5.4-LTS a while ago I noticed
that my Ethernet port to which a bond and a VLAN interface are attached
appeared to remain up after resuming from suspend with the cable unplugged
(and that problem still persists with 5.10-LTS).

It happens that the following happens:

  - the network driver (e1000e here) prepares to suspend, calls e1000e_down()
    which calls netif_carrier_off() to signal that the link is going down.
  - netif_carrier_off() adds a link_watch event to the list of events for
    this device
  - the device is completely stopped.
  - the machine suspends
  - the cable is unplugged and the machine brought to another location
  - the machine is resumed
  - the queued linkwatch events are processed for the device
  - the device doesn't yet have the __LINK_STATE_PRESENT bit and its events
    are silently dropped
  - the device is resumed with its link down
  - the upper VLAN and bond interfaces are never notified that the link had
    been turned down and remain up
  - the only way to provoke a change is to physically connect the machine
    to a port and possibly unplug it.

The state after resume looks like this:
  $ ip -br li | egrep 'bond|eth'
  bond0            UP             e8:6a:64:64:64:64 <BROADCAST,MULTICAST,MASTER,UP,LOWER_UP>
  eth0             DOWN           e8:6a:64:64:64:64 <NO-CARRIER,BROADCAST,MULTICAST,SLAVE,UP>
  eth0.2@eth0      UP             e8:6a:64:64:64:64 <BROADCAST,MULTICAST,SLAVE,UP,LOWER_UP>

Placing an explicit call to netdev_state_change() either in the suspend
or the resume code in the NIC driver worked around this but the solution
is not satisfying.

The issue in fact really is in link_watch that loses events while it
ought not to. It happens that the test for the device being present was
added by commit 124eee3f6955 ("net: linkwatch: add check for netdevice
being present to linkwatch_do_dev") in 4.20 to avoid an access to
devices that are not present.

Instead of dropping events, this patch proceeds slightly differently by
postponing their handling so that they happen after the device is fully
resumed.

Fixes: 124eee3f6955 ("net: linkwatch: add check for netdevice being present to linkwatch_do_dev")
Link: https://lists.openwall.net/netdev/2018/03/15/62
Cc: Heiner Kallweit <hkallweit1@gmail.com>
Cc: Geert Uytterhoeven <geert+renesas@glider.be>
Cc: Florian Fainelli <f.fainelli@gmail.com>
Signed-off-by: Willy Tarreau <w@1wt.eu>
Link: https://lore.kernel.org/r/20210809160628.22623-1-w@1wt.eu
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 net/core/link_watch.c | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/net/core/link_watch.c b/net/core/link_watch.c
index 75431ca9300f..1a455847da54 100644
--- a/net/core/link_watch.c
+++ b/net/core/link_watch.c
@@ -158,7 +158,7 @@ static void linkwatch_do_dev(struct net_device *dev)
 	clear_bit(__LINK_STATE_LINKWATCH_PENDING, &dev->state);
 
 	rfc2863_policy(dev);
-	if (dev->flags & IFF_UP && netif_device_present(dev)) {
+	if (dev->flags & IFF_UP) {
 		if (netif_carrier_ok(dev))
 			dev_activate(dev);
 		else
@@ -204,7 +204,8 @@ static void __linkwatch_run_queue(int urgent_only)
 		dev = list_first_entry(&wrk, struct net_device, link_watch_list);
 		list_del_init(&dev->link_watch_list);
 
-		if (urgent_only && !linkwatch_urgent_event(dev)) {
+		if (!netif_device_present(dev) ||
+		    (urgent_only && !linkwatch_urgent_event(dev))) {
 			list_add_tail(&dev->link_watch_list, &lweventlist);
 			continue;
 		}
-- 
2.30.2




^ permalink raw reply related	[flat|nested] 112+ messages in thread

* [PATCH 5.10 62/96] tcp_bbr: fix u32 wrap bug in round logic if bbr_init() called after 2B packets
  2021-08-16 13:01 [PATCH 5.10 00/96] 5.10.60-rc1 review Greg Kroah-Hartman
                   ` (60 preceding siblings ...)
  2021-08-16 13:02 ` [PATCH 5.10 61/96] net: linkwatch: fix failure to restore device state across suspend/resume Greg Kroah-Hartman
@ 2021-08-16 13:02 ` Greg Kroah-Hartman
  2021-08-16 13:02 ` [PATCH 5.10 63/96] net: igmp: increase size of mr_ifc_count Greg Kroah-Hartman
                   ` (33 subsequent siblings)
  95 siblings, 0 replies; 112+ messages in thread
From: Greg Kroah-Hartman @ 2021-08-16 13:02 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Neal Cardwell, Yuchung Cheng,
	Kevin Yang, Eric Dumazet, Jakub Kicinski, Sasha Levin

From: Neal Cardwell <ncardwell@google.com>

[ Upstream commit 6de035fec045f8ae5ee5f3a02373a18b939e91fb ]

Currently if BBR congestion control is initialized after more than 2B
packets have been delivered, depending on the phase of the
tp->delivered counter the tracking of BBR round trips can get stuck.

The bug arises because if tp->delivered is between 2^31 and 2^32 at
the time the BBR congestion control module is initialized, then the
initialization of bbr->next_rtt_delivered to 0 will cause the logic to
believe that the end of the round trip is still billions of packets in
the future. More specifically, the following check will fail
repeatedly:

  !before(rs->prior_delivered, bbr->next_rtt_delivered)

and thus the connection will take up to 2B packets delivered before
that check will pass and the connection will set:

  bbr->round_start = 1;

This could cause many mechanisms in BBR to fail to trigger, for
example bbr_check_full_bw_reached() would likely never exit STARTUP.

This bug is 5 years old and has not been observed, and as a practical
matter this would likely rarely trigger, since it would require
transferring at least 2B packets, or likely more than 3 terabytes of
data, before switching congestion control algorithms to BBR.

This patch is a stable candidate for kernels as far back as v4.9,
when tcp_bbr.c was added.

Fixes: 0f8782ea1497 ("tcp_bbr: add BBR congestion control")
Signed-off-by: Neal Cardwell <ncardwell@google.com>
Reviewed-by: Yuchung Cheng <ycheng@google.com>
Reviewed-by: Kevin Yang <yyd@google.com>
Reviewed-by: Eric Dumazet <edumazet@google.com>
Link: https://lore.kernel.org/r/20210811024056.235161-1-ncardwell@google.com
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 net/ipv4/tcp_bbr.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/net/ipv4/tcp_bbr.c b/net/ipv4/tcp_bbr.c
index 6ea3dc2e4219..6274462b86b4 100644
--- a/net/ipv4/tcp_bbr.c
+++ b/net/ipv4/tcp_bbr.c
@@ -1041,7 +1041,7 @@ static void bbr_init(struct sock *sk)
 	bbr->prior_cwnd = 0;
 	tp->snd_ssthresh = TCP_INFINITE_SSTHRESH;
 	bbr->rtt_cnt = 0;
-	bbr->next_rtt_delivered = 0;
+	bbr->next_rtt_delivered = tp->delivered;
 	bbr->prev_ca_state = TCP_CA_Open;
 	bbr->packet_conservation = 0;
 
-- 
2.30.2




^ permalink raw reply related	[flat|nested] 112+ messages in thread

* [PATCH 5.10 63/96] net: igmp: increase size of mr_ifc_count
  2021-08-16 13:01 [PATCH 5.10 00/96] 5.10.60-rc1 review Greg Kroah-Hartman
                   ` (61 preceding siblings ...)
  2021-08-16 13:02 ` [PATCH 5.10 62/96] tcp_bbr: fix u32 wrap bug in round logic if bbr_init() called after 2B packets Greg Kroah-Hartman
@ 2021-08-16 13:02 ` Greg Kroah-Hartman
  2021-08-16 13:02 ` [PATCH 5.10 64/96] drm/i915: Only access SFC_DONE when media domain is not fused off Greg Kroah-Hartman
                   ` (32 subsequent siblings)
  95 siblings, 0 replies; 112+ messages in thread
From: Greg Kroah-Hartman @ 2021-08-16 13:02 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Eric Dumazet, Guenter Roeck,
	Jakub Kicinski, Sasha Levin

From: Eric Dumazet <edumazet@google.com>

[ Upstream commit b69dd5b3780a7298bd893816a09da751bc0636f7 ]

Some arches support cmpxchg() on 4-byte and 8-byte only.
Increase mr_ifc_count width to 32bit to fix this problem.

Fixes: 4a2b285e7e10 ("net: igmp: fix data-race in igmp_ifc_timer_expire()")
Signed-off-by: Eric Dumazet <edumazet@google.com>
Reported-by: Guenter Roeck <linux@roeck-us.net>
Link: https://lore.kernel.org/r/20210811195715.3684218-1-eric.dumazet@gmail.com
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 include/linux/inetdevice.h | 2 +-
 net/ipv4/igmp.c            | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/include/linux/inetdevice.h b/include/linux/inetdevice.h
index 3515ca64e638..b68fca08be27 100644
--- a/include/linux/inetdevice.h
+++ b/include/linux/inetdevice.h
@@ -41,7 +41,7 @@ struct in_device {
 	unsigned long		mr_qri;		/* Query Response Interval */
 	unsigned char		mr_qrv;		/* Query Robustness Variable */
 	unsigned char		mr_gq_running;
-	unsigned char		mr_ifc_count;
+	u32			mr_ifc_count;
 	struct timer_list	mr_gq_timer;	/* general query timer */
 	struct timer_list	mr_ifc_timer;	/* interface change timer */
 
diff --git a/net/ipv4/igmp.c b/net/ipv4/igmp.c
index a51360087b19..00576bae183d 100644
--- a/net/ipv4/igmp.c
+++ b/net/ipv4/igmp.c
@@ -803,7 +803,7 @@ static void igmp_gq_timer_expire(struct timer_list *t)
 static void igmp_ifc_timer_expire(struct timer_list *t)
 {
 	struct in_device *in_dev = from_timer(in_dev, t, mr_ifc_timer);
-	u8 mr_ifc_count;
+	u32 mr_ifc_count;
 
 	igmpv3_send_cr(in_dev);
 restart:
-- 
2.30.2




^ permalink raw reply related	[flat|nested] 112+ messages in thread

* [PATCH 5.10 64/96] drm/i915: Only access SFC_DONE when media domain is not fused off
  2021-08-16 13:01 [PATCH 5.10 00/96] 5.10.60-rc1 review Greg Kroah-Hartman
                   ` (62 preceding siblings ...)
  2021-08-16 13:02 ` [PATCH 5.10 63/96] net: igmp: increase size of mr_ifc_count Greg Kroah-Hartman
@ 2021-08-16 13:02 ` Greg Kroah-Hartman
  2021-08-16 13:02 ` [PATCH 5.10 65/96] xen/events: Fix race in set_evtchn_to_irq Greg Kroah-Hartman
                   ` (31 subsequent siblings)
  95 siblings, 0 replies; 112+ messages in thread
From: Greg Kroah-Hartman @ 2021-08-16 13:02 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Daniele Ceraolo Spurio,
	Mika Kuoppala, Matt Roper, José Roberto de Souza,
	Rodrigo Vivi, Sasha Levin

From: Matt Roper <matthew.d.roper@intel.com>

[ Upstream commit 24d032e2359e3abc926b3d423f49a7c33e0b7836 ]

The SFC_DONE register lives within the corresponding VD0/VD2/VD4/VD6
forcewake domain and is not accessible if the vdbox in that domain is
fused off and the forcewake is not initialized.

This mistake went unnoticed because until recently we were using the
wrong register offset for the SFC_DONE register; once the register
offset was corrected, we started hitting errors like

  <4> [544.989065] i915 0000:cc:00.0: Uninitialized forcewake domain(s) 0x80 accessed at 0x1ce000

on parts with fused-off vdbox engines.

Fixes: e50dbdbfd9fb ("drm/i915/tgl: Add SFC instdone to error state")
Fixes: 9c9c6d0ab08a ("drm/i915: Correct SFC_DONE register offset")
Cc: Daniele Ceraolo Spurio <daniele.ceraolospurio@intel.com>
Cc: Mika Kuoppala <mika.kuoppala@linux.intel.com>
Signed-off-by: Matt Roper <matthew.d.roper@intel.com>
Link: https://patchwork.freedesktop.org/patch/msgid/20210806174130.1058960-1-matthew.d.roper@intel.com
Reviewed-by: José Roberto de Souza <jose.souza@intel.com>
(cherry picked from commit c5589bb5dccb0c5cb74910da93663f489589f3ce)
Signed-off-by: Rodrigo Vivi <rodrigo.vivi@intel.com>
[Changed Fixes tag to match the cherry-picked 82929a2140eb]
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 drivers/gpu/drm/i915/i915_gpu_error.c | 19 ++++++++++++++++++-
 1 file changed, 18 insertions(+), 1 deletion(-)

diff --git a/drivers/gpu/drm/i915/i915_gpu_error.c b/drivers/gpu/drm/i915/i915_gpu_error.c
index cf6e47adfde6..9ce8f043ad7f 100644
--- a/drivers/gpu/drm/i915/i915_gpu_error.c
+++ b/drivers/gpu/drm/i915/i915_gpu_error.c
@@ -727,9 +727,18 @@ static void err_print_gt(struct drm_i915_error_state_buf *m,
 	if (INTEL_GEN(m->i915) >= 12) {
 		int i;
 
-		for (i = 0; i < GEN12_SFC_DONE_MAX; i++)
+		for (i = 0; i < GEN12_SFC_DONE_MAX; i++) {
+			/*
+			 * SFC_DONE resides in the VD forcewake domain, so it
+			 * only exists if the corresponding VCS engine is
+			 * present.
+			 */
+			if (!HAS_ENGINE(gt->_gt, _VCS(i * 2)))
+				continue;
+
 			err_printf(m, "  SFC_DONE[%d]: 0x%08x\n", i,
 				   gt->sfc_done[i]);
+		}
 
 		err_printf(m, "  GAM_DONE: 0x%08x\n", gt->gam_done);
 	}
@@ -1594,6 +1603,14 @@ static void gt_record_regs(struct intel_gt_coredump *gt)
 
 	if (INTEL_GEN(i915) >= 12) {
 		for (i = 0; i < GEN12_SFC_DONE_MAX; i++) {
+			/*
+			 * SFC_DONE resides in the VD forcewake domain, so it
+			 * only exists if the corresponding VCS engine is
+			 * present.
+			 */
+			if (!HAS_ENGINE(gt->_gt, _VCS(i * 2)))
+				continue;
+
 			gt->sfc_done[i] =
 				intel_uncore_read(uncore, GEN12_SFC_DONE(i));
 		}
-- 
2.30.2




^ permalink raw reply related	[flat|nested] 112+ messages in thread

* [PATCH 5.10 65/96] xen/events: Fix race in set_evtchn_to_irq
  2021-08-16 13:01 [PATCH 5.10 00/96] 5.10.60-rc1 review Greg Kroah-Hartman
                   ` (63 preceding siblings ...)
  2021-08-16 13:02 ` [PATCH 5.10 64/96] drm/i915: Only access SFC_DONE when media domain is not fused off Greg Kroah-Hartman
@ 2021-08-16 13:02 ` Greg Kroah-Hartman
  2021-08-16 13:02 ` [PATCH 5.10 66/96] vsock/virtio: avoid potential deadlock when vsock device remove Greg Kroah-Hartman
                   ` (30 subsequent siblings)
  95 siblings, 0 replies; 112+ messages in thread
From: Greg Kroah-Hartman @ 2021-08-16 13:02 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Maximilian Heyne, Boris Ostrovsky,
	Sasha Levin

From: Maximilian Heyne <mheyne@amazon.de>

[ Upstream commit 88ca2521bd5b4e8b83743c01a2d4cb09325b51e9 ]

There is a TOCTOU issue in set_evtchn_to_irq. Rows in the evtchn_to_irq
mapping are lazily allocated in this function. The check whether the row
is already present and the row initialization is not synchronized. Two
threads can at the same time allocate a new row for evtchn_to_irq and
add the irq mapping to the their newly allocated row. One thread will
overwrite what the other has set for evtchn_to_irq[row] and therefore
the irq mapping is lost. This will trigger a BUG_ON later in
bind_evtchn_to_cpu:

  INFO: pci 0000:1a:15.4: [1d0f:8061] type 00 class 0x010802
  INFO: nvme 0000:1a:12.1: enabling device (0000 -> 0002)
  INFO: nvme nvme77: 1/0/0 default/read/poll queues
  CRIT: kernel BUG at drivers/xen/events/events_base.c:427!
  WARN: invalid opcode: 0000 [#1] SMP NOPTI
  WARN: Workqueue: nvme-reset-wq nvme_reset_work [nvme]
  WARN: RIP: e030:bind_evtchn_to_cpu+0xc2/0xd0
  WARN: Call Trace:
  WARN:  set_affinity_irq+0x121/0x150
  WARN:  irq_do_set_affinity+0x37/0xe0
  WARN:  irq_setup_affinity+0xf6/0x170
  WARN:  irq_startup+0x64/0xe0
  WARN:  __setup_irq+0x69e/0x740
  WARN:  ? request_threaded_irq+0xad/0x160
  WARN:  request_threaded_irq+0xf5/0x160
  WARN:  ? nvme_timeout+0x2f0/0x2f0 [nvme]
  WARN:  pci_request_irq+0xa9/0xf0
  WARN:  ? pci_alloc_irq_vectors_affinity+0xbb/0x130
  WARN:  queue_request_irq+0x4c/0x70 [nvme]
  WARN:  nvme_reset_work+0x82d/0x1550 [nvme]
  WARN:  ? check_preempt_wakeup+0x14f/0x230
  WARN:  ? check_preempt_curr+0x29/0x80
  WARN:  ? nvme_irq_check+0x30/0x30 [nvme]
  WARN:  process_one_work+0x18e/0x3c0
  WARN:  worker_thread+0x30/0x3a0
  WARN:  ? process_one_work+0x3c0/0x3c0
  WARN:  kthread+0x113/0x130
  WARN:  ? kthread_park+0x90/0x90
  WARN:  ret_from_fork+0x3a/0x50

This patch sets evtchn_to_irq rows via a cmpxchg operation so that they
will be set only once. The row is now cleared before writing it to
evtchn_to_irq in order to not create a race once the row is visible for
other threads.

While at it, do not require the page to be zeroed, because it will be
overwritten with -1's in clear_evtchn_to_irq_row anyway.

Signed-off-by: Maximilian Heyne <mheyne@amazon.de>
Fixes: d0b075ffeede ("xen/events: Refactor evtchn_to_irq array to be dynamically allocated")
Link: https://lore.kernel.org/r/20210812130930.127134-1-mheyne@amazon.de
Reviewed-by: Boris Ostrovsky <boris.ostrovsky@oracle.com>
Signed-off-by: Boris Ostrovsky <boris.ostrovsky@oracle.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 drivers/xen/events/events_base.c | 20 ++++++++++++++------
 1 file changed, 14 insertions(+), 6 deletions(-)

diff --git a/drivers/xen/events/events_base.c b/drivers/xen/events/events_base.c
index af0f6ad32522..fba78daee449 100644
--- a/drivers/xen/events/events_base.c
+++ b/drivers/xen/events/events_base.c
@@ -192,12 +192,12 @@ static void disable_dynirq(struct irq_data *data);
 
 static DEFINE_PER_CPU(unsigned int, irq_epoch);
 
-static void clear_evtchn_to_irq_row(unsigned row)
+static void clear_evtchn_to_irq_row(int *evtchn_row)
 {
 	unsigned col;
 
 	for (col = 0; col < EVTCHN_PER_ROW; col++)
-		WRITE_ONCE(evtchn_to_irq[row][col], -1);
+		WRITE_ONCE(evtchn_row[col], -1);
 }
 
 static void clear_evtchn_to_irq_all(void)
@@ -207,7 +207,7 @@ static void clear_evtchn_to_irq_all(void)
 	for (row = 0; row < EVTCHN_ROW(xen_evtchn_max_channels()); row++) {
 		if (evtchn_to_irq[row] == NULL)
 			continue;
-		clear_evtchn_to_irq_row(row);
+		clear_evtchn_to_irq_row(evtchn_to_irq[row]);
 	}
 }
 
@@ -215,6 +215,7 @@ static int set_evtchn_to_irq(evtchn_port_t evtchn, unsigned int irq)
 {
 	unsigned row;
 	unsigned col;
+	int *evtchn_row;
 
 	if (evtchn >= xen_evtchn_max_channels())
 		return -EINVAL;
@@ -227,11 +228,18 @@ static int set_evtchn_to_irq(evtchn_port_t evtchn, unsigned int irq)
 		if (irq == -1)
 			return 0;
 
-		evtchn_to_irq[row] = (int *)get_zeroed_page(GFP_KERNEL);
-		if (evtchn_to_irq[row] == NULL)
+		evtchn_row = (int *) __get_free_pages(GFP_KERNEL, 0);
+		if (evtchn_row == NULL)
 			return -ENOMEM;
 
-		clear_evtchn_to_irq_row(row);
+		clear_evtchn_to_irq_row(evtchn_row);
+
+		/*
+		 * We've prepared an empty row for the mapping. If a different
+		 * thread was faster inserting it, we can drop ours.
+		 */
+		if (cmpxchg(&evtchn_to_irq[row], NULL, evtchn_row) != NULL)
+			free_page((unsigned long) evtchn_row);
 	}
 
 	WRITE_ONCE(evtchn_to_irq[row][col], irq);
-- 
2.30.2




^ permalink raw reply related	[flat|nested] 112+ messages in thread

* [PATCH 5.10 66/96] vsock/virtio: avoid potential deadlock when vsock device remove
  2021-08-16 13:01 [PATCH 5.10 00/96] 5.10.60-rc1 review Greg Kroah-Hartman
                   ` (64 preceding siblings ...)
  2021-08-16 13:02 ` [PATCH 5.10 65/96] xen/events: Fix race in set_evtchn_to_irq Greg Kroah-Hartman
@ 2021-08-16 13:02 ` Greg Kroah-Hartman
  2021-08-16 13:02 ` [PATCH 5.10 67/96] nbd: Aovid double completion of a request Greg Kroah-Hartman
                   ` (29 subsequent siblings)
  95 siblings, 0 replies; 112+ messages in thread
From: Greg Kroah-Hartman @ 2021-08-16 13:02 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Stefan Hajnoczi, Longpeng(Mike),
	Stefano Garzarella, Jakub Kicinski, Sasha Levin

From: Longpeng(Mike) <longpeng2@huawei.com>

[ Upstream commit 49b0b6ffe20c5344f4173f3436298782a08da4f2 ]

There's a potential deadlock case when remove the vsock device or
process the RESET event:

  vsock_for_each_connected_socket:
      spin_lock_bh(&vsock_table_lock) ----------- (1)
      ...
          virtio_vsock_reset_sock:
              lock_sock(sk) --------------------- (2)
      ...
      spin_unlock_bh(&vsock_table_lock)

lock_sock() may do initiative schedule when the 'sk' is owned by
other thread at the same time, we would receivce a warning message
that "scheduling while atomic".

Even worse, if the next task (selected by the scheduler) try to
release a 'sk', it need to request vsock_table_lock and the deadlock
occur, cause the system into softlockup state.
  Call trace:
   queued_spin_lock_slowpath
   vsock_remove_bound
   vsock_remove_sock
   virtio_transport_release
   __vsock_release
   vsock_release
   __sock_release
   sock_close
   __fput
   ____fput

So we should not require sk_lock in this case, just like the behavior
in vhost_vsock or vmci.

Fixes: 0ea9e1d3a9e3 ("VSOCK: Introduce virtio_transport.ko")
Cc: Stefan Hajnoczi <stefanha@redhat.com>
Signed-off-by: Longpeng(Mike) <longpeng2@huawei.com>
Reviewed-by: Stefano Garzarella <sgarzare@redhat.com>
Link: https://lore.kernel.org/r/20210812053056.1699-1-longpeng2@huawei.com
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 net/vmw_vsock/virtio_transport.c | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

diff --git a/net/vmw_vsock/virtio_transport.c b/net/vmw_vsock/virtio_transport.c
index 2700a63ab095..3a056f8affd1 100644
--- a/net/vmw_vsock/virtio_transport.c
+++ b/net/vmw_vsock/virtio_transport.c
@@ -356,11 +356,14 @@ static void virtio_vsock_event_fill(struct virtio_vsock *vsock)
 
 static void virtio_vsock_reset_sock(struct sock *sk)
 {
-	lock_sock(sk);
+	/* vmci_transport.c doesn't take sk_lock here either.  At least we're
+	 * under vsock_table_lock so the sock cannot disappear while we're
+	 * executing.
+	 */
+
 	sk->sk_state = TCP_CLOSE;
 	sk->sk_err = ECONNRESET;
 	sk->sk_error_report(sk);
-	release_sock(sk);
 }
 
 static void virtio_vsock_update_guest_cid(struct virtio_vsock *vsock)
-- 
2.30.2




^ permalink raw reply related	[flat|nested] 112+ messages in thread

* [PATCH 5.10 67/96] nbd: Aovid double completion of a request
  2021-08-16 13:01 [PATCH 5.10 00/96] 5.10.60-rc1 review Greg Kroah-Hartman
                   ` (65 preceding siblings ...)
  2021-08-16 13:02 ` [PATCH 5.10 66/96] vsock/virtio: avoid potential deadlock when vsock device remove Greg Kroah-Hartman
@ 2021-08-16 13:02 ` Greg Kroah-Hartman
  2021-08-16 13:02 ` [PATCH 5.10 68/96] arm64: efi: kaslr: Fix occasional random alloc (and boot) failure Greg Kroah-Hartman
                   ` (28 subsequent siblings)
  95 siblings, 0 replies; 112+ messages in thread
From: Greg Kroah-Hartman @ 2021-08-16 13:02 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Jiang Yadong, Xie Yongji,
	Josef Bacik, Jens Axboe, Sasha Levin

From: Xie Yongji <xieyongji@bytedance.com>

[ Upstream commit cddce01160582a5f52ada3da9626c052d852ec42 ]

There is a race between iterating over requests in
nbd_clear_que() and completing requests in recv_work(),
which can lead to double completion of a request.

To fix it, flush the recv worker before iterating over
the requests and don't abort the completed request
while iterating.

Fixes: 96d97e17828f ("nbd: clear_sock on netlink disconnect")
Reported-by: Jiang Yadong <jiangyadong@bytedance.com>
Signed-off-by: Xie Yongji <xieyongji@bytedance.com>
Reviewed-by: Josef Bacik <josef@toxicpanda.com>
Link: https://lore.kernel.org/r/20210813151330.96-1-xieyongji@bytedance.com
Signed-off-by: Jens Axboe <axboe@kernel.dk>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 drivers/block/nbd.c | 14 +++++++++++---
 1 file changed, 11 insertions(+), 3 deletions(-)

diff --git a/drivers/block/nbd.c b/drivers/block/nbd.c
index 9a70eab7edbf..59c452fff835 100644
--- a/drivers/block/nbd.c
+++ b/drivers/block/nbd.c
@@ -812,6 +812,10 @@ static bool nbd_clear_req(struct request *req, void *data, bool reserved)
 {
 	struct nbd_cmd *cmd = blk_mq_rq_to_pdu(req);
 
+	/* don't abort one completed request */
+	if (blk_mq_request_completed(req))
+		return true;
+
 	mutex_lock(&cmd->lock);
 	cmd->status = BLK_STS_IOERR;
 	mutex_unlock(&cmd->lock);
@@ -2024,15 +2028,19 @@ static void nbd_disconnect_and_put(struct nbd_device *nbd)
 {
 	mutex_lock(&nbd->config_lock);
 	nbd_disconnect(nbd);
-	nbd_clear_sock(nbd);
-	mutex_unlock(&nbd->config_lock);
+	sock_shutdown(nbd);
 	/*
 	 * Make sure recv thread has finished, so it does not drop the last
 	 * config ref and try to destroy the workqueue from inside the work
-	 * queue.
+	 * queue. And this also ensure that we can safely call nbd_clear_que()
+	 * to cancel the inflight I/Os.
 	 */
 	if (nbd->recv_workq)
 		flush_workqueue(nbd->recv_workq);
+	nbd_clear_que(nbd);
+	nbd->task_setup = NULL;
+	mutex_unlock(&nbd->config_lock);
+
 	if (test_and_clear_bit(NBD_RT_HAS_CONFIG_REF,
 			       &nbd->config->runtime_flags))
 		nbd_config_put(nbd);
-- 
2.30.2




^ permalink raw reply related	[flat|nested] 112+ messages in thread

* [PATCH 5.10 68/96] arm64: efi: kaslr: Fix occasional random alloc (and boot) failure
  2021-08-16 13:01 [PATCH 5.10 00/96] 5.10.60-rc1 review Greg Kroah-Hartman
                   ` (66 preceding siblings ...)
  2021-08-16 13:02 ` [PATCH 5.10 67/96] nbd: Aovid double completion of a request Greg Kroah-Hartman
@ 2021-08-16 13:02 ` Greg Kroah-Hartman
  2021-08-16 13:02 ` [PATCH 5.10 69/96] efi/libstub: arm64: Force Image reallocation if BSS was not reserved Greg Kroah-Hartman
                   ` (27 subsequent siblings)
  95 siblings, 0 replies; 112+ messages in thread
From: Greg Kroah-Hartman @ 2021-08-16 13:02 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Benjamin Herrenschmidt,
	Ard Biesheuvel, Sasha Levin

From: Benjamin Herrenschmidt <benh@kernel.crashing.org>

[ Upstream commit 4152433c397697acc4b02c4a10d17d5859c2730d ]

The EFI stub random allocator used for kaslr on arm64 has a subtle
bug. In function get_entry_num_slots() which counts the number of
possible allocation "slots" for the image in a given chunk of free
EFI memory, "last_slot" can become negative if the chunk is smaller
than the requested allocation size.

The test "if (first_slot > last_slot)" doesn't catch it because
both first_slot and last_slot are unsigned.

I chose not to make them signed to avoid problems if this is ever
used on architectures where there are meaningful addresses with the
top bit set. Instead, fix it with an additional test against the
allocation size.

This can cause a boot failure in addition to a loss of randomisation
due to another bug in the arm64 stub fixed separately.

Signed-off-by: Benjamin Herrenschmidt <benh@kernel.crashing.org>
Fixes: 2ddbfc81eac8 ("efi: stub: add implementation of efi_random_alloc()")
Signed-off-by: Ard Biesheuvel <ardb@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 drivers/firmware/efi/libstub/randomalloc.c | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/drivers/firmware/efi/libstub/randomalloc.c b/drivers/firmware/efi/libstub/randomalloc.c
index a408df474d83..724155b9e10d 100644
--- a/drivers/firmware/efi/libstub/randomalloc.c
+++ b/drivers/firmware/efi/libstub/randomalloc.c
@@ -30,6 +30,8 @@ static unsigned long get_entry_num_slots(efi_memory_desc_t *md,
 
 	region_end = min(md->phys_addr + md->num_pages * EFI_PAGE_SIZE - 1,
 			 (u64)ULONG_MAX);
+	if (region_end < size)
+		return 0;
 
 	first_slot = round_up(md->phys_addr, align);
 	last_slot = round_down(region_end - size + 1, align);
-- 
2.30.2




^ permalink raw reply related	[flat|nested] 112+ messages in thread

* [PATCH 5.10 69/96] efi/libstub: arm64: Force Image reallocation if BSS was not reserved
  2021-08-16 13:01 [PATCH 5.10 00/96] 5.10.60-rc1 review Greg Kroah-Hartman
                   ` (67 preceding siblings ...)
  2021-08-16 13:02 ` [PATCH 5.10 68/96] arm64: efi: kaslr: Fix occasional random alloc (and boot) failure Greg Kroah-Hartman
@ 2021-08-16 13:02 ` Greg Kroah-Hartman
  2021-08-16 13:02 ` [PATCH 5.10 70/96] efi/libstub: arm64: Relax 2M alignment again for relocatable kernels Greg Kroah-Hartman
                   ` (26 subsequent siblings)
  95 siblings, 0 replies; 112+ messages in thread
From: Greg Kroah-Hartman @ 2021-08-16 13:02 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Ard Biesheuvel,
	Benjamin Herrenschmidt, Sasha Levin

From: Ard Biesheuvel <ardb@kernel.org>

[ Upstream commit 5b94046efb4706b3429c9c8e7377bd8d1621d588 ]

Distro versions of GRUB replace the usual LoadImage/StartImage calls
used to load the kernel image with some local code that fails to honor
the allocation requirements described in the PE/COFF header, as it
does not account for the image's BSS section at all: it fails to
allocate space for it, and fails to zero initialize it.

Since the EFI stub itself is allocated in the .init segment, which is
in the middle of the image, its BSS section is not impacted by this,
and the main consequence of this omission is that the BSS section may
overlap with memory regions that are already used by the firmware.

So let's warn about this condition, and force image reallocation to
occur in this case, which works around the problem.

Fixes: 82046702e288 ("efi/libstub/arm64: Replace 'preferred' offset with alignment check")
Signed-off-by: Ard Biesheuvel <ardb@kernel.org>
Tested-by: Benjamin Herrenschmidt <benh@kernel.crashing.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 drivers/firmware/efi/libstub/arm64-stub.c | 49 ++++++++++++++++++++++-
 1 file changed, 48 insertions(+), 1 deletion(-)

diff --git a/drivers/firmware/efi/libstub/arm64-stub.c b/drivers/firmware/efi/libstub/arm64-stub.c
index 22ece1ad68a8..3dc54b9db054 100644
--- a/drivers/firmware/efi/libstub/arm64-stub.c
+++ b/drivers/firmware/efi/libstub/arm64-stub.c
@@ -34,6 +34,51 @@ efi_status_t check_platform_features(void)
 	return EFI_SUCCESS;
 }
 
+/*
+ * Distro versions of GRUB may ignore the BSS allocation entirely (i.e., fail
+ * to provide space, and fail to zero it). Check for this condition by double
+ * checking that the first and the last byte of the image are covered by the
+ * same EFI memory map entry.
+ */
+static bool check_image_region(u64 base, u64 size)
+{
+	unsigned long map_size, desc_size, buff_size;
+	efi_memory_desc_t *memory_map;
+	struct efi_boot_memmap map;
+	efi_status_t status;
+	bool ret = false;
+	int map_offset;
+
+	map.map =	&memory_map;
+	map.map_size =	&map_size;
+	map.desc_size =	&desc_size;
+	map.desc_ver =	NULL;
+	map.key_ptr =	NULL;
+	map.buff_size =	&buff_size;
+
+	status = efi_get_memory_map(&map);
+	if (status != EFI_SUCCESS)
+		return false;
+
+	for (map_offset = 0; map_offset < map_size; map_offset += desc_size) {
+		efi_memory_desc_t *md = (void *)memory_map + map_offset;
+		u64 end = md->phys_addr + md->num_pages * EFI_PAGE_SIZE;
+
+		/*
+		 * Find the region that covers base, and return whether
+		 * it covers base+size bytes.
+		 */
+		if (base >= md->phys_addr && base < end) {
+			ret = (base + size) <= end;
+			break;
+		}
+	}
+
+	efi_bs_call(free_pool, memory_map);
+
+	return ret;
+}
+
 /*
  * Although relocatable kernels can fix up the misalignment with respect to
  * MIN_KIMG_ALIGN, the resulting virtual text addresses are subtly out of
@@ -92,7 +137,9 @@ efi_status_t handle_kernel_image(unsigned long *image_addr,
 	}
 
 	if (status != EFI_SUCCESS) {
-		if (IS_ALIGNED((u64)_text, min_kimg_align())) {
+		if (!check_image_region((u64)_text, kernel_memsize)) {
+			efi_err("FIRMWARE BUG: Image BSS overlaps adjacent EFI memory region\n");
+		} else if (IS_ALIGNED((u64)_text, min_kimg_align())) {
 			/*
 			 * Just execute from wherever we were loaded by the
 			 * UEFI PE/COFF loader if the alignment is suitable.
-- 
2.30.2




^ permalink raw reply related	[flat|nested] 112+ messages in thread

* [PATCH 5.10 70/96] efi/libstub: arm64: Relax 2M alignment again for relocatable kernels
  2021-08-16 13:01 [PATCH 5.10 00/96] 5.10.60-rc1 review Greg Kroah-Hartman
                   ` (68 preceding siblings ...)
  2021-08-16 13:02 ` [PATCH 5.10 69/96] efi/libstub: arm64: Force Image reallocation if BSS was not reserved Greg Kroah-Hartman
@ 2021-08-16 13:02 ` Greg Kroah-Hartman
  2021-08-16 13:02 ` [PATCH 5.10 71/96] powerpc/kprobes: Fix kprobe Oops happens in booke Greg Kroah-Hartman
                   ` (25 subsequent siblings)
  95 siblings, 0 replies; 112+ messages in thread
From: Greg Kroah-Hartman @ 2021-08-16 13:02 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Ard Biesheuvel,
	Benjamin Herrenschmidt, Sasha Levin

From: Ard Biesheuvel <ardb@kernel.org>

[ Upstream commit 3a262423755b83a5f85009ace415d6e7f572dfe8 ]

Commit 82046702e288 ("efi/libstub/arm64: Replace 'preferred' offset with
alignment check") simplified the way the stub moves the kernel image
around in memory before booting it, given that a relocatable image does
not need to be copied to a 2M aligned offset if it was loaded on a 64k
boundary by EFI.

Commit d32de9130f6c ("efi/arm64: libstub: Deal gracefully with
EFI_RNG_PROTOCOL failure") inadvertently defeated this logic by
overriding the value of efi_nokaslr if EFI_RNG_PROTOCOL is not
available, which was mistaken by the loader logic as an explicit request
on the part of the user to disable KASLR and any associated relocation
of an Image not loaded on a 2M boundary.

So let's reinstate this functionality, by capturing the value of
efi_nokaslr at function entry to choose the minimum alignment.

Fixes: d32de9130f6c ("efi/arm64: libstub: Deal gracefully with EFI_RNG_PROTOCOL failure")
Signed-off-by: Ard Biesheuvel <ardb@kernel.org>
Tested-by: Benjamin Herrenschmidt <benh@kernel.crashing.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 drivers/firmware/efi/libstub/arm64-stub.c | 28 +++++++++++------------
 1 file changed, 13 insertions(+), 15 deletions(-)

diff --git a/drivers/firmware/efi/libstub/arm64-stub.c b/drivers/firmware/efi/libstub/arm64-stub.c
index 3dc54b9db054..881e157fdedc 100644
--- a/drivers/firmware/efi/libstub/arm64-stub.c
+++ b/drivers/firmware/efi/libstub/arm64-stub.c
@@ -79,18 +79,6 @@ static bool check_image_region(u64 base, u64 size)
 	return ret;
 }
 
-/*
- * Although relocatable kernels can fix up the misalignment with respect to
- * MIN_KIMG_ALIGN, the resulting virtual text addresses are subtly out of
- * sync with those recorded in the vmlinux when kaslr is disabled but the
- * image required relocation anyway. Therefore retain 2M alignment unless
- * KASLR is in use.
- */
-static u64 min_kimg_align(void)
-{
-	return efi_nokaslr ? MIN_KIMG_ALIGN : EFI_KIMG_ALIGN;
-}
-
 efi_status_t handle_kernel_image(unsigned long *image_addr,
 				 unsigned long *image_size,
 				 unsigned long *reserve_addr,
@@ -101,6 +89,16 @@ efi_status_t handle_kernel_image(unsigned long *image_addr,
 	unsigned long kernel_size, kernel_memsize = 0;
 	u32 phys_seed = 0;
 
+	/*
+	 * Although relocatable kernels can fix up the misalignment with
+	 * respect to MIN_KIMG_ALIGN, the resulting virtual text addresses are
+	 * subtly out of sync with those recorded in the vmlinux when kaslr is
+	 * disabled but the image required relocation anyway. Therefore retain
+	 * 2M alignment if KASLR was explicitly disabled, even if it was not
+	 * going to be activated to begin with.
+	 */
+	u64 min_kimg_align = efi_nokaslr ? MIN_KIMG_ALIGN : EFI_KIMG_ALIGN;
+
 	if (IS_ENABLED(CONFIG_RANDOMIZE_BASE)) {
 		if (!efi_nokaslr) {
 			status = efi_get_random_bytes(sizeof(phys_seed),
@@ -130,7 +128,7 @@ efi_status_t handle_kernel_image(unsigned long *image_addr,
 		 * If KASLR is enabled, and we have some randomness available,
 		 * locate the kernel at a randomized offset in physical memory.
 		 */
-		status = efi_random_alloc(*reserve_size, min_kimg_align(),
+		status = efi_random_alloc(*reserve_size, min_kimg_align,
 					  reserve_addr, phys_seed);
 	} else {
 		status = EFI_OUT_OF_RESOURCES;
@@ -139,7 +137,7 @@ efi_status_t handle_kernel_image(unsigned long *image_addr,
 	if (status != EFI_SUCCESS) {
 		if (!check_image_region((u64)_text, kernel_memsize)) {
 			efi_err("FIRMWARE BUG: Image BSS overlaps adjacent EFI memory region\n");
-		} else if (IS_ALIGNED((u64)_text, min_kimg_align())) {
+		} else if (IS_ALIGNED((u64)_text, min_kimg_align)) {
 			/*
 			 * Just execute from wherever we were loaded by the
 			 * UEFI PE/COFF loader if the alignment is suitable.
@@ -150,7 +148,7 @@ efi_status_t handle_kernel_image(unsigned long *image_addr,
 		}
 
 		status = efi_allocate_pages_aligned(*reserve_size, reserve_addr,
-						    ULONG_MAX, min_kimg_align());
+						    ULONG_MAX, min_kimg_align);
 
 		if (status != EFI_SUCCESS) {
 			efi_err("Failed to relocate kernel\n");
-- 
2.30.2




^ permalink raw reply related	[flat|nested] 112+ messages in thread

* [PATCH 5.10 71/96] powerpc/kprobes: Fix kprobe Oops happens in booke
  2021-08-16 13:01 [PATCH 5.10 00/96] 5.10.60-rc1 review Greg Kroah-Hartman
                   ` (69 preceding siblings ...)
  2021-08-16 13:02 ` [PATCH 5.10 70/96] efi/libstub: arm64: Relax 2M alignment again for relocatable kernels Greg Kroah-Hartman
@ 2021-08-16 13:02 ` Greg Kroah-Hartman
  2021-08-16 13:02 ` [PATCH 5.10 72/96] x86/tools: Fix objdump version check again Greg Kroah-Hartman
                   ` (24 subsequent siblings)
  95 siblings, 0 replies; 112+ messages in thread
From: Greg Kroah-Hartman @ 2021-08-16 13:02 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Pu Lehui, Michael Ellerman, Sasha Levin

From: Pu Lehui <pulehui@huawei.com>

[ Upstream commit 43e8f76006592cb1573a959aa287c45421066f9c ]

When using kprobe on powerpc booke series processor, Oops happens
as show bellow:

/ # echo "p:myprobe do_nanosleep" > /sys/kernel/debug/tracing/kprobe_events
/ # echo 1 > /sys/kernel/debug/tracing/events/kprobes/myprobe/enable
/ # sleep 1
[   50.076730] Oops: Exception in kernel mode, sig: 5 [#1]
[   50.077017] BE PAGE_SIZE=4K SMP NR_CPUS=24 QEMU e500
[   50.077221] Modules linked in:
[   50.077462] CPU: 0 PID: 77 Comm: sleep Not tainted 5.14.0-rc4-00022-g251a1524293d #21
[   50.077887] NIP:  c0b9c4e0 LR: c00ebecc CTR: 00000000
[   50.078067] REGS: c3883de0 TRAP: 0700   Not tainted (5.14.0-rc4-00022-g251a1524293d)
[   50.078349] MSR:  00029000 <CE,EE,ME>  CR: 24000228  XER: 20000000
[   50.078675]
[   50.078675] GPR00: c00ebdf0 c3883e90 c313e300 c3883ea0 00000001 00000000 c3883ecc 00000001
[   50.078675] GPR08: c100598c c00ea250 00000004 00000000 24000222 102490c2 bff4180c 101e60d4
[   50.078675] GPR16: 00000000 102454ac 00000040 10240000 10241100 102410f8 10240000 00500000
[   50.078675] GPR24: 00000002 00000000 c3883ea0 00000001 00000000 0000c350 3b9b8d50 00000000
[   50.080151] NIP [c0b9c4e0] do_nanosleep+0x0/0x190
[   50.080352] LR [c00ebecc] hrtimer_nanosleep+0x14c/0x1e0
[   50.080638] Call Trace:
[   50.080801] [c3883e90] [c00ebdf0] hrtimer_nanosleep+0x70/0x1e0 (unreliable)
[   50.081110] [c3883f00] [c00ec004] sys_nanosleep_time32+0xa4/0x110
[   50.081336] [c3883f40] [c001509c] ret_from_syscall+0x0/0x28
[   50.081541] --- interrupt: c00 at 0x100a4d08
[   50.081749] NIP:  100a4d08 LR: 101b5234 CTR: 00000003
[   50.081931] REGS: c3883f50 TRAP: 0c00   Not tainted (5.14.0-rc4-00022-g251a1524293d)
[   50.082183] MSR:  0002f902 <CE,EE,PR,FP,ME>  CR: 24000222  XER: 00000000
[   50.082457]
[   50.082457] GPR00: 000000a2 bf980040 1024b4d0 bf980084 bf980084 64000000 00555345 fefefeff
[   50.082457] GPR08: 7f7f7f7f 101e0000 00000069 00000003 28000422 102490c2 bff4180c 101e60d4
[   50.082457] GPR16: 00000000 102454ac 00000040 10240000 10241100 102410f8 10240000 00500000
[   50.082457] GPR24: 00000002 bf9803f4 10240000 00000000 00000000 100039e0 00000000 102444e8
[   50.083789] NIP [100a4d08] 0x100a4d08
[   50.083917] LR [101b5234] 0x101b5234
[   50.084042] --- interrupt: c00
[   50.084238] Instruction dump:
[   50.084483] 4bfffc40 60000000 60000000 60000000 9421fff0 39400402 914200c0 38210010
[   50.084841] 4bfffc20 00000000 00000000 00000000 <7fe00008> 7c0802a6 7c892378 93c10048
[   50.085487] ---[ end trace f6fffe98e2fa8f3e ]---
[   50.085678]
Trace/breakpoint trap

There is no real mode for booke arch and the MMU translation is
always on. The corresponding MSR_IS/MSR_DS bit in booke is used
to switch the address space, but not for real mode judgment.

Fixes: 21f8b2fa3ca5 ("powerpc/kprobes: Ignore traps that happened in real mode")
Signed-off-by: Pu Lehui <pulehui@huawei.com>
Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>
Link: https://lore.kernel.org/r/20210809023658.218915-1-pulehui@huawei.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 arch/powerpc/kernel/kprobes.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/arch/powerpc/kernel/kprobes.c b/arch/powerpc/kernel/kprobes.c
index e8c2a6373157..00fafc8b249e 100644
--- a/arch/powerpc/kernel/kprobes.c
+++ b/arch/powerpc/kernel/kprobes.c
@@ -276,7 +276,8 @@ int kprobe_handler(struct pt_regs *regs)
 	if (user_mode(regs))
 		return 0;
 
-	if (!(regs->msr & MSR_IR) || !(regs->msr & MSR_DR))
+	if (!IS_ENABLED(CONFIG_BOOKE) &&
+	    (!(regs->msr & MSR_IR) || !(regs->msr & MSR_DR)))
 		return 0;
 
 	/*
-- 
2.30.2




^ permalink raw reply related	[flat|nested] 112+ messages in thread

* [PATCH 5.10 72/96] x86/tools: Fix objdump version check again
  2021-08-16 13:01 [PATCH 5.10 00/96] 5.10.60-rc1 review Greg Kroah-Hartman
                   ` (70 preceding siblings ...)
  2021-08-16 13:02 ` [PATCH 5.10 71/96] powerpc/kprobes: Fix kprobe Oops happens in booke Greg Kroah-Hartman
@ 2021-08-16 13:02 ` Greg Kroah-Hartman
  2021-08-16 13:02 ` [PATCH 5.10 73/96] genirq: Provide IRQCHIP_AFFINITY_PRE_STARTUP Greg Kroah-Hartman
                   ` (23 subsequent siblings)
  95 siblings, 0 replies; 112+ messages in thread
From: Greg Kroah-Hartman @ 2021-08-16 13:02 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Randy Dunlap, Thomas Gleixner,
	Masami Hiramatsu, Sasha Levin

From: Randy Dunlap <rdunlap@infradead.org>

[ Upstream commit 839ad22f755132838f406751439363c07272ad87 ]

Skip (omit) any version string info that is parenthesized.

Warning: objdump version 15) is older than 2.19
Warning: Skipping posttest.

where 'objdump -v' says:
GNU objdump (GNU Binutils; SUSE Linux Enterprise 15) 2.35.1.20201123-7.18

Fixes: 8bee738bb1979 ("x86: Fix objdump version check in chkobjdump.awk for different formats.")
Signed-off-by: Randy Dunlap <rdunlap@infradead.org>
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
Reviewed-by: Masami Hiramatsu <mhiramat@kernel.org>
Link: https://lore.kernel.org/r/20210731000146.2720-1-rdunlap@infradead.org
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 arch/x86/tools/chkobjdump.awk | 1 +
 1 file changed, 1 insertion(+)

diff --git a/arch/x86/tools/chkobjdump.awk b/arch/x86/tools/chkobjdump.awk
index fd1ab80be0de..a4cf678cf5c8 100644
--- a/arch/x86/tools/chkobjdump.awk
+++ b/arch/x86/tools/chkobjdump.awk
@@ -10,6 +10,7 @@ BEGIN {
 
 /^GNU objdump/ {
 	verstr = ""
+	gsub(/\(.*\)/, "");
 	for (i = 3; i <= NF; i++)
 		if (match($(i), "^[0-9]")) {
 			verstr = $(i);
-- 
2.30.2




^ permalink raw reply related	[flat|nested] 112+ messages in thread

* [PATCH 5.10 73/96] genirq: Provide IRQCHIP_AFFINITY_PRE_STARTUP
  2021-08-16 13:01 [PATCH 5.10 00/96] 5.10.60-rc1 review Greg Kroah-Hartman
                   ` (71 preceding siblings ...)
  2021-08-16 13:02 ` [PATCH 5.10 72/96] x86/tools: Fix objdump version check again Greg Kroah-Hartman
@ 2021-08-16 13:02 ` Greg Kroah-Hartman
  2021-08-16 13:02 ` [PATCH 5.10 74/96] x86/msi: Force affinity setup before startup Greg Kroah-Hartman
                   ` (22 subsequent siblings)
  95 siblings, 0 replies; 112+ messages in thread
From: Greg Kroah-Hartman @ 2021-08-16 13:02 UTC (permalink / raw)
  To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Thomas Gleixner, Marc Zyngier

From: Thomas Gleixner <tglx@linutronix.de>

commit 826da771291fc25a428e871f9e7fb465e390f852 upstream.

X86 IO/APIC and MSI interrupts (when used without interrupts remapping)
require that the affinity setup on startup is done before the interrupt is
enabled for the first time as the non-remapped operation mode cannot safely
migrate enabled interrupts from arbitrary contexts. Provide a new irq chip
flag which allows affected hardware to request this.

This has to be opt-in because there have been reports in the past that some
interrupt chips cannot handle affinity setting before startup.

Fixes: 18404756765c ("genirq: Expose default irq affinity mask (take 3)")
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
Tested-by: Marc Zyngier <maz@kernel.org>
Reviewed-by: Marc Zyngier <maz@kernel.org>
Cc: stable@vger.kernel.org
Link: https://lore.kernel.org/r/20210729222542.779791738@linutronix.de
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
 include/linux/irq.h |    2 ++
 kernel/irq/chip.c   |    5 ++++-
 2 files changed, 6 insertions(+), 1 deletion(-)

--- a/include/linux/irq.h
+++ b/include/linux/irq.h
@@ -567,6 +567,7 @@ struct irq_chip {
  * IRQCHIP_SUPPORTS_NMI:              Chip can deliver NMIs, only for root irqchips
  * IRQCHIP_ENABLE_WAKEUP_ON_SUSPEND:  Invokes __enable_irq()/__disable_irq() for wake irqs
  *                                    in the suspend path if they are in disabled state
+ * IRQCHIP_AFFINITY_PRE_STARTUP:      Default affinity update before startup
  */
 enum {
 	IRQCHIP_SET_TYPE_MASKED			= (1 <<  0),
@@ -579,6 +580,7 @@ enum {
 	IRQCHIP_SUPPORTS_LEVEL_MSI		= (1 <<  7),
 	IRQCHIP_SUPPORTS_NMI			= (1 <<  8),
 	IRQCHIP_ENABLE_WAKEUP_ON_SUSPEND	= (1 <<  9),
+	IRQCHIP_AFFINITY_PRE_STARTUP		= (1 << 10),
 };
 
 #include <linux/irqdesc.h>
--- a/kernel/irq/chip.c
+++ b/kernel/irq/chip.c
@@ -265,8 +265,11 @@ int irq_startup(struct irq_desc *desc, b
 	} else {
 		switch (__irq_startup_managed(desc, aff, force)) {
 		case IRQ_STARTUP_NORMAL:
+			if (d->chip->flags & IRQCHIP_AFFINITY_PRE_STARTUP)
+				irq_setup_affinity(desc);
 			ret = __irq_startup(desc);
-			irq_setup_affinity(desc);
+			if (!(d->chip->flags & IRQCHIP_AFFINITY_PRE_STARTUP))
+				irq_setup_affinity(desc);
 			break;
 		case IRQ_STARTUP_MANAGED:
 			irq_do_set_affinity(d, aff, false);



^ permalink raw reply	[flat|nested] 112+ messages in thread

* [PATCH 5.10 74/96] x86/msi: Force affinity setup before startup
  2021-08-16 13:01 [PATCH 5.10 00/96] 5.10.60-rc1 review Greg Kroah-Hartman
                   ` (72 preceding siblings ...)
  2021-08-16 13:02 ` [PATCH 5.10 73/96] genirq: Provide IRQCHIP_AFFINITY_PRE_STARTUP Greg Kroah-Hartman
@ 2021-08-16 13:02 ` Greg Kroah-Hartman
  2021-08-16 13:02 ` [PATCH 5.10 75/96] x86/ioapic: " Greg Kroah-Hartman
                   ` (21 subsequent siblings)
  95 siblings, 0 replies; 112+ messages in thread
From: Greg Kroah-Hartman @ 2021-08-16 13:02 UTC (permalink / raw)
  To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Thomas Gleixner, Marc Zyngier

From: Thomas Gleixner <tglx@linutronix.de>

commit ff363f480e5997051dd1de949121ffda3b753741 upstream.

The X86 MSI mechanism cannot handle interrupt affinity changes safely after
startup other than from an interrupt handler, unless interrupt remapping is
enabled. The startup sequence in the generic interrupt code violates that
assumption.

Mark the irq chips with the new IRQCHIP_AFFINITY_PRE_STARTUP flag so that
the default interrupt setting happens before the interrupt is started up
for the first time.

While the interrupt remapping MSI chip does not require this, there is no
point in treating it differently as this might spare an interrupt to a CPU
which is not in the default affinity mask.

For the non-remapping case go to the direct write path when the interrupt
is not yet started similar to the not yet activated case.

Fixes: 18404756765c ("genirq: Expose default irq affinity mask (take 3)")
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
Tested-by: Marc Zyngier <maz@kernel.org>
Reviewed-by: Marc Zyngier <maz@kernel.org>
Cc: stable@vger.kernel.org
Link: https://lore.kernel.org/r/20210729222542.886722080@linutronix.de
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
 arch/x86/kernel/apic/msi.c |   13 +++++++++----
 1 file changed, 9 insertions(+), 4 deletions(-)

--- a/arch/x86/kernel/apic/msi.c
+++ b/arch/x86/kernel/apic/msi.c
@@ -86,11 +86,13 @@ msi_set_affinity(struct irq_data *irqd,
 	 *   The quirk bit is not set in this case.
 	 * - The new vector is the same as the old vector
 	 * - The old vector is MANAGED_IRQ_SHUTDOWN_VECTOR (interrupt starts up)
+	 * - The interrupt is not yet started up
 	 * - The new destination CPU is the same as the old destination CPU
 	 */
 	if (!irqd_msi_nomask_quirk(irqd) ||
 	    cfg->vector == old_cfg.vector ||
 	    old_cfg.vector == MANAGED_IRQ_SHUTDOWN_VECTOR ||
+	    !irqd_is_started(irqd) ||
 	    cfg->dest_apicid == old_cfg.dest_apicid) {
 		irq_msi_update_msg(irqd, cfg);
 		return ret;
@@ -178,7 +180,8 @@ static struct irq_chip pci_msi_controlle
 	.irq_ack		= irq_chip_ack_parent,
 	.irq_retrigger		= irq_chip_retrigger_hierarchy,
 	.irq_set_affinity	= msi_set_affinity,
-	.flags			= IRQCHIP_SKIP_SET_WAKE,
+	.flags			= IRQCHIP_SKIP_SET_WAKE |
+				  IRQCHIP_AFFINITY_PRE_STARTUP,
 };
 
 int pci_msi_prepare(struct irq_domain *domain, struct device *dev, int nvec,
@@ -247,7 +250,8 @@ static struct irq_chip pci_msi_ir_contro
 	.irq_mask		= pci_msi_mask_irq,
 	.irq_ack		= irq_chip_ack_parent,
 	.irq_retrigger		= irq_chip_retrigger_hierarchy,
-	.flags			= IRQCHIP_SKIP_SET_WAKE,
+	.flags			= IRQCHIP_SKIP_SET_WAKE |
+				  IRQCHIP_AFFINITY_PRE_STARTUP,
 };
 
 static struct msi_domain_info pci_msi_ir_domain_info = {
@@ -289,7 +293,8 @@ static struct irq_chip dmar_msi_controll
 	.irq_set_affinity	= msi_domain_set_affinity,
 	.irq_retrigger		= irq_chip_retrigger_hierarchy,
 	.irq_write_msi_msg	= dmar_msi_write_msg,
-	.flags			= IRQCHIP_SKIP_SET_WAKE,
+	.flags			= IRQCHIP_SKIP_SET_WAKE |
+				  IRQCHIP_AFFINITY_PRE_STARTUP,
 };
 
 static int dmar_msi_init(struct irq_domain *domain,
@@ -381,7 +386,7 @@ static struct irq_chip hpet_msi_controll
 	.irq_set_affinity = msi_domain_set_affinity,
 	.irq_retrigger = irq_chip_retrigger_hierarchy,
 	.irq_write_msi_msg = hpet_msi_write_msg,
-	.flags = IRQCHIP_SKIP_SET_WAKE,
+	.flags = IRQCHIP_SKIP_SET_WAKE | IRQCHIP_AFFINITY_PRE_STARTUP,
 };
 
 static int hpet_msi_init(struct irq_domain *domain,



^ permalink raw reply	[flat|nested] 112+ messages in thread

* [PATCH 5.10 75/96] x86/ioapic: Force affinity setup before startup
  2021-08-16 13:01 [PATCH 5.10 00/96] 5.10.60-rc1 review Greg Kroah-Hartman
                   ` (73 preceding siblings ...)
  2021-08-16 13:02 ` [PATCH 5.10 74/96] x86/msi: Force affinity setup before startup Greg Kroah-Hartman
@ 2021-08-16 13:02 ` Greg Kroah-Hartman
  2021-08-16 13:02 ` [PATCH 5.10 76/96] x86/resctrl: Fix default monitoring groups reporting Greg Kroah-Hartman
                   ` (20 subsequent siblings)
  95 siblings, 0 replies; 112+ messages in thread
From: Greg Kroah-Hartman @ 2021-08-16 13:02 UTC (permalink / raw)
  To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Thomas Gleixner, Marc Zyngier

From: Thomas Gleixner <tglx@linutronix.de>

commit 0c0e37dc11671384e53ba6ede53a4d91162a2cc5 upstream.

The IO/APIC cannot handle interrupt affinity changes safely after startup
other than from an interrupt handler. The startup sequence in the generic
interrupt code violates that assumption.

Mark the irq chip with the new IRQCHIP_AFFINITY_PRE_STARTUP flag so that
the default interrupt setting happens before the interrupt is started up
for the first time.

Fixes: 18404756765c ("genirq: Expose default irq affinity mask (take 3)")
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
Tested-by: Marc Zyngier <maz@kernel.org>
Reviewed-by: Marc Zyngier <maz@kernel.org>
Cc: stable@vger.kernel.org
Link: https://lore.kernel.org/r/20210729222542.832143400@linutronix.de
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
 arch/x86/kernel/apic/io_apic.c |    6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

--- a/arch/x86/kernel/apic/io_apic.c
+++ b/arch/x86/kernel/apic/io_apic.c
@@ -1948,7 +1948,8 @@ static struct irq_chip ioapic_chip __rea
 	.irq_set_affinity	= ioapic_set_affinity,
 	.irq_retrigger		= irq_chip_retrigger_hierarchy,
 	.irq_get_irqchip_state	= ioapic_irq_get_chip_state,
-	.flags			= IRQCHIP_SKIP_SET_WAKE,
+	.flags			= IRQCHIP_SKIP_SET_WAKE |
+				  IRQCHIP_AFFINITY_PRE_STARTUP,
 };
 
 static struct irq_chip ioapic_ir_chip __read_mostly = {
@@ -1961,7 +1962,8 @@ static struct irq_chip ioapic_ir_chip __
 	.irq_set_affinity	= ioapic_set_affinity,
 	.irq_retrigger		= irq_chip_retrigger_hierarchy,
 	.irq_get_irqchip_state	= ioapic_irq_get_chip_state,
-	.flags			= IRQCHIP_SKIP_SET_WAKE,
+	.flags			= IRQCHIP_SKIP_SET_WAKE |
+				  IRQCHIP_AFFINITY_PRE_STARTUP,
 };
 
 static inline void init_IO_APIC_traps(void)



^ permalink raw reply	[flat|nested] 112+ messages in thread

* [PATCH 5.10 76/96] x86/resctrl: Fix default monitoring groups reporting
  2021-08-16 13:01 [PATCH 5.10 00/96] 5.10.60-rc1 review Greg Kroah-Hartman
                   ` (74 preceding siblings ...)
  2021-08-16 13:02 ` [PATCH 5.10 75/96] x86/ioapic: " Greg Kroah-Hartman
@ 2021-08-16 13:02 ` Greg Kroah-Hartman
  2021-08-16 13:02 ` [PATCH 5.10 77/96] genirq/msi: Ensure deactivation on teardown Greg Kroah-Hartman
                   ` (19 subsequent siblings)
  95 siblings, 0 replies; 112+ messages in thread
From: Greg Kroah-Hartman @ 2021-08-16 13:02 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Paweł Szulik, Babu Moger,
	Borislav Petkov, Reinette Chatre

From: Babu Moger <Babu.Moger@amd.com>

commit 064855a69003c24bd6b473b367d364e418c57625 upstream.

Creating a new sub monitoring group in the root /sys/fs/resctrl leads to
getting the "Unavailable" value for mbm_total_bytes and mbm_local_bytes
on the entire filesystem.

Steps to reproduce:

  1. mount -t resctrl resctrl /sys/fs/resctrl/

  2. cd /sys/fs/resctrl/

  3. cat mon_data/mon_L3_00/mbm_total_bytes
     23189832

  4. Create sub monitor group:
  mkdir mon_groups/test1

  5. cat mon_data/mon_L3_00/mbm_total_bytes
     Unavailable

When a new monitoring group is created, a new RMID is assigned to the
new group. But the RMID is not active yet. When the events are read on
the new RMID, it is expected to report the status as "Unavailable".

When the user reads the events on the default monitoring group with
multiple subgroups, the events on all subgroups are consolidated
together. Currently, if any of the RMID reads report as "Unavailable",
then everything will be reported as "Unavailable".

Fix the issue by discarding the "Unavailable" reads and reporting all
the successful RMID reads. This is not a problem on Intel systems as
Intel reports 0 on Inactive RMIDs.

Fixes: d89b7379015f ("x86/intel_rdt/cqm: Add mon_data")
Reported-by: Paweł Szulik <pawel.szulik@intel.com>
Signed-off-by: Babu Moger <Babu.Moger@amd.com>
Signed-off-by: Borislav Petkov <bp@suse.de>
Acked-by: Reinette Chatre <reinette.chatre@intel.com>
Cc: stable@vger.kernel.org
Link: https://bugzilla.kernel.org/show_bug.cgi?id=213311
Link: https://lkml.kernel.org/r/162793309296.9224.15871659871696482080.stgit@bmoger-ubuntu
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
 arch/x86/kernel/cpu/resctrl/monitor.c |   27 +++++++++++++--------------
 1 file changed, 13 insertions(+), 14 deletions(-)

--- a/arch/x86/kernel/cpu/resctrl/monitor.c
+++ b/arch/x86/kernel/cpu/resctrl/monitor.c
@@ -222,15 +222,14 @@ static u64 mbm_overflow_count(u64 prev_m
 	return chunks >>= shift;
 }
 
-static int __mon_event_count(u32 rmid, struct rmid_read *rr)
+static u64 __mon_event_count(u32 rmid, struct rmid_read *rr)
 {
 	struct mbm_state *m;
 	u64 chunks, tval;
 
 	tval = __rmid_read(rmid, rr->evtid);
 	if (tval & (RMID_VAL_ERROR | RMID_VAL_UNAVAIL)) {
-		rr->val = tval;
-		return -EINVAL;
+		return tval;
 	}
 	switch (rr->evtid) {
 	case QOS_L3_OCCUP_EVENT_ID:
@@ -242,12 +241,6 @@ static int __mon_event_count(u32 rmid, s
 	case QOS_L3_MBM_LOCAL_EVENT_ID:
 		m = &rr->d->mbm_local[rmid];
 		break;
-	default:
-		/*
-		 * Code would never reach here because
-		 * an invalid event id would fail the __rmid_read.
-		 */
-		return -EINVAL;
 	}
 
 	if (rr->first) {
@@ -297,23 +290,29 @@ void mon_event_count(void *info)
 	struct rdtgroup *rdtgrp, *entry;
 	struct rmid_read *rr = info;
 	struct list_head *head;
+	u64 ret_val;
 
 	rdtgrp = rr->rgrp;
 
-	if (__mon_event_count(rdtgrp->mon.rmid, rr))
-		return;
+	ret_val = __mon_event_count(rdtgrp->mon.rmid, rr);
 
 	/*
-	 * For Ctrl groups read data from child monitor groups.
+	 * For Ctrl groups read data from child monitor groups and
+	 * add them together. Count events which are read successfully.
+	 * Discard the rmid_read's reporting errors.
 	 */
 	head = &rdtgrp->mon.crdtgrp_list;
 
 	if (rdtgrp->type == RDTCTRL_GROUP) {
 		list_for_each_entry(entry, head, mon.crdtgrp_list) {
-			if (__mon_event_count(entry->mon.rmid, rr))
-				return;
+			if (__mon_event_count(entry->mon.rmid, rr) == 0)
+				ret_val = 0;
 		}
 	}
+
+	/* Report error if none of rmid_reads are successful */
+	if (ret_val)
+		rr->val = ret_val;
 }
 
 /*



^ permalink raw reply	[flat|nested] 112+ messages in thread

* [PATCH 5.10 77/96] genirq/msi: Ensure deactivation on teardown
  2021-08-16 13:01 [PATCH 5.10 00/96] 5.10.60-rc1 review Greg Kroah-Hartman
                   ` (75 preceding siblings ...)
  2021-08-16 13:02 ` [PATCH 5.10 76/96] x86/resctrl: Fix default monitoring groups reporting Greg Kroah-Hartman
@ 2021-08-16 13:02 ` Greg Kroah-Hartman
  2021-08-16 13:02 ` [PATCH 5.10 78/96] genirq/timings: Prevent potential array overflow in __irq_timings_store() Greg Kroah-Hartman
                   ` (18 subsequent siblings)
  95 siblings, 0 replies; 112+ messages in thread
From: Greg Kroah-Hartman @ 2021-08-16 13:02 UTC (permalink / raw)
  To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Bixuan Cui, Thomas Gleixner

From: Bixuan Cui <cuibixuan@huawei.com>

commit dbbc93576e03fbe24b365fab0e901eb442237a8a upstream.

msi_domain_alloc_irqs() invokes irq_domain_activate_irq(), but
msi_domain_free_irqs() does not enforce deactivation before tearing down
the interrupts.

This happens when PCI/MSI interrupts are set up and never used before being
torn down again, e.g. in error handling pathes. The only place which cleans
that up is the error handling path in msi_domain_alloc_irqs().

Move the cleanup from msi_domain_alloc_irqs() into msi_domain_free_irqs()
to cure that.

Fixes: f3b0946d629c ("genirq/msi: Make sure PCI MSIs are activated early")
Signed-off-by: Bixuan Cui <cuibixuan@huawei.com>
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
Cc: stable@vger.kernel.org
Link: https://lore.kernel.org/r/20210518033117.78104-1-cuibixuan@huawei.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
 kernel/irq/msi.c |   13 ++++++++-----
 1 file changed, 8 insertions(+), 5 deletions(-)

--- a/kernel/irq/msi.c
+++ b/kernel/irq/msi.c
@@ -476,11 +476,6 @@ skip_activate:
 	return 0;
 
 cleanup:
-	for_each_msi_vector(desc, i, dev) {
-		irq_data = irq_domain_get_irq_data(domain, i);
-		if (irqd_is_activated(irq_data))
-			irq_domain_deactivate_irq(irq_data);
-	}
 	msi_domain_free_irqs(domain, dev);
 	return ret;
 }
@@ -505,7 +500,15 @@ int msi_domain_alloc_irqs(struct irq_dom
 
 void __msi_domain_free_irqs(struct irq_domain *domain, struct device *dev)
 {
+	struct irq_data *irq_data;
 	struct msi_desc *desc;
+	int i;
+
+	for_each_msi_vector(desc, i, dev) {
+		irq_data = irq_domain_get_irq_data(domain, i);
+		if (irqd_is_activated(irq_data))
+			irq_domain_deactivate_irq(irq_data);
+	}
 
 	for_each_msi_entry(desc, dev) {
 		/*



^ permalink raw reply	[flat|nested] 112+ messages in thread

* [PATCH 5.10 78/96] genirq/timings: Prevent potential array overflow in __irq_timings_store()
  2021-08-16 13:01 [PATCH 5.10 00/96] 5.10.60-rc1 review Greg Kroah-Hartman
                   ` (76 preceding siblings ...)
  2021-08-16 13:02 ` [PATCH 5.10 77/96] genirq/msi: Ensure deactivation on teardown Greg Kroah-Hartman
@ 2021-08-16 13:02 ` Greg Kroah-Hartman
  2021-08-16 13:02 ` [PATCH 5.10 79/96] PCI/MSI: Enable and mask MSI-X early Greg Kroah-Hartman
                   ` (17 subsequent siblings)
  95 siblings, 0 replies; 112+ messages in thread
From: Greg Kroah-Hartman @ 2021-08-16 13:02 UTC (permalink / raw)
  To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Ben Dai, Thomas Gleixner

From: Ben Dai <ben.dai@unisoc.com>

commit b9cc7d8a4656a6e815852c27ab50365009cb69c1 upstream.

When the interrupt interval is greater than 2 ^ PREDICTION_BUFFER_SIZE *
PREDICTION_FACTOR us and less than 1s, the calculated index will be greater
than the length of irqs->ema_time[]. Check the calculated index before
using it to prevent array overflow.

Fixes: 23aa3b9a6b7d ("genirq/timings: Encapsulate storing function")
Signed-off-by: Ben Dai <ben.dai@unisoc.com>
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
Cc: stable@vger.kernel.org
Link: https://lore.kernel.org/r/20210425150903.25456-1-ben.dai9703@gmail.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
 kernel/irq/timings.c |    5 +++++
 1 file changed, 5 insertions(+)

--- a/kernel/irq/timings.c
+++ b/kernel/irq/timings.c
@@ -453,6 +453,11 @@ static __always_inline void __irq_timing
 	 */
 	index = irq_timings_interval_index(interval);
 
+	if (index > PREDICTION_BUFFER_SIZE - 1) {
+		irqs->count = 0;
+		return;
+	}
+
 	/*
 	 * Store the index as an element of the pattern in another
 	 * circular array.



^ permalink raw reply	[flat|nested] 112+ messages in thread

* [PATCH 5.10 79/96] PCI/MSI: Enable and mask MSI-X early
  2021-08-16 13:01 [PATCH 5.10 00/96] 5.10.60-rc1 review Greg Kroah-Hartman
                   ` (77 preceding siblings ...)
  2021-08-16 13:02 ` [PATCH 5.10 78/96] genirq/timings: Prevent potential array overflow in __irq_timings_store() Greg Kroah-Hartman
@ 2021-08-16 13:02 ` Greg Kroah-Hartman
  2021-08-16 13:02 ` [PATCH 5.10 80/96] PCI/MSI: Mask all unused MSI-X entries Greg Kroah-Hartman
                   ` (16 subsequent siblings)
  95 siblings, 0 replies; 112+ messages in thread
From: Greg Kroah-Hartman @ 2021-08-16 13:02 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Thomas Gleixner, Marc Zyngier,
	Ashok Raj, Bjorn Helgaas

From: Thomas Gleixner <tglx@linutronix.de>

commit 438553958ba19296663c6d6583d208dfb6792830 upstream.

The ordering of MSI-X enable in hardware is dysfunctional:

 1) MSI-X is disabled in the control register
 2) Various setup functions
 3) pci_msi_setup_msi_irqs() is invoked which ends up accessing
    the MSI-X table entries
 4) MSI-X is enabled and masked in the control register with the
    comment that enabling is required for some hardware to access
    the MSI-X table

Step #4 obviously contradicts #3. The history of this is an issue with the
NIU hardware. When #4 was introduced the table access actually happened in
msix_program_entries() which was invoked after enabling and masking MSI-X.

This was changed in commit d71d6432e105 ("PCI/MSI: Kill redundant call of
irq_set_msi_desc() for MSI-X interrupts") which removed the table write
from msix_program_entries().

Interestingly enough nobody noticed and either NIU still works or it did
not get any testing with a kernel 3.19 or later.

Nevertheless this is inconsistent and there is no reason why MSI-X can't be
enabled and masked in the control register early on, i.e. move step #4
above to step #1. This preserves the NIU workaround and has no side effects
on other hardware.

Fixes: d71d6432e105 ("PCI/MSI: Kill redundant call of irq_set_msi_desc() for MSI-X interrupts")
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
Tested-by: Marc Zyngier <maz@kernel.org>
Reviewed-by: Ashok Raj <ashok.raj@intel.com>
Reviewed-by: Marc Zyngier <maz@kernel.org>
Acked-by: Bjorn Helgaas <bhelgaas@google.com>
Cc: stable@vger.kernel.org
Link: https://lore.kernel.org/r/20210729222542.344136412@linutronix.de
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
 drivers/pci/msi.c |   28 +++++++++++++++-------------
 1 file changed, 15 insertions(+), 13 deletions(-)

--- a/drivers/pci/msi.c
+++ b/drivers/pci/msi.c
@@ -779,18 +779,25 @@ static int msix_capability_init(struct p
 	u16 control;
 	void __iomem *base;
 
-	/* Ensure MSI-X is disabled while it is set up */
-	pci_msix_clear_and_set_ctrl(dev, PCI_MSIX_FLAGS_ENABLE, 0);
+	/*
+	 * Some devices require MSI-X to be enabled before the MSI-X
+	 * registers can be accessed.  Mask all the vectors to prevent
+	 * interrupts coming in before they're fully set up.
+	 */
+	pci_msix_clear_and_set_ctrl(dev, 0, PCI_MSIX_FLAGS_MASKALL |
+				    PCI_MSIX_FLAGS_ENABLE);
 
 	pci_read_config_word(dev, dev->msix_cap + PCI_MSIX_FLAGS, &control);
 	/* Request & Map MSI-X table region */
 	base = msix_map_region(dev, msix_table_size(control));
-	if (!base)
-		return -ENOMEM;
+	if (!base) {
+		ret = -ENOMEM;
+		goto out_disable;
+	}
 
 	ret = msix_setup_entries(dev, base, entries, nvec, affd);
 	if (ret)
-		return ret;
+		goto out_disable;
 
 	ret = pci_msi_setup_msi_irqs(dev, nvec, PCI_CAP_ID_MSIX);
 	if (ret)
@@ -801,14 +808,6 @@ static int msix_capability_init(struct p
 	if (ret)
 		goto out_free;
 
-	/*
-	 * Some devices require MSI-X to be enabled before we can touch the
-	 * MSI-X registers.  We need to mask all the vectors to prevent
-	 * interrupts coming in before they're fully set up.
-	 */
-	pci_msix_clear_and_set_ctrl(dev, 0,
-				PCI_MSIX_FLAGS_MASKALL | PCI_MSIX_FLAGS_ENABLE);
-
 	msix_program_entries(dev, entries);
 
 	ret = populate_msi_sysfs(dev);
@@ -843,6 +842,9 @@ out_avail:
 out_free:
 	free_msi_irqs(dev);
 
+out_disable:
+	pci_msix_clear_and_set_ctrl(dev, PCI_MSIX_FLAGS_ENABLE, 0);
+
 	return ret;
 }
 



^ permalink raw reply	[flat|nested] 112+ messages in thread

* [PATCH 5.10 80/96] PCI/MSI: Mask all unused MSI-X entries
  2021-08-16 13:01 [PATCH 5.10 00/96] 5.10.60-rc1 review Greg Kroah-Hartman
                   ` (78 preceding siblings ...)
  2021-08-16 13:02 ` [PATCH 5.10 79/96] PCI/MSI: Enable and mask MSI-X early Greg Kroah-Hartman
@ 2021-08-16 13:02 ` Greg Kroah-Hartman
  2021-08-16 13:02 ` [PATCH 5.10 81/96] PCI/MSI: Enforce that MSI-X table entry is masked for update Greg Kroah-Hartman
                   ` (15 subsequent siblings)
  95 siblings, 0 replies; 112+ messages in thread
From: Greg Kroah-Hartman @ 2021-08-16 13:02 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Thomas Gleixner, Marc Zyngier, Bjorn Helgaas

From: Thomas Gleixner <tglx@linutronix.de>

commit 7d5ec3d3612396dc6d4b76366d20ab9fc06f399f upstream.

When MSI-X is enabled the ordering of calls is:

  msix_map_region();
  msix_setup_entries();
  pci_msi_setup_msi_irqs();
  msix_program_entries();

This has a few interesting issues:

 1) msix_setup_entries() allocates the MSI descriptors and initializes them
    except for the msi_desc:masked member which is left zero initialized.

 2) pci_msi_setup_msi_irqs() allocates the interrupt descriptors and sets
    up the MSI interrupts which ends up in pci_write_msi_msg() unless the
    interrupt chip provides its own irq_write_msi_msg() function.

 3) msix_program_entries() does not do what the name suggests. It solely
    updates the entries array (if not NULL) and initializes the masked
    member for each MSI descriptor by reading the hardware state and then
    masks the entry.

Obviously this has some issues:

 1) The uninitialized masked member of msi_desc prevents the enforcement
    of masking the entry in pci_write_msi_msg() depending on the cached
    masked bit. Aside of that half initialized data is a NONO in general

 2) msix_program_entries() only ensures that the actually allocated entries
    are masked. This is wrong as experimentation with crash testing and
    crash kernel kexec has shown.

    This limited testing unearthed that when the production kernel had more
    entries in use and unmasked when it crashed and the crash kernel
    allocated a smaller amount of entries, then a full scan of all entries
    found unmasked entries which were in use in the production kernel.

    This is obviously a device or emulation issue as the device reset
    should mask all MSI-X table entries, but obviously that's just part
    of the paper specification.

Cure this by:

 1) Masking all table entries in hardware
 2) Initializing msi_desc::masked in msix_setup_entries()
 3) Removing the mask dance in msix_program_entries()
 4) Renaming msix_program_entries() to msix_update_entries() to
    reflect the purpose of that function.

As the masking of unused entries has never been done the Fixes tag refers
to a commit in:
   git://git.kernel.org/pub/scm/linux/kernel/git/tglx/history.git

Fixes: f036d4ea5fa7 ("[PATCH] ia32 Message Signalled Interrupt support")
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
Tested-by: Marc Zyngier <maz@kernel.org>
Reviewed-by: Marc Zyngier <maz@kernel.org>
Acked-by: Bjorn Helgaas <bhelgaas@google.com>
Cc: stable@vger.kernel.org
Link: https://lore.kernel.org/r/20210729222542.403833459@linutronix.de
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
 drivers/pci/msi.c |   45 +++++++++++++++++++++++++++------------------
 1 file changed, 27 insertions(+), 18 deletions(-)

--- a/drivers/pci/msi.c
+++ b/drivers/pci/msi.c
@@ -698,6 +698,7 @@ static int msix_setup_entries(struct pci
 {
 	struct irq_affinity_desc *curmsk, *masks = NULL;
 	struct msi_desc *entry;
+	void __iomem *addr;
 	int ret, i;
 	int vec_count = pci_msix_vec_count(dev);
 
@@ -718,6 +719,7 @@ static int msix_setup_entries(struct pci
 
 		entry->msi_attrib.is_msix	= 1;
 		entry->msi_attrib.is_64		= 1;
+
 		if (entries)
 			entry->msi_attrib.entry_nr = entries[i].entry;
 		else
@@ -729,6 +731,10 @@ static int msix_setup_entries(struct pci
 		entry->msi_attrib.default_irq	= dev->irq;
 		entry->mask_base		= base;
 
+		addr = pci_msix_desc_addr(entry);
+		if (addr)
+			entry->masked = readl(addr + PCI_MSIX_ENTRY_VECTOR_CTRL);
+
 		list_add_tail(&entry->list, dev_to_msi_list(&dev->dev));
 		if (masks)
 			curmsk++;
@@ -739,26 +745,25 @@ out:
 	return ret;
 }
 
-static void msix_program_entries(struct pci_dev *dev,
-				 struct msix_entry *entries)
+static void msix_update_entries(struct pci_dev *dev, struct msix_entry *entries)
 {
 	struct msi_desc *entry;
-	int i = 0;
-	void __iomem *desc_addr;
 
 	for_each_pci_msi_entry(entry, dev) {
-		if (entries)
-			entries[i++].vector = entry->irq;
+		if (entries) {
+			entries->vector = entry->irq;
+			entries++;
+		}
+	}
+}
 
-		desc_addr = pci_msix_desc_addr(entry);
-		if (desc_addr)
-			entry->masked = readl(desc_addr +
-					      PCI_MSIX_ENTRY_VECTOR_CTRL);
-		else
-			entry->masked = 0;
+static void msix_mask_all(void __iomem *base, int tsize)
+{
+	u32 ctrl = PCI_MSIX_ENTRY_CTRL_MASKBIT;
+	int i;
 
-		msix_mask_irq(entry, 1);
-	}
+	for (i = 0; i < tsize; i++, base += PCI_MSIX_ENTRY_SIZE)
+		writel(ctrl, base + PCI_MSIX_ENTRY_VECTOR_CTRL);
 }
 
 /**
@@ -775,9 +780,9 @@ static void msix_program_entries(struct
 static int msix_capability_init(struct pci_dev *dev, struct msix_entry *entries,
 				int nvec, struct irq_affinity *affd)
 {
-	int ret;
-	u16 control;
 	void __iomem *base;
+	int ret, tsize;
+	u16 control;
 
 	/*
 	 * Some devices require MSI-X to be enabled before the MSI-X
@@ -789,12 +794,16 @@ static int msix_capability_init(struct p
 
 	pci_read_config_word(dev, dev->msix_cap + PCI_MSIX_FLAGS, &control);
 	/* Request & Map MSI-X table region */
-	base = msix_map_region(dev, msix_table_size(control));
+	tsize = msix_table_size(control);
+	base = msix_map_region(dev, tsize);
 	if (!base) {
 		ret = -ENOMEM;
 		goto out_disable;
 	}
 
+	/* Ensure that all table entries are masked. */
+	msix_mask_all(base, tsize);
+
 	ret = msix_setup_entries(dev, base, entries, nvec, affd);
 	if (ret)
 		goto out_disable;
@@ -808,7 +817,7 @@ static int msix_capability_init(struct p
 	if (ret)
 		goto out_free;
 
-	msix_program_entries(dev, entries);
+	msix_update_entries(dev, entries);
 
 	ret = populate_msi_sysfs(dev);
 	if (ret)



^ permalink raw reply	[flat|nested] 112+ messages in thread

* [PATCH 5.10 81/96] PCI/MSI: Enforce that MSI-X table entry is masked for update
  2021-08-16 13:01 [PATCH 5.10 00/96] 5.10.60-rc1 review Greg Kroah-Hartman
                   ` (79 preceding siblings ...)
  2021-08-16 13:02 ` [PATCH 5.10 80/96] PCI/MSI: Mask all unused MSI-X entries Greg Kroah-Hartman
@ 2021-08-16 13:02 ` Greg Kroah-Hartman
  2021-08-16 13:02 ` [PATCH 5.10 82/96] PCI/MSI: Enforce MSI[X] entry updates to be visible Greg Kroah-Hartman
                   ` (14 subsequent siblings)
  95 siblings, 0 replies; 112+ messages in thread
From: Greg Kroah-Hartman @ 2021-08-16 13:02 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Kevin Tian, Thomas Gleixner,
	Marc Zyngier, Bjorn Helgaas

From: Thomas Gleixner <tglx@linutronix.de>

commit da181dc974ad667579baece33c2c8d2d1e4558d5 upstream.

The specification (PCIe r5.0, sec 6.1.4.5) states:

    For MSI-X, a function is permitted to cache Address and Data values
    from unmasked MSI-X Table entries. However, anytime software unmasks a
    currently masked MSI-X Table entry either by clearing its Mask bit or
    by clearing the Function Mask bit, the function must update any Address
    or Data values that it cached from that entry. If software changes the
    Address or Data value of an entry while the entry is unmasked, the
    result is undefined.

The Linux kernel's MSI-X support never enforced that the entry is masked
before the entry is modified hence the Fixes tag refers to a commit in:
      git://git.kernel.org/pub/scm/linux/kernel/git/tglx/history.git

Enforce the entry to be masked across the update.

There is no point in enforcing this to be handled at all possible call
sites as this is just pointless code duplication and the common update
function is the obvious place to enforce this.

Fixes: f036d4ea5fa7 ("[PATCH] ia32 Message Signalled Interrupt support")
Reported-by: Kevin Tian <kevin.tian@intel.com>
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
Tested-by: Marc Zyngier <maz@kernel.org>
Reviewed-by: Marc Zyngier <maz@kernel.org>
Acked-by: Bjorn Helgaas <bhelgaas@google.com>
Cc: stable@vger.kernel.org
Link: https://lore.kernel.org/r/20210729222542.462096385@linutronix.de
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
 drivers/pci/msi.c |   15 +++++++++++++++
 1 file changed, 15 insertions(+)

--- a/drivers/pci/msi.c
+++ b/drivers/pci/msi.c
@@ -317,13 +317,28 @@ void __pci_write_msi_msg(struct msi_desc
 		/* Don't touch the hardware now */
 	} else if (entry->msi_attrib.is_msix) {
 		void __iomem *base = pci_msix_desc_addr(entry);
+		bool unmasked = !(entry->masked & PCI_MSIX_ENTRY_CTRL_MASKBIT);
 
 		if (!base)
 			goto skip;
 
+		/*
+		 * The specification mandates that the entry is masked
+		 * when the message is modified:
+		 *
+		 * "If software changes the Address or Data value of an
+		 * entry while the entry is unmasked, the result is
+		 * undefined."
+		 */
+		if (unmasked)
+			__pci_msix_desc_mask_irq(entry, PCI_MSIX_ENTRY_CTRL_MASKBIT);
+
 		writel(msg->address_lo, base + PCI_MSIX_ENTRY_LOWER_ADDR);
 		writel(msg->address_hi, base + PCI_MSIX_ENTRY_UPPER_ADDR);
 		writel(msg->data, base + PCI_MSIX_ENTRY_DATA);
+
+		if (unmasked)
+			__pci_msix_desc_mask_irq(entry, 0);
 	} else {
 		int pos = dev->msi_cap;
 		u16 msgctl;



^ permalink raw reply	[flat|nested] 112+ messages in thread

* [PATCH 5.10 82/96] PCI/MSI: Enforce MSI[X] entry updates to be visible
  2021-08-16 13:01 [PATCH 5.10 00/96] 5.10.60-rc1 review Greg Kroah-Hartman
                   ` (80 preceding siblings ...)
  2021-08-16 13:02 ` [PATCH 5.10 81/96] PCI/MSI: Enforce that MSI-X table entry is masked for update Greg Kroah-Hartman
@ 2021-08-16 13:02 ` Greg Kroah-Hartman
  2021-08-16 13:02 ` [PATCH 5.10 83/96] PCI/MSI: Do not set invalid bits in MSI mask Greg Kroah-Hartman
                   ` (13 subsequent siblings)
  95 siblings, 0 replies; 112+ messages in thread
From: Greg Kroah-Hartman @ 2021-08-16 13:02 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Thomas Gleixner, Marc Zyngier, Bjorn Helgaas

From: Thomas Gleixner <tglx@linutronix.de>

commit b9255a7cb51754e8d2645b65dd31805e282b4f3e upstream.

Nothing enforces the posted writes to be visible when the function
returns. Flush them even if the flush might be redundant when the entry is
masked already as the unmask will flush as well. This is either setup or a
rare affinity change event so the extra flush is not the end of the world.

While this is more a theoretical issue especially the logic in the X86
specific msi_set_affinity() function relies on the assumption that the
update has reached the hardware when the function returns.

Again, as this never has been enforced the Fixes tag refers to a commit in:
   git://git.kernel.org/pub/scm/linux/kernel/git/tglx/history.git

Fixes: f036d4ea5fa7 ("[PATCH] ia32 Message Signalled Interrupt support")
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
Tested-by: Marc Zyngier <maz@kernel.org>
Reviewed-by: Marc Zyngier <maz@kernel.org>
Acked-by: Bjorn Helgaas <bhelgaas@google.com>
Cc: stable@vger.kernel.org
Link: https://lore.kernel.org/r/20210729222542.515188147@linutronix.de
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
 drivers/pci/msi.c |    5 +++++
 1 file changed, 5 insertions(+)

--- a/drivers/pci/msi.c
+++ b/drivers/pci/msi.c
@@ -339,6 +339,9 @@ void __pci_write_msi_msg(struct msi_desc
 
 		if (unmasked)
 			__pci_msix_desc_mask_irq(entry, 0);
+
+		/* Ensure that the writes are visible in the device */
+		readl(base + PCI_MSIX_ENTRY_DATA);
 	} else {
 		int pos = dev->msi_cap;
 		u16 msgctl;
@@ -359,6 +362,8 @@ void __pci_write_msi_msg(struct msi_desc
 			pci_write_config_word(dev, pos + PCI_MSI_DATA_32,
 					      msg->data);
 		}
+		/* Ensure that the writes are visible in the device */
+		pci_read_config_word(dev, pos + PCI_MSI_FLAGS, &msgctl);
 	}
 
 skip:



^ permalink raw reply	[flat|nested] 112+ messages in thread

* [PATCH 5.10 83/96] PCI/MSI: Do not set invalid bits in MSI mask
  2021-08-16 13:01 [PATCH 5.10 00/96] 5.10.60-rc1 review Greg Kroah-Hartman
                   ` (81 preceding siblings ...)
  2021-08-16 13:02 ` [PATCH 5.10 82/96] PCI/MSI: Enforce MSI[X] entry updates to be visible Greg Kroah-Hartman
@ 2021-08-16 13:02 ` Greg Kroah-Hartman
  2021-08-16 13:02 ` [PATCH 5.10 84/96] PCI/MSI: Correct misleading comments Greg Kroah-Hartman
                   ` (12 subsequent siblings)
  95 siblings, 0 replies; 112+ messages in thread
From: Greg Kroah-Hartman @ 2021-08-16 13:02 UTC (permalink / raw)
  To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Thomas Gleixner, Marc Zyngier

From: Thomas Gleixner <tglx@linutronix.de>

commit 361fd37397f77578735907341579397d5bed0a2d upstream.

msi_mask_irq() takes a mask and a flags argument. The mask argument is used
to mask out bits from the cached mask and the flags argument to set bits.

Some places invoke it with a flags argument which sets bits which are not
used by the device, i.e. when the device supports up to 8 vectors a full
unmask in some places sets the mask to 0xFFFFFF00. While devices probably
do not care, it's still bad practice.

Fixes: 7ba1930db02f ("PCI MSI: Unmask MSI if setup failed")
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
Tested-by: Marc Zyngier <maz@kernel.org>
Reviewed-by: Marc Zyngier <maz@kernel.org>
Cc: stable@vger.kernel.org
Link: https://lore.kernel.org/r/20210729222542.568173099@linutronix.de
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
 drivers/pci/msi.c |    8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

--- a/drivers/pci/msi.c
+++ b/drivers/pci/msi.c
@@ -663,21 +663,21 @@ static int msi_capability_init(struct pc
 	/* Configure MSI capability structure */
 	ret = pci_msi_setup_msi_irqs(dev, nvec, PCI_CAP_ID_MSI);
 	if (ret) {
-		msi_mask_irq(entry, mask, ~mask);
+		msi_mask_irq(entry, mask, 0);
 		free_msi_irqs(dev);
 		return ret;
 	}
 
 	ret = msi_verify_entries(dev);
 	if (ret) {
-		msi_mask_irq(entry, mask, ~mask);
+		msi_mask_irq(entry, mask, 0);
 		free_msi_irqs(dev);
 		return ret;
 	}
 
 	ret = populate_msi_sysfs(dev);
 	if (ret) {
-		msi_mask_irq(entry, mask, ~mask);
+		msi_mask_irq(entry, mask, 0);
 		free_msi_irqs(dev);
 		return ret;
 	}
@@ -962,7 +962,7 @@ static void pci_msi_shutdown(struct pci_
 	/* Return the device with MSI unmasked as initial states */
 	mask = msi_mask(desc->msi_attrib.multi_cap);
 	/* Keep cached state to be restored */
-	__pci_msi_desc_mask_irq(desc, mask, ~mask);
+	__pci_msi_desc_mask_irq(desc, mask, 0);
 
 	/* Restore dev->irq to its default pin-assertion IRQ */
 	dev->irq = desc->msi_attrib.default_irq;



^ permalink raw reply	[flat|nested] 112+ messages in thread

* [PATCH 5.10 84/96] PCI/MSI: Correct misleading comments
  2021-08-16 13:01 [PATCH 5.10 00/96] 5.10.60-rc1 review Greg Kroah-Hartman
                   ` (82 preceding siblings ...)
  2021-08-16 13:02 ` [PATCH 5.10 83/96] PCI/MSI: Do not set invalid bits in MSI mask Greg Kroah-Hartman
@ 2021-08-16 13:02 ` Greg Kroah-Hartman
  2021-08-16 13:02 ` [PATCH 5.10 85/96] PCI/MSI: Use msi_mask_irq() in pci_msi_shutdown() Greg Kroah-Hartman
                   ` (11 subsequent siblings)
  95 siblings, 0 replies; 112+ messages in thread
From: Greg Kroah-Hartman @ 2021-08-16 13:02 UTC (permalink / raw)
  To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Thomas Gleixner, Marc Zyngier

From: Thomas Gleixner <tglx@linutronix.de>

commit 689e6b5351573c38ccf92a0dd8b3e2c2241e4aff upstream.

The comments about preserving the cached state in pci_msi[x]_shutdown() are
misleading as the MSI descriptors are freed right after those functions
return. So there is nothing to restore. Preparatory change.

Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
Tested-by: Marc Zyngier <maz@kernel.org>
Reviewed-by: Marc Zyngier <maz@kernel.org>
Cc: stable@vger.kernel.org
Link: https://lore.kernel.org/r/20210729222542.621609423@linutronix.de
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
 drivers/pci/msi.c |    5 +----
 1 file changed, 1 insertion(+), 4 deletions(-)

--- a/drivers/pci/msi.c
+++ b/drivers/pci/msi.c
@@ -961,7 +961,6 @@ static void pci_msi_shutdown(struct pci_
 
 	/* Return the device with MSI unmasked as initial states */
 	mask = msi_mask(desc->msi_attrib.multi_cap);
-	/* Keep cached state to be restored */
 	__pci_msi_desc_mask_irq(desc, mask, 0);
 
 	/* Restore dev->irq to its default pin-assertion IRQ */
@@ -1047,10 +1046,8 @@ static void pci_msix_shutdown(struct pci
 	}
 
 	/* Return the device with MSI-X masked as initial states */
-	for_each_pci_msi_entry(entry, dev) {
-		/* Keep cached states to be restored */
+	for_each_pci_msi_entry(entry, dev)
 		__pci_msix_desc_mask_irq(entry, 1);
-	}
 
 	pci_msix_clear_and_set_ctrl(dev, PCI_MSIX_FLAGS_ENABLE, 0);
 	pci_intx_for_msi(dev, 1);



^ permalink raw reply	[flat|nested] 112+ messages in thread

* [PATCH 5.10 85/96] PCI/MSI: Use msi_mask_irq() in pci_msi_shutdown()
  2021-08-16 13:01 [PATCH 5.10 00/96] 5.10.60-rc1 review Greg Kroah-Hartman
                   ` (83 preceding siblings ...)
  2021-08-16 13:02 ` [PATCH 5.10 84/96] PCI/MSI: Correct misleading comments Greg Kroah-Hartman
@ 2021-08-16 13:02 ` Greg Kroah-Hartman
  2021-08-16 13:02 ` [PATCH 5.10 86/96] PCI/MSI: Protect msi_desc::masked for multi-MSI Greg Kroah-Hartman
                   ` (10 subsequent siblings)
  95 siblings, 0 replies; 112+ messages in thread
From: Greg Kroah-Hartman @ 2021-08-16 13:02 UTC (permalink / raw)
  To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Thomas Gleixner, Marc Zyngier

From: Thomas Gleixner <tglx@linutronix.de>

commit d28d4ad2a1aef27458b3383725bb179beb8d015c upstream.

No point in using the raw write function from shutdown. Preparatory change
to introduce proper serialization for the msi_desc::masked cache.

Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
Tested-by: Marc Zyngier <maz@kernel.org>
Reviewed-by: Marc Zyngier <maz@kernel.org>
Cc: stable@vger.kernel.org
Link: https://lore.kernel.org/r/20210729222542.674391354@linutronix.de
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
 drivers/pci/msi.c |    2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

--- a/drivers/pci/msi.c
+++ b/drivers/pci/msi.c
@@ -961,7 +961,7 @@ static void pci_msi_shutdown(struct pci_
 
 	/* Return the device with MSI unmasked as initial states */
 	mask = msi_mask(desc->msi_attrib.multi_cap);
-	__pci_msi_desc_mask_irq(desc, mask, 0);
+	msi_mask_irq(desc, mask, 0);
 
 	/* Restore dev->irq to its default pin-assertion IRQ */
 	dev->irq = desc->msi_attrib.default_irq;



^ permalink raw reply	[flat|nested] 112+ messages in thread

* [PATCH 5.10 86/96] PCI/MSI: Protect msi_desc::masked for multi-MSI
  2021-08-16 13:01 [PATCH 5.10 00/96] 5.10.60-rc1 review Greg Kroah-Hartman
                   ` (84 preceding siblings ...)
  2021-08-16 13:02 ` [PATCH 5.10 85/96] PCI/MSI: Use msi_mask_irq() in pci_msi_shutdown() Greg Kroah-Hartman
@ 2021-08-16 13:02 ` Greg Kroah-Hartman
  2021-08-16 13:02 ` [PATCH 5.10 87/96] powerpc/smp: Fix OOPS in topology_init() Greg Kroah-Hartman
                   ` (9 subsequent siblings)
  95 siblings, 0 replies; 112+ messages in thread
From: Greg Kroah-Hartman @ 2021-08-16 13:02 UTC (permalink / raw)
  To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Thomas Gleixner, Marc Zyngier

From: Thomas Gleixner <tglx@linutronix.de>

commit 77e89afc25f30abd56e76a809ee2884d7c1b63ce upstream.

Multi-MSI uses a single MSI descriptor and there is a single mask register
when the device supports per vector masking. To avoid reading back the mask
register the value is cached in the MSI descriptor and updates are done by
clearing and setting bits in the cache and writing it to the device.

But nothing protects msi_desc::masked and the mask register from being
modified concurrently on two different CPUs for two different Linux
interrupts which belong to the same multi-MSI descriptor.

Add a lock to struct device and protect any operation on the mask and the
mask register with it.

This makes the update of msi_desc::masked unconditional, but there is no
place which requires a modification of the hardware register without
updating the masked cache.

msi_mask_irq() is now an empty wrapper which will be cleaned up in follow
up changes.

The problem goes way back to the initial support of multi-MSI, but picking
the commit which introduced the mask cache is a valid cut off point
(2.6.30).

Fixes: f2440d9acbe8 ("PCI MSI: Refactor interrupt masking code")
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
Tested-by: Marc Zyngier <maz@kernel.org>
Reviewed-by: Marc Zyngier <maz@kernel.org>
Cc: stable@vger.kernel.org
Link: https://lore.kernel.org/r/20210729222542.726833414@linutronix.de
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
 drivers/base/core.c    |    1 +
 drivers/pci/msi.c      |   19 ++++++++++---------
 include/linux/device.h |    1 +
 include/linux/msi.h    |    2 +-
 4 files changed, 13 insertions(+), 10 deletions(-)

--- a/drivers/base/core.c
+++ b/drivers/base/core.c
@@ -2452,6 +2452,7 @@ void device_initialize(struct device *de
 	device_pm_init(dev);
 	set_dev_node(dev, -1);
 #ifdef CONFIG_GENERIC_MSI_IRQ
+	raw_spin_lock_init(&dev->msi_lock);
 	INIT_LIST_HEAD(&dev->msi_list);
 #endif
 	INIT_LIST_HEAD(&dev->links.consumers);
--- a/drivers/pci/msi.c
+++ b/drivers/pci/msi.c
@@ -171,24 +171,25 @@ static inline __attribute_const__ u32 ms
  * reliably as devices without an INTx disable bit will then generate a
  * level IRQ which will never be cleared.
  */
-u32 __pci_msi_desc_mask_irq(struct msi_desc *desc, u32 mask, u32 flag)
+void __pci_msi_desc_mask_irq(struct msi_desc *desc, u32 mask, u32 flag)
 {
-	u32 mask_bits = desc->masked;
+	raw_spinlock_t *lock = &desc->dev->msi_lock;
+	unsigned long flags;
 
 	if (pci_msi_ignore_mask || !desc->msi_attrib.maskbit)
-		return 0;
+		return;
 
-	mask_bits &= ~mask;
-	mask_bits |= flag;
+	raw_spin_lock_irqsave(lock, flags);
+	desc->masked &= ~mask;
+	desc->masked |= flag;
 	pci_write_config_dword(msi_desc_to_pci_dev(desc), desc->mask_pos,
-			       mask_bits);
-
-	return mask_bits;
+			       desc->masked);
+	raw_spin_unlock_irqrestore(lock, flags);
 }
 
 static void msi_mask_irq(struct msi_desc *desc, u32 mask, u32 flag)
 {
-	desc->masked = __pci_msi_desc_mask_irq(desc, mask, flag);
+	__pci_msi_desc_mask_irq(desc, mask, flag);
 }
 
 static void __iomem *pci_msix_desc_addr(struct msi_desc *desc)
--- a/include/linux/device.h
+++ b/include/linux/device.h
@@ -497,6 +497,7 @@ struct device {
 	struct dev_pin_info	*pins;
 #endif
 #ifdef CONFIG_GENERIC_MSI_IRQ
+	raw_spinlock_t		msi_lock;
 	struct list_head	msi_list;
 #endif
 #ifdef CONFIG_DMA_OPS
--- a/include/linux/msi.h
+++ b/include/linux/msi.h
@@ -194,7 +194,7 @@ void __pci_read_msi_msg(struct msi_desc
 void __pci_write_msi_msg(struct msi_desc *entry, struct msi_msg *msg);
 
 u32 __pci_msix_desc_mask_irq(struct msi_desc *desc, u32 flag);
-u32 __pci_msi_desc_mask_irq(struct msi_desc *desc, u32 mask, u32 flag);
+void __pci_msi_desc_mask_irq(struct msi_desc *desc, u32 mask, u32 flag);
 void pci_msi_mask_irq(struct irq_data *data);
 void pci_msi_unmask_irq(struct irq_data *data);
 



^ permalink raw reply	[flat|nested] 112+ messages in thread

* [PATCH 5.10 87/96] powerpc/smp: Fix OOPS in topology_init()
  2021-08-16 13:01 [PATCH 5.10 00/96] 5.10.60-rc1 review Greg Kroah-Hartman
                   ` (85 preceding siblings ...)
  2021-08-16 13:02 ` [PATCH 5.10 86/96] PCI/MSI: Protect msi_desc::masked for multi-MSI Greg Kroah-Hartman
@ 2021-08-16 13:02 ` Greg Kroah-Hartman
  2021-08-16 13:02 ` [PATCH 5.10 88/96] efi/libstub: arm64: Double check image alignment at entry Greg Kroah-Hartman
                   ` (8 subsequent siblings)
  95 siblings, 0 replies; 112+ messages in thread
From: Greg Kroah-Hartman @ 2021-08-16 13:02 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Christophe Leroy, Michael Ellerman

From: Christophe Leroy <christophe.leroy@csgroup.eu>

commit 8241461536f21bbe51308a6916d1c9fb2e6b75a7 upstream.

Running an SMP kernel on an UP platform not prepared for it,
I encountered the following OOPS:

	BUG: Kernel NULL pointer dereference on read at 0x00000034
	Faulting instruction address: 0xc0a04110
	Oops: Kernel access of bad area, sig: 11 [#1]
	BE PAGE_SIZE=4K SMP NR_CPUS=2 CMPCPRO
	Modules linked in:
	CPU: 0 PID: 1 Comm: swapper/0 Not tainted 5.13.0-pmac-00001-g230fedfaad21 #5234
	NIP:  c0a04110 LR: c0a040d8 CTR: c0a04084
	REGS: e100dda0 TRAP: 0300   Not tainted  (5.13.0-pmac-00001-g230fedfaad21)
	MSR:  00009032 <EE,ME,IR,DR,RI>  CR: 84000284  XER: 00000000
	DAR: 00000034 DSISR: 20000000
	GPR00: c0006bd4 e100de60 c1033320 00000000 00000000 c0942274 00000000 00000000
	GPR08: 00000000 00000000 00000001 00000063 00000007 00000000 c0006f30 00000000
	GPR16: 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000005
	GPR24: c0c67d74 c0c67f1c c0c60000 c0c67d70 c0c0c558 1efdf000 c0c00020 00000000
	NIP [c0a04110] topology_init+0x8c/0x138
	LR [c0a040d8] topology_init+0x54/0x138
	Call Trace:
	[e100de60] [80808080] 0x80808080 (unreliable)
	[e100de90] [c0006bd4] do_one_initcall+0x48/0x1bc
	[e100def0] [c0a0150c] kernel_init_freeable+0x1c8/0x278
	[e100df20] [c0006f44] kernel_init+0x14/0x10c
	[e100df30] [c00190fc] ret_from_kernel_thread+0x14/0x1c
	Instruction dump:
	7c692e70 7d290194 7c035040 7c7f1b78 5529103a 546706fe 5468103a 39400001
	7c641b78 40800054 80c690b4 7fb9402e <81060034> 7fbeea14 2c080000 7fa3eb78
	---[ end trace b246ffbc6bbbb6fb ]---

Fix it by checking smp_ops before using it, as already done in
several other places in the arch/powerpc/kernel/smp.c

Fixes: 39f87561454d ("powerpc/smp: Move ppc_md.cpu_die() to smp_ops.cpu_offline_self()")
Cc: stable@vger.kernel.org
Signed-off-by: Christophe Leroy <christophe.leroy@csgroup.eu>
Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>
Link: https://lore.kernel.org/r/75287841cbb8740edd44880fe60be66d489160d9.1628097995.git.christophe.leroy@csgroup.eu
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
 arch/powerpc/kernel/sysfs.c |    2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

--- a/arch/powerpc/kernel/sysfs.c
+++ b/arch/powerpc/kernel/sysfs.c
@@ -1167,7 +1167,7 @@ static int __init topology_init(void)
 		 * CPU.  For instance, the boot cpu might never be valid
 		 * for hotplugging.
 		 */
-		if (smp_ops->cpu_offline_self)
+		if (smp_ops && smp_ops->cpu_offline_self)
 			c->hotpluggable = 1;
 #endif
 



^ permalink raw reply	[flat|nested] 112+ messages in thread

* [PATCH 5.10 88/96] efi/libstub: arm64: Double check image alignment at entry
  2021-08-16 13:01 [PATCH 5.10 00/96] 5.10.60-rc1 review Greg Kroah-Hartman
                   ` (86 preceding siblings ...)
  2021-08-16 13:02 ` [PATCH 5.10 87/96] powerpc/smp: Fix OOPS in topology_init() Greg Kroah-Hartman
@ 2021-08-16 13:02 ` Greg Kroah-Hartman
  2021-08-16 13:02 ` [PATCH 5.10 89/96] KVM: VMX: Use current VMCS to query WAITPKG support for MSR emulation Greg Kroah-Hartman
                   ` (7 subsequent siblings)
  95 siblings, 0 replies; 112+ messages in thread
From: Greg Kroah-Hartman @ 2021-08-16 13:02 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Ard Biesheuvel, Benjamin Herrenschmidt

From: Ard Biesheuvel <ardb@kernel.org>

commit c32ac11da3f83bb42b986702a9b92f0a14ed4182 upstream.

On arm64, the stub only moves the kernel image around in memory if
needed, which is typically only for KASLR, given that relocatable
kernels (which is the default) can run from any 64k aligned address,
which is also the minimum alignment communicated to EFI via the PE/COFF
header.

Unfortunately, some loaders appear to ignore this header, and load the
kernel at some arbitrary offset in memory. We can deal with this, but
let's check for this condition anyway, so non-compliant code can be
spotted and fixed.

Cc: <stable@vger.kernel.org> # v5.10+
Signed-off-by: Ard Biesheuvel <ardb@kernel.org>
Tested-by: Benjamin Herrenschmidt <benh@kernel.crashing.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
 drivers/firmware/efi/libstub/arm64-stub.c |    4 ++++
 1 file changed, 4 insertions(+)

--- a/drivers/firmware/efi/libstub/arm64-stub.c
+++ b/drivers/firmware/efi/libstub/arm64-stub.c
@@ -119,6 +119,10 @@ efi_status_t handle_kernel_image(unsigne
 	if (image->image_base != _text)
 		efi_err("FIRMWARE BUG: efi_loaded_image_t::image_base has bogus value\n");
 
+	if (!IS_ALIGNED((u64)_text, EFI_KIMG_ALIGN))
+		efi_err("FIRMWARE BUG: kernel image not aligned on %ldk boundary\n",
+			EFI_KIMG_ALIGN >> 10);
+
 	kernel_size = _edata - _text;
 	kernel_memsize = kernel_size + (_end - _edata);
 	*reserve_size = kernel_memsize;



^ permalink raw reply	[flat|nested] 112+ messages in thread

* [PATCH 5.10 89/96] KVM: VMX: Use current VMCS to query WAITPKG support for MSR emulation
  2021-08-16 13:01 [PATCH 5.10 00/96] 5.10.60-rc1 review Greg Kroah-Hartman
                   ` (87 preceding siblings ...)
  2021-08-16 13:02 ` [PATCH 5.10 88/96] efi/libstub: arm64: Double check image alignment at entry Greg Kroah-Hartman
@ 2021-08-16 13:02 ` Greg Kroah-Hartman
  2021-08-16 13:02 ` [PATCH 5.10 90/96] KVM: nVMX: Use vmx_need_pf_intercept() when deciding if L0 wants a #PF Greg Kroah-Hartman
                   ` (6 subsequent siblings)
  95 siblings, 0 replies; 112+ messages in thread
From: Greg Kroah-Hartman @ 2021-08-16 13:02 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Sean Christopherson, Paolo Bonzini

From: Sean Christopherson <seanjc@google.com>

commit 7b9cae027ba3aaac295ae23a62f47876ed97da73 upstream.

Use the secondary_exec_controls_get() accessor in vmx_has_waitpkg() to
effectively get the controls for the current VMCS, as opposed to using
vmx->secondary_exec_controls, which is the cached value of KVM's desired
controls for vmcs01 and truly not reflective of any particular VMCS.

While the waitpkg control is not dynamic, i.e. vmcs01 will always hold
the same waitpkg configuration as vmx->secondary_exec_controls, the same
does not hold true for vmcs02 if the L1 VMM hides the feature from L2.
If L1 hides the feature _and_ does not intercept MSR_IA32_UMWAIT_CONTROL,
L2 could incorrectly read/write L1's virtual MSR instead of taking a #GP.

Fixes: 6e3ba4abcea5 ("KVM: vmx: Emulate MSR IA32_UMWAIT_CONTROL")
Cc: stable@vger.kernel.org
Signed-off-by: Sean Christopherson <seanjc@google.com>
Message-Id: <20210810171952.2758100-2-seanjc@google.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
 arch/x86/kvm/vmx/vmx.h |    2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

--- a/arch/x86/kvm/vmx/vmx.h
+++ b/arch/x86/kvm/vmx/vmx.h
@@ -488,7 +488,7 @@ static inline void decache_tsc_multiplie
 
 static inline bool vmx_has_waitpkg(struct vcpu_vmx *vmx)
 {
-	return vmx->secondary_exec_control &
+	return secondary_exec_controls_get(vmx) &
 		SECONDARY_EXEC_ENABLE_USR_WAIT_PAUSE;
 }
 



^ permalink raw reply	[flat|nested] 112+ messages in thread

* [PATCH 5.10 90/96] KVM: nVMX: Use vmx_need_pf_intercept() when deciding if L0 wants a #PF
  2021-08-16 13:01 [PATCH 5.10 00/96] 5.10.60-rc1 review Greg Kroah-Hartman
                   ` (88 preceding siblings ...)
  2021-08-16 13:02 ` [PATCH 5.10 89/96] KVM: VMX: Use current VMCS to query WAITPKG support for MSR emulation Greg Kroah-Hartman
@ 2021-08-16 13:02 ` Greg Kroah-Hartman
  2021-08-16 13:02 ` [PATCH 5.10 91/96] vboxsf: Add vboxsf_[create|release]_sf_handle() helpers Greg Kroah-Hartman
                   ` (5 subsequent siblings)
  95 siblings, 0 replies; 112+ messages in thread
From: Greg Kroah-Hartman @ 2021-08-16 13:02 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Peter Shier, Oliver Upton,
	Jim Mattson, Sean Christopherson, Paolo Bonzini

From: Sean Christopherson <seanjc@google.com>

commit 18712c13709d2de9516c5d3414f707c4f0a9c190 upstream.

Use vmx_need_pf_intercept() when determining if L0 wants to handle a #PF
in L2 or if the VM-Exit should be forwarded to L1.  The current logic fails
to account for the case where #PF is intercepted to handle
guest.MAXPHYADDR < host.MAXPHYADDR and ends up reflecting all #PFs into
L1.  At best, L1 will complain and inject the #PF back into L2.  At
worst, L1 will eat the unexpected fault and cause L2 to hang on infinite
page faults.

Note, while the bug was technically introduced by the commit that added
support for the MAXPHYADDR madness, the shame is all on commit
a0c134347baf ("KVM: VMX: introduce vmx_need_pf_intercept").

Fixes: 1dbf5d68af6f ("KVM: VMX: Add guest physical address check in EPT violation and misconfig")
Cc: stable@vger.kernel.org
Cc: Peter Shier <pshier@google.com>
Cc: Oliver Upton <oupton@google.com>
Cc: Jim Mattson <jmattson@google.com>
Signed-off-by: Sean Christopherson <seanjc@google.com>
Message-Id: <20210812045615.3167686-1-seanjc@google.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
 arch/x86/kvm/vmx/nested.c |    3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

--- a/arch/x86/kvm/vmx/nested.c
+++ b/arch/x86/kvm/vmx/nested.c
@@ -5779,7 +5779,8 @@ static bool nested_vmx_l0_wants_exit(str
 		if (is_nmi(intr_info))
 			return true;
 		else if (is_page_fault(intr_info))
-			return vcpu->arch.apf.host_apf_flags || !enable_ept;
+			return vcpu->arch.apf.host_apf_flags ||
+			       vmx_need_pf_intercept(vcpu);
 		else if (is_debug(intr_info) &&
 			 vcpu->guest_debug &
 			 (KVM_GUESTDBG_SINGLESTEP | KVM_GUESTDBG_USE_HW_BP))



^ permalink raw reply	[flat|nested] 112+ messages in thread

* [PATCH 5.10 91/96] vboxsf: Add vboxsf_[create|release]_sf_handle() helpers
  2021-08-16 13:01 [PATCH 5.10 00/96] 5.10.60-rc1 review Greg Kroah-Hartman
                   ` (89 preceding siblings ...)
  2021-08-16 13:02 ` [PATCH 5.10 90/96] KVM: nVMX: Use vmx_need_pf_intercept() when deciding if L0 wants a #PF Greg Kroah-Hartman
@ 2021-08-16 13:02 ` Greg Kroah-Hartman
  2021-08-16 13:02 ` [PATCH 5.10 92/96] vboxsf: Add support for the atomic_open directory-inode op Greg Kroah-Hartman
                   ` (4 subsequent siblings)
  95 siblings, 0 replies; 112+ messages in thread
From: Greg Kroah-Hartman @ 2021-08-16 13:02 UTC (permalink / raw)
  To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Hans de Goede

From: Hans de Goede <hdegoede@redhat.com>

commit 02f840f90764f22f5c898901849bdbf0cee752ba upstream.

Factor out the code to create / release a struct vboxsf_handle into
2 new helper functions.

This is a preparation patch for adding atomic_open support.

Fixes: 0fd169576648 ("fs: Add VirtualBox guest shared folder (vboxsf) support")
Signed-off-by: Hans de Goede <hdegoede@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
 fs/vboxsf/file.c   |   71 ++++++++++++++++++++++++++++++++---------------------
 fs/vboxsf/vfsmod.h |    7 +++++
 2 files changed, 51 insertions(+), 27 deletions(-)

--- a/fs/vboxsf/file.c
+++ b/fs/vboxsf/file.c
@@ -20,17 +20,39 @@ struct vboxsf_handle {
 	struct list_head head;
 };
 
-static int vboxsf_file_open(struct inode *inode, struct file *file)
+struct vboxsf_handle *vboxsf_create_sf_handle(struct inode *inode,
+					      u64 handle, u32 access_flags)
 {
 	struct vboxsf_inode *sf_i = VBOXSF_I(inode);
-	struct shfl_createparms params = {};
 	struct vboxsf_handle *sf_handle;
-	u32 access_flags = 0;
-	int err;
 
 	sf_handle = kmalloc(sizeof(*sf_handle), GFP_KERNEL);
 	if (!sf_handle)
-		return -ENOMEM;
+		return ERR_PTR(-ENOMEM);
+
+	/* the host may have given us different attr then requested */
+	sf_i->force_restat = 1;
+
+	/* init our handle struct and add it to the inode's handles list */
+	sf_handle->handle = handle;
+	sf_handle->root = VBOXSF_SBI(inode->i_sb)->root;
+	sf_handle->access_flags = access_flags;
+	kref_init(&sf_handle->refcount);
+
+	mutex_lock(&sf_i->handle_list_mutex);
+	list_add(&sf_handle->head, &sf_i->handle_list);
+	mutex_unlock(&sf_i->handle_list_mutex);
+
+	return sf_handle;
+}
+
+static int vboxsf_file_open(struct inode *inode, struct file *file)
+{
+	struct vboxsf_sbi *sbi = VBOXSF_SBI(inode->i_sb);
+	struct shfl_createparms params = {};
+	struct vboxsf_handle *sf_handle;
+	u32 access_flags = 0;
+	int err;
 
 	/*
 	 * We check the value of params.handle afterwards to find out if
@@ -83,23 +105,14 @@ static int vboxsf_file_open(struct inode
 	err = vboxsf_create_at_dentry(file_dentry(file), &params);
 	if (err == 0 && params.handle == SHFL_HANDLE_NIL)
 		err = (params.result == SHFL_FILE_EXISTS) ? -EEXIST : -ENOENT;
-	if (err) {
-		kfree(sf_handle);
+	if (err)
 		return err;
-	}
 
-	/* the host may have given us different attr then requested */
-	sf_i->force_restat = 1;
-
-	/* init our handle struct and add it to the inode's handles list */
-	sf_handle->handle = params.handle;
-	sf_handle->root = VBOXSF_SBI(inode->i_sb)->root;
-	sf_handle->access_flags = access_flags;
-	kref_init(&sf_handle->refcount);
-
-	mutex_lock(&sf_i->handle_list_mutex);
-	list_add(&sf_handle->head, &sf_i->handle_list);
-	mutex_unlock(&sf_i->handle_list_mutex);
+	sf_handle = vboxsf_create_sf_handle(inode, params.handle, access_flags);
+	if (IS_ERR(sf_handle)) {
+		vboxsf_close(sbi->root, params.handle);
+		return PTR_ERR(sf_handle);
+	}
 
 	file->private_data = sf_handle;
 	return 0;
@@ -114,22 +127,26 @@ static void vboxsf_handle_release(struct
 	kfree(sf_handle);
 }
 
-static int vboxsf_file_release(struct inode *inode, struct file *file)
+void vboxsf_release_sf_handle(struct inode *inode, struct vboxsf_handle *sf_handle)
 {
 	struct vboxsf_inode *sf_i = VBOXSF_I(inode);
-	struct vboxsf_handle *sf_handle = file->private_data;
 
+	mutex_lock(&sf_i->handle_list_mutex);
+	list_del(&sf_handle->head);
+	mutex_unlock(&sf_i->handle_list_mutex);
+
+	kref_put(&sf_handle->refcount, vboxsf_handle_release);
+}
+
+static int vboxsf_file_release(struct inode *inode, struct file *file)
+{
 	/*
 	 * When a file is closed on our (the guest) side, we want any subsequent
 	 * accesses done on the host side to see all changes done from our side.
 	 */
 	filemap_write_and_wait(inode->i_mapping);
 
-	mutex_lock(&sf_i->handle_list_mutex);
-	list_del(&sf_handle->head);
-	mutex_unlock(&sf_i->handle_list_mutex);
-
-	kref_put(&sf_handle->refcount, vboxsf_handle_release);
+	vboxsf_release_sf_handle(inode, file->private_data);
 	return 0;
 }
 
--- a/fs/vboxsf/vfsmod.h
+++ b/fs/vboxsf/vfsmod.h
@@ -18,6 +18,8 @@
 #define VBOXSF_SBI(sb)	((struct vboxsf_sbi *)(sb)->s_fs_info)
 #define VBOXSF_I(i)	container_of(i, struct vboxsf_inode, vfs_inode)
 
+struct vboxsf_handle;
+
 struct vboxsf_options {
 	unsigned long ttl;
 	kuid_t uid;
@@ -80,6 +82,11 @@ extern const struct file_operations vbox
 extern const struct address_space_operations vboxsf_reg_aops;
 extern const struct dentry_operations vboxsf_dentry_ops;
 
+/* from file.c */
+struct vboxsf_handle *vboxsf_create_sf_handle(struct inode *inode,
+					      u64 handle, u32 access_flags);
+void vboxsf_release_sf_handle(struct inode *inode, struct vboxsf_handle *sf_handle);
+
 /* from utils.c */
 struct inode *vboxsf_new_inode(struct super_block *sb);
 void vboxsf_init_inode(struct vboxsf_sbi *sbi, struct inode *inode,



^ permalink raw reply	[flat|nested] 112+ messages in thread

* [PATCH 5.10 92/96] vboxsf: Add support for the atomic_open directory-inode op
  2021-08-16 13:01 [PATCH 5.10 00/96] 5.10.60-rc1 review Greg Kroah-Hartman
                   ` (90 preceding siblings ...)
  2021-08-16 13:02 ` [PATCH 5.10 91/96] vboxsf: Add vboxsf_[create|release]_sf_handle() helpers Greg Kroah-Hartman
@ 2021-08-16 13:02 ` Greg Kroah-Hartman
  2021-08-16 13:02 ` [PATCH 5.10 93/96] ceph: add some lockdep assertions around snaprealm handling Greg Kroah-Hartman
                   ` (3 subsequent siblings)
  95 siblings, 0 replies; 112+ messages in thread
From: Greg Kroah-Hartman @ 2021-08-16 13:02 UTC (permalink / raw)
  To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Ludovic Pouzenc, Hans de Goede

From: Hans de Goede <hdegoede@redhat.com>

commit 52dfd86aa568e433b24357bb5fc725560f1e22d8 upstream.

Opening a new file is done in 2 steps on regular filesystems:

1. Call the create inode-op on the parent-dir to create an inode
to hold the meta-data related to the file.
2. Call the open file-op to get a handle for the file.

vboxsf however does not really use disk-backed inodes because it
is based on passing through file-related system-calls through to
the hypervisor. So both steps translate to an open(2) call being
passed through to the hypervisor. With the handle returned by
the first call immediately being closed again.

Making 2 open calls for a single open(..., O_CREATE, ...) calls
has 2 problems:

a) It is not really efficient.
b) It actually breaks some apps.

An example of b) is doing a git clone inside a vboxsf mount.
When git clone tries to create a tempfile to store the pak
files which is downloading the following happens:

1. vboxsf_dir_mkfile() gets called with a mode of 0444 and succeeds.
2. vboxsf_file_open() gets called with file->f_flags containing
O_RDWR. When the host is a Linux machine this fails because doing
a open(..., O_RDWR) on a file which exists and has mode 0444 results
in an -EPERM error.

Other network-filesystems and fuse avoid the problem of needing to
pass 2 open() calls to the other side by using the atomic_open
directory-inode op.

This commit fixes git clone not working inside a vboxsf mount,
by adding support for the atomic_open directory-inode op.
As an added bonus this should also make opening new files faster.

The atomic_open implementation is modelled after the atomic_open
implementations from the 9p and fuse code.

Fixes: 0fd169576648 ("fs: Add VirtualBox guest shared folder (vboxsf) support")
Reported-by: Ludovic Pouzenc <bugreports@pouzenc.fr>
Signed-off-by: Hans de Goede <hdegoede@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
 fs/vboxsf/dir.c |   48 ++++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 48 insertions(+)

--- a/fs/vboxsf/dir.c
+++ b/fs/vboxsf/dir.c
@@ -306,6 +306,53 @@ static int vboxsf_dir_mkdir(struct inode
 	return vboxsf_dir_create(parent, dentry, mode, true, true, NULL);
 }
 
+static int vboxsf_dir_atomic_open(struct inode *parent, struct dentry *dentry,
+				  struct file *file, unsigned int flags, umode_t mode)
+{
+	struct vboxsf_sbi *sbi = VBOXSF_SBI(parent->i_sb);
+	struct vboxsf_handle *sf_handle;
+	struct dentry *res = NULL;
+	u64 handle;
+	int err;
+
+	if (d_in_lookup(dentry)) {
+		res = vboxsf_dir_lookup(parent, dentry, 0);
+		if (IS_ERR(res))
+			return PTR_ERR(res);
+
+		if (res)
+			dentry = res;
+	}
+
+	/* Only creates */
+	if (!(flags & O_CREAT) || d_really_is_positive(dentry))
+		return finish_no_open(file, res);
+
+	err = vboxsf_dir_create(parent, dentry, mode, false, flags & O_EXCL, &handle);
+	if (err)
+		goto out;
+
+	sf_handle = vboxsf_create_sf_handle(d_inode(dentry), handle, SHFL_CF_ACCESS_READWRITE);
+	if (IS_ERR(sf_handle)) {
+		vboxsf_close(sbi->root, handle);
+		err = PTR_ERR(sf_handle);
+		goto out;
+	}
+
+	err = finish_open(file, dentry, generic_file_open);
+	if (err) {
+		/* This also closes the handle passed to vboxsf_create_sf_handle() */
+		vboxsf_release_sf_handle(d_inode(dentry), sf_handle);
+		goto out;
+	}
+
+	file->private_data = sf_handle;
+	file->f_mode |= FMODE_CREATED;
+out:
+	dput(res);
+	return err;
+}
+
 static int vboxsf_dir_unlink(struct inode *parent, struct dentry *dentry)
 {
 	struct vboxsf_sbi *sbi = VBOXSF_SBI(parent->i_sb);
@@ -424,6 +471,7 @@ const struct inode_operations vboxsf_dir
 	.lookup  = vboxsf_dir_lookup,
 	.create  = vboxsf_dir_mkfile,
 	.mkdir   = vboxsf_dir_mkdir,
+	.atomic_open = vboxsf_dir_atomic_open,
 	.rmdir   = vboxsf_dir_unlink,
 	.unlink  = vboxsf_dir_unlink,
 	.rename  = vboxsf_dir_rename,



^ permalink raw reply	[flat|nested] 112+ messages in thread

* [PATCH 5.10 93/96] ceph: add some lockdep assertions around snaprealm handling
  2021-08-16 13:01 [PATCH 5.10 00/96] 5.10.60-rc1 review Greg Kroah-Hartman
                   ` (91 preceding siblings ...)
  2021-08-16 13:02 ` [PATCH 5.10 92/96] vboxsf: Add support for the atomic_open directory-inode op Greg Kroah-Hartman
@ 2021-08-16 13:02 ` Greg Kroah-Hartman
  2021-08-16 13:02 ` [PATCH 5.10 94/96] ceph: clean up locking annotation for ceph_get_snap_realm and __lookup_snap_realm Greg Kroah-Hartman
                   ` (2 subsequent siblings)
  95 siblings, 0 replies; 112+ messages in thread
From: Greg Kroah-Hartman @ 2021-08-16 13:02 UTC (permalink / raw)
  To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Jeff Layton, Ilya Dryomov

From: Jeff Layton <jlayton@kernel.org>

commit a6862e6708c15995bc10614b2ef34ca35b4b9078 upstream.

Turn some comments into lockdep asserts.

Signed-off-by: Jeff Layton <jlayton@kernel.org>
Reviewed-by: Ilya Dryomov <idryomov@gmail.com>
Signed-off-by: Ilya Dryomov <idryomov@gmail.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
 fs/ceph/snap.c |   16 ++++++++++++++++
 1 file changed, 16 insertions(+)

--- a/fs/ceph/snap.c
+++ b/fs/ceph/snap.c
@@ -65,6 +65,8 @@
 void ceph_get_snap_realm(struct ceph_mds_client *mdsc,
 			 struct ceph_snap_realm *realm)
 {
+	lockdep_assert_held_write(&mdsc->snap_rwsem);
+
 	dout("get_realm %p %d -> %d\n", realm,
 	     atomic_read(&realm->nref), atomic_read(&realm->nref)+1);
 	/*
@@ -113,6 +115,8 @@ static struct ceph_snap_realm *ceph_crea
 {
 	struct ceph_snap_realm *realm;
 
+	lockdep_assert_held_write(&mdsc->snap_rwsem);
+
 	realm = kzalloc(sizeof(*realm), GFP_NOFS);
 	if (!realm)
 		return ERR_PTR(-ENOMEM);
@@ -143,6 +147,8 @@ static struct ceph_snap_realm *__lookup_
 	struct rb_node *n = mdsc->snap_realms.rb_node;
 	struct ceph_snap_realm *r;
 
+	lockdep_assert_held_write(&mdsc->snap_rwsem);
+
 	while (n) {
 		r = rb_entry(n, struct ceph_snap_realm, node);
 		if (ino < r->ino)
@@ -176,6 +182,8 @@ static void __put_snap_realm(struct ceph
 static void __destroy_snap_realm(struct ceph_mds_client *mdsc,
 				 struct ceph_snap_realm *realm)
 {
+	lockdep_assert_held_write(&mdsc->snap_rwsem);
+
 	dout("__destroy_snap_realm %p %llx\n", realm, realm->ino);
 
 	rb_erase(&realm->node, &mdsc->snap_realms);
@@ -198,6 +206,8 @@ static void __destroy_snap_realm(struct
 static void __put_snap_realm(struct ceph_mds_client *mdsc,
 			     struct ceph_snap_realm *realm)
 {
+	lockdep_assert_held_write(&mdsc->snap_rwsem);
+
 	dout("__put_snap_realm %llx %p %d -> %d\n", realm->ino, realm,
 	     atomic_read(&realm->nref), atomic_read(&realm->nref)-1);
 	if (atomic_dec_and_test(&realm->nref))
@@ -236,6 +246,8 @@ static void __cleanup_empty_realms(struc
 {
 	struct ceph_snap_realm *realm;
 
+	lockdep_assert_held_write(&mdsc->snap_rwsem);
+
 	spin_lock(&mdsc->snap_empty_lock);
 	while (!list_empty(&mdsc->snap_empty)) {
 		realm = list_first_entry(&mdsc->snap_empty,
@@ -269,6 +281,8 @@ static int adjust_snap_realm_parent(stru
 {
 	struct ceph_snap_realm *parent;
 
+	lockdep_assert_held_write(&mdsc->snap_rwsem);
+
 	if (realm->parent_ino == parentino)
 		return 0;
 
@@ -686,6 +700,8 @@ int ceph_update_snap_trace(struct ceph_m
 	int err = -ENOMEM;
 	LIST_HEAD(dirty_realms);
 
+	lockdep_assert_held_write(&mdsc->snap_rwsem);
+
 	dout("update_snap_trace deletion=%d\n", deletion);
 more:
 	ceph_decode_need(&p, e, sizeof(*ri), bad);



^ permalink raw reply	[flat|nested] 112+ messages in thread

* [PATCH 5.10 94/96] ceph: clean up locking annotation for ceph_get_snap_realm and __lookup_snap_realm
  2021-08-16 13:01 [PATCH 5.10 00/96] 5.10.60-rc1 review Greg Kroah-Hartman
                   ` (92 preceding siblings ...)
  2021-08-16 13:02 ` [PATCH 5.10 93/96] ceph: add some lockdep assertions around snaprealm handling Greg Kroah-Hartman
@ 2021-08-16 13:02 ` Greg Kroah-Hartman
  2021-08-16 13:02 ` [PATCH 5.10 95/96] ceph: take snap_empty_lock atomically with snaprealm refcount change Greg Kroah-Hartman
  2021-08-16 13:02 ` [PATCH 5.10 96/96] vmlinux.lds.h: Handle clangs module.{c,d}tor sections Greg Kroah-Hartman
  95 siblings, 0 replies; 112+ messages in thread
From: Greg Kroah-Hartman @ 2021-08-16 13:02 UTC (permalink / raw)
  To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Jeff Layton, Ilya Dryomov

From: Jeff Layton <jlayton@kernel.org>

commit df2c0cb7f8e8c83e495260ad86df8c5da947f2a7 upstream.

They both say that the snap_rwsem must be held for write, but I don't
see any real reason for it, and it's not currently always called that
way.

The lookup is just walking the rbtree, so holding it for read should be
fine there. The "get" is bumping the refcount and (possibly) removing
it from the empty list. I see no need to hold the snap_rwsem for write
for that.

Signed-off-by: Jeff Layton <jlayton@kernel.org>
Reviewed-by: Ilya Dryomov <idryomov@gmail.com>
Signed-off-by: Ilya Dryomov <idryomov@gmail.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
 fs/ceph/snap.c |    8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

--- a/fs/ceph/snap.c
+++ b/fs/ceph/snap.c
@@ -60,12 +60,12 @@
 /*
  * increase ref count for the realm
  *
- * caller must hold snap_rwsem for write.
+ * caller must hold snap_rwsem.
  */
 void ceph_get_snap_realm(struct ceph_mds_client *mdsc,
 			 struct ceph_snap_realm *realm)
 {
-	lockdep_assert_held_write(&mdsc->snap_rwsem);
+	lockdep_assert_held(&mdsc->snap_rwsem);
 
 	dout("get_realm %p %d -> %d\n", realm,
 	     atomic_read(&realm->nref), atomic_read(&realm->nref)+1);
@@ -139,7 +139,7 @@ static struct ceph_snap_realm *ceph_crea
 /*
  * lookup the realm rooted at @ino.
  *
- * caller must hold snap_rwsem for write.
+ * caller must hold snap_rwsem.
  */
 static struct ceph_snap_realm *__lookup_snap_realm(struct ceph_mds_client *mdsc,
 						   u64 ino)
@@ -147,7 +147,7 @@ static struct ceph_snap_realm *__lookup_
 	struct rb_node *n = mdsc->snap_realms.rb_node;
 	struct ceph_snap_realm *r;
 
-	lockdep_assert_held_write(&mdsc->snap_rwsem);
+	lockdep_assert_held(&mdsc->snap_rwsem);
 
 	while (n) {
 		r = rb_entry(n, struct ceph_snap_realm, node);



^ permalink raw reply	[flat|nested] 112+ messages in thread

* [PATCH 5.10 95/96] ceph: take snap_empty_lock atomically with snaprealm refcount change
  2021-08-16 13:01 [PATCH 5.10 00/96] 5.10.60-rc1 review Greg Kroah-Hartman
                   ` (93 preceding siblings ...)
  2021-08-16 13:02 ` [PATCH 5.10 94/96] ceph: clean up locking annotation for ceph_get_snap_realm and __lookup_snap_realm Greg Kroah-Hartman
@ 2021-08-16 13:02 ` Greg Kroah-Hartman
  2021-08-16 13:02 ` [PATCH 5.10 96/96] vmlinux.lds.h: Handle clangs module.{c,d}tor sections Greg Kroah-Hartman
  95 siblings, 0 replies; 112+ messages in thread
From: Greg Kroah-Hartman @ 2021-08-16 13:02 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Mark Nelson, Jeff Layton,
	Luis Henriques, Ilya Dryomov

From: Jeff Layton <jlayton@kernel.org>

commit 8434ffe71c874b9c4e184b88d25de98c2bf5fe3f upstream.

There is a race in ceph_put_snap_realm. The change to the nref and the
spinlock acquisition are not done atomically, so you could decrement
nref, and before you take the spinlock, the nref is incremented again.
At that point, you end up putting it on the empty list when it
shouldn't be there. Eventually __cleanup_empty_realms runs and frees
it when it's still in-use.

Fix this by protecting the 1->0 transition with atomic_dec_and_lock,
and just drop the spinlock if we can get the rwsem.

Because these objects can also undergo a 0->1 refcount transition, we
must protect that change as well with the spinlock. Increment locklessly
unless the value is at 0, in which case we take the spinlock, increment
and then take it off the empty list if it did the 0->1 transition.

With these changes, I'm removing the dout() messages from these
functions, as well as in __put_snap_realm. They've always been racy, and
it's better to not print values that may be misleading.

Cc: stable@vger.kernel.org
URL: https://tracker.ceph.com/issues/46419
Reported-by: Mark Nelson <mnelson@redhat.com>
Signed-off-by: Jeff Layton <jlayton@kernel.org>
Reviewed-by: Luis Henriques <lhenriques@suse.de>
Signed-off-by: Ilya Dryomov <idryomov@gmail.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
 fs/ceph/snap.c |   34 +++++++++++++++++-----------------
 1 file changed, 17 insertions(+), 17 deletions(-)

--- a/fs/ceph/snap.c
+++ b/fs/ceph/snap.c
@@ -67,19 +67,19 @@ void ceph_get_snap_realm(struct ceph_mds
 {
 	lockdep_assert_held(&mdsc->snap_rwsem);
 
-	dout("get_realm %p %d -> %d\n", realm,
-	     atomic_read(&realm->nref), atomic_read(&realm->nref)+1);
 	/*
-	 * since we _only_ increment realm refs or empty the empty
-	 * list with snap_rwsem held, adjusting the empty list here is
-	 * safe.  we do need to protect against concurrent empty list
-	 * additions, however.
+	 * The 0->1 and 1->0 transitions must take the snap_empty_lock
+	 * atomically with the refcount change. Go ahead and bump the
+	 * nref here, unless it's 0, in which case we take the spinlock
+	 * and then do the increment and remove it from the list.
 	 */
-	if (atomic_inc_return(&realm->nref) == 1) {
-		spin_lock(&mdsc->snap_empty_lock);
+	if (atomic_inc_not_zero(&realm->nref))
+		return;
+
+	spin_lock(&mdsc->snap_empty_lock);
+	if (atomic_inc_return(&realm->nref) == 1)
 		list_del_init(&realm->empty_item);
-		spin_unlock(&mdsc->snap_empty_lock);
-	}
+	spin_unlock(&mdsc->snap_empty_lock);
 }
 
 static void __insert_snap_realm(struct rb_root *root,
@@ -208,28 +208,28 @@ static void __put_snap_realm(struct ceph
 {
 	lockdep_assert_held_write(&mdsc->snap_rwsem);
 
-	dout("__put_snap_realm %llx %p %d -> %d\n", realm->ino, realm,
-	     atomic_read(&realm->nref), atomic_read(&realm->nref)-1);
+	/*
+	 * We do not require the snap_empty_lock here, as any caller that
+	 * increments the value must hold the snap_rwsem.
+	 */
 	if (atomic_dec_and_test(&realm->nref))
 		__destroy_snap_realm(mdsc, realm);
 }
 
 /*
- * caller needn't hold any locks
+ * See comments in ceph_get_snap_realm. Caller needn't hold any locks.
  */
 void ceph_put_snap_realm(struct ceph_mds_client *mdsc,
 			 struct ceph_snap_realm *realm)
 {
-	dout("put_snap_realm %llx %p %d -> %d\n", realm->ino, realm,
-	     atomic_read(&realm->nref), atomic_read(&realm->nref)-1);
-	if (!atomic_dec_and_test(&realm->nref))
+	if (!atomic_dec_and_lock(&realm->nref, &mdsc->snap_empty_lock))
 		return;
 
 	if (down_write_trylock(&mdsc->snap_rwsem)) {
+		spin_unlock(&mdsc->snap_empty_lock);
 		__destroy_snap_realm(mdsc, realm);
 		up_write(&mdsc->snap_rwsem);
 	} else {
-		spin_lock(&mdsc->snap_empty_lock);
 		list_add(&realm->empty_item, &mdsc->snap_empty);
 		spin_unlock(&mdsc->snap_empty_lock);
 	}



^ permalink raw reply	[flat|nested] 112+ messages in thread

* [PATCH 5.10 96/96] vmlinux.lds.h: Handle clangs module.{c,d}tor sections
  2021-08-16 13:01 [PATCH 5.10 00/96] 5.10.60-rc1 review Greg Kroah-Hartman
                   ` (94 preceding siblings ...)
  2021-08-16 13:02 ` [PATCH 5.10 95/96] ceph: take snap_empty_lock atomically with snaprealm refcount change Greg Kroah-Hartman
@ 2021-08-16 13:02 ` Greg Kroah-Hartman
  95 siblings, 0 replies; 112+ messages in thread
From: Greg Kroah-Hartman @ 2021-08-16 13:02 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Nathan Chancellor, Nick Desaulniers,
	Fangrui Song, Marco Elver, Kees Cook

From: Nathan Chancellor <nathan@kernel.org>

commit 848378812e40152abe9b9baf58ce2004f76fb988 upstream.

A recent change in LLVM causes module_{c,d}tor sections to appear when
CONFIG_K{A,C}SAN are enabled, which results in orphan section warnings
because these are not handled anywhere:

ld.lld: warning: arch/x86/pci/built-in.a(legacy.o):(.text.asan.module_ctor) is being placed in '.text.asan.module_ctor'
ld.lld: warning: arch/x86/pci/built-in.a(legacy.o):(.text.asan.module_dtor) is being placed in '.text.asan.module_dtor'
ld.lld: warning: arch/x86/pci/built-in.a(legacy.o):(.text.tsan.module_ctor) is being placed in '.text.tsan.module_ctor'

Fangrui explains: "the function asan.module_ctor has the SHF_GNU_RETAIN
flag, so it is in a separate section even with -fno-function-sections
(default)".

Place them in the TEXT_TEXT section so that these technologies continue
to work with the newer compiler versions. All of the KASAN and KCSAN
KUnit tests continue to pass after this change.

Cc: stable@vger.kernel.org
Link: https://github.com/ClangBuiltLinux/linux/issues/1432
Link: https://github.com/llvm/llvm-project/commit/7b789562244ee941b7bf2cefeb3fc08a59a01865
Signed-off-by: Nathan Chancellor <nathan@kernel.org>
Reviewed-by: Nick Desaulniers <ndesaulniers@google.com>
Reviewed-by: Fangrui Song <maskray@google.com>
Acked-by: Marco Elver <elver@google.com>
Signed-off-by: Kees Cook <keescook@chromium.org>
Link: https://lore.kernel.org/r/20210731023107.1932981-1-nathan@kernel.org
[nc: Resolve conflict due to lack of cf68fffb66d60]
Signed-off-by: Nathan Chancellor <nathan@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
 include/asm-generic/vmlinux.lds.h |    1 +
 1 file changed, 1 insertion(+)

--- a/include/asm-generic/vmlinux.lds.h
+++ b/include/asm-generic/vmlinux.lds.h
@@ -599,6 +599,7 @@
 		NOINSTR_TEXT						\
 		*(.text..refcount)					\
 		*(.ref.text)						\
+		*(.text.asan.* .text.tsan.*)				\
 	MEM_KEEP(init.text*)						\
 	MEM_KEEP(exit.text*)						\
 



^ permalink raw reply	[flat|nested] 112+ messages in thread

* Re: [PATCH 5.10 52/96] net: dsa: microchip: ksz8795: Fix VLAN filtering
  2021-08-16 13:02 ` [PATCH 5.10 52/96] net: dsa: microchip: ksz8795: Fix VLAN filtering Greg Kroah-Hartman
@ 2021-08-16 13:28   ` Ben Hutchings
  2021-08-16 16:27     ` Greg Kroah-Hartman
  0 siblings, 1 reply; 112+ messages in thread
From: Ben Hutchings @ 2021-08-16 13:28 UTC (permalink / raw)
  To: Greg Kroah-Hartman; +Cc: linux-kernel, stable, David S. Miller, Sasha Levin

On Mon, Aug 16, 2021 at 03:02:02PM +0200, Greg Kroah-Hartman wrote:
> From: Ben Hutchings <ben.hutchings@mind.be>
> 
> [ Upstream commit 164844135a3f215d3018ee9d6875336beb942413 ]

This will probably work on its own, but it was tested as part of a
series of changes to VLAN handling in the driver.  Since I initially
developed and tested that on top of 5.10-stable, I would prefer to
send you the complete series to apply together.

Ben.

> Currently ksz8_port_vlan_filtering() sets or clears the VLAN Enable
> hardware flag.  That controls discarding of packets with a VID that
> has not been enabled for any port on the switch.
> 
> Since it is a global flag, set the dsa_switch::vlan_filtering_is_global
> flag so that the DSA core understands this can't be controlled per
> port.
> 
> When VLAN filtering is enabled, the switch should also discard packets
> with a VID that's not enabled on the ingress port.  Set or clear each
> external port's VLAN Ingress Filter flag in ksz8_port_vlan_filtering()
> to make that happen.
> 
> Fixes: e66f840c08a2 ("net: dsa: ksz: Add Microchip KSZ8795 DSA driver")
> Signed-off-by: Ben Hutchings <ben.hutchings@mind.be>
> Signed-off-by: David S. Miller <davem@davemloft.net>
> Signed-off-by: Sasha Levin <sashal@kernel.org>
> ---
>  drivers/net/dsa/microchip/ksz8795.c | 11 +++++++++++
>  1 file changed, 11 insertions(+)
> 
> diff --git a/drivers/net/dsa/microchip/ksz8795.c b/drivers/net/dsa/microchip/ksz8795.c
> index 1e101ab56cea..108a14db1f1a 100644
> --- a/drivers/net/dsa/microchip/ksz8795.c
> +++ b/drivers/net/dsa/microchip/ksz8795.c
> @@ -790,8 +790,14 @@ static int ksz8795_port_vlan_filtering(struct dsa_switch *ds, int port,
>  	if (switchdev_trans_ph_prepare(trans))
>  		return 0;
>  
> +	/* Discard packets with VID not enabled on the switch */
>  	ksz_cfg(dev, S_MIRROR_CTRL, SW_VLAN_ENABLE, flag);
>  
> +	/* Discard packets with VID not enabled on the ingress port */
> +	for (port = 0; port < dev->phy_port_cnt; ++port)
> +		ksz_port_cfg(dev, port, REG_PORT_CTRL_2, PORT_INGRESS_FILTER,
> +			     flag);
> +
>  	return 0;
>  }
>  
> @@ -1266,6 +1272,11 @@ static int ksz8795_switch_init(struct ksz_device *dev)
>  	/* set the real number of ports */
>  	dev->ds->num_ports = dev->port_cnt + 1;
>  
> +	/* VLAN filtering is partly controlled by the global VLAN
> +	 * Enable flag
> +	 */
> +	dev->ds->vlan_filtering_is_global = true;
> +
>  	return 0;
>  }
>  
> -- 
> 2.30.2
> 
> 
> 

-- 
Ben Hutchings · Senior Embedded Software Engineer, Essensium-Mind · mind.be

^ permalink raw reply	[flat|nested] 112+ messages in thread

* Re: [PATCH 5.10 52/96] net: dsa: microchip: ksz8795: Fix VLAN filtering
  2021-08-16 13:28   ` Ben Hutchings
@ 2021-08-16 16:27     ` Greg Kroah-Hartman
  2021-08-16 17:49       ` Ben Hutchings
  0 siblings, 1 reply; 112+ messages in thread
From: Greg Kroah-Hartman @ 2021-08-16 16:27 UTC (permalink / raw)
  To: Ben Hutchings; +Cc: linux-kernel, stable, David S. Miller, Sasha Levin

On Mon, Aug 16, 2021 at 03:28:58PM +0200, Ben Hutchings wrote:
> On Mon, Aug 16, 2021 at 03:02:02PM +0200, Greg Kroah-Hartman wrote:
> > From: Ben Hutchings <ben.hutchings@mind.be>
> > 
> > [ Upstream commit 164844135a3f215d3018ee9d6875336beb942413 ]
> 
> This will probably work on its own, but it was tested as part of a
> series of changes to VLAN handling in the driver.  Since I initially
> developed and tested that on top of 5.10-stable, I would prefer to
> send you the complete series to apply together.

What is the "complete series"?  We have 7 patches for this driver in
this round of kernel rc reviews.  What specific git ids are you
referring to?

thanks,

greg k-h

^ permalink raw reply	[flat|nested] 112+ messages in thread

* Re: [PATCH 5.10 52/96] net: dsa: microchip: ksz8795: Fix VLAN filtering
  2021-08-16 16:27     ` Greg Kroah-Hartman
@ 2021-08-16 17:49       ` Ben Hutchings
  2021-08-16 18:09         ` [PATCH 5.10 1/5] net: dsa: microchip: Fix probing KSZ87xx switch with DT node for host port Ben Hutchings
                           ` (5 more replies)
  0 siblings, 6 replies; 112+ messages in thread
From: Ben Hutchings @ 2021-08-16 17:49 UTC (permalink / raw)
  To: Greg Kroah-Hartman; +Cc: linux-kernel, stable, David S. Miller, Sasha Levin

On Mon, Aug 16, 2021 at 06:27:24PM +0200, Greg Kroah-Hartman wrote:
> On Mon, Aug 16, 2021 at 03:28:58PM +0200, Ben Hutchings wrote:
> > On Mon, Aug 16, 2021 at 03:02:02PM +0200, Greg Kroah-Hartman wrote:
> > > From: Ben Hutchings <ben.hutchings@mind.be>
> > > 
> > > [ Upstream commit 164844135a3f215d3018ee9d6875336beb942413 ]
> > 
> > This will probably work on its own, but it was tested as part of a
> > series of changes to VLAN handling in the driver.  Since I initially
> > developed and tested that on top of 5.10-stable, I would prefer to
> > send you the complete series to apply together.
> 
> What is the "complete series"?  We have 7 patches for this driver in
> this round of kernel rc reviews.

You have the full series queued up for 5.13, but only 2 of them for
5.10.

> What specific git ids are you referring to?

The fixes missing from the 5.10 queue are:

ef3b02a1d79b691f9a354c4903cf1e6917e315f9
8f4f58f88fe0d9bd591f21f53de7dbd42baeb3fa
af01754f9e3c553a2ee63b4693c79a3956e230ab
9130c2d30c17846287b803a9803106318cbe5266

(I also have another fix just for 5.10 because the issue was fixed by
a refactoring in 5.11 that wouldn't be suitable for stable.)

Ben.

-- 
Ben Hutchings · Senior Embedded Software Engineer, Essensium-Mind · mind.be

^ permalink raw reply	[flat|nested] 112+ messages in thread

* [PATCH 5.10 1/5] net: dsa: microchip: Fix probing KSZ87xx switch with DT node for host port
  2021-08-16 17:49       ` Ben Hutchings
@ 2021-08-16 18:09         ` Ben Hutchings
  2021-08-16 18:09         ` [PATCH 5.10 2/5] net: dsa: microchip: ksz8795: Fix PVID tag insertion Ben Hutchings
                           ` (4 subsequent siblings)
  5 siblings, 0 replies; 112+ messages in thread
From: Ben Hutchings @ 2021-08-16 18:09 UTC (permalink / raw)
  To: Greg Kroah-Hartman
  Cc: linux-kernel, stable, David S. Miller, Sasha Levin, Woojung Huh,
	Microchip Linux Driver Support, Michael Grzeschik, Marek Vasut

The ksz8795 and ksz9477 drivers differ in the way they count ports.
For ksz8795, ksz_device::port_cnt does not include the host port
whereas for ksz9477 it does.  This inconsistency was fixed in Linux
5.11 by a series of changes, but remains in 5.10-stable.

When probing, the common code treats a port device node with an
address >= dev->port_cnt as a fatal error.  As a minimal fix, change
it to compare again dev->mib_port_cnt.  This is the length of the
dev->ports array that the port number will be used to index, and
always includes the host port.

Cc: Woojung Huh <woojung.huh@microchip.com>
Cc: Microchip Linux Driver Support <UNGLinuxDriver@microchip.com>
Cc: Michael Grzeschik <m.grzeschik@pengutronix.de>
Cc: Marek Vasut <marex@denx.de>
Signed-off-by: Ben Hutchings <ben.hutchings@mind.be>
---
 drivers/net/dsa/microchip/ksz_common.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/drivers/net/dsa/microchip/ksz_common.c b/drivers/net/dsa/microchip/ksz_common.c
index d4a64dbde315..88fa0779e0bc 100644
--- a/drivers/net/dsa/microchip/ksz_common.c
+++ b/drivers/net/dsa/microchip/ksz_common.c
@@ -432,7 +432,7 @@ int ksz_switch_register(struct ksz_device *dev,
 				if (of_property_read_u32(port, "reg",
 							 &port_num))
 					continue;
-				if (port_num >= dev->port_cnt)
+				if (port_num >= dev->mib_port_cnt)
 					return -EINVAL;
 				of_get_phy_mode(port,
 						&dev->ports[port_num].interface);
-- 
2.20.1


^ permalink raw reply related	[flat|nested] 112+ messages in thread

* [PATCH 5.10 2/5] net: dsa: microchip: ksz8795: Fix PVID tag insertion
  2021-08-16 17:49       ` Ben Hutchings
  2021-08-16 18:09         ` [PATCH 5.10 1/5] net: dsa: microchip: Fix probing KSZ87xx switch with DT node for host port Ben Hutchings
@ 2021-08-16 18:09         ` Ben Hutchings
  2021-08-16 18:09         ` [PATCH 5.10 3/5] net: dsa: microchip: ksz8795: Reject unsupported VLAN configuration Ben Hutchings
                           ` (3 subsequent siblings)
  5 siblings, 0 replies; 112+ messages in thread
From: Ben Hutchings @ 2021-08-16 18:09 UTC (permalink / raw)
  To: Greg Kroah-Hartman; +Cc: linux-kernel, stable, David S. Miller, Sasha Levin

commit ef3b02a1d79b691f9a354c4903cf1e6917e315f9 upstream.

ksz8795 has never actually enabled PVID tag insertion, and it also
programmed the PVID incorrectly.  To fix this:

* Allow tag insertion to be controlled per ingress port.  On most
  chips, set bit 2 in Global Control 19.  On KSZ88x3 this control
  flag doesn't exist.

* When adding a PVID:
  - Set the appropriate register bits to enable tag insertion on
    egress at every other port if this was the packet's ingress port.
  - Mask *out* the VID from the default tag, before or-ing in the new
    PVID.

* When removing a PVID:
  - Clear the same control bits to disable tag insertion.
  - Don't update the default tag.  This wasn't doing anything useful.

Fixes: e66f840c08a2 ("net: dsa: ksz: Add Microchip KSZ8795 DSA driver")
Signed-off-by: Ben Hutchings <ben.hutchings@mind.be>
Signed-off-by: David S. Miller <davem@davemloft.net>
[bwh: Backport to 5.10:
 - Drop the KSZ88x3 cases as those chips are not supported here
 - Handle VID ranges in ksz8795_port_vlan_del()]
Signed-off-by: Ben Hutchings <ben.hutchings@mind.be>
---
 drivers/net/dsa/microchip/ksz8795.c | 15 ++++++++++-----
 1 file changed, 10 insertions(+), 5 deletions(-)

diff --git a/drivers/net/dsa/microchip/ksz8795.c b/drivers/net/dsa/microchip/ksz8795.c
index 108a14db1f1a..3d36ffff1f4e 100644
--- a/drivers/net/dsa/microchip/ksz8795.c
+++ b/drivers/net/dsa/microchip/ksz8795.c
@@ -833,9 +833,11 @@ static void ksz8795_port_vlan_add(struct dsa_switch *ds, int port,
 
 	if (new_pvid) {
 		ksz_pread16(dev, port, REG_PORT_CTRL_VID, &vid);
-		vid &= 0xfff;
+		vid &= ~VLAN_VID_MASK;
 		vid |= new_pvid;
 		ksz_pwrite16(dev, port, REG_PORT_CTRL_VID, vid);
+
+		ksz_pwrite8(dev, port, REG_PORT_CTRL_12, 0x0f);
 	}
 }
 
@@ -844,8 +846,9 @@ static int ksz8795_port_vlan_del(struct dsa_switch *ds, int port,
 {
 	bool untagged = vlan->flags & BRIDGE_VLAN_INFO_UNTAGGED;
 	struct ksz_device *dev = ds->priv;
-	u16 data, vid, pvid, new_pvid = 0;
+	u16 data, vid, pvid;
 	u8 fid, member, valid;
+	bool del_pvid = false;
 
 	ksz_pread16(dev, port, REG_PORT_CTRL_VID, &pvid);
 	pvid = pvid & 0xFFF;
@@ -865,14 +868,14 @@ static int ksz8795_port_vlan_del(struct dsa_switch *ds, int port,
 		}
 
 		if (pvid == vid)
-			new_pvid = 1;
+			del_pvid = true;
 
 		ksz8795_to_vlan(fid, member, valid, &data);
 		ksz8795_w_vlan_table(dev, vid, data);
 	}
 
-	if (new_pvid != pvid)
-		ksz_pwrite16(dev, port, REG_PORT_CTRL_VID, pvid);
+	if (del_pvid)
+		ksz_pwrite8(dev, port, REG_PORT_CTRL_12, 0x00);
 
 	return 0;
 }
@@ -1085,6 +1088,8 @@ static int ksz8795_setup(struct dsa_switch *ds)
 
 	ksz_cfg(dev, S_MIRROR_CTRL, SW_MIRROR_RX_TX, false);
 
+	ksz_cfg(dev, REG_SW_CTRL_19, SW_INS_TAG_ENABLE, true);
+
 	/* set broadcast storm protection 10% rate */
 	regmap_update_bits(dev->regmap[1], S_REPLACE_VID_CTRL,
 			   BROADCAST_STORM_RATE,
-- 
2.20.1


^ permalink raw reply related	[flat|nested] 112+ messages in thread

* [PATCH 5.10 3/5] net: dsa: microchip: ksz8795: Reject unsupported VLAN configuration
  2021-08-16 17:49       ` Ben Hutchings
  2021-08-16 18:09         ` [PATCH 5.10 1/5] net: dsa: microchip: Fix probing KSZ87xx switch with DT node for host port Ben Hutchings
  2021-08-16 18:09         ` [PATCH 5.10 2/5] net: dsa: microchip: ksz8795: Fix PVID tag insertion Ben Hutchings
@ 2021-08-16 18:09         ` Ben Hutchings
  2021-08-16 18:09         ` [PATCH 5.10 4/5] net: dsa: microchip: ksz8795: Fix VLAN untagged flag change on deletion Ben Hutchings
                           ` (2 subsequent siblings)
  5 siblings, 0 replies; 112+ messages in thread
From: Ben Hutchings @ 2021-08-16 18:09 UTC (permalink / raw)
  To: Greg Kroah-Hartman; +Cc: linux-kernel, stable, David S. Miller, Sasha Levin

commit 8f4f58f88fe0d9bd591f21f53de7dbd42baeb3fa upstream.

The switches supported by ksz8795 only have a per-port flag for Tag
Removal.  This means it is not possible to support both tagged and
untagged VLANs on the same port.  Reject attempts to add a VLAN that
requires the flag to be changed, unless there are no VLANs currently
configured.

VID 0 is excluded from this check since it is untagged regardless of
the state of the flag.

On the CPU port we could support tagged and untagged VLANs at the same
time.  This will be enabled by a later patch.

Fixes: e66f840c08a2 ("net: dsa: ksz: Add Microchip KSZ8795 DSA driver")
Signed-off-by: Ben Hutchings <ben.hutchings@mind.be>
Signed-off-by: David S. Miller <davem@davemloft.net>
[bwh: Backport to 5.10:
 - This configuration has to be detected and rejected in the
   port_vlan_prepare operation
 - ksz8795_port_vlan_add() has to check again to decide whether to
   change the Tag Removal flag, so put the common condition in a
   separate function
 - Handle VID ranges]
Signed-off-by: Ben Hutchings <ben.hutchings@mind.be>
---
 drivers/net/dsa/microchip/ksz8795.c    | 55 +++++++++++++++++++++++++-
 drivers/net/dsa/microchip/ksz_common.h |  1 +
 2 files changed, 54 insertions(+), 2 deletions(-)

diff --git a/drivers/net/dsa/microchip/ksz8795.c b/drivers/net/dsa/microchip/ksz8795.c
index 3d36ffff1f4e..b4b164d75520 100644
--- a/drivers/net/dsa/microchip/ksz8795.c
+++ b/drivers/net/dsa/microchip/ksz8795.c
@@ -801,15 +801,66 @@ static int ksz8795_port_vlan_filtering(struct dsa_switch *ds, int port,
 	return 0;
 }
 
+static bool ksz8795_port_vlan_changes_remove_tag(
+	struct dsa_switch *ds, int port,
+	const struct switchdev_obj_port_vlan *vlan)
+{
+	bool untagged = vlan->flags & BRIDGE_VLAN_INFO_UNTAGGED;
+	struct ksz_device *dev = ds->priv;
+	struct ksz_port *p = &dev->ports[port];
+
+	/* If a VLAN is added with untagged flag different from the
+	 * port's Remove Tag flag, we need to change the latter.
+	 * Ignore VID 0, which is always untagged.
+	 */
+	return untagged != p->remove_tag &&
+		!(vlan->vid_begin == 0 && vlan->vid_end == 0);
+}
+
+int ksz8795_port_vlan_prepare(struct dsa_switch *ds, int port,
+			      const struct switchdev_obj_port_vlan *vlan)
+{
+	struct ksz_device *dev = ds->priv;
+
+	/* Reject attempts to add a VLAN that requires the Remove Tag
+	 * flag to be changed, unless there are no other VLANs
+	 * currently configured.
+	 */
+	if (ksz8795_port_vlan_changes_remove_tag(ds, port, vlan)) {
+		unsigned int vid;
+
+		for (vid = 1; vid < dev->num_vlans; ++vid) {
+			u8 fid, member, valid;
+
+			/* Skip the VIDs we are going to add or reconfigure */
+			if (vid == vlan->vid_begin) {
+				vid = vlan->vid_end;
+				continue;
+			}
+
+			ksz8795_from_vlan(dev->vlan_cache[vid].table[0],
+					  &fid, &member, &valid);
+			if (valid && (member & BIT(port)))
+				return -EINVAL;
+		}
+	}
+
+	return ksz_port_vlan_prepare(ds, port, vlan);
+}
+
 static void ksz8795_port_vlan_add(struct dsa_switch *ds, int port,
 				  const struct switchdev_obj_port_vlan *vlan)
 {
 	bool untagged = vlan->flags & BRIDGE_VLAN_INFO_UNTAGGED;
 	struct ksz_device *dev = ds->priv;
+	struct ksz_port *p = &dev->ports[port];
 	u16 data, vid, new_pvid = 0;
 	u8 fid, member, valid;
 
-	ksz_port_cfg(dev, port, P_TAG_CTRL, PORT_REMOVE_TAG, untagged);
+	if (ksz8795_port_vlan_changes_remove_tag(ds, port, vlan)) {
+		ksz_port_cfg(dev, port, P_TAG_CTRL, PORT_REMOVE_TAG, untagged);
+		p->remove_tag = untagged;
+	}
 
 	for (vid = vlan->vid_begin; vid <= vlan->vid_end; vid++) {
 		ksz8795_r_vlan_table(dev, vid, &data);
@@ -1128,7 +1179,7 @@ static const struct dsa_switch_ops ksz8795_switch_ops = {
 	.port_stp_state_set	= ksz8795_port_stp_state_set,
 	.port_fast_age		= ksz_port_fast_age,
 	.port_vlan_filtering	= ksz8795_port_vlan_filtering,
-	.port_vlan_prepare	= ksz_port_vlan_prepare,
+	.port_vlan_prepare	= ksz8795_port_vlan_prepare,
 	.port_vlan_add		= ksz8795_port_vlan_add,
 	.port_vlan_del		= ksz8795_port_vlan_del,
 	.port_fdb_dump		= ksz_port_fdb_dump,
diff --git a/drivers/net/dsa/microchip/ksz_common.h b/drivers/net/dsa/microchip/ksz_common.h
index a51c716ec920..309ad4a72d78 100644
--- a/drivers/net/dsa/microchip/ksz_common.h
+++ b/drivers/net/dsa/microchip/ksz_common.h
@@ -27,6 +27,7 @@ struct ksz_port_mib {
 struct ksz_port {
 	u16 member;
 	u16 vid_member;
+	bool remove_tag;		/* Remove Tag flag set, for ksz8795 only */
 	int stp_state;
 	struct phy_device phydev;
 
-- 
2.20.1


^ permalink raw reply related	[flat|nested] 112+ messages in thread

* [PATCH 5.10 4/5] net: dsa: microchip: ksz8795: Fix VLAN untagged flag change on deletion
  2021-08-16 17:49       ` Ben Hutchings
                           ` (2 preceding siblings ...)
  2021-08-16 18:09         ` [PATCH 5.10 3/5] net: dsa: microchip: ksz8795: Reject unsupported VLAN configuration Ben Hutchings
@ 2021-08-16 18:09         ` Ben Hutchings
  2021-08-16 18:09         ` [PATCH 5.10 5/5] net: dsa: microchip: ksz8795: Use software untagging on CPU port Ben Hutchings
  2021-08-16 19:22         ` [PATCH 5.10 52/96] net: dsa: microchip: ksz8795: Fix VLAN filtering Greg Kroah-Hartman
  5 siblings, 0 replies; 112+ messages in thread
From: Ben Hutchings @ 2021-08-16 18:09 UTC (permalink / raw)
  To: Greg Kroah-Hartman; +Cc: linux-kernel, stable, David S. Miller, Sasha Levin

commit af01754f9e3c553a2ee63b4693c79a3956e230ab upstream.

When a VLAN is deleted from a port, the flags in struct
switchdev_obj_port_vlan are always 0.  ksz8_port_vlan_del() copies the
BRIDGE_VLAN_INFO_UNTAGGED flag to the port's Tag Removal flag, and
therefore always clears it.

In case there are multiple VLANs configured as untagged on this port -
which seems useless, but is allowed - deleting one of them changes the
remaining VLANs to be tagged.

It's only ever necessary to change this flag when a VLAN is added to
the port, so leave it unchanged in ksz8_port_vlan_del().

Fixes: e66f840c08a2 ("net: dsa: ksz: Add Microchip KSZ8795 DSA driver")
Signed-off-by: Ben Hutchings <ben.hutchings@mind.be>
Signed-off-by: David S. Miller <davem@davemloft.net>
[bwh: Backport to 5.10: adjust context]
Signed-off-by: Ben Hutchings <ben.hutchings@mind.be>
---
 drivers/net/dsa/microchip/ksz8795.c | 3 ---
 1 file changed, 3 deletions(-)

diff --git a/drivers/net/dsa/microchip/ksz8795.c b/drivers/net/dsa/microchip/ksz8795.c
index b4b164d75520..8f2b54ae57f2 100644
--- a/drivers/net/dsa/microchip/ksz8795.c
+++ b/drivers/net/dsa/microchip/ksz8795.c
@@ -895,7 +895,6 @@ static void ksz8795_port_vlan_add(struct dsa_switch *ds, int port,
 static int ksz8795_port_vlan_del(struct dsa_switch *ds, int port,
 				 const struct switchdev_obj_port_vlan *vlan)
 {
-	bool untagged = vlan->flags & BRIDGE_VLAN_INFO_UNTAGGED;
 	struct ksz_device *dev = ds->priv;
 	u16 data, vid, pvid;
 	u8 fid, member, valid;
@@ -904,8 +903,6 @@ static int ksz8795_port_vlan_del(struct dsa_switch *ds, int port,
 	ksz_pread16(dev, port, REG_PORT_CTRL_VID, &pvid);
 	pvid = pvid & 0xFFF;
 
-	ksz_port_cfg(dev, port, P_TAG_CTRL, PORT_REMOVE_TAG, untagged);
-
 	for (vid = vlan->vid_begin; vid <= vlan->vid_end; vid++) {
 		ksz8795_r_vlan_table(dev, vid, &data);
 		ksz8795_from_vlan(data, &fid, &member, &valid);
-- 
2.20.1


^ permalink raw reply related	[flat|nested] 112+ messages in thread

* [PATCH 5.10 5/5] net: dsa: microchip: ksz8795: Use software untagging on CPU port
  2021-08-16 17:49       ` Ben Hutchings
                           ` (3 preceding siblings ...)
  2021-08-16 18:09         ` [PATCH 5.10 4/5] net: dsa: microchip: ksz8795: Fix VLAN untagged flag change on deletion Ben Hutchings
@ 2021-08-16 18:09         ` Ben Hutchings
  2021-08-16 19:22         ` [PATCH 5.10 52/96] net: dsa: microchip: ksz8795: Fix VLAN filtering Greg Kroah-Hartman
  5 siblings, 0 replies; 112+ messages in thread
From: Ben Hutchings @ 2021-08-16 18:09 UTC (permalink / raw)
  To: Greg Kroah-Hartman; +Cc: linux-kernel, stable, David S. Miller, Sasha Levin

commit 9130c2d30c17846287b803a9803106318cbe5266 upstream.

On the CPU port, we can support both tagged and untagged VLANs at the
same time by doing any necessary untagging in software rather than
hardware.  To enable that, keep the CPU port's Remove Tag flag cleared
and set the dsa_switch::untag_bridge_pvid flag.

Fixes: e66f840c08a2 ("net: dsa: ksz: Add Microchip KSZ8795 DSA driver")
Signed-off-by: Ben Hutchings <ben.hutchings@mind.be>
Signed-off-by: David S. Miller <davem@davemloft.net>
[bwh: Backport to 5.10: adjust context]
Signed-off-by: Ben Hutchings <ben.hutchings@mind.be>
---
 drivers/net/dsa/microchip/ksz8795.c | 9 ++++++++-
 1 file changed, 8 insertions(+), 1 deletion(-)

diff --git a/drivers/net/dsa/microchip/ksz8795.c b/drivers/net/dsa/microchip/ksz8795.c
index 8f2b54ae57f2..ada0533b81fa 100644
--- a/drivers/net/dsa/microchip/ksz8795.c
+++ b/drivers/net/dsa/microchip/ksz8795.c
@@ -812,9 +812,11 @@ static bool ksz8795_port_vlan_changes_remove_tag(
 	/* If a VLAN is added with untagged flag different from the
 	 * port's Remove Tag flag, we need to change the latter.
 	 * Ignore VID 0, which is always untagged.
+	 * Ignore CPU port, which will always be tagged.
 	 */
 	return untagged != p->remove_tag &&
-		!(vlan->vid_begin == 0 && vlan->vid_end == 0);
+		!(vlan->vid_begin == 0 && vlan->vid_end == 0) &&
+		port != dev->cpu_port;
 }
 
 int ksz8795_port_vlan_prepare(struct dsa_switch *ds, int port,
@@ -1325,6 +1327,11 @@ static int ksz8795_switch_init(struct ksz_device *dev)
 	/* set the real number of ports */
 	dev->ds->num_ports = dev->port_cnt + 1;
 
+	/* We rely on software untagging on the CPU port, so that we
+	 * can support both tagged and untagged VLANs
+	 */
+	dev->ds->untag_bridge_pvid = true;
+
 	/* VLAN filtering is partly controlled by the global VLAN
 	 * Enable flag
 	 */
-- 
2.20.1

^ permalink raw reply related	[flat|nested] 112+ messages in thread

* Re: [PATCH 5.10 52/96] net: dsa: microchip: ksz8795: Fix VLAN filtering
  2021-08-16 17:49       ` Ben Hutchings
                           ` (4 preceding siblings ...)
  2021-08-16 18:09         ` [PATCH 5.10 5/5] net: dsa: microchip: ksz8795: Use software untagging on CPU port Ben Hutchings
@ 2021-08-16 19:22         ` Greg Kroah-Hartman
  5 siblings, 0 replies; 112+ messages in thread
From: Greg Kroah-Hartman @ 2021-08-16 19:22 UTC (permalink / raw)
  To: Ben Hutchings; +Cc: linux-kernel, stable, David S. Miller, Sasha Levin

On Mon, Aug 16, 2021 at 07:49:05PM +0200, Ben Hutchings wrote:
> On Mon, Aug 16, 2021 at 06:27:24PM +0200, Greg Kroah-Hartman wrote:
> > On Mon, Aug 16, 2021 at 03:28:58PM +0200, Ben Hutchings wrote:
> > > On Mon, Aug 16, 2021 at 03:02:02PM +0200, Greg Kroah-Hartman wrote:
> > > > From: Ben Hutchings <ben.hutchings@mind.be>
> > > > 
> > > > [ Upstream commit 164844135a3f215d3018ee9d6875336beb942413 ]
> > > 
> > > This will probably work on its own, but it was tested as part of a
> > > series of changes to VLAN handling in the driver.  Since I initially
> > > developed and tested that on top of 5.10-stable, I would prefer to
> > > send you the complete series to apply together.
> > 
> > What is the "complete series"?  We have 7 patches for this driver in
> > this round of kernel rc reviews.
> 
> You have the full series queued up for 5.13, but only 2 of them for
> 5.10.
> 
> > What specific git ids are you referring to?
> 
> The fixes missing from the 5.10 queue are:
> 
> ef3b02a1d79b691f9a354c4903cf1e6917e315f9
> 8f4f58f88fe0d9bd591f21f53de7dbd42baeb3fa
> af01754f9e3c553a2ee63b4693c79a3956e230ab
> 9130c2d30c17846287b803a9803106318cbe5266
> 
> (I also have another fix just for 5.10 because the issue was fixed by
> a refactoring in 5.11 that wouldn't be suitable for stable.)

Thanks, sorry, I was looking at 5.13.  All now queued up.

greg k-h

^ permalink raw reply	[flat|nested] 112+ messages in thread

* Re: [PATCH 5.10 49/96] net/mlx5: Fix return value from tracer initialization
  2021-08-16 13:01 ` [PATCH 5.10 49/96] net/mlx5: Fix return value from tracer initialization Greg Kroah-Hartman
@ 2021-08-17 17:51   ` Pavel Machek
  2021-08-18  7:44     ` Saeed Mahameed
  0 siblings, 1 reply; 112+ messages in thread
From: Pavel Machek @ 2021-08-17 17:51 UTC (permalink / raw)
  To: Greg Kroah-Hartman
  Cc: linux-kernel, stable, Aya Levin, Moshe Shemesh, Tariq Toukan,
	Saeed Mahameed, Sasha Levin

[-- Attachment #1: Type: text/plain, Size: 1840 bytes --]

Hi!

> [ Upstream commit bd37c2888ccaa5ceb9895718f6909b247cc372e0 ]
> 
> Check return value of mlx5_fw_tracer_start(), set error path and fix
> return value of mlx5_fw_tracer_init() accordingly.

This is actually two fixes in one: There's cancel_work_sync() added to
the error path, but there's additional error that needs fixing.

Could someone familiar with the code verify it after me?

Best regards,
								Pavel

Signed-off-by: Pavel Machek (CIP) <pavel@denx.de>

diff --git a/drivers/net/ethernet/mellanox/mlx5/core/diag/fw_tracer.c b/drivers/net/ethernet/mellanox/mlx5/core/diag/fw_tracer.c
index 3dfcb20e97c6..857be86b4a11 100644
--- a/drivers/net/ethernet/mellanox/mlx5/core/diag/fw_tracer.c
+++ b/drivers/net/ethernet/mellanox/mlx5/core/diag/fw_tracer.c
@@ -1007,7 +1007,7 @@ int mlx5_fw_tracer_init(struct mlx5_fw_tracer *tracer)
 	err = mlx5_core_alloc_pd(dev, &tracer->buff.pdn);
 	if (err) {
 		mlx5_core_warn(dev, "FWTracer: Failed to allocate PD %d\n", err);
-		return err;
+		goto err_cancel_work;
 	}
 
 	err = mlx5_fw_tracer_create_mkey(tracer);
@@ -1031,6 +1031,7 @@ int mlx5_fw_tracer_init(struct mlx5_fw_tracer *tracer)
 	mlx5_core_destroy_mkey(dev, &tracer->buff.mkey);
 err_dealloc_pd:
 	mlx5_core_dealloc_pd(dev, tracer->buff.pdn);
+err_cancel_work:
 	cancel_work_sync(&tracer->read_fw_strings_work);
 	return err;
 }


> +++ b/drivers/net/ethernet/mellanox/mlx5/core/diag/fw_tracer.c
> @@ -1019,12 +1019,19 @@ int mlx5_fw_tracer_init(struct mlx5_fw_tracer *tracer)
...
>  err_dealloc_pd:
>  	mlx5_core_dealloc_pd(dev, tracer->buff.pdn);
> +	cancel_work_sync(&tracer->read_fw_strings_work);
>  	return err;
>  }
>  

-- 
DENX Software Engineering GmbH,      Managing Director: Wolfgang Denk
HRB 165235 Munich, Office: Kirchenstr.5, D-82194 Groebenzell, Germany

[-- Attachment #2: Digital signature --]
[-- Type: application/pgp-signature, Size: 181 bytes --]

^ permalink raw reply related	[flat|nested] 112+ messages in thread

* Re: [PATCH 5.10 51/96] net: dsa: microchip: Fix ksz_read64()
  2021-08-16 13:02 ` [PATCH 5.10 51/96] net: dsa: microchip: Fix ksz_read64() Greg Kroah-Hartman
@ 2021-08-17 17:56   ` Pavel Machek
  2021-08-17 18:20     ` Ben Hutchings
  0 siblings, 1 reply; 112+ messages in thread
From: Pavel Machek @ 2021-08-17 17:56 UTC (permalink / raw)
  To: Greg Kroah-Hartman
  Cc: linux-kernel, stable, Ben Hutchings, David S. Miller, Sasha Levin

[-- Attachment #1: Type: text/plain, Size: 1280 bytes --]

Hi!

> [ Upstream commit c34f674c8875235725c3ef86147a627f165d23b4 ]
> 
> ksz_read64() currently does some dubious byte-swapping on the two
> halves of a 64-bit register, and then only returns the high bits.
> Replace this with a straightforward expression.

The code indeed is very strange, but there are just 2 users, and they
will now receive byteswapped values, right? If it worked before, it
will be broken.

Did this get enough testing for -stable?

Is hw little endian or high endian or...? Note that ksz_write64()
still contains the strange code, at least in 5.10.

Best regards,
							Pavel
							
> +++ b/drivers/net/dsa/microchip/ksz_common.h
> @@ -210,12 +210,8 @@ static inline int ksz_read64(struct ksz_device *dev, u32 reg, u64 *val)
>  	int ret;
>  
>  	ret = regmap_bulk_read(dev->regmap[2], reg, value, 2);
> -	if (!ret) {
> -		/* Ick! ToDo: Add 64bit R/W to regmap on 32bit systems */
> -		value[0] = swab32(value[0]);
> -		value[1] = swab32(value[1]);
> -		*val = swab64((u64)*value);
> -	}
> +	if (!ret)
> +		*val = (u64)value[0] << 32 | value[1];
>  
>  	return ret;
>  }

-- 
DENX Software Engineering GmbH,      Managing Director: Wolfgang Denk
HRB 165235 Munich, Office: Kirchenstr.5, D-82194 Groebenzell, Germany

[-- Attachment #2: Digital signature --]
[-- Type: application/pgp-signature, Size: 181 bytes --]

^ permalink raw reply	[flat|nested] 112+ messages in thread

* Re: [PATCH 5.10 51/96] net: dsa: microchip: Fix ksz_read64()
  2021-08-17 17:56   ` Pavel Machek
@ 2021-08-17 18:20     ` Ben Hutchings
  2021-08-18 19:26       ` Pavel Machek
  0 siblings, 1 reply; 112+ messages in thread
From: Ben Hutchings @ 2021-08-17 18:20 UTC (permalink / raw)
  To: Pavel Machek
  Cc: Greg Kroah-Hartman, linux-kernel, stable, David S. Miller, Sasha Levin

On Tue, Aug 17, 2021 at 07:56:30PM +0200, Pavel Machek wrote:
> Hi!
> 
> > [ Upstream commit c34f674c8875235725c3ef86147a627f165d23b4 ]
> > 
> > ksz_read64() currently does some dubious byte-swapping on the two
> > halves of a 64-bit register, and then only returns the high bits.
> > Replace this with a straightforward expression.
> 
> The code indeed is very strange, but there are just 2 users, and they
> will now receive byteswapped values, right? If it worked before, it
> will be broken.

The old code swaps the bytes within each 32-bit word, attempts to
concatenate them into a 64-bit word, then swaps the bytes within the
64-bit word.  There is no need for byte-swapping, only (on little-
endian platforms) a word-swap, which is what the new code does.

> Did this get enough testing for -stable?

Yes, I actually developed and tested all the ksz8795 changes in 5.10
before forward-porting to mainline.

> Is hw little endian or high endian or...?

The hardware is big-endian and regmap handles any necessary
byte-swapping for values up to 32 bits.

> Note that ksz_write64() still contains the strange code, at least in
> 5.10.

It's unnecessarily complex, but it does work.

Ben.

> 
> Best regards,
> 							Pavel
> 							
> > +++ b/drivers/net/dsa/microchip/ksz_common.h
> > @@ -210,12 +210,8 @@ static inline int ksz_read64(struct ksz_device *dev, u32 reg, u64 *val)
> >  	int ret;
> >  
> >  	ret = regmap_bulk_read(dev->regmap[2], reg, value, 2);
> > -	if (!ret) {
> > -		/* Ick! ToDo: Add 64bit R/W to regmap on 32bit systems */
> > -		value[0] = swab32(value[0]);
> > -		value[1] = swab32(value[1]);
> > -		*val = swab64((u64)*value);
> > -	}
> > +	if (!ret)
> > +		*val = (u64)value[0] << 32 | value[1];
> >  
> >  	return ret;
> >  }
> 
> -- 
> DENX Software Engineering GmbH,      Managing Director: Wolfgang Denk
> HRB 165235 Munich, Office: Kirchenstr.5, D-82194 Groebenzell, Germany



-- 
Ben Hutchings · Senior Embedded Software Engineer, Essensium-Mind · mind.be

^ permalink raw reply	[flat|nested] 112+ messages in thread

* Re: [PATCH 5.10 49/96] net/mlx5: Fix return value from tracer initialization
  2021-08-17 17:51   ` Pavel Machek
@ 2021-08-18  7:44     ` Saeed Mahameed
  2021-08-18 19:28       ` Pavel Machek
  0 siblings, 1 reply; 112+ messages in thread
From: Saeed Mahameed @ 2021-08-18  7:44 UTC (permalink / raw)
  To: pavel, gregkh
  Cc: Moshe Shemesh, Tariq Toukan, stable, sashal, linux-kernel, Aya Levin

On Tue, 2021-08-17 at 19:51 +0200, Pavel Machek wrote:
> Hi!
> 
> > [ Upstream commit bd37c2888ccaa5ceb9895718f6909b247cc372e0 ]
> > 
> > Check return value of mlx5_fw_tracer_start(), set error path and
> > fix
> > return value of mlx5_fw_tracer_init() accordingly.
> 
> This is actually two fixes in one: There's cancel_work_sync() added
> to

Yes, the reasoning was that the patch is fixing the whole error path of
the function in one-shot since we can blame it on a single commit.

> the error path, but there's additional error that needs fixing.

Yes.

> 
> Could someone familiar with the code verify it after me?
> 
> Best regards,
>                                                                 Pavel
> 
> Signed-off-by: Pavel Machek (CIP) <pavel@denx.de>
> 
> diff --git a/drivers/net/ethernet/mellanox/mlx5/core/diag/fw_tracer.c
> b/drivers/net/ethernet/mellanox/mlx5/core/diag/fw_tracer.c
> index 3dfcb20e97c6..857be86b4a11 100644
> --- a/drivers/net/ethernet/mellanox/mlx5/core/diag/fw_tracer.c
> +++ b/drivers/net/ethernet/mellanox/mlx5/core/diag/fw_tracer.c
> @@ -1007,7 +1007,7 @@ int mlx5_fw_tracer_init(struct mlx5_fw_tracer
> *tracer)
>         err = mlx5_core_alloc_pd(dev, &tracer->buff.pdn);
>         if (err) {
>                 mlx5_core_warn(dev, "FWTracer: Failed to allocate PD
> %d\n", err);
> -               return err;
> +               goto err_cancel_work;
>         }
>  
>         err = mlx5_fw_tracer_create_mkey(tracer);
> @@ -1031,6 +1031,7 @@ int mlx5_fw_tracer_init(struct mlx5_fw_tracer
> *tracer)
>         mlx5_core_destroy_mkey(dev, &tracer->buff.mkey);
>  err_dealloc_pd:
>         mlx5_core_dealloc_pd(dev, tracer->buff.pdn);
> +err_cancel_work:
>         cancel_work_sync(&tracer->read_fw_strings_work);
>         return err;

this is correct, do you want to submit this patch or do you want us to
handle ?
maybe it is better if we delayed queue_work() to after all the fragile
code behind it, to reduce the error path handling .. 

thanks for pointing this out.


^ permalink raw reply	[flat|nested] 112+ messages in thread

* Re: [PATCH 5.10 51/96] net: dsa: microchip: Fix ksz_read64()
  2021-08-17 18:20     ` Ben Hutchings
@ 2021-08-18 19:26       ` Pavel Machek
  0 siblings, 0 replies; 112+ messages in thread
From: Pavel Machek @ 2021-08-18 19:26 UTC (permalink / raw)
  To: Ben Hutchings
  Cc: Pavel Machek, Greg Kroah-Hartman, linux-kernel, stable,
	David S. Miller, Sasha Levin

[-- Attachment #1: Type: text/plain, Size: 1524 bytes --]

Hi!

> > > [ Upstream commit c34f674c8875235725c3ef86147a627f165d23b4 ]
> > > 
> > > ksz_read64() currently does some dubious byte-swapping on the two
> > > halves of a 64-bit register, and then only returns the high bits.
> > > Replace this with a straightforward expression.
> > 
> > The code indeed is very strange, but there are just 2 users, and they
> > will now receive byteswapped values, right? If it worked before, it
> > will be broken.
> 
> The old code swaps the bytes within each 32-bit word, attempts to
> concatenate them into a 64-bit word, then swaps the bytes within the
> 64-bit word.  There is no need for byte-swapping, only (on little-
> endian platforms) a word-swap, which is what the new code does.
> 
> > Did this get enough testing for -stable?
> 
> Yes, I actually developed and tested all the ksz8795 changes in 5.10
> before forward-porting to mainline.
> 
> > Is hw little endian or high endian or...?
> 
> The hardware is big-endian and regmap handles any necessary
> byte-swapping for values up to 32 bits.
> 
> > Note that ksz_write64() still contains the strange code, at least in
> > 5.10.
> 
> It's unnecessarily complex, but it does work.

Thanks for the explanations and sorry for the noise. Indeed
ksz_write64() is quite obfuscated, but I can't see a problem.

Best regards,
								Pavel
								
-- 
DENX Software Engineering GmbH,      Managing Director: Wolfgang Denk
HRB 165235 Munich, Office: Kirchenstr.5, D-82194 Groebenzell, Germany

[-- Attachment #2: Digital signature --]
[-- Type: application/pgp-signature, Size: 181 bytes --]

^ permalink raw reply	[flat|nested] 112+ messages in thread

* Re: [PATCH 5.10 49/96] net/mlx5: Fix return value from tracer initialization
  2021-08-18  7:44     ` Saeed Mahameed
@ 2021-08-18 19:28       ` Pavel Machek
  0 siblings, 0 replies; 112+ messages in thread
From: Pavel Machek @ 2021-08-18 19:28 UTC (permalink / raw)
  To: Saeed Mahameed
  Cc: pavel, gregkh, Moshe Shemesh, Tariq Toukan, stable, sashal,
	linux-kernel, Aya Levin

[-- Attachment #1: Type: text/plain, Size: 1639 bytes --]

Hi!

> > Could someone familiar with the code verify it after me?

> > Signed-off-by: Pavel Machek (CIP) <pavel@denx.de>
> > 
> > diff --git a/drivers/net/ethernet/mellanox/mlx5/core/diag/fw_tracer.c
> > b/drivers/net/ethernet/mellanox/mlx5/core/diag/fw_tracer.c
> > index 3dfcb20e97c6..857be86b4a11 100644
> > --- a/drivers/net/ethernet/mellanox/mlx5/core/diag/fw_tracer.c
> > +++ b/drivers/net/ethernet/mellanox/mlx5/core/diag/fw_tracer.c
> > @@ -1007,7 +1007,7 @@ int mlx5_fw_tracer_init(struct mlx5_fw_tracer
> > *tracer)
> >         err = mlx5_core_alloc_pd(dev, &tracer->buff.pdn);
> >         if (err) {
> >                 mlx5_core_warn(dev, "FWTracer: Failed to allocate PD
> > %d\n", err);
> > -               return err;
> > +               goto err_cancel_work;
> >         }
> >  
> >         err = mlx5_fw_tracer_create_mkey(tracer);
> > @@ -1031,6 +1031,7 @@ int mlx5_fw_tracer_init(struct mlx5_fw_tracer
> > *tracer)
> >         mlx5_core_destroy_mkey(dev, &tracer->buff.mkey);
> >  err_dealloc_pd:
> >         mlx5_core_dealloc_pd(dev, tracer->buff.pdn);
> > +err_cancel_work:
> >         cancel_work_sync(&tracer->read_fw_strings_work);
> >         return err;
> 
> this is correct, do you want to submit this patch or do you want us to
> handle ?
> maybe it is better if we delayed queue_work() to after all the fragile
> code behind it, to reduce the error path handling .. 

I'd prefer you to handle it.

Thank you,
								Pavel
-- 
DENX Software Engineering GmbH,      Managing Director: Wolfgang Denk
HRB 165235 Munich, Office: Kirchenstr.5, D-82194 Groebenzell, Germany

[-- Attachment #2: Digital signature --]
[-- Type: application/pgp-signature, Size: 181 bytes --]

^ permalink raw reply	[flat|nested] 112+ messages in thread

end of thread, other threads:[~2021-08-18 19:28 UTC | newest]

Thread overview: 112+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2021-08-16 13:01 [PATCH 5.10 00/96] 5.10.60-rc1 review Greg Kroah-Hartman
2021-08-16 13:01 ` [PATCH 5.10 01/96] iio: adc: ti-ads7950: Ensure CS is deasserted after reading channels Greg Kroah-Hartman
2021-08-16 13:01 ` [PATCH 5.10 02/96] iio: adis: set GPIO reset pin direction Greg Kroah-Hartman
2021-08-16 13:01 ` [PATCH 5.10 03/96] iio: humidity: hdc100x: Add margin to the conversion time Greg Kroah-Hartman
2021-08-16 13:01 ` [PATCH 5.10 04/96] iio: adc: Fix incorrect exit of for-loop Greg Kroah-Hartman
2021-08-16 13:01 ` [PATCH 5.10 05/96] ASoC: amd: Fix reference to PCM buffer address Greg Kroah-Hartman
2021-08-16 13:01 ` [PATCH 5.10 06/96] ASoC: xilinx: " Greg Kroah-Hartman
2021-08-16 13:01 ` [PATCH 5.10 07/96] ASoC: uniphier: " Greg Kroah-Hartman
2021-08-16 13:01 ` [PATCH 5.10 08/96] ASoC: tlv320aic31xx: Fix jack detection after suspend Greg Kroah-Hartman
2021-08-16 13:01 ` [PATCH 5.10 09/96] ASoC: intel: atom: Fix reference to PCM buffer address Greg Kroah-Hartman
2021-08-16 13:01 ` [PATCH 5.10 10/96] i2c: dev: zero out array used for i2c reads from userspace Greg Kroah-Hartman
2021-08-16 13:01 ` [PATCH 5.10 11/96] cifs: create sd context must be a multiple of 8 Greg Kroah-Hartman
2021-08-16 13:01 ` [PATCH 5.10 12/96] scsi: lpfc: Move initialization of phba->poll_list earlier to avoid crash Greg Kroah-Hartman
2021-08-16 13:01 ` [PATCH 5.10 13/96] seccomp: Fix setting loaded filter count during TSYNC Greg Kroah-Hartman
2021-08-16 13:01 ` [PATCH 5.10 14/96] net: ethernet: ti: cpsw: fix min eth packet size for non-switch use-cases Greg Kroah-Hartman
2021-08-16 13:01 ` [PATCH 5.10 15/96] ARC: fp: set FPU_STATUS.FWE to enable FPU_STATUS update on context switch Greg Kroah-Hartman
2021-08-16 13:01 ` [PATCH 5.10 16/96] ceph: reduce contention in ceph_check_delayed_caps() Greg Kroah-Hartman
2021-08-16 13:01 ` [PATCH 5.10 17/96] ACPI: NFIT: Fix support for virtual SPA ranges Greg Kroah-Hartman
2021-08-16 13:01 ` [PATCH 5.10 18/96] libnvdimm/region: Fix label activation vs errors Greg Kroah-Hartman
2021-08-16 13:01 ` [PATCH 5.10 19/96] drm/amd/display: Remove invalid assert for ODM + MPC case Greg Kroah-Hartman
2021-08-16 13:01 ` [PATCH 5.10 20/96] drm/amd/display: use GFP_ATOMIC in amdgpu_dm_irq_schedule_work Greg Kroah-Hartman
2021-08-16 13:01 ` [PATCH 5.10 21/96] drm/amdgpu: dont enable baco on boco platforms in runpm Greg Kroah-Hartman
2021-08-16 13:01 ` [PATCH 5.10 22/96] ieee802154: hwsim: fix GPF in hwsim_set_edge_lqi Greg Kroah-Hartman
2021-08-16 13:01 ` [PATCH 5.10 23/96] ieee802154: hwsim: fix GPF in hwsim_new_edge_nl Greg Kroah-Hartman
2021-08-16 13:01 ` [PATCH 5.10 24/96] pinctrl: mediatek: Fix fallback behavior for bias_set_combo Greg Kroah-Hartman
2021-08-16 13:01 ` [PATCH 5.10 25/96] ASoC: cs42l42: Correct definition of ADC Volume control Greg Kroah-Hartman
2021-08-16 13:01 ` [PATCH 5.10 26/96] ASoC: cs42l42: Dont allow SND_SOC_DAIFMT_LEFT_J Greg Kroah-Hartman
2021-08-16 13:01 ` [PATCH 5.10 27/96] interconnect: qcom: icc-rpmh: Add BCMs to commit list in pre_aggregate Greg Kroah-Hartman
2021-08-16 13:01 ` [PATCH 5.10 28/96] ASoC: SOF: Intel: hda-ipc: fix reply size checking Greg Kroah-Hartman
2021-08-16 13:01 ` [PATCH 5.10 29/96] ASoC: cs42l42: Fix inversion of ADC Notch Switch control Greg Kroah-Hartman
2021-08-16 13:01 ` [PATCH 5.10 30/96] ASoC: cs42l42: Remove duplicate control for WNF filter frequency Greg Kroah-Hartman
2021-08-16 13:01 ` [PATCH 5.10 31/96] netfilter: nf_conntrack_bridge: Fix memory leak when error Greg Kroah-Hartman
2021-08-16 13:01 ` [PATCH 5.10 32/96] pinctrl: tigerlake: Fix GPIO mapping for newer version of software Greg Kroah-Hartman
2021-08-16 13:01 ` [PATCH 5.10 33/96] ASoC: cs42l42: Fix LRCLK frame start edge Greg Kroah-Hartman
2021-08-16 13:01 ` [PATCH 5.10 34/96] net: dsa: mt7530: add the missing RxUnicast MIB counter Greg Kroah-Hartman
2021-08-16 13:01 ` [PATCH 5.10 35/96] net: mvvp2: fix short frame size on s390 Greg Kroah-Hartman
2021-08-16 13:01 ` [PATCH 5.10 36/96] platform/x86: pcengines-apuv2: Add missing terminating entries to gpio-lookup tables Greg Kroah-Hartman
2021-08-16 13:01 ` [PATCH 5.10 37/96] libbpf: Fix probe for BPF_PROG_TYPE_CGROUP_SOCKOPT Greg Kroah-Hartman
2021-08-16 13:01 ` [PATCH 5.10 38/96] bpf: Fix integer overflow involving bucket_size Greg Kroah-Hartman
2021-08-16 13:01 ` [PATCH 5.10 39/96] net: phy: micrel: Fix link detection on ksz87xx switch" Greg Kroah-Hartman
2021-08-16 13:01 ` [PATCH 5.10 40/96] ppp: Fix generating ifname when empty IFLA_IFNAME is specified Greg Kroah-Hartman
2021-08-16 13:01 ` [PATCH 5.10 41/96] net/smc: fix wait on already cleared link Greg Kroah-Hartman
2021-08-16 13:01 ` [PATCH 5.10 42/96] net: sched: act_mirred: Reset ct info when mirror/redirect skb Greg Kroah-Hartman
2021-08-16 13:01 ` [PATCH 5.10 43/96] ice: Prevent probing virtual functions Greg Kroah-Hartman
2021-08-16 13:01 ` [PATCH 5.10 44/96] ice: dont remove netdev->dev_addr from uc sync list Greg Kroah-Hartman
2021-08-16 13:01 ` [PATCH 5.10 45/96] iavf: Set RSS LUT and key in reset handle path Greg Kroah-Hartman
2021-08-16 13:01 ` [PATCH 5.10 46/96] psample: Add a fwd declaration for skbuff Greg Kroah-Hartman
2021-08-16 13:01 ` [PATCH 5.10 47/96] bareudp: Fix invalid read beyond skbs linear data Greg Kroah-Hartman
2021-08-16 13:01 ` [PATCH 5.10 48/96] net/mlx5: Synchronize correct IRQ when destroying CQ Greg Kroah-Hartman
2021-08-16 13:01 ` [PATCH 5.10 49/96] net/mlx5: Fix return value from tracer initialization Greg Kroah-Hartman
2021-08-17 17:51   ` Pavel Machek
2021-08-18  7:44     ` Saeed Mahameed
2021-08-18 19:28       ` Pavel Machek
2021-08-16 13:02 ` [PATCH 5.10 50/96] drm/meson: fix colour distortion from HDR set during vendor u-boot Greg Kroah-Hartman
2021-08-16 13:02 ` [PATCH 5.10 51/96] net: dsa: microchip: Fix ksz_read64() Greg Kroah-Hartman
2021-08-17 17:56   ` Pavel Machek
2021-08-17 18:20     ` Ben Hutchings
2021-08-18 19:26       ` Pavel Machek
2021-08-16 13:02 ` [PATCH 5.10 52/96] net: dsa: microchip: ksz8795: Fix VLAN filtering Greg Kroah-Hartman
2021-08-16 13:28   ` Ben Hutchings
2021-08-16 16:27     ` Greg Kroah-Hartman
2021-08-16 17:49       ` Ben Hutchings
2021-08-16 18:09         ` [PATCH 5.10 1/5] net: dsa: microchip: Fix probing KSZ87xx switch with DT node for host port Ben Hutchings
2021-08-16 18:09         ` [PATCH 5.10 2/5] net: dsa: microchip: ksz8795: Fix PVID tag insertion Ben Hutchings
2021-08-16 18:09         ` [PATCH 5.10 3/5] net: dsa: microchip: ksz8795: Reject unsupported VLAN configuration Ben Hutchings
2021-08-16 18:09         ` [PATCH 5.10 4/5] net: dsa: microchip: ksz8795: Fix VLAN untagged flag change on deletion Ben Hutchings
2021-08-16 18:09         ` [PATCH 5.10 5/5] net: dsa: microchip: ksz8795: Use software untagging on CPU port Ben Hutchings
2021-08-16 19:22         ` [PATCH 5.10 52/96] net: dsa: microchip: ksz8795: Fix VLAN filtering Greg Kroah-Hartman
2021-08-16 13:02 ` [PATCH 5.10 53/96] net: Fix memory leak in ieee802154_raw_deliver Greg Kroah-Hartman
2021-08-16 13:02 ` [PATCH 5.10 54/96] net: igmp: fix data-race in igmp_ifc_timer_expire() Greg Kroah-Hartman
2021-08-16 13:02 ` [PATCH 5.10 55/96] net: dsa: lan9303: fix broken backpressure in .port_fdb_dump Greg Kroah-Hartman
2021-08-16 13:02 ` [PATCH 5.10 56/96] net: dsa: lantiq: " Greg Kroah-Hartman
2021-08-16 13:02 ` [PATCH 5.10 57/96] net: dsa: sja1105: " Greg Kroah-Hartman
2021-08-16 13:02 ` [PATCH 5.10 58/96] net: bridge: validate the NUD_PERMANENT bit when adding an extern_learn FDB entry Greg Kroah-Hartman
2021-08-16 13:02 ` [PATCH 5.10 59/96] net: bridge: fix flags interpretation for extern learn fdb entries Greg Kroah-Hartman
2021-08-16 13:02 ` [PATCH 5.10 60/96] net: bridge: fix memleak in br_add_if() Greg Kroah-Hartman
2021-08-16 13:02 ` [PATCH 5.10 61/96] net: linkwatch: fix failure to restore device state across suspend/resume Greg Kroah-Hartman
2021-08-16 13:02 ` [PATCH 5.10 62/96] tcp_bbr: fix u32 wrap bug in round logic if bbr_init() called after 2B packets Greg Kroah-Hartman
2021-08-16 13:02 ` [PATCH 5.10 63/96] net: igmp: increase size of mr_ifc_count Greg Kroah-Hartman
2021-08-16 13:02 ` [PATCH 5.10 64/96] drm/i915: Only access SFC_DONE when media domain is not fused off Greg Kroah-Hartman
2021-08-16 13:02 ` [PATCH 5.10 65/96] xen/events: Fix race in set_evtchn_to_irq Greg Kroah-Hartman
2021-08-16 13:02 ` [PATCH 5.10 66/96] vsock/virtio: avoid potential deadlock when vsock device remove Greg Kroah-Hartman
2021-08-16 13:02 ` [PATCH 5.10 67/96] nbd: Aovid double completion of a request Greg Kroah-Hartman
2021-08-16 13:02 ` [PATCH 5.10 68/96] arm64: efi: kaslr: Fix occasional random alloc (and boot) failure Greg Kroah-Hartman
2021-08-16 13:02 ` [PATCH 5.10 69/96] efi/libstub: arm64: Force Image reallocation if BSS was not reserved Greg Kroah-Hartman
2021-08-16 13:02 ` [PATCH 5.10 70/96] efi/libstub: arm64: Relax 2M alignment again for relocatable kernels Greg Kroah-Hartman
2021-08-16 13:02 ` [PATCH 5.10 71/96] powerpc/kprobes: Fix kprobe Oops happens in booke Greg Kroah-Hartman
2021-08-16 13:02 ` [PATCH 5.10 72/96] x86/tools: Fix objdump version check again Greg Kroah-Hartman
2021-08-16 13:02 ` [PATCH 5.10 73/96] genirq: Provide IRQCHIP_AFFINITY_PRE_STARTUP Greg Kroah-Hartman
2021-08-16 13:02 ` [PATCH 5.10 74/96] x86/msi: Force affinity setup before startup Greg Kroah-Hartman
2021-08-16 13:02 ` [PATCH 5.10 75/96] x86/ioapic: " Greg Kroah-Hartman
2021-08-16 13:02 ` [PATCH 5.10 76/96] x86/resctrl: Fix default monitoring groups reporting Greg Kroah-Hartman
2021-08-16 13:02 ` [PATCH 5.10 77/96] genirq/msi: Ensure deactivation on teardown Greg Kroah-Hartman
2021-08-16 13:02 ` [PATCH 5.10 78/96] genirq/timings: Prevent potential array overflow in __irq_timings_store() Greg Kroah-Hartman
2021-08-16 13:02 ` [PATCH 5.10 79/96] PCI/MSI: Enable and mask MSI-X early Greg Kroah-Hartman
2021-08-16 13:02 ` [PATCH 5.10 80/96] PCI/MSI: Mask all unused MSI-X entries Greg Kroah-Hartman
2021-08-16 13:02 ` [PATCH 5.10 81/96] PCI/MSI: Enforce that MSI-X table entry is masked for update Greg Kroah-Hartman
2021-08-16 13:02 ` [PATCH 5.10 82/96] PCI/MSI: Enforce MSI[X] entry updates to be visible Greg Kroah-Hartman
2021-08-16 13:02 ` [PATCH 5.10 83/96] PCI/MSI: Do not set invalid bits in MSI mask Greg Kroah-Hartman
2021-08-16 13:02 ` [PATCH 5.10 84/96] PCI/MSI: Correct misleading comments Greg Kroah-Hartman
2021-08-16 13:02 ` [PATCH 5.10 85/96] PCI/MSI: Use msi_mask_irq() in pci_msi_shutdown() Greg Kroah-Hartman
2021-08-16 13:02 ` [PATCH 5.10 86/96] PCI/MSI: Protect msi_desc::masked for multi-MSI Greg Kroah-Hartman
2021-08-16 13:02 ` [PATCH 5.10 87/96] powerpc/smp: Fix OOPS in topology_init() Greg Kroah-Hartman
2021-08-16 13:02 ` [PATCH 5.10 88/96] efi/libstub: arm64: Double check image alignment at entry Greg Kroah-Hartman
2021-08-16 13:02 ` [PATCH 5.10 89/96] KVM: VMX: Use current VMCS to query WAITPKG support for MSR emulation Greg Kroah-Hartman
2021-08-16 13:02 ` [PATCH 5.10 90/96] KVM: nVMX: Use vmx_need_pf_intercept() when deciding if L0 wants a #PF Greg Kroah-Hartman
2021-08-16 13:02 ` [PATCH 5.10 91/96] vboxsf: Add vboxsf_[create|release]_sf_handle() helpers Greg Kroah-Hartman
2021-08-16 13:02 ` [PATCH 5.10 92/96] vboxsf: Add support for the atomic_open directory-inode op Greg Kroah-Hartman
2021-08-16 13:02 ` [PATCH 5.10 93/96] ceph: add some lockdep assertions around snaprealm handling Greg Kroah-Hartman
2021-08-16 13:02 ` [PATCH 5.10 94/96] ceph: clean up locking annotation for ceph_get_snap_realm and __lookup_snap_realm Greg Kroah-Hartman
2021-08-16 13:02 ` [PATCH 5.10 95/96] ceph: take snap_empty_lock atomically with snaprealm refcount change Greg Kroah-Hartman
2021-08-16 13:02 ` [PATCH 5.10 96/96] vmlinux.lds.h: Handle clangs module.{c,d}tor sections Greg Kroah-Hartman

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).